diff -pruN 2.23.6-1/.changes/2.23.10.json 2.31.35-1/.changes/2.23.10.json --- 2.23.6-1/.changes/2.23.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "awscrt", + "description": "Update awscrt version requirement to 0.23.8", + "type": "enhancement" + }, + { + "category": "``ecr-public``", + "description": "Temporarily updating dualstack endpoint support", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "You can now use the CreateTable API operation to create tables with schemas by adding an optional metadata argument.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Temporarily updating dualstack endpoint support", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Adds options for configuring how MediaTailor conditions ads before inserting them into the content stream. Based on the new settings, MediaTailor will either transcode ads to match the content stream as it has in the past, or it will insert ads without first transcoding them.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Add a 'reason' field to InternalServerException", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Added APIs to manage QBusiness user subscriptions", + "type": "api-change" + }, + { + "category": "``appstream``", + "description": "Add support for managing admin consent requirement on selected domains for OneDrive Storage Connectors in AppStream2.0.", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Adds Cedar JSON format support for entities and context data in authorization requests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.11.json 2.31.35-1/.changes/2.23.11.json --- 2.23.6-1/.changes/2.23.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``codebuild``", + "description": "Added support for CodeBuild self-hosted Buildkite runner builds", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Updates to Aurora MySQL and Aurora PostgreSQL API pages with instance log type in the create and modify DB Cluster.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "This change is to deprecate the existing citation field under RetrieveAndGenerateStream API response in lieu of GeneratedResponsePart and RetrievedReferences", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add support for sending metrics to cross account and CMCK AMP workspaces through RoleConfiguration on Create/Update Scraper.", + "type": "api-change" + }, + { + "category": "``geo-routes``", + "description": "The OptimizeWaypoints API now supports 50 waypoints per request (20 with constraints like AccessHours or AppointmentTime). It adds waypoint clustering via Clustering and ClusteringIndex for better optimization. Also, total distance validation is removed for greater flexibility.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release introduces a new valid value in InstanceType parameter: p5en.48xlarge, in ProductionVariant.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.12.json 2.31.35-1/.changes/2.23.12.json --- 2.23.6-1/.changes/2.23.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``mediatailor``", + "description": "Add support for CloudWatch Vended Logs which allows for delivery of customer logs to CloudWatch Logs, S3, or Firehose.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.13.json 2.31.35-1/.changes/2.23.13.json --- 2.23.6-1/.changes/2.23.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``neptune-graph``", + "description": "Added argument to `list-export` to filter by graph ID", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "This release adds support for accepting encrypted SAML assertions. Customers can now configure their identity provider to encrypt the SAML assertions it sends to IAM.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Adds functionality to enable/disable a new Q Business Chat orchestration feature. If enabled, Q Business can orchestrate over datasources and plugins without the need for customers to select specific chat modes.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "IPv6 support for Hyperpod clusters", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Introduces TargetDataSettings with the TablePreparationMode option available for data migrations.", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "Doc-only update to provide more information on using Kerberos authentication with SMB locations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.14.json 2.31.35-1/.changes/2.23.14.json --- 2.23.6-1/.changes/2.23.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``rds``", + "description": "Documentation updates to clarify the description for the parameter AllocatedStorage for the DB cluster data type, the description for the parameter DeleteAutomatedBackups for the DeleteDBCluster API operation, and removing an outdated note for the CreateDBParameterGroup API operation.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.15.json 2.31.35-1/.changes/2.23.15.json --- 2.23.6-1/.changes/2.23.15.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.15.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``cost-optimization-hub``", + "description": "This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon Auto Scaling Groups, including those with single and mixed instance types.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "This release adds the ability to conditionally require fields on a template. Check public documentation for more information.", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "We added 5 new stack refactoring APIs: CreateStackRefactor, ExecuteStackRefactor, ListStackRefactors, DescribeStackRefactor, ListStackRefactorActions.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.7.json 2.31.35-1/.changes/2.23.7.json --- 2.23.6-1/.changes/2.23.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``iot``", + "description": "Raised the documentParameters size limit to 30 KB for AWS IoT Device Management - Jobs.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds support for dynamic audio configuration and the ability to disable the deblocking filter for h265 encodes.", + "type": "api-change" + }, + { + "category": "Signing", + "description": "No longer sign transfer-encoding header for SigV4", + "type": "bugfix" + }, + { + "category": "``bedrock-agent``", + "description": "Add support for the prompt caching feature for Bedrock Prompt Management", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Minor fix to ARN validation for Lambda functions passed to S3 Batch Operations", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.8.json 2.31.35-1/.changes/2.23.8.json --- 2.23.6-1/.changes/2.23.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``firehose``", + "description": "For AppendOnly streams, Firehose will automatically scale to match your throughput.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "feature: Deadline: Add support for limiting the concurrent usage of external resources, like floating licenses, using limits and the ability to constrain the maximum number of workers that work on a job", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Add stash and outErrors to EvaluateCode/EvaluateMappingTemplate response", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release changes the CreateFleet CLI and SDK's such that if you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "Adds 'allocatedStorage' parameter to UpdateDbInstance API that allows increasing the database instance storage size and 'dbStorageType' parameter to UpdateDbInstance API that allows changing the storage type of the database instance", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "AWS DataSync now supports the Kerberos authentication protocol for SMB locations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.23.9.json 2.31.35-1/.changes/2.23.9.json --- 2.23.6-1/.changes/2.23.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.23.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``ecr``", + "description": "Add support for Dualstack and Dualstack-with-FIPS Endpoints", + "type": "api-change" + }, + { + "category": "``bcm-pricing-calculator``", + "description": "Added ConflictException error type in DeleteBillScenario, BatchDeleteBillScenarioCommitmentModification, BatchDeleteBillScenarioUsageModification, BatchUpdateBillScenarioUsageModification, and BatchUpdateBillScenarioCommitmentModification API operations.", + "type": "api-change" + }, + { + "category": "``ecr-public``", + "description": "Add support for Dualstack Endpoints", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Change the type of MpuObjectSize in CompleteMultipartUploadRequest from int to long.", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "This release includes a new feature for Amazon SES Mail Manager which allows customers to specify known addresses and domains and make use of those in traffic policies and rules actions to distinguish between known and unknown entries.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.0.json 2.31.35-1/.changes/2.24.0.json --- 2.23.6-1/.changes/2.24.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``ecr``", + "description": "Adds support to handle the new basic scanning daily quota.", + "type": "api-change" + }, + { + "category": "``pi``", + "description": "Adds documentation for dimension groups and dimensions to analyze locks for Database Insights.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Introduce versionStatus field to take place of status field in EKS DescribeClusterVersions API", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "This release adds support for the Clinical Note Template Customization feature for the AWS HealthScribe APIs within Amazon Transcribe.", + "type": "api-change" + }, + { + "category": "``emr-containers``", + "description": "Add custom ``create-role-associations`` and ``delete-role-associations`` commands to create/delete role associations for EMR service accounts and provided IAM role.", + "type": "feature" + }, + { + "category": "``mediaconvert``", + "description": "This release adds support for Animated GIF output, forced chroma sample positioning metadata, and Extensible Wave Container format", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.1.json 2.31.35-1/.changes/2.24.1.json --- 2.23.6-1/.changes/2.24.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``connect``", + "description": "Updated the CreateContact API documentation to indicate that it only applies to EMAIL contacts.", + "type": "api-change" + }, + { + "category": "``apigatewayv2``", + "description": "Documentation updates for Amazon API Gateway", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Doc-only update that adds defaults for CloudFront VpcOriginEndpointConfig values.", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "New vendors for DMS Data Providers: DB2 LUW and DB2 for z/OS", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.10.json 2.31.35-1/.changes/2.24.10.json --- 2.23.6-1/.changes/2.24.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``bedrock-agent``", + "description": "Introduce a new parameter which represents the user-agent header value used by the Bedrock Knowledge Base Web Connector.", + "type": "api-change" + }, + { + "category": "Python", + "description": "Update bundled Python interpreter version to 3.12.9", + "type": "enhancement" + }, + { + "category": "``appstream``", + "description": "Added support for Certificate-Based Authentication on AppStream 2.0 multi-session fleets.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.11.json 2.31.35-1/.changes/2.24.11.json --- 2.23.6-1/.changes/2.24.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``elasticache``", + "description": "Documentation update, adding clarity and rephrasing.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "This release adds Reasoning Content support to Converse and ConverseStream APIs", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "This release improves support for newer models in Amazon Bedrock Flows.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Adding support for ReasoningContent fields in Pre-Processing, Post-Processing and Orchestration Trace outputs.", + "type": "api-change" + }, + { + "category": "``elastic-inference``", + "description": "The elastic-inference client has been removed following the deprecation of the service.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.12.json 2.31.35-1/.changes/2.24.12.json --- 2.23.6-1/.changes/2.24.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``iot``", + "description": "AWS IoT - AWS IoT Device Defender adds support for a new Device Defender Audit Check that monitors device certificate age and custom threshold configurations for both the new device certificate age check and existing device certificate expiry check.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Adding \"reportArns\" field in output of BatchGetBuildBatches API. \"reportArns\" is an array that contains the ARNs of reports created by merging reports from builds associated with the batch build.", + "type": "api-change" + }, + { + "category": "``devicefarm``", + "description": "Add an optional configuration to the ScheduleRun and CreateRemoteAccessSession API to set a device level http/s proxy.", + "type": "api-change" + }, + { + "category": "openssl", + "description": "Update bundled OpenSSL version to 1.1.1zb for Linux installers", + "type": "enhancement" + }, + { + "category": "``taxsettings``", + "description": "PutTaxRegistration API changes for Egypt, Greece, Vietnam countries", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Adds support for time-based EBS-backed AMI copy operations. Time-based copy ensures that EBS-backed AMIs are copied within and across Regions in a specified timeframe.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.13.json 2.31.35-1/.changes/2.24.13.json --- 2.23.6-1/.changes/2.24.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``cloudfront``", + "description": "Documentation update for VPC origin config.", + "type": "api-change" + }, + { + "category": "``oam``", + "description": "This release adds support for sharing AWS::ApplicationSignals::Service and AWS::ApplicationSignals::ServiceLevelObjective resources.", + "type": "api-change" + }, + { + "category": "configure", + "description": "Clarify prompt titles and default values in the ``aws configure sso`` wizard", + "type": "enhancement" + }, + { + "category": "``iotfleetwise``", + "description": "This release adds an optional listResponseScope request parameter in certain list API requests to limit the response to metadata only.", + "type": "api-change" + }, + { + "category": "``chime``", + "description": "Removes the Amazon Chime SDK APIs from the \"chime\" namespace. Amazon Chime SDK APIs continue to be available in the AWS SDK via the dedicated Amazon Chime SDK namespaces: chime-sdk-identity, chime-sdk-mediapipelines, chime-sdk-meetings, chime-sdk-messaging, and chime-sdk-voice.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "AWS Batch: Resource Aware Scheduling feature support", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "AWS SageMaker InferenceComponents now support rolling update deployments for Inference Components.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Amazon EC2 Fleet customers can now override the Block Device Mapping specified in the Launch Template when creating a new Fleet request, saving the effort of creating and associating new Launch Templates to customize the Block Device Mapping.", + "type": "api-change" + }, + { + "category": "``application-signals``", + "description": "This release adds API support for reading Service Level Objectives and Services from monitoring accounts, from SLO and Service-scoped operations, including ListServices and ListServiceLevelObjectives.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.14.json 2.31.35-1/.changes/2.24.14.json --- 2.23.6-1/.changes/2.24.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``emr``", + "description": "Definition update for EbsConfiguration.", + "type": "api-change" + }, + { + "category": "``storagegateway``", + "description": "This release adds support to invoke a process that cleans the specified file share's cache of file entries that are failing upload to Amazon S3.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "This release supports deleting attachments from conversations.", + "type": "api-change" + }, + { + "category": "dependency", + "description": "Upgrade pyinstaller from 5.13.2 to 6.11.1.", + "type": "enhancement" + }, + { + "category": "encoding", + "description": "Adds support for the ``AWS_CLI_OUTPUT_ENCODING`` environment variable, which can be used to override the locale's preferred encoding when the CLI is writing output.", + "type": "enhancement" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Introduces Sessions (preview) to enable stateful conversations in GenAI applications.", + "type": "api-change" + }, + { + "category": "``redshift-serverless``", + "description": "Add track support for Redshift Serverless workgroup.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "SageMaker HubService is introducing support for creating Training Jobs in Curated Hub (Private Hub). Additionally, it is introducing two new APIs: UpdateHubContent and UpdateHubContentReference.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.15.json 2.31.35-1/.changes/2.24.15.json --- 2.23.6-1/.changes/2.24.15.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.15.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``pricing``", + "description": "Update GetProducts and DescribeServices API request input validations.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Renamed and added new StandardConfiguration enums. Added support to update EncryptionConfiguration in UpdateBlueprint and UpdateDataAutomation APIs. Changed HttpStatus code for DeleteBlueprint and DeleteDataAutomationProject APIs to 200 from 204. Added APIs to support tagging.", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Add skipped status to the Result Statistics of an Assessment Run", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "Systems Manager doc-only updates for Feb. 2025.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation-runtime``", + "description": "Added a mandatory parameter DataAutomationProfileArn to support for cross region inference for InvokeDataAutomationAsync API. Renamed DataAutomationArn to DataAutomationProjectArn. Added APIs to support tagging.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Adding licenses to EKS Anywhere Subscription operations response.", + "type": "api-change" + }, + { + "category": "dependency", + "description": "Revert PyInstaller from 6.11.1 back to 5.13.2 due to `#9331 `__.", + "type": "bugfix" + }, + { + "category": "``bedrock-agent``", + "description": "This release lets Amazon Bedrock Flows support newer models by increasing the maximum length of output in a prompt configuration. This release also increases the maximum number of prompt variables to 20 and the maximum number of node inputs to 20.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "The AWS MediaConvert Probe API allows you to analyze media files and retrieve detailed metadata about their content, format, and structure.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.16.json 2.31.35-1/.changes/2.24.16.json --- 2.23.6-1/.changes/2.24.16.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.16.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "configuration", + "description": "Add support for disabling host prefix injection via the ``AWS_DISABLE_HOST_PREFIX_INJECTION`` environment variable or the ``disable_host_prefix_injection`` parameter in the shared aws configuration file.", + "type": "enhancement" + }, + { + "category": "``sagemaker``", + "description": "Add DomainId to CreateDomainResponse", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Adds support for the ingestion of audio and video files by Q Business, which can be configured with the mediaExtractionConfiguration parameter.", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "Added the capacity to return available challenges in admin authentication and to set version 3 of the pre token generation event for M2M ATC.", + "type": "api-change" + }, + { + "category": "``awscrt``", + "description": "Fix urlencoding issues for request signing with the awscrt.", + "type": "bugfix" + }, + { + "category": "``rum``", + "description": "Add support for PutResourcePolicy, GetResourcePolicy and DeleteResourcePolicy to support resource based policies for AWS CloudWatch RUM", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "Updating documentation for post call analytics job queueing.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Update the DescribeVpcs response", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.17.json 2.31.35-1/.changes/2.24.17.json --- 2.23.6-1/.changes/2.24.17.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.17.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``iotsitewise``", + "description": "AWS IoT SiteWise now supports MQTT-enabled, V3 gateways. Configure data destinations for real-time ingestion into AWS IoT SiteWise or buffered ingestion using Amazon S3 storage. You can also use path filters for precise data collection from specific MQTT topics.", + "type": "api-change" + }, + { + "category": "``elasticache``", + "description": "Doc only update, listing 'valkey7' and 'valkey8' as engine options for parameter groups.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Note support for Database Insights for Amazon RDS.", + "type": "api-change" + }, + { + "category": "useragent", + "description": "Update user agent string to include client feature use.", + "type": "enhancement" + }, + { + "category": "``iot-managed-integrations``", + "description": "Adding managed integrations APIs for IoT Device Management to setup and control devices across different manufacturers and connectivity protocols. APIs include managedthing operations, credential and provisioning profile management, notification configuration, and OTA update.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.18.json 2.31.35-1/.changes/2.24.18.json --- 2.23.6-1/.changes/2.24.18.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.18.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``iotfleetwise``", + "description": "This release adds floating point support for CAN/OBD signals and adds support for signed OBD signals.", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "AWS DataSync now supports modifying ServerHostname while updating locations SMB, NFS, and ObjectStorage.", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Added DeviceTypeWorkSpacesThinClient type to allow users to access their WorkSpaces through a WorkSpaces Thin Client.", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "New Service: Amazon GameLift Streams delivers low-latency game streaming from AWS global infrastructure to virtually any device with a browser at up to 1080p resolution and 60 fps.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "This releases adds support for Custom Prompt Router ARN", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.19.json 2.31.35-1/.changes/2.24.19.json --- 2.23.6-1/.changes/2.24.19.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.19.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``wafv2``", + "description": "You can now perform an exact match or rate limit aggregation against the web request's JA4 fingerprint.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This releases adds support for Custom Prompt Router", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Added a new ModifyEndpointEncryptionMode API for managing endpoint encryption settings.", + "type": "api-change" + }, + { + "category": "``ivs-realtime``", + "description": "IVS Real-Time now offers customers the ability to merge fragmented recordings in the event of a participant disconnect.", + "type": "api-change" + }, + { + "category": "``networkflowmonitor``", + "description": "This release contains 2 changes. 1: DeleteScope/GetScope/UpdateScope operations now return 404 instead of 500 when the resource does not exist. 2: Expected string format for clientToken fields of CreateMonitorInput/CreateScopeInput/UpdateMonitorInput have been updated to be an UUID based string.", + "type": "api-change" + }, + { + "category": "``redshift-data``", + "description": "This release adds support for ListStatements API to filter statements by ClusterIdentifier, WorkgroupName, and Database.", + "type": "api-change" + }, + { + "category": "``cloudtrail``", + "description": "Doc-only update for CloudTrail.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.2.json 2.31.35-1/.changes/2.24.2.json --- 2.23.6-1/.changes/2.24.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``pi``", + "description": "Documentation only update for RDS Performance Insights dimensions for execution plans and locking analysis.", + "type": "api-change" + }, + { + "category": "``acm-pca``", + "description": "Private Certificate Authority service now supports Partitioned CRL as a revocation configuration option.", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Add support for operation level caching", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Adding support for the new fullSnapshotSizeInBytes field in the response of the EC2 EBS DescribeSnapshots API. This field represents the size of all the blocks that were written to the source volume at the time the snapshot was created.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.20.json 2.31.35-1/.changes/2.24.20.json --- 2.23.6-1/.changes/2.24.20.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.20.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``neptune-graph``", + "description": "Several small updates to resolve customer requests.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Documentation updates for Amazon CloudFront.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Introduces support for Neptune Analytics as a vector data store and adds Context Enrichment Configurations, enabling use cases such as GraphRAG.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add serviceManaged field to DescribeAddresses API response.", + "type": "api-change" + }, + { + "category": "``elbv2``", + "description": "This release adds support for assigning IP addresses to Application Load Balancers from VPC IP Address Manager pools.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Support Multi Agent Collaboration within Inline Agents", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.21.json 2.31.35-1/.changes/2.24.21.json --- 2.23.6-1/.changes/2.24.21.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.21.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``ce``", + "description": "Releasing minor partition endpoint updates.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Add support for computer use tools", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Add support for contact transfers in external voice systems.", + "type": "api-change" + }, + { + "category": "``pca-connector-ad``", + "description": "PrivateCA Connector for Active Directory now supports dual stack endpoints. This release adds the IpAddressType option to the VpcInformation on a Connector which determines whether the endpoint supports IPv4 only or IPv4 and IPv6 traffic.", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "This release updates the default value of pprof-disabled from false to true.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Adds defaultFontSize and defaultLineHeight as options in the EbuTtDDestinationSettings within the caption descriptions for an output stream.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Add support for computer use tools", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "This release adds new StandardsControlsUpdatable field to the StandardsSubscription resource", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.22.json 2.31.35-1/.changes/2.24.22.json --- 2.23.6-1/.changes/2.24.22.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.22.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``ec2``", + "description": "This release adds the GroupLongName field to the response of the DescribeAvailabilityZones API.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Add an enum option DISABLED for Output Locking Mode under Global Configuration.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "This release adds Amazon ECR to Amazon ECR pull through cache rules support.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is a documentation only update for Amazon ECS to address various tickets.", + "type": "api-change" + }, + { + "category": "``inspector2``", + "description": "Adding componentArn to network reachability details", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.23.json 2.31.35-1/.changes/2.24.23.json --- 2.23.6-1/.changes/2.24.23.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.23.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,62 @@ +[ + { + "category": "``s3control``", + "description": "Updating GetDataAccess response for S3 Access Grants to include the matched Grantee for the requested prefix", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "Updated CreateLogAnomalyDetector to accept only kms key arn", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Introduced support for Skew Protection. Added enableSkewProtection field to createBranch and updateBranch API.", + "type": "api-change" + }, + { + "category": "``acm-pca``", + "description": "Private Certificate Authority service now supports P521 and RSA3072 key algorithms.", + "type": "api-change" + }, + { + "category": "``ivs-realtime``", + "description": "IVS Real-Time now offers customers the ability to adjust the participant & composition recording segment duration", + "type": "api-change" + }, + { + "category": "parsers", + "description": "Minor Parser updates to support the new smithy-generated protocol tests.", + "type": "enhancement" + }, + { + "category": "``codebuild``", + "description": "AWS CodeBuild now supports webhook filtering by organization name", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release changes the CreateLaunchTemplate, CreateLaunchTemplateVersion, ModifyLaunchTemplate CLI and SDKs such that if you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.", + "type": "api-change" + }, + { + "category": "parsers", + "description": "Adds support for parsing int/long types in rest-json response headers.", + "type": "enhancement" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds the ResetChannelState and ResetOriginEndpointState operation to reset MediaPackage V2 channel and origin endpoint. This release also adds a new field, UrlEncodeChildManifest, for HLS/LL-HLS to allow URL-encoding child manifest query string based on the requirements of AWS SigV4.", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Generate account endpoints for DynamoDB requests using ARN-sourced account ID when available", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release adds support to update projects and environments", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.24.json 2.31.35-1/.changes/2.24.24.json --- 2.23.6-1/.changes/2.24.24.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.24.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``lakeformation``", + "description": "This release added \"condition\" to LakeFormation OptIn APIs, also added WithPrivilegedAccess flag to RegisterResource and DescribeResource.", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "Minor description updates to API parameters", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "This release added AllowFullTableExternalDataAccess to glue catalog resource.", + "type": "api-change" + }, + { + "category": "``cognito-identity``", + "description": "Updated API model build artifacts for identity pools", + "type": "api-change" + }, + { + "category": "parser", + "description": "Fixes bug when trying to parse an integer in the `code` part of the response body.", + "type": "bugfix" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.25.json 2.31.35-1/.changes/2.24.25.json --- 2.23.6-1/.changes/2.24.25.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.25.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``wafv2``", + "description": "AWS WAF now lets you inspect fragments of request URIs. You can specify the scope of the URI to inspect and narrow the set of URI fragments.", + "type": "api-change" + }, + { + "category": "``geo-maps``", + "description": "Provide support for vector map styles in the GetStaticMap operation.", + "type": "api-change" + }, + { + "category": "``application-signals``", + "description": "This release adds support for adding, removing, and listing SLO time exclusion windows with the BatchUpdateExclusionWindows and ListServiceLevelObjectiveExclusionWindows APIs.", + "type": "api-change" + }, + { + "category": "``rum``", + "description": "CloudWatch RUM now supports unminification of JS error stack traces.", + "type": "api-change" + }, + { + "category": "``taxsettings``", + "description": "Adjust Vietnam PaymentVoucherNumber regex and minor API change.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.26.json 2.31.35-1/.changes/2.24.26.json --- 2.23.6-1/.changes/2.24.26.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.26.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``mediaconvert``", + "description": "This release adds support for AVC passthrough, the ability to specify PTS offset without padding, and an A/V segment matching feature.", + "type": "api-change" + }, + { + "category": "``route53``", + "description": "Amazon Route 53 now supports the iso-f regions for private DNS Amazon VPCs and cloudwatch healthchecks.", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Providing Tagging support for DomainName in AppSync", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "This release adds support for PySpark jobs. Customers can now analyze data by running jobs using approved PySpark analysis templates.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.27.json 2.31.35-1/.changes/2.24.27.json --- 2.23.6-1/.changes/2.24.27.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.27.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``mediaconnect``", + "description": "This release adds support for NDI flow outputs in AWS Elemental MediaConnect. You can now send content from your MediaConnect transport streams directly to your NDI environment using the new NDI output type.", + "type": "api-change" + }, + { + "category": "``neptune-graph``", + "description": "Update IAM Role ARN Validation to Support Role Paths", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Add Ruby 3.4 (ruby3.4) support to AWS Lambda.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Support custom prompt routers for evaluation jobs", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Doc-only updates for EC2 for March 2025.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Added support for g6, g6e, m6i, c6i instance types in SageMaker Processing Jobs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.3.json 2.31.35-1/.changes/2.24.3.json --- 2.23.6-1/.changes/2.24.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``fsx``", + "description": "Support for in-place Lustre version upgrades", + "type": "api-change" + }, + { + "category": "``b2bi``", + "description": "Allow spaces in the following fields in the Partnership resource: ISA 06 - Sender ID, ISA 08 - Receiver ID, GS 02 - Application Sender Code, GS 03 - Application Receiver Code", + "type": "api-change" + }, + { + "category": "``polly``", + "description": "Added support for the new voice - Jasmine (en-SG). Jasmine is available as a Neural voice only.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "This releases adds the additionalModelRequestFields field to the InvokeInlineAgent operation. Use additionalModelRequestFields to specify additional inference parameters for a model beyond the base inference parameters.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "This releases adds the additionalModelRequestFields field to the CreateAgent and UpdateAgent operations. Use additionalModelRequestFields to specify additional inference parameters for a model beyond the base inference parameters.", + "type": "api-change" + }, + { + "category": "``opensearchserverless``", + "description": "Custom OpenSearchServerless Entity ID for SAML Config.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Add note for the RUNNER_BUILDKITE_BUILD buildType.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Adds a RequestId parameter to all MediaLive Workflow Monitor create operations. The RequestId parameter allows idempotent operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.4.json 2.31.35-1/.changes/2.24.4.json --- 2.23.6-1/.changes/2.24.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``acm-pca``", + "description": "Private Certificate Authority (PCA) documentation updates", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is a documentation only release to support migrating Amazon ECS service ARNs to the long ARN format.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Adds additional values to the InferenceAmiVersion parameter in the ProductionVariant data type.", + "type": "api-change" + }, + { + "category": "``fis``", + "description": "Adds auto-pagination for the following operations: ListActions, ListExperimentTemplates, ListTargetAccountConfigurations, ListExperiments, ListExperimentResolvedTargets, ListTargetResourceTypes. Reduces length constraints of prefixes for logConfiguration and experimentReportConfiguration.", + "type": "api-change" + }, + { + "category": "``accessanalyzer``", + "description": "This release introduces the getFindingsStatistics API, enabling users to retrieve aggregated finding statistics for IAM Access Analyzer's external access and unused access analysis features. Updated service API and documentation.", + "type": "api-change" + }, + { + "category": "``storagegateway``", + "description": "This release adds support for generating cache reports on S3 File Gateways for files that fail to upload.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.5.json 2.31.35-1/.changes/2.24.5.json --- 2.23.6-1/.changes/2.24.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``codebuild``", + "description": "Added test suite names to test case metadata", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Release Notes: 1) Analytics API enhancements: Added new ListAnalyticsDataLakeDataSets API. 2) Onboarding API Idempotency: Adds ClientToken to instance creation and management APIs to support idempotency.", + "type": "api-change" + }, + { + "category": "``workspaces-thin-client``", + "description": "Update Environment and Device name field definitions", + "type": "api-change" + }, + { + "category": "``rds-data``", + "description": "Add support for Stop DB feature.", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Introduces premigration assessment feature to DMS Serverless API for start-replication and describe-replications", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Added support for Content-Range header in HeadObject response.", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "The WAFv2 API now supports configuring data protection in webACLs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.6.json 2.31.35-1/.changes/2.24.6.json --- 2.23.6-1/.changes/2.24.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``dms``", + "description": "Support replicationConfigArn in DMS DescribeApplicableIndividualAssessments API.", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "This release introduces APIs to manage DbClusters and adds support for read replicas", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Add ComputeRoleArn to CreateApp, UpdateApp, CreateBranch, and UpdateBranch, allowing caller to specify a role to be assumed by Amplify Hosting for server-side rendered applications.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.7.json 2.31.35-1/.changes/2.24.7.json --- 2.23.6-1/.changes/2.24.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "protocols", + "description": "Added support for multiple protocols within a service based on performance priority.", + "type": "enhancement" + }, + { + "category": "``batch``", + "description": "This documentation-only update corrects some typos.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Adds support for creating CloudWatchAlarmTemplates for AWS Elemental MediaTailor Playback Configuration resources.", + "type": "api-change" + }, + { + "category": "``emr-containers``", + "description": "EMR on EKS StartJobRun Api will be supporting the configuration of log storage in AWS by using \"managedLogs\" under \"MonitoringConfiguration\".", + "type": "api-change" + }, + { + "category": "protocol", + "description": "The CLI no longer validates payload size for event streams. This is to facilitate varying payload requirements across AWS services.", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.8.json 2.31.35-1/.changes/2.24.8.json --- 2.23.6-1/.changes/2.24.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``location``", + "description": "Adds support for larger property maps for tracking and geofence positions changes. It increases the maximum number of items from 3 to 4, and the maximum value length from 40 to 150.", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "This release introduces Network Firewall's Automated Domain List feature. New APIs include UpdateFirewallAnalysisSettings, StartAnalysisReport, GetAnalysisReportResults, and ListAnalysisReports. These allow customers to enable analysis on firewalls to identify and report frequently accessed domain.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "This release adds the ability for outbound email sent with SES to preserve emails to a Mail Manager archive.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is a documentation only release for Amazon ECS that supports the CPU task limit increase.", + "type": "api-change" + }, + { + "category": "``lightsail``", + "description": "Documentation updates for Amazon Lightsail.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Adds r8g instance type support to SageMaker Realtime Endpoints", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "This release adds additional metadata fields in Mail Manager archive searches to show email source and details about emails that were archived when being sent with SES.", + "type": "api-change" + }, + { + "category": "``codepipeline``", + "description": "Add environment variables to codepipeline action declaration.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.24.9.json 2.31.35-1/.changes/2.24.9.json --- 2.23.6-1/.changes/2.24.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.24.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``rds``", + "description": "CloudWatch Database Insights now supports Amazon RDS.", + "type": "api-change" + }, + { + "category": "``workspaces-web``", + "description": "Add support for toolbar configuration under user settings.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Add webhook status and status message to AWS CodeBuild webhooks", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Added new capability in the UpdateCluster operation to remove instance groups from your SageMaker HyperPod cluster.", + "type": "api-change" + }, + { + "category": "``license-manager-user-subscriptions``", + "description": "Updates entity to include Microsoft RDS SAL as a valid type of user subscription.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Reduce the minimum number of required attack sequence signals from 2 to 1", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.0.json 2.31.35-1/.changes/2.25.0.json --- 2.23.6-1/.changes/2.25.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "Endpoints", + "description": "Generate and use AWS-account-based endpoints for compatible services when the account ID is available. At launch, DynamoDB is the first and only compatible service. The new endpoint URL pattern will be ``https://.ddb..amazonaws.com``. Additional services may be added in the future. See the documentation for details: https://docs.aws.amazon.com/sdkref/latest/guide/feature-account-endpoints.html", + "type": "feature" + }, + { + "category": "dependency", + "description": "Upgrade pyinstaller from 5.13.2 to 6.11.1.", + "type": "enhancement" + }, + { + "category": "``controlcatalog``", + "description": "Add ExemptAssumeRoot parameter to adapt for new AWS AssumeRoot capability.", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "You can now use flow operations to either flush or capture traffic monitored in your firewall's flow table.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "With this release, Bedrock Evaluation will now support bring your own inference responses.", + "type": "api-change" + }, + { + "category": "dependency", + "description": "Set ``PYINSTALLER_RESET_ENVIRONMENT`` if not already set when starting child processes. This supports using the CLI as a credential process for itself.", + "type": "enhancement" + }, + { + "category": "``mailmanager``", + "description": "Amazon SES Mail Manager. Extended rule string and boolean expressions to support analysis in condition evaluation. Extended ingress point string expression to support analysis in condition evaluation", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Added appId field to Webhook responses", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.1.json 2.31.35-1/.changes/2.25.1.json --- 2.23.6-1/.changes/2.25.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``datazone``", + "description": "Add support for overriding selection of default AWS IAM Identity Center instance as part of Amazon DataZone domain APIs.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release does the following: 1.) Adds DurationHours as a required field to the SearchTrainingPlanOfferings action in the SageMaker AI API; 2.) Adds support for G6e instance types for SageMaker AI inference optimization jobs.", + "type": "api-change" + }, + { + "category": "Protocol", + "description": "Adds support for the smithy-rpc-v2-cbor protocol. If a service supports smithy-rpc-v2-cbor, this protocol will automatically be used. For more information, see https://smithy.io/2.0/additional-specs/protocols/smithy-rpc-v2.html", + "type": "enhancement" + }, + { + "category": "``route53-recovery-control-config``", + "description": "Adds dual-stack (IPv4 and IPv6) endpoint support for route53-recovery-control-config operations, opt-in dual-stack addresses for cluster endpoints, and UpdateCluster API to update the network-type of clusters between IPv4 and dual-stack.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "A CustomModelUnit(CMU) is an abstract view of the hardware utilization that Bedrock needs to host a a single copy of your custom imported model. Bedrock determines the number of CMUs that a model copy needs when you import the custom model. You can use CMUs to estimate the cost of Inference's.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.10.json 2.31.35-1/.changes/2.25.10.json --- 2.23.6-1/.changes/2.25.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``route53``", + "description": "Added us-gov-east-1 and us-gov-west-1 as valid Latency Based Routing regions for change-resource-record-sets.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Adds support for i3en, m7i, r7i instance types for SageMaker Hyperpod", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Added optional \"customMetadataField\" for Amazon Aurora knowledge bases, allowing single-column metadata. Also added optional \"textIndexName\" for MongoDB Atlas knowledge bases, enabling hybrid search support.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "Improve descriptions for various API commands and data types.", + "type": "api-change" + }, + { + "category": "``chime-sdk-voice``", + "description": "Added FOC date as an attribute of PhoneNumberOrder, added AccessDeniedException as a possible return type of ValidateE911Address", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "This Feature Adds Support for the \"zh-HK\" Locale for Batch Operations", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "Add support for Dual_Stack and PrivateLink types of IngressPoint. For configuration requests, SES Mail Manager will now accept both IPv4/IPv6 dual-stack endpoints and AWS PrivateLink VPC endpoints for email receiving.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "This release enables customers to provide attachments in the SESv2 SendEmail and SendBulkEmail APIs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.11.json 2.31.35-1/.changes/2.25.11.json --- 2.23.6-1/.changes/2.25.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``ds-data``", + "description": "Doc only update - fixed broken links.", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Updated max size of Prefixes parameter of Scope data type.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Doc-only updates for Amazon EC2", + "type": "api-change" + }, + { + "category": "``events``", + "description": "Amazon EventBridge adds support for customer-managed keys on Archives and validations for two fields: eventSourceArn and kmsKeyIdentifier.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.12.json 2.31.35-1/.changes/2.25.12.json --- 2.23.6-1/.changes/2.25.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``medialive``", + "description": "AWS Elemental MediaLive now supports SDI inputs to MediaLive Anywhere Channels in workflows that use AWS SDKs.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Add input validations for multiple Glue APIs", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "New options for how to handle harmful content detected by Amazon Bedrock Guardrails.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "AWS CodeBuild now offers an enhanced debugging experience.", + "type": "api-change" + }, + { + "category": "``personalize``", + "description": "Add support for eventsConfig for CreateSolution, UpdateSolution, DescribeSolution, DescribeSolutionVersion. Add support for GetSolutionMetrics to return weighted NDCG metrics when eventsConfig is enabled for the solution.", + "type": "api-change" + }, + { + "category": "``transfer``", + "description": "This launch enables customers to manage contents of their remote directories, by deleting old files or moving files to archive folders in remote servers once they have been retrieved. Customers will be able to automate the process using event-driven architecture.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "New options for how to handle harmful content detected by Amazon Bedrock Guardrails.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.13.json 2.31.35-1/.changes/2.25.13.json --- 2.23.6-1/.changes/2.25.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``taxsettings``", + "description": "Uzbekistan Launch on TaxSettings Page", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "Documentation updates for AWS Security Hub.", + "type": "api-change" + }, + { + "category": "``iotfleetwise``", + "description": "This release adds the option to update the strategy of state templates already associated to a vehicle, without the need to remove and re-add them.", + "type": "api-change" + }, + { + "category": "``storagegateway``", + "description": "Added new ActiveDirectoryStatus value, ListCacheReports paginator, and support for longer pagination tokens.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "This release introduces our latest bedrock runtime API, InvokeModelWithBidirectionalStream. The API supports both input and output streams and is supported by only HTTP2.0.", + "type": "api-change" + }, + { + "category": "``cost-optimization-hub``", + "description": "This release adds resource type \"MemoryDbReservedInstances\" and resource type \"DynamoDbReservedCapacity\" to the GetRecommendation, ListRecommendations, and ListRecommendationSummaries APIs to support new MemoryDB and DynamoDB RI recommendations.", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "This release supports Pagination traits on Cost Anomaly Detection APIs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.14.json 2.31.35-1/.changes/2.25.14.json --- 2.23.6-1/.changes/2.25.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``dynamodb``", + "description": "Documentation update for secondary indexes and Create_Table.", + "type": "api-change" + }, + { + "category": "``transfer``", + "description": "This launch includes 2 enhancements to SFTP connectors user-experience: 1) Customers can self-serve concurrent connections setting for their connectors, and 2) Customers can discover the public host key of remote servers using their SFTP connectors.", + "type": "api-change" + }, + { + "category": "``controlcatalog``", + "description": "The GetControl API now surfaces a control's Severity, CreateTime, and Identifier for a control's Implementation. The ListControls API now surfaces a control's Behavior, Severity, CreateTime, and Identifier for a control's Implementation.", + "type": "api-change" + }, + { + "category": "``groundstation``", + "description": "Support tagging Agents and adjust input field validations", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "The TableOptimizer APIs in AWS Glue now return the DpuHours field in each TableOptimizerRun, providing clients visibility to the DPU-hours used for billing in managed Apache Iceberg table compaction optimization.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.2.json 2.31.35-1/.changes/2.25.2.json --- 2.23.6-1/.changes/2.25.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``pcs``", + "description": "ClusterName/ClusterIdentifier, ComputeNodeGroupName/ComputeNodeGroupIdentifier, and QueueName/QueueIdentifier can now have 10 characters, and a minimum of 3 characters. The TagResource API action can now return ServiceQuotaExceededException.", + "type": "api-change" + }, + { + "category": "``iotwireless``", + "description": "Mark EutranCid under LteNmr optional.", + "type": "api-change" + }, + { + "category": "dependency", + "description": "Relax symlink verification when building MacOS executables", + "type": "bugfix" + }, + { + "category": "``ssm``", + "description": "This release adds the AvailableSecurityUpdatesComplianceStatus field to patch baseline operations, as well as the AvailableSecurityUpdateCount and InstancesWithAvailableSecurityUpdates to patch state operations. Applies to Windows Server managed nodes only.", + "type": "api-change" + }, + { + "category": "``qconnect``", + "description": "Provides the correct value for supported model ID.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.3.json 2.31.35-1/.changes/2.25.3.json --- 2.23.6-1/.changes/2.25.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``workspaces-thin-client``", + "description": "Deprecate tags field in Get API responses", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Added support to override upgrade-blocking readiness checks via force flag when updating a cluster.", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Minor updates to improve developer experience.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Adding support for Amazon OpenSearch Managed clusters as a vector database in Knowledge Bases for Amazon Bedrock", + "type": "api-change" + }, + { + "category": "``marketplace-entitlement``", + "description": "This release enhances the GetEntitlements API to support new filter CUSTOMER_AWS_ACCOUNT_ID in request and CustomerAWSAccountId field in response.", + "type": "api-change" + }, + { + "category": "``keyspaces``", + "description": "Removing replication region limitation for Amazon Keyspaces Multi-Region Replication APIs.", + "type": "api-change" + }, + { + "category": "``sso``", + "description": "Updates legacy token auth flow to check if cached legacy tokens are expired according to the local clock. If expired, it will raise an ``UnauthorizedSSOTokenError`` instead of sending an expired token to Identity Center's ``GetRoleCredentials`` API.", + "type": "enhancement" + }, + { + "category": "``sagemaker``", + "description": "This release adds support for customer-managed KMS keys in Amazon SageMaker Partner AI Apps", + "type": "api-change" + }, + { + "category": "``meteringmarketplace``", + "description": "This release enhances the BatchMeterUsage API to support new field CustomerAWSAccountId in request and response and making CustomerIdentifier optional. CustomerAWSAccountId or CustomerIdentifier must be provided in request but not both.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.4.json 2.31.35-1/.changes/2.25.4.json --- 2.23.6-1/.changes/2.25.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``arc-zonal-shift``", + "description": "Add new shiftType field for ARC zonal shifts.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Add note about the Availability Zone where RDS restores the DB cluster for the RestoreDBClusterToPointInTime operation.", + "type": "api-change" + }, + { + "category": "``directconnect``", + "description": "With this release, AWS Direct Connect allows you to tag your Direct Connect gateways. Tags are metadata that you can create and use to manage your Direct Connect gateways. For more information about tagging, see AWS Tagging Strategies.", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "This release adds the ability to associate an AWS WAF v2 web ACL with an AWS Amplify App.", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Add support for log filtering which allow customers to filter out selected event types from logs.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds a configurable Quality Level setting for the top rendition of Auto ABR jobs", + "type": "api-change" + }, + { + "category": "``polly``", + "description": "Added support for the new voice - Jihye (ko-KR). Jihye is available as a Neural voice only.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.5.json 2.31.35-1/.changes/2.25.5.json --- 2.23.6-1/.changes/2.25.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``gamelift``", + "description": "Amazon GameLift Servers add support for additional instance types.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "add: recovery mode for SageMaker Studio apps", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Update IAM dual-stack endpoints for BJS, IAD and PDT partitions", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "bedrock flow now support node action trace.", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "Adding support for the new parameter \"ScanFilters\" in the CloudFormation StartResourceScan API. When this parameter is included, the StartResourceScan API will initiate a scan limited to the resource types specified by the parameter.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release adds new action type of Create Listing Changeset for the Metadata Enforcement Rule feature.", + "type": "api-change" + }, + { + "category": "``sso-oidc``", + "description": "This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Added support for BOTTLEROCKET FIPS AMIs to AMI types in US regions.", + "type": "api-change" + }, + { + "category": "``bcm-pricing-calculator``", + "description": "Added standaloneAccountRateTypeSelections for GetPreferences and UpdatePreferences APIs. Added STALE enum value to status attribute in GetBillScenario and UpdateBillScenario APIs.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "This release will enable two features: Firelens log driver, and Execute Command on Batch jobs on ECS. Both features will be passed through to ECS.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.6.json 2.31.35-1/.changes/2.25.6.json --- 2.23.6-1/.changes/2.25.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``bedrock-runtime``", + "description": "Launching Multi-modality Content Filter for Amazon Bedrock Guardrails.", + "type": "api-change" + }, + { + "category": "``apigateway``", + "description": "Adds support for setting the IP address type to allow dual-stack or IPv4 address types to invoke your APIs or domain names.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "TransformAmiVersion for Batch Transform and SageMaker Search Service Aggregate Search API Extension", + "type": "api-change" + }, + { + "category": "``payment-cryptography``", + "description": "The service adds support for transferring AES-256 and other keys between the service and other service providers and HSMs. This feature uses ECDH to derive a one-time key transport key to enable these secure key exchanges.", + "type": "api-change" + }, + { + "category": "``apigatewayv2``", + "description": "Adds support for setting the IP address type to allow dual-stack or IPv4 address types to invoke your APIs or domain names.", + "type": "api-change" + }, + { + "category": "``networkmanager``", + "description": "Add support for NetworkManager Dualstack endpoints.", + "type": "api-change" + }, + { + "category": "``meteringmarketplace``", + "description": "Add support for Marketplace Metering Service dual-stack endpoints.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "This release adds support for cacheNamespace in ProjectCache", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is an Amazon ECS documentation only release that addresses tickets.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "RLS permission dataset with userAs: RLS_RULES flag, Q in QuickSight/Threshold Alerts/Schedules/Snapshots in QS embedding, toggle dataset refresh email alerts via API, transposed table with options: column width, type and index, toggle Q&A on dashboards, Oracle Service Name when creating data source.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.7.json 2.31.35-1/.changes/2.25.7.json --- 2.23.6-1/.changes/2.25.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``ec2``", + "description": "Release VPC Route Server, a new feature allowing dynamic routing in VPCs.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add support for updating RemoteNetworkConfig for hybrid nodes on EKS UpdateClusterConfig API", + "type": "api-change" + }, + { + "category": "``outposts``", + "description": "Enabling Asset Level Capacity Management feature, which allows customers to create a Capacity Task for a single Asset on their active Outpost.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Add dual-stack support to global endpoints.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "With this release you can use a new field to specify the search term match type. Search term match types currently support fuzzy and contains matching.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones", + "type": "api-change" + }, + { + "category": "``marketplace-entitlement``", + "description": "Add support for Marketplace Entitlement Service dual-stack endpoints.", + "type": "api-change" + }, + { + "category": "``transfer``", + "description": "Add WebAppEndpointPolicy support for WebApps", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "Add Prompt Caching support to Converse and ConverseStream APIs", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.8.json 2.31.35-1/.changes/2.25.8.json --- 2.23.6-1/.changes/2.25.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``sagemaker``", + "description": "Added tagging support for SageMaker notebook instance lifecycle configurations", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "This release adds support for updating the analytics engine of a collaboration.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.25.9.json 2.31.35-1/.changes/2.25.9.json --- 2.23.6-1/.changes/2.25.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.25.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``ecs``", + "description": "This is an Amazon ECS documentation only update to address various tickets.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "This release adds support for environment type WINDOWS_SERVER_2022_CONTAINER in ProjectEnvironment", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Fix for customer issues related to AWS account ID and size limitation for token.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Added support for SMPTE 2110 inputs when running a channel in a MediaLive Anywhere cluster. This feature enables ingestion of SMPTE 2110-compliant video, audio, and ancillary streams by reading SDP files that AWS Elemental MediaLive can retrieve from a network source.", + "type": "api-change" + }, + { + "category": "``lexv2-models``", + "description": "Release feature of errorlogging for lex bot, customer can config this feature in bot version to generate log for error exception which helps debug", + "type": "api-change" + }, + { + "category": "``ec2instanceconnect``", + "description": "Replace cryptographic functions from ``cryptography`` with ``awscrt`` for the ``ssh`` command.", + "type": "enhancement" + }, + { + "category": "``application-signals``", + "description": "Application Signals now supports creating Service Level Objectives on service dependencies. Users can now create or update SLOs on discovered service dependencies to monitor their standard application metrics.", + "type": "api-change" + }, + { + "category": "awscrt", + "description": "Update awscrt version requirement to 0.25.4", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.0.json 2.31.35-1/.changes/2.26.0.json --- 2.23.6-1/.changes/2.26.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``elasticache``", + "description": "AWS ElastiCache SDK now supports using MemcachedUpgradeConfig parameter with ModifyCacheCluster API to enable updating Memcached cache node types. Please refer to updated AWS ElastiCache public documentation for detailed information on API usage and implementation.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Add support to analysis and sheet level highlighting in QuickSight.", + "type": "api-change" + }, + { + "category": "``m2``", + "description": "Introduce three new APIs: CreateDataSetExportTask, GetDataSetExportTask and ListDataSetExportHistory. Add support for batch restart for Blu Age applications.", + "type": "api-change" + }, + { + "category": "Python", + "description": "Drop support for Python 3.8", + "type": "feature" + }, + { + "category": "Python", + "description": "Update bundled Python interpreter to 3.13.2", + "type": "enhancement" + }, + { + "category": "``medialive``", + "description": "AWS Elemental MediaLive / Features : Add support for CMAF Ingest CaptionLanguageMappings, TimedMetadataId3 settings, and Link InputResolution.", + "type": "api-change" + }, + { + "category": "``application-autoscaling``", + "description": "Application Auto Scaling now supports horizontal scaling for Elasticache Memcached self-designed clusters using target tracking scaling policies and scheduled scaling.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Adds functionality to enable/disable a new Q Business Hallucination Reduction feature. If enabled, Q Business will detect and attempt to remove Hallucinations from certain Chat requests.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.1.json 2.31.35-1/.changes/2.26.1.json --- 2.23.6-1/.changes/2.26.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``marketplace-entitlement``", + "description": "Add support for Marketplace Entitlement Service dual-stack endpoints for CN and GOV regions", + "type": "api-change" + }, + { + "category": "``detective``", + "description": "Add support for Detective DualStack endpoints", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Changed the minimum length of clusterIdentifier, computeNodeGroupIdentifier, and queueIdentifier to 3.", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Adds deletion protection support to policy stores. Deletion protection is disabled by default, can be enabled via the CreatePolicyStore or UpdatePolicyStore APIs, and is visible in GetPolicyStore.", + "type": "api-change" + }, + { + "category": "``connect-contact-lens``", + "description": "Making sentiment optional for ListRealtimeContactAnalysisSegments Response depending on conversational analytics configuration", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Doc only update for API descriptions.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Raise hard limit of authorized principals per SubscriptionTarget from 10 to 20.", + "type": "api-change" + }, + { + "category": "``meteringmarketplace``", + "description": "Add support for Marketplace Metering Service dual-stack endpoints for CN regions", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.2.json 2.31.35-1/.changes/2.26.2.json --- 2.23.6-1/.changes/2.26.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``taxsettings``", + "description": "Indonesia SOR Tax Registration Launch", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "This is to add new metrics to our GetIdMappingJob API and also update uniqueId naming for batchDeleteUniqueIds API to be more accurate", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.3.json 2.31.35-1/.changes/2.26.3.json --- 2.23.6-1/.changes/2.26.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``servicecatalog``", + "description": "Updated default value for the access-level-filter in SearchProvisionedProducts API to Account. For access to userLevel or roleLevel, the user must provide access-level-filter parameter.", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "S3 Tables now supports setting encryption configurations on table buckets and tables. Encryption configurations can use server side encryption using AES256 or KMS customer-managed keys.", + "type": "api-change" + }, + { + "category": "``dsql``", + "description": "Added GetClusterEndpointService API. The new API allows retrieving endpoint service name specific to a cluster.", + "type": "api-change" + }, + { + "category": "Formatter", + "description": "Update JSON formatter to encode raw bytes as UTF-8.", + "type": "bugfix" + }, + { + "category": "``events``", + "description": "Adding support for KmsKeyIdentifer in CreateConnection, UpdateConnection and DescribeConnection APIs", + "type": "api-change" + }, + { + "category": "``resource-groups``", + "description": "Resource Groups: TagSyncTasks can be created with ResourceQuery", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Added support for new AL2023 ARM64 NVIDIA AMIs to the supported AMITypes.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "This feature provides capabilities to help track and meet service level agreements (SLAs) on cases programmatically. It allows configuring a new related item of type `Sla` on a case using CreateRelatedItem API and provides the ability to search for this new related item using SearchRelatedItems API.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.4.json 2.31.35-1/.changes/2.26.4.json --- 2.23.6-1/.changes/2.26.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``bedrock``", + "description": "With this release, Bedrock Evaluation will now support custom metrics for evaluation.", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Add versioning for HealthOmics workflows", + "type": "api-change" + }, + { + "category": "``iotfleetwise``", + "description": "We've added stricter parameter validations to AWS IoT FleetWise signal catalog, model manifest, and decoder manifest APIs.", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add Workspace Configuration APIs for Amazon Prometheus", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release adds following capabilities to Contact Lens Rules APIs 1/ 'ASSIGN_SLA' action and '$.Case.TemplateId' comparison value for 'OnCaseCreate' and 'OnCaseUpdate' event sources 2/ 'OnSlaBreach' Cases event source which supports '$.RelatedItem.SlaConfiguration.Name' comparison value", + "type": "api-change" + }, + { + "category": "``memorydb``", + "description": "Added support for IPv6 and dual stack for Valkey and Redis clusters. Customers can now launch new Valkey and Redis clusters with IPv6 and dual stack networking support.", + "type": "api-change" + }, + { + "category": "``accessanalyzer``", + "description": "Added new resource types to evaluate for public access in resource policies and added support for S3 directory bucket access points.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Adds a new AccountSetting - defaultLogDriverMode for ECS.", + "type": "api-change" + }, + { + "category": "``autoscaling``", + "description": "Doc only update for EC2 Auto Scaling.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.5.json 2.31.35-1/.changes/2.26.5.json --- 2.23.6-1/.changes/2.26.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``qconnect``", + "description": "This release adds support for the following capabilities: Chunking generative answer replies from Amazon Q in Connect. Integration support for the use of additional LLM models with Amazon Q in Connect.", + "type": "api-change" + }, + { + "category": "``service-quotas``", + "description": "Add new optional SupportCaseAllowed query parameter to the RequestServiceQuotaIncrease API", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release adds a new Neuron driver option in InferenceAmiVersion parameter for ProductionVariant. Additionally, it adds support for fetching model lifecycle status in the ListModelPackages API. Users can now use this API to view the lifecycle stage of models that have been shared with them.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.6.json 2.31.35-1/.changes/2.26.6.json --- 2.23.6-1/.changes/2.26.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``firehose``", + "description": "Documentation update regarding the number of streams you can create using the CreateDeliveryStream API.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "The CheckDocumentAccess API for Amazon Q Business is a self-service debugging API that allows administrators to verify document access permissions and review Access Control List (ACL) configurations.", + "type": "api-change" + }, + { + "category": "``arc-zonal-shift``", + "description": "Updates to documentation and exception types for Zonal Autoshift", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Added support for Recurring Prefetch and Traffic Shaping on both Single and Recurring Prefetch. ListPrefetchSchedules now return single prefetchs by default and can be provided scheduleType of SINGLE, RECURRING, AND ALL.", + "type": "api-change" + }, + { + "category": "``budgets``", + "description": "Releasing the new Budget FilterExpression and Metrics fields to support more granular filtering options. These new fields are intended to replace CostFilters and CostTypes, which are deprecated as of 2025/18/04.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.26.7.json 2.31.35-1/.changes/2.26.7.json --- 2.23.6-1/.changes/2.26.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.26.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``mq``", + "description": "You can now delete Amazon MQ broker configurations using the DeleteConfiguration API. For more information, see Configurations in the Amazon MQ API Reference.", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Fix endpoint resolution test cases", + "type": "api-change" + }, + { + "category": "``redshift-serverless``", + "description": "Provides new and updated API members to support the Redshift Serverless reservations feature.", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "This release adds refresh token rotation.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Added support for ClientRouteEnforcementOptions flag in CreateClientVpnEndpoint and ModifyClientVpnEndpoint requests and DescribeClientVpnEndpoints responses", + "type": "api-change" + }, + { + "category": "``account``", + "description": "AWS Account Management now supports account name update via IAM principals.", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "To expand support for matching records using digital identifiers with TransUnion", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.0.json 2.31.35-1/.changes/2.27.0.json --- 2.23.6-1/.changes/2.27.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``imagebuilder``", + "description": "Add all ``imagebuilder`` modeled paginators that are currently supported by AWS CLI v2.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Add support to roll back an In_Progress ECS Service Deployment", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Add support for custom instance type for reserved capacity fleets", + "type": "api-change" + }, + { + "category": "``resource-explorer-2``", + "description": "Documentation-only update for CreateView option correction", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add assume-role-arn option to update-kubeconfig command for cross-account access", + "type": "feature" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.1.json 2.31.35-1/.changes/2.27.1.json --- 2.23.6-1/.changes/2.27.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``ecs``", + "description": "Documentation only release for Amazon ECS", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Add support for ARN-sourced account endpoint generation for TransactWriteItems. This will generate account endpoints for DynamoDB TransactWriteItems requests using ARN-sourced account ID when available.", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Add data source support to Event APIs", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Documentation-only update: added valid values for the version property of the Scheduler and SchedulerRequest data types.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "This Amazon RDS release adds support for managed master user passwords for Oracle CDBs.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Remove redundant validation check.", + "type": "api-change" + }, + { + "category": "``apprunner``", + "description": "AWS App Runner adds Node.js 22 runtime.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Added support for modality routing and modality enablement on CreateDataAutomationProject and UpdateDataAutomationProject APIs", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.10.json 2.31.35-1/.changes/2.27.10.json --- 2.23.6-1/.changes/2.27.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``ec2``", + "description": "This release adds API support for Path Component Exclusion (Filter Out ARN) for Reachability Analyzer", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "SageMaker AI Studio users can now migrate to SageMaker Unified Studio, which offers a unified web-based development experience that integrates AWS data, analytics, artificial intelligence (AI), and machine learning (ML) services, as well as additional tools and resource", + "type": "api-change" + }, + { + "category": "``imagebuilder``", + "description": "Updated the CreateImageRecipeRequest ParentImage description to include all valid values as updated with the SSM Parameters project.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Enables Updating Anywhere Settings on a MediaLive Anywhere Channel.", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Add support to test a canary update by invoking a dry run of a canary. This behavior can be used via the new StartCanaryDryRun API along with new fields in UpdateCanary to apply dry run changes. Also includes changes in GetCanary and GetCanaryRuns to support retrieving dry run configurations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.11.json 2.31.35-1/.changes/2.27.11.json --- 2.23.6-1/.changes/2.27.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``codepipeline``", + "description": "Add support for Secrets Manager and Plaintext environment variable types in Commands action", + "type": "api-change" + }, + { + "category": "``sso-admin``", + "description": "Update PutPermissionBoundaryToPermissionSet API's managedPolicyArn pattern to allow valid ARN only. Update ApplicationName to allow white spaces.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Launching the feature to support ENA queues offering flexibility to support multiple queues per Enhanced Network Interface (ENI)", + "type": "api-change" + }, + { + "category": "Python", + "description": "Update bundled Python interpreter to 3.13.3", + "type": "enhancement" + }, + { + "category": "``cloudfront``", + "description": "Doc-only update for CloudFront. These changes include customer-reported issues.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Updated description of a data structure.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "This new release supports customizable RefreshInterval for all Saas ZETL integrations from 15 minutes to 6 days.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.12.json 2.31.35-1/.changes/2.27.12.json --- 2.23.6-1/.changes/2.27.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``athena``", + "description": "Minor API documentation updates", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "We are pleased to announce limit increases to our grok processor logs transformation feature. Now you can define 20 Grok patterns in their configurations, with an expanded total pattern matching limit of 512 characters.", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Add support to retry a canary automatically after schedule run failures. Users can enable this feature by configuring the RetryConfig field when calling the CreateCanary or UpdateCanary API. Also includes changes in GetCanary and GetCanaryRuns to support retrieving retry configurations.", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Remove parameter EnableWorkDocs from WorkSpacesServiceModel due to end of support of Amazon WorkDocs service.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.13.json 2.31.35-1/.changes/2.27.13.json --- 2.23.6-1/.changes/2.27.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``supplychain``", + "description": "Launch new AWS Supply Chain public APIs for DataIntegrationEvent, DataIntegrationFlowExecution and DatasetNamespace. Also add more capabilities to existing public APIs to support direct dataset event publish, data deduplication in DataIntegrationFlow, partition specification of custom datasets.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged.", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Updating the endpoint list for the Identity and access management (IAM) service", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "AWS Deadline Cloud service-managed fleets now support configuration scripts. Configuration scripts make it easy to install additional software, like plugins and packages, onto a worker.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "EC2 - Adding support for AvailabilityZoneId", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Add support to the AV1 rate control mode", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Updates to support S3 Express zonal endpoints for directory buckets in AWS CLI", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Documenting that EnabledLoggingStrategies is always present in responses of PlaybackConfiguration read operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.14.json 2.31.35-1/.changes/2.27.14.json --- 2.23.6-1/.changes/2.27.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``bedrock-agent-runtime``", + "description": "Changes for enhanced metadata in trace", + "type": "api-change" + }, + { + "category": "``dsql``", + "description": "CreateMultiRegionClusters and DeleteMultiRegionClusters APIs marked as deprecated. Introduced new multi-Region clusters creation experience through multiRegionProperties parameter in CreateCluster API.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Enable cross-Region inference for Amazon Bedrock Guardrails by using the crossRegionConfig parameter when calling the CreateGuardrail or UpdateGuardrail operation.", + "type": "api-change" + }, + { + "category": "``controltower``", + "description": "AWS Control Tower now reports the inheritance drift status for EnabledBaselines through the GetEnabledBaseline and ListEnabledBaselines APIs. You can now filter EnabledBaselines by their enablement and drift status using the ListEnabledBaselines API to view accounts and OUs that require attention.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This release extends functionality for Amazon EBS volumes attached to Amazon ECS tasks by adding support for the new EBS volumeInitializationRate parameter in ECS RunTask/StartTask/CreateService/UpdateService APIs.", + "type": "api-change" + }, + { + "category": "``license-manager``", + "description": "Add Tagging feature to resources in the Managed Entitlements service. License and Grant resources can now be tagged.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.15.json 2.31.35-1/.changes/2.27.15.json --- 2.23.6-1/.changes/2.27.15.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.15.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``logs``", + "description": "This release adds a new API \"ListLogGroups\" and an improvement in API \"DescribeLogGroups\"", + "type": "api-change" + }, + { + "category": "``firehose``", + "description": "This release adds catalogARN support for s3 tables multi-catalog catalogARNs.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This update enables cropping for video overlays and adds a new STL to Teletext upconversion toggle to preserve styling.", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "Add exceptions to WebAuthn operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.16.json 2.31.35-1/.changes/2.27.16.json --- 2.23.6-1/.changes/2.27.16.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.16.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``workspaces``", + "description": "Added the new AlwaysOn running mode for WorkSpaces Pools. Customers can now choose between AlwaysOn (for instant access, with hourly usage billing regardless of connection status), or AutoStop (to optimize cost, with a brief startup delay) for their pools.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "AWS CodeBuild now supports Docker Server capability", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "This release adds support for Slurm accounting. For more information, see the Slurm accounting topic in the AWS PCS User Guide. Slurm accounting is supported for Slurm 24.11 and later. This release also adds 24.11 as a valid value for the version parameter of the Scheduler data type.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Amazon Bedrock Flows introduces DoWhile loops nodes, parallel node executions, and enhancements to knowledge base nodes.", + "type": "api-change" + }, + { + "category": "``controltower``", + "description": "Updated the descriptions for the AWS Control Tower Baseline APIs to make them more intuitive.", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Introduces Data Resync feature to describe-table-statistics and IAM database authentication for MariaDB, MySQL, and PostgreSQL.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.17.json 2.31.35-1/.changes/2.27.17.json --- 2.23.6-1/.changes/2.27.17.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.17.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``glue``", + "description": "Changes include (1) Excel as S3 Source type and XML and Tableau's Hyper as S3 Sink types, (2) targeted number of partitions parameter in S3 sinks and (3) new compression types in CSV/JSON and Parquet S3 sinks.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is an Amazon ECs documentation only release to support the change of the container exit \"reason\" field from 255 characters to 1024 characters.", + "type": "api-change" + }, + { + "category": "``service-quotas``", + "description": "This release introduces CreateSupportCase operation to SDK.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Add support for VIDEO modality to BlueprintType enum.", + "type": "api-change" + }, + { + "category": "``codepipeline``", + "description": "CodePipeline now supports new API ListDeployActionExecutionTargets that lists the deployment target details for deploy action executions.", + "type": "api-change" + }, + { + "category": "``neptune``", + "description": "This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation-runtime``", + "description": "Add AssetProcessingConfiguration for video segment to InputConfiguration", + "type": "api-change" + }, + { + "category": "``emr``", + "description": "Added APIs for managing Application UIs: Access Persistent (serverless) UIs via CreatePersistentAppUI DescribePersistentAppUI & GetPersistentAppUIPresignedURL, and Cluster-based UIs through GetOnClusterAppUIPresignedURL. Supports Yarn, Spark History, and TEZ interfaces.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.18.json 2.31.35-1/.changes/2.27.18.json --- 2.23.6-1/.changes/2.27.18.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.18.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``dsql``", + "description": "CreateMultiRegionCluster and DeleteMultiRegionCluster APIs removed", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release includes new APIs for System Integrity Protection (SIP) configuration and automated root volume ownership delegation for EC2 Mac instances.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds support for DVB-DASH, EBU-TT-D subtitle format, and non-compacted manifests for DASH in MediaPackage v2 Origin Endpoints.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.19.json 2.31.35-1/.changes/2.27.19.json --- 2.23.6-1/.changes/2.27.19.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.19.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``inspector2``", + "description": "This release adds GetClustersForImage API and filter updates as part of the mapping of container images to running containers feature.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "This release introduces the new DescribeDBMajorEngineVersions API for describing the properties of specific major versions of database engines.", + "type": "api-change" + }, + { + "category": "``privatenetworks``", + "description": "The privatenetworks client has been removed following the deprecation of the service.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Enhanced AWS Glue ListConnectionTypes API Model with additional metadata fields.", + "type": "api-change" + }, + { + "category": "``oam``", + "description": "Add IncludeTags field to GetLink, GetSink and UpdateLink API", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "Remove Discovery APIs from the DataSync service", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release expands the ModifyInstanceMaintenanceOptions API to enable or disable instance migration during customer-initiated reboots for EC2 Scheduled Reboot Events.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.2.json 2.31.35-1/.changes/2.27.2.json --- 2.23.6-1/.changes/2.27.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``ecs``", + "description": "Documentation only release for Amazon ECS.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "You can now reference images and documents stored in Amazon S3 when using InvokeModel and Converse APIs with Amazon Nova Lite and Nova Pro. This enables direct integration of S3-stored multimedia assets in your model requests without manual downloading or base64 encoding.", + "type": "api-change" + }, + { + "category": "``marketplace-deployment``", + "description": "Doc only update for the AWS Marketplace Deployment Service that fixes several customer-reported issues.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.20.json 2.31.35-1/.changes/2.27.20.json --- 2.23.6-1/.changes/2.27.20.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.20.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``ec2``", + "description": "Release of Dualstack and Ipv6-only EC2 Public DNS hostnames", + "type": "api-change" + }, + { + "category": "``application-autoscaling``", + "description": "Doc only update that addresses a customer reported issue.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Amazon Bedrock introduces asynchronous flows (in preview), which let you run flows for longer durations and yield control so that your application can perform other tasks and you don't have to actively monitor the flow's progress.", + "type": "api-change" + }, + { + "category": "``cloudwatch``", + "description": "Adds support for setting up Contributor Insight rules on logs transformed via Logs Transformation feature.", + "type": "api-change" + }, + { + "category": "``partnercentral-selling``", + "description": "Modified validation to allow expectedCustomerSpend array with zero elements in Partner Opportunity operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.21.json 2.31.35-1/.changes/2.27.21.json --- 2.23.6-1/.changes/2.27.21.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.21.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``dsql``", + "description": "Features: support for customer managed encryption keys", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "This release supports additional ConversionSpec parameter as part of IntegrationPartition Structure in CreateIntegrationTableProperty API. This parameter is referred to apply appropriate column transformation for columns that are used for timestamp based partitioning", + "type": "api-change" + }, + { + "category": "s3transfer", + "description": "Validate ETag of stored object during multipart downloads", + "type": "bugfix" + }, + { + "category": "``auditmanager``", + "description": "With this release, the AssessmentControl description field has been deprecated, as of May 19, 2025. Additionally, the UpdateAssessment API can now return a ServiceQuotaExceededException when applicable service quotas are exceeded.", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add QueryLoggingConfiguration APIs for Amazon Managed Prometheus", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.22.json 2.31.35-1/.changes/2.27.22.json --- 2.23.6-1/.changes/2.27.22.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.22.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``security-ir``", + "description": "Update PrincipalId pattern documentation to reflect what user should receive back from the API call", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds support for the C7i-flex, M7i-flex, I7i, I7ie, I8g, P6-b200, Trn2, C8gd, M8gd and R8gd instances", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.23.json 2.31.35-1/.changes/2.27.23.json --- 2.23.6-1/.changes/2.27.23.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.23.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``ec2``", + "description": "This release adds three features - option to store AWS Site-to-Site VPN pre-shared keys in AWS Secrets Manager, GetActiveVpnTunnelStatus API to check the in-use VPN algorithms, and SampleType option in GetVpnConnectionDeviceSampleConfiguration API to get recommended sample configs for VPN devices.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "AWS Deadline Cloud service-managed fleets now support storage profiles. With storage profiles, you can map file paths between a workstation and the worker hosts running the job.", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "This release introduces Cost Comparison feature (GetCostAndUsageComparisons, GetCostComparisonDrivers) allowing you find cost variations across multiple dimensions and identify key drivers of spending changes.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.24.json 2.31.35-1/.changes/2.27.24.json --- 2.23.6-1/.changes/2.27.24.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.24.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``events``", + "description": "Allow for more than 2 characters for location codes in EventBridge ARNs", + "type": "api-change" + }, + { + "category": "``cost-optimization-hub``", + "description": "This release allows customers to modify their preferred commitment term and payment options.", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Add support to change ephemeral storage. Add a new field \"TestResult\" under CanaryRunStatus.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Enable the option to automatically delete underlying Amazon EBS snapshots when deregistering Amazon Machine Images (AMIs)", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "You can now use VPC endpoint associations to create multiple firewall endpoints for a single firewall.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.25.json 2.31.35-1/.changes/2.27.25.json --- 2.23.6-1/.changes/2.27.25.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.25.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,62 @@ +[ + { + "category": "``fsx``", + "description": "FSx API changes to support the public launch of new Intelligent Tiering storage class on Amazon FSx for Lustre", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "AgentArns field is made optional for Object Storage and Azure Blob location create requests. Location credentials are now managed via Secrets Manager, and may be encrypted with service managed or customer managed keys. Authentication is now optional for Azure Blob locations.", + "type": "api-change" + }, + { + "category": "``ivs-realtime``", + "description": "IVS Real-Time now offers customers the participant replication that allow customers to copy a participant from one stage to another.", + "type": "api-change" + }, + { + "category": "``dataexchange``", + "description": "This release adds Tag support for Event Action resource, through which customers can create event actions with Tags and retrieve event actions with Tags.", + "type": "api-change" + }, + { + "category": "``bcm-pricing-calculator``", + "description": "Add AFTER_DISCOUNTS_AND_COMMITMENTS to Workload Estimate Rate Type. Set ListWorkLoadEstimateUsage maxResults range to minimum of 0 and maximum of 300.", + "type": "api-change" + }, + { + "category": "``autoscaling``", + "description": "Add support for \"apple\" CpuManufacturer in ABIS", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Add maintenance status field to DescribeMlflowTrackingServer API response", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Amazon Connect Service Feature: Email Recipient Limit Increase", + "type": "api-change" + }, + { + "category": "``mwaa``", + "description": "Amazon MWAA now lets you choose a worker replacement strategy when updating an environment. This release adds two worker replacement strategies: FORCED (default), which stops workers immediately, and GRACEFUL, which allows workers to finish current tasks before shutting down.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Adding checksum support for S3 PutBucketOwnershipControls API.", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Add support for customizable build instance sizes. CreateApp and UpdateApp operations now accept a new JobConfig parameter composed of BuildComputeType.", + "type": "api-change" + }, + { + "category": "``cloudtrail``", + "description": "CloudTrail Feature Release: Support for Enriched Events with Configurable Context for Event Data Store", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.26.json 2.31.35-1/.changes/2.27.26.json --- 2.23.6-1/.changes/2.27.26.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.26.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``emr-serverless``", + "description": "This release adds the capability for users to specify an optional Execution IAM policy in the StartJobRun action. The resulting permissions assumed by the job run is the intersection of the permissions in the Execution Role and the specified Execution IAM Policy.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Release new parameter CapacityReservationConfig in ProductionVariant", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.27.json 2.31.35-1/.changes/2.27.27.json --- 2.23.6-1/.changes/2.27.27.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.27.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``pcs``", + "description": "Introduces SUSPENDING and SUSPENDED states for clusters, compute node groups, and queues.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "This release adds the Agent Lifecycle Paused State feature to Amazon Bedrock agents. By using an agent's alias, you can temporarily suspend agent operations during maintenance, updates, or other situations.", + "type": "api-change" + }, + { + "category": "``compute-optimizer``", + "description": "This release enables AWS Compute Optimizer to analyze Amazon Aurora database clusters and generate Aurora I/O-Optimized recommendations.", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Support for Java runtime handler pattern.", + "type": "api-change" + }, + { + "category": "``athena``", + "description": "Add support for the managed query result in the workgroup APIs. The managed query result configuration enables users to store query results to Athena owned storage.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add support for filtering ListInsights API calls on MISCONFIGURATION insight category", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Updates Amazon ECS documentation to include note for upcoming default log driver mode change.", + "type": "api-change" + }, + { + "category": "``cost-optimization-hub``", + "description": "Support recommendations for Aurora instance and Aurora cluster storage.", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "Add support for generating match IDs in near real-time.", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "You can now subscribe to Amazon SNS notifications and Amazon EventBridge events for backup indexing. You can now receive notifications when a backup index is created, deleted, or fails to create, enhancing your ability to monitor and track your backup operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.28.json 2.31.35-1/.changes/2.27.28.json --- 2.23.6-1/.changes/2.27.28.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.28.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``apigatewayv2``", + "description": "Adds support to create routing rules and set the routing mode for a custom domain name.", + "type": "api-change" + }, + { + "category": "``apigateway``", + "description": "Adds support to set the routing mode for a custom domain name.", + "type": "api-change" + }, + { + "category": "``emr-serverless``", + "description": "AWS EMR Serverless: Adds a new option in the CancelJobRun API in EMR 7.9.0+, to cancel a job with grace period. This feature is enabled by default with a 120-second grace period for streaming jobs and is not enabled by default for batch jobs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.29.json 2.31.35-1/.changes/2.27.29.json --- 2.23.6-1/.changes/2.27.29.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.29.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``mediaconnect``", + "description": "This release updates the DescribeFlow API to show peer IP addresses. You can now identify the peer IP addresses of devices connected to your sources and outputs. This helps you to verify and troubleshoot your flow's active connections.", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Update documentation for cacheConfig in CreateApp API", + "type": "api-change" + }, + { + "category": "dependency", + "description": "Remove cryptography as a dependency", + "type": "enhancement" + }, + { + "category": "``sagemaker``", + "description": "Added support for p6-b200 instance type in SageMaker Training Jobs and Training Plans.", + "type": "api-change" + }, + { + "category": "``evs``", + "description": "Amazon Elastic VMware Service (Amazon EVS) allows you to run VMware Cloud Foundation (VCF) directly within your Amazon VPC including simplified self-managed migration experience with guided workflow in AWS console or via AWS CLI, get full access to their VCF deployment and VCF license portability.", + "type": "api-change" + }, + { + "category": "``invoicing``", + "description": "Added new Invoicing ListInvoiceSummaries API Operation", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "You can now monitor flow and alert log metrics from the Network Firewall console.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release includes support for embedding and signing C2PA content credentials in MP4 outputs.", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "AWS Healthscribe now supports new templates for the clinical note summary: BIRP, SIRP, DAP, BEHAVIORAL_SOAP, and PHYSICAL_SOAP", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.3.json 2.31.35-1/.changes/2.27.3.json --- 2.23.6-1/.changes/2.27.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``imagebuilder``", + "description": "Add integration with SSM Parameter Store to Image Builder.", + "type": "api-change" + }, + { + "category": "``acm``", + "description": "Add support for file-based HTTP domain control validation, available through Amazon CloudFront.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Add distribution tenant, connection group, and multi-tenant distribution APIs to the CloudFront SDK.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "This release adds native h2 support for the bedrock runtime API, the support is only limited to SDKs that support h2 requests natively.", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Doc only update for GSI descriptions.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.30.json 2.31.35-1/.changes/2.27.30.json --- 2.23.6-1/.changes/2.27.30.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.30.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``wafv2``", + "description": "AWS WAF adds support for ASN-based traffic filtering and support for ASN-based rate limiting.", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "AWS KMS announces the support for on-demand rotation of symmetric-encryption KMS keys with imported key material (EXTERNAL origin).", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "Add new warning type 'EXCLUDED_PROPERTIES'", + "type": "api-change" + }, + { + "category": "``bcm-pricing-calculator``", + "description": "Updating the minimum for List APIs to be 1 (instead of 0)", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.31.json 2.31.35-1/.changes/2.27.31.json --- 2.23.6-1/.changes/2.27.31.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.31.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``kms``", + "description": "Remove unpopulated KeyMaterialId from Encrypt Response", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Include Global Cluster Identifier in DBCluster if the DBCluster is a Global Cluster Member.", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "S3 Tables now supports getting details about a table via its table ARN.", + "type": "api-change" + }, + { + "category": "``rekognition``", + "description": "Adds support for defining an ordered preference list of different Rekognition Face Liveness challenge types when calling CreateFaceLivenessSession.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "This release introduces the `PromptCreationConfigurations` input parameter, which includes fields to control prompt population for `InvokeAgent` or `InvokeInlineAgent` requests.", + "type": "api-change" + }, + { + "category": "``route53``", + "description": "Amazon Route 53 now supports the Asia Pacific (Taipei) Region (ap-east-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.32.json 2.31.35-1/.changes/2.27.32.json --- 2.23.6-1/.changes/2.27.32.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.32.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``cloudformation``", + "description": "High-level Cloudformation commands such as ``deploy`` and ``package`` will now fallback to SHA256 for checksumming if MD5 isn't present on the host", + "type": "enhancement" + }, + { + "category": "``ec2``", + "description": "Release to support Elastic VMware Service (Amazon EVS) Subnet and Amazon EVS Network Interface Types.", + "type": "api-change" + }, + { + "category": "``customer-profiles``", + "description": "This release introduces capability of Profile Explorer, using correct ingestion timestamp & using historical data for computing calculated attributes, and new standard objects for T&H as part of Amazon Connect Customer Profiles service.", + "type": "api-change" + }, + { + "category": "``efs``", + "description": "Added support for Internet Protocol Version 6 (IPv6) on EFS Service APIs and mount targets.", + "type": "api-change" + }, + { + "category": "``workspaces-thin-client``", + "description": "Add ConflictException to UpdateEnvironment API", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "Support dual-stack endpoints for ce api", + "type": "api-change" + }, + { + "category": "``marketplace-catalog``", + "description": "The ListEntities API now supports the EntityID, LastModifiedDate, ProductTitle, and Visibility filters for machine learning products. You can also sort using all of those filters.", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Deprecate `atRestEncryptionEnabled` and `transitEncryptionEnabled` attributes in `CreateApiCache` action. Encryption is always enabled for new caches.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.33.json 2.31.35-1/.changes/2.27.33.json --- 2.23.6-1/.changes/2.27.33.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.33.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``gameliftstreams``", + "description": "Documentation updates for Amazon GameLift Streams to address formatting errors, correct resource ID examples, and update links to other guides", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.34.json 2.31.35-1/.changes/2.27.34.json --- 2.23.6-1/.changes/2.27.34.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.34.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``controlcatalog``", + "description": "Introduced ListControlMappings API that retrieves control mappings. Added control aliases and governed resources fields in GetControl and ListControls APIs. New filtering capability in ListControls API, with implementation identifiers and implementation types.", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.", + "type": "api-change" + }, + { + "category": "``lexv2-models``", + "description": "Add support for the Assisted NLU feature to improve bot performance", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Release for EKS Pod Identity Cross Account feature and disableSessionTags flag.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Updates Amazon RDS documentation for Amazon RDS for Db2 cross-Region replicas in standby mode.", + "type": "api-change" + }, + { + "category": "``networkmanager``", + "description": "Add support for public DNS hostname resolution to private IP addresses across Cloud WAN-managed VPCs. Add support for security group referencing across Cloud WAN-managed VPCs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.35.json 2.31.35-1/.changes/2.27.35.json --- 2.23.6-1/.changes/2.27.35.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.35.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``connectcampaignsv2``", + "description": "Added PutInstanceCommunicationLimits and GetInstanceCommunicationLimits APIs", + "type": "api-change" + }, + { + "category": "``apigatewayv2``", + "description": "Documentation updates for Amazon API Gateway", + "type": "api-change" + }, + { + "category": "``apigateway``", + "description": "Documentation updates for Amazon API Gateway", + "type": "api-change" + }, + { + "category": "``emr-serverless``", + "description": "This release adds support for retrieval of the optional executionIamPolicy field in the GetJobRun API response.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This Amazon ECS release supports updating the capacityProviderStrategy parameter in update-service.", + "type": "api-change" + }, + { + "category": "``iotfleetwise``", + "description": "Add new status READY_FOR_CHECKIN used for vehicle synchronisation", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Fixed regex patterns for ARN fields.", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "AWS KMS announces the support of ML-DSA key pairs that creates post-quantum safe digital signatures.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.36.json 2.31.35-1/.changes/2.27.36.json --- 2.23.6-1/.changes/2.27.36.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.36.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``bedrock``", + "description": "This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a Amazon SageMaker trained Amazon Nova model into Amazon Bedrock for inference.", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "You can now create firewalls using a Transit Gateway instead of a VPC, resulting in a TGW attachment.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release 1) adds a new S3DataType Converse for SageMaker training 2)adds C8g R7gd M8g C6in P6 P6e instance type for SageMaker endpoint 3) adds m7i, r7i, c7i instance type for SageMaker Training and Processing.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "The `DescribeImageScanning` API now includes `lastInUseAt` and `InUseCount` fields that can be used to prioritize vulnerability remediation for images that are actively being used.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.37.json 2.31.35-1/.changes/2.27.37.json --- 2.23.6-1/.changes/2.27.37.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.37.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,72 @@ +[ + { + "category": "``network-firewall``", + "description": "Release of Active Threat Defense in Network Firewall", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "Adds operations, structures, and exceptions required for public preview release of Security Hub V2.", + "type": "api-change" + }, + { + "category": "``organizations``", + "description": "Add support for policy operations on the SECURITYHUB_POLICY policy type.", + "type": "api-change" + }, + { + "category": "``mpa``", + "description": "This release enables customers to create Multi-party approval teams and approval requests to protect supported operations.", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "AWS WAF can now suggest protection packs for you based on the application information you provide when you create a webACL.", + "type": "api-change" + }, + { + "category": "``inspector2``", + "description": "Add Code Repository Scanning as part of AWS InspectorV2", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "AWS Backup is adding support for integration of its logically air-gapped vaults with the AWS Organizations Multi-party approval capability.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference.", + "type": "api-change" + }, + { + "category": "``acm``", + "description": "Adds support for Exportable Public Certificates", + "type": "api-change" + }, + { + "category": "Python", + "description": "Update bundled Python interpreter to 3.13.4", + "type": "enhancement" + }, + { + "category": "``accessanalyzer``", + "description": "We are launching a new analyzer type, internal access analyzer. The new analyzer will generate internal access findings, which help customers understand who within their AWS organization or AWS Account has access to their critical AWS resources.", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Add \"Virtual\" field to Data Provider as well as \"S3Path\" and \"S3AccessRoleArn\" fields to DataProvider settings", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Adding support for extended threat detection for EKS Audit Logs and EKS Runtime Monitoring.", + "type": "api-change" + }, + { + "category": "``sts``", + "description": "The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.38.json 2.31.35-1/.changes/2.27.38.json --- 2.23.6-1/.changes/2.27.38.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.38.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``logs``", + "description": "Added CloudWatch Logs Transformer support for converting CloudTrail, VPC Flow, EKS Audit, AWS WAF and Route53 Resolver logs to OCSF v1.1 format.", + "type": "api-change" + }, + { + "category": "``autoscaling``", + "description": "Add IncludeInstances parameter to DescribeAutoScalingGroups API", + "type": "api-change" + }, + { + "category": "``imagebuilder``", + "description": "Added paginators for ``imagebuilder``.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Added support for renaming objects within the same bucket using the new RenameObject API.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Add support for p6-b200 instance type for SageMaker Hyperpod", + "type": "api-change" + }, + { + "category": "``aiops``", + "description": "This is the initial SDK release for Amazon AI Operations (AIOps). AIOps is a generative AI-powered assistant that helps you respond to incidents in your system by scanning your system's telemetry and quickly surface suggestions that might be related to your issue.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.39.json 2.31.35-1/.changes/2.27.39.json --- 2.23.6-1/.changes/2.27.39.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.39.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``payment-cryptography-data``", + "description": "Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference.", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Support Schema Registry feature for Kafka Event Source Mapping. Customers can now configure a Schema Registry to enable schema validation and filtering for Avro, Protobuf, and JSON-formatted events in Lambda for Kafka Event Source.", + "type": "api-change" + }, + { + "category": "``emr-serverless``", + "description": "This release adds the capability to enable IAM IdentityCenter Trusted Identity Propagation for users running Interactive Sessions on EMR Serverless Applications.", + "type": "api-change" + }, + { + "category": "``payment-cryptography``", + "description": "Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release introduces alternative support for utilizing CFN templates from S3 for SageMaker Projects.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.4.json 2.31.35-1/.changes/2.27.4.json --- 2.23.6-1/.changes/2.27.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``qbusiness``", + "description": "Add support for anonymous user access for Q Business applications", + "type": "api-change" + }, + { + "category": "awscrt", + "description": "Update awscrt version requirement to 0.26.1", + "type": "enhancement" + }, + { + "category": "``ssm``", + "description": "This release adds support for just-In-time node access in AWS Systems Manager. Just-in-time node access enables customers to move towards zero standing privileges by requiring operators to request access and obtain approval before remotely connecting to nodes managed by the SSM Agent.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "Introduces CustomEntity as part of the UserUnion data type. This field is used to indicate the entity who is performing the API action.", + "type": "api-change" + }, + { + "category": "``kinesis``", + "description": "Amazon KDS now supports tagging and attribute-based access control (ABAC) for enhanced fan-out consumers.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Introduced support for P5en instance types on SageMaker Studio for JupyterLab and CodeEditor applications.", + "type": "api-change" + }, + { + "category": "``sagemaker-metrics``", + "description": "SageMaker Metrics Service now supports FIPS endpoint in all US and Canada Commercial regions.", + "type": "api-change" + }, + { + "category": "``pinpoint-sms-voice-v2``", + "description": "AWS End User Messaging has added MONITOR and FILTER functionality to SMS Protect.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Replace cryptographic functions from ``cryptography`` with ``awscrt`` for the ``sign`` command. Fixes `#9258 `__.", + "type": "enhancement" + }, + { + "category": "``ssm-guiconnect``", + "description": "This release adds API support for the connection recording GUI Connect feature of AWS Systems Manager", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.40.json 2.31.35-1/.changes/2.27.40.json --- 2.23.6-1/.changes/2.27.40.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.40.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``geo-places``", + "description": "Geocode, ReverseGeocode, and GetPlace APIs added Intersections and SecondaryAddresses. To use, add to the AdditionalFeatures list in your request. This provides info about nearby intersections and secondary addresses that are associated with a main address. Also added MainAddress and ParsedQuery.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Add ECS support for Windows Server 2025", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Add support for tiers in Content Filters and Denied Topics for Amazon Bedrock Guardrails.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds a new SPECIFIED_OPTIMAL option for handling DDS when using DVB-Sub with high resolution video.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue Data Quality now provides aggregated metrics in evaluation results when publishAggregatedMetrics with row-level results are enabled. These metrics include summary statistics showing total counts of processed, passed, and failed rows and rules in a single view.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.41.json 2.31.35-1/.changes/2.27.41.json --- 2.23.6-1/.changes/2.27.41.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.41.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``s3tables``", + "description": "S3 Tables now supports sort and z-order compaction strategies for Iceberg tables in addition to binpack.", + "type": "api-change" + }, + { + "category": "``workspaces-instances``", + "description": "Added support for Amazon WorkSpaces Instances API", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue now supports sort and z-order strategy for managed automated compaction for Iceberg tables in addition to binpack.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.42.json 2.31.35-1/.changes/2.27.42.json --- 2.23.6-1/.changes/2.27.42.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.42.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``gamelift``", + "description": "Add support for UDP ping beacons to ListLocations API, including new PingBeacon and UDPEndpoint data types within its Locations return value. Use UDP ping beacon endpoints to help measure real-time network latency for multiplayer games.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "We are making ListFoundationModelAgreementOffers, DeleteFoundationModelAgreement, CreateFoundationModelAgreement, GetFoundationModelAvailability, PutUseCaseForModelAccess and GetUseCaseForModelAccess APIs public, previously they were console.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release allows you to create and register AMIs while maintaining their underlying EBS snapshots within Local Zones.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Add userdataType to LaunchTemplateSpecification and LaunchTemplateSpecificationOverride.", + "type": "api-change" + }, + { + "category": "``aiops``", + "description": "Adds support for cross account investigations for CloudWatch investigations AI Operations (AIOps).", + "type": "api-change" + }, + { + "category": "``elbv2``", + "description": "Add Paginator for DescribeAccountLimits, and fix Paginators for DescribeTrustStoreAssociations, DescribeTrustStoreRevocations, and DescribeTrustStores", + "type": "api-change" + }, + { + "category": "``license-manager``", + "description": "AWS License Manager now supports license type conversions for AWS Marketplace products. Customers can provide Marketplace codes in the source license context or destination license context in the CreateLicenseConversionTaskForResource requests.", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "This Feature Adds Support for the \"et-EE\" Locale for Batch Operations", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Adding support for RDS on Dedicated Local Zones, including local backup target, snapshot availability zone and snapshot target", + "type": "api-change" + }, + { + "category": "``route53resolver``", + "description": "Add support for iterative DNS queries through the new INBOUND_DELEGATION endpoint. Add delegation support through the Outbound Endpoints with DELEGATE rules.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.43.json 2.31.35-1/.changes/2.27.43.json --- 2.23.6-1/.changes/2.27.43.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.43.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``fsx``", + "description": "Add support for the ability to create Amazon S3 Access Points for Amazon FSx for OpenZFS file systems.", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Add support for the ability to use Amazon S3 Access Points with Amazon FSx for OpenZFS file systems.", + "type": "api-change" + }, + { + "category": "``textract``", + "description": "Add RotationAngle field to Geometry of WORD blocks for Textract AnalyzeDocument API", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Updates for change to Amazon ECS default log driver mode from blocking to non-blocking", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Adds support for additional server-side encryption mode and storage class values for accessing Amazon FSx data from Amazon S3 using S3 Access Points", + "type": "api-change" + }, + { + "category": "``storagegateway``", + "description": "This release adds IPv6 support to the Storage Gateway APIs. APIs that previously only accept or return IPv4 address will now accept or return both IPv4 and IPv6 addresses.", + "type": "api-change" + }, + { + "category": "``workspaces-thin-client``", + "description": "Remove Tags field from Get API responses", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.44.json 2.31.35-1/.changes/2.27.44.json --- 2.23.6-1/.changes/2.27.44.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.44.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``deadline``", + "description": "Added fields to track cumulative task retry attempts for steps and jobs", + "type": "api-change" + }, + { + "category": "``iot-managed-integrations``", + "description": "Adding managed integrations APIs for IoT Device Management to onboard and control devices across different manufacturers, connectivity protocols and third party vendor clouds. APIs include managed thing operations, provisioning profile management, and cloud connector operations.", + "type": "api-change" + }, + { + "category": "``keyspaces``", + "description": "This release provides change data capture (CDC) streams support through updates to the Amazon Keyspaces API.", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Updated modifyStreamingProperties to support PrivateLink VPC endpoints for directories", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "This release updates AWS CLI examples for KMS APIs.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds support for OdbNetworkArn as a target in VPC Route Tables", + "type": "api-change" + }, + { + "category": "``keyspacesstreams``", + "description": "This release adds change data capture (CDC) streams support through the new Amazon Keyspaces Streams API.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Added support for App level authentication for QBusiness DataAccessor using AWS IAM Identity center Trusted Token issuer", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.45.json 2.31.35-1/.changes/2.27.45.json --- 2.23.6-1/.changes/2.27.45.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.45.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``sesv2``", + "description": "Added support for new SES regions", + "type": "api-change" + }, + { + "category": "``qconnect``", + "description": "Adding UnauthorizedException to public SDK", + "type": "api-change" + }, + { + "category": "``config``", + "description": "Added important considerations to the PutConformancePack and PutOrganizationConformancPack APIs.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "StartDBCluster and StopDBCluster can now throw InvalidDBShardGroupStateFault.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Update JSON target for Kubernetes workload resource type.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release adds the following value to an InitiateAs enum: COMPLETED", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue now supports schema, partition and sort management of Apache Iceberg tables using Glue SDK", + "type": "api-change" + }, + { + "category": "User Agent", + "description": "Append session id to user agent string", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.46.json 2.31.35-1/.changes/2.27.46.json --- 2.23.6-1/.changes/2.27.46.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.46.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,102 @@ +[ + { + "category": "``transfer``", + "description": "Added support for dual-stack (IPv4 and IPv6) endpoints for SFTP public endpoints and VPC-internal endpoints (SFTP, FTPS, FTP, and AS2), enabling customers to configure new servers with IPv4 or dual-stack mode, convert existing servers to dual-stack, and use IPv6 with service APIs.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Add support for API Keys, Re-Ranker, implicit filter for RAG / KB evaluation for Bedrock APIs.", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "Introduces AccessType, a new filter value for the DescribeSessions API.", + "type": "api-change" + }, + { + "category": "``events``", + "description": "Added support for EventBridge Dualstack endpoints in AWS GovCloud (US) regions (us-gov-east-1 and us-gov-west-1). The dualstack endpoints are identical for both FIPS and non-FIPS configurations, following the format: events.{region}.api.aws", + "type": "api-change" + }, + { + "category": "``medical-imaging``", + "description": "Added new fields to support the concept of primary image sets within the storage hierarchy.", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "Increase minimum length of queryId parameter to 1 character.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release introduces ChatMetrics to the model, providing comprehensive analytics insights for Amazon Connect chat conversations. Users can access these detailed metrics through the AWS Connect API by using the DescribeContact operation with their specific instance and contact IDs", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Updated IAM ServiceSpecificCredential support to include expiration, API Key output format instead of username and password for services that will support API keys, and the ability to list credentials for all users in the account for a given service configuration.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "Add API Key and document citations support for Bedrock Runtime APIs", + "type": "api-change" + }, + { + "category": "``arc-zonal-shift``", + "description": "Added support for on-demand practice runs and balanced capacity checks in ARC autoshift practice.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Fixed the validation pattern for an instance profile Amazon Resource Name (ARN) in AWS PCS.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Introduced custom permission capabilities for reporting content. Added menu option in exploration to preserve configuration data when textbox menu option is used. Added support for Athena trusted identity propagation.", + "type": "api-change" + }, + { + "category": "``networkflowmonitor``", + "description": "Add ConflictExceptions to UpdateScope and DeleteScope operations for scopes being mutated.", + "type": "api-change" + }, + { + "category": "``dataexchange``", + "description": "This release updates resource Id with alphanumeric constraint, including Asset id, Revision id, Data Set id, Job id, and Event Action id.", + "type": "api-change" + }, + { + "category": "``b2bi``", + "description": "Updated APIs to support inbound EDI split capabilities and additional Partnership-level configurations of generated EDI files' contents and format.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "releasing source processing properties to support source properties for ODB integrations", + "type": "api-change" + }, + { + "category": "``config``", + "description": "Updated ResourceType enum with new resource types onboarded by AWS Config as of June 2025", + "type": "api-change" + }, + { + "category": "``outposts``", + "description": "Make ContactName and ContactPhoneNumber required fields when creating and updating Outpost Site Addresses.", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "This change adds support for witnesses in global tables. It also adds a new table status, REPLICATION_NOT_AUTHORIZED. This status will indicate scenarios where global replicas table can't be utilized for data plane operations.", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "Added support for UNKNOWN drift status.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.47.json 2.31.35-1/.changes/2.27.47.json --- 2.23.6-1/.changes/2.27.47.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.47.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``odb``", + "description": "This release adds API operations for Oracle Database@AWS. You can use the APIs to create Exadata infrastructure, ODB networks, and Exadata and Autonomous VM clusters inside AWS data centers. The infrastructure is managed by OCI. You can integrate these resources with AWS services.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Updated field validation requirements for InstanceGroups.", + "type": "api-change" + }, + { + "category": "``cleanroomsml``", + "description": "This release introduces support for incremental training and distributed training for custom models in AWS Clean Rooms ML.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Amazon RDS Custom for Oracle now supports multi-AZ database instances.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add Context to GetInstanceTypesFromInstanceRequirements API", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Add support for the new optional domain-unit-id parameter in the UpdateProject API.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "New ChatResponseConfiguration to Customize Q Business chat responses for specific use cases and communication needs. Updated Boosting capability allowing admins to provide preference on date attributes for recency and/or provide a preferred data source.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.48.json 2.31.35-1/.changes/2.27.48.json --- 2.23.6-1/.changes/2.27.48.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.48.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``s3control``", + "description": "Added TagResource, UntagResource, and ListTagsForResource support for directory bucket", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "AWS Site-to-Site VPN now supports IPv6 addresses on outer tunnel IPs, making it easier for customers to build or transition to IPv6-only networks.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "This release adds DeleteCase and DeleteRelatedItem APIs, which enable deleting cases and comments, undoing contact association, and removing service level agreements (SLAs) from cases. Contact center admins can use these APIs to delete cases when requested by customers and correct agent errors.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Added support for directory bucket creation with tags and bucket ARN retrieval in CreateBucket, ListDirectoryBuckets, and HeadBucket operations", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.49.json 2.31.35-1/.changes/2.27.49.json --- 2.23.6-1/.changes/2.27.49.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.49.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``customer-profiles``", + "description": "This release introduces capability of create Segments via importing a CSV file directly. This consumes the CSV file and creates/updates corresponding profiles for the particular domain.", + "type": "api-change" + }, + { + "category": "``route53``", + "description": "Amazon Route 53 now supports the iso-e regions for private DNS Amazon VPCs and cloudwatch healthchecks.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "Added fields for output manifest reporting and task chunking parameters", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Changes include new StartSession API for SageMaker Studio spaces and CreateHubContentPresignedUrls API for SageMaker JumpStart.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds support for Microsoft Smooth Streaming (MSS) and allows users to exclude DRM segment Metadata in MediaPackage v2 Origin Endpoints", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds GroupOwnerId as a response member to the DescribeSecurityGroupVpcAssociations API and also adds waiters for SecurityGroupVpcAssociations (SecurityGroupVpcAssociationAssociated and SecurityGroupVpcAssociationDisassociated).", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.5.json 2.31.35-1/.changes/2.27.5.json --- 2.23.6-1/.changes/2.27.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,57 @@ +[ + { + "category": "``deadline``", + "description": "Adds support for tag management on workers and tag inheritance from fleets to their associated workers.", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Features: Add inline code node to prompt flow", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Support for Custom Orchestration within InlineAgents", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "This release adds support for ProtectedQuery results to be delivered to more than one collaboration member via the new distribute output configuration in StartProtectedQuery.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Adds dualstack support for Amazon Elastic Container Registry (Amazon ECR).", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Launch of cost distribution feature for IPAM owners to distribute costs to internal teams.", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "Introducing new RuleSet rule PublishToSns action, which allows customers to publish email notifications to an Amazon SNS topic. New PublishToSns action enables customers to easily integrate their email workflows via Amazon SNS, allowing them to notify other systems about important email events.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "You can now specify a cross region inference profile as a teacher model for the CreateModelCustomizationJob API. Additionally, the GetModelCustomizationJob API has been enhanced to return the sub-task statuses of a customization job within the StatusDetails response field.", + "type": "api-change" + }, + { + "category": "``ecr-public``", + "description": "Adds dualstack support for Amazon Elastic Container Registry Public (Amazon ECR Public).", + "type": "api-change" + }, + { + "category": "socialmessaging", + "description": "Renames the incorrectly named delete-whatsapp-media-message command to the correct name of delete-whatsapp-message-media", + "type": "bugfix" + }, + { + "category": "``logs``", + "description": "CloudWatch Logs supports \"DELIVERY\" log class. This log class is used only for delivering AWS Lambda logs to Amazon S3 or Amazon Data Firehose.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.50.json 2.31.35-1/.changes/2.27.50.json --- 2.23.6-1/.changes/2.27.50.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.50.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``freetier``", + "description": "This release introduces four new APIs: GetAccountPlanState and UpgradeAccountPlan for AWS account plan management; ListAccountActivities and GetAccountActivity that provide activity tracking capabilities.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Adds support to Capacity Blocks for ML for purchasing EC2 P6e-GB200 UltraServers. Customers can now purchase u-p6e-gb200x72 and u-p6e-gb200x36 UltraServers. Adds new DescribeCapacityBlocks andDescribeCapacityBlockStatus APIs. Adds support for CapacityBlockId to DescribeInstanceTopology.", + "type": "api-change" + }, + { + "category": "``opsworkscm``", + "description": "Removing content that refers to an S3 bucket that is no longer in use.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.51.json 2.31.35-1/.changes/2.27.51.json --- 2.23.6-1/.changes/2.27.51.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.51.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,77 @@ +[ + { + "category": "``s3``", + "description": "Amazon S3 Metadata live inventory tables provide a queryable inventory of all the objects in your general purpose bucket so that you can determine the latest state of your data. To help minimize your storage costs, use journal table record expiration to set a retention period for your records.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Amazon ECS supports native blue/green deployments, allowing you to validate new service revisions before directing production traffic to them.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Introduced custom instructions for topics.", + "type": "api-change" + }, + { + "category": "``pricing``", + "description": "This release adds support for new filter types in GetProducts API, including EQUALS, CONTAINS, ANY_OF, and NONE_OF.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "AWS Opensearch adds support for enabling s3 vector engine options. After enabling this option, customers will be able to create indices with s3 vector engine.", + "type": "api-change" + }, + { + "category": "``repostspace``", + "description": "This release introduces Channels functionality with CreateChannel, GetChannel, ListChannels, and UpdateChannel operations. Channels provide dedicated collaboration spaces where teams can organize discussions and knowledge by projects, business units, or areas of responsibility.", + "type": "api-change" + }, + { + "category": "``s3vectors``", + "description": "Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity.", + "type": "api-change" + }, + { + "category": "``dynamodbstreams``", + "description": "Added support for optional shard filter parameter in DescribeStream api that allows customers to fetch child shards of a read_only parent shard.", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "Adds table bucket type to ListTableBucket and GetTableBucket API operations", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Removing restriction of environment profile identifier as required field, S3 feature release", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Add support for S3 Vectors as a vector store.", + "type": "api-change" + }, + { + "category": "``events``", + "description": "Add customer-facing logging for the EventBridge Event Bus, enabling customers to better observe their events and extract insights about their EventBridge usage.", + "type": "api-change" + }, + { + "category": "Dockerfile", + "description": "Update base image for AWS CLI v2 Docker image to Amazon Linux 2023", + "type": "enhancement" + }, + { + "category": "``ec2``", + "description": "This release adds support for volume initialization status, which enables you to monitor when the initialization process for an EBS volume is completed. This release also adds IPv6 support to EC2 Instance Connect Endpoints, allowing you to connect to your EC2 Instance via a private IPv6 address.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release adds support for a new Restricted instance group type to enable a specialized environment for running Nova customization jobs on SageMaker HyperPod clusters. This release also adds support for SageMaker pipeline versioning.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.52.json 2.31.35-1/.changes/2.27.52.json --- 2.23.6-1/.changes/2.27.52.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.52.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``ecs``", + "description": "This release removes hookDetails for the Amazon ECS native blue/green deployments.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.53.json 2.31.35-1/.changes/2.27.53.json --- 2.23.6-1/.changes/2.27.53.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.53.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,67 @@ +[ + { + "category": "``glue``", + "description": "AWS Glue now supports schema, partition and sort management of Apache Iceberg tables using Glue SDK", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This release adds support for on-demand custom model inference through CustomModelDeployment APIs for Amazon Bedrock.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds support for CDN Authentication using Static Headers in MediaPackage v2.", + "type": "api-change" + }, + { + "category": "``iotwireless``", + "description": "FuotaTaskId is not a valid IdentifierType for EventConfiguration and is being removed from possible IdentifierType values.", + "type": "api-change" + }, + { + "category": "``stepfunctions``", + "description": "Doc-only update to introduction, and edits to clarify input parameter and the set of control characters.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore``", + "description": "Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity.", + "type": "api-change" + }, + { + "category": "``networkflowmonitor``", + "description": "Introducing 2 new scope status types - DEACTIVATING and DEACTIVATED.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Add expectedBucketOwner parameter to ThreatIntel and IPSet APIs.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "document update to support on demand custom model.", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "AWS DataSync now supports IPv6 address inputs and outputs in create, update, and describe operations for NFS, SMB, and Object Storage locations", + "type": "api-change" + }, + { + "category": "``payment-cryptography-data``", + "description": "Expand length of message data field for Mac generation and validation to 8192 characters.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity.", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "CloudWatch Logs updates: Added X-Ray tracing for Amazon Bedrock Agent resources. Logs introduced Log Group level resource policies (managed through Put/Delete/Describe Resource Policy APIs). For more information, see CloudWatch Logs API documentation.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.54.json 2.31.35-1/.changes/2.27.54.json --- 2.23.6-1/.changes/2.27.54.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.54.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``synthetics``", + "description": "This feature allows AWS Synthetics customers to provide code dependencies using lambda layer while creating a canary", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release expands the range of supported audio outputs to include xHE, 192khz FLAC and the deprecation of dual mono for AC3.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Doc only update for CloudFront that fixes some customer-reported issues", + "type": "api-change" + }, + { + "category": "``keyspacesstreams``", + "description": "Doc only update for the Amazon Keyspaces Streams API.", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "Allow underscores in the local part of the input of the \"Email recipients rewrite\" action in rule sets.", + "type": "api-change" + }, + { + "category": "``stepfunctions``", + "description": "Align input with style guidelines.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "AWS Free Tier Version2 Support", + "type": "api-change" + }, + { + "category": "``cleanroomsml``", + "description": "This release introduces Parquet result format support for ML Input Channel models in AWS Clean Rooms ML.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.55.json 2.31.35-1/.changes/2.27.55.json --- 2.23.6-1/.changes/2.27.55.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.55.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``mediaconvert``", + "description": "This release adds support for TAMS server integration with MediaConvert inputs.", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "CloudWatchLogs launches GetLogObject API with streaming support for efficient log data retrieval. Logs added support for new AccountPolicy type METRIC_EXTRACTION_POLICY. For more information, see CloudWatch Logs API documentation", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "July 2025 doc-only updates for Systems Manager.", + "type": "api-change" + }, + { + "category": "``auditmanager``", + "description": "Updated error handling for RegisterOrganizationAdminAccount API to properly translate TooManyExceptions to HTTP 429 status code. This enhancement improves error handling consistency and provides clearer feedback when request limits are exceeded.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Added IP Visibility support for managed dedicated pools. Enhanced GetDedicatedIp and GetDedicatedIps APIs to return managed IP addresses.", + "type": "api-change" + }, + { + "category": "``outposts``", + "description": "Add AWS Outposts API to surface customer billing information", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.56.json 2.31.35-1/.changes/2.27.56.json --- 2.23.6-1/.changes/2.27.56.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.56.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``ec2``", + "description": "This release adds support for C8gn, F2 and P6e-GB200 Instance types", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Add dualstack endpoint support", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "Timestream for InfluxDB adds support for db.influx.24xlarge instance type. This enhancement enables higher compute capacity for demanding workloads through CreateDbInstance, CreateDbCluster, UpdateDbInstance, and UpdateDbCluster APIs.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "Add support for VPC resource endpoints in Service Managed Fleets", + "type": "api-change" + }, + { + "category": "cloudfront", + "description": "This release adds automatic pagination to the list-origin-access-controls command. To disable this behavior, please use the --no-paginate flag.", + "type": "enhancement" + }, + { + "category": "``sagemaker``", + "description": "This release adds 1/ Support for S3FileSystem in CustomFileSystems 2/ The ability for a customer to select their preferred IpAddressType for use with private Workforces 3/ Support for p4de instance type in SageMaker Training Plans", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.57.json 2.31.35-1/.changes/2.27.57.json --- 2.23.6-1/.changes/2.27.57.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.57.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "EMR", + "description": "Updated create-cluster and describe-cluster commands to support --extended-support and --no-extended-support arguments", + "type": "enhancement" + }, + { + "category": "``neptunedata``", + "description": "This release updates the supported regions for Neptune API to include current AWS regions.", + "type": "api-change" + }, + { + "category": "Dockerfile", + "description": "Include ``findutils`` and ``jq`` in Docker image", + "type": "enhancement" + }, + { + "category": "``lambda``", + "description": "This release migrated the model to Smithy keeping all features unchanged.", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Add support for Image Tag Mutability Exception feature, allowing repositories to define wildcard-based patterns that override the default image tag mutability settings.", + "type": "api-change" + }, + { + "category": "``emr``", + "description": "This release adds new parameter 'ExtendedSupport' in AWS EMR RunJobFlow, ModifyCluster and DescribeCluster API.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.58.json 2.31.35-1/.changes/2.27.58.json --- 2.23.6-1/.changes/2.27.58.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.58.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``workspaces-thin-client``", + "description": "Added the lastUserId parameter to the ListDevices and GetDevice API.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue now supports dynamic session policies for job executions. This feature allows you to specify custom, fine-grained permissions for each job run without creating multiple IAM roles.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Added support for skip-os-shutdown option for the EC2 instance stop and terminate operations. This feature enables customers to bypass the graceful OS shutdown, supporting faster state transitions when instance data preservation isn't critical.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.59.json 2.31.35-1/.changes/2.27.59.json --- 2.23.6-1/.changes/2.27.59.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.59.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``datazone``", + "description": "This release adds support for 1) highlighting relevant text in returned results for Search and SearchListings APIs and 2) returning aggregated counts of values for specified attributes for SearchListings API.", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Add Git integration and README support for HealthOmics workflows", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.6.json 2.31.35-1/.changes/2.27.6.json --- 2.23.6-1/.changes/2.27.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``sagemaker``", + "description": "Feature - Adding support for Scheduled and Rolling Update Software in Sagemaker Hyperpod.", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Amazon Verified Permissions / Features : Adds support for tagging policy stores.", + "type": "api-change" + }, + { + "category": "``appconfig``", + "description": "Adding waiter support for deployments and environments; documentation updates", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release adds the following fields to DescribeContact: DisconnectReason, AgentInitiatedHoldDuration, AfterContactWorkStartTimestamp, AfterContactWorkEndTimestamp, AfterContactWorkDuration, StateTransitions, Recordings, ContactDetails, ContactEvaluations, Attributes", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.60.json 2.31.35-1/.changes/2.27.60.json --- 2.23.6-1/.changes/2.27.60.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.60.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``ec2``", + "description": "Transit Gateway native integration with AWS Network Firewall. Adding new enum value for the new Transit Gateway Attachment type.", + "type": "api-change" + }, + { + "category": "``appintegrations``", + "description": "Amazon AppIntegrations introduces new configuration capabilities to enable customers to manage iframe permissions, control application refresh behavior (per contact or per browser/cross-contact), and run background applications (service).", + "type": "api-change" + }, + { + "category": "``config``", + "description": "Documentation improvements have been made to the EvaluationModel and DescribeConfigurationRecorders APIs.", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "Doc only update: fixed grammatical errors.", + "type": "api-change" + }, + { + "category": "``socialmessaging``", + "description": "This release introduces new WhatsApp template management APIs that enable customers to programmatically create and submit templates for approval, monitor approval status, and manage the complete template lifecycle", + "type": "api-change" + }, + { + "category": "``sqs``", + "description": "Documentation updates for Amazon SQS fair queues feature.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "This release adds support for specifying a preferred input for channels using CMAF ingest.", + "type": "api-change" + }, + { + "category": "``budgets``", + "description": "Adds IPv6 and PrivateLink support for AWS Budgets in IAD.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.61.json 2.31.35-1/.changes/2.27.61.json --- 2.23.6-1/.changes/2.27.61.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.61.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``directconnect``", + "description": "Enable MACSec support and features on Interconnects.", + "type": "api-change" + }, + { + "category": "``osis``", + "description": "Add Pipeline Role Arn as an optional parameter to the create / update pipeline APIs as an alternative to passing in the pipeline configuration body", + "type": "api-change" + }, + { + "category": "``iotsitewise``", + "description": "Add support for native anomaly detection in IoT SiteWise using new Computation Model APIs", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.62.json 2.31.35-1/.changes/2.27.62.json --- 2.23.6-1/.changes/2.27.62.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.62.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``cleanrooms``", + "description": "This feature provides the ability to update the table reference and allowed columns on an existing configured table.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "Adds support for tag management on monitors.", + "type": "api-change" + }, + { + "category": "``opensearchserverless``", + "description": "This is to support Granular access control support for SAML with IAMFedraton in AOSS", + "type": "api-change" + }, + { + "category": "``location``", + "description": "This release 1) adds support for multi-polygon geofences with disconnected territories, and 2) enables polygon exclusion zones within geofences for more accurate representation of real-world boundaries.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "AWS Batch for SageMaker Training jobs feature support. Includes new APIs for service job submission (e.g., SubmitServiceJob) and managing service environments (e.g., CreateServiceEnvironment) that enable queueing SageMaker Training jobs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.63.json 2.31.35-1/.changes/2.27.63.json --- 2.23.6-1/.changes/2.27.63.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.63.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``ds``", + "description": "This release adds support for AWS Managed Microsoft AD Hybrid Edition, introducing new operations: StartADAssessment, DescribeADAssessment, ListADAssessments, DeleteADAssessment, CreateHybridAD, UpdateHybridAD, and DescribeHybridADUpdate; and updated existing operation: DescribeDirectories.", + "type": "api-change" + }, + { + "category": "``iotwireless``", + "description": "Added TxPowerIndexMin, TxPowerIndexMax, NbTransMin and NbTransMax params to ServiceProfile.", + "type": "api-change" + }, + { + "category": "``docdb``", + "description": "Add support for setting Serverless Scaling Configuration on clusters.", + "type": "api-change" + }, + { + "category": "autocomplete", + "description": "Add completion model for ``dsql``", + "type": "enhancement" + }, + { + "category": "``ec2``", + "description": "Release to show the next hop IP address for routes propagated by VPC Route Server into VPC route tables.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "This release adds new origin timeout options: 1) ResponseCompletionTimeout and 2) OriginReadTimeout (for S3 origins)", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.7.json 2.31.35-1/.changes/2.27.7.json --- 2.23.6-1/.changes/2.27.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``ds``", + "description": "Doc only update - fixed typos.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Added support for Custom output and blueprints for AUDIO data types.", + "type": "api-change" + }, + { + "category": "``kinesis``", + "description": "Marking ResourceARN as required for Amazon Kinesis Data Streams APIs TagResource, UntagResource, and ListTagsForResource.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.8.json 2.31.35-1/.changes/2.27.8.json --- 2.23.6-1/.changes/2.27.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``devicefarm``", + "description": "Add an optional parameter to the GetDevicePoolCompatibility API to pass in project information to check device pool compatibility.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Add support to roll back an In_Progress ECS Service Deployment", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This update introduces API operations to manage and create local gateway VIF and VIF groups. It also includes API operations to describe Outpost LAGs and service link VIFs.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release adds a new authorization policy to control the usage of custom AssetType when creating an Asset. Customer can now add new grant(s) of policyType USE_ASSET_TYPE for custom AssetTypes to apply authorization policy to projects members and domain unit owners.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds an optional sidecar per-frame video quality metrics report and an ALL_PCM option for audio selectors. It also changes the data type for Probe API response fields related to video and audio bitrate from integer to double.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.27.9.json 2.31.35-1/.changes/2.27.9.json --- 2.23.6-1/.changes/2.27.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.27.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``servicecatalog``", + "description": "ServiceCatalog's APIs (DeleteServiceAction, DisassociateServiceActionFromProvisioningArtifact, AssociateServiceActionWithProvisioningArtifact) now throw InvalidParametersException when IdempotencyToken is invalid.", + "type": "api-change" + }, + { + "category": "``timestream-write``", + "description": "Add dualstack endpoints support.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds support for Amazon EBS Provisioned Rate for Volume Initialization, which lets you specify a volume initialization rate to ensure that your EBS volumes are initialized in a predictable amount of time.", + "type": "api-change" + }, + { + "category": "``timestream-query``", + "description": "Add dualstack endpoints support and correct us-gov-west-1 FIPS endpoint.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.0.json 2.31.35-1/.changes/2.28.0.json --- 2.23.6-1/.changes/2.28.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,67 @@ +[ + { + "category": "``workspaces-web``", + "description": "Added ability to log session activity on a portal to an S3 bucket.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Added Impala connector support", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Added support for the force option for the EC2 instance terminate command. This feature enables customers to recover resources associated with an instance stuck in the shutting-down state as a result of rare issues caused by a frozen operating system or an underlying hardware problem.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Added support for Route node, S3 Iceberg sources/targets, catalog Iceberg sources, DynamoDB ELT connector, AutoDataQuality evaluation, enhanced PII detection with redaction, Kinesis fan-out support, and new R-series worker types.", + "type": "api-change" + }, + { + "category": "``iot``", + "description": "This release allows AWS IoT Core users to use their own AWS KMS keys for data protection", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Add Tags field to CreateAccessPoint", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Add support for retrieving a Bearer token from environment variables to enable bearer authentication with Bedrock services.", + "type": "feature" + }, + { + "category": "``entityresolution``", + "description": "Add support for creating advanced rule-based matching workflows in AWS Entity Resolution.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "This release introduces support for Multi-tenant management", + "type": "api-change" + }, + { + "category": "``inspector2``", + "description": "Extend usage to include agentless hours and add CODE_REPOSITORY to aggregation resource type", + "type": "api-change" + }, + { + "category": "``elbv2``", + "description": "This release enables secondary IP addresses for Network Load Balancers.", + "type": "api-change" + }, + { + "category": "``customer-profiles``", + "description": "The release updates standard profile with 2 new fields that supports account-level engagement. Updated APIs include CreateProfile, UpdateProfile, MergeProfiles, SearchProfiles, BatchGetProfile, GetSegmentMembership, CreateSegmentDefinition, CreateSegmentEstimate.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "Granular access control support for NEO-SAML with IAMFederation for AOS data source", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.1.json 2.31.35-1/.changes/2.28.1.json --- 2.23.6-1/.changes/2.28.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``auditmanager``", + "description": "Added a note to Framework APIs (CreateAssessmentFramework, GetAssessmentFramework, UpdateAssessmentFramework) clarifying that the Controls object returns a partial response when called through Framework APIs. Added documentation that the Framework's controlSources parameter is no longer supported.", + "type": "api-change" + }, + { + "category": "``observabilityadmin``", + "description": "CloudWatch Observability Admin adds the ability to enable telemetry on AWS resources such as Amazon VPCs (Flow Logs) in customers AWS Accounts and Organizations. The release introduces new APIs to manage telemetry rules, which define telemetry settings to be applied on AWS resources.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Add support for IPv6 Networking for Clusters.", + "type": "api-change" + }, + { + "category": "``sns``", + "description": "Amazon SNS support for Amazon SQS fair queues", + "type": "api-change" + }, + { + "category": "``aiops``", + "description": "This release includes fix for InvestigationGroup timestamp conversion issue.", + "type": "api-change" + }, + { + "category": "``arc-region-switch``", + "description": "This is the initial SDK release for Region switch", + "type": "api-change" + }, + { + "category": "``acm-pca``", + "description": "Doc-only update to add more information to GetCertificate action.", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "Release new resource detail type CodeRepository", + "type": "api-change" + }, + { + "category": "``lightsail``", + "description": "This release adds support for the Asia Pacific (Jakarta) (ap-southeast-3) Region.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.10.json 2.31.35-1/.changes/2.28.10.json --- 2.23.6-1/.changes/2.28.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,72 @@ +[ + { + "category": "``ec2``", + "description": "This release adds ModifyInstanceConnectEndpoint API to update configurations on existing EC2 Instance Connect Endpoints and improves IPv6 support through dualstack DNS names for EC2 Instance Connect Endpoints.", + "type": "api-change" + }, + { + "category": "configure", + "description": "Improved error messaging for `aws configure import --csv` command to clarify file", + "type": "enhancement" + }, + { + "category": "``dynamodb``", + "description": "This release 1/ Adds support for throttled keys mode for CloudWatch Contributor Insights, 2/ Adds throttling reasons to exceptions across dataplane APIs. 3/ Explicitly models ThrottlingException as a class in statically typed languages. Refer to the launch day blog post for more details.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Updated the regex pattern and description of iamInstanceProfileArn in the CreateComputeNodeGroup and UpdateComputeNodeGroup API actions. Name and path requirements apply to the ARN of the IAM role associated with the instance profile and not the ARN of the instance profile.", + "type": "api-change" + }, + { + "category": "``fsx``", + "description": "Amazon FSx for NetApp ONTAP 2nd generation file systems now support decreasing SSD storage capacity.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue now supports Trusted Identity Propagation.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "CMAF Ingest output groups in MediaLive can now accept one additional destination url for single pipeline channels and up to two additional destination urls for standard channels.", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "New APIs introduced to import WorkSpaces BYOL image using a new process that leveraged EC2 Image Builder. WorkSpaces tests and fixes your image's compatibility issues and supports customized VM images.", + "type": "api-change" + }, + { + "category": "``directconnect``", + "description": "Added pagination support for DescribeHostedConnections, DescribeVirtualInterfaces, DescribeConnections, DescribeInterconnects, DescribeLags. Added asnLong support for BGP peer operations which supports a large range.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Added support for entity lists.", + "type": "api-change" + }, + { + "category": "``arc-region-switch``", + "description": "Endpoint rule test and documentation update.", + "type": "api-change" + }, + { + "category": "``servicediscovery``", + "description": "Added support for cross account through Id parameter overloading with ARN and allow owner account for some APIs instead of ARN", + "type": "api-change" + }, + { + "category": "``bcm-recommended-actions``", + "description": "Initial SDK release for AWS Billing and Cost Management Recommended Actions.", + "type": "api-change" + }, + { + "category": "``qapps``", + "description": "Documentation update for Amazon Q Apps API Reference", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.11.json 2.31.35-1/.changes/2.28.11.json --- 2.23.6-1/.changes/2.28.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``amp``", + "description": "Add Resource-based Policy APIs for Amazon Prometheus", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "AWS Glue Zero ETL now supports On-demand snapshot load", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "This release adds support for saving Bedrock Flows while node configuration is still in progress, even if the Flow is not yet able to be invoked", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.12.json 2.31.35-1/.changes/2.28.12.json --- 2.23.6-1/.changes/2.28.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``connect``", + "description": "Amazon Connect Service Feature: Add support to enable multi-user in-app, web, and video calling.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Customer managed keys now available for volume encryption of SageMaker HyperPod clusters.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Added default_x86_64 and default_arm64 as values to the instanceTypes field.", + "type": "api-change" + }, + { + "category": "``bcm-dashboards``", + "description": "Billing and Cost Management Dashboards enables users to create dashboards that combine multiple visualizations of cost and usage data. Users can create, manage, and share dashboards. Tags are also available for dashboards.", + "type": "api-change" + }, + { + "category": "``connectparticipant``", + "description": "Amazon Connect Service Feature: Add support to enable multi-user in-app, web, and video calling.", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Adds support for Compute checksum functionality in Amazon S3 Batch Operations. You can now calculate checksums for a list of objects using supported algorithms in Amazon S3, without requiring a restore or download", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.13.json 2.31.35-1/.changes/2.28.13.json --- 2.23.6-1/.changes/2.28.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``cleanrooms``", + "description": "Support error message configuration for analysis templates", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add support for \"warning\" volume status.", + "type": "api-change" + }, + { + "category": "``polly``", + "description": "Added support for new output format - Opus.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.14.json 2.31.35-1/.changes/2.28.14.json --- 2.23.6-1/.changes/2.28.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,57 @@ +[ + { + "category": "``pinpoint-sms-voice-v2``", + "description": "This change added InternationalSendingEnbaled as part of describe/Update/Request phone number API response, and as part of update/Request phone number API request", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "This release adds support for the new Terms APIs which allow displaying Terms of Use and Privacy Policy on the Managed Login user-registration page.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "EKS Add-ons Custom Namespace Support", + "type": "api-change" + }, + { + "category": "``billing``", + "description": "Clarify IPv4 and IPv6 endpoints", + "type": "api-change" + }, + { + "category": "``kinesisanalyticsv2``", + "description": "Adds Key Management Service (KMS) support allowing customer-managed key (CMK) encryption for Flink application data.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release adds 1/ Launch ml.p5.4xlarge instance in Processing jobs, Training jobs and Training Plan 2/ Makes S3Uri to be required for S3FileSystem and S3FileSystemConfig.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release supports policy grant identifier for cloud formation integration", + "type": "api-change" + }, + { + "category": "``route53-recovery-control-config``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "Launch CountTokens API to allow token counting", + "type": "api-change" + }, + { + "category": "``detective``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.15.json 2.31.35-1/.changes/2.28.15.json --- 2.23.6-1/.changes/2.28.15.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.15.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,152 @@ +[ + { + "category": "``greengrassv2``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ecr-public``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotthingsgraph``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cloudhsm``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lookoutmetrics``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ebs``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``backup-gateway``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotevents``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lexv2-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Added support for preprocessing queries in Data Quality operations through new DataQualityGlueTable structure.", + "type": "api-change" + }, + { + "category": "``panorama``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ssm-contacts``", + "description": "Doc-only updates for Incident Manager Contacts August 2025", + "type": "api-change" + }, + { + "category": "``es``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``mediapackage``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kinesis-video-signaling``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Remove Pattern trait from email field", + "type": "api-change" + }, + { + "category": "``managedblockchain``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``pinpoint-email``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``appfabric``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "The default application in a stream group can now be changed at any time using UpdateStreamGroup to update the DefaultApplicationIdentifier.", + "type": "api-change" + }, + { + "category": "``iotdeviceadvisor``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``apigatewaymanagementapi``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``comprehend``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``s3outposts``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is a documentation only release that adds additional information for the update-service request parameters.", + "type": "api-change" + }, + { + "category": "``forecastquery``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotevents-data``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cognito-identity``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``resource-groups``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``elasticbeanstalk``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.16.json 2.31.35-1/.changes/2.28.16.json --- 2.23.6-1/.changes/2.28.16.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.16.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,112 @@ +[ + { + "category": "``qldb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Correct Scan and Scanned Count values when resuming a scan or query with a ``--starting-token``", + "type": "bugfix" + }, + { + "category": "``elb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``route53-recovery-readiness``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "AWS Elemental MediaLive now has a field called \"SubtitleRows\" for controlling subtitle row count for DVB-Sub and Burn-In captions outputs", + "type": "api-change" + }, + { + "category": "``marketplacecommerceanalytics``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "Python", + "description": "Update bundled Python interpreter to 3.13.7", + "type": "enhancement" + }, + { + "category": "``sagemaker-a2i-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``proton``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``clouddirectory``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``qconnect``", + "description": "Releasing model ID support for UpdateAIPrompt", + "type": "api-change" + }, + { + "category": "``healthlake``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cognito-sync``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "test and verified, safe to release", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Launch SageMaker Notebook Instances support for AL2023 along with P6-B200 instance type and Rootless Docker support for SageMaker Studio.", + "type": "api-change" + }, + { + "category": "``memorydb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotanalytics``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Added multi browser support for synthetics canaries, Increased ephemeral storage limit from 5GB to 10GB", + "type": "api-change" + }, + { + "category": "``docdb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``macie2``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Updates Amazon RDS documentation for Db2 read-only replicas.", + "type": "api-change" + }, + { + "category": "``simspaceweaver``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.17.json 2.31.35-1/.changes/2.28.17.json --- 2.23.6-1/.changes/2.28.17.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.17.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,207 @@ +[ + { + "category": "``ec2``", + "description": "Added IPv6 support for AWS Client VPN.", + "type": "api-change" + }, + { + "category": "``lookoutequipment``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kinesis-video-archived-media``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``dax``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kendra``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``devops-guru``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``sagemaker-edge``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``personalize-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``forecast``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codeartifact``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``snowball``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kinesisanalytics``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``emr-containers``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``translate``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``finspace-data``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cloudsearch``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotfleethub``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``chime-sdk-media-pipelines``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``appflow``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``chime-sdk-messaging``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``mediastore``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``resourcegroupstaggingapi``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``mediapackage-vod``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``sqs``", + "description": "Documentation update for Amazon SQS Supports Large Payload Message feature", + "type": "api-change" + }, + { + "category": "``cloudtrail-data``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``support-app``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``wellarchitected``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``sagemaker-featurestore-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``shield``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codestar-notifications``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``serverlessrepo``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lex-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``b2bi``", + "description": "Updated APIs to support custom validation rules.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds support for input rendition selection for HLS input, adds new Share API to enable sharing jobs with AWS Support for support investigations, and adds INCLUDE_AS_TS to iFrameOnlyManifest setting for HLS outputs.", + "type": "api-change" + }, + { + "category": "``timestream-influxdb``", + "description": "Add MAINTENANCE status for DbInstance and DbCluster", + "type": "api-change" + }, + { + "category": "``cur``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``support``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Releasing the following features - Asset classification that lets users use restricted terms for classifying assets if they have the right permissions. Also adding a new enum value \"Moving\" to project status.", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "The Amazon Q Business GetDocumentContent operation now supports retrieval of the extracted text content in JSON format.", + "type": "api-change" + }, + { + "category": "``sagemaker-runtime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codeguru-security``", + "description": "Documentation update to notify users of the discontinuation of Amazon CodeGuru Security.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.18.json 2.31.35-1/.changes/2.28.18.json --- 2.23.6-1/.changes/2.28.18.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.18.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,152 @@ +[ + { + "category": "``mq``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``dlm``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``connectparticipant``", + "description": "Amazon Connect Participant Service: Remove unused fields from WebRTCConnection", + "type": "api-change" + }, + { + "category": "``waf-regional``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``rbin``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``arc-zonal-shift``", + "description": "This release adds new API options to enable allowed windows and multiple alarms for practice runs.", + "type": "api-change" + }, + { + "category": "``ram``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``elastictranscoder``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``route53-recovery-cluster``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``apprunner``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lookoutvision``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``personalize-events``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codestar-connections``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add new APIs for viewing how your shared AMIs are used by other accounts, and identify resources in your account that are dependent on particular AMIs", + "type": "api-change" + }, + { + "category": "``geo-routes``", + "description": "Added RouteFerryNotice PotentialViolatedVehicleRestrictionUsage value for CalculateRoutes. This value indicates when the Route is potentially forbidden for the given vehicle profile.", + "type": "api-change" + }, + { + "category": "``greengrass``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``sagemaker-geospatial``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``globalaccelerator``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``identitystore``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``signer``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kafka``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codecommit``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``pinpoint``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``iotsecuretunneling``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``finspace``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``mgh``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``comprehendmedical``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``migration-hub-refactor-spaces``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``glacier``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``servicecatalog-appregistry``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.19.json 2.31.35-1/.changes/2.28.19.json --- 2.23.6-1/.changes/2.28.19.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.19.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,182 @@ +[ + { + "category": "``migrationhub-config``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kinesis-video-media``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``application-insights``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``pi``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add support for on-demand refresh of EKS cluster insights", + "type": "api-change" + }, + { + "category": "``chime``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``chime-sdk-voice``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Added ECS_AL2023_NVIDIA as an option for Ec2Configuration.imageType.", + "type": "api-change" + }, + { + "category": "``evidently``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``chime-sdk-meetings``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``neptune-graph``", + "description": "Add StartGraph and StopGraph operations to Neptune Analytics", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release adds support for AutoScaling on SageMaker HyperPod.", + "type": "api-change" + }, + { + "category": "``codeguruprofiler``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``chime-sdk-identity``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lakeformation``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``workdocs``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``timestream-write``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``frauddetector``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``workmail``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ds``", + "description": "Add APIs for CA AutoEnrollment support: DescribeCAEnrollmentPolicy, EnableCAEnrollmentPolicy and DisableCAEnrollmentPolicy.", + "type": "api-change" + }, + { + "category": "``opsworks-cm``", + "description": "The opsworks-cm client has been removed following the deprecation of the service.", + "type": "api-change" + }, + { + "category": "``elasticache``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``datapipeline``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``amplifybackend``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``discovery``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``redshift``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``schemas``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``kinesisvideo``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``inspector``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``snow-device-management``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``robomaker``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``personalize``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``qldb-session``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``lex-models``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``opsworks``", + "description": "The opsworks client has been removed following the deprecation of the service.", + "type": "api-change" + }, + { + "category": "``voice-id``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.2.json 2.31.35-1/.changes/2.28.2.json --- 2.23.6-1/.changes/2.28.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``sagemaker``", + "description": "This release adds the ability for customers to attach and detach their EBS volumes to EKS-orchestrated HyperPod cluster nodes.", + "type": "api-change" + }, + { + "category": "``iotsitewise``", + "description": "Support Interface for IoT SiteWise Asset Modeling", + "type": "api-change" + }, + { + "category": "``awscrt``", + "description": "Update awscrt version to 0.27.5.", + "type": "enhancement" + }, + { + "category": "``codeconnections``", + "description": "New integration with Azure DevOps provider type.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore``", + "description": "Remove superfluous field from API", + "type": "api-change" + }, + { + "category": "``evs``", + "description": "TagResource API now throws ServiceQuotaExceededException when the number of tags on the Amazon EVS resource exceeds the maximum allowed. TooManyTagsException is deprecated.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.20.json 2.31.35-1/.changes/2.28.20.json --- 2.23.6-1/.changes/2.28.20.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.20.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,172 @@ +[ + { + "category": "``mturk``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``sso``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Added RDS HTTP Endpoint feature support flag to DescribeOrderableDBInstanceOptions API", + "type": "api-change" + }, + { + "category": "``codeguru-reviewer``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``healthlake``", + "description": "Add ValidationLevel parameter to StartFHIRImportJob API, allowing users to specify a FHIR validation level for their asynchronous import jobs.", + "type": "api-change" + }, + { + "category": "``workmailmessageflow``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds support for copying Amazon EBS snapshot and AMIs to and from Local Zones.", + "type": "api-change" + }, + { + "category": "``scheduler``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ec2-instance-connect``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Adding support to fetch TargetDatabase field during GetDatabases with AttributesToGet", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Adds Amazon ECR pull through cache support to AWS HealthOmics, so you can more easily use container images from external sources.", + "type": "api-change" + }, + { + "category": "``cloud9``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``applicationcostprofiler``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``xray``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``dynamodb``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``fis``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``geo-maps``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``savingsplans``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``fms``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cloudsearchdomain``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``cloudhsmv2``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ssm-sap``", + "description": "Added support for Configuration Checks on SAP HANA Applications.", + "type": "api-change" + }, + { + "category": "``timestream-query``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``route53domains``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``osis``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``ses``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``apprunner``", + "description": "Doc only updates for APIs and and datatypes related to IPAddressType and Subnets for IPv6 dualstack support.", + "type": "api-change" + }, + { + "category": "``databrew``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "AgentStatusDrillDown feature in GetCurrentMetricData API. Adding AGENT_STATUS as filter and grouping in GetCurrentMetricData API", + "type": "api-change" + }, + { + "category": "``mediastore-data``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``codedeploy``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``machinelearning``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``waf``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + }, + { + "category": "``autoscaling-plans``", + "description": "Remove incorrect endpoint tests", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.21.json 2.31.35-1/.changes/2.28.21.json --- 2.23.6-1/.changes/2.28.21.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.21.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``ec2``", + "description": "Release shows new route types such as filtered and advertisement.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "Fixed stop sequence limit for converse API.", + "type": "api-change" + }, + { + "category": "``xray``", + "description": "AWS X-Ray Features: Support Sampling Rate Boost On Anomaly", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.22.json 2.31.35-1/.changes/2.28.22.json --- 2.23.6-1/.changes/2.28.22.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.22.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``notifications``", + "description": "Added Org support for notifications: - `ListMemberAccounts` gets member accounts list, `AssociateOrganizationalUnit` links OU to notification configuration, `DisassociateOrganizationalUnit` removes OU from notification configuration, `ListOrganizationalUnits` shows OUs configured for notifications.", + "type": "api-change" + }, + { + "category": "``neptune``", + "description": "Removed the deprecated marker from publiclyAccessible parameter from DbInstance, CreateDbInstance and ModifyDbInstance and added relevant usage information for the parameter.", + "type": "api-change" + }, + { + "category": "``workmail``", + "description": "Make RoleArn an optional parameter for the PutEmailMonitoringConfiguration API, and add UnsupportedOperationException to RegisterToWorkMail.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "MaximumEbsAttachments and AttachmentLimitType fields added to DescribeInstanceTypesResponse. G6f, Gr6f, R8i, R8i-flex and p5.4xlarge instance types added to InstanceTypes enum.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.23.json 2.31.35-1/.changes/2.28.23.json --- 2.23.6-1/.changes/2.28.23.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.23.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``awscrt``", + "description": "Update awscrt version to 0.27.6", + "type": "enhancement" + }, + { + "category": "``cleanrooms``", + "description": "Added support for adding new data provider members to an existing collaboration.", + "type": "api-change" + }, + { + "category": "``cleanroomsml``", + "description": "AWS Clean Rooms ML adds log sanitization for privacy-enhanced error summaries, supports new instance types for custom models providing better performance and lower costs, and deprecates P3-series instances.", + "type": "api-change" + }, + { + "category": "``route53``", + "description": "Amazon Route 53 now supports the Asia Pacific (New Zealand) Region (ap-southeast-6) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.", + "type": "api-change" + }, + { + "category": "``route53domains``", + "description": "Added new ExtraParams AU_ELIGIBILITY_TYPE, AU_POLICY_REASON, and AU_REGISTRANT_NAME", + "type": "api-change" + }, + { + "category": "``mq``", + "description": "Add CONFIG_MANAGED as a supported AuthenticationStrategy for Amazon MQ for RabbitMQ brokers. Make username and password optional on broker creation for CONFIG_MANAGED brokers.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Adding an optional field IpAddressType in CustomOriginConfig", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "This release adds support for MasterUserAuthenticationType parameter on CreateDBInstance, ModifyDBInstance, CreateDBCluster, and ModifyDBCluster operations.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.24.json 2.31.35-1/.changes/2.28.24.json --- 2.23.6-1/.changes/2.28.24.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.24.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``ec2``", + "description": "Add m8i, m8i-flex and i8ge instance types.", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "ListHookResults API now supports retrieving invocation results for all CloudFormation Hooks (previously limited to create change set and Cloud Control operations) with new optional parameters for filtering by Hook status and ARN.", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "Add support for configurable compute sizes for PySpark jobs.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Added new EndpointNetworkType and TargetConnectionNetworkType fields in Proxy APIs to support IPv6", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Amazon Verified Permissions / Features : Adds support for datetime and duration attribute values.", + "type": "api-change" + }, + { + "category": "``opensearchserverless``", + "description": "Add support for Federal Information Processing Standards (FIPS) and Federal Risk and Authorization Management Program (FedRAMP) compliance", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.25.json 2.31.35-1/.changes/2.28.25.json --- 2.23.6-1/.changes/2.28.25.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.25.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``sagemaker``", + "description": "Release IPv6 support with dualstack in SageMaker Notebooks, Tiered Storage Checkpointing Support in SageMaker HyperPod and P5.4xlarge instance type for SageMaker Hosting.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This is a documentation only release that adds additional information for Amazon ECS Availability Zone rebalancing.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Documentation-only update to add AccountingStorageEnforce to SlurmCustomSetting.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.26.json 2.31.35-1/.changes/2.28.26.json --- 2.23.6-1/.changes/2.28.26.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.26.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``s3``", + "description": "This release includes backward compatibility work on the \"Expires\" parameter.", + "type": "api-change" + }, + { + "category": "``iotsitewise``", + "description": "Add ComputationModelVersion support in IoT SiteWise APIs", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "This release adds the RESOURCE_NOT_FOUND error code as a possible value in responses to the following operations: BatchGetStandardsControlAssociations, BatchUpdateStandardsControlAssociations, and BatchGetSecurityControls.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.3.json 2.31.35-1/.changes/2.28.3.json --- 2.23.6-1/.changes/2.28.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``sagemaker``", + "description": "Add support for SageMaker Hyperpod continuous scaling and custom AMI; Introduce new APIs: ListClusterEvents, DescribeClusterEvent, BatchAddClusterNodes", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Adds a new Aurora Serverless v2 attribute to the DBCluster resource to expose the platform version. Also updates the attribute to be part of both the engine version and platform version descriptions.", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "This release adds support for Automated Reasoning checks output models for the Amazon Bedrock Guardrails ApplyGuardrail API.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This release introduces Automated Reasoning checks for Amazon Bedrock Guardrails. The feature adds new APIs for policy building, refinement, version management, and testing. Guardrail APIs now support Automated Reasoning policy configuration and validation output.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add support for deletion protection on EKS clusters", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.4.json 2.31.35-1/.changes/2.28.4.json --- 2.23.6-1/.changes/2.28.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``budgets``", + "description": "Adds support for billing views. Billing views let you control access to cost and usage data through an AWS resource, streamlining the process of sharing cost and usage data across account boundaries. With this release, you can now create and view budgets based on billing views.", + "type": "api-change" + }, + { + "category": "``appstream``", + "description": "Added support for G6 instances", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Mark Elastic Inference Accelerators and Elastic Graphics Processor parameters as deprecated on the RunInstances and LaunchTemplate APIs.", + "type": "api-change" + }, + { + "category": "``opensearchserverless``", + "description": "Features: add Index APIs in OpenSearchServerless to support managed semantic enrichment", + "type": "api-change" + }, + { + "category": "openssl", + "description": "Update bundled OpenSSL version to 1.1.1zc for Linux installers", + "type": "enhancement" + }, + { + "category": "``qbusiness``", + "description": "Amazon Q Business now supports the GetDocumentContent() API that enables customers to securely access the source documents through clickable citation links at query time", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.5.json 2.31.35-1/.changes/2.28.5.json --- 2.23.6-1/.changes/2.28.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``glue``", + "description": "AWS Glue Data Catalog now supports Iceberg Optimization settings at the Catalog level, and supports new options to control the optimization job run rate.", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Adds Proton 9.0-2 to the list of runtime environment options available when creating an Amazon GameLift Streams application", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Added support for VPC owner account ID associated with DNS request in the GuardDuty finding.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "AWS CodeBuild now supports comment-based pull request control.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Added new viewer security policy, TLSv1.3_2025, for CloudFront.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "This feature allows customers to use AWS Batch with Linux with ARM64 CPU Architecture with Fargate Spot compute support.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.6.json 2.31.35-1/.changes/2.28.6.json --- 2.23.6-1/.changes/2.28.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``connect``", + "description": "This release adds a new API GetContactMetrics for Amazon Connect.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Adds support for GB200 UltraServers in Amazon SageMaker training jobs, training plans, and HyperPod clusters", + "type": "api-change" + }, + { + "category": "``iot-data``", + "description": "Adding DeleteConnection API to IoT Data Plane", + "type": "api-change" + }, + { + "category": "``inspector2``", + "description": "Add CVSSV4 to Vulnerability Search API and update enable/disable account id list length to 5", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "Update documentation to use key ARN only in OutputEncryptionKMSKeyId request parameter", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.7.json 2.31.35-1/.changes/2.28.7.json --- 2.23.6-1/.changes/2.28.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "``sso``", + "description": "Clarify ``aws sso login`` to only suggest a different device when using ``--use-device-code``.", + "type": "enhancement" + }, + { + "category": "``evs``", + "description": "Update for general availability of Amazon Elastic VMware Service (EVS).", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "This release includes model updates and enhanced SDK documentation for union fields in automated reasoning policy components. Added docs cover policy definitions, mutations (add/update for rules/types/variables), build assets, workflow sources, test results, and tag exception handling.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds AvailabilityZoneId support for CreateVolume, DescribeVolume, LaunchTemplates, RunInstances, DescribeInstances, CreateDefaultSubnet, SpotInstances, and CreateDefaultSubnet APIs.", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Doc-only update for Lambda that updates the maximum payload size for response streaming invocations to 200 MB.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Add RowAxisDisplayOptions and ColumnAxisDisplayOptions to HeatMapConfiguration, add Actions to PluginVisual, increase limit for CalculatedFields list", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "Remove SigV4 auth requirement for GetTokensFromRefreshToken", + "type": "api-change" + }, + { + "category": "``sso-admin``", + "description": "Added support for managing user background session for applications", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "Adds support for Wait and Save feature in service-managed fleets", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Updating SearchUserHierarchyGroups API", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.8.json 2.31.35-1/.changes/2.28.8.json --- 2.23.6-1/.changes/2.28.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``organizations``", + "description": "This release introduces 2 new APIs in Organizations: 1. ListAccountsWithInvalidEffectivePolicy 2. ListEffectivePolicyValidationErrors", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "IAM Identity Center trusted identity propagation is now supported in SageMaker Studio.", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "AWS HealthScribe now supports specifying preferred patient pronouns through the MedicalScribeContext parameter for use in the generated clinical notes.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Release to allow route table association with a PublicIpv4Pool.", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "AWS CodeBuild now supports PullRequestBuildPolicy in webhook object.", + "type": "api-change" + }, + { + "category": "``backupsearch``", + "description": "Using recommended smithy trait to generate regional endpoints for Backup Search", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.28.9.json 2.31.35-1/.changes/2.28.9.json --- 2.23.6-1/.changes/2.28.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.28.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``datazone``", + "description": "Adds support for account pools and project profile account decoupling", + "type": "api-change" + }, + { + "category": "``security-ir``", + "description": "Added support for Organizational Unit-level Membership configuration and the ability to resume a cancelled membership.", + "type": "api-change" + }, + { + "category": "``braket``", + "description": "Add support for Braket program sets.", + "type": "api-change" + }, + { + "category": "``partnercentral-selling``", + "description": "Add Tagging Support for Opportunity resources", + "type": "api-change" + }, + { + "category": "``fsx``", + "description": "Add Dual-Stack support for Amazon FSx for OpenZFS file systems", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "This release introduces compute quota for GPU, Trainium accelerators, vCPU, and vCPU memory utilization across teams in HyperPod clusters", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.29.0.json 2.31.35-1/.changes/2.29.0.json --- 2.23.6-1/.changes/2.29.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.29.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``autoscaling``", + "description": "Added WaitForTransitioningInstances parameter to the CancelInstanceRefresh API, allowing the caller to cancel an instance refresh without waiting for on-going launches and terminations.", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "Added CUE tag SCTE output to MediaPackageV2 HLS and LL-HLS manifests.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Released IPv6 support with dual-stack domain options on SageMaker Studio and introduced support for p6-b200.48xlarge instance type on SageMaker Studio for JupyterLab and CodeEditor applications.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Adds support for custom blueprints", + "type": "api-change" + }, + { + "category": "``cloudwatch``", + "description": "Added a new API - DescribeAlarmContributors API, to retrieve alarm contributors in ALARM state. Added support in DescribeAlarmHistory API to query alarm contributor history", + "type": "api-change" + }, + { + "category": "s3 download", + "description": "Validate requested range matches content range in response for multipart downloads", + "type": "feature" + }, + { + "category": "``connect``", + "description": "SDK release for user defined predefined attributes.", + "type": "api-change" + }, + { + "category": "``organizations``", + "description": "Documentation updates for AWS Organizations APIs.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.29.1.json 2.31.35-1/.changes/2.29.1.json --- 2.23.6-1/.changes/2.29.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.29.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``networkflowmonitor``", + "description": "Added new enum value (AWS::Region) for type field under MonitorLocalResource and MonitorRemoteResource. Workload Insights and Monitor top contributors queries now support a new DestinationCategory (INTER_REGION).", + "type": "api-change" + }, + { + "category": "``payment-cryptography``", + "description": "AWS Payment Cryptography Service now supports Multi-Region key replication. Customers can choose to automatically distribute keys across AWS Regions.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.0.json 2.31.35-1/.changes/2.30.0.json --- 2.23.6-1/.changes/2.30.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +[ + { + "category": "installer", + "description": "Added universal binary support for AWS CLI v2 on macOS", + "type": "feature" + }, + { + "category": "``evs``", + "description": "CreateEnvironment API now supports parameters (isHcxPublic & hcxNetworkAclId) for HCX migration via public internet, adding flexibility for migration scenarios. New APIs have been added for associating (AssociateEipToVlan) & disassociating (DisassociateEipFromVlan) Elastic IP (EIP) addresses.", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add Vended Logs APIs for Amazon Prometheus Managed Collector", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "This release adds support for Account level custom permissions, additional Dashboard Options, and Null support for Q&A.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Updated Java SDK implementation of entity set status in GuardDuty API.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "adding IAM principal id to IAM user profile details", + "type": "api-change" + }, + { + "category": "``emr-containers``", + "description": "Added nodeLabel support in container provider to aid hardware isolation support for virtual cluster and security configuration.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "AWS Elemental MediaLive adds a new feature in MediaPackage output group that enables MediaPackage V2 users to control HLS-related parameters directly in MediaLive. These parameter settings are then reflected in MediaPackage outputs, providing more streamlined control over HLS configurations.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This release supports hook details for Amazon ECS lifecycle hooks.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Adds support for end-to-end IAM authentication in RDS Proxy for MySQL, MariaDB, and PostgreSQL engines.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.1.json 2.31.35-1/.changes/2.30.1.json --- 2.23.6-1/.changes/2.30.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``s3``", + "description": "Expose S3 transfer config's ``io_chunksize`` in shared config file", + "type": "enhancement" + }, + { + "category": "``payment-cryptography``", + "description": "Add support for certificates to be signed by 3rd party certificate authorities. New API GetCertificateSigningRequest API and support for providing certificates at run-time for tr-34 import/export", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.2.json 2.31.35-1/.changes/2.30.2.json --- 2.23.6-1/.changes/2.30.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``medical-imaging``", + "description": "Added support for OpenID Connect (OIDC) custom authorizer", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Introduce three new encryption filters: EncryptionType (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C, NOT-SSE), KmsKeyArn (for SSE-KMS and DSSE-KMS), and BucketKeyEnabled (for SSE-KMS).", + "type": "api-change" + }, + { + "category": "``sms``", + "description": "The sms client has been removed following the deprecation of the service.", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "Added endpoint support for eusc-de-east-1 region.", + "type": "api-change" + }, + { + "category": "``observabilityadmin``", + "description": "CloudWatch Observability Admin adds the ability to enable telemetry centralization in customers' Organizations. The release introduces new APIs to manage centralization rules, which define settings to replicate telemetry data to a central destination in the customers' Organization.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.3.json 2.31.35-1/.changes/2.30.3.json --- 2.23.6-1/.changes/2.30.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``logs``", + "description": "Cloudwatch Logs added support for 2 new API parameters in metric and subscription filter APIs to filter log events based on system field values and emit system field values as dimensions and send them to customer destination as additional metadata.", + "type": "api-change" + }, + { + "category": "``configure``", + "description": "Added the new ``aws configure mfa-login`` command, which creates a profile with temporary credentials corresponding to an IAM user with an MFA code.", + "type": "enhancement" + }, + { + "category": "``ivs-realtime``", + "description": "IVS now offers customers the ability to control the positioning of participants in both grid and PiP layouts based on custom attribute values in participant tokens.", + "type": "api-change" + }, + { + "category": "``osis``", + "description": "Adds support for cross-account ingestion for push-based sources. This includes resource policies for sharing pipelines across accounts and features for managing pipeline endpoints which enable accessing pipelines across different VPCs, including VPCs in other accounts.", + "type": "api-change" + }, + { + "category": "macOS", + "description": "Added explicit architecture support in PKG installer for universal builds on Macs to prevent Rosetta requirement prompt.", + "type": "enhancement" + }, + { + "category": "``budgets``", + "description": "Add support for custom time periods in budget configuration", + "type": "api-change" + }, + { + "category": "``configure``", + "description": "Added support for temporary credentials with ``aws configure``. The CLI will prompt for an ``aws_session_token`` if the provided access key ID is temporary.", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.4.json 2.31.35-1/.changes/2.30.4.json --- 2.23.6-1/.changes/2.30.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``ec2``", + "description": "Add mac-m4.metal and mac-m4pro.metal instance types.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Add support for Amazon EC2 Capacity Blocks for ML", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "Network Firewall now prevents TLS handshakes with the target server until after the Server Name Indication (SNI) has been seen and verified. The monitoring dashboard now provides deeper insights into PrivateLink endpoint candidates and offers filters based on IP addresses and protocol.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.5.json 2.31.35-1/.changes/2.30.5.json --- 2.23.6-1/.changes/2.30.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``budgets``", + "description": "Added BillingViewHealthStatus Exception which is thrown when a Budget is created or updated with a Billing View that is not in the HEALTHY status", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Release includes an increase to the maximum policy build document size, an update to DeleteAutomatedReasoningPolicyBuildWorkflow to add ResourceInUseException, and corrections to UpdateAutomatedReasoningPolicyTestCaseRequest.", + "type": "api-change" + }, + { + "category": "``chime-sdk-messaging``", + "description": "Amazon Chime SDK Messaging GetMessagingSessionEndpoint API now returns dual-stack WebSocket endpoints supporting IPv4/IPv6.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Allowed AMIs adds support for four new parameters - marketplaceProductCodes, deprecationTimeCondition, creationDateCondition and imageNames", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.6.json 2.31.35-1/.changes/2.30.6.json --- 2.23.6-1/.changes/2.30.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``config``", + "description": "Add UNKNOWN state to RemediationExecutionState and add IN_PROGRESS/EXITED/UNKNOWN states to RemediationExecutionStepState.", + "type": "api-change" + }, + { + "category": "``license-manager-user-subscriptions``", + "description": "Added support for cross-account Active Directories.", + "type": "api-change" + }, + { + "category": "ec2-instance-connect", + "description": "Allow ec2-instance-connect ssh and open-tunnel commands to connect to update-complete, update-in-progress, and update-failed EC2 Instance Connect Endpoints. Fixes `#9715 `__", + "type": "enhancement" + }, + { + "category": "``kendra-ranking``", + "description": "Model whitespace change - no client difference", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Add tagging and VPC support to AgentCore Runtime, Code Interpreter, and Browser resources. Add support for configuring request headers in Runtime. Fix AgentCore Runtime shape names.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Add MinBitrate for QVBR mode under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames, SubGopLength fields under H265 output codec.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release adds a persistent connection field to UserPhoneConfig that maintains agent's softphone media connection for faster call connections.", + "type": "api-change" + }, + { + "category": "``sqs``", + "description": "Update invalid character handling documentation for SQS SendMessage API", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.30.7.json 2.31.35-1/.changes/2.30.7.json --- 2.23.6-1/.changes/2.30.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.30.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``imagebuilder``", + "description": "Version ARNs are no longer required for the EC2 Image Builder list-image-build-version, list-component-build-version, and list-workflow-build-version APIs. Calling these APIs without the ARN returns all build versions for the given resource type in the requesting account.", + "type": "api-change" + }, + { + "category": "``pinpoint-sms-voice``", + "description": "Update pinpoint-sms-voice client and endpoint tests to latest version.", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Adds support for RepairConfig overrides and configurations in EKS Managed Node Groups.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Starting in JAN 2026, AWS Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.0.json 2.31.35-1/.changes/2.31.0.json --- 2.23.6-1/.changes/2.31.0.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.0.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,67 @@ +[ + { + "category": "help", + "description": "Update message formatting when entering an invalid command to improve identification of an error (aws/aws-cli`#9737 `__)", + "type": "enhancement" + }, + { + "category": "``cleanrooms``", + "description": "Added support for running incremental ID mapping for rule-based workflows.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add Amazon EC2 R8gn instance types", + "type": "api-change" + }, + { + "category": "documentation", + "description": "Display required constraints to top level and nested parameters (aws/aws-cli`#9463 `__, aws/aws-cli`#9491 `__)", + "type": "enhancement" + }, + { + "category": "help", + "description": "Reduce output from help when entering an invalid command (aws/aws-cli`#9457 `__)", + "type": "enhancement" + }, + { + "category": "documentation", + "description": "Add documentation for API parameter constraints (aws/aws-cli`#9444 `__)", + "type": "enhancement" + }, + { + "category": "``s3``", + "description": "Add controls over progress status message frequency and multiline printing (aws/aws-cli`#9545 `__)", + "type": "enhancement" + }, + { + "category": "configuration", + "description": "Improve accessibility of table output for ``configure list`` command (aws/aws-cli`#9547 `__)", + "type": "enhancement" + }, + { + "category": "``sso-oidc``", + "description": "This release includes exception definition and documentation updates.", + "type": "api-change" + }, + { + "category": "``sso-admin``", + "description": "Add support for encryption at rest with Customer Managed KMS Key in AWS IAM Identity Center", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "Added Dualstack support to GetDeployablePatchSnapshotForInstance", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "Support incremental id mapping workflow for AWS Entity Resolution", + "type": "api-change" + }, + { + "category": "help", + "description": "Add ability to view help in a web browser or print the URL to the remote documentation website (aws/aws-cli`#9496 `__)", + "type": "feature" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.1.json 2.31.35-1/.changes/2.31.1.json --- 2.23.6-1/.changes/2.31.1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``appstream``", + "description": "G6f instance support for AppStream 2.0", + "type": "api-change" + }, + { + "category": "``neptune``", + "description": "Doc-only update to address customer use.", + "type": "api-change" + }, + { + "category": "``dax``", + "description": "This release adds support for IPv6-only, DUAL_STACK DAX instances", + "type": "api-change" + }, + { + "category": "``cloudwatch``", + "description": "Fix default dualstack FIPS endpoints in AWS GovCloud(US) regions", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "Documentation only updates for KMS.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.10.json 2.31.35-1/.changes/2.31.10.json --- 2.23.6-1/.changes/2.31.10.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.10.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``proton``", + "description": "Deprecating APIs in AWS Proton namespace.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.11.json 2.31.35-1/.changes/2.31.11.json --- 2.23.6-1/.changes/2.31.11.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.11.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``outposts``", + "description": "This release adds the new StartOutpostDecommission API, which starts the decommission process to return Outposts racks or servers.", + "type": "api-change" + }, + { + "category": "``service-quotas``", + "description": "introduces Service Quotas Automatic Management. Users can opt-in to monitoring and managing service quotas, receive notifications when quota usage reaches thresholds, configure notification channels, subscribe to EventBridge events for automation, and view notifications in the AWS Health dashboard.", + "type": "api-change" + }, + { + "category": "``license-manager-user-subscriptions``", + "description": "Released support for IPv6 and dual-stack active directories", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Adding support for authorizer type AWS_IAM to AgentCore Control Gateway.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.12.json 2.31.35-1/.changes/2.31.12.json --- 2.23.6-1/.changes/2.31.12.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.12.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``wafv2``", + "description": "This release adds the ability to throw WafLimitsExceededException when the maximum number of Application Load Balancer (ALB) associations per AWS WAF v2 WebACL is exceeded.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "This release adds support for ActionConnector and Flow, which are new resources associated with Amazon Quick Suite. Additional updates include expanded Data Source options, further branding customization, and new capabilities that can be restricted by Admins.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.13.json 2.31.35-1/.changes/2.31.13.json --- 2.23.6-1/.changes/2.31.13.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.13.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``bedrock-agentcore``", + "description": "Bedrock AgentCore release for Runtime, and Memory.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Added new viewer security policy, TLSv1.2_2025, for CloudFront.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Addition of AuditContext in GetTable/GetTables Request", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Updated the text in the Important section of the ModifyDBClusterParameterGroup page.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Bedrock AgentCore release for Gateway, and Memory including Self-Managed Strategies support for Memory.", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Add InvokedViaFunctionUrl context key to limit invocations to only FURL invokes.", + "type": "api-change" + }, + { + "category": "``odb``", + "description": "This release adds APIs that allow you to specify CIDR ranges in your ODB peering connection.", + "type": "api-change" + }, + { + "category": "openssl", + "description": "Update bundled OpenSSL version to 1.1.1zd for Linux installers", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.14.json 2.31.35-1/.changes/2.31.14.json --- 2.23.6-1/.changes/2.31.14.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.14.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``observabilityadmin``", + "description": "CloudWatch Observability Admin adds the ability to enable Resource tags for telemetry in a customer account. The release introduces new APIs to enable, disable and describe the status of Resource tags for telemetry feature. This new capability simplifies monitoring AWS resources using tags.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Updated http status code in control plane apis of agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore``", + "description": "Updated InvokeAgentRuntime API to accept account id optionally and added CompleteResourceTokenAuth API.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.15.json 2.31.35-1/.changes/2.31.15.json --- 2.23.6-1/.changes/2.31.15.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.15.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``connect``", + "description": "SDK release for TaskTemplateInfo in Contact for DescribeContact response.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone", + "type": "api-change" + }, + { + "category": "``transfer``", + "description": "SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range.", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "The AWS Backup job attribute extension enhancement helps customers better understand the plan that initiated each job, and the properties of the resource each job creates.", + "type": "api-change" + }, + { + "category": "``transcribe``", + "description": "Move UntagResource API body member to query parameter", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Support creating scoped and trustedIdentityPropagation enabled connections.", + "type": "api-change" + }, + { + "category": "setuptools", + "description": "Upgrade pinned setuptools to version 78.1.1", + "type": "enhancement" + }, + { + "category": "``appstream``", + "description": "This release introduces support for Microsoft license included applications streaming.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.16.json 2.31.35-1/.changes/2.31.16.json --- 2.23.6-1/.changes/2.31.16.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.16.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``timestream-influxdb``", + "description": "This release adds support for creating and managing InfluxDB 3 Core and Enterprise DbClusters.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage across On-Demand Instances, Spot Instances, and Capacity Reservations.", + "type": "api-change" + }, + { + "category": "``docdb``", + "description": "Add support for NetworkType field in CreateDbCluster, ModifyDbCluster, RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.", + "type": "api-change" + }, + { + "category": "``lightsail``", + "description": "Add support for manage Lightsail Bucket CORS configuration", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Added default pagination value for ListMalwareProtectionPlans API and updated UpdateFindingsFeedback API", + "type": "api-change" + }, + { + "category": "``elbv2``", + "description": "This release expands Listener Rule Conditions to support RegexValues and adds support for a new Transforms field in Listener Rules.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing customers to specify their preferred KMS key for encryption, improving control and compliance with AWS encryption mandates.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.17.json 2.31.35-1/.changes/2.31.17.json --- 2.23.6-1/.changes/2.31.17.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.17.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,247 @@ +[ + { + "category": "``route53-recovery-control-config``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``amplify``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``timestream-query``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``migrationhub-config``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``qldb-session``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``personalize-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``identitystore``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediapackagev2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lex-models``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``geo-routes``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ssm-guiconnect``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``memorydb``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``apigatewaymanagementapi``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``osis``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lexv2-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``billingconductor``", + "description": "New feature: service flat CLI and first AWS managed pricing plan (BasicPricingPlan)", + "type": "api-change" + }, + { + "category": "``kafka``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workspaces-web``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``machinelearning``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lookoutequipment``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``globalaccelerator``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``m2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pricing``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``freetier``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``grafana``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dataexchange``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dlm``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ivs-realtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``apptest``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``polly``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``apprunner``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``databrew``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``acm-pca``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``keyspaces``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``voice-id``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``medical-imaging``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bcm-data-exports``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplace-entitlement``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ivs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``personalize``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``networkflowmonitor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``customer-profiles``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``gamelift``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``autoscaling-plans``", + "description": "Updated FIPS endpoints for US GovCloud regions", + "type": "api-change" + }, + { + "category": "``qldb``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ssm-contacts``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.18.json 2.31.35-1/.changes/2.31.18.json --- 2.23.6-1/.changes/2.31.18.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.18.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,252 @@ +[ + { + "category": "``arc-zonal-shift``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``finspace-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``wellarchitected``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ds``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``tnb``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``license-manager-user-subscriptions``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kinesis-video-media``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bcm-recommended-actions``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplace-catalog``", + "description": "The ListEntities API now supports two new CAPI filters: DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.", + "type": "api-change" + }, + { + "category": "``license-manager``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lakeformation``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codestar-notifications``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediaconnect``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pi``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``networkmanager``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotthingsgraph``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``controlcatalog``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker-geospatial``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime-sdk-meetings``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iottwinmaker``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``appconfigdata``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kendra-ranking``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``es``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Updates documentation to clarify valid application binaries for an Amazon GameLift Streams application and provide descriptions of stream session error status reasons", + "type": "api-change" + }, + { + "category": "``rolesanywhere``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``route53-recovery-readiness``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``finspace``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``timestream-write``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``qapps``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``evidently``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``swf``", + "description": "Releasing minor endpoint updates.", + "type": "api-change" + }, + { + "category": "``migration-hub-refactor-spaces``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``organizations``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``imagebuilder``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``events``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dsql``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``signer``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``geo-maps``", + "description": "Added support for optional style parameters in maps, including Terrain, ContourDensity, Traffic, and TravelModes.", + "type": "api-change" + }, + { + "category": "``application-insights``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``amplifybackend``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``appintegrations``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iot-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotdeviceadvisor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudfront-keyvaluestore``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Documentation updates for Amazon EC2.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.19.json 2.31.35-1/.changes/2.31.19.json --- 2.23.6-1/.changes/2.31.19.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.19.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``dynamodb``", + "description": "Add AccountID based endpoint metric to endpoint rules.", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "This release adds the ability to set resolution for the black video generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous search of job history using new filters.", + "type": "api-change" + }, + { + "category": "``emr``", + "description": "Added RECONFIGURING to the InstanceFleetState convenience enum.", + "type": "api-change" + }, + { + "category": "``meteringmarketplace``", + "description": "Added ClientToken parameter to MeterUsage API for specifying idempotent requests.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.2.json 2.31.35-1/.changes/2.31.2.json --- 2.23.6-1/.changes/2.31.2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +[ + { + "category": "``lightsail``", + "description": "Attribute HTTP binding update for Get/Delete operations", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Update GetConnection(s) API to return KmsKeyArn & Add 63 missing connection types", + "type": "api-change" + }, + { + "category": "``network-firewall``", + "description": "Network Firewall now introduces Reject and Alert action support for stateful domain list rule groups, providing customers with more granular control over their network traffic.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.20.json 2.31.35-1/.changes/2.31.20.json --- 2.23.6-1/.changes/2.31.20.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.20.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,247 @@ +[ + { + "category": "``workmail``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotanalytics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connectparticipant``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "Add 3 API operations for fetching alerts: ListAlerts (Channels), ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts", + "type": "api-change" + }, + { + "category": "``lexv2-models``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ds-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``oam``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``directconnect``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``autoscaling``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "This release added support for email address alias configuration and outbound campaign preview mode.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker-a2i-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplace-agreement``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``notificationscontacts``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``forecastquery``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connectcampaignsv2``", + "description": "Updated Amazon Connect Outbound Campaigns V2 SDK to support Preview Outbound Mode", + "type": "api-change" + }, + { + "category": "``ssm-incidents``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``redshift-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chatbot``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudhsm``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codeguru-reviewer``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotsecuretunneling``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ivschat``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workdocs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``route53-recovery-cluster``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ec2-instance-connect``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mailmanager``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iot``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bcm-dashboards``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sns``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pinpoint-sms-voice-v2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``inspector2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rtbfabric``", + "description": "Update for general availability of AWS RTB Fabric service.", + "type": "api-change" + }, + { + "category": "``kinesisanalyticsv2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cognito-identity``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudhsmv2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mwaa``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotsitewise``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release adds AvailabilityZoneId support for CreateNetworkInterface and DescribeNetworkInterfaces APIs.", + "type": "api-change" + }, + { + "category": "``b2bi``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``devicefarm``", + "description": "This release adds support for optionally including an app as part of a CreateRemoteAccessSession request", + "type": "api-change" + }, + { + "category": "``appfabric``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotfleetwise``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``comprehendmedical``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Updated OIDC and SAML apis to reject multiple simultaneous requests to change a unique object.", + "type": "api-change" + }, + { + "category": "``route53``", + "description": "Amazon Route 53 now supports the ISOB West Region for private DNS for Amazon VPCs and cloudwatch healthchecks.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.21.json 2.31.35-1/.changes/2.31.21.json --- 2.23.6-1/.changes/2.31.21.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.21.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,252 @@ +[ + { + "category": "``rum``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore``", + "description": "Fixing the service documentation name", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codebuild``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pinpoint-email``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Add NodeJs 24 (nodejs24.x) support to AWS Lambda.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime-sdk-voice``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``networkmonitor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``macie2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``drs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mgh``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``internetmonitor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``securitylake``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mgn``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplacecommerceanalytics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ecr-public``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``savingsplans``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``managedblockchain-query``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pca-connector-scep``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``application-autoscaling``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kinesis-video-archived-media``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``resiliencehub``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``healthlake``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``personalize-events``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``docdb-elastic``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudtrail-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mpa``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``neptunedata``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kinesis-video-webrtc-storage``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``account``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``discovery``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``opensearchserverless``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker-edge``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codestar-connections``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iot-jobs-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Fixing the service documentation name", + "type": "api-change" + }, + { + "category": "``config``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``odb``", + "description": "Doc-only update that removes duplicate values from descriptions of ODB peering APIs.", + "type": "api-change" + }, + { + "category": "``iotevents``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ecr``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ebs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cur``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``storagegateway``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connect-contact-lens``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dsql``", + "description": "Add support for resource-based policies for Aurora DSQL clusters. This will enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora DSQL public or VPC endpoints.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.22.json 2.31.35-1/.changes/2.31.22.json --- 2.23.6-1/.changes/2.31.22.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.22.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,257 @@ +[ + { + "category": "``datapipeline``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``vpc-lattice``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime-sdk-messaging``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``docdb``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``budgets``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``acm``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``snow-device-management``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``elb``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``payment-cryptography``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``location``", + "description": "Added support for mobile app restrictions in Amazon Location API keys.", + "type": "api-change" + }, + { + "category": "``amplifyuibuilder``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kinesis-video-signaling``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``qbusiness``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``robomaker``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workspaces-thin-client``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``evs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sso-oidc``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``inspector``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediastore``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``route53domains``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``wisdom``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "Release 3 layer filter support in GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2, GetFindingStatisticsV2, AutomationRule V2 APIs.", + "type": "api-change" + }, + { + "category": "``mediapackage``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``fis``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rtbfabric``", + "description": "Add support for custom rate limits.", + "type": "api-change" + }, + { + "category": "``sagemaker-metrics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``supplychain``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotwireless``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release adds support for MLflow connections Creation in DataZone", + "type": "api-change" + }, + { + "category": "``kinesisanalytics``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``servicediscovery``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dynamodbstreams``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lookoutvision``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``application-signals``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Added inference components model data caching feature", + "type": "api-change" + }, + { + "category": "``mediastore-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mq``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``billing``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iot-managed-integrations``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``translate``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``panorama``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``migrationhubstrategy``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``geo-maps``", + "description": "Added support for optional AdditionalFeatures parameter in the V2 GetTile API.", + "type": "api-change" + }, + { + "category": "``cloudtrail``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codepipeline``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pca-connector-ad``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Add status reasons for TERMINATED stream sessions", + "type": "api-change" + }, + { + "category": "``payment-cryptography-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.23.json 2.31.35-1/.changes/2.31.23.json --- 2.23.6-1/.changes/2.31.23.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.23.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,252 @@ +[ + { + "category": "``accessanalyzer``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``stepfunctions``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lex-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime-sdk-media-pipelines``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``socialmessaging``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codeartifact``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``backup-gateway``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``aiops``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cost-optimization-hub``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connectcampaigns``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rbin``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``dax``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``s3vectors``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``comprehend``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``repostspace``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``waf-regional``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cognito-idp``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``controltower``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``braket``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``redshift-serverless``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``simspaceweaver``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rds-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``route53resolver``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``scheduler``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sso-admin``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``neptune-graph``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codeguruprofiler``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pinpoint``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``athena``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``outposts``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``secretsmanager``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Fixed missing SummaryMap keys in GetAccountSummary response that were being filtered out during deserialization in AWS Java SDK v2", + "type": "api-change" + }, + { + "category": "``managedblockchain``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``launch-wizard``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workmailmessageflow``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``greengrass``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``elasticbeanstalk``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ses``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``forecast``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime-sdk-identity``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``route53profiles``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kinesis``", + "description": "Adds support for record sizes up to 10MiB and introduces new UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.", + "type": "api-change" + }, + { + "category": "``mturk``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rekognition``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ssm-sap``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``invoicing``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "Updated endpoint for eusc-de-east-1 region.", + "type": "api-change" + }, + { + "category": "``entityresolution``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``shield``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.24.json 2.31.35-1/.changes/2.31.24.json --- 2.23.6-1/.changes/2.31.24.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.24.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,247 @@ +[ + { + "category": "``inspector-scan``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``pipes``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``migrationhuborchestrator``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sqs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``elastictranscoder``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bcm-pricing-calculator``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kendra``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplace-deployment``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workspaces``", + "description": "Added IPv6 address support for WorkSpaces using Dual-Stack subnets", + "type": "api-change" + }, + { + "category": "``efs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``apigatewayv2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``organizations``", + "description": "Added Account State field to the ListDelegatedAdministrators API response.", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudsearchdomain``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``support-app``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This released the DescribeCapacityReservationTopology API.", + "type": "api-change" + }, + { + "category": "``kinesisvideo``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Amazon ECS supports native linear and canary service deployments, allowing you to shift traffic in increments for more control.", + "type": "api-change" + }, + { + "category": "``trustedadvisor``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codeguru-security``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Amazon SageMaker now supports deleting training and processing jobs in a terminal status.", + "type": "api-change" + }, + { + "category": "``detective``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloud9``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``workspaces-instances``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codeconnections``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``glacier``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``application-signals``", + "description": "Added support for CloudWatch Synthetics Canary resources in ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically for CloudWatch Synthetics canaries and enables service-canary correlation analysis.", + "type": "api-change" + }, + { + "category": "``servicecatalog-appregistry``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ram``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``resource-groups``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``taxsettings``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``partnercentral-selling``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kafkaconnect``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``emr-containers``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``security-ir``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``notifications``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``gameliftstreams``", + "description": "Add stream group expiration date and expired status", + "type": "api-change" + }, + { + "category": "``backupsearch``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``groundstation``", + "description": "Enable use of AzEl ephemerides", + "type": "api-change" + }, + { + "category": "``cleanroomsml``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediapackage-vod``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "clients", + "description": "The following clients have been removed per deprecation of the services - qldb, qldbsession, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Added SerializedRequestEntityTooLargeException to Lambda Invoke API", + "type": "api-change" + }, + { + "category": "``xray``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker-featurestore-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.25.json 2.31.35-1/.changes/2.31.25.json --- 2.23.6-1/.changes/2.31.25.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.25.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +[ + { + "category": "``bedrock-runtime``", + "description": "Add support for system tool and web citation response.", + "type": "api-change" + }, + { + "category": "Python", + "description": "Upgrade bundled Python interpreter to 3.13.9", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.26.json 2.31.35-1/.changes/2.31.26.json --- 2.23.6-1/.changes/2.31.26.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.26.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,252 @@ +[ + { + "category": "``elasticache``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codecatalyst``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudwatch``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``auditmanager``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Amazon ECS Service Connect now supports Envoy access logs, providing deeper observability into request-level traffic patterns and service interactions.", + "type": "api-change" + }, + { + "category": "``deadline``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``appmesh``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``marketplace-reporting``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``apigateway``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudsearch``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "Added support for advanced Spark configurations to optimize SQL performance", + "type": "api-change" + }, + { + "category": "``docdb``", + "description": "Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus to GlobalClusterMember.", + "type": "api-change" + }, + { + "category": "``devops-guru``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iot-managed-integrations``", + "description": "Add a new GetManagedThingCertificate API to expose Iot ManagedIntegrations (MI) device certificate, and add \"-\" support for name, properties, actions and events in the CapabilityReportCapability object.", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add Anomaly Detection APIs for Amazon Managed Prometheus", + "type": "api-change" + }, + { + "category": "``neptune``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``eks-auth``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``frauddetector``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``s3outposts``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``firehose``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``greengrassv2``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``appflow``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sagemaker-runtime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``servicecatalog``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``serverlessrepo``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``sso``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "This release adds the capability to enable User Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue.", + "type": "api-change" + }, + { + "category": "``sts``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``chime``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "Add cross account VPC endpoint service connectivity support to CustomKeyStore.", + "type": "api-change" + }, + { + "category": "``clouddirectory``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``license-manager-linux-subscriptions``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cognito-sync``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codecommit``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``keyspacesstreams``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``iotevents-data``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``emr-serverless``", + "description": "This release adds the capability to enable User Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR Serverless Applications.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Web-Bot-Auth support for AgentCore Browser tool to help reduce captcha challenges.", + "type": "api-change" + }, + { + "category": "``appconfig``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``artifact``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``geo-places``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``schemas``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``bedrock-agent``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``applicationcostprofiler``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``cloudcontrol``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``codedeploy``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``compute-optimizer``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``appsync``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``rtbfabric``", + "description": "RTB Fabric documentation update.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.27.json 2.31.35-1/.changes/2.31.27.json --- 2.23.6-1/.changes/2.31.27.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.27.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,107 @@ +[ + { + "category": "``marketplace-catalog``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``savingsplans``", + "description": "Add dual-stack endpoint support for Savings Plans", + "type": "api-change" + }, + { + "category": "``ssm-quicksetup``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``redshift``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``textract``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``emr``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``snowball``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Amazon VPC IP Address Manager (IPAM) now supports automated prefix list management, allowing you to create rules that automatically populate customer-managed prefix lists with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.", + "type": "api-change" + }, + { + "category": "``resourcegroupstaggingapi``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``mediaconvert``", + "description": "Adds SlowPalPitchCorrection to audio pitch correction settings. Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to VideoSelector for allow listed accounts.", + "type": "api-change" + }, + { + "category": "``health``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``fsx``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``lambda``", + "description": "Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda", + "type": "api-change" + }, + { + "category": "``waf``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Added WDL_LENIENT engine type that enables implicit typecasting of variable values to its compatible declared types", + "type": "api-change" + }, + { + "category": "``kinesis``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``fms``", + "description": "Update endpoint ruleset parameters casing", + "type": "api-change" + }, + { + "category": "``payment-cryptography``", + "description": "Allow additional characters in the CertificateSubject for GetCertificateSigningRequest API.", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Allow update of platform identifier via UpdateNotebookInstance operation.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "Added two new case rule types: Parent Child Field Options (restricts child field options based on parent field value) and Hidden (controls child field visibility based on parent field value). Both enable dynamic field behavior within templates.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.28.json 2.31.35-1/.changes/2.31.28.json --- 2.23.6-1/.changes/2.31.28.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.28.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``budgets``", + "description": "Fix the AWS Budgets endpoint for the aws-eusc partition.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "Documentation-only update for LINEAR and CANARY deployment strategies.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add Amazon EC2 trn2.3xlarge instance type.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Adds support for direct code deploy with CreateAgentRuntime and UpdateAgentRuntime", + "type": "api-change" + }, + { + "category": "``kinesis``", + "description": "Adds support for MinimumThroughputBillingCommitment with new UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.29.json 2.31.35-1/.changes/2.31.29.json --- 2.23.6-1/.changes/2.31.29.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.29.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7 @@ +[ + { + "category": "``pinpoint-sms-voice-v2``", + "description": "This release adds support for the CarrierLookup API, which returns information about a destination phone number including if the number is valid, the carrier, and more.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.3.json 2.31.35-1/.changes/2.31.3.json --- 2.23.6-1/.changes/2.31.3.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.3.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``billing``", + "description": "Add ability to combine custom billing views to create new consolidated views.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Added support for configurable Speaker Labeling and Channel Labeling features for Audio modality.", + "type": "api-change" + }, + { + "category": "``bedrock-agent-runtime``", + "description": "This release enhances the information provided through Flow Traces. New information includes source/next node tracking, execution chains for complex nodes, dependency action (operation) details, and dependency traces.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "This release includes documentation updates for Amazon EBS General Purpose SSD (gp3) volumes with larger size and higher IOPS and throughput.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Adds supports for manual contact picking (WorkList) operations on Routing Profiles, Agent Management and SearchContacts APIs.", + "type": "api-change" + }, + { + "category": "``dynamodbstreams``", + "description": "Added support for IPv6 compatible endpoints for DynamoDB Streams.", + "type": "api-change" + }, + { + "category": "``ce``", + "description": "Support for payer account dimension and billing view health status.", + "type": "api-change" + }, + { + "category": "``redshift``", + "description": "Support tagging and tag propagation to IAM Identity Center for Redshift Idc Applications", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.30.json 2.31.35-1/.changes/2.31.30.json --- 2.23.6-1/.changes/2.31.30.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.30.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +[ + { + "category": "``ec2``", + "description": "This release adds AvailabilityZoneId support for DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.", + "type": "api-change" + }, + { + "category": "``fsx``", + "description": "Amazon FSx now enables secure management of Active Directory credentials through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct credentials when joining resources to Active Directory domains.", + "type": "api-change" + }, + { + "category": "``cloudfront``", + "description": "This release adds new and updated API operations. You can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can also enable cross-account resource sharing to share your VPC origins with other AWS accounts", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Launch IPv6 dual-stack support for S3 Express", + "type": "api-change" + }, + { + "category": "``groundstation``", + "description": "Introduce CreateDataflowEndpointGroupV2 action", + "type": "api-change" + }, + { + "category": "``sagemaker``", + "description": "Add new fields in SageMaker Hyperpod DescribeCluster API response: TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update progress visibility .", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Added support for Project Resource Tags", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.31.json 2.31.35-1/.changes/2.31.31.json --- 2.23.6-1/.changes/2.31.31.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.31.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,62 @@ +[ + { + "category": "``sagemaker``", + "description": "Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC.", + "type": "api-change" + }, + { + "category": "``accessanalyzer``", + "description": "New field totalActiveErrors added to getFindingsStatistics response.", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations.", + "type": "api-change" + }, + { + "category": "``ssm``", + "description": "Provides NoLongerSupportedException error message", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "Adds support for tagging APIs for S3 Tables", + "type": "api-change" + }, + { + "category": "``identitystore``", + "description": "IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Add Amazon EC2 R8a instance types", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Support for New Data Prep Experience", + "type": "api-change" + }, + { + "category": "``s3vectors``", + "description": "Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity.", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards.", + "type": "api-change" + }, + { + "category": "``gamelift``", + "description": "Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system.", + "type": "api-change" + }, + { + "category": "``awscrt``", + "description": "Update awscrt version to 0.28.4", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.32.json 2.31.35-1/.changes/2.31.32.json --- 2.23.6-1/.changes/2.31.32.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.32.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +[ + { + "category": "``ec2``", + "description": "Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service", + "type": "api-change" + }, + { + "category": "``kms``", + "description": "Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec", + "type": "api-change" + }, + { + "category": "``controltower``", + "description": "Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs", + "type": "api-change" + }, + { + "category": "``vpc-lattice``", + "description": "Amazon VPC Lattice now supports custom domain name for resource configurations", + "type": "api-change" + }, + { + "category": "``opensearch``", + "description": "This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.33.json 2.31.35-1/.changes/2.31.33.json --- 2.23.6-1/.changes/2.31.33.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.33.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,77 @@ +[ + { + "category": "``guardduty``", + "description": "Include tags filed in CreatePublishingDestinationRequest and DescribePublishingDestinationResponse.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Amazon EC2 Fleet customers can now filter instance types based on encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the manual effort of identifying and selecting compatible instance types for security-sensitive workloads.", + "type": "api-change" + }, + { + "category": "``acm-pca``", + "description": "Private Certificate Authority service now supports ML-DSA key algorithms.", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "Amazon Verified Permissions / Features : Adds support for entity Cedar tags.", + "type": "api-change" + }, + { + "category": "awscrt", + "description": "Exposes new CRT options for S3 file IO", + "type": "enhancement" + }, + { + "category": "``appstream``", + "description": "AWS Appstream support for IPv6", + "type": "api-change" + }, + { + "category": "``wafv2``", + "description": "AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data collection and analysis.", + "type": "api-change" + }, + { + "category": "``sts``", + "description": "Added GetDelegatedAccessToken API, which is not available for general use at this time.", + "type": "api-change" + }, + { + "category": "``iam``", + "description": "Added CreateDelegationRequest API, which is not available for general use at this time.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Remove trackingServerName from DataZone Connection MLflowProperties", + "type": "api-change" + }, + { + "category": "``dsql``", + "description": "Cluster endpoint added to CreateCluster and GetCluster API responses", + "type": "api-change" + }, + { + "category": "``invoicing``", + "description": "Added new invoicing get-invoice-pdf API Operation", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "AWS Backup supports backups of Amazon EKS clusters, including Kubernetes cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS volumes, EFS file systems, and S3 buckets).", + "type": "api-change" + }, + { + "category": "``kafka``", + "description": "Amazon MSK now supports intelligent rebalancing for MSK Express brokers.", + "type": "api-change" + }, + { + "category": "``braket``", + "description": "Adds ExperimentalCapabilities field to CreateQuantumTask request and GetQuantumTask response objects. Enables use of experimental software capabilities when creating quantum tasks.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.34.json 2.31.35-1/.changes/2.31.34.json --- 2.23.6-1/.changes/2.31.34.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.34.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``medical-imaging``", + "description": "Added new fields in existing APIs.", + "type": "api-change" + }, + { + "category": "``rtbfabric``", + "description": "Added LogSettings and LinkAttribute fields to external links", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth per tunnel, a 4x improvement from existing limit of 1.25 Gbps.", + "type": "api-change" + }, + { + "category": "``security-ir``", + "description": "Added support for configuring communication preferences as well as clearly displaying case comment author identities.", + "type": "api-change" + }, + { + "category": "``batch``", + "description": "Documentation-only update: update API and doc descriptions per EKS ImageType default value switch from AL2 to AL2023.", + "type": "api-change" + }, + { + "category": "``bedrock-data-automation``", + "description": "Added support for Language Expansion feature for BDA Audio modality.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.35.json 2.31.35-1/.changes/2.31.35.json --- 2.23.6-1/.changes/2.31.35.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.35.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``sagemaker``", + "description": "Add support for trn2.3xlarge instance type for SageMaker Hyperpod", + "type": "api-change" + }, + { + "category": "``connect``", + "description": "Updated Authentication Profile APIs to add support for automatic logout on user inactivity", + "type": "api-change" + }, + { + "category": "``amp``", + "description": "Add VPC source configuration support enabling Amazon Managed Service for Prometheus Collector to collect metrics from MSK clusters.", + "type": "api-change" + }, + { + "category": "``ec2``", + "description": "Adds complete AMI ancestry tracing from immediate parent through each preceding generation back to the root AMI", + "type": "api-change" + }, + { + "category": "``dms``", + "description": "Added support of SQL statements creation, metadata model discovery and selection rules transformation.", + "type": "api-change" + }, + { + "category": "``s3tables``", + "description": "Adds support for request metrics metrics APIs for S3 Tables", + "type": "api-change" + }, + { + "category": "``redshift``", + "description": "Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated applications. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages.", + "type": "api-change" + }, + { + "category": "``elbv2``", + "description": "This release expands ALB Authentication to support JWT verification and adds support for a new JWT validation action in listener rule.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.4.json 2.31.35-1/.changes/2.31.4.json --- 2.23.6-1/.changes/2.31.4.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.4.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``vpc-lattice``", + "description": "Adds support for specifying the number of IPv4 addresses in each ENI for the resource gateway for VPC Lattice.", + "type": "api-change" + }, + { + "category": "``bedrock``", + "description": "Release for fixing GetFoundationModel API behavior. Imported and custom models have their own exclusive API and GetFM should not accept those ARNS as input", + "type": "api-change" + }, + { + "category": "``bedrock-runtime``", + "description": "New stop reason for Converse and ConverseStream", + "type": "api-change" + }, + { + "category": "``imagebuilder``", + "description": "This release introduces several new features and improvements to enhance pipeline management, logging, and resource configuration.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.5.json 2.31.35-1/.changes/2.31.5.json --- 2.23.6-1/.changes/2.31.5.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.5.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,72 @@ +[ + { + "category": "``fsx``", + "description": "Add Dual-Stack support for Amazon FSx for NetApp ONTAP and Windows File Server", + "type": "api-change" + }, + { + "category": "``datasync``", + "description": "Added support for FIPS VPC endpoints in FIPS-enabled AWS Regions.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Tagging support for AgentCore Gateway", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "This release adds support for two new related item types: ConnectCase for linking Amazon Connect cases and Custom for user-defined related items with configurable fields.", + "type": "api-change" + }, + { + "category": "``rds``", + "description": "Enhanced RDS error handling: Added DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault, KMSKeyNotAccessibleFault for snapshots/restores/backups, NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and granular state validation faults. Changed DBInstanceNotReadyFault to HTTP 400.", + "type": "api-change" + }, + { + "category": "``transfer``", + "description": "Add support for updating server identity provider type", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "This release adds support for creation of EMR on EKS Connections in Amazon DataZone.", + "type": "api-change" + }, + { + "category": "``ds``", + "description": "AWS Directory service now supports IPv6-native and dual-stack configurations for AWS Managed Microsoft AD, AD Connector, and Simple AD (dual-stack only). Additionally, AWS Managed Microsoft AD Standard Edition directories can be upgraded to Enterprise Edition directories through a single API call.", + "type": "api-change" + }, + { + "category": "``ecs``", + "description": "This release adds support for Managed Instances on Amazon ECS.", + "type": "api-change" + }, + { + "category": "``customer-profiles``", + "description": "This release introduces ListProfileHistoryRecords and GetProfileHistoryRecord APIs for comprehensive profile history tracking with complete audit trails of creation, updates, merges, deletions, and data ingestion events.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "added warnings to a few CLI pages", + "type": "api-change" + }, + { + "category": "``chime-sdk-voice``", + "description": "Added support for IPv4-only and dual-stack network configurations for VoiceConnector and CreateVoiceConnector API.", + "type": "api-change" + }, + { + "category": "``application-signals``", + "description": "Amazon CloudWatch Application Signals is introducing the Application Map to give users a more comprehensive view of their service health. Users will now be able to group services, track their latest deployments, and view automated audit findings concerning service performance.", + "type": "api-change" + }, + { + "category": "``mediatailor``", + "description": "Adding TPS Traffic Shaping to Prefetch Schedules", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.6.json 2.31.35-1/.changes/2.31.6.json --- 2.23.6-1/.changes/2.31.6.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.6.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,42 @@ +[ + { + "category": "``dms``", + "description": "This is a doc-only update, revising text for kms-key-arns.", + "type": "api-change" + }, + { + "category": "``botocore``", + "description": "Fix HTTP 100 Continue parsing to accept optional reason phrase", + "type": "bugfix" + }, + { + "category": "``ecs``", + "description": "This is a documentation only Amazon ECS release that adds additional information for health checks.", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration.", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Fix CancelledError retry loops to enable immediate S3 upload cancellation", + "type": "bugfix" + }, + { + "category": "``chime-sdk-meetings``", + "description": "Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK", + "type": "api-change" + }, + { + "category": "``cleanroomsml``", + "description": "This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration.", + "type": "api-change" + }, + { + "category": "``pcs``", + "description": "Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.7.json 2.31.35-1/.changes/2.31.7.json --- 2.23.6-1/.changes/2.31.7.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.7.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +[ + { + "category": "``dynamodb``", + "description": "Add support for dual-stack account endpoint generation", + "type": "api-change" + }, + { + "category": "``cloudformation``", + "description": "Add new warning type 'EXCLUDED_RESOURCES'", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "Updated descriptions for the Location parameter in CreateTrustedEntitySet and CreateThreatEntitySet.", + "type": "api-change" + }, + { + "category": "``synthetics``", + "description": "Adds support to configure canaries with pre-configured blueprint code on supported runtime versions. This behavior can be controlled via the new BlueprintTypes property exposed in the CreateCanary and UpdateCanary APIs.", + "type": "api-change" + }, + { + "category": "``connectcases``", + "description": "New Search All Related Items API enables searching related items across cases", + "type": "api-change" + }, + { + "category": "``eks``", + "description": "Add ``proxy-url`` to ``aws eks update-kubeconfig``", + "type": "enhancement" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.8.json 2.31.35-1/.changes/2.31.8.json --- 2.23.6-1/.changes/2.31.8.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.8.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +[ + { + "category": "``qconnect``", + "description": "Updated Amazon Q in Connect APIs to support Email Contact Recommendations.", + "type": "api-change" + }, + { + "category": "``payment-cryptography-data``", + "description": "Added a new API - translateKeyMaterial; allows keys wrapped by ECDH derived keys to be rewrapped under a static AES keyblock without first importing the key into the service.", + "type": "api-change" + }, + { + "category": "``medialive``", + "description": "AWS Elemental MediaLive enables Mediapackage V2 users to configure ID3, KLV, Nielsen ID3, and Segment Length related parameters through the Mediapackage output group.", + "type": "api-change" + }, + { + "category": "``cleanrooms``", + "description": "Added support for reading data sources across regions, and results delivery to allowedlisted regions.", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.changes/2.31.9.json 2.31.35-1/.changes/2.31.9.json --- 2.23.6-1/.changes/2.31.9.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/.changes/2.31.9.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +[ + { + "category": "``rds``", + "description": "Documentation updates to the CreateDBClusterMessage$PubliclyAccessible and CreateDBInstanceMessage$PubliclyAccessible properties.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore-control``", + "description": "Add support for VM lifecycle configuration parameters and A2A protocol", + "type": "api-change" + }, + { + "category": "``mediaconnect``", + "description": "Enabling Tag-on-Create for AWS Elemental MediaConnect flow-based resource types", + "type": "api-change" + }, + { + "category": "``backup``", + "description": "Adds optional MaxScheduledRunsPreview input to GetBackupPlan API to provide a preview of up to 10 next scheduled backup plan runs in the GetBackupPlan response.", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Documentation improvements for QuickSight API documentation to clarify that delete operation APIs are global.", + "type": "api-change" + }, + { + "category": "``glue``", + "description": "Adds labeling for DataQualityRuleResult for GetDataQualityResult and PublishDataQualityResult APIs", + "type": "api-change" + }, + { + "category": "``resource-explorer-2``", + "description": "Add new AWS Resource Explorer APIs", + "type": "api-change" + }, + { + "category": "``memorydb``", + "description": "Support for DescribeMultiRegionParameterGroups and DescribeMultiRegionParameters API.", + "type": "api-change" + }, + { + "category": "``bedrock-agentcore``", + "description": "Add support for batch memory management, agent card retrieval and session termination", + "type": "api-change" + } +] \ No newline at end of file diff -pruN 2.23.6-1/.github/dependabot.yml 2.31.35-1/.github/dependabot.yml --- 2.23.6-1/.github/dependabot.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/dependabot.yml 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,6 @@ updates: - dependency-name: "flit_core" - dependency-name: "colorama" - dependency-name: "docutils" - - dependency-name: "cryptography" - dependency-name: "awscrt" - dependency-name: "ruamel.yaml" - dependency-name: "ruamel.yaml.clib" diff -pruN 2.23.6-1/.github/workflows/changelog.yml 2.31.35-1/.github/workflows/changelog.yml --- 2.23.6-1/.github/workflows/changelog.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/changelog.yml 2025-11-12 19:17:29.000000000 +0000 @@ -53,7 +53,7 @@ jobs: - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: - python-version: "3.12" + python-version: "3.13" - name: Create changelog run: | python scripts/new-change -t '${{ github.event.inputs.type }}' -c '${{ github.event.inputs.category }}' -d '${{ github.event.inputs.description }}' diff -pruN 2.23.6-1/.github/workflows/handle-stale-discussions.yml 2.31.35-1/.github/workflows/handle-stale-discussions.yml --- 2.23.6-1/.github/workflows/handle-stale-discussions.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/handle-stale-discussions.yml 2025-11-12 19:17:29.000000000 +0000 @@ -7,6 +7,7 @@ on: jobs: handle-stale-discussions: + if: ${{ github.event.repository.fork == false || github.event_name != 'schedule' }} name: Handle stale discussions runs-on: ubuntu-latest permissions: diff -pruN 2.23.6-1/.github/workflows/run-dep-tests.yml 2.31.35-1/.github/workflows/run-dep-tests.yml --- 2.23.6-1/.github/workflows/run-dep-tests.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/run-dep-tests.yml 2025-11-12 19:17:29.000000000 +0000 @@ -12,9 +12,8 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] - # macOS pinned to 13 due to 14+ defaulting to arm64 hardware - os: [ubuntu-latest, macOS-13, windows-latest] + python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] + os: [ubuntu-latest, macOS-latest, windows-latest] steps: - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 diff -pruN 2.23.6-1/.github/workflows/run-tests.yml 2.31.35-1/.github/workflows/run-tests.yml --- 2.23.6-1/.github/workflows/run-tests.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/run-tests.yml 2025-11-12 19:17:29.000000000 +0000 @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] + python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] os: [ubuntu-latest, macOS-latest, windows-latest] steps: diff -pruN 2.23.6-1/.github/workflows/source-dist-tests.yml 2.31.35-1/.github/workflows/source-dist-tests.yml --- 2.23.6-1/.github/workflows/source-dist-tests.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/source-dist-tests.yml 2025-11-12 19:17:29.000000000 +0000 @@ -13,14 +13,12 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] - # macOS pinned to 13 due to 14+ defaulting to arm64 hardware - os: [ubuntu-latest, macOS-13, windows-latest] - + python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] + os: [ubuntu-latest, macOS-latest, windows-latest] steps: - uses: actions/checkout@v2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff -pruN 2.23.6-1/.github/workflows/stale_issue.yml 2.31.35-1/.github/workflows/stale_issue.yml --- 2.23.6-1/.github/workflows/stale_issue.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/stale_issue.yml 2025-11-12 19:17:29.000000000 +0000 @@ -7,6 +7,7 @@ on: jobs: cleanup: + if: github.event.repository.fork == false permissions: issues: write contents: read diff -pruN 2.23.6-1/.github/workflows/update-lockfiles.yml 2.31.35-1/.github/workflows/update-lockfiles.yml --- 2.23.6-1/.github/workflows/update-lockfiles.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.github/workflows/update-lockfiles.yml 2025-11-12 19:17:29.000000000 +0000 @@ -27,7 +27,7 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.12"] + python-version: ["3.13"] os: [macOS-latest, windows-latest] steps: diff -pruN 2.23.6-1/.gitignore 2.31.35-1/.gitignore --- 2.23.6-1/.gitignore 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.gitignore 2025-11-12 19:17:29.000000000 +0000 @@ -77,4 +77,4 @@ autom4te.cache /depcomp /install-sh /missing -/stamp-h1 \ No newline at end of file +/stamp-h1 diff -pruN 2.23.6-1/.pre-commit-config.yaml 2.31.35-1/.pre-commit-config.yaml --- 2.23.6-1/.pre-commit-config.yaml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/.pre-commit-config.yaml 2025-11-12 19:17:29.000000000 +0000 @@ -2,17 +2,22 @@ exclude: "\ ^(\ .changes|\ .github|\ + CHANGELOG.rst|\ + configure|\ awscli/examples|\ awscli/topics|\ - awscli/botocore|\ - awscli/s3transfer|\ - awscli/doc|\ + awscli/botocore/data|\ + awscli/botocore/vendored|\ + awscli/botocore/compat.py|\ + awscli/s3transfer/compat.py|\ + doc/source/guzzle_sphinx_theme|\ exe/assets|\ + tests/functional/botocore/endpoint-rules|\ tests/functional/cloudformation/deploy_templates/booleans/input.yml|\ tests/functional/cloudformation/deploy_templates/nested-tag/input.yml|\ - tests/|\ - CHANGELOG.rst|\ - configure\ + tests/unit/botocore/auth/aws4_testsuite|\ + tests/unit/botocore/data/endpoints/|\ + tests/unit/botocore/response_parsing/xml\ )" repos: - repo: 'https://github.com/pre-commit/pre-commit-hooks' diff -pruN 2.23.6-1/CHANGELOG.rst 2.31.35-1/CHANGELOG.rst --- 2.23.6-1/CHANGELOG.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/CHANGELOG.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,2734 @@ CHANGELOG ========= +2.31.35 +======= + +* api-change:``sagemaker``: Add support for trn2.3xlarge instance type for SageMaker Hyperpod +* api-change:``connect``: Updated Authentication Profile APIs to add support for automatic logout on user inactivity +* api-change:``amp``: Add VPC source configuration support enabling Amazon Managed Service for Prometheus Collector to collect metrics from MSK clusters. +* api-change:``ec2``: Adds complete AMI ancestry tracing from immediate parent through each preceding generation back to the root AMI +* api-change:``dms``: Added support of SQL statements creation, metadata model discovery and selection rules transformation. +* api-change:``s3tables``: Adds support for request metrics metrics APIs for S3 Tables +* api-change:``redshift``: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated applications. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. +* api-change:``elbv2``: This release expands ALB Authentication to support JWT verification and adds support for a new JWT validation action in listener rule. + + +2.31.34 +======= + +* api-change:``medical-imaging``: Added new fields in existing APIs. +* api-change:``rtbfabric``: Added LogSettings and LinkAttribute fields to external links +* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth per tunnel, a 4x improvement from existing limit of 1.25 Gbps. +* api-change:``security-ir``: Added support for configuring communication preferences as well as clearly displaying case comment author identities. +* api-change:``batch``: Documentation-only update: update API and doc descriptions per EKS ImageType default value switch from AL2 to AL2023. +* api-change:``bedrock-data-automation``: Added support for Language Expansion feature for BDA Audio modality. + + +2.31.33 +======= + +* api-change:``guardduty``: Include tags filed in CreatePublishingDestinationRequest and DescribePublishingDestinationResponse. +* api-change:``ec2``: Amazon EC2 Fleet customers can now filter instance types based on encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the manual effort of identifying and selecting compatible instance types for security-sensitive workloads. +* api-change:``acm-pca``: Private Certificate Authority service now supports ML-DSA key algorithms. +* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for entity Cedar tags. +* enhancement:awscrt: Exposes new CRT options for S3 file IO +* api-change:``appstream``: AWS Appstream support for IPv6 +* api-change:``wafv2``: AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data collection and analysis. +* api-change:``sts``: Added GetDelegatedAccessToken API, which is not available for general use at this time. +* api-change:``iam``: Added CreateDelegationRequest API, which is not available for general use at this time. +* api-change:``datazone``: Remove trackingServerName from DataZone Connection MLflowProperties +* api-change:``dsql``: Cluster endpoint added to CreateCluster and GetCluster API responses +* api-change:``invoicing``: Added new invoicing get-invoice-pdf API Operation +* api-change:``backup``: AWS Backup supports backups of Amazon EKS clusters, including Kubernetes cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS volumes, EFS file systems, and S3 buckets). +* api-change:``kafka``: Amazon MSK now supports intelligent rebalancing for MSK Express brokers. +* api-change:``braket``: Adds ExperimentalCapabilities field to CreateQuantumTask request and GetQuantumTask response objects. Enables use of experimental software capabilities when creating quantum tasks. + + +2.31.32 +======= + +* api-change:``ec2``: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private DNS resolution for resource and service network VPC endpoints and IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service +* api-change:``kms``: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec +* api-change:``controltower``: Added Parent Identifier support to ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs +* api-change:``vpc-lattice``: Amazon VPC Lattice now supports custom domain name for resource configurations +* api-change:``opensearch``: This release introduces the Default Application feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a streamlined and consistent user experience. + + +2.31.31 +======= + +* api-change:``sagemaker``: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. +* api-change:``accessanalyzer``: New field totalActiveErrors added to getFindingsStatistics response. +* api-change:``connect``: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. +* api-change:``ssm``: Provides NoLongerSupportedException error message +* api-change:``s3tables``: Adds support for tagging APIs for S3 Tables +* api-change:``identitystore``: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. +* api-change:``ec2``: Add Amazon EC2 R8a instance types +* api-change:``quicksight``: Support for New Data Prep Experience +* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. +* api-change:``backup``: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. +* api-change:``gamelift``: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. +* enhancement:``awscrt``: Update awscrt version to 0.28.4 + + +2.31.30 +======= + +* api-change:``ec2``: This release adds AvailabilityZoneId support for DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs. +* api-change:``fsx``: Amazon FSx now enables secure management of Active Directory credentials through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct credentials when joining resources to Active Directory domains. +* api-change:``cloudfront``: This release adds new and updated API operations. You can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can also enable cross-account resource sharing to share your VPC origins with other AWS accounts +* api-change:``s3``: Launch IPv6 dual-stack support for S3 Express +* api-change:``groundstation``: Introduce CreateDataflowEndpointGroupV2 action +* api-change:``sagemaker``: Add new fields in SageMaker Hyperpod DescribeCluster API response: TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update progress visibility . +* api-change:``datazone``: Added support for Project Resource Tags + + +2.31.29 +======= + +* api-change:``pinpoint-sms-voice-v2``: This release adds support for the CarrierLookup API, which returns information about a destination phone number including if the number is valid, the carrier, and more. + + +2.31.28 +======= + +* api-change:``budgets``: Fix the AWS Budgets endpoint for the aws-eusc partition. +* api-change:``ecs``: Documentation-only update for LINEAR and CANARY deployment strategies. +* api-change:``ec2``: Add Amazon EC2 trn2.3xlarge instance type. +* api-change:``bedrock-agentcore-control``: Adds support for direct code deploy with CreateAgentRuntime and UpdateAgentRuntime +* api-change:``kinesis``: Adds support for MinimumThroughputBillingCommitment with new UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API. + + +2.31.27 +======= + +* api-change:``marketplace-catalog``: Update endpoint ruleset parameters casing +* api-change:``savingsplans``: Add dual-stack endpoint support for Savings Plans +* api-change:``ssm-quicksetup``: Update endpoint ruleset parameters casing +* api-change:``redshift``: Update endpoint ruleset parameters casing +* api-change:``textract``: Update endpoint ruleset parameters casing +* api-change:``emr``: Update endpoint ruleset parameters casing +* api-change:``snowball``: Update endpoint ruleset parameters casing +* api-change:``logs``: Update endpoint ruleset parameters casing +* api-change:``ec2``: Amazon VPC IP Address Manager (IPAM) now supports automated prefix list management, allowing you to create rules that automatically populate customer-managed prefix lists with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria. +* api-change:``resourcegroupstaggingapi``: Update endpoint ruleset parameters casing +* api-change:``mediaconvert``: Adds SlowPalPitchCorrection to audio pitch correction settings. Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to VideoSelector for allow listed accounts. +* api-change:``health``: Update endpoint ruleset parameters casing +* api-change:``fsx``: Update endpoint ruleset parameters casing +* api-change:``lambda``: Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda +* api-change:``waf``: Update endpoint ruleset parameters casing +* api-change:``omics``: Added WDL_LENIENT engine type that enables implicit typecasting of variable values to its compatible declared types +* api-change:``kinesis``: Update endpoint ruleset parameters casing +* api-change:``fms``: Update endpoint ruleset parameters casing +* api-change:``payment-cryptography``: Allow additional characters in the CertificateSubject for GetCertificateSigningRequest API. +* api-change:``sagemaker``: Allow update of platform identifier via UpdateNotebookInstance operation. +* api-change:``connectcases``: Added two new case rule types: Parent Child Field Options (restricts child field options based on parent field value) and Hidden (controls child field visibility based on parent field value). Both enable dynamic field behavior within templates. + + +2.31.26 +======= + +* api-change:``elasticache``: Update endpoint ruleset parameters casing +* api-change:``codecatalyst``: Update endpoint ruleset parameters casing +* api-change:``cloudwatch``: Update endpoint ruleset parameters casing +* api-change:``auditmanager``: Update endpoint ruleset parameters casing +* api-change:``ecs``: Amazon ECS Service Connect now supports Envoy access logs, providing deeper observability into request-level traffic patterns and service interactions. +* api-change:``deadline``: Update endpoint ruleset parameters casing +* api-change:``appmesh``: Update endpoint ruleset parameters casing +* api-change:``marketplace-reporting``: Update endpoint ruleset parameters casing +* api-change:``apigateway``: Update endpoint ruleset parameters casing +* api-change:``cloudsearch``: Update endpoint ruleset parameters casing +* api-change:``cleanrooms``: Added support for advanced Spark configurations to optimize SQL performance +* api-change:``docdb``: Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus to GlobalClusterMember. +* api-change:``devops-guru``: Update endpoint ruleset parameters casing +* api-change:``iot-managed-integrations``: Add a new GetManagedThingCertificate API to expose Iot ManagedIntegrations (MI) device certificate, and add "-" support for name, properties, actions and events in the CapabilityReportCapability object. +* api-change:``amp``: Add Anomaly Detection APIs for Amazon Managed Prometheus +* api-change:``neptune``: Update endpoint ruleset parameters casing +* api-change:``eks-auth``: Update endpoint ruleset parameters casing +* api-change:``frauddetector``: Update endpoint ruleset parameters casing +* api-change:``s3outposts``: Update endpoint ruleset parameters casing +* api-change:``connectcases``: Update endpoint ruleset parameters casing +* api-change:``firehose``: Update endpoint ruleset parameters casing +* api-change:``greengrassv2``: Update endpoint ruleset parameters casing +* api-change:``appflow``: Update endpoint ruleset parameters casing +* api-change:``sagemaker-runtime``: Update endpoint ruleset parameters casing +* api-change:``servicecatalog``: Update endpoint ruleset parameters casing +* api-change:``serverlessrepo``: Update endpoint ruleset parameters casing +* api-change:``sso``: Update endpoint ruleset parameters casing +* api-change:``glue``: This release adds the capability to enable User Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue. +* api-change:``sts``: Update endpoint ruleset parameters casing +* api-change:``chime``: Update endpoint ruleset parameters casing +* api-change:``kms``: Add cross account VPC endpoint service connectivity support to CustomKeyStore. +* api-change:``clouddirectory``: Update endpoint ruleset parameters casing +* api-change:``license-manager-linux-subscriptions``: Update endpoint ruleset parameters casing +* api-change:``cognito-sync``: Update endpoint ruleset parameters casing +* api-change:``codecommit``: Update endpoint ruleset parameters casing +* api-change:``keyspacesstreams``: Update endpoint ruleset parameters casing +* api-change:``iotevents-data``: Update endpoint ruleset parameters casing +* api-change:``emr-serverless``: This release adds the capability to enable User Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR Serverless Applications. +* api-change:``bedrock-agentcore-control``: Web-Bot-Auth support for AgentCore Browser tool to help reduce captcha challenges. +* api-change:``appconfig``: Update endpoint ruleset parameters casing +* api-change:``artifact``: Update endpoint ruleset parameters casing +* api-change:``geo-places``: Update endpoint ruleset parameters casing +* api-change:``schemas``: Update endpoint ruleset parameters casing +* api-change:``bedrock-agent``: Update endpoint ruleset parameters casing +* api-change:``applicationcostprofiler``: Update endpoint ruleset parameters casing +* api-change:``cloudcontrol``: Update endpoint ruleset parameters casing +* api-change:``codedeploy``: Update endpoint ruleset parameters casing +* api-change:``compute-optimizer``: Update endpoint ruleset parameters casing +* api-change:``appsync``: Update endpoint ruleset parameters casing +* api-change:``rtbfabric``: RTB Fabric documentation update. + + +2.31.25 +======= + +* api-change:``bedrock-runtime``: Add support for system tool and web citation response. +* enhancement:Python: Upgrade bundled Python interpreter to 3.13.9 + + +2.31.24 +======= + +* api-change:``inspector-scan``: Update endpoint ruleset parameters casing +* api-change:``pipes``: Update endpoint ruleset parameters casing +* api-change:``migrationhuborchestrator``: Update endpoint ruleset parameters casing +* api-change:``sqs``: Update endpoint ruleset parameters casing +* api-change:``elastictranscoder``: Update endpoint ruleset parameters casing +* api-change:``bcm-pricing-calculator``: Update endpoint ruleset parameters casing +* api-change:``kendra``: Update endpoint ruleset parameters casing +* api-change:``bedrock-runtime``: Update endpoint ruleset parameters casing +* api-change:``marketplace-deployment``: Update endpoint ruleset parameters casing +* api-change:``workspaces``: Added IPv6 address support for WorkSpaces using Dual-Stack subnets +* api-change:``efs``: Update endpoint ruleset parameters casing +* api-change:``apigatewayv2``: Update endpoint ruleset parameters casing +* api-change:``organizations``: Added Account State field to the ListDelegatedAdministrators API response. +* api-change:``opensearch``: Update endpoint ruleset parameters casing +* api-change:``cloudsearchdomain``: Update endpoint ruleset parameters casing +* api-change:``support-app``: Update endpoint ruleset parameters casing +* api-change:``s3``: Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications. +* api-change:``ec2``: This released the DescribeCapacityReservationTopology API. +* api-change:``kinesisvideo``: Update endpoint ruleset parameters casing +* api-change:``ecs``: Amazon ECS supports native linear and canary service deployments, allowing you to shift traffic in increments for more control. +* api-change:``trustedadvisor``: Update endpoint ruleset parameters casing +* api-change:``codeguru-security``: Update endpoint ruleset parameters casing +* api-change:``sagemaker``: Amazon SageMaker now supports deleting training and processing jobs in a terminal status. +* api-change:``detective``: Update endpoint ruleset parameters casing +* api-change:``s3control``: Update endpoint ruleset parameters casing +* api-change:``cloud9``: Update endpoint ruleset parameters casing +* api-change:``workspaces-instances``: Update endpoint ruleset parameters casing +* api-change:``codeconnections``: Update endpoint ruleset parameters casing +* api-change:``glacier``: Update endpoint ruleset parameters casing +* api-change:``application-signals``: Added support for CloudWatch Synthetics Canary resources in ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically for CloudWatch Synthetics canaries and enables service-canary correlation analysis. +* api-change:``servicecatalog-appregistry``: Update endpoint ruleset parameters casing +* api-change:``ram``: Update endpoint ruleset parameters casing +* api-change:``resource-groups``: Update endpoint ruleset parameters casing +* api-change:``taxsettings``: Update endpoint ruleset parameters casing +* api-change:``partnercentral-selling``: Update endpoint ruleset parameters casing +* api-change:``kafkaconnect``: Update endpoint ruleset parameters casing +* api-change:``bedrock-agent-runtime``: Update endpoint ruleset parameters casing +* api-change:``emr-containers``: Update endpoint ruleset parameters casing +* api-change:``security-ir``: Update endpoint ruleset parameters casing +* api-change:``notifications``: Update endpoint ruleset parameters casing +* api-change:``gameliftstreams``: Add stream group expiration date and expired status +* api-change:``backupsearch``: Update endpoint ruleset parameters casing +* api-change:``groundstation``: Enable use of AzEl ephemerides +* api-change:``cleanroomsml``: Update endpoint ruleset parameters casing +* api-change:``mediapackage-vod``: Update endpoint ruleset parameters casing +* api-change:clients: The following clients have been removed per deprecation of the services - qldb, qldbsession, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest +* api-change:``lambda``: Added SerializedRequestEntityTooLargeException to Lambda Invoke API +* api-change:``xray``: Update endpoint ruleset parameters casing +* api-change:``sagemaker-featurestore-runtime``: Update endpoint ruleset parameters casing + + +2.31.23 +======= + +* api-change:``accessanalyzer``: Update endpoint ruleset parameters casing +* api-change:``stepfunctions``: Update endpoint ruleset parameters casing +* api-change:``lex-runtime``: Update endpoint ruleset parameters casing +* api-change:``chime-sdk-media-pipelines``: Update endpoint ruleset parameters casing +* api-change:``socialmessaging``: Update endpoint ruleset parameters casing +* api-change:``codeartifact``: Update endpoint ruleset parameters casing +* api-change:``backup-gateway``: Update endpoint ruleset parameters casing +* api-change:``aiops``: Update endpoint ruleset parameters casing +* api-change:``cost-optimization-hub``: Update endpoint ruleset parameters casing +* api-change:``connectcampaigns``: Update endpoint ruleset parameters casing +* api-change:``rbin``: Update endpoint ruleset parameters casing +* api-change:``dax``: Update endpoint ruleset parameters casing +* api-change:``s3vectors``: Update endpoint ruleset parameters casing +* api-change:``comprehend``: Update endpoint ruleset parameters casing +* api-change:``repostspace``: Update endpoint ruleset parameters casing +* api-change:``waf-regional``: Update endpoint ruleset parameters casing +* api-change:``cognito-idp``: Update endpoint ruleset parameters casing +* api-change:``controltower``: Update endpoint ruleset parameters casing +* api-change:``braket``: Update endpoint ruleset parameters casing +* api-change:``redshift-serverless``: Update endpoint ruleset parameters casing +* api-change:``simspaceweaver``: Update endpoint ruleset parameters casing +* api-change:``rds-data``: Update endpoint ruleset parameters casing +* api-change:``route53resolver``: Update endpoint ruleset parameters casing +* api-change:``scheduler``: Update endpoint ruleset parameters casing +* api-change:``sso-admin``: Update endpoint ruleset parameters casing +* api-change:``neptune-graph``: Update endpoint ruleset parameters casing +* api-change:``codeguruprofiler``: Update endpoint ruleset parameters casing +* api-change:``pinpoint``: Update endpoint ruleset parameters casing +* api-change:``bedrock-data-automation``: Update endpoint ruleset parameters casing +* api-change:``athena``: Update endpoint ruleset parameters casing +* api-change:``outposts``: Update endpoint ruleset parameters casing +* api-change:``secretsmanager``: Update endpoint ruleset parameters casing +* api-change:``iam``: Fixed missing SummaryMap keys in GetAccountSummary response that were being filtered out during deserialization in AWS Java SDK v2 +* api-change:``managedblockchain``: Update endpoint ruleset parameters casing +* api-change:``launch-wizard``: Update endpoint ruleset parameters casing +* api-change:``workmailmessageflow``: Update endpoint ruleset parameters casing +* api-change:``greengrass``: Update endpoint ruleset parameters casing +* api-change:``elasticbeanstalk``: Update endpoint ruleset parameters casing +* api-change:``ses``: Update endpoint ruleset parameters casing +* api-change:``forecast``: Update endpoint ruleset parameters casing +* api-change:``chime-sdk-identity``: Update endpoint ruleset parameters casing +* api-change:``route53profiles``: Update endpoint ruleset parameters casing +* api-change:``kinesis``: Adds support for record sizes up to 10MiB and introduces new UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively. +* api-change:``mturk``: Update endpoint ruleset parameters casing +* api-change:``rekognition``: Update endpoint ruleset parameters casing +* api-change:``ssm-sap``: Update endpoint ruleset parameters casing +* api-change:``invoicing``: Update endpoint ruleset parameters casing +* api-change:``ce``: Updated endpoint for eusc-de-east-1 region. +* api-change:``entityresolution``: Update endpoint ruleset parameters casing +* api-change:``shield``: Update endpoint ruleset parameters casing + + +2.31.22 +======= + +* api-change:``datapipeline``: Update endpoint ruleset parameters casing +* api-change:``vpc-lattice``: Update endpoint ruleset parameters casing +* api-change:``chime-sdk-messaging``: Update endpoint ruleset parameters casing +* api-change:``docdb``: Update endpoint ruleset parameters casing +* api-change:``budgets``: Update endpoint ruleset parameters casing +* api-change:``acm``: Update endpoint ruleset parameters casing +* api-change:``snow-device-management``: Update endpoint ruleset parameters casing +* api-change:``elb``: Update endpoint ruleset parameters casing +* api-change:``payment-cryptography``: Update endpoint ruleset parameters casing +* api-change:``location``: Added support for mobile app restrictions in Amazon Location API keys. +* api-change:``amplifyuibuilder``: Update endpoint ruleset parameters casing +* api-change:``kinesis-video-signaling``: Update endpoint ruleset parameters casing +* api-change:``qbusiness``: Update endpoint ruleset parameters casing +* api-change:``robomaker``: Update endpoint ruleset parameters casing +* api-change:``workspaces-thin-client``: Update endpoint ruleset parameters casing +* api-change:``evs``: Update endpoint ruleset parameters casing +* api-change:``eks``: Update endpoint ruleset parameters casing +* api-change:``sso-oidc``: Update endpoint ruleset parameters casing +* api-change:``inspector``: Update endpoint ruleset parameters casing +* api-change:``mediastore``: Update endpoint ruleset parameters casing +* api-change:``route53domains``: Update endpoint ruleset parameters casing +* api-change:``wisdom``: Update endpoint ruleset parameters casing +* api-change:``verifiedpermissions``: Update endpoint ruleset parameters casing +* api-change:``securityhub``: Release 3 layer filter support in GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2, GetFindingStatisticsV2, AutomationRule V2 APIs. +* api-change:``mediapackage``: Update endpoint ruleset parameters casing +* api-change:``fis``: Update endpoint ruleset parameters casing +* api-change:``rtbfabric``: Add support for custom rate limits. +* api-change:``sagemaker-metrics``: Update endpoint ruleset parameters casing +* api-change:``supplychain``: Update endpoint ruleset parameters casing +* api-change:``iotwireless``: Update endpoint ruleset parameters casing +* api-change:``datazone``: This release adds support for MLflow connections Creation in DataZone +* api-change:``kinesisanalytics``: Update endpoint ruleset parameters casing +* api-change:``servicediscovery``: Update endpoint ruleset parameters casing +* api-change:``dynamodbstreams``: Update endpoint ruleset parameters casing +* api-change:``lookoutvision``: Update endpoint ruleset parameters casing +* api-change:``application-signals``: Update endpoint ruleset parameters casing +* api-change:``sagemaker``: Added inference components model data caching feature +* api-change:``mediastore-data``: Update endpoint ruleset parameters casing +* api-change:``mq``: Update endpoint ruleset parameters casing +* api-change:``billing``: Update endpoint ruleset parameters casing +* api-change:``iot-managed-integrations``: Update endpoint ruleset parameters casing +* api-change:``translate``: Update endpoint ruleset parameters casing +* api-change:``panorama``: Update endpoint ruleset parameters casing +* api-change:``s3tables``: Update endpoint ruleset parameters casing +* api-change:``migrationhubstrategy``: Update endpoint ruleset parameters casing +* api-change:``geo-maps``: Added support for optional AdditionalFeatures parameter in the V2 GetTile API. +* api-change:``cloudtrail``: Update endpoint ruleset parameters casing +* api-change:``codepipeline``: Update endpoint ruleset parameters casing +* api-change:``pca-connector-ad``: Update endpoint ruleset parameters casing +* api-change:``gameliftstreams``: Add status reasons for TERMINATED stream sessions +* api-change:``payment-cryptography-data``: Update endpoint ruleset parameters casing + + +2.31.21 +======= + +* api-change:``rum``: Update endpoint ruleset parameters casing +* api-change:``bedrock-agentcore``: Fixing the service documentation name +* api-change:``synthetics``: Update endpoint ruleset parameters casing +* api-change:``codebuild``: Update endpoint ruleset parameters casing +* api-change:``pinpoint-email``: Update endpoint ruleset parameters casing +* api-change:``lambda``: Add NodeJs 24 (nodejs24.x) support to AWS Lambda. +* api-change:``sagemaker``: Update endpoint ruleset parameters casing +* api-change:``chime-sdk-voice``: Update endpoint ruleset parameters casing +* api-change:``networkmonitor``: Update endpoint ruleset parameters casing +* api-change:``macie2``: Update endpoint ruleset parameters casing +* api-change:``drs``: Update endpoint ruleset parameters casing +* api-change:``mgh``: Update endpoint ruleset parameters casing +* api-change:``sesv2``: Update endpoint ruleset parameters casing +* api-change:``internetmonitor``: Update endpoint ruleset parameters casing +* api-change:``securitylake``: Update endpoint ruleset parameters casing +* api-change:``mgn``: Update endpoint ruleset parameters casing +* api-change:``marketplacecommerceanalytics``: Update endpoint ruleset parameters casing +* api-change:``ecr-public``: Update endpoint ruleset parameters casing +* api-change:``savingsplans``: Update endpoint ruleset parameters casing +* api-change:``managedblockchain-query``: Update endpoint ruleset parameters casing +* api-change:``pca-connector-scep``: Update endpoint ruleset parameters casing +* api-change:``application-autoscaling``: Update endpoint ruleset parameters casing +* api-change:``kinesis-video-archived-media``: Update endpoint ruleset parameters casing +* api-change:``resiliencehub``: Update endpoint ruleset parameters casing +* api-change:``healthlake``: Update endpoint ruleset parameters casing +* api-change:``dms``: Update endpoint ruleset parameters casing +* api-change:``mediatailor``: Update endpoint ruleset parameters casing +* api-change:``personalize-events``: Update endpoint ruleset parameters casing +* api-change:``docdb-elastic``: Update endpoint ruleset parameters casing +* api-change:``cloudtrail-data``: Update endpoint ruleset parameters casing +* api-change:``mpa``: Update endpoint ruleset parameters casing +* api-change:``neptunedata``: Update endpoint ruleset parameters casing +* api-change:``kinesis-video-webrtc-storage``: Update endpoint ruleset parameters casing +* api-change:``account``: Update endpoint ruleset parameters casing +* api-change:``discovery``: Update endpoint ruleset parameters casing +* api-change:``opensearchserverless``: Update endpoint ruleset parameters casing +* api-change:``sagemaker-edge``: Update endpoint ruleset parameters casing +* api-change:``codestar-connections``: Update endpoint ruleset parameters casing +* api-change:``iot-jobs-data``: Update endpoint ruleset parameters casing +* api-change:``bedrock-agentcore-control``: Fixing the service documentation name +* api-change:``config``: Update endpoint ruleset parameters casing +* api-change:``odb``: Doc-only update that removes duplicate values from descriptions of ODB peering APIs. +* api-change:``iotevents``: Update endpoint ruleset parameters casing +* api-change:``ecr``: Update endpoint ruleset parameters casing +* api-change:``omics``: Update endpoint ruleset parameters casing +* api-change:``ebs``: Update endpoint ruleset parameters casing +* api-change:``cur``: Update endpoint ruleset parameters casing +* api-change:``storagegateway``: Update endpoint ruleset parameters casing +* api-change:``connect-contact-lens``: Update endpoint ruleset parameters casing +* api-change:``dsql``: Add support for resource-based policies for Aurora DSQL clusters. This will enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora DSQL public or VPC endpoints. + + +2.31.20 +======= + +* api-change:``workmail``: Update endpoint ruleset parameters casing +* api-change:``iotanalytics``: Update endpoint ruleset parameters casing +* api-change:``connectparticipant``: Update endpoint ruleset parameters casing +* api-change:``medialive``: Add 3 API operations for fetching alerts: ListAlerts (Channels), ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts +* api-change:``lexv2-models``: Update endpoint ruleset parameters casing +* api-change:``ds-data``: Update endpoint ruleset parameters casing +* api-change:``oam``: Update endpoint ruleset parameters casing +* api-change:``cloudformation``: Update endpoint ruleset parameters casing +* api-change:``directconnect``: Update endpoint ruleset parameters casing +* api-change:``workspaces``: Update endpoint ruleset parameters casing +* api-change:``autoscaling``: Update endpoint ruleset parameters casing +* api-change:``connect``: This release added support for email address alias configuration and outbound campaign preview mode. +* api-change:``pcs``: Update endpoint ruleset parameters casing +* api-change:``sagemaker-a2i-runtime``: Update endpoint ruleset parameters casing +* api-change:``marketplace-agreement``: Update endpoint ruleset parameters casing +* api-change:``notificationscontacts``: Update endpoint ruleset parameters casing +* api-change:``forecastquery``: Update endpoint ruleset parameters casing +* api-change:``connectcampaignsv2``: Updated Amazon Connect Outbound Campaigns V2 SDK to support Preview Outbound Mode +* api-change:``ssm-incidents``: Update endpoint ruleset parameters casing +* api-change:``redshift-data``: Update endpoint ruleset parameters casing +* api-change:``chatbot``: Update endpoint ruleset parameters casing +* api-change:``cloudhsm``: Update endpoint ruleset parameters casing +* api-change:``codeguru-reviewer``: Update endpoint ruleset parameters casing +* api-change:``iotsecuretunneling``: Update endpoint ruleset parameters casing +* api-change:``ivschat``: Update endpoint ruleset parameters casing +* api-change:``workdocs``: Update endpoint ruleset parameters casing +* api-change:``route53-recovery-cluster``: Update endpoint ruleset parameters casing +* api-change:``ec2-instance-connect``: Update endpoint ruleset parameters casing +* api-change:``mailmanager``: Update endpoint ruleset parameters casing +* api-change:``iot``: Update endpoint ruleset parameters casing +* api-change:``bcm-dashboards``: Update endpoint ruleset parameters casing +* api-change:``sns``: Update endpoint ruleset parameters casing +* api-change:``pinpoint-sms-voice-v2``: Update endpoint ruleset parameters casing +* api-change:``inspector2``: Update endpoint ruleset parameters casing +* api-change:``rtbfabric``: Update for general availability of AWS RTB Fabric service. +* api-change:``kinesisanalyticsv2``: Update endpoint ruleset parameters casing +* api-change:``ce``: Update endpoint ruleset parameters casing +* api-change:``cognito-identity``: Update endpoint ruleset parameters casing +* api-change:``cloudhsmv2``: Update endpoint ruleset parameters casing +* api-change:``mwaa``: Update endpoint ruleset parameters casing +* api-change:``iotsitewise``: Update endpoint ruleset parameters casing +* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateNetworkInterface and DescribeNetworkInterfaces APIs. +* api-change:``b2bi``: Update endpoint ruleset parameters casing +* api-change:``devicefarm``: This release adds support for optionally including an app as part of a CreateRemoteAccessSession request +* api-change:``appfabric``: Update endpoint ruleset parameters casing +* api-change:``iotfleetwise``: Update endpoint ruleset parameters casing +* api-change:``comprehendmedical``: Update endpoint ruleset parameters casing +* api-change:``iam``: Updated OIDC and SAML apis to reject multiple simultaneous requests to change a unique object. +* api-change:``route53``: Amazon Route 53 now supports the ISOB West Region for private DNS for Amazon VPCs and cloudwatch healthchecks. + + +2.31.19 +======= + +* api-change:``dynamodb``: Add AccountID based endpoint metric to endpoint rules. +* api-change:``mediaconvert``: This release adds the ability to set resolution for the black video generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous search of job history using new filters. +* api-change:``emr``: Added RECONFIGURING to the InstanceFleetState convenience enum. +* api-change:``meteringmarketplace``: Added ClientToken parameter to MeterUsage API for specifying idempotent requests. + + +2.31.18 +======= + +* api-change:``arc-zonal-shift``: Update endpoint ruleset parameters casing +* api-change:``finspace-data``: Update endpoint ruleset parameters casing +* api-change:``wellarchitected``: Update endpoint ruleset parameters casing +* api-change:``ds``: Update endpoint ruleset parameters casing +* api-change:``amp``: Update endpoint ruleset parameters casing +* api-change:``bedrock-data-automation-runtime``: Update endpoint ruleset parameters casing +* api-change:``tnb``: Update endpoint ruleset parameters casing +* api-change:``license-manager-user-subscriptions``: Update endpoint ruleset parameters casing +* api-change:``kinesis-video-media``: Update endpoint ruleset parameters casing +* api-change:``bcm-recommended-actions``: Update endpoint ruleset parameters casing +* api-change:``marketplace-catalog``: The ListEntities API now supports two new CAPI filters: DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products. +* api-change:``license-manager``: Update endpoint ruleset parameters casing +* api-change:``lakeformation``: Update endpoint ruleset parameters casing +* api-change:``codestar-notifications``: Update endpoint ruleset parameters casing +* api-change:``network-firewall``: Update endpoint ruleset parameters casing +* api-change:``mediaconnect``: Update endpoint ruleset parameters casing +* api-change:``pi``: Update endpoint ruleset parameters casing +* api-change:``networkmanager``: Update endpoint ruleset parameters casing +* api-change:``iotthingsgraph``: Update endpoint ruleset parameters casing +* api-change:``controlcatalog``: Update endpoint ruleset parameters casing +* api-change:``sagemaker-geospatial``: Update endpoint ruleset parameters casing +* api-change:``chime-sdk-meetings``: Update endpoint ruleset parameters casing +* api-change:``iottwinmaker``: Update endpoint ruleset parameters casing +* api-change:``appconfigdata``: Update endpoint ruleset parameters casing +* api-change:``kendra-ranking``: Update endpoint ruleset parameters casing +* api-change:``es``: Update endpoint ruleset parameters casing +* api-change:``gameliftstreams``: Updates documentation to clarify valid application binaries for an Amazon GameLift Streams application and provide descriptions of stream session error status reasons +* api-change:``rolesanywhere``: Update endpoint ruleset parameters casing +* api-change:``datasync``: Update endpoint ruleset parameters casing +* api-change:``route53-recovery-readiness``: Update endpoint ruleset parameters casing +* api-change:``finspace``: Update endpoint ruleset parameters casing +* api-change:``timestream-write``: Update endpoint ruleset parameters casing +* api-change:``qapps``: Update endpoint ruleset parameters casing +* api-change:``evidently``: Update endpoint ruleset parameters casing +* api-change:``swf``: Releasing minor endpoint updates. +* api-change:``migration-hub-refactor-spaces``: Update endpoint ruleset parameters casing +* api-change:``organizations``: Update endpoint ruleset parameters casing +* api-change:``imagebuilder``: Update endpoint ruleset parameters casing +* api-change:``events``: Update endpoint ruleset parameters casing +* api-change:``dsql``: Update endpoint ruleset parameters casing +* api-change:``cloudfront``: Update endpoint ruleset parameters casing +* api-change:``signer``: Update endpoint ruleset parameters casing +* api-change:``geo-maps``: Added support for optional style parameters in maps, including Terrain, ContourDensity, Traffic, and TravelModes. +* api-change:``application-insights``: Update endpoint ruleset parameters casing +* api-change:``amplifybackend``: Update endpoint ruleset parameters casing +* api-change:``appintegrations``: Update endpoint ruleset parameters casing +* api-change:``iot-data``: Update endpoint ruleset parameters casing +* api-change:``iotdeviceadvisor``: Update endpoint ruleset parameters casing +* api-change:``cloudfront-keyvaluestore``: Update endpoint ruleset parameters casing +* api-change:``ec2``: Documentation updates for Amazon EC2. + + +2.31.17 +======= + +* api-change:``route53-recovery-control-config``: Update endpoint ruleset parameters casing +* api-change:``amplify``: Update endpoint ruleset parameters casing +* api-change:``timestream-query``: Update endpoint ruleset parameters casing +* api-change:``migrationhub-config``: Update endpoint ruleset parameters casing +* api-change:``qldb-session``: Update endpoint ruleset parameters casing +* api-change:``personalize-runtime``: Update endpoint ruleset parameters casing +* api-change:``ssm``: Update endpoint ruleset parameters casing +* api-change:``identitystore``: Update endpoint ruleset parameters casing +* api-change:``mediapackagev2``: Update endpoint ruleset parameters casing +* api-change:``lex-models``: Update endpoint ruleset parameters casing +* api-change:``geo-routes``: Update endpoint ruleset parameters casing +* api-change:``ssm-guiconnect``: Update endpoint ruleset parameters casing +* api-change:``memorydb``: Update endpoint ruleset parameters casing +* api-change:``apigatewaymanagementapi``: Update endpoint ruleset parameters casing +* api-change:``osis``: Update endpoint ruleset parameters casing +* api-change:``lexv2-runtime``: Update endpoint ruleset parameters casing +* api-change:``billingconductor``: New feature: service flat CLI and first AWS managed pricing plan (BasicPricingPlan) +* api-change:``kafka``: Update endpoint ruleset parameters casing +* api-change:``workspaces-web``: Update endpoint ruleset parameters casing +* api-change:``machinelearning``: Update endpoint ruleset parameters casing +* api-change:``lookoutequipment``: Update endpoint ruleset parameters casing +* api-change:``globalaccelerator``: Update endpoint ruleset parameters casing +* api-change:``m2``: Update endpoint ruleset parameters casing +* api-change:``pricing``: Update endpoint ruleset parameters casing +* api-change:``freetier``: Update endpoint ruleset parameters casing +* api-change:``grafana``: Update endpoint ruleset parameters casing +* api-change:``dataexchange``: Update endpoint ruleset parameters casing +* api-change:``dlm``: Update endpoint ruleset parameters casing +* api-change:``ivs-realtime``: Update endpoint ruleset parameters casing +* api-change:``apptest``: Update endpoint ruleset parameters casing +* api-change:``polly``: Update endpoint ruleset parameters casing +* api-change:``apprunner``: Update endpoint ruleset parameters casing +* api-change:``databrew``: Update endpoint ruleset parameters casing +* api-change:``kms``: Update endpoint ruleset parameters casing +* api-change:``acm-pca``: Update endpoint ruleset parameters casing +* api-change:``keyspaces``: Update endpoint ruleset parameters casing +* api-change:``voice-id``: Update endpoint ruleset parameters casing +* api-change:``medical-imaging``: Update endpoint ruleset parameters casing +* api-change:``bcm-data-exports``: Update endpoint ruleset parameters casing +* api-change:``batch``: Update endpoint ruleset parameters casing +* api-change:``marketplace-entitlement``: Update endpoint ruleset parameters casing +* api-change:``ivs``: Update endpoint ruleset parameters casing +* api-change:``personalize``: Update endpoint ruleset parameters casing +* api-change:``networkflowmonitor``: Update endpoint ruleset parameters casing +* api-change:``customer-profiles``: Update endpoint ruleset parameters casing +* api-change:``gamelift``: Update endpoint ruleset parameters casing +* api-change:``autoscaling-plans``: Updated FIPS endpoints for US GovCloud regions +* api-change:``qldb``: Update endpoint ruleset parameters casing +* api-change:``ssm-contacts``: Update endpoint ruleset parameters casing + + +2.31.16 +======= + +* api-change:``timestream-influxdb``: This release adds support for creating and managing InfluxDB 3 Core and Enterprise DbClusters. +* api-change:``ec2``: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage across On-Demand Instances, Spot Instances, and Capacity Reservations. +* api-change:``docdb``: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster, RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB. +* api-change:``lightsail``: Add support for manage Lightsail Bucket CORS configuration +* api-change:``guardduty``: Added default pagination value for ListMalwareProtectionPlans API and updated UpdateFindingsFeedback API +* api-change:``elbv2``: This release expands Listener Rule Conditions to support RegexValues and adds support for a new Transforms field in Listener Rules. +* api-change:``bedrock``: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing customers to specify their preferred KMS key for encryption, improving control and compliance with AWS encryption mandates. + + +2.31.15 +======= + +* api-change:``connect``: SDK release for TaskTemplateInfo in Contact for DescribeContact response. +* api-change:``ec2``: This release adds support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone +* api-change:``transfer``: SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range. +* api-change:``backup``: The AWS Backup job attribute extension enhancement helps customers better understand the plan that initiated each job, and the properties of the resource each job creates. +* api-change:``transcribe``: Move UntagResource API body member to query parameter +* api-change:``datazone``: Support creating scoped and trustedIdentityPropagation enabled connections. +* enhancement:setuptools: Upgrade pinned setuptools to version 78.1.1 +* api-change:``appstream``: This release introduces support for Microsoft license included applications streaming. + + +2.31.14 +======= + +* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable Resource tags for telemetry in a customer account. The release introduces new APIs to enable, disable and describe the status of Resource tags for telemetry feature. This new capability simplifies monitoring AWS resources using tags. +* api-change:``bedrock-agentcore-control``: Updated http status code in control plane apis of agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity +* api-change:``ec2``: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb +* api-change:``bedrock-agentcore``: Updated InvokeAgentRuntime API to accept account id optionally and added CompleteResourceTokenAuth API. + + +2.31.13 +======= + +* api-change:``bedrock-agentcore``: Bedrock AgentCore release for Runtime, and Memory. +* api-change:``cloudfront``: Added new viewer security policy, TLSv1.2_2025, for CloudFront. +* api-change:``glue``: Addition of AuditContext in GetTable/GetTables Request +* api-change:``rds``: Updated the text in the Important section of the ModifyDBClusterParameterGroup page. +* api-change:``bedrock-agentcore-control``: Bedrock AgentCore release for Gateway, and Memory including Self-Managed Strategies support for Memory. +* api-change:``lambda``: Add InvokedViaFunctionUrl context key to limit invocations to only FURL invokes. +* api-change:``odb``: This release adds APIs that allow you to specify CIDR ranges in your ODB peering connection. +* enhancement:openssl: Update bundled OpenSSL version to 1.1.1zd for Linux installers + + +2.31.12 +======= + +* api-change:``wafv2``: This release adds the ability to throw WafLimitsExceededException when the maximum number of Application Load Balancer (ALB) associations per AWS WAF v2 WebACL is exceeded. +* api-change:``quicksight``: This release adds support for ActionConnector and Flow, which are new resources associated with Amazon Quick Suite. Additional updates include expanded Data Source options, further branding customization, and new capabilities that can be restricted by Admins. + + +2.31.11 +======= + +* api-change:``outposts``: This release adds the new StartOutpostDecommission API, which starts the decommission process to return Outposts racks or servers. +* api-change:``service-quotas``: introduces Service Quotas Automatic Management. Users can opt-in to monitoring and managing service quotas, receive notifications when quota usage reaches thresholds, configure notification channels, subscribe to EventBridge events for automation, and view notifications in the AWS Health dashboard. +* api-change:``license-manager-user-subscriptions``: Released support for IPv6 and dual-stack active directories +* api-change:``bedrock-agentcore-control``: Adding support for authorizer type AWS_IAM to AgentCore Control Gateway. + + +2.31.10 +======= + +* api-change:``proton``: Deprecating APIs in AWS Proton namespace. + + +2.31.9 +====== + +* api-change:``rds``: Documentation updates to the CreateDBClusterMessage$PubliclyAccessible and CreateDBInstanceMessage$PubliclyAccessible properties. +* api-change:``bedrock-agentcore-control``: Add support for VM lifecycle configuration parameters and A2A protocol +* api-change:``mediaconnect``: Enabling Tag-on-Create for AWS Elemental MediaConnect flow-based resource types +* api-change:``backup``: Adds optional MaxScheduledRunsPreview input to GetBackupPlan API to provide a preview of up to 10 next scheduled backup plan runs in the GetBackupPlan response. +* api-change:``quicksight``: Documentation improvements for QuickSight API documentation to clarify that delete operation APIs are global. +* api-change:``glue``: Adds labeling for DataQualityRuleResult for GetDataQualityResult and PublishDataQualityResult APIs +* api-change:``resource-explorer-2``: Add new AWS Resource Explorer APIs +* api-change:``memorydb``: Support for DescribeMultiRegionParameterGroups and DescribeMultiRegionParameters API. +* api-change:``bedrock-agentcore``: Add support for batch memory management, agent card retrieval and session termination + + +2.31.8 +====== + +* api-change:``qconnect``: Updated Amazon Q in Connect APIs to support Email Contact Recommendations. +* api-change:``payment-cryptography-data``: Added a new API - translateKeyMaterial; allows keys wrapped by ECDH derived keys to be rewrapped under a static AES keyblock without first importing the key into the service. +* api-change:``medialive``: AWS Elemental MediaLive enables Mediapackage V2 users to configure ID3, KLV, Nielsen ID3, and Segment Length related parameters through the Mediapackage output group. +* api-change:``cleanrooms``: Added support for reading data sources across regions, and results delivery to allowedlisted regions. + + +2.31.7 +====== + +* api-change:``dynamodb``: Add support for dual-stack account endpoint generation +* api-change:``cloudformation``: Add new warning type 'EXCLUDED_RESOURCES' +* api-change:``guardduty``: Updated descriptions for the Location parameter in CreateTrustedEntitySet and CreateThreatEntitySet. +* api-change:``synthetics``: Adds support to configure canaries with pre-configured blueprint code on supported runtime versions. This behavior can be controlled via the new BlueprintTypes property exposed in the CreateCanary and UpdateCanary APIs. +* api-change:``connectcases``: New Search All Related Items API enables searching related items across cases +* enhancement:``eks``: Add ``proxy-url`` to ``aws eks update-kubeconfig`` + + +2.31.6 +====== + +* api-change:``dms``: This is a doc-only update, revising text for kms-key-arns. +* bugfix:``botocore``: Fix HTTP 100 Continue parsing to accept optional reason phrase +* api-change:``ecs``: This is a documentation only Amazon ECS release that adds additional information for health checks. +* api-change:``cleanrooms``: This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration. +* bugfix:``s3``: Fix CancelledError retry loops to enable immediate S3 upload cancellation +* api-change:``chime-sdk-meetings``: Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK +* api-change:``cleanroomsml``: This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration. +* api-change:``pcs``: Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues. + + +2.31.5 +====== + +* api-change:``fsx``: Add Dual-Stack support for Amazon FSx for NetApp ONTAP and Windows File Server +* api-change:``datasync``: Added support for FIPS VPC endpoints in FIPS-enabled AWS Regions. +* api-change:``bedrock-agentcore-control``: Tagging support for AgentCore Gateway +* api-change:``connectcases``: This release adds support for two new related item types: ConnectCase for linking Amazon Connect cases and Custom for user-defined related items with configurable fields. +* api-change:``rds``: Enhanced RDS error handling: Added DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault, KMSKeyNotAccessibleFault for snapshots/restores/backups, NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and granular state validation faults. Changed DBInstanceNotReadyFault to HTTP 400. +* api-change:``transfer``: Add support for updating server identity provider type +* api-change:``datazone``: This release adds support for creation of EMR on EKS Connections in Amazon DataZone. +* api-change:``ds``: AWS Directory service now supports IPv6-native and dual-stack configurations for AWS Managed Microsoft AD, AD Connector, and Simple AD (dual-stack only). Additionally, AWS Managed Microsoft AD Standard Edition directories can be upgraded to Enterprise Edition directories through a single API call. +* api-change:``ecs``: This release adds support for Managed Instances on Amazon ECS. +* api-change:``customer-profiles``: This release introduces ListProfileHistoryRecords and GetProfileHistoryRecord APIs for comprehensive profile history tracking with complete audit trails of creation, updates, merges, deletions, and data ingestion events. +* api-change:``quicksight``: added warnings to a few CLI pages +* api-change:``chime-sdk-voice``: Added support for IPv4-only and dual-stack network configurations for VoiceConnector and CreateVoiceConnector API. +* api-change:``application-signals``: Amazon CloudWatch Application Signals is introducing the Application Map to give users a more comprehensive view of their service health. Users will now be able to group services, track their latest deployments, and view automated audit findings concerning service performance. +* api-change:``mediatailor``: Adding TPS Traffic Shaping to Prefetch Schedules + + +2.31.4 +====== + +* api-change:``vpc-lattice``: Adds support for specifying the number of IPv4 addresses in each ENI for the resource gateway for VPC Lattice. +* api-change:``bedrock``: Release for fixing GetFoundationModel API behavior. Imported and custom models have their own exclusive API and GetFM should not accept those ARNS as input +* api-change:``bedrock-runtime``: New stop reason for Converse and ConverseStream +* api-change:``imagebuilder``: This release introduces several new features and improvements to enhance pipeline management, logging, and resource configuration. + + +2.31.3 +====== + +* api-change:``billing``: Add ability to combine custom billing views to create new consolidated views. +* api-change:``bedrock-data-automation``: Added support for configurable Speaker Labeling and Channel Labeling features for Audio modality. +* api-change:``bedrock-agent-runtime``: This release enhances the information provided through Flow Traces. New information includes source/next node tracking, execution chains for complex nodes, dependency action (operation) details, and dependency traces. +* api-change:``ec2``: This release includes documentation updates for Amazon EBS General Purpose SSD (gp3) volumes with larger size and higher IOPS and throughput. +* api-change:``connect``: Adds supports for manual contact picking (WorkList) operations on Routing Profiles, Agent Management and SearchContacts APIs. +* api-change:``dynamodbstreams``: Added support for IPv6 compatible endpoints for DynamoDB Streams. +* api-change:``ce``: Support for payer account dimension and billing view health status. +* api-change:``redshift``: Support tagging and tag propagation to IAM Identity Center for Redshift Idc Applications + + +2.31.2 +====== + +* api-change:``lightsail``: Attribute HTTP binding update for Get/Delete operations +* api-change:``glue``: Update GetConnection(s) API to return KmsKeyArn & Add 63 missing connection types +* api-change:``network-firewall``: Network Firewall now introduces Reject and Alert action support for stateful domain list rule groups, providing customers with more granular control over their network traffic. + + +2.31.1 +====== + +* api-change:``appstream``: G6f instance support for AppStream 2.0 +* api-change:``neptune``: Doc-only update to address customer use. +* api-change:``dax``: This release adds support for IPv6-only, DUAL_STACK DAX instances +* api-change:``cloudwatch``: Fix default dualstack FIPS endpoints in AWS GovCloud(US) regions +* api-change:``kms``: Documentation only updates for KMS. + + +2.31.0 +====== + +* enhancement:help: Update message formatting when entering an invalid command to improve identification of an error (aws/aws-cli`#9737 `__) +* api-change:``cleanrooms``: Added support for running incremental ID mapping for rule-based workflows. +* api-change:``ec2``: Add Amazon EC2 R8gn instance types +* enhancement:documentation: Display required constraints to top level and nested parameters (aws/aws-cli`#9463 `__, aws/aws-cli`#9491 `__) +* enhancement:help: Reduce output from help when entering an invalid command (aws/aws-cli`#9457 `__) +* enhancement:documentation: Add documentation for API parameter constraints (aws/aws-cli`#9444 `__) +* enhancement:``s3``: Add controls over progress status message frequency and multiline printing (aws/aws-cli`#9545 `__) +* enhancement:configuration: Improve accessibility of table output for ``configure list`` command (aws/aws-cli`#9547 `__) +* api-change:``sso-oidc``: This release includes exception definition and documentation updates. +* api-change:``sso-admin``: Add support for encryption at rest with Customer Managed KMS Key in AWS IAM Identity Center +* api-change:``ssm``: Added Dualstack support to GetDeployablePatchSnapshotForInstance +* api-change:``entityresolution``: Support incremental id mapping workflow for AWS Entity Resolution +* feature:help: Add ability to view help in a web browser or print the URL to the remote documentation website (aws/aws-cli`#9496 `__) + + +2.30.7 +====== + +* api-change:``imagebuilder``: Version ARNs are no longer required for the EC2 Image Builder list-image-build-version, list-component-build-version, and list-workflow-build-version APIs. Calling these APIs without the ARN returns all build versions for the given resource type in the requesting account. +* api-change:``pinpoint-sms-voice``: Update pinpoint-sms-voice client and endpoint tests to latest version. +* api-change:``eks``: Adds support for RepairConfig overrides and configurations in EKS Managed Node Groups. +* api-change:``batch``: Starting in JAN 2026, AWS Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security. + + +2.30.6 +====== + +* api-change:``config``: Add UNKNOWN state to RemediationExecutionState and add IN_PROGRESS/EXITED/UNKNOWN states to RemediationExecutionStepState. +* api-change:``license-manager-user-subscriptions``: Added support for cross-account Active Directories. +* enhancement:ec2-instance-connect: Allow ec2-instance-connect ssh and open-tunnel commands to connect to update-complete, update-in-progress, and update-failed EC2 Instance Connect Endpoints. Fixes `#9715 `__ +* api-change:``kendra-ranking``: Model whitespace change - no client difference +* api-change:``bedrock-agentcore-control``: Add tagging and VPC support to AgentCore Runtime, Code Interpreter, and Browser resources. Add support for configuring request headers in Runtime. Fix AgentCore Runtime shape names. +* api-change:``medialive``: Add MinBitrate for QVBR mode under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames, SubGopLength fields under H265 output codec. +* api-change:``connect``: This release adds a persistent connection field to UserPhoneConfig that maintains agent's softphone media connection for faster call connections. +* api-change:``sqs``: Update invalid character handling documentation for SQS SendMessage API + + +2.30.5 +====== + +* api-change:``budgets``: Added BillingViewHealthStatus Exception which is thrown when a Budget is created or updated with a Billing View that is not in the HEALTHY status +* api-change:``bedrock``: Release includes an increase to the maximum policy build document size, an update to DeleteAutomatedReasoningPolicyBuildWorkflow to add ResourceInUseException, and corrections to UpdateAutomatedReasoningPolicyTestCaseRequest. +* api-change:``chime-sdk-messaging``: Amazon Chime SDK Messaging GetMessagingSessionEndpoint API now returns dual-stack WebSocket endpoints supporting IPv4/IPv6. +* api-change:``ec2``: Allowed AMIs adds support for four new parameters - marketplaceProductCodes, deprecationTimeCondition, creationDateCondition and imageNames + + +2.30.4 +====== + +* api-change:``ec2``: Add mac-m4.metal and mac-m4pro.metal instance types. +* api-change:``pcs``: Add support for Amazon EC2 Capacity Blocks for ML +* api-change:``network-firewall``: Network Firewall now prevents TLS handshakes with the target server until after the Server Name Indication (SNI) has been seen and verified. The monitoring dashboard now provides deeper insights into PrivateLink endpoint candidates and offers filters based on IP addresses and protocol. + + +2.30.3 +====== + +* api-change:``logs``: Cloudwatch Logs added support for 2 new API parameters in metric and subscription filter APIs to filter log events based on system field values and emit system field values as dimensions and send them to customer destination as additional metadata. +* enhancement:``configure``: Added the new ``aws configure mfa-login`` command, which creates a profile with temporary credentials corresponding to an IAM user with an MFA code. +* api-change:``ivs-realtime``: IVS now offers customers the ability to control the positioning of participants in both grid and PiP layouts based on custom attribute values in participant tokens. +* api-change:``osis``: Adds support for cross-account ingestion for push-based sources. This includes resource policies for sharing pipelines across accounts and features for managing pipeline endpoints which enable accessing pipelines across different VPCs, including VPCs in other accounts. +* enhancement:macOS: Added explicit architecture support in PKG installer for universal builds on Macs to prevent Rosetta requirement prompt. +* api-change:``budgets``: Add support for custom time periods in budget configuration +* enhancement:``configure``: Added support for temporary credentials with ``aws configure``. The CLI will prompt for an ``aws_session_token`` if the provided access key ID is temporary. + + +2.30.2 +====== + +* api-change:``medical-imaging``: Added support for OpenID Connect (OIDC) custom authorizer +* api-change:``s3control``: Introduce three new encryption filters: EncryptionType (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C, NOT-SSE), KmsKeyArn (for SSE-KMS and DSSE-KMS), and BucketKeyEnabled (for SSE-KMS). +* api-change:``sms``: The sms client has been removed following the deprecation of the service. +* api-change:``ce``: Added endpoint support for eusc-de-east-1 region. +* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable telemetry centralization in customers' Organizations. The release introduces new APIs to manage centralization rules, which define settings to replicate telemetry data to a central destination in the customers' Organization. + + +2.30.1 +====== + +* enhancement:``s3``: Expose S3 transfer config's ``io_chunksize`` in shared config file +* api-change:``payment-cryptography``: Add support for certificates to be signed by 3rd party certificate authorities. New API GetCertificateSigningRequest API and support for providing certificates at run-time for tr-34 import/export + + +2.30.0 +====== + +* feature:installer: Added universal binary support for AWS CLI v2 on macOS +* api-change:``evs``: CreateEnvironment API now supports parameters (isHcxPublic & hcxNetworkAclId) for HCX migration via public internet, adding flexibility for migration scenarios. New APIs have been added for associating (AssociateEipToVlan) & disassociating (DisassociateEipFromVlan) Elastic IP (EIP) addresses. +* api-change:``amp``: Add Vended Logs APIs for Amazon Prometheus Managed Collector +* api-change:``quicksight``: This release adds support for Account level custom permissions, additional Dashboard Options, and Null support for Q&A. +* api-change:``guardduty``: Updated Java SDK implementation of entity set status in GuardDuty API. +* api-change:``datazone``: adding IAM principal id to IAM user profile details +* api-change:``emr-containers``: Added nodeLabel support in container provider to aid hardware isolation support for virtual cluster and security configuration. +* api-change:``medialive``: AWS Elemental MediaLive adds a new feature in MediaPackage output group that enables MediaPackage V2 users to control HLS-related parameters directly in MediaLive. These parameter settings are then reflected in MediaPackage outputs, providing more streamlined control over HLS configurations. +* api-change:``ecs``: This release supports hook details for Amazon ECS lifecycle hooks. +* api-change:``rds``: Adds support for end-to-end IAM authentication in RDS Proxy for MySQL, MariaDB, and PostgreSQL engines. + + +2.29.1 +====== + +* api-change:``networkflowmonitor``: Added new enum value (AWS::Region) for type field under MonitorLocalResource and MonitorRemoteResource. Workload Insights and Monitor top contributors queries now support a new DestinationCategory (INTER_REGION). +* api-change:``payment-cryptography``: AWS Payment Cryptography Service now supports Multi-Region key replication. Customers can choose to automatically distribute keys across AWS Regions. + + +2.29.0 +====== + +* api-change:``autoscaling``: Added WaitForTransitioningInstances parameter to the CancelInstanceRefresh API, allowing the caller to cancel an instance refresh without waiting for on-going launches and terminations. +* api-change:``mediapackagev2``: Added CUE tag SCTE output to MediaPackageV2 HLS and LL-HLS manifests. +* api-change:``sagemaker``: Released IPv6 support with dual-stack domain options on SageMaker Studio and introduced support for p6-b200.48xlarge instance type on SageMaker Studio for JupyterLab and CodeEditor applications. +* api-change:``datazone``: Adds support for custom blueprints +* api-change:``cloudwatch``: Added a new API - DescribeAlarmContributors API, to retrieve alarm contributors in ALARM state. Added support in DescribeAlarmHistory API to query alarm contributor history +* feature:s3 download: Validate requested range matches content range in response for multipart downloads +* api-change:``connect``: SDK release for user defined predefined attributes. +* api-change:``organizations``: Documentation updates for AWS Organizations APIs. + + +2.28.26 +======= + +* api-change:``s3``: This release includes backward compatibility work on the "Expires" parameter. +* api-change:``iotsitewise``: Add ComputationModelVersion support in IoT SiteWise APIs +* api-change:``securityhub``: This release adds the RESOURCE_NOT_FOUND error code as a possible value in responses to the following operations: BatchGetStandardsControlAssociations, BatchUpdateStandardsControlAssociations, and BatchGetSecurityControls. + + +2.28.25 +======= + +* api-change:``sagemaker``: Release IPv6 support with dualstack in SageMaker Notebooks, Tiered Storage Checkpointing Support in SageMaker HyperPod and P5.4xlarge instance type for SageMaker Hosting. +* api-change:``ecs``: This is a documentation only release that adds additional information for Amazon ECS Availability Zone rebalancing. +* api-change:``pcs``: Documentation-only update to add AccountingStorageEnforce to SlurmCustomSetting. + + +2.28.24 +======= + +* api-change:``ec2``: Add m8i, m8i-flex and i8ge instance types. +* api-change:``cloudformation``: ListHookResults API now supports retrieving invocation results for all CloudFormation Hooks (previously limited to create change set and Cloud Control operations) with new optional parameters for filtering by Hook status and ARN. +* api-change:``cleanrooms``: Add support for configurable compute sizes for PySpark jobs. +* api-change:``rds``: Added new EndpointNetworkType and TargetConnectionNetworkType fields in Proxy APIs to support IPv6 +* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for datetime and duration attribute values. +* api-change:``opensearchserverless``: Add support for Federal Information Processing Standards (FIPS) and Federal Risk and Authorization Management Program (FedRAMP) compliance + + +2.28.23 +======= + +* enhancement:``awscrt``: Update awscrt version to 0.27.6 +* api-change:``cleanrooms``: Added support for adding new data provider members to an existing collaboration. +* api-change:``cleanroomsml``: AWS Clean Rooms ML adds log sanitization for privacy-enhanced error summaries, supports new instance types for custom models providing better performance and lower costs, and deprecates P3-series instances. +* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (New Zealand) Region (ap-southeast-6) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. +* api-change:``route53domains``: Added new ExtraParams AU_ELIGIBILITY_TYPE, AU_POLICY_REASON, and AU_REGISTRANT_NAME +* api-change:``mq``: Add CONFIG_MANAGED as a supported AuthenticationStrategy for Amazon MQ for RabbitMQ brokers. Make username and password optional on broker creation for CONFIG_MANAGED brokers. +* api-change:``cloudfront``: Adding an optional field IpAddressType in CustomOriginConfig +* api-change:``rds``: This release adds support for MasterUserAuthenticationType parameter on CreateDBInstance, ModifyDBInstance, CreateDBCluster, and ModifyDBCluster operations. + + +2.28.22 +======= + +* api-change:``notifications``: Added Org support for notifications: - `ListMemberAccounts` gets member accounts list, `AssociateOrganizationalUnit` links OU to notification configuration, `DisassociateOrganizationalUnit` removes OU from notification configuration, `ListOrganizationalUnits` shows OUs configured for notifications. +* api-change:``neptune``: Removed the deprecated marker from publiclyAccessible parameter from DbInstance, CreateDbInstance and ModifyDbInstance and added relevant usage information for the parameter. +* api-change:``workmail``: Make RoleArn an optional parameter for the PutEmailMonitoringConfiguration API, and add UnsupportedOperationException to RegisterToWorkMail. +* api-change:``ec2``: MaximumEbsAttachments and AttachmentLimitType fields added to DescribeInstanceTypesResponse. G6f, Gr6f, R8i, R8i-flex and p5.4xlarge instance types added to InstanceTypes enum. + + +2.28.21 +======= + +* api-change:``ec2``: Release shows new route types such as filtered and advertisement. +* api-change:``bedrock-runtime``: Fixed stop sequence limit for converse API. +* api-change:``xray``: AWS X-Ray Features: Support Sampling Rate Boost On Anomaly + + +2.28.20 +======= + +* api-change:``mturk``: Remove incorrect endpoint tests +* api-change:``sso``: Remove incorrect endpoint tests +* api-change:``rds``: Added RDS HTTP Endpoint feature support flag to DescribeOrderableDBInstanceOptions API +* api-change:``codeguru-reviewer``: Remove incorrect endpoint tests +* api-change:``healthlake``: Add ValidationLevel parameter to StartFHIRImportJob API, allowing users to specify a FHIR validation level for their asynchronous import jobs. +* api-change:``workmailmessageflow``: Remove incorrect endpoint tests +* api-change:``ec2``: This release adds support for copying Amazon EBS snapshot and AMIs to and from Local Zones. +* api-change:``scheduler``: Remove incorrect endpoint tests +* api-change:``ec2-instance-connect``: Remove incorrect endpoint tests +* api-change:``glue``: Adding support to fetch TargetDatabase field during GetDatabases with AttributesToGet +* api-change:``omics``: Adds Amazon ECR pull through cache support to AWS HealthOmics, so you can more easily use container images from external sources. +* api-change:``cloud9``: Remove incorrect endpoint tests +* api-change:``applicationcostprofiler``: Remove incorrect endpoint tests +* api-change:``xray``: Remove incorrect endpoint tests +* api-change:``dynamodb``: Remove incorrect endpoint tests +* api-change:``fis``: Remove incorrect endpoint tests +* api-change:``geo-maps``: Remove incorrect endpoint tests +* api-change:``savingsplans``: Remove incorrect endpoint tests +* api-change:``fms``: Remove incorrect endpoint tests +* api-change:``cloudsearchdomain``: Remove incorrect endpoint tests +* api-change:``cloudhsmv2``: Remove incorrect endpoint tests +* api-change:``ssm-sap``: Added support for Configuration Checks on SAP HANA Applications. +* api-change:``timestream-query``: Remove incorrect endpoint tests +* api-change:``route53domains``: Remove incorrect endpoint tests +* api-change:``osis``: Remove incorrect endpoint tests +* api-change:``ses``: Remove incorrect endpoint tests +* api-change:``apprunner``: Doc only updates for APIs and and datatypes related to IPAddressType and Subnets for IPv6 dualstack support. +* api-change:``databrew``: Remove incorrect endpoint tests +* api-change:``connect``: AgentStatusDrillDown feature in GetCurrentMetricData API. Adding AGENT_STATUS as filter and grouping in GetCurrentMetricData API +* api-change:``mediastore-data``: Remove incorrect endpoint tests +* api-change:``codedeploy``: Remove incorrect endpoint tests +* api-change:``machinelearning``: Remove incorrect endpoint tests +* api-change:``waf``: Remove incorrect endpoint tests +* api-change:``autoscaling-plans``: Remove incorrect endpoint tests + + +2.28.19 +======= + +* api-change:``migrationhub-config``: Remove incorrect endpoint tests +* api-change:``kinesis-video-media``: Remove incorrect endpoint tests +* api-change:``application-insights``: Remove incorrect endpoint tests +* api-change:``pi``: Remove incorrect endpoint tests +* api-change:``eks``: Add support for on-demand refresh of EKS cluster insights +* api-change:``chime``: Remove incorrect endpoint tests +* api-change:``chime-sdk-voice``: Remove incorrect endpoint tests +* api-change:``batch``: Added ECS_AL2023_NVIDIA as an option for Ec2Configuration.imageType. +* api-change:``evidently``: Remove incorrect endpoint tests +* api-change:``chime-sdk-meetings``: Remove incorrect endpoint tests +* api-change:``neptune-graph``: Add StartGraph and StopGraph operations to Neptune Analytics +* api-change:``sagemaker``: This release adds support for AutoScaling on SageMaker HyperPod. +* api-change:``codeguruprofiler``: Remove incorrect endpoint tests +* api-change:``chime-sdk-identity``: Remove incorrect endpoint tests +* api-change:``lakeformation``: Remove incorrect endpoint tests +* api-change:``workdocs``: Remove incorrect endpoint tests +* api-change:``timestream-write``: Remove incorrect endpoint tests +* api-change:``frauddetector``: Remove incorrect endpoint tests +* api-change:``workmail``: Remove incorrect endpoint tests +* api-change:``ds``: Add APIs for CA AutoEnrollment support: DescribeCAEnrollmentPolicy, EnableCAEnrollmentPolicy and DisableCAEnrollmentPolicy. +* api-change:``opsworks-cm``: The opsworks-cm client has been removed following the deprecation of the service. +* api-change:``elasticache``: Remove incorrect endpoint tests +* api-change:``datapipeline``: Remove incorrect endpoint tests +* api-change:``amplifybackend``: Remove incorrect endpoint tests +* api-change:``discovery``: Remove incorrect endpoint tests +* api-change:``redshift``: Remove incorrect endpoint tests +* api-change:``schemas``: Remove incorrect endpoint tests +* api-change:``kinesisvideo``: Remove incorrect endpoint tests +* api-change:``inspector``: Remove incorrect endpoint tests +* api-change:``snow-device-management``: Remove incorrect endpoint tests +* api-change:``robomaker``: Remove incorrect endpoint tests +* api-change:``personalize``: Remove incorrect endpoint tests +* api-change:``qldb-session``: Remove incorrect endpoint tests +* api-change:``lex-models``: Remove incorrect endpoint tests +* api-change:``opsworks``: The opsworks client has been removed following the deprecation of the service. +* api-change:``voice-id``: Remove incorrect endpoint tests + + +2.28.18 +======= + +* api-change:``mq``: Remove incorrect endpoint tests +* api-change:``dlm``: Remove incorrect endpoint tests +* api-change:``connectparticipant``: Amazon Connect Participant Service: Remove unused fields from WebRTCConnection +* api-change:``waf-regional``: Remove incorrect endpoint tests +* api-change:``rbin``: Remove incorrect endpoint tests +* api-change:``arc-zonal-shift``: This release adds new API options to enable allowed windows and multiple alarms for practice runs. +* api-change:``ram``: Remove incorrect endpoint tests +* api-change:``elastictranscoder``: Remove incorrect endpoint tests +* api-change:``route53-recovery-cluster``: Remove incorrect endpoint tests +* api-change:``apprunner``: Remove incorrect endpoint tests +* api-change:``lookoutvision``: Remove incorrect endpoint tests +* api-change:``personalize-events``: Remove incorrect endpoint tests +* api-change:``codestar-connections``: Remove incorrect endpoint tests +* api-change:``ec2``: Add new APIs for viewing how your shared AMIs are used by other accounts, and identify resources in your account that are dependent on particular AMIs +* api-change:``geo-routes``: Added RouteFerryNotice PotentialViolatedVehicleRestrictionUsage value for CalculateRoutes. This value indicates when the Route is potentially forbidden for the given vehicle profile. +* api-change:``greengrass``: Remove incorrect endpoint tests +* api-change:``sagemaker-geospatial``: Remove incorrect endpoint tests +* api-change:``globalaccelerator``: Remove incorrect endpoint tests +* api-change:``identitystore``: Remove incorrect endpoint tests +* api-change:``signer``: Remove incorrect endpoint tests +* api-change:``kafka``: Remove incorrect endpoint tests +* api-change:``codecommit``: Remove incorrect endpoint tests +* api-change:``pinpoint``: Remove incorrect endpoint tests +* api-change:``iotsecuretunneling``: Remove incorrect endpoint tests +* api-change:``finspace``: Remove incorrect endpoint tests +* api-change:``mgh``: Remove incorrect endpoint tests +* api-change:``comprehendmedical``: Remove incorrect endpoint tests +* api-change:``migration-hub-refactor-spaces``: Remove incorrect endpoint tests +* api-change:``glacier``: Remove incorrect endpoint tests +* api-change:``servicecatalog-appregistry``: Remove incorrect endpoint tests + + +2.28.17 +======= + +* api-change:``ec2``: Added IPv6 support for AWS Client VPN. +* api-change:``lookoutequipment``: Remove incorrect endpoint tests +* api-change:``kinesis-video-archived-media``: Remove incorrect endpoint tests +* api-change:``dax``: Remove incorrect endpoint tests +* api-change:``kendra``: Remove incorrect endpoint tests +* api-change:``devops-guru``: Remove incorrect endpoint tests +* api-change:``sagemaker-edge``: Remove incorrect endpoint tests +* api-change:``personalize-runtime``: Remove incorrect endpoint tests +* api-change:``forecast``: Remove incorrect endpoint tests +* api-change:``codeartifact``: Remove incorrect endpoint tests +* api-change:``snowball``: Remove incorrect endpoint tests +* api-change:``kinesisanalytics``: Remove incorrect endpoint tests +* api-change:``emr-containers``: Remove incorrect endpoint tests +* api-change:``translate``: Remove incorrect endpoint tests +* api-change:``finspace-data``: Remove incorrect endpoint tests +* api-change:``cloudsearch``: Remove incorrect endpoint tests +* api-change:``iotfleethub``: Remove incorrect endpoint tests +* api-change:``chime-sdk-media-pipelines``: Remove incorrect endpoint tests +* api-change:``appflow``: Remove incorrect endpoint tests +* api-change:``chime-sdk-messaging``: Remove incorrect endpoint tests +* api-change:``mediastore``: Remove incorrect endpoint tests +* api-change:``resourcegroupstaggingapi``: Remove incorrect endpoint tests +* api-change:``mediapackage-vod``: Remove incorrect endpoint tests +* api-change:``sqs``: Documentation update for Amazon SQS Supports Large Payload Message feature +* api-change:``cloudtrail-data``: Remove incorrect endpoint tests +* api-change:``support-app``: Remove incorrect endpoint tests +* api-change:``wellarchitected``: Remove incorrect endpoint tests +* api-change:``sagemaker-featurestore-runtime``: Remove incorrect endpoint tests +* api-change:``shield``: Remove incorrect endpoint tests +* api-change:``codestar-notifications``: Remove incorrect endpoint tests +* api-change:``serverlessrepo``: Remove incorrect endpoint tests +* api-change:``lex-runtime``: Remove incorrect endpoint tests +* api-change:``b2bi``: Updated APIs to support custom validation rules. +* api-change:``mediaconvert``: This release adds support for input rendition selection for HLS input, adds new Share API to enable sharing jobs with AWS Support for support investigations, and adds INCLUDE_AS_TS to iFrameOnlyManifest setting for HLS outputs. +* api-change:``timestream-influxdb``: Add MAINTENANCE status for DbInstance and DbCluster +* api-change:``cur``: Remove incorrect endpoint tests +* api-change:``support``: Remove incorrect endpoint tests +* api-change:``datazone``: Releasing the following features - Asset classification that lets users use restricted terms for classifying assets if they have the right permissions. Also adding a new enum value "Moving" to project status. +* api-change:``qbusiness``: The Amazon Q Business GetDocumentContent operation now supports retrieval of the extracted text content in JSON format. +* api-change:``sagemaker-runtime``: Remove incorrect endpoint tests +* api-change:``codeguru-security``: Documentation update to notify users of the discontinuation of Amazon CodeGuru Security. + + +2.28.16 +======= + +* api-change:``qldb``: Remove incorrect endpoint tests +* bugfix:``dynamodb``: Correct Scan and Scanned Count values when resuming a scan or query with a ``--starting-token`` +* api-change:``elb``: Remove incorrect endpoint tests +* api-change:``route53-recovery-readiness``: Remove incorrect endpoint tests +* api-change:``medialive``: AWS Elemental MediaLive now has a field called "SubtitleRows" for controlling subtitle row count for DVB-Sub and Burn-In captions outputs +* api-change:``marketplacecommerceanalytics``: Remove incorrect endpoint tests +* enhancement:Python: Update bundled Python interpreter to 3.13.7 +* api-change:``sagemaker-a2i-runtime``: Remove incorrect endpoint tests +* api-change:``proton``: Remove incorrect endpoint tests +* api-change:``clouddirectory``: Remove incorrect endpoint tests +* api-change:``qconnect``: Releasing model ID support for UpdateAIPrompt +* api-change:``healthlake``: Remove incorrect endpoint tests +* api-change:``cognito-sync``: Remove incorrect endpoint tests +* api-change:``wafv2``: test and verified, safe to release +* api-change:``sagemaker``: Launch SageMaker Notebook Instances support for AL2023 along with P6-B200 instance type and Rootless Docker support for SageMaker Studio. +* api-change:``memorydb``: Remove incorrect endpoint tests +* api-change:``iotanalytics``: Remove incorrect endpoint tests +* api-change:``synthetics``: Added multi browser support for synthetics canaries, Increased ephemeral storage limit from 5GB to 10GB +* api-change:``docdb``: Remove incorrect endpoint tests +* api-change:``macie2``: Remove incorrect endpoint tests +* api-change:``rds``: Updates Amazon RDS documentation for Db2 read-only replicas. +* api-change:``simspaceweaver``: Remove incorrect endpoint tests + + +2.28.15 +======= + +* api-change:``greengrassv2``: Remove incorrect endpoint tests +* api-change:``ecr-public``: Remove incorrect endpoint tests +* api-change:``iotthingsgraph``: Remove incorrect endpoint tests +* api-change:``cloudhsm``: Remove incorrect endpoint tests +* api-change:``lookoutmetrics``: Remove incorrect endpoint tests +* api-change:``ebs``: Remove incorrect endpoint tests +* api-change:``backup-gateway``: Remove incorrect endpoint tests +* api-change:``iotevents``: Remove incorrect endpoint tests +* api-change:``lexv2-runtime``: Remove incorrect endpoint tests +* api-change:``glue``: Added support for preprocessing queries in Data Quality operations through new DataQualityGlueTable structure. +* api-change:``panorama``: Remove incorrect endpoint tests +* api-change:``ssm-contacts``: Doc-only updates for Incident Manager Contacts August 2025 +* api-change:``es``: Remove incorrect endpoint tests +* api-change:``mediapackage``: Remove incorrect endpoint tests +* api-change:``kinesis-video-signaling``: Remove incorrect endpoint tests +* api-change:``guardduty``: Remove Pattern trait from email field +* api-change:``managedblockchain``: Remove incorrect endpoint tests +* api-change:``pinpoint-email``: Remove incorrect endpoint tests +* api-change:``appfabric``: Remove incorrect endpoint tests +* api-change:``gameliftstreams``: The default application in a stream group can now be changed at any time using UpdateStreamGroup to update the DefaultApplicationIdentifier. +* api-change:``iotdeviceadvisor``: Remove incorrect endpoint tests +* api-change:``apigatewaymanagementapi``: Remove incorrect endpoint tests +* api-change:``comprehend``: Remove incorrect endpoint tests +* api-change:``s3outposts``: Remove incorrect endpoint tests +* api-change:``ecs``: This is a documentation only release that adds additional information for the update-service request parameters. +* api-change:``forecastquery``: Remove incorrect endpoint tests +* api-change:``iotevents-data``: Remove incorrect endpoint tests +* api-change:``cognito-identity``: Remove incorrect endpoint tests +* api-change:``resource-groups``: Remove incorrect endpoint tests +* api-change:``elasticbeanstalk``: Remove incorrect endpoint tests + + +2.28.14 +======= + +* api-change:``pinpoint-sms-voice-v2``: This change added InternationalSendingEnbaled as part of describe/Update/Request phone number API response, and as part of update/Request phone number API request +* api-change:``cognito-idp``: This release adds support for the new Terms APIs which allow displaying Terms of Use and Privacy Policy on the Managed Login user-registration page. +* api-change:``eks``: EKS Add-ons Custom Namespace Support +* api-change:``billing``: Clarify IPv4 and IPv6 endpoints +* api-change:``kinesisanalyticsv2``: Adds Key Management Service (KMS) support allowing customer-managed key (CMK) encryption for Flink application data. +* api-change:``sagemaker``: This release adds 1/ Launch ml.p5.4xlarge instance in Processing jobs, Training jobs and Training Plan 2/ Makes S3Uri to be required for S3FileSystem and S3FileSystemConfig. +* api-change:``datazone``: This release supports policy grant identifier for cloud formation integration +* api-change:``route53-recovery-control-config``: Remove incorrect endpoint tests +* api-change:``bedrock-runtime``: Launch CountTokens API to allow token counting +* api-change:``detective``: Remove incorrect endpoint tests +* api-change:``dynamodb``: Remove incorrect endpoint tests + + +2.28.13 +======= + +* api-change:``cleanrooms``: Support error message configuration for analysis templates +* api-change:``ec2``: Add support for "warning" volume status. +* api-change:``polly``: Added support for new output format - Opus. + + +2.28.12 +======= + +* api-change:``connect``: Amazon Connect Service Feature: Add support to enable multi-user in-app, web, and video calling. +* api-change:``sagemaker``: Customer managed keys now available for volume encryption of SageMaker HyperPod clusters. +* api-change:``batch``: Added default_x86_64 and default_arm64 as values to the instanceTypes field. +* api-change:``bcm-dashboards``: Billing and Cost Management Dashboards enables users to create dashboards that combine multiple visualizations of cost and usage data. Users can create, manage, and share dashboards. Tags are also available for dashboards. +* api-change:``connectparticipant``: Amazon Connect Service Feature: Add support to enable multi-user in-app, web, and video calling. +* api-change:``s3control``: Adds support for Compute checksum functionality in Amazon S3 Batch Operations. You can now calculate checksums for a list of objects using supported algorithms in Amazon S3, without requiring a restore or download + + +2.28.11 +======= + +* api-change:``amp``: Add Resource-based Policy APIs for Amazon Prometheus +* api-change:``glue``: AWS Glue Zero ETL now supports On-demand snapshot load +* api-change:``bedrock-agent``: This release adds support for saving Bedrock Flows while node configuration is still in progress, even if the Flow is not yet able to be invoked + + +2.28.10 +======= + +* api-change:``ec2``: This release adds ModifyInstanceConnectEndpoint API to update configurations on existing EC2 Instance Connect Endpoints and improves IPv6 support through dualstack DNS names for EC2 Instance Connect Endpoints. +* enhancement:configure: Improved error messaging for `aws configure import --csv` command to clarify file +* api-change:``dynamodb``: This release 1/ Adds support for throttled keys mode for CloudWatch Contributor Insights, 2/ Adds throttling reasons to exceptions across dataplane APIs. 3/ Explicitly models ThrottlingException as a class in statically typed languages. Refer to the launch day blog post for more details. +* api-change:``pcs``: Updated the regex pattern and description of iamInstanceProfileArn in the CreateComputeNodeGroup and UpdateComputeNodeGroup API actions. Name and path requirements apply to the ARN of the IAM role associated with the instance profile and not the ARN of the instance profile. +* api-change:``fsx``: Amazon FSx for NetApp ONTAP 2nd generation file systems now support decreasing SSD storage capacity. +* api-change:``glue``: AWS Glue now supports Trusted Identity Propagation. +* api-change:``medialive``: CMAF Ingest output groups in MediaLive can now accept one additional destination url for single pipeline channels and up to two additional destination urls for standard channels. +* api-change:``workspaces``: New APIs introduced to import WorkSpaces BYOL image using a new process that leveraged EC2 Image Builder. WorkSpaces tests and fixes your image's compatibility issues and supports customized VM images. +* api-change:``directconnect``: Added pagination support for DescribeHostedConnections, DescribeVirtualInterfaces, DescribeConnections, DescribeInterconnects, DescribeLags. Added asnLong support for BGP peer operations which supports a large range. +* api-change:``guardduty``: Added support for entity lists. +* api-change:``arc-region-switch``: Endpoint rule test and documentation update. +* api-change:``servicediscovery``: Added support for cross account through Id parameter overloading with ARN and allow owner account for some APIs instead of ARN +* api-change:``bcm-recommended-actions``: Initial SDK release for AWS Billing and Cost Management Recommended Actions. +* api-change:``qapps``: Documentation update for Amazon Q Apps API Reference + + +2.28.9 +====== + +* api-change:``datazone``: Adds support for account pools and project profile account decoupling +* api-change:``security-ir``: Added support for Organizational Unit-level Membership configuration and the ability to resume a cancelled membership. +* api-change:``braket``: Add support for Braket program sets. +* api-change:``partnercentral-selling``: Add Tagging Support for Opportunity resources +* api-change:``fsx``: Add Dual-Stack support for Amazon FSx for OpenZFS file systems +* api-change:``sagemaker``: This release introduces compute quota for GPU, Trainium accelerators, vCPU, and vCPU memory utilization across teams in HyperPod clusters + + +2.28.8 +====== + +* api-change:``organizations``: This release introduces 2 new APIs in Organizations: 1. ListAccountsWithInvalidEffectivePolicy 2. ListEffectivePolicyValidationErrors +* api-change:``sagemaker``: IAM Identity Center trusted identity propagation is now supported in SageMaker Studio. +* api-change:``transcribe``: AWS HealthScribe now supports specifying preferred patient pronouns through the MedicalScribeContext parameter for use in the generated clinical notes. +* api-change:``ec2``: Release to allow route table association with a PublicIpv4Pool. +* api-change:``codebuild``: AWS CodeBuild now supports PullRequestBuildPolicy in webhook object. +* api-change:``backupsearch``: Using recommended smithy trait to generate regional endpoints for Backup Search + + +2.28.7 +====== + +* enhancement:``sso``: Clarify ``aws sso login`` to only suggest a different device when using ``--use-device-code``. +* api-change:``evs``: Update for general availability of Amazon Elastic VMware Service (EVS). +* api-change:``bedrock``: This release includes model updates and enhanced SDK documentation for union fields in automated reasoning policy components. Added docs cover policy definitions, mutations (add/update for rules/types/variables), build assets, workflow sources, test results, and tag exception handling. +* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateVolume, DescribeVolume, LaunchTemplates, RunInstances, DescribeInstances, CreateDefaultSubnet, SpotInstances, and CreateDefaultSubnet APIs. +* api-change:``lambda``: Doc-only update for Lambda that updates the maximum payload size for response streaming invocations to 200 MB. +* api-change:``quicksight``: Add RowAxisDisplayOptions and ColumnAxisDisplayOptions to HeatMapConfiguration, add Actions to PluginVisual, increase limit for CalculatedFields list +* api-change:``cognito-idp``: Remove SigV4 auth requirement for GetTokensFromRefreshToken +* api-change:``sso-admin``: Added support for managing user background session for applications +* api-change:``deadline``: Adds support for Wait and Save feature in service-managed fleets +* api-change:``connect``: Updating SearchUserHierarchyGroups API + + +2.28.6 +====== + +* api-change:``connect``: This release adds a new API GetContactMetrics for Amazon Connect. +* api-change:``sagemaker``: Adds support for GB200 UltraServers in Amazon SageMaker training jobs, training plans, and HyperPod clusters +* api-change:``iot-data``: Adding DeleteConnection API to IoT Data Plane +* api-change:``inspector2``: Add CVSSV4 to Vulnerability Search API and update enable/disable account id list length to 5 +* api-change:``transcribe``: Update documentation to use key ARN only in OutputEncryptionKMSKeyId request parameter + + +2.28.5 +====== + +* api-change:``glue``: AWS Glue Data Catalog now supports Iceberg Optimization settings at the Catalog level, and supports new options to control the optimization job run rate. +* api-change:``gameliftstreams``: Adds Proton 9.0-2 to the list of runtime environment options available when creating an Amazon GameLift Streams application +* api-change:``guardduty``: Added support for VPC owner account ID associated with DNS request in the GuardDuty finding. +* api-change:``codebuild``: AWS CodeBuild now supports comment-based pull request control. +* api-change:``cloudfront``: Added new viewer security policy, TLSv1.3_2025, for CloudFront. +* api-change:``batch``: This feature allows customers to use AWS Batch with Linux with ARM64 CPU Architecture with Fargate Spot compute support. + + +2.28.4 +====== + +* api-change:``budgets``: Adds support for billing views. Billing views let you control access to cost and usage data through an AWS resource, streamlining the process of sharing cost and usage data across account boundaries. With this release, you can now create and view budgets based on billing views. +* api-change:``appstream``: Added support for G6 instances +* api-change:``ec2``: Mark Elastic Inference Accelerators and Elastic Graphics Processor parameters as deprecated on the RunInstances and LaunchTemplate APIs. +* api-change:``opensearchserverless``: Features: add Index APIs in OpenSearchServerless to support managed semantic enrichment +* enhancement:openssl: Update bundled OpenSSL version to 1.1.1zc for Linux installers +* api-change:``qbusiness``: Amazon Q Business now supports the GetDocumentContent() API that enables customers to securely access the source documents through clickable citation links at query time + + +2.28.3 +====== + +* api-change:``sagemaker``: Add support for SageMaker Hyperpod continuous scaling and custom AMI; Introduce new APIs: ListClusterEvents, DescribeClusterEvent, BatchAddClusterNodes +* api-change:``rds``: Adds a new Aurora Serverless v2 attribute to the DBCluster resource to expose the platform version. Also updates the attribute to be part of both the engine version and platform version descriptions. +* api-change:``bedrock-runtime``: This release adds support for Automated Reasoning checks output models for the Amazon Bedrock Guardrails ApplyGuardrail API. +* api-change:``bedrock``: This release introduces Automated Reasoning checks for Amazon Bedrock Guardrails. The feature adds new APIs for policy building, refinement, version management, and testing. Guardrail APIs now support Automated Reasoning policy configuration and validation output. +* api-change:``eks``: Add support for deletion protection on EKS clusters + + +2.28.2 +====== + +* api-change:``sagemaker``: This release adds the ability for customers to attach and detach their EBS volumes to EKS-orchestrated HyperPod cluster nodes. +* api-change:``iotsitewise``: Support Interface for IoT SiteWise Asset Modeling +* enhancement:``awscrt``: Update awscrt version to 0.27.5. +* api-change:``codeconnections``: New integration with Azure DevOps provider type. +* api-change:``bedrock-agentcore``: Remove superfluous field from API +* api-change:``evs``: TagResource API now throws ServiceQuotaExceededException when the number of tags on the Amazon EVS resource exceeds the maximum allowed. TooManyTagsException is deprecated. + + +2.28.1 +====== + +* api-change:``auditmanager``: Added a note to Framework APIs (CreateAssessmentFramework, GetAssessmentFramework, UpdateAssessmentFramework) clarifying that the Controls object returns a partial response when called through Framework APIs. Added documentation that the Framework's controlSources parameter is no longer supported. +* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable telemetry on AWS resources such as Amazon VPCs (Flow Logs) in customers AWS Accounts and Organizations. The release introduces new APIs to manage telemetry rules, which define telemetry settings to be applied on AWS resources. +* api-change:``pcs``: Add support for IPv6 Networking for Clusters. +* api-change:``sns``: Amazon SNS support for Amazon SQS fair queues +* api-change:``aiops``: This release includes fix for InvestigationGroup timestamp conversion issue. +* api-change:``arc-region-switch``: This is the initial SDK release for Region switch +* api-change:``acm-pca``: Doc-only update to add more information to GetCertificate action. +* api-change:``securityhub``: Release new resource detail type CodeRepository +* api-change:``lightsail``: This release adds support for the Asia Pacific (Jakarta) (ap-southeast-3) Region. + + +2.28.0 +====== + +* api-change:``workspaces-web``: Added ability to log session activity on a portal to an S3 bucket. +* api-change:``quicksight``: Added Impala connector support +* api-change:``ec2``: Added support for the force option for the EC2 instance terminate command. This feature enables customers to recover resources associated with an instance stuck in the shutting-down state as a result of rare issues caused by a frozen operating system or an underlying hardware problem. +* api-change:``glue``: Added support for Route node, S3 Iceberg sources/targets, catalog Iceberg sources, DynamoDB ELT connector, AutoDataQuality evaluation, enhanced PII detection with redaction, Kinesis fan-out support, and new R-series worker types. +* api-change:``iot``: This release allows AWS IoT Core users to use their own AWS KMS keys for data protection +* api-change:``s3control``: Add Tags field to CreateAccessPoint +* feature:``bedrock``: Add support for retrieving a Bearer token from environment variables to enable bearer authentication with Bedrock services. +* api-change:``entityresolution``: Add support for creating advanced rule-based matching workflows in AWS Entity Resolution. +* api-change:``sesv2``: This release introduces support for Multi-tenant management +* api-change:``inspector2``: Extend usage to include agentless hours and add CODE_REPOSITORY to aggregation resource type +* api-change:``elbv2``: This release enables secondary IP addresses for Network Load Balancers. +* api-change:``customer-profiles``: The release updates standard profile with 2 new fields that supports account-level engagement. Updated APIs include CreateProfile, UpdateProfile, MergeProfiles, SearchProfiles, BatchGetProfile, GetSegmentMembership, CreateSegmentDefinition, CreateSegmentEstimate. +* api-change:``opensearch``: Granular access control support for NEO-SAML with IAMFederation for AOS data source + + +2.27.63 +======= + +* api-change:``ds``: This release adds support for AWS Managed Microsoft AD Hybrid Edition, introducing new operations: StartADAssessment, DescribeADAssessment, ListADAssessments, DeleteADAssessment, CreateHybridAD, UpdateHybridAD, and DescribeHybridADUpdate; and updated existing operation: DescribeDirectories. +* api-change:``iotwireless``: Added TxPowerIndexMin, TxPowerIndexMax, NbTransMin and NbTransMax params to ServiceProfile. +* api-change:``docdb``: Add support for setting Serverless Scaling Configuration on clusters. +* enhancement:autocomplete: Add completion model for ``dsql`` +* api-change:``ec2``: Release to show the next hop IP address for routes propagated by VPC Route Server into VPC route tables. +* api-change:``cloudfront``: This release adds new origin timeout options: 1) ResponseCompletionTimeout and 2) OriginReadTimeout (for S3 origins) + + +2.27.62 +======= + +* api-change:``cleanrooms``: This feature provides the ability to update the table reference and allowed columns on an existing configured table. +* api-change:``deadline``: Adds support for tag management on monitors. +* api-change:``opensearchserverless``: This is to support Granular access control support for SAML with IAMFedraton in AOSS +* api-change:``location``: This release 1) adds support for multi-polygon geofences with disconnected territories, and 2) enables polygon exclusion zones within geofences for more accurate representation of real-world boundaries. +* api-change:``batch``: AWS Batch for SageMaker Training jobs feature support. Includes new APIs for service job submission (e.g., SubmitServiceJob) and managing service environments (e.g., CreateServiceEnvironment) that enable queueing SageMaker Training jobs. + + +2.27.61 +======= + +* api-change:``directconnect``: Enable MACSec support and features on Interconnects. +* api-change:``osis``: Add Pipeline Role Arn as an optional parameter to the create / update pipeline APIs as an alternative to passing in the pipeline configuration body +* api-change:``iotsitewise``: Add support for native anomaly detection in IoT SiteWise using new Computation Model APIs + + +2.27.60 +======= + +* api-change:``ec2``: Transit Gateway native integration with AWS Network Firewall. Adding new enum value for the new Transit Gateway Attachment type. +* api-change:``appintegrations``: Amazon AppIntegrations introduces new configuration capabilities to enable customers to manage iframe permissions, control application refresh behavior (per contact or per browser/cross-contact), and run background applications (service). +* api-change:``config``: Documentation improvements have been made to the EvaluationModel and DescribeConfigurationRecorders APIs. +* api-change:``kms``: Doc only update: fixed grammatical errors. +* api-change:``socialmessaging``: This release introduces new WhatsApp template management APIs that enable customers to programmatically create and submit templates for approval, monitor approval status, and manage the complete template lifecycle +* api-change:``sqs``: Documentation updates for Amazon SQS fair queues feature. +* api-change:``mediapackagev2``: This release adds support for specifying a preferred input for channels using CMAF ingest. +* api-change:``budgets``: Adds IPv6 and PrivateLink support for AWS Budgets in IAD. + + +2.27.59 +======= + +* api-change:``datazone``: This release adds support for 1) highlighting relevant text in returned results for Search and SearchListings APIs and 2) returning aggregated counts of values for specified attributes for SearchListings API. +* api-change:``omics``: Add Git integration and README support for HealthOmics workflows + + +2.27.58 +======= + +* api-change:``workspaces-thin-client``: Added the lastUserId parameter to the ListDevices and GetDevice API. +* api-change:``glue``: AWS Glue now supports dynamic session policies for job executions. This feature allows you to specify custom, fine-grained permissions for each job run without creating multiple IAM roles. +* api-change:``ec2``: Added support for skip-os-shutdown option for the EC2 instance stop and terminate operations. This feature enables customers to bypass the graceful OS shutdown, supporting faster state transitions when instance data preservation isn't critical. + + +2.27.57 +======= + +* enhancement:EMR: Updated create-cluster and describe-cluster commands to support --extended-support and --no-extended-support arguments +* api-change:``neptunedata``: This release updates the supported regions for Neptune API to include current AWS regions. +* enhancement:Dockerfile: Include ``findutils`` and ``jq`` in Docker image +* api-change:``lambda``: This release migrated the model to Smithy keeping all features unchanged. +* api-change:``ecr``: Add support for Image Tag Mutability Exception feature, allowing repositories to define wildcard-based patterns that override the default image tag mutability settings. +* api-change:``emr``: This release adds new parameter 'ExtendedSupport' in AWS EMR RunJobFlow, ModifyCluster and DescribeCluster API. + + +2.27.56 +======= + +* api-change:``ec2``: This release adds support for C8gn, F2 and P6e-GB200 Instance types +* api-change:``cloudfront``: Add dualstack endpoint support +* api-change:``timestream-influxdb``: Timestream for InfluxDB adds support for db.influx.24xlarge instance type. This enhancement enables higher compute capacity for demanding workloads through CreateDbInstance, CreateDbCluster, UpdateDbInstance, and UpdateDbCluster APIs. +* api-change:``deadline``: Add support for VPC resource endpoints in Service Managed Fleets +* enhancement:cloudfront: This release adds automatic pagination to the list-origin-access-controls command. To disable this behavior, please use the --no-paginate flag. +* api-change:``sagemaker``: This release adds 1/ Support for S3FileSystem in CustomFileSystems 2/ The ability for a customer to select their preferred IpAddressType for use with private Workforces 3/ Support for p4de instance type in SageMaker Training Plans + + +2.27.55 +======= + +* api-change:``mediaconvert``: This release adds support for TAMS server integration with MediaConvert inputs. +* api-change:``logs``: CloudWatchLogs launches GetLogObject API with streaming support for efficient log data retrieval. Logs added support for new AccountPolicy type METRIC_EXTRACTION_POLICY. For more information, see CloudWatch Logs API documentation +* api-change:``ssm``: July 2025 doc-only updates for Systems Manager. +* api-change:``auditmanager``: Updated error handling for RegisterOrganizationAdminAccount API to properly translate TooManyExceptions to HTTP 429 status code. This enhancement improves error handling consistency and provides clearer feedback when request limits are exceeded. +* api-change:``sesv2``: Added IP Visibility support for managed dedicated pools. Enhanced GetDedicatedIp and GetDedicatedIps APIs to return managed IP addresses. +* api-change:``outposts``: Add AWS Outposts API to surface customer billing information + + +2.27.54 +======= + +* api-change:``synthetics``: This feature allows AWS Synthetics customers to provide code dependencies using lambda layer while creating a canary +* api-change:``mediaconvert``: This release expands the range of supported audio outputs to include xHE, 192khz FLAC and the deprecation of dual mono for AC3. +* api-change:``cloudfront``: Doc only update for CloudFront that fixes some customer-reported issues +* api-change:``keyspacesstreams``: Doc only update for the Amazon Keyspaces Streams API. +* api-change:``mailmanager``: Allow underscores in the local part of the input of the "Email recipients rewrite" action in rule sets. +* api-change:``stepfunctions``: Align input with style guidelines. +* api-change:``ec2``: AWS Free Tier Version2 Support +* api-change:``cleanroomsml``: This release introduces Parquet result format support for ML Input Channel models in AWS Clean Rooms ML. + + +2.27.53 +======= + +* api-change:``glue``: AWS Glue now supports schema, partition and sort management of Apache Iceberg tables using Glue SDK +* api-change:``bedrock``: This release adds support for on-demand custom model inference through CustomModelDeployment APIs for Amazon Bedrock. +* api-change:``mediapackagev2``: This release adds support for CDN Authentication using Static Headers in MediaPackage v2. +* api-change:``iotwireless``: FuotaTaskId is not a valid IdentifierType for EventConfiguration and is being removed from possible IdentifierType values. +* api-change:``stepfunctions``: Doc-only update to introduction, and edits to clarify input parameter and the set of control characters. +* api-change:``bedrock-agentcore``: Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity. +* api-change:``networkflowmonitor``: Introducing 2 new scope status types - DEACTIVATING and DEACTIVATED. +* api-change:``guardduty``: Add expectedBucketOwner parameter to ThreatIntel and IPSet APIs. +* api-change:``bedrock-runtime``: document update to support on demand custom model. +* api-change:``datasync``: AWS DataSync now supports IPv6 address inputs and outputs in create, update, and describe operations for NFS, SMB, and Object Storage locations +* api-change:``payment-cryptography-data``: Expand length of message data field for Mac generation and validation to 8192 characters. +* api-change:``bedrock-agentcore-control``: Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity. +* api-change:``logs``: CloudWatch Logs updates: Added X-Ray tracing for Amazon Bedrock Agent resources. Logs introduced Log Group level resource policies (managed through Put/Delete/Describe Resource Policy APIs). For more information, see CloudWatch Logs API documentation. + + +2.27.52 +======= + +* api-change:``ecs``: This release removes hookDetails for the Amazon ECS native blue/green deployments. + + +2.27.51 +======= + +* api-change:``s3``: Amazon S3 Metadata live inventory tables provide a queryable inventory of all the objects in your general purpose bucket so that you can determine the latest state of your data. To help minimize your storage costs, use journal table record expiration to set a retention period for your records. +* api-change:``ecs``: Amazon ECS supports native blue/green deployments, allowing you to validate new service revisions before directing production traffic to them. +* api-change:``quicksight``: Introduced custom instructions for topics. +* api-change:``pricing``: This release adds support for new filter types in GetProducts API, including EQUALS, CONTAINS, ANY_OF, and NONE_OF. +* api-change:``opensearch``: AWS Opensearch adds support for enabling s3 vector engine options. After enabling this option, customers will be able to create indices with s3 vector engine. +* api-change:``repostspace``: This release introduces Channels functionality with CreateChannel, GetChannel, ListChannels, and UpdateChannel operations. Channels provide dedicated collaboration spaces where teams can organize discussions and knowledge by projects, business units, or areas of responsibility. +* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. +* api-change:``dynamodbstreams``: Added support for optional shard filter parameter in DescribeStream api that allows customers to fetch child shards of a read_only parent shard. +* api-change:``s3tables``: Adds table bucket type to ListTableBucket and GetTableBucket API operations +* api-change:``datazone``: Removing restriction of environment profile identifier as required field, S3 feature release +* api-change:``bedrock-agent``: Add support for S3 Vectors as a vector store. +* api-change:``events``: Add customer-facing logging for the EventBridge Event Bus, enabling customers to better observe their events and extract insights about their EventBridge usage. +* enhancement:Dockerfile: Update base image for AWS CLI v2 Docker image to Amazon Linux 2023 +* api-change:``ec2``: This release adds support for volume initialization status, which enables you to monitor when the initialization process for an EBS volume is completed. This release also adds IPv6 support to EC2 Instance Connect Endpoints, allowing you to connect to your EC2 Instance via a private IPv6 address. +* api-change:``sagemaker``: This release adds support for a new Restricted instance group type to enable a specialized environment for running Nova customization jobs on SageMaker HyperPod clusters. This release also adds support for SageMaker pipeline versioning. + + +2.27.50 +======= + +* api-change:``freetier``: This release introduces four new APIs: GetAccountPlanState and UpgradeAccountPlan for AWS account plan management; ListAccountActivities and GetAccountActivity that provide activity tracking capabilities. +* api-change:``ec2``: Adds support to Capacity Blocks for ML for purchasing EC2 P6e-GB200 UltraServers. Customers can now purchase u-p6e-gb200x72 and u-p6e-gb200x36 UltraServers. Adds new DescribeCapacityBlocks andDescribeCapacityBlockStatus APIs. Adds support for CapacityBlockId to DescribeInstanceTopology. +* api-change:``opsworkscm``: Removing content that refers to an S3 bucket that is no longer in use. + + +2.27.49 +======= + +* api-change:``customer-profiles``: This release introduces capability of create Segments via importing a CSV file directly. This consumes the CSV file and creates/updates corresponding profiles for the particular domain. +* api-change:``route53``: Amazon Route 53 now supports the iso-e regions for private DNS Amazon VPCs and cloudwatch healthchecks. +* api-change:``deadline``: Added fields for output manifest reporting and task chunking parameters +* api-change:``sagemaker``: Changes include new StartSession API for SageMaker Studio spaces and CreateHubContentPresignedUrls API for SageMaker JumpStart. +* api-change:``mediapackagev2``: This release adds support for Microsoft Smooth Streaming (MSS) and allows users to exclude DRM segment Metadata in MediaPackage v2 Origin Endpoints +* api-change:``ec2``: This release adds GroupOwnerId as a response member to the DescribeSecurityGroupVpcAssociations API and also adds waiters for SecurityGroupVpcAssociations (SecurityGroupVpcAssociationAssociated and SecurityGroupVpcAssociationDisassociated). + + +2.27.48 +======= + +* api-change:``s3control``: Added TagResource, UntagResource, and ListTagsForResource support for directory bucket +* api-change:``ec2``: AWS Site-to-Site VPN now supports IPv6 addresses on outer tunnel IPs, making it easier for customers to build or transition to IPv6-only networks. +* api-change:``connectcases``: This release adds DeleteCase and DeleteRelatedItem APIs, which enable deleting cases and comments, undoing contact association, and removing service level agreements (SLAs) from cases. Contact center admins can use these APIs to delete cases when requested by customers and correct agent errors. +* api-change:``s3``: Added support for directory bucket creation with tags and bucket ARN retrieval in CreateBucket, ListDirectoryBuckets, and HeadBucket operations + + +2.27.47 +======= + +* api-change:``odb``: This release adds API operations for Oracle Database@AWS. You can use the APIs to create Exadata infrastructure, ODB networks, and Exadata and Autonomous VM clusters inside AWS data centers. The infrastructure is managed by OCI. You can integrate these resources with AWS services. +* api-change:``sagemaker``: Updated field validation requirements for InstanceGroups. +* api-change:``cleanroomsml``: This release introduces support for incremental training and distributed training for custom models in AWS Clean Rooms ML. +* api-change:``rds``: Amazon RDS Custom for Oracle now supports multi-AZ database instances. +* api-change:``ec2``: Add Context to GetInstanceTypesFromInstanceRequirements API +* api-change:``datazone``: Add support for the new optional domain-unit-id parameter in the UpdateProject API. +* api-change:``qbusiness``: New ChatResponseConfiguration to Customize Q Business chat responses for specific use cases and communication needs. Updated Boosting capability allowing admins to provide preference on date attributes for recency and/or provide a preferred data source. + + +2.27.46 +======= + +* api-change:``transfer``: Added support for dual-stack (IPv4 and IPv6) endpoints for SFTP public endpoints and VPC-internal endpoints (SFTP, FTPS, FTP, and AS2), enabling customers to configure new servers with IPv4 or dual-stack mode, convert existing servers to dual-stack, and use IPv6 with service APIs. +* api-change:``bedrock``: Add support for API Keys, Re-Ranker, implicit filter for RAG / KB evaluation for Bedrock APIs. +* api-change:``ssm``: Introduces AccessType, a new filter value for the DescribeSessions API. +* api-change:``events``: Added support for EventBridge Dualstack endpoints in AWS GovCloud (US) regions (us-gov-east-1 and us-gov-west-1). The dualstack endpoints are identical for both FIPS and non-FIPS configurations, following the format: events.{region}.api.aws +* api-change:``medical-imaging``: Added new fields to support the concept of primary image sets within the storage hierarchy. +* api-change:``logs``: Increase minimum length of queryId parameter to 1 character. +* api-change:``connect``: This release introduces ChatMetrics to the model, providing comprehensive analytics insights for Amazon Connect chat conversations. Users can access these detailed metrics through the AWS Connect API by using the DescribeContact operation with their specific instance and contact IDs +* api-change:``iam``: Updated IAM ServiceSpecificCredential support to include expiration, API Key output format instead of username and password for services that will support API keys, and the ability to list credentials for all users in the account for a given service configuration. +* api-change:``bedrock-runtime``: Add API Key and document citations support for Bedrock Runtime APIs +* api-change:``arc-zonal-shift``: Added support for on-demand practice runs and balanced capacity checks in ARC autoshift practice. +* api-change:``pcs``: Fixed the validation pattern for an instance profile Amazon Resource Name (ARN) in AWS PCS. +* api-change:``quicksight``: Introduced custom permission capabilities for reporting content. Added menu option in exploration to preserve configuration data when textbox menu option is used. Added support for Athena trusted identity propagation. +* api-change:``networkflowmonitor``: Add ConflictExceptions to UpdateScope and DeleteScope operations for scopes being mutated. +* api-change:``dataexchange``: This release updates resource Id with alphanumeric constraint, including Asset id, Revision id, Data Set id, Job id, and Event Action id. +* api-change:``b2bi``: Updated APIs to support inbound EDI split capabilities and additional Partnership-level configurations of generated EDI files' contents and format. +* api-change:``glue``: releasing source processing properties to support source properties for ODB integrations +* api-change:``config``: Updated ResourceType enum with new resource types onboarded by AWS Config as of June 2025 +* api-change:``outposts``: Make ContactName and ContactPhoneNumber required fields when creating and updating Outpost Site Addresses. +* api-change:``dynamodb``: This change adds support for witnesses in global tables. It also adds a new table status, REPLICATION_NOT_AUTHORIZED. This status will indicate scenarios where global replicas table can't be utilized for data plane operations. +* api-change:``cloudformation``: Added support for UNKNOWN drift status. + + +2.27.45 +======= + +* api-change:``sesv2``: Added support for new SES regions +* api-change:``qconnect``: Adding UnauthorizedException to public SDK +* api-change:``config``: Added important considerations to the PutConformancePack and PutOrganizationConformancPack APIs. +* api-change:``rds``: StartDBCluster and StopDBCluster can now throw InvalidDBShardGroupStateFault. +* api-change:``guardduty``: Update JSON target for Kubernetes workload resource type. +* api-change:``connect``: This release adds the following value to an InitiateAs enum: COMPLETED +* api-change:``glue``: AWS Glue now supports schema, partition and sort management of Apache Iceberg tables using Glue SDK +* enhancement:User Agent: Append session id to user agent string + + +2.27.44 +======= + +* api-change:``deadline``: Added fields to track cumulative task retry attempts for steps and jobs +* api-change:``iot-managed-integrations``: Adding managed integrations APIs for IoT Device Management to onboard and control devices across different manufacturers, connectivity protocols and third party vendor clouds. APIs include managed thing operations, provisioning profile management, and cloud connector operations. +* api-change:``keyspaces``: This release provides change data capture (CDC) streams support through updates to the Amazon Keyspaces API. +* api-change:``workspaces``: Updated modifyStreamingProperties to support PrivateLink VPC endpoints for directories +* api-change:``kms``: This release updates AWS CLI examples for KMS APIs. +* api-change:``ec2``: This release adds support for OdbNetworkArn as a target in VPC Route Tables +* api-change:``keyspacesstreams``: This release adds change data capture (CDC) streams support through the new Amazon Keyspaces Streams API. +* api-change:``qbusiness``: Added support for App level authentication for QBusiness DataAccessor using AWS IAM Identity center Trusted Token issuer + + +2.27.43 +======= + +* api-change:``fsx``: Add support for the ability to create Amazon S3 Access Points for Amazon FSx for OpenZFS file systems. +* api-change:``s3control``: Add support for the ability to use Amazon S3 Access Points with Amazon FSx for OpenZFS file systems. +* api-change:``textract``: Add RotationAngle field to Geometry of WORD blocks for Textract AnalyzeDocument API +* api-change:``ecs``: Updates for change to Amazon ECS default log driver mode from blocking to non-blocking +* api-change:``s3``: Adds support for additional server-side encryption mode and storage class values for accessing Amazon FSx data from Amazon S3 using S3 Access Points +* api-change:``storagegateway``: This release adds IPv6 support to the Storage Gateway APIs. APIs that previously only accept or return IPv4 address will now accept or return both IPv4 and IPv6 addresses. +* api-change:``workspaces-thin-client``: Remove Tags field from Get API responses + + +2.27.42 +======= + +* api-change:``gamelift``: Add support for UDP ping beacons to ListLocations API, including new PingBeacon and UDPEndpoint data types within its Locations return value. Use UDP ping beacon endpoints to help measure real-time network latency for multiplayer games. +* api-change:``bedrock``: We are making ListFoundationModelAgreementOffers, DeleteFoundationModelAgreement, CreateFoundationModelAgreement, GetFoundationModelAvailability, PutUseCaseForModelAccess and GetUseCaseForModelAccess APIs public, previously they were console. +* api-change:``ec2``: This release allows you to create and register AMIs while maintaining their underlying EBS snapshots within Local Zones. +* api-change:``batch``: Add userdataType to LaunchTemplateSpecification and LaunchTemplateSpecificationOverride. +* api-change:``aiops``: Adds support for cross account investigations for CloudWatch investigations AI Operations (AIOps). +* api-change:``elbv2``: Add Paginator for DescribeAccountLimits, and fix Paginators for DescribeTrustStoreAssociations, DescribeTrustStoreRevocations, and DescribeTrustStores +* api-change:``license-manager``: AWS License Manager now supports license type conversions for AWS Marketplace products. Customers can provide Marketplace codes in the source license context or destination license context in the CreateLicenseConversionTaskForResource requests. +* api-change:``transcribe``: This Feature Adds Support for the "et-EE" Locale for Batch Operations +* api-change:``rds``: Adding support for RDS on Dedicated Local Zones, including local backup target, snapshot availability zone and snapshot target +* api-change:``route53resolver``: Add support for iterative DNS queries through the new INBOUND_DELEGATION endpoint. Add delegation support through the Outbound Endpoints with DELEGATE rules. + + +2.27.41 +======= + +* api-change:``s3tables``: S3 Tables now supports sort and z-order compaction strategies for Iceberg tables in addition to binpack. +* api-change:``workspaces-instances``: Added support for Amazon WorkSpaces Instances API +* api-change:``glue``: AWS Glue now supports sort and z-order strategy for managed automated compaction for Iceberg tables in addition to binpack. + + +2.27.40 +======= + +* api-change:``geo-places``: Geocode, ReverseGeocode, and GetPlace APIs added Intersections and SecondaryAddresses. To use, add to the AdditionalFeatures list in your request. This provides info about nearby intersections and secondary addresses that are associated with a main address. Also added MainAddress and ParsedQuery. +* api-change:``ecs``: Add ECS support for Windows Server 2025 +* api-change:``bedrock``: Add support for tiers in Content Filters and Denied Topics for Amazon Bedrock Guardrails. +* api-change:``mediaconvert``: This release adds a new SPECIFIED_OPTIMAL option for handling DDS when using DVB-Sub with high resolution video. +* api-change:``glue``: AWS Glue Data Quality now provides aggregated metrics in evaluation results when publishAggregatedMetrics with row-level results are enabled. These metrics include summary statistics showing total counts of processed, passed, and failed rows and rules in a single view. + + +2.27.39 +======= + +* api-change:``payment-cryptography-data``: Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export +* api-change:``bedrock``: This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference. +* api-change:``lambda``: Support Schema Registry feature for Kafka Event Source Mapping. Customers can now configure a Schema Registry to enable schema validation and filtering for Avro, Protobuf, and JSON-formatted events in Lambda for Kafka Event Source. +* api-change:``emr-serverless``: This release adds the capability to enable IAM IdentityCenter Trusted Identity Propagation for users running Interactive Sessions on EMR Serverless Applications. +* api-change:``payment-cryptography``: Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export +* api-change:``sagemaker``: This release introduces alternative support for utilizing CFN templates from S3 for SageMaker Projects. + + +2.27.38 +======= + +* api-change:``logs``: Added CloudWatch Logs Transformer support for converting CloudTrail, VPC Flow, EKS Audit, AWS WAF and Route53 Resolver logs to OCSF v1.1 format. +* api-change:``autoscaling``: Add IncludeInstances parameter to DescribeAutoScalingGroups API +* api-change:``imagebuilder``: Added paginators for ``imagebuilder``. +* api-change:``s3``: Added support for renaming objects within the same bucket using the new RenameObject API. +* api-change:``sagemaker``: Add support for p6-b200 instance type for SageMaker Hyperpod +* api-change:``aiops``: This is the initial SDK release for Amazon AI Operations (AIOps). AIOps is a generative AI-powered assistant that helps you respond to incidents in your system by scanning your system's telemetry and quickly surface suggestions that might be related to your issue. + + +2.27.37 +======= + +* api-change:``network-firewall``: Release of Active Threat Defense in Network Firewall +* api-change:``securityhub``: Adds operations, structures, and exceptions required for public preview release of Security Hub V2. +* api-change:``organizations``: Add support for policy operations on the SECURITYHUB_POLICY policy type. +* api-change:``mpa``: This release enables customers to create Multi-party approval teams and approval requests to protect supported operations. +* api-change:``wafv2``: AWS WAF can now suggest protection packs for you based on the application information you provide when you create a webACL. +* api-change:``inspector2``: Add Code Repository Scanning as part of AWS InspectorV2 +* api-change:``backup``: AWS Backup is adding support for integration of its logically air-gapped vaults with the AWS Organizations Multi-party approval capability. +* api-change:``bedrock``: This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference. +* api-change:``acm``: Adds support for Exportable Public Certificates +* enhancement:Python: Update bundled Python interpreter to 3.13.4 +* api-change:``accessanalyzer``: We are launching a new analyzer type, internal access analyzer. The new analyzer will generate internal access findings, which help customers understand who within their AWS organization or AWS Account has access to their critical AWS resources. +* api-change:``dms``: Add "Virtual" field to Data Provider as well as "S3Path" and "S3AccessRoleArn" fields to DataProvider settings +* api-change:``guardduty``: Adding support for extended threat detection for EKS Audit Logs and EKS Runtime Monitoring. +* api-change:``sts``: The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration. + + +2.27.36 +======= + +* api-change:``bedrock``: This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a Amazon SageMaker trained Amazon Nova model into Amazon Bedrock for inference. +* api-change:``network-firewall``: You can now create firewalls using a Transit Gateway instead of a VPC, resulting in a TGW attachment. +* api-change:``sagemaker``: This release 1) adds a new S3DataType Converse for SageMaker training 2)adds C8g R7gd M8g C6in P6 P6e instance type for SageMaker endpoint 3) adds m7i, r7i, c7i instance type for SageMaker Training and Processing. +* api-change:``ecr``: The `DescribeImageScanning` API now includes `lastInUseAt` and `InUseCount` fields that can be used to prioritize vulnerability remediation for images that are actively being used. + + +2.27.35 +======= + +* api-change:``connectcampaignsv2``: Added PutInstanceCommunicationLimits and GetInstanceCommunicationLimits APIs +* api-change:``apigatewayv2``: Documentation updates for Amazon API Gateway +* api-change:``apigateway``: Documentation updates for Amazon API Gateway +* api-change:``emr-serverless``: This release adds support for retrieval of the optional executionIamPolicy field in the GetJobRun API response. +* api-change:``ecs``: This Amazon ECS release supports updating the capacityProviderStrategy parameter in update-service. +* api-change:``iotfleetwise``: Add new status READY_FOR_CHECKIN used for vehicle synchronisation +* api-change:``pcs``: Fixed regex patterns for ARN fields. +* api-change:``kms``: AWS KMS announces the support of ML-DSA key pairs that creates post-quantum safe digital signatures. + + +2.27.34 +======= + +* api-change:``controlcatalog``: Introduced ListControlMappings API that retrieves control mappings. Added control aliases and governed resources fields in GetControl and ListControls APIs. New filtering capability in ListControls API, with implementation identifiers and implementation types. +* api-change:``wafv2``: WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions. +* api-change:``lexv2-models``: Add support for the Assisted NLU feature to improve bot performance +* api-change:``eks``: Release for EKS Pod Identity Cross Account feature and disableSessionTags flag. +* api-change:``rds``: Updates Amazon RDS documentation for Amazon RDS for Db2 cross-Region replicas in standby mode. +* api-change:``networkmanager``: Add support for public DNS hostname resolution to private IP addresses across Cloud WAN-managed VPCs. Add support for security group referencing across Cloud WAN-managed VPCs. + + +2.27.33 +======= + +* api-change:``gameliftstreams``: Documentation updates for Amazon GameLift Streams to address formatting errors, correct resource ID examples, and update links to other guides + + +2.27.32 +======= + +* enhancement:``cloudformation``: High-level Cloudformation commands such as ``deploy`` and ``package`` will now fallback to SHA256 for checksumming if MD5 isn't present on the host +* api-change:``ec2``: Release to support Elastic VMware Service (Amazon EVS) Subnet and Amazon EVS Network Interface Types. +* api-change:``customer-profiles``: This release introduces capability of Profile Explorer, using correct ingestion timestamp & using historical data for computing calculated attributes, and new standard objects for T&H as part of Amazon Connect Customer Profiles service. +* api-change:``efs``: Added support for Internet Protocol Version 6 (IPv6) on EFS Service APIs and mount targets. +* api-change:``workspaces-thin-client``: Add ConflictException to UpdateEnvironment API +* api-change:``ce``: Support dual-stack endpoints for ce api +* api-change:``marketplace-catalog``: The ListEntities API now supports the EntityID, LastModifiedDate, ProductTitle, and Visibility filters for machine learning products. You can also sort using all of those filters. +* api-change:``appsync``: Deprecate `atRestEncryptionEnabled` and `transitEncryptionEnabled` attributes in `CreateApiCache` action. Encryption is always enabled for new caches. + + +2.27.31 +======= + +* api-change:``kms``: Remove unpopulated KeyMaterialId from Encrypt Response +* api-change:``rds``: Include Global Cluster Identifier in DBCluster if the DBCluster is a Global Cluster Member. +* api-change:``s3tables``: S3 Tables now supports getting details about a table via its table ARN. +* api-change:``rekognition``: Adds support for defining an ordered preference list of different Rekognition Face Liveness challenge types when calling CreateFaceLivenessSession. +* api-change:``bedrock-agent-runtime``: This release introduces the `PromptCreationConfigurations` input parameter, which includes fields to control prompt population for `InvokeAgent` or `InvokeInlineAgent` requests. +* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Taipei) Region (ap-east-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. + + +2.27.30 +======= + +* api-change:``wafv2``: AWS WAF adds support for ASN-based traffic filtering and support for ASN-based rate limiting. +* api-change:``kms``: AWS KMS announces the support for on-demand rotation of symmetric-encryption KMS keys with imported key material (EXTERNAL origin). +* api-change:``cloudformation``: Add new warning type 'EXCLUDED_PROPERTIES' +* api-change:``bcm-pricing-calculator``: Updating the minimum for List APIs to be 1 (instead of 0) + + +2.27.29 +======= + +* api-change:``mediaconnect``: This release updates the DescribeFlow API to show peer IP addresses. You can now identify the peer IP addresses of devices connected to your sources and outputs. This helps you to verify and troubleshoot your flow's active connections. +* api-change:``amplify``: Update documentation for cacheConfig in CreateApp API +* enhancement:dependency: Remove cryptography as a dependency +* api-change:``sagemaker``: Added support for p6-b200 instance type in SageMaker Training Jobs and Training Plans. +* api-change:``evs``: Amazon Elastic VMware Service (Amazon EVS) allows you to run VMware Cloud Foundation (VCF) directly within your Amazon VPC including simplified self-managed migration experience with guided workflow in AWS console or via AWS CLI, get full access to their VCF deployment and VCF license portability. +* api-change:``invoicing``: Added new Invoicing ListInvoiceSummaries API Operation +* api-change:``network-firewall``: You can now monitor flow and alert log metrics from the Network Firewall console. +* api-change:``mediaconvert``: This release includes support for embedding and signing C2PA content credentials in MP4 outputs. +* api-change:``transcribe``: AWS Healthscribe now supports new templates for the clinical note summary: BIRP, SIRP, DAP, BEHAVIORAL_SOAP, and PHYSICAL_SOAP + + +2.27.28 +======= + +* api-change:``apigatewayv2``: Adds support to create routing rules and set the routing mode for a custom domain name. +* api-change:``apigateway``: Adds support to set the routing mode for a custom domain name. +* api-change:``emr-serverless``: AWS EMR Serverless: Adds a new option in the CancelJobRun API in EMR 7.9.0+, to cancel a job with grace period. This feature is enabled by default with a 120-second grace period for streaming jobs and is not enabled by default for batch jobs. + + +2.27.27 +======= + +* api-change:``pcs``: Introduces SUSPENDING and SUSPENDED states for clusters, compute node groups, and queues. +* api-change:``bedrock-agent``: This release adds the Agent Lifecycle Paused State feature to Amazon Bedrock agents. By using an agent's alias, you can temporarily suspend agent operations during maintenance, updates, or other situations. +* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze Amazon Aurora database clusters and generate Aurora I/O-Optimized recommendations. +* api-change:``synthetics``: Support for Java runtime handler pattern. +* api-change:``athena``: Add support for the managed query result in the workgroup APIs. The managed query result configuration enables users to store query results to Athena owned storage. +* api-change:``eks``: Add support for filtering ListInsights API calls on MISCONFIGURATION insight category +* api-change:``ecs``: Updates Amazon ECS documentation to include note for upcoming default log driver mode change. +* api-change:``cost-optimization-hub``: Support recommendations for Aurora instance and Aurora cluster storage. +* api-change:``entityresolution``: Add support for generating match IDs in near real-time. +* api-change:``backup``: You can now subscribe to Amazon SNS notifications and Amazon EventBridge events for backup indexing. You can now receive notifications when a backup index is created, deleted, or fails to create, enhancing your ability to monitor and track your backup operations. + + +2.27.26 +======= + +* api-change:``emr-serverless``: This release adds the capability for users to specify an optional Execution IAM policy in the StartJobRun action. The resulting permissions assumed by the job run is the intersection of the permissions in the Execution Role and the specified Execution IAM Policy. +* api-change:``sagemaker``: Release new parameter CapacityReservationConfig in ProductionVariant + + +2.27.25 +======= + +* api-change:``fsx``: FSx API changes to support the public launch of new Intelligent Tiering storage class on Amazon FSx for Lustre +* api-change:``datasync``: AgentArns field is made optional for Object Storage and Azure Blob location create requests. Location credentials are now managed via Secrets Manager, and may be encrypted with service managed or customer managed keys. Authentication is now optional for Azure Blob locations. +* api-change:``ivs-realtime``: IVS Real-Time now offers customers the participant replication that allow customers to copy a participant from one stage to another. +* api-change:``dataexchange``: This release adds Tag support for Event Action resource, through which customers can create event actions with Tags and retrieve event actions with Tags. +* api-change:``bcm-pricing-calculator``: Add AFTER_DISCOUNTS_AND_COMMITMENTS to Workload Estimate Rate Type. Set ListWorkLoadEstimateUsage maxResults range to minimum of 0 and maximum of 300. +* api-change:``autoscaling``: Add support for "apple" CpuManufacturer in ABIS +* api-change:``sagemaker``: Add maintenance status field to DescribeMlflowTrackingServer API response +* api-change:``connect``: Amazon Connect Service Feature: Email Recipient Limit Increase +* api-change:``mwaa``: Amazon MWAA now lets you choose a worker replacement strategy when updating an environment. This release adds two worker replacement strategies: FORCED (default), which stops workers immediately, and GRACEFUL, which allows workers to finish current tasks before shutting down. +* api-change:``s3``: Adding checksum support for S3 PutBucketOwnershipControls API. +* api-change:``amplify``: Add support for customizable build instance sizes. CreateApp and UpdateApp operations now accept a new JobConfig parameter composed of BuildComputeType. +* api-change:``cloudtrail``: CloudTrail Feature Release: Support for Enriched Events with Configurable Context for Event Data Store + + +2.27.24 +======= + +* api-change:``events``: Allow for more than 2 characters for location codes in EventBridge ARNs +* api-change:``cost-optimization-hub``: This release allows customers to modify their preferred commitment term and payment options. +* api-change:``synthetics``: Add support to change ephemeral storage. Add a new field "TestResult" under CanaryRunStatus. +* api-change:``ec2``: Enable the option to automatically delete underlying Amazon EBS snapshots when deregistering Amazon Machine Images (AMIs) +* api-change:``network-firewall``: You can now use VPC endpoint associations to create multiple firewall endpoints for a single firewall. + + +2.27.23 +======= + +* api-change:``ec2``: This release adds three features - option to store AWS Site-to-Site VPN pre-shared keys in AWS Secrets Manager, GetActiveVpnTunnelStatus API to check the in-use VPN algorithms, and SampleType option in GetVpnConnectionDeviceSampleConfiguration API to get recommended sample configs for VPN devices. +* api-change:``deadline``: AWS Deadline Cloud service-managed fleets now support storage profiles. With storage profiles, you can map file paths between a workstation and the worker hosts running the job. +* api-change:``ce``: This release introduces Cost Comparison feature (GetCostAndUsageComparisons, GetCostComparisonDrivers) allowing you find cost variations across multiple dimensions and identify key drivers of spending changes. + + +2.27.22 +======= + +* api-change:``security-ir``: Update PrincipalId pattern documentation to reflect what user should receive back from the API call +* api-change:``ec2``: This release adds support for the C7i-flex, M7i-flex, I7i, I7ie, I8g, P6-b200, Trn2, C8gd, M8gd and R8gd instances + + +2.27.21 +======= + +* api-change:``dsql``: Features: support for customer managed encryption keys +* api-change:``glue``: This release supports additional ConversionSpec parameter as part of IntegrationPartition Structure in CreateIntegrationTableProperty API. This parameter is referred to apply appropriate column transformation for columns that are used for timestamp based partitioning +* bugfix:s3transfer: Validate ETag of stored object during multipart downloads +* api-change:``auditmanager``: With this release, the AssessmentControl description field has been deprecated, as of May 19, 2025. Additionally, the UpdateAssessment API can now return a ServiceQuotaExceededException when applicable service quotas are exceeded. +* api-change:``amp``: Add QueryLoggingConfiguration APIs for Amazon Managed Prometheus + + +2.27.20 +======= + +* api-change:``ec2``: Release of Dualstack and Ipv6-only EC2 Public DNS hostnames +* api-change:``application-autoscaling``: Doc only update that addresses a customer reported issue. +* api-change:``bedrock-agent-runtime``: Amazon Bedrock introduces asynchronous flows (in preview), which let you run flows for longer durations and yield control so that your application can perform other tasks and you don't have to actively monitor the flow's progress. +* api-change:``cloudwatch``: Adds support for setting up Contributor Insight rules on logs transformed via Logs Transformation feature. +* api-change:``partnercentral-selling``: Modified validation to allow expectedCustomerSpend array with zero elements in Partner Opportunity operations. + + +2.27.19 +======= + +* api-change:``inspector2``: This release adds GetClustersForImage API and filter updates as part of the mapping of container images to running containers feature. +* api-change:``rds``: This release introduces the new DescribeDBMajorEngineVersions API for describing the properties of specific major versions of database engines. +* api-change:``privatenetworks``: The privatenetworks client has been removed following the deprecation of the service. +* api-change:``glue``: Enhanced AWS Glue ListConnectionTypes API Model with additional metadata fields. +* api-change:``oam``: Add IncludeTags field to GetLink, GetSink and UpdateLink API +* api-change:``datasync``: Remove Discovery APIs from the DataSync service +* api-change:``ec2``: This release expands the ModifyInstanceMaintenanceOptions API to enable or disable instance migration during customer-initiated reboots for EC2 Scheduled Reboot Events. + + +2.27.18 +======= + +* api-change:``dsql``: CreateMultiRegionCluster and DeleteMultiRegionCluster APIs removed +* api-change:``ec2``: This release includes new APIs for System Integrity Protection (SIP) configuration and automated root volume ownership delegation for EC2 Mac instances. +* api-change:``mediapackagev2``: This release adds support for DVB-DASH, EBU-TT-D subtitle format, and non-compacted manifests for DASH in MediaPackage v2 Origin Endpoints. + + +2.27.17 +======= + +* api-change:``glue``: Changes include (1) Excel as S3 Source type and XML and Tableau's Hyper as S3 Sink types, (2) targeted number of partitions parameter in S3 sinks and (3) new compression types in CSV/JSON and Parquet S3 sinks. +* api-change:``ecs``: This is an Amazon ECs documentation only release to support the change of the container exit "reason" field from 255 characters to 1024 characters. +* api-change:``service-quotas``: This release introduces CreateSupportCase operation to SDK. +* api-change:``bedrock-data-automation``: Add support for VIDEO modality to BlueprintType enum. +* api-change:``codepipeline``: CodePipeline now supports new API ListDeployActionExecutionTargets that lists the deployment target details for deploy action executions. +* api-change:``neptune``: This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster. +* api-change:``bedrock-data-automation-runtime``: Add AssetProcessingConfiguration for video segment to InputConfiguration +* api-change:``emr``: Added APIs for managing Application UIs: Access Persistent (serverless) UIs via CreatePersistentAppUI DescribePersistentAppUI & GetPersistentAppUIPresignedURL, and Cluster-based UIs through GetOnClusterAppUIPresignedURL. Supports Yarn, Spark History, and TEZ interfaces. + + +2.27.16 +======= + +* api-change:``workspaces``: Added the new AlwaysOn running mode for WorkSpaces Pools. Customers can now choose between AlwaysOn (for instant access, with hourly usage billing regardless of connection status), or AutoStop (to optimize cost, with a brief startup delay) for their pools. +* api-change:``codebuild``: AWS CodeBuild now supports Docker Server capability +* api-change:``pcs``: This release adds support for Slurm accounting. For more information, see the Slurm accounting topic in the AWS PCS User Guide. Slurm accounting is supported for Slurm 24.11 and later. This release also adds 24.11 as a valid value for the version parameter of the Scheduler data type. +* api-change:``bedrock-agent``: Amazon Bedrock Flows introduces DoWhile loops nodes, parallel node executions, and enhancements to knowledge base nodes. +* api-change:``controltower``: Updated the descriptions for the AWS Control Tower Baseline APIs to make them more intuitive. +* api-change:``dms``: Introduces Data Resync feature to describe-table-statistics and IAM database authentication for MariaDB, MySQL, and PostgreSQL. + + +2.27.15 +======= + +* api-change:``logs``: This release adds a new API "ListLogGroups" and an improvement in API "DescribeLogGroups" +* api-change:``firehose``: This release adds catalogARN support for s3 tables multi-catalog catalogARNs. +* api-change:``mediaconvert``: This update enables cropping for video overlays and adds a new STL to Teletext upconversion toggle to preserve styling. +* api-change:``cognito-idp``: Add exceptions to WebAuthn operations. + + +2.27.14 +======= + +* api-change:``bedrock-agent-runtime``: Changes for enhanced metadata in trace +* api-change:``dsql``: CreateMultiRegionClusters and DeleteMultiRegionClusters APIs marked as deprecated. Introduced new multi-Region clusters creation experience through multiRegionProperties parameter in CreateCluster API. +* api-change:``bedrock``: Enable cross-Region inference for Amazon Bedrock Guardrails by using the crossRegionConfig parameter when calling the CreateGuardrail or UpdateGuardrail operation. +* api-change:``controltower``: AWS Control Tower now reports the inheritance drift status for EnabledBaselines through the GetEnabledBaseline and ListEnabledBaselines APIs. You can now filter EnabledBaselines by their enablement and drift status using the ListEnabledBaselines API to view accounts and OUs that require attention. +* api-change:``ecs``: This release extends functionality for Amazon EBS volumes attached to Amazon ECS tasks by adding support for the new EBS volumeInitializationRate parameter in ECS RunTask/StartTask/CreateService/UpdateService APIs. +* api-change:``license-manager``: Add Tagging feature to resources in the Managed Entitlements service. License and Grant resources can now be tagged. + + +2.27.13 +======= + +* api-change:``supplychain``: Launch new AWS Supply Chain public APIs for DataIntegrationEvent, DataIntegrationFlowExecution and DatasetNamespace. Also add more capabilities to existing public APIs to support direct dataset event publish, data deduplication in DataIntegrationFlow, partition specification of custom datasets. +* api-change:``sagemaker``: No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged. +* api-change:``iam``: Updating the endpoint list for the Identity and access management (IAM) service +* api-change:``deadline``: AWS Deadline Cloud service-managed fleets now support configuration scripts. Configuration scripts make it easy to install additional software, like plugins and packages, onto a worker. +* api-change:``ec2``: EC2 - Adding support for AvailabilityZoneId +* api-change:``medialive``: Add support to the AV1 rate control mode +* api-change:``s3control``: Updates to support S3 Express zonal endpoints for directory buckets in AWS CLI +* api-change:``mediatailor``: Documenting that EnabledLoggingStrategies is always present in responses of PlaybackConfiguration read operations. + + +2.27.12 +======= + +* api-change:``athena``: Minor API documentation updates +* api-change:``logs``: We are pleased to announce limit increases to our grok processor logs transformation feature. Now you can define 20 Grok patterns in their configurations, with an expanded total pattern matching limit of 512 characters. +* api-change:``synthetics``: Add support to retry a canary automatically after schedule run failures. Users can enable this feature by configuring the RetryConfig field when calling the CreateCanary or UpdateCanary API. Also includes changes in GetCanary and GetCanaryRuns to support retrieving retry configurations. +* api-change:``workspaces``: Remove parameter EnableWorkDocs from WorkSpacesServiceModel due to end of support of Amazon WorkDocs service. + + +2.27.11 +======= + +* api-change:``codepipeline``: Add support for Secrets Manager and Plaintext environment variable types in Commands action +* api-change:``sso-admin``: Update PutPermissionBoundaryToPermissionSet API's managedPolicyArn pattern to allow valid ARN only. Update ApplicationName to allow white spaces. +* api-change:``ec2``: Launching the feature to support ENA queues offering flexibility to support multiple queues per Enhanced Network Interface (ENI) +* enhancement:Python: Update bundled Python interpreter to 3.13.3 +* api-change:``cloudfront``: Doc-only update for CloudFront. These changes include customer-reported issues. +* api-change:``guardduty``: Updated description of a data structure. +* api-change:``glue``: This new release supports customizable RefreshInterval for all Saas ZETL integrations from 15 minutes to 6 days. + + +2.27.10 +======= + +* api-change:``ec2``: This release adds API support for Path Component Exclusion (Filter Out ARN) for Reachability Analyzer +* api-change:``sagemaker``: SageMaker AI Studio users can now migrate to SageMaker Unified Studio, which offers a unified web-based development experience that integrates AWS data, analytics, artificial intelligence (AI), and machine learning (ML) services, as well as additional tools and resource +* api-change:``imagebuilder``: Updated the CreateImageRecipeRequest ParentImage description to include all valid values as updated with the SSM Parameters project. +* api-change:``medialive``: Enables Updating Anywhere Settings on a MediaLive Anywhere Channel. +* api-change:``synthetics``: Add support to test a canary update by invoking a dry run of a canary. This behavior can be used via the new StartCanaryDryRun API along with new fields in UpdateCanary to apply dry run changes. Also includes changes in GetCanary and GetCanaryRuns to support retrieving dry run configurations. + + +2.27.9 +====== + +* api-change:``servicecatalog``: ServiceCatalog's APIs (DeleteServiceAction, DisassociateServiceActionFromProvisioningArtifact, AssociateServiceActionWithProvisioningArtifact) now throw InvalidParametersException when IdempotencyToken is invalid. +* api-change:``timestream-write``: Add dualstack endpoints support. +* api-change:``ec2``: This release adds support for Amazon EBS Provisioned Rate for Volume Initialization, which lets you specify a volume initialization rate to ensure that your EBS volumes are initialized in a predictable amount of time. +* api-change:``timestream-query``: Add dualstack endpoints support and correct us-gov-west-1 FIPS endpoint. + + +2.27.8 +====== + +* api-change:``devicefarm``: Add an optional parameter to the GetDevicePoolCompatibility API to pass in project information to check device pool compatibility. +* api-change:``ecs``: Add support to roll back an In_Progress ECS Service Deployment +* api-change:``ec2``: This update introduces API operations to manage and create local gateway VIF and VIF groups. It also includes API operations to describe Outpost LAGs and service link VIFs. +* api-change:``datazone``: This release adds a new authorization policy to control the usage of custom AssetType when creating an Asset. Customer can now add new grant(s) of policyType USE_ASSET_TYPE for custom AssetTypes to apply authorization policy to projects members and domain unit owners. +* api-change:``mediaconvert``: This release adds an optional sidecar per-frame video quality metrics report and an ALL_PCM option for audio selectors. It also changes the data type for Probe API response fields related to video and audio bitrate from integer to double. + + +2.27.7 +====== + +* api-change:``ds``: Doc only update - fixed typos. +* api-change:``bedrock-data-automation``: Added support for Custom output and blueprints for AUDIO data types. +* api-change:``kinesis``: Marking ResourceARN as required for Amazon Kinesis Data Streams APIs TagResource, UntagResource, and ListTagsForResource. + + +2.27.6 +====== + +* api-change:``sagemaker``: Feature - Adding support for Scheduled and Rolling Update Software in Sagemaker Hyperpod. +* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for tagging policy stores. +* api-change:``appconfig``: Adding waiter support for deployments and environments; documentation updates +* api-change:``connect``: This release adds the following fields to DescribeContact: DisconnectReason, AgentInitiatedHoldDuration, AfterContactWorkStartTimestamp, AfterContactWorkEndTimestamp, AfterContactWorkDuration, StateTransitions, Recordings, ContactDetails, ContactEvaluations, Attributes + + +2.27.5 +====== + +* api-change:``deadline``: Adds support for tag management on workers and tag inheritance from fleets to their associated workers. +* api-change:``bedrock-agent``: Features: Add inline code node to prompt flow +* api-change:``bedrock-agent-runtime``: Support for Custom Orchestration within InlineAgents +* api-change:``cleanrooms``: This release adds support for ProtectedQuery results to be delivered to more than one collaboration member via the new distribute output configuration in StartProtectedQuery. +* api-change:``ecr``: Adds dualstack support for Amazon Elastic Container Registry (Amazon ECR). +* api-change:``ec2``: Launch of cost distribution feature for IPAM owners to distribute costs to internal teams. +* api-change:``mailmanager``: Introducing new RuleSet rule PublishToSns action, which allows customers to publish email notifications to an Amazon SNS topic. New PublishToSns action enables customers to easily integrate their email workflows via Amazon SNS, allowing them to notify other systems about important email events. +* api-change:``bedrock``: You can now specify a cross region inference profile as a teacher model for the CreateModelCustomizationJob API. Additionally, the GetModelCustomizationJob API has been enhanced to return the sub-task statuses of a customization job within the StatusDetails response field. +* api-change:``ecr-public``: Adds dualstack support for Amazon Elastic Container Registry Public (Amazon ECR Public). +* bugfix:socialmessaging: Renames the incorrectly named delete-whatsapp-media-message command to the correct name of delete-whatsapp-message-media +* api-change:``logs``: CloudWatch Logs supports "DELIVERY" log class. This log class is used only for delivering AWS Lambda logs to Amazon S3 or Amazon Data Firehose. + + +2.27.4 +====== + +* api-change:``qbusiness``: Add support for anonymous user access for Q Business applications +* enhancement:awscrt: Update awscrt version requirement to 0.26.1 +* api-change:``ssm``: This release adds support for just-In-time node access in AWS Systems Manager. Just-in-time node access enables customers to move towards zero standing privileges by requiring operators to request access and obtain approval before remotely connecting to nodes managed by the SSM Agent. +* api-change:``connectcases``: Introduces CustomEntity as part of the UserUnion data type. This field is used to indicate the entity who is performing the API action. +* api-change:``kinesis``: Amazon KDS now supports tagging and attribute-based access control (ABAC) for enhanced fan-out consumers. +* api-change:``sagemaker``: Introduced support for P5en instance types on SageMaker Studio for JupyterLab and CodeEditor applications. +* api-change:``sagemaker-metrics``: SageMaker Metrics Service now supports FIPS endpoint in all US and Canada Commercial regions. +* api-change:``pinpoint-sms-voice-v2``: AWS End User Messaging has added MONITOR and FILTER functionality to SMS Protect. +* enhancement:``cloudfront``: Replace cryptographic functions from ``cryptography`` with ``awscrt`` for the ``sign`` command. Fixes `#9258 `__. +* api-change:``ssm-guiconnect``: This release adds API support for the connection recording GUI Connect feature of AWS Systems Manager + + +2.27.3 +====== + +* api-change:``imagebuilder``: Add integration with SSM Parameter Store to Image Builder. +* api-change:``acm``: Add support for file-based HTTP domain control validation, available through Amazon CloudFront. +* api-change:``cloudfront``: Add distribution tenant, connection group, and multi-tenant distribution APIs to the CloudFront SDK. +* api-change:``bedrock-runtime``: This release adds native h2 support for the bedrock runtime API, the support is only limited to SDKs that support h2 requests natively. +* api-change:``dynamodb``: Doc only update for GSI descriptions. + + +2.27.2 +====== + +* api-change:``ecs``: Documentation only release for Amazon ECS. +* api-change:``bedrock-runtime``: You can now reference images and documents stored in Amazon S3 when using InvokeModel and Converse APIs with Amazon Nova Lite and Nova Pro. This enables direct integration of S3-stored multimedia assets in your model requests without manual downloading or base64 encoding. +* api-change:``marketplace-deployment``: Doc only update for the AWS Marketplace Deployment Service that fixes several customer-reported issues. + + +2.27.1 +====== + +* api-change:``ecs``: Documentation only release for Amazon ECS +* api-change:``dynamodb``: Add support for ARN-sourced account endpoint generation for TransactWriteItems. This will generate account endpoints for DynamoDB TransactWriteItems requests using ARN-sourced account ID when available. +* api-change:``appsync``: Add data source support to Event APIs +* api-change:``pcs``: Documentation-only update: added valid values for the version property of the Scheduler and SchedulerRequest data types. +* api-change:``rds``: This Amazon RDS release adds support for managed master user passwords for Oracle CDBs. +* api-change:``codebuild``: Remove redundant validation check. +* api-change:``apprunner``: AWS App Runner adds Node.js 22 runtime. +* api-change:``bedrock-data-automation``: Added support for modality routing and modality enablement on CreateDataAutomationProject and UpdateDataAutomationProject APIs + + +2.27.0 +====== + +* api-change:``imagebuilder``: Add all ``imagebuilder`` modeled paginators that are currently supported by AWS CLI v2. +* api-change:``ecs``: Add support to roll back an In_Progress ECS Service Deployment +* api-change:``codebuild``: Add support for custom instance type for reserved capacity fleets +* api-change:``resource-explorer-2``: Documentation-only update for CreateView option correction +* feature:``eks``: Add assume-role-arn option to update-kubeconfig command for cross-account access + + +2.26.7 +====== + +* api-change:``mq``: You can now delete Amazon MQ broker configurations using the DeleteConfiguration API. For more information, see Configurations in the Amazon MQ API Reference. +* api-change:``s3control``: Fix endpoint resolution test cases +* api-change:``redshift-serverless``: Provides new and updated API members to support the Redshift Serverless reservations feature. +* api-change:``cognito-idp``: This release adds refresh token rotation. +* api-change:``ec2``: Added support for ClientRouteEnforcementOptions flag in CreateClientVpnEndpoint and ModifyClientVpnEndpoint requests and DescribeClientVpnEndpoints responses +* api-change:``account``: AWS Account Management now supports account name update via IAM principals. +* api-change:``entityresolution``: To expand support for matching records using digital identifiers with TransUnion + + +2.26.6 +====== + +* api-change:``firehose``: Documentation update regarding the number of streams you can create using the CreateDeliveryStream API. +* api-change:``qbusiness``: The CheckDocumentAccess API for Amazon Q Business is a self-service debugging API that allows administrators to verify document access permissions and review Access Control List (ACL) configurations. +* api-change:``arc-zonal-shift``: Updates to documentation and exception types for Zonal Autoshift +* api-change:``mediatailor``: Added support for Recurring Prefetch and Traffic Shaping on both Single and Recurring Prefetch. ListPrefetchSchedules now return single prefetchs by default and can be provided scheduleType of SINGLE, RECURRING, AND ALL. +* api-change:``budgets``: Releasing the new Budget FilterExpression and Metrics fields to support more granular filtering options. These new fields are intended to replace CostFilters and CostTypes, which are deprecated as of 2025/18/04. + + +2.26.5 +====== + +* api-change:``qconnect``: This release adds support for the following capabilities: Chunking generative answer replies from Amazon Q in Connect. Integration support for the use of additional LLM models with Amazon Q in Connect. +* api-change:``service-quotas``: Add new optional SupportCaseAllowed query parameter to the RequestServiceQuotaIncrease API +* api-change:``sagemaker``: This release adds a new Neuron driver option in InferenceAmiVersion parameter for ProductionVariant. Additionally, it adds support for fetching model lifecycle status in the ListModelPackages API. Users can now use this API to view the lifecycle stage of models that have been shared with them. + + +2.26.4 +====== + +* api-change:``bedrock``: With this release, Bedrock Evaluation will now support custom metrics for evaluation. +* api-change:``omics``: Add versioning for HealthOmics workflows +* api-change:``iotfleetwise``: We've added stricter parameter validations to AWS IoT FleetWise signal catalog, model manifest, and decoder manifest APIs. +* api-change:``amp``: Add Workspace Configuration APIs for Amazon Prometheus +* api-change:``connect``: This release adds following capabilities to Contact Lens Rules APIs 1/ 'ASSIGN_SLA' action and '$.Case.TemplateId' comparison value for 'OnCaseCreate' and 'OnCaseUpdate' event sources 2/ 'OnSlaBreach' Cases event source which supports '$.RelatedItem.SlaConfiguration.Name' comparison value +* api-change:``memorydb``: Added support for IPv6 and dual stack for Valkey and Redis clusters. Customers can now launch new Valkey and Redis clusters with IPv6 and dual stack networking support. +* api-change:``accessanalyzer``: Added new resource types to evaluate for public access in resource policies and added support for S3 directory bucket access points. +* api-change:``ecs``: Adds a new AccountSetting - defaultLogDriverMode for ECS. +* api-change:``autoscaling``: Doc only update for EC2 Auto Scaling. + + +2.26.3 +====== + +* api-change:``servicecatalog``: Updated default value for the access-level-filter in SearchProvisionedProducts API to Account. For access to userLevel or roleLevel, the user must provide access-level-filter parameter. +* api-change:``s3tables``: S3 Tables now supports setting encryption configurations on table buckets and tables. Encryption configurations can use server side encryption using AES256 or KMS customer-managed keys. +* api-change:``dsql``: Added GetClusterEndpointService API. The new API allows retrieving endpoint service name specific to a cluster. +* bugfix:Formatter: Update JSON formatter to encode raw bytes as UTF-8. +* api-change:``events``: Adding support for KmsKeyIdentifer in CreateConnection, UpdateConnection and DescribeConnection APIs +* api-change:``resource-groups``: Resource Groups: TagSyncTasks can be created with ResourceQuery +* api-change:``eks``: Added support for new AL2023 ARM64 NVIDIA AMIs to the supported AMITypes. +* api-change:``connectcases``: This feature provides capabilities to help track and meet service level agreements (SLAs) on cases programmatically. It allows configuring a new related item of type `Sla` on a case using CreateRelatedItem API and provides the ability to search for this new related item using SearchRelatedItems API. + + +2.26.2 +====== + +* api-change:``taxsettings``: Indonesia SOR Tax Registration Launch +* api-change:``entityresolution``: This is to add new metrics to our GetIdMappingJob API and also update uniqueId naming for batchDeleteUniqueIds API to be more accurate + + +2.26.1 +====== + +* api-change:``marketplace-entitlement``: Add support for Marketplace Entitlement Service dual-stack endpoints for CN and GOV regions +* api-change:``detective``: Add support for Detective DualStack endpoints +* api-change:``pcs``: Changed the minimum length of clusterIdentifier, computeNodeGroupIdentifier, and queueIdentifier to 3. +* api-change:``verifiedpermissions``: Adds deletion protection support to policy stores. Deletion protection is disabled by default, can be enabled via the CreatePolicyStore or UpdatePolicyStore APIs, and is visible in GetPolicyStore. +* api-change:``connect-contact-lens``: Making sentiment optional for ListRealtimeContactAnalysisSegments Response depending on conversational analytics configuration +* api-change:``dynamodb``: Doc only update for API descriptions. +* api-change:``datazone``: Raise hard limit of authorized principals per SubscriptionTarget from 10 to 20. +* api-change:``meteringmarketplace``: Add support for Marketplace Metering Service dual-stack endpoints for CN regions + + +2.26.0 +====== + +* api-change:``elasticache``: AWS ElastiCache SDK now supports using MemcachedUpgradeConfig parameter with ModifyCacheCluster API to enable updating Memcached cache node types. Please refer to updated AWS ElastiCache public documentation for detailed information on API usage and implementation. +* api-change:``quicksight``: Add support to analysis and sheet level highlighting in QuickSight. +* api-change:``m2``: Introduce three new APIs: CreateDataSetExportTask, GetDataSetExportTask and ListDataSetExportHistory. Add support for batch restart for Blu Age applications. +* feature:Python: Drop support for Python 3.8 +* enhancement:Python: Update bundled Python interpreter to 3.13.2 +* api-change:``medialive``: AWS Elemental MediaLive / Features : Add support for CMAF Ingest CaptionLanguageMappings, TimedMetadataId3 settings, and Link InputResolution. +* api-change:``application-autoscaling``: Application Auto Scaling now supports horizontal scaling for Elasticache Memcached self-designed clusters using target tracking scaling policies and scheduled scaling. +* api-change:``qbusiness``: Adds functionality to enable/disable a new Q Business Hallucination Reduction feature. If enabled, Q Business will detect and attempt to remove Hallucinations from certain Chat requests. + + +2.25.14 +======= + +* api-change:``dynamodb``: Documentation update for secondary indexes and Create_Table. +* api-change:``transfer``: This launch includes 2 enhancements to SFTP connectors user-experience: 1) Customers can self-serve concurrent connections setting for their connectors, and 2) Customers can discover the public host key of remote servers using their SFTP connectors. +* api-change:``controlcatalog``: The GetControl API now surfaces a control's Severity, CreateTime, and Identifier for a control's Implementation. The ListControls API now surfaces a control's Behavior, Severity, CreateTime, and Identifier for a control's Implementation. +* api-change:``groundstation``: Support tagging Agents and adjust input field validations +* api-change:``glue``: The TableOptimizer APIs in AWS Glue now return the DpuHours field in each TableOptimizerRun, providing clients visibility to the DPU-hours used for billing in managed Apache Iceberg table compaction optimization. + + +2.25.13 +======= + +* api-change:``taxsettings``: Uzbekistan Launch on TaxSettings Page +* api-change:``securityhub``: Documentation updates for AWS Security Hub. +* api-change:``iotfleetwise``: This release adds the option to update the strategy of state templates already associated to a vehicle, without the need to remove and re-add them. +* api-change:``storagegateway``: Added new ActiveDirectoryStatus value, ListCacheReports paginator, and support for longer pagination tokens. +* api-change:``bedrock-runtime``: This release introduces our latest bedrock runtime API, InvokeModelWithBidirectionalStream. The API supports both input and output streams and is supported by only HTTP2.0. +* api-change:``cost-optimization-hub``: This release adds resource type "MemoryDbReservedInstances" and resource type "DynamoDbReservedCapacity" to the GetRecommendation, ListRecommendations, and ListRecommendationSummaries APIs to support new MemoryDB and DynamoDB RI recommendations. +* api-change:``ce``: This release supports Pagination traits on Cost Anomaly Detection APIs. + + +2.25.12 +======= + +* api-change:``medialive``: AWS Elemental MediaLive now supports SDI inputs to MediaLive Anywhere Channels in workflows that use AWS SDKs. +* api-change:``glue``: Add input validations for multiple Glue APIs +* api-change:``bedrock-runtime``: New options for how to handle harmful content detected by Amazon Bedrock Guardrails. +* api-change:``codebuild``: AWS CodeBuild now offers an enhanced debugging experience. +* api-change:``personalize``: Add support for eventsConfig for CreateSolution, UpdateSolution, DescribeSolution, DescribeSolutionVersion. Add support for GetSolutionMetrics to return weighted NDCG metrics when eventsConfig is enabled for the solution. +* api-change:``transfer``: This launch enables customers to manage contents of their remote directories, by deleting old files or moving files to archive folders in remote servers once they have been retrieved. Customers will be able to automate the process using event-driven architecture. +* api-change:``bedrock``: New options for how to handle harmful content detected by Amazon Bedrock Guardrails. + + +2.25.11 +======= + +* api-change:``ds-data``: Doc only update - fixed broken links. +* api-change:``s3control``: Updated max size of Prefixes parameter of Scope data type. +* api-change:``ec2``: Doc-only updates for Amazon EC2 +* api-change:``events``: Amazon EventBridge adds support for customer-managed keys on Archives and validations for two fields: eventSourceArn and kmsKeyIdentifier. + + +2.25.10 +======= + +* api-change:``route53``: Added us-gov-east-1 and us-gov-west-1 as valid Latency Based Routing regions for change-resource-record-sets. +* api-change:``sagemaker``: Adds support for i3en, m7i, r7i instance types for SageMaker Hyperpod +* api-change:``bedrock-agent``: Added optional "customMetadataField" for Amazon Aurora knowledge bases, allowing single-column metadata. Also added optional "textIndexName" for MongoDB Atlas knowledge bases, enabling hybrid search support. +* api-change:``opensearch``: Improve descriptions for various API commands and data types. +* api-change:``chime-sdk-voice``: Added FOC date as an attribute of PhoneNumberOrder, added AccessDeniedException as a possible return type of ValidateE911Address +* api-change:``transcribe``: This Feature Adds Support for the "zh-HK" Locale for Batch Operations +* api-change:``mailmanager``: Add support for Dual_Stack and PrivateLink types of IngressPoint. For configuration requests, SES Mail Manager will now accept both IPv4/IPv6 dual-stack endpoints and AWS PrivateLink VPC endpoints for email receiving. +* api-change:``sesv2``: This release enables customers to provide attachments in the SESv2 SendEmail and SendBulkEmail APIs. + + +2.25.9 +====== + +* api-change:``ecs``: This is an Amazon ECS documentation only update to address various tickets. +* api-change:``codebuild``: This release adds support for environment type WINDOWS_SERVER_2022_CONTAINER in ProjectEnvironment +* api-change:``ecr``: Fix for customer issues related to AWS account ID and size limitation for token. +* api-change:``medialive``: Added support for SMPTE 2110 inputs when running a channel in a MediaLive Anywhere cluster. This feature enables ingestion of SMPTE 2110-compliant video, audio, and ancillary streams by reading SDP files that AWS Elemental MediaLive can retrieve from a network source. +* api-change:``lexv2-models``: Release feature of errorlogging for lex bot, customer can config this feature in bot version to generate log for error exception which helps debug +* enhancement:``ec2instanceconnect``: Replace cryptographic functions from ``cryptography`` with ``awscrt`` for the ``ssh`` command. +* api-change:``application-signals``: Application Signals now supports creating Service Level Objectives on service dependencies. Users can now create or update SLOs on discovered service dependencies to monitor their standard application metrics. +* enhancement:awscrt: Update awscrt version requirement to 0.25.4 + + +2.25.8 +====== + +* api-change:``sagemaker``: Added tagging support for SageMaker notebook instance lifecycle configurations +* api-change:``cleanrooms``: This release adds support for updating the analytics engine of a collaboration. + + +2.25.7 +====== + +* api-change:``ec2``: Release VPC Route Server, a new feature allowing dynamic routing in VPCs. +* api-change:``eks``: Add support for updating RemoteNetworkConfig for hybrid nodes on EKS UpdateClusterConfig API +* api-change:``outposts``: Enabling Asset Level Capacity Management feature, which allows customers to create a Capacity Task for a single Asset on their active Outpost. +* api-change:``sesv2``: Add dual-stack support to global endpoints. +* api-change:``deadline``: With this release you can use a new field to specify the search term match type. Search term match types currently support fuzzy and contains matching. +* api-change:``s3``: Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones +* api-change:``marketplace-entitlement``: Add support for Marketplace Entitlement Service dual-stack endpoints. +* api-change:``transfer``: Add WebAppEndpointPolicy support for WebApps +* api-change:``s3control``: Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones +* api-change:``bedrock-runtime``: Add Prompt Caching support to Converse and ConverseStream APIs + + +2.25.6 +====== + +* api-change:``bedrock-runtime``: Launching Multi-modality Content Filter for Amazon Bedrock Guardrails. +* api-change:``apigateway``: Adds support for setting the IP address type to allow dual-stack or IPv4 address types to invoke your APIs or domain names. +* api-change:``sagemaker``: TransformAmiVersion for Batch Transform and SageMaker Search Service Aggregate Search API Extension +* api-change:``payment-cryptography``: The service adds support for transferring AES-256 and other keys between the service and other service providers and HSMs. This feature uses ECDH to derive a one-time key transport key to enable these secure key exchanges. +* api-change:``apigatewayv2``: Adds support for setting the IP address type to allow dual-stack or IPv4 address types to invoke your APIs or domain names. +* api-change:``networkmanager``: Add support for NetworkManager Dualstack endpoints. +* api-change:``meteringmarketplace``: Add support for Marketplace Metering Service dual-stack endpoints. +* api-change:``codebuild``: This release adds support for cacheNamespace in ProjectCache +* api-change:``ecs``: This is an Amazon ECS documentation only release that addresses tickets. +* api-change:``quicksight``: RLS permission dataset with userAs: RLS_RULES flag, Q in QuickSight/Threshold Alerts/Schedules/Snapshots in QS embedding, toggle dataset refresh email alerts via API, transposed table with options: column width, type and index, toggle Q&A on dashboards, Oracle Service Name when creating data source. + + +2.25.5 +====== + +* api-change:``gamelift``: Amazon GameLift Servers add support for additional instance types. +* api-change:``sagemaker``: add: recovery mode for SageMaker Studio apps +* api-change:``iam``: Update IAM dual-stack endpoints for BJS, IAD and PDT partitions +* api-change:``bedrock-agent-runtime``: bedrock flow now support node action trace. +* api-change:``cloudformation``: Adding support for the new parameter "ScanFilters" in the CloudFormation StartResourceScan API. When this parameter is included, the StartResourceScan API will initiate a scan limited to the resource types specified by the parameter. +* api-change:``datazone``: This release adds new action type of Create Listing Changeset for the Metadata Enforcement Rule feature. +* api-change:``sso-oidc``: This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response. +* api-change:``eks``: Added support for BOTTLEROCKET FIPS AMIs to AMI types in US regions. +* api-change:``bcm-pricing-calculator``: Added standaloneAccountRateTypeSelections for GetPreferences and UpdatePreferences APIs. Added STALE enum value to status attribute in GetBillScenario and UpdateBillScenario APIs. +* api-change:``batch``: This release will enable two features: Firelens log driver, and Execute Command on Batch jobs on ECS. Both features will be passed through to ECS. + + +2.25.4 +====== + +* api-change:``arc-zonal-shift``: Add new shiftType field for ARC zonal shifts. +* api-change:``rds``: Add note about the Availability Zone where RDS restores the DB cluster for the RestoreDBClusterToPointInTime operation. +* api-change:``directconnect``: With this release, AWS Direct Connect allows you to tag your Direct Connect gateways. Tags are metadata that you can create and use to manage your Direct Connect gateways. For more information about tagging, see AWS Tagging Strategies. +* api-change:``wafv2``: This release adds the ability to associate an AWS WAF v2 web ACL with an AWS Amplify App. +* api-change:``mediatailor``: Add support for log filtering which allow customers to filter out selected event types from logs. +* api-change:``mediaconvert``: This release adds a configurable Quality Level setting for the top rendition of Auto ABR jobs +* api-change:``polly``: Added support for the new voice - Jihye (ko-KR). Jihye is available as a Neural voice only. + + +2.25.3 +====== + +* api-change:``workspaces-thin-client``: Deprecate tags field in Get API responses +* api-change:``eks``: Added support to override upgrade-blocking readiness checks via force flag when updating a cluster. +* api-change:``gameliftstreams``: Minor updates to improve developer experience. +* api-change:``bedrock-agent``: Adding support for Amazon OpenSearch Managed clusters as a vector database in Knowledge Bases for Amazon Bedrock +* api-change:``marketplace-entitlement``: This release enhances the GetEntitlements API to support new filter CUSTOMER_AWS_ACCOUNT_ID in request and CustomerAWSAccountId field in response. +* api-change:``keyspaces``: Removing replication region limitation for Amazon Keyspaces Multi-Region Replication APIs. +* enhancement:``sso``: Updates legacy token auth flow to check if cached legacy tokens are expired according to the local clock. If expired, it will raise an ``UnauthorizedSSOTokenError`` instead of sending an expired token to Identity Center's ``GetRoleCredentials`` API. +* api-change:``sagemaker``: This release adds support for customer-managed KMS keys in Amazon SageMaker Partner AI Apps +* api-change:``meteringmarketplace``: This release enhances the BatchMeterUsage API to support new field CustomerAWSAccountId in request and response and making CustomerIdentifier optional. CustomerAWSAccountId or CustomerIdentifier must be provided in request but not both. + + +2.25.2 +====== + +* api-change:``pcs``: ClusterName/ClusterIdentifier, ComputeNodeGroupName/ComputeNodeGroupIdentifier, and QueueName/QueueIdentifier can now have 10 characters, and a minimum of 3 characters. The TagResource API action can now return ServiceQuotaExceededException. +* api-change:``iotwireless``: Mark EutranCid under LteNmr optional. +* bugfix:dependency: Relax symlink verification when building MacOS executables +* api-change:``ssm``: This release adds the AvailableSecurityUpdatesComplianceStatus field to patch baseline operations, as well as the AvailableSecurityUpdateCount and InstancesWithAvailableSecurityUpdates to patch state operations. Applies to Windows Server managed nodes only. +* api-change:``qconnect``: Provides the correct value for supported model ID. + + +2.25.1 +====== + +* api-change:``datazone``: Add support for overriding selection of default AWS IAM Identity Center instance as part of Amazon DataZone domain APIs. +* api-change:``sagemaker``: This release does the following: 1.) Adds DurationHours as a required field to the SearchTrainingPlanOfferings action in the SageMaker AI API; 2.) Adds support for G6e instance types for SageMaker AI inference optimization jobs. +* enhancement:Protocol: Adds support for the smithy-rpc-v2-cbor protocol. If a service supports smithy-rpc-v2-cbor, this protocol will automatically be used. For more information, see https://smithy.io/2.0/additional-specs/protocols/smithy-rpc-v2.html +* api-change:``route53-recovery-control-config``: Adds dual-stack (IPv4 and IPv6) endpoint support for route53-recovery-control-config operations, opt-in dual-stack addresses for cluster endpoints, and UpdateCluster API to update the network-type of clusters between IPv4 and dual-stack. +* api-change:``bedrock``: A CustomModelUnit(CMU) is an abstract view of the hardware utilization that Bedrock needs to host a a single copy of your custom imported model. Bedrock determines the number of CMUs that a model copy needs when you import the custom model. You can use CMUs to estimate the cost of Inference's. + + +2.25.0 +====== + +* feature:Endpoints: Generate and use AWS-account-based endpoints for compatible services when the account ID is available. At launch, DynamoDB is the first and only compatible service. The new endpoint URL pattern will be ``https://.ddb..amazonaws.com``. Additional services may be added in the future. See the documentation for details: https://docs.aws.amazon.com/sdkref/latest/guide/feature-account-endpoints.html +* enhancement:dependency: Upgrade pyinstaller from 5.13.2 to 6.11.1. +* api-change:``controlcatalog``: Add ExemptAssumeRoot parameter to adapt for new AWS AssumeRoot capability. +* api-change:``network-firewall``: You can now use flow operations to either flush or capture traffic monitored in your firewall's flow table. +* api-change:``bedrock``: With this release, Bedrock Evaluation will now support bring your own inference responses. +* enhancement:dependency: Set ``PYINSTALLER_RESET_ENVIRONMENT`` if not already set when starting child processes. This supports using the CLI as a credential process for itself. +* api-change:``mailmanager``: Amazon SES Mail Manager. Extended rule string and boolean expressions to support analysis in condition evaluation. Extended ingress point string expression to support analysis in condition evaluation +* api-change:``amplify``: Added appId field to Webhook responses + + +2.24.27 +======= + +* api-change:``mediaconnect``: This release adds support for NDI flow outputs in AWS Elemental MediaConnect. You can now send content from your MediaConnect transport streams directly to your NDI environment using the new NDI output type. +* api-change:``neptune-graph``: Update IAM Role ARN Validation to Support Role Paths +* api-change:``lambda``: Add Ruby 3.4 (ruby3.4) support to AWS Lambda. +* api-change:``bedrock``: Support custom prompt routers for evaluation jobs +* api-change:``ec2``: Doc-only updates for EC2 for March 2025. +* api-change:``sagemaker``: Added support for g6, g6e, m6i, c6i instance types in SageMaker Processing Jobs. + + +2.24.26 +======= + +* api-change:``mediaconvert``: This release adds support for AVC passthrough, the ability to specify PTS offset without padding, and an A/V segment matching feature. +* api-change:``route53``: Amazon Route 53 now supports the iso-f regions for private DNS Amazon VPCs and cloudwatch healthchecks. +* api-change:``appsync``: Providing Tagging support for DomainName in AppSync +* api-change:``cleanrooms``: This release adds support for PySpark jobs. Customers can now analyze data by running jobs using approved PySpark analysis templates. + + +2.24.25 +======= + +* api-change:``wafv2``: AWS WAF now lets you inspect fragments of request URIs. You can specify the scope of the URI to inspect and narrow the set of URI fragments. +* api-change:``geo-maps``: Provide support for vector map styles in the GetStaticMap operation. +* api-change:``application-signals``: This release adds support for adding, removing, and listing SLO time exclusion windows with the BatchUpdateExclusionWindows and ListServiceLevelObjectiveExclusionWindows APIs. +* api-change:``rum``: CloudWatch RUM now supports unminification of JS error stack traces. +* api-change:``taxsettings``: Adjust Vietnam PaymentVoucherNumber regex and minor API change. + + +2.24.24 +======= + +* api-change:``lakeformation``: This release added "condition" to LakeFormation OptIn APIs, also added WithPrivilegedAccess flag to RegisterResource and DescribeResource. +* api-change:``cognito-idp``: Minor description updates to API parameters +* api-change:``glue``: This release added AllowFullTableExternalDataAccess to glue catalog resource. +* api-change:``cognito-identity``: Updated API model build artifacts for identity pools +* bugfix:parser: Fixes bug when trying to parse an integer in the `code` part of the response body. + + +2.24.23 +======= + +* api-change:``s3control``: Updating GetDataAccess response for S3 Access Grants to include the matched Grantee for the requested prefix +* api-change:``logs``: Updated CreateLogAnomalyDetector to accept only kms key arn +* api-change:``amplify``: Introduced support for Skew Protection. Added enableSkewProtection field to createBranch and updateBranch API. +* api-change:``acm-pca``: Private Certificate Authority service now supports P521 and RSA3072 key algorithms. +* api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to adjust the participant & composition recording segment duration +* enhancement:parsers: Minor Parser updates to support the new smithy-generated protocol tests. +* api-change:``codebuild``: AWS CodeBuild now supports webhook filtering by organization name +* api-change:``ec2``: This release changes the CreateLaunchTemplate, CreateLaunchTemplateVersion, ModifyLaunchTemplate CLI and SDKs such that if you do not specify a client token, a randomly generated token is used for the request to ensure idempotency. +* enhancement:parsers: Adds support for parsing int/long types in rest-json response headers. +* api-change:``mediapackagev2``: This release adds the ResetChannelState and ResetOriginEndpointState operation to reset MediaPackage V2 channel and origin endpoint. This release also adds a new field, UrlEncodeChildManifest, for HLS/LL-HLS to allow URL-encoding child manifest query string based on the requirements of AWS SigV4. +* api-change:``dynamodb``: Generate account endpoints for DynamoDB requests using ARN-sourced account ID when available +* api-change:``datazone``: This release adds support to update projects and environments + + +2.24.22 +======= + +* api-change:``ec2``: This release adds the GroupLongName field to the response of the DescribeAvailabilityZones API. +* api-change:``medialive``: Add an enum option DISABLED for Output Locking Mode under Global Configuration. +* api-change:``ecr``: This release adds Amazon ECR to Amazon ECR pull through cache rules support. +* api-change:``ecs``: This is a documentation only update for Amazon ECS to address various tickets. +* api-change:``inspector2``: Adding componentArn to network reachability details + + +2.24.21 +======= + +* api-change:``ce``: Releasing minor partition endpoint updates. +* api-change:``bedrock-agent-runtime``: Add support for computer use tools +* api-change:``connect``: Add support for contact transfers in external voice systems. +* api-change:``pca-connector-ad``: PrivateCA Connector for Active Directory now supports dual stack endpoints. This release adds the IpAddressType option to the VpcInformation on a Connector which determines whether the endpoint supports IPv4 only or IPv4 and IPv6 traffic. +* api-change:``timestream-influxdb``: This release updates the default value of pprof-disabled from false to true. +* api-change:``medialive``: Adds defaultFontSize and defaultLineHeight as options in the EbuTtDDestinationSettings within the caption descriptions for an output stream. +* api-change:``bedrock-agent``: Add support for computer use tools +* api-change:``securityhub``: This release adds new StandardsControlsUpdatable field to the StandardsSubscription resource + + +2.24.20 +======= + +* api-change:``neptune-graph``: Several small updates to resolve customer requests. +* api-change:``cloudfront``: Documentation updates for Amazon CloudFront. +* api-change:``bedrock-agent``: Introduces support for Neptune Analytics as a vector data store and adds Context Enrichment Configurations, enabling use cases such as GraphRAG. +* api-change:``ec2``: Add serviceManaged field to DescribeAddresses API response. +* api-change:``elbv2``: This release adds support for assigning IP addresses to Application Load Balancers from VPC IP Address Manager pools. +* api-change:``bedrock-agent-runtime``: Support Multi Agent Collaboration within Inline Agents + + +2.24.19 +======= + +* api-change:``wafv2``: You can now perform an exact match or rate limit aggregation against the web request's JA4 fingerprint. +* api-change:``bedrock``: This releases adds support for Custom Prompt Router +* api-change:``workspaces``: Added a new ModifyEndpointEncryptionMode API for managing endpoint encryption settings. +* api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to merge fragmented recordings in the event of a participant disconnect. +* api-change:``networkflowmonitor``: This release contains 2 changes. 1: DeleteScope/GetScope/UpdateScope operations now return 404 instead of 500 when the resource does not exist. 2: Expected string format for clientToken fields of CreateMonitorInput/CreateScopeInput/UpdateMonitorInput have been updated to be an UUID based string. +* api-change:``redshift-data``: This release adds support for ListStatements API to filter statements by ClusterIdentifier, WorkgroupName, and Database. +* api-change:``cloudtrail``: Doc-only update for CloudTrail. + + +2.24.18 +======= + +* api-change:``iotfleetwise``: This release adds floating point support for CAN/OBD signals and adds support for signed OBD signals. +* api-change:``datasync``: AWS DataSync now supports modifying ServerHostname while updating locations SMB, NFS, and ObjectStorage. +* api-change:``workspaces``: Added DeviceTypeWorkSpacesThinClient type to allow users to access their WorkSpaces through a WorkSpaces Thin Client. +* api-change:``gameliftstreams``: New Service: Amazon GameLift Streams delivers low-latency game streaming from AWS global infrastructure to virtually any device with a browser at up to 1080p resolution and 60 fps. +* api-change:``bedrock-runtime``: This releases adds support for Custom Prompt Router ARN + + +2.24.17 +======= + +* api-change:``iotsitewise``: AWS IoT SiteWise now supports MQTT-enabled, V3 gateways. Configure data destinations for real-time ingestion into AWS IoT SiteWise or buffered ingestion using Amazon S3 storage. You can also use path filters for precise data collection from specific MQTT topics. +* api-change:``elasticache``: Doc only update, listing 'valkey7' and 'valkey8' as engine options for parameter groups. +* api-change:``rds``: Note support for Database Insights for Amazon RDS. +* enhancement:useragent: Update user agent string to include client feature use. +* api-change:``iot-managed-integrations``: Adding managed integrations APIs for IoT Device Management to setup and control devices across different manufacturers and connectivity protocols. APIs include managedthing operations, credential and provisioning profile management, notification configuration, and OTA update. + + +2.24.16 +======= + +* enhancement:configuration: Add support for disabling host prefix injection via the ``AWS_DISABLE_HOST_PREFIX_INJECTION`` environment variable or the ``disable_host_prefix_injection`` parameter in the shared aws configuration file. +* api-change:``sagemaker``: Add DomainId to CreateDomainResponse +* api-change:``qbusiness``: Adds support for the ingestion of audio and video files by Q Business, which can be configured with the mediaExtractionConfiguration parameter. +* api-change:``cognito-idp``: Added the capacity to return available challenges in admin authentication and to set version 3 of the pre token generation event for M2M ATC. +* bugfix:``awscrt``: Fix urlencoding issues for request signing with the awscrt. +* api-change:``rum``: Add support for PutResourcePolicy, GetResourcePolicy and DeleteResourcePolicy to support resource based policies for AWS CloudWatch RUM +* api-change:``transcribe``: Updating documentation for post call analytics job queueing. +* api-change:``ec2``: Update the DescribeVpcs response + + +2.24.15 +======= + +* api-change:``pricing``: Update GetProducts and DescribeServices API request input validations. +* api-change:``bedrock-data-automation``: Renamed and added new StandardConfiguration enums. Added support to update EncryptionConfiguration in UpdateBlueprint and UpdateDataAutomation APIs. Changed HttpStatus code for DeleteBlueprint and DeleteDataAutomationProject APIs to 200 from 204. Added APIs to support tagging. +* api-change:``dms``: Add skipped status to the Result Statistics of an Assessment Run +* api-change:``ssm``: Systems Manager doc-only updates for Feb. 2025. +* api-change:``bedrock-data-automation-runtime``: Added a mandatory parameter DataAutomationProfileArn to support for cross region inference for InvokeDataAutomationAsync API. Renamed DataAutomationArn to DataAutomationProjectArn. Added APIs to support tagging. +* api-change:``eks``: Adding licenses to EKS Anywhere Subscription operations response. +* bugfix:dependency: Revert PyInstaller from 6.11.1 back to 5.13.2 due to `#9331 `__. +* api-change:``bedrock-agent``: This release lets Amazon Bedrock Flows support newer models by increasing the maximum length of output in a prompt configuration. This release also increases the maximum number of prompt variables to 20 and the maximum number of node inputs to 20. +* api-change:``mediaconvert``: The AWS MediaConvert Probe API allows you to analyze media files and retrieve detailed metadata about their content, format, and structure. + + +2.24.14 +======= + +* api-change:``emr``: Definition update for EbsConfiguration. +* api-change:``storagegateway``: This release adds support to invoke a process that cleans the specified file share's cache of file entries that are failing upload to Amazon S3. +* api-change:``qbusiness``: This release supports deleting attachments from conversations. +* enhancement:dependency: Upgrade pyinstaller from 5.13.2 to 6.11.1. +* enhancement:encoding: Adds support for the ``AWS_CLI_OUTPUT_ENCODING`` environment variable, which can be used to override the locale's preferred encoding when the CLI is writing output. +* api-change:``bedrock-agent-runtime``: Introduces Sessions (preview) to enable stateful conversations in GenAI applications. +* api-change:``redshift-serverless``: Add track support for Redshift Serverless workgroup. +* api-change:``sagemaker``: SageMaker HubService is introducing support for creating Training Jobs in Curated Hub (Private Hub). Additionally, it is introducing two new APIs: UpdateHubContent and UpdateHubContentReference. + + +2.24.13 +======= + +* api-change:``cloudfront``: Documentation update for VPC origin config. +* api-change:``oam``: This release adds support for sharing AWS::ApplicationSignals::Service and AWS::ApplicationSignals::ServiceLevelObjective resources. +* enhancement:configure: Clarify prompt titles and default values in the ``aws configure sso`` wizard +* api-change:``iotfleetwise``: This release adds an optional listResponseScope request parameter in certain list API requests to limit the response to metadata only. +* api-change:``chime``: Removes the Amazon Chime SDK APIs from the "chime" namespace. Amazon Chime SDK APIs continue to be available in the AWS SDK via the dedicated Amazon Chime SDK namespaces: chime-sdk-identity, chime-sdk-mediapipelines, chime-sdk-meetings, chime-sdk-messaging, and chime-sdk-voice. +* api-change:``batch``: AWS Batch: Resource Aware Scheduling feature support +* api-change:``sagemaker``: AWS SageMaker InferenceComponents now support rolling update deployments for Inference Components. +* api-change:``ec2``: Amazon EC2 Fleet customers can now override the Block Device Mapping specified in the Launch Template when creating a new Fleet request, saving the effort of creating and associating new Launch Templates to customize the Block Device Mapping. +* api-change:``application-signals``: This release adds API support for reading Service Level Objectives and Services from monitoring accounts, from SLO and Service-scoped operations, including ListServices and ListServiceLevelObjectives. + + +2.24.12 +======= + +* api-change:``iot``: AWS IoT - AWS IoT Device Defender adds support for a new Device Defender Audit Check that monitors device certificate age and custom threshold configurations for both the new device certificate age check and existing device certificate expiry check. +* api-change:``codebuild``: Adding "reportArns" field in output of BatchGetBuildBatches API. "reportArns" is an array that contains the ARNs of reports created by merging reports from builds associated with the batch build. +* api-change:``devicefarm``: Add an optional configuration to the ScheduleRun and CreateRemoteAccessSession API to set a device level http/s proxy. +* enhancement:openssl: Update bundled OpenSSL version to 1.1.1zb for Linux installers +* api-change:``taxsettings``: PutTaxRegistration API changes for Egypt, Greece, Vietnam countries +* api-change:``ec2``: Adds support for time-based EBS-backed AMI copy operations. Time-based copy ensures that EBS-backed AMIs are copied within and across Regions in a specified timeframe. + + +2.24.11 +======= + +* api-change:``elasticache``: Documentation update, adding clarity and rephrasing. +* api-change:``bedrock-runtime``: This release adds Reasoning Content support to Converse and ConverseStream APIs +* api-change:``bedrock-agent``: This release improves support for newer models in Amazon Bedrock Flows. +* api-change:``bedrock-agent-runtime``: Adding support for ReasoningContent fields in Pre-Processing, Post-Processing and Orchestration Trace outputs. +* api-change:``elastic-inference``: The elastic-inference client has been removed following the deprecation of the service. + + +2.24.10 +======= + +* api-change:``bedrock-agent``: Introduce a new parameter which represents the user-agent header value used by the Bedrock Knowledge Base Web Connector. +* enhancement:Python: Update bundled Python interpreter version to 3.12.9 +* api-change:``appstream``: Added support for Certificate-Based Authentication on AppStream 2.0 multi-session fleets. + + +2.24.9 +====== + +* api-change:``rds``: CloudWatch Database Insights now supports Amazon RDS. +* api-change:``workspaces-web``: Add support for toolbar configuration under user settings. +* api-change:``codebuild``: Add webhook status and status message to AWS CodeBuild webhooks +* api-change:``sagemaker``: Added new capability in the UpdateCluster operation to remove instance groups from your SageMaker HyperPod cluster. +* api-change:``license-manager-user-subscriptions``: Updates entity to include Microsoft RDS SAL as a valid type of user subscription. +* api-change:``guardduty``: Reduce the minimum number of required attack sequence signals from 2 to 1 + + +2.24.8 +====== + +* api-change:``location``: Adds support for larger property maps for tracking and geofence positions changes. It increases the maximum number of items from 3 to 4, and the maximum value length from 40 to 150. +* api-change:``network-firewall``: This release introduces Network Firewall's Automated Domain List feature. New APIs include UpdateFirewallAnalysisSettings, StartAnalysisReport, GetAnalysisReportResults, and ListAnalysisReports. These allow customers to enable analysis on firewalls to identify and report frequently accessed domain. +* api-change:``sesv2``: This release adds the ability for outbound email sent with SES to preserve emails to a Mail Manager archive. +* api-change:``ecs``: This is a documentation only release for Amazon ECS that supports the CPU task limit increase. +* api-change:``lightsail``: Documentation updates for Amazon Lightsail. +* api-change:``sagemaker``: Adds r8g instance type support to SageMaker Realtime Endpoints +* api-change:``mailmanager``: This release adds additional metadata fields in Mail Manager archive searches to show email source and details about emails that were archived when being sent with SES. +* api-change:``codepipeline``: Add environment variables to codepipeline action declaration. + + +2.24.7 +====== + +* enhancement:protocols: Added support for multiple protocols within a service based on performance priority. +* api-change:``batch``: This documentation-only update corrects some typos. +* api-change:``medialive``: Adds support for creating CloudWatchAlarmTemplates for AWS Elemental MediaTailor Playback Configuration resources. +* api-change:``emr-containers``: EMR on EKS StartJobRun Api will be supporting the configuration of log storage in AWS by using "managedLogs" under "MonitoringConfiguration". +* enhancement:protocol: The CLI no longer validates payload size for event streams. This is to facilitate varying payload requirements across AWS services. + + +2.24.6 +====== + +* api-change:``dms``: Support replicationConfigArn in DMS DescribeApplicableIndividualAssessments API. +* api-change:``timestream-influxdb``: This release introduces APIs to manage DbClusters and adds support for read replicas +* api-change:``amplify``: Add ComputeRoleArn to CreateApp, UpdateApp, CreateBranch, and UpdateBranch, allowing caller to specify a role to be assumed by Amplify Hosting for server-side rendered applications. + + +2.24.5 +====== + +* api-change:``codebuild``: Added test suite names to test case metadata +* api-change:``connect``: Release Notes: 1) Analytics API enhancements: Added new ListAnalyticsDataLakeDataSets API. 2) Onboarding API Idempotency: Adds ClientToken to instance creation and management APIs to support idempotency. +* api-change:``workspaces-thin-client``: Update Environment and Device name field definitions +* api-change:``rds-data``: Add support for Stop DB feature. +* api-change:``dms``: Introduces premigration assessment feature to DMS Serverless API for start-replication and describe-replications +* api-change:``s3``: Added support for Content-Range header in HeadObject response. +* api-change:``wafv2``: The WAFv2 API now supports configuring data protection in webACLs. + + +2.24.4 +====== + +* api-change:``acm-pca``: Private Certificate Authority (PCA) documentation updates +* api-change:``ecs``: This is a documentation only release to support migrating Amazon ECS service ARNs to the long ARN format. +* api-change:``sagemaker``: Adds additional values to the InferenceAmiVersion parameter in the ProductionVariant data type. +* api-change:``fis``: Adds auto-pagination for the following operations: ListActions, ListExperimentTemplates, ListTargetAccountConfigurations, ListExperiments, ListExperimentResolvedTargets, ListTargetResourceTypes. Reduces length constraints of prefixes for logConfiguration and experimentReportConfiguration. +* api-change:``accessanalyzer``: This release introduces the getFindingsStatistics API, enabling users to retrieve aggregated finding statistics for IAM Access Analyzer's external access and unused access analysis features. Updated service API and documentation. +* api-change:``storagegateway``: This release adds support for generating cache reports on S3 File Gateways for files that fail to upload. + + +2.24.3 +====== + +* api-change:``fsx``: Support for in-place Lustre version upgrades +* api-change:``b2bi``: Allow spaces in the following fields in the Partnership resource: ISA 06 - Sender ID, ISA 08 - Receiver ID, GS 02 - Application Sender Code, GS 03 - Application Receiver Code +* api-change:``polly``: Added support for the new voice - Jasmine (en-SG). Jasmine is available as a Neural voice only. +* api-change:``bedrock-agent-runtime``: This releases adds the additionalModelRequestFields field to the InvokeInlineAgent operation. Use additionalModelRequestFields to specify additional inference parameters for a model beyond the base inference parameters. +* api-change:``bedrock-agent``: This releases adds the additionalModelRequestFields field to the CreateAgent and UpdateAgent operations. Use additionalModelRequestFields to specify additional inference parameters for a model beyond the base inference parameters. +* api-change:``opensearchserverless``: Custom OpenSearchServerless Entity ID for SAML Config. +* api-change:``codebuild``: Add note for the RUNNER_BUILDKITE_BUILD buildType. +* api-change:``medialive``: Adds a RequestId parameter to all MediaLive Workflow Monitor create operations. The RequestId parameter allows idempotent operations. + + +2.24.2 +====== + +* api-change:``pi``: Documentation only update for RDS Performance Insights dimensions for execution plans and locking analysis. +* api-change:``acm-pca``: Private Certificate Authority service now supports Partitioned CRL as a revocation configuration option. +* api-change:``appsync``: Add support for operation level caching +* api-change:``ec2``: Adding support for the new fullSnapshotSizeInBytes field in the response of the EC2 EBS DescribeSnapshots API. This field represents the size of all the blocks that were written to the source volume at the time the snapshot was created. + + +2.24.1 +====== + +* api-change:``connect``: Updated the CreateContact API documentation to indicate that it only applies to EMAIL contacts. +* api-change:``apigatewayv2``: Documentation updates for Amazon API Gateway +* api-change:``cloudfront``: Doc-only update that adds defaults for CloudFront VpcOriginEndpointConfig values. +* api-change:``dms``: New vendors for DMS Data Providers: DB2 LUW and DB2 for z/OS + + +2.24.0 +====== + +* api-change:``ecr``: Adds support to handle the new basic scanning daily quota. +* api-change:``pi``: Adds documentation for dimension groups and dimensions to analyze locks for Database Insights. +* api-change:``eks``: Introduce versionStatus field to take place of status field in EKS DescribeClusterVersions API +* api-change:``transcribe``: This release adds support for the Clinical Note Template Customization feature for the AWS HealthScribe APIs within Amazon Transcribe. +* feature:``emr-containers``: Add custom ``create-role-associations`` and ``delete-role-associations`` commands to create/delete role associations for EMR service accounts and provided IAM role. +* api-change:``mediaconvert``: This release adds support for Animated GIF output, forced chroma sample positioning metadata, and Extensible Wave Container format + + +2.23.15 +======= + +* api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon Auto Scaling Groups, including those with single and mixed instance types. +* api-change:``s3``: Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets. +* api-change:``connectcases``: This release adds the ability to conditionally require fields on a template. Check public documentation for more information. +* api-change:``cloudformation``: We added 5 new stack refactoring APIs: CreateStackRefactor, ExecuteStackRefactor, ListStackRefactors, DescribeStackRefactor, ListStackRefactorActions. + + +2.23.14 +======= + +* api-change:``rds``: Documentation updates to clarify the description for the parameter AllocatedStorage for the DB cluster data type, the description for the parameter DeleteAutomatedBackups for the DeleteDBCluster API operation, and removing an outdated note for the CreateDBParameterGroup API operation. + + +2.23.13 +======= + +* api-change:``neptune-graph``: Added argument to `list-export` to filter by graph ID +* api-change:``iam``: This release adds support for accepting encrypted SAML assertions. Customers can now configure their identity provider to encrypt the SAML assertions it sends to IAM. +* api-change:``qbusiness``: Adds functionality to enable/disable a new Q Business Chat orchestration feature. If enabled, Q Business can orchestrate over datasources and plugins without the need for customers to select specific chat modes. +* api-change:``sagemaker``: IPv6 support for Hyperpod clusters +* api-change:``dms``: Introduces TargetDataSettings with the TablePreparationMode option available for data migrations. +* api-change:``datasync``: Doc-only update to provide more information on using Kerberos authentication with SMB locations. + + +2.23.12 +======= + +* api-change:``mediatailor``: Add support for CloudWatch Vended Logs which allows for delivery of customer logs to CloudWatch Logs, S3, or Firehose. + + +2.23.11 +======= + +* api-change:``codebuild``: Added support for CodeBuild self-hosted Buildkite runner builds +* api-change:``rds``: Updates to Aurora MySQL and Aurora PostgreSQL API pages with instance log type in the create and modify DB Cluster. +* api-change:``bedrock-agent-runtime``: This change is to deprecate the existing citation field under RetrieveAndGenerateStream API response in lieu of GeneratedResponsePart and RetrievedReferences +* api-change:``amp``: Add support for sending metrics to cross account and CMCK AMP workspaces through RoleConfiguration on Create/Update Scraper. +* api-change:``geo-routes``: The OptimizeWaypoints API now supports 50 waypoints per request (20 with constraints like AccessHours or AppointmentTime). It adds waypoint clustering via Clustering and ClusteringIndex for better optimization. Also, total distance validation is removed for greater flexibility. +* api-change:``sagemaker``: This release introduces a new valid value in InstanceType parameter: p5en.48xlarge, in ProductionVariant. + + +2.23.10 +======= + +* enhancement:awscrt: Update awscrt version requirement to 0.23.8 +* api-change:``ecr-public``: Temporarily updating dualstack endpoint support +* api-change:``s3tables``: You can now use the CreateTable API operation to create tables with schemas by adding an optional metadata argument. +* api-change:``ecr``: Temporarily updating dualstack endpoint support +* api-change:``mediatailor``: Adds options for configuring how MediaTailor conditions ads before inserting them into the content stream. Based on the new settings, MediaTailor will either transcode ads to match the content stream as it has in the past, or it will insert ads without first transcoding them. +* api-change:``bedrock-agent-runtime``: Add a 'reason' field to InternalServerException +* api-change:``qbusiness``: Added APIs to manage QBusiness user subscriptions +* api-change:``appstream``: Add support for managing admin consent requirement on selected domains for OneDrive Storage Connectors in AppStream2.0. +* api-change:``verifiedpermissions``: Adds Cedar JSON format support for entities and context data in authorization requests + + +2.23.9 +====== + +* api-change:``ecr``: Add support for Dualstack and Dualstack-with-FIPS Endpoints +* api-change:``bcm-pricing-calculator``: Added ConflictException error type in DeleteBillScenario, BatchDeleteBillScenarioCommitmentModification, BatchDeleteBillScenarioUsageModification, BatchUpdateBillScenarioUsageModification, and BatchUpdateBillScenarioCommitmentModification API operations. +* api-change:``ecr-public``: Add support for Dualstack Endpoints +* api-change:``s3``: Change the type of MpuObjectSize in CompleteMultipartUploadRequest from int to long. +* api-change:``mailmanager``: This release includes a new feature for Amazon SES Mail Manager which allows customers to specify known addresses and domains and make use of those in traffic policies and rules actions to distinguish between known and unknown entries. + + +2.23.8 +====== + +* api-change:``firehose``: For AppendOnly streams, Firehose will automatically scale to match your throughput. +* api-change:``deadline``: feature: Deadline: Add support for limiting the concurrent usage of external resources, like floating licenses, using limits and the ability to constrain the maximum number of workers that work on a job +* api-change:``appsync``: Add stash and outErrors to EvaluateCode/EvaluateMappingTemplate response +* api-change:``ec2``: This release changes the CreateFleet CLI and SDK's such that if you do not specify a client token, a randomly generated token is used for the request to ensure idempotency. +* api-change:``timestream-influxdb``: Adds 'allocatedStorage' parameter to UpdateDbInstance API that allows increasing the database instance storage size and 'dbStorageType' parameter to UpdateDbInstance API that allows changing the storage type of the database instance +* api-change:``datasync``: AWS DataSync now supports the Kerberos authentication protocol for SMB locations. + + +2.23.7 +====== + +* api-change:``iot``: Raised the documentParameters size limit to 30 KB for AWS IoT Device Management - Jobs. +* api-change:``mediaconvert``: This release adds support for dynamic audio configuration and the ability to disable the deblocking filter for h265 encodes. +* bugfix:Signing: No longer sign transfer-encoding header for SigV4 +* api-change:``bedrock-agent``: Add support for the prompt caching feature for Bedrock Prompt Management +* api-change:``s3control``: Minor fix to ARN validation for Lambda functions passed to S3 Batch Operations + + 2.23.6 ====== diff -pruN 2.23.6-1/LICENSE.txt 2.31.35-1/LICENSE.txt --- 2.23.6-1/LICENSE.txt 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/LICENSE.txt 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -Copyright 2012-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of diff -pruN 2.23.6-1/README.rst 2.31.35-1/README.rst --- 2.23.6-1/README.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/README.rst 2025-11-12 19:17:29.000000000 +0000 @@ -11,11 +11,11 @@ This package provides a unified command The aws-cli package works on Python versions: -* 3.8.x * 3.9.x * 3.10.x * 3.11.x * 3.12.x +* 3.13.x .. attention:: We recommend that all customers regularly monitor the @@ -371,11 +371,11 @@ The latest changes to the CLI are in the to make sure you ``git checkout v2``. If you just want to install a snapshot of the latest development version of -the CLI, you can use the ``requirements-dev.txt`` file included in this repo. +the CLI, you can use the ``requirements-dev-lock.txt`` file included in this repo. This file points to the development version of our dependencies:: $ cd && git checkout v2 - $ pip install -r requirements-dev.txt + $ pip install -r requirements-dev-lock.txt $ pip install -e . Verify that the AWS CLI is correctly installed. Note that the word ``source`` should appear in the output:: diff -pruN 2.23.6-1/awscli/__init__.py 2.31.35-1/awscli/__init__.py --- 2.23.6-1/awscli/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,11 +15,12 @@ AWSCLI ---- A Universal Command Line Environment for Amazon Web Services. """ -import os + import importlib.abc +import os import sys -__version__ = '2.23.6' +__version__ = '2.31.35' # # Get our data path to be added to botocore's search path @@ -36,10 +37,18 @@ _awscli_data_path.append( os.environ['AWS_DATA_PATH'] = os.pathsep.join(_awscli_data_path) -SCALAR_TYPES = set([ - 'string', 'float', 'integer', 'long', 'boolean', 'double', - 'blob', 'timestamp' -]) +SCALAR_TYPES = set( + [ + 'string', + 'float', + 'integer', + 'long', + 'boolean', + 'double', + 'blob', + 'timestamp', + ] +) COMPLEX_TYPES = set(['structure', 'map', 'list']) @@ -57,13 +66,14 @@ class TopLevelImportAliasFinder(importli Note: That this import alias only comes into affect if anything is imported from the awscli package. """ + _PACKAGES = [ 'botocore', 's3transfer', ] _TARGET_FINDERS = [ 'pyimod02_importers.PyiFrozenImporter', # Pyinstaller injected finder - '_frozen_importlib_external.PathFinder' # Built-in path finder + '_frozen_importlib_external.PathFinder', # Built-in path finder ] def __init__(self, underlying_finder): @@ -84,7 +94,7 @@ class TopLevelImportAliasFinder(importli finder_name = finder.__class__.__name__ full_cls_name = f'{finder.__module__}.{finder_name}' if full_cls_name in cls._TARGET_FINDERS: - meta_path[i] = cls(finder) + meta_path.insert(i, cls(finder)) return def find_spec(self, fullname, path, target=None): @@ -94,3 +104,5 @@ class TopLevelImportAliasFinder(importli TopLevelImportAliasFinder.add_alias_finder(sys.meta_path) + +_DEFAULT_BASE_REMOTE_URL = f"https://awscli.amazonaws.com/v2/documentation/api/{__version__}" # noqa diff -pruN 2.23.6-1/awscli/__main__.py 2.31.35-1/awscli/__main__.py --- 2.23.6-1/awscli/__main__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/__main__.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,6 +16,5 @@ import sys from awscli.clidriver import main - if __name__ == "__main__": sys.exit(main()) diff -pruN 2.23.6-1/awscli/alias.py 2.31.35-1/awscli/alias.py --- 2.23.6-1/awscli/alias.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/alias.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,11 +17,10 @@ import subprocess from botocore.configloader import raw_config_parse -from awscli.compat import compat_shell_quote from awscli.commands import CLICommand +from awscli.compat import compat_shell_quote from awscli.utils import emit_top_level_args_parsed_event - LOG = logging.getLogger(__name__) @@ -41,10 +40,13 @@ class InvalidAliasException(Exception): pass -class AliasLoader(object): - def __init__(self, - alias_filename=os.path.expanduser( - os.path.join('~', '.aws', 'cli', 'alias'))): +class AliasLoader: + def __init__( + self, + alias_filename=os.path.expanduser( + os.path.join('~', '.aws', 'cli', 'alias') + ), + ): """Interface for loading and interacting with alias file :param alias_filename: The name of the file to load aliases from. @@ -60,8 +62,7 @@ class AliasLoader(object): def _load_aliases(self): parsed = {} if os.path.exists(self._filename): - parsed = raw_config_parse( - self._filename, parse_subsections=False) + parsed = raw_config_parse(self._filename, parse_subsections=False) self._normalize_key_names(parsed) return parsed @@ -94,7 +95,7 @@ class AliasLoader(object): return self._aliases.get(key, {}) -class BaseAliasCommandInjector(object): +class BaseAliasCommandInjector: def __init__(self, alias_loader): self._alias_loader = alias_loader @@ -106,7 +107,8 @@ class BaseAliasCommandInjector(object): def _inject_external_alias(self, alias_name, alias_value, command_table): command_table[alias_name] = ExternalAliasCommand( - alias_name, alias_value) + alias_name, alias_value + ) class AliasCommandInjector(BaseAliasCommandInjector): @@ -125,20 +127,23 @@ class AliasCommandInjector(BaseAliasComm def inject_aliases(self, command_table, parser): for alias_name, alias_value in self._get_alias_items(): if self._is_external_alias(alias_value): - self._inject_external_alias(alias_name, alias_value, - command_table) + self._inject_external_alias( + alias_name, alias_value, command_table + ) else: service_alias_cmd_args = [ - alias_name, alias_value, self._session, command_table, - parser + alias_name, + alias_value, + self._session, + command_table, + parser, ] # If the alias name matches something already in the # command table provide the command it is about # to clobber as a possible reference that it will # need to proxy to. if alias_name in command_table: - service_alias_cmd_args.append( - command_table[alias_name]) + service_alias_cmd_args.append(command_table[alias_name]) alias_cmd = ServiceAliasCommand(*service_alias_cmd_args) command_table[alias_name] = alias_cmd @@ -153,14 +158,18 @@ class AliasSubCommandInjector(BaseAliasC if self._global_args_parser is None: if self._global_cmd_driver is not None: command_table = self._global_cmd_driver.subcommand_table - self._global_args_parser = \ + self._global_args_parser = ( self._global_cmd_driver.create_parser(command_table) + ) return self._global_args_parser - def on_building_command_table(self, command_table, event_name, - command_object, session, **kwargs): - if not isinstance(command_object, CLICommand) and \ - event_name == 'building-command-table.main': + def on_building_command_table( + self, command_table, event_name, command_object, session, **kwargs + ): + if ( + not isinstance(command_object, CLICommand) + and event_name == 'building-command-table.main' + ): self._global_cmd_driver = command_object return # We have to transform the event name to figure out what the @@ -185,14 +194,18 @@ class AliasSubCommandInjector(BaseAliasC for alias_name, alias_value in aliases_for_cmd.items(): if self._is_external_alias(alias_value): self._inject_external_alias( - alias_name, alias_value, command_table) + alias_name, alias_value, command_table + ) else: proxied_sub_command = command_table.get(alias_name) command_table[alias_name] = InternalAliasSubCommand( - alias_name, alias_value, command_object, + alias_name, + alias_value, + command_object, self._retrieve_global_args_parser(), session=session, - proxied_sub_command=proxied_sub_command) + proxied_sub_command=proxied_sub_command, + ) class BaseAliasCommand(CLICommand): @@ -233,10 +246,7 @@ class BaseAliasCommand(CLICommand): class BaseInternalAliasCommand(BaseAliasCommand): - UNSUPPORTED_GLOBAL_PARAMETERS = [ - 'debug', - 'profile' - ] + UNSUPPORTED_GLOBAL_PARAMETERS = ['debug', 'profile'] def __init__(self, alias_name, alias_value, session): super(BaseInternalAliasCommand, self).__init__(alias_name, alias_value) @@ -248,21 +258,25 @@ class BaseInternalAliasCommand(BaseAlias except ValueError as e: raise InvalidAliasException( 'Value of alias "%s" could not be parsed. ' - 'Received error: %s when parsing:\n%s' % ( - self._alias_name, e, self._alias_value) + 'Received error: %s when parsing:\n%s' + % (self._alias_name, e, self._alias_value) ) alias_args = [arg.strip(os.linesep) for arg in alias_args] LOG.debug( 'Expanded subcommand alias %r with value: %r to: %r', - self._alias_name, self._alias_value, alias_args + self._alias_name, + self._alias_value, + alias_args, ) return alias_args - def _update_parsed_globals(self, arg_parser, parsed_alias_args, - parsed_globals): + def _update_parsed_globals( + self, arg_parser, parsed_alias_args, parsed_globals + ): global_params_to_update = self._get_global_parameters_to_update( - arg_parser, parsed_alias_args) + arg_parser, parsed_alias_args + ) # Emit the top level args parsed event to ensure all possible # customizations that typically get applied are applied to the # global parameters provided in the alias before updating @@ -288,16 +302,24 @@ class BaseInternalAliasCommand(BaseAlias if parsed_param in self.UNSUPPORTED_GLOBAL_PARAMETERS: raise InvalidAliasException( 'Global parameter "--%s" detected in alias "%s" ' - 'which is not support in subcommand aliases.' % ( - parsed_param, self._alias_name)) + 'which is not supported in subcommand aliases.' + % (parsed_param, self._alias_name) + ) else: global_params_to_update.append(parsed_param) return global_params_to_update class ServiceAliasCommand(BaseInternalAliasCommand): - def __init__(self, alias_name, alias_value, session, command_table, - parser, shadow_proxy_command=None): + def __init__( + self, + alias_name, + alias_value, + session, + command_table, + parser, + shadow_proxy_command=None, + ): """Command for a `toplevel` subcommand alias :type alias_name: string @@ -329,7 +351,8 @@ class ServiceAliasCommand(BaseInternalAl table """ super(ServiceAliasCommand, self).__init__( - alias_name, alias_value, session) + alias_name, alias_value, session + ) self._command_table = command_table self._parser = parser self._shadow_proxy_command = shadow_proxy_command @@ -337,15 +360,20 @@ class ServiceAliasCommand(BaseInternalAl def __call__(self, args, parsed_globals): alias_args = self._get_alias_args() parsed_alias_args, remaining = self._parser.parse_known_args( - alias_args) - self._update_parsed_globals(self._parser, parsed_alias_args, - parsed_globals) + alias_args + ) + self._update_parsed_globals( + self._parser, parsed_alias_args, parsed_globals + ) # Take any of the remaining arguments that were not parsed out and # prepend them to the remaining args provided to the alias. remaining.extend(args) LOG.debug( 'Alias %r passing on arguments: %r to %r command', - self._alias_name, remaining, parsed_alias_args.command) + self._alias_name, + remaining, + parsed_alias_args.command, + ) # Pass the update remaining args and global args to the service command # the alias proxied to. command = self._command_table[parsed_alias_args.command] @@ -356,9 +384,9 @@ class ServiceAliasCommand(BaseInternalAl # a built-in command. if shadow_name == parsed_alias_args.command: LOG.debug( - 'Using shadowed command object: %s ' - 'for alias: %s', self._shadow_proxy_command, - self._alias_name + 'Using shadowed command object: %s for alias: %s', + self._shadow_proxy_command, + self._alias_name, ) command = self._shadow_proxy_command return command(remaining, parsed_globals) @@ -386,32 +414,40 @@ class ExternalAliasCommand(BaseAliasComm self._invoker = invoker def __call__(self, args, parsed_globals): - command_components = [ - self._alias_value[1:] - ] + command_components = [self._alias_value[1:]] command_components.extend(compat_shell_quote(a) for a in args) command = ' '.join(command_components) LOG.debug( 'Using external alias %r with value: %r to run: %r', - self._alias_name, self._alias_value, command) + self._alias_name, + self._alias_value, + command, + ) return self._invoker(command, shell=True) class InternalAliasSubCommand(BaseInternalAliasCommand): - - def __init__(self, alias_name, alias_value, command_object, - global_args_parser, session, - proxied_sub_command=None): + def __init__( + self, + alias_name, + alias_value, + command_object, + global_args_parser, + session, + proxied_sub_command=None, + ): super(InternalAliasSubCommand, self).__init__( - alias_name, alias_value, session) + alias_name, alias_value, session + ) self._command_object = command_object self._global_args_parser = global_args_parser self._proxied_sub_command = proxied_sub_command def _process_global_args(self, arg_parser, alias_args, parsed_globals): globally_parseable_args = [parsed_globals.command] + alias_args - alias_globals, remaining = arg_parser\ - .parse_known_args(globally_parseable_args) + alias_globals, remaining = arg_parser.parse_known_args( + globally_parseable_args + ) self._update_parsed_globals(arg_parser, alias_globals, parsed_globals) return remaining @@ -429,7 +465,8 @@ class InternalAliasSubCommand(BaseIntern # embedded as part of the alias value (i.e defined in the alias file) alias_args = self._get_alias_args() cmd_specific_args = self._process_global_args( - self._global_args_parser, alias_args, parsed_globals) + self._global_args_parser, alias_args, parsed_globals + ) cmd_specific_args.extend(args) if self._proxied_sub_command is not None: # If we overwrote an existing command, we just delegate to that @@ -438,8 +475,10 @@ class InternalAliasSubCommand(BaseIntern # command so we remove that value before delegating to the # proxied command. cmd_specific_args = cmd_specific_args[1:] - LOG.debug("Delegating to proxy sub-command with new alias " - "args: %s", alias_args) + LOG.debug( + "Delegating to proxy sub-command with new alias args: %s", + alias_args, + ) return self._proxied_sub_command(cmd_specific_args, parsed_globals) else: return self._command_object(cmd_specific_args, parsed_globals) diff -pruN 2.23.6-1/awscli/argparser.py 2.31.35-1/awscli/argparser.py --- 2.23.6-1/awscli/argparser.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/argparser.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,7 +15,6 @@ import copy import sys from difflib import get_close_matches - HELP_BLURB = ( "To see help text, you can run:\n" "\n" @@ -25,7 +24,7 @@ HELP_BLURB = ( ) USAGE = ( "aws [options] [ ...] [parameters]\n" - "%s" % HELP_BLURB + f"{HELP_BLURB}" ) @@ -40,11 +39,10 @@ class CommandAction(argparse.Action): are dynamically retrieved from the keys of the referenced command table """ + def __init__(self, option_strings, dest, command_table, **kwargs): self.command_table = command_table - super(CommandAction, self).__init__( - option_strings, dest, choices=self.choices, **kwargs - ) + super().__init__(option_strings, dest, choices=self.choices, **kwargs) def __call__(self, parser, namespace, values, option_string=None): setattr(namespace, self.dest, values) @@ -65,10 +63,6 @@ class CommandAction(argparse.Action): class CLIArgParser(argparse.ArgumentParser): Formatter = argparse.RawTextHelpFormatter - # When displaying invalid choice error messages, - # this controls how many options to show per line. - ChoicesPerLine = 2 - def _check_value(self, action, value): """ It's probably not a great idea to override a "hidden" method @@ -77,22 +71,17 @@ class CLIArgParser(argparse.ArgumentPars """ # converted value must be one of the choices (if specified) if action.choices is not None and value not in action.choices: - msg = ['Invalid choice, valid choices are:\n'] - for i in range(len(action.choices))[::self.ChoicesPerLine]: - current = [] - for choice in action.choices[i:i+self.ChoicesPerLine]: - current.append('%-40s' % choice) - msg.append(' | '.join(current)) + msg = [f"Found invalid choice '{value}'\n"] possible = get_close_matches(value, action.choices, cutoff=0.8) if possible: - extra = ['\n\nInvalid choice: %r, maybe you meant:\n' % value] + extra = ['Maybe you meant:\n'] for word in possible: - extra.append(' * %s' % word) + extra.append(f' * {word}') msg.extend(extra) raise argparse.ArgumentError(action, '\n'.join(msg)) def parse_known_args(self, args, namespace=None): - parsed, remaining = super(CLIArgParser, self).parse_known_args(args, namespace) + parsed, remaining = super().parse_known_args(args, namespace) terminal_encoding = getattr(sys.stdin, 'encoding', 'utf-8') if terminal_encoding is None: # In some cases, sys.stdin won't have an encoding set, @@ -124,55 +113,67 @@ class CLIArgParser(argparse.ArgumentPars should raise an exception. """ usage_message = self.format_usage() - error_message = f'{self.prog}: error: {message}\n' - raise ArgParseException(f'{usage_message}\n{error_message}') + error_message = f'{self.prog}: [ERROR]: {message}' + raise ArgParseException(f'{error_message}\n\n{usage_message}') class MainArgParser(CLIArgParser): Formatter = argparse.RawTextHelpFormatter - def __init__(self, command_table, version_string, - description, argument_table, prog=None): - super(MainArgParser, self).__init__( + def __init__( + self, + command_table, + version_string, + description, + argument_table, + prog=None, + ): + super().__init__( formatter_class=self.Formatter, add_help=False, conflict_handler='resolve', description=description, usage=USAGE, - prog=prog) + prog=prog, + ) self._build(command_table, version_string, argument_table) def _create_choice_help(self, choices): help_str = '' for choice in sorted(choices): - help_str += '* %s\n' % choice + help_str += f'* {choice}\n' return help_str def _build(self, command_table, version_string, argument_table): for argument_name in argument_table: argument = argument_table[argument_name] argument.add_to_parser(self) - self.add_argument('--version', action="version", - version=version_string, - help='Display the version of this tool') - self.add_argument('command', action=CommandAction, - command_table=command_table) + self.add_argument( + '--version', + action="version", + version=version_string, + help='Display the version of this tool', + ) + self.add_argument( + 'command', action=CommandAction, command_table=command_table + ) class ServiceArgParser(CLIArgParser): - def __init__(self, operations_table, service_name): - super(ServiceArgParser, self).__init__( + super().__init__( formatter_class=argparse.RawTextHelpFormatter, add_help=False, conflict_handler='resolve', - usage=USAGE) + usage=USAGE, + ) self._build(operations_table) self._service_name = service_name def _build(self, operations_table): - self.add_argument('operation', action=CommandAction, - command_table=operations_table) + self.add_argument( + 'operation', action=CommandAction, command_table=operations_table + ) class ArgTableArgParser(CLIArgParser): @@ -182,11 +183,12 @@ class ArgTableArgParser(CLIArgParser): # command_table is an optional subcommand_table. If it's passed # in, then we'll update the argparse to parse a 'subcommand' argument # and populate the choices field with the command table keys. - super(ArgTableArgParser, self).__init__( + super().__init__( formatter_class=self.Formatter, add_help=False, usage=USAGE, - conflict_handler='resolve') + conflict_handler='resolve', + ) if command_table is None: command_table = {} self._build(argument_table, command_table) @@ -196,8 +198,12 @@ class ArgTableArgParser(CLIArgParser): argument = argument_table[arg_name] argument.add_to_parser(self) if command_table: - self.add_argument('subcommand', action=CommandAction, - command_table=command_table, nargs='?') + self.add_argument( + 'subcommand', + action=CommandAction, + command_table=command_table, + nargs='?', + ) def parse_known_args(self, args, namespace=None): if len(args) == 1 and args[0] == 'help': @@ -205,8 +211,7 @@ class ArgTableArgParser(CLIArgParser): namespace.help = 'help' return namespace, [] else: - return super(ArgTableArgParser, self).parse_known_args( - args, namespace) + return super().parse_known_args(args, namespace) class SubCommandArgParser(ArgTableArgParser): @@ -219,8 +224,7 @@ class SubCommandArgParser(ArgTableArgPar """ def parse_known_args(self, args, namespace=None): - parsed_args, remaining = super( - SubCommandArgParser, self).parse_known_args(args, namespace) + parsed_args, remaining = super().parse_known_args(args, namespace) if getattr(parsed_args, 'subcommand', None) is not None: new_args = self._remove_subcommand(args, parsed_args) return new_args, parsed_args.subcommand @@ -256,14 +260,17 @@ class SubCommandArgParser(ArgTableArgPar # fail if any of the required args aren't provided. We don't # want to mutate the arg table that's provided to us, so we # make a copy of it and then set all the required to not required. - non_required_arg_table = self._non_required_arg_table( - argument_table) + non_required_arg_table = self._non_required_arg_table(argument_table) for arg_name in non_required_arg_table: argument = non_required_arg_table[arg_name] argument.add_to_parser(self) if command_table: - self.add_argument('subcommand', action=CommandAction, - command_table=command_table, nargs='?') + self.add_argument( + 'subcommand', + action=CommandAction, + command_table=command_table, + nargs='?', + ) def _non_required_arg_table(self, argument_table): arg_table_copy = {} diff -pruN 2.23.6-1/awscli/argprocess.py 2.31.35-1/awscli/argprocess.py --- 2.23.6-1/awscli/argprocess.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/argprocess.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,18 +11,19 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Module for processing CLI args.""" -import os + import logging +import os from botocore.compat import OrderedDict, json +from botocore.utils import is_json_value_header -from awscli import SCALAR_TYPES, COMPLEX_TYPES -from awscli import shorthand +from awscli import COMPLEX_TYPES, SCALAR_TYPES, shorthand from awscli.utils import ( - find_service_and_method_in_event_name, is_document_type, - is_document_type_container + find_service_and_method_in_event_name, + is_document_type, + is_document_type_container, ) -from botocore.utils import is_json_value_header LOG = logging.getLogger('awscli.argprocess') @@ -40,8 +41,7 @@ class ParamError(Exception): :param message: The error message to display to the user. """ - full_message = ("Error parsing parameter '%s': %s" % - (cli_name, message)) + full_message = "Error parsing parameter '%s': %s" % (cli_name, message) super(ParamError, self).__init__(full_message) self.cli_name = cli_name self.message = message @@ -54,9 +54,7 @@ class ParamSyntaxError(Exception): class ParamUnknownKeyError(Exception): def __init__(self, key, valid_keys): valid_keys = ', '.join(valid_keys) - full_message = ( - "Unknown key '%s', valid choices " - "are: %s" % (key, valid_keys)) + full_message = f"Unknown key '{key}', valid choices are: {valid_keys}" super(ParamUnknownKeyError, self).__init__(full_message) @@ -64,7 +62,9 @@ class TooComplexError(Exception): pass -def unpack_argument(session, service_name, operation_name, cli_argument, value): +def unpack_argument( + session, service_name, operation_name, cli_argument, value +): """ Unpack an argument's value from the commandline. This is part one of a two step process in handling commandline arguments. Emits the load-cli-arg @@ -76,11 +76,12 @@ def unpack_argument(session, service_nam param_name = getattr(cli_argument, 'name', 'anonymous') value_override = session.emit_first_non_none_response( - 'load-cli-arg.%s.%s.%s' % (service_name, - operation_name, - param_name), - param=cli_argument, value=value, service_name=service_name, - operation_name=operation_name) + 'load-cli-arg.%s.%s.%s' % (service_name, operation_name, param_name), + param=cli_argument, + value=value, + service_name=service_name, + operation_name=operation_name, + ) if value_override is not None: value = value_override @@ -102,8 +103,10 @@ def _detect_shape_structure(param, stack if param.type_name in SCALAR_TYPES: return 'scalar' elif param.type_name == 'structure': - sub_types = [_detect_shape_structure(p, stack) - for p in param.members.values()] + sub_types = [ + _detect_shape_structure(p, stack) + for p in param.members.values() + ] # We're distinguishing between structure(scalar) # and structure(scalars), because for the case of # a single scalar in a structure we can simplify @@ -141,29 +144,31 @@ def unpack_cli_arg(cli_argument, value): :return: The "unpacked" argument than can be sent to the `Operation` object in python. """ - return _unpack_cli_arg(cli_argument.argument_model, value, - cli_argument.cli_name) + return _unpack_cli_arg( + cli_argument.argument_model, value, cli_argument.cli_name + ) def _special_type(model): # check if model is jsonvalue header and that value is serializable - if model.serialization.get('jsonvalue') and \ - model.serialization.get('location') == 'header' and \ - model.type_name == 'string': + if ( + model.serialization.get('jsonvalue') + and model.serialization.get('location') == 'header' + and model.type_name == 'string' + ): return True return False def _unpack_cli_arg(argument_model, value, cli_name): - if is_json_value_header(argument_model) or \ - is_document_type(argument_model): + if is_json_value_header(argument_model) or is_document_type( + argument_model + ): return _unpack_json_cli_arg(argument_model, value, cli_name) elif argument_model.type_name in SCALAR_TYPES: - return unpack_scalar_cli_arg( - argument_model, value, cli_name) + return unpack_scalar_cli_arg(argument_model, value, cli_name) elif argument_model.type_name in COMPLEX_TYPES: - return _unpack_complex_cli_arg( - argument_model, value, cli_name) + return _unpack_complex_cli_arg(argument_model, value, cli_name) else: return str(value) @@ -173,8 +178,8 @@ def _unpack_json_cli_arg(argument_model, return json.loads(value, object_pairs_hook=OrderedDict) except ValueError as e: raise ParamError( - cli_name, "Invalid JSON: %s\nJSON received: %s" - % (e, value)) + cli_name, "Invalid JSON: %s\nJSON received: %s" % (e, value) + ) def _unpack_complex_cli_arg(argument_model, value, cli_name): @@ -198,9 +203,10 @@ def _unpack_complex_cli_arg(argument_mod # 2. It's possible this is a list of json objects: # --filters '{"Name": ..}' '{"Name": ...}' member_shape_model = argument_model.member - return [_unpack_cli_arg(member_shape_model, v, cli_name) - for v in value] - except (ValueError, TypeError) as e: + return [ + _unpack_cli_arg(member_shape_model, v, cli_name) for v in value + ] + except (ValueError, TypeError): # The list params don't have a name/cli_name attached to them # so they will have bad error messages. We're going to # attach the parent parameter to this error message to provide @@ -211,13 +217,21 @@ def _unpack_complex_cli_arg(argument_mod def unpack_scalar_cli_arg(argument_model, value, cli_name=''): # Note the cli_name is used strictly for error reporting. It's # not required to use unpack_scalar_cli_arg - if argument_model.type_name == 'integer' or argument_model.type_name == 'long': + if ( + argument_model.type_name == 'integer' + or argument_model.type_name == 'long' + ): return int(value) - elif argument_model.type_name == 'float' or argument_model.type_name == 'double': + elif ( + argument_model.type_name == 'float' + or argument_model.type_name == 'double' + ): # TODO: losing precision on double types return float(value) - elif argument_model.type_name == 'blob' and \ - argument_model.serialization.get('streaming'): + elif ( + argument_model.type_name == 'blob' + and argument_model.serialization.get('streaming') + ): file_path = os.path.expandvars(value) file_path = os.path.expanduser(file_path) if not os.path.isfile(file_path): @@ -256,8 +270,7 @@ def _is_complex_shape(model): return True -class ParamShorthand(object): - +class ParamShorthand: def _uses_old_list_case(self, command_name, operation_name, argument_name): """ Determines whether a given operation for a service needs to use the @@ -265,27 +278,24 @@ class ParamShorthand(object): a single member. """ cases = { - 'firehose': { - 'put-record-batch': ['records'] - }, + 'firehose': {'put-record-batch': ['records']}, 'workspaces': { 'reboot-workspaces': ['reboot-workspace-requests'], 'rebuild-workspaces': ['rebuild-workspace-requests'], - 'terminate-workspaces': ['terminate-workspace-requests'] + 'terminate-workspaces': ['terminate-workspace-requests'], }, 'elb': { 'remove-tags': ['tags'], 'describe-instance-health': ['instances'], 'deregister-instances-from-load-balancer': ['instances'], - 'register-instances-with-load-balancer': ['instances'] - } + 'register-instances-with-load-balancer': ['instances'], + }, } cases = cases.get(command_name, {}).get(operation_name, []) return argument_name in cases class ParamShorthandParser(ParamShorthand): - def __init__(self): self._parser = shorthand.ShorthandParser() self._visitor = shorthand.BackCompatVisitor() @@ -321,18 +331,21 @@ class ParamShorthandParser(ParamShorthan if not self._should_parse_as_shorthand(cli_argument, value): return else: - command_name, operation_name = \ + command_name, operation_name = ( find_service_and_method_in_event_name(event_name) + ) return self._parse_as_shorthand( - cli_argument, value, command_name, operation_name) + cli_argument, value, command_name, operation_name + ) - def _parse_as_shorthand(self, cli_argument, value, command_name, - operation_name): + def _parse_as_shorthand( + self, cli_argument, value, command_name, operation_name + ): try: - LOG.debug("Parsing param %s as shorthand", - cli_argument.cli_name) + LOG.debug("Parsing param %s as shorthand", cli_argument.cli_name) handled_value = self._handle_special_cases( - cli_argument, value, command_name, operation_name) + cli_argument, value, command_name, operation_name + ) if handled_value is not None: return handled_value if isinstance(value, list): @@ -357,15 +370,20 @@ class ParamShorthandParser(ParamShorthan raise ParamError(cli_argument.cli_name, str(e)) return parsed - def _handle_special_cases(self, cli_argument, value, command_name, - operation_name): + def _handle_special_cases( + self, cli_argument, value, command_name, operation_name + ): # We need to handle a few special cases that the previous # parser handled in order to stay backwards compatible. model = cli_argument.argument_model - if model.type_name == 'list' and \ - model.member.type_name == 'structure' and \ - len(model.member.members) == 1 and \ - self._uses_old_list_case(command_name, operation_name, cli_argument.name): + if ( + model.type_name == 'list' + and model.member.type_name == 'structure' + and len(model.member.members) == 1 + and self._uses_old_list_case( + command_name, operation_name, cli_argument.name + ) + ): # First special case is handling a list of structures # of a single element such as: # @@ -378,11 +396,13 @@ class ParamShorthandParser(ParamShorthan key_name = list(model.member.members.keys())[0] new_values = [{key_name: v} for v in value] return new_values - elif model.type_name == 'structure' and \ - len(model.members) == 1 and \ - 'Value' in model.members and \ - model.members['Value'].type_name == 'string' and \ - '=' not in value: + elif ( + model.type_name == 'structure' + and len(model.members) == 1 + and 'Value' in model.members + and model.members['Value'].type_name == 'string' + and '=' not in value + ): # Second special case is where a structure of a single # value whose member name is "Value" can be specified # as: @@ -401,9 +421,13 @@ class ParamShorthandParser(ParamShorthan else: check_val = value if isinstance(check_val, str) and check_val.strip().startswith( - ('[', '{')): - LOG.debug("Param %s looks like JSON, not considered for " - "param shorthand.", cli_argument.py_name) + ('[', '{') + ): + LOG.debug( + "Param %s looks like JSON, not considered for " + "param shorthand.", + cli_argument.py_name, + ) return False model = cli_argument.argument_model return _supports_shorthand_syntax(model) @@ -421,8 +445,9 @@ class ParamShorthandDocGen(ParamShorthan return _supports_shorthand_syntax(argument_model) return False - def generate_shorthand_example(self, cli_argument, command_name, - operation_name): + def generate_shorthand_example( + self, cli_argument, command_name, operation_name + ): """Generate documentation for a CLI argument. :type cli_argument: awscli.arguments.BaseCLIArgument @@ -437,7 +462,8 @@ class ParamShorthandDocGen(ParamShorthan """ docstring = self._handle_special_cases( - cli_argument, command_name, operation_name) + cli_argument, command_name, operation_name + ) if docstring is self._DONT_DOC: return None elif docstring: @@ -455,24 +481,35 @@ class ParamShorthandDocGen(ParamShorthan except TooComplexError: return '' - def _handle_special_cases(self, cli_argument, command_name, operation_name): + def _handle_special_cases( + self, cli_argument, command_name, operation_name + ): model = cli_argument.argument_model - if model.type_name == 'list' and \ - model.member.type_name == 'structure' and \ - len(model.member.members) == 1 and \ - self._uses_old_list_case( - command_name, operation_name, cli_argument.name): + if ( + model.type_name == 'list' + and model.member.type_name == 'structure' + and len(model.member.members) == 1 + and self._uses_old_list_case( + command_name, operation_name, cli_argument.name + ) + ): member_name = list(model.member.members)[0] # Handle special case where the min/max is exactly one. metadata = model.metadata if metadata.get('min') == 1 and metadata.get('max') == 1: return '%s %s1' % (cli_argument.cli_name, member_name) - return '%s %s1 %s2 %s3' % (cli_argument.cli_name, member_name, - member_name, member_name) - elif model.type_name == 'structure' and \ - len(model.members) == 1 and \ - 'Value' in model.members and \ - model.members['Value'].type_name == 'string': + return '%s %s1 %s2 %s3' % ( + cli_argument.cli_name, + member_name, + member_name, + member_name, + ) + elif ( + model.type_name == 'structure' + and len(model.members) == 1 + and 'Value' in model.members + and model.members['Value'].type_name == 'string' + ): return self._DONT_DOC return '' diff -pruN 2.23.6-1/awscli/arguments.py 2.31.35-1/awscli/arguments.py --- 2.23.6-1/awscli/arguments.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/arguments.py 2025-11-12 19:17:29.000000000 +0000 @@ -36,15 +36,14 @@ Arguments generally fall into one of sev user input and maps the input value to several API parameters. """ + import logging -from botocore import xform_name +from botocore import model, xform_name from botocore.hooks import first_non_none_response from awscli.argprocess import unpack_cli_arg from awscli.schema import SchemaTransformer -from botocore import model - LOG = logging.getLogger('awscli.arguments') @@ -66,7 +65,7 @@ def create_argument_model_from_schema(sc return arg_shape -class BaseCLIArgument(object): +class BaseCLIArgument: """Interface for CLI argument. This class represents the interface used for representing CLI @@ -203,11 +202,24 @@ class CustomArgument(BaseCLIArgument): """ - def __init__(self, name, help_text='', dest=None, default=None, - action=None, required=None, choices=None, nargs=None, - cli_type_name=None, group_name=None, positional_arg=False, - no_paramfile=False, argument_model=None, synopsis='', - const=None): + def __init__( + self, + name, + help_text='', + dest=None, + default=None, + action=None, + required=None, + choices=None, + nargs=None, + cli_type_name=None, + group_name=None, + positional_arg=False, + no_paramfile=False, + argument_model=None, + synopsis='', + const=None, + ): self._name = name self._help = help_text self._dest = dest @@ -235,8 +247,10 @@ class CustomArgument(BaseCLIArgument): # If the top level element is a list then set nargs to # accept multiple values seperated by a space. - if self.argument_model is not None and \ - self.argument_model.type_name == 'list': + if ( + self.argument_model is not None + and self.argument_model.type_name == 'list' + ): self._nargs = '+' def _create_scalar_argument_model(self): @@ -337,9 +351,7 @@ class CustomArgument(BaseCLIArgument): class CLIArgument(BaseCLIArgument): - """Represents a CLI argument that maps to a service parameter. - - """ + """Represents a CLI argument that maps to a service parameter.""" TYPE_MAP = { 'structure': str, @@ -352,12 +364,18 @@ class CLIArgument(BaseCLIArgument): 'long': int, 'boolean': bool, 'double': float, - 'blob': str + 'blob': str, } - def __init__(self, name, argument_model, operation_model, - event_emitter, is_required=False, - serialized_name=None): + def __init__( + self, + name, + argument_model, + operation_model, + event_emitter, + is_required=False, + serialized_name=None, + ): """ :type name: str @@ -433,7 +451,8 @@ class CLIArgument(BaseCLIArgument): cli_name, help=self.documentation, type=self.cli_type, - required=self.required) + required=self.required, + ) def add_to_params(self, parameters, value): if value is None: @@ -451,16 +470,23 @@ class CLIArgument(BaseCLIArgument): # below. Sometimes this can be more complicated, and subclasses # can customize as they need. unpacked = self._unpack_argument(value) - LOG.debug('Unpacked value of %r for parameter "%s": %r', value, - self.py_name, unpacked) + LOG.debug( + 'Unpacked value of %r for parameter "%s": %r', + value, + self.py_name, + unpacked, + ) parameters[self._serialized_name] = unpacked def _unpack_argument(self, value): service_name = self._operation_model.service_model.service_name operation_name = xform_name(self._operation_model.name, '-') - override = self._emit_first_response('process-cli-arg.%s.%s' % ( - service_name, operation_name), param=self.argument_model, - cli_argument=self, value=value) + override = self._emit_first_response( + 'process-cli-arg.%s.%s' % (service_name, operation_name), + param=self.argument_model, + cli_argument=self, + value=value, + ) if override is not None: # A plugin supplied an alternate conversion, # use it instead. @@ -478,17 +504,18 @@ class CLIArgument(BaseCLIArgument): class ListArgument(CLIArgument): - @property def nargs(self): return '*' def add_to_parser(self, parser): cli_name = self.cli_name - parser.add_argument(cli_name, - nargs=self.nargs, - type=self.cli_type, - required=self.required) + parser.add_argument( + cli_name, + nargs=self.nargs, + type=self.cli_type, + required=self.required, + ) class BooleanArgument(CLIArgument): @@ -508,17 +535,27 @@ class BooleanArgument(CLIArgument): """ - def __init__(self, name, argument_model, operation_model, - event_emitter, - is_required=False, action='store_true', dest=None, - group_name=None, default=None, - serialized_name=None): - super(BooleanArgument, self).__init__(name, - argument_model, - operation_model, - event_emitter, - is_required, - serialized_name=serialized_name) + def __init__( + self, + name, + argument_model, + operation_model, + event_emitter, + is_required=False, + action='store_true', + dest=None, + group_name=None, + default=None, + serialized_name=None, + ): + super(BooleanArgument, self).__init__( + name, + argument_model, + operation_model, + event_emitter, + is_required, + serialized_name=serialized_name, + ) self._mutex_group = None self._action = action if dest is None: @@ -549,18 +586,25 @@ class BooleanArgument(CLIArgument): argument_table[self.name] = self negative_name = 'no-%s' % self.name negative_version = self.__class__( - negative_name, self.argument_model, - self._operation_model, self._event_emitter, - action='store_false', dest=self._destination, - group_name=self.group_name, serialized_name=self._serialized_name) + negative_name, + self.argument_model, + self._operation_model, + self._event_emitter, + action='store_false', + dest=self._destination, + group_name=self.group_name, + serialized_name=self._serialized_name, + ) argument_table[negative_name] = negative_version def add_to_parser(self, parser): - parser.add_argument(self.cli_name, - help=self.documentation, - action=self._action, - default=self._default, - dest=self._destination) + parser.add_argument( + self.cli_name, + help=self.documentation, + action=self._action, + default=self._default, + dest=self._destination, + ) @property def group_name(self): diff -pruN 2.23.6-1/awscli/autocomplete/__init__.py 2.31.35-1/awscli/autocomplete/__init__.py --- 2.23.6-1/awscli/autocomplete/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -28,7 +28,7 @@ def lazy_call(import_name, **kwargs): return getattr(module, callable_name)(**kwargs) -class LazyClientCreator(object): +class LazyClientCreator: """Lazy create a botocore client. This class will defer creating a client until the create_client method @@ -40,21 +40,24 @@ class LazyClientCreator(object): a client. This class manages this process. """ - def __init__(self, - import_name='awscli.clidriver.create_clidriver'): + + def __init__(self, import_name='awscli.clidriver.create_clidriver'): self._import_name = import_name self._session_cache = {} - def create_client(self, service_name, parsed_region=None, - parsed_profile=None, **kwargs): + def create_client( + self, service_name, parsed_region=None, parsed_profile=None, **kwargs + ): if self._session_cache.get(parsed_profile) is None: session = self.create_session() session.set_config_variable('profile', parsed_profile) self._session_cache[parsed_profile] = session self._session_cache[parsed_profile].set_config_variable( - 'region', parsed_region) + 'region', parsed_region + ) return self._session_cache[parsed_profile].create_client( - service_name, **kwargs) + service_name, **kwargs + ) def create_session(self): return lazy_call(self._import_name).session diff -pruN 2.23.6-1/awscli/autocomplete/autogen.py 2.31.35-1/awscli/autocomplete/autogen.py --- 2.23.6-1/awscli/autocomplete/autogen.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/autogen.py 2025-11-12 19:17:29.000000000 +0000 @@ -5,17 +5,25 @@ server side autocompletions based on upd It can also be used to regen completion data as new heuristics are added. """ + import logging +from collections import defaultdict, namedtuple from difflib import SequenceMatcher -from collections import namedtuple, defaultdict - LOG = logging.getLogger(__name__) -Resource = namedtuple('Resource', ['resource_name', 'ident_name', - 'input_parameters', 'operation', 'jp_expr']) +Resource = namedtuple( + 'Resource', + [ + 'resource_name', + 'ident_name', + 'input_parameters', + 'operation', + 'jp_expr', + ], +) -class ServerCompletionHeuristic(object): +class ServerCompletionHeuristic: # Prefix that typically indicates listing resources, # e.g ListResources, DescribeResources, etc. _RESOURCE_VERB_PREFIX = ('list', 'describe') @@ -26,8 +34,9 @@ class ServerCompletionHeuristic(object): singularize = BasicSingularize() self._singularize = singularize - def generate_completion_descriptions(self, service_model, - prune_completions=True): + def generate_completion_descriptions( + self, service_model, prune_completions=True + ): """ :param service_model: A botocore.model.ServiceModel. @@ -48,10 +57,13 @@ class ServerCompletionHeuristic(object): if op_name.lower().startswith(self._RESOURCE_VERB_PREFIX): candidates.append(op_name) all_resources = self._generate_resource_descriptions( - candidates, service_model) + candidates, service_model + ) all_operations = self._generate_operations( self._filter_operation_names(service_model.operation_names), - all_resources, service_model) + all_resources, + service_model, + ) if prune_completions: self._prune_resource_identifiers(all_resources, all_operations) return { @@ -61,14 +73,18 @@ class ServerCompletionHeuristic(object): } def _filter_operation_names(self, op_names): - return [name for name in op_names - if not name.lower().startswith(self._OPERATION_EXCLUDES)] + return [ + name + for name in op_names + if not name.lower().startswith(self._OPERATION_EXCLUDES) + ] def _generate_resource_descriptions(self, candidates, service_model): all_resources = {} for op_name in candidates: resources = self._resource_for_single_operation( - op_name, service_model) + op_name, service_model + ) if resources is not None: for resource in resources: self._inject_resource(all_resources, resource) @@ -97,15 +113,17 @@ class ServerCompletionHeuristic(object): ) return op_map - def _add_completion_data_for_operation(self, op_map, op_name, - service_model, reverse_mapping): + def _add_completion_data_for_operation( + self, op_map, op_name, service_model, reverse_mapping + ): op_model = service_model.operation_model(op_name) input_shape = op_model.input_shape if not input_shape: return for member in input_shape.members: member_name = self._find_matching_member_name( - member, reverse_mapping) + member, reverse_mapping + ) if member_name is None: continue resource_name = self._find_matching_op_name( @@ -114,9 +132,11 @@ class ServerCompletionHeuristic(object): op = op_map.setdefault(op_name, {}) param = op.setdefault(member, {}) param['completions'] = [ - {'parameters': {}, - 'resourceName': resource_name, - 'resourceIdentifier': member_name} + { + 'parameters': {}, + 'resourceName': resource_name, + 'resourceIdentifier': member_name, + } ] def _find_matching_op_name(self, op_name, candidates): @@ -139,9 +159,7 @@ class ServerCompletionHeuristic(object): matcher.set_seq1(candidate) match_ratio = matcher.ratio() matching_score.append((match_ratio, candidate)) - return sorted( - matching_score, key=lambda x: x[0], reverse=True - )[0][1] + return sorted(matching_score, key=lambda x: x[0], reverse=True)[0][1] def _find_matching_member_name(self, member, reverse_mapping): # Try to find something in the reverse mapping that's close @@ -174,11 +192,18 @@ class ServerCompletionHeuristic(object): # conventions. op_model = service_model.operation_model(op_name) output = op_model.output_shape - list_members = [member for member, shape in output.members.items() - if shape.type_name == 'list'] + list_members = [ + member + for member, shape in output.members.items() + if shape.type_name == 'list' + ] if len(list_members) != 1: - LOG.debug("Operation does not have exactly one list member, " - "skipping: %s (%s)", op_name, list_members) + LOG.debug( + "Operation does not have exactly one list member, " + "skipping: %s (%s)", + op_name, + list_members, + ) return resource_member_name = list_members[0] list_member = output.members[resource_member_name].member @@ -187,52 +212,59 @@ class ServerCompletionHeuristic(object): required_members = op_model.input_shape.required_members if list_member.type_name == 'structure': return self._resource_from_structure( - op_name, resource_member_name, list_member, required_members) + op_name, resource_member_name, list_member, required_members + ) elif list_member.type_name == 'string': - return [self._resource_from_string( - op_name, resource_member_name, required_members, - )] - - def _resource_from_structure(self, op_name, - resource_member_name, list_member, - required_members): + return [ + self._resource_from_string( + op_name, + resource_member_name, + required_members, + ) + ] + + def _resource_from_structure( + self, op_name, resource_member_name, list_member, required_members + ): op_with_prefix_removed = self._remove_verb_prefix(op_name) - singular_name = self._singularize.make_singular( - op_with_prefix_removed) + singular_name = self._singularize.make_singular(op_with_prefix_removed) resources = [] for member_name in list_member.members: - jp_expr = ( - '{resource_member_name}[].{member_name}').format( - resource_member_name=resource_member_name, - member_name=member_name) - r = Resource(singular_name, member_name, required_members, - op_name, jp_expr) + jp_expr = f'{resource_member_name}[].{member_name}' + r = Resource( + singular_name, member_name, required_members, op_name, jp_expr + ) resources.append(r) return resources - def _resource_from_string(self, op_name, resource_member_name, - required_members): + def _resource_from_string( + self, op_name, resource_member_name, required_members + ): op_with_prefix_removed = self._remove_verb_prefix(op_name) - singular_name = self._singularize.make_singular( - op_with_prefix_removed) + singular_name = self._singularize.make_singular(op_with_prefix_removed) singular_member_name = self._singularize.make_singular( - resource_member_name) - r = Resource(singular_name, singular_member_name, required_members, - op_name, - '{resource_member_name}[]'.format( - resource_member_name=resource_member_name)) + resource_member_name + ) + r = Resource( + singular_name, + singular_member_name, + required_members, + op_name, + f'{resource_member_name}[]', + ) return r def _remove_verb_prefix(self, op_name): for prefix in self._RESOURCE_VERB_PREFIX: # 'ListResources' -> 'Resources' if op_name.lower().startswith(prefix): - op_with_prefix_removed = op_name[len(prefix):] + op_with_prefix_removed = op_name[len(prefix) :] return op_with_prefix_removed def _prune_resource_identifiers(self, all_resources, all_operations): used_identifiers = self._get_identifiers_referenced_by_operations( - all_operations) + all_operations + ) for resource, resource_data in list(all_resources.items()): identifiers = resource_data['resourceIdentifier'] known_ids_for_resource = used_identifiers.get(resource, set()) @@ -249,7 +281,8 @@ class ServerCompletionHeuristic(object): used_identifiers = {} for completion in self._all_completions(operations): used_identifiers.setdefault(completion['resourceName'], set()).add( - completion['resourceIdentifier']) + completion['resourceIdentifier'] + ) return used_identifiers def _all_completions(self, operations): @@ -259,7 +292,7 @@ class ServerCompletionHeuristic(object): yield completion -class BasicSingularize(object): +class BasicSingularize: """Simple implementation of making a word singular. Where possible, you should use nltk.stem.WordNetLemmatizer. diff -pruN 2.23.6-1/awscli/autocomplete/completer.py 2.31.35-1/awscli/autocomplete/completer.py --- 2.23.6-1/awscli/autocomplete/completer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/completer.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,13 +12,14 @@ # language governing permissions and limitations under the License. -class AutoCompleter(object): +class AutoCompleter: """Main auto-completer object for the AWS CLI. This object delegates to concrete completers that can perform completions for specific cases (e.g model-based completions, server-side completions, etc). """ + def __init__(self, parser, completers): """ @@ -47,15 +48,23 @@ class AutoCompleter(object): return [] -class CompletionResult(object): +class CompletionResult: """A data object for a single completion result. In addition to storing the completion string, this object also stores metadata about the completion. """ - def __init__(self, name, starting_index=0, required=False, - cli_type_name='', help_text='', display_text=None): + + def __init__( + self, + name, + starting_index=0, + required=False, + cli_type_name='', + help_text='', + display_text=None, + ): self.name = name self.starting_index = starting_index self.required = required @@ -65,20 +74,25 @@ class CompletionResult(object): def __eq__(self, other): return ( - isinstance(other, self.__class__) and - self.name == other.name and - self.starting_index == other.starting_index and - self.display_text == other.display_text + isinstance(other, self.__class__) + and self.name == other.name + and self.starting_index == other.starting_index + and self.display_text == other.display_text ) def __repr__(self): - return '%s(%s, %s, %s, %s, %s, %s)' % (self.__class__.__name__, self.name, - self.starting_index, self.required, - self.cli_type_name, self.help_text, - self.display_text) + return '%s(%s, %s, %s, %s, %s, %s)' % ( + self.__class__.__name__, + self.name, + self.starting_index, + self.required, + self.cli_type_name, + self.help_text, + self.display_text, + ) -class BaseCompleter(object): +class BaseCompleter: def complete(self, parsed): """Attempt to autocomplete parsed on parsed result. diff -pruN 2.23.6-1/awscli/autocomplete/custom.py 2.31.35-1/awscli/autocomplete/custom.py --- 2.23.6-1/awscli/autocomplete/custom.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/custom.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,8 +10,12 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.autocomplete.serverside.custom_completers.ddb.autocomplete import add_ddb_completers -from awscli.autocomplete.serverside.custom_completers.logs.autocomplete import add_log_completers +from awscli.autocomplete.serverside.custom_completers.ddb.autocomplete import ( + add_ddb_completers, +) +from awscli.autocomplete.serverside.custom_completers.logs.autocomplete import ( + add_log_completers, +) def get_custom_completers(): diff -pruN 2.23.6-1/awscli/autocomplete/db.py 2.31.35-1/awscli/autocomplete/db.py --- 2.23.6-1/awscli/autocomplete/db.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/db.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,10 +1,9 @@ -import os import logging +import os import sqlite3 from awscli import __version__ as cli_version - LOG = logging.getLogger(__name__) # We may eventually include a pre-generated version of this index as part @@ -14,7 +13,8 @@ INDEX_DIR = os.path.expanduser(os.path.j INDEX_FILE = os.path.join(INDEX_DIR, '%s.index' % cli_version) BUILTIN_INDEX_FILE = os.path.join( os.path.dirname(os.path.dirname(os.path.abspath(__file__))), - 'data', 'ac.index' + 'data', + 'ac.index', ) @@ -22,7 +22,7 @@ BUILTIN_INDEX_FILE = os.path.join( # I'd like to reuse code, but we also have the contraint that we don't # want to import anything outside of awscli.autocomplete to ensure # our startup time is as minimal as possible. -class DatabaseConnection(object): +class DatabaseConnection: _JOURNAL_MODE_OFF = 'PRAGMA journal_mode=OFF' def __init__(self, db_filename=None): @@ -34,10 +34,7 @@ class DatabaseConnection(object): @property def _connection(self): if self._db_conn is None: - kwargs = { - 'check_same_thread': False, - 'isolation_level': None - } + kwargs = {'check_same_thread': False, 'isolation_level': None} if self._db_filename.startswith('file::memory:'): # This statement was added because old versions of sqlite # don't support 'uri' but we use it for tests and because diff -pruN 2.23.6-1/awscli/autocomplete/filters.py 2.31.35-1/awscli/autocomplete/filters.py --- 2.23.6-1/awscli/autocomplete/filters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/filters.py 2025-11-12 19:17:29.000000000 +0000 @@ -37,26 +37,29 @@ def fuzzy_filter(prefix, completions): matches = list(regex.finditer(name)) if matches: # Prefer the match, closest to the left, then shortest. - best = min(matches, key=lambda m: (m.start(), - len(m.group(1)))) - fuzzy_matches.append(_FuzzyMatch( - len(best.group(1)), - best.start(), - completion) + best = min(matches, key=lambda m: (m.start(), len(m.group(1)))) + fuzzy_matches.append( + _FuzzyMatch(len(best.group(1)), best.start(), completion) ) - return [x for _, _, x in sorted( - fuzzy_matches, - key=lambda match: ( - match.match_length, match.start_pos, - match.completion.display_text, - match.completion.name) - )] + return [ + x + for _, _, x in sorted( + fuzzy_matches, + key=lambda match: ( + match.match_length, + match.start_pos, + match.completion.display_text, + match.completion.name, + ), + ) + ] return completions def startswith_filter(prefix, completions): return [ - completion for completion in completions + completion + for completion in completions if (completion.display_text or completion.name).startswith(prefix) ] diff -pruN 2.23.6-1/awscli/autocomplete/generator.py 2.31.35-1/awscli/autocomplete/generator.py --- 2.23.6-1/awscli/autocomplete/generator.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/generator.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,12 +11,13 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Generates auto completion index.""" + import os +from awscli import clidriver +from awscli.autocomplete import db from awscli.autocomplete.local import indexer from awscli.autocomplete.serverside.indexer import APICallIndexer -from awscli.autocomplete import db -from awscli import clidriver def generate_index(filename): @@ -55,7 +56,7 @@ def _do_generate_index(filename): db_connection.close() -class IndexGenerator(object): +class IndexGenerator: """Generates auto completion index. This will generate an auto completion index for all the low level @@ -64,6 +65,7 @@ class IndexGenerator(object): indices. """ + def __init__(self, indexers): self._indexers = indexers diff -pruN 2.23.6-1/awscli/autocomplete/local/basic.py 2.31.35-1/awscli/autocomplete/local/basic.py --- 2.23.6-1/awscli/autocomplete/local/basic.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/local/basic.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,10 +13,9 @@ import os import re -from awscli.autocomplete.completer import BaseCompleter -from awscli.autocomplete.completer import CompletionResult -from awscli.autocomplete.filters import startswith_filter from awscli.autocomplete import LazyClientCreator +from awscli.autocomplete.completer import BaseCompleter, CompletionResult +from awscli.autocomplete.filters import startswith_filter def strip_html_tags_and_newlines(text): @@ -25,8 +24,12 @@ def strip_html_tags_and_newlines(text): class ProfileCompleter(BaseCompleter): - def __init__(self, session=None, response_filter=startswith_filter, - session_creator=None): + def __init__( + self, + session=None, + response_filter=startswith_filter, + session_creator=None, + ): self._session = session self._filter = response_filter self._session_creator = session_creator @@ -34,15 +37,17 @@ class ProfileCompleter(BaseCompleter): self._session_creator = LazyClientCreator() def complete(self, parsed): - if parsed.current_param == 'profile' \ - and parsed.current_fragment is not None: + if ( + parsed.current_param == 'profile' + and parsed.current_fragment is not None + ): return self._filter(parsed.current_fragment, self._get_profiles()) def _get_profiles(self): return map( lambda x: CompletionResult(name=x), - self._get_session().available_profiles - ) + self._get_session().available_profiles, + ) def _get_session(self): if self._session is None: @@ -51,8 +56,12 @@ class ProfileCompleter(BaseCompleter): class RegionCompleter(BaseCompleter): - def __init__(self, session=None, response_filter=startswith_filter, - session_creator=None): + def __init__( + self, + session=None, + response_filter=startswith_filter, + session_creator=None, + ): self._session = session self._filter = response_filter self._session_creator = session_creator @@ -60,27 +69,28 @@ class RegionCompleter(BaseCompleter): self._session_creator = LazyClientCreator() def complete(self, parsed): - if parsed.current_param == 'region' \ - and parsed.current_fragment is not None: + if ( + parsed.current_param == 'region' + and parsed.current_fragment is not None + ): if len(parsed.lineage) > 1: service_name = parsed.lineage[1] else: service_name = 'ec2' - return self._filter(parsed.current_fragment, - self._get_region_completions(service_name)) + return self._filter( + parsed.current_fragment, + self._get_region_completions(service_name), + ) def _get_region_completions(self, service_name): return map( - lambda x: CompletionResult(name=x), - self._get_regions(service_name) + lambda x: CompletionResult(name=x), self._get_regions(service_name) ) def _get_regions(self, service_name): if self._session is None: self._session = self._session_creator.create_session() - return self._session.get_available_regions( - service_name=service_name - ) + return self._session.get_available_regions(service_name=service_name) class FilePathCompleter(BaseCompleter): @@ -92,16 +102,19 @@ class FilePathCompleter(BaseCompleter): def path_completer(self): if self._path_completer is None: from prompt_toolkit.completion import PathCompleter + self._path_completer = PathCompleter(expanduser=True) return self._path_completer def complete(self, parsed): - if parsed.current_fragment and \ - parsed.current_fragment.startswith(('file://', 'fileb://')): + if parsed.current_fragment and parsed.current_fragment.startswith( + ('file://', 'fileb://') + ): from prompt_toolkit.document import Document + for prefix in ['file://', 'fileb://']: if parsed.current_fragment.startswith(prefix): - filename_part = parsed.current_fragment[len(prefix):] + filename_part = parsed.current_fragment[len(prefix) :] break # PathCompleter makes really strange suggestions for lonely ~ # "username/", so in this case we handle it by ourselves @@ -110,29 +123,32 @@ class FilePathCompleter(BaseCompleter): dirname = os.path.dirname(filename_part) if dirname and dirname != os.sep: dirname = f'{dirname}{os.sep}' - document = Document( - text=dirname, - cursor_position=len(dirname)) + document = Document(text=dirname, cursor_position=len(dirname)) completions = self.path_completer.get_completions(document, None) results = [ CompletionResult( f'{prefix}' f'{os.path.join(dirname, completion.display[0][1])}', - display_text=completion.display[0][1]) - for completion in completions] + display_text=completion.display[0][1], + ) + for completion in completions + ] return self._filter(os.path.basename(filename_part), results) class ModelIndexCompleter(BaseCompleter): - def __init__(self, index, cli_driver_fetcher=None, - response_filter=startswith_filter): + def __init__( + self, index, cli_driver_fetcher=None, response_filter=startswith_filter + ): self._index = index self._cli_driver_fetcher = cli_driver_fetcher self._filter = response_filter def complete(self, parsed): - are_unparsed_items_paths = [bool(re.search('[./\\\\:]|(--)', item)) - for item in parsed.unparsed_items] + are_unparsed_items_paths = [ + bool(re.search('[./\\\\:]|(--)', item)) + for item in parsed.unparsed_items + ] if parsed.unparsed_items and all(are_unparsed_items_paths): # If all the unparsed items are file paths, then we auto-complete # options for the current fragment. This is to provide @@ -146,11 +162,15 @@ class ModelIndexCompleter(BaseCompleter) # instead. if not parsed.current_fragment: parsed.current_fragment = parsed.current_command - return self._filter(parsed.current_fragment, - self._complete_options(parsed)) + return self._filter( + parsed.current_fragment, self._complete_options(parsed) + ) - elif parsed.unparsed_items or parsed.current_fragment is None or \ - parsed.current_param: + elif ( + parsed.unparsed_items + or parsed.current_fragment is None + or parsed.current_param + ): # If there's ever any unparsed items, then the parser # encountered something it didn't understand. We won't # attempt to auto-complete anything here. @@ -171,17 +191,18 @@ class ModelIndexCompleter(BaseCompleter) # more commands to complete. commands = self._complete_command(parsed) if not commands: - return self._filter(parsed.current_fragment, - self._complete_options(parsed)) + return self._filter( + parsed.current_fragment, self._complete_options(parsed) + ) return self._filter(parsed.current_fragment, commands) def _complete_command(self, parsed): lineage = parsed.lineage + [parsed.current_command] offset = -len(parsed.current_fragment) - result = [CompletionResult(name, - help_text=full_name, - starting_index=offset) - for name, full_name in self._index.commands_with_full_name(lineage)] + result = [ + CompletionResult(name, help_text=full_name, starting_index=offset) + for name, full_name in self._index.commands_with_full_name(lineage) + ] return result def _outfile_filter(self, completion): @@ -194,17 +215,19 @@ class ModelIndexCompleter(BaseCompleter) # '--endpoint' -> 'endpoint' offset = -len(parsed.current_fragment) is_in_global_scope = ( - parsed.lineage == [] and - parsed.current_command == 'aws' + parsed.lineage == [] and parsed.current_command == 'aws' ) arg_names = self._index.arg_names( - lineage=parsed.lineage, command_name=parsed.current_command) + lineage=parsed.lineage, command_name=parsed.current_command + ) results = [] if not is_in_global_scope: for arg_name in arg_names: arg_data = self._index.get_argument_data( lineage=parsed.lineage, - command_name=parsed.current_command, arg_name=arg_name) + command_name=parsed.current_command, + arg_name=arg_name, + ) help_text = None if self._cli_driver_fetcher: help_text = strip_html_tags_and_newlines( @@ -212,20 +235,25 @@ class ModelIndexCompleter(BaseCompleter) parsed.lineage, parsed.current_command, arg_name ) ) - results.append(self._outfile_filter( - CompletionResult( - '--%s' % arg_name, - starting_index=offset, - required=arg_data.required, - cli_type_name=arg_data.type_name, - help_text=help_text) - ) + results.append( + self._outfile_filter( + CompletionResult( + '--%s' % arg_name, + starting_index=offset, + required=arg_data.required, + cli_type_name=arg_data.type_name, + help_text=help_text, + ) + ) ) # Global params apply to any scope self._inject_global_params(parsed, results) - return [result for result in results - if result.name.strip('--') not in (list(parsed.parsed_params) + - list(parsed.global_params))] + return [ + result + for result in results + if result.name.strip('--') + not in (list(parsed.parsed_params) + list(parsed.global_params)) + ] def _inject_global_params(self, parsed, results): offset = -len(parsed.current_fragment) @@ -240,31 +268,27 @@ class ModelIndexCompleter(BaseCompleter) ) ) global_param_completions.append( - CompletionResult('--%s' % arg_name, - starting_index=offset, - required=False, - cli_type_name=type_name, - help_text=help_text) + CompletionResult( + '--%s' % arg_name, + starting_index=offset, + required=False, + cli_type_name=type_name, + help_text=help_text, + ) ) results.extend(global_param_completions) class ShorthandCompleter(BaseCompleter): - _PARENS = { - "[": "]", - "{": "}" - } + _PARENS = {"[": "]", "{": "}"} _DUMMY_KEY_VALUE = 'cli_placeholder_for_key_value_replacement' _DUMMY_VALUE = 'cli_placeholder_for_value_replacement' _DUMMY_EQ_VALUE = 'cli_placeholder_for_key_eq_replacement' - _VALUE_PREFIXES = { - 'structure': '{', - 'list': '[', - 'map': '{' - } + _VALUE_PREFIXES = {'structure': '{', 'list': '[', 'map': '{'} - def __init__(self, cli_driver_fetcher=None, - response_filter=startswith_filter): + def __init__( + self, cli_driver_fetcher=None, response_filter=startswith_filter + ): self._filter = response_filter self._cli_driver_fetcher = cli_driver_fetcher self._shorthand_parser = None @@ -273,6 +297,7 @@ class ShorthandCompleter(BaseCompleter): def shorthand_parser(self): if self._shorthand_parser is None: from awscli.shorthand import ShorthandParser + self._shorthand_parser = ShorthandParser() return self._shorthand_parser @@ -284,7 +309,8 @@ class ShorthandCompleter(BaseCompleter): ) if arg_model is None: results = self._get_prompt_for_global_arg( - parsed.current_param, parsed.current_fragment) + parsed.current_param, parsed.current_fragment + ) return results parsed_input = self._parse_fragment(parsed.current_fragment) if parsed_input is not None: @@ -306,8 +332,10 @@ class ShorthandCompleter(BaseCompleter): if choices and prefix is not None: results = self._filter( prefix, - [CompletionResult(prefix, display_text=choice) - for choice in choices] + [ + CompletionResult(prefix, display_text=choice) + for choice in choices + ], ) return self._set_results_name(results, prefix) @@ -316,7 +344,7 @@ class ShorthandCompleter(BaseCompleter): name_part_len = len(fragment) - len(result.name) result.name = "%s%s" % ( fragment[:name_part_len], - result.display_text + result.display_text, ) return results @@ -352,6 +380,7 @@ class ShorthandCompleter(BaseCompleter): # and make one more attempt # --option foo={bar -> foo={bar=DUMMY_EQ_VALUE from awscli.shorthand import ShorthandParseError + if fragment is None: return None if fragment == '': @@ -369,7 +398,8 @@ class ShorthandCompleter(BaseCompleter): except ShorthandParseError: if attempt == 1: return self._parse_fragment( - f'{fragment}={self._DUMMY_EQ_VALUE}', attempt + 1) + f'{fragment}={self._DUMMY_EQ_VALUE}', attempt + 1 + ) # if we get here it means that we can't make it parsable and can't # suggest anything so the only solution is to wait till user enter more @@ -423,7 +453,7 @@ class ShorthandCompleter(BaseCompleter): if close_brackets: return CompletionResult( f'{fragment}{close_brackets}', - display_text='Autoclose brackets' + display_text='Autoclose brackets', ) def _get_prompt_for_string(self, arg_model, parsed_input): @@ -437,18 +467,26 @@ class ShorthandCompleter(BaseCompleter): prefix = list(prefix.keys())[0] if prefix == self._DUMMY_VALUE: prefix = '' - return self._filter(prefix, - [CompletionResult(prefix, display_text=enum) - for enum in arg_model.enum]) + return self._filter( + prefix, + [ + CompletionResult(prefix, display_text=enum) + for enum in arg_model.enum + ], + ) def _get_prompt_for_boolean(self, arg_model, parsed_input): all_results = ['true', 'false'] prefix = parsed_input if prefix == self._DUMMY_VALUE: prefix = '' - return self._filter(prefix, - [CompletionResult(prefix, display_text=result) - for result in all_results]) + return self._filter( + prefix, + [ + CompletionResult(prefix, display_text=result) + for result in all_results + ], + ) def _get_prompt_for_list(self, arg_model, parsed_input): # we have two way we can enter lists: @@ -481,13 +519,14 @@ class ShorthandCompleter(BaseCompleter): # key exists but we don't have such key in model return None return self._get_completion( - arg_model.members[last_key], last_value) + arg_model.members[last_key], last_value + ) entered_keys = set(parsed_input) - set([last_key]) return self._get_struct_keys_completions( - arg_model, entered_keys, last_key) + arg_model, entered_keys, last_key + ) - def _get_struct_keys_completions(self, arg_model, entered_keys, - last_key): + def _get_struct_keys_completions(self, arg_model, entered_keys, last_key): # get suggestions for the structure keys, as CompletionResult.name # we return only part of the suggestion that has not been entered yet results = [] @@ -495,22 +534,25 @@ class ShorthandCompleter(BaseCompleter): if member_name not in entered_keys: display_text = '%s=%s' % ( member_name, - self._VALUE_PREFIXES.get(member.type_name, '') + self._VALUE_PREFIXES.get(member.type_name, ''), ) - results.append(CompletionResult( - last_key, - help_text=strip_html_tags_and_newlines(member.documentation), - cli_type_name=member.type_name, - display_text=display_text + results.append( + CompletionResult( + last_key, + help_text=strip_html_tags_and_newlines( + member.documentation + ), + cli_type_name=member.type_name, + display_text=display_text, ) ) return self._filter(last_key, results) class QueryCompleter(BaseCompleter): - - def __init__(self, cli_driver_fetcher=None, - response_filter=startswith_filter): + def __init__( + self, cli_driver_fetcher=None, response_filter=startswith_filter + ): self._filter = response_filter self._cli_driver_fetcher = cli_driver_fetcher self._argument_generator = None @@ -520,6 +562,7 @@ class QueryCompleter(BaseCompleter): def jmespath(self): if self._jmespath is None: import jmespath + self._jmespath = jmespath return self._jmespath @@ -527,19 +570,24 @@ class QueryCompleter(BaseCompleter): def argument_generator(self): if self._argument_generator is None: from botocore.utils import ArgumentGenerator + self._argument_generator = ArgumentGenerator return self._argument_generator def complete(self, parsed): if self._cli_driver_fetcher is None: return - if parsed.current_param == 'query' and \ - parsed.current_fragment is not None: + if ( + parsed.current_param == 'query' + and parsed.current_fragment is not None + ): operation_model = self._cli_driver_fetcher.get_operation_model( - parsed.lineage, parsed.current_command) + parsed.lineage, parsed.current_command + ) if operation_model: - return self._get_completions(parsed.current_fragment, - operation_model) + return self._get_completions( + parsed.current_fragment, operation_model + ) def _get_query_and_last_key(self, query): # Because output example has only 1 element in any list if @@ -552,14 +600,16 @@ class QueryCompleter(BaseCompleter): def _create_completions(self, results, last_key, fragment): completions = self._filter( last_key, - [CompletionResult(last_key, display_text=result) - for result in results] + [ + CompletionResult(last_key, display_text=result) + for result in results + ], ) for completion in completions: name_part_len = len(fragment) - len(completion.name) completion.name = "%s%s" % ( fragment[:name_part_len], - completion.display_text + completion.display_text, ) return completions @@ -567,18 +617,19 @@ class QueryCompleter(BaseCompleter): is_last_child_field = False is_field = expression.parsed['type'] == 'field' if expression.parsed['children']: - is_last_child_field = \ + is_last_child_field = ( expression.parsed['children'][-1]['type'] == 'field' + ) return is_field or is_last_child_field def _get_completions(self, fragment, operation_model): results = [] last_key = fragment if operation_model.output_shape: - argument_generator = self.argument_generator( - use_member_names=True) + argument_generator = self.argument_generator(use_member_names=True) response = argument_generator.generate_skeleton( - operation_model.output_shape) + operation_model.output_shape + ) if '.' not in fragment: if isinstance(response, dict): results = response.keys() @@ -587,8 +638,11 @@ class QueryCompleter(BaseCompleter): query, last_key = self._get_query_and_last_key(fragment) expression = self.jmespath.compile(query) parsed_response = expression.search(response) - if parsed_response and isinstance(parsed_response, list) \ - and not self._is_field_expression(expression): + if ( + parsed_response + and isinstance(parsed_response, list) + and not self._is_field_expression(expression) + ): parsed_response = parsed_response[0] if isinstance(parsed_response, dict): results = parsed_response.keys() diff -pruN 2.23.6-1/awscli/autocomplete/local/fetcher.py 2.31.35-1/awscli/autocomplete/local/fetcher.py --- 2.23.6-1/awscli/autocomplete/local/fetcher.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/local/fetcher.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,7 +13,6 @@ class CliDriverFetcher: - def __init__(self, cli_driver): self._cli_driver = cli_driver @@ -35,12 +34,18 @@ class CliDriverFetcher: return command.create_help_command().obj def get_argument_model(self, lineage, current_command, arg_name): - return getattr(self._get_argument( - lineage, current_command, arg_name), 'argument_model', None) + return getattr( + self._get_argument(lineage, current_command, arg_name), + 'argument_model', + None, + ) def get_argument_documentation(self, lineage, current_command, arg_name): - return getattr(self._get_argument( - lineage, current_command, arg_name), 'documentation', '') + return getattr( + self._get_argument(lineage, current_command, arg_name), + 'documentation', + '', + ) def get_global_arg_documentation(self, arg_name): return self._cli_driver.arg_table[arg_name].documentation diff -pruN 2.23.6-1/awscli/autocomplete/local/indexer.py 2.31.35-1/awscli/autocomplete/local/indexer.py --- 2.23.6-1/awscli/autocomplete/local/indexer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/local/indexer.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,18 +18,18 @@ def create_model_indexer(filename): return index -class ModelIndexer(object): +class ModelIndexer: # TODO add full names to custom commands to get rid of this map _HIGH_LEVEL_SERVICE_FULL_NAMES = { 's3': 'High level S3 commands', - 'ddb': 'High level DynamoDB commands' + 'ddb': 'High level DynamoDB commands', } _NON_SERVICE_COMMANDS = ['configure', 'history', 'cli-dev'] _CREATE_CMD_TABLE = """\ CREATE TABLE IF NOT EXISTS command_table ( - command TEXT, + command TEXT, full_name TEXT, parent TEXT REFERENCES command_table, PRIMARY KEY (command, parent) @@ -51,12 +51,12 @@ class ModelIndexer(object): """ _CREATE_COMMAND_TABLE_INDEX = """\ - CREATE INDEX parent_index + CREATE INDEX parent_index ON command_table(parent); """ _CREATE_PARAM_TABLE_INDEX = """\ - CREATE INDEX parent_command_index + CREATE INDEX parent_command_index ON param_table(parent, command); """ @@ -74,10 +74,12 @@ class ModelIndexer(object): ) help_command_table = clidriver.create_help_command().command_table command_table = clidriver.subcommand_table - self._generate_arg_index(command=parent, parent='', - arg_table=clidriver.arg_table) - self._generate_command_index(command_table, parent=parent, - help_command_table=help_command_table) + self._generate_arg_index( + command=parent, parent='', arg_table=clidriver.arg_table + ) + self._generate_command_index( + command_table, parent=parent, help_command_table=help_command_table + ) self._generate_table_indexes() @@ -95,10 +97,13 @@ class ModelIndexer(object): 'required)' ' VALUES (:argname, :type_name, :command, :parent, :nargs, ' ' :positional_arg, :required)', - argname=name, type_name=value.cli_type_name, - command=command, parent=parent, - nargs=value.nargs, positional_arg=value.positional_arg, - required=required + argname=name, + type_name=value.cli_type_name, + command=command, + parent=parent, + nargs=value.nargs, + positional_arg=value.positional_arg, + required=required, ) def _get_service_full_name(self, name, help_command_table): @@ -109,19 +114,24 @@ class ModelIndexer(object): if service: return service.service_model.metadata['serviceFullName'] - def _generate_command_index(self, command_table, - parent, help_command_table=None): + def _generate_command_index( + self, command_table, parent, help_command_table=None + ): for name, command in command_table.items(): full_name = self._get_service_full_name(name, help_command_table) self._db_connection.execute( 'INSERT INTO command_table (command, parent, full_name) ' 'VALUES (:command, :parent, :full_name)', - command=name, parent=parent, full_name=full_name + command=name, + parent=parent, + full_name=full_name, + ) + self._generate_arg_index( + command=name, parent=parent, arg_table=command.arg_table + ) + self._generate_command_index( + command.subcommand_table, parent='%s.%s' % (parent, name) ) - self._generate_arg_index(command=name, parent=parent, - arg_table=command.arg_table) - self._generate_command_index(command.subcommand_table, - parent='%s.%s' % (parent, name)) def _generate_table_indexes(self): self._db_connection.execute(self._CREATE_COMMAND_TABLE_INDEX) diff -pruN 2.23.6-1/awscli/autocomplete/local/model.py 2.31.35-1/awscli/autocomplete/local/model.py --- 2.23.6-1/awscli/autocomplete/local/model.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/local/model.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,7 +16,9 @@ This provides autocompletion based on in in the `service-2.json` files. """ + from collections import namedtuple + from awscli.autocomplete import db # This module and the awscli.autocomplete.db module are imported @@ -26,12 +28,21 @@ from awscli.autocomplete import db # the sqlite3 cache file. -CLIArgument = namedtuple('CLIArgument', ['argname', 'type_name', - 'command', 'parent', 'nargs', - 'positional_arg', 'required']) +CLIArgument = namedtuple( + 'CLIArgument', + [ + 'argname', + 'type_name', + 'command', + 'parent', + 'nargs', + 'positional_arg', + 'required', + ], +) -class ModelIndex(object): +class ModelIndex: """Retrieve command/param names through querying an index. This class provides methods for retrieving valid command @@ -39,6 +50,7 @@ class ModelIndex(object): the model based autocompleter. """ + _COMMAND_NAME_QUERY = """ SELECT command, full_name FROM command_table WHERE parent = :parent @@ -74,8 +86,7 @@ class ModelIndex(object): def _get_db_connection(self): if self._db_connection is None: - self._db_connection = db.DatabaseConnection( - self._db_filename) + self._db_connection = db.DatabaseConnection(self._db_filename) return self._db_connection def command_names(self, lineage): @@ -118,9 +129,12 @@ class ModelIndex(object): """ db = self._get_db_connection() parent = '.'.join(lineage) - results = db.execute(self._ARG_NAME_QUERY, - parent=parent, command=command_name, - positional_arg=positional_arg) + results = db.execute( + self._ARG_NAME_QUERY, + parent=parent, + command=command_name, + positional_arg=positional_arg, + ) return [row[0] for row in results] def get_argument_data(self, lineage, command_name, arg_name): @@ -141,8 +155,12 @@ class ModelIndex(object): """ db = self._get_db_connection() parent = '.'.join(lineage) - results = db.execute(self._ARG_DATA_QUERY, parent=parent, - command=command_name, argname=arg_name) + results = db.execute( + self._ARG_DATA_QUERY, + parent=parent, + command=command_name, + argname=arg_name, + ) match = results.fetchone() if match is not None: return CLIArgument(*match) diff -pruN 2.23.6-1/awscli/autocomplete/main.py 2.31.35-1/awscli/autocomplete/main.py --- 2.23.6-1/awscli/autocomplete/main.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/main.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,14 +16,16 @@ # everytime a user hits . Try to avoid any expensive module level # work or really heavyweight imports. Prefer to lazy load as much as possible. -from awscli.autocomplete import parser, completer, filters -from awscli.autocomplete.local import model, basic, fetcher -from awscli.autocomplete import serverside -from awscli.autocomplete import custom +from awscli.autocomplete import completer, custom, filters, parser, serverside +from awscli.autocomplete.local import basic, fetcher, model -def create_autocompleter(index_filename=None, custom_completers=None, - driver=None, response_filter=None): +def create_autocompleter( + index_filename=None, + custom_completers=None, + driver=None, + response_filter=None, +): if response_filter is None: response_filter = filters.startswith_filter if custom_completers is None: @@ -36,15 +38,19 @@ def create_autocompleter(index_filename= completers = [ basic.RegionCompleter(response_filter=response_filter), basic.ProfileCompleter(response_filter=response_filter), - basic.ModelIndexCompleter(index, cli_driver_fetcher, - response_filter=response_filter), + basic.ModelIndexCompleter( + index, cli_driver_fetcher, response_filter=response_filter + ), basic.FilePathCompleter(response_filter=response_filter), serverside.create_server_side_completer( - index_filename, response_filter=response_filter), - basic.ShorthandCompleter(cli_driver_fetcher, - response_filter=response_filter), - basic.QueryCompleter(cli_driver_fetcher, - response_filter=response_filter), + index_filename, response_filter=response_filter + ), + basic.ShorthandCompleter( + cli_driver_fetcher, response_filter=response_filter + ), + basic.QueryCompleter( + cli_driver_fetcher, response_filter=response_filter + ), ] + custom_completers cli_completer = completer.AutoCompleter(cli_parser, completers) return cli_completer diff -pruN 2.23.6-1/awscli/autocomplete/parser.py 2.31.35-1/awscli/autocomplete/parser.py --- 2.23.6-1/awscli/autocomplete/parser.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/parser.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,10 +13,17 @@ WORD_BOUNDARY = '' -class ParsedResult(object): - def __init__(self, current_command=None, current_param=None, - global_params=None, parsed_params=None, - lineage=None, current_fragment=None, unparsed_items=None): +class ParsedResult: + def __init__( + self, + current_command=None, + current_param=None, + global_params=None, + parsed_params=None, + lineage=None, + current_fragment=None, + unparsed_items=None, + ): """ :param current_command: The name of the leaf command; the most @@ -89,7 +96,7 @@ class ParsedResult(object): return self.__dict__ == other.__dict__ -class ParseState(object): +class ParseState: def __init__(self): self._current_command = None self.current_param = None @@ -116,7 +123,7 @@ class ParseState(object): return self._lineage + [self.current_command] -class CLIParser(object): +class CLIParser: """Parses AWS CLI command. This is different from the parser used when actually invoking CLI commands @@ -126,6 +133,7 @@ class CLIParser(object): not a general purpose AWS CLI parser. """ + def __init__(self, index, return_first_command_match=False): self._index = index self._return_first_command_match = return_first_command_match @@ -149,18 +157,26 @@ class CLIParser(object): while remaining_parts: current = remaining_parts.pop(0) if current.startswith('--'): - self._handle_option(current, remaining_parts, - current_args, global_args, parsed, state) + self._handle_option( + current, + remaining_parts, + current_args, + global_args, + parsed, + state, + ) else: current_args = self._handle_positional( - current, state, remaining_parts, parsed) + current, state, remaining_parts, parsed + ) parsed.current_command = state.current_command parsed.current_param = state.current_param parsed.lineage = state.lineage return parsed - def _consume_value(self, remaining_parts, option_name, - lineage, current_command, state): + def _consume_value( + self, remaining_parts, option_name, lineage, current_command, state + ): # We have a special case where a user is trying to complete # a value for an option, which is the last fragment of the command, # e.g. 'aws ec2 describe-instances --instance-ids ' @@ -205,8 +221,9 @@ class CLIParser(object): # an empty list being returned. This is acceptable # for auto-completion purposes. value = [] - while len(remaining_parts) > 0 and \ - not remaining_parts == [WORD_BOUNDARY]: + while len(remaining_parts) > 0 and not remaining_parts == [ + WORD_BOUNDARY + ]: if remaining_parts[0].startswith('--'): state.current_param = None break @@ -243,8 +260,15 @@ class CLIParser(object): state.current_command = 'aws' return state, parts - def _handle_option(self, current, remaining_parts, current_args, - global_args, parsed, state): + def _handle_option( + self, + current, + remaining_parts, + current_args, + global_args, + parsed, + state, + ): if current_args is None: # If there are no arguments found for this current scope, # it usually indicates we've encounted a command we don't know. @@ -257,15 +281,21 @@ class CLIParser(object): if option_name in global_args: state.current_param = option_name value = self._consume_value( - remaining_parts, option_name, lineage=[], + remaining_parts, + option_name, + lineage=[], state=state, - current_command='aws') + current_command='aws', + ) parsed.global_params[option_name] = value elif option_name in current_args: state.current_param = option_name value = self._consume_value( - remaining_parts, option_name, state.lineage, - state.current_command, state=state, + remaining_parts, + option_name, + state.lineage, + state.current_command, + state=state, ) parsed.parsed_params[option_name] = value elif self._is_last_word(remaining_parts, current): @@ -284,8 +314,10 @@ class CLIParser(object): return not remaining_parts and current def _is_part_of_command(self, current, command_names): - return any(command.startswith(current) and command != current - for command in command_names) + return any( + command.startswith(current) and command != current + for command in command_names + ) def _is_command_name(self, current, remaining_parts, command_names): # If _return_first_command_match is True @@ -323,16 +355,18 @@ class CLIParser(object): state.current_command = current # We also need to get the next set of command line options. current_args = self._index.arg_names( - lineage=state.lineage, - command_name=state.current_command) + lineage=state.lineage, command_name=state.current_command + ) return current_args if not command_names: # If there are no more command names check. See if the command # has a positional argument. This will require an additional # select on the argument index. positional_argname = self._get_positional_argname(state) - if (positional_argname and - positional_argname not in parsed.parsed_params): + if ( + positional_argname + and positional_argname not in parsed.parsed_params + ): # Parse the current string to be a positional argument # if the command has the a positional arg and the positional arg # has not already been parsed. @@ -347,8 +381,8 @@ class CLIParser(object): parsed.parsed_params[positional_argname] = current state.current_param = None return self._index.arg_names( - lineage=state.lineage, - command_name=state.current_command) + lineage=state.lineage, command_name=state.current_command + ) else: if not remaining_parts: # If this is the last chunk of the command line but @@ -371,7 +405,8 @@ class CLIParser(object): state.current_param = None return self._index.arg_names( lineage=state.lineage, - command_name=state.current_command) + command_name=state.current_command, + ) else: # Otherwise this is some command we don't know about # so we add it to the list of unparsed_items. @@ -382,7 +417,7 @@ class CLIParser(object): positional_args = self._index.arg_names( lineage=state.lineage, command_name=state.current_command, - positional_arg=True + positional_arg=True, ) if positional_args: # We are assuming there is only ever one positional diff -pruN 2.23.6-1/awscli/autocomplete/serverside/__init__.py 2.31.35-1/awscli/autocomplete/serverside/__init__.py --- 2.23.6-1/awscli/autocomplete/serverside/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,14 +14,13 @@ # NOTE: This file is imported whenever a user hits TAB. There should not # be any expensive imports in this file. If necessary, use lazy imports # to ensure we only import heavyweight modules when we know we need them. -from awscli.autocomplete.serverside import servercomp -from awscli.autocomplete.serverside import model from awscli.autocomplete import db +from awscli.autocomplete.serverside import model, servercomp def create_server_side_completer(index_filename, response_filter=None): return servercomp.ServerSideCompleter( - model.DBCompletionLookup( - db.DatabaseConnection(index_filename) - ), - servercomp.LazyClientCreator(), response_filter) + model.DBCompletionLookup(db.DatabaseConnection(index_filename)), + servercomp.LazyClientCreator(), + response_filter, + ) diff -pruN 2.23.6-1/awscli/autocomplete/serverside/custom_completers/__init__.py 2.31.35-1/awscli/autocomplete/serverside/custom_completers/__init__.py --- 2.23.6-1/awscli/autocomplete/serverside/custom_completers/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/custom_completers/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -9,4 +9,4 @@ # or in the "license" file accompanying this file. This file is # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. \ No newline at end of file +# language governing permissions and limitations under the License. diff -pruN 2.23.6-1/awscli/autocomplete/serverside/custom_completers/ddb/__init__.py 2.31.35-1/awscli/autocomplete/serverside/custom_completers/ddb/__init__.py --- 2.23.6-1/awscli/autocomplete/serverside/custom_completers/ddb/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/custom_completers/ddb/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -9,4 +9,4 @@ # or in the "license" file accompanying this file. This file is # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. \ No newline at end of file +# language governing permissions and limitations under the License. diff -pruN 2.23.6-1/awscli/autocomplete/serverside/custom_completers/ddb/autocomplete.py 2.31.35-1/awscli/autocomplete/serverside/custom_completers/ddb/autocomplete.py --- 2.23.6-1/awscli/autocomplete/serverside/custom_completers/ddb/autocomplete.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/custom_completers/ddb/autocomplete.py 2025-11-12 19:17:29.000000000 +0000 @@ -25,7 +25,4 @@ class TableNameCompleter(servercomp.Base def _get_remote_results(self, parsed): client = self._get_client('dynamodb', parsed) response = self._invoke_api(client, 'list_tables', {}) - return [ - table_name for table_name in response.get('TableNames', []) - ] - + return [table_name for table_name in response.get('TableNames', [])] diff -pruN 2.23.6-1/awscli/autocomplete/serverside/custom_completers/logs/__init__.py 2.31.35-1/awscli/autocomplete/serverside/custom_completers/logs/__init__.py --- 2.23.6-1/awscli/autocomplete/serverside/custom_completers/logs/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/custom_completers/logs/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -9,4 +9,4 @@ # or in the "license" file accompanying this file. This file is # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. \ No newline at end of file +# language governing permissions and limitations under the License. diff -pruN 2.23.6-1/awscli/autocomplete/serverside/indexer.py 2.31.35-1/awscli/autocomplete/serverside/indexer.py --- 2.23.6-1/awscli/autocomplete/serverside/indexer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/indexer.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,8 +12,8 @@ # language governing permissions and limitations under the License. import json -from botocore.exceptions import UnknownServiceError from botocore import xform_name +from botocore.exceptions import UnknownServiceError import awscli.clidriver from awscli.autocomplete.db import DatabaseConnection @@ -24,7 +24,7 @@ def create_apicall_indexer(filename): return index -class APICallIndexer(object): +class APICallIndexer: _CREATE_APICALL_TABLE = """\ CREATE TABLE IF NOT EXISTS apicall_table ( apicall_data TEXT, @@ -79,7 +79,8 @@ class APICallIndexer(object): service_name = op_model.service_model.service_name try: completions = loader.load_service_model( - service_name, type_name='completions-1') + service_name, type_name='completions-1' + ) except UnknownServiceError: return None # The completions-1 file is for the entire service. We need @@ -96,8 +97,10 @@ class APICallIndexer(object): continue # At this point we know there's completion info we need. transformed = self._transform_completion_data( - completion_for_op[api_casing], completions['resources'], - service_name) + completion_for_op[api_casing], + completions['resources'], + service_name, + ) self._insert_into_db(transformed, arg_name, command) def _insert_into_db(self, transformed, arg_name, command): @@ -110,8 +113,9 @@ class APICallIndexer(object): parent=parent, ) - def _transform_completion_data(self, completions_for_op, resources, - service_name): + def _transform_completion_data( + self, completions_for_op, resources, service_name + ): # The completions-1.json data is strictly model based. That is, # it's based entirely on the service API and has no mention of CLI # commands, parameters, etc. This method attempts to map @@ -133,10 +137,13 @@ class APICallIndexer(object): for completion in completions_for_op['completions']: resource = resources[completion['resourceName']] jp_expr = resource['resourceIdentifier'][ - completion['resourceIdentifier']] - transformed = {'parameters': completion['parameters'], - 'service': service_name, - 'operation': xform_name(resource['operation']), - 'jp_expr': jp_expr} + completion['resourceIdentifier'] + ] + transformed = { + 'parameters': completion['parameters'], + 'service': service_name, + 'operation': xform_name(resource['operation']), + 'jp_expr': jp_expr, + } completions.append(transformed) return {'completions': completions} diff -pruN 2.23.6-1/awscli/autocomplete/serverside/model.py 2.31.35-1/awscli/autocomplete/serverside/model.py --- 2.23.6-1/awscli/autocomplete/serverside/model.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/model.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,10 +1,9 @@ -"""Placeholder module for fleshing out the server side model interface. +"""Placeholder module for fleshing out the server side model interface.""" -""" import json -class DBCompletionLookup(object): +class DBCompletionLookup: _QUERY = """\ SELECT apicall_data from apicall_table INNER JOIN param_table @@ -21,8 +20,11 @@ class DBCompletionLookup(object): def get_server_completion_data(self, lineage, command_name, param_name): parent = '.'.join(lineage) results = self._db_connection.execute( - self._QUERY, argname=param_name, - command=command_name, parent=parent) + self._QUERY, + argname=param_name, + command=command_name, + parent=parent, + ) match = results.fetchone() if match is not None: return json.loads(match[0]) diff -pruN 2.23.6-1/awscli/autocomplete/serverside/servercomp.py 2.31.35-1/awscli/autocomplete/serverside/servercomp.py --- 2.23.6-1/awscli/autocomplete/serverside/servercomp.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autocomplete/serverside/servercomp.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,16 +12,17 @@ # language governing permissions and limitations under the License. import logging -from awscli.autocomplete.completer import BaseCompleter, CompletionResult from awscli.autocomplete import LazyClientCreator +from awscli.autocomplete.completer import BaseCompleter, CompletionResult from awscli.autocomplete.filters import startswith_filter LOG = logging.getLogger(__name__) class ServerSideCompleter(BaseCompleter): - def __init__(self, completion_lookup, client_creator, - response_filter=None): + def __init__( + self, completion_lookup, client_creator, response_filter=None + ): self._completion_lookup = completion_lookup self._client_creator = client_creator self._jmespath = None @@ -33,6 +34,7 @@ class ServerSideCompleter(BaseCompleter) def jmespath(self): if self._jmespath is None: import jmespath + self._jmespath = jmespath return self._jmespath @@ -52,7 +54,9 @@ class ServerSideCompleter(BaseCompleter) if not self._on_cli_option_value_fragment(parsed): return completion_data = self._completion_lookup.get_server_completion_data( - parsed.lineage, parsed.current_command, parsed.current_param, + parsed.lineage, + parsed.current_command, + parsed.current_param, ) if completion_data is None: return @@ -62,10 +66,11 @@ class ServerSideCompleter(BaseCompleter) # list element. We'll need to update this once we support completions # with a 'parameters' key. raw_results = self._retrieve_remote_completion_data( - parsed, completion_data['completions'][0]) + parsed, completion_data['completions'][0] + ) return self._filter( parsed.current_fragment, - self._convert_to_completion_data(raw_results, parsed) + self._convert_to_completion_data(raw_results, parsed), ) def _convert_to_completion_data(self, raw_results, parsed): @@ -81,7 +86,7 @@ class ServerSideCompleter(BaseCompleter) return self._client_creator.create_client( service_name, parsed_region=parsed.global_params.get('region'), - parsed_profile=parsed.global_params.get('profile') + parsed_profile=parsed.global_params.get('profile'), ) def _retrieve_remote_completion_data(self, parsed, completion_data): @@ -104,8 +109,12 @@ class ServerSideCompleter(BaseCompleter) except Exception: # We don't want tracebacks to propagate back out to the user # so the best we can do is log the exception. - LOG.debug("Exception raised when calling %s on client %s", - client, py_name, exc_info=True) + LOG.debug( + "Exception raised when calling %s on client %s", + client, + py_name, + exc_info=True, + ) return {} def _map_command_to_api_params(self, parsed, completion_data): @@ -134,15 +143,16 @@ class BaseCustomServerSideCompleter(Serv if remote_result.startswith(parsed.current_fragment): completion_results.append( CompletionResult( - remote_result, -len(parsed.current_fragment)) + remote_result, -len(parsed.current_fragment) + ) ) return completion_results def _is_value_for_param(self, parsed): return ( - parsed.lineage == self._LINEAGE and - parsed.current_command in self._COMMAND_NAMES and - parsed.current_param == self._PARAM_NAME + parsed.lineage == self._LINEAGE + and parsed.current_command in self._COMMAND_NAMES + and parsed.current_param == self._PARAM_NAME ) def _get_remote_results(self, parsed): diff -pruN 2.23.6-1/awscli/autoprompt/core.py 2.31.35-1/awscli/autoprompt/core.py --- 2.23.6-1/awscli/autoprompt/core.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/core.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,10 +12,10 @@ # language governing permissions and limitations under the License. from botocore.exceptions import ProfileNotFound -from awscli.customizations.exceptions import ParamValidationError -from awscli.autoprompt.prompttoolkit import PromptToolkitPrompter -from awscli.autocomplete.main import create_autocompleter from awscli.autocomplete.filters import fuzzy_filter +from awscli.autocomplete.main import create_autocompleter +from awscli.autoprompt.prompttoolkit import PromptToolkitPrompter +from awscli.customizations.exceptions import ParamValidationError from awscli.errorhandler import SilenceParamValidationMsgErrorHandler diff -pruN 2.23.6-1/awscli/autoprompt/doc.py 2.31.35-1/awscli/autoprompt/doc.py --- 2.23.6-1/awscli/autoprompt/doc.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/doc.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import io + from docutils.core import publish_string from awscli.bcdoc import docevents, textwriter diff -pruN 2.23.6-1/awscli/autoprompt/factory.py 2.31.35-1/awscli/autoprompt/factory.py --- 2.23.6-1/awscli/autoprompt/factory.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/factory.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,34 +15,34 @@ import os from prompt_toolkit.buffer import Buffer from prompt_toolkit.document import Document from prompt_toolkit.key_binding import KeyBindings +from prompt_toolkit.key_binding.bindings.focus import focus_next from prompt_toolkit.keys import Keys -from prompt_toolkit.layout import Float, FloatContainer, HSplit, Window, VSplit +from prompt_toolkit.layout import Float, FloatContainer, HSplit, VSplit, Window from prompt_toolkit.layout.controls import BufferControl from prompt_toolkit.layout.dimension import Dimension -from prompt_toolkit.layout.layout import Layout, ConditionalContainer +from prompt_toolkit.layout.layout import ConditionalContainer, Layout from prompt_toolkit.layout.menus import ( CompletionsMenu, MultiColumnCompletionsMenu, ) from prompt_toolkit.layout.processors import BeforeInput from prompt_toolkit.widgets import SearchToolbar, VerticalLine -from prompt_toolkit.key_binding.bindings.focus import focus_next -from awscli.autoprompt.history import HistoryDriver, HistoryCompleter -from awscli.autoprompt.widgets import ( - HelpPanelWidget, - ToolbarWidget, - DebugPanelWidget, - TitleLine, -) from awscli.autoprompt.filters import ( - is_one_column, - is_multi_column, doc_section_visible, - output_section_visible, - input_buffer_has_focus, doc_window_has_focus, + input_buffer_has_focus, is_history_mode, + is_multi_column, + is_one_column, + output_section_visible, +) +from awscli.autoprompt.history import HistoryCompleter, HistoryDriver +from awscli.autoprompt.widgets import ( + DebugPanelWidget, + HelpPanelWidget, + TitleLine, + ToolbarWidget, ) diff -pruN 2.23.6-1/awscli/autoprompt/history.py 2.31.35-1/awscli/autoprompt/history.py --- 2.23.6-1/awscli/autoprompt/history.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/history.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,17 +10,16 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import logging import json +import logging import os -from prompt_toolkit.completion import Completion, Completer +from prompt_toolkit.completion import Completer, Completion from prompt_toolkit.history import FileHistory from awscli.autocomplete.completer import CompletionResult from awscli.autocomplete.filters import fuzzy_filter - LOG = logging.getLogger(__name__) @@ -33,7 +32,7 @@ class HistoryDriver(FileHistory): def load_history_strings(self): try: - with open(self.filename, 'r') as f: + with open(self.filename) as f: commands = json.load(f).get('commands', []) return reversed(commands) except Exception as e: @@ -46,7 +45,7 @@ class HistoryDriver(FileHistory): history = {'version': self.HISTORY_VERSION, 'commands': []} try: if os.path.exists(self.filename): - with open(self.filename, 'r') as f: + with open(self.filename) as f: history = json.load(f) elif not os.path.exists(os.path.dirname(self.filename)): os.makedirs(os.path.dirname(self.filename)) diff -pruN 2.23.6-1/awscli/autoprompt/logger.py 2.31.35-1/awscli/autoprompt/logger.py --- 2.23.6-1/awscli/autoprompt/logger.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/logger.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,8 +12,8 @@ # language governing permissions and limitations under the License. import logging -from prompt_toolkit.document import Document from prompt_toolkit.application import get_app +from prompt_toolkit.document import Document class PromptToolkitHandler(logging.StreamHandler): diff -pruN 2.23.6-1/awscli/autoprompt/output.py 2.31.35-1/awscli/autoprompt/output.py --- 2.23.6-1/awscli/autoprompt/output.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/output.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,16 +11,15 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import argparse -import logging import io +import logging import re import jmespath from botocore.utils import ArgumentGenerator -from awscli.formatter import get_formatter from awscli.autocomplete.local.fetcher import CliDriverFetcher - +from awscli.formatter import get_formatter LOG = logging.getLogger(__name__) diff -pruN 2.23.6-1/awscli/autoprompt/prompttoolkit.py 2.31.35-1/awscli/autoprompt/prompttoolkit.py --- 2.23.6-1/awscli/autoprompt/prompttoolkit.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/prompttoolkit.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,21 +13,19 @@ import logging import shlex import sys -from contextlib import nullcontext, contextmanager +from contextlib import contextmanager, nullcontext from prompt_toolkit.application import Application -from prompt_toolkit.completion import Completer, ThreadedCompleter -from prompt_toolkit.completion import Completion +from prompt_toolkit.completion import Completer, Completion, ThreadedCompleter from prompt_toolkit.document import Document -from awscli.logger import LOG_FORMAT, disable_crt_logging from awscli.autocomplete import parser from awscli.autocomplete.local import model from awscli.autoprompt.doc import DocsGetter -from awscli.autoprompt.output import OutputGetter from awscli.autoprompt.factory import PromptToolkitFactory from awscli.autoprompt.logger import PromptToolkitHandler - +from awscli.autoprompt.output import OutputGetter +from awscli.logger import LOG_FORMAT, disable_crt_logging LOG = logging.getLogger(__name__) diff -pruN 2.23.6-1/awscli/autoprompt/widgets.py 2.31.35-1/awscli/autoprompt/widgets.py --- 2.23.6-1/awscli/autoprompt/widgets.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/autoprompt/widgets.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,41 +14,41 @@ import os from functools import partial from prompt_toolkit.application import get_app +from prompt_toolkit.buffer import Buffer +from prompt_toolkit.document import Document from prompt_toolkit.filters import has_focus from prompt_toolkit.formatted_text import HTML, to_formatted_text from prompt_toolkit.formatted_text.utils import fragment_list_to_text -from prompt_toolkit.buffer import Buffer -from prompt_toolkit.document import Document from prompt_toolkit.key_binding import KeyBindings from prompt_toolkit.keys import Keys -from prompt_toolkit.layout.controls import BufferControl -from prompt_toolkit.layout.dimension import Dimension -from prompt_toolkit.layout.processors import Processor, Transformation from prompt_toolkit.layout import ( + ConditionalContainer, + Float, + FloatContainer, HSplit, - Window, VSplit, - FloatContainer, - Float, - ConditionalContainer, + Window, ) +from prompt_toolkit.layout.controls import BufferControl +from prompt_toolkit.layout.dimension import Dimension +from prompt_toolkit.layout.processors import Processor, Transformation from prompt_toolkit.widgets import ( + Button, + Dialog, Frame, HorizontalLine, - Dialog, - Button, - TextArea, Label, + TextArea, ) from prompt_toolkit.widgets.base import Border from awscli.autoprompt.filters import ( - help_section_visible, doc_window_has_focus, - search_input_has_focus, + help_section_visible, input_buffer_has_focus, - is_history_mode, is_debug_mode, + is_history_mode, + search_input_has_focus, ) diff -pruN 2.23.6-1/awscli/bcdoc/docevents.py 2.31.35-1/awscli/bcdoc/docevents.py --- 2.23.6-1/awscli/bcdoc/docevents.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/bcdoc/docevents.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,7 @@ DOC_EVENTS = { + 'doc-meta-description': '.%s', 'doc-breadcrumbs': '.%s', 'doc-title': '.%s', 'doc-description': '.%s', @@ -31,76 +32,118 @@ DOC_EVENTS = { 'doc-subitems-end': '.%s', 'doc-relateditems-start': '.%s', 'doc-relateditem': '.%s.%s', - 'doc-relateditems-end': '.%s' - } + 'doc-relateditems-end': '.%s', +} def generate_events(session, help_command): # Now generate the documentation events - session.emit('doc-breadcrumbs.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-title.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-description.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-synopsis-start.%s' % help_command.event_class, - help_command=help_command) + session.emit( + 'doc-breadcrumbs.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-meta-description.%s' % help_command.event_class, + help_command=help_command + ) + session.emit( + 'doc-title.%s' % help_command.event_class, help_command=help_command + ) + session.emit( + 'doc-description.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-synopsis-start.%s' % help_command.event_class, + help_command=help_command, + ) if help_command.arg_table: for arg_name in help_command.arg_table: # An argument can set an '_UNDOCUMENTED' attribute # to True to indicate a parameter that exists # but shouldn't be documented. This can be used # for backwards compatibility of deprecated arguments. - if getattr(help_command.arg_table[arg_name], - '_UNDOCUMENTED', False): + if getattr( + help_command.arg_table[arg_name], '_UNDOCUMENTED', False + ): continue session.emit( - 'doc-synopsis-option.%s.%s' % (help_command.event_class, - arg_name), - arg_name=arg_name, help_command=help_command) - session.emit('doc-synopsis-end.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-options-start.%s' % help_command.event_class, - help_command=help_command) + 'doc-synopsis-option.%s.%s' + % (help_command.event_class, arg_name), + arg_name=arg_name, + help_command=help_command, + ) + session.emit( + 'doc-synopsis-end.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-options-start.%s' % help_command.event_class, + help_command=help_command, + ) if help_command.arg_table: for arg_name in help_command.arg_table: - if getattr(help_command.arg_table[arg_name], - '_UNDOCUMENTED', False): + if getattr( + help_command.arg_table[arg_name], '_UNDOCUMENTED', False + ): continue - session.emit('doc-option.%s.%s' % (help_command.event_class, - arg_name), - arg_name=arg_name, help_command=help_command) - session.emit('doc-option-example.%s.%s' % - (help_command.event_class, arg_name), - arg_name=arg_name, help_command=help_command) - session.emit('doc-options-end.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-global-option.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-subitems-start.%s' % help_command.event_class, - help_command=help_command) + session.emit( + 'doc-option.%s.%s' % (help_command.event_class, arg_name), + arg_name=arg_name, + help_command=help_command, + ) + session.emit( + 'doc-option-example.%s.%s' + % (help_command.event_class, arg_name), + arg_name=arg_name, + help_command=help_command, + ) + session.emit( + 'doc-options-end.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-global-option.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-subitems-start.%s' % help_command.event_class, + help_command=help_command, + ) if help_command.command_table: for command_name in sorted(help_command.command_table.keys()): - if hasattr(help_command.command_table[command_name], - '_UNDOCUMENTED'): + if hasattr( + help_command.command_table[command_name], '_UNDOCUMENTED' + ): continue - session.emit('doc-subitem.%s.%s' - % (help_command.event_class, command_name), - command_name=command_name, - help_command=help_command) - session.emit('doc-subitems-end.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-examples.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-output.%s' % help_command.event_class, - help_command=help_command) - session.emit('doc-relateditems-start.%s' % help_command.event_class, - help_command=help_command) + session.emit( + 'doc-subitem.%s.%s' % (help_command.event_class, command_name), + command_name=command_name, + help_command=help_command, + ) + session.emit( + 'doc-subitems-end.%s' % help_command.event_class, + help_command=help_command, + ) + session.emit( + 'doc-examples.%s' % help_command.event_class, help_command=help_command + ) + session.emit( + 'doc-output.%s' % help_command.event_class, help_command=help_command + ) + session.emit( + 'doc-relateditems-start.%s' % help_command.event_class, + help_command=help_command, + ) if help_command.related_items: for related_item in sorted(help_command.related_items): - session.emit('doc-relateditem.%s.%s' - % (help_command.event_class, related_item), - help_command=help_command, - related_item=related_item) - session.emit('doc-relateditems-end.%s' % help_command.event_class, - help_command=help_command) + session.emit( + 'doc-relateditem.%s.%s' + % (help_command.event_class, related_item), + help_command=help_command, + related_item=related_item, + ) + session.emit( + 'doc-relateditems-end.%s' % help_command.event_class, + help_command=help_command, + ) diff -pruN 2.23.6-1/awscli/bcdoc/docstringparser.py 2.31.35-1/awscli/bcdoc/docstringparser.py --- 2.23.6-1/awscli/bcdoc/docstringparser.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/bcdoc/docstringparser.py 2025-11-12 19:17:29.000000000 +0000 @@ -51,12 +51,13 @@ class DocStringParser(HTMLParser): self.tree.add_data(data) -class HTMLTree(object): +class HTMLTree: """ A tree which handles HTML nodes. Designed to work with a python HTML parser, meaning that the current_node will be the most recently opened tag. When a tag is closed, the current_node moves up to the parent node. """ + def __init__(self, doc): self.doc = doc self.head = StemNode() @@ -93,7 +94,7 @@ class HTMLTree(object): self.head.write(self.doc) -class Node(object): +class Node: def __init__(self, parent=None): self.parent = parent @@ -122,6 +123,7 @@ class TagNode(StemNode): """ A generic Tag node. It will verify that handlers exist before writing. """ + def __init__(self, tag, attrs=None, parent=None): super(TagNode, self).__init__(parent) self.attrs = attrs @@ -174,6 +176,7 @@ class DataNode(Node): """ A Node that contains only string data. """ + def __init__(self, data, parent=None): super(DataNode, self).__init__(parent) if not isinstance(data, str): diff -pruN 2.23.6-1/awscli/bcdoc/restdoc.py 2.31.35-1/awscli/bcdoc/restdoc.py --- 2.23.6-1/awscli/bcdoc/restdoc.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/bcdoc/restdoc.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,14 +13,14 @@ import logging from botocore.compat import OrderedDict + from awscli.bcdoc.docstringparser import DocStringParser from awscli.bcdoc.style import ReSTStyle LOG = logging.getLogger('bcdocs') -class ReSTDocument(object): - +class ReSTDocument: def __init__(self, target='man'): self.style = ReSTStyle(self) self.target = target @@ -120,7 +120,7 @@ class ReSTDocument(object): del self._writes[start:end] def write_from_file(self, filename): - with open(filename, 'r') as f: + with open(filename) as f: for line in f.readlines(): self.writeln(line.strip()) @@ -194,8 +194,9 @@ class DocumentStructure(ReSTDocument): to the document structure it was instantiated from. """ # Add a new section - section = self.__class__(name=name, target=self.target, - context=context) + section = self.__class__( + name=name, target=self.target, context=context + ) section.path = self.path + [name] # Indent the section apporpriately as well section.style.indentation = self.style.indentation diff -pruN 2.23.6-1/awscli/bcdoc/style.py 2.31.35-1/awscli/bcdoc/style.py --- 2.23.6-1/awscli/bcdoc/style.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/bcdoc/style.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,8 +16,7 @@ import logging logger = logging.getLogger('bcdocs') -class BaseStyle(object): - +class BaseStyle: def __init__(self, doc, indent_width=2): self.doc = doc self.indent_width = indent_width @@ -65,7 +64,6 @@ class BaseStyle(object): class ReSTStyle(BaseStyle): - def __init__(self, doc, indent_width=2): BaseStyle.__init__(self, doc, indent_width) self.do_p = True diff -pruN 2.23.6-1/awscli/bcdoc/textwriter.py 2.31.35-1/awscli/bcdoc/textwriter.py --- 2.23.6-1/awscli/bcdoc/textwriter.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/bcdoc/textwriter.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,13 +1,13 @@ -# -*- coding: utf-8 -*- """ - Custom docutils writer for plain text. - Based heavily on the Sphinx text writer. See copyright below. +Custom docutils writer for plain text. +Based heavily on the Sphinx text writer. See copyright below. - :copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. - :license: BSD, see LICENSE for details. +:copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. +:license: BSD, see LICENSE for details. """ + import os import re import textwrap @@ -19,10 +19,11 @@ class TextWrapper(textwrap.TextWrapper): """Custom subclass that uses a different word separator regex.""" wordsep_re = re.compile( - r'(\s+|' # any whitespace - r'(?<=\s)(?::[a-z-]+:)?`\S+|' # interpreted text start - r'[^\s\w]*\w+[a-zA-Z]-(?=\w+[a-zA-Z])|' # hyphenated words - r'(?<=[\w\!\"\'\&\.\,\?])-{2,}(?=\w))') # em-dash + r'(\s+|' # any whitespace + r'(?<=\s)(?::[a-z-]+:)?`\S+|' # interpreted text start + r'[^\s\w]*\w+[a-zA-Z]-(?=\w+[a-zA-Z])|' # hyphenated words + r'(?<=[\w\!\"\'\&\.\,\?])-{2,}(?=\w))' + ) # em-dash MAXWIDTH = 70 @@ -81,12 +82,13 @@ class TextTranslator(nodes.NodeVisitor): if not toformat: return if wrap: - res = my_wrap(''.join(toformat), width=MAXWIDTH-maxindent) + res = my_wrap(''.join(toformat), width=MAXWIDTH - maxindent) else: res = ''.join(toformat).splitlines() if end: res += end result.append((indent, res)) + for itemindent, item in content: if itemindent == -1: toformat.append(item) @@ -107,9 +109,11 @@ class TextTranslator(nodes.NodeVisitor): def depart_document(self, node): self.end_state() - self.body = self.nl.join(line and (' '*indent + line) - for indent, lines in self.states[0] - for line in lines) + self.body = self.nl.join( + line and (' ' * indent + line) + for indent, lines in self.states[0] + for line in lines + ) # XXX header/footer? def visit_highlightlang(self, node): @@ -153,7 +157,7 @@ class TextTranslator(nodes.NodeVisitor): def visit_title(self, node): if isinstance(node.parent, nodes.Admonition): - self.add_text(node.astext()+': ') + self.add_text(node.astext() + ': ') raise nodes.SkipNode self.new_state(0) @@ -280,7 +284,7 @@ class TextTranslator(nodes.NodeVisitor): self.add_text(production['tokenname'].ljust(maxlen) + ' ::=') lastname = production['tokenname'] else: - self.add_text('%s ' % (' '*len(lastname))) + self.add_text('%s ' % (' ' * len(lastname))) self.add_text(production.astext() + self.nl) self.end_state(wrap=False) raise nodes.SkipNode @@ -391,8 +395,9 @@ class TextTranslator(nodes.NodeVisitor): def visit_entry(self, node): if 'morerows' in node or 'morecols' in node: - raise NotImplementedError('Column or row spanning cells are ' - 'not implemented.') + raise NotImplementedError( + 'Column or row spanning cells are not implemented.' + ) self.new_state(0) def depart_entry(self, node): @@ -431,7 +436,7 @@ class TextTranslator(nodes.NodeVisitor): def writesep(char='-'): out = ['+'] for width in realwidths: - out.append(char * (width+2)) + out.append(char * (width + 2)) out.append('+') self.add_text(''.join(out) + self.nl) @@ -441,7 +446,7 @@ class TextTranslator(nodes.NodeVisitor): out = ['|'] for i, cell in enumerate(line): if cell: - out.append(' ' + cell.ljust(realwidths[i]+1)) + out.append(' ' + cell.ljust(realwidths[i] + 1)) else: out.append(' ' * (realwidths[i] + 2)) out.append('|') @@ -460,7 +465,8 @@ class TextTranslator(nodes.NodeVisitor): def visit_acks(self, node): self.new_state(0) self.add_text( - ', '.join(n.astext() for n in node.children[0].children) + '.') + ', '.join(n.astext() for n in node.children[0].children) + '.' + ) self.end_state() raise nodes.SkipNode @@ -516,8 +522,9 @@ class TextTranslator(nodes.NodeVisitor): self.end_state(first='%s. ' % self.list_counter[-1], end=None) def visit_definition_list_item(self, node): - self._li_has_classifier = len(node) >= 2 and \ - isinstance(node[1], nodes.classifier) + self._li_has_classifier = len(node) >= 2 and isinstance( + node[1], nodes.classifier + ) def depart_definition_list_item(self, node): pass @@ -774,6 +781,7 @@ class TextTranslator(nodes.NodeVisitor): def _make_depart_admonition(name): def depart_admonition(self, node): self.end_state(first=name.capitalize() + ': ') + return depart_admonition visit_attention = _visit_admonition diff -pruN 2.23.6-1/awscli/botocore/__init__.py 2.31.35-1/awscli/botocore/__init__.py --- 2.23.6-1/awscli/botocore/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,6 +23,7 @@ class NullHandler(logging.Handler): def emit(self, record): pass + # Configure default logger to do nothing log = logging.getLogger('botocore') log.addHandler(NullHandler()) @@ -60,24 +61,82 @@ _xform_cache = { 'AssociateWhatsAppBusinessAccount', '-', ): 'associate-whatsapp-business-account', - ('DeleteWhatsAppMessageMedia', '_'): 'delete_whatsapp_media_message', - ('DeleteWhatsAppMessageMedia', '-'): 'delete-whatsapp-media-message', - ('DisassociateWhatsAppBusinessAccount', '_'): 'disassociate_whatsapp_business_account', - ('DisassociateWhatsAppBusinessAccount', '-'):'disassociate-whatsapp-business-account', - ('GetLinkedWhatsAppBusinessAccount', '_'): 'get_linked_whatsapp_business_account', - ('GetLinkedWhatsAppBusinessAccount', '-'): 'get-linked-whatsapp-business-account', - ('GetLinkedWhatsAppBusinessAccountPhoneNumber', '_'): 'get_linked_whatsapp_business_account_phone_number', - ('GetLinkedWhatsAppBusinessAccountPhoneNumber', '-'): 'get-linked-whatsapp-business-account-phone-number', + ('CreateWhatsAppMessageTemplate', '_'): 'create_whatsapp_message_template', + ('CreateWhatsAppMessageTemplate', '-'): 'create-whatsapp-message-template', + ( + 'CreateWhatsAppMessageTemplateFromLibrary', + '_', + ): 'create_whatsapp_message_template_from_library', + ( + 'CreateWhatsAppMessageTemplateFromLibrary', + '-', + ): 'create-whatsapp-message-template-from-library', + ( + 'CreateWhatsAppMessageTemplateMedia', + '_', + ): 'create_whatsapp_message_template_media', + ( + 'CreateWhatsAppMessageTemplateMedia', + '-', + ): 'create-whatsapp-message-template-media', + ('DeleteWhatsAppMessageMedia', '_'): 'delete_whatsapp_message_media', + ('DeleteWhatsAppMessageMedia', '-'): 'delete-whatsapp-message-media', + ('DeleteWhatsAppMessageTemplate', '_'): 'delete_whatsapp_message_template', + ('DeleteWhatsAppMessageTemplate', '-'): 'delete-whatsapp-message-template', + ( + 'DisassociateWhatsAppBusinessAccount', + '_', + ): 'disassociate_whatsapp_business_account', + ( + 'DisassociateWhatsAppBusinessAccount', + '-', + ): 'disassociate-whatsapp-business-account', + ( + 'GetLinkedWhatsAppBusinessAccount', + '_', + ): 'get_linked_whatsapp_business_account', + ( + 'GetLinkedWhatsAppBusinessAccount', + '-', + ): 'get-linked-whatsapp-business-account', + ( + 'GetLinkedWhatsAppBusinessAccountPhoneNumber', + '_', + ): 'get_linked_whatsapp_business_account_phone_number', + ( + 'GetLinkedWhatsAppBusinessAccountPhoneNumber', + '-', + ): 'get-linked-whatsapp-business-account-phone-number', ('GetWhatsAppMessageMedia', '_'): 'get_whatsapp_message_media', ('GetWhatsAppMessageMedia', '-'): 'get-whatsapp-message-media', - ('ListLinkedWhatsAppBusinessAccounts', '_'): 'list_linked_whatsapp_business_accounts', - ('ListLinkedWhatsAppBusinessAccounts', '-'): 'list-linked-whatsapp-business-accounts', + ('GetWhatsAppMessageTemplate', '_'): 'get_whatsapp_message_template', + ('GetWhatsAppMessageTemplate', '-'): 'get-whatsapp-message-template', + ( + 'ListLinkedWhatsAppBusinessAccounts', + '_', + ): 'list_linked_whatsapp_business_accounts', + ( + 'ListLinkedWhatsAppBusinessAccounts', + '-', + ): 'list-linked-whatsapp-business-accounts', + ('ListWhatsAppMessageTemplates', '_'): 'list_whatsapp_message_templates', + ('ListWhatsAppMessageTemplates', '-'): 'list-whatsapp-message-templates', + ('ListWhatsAppTemplateLibrary', '_'): 'list_whatsapp_template_library', + ('ListWhatsAppTemplateLibrary', '-'): 'list-whatsapp-template-library', ('PostWhatsAppMessageMedia', '_'): 'post_whatsapp_message_media', ('PostWhatsAppMessageMedia', '-'): 'post-whatsapp-message-media', - ('PutWhatsAppBusinessAccountEventDestinations', '_'): 'put_whatsapp_business_account_event_destinations', - ('PutWhatsAppBusinessAccountEventDestinations', '-'): 'put-whatsapp-business-account-event-destinations', + ( + 'PutWhatsAppBusinessAccountEventDestinations', + '_', + ): 'put_whatsapp_business_account_event_destinations', + ( + 'PutWhatsAppBusinessAccountEventDestinations', + '-', + ): 'put-whatsapp-business-account-event-destinations', ('SendWhatsAppMessage', '_'): 'send_whatsapp_message', ('SendWhatsAppMessage', '-'): 'send-whatsapp-message', + ('UpdateWhatsAppMessageTemplate', '_'): 'update_whatsapp_message_template', + ('UpdateWhatsAppMessageTemplate', '-'): 'update-whatsapp-message-template', } ScalarTypes = ('string', 'integer', 'boolean', 'timestamp', 'float', 'double') @@ -85,7 +144,7 @@ BOTOCORE_ROOT = os.path.realpath(os.path # Used to specify anonymous (unsigned) request signature -class UNSIGNED(object): +class UNSIGNED: def __copy__(self): return self @@ -113,7 +172,7 @@ def xform_name(name, sep='_', _xform_cac is_special = _special_case_transform.search(name) matched = is_special.group() # Replace something like ARNs, ACLs with _arns, _acls. - name = name[:-len(matched)] + sep + matched.lower() + name = name[: -len(matched)] + sep + matched.lower() s1 = _first_cap_regex.sub(r'\1' + sep + r'\2', name) transformed = _end_cap_regex.sub(r'\1' + sep + r'\2', s1).lower() _xform_cache[key] = transformed diff -pruN 2.23.6-1/awscli/botocore/args.py 2.31.35-1/awscli/botocore/args.py --- 2.23.6-1/awscli/botocore/args.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/args.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,6 +16,7 @@ This module (and all function/classes wi considered internal, and *not* a public API. """ + import copy import logging import socket @@ -27,8 +28,12 @@ from botocore.endpoint import EndpointCr from botocore.regions import EndpointResolverBuiltins as EPRBuiltins from botocore.regions import EndpointRulesetResolver from botocore.signers import RequestSigner -from botocore.useragent import UserAgentString -from botocore.utils import ensure_boolean, is_s3_accelerate_url +from botocore.useragent import UserAgentString, register_feature_id +from botocore.utils import ( + PRIORITY_ORDERED_SUPPORTED_PROTOCOLS, # noqa: F401 + ensure_boolean, + is_s3_accelerate_url, +) logger = logging.getLogger(__name__) @@ -45,9 +50,25 @@ VALID_RESPONSE_CHECKSUM_VALIDATION_CONFI "when_required", ) -class ClientArgsCreator(object): - def __init__(self, event_emitter, user_agent, response_parser_factory, - loader, exceptions_factory, config_store, user_agent_creator=None): + +VALID_ACCOUNT_ID_ENDPOINT_MODE_CONFIG = ( + 'preferred', + 'disabled', + 'required', +) + + +class ClientArgsCreator: + def __init__( + self, + event_emitter, + user_agent, + response_parser_factory, + loader, + exceptions_factory, + config_store, + user_agent_creator=None, + ): self._event_emitter = event_emitter self._response_parser_factory = response_parser_factory self._loader = loader @@ -59,25 +80,31 @@ class ClientArgsCreator(object): self._session_ua_creator = user_agent_creator def get_client_args( - self, + self, + service_model, + region_name, + is_secure, + endpoint_url, + verify, + credentials, + scoped_config, + client_config, + endpoint_bridge, + auth_token=None, + endpoints_ruleset_data=None, + partition_data=None, + ): + final_args = self.compute_client_args( service_model, + client_config, + endpoint_bridge, region_name, - is_secure, endpoint_url, - verify, - credentials, + is_secure, scoped_config, - client_config, - endpoint_bridge, - auth_token=None, - endpoints_ruleset_data=None, - partition_data=None, - ): - final_args = self.compute_client_args( - service_model, client_config, endpoint_bridge, region_name, - endpoint_url, is_secure, scoped_config) + ) - service_name = final_args['service_name'] + service_name = final_args['service_name'] # noqa parameter_validation = final_args['parameter_validation'] endpoint_config = final_args['endpoint_config'] protocol = final_args['protocol'] @@ -88,13 +115,17 @@ class ClientArgsCreator(object): configured_endpoint_url = final_args['configured_endpoint_url'] signing_region = endpoint_config['signing_region'] endpoint_region_name = endpoint_config['region_name'] + account_id_endpoint_mode = config_kwargs['account_id_endpoint_mode'] event_emitter = copy.copy(self._event_emitter) signer = RequestSigner( - service_model.service_id, signing_region, + service_model.service_id, + signing_region, endpoint_config['signing_name'], endpoint_config['signature_version'], - credentials, event_emitter, auth_token + credentials, + event_emitter, + auth_token, ) config_kwargs['s3'] = s3_config @@ -102,18 +133,22 @@ class ClientArgsCreator(object): endpoint_creator = EndpointCreator(event_emitter) endpoint = endpoint_creator.create_endpoint( - service_model, region_name=endpoint_region_name, - endpoint_url=endpoint_config['endpoint_url'], verify=verify, + service_model, + region_name=endpoint_region_name, + endpoint_url=endpoint_config['endpoint_url'], + verify=verify, response_parser_factory=self._response_parser_factory, max_pool_connections=new_config.max_pool_connections, proxies=new_config.proxies, timeout=(new_config.connect_timeout, new_config.read_timeout), socket_options=socket_options, client_cert=new_config.client_cert, - proxies_config=new_config.proxies_config) + proxies_config=new_config.proxies_config, + ) serializer = botocore.serialize.create_serializer( - protocol, parameter_validation) + protocol, parameter_validation + ) response_parser = botocore.parsers.create_parser(protocol) ruleset_resolver = self._build_endpoint_resolver( @@ -128,6 +163,8 @@ class ClientArgsCreator(object): is_secure, endpoint_bridge, event_emitter, + credentials, + account_id_endpoint_mode, ) # Copy the session's user agent factory and adds client configuration. @@ -152,11 +189,18 @@ class ClientArgsCreator(object): 'user_agent_creator': client_ua_creator, } - def compute_client_args(self, service_model, client_config, - endpoint_bridge, region_name, endpoint_url, - is_secure, scoped_config): + def compute_client_args( + self, + service_model, + client_config, + endpoint_bridge, + region_name, + endpoint_url, + is_secure, + scoped_config, + ): service_name = service_model.endpoint_prefix - protocol = service_model.metadata['protocol'] + protocol = service_model.resolved_protocol parameter_validation = True if client_config and not client_config.parameter_validation: parameter_validation = False @@ -171,6 +215,8 @@ class ClientArgsCreator(object): client_config=client_config, endpoint_url=endpoint_url, ) + if configured_endpoint_url is not None: + register_feature_id('ENDPOINT_OVERRIDE') endpoint_config = self._compute_endpoint_config( service_name=service_name, @@ -198,7 +244,8 @@ class ClientArgsCreator(object): config_kwargs = dict( region_name=endpoint_config['region_name'], signature_version=endpoint_config['signature_version'], - user_agent=preliminary_ua_string) + user_agent=preliminary_ua_string, + ) if 'dualstack' in endpoint_variant_tags: config_kwargs.update(use_dualstack_endpoint=True) if 'fips' in endpoint_variant_tags: @@ -230,12 +277,20 @@ class ClientArgsCreator(object): response_checksum_validation=( client_config.response_checksum_validation ), + account_id_endpoint_mode=client_config.account_id_endpoint_mode, + auth_scheme_preference=client_config.auth_scheme_preference, ) self._compute_retry_config(config_kwargs) self._compute_request_compression_config(config_kwargs) self._compute_user_agent_appid_config(config_kwargs) self._compute_sigv4a_signing_region_set_config(config_kwargs) self._compute_checksum_config(config_kwargs) + self._compute_inject_host_prefix(client_config, config_kwargs) + self._compute_account_id_endpoint_mode_config(config_kwargs) + self._compute_auth_scheme_preference_config( + client_config, config_kwargs + ) + self._compute_signature_version_config(client_config, config_kwargs) s3_config = self.compute_s3_config(client_config) is_s3_service = self._is_s3_service(service_name) @@ -253,9 +308,28 @@ class ClientArgsCreator(object): 'protocol': protocol, 'config_kwargs': config_kwargs, 's3_config': s3_config, - 'socket_options': self._compute_socket_options(scoped_config) + 'socket_options': self._compute_socket_options(scoped_config), } + def _compute_inject_host_prefix(self, client_config, config_kwargs): + # In the cases that a Config object was not provided, or the private value + # remained UNSET, we should resolve the value from the config store. + if ( + client_config is None + or client_config._inject_host_prefix == 'UNSET' + ): + configured_disable_host_prefix_injection = ( + self._config_store.get_config_variable( + 'disable_host_prefix_injection' + ) + ) + if configured_disable_host_prefix_injection is not None: + config_kwargs[ + 'inject_host_prefix' + ] = not configured_disable_host_prefix_injection + else: + config_kwargs['inject_host_prefix'] = True + def _compute_configured_endpoint_url(self, client_config, endpoint_url): if endpoint_url is not None: return endpoint_url @@ -306,8 +380,15 @@ class ClientArgsCreator(object): """ return service_name in ['s3', 's3-control'] - def _compute_endpoint_config(self, service_name, region_name, endpoint_url, - is_secure, endpoint_bridge, s3_config): + def _compute_endpoint_config( + self, + service_name, + region_name, + endpoint_url, + is_secure, + endpoint_bridge, + s3_config, + ): resolve_endpoint_kwargs = { 'service_name': service_name, 'region_name': region_name, @@ -317,31 +398,44 @@ class ClientArgsCreator(object): } if service_name == 's3': return self._compute_s3_endpoint_config( - s3_config=s3_config, **resolve_endpoint_kwargs) + s3_config=s3_config, **resolve_endpoint_kwargs + ) return self._resolve_endpoint(**resolve_endpoint_kwargs) - def _compute_s3_endpoint_config(self, s3_config, - **resolve_endpoint_kwargs): + def _compute_s3_endpoint_config( + self, s3_config, **resolve_endpoint_kwargs + ): endpoint_config = self._resolve_endpoint(**resolve_endpoint_kwargs) self._set_region_if_custom_s3_endpoint( - endpoint_config, resolve_endpoint_kwargs['endpoint_bridge']) + endpoint_config, resolve_endpoint_kwargs['endpoint_bridge'] + ) return endpoint_config - def _set_region_if_custom_s3_endpoint(self, endpoint_config, - endpoint_bridge): + def _set_region_if_custom_s3_endpoint( + self, endpoint_config, endpoint_bridge + ): # If a user is providing a custom URL, the endpoint resolver will # refuse to infer a signing region. If we want to default to s3v4, # we have to account for this. - if endpoint_config['signing_region'] is None \ - and endpoint_config['region_name'] is None: + if ( + endpoint_config['signing_region'] is None + and endpoint_config['region_name'] is None + ): endpoint = endpoint_bridge.resolve('s3') endpoint_config['signing_region'] = endpoint['signing_region'] endpoint_config['region_name'] = endpoint['region_name'] - def _resolve_endpoint(self, service_name, region_name, - endpoint_url, is_secure, endpoint_bridge): + def _resolve_endpoint( + self, + service_name, + region_name, + endpoint_url, + is_secure, + endpoint_bridge, + ): return endpoint_bridge.resolve( - service_name, region_name, endpoint_url, is_secure) + service_name, region_name, endpoint_url, is_secure + ) def _compute_socket_options(self, scoped_config): # This disables Nagle's algorithm and is the default socket options @@ -351,7 +445,8 @@ class ClientArgsCreator(object): # Enables TCP Keepalive if specified in shared config file. if self._ensure_boolean(scoped_config.get('tcp_keepalive', False)): socket_options.append( - (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)) + (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) + ) return socket_options def _compute_retry_config(self, config_kwargs): @@ -453,6 +548,8 @@ class ClientArgsCreator(object): is_secure, endpoint_bridge, event_emitter, + credentials, + account_id_endpoint_mode, ): if endpoints_ruleset_data is None: return None @@ -477,6 +574,8 @@ class ClientArgsCreator(object): endpoint_bridge=endpoint_bridge, client_endpoint_url=endpoint_url, legacy_endpoint_url=endpoint.host, + credentials=credentials, + account_id_endpoint_mode=account_id_endpoint_mode, ) # botocore does not support client context parameters generically # for every service. Instead, the s3 config section entries are @@ -510,6 +609,8 @@ class ClientArgsCreator(object): endpoint_bridge, client_endpoint_url, legacy_endpoint_url, + credentials, + account_id_endpoint_mode, ): # EndpointRulesetResolver rulesets may accept an "SDK::Endpoint" as # input. If the endpoint_url argument of create_client() is set, it @@ -576,6 +677,12 @@ class ClientArgsCreator(object): 's3_disable_multiregion_access_points', False ), EPRBuiltins.SDK_ENDPOINT: given_endpoint, + EPRBuiltins.ACCOUNT_ID: credentials.get_deferred_property( + 'account_id' + ) + if credentials + else None, + EPRBuiltins.ACCOUNT_ID_ENDPOINT_MODE: account_id_endpoint_mode, } def _compute_user_agent_appid_config(self, config_kwargs): @@ -635,4 +742,100 @@ class ClientArgsCreator(object): config_value=value, valid_options=valid_options, ) - config_kwargs[config_key] = value \ No newline at end of file + self._register_checksum_config_feature_ids(value, config_key) + config_kwargs[config_key] = value + + def _register_checksum_config_feature_ids(self, value, config_key): + checksum_config_feature_id = None + if config_key == "request_checksum_calculation": + checksum_config_feature_id = ( + f"FLEXIBLE_CHECKSUMS_REQ_{value.upper()}" + ) + elif config_key == "response_checksum_validation": + checksum_config_feature_id = ( + f"FLEXIBLE_CHECKSUMS_RES_{value.upper()}" + ) + if checksum_config_feature_id is not None: + register_feature_id(checksum_config_feature_id) + + def _compute_account_id_endpoint_mode_config(self, config_kwargs): + config_key = 'account_id_endpoint_mode' + + # Disable account id based endpoint routing for unsigned requests + # since there are no credentials to resolve. + signature_version = config_kwargs.get('signature_version') + if signature_version is botocore.UNSIGNED: + config_kwargs[config_key] = 'disabled' + return + + account_id_endpoint_mode = config_kwargs.get(config_key) + if account_id_endpoint_mode is None: + account_id_endpoint_mode = self._config_store.get_config_variable( + config_key + ) + + if isinstance(account_id_endpoint_mode, str): + account_id_endpoint_mode = account_id_endpoint_mode.lower() + + if ( + account_id_endpoint_mode + not in VALID_ACCOUNT_ID_ENDPOINT_MODE_CONFIG + ): + raise botocore.exceptions.InvalidConfigError( + error_msg=f"The configured value '{account_id_endpoint_mode}' for '{config_key}' is " + f"invalid. Valid values are: {VALID_ACCOUNT_ID_ENDPOINT_MODE_CONFIG}." + ) + + config_kwargs[config_key] = account_id_endpoint_mode + + def _compute_auth_scheme_preference_config( + self, client_config, config_kwargs + ): + config_key = 'auth_scheme_preference' + set_in_config_object = False + + if client_config and client_config.auth_scheme_preference: + value = client_config.auth_scheme_preference + set_in_config_object = True + else: + value = self._config_store.get_config_variable(config_key) + + if value is None: + config_kwargs[config_key] = None + return + + if not isinstance(value, str): + raise botocore.exceptions.InvalidConfigError( + error_msg=( + f"{config_key} must be a comma-delimited string. " + f"Received {type(value)} instead: {value}." + ) + ) + + value = ','.join( + item.replace(' ', '').replace('\t', '') + for item in value.split(',') + if item.strip() + ) + + if set_in_config_object: + value = ClientConfigString(value) + + config_kwargs[config_key] = value + + def _compute_signature_version_config(self, client_config, config_kwargs): + if client_config and client_config.signature_version: + value = client_config.signature_version + if isinstance(value, str): + config_kwargs['signature_version'] = ClientConfigString(value) + + +class ConfigObjectWrapper: + """Base class to mark values set via in-code Config object.""" + + pass + + +class ClientConfigString(str, ConfigObjectWrapper): + def __new__(cls, value=None): + return super().__new__(cls, value) diff -pruN 2.23.6-1/awscli/botocore/auth.py 2.31.35-1/awscli/botocore/auth.py --- 2.23.6-1/awscli/botocore/auth.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/auth.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,7 +22,7 @@ from email.utils import formatdate from hashlib import sha256 from botocore.compat import ( - MD5_AVAILABLE, + MD5_AVAILABLE, # noqa HTTPHeaders, encodebytes, ensure_unicode, @@ -48,7 +48,8 @@ logger = logging.getLogger(__name__) EMPTY_SHA256_HASH = ( - 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855') + 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' +) # This is the buffer size used when calculating sha256 checksums. # Experimenting with various buffer sizes showed that this value generally # gave the best result (in terms of performance). @@ -57,6 +58,7 @@ ISO8601 = '%Y-%m-%dT%H:%M:%SZ' SIGV4_TIMESTAMP = '%Y%m%dT%H%M%SZ' SIGNED_HEADERS_BLACKLIST = [ 'expect', + 'transfer-encoding', 'user-agent', 'x-amzn-trace-id', ] @@ -76,10 +78,7 @@ def _host_from_url(url): # brackets as per RFC 3986 3.2.2. host = f'[{host}]' - default_ports = { - 'http': 80, - 'https': 443 - } + default_ports = {'http': 80, 'https': 443} if url_parts.port is not None: if url_parts.port != default_ports.get(url_parts.scheme): host = '%s:%d' % (host, url_parts.port) @@ -99,7 +98,7 @@ def _get_body_as_dict(request): return data -class BaseSigner(object): +class BaseSigner: REQUIRES_REGION = False REQUIRES_TOKEN = False @@ -131,11 +130,10 @@ class SigV2Auth(BaseSigner): path = split.path if len(path) == 0: path = '/' - string_to_sign = '%s\n%s\n%s\n' % (request.method, - split.netloc, - path) - lhmac = hmac.new(self.credentials.secret_key.encode('utf-8'), - digestmod=sha256) + string_to_sign = f'{request.method}\n{split.netloc}\n{path}\n' + lhmac = hmac.new( + self.credentials.secret_key.encode('utf-8'), digestmod=sha256 + ) pairs = [] for key in sorted(params): # Any previous signature should not be a part of this @@ -144,8 +142,11 @@ class SigV2Auth(BaseSigner): if key == 'Signature': continue value = str(params[key]) - pairs.append(quote(key.encode('utf-8'), safe='') + '=' + - quote(value.encode('utf-8'), safe='-_~')) + pairs.append( + quote(key.encode('utf-8'), safe='') + + '=' + + quote(value.encode('utf-8'), safe='-_~') + ) qs = '&'.join(pairs) string_to_sign += qs logger.debug('String to sign: %s', string_to_sign) @@ -192,13 +193,18 @@ class SigV3Auth(BaseSigner): if 'X-Amz-Security-Token' in request.headers: del request.headers['X-Amz-Security-Token'] request.headers['X-Amz-Security-Token'] = self.credentials.token - new_hmac = hmac.new(self.credentials.secret_key.encode('utf-8'), - digestmod=sha256) + new_hmac = hmac.new( + self.credentials.secret_key.encode('utf-8'), digestmod=sha256 + ) new_hmac.update(request.headers['Date'].encode('utf-8')) encoded_signature = encodebytes(new_hmac.digest()).strip() - signature = ('AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=%s,Signature=%s' % - (self.credentials.access_key, 'HmacSHA256', - encoded_signature.decode('utf-8'))) + signature = ( + 'AWS3-HTTPS AWSAccessKeyId={},Algorithm={},Signature={}'.format( + self.credentials.access_key, + 'HmacSHA256', + encoded_signature.decode('utf-8'), + ) + ) if 'X-Amzn-Authorization' in request.headers: del request.headers['X-Amzn-Authorization'] request.headers['X-Amzn-Authorization'] = signature @@ -208,6 +214,7 @@ class SigV4Auth(BaseSigner): """ Sign a request with Signature V4. """ + REQUIRES_REGION = True def __init__(self, credentials, service_name, region_name): @@ -256,13 +263,14 @@ class SigV4Auth(BaseSigner): key_val_pairs = [] for key in params: value = str(params[key]) - key_val_pairs.append((quote(key, safe='-_.~'), - quote(value, safe='-_.~'))) + key_val_pairs.append( + (quote(key, safe='-_.~'), quote(value, safe='-_.~')) + ) sorted_key_vals = [] # Sort by the URI-encoded key names, and in the case of # repeated keys, then sort by the value. for key, value in sorted(key_val_pairs): - sorted_key_vals.append('%s=%s' % (key, value)) + sorted_key_vals.append(f'{key}={value}') canonical_query_string = '&'.join(sorted_key_vals) return canonical_query_string @@ -278,7 +286,7 @@ class SigV4Auth(BaseSigner): # Sort by the URI-encoded key names, and in the case of # repeated keys, then sort by the value. for key, value in sorted(key_val_pairs): - sorted_key_vals.append('%s=%s' % (key, value)) + sorted_key_vals.append(f'{key}={value}') canonical_query_string = '&'.join(sorted_key_vals) return canonical_query_string @@ -292,9 +300,10 @@ class SigV4Auth(BaseSigner): headers = [] sorted_header_names = sorted(set(headers_to_sign)) for key in sorted_header_names: - value = ','.join(self._header_value(v) for v in - headers_to_sign.get_all(key)) - headers.append('%s:%s' % (key, ensure_unicode(value))) + value = ','.join( + self._header_value(v) for v in headers_to_sign.get_all(key) + ) + headers.append(f'{key}:{ensure_unicode(value)}') return '\n'.join(headers) def _header_value(self, value): @@ -306,9 +315,8 @@ class SigV4Auth(BaseSigner): return ' '.join(value.split()) def signed_headers(self, headers_to_sign): - l = ['%s' % n.lower().strip() for n in set(headers_to_sign)] - l = sorted(l) - return ';'.join(l) + headers = sorted(n.lower().strip() for n in set(headers_to_sign)) + return ';'.join(headers) def _is_streaming_checksum_payload(self, request): checksum_context = request.context.get('checksum', {}) @@ -325,8 +333,9 @@ class SigV4Auth(BaseSigner): request_body = request.body if request_body and hasattr(request_body, 'seek'): position = request_body.tell() - read_chunksize = functools.partial(request_body.read, - PAYLOAD_BUFFER) + read_chunksize = functools.partial( + request_body.read, PAYLOAD_BUFFER + ) checksum = sha256() for chunk in iter(read_chunksize, b''): checksum.update(chunk) @@ -399,8 +408,9 @@ class SigV4Auth(BaseSigner): def signature(self, string_to_sign, request): key = self.credentials.secret_key - k_date = self._sign(('AWS4' + key).encode('utf-8'), - request.context['timestamp'][0:8]) + k_date = self._sign( + ('AWS4' + key).encode('utf-8'), request.context['timestamp'][0:8] + ) k_region = self._sign(k_date, self._region_name) k_service = self._sign(k_region, self._service_name) k_signing = self._sign(k_service, 'aws4_request') @@ -425,11 +435,13 @@ class SigV4Auth(BaseSigner): self._inject_signature_to_request(request, signature) def _inject_signature_to_request(self, request, signature): - l = ['AWS4-HMAC-SHA256 Credential=%s' % self.scope(request)] + auth_str = [f'AWS4-HMAC-SHA256 Credential={self.scope(request)}'] headers_to_sign = self.headers_to_sign(request) - l.append('SignedHeaders=%s' % self.signed_headers(headers_to_sign)) - l.append('Signature=%s' % signature) - request.headers['Authorization'] = ', '.join(l) + auth_str.append( + f"SignedHeaders={self.signed_headers(headers_to_sign)}" + ) + auth_str.append(f'Signature={signature}') + request.headers['Authorization'] = ', '.join(auth_str) return request def _modify_request_before_signing(self, request): @@ -453,9 +465,11 @@ class SigV4Auth(BaseSigner): if 'Date' in request.headers: del request.headers['Date'] datetime_timestamp = datetime.datetime.strptime( - request.context['timestamp'], SIGV4_TIMESTAMP) + request.context['timestamp'], SIGV4_TIMESTAMP + ) request.headers['Date'] = formatdate( - int(calendar.timegm(datetime_timestamp.timetuple()))) + int(calendar.timegm(datetime_timestamp.timetuple())) + ) if 'X-Amz-Date' in request.headers: del request.headers['X-Amz-Date'] else: @@ -466,7 +480,7 @@ class SigV4Auth(BaseSigner): class S3SigV4Auth(SigV4Auth): def _modify_request_before_signing(self, request): - super(S3SigV4Auth, self)._modify_request_before_signing(request) + super()._modify_request_before_signing(request) if 'X-Amz-Content-SHA256' in request.headers: del request.headers['X-Amz-Content-SHA256'] @@ -499,8 +513,10 @@ class S3SigV4Auth(SigV4Auth): algorithm = checksum_context.get('request_algorithm') if isinstance(algorithm, dict) and algorithm.get('in') == 'header': checksum_header = algorithm['name'] - if not request.url.startswith('https') or \ - checksum_header not in request.headers: + if ( + not request.url.startswith('https') + or checksum_header not in request.headers + ): return True # If the input is streaming we disable body signing by default. @@ -509,7 +525,7 @@ class S3SigV4Auth(SigV4Auth): # If the S3-specific checks had no results, delegate to the generic # checks. - return super(S3SigV4Auth, self)._should_sha256_sign_payload(request) + return super()._should_sha256_sign_payload(request) def _normalize_url_path(self, path): # For S3, we do not normalize the path. @@ -672,7 +688,7 @@ class S3ExpressQueryAuth(S3ExpressAuth): # Rather than calculating an "Authorization" header, for the query # param quth, we just append an 'X-Amz-Signature' param to the end # of the query string. - request.url += '&X-Amz-Signature=%s' % signature + request.url += f'&X-Amz-Signature={signature}' def _normalize_url_path(self, path): # For S3, we do not normalize the path. @@ -689,10 +705,10 @@ class S3ExpressQueryAuth(S3ExpressAuth): class SigV4QueryAuth(SigV4Auth): DEFAULT_EXPIRES = 3600 - def __init__(self, credentials, service_name, region_name, - expires=DEFAULT_EXPIRES): - super(SigV4QueryAuth, self).__init__(credentials, service_name, - region_name) + def __init__( + self, credentials, service_name, region_name, expires=DEFAULT_EXPIRES + ): + super().__init__(credentials, service_name, region_name) self._expires = expires def _modify_request_before_signing(self, request): @@ -726,8 +742,13 @@ class SigV4QueryAuth(SigV4Auth): # have repeated keys so we know we have single element lists which we # can convert back to scalar values. query_dict = dict( - [(k, v[0]) for k, v in - parse_qs(url_parts.query, keep_blank_values=True).items()]) + [ + (k, v[0]) + for k, v in parse_qs( + url_parts.query, keep_blank_values=True + ).items() + ] + ) # The spec is particular about this. It *has* to be: # https://?& # You can't mix the two types of params together, i.e just keep doing @@ -742,8 +763,9 @@ class SigV4QueryAuth(SigV4Auth): request.data = '' if query_dict: operation_params = percent_encode_sequence(query_dict) + '&' - new_query_string = (operation_params + - percent_encode_sequence(auth_params)) + new_query_string = operation_params + percent_encode_sequence( + auth_params + ) # url_parts is a tuple (and therefore immutable) so we need to create # a new url_parts with the new query string. # - @@ -760,7 +782,7 @@ class SigV4QueryAuth(SigV4Auth): # Rather than calculating an "Authorization" header, for the query # param quth, we just append an 'X-Amz-Signature' param to the end # of the query string. - request.url += '&X-Amz-Signature=%s' % signature + request.url += f'&X-Amz-Signature={signature}' class S3SigV4QueryAuth(SigV4QueryAuth): @@ -774,6 +796,7 @@ class S3SigV4QueryAuth(SigV4QueryAuth): http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html """ + def _normalize_url_path(self, path): # For S3, we do not normalize the path. return path @@ -793,6 +816,7 @@ class S3SigV4PostAuth(SigV4Auth): Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html """ + def add_auth(self, request): datetime_now = datetime.datetime.utcnow() request.context['timestamp'] = datetime_now.strftime(SIGV4_TIMESTAMP) @@ -824,7 +848,8 @@ class S3SigV4PostAuth(SigV4Auth): # Dump the base64 encoded policy into the fields dictionary. fields['policy'] = base64.b64encode( - json.dumps(policy).encode('utf-8')).decode('utf-8') + json.dumps(policy).encode('utf-8') + ).decode('utf-8') fields['x-amz-signature'] = self.signature(fields['policy'], request) @@ -854,7 +879,8 @@ class BearerAuth(TokenSigner): # the botocore.crt.auth module imports functions/classes defined above from # this module. In the future, we should isolate those functions/classes into # a separate utility module to avoid any potential circular import. -import botocore.crt.auth +import botocore.crt.auth # noqa + def resolve_auth_type(auth_trait): for auth_type in auth_trait: @@ -869,6 +895,38 @@ def resolve_auth_type(auth_trait): raise UnsupportedSignatureVersionError(signature_version=auth_trait) +def resolve_auth_scheme_preference(preference_list, auth_options): + service_supported = [scheme.split('#')[-1] for scheme in auth_options] + + unsupported = [ + scheme + for scheme in preference_list + if scheme not in AUTH_PREF_TO_SIGNATURE_VERSION + ] + if unsupported: + logger.debug( + f"Unsupported auth schemes in preference list: {', '.join(unsupported)}" + ) + + combined = preference_list + service_supported + prioritized_schemes = [ + scheme + for scheme in dict.fromkeys(combined) + if scheme in service_supported + ] + + for scheme in prioritized_schemes: + if scheme == 'noAuth': + return AUTH_PREF_TO_SIGNATURE_VERSION[scheme] + sig_version = AUTH_PREF_TO_SIGNATURE_VERSION.get(scheme) + if sig_version in AUTH_TYPE_MAPS: + return sig_version + + raise UnsupportedSignatureVersionError( + signature_version=', '.join(sorted(service_supported)) + ) + + # Defined at the bottom instead of the top of the module because the Auth # classes weren't defined yet. AUTH_TYPE_MAPS = { @@ -894,4 +952,14 @@ AUTH_TYPE_TO_SIGNATURE_VERSION = { 'aws.auth#sigv4a': 'v4a', 'smithy.api#httpBearerAuth': 'bearer', 'smithy.api#noAuth': 'none', -} \ No newline at end of file +} + + +# Mapping used specifically for resolving user-configured auth scheme preferences. +# This is similar to AUTH_TYPE_TO_SIGNATURE_VERSION, but uses simplified keys by +# stripping the auth trait prefixes ('smithy.api#httpBearerAuth' → 'httpBearerAuth'). +# These simplified keys match what customers are expected to provide in configuration. +AUTH_PREF_TO_SIGNATURE_VERSION = { + auth_scheme.split('#')[-1]: sig_version + for auth_scheme, sig_version in AUTH_TYPE_TO_SIGNATURE_VERSION.items() +} diff -pruN 2.23.6-1/awscli/botocore/awsrequest.py 2.31.35-1/awscli/botocore/awsrequest.py --- 2.23.6-1/awscli/botocore/awsrequest.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/awsrequest.py 2025-11-12 19:17:29.000000000 +0000 @@ -50,7 +50,7 @@ class AWSHTTPResponse(HTTPResponse): return HTTPResponse._read_status(self) -class AWSConnection(object): +class AWSConnection: """Mixin for HTTPConnection that supports Expect 100-continue. This when mixed with a subclass of httplib.HTTPConnection (though @@ -62,8 +62,9 @@ class AWSConnection(object): this against AWS services. """ + def __init__(self, *args, **kwargs): - super(AWSConnection, self).__init__(*args, **kwargs) + super().__init__(*args, **kwargs) self._original_response_cls = self.response_class # We'd ideally hook into httplib's states, but they're all # __mangled_vars so we use our own state var. This variable is set @@ -77,7 +78,7 @@ class AWSConnection(object): self._expect_header_set = False def close(self): - super(AWSConnection, self).close() + super().close() # Reset all of our instance state we were tracking. self._response_received = False self._expect_header_set = False @@ -90,8 +91,9 @@ class AWSConnection(object): else: self._expect_header_set = False self.response_class = self._original_response_cls - rval = super(AWSConnection, self)._send_request( - method, url, body, headers, *args, **kwargs) + rval = super()._send_request( + method, url, body, headers, *args, **kwargs + ) self._expect_header_set = False return rval @@ -137,8 +139,10 @@ class AWSConnection(object): # server (possibly via a proxy) from which it has never seen a # 100 (Continue) status, the client SHOULD NOT wait for an # indefinite period before sending the request body. - logger.debug("No response seen from server, continuing to " - "send the response body.") + logger.debug( + "No response seen from server, continuing to " + "send the response body." + ) if message_body is not None: # message_body was not a string (i.e. it is a file), and # we must run the risk of Nagle. @@ -166,8 +170,9 @@ class AWSConnection(object): parts = maybe_status_line.split(None, 2) if self._is_100_continue_status(maybe_status_line): self._consume_headers(fp) - logger.debug("100 Continue response seen, " - "now sending request body.") + logger.debug( + "100 Continue response seen, " "now sending request body." + ) self._send_message_body(message_body) elif len(parts) == 3 and parts[0].startswith(b'HTTP/'): # From the RFC: @@ -182,12 +187,18 @@ class AWSConnection(object): # So if we don't get a 100 Continue response, then # whatever the server has sent back is the final response # and don't send the message_body. - logger.debug("Received a non 100 Continue response " - "from the server, NOT sending request body.") - status_tuple = (parts[0].decode('ascii'), - int(parts[1]), parts[2].decode('ascii')) + logger.debug( + "Received a non 100 Continue response " + "from the server, NOT sending request body." + ) + status_tuple = ( + parts[0].decode('ascii'), + int(parts[1]), + parts[2].decode('ascii'), + ) response_class = functools.partial( - AWSHTTPResponse, status_tuple=status_tuple) + AWSHTTPResponse, status_tuple=status_tuple + ) self.response_class = response_class self._response_received = True finally: @@ -199,25 +210,29 @@ class AWSConnection(object): def send(self, str): if self._response_received: - logger.debug("send() called, but reseponse already received. " - "Not sending data.") + logger.debug( + "send() called, but reseponse already received. " + "Not sending data." + ) return - return super(AWSConnection, self).send(str) + return super().send(str) def _is_100_continue_status(self, maybe_status_line): parts = maybe_status_line.split(None, 2) # Check for HTTP/ 100 Continue\r\n return ( - len(parts) >= 3 and parts[0].startswith(b'HTTP/') and - parts[1] == b'100') + len(parts) >= 2 + and parts[0].startswith(b'HTTP/') + and parts[1] == b'100' + ) class AWSHTTPConnection(AWSConnection, HTTPConnection): - """ An HTTPConnection that supports 100 Continue behavior. """ + """An HTTPConnection that supports 100 Continue behavior.""" class AWSHTTPSConnection(AWSConnection, VerifiedHTTPSConnection): - """ An HTTPSConnection that supports 100 Continue behavior. """ + """An HTTPSConnection that supports 100 Continue behavior.""" class AWSHTTPConnectionPool(HTTPConnectionPool): @@ -228,8 +243,9 @@ class AWSHTTPSConnectionPool(HTTPSConnec ConnectionCls = AWSHTTPSConnection -def prepare_request_dict(request_dict, endpoint_url, context=None, - user_agent=None): +def prepare_request_dict( + request_dict, endpoint_url, context=None, user_agent=None +): """ This method prepares a request dict to be created into an AWSRequestObject. This prepares the request dict by adding the @@ -259,9 +275,9 @@ def prepare_request_dict(request_dict, e percent_encode_sequence = botocore.utils.percent_encode_sequence encoded_query_string = percent_encode_sequence(r['query_string']) if '?' not in url: - url += '?%s' % encoded_query_string + url += f'?{encoded_query_string}' else: - url += '&%s' % encoded_query_string + url += f'&{encoded_query_string}' r['url'] = url r['context'] = context if context is None: @@ -321,7 +337,7 @@ def _urljoin(endpoint_url, url_path, hos return reconstructed -class AWSRequestPreparer(object): +class AWSRequestPreparer: """ This class performs preparation on AWSRequest objects similar to that of the PreparedRequest class does in the requests library. However, the logic @@ -341,6 +357,7 @@ class AWSRequestPreparer(object): This class does not prepare the method, auth or cookies. """ + def prepare(self, original): method = original.method url = self._prepare_url(original) @@ -354,7 +371,7 @@ class AWSRequestPreparer(object): url = original.url if original.params: params = urlencode(list(original.params.items()), doseq=True) - url = '%s?%s' % (url, params) + url = f'{url}?{params}' return url def _prepare_headers(self, original, prepared_body=None): @@ -402,7 +419,7 @@ class AWSRequestPreparer(object): return botocore.utils.determine_content_length(body) -class AWSRequest(object): +class AWSRequest: """Represents the elements of an HTTP request. This class was originally inspired by requests.models.Request, but has been @@ -412,15 +429,16 @@ class AWSRequest(object): _REQUEST_PREPARER_CLS = AWSRequestPreparer - def __init__(self, - method=None, - url=None, - headers=None, - data=None, - params=None, - auth_path=None, - stream_output=False): - + def __init__( + self, + method=None, + url=None, + headers=None, + data=None, + params=None, + auth_path=None, + stream_output=False, + ): self._request_preparer = self._REQUEST_PREPARER_CLS() # Default empty dicts for dict params. @@ -459,7 +477,7 @@ class AWSRequest(object): return body -class AWSPreparedRequest(object): +class AWSPreparedRequest: """A data class representing a finalized request to be sent over the wire. Requests at this stage should be treated as final, and the properties of @@ -471,6 +489,7 @@ class AWSPreparedRequest(object): :ivar body: The HTTP body. :ivar stream_output: If the response for this request should be streamed. """ + def __init__(self, method, url, headers, body, stream_output): self.method = method self.url = url @@ -509,7 +528,7 @@ class AWSPreparedRequest(object): raise UnseekableStreamError(stream_object=self.body) -class AWSResponse(object): +class AWSResponse: """A data class representing an HTTP response. This class was originally inspired by requests.models.Response, but has @@ -539,7 +558,7 @@ class AWSResponse(object): # NOTE: requests would attempt to call stream and fall back # to a custom generator that would call read in a loop, but # we don't rely on this behavior - self._content = bytes().join(self.raw.stream()) or bytes() + self._content = b''.join(self.raw.stream()) or b'' return self._content @@ -558,7 +577,7 @@ class AWSResponse(object): return self.content.decode('utf-8') -class _HeaderKey(object): +class _HeaderKey: def __init__(self, key): self._key = key self._lower = key.lower() @@ -577,7 +596,8 @@ class _HeaderKey(object): class HeadersDict(MutableMapping): - """A case-insenseitive dictionary to represent HTTP headers. """ + """A case-insenseitive dictionary to represent HTTP headers.""" + def __init__(self, *args, **kwargs): self._dict = {} self.update(*args, **kwargs) diff -pruN 2.23.6-1/awscli/botocore/client.py 2.31.35-1/awscli/botocore/client.py --- 2.23.6-1/awscli/botocore/client.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/client.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,16 +13,20 @@ import functools import logging -from botocore import UNSIGNED, waiter, xform_name +from botocore import ( + UNSIGNED, # noqa + waiter, + xform_name, +) from botocore.args import ClientArgsCreator from botocore.auth import AUTH_TYPE_MAPS, resolve_auth_type from botocore.awsrequest import prepare_request_dict from botocore.compress import maybe_compress_request -from botocore.config import Config # Keep this imported. There's pre-existing code that uses # "from botocore.client import UNSIGNED". from botocore.config import Config +from botocore.context import with_current_context from botocore.credentials import RefreshableCredentials from botocore.discovery import ( EndpointDiscoveryHandler, @@ -31,7 +35,7 @@ from botocore.discovery import ( ) from botocore.docs.docstring import ClientMethodDocstring, PaginatorDocstring from botocore.exceptions import ( - ClientError, + ClientError, # noqa DataNotFoundError, InvalidEndpointDiscoveryConfigurationError, OperationNotPageableError, @@ -47,7 +51,7 @@ from botocore.httpchecksum import ( from botocore.model import ServiceModel from botocore.paginate import Paginator from botocore.retries import adaptive, standard -from botocore.useragent import UserAgentString +from botocore.useragent import UserAgentString, register_feature_id from botocore.utils import ( CachedProperty, EventbridgeSignerSetter, @@ -58,27 +62,25 @@ from botocore.utils import ( get_service_module_name, ) -_LEGACY_SIGNATURE_VERSIONS = frozenset( - ( - 'v2', - 'v3', - 'v3https', - 'v4', - 's3', - 's3v4', - ) -) - - logger = logging.getLogger(__name__) history_recorder = get_global_history_recorder() -class ClientCreator(object): +class ClientCreator: """Creates client objects for a service.""" - def __init__(self, loader, endpoint_resolver, user_agent, event_emitter, - response_parser_factory=None, exceptions_factory=None, - config_store=None, user_agent_creator=None): + + def __init__( + self, + loader, + endpoint_resolver, + user_agent, + event_emitter, + response_parser_factory=None, + exceptions_factory=None, + config_store=None, + user_agent_creator=None, + auth_token_resolver=None, + ): self._loader = loader self._endpoint_resolver = endpoint_resolver self._user_agent = user_agent @@ -91,13 +93,23 @@ class ClientCreator(object): # future). self._config_store = config_store self._user_agent_creator = user_agent_creator + self._auth_token_resolver = auth_token_resolver - def create_client(self, service_name, region_name, is_secure=True, - endpoint_url=None, verify=None, - credentials=None, scoped_config=None, - client_config=None, auth_token=None): + def create_client( + self, + service_name, + region_name, + is_secure=True, + endpoint_url=None, + verify=None, + credentials=None, + scoped_config=None, + client_config=None, + auth_token=None, + ): responses = self._event_emitter.emit( - 'choose-service-name', service_name=service_name) + 'choose-service-name', service_name=service_name + ) service_name = first_non_none_response(responses, default=service_name) service_model = self._load_service_model(service_name) @@ -117,7 +129,8 @@ class ClientCreator(object): cls = self._create_client_class(service_name, service_model) region_name, client_config = self._normalize_fips_region( - region_name, client_config) + region_name, client_config + ) if auth := service_model.metadata.get('auth'): service_signature_version = resolve_auth_type(auth) else: @@ -125,13 +138,22 @@ class ClientCreator(object): 'signatureVersion' ) endpoint_bridge = ClientEndpointBridge( - self._endpoint_resolver, scoped_config, client_config, + self._endpoint_resolver, + scoped_config, + client_config, service_signing_name=service_model.metadata.get('signingName'), config_store=self._config_store, service_signature_version=service_signature_version, ) + if token := self._evaluate_client_specific_token( + service_model.signing_name + ): + auth_token = token client_args = self._get_client_args( - service_model, region_name, is_secure, endpoint_url, + service_model, + region_name, + is_secure, + endpoint_url, verify, credentials, scoped_config, @@ -146,6 +168,7 @@ class ClientCreator(object): self._register_s3_events(service_client, client_config, scoped_config) self._register_s3express_events(client=service_client) self._register_s3_control_events(service_client) + self._register_importexport_events(client=service_client) self._register_endpoint_discovery( service_client, endpoint_url, client_config ) @@ -162,38 +185,37 @@ class ClientCreator(object): bases = [BaseClient] service_id = service_model.service_id.hyphenize() self._event_emitter.emit( - 'creating-client-class.%s' % service_id, + f'creating-client-class.{service_id}', class_attributes=class_attributes, - base_classes=bases) + base_classes=bases, + ) class_name = get_service_module_name(service_model) cls = type(str(class_name), tuple(bases), class_attributes) return cls - def _normalize_fips_region(self, region_name, - client_config): + def _normalize_fips_region(self, region_name, client_config): if region_name is not None: - normalized_region_name = region_name.replace( - 'fips-', '').replace('-fips', '') + normalized_region_name = region_name.replace('fips-', '').replace( + '-fips', '' + ) # If region has been transformed then set flag if normalized_region_name != region_name: config_use_fips_endpoint = Config(use_fips_endpoint=True) if client_config: # Keeping endpoint setting client specific client_config = client_config.merge( - config_use_fips_endpoint) + config_use_fips_endpoint + ) else: client_config = config_use_fips_endpoint logger.warning( - 'transforming region from %s to %s and setting ' + f'transforming region from {region_name} to {normalized_region_name} and setting ' 'use_fips_endpoint to true. client should not ' - 'be configured with a fips psuedo region.' % ( - region_name, normalized_region_name - ) + 'be configured with a fips psuedo region.' ) region_name = normalized_region_name return region_name, client_config - def _load_service_model(self, service_name): json_model = self._loader.load_service_model(service_name, 'service-2') service_model = ServiceModel(json_model, service_name=service_name) @@ -201,7 +223,8 @@ class ClientCreator(object): def _load_service_endpoints_ruleset(self, service_name): return self._loader.load_service_model( - service_name, 'endpoint-rule-set-1', + service_name, + 'endpoint-rule-set-1', ) def _register_retries(self, client): @@ -211,6 +234,9 @@ class ClientCreator(object): elif retry_mode == 'adaptive': self._register_v2_standard_retries(client) self._register_v2_adaptive_retries(client) + else: + return + register_feature_id(f'RETRY_MODE_{retry_mode.upper()}') def _register_v2_standard_retries(self, client): max_attempts = client.meta.config.retries.get('max_attempts') @@ -236,17 +262,22 @@ class ClientCreator(object): enabled = config.endpoint_discovery_enabled elif self._config_store: enabled = self._config_store.get_config_variable( - 'endpoint_discovery_enabled') + 'endpoint_discovery_enabled' + ) enabled = self._normalize_endpoint_discovery_config(enabled) if enabled and self._requires_endpoint_discovery(client, enabled): discover = enabled is True - manager = EndpointDiscoveryManager(client, always_discover=discover) + manager = EndpointDiscoveryManager( + client, always_discover=discover + ) handler = EndpointDiscoveryHandler(manager) handler.register(events, service_id) else: - events.register('before-parameter-build', - block_endpoint_discovery_required_operations) + events.register( + 'before-parameter-build', + block_endpoint_discovery_required_operations, + ) def _normalize_endpoint_discovery_config(self, enabled): """Config must either be a boolean-string or string-literal 'auto'""" @@ -274,7 +305,7 @@ class ClientCreator(object): EventbridgeSignerSetter( endpoint_resolver=self._endpoint_resolver, region=client.meta.region_name, - endpoint_url=endpoint_url + endpoint_url=endpoint_url, ).register(client.meta.events) def _register_s3express_events( @@ -299,26 +330,66 @@ class ClientCreator(object): return S3ControlArnParamHandlerv2().register(client.meta.events) + def _register_importexport_events( + self, + client, + endpoint_bridge=None, + endpoint_url=None, + client_config=None, + scoped_config=None, + ): + if client.meta.service_model.service_name != 'importexport': + return + self._set_importexport_signature_version( + client.meta, client_config, scoped_config + ) + + def _set_importexport_signature_version( + self, client_meta, client_config, scoped_config + ): + # This will return the manually configured signature version, or None + # if none was manually set. If a customer manually sets the signature + # version, we always want to use what they set. + configured_signature_version = _get_configured_signature_version( + 'importexport', client_config, scoped_config + ) + if configured_signature_version is not None: + return + + # importexport has a modeled signatureVersion of v2, but we + # previously switched to v4 via endpoint.json before endpoint rulesets. + # Override the model's signatureVersion for backwards compatability. + client_meta.events.register( + 'choose-signer.importexport', self._default_signer_to_sigv4 + ) + + def _default_signer_to_sigv4(self, signature_version, **kwargs): + return 'v4' + def _get_client_args( - self, - service_model, - region_name, - is_secure, - endpoint_url, - verify, - credentials, - scoped_config, - client_config, - endpoint_bridge, - auth_token, - endpoints_ruleset_data, - partition_data, + self, + service_model, + region_name, + is_secure, + endpoint_url, + verify, + credentials, + scoped_config, + client_config, + endpoint_bridge, + auth_token, + endpoints_ruleset_data, + partition_data, ): args_creator = ClientArgsCreator( - self._event_emitter, self._user_agent, - self._response_parser_factory, self._loader, - self._exceptions_factory, config_store=self._config_store, - user_agent_creator=self._user_agent_creator) + self._event_emitter, + self._user_agent, + self._response_parser_factory, + self._loader, + self._exceptions_factory, + config_store=self._config_store, + user_agent_creator=self._user_agent_creator, + ) return args_creator.get_client_args( service_model, region_name, @@ -339,7 +410,8 @@ class ClientCreator(object): for operation_name in service_model.operation_names: py_operation_name = xform_name(operation_name) op_dict[py_operation_name] = self._create_api_method( - py_operation_name, operation_name, service_model) + py_operation_name, operation_name, service_model + ) return op_dict def _create_name_mapping(self, service_model): @@ -351,15 +423,17 @@ class ClientCreator(object): mapping[py_operation_name] = operation_name return mapping - def _create_api_method(self, py_operation_name, operation_name, - service_model): + def _create_api_method( + self, py_operation_name, operation_name, service_model + ): def _api_call(self, *args, **kwargs): # We're accepting *args so that we can give a more helpful # error message than TypeError: _api_call takes exactly # 1 argument. if args: raise TypeError( - "%s() only accepts keyword arguments." % py_operation_name) + f"{py_operation_name}() only accepts keyword arguments." + ) # The "self" in this scope is referring to the BaseClient. return self._make_api_call(operation_name, kwargs) @@ -372,14 +446,23 @@ class ClientCreator(object): method_name=operation_name, event_emitter=self._event_emitter, method_description=operation_model.documentation, - example_prefix='response = client.%s' % py_operation_name, - include_signature=False + example_prefix=f'response = client.{py_operation_name}', + include_signature=False, ) _api_call.__doc__ = docstring return _api_call + def _evaluate_client_specific_token(self, signing_name): + # Resolves an auth_token for the given signing_name. + # Returns None if no resolver is set or if resolution fails. + resolver = self._auth_token_resolver + if not resolver or not signing_name: + return None + + return resolver(signing_name=signing_name) -class ClientEndpointBridge(object): + +class ClientEndpointBridge: """Bridges endpoint data and client creation This class handles taking out the relevant arguments from the endpoint @@ -393,10 +476,16 @@ class ClientEndpointBridge(object): DEFAULT_ENDPOINT = '{service}.{region}.amazonaws.com' _DUALSTACK_CUSTOMIZED_SERVICES = ['s3', 's3-control'] - def __init__(self, endpoint_resolver, scoped_config=None, - client_config=None, default_endpoint=None, - service_signing_name=None, config_store=None, - service_signature_version=None): + def __init__( + self, + endpoint_resolver, + scoped_config=None, + client_config=None, + default_endpoint=None, + service_signing_name=None, + config_store=None, + service_signature_version=None, + ): self.service_signing_name = service_signing_name self.endpoint_resolver = endpoint_resolver self.scoped_config = scoped_config @@ -405,16 +494,19 @@ class ClientEndpointBridge(object): self.config_store = config_store self.service_signature_version = service_signature_version - def resolve(self, service_name, region_name=None, endpoint_url=None, - is_secure=True): + def resolve( + self, service_name, region_name=None, endpoint_url=None, is_secure=True + ): region_name = self._check_default_region(service_name, region_name) use_dualstack_endpoint = self._resolve_use_dualstack_endpoint( - service_name) + service_name + ) use_fips_endpoint = self._resolve_endpoint_variant_config_var( 'use_fips_endpoint' ) resolved = self.endpoint_resolver.construct_endpoint( - service_name, region_name, + service_name, + region_name, use_dualstack_endpoint=use_dualstack_endpoint, use_fips_endpoint=use_fips_endpoint, ) @@ -425,17 +517,21 @@ class ClientEndpointBridge(object): # TODO: fallback partition_name should be configurable in the # future for users to define as needed. resolved = self.endpoint_resolver.construct_endpoint( - service_name, region_name, partition_name='aws', + service_name, + region_name, + partition_name='aws', use_dualstack_endpoint=use_dualstack_endpoint, use_fips_endpoint=use_fips_endpoint, ) if resolved: return self._create_endpoint( - resolved, service_name, region_name, endpoint_url, is_secure) + resolved, service_name, region_name, endpoint_url, is_secure + ) else: - return self._assume_endpoint(service_name, region_name, - endpoint_url, is_secure) + return self._assume_endpoint( + service_name, region_name, endpoint_url, is_secure + ) def resolver_uses_builtin_data(self): return self.endpoint_resolver.uses_builtin_data @@ -447,23 +543,31 @@ class ClientEndpointBridge(object): if self.client_config and self.client_config.region_name is not None: return self.client_config.region_name - def _create_endpoint(self, resolved, service_name, region_name, - endpoint_url, is_secure): + def _create_endpoint( + self, resolved, service_name, region_name, endpoint_url, is_secure + ): region_name, signing_region = self._pick_region_values( - resolved, region_name, endpoint_url) + resolved, region_name, endpoint_url + ) if endpoint_url is None: endpoint_url = self._make_url( - resolved.get('hostname'), is_secure, - resolved.get('protocols', []) + resolved.get('hostname'), + is_secure, + resolved.get('protocols', []), ) signature_version = self._resolve_signature_version( - service_name, resolved) + service_name, resolved + ) signing_name = self._resolve_signing_name(service_name, resolved) return self._create_result( - service_name=service_name, region_name=region_name, - signing_region=signing_region, signing_name=signing_name, - endpoint_url=endpoint_url, metadata=resolved, - signature_version=signature_version) + service_name=service_name, + region_name=region_name, + signing_region=signing_region, + signing_name=signing_name, + endpoint_url=endpoint_url, + metadata=resolved, + signature_version=signature_version, + ) def _resolve_endpoint_variant_config_var(self, config_var): client_config = self.client_config @@ -482,7 +586,8 @@ class ClientEndpointBridge(object): if s3_dualstack_mode is not None: return s3_dualstack_mode return self._resolve_endpoint_variant_config_var( - 'use_dualstack_endpoint') + 'use_dualstack_endpoint' + ) def _is_s3_dualstack_mode(self, service_name): if service_name not in self._DUALSTACK_CUSTOMIZED_SERVICES: @@ -492,39 +597,62 @@ class ClientEndpointBridge(object): # ClientArgsCreator. _resolve_signature_version also has similarly # duplicated logic. client_config = self.client_config - if client_config is not None and client_config.s3 is not None and \ - 'use_dualstack_endpoint' in client_config.s3: + if ( + client_config is not None + and client_config.s3 is not None + and 'use_dualstack_endpoint' in client_config.s3 + ): # Client config trumps scoped config. return client_config.s3['use_dualstack_endpoint'] if self.scoped_config is not None: enabled = self.scoped_config.get('s3', {}).get( - 'use_dualstack_endpoint') + 'use_dualstack_endpoint' + ) if enabled in [True, 'True', 'true']: return True - def _assume_endpoint(self, service_name, region_name, endpoint_url, - is_secure): + def _assume_endpoint( + self, service_name, region_name, endpoint_url, is_secure + ): if endpoint_url is None: # Expand the default hostname URI template. hostname = self.default_endpoint.format( - service=service_name, region=region_name) - endpoint_url = self._make_url(hostname, is_secure, - ['http', 'https']) - logger.debug('Assuming an endpoint for %s, %s: %s', - service_name, region_name, endpoint_url) + service=service_name, region=region_name + ) + endpoint_url = self._make_url( + hostname, is_secure, ['http', 'https'] + ) + logger.debug( + 'Assuming an endpoint for %s, %s: %s', + service_name, + region_name, + endpoint_url, + ) # We still want to allow the user to provide an explicit version. signature_version = self._resolve_signature_version( - service_name, {'signatureVersions': ['v4']}) + service_name, {'signatureVersions': ['v4']} + ) signing_name = self._resolve_signing_name(service_name, resolved={}) return self._create_result( - service_name=service_name, region_name=region_name, - signing_region=region_name, signing_name=signing_name, - signature_version=signature_version, endpoint_url=endpoint_url, - metadata={}) - - def _create_result(self, service_name, region_name, signing_region, - signing_name, endpoint_url, signature_version, - metadata): + service_name=service_name, + region_name=region_name, + signing_region=region_name, + signing_name=signing_name, + signature_version=signature_version, + endpoint_url=endpoint_url, + metadata={}, + ) + + def _create_result( + self, + service_name, + region_name, + signing_region, + signing_name, + endpoint_url, + signature_version, + metadata, + ): return { 'service_name': service_name, 'region_name': region_name, @@ -532,7 +660,7 @@ class ClientEndpointBridge(object): 'signing_name': signing_name, 'endpoint_url': endpoint_url, 'signature_version': signature_version, - 'metadata': metadata + 'metadata': metadata, } def _make_url(self, hostname, is_secure, supported_protocols): @@ -540,12 +668,14 @@ class ClientEndpointBridge(object): scheme = 'https' else: scheme = 'http' - return '%s://%s' % (scheme, hostname) + return f'{scheme}://{hostname}' def _resolve_signing_name(self, service_name, resolved): # CredentialScope overrides everything else. - if 'credentialScope' in resolved \ - and 'service' in resolved['credentialScope']: + if ( + 'credentialScope' in resolved + and 'service' in resolved['credentialScope'] + ): return resolved['credentialScope']['service'] # Use the signingName from the model if present. if self.service_signing_name: @@ -568,44 +698,48 @@ class ClientEndpointBridge(object): # custom endpoints. region_name = resolved['endpointName'] signing_region = region_name - if 'credentialScope' in resolved \ - and 'region' in resolved['credentialScope']: + if ( + 'credentialScope' in resolved + and 'region' in resolved['credentialScope'] + ): signing_region = resolved['credentialScope']['region'] return region_name, signing_region def _resolve_signature_version(self, service_name, resolved): configured_version = _get_configured_signature_version( - service_name, self.client_config, self.scoped_config) + service_name, self.client_config, self.scoped_config + ) if configured_version is not None: return configured_version - potential_versions = resolved.get('signatureVersions', []) - if ( - self.service_signature_version is not None - and self.service_signature_version - not in _LEGACY_SIGNATURE_VERSIONS - ): - # Prefer the service model as most specific - # source of truth for new signature versions. - potential_versions = [self.service_signature_version] + # These have since added the "auth" key to the service model + # with "aws.auth#sigv4", but preserve existing behavior from + # when we preferred endpoints.json over the service models + if service_name in ('s3', 's3-control'): + return 's3v4' - # Pick a signature version from the endpoint metadata if present. - if 'signatureVersions' in resolved: - if service_name == 's3': - return 's3v4' + if self.service_signature_version is not None: + # Prefer the service model + potential_versions = [self.service_signature_version] + else: + # Fall back to endpoints.json to preserve existing behavior, which + # may be useful for users who have custom service models + potential_versions = resolved.get('signatureVersions', []) + # This was added for the V2 -> V4 transition, + # for services that added V4 after V2 in endpoints.json if 'v4' in potential_versions: return 'v4' - # Now just iterate over the signature versions in order until we - # find the first one that is known to Botocore. - for known in potential_versions: - if known in AUTH_TYPE_MAPS: - return known + # Now just iterate over the signature versions in order until we + # find the first one that is known to Botocore. + for known in potential_versions: + if known in AUTH_TYPE_MAPS: + return known raise UnknownSignatureVersionError( signature_version=potential_versions ) -class BaseClient(object): +class BaseClient: # This is actually reassigned with the py->op_name mapping # when the client creator creates the subclass. This value is used # because calls such as client.get_paginator('list_objects') use the @@ -614,10 +748,21 @@ class BaseClient(object): # we need the reverse mapping here. _PY_TO_OP_NAME = {} - def __init__(self, serializer, endpoint, response_parser, - event_emitter, request_signer, service_model, loader, - client_config, partition, exceptions_factory, - endpoint_ruleset_resolver, user_agent_creator=None): + def __init__( + self, + serializer, + endpoint, + response_parser, + event_emitter, + request_signer, + service_model, + loader, + client_config, + partition, + exceptions_factory, + endpoint_ruleset_resolver, + user_agent_creator=None, + ): self._serializer = serializer self._endpoint = endpoint self._ruleset_resolver = endpoint_ruleset_resolver @@ -626,9 +771,14 @@ class BaseClient(object): self._cache = {} self._loader = loader self._client_config = client_config - self.meta = ClientMeta(event_emitter, self._client_config, - endpoint.host, service_model, - self._PY_TO_OP_NAME, partition) + self.meta = ClientMeta( + event_emitter, + self._client_config, + endpoint.host, + service_model, + self._PY_TO_OP_NAME, + partition, + ) self._exceptions_factory = exceptions_factory self._exceptions = None self._user_agent_creator = user_agent_creator @@ -641,49 +791,60 @@ class BaseClient(object): self._register_handlers() def __getattr__(self, item): - event_name = 'getattr.%s.%s' % ( - self._service_model.service_id.hyphenize(), item + event_name = ( + f'getattr.{self._service_model.service_id.hyphenize()}.{item}' ) handler, event_response = self.meta.events.emit_until_response( - event_name, client=self) + event_name, client=self + ) if event_response is not None: return event_response raise AttributeError( - "'%s' object has no attribute '%s'" % ( - self.__class__.__name__, item) + f"'{self.__class__.__name__}' object has no attribute '{item}'" ) def _register_handlers(self): # Register the handler required to sign requests. service_id = self.meta.service_model.service_id.hyphenize() self.meta.events.register( - 'request-created.%s' % service_id, - self._request_signer.handler + f'request-created.{service_id}', self._request_signer.handler + ) + # Rebuild user agent string right before request is sent + # to ensure all registered features are included. + self.meta.events.register_last( + f"request-created.{service_id}", + self._user_agent_creator.rebuild_and_replace_user_agent_handler, ) @property def _service_model(self): return self.meta.service_model + @with_current_context() def _make_api_call(self, operation_name, api_params): operation_model = self._service_model.operation_model(operation_name) service_name = self._service_model.service_name - history_recorder.record('API_CALL', { - 'service': service_name, - 'operation': operation_name, - 'params': api_params, - }) + history_recorder.record( + 'API_CALL', + { + 'service': service_name, + 'operation': operation_name, + 'params': api_params, + }, + ) if operation_model.deprecated: - logger.debug('Warning: %s.%s() is deprecated', - service_name, operation_name) + logger.debug( + 'Warning: %s.%s() is deprecated', service_name, operation_name + ) request_context = { 'client_region': self.meta.region_name, 'client_config': self.meta.config, 'has_streaming_input': operation_model.has_streaming_input, 'auth_type': operation_model.resolved_auth_type, 'unsigned_payload': operation_model.unsigned_payload, + 'auth_options': self._service_model.metadata.get('auth'), } api_params = self._emit_api_params( @@ -714,11 +875,12 @@ class BaseClient(object): service_id = self._service_model.service_id.hyphenize() handler, event_response = self.meta.events.emit_until_response( - 'before-call.{service_id}.{operation_name}'.format( - service_id=service_id, - operation_name=operation_name), - model=operation_model, params=request_dict, - request_signer=self._request_signer, context=request_context) + f'before-call.{service_id}.{operation_name}', + model=operation_model, + params=request_dict, + request_signer=self._request_signer, + context=request_context, + ) if event_response is not None: http, parsed_response = event_response @@ -728,14 +890,15 @@ class BaseClient(object): ) apply_request_checksum(request_dict) http, parsed_response = self._make_request( - operation_model, request_dict, request_context) + operation_model, request_dict, request_context + ) self.meta.events.emit( - 'after-call.{service_id}.{operation_name}'.format( - service_id=service_id, - operation_name=operation_name), - http_response=http, parsed=parsed_response, - model=operation_model, context=request_context + f'after-call.{service_id}.{operation_name}', + http_response=http, + parsed=parsed_response, + model=operation_model, + context=request_context, ) if http.status_code >= 300: @@ -750,24 +913,24 @@ class BaseClient(object): return self._endpoint.make_request(operation_model, request_dict) except Exception as e: self.meta.events.emit( - 'after-call-error.{service_id}.{operation_name}'.format( - service_id=self._service_model.service_id.hyphenize(), - operation_name=operation_model.name), - exception=e, context=request_context + f'after-call-error.{self._service_model.service_id.hyphenize()}.{operation_model.name}', + exception=e, + context=request_context, ) raise def _convert_to_request_dict( - self, - api_params, - operation_model, - endpoint_url, - context=None, - headers=None, - set_user_agent_header=True, + self, + api_params, + operation_model, + endpoint_url, + context=None, + headers=None, + set_user_agent_header=True, ): request_dict = self._serializer.serialize_to_request( - api_params, operation_model) + api_params, operation_model + ) if not self._client_config.inject_host_prefix: request_dict.pop('host_prefix', None) if headers is not None: @@ -794,19 +957,22 @@ class BaseClient(object): # parameters or return a new set of parameters to use. service_id = self._service_model.service_id.hyphenize() responses = self.meta.events.emit( - 'provide-client-params.{service_id}.{operation_name}'.format( - service_id=service_id, - operation_name=operation_name), - params=api_params, model=operation_model, context=context) + f'provide-client-params.{service_id}.{operation_name}', + params=api_params, + model=operation_model, + context=context, + ) api_params = first_non_none_response(responses, default=api_params) - event_name = ( - 'before-parameter-build.{service_id}.{operation_name}') + event_name = 'before-parameter-build.{service_id}.{operation_name}' self.meta.events.emit( event_name.format( - service_id=service_id, - operation_name=operation_name), - params=api_params, model=operation_model, context=context) + service_id=service_id, operation_name=operation_name + ), + params=api_params, + model=operation_model, + context=context, + ) return api_params def _resolve_endpoint_ruleset( @@ -892,30 +1058,35 @@ class BaseClient(object): return Paginator.paginate(self, **kwargs) paginator_config = self._cache['page_config'][ - actual_operation_name] + actual_operation_name + ] # Add the docstring for the paginate method. paginate.__doc__ = PaginatorDocstring( paginator_name=actual_operation_name, event_emitter=self.meta.events, service_model=self.meta.service_model, paginator_config=paginator_config, - include_signature=False + include_signature=False, ) # Rename the paginator class based on the type of paginator. - paginator_class_name = str('%s.Paginator.%s' % ( - get_service_module_name(self.meta.service_model), - actual_operation_name)) + paginator_class_name = str( + f'{get_service_module_name(self.meta.service_model)}.Paginator.{actual_operation_name}' + ) # Create the new paginator class documented_paginator_cls = type( - paginator_class_name, (Paginator,), {'paginate': paginate}) + paginator_class_name, (Paginator,), {'paginate': paginate} + ) - operation_model = self._service_model.operation_model(actual_operation_name) + operation_model = self._service_model.operation_model( + actual_operation_name + ) paginator = documented_paginator_cls( getattr(self, operation_name), paginator_config, - operation_model) + operation_model, + ) return paginator def can_paginate(self, operation_name): @@ -936,8 +1107,8 @@ class BaseClient(object): if 'page_config' not in self._cache: try: page_config = self._loader.load_service_model( - self._service_model.service_name, - 'paginators-1')['pagination'] + self._service_model.service_name, 'paginators-1' + )['pagination'] self._cache['page_config'] = page_config except DataNotFoundError: self._cache['page_config'] = {} @@ -948,8 +1119,8 @@ class BaseClient(object): if 'waiter_config' not in self._cache: try: waiter_config = self._loader.load_service_model( - self._service_model.service_name, - 'waiters-2') + self._service_model.service_name, 'waiters-2' + ) self._cache['waiter_config'] = waiter_config except DataNotFoundError: self._cache['waiter_config'] = {} @@ -967,16 +1138,17 @@ class BaseClient(object): """ config = self._get_waiter_config() if not config: - raise ValueError("Waiter does not exist: %s" % waiter_name) + raise ValueError(f"Waiter does not exist: {waiter_name}") model = waiter.WaiterModel(config) mapping = {} for name in model.waiter_names: mapping[xform_name(name)] = name if waiter_name not in mapping: - raise ValueError("Waiter does not exist: %s" % waiter_name) + raise ValueError(f"Waiter does not exist: {waiter_name}") return waiter.create_waiter_with_client( - mapping[waiter_name], model, self) + mapping[waiter_name], model, self + ) @CachedProperty def waiter_names(self): @@ -997,10 +1169,11 @@ class BaseClient(object): def _load_exceptions(self): return self._exceptions_factory.create_client_exceptions( - self._service_model) + self._service_model + ) -class ClientMeta(object): +class ClientMeta: """Holds additional client methods. This class holds additional information for clients. It exists for @@ -1013,8 +1186,15 @@ class ClientMeta(object): """ - def __init__(self, events, client_config, endpoint_url, service_model, - method_to_api_mapping, partition): + def __init__( + self, + events, + client_config, + endpoint_url, + service_model, + method_to_api_mapping, + partition, + ): self.events = events self._client_config = client_config self._endpoint_url = endpoint_url @@ -1047,8 +1227,9 @@ class ClientMeta(object): return self._partition -def _get_configured_signature_version(service_name, client_config, - scoped_config): +def _get_configured_signature_version( + service_name, client_config, scoped_config +): """ Gets the manually configured signature version. @@ -1070,6 +1251,8 @@ def _get_configured_signature_version(se logger.debug( "Switching signature version for service %s " "to version %s based on config file override.", - service_name, version) + service_name, + version, + ) return version return None diff -pruN 2.23.6-1/awscli/botocore/compress.py 2.31.35-1/awscli/botocore/compress.py --- 2.23.6-1/awscli/botocore/compress.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/compress.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,6 +22,7 @@ from gzip import GzipFile from gzip import compress as gzip_compress from botocore.compat import urlencode +from botocore.useragent import register_feature_id from botocore.utils import determine_content_length logger = logging.getLogger(__name__) @@ -88,6 +89,7 @@ def _get_body_size(body): def _gzip_compress_body(body): + register_feature_id('GZIP_REQUEST_COMPRESSION') if isinstance(body, str): return gzip_compress(body.encode('utf-8')) elif isinstance(body, (bytes, bytearray)): diff -pruN 2.23.6-1/awscli/botocore/config.py 2.31.35-1/awscli/botocore/config.py --- 2.23.6-1/awscli/botocore/config.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/config.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,7 +22,7 @@ from botocore.exceptions import ( ) -class Config(object): +class Config: """Advanced configuration for Botocore clients. :type region_name: str @@ -151,11 +151,14 @@ class Config(object): :type inject_host_prefix: bool :param inject_host_prefix: Whether host prefix injection should occur. - Defaults to True. + Defaults to None. + The default of None is equivalent to setting to True, which enables + the injection of operation parameters into the prefix of the hostname. Setting this to False disables the injection of operation parameters - into the prefix of the hostname. This is useful for clients providing - custom endpoints that should not have their host prefix modified. + into the prefix of the hostname. Setting this to False is useful for + clients providing custom endpoints that should not have their host + prefix modified. :type use_dualstack_endpoint: bool :param use_dualstack_endpoint: Setting to True enables dualstack @@ -225,37 +228,87 @@ class Config(object): supported and the ``requestValidationModeMember`` member is set to ``ENABLED``. Defaults to None. + + :type account_id_endpoint_mode: str + :param account_id_endpoint_mode: The value used to determine the client's + behavior for account ID based endpoint routing. Valid values are: + + * ``preferred`` - The endpoint should include account ID if available. + * ``disabled`` - A resolved endpoint does not include account ID. + * ``required`` - The endpoint must include account ID. If the account ID + isn't available, an exception will be raised. + + If a value is not provided, the client will default to ``preferred``. + + Defaults to None. + + :type auth_scheme_preference: str + :param auth_scheme_preference: A comma-delimited string of case-sensitive + auth scheme names used to determine the client's auth scheme preference. + + Defaults to None. """ - OPTION_DEFAULTS = OrderedDict([ - ('region_name', None), - ('signature_version', None), - ('user_agent', None), - ('user_agent_extra', None), - ('user_agent_appid', None), - ('connect_timeout', DEFAULT_TIMEOUT), - ('read_timeout', DEFAULT_TIMEOUT), - ('parameter_validation', True), - ('max_pool_connections', MAX_POOL_CONNECTIONS), - ('proxies', None), - ('proxies_config', None), - ('s3', None), - ('retries', None), - ('client_cert', None), - ('inject_host_prefix', True), - ('endpoint_discovery_enabled', None), - ('use_dualstack_endpoint', None), - ('use_fips_endpoint', None), - ('ignore_configured_endpoint_urls', None), - ('request_min_compression_size_bytes', None), - ('disable_request_compression', None), - ('sigv4a_signing_region_set', None), - ('request_checksum_calculation', None), - ('response_checksum_validation', None), - ]) + + OPTION_DEFAULTS = OrderedDict( + [ + ('region_name', None), + ('signature_version', None), + ('user_agent', None), + ('user_agent_extra', None), + ('user_agent_appid', None), + ('connect_timeout', DEFAULT_TIMEOUT), + ('read_timeout', DEFAULT_TIMEOUT), + ('parameter_validation', True), + ('max_pool_connections', MAX_POOL_CONNECTIONS), + ('proxies', None), + ('proxies_config', None), + ('s3', None), + ('retries', None), + ('client_cert', None), + ('inject_host_prefix', None), + ('endpoint_discovery_enabled', None), + ('use_dualstack_endpoint', None), + ('use_fips_endpoint', None), + ('ignore_configured_endpoint_urls', None), + ('request_min_compression_size_bytes', None), + ('disable_request_compression', None), + ('sigv4a_signing_region_set', None), + ('request_checksum_calculation', None), + ('response_checksum_validation', None), + ('account_id_endpoint_mode', None), + ('auth_scheme_preference', None), + ] + ) + + # The original default value of the inject_host_prefix parameter was True. + # This prevented the ability to override the value from other locations in + # the parameter provider chain, like env vars or the shared configuration + # file. TO accomplish this, we need to disambiguate when the value was set + # by the user or not. This overrides the parameter with a property so the + # default value of inject_host_prefix is still True if it is not set by the + # user. + @property + def inject_host_prefix(self): + if self._inject_host_prefix == "UNSET": + return True + + return self._inject_host_prefix + + # Override the setter for the case where the user does supply a value; + # _inject_host_prefix will no longer be "UNSET". + @inject_host_prefix.setter + def inject_host_prefix(self, value): + self._inject_host_prefix = value def __init__(self, *args, **kwargs): self._user_provided_options = self._record_user_provided_options( - args, kwargs) + args, kwargs + ) + + # By default, we use a value that indicates the user did not + # set it. This value MUST persist on the Config object to be used + # elsewhere. + self._inject_host_prefix = 'UNSET' # Merge the user_provided options onto the default options config_vars = copy.copy(self.OPTION_DEFAULTS) @@ -263,6 +316,15 @@ class Config(object): # Set the attributes based on the config_vars for key, value in config_vars.items(): + # Default values for the Config object are set here. We don't want + # to use `setattr` in the case where the user already supplied a + # value. + if ( + key == 'inject_host_prefix' + and 'inject_host_prefix' + not in self._user_provided_options.keys() + ): + continue setattr(self, key, value) # Validate the s3 options @@ -281,15 +343,14 @@ class Config(object): user_provided_options[key] = value # The key must exist in the available options else: - raise TypeError( - 'Got unexpected keyword argument \'%s\'' % key) + raise TypeError(f'Got unexpected keyword argument \'{key}\'') # The number of args should not be longer than the allowed # options if len(args) > len(option_order): raise TypeError( - 'Takes at most %s arguments (%s given)' % ( - len(option_order), len(args))) + f'Takes at most {len(option_order)} arguments ({len(args)} given)' + ) # Iterate through the args passed through to the constructor and map # them to appropriate keys. @@ -297,8 +358,8 @@ class Config(object): # If it a kwarg was specified for the arg, then error out if option_order[i] in user_provided_options: raise TypeError( - 'Got multiple values for keyword argument \'%s\'' % ( - option_order[i])) + f'Got multiple values for keyword argument \'{option_order[i]}\'' + ) user_provided_options[option_order[i]] = arg return user_provided_options @@ -308,22 +369,22 @@ class Config(object): addressing_style = s3.get('addressing_style') if addressing_style not in ['virtual', 'auto', 'path', None]: raise InvalidS3AddressingStyleError( - s3_addressing_style=addressing_style) + s3_addressing_style=addressing_style + ) def _validate_retry_configuration(self, retries): if retries is not None: for key, value in retries.items(): if key not in ['max_attempts', 'mode']: raise InvalidRetryConfigurationError( - retry_config_option=key) + retry_config_option=key + ) if key == 'max_attempts' and value < 1: raise InvalidMaxRetryAttemptsError( provided_max_attempts=value ) if key == 'mode' and value not in ['standard', 'adaptive']: - raise InvalidRetryModeError( - provided_retry_mode=value - ) + raise InvalidRetryModeError(provided_retry_mode=value) def merge(self, other_config): """Merges the config object with another config object diff -pruN 2.23.6-1/awscli/botocore/configloader.py 2.31.35-1/awscli/botocore/configloader.py --- 2.23.6-1/awscli/botocore/configloader.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/configloader.py 2025-11-12 19:17:29.000000000 +0000 @@ -148,7 +148,8 @@ def raw_config_parse(config_filename, pa cp.read([path]) except (configparser.Error, UnicodeDecodeError): raise botocore.exceptions.ConfigParseError( - path=_unicode_path(path)) + path=_unicode_path(path) + ) else: for section in cp.sections(): config[section] = {} @@ -162,7 +163,8 @@ def raw_config_parse(config_filename, pa config_value = _parse_nested(config_value) except ValueError: raise botocore.exceptions.ConfigParseError( - path=_unicode_path(path)) + path=_unicode_path(path) + ) config[section][option] = config_value return config diff -pruN 2.23.6-1/awscli/botocore/configprovider.py 2.31.35-1/awscli/botocore/configprovider.py --- 2.23.6-1/awscli/botocore/configprovider.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/configprovider.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,7 @@ """This module contains the interface for controlling how configuration is loaded. """ + import copy import logging import os @@ -54,31 +55,42 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = { 'data_path': ('data_path', 'AWS_DATA_PATH', None, None), 'config_file': (None, 'AWS_CONFIG_FILE', '~/.aws/config', None), 'ca_bundle': ('ca_bundle', 'AWS_CA_BUNDLE', None, None), - # This is the shared credentials file amongst sdks. - 'credentials_file': (None, 'AWS_SHARED_CREDENTIALS_FILE', - '~/.aws/credentials', None), - + 'credentials_file': ( + None, + 'AWS_SHARED_CREDENTIALS_FILE', + '~/.aws/credentials', + None, + ), # These variables only exist in the config file. - # This is the number of seconds until we time out a request to # the instance metadata service. 'metadata_service_timeout': ( 'metadata_service_timeout', - 'AWS_METADATA_SERVICE_TIMEOUT', 1, int), + 'AWS_METADATA_SERVICE_TIMEOUT', + 1, + int, + ), # This is the number of request attempts we make until we give # up trying to retrieve data from the instance metadata service. 'metadata_service_num_attempts': ( 'metadata_service_num_attempts', - 'AWS_METADATA_SERVICE_NUM_ATTEMPTS', 1, int), + 'AWS_METADATA_SERVICE_NUM_ATTEMPTS', + 1, + int, + ), 'ec2_metadata_service_endpoint': ( 'ec2_metadata_service_endpoint', 'AWS_EC2_METADATA_SERVICE_ENDPOINT', - None, None), + None, + None, + ), 'ec2_metadata_service_endpoint_mode': ( 'ec2_metadata_service_endpoint_mode', 'AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE', - None, None), + None, + None, + ), 'ec2_metadata_v1_disabled': ( 'ec2_metadata_v1_disabled', 'AWS_EC2_METADATA_V1_DISABLED', @@ -88,15 +100,21 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = { 'imds_use_ipv6': ( 'imds_use_ipv6', 'AWS_IMDS_USE_IPV6', - False, utils.ensure_boolean), + False, + utils.ensure_boolean, + ), 'use_dualstack_endpoint': ( 'use_dualstack_endpoint', 'AWS_USE_DUALSTACK_ENDPOINT', - None, utils.ensure_boolean), + None, + utils.ensure_boolean, + ), 'use_fips_endpoint': ( 'use_fips_endpoint', 'AWS_USE_FIPS_ENDPOINT', - None, utils.ensure_boolean), + None, + utils.ensure_boolean, + ), 'ignore_configured_endpoint_urls': ( 'ignore_configured_endpoint_urls', 'AWS_IGNORE_CONFIGURED_ENDPOINT_URLS', @@ -108,14 +126,21 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = { # Note: These configurations are considered internal to botocore. # Do not use them until publicly documented. 'csm_enabled': ( - 'csm_enabled', 'AWS_CSM_ENABLED', False, utils.ensure_boolean), + 'csm_enabled', + 'AWS_CSM_ENABLED', + False, + utils.ensure_boolean, + ), 'csm_host': ('csm_host', 'AWS_CSM_HOST', '127.0.0.1', None), 'csm_port': ('csm_port', 'AWS_CSM_PORT', 31000, int), 'csm_client_id': ('csm_client_id', 'AWS_CSM_CLIENT_ID', '', None), # Endpoint discovery configuration 'endpoint_discovery_enabled': ( - 'endpoint_discovery_enabled', 'AWS_ENDPOINT_DISCOVERY_ENABLED', - 'auto', None), + 'endpoint_discovery_enabled', + 'AWS_ENDPOINT_DISCOVERY_ENABLED', + 'auto', + None, + ), 'retry_mode': ('retry_mode', 'AWS_RETRY_MODE', 'standard', None), 'max_attempts': ('max_attempts', 'AWS_MAX_ATTEMPTS', 3, int), 'user_agent_appid': ('sdk_ua_app_id', 'AWS_SDK_UA_APP_ID', None, None), @@ -149,30 +174,59 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = { "when_supported", None, ), + 'account_id_endpoint_mode': ( + 'account_id_endpoint_mode', + 'AWS_ACCOUNT_ID_ENDPOINT_MODE', + 'preferred', + None, + ), + 'disable_host_prefix_injection': ( + 'disable_host_prefix_injection', + 'AWS_DISABLE_HOST_PREFIX_INJECTION', + None, + utils.ensure_boolean, + ), + 'auth_scheme_preference': ( + 'auth_scheme_preference', + 'AWS_AUTH_SCHEME_PREFERENCE', + None, + None, + ), } # A mapping for the s3 specific configuration vars. These are the configuration # vars that typically go in the s3 section of the config file. This mapping # follows the same schema as the previous session variable mapping. DEFAULT_S3_CONFIG_VARS = { - 'addressing_style': ( - ('s3', 'addressing_style'), None, None, None), + 'addressing_style': (('s3', 'addressing_style'), None, None, None), 'use_accelerate_endpoint': ( - ('s3', 'use_accelerate_endpoint'), None, None, utils.ensure_boolean + ('s3', 'use_accelerate_endpoint'), + None, + None, + utils.ensure_boolean, ), 'use_dualstack_endpoint': ( - ('s3', 'use_dualstack_endpoint'), None, None, utils.ensure_boolean + ('s3', 'use_dualstack_endpoint'), + None, + None, + utils.ensure_boolean, ), 'payload_signing_enabled': ( - ('s3', 'payload_signing_enabled'), None, None, utils.ensure_boolean + ('s3', 'payload_signing_enabled'), + None, + None, + utils.ensure_boolean, ), 'use_arn_region': ( - ['s3_use_arn_region', - ('s3', 'use_arn_region')], - 'AWS_S3_USE_ARN_REGION', None, utils.ensure_boolean + ['s3_use_arn_region', ('s3', 'use_arn_region')], + 'AWS_S3_USE_ARN_REGION', + None, + utils.ensure_boolean, ), 's3_disable_multiregion_access_points': ( ('s3', 's3_disable_multiregion_access_points'), - 'AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS', None, utils.ensure_boolean + 'AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS', + None, + utils.ensure_boolean, ), } # A mapping for the proxy specific configuration vars. These are @@ -182,20 +236,30 @@ DEFAULT_PROXIES_CONFIG_VARS = { 'proxy_ca_bundle': ('proxy_ca_bundle', None, None, None), 'proxy_client_cert': ('proxy_client_cert', None, None, None), 'proxy_use_forwarding_for_https': ( - 'proxy_use_forwarding_for_https', None, None, utils.normalize_boolean), + 'proxy_use_forwarding_for_https', + None, + None, + utils.normalize_boolean, + ), } + def create_botocore_default_config_mapping(session): chain_builder = ConfigChainFactory(session=session) config_mapping = _create_config_chain_mapping( - chain_builder, BOTOCORE_DEFAUT_SESSION_VARIABLES) + chain_builder, BOTOCORE_DEFAUT_SESSION_VARIABLES + ) config_mapping['s3'] = SectionConfigProvider( - 's3', session, _create_config_chain_mapping( - chain_builder, DEFAULT_S3_CONFIG_VARS) + 's3', + session, + _create_config_chain_mapping(chain_builder, DEFAULT_S3_CONFIG_VARS), ) config_mapping['proxies_config'] = SectionConfigProvider( - 'proxies_config', session, _create_config_chain_mapping( - chain_builder, DEFAULT_PROXIES_CONFIG_VARS) + 'proxies_config', + session, + _create_config_chain_mapping( + chain_builder, DEFAULT_PROXIES_CONFIG_VARS + ), ) return config_mapping @@ -208,18 +272,19 @@ def _create_config_chain_mapping(chain_b env_var_names=config[1], config_property_names=config[0], default=config[2], - conversion_func=config[3] + conversion_func=config[3], ) return mapping -class ConfigChainFactory(object): +class ConfigChainFactory: """Factory class to create our most common configuration chain case. This is a convenience class to construct configuration chains that follow our most common pattern. This is to prevent ordering them incorrectly, and to make the config chain construction more readable. """ + def __init__(self, session, environ=None): """Initialize a ConfigChainFactory. @@ -236,9 +301,14 @@ class ConfigChainFactory(object): environ = os.environ self._environ = environ - def create_config_chain(self, instance_name=None, env_var_names=None, - config_property_names=None, default=None, - conversion_func=None): + def create_config_chain( + self, + instance_name=None, + env_var_names=None, + config_property_names=None, + default=None, + conversion_func=None, + ): """Build a config chain following the standard botocore pattern. In botocore most of our config chains follow the the precendence: @@ -280,8 +350,7 @@ class ConfigChainFactory(object): if instance_name is not None: providers.append( InstanceVarProvider( - instance_var=instance_name, - session=self._session + instance_var=instance_name, session=self._session ) ) if env_var_names is not None: @@ -322,8 +391,9 @@ class ConfigChainFactory(object): return scoped_config_providers -class ConfigValueStore(object): +class ConfigValueStore: """The ConfigValueStore object stores configuration values.""" + def __init__(self, mapping=None): """Initialize a ConfigValueStore. @@ -441,12 +511,13 @@ class ConfigValueStore(object): self._mapping[logical_name] = provider -class BaseProvider(object): +class BaseProvider: """Base class for configuration value providers. A configuration provider has some method of providing a configuration value. """ + def provide(self): """Provide a config value.""" raise NotImplementedError('provide') @@ -458,6 +529,7 @@ class ChainProvider(BaseProvider): Each provider in the chain is called, the first one returning a non-None value is then returned. """ + def __init__(self, providers=None, conversion_func=None): """Initalize a ChainProvider. @@ -494,11 +566,12 @@ class ChainProvider(BaseProvider): return value def __repr__(self): - return '[%s]' % ', '.join([str(p) for p in self._providers]) + return '[{}]'.format(', '.join([str(p) for p in self._providers])) class InstanceVarProvider(BaseProvider): """This class loads config values from the session instance vars.""" + def __init__(self, instance_var, session): """Initialize InstanceVarProvider. @@ -519,10 +592,7 @@ class InstanceVarProvider(BaseProvider): return value def __repr__(self): - return 'InstanceVarProvider(instance_var=%s, session=%s)' % ( - self._instance_var, - self._session, - ) + return f'InstanceVarProvider(instance_var={self._instance_var}, session={self._session})' class ScopedConfigProvider(BaseProvider): @@ -553,14 +623,12 @@ class ScopedConfigProvider(BaseProvider) return scoped_config.get(self._config_var_name) def __repr__(self): - return 'ScopedConfigProvider(config_var_name=%s, session=%s)' % ( - self._config_var_name, - self._session, - ) + return f'ScopedConfigProvider(config_var_name={self._config_var_name}, session={self._session})' class EnvironmentProvider(BaseProvider): """This class loads config values from environment variables.""" + def __init__(self, name, env): """Initialize with the keys in the dictionary to check. @@ -580,7 +648,7 @@ class EnvironmentProvider(BaseProvider): return None def __repr__(self): - return 'EnvironmentProvider(name=%s, env=%s)' % (self._name, self._env) + return f'EnvironmentProvider(name={self._name}, env={self._env})' class SectionConfigProvider(BaseProvider): @@ -589,11 +657,13 @@ class SectionConfigProvider(BaseProvider This is useful for retrieving scoped config variables (i.e. s3) that have their own set of config variables and resolving logic. """ + def __init__(self, section_name, session, override_providers=None): self._section_name = section_name self._session = session self._scoped_config_provider = ScopedConfigProvider( - self._section_name, self._session) + self._section_name, self._session + ) self._override_providers = override_providers if self._override_providers is None: self._override_providers = {} @@ -601,9 +671,12 @@ class SectionConfigProvider(BaseProvider def provide(self): section_config = self._scoped_config_provider.provide() if section_config and not isinstance(section_config, dict): - logger.debug("The %s config key is not a dictionary type, " - "ignoring its value of: %s", self._section_name, - section_config) + logger.debug( + "The %s config key is not a dictionary type, " + "ignoring its value of: %s", + self._section_name, + section_config, + ) return None for section_config_var, provider in self._override_providers.items(): provider_val = provider.provide() @@ -615,16 +688,14 @@ class SectionConfigProvider(BaseProvider def __repr__(self): return ( - 'SectionConfigProvider(section_name=%s, ' - 'session=%s, override_providers=%s)' % ( - self._section_name, self._session, - self._override_providers, - ) + f'SectionConfigProvider(section_name={self._section_name}, ' + f'session={self._session}, override_providers={self._override_providers})' ) class ConstantProvider(BaseProvider): """This provider provides a constant value.""" + def __init__(self, value): self._value = value @@ -633,7 +704,7 @@ class ConstantProvider(BaseProvider): return self._value def __repr__(self): - return 'ConstantProvider(value=%s)' % self._value + return f'ConstantProvider(value={self._value})' class ConfiguredEndpointProvider(BaseProvider): diff -pruN 2.23.6-1/awscli/botocore/context.py 2.31.35-1/awscli/botocore/context.py --- 2.23.6-1/awscli/botocore/context.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/context.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,128 @@ +# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +""" +NOTE: All classes and functions in this module are considered private and are +subject to abrupt breaking changes. Please do not use them directly. +""" + +from contextlib import contextmanager +from contextvars import ContextVar +from copy import deepcopy +from dataclasses import dataclass, field +from functools import wraps +from typing import Set + + +@dataclass +class ClientContext: + """ + Encapsulation of objects tracked within the ``_context`` context variable. + + ``features`` is a set responsible for storing features used during + preparation of an AWS request. ``botocore.useragent.register_feature_id`` + is used to add to this set. + """ + + features: Set[str] = field(default_factory=set) + + +_context = ContextVar("_context") + + +def get_context(): + """Get the current ``_context`` context variable if set, else None.""" + return _context.get(None) + + +def set_context(ctx): + """Set the current ``_context`` context variable. + + :type ctx: ClientContext + :param ctx: Client context object to set as the current context variable. + + :rtype: contextvars.Token + :returns: Token object used to revert the context variable to what it was + before the corresponding set. + """ + token = _context.set(ctx) + return token + + +def reset_context(token): + """Reset the current ``_context`` context variable. + + :type token: contextvars.Token + :param token: Token object to reset the context variable. + """ + _context.reset(token) + + +@contextmanager +def start_as_current_context(ctx=None): + """ + Context manager that copies the passed or current context object and sets + it as the current context variable. If no context is found, a new + ``ClientContext`` object is created. It mainly ensures the context variable + is reset to the previous value once the executed code returns. + + Example usage: + + def my_feature(): + with start_as_current_context(): + register_feature_id('MY_FEATURE') + pass + + :type ctx: ClientContext + :param ctx: The client context object to set as the new context variable. + If not provided, the current or a new context variable is used. + """ + current = ctx or get_context() + if current is None: + new = ClientContext() + else: + new = deepcopy(current) + token = set_context(new) + try: + yield + finally: + reset_context(token) + + +def with_current_context(hook=None): + """ + Decorator that wraps ``start_as_current_context`` and optionally invokes a + hook within the newly-set context. This is just syntactic sugar to avoid + indenting existing code under the context manager. + + Example usage: + + @with_current_context(partial(register_feature_id, 'MY_FEATURE')) + def my_feature(): + pass + + :type hook: callable + :param hook: A callable that will be invoked within the scope of the + ``start_as_current_context`` context manager. + """ + + def decorator(func): + @wraps(func) + def wrapper(*args, **kwargs): + with start_as_current_context(): + if hook: + hook() + return func(*args, **kwargs) + + return wrapper + + return decorator diff -pruN 2.23.6-1/awscli/botocore/credentials.py 2.31.35-1/awscli/botocore/credentials.py --- 2.23.6-1/awscli/botocore/credentials.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/credentials.py 2025-11-12 19:17:29.000000000 +0000 @@ -25,6 +25,7 @@ from hashlib import sha1 import botocore.compat import botocore.configloader +import dateutil.parser from botocore import UNSIGNED from botocore.compat import compat_shell_split, total_seconds from botocore.config import Config @@ -40,7 +41,9 @@ from botocore.exceptions import ( UnknownCredentialError, ) from botocore.tokens import SSOTokenProvider +from botocore.useragent import register_feature_id, register_feature_ids from botocore.utils import ( + ArnParser, ContainerMetadataFetcher, FileWebIdentityTokenLoader, InstanceMetadataFetcher, @@ -54,8 +57,11 @@ from dateutil.parser import parse from dateutil.tz import tzlocal, tzutc logger = logging.getLogger(__name__) -ReadOnlyCredentials = namedtuple('ReadOnlyCredentials', - ['access_key', 'secret_key', 'token']) +ReadOnlyCredentials = namedtuple( + 'ReadOnlyCredentials', + ['access_key', 'secret_key', 'token', 'account_id'], + defaults=(None,), +) _DEFAULT_MANDATORY_REFRESH_TIMEOUT = 10 * 60 # 10 min _DEFAULT_ADVISORY_REFRESH_TIMEOUT = 15 * 60 # 15 min @@ -76,9 +82,11 @@ def create_credential_resolver(session, imds_config = { 'ec2_metadata_service_endpoint': session.get_config_variable( - 'ec2_metadata_service_endpoint'), + 'ec2_metadata_service_endpoint' + ), 'ec2_metadata_service_endpoint_mode': resolve_imds_endpoint_mode( - session), + session + ), 'ec2_credential_refresh_window': _DEFAULT_ADVISORY_REFRESH_TIMEOUT, 'ec2_metadata_v1_disabled': session.get_config_variable( 'ec2_metadata_v1_disabled' @@ -95,19 +103,21 @@ def create_credential_resolver(session, timeout=metadata_timeout, num_attempts=num_attempts, user_agent=session.user_agent(truncate=True), - config=imds_config) + config=imds_config, + ) ) profile_provider_builder = ProfileProviderBuilder( - session, cache=cache, region_name=region_name) + session, cache=cache, region_name=region_name + ) assume_role_provider = AssumeRoleProvider( load_config=lambda: session.full_config, client_creator=_get_client_creator(session, region_name), cache=cache, profile_name=profile_name, - credential_sourcer=CanonicalNameCredentialSourcer([ - env_provider, container_provider, instance_metadata_provider - ]), + credential_sourcer=CanonicalNameCredentialSourcer( + [env_provider, container_provider, instance_metadata_provider] + ), profile_provider_builder=profile_provider_builder, ) @@ -144,14 +154,16 @@ def create_credential_resolver(session, # EnvProvider does not return credentials, which is what we want # in this scenario. providers.remove(env_provider) - logger.debug('Skipping environment variable credential check' - ' because profile name was explicitly set.') + logger.debug( + 'Skipping environment variable credential check' + ' because profile name was explicitly set.' + ) resolver = CredentialResolver(providers=providers) return resolver -class ProfileProviderBuilder(object): +class ProfileProviderBuilder: """This class handles the creation of profile based providers. NOTE: This class is only intended for internal use. @@ -161,8 +173,10 @@ class ProfileProviderBuilder(object): This is needed to enable sharing between the default credential chain and the source profile chain created by the assume role provider. """ - def __init__(self, session, cache=None, region_name=None, - sso_token_cache=None): + + def __init__( + self, session, cache=None, region_name=None, sso_token_cache=None + ): self._session = session self._cache = cache self._region_name = region_name @@ -171,7 +185,8 @@ class ProfileProviderBuilder(object): def providers(self, profile_name, disable_env_vars=False): return [ self._create_web_identity_provider( - profile_name, disable_env_vars, + profile_name, + disable_env_vars, ), self._create_sso_provider(profile_name), self._create_shared_credential_provider(profile_name), @@ -203,7 +218,8 @@ class ProfileProviderBuilder(object): return AssumeRoleWithWebIdentityProvider( load_config=lambda: self._session.full_config, client_creator=_get_client_creator( - self._session, self._region_name), + self._session, self._region_name + ), cache=self._cache, profile_name=profile_name, disable_env_vars=disable_env_vars, @@ -249,9 +265,7 @@ def _serialize_if_needed(value, iso=Fals def _get_client_creator(session, region_name): def client_creator(service_name, **kwargs): - create_client_kwargs = { - 'region_name': region_name - } + create_client_kwargs = {'region_name': region_name} create_client_kwargs.update(**kwargs) return session.create_client(service_name, **create_client_kwargs) @@ -270,12 +284,12 @@ def create_assume_role_refresher(client, 'token': credentials['SessionToken'], 'expiry_time': _serialize_if_needed(credentials['Expiration']), } + return refresh def create_mfa_serial_refresher(actual_refresh): - - class _Refresher(object): + class _Refresher: def __init__(self, refresh): self._refresh = refresh self._has_been_called = False @@ -292,7 +306,7 @@ def create_mfa_serial_refresher(actual_r return _Refresher(actual_refresh) -class Credentials(object): +class Credentials: """ Holds the credentials needed to authenticate requests. @@ -301,10 +315,12 @@ class Credentials(object): :param str token: The security token, valid only for session credentials. :param str method: A string which identifies where the credentials were found. + :param str account_id: (optional) An account ID associated with the credentials. """ - def __init__(self, access_key, secret_key, token=None, - method=None): + def __init__( + self, access_key, secret_key, token=None, method=None, account_id=None + ): self.access_key = access_key self.secret_key = secret_key self.token = token @@ -312,6 +328,7 @@ class Credentials(object): if method is None: method = 'explicit' self.method = method + self.account_id = account_id self._normalize() @@ -326,9 +343,15 @@ class Credentials(object): self.secret_key = botocore.compat.ensure_unicode(self.secret_key) def get_frozen_credentials(self): - return ReadOnlyCredentials(self.access_key, - self.secret_key, - self.token) + return ReadOnlyCredentials( + self.access_key, self.secret_key, self.token, self.account_id + ) + + def get_deferred_property(self, property_name): + def get_property(): + return getattr(self, property_name, None) + + return get_property class RefreshableCredentials(Credentials): @@ -344,6 +367,7 @@ class RefreshableCredentials(Credentials were found. :param function time_fetcher: Callback function to retrieve current time. """ + # The time at which we'll attempt to refresh, but not # block if someone else is refreshing. _advisory_refresh_timeout = _DEFAULT_ADVISORY_REFRESH_TIMEOUT @@ -351,20 +375,31 @@ class RefreshableCredentials(Credentials # refreshed credentials. _mandatory_refresh_timeout = _DEFAULT_MANDATORY_REFRESH_TIMEOUT - def __init__(self, access_key, secret_key, token, - expiry_time, refresh_using, method, - time_fetcher=_local_now, - advisory_timeout=None, mandatory_timeout=None): + def __init__( + self, + access_key, + secret_key, + token, + expiry_time, + refresh_using, + method, + time_fetcher=_local_now, + advisory_timeout=None, + mandatory_timeout=None, + account_id=None, + ): self._refresh_using = refresh_using self._access_key = access_key self._secret_key = secret_key self._token = token + self._account_id = account_id self._expiry_time = expiry_time self._time_fetcher = time_fetcher self._refresh_lock = threading.Lock() self.method = method self._frozen_credentials = ReadOnlyCredentials( - access_key, secret_key, token) + access_key, secret_key, token, account_id + ) self._normalize() if advisory_timeout is not None: self._advisory_refresh_timeout = advisory_timeout @@ -377,12 +412,12 @@ class RefreshableCredentials(Credentials @classmethod def create_from_metadata( - cls, - metadata, - refresh_using, - method, - advisory_timeout=None, - mandatory_timeout=None, + cls, + metadata, + refresh_using, + method, + advisory_timeout=None, + mandatory_timeout=None, ): kwargs = {} if advisory_timeout is not None: @@ -397,6 +432,7 @@ class RefreshableCredentials(Credentials expiry_time=cls._expiry_datetime(metadata['expiry_time']), method=method, refresh_using=refresh_using, + account_id=metadata.get('account_id'), **kwargs, ) return instance @@ -440,6 +476,19 @@ class RefreshableCredentials(Credentials def token(self, value): self._token = value + @property + def account_id(self): + """Warning: Using this property can lead to race conditions if you + access another property subsequently along the refresh boundary. + Please use get_frozen_credentials instead. + """ + self._refresh() + return self._account_id + + @account_id.setter + def account_id(self, value): + self._account_id = value + def _seconds_remaining(self): delta = self._expiry_time - self._time_fetcher() return total_seconds(delta) @@ -498,7 +547,8 @@ class RefreshableCredentials(Credentials if not self.refresh_needed(self._advisory_refresh_timeout): return is_mandatory_refresh = self.refresh_needed( - self._mandatory_refresh_timeout) + self._mandatory_refresh_timeout + ) self._protected_refresh(is_mandatory=is_mandatory_refresh) return finally: @@ -516,11 +566,14 @@ class RefreshableCredentials(Credentials # the self._refresh_lock. try: metadata = self._refresh_using() - except Exception as e: + except Exception: period_name = 'mandatory' if is_mandatory else 'advisory' - logger.warning("Refreshing temporary credentials failed " - "during %s refresh period.", - period_name, exc_info=True) + logger.warning( + "Refreshing temporary credentials failed " + "during %s refresh period.", + period_name, + exc_info=True, + ) if is_mandatory: # If this is a mandatory refresh, then # all errors that occur when we attempt to refresh @@ -532,15 +585,18 @@ class RefreshableCredentials(Credentials return self._set_from_data(metadata) self._frozen_credentials = ReadOnlyCredentials( - self._access_key, self._secret_key, self._token) + self._access_key, self._secret_key, self._token, self._account_id + ) if self._is_expired(): # We successfully refreshed credentials but for whatever # reason, our refreshing function returned credentials # that are still expired. In this scenario, the only # thing we can do is let the user know and raise # an exception. - msg = ("Credentials were refreshed, but the " - "refreshed credentials are still expired.") + msg = ( + "Credentials were refreshed, but the " + "refreshed credentials are still expired." + ) logger.warning(msg) raise RuntimeError(msg) @@ -566,8 +622,10 @@ class RefreshableCredentials(Credentials self.secret_key = data['secret_key'] self.token = data['token'] self._expiry_time = parse(data['expiry_time']) - logger.debug("Retrieved credentials will expire at: %s", - self._expiry_time) + self.account_id = data.get('account_id') + logger.debug( + "Retrieved credentials will expire at: %s", self._expiry_time + ) self._normalize() def get_frozen_credentials(self): @@ -613,11 +671,13 @@ class DeferredRefreshableCredentials(Ref refresh_using will be called upon first access. """ + def __init__(self, refresh_using, method, time_fetcher=_local_now): self._refresh_using = refresh_using self._access_key = None self._secret_key = None self._token = None + self._account_id = None self._expiry_time = None self._time_fetcher = time_fetcher self._refresh_lock = threading.Lock() @@ -627,12 +687,10 @@ class DeferredRefreshableCredentials(Ref def refresh_needed(self, refresh_in=None): if self._frozen_credentials is None: return True - return super(DeferredRefreshableCredentials, self).refresh_needed( - refresh_in - ) + return super().refresh_needed(refresh_in) -class CachedCredentialFetcher(object): +class CachedCredentialFetcher: DEFAULT_EXPIRY_WINDOW_SECONDS = 60 * 15 def __init__(self, cache=None, expiry_window_seconds=None): @@ -643,6 +701,7 @@ class CachedCredentialFetcher(object): if expiry_window_seconds is None: expiry_window_seconds = self.DEFAULT_EXPIRY_WINDOW_SECONDS self._expiry_window_seconds = expiry_window_seconds + self.feature_ids = set() def _create_cache_key(self): raise NotImplementedError('_create_cache_key()') @@ -673,13 +732,16 @@ class CachedCredentialFetcher(object): creds = response['Credentials'] expiration = _serialize_if_needed(creds['Expiration'], iso=True) - return { + credentials = { 'access_key': creds['AccessKeyId'], 'secret_key': creds['SecretAccessKey'], 'token': creds['SessionToken'], 'expiry_time': expiration, + 'account_id': creds.get('AccountId'), } + return credentials + def _load_from_cache(self): if self._cache_key in self._cache: creds = deepcopy(self._cache[self._cache_key]) @@ -702,8 +764,14 @@ class CachedCredentialFetcher(object): class BaseAssumeRoleCredentialFetcher(CachedCredentialFetcher): - def __init__(self, client_creator, role_arn, extra_args=None, - cache=None, expiry_window_seconds=None): + def __init__( + self, + client_creator, + role_arn, + extra_args=None, + cache=None, + expiry_window_seconds=None, + ): self._client_creator = client_creator self._role_arn = role_arn @@ -718,12 +786,10 @@ class BaseAssumeRoleCredentialFetcher(Ca if not self._role_session_name: self._generate_assume_role_name() - super(BaseAssumeRoleCredentialFetcher, self).__init__( - cache, expiry_window_seconds - ) + super().__init__(cache, expiry_window_seconds) def _generate_assume_role_name(self): - self._role_session_name = 'botocore-session-%s' % (int(time.time())) + self._role_session_name = f'botocore-session-{int(time.time())}' self._assume_kwargs['RoleSessionName'] = self._role_session_name self._using_default_session_name = True @@ -749,11 +815,27 @@ class BaseAssumeRoleCredentialFetcher(Ca argument_hash = sha1(args.encode('utf-8')).hexdigest() return self._make_file_safe(argument_hash) + def _add_account_id_to_response(self, response): + role_arn = response.get('AssumedRoleUser', {}).get('Arn') + if ArnParser.is_arn(role_arn): + arn_parser = ArnParser() + account_id = arn_parser.parse_arn(role_arn)['account'] + response['Credentials']['AccountId'] = account_id + else: + logger.debug(f"Unable to extract account ID from Arn: {role_arn}") + class AssumeRoleCredentialFetcher(BaseAssumeRoleCredentialFetcher): - def __init__(self, client_creator, source_credentials, role_arn, - extra_args=None, mfa_prompter=None, cache=None, - expiry_window_seconds=None): + def __init__( + self, + client_creator, + source_credentials, + role_arn, + extra_args=None, + mfa_prompter=None, + cache=None, + expiry_window_seconds=None, + ): """ :type client_creator: callable :param client_creator: A callable that creates a client taking @@ -790,16 +872,22 @@ class AssumeRoleCredentialFetcher(BaseAs if self._mfa_prompter is None: self._mfa_prompter = getpass.getpass - super(AssumeRoleCredentialFetcher, self).__init__( - client_creator, role_arn, extra_args=extra_args, - cache=cache, expiry_window_seconds=expiry_window_seconds + super().__init__( + client_creator, + role_arn, + extra_args=extra_args, + cache=cache, + expiry_window_seconds=expiry_window_seconds, ) def _get_credentials(self): """Get credentials by calling assume role.""" + register_feature_ids(self.feature_ids) kwargs = self._assume_role_kwargs() client = self._create_client() - return client.assume_role(**kwargs) + response = client.assume_role(**kwargs) + self._add_account_id_to_response(response) + return response def _assume_role_kwargs(self): """Get the arguments for assume role based on current configuration.""" @@ -808,7 +896,7 @@ class AssumeRoleCredentialFetcher(BaseAs mfa_serial = assume_role_kwargs.get('SerialNumber') if mfa_serial is not None: - prompt = 'Enter MFA code for %s: ' % mfa_serial + prompt = f'Enter MFA code for {mfa_serial}: ' token_code = self._mfa_prompter(prompt) assume_role_kwargs['TokenCode'] = token_code @@ -831,10 +919,17 @@ class AssumeRoleCredentialFetcher(BaseAs class AssumeRoleWithWebIdentityCredentialFetcher( - BaseAssumeRoleCredentialFetcher + BaseAssumeRoleCredentialFetcher ): - def __init__(self, client_creator, web_identity_token_loader, role_arn, - extra_args=None, cache=None, expiry_window_seconds=None): + def __init__( + self, + client_creator, + web_identity_token_loader, + role_arn, + extra_args=None, + cache=None, + expiry_window_seconds=None, + ): """ :type client_creator: callable :param client_creator: A callable that creates a client taking @@ -864,19 +959,25 @@ class AssumeRoleWithWebIdentityCredentia """ self._web_identity_token_loader = web_identity_token_loader - super(AssumeRoleWithWebIdentityCredentialFetcher, self).__init__( - client_creator, role_arn, extra_args=extra_args, - cache=cache, expiry_window_seconds=expiry_window_seconds + super().__init__( + client_creator, + role_arn, + extra_args=extra_args, + cache=cache, + expiry_window_seconds=expiry_window_seconds, ) def _get_credentials(self): """Get credentials by calling assume role.""" + register_feature_ids(self.feature_ids) kwargs = self._assume_role_kwargs() # Assume role with web identity does not require credentials other than # the token, explicitly configure the client to not sign requests. config = Config(signature_version=UNSIGNED) client = self._client_creator('sts', config=config) - return client.assume_role_with_web_identity(**kwargs) + response = client.assume_role_with_web_identity(**kwargs) + self._add_account_id_to_response(response) + return response def _assume_role_kwargs(self): """Get the arguments for assume role based on current configuration.""" @@ -887,7 +988,7 @@ class AssumeRoleWithWebIdentityCredentia return assume_role_kwargs -class CredentialProvider(object): +class CredentialProvider: # A short name to identify the provider within botocore. METHOD = None @@ -927,13 +1028,13 @@ class CredentialProvider(object): try: found.append(mapping[key_name]) except KeyError: - raise PartialCredentialsError(provider=self.METHOD, - cred_var=key_name) + raise PartialCredentialsError( + provider=self.METHOD, cred_var=key_name + ) return found class ProcessProvider(CredentialProvider): - METHOD = 'custom-process' def __init__(self, profile_name, load_config, popen=subprocess.Popen): @@ -947,19 +1048,22 @@ class ProcessProvider(CredentialProvider if credential_process is None: return + register_feature_id('CREDENTIALS_PROFILE_PROCESS') creds_dict = self._retrieve_credentials_using(credential_process) + register_feature_id('CREDENTIALS_PROCESS') if creds_dict.get('expiry_time') is not None: return RefreshableCredentials.create_from_metadata( creds_dict, lambda: self._retrieve_credentials_using(credential_process), - self.METHOD + self.METHOD, ) return Credentials( access_key=creds_dict['access_key'], secret_key=creds_dict['secret_key'], token=creds_dict.get('token'), - method=self.METHOD + method=self.METHOD, + account_id=creds_dict.get('account_id'), ) def _retrieve_credentials_using(self, credential_process): @@ -967,40 +1071,54 @@ class ProcessProvider(CredentialProvider # command and all arguments as a list. process_list = compat_shell_split(credential_process) with original_ld_library_path(): - p = self._popen(process_list, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + p = self._popen( + process_list, stdout=subprocess.PIPE, stderr=subprocess.PIPE + ) stdout, stderr = p.communicate() if p.returncode != 0: raise CredentialRetrievalError( - provider=self.METHOD, error_msg=stderr.decode('utf-8')) + provider=self.METHOD, error_msg=stderr.decode('utf-8') + ) parsed = botocore.compat.json.loads(stdout.decode('utf-8')) version = parsed.get('Version', '') if version != 1: raise CredentialRetrievalError( provider=self.METHOD, - error_msg=("Unsupported version '%s' for credential process " - "provider, supported versions: 1" % version)) + error_msg=( + f"Unsupported version '{version}' for credential process " + "provider, supported versions: 1" + ), + ) try: return { 'access_key': parsed['AccessKeyId'], 'secret_key': parsed['SecretAccessKey'], 'token': parsed.get('SessionToken'), 'expiry_time': parsed.get('Expiration'), + 'account_id': self._get_account_id(parsed), } except KeyError as e: raise CredentialRetrievalError( provider=self.METHOD, - error_msg="Missing required key in response: %s" % e + error_msg=f"Missing required key in response: {e}", ) @property def _credential_process(self): + return self.profile_config.get('credential_process') + + @property + def profile_config(self): if self._loaded_config is None: self._loaded_config = self._load_config() - profile_config = self._loaded_config.get( - 'profiles', {}).get(self._profile_name, {}) - return profile_config.get('credential_process') + profile_config = self._loaded_config.get('profiles', {}).get( + self._profile_name, {} + ) + return profile_config + + def _get_account_id(self, parsed): + account_id = parsed.get('AccountId') + return account_id or self.profile_config.get('aws_account_id') class InstanceMetadataProvider(CredentialProvider): @@ -1018,8 +1136,10 @@ class InstanceMetadataProvider(Credentia metadata = fetcher.retrieve_iam_role_credentials() if not metadata: return None - logger.debug('Found credentials from IAM Role: %s', - metadata['role_name']) + register_feature_id('CREDENTIALS_IMDS') + logger.debug( + 'Found credentials from IAM Role: %s', metadata['role_name'] + ) # We manually set the data here, since we already made the request & # have it. When the expiry is hit, the credentials will auto-refresh # themselves. @@ -1040,6 +1160,7 @@ class EnvProvider(CredentialProvider): # AWS_SESSION_TOKEN is what other AWS SDKs have standardized on. TOKENS = ['AWS_SECURITY_TOKEN', 'AWS_SESSION_TOKEN'] EXPIRY_TIME = 'AWS_CREDENTIAL_EXPIRATION' + ACCOUNT_ID = 'AWS_ACCOUNT_ID' def __init__(self, environ=None, mapping=None): """ @@ -1049,8 +1170,12 @@ class EnvProvider(CredentialProvider): :param mapping: An optional mapping of variable names to environment variable names. Use this if you want to change the mapping of access_key->AWS_ACCESS_KEY_ID, etc. - The dict can have up to 3 keys: ``access_key``, ``secret_key``, - ``session_token``. + The dict can have up to 5 keys: + * ``access_key`` + * ``secret_key`` + * ``token`` + * ``expiry_time`` + * ``account_id`` """ if environ is None: environ = os.environ @@ -1066,17 +1191,23 @@ class EnvProvider(CredentialProvider): var_mapping['secret_key'] = self.SECRET_KEY var_mapping['token'] = self.TOKENS var_mapping['expiry_time'] = self.EXPIRY_TIME + var_mapping['account_id'] = self.ACCOUNT_ID else: var_mapping['access_key'] = mapping.get( - 'access_key', self.ACCESS_KEY) + 'access_key', self.ACCESS_KEY + ) var_mapping['secret_key'] = mapping.get( - 'secret_key', self.SECRET_KEY) - var_mapping['token'] = mapping.get( - 'token', self.TOKENS) + 'secret_key', self.SECRET_KEY + ) + var_mapping['token'] = mapping.get('token', self.TOKENS) if not isinstance(var_mapping['token'], list): var_mapping['token'] = [var_mapping['token']] var_mapping['expiry_time'] = mapping.get( - 'expiry_time', self.EXPIRY_TIME) + 'expiry_time', self.EXPIRY_TIME + ) + var_mapping['account_id'] = mapping.get( + 'account_id', self.ACCOUNT_ID + ) return var_mapping def load(self): @@ -1090,19 +1221,27 @@ class EnvProvider(CredentialProvider): logger.info('Found credentials in environment variables.') fetcher = self._create_credentials_fetcher() credentials = fetcher(require_expiry=False) + register_feature_id('CREDENTIALS_ENV_VARS') expiry_time = credentials['expiry_time'] if expiry_time is not None: expiry_time = parse(expiry_time) return RefreshableCredentials( - credentials['access_key'], credentials['secret_key'], - credentials['token'], expiry_time, - refresh_using=fetcher, method=self.METHOD + credentials['access_key'], + credentials['secret_key'], + credentials['token'], + expiry_time, + refresh_using=fetcher, + method=self.METHOD, + account_id=credentials['account_id'], ) return Credentials( - credentials['access_key'], credentials['secret_key'], - credentials['token'], method=self.METHOD + credentials['access_key'], + credentials['secret_key'], + credentials['token'], + method=self.METHOD, + account_id=credentials['account_id'], ) else: return None @@ -1118,13 +1257,15 @@ class EnvProvider(CredentialProvider): access_key = environ.get(mapping['access_key'], '') if not access_key: raise PartialCredentialsError( - provider=method, cred_var=mapping['access_key']) + provider=method, cred_var=mapping['access_key'] + ) credentials['access_key'] = access_key secret_key = environ.get(mapping['secret_key'], '') if not secret_key: raise PartialCredentialsError( - provider=method, cred_var=mapping['secret_key']) + provider=method, cred_var=mapping['secret_key'] + ) credentials['secret_key'] = secret_key credentials['token'] = None @@ -1140,7 +1281,13 @@ class EnvProvider(CredentialProvider): credentials['expiry_time'] = expiry_time if require_expiry and not expiry_time: raise PartialCredentialsError( - provider=method, cred_var=mapping['expiry_time']) + provider=method, cred_var=mapping['expiry_time'] + ) + + credentials['account_id'] = None + account_id = environ.get(mapping['account_id'], '') + if account_id: + credentials['account_id'] = account_id return credentials @@ -1169,7 +1316,8 @@ class OriginalEC2Provider(CredentialProv """ if 'AWS_CREDENTIAL_FILE' in self._environ: full_path = os.path.expanduser( - self._environ['AWS_CREDENTIAL_FILE']) + self._environ['AWS_CREDENTIAL_FILE'] + ) creds = self._parser(full_path) if self.ACCESS_KEY in creds: logger.info('Found credentials in AWS_CREDENTIAL_FILE.') @@ -1191,6 +1339,7 @@ class SharedCredentialProvider(Credentia # aws_security_token, but the SDKs are standardizing on aws_session_token # so we support both. TOKENS = ['aws_security_token', 'aws_session_token'] + ACCOUNT_ID = 'aws_account_id' def __init__(self, creds_filename, profile_name=None, ini_parser=None): self._creds_filename = creds_filename @@ -1209,22 +1358,36 @@ class SharedCredentialProvider(Credentia if self._profile_name in available_creds: config = available_creds[self._profile_name] if self.ACCESS_KEY in config: - logger.info("Found credentials in shared credentials file: %s", - self._creds_filename) + logger.info( + "Found credentials in shared credentials file: %s", + self._creds_filename, + ) access_key, secret_key = self._extract_creds_from_mapping( - config, self.ACCESS_KEY, self.SECRET_KEY) + config, self.ACCESS_KEY, self.SECRET_KEY + ) token = self._get_session_token(config) - return Credentials(access_key, secret_key, token, - method=self.METHOD) + account_id = self._get_account_id(config) + register_feature_id('CREDENTIALS_PROFILE') + return Credentials( + access_key, + secret_key, + token, + method=self.METHOD, + account_id=account_id, + ) def _get_session_token(self, config): for token_envvar in self.TOKENS: if token_envvar in config: return config[token_envvar] + def _get_account_id(self, config): + return config.get(self.ACCOUNT_ID) + class ConfigProvider(CredentialProvider): """INI based config provider with profile sections.""" + METHOD = 'config-file' CANONICAL_NAME = 'SharedConfig' @@ -1234,6 +1397,7 @@ class ConfigProvider(CredentialProvider) # aws_security_token, but the SDKs are standardizing on aws_session_token # so we support both. TOKENS = ['aws_security_token', 'aws_session_token'] + ACCOUNT_ID = 'aws_account_id' def __init__(self, config_filename, profile_name, config_parser=None): """ @@ -1262,13 +1426,23 @@ class ConfigProvider(CredentialProvider) if self._profile_name in full_config['profiles']: profile_config = full_config['profiles'][self._profile_name] if self.ACCESS_KEY in profile_config: - logger.info("Credentials found in config file: %s", - self._config_filename) + logger.info( + "Credentials found in config file: %s", + self._config_filename, + ) access_key, secret_key = self._extract_creds_from_mapping( - profile_config, self.ACCESS_KEY, self.SECRET_KEY) + profile_config, self.ACCESS_KEY, self.SECRET_KEY + ) token = self._get_session_token(profile_config) - return Credentials(access_key, secret_key, token, - method=self.METHOD) + account_id = self._get_account_id(profile_config) + register_feature_id('CREDENTIALS_PROFILE') + return Credentials( + access_key, + secret_key, + token, + method=self.METHOD, + account_id=account_id, + ) else: return None @@ -1277,6 +1451,9 @@ class ConfigProvider(CredentialProvider) if token_name in profile_config: return profile_config[token_name] + def _get_account_id(self, config): + return config.get(self.ACCOUNT_ID) + class BotoProvider(CredentialProvider): METHOD = 'boto-config' @@ -1312,12 +1489,16 @@ class BotoProvider(CredentialProvider): if 'Credentials' in config: credentials = config['Credentials'] if self.ACCESS_KEY in credentials: - logger.info("Found credentials in boto config file: %s", - filename) + logger.info( + "Found credentials in boto config file: %s", filename + ) access_key, secret_key = self._extract_creds_from_mapping( - credentials, self.ACCESS_KEY, self.SECRET_KEY) - return Credentials(access_key, secret_key, - method=self.METHOD) + credentials, self.ACCESS_KEY, self.SECRET_KEY + ) + register_feature_id('CREDENTIALS_BOTO2_CONFIG_FILE') + return Credentials( + access_key, secret_key, method=self.METHOD + ) class AssumeRoleProvider(CredentialProvider): @@ -1334,10 +1515,22 @@ class AssumeRoleProvider(CredentialProvi # remaining time left until the credentials expires is less than the # EXPIRY_WINDOW. EXPIRY_WINDOW_SECONDS = 60 * 15 + NAMED_PROVIDER_FEATURE_MAP = { + 'Ec2InstanceMetadata': 'CREDENTIALS_IMDS', + 'Environment': 'CREDENTIALS_ENV_VARS', + 'EcsContainer': 'CREDENTIALS_HTTP', + } - def __init__(self, load_config, client_creator, cache, profile_name, - prompter=getpass.getpass, credential_sourcer=None, - profile_provider_builder=None): + def __init__( + self, + load_config, + client_creator, + cache, + profile_name, + prompter=getpass.getpass, + credential_sourcer=None, + profile_provider_builder=None, + ): """ :type load_config: callable :param load_config: A function that accepts no arguments, and @@ -1389,6 +1582,7 @@ class AssumeRoleProvider(CredentialProvi self._credential_sourcer = credential_sourcer self._profile_provider_builder = profile_provider_builder self._visited_profiles = [self._profile_name] + self._feature_ids = set() def load(self): self._loaded_config = self._load_config() @@ -1399,7 +1593,8 @@ class AssumeRoleProvider(CredentialProvi def _has_assume_role_config_vars(self, profile): return ( - self.ROLE_CONFIG_VAR in profile and + self.ROLE_CONFIG_VAR in profile + and # We need to ensure this provider doesn't look at a profile when # the profile has configuration for web identity. Simply relying on # the order in the credential chain is insufficient as it doesn't @@ -1438,17 +1633,20 @@ class AssumeRoleProvider(CredentialProvi mfa_prompter=self._prompter, cache=self.cache, ) + fetcher.feature_ids = self._feature_ids.copy() refresher = fetcher.fetch_credentials if mfa_serial is not None: refresher = create_mfa_serial_refresher(refresher) + self._feature_ids.add('CREDENTIALS_STS_ASSUME_ROLE') + register_feature_ids(self._feature_ids) # The initial credentials are empty and the expiration time is set # to now so that we can delay the call to assume role until it is # strictly needed. return DeferredRefreshableCredentials( method=self.METHOD, refresh_using=refresher, - time_fetcher=_local_now + time_fetcher=_local_now, ) def _get_role_config(self, profile_name): @@ -1470,32 +1668,31 @@ class AssumeRoleProvider(CredentialProvi 'mfa_serial': mfa_serial, 'role_session_name': role_session_name, 'source_profile': source_profile, - 'credential_source': credential_source + 'credential_source': credential_source, } if duration_seconds is not None: - try: - role_config['duration_seconds'] = int(duration_seconds) - except ValueError: - pass + try: + role_config['duration_seconds'] = int(duration_seconds) + except ValueError: + pass # Either the credential source or the source profile must be # specified, but not both. if credential_source is not None and source_profile is not None: raise InvalidConfigError( error_msg=( - 'The profile "%s" contains both source_profile and ' - 'credential_source.' % profile_name + f'The profile "{profile_name}" contains both source_profile and ' + 'credential_source.' ) ) elif credential_source is None and source_profile is None: raise PartialCredentialsError( provider=self.METHOD, - cred_var='source_profile or credential_source' + cred_var='source_profile or credential_source', ) elif credential_source is not None: - self._validate_credential_source( - profile_name, credential_source) + self._validate_credential_source(profile_name, credential_source) else: self._validate_source_profile(profile_name, source_profile) @@ -1503,32 +1700,37 @@ class AssumeRoleProvider(CredentialProvi def _validate_credential_source(self, parent_profile, credential_source): if self._credential_sourcer is None: - raise InvalidConfigError(error_msg=( - 'The credential_source "%s" is specified in profile "%s", ' - 'but no source provider was configured.' % ( - credential_source, parent_profile) - )) + raise InvalidConfigError( + error_msg=( + f'The credential_source "{credential_source}" is specified in profile "{parent_profile}", ' + 'but no source provider was configured.' + ) + ) if not self._credential_sourcer.is_supported(credential_source): - raise InvalidConfigError(error_msg=( - 'The credential source "%s" referenced in profile "%s" is not ' - 'valid.' % (credential_source, parent_profile) - )) + raise InvalidConfigError( + error_msg=( + f'The credential source "{credential_source}" referenced in profile "{parent_profile}" is not ' + 'valid.' + ) + ) def _source_profile_has_credentials(self, profile): - return any([ - self._has_static_credentials(profile), - self._has_assume_role_config_vars(profile), - ]) + return any( + [ + self._has_static_credentials(profile), + self._has_assume_role_config_vars(profile), + ] + ) - def _validate_source_profile(self, parent_profile_name, - source_profile_name): + def _validate_source_profile( + self, parent_profile_name, source_profile_name + ): profiles = self._loaded_config.get('profiles', {}) if source_profile_name not in profiles: raise InvalidConfigError( error_msg=( - 'The source_profile "%s" referenced in ' - 'the profile "%s" does not exist.' % ( - source_profile_name, parent_profile_name) + f'The source_profile "{source_profile_name}" referenced in ' + f'the profile "{parent_profile_name}" does not exist.' ) ) @@ -1544,7 +1746,7 @@ class AssumeRoleProvider(CredentialProvi if source_profile_name != parent_profile_name: raise InfiniteLoopConfigError( source_profile=source_profile_name, - visited_profiles=self._visited_profiles + visited_profiles=self._visited_profiles, ) # A profile is allowed to reference itself so that it can source @@ -1555,7 +1757,7 @@ class AssumeRoleProvider(CredentialProvi if not self._has_static_credentials(source_profile): raise InfiniteLoopConfigError( source_profile=source_profile_name, - visited_profiles=self._visited_profiles + visited_profiles=self._visited_profiles, ) def _has_static_credentials(self, profile): @@ -1565,27 +1767,32 @@ class AssumeRoleProvider(CredentialProvi def _resolve_source_credentials(self, role_config, profile_name): credential_source = role_config.get('credential_source') if credential_source is not None: + self._feature_ids.add('CREDENTIALS_PROFILE_NAMED_PROVIDER') return self._resolve_credentials_from_source( credential_source, profile_name ) source_profile = role_config['source_profile'] self._visited_profiles.append(source_profile) + self._feature_ids.add('CREDENTIALS_PROFILE_SOURCE_PROFILE') return self._resolve_credentials_from_profile(source_profile) def _resolve_credentials_from_profile(self, profile_name): profiles = self._loaded_config.get('profiles', {}) profile = profiles[profile_name] - - if self._has_static_credentials(profile) and \ - not self._profile_provider_builder: + self._feature_ids.add('CREDENTIALS_PROFILE') + if ( + self._has_static_credentials(profile) + and not self._profile_provider_builder + ): # This is only here for backwards compatibility. If this provider # isn't given a profile provider builder we still want to be able - # handle the basic static credential case as we would before the - # provile provider builder parameter was added. + # to handle the basic static credential case as we would before the + # profile provider builder parameter was added. return self._resolve_static_credentials_from_profile(profile) - elif self._has_static_credentials(profile) or \ - not self._has_assume_role_config_vars(profile): + elif self._has_static_credentials( + profile + ) or not self._has_assume_role_config_vars(profile): profile_providers = self._profile_provider_builder.providers( profile_name=profile_name, disable_env_vars=True, @@ -1608,24 +1815,32 @@ class AssumeRoleProvider(CredentialProvi return Credentials( access_key=profile['aws_access_key_id'], secret_key=profile['aws_secret_access_key'], - token=profile.get('aws_session_token') + token=profile.get('aws_session_token'), ) except KeyError as e: raise PartialCredentialsError( - provider=self.METHOD, cred_var=str(e)) + provider=self.METHOD, cred_var=str(e) + ) - def _resolve_credentials_from_source(self, credential_source, - profile_name): + def _resolve_credentials_from_source( + self, credential_source, profile_name + ): credentials = self._credential_sourcer.source_credentials( - credential_source) + credential_source + ) if credentials is None: raise CredentialRetrievalError( provider=credential_source, error_msg=( 'No credentials found in credential_source referenced ' - 'in profile %s' % profile_name - ) + f'in profile {profile_name}' + ), ) + named_provider_feature_id = self.NAMED_PROVIDER_FEATURE_MAP.get( + credential_source + ) + if named_provider_feature_id: + self._feature_ids.add(named_provider_feature_id) return credentials @@ -1639,13 +1854,13 @@ class AssumeRoleWithWebIdentityProvider( } def __init__( - self, - load_config, - client_creator, - profile_name, - cache=None, - disable_env_vars=False, - token_loader_cls=None, + self, + load_config, + client_creator, + profile_name, + cache=None, + disable_env_vars=False, + token_loader_cls=None, ): self.cache = cache self._load_config = load_config @@ -1656,6 +1871,7 @@ class AssumeRoleWithWebIdentityProvider( if token_loader_cls is None: token_loader_cls = FileWebIdentityTokenLoader self._token_loader_cls = token_loader_cls + self._feature_ids = set() def load(self): return self._assume_role_with_web_identity() @@ -1678,8 +1894,15 @@ class AssumeRoleWithWebIdentityProvider( def _get_config(self, key): env_value = self._get_env_config(key) if env_value is not None: + self._feature_ids.add('CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN') return env_value - return self._get_profile_config(key) + + config_value = self._get_profile_config(key) + if config_value is not None: + self._feature_ids.add('CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN') + return config_value + + return None def _assume_role_with_web_identity(self): token_path = self._get_config('web_identity_token_file') @@ -1709,6 +1932,10 @@ class AssumeRoleWithWebIdentityProvider( extra_args=extra_args, cache=self.cache, ) + fetcher.feature_ids = self._feature_ids.copy() + + self._feature_ids.add('CREDENTIALS_STS_ASSUME_ROLE_WEB_ID') + register_feature_ids(self._feature_ids) # The initial credentials are empty and the expiration time is set # to now so that we can delay the call to assume role until it is # strictly needed. @@ -1718,7 +1945,7 @@ class AssumeRoleWithWebIdentityProvider( ) -class CanonicalNameCredentialSourcer(object): +class CanonicalNameCredentialSourcer: def __init__(self, providers): self._providers = providers @@ -1843,6 +2070,7 @@ class ContainerProvider(CredentialProvid method=self.METHOD, expiry_time=_parse_if_needed(creds['expiry_time']), refresh_using=fetcher, + account_id=creds.get('account_id'), ) def _build_headers(self): @@ -1865,17 +2093,22 @@ class ContainerProvider(CredentialProvid def fetch_creds(): try: response = self._fetcher.retrieve_full_uri( - full_uri, headers=headers) + full_uri, headers=headers + ) + register_feature_id('CREDENTIALS_HTTP') except MetadataRetrievalError as e: - logger.debug("Error retrieving container metadata: %s", e, - exc_info=True) - raise CredentialRetrievalError(provider=self.METHOD, - error_msg=str(e)) + logger.debug( + "Error retrieving container metadata: %s", e, exc_info=True + ) + raise CredentialRetrievalError( + provider=self.METHOD, error_msg=str(e) + ) return { 'access_key': response['AccessKeyId'], 'secret_key': response['SecretAccessKey'], 'token': response['Token'], 'expiry_time': response['Expiration'], + 'account_id': response.get('AccountId'), } return fetch_creds @@ -1884,7 +2117,7 @@ class ContainerProvider(CredentialProvid return self.ENV_VAR in self._environ -class CredentialResolver(object): +class CredentialResolver: def __init__(self, providers): """ @@ -1987,10 +2220,20 @@ class CredentialResolver(object): class SSOCredentialFetcher(CachedCredentialFetcher): _UTC_DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ' - def __init__(self, start_url, sso_region, role_name, account_id, - client_creator, token_loader=None, cache=None, - expiry_window_seconds=None, token_provider=None, - sso_session_name=None): + def __init__( + self, + start_url, + sso_region, + role_name, + account_id, + client_creator, + token_loader=None, + cache=None, + expiry_window_seconds=None, + token_provider=None, + sso_session_name=None, + time_fetcher=_local_now, + ): self._client_creator = client_creator self._sso_region = sso_region self._role_name = role_name @@ -1999,9 +2242,8 @@ class SSOCredentialFetcher(CachedCredent self._token_loader = token_loader self._token_provider = token_provider self._sso_session_name = sso_session_name - super(SSOCredentialFetcher, self).__init__( - cache, expiry_window_seconds - ) + self._time_fetcher = time_fetcher + super().__init__(cache, expiry_window_seconds) def _create_cache_key(self): """Create a predictable cache key for the current configuration. @@ -2042,7 +2284,16 @@ class SSOCredentialFetcher(CachedCredent initial_token_data = self._token_provider.load_token() token = initial_token_data.get_frozen_token().token else: - token = self._token_loader(self._start_url)['accessToken'] + token_dict = self._token_loader(self._start_url) + token = token_dict['accessToken'] + + # raise an UnauthorizedSSOTokenError if the loaded legacy token + # is expired to save a call to GetRoleCredentials with an + # expired token. + expiration = dateutil.parser.parse(token_dict['expiresAt']) + remaining = total_seconds(expiration - self._time_fetcher()) + if remaining <= 0: + raise UnauthorizedSSOTokenError() kwargs = { 'roleName': self._role_name, @@ -2050,6 +2301,7 @@ class SSOCredentialFetcher(CachedCredent 'accessToken': token, } try: + register_feature_ids(self.feature_ids) response = client.get_role_credentials(**kwargs) except client.exceptions.UnauthorizedException: raise UnauthorizedSSOTokenError() @@ -2062,7 +2314,8 @@ class SSOCredentialFetcher(CachedCredent 'SecretAccessKey': credentials['secretAccessKey'], 'SessionToken': credentials['sessionToken'], 'Expiration': self._parse_timestamp(credentials['expiration']), - } + 'AccountId': self._account_id, + }, } return credentials @@ -2085,8 +2338,15 @@ class SSOProvider(CredentialProvider): _PROFILE_REQUIRED_CONFIG_VARS + _SSO_REQUIRED_CONFIG_VARS ) - def __init__(self, load_config, client_creator, profile_name, - cache=None, token_cache=None, token_provider=None): + def __init__( + self, + load_config, + client_creator, + profile_name, + cache=None, + token_cache=None, + token_provider=None, + ): if token_cache is None: token_cache = JSONFileCache(self._SSO_TOKEN_CACHE_DIR) self._token_cache = token_cache @@ -2097,6 +2357,7 @@ class SSOProvider(CredentialProvider): self._load_config = load_config self._client_creator = client_creator self._profile_name = profile_name + self._feature_ids = set() def _load_sso_config(self): loaded_config = self._load_config() @@ -2128,8 +2389,8 @@ class SSOProvider(CredentialProvider): missing = ', '.join(missing_config_vars) raise InvalidConfigError( error_msg=( - 'The profile "%s" is configured to use SSO but is missing ' - 'required configuration: %s' % (profile_name, missing) + f'The profile "{profile_name}" is configured to use SSO but is missing ' + f'required configuration: {missing}' ) ) return config @@ -2171,11 +2432,23 @@ class SSOProvider(CredentialProvider): 'token_loader': SSOTokenLoader(cache=self._token_cache), 'cache': self.cache, } - if 'sso_session' in sso_config: + sso_session_in_config = 'sso_session' in sso_config + if sso_session_in_config: fetcher_kwargs['sso_session_name'] = sso_config['sso_session'] fetcher_kwargs['token_provider'] = self._token_provider + self._feature_ids.add('CREDENTIALS_PROFILE_SSO') + else: + self._feature_ids.add('CREDENTIALS_PROFILE_SSO_LEGACY') sso_fetcher = SSOCredentialFetcher(**fetcher_kwargs) + sso_fetcher.feature_ids = self._feature_ids.copy() + + if sso_session_in_config: + self._feature_ids.add('CREDENTIALS_SSO') + else: + self._feature_ids.add('CREDENTIALS_SSO_LEGACY') + + register_feature_ids(self._feature_ids) return DeferredRefreshableCredentials( method=self.METHOD, diff -pruN 2.23.6-1/awscli/botocore/crt/auth.py 2.31.35-1/awscli/botocore/crt/auth.py --- 2.23.6-1/awscli/botocore/crt/auth.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/crt/auth.py 2025-11-12 19:17:29.000000000 +0000 @@ -25,6 +25,7 @@ from botocore.auth import ( ) from botocore.compat import HTTPHeaders, parse_qs, urlsplit, urlunsplit from botocore.exceptions import NoCredentialsError +from botocore.useragent import register_feature_id from botocore.utils import percent_encode_sequence @@ -58,7 +59,8 @@ class CrtSigV4Auth(BaseSigner): # Use utcnow() because that's what gets mocked by tests, but set # timezone because CRT assumes naive datetime is local time. datetime_now = datetime.datetime.utcnow().replace( - tzinfo=datetime.timezone.utc) + tzinfo=datetime.timezone.utc + ) # Use existing 'X-Amz-Content-SHA256' header if able existing_sha256 = self._get_existing_sha256(request) @@ -68,7 +70,8 @@ class CrtSigV4Auth(BaseSigner): credentials_provider = awscrt.auth.AwsCredentialsProvider.new_static( access_key_id=self.credentials.access_key, secret_access_key=self.credentials.secret_key, - session_token=self.credentials.token) + session_token=self.credentials.token, + ) if self._is_streaming_checksum_payload(request): explicit_payload = STREAMING_UNSIGNED_PAYLOAD_TRAILER @@ -81,8 +84,9 @@ class CrtSigV4Auth(BaseSigner): explicit_payload = UNSIGNED_PAYLOAD if self._should_add_content_sha256_header(explicit_payload): - body_header = \ + body_header = ( awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256 + ) else: body_header = awscrt.auth.AwsSignedBodyHeaderType.NONE @@ -99,7 +103,7 @@ class CrtSigV4Auth(BaseSigner): signed_body_value=explicit_payload, signed_body_header_type=body_header, expiration_in_seconds=self._expiration_in_seconds, - ) + ) crt_request = self._crt_request_from_aws_request(request) future = awscrt.auth.aws_sign_request(crt_request, signing_config) future.result() @@ -110,12 +114,12 @@ class CrtSigV4Auth(BaseSigner): crt_path = url_parts.path if url_parts.path else '/' if aws_request.params: array = [] - for (param, value) in aws_request.params.items(): + for param, value in aws_request.params.items(): value = str(value) - array.append('%s=%s' % (param, value)) + array.append(f'{param}={value}') crt_path = crt_path + '?' + '&'.join(array) elif url_parts.query: - crt_path = '%s?%s' % (crt_path, url_parts.query) + crt_path = f'{crt_path}?{url_parts.query}' crt_headers = awscrt.http.HttpHeaders(aws_request.headers.items()) @@ -131,13 +135,15 @@ class CrtSigV4Auth(BaseSigner): method=aws_request.method, path=crt_path, headers=crt_headers, - body_stream=crt_body_stream) + body_stream=crt_body_stream, + ) return crt_request def _apply_signing_changes(self, aws_request, signed_crt_request): # Apply changes from signed CRT request to the AWSRequest aws_request.headers = HTTPHeaders.from_pairs( - list(signed_crt_request.headers)) + list(signed_crt_request.headers) + ) def _should_sign_header(self, name, **kwargs): return name.lower() not in SIGNED_HEADERS_BLACKLIST @@ -206,8 +212,10 @@ class CrtS3SigV4Auth(CrtSigV4Auth): algorithm = checksum_context.get('request_algorithm') if isinstance(algorithm, dict) and algorithm.get('in') == 'header': checksum_header = algorithm['name'] - if not request.url.startswith('https') or \ - checksum_header not in request.headers: + if ( + not request.url.startswith('https') + or checksum_header not in request.headers + ): return True # If the input is streaming we disable body signing by default. @@ -242,13 +250,15 @@ class CrtSigV4AsymAuth(BaseSigner): self._expiration_in_seconds = None def add_auth(self, request): + register_feature_id("SIGV4A_SIGNING") if self.credentials is None: raise NoCredentialsError() # Use utcnow() because that's what gets mocked by tests, but set # timezone because CRT assumes naive datetime is local time. datetime_now = datetime.datetime.utcnow().replace( - tzinfo=datetime.timezone.utc) + tzinfo=datetime.timezone.utc + ) # Use existing 'X-Amz-Content-SHA256' header if able existing_sha256 = self._get_existing_sha256(request) @@ -258,7 +268,8 @@ class CrtSigV4AsymAuth(BaseSigner): credentials_provider = awscrt.auth.AwsCredentialsProvider.new_static( access_key_id=self.credentials.access_key, secret_access_key=self.credentials.secret_key, - session_token=self.credentials.token) + session_token=self.credentials.token, + ) if self._is_streaming_checksum_payload(request): explicit_payload = STREAMING_UNSIGNED_PAYLOAD_TRAILER @@ -271,8 +282,9 @@ class CrtSigV4AsymAuth(BaseSigner): explicit_payload = UNSIGNED_PAYLOAD if self._should_add_content_sha256_header(explicit_payload): - body_header = \ + body_header = ( awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256 + ) else: body_header = awscrt.auth.AwsSignedBodyHeaderType.NONE @@ -289,7 +301,7 @@ class CrtSigV4AsymAuth(BaseSigner): signed_body_value=explicit_payload, signed_body_header_type=body_header, expiration_in_seconds=self._expiration_in_seconds, - ) + ) crt_request = self._crt_request_from_aws_request(request) future = awscrt.auth.aws_sign_request(crt_request, signing_config) future.result() @@ -300,12 +312,12 @@ class CrtSigV4AsymAuth(BaseSigner): crt_path = url_parts.path if url_parts.path else '/' if aws_request.params: array = [] - for (param, value) in aws_request.params.items(): + for param, value in aws_request.params.items(): value = str(value) - array.append('%s=%s' % (param, value)) + array.append(f'{param}={value}') crt_path = crt_path + '?' + '&'.join(array) elif url_parts.query: - crt_path = '%s?%s' % (crt_path, url_parts.query) + crt_path = f'{crt_path}?{url_parts.query}' crt_headers = awscrt.http.HttpHeaders(aws_request.headers.items()) @@ -321,13 +333,15 @@ class CrtSigV4AsymAuth(BaseSigner): method=aws_request.method, path=crt_path, headers=crt_headers, - body_stream=crt_body_stream) + body_stream=crt_body_stream, + ) return crt_request def _apply_signing_changes(self, aws_request, signed_crt_request): # Apply changes from signed CRT request to the AWSRequest aws_request.headers = HTTPHeaders.from_pairs( - list(signed_crt_request.headers)) + list(signed_crt_request.headers) + ) def _should_sign_header(self, name, **kwargs): return name.lower() not in SIGNED_HEADERS_BLACKLIST @@ -396,8 +410,10 @@ class CrtS3SigV4AsymAuth(CrtSigV4AsymAut # to implicitly disable body signing. The combination of TLS and # content-md5 is sufficiently secure and durable for us to be # confident in the request without body signing. - if not request.url.startswith('https') or \ - 'Content-MD5' not in request.headers: + if ( + not request.url.startswith('https') + or 'Content-MD5' not in request.headers + ): return True # If the input is streaming we disable body signing by default. @@ -412,12 +428,14 @@ class CrtS3SigV4AsymAuth(CrtSigV4AsymAut # Always add X-Amz-Content-SHA256 header return True + class CrtSigV4AsymQueryAuth(CrtSigV4AsymAuth): DEFAULT_EXPIRES = 3600 _SIGNATURE_TYPE = awscrt.auth.AwsSignatureType.HTTP_REQUEST_QUERY_PARAMS - def __init__(self, credentials, service_name, region_name, - expires=DEFAULT_EXPIRES): + def __init__( + self, credentials, service_name, region_name, expires=DEFAULT_EXPIRES + ): super().__init__(credentials, service_name, region_name) self._expiration_in_seconds = expires @@ -437,8 +455,13 @@ class CrtSigV4AsymQueryAuth(CrtSigV4Asym # have repeated keys so we know we have single element lists which we # can convert back to scalar values. query_dict = dict( - [(k, v[0]) for k, v in - parse_qs(url_parts.query, keep_blank_values=True).items()]) + [ + (k, v[0]) + for k, v in parse_qs( + url_parts.query, keep_blank_values=True + ).items() + ] + ) # The spec is particular about this. It *has* to be: # https://?& # You can't mix the two types of params together, i.e just keep doing @@ -506,8 +529,9 @@ class CrtSigV4QueryAuth(CrtSigV4Auth): DEFAULT_EXPIRES = 3600 _SIGNATURE_TYPE = awscrt.auth.AwsSignatureType.HTTP_REQUEST_QUERY_PARAMS - def __init__(self, credentials, service_name, region_name, - expires=DEFAULT_EXPIRES): + def __init__( + self, credentials, service_name, region_name, expires=DEFAULT_EXPIRES + ): super().__init__(credentials, service_name, region_name) self._expiration_in_seconds = expires @@ -527,8 +551,13 @@ class CrtSigV4QueryAuth(CrtSigV4Auth): # have repeated keys so we know we have single element lists which we # can convert back to scalar values. query_dict = dict( - [(k, v[0]) for k, v in - parse_qs(url_parts.query, keep_blank_values=True).items()]) + [ + (k, v[0]) + for k, v in parse_qs( + url_parts.query, keep_blank_values=True + ).items() + ] + ) # The spec is particular about this. It *has* to be: # https://?& # You can't mix the two types of params together, i.e just keep doing @@ -603,5 +632,5 @@ CRT_AUTH_TYPE_MAPS = { 's3v4': CrtS3SigV4Auth, 's3v4-query': CrtS3SigV4QueryAuth, 's3v4a': CrtS3SigV4AsymAuth, - 's3v4a-query': CrtS3SigV4AsymQueryAuth + 's3v4a-query': CrtS3SigV4AsymQueryAuth, } diff -pruN 2.23.6-1/awscli/botocore/data/accessanalyzer/2019-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/accessanalyzer/2019-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/accessanalyzer/2019-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/accessanalyzer/2019-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/accessanalyzer/2019-11-01/service-2.json 2.31.35-1/awscli/botocore/data/accessanalyzer/2019-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/accessanalyzer/2019-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/accessanalyzer/2019-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -41,8 +41,8 @@ "input":{"shape":"CancelPolicyGenerationRequest"}, "output":{"shape":"CancelPolicyGenerationResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], @@ -59,14 +59,15 @@ "input":{"shape":"CheckAccessNotGrantedRequest"}, "output":{"shape":"CheckAccessNotGrantedResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"InvalidParameterException"}, {"shape":"UnprocessableEntityException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Checks whether the specified access isn't allowed by a policy.

" + "documentation":"

Checks whether the specified access isn't allowed by a policy.

", + "readonly":true }, "CheckNoNewAccess":{ "name":"CheckNoNewAccess", @@ -78,14 +79,15 @@ "input":{"shape":"CheckNoNewAccessRequest"}, "output":{"shape":"CheckNoNewAccessResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"InvalidParameterException"}, {"shape":"UnprocessableEntityException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Checks whether new access is allowed for an updated policy when compared to the existing policy.

You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.

" + "documentation":"

Checks whether new access is allowed for an updated policy when compared to the existing policy.

You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.

", + "readonly":true }, "CheckNoPublicAccess":{ "name":"CheckNoPublicAccess", @@ -97,14 +99,15 @@ "input":{"shape":"CheckNoPublicAccessRequest"}, "output":{"shape":"CheckNoPublicAccessResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"InvalidParameterException"}, {"shape":"UnprocessableEntityException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Checks whether a resource policy can grant public access to the specified resource type.

" + "documentation":"

Checks whether a resource policy can grant public access to the specified resource type.

", + "readonly":true }, "CreateAccessPreview":{ "name":"CreateAccessPreview", @@ -116,10 +119,10 @@ "input":{"shape":"CreateAccessPreviewRequest"}, "output":{"shape":"CreateAccessPreviewResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, - {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} @@ -156,8 +159,8 @@ }, "input":{"shape":"CreateArchiveRuleRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"}, @@ -212,8 +215,8 @@ }, "input":{"shape":"GenerateFindingRecommendationRequest"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], @@ -230,12 +233,13 @@ "output":{"shape":"GetAccessPreviewResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about an access preview for the specified analyzer.

" + "documentation":"

Retrieves information about an access preview for the specified analyzer.

", + "readonly":true }, "GetAnalyzedResource":{ "name":"GetAnalyzedResource", @@ -253,7 +257,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about a resource that was analyzed.

" + "documentation":"

Retrieves information about a resource that was analyzed.

This action is supported only for external access analyzers.

", + "readonly":true }, "GetAnalyzer":{ "name":"GetAnalyzer", @@ -271,7 +276,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about the specified analyzer.

" + "documentation":"

Retrieves information about the specified analyzer.

", + "readonly":true }, "GetArchiveRule":{ "name":"GetArchiveRule", @@ -289,7 +295,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about an archive rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

" + "documentation":"

Retrieves information about an archive rule.

To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.

", + "readonly":true }, "GetFinding":{ "name":"GetFinding", @@ -307,7 +314,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

" + "documentation":"

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

GetFinding is supported only for external access analyzers. You must use GetFindingV2 for internal and unused access analyzers.

", + "readonly":true }, "GetFindingRecommendation":{ "name":"GetFindingRecommendation", @@ -325,7 +333,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about a finding recommendation for the specified analyzer.

" + "documentation":"

Retrieves information about a finding recommendation for the specified analyzer.

", + "readonly":true }, "GetFindingV2":{ "name":"GetFindingV2", @@ -343,7 +352,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

" + "documentation":"

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

", + "readonly":true + }, + "GetFindingsStatistics":{ + "name":"GetFindingsStatistics", + "http":{ + "method":"POST", + "requestUri":"/analyzer/findings/statistics", + "responseCode":200 + }, + "input":{"shape":"GetFindingsStatisticsRequest"}, + "output":{"shape":"GetFindingsStatisticsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves a list of aggregated finding statistics for an external access or unused access analyzer.

", + "readonly":true }, "GetGeneratedPolicy":{ "name":"GetGeneratedPolicy", @@ -355,12 +384,13 @@ "input":{"shape":"GetGeneratedPolicyRequest"}, "output":{"shape":"GetGeneratedPolicyResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the policy that was generated using StartPolicyGeneration.

" + "documentation":"

Retrieves the policy that was generated using StartPolicyGeneration.

", + "readonly":true }, "ListAccessPreviewFindings":{ "name":"ListAccessPreviewFindings", @@ -372,14 +402,15 @@ "input":{"shape":"ListAccessPreviewFindingsRequest"}, "output":{"shape":"ListAccessPreviewFindingsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, - {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of access preview findings generated by the specified access preview.

" + "documentation":"

Retrieves a list of access preview findings generated by the specified access preview.

", + "readonly":true }, "ListAccessPreviews":{ "name":"ListAccessPreviews", @@ -392,12 +423,13 @@ "output":{"shape":"ListAccessPreviewsResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of access previews for the specified analyzer.

" + "documentation":"

Retrieves a list of access previews for the specified analyzer.

", + "readonly":true }, "ListAnalyzedResources":{ "name":"ListAnalyzedResources", @@ -415,7 +447,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.

" + "documentation":"

Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.

", + "readonly":true }, "ListAnalyzers":{ "name":"ListAnalyzers", @@ -432,7 +465,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of analyzers.

" + "documentation":"

Retrieves a list of analyzers.

", + "readonly":true }, "ListArchiveRules":{ "name":"ListArchiveRules", @@ -449,7 +483,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of archive rules created for the specified analyzer.

" + "documentation":"

Retrieves a list of archive rules created for the specified analyzer.

", + "readonly":true }, "ListFindings":{ "name":"ListFindings", @@ -467,7 +502,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

" + "documentation":"

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

ListFindings is supported only for external access analyzers. You must use ListFindingsV2 for internal and unused access analyzers.

", + "readonly":true }, "ListFindingsV2":{ "name":"ListFindingsV2", @@ -485,7 +521,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

" + "documentation":"

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action.

To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

", + "readonly":true }, "ListPolicyGenerations":{ "name":"ListPolicyGenerations", @@ -497,12 +534,13 @@ "input":{"shape":"ListPolicyGenerationsRequest"}, "output":{"shape":"ListPolicyGenerationsResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all of the policy generations requested in the last seven days.

" + "documentation":"

Lists all of the policy generations requested in the last seven days.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -515,12 +553,13 @@ "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a list of tags applied to the specified resource.

" + "documentation":"

Retrieves a list of tags applied to the specified resource.

", + "readonly":true }, "StartPolicyGeneration":{ "name":"StartPolicyGeneration", @@ -533,8 +572,8 @@ "output":{"shape":"StartPolicyGenerationResponse"}, "errors":[ {"shape":"ConflictException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} @@ -557,7 +596,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Immediately starts a scan of the policies applied to the specified resource.

" + "documentation":"

Immediately starts a scan of the policies applied to the specified resource.

This action is supported only for external access analyzers.

" }, "TagResource":{ "name":"TagResource", @@ -570,8 +609,8 @@ "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], @@ -589,8 +628,8 @@ "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], @@ -614,7 +653,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Modifies the configuration of an existing analyzer.

", + "documentation":"

Modifies the configuration of an existing analyzer.

This action is not supported for external access analyzers.

", "idempotent":true }, "UpdateArchiveRule":{ @@ -663,12 +702,13 @@ "input":{"shape":"ValidatePolicyRequest"}, "output":{"shape":"ValidatePolicyResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

" + "documentation":"

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

", + "readonly":true } }, "shapes":{ @@ -723,7 +763,15 @@ "AWS::SecretsManager::Secret", "AWS::SNS::Topic", "AWS::SQS::Queue", - "AWS::IAM::AssumeRolePolicyDocument" + "AWS::IAM::AssumeRolePolicyDocument", + "AWS::S3Tables::TableBucket", + "AWS::ApiGateway::RestApi", + "AWS::CodeArtifact::Domain", + "AWS::Backup::BackupVault", + "AWS::CloudTrail::Dashboard", + "AWS::CloudTrail::EventDataStore", + "AWS::S3Tables::Table", + "AWS::S3Express::AccessPoint" ] }, "AccessDeniedException":{ @@ -933,6 +981,12 @@ "max":100, "min":0 }, + "AccountAggregations":{ + "type":"list", + "member":{"shape":"FindingAggregationAccountDetails"}, + "max":10, + "min":1 + }, "AccountIdsList":{ "type":"list", "member":{"shape":"String"} @@ -1093,6 +1147,10 @@ "unusedAccess":{ "shape":"UnusedAccessConfiguration", "documentation":"

Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account.

" + }, + "internalAccess":{ + "shape":"InternalAccessConfiguration", + "documentation":"

Specifies the configuration of an internal access analyzer for an Amazon Web Services organization or account. This configuration determines how the analyzer evaluates access within your Amazon Web Services environment.

" } }, "documentation":"

Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.

", @@ -1127,7 +1185,7 @@ }, "type":{ "shape":"Type", - "documentation":"

The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.

" + "documentation":"

The type represents the zone of trust or scope for the analyzer.

" }, "createdAt":{ "shape":"Timestamp", @@ -1143,7 +1201,7 @@ }, "tags":{ "shape":"TagsMap", - "documentation":"

The tags added to the analyzer.

" + "documentation":"

An array of key-value pairs applied to the analyzer. The key-value pairs consist of the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

The tag key is a value that is 1 to 128 characters in length and cannot be prefixed with aws:.

The tag value is a value that is 0 to 256 characters in length.

" }, "status":{ "shape":"AnalyzerStatus", @@ -1155,7 +1213,7 @@ }, "configuration":{ "shape":"AnalyzerConfiguration", - "documentation":"

Specifies whether the analyzer is an external access or unused access analyzer.

" + "documentation":"

Specifies if the analyzer is an external access, unused access, or internal access analyzer. The GetAnalyzer action includes this property in its response if a configuration is specified, while the ListAnalyzers action omits it.

" } }, "documentation":"

Contains information about the analyzer.

" @@ -1237,8 +1295,7 @@ }, "CancelPolicyGenerationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CheckAccessNotGrantedRequest":{ "type":"structure", @@ -1577,7 +1634,7 @@ }, "type":{ "shape":"Type", - "documentation":"

The type of analyzer to create. Only ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, and ORGANIZATION_UNUSED_ACCESS analyzers are supported. You can create only one analyzer per account per Region. You can create up to 5 analyzers per organization per Region.

" + "documentation":"

The type of analyzer to create. You can create only one analyzer per account per Region. You can create up to 5 analyzers per organization per Region.

" }, "archiveRules":{ "shape":"InlineArchiveRulesList", @@ -1594,7 +1651,7 @@ }, "configuration":{ "shape":"AnalyzerConfiguration", - "documentation":"

Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration.

" + "documentation":"

Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration. If the analyzer is an internal access analyzer, the specified internal access analysis rules are used for the configuration.

" } }, "documentation":"

Creates an analyzer.

" @@ -1809,11 +1866,33 @@ }, "resourceControlPolicyRestriction":{ "shape":"ResourceControlPolicyRestriction", - "documentation":"

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

" + "documentation":"

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

  • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

  • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

  • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

  • APPLIED: This restriction is not currently available for external access findings.

" } }, "documentation":"

Contains information about an external access finding.

" }, + "ExternalAccessFindingsStatistics":{ + "type":"structure", + "members":{ + "resourceTypeStatistics":{ + "shape":"ResourceTypeStatisticsMap", + "documentation":"

The total number of active cross-account and public findings for each resource type of the specified external access analyzer.

" + }, + "totalActiveFindings":{ + "shape":"Integer", + "documentation":"

The number of active findings for the specified external access analyzer.

" + }, + "totalArchivedFindings":{ + "shape":"Integer", + "documentation":"

The number of archived findings for the specified external access analyzer.

" + }, + "totalResolvedFindings":{ + "shape":"Integer", + "documentation":"

The number of resolved findings for the specified external access analyzer.

" + } + }, + "documentation":"

Provides aggregate statistics about the findings for the specified external access analyzer.

" + }, "FilterCriteriaMap":{ "type":"map", "key":{"shape":"String"}, @@ -1895,6 +1974,29 @@ }, "documentation":"

Contains information about a finding.

" }, + "FindingAggregationAccountDetails":{ + "type":"structure", + "members":{ + "account":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services account for which unused access finding details are provided.

" + }, + "numberOfActiveFindings":{ + "shape":"Integer", + "documentation":"

The number of active unused access findings for the specified Amazon Web Services account.

" + }, + "details":{ + "shape":"FindingAggregationAccountDetailsMap", + "documentation":"

Provides the number of active findings for each type of unused access for the specified Amazon Web Services account.

" + } + }, + "documentation":"

Contains information about the findings for an Amazon Web Services account in an organization unused access analyzer.

" + }, + "FindingAggregationAccountDetailsMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"Integer"} + }, "FindingChangeType":{ "type":"string", "enum":[ @@ -1906,6 +2008,10 @@ "FindingDetails":{ "type":"structure", "members":{ + "internalAccessDetails":{ + "shape":"InternalAccessDetails", + "documentation":"

The details for an internal access analyzer finding. This contains information about access patterns identified within your Amazon Web Services organization or account.

" + }, "externalAccessDetails":{ "shape":"ExternalAccessDetails", "documentation":"

The details for an external access analyzer finding.

" @@ -2122,7 +2228,7 @@ }, "findingType":{ "shape":"FindingType", - "documentation":"

The type of the external access or unused access finding.

" + "documentation":"

The type of the access finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission. For internal access analyzers, the type is InternalAccess.

" } }, "documentation":"

Contains information about a finding.

" @@ -2134,7 +2240,8 @@ "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", - "UnusedPermission" + "UnusedPermission", + "InternalAccess" ] }, "FindingsList":{ @@ -2145,6 +2252,29 @@ "type":"list", "member":{"shape":"FindingSummaryV2"} }, + "FindingsStatistics":{ + "type":"structure", + "members":{ + "externalAccessFindingsStatistics":{ + "shape":"ExternalAccessFindingsStatistics", + "documentation":"

The aggregate statistics for an external access analyzer.

" + }, + "internalAccessFindingsStatistics":{ + "shape":"InternalAccessFindingsStatistics", + "documentation":"

The aggregate statistics for an internal access analyzer. This includes information about active, archived, and resolved findings related to internal access within your Amazon Web Services organization or account.

" + }, + "unusedAccessFindingsStatistics":{ + "shape":"UnusedAccessFindingsStatistics", + "documentation":"

The aggregate statistics for an unused access analyzer.

" + } + }, + "documentation":"

Contains information about the aggregate statistics for an external or unused access analyzer. Only one parameter can be used in a FindingsStatistics object.

", + "union":true + }, + "FindingsStatisticsList":{ + "type":"list", + "member":{"shape":"FindingsStatistics"} + }, "GenerateFindingRecommendationRequest":{ "type":"structure", "required":[ @@ -2548,7 +2678,30 @@ }, "findingType":{ "shape":"FindingType", - "documentation":"

The type of the finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission.

" + "documentation":"

The type of the finding. For external access analyzers, the type is ExternalAccess. For unused access analyzers, the type can be UnusedIAMRole, UnusedIAMUserAccessKey, UnusedIAMUserPassword, or UnusedPermission. For internal access analyzers, the type is InternalAccess.

" + } + } + }, + "GetFindingsStatisticsRequest":{ + "type":"structure", + "required":["analyzerArn"], + "members":{ + "analyzerArn":{ + "shape":"AnalyzerArn", + "documentation":"

The ARN of the analyzer used to generate the statistics.

" + } + } + }, + "GetFindingsStatisticsResponse":{ + "type":"structure", + "members":{ + "findingsStatistics":{ + "shape":"FindingsStatisticsList", + "documentation":"

A group of external access or unused access findings statistics.

" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The time at which the retrieval of the findings statistics was last updated. If the findings statistics have not been previously retrieved for the specified analyzer, this field will not be populated.

" } } }, @@ -2631,6 +2784,142 @@ "type":"integer", "box":true }, + "InternalAccessAnalysisRule":{ + "type":"structure", + "members":{ + "inclusions":{ + "shape":"InternalAccessAnalysisRuleCriteriaList", + "documentation":"

A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.

" + } + }, + "documentation":"

Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.

" + }, + "InternalAccessAnalysisRuleCriteria":{ + "type":"structure", + "members":{ + "accountIds":{ + "shape":"AccountIdsList", + "documentation":"

A list of Amazon Web Services account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.

" + }, + "resourceTypes":{ + "shape":"ResourceTypeList", + "documentation":"

A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. These resource types are currently supported for internal access analyzers:

  • AWS::S3::Bucket

  • AWS::RDS::DBSnapshot

  • AWS::RDS::DBClusterSnapshot

  • AWS::S3Express::DirectoryBucket

  • AWS::DynamoDB::Table

  • AWS::DynamoDB::Stream

" + }, + "resourceArns":{ + "shape":"ResourceArnsList", + "documentation":"

A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.

" + } + }, + "documentation":"

The criteria for an analysis rule for an internal access analyzer.

" + }, + "InternalAccessAnalysisRuleCriteriaList":{ + "type":"list", + "member":{"shape":"InternalAccessAnalysisRuleCriteria"} + }, + "InternalAccessConfiguration":{ + "type":"structure", + "members":{ + "analysisRule":{ + "shape":"InternalAccessAnalysisRule", + "documentation":"

Contains information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed.

" + } + }, + "documentation":"

Specifies the configuration of an internal access analyzer for an Amazon Web Services organization or account. This configuration determines how the analyzer evaluates internal access within your Amazon Web Services environment.

" + }, + "InternalAccessDetails":{ + "type":"structure", + "members":{ + "action":{ + "shape":"ActionList", + "documentation":"

The action in the analyzed policy statement that has internal access permission to use.

" + }, + "condition":{ + "shape":"ConditionKeyMap", + "documentation":"

The condition in the analyzed policy statement that resulted in an internal access finding.

" + }, + "principal":{ + "shape":"PrincipalMap", + "documentation":"

The principal that has access to a resource within the internal environment.

" + }, + "principalOwnerAccount":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID that owns the principal identified in the internal access finding.

" + }, + "accessType":{ + "shape":"InternalAccessType", + "documentation":"

The type of internal access identified in the finding. This indicates how the access is granted within your Amazon Web Services environment.

" + }, + "principalType":{ + "shape":"PrincipalType", + "documentation":"

The type of principal identified in the internal access finding, such as IAM role or IAM user.

" + }, + "sources":{ + "shape":"FindingSourceList", + "documentation":"

The sources of the internal access finding. This indicates how the access that generated the finding is granted within your Amazon Web Services environment.

" + }, + "resourceControlPolicyRestriction":{ + "shape":"ResourceControlPolicyRestriction", + "documentation":"

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

  • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

  • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

  • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

  • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

" + }, + "serviceControlPolicyRestriction":{ + "shape":"ServiceControlPolicyRestriction", + "documentation":"

The type of restriction applied to the finding by an Organizations service control policy (SCP).

  • APPLICABLE: There is an SCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. Only applicable to internal access findings with the account as the zone of trust.

  • FAILED_TO_EVALUATE_SCP: There was an error evaluating the SCP.

  • NOT_APPLICABLE: There was no SCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no SCP applicable to the principal.

  • APPLIED: An SCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. Only applicable to internal access findings with the organization as the zone of trust.

" + } + }, + "documentation":"

Contains information about an internal access finding. This includes details about the access that was identified within your Amazon Web Services organization or account.

" + }, + "InternalAccessFindingsStatistics":{ + "type":"structure", + "members":{ + "resourceTypeStatistics":{ + "shape":"InternalAccessResourceTypeStatisticsMap", + "documentation":"

The total number of active findings for each resource type of the specified internal access analyzer.

" + }, + "totalActiveFindings":{ + "shape":"Integer", + "documentation":"

The number of active findings for the specified internal access analyzer.

" + }, + "totalArchivedFindings":{ + "shape":"Integer", + "documentation":"

The number of archived findings for the specified internal access analyzer.

" + }, + "totalResolvedFindings":{ + "shape":"Integer", + "documentation":"

The number of resolved findings for the specified internal access analyzer.

" + } + }, + "documentation":"

Provides aggregate statistics about the findings for the specified internal access analyzer. This includes counts of active, archived, and resolved findings.

" + }, + "InternalAccessResourceTypeDetails":{ + "type":"structure", + "members":{ + "totalActiveFindings":{ + "shape":"Integer", + "documentation":"

The total number of active findings for the resource type in the internal access analyzer.

" + }, + "totalResolvedFindings":{ + "shape":"Integer", + "documentation":"

The total number of resolved findings for the resource type in the internal access analyzer.

" + }, + "totalArchivedFindings":{ + "shape":"Integer", + "documentation":"

The total number of archived findings for the resource type in the internal access analyzer.

" + } + }, + "documentation":"

Contains information about the total number of active, archived, and resolved findings for a resource type of an internal access analyzer.

" + }, + "InternalAccessResourceTypeStatisticsMap":{ + "type":"map", + "key":{"shape":"ResourceType"}, + "value":{"shape":"InternalAccessResourceTypeDetails"} + }, + "InternalAccessType":{ + "type":"string", + "enum":[ + "INTRA_ACCOUNT", + "INTRA_ORG" + ] + }, "InternalServerException":{ "type":"structure", "required":["message"], @@ -2651,8 +2940,7 @@ }, "InternetConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This configuration sets the network origin for the Amazon S3 access point or multi-region access point to Internet.

" }, "InvalidParameterException":{ @@ -3234,7 +3522,7 @@ "documentation":"

The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.

" } }, - "documentation":"

The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points.

", + "documentation":"

The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points.

", "union":true }, "OrderBy":{ @@ -3361,6 +3649,13 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "PrincipalType":{ + "type":"string", + "enum":[ + "IAM_ROLE", + "IAM_USER" + ] + }, "RdsDbClusterSnapshotAccountId":{"type":"string"}, "RdsDbClusterSnapshotAccountIdsList":{ "type":"list", @@ -3523,12 +3818,17 @@ "type":"string", "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" }, + "ResourceArnsList":{ + "type":"list", + "member":{"shape":"String"} + }, "ResourceControlPolicyRestriction":{ "type":"string", "enum":[ "APPLICABLE", "FAILED_TO_EVALUATE_RCP", - "NOT_APPLICABLE" + "NOT_APPLICABLE", + "APPLIED" ] }, "ResourceNotFoundException":{ @@ -3578,6 +3878,33 @@ "AWS::IAM::User" ] }, + "ResourceTypeDetails":{ + "type":"structure", + "members":{ + "totalActivePublic":{ + "shape":"Integer", + "documentation":"

The total number of active public findings for the resource type.

" + }, + "totalActiveCrossAccount":{ + "shape":"Integer", + "documentation":"

The total number of active cross-account findings for the resource type.

" + }, + "totalActiveErrors":{ + "shape":"Integer", + "documentation":"

The total number of active errors for the resource type.

" + } + }, + "documentation":"

Contains information about the total number of active cross-account and public findings for a resource type of an external access analyzer.

" + }, + "ResourceTypeList":{ + "type":"list", + "member":{"shape":"ResourceType"} + }, + "ResourceTypeStatisticsMap":{ + "type":"map", + "key":{"shape":"ResourceType"}, + "value":{"shape":"ResourceTypeDetails"} + }, "RetiringPrincipal":{"type":"string"}, "RoleArn":{ "type":"string", @@ -3596,7 +3923,7 @@ }, "networkOrigin":{ "shape":"NetworkOriginConfiguration", - "documentation":"

The proposed Internet and VpcConfiguration to apply to this Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. If the access preview is for a new resource and neither is specified, the access preview uses Internet for the network origin. If the access preview is for an existing resource and neither is specified, the access preview uses the exiting network origin.

" + "documentation":"

The proposed Internet and VpcConfiguration to apply to this Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. If the access preview is for a new resource and neither is specified, the access preview uses Internet for the network origin. If the access preview is for an existing resource and neither is specified, the access preview uses the existing network origin.

" } }, "documentation":"

The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points. For more information about access point policy limits, see Access points restrictions and limitations.

" @@ -3651,15 +3978,39 @@ "documentation":"

Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples.

" }, "S3BucketPolicy":{"type":"string"}, + "S3ExpressDirectoryAccessPointArn":{ + "type":"string", + "pattern":"arn:[^:]*:s3express:[^:]*:[^:]*:accesspoint/.*" + }, + "S3ExpressDirectoryAccessPointConfiguration":{ + "type":"structure", + "members":{ + "accessPointPolicy":{ + "shape":"AccessPointPolicy", + "documentation":"

The proposed access point policy for an Amazon S3 directory bucket access point.

" + }, + "networkOrigin":{"shape":"NetworkOriginConfiguration"} + }, + "documentation":"

Proposed configuration for an access point attached to an Amazon S3 directory bucket. You can propose up to 10 access points per bucket. If the proposed access point configuration is for an existing Amazon S3 directory bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information about access points for Amazon S3 directory buckets, see Managing access to directory buckets with access points in the Amazon Simple Storage Service User Guide.

" + }, + "S3ExpressDirectoryAccessPointConfigurationsMap":{ + "type":"map", + "key":{"shape":"S3ExpressDirectoryAccessPointArn"}, + "value":{"shape":"S3ExpressDirectoryAccessPointConfiguration"} + }, "S3ExpressDirectoryBucketConfiguration":{ "type":"structure", "members":{ "bucketPolicy":{ "shape":"S3ExpressDirectoryBucketPolicy", "documentation":"

The proposed bucket policy for the Amazon S3 directory bucket.

" + }, + "accessPoints":{ + "shape":"S3ExpressDirectoryAccessPointConfigurationsMap", + "documentation":"

The proposed access points for the Amazon S3 directory bucket.

" } }, - "documentation":"

Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example directory bucket policies for S3 Express One Zone.

" + "documentation":"

Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example bucket policies for directory buckets in the Amazon Simple Storage Service User Guide.

" }, "S3ExpressDirectoryBucketPolicy":{"type":"string"}, "S3PublicAccessBlockConfiguration":{ @@ -3696,6 +4047,15 @@ }, "SecretsManagerSecretKmsId":{"type":"string"}, "SecretsManagerSecretPolicy":{"type":"string"}, + "ServiceControlPolicyRestriction":{ + "type":"string", + "enum":[ + "APPLICABLE", + "FAILED_TO_EVALUATE_SCP", + "NOT_APPLICABLE", + "APPLIED" + ] + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -3898,8 +4258,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response to the request.

" }, "TagsList":{ @@ -3988,7 +4347,9 @@ "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", - "ORGANIZATION_UNUSED_ACCESS" + "ORGANIZATION_UNUSED_ACCESS", + "ACCOUNT_INTERNAL_ACCESS", + "ORGANIZATION_INTERNAL_ACCESS" ] }, "UnprocessableEntityException":{ @@ -4029,8 +4390,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response to the request.

" }, "UnusedAccessConfiguration":{ @@ -4044,6 +4404,50 @@ }, "documentation":"

Contains information about an unused access analyzer.

" }, + "UnusedAccessFindingsStatistics":{ + "type":"structure", + "members":{ + "unusedAccessTypeStatistics":{ + "shape":"UnusedAccessTypeStatisticsList", + "documentation":"

A list of details about the total number of findings for each type of unused access for the analyzer.

" + }, + "topAccounts":{ + "shape":"AccountAggregations", + "documentation":"

A list of one to ten Amazon Web Services accounts that have the most active findings for the unused access analyzer.

" + }, + "totalActiveFindings":{ + "shape":"Integer", + "documentation":"

The total number of active findings for the unused access analyzer.

" + }, + "totalArchivedFindings":{ + "shape":"Integer", + "documentation":"

The total number of archived findings for the unused access analyzer.

" + }, + "totalResolvedFindings":{ + "shape":"Integer", + "documentation":"

The total number of resolved findings for the unused access analyzer.

" + } + }, + "documentation":"

Provides aggregate statistics about the findings for the specified unused access analyzer.

" + }, + "UnusedAccessTypeStatistics":{ + "type":"structure", + "members":{ + "unusedAccessType":{ + "shape":"String", + "documentation":"

The type of unused access.

" + }, + "total":{ + "shape":"Integer", + "documentation":"

The total number of findings for the specified unused access type.

" + } + }, + "documentation":"

Contains information about the total number of findings for a type of unused access.

" + }, + "UnusedAccessTypeStatisticsList":{ + "type":"list", + "member":{"shape":"UnusedAccessTypeStatistics"} + }, "UnusedAction":{ "type":"structure", "required":["action"], @@ -4408,5 +4812,5 @@ "pattern":"vpc-([0-9a-f]){8}(([0-9a-f]){9})?" } }, - "documentation":"

Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.

External access analyzers help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.

Unused access analyzers help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.

Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.

This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer in the IAM User Guide.

" + "documentation":"

Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external, internal, and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external, internal, or unused access, you first need to create an analyzer.

External access analyzers help you identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.

Internal access analyzers help you identify which principals within your organization or account have access to selected resources. This analysis supports implementing the principle of least privilege by ensuring that your specified resources can only be accessed by the intended principals within your organization.

Unused access analyzers help you identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.

Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs.

This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Using Identity and Access Management Access Analyzer in the IAM User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/account/2021-02-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/account/2021-02-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/account/2021-02-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/account/2021-02-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/account/2021-02-01/service-2.json 2.31.35-1/awscli/botocore/data/account/2021-02-01/service-2.json --- 2.23.6-1/awscli/botocore/data/account/2021-02-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/account/2021-02-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,9 +25,9 @@ "output":{"shape":"AcceptPrimaryEmailUpdateResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, - {"shape":"AccessDeniedException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], @@ -60,9 +60,9 @@ }, "input":{"shape":"DisableRegionRequest"}, "errors":[ + {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, - {"shape":"AccessDeniedException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], @@ -77,14 +77,31 @@ }, "input":{"shape":"EnableRegionRequest"}, "errors":[ + {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, - {"shape":"AccessDeniedException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], "documentation":"

Enables (opts-in) a particular Region for an account.

" }, + "GetAccountInformation":{ + "name":"GetAccountInformation", + "http":{ + "method":"POST", + "requestUri":"/getAccountInformation", + "responseCode":200 + }, + "input":{"shape":"GetAccountInformationRequest"}, + "output":{"shape":"GetAccountInformationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about the specified account including its account name, account ID, and account creation date and time. To use this API, an IAM user or role must have the account:GetAccountInformation IAM permission.

" + }, "GetAlternateContact":{ "name":"GetAlternateContact", "http":{ @@ -132,8 +149,8 @@ "output":{"shape":"GetPrimaryEmailResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], @@ -149,8 +166,8 @@ "input":{"shape":"GetRegionOptStatusRequest"}, "output":{"shape":"GetRegionOptStatusResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], @@ -166,13 +183,30 @@ "input":{"shape":"ListRegionsRequest"}, "output":{"shape":"ListRegionsResponse"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], "documentation":"

Lists all the Regions for a given account and their respective opt-in statuses. Optionally, this list can be filtered by the region-opt-status-contains parameter.

" }, + "PutAccountName":{ + "name":"PutAccountName", + "http":{ + "method":"POST", + "requestUri":"/putAccountName", + "responseCode":200 + }, + "input":{"shape":"PutAccountNameRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates the account name of the specified account. To use this API, IAM principals must have the account:PutAccountName IAM permission.

", + "idempotent":true + }, "PutAlternateContact":{ "name":"PutAlternateContact", "http":{ @@ -218,9 +252,9 @@ "output":{"shape":"StartPrimaryEmailUpdateResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, - {"shape":"AccessDeniedException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalServerException"} ], @@ -238,7 +272,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" }, "Otp":{ "shape":"Otp", @@ -263,6 +297,12 @@ "type":"structure", "required":["message"], "members":{ + "errorType":{ + "shape":"String", + "documentation":"

The value populated to the x-amzn-ErrorType response header by API Gateway.

", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "message":{"shape":"String"} }, "documentation":"

The operation failed because the calling identity doesn't have the minimum required permissions.

", @@ -272,10 +312,21 @@ }, "exception":true }, + "AccountCreatedDate":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, "AccountId":{ "type":"string", "pattern":"^\\d{12}$" }, + "AccountName":{ + "type":"string", + "max":50, + "min":1, + "pattern":"^[ -;=?-~]+$", + "sensitive":true + }, "AddressLine":{ "type":"string", "max":60, @@ -332,9 +383,15 @@ "type":"structure", "required":["message"], "members":{ + "errorType":{ + "shape":"String", + "documentation":"

The value populated to the x-amzn-ErrorType response header by API Gateway.

", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "message":{"shape":"String"} }, - "documentation":"

The request could not be processed because of a conflict in the current status of the resource. For example, this happens if you try to enable a Region that is currently being disabled (in a status of DISABLING).

", + "documentation":"

The request could not be processed because of a conflict in the current status of the resource. For example, this happens if you try to enable a Region that is currently being disabled (in a status of DISABLING) or if you try to change an account’s root user email to an email address which is already in use.

", "error":{ "httpStatusCode":409, "senderFault":true @@ -436,7 +493,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" }, "RegionName":{ "shape":"RegionName", @@ -463,7 +520,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" }, "RegionName":{ "shape":"RegionName", @@ -477,6 +534,32 @@ "min":1, "sensitive":true }, + "GetAccountInformationRequest":{ + "type":"structure", + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation.

If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation.

To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId; it must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + } + } + }, + "GetAccountInformationResponse":{ + "type":"structure", + "members":{ + "AccountCreatedDate":{ + "shape":"AccountCreatedDate", + "documentation":"

The date and time the account was created.

" + }, + "AccountId":{ + "shape":"AccountId", + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" + }, + "AccountName":{ + "shape":"AccountName", + "documentation":"

The name of the account.

" + } + } + }, "GetAlternateContactRequest":{ "type":"structure", "required":["AlternateContactType"], @@ -505,7 +588,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" } } }, @@ -524,7 +607,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" } } }, @@ -543,7 +626,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" }, "RegionName":{ "shape":"RegionName", @@ -568,6 +651,12 @@ "type":"structure", "required":["message"], "members":{ + "errorType":{ + "shape":"String", + "documentation":"

The value populated to the x-amzn-ErrorType response header by API Gateway.

", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "message":{"shape":"String"} }, "documentation":"

The operation failed because of an error internal to Amazon Web Services. Try your operation again later.

", @@ -581,7 +670,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" }, "MaxResults":{ "shape":"ListRegionsRequestMaxResultsInteger", @@ -658,6 +747,20 @@ "ACCEPTED" ] }, + "PutAccountNameRequest":{ + "type":"structure", + "required":["AccountName"], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation.

If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation.

To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId; it must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + }, + "AccountName":{ + "shape":"AccountName", + "documentation":"

The name of the account.

" + } + } + }, "PutAlternateContactRequest":{ "type":"structure", "required":[ @@ -700,7 +803,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.

To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.

" }, "ContactInformation":{ "shape":"ContactInformation", @@ -749,6 +852,12 @@ "type":"structure", "required":["message"], "members":{ + "errorType":{ + "shape":"String", + "documentation":"

The value populated to the x-amzn-ErrorType response header by API Gateway.

", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "message":{"shape":"String"} }, "documentation":"

The operation failed because it specified a resource that can't be found.

", @@ -771,7 +880,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" + "documentation":"

Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.

This operation can only be called from the management account or the delegated administrator account of an organization for a member account.

The management account can't specify its own AccountId.

" }, "PrimaryEmail":{ "shape":"PrimaryEmailAddress", @@ -805,6 +914,12 @@ "type":"structure", "required":["message"], "members":{ + "errorType":{ + "shape":"String", + "documentation":"

The value populated to the x-amzn-ErrorType response header by API Gateway.

", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "message":{"shape":"String"} }, "documentation":"

The operation failed because it was called too frequently and exceeded a throttle limit.

", diff -pruN 2.23.6-1/awscli/botocore/data/acm/2015-12-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/acm/2015-12-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/acm/2015-12-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm/2015-12-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/acm/2015-12-08/service-2.json 2.31.35-1/awscli/botocore/data/acm/2015-12-08/service-2.json --- 2.23.6-1/awscli/botocore/data/acm/2015-12-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm/2015-12-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2015-12-08", + "auth":["aws.auth#sigv4"], "endpointPrefix":"acm", "jsonVersion":"1.1", "protocol":"json", @@ -10,9 +11,9 @@ "serviceFullName":"AWS Certificate Manager", "serviceId":"ACM", "signatureVersion":"v4", + "signingName":"acm", "targetPrefix":"CertificateManager", - "uid":"acm-2015-12-08", - "auth":["aws.auth#sigv4"] + "uid":"acm-2015-12-08" }, "operations":{ "AddTagsToCertificate":{ @@ -23,13 +24,13 @@ }, "input":{"shape":"AddTagsToCertificateRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TagPolicyException"}, + {"shape":"TooManyTagsException"}, {"shape":"InvalidArnException"}, + {"shape":"ThrottlingException"}, {"shape":"InvalidTagException"}, - {"shape":"TooManyTagsException"}, - {"shape":"TagPolicyException"}, - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

Adds one or more tags to an ACM certificate. Tags are labels that you can use to identify and organize your Amazon Web Services resources. Each tag consists of a key and an optional value. You specify the certificate on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair.

You can apply a tag to just one certificate if you want to identify a specific characteristic of that certificate, or you can apply the same tag to multiple certificates if you want to filter for a common relationship among those certificates. Similarly, you can apply the same tag to multiple resources if you want to specify a relationship among those resources. For example, you can add the same tag to an ACM certificate and an Elastic Load Balancing load balancer to indicate that they are both used by the same website. For more information, see Tagging ACM certificates.

To remove one or more tags, use the RemoveTagsFromCertificate action. To view all of the tags that have been applied to the certificate, use the ListTagsForCertificate action.

" }, @@ -41,12 +42,12 @@ }, "input":{"shape":"DeleteCertificateRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"ResourceInUseException"}, - {"shape":"AccessDeniedException"}, + {"shape":"InvalidArnException"}, {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InvalidArnException"} + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Deletes a certificate and its associated private key. If this action succeeds, the certificate no longer appears in the list that can be displayed by calling the ListCertificates action or be retrieved by calling the GetCertificate action. The certificate will not be available for use by Amazon Web Services services integrated with ACM.

You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a certificate that is in use, the certificate association must first be removed.

" }, @@ -59,8 +60,8 @@ "input":{"shape":"DescribeCertificateRequest"}, "output":{"shape":"DescribeCertificateResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"} + {"shape":"InvalidArnException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Returns detailed metadata about the specified ACM certificate.

If you have just created a certificate using the RequestCertificate action, there is a delay of several seconds before you can retrieve information about it.

" }, @@ -73,11 +74,11 @@ "input":{"shape":"ExportCertificateRequest"}, "output":{"shape":"ExportCertificateResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidArnException"}, {"shape":"RequestInProgressException"}, - {"shape":"InvalidArnException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.

For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.

" + "documentation":"

Exports a private certificate issued by a private certificate authority (CA) or public certificate for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.

For information about exporting and formatting a certificate using the ACM console or CLI, see Export a private certificate and Export a public certificate.

" }, "GetAccountConfiguration":{ "name":"GetAccountConfiguration", @@ -87,8 +88,8 @@ }, "output":{"shape":"GetAccountConfigurationResponse"}, "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

Returns the account configuration options associated with an Amazon Web Services account.

" }, @@ -101,9 +102,9 @@ "input":{"shape":"GetCertificateRequest"}, "output":{"shape":"GetCertificateResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidArnException"}, {"shape":"RequestInProgressException"}, - {"shape":"InvalidArnException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

Retrieves a certificate and its certificate chain. The certificate may be either a public or private certificate issued using the ACM RequestCertificate action, or a certificate imported into ACM using the ImportCertificate action. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs. All of the certificates are base64 encoded. You can use OpenSSL to decode the certificates and inspect individual fields.

" }, @@ -116,13 +117,13 @@ "input":{"shape":"ImportCertificateRequest"}, "output":{"shape":"ImportCertificateResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"LimitExceededException"}, - {"shape":"InvalidTagException"}, - {"shape":"TooManyTagsException"}, - {"shape":"TagPolicyException"}, {"shape":"InvalidParameterException"}, - {"shape":"InvalidArnException"} + {"shape":"TagPolicyException"}, + {"shape":"TooManyTagsException"}, + {"shape":"InvalidArnException"}, + {"shape":"InvalidTagException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that integrated services allow only certificate types and keys they support to be associated with their resources. Further, their support differs depending on whether the certificate is imported into IAM or into ACM. For more information, see the documentation for each service. For more information about importing certificates into ACM, see Importing Certificates in the Certificate Manager User Guide.

ACM does not provide managed renewal for certificates that you import.

Note the following guidelines when importing third party certificates:

  • You must enter the private key that matches the certificate you are importing.

  • The private key must be unencrypted. You cannot import a private key that is protected by a password or a passphrase.

  • The private key must be no larger than 5 KB (5,120 bytes).

  • The certificate, private key, and certificate chain must be PEM-encoded.

  • The current time must be between the Not Before and Not After certificate fields.

  • The Issuer field must not be empty.

  • The OCSP authority URL, if present, must not exceed 1000 characters.

  • To import a new certificate, omit the CertificateArn argument. Include this argument only when you want to replace a previously imported certificate.

  • When you import a certificate by using the CLI, you must specify the certificate, the certificate chain, and the private key by their file names preceded by fileb://. For example, you can specify a certificate saved in the C:\\temp folder as fileb://C:\\temp\\certificate_to_import.pem. If you are making an HTTP or HTTPS Query request, include these arguments as BLOBs.

  • When you import a certificate by using an SDK, you must specify the certificate, the certificate chain, and the private key files in the manner required by the programming language you're using.

  • The cryptographic algorithm of an imported certificate must match the algorithm of the signing CA. For example, if the signing CA key type is RSA, then the certificate key type must also be RSA.

This operation returns the Amazon Resource Name (ARN) of the imported certificate.

" }, @@ -135,10 +136,10 @@ "input":{"shape":"ListCertificatesRequest"}, "output":{"shape":"ListCertificatesResponse"}, "errors":[ - {"shape":"InvalidArgsException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"InvalidArgsException"} ], - "documentation":"

Retrieves a list of certificate ARNs and domain names. By default, the API returns RSA_2048 certificates. To return all certificates in the account, include the keyType filter with the values [RSA_1024, RSA_2048, RSA_3072, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1].

In addition to keyType, you can also filter by the CertificateStatuses, keyUsage, and extendedKeyUsage attributes on the certificate. For more information, see Filters.

" + "documentation":"

Retrieves a list of certificate ARNs and domain names. You can request that only certificates that match a specific status be listed. You can also filter by specific attributes of the certificate. Default filtering returns only RSA_2048 certificates. For more information, see Filters.

" }, "ListTagsForCertificate":{ "name":"ListTagsForCertificate", @@ -149,8 +150,8 @@ "input":{"shape":"ListTagsForCertificateRequest"}, "output":{"shape":"ListTagsForCertificateResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"} + {"shape":"InvalidArnException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Lists the tags that have been applied to the ACM certificate. Use the certificate's Amazon Resource Name (ARN) to specify the certificate. To add a tag to an ACM certificate, use the AddTagsToCertificate action. To delete a tag, use the RemoveTagsFromCertificate action.

" }, @@ -164,8 +165,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

Adds or modifies account-level configurations in ACM.

The supported configuration option is DaysBeforeExpiry. This option specifies the number of days prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event per day per certificate until the certificate expires. By default, accounts receive events starting 45 days before certificate expiration.

" }, @@ -177,12 +178,12 @@ }, "input":{"shape":"RemoveTagsFromCertificateRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TagPolicyException"}, {"shape":"InvalidArnException"}, + {"shape":"ThrottlingException"}, {"shape":"InvalidTagException"}, - {"shape":"TagPolicyException"}, - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

Remove one or more tags from an ACM certificate. A tag consists of a key-value pair. If you do not specify the value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify a value, the tag is removed only if it is associated with the specified value.

To add tags to a certificate, use the AddTagsToCertificate action. To view all of the tags that have been applied to a specific ACM certificate, use the ListTagsForCertificate action.

" }, @@ -194,10 +195,11 @@ }, "input":{"shape":"RenewCertificateRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"} + {"shape":"InvalidArnException"}, + {"shape":"RequestInProgressException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Renews an eligible ACM certificate. At this time, only exported private certificates can be renewed with this operation. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal permission to do so. For more information, see Testing Managed Renewal in the ACM User Guide.

" + "documentation":"

Renews an eligible ACM certificate. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal permission to do so. For more information, see Testing Managed Renewal in the ACM User Guide.

" }, "RequestCertificate":{ "name":"RequestCertificate", @@ -208,15 +210,15 @@ "input":{"shape":"RequestCertificateRequest"}, "output":{"shape":"RequestCertificateResponse"}, "errors":[ - {"shape":"LimitExceededException"}, - {"shape":"InvalidDomainValidationOptionsException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TagPolicyException"}, + {"shape":"TooManyTagsException"}, {"shape":"InvalidArnException"}, {"shape":"InvalidTagException"}, - {"shape":"TooManyTagsException"}, - {"shape":"TagPolicyException"}, - {"shape":"InvalidParameterException"} + {"shape":"InvalidDomainValidationOptionsException"}, + {"shape":"LimitExceededException"} ], - "documentation":"

Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify additional FQDNs in the SubjectAlternativeNames parameter.

If you are requesting a private certificate, domain validation is not required. If you are requesting a public certificate, each domain name that you specify must be validated to verify that you own or control the domain. You can use DNS validation or email validation. We recommend that you use DNS validation. ACM issues public certificates after receiving approval from the domain owner.

ACM behavior differs from the RFC 6125 specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it finds one, ignores the common name (CN).

After successful completion of the RequestCertificate action, there is a delay of several seconds before you can retrieve information about the new certificate.

" + "documentation":"

Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify additional FQDNs in the SubjectAlternativeNames parameter.

If you are requesting a private certificate, domain validation is not required. If you are requesting a public certificate, each domain name that you specify must be validated to verify that you own or control the domain. You can use DNS validation or email validation. We recommend that you use DNS validation.

ACM behavior differs from the RFC 6125 specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it finds one, ignores the common name (CN).

After successful completion of the RequestCertificate action, there is a delay of several seconds before you can retrieve information about the new certificate.

" }, "ResendValidationEmail":{ "name":"ResendValidationEmail", @@ -226,13 +228,31 @@ }, "input":{"shape":"ResendValidationEmailRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidStateException"}, {"shape":"InvalidArnException"}, - {"shape":"InvalidDomainValidationOptionsException"} + {"shape":"InvalidDomainValidationOptionsException"}, + {"shape":"InvalidStateException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Resends the email that requests domain ownership validation. The domain owner or an authorized representative must approve the ACM certificate before it can be issued. The certificate can be approved by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking I Approve. However, the validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can request that the mail be resent within 72 hours of requesting the ACM certificate. If more than 72 hours have elapsed since your original request or since your last attempt to resend validation mail, you must request a new certificate. For more information about setting up your contact email addresses, see Configure Email for your Domain.

" }, + "RevokeCertificate":{ + "name":"RevokeCertificate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RevokeCertificateRequest"}, + "output":{"shape":"RevokeCertificateResponse"}, + "errors":[ + {"shape":"ResourceInUseException"}, + {"shape":"InvalidArnException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Revokes a public ACM certificate. You can only revoke certificates that have been previously exported.

" + }, "UpdateCertificateOptions":{ "name":"UpdateCertificateOptions", "http":{ @@ -241,12 +261,12 @@ }, "input":{"shape":"UpdateCertificateOptionsRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidArnException"}, {"shape":"LimitExceededException"}, {"shape":"InvalidStateException"}, - {"shape":"InvalidArnException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Updates a certificate. Currently, you can use this function to specify whether to opt in to or out of recording your certificate in a certificate transparency log. For more information, see Opting Out of Certificate Transparency Logging.

" + "documentation":"

Updates a certificate. You can use this function to specify whether to opt in to or out of recording your certificate in a certificate transparency log and exporting. For more information, see Opting Out of Certificate Transparency Logging and Certificate Manager Exportable Managed Certificates.

" } }, "shapes":{ @@ -256,8 +276,7 @@ "Message":{"shape":"ServiceErrorMessage"} }, "documentation":"

You do not have access required to perform this action.

", - "exception":true, - "synthetic":true + "exception":true }, "AddTagsToCertificateRequest":{ "type":"structure", @@ -320,6 +339,10 @@ "shape":"DomainList", "documentation":"

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

" }, + "ManagedBy":{ + "shape":"CertificateManagedBy", + "documentation":"

Identifies the Amazon Web Services service that manages the certificate issued by ACM.

" + }, "DomainValidationOptions":{ "shape":"DomainValidationList", "documentation":"

Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request. This field exists only when the certificate type is AMAZON_ISSUED.

" @@ -415,15 +438,30 @@ }, "documentation":"

Contains metadata about an ACM certificate. This structure is returned in the response to a DescribeCertificate request.

" }, + "CertificateExport":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "CertificateManagedBy":{ + "type":"string", + "enum":["CLOUDFRONT"] + }, "CertificateOptions":{ "type":"structure", "members":{ "CertificateTransparencyLoggingPreference":{ "shape":"CertificateTransparencyLoggingPreference", "documentation":"

You can opt out of certificate transparency logging by specifying the DISABLED option. Opt in by specifying ENABLED.

" + }, + "Export":{ + "shape":"CertificateExport", + "documentation":"

You can opt in to allow the export of your certificates by specifying ENABLED.

" } }, - "documentation":"

Structure that contains options for your certificate. Currently, you can use this only to specify whether to opt in to or out of certificate transparency logging. Some browsers require that public certificates issued for your domain be recorded in a log. Certificates that are not logged typically generate a browser error. Transparency makes it possible for you to detect SSL/TLS certificates that have been mistakenly or maliciously issued for your domain. For general information, see Certificate Transparency Logging.

" + "documentation":"

Structure that contains options for your certificate. You can use this structure to specify whether to opt in to or out of certificate transparency logging and export your certificate.

Some browsers require that public certificates issued for your domain be recorded in a log. Certificates that are not logged typically generate a browser error. Transparency makes it possible for you to detect SSL/TLS certificates that have been mistakenly or maliciously issued for your domain. For general information, see Certificate Transparency Logging.

You can export public ACM certificates to use with Amazon Web Services services as well as outside Amazon Web Services Cloud. For more information, see Certificate Manager exportable public certificate.

" }, "CertificateStatus":{ "type":"string", @@ -454,12 +492,11 @@ }, "SubjectAlternativeNameSummaries":{ "shape":"DomainList", - "documentation":"

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

When called by ListCertificates, this parameter will only return the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.

" + "documentation":"

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

When called by ListCertificates, this parameter will only return the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.

" }, "HasAdditionalSubjectAlternativeNames":{ "shape":"NullableBoolean", - "documentation":"

When called by ListCertificates, indicates whether the full list of subject alternative names has been included in the response. If false, the response includes all of the subject alternative names included in the certificate. If true, the response only includes the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.

", - "box":true + "documentation":"

When called by ListCertificates, indicates whether the full list of subject alternative names has been included in the response. If false, the response includes all of the subject alternative names included in the certificate. If true, the response only includes the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.

" }, "Status":{ "shape":"CertificateStatus", @@ -481,15 +518,17 @@ "shape":"ExtendedKeyUsageNames", "documentation":"

Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).

" }, + "ExportOption":{ + "shape":"CertificateExport", + "documentation":"

Indicates if export is enabled for the certificate.

" + }, "InUse":{ "shape":"NullableBoolean", - "documentation":"

Indicates whether the certificate is currently in use by any Amazon Web Services resources.

", - "box":true + "documentation":"

Indicates whether the certificate is currently in use by any Amazon Web Services resources.

" }, "Exported":{ "shape":"NullableBoolean", - "documentation":"

Indicates whether the certificate has been exported. This value exists only when the certificate type is PRIVATE.

", - "box":true + "documentation":"

Indicates whether the certificate has been exported. This value exists only when the certificate type is PRIVATE.

" }, "RenewalEligibility":{ "shape":"RenewalEligibility", @@ -518,6 +557,10 @@ "RevokedAt":{ "shape":"TStamp", "documentation":"

The time at which the certificate was revoked. This value exists only when the certificate status is REVOKED.

" + }, + "ManagedBy":{ + "shape":"CertificateManagedBy", + "documentation":"

Identifies the Amazon Web Services service that manages the certificate issued by ACM.

" } }, "documentation":"

This structure is returned in the response object of ListCertificates action.

" @@ -588,7 +631,7 @@ "type":"string", "max":253, "min":1, - "pattern":"^(\\*\\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$" + "pattern":"(\\*\\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])" }, "DomainStatus":{ "type":"string", @@ -616,11 +659,15 @@ }, "ValidationStatus":{ "shape":"DomainStatus", - "documentation":"

The validation status of the domain name. This can be one of the following values:

  • PENDING_VALIDATION

  • SUCCESS

  • FAILED

" + "documentation":"

The validation status of the domain name. This can be one of the following values:

  • PENDING_VALIDATION

  • SUCCESS

  • FAILED

" }, "ResourceRecord":{ "shape":"ResourceRecord", - "documentation":"

Contains the CNAME record that you add to your DNS database for domain validation. For more information, see Use DNS to Validate Domain Ownership.

Note: The CNAME information that you need does not include the name of your domain. If you include
 your domain name in the DNS database CNAME record, validation fails.
 For example, if the name is \"_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com\", only \"_a79865eb4cd1a6ab990a45779b4e0b96\" must be used.

" + "documentation":"

Contains the CNAME record that you add to your DNS database for domain validation. For more information, see Use DNS to Validate Domain Ownership.

The CNAME information that you need does not include the name of your domain. If you include your domain name in the DNS database CNAME record, validation fails. For example, if the name is _a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com, only _a79865eb4cd1a6ab990a45779b4e0b96 must be used.

" + }, + "HttpRedirect":{ + "shape":"HttpRedirect", + "documentation":"

Contains information for HTTP-based domain validation of certificates requested through Amazon CloudFront and issued by ACM. This field exists only when the certificate type is AMAZON_ISSUED and the validation method is HTTP.

" }, "ValidationMethod":{ "shape":"ValidationMethod", @@ -782,6 +829,14 @@ "keyTypes":{ "shape":"KeyAlgorithmList", "documentation":"

Specify one or more algorithms that can be used to generate key pairs.

Default filtering returns only RSA_1024 and RSA_2048 certificates that have at least one domain. To return other certificate types, provide the desired type signatures in a comma-separated list. For example, \"keyTypes\": [\"RSA_2048\",\"RSA_4096\"] returns both RSA_2048 and RSA_4096 certificates.

" + }, + "exportOption":{ + "shape":"CertificateExport", + "documentation":"

Specify ENABLED or DISABLED to identify certificates that can be exported.

" + }, + "managedBy":{ + "shape":"CertificateManagedBy", + "documentation":"

Identifies the Amazon Web Services service that manages the certificate issued by ACM.

" } }, "documentation":"

This structure can be used in the ListCertificates action to filter the output of the certificate list.

" @@ -818,6 +873,20 @@ } } }, + "HttpRedirect":{ + "type":"structure", + "members":{ + "RedirectFrom":{ + "shape":"String", + "documentation":"

The URL including the domain to be validated. The certificate authority sends GET requests here during validation.

" + }, + "RedirectTo":{ + "shape":"String", + "documentation":"

The URL hosting the validation token. RedirectFrom must return this content or redirect here.

" + } + }, + "documentation":"

Contains information for HTTP-based domain validation of certificates requested through Amazon CloudFront and issued by ACM. This field exists only when the certificate type is AMAZON_ISSUED and the validation method is HTTP.

" + }, "IdempotencyToken":{ "type":"string", "max":32, @@ -871,7 +940,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

One or more of of request parameters specified is not valid.

", + "documentation":"

One or more of request parameters specified is not valid.

", "exception":true }, "InvalidArnException":{ @@ -1039,6 +1108,7 @@ }, "MaxItems":{ "type":"integer", + "box":true, "max":1000, "min":1 }, @@ -1048,7 +1118,10 @@ "min":1, "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*" }, - "NullableBoolean":{"type":"boolean"}, + "NullableBoolean":{ + "type":"boolean", + "box":true + }, "PassphraseBlob":{ "type":"blob", "max":128, @@ -1063,6 +1136,7 @@ }, "PositiveInteger":{ "type":"integer", + "box":true, "min":1 }, "PrivateKey":{ @@ -1192,7 +1266,7 @@ }, "Options":{ "shape":"CertificateOptions", - "documentation":"

Currently, you can use this parameter to specify whether to add the certificate to a certificate transparency log. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser. For more information, see Opting Out of Certificate Transparency Logging.

" + "documentation":"

You can use this parameter to specify whether to add the certificate to a certificate transparency log and export your certificate.

Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser. For more information, see Opting Out of Certificate Transparency Logging.

You can export public ACM certificates to use with Amazon Web Services services as well as outside the Amazon Web Services Cloud. For more information, see Certificate Manager exportable public certificate.

" }, "CertificateAuthorityArn":{ "shape":"PcaArn", @@ -1205,6 +1279,10 @@ "KeyAlgorithm":{ "shape":"KeyAlgorithm", "documentation":"

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some Amazon Web Services services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the Amazon Web Services service where you plan to deploy your certificate. For more information about selecting an algorithm, see Key algorithms.

Algorithms supported for an ACM certificate request include:

  • RSA_2048

  • EC_prime256v1

  • EC_secp384r1

Other listed algorithms are for imported certificates only.

When you request a private PKI certificate signed by a CA from Amazon Web Services Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.

Default: RSA_2048

" + }, + "ManagedBy":{ + "shape":"CertificateManagedBy", + "documentation":"

Identifies the Amazon Web Services service that manages the certificate issued by ACM.

" } } }, @@ -1294,6 +1372,7 @@ "CA_COMPROMISE", "AFFILIATION_CHANGED", "SUPERCEDED", + "SUPERSEDED", "CESSATION_OF_OPERATION", "CERTIFICATE_HOLD", "REMOVE_FROM_CRL", @@ -1301,6 +1380,32 @@ "A_A_COMPROMISE" ] }, + "RevokeCertificateRequest":{ + "type":"structure", + "required":[ + "CertificateArn", + "RevocationReason" + ], + "members":{ + "CertificateArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the public or private certificate that will be revoked. The ARN must have the following form:

arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012

" + }, + "RevocationReason":{ + "shape":"RevocationReason", + "documentation":"

Specifies why you revoked the certificate.

" + } + } + }, + "RevokeCertificateResponse":{ + "type":"structure", + "members":{ + "CertificateArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the public or private certificate that was revoked.

" + } + } + }, "ServiceErrorMessage":{"type":"string"}, "SortBy":{ "type":"string", @@ -1362,8 +1467,7 @@ "message":{"shape":"AvailabilityErrorMessage"} }, "documentation":"

The request was denied because it exceeded a quota.

", - "exception":true, - "synthetic":true + "exception":true }, "TooManyTagsException":{ "type":"structure", @@ -1386,7 +1490,7 @@ }, "Options":{ "shape":"CertificateOptions", - "documentation":"

Use to update the options for your certificate. Currently, you can specify whether to add your certificate to a transparency log. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser.

" + "documentation":"

Use to update the options for your certificate. Currently, you can specify whether to add your certificate to a transparency log or export your certificate. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser.

" } } }, @@ -1400,17 +1504,17 @@ "message":{"shape":"ValidationExceptionMessage"} }, "documentation":"

The supplied input failed to satisfy constraints of an Amazon Web Services service.

", - "exception":true, - "synthetic":true + "exception":true }, "ValidationExceptionMessage":{"type":"string"}, "ValidationMethod":{ "type":"string", "enum":[ "EMAIL", - "DNS" + "DNS", + "HTTP" ] } }, - "documentation":"Certificate Manager

You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and applications. For more information about using ACM, see the Certificate Manager User Guide.

" + "documentation":"

Certificate Manager

You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and applications. For more information about using ACM, see the Certificate Manager User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/acm/2015-12-08/waiters-2.json 2.31.35-1/awscli/botocore/data/acm/2015-12-08/waiters-2.json --- 2.23.6-1/awscli/botocore/data/acm/2015-12-08/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm/2015-12-08/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,35 +1,30 @@ { - "version": 2, - "waiters": { - "CertificateValidated": { - "delay": 60, - "maxAttempts": 40, - "operation": "DescribeCertificate", - "acceptors": [ - { - "matcher": "pathAll", - "expected": "SUCCESS", - "argument": "Certificate.DomainValidationOptions[].ValidationStatus", - "state": "success" - }, - { - "matcher": "pathAny", - "expected": "PENDING_VALIDATION", - "argument": "Certificate.DomainValidationOptions[].ValidationStatus", - "state": "retry" - }, - { - "matcher": "path", - "expected": "FAILED", - "argument": "Certificate.Status", - "state": "failure" - }, - { - "matcher": "error", - "expected": "ResourceNotFoundException", - "state": "failure" - } - ] + "version" : 2, + "waiters" : { + "CertificateValidated" : { + "delay" : 60, + "maxAttempts" : 5, + "operation" : "DescribeCertificate", + "acceptors" : [ { + "matcher" : "pathAll", + "argument" : "Certificate.DomainValidationOptions[].ValidationStatus", + "state" : "success", + "expected" : "SUCCESS" + }, { + "matcher" : "pathAny", + "argument" : "Certificate.DomainValidationOptions[].ValidationStatus", + "state" : "retry", + "expected" : "PENDING_VALIDATION" + }, { + "matcher" : "path", + "argument" : "Certificate.Status", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ResourceNotFoundException" + } ] } } -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/service-2.json 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/service-2.json --- 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -43,10 +43,10 @@ "output":{"shape":"CreateCertificateAuthorityAuditReportResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"}, {"shape":"InvalidArgsException"}, - {"shape":"RequestFailedException"}, + {"shape":"InvalidArnException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"RequestInProgressException"} ], "documentation":"

Creates an audit report that lists every time that your CA private key is used to issue a certificate. The IssueCertificate and RevokeCertificate actions use the private key.

To save the audit report to your designated Amazon S3 bucket, you must create a bucket policy that grants Amazon Web Services Private CA permission to access and write to it. For an example policy, see Prepare an Amazon S3 bucket for audit reports.

Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your Audit Reports.

You can generate a maximum of one report every 30 minutes.

", @@ -64,8 +64,8 @@ {"shape":"PermissionAlreadyExistsException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, - {"shape":"InvalidStateException"} + {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"} ], "documentation":"

Grants one or more permissions on a private CA to the Certificate Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services account as the CA.

You can list current permissions with the ListPermissions action and revoke them with the DeletePermission action.

About Permissions

  • If the private CA and the certificates it issues reside in the same account, you can use CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.

  • For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list certificates.

  • If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with Amazon Web Services Private CA.

" }, @@ -82,7 +82,7 @@ {"shape":"InvalidStateException"}, {"shape":"ConcurrentModificationException"} ], - "documentation":"

Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA that you want to delete. You can find the ARN by calling the ListCertificateAuthorities action.

Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy.

Before you can delete a CA that you have created and activated, you must disable it. To do this, call the UpdateCertificateAuthority action and set the CertificateAuthorityStatus parameter to DISABLED.

Additionally, you can delete a CA if you are waiting for it to be created (that is, the status of the CA is CREATING). You can also delete it if the CA has been created but you haven't yet imported the signed certificate into Amazon Web Services Private CA (that is, the status of the CA is PENDING_CERTIFICATE).

When you successfully call DeleteCertificateAuthority, the CA's status changes to DELETED. However, the CA won't be permanently deleted until the restoration period has passed. By default, if you do not set the PermanentDeletionTimeInDays parameter, the CA remains restorable for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority action returns the time remaining in the restoration window of a private CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority action.

" + "documentation":"

Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA that you want to delete. You can find the ARN by calling the ListCertificateAuthorities action.

Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy.

Before you can delete a CA that you have created and activated, you must disable it. To do this, call the UpdateCertificateAuthority action and set the CertificateAuthorityStatus parameter to DISABLED.

Additionally, you can delete a CA if you are waiting for it to be created (that is, the status of the CA is CREATING). You can also delete it if the CA has been created but you haven't yet imported the signed certificate into Amazon Web Services Private CA (that is, the status of the CA is PENDING_CERTIFICATE).

When you successfully call DeleteCertificateAuthority, the CA's status changes to DELETED. However, the CA won't be permanently deleted until the restoration period has passed. By default, if you do not set the PermanentDeletionTimeInDays parameter, the CA remains restorable for 30 days. You can set the parameter from 7 to 30 days. The DescribeCertificateAuthority action returns the time remaining in the restoration window of a private CA in the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority action.

A private CA can be deleted if it is in the PENDING_CERTIFICATE, CREATING, EXPIRED, DISABLED, or FAILED state. To delete a CA in the ACTIVE state, you must first disable it, or else the delete request results in an exception. If you are deleting a private CA in the PENDING_CERTIFICATE or DISABLED state, you can set the length of its restoration period to 7-30 days. The default is 30. During this time, the status is set to DELETED and the CA can be restored. A private CA deleted in the CREATING or FAILED state has no assigned restoration period and cannot be restored.

" }, "DeletePermission":{ "name":"DeletePermission", @@ -94,8 +94,8 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, - {"shape":"InvalidStateException"} + {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"} ], "documentation":"

Revokes permissions on a private CA granted to the Certificate Manager (ACM) service principal (acm.amazonaws.com).

These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services account as the CA. If you revoke these permissions, ACM will no longer renew the affected certificates automatically.

Permissions can be granted with the CreatePermission action and listed with the ListPermissions action.

About Permissions

  • If the private CA and the certificates it issues reside in the same account, you can use CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.

  • For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list certificates.

  • If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with Amazon Web Services Private CA.

" }, @@ -110,8 +110,8 @@ {"shape":"LockoutPreventedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"ConcurrentModificationException"} ], "documentation":"

Deletes the resource-based policy attached to a private CA. Deletion will remove any access that the policy has granted. If there is no policy attached to the private CA, this action will return successful.

If you delete a policy that was applied through Amazon Web Services Resource Access Manager (RAM), the CA will be removed from all shares in which it was included.

The Certificate Manager Service Linked Role that the policy supports is not affected when you delete the policy.

The current policy can be shown with GetPolicy and updated with PutPolicy.

About Policies

  • A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA administrator. For more information, see Using a Resource Based Policy with Amazon Web Services Private CA.

  • A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.

  • For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.

  • Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see Attach a Policy for Cross-Account Access.

" @@ -140,8 +140,8 @@ "output":{"shape":"DescribeCertificateAuthorityAuditReportResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"}, - {"shape":"InvalidArgsException"} + {"shape":"InvalidArgsException"}, + {"shape":"InvalidArnException"} ], "documentation":"

Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport action. Audit information is created every time the certificate authority (CA) private key is used. The private key is used when you call the IssueCertificate action or the RevokeCertificate action.

" }, @@ -156,11 +156,11 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"RequestInProgressException"} ], - "documentation":"

Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is returned when you call the IssueCertificate action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the GetCertificate action. You can retrieve the certificate if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport action to create a report that contains information about all of the certificates issued and revoked by your private CA.

" + "documentation":"

Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is returned when you call the IssueCertificate action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the GetCertificate action. You can retrieve the certificate if it is in the ISSUED, EXPIRED, or REVOKED state. You can call the CreateCertificateAuthorityAuditReport action to create a report that contains information about all of the certificates issued and revoked by your private CA.

" }, "GetCertificateAuthorityCertificate":{ "name":"GetCertificateAuthorityCertificate", @@ -188,8 +188,8 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"RequestInProgressException"} ], "documentation":"

Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created when you call the CreateCertificateAuthority action. Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA. Then import the signed certificate back into Amazon Web Services Private CA by calling the ImportCertificateAuthorityCertificate action. The CSR is returned as a base64 PEM-encoded string.

" @@ -205,8 +205,8 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, - {"shape":"InvalidStateException"} + {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"} ], "documentation":"

Retrieves the resource-based policy attached to a private CA. If either the private CA resource or the policy cannot be found, this action returns a ResourceNotFoundException.

The policy can be attached or updated with PutPolicy and removed with DeletePolicy.

About Policies

  • A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA administrator. For more information, see Using a Resource Based Policy with Amazon Web Services Private CA.

  • A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.

  • For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.

  • Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see Attach a Policy for Cross-Account Access.

" }, @@ -223,8 +223,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, {"shape":"InvalidRequestException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"ConcurrentModificationException"}, {"shape":"RequestInProgressException"} ], @@ -241,8 +241,8 @@ "errors":[ {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"}, {"shape":"InvalidArgsException"}, + {"shape":"InvalidArnException"}, {"shape":"InvalidStateException"}, {"shape":"MalformedCSRException"} ], @@ -273,8 +273,8 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"InvalidNextTokenException"} ], "documentation":"

List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal (acm.amazonaws.com).

These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services account as the CA.

Permissions can be granted with the CreatePermission action and revoked with the DeletePermission action.

About Permissions

  • If the private CA and the certificates it issues reside in the same account, you can use CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.

  • For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list certificates.

  • If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with Amazon Web Services Private CA.

" @@ -290,7 +290,8 @@ "errors":[ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"InvalidStateException"} + {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"} ], "documentation":"

Lists the tags, if any, that are associated with your private CA or one that has been shared with you. Tags are labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call the TagCertificateAuthority action to add one or more tags to your CA. Call the UntagCertificateAuthority action to remove tags.

" }, @@ -305,8 +306,8 @@ {"shape":"LockoutPreventedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"ConcurrentModificationException"}, {"shape":"InvalidPolicyException"} ], @@ -339,8 +340,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArnException"}, {"shape":"InvalidRequestException"}, - {"shape":"RequestFailedException"}, {"shape":"InvalidStateException"}, + {"shape":"RequestFailedException"}, {"shape":"ConcurrentModificationException"}, {"shape":"RequestInProgressException"} ], @@ -386,8 +387,8 @@ "input":{"shape":"UpdateCertificateAuthorityRequest"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidArnException"}, {"shape":"InvalidArgsException"}, + {"shape":"InvalidArnException"}, {"shape":"InvalidStateException"}, {"shape":"ConcurrentModificationException"}, {"shape":"InvalidPolicyException"} @@ -470,7 +471,7 @@ }, "AWSPolicy":{ "type":"string", - "max":20480, + "max":81920, "min":1, "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" }, @@ -644,7 +645,7 @@ }, "KeyStorageSecurityStandard":{ "shape":"KeyStorageSecurityStandard", - "documentation":"

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message \"A certificate authority cannot be created in this region with the specified security standard.\"

" + "documentation":"

Defines a cryptographic key management compliance standard for handling and protecting CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Starting January 26, 2023, Amazon Web Services Private CA protects all CA private keys in non-China regions using hardware security modules (HSMs) that comply with FIPS PUB 140-2 Level 3.

For information about security standard support in different Amazon Web Services Regions, see Storage and security compliance of Amazon Web Services Private CA private keys.

" }, "UsageMode":{ "shape":"CertificateAuthorityUsageMode", @@ -812,7 +813,7 @@ }, "KeyStorageSecurityStandard":{ "shape":"KeyStorageSecurityStandard", - "documentation":"

Specifies a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Some Amazon Web Services Regions do not support the default. When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard. Failure to do this results in an InvalidArgsException with the message, \"A certificate authority cannot be created in this region with the specified security standard.\"

For information about security standard support in various Regions, see Storage and security compliance of Amazon Web Services Private CA private keys.

" + "documentation":"

Specifies a cryptographic key management compliance standard for handling and protecting CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Some Amazon Web Services Regions don't support the default value. When you create a CA in these Regions, you must use CCPC_LEVEL_1_OR_HIGHER for the KeyStorageSecurityStandard parameter. If you don't, the operation returns an InvalidArgsException with this message: \"A certificate authority cannot be created in this region with the specified security standard.\"

For information about security standard support in different Amazon Web Services Regions, see Storage and security compliance of Amazon Web Services Private CA private keys.

" }, "Tags":{ "shape":"TagList", @@ -887,6 +888,14 @@ "CrlDistributionPointExtensionConfiguration":{ "shape":"CrlDistributionPointExtensionConfiguration", "documentation":"

Configures the behavior of the CRL Distribution Point extension for certificates issued by your certificate authority. If this field is not provided, then the CRl Distribution Point Extension will be present and contain the default CRL URL.

" + }, + "CrlType":{ + "shape":"CrlType", + "documentation":"

Specifies whether to create a complete or partitioned CRL. This setting determines the maximum number of certificates that the certificate authority can issue and revoke. For more information, see Amazon Web Services Private CA quotas.

  • COMPLETE - The default setting. Amazon Web Services Private CA maintains a single CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that Amazon Web Services Private CA issues is bound to a specific CRL through its CRL distribution point (CDP) extension, defined in RFC 5280.

  • PARTITIONED - Compared to complete CRLs, partitioned CRLs dramatically increase the number of certificates your private CA can issue.

    When using partitioned CRLs, you must validate that the CRL's associated issuing distribution point (IDP) URI matches the certificate's CDP URI to ensure the right CRL has been fetched. Amazon Web Services Private CA marks the IDP extension as critical, which your client must be able to process.

" + }, + "CustomPath":{ + "shape":"CrlPathString", + "documentation":"

Designates a custom file path in S3 for CRL(s). For example, http://<CustomName>/ <CustomPath>/<CrlPartition_GUID>.crl.

" } }, "documentation":"

Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA by default copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. If you want to configure this default behavior to be something different, you can set the CrlDistributionPointExtensionConfiguration parameter. Your S3 bucket policy must give write permission to Amazon Web Services Private CA.

Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.

Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.

A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, Amazon Web Services Private CA makes further attempts every 15 minutes.

CRLs contain the following fields:

  • Version: The current version number defined in RFC 5280 is V2. The integer value is 0x1.

  • Signature Algorithm: The name of the algorithm used to sign the CRL.

  • Issuer: The X.500 distinguished name of your private CA that issued the CRL.

  • Last Update: The issue date and time of this CRL.

  • Next Update: The day and time by which the next CRL will be issued.

  • Revoked Certificates: List of revoked certificates. Each list item contains the following information.

    • Serial Number: The serial number, in hexadecimal format, of the revoked certificate.

    • Revocation Date: Date and time the certificate was revoked.

    • CRL Entry Extensions: Optional extensions for the CRL entry.

      • X509v3 CRL Reason Code: Reason the certificate was revoked.

  • CRL Extensions: Optional extensions for the CRL.

    • X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the certificate.

    • X509v3 CRL Number:: Decimal sequence number for the CRL.

  • Signature Algorithm: Algorithm used by your private CA to sign the CRL.

  • Signature Value: Signature computed over the CRL.

Certificate revocation lists created by Amazon Web Services Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.

openssl crl -inform DER -text -in crl_path -noout

For more information, see Planning a certificate revocation list (CRL) in the Amazon Web Services Private Certificate Authority User Guide

" @@ -903,6 +912,19 @@ }, "documentation":"

Contains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA. This extension contains a link to download the CRL, so you can check whether a certificate has been revoked. To choose whether you want this extension omitted or not in certificates issued by your CA, you can set the OmitExtension parameter.

" }, + "CrlPathString":{ + "type":"string", + "max":253, + "min":0, + "pattern":"[-a-zA-Z0-9;?:@&=+$,%_.!~*()']+(/[-a-zA-Z0-9;?:@&=+$,%_.!~*()']+)*" + }, + "CrlType":{ + "type":"string", + "enum":[ + "COMPLETE", + "PARTITIONED" + ] + }, "CsrBlob":{ "type":"blob", "max":32768, @@ -1283,7 +1305,7 @@ "members":{ "ResourceArn":{ "shape":"Arn", - "documentation":"

The Amazon Resource Number (ARN) of the private CA that will have its policy retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities action. 

 </p>
" + "documentation":"

The Amazon Resource Number (ARN) of the private CA that will have its policy retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities action.

" } } }, @@ -1441,9 +1463,14 @@ "type":"string", "enum":[ "RSA_2048", + "RSA_3072", "RSA_4096", "EC_prime256v1", "EC_secp384r1", + "EC_secp521r1", + "ML_DSA_44", + "ML_DSA_65", + "ML_DSA_87", "SM2" ] }, @@ -1927,7 +1954,10 @@ "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA", - "SM3WITHSM2" + "SM3WITHSM2", + "ML_DSA_44", + "ML_DSA_65", + "ML_DSA_87" ] }, "String":{"type":"string"}, diff -pruN 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/waiters-2.json 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/waiters-2.json --- 2.23.6-1/awscli/botocore/data/acm-pca/2017-08-22/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/acm-pca/2017-08-22/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,76 +1,64 @@ { - "version": 2, - "waiters": { - "CertificateAuthorityCSRCreated": { - "description": "Wait until a Certificate Authority CSR is created", - "operation": "GetCertificateAuthorityCsr", - "delay": 3, - "maxAttempts": 60, - "acceptors": [ - { - "state": "success", - "matcher": "status", - "expected": 200 - }, - { - "state": "retry", - "matcher": "error", - "expected": "RequestInProgressException" - }, - { - "state": "failure", - "matcher": "error", - "expected": "AccessDeniedException" - } - ] - }, - "CertificateIssued": { - "description": "Wait until a certificate is issued", - "operation": "GetCertificate", - "delay": 1, - "maxAttempts": 60, - "acceptors": [ - { - "state": "success", - "matcher": "status", - "expected": 200 - }, - { - "state": "retry", - "matcher": "error", - "expected": "RequestInProgressException" - }, - { - "state": "failure", - "matcher": "error", - "expected": "AccessDeniedException" - } - ] - }, - "AuditReportCreated": { - "description": "Wait until a Audit Report is created", - "operation": "DescribeCertificateAuthorityAuditReport", - "delay": 3, - "maxAttempts": 60, - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "AuditReportStatus", - "expected": "SUCCESS" - }, - { - "state": "failure", - "matcher": "path", - "argument": "AuditReportStatus", - "expected": "FAILED" - }, - { - "state": "failure", - "matcher": "error", - "expected": "AccessDeniedException" - } - ] - } + "version" : 2, + "waiters" : { + "AuditReportCreated" : { + "description" : "Wait until a Audit Report is created", + "delay" : 3, + "maxAttempts" : 60, + "operation" : "DescribeCertificateAuthorityAuditReport", + "acceptors" : [ { + "matcher" : "path", + "argument" : "AuditReportStatus", + "state" : "success", + "expected" : "SUCCESS" + }, { + "matcher" : "path", + "argument" : "AuditReportStatus", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "AccessDeniedException" + } ] + }, + "CertificateAuthorityCSRCreated" : { + "description" : "Wait until a Certificate Authority CSR is created", + "delay" : 3, + "maxAttempts" : 60, + "operation" : "GetCertificateAuthorityCsr", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : false + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "RequestInProgressException" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "AccessDeniedException" + } ] + }, + "CertificateIssued" : { + "description" : "Wait until a certificate is issued", + "delay" : 1, + "maxAttempts" : 60, + "operation" : "GetCertificate", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : false + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "RequestInProgressException" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "AccessDeniedException" + } ] } -} + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://aiops-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://aiops-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://aiops.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://aiops.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +{ + "pagination": { + "ListInvestigationGroups": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "investigationGroups" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,870 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"aiops", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS AI Ops", + "serviceId":"AIOps", + "signatureVersion":"v4", + "signingName":"aiops", + "uid":"aiops-2018-05-10" + }, + "operations":{ + "CreateInvestigationGroup":{ + "name":"CreateInvestigationGroup", + "http":{ + "method":"POST", + "requestUri":"/investigationGroups", + "responseCode":201 + }, + "input":{"shape":"CreateInvestigationGroupInput"}, + "output":{"shape":"CreateInvestigationGroupOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Creates an investigation group in your account. Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations.

Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following:

  • Who can access the investigations

  • Whether investigation data is encrypted with a customer managed Key Management Service key.

  • How long investigations and their data are retained by default.

Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region

To create an investigation group and set up CloudWatch investigations, you must be signed in to an IAM principal that has either the AIOpsConsoleAdminPolicy or the AdministratorAccess IAM policy attached, or to an account that has similar permissions.

You can configure CloudWatch alarms to start investigations and add events to investigations. If you create your investigation group with CreateInvestigationGroup and you want to enable alarms to do this, you must use PutInvestigationGroupPolicy to create a resource policy that grants this permission to CloudWatch alarms.

For more information about configuring CloudWatch alarms, see Using Amazon CloudWatch alarms

", + "idempotent":true + }, + "DeleteInvestigationGroup":{ + "name":"DeleteInvestigationGroup", + "http":{ + "method":"DELETE", + "requestUri":"/investigationGroups/{identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteInvestigationGroupRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Deletes the specified investigation group from your account. You can currently have one investigation group per Region in your account. After you delete an investigation group, you can later create a new investigation group in the same Region.

", + "idempotent":true + }, + "DeleteInvestigationGroupPolicy":{ + "name":"DeleteInvestigationGroupPolicy", + "http":{ + "method":"DELETE", + "requestUri":"/investigationGroups/{identifier}/policy", + "responseCode":200 + }, + "input":{"shape":"DeleteInvestigationGroupPolicyRequest"}, + "output":{"shape":"DeleteInvestigationGroupPolicyOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Removes the IAM resource policy from being associated with the investigation group that you specify.

", + "idempotent":true + }, + "GetInvestigationGroup":{ + "name":"GetInvestigationGroup", + "http":{ + "method":"GET", + "requestUri":"/investigationGroups/{identifier}", + "responseCode":200 + }, + "input":{"shape":"GetInvestigationGroupRequest"}, + "output":{"shape":"GetInvestigationGroupResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Returns the configuration information for the specified investigation group.

" + }, + "GetInvestigationGroupPolicy":{ + "name":"GetInvestigationGroupPolicy", + "http":{ + "method":"GET", + "requestUri":"/investigationGroups/{identifier}/policy", + "responseCode":200 + }, + "input":{"shape":"GetInvestigationGroupPolicyRequest"}, + "output":{"shape":"GetInvestigationGroupPolicyResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Returns the JSON of the IAM resource policy associated with the specified investigation group in a string. For example, {\\\"Version\\\":\\\"2012-10-17\\\",\\\"Statement\\\":[{\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Service\\\":\\\"aiops.alarms.cloudwatch.amazonaws.com\\\"},\\\"Action\\\":[\\\"aiops:CreateInvestigation\\\",\\\"aiops:CreateInvestigationEvent\\\"],\\\"Resource\\\":\\\"*\\\",\\\"Condition\\\":{\\\"StringEquals\\\":{\\\"aws:SourceAccount\\\":\\\"111122223333\\\"},\\\"ArnLike\\\":{\\\"aws:SourceArn\\\":\\\"arn:aws:cloudwatch:us-east-1:111122223333:alarm:*\\\"}}}]}.

" + }, + "ListInvestigationGroups":{ + "name":"ListInvestigationGroups", + "http":{ + "method":"GET", + "requestUri":"/investigationGroups", + "responseCode":200 + }, + "input":{"shape":"ListInvestigationGroupsInput"}, + "output":{"shape":"ListInvestigationGroupsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Returns the ARN and name of each investigation group in the account.

" + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Displays the tags associated with a CloudWatch investigations resource. Currently, investigation groups support tagging.

" + }, + "PutInvestigationGroupPolicy":{ + "name":"PutInvestigationGroupPolicy", + "http":{ + "method":"POST", + "requestUri":"/investigationGroups/{identifier}/policy", + "responseCode":200 + }, + "input":{"shape":"PutInvestigationGroupPolicyRequest"}, + "output":{"shape":"PutInvestigationGroupPolicyResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Creates an IAM resource policy and assigns it to the specified investigation group.

If you create your investigation group with CreateInvestigationGroup and you want to enable CloudWatch alarms to create investigations and add events to investigations, you must use this operation to create a policy similar to this example.

{ \"Version\": \"2008-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"aiops.alarms.cloudwatch.amazonaws.com\" }, \"Action\": [ \"aiops:CreateInvestigation\", \"aiops:CreateInvestigationEvent\" ], \"Resource\": \"*\", \"Condition\": { \"StringEquals\": { \"aws:SourceAccount\": \"account-id\" }, \"ArnLike\": { \"aws:SourceArn\": \"arn:aws:cloudwatch:region:account-id:alarm:*\" } } } ] }

", + "idempotent":true + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Assigns one or more tags (key-value pairs) to the specified resource.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

You can associate as many as 50 tags with a resource.

", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Removes one or more tags from the specified resource.

", + "idempotent":true + }, + "UpdateInvestigationGroup":{ + "name":"UpdateInvestigationGroup", + "http":{ + "method":"PATCH", + "requestUri":"/investigationGroups/{identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateInvestigationGroupRequest"}, + "output":{"shape":"UpdateInvestigationGroupOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Updates the configuration of the specified investigation group.

", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

You don't have sufficient permissions to perform this action.

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "ChatConfigurationArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:.*" + }, + "ChatConfigurationArns":{ + "type":"list", + "member":{"shape":"ChatConfigurationArn"}, + "max":5, + "min":1 + }, + "ChatbotNotificationChannel":{ + "type":"map", + "key":{"shape":"SNSTopicArn"}, + "value":{"shape":"ChatConfigurationArns"} + }, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

This operation couldn't be completed because of a conflict in resource states.

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateInvestigationGroupInput":{ + "type":"structure", + "required":[ + "name", + "roleArn" + ], + "members":{ + "name":{ + "shape":"StringWithPatternAndLengthLimits", + "documentation":"

Provides a name for the investigation group.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

Specify the ARN of the IAM role that CloudWatch investigations will use when it gathers investigation data. The permissions in this role determine which of your resources that CloudWatch investigations will have access to during investigations.

For more information, see How to control what data CloudWatch investigations has access to during investigations.

" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

Use this structure if you want to use a customer managed KMS key to encrypt your investigation data. If you omit this parameter, CloudWatch investigations will use an Amazon Web Services key to encrypt the data. For more information, see Encryption of investigation data.

" + }, + "retentionInDays":{ + "shape":"Retention", + "documentation":"

Specify how long that investigation data is kept. For more information, see Operational investigation data retention.

If you omit this parameter, the default of 90 days is used.

" + }, + "tags":{ + "shape":"Tags", + "documentation":"

A list of key-value pairs to associate with the investigation group. You can associate as many as 50 tags with an investigation group. To be able to associate tags when you create the investigation group, you must have the cloudwatch:TagResource permission.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

" + }, + "tagKeyBoundaries":{ + "shape":"TagKeyBoundaries", + "documentation":"

Enter the existing custom tag keys for custom applications in your system. Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources. For example, to discover that an Amazon ECS service depends on an Amazon RDS database, CloudWatch investigations can discover this relationship using data sources such as X-Ray and CloudWatch Application Signals. However, if you haven't deployed these features, CloudWatch investigations will attempt to identify possible relationships. Tag boundaries can be used to narrow the resources that will be discovered by CloudWatch investigations in these cases.

You don't need to enter tags created by myApplications or CloudFormation, because CloudWatch investigations can automatically detect those tags.

" + }, + "chatbotNotificationChannel":{ + "shape":"ChatbotNotificationChannel", + "documentation":"

Use this structure to integrate CloudWatch investigations with chat applications. This structure is a string array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see Getting started with Amazon Q in chat applications and Resource type defined by Amazon Web Services Chatbot.

" + }, + "isCloudTrailEventHistoryEnabled":{ + "shape":"Boolean", + "documentation":"

Specify true to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. The default is true.

" + }, + "crossAccountConfigurations":{ + "shape":"CrossAccountConfigurations", + "documentation":"

List of sourceRoleArn values that have been configured for cross-account access.

" + } + } + }, + "CreateInvestigationGroupOutput":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"InvestigationGroupArn", + "documentation":"

The ARN of the investigation group that you just created.

" + } + } + }, + "CrossAccountConfiguration":{ + "type":"structure", + "members":{ + "sourceRoleArn":{ + "shape":"RoleArn", + "documentation":"

The ARN of an existing role which will be used to do investigations on your behalf.

" + } + }, + "documentation":"

This structure contains information about the cross-account configuration in the account.

" + }, + "CrossAccountConfigurations":{ + "type":"list", + "member":{"shape":"CrossAccountConfiguration"}, + "max":25, + "min":0 + }, + "DeleteInvestigationGroupPolicyOutput":{ + "type":"structure", + "members":{} + }, + "DeleteInvestigationGroupPolicyRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to remove the policy from.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "DeleteInvestigationGroupRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to delete.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "EncryptionConfiguration":{ + "type":"structure", + "members":{ + "type":{ + "shape":"EncryptionConfigurationType", + "documentation":"

Displays whether investigation data is encrypted by a customer managed key or an Amazon Web Services owned key.

" + }, + "kmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

If the investigation group uses a customer managed key for encryption, this field displays the ID of that key.

" + } + }, + "documentation":"

Use this structure to specify a customer managed KMS key to use to encrypt investigation data.

" + }, + "EncryptionConfigurationType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KEY", + "CUSTOMER_MANAGED_KMS_KEY" + ] + }, + "ForbiddenException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

Access id denied for this operation, or this operation is not valid for the specified resource.

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "GetInvestigationGroupPolicyRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to view the policy of.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetInvestigationGroupPolicyResponse":{ + "type":"structure", + "members":{ + "investigationGroupArn":{ + "shape":"InvestigationGroupArn", + "documentation":"

The Amazon Resource Name (ARN) of the investigation group that you want to view the policy of.

" + }, + "policy":{ + "shape":"InvestigationGroupPolicyDocument", + "documentation":"

The policy, in JSON format.

" + } + } + }, + "GetInvestigationGroupRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to view. This is used to set the name of the investigation group.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetInvestigationGroupResponse":{ + "type":"structure", + "members":{ + "createdBy":{ + "shape":"IdentifierStringWithPatternAndLengthLimits", + "documentation":"

The name of the user who created the investigation group.

" + }, + "createdAt":{ + "shape":"Long", + "documentation":"

The date and time that the investigation group was created.

" + }, + "lastModifiedBy":{ + "shape":"IdentifierStringWithPatternAndLengthLimits", + "documentation":"

The name of the user who created the investigation group.

" + }, + "lastModifiedAt":{ + "shape":"Long", + "documentation":"

The date and time that the investigation group was most recently modified.

" + }, + "name":{ + "shape":"StringWithPatternAndLengthLimits", + "documentation":"

The name of the investigation group.

" + }, + "arn":{ + "shape":"InvestigationGroupArn", + "documentation":"

The Amazon Resource Name (ARN) of the investigation group.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The ARN of the IAM role that the investigation group uses for permissions to gather data.

" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

Specifies the customer managed KMS key that the investigation group uses to encrypt data, if there is one. If not, the investigation group uses an Amazon Web Services key to encrypt the data.

" + }, + "retentionInDays":{ + "shape":"Retention", + "documentation":"

Specifies how long that investigation data is kept.

" + }, + "chatbotNotificationChannel":{ + "shape":"ChatbotNotificationChannel", + "documentation":"

This structure is a string array. The first string is the ARN of a Amazon SNS topic. The array of strings display the ARNs of chat applications configurations that are associated with that topic. For more information about these configuration ARNs, see Getting started with Amazon Q in chat applications and Resource type defined by Amazon Web Services Chatbot.

" + }, + "tagKeyBoundaries":{ + "shape":"TagKeyBoundaries", + "documentation":"

Displays the custom tag keys for custom applications in your system that you have specified in the investigation group. Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources.

" + }, + "isCloudTrailEventHistoryEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether CloudWatch investigationshas access to change events that are recorded by CloudTrail.

" + }, + "crossAccountConfigurations":{ + "shape":"CrossAccountConfigurations", + "documentation":"

Lists the AWSAccountId of the accounts configured for cross-account access and the results of the last scan performed on each account.

" + } + } + }, + "IdentifierStringWithPatternAndLengthLimits":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[\\-_\\/A-Za-z0-9:\\.]+" + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

An internal server error occurred. You can try again later.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "InvestigationGroupArn":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):aiops:[a-zA-Z0-9-]*:[0-9]{12}:investigation-group\\/[A-Za-z0-9]{16}" + }, + "InvestigationGroupIdentifier":{ + "type":"string", + "pattern":"(?:[\\-_A-Za-z0-9]{1,512}|arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):aiops:[a-zA-Z0-9-]*:[0-9]{12}:investigation-group\\/[A-Za-z0-9]{16})" + }, + "InvestigationGroupPolicyDocument":{ + "type":"string", + "max":32768, + "min":1, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" + }, + "InvestigationGroups":{ + "type":"list", + "member":{"shape":"ListInvestigationGroupsModel"} + }, + "KmsKeyId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"arn:.*" + }, + "ListInvestigationGroupsInput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"SensitiveStringWithLengthLimits", + "documentation":"

Include this value, if it was returned by the previous operation, to get the next set of service operations.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListInvestigationGroupsInputMaxResultsInteger", + "documentation":"

The maximum number of results to return in one operation. If you omit this parameter, the default of 50 is used.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListInvestigationGroupsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, + "ListInvestigationGroupsModel":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"InvestigationGroupArn", + "documentation":"

The Amazon Resource Name (ARN) of the investigation group.

" + }, + "name":{ + "shape":"StringWithPatternAndLengthLimits", + "documentation":"

The name of the investigation group.

" + } + }, + "documentation":"

This structure contains information about one investigation group in the account.

" + }, + "ListInvestigationGroupsOutput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"SensitiveStringWithLengthLimits", + "documentation":"

Include this value in your next use of this operation to get the next set of service operations.

" + }, + "investigationGroups":{ + "shape":"InvestigationGroups", + "documentation":"

An array of structures, where each structure contains the information about one investigation group in the account.

" + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"Tags", + "documentation":"

The list of tag keys and values associated with the resource you specified.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"String", + "documentation":"

The ARN of the CloudWatch investigations resource that you want to view tags for. You can use the ListInvestigationGroups operation to find the ARNs of investigation groups.

The ARN format for an investigation group is arn:aws:aiops:Region:account-id:investigation-group:investigation-group-id .

", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "Long":{ + "type":"long", + "box":true + }, + "PutInvestigationGroupPolicyRequest":{ + "type":"structure", + "required":[ + "identifier", + "policy" + ], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to assign the policy to.

", + "location":"uri", + "locationName":"identifier" + }, + "policy":{ + "shape":"InvestigationGroupPolicyDocument", + "documentation":"

The policy, in JSON format.

" + } + } + }, + "PutInvestigationGroupPolicyResponse":{ + "type":"structure", + "members":{ + "investigationGroupArn":{ + "shape":"InvestigationGroupArn", + "documentation":"

The ARN of the investigation group that will use this policy.

" + } + } + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The specified resource doesn't exist.

", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "Retention":{ + "type":"long", + "box":true, + "max":90, + "min":7 + }, + "RoleArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:.*" + }, + "SNSTopicArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:.*" + }, + "SensitiveStringWithLengthLimits":{ + "type":"string", + "max":2048, + "min":0, + "sensitive":true + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"

The resource that caused the quota exception.

" + }, + "resourceType":{ + "shape":"String", + "documentation":"

The type of resource that caused the quota exception.

" + }, + "serviceCode":{ + "shape":"String", + "documentation":"

This name of the service associated with the error.

" + }, + "quotaCode":{ + "shape":"String", + "documentation":"

This quota that was exceeded.

" + } + }, + "documentation":"

This request exceeds a service quota.

", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "String":{"type":"string"}, + "StringWithPatternAndLengthLimits":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[\\-_A-Za-z0-9\\[\\]\\(\\)\\{\\}\\.: ]+" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+)" + }, + "TagKeyBoundaries":{ + "type":"list", + "member":{"shape":"TagKey"} + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the resource that you want to apply the tags to. You can use the ListInvestigationGroups operation to find the ARNs of investigation groups.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"Tags", + "documentation":"

The list of key-value pairs to associate with the resource.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":1, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request was throttled because of quota limits. You can try again later.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the resource that you want to remove the tags from. You can use theListInvestigationGroups operation to find the ARNs of investigation groups.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeys", + "documentation":"

The list of tag keys to remove from the resource.

", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateInvestigationGroupOutput":{ + "type":"structure", + "members":{} + }, + "UpdateInvestigationGroupRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"InvestigationGroupIdentifier", + "documentation":"

Specify either the name or the ARN of the investigation group that you want to modify.

", + "location":"uri", + "locationName":"identifier" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

Specify this field if you want to change the IAM role that CloudWatch investigations will use when it gathers investigation data. To do so, specify the ARN of the new role.

The permissions in this role determine which of your resources that CloudWatch investigations will have access to during investigations.

For more information, see How to control what data CloudWatch investigations has access to during investigations.

" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

Use this structure if you want to use a customer managed KMS key to encrypt your investigation data. If you omit this parameter, CloudWatch investigations will use an Amazon Web Services key to encrypt the data. For more information, see Encryption of investigation data.

" + }, + "tagKeyBoundaries":{ + "shape":"TagKeyBoundaries", + "documentation":"

Enter the existing custom tag keys for custom applications in your system. Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources. For example, to discover that an Amazon ECS service depends on an Amazon RDS database, CloudWatch investigations can discover this relationship using data sources such as X-Ray and CloudWatch Application Signals. However, if you haven't deployed these features, CloudWatch investigations will attempt to identify possible relationships. Tag boundaries can be used to narrow the resources that will be discovered by CloudWatch investigations in these cases.

You don't need to enter tags created by myApplications or CloudFormation, because CloudWatch investigations can automatically detect those tags.

" + }, + "chatbotNotificationChannel":{ + "shape":"ChatbotNotificationChannel", + "documentation":"

Use this structure to integrate CloudWatch investigations with chat applications. This structure is a string array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see Getting started with Amazon Q in chat applications and Resource type defined by Amazon Web Services Chatbot.

" + }, + "isCloudTrailEventHistoryEnabled":{ + "shape":"Boolean", + "documentation":"

Specify true to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. The default is true.

" + }, + "crossAccountConfigurations":{ + "shape":"CrossAccountConfigurations", + "documentation":"

Used to configure cross-account access for an investigation group. It allows the investigation group to access resources in other accounts.

" + } + } + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

This operation or its parameters aren't formatted correctly.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + }, + "documentation":"

The CloudWatch investigations feature is a generative AI-powered assistant that can help you respond to incidents in your system. It uses generative AI to scan your system's telemetry and quickly surface suggestions that might be related to your issue. These suggestions include metrics, logs, deployment events, and root-cause hypotheses.

You can use API actions to create, manage, and delete investigation groups and investigation group policies. To start and manage investigations, you must use the CloudWatch console.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/waiters-2.json 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/waiters-2.json --- 2.23.6-1/awscli/botocore/data/aiops/2018-05-10/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/aiops/2018-05-10/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/amp/2020-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/amp/2020-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/amp/2020-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amp/2020-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/amp/2020-08-01/paginators-1.json 2.31.35-1/awscli/botocore/data/amp/2020-08-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/amp/2020-08-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amp/2020-08-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -17,6 +17,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "scrapers" + }, + "ListAnomalyDetectors": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "anomalyDetectors" } } } diff -pruN 2.23.6-1/awscli/botocore/data/amp/2020-08-01/service-2.json 2.31.35-1/awscli/botocore/data/amp/2020-08-01/service-2.json --- 2.23.6-1/awscli/botocore/data/amp/2020-08-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amp/2020-08-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-08-01", + "auth":["aws.auth#sigv4"], "endpointPrefix":"aps", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Amazon Prometheus Service", "serviceId":"amp", "signatureVersion":"v4", "signingName":"aps", - "uid":"amp-2020-08-01", - "auth":["aws.auth#sigv4"] + "uid":"amp-2020-08-01" }, "operations":{ "CreateAlertManagerDefinition":{ @@ -35,6 +34,26 @@ "documentation":"

The CreateAlertManagerDefinition operation creates the alert manager definition in a workspace. If a workspace already has an alert manager definition, don't use this operation to update it. Instead, use PutAlertManagerDefinition.

", "idempotent":true }, + "CreateAnomalyDetector":{ + "name":"CreateAnomalyDetector", + "http":{ + "method":"POST", + "requestUri":"/workspaces/{workspaceId}/anomalydetectors", + "responseCode":202 + }, + "input":{"shape":"CreateAnomalyDetectorRequest"}, + "output":{"shape":"CreateAnomalyDetectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates an anomaly detector within a workspace using the Random Cut Forest algorithm for time-series analysis. The anomaly detector analyzes Amazon Managed Service for Prometheus metrics to identify unusual patterns and behaviors.

", + "idempotent":true + }, "CreateLoggingConfiguration":{ "name":"CreateLoggingConfiguration", "http":{ @@ -50,7 +69,25 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

The CreateLoggingConfiguration operation creates a logging configuration for the workspace. Use this operation to set the CloudWatch log group to which the logs will be published to.

", + "documentation":"

The CreateLoggingConfiguration operation creates rules and alerting logging configuration for the workspace. Use this operation to set the CloudWatch log group to which the logs will be published to.

These logging configurations are only for rules and alerting logs.

", + "idempotent":true + }, + "CreateQueryLoggingConfiguration":{ + "name":"CreateQueryLoggingConfiguration", + "http":{ + "method":"POST", + "requestUri":"/workspaces/{workspaceId}/logging/query", + "responseCode":202 + }, + "input":{"shape":"CreateQueryLoggingConfigurationRequest"}, + "output":{"shape":"CreateQueryLoggingConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a query logging configuration for the specified workspace. This operation enables logging of queries that exceed the specified QSP threshold.

", "idempotent":true }, "CreateRuleGroupsNamespace":{ @@ -71,7 +108,7 @@ {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

The CreateRuleGroupsNamespace operation creates a rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.

Use this operation only to create new rule groups namespaces. To update an existing rule groups namespace, use PutRuleGroupsNamespace.

", + "documentation":"

The CreateRuleGroupsNamespace operation creates a rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.

The combined length of a rule group namespace and a rule group name cannot exceed 721 UTF-8 bytes.

Use this operation only to create new rule groups namespaces. To update an existing rule groups namespace, use PutRuleGroupsNamespace.

", "idempotent":true }, "CreateScraper":{ @@ -92,7 +129,7 @@ {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

The CreateScraper operation creates a scraper to collect metrics. A scraper pulls metrics from Prometheus-compatible sources within an Amazon EKS cluster, and sends them to your Amazon Managed Service for Prometheus workspace. Scrapers are flexible, and can be configured to control what metrics are collected, the frequency of collection, what transformations are applied to the metrics, and more.

An IAM role will be created for you that Amazon Managed Service for Prometheus uses to access the metrics in your cluster. You must configure this role with a policy that allows it to scrape metrics from your cluster. For more information, see Configuring your Amazon EKS cluster in the Amazon Managed Service for Prometheus User Guide.

The scrapeConfiguration parameter contains the base-64 encoded YAML configuration for the scraper.

For more information about collectors, including what metrics are collected, and how to configure the scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.

", + "documentation":"

The CreateScraper operation creates a scraper to collect metrics. A scraper pulls metrics from Prometheus-compatible sources and sends them to your Amazon Managed Service for Prometheus workspace. You can configure scrapers to collect metrics from Amazon EKS clusters, Amazon MSK clusters, or from VPC-based sources that support DNS-based service discovery. Scrapers are flexible, and can be configured to control what metrics are collected, the frequency of collection, what transformations are applied to the metrics, and more.

An IAM role will be created for you that Amazon Managed Service for Prometheus uses to access the metrics in your source. You must configure this role with a policy that allows it to scrape metrics from your source. For Amazon EKS sources, see Configuring your Amazon EKS cluster in the Amazon Managed Service for Prometheus User Guide.

The scrapeConfiguration parameter contains the base-64 encoded YAML configuration for the scraper.

When creating a scraper, the service creates a Network Interface in each Availability Zone that are passed into CreateScraper through subnets. These network interfaces are used to connect to your source within the VPC for scraping metrics.

For more information about collectors, including what metrics are collected, and how to configure the scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.

", "idempotent":true }, "CreateWorkspace":{ @@ -134,6 +171,25 @@ "documentation":"

Deletes the alert manager definition from a workspace.

", "idempotent":true }, + "DeleteAnomalyDetector":{ + "name":"DeleteAnomalyDetector", + "http":{ + "method":"DELETE", + "requestUri":"/workspaces/{workspaceId}/anomalydetectors/{anomalyDetectorId}", + "responseCode":202 + }, + "input":{"shape":"DeleteAnomalyDetectorRequest"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Removes an anomaly detector from a workspace. This operation is idempotent.

", + "idempotent":true + }, "DeleteLoggingConfiguration":{ "name":"DeleteLoggingConfiguration", "http":{ @@ -149,7 +205,44 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Deletes the logging configuration for a workspace.

", + "documentation":"

Deletes the rules and alerting logging configuration for a workspace.

These logging configurations are only for rules and alerting logs.

", + "idempotent":true + }, + "DeleteQueryLoggingConfiguration":{ + "name":"DeleteQueryLoggingConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/workspaces/{workspaceId}/logging/query", + "responseCode":202 + }, + "input":{"shape":"DeleteQueryLoggingConfigurationRequest"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes the query logging configuration for the specified workspace.

", + "idempotent":true + }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy", + "http":{ + "method":"DELETE", + "requestUri":"/workspaces/{workspaceId}/policy", + "responseCode":202 + }, + "input":{"shape":"DeleteResourcePolicyRequest"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes the resource-based policy attached to an Amazon Managed Service for Prometheus workspace.

", "idempotent":true }, "DeleteRuleGroupsNamespace":{ @@ -191,6 +284,24 @@ "documentation":"

The DeleteScraper operation deletes one scraper, and stops any metrics collection that the scraper performs.

", "idempotent":true }, + "DeleteScraperLoggingConfiguration":{ + "name":"DeleteScraperLoggingConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/scrapers/{scraperId}/logging-configuration", + "responseCode":202 + }, + "input":{"shape":"DeleteScraperLoggingConfigurationRequest"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes the logging configuration for a Amazon Managed Service for Prometheus scraper.

", + "idempotent":true + }, "DeleteWorkspace":{ "name":"DeleteWorkspace", "http":{ @@ -226,7 +337,27 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Retrieves the full information about the alert manager definition for a workspace.

" + "documentation":"

Retrieves the full information about the alert manager definition for a workspace.

", + "readonly":true + }, + "DescribeAnomalyDetector":{ + "name":"DescribeAnomalyDetector", + "http":{ + "method":"GET", + "requestUri":"/workspaces/{workspaceId}/anomalydetectors/{anomalyDetectorId}", + "responseCode":200 + }, + "input":{"shape":"DescribeAnomalyDetectorRequest"}, + "output":{"shape":"DescribeAnomalyDetectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves detailed information about a specific anomaly detector, including its status and configuration.

", + "readonly":true }, "DescribeLoggingConfiguration":{ "name":"DescribeLoggingConfiguration", @@ -243,7 +374,45 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns complete information about the current logging configuration of the workspace.

" + "documentation":"

Returns complete information about the current rules and alerting logging configuration of the workspace.

These logging configurations are only for rules and alerting logs.

", + "readonly":true + }, + "DescribeQueryLoggingConfiguration":{ + "name":"DescribeQueryLoggingConfiguration", + "http":{ + "method":"GET", + "requestUri":"/workspaces/{workspaceId}/logging/query", + "responseCode":200 + }, + "input":{"shape":"DescribeQueryLoggingConfigurationRequest"}, + "output":{"shape":"DescribeQueryLoggingConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves the details of the query logging configuration for the specified workspace.

", + "readonly":true + }, + "DescribeResourcePolicy":{ + "name":"DescribeResourcePolicy", + "http":{ + "method":"GET", + "requestUri":"/workspaces/{workspaceId}/policy", + "responseCode":200 + }, + "input":{"shape":"DescribeResourcePolicyRequest"}, + "output":{"shape":"DescribeResourcePolicyResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Returns information about the resource-based policy attached to an Amazon Managed Service for Prometheus workspace.

", + "readonly":true }, "DescribeRuleGroupsNamespace":{ "name":"DescribeRuleGroupsNamespace", @@ -261,7 +430,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns complete information about one rule groups namespace. To retrieve a list of rule groups namespaces, use ListRuleGroupsNamespaces.

" + "documentation":"

Returns complete information about one rule groups namespace. To retrieve a list of rule groups namespaces, use ListRuleGroupsNamespaces.

", + "readonly":true }, "DescribeScraper":{ "name":"DescribeScraper", @@ -279,7 +449,26 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

The DescribeScraper operation displays information about an existing scraper.

" + "documentation":"

The DescribeScraper operation displays information about an existing scraper.

", + "readonly":true + }, + "DescribeScraperLoggingConfiguration":{ + "name":"DescribeScraperLoggingConfiguration", + "http":{ + "method":"GET", + "requestUri":"/scrapers/{scraperId}/logging-configuration", + "responseCode":200 + }, + "input":{"shape":"DescribeScraperLoggingConfigurationRequest"}, + "output":{"shape":"DescribeScraperLoggingConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Describes the logging configuration for a Amazon Managed Service for Prometheus scraper.

", + "readonly":true }, "DescribeWorkspace":{ "name":"DescribeWorkspace", @@ -297,7 +486,27 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns information about an existing workspace.

" + "documentation":"

Returns information about an existing workspace.

", + "readonly":true + }, + "DescribeWorkspaceConfiguration":{ + "name":"DescribeWorkspaceConfiguration", + "http":{ + "method":"GET", + "requestUri":"/workspaces/{workspaceId}/configuration", + "responseCode":200 + }, + "input":{"shape":"DescribeWorkspaceConfigurationRequest"}, + "output":{"shape":"DescribeWorkspaceConfigurationResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Use this operation to return information about the configuration of a workspace. The configuration details returned include workspace configuration status, label set limits, and retention period.

", + "readonly":true }, "GetDefaultScraperConfiguration":{ "name":"GetDefaultScraperConfiguration", @@ -313,7 +522,27 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

The GetDefaultScraperConfiguration operation returns the default scraper configuration used when Amazon EKS creates a scraper for you.

" + "documentation":"

The GetDefaultScraperConfiguration operation returns the default scraper configuration used when Amazon EKS creates a scraper for you.

", + "readonly":true + }, + "ListAnomalyDetectors":{ + "name":"ListAnomalyDetectors", + "http":{ + "method":"GET", + "requestUri":"/workspaces/{workspaceId}/anomalydetectors", + "responseCode":200 + }, + "input":{"shape":"ListAnomalyDetectorsRequest"}, + "output":{"shape":"ListAnomalyDetectorsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Returns a paginated list of anomaly detectors for a workspace with optional filtering by alias.

", + "readonly":true }, "ListRuleGroupsNamespaces":{ "name":"ListRuleGroupsNamespaces", @@ -331,7 +560,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns a list of rule groups namespaces in a workspace.

" + "documentation":"

Returns a list of rule groups namespaces in a workspace.

", + "readonly":true }, "ListScrapers":{ "name":"ListScrapers", @@ -348,7 +578,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

The ListScrapers operation lists all of the scrapers in your account. This includes scrapers being created or deleted. You can optionally filter the returned list.

" + "documentation":"

The ListScrapers operation lists all of the scrapers in your account. This includes scrapers being created or deleted. You can optionally filter the returned list.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -366,7 +597,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

The ListTagsForResource operation returns the tags that are associated with an Amazon Managed Service for Prometheus resource. Currently, the only resources that can be tagged are scrapers, workspaces, and rule groups namespaces.

" + "documentation":"

The ListTagsForResource operation returns the tags that are associated with an Amazon Managed Service for Prometheus resource. Currently, the only resources that can be tagged are scrapers, workspaces, and rule groups namespaces.

", + "readonly":true }, "ListWorkspaces":{ "name":"ListWorkspaces", @@ -383,7 +615,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists all of the Amazon Managed Service for Prometheus workspaces in your account. This includes workspaces being created or deleted.

" + "documentation":"

Lists all of the Amazon Managed Service for Prometheus workspaces in your account. This includes workspaces being created or deleted.

", + "readonly":true }, "PutAlertManagerDefinition":{ "name":"PutAlertManagerDefinition", @@ -406,6 +639,46 @@ "documentation":"

Updates an existing alert manager definition in a workspace. If the workspace does not already have an alert manager definition, don't use this operation to create it. Instead, use CreateAlertManagerDefinition.

", "idempotent":true }, + "PutAnomalyDetector":{ + "name":"PutAnomalyDetector", + "http":{ + "method":"PUT", + "requestUri":"/workspaces/{workspaceId}/anomalydetectors/{anomalyDetectorId}", + "responseCode":202 + }, + "input":{"shape":"PutAnomalyDetectorRequest"}, + "output":{"shape":"PutAnomalyDetectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

When you call PutAnomalyDetector, the operation creates a new anomaly detector if one doesn't exist, or updates an existing one. Each call to this operation triggers a complete retraining of the detector, which includes querying the minimum required samples and backfilling the detector with historical data. This process occurs regardless of whether you're making a minor change like updating the evaluation interval or making more substantial modifications. The operation serves as the single method for creating, updating, and retraining anomaly detectors.

", + "idempotent":true + }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy", + "http":{ + "method":"PUT", + "requestUri":"/workspaces/{workspaceId}/policy", + "responseCode":202 + }, + "input":{"shape":"PutResourcePolicyRequest"}, + "output":{"shape":"PutResourcePolicyResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates or updates a resource-based policy for an Amazon Managed Service for Prometheus workspace. Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.

Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.

If your workspace uses customer-managed KMS keys for encryption, you must grant the principals in your resource-based policy access to those KMS keys. You can do this by creating KMS grants. For more information, see CreateGrant in the AWS Key Management Service API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.

", + "idempotent":true + }, "PutRuleGroupsNamespace":{ "name":"PutRuleGroupsNamespace", "http":{ @@ -424,7 +697,7 @@ {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Updates an existing rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.

Use this operation only to update existing rule groups namespaces. To create a new rule groups namespace, use CreateRuleGroupsNamespace.

You can't use this operation to add tags to an existing rule groups namespace. Instead, use TagResource.

", + "documentation":"

Updates an existing rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.

The combined length of a rule group namespace and a rule group name cannot exceed 721 UTF-8 bytes.

Use this operation only to update existing rule groups namespaces. To create a new rule groups namespace, use CreateRuleGroupsNamespace.

You can't use this operation to add tags to an existing rule groups namespace. Instead, use TagResource.

", "idempotent":true }, "TagResource":{ @@ -480,7 +753,26 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

Updates the log group ARN or the workspace ID of the current logging configuration.

", + "documentation":"

Updates the log group ARN or the workspace ID of the current rules and alerting logging configuration.

These logging configurations are only for rules and alerting logs.

", + "idempotent":true + }, + "UpdateQueryLoggingConfiguration":{ + "name":"UpdateQueryLoggingConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/workspaces/{workspaceId}/logging/query", + "responseCode":202 + }, + "input":{"shape":"UpdateQueryLoggingConfigurationRequest"}, + "output":{"shape":"UpdateQueryLoggingConfigurationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates the query logging configuration for the specified workspace.

", "idempotent":true }, "UpdateScraper":{ @@ -504,6 +796,25 @@ "documentation":"

Updates an existing scraper.

You can't use this function to update the source from which the scraper is collecting metrics. To change the source, delete the scraper and create a new one.

", "idempotent":true }, + "UpdateScraperLoggingConfiguration":{ + "name":"UpdateScraperLoggingConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/scrapers/{scraperId}/logging-configuration", + "responseCode":202 + }, + "input":{"shape":"UpdateScraperLoggingConfigurationRequest"}, + "output":{"shape":"UpdateScraperLoggingConfigurationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates the logging configuration for a Amazon Managed Service for Prometheus scraper.

", + "idempotent":true + }, "UpdateWorkspaceAlias":{ "name":"UpdateWorkspaceAlias", "http":{ @@ -523,6 +834,27 @@ ], "documentation":"

Updates the alias of an existing workspace.

", "idempotent":true + }, + "UpdateWorkspaceConfiguration":{ + "name":"UpdateWorkspaceConfiguration", + "http":{ + "method":"PATCH", + "requestUri":"/workspaces/{workspaceId}/configuration", + "responseCode":202 + }, + "input":{"shape":"UpdateWorkspaceConfigurationRequest"}, + "output":{"shape":"UpdateWorkspaceConfigurationResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Use this operation to create or update the label sets, label set limits, and retention period of a workspace.

You must specify at least one of limitsPerLabelSet or retentionPeriodInDays for the request to be valid.

", + "idempotent":true } }, "shapes":{ @@ -549,27 +881,27 @@ "AlertManagerDefinitionDescription":{ "type":"structure", "required":[ - "createdAt", + "status", "data", - "modifiedAt", - "status" + "createdAt", + "modifiedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the alert manager definition was created.

" + "status":{ + "shape":"AlertManagerDefinitionStatus", + "documentation":"

A structure that displays the current status of the alert manager definition..

" }, "data":{ "shape":"AlertManagerDefinitionData", "documentation":"

The actual alert manager definition.

For details about the alert manager definition, see AlertManagedDefinitionData.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the alert manager definition was created.

" + }, "modifiedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the alert manager definition was most recently changed.

" - }, - "status":{ - "shape":"AlertManagerDefinitionStatus", - "documentation":"

A structure that displays the current status of the alert manager definition..

" } }, "documentation":"

The details of an alert manager definition. It is the configuration for the alert manager, including information about receivers for routing alerts.

" @@ -612,11 +944,215 @@ }, "documentation":"

The AmpConfiguration structure defines the Amazon Managed Service for Prometheus instance a scraper should send metrics to.

" }, + "AnomalyDetectorAlias":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[0-9A-Za-z][-.0-9A-Z_a-z]*" + }, + "AnomalyDetectorArn":{ + "type":"string", + "pattern":"arn:aws[-a-z]*:aps:[-a-z0-9]+:[0-9]{12}:anomalydetector/ws-.+/ad-.+" + }, + "AnomalyDetectorConfiguration":{ + "type":"structure", + "members":{ + "randomCutForest":{ + "shape":"RandomCutForestConfiguration", + "documentation":"

The Random Cut Forest algorithm configuration for anomaly detection.

" + } + }, + "documentation":"

The configuration for the anomaly detection algorithm.

", + "union":true + }, + "AnomalyDetectorDescription":{ + "type":"structure", + "required":[ + "arn", + "anomalyDetectorId", + "alias", + "status", + "createdAt", + "modifiedAt" + ], + "members":{ + "arn":{ + "shape":"AnomalyDetectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the anomaly detector.

" + }, + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The unique identifier of the anomaly detector.

" + }, + "alias":{ + "shape":"AnomalyDetectorAlias", + "documentation":"

The user-friendly name of the anomaly detector.

" + }, + "evaluationIntervalInSeconds":{ + "shape":"AnomalyDetectorEvaluationInterval", + "documentation":"

The frequency, in seconds, at which the anomaly detector evaluates metrics.

" + }, + "missingDataAction":{ + "shape":"AnomalyDetectorMissingDataAction", + "documentation":"

The action taken when data is missing during evaluation.

" + }, + "configuration":{ + "shape":"AnomalyDetectorConfiguration", + "documentation":"

The algorithm configuration of the anomaly detector.

" + }, + "labels":{ + "shape":"PrometheusMetricLabelMap", + "documentation":"

The Amazon Managed Service for Prometheus metric labels associated with the anomaly detector.

" + }, + "status":{ + "shape":"AnomalyDetectorStatus", + "documentation":"

The current status of the anomaly detector.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the anomaly detector was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the anomaly detector was last modified.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags applied to the anomaly detector.

" + } + }, + "documentation":"

Detailed information about an anomaly detector.

" + }, + "AnomalyDetectorEvaluationInterval":{ + "type":"integer", + "box":true, + "max":86400, + "min":30 + }, + "AnomalyDetectorId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"ad-[0-9A-Za-z][-.0-9A-Z_a-z]*" + }, + "AnomalyDetectorMissingDataAction":{ + "type":"structure", + "members":{ + "markAsAnomaly":{ + "shape":"Boolean", + "documentation":"

Marks missing data points as anomalies.

" + }, + "skip":{ + "shape":"Boolean", + "documentation":"

Skips evaluation when data is missing.

" + } + }, + "documentation":"

Specifies the action to take when data is missing during anomaly detection evaluation.

", + "union":true + }, + "AnomalyDetectorStatus":{ + "type":"structure", + "required":["statusCode"], + "members":{ + "statusCode":{ + "shape":"AnomalyDetectorStatusCode", + "documentation":"

The status code of the anomaly detector.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

A description of the current status of the anomaly detector.

" + } + }, + "documentation":"

The status information of an anomaly detector.

" + }, + "AnomalyDetectorStatusCode":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATION_FAILED", + "UPDATE_FAILED", + "DELETION_FAILED" + ] + }, + "AnomalyDetectorSummary":{ + "type":"structure", + "required":[ + "arn", + "anomalyDetectorId", + "alias", + "status", + "createdAt", + "modifiedAt" + ], + "members":{ + "arn":{ + "shape":"AnomalyDetectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the anomaly detector.

" + }, + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The unique identifier of the anomaly detector.

" + }, + "alias":{ + "shape":"AnomalyDetectorAlias", + "documentation":"

The user-friendly name of the anomaly detector.

" + }, + "status":{ + "shape":"AnomalyDetectorStatus", + "documentation":"

The current status of the anomaly detector.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the anomaly detector was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the anomaly detector was last modified.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags applied to the anomaly detector.

" + } + }, + "documentation":"

Summary information about an anomaly detector for list operations.

" + }, + "AnomalyDetectorSummaryList":{ + "type":"list", + "member":{"shape":"AnomalyDetectorSummary"} + }, "Blob":{"type":"blob"}, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CloudWatchLogDestination":{ + "type":"structure", + "required":["logGroupArn"], + "members":{ + "logGroupArn":{ + "shape":"LogGroupArn", + "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published. This log group must exist prior to calling this operation.

" + } + }, + "documentation":"

Configuration details for logging to CloudWatch Logs.

" + }, "ClusterArn":{ "type":"string", "documentation":"

The ARN of an EKS cluster.

", - "pattern":"^arn:aws[-a-z]*:eks:[-a-z0-9]+:[0-9]{12}:cluster/.+$" + "pattern":"arn:aws[-a-z]*:eks:[-a-z0-9]+:[0-9]{12}:cluster/.+" + }, + "ComponentConfig":{ + "type":"structure", + "members":{ + "options":{ + "shape":"StringMap", + "documentation":"

Configuration options for the scraper component.

" + } + }, + "documentation":"

Configuration settings for a scraper component.

" }, "ConflictException":{ "type":"structure", @@ -649,24 +1185,24 @@ "CreateAlertManagerDefinitionRequest":{ "type":"structure", "required":[ - "data", - "workspaceId" + "workspaceId", + "data" ], "members":{ - "clientToken":{ - "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", - "idempotencyToken":true - }, - "data":{ - "shape":"AlertManagerDefinitionData", - "documentation":"

The alert manager definition to add. A base64-encoded version of the YAML alert manager definition file.

For details about the alert manager definition, see AlertManagedDefinitionData.

" - }, "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace to add the alert manager definition to.

", "location":"uri", "locationName":"workspaceId" + }, + "data":{ + "shape":"AlertManagerDefinitionData", + "documentation":"

The alert manager definition to add. A base64-encoded version of the YAML alert manager definition file.

For details about the alert manager definition, see AlertManagedDefinitionData.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } }, "documentation":"

Represents the input of a CreateAlertManagerDefinition operation.

" @@ -682,27 +1218,105 @@ }, "documentation":"

Represents the output of a CreateAlertManagerDefinition operation.

" }, - "CreateLoggingConfigurationRequest":{ + "CreateAnomalyDetectorRequest":{ "type":"structure", "required":[ - "logGroupArn", - "workspaceId" + "workspaceId", + "alias", + "configuration" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The identifier of the workspace where the anomaly detector will be created.

", + "location":"uri", + "locationName":"workspaceId" + }, + "alias":{ + "shape":"AnomalyDetectorAlias", + "documentation":"

A user-friendly name for the anomaly detector.

" + }, + "evaluationIntervalInSeconds":{ + "shape":"AnomalyDetectorEvaluationInterval", + "documentation":"

The frequency, in seconds, at which the anomaly detector evaluates metrics. The default value is 60 seconds.

" + }, + "missingDataAction":{ + "shape":"AnomalyDetectorMissingDataAction", + "documentation":"

Specifies the action to take when data is missing during evaluation.

" + }, + "configuration":{ + "shape":"AnomalyDetectorConfiguration", + "documentation":"

The algorithm configuration for the anomaly detector.

" + }, + "labels":{ + "shape":"CreateAnomalyDetectorRequestLabelsMap", + "documentation":"

The Amazon Managed Service for Prometheus metric labels to associate with the anomaly detector.

" + }, "clientToken":{ "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", "idempotencyToken":true }, - "logGroupArn":{ - "shape":"LogGroupArn", - "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published. This log group must exist prior to calling this operation.

" + "tags":{ + "shape":"TagMap", + "documentation":"

The metadata to apply to the anomaly detector to assist with categorization and organization.

" + } + } + }, + "CreateAnomalyDetectorRequestLabelsMap":{ + "type":"map", + "key":{"shape":"PrometheusMetricLabelKey"}, + "value":{"shape":"PrometheusMetricLabelValue"}, + "max":140, + "min":0 + }, + "CreateAnomalyDetectorResponse":{ + "type":"structure", + "required":[ + "anomalyDetectorId", + "arn", + "status" + ], + "members":{ + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The unique identifier of the created anomaly detector.

" }, + "arn":{ + "shape":"AnomalyDetectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the created anomaly detector.

" + }, + "status":{ + "shape":"AnomalyDetectorStatus", + "documentation":"

The status information of the created anomaly detector.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags applied to the created anomaly detector.

" + } + } + }, + "CreateLoggingConfigurationRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "logGroupArn" + ], + "members":{ "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace to create the logging configuration for.

", "location":"uri", "locationName":"workspaceId" + }, + "logGroupArn":{ + "shape":"LogGroupArn", + "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published. This log group must exist prior to calling this operation.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } }, "documentation":"

Represents the input of a CreateLoggingConfiguration operation.

" @@ -718,36 +1332,70 @@ }, "documentation":"

Represents the output of a CreateLoggingConfiguration operation.

" }, - "CreateRuleGroupsNamespaceRequest":{ + "CreateQueryLoggingConfigurationRequest":{ "type":"structure", "required":[ - "data", - "name", - "workspaceId" + "workspaceId", + "destinations" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace for which to create the query logging configuration.

", + "location":"uri", + "locationName":"workspaceId" + }, + "destinations":{ + "shape":"LoggingDestinations", + "documentation":"

The destinations where query logs will be sent. Only CloudWatch Logs destination is supported. The list must contain exactly one element.

" + }, "clientToken":{ "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", "idempotencyToken":true + } + } + }, + "CreateQueryLoggingConfigurationResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"QueryLoggingConfigurationStatus", + "documentation":"

The current status of the query logging configuration.

" + } + } + }, + "CreateRuleGroupsNamespaceRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "name", + "data" + ], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to add the rule groups namespace.

", + "location":"uri", + "locationName":"workspaceId" + }, + "name":{ + "shape":"RuleGroupsNamespaceName", + "documentation":"

The name for the new rule groups namespace.

" }, "data":{ "shape":"RuleGroupsNamespaceData", "documentation":"

The rules file to use in the new namespace.

Contains the base64-encoded version of the YAML rules file.

For details about the rule groups namespace structure, see RuleGroupsNamespaceData.

" }, - "name":{ - "shape":"RuleGroupsNamespaceName", - "documentation":"

The name for the new rule groups namespace.

" + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values to associate with the rule groups namespace.

" - }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The ID of the workspace to add the rule groups namespace.

", - "location":"uri", - "locationName":"workspaceId" } }, "documentation":"

Represents the input of a CreateRuleGroupsNamespace operation.

" @@ -755,19 +1403,19 @@ "CreateRuleGroupsNamespaceResponse":{ "type":"structure", "required":[ - "arn", "name", + "arn", "status" ], "members":{ - "arn":{ - "shape":"RuleGroupsNamespaceArn", - "documentation":"

The Amazon Resource Name (ARN) of the new rule groups namespace.

" - }, "name":{ "shape":"RuleGroupsNamespaceName", "documentation":"

The name of the new rule groups namespace.

" }, + "arn":{ + "shape":"RuleGroupsNamespaceArn", + "documentation":"

The Amazon Resource Name (ARN) of the new rule groups namespace.

" + }, "status":{ "shape":"RuleGroupsNamespaceStatus", "documentation":"

A structure that returns the current status of the rule groups namespace.

" @@ -782,31 +1430,35 @@ "CreateScraperRequest":{ "type":"structure", "required":[ - "destination", "scrapeConfiguration", - "source" + "source", + "destination" ], "members":{ "alias":{ "shape":"ScraperAlias", "documentation":"

(optional) An alias to associate with the scraper. This is for your use, and does not need to be unique.

" }, - "clientToken":{ - "shape":"IdempotencyToken", - "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", - "idempotencyToken":true - }, - "destination":{ - "shape":"Destination", - "documentation":"

The Amazon Managed Service for Prometheus workspace to send metrics to.

" - }, "scrapeConfiguration":{ "shape":"ScrapeConfiguration", "documentation":"

The configuration file to use in the new scraper. For more information, see Scraper configuration in the Amazon Managed Service for Prometheus User Guide.

" }, "source":{ "shape":"Source", - "documentation":"

The Amazon EKS cluster from which the scraper will collect metrics.

" + "documentation":"

The Amazon EKS or Amazon Web Services cluster from which the scraper will collect metrics.

" + }, + "destination":{ + "shape":"Destination", + "documentation":"

The Amazon Managed Service for Prometheus workspace to send metrics to.

" + }, + "roleConfiguration":{ + "shape":"RoleConfiguration", + "documentation":"

Use this structure to enable cross-account access, so that you can use a target account to access Prometheus metrics from source accounts.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", @@ -818,19 +1470,19 @@ "CreateScraperResponse":{ "type":"structure", "required":[ - "arn", "scraperId", + "arn", "status" ], "members":{ - "arn":{ - "shape":"ScraperArn", - "documentation":"

The Amazon Resource Name (ARN) of the new scraper.

" - }, "scraperId":{ "shape":"ScraperId", "documentation":"

The ID of the new scraper.

" }, + "arn":{ + "shape":"ScraperArn", + "documentation":"

The Amazon Resource Name (ARN) of the new scraper.

" + }, "status":{ "shape":"ScraperStatus", "documentation":"

A structure that displays the current status of the scraper.

" @@ -854,13 +1506,13 @@ "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", "idempotencyToken":true }, - "kmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

(optional) The ARN for a customer managed KMS key to use for encrypting data within your workspace. For more information about using your own key in your workspace, see Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

" - }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values to associate with the workspace.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

(optional) The ARN for a customer managed KMS key to use for encrypting data within your workspace. For more information about using your own key in your workspace, see Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

" } }, "documentation":"

Represents the input of a CreateWorkspace operation.

" @@ -868,19 +1520,19 @@ "CreateWorkspaceResponse":{ "type":"structure", "required":[ + "workspaceId", "arn", - "status", - "workspaceId" + "status" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The unique ID for the new workspace.

" + }, "arn":{ "shape":"WorkspaceArn", "documentation":"

The ARN for the new workspace.

" }, - "kmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" - }, "status":{ "shape":"WorkspaceStatus", "documentation":"

The current status of the new workspace. Immediately after you create the workspace, the status is usually CREATING.

" @@ -889,9 +1541,9 @@ "shape":"TagMap", "documentation":"

The list of tag keys and values that are associated with the workspace.

" }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The unique ID for the new workspace.

" + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" } }, "documentation":"

Represents the output of a CreateWorkspace operation.

" @@ -900,87 +1552,178 @@ "type":"structure", "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to delete the alert manager definition from.

", + "location":"uri", + "locationName":"workspaceId" + }, "clientToken":{ "shape":"IdempotencyToken", "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" - }, + } + }, + "documentation":"

Represents the input of a DeleteAlertManagerDefinition operation.

" + }, + "DeleteAnomalyDetectorRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "anomalyDetectorId" + ], + "members":{ "workspaceId":{ "shape":"WorkspaceId", - "documentation":"

The ID of the workspace to delete the alert manager definition from.

", + "documentation":"

The identifier of the workspace containing the anomaly detector to delete.

", "location":"uri", "locationName":"workspaceId" + }, + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The identifier of the anomaly detector to delete.

", + "location":"uri", + "locationName":"anomalyDetectorId" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } - }, - "documentation":"

Represents the input of a DeleteAlertManagerDefinition operation.

" + } }, "DeleteLoggingConfigurationRequest":{ "type":"structure", "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace containing the logging configuration to delete.

", + "location":"uri", + "locationName":"workspaceId" + }, "clientToken":{ "shape":"IdempotencyToken", "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" - }, + } + }, + "documentation":"

Represents the input of a DeleteLoggingConfiguration operation.

" + }, + "DeleteQueryLoggingConfigurationRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ "workspaceId":{ "shape":"WorkspaceId", - "documentation":"

The ID of the workspace containing the logging configuration to delete.

", + "documentation":"

The ID of the workspace from which to delete the query logging configuration.

", "location":"uri", "locationName":"workspaceId" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } - }, - "documentation":"

Represents the input of a DeleteLoggingConfiguration operation.

" + } }, - "DeleteRuleGroupsNamespaceRequest":{ + "DeleteResourcePolicyRequest":{ "type":"structure", - "required":[ - "name", - "workspaceId" - ], + "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace from which to delete the resource-based policy.

", + "location":"uri", + "locationName":"workspaceId" + }, "clientToken":{ "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).

", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" }, + "revisionId":{ + "shape":"String", + "documentation":"

The revision ID of the policy to delete. Use this parameter to ensure that you are deleting the correct version of the policy.

", + "location":"querystring", + "locationName":"revisionId" + } + } + }, + "DeleteRuleGroupsNamespaceRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "name" + ], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace containing the rule groups namespace and definition to delete.

", + "location":"uri", + "locationName":"workspaceId" + }, "name":{ "shape":"RuleGroupsNamespaceName", "documentation":"

The name of the rule groups namespace to delete.

", "location":"uri", "locationName":"name" }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The ID of the workspace containing the rule groups namespace and definition to delete.

", - "location":"uri", - "locationName":"workspaceId" + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } }, "documentation":"

Represents the input of a DeleteRuleGroupsNamespace operation.

" }, - "DeleteScraperRequest":{ + "DeleteScraperLoggingConfigurationRequest":{ "type":"structure", "required":["scraperId"], "members":{ + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper whose logging configuration will be deleted.

", + "location":"uri", + "locationName":"scraperId" + }, "clientToken":{ "shape":"IdempotencyToken", - "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the request is processed exactly once.

", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" - }, + } + } + }, + "DeleteScraperRequest":{ + "type":"structure", + "required":["scraperId"], + "members":{ "scraperId":{ "shape":"ScraperId", "documentation":"

The ID of the scraper to delete.

", "location":"uri", "locationName":"scraperId" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } }, "documentation":"

Represents the input of a DeleteScraper operation.

" @@ -1007,18 +1750,18 @@ "type":"structure", "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to delete.

", + "location":"uri", + "locationName":"workspaceId" + }, "clientToken":{ "shape":"IdempotencyToken", "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", "idempotencyToken":true, "location":"querystring", "locationName":"clientToken" - }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The ID of the workspace to delete.

", - "location":"uri", - "locationName":"workspaceId" } }, "documentation":"

Represents the input of a DeleteWorkspace operation.

" @@ -1047,6 +1790,37 @@ }, "documentation":"

Represents the output of a DescribeAlertManagerDefinition operation.

" }, + "DescribeAnomalyDetectorRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "anomalyDetectorId" + ], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The identifier of the workspace containing the anomaly detector.

", + "location":"uri", + "locationName":"workspaceId" + }, + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The identifier of the anomaly detector to describe.

", + "location":"uri", + "locationName":"anomalyDetectorId" + } + } + }, + "DescribeAnomalyDetectorResponse":{ + "type":"structure", + "required":["anomalyDetector"], + "members":{ + "anomalyDetector":{ + "shape":"AnomalyDetectorDescription", + "documentation":"

The detailed information about the anomaly detector.

" + } + } + }, "DescribeLoggingConfigurationRequest":{ "type":"structure", "required":["workspaceId"], @@ -1071,24 +1845,80 @@ }, "documentation":"

Represents the output of a DescribeLoggingConfiguration operation.

" }, - "DescribeRuleGroupsNamespaceRequest":{ + "DescribeQueryLoggingConfigurationRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace for which to retrieve the query logging configuration.

", + "location":"uri", + "locationName":"workspaceId" + } + } + }, + "DescribeQueryLoggingConfigurationResponse":{ + "type":"structure", + "required":["queryLoggingConfiguration"], + "members":{ + "queryLoggingConfiguration":{ + "shape":"QueryLoggingConfigurationMetadata", + "documentation":"

The detailed information about the query logging configuration for the specified workspace.

" + } + } + }, + "DescribeResourcePolicyRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to describe the resource-based policy for.

", + "location":"uri", + "locationName":"workspaceId" + } + } + }, + "DescribeResourcePolicyResponse":{ "type":"structure", "required":[ - "name", - "workspaceId" + "policyDocument", + "policyStatus", + "revisionId" ], "members":{ - "name":{ - "shape":"RuleGroupsNamespaceName", - "documentation":"

The name of the rule groups namespace that you want information for.

", - "location":"uri", - "locationName":"name" + "policyDocument":{ + "shape":"String", + "documentation":"

The JSON policy document for the resource-based policy attached to the workspace.

" + }, + "policyStatus":{ + "shape":"WorkspacePolicyStatusCode", + "documentation":"

The current status of the resource-based policy.

" }, + "revisionId":{ + "shape":"String", + "documentation":"

The revision ID of the current resource-based policy.

" + } + } + }, + "DescribeRuleGroupsNamespaceRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "name" + ], + "members":{ "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace containing the rule groups namespace.

", "location":"uri", "locationName":"workspaceId" + }, + "name":{ + "shape":"RuleGroupsNamespaceName", + "documentation":"

The name of the rule groups namespace that you want information for.

", + "location":"uri", + "locationName":"name" } }, "documentation":"

Represents the input of a DescribeRuleGroupsNamespace operation.

" @@ -1104,6 +1934,50 @@ }, "documentation":"

Represents the output of a DescribeRuleGroupsNamespace operation.

" }, + "DescribeScraperLoggingConfigurationRequest":{ + "type":"structure", + "required":["scraperId"], + "members":{ + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper whose logging configuration will be described.

", + "location":"uri", + "locationName":"scraperId" + } + } + }, + "DescribeScraperLoggingConfigurationResponse":{ + "type":"structure", + "required":[ + "status", + "scraperId", + "loggingDestination", + "scraperComponents", + "modifiedAt" + ], + "members":{ + "status":{ + "shape":"ScraperLoggingConfigurationStatus", + "documentation":"

The status of the scraper logging configuration.

" + }, + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper.

" + }, + "loggingDestination":{ + "shape":"ScraperLoggingDestination", + "documentation":"

The destination where scraper logs are sent.

" + }, + "scraperComponents":{ + "shape":"ScraperComponents", + "documentation":"

The list of scraper components configured for logging.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the logging configuration was last modified.

" + } + } + }, "DescribeScraperRequest":{ "type":"structure", "required":["scraperId"], @@ -1128,6 +2002,28 @@ }, "documentation":"

Represents the output of a DescribeScraper operation.

" }, + "DescribeWorkspaceConfigurationRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace that you want to retrieve information for. To find the IDs of your workspaces, use the ListWorkspaces operation.

", + "location":"uri", + "locationName":"workspaceId" + } + } + }, + "DescribeWorkspaceConfigurationResponse":{ + "type":"structure", + "required":["workspaceConfiguration"], + "members":{ + "workspaceConfiguration":{ + "shape":"WorkspaceConfigurationDescription", + "documentation":"

This structure contains the information about the workspace configuration.

" + } + } + }, "DescribeWorkspaceRequest":{ "type":"structure", "required":["workspaceId"], @@ -1206,8 +2102,7 @@ }, "GetDefaultScraperConfigurationRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the input of a GetDefaultScraperConfiguration operation.

" }, "GetDefaultScraperConfigurationResponse":{ @@ -1223,14 +2118,40 @@ }, "IamRoleArn":{ "type":"string", - "documentation":"

An ARN identifying an IAM role used by the scraper.

" + "documentation":"

An ARN identifying an IAM role used by the scraper.

", + "pattern":"arn:aws[-a-z]*:iam::[0-9]{12}:role/.+" }, "IdempotencyToken":{ "type":"string", "documentation":"

An identifier used to ensure the idempotency of a write request.

", "max":64, "min":1, - "pattern":"^[!-~]+$" + "pattern":"[!-~]+" + }, + "IgnoreNearExpected":{ + "type":"structure", + "members":{ + "amount":{ + "shape":"IgnoreNearExpectedAmountDouble", + "documentation":"

The absolute amount by which values can differ from expected values before being considered anomalous.

" + }, + "ratio":{ + "shape":"IgnoreNearExpectedRatioDouble", + "documentation":"

The ratio by which values can differ from expected values before being considered anomalous.

" + } + }, + "documentation":"

Configuration for threshold settings that determine when values near expected values should be ignored during anomaly detection.

", + "union":true + }, + "IgnoreNearExpectedAmountDouble":{ + "type":"double", + "box":true, + "min":0 + }, + "IgnoreNearExpectedRatioDouble":{ + "type":"double", + "box":true, + "min":0 }, "Integer":{ "type":"integer", @@ -1262,18 +2183,119 @@ "documentation":"

A KMS Key ARN.

", "max":2048, "min":20, - "pattern":"^arn:aws:kms:[a-z0-9\\-]+:\\d+:key/[a-f0-9\\-]+$" + "pattern":"arn:aws[-a-z]*:kms:[-a-z0-9]+:[0-9]{12}:key/[-a-f0-9]+" }, - "ListRuleGroupsNamespacesRequest":{ + "LabelName":{ + "type":"string", + "min":1, + "pattern":"[a-zA-Z_][a-zA-Z0-9_]*" + }, + "LabelSet":{ + "type":"map", + "key":{"shape":"LabelName"}, + "value":{"shape":"LabelValue"} + }, + "LabelValue":{ + "type":"string", + "min":1 + }, + "LimitsPerLabelSet":{ + "type":"structure", + "required":[ + "limits", + "labelSet" + ], + "members":{ + "limits":{ + "shape":"LimitsPerLabelSetEntry", + "documentation":"

This structure contains the information about the limits that apply to time series that match this label set.

" + }, + "labelSet":{ + "shape":"LabelSet", + "documentation":"

This defines one label set that will have an enforced active time series limit.

Label values accept ASCII characters and must contain at least one character that isn't whitespace. ASCII control characters are not accepted. If the label name is metric name label __name__, then the metric part of the name must conform to the following pattern: [a-zA-Z_:][a-zA-Z0-9_:]*

" + } + }, + "documentation":"

This structure defines one label set used to enforce active time series limits for the workspace, and defines the limit for that label set.

A label set is a unique combination of label-value pairs. Use them to control time series limits and to monitor usage by specific label groups. Example label sets might be team:finance or env:prod

" + }, + "LimitsPerLabelSetEntry":{ + "type":"structure", + "members":{ + "maxSeries":{ + "shape":"LimitsPerLabelSetEntryMaxSeriesLong", + "documentation":"

The maximum number of active series that can be ingested that match this label set.

Setting this to 0 causes no label set limit to be enforced, but it does cause Amazon Managed Service for Prometheus to vend label set metrics to CloudWatch

" + } + }, + "documentation":"

This structure contains the information about the limits that apply to time series that match one label set.

" + }, + "LimitsPerLabelSetEntryMaxSeriesLong":{ + "type":"long", + "box":true, + "min":0 + }, + "LimitsPerLabelSetList":{ + "type":"list", + "member":{"shape":"LimitsPerLabelSet"} + }, + "ListAnomalyDetectorsRequest":{ "type":"structure", "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The identifier of the workspace containing the anomaly detectors to list.

", + "location":"uri", + "locationName":"workspaceId" + }, + "alias":{ + "shape":"AnomalyDetectorAlias", + "documentation":"

Filters the results to anomaly detectors with the specified alias.

", + "location":"querystring", + "locationName":"alias" + }, "maxResults":{ - "shape":"ListRuleGroupsNamespacesRequestMaxResultsInteger", - "documentation":"

The maximum number of results to return. The default is 100.

", + "shape":"ListAnomalyDetectorsRequestMaxResultsInteger", + "documentation":"

The maximum number of results to return in a single call. Valid range is 1 to 1000.

", "location":"querystring", "locationName":"maxResults" }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token to continue retrieving results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAnomalyDetectorsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListAnomalyDetectorsResponse":{ + "type":"structure", + "required":["anomalyDetectors"], + "members":{ + "anomalyDetectors":{ + "shape":"AnomalyDetectorSummaryList", + "documentation":"

The list of anomaly detectors in the workspace.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token to retrieve the next set of results.

" + } + } + }, + "ListRuleGroupsNamespacesRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace containing the rule groups namespaces.

", + "location":"uri", + "locationName":"workspaceId" + }, "name":{ "shape":"RuleGroupsNamespaceName", "documentation":"

Use this parameter to filter the rule groups namespaces that are returned. Only the namespaces with names that begin with the value that you specify are returned.

", @@ -1286,11 +2308,11 @@ "location":"querystring", "locationName":"nextToken" }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The ID of the workspace containing the rule groups namespaces.

", - "location":"uri", - "locationName":"workspaceId" + "maxResults":{ + "shape":"ListRuleGroupsNamespacesRequestMaxResultsInteger", + "documentation":"

The maximum number of results to return. The default is 100.

", + "location":"querystring", + "locationName":"maxResults" } }, "documentation":"

Represents the input of a ListRuleGroupsNamespaces operation.

" @@ -1305,13 +2327,13 @@ "type":"structure", "required":["ruleGroupsNamespaces"], "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListRuleGroupsNamespaces request to retrieve those results.

" - }, "ruleGroupsNamespaces":{ "shape":"RuleGroupsNamespaceSummaryList", "documentation":"

The returned list of rule groups namespaces.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListRuleGroupsNamespaces request to retrieve those results.

" } }, "documentation":"

Represents the output of a ListRuleGroupsNamespaces operation.

" @@ -1324,17 +2346,17 @@ "documentation":"

(Optional) A list of key-value pairs to filter the list of scrapers returned. Keys include status, sourceArn, destinationArn, and alias.

Filters on the same key are OR'd together, and filters on different keys are AND'd together. For example, status=ACTIVE&status=CREATING&alias=Test, will return all scrapers that have the alias Test, and are either in status ACTIVE or CREATING.

To find all active scrapers that are sending metrics to a specific Amazon Managed Service for Prometheus workspace, you would use the ARN of the workspace in a query:

status=ACTIVE&destinationArn=arn:aws:aps:us-east-1:123456789012:workspace/ws-example1-1234-abcd-56ef-123456789012

If this is included, it filters the results to only the scrapers that match the filter.

", "location":"querystring" }, - "maxResults":{ - "shape":"ListScrapersRequestMaxResultsInteger", - "documentation":"

Optional) The maximum number of scrapers to return in one ListScrapers operation. The range is 1-1000.

If you omit this parameter, the default of 100 is used.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

(Optional) The token for the next set of items to return. (You received this token from a previous call.)

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListScrapersRequestMaxResultsInteger", + "documentation":"

Optional) The maximum number of scrapers to return in one ListScrapers operation. The range is 1-1000.

If you omit this parameter, the default of 100 is used.

", + "location":"querystring", + "locationName":"maxResults" } }, "documentation":"

Represents the input of a ListScrapers operation.

" @@ -1349,13 +2371,13 @@ "type":"structure", "required":["scrapers"], "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListScrapers operation to retrieve those results.

" - }, "scrapers":{ "shape":"ScraperSummaryList", "documentation":"

A list of ScraperSummary structures giving information about scrapers in the account that match the filters provided.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListScrapers operation to retrieve those results.

" } }, "documentation":"

Represents the output of a ListScrapers operation.

" @@ -1384,6 +2406,12 @@ "ListWorkspacesRequest":{ "type":"structure", "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of items to return. You receive this token from a previous call, and use it to get the next page of results. The other parameters must be the same as the initial call.

For example, if your initial request has maxResults of 10, and there are 12 workspaces to return, then your initial request will return 10 and a nextToken. Using the next token in a subsequent call will return the remaining 2 workspaces.

", + "location":"querystring", + "locationName":"nextToken" + }, "alias":{ "shape":"WorkspaceAlias", "documentation":"

If this is included, it filters the results to only the workspaces with names that start with the value that you specify here.

Amazon Managed Service for Prometheus will automatically strip any blank spaces from the beginning and end of the alias that you specify.

", @@ -1395,12 +2423,6 @@ "documentation":"

The maximum number of workspaces to return per request. The default is 100.

", "location":"querystring", "locationName":"maxResults" - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

The token for the next set of items to return. You receive this token from a previous call, and use it to get the next page of results. The other parameters must be the same as the initial call.

For example, if your initial request has maxResults of 10, and there are 12 workspaces to return, then your initial request will return 10 and a nextToken. Using the next token in a subsequent call will return the remaining 2 workspaces.

", - "location":"querystring", - "locationName":"nextToken" } }, "documentation":"

Represents the input of a ListWorkspaces operation.

" @@ -1415,53 +2437,53 @@ "type":"structure", "required":["workspaces"], "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListWorkspaces request to retrieve those results.

" - }, "workspaces":{ "shape":"WorkspaceSummaryList", "documentation":"

An array of WorkspaceSummary structures containing information about the workspaces requested.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A token indicating that there are more results to retrieve. You can use this token as part of your next ListWorkspaces request to retrieve those results.

" } }, "documentation":"

Represents the output of a ListWorkspaces operation.

" }, "LogGroupArn":{ "type":"string", - "pattern":"^arn:aws[a-z0-9-]*:logs:[a-z0-9-]+:\\d{12}:log-group:[A-Za-z0-9\\.\\-\\_\\#/]{1,512}\\:\\*$" + "pattern":"arn:aws[a-z0-9-]*:logs:[a-z0-9-]+:[0-9]{12}:log-group:[A-Za-z0-9\\.\\-\\_\\#/]{1,512}\\:\\*" }, "LoggingConfigurationMetadata":{ "type":"structure", "required":[ - "createdAt", - "logGroupArn", - "modifiedAt", "status", - "workspace" + "workspace", + "logGroupArn", + "createdAt", + "modifiedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the logging configuration was created.

" + "status":{ + "shape":"LoggingConfigurationStatus", + "documentation":"

The current status of the logging configuration.

" + }, + "workspace":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace the logging configuration is for.

" }, "logGroupArn":{ "shape":"LogGroupArn", "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the logging configuration was created.

" + }, "modifiedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the logging configuration was most recently changed.

" - }, - "status":{ - "shape":"LoggingConfigurationStatus", - "documentation":"

The current status of the logging configuration.

" - }, - "workspace":{ - "shape":"WorkspaceId", - "documentation":"

The ID of the workspace the logging configuration is for.

" } }, - "documentation":"

Contains information about the logging configuration for the workspace.

" + "documentation":"

Contains information about the current rules and alerting logging configuration for the workspace.

These logging configurations are only for rules and alerting logs.

" }, "LoggingConfigurationStatus":{ "type":"structure", @@ -1469,7 +2491,7 @@ "members":{ "statusCode":{ "shape":"LoggingConfigurationStatusCode", - "documentation":"

The current status of the logging configuration.

" + "documentation":"

The current status of the current rules and alerting logging configuration.

These logging configurations are only for rules and alerting logs.

" }, "statusReason":{ "shape":"String", @@ -1490,33 +2512,90 @@ "UPDATE_FAILED" ] }, + "LoggingDestination":{ + "type":"structure", + "required":[ + "cloudWatchLogs", + "filters" + ], + "members":{ + "cloudWatchLogs":{ + "shape":"CloudWatchLogDestination", + "documentation":"

Configuration details for logging to CloudWatch Logs.

" + }, + "filters":{ + "shape":"LoggingFilter", + "documentation":"

Filtering criteria that determine which queries are logged.

" + } + }, + "documentation":"

Defines a destination and its associated filtering criteria for query logging.

" + }, + "LoggingDestinations":{ + "type":"list", + "member":{"shape":"LoggingDestination"}, + "documentation":"

A list structure that contains a single CloudWatch Logs destination.

", + "max":1, + "min":1 + }, + "LoggingFilter":{ + "type":"structure", + "required":["qspThreshold"], + "members":{ + "qspThreshold":{ + "shape":"LoggingFilterQspThresholdLong", + "documentation":"

The Query Samples Processed (QSP) threshold above which queries will be logged. Queries processing more samples than this threshold will be captured in logs.

" + } + }, + "documentation":"

Filtering criteria that determine which queries are logged.

" + }, + "LoggingFilterQspThresholdLong":{ + "type":"long", + "box":true, + "min":0 + }, "PaginationToken":{ "type":"string", "documentation":"

A token used to access the next page in a paginated result set.

", "max":1000, "min":0 }, + "PrometheusMetricLabelKey":{ + "type":"string", + "max":7168, + "min":1, + "pattern":"(?!__)[a-zA-Z_][a-zA-Z0-9_]*" + }, + "PrometheusMetricLabelMap":{ + "type":"map", + "key":{"shape":"PrometheusMetricLabelKey"}, + "value":{"shape":"PrometheusMetricLabelValue"} + }, + "PrometheusMetricLabelValue":{ + "type":"string", + "max":7168, + "min":1 + }, "PutAlertManagerDefinitionRequest":{ "type":"structure", "required":[ - "data", - "workspaceId" + "workspaceId", + "data" ], "members":{ - "clientToken":{ - "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", - "idempotencyToken":true - }, - "data":{ - "shape":"AlertManagerDefinitionData", - "documentation":"

The alert manager definition to use. A base64-encoded version of the YAML alert manager definition file.

For details about the alert manager definition, see AlertManagedDefinitionData.

" - }, "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace to update the alert manager definition in.

", "location":"uri", "locationName":"workspaceId" + }, + "data":{ + "shape":"AlertManagerDefinitionData", + "documentation":"

The alert manager definition to use. A base64-encoded version of the YAML alert manager definition file.

For details about the alert manager definition, see AlertManagedDefinitionData.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } }, "documentation":"

Represents the input of a PutAlertManagerDefinition operation.

" @@ -1532,34 +2611,148 @@ }, "documentation":"

Represents the output of a PutAlertManagerDefinition operation.

" }, - "PutRuleGroupsNamespaceRequest":{ + "PutAnomalyDetectorRequest":{ "type":"structure", "required":[ - "data", - "name", - "workspaceId" + "workspaceId", + "anomalyDetectorId", + "configuration" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The identifier of the workspace containing the anomaly detector to update.

", + "location":"uri", + "locationName":"workspaceId" + }, + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The identifier of the anomaly detector to update.

", + "location":"uri", + "locationName":"anomalyDetectorId" + }, + "evaluationIntervalInSeconds":{ + "shape":"AnomalyDetectorEvaluationInterval", + "documentation":"

The frequency, in seconds, at which the anomaly detector evaluates metrics.

" + }, + "missingDataAction":{ + "shape":"AnomalyDetectorMissingDataAction", + "documentation":"

Specifies the action to take when data is missing during evaluation.

" + }, + "configuration":{ + "shape":"AnomalyDetectorConfiguration", + "documentation":"

The algorithm configuration for the anomaly detector.

" + }, + "labels":{ + "shape":"PrometheusMetricLabelMap", + "documentation":"

The Amazon Managed Service for Prometheus metric labels to associate with the anomaly detector.

" + }, "clientToken":{ "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", "idempotencyToken":true + } + } + }, + "PutAnomalyDetectorResponse":{ + "type":"structure", + "required":[ + "anomalyDetectorId", + "arn", + "status" + ], + "members":{ + "anomalyDetectorId":{ + "shape":"AnomalyDetectorId", + "documentation":"

The unique identifier of the updated anomaly detector.

" }, - "data":{ - "shape":"RuleGroupsNamespaceData", - "documentation":"

The new rules file to use in the namespace. A base64-encoded version of the YAML rule groups file.

For details about the rule groups namespace structure, see RuleGroupsNamespaceData.

" + "arn":{ + "shape":"AnomalyDetectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the updated anomaly detector.

" }, - "name":{ - "shape":"RuleGroupsNamespaceName", - "documentation":"

The name of the rule groups namespace that you are updating.

", + "status":{ + "shape":"AnomalyDetectorStatus", + "documentation":"

The status information of the updated anomaly detector.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags applied to the updated anomaly detector.

" + } + } + }, + "PutResourcePolicyRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "policyDocument" + ], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to attach the resource-based policy to.

", "location":"uri", - "locationName":"name" + "locationName":"workspaceId" + }, + "policyDocument":{ + "shape":"String", + "documentation":"

The JSON policy document to use as the resource-based policy. This policy defines the permissions that other AWS accounts or services have to access your workspace.

" }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).

", + "idempotencyToken":true + }, + "revisionId":{ + "shape":"String", + "documentation":"

The revision ID of the policy to update. Use this parameter to ensure that you are updating the correct version of the policy. If you don't specify a revision ID, the policy is updated regardless of its current revision.

For the first PUT request on a workspace that doesn't have an existing resource policy, you can specify NO_POLICY as the revision ID.

" + } + } + }, + "PutResourcePolicyResponse":{ + "type":"structure", + "required":[ + "policyStatus", + "revisionId" + ], + "members":{ + "policyStatus":{ + "shape":"WorkspacePolicyStatusCode", + "documentation":"

The current status of the resource-based policy.

" + }, + "revisionId":{ + "shape":"String", + "documentation":"

The revision ID of the newly created or updated resource-based policy.

" + } + } + }, + "PutRuleGroupsNamespaceRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "name", + "data" + ], + "members":{ "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace where you are updating the rule groups namespace.

", "location":"uri", "locationName":"workspaceId" + }, + "name":{ + "shape":"RuleGroupsNamespaceName", + "documentation":"

The name of the rule groups namespace that you are updating.

", + "location":"uri", + "locationName":"name" + }, + "data":{ + "shape":"RuleGroupsNamespaceData", + "documentation":"

The new rules file to use in the namespace. A base64-encoded version of the YAML rule groups file.

For details about the rule groups namespace structure, see RuleGroupsNamespaceData.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } }, "documentation":"

Represents the input of a PutRuleGroupsNamespace operation.

" @@ -1567,19 +2760,19 @@ "PutRuleGroupsNamespaceResponse":{ "type":"structure", "required":[ - "arn", "name", + "arn", "status" ], "members":{ - "arn":{ - "shape":"RuleGroupsNamespaceArn", - "documentation":"

The ARN of the rule groups namespace.

" - }, "name":{ "shape":"RuleGroupsNamespaceName", "documentation":"

The name of the rule groups namespace that was updated.

" }, + "arn":{ + "shape":"RuleGroupsNamespaceArn", + "documentation":"

The ARN of the rule groups namespace.

" + }, "status":{ "shape":"RuleGroupsNamespaceStatus", "documentation":"

A structure that includes the current status of the rule groups namespace.

" @@ -1591,6 +2784,109 @@ }, "documentation":"

Represents the output of a PutRuleGroupsNamespace operation.

" }, + "QueryLoggingConfigurationMetadata":{ + "type":"structure", + "required":[ + "status", + "workspace", + "destinations", + "createdAt", + "modifiedAt" + ], + "members":{ + "status":{ + "shape":"QueryLoggingConfigurationStatus", + "documentation":"

The current status of the query logging configuration.

" + }, + "workspace":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace associated with this query logging configuration.

" + }, + "destinations":{ + "shape":"LoggingDestinations", + "documentation":"

The configured destinations for the query logging configuration.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the query logging configuration was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the query logging configuration was last modified.

" + } + }, + "documentation":"

The metadata for a query logging configuration.

" + }, + "QueryLoggingConfigurationStatus":{ + "type":"structure", + "required":["statusCode"], + "members":{ + "statusCode":{ + "shape":"QueryLoggingConfigurationStatusCode", + "documentation":"

The current status of the query logging configuration.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

If there is a failure, the reason for the failure.

" + } + }, + "documentation":"

The status information for a query logging configuration.

" + }, + "QueryLoggingConfigurationStatusCode":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATION_FAILED", + "UPDATE_FAILED" + ] + }, + "RandomCutForestConfiguration":{ + "type":"structure", + "required":["query"], + "members":{ + "query":{ + "shape":"RandomCutForestQuery", + "documentation":"

The Prometheus query used to retrieve the time-series data for anomaly detection.

Random Cut Forest queries must be wrapped by a supported PromQL aggregation operator. For more information, see Aggregation operators on the Prometheus docs website.

Supported PromQL aggregation operators: avg, count, group, max, min, quantile, stddev, stdvar, and sum.

" + }, + "shingleSize":{ + "shape":"RandomCutForestConfigurationShingleSizeInteger", + "documentation":"

The number of consecutive data points used to create a shingle for the Random Cut Forest algorithm. The default number is 8 consecutive data points.

" + }, + "sampleSize":{ + "shape":"RandomCutForestConfigurationSampleSizeInteger", + "documentation":"

The number of data points sampled from the input stream for the Random Cut Forest algorithm. The default number is 256 consecutive data points.

" + }, + "ignoreNearExpectedFromAbove":{ + "shape":"IgnoreNearExpected", + "documentation":"

Configuration for ignoring values that are near expected values from above during anomaly detection.

" + }, + "ignoreNearExpectedFromBelow":{ + "shape":"IgnoreNearExpected", + "documentation":"

Configuration for ignoring values that are near expected values from below during anomaly detection.

" + } + }, + "documentation":"

Configuration for the Random Cut Forest algorithm used for anomaly detection in time-series data.

" + }, + "RandomCutForestConfigurationSampleSizeInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":256 + }, + "RandomCutForestConfigurationShingleSizeInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":2 + }, + "RandomCutForestQuery":{ + "type":"string", + "max":8192, + "min":1 + }, "ResourceNotFoundException":{ "type":"structure", "required":[ @@ -1619,6 +2915,20 @@ }, "exception":true }, + "RoleConfiguration":{ + "type":"structure", + "members":{ + "sourceRoleArn":{ + "shape":"IamRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the role used in the source account to enable cross-account scraping. For information about the contents of this policy, see Cross-account setup.

" + }, + "targetRoleArn":{ + "shape":"IamRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the role used in the target account to enable cross-account scraping. For information about the contents of this policy, see Cross-account setup.

" + } + }, + "documentation":"

Use this structure to enable cross-account access, so that you can use a target account to access Prometheus metrics from source accounts.

" + }, "RuleGroupsNamespaceArn":{ "type":"string", "documentation":"

An ARN identifying a rule groups namespace.

" @@ -1631,37 +2941,37 @@ "type":"structure", "required":[ "arn", - "createdAt", - "data", - "modifiedAt", "name", - "status" + "status", + "data", + "createdAt", + "modifiedAt" ], "members":{ "arn":{ "shape":"RuleGroupsNamespaceArn", "documentation":"

The ARN of the rule groups namespace. For example, arn:aws:aps:<region>:123456789012:rulegroupsnamespace/ws-example1-1234-abcd-5678-ef90abcd1234/rulesfile1.

" }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the rule groups namespace was created.

" + "name":{ + "shape":"RuleGroupsNamespaceName", + "documentation":"

The name of the rule groups namespace.

" + }, + "status":{ + "shape":"RuleGroupsNamespaceStatus", + "documentation":"

The current status of the rule groups namespace.

" }, "data":{ "shape":"RuleGroupsNamespaceData", "documentation":"

The rule groups file used in the namespace.

For details about the rule groups namespace structure, see RuleGroupsNamespaceData.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the rule groups namespace was created.

" + }, "modifiedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the rule groups namespace was most recently changed.

" }, - "name":{ - "shape":"RuleGroupsNamespaceName", - "documentation":"

The name of the rule groups namespace.

" - }, - "status":{ - "shape":"RuleGroupsNamespaceStatus", - "documentation":"

The current status of the rule groups namespace.

" - }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values that are associated with the rule groups namespace.

" @@ -1672,9 +2982,9 @@ "RuleGroupsNamespaceName":{ "type":"string", "documentation":"

The name of the namespace that the rule group belong to.

", - "max":64, + "max":128, "min":1, - "pattern":"[0-9A-Za-z][-.0-9A-Z_a-z]*" + "pattern":".*[0-9A-Za-z][-.0-9A-Z_a-z]*.*" }, "RuleGroupsNamespaceStatus":{ "type":"structure", @@ -1707,24 +3017,16 @@ "type":"structure", "required":[ "arn", - "createdAt", - "modifiedAt", "name", - "status" + "status", + "createdAt", + "modifiedAt" ], "members":{ "arn":{ "shape":"RuleGroupsNamespaceArn", "documentation":"

The ARN of the rule groups namespace.

" }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the rule groups namespace was created.

" - }, - "modifiedAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the rule groups namespace was most recently changed.

" - }, "name":{ "shape":"RuleGroupsNamespaceName", "documentation":"

The name of the rule groups namespace.

" @@ -1733,6 +3035,14 @@ "shape":"RuleGroupsNamespaceStatus", "documentation":"

A structure that displays the current status of the rule groups namespace.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the rule groups namespace was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the rule groups namespace was most recently changed.

" + }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values that are associated with the rule groups namespace.

" @@ -1761,73 +3071,105 @@ "documentation":"

An optional user-assigned scraper alias.

", "max":100, "min":1, - "pattern":"^[0-9A-Za-z][-.0-9A-Z_a-z]*$" + "pattern":"[0-9A-Za-z][-.0-9A-Z_a-z]*" }, "ScraperArn":{ "type":"string", "documentation":"

An ARN identifying a scrape configuration.

" }, + "ScraperComponent":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ScraperComponentType", + "documentation":"

The type of the scraper component.

" + }, + "config":{ + "shape":"ComponentConfig", + "documentation":"

The configuration settings for the scraper component.

" + } + }, + "documentation":"

A component of a Amazon Managed Service for Prometheus scraper that can be configured for logging.

" + }, + "ScraperComponentType":{ + "type":"string", + "enum":[ + "SERVICE_DISCOVERY", + "COLLECTOR", + "EXPORTER" + ] + }, + "ScraperComponents":{ + "type":"list", + "member":{"shape":"ScraperComponent"}, + "min":1 + }, "ScraperDescription":{ "type":"structure", "required":[ + "scraperId", "arn", + "roleArn", + "status", "createdAt", - "destination", "lastModifiedAt", - "roleArn", "scrapeConfiguration", - "scraperId", "source", - "status" + "destination" ], "members":{ "alias":{ "shape":"ScraperAlias", "documentation":"

(Optional) A name associated with the scraper.

" }, + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper. For example, s-example1-1234-abcd-5678-ef9012abcd34.

" + }, "arn":{ "shape":"ScraperArn", "documentation":"

The Amazon Resource Name (ARN) of the scraper. For example, arn:aws:aps:<region>:123456798012:scraper/s-example1-1234-abcd-5678-ef9012abcd34.

" }, + "roleArn":{ + "shape":"IamRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the scraper to discover and collect metrics on your behalf.

For example, arn:aws:iam::123456789012:role/service-role/AmazonGrafanaServiceRole-12example.

" + }, + "status":{ + "shape":"ScraperStatus", + "documentation":"

A structure that contains the current status of the scraper.

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The date and time that the scraper was created.

" }, - "destination":{ - "shape":"Destination", - "documentation":"

The Amazon Managed Service for Prometheus workspace the scraper sends metrics to.

" - }, "lastModifiedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the scraper was last modified.

" }, - "roleArn":{ - "shape":"IamRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the scraper to discover and collect metrics on your behalf.

For example, arn:aws:iam::123456789012:role/service-role/AmazonGrafanaServiceRole-12example.

" + "tags":{ + "shape":"TagMap", + "documentation":"

(Optional) The list of tag keys and values associated with the scraper.

" + }, + "statusReason":{ + "shape":"StatusReason", + "documentation":"

If there is a failure, the reason for the failure.

" }, "scrapeConfiguration":{ "shape":"ScrapeConfiguration", "documentation":"

The configuration in use by the scraper.

" }, - "scraperId":{ - "shape":"ScraperId", - "documentation":"

The ID of the scraper. For example, s-example1-1234-abcd-5678-ef9012abcd34.

" - }, "source":{ "shape":"Source", "documentation":"

The Amazon EKS cluster from which the scraper collects metrics.

" }, - "status":{ - "shape":"ScraperStatus", - "documentation":"

A structure that contains the current status of the scraper.

" - }, - "statusReason":{ - "shape":"StatusReason", - "documentation":"

If there is a failure, the reason for the failure.

" + "destination":{ + "shape":"Destination", + "documentation":"

The Amazon Managed Service for Prometheus workspace the scraper sends metrics to.

" }, - "tags":{ - "shape":"TagMap", - "documentation":"

(Optional) The list of tag keys and values associated with the scraper.

" + "roleConfiguration":{ + "shape":"RoleConfiguration", + "documentation":"

This structure displays information about the IAM roles used for cross-account scraping configuration.

" } }, "documentation":"

The ScraperDescription structure contains the full details about one scraper in your account.

" @@ -1851,7 +3193,44 @@ "documentation":"

A scraper ID.

", "max":64, "min":1, - "pattern":"^[0-9A-Za-z][-.0-9A-Z_a-z]*$" + "pattern":"[0-9A-Za-z][-.0-9A-Z_a-z]*" + }, + "ScraperLoggingConfigurationStatus":{ + "type":"structure", + "required":["statusCode"], + "members":{ + "statusCode":{ + "shape":"ScraperLoggingConfigurationStatusCode", + "documentation":"

The status code of the scraper logging configuration.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

The reason for the current status of the scraper logging configuration.

" + } + }, + "documentation":"

The status of a scraper logging configuration.

" + }, + "ScraperLoggingConfigurationStatusCode":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "CREATION_FAILED", + "UPDATE_FAILED" + ] + }, + "ScraperLoggingDestination":{ + "type":"structure", + "members":{ + "cloudWatchLogs":{ + "shape":"CloudWatchLogDestination", + "documentation":"

The CloudWatch Logs configuration for the scraper logging destination.

" + } + }, + "documentation":"

The destination where scraper logs are sent.

", + "union":true }, "ScraperStatus":{ "type":"structure", @@ -1880,59 +3259,63 @@ "ScraperSummary":{ "type":"structure", "required":[ + "scraperId", "arn", + "roleArn", + "status", "createdAt", - "destination", "lastModifiedAt", - "roleArn", - "scraperId", "source", - "status" + "destination" ], "members":{ "alias":{ "shape":"ScraperAlias", "documentation":"

(Optional) A name associated with the scraper.

" }, + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper.

" + }, "arn":{ "shape":"ScraperArn", "documentation":"

The Amazon Resource Name (ARN) of the scraper.

" }, + "roleArn":{ + "shape":"IamRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the scraper to discover and collect metrics on your behalf.

" + }, + "status":{ + "shape":"ScraperStatus", + "documentation":"

A structure that contains the current status of the scraper.

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The date and time that the scraper was created.

" }, - "destination":{ - "shape":"Destination", - "documentation":"

The Amazon Managed Service for Prometheus workspace the scraper sends metrics to.

" - }, "lastModifiedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the scraper was last modified.

" }, - "roleArn":{ - "shape":"IamRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the scraper to discover and collect metrics on your behalf.

" + "tags":{ + "shape":"TagMap", + "documentation":"

(Optional) The list of tag keys and values associated with the scraper.

" }, - "scraperId":{ - "shape":"ScraperId", - "documentation":"

The ID of the scraper.

" + "statusReason":{ + "shape":"StatusReason", + "documentation":"

If there is a failure, the reason for the failure.

" }, "source":{ "shape":"Source", "documentation":"

The Amazon EKS cluster from which the scraper collects metrics.

" }, - "status":{ - "shape":"ScraperStatus", - "documentation":"

A structure that contains the current status of the scraper.

" - }, - "statusReason":{ - "shape":"StatusReason", - "documentation":"

If there is a failure, the reason for the failure.

" + "destination":{ + "shape":"Destination", + "documentation":"

The Amazon Managed Service for Prometheus workspace the scraper sends metrics to.

" }, - "tags":{ - "shape":"TagMap", - "documentation":"

(Optional) The list of tag keys and values associated with the scraper.

" + "roleConfiguration":{ + "shape":"RoleConfiguration", + "documentation":"

This structure displays information about the IAM roles used for cross-account scraping configuration.

" } }, "documentation":"

The ScraperSummary structure contains a summary of the details about one scraper in your account.

" @@ -1947,7 +3330,7 @@ "documentation":"

ID of a VPC security group.

", "max":255, "min":0, - "pattern":"^sg-[0-9a-z]+$" + "pattern":"sg-[0-9a-z]+" }, "SecurityGroupIds":{ "type":"list", @@ -1960,20 +3343,16 @@ "type":"structure", "required":[ "message", - "quotaCode", "resourceId", "resourceType", - "serviceCode" + "serviceCode", + "quotaCode" ], "members":{ "message":{ "shape":"String", "documentation":"

Description of the error.

" }, - "quotaCode":{ - "shape":"String", - "documentation":"

Service quotas code of the originating quota.

" - }, "resourceId":{ "shape":"String", "documentation":"

Identifier of the resource affected.

" @@ -1985,6 +3364,10 @@ "serviceCode":{ "shape":"String", "documentation":"

Service quotas code for the originating service.

" + }, + "quotaCode":{ + "shape":"String", + "documentation":"

Service quotas code of the originating quota.

" } }, "documentation":"

Completing the request would cause a service quota to be exceeded.

", @@ -2000,6 +3383,10 @@ "eksConfiguration":{ "shape":"EksConfiguration", "documentation":"

The Amazon EKS cluster from which a scraper collects metrics.

" + }, + "vpcConfiguration":{ + "shape":"VpcConfiguration", + "documentation":"

The Amazon VPC configuration for the Prometheus collector when connecting to Amazon MSK clusters. This configuration enables secure, private network connectivity between the collector and your Amazon MSK cluster within your Amazon VPC.

" } }, "documentation":"

The source of collected metrics for a scraper.

", @@ -2012,12 +3399,17 @@ "min":1 }, "String":{"type":"string"}, + "StringMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, "SubnetId":{ "type":"string", "documentation":"

ID of a VPC subnet.

", "max":255, "min":0, - "pattern":"^subnet-[0-9a-z]+$" + "pattern":"subnet-[0-9a-z]+" }, "SubnetIds":{ "type":"list", @@ -2030,7 +3422,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TagKeys":{ "type":"list", @@ -2071,14 +3463,13 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "ThrottlingException":{ "type":"structure", @@ -2088,6 +3479,10 @@ "shape":"String", "documentation":"

Description of the error.

" }, + "serviceCode":{ + "shape":"String", + "documentation":"

Service quotas code for the originating service.

" + }, "quotaCode":{ "shape":"String", "documentation":"

Service quotas code for the originating quota.

" @@ -2097,10 +3492,6 @@ "documentation":"

Advice to clients on when the call can be safely retried.

", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"String", - "documentation":"

Service quotas code for the originating service.

" } }, "documentation":"

The request was denied due to request throttling.

", @@ -2135,30 +3526,29 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLoggingConfigurationRequest":{ "type":"structure", "required":[ - "logGroupArn", - "workspaceId" + "workspaceId", + "logGroupArn" ], "members":{ - "clientToken":{ - "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", - "idempotencyToken":true - }, - "logGroupArn":{ - "shape":"LogGroupArn", - "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published.

" - }, "workspaceId":{ "shape":"WorkspaceId", "documentation":"

The ID of the workspace to update the logging configuration for.

", "location":"uri", "locationName":"workspaceId" + }, + "logGroupArn":{ + "shape":"LogGroupArn", + "documentation":"

The ARN of the CloudWatch log group to which the vended log data will be published.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } }, "documentation":"

Represents the input of an UpdateLoggingConfiguration operation.

" @@ -2174,51 +3564,122 @@ }, "documentation":"

Represents the output of an UpdateLoggingConfiguration operation.

" }, + "UpdateQueryLoggingConfigurationRequest":{ + "type":"structure", + "required":[ + "workspaceId", + "destinations" + ], + "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace for which to update the query logging configuration.

", + "location":"uri", + "locationName":"workspaceId" + }, + "destinations":{ + "shape":"LoggingDestinations", + "documentation":"

The destinations where query logs will be sent. Only CloudWatch Logs destination is supported. The list must contain exactly one element.

" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

(Optional) A unique, case-sensitive identifier that you can provide to ensure the idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "UpdateQueryLoggingConfigurationResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"QueryLoggingConfigurationStatus", + "documentation":"

The current status of the query logging configuration.

" + } + } + }, + "UpdateScraperLoggingConfigurationRequest":{ + "type":"structure", + "required":[ + "scraperId", + "loggingDestination" + ], + "members":{ + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper whose logging configuration will be updated.

", + "location":"uri", + "locationName":"scraperId" + }, + "loggingDestination":{ + "shape":"ScraperLoggingDestination", + "documentation":"

The destination where scraper logs will be sent.

" + }, + "scraperComponents":{ + "shape":"ScraperComponents", + "documentation":"

The list of scraper components to configure for logging.

" + } + } + }, + "UpdateScraperLoggingConfigurationResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"ScraperLoggingConfigurationStatus", + "documentation":"

The status of the updated scraper logging configuration.

" + } + } + }, "UpdateScraperRequest":{ "type":"structure", "required":["scraperId"], "members":{ + "scraperId":{ + "shape":"ScraperId", + "documentation":"

The ID of the scraper to update.

", + "location":"uri", + "locationName":"scraperId" + }, "alias":{ "shape":"ScraperAlias", "documentation":"

The new alias of the scraper.

" }, - "clientToken":{ - "shape":"IdempotencyToken", - "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", - "idempotencyToken":true + "scrapeConfiguration":{ + "shape":"ScrapeConfiguration", + "documentation":"

Contains the base-64 encoded YAML configuration for the scraper.

For more information about configuring a scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.

" }, "destination":{ "shape":"Destination", "documentation":"

The new Amazon Managed Service for Prometheus workspace to send metrics to.

" }, - "scrapeConfiguration":{ - "shape":"ScrapeConfiguration", - "documentation":"

Contains the base-64 encoded YAML configuration for the scraper.

For more information about configuring a scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.

" + "roleConfiguration":{ + "shape":"RoleConfiguration", + "documentation":"

Use this structure to enable cross-account access, so that you can use a target account to access Prometheus metrics from source accounts.

" }, - "scraperId":{ - "shape":"ScraperId", - "documentation":"

The ID of the scraper to update.

", - "location":"uri", - "locationName":"scraperId" + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", + "idempotencyToken":true } } }, "UpdateScraperResponse":{ "type":"structure", "required":[ - "arn", "scraperId", + "arn", "status" ], "members":{ - "arn":{ - "shape":"ScraperArn", - "documentation":"

The Amazon Resource Name (ARN) of the updated scraper.

" - }, "scraperId":{ "shape":"ScraperId", "documentation":"

The ID of the updated scraper.

" }, + "arn":{ + "shape":"ScraperArn", + "documentation":"

The Amazon Resource Name (ARN) of the updated scraper.

" + }, "status":{ "shape":"ScraperStatus", "documentation":"

A structure that displays the current status of the scraper.

" @@ -2233,6 +3694,12 @@ "type":"structure", "required":["workspaceId"], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The ID of the workspace to update.

", + "location":"uri", + "locationName":"workspaceId" + }, "alias":{ "shape":"WorkspaceAlias", "documentation":"

The new alias for the workspace. It does not need to be unique.

Amazon Managed Service for Prometheus will automatically strip any blank spaces from the beginning and end of the alias that you specify.

" @@ -2241,15 +3708,49 @@ "shape":"IdempotencyToken", "documentation":"

A unique identifier that you can provide to ensure the idempotency of the request. Case-sensitive.

", "idempotencyToken":true - }, + } + }, + "documentation":"

Represents the input of an UpdateWorkspaceAlias operation.

" + }, + "UpdateWorkspaceConfigurationRequest":{ + "type":"structure", + "required":["workspaceId"], + "members":{ "workspaceId":{ "shape":"WorkspaceId", - "documentation":"

The ID of the workspace to update.

", + "documentation":"

The ID of the workspace that you want to update. To find the IDs of your workspaces, use the ListWorkspaces operation.

", "location":"uri", "locationName":"workspaceId" + }, + "clientToken":{ + "shape":"IdempotencyToken", + "documentation":"

You can include a token in your operation to make it an idempotent opeartion.

", + "idempotencyToken":true + }, + "limitsPerLabelSet":{ + "shape":"LimitsPerLabelSetList", + "documentation":"

This is an array of structures, where each structure defines a label set for the workspace, and defines the active time series limit for each of those label sets. Each label name in a label set must be unique.

" + }, + "retentionPeriodInDays":{ + "shape":"UpdateWorkspaceConfigurationRequestRetentionPeriodInDaysInteger", + "documentation":"

Specifies how many days that metrics will be retained in the workspace.

" } - }, - "documentation":"

Represents the input of an UpdateWorkspaceAlias operation.

" + } + }, + "UpdateWorkspaceConfigurationRequestRetentionPeriodInDaysInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "UpdateWorkspaceConfigurationResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"WorkspaceConfigurationStatus", + "documentation":"

The status of the workspace configuration.

" + } + } }, "Uri":{ "type":"string", @@ -2263,10 +3764,6 @@ "reason" ], "members":{ - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

The field that caused the error, if applicable.

" - }, "message":{ "shape":"String", "documentation":"

Description of the error.

" @@ -2274,6 +3771,10 @@ "reason":{ "shape":"ValidationExceptionReason", "documentation":"

Reason the request failed validation.

" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

The field that caused the error, if applicable.

" } }, "documentation":"

The input fails to satisfy the constraints specified by an Amazon Web Services service.

", @@ -2286,17 +3787,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

A message describing why the field caused an exception.

" - }, "name":{ "shape":"String", "documentation":"

The name of the field that caused an exception.

" + }, + "message":{ + "shape":"String", + "documentation":"

A message describing why the field caused an exception.

" } }, "documentation":"

Information about a field passed into a request that resulted in an exception.

" @@ -2316,6 +3817,24 @@ "OTHER" ] }, + "VpcConfiguration":{ + "type":"structure", + "required":[ + "securityGroupIds", + "subnetIds" + ], + "members":{ + "securityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

The security group IDs that control network access for the Prometheus collector. These security groups must allow the collector to communicate with your Amazon MSK cluster on the required ports.

" + }, + "subnetIds":{ + "shape":"SubnetIds", + "documentation":"

The subnet IDs where the Prometheus collector will be deployed. The subnets must be in the same Amazon VPC as your Amazon MSK cluster and have network connectivity to the cluster.

" + } + }, + "documentation":"

The Amazon VPC configuration that specifies the network settings for a Prometheus collector to securely connect to Amazon MSK clusters. This configuration includes the security groups and subnets that control network access and placement for the collector.

" + }, "WorkspaceAlias":{ "type":"string", "documentation":"

A user-assigned workspace alias.

", @@ -2325,17 +3844,68 @@ "WorkspaceArn":{ "type":"string", "documentation":"

An ARN identifying a Workspace.

", - "pattern":"^arn:aws[-a-z]*:aps:[-a-z0-9]+:[0-9]{12}:workspace/.+$" + "pattern":"arn:aws[-a-z]*:aps:[-a-z0-9]+:[0-9]{12}:workspace/.+" + }, + "WorkspaceConfigurationDescription":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"WorkspaceConfigurationStatus", + "documentation":"

This structure displays the current status of the workspace configuration, and might also contain a reason for that status.

" + }, + "limitsPerLabelSet":{ + "shape":"LimitsPerLabelSetList", + "documentation":"

This is an array of structures, where each structure displays one label sets for the workspace and the limits for that label set.

" + }, + "retentionPeriodInDays":{ + "shape":"WorkspaceConfigurationDescriptionRetentionPeriodInDaysInteger", + "documentation":"

This field displays how many days that metrics are retained in the workspace.

" + } + }, + "documentation":"

This structure contains the description of the workspace configuration.

" + }, + "WorkspaceConfigurationDescriptionRetentionPeriodInDaysInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "WorkspaceConfigurationStatus":{ + "type":"structure", + "required":["statusCode"], + "members":{ + "statusCode":{ + "shape":"WorkspaceConfigurationStatusCode", + "documentation":"

The current status of the workspace configuration.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

The reason for the current status, if a reason is available.

" + } + }, + "documentation":"

This structure displays the current status of the workspace configuration, and might also contain a reason for that status.

" + }, + "WorkspaceConfigurationStatusCode":{ + "type":"string", + "enum":[ + "ACTIVE", + "UPDATING", + "UPDATE_FAILED" + ] }, "WorkspaceDescription":{ "type":"structure", "required":[ + "workspaceId", "arn", - "createdAt", "status", - "workspaceId" + "createdAt" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The unique ID for the workspace. For example, ws-example1-1234-abcd-5678-ef90abcd1234.

" + }, "alias":{ "shape":"WorkspaceAlias", "documentation":"

The alias that is assigned to this workspace to help identify it. It does not need to be unique.

" @@ -2344,29 +3914,25 @@ "shape":"WorkspaceArn", "documentation":"

The ARN of the workspace. For example, arn:aws:aps:<region>:123456789012:workspace/ws-example1-1234-abcd-5678-ef90abcd1234.

" }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the workspace was created.

" - }, - "kmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" + "status":{ + "shape":"WorkspaceStatus", + "documentation":"

The current status of the workspace.

" }, "prometheusEndpoint":{ "shape":"Uri", "documentation":"

The Prometheus endpoint available for this workspace. For example, https://aps-workspaces.<region>.amazonaws.com/workspaces/ws-example1-1234-abcd-5678-ef90abcd1234/api/v1/.

" }, - "status":{ - "shape":"WorkspaceStatus", - "documentation":"

The current status of the workspace.

" + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the workspace was created.

" }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values that are associated with the workspace.

" }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The unique ID for the workspace. For example, ws-example1-1234-abcd-5678-ef90abcd1234.

" + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" } }, "documentation":"

The full details about one Amazon Managed Service for Prometheus workspace in your account.

" @@ -2376,7 +3942,16 @@ "documentation":"

A workspace ID.

", "max":64, "min":1, - "pattern":"[0-9A-Za-z][-.0-9A-Z_a-z]*" + "pattern":".*[0-9A-Za-z][-.0-9A-Z_a-z]*.*" + }, + "WorkspacePolicyStatusCode":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING" + ] }, "WorkspaceStatus":{ "type":"structure", @@ -2403,12 +3978,16 @@ "WorkspaceSummary":{ "type":"structure", "required":[ + "workspaceId", "arn", - "createdAt", "status", - "workspaceId" + "createdAt" ], "members":{ + "workspaceId":{ + "shape":"WorkspaceId", + "documentation":"

The unique ID for the workspace.

" + }, "alias":{ "shape":"WorkspaceAlias", "documentation":"

The alias that is assigned to this workspace to help identify it. It does not need to be unique.

" @@ -2417,25 +3996,21 @@ "shape":"WorkspaceArn", "documentation":"

The ARN of the workspace.

" }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The date and time that the workspace was created.

" - }, - "kmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" - }, "status":{ "shape":"WorkspaceStatus", "documentation":"

The current status of the workspace.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the workspace was created.

" + }, "tags":{ "shape":"TagMap", "documentation":"

The list of tag keys and values that are associated with the workspace.

" }, - "workspaceId":{ - "shape":"WorkspaceId", - "documentation":"

The unique ID for the workspace.

" + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

(optional) If the workspace was created with a customer managed KMS key, the ARN for the key used.

" } }, "documentation":"

The information about one Amazon Managed Service for Prometheus workspace in your account.

" diff -pruN 2.23.6-1/awscli/botocore/data/amp/2020-08-01/waiters-2.json 2.31.35-1/awscli/botocore/data/amp/2020-08-01/waiters-2.json --- 2.23.6-1/awscli/botocore/data/amp/2020-08-01/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amp/2020-08-01/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,44 @@ { "version" : 2, "waiters" : { + "AnomalyDetectorActive" : { + "description" : "Wait until the anomaly detector reaches ACTIVE status", + "delay" : 2, + "maxAttempts" : 60, + "operation" : "DescribeAnomalyDetector", + "acceptors" : [ { + "matcher" : "path", + "argument" : "anomalyDetector.status.statusCode", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "anomalyDetector.status.statusCode", + "state" : "retry", + "expected" : "CREATING" + }, { + "matcher" : "path", + "argument" : "anomalyDetector.status.statusCode", + "state" : "retry", + "expected" : "UPDATING" + } ] + }, + "AnomalyDetectorDeleted" : { + "description" : "Wait until the anomaly detector reaches DELETED status", + "delay" : 2, + "maxAttempts" : 60, + "operation" : "DescribeAnomalyDetector", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + }, { + "matcher" : "path", + "argument" : "anomalyDetector.status.statusCode", + "state" : "retry", + "expected" : "DELETING" + } ] + }, "ScraperActive" : { "description" : "Wait until a scraper reaches ACTIVE status", "delay" : 2, diff -pruN 2.23.6-1/awscli/botocore/data/amplify/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/amplify/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/amplify/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amplify/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/amplify/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/amplify/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/amplify/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amplify/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -381,7 +381,7 @@ {"shape":"InternalFailureException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Returns a list of artifacts for a specified app, branch, and job.

" + "documentation":"

Returns a list of end-to-end testing artifacts for a specified app, branch, and job.

To return the build artifacts, use the GetJob API.

For more information about Amplify testing support, see Setting up end-to-end Cypress tests for your Amplify application in the Amplify Hosting User Guide.

" }, "ListBackendEnvironments":{ "name":"ListBackendEnvironments", @@ -689,9 +689,13 @@ "shape":"UpdateTime", "documentation":"

A timestamp of when Amplify updated the application.

" }, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role for an SSR app. The Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" + }, "iamServiceRoleArn":{ "shape":"ServiceRoleArn", - "documentation":"

The AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) of the Amplify app.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM service role for the Amplify app.

" }, "environmentVariables":{ "shape":"EnvironmentVariables", @@ -760,6 +764,10 @@ "wafConfiguration":{ "shape":"WafConfiguration", "documentation":"

Describes the Firewall configuration for the Amplify app. Firewall support enables you to protect your hosted applications with a direct integration with WAF.

" + }, + "jobConfig":{ + "shape":"JobConfig", + "documentation":"

The configuration details that apply to the jobs for an Amplify app.

" } }, "documentation":"

Represents the different branches of a repository for building, deploying, and hosting an Amplify app.

" @@ -1034,6 +1042,10 @@ "shape":"EnableAutoBuild", "documentation":"

Enables auto-building on push for a branch of an Amplify app.

" }, + "enableSkewProtection":{ + "shape":"EnableSkewProtection", + "documentation":"

Specifies whether the skew protection feature is enabled for the branch.

Deployment skew protection is available to Amplify applications to eliminate version skew issues between client and servers in web applications. When you apply skew protection to a branch, you can ensure that your clients always interact with the correct version of server-side assets, regardless of when a deployment occurs. For more information about skew protection, see Skew protection for Amplify deployments in the Amplify User Guide.

" + }, "customDomains":{ "shape":"CustomDomains", "documentation":"

The custom domains for a branch of an Amplify app.

" @@ -1098,7 +1110,11 @@ "shape":"BackendEnvironmentArn", "documentation":"

The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.

This property is available to Amplify Gen 1 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.

" }, - "backend":{"shape":"Backend"} + "backend":{"shape":"Backend"}, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role for a branch of an SSR app. The Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" + } }, "documentation":"

The branch for an Amplify app, which maps to a third-party repository branch.

" }, @@ -1118,6 +1134,14 @@ "member":{"shape":"Branch"}, "max":255 }, + "BuildComputeType":{ + "type":"string", + "enum":[ + "STANDARD_8GB", + "LARGE_16GB", + "XLARGE_72GB" + ] + }, "BuildSpec":{ "type":"string", "documentation":"

The build specification (build spec) file for an Amplify app build.

", @@ -1132,7 +1156,7 @@ "members":{ "type":{ "shape":"CacheConfigType", - "documentation":"

The type of cache configuration to use for an Amplify app.

The AMPLIFY_MANAGED cache configuration automatically applies an optimized cache configuration for your app based on its platform, routing rules, and rewrite rules. This is the default setting.

The AMPLIFY_MANAGED_NO_COOKIES cache configuration type is the same as AMPLIFY_MANAGED, except that it excludes all cookies from the cache key.

" + "documentation":"

The type of cache configuration to use for an Amplify app.

The AMPLIFY_MANAGED cache configuration automatically applies an optimized cache configuration for your app based on its platform, routing rules, and rewrite rules.

The AMPLIFY_MANAGED_NO_COOKIES cache configuration type is the same as AMPLIFY_MANAGED, except that it excludes all cookies from the cache key. This is the default setting.

" } }, "documentation":"

Describes the cache configuration for an Amplify app.

For more information about how Amplify applies an optimal cache configuration for your app based on the type of content that is being served, see Managing cache configuration in the Amplify User guide.

" @@ -1207,6 +1231,12 @@ "pattern":"(?s).*" }, "CommitTime":{"type":"timestamp"}, + "ComputeRoleArn":{ + "type":"string", + "max":1000, + "min":0, + "pattern":"(?s).*" + }, "Condition":{ "type":"string", "max":2048, @@ -1234,9 +1264,13 @@ "shape":"Platform", "documentation":"

The platform for the Amplify app. For a static app, set the platform type to WEB. For a dynamic server-side rendered (SSR) app, set the platform type to WEB_COMPUTE. For an app requiring Amplify Hosting's original SSR support only, set the platform type to WEB_DYNAMIC.

If you are deploying an SSG only app with Next.js version 14 or later, you must set the platform type to WEB_COMPUTE and set the artifacts baseDirectory to .next in the application's build settings. For an example of the build specification settings, see Amplify build settings for a Next.js 14 SSG application in the Amplify Hosting User Guide.

" }, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to assign to an SSR app. The SSR Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" + }, "iamServiceRoleArn":{ "shape":"ServiceRoleArn", - "documentation":"

The AWS Identity and Access Management (IAM) service role for an Amplify app.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM service role for the Amplify app.

" }, "oauthToken":{ "shape":"OauthToken", @@ -1294,6 +1328,10 @@ "shape":"AutoBranchCreationConfig", "documentation":"

The automated branch creation configuration for an Amplify app.

" }, + "jobConfig":{ + "shape":"JobConfig", + "documentation":"

Describes the configuration details that apply to the jobs for an Amplify app.

" + }, "cacheConfig":{ "shape":"CacheConfig", "documentation":"

The cache configuration for the Amplify app.

" @@ -1384,6 +1422,10 @@ "shape":"EnableAutoBuild", "documentation":"

Enables auto building for the branch.

" }, + "enableSkewProtection":{ + "shape":"EnableSkewProtection", + "documentation":"

Specifies whether the skew protection feature is enabled for the branch.

Deployment skew protection is available to Amplify applications to eliminate version skew issues between client and servers in web applications. When you apply skew protection to a branch, you can ensure that your clients always interact with the correct version of server-side assets, regardless of when a deployment occurs. For more information about skew protection, see Skew protection for Amplify deployments in the Amplify User Guide.

" + }, "environmentVariables":{ "shape":"EnvironmentVariables", "documentation":"

The environment variables for the branch.

" @@ -1431,6 +1473,10 @@ "backend":{ "shape":"Backend", "documentation":"

The backend for a Branch of an Amplify app. Use for a backend created from an CloudFormation stack.

This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.

" + }, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to assign to a branch of an SSR app. The SSR Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" } }, "documentation":"

The request structure for the create branch request.

" @@ -1939,6 +1985,7 @@ "EnableNotification":{"type":"boolean"}, "EnablePerformanceMode":{"type":"boolean"}, "EnablePullRequestPreview":{"type":"boolean"}, + "EnableSkewProtection":{"type":"boolean"}, "EndTime":{"type":"timestamp"}, "EnvKey":{ "type":"string", @@ -2261,6 +2308,17 @@ "type":"string", "max":1000 }, + "JobConfig":{ + "type":"structure", + "required":["buildComputeType"], + "members":{ + "buildComputeType":{ + "shape":"BuildComputeType", + "documentation":"

Specifies the size of the build instance. Amplify supports three instance sizes: STANDARD_8GB, LARGE_16GB, and XLARGE_72GB. If you don't specify a value, Amplify uses the STANDARD_8GB default.

The following list describes the CPU, memory, and storage capacity for each build instance type:

STANDARD_8GB

  • vCPUs: 4

  • Memory: 8 GiB

  • Disk space: 128 GB

LARGE_16GB

  • vCPUs: 8

  • Memory: 16 GiB

  • Disk space: 128 GB

XLARGE_72GB

  • vCPUs: 36

  • Memory: 72 GiB

  • Disk space: 256 GB

" + } + }, + "documentation":"

Describes the configuration details that apply to the jobs for an Amplify app.

Use JobConfig to apply configuration to jobs, such as customizing the build instance size when you create or update an Amplify app. For more information about customizable build instances, see Custom build instances in the Amplify User Guide.

" + }, "JobId":{ "type":"string", "max":255, @@ -3004,7 +3062,7 @@ }, "artifactsUrl":{ "shape":"ArtifactsUrl", - "documentation":"

The URL to the artifact for the execution step.

" + "documentation":"

The URL to the build artifact for the execution step.

" }, "testArtifactsUrl":{ "shape":"TestArtifactsUrl", @@ -3176,8 +3234,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response for the tag resource request.

" }, "TagValue":{ @@ -3245,8 +3302,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response for the untag resource request.

" }, "UpdateAppRequest":{ @@ -3271,9 +3327,13 @@ "shape":"Platform", "documentation":"

The platform for the Amplify app. For a static app, set the platform type to WEB. For a dynamic server-side rendered (SSR) app, set the platform type to WEB_COMPUTE. For an app requiring Amplify Hosting's original SSR support only, set the platform type to WEB_DYNAMIC.

If you are deploying an SSG only app with Next.js version 14 or later, you must set the platform type to WEB_COMPUTE.

" }, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to assign to an SSR app. The SSR Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" + }, "iamServiceRoleArn":{ "shape":"ServiceRoleArn", - "documentation":"

The AWS Identity and Access Management (IAM) service role for an Amplify app.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM service role for the Amplify app.

" }, "environmentVariables":{ "shape":"EnvironmentVariables", @@ -3331,6 +3391,10 @@ "shape":"AccessToken", "documentation":"

The personal access token for a GitHub repository for an Amplify app. The personal access token is used to authorize access to a GitHub repository using the Amplify GitHub App. The token is not stored.

Use accessToken for GitHub repositories only. To authorize access to a repository provider such as Bitbucket or CodeCommit, use oauthToken.

You must specify either accessToken or oauthToken when you update an app.

Existing Amplify apps deployed from a GitHub repository using OAuth continue to work with CI/CD. However, we strongly recommend that you migrate these apps to use the GitHub App. For more information, see Migrating an existing OAuth app to the Amplify GitHub App in the Amplify User Guide .

" }, + "jobConfig":{ + "shape":"JobConfig", + "documentation":"

Describes the configuration details that apply to the jobs for an Amplify app.

" + }, "cacheConfig":{ "shape":"CacheConfig", "documentation":"

The cache configuration for the Amplify app.

" @@ -3388,6 +3452,10 @@ "shape":"EnableAutoBuild", "documentation":"

Enables auto building for the branch.

" }, + "enableSkewProtection":{ + "shape":"EnableSkewProtection", + "documentation":"

Specifies whether the skew protection feature is enabled for the branch.

Deployment skew protection is available to Amplify applications to eliminate version skew issues between client and servers in web applications. When you apply skew protection to a branch, you can ensure that your clients always interact with the correct version of server-side assets, regardless of when a deployment occurs. For more information about skew protection, see Skew protection for Amplify deployments in the Amplify User Guide.

" + }, "environmentVariables":{ "shape":"EnvironmentVariables", "documentation":"

The environment variables for the branch.

" @@ -3431,6 +3499,10 @@ "backend":{ "shape":"Backend", "documentation":"

The backend for a Branch of an Amplify app. Use for a backend created from an CloudFormation stack.

This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.

" + }, + "computeRoleArn":{ + "shape":"ComputeRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to assign to a branch of an SSR app. The SSR Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

" } }, "documentation":"

The request structure for the update branch request.

" @@ -3607,6 +3679,10 @@ "shape":"WebhookUrl", "documentation":"

The URL of the webhook.

" }, + "appId":{ + "shape":"AppId", + "documentation":"

The unique ID of an Amplify app.

" + }, "branchName":{ "shape":"BranchName", "documentation":"

The name for a branch that is part of an Amplify app.

" diff -pruN 2.23.6-1/awscli/botocore/data/amplifybackend/2020-08-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/amplifybackend/2020-08-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/amplifybackend/2020-08-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amplifybackend/2020-08-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/amplifyuibuilder/2021-08-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/amplifyuibuilder/2021-08-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/amplifyuibuilder/2021-08-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/amplifyuibuilder/2021-08-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/apigateway/2015-07-09/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/apigateway/2015-07-09/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/apigateway/2015-07-09/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigateway/2015-07-09/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/apigateway/2015-07-09/service-2.json 2.31.35-1/awscli/botocore/data/apigateway/2015-07-09/service-2.json --- 2.23.6-1/awscli/botocore/data/apigateway/2015-07-09/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigateway/2015-07-09/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2807,7 +2807,7 @@ }, "endpointConfiguration":{ "shape":"EndpointConfiguration", - "documentation":"

The endpoint configuration of this DomainName showing the endpoint types of the domain name.

" + "documentation":"

The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

" }, "tags":{ "shape":"MapOfStringToString", @@ -2825,6 +2825,10 @@ "policy":{ "shape":"String", "documentation":"

A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

" + }, + "routingMode":{ + "shape":"RoutingMode", + "documentation":"

The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

" } }, "documentation":"

A request to create a new domain name.

" @@ -2948,7 +2952,7 @@ }, "endpointConfiguration":{ "shape":"EndpointConfiguration", - "documentation":"

The endpoint configuration of this RestApi showing the endpoint types of the API.

" + "documentation":"

The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

" }, "policy":{ "shape":"String", @@ -3765,7 +3769,7 @@ }, "domainNameArn":{ "shape":"String", - "documentation":"

The ARN of the domain name. Supported only for private custom domain names.

" + "documentation":"

The ARN of the domain name.

" }, "certificateName":{ "shape":"String", @@ -3805,7 +3809,7 @@ }, "endpointConfiguration":{ "shape":"EndpointConfiguration", - "documentation":"

The endpoint configuration of this DomainName showing the endpoint types of the domain name.

" + "documentation":"

The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

" }, "domainNameStatus":{ "shape":"DomainNameStatus", @@ -3838,6 +3842,10 @@ "policy":{ "shape":"String", "documentation":"

A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

" + }, + "routingMode":{ + "shape":"RoutingMode", + "documentation":"

The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

" } }, "documentation":"

Represents a custom domain name as a user-friendly host name of an API (RestApi).

" @@ -3909,12 +3917,16 @@ "shape":"ListOfEndpointType", "documentation":"

A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is \"EDGE\". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

" }, + "ipAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

" + }, "vpcEndpointIds":{ "shape":"ListOfString", "documentation":"

A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

" } }, - "documentation":"

The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has.

" + "documentation":"

The endpoint configuration to indicate the types of endpoints an API (RestApi) or its custom domain name (DomainName) has and the IP address types that can invoke it.

" }, "EndpointType":{ "type":"string", @@ -4072,8 +4084,7 @@ }, "GetAccountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Requests API Gateway to get information about the current Account resource.

" }, "GetApiKeyRequest":{ @@ -5362,7 +5373,7 @@ }, "timeoutInMillis":{ "shape":"Integer", - "documentation":"

Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds.

" + "documentation":"

Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds. You can increase the default value to longer than 29 seconds for Regional or private APIs only.

" }, "cacheNamespace":{ "shape":"String", @@ -5420,6 +5431,13 @@ "AWS_PROXY" ] }, + "IpAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "dualstack" + ] + }, "LimitExceededException":{ "type":"structure", "members":{ @@ -5965,7 +5983,7 @@ }, "timeoutInMillis":{ "shape":"NullableInteger", - "documentation":"

Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds.

" + "documentation":"

Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds. You can increase the default value to longer than 29 seconds for Regional or private APIs only.

" }, "tlsConfig":{"shape":"TlsConfig"} }, @@ -6341,7 +6359,7 @@ }, "endpointConfiguration":{ "shape":"EndpointConfiguration", - "documentation":"

The endpoint configuration of this RestApi showing the endpoint types of the API.

" + "documentation":"

The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

" }, "policy":{ "shape":"String", @@ -6374,6 +6392,14 @@ }, "documentation":"

Contains references to your APIs and links that guide you in how to interact with your collection. A collection offers a paginated view of your APIs.

" }, + "RoutingMode":{ + "type":"string", + "enum":[ + "BASE_PATH_MAPPING_ONLY", + "ROUTING_RULE_ONLY", + "ROUTING_RULE_THEN_BASE_PATH_MAPPING" + ] + }, "SdkConfigurationProperty":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/service-2.json 2.31.35-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/service-2.json --- 2.23.6-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigatewaymanagementapi/2018-11-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,217 +1,243 @@ { - "metadata" : { - "apiVersion" : "2018-11-29", - "endpointPrefix" : "execute-api", - "signingName" : "execute-api", - "serviceFullName" : "AmazonApiGatewayManagementApi", - "serviceId" : "ApiGatewayManagementApi", - "protocol" : "rest-json", - "jsonVersion" : "1.1", - "uid" : "apigatewaymanagementapi-2018-11-29", - "signatureVersion" : "v4" + "metadata": { + "apiVersion": "2018-11-29", + "endpointPrefix": "execute-api", + "signingName": "execute-api", + "serviceFullName": "AmazonApiGatewayManagementApi", + "serviceId": "ApiGatewayManagementApi", + "protocol": "rest-json", + "jsonVersion": "1.1", + "uid": "apigatewaymanagementapi-2018-11-29", + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, - "operations" : { - "DeleteConnection" : { - "name" : "DeleteConnection", - "http" : { - "method" : "DELETE", - "requestUri" : "/@connections/{connectionId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteConnectionRequest" - }, - "errors" : [ { - "shape" : "GoneException", - "documentation" : "

The connection with the provided id no longer exists.

" - }, { - "shape" : "LimitExceededException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" - }, { - "shape" : "ForbiddenException", - "documentation" : "

The caller is not authorized to invoke this operation.

" - } ], - "documentation" : "

Delete the connection with the provided id.

" - }, - "GetConnection" : { - "name" : "GetConnection", - "http" : { - "method" : "GET", - "requestUri" : "/@connections/{connectionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetConnectionRequest" - }, - "output" : { - "shape" : "GetConnectionResponse" - }, - "errors" : [ { - "shape" : "GoneException", - "documentation" : "

The connection with the provided id no longer exists.

" - }, { - "shape" : "LimitExceededException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" - }, { - "shape" : "ForbiddenException", - "documentation" : "

The caller is not authorized to invoke this operation.

" - } ], - "documentation" : "

Get information about the connection with the provided id.

" - }, - "PostToConnection" : { - "name" : "PostToConnection", - "http" : { - "method" : "POST", - "requestUri" : "/@connections/{connectionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "PostToConnectionRequest" - }, - "errors" : [ { - "shape" : "GoneException", - "documentation" : "

The connection with the provided id no longer exists.

" - }, { - "shape" : "LimitExceededException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" - }, { - "shape" : "PayloadTooLargeException", - "documentation" : "

The data has exceeded the maximum size allowed.

" - }, { - "shape" : "ForbiddenException", - "documentation" : "

The caller is not authorized to invoke this operation.

" - } ], - "documentation" : "

Sends the provided data to the specified connection.

" + "operations": { + "DeleteConnection": { + "name": "DeleteConnection", + "http": { + "method": "DELETE", + "requestUri": "/@connections/{connectionId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteConnectionRequest" + }, + "errors": [ + { + "shape": "GoneException", + "documentation": "

The connection with the provided id no longer exists.

" + }, + { + "shape": "LimitExceededException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" + }, + { + "shape": "ForbiddenException", + "documentation": "

The caller is not authorized to invoke this operation.

" + } + ], + "documentation": "

Delete the connection with the provided id.

" + }, + "GetConnection": { + "name": "GetConnection", + "http": { + "method": "GET", + "requestUri": "/@connections/{connectionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetConnectionRequest" + }, + "output": { + "shape": "GetConnectionResponse" + }, + "errors": [ + { + "shape": "GoneException", + "documentation": "

The connection with the provided id no longer exists.

" + }, + { + "shape": "LimitExceededException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" + }, + { + "shape": "ForbiddenException", + "documentation": "

The caller is not authorized to invoke this operation.

" + } + ], + "documentation": "

Get information about the connection with the provided id.

" + }, + "PostToConnection": { + "name": "PostToConnection", + "http": { + "method": "POST", + "requestUri": "/@connections/{connectionId}", + "responseCode": 200 + }, + "input": { + "shape": "PostToConnectionRequest" + }, + "errors": [ + { + "shape": "GoneException", + "documentation": "

The connection with the provided id no longer exists.

" + }, + { + "shape": "LimitExceededException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

" + }, + { + "shape": "PayloadTooLargeException", + "documentation": "

The data has exceeded the maximum size allowed.

" + }, + { + "shape": "ForbiddenException", + "documentation": "

The caller is not authorized to invoke this operation.

" + } + ], + "documentation": "

Sends the provided data to the specified connection.

" } }, - "shapes" : { - "Data" : { - "type" : "blob", - "max" : 131072, - "documentation" : "

The data to be sent to the client specified by its connection id.

" - }, - "DeleteConnectionRequest" : { - "type" : "structure", - "members" : { - "ConnectionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "connectionId" - } - }, - "required" : [ "ConnectionId" ] - }, - "ForbiddenException" : { - "type" : "structure", - "members" : { }, - "documentation" : "

The caller is not authorized to invoke this operation.

", - "exception" : true, - "error" : { - "httpStatusCode" : 403 + "shapes": { + "Data": { + "type": "blob", + "max": 131072, + "documentation": "

The data to be sent to the client specified by its connection id.

" + }, + "DeleteConnectionRequest": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "__string", + "location": "uri", + "locationName": "connectionId" + } + }, + "required": [ + "ConnectionId" + ] + }, + "ForbiddenException": { + "type": "structure", + "members": {}, + "documentation": "

The caller is not authorized to invoke this operation.

", + "exception": true, + "error": { + "httpStatusCode": 403 } }, - "GetConnectionRequest" : { - "type" : "structure", - "members" : { - "ConnectionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "connectionId" - } - }, - "required" : [ "ConnectionId" ] - }, - "GetConnectionResponse" : { - "type" : "structure", - "members" : { - "ConnectedAt" : { - "shape" : "__timestampIso8601", - "locationName" : "connectedAt", - "documentation" : "

The time in ISO 8601 format for when the connection was established.

" - }, - "Identity" : { - "shape" : "Identity", - "locationName" : "identity" - }, - "LastActiveAt" : { - "shape" : "__timestampIso8601", - "locationName" : "lastActiveAt", - "documentation" : "

The time in ISO 8601 format for when the connection was last active.

" + "GetConnectionRequest": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "__string", + "location": "uri", + "locationName": "connectionId" + } + }, + "required": [ + "ConnectionId" + ] + }, + "GetConnectionResponse": { + "type": "structure", + "members": { + "ConnectedAt": { + "shape": "__timestampIso8601", + "locationName": "connectedAt", + "documentation": "

The time in ISO 8601 format for when the connection was established.

" + }, + "Identity": { + "shape": "Identity", + "locationName": "identity" + }, + "LastActiveAt": { + "shape": "__timestampIso8601", + "locationName": "lastActiveAt", + "documentation": "

The time in ISO 8601 format for when the connection was last active.

" } } }, - "GoneException" : { - "type" : "structure", - "members" : { }, - "documentation" : "

The connection with the provided id no longer exists.

", - "exception" : true, - "error" : { - "httpStatusCode" : 410 + "GoneException": { + "type": "structure", + "members": {}, + "documentation": "

The connection with the provided id no longer exists.

", + "exception": true, + "error": { + "httpStatusCode": 410 } }, - "Identity" : { - "type" : "structure", - "members" : { - "SourceIp" : { - "shape" : "__string", - "locationName" : "sourceIp", - "documentation" : "

The source IP address of the TCP connection making the request to API Gateway.

" - }, - "UserAgent" : { - "shape" : "__string", - "locationName" : "userAgent", - "documentation" : "

The User Agent of the API caller.

" - } - }, - "required" : [ "SourceIp", "UserAgent" ] - }, - "PayloadTooLargeException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message" - } - }, - "documentation" : "

The data has exceeded the maximum size allowed.

", - "exception" : true, - "error" : { - "httpStatusCode" : 413 + "Identity": { + "type": "structure", + "members": { + "SourceIp": { + "shape": "__string", + "locationName": "sourceIp", + "documentation": "

The source IP address of the TCP connection making the request to API Gateway.

" + }, + "UserAgent": { + "shape": "__string", + "locationName": "userAgent", + "documentation": "

The User Agent of the API caller.

" + } + }, + "required": [ + "SourceIp", + "UserAgent" + ] + }, + "PayloadTooLargeException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message" + } + }, + "documentation": "

The data has exceeded the maximum size allowed.

", + "exception": true, + "error": { + "httpStatusCode": 413 } }, - "PostToConnectionRequest" : { - "type" : "structure", - "members" : { - "Data" : { - "shape" : "Data", - "documentation" : "

The data to be sent to the client specified by its connection id.

" - }, - "ConnectionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "connectionId", - "documentation" : "

The identifier of the connection that a specific client is using.

" - } - }, - "required" : [ "ConnectionId", "Data" ], - "payload" : "Data" - }, - "LimitExceededException" : { - "type" : "structure", - "members" : { }, - "documentation" : "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

", - "exception" : true, - "error" : { - "httpStatusCode" : 429 + "PostToConnectionRequest": { + "type": "structure", + "members": { + "Data": { + "shape": "Data", + "documentation": "

The data to be sent to the client specified by its connection id.

" + }, + "ConnectionId": { + "shape": "__string", + "location": "uri", + "locationName": "connectionId", + "documentation": "

The identifier of the connection that a specific client is using.

" + } + }, + "required": [ + "ConnectionId", + "Data" + ], + "payload": "Data" + }, + "LimitExceededException": { + "type": "structure", + "members": {}, + "documentation": "

The client is sending more than the allowed number of requests per unit of time or the WebSocket client side buffer is full.

", + "exception": true, + "error": { + "httpStatusCode": 429 } }, - "__string" : { - "type" : "string" + "__string": { + "type": "string" }, - "__timestampIso8601" : { - "type" : "timestamp", - "timestampFormat" : "iso8601" + "__timestampIso8601": { + "type": "timestamp", + "timestampFormat": "iso8601" } }, - "documentation" : "

The Amazon API Gateway Management API allows you to directly manage runtime aspects of your deployed APIs. To use it, you must explicitly set the SDK's endpoint to point to the endpoint of your deployed API. The endpoint will be of the form https://{api-id}.execute-api.{region}.amazonaws.com/{stage}, or will be the endpoint corresponding to your API's custom domain and base path, if applicable.

" + "documentation": "

The Amazon API Gateway Management API allows you to directly manage runtime aspects of your deployed APIs. To use it, you must explicitly set the SDK's endpoint to point to the endpoint of your deployed API. The endpoint will be of the form https://{api-id}.execute-api.{region}.amazonaws.com/{stage}, or will be the endpoint corresponding to your API's custom domain and base path, if applicable.

" } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json --- 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -59,6 +59,12 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "Items" + }, + "ListRoutingRules": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RoutingRules" } } } diff -pruN 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json --- 2.23.6-1/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,8818 +1,10182 @@ { - "metadata" : { - "apiVersion" : "2018-11-29", - "endpointPrefix" : "apigateway", - "signingName" : "apigateway", - "serviceFullName" : "AmazonApiGatewayV2", - "serviceId" : "ApiGatewayV2", - "protocol" : "rest-json", - "jsonVersion" : "1.1", - "uid" : "apigatewayv2-2018-11-29", - "signatureVersion" : "v4" + "metadata": { + "apiVersion": "2018-11-29", + "endpointPrefix": "apigateway", + "signingName": "apigateway", + "serviceFullName": "AmazonApiGatewayV2", + "serviceId": "ApiGatewayV2", + "protocol": "rest-json", + "jsonVersion": "1.1", + "uid": "apigatewayv2-2018-11-29", + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, - "operations" : { - "CreateApi" : { - "name" : "CreateApi", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateApiRequest" - }, - "output" : { - "shape" : "CreateApiResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates an Api resource.

" - }, - "CreateApiMapping" : { - "name" : "CreateApiMapping", - "http" : { - "method" : "POST", - "requestUri" : "/v2/domainnames/{domainName}/apimappings", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateApiMappingRequest" - }, - "output" : { - "shape" : "CreateApiMappingResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates an API mapping.

" - }, - "CreateAuthorizer" : { - "name" : "CreateAuthorizer", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/authorizers", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateAuthorizerRequest" - }, - "output" : { - "shape" : "CreateAuthorizerResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates an Authorizer for an API.

" - }, - "CreateDeployment" : { - "name" : "CreateDeployment", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/deployments", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateDeploymentRequest" - }, - "output" : { - "shape" : "CreateDeploymentResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a Deployment for an API.

" - }, - "CreateDomainName" : { - "name" : "CreateDomainName", - "http" : { - "method" : "POST", - "requestUri" : "/v2/domainnames", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateDomainNameRequest" - }, - "output" : { - "shape" : "CreateDomainNameResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - }, { - "shape" : "AccessDeniedException", - "documentation" : "

403 response

" - } ], - "documentation" : "

Creates a domain name.

" - }, - "CreateIntegration" : { - "name" : "CreateIntegration", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/integrations", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateIntegrationRequest" - }, - "output" : { - "shape" : "CreateIntegrationResult", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates an Integration.

" - }, - "CreateIntegrationResponse" : { - "name" : "CreateIntegrationResponse", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateIntegrationResponseRequest" - }, - "output" : { - "shape" : "CreateIntegrationResponseResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates an IntegrationResponses.

" - }, - "CreateModel" : { - "name" : "CreateModel", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/models", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateModelRequest" - }, - "output" : { - "shape" : "CreateModelResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a Model for an API.

" - }, - "CreateRoute" : { - "name" : "CreateRoute", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/routes", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateRouteRequest" - }, - "output" : { - "shape" : "CreateRouteResult", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a Route for an API.

" - }, - "CreateRouteResponse" : { - "name" : "CreateRouteResponse", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/routeresponses", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateRouteResponseRequest" - }, - "output" : { - "shape" : "CreateRouteResponseResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a RouteResponse for a Route.

" - }, - "CreateStage" : { - "name" : "CreateStage", - "http" : { - "method" : "POST", - "requestUri" : "/v2/apis/{apiId}/stages", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateStageRequest" - }, - "output" : { - "shape" : "CreateStageResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a Stage for an API.

" - }, - "CreateVpcLink" : { - "name" : "CreateVpcLink", - "http" : { - "method" : "POST", - "requestUri" : "/v2/vpclinks", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateVpcLinkRequest" - }, - "output" : { - "shape" : "CreateVpcLinkResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Creates a VPC link.

" - }, - "DeleteAccessLogSettings" : { - "name" : "DeleteAccessLogSettings", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}/accesslogsettings", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteAccessLogSettingsRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes the AccessLogSettings for a Stage. To disable access logging for a Stage, delete its AccessLogSettings.

" - }, - "DeleteApi" : { - "name" : "DeleteApi", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteApiRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes an Api resource.

" - }, - "DeleteApiMapping" : { - "name" : "DeleteApiMapping", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteApiMappingRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Deletes an API mapping.

" - }, - "DeleteAuthorizer" : { - "name" : "DeleteAuthorizer", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/authorizers/{authorizerId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteAuthorizerRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes an Authorizer.

" - }, - "DeleteCorsConfiguration" : { - "name" : "DeleteCorsConfiguration", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/cors", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteCorsConfigurationRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a CORS configuration.

" - }, - "DeleteDeployment" : { - "name" : "DeleteDeployment", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/deployments/{deploymentId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteDeploymentRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a Deployment.

" - }, - "DeleteDomainName" : { - "name" : "DeleteDomainName", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/domainnames/{domainName}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteDomainNameRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a domain name.

" - }, - "DeleteIntegration" : { - "name" : "DeleteIntegration", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteIntegrationRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes an Integration.

" - }, - "DeleteIntegrationResponse" : { - "name" : "DeleteIntegrationResponse", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteIntegrationResponseRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes an IntegrationResponses.

" - }, - "DeleteModel" : { - "name" : "DeleteModel", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/models/{modelId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteModelRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a Model.

" - }, - "DeleteRoute" : { - "name" : "DeleteRoute", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteRouteRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a Route.

" - }, - "DeleteRouteRequestParameter" : { - "name" : "DeleteRouteRequestParameter", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/requestparameters/{requestParameterKey}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteRouteRequestParameterRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a route request parameter. Supported only for WebSocket APIs.

" - }, - "DeleteRouteResponse" : { - "name" : "DeleteRouteResponse", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteRouteResponseRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a RouteResponse.

" - }, - "DeleteRouteSettings" : { - "name" : "DeleteRouteSettings", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}/routesettings/{routeKey}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteRouteSettingsRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes the RouteSettings for a stage.

" - }, - "DeleteStage" : { - "name" : "DeleteStage", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteStageRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a Stage.

" - }, - "DeleteVpcLink" : { - "name" : "DeleteVpcLink", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/vpclinks/{vpcLinkId}", - "responseCode" : 202 - }, - "input" : { - "shape" : "DeleteVpcLinkRequest" - }, - "output" : { - "shape" : "DeleteVpcLinkResponse", - "documentation" : "

202 response

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Deletes a VPC link.

" - }, - "ExportApi" : { - "name" : "ExportApi", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/exports/{specification}", - "responseCode" : 200 - }, - "input" : { - "shape" : "ExportApiRequest" - }, - "output" : { - "shape" : "ExportApiResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ] - }, - "ResetAuthorizersCache" : { - "name" : "ResetAuthorizersCache", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}/cache/authorizers", - "responseCode" : 204 - }, - "input" : { - "shape" : "ResetAuthorizersCacheRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Resets all authorizer cache entries on a stage. Supported only for HTTP APIs.

" - }, - "GetApi" : { - "name" : "GetApi", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApiRequest" - }, - "output" : { - "shape" : "GetApiResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets an Api resource.

" - }, - "GetApiMapping" : { - "name" : "GetApiMapping", - "http" : { - "method" : "GET", - "requestUri" : "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApiMappingRequest" - }, - "output" : { - "shape" : "GetApiMappingResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets an API mapping.

" - }, - "GetApiMappings" : { - "name" : "GetApiMappings", - "http" : { - "method" : "GET", - "requestUri" : "/v2/domainnames/{domainName}/apimappings", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApiMappingsRequest" - }, - "output" : { - "shape" : "GetApiMappingsResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets API mappings.

" - }, - "GetApis" : { - "name" : "GetApis", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApisRequest" - }, - "output" : { - "shape" : "GetApisResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets a collection of Api resources.

" - }, - "GetAuthorizer" : { - "name" : "GetAuthorizer", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/authorizers/{authorizerId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetAuthorizerRequest" - }, - "output" : { - "shape" : "GetAuthorizerResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets an Authorizer.

" - }, - "GetAuthorizers" : { - "name" : "GetAuthorizers", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/authorizers", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetAuthorizersRequest" - }, - "output" : { - "shape" : "GetAuthorizersResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Authorizers for an API.

" - }, - "GetDeployment" : { - "name" : "GetDeployment", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/deployments/{deploymentId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDeploymentRequest" - }, - "output" : { - "shape" : "GetDeploymentResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a Deployment.

" - }, - "GetDeployments" : { - "name" : "GetDeployments", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/deployments", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDeploymentsRequest" - }, - "output" : { - "shape" : "GetDeploymentsResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Deployments for an API.

" - }, - "GetDomainName" : { - "name" : "GetDomainName", - "http" : { - "method" : "GET", - "requestUri" : "/v2/domainnames/{domainName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDomainNameRequest" - }, - "output" : { - "shape" : "GetDomainNameResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a domain name.

" - }, - "GetDomainNames" : { - "name" : "GetDomainNames", - "http" : { - "method" : "GET", - "requestUri" : "/v2/domainnames", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDomainNamesRequest" - }, - "output" : { - "shape" : "GetDomainNamesResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the domain names for an AWS account.

" - }, - "GetIntegration" : { - "name" : "GetIntegration", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetIntegrationRequest" - }, - "output" : { - "shape" : "GetIntegrationResult", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets an Integration.

" - }, - "GetIntegrationResponse" : { - "name" : "GetIntegrationResponse", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetIntegrationResponseRequest" - }, - "output" : { - "shape" : "GetIntegrationResponseResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets an IntegrationResponses.

" - }, - "GetIntegrationResponses" : { - "name" : "GetIntegrationResponses", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetIntegrationResponsesRequest" - }, - "output" : { - "shape" : "GetIntegrationResponsesResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the IntegrationResponses for an Integration.

" - }, - "GetIntegrations" : { - "name" : "GetIntegrations", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/integrations", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetIntegrationsRequest" - }, - "output" : { - "shape" : "GetIntegrationsResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Integrations for an API.

" - }, - "GetModel" : { - "name" : "GetModel", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/models/{modelId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetModelRequest" - }, - "output" : { - "shape" : "GetModelResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a Model.

" - }, - "GetModelTemplate" : { - "name" : "GetModelTemplate", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/models/{modelId}/template", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetModelTemplateRequest" - }, - "output" : { - "shape" : "GetModelTemplateResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a model template.

" - }, - "GetModels" : { - "name" : "GetModels", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/models", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetModelsRequest" - }, - "output" : { - "shape" : "GetModelsResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Models for an API.

" - }, - "GetRoute" : { - "name" : "GetRoute", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetRouteRequest" - }, - "output" : { - "shape" : "GetRouteResult", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a Route.

" - }, - "GetRouteResponse" : { - "name" : "GetRouteResponse", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetRouteResponseRequest" - }, - "output" : { - "shape" : "GetRouteResponseResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a RouteResponse.

" - }, - "GetRouteResponses" : { - "name" : "GetRouteResponses", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/routeresponses", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetRouteResponsesRequest" - }, - "output" : { - "shape" : "GetRouteResponsesResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the RouteResponses for a Route.

" - }, - "GetRoutes" : { - "name" : "GetRoutes", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/routes", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetRoutesRequest" - }, - "output" : { - "shape" : "GetRoutesResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Routes for an API.

" - }, - "GetStage" : { - "name" : "GetStage", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetStageRequest" - }, - "output" : { - "shape" : "GetStageResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a Stage.

" - }, - "GetStages" : { - "name" : "GetStages", - "http" : { - "method" : "GET", - "requestUri" : "/v2/apis/{apiId}/stages", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetStagesRequest" - }, - "output" : { - "shape" : "GetStagesResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Gets the Stages for an API.

" - }, - "GetTags" : { - "name" : "GetTags", - "http" : { - "method" : "GET", - "requestUri" : "/v2/tags/{resource-arn}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetTagsRequest" - }, - "output" : { - "shape" : "GetTagsResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Gets a collection of Tag resources.

" - }, - "GetVpcLink" : { - "name" : "GetVpcLink", - "http" : { - "method" : "GET", - "requestUri" : "/v2/vpclinks/{vpcLinkId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetVpcLinkRequest" - }, - "output" : { - "shape" : "GetVpcLinkResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a VPC link.

" - }, - "GetVpcLinks" : { - "name" : "GetVpcLinks", - "http" : { - "method" : "GET", - "requestUri" : "/v2/vpclinks", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetVpcLinksRequest" - }, - "output" : { - "shape" : "GetVpcLinksResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - } ], - "documentation" : "

Gets a collection of VPC links.

" - }, - "ImportApi" : { - "name" : "ImportApi", - "http" : { - "method" : "PUT", - "requestUri" : "/v2/apis", - "responseCode" : 201 - }, - "input" : { - "shape" : "ImportApiRequest" - }, - "output" : { - "shape" : "ImportApiResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Imports an API.

" - }, - "ReimportApi" : { - "name" : "ReimportApi", - "http" : { - "method" : "PUT", - "requestUri" : "/v2/apis/{apiId}", - "responseCode" : 201 - }, - "input" : { - "shape" : "ReimportApiRequest" - }, - "output" : { - "shape" : "ReimportApiResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Puts an Api resource.

" - }, - "TagResource" : { - "name" : "TagResource", - "http" : { - "method" : "POST", - "requestUri" : "/v2/tags/{resource-arn}", - "responseCode" : 201 - }, - "input" : { - "shape" : "TagResourceRequest" - }, - "output" : { - "shape" : "TagResourceResponse", - "documentation" : "

The request has succeeded and has resulted in the creation of a resource.

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Creates a new Tag resource to represent a tag.

" - }, - "UntagResource" : { - "name" : "UntagResource", - "http" : { - "method" : "DELETE", - "requestUri" : "/v2/tags/{resource-arn}", - "responseCode" : 204 - }, - "input" : { - "shape" : "UntagResourceRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Deletes a Tag.

" - }, - "UpdateApi" : { - "name" : "UpdateApi", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateApiRequest" - }, - "output" : { - "shape" : "UpdateApiResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates an Api resource.

" - }, - "UpdateApiMapping" : { - "name" : "UpdateApiMapping", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateApiMappingRequest" - }, - "output" : { - "shape" : "UpdateApiMappingResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

The API mapping.

" - }, - "UpdateAuthorizer" : { - "name" : "UpdateAuthorizer", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/authorizers/{authorizerId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateAuthorizerRequest" - }, - "output" : { - "shape" : "UpdateAuthorizerResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates an Authorizer.

" - }, - "UpdateDeployment" : { - "name" : "UpdateDeployment", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/deployments/{deploymentId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateDeploymentRequest" - }, - "output" : { - "shape" : "UpdateDeploymentResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a Deployment.

" - }, - "UpdateDomainName" : { - "name" : "UpdateDomainName", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/domainnames/{domainName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateDomainNameRequest" - }, - "output" : { - "shape" : "UpdateDomainNameResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a domain name.

" - }, - "UpdateIntegration" : { - "name" : "UpdateIntegration", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateIntegrationRequest" - }, - "output" : { - "shape" : "UpdateIntegrationResult", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates an Integration.

" - }, - "UpdateIntegrationResponse" : { - "name" : "UpdateIntegrationResponse", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateIntegrationResponseRequest" - }, - "output" : { - "shape" : "UpdateIntegrationResponseResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates an IntegrationResponses.

" - }, - "UpdateModel" : { - "name" : "UpdateModel", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/models/{modelId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateModelRequest" - }, - "output" : { - "shape" : "UpdateModelResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a Model.

" - }, - "UpdateRoute" : { - "name" : "UpdateRoute", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateRouteRequest" - }, - "output" : { - "shape" : "UpdateRouteResult", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a Route.

" - }, - "UpdateRouteResponse" : { - "name" : "UpdateRouteResponse", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateRouteResponseRequest" - }, - "output" : { - "shape" : "UpdateRouteResponseResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a RouteResponse.

" - }, - "UpdateStage" : { - "name" : "UpdateStage", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/apis/{apiId}/stages/{stageName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateStageRequest" - }, - "output" : { - "shape" : "UpdateStageResponse", - "documentation" : "

Success

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - }, { - "shape" : "ConflictException", - "documentation" : "

The resource already exists.

" - } ], - "documentation" : "

Updates a Stage.

" - }, - "UpdateVpcLink" : { - "name" : "UpdateVpcLink", - "http" : { - "method" : "PATCH", - "requestUri" : "/v2/vpclinks/{vpcLinkId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateVpcLinkRequest" - }, - "output" : { - "shape" : "UpdateVpcLinkResponse", - "documentation" : "

200 response

" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

The resource specified in the request was not found.

" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

The client is sending more than the allowed number of requests per unit of time.

" - }, { - "shape" : "BadRequestException", - "documentation" : "

One of the parameters in the request is invalid.

" - } ], - "documentation" : "

Updates a VPC link.

" + "operations": { + "CreateApi": { + "name": "CreateApi", + "http": { + "method": "POST", + "requestUri": "/v2/apis", + "responseCode": 201 + }, + "input": { + "shape": "CreateApiRequest" + }, + "output": { + "shape": "CreateApiResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates an Api resource.

" + }, + "CreateApiMapping": { + "name": "CreateApiMapping", + "http": { + "method": "POST", + "requestUri": "/v2/domainnames/{domainName}/apimappings", + "responseCode": 201 + }, + "input": { + "shape": "CreateApiMappingRequest" + }, + "output": { + "shape": "CreateApiMappingResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates an API mapping.

" + }, + "CreateAuthorizer": { + "name": "CreateAuthorizer", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/authorizers", + "responseCode": 201 + }, + "input": { + "shape": "CreateAuthorizerRequest" + }, + "output": { + "shape": "CreateAuthorizerResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates an Authorizer for an API.

" + }, + "CreateDeployment": { + "name": "CreateDeployment", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/deployments", + "responseCode": 201 + }, + "input": { + "shape": "CreateDeploymentRequest" + }, + "output": { + "shape": "CreateDeploymentResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a Deployment for an API.

" + }, + "CreateDomainName": { + "name": "CreateDomainName", + "http": { + "method": "POST", + "requestUri": "/v2/domainnames", + "responseCode": 201 + }, + "input": { + "shape": "CreateDomainNameRequest" + }, + "output": { + "shape": "CreateDomainNameResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + }, + { + "shape": "AccessDeniedException", + "documentation": "

403 response

" + } + ], + "documentation": "

Creates a domain name.

" + }, + "CreateIntegration": { + "name": "CreateIntegration", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/integrations", + "responseCode": 201 + }, + "input": { + "shape": "CreateIntegrationRequest" + }, + "output": { + "shape": "CreateIntegrationResult", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates an Integration.

" + }, + "CreateIntegrationResponse": { + "name": "CreateIntegrationResponse", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses", + "responseCode": 201 + }, + "input": { + "shape": "CreateIntegrationResponseRequest" + }, + "output": { + "shape": "CreateIntegrationResponseResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates an IntegrationResponses.

" + }, + "CreateModel": { + "name": "CreateModel", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/models", + "responseCode": 201 + }, + "input": { + "shape": "CreateModelRequest" + }, + "output": { + "shape": "CreateModelResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a Model for an API.

" + }, + "CreateRoute": { + "name": "CreateRoute", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/routes", + "responseCode": 201 + }, + "input": { + "shape": "CreateRouteRequest" + }, + "output": { + "shape": "CreateRouteResult", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a Route for an API.

" + }, + "CreateRouteResponse": { + "name": "CreateRouteResponse", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses", + "responseCode": 201 + }, + "input": { + "shape": "CreateRouteResponseRequest" + }, + "output": { + "shape": "CreateRouteResponseResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a RouteResponse for a Route.

" + }, + "CreateRoutingRule": { + "name": "CreateRoutingRule", + "documentation": "

Creates a RoutingRule.

", + "http": { + "method": "POST", + "requestUri": "/v2/domainnames/{domainName}/routingrules", + "responseCode": 201 + }, + "input": { + "shape": "CreateRoutingRuleRequest" + }, + "output": { + "shape": "CreateRoutingRuleResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ] + }, + "CreateStage": { + "name": "CreateStage", + "http": { + "method": "POST", + "requestUri": "/v2/apis/{apiId}/stages", + "responseCode": 201 + }, + "input": { + "shape": "CreateStageRequest" + }, + "output": { + "shape": "CreateStageResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a Stage for an API.

" + }, + "CreateVpcLink": { + "name": "CreateVpcLink", + "http": { + "method": "POST", + "requestUri": "/v2/vpclinks", + "responseCode": 201 + }, + "input": { + "shape": "CreateVpcLinkRequest" + }, + "output": { + "shape": "CreateVpcLinkResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Creates a VPC link.

" + }, + "DeleteAccessLogSettings": { + "name": "DeleteAccessLogSettings", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}/accesslogsettings", + "responseCode": 204 + }, + "input": { + "shape": "DeleteAccessLogSettingsRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes the AccessLogSettings for a Stage. To disable access logging for a Stage, delete its AccessLogSettings.

" + }, + "DeleteApi": { + "name": "DeleteApi", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteApiRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes an Api resource.

" + }, + "DeleteApiMapping": { + "name": "DeleteApiMapping", + "http": { + "method": "DELETE", + "requestUri": "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteApiMappingRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Deletes an API mapping.

" + }, + "DeleteAuthorizer": { + "name": "DeleteAuthorizer", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/authorizers/{authorizerId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteAuthorizerRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes an Authorizer.

" + }, + "DeleteCorsConfiguration": { + "name": "DeleteCorsConfiguration", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/cors", + "responseCode": 204 + }, + "input": { + "shape": "DeleteCorsConfigurationRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a CORS configuration.

" + }, + "DeleteDeployment": { + "name": "DeleteDeployment", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/deployments/{deploymentId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteDeploymentRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a Deployment.

" + }, + "DeleteDomainName": { + "name": "DeleteDomainName", + "http": { + "method": "DELETE", + "requestUri": "/v2/domainnames/{domainName}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteDomainNameRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a domain name.

" + }, + "DeleteIntegration": { + "name": "DeleteIntegration", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteIntegrationRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes an Integration.

" + }, + "DeleteIntegrationResponse": { + "name": "DeleteIntegrationResponse", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteIntegrationResponseRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes an IntegrationResponses.

" + }, + "DeleteModel": { + "name": "DeleteModel", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/models/{modelId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteModelRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a Model.

" + }, + "DeleteRoute": { + "name": "DeleteRoute", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteRouteRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a Route.

" + }, + "DeleteRouteRequestParameter": { + "name": "DeleteRouteRequestParameter", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/requestparameters/{requestParameterKey}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteRouteRequestParameterRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a route request parameter. Supported only for WebSocket APIs.

" + }, + "DeleteRouteResponse": { + "name": "DeleteRouteResponse", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteRouteResponseRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a RouteResponse.

" + }, + "DeleteRouteSettings": { + "name": "DeleteRouteSettings", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}/routesettings/{routeKey}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteRouteSettingsRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes the RouteSettings for a stage.

" + }, + "DeleteRoutingRule": { + "name": "DeleteRoutingRule", + "documentation": "

Deletes a routing rule.

", + "http": { + "method": "DELETE", + "requestUri": "/v2/domainnames/{domainName}/routingrules/{routingRuleId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteRoutingRuleRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "idempotent": true + }, + "DeleteStage": { + "name": "DeleteStage", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteStageRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a Stage.

" + }, + "DeleteVpcLink": { + "name": "DeleteVpcLink", + "http": { + "method": "DELETE", + "requestUri": "/v2/vpclinks/{vpcLinkId}", + "responseCode": 202 + }, + "input": { + "shape": "DeleteVpcLinkRequest" + }, + "output": { + "shape": "DeleteVpcLinkResponse", + "documentation": "

202 response

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Deletes a VPC link.

" + }, + "ExportApi": { + "name": "ExportApi", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/exports/{specification}", + "responseCode": 200 + }, + "input": { + "shape": "ExportApiRequest" + }, + "output": { + "shape": "ExportApiResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ] + }, + "ResetAuthorizersCache": { + "name": "ResetAuthorizersCache", + "http": { + "method": "DELETE", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}/cache/authorizers", + "responseCode": 204 + }, + "input": { + "shape": "ResetAuthorizersCacheRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Resets all authorizer cache entries on a stage. Supported only for HTTP APIs.

" + }, + "GetApi": { + "name": "GetApi", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}", + "responseCode": 200 + }, + "input": { + "shape": "GetApiRequest" + }, + "output": { + "shape": "GetApiResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets an Api resource.

" + }, + "GetApiMapping": { + "name": "GetApiMapping", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", + "responseCode": 200 + }, + "input": { + "shape": "GetApiMappingRequest" + }, + "output": { + "shape": "GetApiMappingResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets an API mapping.

" + }, + "GetApiMappings": { + "name": "GetApiMappings", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames/{domainName}/apimappings", + "responseCode": 200 + }, + "input": { + "shape": "GetApiMappingsRequest" + }, + "output": { + "shape": "GetApiMappingsResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets API mappings.

" + }, + "GetApis": { + "name": "GetApis", + "http": { + "method": "GET", + "requestUri": "/v2/apis", + "responseCode": 200 + }, + "input": { + "shape": "GetApisRequest" + }, + "output": { + "shape": "GetApisResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets a collection of Api resources.

" + }, + "GetAuthorizer": { + "name": "GetAuthorizer", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/authorizers/{authorizerId}", + "responseCode": 200 + }, + "input": { + "shape": "GetAuthorizerRequest" + }, + "output": { + "shape": "GetAuthorizerResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets an Authorizer.

" + }, + "GetAuthorizers": { + "name": "GetAuthorizers", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/authorizers", + "responseCode": 200 + }, + "input": { + "shape": "GetAuthorizersRequest" + }, + "output": { + "shape": "GetAuthorizersResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Authorizers for an API.

" + }, + "GetDeployment": { + "name": "GetDeployment", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/deployments/{deploymentId}", + "responseCode": 200 + }, + "input": { + "shape": "GetDeploymentRequest" + }, + "output": { + "shape": "GetDeploymentResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a Deployment.

" + }, + "GetDeployments": { + "name": "GetDeployments", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/deployments", + "responseCode": 200 + }, + "input": { + "shape": "GetDeploymentsRequest" + }, + "output": { + "shape": "GetDeploymentsResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Deployments for an API.

" + }, + "GetDomainName": { + "name": "GetDomainName", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames/{domainName}", + "responseCode": 200 + }, + "input": { + "shape": "GetDomainNameRequest" + }, + "output": { + "shape": "GetDomainNameResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a domain name.

" + }, + "GetDomainNames": { + "name": "GetDomainNames", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames", + "responseCode": 200 + }, + "input": { + "shape": "GetDomainNamesRequest" + }, + "output": { + "shape": "GetDomainNamesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the domain names for an AWS account.

" + }, + "GetIntegration": { + "name": "GetIntegration", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}", + "responseCode": 200 + }, + "input": { + "shape": "GetIntegrationRequest" + }, + "output": { + "shape": "GetIntegrationResult", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets an Integration.

" + }, + "GetIntegrationResponse": { + "name": "GetIntegrationResponse", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", + "responseCode": 200 + }, + "input": { + "shape": "GetIntegrationResponseRequest" + }, + "output": { + "shape": "GetIntegrationResponseResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets an IntegrationResponses.

" + }, + "GetIntegrationResponses": { + "name": "GetIntegrationResponses", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses", + "responseCode": 200 + }, + "input": { + "shape": "GetIntegrationResponsesRequest" + }, + "output": { + "shape": "GetIntegrationResponsesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the IntegrationResponses for an Integration.

" + }, + "GetIntegrations": { + "name": "GetIntegrations", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/integrations", + "responseCode": 200 + }, + "input": { + "shape": "GetIntegrationsRequest" + }, + "output": { + "shape": "GetIntegrationsResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Integrations for an API.

" + }, + "GetModel": { + "name": "GetModel", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/models/{modelId}", + "responseCode": 200 + }, + "input": { + "shape": "GetModelRequest" + }, + "output": { + "shape": "GetModelResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a Model.

" + }, + "GetModelTemplate": { + "name": "GetModelTemplate", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/models/{modelId}/template", + "responseCode": 200 + }, + "input": { + "shape": "GetModelTemplateRequest" + }, + "output": { + "shape": "GetModelTemplateResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a model template.

" + }, + "GetModels": { + "name": "GetModels", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/models", + "responseCode": 200 + }, + "input": { + "shape": "GetModelsRequest" + }, + "output": { + "shape": "GetModelsResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Models for an API.

" + }, + "GetRoute": { + "name": "GetRoute", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}", + "responseCode": 200 + }, + "input": { + "shape": "GetRouteRequest" + }, + "output": { + "shape": "GetRouteResult", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a Route.

" + }, + "GetRouteResponse": { + "name": "GetRouteResponse", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", + "responseCode": 200 + }, + "input": { + "shape": "GetRouteResponseRequest" + }, + "output": { + "shape": "GetRouteResponseResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a RouteResponse.

" + }, + "GetRouteResponses": { + "name": "GetRouteResponses", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses", + "responseCode": 200 + }, + "input": { + "shape": "GetRouteResponsesRequest" + }, + "output": { + "shape": "GetRouteResponsesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the RouteResponses for a Route.

" + }, + "GetRoutes": { + "name": "GetRoutes", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/routes", + "responseCode": 200 + }, + "input": { + "shape": "GetRoutesRequest" + }, + "output": { + "shape": "GetRoutesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Routes for an API.

" + }, + "GetRoutingRule": { + "name": "GetRoutingRule", + "documentation": "

Gets a routing rule.

", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames/{domainName}/routingrules/{routingRuleId}", + "responseCode": 200 + }, + "input": { + "shape": "GetRoutingRuleRequest" + }, + "output": { + "shape": "GetRoutingRuleResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ] + }, + "ListRoutingRules": { + "name": "ListRoutingRules", + "documentation": "

Lists routing rules.

", + "http": { + "method": "GET", + "requestUri": "/v2/domainnames/{domainName}/routingrules", + "responseCode": 200 + }, + "input": { + "shape": "ListRoutingRulesRequest" + }, + "output": { + "shape": "ListRoutingRulesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ] + }, + "GetStage": { + "name": "GetStage", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}", + "responseCode": 200 + }, + "input": { + "shape": "GetStageRequest" + }, + "output": { + "shape": "GetStageResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a Stage.

" + }, + "GetStages": { + "name": "GetStages", + "http": { + "method": "GET", + "requestUri": "/v2/apis/{apiId}/stages", + "responseCode": 200 + }, + "input": { + "shape": "GetStagesRequest" + }, + "output": { + "shape": "GetStagesResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Gets the Stages for an API.

" + }, + "GetTags": { + "name": "GetTags", + "http": { + "method": "GET", + "requestUri": "/v2/tags/{resource-arn}", + "responseCode": 200 + }, + "input": { + "shape": "GetTagsRequest" + }, + "output": { + "shape": "GetTagsResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Gets a collection of Tag resources.

" + }, + "GetVpcLink": { + "name": "GetVpcLink", + "http": { + "method": "GET", + "requestUri": "/v2/vpclinks/{vpcLinkId}", + "responseCode": 200 + }, + "input": { + "shape": "GetVpcLinkRequest" + }, + "output": { + "shape": "GetVpcLinkResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a VPC link.

" + }, + "GetVpcLinks": { + "name": "GetVpcLinks", + "http": { + "method": "GET", + "requestUri": "/v2/vpclinks", + "responseCode": 200 + }, + "input": { + "shape": "GetVpcLinksRequest" + }, + "output": { + "shape": "GetVpcLinksResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + } + ], + "documentation": "

Gets a collection of VPC links.

" + }, + "ImportApi": { + "name": "ImportApi", + "http": { + "method": "PUT", + "requestUri": "/v2/apis", + "responseCode": 201 + }, + "input": { + "shape": "ImportApiRequest" + }, + "output": { + "shape": "ImportApiResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Imports an API.

" + }, + "PutRoutingRule": { + "name": "PutRoutingRule", + "documentation": "

Updates a routing rule.

", + "http": { + "method": "PUT", + "requestUri": "/v2/domainnames/{domainName}/routingrules/{routingRuleId}", + "responseCode": 200 + }, + "input": { + "shape": "PutRoutingRuleRequest" + }, + "output": { + "shape": "PutRoutingRuleResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "idempotent": true + }, + "ReimportApi": { + "name": "ReimportApi", + "http": { + "method": "PUT", + "requestUri": "/v2/apis/{apiId}", + "responseCode": 201 + }, + "input": { + "shape": "ReimportApiRequest" + }, + "output": { + "shape": "ReimportApiResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Puts an Api resource.

" + }, + "TagResource": { + "name": "TagResource", + "http": { + "method": "POST", + "requestUri": "/v2/tags/{resource-arn}", + "responseCode": 201 + }, + "input": { + "shape": "TagResourceRequest" + }, + "output": { + "shape": "TagResourceResponse", + "documentation": "

The request has succeeded and has resulted in the creation of a resource.

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Creates a new Tag resource to represent a tag.

" + }, + "UntagResource": { + "name": "UntagResource", + "http": { + "method": "DELETE", + "requestUri": "/v2/tags/{resource-arn}", + "responseCode": 204 + }, + "input": { + "shape": "UntagResourceRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Deletes a Tag.

" + }, + "UpdateApi": { + "name": "UpdateApi", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateApiRequest" + }, + "output": { + "shape": "UpdateApiResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates an Api resource.

" + }, + "UpdateApiMapping": { + "name": "UpdateApiMapping", + "http": { + "method": "PATCH", + "requestUri": "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateApiMappingRequest" + }, + "output": { + "shape": "UpdateApiMappingResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

The API mapping.

" + }, + "UpdateAuthorizer": { + "name": "UpdateAuthorizer", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/authorizers/{authorizerId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateAuthorizerRequest" + }, + "output": { + "shape": "UpdateAuthorizerResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates an Authorizer.

" + }, + "UpdateDeployment": { + "name": "UpdateDeployment", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/deployments/{deploymentId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateDeploymentRequest" + }, + "output": { + "shape": "UpdateDeploymentResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a Deployment.

" + }, + "UpdateDomainName": { + "name": "UpdateDomainName", + "http": { + "method": "PATCH", + "requestUri": "/v2/domainnames/{domainName}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateDomainNameRequest" + }, + "output": { + "shape": "UpdateDomainNameResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a domain name.

" + }, + "UpdateIntegration": { + "name": "UpdateIntegration", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateIntegrationRequest" + }, + "output": { + "shape": "UpdateIntegrationResult", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates an Integration.

" + }, + "UpdateIntegrationResponse": { + "name": "UpdateIntegrationResponse", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateIntegrationResponseRequest" + }, + "output": { + "shape": "UpdateIntegrationResponseResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates an IntegrationResponses.

" + }, + "UpdateModel": { + "name": "UpdateModel", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/models/{modelId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateModelRequest" + }, + "output": { + "shape": "UpdateModelResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a Model.

" + }, + "UpdateRoute": { + "name": "UpdateRoute", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateRouteRequest" + }, + "output": { + "shape": "UpdateRouteResult", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a Route.

" + }, + "UpdateRouteResponse": { + "name": "UpdateRouteResponse", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateRouteResponseRequest" + }, + "output": { + "shape": "UpdateRouteResponseResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a RouteResponse.

" + }, + "UpdateStage": { + "name": "UpdateStage", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateStageRequest" + }, + "output": { + "shape": "UpdateStageResponse", + "documentation": "

Success

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + }, + { + "shape": "ConflictException", + "documentation": "

The resource already exists.

" + } + ], + "documentation": "

Updates a Stage.

" + }, + "UpdateVpcLink": { + "name": "UpdateVpcLink", + "http": { + "method": "PATCH", + "requestUri": "/v2/vpclinks/{vpcLinkId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateVpcLinkRequest" + }, + "output": { + "shape": "UpdateVpcLinkResponse", + "documentation": "

200 response

" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

The resource specified in the request was not found.

" + }, + { + "shape": "TooManyRequestsException", + "documentation": "

The client is sending more than the allowed number of requests per unit of time.

" + }, + { + "shape": "BadRequestException", + "documentation": "

One of the parameters in the request is invalid.

" + } + ], + "documentation": "

Updates a VPC link.

" } }, - "shapes" : { - "AccessDeniedException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message" - } - }, - "exception" : true, - "error" : { - "httpStatusCode" : 403 - } - }, - "AccessLogSettings" : { - "type" : "structure", - "members" : { - "DestinationArn" : { - "shape" : "Arn", - "locationName" : "destinationArn", - "documentation" : "

The ARN of the CloudWatch Logs log group to receive access logs.

" - }, - "Format" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "format", - "documentation" : "

A single line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.

" - } - }, - "documentation" : "

Settings for logging access in a stage.

" - }, - "Api" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - }, - "documentation" : "

Represents an API.

", - "required" : [ "RouteSelectionExpression", "Name", "ProtocolType" ] - }, - "ApiMapping" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingId" : { - "shape" : "Id", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - }, - "documentation" : "

Represents an API mapping.

", - "required" : [ "Stage", "ApiId" ] - }, - "ApiMappings" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfApiMapping", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of ApiMappings resources.

" - }, - "Apis" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfApi", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of APIs.

" - }, - "Arn" : { - "type" : "string", - "documentation" : "

Represents an Amazon Resource Name (ARN).

" - }, - "AuthorizationScopes" : { - "type" : "list", - "documentation" : "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

", - "member" : { - "shape" : "StringWithLengthBetween1And64" - } - }, - "AuthorizationType" : { - "type" : "string", - "documentation" : "

The authorization type. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

", - "enum" : [ "NONE", "AWS_IAM", "CUSTOM", "JWT" ] - }, - "Authorizer" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

The validation expression does not apply to the REQUEST authorizer.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - }, - "documentation" : "

Represents an authorizer.

", - "required" : [ "Name" ] - }, - "AuthorizerType" : { - "type" : "string", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

", - "enum" : [ "REQUEST", "JWT" ] - }, - "Authorizers" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfAuthorizer", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of authorizers.

" - }, - "BadRequestException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

Describes the error encountered.

" - } - }, - "documentation" : "

The request is not valid, for example, the input is incomplete or incorrect. See the accompanying error message for details.

", - "exception" : true, - "error" : { - "httpStatusCode" : 400 - } - }, - "ConflictException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

Describes the error encountered.

" - } - }, - "documentation" : "

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request. See the accompanying error message for details.

", - "exception" : true, - "error" : { - "httpStatusCode" : 409 - } - }, - "ConnectionType" : { - "type" : "string", - "documentation" : "

Represents a connection type.

", - "enum" : [ "INTERNET", "VPC_LINK" ] - }, - "ContentHandlingStrategy" : { - "type" : "string", - "documentation" : "

Specifies how to handle response payload content type conversions. Supported only for WebSocket APIs.

", - "enum" : [ "CONVERT_TO_BINARY", "CONVERT_TO_TEXT" ] - }, - "Cors" : { - "type" : "structure", - "members" : { - "AllowCredentials" : { - "shape" : "__boolean", - "locationName" : "allowCredentials", - "documentation" : "

Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs.

" - }, - "AllowHeaders" : { - "shape" : "CorsHeaderList", - "locationName" : "allowHeaders", - "documentation" : "

Represents a collection of allowed headers. Supported only for HTTP APIs.

" - }, - "AllowMethods" : { - "shape" : "CorsMethodList", - "locationName" : "allowMethods", - "documentation" : "

Represents a collection of allowed HTTP methods. Supported only for HTTP APIs.

" - }, - "AllowOrigins" : { - "shape" : "CorsOriginList", - "locationName" : "allowOrigins", - "documentation" : "

Represents a collection of allowed origins. Supported only for HTTP APIs.

" - }, - "ExposeHeaders" : { - "shape" : "CorsHeaderList", - "locationName" : "exposeHeaders", - "documentation" : "

Represents a collection of exposed headers. Supported only for HTTP APIs.

" - }, - "MaxAge" : { - "shape" : "IntegerWithLengthBetweenMinus1And86400", - "locationName" : "maxAge", - "documentation" : "

The number of seconds that the browser should cache preflight request results. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents a CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" - }, - "CorsHeaderList" : { - "type" : "list", - "documentation" : "

Represents a collection of allowed headers. Supported only for HTTP APIs.

", - "member" : { - "shape" : "__string" - } - }, - "CorsMethodList" : { - "type" : "list", - "documentation" : "

Represents a collection of methods. Supported only for HTTP APIs.

", - "member" : { - "shape" : "StringWithLengthBetween1And64" - } - }, - "CorsOriginList" : { - "type" : "list", - "documentation" : "

Represents a collection of origins. Supported only for HTTP APIs.

", - "member" : { - "shape" : "__string" - } - }, - "CreateApiInput" : { - "type" : "structure", - "members" : { - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. Supported only for HTTP APIs.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

This property is part of quick create. If you don't specify a routeKey, a default route of $default is created. The $default route acts as a catch-all for any request made to your API, for a particular stage. The $default route key can't be modified. You can add routes after creating the API, and you can update the route keys of additional routes. Supported only for HTTP APIs.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - }, - "Target" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "target", - "documentation" : "

This property is part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Supported only for HTTP APIs.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateApi request.

", - "required" : [ "ProtocolType", "Name" ] - }, - "CreateApiMappingInput" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "The API mapping key." - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateApiMapping request.

", - "required" : [ "Stage", "ApiId" ] - }, - "CreateApiMappingRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "The API mapping key." - }, - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - }, - "documentation" : "

Creates a new ApiMapping resource to represent an API mapping.

", - "required" : [ "DomainName", "Stage", "ApiId" ] - }, - "CreateApiMappingResponse" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingId" : { - "shape" : "Id", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - } - }, - "CreateApiRequest" : { - "type" : "structure", - "members" : { - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. Supported only for HTTP APIs.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

This property is part of quick create. If you don't specify a routeKey, a default route of $default is created. The $default route acts as a catch-all for any request made to your API, for a particular stage. The $default route key can't be modified. You can add routes after creating the API, and you can update the route keys of additional routes. Supported only for HTTP APIs.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - }, - "Target" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "target", - "documentation" : "

This property is part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Supported only for HTTP APIs.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - } - }, - "documentation" : "

Creates a new Api resource to represent an API.

", - "required" : [ "ProtocolType", "Name" ] - }, - "CreateApiResponse" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - } - }, - "CreateAuthorizerInput" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

This parameter is not used.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateAuthorizer request.

", - "required" : [ "AuthorizerType", "IdentitySource", "Name" ] - }, - "CreateAuthorizerRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

This parameter is not used.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - }, - "documentation" : "

Creates a new Authorizer resource to represent an authorizer.

", - "required" : [ "ApiId", "AuthorizerType", "IdentitySource", "Name" ] - }, - "CreateAuthorizerResponse" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

The validation expression does not apply to the REQUEST authorizer.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - } - }, - "CreateDeploymentInput" : { - "type" : "structure", - "members" : { - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment resource.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the Stage resource for the Deployment resource to create.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateDeployment request.

" - }, - "CreateDeploymentRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment resource.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the Stage resource for the Deployment resource to create.

" - } - }, - "documentation" : "

Creates a new Deployment resource to represent a deployment.

", - "required" : [ "ApiId" ] - }, - "CreateDeploymentResponse" : { - "type" : "structure", - "members" : { - "AutoDeployed" : { - "shape" : "__boolean", - "locationName" : "autoDeployed", - "documentation" : "

Specifies whether a deployment was automatically released.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The date and time when the Deployment resource was created.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier for the deployment.

" - }, - "DeploymentStatus" : { - "shape" : "DeploymentStatus", - "locationName" : "deploymentStatus", - "documentation" : "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" - }, - "DeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "deploymentStatusMessage", - "documentation" : "

May contain additional feedback on the status of an API deployment.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment.

" - } - } - }, - "CreateDomainNameInput" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthenticationInput", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateDomainName request.

", - "required" : [ "DomainName" ] - }, - "CreateDomainNameRequest" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthenticationInput", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - }, - "documentation" : "

Creates a new DomainName resource to represent a domain name.

", - "required" : [ "DomainName" ] - }, - "CreateDomainNameResponse" : { - "type" : "structure", - "members" : { - "ApiMappingSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiMappingSelectionExpression", - "documentation" : "

The API mapping selection expression.

" - }, - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The name of the DomainName resource.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthentication", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - } - }, - "CreateIntegrationInput" : { - "type" : "structure", - "members" : { - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfigInput", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateIntegration request.

", - "required" : [ "IntegrationType" ] - }, - "CreateIntegrationRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfigInput", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Creates a new Integration resource to represent an integration.

", - "required" : [ "ApiId", "IntegrationType" ] - }, - "CreateIntegrationResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

Represents the description of an integration.

" - }, - "IntegrationId" : { - "shape" : "Id", - "locationName" : "integrationId", - "documentation" : "

Represents the identifier of an integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "integrationResponseSelectionExpression", - "documentation" : "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration. Supported only for WebSocket APIs.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfig", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - } - }, - "CreateIntegrationResponseInput" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateIntegrationResponse request.

", - "required" : [ "IntegrationResponseKey" ] - }, - "CreateIntegrationResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" - } - }, - "documentation" : "

Creates a new IntegrationResponse resource to represent an integration response.

", - "required" : [ "ApiId", "IntegrationId", "IntegrationResponseKey" ] - }, - "CreateIntegrationResponseResponse" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseId" : { - "shape" : "Id", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expressions for the integration response.

" - } - } - }, - "CreateModelInput" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateModel request.

", - "required" : [ "Schema", "Name" ] - }, - "CreateModelRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - }, - "documentation" : "

Creates a new Model.

", - "required" : [ "ApiId", "Schema", "Name" ] - }, - "CreateModelResponse" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "ModelId" : { - "shape" : "Id", - "locationName" : "modelId", - "documentation" : "

The model identifier.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - } - }, - "CreateRouteInput" : { - "type" : "structure", - "members" : { - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

The authorization scopes supported by this route.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateRoute request.

", - "required" : [ "RouteKey" ] - }, - "CreateRouteRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

The authorization scopes supported by this route.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - }, - "documentation" : "

Creates a new Route resource to represent a route.

", - "required" : [ "ApiId", "RouteKey" ] - }, - "CreateRouteResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteId" : { - "shape" : "Id", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - } - }, - "CreateRouteResponseInput" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

The response models for the route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

The route response parameters.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

The route response key.

" - } - }, - "documentation" : "

Represents the input parameters for an CreateRouteResponse request.

", - "required" : [ "RouteResponseKey" ] - }, - "CreateRouteResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

The response models for the route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

The route response parameters.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

The route response key.

" - } - }, - "documentation" : "

Creates a new RouteResponse resource to represent a route response.

", - "required" : [ "ApiId", "RouteId", "RouteResponseKey" ] - }, - "CreateRouteResponseResponse" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

Represents the response models of a route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

Represents the response parameters of a route response.

" - }, - "RouteResponseId" : { - "shape" : "Id", - "locationName" : "routeResponseId", - "documentation" : "

Represents the identifier of a route response.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

Represents the route response key of a route response.

" - } - } - }, - "CreateStageInput" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

The default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The deployment identifier of the API stage.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the API stage.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateStage request.

", - "required" : [ "StageName" ] - }, - "CreateStageRequest" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

The default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The deployment identifier of the API stage.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the API stage.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - }, - "documentation" : "

Creates a new Stage resource to represent a stage.

", - "required" : [ "ApiId", "StageName" ] - }, - "CreateStageResponse" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the stage was created.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

Default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the stage.

" - }, - "LastDeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "lastDeploymentStatusMessage", - "documentation" : "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" - }, - "LastUpdatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "lastUpdatedDate", - "documentation" : "

The timestamp when the stage was last updated.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - } - }, - "CreateVpcLinkInput" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A list of tags.

" - } - }, - "documentation" : "

Represents the input parameters for a CreateVpcLink request.

", - "required" : [ "SubnetIds", "Name" ] - }, - "CreateVpcLinkRequest" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A list of tags.

" - } - }, - "documentation" : "

Creates a VPC link

", - "required" : [ "SubnetIds", "Name" ] - }, - "CreateVpcLinkResponse" : { - "type" : "structure", - "members" : { - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the VPC link was created.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

Tags for the VPC link.

" - }, - "VpcLinkId" : { - "shape" : "Id", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - }, - "VpcLinkStatus" : { - "shape" : "VpcLinkStatus", - "locationName" : "vpcLinkStatus", - "documentation" : "

The status of the VPC link.

" - }, - "VpcLinkStatusMessage" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "vpcLinkStatusMessage", - "documentation" : "

A message summarizing the cause of the status of the VPC link.

" - }, - "VpcLinkVersion" : { - "shape" : "VpcLinkVersion", - "locationName" : "vpcLinkVersion", - "documentation" : "

The version of the VPC link.

" - } - } - }, - "DeleteAccessLogSettingsRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" - } - }, - "required" : [ "StageName", "ApiId" ] - }, - "DeleteApiMappingRequest" : { - "type" : "structure", - "members" : { - "ApiMappingId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - } - }, - "required" : [ "ApiMappingId", "DomainName" ] - }, - "DeleteApiRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - } - }, - "required" : [ "ApiId" ] - }, - "DeleteAuthorizerRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AuthorizerId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - } - }, - "required" : [ "AuthorizerId", "ApiId" ] - }, - "DeleteCorsConfigurationRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - } - }, - "required" : [ "ApiId" ] - }, - "DeleteDeploymentRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "DeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "deploymentId", - "documentation" : "

The deployment ID.

" - } - }, - "required" : [ "ApiId", "DeploymentId" ] - }, - "DeleteDomainNameRequest" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - } - }, - "required" : [ "DomainName" ] - }, - "DeleteIntegrationRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - } - }, - "required" : [ "ApiId", "IntegrationId" ] - }, - "DeleteIntegrationResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "IntegrationResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - } - }, - "required" : [ "ApiId", "IntegrationResponseId", "IntegrationId" ] - }, - "DeleteModelRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ModelId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "modelId", - "documentation" : "

The model ID.

" - } - }, - "required" : [ "ModelId", "ApiId" ] - }, - "DeleteRouteRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - } - }, - "required" : [ "ApiId", "RouteId" ] - }, - "DeleteRouteRequestParameterRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RequestParameterKey" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "requestParameterKey", - "documentation" : "

The route request parameter key.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - } - }, - "required" : [ "RequestParameterKey", "ApiId", "RouteId" ] - }, - "DeleteRouteResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeResponseId", - "documentation" : "

The route response ID.

" - } - }, - "required" : [ "RouteResponseId", "ApiId", "RouteId" ] - }, - "DeleteRouteSettingsRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RouteKey" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeKey", - "documentation" : "

The route key.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" - } - }, - "required" : [ "StageName", "RouteKey", "ApiId" ] - }, - "DeleteStageRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" - } - }, - "required" : [ "StageName", "ApiId" ] - }, - "DeleteVpcLinkRequest" : { - "type" : "structure", - "members" : { - "VpcLinkId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - } - }, - "required" : [ "VpcLinkId" ] - }, - "DeleteVpcLinkResponse" : { - "type" : "structure", - "members" : { } - }, - "Deployment" : { - "type" : "structure", - "members" : { - "AutoDeployed" : { - "shape" : "__boolean", - "locationName" : "autoDeployed", - "documentation" : "

Specifies whether a deployment was automatically released.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The date and time when the Deployment resource was created.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier for the deployment.

" - }, - "DeploymentStatus" : { - "shape" : "DeploymentStatus", - "locationName" : "deploymentStatus", - "documentation" : "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" - }, - "DeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "deploymentStatusMessage", - "documentation" : "

May contain additional feedback on the status of an API deployment.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment.

" - } - }, - "documentation" : "

An immutable representation of an API that can be called by users. A Deployment must be associated with a Stage for it to be callable over the internet.

" - }, - "DeploymentStatus" : { - "type" : "string", - "documentation" : "

Represents a deployment status.

", - "enum" : [ "PENDING", "FAILED", "DEPLOYED" ] - }, - "Deployments" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfDeployment", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

A collection resource that contains zero or more references to your existing deployments, and links that guide you on how to interact with your collection. The collection offers a paginated view of the contained deployments.

" - }, - "DomainName" : { - "type" : "structure", - "members" : { - "ApiMappingSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiMappingSelectionExpression", - "documentation" : "

The API mapping selection expression.

" - }, - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The name of the DomainName resource.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthentication", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - }, - "documentation" : "

Represents a domain name.

", - "required" : [ "DomainName" ] - }, - "DomainNameConfiguration" : { - "type" : "structure", - "members" : { - "ApiGatewayDomainName" : { - "shape" : "__string", - "locationName" : "apiGatewayDomainName", - "documentation" : "

A domain name for the API.

" - }, - "CertificateArn" : { - "shape" : "Arn", - "locationName" : "certificateArn", - "documentation" : "

An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.

" - }, - "CertificateName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "certificateName", - "documentation" : "

The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name.

" - }, - "CertificateUploadDate" : { - "shape" : "__timestampIso8601", - "locationName" : "certificateUploadDate", - "documentation" : "

The timestamp when the certificate that was used by edge-optimized endpoint for this domain name was uploaded.

" - }, - "DomainNameStatus" : { - "shape" : "DomainNameStatus", - "locationName" : "domainNameStatus", - "documentation" : "

The status of the domain name migration. The valid values are AVAILABLE, UPDATING, PENDING_CERTIFICATE_REIMPORT, and PENDING_OWNERSHIP_VERIFICATION. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

" - }, - "DomainNameStatusMessage" : { - "shape" : "__string", - "locationName" : "domainNameStatusMessage", - "documentation" : "

An optional text message containing detailed information about status of the domain name migration.

" - }, - "EndpointType" : { - "shape" : "EndpointType", - "locationName" : "endpointType", - "documentation" : "

The endpoint type.

" - }, - "HostedZoneId" : { - "shape" : "__string", - "locationName" : "hostedZoneId", - "documentation" : "

The Amazon Route 53 Hosted Zone ID of the endpoint.

" - }, - "SecurityPolicy" : { - "shape" : "SecurityPolicy", - "locationName" : "securityPolicy", - "documentation" : "

The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are TLS_1_0 and TLS_1_2.

" - }, - "OwnershipVerificationCertificateArn" : { - "shape" : "Arn", - "locationName" : "ownershipVerificationCertificateArn", - "documentation" : "

The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn

" - } - }, - "documentation" : "

The domain name configuration.

" - }, - "DomainNameConfigurations" : { - "type" : "list", - "documentation" : "

The domain name configurations.

", - "member" : { - "shape" : "DomainNameConfiguration" - } - }, - "DomainNameStatus" : { - "type" : "string", - "documentation" : "

The status of the domain name migration. The valid values are AVAILABLE, UPDATING, PENDING_CERTIFICATE_REIMPORT, and PENDING_OWNERSHIP_VERIFICATION. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

", - "enum" : [ "AVAILABLE", "UPDATING", "PENDING_CERTIFICATE_REIMPORT", "PENDING_OWNERSHIP_VERIFICATION" ] - }, - "DomainNames" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfDomainName", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of domain names.

" - }, - "EndpointType" : { - "type" : "string", - "documentation" : "

Represents an endpoint type.

", - "enum" : [ "REGIONAL", "EDGE" ] - }, - "ExportApiRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ExportVersion" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "exportVersion", - "documentation" : "

The version of the API Gateway export algorithm. API Gateway uses the latest version by default. Currently, the only supported version is 1.0.

" - }, - "IncludeExtensions" : { - "shape" : "__boolean", - "location" : "querystring", - "locationName" : "includeExtensions", - "documentation" : "

Specifies whether to include API Gateway extensions in the exported API definition. API Gateway extensions are included by default.

" - }, - "OutputType" : { - "shape" : "__string", - "enum" : ["YAML", "JSON"], - "location" : "querystring", - "locationName" : "outputType", - "documentation" : "

The output type of the exported definition file. Valid values are JSON and YAML.

" - }, - "Specification" : { - "shape" : "__string", - "enum" : ["OAS30"], - "location" : "uri", - "locationName" : "specification", - "documentation" : "

The version of the API specification to use. OAS30, for OpenAPI 3.0, is the only supported value.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "stageName", - "documentation" : "

The name of the API stage to export. If you don't specify this property, a representation of the latest API configuration is exported.

" - } - }, - "required" : [ "Specification", "OutputType", "ApiId" ] - }, - "ExportApiResponse" : { - "type" : "structure", - "members" : { - "body":{ - "shape":"ExportedApi" - } - }, - "payload":"body" - }, - "ExportedApi":{ - "type":"blob", - "documentation" : "

Represents an exported definition of an API in a particular output format, for example, YAML. The API is serialized to the requested specification, for example, OpenAPI 3.0.

" - }, - "ResetAuthorizersCacheRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can contain only alphanumeric characters, hyphens, and underscores, or be $default. Maximum length is 128 characters.

" - } - }, - "required" : [ "StageName", "ApiId" ] - }, - "GetApiMappingRequest" : { - "type" : "structure", - "members" : { - "ApiMappingId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - } - }, - "required" : [ "ApiMappingId", "DomainName" ] - }, - "GetApiMappingResponse" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingId" : { - "shape" : "Id", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - } - }, - "GetApiMappingsRequest" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "DomainName" ] - }, - "GetApiMappingsResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfApiMapping", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetApiRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetApiResponse" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - } - }, - "GetApisRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetApisResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfApi", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetAuthorizerRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AuthorizerId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - } - }, - "required" : [ "AuthorizerId", "ApiId" ] - }, - "GetAuthorizerResponse" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

The validation expression does not apply to the REQUEST authorizer.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - } - }, - "GetAuthorizersRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetAuthorizersResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfAuthorizer", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetDeploymentRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "DeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "deploymentId", - "documentation" : "

The deployment ID.

" - } - }, - "required" : [ "ApiId", "DeploymentId" ] - }, - "GetDeploymentResponse" : { - "type" : "structure", - "members" : { - "AutoDeployed" : { - "shape" : "__boolean", - "locationName" : "autoDeployed", - "documentation" : "

Specifies whether a deployment was automatically released.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The date and time when the Deployment resource was created.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier for the deployment.

" - }, - "DeploymentStatus" : { - "shape" : "DeploymentStatus", - "locationName" : "deploymentStatus", - "documentation" : "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" - }, - "DeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "deploymentStatusMessage", - "documentation" : "

May contain additional feedback on the status of an API deployment.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment.

" - } - } - }, - "GetDeploymentsRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetDeploymentsResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfDeployment", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetDomainNameRequest" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - } - }, - "required" : [ "DomainName" ] - }, - "GetDomainNameResponse" : { - "type" : "structure", - "members" : { - "ApiMappingSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiMappingSelectionExpression", - "documentation" : "

The API mapping selection expression.

" - }, - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The name of the DomainName resource.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthentication", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - } - }, - "GetDomainNamesRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetDomainNamesResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfDomainName", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetIntegrationRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - } - }, - "required" : [ "ApiId", "IntegrationId" ] - }, - "GetIntegrationResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

Represents the description of an integration.

" - }, - "IntegrationId" : { - "shape" : "Id", - "locationName" : "integrationId", - "documentation" : "

Represents the identifier of an integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "integrationResponseSelectionExpression", - "documentation" : "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration. Supported only for WebSocket APIs.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfig", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - } - }, - "GetIntegrationResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "IntegrationResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - } - }, - "required" : [ "ApiId", "IntegrationResponseId", "IntegrationId" ] - }, - "GetIntegrationResponseResponse" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseId" : { - "shape" : "Id", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expressions for the integration response.

" - } - } - }, - "GetIntegrationResponsesRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "IntegrationId", "ApiId" ] - }, - "GetIntegrationResponsesResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfIntegrationResponse", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetIntegrationsRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetIntegrationsResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfIntegration", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetModelRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ModelId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "modelId", - "documentation" : "

The model ID.

" - } - }, - "required" : [ "ModelId", "ApiId" ] - }, - "GetModelResponse" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "ModelId" : { - "shape" : "Id", - "locationName" : "modelId", - "documentation" : "

The model identifier.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - } - }, - "GetModelTemplateRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ModelId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "modelId", - "documentation" : "

The model ID.

" - } - }, - "required" : [ "ModelId", "ApiId" ] - }, - "GetModelTemplateResponse" : { - "type" : "structure", - "members" : { - "Value" : { - "shape" : "__string", - "locationName" : "value", - "documentation" : "

The template value.

" - } - } - }, - "GetModelsRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetModelsResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfModel", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetRouteRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - } - }, - "required" : [ "ApiId", "RouteId" ] - }, - "GetRouteResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteId" : { - "shape" : "Id", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - } - }, - "GetRouteResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeResponseId", - "documentation" : "

The route response ID.

" - } - }, - "required" : [ "RouteResponseId", "ApiId", "RouteId" ] - }, - "GetRouteResponseResponse" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

Represents the response models of a route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

Represents the response parameters of a route response.

" - }, - "RouteResponseId" : { - "shape" : "Id", - "locationName" : "routeResponseId", - "documentation" : "

Represents the identifier of a route response.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

Represents the route response key of a route response.

" - } - } - }, - "GetRouteResponsesRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - } - }, - "required" : [ "RouteId", "ApiId" ] - }, - "GetRouteResponsesResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfRouteResponse", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetRoutesRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetRoutesResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfRoute", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetStageRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" - } - }, - "required" : [ "StageName", "ApiId" ] - }, - "GetStageResponse" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the stage was created.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

Default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the stage.

" - }, - "LastDeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "lastDeploymentStatusMessage", - "documentation" : "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" - }, - "LastUpdatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "lastUpdatedDate", - "documentation" : "

The timestamp when the stage was last updated.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - } - }, - "GetStagesRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "required" : [ "ApiId" ] - }, - "GetStagesResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfStage", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetTagsRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "

The resource ARN for the tag.

" - } - }, - "required" : [ "ResourceArn" ] - }, - "GetTagsResponse" : { - "type" : "structure", - "members" : { - "Tags" : { - "shape" : "Tags", + "shapes": { + "AccessDeniedException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message" + } + }, + "exception": true, + "error": { + "httpStatusCode": 403 + } + }, + "AccessLogSettings": { + "type": "structure", + "members": { + "DestinationArn": { + "shape": "Arn", + "locationName": "destinationArn", + "documentation": "

The ARN of the CloudWatch Logs log group to receive access logs.

" + }, + "Format": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "format", + "documentation": "

A single line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.

" + } + }, + "documentation": "

Settings for logging access in a stage.

" + }, + "Api": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + }, + "documentation": "

Represents an API.

", + "required": [ + "RouteSelectionExpression", + "Name", + "ProtocolType" + ] + }, + "ApiMapping": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingId": { + "shape": "Id", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + }, + "documentation": "

Represents an API mapping.

", + "required": [ + "Stage", + "ApiId" + ] + }, + "ApiMappings": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfApiMapping", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of ApiMappings resources.

" + }, + "Apis": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfApi", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of APIs.

" + }, + "Arn": { + "type": "string", + "documentation": "

Represents an Amazon Resource Name (ARN).

" + }, + "AuthorizationScopes": { + "type": "list", + "documentation": "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

", + "member": { + "shape": "StringWithLengthBetween1And64" + } + }, + "AuthorizationType": { + "type": "string", + "documentation": "

The authorization type. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

", + "enum": [ + "NONE", + "AWS_IAM", + "CUSTOM", + "JWT" + ] + }, + "Authorizer": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

The validation expression does not apply to the REQUEST authorizer.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + }, + "documentation": "

Represents an authorizer.

", + "required": [ + "Name" + ] + }, + "AuthorizerType": { + "type": "string", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

", + "enum": [ + "REQUEST", + "JWT" + ] + }, + "Authorizers": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfAuthorizer", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of authorizers.

" + }, + "BadRequestException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

Describes the error encountered.

" + } + }, + "documentation": "

The request is not valid, for example, the input is incomplete or incorrect. See the accompanying error message for details.

", + "exception": true, + "error": { + "httpStatusCode": 400 + } + }, + "ConflictException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

Describes the error encountered.

" + } + }, + "documentation": "

The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request. See the accompanying error message for details.

", + "exception": true, + "error": { + "httpStatusCode": 409 + } + }, + "ConnectionType": { + "type": "string", + "documentation": "

Represents a connection type.

", + "enum": [ + "INTERNET", + "VPC_LINK" + ] + }, + "ContentHandlingStrategy": { + "type": "string", + "documentation": "

Specifies how to handle response payload content type conversions. Supported only for WebSocket APIs.

", + "enum": [ + "CONVERT_TO_BINARY", + "CONVERT_TO_TEXT" + ] + }, + "Cors": { + "type": "structure", + "members": { + "AllowCredentials": { + "shape": "__boolean", + "locationName": "allowCredentials", + "documentation": "

Specifies whether credentials are included in the CORS request. Supported only for HTTP APIs.

" + }, + "AllowHeaders": { + "shape": "CorsHeaderList", + "locationName": "allowHeaders", + "documentation": "

Represents a collection of allowed headers. Supported only for HTTP APIs.

" + }, + "AllowMethods": { + "shape": "CorsMethodList", + "locationName": "allowMethods", + "documentation": "

Represents a collection of allowed HTTP methods. Supported only for HTTP APIs.

" + }, + "AllowOrigins": { + "shape": "CorsOriginList", + "locationName": "allowOrigins", + "documentation": "

Represents a collection of allowed origins. Supported only for HTTP APIs.

" + }, + "ExposeHeaders": { + "shape": "CorsHeaderList", + "locationName": "exposeHeaders", + "documentation": "

Represents a collection of exposed headers. Supported only for HTTP APIs.

" + }, + "MaxAge": { + "shape": "IntegerWithLengthBetweenMinus1And86400", + "locationName": "maxAge", + "documentation": "

The number of seconds that the browser should cache preflight request results. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents a CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" + }, + "CorsHeaderList": { + "type": "list", + "documentation": "

Represents a collection of allowed headers. Supported only for HTTP APIs.

", + "member": { + "shape": "__string" + } + }, + "CorsMethodList": { + "type": "list", + "documentation": "

Represents a collection of methods. Supported only for HTTP APIs.

", + "member": { + "shape": "StringWithLengthBetween1And64" + } + }, + "CorsOriginList": { + "type": "list", + "documentation": "

Represents a collection of origins. Supported only for HTTP APIs.

", + "member": { + "shape": "__string" + } + }, + "CreateApiInput": { + "type": "structure", + "members": { + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. Supported only for HTTP APIs.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

This property is part of quick create. If you don't specify a routeKey, a default route of $default is created. The $default route acts as a catch-all for any request made to your API, for a particular stage. The $default route key can't be modified. You can add routes after creating the API, and you can update the route keys of additional routes. Supported only for HTTP APIs.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + }, + "Target": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "target", + "documentation": "

This property is part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Supported only for HTTP APIs.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + } + }, + "documentation": "

Represents the input parameters for a CreateApi request.

", + "required": [ + "ProtocolType", + "Name" + ] + }, + "CreateApiMappingInput": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "The API mapping key." + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + }, + "documentation": "

Represents the input parameters for a CreateApiMapping request.

", + "required": [ + "Stage", + "ApiId" + ] + }, + "CreateApiMappingRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "The API mapping key." + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + }, + "documentation": "

Creates a new ApiMapping resource to represent an API mapping.

", + "required": [ + "DomainName", + "Stage", + "ApiId" + ] + }, + "CreateApiMappingResponse": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingId": { + "shape": "Id", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + } + }, + "CreateApiRequest": { + "type": "structure", + "members": { + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs. See Configuring CORS for more information.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. Supported only for HTTP APIs.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

This property is part of quick create. If you don't specify a routeKey, a default route of $default is created. The $default route acts as a catch-all for any request made to your API, for a particular stage. The $default route key can't be modified. You can add routes after creating the API, and you can update the route keys of additional routes. Supported only for HTTP APIs.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + }, + "Target": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "target", + "documentation": "

This property is part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Supported only for HTTP APIs.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + } + }, + "documentation": "

Creates a new Api resource to represent an API.

", + "required": [ + "ProtocolType", + "Name" + ] + }, + "CreateApiResponse": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + } + }, + "CreateAuthorizerInput": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

This parameter is not used.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + }, + "documentation": "

Represents the input parameters for a CreateAuthorizer request.

", + "required": [ + "AuthorizerType", + "IdentitySource", + "Name" + ] + }, + "CreateAuthorizerRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

This parameter is not used.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + }, + "documentation": "

Creates a new Authorizer resource to represent an authorizer.

", + "required": [ + "ApiId", + "AuthorizerType", + "IdentitySource", + "Name" + ] + }, + "CreateAuthorizerResponse": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

The validation expression does not apply to the REQUEST authorizer.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + } + }, + "CreateDeploymentInput": { + "type": "structure", + "members": { + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment resource.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the Stage resource for the Deployment resource to create.

" + } + }, + "documentation": "

Represents the input parameters for a CreateDeployment request.

" + }, + "CreateDeploymentRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment resource.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the Stage resource for the Deployment resource to create.

" + } + }, + "documentation": "

Creates a new Deployment resource to represent a deployment.

", + "required": [ + "ApiId" + ] + }, + "CreateDeploymentResponse": { + "type": "structure", + "members": { + "AutoDeployed": { + "shape": "__boolean", + "locationName": "autoDeployed", + "documentation": "

Specifies whether a deployment was automatically released.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The date and time when the Deployment resource was created.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier for the deployment.

" + }, + "DeploymentStatus": { + "shape": "DeploymentStatus", + "locationName": "deploymentStatus", + "documentation": "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" + }, + "DeploymentStatusMessage": { + "shape": "__string", + "locationName": "deploymentStatusMessage", + "documentation": "

May contain additional feedback on the status of an API deployment.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment.

" + } + } + }, + "CreateDomainNameInput": { + "type": "structure", + "members": { + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthenticationInput", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + }, + "documentation": "

Represents the input parameters for a CreateDomainName request.

", + "required": [ + "DomainName" + ] + }, + "CreateDomainNameRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthenticationInput", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + }, + "documentation": "

Creates a new DomainName resource to represent a domain name.

", + "required": [ + "DomainName" + ] + }, + "CreateDomainNameResponse": { + "type": "structure", + "members": { + "ApiMappingSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiMappingSelectionExpression", + "documentation": "

The API mapping selection expression.

" + }, + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The name of the DomainName resource.

" + }, + "DomainNameArn": { + "shape": "Arn", + "locationName": "domainNameArn" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthentication", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + } + }, + "CreateIntegrationInput": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents the input parameters for a CreateIntegration request.

", + "required": [ + "IntegrationType" + ] + }, + "CreateIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Creates a new Integration resource to represent an integration.

", + "required": [ + "ApiId", + "IntegrationType" + ] + }, + "CreateIntegrationResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

Represents the description of an integration.

" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "

Represents the identifier of an integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration. Supported only for WebSocket APIs.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfig", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + } + }, + "CreateIntegrationResponseInput": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" + } + }, + "documentation": "

Represents the input parameters for a CreateIntegrationResponse request.

", + "required": [ + "IntegrationResponseKey" + ] + }, + "CreateIntegrationResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" + } + }, + "documentation": "

Creates a new IntegrationResponse resource to represent an integration response.

", + "required": [ + "ApiId", + "IntegrationId", + "IntegrationResponseKey" + ] + }, + "CreateIntegrationResponseResponse": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expressions for the integration response.

" + } + } + }, + "CreateModelInput": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + }, + "documentation": "

Represents the input parameters for a CreateModel request.

", + "required": [ + "Schema", + "Name" + ] + }, + "CreateModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + }, + "documentation": "

Creates a new Model.

", + "required": [ + "ApiId", + "Schema", + "Name" + ] + }, + "CreateModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "

The model identifier.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + } + }, + "CreateRouteInput": { + "type": "structure", + "members": { + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

The authorization scopes supported by this route.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + }, + "documentation": "

Represents the input parameters for a CreateRoute request.

", + "required": [ + "RouteKey" + ] + }, + "CreateRouteRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

The authorization scopes supported by this route.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + }, + "documentation": "

Creates a new Route resource to represent a route.

", + "required": [ + "ApiId", + "RouteKey" + ] + }, + "CreateRouteResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteId": { + "shape": "Id", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + } + }, + "CreateRouteResponseInput": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

The response models for the route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

The route response parameters.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

The route response key.

" + } + }, + "documentation": "

Represents the input parameters for an CreateRouteResponse request.

", + "required": [ + "RouteResponseKey" + ] + }, + "CreateRouteResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

The response models for the route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

The route response parameters.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

The route response key.

" + } + }, + "documentation": "

Creates a new RouteResponse resource to represent a route response.

", + "required": [ + "ApiId", + "RouteId", + "RouteResponseKey" + ] + }, + "CreateRouteResponseResponse": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

Represents the response models of a route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

Represents the response parameters of a route response.

" + }, + "RouteResponseId": { + "shape": "Id", + "locationName": "routeResponseId", + "documentation": "

Represents the identifier of a route response.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

Represents the route response key of a route response.

" + } + } + }, + "CreateRoutingRuleRequest": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

Represents a routing rule action. The only supported action is invokeApi.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

Represents a condition. Conditions can contain up to two matchHeaders conditions and one matchBasePaths conditions. API Gateway evaluates header conditions and base path conditions together. You can only use AND between header and base path conditions.

" + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "

The domain name ID.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "Represents the priority of the routing rule." + } + }, + "required": [ + "DomainName", + "Actions", + "Priority", + "Conditions" + ] + }, + "CreateRoutingRuleResponse": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

Represents a routing rule action. The only supported action is invokeApi.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

Represents a condition. Conditions can contain up to two matchHeaders conditions and one matchBasePaths conditions. API Gateway evaluates header conditions and base path conditions together. You can only use AND between header and base path conditions.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "

Represents the priority of the routing rule.

" + }, + "RoutingRuleArn": { + "shape": "Arn", + "locationName": "routingRuleArn", + "documentation": "

The ARN of the domain name.

" + }, + "RoutingRuleId": { + "shape": "Id", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + } + }, + "CreateStageInput": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

The default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The deployment identifier of the API stage.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the API stage.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + }, + "documentation": "

Represents the input parameters for a CreateStage request.

", + "required": [ + "StageName" + ] + }, + "CreateStageRequest": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

The default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The deployment identifier of the API stage.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the API stage.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + }, + "documentation": "

Creates a new Stage resource to represent a stage.

", + "required": [ + "ApiId", + "StageName" + ] + }, + "CreateStageResponse": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the stage was created.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

Default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the stage.

" + }, + "LastDeploymentStatusMessage": { + "shape": "__string", + "locationName": "lastDeploymentStatusMessage", + "documentation": "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" + }, + "LastUpdatedDate": { + "shape": "__timestampIso8601", + "locationName": "lastUpdatedDate", + "documentation": "

The timestamp when the stage was last updated.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + } + }, + "CreateVpcLinkInput": { + "type": "structure", + "members": { + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A list of tags.

" + } + }, + "documentation": "

Represents the input parameters for a CreateVpcLink request.

", + "required": [ + "SubnetIds", + "Name" + ] + }, + "CreateVpcLinkRequest": { + "type": "structure", + "members": { + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A list of tags.

" + } + }, + "documentation": "

Creates a VPC link

", + "required": [ + "SubnetIds", + "Name" + ] + }, + "CreateVpcLinkResponse": { + "type": "structure", + "members": { + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the VPC link was created.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

Tags for the VPC link.

" + }, + "VpcLinkId": { + "shape": "Id", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + }, + "VpcLinkStatus": { + "shape": "VpcLinkStatus", + "locationName": "vpcLinkStatus", + "documentation": "

The status of the VPC link.

" + }, + "VpcLinkStatusMessage": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "vpcLinkStatusMessage", + "documentation": "

A message summarizing the cause of the status of the VPC link.

" + }, + "VpcLinkVersion": { + "shape": "VpcLinkVersion", + "locationName": "vpcLinkVersion", + "documentation": "

The version of the VPC link.

" + } + } + }, + "DeleteAccessLogSettingsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" + } + }, + "required": [ + "StageName", + "ApiId" + ] + }, + "DeleteApiMappingRequest": { + "type": "structure", + "members": { + "ApiMappingId": { + "shape": "__string", + "location": "uri", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + } + }, + "required": [ + "ApiMappingId", + "DomainName" + ] + }, + "DeleteApiRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + } + }, + "required": [ + "ApiId" + ] + }, + "DeleteAuthorizerRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AuthorizerId": { + "shape": "__string", + "location": "uri", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + } + }, + "required": [ + "AuthorizerId", + "ApiId" + ] + }, + "DeleteCorsConfigurationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + } + }, + "required": [ + "ApiId" + ] + }, + "DeleteDeploymentRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "DeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "deploymentId", + "documentation": "

The deployment ID.

" + } + }, + "required": [ + "ApiId", + "DeploymentId" + ] + }, + "DeleteDomainNameRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + } + }, + "required": [ + "DomainName" + ] + }, + "DeleteIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + } + }, + "required": [ + "ApiId", + "IntegrationId" + ] + }, + "DeleteIntegrationResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "IntegrationResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + } + }, + "required": [ + "ApiId", + "IntegrationResponseId", + "IntegrationId" + ] + }, + "DeleteModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "

The model ID.

" + } + }, + "required": [ + "ModelId", + "ApiId" + ] + }, + "DeleteRouteRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + } + }, + "required": [ + "ApiId", + "RouteId" + ] + }, + "DeleteRouteRequestParameterRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RequestParameterKey": { + "shape": "__string", + "location": "uri", + "locationName": "requestParameterKey", + "documentation": "

The route request parameter key.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + } + }, + "required": [ + "RequestParameterKey", + "ApiId", + "RouteId" + ] + }, + "DeleteRouteResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "routeResponseId", + "documentation": "

The route response ID.

" + } + }, + "required": [ + "RouteResponseId", + "ApiId", + "RouteId" + ] + }, + "DeleteRouteSettingsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RouteKey": { + "shape": "__string", + "location": "uri", + "locationName": "routeKey", + "documentation": "

The route key.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" + } + }, + "required": [ + "StageName", + "RouteKey", + "ApiId" + ] + }, + "DeleteRoutingRuleRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "

The domain name ID.

" + }, + "RoutingRuleId": { + "shape": "__string", + "location": "uri", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + }, + "required": [ + "RoutingRuleId", + "DomainName" + ] + }, + "DeleteStageRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" + } + }, + "required": [ + "StageName", + "ApiId" + ] + }, + "DeleteVpcLinkRequest": { + "type": "structure", + "members": { + "VpcLinkId": { + "shape": "__string", + "location": "uri", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + } + }, + "required": [ + "VpcLinkId" + ] + }, + "DeleteVpcLinkResponse": { + "type": "structure", + "members": {} + }, + "Deployment": { + "type": "structure", + "members": { + "AutoDeployed": { + "shape": "__boolean", + "locationName": "autoDeployed", + "documentation": "

Specifies whether a deployment was automatically released.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The date and time when the Deployment resource was created.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier for the deployment.

" + }, + "DeploymentStatus": { + "shape": "DeploymentStatus", + "locationName": "deploymentStatus", + "documentation": "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" + }, + "DeploymentStatusMessage": { + "shape": "__string", + "locationName": "deploymentStatusMessage", + "documentation": "

May contain additional feedback on the status of an API deployment.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment.

" + } + }, + "documentation": "

An immutable representation of an API that can be called by users. A Deployment must be associated with a Stage for it to be callable over the internet.

" + }, + "DeploymentStatus": { + "type": "string", + "documentation": "

Represents a deployment status.

", + "enum": [ + "PENDING", + "FAILED", + "DEPLOYED" + ] + }, + "Deployments": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfDeployment", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

A collection resource that contains zero or more references to your existing deployments, and links that guide you on how to interact with your collection. The collection offers a paginated view of the contained deployments.

" + }, + "DomainName": { + "type": "structure", + "members": { + "ApiMappingSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiMappingSelectionExpression", + "documentation": "

The API mapping selection expression.

" + }, + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The name of the DomainName resource.

" + }, + "DomainNameArn": { + "shape": "Arn", + "locationName": "domainNameArn" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthentication", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + }, + "documentation": "

Represents a domain name.

", + "required": [ + "DomainName" + ] + }, + "DomainNameConfiguration": { + "type": "structure", + "members": { + "ApiGatewayDomainName": { + "shape": "__string", + "locationName": "apiGatewayDomainName", + "documentation": "

A domain name for the API.

" + }, + "CertificateArn": { + "shape": "Arn", + "locationName": "certificateArn", + "documentation": "

An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source.

" + }, + "CertificateName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "certificateName", + "documentation": "

The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name.

" + }, + "CertificateUploadDate": { + "shape": "__timestampIso8601", + "locationName": "certificateUploadDate", + "documentation": "

The timestamp when the certificate that was used by edge-optimized endpoint for this domain name was uploaded.

" + }, + "DomainNameStatus": { + "shape": "DomainNameStatus", + "locationName": "domainNameStatus", + "documentation": "

The status of the domain name migration. The valid values are AVAILABLE, UPDATING, PENDING_CERTIFICATE_REIMPORT, and PENDING_OWNERSHIP_VERIFICATION. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

" + }, + "DomainNameStatusMessage": { + "shape": "__string", + "locationName": "domainNameStatusMessage", + "documentation": "

An optional text message containing detailed information about status of the domain name migration.

" + }, + "EndpointType": { + "shape": "EndpointType", + "locationName": "endpointType", + "documentation": "

The endpoint type.

" + }, + "HostedZoneId": { + "shape": "__string", + "locationName": "hostedZoneId", + "documentation": "

The Amazon Route 53 Hosted Zone ID of the endpoint.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the domain name. Use ipv4 to allow only IPv4 addresses to invoke your domain name, or use dualstack to allow both IPv4 and IPv6 addresses to invoke your domain name.

" + }, + "SecurityPolicy": { + "shape": "SecurityPolicy", + "locationName": "securityPolicy", + "documentation": "

The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are TLS_1_0 and TLS_1_2.

" + }, + "OwnershipVerificationCertificateArn": { + "shape": "Arn", + "locationName": "ownershipVerificationCertificateArn", + "documentation": "

The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn

" + } + }, + "documentation": "

The domain name configuration.

" + }, + "DomainNameConfigurations": { + "type": "list", + "documentation": "

The domain name configurations.

", + "member": { + "shape": "DomainNameConfiguration" + } + }, + "DomainNameStatus": { + "type": "string", + "documentation": "

The status of the domain name migration. The valid values are AVAILABLE, UPDATING, PENDING_CERTIFICATE_REIMPORT, and PENDING_OWNERSHIP_VERIFICATION. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

", + "enum": [ + "AVAILABLE", + "UPDATING", + "PENDING_CERTIFICATE_REIMPORT", + "PENDING_OWNERSHIP_VERIFICATION" + ] + }, + "DomainNames": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfDomainName", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of domain names.

" + }, + "EndpointType": { + "type": "string", + "documentation": "

Represents an endpoint type.

", + "enum": [ + "REGIONAL", + "EDGE" + ] + }, + "ExportApiRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ExportVersion": { + "shape": "__string", + "location": "querystring", + "locationName": "exportVersion", + "documentation": "

The version of the API Gateway export algorithm. API Gateway uses the latest version by default. Currently, the only supported version is 1.0.

" + }, + "IncludeExtensions": { + "shape": "__boolean", + "location": "querystring", + "locationName": "includeExtensions", + "documentation": "

Specifies whether to include API Gateway extensions in the exported API definition. API Gateway extensions are included by default.

" + }, + "OutputType": { + "shape": "__string", + "enum": [ + "YAML", + "JSON" + ], + "location": "querystring", + "locationName": "outputType", + "documentation": "

The output type of the exported definition file. Valid values are JSON and YAML.

" + }, + "Specification": { + "shape": "__string", + "enum": [ + "OAS30" + ], + "location": "uri", + "locationName": "specification", + "documentation": "

The version of the API specification to use. OAS30, for OpenAPI 3.0, is the only supported value.

" + }, + "StageName": { + "shape": "__string", + "location": "querystring", + "locationName": "stageName", + "documentation": "

The name of the API stage to export. If you don't specify this property, a representation of the latest API configuration is exported.

" + } + }, + "required": [ + "Specification", + "OutputType", + "ApiId" + ] + }, + "ExportApiResponse": { + "type": "structure", + "members": { + "body": { + "shape": "ExportedApi" + } + }, + "payload": "body" + }, + "ExportedApi": { + "type": "blob", + "documentation": "

Represents an exported definition of an API in a particular output format, for example, YAML. The API is serialized to the requested specification, for example, OpenAPI 3.0.

" + }, + "ResetAuthorizersCacheRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can contain only alphanumeric characters, hyphens, and underscores, or be $default. Maximum length is 128 characters.

" + } + }, + "required": [ + "StageName", + "ApiId" + ] + }, + "GetApiMappingRequest": { + "type": "structure", + "members": { + "ApiMappingId": { + "shape": "__string", + "location": "uri", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + } + }, + "required": [ + "ApiMappingId", + "DomainName" + ] + }, + "GetApiMappingResponse": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingId": { + "shape": "Id", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + } + }, + "GetApiMappingsRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "DomainName" + ] + }, + "GetApiMappingsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfApiMapping", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetApiRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetApiResponse": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + } + }, + "GetApisRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetApisResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfApi", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetAuthorizerRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AuthorizerId": { + "shape": "__string", + "location": "uri", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + } + }, + "required": [ + "AuthorizerId", + "ApiId" + ] + }, + "GetAuthorizerResponse": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

The validation expression does not apply to the REQUEST authorizer.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + } + }, + "GetAuthorizersRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetAuthorizersResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfAuthorizer", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetDeploymentRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "DeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "deploymentId", + "documentation": "

The deployment ID.

" + } + }, + "required": [ + "ApiId", + "DeploymentId" + ] + }, + "GetDeploymentResponse": { + "type": "structure", + "members": { + "AutoDeployed": { + "shape": "__boolean", + "locationName": "autoDeployed", + "documentation": "

Specifies whether a deployment was automatically released.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The date and time when the Deployment resource was created.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier for the deployment.

" + }, + "DeploymentStatus": { + "shape": "DeploymentStatus", + "locationName": "deploymentStatus", + "documentation": "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" + }, + "DeploymentStatusMessage": { + "shape": "__string", + "locationName": "deploymentStatusMessage", + "documentation": "

May contain additional feedback on the status of an API deployment.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment.

" + } + } + }, + "GetDeploymentsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetDeploymentsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfDeployment", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetDomainNameRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + } + }, + "required": [ + "DomainName" + ] + }, + "GetDomainNameResponse": { + "type": "structure", + "members": { + "ApiMappingSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiMappingSelectionExpression", + "documentation": "

The API mapping selection expression.

" + }, + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The name of the DomainName resource.

" + }, + "DomainNameArn": { + "shape": "Arn", + "locationName": "domainNameArn" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthentication", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + } + }, + "GetDomainNamesRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetDomainNamesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfDomainName", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + } + }, + "required": [ + "ApiId", + "IntegrationId" + ] + }, + "GetIntegrationResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

Represents the description of an integration.

" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "

Represents the identifier of an integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration. Supported only for WebSocket APIs.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfig", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + } + }, + "GetIntegrationResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "IntegrationResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + } + }, + "required": [ + "ApiId", + "IntegrationResponseId", + "IntegrationId" + ] + }, + "GetIntegrationResponseResponse": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expressions for the integration response.

" + } + } + }, + "GetIntegrationResponsesRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "IntegrationId", + "ApiId" + ] + }, + "GetIntegrationResponsesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegrationResponse", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetIntegrationsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetIntegrationsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegration", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "

The model ID.

" + } + }, + "required": [ + "ModelId", + "ApiId" + ] + }, + "GetModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "

The model identifier.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + } + }, + "GetModelTemplateRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "

The model ID.

" + } + }, + "required": [ + "ModelId", + "ApiId" + ] + }, + "GetModelTemplateResponse": { + "type": "structure", + "members": { + "Value": { + "shape": "__string", + "locationName": "value", + "documentation": "

The template value.

" + } + } + }, + "GetModelsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetModelsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfModel", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetRouteRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + } + }, + "required": [ + "ApiId", + "RouteId" + ] + }, + "GetRouteResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteId": { + "shape": "Id", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + } + }, + "GetRouteResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "routeResponseId", + "documentation": "

The route response ID.

" + } + }, + "required": [ + "RouteResponseId", + "ApiId", + "RouteId" + ] + }, + "GetRouteResponseResponse": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

Represents the response models of a route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

Represents the response parameters of a route response.

" + }, + "RouteResponseId": { + "shape": "Id", + "locationName": "routeResponseId", + "documentation": "

Represents the identifier of a route response.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

Represents the route response key of a route response.

" + } + } + }, + "GetRouteResponsesRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + } + }, + "required": [ + "RouteId", + "ApiId" + ] + }, + "GetRouteResponsesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfRouteResponse", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetRoutesRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetRoutesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfRoute", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetRoutingRuleRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "

The domain name ID.

" + }, + "RoutingRuleId": { + "shape": "__string", + "location": "uri", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + }, + "required": [ + "RoutingRuleId", + "DomainName" + ] + }, + "GetRoutingRuleResponse": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

The resulting action based on matching a routing rules condition. Only InvokeApi is supported.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

The conditions of the routing rule.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "

The order in which API Gateway evaluates a rule. Priority is evaluated from the lowest value to the highest value.

" + }, + "RoutingRuleArn": { + "shape": "Arn", + "locationName": "routingRuleArn", + "documentation": "

The routing rule ARN.

" + }, + "RoutingRuleId": { + "shape": "Id", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + } + }, + "ListRoutingRulesRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "

The domain name ID.

" + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "DomainName" + ] + }, + "ListRoutingRulesResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken" + }, + "RoutingRules": { + "shape": "__listOfRoutingRule", + "locationName": "routingRules", + "documentation": "

The routing rules.

" + } + } + }, + "GetStageRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.

" + } + }, + "required": [ + "StageName", + "ApiId" + ] + }, + "GetStageResponse": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the stage was created.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

Default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the stage.

" + }, + "LastDeploymentStatusMessage": { + "shape": "__string", + "locationName": "lastDeploymentStatusMessage", + "documentation": "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" + }, + "LastUpdatedDate": { + "shape": "__timestampIso8601", + "locationName": "lastUpdatedDate", + "documentation": "

The timestamp when the stage was last updated.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + } + }, + "GetStagesRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "required": [ + "ApiId" + ] + }, + "GetStagesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfStage", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetTagsRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "

The resource ARN for the tag.

" + } + }, + "required": [ + "ResourceArn" + ] + }, + "GetTagsResponse": { + "type": "structure", + "members": { + "Tags": { + "shape": "Tags", "locationName": "tags" } } }, - "GetVpcLinkRequest" : { - "type" : "structure", - "members" : { - "VpcLinkId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - } - }, - "required" : [ "VpcLinkId" ] - }, - "GetVpcLinkResponse" : { - "type" : "structure", - "members" : { - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the VPC link was created.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

Tags for the VPC link.

" - }, - "VpcLinkId" : { - "shape" : "Id", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - }, - "VpcLinkStatus" : { - "shape" : "VpcLinkStatus", - "locationName" : "vpcLinkStatus", - "documentation" : "

The status of the VPC link.

" - }, - "VpcLinkStatusMessage" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "vpcLinkStatusMessage", - "documentation" : "

A message summarizing the cause of the status of the VPC link.

" - }, - "VpcLinkVersion" : { - "shape" : "VpcLinkVersion", - "locationName" : "vpcLinkVersion", - "documentation" : "

The version of the VPC link.

" - } - } - }, - "GetVpcLinksRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "maxResults", - "documentation" : "

The maximum number of elements to be returned for this resource.

" - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "GetVpcLinksResponse" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfVpcLink", - "locationName" : "items", - "documentation" : "

A collection of VPC links.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - } - }, - "Id" : { - "type" : "string", - "documentation" : "

The identifier.

" - }, - "IdentitySourceList" : { - "type" : "list", - "documentation" : "

The identity source for which authorization is requested. For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is $method.request.header.Auth, $method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

", - "member" : { - "shape" : "__string" - } - }, - "ImportApiInput" : { - "type" : "structure", - "members" : { - "Body" : { - "shape" : "__string", - "locationName" : "body", - "documentation" : "

The OpenAPI definition. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents the input to ImportAPI. Supported only for HTTP APIs.

", - "required" : [ "Body" ] - }, - "ImportApiRequest" : { - "type" : "structure", - "members" : { - "Basepath" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "basepath", - "documentation" : "

Specifies how to interpret the base path of the API during import. Valid values are ignore, prepend, and split. The default value is ignore. To learn more, see Set the OpenAPI basePath Property. Supported only for HTTP APIs.

" - }, - "Body" : { - "shape" : "__string", - "locationName" : "body", - "documentation" : "

The OpenAPI definition. Supported only for HTTP APIs.

" - }, - "FailOnWarnings" : { - "shape" : "__boolean", - "location" : "querystring", - "locationName" : "failOnWarnings", - "documentation" : "

Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered.

" - } - }, - "documentation" : "

", - "required" : [ "Body" ] - }, - "ImportApiResponse" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - } - }, - "IntegerWithLengthBetween0And3600" : { - "type" : "integer", - "documentation" : "

An integer with a value between [0-3600].

", - "min" : 0, - "max" : 3600 - }, - "IntegerWithLengthBetween50And30000" : { - "type" : "integer", - "documentation" : "

An integer with a value between [50-30000].

", - "min" : 50, - "max" : 30000 - }, - "IntegerWithLengthBetweenMinus1And86400" : { - "type" : "integer", - "documentation" : "

An integer with a value between -1 and 86400. Supported only for HTTP APIs.

", - "min" : -1, - "max" : 86400 - }, - "Integration" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

Represents the description of an integration.

" - }, - "IntegrationId" : { - "shape" : "Id", - "locationName" : "integrationId", - "documentation" : "

Represents the identifier of an integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "integrationResponseSelectionExpression", - "documentation" : "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration. Supported only for WebSocket APIs.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfig", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents an integration.

" - }, - "IntegrationParameters" : { - "type" : "map", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "StringWithLengthBetween1And512" - } - }, - "IntegrationResponse" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseId" : { - "shape" : "Id", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expressions for the integration response.

" - } - }, - "documentation" : "

Represents an integration response.

", - "required" : [ "IntegrationResponseKey" ] - }, - "IntegrationResponses" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfIntegrationResponse", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of integration responses.

" - }, - "IntegrationType" : { - "type" : "string", - "documentation" : "

Represents an API method integration type.

", - "enum" : [ "AWS", "HTTP", "MOCK", "HTTP_PROXY", "AWS_PROXY" ] - }, - "Integrations" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfIntegration", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of integrations.

" - }, - "JWTConfiguration" : { - "type" : "structure", - "members" : { - "Audience" : { - "shape" : "__listOf__string", - "locationName" : "audience", - "documentation" : "

A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. See RFC 7519. Supported only for HTTP APIs.

" - }, - "Issuer" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "issuer", - "documentation" : "

The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: https://cognito-idp.{region}.amazonaws.com/{userPoolId}\n . Required for the JWT authorizer type. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "LimitExceededException" : { - "type" : "structure", - "members" : { - "LimitType" : { - "shape" : "__string", - "locationName" : "limitType", - "documentation" : "

The limit type.

" - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

Describes the error encountered.

" - } - }, - "documentation" : "

A limit has been exceeded. See the accompanying error message for details.

" - }, - "LoggingLevel" : { - "type" : "string", - "documentation" : "

The logging level.

", - "enum" : [ "ERROR", "INFO", "OFF" ] - }, - "Model" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "ModelId" : { - "shape" : "Id", - "locationName" : "modelId", - "documentation" : "

The model identifier.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - }, - "documentation" : "

Represents a data model for an API. Supported only for WebSocket APIs. See Create Models and Mapping Templates for Request and Response Mappings.

", - "required" : [ "Name" ] - }, - "Models" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfModel", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of data models. See Create Models and Mapping Templates for Request and Response Mappings.

" - }, - "MutualTlsAuthentication" : { - "type" : "structure", - "members" : { - "TruststoreUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "truststoreUri", - "documentation" : "

An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

" - }, - "TruststoreVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "truststoreVersion", - "documentation" : "

The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

" - }, - "TruststoreWarnings" : { - "shape" : "__listOf__string", - "locationName" : "truststoreWarnings", - "documentation" : "

A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

" - } - } - }, - "MutualTlsAuthenticationInput" : { - "type" : "structure", - "members" : { - "TruststoreUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "truststoreUri", - "documentation" : "

An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

" - }, - "TruststoreVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "truststoreVersion", - "documentation" : "

The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

" - } - } - }, - "NextToken" : { - "type" : "string", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - }, - "NotFoundException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

Describes the error encountered.

" - }, - "ResourceType" : { - "shape" : "__string", - "locationName" : "resourceType", - "documentation" : "

The resource type.

" - } - }, - "documentation" : "

The resource specified in the request was not found. See the message field for more information.

", - "exception" : true, - "error" : { - "httpStatusCode" : 404 - } - }, - "ParameterConstraints" : { - "type" : "structure", - "members" : { - "Required" : { - "shape" : "__boolean", - "locationName" : "required", - "documentation" : "

Whether or not the parameter is required.

" - } - }, - "documentation" : "

Validation constraints imposed on parameters of a request (path, query string, headers).

" - }, - "PassthroughBehavior" : { - "type" : "string", - "documentation" : "

Represents passthrough behavior for an integration response. Supported only for WebSocket APIs.

", - "enum" : [ "WHEN_NO_MATCH", "NEVER", "WHEN_NO_TEMPLATES" ] - }, - "ProtocolType" : { - "type" : "string", - "documentation" : "Represents a protocol type.", - "enum" : [ "WEBSOCKET", "HTTP" ] - }, - "ReimportApiInput" : { - "type" : "structure", - "members" : { - "Body" : { - "shape" : "__string", - "locationName" : "body", - "documentation" : "

The OpenAPI definition. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Overwrites the configuration of an existing API using the provided definition. Supported only for HTTP APIs.

", - "required" : [ "Body" ] - }, - "ReimportApiRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "Basepath" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "basepath", - "documentation" : "

Specifies how to interpret the base path of the API during import. Valid values are ignore, prepend, and split. The default value is ignore. To learn more, see Set the OpenAPI basePath Property. Supported only for HTTP APIs.

" - }, - "Body" : { - "shape" : "__string", - "locationName" : "body", - "documentation" : "

The OpenAPI definition. Supported only for HTTP APIs.

" - }, - "FailOnWarnings" : { - "shape" : "__boolean", - "location" : "querystring", - "locationName" : "failOnWarnings", - "documentation" : "

Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered.

" - } - }, - "documentation" : "

", - "required" : [ "ApiId", "Body" ] - }, - "ReimportApiResponse" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - } - }, - "ResponseParameters" : { - "type" : "map", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "IntegrationParameters" - } - }, - "Route" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteId" : { - "shape" : "Id", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - }, - "documentation" : "

Represents a route.

", - "required" : [ "RouteKey" ] - }, - "RouteModels" : { - "type" : "map", - "documentation" : "

The route models.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "StringWithLengthBetween1And128" - } - }, - "RouteParameters" : { - "type" : "map", - "documentation" : "

The route parameters.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "ParameterConstraints" - } - }, - "RouteResponse" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

Represents the response models of a route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

Represents the response parameters of a route response.

" - }, - "RouteResponseId" : { - "shape" : "Id", - "locationName" : "routeResponseId", - "documentation" : "

Represents the identifier of a route response.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

Represents the route response key of a route response.

" - } - }, - "documentation" : "

Represents a route response.

", - "required" : [ "RouteResponseKey" ] - }, - "RouteResponses" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfRouteResponse", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of route responses.

" - }, - "RouteSettings" : { - "type" : "structure", - "members" : { - "DataTraceEnabled" : { - "shape" : "__boolean", - "locationName" : "dataTraceEnabled", - "documentation" : "

Specifies whether (true) or not (false) data trace logging is enabled for this route. This property affects the log entries pushed to Amazon CloudWatch Logs. Supported only for WebSocket APIs.

" - }, - "DetailedMetricsEnabled" : { - "shape" : "__boolean", - "locationName" : "detailedMetricsEnabled", - "documentation" : "

Specifies whether detailed metrics are enabled.

" - }, - "LoggingLevel" : { - "shape" : "LoggingLevel", - "locationName" : "loggingLevel", - "documentation" : "

Specifies the logging level for this route: INFO, ERROR, or OFF. This property affects the log entries pushed to Amazon CloudWatch Logs. Supported only for WebSocket APIs.

" - }, - "ThrottlingBurstLimit" : { - "shape" : "__integer", - "locationName" : "throttlingBurstLimit", - "documentation" : "

Specifies the throttling burst limit.

" - }, - "ThrottlingRateLimit" : { - "shape" : "__double", - "locationName" : "throttlingRateLimit", - "documentation" : "

Specifies the throttling rate limit.

" - } - }, - "documentation" : "

Represents a collection of route settings.

" - }, - "RouteSettingsMap" : { - "type" : "map", - "documentation" : "

The route settings map.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "RouteSettings" - } - }, - "Routes" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfRoute", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of routes.

" - }, - "SecurityGroupIdList" : { - "type" : "list", - "documentation" : "

A list of security group IDs for the VPC link.

", - "member" : { - "shape" : "__string" - } - }, - "SecurityPolicy" : { - "type" : "string", - "documentation" : "

The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are TLS_1_0 and TLS_1_2.

", - "enum" : [ "TLS_1_0", "TLS_1_2" ] - }, - "SelectionExpression" : { - "type" : "string", - "documentation" : "

An expression used to extract information at runtime. See Selection Expressions for more information.

" - }, - "SelectionKey" : { - "type" : "string", - "documentation" : "

After evaluating a selection expression, the result is compared against one or more selection keys to find a matching key. See Selection Expressions for a list of expressions and each expression's associated selection key type.

" - }, - "Stage" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the stage was created.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

Default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the stage.

" - }, - "LastDeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "lastDeploymentStatusMessage", - "documentation" : "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" - }, - "LastUpdatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "lastUpdatedDate", - "documentation" : "

The timestamp when the stage was last updated.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - }, - "documentation" : "

Represents an API stage.

", - "required" : [ "StageName" ] - }, - "StageVariablesMap" : { - "type" : "map", - "documentation" : "

The stage variable map.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "StringWithLengthBetween0And2048" - } - }, - "Stages" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfStage", - "locationName" : "items", - "documentation" : "

The elements from this collection.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

A collection of Stage resources that are associated with the ApiKey resource.

" - }, - "StringWithLengthBetween0And1024" : { - "type" : "string", - "documentation" : "

A string with a length between [0-1024].

" - }, - "StringWithLengthBetween0And2048" : { - "type" : "string", - "documentation" : "

A string with a length between [0-2048].

" - }, - "StringWithLengthBetween0And32K" : { - "type" : "string", - "documentation" : "

A string with a length between [0-32768].

" - }, - "StringWithLengthBetween1And1024" : { - "type" : "string", - "documentation" : "

A string with a length between [1-1024].

" - }, - "StringWithLengthBetween1And128" : { - "type" : "string", - "documentation" : "

A string with a length between [1-128].

" - }, - "StringWithLengthBetween1And1600" : { - "type" : "string", - "documentation" : "

A string with a length between [0-1600].

" - }, - "StringWithLengthBetween1And256" : { - "type" : "string", - "documentation" : "

A string with a length between [1-256].

" - }, - "StringWithLengthBetween1And512" : { - "type" : "string", - "documentation" : "

A string with a length between [1-512].

" - }, - "StringWithLengthBetween1And64" : { - "type" : "string", - "documentation" : "

A string with a length between [1-64].

" - }, - "SubnetIdList" : { - "type" : "list", - "documentation" : "

A list of subnet IDs to include in the VPC link.

", - "member" : { - "shape" : "__string" - } - }, - "TagResourceInput" : { - "type" : "structure", - "members" : { - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - }, - "documentation" : "

Represents the input parameters for a TagResource request.

" - }, - "TagResourceRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "

The resource ARN for the tag.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - }, - "documentation" : "

Creates a new Tag resource to represent a tag.

", - "required" : [ "ResourceArn" ] - }, - "TagResourceResponse" : { - "type" : "structure", - "members" : { } - }, - "Tags" : { - "type" : "map", - "documentation" : "

Represents a collection of tags associated with the resource.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "StringWithLengthBetween1And1600" - } - }, - "Template" : { - "type" : "structure", - "members" : { - "Value" : { - "shape" : "__string", - "locationName" : "value", - "documentation" : "

The template value.

" - } - }, - "documentation" : "

Represents a template.

" - }, - "TemplateMap" : { - "type" : "map", - "documentation" : "

A mapping of identifier keys to templates. The value is an actual template script. The key is typically a SelectionKey which is chosen based on evaluating a selection expression.

", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "StringWithLengthBetween0And32K" - } - }, - "TlsConfig" : { - "type" : "structure", - "members" : { - "ServerNameToVerify" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "serverNameToVerify", - "documentation" : "

If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.

" - } - }, - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - }, - "TlsConfigInput" : { - "type" : "structure", - "members" : { - "ServerNameToVerify" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "serverNameToVerify", - "documentation" : "

If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.

" - } - }, - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - }, - "TooManyRequestsException" : { - "type" : "structure", - "members" : { - "LimitType" : { - "shape" : "__string", - "locationName" : "limitType", - "documentation" : "

The limit type.

" - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

Describes the error encountered.

" - } - }, - "documentation" : "

A limit has been exceeded. See the accompanying error message for details.

", - "exception" : true, - "error" : { - "httpStatusCode" : 429 - } - }, - "UntagResourceRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "

The resource ARN for the tag.

" - }, - "TagKeys" : { - "shape" : "__listOf__string", - "location" : "querystring", - "locationName" : "tagKeys", - "documentation" : "

The Tag keys to delete

" - } - }, - "required" : [ "ResourceArn", "TagKeys" ] - }, - "UpdateApiInput" : { - "type" : "structure", - "members" : { - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. If provided, this value replaces the credentials associated with the quick create integration. Supported only for HTTP APIs.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

This property is part of quick create. If not specified, the route created using quick create is kept. Otherwise, this value replaces the route key of the quick create route. Additional routes may still be added after the API is updated. Supported only for HTTP APIs.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Target" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "target", - "documentation" : "

This property is part of quick create. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. The value provided updates the integration URI and integration type. You can update a quick-created target, but you can't remove it from an API. Supported only for HTTP APIs.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateApi request.

" - }, - "UpdateApiMappingInput" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateApiMapping request.

" - }, - "UpdateApiMappingRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - }, - "documentation" : "

Updates an ApiMapping.

", - "required" : [ "ApiMappingId", "ApiId", "DomainName" ] - }, - "UpdateApiMappingResponse" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiMappingId" : { - "shape" : "Id", - "locationName" : "apiMappingId", - "documentation" : "

The API mapping identifier.

" - }, - "ApiMappingKey" : { - "shape" : "SelectionKey", - "locationName" : "apiMappingKey", - "documentation" : "

The API mapping key.

" - }, - "Stage" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stage", - "documentation" : "

The API stage.

" - } - } - }, - "UpdateApiRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, don't specify this parameter. Currently, this property is not used for HTTP integrations. If provided, this value replaces the credentials associated with the quick create integration. Supported only for HTTP APIs.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

This property is part of quick create. If not specified, the route created using quick create is kept. Otherwise, this value replaces the route key of the quick create route. Additional routes may still be added after the API is updated. Supported only for HTTP APIs.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Target" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "target", - "documentation" : "

This property is part of quick create. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. The value provided updates the integration URI and integration type. You can update a quick-created target, but you can't remove it from an API. Supported only for HTTP APIs.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - } - }, - "documentation" : "

Updates an Api.

", - "required" : [ "ApiId" ] - }, - "UpdateApiResponse" : { - "type" : "structure", - "members" : { - "ApiEndpoint" : { - "shape" : "__string", - "locationName" : "apiEndpoint", - "documentation" : "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" - }, - "ApiId" : { - "shape" : "Id", - "locationName" : "apiId", - "documentation" : "

The API ID.

" - }, - "ApiKeySelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiKeySelectionExpression", - "documentation" : "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" - }, - "CorsConfiguration" : { - "shape" : "Cors", - "locationName" : "corsConfiguration", - "documentation" : "

A CORS configuration. Supported only for HTTP APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the API was created.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the API.

" - }, - "DisableSchemaValidation" : { - "shape" : "__boolean", - "locationName" : "disableSchemaValidation", - "documentation" : "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" - }, - "DisableExecuteApiEndpoint" : { - "shape" : "__boolean", - "locationName" : "disableExecuteApiEndpoint", - "documentation" : "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" - }, - "ImportInfo" : { - "shape" : "__listOf__string", - "locationName" : "importInfo", - "documentation" : "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the API.

" - }, - "ProtocolType" : { - "shape" : "ProtocolType", - "locationName" : "protocolType", - "documentation" : "

The API protocol.

" - }, - "RouteSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeSelectionExpression", - "documentation" : "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

A collection of tags associated with the API.

" - }, - "Version" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "version", - "documentation" : "

A version identifier for the API.

" - }, - "Warnings" : { - "shape" : "__listOf__string", - "locationName" : "warnings", - "documentation" : "

The warning messages reported when failonwarnings is turned on during API import.

" - } - } - }, - "UpdateAuthorizerInput" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

This parameter is not used.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - }, - "documentation" : "

The input parameters for an UpdateAuthorizer request.

" - }, - "UpdateAuthorizerRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter.

" - }, - "AuthorizerId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

This parameter is not used.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - }, - "documentation" : "

Updates an Authorizer.

", - "required" : [ "AuthorizerId", "ApiId" ] - }, - "UpdateAuthorizerResponse" : { - "type" : "structure", - "members" : { - "AuthorizerCredentialsArn" : { - "shape" : "Arn", - "locationName" : "authorizerCredentialsArn", - "documentation" : "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The authorizer identifier.

" - }, - "AuthorizerPayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "authorizerPayloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" - }, - "AuthorizerResultTtlInSeconds" : { - "shape" : "IntegerWithLengthBetween0And3600", - "locationName" : "authorizerResultTtlInSeconds", - "documentation" : "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" - }, - "AuthorizerType" : { - "shape" : "AuthorizerType", - "locationName" : "authorizerType", - "documentation" : "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" - }, - "AuthorizerUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "authorizerUri", - "documentation" : "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" - }, - "EnableSimpleResponses" : { - "shape" : "__boolean", - "locationName" : "enableSimpleResponses", - "documentation" : "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" - }, - "IdentitySource" : { - "shape" : "IdentitySourceList", - "locationName" : "identitySource", - "documentation" : "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" - }, - "IdentityValidationExpression" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "identityValidationExpression", - "documentation" : "

The validation expression does not apply to the REQUEST authorizer.

" - }, - "JwtConfiguration" : { - "shape" : "JWTConfiguration", - "locationName" : "jwtConfiguration", - "documentation" : "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the authorizer.

" - } - } - }, - "UpdateDeploymentInput" : { - "type" : "structure", - "members" : { - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment resource.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateDeployment request.

" - }, - "UpdateDeploymentRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "DeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "deploymentId", - "documentation" : "

The deployment ID.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment resource.

" - } - }, - "documentation" : "

Updates a Deployment.

", - "required" : [ "ApiId", "DeploymentId" ] - }, - "UpdateDeploymentResponse" : { - "type" : "structure", - "members" : { - "AutoDeployed" : { - "shape" : "__boolean", - "locationName" : "autoDeployed", - "documentation" : "

Specifies whether a deployment was automatically released.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The date and time when the Deployment resource was created.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier for the deployment.

" - }, - "DeploymentStatus" : { - "shape" : "DeploymentStatus", - "locationName" : "deploymentStatus", - "documentation" : "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" - }, - "DeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "deploymentStatusMessage", - "documentation" : "

May contain additional feedback on the status of an API deployment.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the deployment.

" - } - } - }, - "UpdateDomainNameInput" : { - "type" : "structure", - "members" : { - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthenticationInput", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateDomainName request.

" - }, - "UpdateDomainNameRequest" : { - "type" : "structure", - "members" : { - "DomainName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "domainName", - "documentation" : "

The domain name.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthenticationInput", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - } - }, - "documentation" : "

Updates a DomainName.

", - "required" : [ "DomainName" ] - }, - "UpdateDomainNameResponse" : { - "type" : "structure", - "members" : { - "ApiMappingSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "apiMappingSelectionExpression", - "documentation" : "

The API mapping selection expression.

" - }, - "DomainName" : { - "shape" : "StringWithLengthBetween1And512", - "locationName" : "domainName", - "documentation" : "

The name of the DomainName resource.

" - }, - "DomainNameConfigurations" : { - "shape" : "DomainNameConfigurations", - "locationName" : "domainNameConfigurations", - "documentation" : "

The domain name configurations.

" - }, - "MutualTlsAuthentication" : { - "shape" : "MutualTlsAuthentication", - "locationName" : "mutualTlsAuthentication", - "documentation" : "

The mutual TLS authentication configuration for a custom domain name.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags associated with a domain name.

" - } - } - }, - "UpdateIntegrationInput" : { - "type" : "structure", - "members" : { - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the integration

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfigInput", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateIntegration request.

" - }, - "UpdateIntegrationRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the integration

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfigInput", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - }, - "documentation" : "

Updates an Integration.

", - "required" : [ "ApiId", "IntegrationId" ] - }, - "UpdateIntegrationResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" - }, - "ConnectionId" : { - "shape" : "StringWithLengthBetween1And1024", - "locationName" : "connectionId", - "documentation" : "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" - }, - "ConnectionType" : { - "shape" : "ConnectionType", - "locationName" : "connectionType", - "documentation" : "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "CredentialsArn" : { - "shape" : "Arn", - "locationName" : "credentialsArn", - "documentation" : "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

Represents the description of an integration.

" - }, - "IntegrationId" : { - "shape" : "Id", - "locationName" : "integrationId", - "documentation" : "

Represents the identifier of an integration.

" - }, - "IntegrationMethod" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "integrationMethod", - "documentation" : "

Specifies the integration's HTTP method type.

" - }, - "IntegrationResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "integrationResponseSelectionExpression", - "documentation" : "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" - }, - "IntegrationSubtype" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "integrationSubtype", - "documentation" : "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" - }, - "IntegrationType" : { - "shape" : "IntegrationType", - "locationName" : "integrationType", - "documentation" : "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" - }, - "IntegrationUri" : { - "shape" : "UriWithLengthBetween1And2048", - "locationName" : "integrationUri", - "documentation" : "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" - }, - "PassthroughBehavior" : { - "shape" : "PassthroughBehavior", - "locationName" : "passthroughBehavior", - "documentation" : "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" - }, - "PayloadFormatVersion" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "payloadFormatVersion", - "documentation" : "

Specifies the format of the payload sent to an integration. Required for HTTP APIs.

" - }, - "RequestParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "requestParameters", - "documentation" : "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "RequestTemplates" : { - "shape" : "TemplateMap", - "locationName" : "requestTemplates", - "documentation" : "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" - }, - "ResponseParameters" : { - "shape" : "ResponseParameters", - "locationName" : "responseParameters", - "documentation" : "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration. Supported only for WebSocket APIs.

" - }, - "TimeoutInMillis" : { - "shape" : "IntegerWithLengthBetween50And30000", - "locationName" : "timeoutInMillis", - "documentation" : "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" - }, - "TlsConfig" : { - "shape" : "TlsConfig", - "locationName" : "tlsConfig", - "documentation" : "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" - } - } - }, - "UpdateIntegrationResponseInput" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}\n , where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name}\n or integration.response.body.{JSON-expression}\n , where \n {name}\n is a valid and unique response header name and \n {JSON-expression}\n is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateIntegrationResponse request.

" - }, - "UpdateIntegrationResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationId", - "documentation" : "

The integration ID.

" - }, - "IntegrationResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}\n , where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name}\n or integration.response.body.{JSON-expression}\n , where \n {name}\n is a valid and unique response header name and \n {JSON-expression}\n is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" - } - }, - "documentation" : "

Updates an IntegrationResponses.

", - "required" : [ "ApiId", "IntegrationResponseId", "IntegrationId" ] - }, - "UpdateIntegrationResponseResponse" : { - "type" : "structure", - "members" : { - "ContentHandlingStrategy" : { - "shape" : "ContentHandlingStrategy", - "locationName" : "contentHandlingStrategy", - "documentation" : "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" - }, - "IntegrationResponseId" : { - "shape" : "Id", - "locationName" : "integrationResponseId", - "documentation" : "

The integration response ID.

" - }, - "IntegrationResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "integrationResponseKey", - "documentation" : "

The integration response key.

" - }, - "ResponseParameters" : { - "shape" : "IntegrationParameters", - "locationName" : "responseParameters", - "documentation" : "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" - }, - "ResponseTemplates" : { - "shape" : "TemplateMap", - "locationName" : "responseTemplates", - "documentation" : "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" - }, - "TemplateSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "templateSelectionExpression", - "documentation" : "

The template selection expressions for the integration response.

" - } - } - }, - "UpdateModelInput" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateModel request. Supported only for WebSocket APIs.

" - }, - "UpdateModelRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "ModelId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "modelId", - "documentation" : "

The model ID.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - }, - "documentation" : "

Updates a Model.

", - "required" : [ "ModelId", "ApiId" ] - }, - "UpdateModelResponse" : { - "type" : "structure", - "members" : { - "ContentType" : { - "shape" : "StringWithLengthBetween1And256", - "locationName" : "contentType", - "documentation" : "

The content-type for the model, for example, \"application/json\".

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the model.

" - }, - "ModelId" : { - "shape" : "Id", - "locationName" : "modelId", - "documentation" : "

The model identifier.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the model. Must be alphanumeric.

" - }, - "Schema" : { - "shape" : "StringWithLengthBetween0And32K", - "locationName" : "schema", - "documentation" : "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" - } - } - }, - "UpdateRouteInput" : { - "type" : "structure", - "members" : { - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

The authorization scopes supported by this route.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateRoute request.

" - }, - "UpdateRouteRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

The authorization scopes supported by this route.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - }, - "documentation" : "

Updates a Route.

", - "required" : [ "ApiId", "RouteId" ] - }, - "UpdateRouteResult" : { - "type" : "structure", - "members" : { - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" - }, - "ApiKeyRequired" : { - "shape" : "__boolean", - "locationName" : "apiKeyRequired", - "documentation" : "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" - }, - "AuthorizationScopes" : { - "shape" : "AuthorizationScopes", - "locationName" : "authorizationScopes", - "documentation" : "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" - }, - "AuthorizationType" : { - "shape" : "AuthorizationType", - "locationName" : "authorizationType", - "documentation" : "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" - }, - "AuthorizerId" : { - "shape" : "Id", - "locationName" : "authorizerId", - "documentation" : "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route. Supported only for WebSocket APIs.

" - }, - "OperationName" : { - "shape" : "StringWithLengthBetween1And64", - "locationName" : "operationName", - "documentation" : "

The operation name for the route.

" - }, - "RequestModels" : { - "shape" : "RouteModels", - "locationName" : "requestModels", - "documentation" : "

The request models for the route. Supported only for WebSocket APIs.

" - }, - "RequestParameters" : { - "shape" : "RouteParameters", - "locationName" : "requestParameters", - "documentation" : "

The request parameters for the route. Supported only for WebSocket APIs.

" - }, - "RouteId" : { - "shape" : "Id", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteKey" : { - "shape" : "SelectionKey", - "locationName" : "routeKey", - "documentation" : "

The route key for the route.

" - }, - "RouteResponseSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "routeResponseSelectionExpression", - "documentation" : "

The route response selection expression for the route. Supported only for WebSocket APIs.

" - }, - "Target" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "target", - "documentation" : "

The target for the route.

" - } - } - }, - "UpdateRouteResponseInput" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

The response models for the route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

The route response parameters.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

The route response key.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateRouteResponse request.

" - }, - "UpdateRouteResponseRequest" : { - "type" : "structure", - "members" : { - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

The model selection expression for the route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

The response models for the route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

The route response parameters.

" - }, - "RouteId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeId", - "documentation" : "

The route ID.

" - }, - "RouteResponseId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "routeResponseId", - "documentation" : "

The route response ID.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

The route response key.

" - } - }, - "documentation" : "

Updates a RouteResponse.

", - "required" : [ "RouteResponseId", "ApiId", "RouteId" ] - }, - "UpdateRouteResponseResponse" : { - "type" : "structure", - "members" : { - "ModelSelectionExpression" : { - "shape" : "SelectionExpression", - "locationName" : "modelSelectionExpression", - "documentation" : "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" - }, - "ResponseModels" : { - "shape" : "RouteModels", - "locationName" : "responseModels", - "documentation" : "

Represents the response models of a route response.

" - }, - "ResponseParameters" : { - "shape" : "RouteParameters", - "locationName" : "responseParameters", - "documentation" : "

Represents the response parameters of a route response.

" - }, - "RouteResponseId" : { - "shape" : "Id", - "locationName" : "routeResponseId", - "documentation" : "

Represents the identifier of a route response.

" - }, - "RouteResponseKey" : { - "shape" : "SelectionKey", - "locationName" : "routeResponseKey", - "documentation" : "

Represents the route response key of a route response.

" - } - } - }, - "UpdateStageInput" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

The default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The deployment identifier for the API stage. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the API stage.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateStage request.

" - }, - "UpdateStageRequest" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "apiId", - "documentation" : "

The API identifier.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

The default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The deployment identifier for the API stage. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description for the API stage.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage.

" - }, - "StageName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "stageName", - "documentation" : "

The stage name. Stage names can contain only alphanumeric characters, hyphens, and underscores, or be $default. Maximum length is 128 characters.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - } - }, - "documentation" : "

Updates a Stage.

", - "required" : [ "StageName", "ApiId" ] - }, - "UpdateStageResponse" : { - "type" : "structure", - "members" : { - "AccessLogSettings" : { - "shape" : "AccessLogSettings", - "locationName" : "accessLogSettings", - "documentation" : "

Settings for logging access in this stage.

" - }, - "ApiGatewayManaged" : { - "shape" : "__boolean", - "locationName" : "apiGatewayManaged", - "documentation" : "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" - }, - "AutoDeploy" : { - "shape" : "__boolean", - "locationName" : "autoDeploy", - "documentation" : "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" - }, - "ClientCertificateId" : { - "shape" : "Id", - "locationName" : "clientCertificateId", - "documentation" : "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" - }, - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the stage was created.

" - }, - "DefaultRouteSettings" : { - "shape" : "RouteSettings", - "locationName" : "defaultRouteSettings", - "documentation" : "

Default route settings for the stage.

" - }, - "DeploymentId" : { - "shape" : "Id", - "locationName" : "deploymentId", - "documentation" : "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" - }, - "Description" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "description", - "documentation" : "

The description of the stage.

" - }, - "LastDeploymentStatusMessage" : { - "shape" : "__string", - "locationName" : "lastDeploymentStatusMessage", - "documentation" : "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" - }, - "LastUpdatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "lastUpdatedDate", - "documentation" : "

The timestamp when the stage was last updated.

" - }, - "RouteSettings" : { - "shape" : "RouteSettingsMap", - "locationName" : "routeSettings", - "documentation" : "

Route settings for the stage, by routeKey.

" - }, - "StageName" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "stageName", - "documentation" : "

The name of the stage.

" - }, - "StageVariables" : { - "shape" : "StageVariablesMap", - "locationName" : "stageVariables", - "documentation" : "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

The collection of tags. Each tag element is associated with a given resource.

" - } - } - }, - "UpdateVpcLinkInput" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - } - }, - "documentation" : "

Represents the input parameters for an UpdateVpcLink request.

" - }, - "UpdateVpcLinkRequest" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "VpcLinkId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - } - }, - "documentation" : "

Updates a VPC link.

", - "required" : [ "VpcLinkId" ] - }, - "UpdateVpcLinkResponse" : { - "type" : "structure", - "members" : { - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the VPC link was created.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

Tags for the VPC link.

" - }, - "VpcLinkId" : { - "shape" : "Id", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - }, - "VpcLinkStatus" : { - "shape" : "VpcLinkStatus", - "locationName" : "vpcLinkStatus", - "documentation" : "

The status of the VPC link.

" - }, - "VpcLinkStatusMessage" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "vpcLinkStatusMessage", - "documentation" : "

A message summarizing the cause of the status of the VPC link.

" - }, - "VpcLinkVersion" : { - "shape" : "VpcLinkVersion", - "locationName" : "vpcLinkVersion", - "documentation" : "

The version of the VPC link.

" - } - } - }, - "UriWithLengthBetween1And2048" : { - "type" : "string", - "documentation" : "

A string representation of a URI with a length between [1-2048].

" - }, - "VpcLink" : { - "type" : "structure", - "members" : { - "CreatedDate" : { - "shape" : "__timestampIso8601", - "locationName" : "createdDate", - "documentation" : "

The timestamp when the VPC link was created.

" - }, - "Name" : { - "shape" : "StringWithLengthBetween1And128", - "locationName" : "name", - "documentation" : "

The name of the VPC link.

" - }, - "SecurityGroupIds" : { - "shape" : "SecurityGroupIdList", - "locationName" : "securityGroupIds", - "documentation" : "

A list of security group IDs for the VPC link.

" - }, - "SubnetIds" : { - "shape" : "SubnetIdList", - "locationName" : "subnetIds", - "documentation" : "

A list of subnet IDs to include in the VPC link.

" - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "

Tags for the VPC link.

" - }, - "VpcLinkId" : { - "shape" : "Id", - "locationName" : "vpcLinkId", - "documentation" : "

The ID of the VPC link.

" - }, - "VpcLinkStatus" : { - "shape" : "VpcLinkStatus", - "locationName" : "vpcLinkStatus", - "documentation" : "

The status of the VPC link.

" - }, - "VpcLinkStatusMessage" : { - "shape" : "StringWithLengthBetween0And1024", - "locationName" : "vpcLinkStatusMessage", - "documentation" : "

A message summarizing the cause of the status of the VPC link.

" - }, - "VpcLinkVersion" : { - "shape" : "VpcLinkVersion", - "locationName" : "vpcLinkVersion", - "documentation" : "

The version of the VPC link.

" - } - }, - "documentation" : "

Represents a VPC link.

", - "required" : [ "VpcLinkId", "SecurityGroupIds", "SubnetIds", "Name" ] - }, - "VpcLinkStatus" : { - "type" : "string", - "documentation" : "

The status of the VPC link.

", - "enum" : [ "PENDING", "AVAILABLE", "DELETING", "FAILED", "INACTIVE" ] - }, - "VpcLinkVersion" : { - "type" : "string", - "documentation" : "

The version of the VPC link.

", - "enum" : [ "V2" ] - }, - "VpcLinks" : { - "type" : "structure", - "members" : { - "Items" : { - "shape" : "__listOfVpcLink", - "locationName" : "items", - "documentation" : "

A collection of VPC links.

" - }, - "NextToken" : { - "shape" : "NextToken", - "locationName" : "nextToken", - "documentation" : "

The next page of elements from this collection. Not valid for the last element of the collection.

" - } - }, - "documentation" : "

Represents a collection of VPCLinks.

" - }, - "__boolean" : { - "type" : "boolean" - }, - "__double" : { - "type" : "double" - }, - "__integer" : { - "type" : "integer" - }, - "__listOfApi" : { - "type" : "list", - "member" : { - "shape" : "Api" - } - }, - "__listOfApiMapping" : { - "type" : "list", - "member" : { - "shape" : "ApiMapping" - } - }, - "__listOfAuthorizer" : { - "type" : "list", - "member" : { - "shape" : "Authorizer" - } - }, - "__listOfDeployment" : { - "type" : "list", - "member" : { - "shape" : "Deployment" - } - }, - "__listOfDomainName" : { - "type" : "list", - "member" : { - "shape" : "DomainName" - } - }, - "__listOfIntegration" : { - "type" : "list", - "member" : { - "shape" : "Integration" - } - }, - "__listOfIntegrationResponse" : { - "type" : "list", - "member" : { - "shape" : "IntegrationResponse" - } - }, - "__listOfModel" : { - "type" : "list", - "member" : { - "shape" : "Model" - } - }, - "__listOfRoute" : { - "type" : "list", - "member" : { - "shape" : "Route" - } - }, - "__listOfRouteResponse" : { - "type" : "list", - "member" : { - "shape" : "RouteResponse" - } - }, - "__listOfStage" : { - "type" : "list", - "member" : { - "shape" : "Stage" - } - }, - "__listOfVpcLink" : { - "type" : "list", - "member" : { - "shape" : "VpcLink" - } - }, - "__listOf__string" : { - "type" : "list", - "member" : { - "shape" : "__string" - } - }, - "__long" : { - "type" : "long" - }, - "__string" : { - "type" : "string" - }, - "__timestampIso8601" : { - "type" : "timestamp", - "timestampFormat" : "iso8601" - }, - "__timestampUnix" : { - "type" : "timestamp", - "timestampFormat" : "unixTimestamp" + "GetVpcLinkRequest": { + "type": "structure", + "members": { + "VpcLinkId": { + "shape": "__string", + "location": "uri", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + } + }, + "required": [ + "VpcLinkId" + ] + }, + "GetVpcLinkResponse": { + "type": "structure", + "members": { + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the VPC link was created.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

Tags for the VPC link.

" + }, + "VpcLinkId": { + "shape": "Id", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + }, + "VpcLinkStatus": { + "shape": "VpcLinkStatus", + "locationName": "vpcLinkStatus", + "documentation": "

The status of the VPC link.

" + }, + "VpcLinkStatusMessage": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "vpcLinkStatusMessage", + "documentation": "

A message summarizing the cause of the status of the VPC link.

" + }, + "VpcLinkVersion": { + "shape": "VpcLinkVersion", + "locationName": "vpcLinkVersion", + "documentation": "

The version of the VPC link.

" + } + } + }, + "GetVpcLinksRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "

The maximum number of elements to be returned for this resource.

" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "GetVpcLinksResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfVpcLink", + "locationName": "items", + "documentation": "

A collection of VPC links.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + } + }, + "Id": { + "type": "string", + "documentation": "

The identifier.

" + }, + "IdentitySourceList": { + "type": "list", + "documentation": "

The identity source for which authorization is requested. For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is $method.request.header.Auth, $method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

", + "member": { + "shape": "__string" + } + }, + "ImportApiInput": { + "type": "structure", + "members": { + "Body": { + "shape": "__string", + "locationName": "body", + "documentation": "

The OpenAPI definition. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents the input to ImportAPI. Supported only for HTTP APIs.

", + "required": [ + "Body" + ] + }, + "ImportApiRequest": { + "type": "structure", + "members": { + "Basepath": { + "shape": "__string", + "location": "querystring", + "locationName": "basepath", + "documentation": "

Specifies how to interpret the base path of the API during import. Valid values are ignore, prepend, and split. The default value is ignore. To learn more, see Set the OpenAPI basePath Property. Supported only for HTTP APIs.

" + }, + "Body": { + "shape": "__string", + "locationName": "body", + "documentation": "

The OpenAPI definition. Supported only for HTTP APIs.

" + }, + "FailOnWarnings": { + "shape": "__boolean", + "location": "querystring", + "locationName": "failOnWarnings", + "documentation": "

Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered.

" + } + }, + "documentation": "

", + "required": [ + "Body" + ] + }, + "ImportApiResponse": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + } + }, + "IntegerWithLengthBetween0And3600": { + "type": "integer", + "documentation": "

An integer with a value between [0-3600].

", + "min": 0, + "max": 3600 + }, + "IntegerWithLengthBetween50And30000": { + "type": "integer", + "documentation": "

An integer with a value between [50-30000].

", + "min": 50, + "max": 30000 + }, + "IntegerWithLengthBetweenMinus1And86400": { + "type": "integer", + "documentation": "

An integer with a value between -1 and 86400. Supported only for HTTP APIs.

", + "min": -1, + "max": 86400 + }, + "Integration": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

Represents the description of an integration.

" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "

Represents the identifier of an integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration. Supported only for WebSocket APIs.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfig", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents an integration.

" + }, + "IntegrationParameters": { + "type": "map", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "StringWithLengthBetween1And512" + } + }, + "IntegrationResponse": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expressions for the integration response.

" + } + }, + "documentation": "

Represents an integration response.

", + "required": [ + "IntegrationResponseKey" + ] + }, + "IntegrationResponses": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegrationResponse", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of integration responses.

" + }, + "IntegrationType": { + "type": "string", + "documentation": "

Represents an API method integration type.

", + "enum": [ + "AWS", + "HTTP", + "MOCK", + "HTTP_PROXY", + "AWS_PROXY" + ] + }, + "Integrations": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegration", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of integrations.

" + }, + "IpAddressType": { + "type": "string", + "documentation": "

The IP address types that can invoke your API or domain name.

", + "enum": [ + "ipv4", + "dualstack" + ] + }, + "JWTConfiguration": { + "type": "structure", + "members": { + "Audience": { + "shape": "__listOf__string", + "locationName": "audience", + "documentation": "

A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. See RFC 7519. Supported only for HTTP APIs.

" + }, + "Issuer": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "issuer", + "documentation": "

The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: https://cognito-idp.{region}.amazonaws.com/{userPoolId}\n . Required for the JWT authorizer type. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "LimitExceededException": { + "type": "structure", + "members": { + "LimitType": { + "shape": "__string", + "locationName": "limitType", + "documentation": "

The limit type.

" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

Describes the error encountered.

" + } + }, + "documentation": "

A limit has been exceeded. See the accompanying error message for details.

" + }, + "LoggingLevel": { + "type": "string", + "documentation": "

The logging level.

", + "enum": [ + "ERROR", + "INFO", + "OFF" + ] + }, + "Model": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "

The model identifier.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + }, + "documentation": "

Represents a data model for an API. Supported only for WebSocket APIs. See Create Models and Mapping Templates for Request and Response Mappings.

", + "required": [ + "Name" + ] + }, + "Models": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfModel", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of data models. See Create Models and Mapping Templates for Request and Response Mappings.

" + }, + "MutualTlsAuthentication": { + "type": "structure", + "members": { + "TruststoreUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "truststoreUri", + "documentation": "

An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

" + }, + "TruststoreVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "truststoreVersion", + "documentation": "

The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

" + }, + "TruststoreWarnings": { + "shape": "__listOf__string", + "locationName": "truststoreWarnings", + "documentation": "

A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

" + } + } + }, + "MutualTlsAuthenticationInput": { + "type": "structure", + "members": { + "TruststoreUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "truststoreUri", + "documentation": "

An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

" + }, + "TruststoreVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "truststoreVersion", + "documentation": "

The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

" + } + } + }, + "NextToken": { + "type": "string", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + }, + "NotFoundException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

Describes the error encountered.

" + }, + "ResourceType": { + "shape": "__string", + "locationName": "resourceType", + "documentation": "

The resource type.

" + } + }, + "documentation": "

The resource specified in the request was not found. See the message field for more information.

", + "exception": true, + "error": { + "httpStatusCode": 404 + } + }, + "ParameterConstraints": { + "type": "structure", + "members": { + "Required": { + "shape": "__boolean", + "locationName": "required", + "documentation": "

Whether or not the parameter is required.

" + } + }, + "documentation": "

Validation constraints imposed on parameters of a request (path, query string, headers).

" + }, + "PassthroughBehavior": { + "type": "string", + "documentation": "

Represents passthrough behavior for an integration response. Supported only for WebSocket APIs.

", + "enum": [ + "WHEN_NO_MATCH", + "NEVER", + "WHEN_NO_TEMPLATES" + ] + }, + "ProtocolType": { + "type": "string", + "documentation": "Represents a protocol type.", + "enum": [ + "WEBSOCKET", + "HTTP" + ] + }, + "PutRoutingRuleRequest": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

The routing rule action.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

The routing rule condition.

" + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "

The domain name ID.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "

The routing rule priority.

" + }, + "RoutingRuleId": { + "shape": "__string", + "location": "uri", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + }, + "required": [ + "RoutingRuleId", + "DomainName", + "Actions", + "Priority", + "Conditions" + ] + }, + "PutRoutingRuleResponse": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

The routing rule action.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

The conditions of the routing rule.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "

The routing rule priority.

" + }, + "RoutingRuleArn": { + "shape": "Arn", + "locationName": "routingRuleArn", + "documentation": "

The routing rule ARN.

" + }, + "RoutingRuleId": { + "shape": "Id", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + } + }, + "ReimportApiInput": { + "type": "structure", + "members": { + "Body": { + "shape": "__string", + "locationName": "body", + "documentation": "

The OpenAPI definition. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Overwrites the configuration of an existing API using the provided definition. Supported only for HTTP APIs.

", + "required": [ + "Body" + ] + }, + "ReimportApiRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "Basepath": { + "shape": "__string", + "location": "querystring", + "locationName": "basepath", + "documentation": "

Specifies how to interpret the base path of the API during import. Valid values are ignore, prepend, and split. The default value is ignore. To learn more, see Set the OpenAPI basePath Property. Supported only for HTTP APIs.

" + }, + "Body": { + "shape": "__string", + "locationName": "body", + "documentation": "

The OpenAPI definition. Supported only for HTTP APIs.

" + }, + "FailOnWarnings": { + "shape": "__boolean", + "location": "querystring", + "locationName": "failOnWarnings", + "documentation": "

Specifies whether to rollback the API creation when a warning is encountered. By default, API creation continues if a warning is encountered.

" + } + }, + "documentation": "

", + "required": [ + "ApiId", + "Body" + ] + }, + "ReimportApiResponse": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + } + }, + "ResponseParameters": { + "type": "map", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "IntegrationParameters" + } + }, + "Route": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteId": { + "shape": "Id", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + }, + "documentation": "

Represents a route.

", + "required": [ + "RouteKey" + ] + }, + "RouteModels": { + "type": "map", + "documentation": "

The route models.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "StringWithLengthBetween1And128" + } + }, + "RouteParameters": { + "type": "map", + "documentation": "

The route parameters.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "ParameterConstraints" + } + }, + "RouteResponse": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

Represents the response models of a route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

Represents the response parameters of a route response.

" + }, + "RouteResponseId": { + "shape": "Id", + "locationName": "routeResponseId", + "documentation": "

Represents the identifier of a route response.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

Represents the route response key of a route response.

" + } + }, + "documentation": "

Represents a route response.

", + "required": [ + "RouteResponseKey" + ] + }, + "RouteResponses": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfRouteResponse", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of route responses.

" + }, + "RouteSettings": { + "type": "structure", + "members": { + "DataTraceEnabled": { + "shape": "__boolean", + "locationName": "dataTraceEnabled", + "documentation": "

Specifies whether (true) or not (false) data trace logging is enabled for this route. This property affects the log entries pushed to Amazon CloudWatch Logs. Supported only for WebSocket APIs.

" + }, + "DetailedMetricsEnabled": { + "shape": "__boolean", + "locationName": "detailedMetricsEnabled", + "documentation": "

Specifies whether detailed metrics are enabled.

" + }, + "LoggingLevel": { + "shape": "LoggingLevel", + "locationName": "loggingLevel", + "documentation": "

Specifies the logging level for this route: INFO, ERROR, or OFF. This property affects the log entries pushed to Amazon CloudWatch Logs. Supported only for WebSocket APIs.

" + }, + "ThrottlingBurstLimit": { + "shape": "__integer", + "locationName": "throttlingBurstLimit", + "documentation": "

Specifies the throttling burst limit.

" + }, + "ThrottlingRateLimit": { + "shape": "__double", + "locationName": "throttlingRateLimit", + "documentation": "

Specifies the throttling rate limit.

" + } + }, + "documentation": "

Represents a collection of route settings.

" + }, + "RouteSettingsMap": { + "type": "map", + "documentation": "

The route settings map.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "RouteSettings" + } + }, + "Routes": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfRoute", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of routes.

" + }, + "RoutingMode": { + "type": "string", + "enum": [ + "API_MAPPING_ONLY", + "ROUTING_RULE_ONLY", + "ROUTING_RULE_THEN_API_MAPPING" + ] + }, + "RoutingRule": { + "type": "structure", + "documentation": "

Represents a routing rule.

", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions", + "documentation": "

The routing rule action.

" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions", + "documentation": "

The routing rule condition.

" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority", + "documentation": "

The routing rule priority.

" + }, + "RoutingRuleArn": { + "shape": "Arn", + "locationName": "routingRuleArn", + "documentation": "

The routing rule ARN.

" + }, + "RoutingRuleId": { + "shape": "Id", + "locationName": "routingRuleId", + "documentation": "

The routing rule ID.

" + } + } + }, + "RoutingRuleAction": { + "type": "structure", + "members": { + "InvokeApi": { + "shape": "RoutingRuleActionInvokeApi", + "locationName": "invokeApi" + } + }, + "documentation": "

The routing rule action.

", + "required": [ + "InvokeApi" + ] + }, + "RoutingRuleActionInvokeApi": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage" + }, + "StripBasePath": { + "shape": "__boolean", + "locationName": "stripBasePath", + "documentation": "

The strip base path setting.

" + } + }, + "documentation": "

Represents an InvokeApi action.

", + "required": [ + "Stage", + "ApiId" + ] + }, + "RoutingRuleCondition": { + "type": "structure", + "documentation": "

Represents a routing rule condition.

", + "members": { + "MatchBasePaths": { + "shape": "RoutingRuleMatchBasePaths", + "locationName": "matchBasePaths", + "documentation": "

The base path to be matched.

" + }, + "MatchHeaders": { + "shape": "RoutingRuleMatchHeaders", + "locationName": "matchHeaders", + "documentation": "

The headers to be matched.

" + } + } + }, + "RoutingRuleInput": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOfRoutingRuleAction", + "locationName": "actions" + }, + "Conditions": { + "shape": "__listOfRoutingRuleCondition", + "locationName": "conditions" + }, + "Priority": { + "shape": "RoutingRulePriority", + "locationName": "priority" + } + }, + "required": [ + "Actions", + "Priority", + "Conditions" + ] + }, + "RoutingRuleMatchBasePaths": { + "type": "structure", + "members": { + "AnyOf": { + "shape": "__listOfSelectionKey", + "locationName": "anyOf", + "documentation": "The string of the case sensitive base path to be matched." + } + }, + "documentation": "

Represents a MatchBasePaths condition.

", + "required": [ + "AnyOf" + ] + }, + "RoutingRuleMatchHeaderValue": { + "type": "structure", + "documentation": "

Represents a MatchHeaderValue.

", + "members": { + "Header": { + "shape": "SelectionKey", + "locationName": "header" + }, + "ValueGlob": { + "shape": "SelectionExpression", + "locationName": "valueGlob" + } + }, + "required": [ + "ValueGlob", + "Header" + ] + }, + "RoutingRuleMatchHeaders": { + "type": "structure", + "documentation": "

Represents a MatchHeaders condition.

", + "members": { + "AnyOf": { + "shape": "__listOfRoutingRuleMatchHeaderValue", + "locationName": "anyOf", + "documentation": "

The header name and header value glob to be matched. The matchHeaders condition is matched if any of the header name and header value globs are matched.

" + } + }, + "required": [ + "AnyOf" + ] + }, + "RoutingRulePriority": { + "type": "integer", + "min": 1, + "max": 1000000, + "documentation": "

The routing rule priority.

" + }, + "MaxResults": { + "type": "integer", + "min": 1, + "max": 100 + }, + "RoutingRules": { + "type": "structure", + "documentation": "

A collection of routing rules.

", + "members": { + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken" + }, + "RoutingRules": { + "shape": "__listOfRoutingRule", + "locationName": "routingRules" + } + } + }, + "SecurityGroupIdList": { + "type": "list", + "documentation": "

A list of security group IDs for the VPC link.

", + "member": { + "shape": "__string" + } + }, + "SecurityPolicy": { + "type": "string", + "documentation": "

The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are TLS_1_0 and TLS_1_2.

", + "enum": [ + "TLS_1_0", + "TLS_1_2" + ] + }, + "SelectionExpression": { + "type": "string", + "documentation": "

An expression used to extract information at runtime. See Selection Expressions for more information.

" + }, + "SelectionKey": { + "type": "string", + "documentation": "

After evaluating a selection expression, the result is compared against one or more selection keys to find a matching key. See Selection Expressions for a list of expressions and each expression's associated selection key type.

" + }, + "Stage": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the stage was created.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

Default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the stage.

" + }, + "LastDeploymentStatusMessage": { + "shape": "__string", + "locationName": "lastDeploymentStatusMessage", + "documentation": "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" + }, + "LastUpdatedDate": { + "shape": "__timestampIso8601", + "locationName": "lastUpdatedDate", + "documentation": "

The timestamp when the stage was last updated.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + }, + "documentation": "

Represents an API stage.

", + "required": [ + "StageName" + ] + }, + "StageVariablesMap": { + "type": "map", + "documentation": "

The stage variable map.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "StringWithLengthBetween0And2048" + } + }, + "Stages": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfStage", + "locationName": "items", + "documentation": "

The elements from this collection.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

A collection of Stage resources that are associated with the ApiKey resource.

" + }, + "StringWithLengthBetween0And1024": { + "type": "string", + "documentation": "

A string with a length between [0-1024].

" + }, + "StringWithLengthBetween0And2048": { + "type": "string", + "documentation": "

A string with a length between [0-2048].

" + }, + "StringWithLengthBetween0And32K": { + "type": "string", + "documentation": "

A string with a length between [0-32768].

" + }, + "StringWithLengthBetween1And1024": { + "type": "string", + "documentation": "

A string with a length between [1-1024].

" + }, + "StringWithLengthBetween1And128": { + "type": "string", + "documentation": "

A string with a length between [1-128].

" + }, + "StringWithLengthBetween1And1600": { + "type": "string", + "documentation": "

A string with a length between [0-1600].

" + }, + "StringWithLengthBetween1And256": { + "type": "string", + "documentation": "

A string with a length between [1-256].

" + }, + "StringWithLengthBetween1And512": { + "type": "string", + "documentation": "

A string with a length between [1-512].

" + }, + "StringWithLengthBetween1And64": { + "type": "string", + "documentation": "

A string with a length between [1-64].

" + }, + "SubnetIdList": { + "type": "list", + "documentation": "

A list of subnet IDs to include in the VPC link.

", + "member": { + "shape": "__string" + } + }, + "TagResourceInput": { + "type": "structure", + "members": { + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + }, + "documentation": "

Represents the input parameters for a TagResource request.

" + }, + "TagResourceRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "

The resource ARN for the tag.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + }, + "documentation": "

Creates a new Tag resource to represent a tag.

", + "required": [ + "ResourceArn" + ] + }, + "TagResourceResponse": { + "type": "structure", + "members": {} + }, + "Tags": { + "type": "map", + "documentation": "

Represents a collection of tags associated with the resource.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "StringWithLengthBetween1And1600" + } + }, + "Template": { + "type": "structure", + "members": { + "Value": { + "shape": "__string", + "locationName": "value", + "documentation": "

The template value.

" + } + }, + "documentation": "

Represents a template.

" + }, + "TemplateMap": { + "type": "map", + "documentation": "

A mapping of identifier keys to templates. The value is an actual template script. The key is typically a SelectionKey which is chosen based on evaluating a selection expression.

", + "key": { + "shape": "__string" + }, + "value": { + "shape": "StringWithLengthBetween0And32K" + } + }, + "TlsConfig": { + "type": "structure", + "members": { + "ServerNameToVerify": { + "shape": "StringWithLengthBetween1And512", + "locationName": "serverNameToVerify", + "documentation": "

If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.

" + } + }, + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + }, + "TlsConfigInput": { + "type": "structure", + "members": { + "ServerNameToVerify": { + "shape": "StringWithLengthBetween1And512", + "locationName": "serverNameToVerify", + "documentation": "

If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.

" + } + }, + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + }, + "TooManyRequestsException": { + "type": "structure", + "members": { + "LimitType": { + "shape": "__string", + "locationName": "limitType", + "documentation": "

The limit type.

" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

Describes the error encountered.

" + } + }, + "documentation": "

A limit has been exceeded. See the accompanying error message for details.

", + "exception": true, + "error": { + "httpStatusCode": 429 + } + }, + "UntagResourceRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "

The resource ARN for the tag.

" + }, + "TagKeys": { + "shape": "__listOf__string", + "location": "querystring", + "locationName": "tagKeys", + "documentation": "

The Tag keys to delete

" + } + }, + "required": [ + "ResourceArn", + "TagKeys" + ] + }, + "UpdateApiInput": { + "type": "structure", + "members": { + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null. Currently, this property is not used for HTTP integrations. If provided, this value replaces the credentials associated with the quick create integration. Supported only for HTTP APIs.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

This property is part of quick create. If not specified, the route created using quick create is kept. Otherwise, this value replaces the route key of the quick create route. Additional routes may still be added after the API is updated. Supported only for HTTP APIs.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Target": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "target", + "documentation": "

This property is part of quick create. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. The value provided updates the integration URI and integration type. You can update a quick-created target, but you can't remove it from an API. Supported only for HTTP APIs.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateApi request.

" + }, + "UpdateApiMappingInput": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateApiMapping request.

" + }, + "UpdateApiMappingRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingId": { + "shape": "__string", + "location": "uri", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + }, + "documentation": "

Updates an ApiMapping.

", + "required": [ + "ApiMappingId", + "ApiId", + "DomainName" + ] + }, + "UpdateApiMappingResponse": { + "type": "structure", + "members": { + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiMappingId": { + "shape": "Id", + "locationName": "apiMappingId", + "documentation": "

The API mapping identifier.

" + }, + "ApiMappingKey": { + "shape": "SelectionKey", + "locationName": "apiMappingKey", + "documentation": "

The API mapping key.

" + }, + "Stage": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stage", + "documentation": "

The API stage.

" + } + } + }, + "UpdateApiRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

This property is part of quick create. It specifies the credentials required for the integration, if any. For a Lambda integration, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, don't specify this parameter. Currently, this property is not used for HTTP integrations. If provided, this value replaces the credentials associated with the quick create integration. Supported only for HTTP APIs.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke your API or domain name.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

This property is part of quick create. If not specified, the route created using quick create is kept. Otherwise, this value replaces the route key of the quick create route. Additional routes may still be added after the API is updated. Supported only for HTTP APIs.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Target": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "target", + "documentation": "

This property is part of quick create. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. The value provided updates the integration URI and integration type. You can update a quick-created target, but you can't remove it from an API. Supported only for HTTP APIs.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + } + }, + "documentation": "

Updates an Api.

", + "required": [ + "ApiId" + ] + }, + "UpdateApiResponse": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "

The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.

" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "

The API ID.

" + }, + "ApiKeySelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiKeySelectionExpression", + "documentation": "

An API key selection expression. Supported only for WebSocket APIs. See API Key Selection Expressions.

" + }, + "CorsConfiguration": { + "shape": "Cors", + "locationName": "corsConfiguration", + "documentation": "

A CORS configuration. Supported only for HTTP APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the API was created.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the API.

" + }, + "DisableSchemaValidation": { + "shape": "__boolean", + "locationName": "disableSchemaValidation", + "documentation": "

Avoid validating models when creating a deployment. Supported only for WebSocket APIs.

" + }, + "DisableExecuteApiEndpoint": { + "shape": "__boolean", + "locationName": "disableExecuteApiEndpoint", + "documentation": "

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

" + }, + "ImportInfo": { + "shape": "__listOf__string", + "locationName": "importInfo", + "documentation": "

The validation information during API import. This may include particular properties of your OpenAPI definition which are ignored during import. Supported only for HTTP APIs.

" + }, + "IpAddressType": { + "shape": "IpAddressType", + "locationName": "ipAddressType", + "documentation": "

The IP address types that can invoke the API.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the API.

" + }, + "ProtocolType": { + "shape": "ProtocolType", + "locationName": "protocolType", + "documentation": "

The API protocol.

" + }, + "RouteSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeSelectionExpression", + "documentation": "

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

A collection of tags associated with the API.

" + }, + "Version": { + "shape": "StringWithLengthBetween1And64", + "locationName": "version", + "documentation": "

A version identifier for the API.

" + }, + "Warnings": { + "shape": "__listOf__string", + "locationName": "warnings", + "documentation": "

The warning messages reported when failonwarnings is turned on during API import.

" + } + } + }, + "UpdateAuthorizerInput": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

This parameter is not used.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + }, + "documentation": "

The input parameters for an UpdateAuthorizer request.

" + }, + "UpdateAuthorizerRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter.

" + }, + "AuthorizerId": { + "shape": "__string", + "location": "uri", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

This parameter is not used.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + }, + "documentation": "

Updates an Authorizer.

", + "required": [ + "AuthorizerId", + "ApiId" + ] + }, + "UpdateAuthorizerResponse": { + "type": "structure", + "members": { + "AuthorizerCredentialsArn": { + "shape": "Arn", + "locationName": "authorizerCredentialsArn", + "documentation": "

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, don't specify this parameter. Supported only for REQUEST authorizers.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The authorizer identifier.

" + }, + "AuthorizerPayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "authorizerPayloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

" + }, + "AuthorizerResultTtlInSeconds": { + "shape": "IntegerWithLengthBetween0And3600", + "locationName": "authorizerResultTtlInSeconds", + "documentation": "

The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.

" + }, + "AuthorizerType": { + "shape": "AuthorizerType", + "locationName": "authorizerType", + "documentation": "

The authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs).

" + }, + "AuthorizerUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "authorizerUri", + "documentation": "

The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form: arn:aws:apigateway:{region}:lambda:path/{service_api}\n , where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST authorizers.

" + }, + "EnableSimpleResponses": { + "shape": "__boolean", + "locationName": "enableSimpleResponses", + "documentation": "

Specifies whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs

" + }, + "IdentitySource": { + "shape": "IdentitySourceList", + "locationName": "identitySource", + "documentation": "

The identity source for which authorization is requested.

For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs.

For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization.

" + }, + "IdentityValidationExpression": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "identityValidationExpression", + "documentation": "

The validation expression does not apply to the REQUEST authorizer.

" + }, + "JwtConfiguration": { + "shape": "JWTConfiguration", + "locationName": "jwtConfiguration", + "documentation": "

Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the authorizer.

" + } + } + }, + "UpdateDeploymentInput": { + "type": "structure", + "members": { + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment resource.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateDeployment request.

" + }, + "UpdateDeploymentRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "DeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "deploymentId", + "documentation": "

The deployment ID.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment resource.

" + } + }, + "documentation": "

Updates a Deployment.

", + "required": [ + "ApiId", + "DeploymentId" + ] + }, + "UpdateDeploymentResponse": { + "type": "structure", + "members": { + "AutoDeployed": { + "shape": "__boolean", + "locationName": "autoDeployed", + "documentation": "

Specifies whether a deployment was automatically released.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The date and time when the Deployment resource was created.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier for the deployment.

" + }, + "DeploymentStatus": { + "shape": "DeploymentStatus", + "locationName": "deploymentStatus", + "documentation": "

The status of the deployment: PENDING, FAILED, or SUCCEEDED.

" + }, + "DeploymentStatusMessage": { + "shape": "__string", + "locationName": "deploymentStatusMessage", + "documentation": "

May contain additional feedback on the status of an API deployment.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the deployment.

" + } + } + }, + "UpdateDomainNameInput": { + "type": "structure", + "members": { + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthenticationInput", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateDomainName request.

" + }, + "UpdateDomainNameRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "

The domain name.

" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthenticationInput", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + } + }, + "documentation": "

Updates a DomainName.

", + "required": [ + "DomainName" + ] + }, + "UpdateDomainNameResponse": { + "type": "structure", + "members": { + "ApiMappingSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "apiMappingSelectionExpression", + "documentation": "

The API mapping selection expression.

" + }, + "DomainName": { + "shape": "StringWithLengthBetween1And512", + "locationName": "domainName", + "documentation": "

The name of the DomainName resource.

" + }, + "DomainNameArn": { + "shape": "Arn", + "locationName": "domainNameArn" + }, + "DomainNameConfigurations": { + "shape": "DomainNameConfigurations", + "locationName": "domainNameConfigurations", + "documentation": "

The domain name configurations.

" + }, + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthentication", + "locationName": "mutualTlsAuthentication", + "documentation": "

The mutual TLS authentication configuration for a custom domain name.

" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "

The routing mode.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags associated with a domain name.

" + } + } + }, + "UpdateIntegrationInput": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the integration

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateIntegration request.

" + }, + "UpdateIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the integration

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + }, + "documentation": "

Updates an Integration.

", + "required": [ + "ApiId", + "IntegrationId" + ] + }, + "UpdateIntegrationResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.

" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "

The ID of the VPC link for a private integration. Supported only for HTTP APIs.

" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "

The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "

Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

Represents the description of an integration.

" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "

Represents the identifier of an integration.

" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "

Specifies the integration's HTTP method type.

" + }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "

The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.

" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "

Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.

" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "

The integration type of an integration. One of the following:

AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.

AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.

HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.

HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.

MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.

" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "

For a Lambda integration, specify the URI of a Lambda function.

For an HTTP integration, specify a fully-qualified URL.

For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.

" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "

Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.

WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.

NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.

WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.

" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "

Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.

" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "

For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.{location}.{name}\n , where \n {location}\n is querystring, path, or header; and \n {name}\n must be a valid and unique method request parameter name.

For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.

For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.

" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "

Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration. Supported only for WebSocket APIs.

" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "

Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.

" + }, + "TlsConfig": { + "shape": "TlsConfig", + "locationName": "tlsConfig", + "documentation": "

The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.

" + } + } + }, + "UpdateIntegrationResponseInput": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}\n , where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name}\n or integration.response.body.{JSON-expression}\n , where \n {name}\n is a valid and unique response header name and \n {JSON-expression}\n is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateIntegrationResponse request.

" + }, + "UpdateIntegrationResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "

The integration ID.

" + }, + "IntegrationResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}\n , where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name}\n or integration.response.body.{JSON-expression}\n , where \n {name}\n is a valid and unique response header name and \n {JSON-expression}\n is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expression for the integration response. Supported only for WebSocket APIs.

" + } + }, + "documentation": "

Updates an IntegrationResponses.

", + "required": [ + "ApiId", + "IntegrationResponseId", + "IntegrationId" + ] + }, + "UpdateIntegrationResponseResponse": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "

Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:

CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.

CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.

If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.

" + }, + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "

The integration response ID.

" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "

The integration response key.

" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "

A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.

" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "

The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.

" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "

The template selection expressions for the integration response.

" + } + } + }, + "UpdateModelInput": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateModel request. Supported only for WebSocket APIs.

" + }, + "UpdateModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "

The model ID.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + }, + "documentation": "

Updates a Model.

", + "required": [ + "ModelId", + "ApiId" + ] + }, + "UpdateModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "

The content-type for the model, for example, \"application/json\".

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the model.

" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "

The model identifier.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the model. Must be alphanumeric.

" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "

The schema for the model. For application/json models, this should be JSON schema draft 4 model.

" + } + } + }, + "UpdateRouteInput": { + "type": "structure", + "members": { + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

The authorization scopes supported by this route.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateRoute request.

" + }, + "UpdateRouteRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for the route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

The authorization scopes supported by this route.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + }, + "documentation": "

Updates a Route.

", + "required": [ + "ApiId", + "RouteId" + ] + }, + "UpdateRouteResult": { + "type": "structure", + "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a route is managed by API Gateway. If you created an API using quick create, the $default route is managed by API Gateway. You can't modify the $default route key.

" + }, + "ApiKeyRequired": { + "shape": "__boolean", + "locationName": "apiKeyRequired", + "documentation": "

Specifies whether an API key is required for this route. Supported only for WebSocket APIs.

" + }, + "AuthorizationScopes": { + "shape": "AuthorizationScopes", + "locationName": "authorizationScopes", + "documentation": "

A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.

" + }, + "AuthorizationType": { + "shape": "AuthorizationType", + "locationName": "authorizationType", + "documentation": "

The authorization type for the route. For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer.

" + }, + "AuthorizerId": { + "shape": "Id", + "locationName": "authorizerId", + "documentation": "

The identifier of the Authorizer resource to be associated with this route. The authorizer identifier is generated by API Gateway when you created the authorizer.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route. Supported only for WebSocket APIs.

" + }, + "OperationName": { + "shape": "StringWithLengthBetween1And64", + "locationName": "operationName", + "documentation": "

The operation name for the route.

" + }, + "RequestModels": { + "shape": "RouteModels", + "locationName": "requestModels", + "documentation": "

The request models for the route. Supported only for WebSocket APIs.

" + }, + "RequestParameters": { + "shape": "RouteParameters", + "locationName": "requestParameters", + "documentation": "

The request parameters for the route. Supported only for WebSocket APIs.

" + }, + "RouteId": { + "shape": "Id", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteKey": { + "shape": "SelectionKey", + "locationName": "routeKey", + "documentation": "

The route key for the route.

" + }, + "RouteResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "routeResponseSelectionExpression", + "documentation": "

The route response selection expression for the route. Supported only for WebSocket APIs.

" + }, + "Target": { + "shape": "StringWithLengthBetween1And128", + "locationName": "target", + "documentation": "

The target for the route.

" + } + } + }, + "UpdateRouteResponseInput": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

The response models for the route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

The route response parameters.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

The route response key.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateRouteResponse request.

" + }, + "UpdateRouteResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

The model selection expression for the route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

The response models for the route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

The route response parameters.

" + }, + "RouteId": { + "shape": "__string", + "location": "uri", + "locationName": "routeId", + "documentation": "

The route ID.

" + }, + "RouteResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "routeResponseId", + "documentation": "

The route response ID.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

The route response key.

" + } + }, + "documentation": "

Updates a RouteResponse.

", + "required": [ + "RouteResponseId", + "ApiId", + "RouteId" + ] + }, + "UpdateRouteResponseResponse": { + "type": "structure", + "members": { + "ModelSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "modelSelectionExpression", + "documentation": "

Represents the model selection expression of a route response. Supported only for WebSocket APIs.

" + }, + "ResponseModels": { + "shape": "RouteModels", + "locationName": "responseModels", + "documentation": "

Represents the response models of a route response.

" + }, + "ResponseParameters": { + "shape": "RouteParameters", + "locationName": "responseParameters", + "documentation": "

Represents the response parameters of a route response.

" + }, + "RouteResponseId": { + "shape": "Id", + "locationName": "routeResponseId", + "documentation": "

Represents the identifier of a route response.

" + }, + "RouteResponseKey": { + "shape": "SelectionKey", + "locationName": "routeResponseKey", + "documentation": "

Represents the route response key of a route response.

" + } + } + }, + "UpdateStageInput": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

The default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The deployment identifier for the API stage. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the API stage.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateStage request.

" + }, + "UpdateStageRequest": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "

The API identifier.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

The default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The deployment identifier for the API stage. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description for the API stage.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage.

" + }, + "StageName": { + "shape": "__string", + "location": "uri", + "locationName": "stageName", + "documentation": "

The stage name. Stage names can contain only alphanumeric characters, hyphens, and underscores, or be $default. Maximum length is 128 characters.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a Stage. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + } + }, + "documentation": "

Updates a Stage.

", + "required": [ + "StageName", + "ApiId" + ] + }, + "UpdateStageResponse": { + "type": "structure", + "members": { + "AccessLogSettings": { + "shape": "AccessLogSettings", + "locationName": "accessLogSettings", + "documentation": "

Settings for logging access in this stage.

" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "

Specifies whether a stage is managed by API Gateway. If you created an API using quick create, the $default stage is managed by API Gateway. You can't modify the $default stage.

" + }, + "AutoDeploy": { + "shape": "__boolean", + "locationName": "autoDeploy", + "documentation": "

Specifies whether updates to an API automatically trigger a new deployment. The default value is false.

" + }, + "ClientCertificateId": { + "shape": "Id", + "locationName": "clientCertificateId", + "documentation": "

The identifier of a client certificate for a Stage. Supported only for WebSocket APIs.

" + }, + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the stage was created.

" + }, + "DefaultRouteSettings": { + "shape": "RouteSettings", + "locationName": "defaultRouteSettings", + "documentation": "

Default route settings for the stage.

" + }, + "DeploymentId": { + "shape": "Id", + "locationName": "deploymentId", + "documentation": "

The identifier of the Deployment that the Stage is associated with. Can't be updated if autoDeploy is enabled.

" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "

The description of the stage.

" + }, + "LastDeploymentStatusMessage": { + "shape": "__string", + "locationName": "lastDeploymentStatusMessage", + "documentation": "

Describes the status of the last deployment of a stage. Supported only for stages with autoDeploy enabled.

" + }, + "LastUpdatedDate": { + "shape": "__timestampIso8601", + "locationName": "lastUpdatedDate", + "documentation": "

The timestamp when the stage was last updated.

" + }, + "RouteSettings": { + "shape": "RouteSettingsMap", + "locationName": "routeSettings", + "documentation": "

Route settings for the stage, by routeKey.

" + }, + "StageName": { + "shape": "StringWithLengthBetween1And128", + "locationName": "stageName", + "documentation": "

The name of the stage.

" + }, + "StageVariables": { + "shape": "StageVariablesMap", + "locationName": "stageVariables", + "documentation": "

A map that defines the stage variables for a stage resource. Variable names can have alphanumeric and underscore characters, and the values must match [A-Za-z0-9-._~:/?#&=,]+.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

The collection of tags. Each tag element is associated with a given resource.

" + } + } + }, + "UpdateVpcLinkInput": { + "type": "structure", + "members": { + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + } + }, + "documentation": "

Represents the input parameters for an UpdateVpcLink request.

" + }, + "UpdateVpcLinkRequest": { + "type": "structure", + "members": { + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "VpcLinkId": { + "shape": "__string", + "location": "uri", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + } + }, + "documentation": "

Updates a VPC link.

", + "required": [ + "VpcLinkId" + ] + }, + "UpdateVpcLinkResponse": { + "type": "structure", + "members": { + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the VPC link was created.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

Tags for the VPC link.

" + }, + "VpcLinkId": { + "shape": "Id", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + }, + "VpcLinkStatus": { + "shape": "VpcLinkStatus", + "locationName": "vpcLinkStatus", + "documentation": "

The status of the VPC link.

" + }, + "VpcLinkStatusMessage": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "vpcLinkStatusMessage", + "documentation": "

A message summarizing the cause of the status of the VPC link.

" + }, + "VpcLinkVersion": { + "shape": "VpcLinkVersion", + "locationName": "vpcLinkVersion", + "documentation": "

The version of the VPC link.

" + } + } + }, + "UriWithLengthBetween1And2048": { + "type": "string", + "documentation": "

A string representation of a URI with a length between [1-2048].

" + }, + "VpcLink": { + "type": "structure", + "members": { + "CreatedDate": { + "shape": "__timestampIso8601", + "locationName": "createdDate", + "documentation": "

The timestamp when the VPC link was created.

" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "

The name of the VPC link.

" + }, + "SecurityGroupIds": { + "shape": "SecurityGroupIdList", + "locationName": "securityGroupIds", + "documentation": "

A list of security group IDs for the VPC link.

" + }, + "SubnetIds": { + "shape": "SubnetIdList", + "locationName": "subnetIds", + "documentation": "

A list of subnet IDs to include in the VPC link.

" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "

Tags for the VPC link.

" + }, + "VpcLinkId": { + "shape": "Id", + "locationName": "vpcLinkId", + "documentation": "

The ID of the VPC link.

" + }, + "VpcLinkStatus": { + "shape": "VpcLinkStatus", + "locationName": "vpcLinkStatus", + "documentation": "

The status of the VPC link.

" + }, + "VpcLinkStatusMessage": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "vpcLinkStatusMessage", + "documentation": "

A message summarizing the cause of the status of the VPC link.

" + }, + "VpcLinkVersion": { + "shape": "VpcLinkVersion", + "locationName": "vpcLinkVersion", + "documentation": "

The version of the VPC link.

" + } + }, + "documentation": "

Represents a VPC link.

", + "required": [ + "VpcLinkId", + "SecurityGroupIds", + "SubnetIds", + "Name" + ] + }, + "VpcLinkStatus": { + "type": "string", + "documentation": "

The status of the VPC link.

", + "enum": [ + "PENDING", + "AVAILABLE", + "DELETING", + "FAILED", + "INACTIVE" + ] + }, + "VpcLinkVersion": { + "type": "string", + "documentation": "

The version of the VPC link.

", + "enum": [ + "V2" + ] + }, + "VpcLinks": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfVpcLink", + "locationName": "items", + "documentation": "

A collection of VPC links.

" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "

The next page of elements from this collection. Not valid for the last element of the collection.

" + } + }, + "documentation": "

Represents a collection of VPCLinks.

" + }, + "__boolean": { + "type": "boolean" + }, + "__double": { + "type": "double" + }, + "__integer": { + "type": "integer" + }, + "__listOfApi": { + "type": "list", + "member": { + "shape": "Api" + } + }, + "__listOfApiMapping": { + "type": "list", + "member": { + "shape": "ApiMapping" + } + }, + "__listOfAuthorizer": { + "type": "list", + "member": { + "shape": "Authorizer" + } + }, + "__listOfDeployment": { + "type": "list", + "member": { + "shape": "Deployment" + } + }, + "__listOfDomainName": { + "type": "list", + "member": { + "shape": "DomainName" + } + }, + "__listOfIntegration": { + "type": "list", + "member": { + "shape": "Integration" + } + }, + "__listOfIntegrationResponse": { + "type": "list", + "member": { + "shape": "IntegrationResponse" + } + }, + "__listOfModel": { + "type": "list", + "member": { + "shape": "Model" + } + }, + "__listOfRoute": { + "type": "list", + "member": { + "shape": "Route" + } + }, + "__listOfRouteResponse": { + "type": "list", + "member": { + "shape": "RouteResponse" + } + }, + "__listOfRoutingRule": { + "type": "list", + "member": { + "shape": "RoutingRule" + } + }, + "__listOfRoutingRuleAction": { + "type": "list", + "member": { + "shape": "RoutingRuleAction" + } + }, + "__listOfRoutingRuleCondition": { + "type": "list", + "member": { + "shape": "RoutingRuleCondition" + } + }, + "__listOfRoutingRuleMatchHeaderValue": { + "type": "list", + "member": { + "shape": "RoutingRuleMatchHeaderValue" + } + }, + "__listOfSelectionKey": { + "type": "list", + "member": { + "shape": "SelectionKey" + } + }, + "__listOfStage": { + "type": "list", + "member": { + "shape": "Stage" + } + }, + "__listOfVpcLink": { + "type": "list", + "member": { + "shape": "VpcLink" + } + }, + "__listOf__string": { + "type": "list", + "member": { + "shape": "__string" + } + }, + "__long": { + "type": "long" + }, + "__string": { + "type": "string" + }, + "__timestampIso8601": { + "type": "timestamp", + "timestampFormat": "iso8601" + }, + "__timestampUnix": { + "type": "timestamp", + "timestampFormat": "unixTimestamp" } }, - "documentation" : "

Amazon API Gateway V2

" -} + "documentation": "

Amazon API Gateway V2

" +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/service-2.json 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/service-2.json --- 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -738,7 +738,7 @@ "members":{ "DeletionProtection":{ "shape":"DeletionProtectionSettings", - "documentation":"

A parameter to configure deletion protection. If enabled, deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval. Deletion protection is disabled by default. The default interval for ProtectionPeriodInMinutes is 60.

" + "documentation":"

A parameter to configure deletion protection. Deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval. The default interval for ProtectionPeriodInMinutes is 60.

" } } }, @@ -892,7 +892,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:(aws[a-zA-Z-]*)?:[a-z]+:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:[a-zA-Z0-9-_/:.]+" + "pattern":"arn:(aws[a-zA-Z-]*)?:[a-z]+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:[a-zA-Z0-9-_/:.]+" }, "BadRequestDetails":{ "type":"structure", @@ -1102,7 +1102,7 @@ }, "RetrievalRoleArn":{ "shape":"RoleArn", - "documentation":"

The ARN of an IAM role with permission to access the configuration at the specified LocationUri.

A retrieval role ARN is not required for configurations stored in the AppConfig hosted configuration store. It is required for all other sources that store your configuration.

" + "documentation":"

The ARN of an IAM role with permission to access the configuration at the specified LocationUri.

A retrieval role ARN is not required for configurations stored in CodePipeline or the AppConfig hosted configuration store. It is required for all other sources that store your configuration.

" }, "Validators":{ "shape":"ValidatorList", @@ -1349,7 +1349,7 @@ }, "DeletionProtectionCheck":{ "shape":"DeletionProtectionCheck", - "documentation":"

A parameter to configure deletion protection. If enabled, deletion protection prevents a user from deleting a configuration profile if your application has called either GetLatestConfiguration or for the configuration profile during the specified interval.

This parameter supports the following values:

  • BYPASS: Instructs AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it.

  • APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks.

  • ACCOUNT_DEFAULT: The default setting, which instructs AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API.

", + "documentation":"

A parameter to configure deletion protection. Deletion protection prevents a user from deleting a configuration profile if your application has called either GetLatestConfiguration or for the configuration profile during the specified interval.

This parameter supports the following values:

  • BYPASS: Instructs AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it.

  • APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks.

  • ACCOUNT_DEFAULT: The default setting, which instructs AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API.

", "location":"header", "locationName":"x-amzn-deletion-protection-check" } @@ -1388,7 +1388,7 @@ }, "DeletionProtectionCheck":{ "shape":"DeletionProtectionCheck", - "documentation":"

A parameter to configure deletion protection. If enabled, deletion protection prevents a user from deleting an environment if your application called either GetLatestConfiguration or in the environment during the specified interval.

This parameter supports the following values:

  • BYPASS: Instructs AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it.

  • APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks.

  • ACCOUNT_DEFAULT: The default setting, which instructs AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API.

", + "documentation":"

A parameter to configure deletion protection. Deletion protection prevents a user from deleting an environment if your application called either GetLatestConfiguration or in the environment during the specified interval.

This parameter supports the following values:

  • BYPASS: Instructs AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it.

  • APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks.

  • ACCOUNT_DEFAULT: The default setting, which instructs AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API.

", "location":"header", "locationName":"x-amzn-deletion-protection-check" } @@ -1481,7 +1481,7 @@ "box":true } }, - "documentation":"

A parameter to configure deletion protection. If enabled, deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval.

This setting uses the following default values:

  • Deletion protection is disabled by default.

  • The default interval specified by ProtectionPeriodInMinutes is 60.

  • DeletionProtectionCheck skips configuration profiles and environments that were created in the past hour.

" + "documentation":"

A parameter to configure deletion protection. Deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval.

The default interval specified by ProtectionPeriodInMinutes is 60. DeletionProtectionCheck skips configuration profiles and environments that were created in the past hour.

" }, "Deployment":{ "type":"structure", @@ -1773,7 +1773,8 @@ "key":{"shape":"DynamicParameterKey"}, "value":{"shape":"StringWithLengthBetween1And2048"}, "max":10, - "min":1 + "min":1, + "sensitive":true }, "Environment":{ "type":"structure", @@ -2719,7 +2720,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\\d{12}:role[/].*)$" + "pattern":"^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov|aws-eusc):(iam)::\\d{12}:role[/].*)$" }, "ServiceQuotaExceededException":{ "type":"structure", @@ -2916,7 +2917,7 @@ "members":{ "DeletionProtection":{ "shape":"DeletionProtectionSettings", - "documentation":"

A parameter to configure deletion protection. If enabled, deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval. Deletion protection is disabled by default. The default interval for ProtectionPeriodInMinutes is 60.

" + "documentation":"

A parameter to configure deletion protection. Deletion protection prevents a user from deleting a configuration profile or an environment if AppConfig has called either GetLatestConfiguration or for the configuration profile or from the environment during the specified interval. The default interval for ProtectionPeriodInMinutes is 60.

" } } }, @@ -2969,7 +2970,7 @@ }, "RetrievalRoleArn":{ "shape":"RoleArn", - "documentation":"

The ARN of an IAM role with permission to access the configuration at the specified LocationUri.

" + "documentation":"

The ARN of an IAM role with permission to access the configuration at the specified LocationUri.

A retrieval role ARN is not required for configurations stored in CodePipeline or the AppConfig hosted configuration store. It is required for all other sources that store your configuration.

" }, "Validators":{ "shape":"ValidatorList", @@ -3176,5 +3177,5 @@ "pattern":".*[^0-9].*" } }, - "documentation":"

AppConfig feature flags and dynamic configurations help software builders quickly and securely adjust application behavior in production environments without full code deployments. AppConfig speeds up software release frequency, improves application resiliency, and helps you address emergent issues more quickly. With feature flags, you can gradually release new capabilities to users and measure the impact of those changes before fully deploying the new capabilities to all users. With operational flags and dynamic configurations, you can update block lists, allow lists, throttling limits, logging verbosity, and perform other operational tuning to quickly respond to issues in production environments.

AppConfig is a capability of Amazon Web Services Systems Manager.

Despite the fact that application configuration content can vary greatly from application to application, AppConfig supports the following use cases, which cover a broad spectrum of customer needs:

  • Feature flags and toggles - Safely release new capabilities to your customers in a controlled environment. Instantly roll back changes if you experience a problem.

  • Application tuning - Carefully introduce application changes while testing the impact of those changes with users in production environments.

  • Allow list or block list - Control access to premium features or instantly block specific users without deploying new code.

  • Centralized configuration storage - Keep your configuration data organized and consistent across all of your workloads. You can use AppConfig to deploy configuration data stored in the AppConfig hosted configuration store, Secrets Manager, Systems Manager, Parameter Store, or Amazon S3.

How AppConfig works

This section provides a high-level description of how AppConfig works and how you get started.

1. Identify configuration values in code you want to manage in the cloud

Before you start creating AppConfig artifacts, we recommend you identify configuration data in your code that you want to dynamically manage using AppConfig. Good examples include feature flags or toggles, allow and block lists, logging verbosity, service limits, and throttling rules, to name a few.

If your configuration data already exists in the cloud, you can take advantage of AppConfig validation, deployment, and extension features to further streamline configuration data management.

2. Create an application namespace

To create a namespace, you create an AppConfig artifact called an application. An application is simply an organizational construct like a folder.

3. Create environments

For each AppConfig application, you define one or more environments. An environment is a logical grouping of targets, such as applications in a Beta or Production environment, Lambda functions, or containers. You can also define environments for application subcomponents, such as the Web, Mobile, and Back-end.

You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.

4. Create a configuration profile

A configuration profile includes, among other things, a URI that enables AppConfig to locate your configuration data in its stored location and a profile type. AppConfig supports two configuration profile types: feature flags and freeform configurations. Feature flag configuration profiles store their data in the AppConfig hosted configuration store and the URI is simply hosted. For freeform configuration profiles, you can store your data in the AppConfig hosted configuration store or any Amazon Web Services service that integrates with AppConfig, as described in Creating a free form configuration profile in the the AppConfig User Guide.

A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. AppConfig performs a check using the validators when you start a deployment. If any errors are detected, the deployment rolls back to the previous configuration data.

5. Deploy configuration data

When you create a new deployment, you specify the following:

  • An application ID

  • A configuration profile ID

  • A configuration version

  • An environment ID where you want to deploy the configuration data

  • A deployment strategy ID that defines how fast you want the changes to take effect

When you call the StartDeployment API action, AppConfig performs the following tasks:

  1. Retrieves the configuration data from the underlying data store by using the location URI in the configuration profile.

  2. Verifies the configuration data is syntactically and semantically correct by using the validators you specified when you created your configuration profile.

  3. Caches a copy of the data so it is ready to be retrieved by your application. This cached copy is called the deployed data.

6. Retrieve the configuration

You can configure AppConfig Agent as a local host and have the agent poll AppConfig for configuration updates. The agent calls the StartConfigurationSession and GetLatestConfiguration API actions and caches your configuration data locally. To retrieve the data, your application makes an HTTP call to the localhost server. AppConfig Agent supports several use cases, as described in Simplified retrieval methods in the the AppConfig User Guide.

If AppConfig Agent isn't supported for your use case, you can configure your application to poll AppConfig for configuration updates by directly calling the StartConfigurationSession and GetLatestConfiguration API actions.

This reference is intended to be used with the AppConfig User Guide.

" + "documentation":"

AppConfig feature flags and dynamic configurations help software builders quickly and securely adjust application behavior in production environments without full code deployments. AppConfig speeds up software release frequency, improves application resiliency, and helps you address emergent issues more quickly. With feature flags, you can gradually release new capabilities to users and measure the impact of those changes before fully deploying the new capabilities to all users. With operational flags and dynamic configurations, you can update block lists, allow lists, throttling limits, logging verbosity, and perform other operational tuning to quickly respond to issues in production environments.

AppConfig is a tool in Amazon Web Services Systems Manager.

Despite the fact that application configuration content can vary greatly from application to application, AppConfig supports the following use cases, which cover a broad spectrum of customer needs:

  • Feature flags and toggles - Safely release new capabilities to your customers in a controlled environment. Instantly roll back changes if you experience a problem.

  • Application tuning - Carefully introduce application changes while testing the impact of those changes with users in production environments.

  • Allow list or block list - Control access to premium features or instantly block specific users without deploying new code.

  • Centralized configuration storage - Keep your configuration data organized and consistent across all of your workloads. You can use AppConfig to deploy configuration data stored in the AppConfig hosted configuration store, Secrets Manager, Systems Manager, Parameter Store, or Amazon S3.

How AppConfig works

This section provides a high-level description of how AppConfig works and how you get started.

1. Identify configuration values in code you want to manage in the cloud

Before you start creating AppConfig artifacts, we recommend you identify configuration data in your code that you want to dynamically manage using AppConfig. Good examples include feature flags or toggles, allow and block lists, logging verbosity, service limits, and throttling rules, to name a few.

If your configuration data already exists in the cloud, you can take advantage of AppConfig validation, deployment, and extension features to further streamline configuration data management.

2. Create an application namespace

To create a namespace, you create an AppConfig artifact called an application. An application is simply an organizational construct like a folder.

3. Create environments

For each AppConfig application, you define one or more environments. An environment is a logical grouping of targets, such as applications in a Beta or Production environment, Lambda functions, or containers. You can also define environments for application subcomponents, such as the Web, Mobile, and Back-end.

You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.

4. Create a configuration profile

A configuration profile includes, among other things, a URI that enables AppConfig to locate your configuration data in its stored location and a profile type. AppConfig supports two configuration profile types: feature flags and freeform configurations. Feature flag configuration profiles store their data in the AppConfig hosted configuration store and the URI is simply hosted. For freeform configuration profiles, you can store your data in the AppConfig hosted configuration store or any Amazon Web Services service that integrates with AppConfig, as described in Creating a free form configuration profile in the the AppConfig User Guide.

A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. AppConfig performs a check using the validators when you start a deployment. If any errors are detected, the deployment rolls back to the previous configuration data.

5. Deploy configuration data

When you create a new deployment, you specify the following:

  • An application ID

  • A configuration profile ID

  • A configuration version

  • An environment ID where you want to deploy the configuration data

  • A deployment strategy ID that defines how fast you want the changes to take effect

When you call the StartDeployment API action, AppConfig performs the following tasks:

  1. Retrieves the configuration data from the underlying data store by using the location URI in the configuration profile.

  2. Verifies the configuration data is syntactically and semantically correct by using the validators you specified when you created your configuration profile.

  3. Caches a copy of the data so it is ready to be retrieved by your application. This cached copy is called the deployed data.

6. Retrieve the configuration

You can configure AppConfig Agent as a local host and have the agent poll AppConfig for configuration updates. The agent calls the StartConfigurationSession and GetLatestConfiguration API actions and caches your configuration data locally. To retrieve the data, your application makes an HTTP call to the localhost server. AppConfig Agent supports several use cases, as described in Simplified retrieval methods in the the AppConfig User Guide.

If AppConfig Agent isn't supported for your use case, you can configure your application to poll AppConfig for configuration updates by directly calling the StartConfigurationSession and GetLatestConfiguration API actions.

This reference is intended to be used with the AppConfig User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/waiters-2.json 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/waiters-2.json --- 2.23.6-1/awscli/botocore/data/appconfig/2019-10-09/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appconfig/2019-10-09/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,55 @@ +{ + "version": 2, + "waiters": { + "EnvironmentReadyForDeployment": { + "operation": "GetEnvironment", + "delay": 30, + "maxAttempts": 999, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "State", + "expected": "ReadyForDeployment" + }, + { + "state": "failure", + "matcher": "path", + "argument": "State", + "expected": "RolledBack" + }, + { + "state": "failure", + "matcher": "path", + "argument": "State", + "expected": "Reverted" + } + ] + }, + "DeploymentComplete": { + "operation": "GetDeployment", + "delay": 30, + "maxAttempts": 999, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "State", + "expected": "COMPLETE" + }, + { + "state": "failure", + "matcher": "path", + "argument": "State", + "expected": "ROLLED_BACK" + }, + { + "state": "failure", + "matcher": "path", + "argument": "State", + "expected": "REVERTED" + } + ] + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/appconfigdata/2021-11-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appconfigdata/2021-11-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appconfigdata/2021-11-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appconfigdata/2021-11-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appfabric/2023-05-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appfabric/2023-05-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appfabric/2023-05-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appfabric/2023-05-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/appflow/2020-08-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appflow/2020-08-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appflow/2020-08-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appflow/2020-08-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appflow/2020-08-23/service-2.json 2.31.35-1/awscli/botocore/data/appflow/2020-08-23/service-2.json --- 2.23.6-1/awscli/botocore/data/appflow/2020-08-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appflow/2020-08-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -497,14 +497,12 @@ }, "AmplitudeConnectorProfileProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector-specific profile properties required when using Amplitude.

" }, "AmplitudeMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Amplitude.

" }, "AmplitudeSourceProperties":{ @@ -1914,8 +1912,7 @@ }, "CustomerProfilesMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Amazon Connect Customer Profiles.

" }, "DataApiRoleArn":{ @@ -2018,8 +2015,7 @@ }, "DatadogMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Datadog.

" }, "DatadogSourceProperties":{ @@ -2055,8 +2051,7 @@ }, "DeleteConnectorProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFlowRequest":{ "type":"structure", @@ -2074,8 +2069,7 @@ }, "DeleteFlowResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeConnectorEntityRequest":{ "type":"structure", @@ -2509,8 +2503,7 @@ }, "DynatraceMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Dynatrace.

" }, "DynatraceSourceProperties":{ @@ -2585,8 +2578,7 @@ }, "EventBridgeMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Amazon EventBridge.

" }, "ExecutionDetails":{ @@ -2939,8 +2931,7 @@ }, "GoogleAnalyticsConnectorProfileProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector-specific profile properties required by Google Analytics.

" }, "GoogleAnalyticsMetadata":{ @@ -2986,8 +2977,7 @@ }, "HoneycodeConnectorProfileProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector-specific properties required when using Amazon Honeycode.

" }, "HoneycodeDestinationProperties":{ @@ -3094,8 +3084,7 @@ }, "InforNexusMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Infor Nexus.

" }, "InforNexusSourceProperties":{ @@ -3291,8 +3280,7 @@ "Long":{"type":"long"}, "LookoutMetricsDestinationProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The properties that are applied when Amazon Lookout for Metrics is used as a destination.

" }, "MarketoConnectorOperator":{ @@ -3367,8 +3355,7 @@ }, "MarketoMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Marketo.

" }, "MarketoSourceProperties":{ @@ -3770,8 +3757,7 @@ }, "PardotMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Salesforce Pardot.

" }, "PardotSourceProperties":{ @@ -4019,8 +4005,7 @@ }, "RedshiftMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Amazon Redshift.

" }, "RefreshToken":{ @@ -4122,8 +4107,7 @@ }, "ResetConnectorMetadataCacheResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceNotFoundException":{ "type":"structure", @@ -4199,8 +4183,7 @@ }, "S3Metadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Amazon S3.

" }, "S3OutputFormatConfig":{ @@ -4353,8 +4336,7 @@ }, "SAPODataMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to SAPOData.

" }, "SAPODataPaginationConfig":{ @@ -4682,8 +4664,7 @@ }, "ServiceNowMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to ServiceNow.

" }, "ServiceNowSourceProperties":{ @@ -4738,14 +4719,12 @@ }, "SingularConnectorProfileProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector-specific profile properties required when using Singular.

" }, "SingularMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Singular.

" }, "SingularSourceProperties":{ @@ -5220,8 +5199,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5344,14 +5322,12 @@ }, "TrendmicroConnectorProfileProperties":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector-specific profile properties required when using Trend Micro.

" }, "TrendmicroMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Trend Micro.

" }, "TrendmicroSourceProperties":{ @@ -5418,8 +5394,7 @@ }, "UnregisterConnectorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UnsupportedOperationException":{ "type":"structure", @@ -5453,8 +5428,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectorProfileRequest":{ "type":"structure", @@ -5607,8 +5581,7 @@ }, "UpsolverMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Upsolver.

" }, "UpsolverS3OutputFormatConfig":{ @@ -5700,8 +5673,7 @@ }, "VeevaMetadata":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The connector metadata specific to Veeva.

" }, "VeevaSourceProperties":{ diff -pruN 2.23.6-1/awscli/botocore/data/appintegrations/2020-07-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appintegrations/2020-07-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appintegrations/2020-07-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appintegrations/2020-07-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appintegrations/2020-07-29/service-2.json 2.31.35-1/awscli/botocore/data/appintegrations/2020-07-29/service-2.json --- 2.23.6-1/awscli/botocore/data/appintegrations/2020-07-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appintegrations/2020-07-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -446,6 +446,16 @@ "max":50, "min":1 }, + "ApplicationConfig":{ + "type":"structure", + "members":{ + "ContactHandling":{ + "shape":"ContactHandling", + "documentation":"

The contact handling configuration for the application.

" + } + }, + "documentation":"

The configuration settings for the application.

" + }, "ApplicationName":{ "type":"string", "max":255, @@ -494,6 +504,10 @@ "LastModifiedTime":{ "shape":"Timestamp", "documentation":"

The time when the application was last modified.

" + }, + "IsService":{ + "shape":"Boolean", + "documentation":"

Indicates whether the application is a service.

" } }, "documentation":"

Summary information about the Application.

" @@ -522,6 +536,7 @@ "min":1, "pattern":"^(arn:aws:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})(:[\\w\\$]+)?$" }, + "Boolean":{"type":"boolean"}, "ClientAssociationMetadata":{ "type":"map", "key":{"shape":"NonBlankString"}, @@ -533,6 +548,23 @@ "min":1, "pattern":".*" }, + "ContactHandling":{ + "type":"structure", + "members":{ + "Scope":{ + "shape":"ContactHandlingScope", + "documentation":"

Indicates whether the application refreshes for each contact or refreshes only with each new browser session.

" + } + }, + "documentation":"

The contact handling configuration for the application.

" + }, + "ContactHandlingScope":{ + "type":"string", + "enum":[ + "CROSS_CONTACTS", + "PER_CONTACT" + ] + }, "CreateApplicationRequest":{ "type":"structure", "required":[ @@ -581,6 +613,22 @@ "Permissions":{ "shape":"PermissionList", "documentation":"

The configuration of events or requests that the application has access to.

" + }, + "IsService":{ + "shape":"Boolean", + "documentation":"

Indicates whether the application is a service.

" + }, + "InitializationTimeout":{ + "shape":"InitializationTimeout", + "documentation":"

The maximum time in milliseconds allowed to establish a connection with the workspace.

" + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

The configuration settings for the application.

" + }, + "IframeConfig":{ + "shape":"IframeConfig", + "documentation":"

The iframe configuration for the application.

" } } }, @@ -854,8 +902,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataIntegrationRequest":{ "type":"structure", @@ -871,8 +918,7 @@ }, "DeleteDataIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventIntegrationRequest":{ "type":"structure", @@ -888,8 +934,7 @@ }, "DeleteEventIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -1166,6 +1211,22 @@ "Permissions":{ "shape":"PermissionList", "documentation":"

The configuration of events or requests that the application has access to.

" + }, + "IsService":{ + "shape":"Boolean", + "documentation":"

Indicates whether the application is a service.

" + }, + "InitializationTimeout":{ + "shape":"InitializationTimeout", + "documentation":"

The maximum time in milliseconds allowed to establish a connection with the workspace.

" + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

The configuration settings for the application.

" + }, + "IframeConfig":{ + "shape":"IframeConfig", + "documentation":"

The iframe configuration for the application.

" } } }, @@ -1279,6 +1340,39 @@ "min":1, "pattern":".*\\S.*" }, + "IframeConfig":{ + "type":"structure", + "members":{ + "Allow":{ + "shape":"IframePermissionList", + "documentation":"

The list of features that are allowed in the iframe.

" + }, + "Sandbox":{ + "shape":"IframePermissionList", + "documentation":"

The list of sandbox attributes for the iframe.

" + } + }, + "documentation":"

The iframe configuration for the application.

" + }, + "IframePermission":{ + "type":"string", + "documentation":"

A permission for the iframe.

", + "max":100, + "min":1, + "pattern":"^[a-z-]+$" + }, + "IframePermissionList":{ + "type":"list", + "member":{"shape":"IframePermission"}, + "documentation":"

A list of permissions for the iframe.

", + "max":25, + "min":0 + }, + "InitializationTimeout":{ + "type":"integer", + "max":600000, + "min":1 + }, "InternalServiceError":{ "type":"structure", "members":{ @@ -1742,8 +1836,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1801,8 +1894,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", @@ -1841,13 +1933,29 @@ "Permissions":{ "shape":"PermissionList", "documentation":"

The configuration of events or requests that the application has access to.

" + }, + "IsService":{ + "shape":"Boolean", + "documentation":"

Indicates whether the application is a service.

", + "box":true + }, + "InitializationTimeout":{ + "shape":"InitializationTimeout", + "documentation":"

The maximum time in milliseconds allowed to establish a connection with the workspace.

" + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

The configuration settings for the application.

" + }, + "IframeConfig":{ + "shape":"IframeConfig", + "documentation":"

The iframe configuration for the application.

" } } }, "UpdateApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataIntegrationAssociationRequest":{ "type":"structure", @@ -1877,8 +1985,7 @@ }, "UpdateDataIntegrationAssociationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataIntegrationRequest":{ "type":"structure", @@ -1902,8 +2009,7 @@ }, "UpdateDataIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEventIntegrationRequest":{ "type":"structure", @@ -1923,8 +2029,7 @@ }, "UpdateEventIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} } }, "documentation":"

The Amazon AppIntegrations service enables you to configure and reuse connections to external applications.

For information about how you can use external applications with Amazon Connect, see the following topics in the Amazon Connect Administrator Guide:

" diff -pruN 2.23.6-1/awscli/botocore/data/application-autoscaling/2016-02-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/application-autoscaling/2016-02-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/application-autoscaling/2016-02-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-autoscaling/2016-02-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/application-autoscaling/2016-02-06/service-2.json 2.31.35-1/awscli/botocore/data/application-autoscaling/2016-02-06/service-2.json --- 2.23.6-1/awscli/botocore/data/application-autoscaling/2016-02-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-autoscaling/2016-02-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -171,7 +171,7 @@ {"shape":"FailedResourceAccessException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Creates or updates a scaling policy for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scaling policy applies to the scalable target identified by those three attributes. You cannot create a scaling policy until you have registered the resource as a scalable target.

Multiple scaling policies can be in force at the same time for the same scalable target. You can have one or more target tracking scaling policies, one or more step scaling policies, or both. However, there is a chance that multiple policies could conflict, instructing the scalable target to scale out or in at the same time. Application Auto Scaling gives precedence to the policy that provides the largest capacity for both scale out and scale in. For example, if one policy increases capacity by 3, another policy increases capacity by 200 percent, and the current capacity is 10, Application Auto Scaling uses the policy with the highest calculated capacity (200% of 10 = 20) and scales out to 30.

We recommend caution, however, when using target tracking scaling policies with step scaling policies because conflicts between these policies can cause undesirable behavior. For example, if the step scaling policy initiates a scale-in activity before the target tracking policy is ready to scale in, the scale-in activity will not be blocked. After the scale-in activity completes, the target tracking policy could instruct the scalable target to scale out again.

For more information, see Target tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to use scaling policies. Any scaling policies that were specified for the scalable target are deleted.

" + "documentation":"

Creates or updates a scaling policy for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scaling policy applies to the scalable target identified by those three attributes. You cannot create a scaling policy until you have registered the resource as a scalable target.

Multiple scaling policies can be in force at the same time for the same scalable target. You can have one or more target tracking scaling policies, one or more step scaling policies, or both. However, there is a chance that multiple policies could conflict, instructing the scalable target to scale out or in at the same time. Application Auto Scaling gives precedence to the policy that provides the largest capacity for both scale out and scale in. For example, if one policy increases capacity by 3, another policy increases capacity by 200 percent, and the current capacity is 10, Application Auto Scaling uses the policy with the highest calculated capacity (200% of 10 = 20) and scales out to 30.

We recommend caution, however, when using target tracking scaling policies with step scaling policies because conflicts between these policies can cause undesirable behavior. For example, if the step scaling policy initiates a scale-in activity before the target tracking policy is ready to scale in, the scale-in activity will not be blocked. After the scale-in activity completes, the target tracking policy could instruct the scalable target to scale out again.

For more information, see Target tracking scaling policies, Step scaling policies, and Predictive scaling policies in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to use scaling policies. Any scaling policies that were specified for the scalable target are deleted.

" }, "PutScheduledAction":{ "name":"PutScheduledAction", @@ -349,18 +349,17 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" } } }, "DeleteScalingPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScheduledActionRequest":{ "type":"structure", @@ -381,18 +380,17 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" } } }, "DeleteScheduledActionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterScalableTargetRequest":{ "type":"structure", @@ -408,18 +406,17 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" } } }, "DeregisterScalableTargetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeScalableTargetsRequest":{ "type":"structure", @@ -431,11 +428,11 @@ }, "ResourceIds":{ "shape":"ResourceIdsMaxLen1600", - "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MaxResults":{ "shape":"MaxResults", @@ -470,11 +467,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MaxResults":{ "shape":"MaxResults", @@ -517,11 +514,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MaxResults":{ "shape":"MaxResults", @@ -560,11 +557,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property. If you specify a scalable dimension, you must also specify a resource ID.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MaxResults":{ "shape":"MaxResults", @@ -803,6 +800,8 @@ "CassandraReadCapacityUtilization", "CassandraWriteCapacityUtilization", "KafkaBrokerStorageUtilization", + "ElastiCacheEngineCPUUtilization", + "ElastiCacheDatabaseMemoryUsagePercentage", "ElastiCachePrimaryEngineCPUUtilization", "ElastiCacheReplicaEngineCPUUtilization", "ElastiCacheDatabaseMemoryUsageCountedForEvictPercentage", @@ -1126,7 +1125,7 @@ "documentation":"

A label that uniquely identifies a target group.

" } }, - "documentation":"

Describes a load metric for a predictive scaling policy.

When returned in the output of DescribePolicies, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.

" + "documentation":"

Describes a load metric for a predictive scaling policy.

When returned in the output of DescribePolicies, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.

The following predefined metrics are available for predictive scaling:

  • ECSServiceAverageCPUUtilization

  • ECSServiceAverageMemoryUtilization

  • ECSServiceCPUUtilization

  • ECSServiceMemoryUtilization

  • ECSServiceTotalCPUUtilization

  • ECSServiceTotalMemoryUtilization

  • ALBRequestCount

  • ALBRequestCountPerTarget

  • TotalALBRequestCount

" }, "PredictiveScalingPredefinedMetricPairSpecification":{ "type":"structure", @@ -1141,7 +1140,7 @@ "documentation":"

A label that uniquely identifies a specific target group from which to determine the total and average request count.

" } }, - "documentation":"

Represents a metric pair for a predictive scaling policy.

" + "documentation":"

Represents a metric pair for a predictive scaling policy.

The following predefined metrics are available for predictive scaling:

  • ECSServiceAverageCPUUtilization

  • ECSServiceAverageMemoryUtilization

  • ECSServiceCPUUtilization

  • ECSServiceMemoryUtilization

  • ECSServiceTotalCPUUtilization

  • ECSServiceTotalMemoryUtilization

  • ALBRequestCount

  • ALBRequestCountPerTarget

  • TotalALBRequestCount

" }, "PredictiveScalingPredefinedScalingMetricSpecification":{ "type":"structure", @@ -1156,7 +1155,7 @@ "documentation":"

A label that uniquely identifies a specific target group from which to determine the average request count.

" } }, - "documentation":"

Describes a scaling metric for a predictive scaling policy.

When returned in the output of DescribePolicies, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.

" + "documentation":"

Describes a scaling metric for a predictive scaling policy.

When returned in the output of DescribePolicies, it indicates that a predictive scaling policy uses individually specified load and scaling metrics instead of a metric pair.

The following predefined metrics are available for predictive scaling:

  • ECSServiceAverageCPUUtilization

  • ECSServiceAverageMemoryUtilization

  • ECSServiceCPUUtilization

  • ECSServiceMemoryUtilization

  • ECSServiceTotalCPUUtilization

  • ECSServiceTotalMemoryUtilization

  • ALBRequestCount

  • ALBRequestCountPerTarget

  • TotalALBRequestCount

" }, "PredictiveScalingSchedulingBufferTime":{ "type":"integer", @@ -1182,15 +1181,15 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

The scaling policy type. This parameter is required if you are creating a scaling policy.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR.

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.

For more information, see Target tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.

" + "documentation":"

The scaling policy type. This parameter is required if you are creating a scaling policy.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR.

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.

PredictiveScaling—Only supported for Amazon ECS.

For more information, see Target tracking scaling policies, Step scaling policies, and Predictive scaling policies in the Application Auto Scaling User Guide.

" }, "StepScalingPolicyConfiguration":{ "shape":"StepScalingPolicyConfiguration", @@ -1247,11 +1246,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "StartTime":{ "shape":"TimestampType", @@ -1269,8 +1268,7 @@ }, "PutScheduledActionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RegisterScalableTargetRequest":{ "type":"structure", @@ -1286,11 +1284,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource that is associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource that is associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MinCapacity":{ "shape":"ResourceCapacity", @@ -1377,6 +1375,7 @@ "cassandra:table:ReadCapacityUnits", "cassandra:table:WriteCapacityUnits", "kafka:broker-storage:VolumeSize", + "elasticache:cache-cluster:Nodes", "elasticache:replication-group:NodeGroups", "elasticache:replication-group:Replicas", "neptune:cluster:ReadReplicaCount", @@ -1403,11 +1402,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "MinCapacity":{ "shape":"ResourceCapacity", @@ -1485,11 +1484,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "Description":{ "shape":"XmlString", @@ -1568,15 +1567,15 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

The scaling policy type.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.

" + "documentation":"

The scaling policy type.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.

PredictiveScaling—Only supported for Amazon ECS

" }, "StepScalingPolicyConfiguration":{ "shape":"StepScalingPolicyConfiguration", @@ -1635,11 +1634,11 @@ }, "ResourceId":{ "shape":"ResourceIdMaxLen1600", - "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" + "documentation":"

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

  • ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.

  • Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.

  • EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.

  • AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.

  • DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.

  • DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.

  • Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.

  • SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our GitHub repository.

  • Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.

  • Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.

  • Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.

  • Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.

  • Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.

  • Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.

  • Amazon ElastiCache cache cluster - The resource type is cache-cluster and the unique identifier is the cache cluster name. Example: cache-cluster/mycluster.

  • Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.

  • SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.

  • SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.

  • Pool of WorkSpaces - The resource type is workspacespool and the unique identifier is the pool ID. Example: workspacespool/wspool-123456.

" }, "ScalableDimension":{ "shape":"ScalableDimension", - "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" + "documentation":"

The scalable dimension. This string consists of the service namespace, resource type, and scaling property.

  • ecs:service:DesiredCount - The task count of an ECS service.

  • elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.

  • ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.

  • appstream:fleet:DesiredCapacity - The capacity of an AppStream 2.0 fleet.

  • dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.

  • dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.

  • dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.

  • dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.

  • rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.

  • sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.

  • custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.

  • comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.

  • comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.

  • lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.

  • cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.

  • cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.

  • kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.

  • elasticache:cache-cluster:Nodes - The number of nodes for an Amazon ElastiCache cache cluster.

  • elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.

  • elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.

  • neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.

  • sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.

  • sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.

  • workspaces:workspacespool:DesiredUserSessions - The number of user sessions for the WorkSpaces in the pool.

" }, "StartTime":{ "shape":"TimestampType", @@ -1792,8 +1791,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1986,8 +1984,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -2002,5 +1999,5 @@ "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*" } }, - "documentation":"

With Application Auto Scaling, you can configure automatic scaling for the following resources:

  • Amazon AppStream 2.0 fleets

  • Amazon Aurora Replicas

  • Amazon Comprehend document classification and entity recognizer endpoints

  • Amazon DynamoDB tables and global secondary indexes throughput capacity

  • Amazon ECS services

  • Amazon ElastiCache for Redis clusters (replication groups)

  • Amazon EMR clusters

  • Amazon Keyspaces (for Apache Cassandra) tables

  • Lambda function provisioned concurrency

  • Amazon Managed Streaming for Apache Kafka broker storage

  • Amazon Neptune clusters

  • Amazon SageMaker endpoint variants

  • Amazon SageMaker inference components

  • Amazon SageMaker serverless endpoint provisioned concurrency

  • Spot Fleets (Amazon EC2)

  • Pool of WorkSpaces

  • Custom resources provided by your own applications or services

To learn more about Application Auto Scaling, see the Application Auto Scaling User Guide.

API Summary

The Application Auto Scaling service API includes three key sets of actions:

  • Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and retrieve information on existing scalable targets.

  • Configure and manage automatic scaling - Define scaling policies to dynamically scale your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions, and retrieve your recent scaling activity history.

  • Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can suspend and resume (individually or in combination) scale-out activities that are triggered by a scaling policy, scale-in activities that are triggered by a scaling policy, and scheduled scaling.

" + "documentation":"

With Application Auto Scaling, you can configure automatic scaling for the following resources:

  • Amazon AppStream 2.0 fleets

  • Amazon Aurora Replicas

  • Amazon Comprehend document classification and entity recognizer endpoints

  • Amazon DynamoDB tables and global secondary indexes throughput capacity

  • Amazon ECS services

  • Amazon ElastiCache replication groups (Redis OSS and Valkey) and Memcached clusters

  • Amazon EMR clusters

  • Amazon Keyspaces (for Apache Cassandra) tables

  • Lambda function provisioned concurrency

  • Amazon Managed Streaming for Apache Kafka broker storage

  • Amazon Neptune clusters

  • Amazon SageMaker endpoint variants

  • Amazon SageMaker inference components

  • Amazon SageMaker serverless endpoint provisioned concurrency

  • Spot Fleets (Amazon EC2)

  • Pool of WorkSpaces

  • Custom resources provided by your own applications or services

To learn more about Application Auto Scaling, see the Application Auto Scaling User Guide.

API Summary

The Application Auto Scaling service API includes three key sets of actions:

  • Register and manage scalable targets - Register Amazon Web Services or custom resources as scalable targets (a resource that Application Auto Scaling can scale), set minimum and maximum capacity limits, and retrieve information on existing scalable targets.

  • Configure and manage automatic scaling - Define scaling policies to dynamically scale your resources in response to CloudWatch alarms, schedule one-time or recurring scaling actions, and retrieve your recent scaling activity history.

  • Suspend and resume scaling - Temporarily suspend and later resume automatic scaling by calling the RegisterScalableTarget API action for any Application Auto Scaling scalable target. You can suspend and resume (individually or in combination) scale-out activities that are triggered by a scaling policy, scale-in activities that are triggered by a scaling policy, and scheduled scaling.

" } diff -pruN 2.23.6-1/awscli/botocore/data/application-insights/2018-11-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/application-insights/2018-11-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/application-insights/2018-11-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-insights/2018-11-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/application-insights/2018-11-25/service-2.json 2.31.35-1/awscli/botocore/data/application-insights/2018-11-25/service-2.json --- 2.23.6-1/awscli/botocore/data/application-insights/2018-11-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-insights/2018-11-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -850,8 +850,7 @@ }, "CreateComponentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateLogPatternRequest":{ "type":"structure", @@ -916,8 +915,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteComponentRequest":{ "type":"structure", @@ -938,8 +936,7 @@ }, "DeleteComponentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLogPatternRequest":{ "type":"structure", @@ -965,8 +962,7 @@ }, "DeleteLogPatternResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeApplicationRequest":{ "type":"structure", @@ -2050,8 +2046,7 @@ }, "RemoveWorkloadResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResolutionMethod":{ "type":"string", @@ -2188,8 +2183,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2268,8 +2262,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", @@ -2353,8 +2346,7 @@ }, "UpdateComponentConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateComponentRequest":{ "type":"structure", @@ -2383,8 +2375,7 @@ }, "UpdateComponentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLogPatternRequest":{ "type":"structure", @@ -2449,8 +2440,7 @@ }, "UpdateProblemResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStatus":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "ServiceSummaries" + }, + "ListServiceLevelObjectiveExclusionWindows": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ExclusionWindows" + }, + "ListServiceStates": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ServiceStates" } } } diff -pruN 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,6 +25,12 @@ "StartTime", "EndTime" ] + }, + "ListServiceStates": { + "non_aggregate_keys": [ + "StartTime", + "EndTime" + ] } } } diff -pruN 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/service-2.json 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/service-2.json --- 2.23.6-1/awscli/botocore/data/application-signals/2024-04-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/application-signals/2024-04-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,6 +28,22 @@ ], "documentation":"

Use this operation to retrieve one or more service level objective (SLO) budget reports.

An error budget is the amount of time or requests in an unhealthy state that your service can accumulate during an interval before your overall SLO budget health is breached and the SLO is considered to be unmet. For example, an SLO with a threshold of 99.95% and a monthly interval translates to an error budget of 21.9 minutes of downtime in a 30-day month.

Budget reports include a health indicator, the attainment value, and remaining budget.

For more information about SLO error budgets, see SLO concepts.

" }, + "BatchUpdateExclusionWindows":{ + "name":"BatchUpdateExclusionWindows", + "http":{ + "method":"PATCH", + "requestUri":"/exclusion-windows", + "responseCode":200 + }, + "input":{"shape":"BatchUpdateExclusionWindowsInput"}, + "output":{"shape":"BatchUpdateExclusionWindowsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Add or remove time window exclusions for one or more Service Level Objectives (SLOs).

" + }, "CreateServiceLevelObjective":{ "name":"CreateServiceLevelObjective", "http":{ @@ -44,7 +60,23 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"} ], - "documentation":"

Creates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.

Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached.

The target performance quality that is defined for an SLO is the attainment goal.

You can set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.

When you create an SLO, you specify whether it is a period-based SLO or a request-based SLO. Each type of SLO has a different way of evaluating your application's performance against its attainment goal.

  • A period-based SLO uses defined periods of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the number of good periods/number of total periods.

    For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods.

  • A request-based SLO doesn't use pre-defined periods of time. Instead, the SLO measures number of good requests/number of total requests during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO.

After you have created an SLO, you can retrieve error budget reports for it. An error budget is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal.

  • For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The remaining error budget decreases with every failed period that is recorded. The error budget within one interval can never increase.

    For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.

  • For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests.

For more information about SLOs, see Service level objectives (SLOs).

When you perform a CreateServiceLevelObjective operation, Application Signals creates the AWSServiceRoleForCloudWatchApplicationSignals service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:

  • xray:GetServiceGraph

  • logs:StartQuery

  • logs:GetQueryResults

  • cloudwatch:GetMetricData

  • cloudwatch:ListMetrics

  • tag:GetResources

  • autoscaling:DescribeAutoScalingGroups

" + "documentation":"

Creates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.

Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached.

The target performance quality that is defined for an SLO is the attainment goal.

You can set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.

You can't create an SLO for a service operation that was discovered by Application Signals until after that operation has reported standard metrics to Application Signals.

When you create an SLO, you specify whether it is a period-based SLO or a request-based SLO. Each type of SLO has a different way of evaluating your application's performance against its attainment goal.

  • A period-based SLO uses defined periods of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the number of good periods/number of total periods.

    For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods.

  • A request-based SLO doesn't use pre-defined periods of time. Instead, the SLO measures number of good requests/number of total requests during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO.

After you have created an SLO, you can retrieve error budget reports for it. An error budget is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal.

  • For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The remaining error budget decreases with every failed period that is recorded. The error budget within one interval can never increase.

    For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.

  • For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests.

For more information about SLOs, see Service level objectives (SLOs).

When you perform a CreateServiceLevelObjective operation, Application Signals creates the AWSServiceRoleForCloudWatchApplicationSignals service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:

  • xray:GetServiceGraph

  • logs:StartQuery

  • logs:GetQueryResults

  • cloudwatch:GetMetricData

  • cloudwatch:ListMetrics

  • tag:GetResources

  • autoscaling:DescribeAutoScalingGroups

" + }, + "DeleteGroupingConfiguration":{ + "name":"DeleteGroupingConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/grouping-configuration", + "responseCode":200 + }, + "output":{"shape":"DeleteGroupingConfigurationOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Deletes a grouping configuration that defines how services are grouped and organized in Application Signals. Once deleted, services will no longer be grouped according to the specified configuration rules.

This operation is irreversible. After deletion, you must recreate the grouping configuration if you want to restore the same grouping behavior.

", + "idempotent":true }, "DeleteServiceLevelObjective":{ "name":"DeleteServiceLevelObjective", @@ -94,6 +126,37 @@ ], "documentation":"

Returns information about one SLO created in the account.

" }, + "ListAuditFindings":{ + "name":"ListAuditFindings", + "http":{ + "method":"POST", + "requestUri":"/auditFindings", + "responseCode":200 + }, + "input":{"shape":"ListAuditFindingsInput"}, + "output":{"shape":"ListAuditFindingsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves a list of audit findings for Application Signals resources. Audit findings identify potential issues, misconfigurations, or compliance violations in your observability setup.

You can filter findings by time range, auditor type, and target resources to focus on specific areas of concern. This operation supports pagination for large result sets.

" + }, + "ListGroupingAttributeDefinitions":{ + "name":"ListGroupingAttributeDefinitions", + "http":{ + "method":"POST", + "requestUri":"/grouping-attribute-definitions", + "responseCode":200 + }, + "input":{"shape":"ListGroupingAttributeDefinitionsInput"}, + "output":{"shape":"ListGroupingAttributeDefinitionsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves the available grouping attribute definitions that can be used to create grouping configurations. These definitions specify the attributes and rules available for organizing services.

Use this operation to discover what grouping options are available before creating or updating grouping configurations.

" + }, "ListServiceDependencies":{ "name":"ListServiceDependencies", "http":{ @@ -124,6 +187,22 @@ ], "documentation":"

Returns the list of dependents that invoked the specified service during the provided time range. Dependents include other services, CloudWatch Synthetics canaries, and clients that are instrumented with CloudWatch RUM app monitors.

" }, + "ListServiceLevelObjectiveExclusionWindows":{ + "name":"ListServiceLevelObjectiveExclusionWindows", + "http":{ + "method":"GET", + "requestUri":"/slo/{Id}/exclusion-windows", + "responseCode":200 + }, + "input":{"shape":"ListServiceLevelObjectiveExclusionWindowsInput"}, + "output":{"shape":"ListServiceLevelObjectiveExclusionWindowsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves all exclusion windows configured for a specific SLO.

" + }, "ListServiceLevelObjectives":{ "name":"ListServiceLevelObjectives", "http":{ @@ -154,6 +233,21 @@ ], "documentation":"

Returns a list of the operations of this service that have been discovered by Application Signals. Only the operations that were invoked during the specified time range are returned.

" }, + "ListServiceStates":{ + "name":"ListServiceStates", + "http":{ + "method":"POST", + "requestUri":"/service/states", + "responseCode":200 + }, + "input":{"shape":"ListServiceStatesInput"}, + "output":{"shape":"ListServiceStatesOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves the current state information for services monitored by Application Signals. Service states include health status, recent change events, and other operational metadata.

You can filter results by time range, AWS account, and service attributes to focus on specific services or time periods. This operation supports pagination and can include data from linked accounts.

" + }, "ListServices":{ "name":"ListServices", "http":{ @@ -184,6 +278,23 @@ ], "documentation":"

Displays the tags associated with a CloudWatch resource. Tags can be assigned to service level objectives.

" }, + "PutGroupingConfiguration":{ + "name":"PutGroupingConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/grouping-configuration", + "responseCode":200 + }, + "input":{"shape":"PutGroupingConfigurationInput"}, + "output":{"shape":"PutGroupingConfigurationOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Creates or updates a grouping configuration that defines how services are organized and grouped in Application Signals dashboards and service maps.

Grouping configurations allow you to logically organize services based on attributes such as environment, team ownership, or business function, making it easier to monitor and manage related services together.

", + "idempotent":true + }, "StartDiscovery":{ "name":"StartDiscovery", "http":{ @@ -279,6 +390,44 @@ "type":"double", "box":true }, + "AttributeFilter":{ + "type":"structure", + "required":[ + "AttributeFilterName", + "AttributeFilterValues" + ], + "members":{ + "AttributeFilterName":{ + "shape":"AttributeFilterName", + "documentation":"

The name of the attribute to filter on. This corresponds to service metadata attributes such as environment, team, or custom tags.

" + }, + "AttributeFilterValues":{ + "shape":"AttributeFilterValues", + "documentation":"

An array of values to match against the specified attribute. Services with attribute values matching any of these values will be included in the results.

" + } + }, + "documentation":"

Represents a filter for service attributes. Used to narrow down results based on specific attribute names and values.

" + }, + "AttributeFilterName":{ + "type":"string", + "pattern":"[A-Za-z0-9 :/-]+" + }, + "AttributeFilterValue":{ + "type":"string", + "pattern":"[A-Za-z0-9 :/-]+" + }, + "AttributeFilterValues":{ + "type":"list", + "member":{"shape":"AttributeFilterValue"}, + "max":20, + "min":0 + }, + "AttributeFilters":{ + "type":"list", + "member":{"shape":"AttributeFilter"}, + "max":20, + "min":0 + }, "AttributeMap":{ "type":"map", "key":{"shape":"String"}, @@ -292,9 +441,130 @@ "type":"map", "key":{"shape":"KeyAttributeName"}, "value":{"shape":"KeyAttributeValue"}, - "max":3, + "max":4, "min":1 }, + "AuditFinding":{ + "type":"structure", + "required":["KeyAttributes"], + "members":{ + "KeyAttributes":{ + "shape":"Attributes", + "documentation":"

A map of key attributes that identify the resource associated with this audit finding. These attributes help locate and understand the context of the finding.

" + }, + "AuditorResults":{ + "shape":"AuditorResults", + "documentation":"

An array of results from different auditors that examined the resource. Each result includes the auditor name, description, and severity level.

" + }, + "Operation":{ + "shape":"String", + "documentation":"

The operation or action that was being audited when this finding was discovered. This provides context about what was being examined.

" + }, + "MetricGraph":{ + "shape":"MetricGraph", + "documentation":"

A metric graph associated with the audit finding, showing relevant performance data that may be related to the identified issue.

" + }, + "DependencyGraph":{ + "shape":"DependencyGraph", + "documentation":"

A dependency graph showing the relationships between services that may be affected by or related to the audit finding.

" + }, + "Type":{ + "shape":"String", + "documentation":"

The type or category of the audit finding, such as \"Performance\", \"Security\", or \"Configuration\".

" + } + }, + "documentation":"

Represents an audit finding that identifies a potential issue, misconfiguration, or compliance violation in Application Signals resources.

" + }, + "AuditFindings":{ + "type":"list", + "member":{"shape":"AuditFinding"}, + "max":10, + "min":0 + }, + "AuditTarget":{ + "type":"structure", + "required":[ + "Type", + "Data" + ], + "members":{ + "Type":{ + "shape":"String", + "documentation":"

The type of resource being targeted for audit, such as \"Service\", \"SLO\", \"ServiceOperation\", or \"Canary\".

" + }, + "Data":{ + "shape":"AuditTargetEntity", + "documentation":"

The specific data or entity information for the audit target, containing details needed to identify and examine the resource.

" + } + }, + "documentation":"

Specifies a target resource for auditing, such as a service, SLO, or operation.

" + }, + "AuditTargetEntity":{ + "type":"structure", + "members":{ + "Service":{ + "shape":"ServiceEntity", + "documentation":"

Service entity information when the audit target is a service.

" + }, + "Slo":{ + "shape":"ServiceLevelObjectiveEntity", + "documentation":"

Service Level Objective entity information when the audit target is an SLO.

" + }, + "ServiceOperation":{ + "shape":"ServiceOperationEntity", + "documentation":"

Service operation entity information when the audit target is a specific operation within a service.

" + }, + "Canary":{ + "shape":"CanaryEntity", + "documentation":"

Canary entity information when the audit target is a CloudWatch Synthetics canary.

" + } + }, + "documentation":"

A union type that represents different types of entities that can be audited, such as services, SLOs, service operations, or canaries.

", + "union":true + }, + "AuditTargets":{ + "type":"list", + "member":{"shape":"AuditTarget"}, + "max":10, + "min":1 + }, + "AuditorResult":{ + "type":"structure", + "members":{ + "Auditor":{ + "shape":"String", + "documentation":"

The name or identifier of the auditor that performed the examination and generated this result.

" + }, + "Description":{ + "shape":"AuditorResultDescriptionString", + "documentation":"

A detailed description of what the auditor found, including any recommendations for remediation or further investigation.

" + }, + "Severity":{ + "shape":"Severity", + "documentation":"

The severity level of the finding, such as \"Critical\", \"High\", \"Medium\", or \"Low\". This helps prioritize remediation efforts.

" + } + }, + "documentation":"

Represents the result of an audit performed by a specific auditor on a resource.

" + }, + "AuditorResultDescriptionString":{ + "type":"string", + "max":10240, + "min":0 + }, + "AuditorResults":{ + "type":"list", + "member":{"shape":"AuditorResult"}, + "max":5, + "min":0 + }, + "Auditors":{ + "type":"list", + "member":{"shape":"String"} + }, + "AwsAccountId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, "BatchGetServiceLevelObjectiveBudgetReportInput":{ "type":"structure", "required":[ @@ -334,6 +604,74 @@ } } }, + "BatchUpdateExclusionWindowsError":{ + "type":"structure", + "required":[ + "SloId", + "ErrorCode", + "ErrorMessage" + ], + "members":{ + "SloId":{ + "shape":"ServiceLevelObjectiveId", + "documentation":"

The SLO ID in the error.

" + }, + "ErrorCode":{ + "shape":"ExclusionWindowErrorCode", + "documentation":"

The error code.

" + }, + "ErrorMessage":{ + "shape":"ExclusionWindowErrorMessage", + "documentation":"

The error message.

" + } + }, + "documentation":"

An array of structures, where each structure includes an error indicating that one of the requests in the array was not valid.

" + }, + "BatchUpdateExclusionWindowsErrors":{ + "type":"list", + "member":{"shape":"BatchUpdateExclusionWindowsError"}, + "max":10, + "min":0 + }, + "BatchUpdateExclusionWindowsInput":{ + "type":"structure", + "required":["SloIds"], + "members":{ + "SloIds":{ + "shape":"ServiceLevelObjectiveIds", + "documentation":"

The list of SLO IDs to add or remove exclusion windows from.

" + }, + "AddExclusionWindows":{ + "shape":"ExclusionWindows", + "documentation":"

A list of exclusion windows to add to the specified SLOs. You can add up to 10 exclusion windows per SLO.

" + }, + "RemoveExclusionWindows":{ + "shape":"ExclusionWindows", + "documentation":"

A list of exclusion windows to remove from the specified SLOs. The window configuration must match an existing exclusion window.

" + } + } + }, + "BatchUpdateExclusionWindowsOutput":{ + "type":"structure", + "required":[ + "SloIds", + "Errors" + ], + "members":{ + "SloIds":{ + "shape":"ServiceLevelObjectiveIds", + "documentation":"

The list of SLO IDs that were successfully processed.

" + }, + "Errors":{ + "shape":"BatchUpdateExclusionWindowsErrors", + "documentation":"

A list of errors that occurred while processing the request.

" + } + } + }, + "Boolean":{ + "type":"boolean", + "box":true + }, "BudgetRequestsRemaining":{ "type":"integer", "box":true @@ -351,7 +689,7 @@ "documentation":"

The number of minutes to use as the look-back window.

" } }, - "documentation":"

This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly.

For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following:

burn rate = error rate over the look-back window / (1 - attainment goal percentage)

For more information about burn rates, see Calculate burn rates.

" + "documentation":"

This object defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly.

For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following:

burn rate = error rate over the look-back window / (100% - attainment goal percentage)

For more information about burn rates, see Calculate burn rates.

" }, "BurnRateConfigurations":{ "type":"list", @@ -393,6 +731,67 @@ "box":true, "min":1 }, + "CanaryEntity":{ + "type":"structure", + "required":["CanaryName"], + "members":{ + "CanaryName":{ + "shape":"String", + "documentation":"

The name of the CloudWatch Synthetics canary.

" + } + }, + "documentation":"

Represents a CloudWatch Synthetics canary that can be audited for performance and configuration issues.

" + }, + "ChangeEvent":{ + "type":"structure", + "required":[ + "Timestamp", + "AccountId", + "Region", + "Entity", + "ChangeEventType", + "EventId" + ], + "members":{ + "Timestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the change event occurred, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "AccountId":{ + "shape":"AwsAccountId", + "documentation":"

The AWS account ID where the change event occurred.

" + }, + "Region":{ + "shape":"String", + "documentation":"

The AWS region where the change event occurred.

" + }, + "Entity":{ + "shape":"Attributes", + "documentation":"

The entity or resource that was changed, such as a service, deployment, or configuration.

" + }, + "ChangeEventType":{ + "shape":"ChangeEventType", + "documentation":"

The type of change that occurred, such as \"Deployment\", \"Configuration\", or \"Infrastructure\".

" + }, + "EventId":{ + "shape":"String", + "documentation":"

A unique identifier for the change event.

" + }, + "UserName":{ + "shape":"String", + "documentation":"

The name of the user or system that initiated the change event.

" + }, + "EventName":{ + "shape":"String", + "documentation":"

A descriptive name for the change event that provides context about what changed.

" + } + }, + "documentation":"

Represents a change event that occurred in the system, such as deployments, configuration changes, or other operational events that may impact service performance.

" + }, + "ChangeEventType":{ + "type":"string", + "enum":["DEPLOYMENT"] + }, "ConflictException":{ "type":"structure", "required":["Message"], @@ -406,6 +805,13 @@ }, "exception":true }, + "ConnectionType":{ + "type":"string", + "enum":[ + "INDIRECT", + "DIRECT" + ] + }, "CreateServiceLevelObjectiveInput":{ "type":"structure", "required":["Name"], @@ -450,6 +856,10 @@ } } }, + "DeleteGroupingConfigurationOutput":{ + "type":"structure", + "members":{} + }, "DeleteServiceLevelObjectiveInput":{ "type":"structure", "required":["Id"], @@ -464,8 +874,39 @@ }, "DeleteServiceLevelObjectiveOutput":{ "type":"structure", + "members":{} + }, + "DependencyConfig":{ + "type":"structure", + "required":[ + "DependencyKeyAttributes", + "DependencyOperationName" + ], "members":{ - } + "DependencyKeyAttributes":{ + "shape":"Attributes", + "documentation":"

This is a string-to-string map. It can include the following fields.

  • Type designates the type of object this is.

  • ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.

  • Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.

  • Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.

  • Environment specifies the location where this object is hosted, or what it belongs to.

" + }, + "DependencyOperationName":{ + "shape":"OperationName", + "documentation":"

The name of the called operation in the dependency.

" + } + }, + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

When creating a service dependency SLO, you must specify the KeyAttributes of the service, and the DependencyConfig for the dependency. You can specify the OperationName of the service, from which it calls the dependency. Alternatively, you can exclude OperationName and the SLO will monitor all of the service's operations that call the dependency.

" + }, + "DependencyGraph":{ + "type":"structure", + "members":{ + "Nodes":{ + "shape":"Nodes", + "documentation":"

An array of nodes in the dependency graph, where each node represents a service or component.

" + }, + "Edges":{ + "shape":"Edges", + "documentation":"

An array of edges in the dependency graph, where each edge represents a connection or dependency between two nodes.

" + } + }, + "documentation":"

Represents a graph showing the dependencies between services and components in your application architecture.

" }, "Dimension":{ "type":"structure", @@ -501,6 +942,10 @@ "max":30, "min":0 }, + "Double":{ + "type":"double", + "box":true + }, "DurationUnit":{ "type":"string", "enum":[ @@ -510,6 +955,32 @@ "MONTH" ] }, + "Edge":{ + "type":"structure", + "members":{ + "SourceNodeId":{ + "shape":"String", + "documentation":"

The identifier of the source node in the dependency relationship.

" + }, + "DestinationNodeId":{ + "shape":"String", + "documentation":"

The identifier of the destination node in the dependency relationship.

" + }, + "Duration":{ + "shape":"Double", + "documentation":"

The typical duration or latency of interactions along this edge, measured in milliseconds.

" + }, + "ConnectionType":{ + "shape":"ConnectionType", + "documentation":"

The type of connection between the nodes, such as \"HTTP\", \"Database\", \"Queue\", or \"Internal\".

" + } + }, + "documentation":"

Represents a connection between two nodes in a dependency graph, showing how services or components interact with each other.

" + }, + "Edges":{ + "type":"list", + "member":{"shape":"Edge"} + }, "EvaluationType":{ "type":"string", "enum":[ @@ -517,6 +988,52 @@ "RequestBased" ] }, + "ExclusionDuration":{ + "type":"integer", + "box":true, + "min":1 + }, + "ExclusionReason":{ + "type":"string", + "max":1024, + "min":1 + }, + "ExclusionWindow":{ + "type":"structure", + "required":["Window"], + "members":{ + "Window":{ + "shape":"Window", + "documentation":"

The SLO time window exclusion .

" + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"

The start of the SLO time window exclusion. Defaults to current time if not specified.

" + }, + "RecurrenceRule":{ + "shape":"RecurrenceRule", + "documentation":"

The recurrence rule for the SLO time window exclusion. Supports both cron and rate expressions.

" + }, + "Reason":{ + "shape":"ExclusionReason", + "documentation":"

A description explaining why this time period should be excluded from SLO calculations.

" + } + }, + "documentation":"

The core SLO time window exclusion object that includes Window, StartTime, RecurrenceRule, and Reason.

" + }, + "ExclusionWindowErrorCode":{"type":"string"}, + "ExclusionWindowErrorMessage":{"type":"string"}, + "ExclusionWindows":{ + "type":"list", + "member":{"shape":"ExclusionWindow"}, + "max":10, + "min":0 + }, + "Expression":{ + "type":"string", + "max":1024, + "min":1 + }, "FaultDescription":{"type":"string"}, "GetServiceInput":{ "type":"structure", @@ -610,6 +1127,77 @@ }, "documentation":"

This structure contains the attributes that determine the goal of an SLO. This includes the time period for evaluation and the attainment threshold.

" }, + "GroupIdentifier":{ + "type":"string", + "max":1024, + "min":1 + }, + "GroupName":{ + "type":"string", + "max":255, + "min":1 + }, + "GroupSource":{ + "type":"string", + "max":255, + "min":1 + }, + "GroupValue":{ + "type":"string", + "max":255, + "min":1 + }, + "GroupingAttributeDefinition":{ + "type":"structure", + "required":["GroupingName"], + "members":{ + "GroupingName":{ + "shape":"GroupingString", + "documentation":"

The name of the grouping attribute, such as \"Environment\", \"Team\", or \"Application\".

" + }, + "GroupingSourceKeys":{ + "shape":"GroupingSourceKeyStringList", + "documentation":"

An array of source attribute keys that will be used to determine the grouping value for each service. These keys correspond to service metadata or tags.

" + }, + "DefaultGroupingValue":{ + "shape":"GroupingString", + "documentation":"

The default value to use for grouping when a service doesn't have any of the specified source keys, such as \"Unknown\" or \"Unassigned\".

" + } + }, + "documentation":"

Defines how services should be grouped based on specific attributes. This allows logical organization of services in dashboards and service maps.

" + }, + "GroupingAttributeDefinitions":{ + "type":"list", + "member":{"shape":"GroupingAttributeDefinition"} + }, + "GroupingConfiguration":{ + "type":"structure", + "required":[ + "GroupingAttributeDefinitions", + "UpdatedAt" + ], + "members":{ + "GroupingAttributeDefinitions":{ + "shape":"GroupingAttributeDefinitions", + "documentation":"

An array of grouping attribute definitions that specify the rules for organizing services into groups.

" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the grouping configuration was last updated, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + } + }, + "documentation":"

Contains the complete configuration for how services are grouped and organized in Application Signals.

" + }, + "GroupingSourceKeyStringList":{ + "type":"list", + "member":{"shape":"GroupingString"} + }, + "GroupingString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\s+\\-=\\._:/@]*" + }, "Interval":{ "type":"structure", "members":{ @@ -635,6 +1223,99 @@ "min":1, "pattern":"[ -~]*[!-~]+[ -~]*" }, + "LatestChangeEvents":{ + "type":"list", + "member":{"shape":"ChangeEvent"}, + "max":1, + "min":1 + }, + "ListAuditFindingMaxResults":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "ListAuditFindingsInput":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime", + "AuditTargets" + ], + "members":{ + "StartTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the audit findings query. Only findings created on or after this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

", + "location":"querystring", + "locationName":"StartTime" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the audit findings query. Only findings created before this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

", + "location":"querystring", + "locationName":"EndTime" + }, + "Auditors":{ + "shape":"Auditors", + "documentation":"

An array of auditor names to filter the findings. Only findings generated by the specified auditors will be returned. When not specified, findings from all auditors are included except canary.

" + }, + "AuditTargets":{ + "shape":"AuditTargets", + "documentation":"

An array of audit target specifications to filter the findings. Only findings related to the specified targets (such as specific services, SLOs, operations or canary) will be returned.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use this token to retrieve additional pages of audit findings when the result set is large.

" + }, + "MaxResults":{ + "shape":"ListAuditFindingMaxResults", + "documentation":"

The maximum number of audit findings to return in a single request. Valid range is 1 to 100. If not specified, defaults to 50.

" + } + } + }, + "ListAuditFindingsOutput":{ + "type":"structure", + "required":["AuditFindings"], + "members":{ + "AuditFindings":{ + "shape":"AuditFindings", + "documentation":"

An array of audit findings that match the specified criteria. Each finding includes details about the issue, affected resources, and auditor results.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.

" + } + } + }, + "ListGroupingAttributeDefinitionsInput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use this token to retrieve additional pages of grouping attribute definitions when the result set is large.

", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListGroupingAttributeDefinitionsOutput":{ + "type":"structure", + "required":["GroupingAttributeDefinitions"], + "members":{ + "GroupingAttributeDefinitions":{ + "shape":"GroupingAttributeDefinitions", + "documentation":"

An array of available grouping attribute definitions that can be used to create grouping configurations.

" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the grouping attribute definitions were last updated. Expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.

" + } + } + }, "ListServiceDependenciesInput":{ "type":"structure", "required":[ @@ -775,6 +1456,50 @@ } } }, + "ListServiceLevelObjectiveExclusionWindowsInput":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"ServiceLevelObjectiveId", + "documentation":"

The ID of the SLO to list exclusion windows for.

", + "location":"uri", + "locationName":"Id" + }, + "MaxResults":{ + "shape":"ListServiceLevelObjectiveExclusionWindowsMaxResults", + "documentation":"

The maximum number of results to return in one operation. If you omit this parameter, the default of 50 is used.

", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

Include this value, if it was returned by the previous operation, to get the next set of service level objectives.

", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListServiceLevelObjectiveExclusionWindowsMaxResults":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "ListServiceLevelObjectiveExclusionWindowsOutput":{ + "type":"structure", + "required":["ExclusionWindows"], + "members":{ + "ExclusionWindows":{ + "shape":"ExclusionWindows", + "documentation":"

A list of exclusion windows configured for the SLO.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

Include this value, if it was returned by the previous operation, to get the next set of service level objectives.

" + } + } + }, "ListServiceLevelObjectivesInput":{ "type":"structure", "members":{ @@ -788,6 +1513,10 @@ "location":"querystring", "locationName":"OperationName" }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" + }, "MaxResults":{ "shape":"ListServiceLevelObjectivesMaxResults", "documentation":"

The maximum number of results to return in one operation. If you omit this parameter, the default of 50 is used.

", @@ -799,6 +1528,22 @@ "documentation":"

Include this value, if it was returned by the previous operation, to get the next set of service level objectives.

", "location":"querystring", "locationName":"NextToken" + }, + "IncludeLinkedAccounts":{ + "shape":"Boolean", + "documentation":"

If you are using this operation in a monitoring account, specify true to include SLO from source accounts in the returned data.

When you are monitoring an account, you can use Amazon Web Services account ID in KeyAttribute filter for service source account and SloOwnerawsaccountID for SLO source account with IncludeLinkedAccounts to filter the returned data to only a single source account.

", + "location":"querystring", + "locationName":"IncludeLinkedAccounts" + }, + "SloOwnerAwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

SLO's Amazon Web Services account ID.

", + "location":"querystring", + "locationName":"SloOwnerAwsAccountId" + }, + "MetricSourceTypes":{ + "shape":"MetricSourceTypes", + "documentation":"

Use this optional field to only include SLOs with the specified metric source types in the output. Supported types are:

  • Service operation

  • Service dependency

  • CloudWatch metric

" } } }, @@ -891,6 +1636,74 @@ } } }, + "ListServiceStatesInput":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime" + ], + "members":{ + "StartTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the service states query. Only service states from this time onward will be included. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the service states query. Only service states before this time will be included. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "MaxResults":{ + "shape":"ListServiceStatesMaxResults", + "documentation":"

The maximum number of service states to return in a single request. Valid range is 1 to 100. If not specified, defaults to 50.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use this token to retrieve additional pages of service states when the result set is large.

" + }, + "IncludeLinkedAccounts":{ + "shape":"Boolean", + "documentation":"

Specifies whether to include service states from linked AWS accounts in the results. Set to true to include linked accounts, or false to only include the current account. Defaults to false.

" + }, + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The AWS account ID to filter service states. If specified, only service states from this account will be returned. If not specified, service states from the current account (and linked accounts if enabled) are returned.

" + }, + "AttributeFilters":{ + "shape":"AttributeFilters", + "documentation":"

An array of attribute filters to narrow down the service states returned. Each filter specifies an attribute name and the values to match against.

" + } + } + }, + "ListServiceStatesMaxResults":{ + "type":"integer", + "box":true, + "max":250 + }, + "ListServiceStatesOutput":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime", + "ServiceStates" + ], + "members":{ + "StartTime":{ + "shape":"Timestamp", + "documentation":"

The start time of the query range, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

The end time of the query range, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "ServiceStates":{ + "shape":"ServiceStates", + "documentation":"

An array of service state objects that match the specified criteria. Each service state includes current status, recent change events, and service metadata.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.

" + } + } + }, "ListServicesInput":{ "type":"structure", "required":[ @@ -921,6 +1734,18 @@ "documentation":"

Include this value, if it was returned by the previous operation, to get the next set of services.

", "location":"querystring", "locationName":"NextToken" + }, + "IncludeLinkedAccounts":{ + "shape":"Boolean", + "documentation":"

If you are using this operation in a monitoring account, specify true to include services from source accounts in the returned data.

", + "location":"querystring", + "locationName":"IncludeLinkedAccounts" + }, + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

Amazon Web Services Account ID.

", + "location":"querystring", + "locationName":"AwsAccountId" } } }, @@ -1043,6 +1868,24 @@ "max":2048, "min":1 }, + "MetricGraph":{ + "type":"structure", + "members":{ + "MetricDataQueries":{ + "shape":"MetricDataQueries", + "documentation":"

An array of metric data queries that define what metrics to display in the graph. Each query specifies the metric source, aggregation, and time range.

" + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.

" + } + }, + "documentation":"

Represents a graph of metric data over time, showing performance trends and patterns for monitored resources.

" + }, "MetricId":{ "type":"string", "max":255, @@ -1077,6 +1920,10 @@ "MetricName":{ "shape":"MetricName", "documentation":"

The name of the metric.

" + }, + "AccountId":{ + "shape":"AwsAccountId", + "documentation":"

Amazon Web Services account ID.

" } }, "documentation":"

This structure contains information about one CloudWatch metric associated with this entity discovered by Application Signals.

" @@ -1085,6 +1932,20 @@ "type":"list", "member":{"shape":"MetricReference"} }, + "MetricSourceType":{ + "type":"string", + "enum":[ + "ServiceOperation", + "CloudWatchMetric", + "ServiceDependency" + ] + }, + "MetricSourceTypes":{ + "type":"list", + "member":{"shape":"MetricSourceType"}, + "max":3, + "min":1 + }, "MetricStat":{ "type":"structure", "required":[ @@ -1138,6 +1999,51 @@ "pattern":".*[^:].*" }, "NextToken":{"type":"string"}, + "Node":{ + "type":"structure", + "required":[ + "KeyAttributes", + "Name", + "NodeId" + ], + "members":{ + "KeyAttributes":{ + "shape":"Attributes", + "documentation":"

A map of key attributes that identify and describe the node, such as service name, environment, and other metadata.

" + }, + "Name":{ + "shape":"String", + "documentation":"

The display name of the node, typically the service or component name.

" + }, + "NodeId":{ + "shape":"String", + "documentation":"

A unique identifier for the node within the dependency graph.

" + }, + "Operation":{ + "shape":"String", + "documentation":"

The specific operation or endpoint within the service that this node represents, if applicable.

" + }, + "Type":{ + "shape":"String", + "documentation":"

The type of node, such as \"Service\", \"Database\", \"Queue\", or \"External\".

" + }, + "Duration":{ + "shape":"Double", + "documentation":"

The typical response time or processing duration for this node, measured in milliseconds.

" + }, + "Status":{ + "shape":"String", + "documentation":"

The current health status of the node, such as \"Healthy\", \"Warning\", or \"Critical\".

" + } + }, + "documentation":"

Represents a node in a dependency graph, typically corresponding to a service or component in your application architecture.

" + }, + "Nodes":{ + "type":"list", + "member":{"shape":"Node"}, + "max":4, + "min":0 + }, "OperationName":{ "type":"string", "max":255, @@ -1148,6 +2054,37 @@ "box":true, "min":1 }, + "PutGroupingConfigurationInput":{ + "type":"structure", + "required":["GroupingAttributeDefinitions"], + "members":{ + "GroupingAttributeDefinitions":{ + "shape":"GroupingAttributeDefinitions", + "documentation":"

An array of grouping attribute definitions that specify how services should be grouped. Each definition includes the grouping name, source keys, and default values.

" + } + } + }, + "PutGroupingConfigurationOutput":{ + "type":"structure", + "required":["GroupingConfiguration"], + "members":{ + "GroupingConfiguration":{ + "shape":"GroupingConfiguration", + "documentation":"

The created or updated grouping configuration, including all attribute definitions and metadata such as the update timestamp.

" + } + } + }, + "RecurrenceRule":{ + "type":"structure", + "required":["Expression"], + "members":{ + "Expression":{ + "shape":"Expression", + "documentation":"

A cron or rate expression that specifies the schedule for the exclusion window.

" + } + }, + "documentation":"

The recurrence rule for the SLO time window exclusion .

" + }, "RequestBasedServiceLevelIndicator":{ "type":"structure", "required":["RequestBasedSliMetric"], @@ -1212,6 +2149,10 @@ "MonitoredRequestCountMetric":{ "shape":"MonitoredRequestCountMetricDataQueries", "documentation":"

This structure defines the metric that is used as the \"good request\" or \"bad request\" value for a request-based SLO. This value observed for the metric defined in TotalRequestCountMetric is divided by the number found for MonitoredRequestCountMetric to determine the percentage of successful requests that this SLO tracks.

" + }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" } }, "documentation":"

This structure contains the information about the metric that is used for a request-based SLO.

" @@ -1238,6 +2179,10 @@ "MonitoredRequestCountMetric":{ "shape":"MonitoredRequestCountMetricDataQueries", "documentation":"

Use this structure to define the metric that you want to use as the \"good request\" or \"bad request\" value for a request-based SLO. This value observed for the metric defined in TotalRequestCountMetric will be divided by the number found for MonitoredRequestCountMetric to determine the percentage of successful requests that this SLO tracks.

" + }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" } }, "documentation":"

Use this structure to specify the information for the metric that a period-based SLO will monitor.

" @@ -1317,6 +2262,10 @@ "shape":"AttributeMaps", "documentation":"

This structure contains one or more string-to-string maps that help identify this service. It can include platform attributes, application attributes, and telemetry attributes.

Platform attributes contain information the service's platform.

  • PlatformType defines the hosted-in platform.

  • EKS.Cluster is the name of the Amazon EKS cluster.

  • K8s.Cluster is the name of the self-hosted Kubernetes cluster.

  • K8s.Namespace is the name of the Kubernetes namespace in either Amazon EKS or Kubernetes clusters.

  • K8s.Workload is the name of the Kubernetes workload in either Amazon EKS or Kubernetes clusters.

  • K8s.Node is the name of the Kubernetes node in either Amazon EKS or Kubernetes clusters.

  • K8s.Pod is the name of the Kubernetes pod in either Amazon EKS or Kubernetes clusters.

  • EC2.AutoScalingGroup is the name of the Amazon EC2 Auto Scaling group.

  • EC2.InstanceId is the ID of the Amazon EC2 instance.

  • Host is the name of the host, for all platform types.

Application attributes contain information about the application.

  • AWS.Application is the application's name in Amazon Web Services Service Catalog AppRegistry.

  • AWS.Application.ARN is the application's ARN in Amazon Web Services Service Catalog AppRegistry.

Telemetry attributes contain telemetry information.

  • Telemetry.SDK is the fingerprint of the OpenTelemetry SDK version for instrumented services.

  • Telemetry.Agent is the fingerprint of the agent used to collect and send telemetry data.

  • Telemetry.Source Specifies the point of application where the telemetry was collected or specifies what was used for the source of telemetry data.

" }, + "ServiceGroups":{ + "shape":"ServiceGroups", + "documentation":"

An array of service groups that this service belongs to, based on the configured grouping rules.

" + }, "MetricReferences":{ "shape":"MetricReferences", "documentation":"

An array of structures that each contain information about one metric associated with this service.

" @@ -1394,7 +2343,61 @@ "max":100, "min":0 }, + "ServiceEntity":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"String", + "documentation":"

The type of service, such as \"WebService\", \"Database\", \"Queue\", or \"Function\".

" + }, + "Name":{ + "shape":"String", + "documentation":"

The name of the service as identified by Application Signals.

" + }, + "Environment":{ + "shape":"String", + "documentation":"

The environment where the service is deployed, such as \"Production\", \"Staging\", or \"Development\".

" + }, + "AwsAccountId":{ + "shape":"String", + "documentation":"

The AWS account ID where the service is deployed.

" + } + }, + "documentation":"

Represents a service entity that is monitored by Application Signals.

" + }, "ServiceErrorMessage":{"type":"string"}, + "ServiceGroup":{ + "type":"structure", + "required":[ + "GroupName", + "GroupValue", + "GroupSource", + "GroupIdentifier" + ], + "members":{ + "GroupName":{ + "shape":"GroupName", + "documentation":"

The name of the group, such as \"Environment\", \"Team\", or \"Application\".

" + }, + "GroupValue":{ + "shape":"GroupValue", + "documentation":"

The specific value for this group, such as \"Production\", \"TeamA\", or \"WebApp\".

" + }, + "GroupSource":{ + "shape":"GroupSource", + "documentation":"

The source of the grouping information, such as \"Tag\", \"Attribute\", or \"Manual\".

" + }, + "GroupIdentifier":{ + "shape":"GroupIdentifier", + "documentation":"

A unique identifier for the group within the grouping configuration.

" + } + }, + "documentation":"

Represents a logical grouping of services based on shared attributes or characteristics.

" + }, + "ServiceGroups":{ + "type":"list", + "member":{"shape":"ServiceGroup"} + }, "ServiceLevelIndicator":{ "type":"structure", "required":[ @@ -1469,6 +2472,10 @@ "MetricDataQueries":{ "shape":"MetricDataQueries", "documentation":"

If this SLO monitors a CloudWatch metric or the result of a CloudWatch metric math expression, this structure includes the information about that metric or expression.

" + }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" } }, "documentation":"

This structure contains the information about the metric that is used for a period-based SLO.

" @@ -1488,6 +2495,10 @@ "shape":"ServiceLevelIndicatorMetricType", "documentation":"

If the SLO is to monitor either the LATENCY or AVAILABILITY metric that Application Signals collects, use this field to specify which of those metrics is used.

" }, + "MetricName":{ + "shape":"MetricName", + "documentation":"

The name of the CloudWatch metric used as a service level indicator (SLI) for measuring service performance.

" + }, "Statistic":{ "shape":"ServiceLevelIndicatorStatistic", "documentation":"

The statistic to use for comparison to the threshold. It can be any CloudWatch statistic or extended statistic. For more information about statistics, see CloudWatch statistics definitions.

" @@ -1499,6 +2510,10 @@ "MetricDataQueries":{ "shape":"MetricDataQueries", "documentation":"

If this SLO monitors a CloudWatch metric or the result of a CloudWatch metric math expression, use this structure to specify that metric or expression.

" + }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" } }, "documentation":"

Use this structure to specify the information for the metric that a period-based SLO will monitor.

" @@ -1566,6 +2581,10 @@ "BurnRateConfigurations":{ "shape":"BurnRateConfigurations", "documentation":"

Each object in this array defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO.

" + }, + "MetricSourceType":{ + "shape":"MetricSourceType", + "documentation":"

Displays the SLI metric source type for this SLO. Supported types are:

  • Service operation

  • Service dependency

  • CloudWatch metric

" } }, "documentation":"

A structure containing information about one service level objective (SLO) that has been created in Application Signals. Creating SLOs can help you ensure your services are performing to the level that you expect. SLOs help you set and track a specific target level for the reliability and availability of your applications and services. Each SLO uses a service level indicator (SLI), which is a key performance metric, to calculate how much underperformance can be tolerated before the goal that you set for the SLO is not achieved.

" @@ -1685,6 +2704,20 @@ "max":1024, "min":1 }, + "ServiceLevelObjectiveEntity":{ + "type":"structure", + "members":{ + "SloName":{ + "shape":"String", + "documentation":"

The name of the Service Level Objective.

" + }, + "SloArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the Service Level Objective.

" + } + }, + "documentation":"

Represents a Service Level Objective (SLO) entity that can be audited for compliance and performance.

" + }, "ServiceLevelObjectiveId":{ "type":"string", "pattern":"[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$|^arn:aws:application-signals:[^:]*:[^:]*:slo/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]" @@ -1726,9 +2759,21 @@ "shape":"OperationName", "documentation":"

If this service level objective is specific to a single operation, this field displays the name of that operation.

" }, + "DependencyConfig":{ + "shape":"DependencyConfig", + "documentation":"

Identifies the dependency using the DependencyKeyAttributes and DependencyOperationName.

" + }, "CreatedTime":{ "shape":"Timestamp", "documentation":"

The date and time that this service level objective was created. It is expressed as the number of milliseconds since Jan 1, 1970 00:00:00 UTC.

" + }, + "EvaluationType":{ + "shape":"EvaluationType", + "documentation":"

Displays whether this is a period-based SLO or a request-based SLO.

" + }, + "MetricSourceType":{ + "shape":"MetricSourceType", + "documentation":"

Displays the SLI metric source type for this SLO. Supported types are:

  • Service operation

  • Service dependency

  • CloudWatch metric

" } }, "documentation":"

A structure that contains information about one service level objective (SLO) created in Application Signals.

" @@ -1751,6 +2796,24 @@ }, "documentation":"

This structure contains information about an operation discovered by Application Signals. An operation is a specific function performed by a service that was discovered by Application Signals, and is often an API that is called by an upstream dependent.

" }, + "ServiceOperationEntity":{ + "type":"structure", + "members":{ + "Service":{ + "shape":"ServiceEntity", + "documentation":"

The service entity that contains this operation.

" + }, + "Operation":{ + "shape":"String", + "documentation":"

The name of the specific operation within the service.

" + }, + "MetricType":{ + "shape":"String", + "documentation":"

The type of metric associated with this service operation, such as \"Latency\", \"ErrorRate\", or \"Throughput\".

" + } + }, + "documentation":"

Represents a specific operation within a service that can be monitored and audited independently.

" + }, "ServiceOperations":{ "type":"list", "member":{"shape":"ServiceOperation"}, @@ -1770,6 +2833,34 @@ }, "exception":true }, + "ServiceState":{ + "type":"structure", + "required":[ + "Service", + "LatestChangeEvents" + ], + "members":{ + "AttributeFilters":{ + "shape":"AttributeFilters", + "documentation":"

The attribute filters that were applied when retrieving this service state.

" + }, + "Service":{ + "shape":"Attributes", + "documentation":"

The service entity information for this service state.

" + }, + "LatestChangeEvents":{ + "shape":"LatestChangeEvents", + "documentation":"

An array of the most recent change events that may have affected this service, such as deployments or configuration changes.

" + } + }, + "documentation":"

Represents the current state and health information for a service monitored by Application Signals.

" + }, + "ServiceStates":{ + "type":"list", + "member":{"shape":"ServiceState"}, + "max":250, + "min":0 + }, "ServiceSummaries":{ "type":"list", "member":{"shape":"ServiceSummary"} @@ -1792,10 +2883,24 @@ "MetricReferences":{ "shape":"MetricReferences", "documentation":"

An array of structures that each contain information about one metric associated with this service.

" + }, + "ServiceGroups":{ + "shape":"ServiceGroups", + "documentation":"

An array of service groups that this service belongs to, providing a summary view of the service's organizational context.

" } }, "documentation":"

This structure contains information about one of your services that was discovered by Application Signals

" }, + "Severity":{ + "type":"string", + "enum":[ + "CRITICAL", + "HIGH", + "MEDIUM", + "LOW", + "NONE" + ] + }, "StandardUnit":{ "type":"string", "enum":[ @@ -1830,13 +2935,11 @@ }, "StartDiscoveryInput":{ "type":"structure", - "members":{ - } + "members":{} }, "StartDiscoveryOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Stat":{"type":"string"}, "String":{"type":"string"}, @@ -1894,8 +2997,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1943,8 +3045,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateServiceLevelObjectiveInput":{ "type":"structure", @@ -2004,6 +3105,24 @@ "WarningThreshold":{ "type":"double", "box":true + }, + "Window":{ + "type":"structure", + "required":[ + "DurationUnit", + "Duration" + ], + "members":{ + "DurationUnit":{ + "shape":"DurationUnit", + "documentation":"

The unit of time for the exclusion window duration. Valid values: MINUTE, HOUR, DAY, MONTH.

" + }, + "Duration":{ + "shape":"ExclusionDuration", + "documentation":"

The number of time units for the exclusion window length.

" + } + }, + "documentation":"

The object that defines the time length of an exclusion window.

" } }, "documentation":"

Use CloudWatch Application Signals for comprehensive observability of your cloud-based applications. It enables real-time service health dashboards and helps you track long-term performance trends against your business goals. The application-centric view provides you with unified visibility across your applications, services, and dependencies, so you can proactively monitor and efficiently triage any issues that may arise, ensuring optimal customer experience.

Application Signals provides the following benefits:

  • Automatically collect metrics and traces from your applications, and display key metrics such as call volume, availability, latency, faults, and errors.

  • Create and monitor service level objectives (SLOs).

  • See a map of your application topology that Application Signals automatically discovers, that gives you a visual representation of your applications, dependencies, and their connectivity.

Application Signals works with CloudWatch RUM, CloudWatch Synthetics canaries, and Amazon Web Services Service Catalog AppRegistry, to display your client pages, Synthetics canaries, and application names within dashboards and maps.

" diff -pruN 2.23.6-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/service-2.json 2.31.35-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/service-2.json --- 2.23.6-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/applicationcostprofiler/2020-09-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"application-cost-profiler", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS Application Cost Profiler", "serviceId":"ApplicationCostProfiler", "signatureVersion":"v4", "signingName":"application-cost-profiler", - "uid":"AWSApplicationCostProfiler-2020-09-10" + "uid":"AWSApplicationCostProfiler-2020-09-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "DeleteReportDefinition":{ diff -pruN 2.23.6-1/awscli/botocore/data/appmesh/2019-01-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appmesh/2019-01-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appmesh/2019-01-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appmesh/2019-01-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/apprunner/2020-05-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/apprunner/2020-05-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/apprunner/2020-05-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apprunner/2020-05-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/apprunner/2020-05-15/service-2.json 2.31.35-1/awscli/botocore/data/apprunner/2020-05-15/service-2.json --- 2.23.6-1/awscli/botocore/data/apprunner/2020-05-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apprunner/2020-05-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"apprunner", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS App Runner", "serviceId":"AppRunner", "signatureVersion":"v4", "signingName":"apprunner", "targetPrefix":"AppRunner", - "uid":"apprunner-2020-05-15" + "uid":"apprunner-2020-05-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateCustomDomain":{ @@ -1129,7 +1131,7 @@ }, "Subnets":{ "shape":"StringList", - "documentation":"

A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify.

App Runner currently only provides support for IPv4.

" + "documentation":"

A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify.

App Runner only supports subnets of IP address type IPv4 and dual stack (IPv4 and IPv6).

" }, "SecurityGroups":{ "shape":"StringList", @@ -2122,7 +2124,7 @@ }, "IpAddressType":{ "shape":"IpAddressType", - "documentation":"

App Runner provides you with the option to choose between Internet Protocol version 4 (IPv4) and dual stack (IPv4 and IPv6) for your incoming public network configuration. This is an optional parameter. If you do not specify an IpAddressType, it defaults to select IPv4.

Currently, App Runner supports dual stack for only Public endpoint. Only IPv4 is supported for Private endpoint. If you update a service that's using dual-stack Public endpoint to a Private endpoint, your App Runner service will default to support only IPv4 for Private endpoint and fail to receive traffic originating from IPv6 endpoint.

" + "documentation":"

App Runner provides you with the option to choose between IPv4 and dual stack (IPv4 and IPv6). This is an optional parameter. If you do not specify an IpAddressType, it defaults to select IPv4.

" } }, "documentation":"

Describes configuration settings related to network traffic of an App Runner service. Consists of embedded objects for each configurable network feature.

" @@ -2351,7 +2353,8 @@ "PHP_81", "RUBY_31", "PYTHON_311", - "NODEJS_18" + "NODEJS_18", + "NODEJS_22" ] }, "RuntimeEnvironmentSecrets":{ @@ -2693,8 +2696,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2743,8 +2745,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDefaultAutoScalingConfigurationRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/appstream/2016-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appstream/2016-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appstream/2016-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appstream/2016-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appstream/2016-12-01/service-2.json 2.31.35-1/awscli/botocore/data/appstream/2016-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/appstream/2016-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appstream/2016-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -84,6 +84,23 @@ ], "documentation":"

Associates the specified fleet with the specified stack.

" }, + "AssociateSoftwareToImageBuilder":{ + "name":"AssociateSoftwareToImageBuilder", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateSoftwareToImageBuilderRequest"}, + "output":{"shape":"AssociateSoftwareToImageBuilderResult"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"IncompatibleImageException"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

Associates license included application(s) with an existing image builder instance.

" + }, "BatchAssociateUserStack":{ "name":"BatchAssociateUserStack", "http":{ @@ -636,6 +653,21 @@ ], "documentation":"

Retrieves a list that describes one or more app blocks.

" }, + "DescribeAppLicenseUsage":{ + "name":"DescribeAppLicenseUsage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeAppLicenseUsageRequest"}, + "output":{"shape":"DescribeAppLicenseUsageResult"}, + "errors":[ + {"shape":"InvalidParameterCombinationException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves license included application usage information.

" + }, "DescribeApplicationFleetAssociations":{ "name":"DescribeApplicationFleetAssociations", "http":{ @@ -758,6 +790,20 @@ ], "documentation":"

Retrieves a list that describes the streaming sessions for a specified stack and fleet. If a UserId is provided for the stack and fleet, only streaming sessions for that user are described. If an authentication type is not provided, the default is to authenticate users using a streaming URL.

" }, + "DescribeSoftwareAssociations":{ + "name":"DescribeSoftwareAssociations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeSoftwareAssociationsRequest"}, + "output":{"shape":"DescribeSoftwareAssociationsResult"}, + "errors":[ + {"shape":"OperationNotPermittedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves license included application associations for a specified resource.

" + }, "DescribeStacks":{ "name":"DescribeStacks", "http":{ @@ -904,6 +950,22 @@ ], "documentation":"

Disassociates the specified fleet from the specified stack.

" }, + "DisassociateSoftwareFromImageBuilder":{ + "name":"DisassociateSoftwareFromImageBuilder", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateSoftwareFromImageBuilderRequest"}, + "output":{"shape":"DisassociateSoftwareFromImageBuilderResult"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

Removes license included application(s) association(s) from an image builder instance.

" + }, "EnableUser":{ "name":"EnableUser", "http":{ @@ -1032,6 +1094,21 @@ ], "documentation":"

Starts the specified image builder.

" }, + "StartSoftwareDeploymentToImageBuilder":{ + "name":"StartSoftwareDeploymentToImageBuilder", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartSoftwareDeploymentToImageBuilderRequest"}, + "output":{"shape":"StartSoftwareDeploymentToImageBuilderResult"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

Initiates license included applications deployment to an image builder instance.

" + }, "StopAppBlockBuilder":{ "name":"StopAppBlockBuilder", "http":{ @@ -1154,7 +1231,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ConcurrentModificationException"}, {"shape":"OperationNotPermittedException"}, - {"shape":"InvalidRoleException"} + {"shape":"InvalidRoleException"}, + {"shape":"IncompatibleImageException"} ], "documentation":"

Updates the specified Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.

" }, @@ -1302,6 +1380,53 @@ "AUTO_TIME_ZONE_REDIRECTION" ] }, + "AdminAppLicenseUsageList":{ + "type":"list", + "member":{"shape":"AdminAppLicenseUsageRecord"} + }, + "AdminAppLicenseUsageRecord":{ + "type":"structure", + "required":[ + "UserArn", + "BillingPeriod", + "OwnerAWSAccountId", + "SubscriptionFirstUsedDate", + "SubscriptionLastUsedDate", + "LicenseType", + "UserId" + ], + "members":{ + "UserArn":{ + "shape":"String", + "documentation":"

The ARN of the user who used the license-included application.

" + }, + "BillingPeriod":{ + "shape":"String", + "documentation":"

The billing period for the license usage record.

" + }, + "OwnerAWSAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The account ID of the owner of the license.

" + }, + "SubscriptionFirstUsedDate":{ + "shape":"Timestamp", + "documentation":"

The date and time when the license was first used.

" + }, + "SubscriptionLastUsedDate":{ + "shape":"Timestamp", + "documentation":"

The date and time when the license was last used.

" + }, + "LicenseType":{ + "shape":"String", + "documentation":"

The type of license (for example, Microsoft Office).

" + }, + "UserId":{ + "shape":"String", + "documentation":"

The ID of the user who used the license-included application.

" + } + }, + "documentation":"

The collection of license usage records.

" + }, "AppBlock":{ "type":"structure", "required":[ @@ -1743,8 +1868,7 @@ }, "AssociateApplicationToEntitlementResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateFleetRequest":{ "type":"structure", @@ -1765,9 +1889,29 @@ }, "AssociateFleetResult":{ "type":"structure", + "members":{} + }, + "AssociateSoftwareToImageBuilderRequest":{ + "type":"structure", + "required":[ + "ImageBuilderName", + "SoftwareNames" + ], "members":{ + "ImageBuilderName":{ + "shape":"Name", + "documentation":"

The name of the target image builder instance.

" + }, + "SoftwareNames":{ + "shape":"StringList", + "documentation":"

The list of license included applications to associate with the image builder.

Possible values include the following:

  • Microsoft_Office_2021_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2021_LTSC_Professional_Plus_64Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_64Bit

  • Microsoft_Visio_2021_LTSC_Professional_32Bit

  • Microsoft_Visio_2021_LTSC_Professional_64Bit

  • Microsoft_Visio_2024_LTSC_Professional_32Bit

  • Microsoft_Visio_2024_LTSC_Professional_64Bit

  • Microsoft_Project_2021_Professional_32Bit

  • Microsoft_Project_2021_Professional_64Bit

  • Microsoft_Project_2024_Professional_32Bit

  • Microsoft_Project_2024_Professional_64Bit

  • Microsoft_Office_2021_LTSC_Standard_32Bit

  • Microsoft_Office_2021_LTSC_Standard_64Bit

  • Microsoft_Office_2024_LTSC_Standard_32Bit

  • Microsoft_Office_2024_LTSC_Standard_64Bit

  • Microsoft_Visio_2021_LTSC_Standard_32Bit

  • Microsoft_Visio_2021_LTSC_Standard_64Bit

  • Microsoft_Visio_2024_LTSC_Standard_32Bit

  • Microsoft_Visio_2024_LTSC_Standard_64Bit

  • Microsoft_Project_2021_Standard_32Bit

  • Microsoft_Project_2021_Standard_64Bit

  • Microsoft_Project_2024_Standard_32Bit

  • Microsoft_Project_2024_Standard_64Bit

" + } } }, + "AssociateSoftwareToImageBuilderResult":{ + "type":"structure", + "members":{} + }, "AuthenticationType":{ "type":"string", "enum":[ @@ -2237,7 +2381,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" }, "FleetType":{ "shape":"FleetType", @@ -2343,7 +2487,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

" + "documentation":"

The instance type to use when launching the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "Description":{ "shape":"Description", @@ -2380,6 +2524,14 @@ "AccessEndpoints":{ "shape":"AccessEndpointList", "documentation":"

The list of interface VPC endpoint (interface endpoint) objects. Administrators can connect to the image builder only through the specified endpoints.

" + }, + "SoftwaresToInstall":{ + "shape":"StringList", + "documentation":"

The list of license included applications to install on the image builder during creation.

Possible values include the following:

  • Microsoft_Office_2021_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2021_LTSC_Professional_Plus_64Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_64Bit

  • Microsoft_Visio_2021_LTSC_Professional_32Bit

  • Microsoft_Visio_2021_LTSC_Professional_64Bit

  • Microsoft_Visio_2024_LTSC_Professional_32Bit

  • Microsoft_Visio_2024_LTSC_Professional_64Bit

  • Microsoft_Project_2021_Professional_32Bit

  • Microsoft_Project_2021_Professional_64Bit

  • Microsoft_Project_2024_Professional_32Bit

  • Microsoft_Project_2024_Professional_64Bit

  • Microsoft_Office_2021_LTSC_Standard_32Bit

  • Microsoft_Office_2021_LTSC_Standard_64Bit

  • Microsoft_Office_2024_LTSC_Standard_32Bit

  • Microsoft_Office_2024_LTSC_Standard_64Bit

  • Microsoft_Visio_2021_LTSC_Standard_32Bit

  • Microsoft_Visio_2021_LTSC_Standard_64Bit

  • Microsoft_Visio_2024_LTSC_Standard_32Bit

  • Microsoft_Visio_2024_LTSC_Standard_64Bit

  • Microsoft_Project_2021_Standard_32Bit

  • Microsoft_Project_2021_Standard_64Bit

  • Microsoft_Project_2024_Standard_32Bit

  • Microsoft_Project_2024_Standard_64Bit

" + }, + "SoftwaresToUninstall":{ + "shape":"StringList", + "documentation":"

The list of license included applications to uninstall from the image builder during creation.

Possible values include the following:

  • Microsoft_Office_2021_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2021_LTSC_Professional_Plus_64Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_64Bit

  • Microsoft_Visio_2021_LTSC_Professional_32Bit

  • Microsoft_Visio_2021_LTSC_Professional_64Bit

  • Microsoft_Visio_2024_LTSC_Professional_32Bit

  • Microsoft_Visio_2024_LTSC_Professional_64Bit

  • Microsoft_Project_2021_Professional_32Bit

  • Microsoft_Project_2021_Professional_64Bit

  • Microsoft_Project_2024_Professional_32Bit

  • Microsoft_Project_2024_Professional_64Bit

  • Microsoft_Office_2021_LTSC_Standard_32Bit

  • Microsoft_Office_2021_LTSC_Standard_64Bit

  • Microsoft_Office_2024_LTSC_Standard_32Bit

  • Microsoft_Office_2024_LTSC_Standard_64Bit

  • Microsoft_Visio_2021_LTSC_Standard_32Bit

  • Microsoft_Visio_2021_LTSC_Standard_64Bit

  • Microsoft_Visio_2024_LTSC_Standard_32Bit

  • Microsoft_Visio_2024_LTSC_Standard_64Bit

  • Microsoft_Project_2021_Standard_32Bit

  • Microsoft_Project_2021_Standard_64Bit

  • Microsoft_Project_2024_Standard_32Bit

  • Microsoft_Project_2024_Standard_64Bit

" } } }, @@ -2619,8 +2771,7 @@ }, "CreateUsageReportSubscriptionRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateUsageReportSubscriptionResult":{ "type":"structure", @@ -2666,8 +2817,7 @@ }, "CreateUserResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAppBlockBuilderRequest":{ "type":"structure", @@ -2681,8 +2831,7 @@ }, "DeleteAppBlockBuilderResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAppBlockRequest":{ "type":"structure", @@ -2696,8 +2845,7 @@ }, "DeleteAppBlockResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationRequest":{ "type":"structure", @@ -2711,8 +2859,7 @@ }, "DeleteApplicationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDirectoryConfigRequest":{ "type":"structure", @@ -2726,8 +2873,7 @@ }, "DeleteDirectoryConfigResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEntitlementRequest":{ "type":"structure", @@ -2748,8 +2894,7 @@ }, "DeleteEntitlementResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFleetRequest":{ "type":"structure", @@ -2763,8 +2908,7 @@ }, "DeleteFleetResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImageBuilderRequest":{ "type":"structure", @@ -2804,8 +2948,7 @@ }, "DeleteImagePermissionsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImageRequest":{ "type":"structure", @@ -2838,8 +2981,7 @@ }, "DeleteStackResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteThemeForStackRequest":{ "type":"structure", @@ -2853,18 +2995,15 @@ }, "DeleteThemeForStackResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUsageReportSubscriptionRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUsageReportSubscriptionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserRequest":{ "type":"structure", @@ -2885,8 +3024,7 @@ }, "DeleteUserResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAppBlockBuilderAppBlockAssociationsRequest":{ "type":"structure", @@ -2982,6 +3120,37 @@ } } }, + "DescribeAppLicenseUsageRequest":{ + "type":"structure", + "required":["BillingPeriod"], + "members":{ + "BillingPeriod":{ + "shape":"String", + "documentation":"

Billing period for the usage record.

Specify the value in yyyy-mm format. For example, for August 2025, use 2025-08.

" + }, + "MaxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results to return.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

Token for pagination of results.

" + } + } + }, + "DescribeAppLicenseUsageResult":{ + "type":"structure", + "members":{ + "AppLicenseUsages":{ + "shape":"AdminAppLicenseUsageList", + "documentation":"

Collection of license usage records.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

Token for pagination of results.

" + } + } + }, "DescribeApplicationFleetAssociationsRequest":{ "type":"structure", "members":{ @@ -3300,6 +3469,41 @@ } } }, + "DescribeSoftwareAssociationsRequest":{ + "type":"structure", + "required":["AssociatedResource"], + "members":{ + "AssociatedResource":{ + "shape":"Arn", + "documentation":"

The ARN of the resource to describe software associations. Possible resources are Image and ImageBuilder.

" + }, + "MaxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results to return.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The pagination token to use to retrieve the next page of results for this operation.

" + } + } + }, + "DescribeSoftwareAssociationsResult":{ + "type":"structure", + "members":{ + "AssociatedResource":{ + "shape":"Arn", + "documentation":"

The ARN of the resource to describe software associations.

" + }, + "SoftwareAssociations":{ + "shape":"SoftwareAssociationsList", + "documentation":"

Collection of license included applications association details including:

  • License included application name and version information

  • Deployment status (SoftwareDeploymentStatus enum)

  • Error details for failed deployments

  • Association timestamps

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The pagination token to use to retrieve the next page of results for this operation.

" + } + } + }, "DescribeStacksRequest":{ "type":"structure", "members":{ @@ -3499,8 +3703,7 @@ }, "DisableUserResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateAppBlockBuilderAppBlockRequest":{ "type":"structure", @@ -3521,8 +3724,7 @@ }, "DisassociateAppBlockBuilderAppBlockResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateApplicationFleetRequest":{ "type":"structure", @@ -3543,8 +3745,7 @@ }, "DisassociateApplicationFleetResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateApplicationFromEntitlementRequest":{ "type":"structure", @@ -3570,8 +3771,7 @@ }, "DisassociateApplicationFromEntitlementResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFleetRequest":{ "type":"structure", @@ -3592,9 +3792,29 @@ }, "DisassociateFleetResult":{ "type":"structure", + "members":{} + }, + "DisassociateSoftwareFromImageBuilderRequest":{ + "type":"structure", + "required":[ + "ImageBuilderName", + "SoftwareNames" + ], "members":{ + "ImageBuilderName":{ + "shape":"Name", + "documentation":"

The name of the target image builder instance.

" + }, + "SoftwareNames":{ + "shape":"StringList", + "documentation":"

The list of license included applications to disassociate from the image builder.

Possible values include the following:

  • Microsoft_Office_2021_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2021_LTSC_Professional_Plus_64Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_64Bit

  • Microsoft_Visio_2021_LTSC_Professional_32Bit

  • Microsoft_Visio_2021_LTSC_Professional_64Bit

  • Microsoft_Visio_2024_LTSC_Professional_32Bit

  • Microsoft_Visio_2024_LTSC_Professional_64Bit

  • Microsoft_Project_2021_Professional_32Bit

  • Microsoft_Project_2021_Professional_64Bit

  • Microsoft_Project_2024_Professional_32Bit

  • Microsoft_Project_2024_Professional_64Bit

  • Microsoft_Office_2021_LTSC_Standard_32Bit

  • Microsoft_Office_2021_LTSC_Standard_64Bit

  • Microsoft_Office_2024_LTSC_Standard_32Bit

  • Microsoft_Office_2024_LTSC_Standard_64Bit

  • Microsoft_Visio_2021_LTSC_Standard_32Bit

  • Microsoft_Visio_2021_LTSC_Standard_64Bit

  • Microsoft_Visio_2024_LTSC_Standard_32Bit

  • Microsoft_Visio_2024_LTSC_Standard_64Bit

  • Microsoft_Project_2021_Standard_32Bit

  • Microsoft_Project_2021_Standard_64Bit

  • Microsoft_Project_2024_Standard_32Bit

  • Microsoft_Project_2024_Standard_64Bit

" + } } }, + "DisassociateSoftwareFromImageBuilderResult":{ + "type":"structure", + "members":{} + }, "DisplayName":{ "type":"string", "max":100 @@ -3662,8 +3882,7 @@ }, "EnableUserResult":{ "type":"structure", - "members":{ - } + "members":{} }, "EntitledApplication":{ "type":"structure", @@ -3797,8 +4016,7 @@ }, "ExpireSessionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "FeedbackURL":{ "type":"string", @@ -3840,7 +4058,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "FleetType":{ "shape":"FleetType", @@ -4044,7 +4262,7 @@ }, "ImageBuilderName":{ "shape":"String", - "documentation":"

The name of the image builder that was used to create the private image. If the image is shared, this value is null.

" + "documentation":"

The name of the image builder that was used to create the private image. If the image is shared, copied, or updated by using Managed Image Updates, this value is null.

" }, "Platform":{ "shape":"PlatformType", @@ -4097,6 +4315,10 @@ "ImageSharedWithOthers":{ "shape":"ImageSharedWithOthers", "documentation":"

Indicates whether the image is shared with another account ID.

" + }, + "ManagedSoftwareIncluded":{ + "shape":"Boolean", + "documentation":"

Indicates whether the image includes license-included applications.

" } }, "documentation":"

Describes an image.

" @@ -4131,7 +4353,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type for the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

" + "documentation":"

The instance type for the image builder. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

" }, "Platform":{ "shape":"PlatformType", @@ -4198,7 +4420,9 @@ "DELETING", "FAILED", "UPDATING", - "PENDING_QUALIFICATION" + "PENDING_QUALIFICATION", + "PENDING_SYNCING_APPS", + "SYNCING_APPS" ] }, "ImageBuilderStateChangeReason":{ @@ -4488,6 +4712,10 @@ "shape":"String", "documentation":"

The private IP address of the elastic network interface that is attached to instances in your VPC.

" }, + "EniIpv6Addresses":{ + "shape":"StringList", + "documentation":"

The IPv6 addresses of the elastic network interface that is attached to instances in your VPC.

" + }, "EniId":{ "shape":"String", "documentation":"

The resource identifier of the elastic network interface that is attached to instances in your VPC. All network interfaces have the eni-xxxxxxxx resource identifier.

" @@ -4807,6 +5035,40 @@ "type":"list", "member":{"shape":"SharedImagePermissions"} }, + "SoftwareAssociations":{ + "type":"structure", + "members":{ + "SoftwareName":{ + "shape":"String", + "documentation":"

The name of the license-included application.

Possible values include the following:

  • Microsoft_Office_2021_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2021_LTSC_Professional_Plus_64Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_32Bit

  • Microsoft_Office_2024_LTSC_Professional_Plus_64Bit

  • Microsoft_Visio_2021_LTSC_Professional_32Bit

  • Microsoft_Visio_2021_LTSC_Professional_64Bit

  • Microsoft_Visio_2024_LTSC_Professional_32Bit

  • Microsoft_Visio_2024_LTSC_Professional_64Bit

  • Microsoft_Project_2021_Professional_32Bit

  • Microsoft_Project_2021_Professional_64Bit

  • Microsoft_Project_2024_Professional_32Bit

  • Microsoft_Project_2024_Professional_64Bit

  • Microsoft_Office_2021_LTSC_Standard_32Bit

  • Microsoft_Office_2021_LTSC_Standard_64Bit

  • Microsoft_Office_2024_LTSC_Standard_32Bit

  • Microsoft_Office_2024_LTSC_Standard_64Bit

  • Microsoft_Visio_2021_LTSC_Standard_32Bit

  • Microsoft_Visio_2021_LTSC_Standard_64Bit

  • Microsoft_Visio_2024_LTSC_Standard_32Bit

  • Microsoft_Visio_2024_LTSC_Standard_64Bit

  • Microsoft_Project_2021_Standard_32Bit

  • Microsoft_Project_2021_Standard_64Bit

  • Microsoft_Project_2024_Standard_32Bit

  • Microsoft_Project_2024_Standard_64Bit

" + }, + "Status":{ + "shape":"SoftwareDeploymentStatus", + "documentation":"

The deployment status of the license-included application.

" + }, + "DeploymentError":{ + "shape":"ErrorDetailsList", + "documentation":"

The error details for failed deployments of the license-included application.

" + } + }, + "documentation":"

The association between a license-included application and a resource.

" + }, + "SoftwareAssociationsList":{ + "type":"list", + "member":{"shape":"SoftwareAssociations"} + }, + "SoftwareDeploymentStatus":{ + "type":"string", + "enum":[ + "STAGED_FOR_INSTALLATION", + "PENDING_INSTALLATION", + "INSTALLED", + "STAGED_FOR_UNINSTALLATION", + "PENDING_UNINSTALLATION", + "FAILED_TO_INSTALL", + "FAILED_TO_UNINSTALL" + ] + }, "Stack":{ "type":"structure", "required":["Name"], @@ -4950,8 +5212,7 @@ }, "StartFleetResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StartImageBuilderRequest":{ "type":"structure", @@ -4976,6 +5237,24 @@ } } }, + "StartSoftwareDeploymentToImageBuilderRequest":{ + "type":"structure", + "required":["ImageBuilderName"], + "members":{ + "ImageBuilderName":{ + "shape":"Name", + "documentation":"

The name of the target image builder instance.

" + }, + "RetryFailedDeployments":{ + "shape":"Boolean", + "documentation":"

Whether to retry previously failed license included application deployments.

" + } + } + }, + "StartSoftwareDeploymentToImageBuilderResult":{ + "type":"structure", + "members":{} + }, "StopAppBlockBuilderRequest":{ "type":"structure", "required":["Name"], @@ -5004,8 +5283,7 @@ }, "StopFleetResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StopImageBuilderRequest":{ "type":"structure", @@ -5041,6 +5319,10 @@ "Domains":{ "shape":"DomainList", "documentation":"

The names of the domains for the account.

" + }, + "DomainsRequireAdminConsent":{ + "shape":"DomainList", + "documentation":"

The OneDrive for Business domains where you require admin consent when users try to link their OneDrive account to AppStream 2.0. The attribute can only be specified when ConnectorType=ONE_DRIVE.

" } }, "documentation":"

Describes a connector that enables persistent storage for users.

" @@ -5126,8 +5408,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5259,8 +5540,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAppBlockBuilderRequest":{ "type":"structure", @@ -5448,7 +5728,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" + "documentation":"

The instance type to use when launching fleet instances. The following instance types are available:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

  • stream.compute.large

  • stream.compute.xlarge

  • stream.compute.2xlarge

  • stream.compute.4xlarge

  • stream.compute.8xlarge

  • stream.memory.large

  • stream.memory.xlarge

  • stream.memory.2xlarge

  • stream.memory.4xlarge

  • stream.memory.8xlarge

  • stream.memory.z1d.large

  • stream.memory.z1d.xlarge

  • stream.memory.z1d.2xlarge

  • stream.memory.z1d.3xlarge

  • stream.memory.z1d.6xlarge

  • stream.memory.z1d.12xlarge

  • stream.graphics-design.large

  • stream.graphics-design.xlarge

  • stream.graphics-design.2xlarge

  • stream.graphics-design.4xlarge

  • stream.graphics-desktop.2xlarge

  • stream.graphics.g4dn.xlarge

  • stream.graphics.g4dn.2xlarge

  • stream.graphics.g4dn.4xlarge

  • stream.graphics.g4dn.8xlarge

  • stream.graphics.g4dn.12xlarge

  • stream.graphics.g4dn.16xlarge

  • stream.graphics-pro.4xlarge

  • stream.graphics-pro.8xlarge

  • stream.graphics-pro.16xlarge

  • stream.graphics.g5.xlarge

  • stream.graphics.g5.2xlarge

  • stream.graphics.g5.4xlarge

  • stream.graphics.g5.8xlarge

  • stream.graphics.g5.16xlarge

  • stream.graphics.g5.12xlarge

  • stream.graphics.g5.24xlarge

  • stream.graphics.g6.xlarge

  • stream.graphics.g6.2xlarge

  • stream.graphics.g6.4xlarge

  • stream.graphics.g6.8xlarge

  • stream.graphics.g6.16xlarge

  • stream.graphics.g6.12xlarge

  • stream.graphics.g6.24xlarge

  • stream.graphics.gr6.4xlarge

  • stream.graphics.gr6.8xlarge

  • stream.graphics.g6f.large

  • stream.graphics.g6f.xlarge

  • stream.graphics.g6f.2xlarge

  • stream.graphics.g6f.4xlarge

  • stream.graphics.gr6f.4xlarge

The following instance types are available for Elastic fleets:

  • stream.standard.small

  • stream.standard.medium

  • stream.standard.large

  • stream.standard.xlarge

  • stream.standard.2xlarge

" }, "ComputeCapacity":{ "shape":"ComputeCapacity", @@ -5558,8 +5838,7 @@ }, "UpdateImagePermissionsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStackRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/appsync/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/appsync/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/appsync/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appsync/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/appsync/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/appsync/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/appsync/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/appsync/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1372,7 +1372,7 @@ }, "apiCachingBehavior":{ "shape":"ApiCachingBehavior", - "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests are fully cached.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

" + "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests from the same user are cached. Individual resolvers are automatically cached. All API calls will try to return responses from the cache.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

  • OPERATION_LEVEL_CACHING: Full requests are cached together and returned without executing resolvers.

" }, "transitEncryptionEnabled":{ "shape":"Boolean", @@ -1431,7 +1431,8 @@ "type":"string", "enum":[ "FULL_REQUEST_CACHING", - "PER_RESOLVER_CACHING" + "PER_RESOLVER_CACHING", + "OPERATION_LEVEL_CACHING" ] }, "ApiKey":{ @@ -1798,6 +1799,10 @@ "lastModified":{ "shape":"Timestamp", "documentation":"

The date and time that the ChannelNamespace was last changed.

" + }, + "handlerConfigs":{ + "shape":"HandlerConfigs", + "documentation":"

The configuration for the OnPublish and OnSubscribe handlers.

" } }, "documentation":"

Describes a channel namespace associated with an Api. The ChannelNamespace contains the definitions for code handlers for the Api.

" @@ -1959,15 +1964,21 @@ }, "transitEncryptionEnabled":{ "shape":"Boolean", - "documentation":"

Transit encryption flag when connecting to cache. You cannot update this setting after creation.

" + "documentation":"

Transit encryption flag when connecting to cache. You cannot update this setting after creation.

", + "deprecated":true, + "deprecatedMessage":"transitEncryptionEnabled attribute is deprecated. Encryption in transit is always enabled.", + "deprecatedSince":"5/15/2025" }, "atRestEncryptionEnabled":{ "shape":"Boolean", - "documentation":"

At-rest encryption flag for cache. You cannot update this setting after creation.

" + "documentation":"

At-rest encryption flag for cache. You cannot update this setting after creation.

", + "deprecated":true, + "deprecatedMessage":"atRestEncryptionEnabled attribute is deprecated. Encryption at rest is always enabled.", + "deprecatedSince":"5/15/2025" }, "apiCachingBehavior":{ "shape":"ApiCachingBehavior", - "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests are fully cached.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

" + "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests from the same user are cached. Individual resolvers are automatically cached. All API calls will try to return responses from the cache.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

  • OPERATION_LEVEL_CACHING: Full requests are cached together and returned without executing resolvers.

" }, "type":{ "shape":"ApiCacheType", @@ -2076,7 +2087,11 @@ "shape":"Code", "documentation":"

The event handler functions that run custom business logic to process published events and subscribe requests.

" }, - "tags":{"shape":"TagMap"} + "tags":{"shape":"TagMap"}, + "handlerConfigs":{ + "shape":"HandlerConfigs", + "documentation":"

The configuration for the OnPublish and OnSubscribe handlers.

" + } } }, "CreateChannelNamespaceResponse":{ @@ -2179,7 +2194,8 @@ "description":{ "shape":"Description", "documentation":"

A description of the DomainName.

" - } + }, + "tags":{"shape":"TagMap"} } }, "CreateDomainNameResponse":{ @@ -2680,8 +2696,7 @@ }, "DeleteApiCacheResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a DeleteApiCache operation.

" }, "DeleteApiKeyRequest":{ @@ -2707,8 +2722,7 @@ }, "DeleteApiKeyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApiRequest":{ "type":"structure", @@ -2724,8 +2738,7 @@ }, "DeleteApiResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChannelNamespaceRequest":{ "type":"structure", @@ -2750,8 +2763,7 @@ }, "DeleteChannelNamespaceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataSourceRequest":{ "type":"structure", @@ -2776,8 +2788,7 @@ }, "DeleteDataSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDomainNameRequest":{ "type":"structure", @@ -2793,8 +2804,7 @@ }, "DeleteDomainNameResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFunctionRequest":{ "type":"structure", @@ -2819,8 +2829,7 @@ }, "DeleteFunctionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGraphqlApiRequest":{ "type":"structure", @@ -2836,8 +2845,7 @@ }, "DeleteGraphqlApiResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResolverRequest":{ "type":"structure", @@ -2869,8 +2877,7 @@ }, "DeleteResolverResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTypeRequest":{ "type":"structure", @@ -2895,8 +2902,7 @@ }, "DeleteTypeResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeltaSyncConfig":{ "type":"structure", @@ -2936,8 +2942,7 @@ }, "DisassociateApiResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateMergedGraphqlApiRequest":{ "type":"structure", @@ -3027,6 +3032,11 @@ "hostedZoneId":{ "shape":"String", "documentation":"

The ID of your Amazon Route 53 hosted zone.

" + }, + "tags":{"shape":"TagMap"}, + "domainNameArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the domain name.

" } }, "documentation":"

Describes a configuration for a custom domain.

" @@ -3189,6 +3199,14 @@ "logs":{ "shape":"Logs", "documentation":"

A list of logs that were generated by calls to util.log.info and util.log.error in the evaluated code.

" + }, + "stash":{ + "shape":"Stash", + "documentation":"

An object available inside each resolver and function handler. A single stash object lives through a single resolver run. Therefore, you can use the stash to pass arbitrary data across request and response handlers and across functions in a pipeline resolver.

" + }, + "outErrors":{ + "shape":"OutErrors", + "documentation":"

The list of runtime errors that are added to the GraphQL operation response.

" } } }, @@ -3223,6 +3241,14 @@ "logs":{ "shape":"Logs", "documentation":"

A list of logs that were generated by calls to util.log.info and util.log.error in the evaluated code.

" + }, + "stash":{ + "shape":"Stash", + "documentation":"

An object available inside each resolver and function handler. A single stash object lives through a single resolver run. Therefore, you can use the stash to pass arbitrary data across request and response handlers and across functions in a pipeline resolver.

" + }, + "outErrors":{ + "shape":"OutErrors", + "documentation":"

The list of runtime errors that are added to the GraphQL operation response.

" } } }, @@ -3328,8 +3354,7 @@ }, "FlushApiCacheResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a FlushApiCache operation.

" }, "FunctionConfiguration":{ @@ -3955,6 +3980,45 @@ "type":"list", "member":{"shape":"GraphqlApi"} }, + "HandlerBehavior":{ + "type":"string", + "enum":[ + "CODE", + "DIRECT" + ] + }, + "HandlerConfig":{ + "type":"structure", + "required":[ + "behavior", + "integration" + ], + "members":{ + "behavior":{ + "shape":"HandlerBehavior", + "documentation":"

The behavior for the handler.

" + }, + "integration":{ + "shape":"Integration", + "documentation":"

The integration data source configuration for the handler.

" + } + }, + "documentation":"

The configuration for a handler.

" + }, + "HandlerConfigs":{ + "type":"structure", + "members":{ + "onPublish":{ + "shape":"HandlerConfig", + "documentation":"

The configuration for the OnPublish handler.

" + }, + "onSubscribe":{ + "shape":"HandlerConfig", + "documentation":"

The configuration for the OnSubscribe handler.

" + } + }, + "documentation":"

The configuration for the OnPublish and OnSubscribe handlers.

" + }, "HttpDataSourceConfig":{ "type":"structure", "members":{ @@ -3969,6 +4033,21 @@ }, "documentation":"

Describes an HTTP data source configuration.

" }, + "Integration":{ + "type":"structure", + "required":["dataSourceName"], + "members":{ + "dataSourceName":{ + "shape":"String", + "documentation":"

The unique name of the data source that has been configured on the API.

" + }, + "lambdaConfig":{ + "shape":"LambdaConfig", + "documentation":"

The configuration for a Lambda data source.

" + } + }, + "documentation":"

The integration data source configuration for the handler.

" + }, "InternalFailureException":{ "type":"structure", "members":{ @@ -3979,6 +4058,13 @@ "exception":true, "fault":true }, + "InvokeType":{ + "type":"string", + "enum":[ + "REQUEST_RESPONSE", + "EVENT" + ] + }, "LambdaAuthorizerConfig":{ "type":"structure", "required":["authorizerUri"], @@ -3998,6 +4084,16 @@ }, "documentation":"

A LambdaAuthorizerConfig specifies how to authorize AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AppSync API can have only one Lambda authorizer configured at a time.

" }, + "LambdaConfig":{ + "type":"structure", + "members":{ + "invokeType":{ + "shape":"InvokeType", + "documentation":"

The invocation type for a Lambda data source.

" + } + }, + "documentation":"

The configuration for a Lambda data source.

" + }, "LambdaConflictHandlerConfig":{ "type":"structure", "members":{ @@ -4645,6 +4741,10 @@ "DISABLED" ] }, + "OutErrors":{ + "type":"string", + "pattern":"^[\\s\\S]*$" + }, "OutputType":{ "type":"string", "enum":[ @@ -5118,6 +5218,10 @@ } } }, + "Stash":{ + "type":"string", + "pattern":"^[\\s\\S]*$" + }, "String":{"type":"string"}, "SyncConfig":{ "type":"structure", @@ -5184,8 +5288,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5269,8 +5372,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApiCacheRequest":{ "type":"structure", @@ -5293,7 +5395,7 @@ }, "apiCachingBehavior":{ "shape":"ApiCachingBehavior", - "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests are fully cached.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

" + "documentation":"

Caching behavior.

  • FULL_REQUEST_CACHING: All requests from the same user are cached. Individual resolvers are automatically cached. All API calls will try to return responses from the cache.

  • PER_RESOLVER_CACHING: Individual resolvers that you specify are cached.

  • OPERATION_LEVEL_CACHING: Full requests are cached together and returned without executing resolvers.

" }, "type":{ "shape":"ApiCacheType", @@ -5420,6 +5522,10 @@ "codeHandlers":{ "shape":"Code", "documentation":"

The event handler functions that run custom business logic to process published events and subscribe requests.

" + }, + "handlerConfigs":{ + "shape":"HandlerConfigs", + "documentation":"

The configuration for the OnPublish and OnSubscribe handlers.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,350 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://apptest-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://apptest-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://apptest.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://apptest.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ], - "type": "tree" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/paginators-1.json 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/paginators-1.json --- 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -{ - "pagination": { - "ListTestCases": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testCases" - }, - "ListTestConfigurations": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testConfigurations" - }, - "ListTestRunSteps": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testRunSteps" - }, - "ListTestRunTestCases": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testRunTestCases" - }, - "ListTestRuns": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testRuns" - }, - "ListTestSuites": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "testSuites" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/service-2.json 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/service-2.json --- 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,3510 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2022-12-06", - "auth":["aws.auth#sigv4"], - "endpointPrefix":"apptest", - "protocol":"rest-json", - "protocols":["rest-json"], - "serviceFullName":"AWS Mainframe Modernization Application Testing", - "serviceId":"AppTest", - "signatureVersion":"v4", - "signingName":"apptest", - "uid":"apptest-2022-12-06" - }, - "operations":{ - "CreateTestCase":{ - "name":"CreateTestCase", - "http":{ - "method":"POST", - "requestUri":"/testcase", - "responseCode":201 - }, - "input":{"shape":"CreateTestCaseRequest"}, - "output":{"shape":"CreateTestCaseResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Creates a test case.

", - "idempotent":true - }, - "CreateTestConfiguration":{ - "name":"CreateTestConfiguration", - "http":{ - "method":"POST", - "requestUri":"/testconfiguration", - "responseCode":201 - }, - "input":{"shape":"CreateTestConfigurationRequest"}, - "output":{"shape":"CreateTestConfigurationResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Creates a test configuration.

", - "idempotent":true - }, - "CreateTestSuite":{ - "name":"CreateTestSuite", - "http":{ - "method":"POST", - "requestUri":"/testsuite", - "responseCode":201 - }, - "input":{"shape":"CreateTestSuiteRequest"}, - "output":{"shape":"CreateTestSuiteResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Creates a test suite.

", - "idempotent":true - }, - "DeleteTestCase":{ - "name":"DeleteTestCase", - "http":{ - "method":"DELETE", - "requestUri":"/testcases/{testCaseId}", - "responseCode":204 - }, - "input":{"shape":"DeleteTestCaseRequest"}, - "output":{"shape":"DeleteTestCaseResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Deletes a test case.

", - "idempotent":true - }, - "DeleteTestConfiguration":{ - "name":"DeleteTestConfiguration", - "http":{ - "method":"DELETE", - "requestUri":"/testconfigurations/{testConfigurationId}", - "responseCode":204 - }, - "input":{"shape":"DeleteTestConfigurationRequest"}, - "output":{"shape":"DeleteTestConfigurationResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Deletes a test configuration.

", - "idempotent":true - }, - "DeleteTestRun":{ - "name":"DeleteTestRun", - "http":{ - "method":"DELETE", - "requestUri":"/testruns/{testRunId}", - "responseCode":204 - }, - "input":{"shape":"DeleteTestRunRequest"}, - "output":{"shape":"DeleteTestRunResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Deletes a test run.

", - "idempotent":true - }, - "DeleteTestSuite":{ - "name":"DeleteTestSuite", - "http":{ - "method":"DELETE", - "requestUri":"/testsuites/{testSuiteId}", - "responseCode":204 - }, - "input":{"shape":"DeleteTestSuiteRequest"}, - "output":{"shape":"DeleteTestSuiteResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Deletes a test suite.

", - "idempotent":true - }, - "GetTestCase":{ - "name":"GetTestCase", - "http":{ - "method":"GET", - "requestUri":"/testcases/{testCaseId}", - "responseCode":200 - }, - "input":{"shape":"GetTestCaseRequest"}, - "output":{"shape":"GetTestCaseResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Gets a test case.

" - }, - "GetTestConfiguration":{ - "name":"GetTestConfiguration", - "http":{ - "method":"GET", - "requestUri":"/testconfigurations/{testConfigurationId}", - "responseCode":200 - }, - "input":{"shape":"GetTestConfigurationRequest"}, - "output":{"shape":"GetTestConfigurationResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Gets a test configuration.

" - }, - "GetTestRunStep":{ - "name":"GetTestRunStep", - "http":{ - "method":"GET", - "requestUri":"/testruns/{testRunId}/steps/{stepName}", - "responseCode":200 - }, - "input":{"shape":"GetTestRunStepRequest"}, - "output":{"shape":"GetTestRunStepResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Gets a test run step.

" - }, - "GetTestSuite":{ - "name":"GetTestSuite", - "http":{ - "method":"GET", - "requestUri":"/testsuites/{testSuiteId}", - "responseCode":200 - }, - "input":{"shape":"GetTestSuiteRequest"}, - "output":{"shape":"GetTestSuiteResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Gets a test suite.

" - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists tags for a resource.

" - }, - "ListTestCases":{ - "name":"ListTestCases", - "http":{ - "method":"GET", - "requestUri":"/testcases", - "responseCode":200 - }, - "input":{"shape":"ListTestCasesRequest"}, - "output":{"shape":"ListTestCasesResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test cases.

" - }, - "ListTestConfigurations":{ - "name":"ListTestConfigurations", - "http":{ - "method":"GET", - "requestUri":"/testconfigurations", - "responseCode":200 - }, - "input":{"shape":"ListTestConfigurationsRequest"}, - "output":{"shape":"ListTestConfigurationsResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test configurations.

" - }, - "ListTestRunSteps":{ - "name":"ListTestRunSteps", - "http":{ - "method":"GET", - "requestUri":"/testruns/{testRunId}/steps", - "responseCode":200 - }, - "input":{"shape":"ListTestRunStepsRequest"}, - "output":{"shape":"ListTestRunStepsResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test run steps.

" - }, - "ListTestRunTestCases":{ - "name":"ListTestRunTestCases", - "http":{ - "method":"GET", - "requestUri":"/testruns/{testRunId}/testcases", - "responseCode":200 - }, - "input":{"shape":"ListTestRunTestCasesRequest"}, - "output":{"shape":"ListTestRunTestCasesResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test run test cases.

" - }, - "ListTestRuns":{ - "name":"ListTestRuns", - "http":{ - "method":"GET", - "requestUri":"/testruns", - "responseCode":200 - }, - "input":{"shape":"ListTestRunsRequest"}, - "output":{"shape":"ListTestRunsResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test runs.

" - }, - "ListTestSuites":{ - "name":"ListTestSuites", - "http":{ - "method":"GET", - "requestUri":"/testsuites", - "responseCode":200 - }, - "input":{"shape":"ListTestSuitesRequest"}, - "output":{"shape":"ListTestSuitesResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Lists test suites.

" - }, - "StartTestRun":{ - "name":"StartTestRun", - "http":{ - "method":"POST", - "requestUri":"/testrun", - "responseCode":200 - }, - "input":{"shape":"StartTestRunRequest"}, - "output":{"shape":"StartTestRunResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Starts a test run.

" - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Specifies tags of a resource.

" - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Untags a resource.

", - "idempotent":true - }, - "UpdateTestCase":{ - "name":"UpdateTestCase", - "http":{ - "method":"PATCH", - "requestUri":"/testcases/{testCaseId}", - "responseCode":200 - }, - "input":{"shape":"UpdateTestCaseRequest"}, - "output":{"shape":"UpdateTestCaseResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Updates a test case.

" - }, - "UpdateTestConfiguration":{ - "name":"UpdateTestConfiguration", - "http":{ - "method":"PATCH", - "requestUri":"/testconfigurations/{testConfigurationId}", - "responseCode":200 - }, - "input":{"shape":"UpdateTestConfigurationRequest"}, - "output":{"shape":"UpdateTestConfigurationResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Updates a test configuration.

" - }, - "UpdateTestSuite":{ - "name":"UpdateTestSuite", - "http":{ - "method":"PATCH", - "requestUri":"/testsuites/{testSuiteId}", - "responseCode":200 - }, - "input":{"shape":"UpdateTestSuiteRequest"}, - "output":{"shape":"UpdateTestSuiteResponse"}, - "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Updates a test suite.

" - } - }, - "shapes":{ - "AccessDeniedException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

The account or role doesn't have the right permissions to make the request.

", - "error":{ - "httpStatusCode":403, - "senderFault":true - }, - "exception":true - }, - "Arn":{ - "type":"string", - "pattern":"arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}" - }, - "Batch":{ - "type":"structure", - "required":["batchJobName"], - "members":{ - "batchJobName":{ - "shape":"Variable", - "documentation":"

The job name of the batch.

" - }, - "batchJobParameters":{ - "shape":"BatchJobParameters", - "documentation":"

The batch job parameters of the batch.

" - }, - "exportDataSetNames":{ - "shape":"ExportDataSetNames", - "documentation":"

The export data set names of the batch.

" - } - }, - "documentation":"

Defines a batch.

" - }, - "BatchJobParameters":{ - "type":"map", - "key":{"shape":"String"}, - "value":{"shape":"String"} - }, - "BatchStepInput":{ - "type":"structure", - "required":[ - "resource", - "batchJobName" - ], - "members":{ - "resource":{ - "shape":"MainframeResourceSummary", - "documentation":"

The resource of the batch step input.

" - }, - "batchJobName":{ - "shape":"ResourceName", - "documentation":"

The batch job name of the batch step input.

" - }, - "batchJobParameters":{ - "shape":"BatchJobParameters", - "documentation":"

The batch job parameters of the batch step input.

" - }, - "exportDataSetNames":{ - "shape":"ExportDataSetNames", - "documentation":"

The export data set names of the batch step input.

" - }, - "properties":{ - "shape":"MainframeActionProperties", - "documentation":"

The properties of the batch step input.

" - } - }, - "documentation":"

Defines a batch step input.

" - }, - "BatchStepOutput":{ - "type":"structure", - "members":{ - "dataSetExportLocation":{ - "shape":"S3Uri", - "documentation":"

The data set export location of the batch step output.

" - }, - "dmsOutputLocation":{ - "shape":"S3Uri", - "documentation":"

The Database Migration Service (DMS) output location of the batch step output.

" - }, - "dataSetDetails":{ - "shape":"DataSetList", - "documentation":"

The data set details of the batch step output.

" - } - }, - "documentation":"

Defines a batch step output.

" - }, - "BatchSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"BatchStepInput", - "documentation":"

The step input of the batch summary.

" - }, - "stepOutput":{ - "shape":"BatchStepOutput", - "documentation":"

The step output of the batch summary.

" - } - }, - "documentation":"

Summarizes a batch job.

" - }, - "Boolean":{ - "type":"boolean", - "box":true - }, - "CaptureTool":{ - "type":"string", - "enum":[ - "Precisely", - "AWS DMS" - ] - }, - "CloudFormation":{ - "type":"structure", - "required":["templateLocation"], - "members":{ - "templateLocation":{ - "shape":"S3Uri", - "documentation":"

The template location of the CloudFormation template.

" - }, - "parameters":{ - "shape":"Properties", - "documentation":"

The CloudFormation properties in the CloudFormation template.

" - } - }, - "documentation":"

Specifies the CloudFormation template and its parameters.

" - }, - "CloudFormationAction":{ - "type":"structure", - "required":["resource"], - "members":{ - "resource":{ - "shape":"Variable", - "documentation":"

The resource of the CloudFormation action.

" - }, - "actionType":{ - "shape":"CloudFormationActionType", - "documentation":"

The action type of the CloudFormation action.

" - } - }, - "documentation":"

Specifies the CloudFormation action.

" - }, - "CloudFormationActionType":{ - "type":"string", - "enum":[ - "Create", - "Delete" - ] - }, - "CloudFormationStepSummary":{ - "type":"structure", - "members":{ - "createCloudformation":{ - "shape":"CreateCloudFormationSummary", - "documentation":"

Creates the CloudFormation summary of the step.

" - }, - "deleteCloudformation":{ - "shape":"DeleteCloudFormationSummary", - "documentation":"

Deletes the CloudFormation summary of the CloudFormation step summary.

" - } - }, - "documentation":"

Specifies the CloudFormation step summary.

", - "union":true - }, - "CompareAction":{ - "type":"structure", - "required":["input"], - "members":{ - "input":{ - "shape":"Input", - "documentation":"

The input of the compare action.

" - }, - "output":{ - "shape":"Output", - "documentation":"

The output of the compare action.

" - } - }, - "documentation":"

Compares the action.

" - }, - "CompareActionSummary":{ - "type":"structure", - "required":["type"], - "members":{ - "type":{ - "shape":"File", - "documentation":"

The type of the compare action summary.

" - } - }, - "documentation":"

Specifies the compare action summary.

" - }, - "CompareDataSetsStepInput":{ - "type":"structure", - "required":[ - "sourceLocation", - "targetLocation", - "sourceDataSets", - "targetDataSets" - ], - "members":{ - "sourceLocation":{ - "shape":"S3Uri", - "documentation":"

The source location of the compare data sets step input location.

" - }, - "targetLocation":{ - "shape":"S3Uri", - "documentation":"

The target location of the compare data sets step input location.

" - }, - "sourceDataSets":{ - "shape":"DataSetList", - "documentation":"

The source data sets of the compare data sets step input location.

" - }, - "targetDataSets":{ - "shape":"DataSetList", - "documentation":"

The target data sets of the compare data sets step input location.

" - } - }, - "documentation":"

Specifies the compare data sets step input.

" - }, - "CompareDataSetsStepOutput":{ - "type":"structure", - "required":[ - "comparisonOutputLocation", - "comparisonStatus" - ], - "members":{ - "comparisonOutputLocation":{ - "shape":"S3Uri", - "documentation":"

The comparison output location of the compare data sets step output.

" - }, - "comparisonStatus":{ - "shape":"ComparisonStatusEnum", - "documentation":"

The comparison status of the compare data sets step output.

" - } - }, - "documentation":"

Specifies the compare data sets step output.

" - }, - "CompareDataSetsSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"CompareDataSetsStepInput", - "documentation":"

The step input of the compare data sets summary.

" - }, - "stepOutput":{ - "shape":"CompareDataSetsStepOutput", - "documentation":"

The step output of the compare data sets summary.

" - } - }, - "documentation":"

Compares data sets summary.

" - }, - "CompareDatabaseCDCStepInput":{ - "type":"structure", - "required":[ - "sourceLocation", - "targetLocation", - "sourceMetadata", - "targetMetadata" - ], - "members":{ - "sourceLocation":{ - "shape":"String", - "documentation":"

The source location of the compare database CDC step input.

" - }, - "targetLocation":{ - "shape":"String", - "documentation":"

The target location of the compare database CDC step input.

" - }, - "outputLocation":{ - "shape":"String", - "documentation":"

The output location of the compare database CDC step input.

" - }, - "sourceMetadata":{ - "shape":"SourceDatabaseMetadata", - "documentation":"

The source metadata of the compare database CDC step input.

" - }, - "targetMetadata":{ - "shape":"TargetDatabaseMetadata", - "documentation":"

The target metadata location of the compare database CDC step input.

" - } - }, - "documentation":"

Compares the database Change Data Capture (CDC) step input.

" - }, - "CompareDatabaseCDCStepOutput":{ - "type":"structure", - "required":[ - "comparisonOutputLocation", - "comparisonStatus" - ], - "members":{ - "comparisonOutputLocation":{ - "shape":"String", - "documentation":"

The comparison output of the compare database CDC step output.

" - }, - "comparisonStatus":{ - "shape":"ComparisonStatusEnum", - "documentation":"

The comparison status of the compare database CDC step output.

" - } - }, - "documentation":"

Compares the database CDC step output.

" - }, - "CompareDatabaseCDCSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"CompareDatabaseCDCStepInput", - "documentation":"

The step input of the compare database CDC summary.

" - }, - "stepOutput":{ - "shape":"CompareDatabaseCDCStepOutput", - "documentation":"

The step output of the compare database CDC summary.

" - } - }, - "documentation":"

Compares the database CDC summary.

" - }, - "CompareFileType":{ - "type":"structure", - "members":{ - "datasets":{ - "shape":"CompareDataSetsSummary", - "documentation":"

The data sets in the compare file type.

" - }, - "databaseCDC":{ - "shape":"CompareDatabaseCDCSummary", - "documentation":"

The database CDC of the compare file type.

" - } - }, - "documentation":"

Compares the file type.

", - "union":true - }, - "ComparisonStatusEnum":{ - "type":"string", - "enum":[ - "Different", - "Equivalent", - "Equal" - ] - }, - "ConflictException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "resourceId":{ - "shape":"String", - "documentation":"

The resource ID of the conflicts with existing resources.

" - }, - "resourceType":{ - "shape":"String", - "documentation":"

The resource type of the conflicts with existing resources.

" - } - }, - "documentation":"

The parameters provided in the request conflict with existing resources.

", - "error":{ - "httpStatusCode":409, - "senderFault":true - }, - "exception":true - }, - "CreateCloudFormationStepInput":{ - "type":"structure", - "required":["templateLocation"], - "members":{ - "templateLocation":{ - "shape":"S3Uri", - "documentation":"

The template location of the CloudFormation step input.

" - }, - "parameters":{ - "shape":"Properties", - "documentation":"

The CloudFormation properties of the CloudFormation step input.

" - } - }, - "documentation":"

Creates the CloudFormation step input.

" - }, - "CreateCloudFormationStepOutput":{ - "type":"structure", - "required":["stackId"], - "members":{ - "stackId":{ - "shape":"String", - "documentation":"

The stack ID of the CloudFormation step output.

" - }, - "exports":{ - "shape":"Properties", - "documentation":"

The exports of the CloudFormation step output.

" - } - }, - "documentation":"

Creates a CloudFormation step output.

" - }, - "CreateCloudFormationSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"CreateCloudFormationStepInput", - "documentation":"

The step input of the CloudFormation summary.

" - }, - "stepOutput":{ - "shape":"CreateCloudFormationStepOutput", - "documentation":"

The step output of the CloudFormation summary.

" - } - }, - "documentation":"

Creates a CloudFormation summary.

" - }, - "CreateTestCaseRequest":{ - "type":"structure", - "required":[ - "name", - "steps" - ], - "members":{ - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test case.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test case.

" - }, - "steps":{ - "shape":"StepList", - "documentation":"

The steps in the test case.

" - }, - "clientToken":{ - "shape":"IdempotencyTokenString", - "documentation":"

The client token of the test case.

", - "idempotencyToken":true - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The specified tags of the test case.

" - } - } - }, - "CreateTestCaseResponse":{ - "type":"structure", - "required":[ - "testCaseId", - "testCaseVersion" - ], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test case.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test case.

" - } - } - }, - "CreateTestConfigurationRequest":{ - "type":"structure", - "required":[ - "name", - "resources" - ], - "members":{ - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test configuration.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test configuration.

" - }, - "resources":{ - "shape":"ResourceList", - "documentation":"

The defined resources of the test configuration.

" - }, - "properties":{ - "shape":"Properties", - "documentation":"

The properties of the test configuration.

" - }, - "clientToken":{ - "shape":"IdempotencyTokenString", - "documentation":"

The client token of the test configuration.

", - "idempotencyToken":true - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test configuration.

" - }, - "serviceSettings":{ - "shape":"ServiceSettings", - "documentation":"

The service settings of the test configuration.

" - } - } - }, - "CreateTestConfigurationResponse":{ - "type":"structure", - "required":[ - "testConfigurationId", - "testConfigurationVersion" - ], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The test configuration ID.

" - }, - "testConfigurationVersion":{ - "shape":"Version", - "documentation":"

The test configuration version.

" - } - } - }, - "CreateTestSuiteRequest":{ - "type":"structure", - "required":[ - "name", - "testCases" - ], - "members":{ - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test suite.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test suite.

" - }, - "beforeSteps":{ - "shape":"StepList", - "documentation":"

The before steps of the test suite.

" - }, - "afterSteps":{ - "shape":"StepList", - "documentation":"

The after steps of the test suite.

" - }, - "testCases":{ - "shape":"TestCases", - "documentation":"

The test cases in the test suite.

" - }, - "clientToken":{ - "shape":"IdempotencyTokenString", - "documentation":"

The client token of the test suite.

", - "idempotencyToken":true - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test suite.

" - } - } - }, - "CreateTestSuiteResponse":{ - "type":"structure", - "required":[ - "testSuiteId", - "testSuiteVersion" - ], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The suite ID of the test suite.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The suite version of the test suite.

" - } - } - }, - "DataSet":{ - "type":"structure", - "required":[ - "type", - "name", - "ccsid", - "format", - "length" - ], - "members":{ - "type":{ - "shape":"DataSetType", - "documentation":"

The type of the data set.

" - }, - "name":{ - "shape":"String100", - "documentation":"

The name of the data set.

" - }, - "ccsid":{ - "shape":"String50", - "documentation":"

The CCSID of the data set.

" - }, - "format":{ - "shape":"Format", - "documentation":"

The format of the data set.

" - }, - "length":{ - "shape":"Integer", - "documentation":"

The length of the data set.

" - } - }, - "documentation":"

Defines a data set.

" - }, - "DataSetList":{ - "type":"list", - "member":{"shape":"DataSet"} - }, - "DataSetType":{ - "type":"string", - "enum":["PS"] - }, - "DatabaseCDC":{ - "type":"structure", - "required":[ - "sourceMetadata", - "targetMetadata" - ], - "members":{ - "sourceMetadata":{ - "shape":"SourceDatabaseMetadata", - "documentation":"

The source metadata of the database CDC.

" - }, - "targetMetadata":{ - "shape":"TargetDatabaseMetadata", - "documentation":"

The target metadata of the database CDC.

" - } - }, - "documentation":"

Defines the Change Data Capture (CDC) of the database.

" - }, - "DeleteCloudFormationStepInput":{ - "type":"structure", - "required":["stackId"], - "members":{ - "stackId":{ - "shape":"String", - "documentation":"

The stack ID of the deleted CloudFormation step input.

" - } - }, - "documentation":"

Deletes the CloudFormation step input.

" - }, - "DeleteCloudFormationStepOutput":{ - "type":"structure", - "members":{ - }, - "documentation":"

Deletes the CloudFormation summary step output.

" - }, - "DeleteCloudFormationSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"DeleteCloudFormationStepInput", - "documentation":"

The step input of the deleted CloudFormation summary.

" - }, - "stepOutput":{ - "shape":"DeleteCloudFormationStepOutput", - "documentation":"

The step output of the deleted CloudFormation summary.

" - } - }, - "documentation":"

Deletes the CloudFormation summary.

" - }, - "DeleteTestCaseRequest":{ - "type":"structure", - "required":["testCaseId"], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test case.

", - "location":"uri", - "locationName":"testCaseId" - } - } - }, - "DeleteTestCaseResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteTestConfigurationRequest":{ - "type":"structure", - "required":["testConfigurationId"], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The test ID of the test configuration.

", - "location":"uri", - "locationName":"testConfigurationId" - } - } - }, - "DeleteTestConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteTestRunRequest":{ - "type":"structure", - "required":["testRunId"], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The run ID of the test run.

", - "location":"uri", - "locationName":"testRunId" - } - } - }, - "DeleteTestRunResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteTestSuiteRequest":{ - "type":"structure", - "required":["testSuiteId"], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test ID of the test suite.

", - "location":"uri", - "locationName":"testSuiteId" - } - } - }, - "DeleteTestSuiteResponse":{ - "type":"structure", - "members":{ - } - }, - "ExportDataSetNames":{ - "type":"list", - "member":{"shape":"String100"} - }, - "File":{ - "type":"structure", - "members":{ - "fileType":{ - "shape":"CompareFileType", - "documentation":"

The file type of the file.

" - } - }, - "documentation":"

Defines a file.

", - "union":true - }, - "FileMetadata":{ - "type":"structure", - "members":{ - "dataSets":{ - "shape":"DataSetList", - "documentation":"

The data sets of the file metadata.

" - }, - "databaseCDC":{ - "shape":"DatabaseCDC", - "documentation":"

The database CDC of the file metadata.

" - } - }, - "documentation":"

Specifies a file metadata.

", - "union":true - }, - "Format":{ - "type":"string", - "enum":[ - "FIXED", - "VARIABLE", - "LINE_SEQUENTIAL" - ] - }, - "GetTestCaseRequest":{ - "type":"structure", - "required":["testCaseId"], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The request test ID of the test case.

", - "location":"uri", - "locationName":"testCaseId" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test case.

", - "location":"querystring", - "locationName":"testCaseVersion" - } - } - }, - "GetTestCaseResponse":{ - "type":"structure", - "required":[ - "testCaseId", - "testCaseArn", - "name", - "latestVersion", - "testCaseVersion", - "status", - "creationTime", - "lastUpdateTime", - "steps" - ], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The response test ID of the test case.

" - }, - "testCaseArn":{ - "shape":"Arn", - "documentation":"

The Amazon Resource Name (ARN) of the test case.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test case.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test case.

" - }, - "latestVersion":{ - "shape":"TestCaseLatestVersion", - "documentation":"

The latest version of the test case.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The case version of the test case.

" - }, - "status":{ - "shape":"TestCaseLifecycle", - "documentation":"

The status of the test case.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test case.

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test case.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test case.

" - }, - "steps":{ - "shape":"StepList", - "documentation":"

The steps of the test case.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test case.

" - } - } - }, - "GetTestConfigurationRequest":{ - "type":"structure", - "required":["testConfigurationId"], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The request test configuration ID.

", - "location":"uri", - "locationName":"testConfigurationId" - }, - "testConfigurationVersion":{ - "shape":"Version", - "documentation":"

The test configuration version.

", - "location":"querystring", - "locationName":"testConfigurationVersion" - } - } - }, - "GetTestConfigurationResponse":{ - "type":"structure", - "required":[ - "testConfigurationId", - "name", - "testConfigurationArn", - "latestVersion", - "testConfigurationVersion", - "status", - "creationTime", - "lastUpdateTime", - "resources", - "properties" - ], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The response test configuration ID.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The test configuration name

" - }, - "testConfigurationArn":{ - "shape":"Arn", - "documentation":"

The test configuration Amazon Resource Name (ARN).

" - }, - "latestVersion":{ - "shape":"TestConfigurationLatestVersion", - "documentation":"

The latest version of the test configuration.

" - }, - "testConfigurationVersion":{ - "shape":"Version", - "documentation":"

The test configuration version.

" - }, - "status":{ - "shape":"TestConfigurationLifecycle", - "documentation":"

The status of the test configuration.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test configuration.

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test configuration.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test configuration.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test configuration.

" - }, - "resources":{ - "shape":"ResourceList", - "documentation":"

The resources of the test configuration.

" - }, - "properties":{ - "shape":"Properties", - "documentation":"

The properties of the test configuration.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test configuration.

" - }, - "serviceSettings":{ - "shape":"ServiceSettings", - "documentation":"

The service settings of the test configuration.

" - } - } - }, - "GetTestRunStepRequest":{ - "type":"structure", - "required":[ - "testRunId", - "stepName" - ], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run step.

", - "location":"uri", - "locationName":"testRunId" - }, - "stepName":{ - "shape":"ResourceName", - "documentation":"

The step name of the test run step.

", - "location":"uri", - "locationName":"stepName" - }, - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of a test run step.

", - "location":"querystring", - "locationName":"testCaseId" - }, - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of a test run step.

", - "location":"querystring", - "locationName":"testSuiteId" - } - } - }, - "GetTestRunStepResponse":{ - "type":"structure", - "required":[ - "stepName", - "testRunId", - "status", - "runStartTime" - ], - "members":{ - "stepName":{ - "shape":"ResourceName", - "documentation":"

The step name of the test run step.

" - }, - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run step.

" - }, - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test run step.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test run step.

" - }, - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test run step.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The test suite version of the test run step.

" - }, - "beforeStep":{ - "shape":"Boolean", - "documentation":"

The before steps of the test run step.

" - }, - "afterStep":{ - "shape":"Boolean", - "documentation":"

The after steps of the test run step.

" - }, - "status":{ - "shape":"StepRunStatus", - "documentation":"

The status of the test run step.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test run step.

" - }, - "runStartTime":{ - "shape":"Timestamp", - "documentation":"

The run start time of the test run step.

" - }, - "runEndTime":{ - "shape":"Timestamp", - "documentation":"

The run end time of the test run step.

" - }, - "stepRunSummary":{ - "shape":"StepRunSummary", - "documentation":"

The step run summary of the test run step.

" - } - } - }, - "GetTestSuiteRequest":{ - "type":"structure", - "required":["testSuiteId"], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The ID of the test suite.

", - "location":"uri", - "locationName":"testSuiteId" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The version of the test suite.

", - "location":"querystring", - "locationName":"testSuiteVersion" - } - } - }, - "GetTestSuiteResponse":{ - "type":"structure", - "required":[ - "testSuiteId", - "name", - "latestVersion", - "testSuiteVersion", - "testSuiteArn", - "creationTime", - "lastUpdateTime", - "beforeSteps", - "afterSteps", - "testCases" - ], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The response ID of the test suite.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test suite.

" - }, - "latestVersion":{ - "shape":"TestSuiteLatestVersion", - "documentation":"

The latest version of the test suite.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The version of the test suite.

" - }, - "status":{ - "shape":"TestSuiteLifecycle", - "documentation":"

The status of the test suite.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test suite.

" - }, - "testSuiteArn":{ - "shape":"Arn", - "documentation":"

The test suite Amazon Resource Name (ARN).

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test suite.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test suite.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test suite.

" - }, - "beforeSteps":{ - "shape":"StepList", - "documentation":"

The before steps of the test suite.

" - }, - "afterSteps":{ - "shape":"StepList", - "documentation":"

The after steps of the test suite.

" - }, - "testCases":{ - "shape":"TestCases", - "documentation":"

The test cases of the test suite.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test suite.

" - } - } - }, - "IdempotencyTokenString":{ - "type":"string", - "pattern":"[A-Za-z0-9\\-]{1,64}" - }, - "Identifier":{ - "type":"string", - "pattern":"[A-Za-z0-9:/\\-]{1,100}" - }, - "Input":{ - "type":"structure", - "members":{ - "file":{ - "shape":"InputFile", - "documentation":"

The file in the input.

" - } - }, - "documentation":"

Specifies the input.

", - "union":true - }, - "InputFile":{ - "type":"structure", - "required":[ - "sourceLocation", - "targetLocation", - "fileMetadata" - ], - "members":{ - "sourceLocation":{ - "shape":"Variable", - "documentation":"

The source location of the input file.

" - }, - "targetLocation":{ - "shape":"Variable", - "documentation":"

The target location of the input file.

" - }, - "fileMetadata":{ - "shape":"FileMetadata", - "documentation":"

The file metadata of the input file.

" - } - }, - "documentation":"

Specifies the input file.

" - }, - "Integer":{ - "type":"integer", - "box":true - }, - "InternalServerException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "retryAfterSeconds":{ - "shape":"Integer", - "documentation":"

The number of seconds to retry the query.

", - "location":"header", - "locationName":"Retry-After" - } - }, - "documentation":"

An unexpected error occurred during the processing of the request.

", - "error":{"httpStatusCode":500}, - "exception":true, - "fault":true, - "retryable":{"throttling":false} - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["resourceArn"], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

The Amazon Resource Name (ARN) of the resource.

", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "required":["tags"], - "members":{ - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the resource.

" - } - } - }, - "ListTestCasesRequest":{ - "type":"structure", - "members":{ - "testCaseIds":{ - "shape":"TestCaseIdList", - "documentation":"

The IDs of the test cases.

", - "location":"querystring", - "locationName":"testCaseIds" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The next token of the test cases.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum results of the test case.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestCasesResponse":{ - "type":"structure", - "required":["testCases"], - "members":{ - "testCases":{ - "shape":"TestCaseSummaryList", - "documentation":"

The test cases in an application.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The next token in test cases.

" - } - } - }, - "ListTestConfigurationsRequest":{ - "type":"structure", - "members":{ - "testConfigurationIds":{ - "shape":"TestConfigurationIdList", - "documentation":"

The configuration IDs of the test configurations.

", - "location":"querystring", - "locationName":"testConfigurationIds" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The next token for the test configurations.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum results of the test configuration.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestConfigurationsResponse":{ - "type":"structure", - "required":["testConfigurations"], - "members":{ - "testConfigurations":{ - "shape":"TestConfigurationList", - "documentation":"

The test configurations.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The next token in the test configurations.

" - } - } - }, - "ListTestRunStepsRequest":{ - "type":"structure", - "required":["testRunId"], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run steps.

", - "location":"uri", - "locationName":"testRunId" - }, - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test run steps.

", - "location":"querystring", - "locationName":"testCaseId" - }, - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test run steps.

", - "location":"querystring", - "locationName":"testSuiteId" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous step to retrieve the next page of results.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of test run steps to return in one page of results.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestRunStepsResponse":{ - "type":"structure", - "required":["testRunSteps"], - "members":{ - "testRunSteps":{ - "shape":"TestRunStepSummaryList", - "documentation":"

The test run steps of the response query.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous request to retrieve the next page of results.

" - } - } - }, - "ListTestRunTestCasesRequest":{ - "type":"structure", - "required":["testRunId"], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test cases.

", - "location":"uri", - "locationName":"testRunId" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous request to retrieve the next page of results.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of test run test cases to return in one page of results.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestRunTestCasesResponse":{ - "type":"structure", - "required":["testRunTestCases"], - "members":{ - "testRunTestCases":{ - "shape":"TestCaseRunSummaryList", - "documentation":"

The test run of the test cases.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous request to retrieve the next page of results.

" - } - } - }, - "ListTestRunsRequest":{ - "type":"structure", - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test runs.

", - "location":"querystring", - "locationName":"testSuiteId" - }, - "testRunIds":{ - "shape":"TestRunIdList", - "documentation":"

The test run IDs of the test runs.

", - "location":"querystring", - "locationName":"testrunIds" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from the previous request to retrieve the next page of test run results.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of test runs to return in one page of results.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestRunsResponse":{ - "type":"structure", - "required":["testRuns"], - "members":{ - "testRuns":{ - "shape":"TestRunSummaryList", - "documentation":"

The test runs of the response query.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from the previous request to retrieve the next page of results.

" - } - } - }, - "ListTestSuitesRequest":{ - "type":"structure", - "members":{ - "testSuiteIds":{ - "shape":"TestSuiteIdList", - "documentation":"

The suite ID of the test suites.

", - "location":"querystring", - "locationName":"testSuiteIds" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous request to retrieve the next page of results.

", - "location":"querystring", - "locationName":"nextToken" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of test suites to return in one page of results.

", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListTestSuitesResponse":{ - "type":"structure", - "required":["testSuites"], - "members":{ - "testSuites":{ - "shape":"TestSuiteList", - "documentation":"

The test suites returned with the response query.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token from a previous request to retrieve the next page of test suites results.

" - } - } - }, - "M2ManagedActionProperties":{ - "type":"structure", - "members":{ - "forceStop":{ - "shape":"Boolean", - "documentation":"

Force stops the AWS Mainframe Modernization managed action properties.

" - }, - "importDataSetLocation":{ - "shape":"Variable", - "documentation":"

The import data set location of the AWS Mainframe Modernization managed action properties.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed action properties.

" - }, - "M2ManagedActionType":{ - "type":"string", - "enum":[ - "Configure", - "Deconfigure" - ] - }, - "M2ManagedApplication":{ - "type":"structure", - "required":[ - "applicationId", - "runtime" - ], - "members":{ - "applicationId":{ - "shape":"Variable", - "documentation":"

The application ID of the AWS Mainframe Modernization managed application.

" - }, - "runtime":{ - "shape":"M2ManagedRuntime", - "documentation":"

The runtime of the AWS Mainframe Modernization managed application.

" - }, - "vpcEndpointServiceName":{ - "shape":"Variable", - "documentation":"

The VPC endpoint service name of the AWS Mainframe Modernization managed application.

" - }, - "listenerPort":{ - "shape":"Variable", - "documentation":"

The listener port of the AWS Mainframe Modernization managed application.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application.

" - }, - "M2ManagedApplicationAction":{ - "type":"structure", - "required":[ - "resource", - "actionType" - ], - "members":{ - "resource":{ - "shape":"Variable", - "documentation":"

The resource of the AWS Mainframe Modernization managed application action.

" - }, - "actionType":{ - "shape":"M2ManagedActionType", - "documentation":"

The action type of the AWS Mainframe Modernization managed application action.

" - }, - "properties":{ - "shape":"M2ManagedActionProperties", - "documentation":"

The properties of the AWS Mainframe Modernization managed application action.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application action.

" - }, - "M2ManagedApplicationStepInput":{ - "type":"structure", - "required":[ - "applicationId", - "runtime", - "actionType" - ], - "members":{ - "applicationId":{ - "shape":"String", - "documentation":"

The application ID of the AWS Mainframe Modernization managed application step input.

" - }, - "runtime":{ - "shape":"String", - "documentation":"

The runtime of the AWS Mainframe Modernization managed application step input.

" - }, - "vpcEndpointServiceName":{ - "shape":"String", - "documentation":"

The VPC endpoint service name of the AWS Mainframe Modernization managed application step input.

" - }, - "listenerPort":{ - "shape":"Integer", - "documentation":"

The listener port of the AWS Mainframe Modernization managed application step input.

" - }, - "actionType":{ - "shape":"M2ManagedActionType", - "documentation":"

The action type of the AWS Mainframe Modernization managed application step input.

" - }, - "properties":{ - "shape":"M2ManagedActionProperties", - "documentation":"

The properties of the AWS Mainframe Modernization managed application step input.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application step input.

" - }, - "M2ManagedApplicationStepOutput":{ - "type":"structure", - "members":{ - "importDataSetSummary":{ - "shape":"Properties", - "documentation":"

The import data set summary of the AWS Mainframe Modernization managed application step output.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application step output.

" - }, - "M2ManagedApplicationStepSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"M2ManagedApplicationStepInput", - "documentation":"

The step input of the AWS Mainframe Modernization managed application step summary.

" - }, - "stepOutput":{ - "shape":"M2ManagedApplicationStepOutput", - "documentation":"

The step output of the AWS Mainframe Modernization managed application step summary.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application step summary.

" - }, - "M2ManagedApplicationSummary":{ - "type":"structure", - "required":[ - "applicationId", - "runtime" - ], - "members":{ - "applicationId":{ - "shape":"Identifier", - "documentation":"

The application ID of the AWS Mainframe Modernization managed application summary.

" - }, - "runtime":{ - "shape":"M2ManagedRuntime", - "documentation":"

The runtime of the AWS Mainframe Modernization managed application summary.

" - }, - "listenerPort":{ - "shape":"Integer", - "documentation":"

The listener port of the AWS Mainframe Modernization managed application summary.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization managed application summary.

" - }, - "M2ManagedRuntime":{ - "type":"string", - "enum":["MicroFocus"] - }, - "M2NonManagedActionType":{ - "type":"string", - "enum":[ - "Configure", - "Deconfigure" - ] - }, - "M2NonManagedApplication":{ - "type":"structure", - "required":[ - "vpcEndpointServiceName", - "listenerPort", - "runtime" - ], - "members":{ - "vpcEndpointServiceName":{ - "shape":"Variable", - "documentation":"

The VPC endpoint service name of the AWS Mainframe Modernization non-managed application.

" - }, - "listenerPort":{ - "shape":"Variable", - "documentation":"

The listener port of the AWS Mainframe Modernization non-managed application.

" - }, - "runtime":{ - "shape":"M2NonManagedRuntime", - "documentation":"

The runtime of the AWS Mainframe Modernization non-managed application.

" - }, - "webAppName":{ - "shape":"Variable", - "documentation":"

The web application name of the AWS Mainframe Modernization non-managed application.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application.

" - }, - "M2NonManagedApplicationAction":{ - "type":"structure", - "required":[ - "resource", - "actionType" - ], - "members":{ - "resource":{ - "shape":"Variable", - "documentation":"

The resource of the AWS Mainframe Modernization non-managed application action.

" - }, - "actionType":{ - "shape":"M2NonManagedActionType", - "documentation":"

The action type of the AWS Mainframe Modernization non-managed application action.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application action.

" - }, - "M2NonManagedApplicationStepInput":{ - "type":"structure", - "required":[ - "vpcEndpointServiceName", - "listenerPort", - "runtime", - "actionType" - ], - "members":{ - "vpcEndpointServiceName":{ - "shape":"String", - "documentation":"

The VPC endpoint service name of the AWS Mainframe Modernization non-managed application step input.

" - }, - "listenerPort":{ - "shape":"Integer", - "documentation":"

The listener port of the AWS Mainframe Modernization non-managed application step input.

" - }, - "runtime":{ - "shape":"M2NonManagedRuntime", - "documentation":"

The runtime of the AWS Mainframe Modernization non-managed application step input.

" - }, - "webAppName":{ - "shape":"String", - "documentation":"

The web app name of the AWS Mainframe Modernization non-managed application step input.

" - }, - "actionType":{ - "shape":"M2NonManagedActionType", - "documentation":"

The action type of the AWS Mainframe Modernization non-managed application step input.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application step input.

" - }, - "M2NonManagedApplicationStepOutput":{ - "type":"structure", - "members":{ - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application step output.

" - }, - "M2NonManagedApplicationStepSummary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"M2NonManagedApplicationStepInput", - "documentation":"

The step input of the AWS Mainframe Modernization non-managed application step summary.

" - }, - "stepOutput":{ - "shape":"M2NonManagedApplicationStepOutput", - "documentation":"

The step output of the AWS Mainframe Modernization non-managed application step summary.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application step summary.

" - }, - "M2NonManagedApplicationSummary":{ - "type":"structure", - "required":[ - "vpcEndpointServiceName", - "listenerPort", - "runtime" - ], - "members":{ - "vpcEndpointServiceName":{ - "shape":"String", - "documentation":"

The VPC endpoint service name of the AWS Mainframe Modernization non-managed application summary.

" - }, - "listenerPort":{ - "shape":"Integer", - "documentation":"

The listener port of the AWS Mainframe Modernization non-managed application summary.

" - }, - "runtime":{ - "shape":"M2NonManagedRuntime", - "documentation":"

The runtime of the AWS Mainframe Modernization non-managed application summary.

" - }, - "webAppName":{ - "shape":"String", - "documentation":"

The web application name of the AWS Mainframe Modernization non-managed application summary.

" - } - }, - "documentation":"

Specifies the AWS Mainframe Modernization non-managed application summary.

" - }, - "M2NonManagedRuntime":{ - "type":"string", - "enum":["BluAge"] - }, - "MainframeAction":{ - "type":"structure", - "required":[ - "resource", - "actionType" - ], - "members":{ - "resource":{ - "shape":"Variable", - "documentation":"

The resource of the mainframe action.

" - }, - "actionType":{ - "shape":"MainframeActionType", - "documentation":"

The action type of the mainframe action.

" - }, - "properties":{ - "shape":"MainframeActionProperties", - "documentation":"

The properties of the mainframe action.

" - } - }, - "documentation":"

Specifies the mainframe action.

" - }, - "MainframeActionProperties":{ - "type":"structure", - "members":{ - "dmsTaskArn":{ - "shape":"Variable", - "documentation":"

The DMS task ARN of the mainframe action properties.

" - } - }, - "documentation":"

Specifies the mainframe action properties.

" - }, - "MainframeActionSummary":{ - "type":"structure", - "members":{ - "batch":{ - "shape":"BatchSummary", - "documentation":"

The batch of the mainframe action summary.

" - }, - "tn3270":{ - "shape":"TN3270Summary", - "documentation":"

The tn3270 port of the mainframe action summary.

" - } - }, - "documentation":"

Specifies the mainframe action summary.

", - "union":true - }, - "MainframeActionType":{ - "type":"structure", - "members":{ - "batch":{ - "shape":"Batch", - "documentation":"

The batch of the mainframe action type.

" - }, - "tn3270":{ - "shape":"TN3270", - "documentation":"

The tn3270 port of the mainframe action type.

" - } - }, - "documentation":"

Specifies the mainframe action type.

", - "union":true - }, - "MainframeResourceSummary":{ - "type":"structure", - "members":{ - "m2ManagedApplication":{ - "shape":"M2ManagedApplicationSummary", - "documentation":"

The AWS Mainframe Modernization managed application in the mainframe resource summary.

" - }, - "m2NonManagedApplication":{ - "shape":"M2NonManagedApplicationSummary", - "documentation":"

The AWS Mainframe Modernization non-managed application in the mainframe resource summary.

" - } - }, - "documentation":"

Specifies the mainframe resource summary.

", - "union":true - }, - "MaxResults":{ - "type":"integer", - "box":true, - "max":100, - "min":1 - }, - "NextToken":{ - "type":"string", - "pattern":"\\S{1,2000}" - }, - "Output":{ - "type":"structure", - "members":{ - "file":{ - "shape":"OutputFile", - "documentation":"

The file of the output.

" - } - }, - "documentation":"

Specifies an output.

", - "union":true - }, - "OutputFile":{ - "type":"structure", - "members":{ - "fileLocation":{ - "shape":"S3Uri", - "documentation":"

The file location of the output file.

" - } - }, - "documentation":"

Specifies an output file.

" - }, - "Properties":{ - "type":"map", - "key":{"shape":"String"}, - "value":{"shape":"String"} - }, - "Resource":{ - "type":"structure", - "required":[ - "name", - "type" - ], - "members":{ - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the resource.

" - }, - "type":{ - "shape":"ResourceType", - "documentation":"

The type of the resource.

" - } - }, - "documentation":"

Specifies a resource.

" - }, - "ResourceAction":{ - "type":"structure", - "members":{ - "m2ManagedApplicationAction":{ - "shape":"M2ManagedApplicationAction", - "documentation":"

The AWS Mainframe Modernization managed application action of the resource action.

" - }, - "m2NonManagedApplicationAction":{ - "shape":"M2NonManagedApplicationAction", - "documentation":"

The AWS Mainframe Modernization non-managed application action of the resource action.

" - }, - "cloudFormationAction":{ - "shape":"CloudFormationAction", - "documentation":"

The CloudFormation action of the resource action.

" - } - }, - "documentation":"

Specifies a resource action.

", - "union":true - }, - "ResourceActionSummary":{ - "type":"structure", - "members":{ - "cloudFormation":{ - "shape":"CloudFormationStepSummary", - "documentation":"

The CloudFormation template of the resource action summary.

" - }, - "m2ManagedApplication":{ - "shape":"M2ManagedApplicationStepSummary", - "documentation":"

The AWS Mainframe Modernization managed application of the resource action summary.

" - }, - "m2NonManagedApplication":{ - "shape":"M2NonManagedApplicationStepSummary", - "documentation":"

The AWS Mainframe Modernization non-managed application of the resource action summary.

" - } - }, - "documentation":"

Specifies the resource action summary.

", - "union":true - }, - "ResourceDescription":{ - "type":"string", - "max":1000, - "min":0 - }, - "ResourceList":{ - "type":"list", - "member":{"shape":"Resource"}, - "max":20, - "min":1 - }, - "ResourceName":{ - "type":"string", - "pattern":"[A-Za-z][A-Za-z0-9_\\-]{1,59}" - }, - "ResourceNotFoundException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "resourceId":{ - "shape":"String", - "documentation":"

The resource ID of the resource not found.

" - }, - "resourceType":{ - "shape":"String", - "documentation":"

The resource type of the resource not found.

" - } - }, - "documentation":"

The specified resource was not found.

", - "error":{ - "httpStatusCode":404, - "senderFault":true - }, - "exception":true - }, - "ResourceType":{ - "type":"structure", - "members":{ - "cloudFormation":{ - "shape":"CloudFormation", - "documentation":"

The CloudFormation template of the resource type.

" - }, - "m2ManagedApplication":{ - "shape":"M2ManagedApplication", - "documentation":"

The AWS Mainframe Modernization managed application of the resource type.

" - }, - "m2NonManagedApplication":{ - "shape":"M2NonManagedApplication", - "documentation":"

The AWS Mainframe Modernization non-managed application of the resource type.

" - } - }, - "documentation":"

Specifies the resource type.

", - "union":true - }, - "S3Uri":{ - "type":"string", - "max":1024, - "min":0 - }, - "Script":{ - "type":"structure", - "required":[ - "scriptLocation", - "type" - ], - "members":{ - "scriptLocation":{ - "shape":"S3Uri", - "documentation":"

The script location of the scripts.

" - }, - "type":{ - "shape":"ScriptType", - "documentation":"

The type of the scripts.

" - } - }, - "documentation":"

Specifies the script.

" - }, - "ScriptSummary":{ - "type":"structure", - "required":[ - "scriptLocation", - "type" - ], - "members":{ - "scriptLocation":{ - "shape":"S3Uri", - "documentation":"

The script location of the script summary.

" - }, - "type":{ - "shape":"ScriptType", - "documentation":"

The type of the script summary.

" - } - }, - "documentation":"

Specifies the scripts summary.

" - }, - "ScriptType":{ - "type":"string", - "enum":["Selenium"] - }, - "ServiceQuotaExceededException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "resourceId":{ - "shape":"String", - "documentation":"

The resource ID of AWS Application Testing that exceeded the limit.

" - }, - "resourceType":{ - "shape":"String", - "documentation":"

The resource type of AWS Application Testing that exceeded the limit.

" - }, - "serviceCode":{ - "shape":"String", - "documentation":"

The service code of AWS Application Testing that exceeded the limit.

" - }, - "quotaCode":{ - "shape":"String", - "documentation":"

The quote codes of AWS Application Testing that exceeded the limit.

" - } - }, - "documentation":"

One or more quotas for AWS Application Testing exceeds the limit.

", - "error":{ - "httpStatusCode":402, - "senderFault":true - }, - "exception":true - }, - "ServiceSettings":{ - "type":"structure", - "members":{ - "kmsKeyId":{ - "shape":"String", - "documentation":"

The KMS key ID of the service settings.

" - } - }, - "documentation":"

Specifies the service settings.

" - }, - "SourceDatabase":{ - "type":"string", - "enum":["z/OS-DB2"] - }, - "SourceDatabaseMetadata":{ - "type":"structure", - "required":[ - "type", - "captureTool" - ], - "members":{ - "type":{ - "shape":"SourceDatabase", - "documentation":"

The type of the source database metadata.

" - }, - "captureTool":{ - "shape":"CaptureTool", - "documentation":"

The capture tool of the source database metadata.

" - } - }, - "documentation":"

Specifies the source database metadata.

" - }, - "StartTestRunRequest":{ - "type":"structure", - "required":["testSuiteId"], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test run.

" - }, - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The configuration ID of the test run.

" - }, - "clientToken":{ - "shape":"IdempotencyTokenString", - "documentation":"

The client token of the test run.

", - "idempotencyToken":true - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the test run.

" - } - } - }, - "StartTestRunResponse":{ - "type":"structure", - "required":[ - "testRunId", - "testRunStatus" - ], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run.

" - }, - "testRunStatus":{ - "shape":"TestRunStatus", - "documentation":"

The test run status of the test run.

" - } - } - }, - "Step":{ - "type":"structure", - "required":[ - "name", - "action" - ], - "members":{ - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the step.

" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the step.

" - }, - "action":{ - "shape":"StepAction", - "documentation":"

The action of the step.

" - } - }, - "documentation":"

Defines a step.

" - }, - "StepAction":{ - "type":"structure", - "members":{ - "resourceAction":{ - "shape":"ResourceAction", - "documentation":"

The resource action of the step action.

" - }, - "mainframeAction":{ - "shape":"MainframeAction", - "documentation":"

The mainframe action of the step action.

" - }, - "compareAction":{ - "shape":"CompareAction", - "documentation":"

The compare action of the step action.

" - } - }, - "documentation":"

Specifies a step action.

", - "union":true - }, - "StepList":{ - "type":"list", - "member":{"shape":"Step"}, - "max":20, - "min":1 - }, - "StepRunStatus":{ - "type":"string", - "enum":[ - "Success", - "Failed", - "Running" - ] - }, - "StepRunSummary":{ - "type":"structure", - "members":{ - "mainframeAction":{ - "shape":"MainframeActionSummary", - "documentation":"

The mainframe action of the step run summary.

" - }, - "compareAction":{ - "shape":"CompareActionSummary", - "documentation":"

The compare action of the step run summary.

" - }, - "resourceAction":{ - "shape":"ResourceActionSummary", - "documentation":"

The resource action of the step run summary.

" - } - }, - "documentation":"

Defines the step run summary.

", - "union":true - }, - "String":{"type":"string"}, - "String100":{ - "type":"string", - "pattern":"\\S{1,100}" - }, - "String50":{ - "type":"string", - "pattern":"\\S{1,50}" - }, - "TN3270":{ - "type":"structure", - "required":["script"], - "members":{ - "script":{ - "shape":"Script", - "documentation":"

The script of the TN3270 protocol.

" - }, - "exportDataSetNames":{ - "shape":"ExportDataSetNames", - "documentation":"

The data set names of the TN3270 protocol.

" - } - }, - "documentation":"

Specifies the TN3270 protocol.

" - }, - "TN3270StepInput":{ - "type":"structure", - "required":[ - "resource", - "script" - ], - "members":{ - "resource":{ - "shape":"MainframeResourceSummary", - "documentation":"

The resource of the TN3270 step input.

" - }, - "script":{ - "shape":"ScriptSummary", - "documentation":"

The script of the TN3270 step input.

" - }, - "exportDataSetNames":{ - "shape":"ExportDataSetNames", - "documentation":"

The export data set names of the TN3270 step input.

" - }, - "properties":{ - "shape":"MainframeActionProperties", - "documentation":"

The properties of the TN3270 step input.

" - } - }, - "documentation":"

Specifies a TN3270 step input.

" - }, - "TN3270StepOutput":{ - "type":"structure", - "required":["scriptOutputLocation"], - "members":{ - "dataSetExportLocation":{ - "shape":"S3Uri", - "documentation":"

The data set export location of the TN3270 step output.

" - }, - "dmsOutputLocation":{ - "shape":"S3Uri", - "documentation":"

The output location of the TN3270 step output.

" - }, - "dataSetDetails":{ - "shape":"DataSetList", - "documentation":"

The data set details of the TN3270 step output.

" - }, - "scriptOutputLocation":{ - "shape":"S3Uri", - "documentation":"

The script output location of the TN3270 step output.

" - } - }, - "documentation":"

Specifies a TN3270 step output.

" - }, - "TN3270Summary":{ - "type":"structure", - "required":["stepInput"], - "members":{ - "stepInput":{ - "shape":"TN3270StepInput", - "documentation":"

The step input of the TN3270 summary.

" - }, - "stepOutput":{ - "shape":"TN3270StepOutput", - "documentation":"

The step output of the TN3270 summary.

" - } - }, - "documentation":"

Specifies a TN3270 summary.

" - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"(?!aws:).+" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"} - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":200, - "min":0 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tags" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

The Amazon Resource Name (ARN) of the tag resource.

", - "location":"uri", - "locationName":"resourceArn" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the resource.

" - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0 - }, - "TargetDatabase":{ - "type":"string", - "enum":["PostgreSQL"] - }, - "TargetDatabaseMetadata":{ - "type":"structure", - "required":[ - "type", - "captureTool" - ], - "members":{ - "type":{ - "shape":"TargetDatabase", - "documentation":"

The type of the target database metadata.

" - }, - "captureTool":{ - "shape":"CaptureTool", - "documentation":"

The capture tool of the target database metadata.

" - } - }, - "documentation":"

Specifies a target database metadata.

" - }, - "TestCaseIdList":{ - "type":"list", - "member":{"shape":"Identifier"} - }, - "TestCaseLatestVersion":{ - "type":"structure", - "required":[ - "version", - "status" - ], - "members":{ - "version":{ - "shape":"Version", - "documentation":"

The version of the test case latest version.

" - }, - "status":{ - "shape":"TestCaseLifecycle", - "documentation":"

The status of the test case latest version.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test case latest version.

" - } - }, - "documentation":"

Specifies the latest version of a test case.

" - }, - "TestCaseLifecycle":{ - "type":"string", - "enum":[ - "Active", - "Deleting" - ] - }, - "TestCaseList":{ - "type":"list", - "member":{"shape":"Identifier"} - }, - "TestCaseRunStatus":{ - "type":"string", - "enum":[ - "Success", - "Running", - "Failed" - ] - }, - "TestCaseRunSummary":{ - "type":"structure", - "required":[ - "testCaseId", - "testCaseVersion", - "testRunId", - "status", - "runStartTime" - ], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case id of the test case run summary.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test case run summary.

" - }, - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run id of the test case run summary.

" - }, - "status":{ - "shape":"TestCaseRunStatus", - "documentation":"

The status of the test case run summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test case run summary.

" - }, - "runStartTime":{ - "shape":"Timestamp", - "documentation":"

The run start time of the test case run summary.

" - }, - "runEndTime":{ - "shape":"Timestamp", - "documentation":"

The run end time of the test case run summary.

" - } - }, - "documentation":"

Specifies the test case run summary.

" - }, - "TestCaseRunSummaryList":{ - "type":"list", - "member":{"shape":"TestCaseRunSummary"} - }, - "TestCaseSummary":{ - "type":"structure", - "required":[ - "testCaseId", - "testCaseArn", - "name", - "latestVersion", - "status", - "creationTime", - "lastUpdateTime" - ], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test case summary.

" - }, - "testCaseArn":{ - "shape":"Arn", - "documentation":"

The test case Amazon Resource Name (ARN) of the test case summary.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test case summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test case summary.

" - }, - "latestVersion":{ - "shape":"Version", - "documentation":"

The latest version of the test case summary.

" - }, - "status":{ - "shape":"TestCaseLifecycle", - "documentation":"

The status of the test case summary.

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test case summary.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test case summary.

" - } - }, - "documentation":"

Specifies a test case summary.

" - }, - "TestCaseSummaryList":{ - "type":"list", - "member":{"shape":"TestCaseSummary"} - }, - "TestCases":{ - "type":"structure", - "members":{ - "sequential":{ - "shape":"TestCaseList", - "documentation":"

The sequential of the test case.

" - } - }, - "documentation":"

Specifies test cases.

", - "union":true - }, - "TestConfigurationIdList":{ - "type":"list", - "member":{"shape":"Identifier"} - }, - "TestConfigurationLatestVersion":{ - "type":"structure", - "required":[ - "version", - "status" - ], - "members":{ - "version":{ - "shape":"Version", - "documentation":"

The version of the test configuration latest version.

" - }, - "status":{ - "shape":"TestConfigurationLifecycle", - "documentation":"

The status of the test configuration latest version.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test configuration latest version.

" - } - }, - "documentation":"

Specifies the latest version of the test configuration.

" - }, - "TestConfigurationLifecycle":{ - "type":"string", - "enum":[ - "Active", - "Deleting" - ] - }, - "TestConfigurationList":{ - "type":"list", - "member":{"shape":"TestConfigurationSummary"} - }, - "TestConfigurationSummary":{ - "type":"structure", - "required":[ - "testConfigurationId", - "name", - "latestVersion", - "testConfigurationArn", - "status", - "creationTime", - "lastUpdateTime" - ], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The test configuration ID of the test configuration summary.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test configuration summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test configuration summary.

" - }, - "latestVersion":{ - "shape":"Version", - "documentation":"

The latest version of the test configuration summary.

" - }, - "testConfigurationArn":{ - "shape":"Arn", - "documentation":"

The test configuration ARN of the test configuration summary.

" - }, - "status":{ - "shape":"TestConfigurationLifecycle", - "documentation":"

The status of the test configuration summary.

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test configuration summary.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test configuration summary.

" - } - }, - "documentation":"

Specifies a test configuration summary.

" - }, - "TestRunIdList":{ - "type":"list", - "member":{"shape":"Identifier"} - }, - "TestRunStatus":{ - "type":"string", - "enum":[ - "Success", - "Running", - "Failed", - "Deleting" - ] - }, - "TestRunStepSummary":{ - "type":"structure", - "required":[ - "stepName", - "testRunId", - "status", - "runStartTime" - ], - "members":{ - "stepName":{ - "shape":"ResourceName", - "documentation":"

The step name of the test run step summary.

" - }, - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run step summary.

" - }, - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test run step summary.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test run step summary.

" - }, - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test run step summary.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The test suite version of the test run step summary.

" - }, - "beforeStep":{ - "shape":"Boolean", - "documentation":"

The before step of the test run step summary.

" - }, - "afterStep":{ - "shape":"Boolean", - "documentation":"

The after step of the test run step summary.

" - }, - "status":{ - "shape":"StepRunStatus", - "documentation":"

The status of the test run step summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test run step summary.

" - }, - "runStartTime":{ - "shape":"Timestamp", - "documentation":"

The run start time of the test run step summary.

" - }, - "runEndTime":{ - "shape":"Timestamp", - "documentation":"

The run end time of the test run step summary.

" - } - }, - "documentation":"

Specifies a test run step summary.

" - }, - "TestRunStepSummaryList":{ - "type":"list", - "member":{"shape":"TestRunStepSummary"} - }, - "TestRunSummary":{ - "type":"structure", - "required":[ - "testRunId", - "testRunArn", - "testSuiteId", - "testSuiteVersion", - "status", - "runStartTime" - ], - "members":{ - "testRunId":{ - "shape":"Identifier", - "documentation":"

The test run ID of the test run summary.

" - }, - "testRunArn":{ - "shape":"Arn", - "documentation":"

The test run ARN of the test run summary.

" - }, - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test run summary.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The test suite version of the test run summary.

" - }, - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The test configuration ID of the test run summary.

" - }, - "testConfigurationVersion":{ - "shape":"Version", - "documentation":"

The test configuration version of the test run summary.

" - }, - "status":{ - "shape":"TestRunStatus", - "documentation":"

The status of the test run summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test run summary.

" - }, - "runStartTime":{ - "shape":"Timestamp", - "documentation":"

The run start time of the test run summary.

" - }, - "runEndTime":{ - "shape":"Timestamp", - "documentation":"

The run end time of the test run summary.

" - } - }, - "documentation":"

Specifies a test run summary.

" - }, - "TestRunSummaryList":{ - "type":"list", - "member":{"shape":"TestRunSummary"} - }, - "TestSuiteIdList":{ - "type":"list", - "member":{"shape":"Identifier"} - }, - "TestSuiteLatestVersion":{ - "type":"structure", - "required":[ - "version", - "status" - ], - "members":{ - "version":{ - "shape":"Version", - "documentation":"

The version of the test suite latest version.

" - }, - "status":{ - "shape":"TestSuiteLifecycle", - "documentation":"

The status of the test suite latest version.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test suite latest version.

" - } - }, - "documentation":"

Specifies the latest version of a test suite.

" - }, - "TestSuiteLifecycle":{ - "type":"string", - "enum":[ - "Creating", - "Updating", - "Active", - "Failed", - "Deleting" - ] - }, - "TestSuiteList":{ - "type":"list", - "member":{"shape":"TestSuiteSummary"} - }, - "TestSuiteSummary":{ - "type":"structure", - "required":[ - "testSuiteId", - "name", - "latestVersion", - "testSuiteArn", - "status", - "creationTime", - "lastUpdateTime" - ], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test suite summary.

" - }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the test suite summary.

" - }, - "statusReason":{ - "shape":"String", - "documentation":"

The status reason of the test suite summary.

" - }, - "latestVersion":{ - "shape":"Version", - "documentation":"

The latest version of the test suite summary.

" - }, - "testSuiteArn":{ - "shape":"Arn", - "documentation":"

The test suite Amazon Resource Name (ARN) of the test suite summary.

" - }, - "status":{ - "shape":"TestSuiteLifecycle", - "documentation":"

The status of the test suite summary.

" - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

The creation time of the test suite summary.

" - }, - "lastUpdateTime":{ - "shape":"Timestamp", - "documentation":"

The last update time of the test suite summary.

" - } - }, - "documentation":"

Specifies the test suite summary.

" - }, - "ThrottlingException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "serviceCode":{ - "shape":"String", - "documentation":"

The service code of requests that exceed the limit.

" - }, - "quotaCode":{ - "shape":"String", - "documentation":"

The quota code of requests that exceed the limit.

" - }, - "retryAfterSeconds":{ - "shape":"Integer", - "documentation":"

The number of seconds to retry after for requests that exceed the limit.

", - "location":"header", - "locationName":"Retry-After" - } - }, - "documentation":"

The number of requests made exceeds the limit.

", - "error":{ - "httpStatusCode":429, - "senderFault":true - }, - "exception":true, - "retryable":{"throttling":true} - }, - "Timestamp":{"type":"timestamp"}, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tagKeys" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

The Amazon Resource Name (ARN) of the resource.

", - "location":"uri", - "locationName":"resourceArn" - }, - "tagKeys":{ - "shape":"TagKeyList", - "documentation":"

The tag keys of the resource.

", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateTestCaseRequest":{ - "type":"structure", - "required":["testCaseId"], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test case.

", - "location":"uri", - "locationName":"testCaseId" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test case.

" - }, - "steps":{ - "shape":"StepList", - "documentation":"

The steps of the test case.

" - } - } - }, - "UpdateTestCaseResponse":{ - "type":"structure", - "required":[ - "testCaseId", - "testCaseVersion" - ], - "members":{ - "testCaseId":{ - "shape":"Identifier", - "documentation":"

The test case ID of the test case.

" - }, - "testCaseVersion":{ - "shape":"Version", - "documentation":"

The test case version of the test case.

" - } - } - }, - "UpdateTestConfigurationRequest":{ - "type":"structure", - "required":["testConfigurationId"], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The test configuration ID of the test configuration.

", - "location":"uri", - "locationName":"testConfigurationId" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test configuration.

" - }, - "resources":{ - "shape":"ResourceList", - "documentation":"

The resources of the test configuration.

" - }, - "properties":{ - "shape":"Properties", - "documentation":"

The properties of the test configuration.

" - }, - "serviceSettings":{ - "shape":"ServiceSettings", - "documentation":"

The service settings of the test configuration.

" - } - } - }, - "UpdateTestConfigurationResponse":{ - "type":"structure", - "required":[ - "testConfigurationId", - "testConfigurationVersion" - ], - "members":{ - "testConfigurationId":{ - "shape":"Identifier", - "documentation":"

The configuration ID of the test configuration.

" - }, - "testConfigurationVersion":{ - "shape":"Version", - "documentation":"

The configuration version of the test configuration.

" - } - } - }, - "UpdateTestSuiteRequest":{ - "type":"structure", - "required":["testSuiteId"], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test suite.

", - "location":"uri", - "locationName":"testSuiteId" - }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the test suite.

" - }, - "beforeSteps":{ - "shape":"StepList", - "documentation":"

The before steps for the test suite.

" - }, - "afterSteps":{ - "shape":"StepList", - "documentation":"

The after steps of the test suite.

" - }, - "testCases":{ - "shape":"TestCases", - "documentation":"

The test cases in the test suite.

" - } - } - }, - "UpdateTestSuiteResponse":{ - "type":"structure", - "required":["testSuiteId"], - "members":{ - "testSuiteId":{ - "shape":"Identifier", - "documentation":"

The test suite ID of the test suite.

" - }, - "testSuiteVersion":{ - "shape":"Version", - "documentation":"

The test suite version of the test suite.

" - } - } - }, - "ValidationException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"}, - "reason":{ - "shape":"ValidationExceptionReason", - "documentation":"

The reason for the validation exception.

" - }, - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

The field list of the validation exception.

" - } - }, - "documentation":"

One or more parameter provided in the request is not valid.

", - "error":{ - "httpStatusCode":400, - "senderFault":true - }, - "exception":true - }, - "ValidationExceptionField":{ - "type":"structure", - "required":[ - "name", - "message" - ], - "members":{ - "name":{ - "shape":"String", - "documentation":"

The name of the validation exception field.

" - }, - "message":{ - "shape":"String", - "documentation":"

The message stating reason for why service validation failed.

" - } - }, - "documentation":"

Specifies a validation exception field.

" - }, - "ValidationExceptionFieldList":{ - "type":"list", - "member":{"shape":"ValidationExceptionField"} - }, - "ValidationExceptionReason":{ - "type":"string", - "enum":[ - "unknownOperation", - "cannotParse", - "fieldValidationFailed", - "other" - ] - }, - "Variable":{ - "type":"string", - "pattern":"\\S{1,1000}" - }, - "Version":{ - "type":"integer", - "box":true - } - }, - "documentation":"

AWS Mainframe Modernization Application Testing provides tools and resources for automated functional equivalence testing for your migration projects.

" -} diff -pruN 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/waiters-2.json 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/waiters-2.json --- 2.23.6-1/awscli/botocore/data/apptest/2022-12-06/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/apptest/2022-12-06/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -{ - "version": 2, - "waiters": { - } -} diff -pruN 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,434 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseControlPlaneEndpoint": { + "required": false, + "documentation": "Whether the operation is a control plane operation. Control plane operations are routed to a centralized endpoint in the partition leader.", + "type": "Boolean" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + }, + true + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://arc-region-switch-control-plane.cn-north-1.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "arc-region-switch", + "signingRegion": "cn-north-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + }, + true + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + } + ], + "error": "Invalid Configuration: FIPS is not supported in this partition", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://arc-region-switch-control-plane-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "arc-region-switch", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseControlPlaneEndpoint" + }, + true + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://arc-region-switch-control-plane.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "arc-region-switch", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://arc-region-switch-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://arc-region-switch.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json --- 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,46 @@ +{ + "pagination": { + "GetPlanEvaluationStatus": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "warnings" + }, + "GetPlanExecution": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "stepStates" + }, + "ListPlanExecutionEvents": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListPlanExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListPlans": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "plans" + }, + "ListPlansInRegion": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "plans" + }, + "ListRoute53HealthChecks": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "healthChecks" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,33 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "GetPlanEvaluationStatus": { + "non_aggregate_keys": [ + "lastEvaluatedVersion", + "planArn", + "lastEvaluationTime", + "evaluationState", + "region" + ] + }, + "GetPlanExecution": { + "non_aggregate_keys": [ + "comment", + "executionRegion", + "endTime", + "startTime", + "executionState", + "executionAction", + "plan", + "executionId", + "updatedAt", + "planArn", + "actualRecoveryTime", + "version", + "mode" + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,2646 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2022-07-26", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"arc-region-switch", + "jsonVersion":"1.0", + "protocol":"smithy-rpc-v2-cbor", + "protocols":[ + "smithy-rpc-v2-cbor", + "json" + ], + "serviceFullName":"ARC - Region switch", + "serviceId":"ARC Region switch", + "signatureVersion":"v4", + "signingName":"arc-region-switch", + "targetPrefix":"ArcRegionSwitch", + "uid":"arc-region-switch-2022-07-26" + }, + "operations":{ + "ApprovePlanExecutionStep":{ + "name":"ApprovePlanExecutionStep", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ApprovePlanExecutionStepRequest"}, + "output":{"shape":"ApprovePlanExecutionStepResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Approves a step in a plan execution that requires manual approval. When you create a plan, you can include approval steps that require manual intervention before the execution can proceed. This operation allows you to provide that approval.

You must specify the plan ARN, execution ID, step name, and approval status. You can also provide an optional comment explaining the approval decision.

" + }, + "CancelPlanExecution":{ + "name":"CancelPlanExecution", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelPlanExecutionRequest"}, + "output":{"shape":"CancelPlanExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Cancels an in-progress plan execution. This operation stops the execution of the plan and prevents any further steps from being processed.

You must specify the plan ARN and execution ID. You can also provide an optional comment explaining why the execution was canceled.

" + }, + "CreatePlan":{ + "name":"CreatePlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreatePlanRequest"}, + "output":{"shape":"CreatePlanResponse"}, + "documentation":"

Creates a new Region switch plan. A plan defines the steps required to shift traffic from one Amazon Web Services Region to another.

You must specify a name for the plan, the primary Region, and at least one additional Region. You can also provide a description, execution role, recovery time objective, associated alarms, triggers, and workflows that define the steps to execute during a Region switch.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "DeletePlan":{ + "name":"DeletePlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeletePlanRequest"}, + "output":{"shape":"DeletePlanResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"IllegalStateException"} + ], + "documentation":"

Deletes a Region switch plan. You must specify the ARN of the plan to delete.

You cannot delete a plan that has an active execution in progress.

", + "idempotent":true, + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "GetPlan":{ + "name":"GetPlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPlanRequest"}, + "output":{"shape":"GetPlanResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves detailed information about a Region switch plan. You must specify the ARN of the plan.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "GetPlanEvaluationStatus":{ + "name":"GetPlanEvaluationStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPlanEvaluationStatusRequest"}, + "output":{"shape":"GetPlanEvaluationStatusResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves the evaluation status of a Region switch plan. The evaluation status provides information about the last time the plan was evaluated and any warnings or issues detected.

" + }, + "GetPlanExecution":{ + "name":"GetPlanExecution", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPlanExecutionRequest"}, + "output":{"shape":"GetPlanExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves detailed information about a specific plan execution. You must specify the plan ARN and execution ID.

" + }, + "GetPlanInRegion":{ + "name":"GetPlanInRegion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPlanInRegionRequest"}, + "output":{"shape":"GetPlanInRegionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves information about a Region switch plan in a specific Amazon Web Services Region. This operation is useful for getting Region-specific information about a plan.

" + }, + "ListPlanExecutionEvents":{ + "name":"ListPlanExecutionEvents", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListPlanExecutionEventsRequest"}, + "output":{"shape":"ListPlanExecutionEventsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists the events that occurred during a plan execution. These events provide a detailed timeline of the execution process.

" + }, + "ListPlanExecutions":{ + "name":"ListPlanExecutions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListPlanExecutionsRequest"}, + "output":{"shape":"ListPlanExecutionsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists the executions of a Region switch plan. This operation returns information about both current and historical executions.

" + }, + "ListPlans":{ + "name":"ListPlans", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListPlansRequest"}, + "output":{"shape":"ListPlansResponse"}, + "documentation":"

Lists all Region switch plans in your Amazon Web Services account.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "ListPlansInRegion":{ + "name":"ListPlansInRegion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListPlansInRegionRequest"}, + "output":{"shape":"ListPlansInRegionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all Region switch plans in your Amazon Web Services account that are available in the current Amazon Web Services Region.

" + }, + "ListRoute53HealthChecks":{ + "name":"ListRoute53HealthChecks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRoute53HealthChecksRequest"}, + "output":{"shape":"ListRoute53HealthChecksResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

List the Amazon Route 53 health checks.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists the tags attached to a Region switch resource.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "StartPlanExecution":{ + "name":"StartPlanExecution", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartPlanExecutionRequest"}, + "output":{"shape":"StartPlanExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"IllegalStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"IllegalArgumentException"} + ], + "documentation":"

Starts the execution of a Region switch plan. You can execute a plan in either PRACTICE or RECOVERY mode.

In PRACTICE mode, the execution simulates the steps without making actual changes to your application's traffic routing. In RECOVERY mode, the execution performs actual changes to shift traffic between Regions.

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Adds or updates tags for a Region switch resource. You can assign metadata to your resources in the form of tags, which are key-value pairs.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Removes tags from a Region switch resource.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "UpdatePlan":{ + "name":"UpdatePlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdatePlanRequest"}, + "output":{"shape":"UpdatePlanResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Updates an existing Region switch plan. You can modify the plan's description, workflows, execution role, recovery time objective, associated alarms, and triggers.

", + "staticContextParams":{ + "UseControlPlaneEndpoint":{"value":true} + } + }, + "UpdatePlanExecution":{ + "name":"UpdatePlanExecution", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdatePlanExecutionRequest"}, + "output":{"shape":"UpdatePlanExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"IllegalStateException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Updates an in-progress plan execution. This operation allows you to modify certain aspects of the execution, such as adding a comment or changing the action.

" + }, + "UpdatePlanExecutionStep":{ + "name":"UpdatePlanExecutionStep", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdatePlanExecutionStepRequest"}, + "output":{"shape":"UpdatePlanExecutionStepResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Updates a specific step in an in-progress plan execution. This operation allows you to modify the step's comment or action.

" + } + }, + "shapes":{ + "AbbreviatedExecution":{ + "type":"structure", + "required":[ + "planArn", + "executionId", + "startTime", + "mode", + "executionState", + "executionAction", + "executionRegion" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "version":{ + "shape":"String", + "documentation":"

The version for the plan.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan execution was last updated.

" + }, + "comment":{ + "shape":"String", + "documentation":"

An optional comment about the plan execution.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan execution was started.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan execution was ended.

" + }, + "mode":{ + "shape":"ExecutionMode", + "documentation":"

The plan execution mode. Valid values are Practice, for testing without making actual changes, or Recovery, for actual traffic shifting and application recovery.

" + }, + "executionState":{ + "shape":"ExecutionState", + "documentation":"

The plan execution state. Provides the state of a plan execution, for example, In Progress or Paused by Operator.

" + }, + "executionAction":{ + "shape":"ExecutionAction", + "documentation":"

The plan execution action. Valid values are Activate, to activate an Amazon Web Services Region, or Deactivate, to deactivate a Region.

" + }, + "executionRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region for a plan execution.

" + }, + "actualRecoveryTime":{ + "shape":"Duration", + "documentation":"

The actual recovery time that Region switch calculates for a plan execution. Actual recovery time includes the time for the plan to run added to the time elapsed until the application health alarms that you've specified are healthy again.

" + } + }, + "documentation":"

A summarized representation of a plan execution. This structure contains key information about an execution without all the detailed step data.

" + }, + "AbbreviatedExecutionsList":{ + "type":"list", + "member":{"shape":"AbbreviatedExecution"} + }, + "AbbreviatedPlan":{ + "type":"structure", + "required":[ + "arn", + "owner", + "name", + "regions", + "recoveryApproach" + ], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the Region switch plan.

" + }, + "owner":{ + "shape":"AccountId", + "documentation":"

The owner of a Region switch plan.

" + }, + "name":{ + "shape":"PlanName", + "documentation":"

The name of a Region switch plan.

" + }, + "regions":{ + "shape":"RegionList", + "documentation":"

The Amazon Web Services Region specified for a Region switch plan.

" + }, + "recoveryApproach":{ + "shape":"RecoveryApproach", + "documentation":"

The recovery approach for a Region switch plan, which can be active/active (activeActive) or active/passive (activePassive).

" + }, + "primaryRegion":{ + "shape":"Region", + "documentation":"

The primary Region for a plan.

" + }, + "version":{ + "shape":"String", + "documentation":"

The version for the plan.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan execution was last updated.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description of a Region switch plan.

" + }, + "executionRole":{ + "shape":"String", + "documentation":"

The execution role is a way to categorize a Region switch plan.

" + }, + "activePlanExecution":{ + "shape":"ExecutionId", + "documentation":"

Specifies if this is the active plan execution at this time.

" + }, + "recoveryTimeObjectiveMinutes":{ + "shape":"AbbreviatedPlanRecoveryTimeObjectiveMinutesInteger", + "documentation":"

The recovery time objective that you've specified.

" + } + }, + "documentation":"

A summarized representation of a Region switch plan. This structure contains key information about a plan without all the detailed workflow and step data.

" + }, + "AbbreviatedPlanRecoveryTimeObjectiveMinutesInteger":{ + "type":"integer", + "box":true, + "max":10080, + "min":1 + }, + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

You do not have sufficient access to perform this action.

HTTP Status Code: 403

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccountId":{ + "type":"string", + "pattern":"\\d{12}" + }, + "AlarmCondition":{ + "type":"string", + "enum":[ + "red", + "green" + ] + }, + "AlarmType":{ + "type":"string", + "enum":[ + "applicationHealth", + "trigger" + ] + }, + "Approval":{ + "type":"string", + "enum":[ + "approve", + "decline" + ] + }, + "ApprovePlanExecutionStepRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId", + "stepName", + "approval" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "stepName":{ + "shape":"StepName", + "documentation":"

The name of a step in a plan execution.

" + }, + "approval":{ + "shape":"Approval", + "documentation":"

The status of approval for a plan execution step.

" + }, + "comment":{ + "shape":"ExecutionComment", + "documentation":"

A comment that you can enter about a plan execution.

" + } + } + }, + "ApprovePlanExecutionStepResponse":{ + "type":"structure", + "members":{} + }, + "ArcRoutingControlConfiguration":{ + "type":"structure", + "required":["regionAndRoutingControls"], + "members":{ + "timeoutMinutes":{ + "shape":"ArcRoutingControlConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "regionAndRoutingControls":{ + "shape":"RegionAndRoutingControls", + "documentation":"

The Region and ARC routing controls for the configuration.

" + } + }, + "documentation":"

Configuration for ARC routing controls used in a Region switch plan. Routing controls are simple on/off switches that you can use to shift traffic away from an impaired Region.

" + }, + "ArcRoutingControlConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "ArcRoutingControlState":{ + "type":"structure", + "required":[ + "routingControlArn", + "state" + ], + "members":{ + "routingControlArn":{ + "shape":"RoutingControlArn", + "documentation":"

The Amazon Resource Name (ARN) of a routing control.

" + }, + "state":{ + "shape":"RoutingControlStateChange", + "documentation":"

The state of an ARC routing control, On or Off.

" + } + }, + "documentation":"

Represents the state of an ARC routing control.

" + }, + "ArcRoutingControlStates":{ + "type":"list", + "member":{"shape":"ArcRoutingControlState"} + }, + "Asg":{ + "type":"structure", + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "arn":{ + "shape":"AsgArn", + "documentation":"

The Amazon Resource Name (ARN) of the EC2 Auto Scaling group.

" + } + }, + "documentation":"

Configuration for an Amazon EC2 Auto Scaling group used in a Region switch plan.

" + }, + "AsgArn":{ + "type":"string", + "pattern":"arn:aws:autoscaling:[a-z0-9-]+:\\d{12}:autoScalingGroup:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}:autoScalingGroupName/[\\S\\s]{1,255}" + }, + "AsgList":{ + "type":"list", + "member":{"shape":"Asg"}, + "max":2, + "min":2 + }, + "AssociatedAlarm":{ + "type":"structure", + "required":[ + "resourceIdentifier", + "alarmType" + ], + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "resourceIdentifier":{ + "shape":"String", + "documentation":"

The resource identifier for alarms that you associate with a plan.

" + }, + "alarmType":{ + "shape":"AlarmType", + "documentation":"

The alarm type for an associated alarm. An associated CloudWatch alarm can be an application health alarm or a trigger alarm.

" + } + }, + "documentation":"

An Amazon CloudWatch alarm associated with a Region switch plan. These alarms can be used to trigger automatic execution of the plan.

" + }, + "AssociatedAlarmMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"AssociatedAlarm"} + }, + "AuroraClusterArn":{"type":"string"}, + "AuroraClusterArns":{ + "type":"list", + "member":{"shape":"AuroraClusterArn"} + }, + "CancelPlanExecutionRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "comment":{ + "shape":"ExecutionComment", + "documentation":"

A comment that you can enter about canceling a plan execution step.

" + } + } + }, + "CancelPlanExecutionResponse":{ + "type":"structure", + "members":{} + }, + "CreatePlanRequest":{ + "type":"structure", + "required":[ + "workflows", + "executionRole", + "name", + "regions", + "recoveryApproach" + ], + "members":{ + "description":{ + "shape":"String", + "documentation":"

The description of a Region switch plan.

" + }, + "workflows":{ + "shape":"WorkflowList", + "documentation":"

An array of workflows included in a Region switch plan.

" + }, + "executionRole":{ + "shape":"IamRoleArn", + "documentation":"

An execution role is a way to categorize a Region switch plan.

" + }, + "recoveryTimeObjectiveMinutes":{ + "shape":"CreatePlanRequestRecoveryTimeObjectiveMinutesInteger", + "documentation":"

Optionally, you can specify an recovery time objective for a Region switch plan, in minutes.

" + }, + "associatedAlarms":{ + "shape":"AssociatedAlarmMap", + "documentation":"

The alarms associated with a Region switch plan.

" + }, + "triggers":{ + "shape":"TriggerList", + "documentation":"

The triggers associated with a Region switch plan.

" + }, + "name":{ + "shape":"PlanName", + "documentation":"

The name of a Region switch plan.

" + }, + "regions":{ + "shape":"RegionList", + "documentation":"

An array that specifies the Amazon Web Services Regions for a Region switch plan. Specify two Regions.

" + }, + "recoveryApproach":{ + "shape":"RecoveryApproach", + "documentation":"

The recovery approach for a Region switch plan, which can be active/active (activeActive) or active/passive (activePassive).

" + }, + "primaryRegion":{ + "shape":"Region", + "documentation":"

The primary Amazon Web Services Region for the application. This is the Region where the application normally runs before any Region switch occurs.

" + }, + "tags":{ + "shape":"Tags", + "documentation":"

The tags to apply to the Region switch plan.

" + } + } + }, + "CreatePlanRequestRecoveryTimeObjectiveMinutesInteger":{ + "type":"integer", + "box":true, + "max":10080, + "min":1 + }, + "CreatePlanResponse":{ + "type":"structure", + "members":{ + "plan":{ + "shape":"Plan", + "documentation":"

The details of the created Region switch plan.

" + } + } + }, + "CustomActionLambdaConfiguration":{ + "type":"structure", + "required":[ + "lambdas", + "retryIntervalMinutes", + "regionToRun" + ], + "members":{ + "timeoutMinutes":{ + "shape":"CustomActionLambdaConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "lambdas":{ + "shape":"LambdaList", + "documentation":"

The Amazon Web Services Lambda functions for the execution block.

" + }, + "retryIntervalMinutes":{ + "shape":"Float", + "documentation":"

The retry interval specified.

" + }, + "regionToRun":{ + "shape":"RegionToRunIn", + "documentation":"

The Amazon Web Services Region for the function to run in.

" + }, + "ungraceful":{ + "shape":"LambdaUngraceful", + "documentation":"

The settings for ungraceful execution.

" + } + }, + "documentation":"

Configuration for Amazon Web Services Lambda functions that perform custom actions during a Region switch.

" + }, + "CustomActionLambdaConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "DeletePlanRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + } + } + }, + "DeletePlanResponse":{ + "type":"structure", + "members":{} + }, + "Duration":{ + "type":"string", + "pattern":"P(?!$)(\\d+Y)?(\\d+M)?(\\d+D)?(T(?=\\d)(\\d+H)?(\\d+M)?(\\d+S)?)?" + }, + "Ec2AsgCapacityIncreaseConfiguration":{ + "type":"structure", + "required":["asgs"], + "members":{ + "timeoutMinutes":{ + "shape":"Ec2AsgCapacityIncreaseConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "asgs":{ + "shape":"AsgList", + "documentation":"

The EC2 Auto Scaling groups for the configuration.

" + }, + "ungraceful":{ + "shape":"Ec2Ungraceful", + "documentation":"

The settings for ungraceful execution.

" + }, + "targetPercent":{ + "shape":"Integer", + "documentation":"

The target percentage that you specify for EC2 Auto Scaling groups.

" + }, + "capacityMonitoringApproach":{ + "shape":"Ec2AsgCapacityMonitoringApproach", + "documentation":"

The monitoring approach that you specify EC2 Auto Scaling groups for the configuration.

" + } + }, + "documentation":"

Configuration for increasing the capacity of Amazon EC2 Auto Scaling groups during a Region switch.

" + }, + "Ec2AsgCapacityIncreaseConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "Ec2AsgCapacityMonitoringApproach":{ + "type":"string", + "enum":[ + "sampledMaxInLast24Hours", + "autoscalingMaxInLast24Hours" + ] + }, + "Ec2Ungraceful":{ + "type":"structure", + "required":["minimumSuccessPercentage"], + "members":{ + "minimumSuccessPercentage":{ + "shape":"Ec2UngracefulMinimumSuccessPercentageInteger", + "documentation":"

The minimum success percentage that you specify for EC2 Auto Scaling groups.

" + } + }, + "documentation":"

Configuration for handling failures when performing operations on EC2 resources.

" + }, + "Ec2UngracefulMinimumSuccessPercentageInteger":{ + "type":"integer", + "box":true, + "max":99, + "min":0 + }, + "EcsCapacityIncreaseConfiguration":{ + "type":"structure", + "required":["services"], + "members":{ + "timeoutMinutes":{ + "shape":"EcsCapacityIncreaseConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "services":{ + "shape":"ServiceList", + "documentation":"

The services specified for the configuration.

" + }, + "ungraceful":{ + "shape":"EcsUngraceful", + "documentation":"

The settings for ungraceful execution.

" + }, + "targetPercent":{ + "shape":"Integer", + "documentation":"

The target percentage specified for the configuration.

" + }, + "capacityMonitoringApproach":{ + "shape":"EcsCapacityMonitoringApproach", + "documentation":"

The monitoring approach specified for the configuration, for example, Most_Recent.

" + } + }, + "documentation":"

The configuration for an Amazon Web Services ECS capacity increase.

" + }, + "EcsCapacityIncreaseConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "EcsCapacityMonitoringApproach":{ + "type":"string", + "enum":[ + "sampledMaxInLast24Hours", + "containerInsightsMaxInLast24Hours" + ] + }, + "EcsClusterArn":{ + "type":"string", + "pattern":"arn:aws:ecs:[a-z0-9-]+:\\d{12}:cluster/[a-zA-Z0-9_-]{1,255}" + }, + "EcsServiceArn":{ + "type":"string", + "pattern":"arn:aws:ecs:[a-z0-9-]+:\\d{12}:service/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]{1,255}" + }, + "EcsUngraceful":{ + "type":"structure", + "required":["minimumSuccessPercentage"], + "members":{ + "minimumSuccessPercentage":{ + "shape":"EcsUngracefulMinimumSuccessPercentageInteger", + "documentation":"

The minimum success percentage specified for the configuration.

" + } + }, + "documentation":"

The settings for ungraceful execution.

" + }, + "EcsUngracefulMinimumSuccessPercentageInteger":{ + "type":"integer", + "box":true, + "max":99, + "min":0 + }, + "EksCapacityMonitoringApproach":{ + "type":"string", + "enum":["sampledMaxInLast24Hours"] + }, + "EksCluster":{ + "type":"structure", + "required":["clusterArn"], + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "clusterArn":{ + "shape":"EksClusterArn", + "documentation":"

The Amazon Resource Name (ARN) of an Amazon Web Services EKS cluster.

" + } + }, + "documentation":"

The Amazon Web Services EKS cluster execution block configuration.

" + }, + "EksClusterArn":{ + "type":"string", + "pattern":"arn:aws[a-zA-Z-]*:eks:[a-z0-9-]+:\\d{12}:cluster/[a-zA-Z0-9][a-zA-Z0-9-_]{0,99}" + }, + "EksClusters":{ + "type":"list", + "member":{"shape":"EksCluster"}, + "min":2 + }, + "EksResourceScalingConfiguration":{ + "type":"structure", + "required":["kubernetesResourceType"], + "members":{ + "timeoutMinutes":{ + "shape":"EksResourceScalingConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "kubernetesResourceType":{ + "shape":"KubernetesResourceType", + "documentation":"

The Kubernetes resource type for the configuration.

" + }, + "scalingResources":{ + "shape":"KubernetesScalingApps", + "documentation":"

The scaling resources for the configuration.

" + }, + "eksClusters":{ + "shape":"EksClusters", + "documentation":"

The clusters for the configuration.

" + }, + "ungraceful":{ + "shape":"EksResourceScalingUngraceful", + "documentation":"

The settings for ungraceful execution.

" + }, + "targetPercent":{ + "shape":"EksResourceScalingConfigurationTargetPercentInteger", + "documentation":"

The target percentage for the configuration.

" + }, + "capacityMonitoringApproach":{ + "shape":"EksCapacityMonitoringApproach", + "documentation":"

The monitoring approach for the configuration, that is, whether it was sampled in the last 24 hours or autoscaled in the last 24 hours.

" + } + }, + "documentation":"

The Amazon Web Services EKS resource scaling configuration.

" + }, + "EksResourceScalingConfigurationTargetPercentInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "EksResourceScalingConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "EksResourceScalingUngraceful":{ + "type":"structure", + "required":["minimumSuccessPercentage"], + "members":{ + "minimumSuccessPercentage":{ + "shape":"EksResourceScalingUngracefulMinimumSuccessPercentageInteger", + "documentation":"

The minimum success percentage for the configuration.

" + } + }, + "documentation":"

The ungraceful settings for Amazon Web Services EKS resource scaling.

" + }, + "EksResourceScalingUngracefulMinimumSuccessPercentageInteger":{ + "type":"integer", + "box":true, + "max":99, + "min":0 + }, + "EvaluationStatus":{ + "type":"string", + "enum":[ + "passed", + "actionRequired", + "pendingEvaluation", + "unknown" + ] + }, + "ExecutionAction":{ + "type":"string", + "enum":[ + "activate", + "deactivate" + ] + }, + "ExecutionApprovalConfiguration":{ + "type":"structure", + "required":["approvalRole"], + "members":{ + "timeoutMinutes":{ + "shape":"ExecutionApprovalConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "approvalRole":{ + "shape":"RoleArn", + "documentation":"

The IAM approval role for the configuration.

" + } + }, + "documentation":"

Configuration for approval steps in a Region switch plan execution. Approval steps require manual intervention before the execution can proceed.

" + }, + "ExecutionApprovalConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "ExecutionBlockConfiguration":{ + "type":"structure", + "members":{ + "customActionLambdaConfig":{ + "shape":"CustomActionLambdaConfiguration", + "documentation":"

An Amazon Web Services Lambda execution block.

" + }, + "ec2AsgCapacityIncreaseConfig":{ + "shape":"Ec2AsgCapacityIncreaseConfiguration", + "documentation":"

An EC2 Auto Scaling group execution block.

" + }, + "executionApprovalConfig":{ + "shape":"ExecutionApprovalConfiguration", + "documentation":"

A manual approval execution block.

" + }, + "arcRoutingControlConfig":{ + "shape":"ArcRoutingControlConfiguration", + "documentation":"

An ARC routing control execution block.

" + }, + "globalAuroraConfig":{ + "shape":"GlobalAuroraConfiguration", + "documentation":"

An Aurora Global Database execution block.

" + }, + "parallelConfig":{ + "shape":"ParallelExecutionBlockConfiguration", + "documentation":"

A parallel configuration execution block.

" + }, + "regionSwitchPlanConfig":{ + "shape":"RegionSwitchPlanConfiguration", + "documentation":"

A Region switch plan execution block.

" + }, + "ecsCapacityIncreaseConfig":{ + "shape":"EcsCapacityIncreaseConfiguration", + "documentation":"

The capacity increase specified for the configuration.

" + }, + "eksResourceScalingConfig":{ + "shape":"EksResourceScalingConfiguration", + "documentation":"

An Amazon Web Services EKS resource scaling execution block.

" + }, + "route53HealthCheckConfig":{ + "shape":"Route53HealthCheckConfiguration", + "documentation":"

The Amazon Route 53 health check configuration.

" + } + }, + "documentation":"

Execution block configurations for a workflow in a Region switch plan. An execution block represents a specific type of action to perform during a Region switch.

", + "union":true + }, + "ExecutionBlockType":{ + "type":"string", + "enum":[ + "CustomActionLambda", + "ManualApproval", + "AuroraGlobalDatabase", + "EC2AutoScaling", + "ARCRoutingControl", + "ARCRegionSwitchPlan", + "Parallel", + "ECSServiceScaling", + "EKSResourceScaling", + "Route53HealthCheck" + ] + }, + "ExecutionComment":{ + "type":"string", + "max":1024, + "min":0 + }, + "ExecutionEvent":{ + "type":"structure", + "required":["eventId"], + "members":{ + "timestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp for an execution event.

" + }, + "type":{ + "shape":"ExecutionEventType", + "documentation":"

The type of an execution event.

" + }, + "stepName":{ + "shape":"StepName", + "documentation":"

The step name for an execution event.

" + }, + "executionBlockType":{ + "shape":"ExecutionBlockType", + "documentation":"

The execution block type for an execution event.

" + }, + "resources":{ + "shape":"Resources", + "documentation":"

The resources for an execution event.

" + }, + "error":{ + "shape":"String", + "documentation":"

Errors for an execution event.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description for an execution event.

" + }, + "eventId":{ + "shape":"String", + "documentation":"

The event ID for an execution event.

" + }, + "previousEventId":{ + "shape":"String", + "documentation":"

The event ID of the previous execution event.

" + } + }, + "documentation":"

Represents an event that occurred during a plan execution. These events provide a detailed timeline of the execution process.

" + }, + "ExecutionEventList":{ + "type":"list", + "member":{"shape":"ExecutionEvent"} + }, + "ExecutionEventType":{ + "type":"string", + "enum":[ + "unknown", + "executionPending", + "executionStarted", + "executionSucceeded", + "executionFailed", + "executionPausing", + "executionPaused", + "executionCanceling", + "executionCanceled", + "executionPendingApproval", + "executionBehaviorChangedToUngraceful", + "executionBehaviorChangedToGraceful", + "executionPendingChildPlanManualApproval", + "executionSuccessMonitoringApplicationHealth", + "stepStarted", + "stepUpdate", + "stepSucceeded", + "stepFailed", + "stepSkipped", + "stepPausedByError", + "stepPausedByOperator", + "stepCanceled", + "stepPendingApproval", + "stepExecutionBehaviorChangedToUngraceful", + "stepPendingApplicationHealthMonitor" + ] + }, + "ExecutionId":{"type":"string"}, + "ExecutionMode":{ + "type":"string", + "enum":[ + "graceful", + "ungraceful" + ] + }, + "ExecutionState":{ + "type":"string", + "enum":[ + "inProgress", + "pausedByFailedStep", + "pausedByOperator", + "completed", + "completedWithExceptions", + "canceled", + "planExecutionTimedOut", + "pendingManualApproval", + "failed", + "pending", + "completedMonitoringApplicationHealth" + ] + }, + "Float":{ + "type":"float", + "box":true + }, + "GetPlanEvaluationStatusRequest":{ + "type":"structure", + "required":["planArn"], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the Region switch plan to retrieve evaluation status for.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "GetPlanEvaluationStatusResponse":{ + "type":"structure", + "required":["planArn"], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "lastEvaluationTime":{ + "shape":"Timestamp", + "documentation":"

The time of the last time that Region switch ran an evaluation of the plan.

" + }, + "lastEvaluatedVersion":{ + "shape":"String", + "documentation":"

The version of the last evaluation of the plan.

" + }, + "region":{ + "shape":"Region", + "documentation":"

The Amazon Web Services Region for the plan.

" + }, + "evaluationState":{ + "shape":"EvaluationStatus", + "documentation":"

The evaluation state for the plan.

" + }, + "warnings":{ + "shape":"PlanWarnings", + "documentation":"

The current evaluation warnings for the plan.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "GetPlanExecutionRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan with the execution to retrieve.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "maxResults":{ + "shape":"GetPlanExecutionStepStatesMaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "GetPlanExecutionResponse":{ + "type":"structure", + "required":[ + "planArn", + "executionId", + "startTime", + "mode", + "executionState", + "executionAction", + "executionRegion" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "version":{ + "shape":"String", + "documentation":"

The version for the plan.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan execution was last updated.

" + }, + "comment":{ + "shape":"String", + "documentation":"

A comment included on the plan execution.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The time (UTC) when the plan execution started.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The time (UTC) when the plan execution ended.

" + }, + "mode":{ + "shape":"ExecutionMode", + "documentation":"

The plan execution mode. Valid values are Practice, for testing without making actual changes, or Recovery, for actual traffic shifting and application recovery.

" + }, + "executionState":{ + "shape":"ExecutionState", + "documentation":"

The plan execution state. Provides the state of a plan execution, for example, In Progress or Paused by Operator.

" + }, + "executionAction":{ + "shape":"ExecutionAction", + "documentation":"

The plan execution action. Valid values are Activate, to activate an Amazon Web Services Region, or Deactivate, to deactivate a Region.

" + }, + "executionRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region for a plan execution.

" + }, + "stepStates":{ + "shape":"StepStates", + "documentation":"

The states of the steps in the plan execution.

" + }, + "plan":{ + "shape":"Plan", + "documentation":"

The details of the Region switch plan.

" + }, + "actualRecoveryTime":{ + "shape":"Duration", + "documentation":"

The actual recovery time that Region switch calculates for a plan execution. Actual recovery time includes the time for the plan to run added to the time elapsed until the application health alarms that you've specified are healthy again.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "GetPlanExecutionStepStatesMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "GetPlanInRegionRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan in Region.

" + } + } + }, + "GetPlanInRegionResponse":{ + "type":"structure", + "members":{ + "plan":{ + "shape":"Plan", + "documentation":"

The details of the Region switch plan.

" + } + } + }, + "GetPlanRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + } + } + }, + "GetPlanResponse":{ + "type":"structure", + "members":{ + "plan":{ + "shape":"Plan", + "documentation":"

The detailed information about the requested Region switch plan.

" + } + } + }, + "GlobalAuroraConfiguration":{ + "type":"structure", + "required":[ + "behavior", + "globalClusterIdentifier", + "databaseClusterArns" + ], + "members":{ + "timeoutMinutes":{ + "shape":"GlobalAuroraConfigurationTimeoutMinutesInteger", + "documentation":"

The timeout value specified for the configuration.

" + }, + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "behavior":{ + "shape":"GlobalAuroraDefaultBehavior", + "documentation":"

The behavior for a global database, that is, only allow switchover or also allow failover.

" + }, + "ungraceful":{ + "shape":"GlobalAuroraUngraceful", + "documentation":"

The settings for ungraceful execution.

" + }, + "globalClusterIdentifier":{ + "shape":"GlobalClusterIdentifier", + "documentation":"

The global cluster identifier for a global database.

" + }, + "databaseClusterArns":{ + "shape":"AuroraClusterArns", + "documentation":"

The database cluster Amazon Resource Names (ARNs) for a global database.

" + } + }, + "documentation":"

Configuration for Amazon Aurora global databases used in a Region switch plan.

" + }, + "GlobalAuroraConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "GlobalAuroraDefaultBehavior":{ + "type":"string", + "enum":[ + "switchoverOnly", + "failover" + ] + }, + "GlobalAuroraUngraceful":{ + "type":"structure", + "members":{ + "ungraceful":{ + "shape":"GlobalAuroraUngracefulBehavior", + "documentation":"

The settings for ungraceful execution.

" + } + }, + "documentation":"

Configuration for handling failures when performing operations on Aurora global databases.

" + }, + "GlobalAuroraUngracefulBehavior":{ + "type":"string", + "enum":["failover"] + }, + "GlobalClusterIdentifier":{"type":"string"}, + "IamRoleArn":{ + "type":"string", + "pattern":"arn:aws[a-zA-Z0-9-]*:iam::[0-9]{12}:role/.+" + }, + "IllegalArgumentException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request processing has an invalid argument.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "IllegalStateException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The operation failed because the current state of the resource doesn't allow the operation to proceed.

HTTP Status Code: 400

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request processing has failed because of an unknown error, exception, or failure.

HTTP Status Code: 500

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "KubernetesNamespace":{ + "type":"string", + "pattern":"[a-z0-9][a-z0-9-]{0,61}[a-z0-9]" + }, + "KubernetesResourceType":{ + "type":"structure", + "required":[ + "apiVersion", + "kind" + ], + "members":{ + "apiVersion":{ + "shape":"String", + "documentation":"

The API version type for the Kubernetes resource.

" + }, + "kind":{ + "shape":"String", + "documentation":"

The kind for the Kubernetes resource.

" + } + }, + "documentation":"

Defines the type of Kubernetes resource to scale in an Amazon EKS cluster.

" + }, + "KubernetesScalingApplication":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"RegionalScalingResource"} + }, + "KubernetesScalingApps":{ + "type":"list", + "member":{"shape":"KubernetesScalingApplication"}, + "min":1 + }, + "KubernetesScalingResource":{ + "type":"structure", + "required":[ + "namespace", + "name" + ], + "members":{ + "namespace":{ + "shape":"KubernetesNamespace", + "documentation":"

The namespace for the Kubernetes resource.

" + }, + "name":{ + "shape":"String", + "documentation":"

The name for the Kubernetes resource.

" + }, + "hpaName":{ + "shape":"String", + "documentation":"

The hpaname for the Kubernetes resource.

" + } + }, + "documentation":"

Defines a Kubernetes resource to scale in an Amazon EKS cluster.

" + }, + "LambdaArn":{"type":"string"}, + "LambdaList":{ + "type":"list", + "member":{"shape":"Lambdas"}, + "max":2, + "min":1 + }, + "LambdaUngraceful":{ + "type":"structure", + "members":{ + "behavior":{ + "shape":"LambdaUngracefulBehavior", + "documentation":"

The ungraceful behavior for a Lambda function, which must be set to skip.

" + } + }, + "documentation":"

Configuration for handling failures when invoking Lambda functions.

" + }, + "LambdaUngracefulBehavior":{ + "type":"string", + "enum":["skip"] + }, + "Lambdas":{ + "type":"structure", + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "arn":{ + "shape":"LambdaArn", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function.

" + } + }, + "documentation":"

Configuration for Amazon Web Services Lambda functions used in a Region switch plan.

" + }, + "ListExecutionEventsMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListExecutionsMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListPlanExecutionEventsRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "maxResults":{ + "shape":"ListExecutionEventsMaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + }, + "name":{ + "shape":"StepName", + "documentation":"

The name of the plan execution event.

" + } + } + }, + "ListPlanExecutionEventsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"ExecutionEventList", + "documentation":"

The items in the plan execution event.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListPlanExecutionsRequest":{ + "type":"structure", + "required":["planArn"], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The ARN for the plan.

" + }, + "maxResults":{ + "shape":"ListExecutionsMaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + }, + "state":{ + "shape":"ExecutionState", + "documentation":"

The state of the plan execution. For example, the plan execution might be In Progress.

" + } + } + }, + "ListPlanExecutionsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"AbbreviatedExecutionsList", + "documentation":"

The items in the plan execution to return.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListPlansInRegionRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListPlansInRegionResponse":{ + "type":"structure", + "members":{ + "plans":{ + "shape":"PlanList", + "documentation":"

The plans that were requested.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListPlansRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListPlansResponse":{ + "type":"structure", + "members":{ + "plans":{ + "shape":"PlanList", + "documentation":"

The plans that were requested.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListRoute53HealthChecksRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Route 53 health check request.

" + }, + "hostedZoneId":{ + "shape":"Route53HostedZoneId", + "documentation":"

The hosted zone ID for the health checks.

" + }, + "recordName":{ + "shape":"Route53RecordName", + "documentation":"

The record name for the health checks.

" + }, + "maxResults":{ + "shape":"ListRoute53HealthChecksRequestMaxResultsInteger", + "documentation":"

The number of objects that you want to return with this call.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListRoute53HealthChecksRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":10 + }, + "ListRoute53HealthChecksResponse":{ + "type":"structure", + "members":{ + "healthChecks":{ + "shape":"Route53HealthCheckList", + "documentation":"

List of the health checks requested.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource.

" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "resourceTags":{ + "shape":"Tags", + "documentation":"

The tags for a resource.

" + } + } + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "MinimalWorkflow":{ + "type":"structure", + "members":{ + "action":{ + "shape":"ExecutionAction", + "documentation":"

The action for a minimal workflow, which can be Activate or Deactivate.

" + }, + "name":{ + "shape":"String", + "documentation":"

The name for a minimal workflow

" + } + }, + "documentation":"

A simplified representation of a workflow in a Region switch plan.

" + }, + "NextToken":{ + "type":"string", + "max":2048, + "min":1 + }, + "ParallelExecutionBlockConfiguration":{ + "type":"structure", + "required":["steps"], + "members":{ + "steps":{ + "shape":"Steps", + "documentation":"

The steps for a parallel execution block.

" + } + }, + "documentation":"

Configuration for steps that should be executed in parallel during a Region switch.

" + }, + "Plan":{ + "type":"structure", + "required":[ + "arn", + "workflows", + "executionRole", + "name", + "regions", + "recoveryApproach", + "owner" + ], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description for a plan.

" + }, + "workflows":{ + "shape":"WorkflowList", + "documentation":"

The workflows for a plan.

" + }, + "executionRole":{ + "shape":"IamRoleArn", + "documentation":"

The execution role for a plan.

" + }, + "recoveryTimeObjectiveMinutes":{ + "shape":"PlanRecoveryTimeObjectiveMinutesInteger", + "documentation":"

The recovery time objective for a plan.

" + }, + "associatedAlarms":{ + "shape":"AssociatedAlarmMap", + "documentation":"

The associated application health alarms for a plan.

" + }, + "triggers":{ + "shape":"TriggerList", + "documentation":"

The triggers for a plan.

" + }, + "name":{ + "shape":"PlanName", + "documentation":"

The name for a plan.

" + }, + "regions":{ + "shape":"RegionList", + "documentation":"

The Amazon Web Services Regions for a plan.

" + }, + "recoveryApproach":{ + "shape":"RecoveryApproach", + "documentation":"

The recovery approach for a Region switch plan, which can be active/active (activeActive) or active/passive (activePassive).

" + }, + "primaryRegion":{ + "shape":"Region", + "documentation":"

The primary Region for a plan.

" + }, + "owner":{ + "shape":"AccountId", + "documentation":"

The owner of a plan.

" + }, + "version":{ + "shape":"String", + "documentation":"

The version for the plan.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the plan was last updated.

" + } + }, + "documentation":"

Represents a Region switch plan. A plan defines the steps required to shift traffic from one Amazon Web Services Region to another.

" + }, + "PlanArn":{ + "type":"string", + "pattern":"arn:aws[a-zA-Z-]*:arc-region-switch::[0-9]{12}:plan/([a-zA-Z0-9](?:[a-zA-Z0-9-]{0,30}[a-zA-Z0-9])?):([a-z0-9]{6})" + }, + "PlanList":{ + "type":"list", + "member":{"shape":"AbbreviatedPlan"} + }, + "PlanName":{ + "type":"string", + "max":32, + "min":1, + "pattern":"[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,30}[a-zA-Z0-9])?" + }, + "PlanRecoveryTimeObjectiveMinutesInteger":{ + "type":"integer", + "box":true, + "max":10080, + "min":1 + }, + "PlanWarnings":{ + "type":"list", + "member":{"shape":"ResourceWarning"} + }, + "RecoveryApproach":{ + "type":"string", + "enum":[ + "activeActive", + "activePassive" + ] + }, + "Region":{ + "type":"string", + "pattern":"[a-z]{2}-[a-z-]+-\\d+" + }, + "RegionAndRoutingControls":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"ArcRoutingControlStates"} + }, + "RegionList":{ + "type":"list", + "member":{"shape":"Region"}, + "max":2, + "min":2 + }, + "RegionSwitchPlanConfiguration":{ + "type":"structure", + "required":["arn"], + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan configuration.

" + } + }, + "documentation":"

Configuration for nested Region switch plans. This allows one Region switch plan to trigger another plan as part of its execution.

" + }, + "RegionToRunIn":{ + "type":"string", + "enum":[ + "activatingRegion", + "deactivatingRegion" + ] + }, + "RegionalScalingResource":{ + "type":"map", + "key":{"shape":"Region"}, + "value":{"shape":"KubernetesScalingResource"} + }, + "ResourceArn":{"type":"string"}, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The specified resource was not found.

HTTP Status Code: 404

", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ResourceWarning":{ + "type":"structure", + "required":[ + "version", + "warningStatus", + "warningUpdatedTime", + "warningMessage" + ], + "members":{ + "workflow":{ + "shape":"MinimalWorkflow", + "documentation":"

The workflow for the resource warning.

" + }, + "version":{ + "shape":"String", + "documentation":"

The version for the resource warning.

" + }, + "stepName":{ + "shape":"StepName", + "documentation":"

The name of the step for the resource warning.

" + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource.

" + }, + "warningStatus":{ + "shape":"ResourceWarningStatus", + "documentation":"

The status of the resource warning.

" + }, + "warningUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the warning was last updated.

" + }, + "warningMessage":{ + "shape":"String", + "documentation":"

The warning message about what needs to be corrected.

" + } + }, + "documentation":"

Represents a warning about a resource in a Region switch plan.

" + }, + "ResourceWarningStatus":{ + "type":"string", + "enum":[ + "active", + "resolved" + ] + }, + "Resources":{ + "type":"list", + "member":{"shape":"String"} + }, + "RoleArn":{"type":"string"}, + "Route53HealthCheck":{ + "type":"structure", + "required":[ + "hostedZoneId", + "recordName", + "region" + ], + "members":{ + "hostedZoneId":{ + "shape":"Route53HostedZoneId", + "documentation":"

The Amazon Route 53 health check hosted zone ID.

" + }, + "recordName":{ + "shape":"Route53RecordName", + "documentation":"

The Amazon Route 53 record name.

" + }, + "healthCheckId":{ + "shape":"Route53HealthCheckId", + "documentation":"

The Amazon Route 53 health check ID.

" + }, + "region":{ + "shape":"Region", + "documentation":"

The Amazon Route 53 Region.

" + } + }, + "documentation":"

The Amazon Route 53 health check.

" + }, + "Route53HealthCheckConfiguration":{ + "type":"structure", + "required":[ + "hostedZoneId", + "recordName" + ], + "members":{ + "timeoutMinutes":{ + "shape":"Route53HealthCheckConfigurationTimeoutMinutesInteger", + "documentation":"

The Amazon Route 53 health check configuration time out (in minutes).

" + }, + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for the configuration.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the configuration.

" + }, + "hostedZoneId":{ + "shape":"Route53HostedZoneId", + "documentation":"

The Amazon Route 53 health check configuration hosted zone ID.

" + }, + "recordName":{ + "shape":"Route53RecordName", + "documentation":"

The Amazon Route 53 health check configuration record name.

" + }, + "recordSets":{ + "shape":"Route53ResourceRecordSetList", + "documentation":"

The Amazon Route 53 health check configuration record sets.

" + } + }, + "documentation":"

The Amazon Route 53 health check configuration.

" + }, + "Route53HealthCheckConfigurationTimeoutMinutesInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "Route53HealthCheckId":{ + "type":"string", + "max":64, + "min":1 + }, + "Route53HealthCheckList":{ + "type":"list", + "member":{"shape":"Route53HealthCheck"} + }, + "Route53HostedZoneId":{ + "type":"string", + "max":32, + "min":1 + }, + "Route53RecordName":{ + "type":"string", + "max":1024, + "min":1 + }, + "Route53ResourceRecordSet":{ + "type":"structure", + "members":{ + "recordSetIdentifier":{ + "shape":"Route53ResourceRecordSetIdentifier", + "documentation":"

The Amazon Route 53 record set identifier.

" + }, + "region":{ + "shape":"Region", + "documentation":"

The Amazon Route 53 record set Region.

" + } + }, + "documentation":"

The Amazon Route 53 record set.

" + }, + "Route53ResourceRecordSetIdentifier":{ + "type":"string", + "max":1024, + "min":1 + }, + "Route53ResourceRecordSetList":{ + "type":"list", + "member":{"shape":"Route53ResourceRecordSet"} + }, + "RoutingControlArn":{"type":"string"}, + "RoutingControlStateChange":{ + "type":"string", + "enum":[ + "On", + "Off" + ] + }, + "Service":{ + "type":"structure", + "members":{ + "crossAccountRole":{ + "shape":"IamRoleArn", + "documentation":"

The cross account role for a service.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The external ID (secret key) for the service.

" + }, + "clusterArn":{ + "shape":"EcsClusterArn", + "documentation":"

The cluster Amazon Resource Name (ARN) for a service.

" + }, + "serviceArn":{ + "shape":"EcsServiceArn", + "documentation":"

The Amazon Resource Name (ARN) for a service.

" + } + }, + "documentation":"

The service for a cross account role.

" + }, + "ServiceList":{ + "type":"list", + "member":{"shape":"Service"}, + "max":2, + "min":2 + }, + "StartPlanExecutionRequest":{ + "type":"structure", + "required":[ + "planArn", + "targetRegion", + "action" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan to execute.

" + }, + "targetRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region to target with this execution. This is the Region that traffic will be shifted to or from, depending on the action.

" + }, + "action":{ + "shape":"ExecutionAction", + "documentation":"

The action to perform. Valid values are ACTIVATE (to shift traffic to the target Region) or DEACTIVATE (to shift traffic away from the target Region).

" + }, + "mode":{ + "shape":"ExecutionMode", + "documentation":"

The plan execution mode. Valid values are Practice, for testing without making actual changes, or Recovery, for actual traffic shifting and application recovery.

" + }, + "comment":{ + "shape":"ExecutionComment", + "documentation":"

An optional comment explaining why the plan execution is being started.

" + }, + "latestVersion":{ + "shape":"String", + "documentation":"

A boolean value indicating whether to use the latest version of the plan. If set to false, you must specify a specific version.

" + } + } + }, + "StartPlanExecutionResponse":{ + "type":"structure", + "members":{ + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "plan":{ + "shape":"PlanArn", + "documentation":"

The details of the Region switch plan.

" + }, + "planVersion":{ + "shape":"String", + "documentation":"

The version of the plan, a unique number generated by Region switch.

" + }, + "activateRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region to activate.

" + }, + "deactivateRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region to deactivate.

" + } + } + }, + "Step":{ + "type":"structure", + "required":[ + "name", + "executionBlockConfiguration", + "executionBlockType" + ], + "members":{ + "name":{ + "shape":"StepName", + "documentation":"

The name of a step in a workflow.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description of a step in a workflow.

" + }, + "executionBlockConfiguration":{ + "shape":"ExecutionBlockConfiguration", + "documentation":"

The configuration for an execution block in a workflow.

" + }, + "executionBlockType":{ + "shape":"ExecutionBlockType", + "documentation":"

The type of an execution block in a workflow.

" + } + }, + "documentation":"

Represents a step in a Region switch plan workflow. Each step performs a specific action during the Region switch process.

" + }, + "StepName":{"type":"string"}, + "StepState":{ + "type":"structure", + "members":{ + "name":{ + "shape":"StepName", + "documentation":"

The name of a step in a workflow.

" + }, + "status":{ + "shape":"StepStatus", + "documentation":"

The status of a step in a workflow. For example, a status might be Completed or Pending Approval.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when a step started execution.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when a step endeded execution.

" + }, + "stepMode":{ + "shape":"ExecutionMode", + "documentation":"

The mode for a step execution. The mode can be Graceful or Ungraceful.

" + } + }, + "documentation":"

Represents the state of a step in a plan execution.

" + }, + "StepStates":{ + "type":"list", + "member":{"shape":"StepState"} + }, + "StepStatus":{ + "type":"string", + "enum":[ + "notStarted", + "running", + "failed", + "completed", + "canceled", + "skipped", + "pendingApproval" + ] + }, + "Steps":{ + "type":"list", + "member":{"shape":"Step"} + }, + "String":{"type":"string"}, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "arn", + "tags" + ], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) for a tag that you add to a resource.

" + }, + "tags":{ + "shape":"Tags", + "documentation":"

Tags that you add to a resource. You can add a maximum of 50 tags in Region switch.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":0 + }, + "Timestamp":{"type":"timestamp"}, + "Trigger":{ + "type":"structure", + "required":[ + "targetRegion", + "action", + "conditions", + "minDelayMinutesBetweenExecutions" + ], + "members":{ + "description":{ + "shape":"String", + "documentation":"

The description for a trigger.

" + }, + "targetRegion":{ + "shape":"Region", + "documentation":"

The Amazon Web Services Region for a trigger.

" + }, + "action":{ + "shape":"WorkflowTargetAction", + "documentation":"

The action to perform when the trigger fires. Valid values include ACTIVATE and DEACTIVATE.

" + }, + "conditions":{ + "shape":"TriggerConditionList", + "documentation":"

The conditions that must be met for the trigger to fire.

" + }, + "minDelayMinutesBetweenExecutions":{ + "shape":"Integer", + "documentation":"

The minimum time, in minutes, that must elapse between automatic executions of the plan.

" + } + }, + "documentation":"

Defines a condition that can automatically trigger the execution of a Region switch plan.

" + }, + "TriggerCondition":{ + "type":"structure", + "required":[ + "associatedAlarmName", + "condition" + ], + "members":{ + "associatedAlarmName":{ + "shape":"String", + "documentation":"

The name of the CloudWatch alarm associated with the condition.

" + }, + "condition":{ + "shape":"AlarmCondition", + "documentation":"

The condition that must be met. Valid values include ALARM and OK.

" + } + }, + "documentation":"

Defines a condition that must be met for a trigger to fire.

" + }, + "TriggerConditionList":{ + "type":"list", + "member":{"shape":"TriggerCondition"}, + "max":10, + "min":1 + }, + "TriggerList":{ + "type":"list", + "member":{"shape":"Trigger"} + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "arn", + "resourceTagKeys" + ], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) for a tag you remove a resource from.

" + }, + "resourceTagKeys":{ + "shape":"TagKeys", + "documentation":"

Tag keys that you remove from a resource.

" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdatePlanExecutionAction":{ + "type":"string", + "enum":[ + "switchToGraceful", + "switchToUngraceful", + "pause", + "resume" + ] + }, + "UpdatePlanExecutionRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId", + "action" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan with the execution to update.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The execution identifier of a plan execution.

" + }, + "action":{ + "shape":"UpdatePlanExecutionAction", + "documentation":"

The action specified for a plan execution, for example, Switch to Graceful or Pause.

" + }, + "comment":{ + "shape":"ExecutionComment", + "documentation":"

An optional comment about the plan execution.

" + } + } + }, + "UpdatePlanExecutionResponse":{ + "type":"structure", + "members":{} + }, + "UpdatePlanExecutionStepAction":{ + "type":"string", + "enum":[ + "switchToUngraceful", + "skip" + ] + }, + "UpdatePlanExecutionStepRequest":{ + "type":"structure", + "required":[ + "planArn", + "executionId", + "comment", + "stepName", + "actionToTake" + ], + "members":{ + "planArn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan containing the execution step to update.

" + }, + "executionId":{ + "shape":"ExecutionId", + "documentation":"

The unique identifier of the plan execution containing the step to update.

" + }, + "comment":{ + "shape":"ExecutionComment", + "documentation":"

An optional comment about the plan execution.

" + }, + "stepName":{ + "shape":"String", + "documentation":"

The name of the execution step to update.

" + }, + "actionToTake":{ + "shape":"UpdatePlanExecutionStepAction", + "documentation":"

The updated action to take for the step. This can be used to skip or retry a step.

" + } + } + }, + "UpdatePlanExecutionStepResponse":{ + "type":"structure", + "members":{} + }, + "UpdatePlanRequest":{ + "type":"structure", + "required":[ + "arn", + "workflows", + "executionRole" + ], + "members":{ + "arn":{ + "shape":"PlanArn", + "documentation":"

The Amazon Resource Name (ARN) of the plan.

" + }, + "description":{ + "shape":"String", + "documentation":"

The updated description for the Region switch plan.

" + }, + "workflows":{ + "shape":"WorkflowList", + "documentation":"

The updated workflows for the Region switch plan.

" + }, + "executionRole":{ + "shape":"IamRoleArn", + "documentation":"

The updated IAM role ARN that grants Region switch the permissions needed to execute the plan steps.

" + }, + "recoveryTimeObjectiveMinutes":{ + "shape":"UpdatePlanRequestRecoveryTimeObjectiveMinutesInteger", + "documentation":"

The updated target recovery time objective (RTO) in minutes for the plan.

" + }, + "associatedAlarms":{ + "shape":"AssociatedAlarmMap", + "documentation":"

The updated CloudWatch alarms associated with the plan.

" + }, + "triggers":{ + "shape":"TriggerList", + "documentation":"

The updated conditions that can automatically trigger the execution of the plan.

" + } + } + }, + "UpdatePlanRequestRecoveryTimeObjectiveMinutesInteger":{ + "type":"integer", + "box":true, + "max":10080, + "min":1 + }, + "UpdatePlanResponse":{ + "type":"structure", + "members":{ + "plan":{ + "shape":"Plan", + "documentation":"

The details of the updated Region switch plan.

" + } + } + }, + "Workflow":{ + "type":"structure", + "required":["workflowTargetAction"], + "members":{ + "steps":{ + "shape":"Steps", + "documentation":"

The steps that make up the workflow.

" + }, + "workflowTargetAction":{ + "shape":"WorkflowTargetAction", + "documentation":"

The action that the workflow performs. Valid values include ACTIVATE and DEACTIVATE.

" + }, + "workflowTargetRegion":{ + "shape":"Region", + "documentation":"

The Amazon Web Services Region that the workflow targets.

" + }, + "workflowDescription":{ + "shape":"String", + "documentation":"

The description of the workflow.

" + } + }, + "documentation":"

Represents a workflow in a Region switch plan. A workflow defines a sequence of steps to execute during a Region switch.

" + }, + "WorkflowList":{ + "type":"list", + "member":{"shape":"Workflow"} + }, + "WorkflowTargetAction":{ + "type":"string", + "enum":[ + "activate", + "deactivate" + ] + } + }, + "documentation":"

Amazon Application Recovery Controller (ARC) Region switch helps you to quickly and reliably shift traffic away from an impaired Amazon Web Services Region to a healthy Region. With Region switch, you can create plans that define the steps to shift traffic for your application from one Amazon Web Services Region to another. You can test your plans in practice mode before using them in a real recovery scenario.

Region switch provides a structured approach to multi-Region failover, helping you to meet your recovery time objectives (RTOs) and maintain business continuity during regional disruptions.

For more information, see Region switch in ARC in the Amazon Application Recovery Controller User Guide.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/waiters-2.json 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/waiters-2.json --- 2.23.6-1/awscli/botocore/data/arc-region-switch/2022-07-26/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-region-switch/2022-07-26/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,57 @@ +{ + "version" : 2, + "waiters" : { + "PlanEvaluationStatusPassed" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetPlanEvaluationStatus", + "acceptors" : [ { + "matcher" : "path", + "argument" : "evaluationState", + "state" : "success", + "expected" : "passed" + }, { + "matcher" : "path", + "argument" : "evaluationState", + "state" : "failure", + "expected" : "actionRequired" + }, { + "matcher" : "path", + "argument" : "evaluationState", + "state" : "retry", + "expected" : "pendingEvaluation" + } ] + }, + "PlanExecutionCompleted" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetPlanExecution", + "acceptors" : [ { + "matcher" : "path", + "argument" : "executionState", + "state" : "success", + "expected" : "completed" + }, { + "matcher" : "path", + "argument" : "executionState", + "state" : "success", + "expected" : "completedWithExceptions" + }, { + "matcher" : "path", + "argument" : "executionState", + "state" : "failure", + "expected" : "failed" + }, { + "matcher" : "path", + "argument" : "executionState", + "state" : "failure", + "expected" : "canceled" + }, { + "matcher" : "path", + "argument" : "executionState", + "state" : "failure", + "expected" : "planExecutionTimedOut" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/service-2.json 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/service-2.json --- 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,18 +2,37 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-10-30", + "auth":["aws.auth#sigv4"], "endpointPrefix":"arc-zonal-shift", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS ARC - Zonal Shift", "serviceId":"ARC Zonal Shift", "signatureVersion":"v4", "signingName":"arc-zonal-shift", - "uid":"arc-zonal-shift-2022-10-30", - "auth":["aws.auth#sigv4"] + "uid":"arc-zonal-shift-2022-10-30" }, "operations":{ + "CancelPracticeRun":{ + "name":"CancelPracticeRun", + "http":{ + "method":"DELETE", + "requestUri":"/practiceruns/{zonalShiftId}", + "responseCode":200 + }, + "input":{"shape":"CancelPracticeRunRequest"}, + "output":{"shape":"CancelPracticeRunResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Cancel an in-progress practice run zonal shift in Amazon Application Recovery Controller.

", + "idempotent":true + }, "CancelZonalShift":{ "name":"CancelZonalShift", "http":{ @@ -28,10 +47,10 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Cancel a zonal shift in Amazon Route 53 Application Recovery Controller. To cancel the zonal shift, specify the zonal shift ID.

A zonal shift can be one that you've started for a resource in your Amazon Web Services account in an Amazon Web Services Region, or it can be a zonal shift started by a practice run with zonal autoshift.

" + "documentation":"

Cancel a zonal shift in Amazon Application Recovery Controller. To cancel the zonal shift, specify the zonal shift ID.

A zonal shift can be one that you've started for a resource in your Amazon Web Services account in an Amazon Web Services Region, or it can be a zonal shift started by a practice run with zonal autoshift.

" }, "CreatePracticeRunConfiguration":{ "name":"CreatePracticeRunConfiguration", @@ -47,10 +66,10 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

A practice run configuration for zonal autoshift is required when you enable zonal autoshift. A practice run configuration includes specifications for blocked dates and blocked time windows, and for Amazon CloudWatch alarms that you create to use with practice runs. The alarms that you specify are an outcome alarm, to monitor application health during practice runs and, optionally, a blocking alarm, to block practice runs from starting.

When a resource has a practice run configuration, Route 53 ARC starts zonal shifts for the resource weekly, to shift traffic for practice runs. Practice runs help you to ensure that shifting away traffic from an Availability Zone during an autoshift is safe for your application.

For more information, see Considerations when you configure zonal autoshift in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

A practice run configuration for zonal autoshift is required when you enable zonal autoshift. A practice run configuration includes specifications for blocked dates and blocked time windows, and for Amazon CloudWatch alarms that you create to use with practice runs. The alarms that you specify are an outcome alarm, to monitor application health during practice runs and, optionally, a blocking alarm, to block practice runs from starting.

When a resource has a practice run configuration, ARC starts zonal shifts for the resource weekly, to shift traffic for practice runs. Practice runs help you to ensure that shifting away traffic from an Availability Zone during an autoshift is safe for your application.

For more information, see Considerations when you configure zonal autoshift in the Amazon Application Recovery Controller Developer Guide.

" }, "DeletePracticeRunConfiguration":{ "name":"DeletePracticeRunConfiguration", @@ -66,8 +85,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Deletes the practice run configuration for a resource. Before you can delete a practice run configuration for a resource., you must disable zonal autoshift for the resource. Practice runs must be configured for zonal autoshift to be enabled.

", "idempotent":true @@ -86,7 +105,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the status of autoshift observer notification. Autoshift observer notification enables you to be notified, through Amazon EventBridge, when there is an autoshift event for zonal autoshift.

If the status is ENABLED, Route 53 ARC includes all autoshift events when you use the EventBridge pattern Autoshift In Progress. When the status is DISABLED, Route 53 ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

For more information, see Notifications for practice runs and autoshifts in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

Returns the status of the autoshift observer notification. Autoshift observer notifications notify you through Amazon EventBridge when there is an autoshift event for zonal autoshift. The status can be ENABLED or DISABLED. When ENABLED, a notification is sent when an autoshift is triggered. When DISABLED, notifications are not sent.

" }, "GetManagedResource":{ "name":"GetManagedResource", @@ -101,10 +120,10 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Get information about a resource that's been registered for zonal shifts with Amazon Route 53 Application Recovery Controller in this Amazon Web Services Region. Resources that are registered for zonal shifts are managed resources in Route 53 ARC. You can start zonal shifts and configure zonal autoshift for managed resources.

At this time, you can only start a zonal shift or configure zonal autoshift for Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "documentation":"

Get information about a resource that's been registered for zonal shifts with Amazon Application Recovery Controller in this Amazon Web Services Region. Resources that are registered for zonal shifts are managed resources in ARC. You can start zonal shifts and configure zonal autoshift for managed resources.

" }, "ListAutoshifts":{ "name":"ListAutoshifts", @@ -118,10 +137,10 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Returns a list of autoshifts for an Amazon Web Services Region. By default, the call returns only ACTIVE autoshifts. Optionally, you can specify the status parameter to return COMPLETED autoshifts.

" + "documentation":"

Returns the autoshifts for an Amazon Web Services Region. By default, the call returns only ACTIVE autoshifts. Optionally, you can specify the status parameter to return COMPLETED autoshifts.

" }, "ListManagedResources":{ "name":"ListManagedResources", @@ -135,10 +154,10 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Lists all the resources in your Amazon Web Services account in this Amazon Web Services Region that are managed for zonal shifts in Amazon Route 53 Application Recovery Controller, and information about them. The information includes the zonal autoshift status for the resource, as well as the Amazon Resource Name (ARN), the Availability Zones that each resource is deployed in, and the resource name.

" + "documentation":"

Lists all the resources in your Amazon Web Services account in this Amazon Web Services Region that are managed for zonal shifts in Amazon Application Recovery Controller, and information about them. The information includes the zonal autoshift status for the resource, as well as the Amazon Resource Name (ARN), the Availability Zones that each resource is deployed in, and the resource name.

" }, "ListZonalShifts":{ "name":"ListZonalShifts", @@ -152,10 +171,29 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Lists all active and completed zonal shifts in Amazon Application Recovery Controller in your Amazon Web Services account in this Amazon Web Services Region. ListZonalShifts returns customer-initiated zonal shifts, as well as practice run zonal shifts that ARC started on your behalf for zonal autoshift.

For more information about listing autoshifts, see \">ListAutoshifts.

" + }, + "StartPracticeRun":{ + "name":"StartPracticeRun", + "http":{ + "method":"POST", + "requestUri":"/practiceruns", + "responseCode":200 + }, + "input":{"shape":"StartPracticeRunRequest"}, + "output":{"shape":"StartPracticeRunResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Lists all active and completed zonal shifts in Amazon Route 53 Application Recovery Controller in your Amazon Web Services account in this Amazon Web Services Region. ListZonalShifts returns customer-initiated zonal shifts, as well as practice run zonal shifts that Route 53 ARC started on your behalf for zonal autoshift.

The ListZonalShifts operation does not list autoshifts. For more information about listing autoshifts, see \">ListAutoshifts.

" + "documentation":"

Start an on-demand practice run zonal shift in Amazon Application Recovery Controller. With zonal autoshift enabled, you can start an on-demand practice run to verify preparedness at any time. Amazon Web Services also runs automated practice runs about weekly when you have enabled zonal autoshift.

For more information, see Considerations when you configure zonal autoshift in the Amazon Application Recovery Controller Developer Guide.

" }, "StartZonalShift":{ "name":"StartZonalShift", @@ -171,10 +209,10 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

You start a zonal shift to temporarily move load balancer traffic away from an Availability Zone in an Amazon Web Services Region, to help your application recover immediately, for example, from a developer's bad code deployment or from an Amazon Web Services infrastructure failure in a single Availability Zone. You can start a zonal shift in Route 53 ARC only for managed resources in your Amazon Web Services account in an Amazon Web Services Region. Resources are automatically registered with Route 53 ARC by Amazon Web Services services.

At this time, you can only start a zonal shift for Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

When you start a zonal shift, traffic for the resource is no longer routed to the Availability Zone. The zonal shift is created immediately in Route 53 ARC. However, it can take a short time, typically up to a few minutes, for existing, in-progress connections in the Availability Zone to complete.

For more information, see Zonal shift in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

You start a zonal shift to temporarily move load balancer traffic away from an Availability Zone in an Amazon Web Services Region, to help your application recover immediately, for example, from a developer's bad code deployment or from an Amazon Web Services infrastructure failure in a single Availability Zone. You can start a zonal shift in ARC only for managed resources in your Amazon Web Services account in an Amazon Web Services Region. Resources are automatically registered with ARC by Amazon Web Services services.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

When you start a zonal shift, traffic for the resource is no longer routed to the Availability Zone. The zonal shift is created immediately in ARC. However, it can take a short time, typically up to a few minutes, for existing, in-progress connections in the Availability Zone to complete.

For more information, see Zonal shift in the Amazon Application Recovery Controller Developer Guide.

" }, "UpdateAutoshiftObserverNotificationStatus":{ "name":"UpdateAutoshiftObserverNotificationStatus", @@ -188,10 +226,10 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Update the status of autoshift observer notification. Autoshift observer notification enables you to be notified, through Amazon EventBridge, when there is an autoshift event for zonal autoshift.

If the status is ENABLED, Route 53 ARC includes all autoshift events when you use the EventBridge pattern Autoshift In Progress. When the status is DISABLED, Route 53 ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

For more information, see Notifications for practice runs and autoshifts in the Amazon Route 53 Application Recovery Controller Developer Guide.

", + "documentation":"

Update the status of autoshift observer notification. Autoshift observer notification enables you to be notified, through Amazon EventBridge, when there is an autoshift event for zonal autoshift.

If the status is ENABLED, ARC includes all autoshift events when you use the EventBridge pattern Autoshift In Progress. When the status is DISABLED, ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

For more information, see Notifications for practice runs and autoshifts in the Amazon Application Recovery Controller Developer Guide.

", "idempotent":true }, "UpdatePracticeRunConfiguration":{ @@ -208,8 +246,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Update a practice run configuration to change one or more of the following: add, change, or remove the blocking alarm; change the outcome alarm; or add, change, or remove blocking dates or time windows.

" }, @@ -227,10 +265,10 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

The zonal autoshift configuration for a resource includes the practice run configuration and the status for running autoshifts, zonal autoshift status. When a resource has a practice run configuation, Route 53 ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.

You can update the zonal autoshift autoshift status to enable or disable zonal autoshift. When zonal autoshift is ENABLED, you authorize Amazon Web Services to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. Traffic is also shifted away for the required weekly practice runs.

", + "documentation":"

The zonal autoshift configuration for a resource includes the practice run configuration and the status for running autoshifts, zonal autoshift status. When a resource has a practice run configuration, ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.

You can update the zonal autoshift status to enable or disable zonal autoshift. When zonal autoshift is ENABLED, you authorize Amazon Web Services to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. Traffic is also shifted away for the required weekly practice runs.

", "idempotent":true }, "UpdateZonalShift":{ @@ -247,10 +285,10 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], - "documentation":"

Update an active zonal shift in Amazon Route 53 Application Recovery Controller in your Amazon Web Services account. You can update a zonal shift to set a new expiration, or edit or replace the comment for the zonal shift.

" + "documentation":"

Update an active zonal shift in Amazon Application Recovery Controller in your Amazon Web Services account. You can update a zonal shift to set a new expiration, or edit or replace the comment for the zonal shift.

" } }, "shapes":{ @@ -266,6 +304,18 @@ }, "exception":true }, + "AllowedWindow":{ + "type":"string", + "max":19, + "min":19, + "pattern":"(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}-(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}" + }, + "AllowedWindows":{ + "type":"list", + "member":{"shape":"AllowedWindow"}, + "max":15, + "min":0 + }, "AppliedStatus":{ "type":"string", "enum":[ @@ -302,7 +352,7 @@ "members":{ "appliedStatus":{ "shape":"AutoshiftAppliedStatus", - "documentation":"

The appliedStatus field specifies which application traffic shift is in effect for a resource when there is more than one active traffic shift. There can be more than one application traffic shift in progress at the same time - that is, practice run zonal shifts, customer-initiated zonal shifts, or an autoshift. The appliedStatus field for a shift that is in progress for a resource can have one of two values: APPLIED or NOT_APPLIED. The zonal shift or autoshift that is currently in effect for the resource has an appliedStatus set to APPLIED.

The overall principle for precedence is that zonal shifts that you start as a customer take precedence autoshifts, which take precedence over practice runs. That is, customer-initiated zonal shifts > autoshifts > practice run zonal shifts.

For more information, see How zonal autoshift and practice runs work in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

The appliedStatus field specifies which application traffic shift is in effect for a resource when there is more than one active traffic shift. There can be more than one application traffic shift in progress at the same time - that is, practice run zonal shifts, customer-initiated zonal shifts, or an autoshift. The appliedStatus field for a shift that is in progress for a resource can have one of two values: APPLIED or NOT_APPLIED. The zonal shift or autoshift that is currently in effect for the resource has an appliedStatus set to APPLIED.

The overall principle for precedence is that zonal shifts that you start as a customer take precedence autoshifts, which take precedence over practice runs. That is, customer-initiated zonal shifts > autoshifts > practice run zonal shifts.

For more information, see How zonal autoshift and practice runs work in the Amazon Application Recovery Controller Developer Guide.

" }, "awayFrom":{ "shape":"AvailabilityZone", @@ -313,7 +363,7 @@ "documentation":"

The time (UTC) when the autoshift started.

" } }, - "documentation":"

A complex structure that lists an autoshift that is currently active for a managed resource and information about the autoshift.

For more information, see How zonal autoshift and practice runs work in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

A complex structure that lists an autoshift that is currently active for a managed resource and information about the autoshift.

For more information, see How zonal autoshift and practice runs work in the Amazon Application Recovery Controller Developer Guide.

" }, "AutoshiftObserverNotificationStatus":{ "type":"string", @@ -330,7 +380,6 @@ "type":"structure", "required":[ "awayFrom", - "endTime", "startTime", "status" ], @@ -352,7 +401,7 @@ "documentation":"

The status for an autoshift.

" } }, - "documentation":"

Information about an autoshift. Amazon Web Services starts an autoshift to temporarily move traffic for a resource away from an Availability Zone in an Amazon Web Services Region when Amazon Web Services determines that there's an issue in the Availability Zone that could potentially affect customers. You can configure zonal autoshift in Route 53 ARC for managed resources in your Amazon Web Services account in a Region. Supported Amazon Web Services resources are automatically registered with Route 53 ARC.

Autoshifts are temporary. When the Availability Zone recovers, Amazon Web Services ends the autoshift, and traffic for the resource is no longer directed to the other Availability Zones in the Region.

You can stop an autoshift for a resource by disabling zonal autoshift.

" + "documentation":"

Information about an autoshift. Amazon Web Services starts an autoshift to temporarily move traffic for a resource away from an Availability Zone in an Amazon Web Services Region when Amazon Web Services determines that there's an issue in the Availability Zone that could potentially affect customers. You can configure zonal autoshift in ARC for managed resources in your Amazon Web Services account in a Region. Supported Amazon Web Services resources are automatically registered with ARC.

Autoshifts are temporary. When the Availability Zone recovers, Amazon Web Services ends the autoshift, and traffic for the resource is no longer directed to the other Availability Zones in the Region.

You can stop an autoshift for a resource by disabling zonal autoshift.

" }, "AutoshiftsInResource":{ "type":"list", @@ -371,7 +420,7 @@ "type":"string", "max":10, "min":10, - "pattern":"^[0-9]{4}-[0-9]{2}-[0-9]{2}$" + "pattern":"[0-9]{4}-[0-9]{2}-[0-9]{2}" }, "BlockedDates":{ "type":"list", @@ -383,7 +432,7 @@ "type":"string", "max":19, "min":19, - "pattern":"^(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}-(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}$" + "pattern":"(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}-(Mon|Tue|Wed|Thu|Fri|Sat|Sun):[0-9]{2}:[0-9]{2}" }, "BlockedWindows":{ "type":"list", @@ -391,6 +440,66 @@ "max":15, "min":0 }, + "BlockingAlarms":{ + "type":"list", + "member":{"shape":"ControlCondition"}, + "max":10, + "min":0 + }, + "CancelPracticeRunRequest":{ + "type":"structure", + "required":["zonalShiftId"], + "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a practice run zonal shift in Amazon Application Recovery Controller that you want to cancel.

", + "location":"uri", + "locationName":"zonalShiftId" + } + } + }, + "CancelPracticeRunResponse":{ + "type":"structure", + "required":[ + "zonalShiftId", + "resourceIdentifier", + "awayFrom", + "expiryTime", + "startTime", + "status", + "comment" + ], + "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of the practice run zonal shift in Amazon Application Recovery Controller that was canceled.

" + }, + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that you canceled a practice run zonal shift for. The identifier is the Amazon Resource Name (ARN) for the resource.

" + }, + "awayFrom":{ + "shape":"AvailabilityZone", + "documentation":"

The Availability Zone (for example, use1-az1) that traffic was moved away from for a resource that you specified for the practice run.

" + }, + "expiryTime":{ + "shape":"ExpiryTime", + "documentation":"

The expiry time (expiration time) for an on-demand practice run zonal shift is 30 minutes from the time when you start the practice run, unless you cancel it before that time. However, be aware that the expiryTime field for practice run zonal shifts always has a value of 1 minute.

" + }, + "startTime":{ + "shape":"StartTime", + "documentation":"

The time (UTC) when the zonal shift starts.

" + }, + "status":{ + "shape":"ZonalShiftStatus", + "documentation":"

A status for the practice run that you canceled (expected status is CANCELED).

The Status for a practice run zonal shift can have one of the following values:

" + }, + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

The initial comment that you entered about the practice run. Be aware that this comment can be overwritten by Amazon Web Services if the automatic check for balanced capacity fails. For more information, see Capacity checks for practice runs in the Amazon Application Recovery Controller Developer Guide.

" + } + } + }, "CancelZonalShiftRequest":{ "type":"structure", "required":["zonalShiftId"], @@ -435,63 +544,67 @@ "SimultaneousZonalShiftsConflict", "PracticeConfigurationAlreadyExists", "AutoShiftEnabled", - "PracticeConfigurationDoesNotExist" + "PracticeConfigurationDoesNotExist", + "ZonalAutoshiftActive", + "PracticeOutcomeAlarmsRed", + "PracticeBlockingAlarmsRed", + "PracticeInBlockedDates", + "PracticeInBlockedWindows", + "PracticeOutsideAllowedWindows" ] }, "ControlCondition":{ "type":"structure", "required":[ - "alarmIdentifier", - "type" + "type", + "alarmIdentifier" ], "members":{ - "alarmIdentifier":{ - "shape":"ResourceArn", - "documentation":"

The Amazon Resource Name (ARN) for an Amazon CloudWatch alarm that you specify as a control condition for a practice run.

" - }, "type":{ "shape":"ControlConditionType", "documentation":"

The type of alarm specified for a practice run. You can only specify Amazon CloudWatch alarms for practice runs, so the only valid value is CLOUDWATCH.

" + }, + "alarmIdentifier":{ + "shape":"MetricIdentifier", + "documentation":"

The Amazon Resource Name (ARN) for an Amazon CloudWatch alarm that you specify as a control condition for a practice run.

" } }, - "documentation":"

A control condition is an alarm that you specify for a practice run. When you configure practice runs with zonal autoshift for a resource, you specify Amazon CloudWatch alarms, which you create in CloudWatch to use with the practice run. The alarms that you specify are an outcome alarm, to monitor application health during practice runs and, optionally, a blocking alarm, to block practice runs from starting or to interrupt a practice run in progress.

Control condition alarms do not apply for autoshifts.

For more information, see Considerations when you configure zonal autoshift in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

A control condition is an alarm that you specify for a practice run. When you configure practice runs with zonal autoshift for a resource, you specify Amazon CloudWatch alarms, which you create in CloudWatch to use with the practice run. The alarms that you specify are an outcome alarm, to monitor application health during practice runs and, optionally, a blocking alarm, to block practice runs from starting or to interrupt a practice run in progress.

Control condition alarms do not apply for autoshifts.

For more information, see Considerations when you configure zonal autoshift in the Amazon Application Recovery Controller Developer Guide.

" }, "ControlConditionType":{ "type":"string", "enum":["CLOUDWATCH"] }, - "ControlConditions":{ - "type":"list", - "member":{"shape":"ControlCondition"}, - "max":1, - "min":1 - }, "CreatePracticeRunConfigurationRequest":{ "type":"structure", "required":[ - "outcomeAlarms", - "resourceIdentifier" + "resourceIdentifier", + "outcomeAlarms" ], "members":{ - "blockedDates":{ - "shape":"BlockedDates", - "documentation":"

Optionally, you can block Route 53 ARC from starting practice runs for a resource on specific calendar dates.

The format for blocked dates is: YYYY-MM-DD. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Separate multiple blocked dates with spaces.

For example, if you have an application update scheduled to launch on May 1, 2024, and you don't want practice runs to shift traffic away at that time, you could set a blocked date for 2024-05-01.

" + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier of the resource that Amazon Web Services shifts traffic for with a practice run zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

" }, "blockedWindows":{ "shape":"BlockedWindows", - "documentation":"

Optionally, you can block Route 53 ARC from starting practice runs for specific windows of days and times.

The format for blocked windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple blocked windows with spaces.

For example, say you run business report summaries three days a week. For this scenario, you might set the following recurring days and times as blocked windows, for example: MON-20:30-21:30 WED-20:30-21:30 FRI-20:30-21:30.

" + "documentation":"

Optionally, you can block ARC from starting practice runs for specific windows of days and times.

The format for blocked windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple blocked windows with spaces.

For example, say you run business report summaries three days a week. For this scenario, you could set the following recurring days and times as blocked windows, for example: Mon:00:00-Mon:10:00 Wed-20:30-Wed:21:30 Fri-20:30-Fri:21:30.

The blockedWindows have to start and end on the same day. Windows that span multiple days aren't supported.

" + }, + "blockedDates":{ + "shape":"BlockedDates", + "documentation":"

Optionally, you can block ARC from starting practice runs for a resource on specific calendar dates.

The format for blocked dates is: YYYY-MM-DD. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Separate multiple blocked dates with spaces.

For example, if you have an application update scheduled to launch on May 1, 2024, and you don't want practice runs to shift traffic away at that time, you could set a blocked date for 2024-05-01.

" }, "blockingAlarms":{ - "shape":"ControlConditions", - "documentation":"

An Amazon CloudWatch alarm that you can specify for zonal autoshift practice runs. This alarm blocks Route 53 ARC from starting practice run zonal shifts, and ends a practice run that's in progress, when the alarm is in an ALARM state.

" + "shape":"BlockingAlarms", + "documentation":"

Blocking alarms for practice runs are optional alarms that you can specify that block practice runs when one or more of the alarms is in an ALARM state.

" }, - "outcomeAlarms":{ - "shape":"ControlConditions", - "documentation":"

The outcome alarm for practice runs is a required Amazon CloudWatch alarm that you specify that ends a practice run when the alarm is in an ALARM state.

Configure the alarm to monitor the health of your application when traffic is shifted away from an Availability Zone during each weekly practice run. You should configure the alarm to go into an ALARM state if your application is impacted by the zonal shift, and you want to stop the zonal shift, to let traffic for the resource return to the Availability Zone.

" + "allowedWindows":{ + "shape":"AllowedWindows", + "documentation":"

Optionally, you can allow ARC to start practice runs for specific windows of days and times.

The format for allowed windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple allowed windows with spaces.

For example, say you want to allow practice runs only on Wednesdays and Fridays from noon to 5 p.m. For this scenario, you could set the following recurring days and times as allowed windows, for example: Wed-12:00-Wed:17:00 Fri-12:00-Fri:17:00.

The allowedWindows have to start and end on the same day. Windows that span multiple days aren't supported.

" }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier of the resource that Amazon Web Services shifts traffic for with a practice run zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, supported resources are Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "outcomeAlarms":{ + "shape":"OutcomeAlarms", + "documentation":"

Outcome alarms for practice runs are alarms that you specify that end a practice run when one or more of the alarms is in an ALARM state.

Configure one or more of these alarms to monitor the health of your application when traffic is shifted away from an Availability Zone during each practice run. You should configure these alarms to go into an ALARM state if you want to stop a zonal shift, to let traffic for the resource return to the original Availability Zone.

" } } }, @@ -500,8 +613,8 @@ "required":[ "arn", "name", - "practiceRunConfiguration", - "zonalAutoshiftStatus" + "zonalAutoshiftStatus", + "practiceRunConfiguration" ], "members":{ "arn":{ @@ -512,13 +625,13 @@ "shape":"ResourceName", "documentation":"

The name of the resource that you configured the practice run for.

" }, - "practiceRunConfiguration":{ - "shape":"PracticeRunConfiguration", - "documentation":"

A practice run configuration for a resource. Configurations include the outcome alarm that you specify for practice runs, and, optionally, a blocking alarm and blocking dates and windows.

" - }, "zonalAutoshiftStatus":{ "shape":"ZonalAutoshiftStatus", "documentation":"

The status for zonal autoshift for a resource. When you specify ENABLED for the autoshift status, Amazon Web Services shifts traffic away from shifts away application resource traffic from an Availability Zone, on your behalf, when internal telemetry indicates that there is an Availability Zone impairment that could potentially impact customers.

When you enable zonal autoshift, you must also configure practice runs for the resource.

" + }, + "practiceRunConfiguration":{ + "shape":"PracticeRunConfiguration", + "documentation":"

A practice run configuration for a resource. Configurations include the outcome alarm that you specify for practice runs, and, optionally, a blocking alarm and blocking dates and windows.

" } } }, @@ -560,13 +673,12 @@ "type":"string", "max":5, "min":2, - "pattern":"^([1-9][0-9]*)(m|h)$" + "pattern":"([1-9][0-9]*)(m|h)" }, "ExpiryTime":{"type":"timestamp"}, "GetAutoshiftObserverNotificationStatusRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAutoshiftObserverNotificationStatusResponse":{ "type":"structure", @@ -574,7 +686,7 @@ "members":{ "status":{ "shape":"AutoshiftObserverNotificationStatus", - "documentation":"

The status of autoshift observer notification. If the status is ENABLED, Route 53 ARC includes all autoshift events when you use the Amazon EventBridge pattern Autoshift In Progress. When the status is DISABLED, Route 53 ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

" + "documentation":"

The status of autoshift observer notification. If the status is ENABLED, ARC includes all autoshift events when you use the Amazon EventBridge pattern Autoshift In Progress. When the status is DISABLED, ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

" } } }, @@ -584,7 +696,7 @@ "members":{ "resourceIdentifier":{ "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, supported resources are Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

", + "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

", "location":"uri", "locationName":"resourceIdentifier" } @@ -597,22 +709,26 @@ "zonalShifts" ], "members":{ + "arn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) for the resource.

" + }, + "name":{ + "shape":"ResourceName", + "documentation":"

The name of the resource.

" + }, "appliedWeights":{ "shape":"AppliedWeights", "documentation":"

A collection of key-value pairs that indicate whether resources are active in Availability Zones or not. The key name is the Availability Zone where the resource is deployed. The value is 1 or 0.

" }, - "arn":{ - "shape":"ResourceArn", - "documentation":"

The Amazon Resource Name (ARN) for the resource.

" + "zonalShifts":{ + "shape":"ZonalShiftsInResource", + "documentation":"

The zonal shifts that are currently active for a resource.

" }, "autoshifts":{ "shape":"AutoshiftsInResource", "documentation":"

An array of the autoshifts that are active for the resource.

" }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the resource.

" - }, "practiceRunConfiguration":{ "shape":"PracticeRunConfiguration", "documentation":"

The practice run configuration for zonal autoshift that's associated with the resource.

" @@ -620,10 +736,6 @@ "zonalAutoshiftStatus":{ "shape":"ZonalAutoshiftStatus", "documentation":"

The status for zonal autoshift for a resource. When the autoshift status is ENABLED, Amazon Web Services shifts traffic for a resource away from an Availability Zone, on your behalf, when Amazon Web Services determines that there's an issue in the Availability Zone that could potentially affect customers.

" - }, - "zonalShifts":{ - "shape":"ZonalShiftsInResource", - "documentation":"

The zonal shifts that are currently active for a resource.

" } } }, @@ -640,15 +752,9 @@ "ListAutoshiftsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The number of objects that you want to return with this call.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

", "location":"querystring", "locationName":"nextToken" }, @@ -657,6 +763,12 @@ "documentation":"

The status of the autoshift.

", "location":"querystring", "locationName":"status" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The number of objects that you want to return with this call.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -669,24 +781,24 @@ }, "nextToken":{ "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

" + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" } } }, "ListManagedResourcesRequest":{ "type":"structure", "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

The number of objects that you want to return with this call.

", "location":"querystring", "locationName":"maxResults" - }, - "nextToken":{ - "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

", - "location":"querystring", - "locationName":"nextToken" } } }, @@ -700,36 +812,36 @@ }, "nextToken":{ "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

" + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" } } }, "ListZonalShiftsRequest":{ "type":"structure", "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "status":{ + "shape":"ZonalShiftStatus", + "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and is active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

", + "location":"querystring", + "locationName":"status" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

The number of objects that you want to return with this call.

", "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

", - "location":"querystring", - "locationName":"nextToken" - }, "resourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

The identifier for the resource that you want to list zonal shifts for. The identifier is the Amazon Resource Name (ARN) for the resource.

", "location":"querystring", "locationName":"resourceIdentifier" - }, - "status":{ - "shape":"ZonalShiftStatus", - "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

", - "location":"querystring", - "locationName":"status" } } }, @@ -742,7 +854,7 @@ }, "nextToken":{ "shape":"String", - "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

" + "documentation":"

Specifies that you want to receive the next page of results. Valid only if you received a nextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's nextToken response to request the next page of results.

" } } }, @@ -754,40 +866,40 @@ "type":"structure", "required":["availabilityZones"], "members":{ - "appliedWeights":{ - "shape":"AppliedWeights", - "documentation":"

A collection of key-value pairs that indicate whether resources are active in Availability Zones or not. The key name is the Availability Zone where the resource is deployed. The value is 1 or 0.

" - }, "arn":{ "shape":"ResourceArn", "documentation":"

The Amazon Resource Name (ARN) for the managed resource.

" }, - "autoshifts":{ - "shape":"AutoshiftsInResource", - "documentation":"

An array of the autoshifts that have been completed for a resource.

" + "name":{ + "shape":"ResourceName", + "documentation":"

The name of the managed resource.

" }, "availabilityZones":{ "shape":"AvailabilityZones", "documentation":"

The Availability Zones that a resource is deployed in.

" }, - "name":{ - "shape":"ResourceName", - "documentation":"

The name of the managed resource.

" + "appliedWeights":{ + "shape":"AppliedWeights", + "documentation":"

A collection of key-value pairs that indicate whether resources are active in Availability Zones or not. The key name is the Availability Zone where the resource is deployed. The value is 1 or 0.

" }, - "practiceRunStatus":{ - "shape":"ZonalAutoshiftStatus", - "documentation":"

This status tracks whether a practice run configuration exists for a resource. When you configure a practice run for a resource so that a practice run configuration exists, Route 53 ARC sets this value to ENABLED. If a you have not configured a practice run for the resource, or delete a practice run configuration, Route 53 ARC sets the value to DISABLED.

Route 53 ARC updates this status; you can't set a practice run status to ENABLED or DISABLED.

" + "zonalShifts":{ + "shape":"ZonalShiftsInResource", + "documentation":"

An array of the zonal shifts for a resource.

" + }, + "autoshifts":{ + "shape":"AutoshiftsInResource", + "documentation":"

An array of the autoshifts that have been completed for a resource.

" }, "zonalAutoshiftStatus":{ "shape":"ZonalAutoshiftStatus", "documentation":"

The status of autoshift for a resource. When you configure zonal autoshift for a resource, you can set the value of the status to ENABLED or DISABLED.

" }, - "zonalShifts":{ - "shape":"ZonalShiftsInResource", - "documentation":"

An array of the zonal shifts for a resource.

" + "practiceRunStatus":{ + "shape":"ZonalAutoshiftStatus", + "documentation":"

This status tracks whether a practice run configuration exists for a resource. When you configure a practice run for a resource so that a practice run configuration exists, ARC sets this value to ENABLED. If a you have not configured a practice run for the resource, or delete a practice run configuration, ARC sets the value to DISABLED.

ARC updates this status; you can't set a practice run status to ENABLED or DISABLED.

" } }, - "documentation":"

A complex structure for a managed resource in an Amazon Web Services account with information about zonal shifts and autoshifts.

A managed resource is a load balancer that has been registered with Route 53 ARC by Elastic Load Balancing. You can start a zonal shift in Route 53 ARC for a managed resource to temporarily move traffic for the resource away from an Availability Zone in an Amazon Web Services Region. You can also configure zonal autoshift for a managed resource.

At this time, managed resources are Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "documentation":"

A complex structure for a managed resource in an Amazon Web Services account with information about zonal shifts and autoshifts.

You can start a zonal shift in ARC for a managed resource to temporarily move traffic for the resource away from an Availability Zone in an Amazon Web Services Region. You can also configure zonal autoshift for a managed resource.

At this time, managed resources are Amazon EC2 Auto Scaling groups, Amazon Elastic Kubernetes Service, Network Load Balancers, and Application Load Balancer.

" }, "MaxResults":{ "type":"integer", @@ -795,28 +907,44 @@ "max":100, "min":1 }, + "MetricIdentifier":{ + "type":"string", + "max":1024, + "min":8, + "pattern":".*" + }, + "OutcomeAlarms":{ + "type":"list", + "member":{"shape":"ControlCondition"}, + "max":10, + "min":1 + }, "PracticeRunConfiguration":{ "type":"structure", "required":["outcomeAlarms"], "members":{ - "blockedDates":{ - "shape":"BlockedDates", - "documentation":"

An array of one or more dates that you can specify when Amazon Web Services does not start practice runs for a resource.

Specify blocked dates, in UTC, in the format YYYY-MM-DD, separated by spaces.

" + "blockingAlarms":{ + "shape":"BlockingAlarms", + "documentation":"

Blocking alarms for practice runs are optional alarms that you can specify that block practice runs when one or more of the alarms is in an ALARM state.

" + }, + "outcomeAlarms":{ + "shape":"OutcomeAlarms", + "documentation":"

Outcome alarms for practice runs are alarms that you specify that end a practice run when one or more of the alarms is in an ALARM state.

" }, "blockedWindows":{ "shape":"BlockedWindows", - "documentation":"

An array of one or more windows of days and times that you can block Route 53 ARC from starting practice runs for a resource.

Specify the blocked windows in UTC, using the format DAY:HH:MM-DAY:HH:MM, separated by spaces. For example, MON:18:30-MON:19:30 TUE:18:30-TUE:19:30.

" + "documentation":"

An array of one or more windows of days and times that you can block ARC from starting practice runs for a resource.

Specify the blocked windows in UTC, using the format DAY:HH:MM-DAY:HH:MM, separated by spaces. For example, MON:18:30-MON:19:30 TUE:18:30-TUE:19:30.

The blockedWindows have to start and end on the same day. Windows that span multiple days aren't supported.

" }, - "blockingAlarms":{ - "shape":"ControlConditions", - "documentation":"

The blocking alarm for practice runs is an optional alarm that you can specify that blocks practice runs when the alarm is in an ALARM state.

" + "allowedWindows":{ + "shape":"AllowedWindows", + "documentation":"

An array of one or more windows of days and times that you can allow ARC to start practice runs for a resource.

For example, say you want to allow practice runs only on Wednesdays and Fridays from noon to 5 p.m. For this scenario, you could set the following recurring days and times as allowed windows, for example: Wed-12:00-Wed:17:00 Fri-12:00-Fri:17:00.

The allowedWindows have to start and end on the same day. Windows that span multiple days aren't supported.

" }, - "outcomeAlarms":{ - "shape":"ControlConditions", - "documentation":"

The outcome alarm for practice runs is an alarm that you specify that ends a practice run when the alarm is in an ALARM state.

" + "blockedDates":{ + "shape":"BlockedDates", + "documentation":"

An array of one or more dates that you can specify when Amazon Web Services does not start practice runs for a resource.

Specify blocked dates, in UTC, in the format YYYY-MM-DD, separated by spaces.

" } }, - "documentation":"

A practice run configuration for a resource includes the Amazon CloudWatch alarms that you've specified for a practice run, as well as any blocked dates or blocked windows for the practice run. When a resource has a practice run configuration, Route 53 ARC shifts traffic for the resource weekly for practice runs.

Practice runs are required for zonal autoshift. The zonal shifts that Route 53 ARC starts for practice runs help you to ensure that shifting away traffic from an Availability Zone during an autoshift is safe for your application.

You can update or delete a practice run configuration. Before you delete a practice run configuration, you must disable zonal autoshift for the resource. A practice run configuration is required when zonal autoshift is enabled.

" + "documentation":"

A practice run configuration for a resource includes the Amazon CloudWatch alarms that you've specified for a practice run, as well as any blocked dates or blocked windows for the practice run. When a resource has a practice run configuration, ARC shifts traffic for the resource weekly for practice runs.

Practice runs are required for zonal autoshift. The zonal shifts that ARC starts for practice runs help you to ensure that shifting away traffic from an Availability Zone during an autoshift is safe for your application.

You can update or delete a practice run configuration. Before you delete a practice run configuration, you must disable zonal autoshift for the resource. A practice run configuration is required when zonal autoshift is enabled.

" }, "PracticeRunOutcome":{ "type":"string", @@ -824,14 +952,15 @@ "FAILED", "INTERRUPTED", "PENDING", - "SUCCEEDED" + "SUCCEEDED", + "CAPACITY_CHECK_FAILED" ] }, "ResourceArn":{ "type":"string", "max":1024, "min":8, - "pattern":"^arn:.*$" + "pattern":"arn:.*" }, "ResourceIdentifier":{ "type":"string", @@ -856,31 +985,104 @@ }, "exception":true }, + "ShiftType":{ + "type":"string", + "enum":[ + "ZONAL_SHIFT", + "PRACTICE_RUN", + "FIS_EXPERIMENT", + "ZONAL_AUTOSHIFT" + ] + }, + "StartPracticeRunRequest":{ + "type":"structure", + "required":[ + "resourceIdentifier", + "awayFrom", + "comment" + ], + "members":{ + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that you want to start a practice run zonal shift for. The identifier is the Amazon Resource Name (ARN) for the resource.

" + }, + "awayFrom":{ + "shape":"AvailabilityZone", + "documentation":"

The Availability Zone (for example, use1-az1) that traffic is shifted away from for the resource that you specify for the practice run.

" + }, + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

The initial comment that you enter about the practice run. Be aware that this comment can be overwritten by Amazon Web Services if the automatic check for balanced capacity fails. For more information, see Capacity checks for practice runs in the Amazon Application Recovery Controller Developer Guide.

" + } + } + }, + "StartPracticeRunResponse":{ + "type":"structure", + "required":[ + "zonalShiftId", + "resourceIdentifier", + "awayFrom", + "expiryTime", + "startTime", + "status", + "comment" + ], + "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a practice run zonal shift.

" + }, + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that you want to shift traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

" + }, + "awayFrom":{ + "shape":"AvailabilityZone", + "documentation":"

The Availability Zone (for example, use1-az1) that traffic is shifted away from for the resource that you specify for the practice run.

" + }, + "expiryTime":{ + "shape":"ExpiryTime", + "documentation":"

The expiry time (expiration time) for an on-demand practice run zonal shift is 30 minutes from the time when you start the practice run, unless you cancel it before that time. However, be aware that the expiryTime field for practice run zonal shifts always has a value of 1 minute.

" + }, + "startTime":{ + "shape":"StartTime", + "documentation":"

The time (UTC) when the zonal shift starts.

" + }, + "status":{ + "shape":"ZonalShiftStatus", + "documentation":"

A status for the practice run (expected status is ACTIVE).

" + }, + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

The initial comment that you enter about the practice run. Be aware that this comment can be overwritten by Amazon Web Services if the automatic check for balanced capacity fails. For more information, see Capacity checks for practice runs in the Amazon Application Recovery Controller Developer Guide.

" + } + } + }, "StartTime":{"type":"timestamp"}, "StartZonalShiftRequest":{ "type":"structure", "required":[ + "resourceIdentifier", "awayFrom", - "comment", "expiresIn", - "resourceIdentifier" + "comment" ], "members":{ + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

" + }, "awayFrom":{ "shape":"AvailabilityZone", "documentation":"

The Availability Zone (for example, use1-az1) that traffic is moved away from for a resource when you start a zonal shift. Until the zonal shift expires or you cancel it, traffic for the resource is instead moved to other Availability Zones in the Amazon Web Services Region.

" }, - "comment":{ - "shape":"ZonalShiftComment", - "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. A new comment overwrites any existing comment string.

" - }, "expiresIn":{ "shape":"ExpiresIn", - "documentation":"

The length of time that you want a zonal shift to be active, which Route 53 ARC converts to an expiry time (expiration time). Zonal shifts are temporary. You can set a zonal shift to be active initially for up to three days (72 hours).

If you want to still keep traffic away from an Availability Zone, you can update the zonal shift and set a new expiration. You can also cancel a zonal shift, before it expires, for example, if you're ready to restore traffic to the Availability Zone.

To set a length of time for a zonal shift to be active, specify a whole number, and then one of the following, with no space:

  • A lowercase letter m: To specify that the value is in minutes.

  • A lowercase letter h: To specify that the value is in hours.

For example: 20h means the zonal shift expires in 20 hours. 120m means the zonal shift expires in 120 minutes (2 hours).

" + "documentation":"

The length of time that you want a zonal shift to be active, which ARC converts to an expiry time (expiration time). Zonal shifts are temporary. You can set a zonal shift to be active initially for up to three days (72 hours).

If you want to still keep traffic away from an Availability Zone, you can update the zonal shift and set a new expiration. You can also cancel a zonal shift, before it expires, for example, if you're ready to restore traffic to the Availability Zone.

To set a length of time for a zonal shift to be active, specify a whole number, and then one of the following, with no space:

  • A lowercase letter m: To specify that the value is in minutes.

  • A lowercase letter h: To specify that the value is in hours.

For example: 20h means the zonal shift expires in 20 hours. 120m means the zonal shift expires in 120 minutes (2 hours).

" }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, supported resources are Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. A new comment overwrites any existing comment string.

" } } }, @@ -903,7 +1105,7 @@ "members":{ "status":{ "shape":"AutoshiftObserverNotificationStatus", - "documentation":"

The status to set for autoshift observer notification. If the status is ENABLED, Route 53 ARC includes all autoshift events when you use the Amazon EventBridge pattern Autoshift In Progress. When the status is DISABLED, Route 53 ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

" + "documentation":"

The status to set for autoshift observer notification. If the status is ENABLED, ARC includes all autoshift events when you use the Amazon EventBridge pattern Autoshift In Progress. When the status is DISABLED, ARC includes only autoshift events for autoshifts when one or more of your resources is included in the autoshift.

" } } }, @@ -921,27 +1123,31 @@ "type":"structure", "required":["resourceIdentifier"], "members":{ - "blockedDates":{ - "shape":"BlockedDates", - "documentation":"

Add, change, or remove blocked dates for a practice run in zonal autoshift.

Optionally, you can block practice runs for specific calendar dates. The format for blocked dates is: YYYY-MM-DD. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Separate multiple blocked dates with spaces.

For example, if you have an application update scheduled to launch on May 1, 2024, and you don't want practice runs to shift traffic away at that time, you could set a blocked date for 2024-05-01.

" + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that you want to update the practice run configuration for. The identifier is the Amazon Resource Name (ARN) for the resource.

", + "location":"uri", + "locationName":"resourceIdentifier" }, "blockedWindows":{ "shape":"BlockedWindows", - "documentation":"

Add, change, or remove windows of days and times for when you can, optionally, block Route 53 ARC from starting a practice run for a resource.

The format for blocked windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple blocked windows with spaces.

For example, say you run business report summaries three days a week. For this scenario, you might set the following recurring days and times as blocked windows, for example: MON-20:30-21:30 WED-20:30-21:30 FRI-20:30-21:30.

" + "documentation":"

Add, change, or remove windows of days and times for when you can, optionally, block ARC from starting a practice run for a resource.

The format for blocked windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple blocked windows with spaces.

For example, say you run business report summaries three days a week. For this scenario, you might set the following recurring days and times as blocked windows, for example: MON-20:30-21:30 WED-20:30-21:30 FRI-20:30-21:30.

" + }, + "blockedDates":{ + "shape":"BlockedDates", + "documentation":"

Add, change, or remove blocked dates for a practice run in zonal autoshift.

Optionally, you can block practice runs for specific calendar dates. The format for blocked dates is: YYYY-MM-DD. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Separate multiple blocked dates with spaces.

For example, if you have an application update scheduled to launch on May 1, 2024, and you don't want practice runs to shift traffic away at that time, you could set a blocked date for 2024-05-01.

" }, "blockingAlarms":{ - "shape":"ControlConditions", - "documentation":"

Add, change, or remove the Amazon CloudWatch alarm that you optionally specify as the blocking alarm for practice runs.

" + "shape":"BlockingAlarms", + "documentation":"

Add, change, or remove the Amazon CloudWatch alarms that you optionally specify as the blocking alarms for practice runs.

" }, - "outcomeAlarms":{ - "shape":"ControlConditions", - "documentation":"

Specify a new the Amazon CloudWatch alarm as the outcome alarm for practice runs.

" + "allowedWindows":{ + "shape":"AllowedWindows", + "documentation":"

Add, change, or remove windows of days and times for when you can, optionally, allow ARC to start a practice run for a resource.

The format for allowed windows is: DAY:HH:SS-DAY:HH:SS. Keep in mind, when you specify dates, that dates and times for practice runs are in UTC. Also, be aware of potential time adjustments that might be required for daylight saving time differences. Separate multiple allowed windows with spaces.

For example, say you want to allow practice runs only on Wednesdays and Fridays from noon to 5 p.m. For this scenario, you could set the following recurring days and times as allowed windows, for example: Wed-12:00-Wed:17:00 Fri-12:00-Fri:17:00.

The allowedWindows have to start and end on the same day. Windows that span multiple days aren't supported.

" }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource that you want to update the practice run configuration for. The identifier is the Amazon Resource Name (ARN) for the resource.

", - "location":"uri", - "locationName":"resourceIdentifier" + "outcomeAlarms":{ + "shape":"OutcomeAlarms", + "documentation":"

Specify one or more Amazon CloudWatch alarms as the outcome alarms for practice runs.

" } } }, @@ -950,8 +1156,8 @@ "required":[ "arn", "name", - "practiceRunConfiguration", - "zonalAutoshiftStatus" + "zonalAutoshiftStatus", + "practiceRunConfiguration" ], "members":{ "arn":{ @@ -962,13 +1168,13 @@ "shape":"ResourceName", "documentation":"

The name of the resource that you updated the practice run for.

" }, - "practiceRunConfiguration":{ - "shape":"PracticeRunConfiguration", - "documentation":"

The practice run configuration that was updated.

" - }, "zonalAutoshiftStatus":{ "shape":"ZonalAutoshiftStatus", "documentation":"

The zonal autoshift status for the resource that you updated the practice run for.

" + }, + "practiceRunConfiguration":{ + "shape":"PracticeRunConfiguration", + "documentation":"

The practice run configuration that was updated.

" } } }, @@ -1012,19 +1218,19 @@ "type":"structure", "required":["zonalShiftId"], "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a zonal shift.

", + "location":"uri", + "locationName":"zonalShiftId" + }, "comment":{ "shape":"ZonalShiftComment", "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. A new comment overwrites any existing comment string.

" }, "expiresIn":{ "shape":"ExpiresIn", - "documentation":"

The length of time that you want a zonal shift to be active, which Route 53 ARC converts to an expiry time (expiration time). Zonal shifts are temporary. You can set a zonal shift to be active initially for up to three days (72 hours).

If you want to still keep traffic away from an Availability Zone, you can update the zonal shift and set a new expiration. You can also cancel a zonal shift, before it expires, for example, if you're ready to restore traffic to the Availability Zone.

To set a length of time for a zonal shift to be active, specify a whole number, and then one of the following, with no space:

  • A lowercase letter m: To specify that the value is in minutes.

  • A lowercase letter h: To specify that the value is in hours.

For example: 20h means the zonal shift expires in 20 hours. 120m means the zonal shift expires in 120 minutes (2 hours).

" - }, - "zonalShiftId":{ - "shape":"ZonalShiftId", - "documentation":"

The identifier of a zonal shift.

", - "location":"uri", - "locationName":"zonalShiftId" + "documentation":"

The length of time that you want a zonal shift to be active, which ARC converts to an expiry time (expiration time). Zonal shifts are temporary. You can set a zonal shift to be active initially for up to three days (72 hours).

If you want to still keep traffic away from an Availability Zone, you can update the zonal shift and set a new expiration. You can also cancel a zonal shift, before it expires, for example, if you're ready to restore traffic to the Availability Zone.

To set a length of time for a zonal shift to be active, specify a whole number, and then one of the following, with no space:

  • A lowercase letter m: To specify that the value is in minutes.

  • A lowercase letter h: To specify that the value is in hours.

For example: 20h means the zonal shift expires in 20 hours. 120m means the zonal shift expires in 120 minutes (2 hours).

" } } }, @@ -1060,7 +1266,12 @@ "UnsupportedAz", "InvalidAlarmCondition", "InvalidConditionType", - "InvalidPracticeBlocker" + "InvalidPracticeBlocker", + "FISExperimentUpdateNotAllowed", + "AutoshiftUpdateNotAllowed", + "UnsupportedPracticeCancelShiftType", + "InvalidPracticeAllowedWindow", + "InvalidPracticeWindows" ] }, "Weight":{ @@ -1079,30 +1290,30 @@ "ZonalShift":{ "type":"structure", "required":[ + "zonalShiftId", + "resourceIdentifier", "awayFrom", - "comment", "expiryTime", - "resourceIdentifier", "startTime", "status", - "zonalShiftId" + "comment" ], "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a zonal shift.

" + }, + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

" + }, "awayFrom":{ "shape":"AvailabilityZone", "documentation":"

The Availability Zone (for example, use1-az1) that traffic is moved away from for a resource when you start a zonal shift. Until the zonal shift expires or you cancel it, traffic for the resource is instead moved to other Availability Zones in the Amazon Web Services Region.

" }, - "comment":{ - "shape":"ZonalShiftComment", - "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. A new comment overwrites any existing comment string.

" - }, "expiryTime":{ "shape":"ExpiryTime", - "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which Route 53 ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" - }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource that Amazon Web Services shifts traffic for. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, supported resources are Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" }, "startTime":{ "shape":"StartTime", @@ -1110,11 +1321,11 @@ }, "status":{ "shape":"ZonalShiftStatus", - "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

" + "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and is active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

" }, - "zonalShiftId":{ - "shape":"ZonalShiftId", - "documentation":"

The identifier of a zonal shift.

" + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. A new comment overwrites any existing comment string.

" } } }, @@ -1127,51 +1338,55 @@ "type":"string", "max":36, "min":6, - "pattern":"^[A-Za-z0-9-]+$" + "pattern":"[A-Za-z0-9-]+" }, "ZonalShiftInResource":{ "type":"structure", "required":[ "appliedStatus", + "zonalShiftId", + "resourceIdentifier", "awayFrom", - "comment", "expiryTime", - "resourceIdentifier", "startTime", - "zonalShiftId" + "comment" ], "members":{ "appliedStatus":{ "shape":"AppliedStatus", - "documentation":"

The appliedStatus field specifies which application traffic shift is in effect for a resource when there is more than one active traffic shift. There can be more than one application traffic shift in progress at the same time - that is, practice run zonal shifts, customer-initiated zonal shifts, or an autoshift. The appliedStatus field for a shift that is in progress for a resource can have one of two values: APPLIED or NOT_APPLIED. The zonal shift or autoshift that is currently in effect for the resource has an appliedStatus set to APPLIED.

The overall principle for precedence is that zonal shifts that you start as a customer take precedence autoshifts, which take precedence over practice runs. That is, customer-initiated zonal shifts > autoshifts > practice run zonal shifts.

For more information, see How zonal autoshift and practice runs work in the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

The appliedStatus field specifies which application traffic shift is in effect for a resource when there is more than one active traffic shift. There can be more than one application traffic shift in progress at the same time - that is, practice run zonal shifts, customer-initiated zonal shifts, or an autoshift. The appliedStatus field for a shift that is in progress for a resource can have one of two values: APPLIED or NOT_APPLIED. The zonal shift or autoshift that is currently in effect for the resource has an appliedStatus set to APPLIED.

The overall principle for precedence is that zonal shifts that you start as a customer take precedence autoshifts, which take precedence over practice runs. That is, customer-initiated zonal shifts > autoshifts > practice run zonal shifts.

For more information, see How zonal autoshift and practice runs work in the Amazon Application Recovery Controller Developer Guide.

" + }, + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a zonal shift.

" + }, + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource to include in a zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

" }, "awayFrom":{ "shape":"AvailabilityZone", "documentation":"

The Availability Zone (for example, use1-az1) that traffic is moved away from for a resource when you start a zonal shift. Until the zonal shift expires or you cancel it, traffic for the resource is instead moved to other Availability Zones in the Amazon Web Services Region.

" }, - "comment":{ - "shape":"ZonalShiftComment", - "documentation":"

A comment that you enter for a customer-initiated zonal shift. Only the latest comment is retained; no comment history is maintained. That is, a new comment overwrites any existing comment string.

" - }, "expiryTime":{ "shape":"ExpiryTime", - "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which Route 53 ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" - }, - "practiceRunOutcome":{ - "shape":"PracticeRunOutcome", - "documentation":"

The outcome, or end state, returned for a practice run. The following values can be returned:

  • PENDING: Outcome value when a practice run is in progress.

  • SUCCEEDED: Outcome value when the outcome alarm specified for the practice run configuration does not go into an ALARM state during the practice run, and the practice run was not interrupted before it completed the expected 30 minute zonal shift.

  • INTERRUPTED: Outcome value when the practice run was stopped before the expected 30 minute zonal shift duration, or there was another problem with the practice run that created an inconclusive outcome.

  • FAILED: Outcome value when the outcome alarm specified for the practice run configuration goes into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

For more information about practice run outcomes, see Considerations when you configure zonal autoshift in the Amazon Route 53 Application Recovery Controller Developer Guide.

" - }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource to include in a zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, you can only start a zonal shift for Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" }, "startTime":{ "shape":"StartTime", "documentation":"

The time (UTC) when the zonal shift starts.

" }, - "zonalShiftId":{ - "shape":"ZonalShiftId", - "documentation":"

The identifier of a zonal shift.

" + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

A comment that you enter for a customer-initiated zonal shift. Only the latest comment is retained; no comment history is maintained. That is, a new comment overwrites any existing comment string.

" + }, + "shiftType":{ + "shape":"ShiftType", + "documentation":"

Defines the zonal shift type.

" + }, + "practiceRunOutcome":{ + "shape":"PracticeRunOutcome", + "documentation":"

The outcome, or end state, returned for a practice run. The following values can be returned:

  • PENDING: Outcome value when a practice run is in progress.

  • SUCCEEDED: Outcome value when the outcome alarm specified for the practice run configuration does not go into an ALARM state during the practice run, and the practice run was not interrupted before it completed the expected 30 minute zonal shift.

  • INTERRUPTED: Outcome value when the practice run was stopped before the expected 30 minute zonal shift duration, or there was another problem with the practice run that created an inconclusive outcome.

  • FAILED: Outcome value when the outcome alarm specified for the practice run configuration goes into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

  • CAPACITY_CHECK_FAILED: The check for balanced capacity across Availability Zones for your load balancing and Auto Scaling group resources failed.

For more information about practice run outcomes, see Considerations when you configure zonal autoshift in the Amazon Application Recovery Controller Developer Guide.

" } }, "documentation":"

A complex structure that lists the zonal shifts for a managed resource and their statuses for the resource.

" @@ -1191,34 +1406,30 @@ "ZonalShiftSummary":{ "type":"structure", "required":[ + "zonalShiftId", + "resourceIdentifier", "awayFrom", - "comment", "expiryTime", - "resourceIdentifier", "startTime", "status", - "zonalShiftId" + "comment" ], "members":{ + "zonalShiftId":{ + "shape":"ZonalShiftId", + "documentation":"

The identifier of a zonal shift.

" + }, + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

The identifier for the resource to include in a zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

Amazon Application Recovery Controller currently supports enabling the following resources for zonal shift and zonal autoshift:

" + }, "awayFrom":{ "shape":"AvailabilityZone", "documentation":"

The Availability Zone (for example, use1-az1) that traffic is moved away from for a resource when you start a zonal shift. Until the zonal shift expires or you cancel it, traffic for the resource is instead moved to other Availability Zones in the Amazon Web Services Region.

" }, - "comment":{ - "shape":"ZonalShiftComment", - "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. That is, a new comment overwrites any existing comment string.

" - }, "expiryTime":{ "shape":"ExpiryTime", - "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which Route 53 ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" - }, - "practiceRunOutcome":{ - "shape":"PracticeRunOutcome", - "documentation":"

The outcome, or end state, of a practice run. The following values can be returned:

  • PENDING: Outcome value when the practice run is in progress.

  • SUCCEEDED: Outcome value when the outcome alarm specified for the practice run configuration does not go into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

  • INTERRUPTED: Outcome value when the practice run did not run for the expected 30 minutes or there was another problem with the practice run that created an inconclusive outcome.

  • FAILED: Outcome value when the outcome alarm specified for the practice run configuration goes into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

For more information about practice run outcomes, see Considerations when you configure zonal autoshift in the Amazon Route 53 Application Recovery Controller Developer Guide.

" - }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

The identifier for the resource to include in a zonal shift. The identifier is the Amazon Resource Name (ARN) for the resource.

At this time, you can only start a zonal shift for Network Load Balancers and Application Load Balancers with cross-zone load balancing turned off.

" + "documentation":"

The expiry time (expiration time) for a customer-initiated zonal shift. A zonal shift is temporary and must be set to expire when you start the zonal shift. You can initially set a zonal shift to expire in a maximum of three days (72 hours). However, you can update a zonal shift to set a new expiration at any time.

When you start a zonal shift, you specify how long you want it to be active, which ARC converts to an expiry time (expiration time). You can cancel a zonal shift when you're ready to restore traffic to the Availability Zone, or just wait for it to expire. Or you can update the zonal shift to specify another length of time to expire in.

" }, "startTime":{ "shape":"StartTime", @@ -1226,19 +1437,27 @@ }, "status":{ "shape":"ZonalShiftStatus", - "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

" + "documentation":"

A status for a zonal shift.

The Status for a zonal shift can have one of the following values:

  • ACTIVE: The zonal shift has been started and is active.

  • EXPIRED: The zonal shift has expired (the expiry time was exceeded).

  • CANCELED: The zonal shift was canceled.

" }, - "zonalShiftId":{ - "shape":"ZonalShiftId", - "documentation":"

The identifier of a zonal shift.

" + "comment":{ + "shape":"ZonalShiftComment", + "documentation":"

A comment that you enter about the zonal shift. Only the latest comment is retained; no comment history is maintained. That is, a new comment overwrites any existing comment string.

" + }, + "shiftType":{ + "shape":"ShiftType", + "documentation":"

Defines the zonal shift type.

" + }, + "practiceRunOutcome":{ + "shape":"PracticeRunOutcome", + "documentation":"

The outcome, or end state, of a practice run. The following values can be returned:

  • PENDING: Outcome value when the practice run is in progress.

  • SUCCEEDED: Outcome value when the outcome alarm specified for the practice run configuration does not go into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

  • INTERRUPTED: Outcome value when the practice run did not run for the expected 30 minutes or there was another problem with the practice run that created an inconclusive outcome.

  • FAILED: Outcome value when the outcome alarm specified for the practice run configuration goes into an ALARM state during the practice run, and the practice run was not interrupted before it completed.

  • CAPACITY_CHECK_FAILED: The check for balanced capacity across Availability Zones for your load balancing and Auto Scaling group resources failed.

For more information about practice run outcomes, see Considerations when you configure zonal autoshift in the Amazon Application Recovery Controller Developer Guide.

" } }, - "documentation":"

Lists information about zonal shifts in Amazon Route 53 Application Recovery Controller, including zonal shifts that you start yourself and zonal shifts that Route 53 ARC starts on your behalf for practice runs with zonal autoshift.

Zonal shifts are temporary, including customer-initiated zonal shifts and the zonal autoshift practice run zonal shifts that Route 53 ARC starts weekly, on your behalf. A zonal shift that a customer starts can be active for up to three days (72 hours). A practice run zonal shift has a 30 minute duration.

" + "documentation":"

Lists information about zonal shifts in Amazon Application Recovery Controller, including zonal shifts that you start yourself and zonal shifts that ARC starts on your behalf for practice runs with zonal autoshift.

Zonal shifts are temporary, including customer-initiated zonal shifts and the zonal autoshift practice run zonal shifts that ARC starts weekly, on your behalf. A zonal shift that a customer starts can be active for up to three days (72 hours). A practice run zonal shift has a 30 minute duration.

" }, "ZonalShiftsInResource":{ "type":"list", "member":{"shape":"ZonalShiftInResource"} } }, - "documentation":"

Welcome to the API Reference Guide for zonal shift and zonal autoshift in Amazon Route 53 Application Recovery Controller (Route 53 ARC).

You can start a zonal shift to move traffic for a load balancer resource away from an Availability Zone to help your application recover quickly from an impairment in an Availability Zone. For example, you can recover your application from a developer's bad code deployment or from an Amazon Web Services infrastructure failure in a single Availability Zone.

You can also configure zonal autoshift for supported load balancer resources. Zonal autoshift is a capability in Route 53 ARC where you authorize Amazon Web Services to shift away application resource traffic from an Availability Zone during events, on your behalf, to help reduce your time to recovery. Amazon Web Services starts an autoshift when internal telemetry indicates that there is an Availability Zone impairment that could potentially impact customers.

To help make sure that zonal autoshift is safe for your application, you must also configure practice runs when you enable zonal autoshift for a resource. Practice runs start weekly zonal shifts for a resource, to shift traffic for the resource away from an Availability Zone. Practice runs help you to make sure, on a regular basis, that you have enough capacity in all the Availability Zones in an Amazon Web Services Region for your application to continue to operate normally when traffic for a resource is shifted away from one Availability Zone.

Before you configure practice runs or enable zonal autoshift, we strongly recommend that you prescale your application resource capacity in all Availability Zones in the Region where your application resources are deployed. You should not rely on scaling on demand when an autoshift or practice run starts. Zonal autoshift, including practice runs, works independently, and does not wait for auto scaling actions to complete. Relying on auto scaling, instead of pre-scaling, can result in loss of availability.

If you use auto scaling to handle regular cycles of traffic, we strongly recommend that you configure the minimum capacity of your auto scaling to continue operating normally with the loss of an Availability Zone.

Be aware that Route 53 ARC does not inspect the health of individual resources. Amazon Web Services only starts an autoshift when Amazon Web Services telemetry detects that there is an Availability Zone impairment that could potentially impact customers. In some cases, resources might be shifted away that are not experiencing impact.

For more information about using zonal shift and zonal autoshift, see the Amazon Route 53 Application Recovery Controller Developer Guide.

" + "documentation":"

Welcome to the API Reference Guide for zonal shift and zonal autoshift in Amazon Application Recovery Controller (ARC).

You can start a zonal shift to move traffic for a load balancer resource away from an Availability Zone to help your application recover quickly from an impairment in an Availability Zone. For example, you can recover your application from a developer's bad code deployment or from an Amazon Web Services infrastructure failure in a single Availability Zone.

You can also configure zonal autoshift for supported load balancer resources. Zonal autoshift is a capability in ARC where you authorize Amazon Web Services to shift away application resource traffic from an Availability Zone during events, on your behalf, to help reduce your time to recovery. Amazon Web Services starts an autoshift when internal telemetry indicates that there is an Availability Zone impairment that could potentially impact customers.

For more information about using zonal shift and zonal autoshift, see the Amazon Application Recovery Controller Developer Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/waiters-2.json 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/waiters-2.json --- 2.23.6-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/arc-zonal-shift/2022-10-30/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/artifact/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/artifact/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/artifact/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/artifact/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/athena/2017-05-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/athena/2017-05-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/athena/2017-05-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/athena/2017-05-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/athena/2017-05-18/service-2.json 2.31.35-1/awscli/botocore/data/athena/2017-05-18/service-2.json --- 2.23.6-1/awscli/botocore/data/athena/2017-05-18/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/athena/2017-05-18/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -98,7 +98,7 @@ {"shape":"InternalServerException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

Creates (registers) a data catalog with the specified name and properties. Catalogs created are visible to all users of the same Amazon Web Services account.

This API operation creates the following resources.

  • CFN Stack Name with a maximum length of 128 characters and prefix athenafederatedcatalog-CATALOG_NAME_SANITIZED with length 23 characters.

  • Lambda Function Name with a maximum length of 64 characters and prefix athenafederatedcatalog_CATALOG_NAME_SANITIZED with length 23 characters.

  • Glue Connection Name with a maximum length of 255 characters and a prefix athenafederatedcatalog_CATALOG_NAME_SANITIZED with length 23 characters.

" + "documentation":"

Creates (registers) a data catalog with the specified name and properties. Catalogs created are visible to all users of the same Amazon Web Services account.

For a FEDERATED catalog, this API operation creates the following resources.

  • CFN Stack Name with a maximum length of 128 characters and prefix athenafederatedcatalog-CATALOG_NAME_SANITIZED with length 23 characters.

  • Lambda Function Name with a maximum length of 64 characters and prefix athenafederatedcatalog_CATALOG_NAME_SANITIZED with length 23 characters.

  • Glue Connection Name with a maximum length of 255 characters and a prefix athenafederatedcatalog_CATALOG_NAME_SANITIZED with length 23 characters.

" }, "CreateNamedQuery":{ "name":"CreateNamedQuery", @@ -1307,8 +1307,7 @@ }, "CancelCapacityReservationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CapacityAllocation":{ "type":"structure", @@ -1592,8 +1591,7 @@ }, "CreateCapacityReservationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateDataCatalogInput":{ "type":"structure", @@ -1608,7 +1606,7 @@ }, "Type":{ "shape":"DataCatalogType", - "documentation":"

The type of data catalog to create: LAMBDA for a federated catalog, GLUE for an Glue Data Catalog, and HIVE for an external Apache Hive metastore. FEDERATED is a federated catalog for which Athena creates the connection and the Lambda function for you based on the parameters that you pass.

" + "documentation":"

The type of data catalog to create: LAMBDA for a federated catalog, GLUE for an Glue Data Catalog, and HIVE for an external Apache Hive metastore. FEDERATED is a federated catalog for which Athena creates the connection and the Lambda function for you based on the parameters that you pass.

For FEDERATED type, we do not support IAM identity center.

" }, "Description":{ "shape":"DescriptionString", @@ -1732,8 +1730,7 @@ }, "CreatePreparedStatementOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CreatePresignedNotebookUrlRequest":{ "type":"structure", @@ -1791,8 +1788,7 @@ }, "CreateWorkGroupOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomerContentEncryptionConfiguration":{ "type":"structure", @@ -1953,8 +1949,7 @@ }, "DeleteCapacityReservationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataCatalogInput":{ "type":"structure", @@ -1989,8 +1984,7 @@ }, "DeleteNamedQueryOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNotebookInput":{ "type":"structure", @@ -2004,8 +1998,7 @@ }, "DeleteNotebookOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePreparedStatementInput":{ "type":"structure", @@ -2026,8 +2019,7 @@ }, "DeletePreparedStatementOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkGroupInput":{ "type":"structure", @@ -2045,8 +2037,7 @@ }, "DeleteWorkGroupOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescriptionString":{ "type":"string", @@ -2525,6 +2516,10 @@ "MaxResults":{ "shape":"MaxQueryResults", "documentation":"

The maximum number of results (rows) to return in this request.

" + }, + "QueryResultType":{ + "shape":"QueryResultType", + "documentation":"

When you set this to DATA_ROWS or empty, GetQueryResults returns the query results in rows. If set to DATA_MANIFEST, it returns the manifest file in rows. Only the query types CREATE TABLE AS SELECT, UNLOAD, and INSERT can generate a manifest file. If you use DATA_MANIFEST for other query types, the query will fail.

" } } }, @@ -3313,6 +3308,50 @@ } }, "Long":{"type":"long"}, + "ManagedQueryResultsConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

If set to true, allows you to store query results in Athena owned storage. If set to false, workgroup member stores query results in location specified under ResultConfiguration$OutputLocation. The default is false. A workgroup cannot have the ResultConfiguration$OutputLocation parameter when you set this field to true.

" + }, + "EncryptionConfiguration":{ + "shape":"ManagedQueryResultsEncryptionConfiguration", + "documentation":"

If you encrypt query and calculation results in Athena owned storage, this field indicates the encryption option (for example, SSE_KMS or CSE_KMS) and key information.

" + } + }, + "documentation":"

The configuration for storing results in Athena owned storage, which includes whether this feature is enabled; whether encryption configuration, if any, is used for encrypting query results.

" + }, + "ManagedQueryResultsConfigurationUpdates":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"BoxedBoolean", + "documentation":"

If set to true, specifies that Athena manages query results in Athena owned storage.

" + }, + "EncryptionConfiguration":{ + "shape":"ManagedQueryResultsEncryptionConfiguration", + "documentation":"

If you encrypt query and calculation results in Athena owned storage, this field indicates the encryption option (for example, SSE_KMS or CSE_KMS) and key information.

" + }, + "RemoveEncryptionConfiguration":{ + "shape":"BoxedBoolean", + "documentation":"

If set to true, it removes workgroup from Athena owned storage. The existing query results are cleaned up after 24hrs. You must provide query results in location specified under ResultConfiguration$OutputLocation.

" + } + }, + "documentation":"

Updates the configuration for managed query results.

" + }, + "ManagedQueryResultsEncryptionConfiguration":{ + "type":"structure", + "required":["KmsKey"], + "members":{ + "KmsKey":{ + "shape":"KmsKey", + "documentation":"

The ARN of an KMS key for encrypting managed query results.

" + } + }, + "documentation":"

If you encrypt query and calculation results in Athena owned storage, this field indicates the encryption option (for example, SSE_KMS or CSE_KMS) and key information.

" + }, "MaxApplicationDPUSizesCount":{ "type":"integer", "max":100, @@ -3639,8 +3678,7 @@ }, "PutCapacityAssignmentConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "QueryExecution":{ "type":"structure", @@ -3657,6 +3695,10 @@ "shape":"StatementType", "documentation":"

The type of query statement that was run. DDL indicates DDL query statements. DML indicates DML (Data Manipulation Language) query statements, such as CREATE TABLE AS SELECT. UTILITY indicates query statements other than DDL and DML, such as SHOW CREATE TABLE, or DESCRIBE TABLE.

" }, + "ManagedQueryResultsConfiguration":{ + "shape":"ManagedQueryResultsConfiguration", + "documentation":"

The configuration for storing results in Athena owned storage, which includes whether this feature is enabled; whether encryption configuration, if any, is used for encrypting query results.

" + }, "ResultConfiguration":{ "shape":"ResultConfiguration", "documentation":"

The location in Amazon S3 where query and calculation results are stored and the encryption option, if any, used for query results. These are known as \"client-side settings\". If workgroup settings override client-side settings, then the query uses the location for the query results and the encryption configuration that are specified for the workgroup.

" @@ -3808,6 +3850,13 @@ }, "documentation":"

The completion date, current state, submission time, and state change reason (if applicable) for the query execution.

" }, + "QueryResultType":{ + "type":"string", + "enum":[ + "DATA_MANIFEST", + "DATA_ROWS" + ] + }, "QueryResultsS3AccessGrantsConfiguration":{ "type":"structure", "required":[ @@ -4276,7 +4325,7 @@ "shape":"CalculationConfiguration", "documentation":"

Contains configuration information for the calculation.

", "deprecated":true, - "deprecatedMessage":"Kepler Post GA Tasks : https://sim.amazon.com/issues/ATHENA-39828" + "deprecatedMessage":"Structure is deprecated." }, "CodeBlock":{ "shape":"CodeBlock", @@ -4437,8 +4486,7 @@ }, "StopQueryExecutionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{"type":"string"}, "StringList":{ @@ -4538,8 +4586,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4681,8 +4728,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCapacityReservationInput":{ "type":"structure", @@ -4703,8 +4749,7 @@ }, "UpdateCapacityReservationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataCatalogInput":{ "type":"structure", @@ -4733,8 +4778,7 @@ }, "UpdateDataCatalogOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNamedQueryInput":{ "type":"structure", @@ -4764,8 +4808,7 @@ }, "UpdateNamedQueryOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotebookInput":{ "type":"structure", @@ -4820,13 +4863,11 @@ }, "UpdateNotebookMetadataOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotebookOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePreparedStatementInput":{ "type":"structure", @@ -4856,8 +4897,7 @@ }, "UpdatePreparedStatementOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWorkGroupInput":{ "type":"structure", @@ -4883,8 +4923,7 @@ }, "UpdateWorkGroupOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "WorkGroup":{ "type":"structure", @@ -4924,6 +4963,10 @@ "shape":"ResultConfiguration", "documentation":"

The configuration for the workgroup, which includes the location in Amazon S3 where query and calculation results are stored and the encryption option, if any, used for query and calculation results. To run the query, you must specify the query results location using one of the ways: either in the workgroup using this setting, or for individual queries (client-side), using ResultConfiguration$OutputLocation. If none of them is set, Athena issues an error that no output location is provided.

" }, + "ManagedQueryResultsConfiguration":{ + "shape":"ManagedQueryResultsConfiguration", + "documentation":"

The configuration for storing results in Athena owned storage, which includes whether this feature is enabled; whether encryption configuration, if any, is used for encrypting query results.

" + }, "EnforceWorkGroupConfiguration":{ "shape":"BoxedBoolean", "documentation":"

If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. For more information, see Workgroup Settings Override Client-Side Settings.

" @@ -4982,6 +5025,10 @@ "shape":"ResultConfigurationUpdates", "documentation":"

The result configuration information about the queries in this workgroup that will be updated. Includes the updated results location and an updated option for encrypting query results.

" }, + "ManagedQueryResultsConfigurationUpdates":{ + "shape":"ManagedQueryResultsConfigurationUpdates", + "documentation":"

Updates configuration information for managed query results in the workgroup.

" + }, "PublishCloudWatchMetricsEnabled":{ "shape":"BoxedBoolean", "documentation":"

Indicates whether this workgroup enables publishing metrics to Amazon CloudWatch.

" diff -pruN 2.23.6-1/awscli/botocore/data/auditmanager/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/auditmanager/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/auditmanager/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/auditmanager/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/auditmanager/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/auditmanager/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/auditmanager/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/auditmanager/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"auditmanager", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS Audit Manager", "serviceId":"AuditManager", "signatureVersion":"v4", "signingName":"auditmanager", - "uid":"auditmanager-2017-07-25" + "uid":"auditmanager-2017-07-25", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateAssessmentReportEvidenceFolder":{ @@ -568,7 +570,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.

Audit Manager defines which Amazon Web Services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services that are in this list.

For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.

" + "documentation":"

Gets a list of the Amazon Web Services services from which Audit Manager can collect evidence.

Audit Manager defines which Amazon Web Services services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services services that are in this list.

For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.

" }, "GetSettings":{ "name":"GetSettings", @@ -797,7 +799,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.

" }, @@ -860,7 +863,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Edits an Audit Manager assessment.

" }, @@ -908,7 +912,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Updates a custom framework in Audit Manager.

" }, @@ -1025,10 +1030,10 @@ "members":{ "serviceName":{ "shape":"AWSServiceName", - "documentation":"

The name of the Amazon Web Service.

" + "documentation":"

The name of the Amazon Web Services service.

" } }, - "documentation":"

An Amazon Web Service such as Amazon S3 or CloudTrail.

For an example of how to find an Amazon Web Service name and how to define it in your assessment scope, see the following:

" + "documentation":"

An Amazon Web Services service such as Amazon S3 or CloudTrail.

For an example of how to find an Amazon Web Services service name and how to define it in your assessment scope, see the following:

" }, "AWSServiceName":{ "type":"string", @@ -1134,7 +1139,10 @@ }, "description":{ "shape":"ControlDescription", - "documentation":"

The description of the control.

" + "documentation":"

The description of the control.

", + "deprecated":true, + "deprecatedMessage":"This data type will be deprecated on May 19, 2025. To view the assessment control description, use GetControl.", + "deprecatedSince":"2025-05-19" }, "status":{ "shape":"ControlStatus", @@ -1244,7 +1252,7 @@ }, "dataSource":{ "shape":"String", - "documentation":"

The Amazon Web Service that the evidence was collected from.

" + "documentation":"

The Amazon Web Services service that the evidence was collected from.

" }, "author":{ "shape":"String", @@ -1268,7 +1276,7 @@ }, "evidenceByTypeConfigurationDataCount":{ "shape":"Integer", - "documentation":"

The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other Amazon Web Services such as Amazon EC2, Amazon S3, or IAM.

" + "documentation":"

The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other Amazon Web Services services such as Amazon EC2, Amazon S3, or IAM.

" }, "evidenceByTypeManualCount":{ "shape":"Integer", @@ -1717,8 +1725,7 @@ }, "AssociateAssessmentReportEvidenceFolderResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AuditManagerArn":{ "type":"string", @@ -2445,7 +2452,7 @@ }, "controlSets":{ "shape":"CreateAssessmentFrameworkControlSets", - "documentation":"

The control sets that are associated with the framework.

" + "documentation":"

The control sets that are associated with the framework.

The Controls object returns a partial response when called through Framework APIs. For a complete Controls object, use GetControl.

" }, "tags":{ "shape":"TagMap", @@ -2458,7 +2465,7 @@ "members":{ "framework":{ "shape":"Framework", - "documentation":"

The name of the new framework that the CreateAssessmentFramework API returned.

" + "documentation":"

The new framework object that the CreateAssessmentFramework API returned.

" } } }, @@ -2810,8 +2817,7 @@ }, "DeleteAssessmentFrameworkResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssessmentFrameworkShareRequest":{ "type":"structure", @@ -2836,8 +2842,7 @@ }, "DeleteAssessmentFrameworkShareResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssessmentReportRequest":{ "type":"structure", @@ -2862,8 +2867,7 @@ }, "DeleteAssessmentReportResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssessmentRequest":{ "type":"structure", @@ -2879,8 +2883,7 @@ }, "DeleteAssessmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteControlRequest":{ "type":"structure", @@ -2896,8 +2899,7 @@ }, "DeleteControlResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResources":{ "type":"string", @@ -2908,8 +2910,7 @@ }, "DeregisterAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterAccountResponse":{ "type":"structure", @@ -2931,8 +2932,7 @@ }, "DeregisterOrganizationAdminAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregistrationPolicy":{ "type":"structure", @@ -2965,8 +2965,7 @@ }, "DisassociateAssessmentReportEvidenceFolderResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EmailAddress":{ "type":"string", @@ -3008,7 +3007,7 @@ }, "eventSource":{ "shape":"AWSServiceName", - "documentation":"

The Amazon Web Service that the evidence is collected from.

" + "documentation":"

The Amazon Web Services service that the evidence is collected from.

" }, "eventName":{ "shape":"EventName", @@ -3186,11 +3185,14 @@ }, "controlSources":{ "shape":"ControlSources", - "documentation":"

The control data sources where Audit Manager collects evidence from.

" + "documentation":"

The control data sources where Audit Manager collects evidence from.

This API parameter is no longer supported.

", + "deprecated":true, + "deprecatedMessage":"Use controlSources from the Control", + "deprecatedSince":"2025-07-24" }, "controlSets":{ "shape":"ControlSets", - "documentation":"

The control sets that are associated with the framework.

" + "documentation":"

The control sets that are associated with the framework.

The Controls object returns a partial response when called through Framework APIs. For a complete Controls object, use GetControl.

" }, "createdAt":{ "shape":"Timestamp", @@ -3268,8 +3270,7 @@ }, "GetAccountStatusRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountStatusResponse":{ "type":"structure", @@ -3297,7 +3298,7 @@ "members":{ "framework":{ "shape":"Framework", - "documentation":"

The framework that the GetAssessmentFramework API returned.

" + "documentation":"

The framework that the GetAssessmentFramework API returned.

The Controls object returns a partial response when called through Framework APIs. For a complete Controls object, use GetControl.

" } } }, @@ -3720,8 +3721,7 @@ }, "GetInsightsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetInsightsResponse":{ "type":"structure", @@ -3734,8 +3734,7 @@ }, "GetOrganizationAdminAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetOrganizationAdminAccountResponse":{ "type":"structure", @@ -3752,15 +3751,14 @@ }, "GetServicesInScopeRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetServicesInScopeResponse":{ "type":"structure", "members":{ "serviceMetadata":{ "shape":"ServiceMetadataList", - "documentation":"

The metadata that's associated with the Amazon Web Service.

" + "documentation":"

The metadata that's associated with the Amazon Web Services service.

" } } }, @@ -4565,7 +4563,7 @@ "type":"string", "max":1024, "min":1, - "pattern":"^(S|s)3:\\/\\/[a-zA-Z0-9\\-\\.\\(\\)\\'\\*\\_\\!\\/]+$" + "pattern":"^(S|s)3:\\/\\/[a-zA-Z0-9\\-\\.\\(\\)\\'\\*\\_\\!\\=\\+\\@\\:\\s\\,\\?\\/]+$" }, "SNSTopic":{ "type":"string", @@ -4583,12 +4581,12 @@ }, "awsServices":{ "shape":"AWSServices", - "documentation":"

The Amazon Web Services services that are included in the scope of the assessment.

This API parameter is no longer supported. If you use this parameter to specify one or more Amazon Web Services, Audit Manager ignores this input. Instead, the value for awsServices will show as empty.

", + "documentation":"

The Amazon Web Services services that are included in the scope of the assessment.

This API parameter is no longer supported. If you use this parameter to specify one or more Amazon Web Services services, Audit Manager ignores this input. Instead, the value for awsServices will show as empty.

", "deprecated":true, "deprecatedMessage":"You can't specify services in scope when creating/updating an assessment. If you use the parameter to specify one or more AWS services, Audit Manager ignores the input. Instead the value of the parameter will show as empty indicating that the services are defined and managed by Audit Manager." } }, - "documentation":"

The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.

You no longer need to specify which Amazon Web Services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services.

If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.

", + "documentation":"

The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.

You no longer need to specify which Amazon Web Services services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services services.

If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.

", "sensitive":true }, "ServiceMetadata":{ @@ -4596,22 +4594,22 @@ "members":{ "name":{ "shape":"AWSServiceName", - "documentation":"

The name of the Amazon Web Service.

" + "documentation":"

The name of the Amazon Web Services service.

" }, "displayName":{ "shape":"NonEmptyString", - "documentation":"

The display name of the Amazon Web Service.

" + "documentation":"

The display name of the Amazon Web Services service.

" }, "description":{ "shape":"NonEmptyString", - "documentation":"

The description of the Amazon Web Service.

" + "documentation":"

The description of the Amazon Web Services service.

" }, "category":{ "shape":"NonEmptyString", - "documentation":"

The category that the Amazon Web Service belongs to, such as compute, storage, or database.

" + "documentation":"

The category that the Amazon Web Services service belongs to, such as compute, storage, or database.

" } }, - "documentation":"

The metadata that's associated with the Amazon Web Service.

" + "documentation":"

The metadata that's associated with the Amazon Web Services service.

" }, "ServiceMetadataList":{ "type":"list", @@ -4739,7 +4737,7 @@ }, "keywordValue":{ "shape":"KeywordValue", - "documentation":"

The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.

If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on the type of rule:

  • For managed rules, you can use the rule identifier as the keywordValue. You can find the rule identifier from the list of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.

    Keyword example for managed rules:

  • For custom rules, you form the keywordValue by adding the Custom_ prefix to the rule name. This prefix distinguishes the custom rule from a managed rule.

    Keyword example for custom rules:

    • Custom rule name: my-custom-config-rule

      keywordValue: Custom_my-custom-config-rule

  • For service-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.

    Keyword examples for service-linked rules:

    • Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w

      keywordValue: Custom_CustomRuleForAccount-conformance-pack

    • Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled

The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not recognize the data source mapping. As a result, you might not successfully collect evidence from that data source as intended.

Keep in mind the following requirements, depending on the data source type that you're using.

  1. For Config:

    • For managed rules, make sure that the keywordValue is the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you reference the list of supported Config managed rules.

    • For custom rules, make sure that the keywordValue has the Custom_ prefix followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you visit the Config console to verify your custom rule name.

  2. For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference the list of supported Security Hub controls.

  3. For Amazon Web Services API calls: Make sure that the keywordValue is written as serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that you reference the list of supported API calls.

  4. For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference.

" + "documentation":"

The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.

If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on the type of rule:

  • For managed rules, you can use the rule identifier as the keywordValue. You can find the rule identifier from the list of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.

    Keyword example for managed rules:

  • For custom rules, you form the keywordValue by adding the Custom_ prefix to the rule name. This prefix distinguishes the custom rule from a managed rule.

    Keyword example for custom rules:

    • Custom rule name: my-custom-config-rule

      keywordValue: Custom_my-custom-config-rule

  • For service-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.

    Keyword examples for service-linked rules:

    • Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w

      keywordValue: Custom_CustomRuleForAccount-conformance-pack

    • Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled

The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not recognize the data source mapping. As a result, you might not successfully collect evidence from that data source as intended.

Keep in mind the following requirements, depending on the data source type that you're using.

  1. For Config:

    • For managed rules, make sure that the keywordValue is the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you reference the list of supported Config managed rules.

    • For custom rules, make sure that the keywordValue has the Custom_ prefix followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you visit the Config console to verify your custom rule name.

  2. For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference the list of supported Security Hub controls.

  3. For Amazon Web Services API calls: Make sure that the keywordValue is written as serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that you reference the list of supported API calls.

  4. For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web Services service prefix and action names in the Service Authorization Reference.

" } }, "documentation":"

A keyword that relates to the control data source.

For manual evidence, this keyword indicates if the manual evidence is a file or text.

For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.

To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:

" @@ -4851,8 +4849,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4938,8 +4935,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAssessmentControlRequest":{ "type":"structure", @@ -5081,7 +5077,7 @@ }, "controlSets":{ "shape":"UpdateAssessmentFrameworkControlSets", - "documentation":"

The control sets that are associated with the framework.

" + "documentation":"

The control sets that are associated with the framework.

The Controls object returns a partial response when called through Framework APIs. For a complete Controls object, use GetControl.

" } } }, @@ -5090,7 +5086,7 @@ "members":{ "framework":{ "shape":"Framework", - "documentation":"

The name of the framework.

" + "documentation":"

The framework object.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/autoscaling/2011-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/autoscaling/2011-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/autoscaling/2011-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/autoscaling/2011-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/autoscaling/2011-01-01/service-2.json 2.31.35-1/awscli/botocore/data/autoscaling/2011-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/autoscaling/2011-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/autoscaling/2011-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1304,8 +1304,7 @@ }, "AttachLoadBalancerTargetGroupsResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachLoadBalancerTargetGroupsType":{ "type":"structure", @@ -1326,8 +1325,7 @@ }, "AttachLoadBalancersResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachLoadBalancersType":{ "type":"structure", @@ -1348,8 +1346,7 @@ }, "AttachTrafficSourcesResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachTrafficSourcesType":{ "type":"structure", @@ -1484,7 +1481,7 @@ }, "NewInstancesProtectedFromScaleIn":{ "shape":"InstanceProtected", - "documentation":"

Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in.

" + "documentation":"

Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see Use instance scale-in protection in the Amazon EC2 Auto Scaling User Guide.

" }, "ServiceLinkedRoleARN":{ "shape":"ResourceName", @@ -1555,6 +1552,10 @@ "shape":"AutoScalingGroupNames", "documentation":"

The names of the Auto Scaling groups. By default, you can only specify up to 50 names. You can optionally increase this limit using the MaxRecords property.

If you omit this property, all Auto Scaling groups are described.

" }, + "IncludeInstances":{ + "shape":"IncludeInstances", + "documentation":"

Specifies whether to include information about Amazon EC2 instances in the response. When set to true (default), the response includes instance details.

" + }, "NextToken":{ "shape":"XmlString", "documentation":"

The token for the next set of items to return. (You received this token from a previous call.)

" @@ -1817,7 +1818,7 @@ }, "DeviceName":{ "shape":"XmlStringMaxLen255", - "documentation":"

The device name assigned to the volume (for example, /dev/sdh or xvdh). For more information, see Device naming on Linux instances in the Amazon EC2 User Guide for Linux Instances.

To define a block device mapping, set the device name and exactly one of the following properties: Ebs, NoDevice, or VirtualName.

" + "documentation":"

The device name assigned to the volume (for example, /dev/sdh or xvdh). For more information, see Device naming on Linux instances in the Amazon EC2 User Guide.

To define a block device mapping, set the device name and exactly one of the following properties: Ebs, NoDevice, or VirtualName.

" }, "Ebs":{ "shape":"Ebs", @@ -1834,6 +1835,7 @@ "type":"list", "member":{"shape":"BlockDeviceMapping"} }, + "BooleanType":{"type":"boolean"}, "BurstablePerformance":{ "type":"string", "enum":[ @@ -1858,6 +1860,10 @@ "AutoScalingGroupName":{ "shape":"XmlStringMaxLen255", "documentation":"

The name of the Auto Scaling group.

" + }, + "WaitForTransitioningInstances":{ + "shape":"BooleanType", + "documentation":"

When cancelling an instance refresh, this indicates whether to wait for in-flight launches and terminations to complete. The default is true.

When set to false, Amazon EC2 Auto Scaling cancels the instance refresh without waiting for any pending launches or terminations to complete.

" } } }, @@ -1947,8 +1953,7 @@ }, "CompleteLifecycleActionAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "CompleteLifecycleActionType":{ "type":"structure", @@ -1987,7 +1992,8 @@ "enum":[ "intel", "amd", - "amazon-web-services" + "amazon-web-services", + "apple" ] }, "CpuManufacturers":{ @@ -2071,7 +2077,7 @@ }, "PlacementGroup":{ "shape":"XmlStringMaxLen255", - "documentation":"

The name of the placement group into which to launch your instances. For more information, see Placement groups in the Amazon EC2 User Guide for Linux Instances.

A cluster placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.

" + "documentation":"

The name of the placement group into which to launch your instances. For more information, see Placement groups in the Amazon EC2 User Guide.

A cluster placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.

" }, "VPCZoneIdentifier":{ "shape":"XmlStringMaxLen5000", @@ -2153,11 +2159,11 @@ }, "ImageId":{ "shape":"XmlStringMaxLen255", - "documentation":"

The ID of the Amazon Machine Image (AMI) that was assigned during registration. For more information, see Find a Linux AMI in the Amazon EC2 User Guide for Linux Instances.

If you specify InstanceId, an ImageId is not required.

" + "documentation":"

The ID of the Amazon Machine Image (AMI) that was assigned during registration. For more information, see Find a Linux AMI in the Amazon EC2 User Guide.

If you specify InstanceId, an ImageId is not required.

" }, "KeyName":{ "shape":"XmlStringMaxLen255", - "documentation":"

The name of the key pair. For more information, see Amazon EC2 key pairs and Amazon EC2 instances in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The name of the key pair. For more information, see Amazon EC2 key pairs and Amazon EC2 instances in the Amazon EC2 User Guide.

" }, "SecurityGroups":{ "shape":"SecurityGroups", @@ -2181,19 +2187,19 @@ }, "InstanceType":{ "shape":"XmlStringMaxLen255", - "documentation":"

Specifies the instance type of the EC2 instance. For information about available instance types, see Available instance types in the Amazon EC2 User Guide for Linux Instances.

If you specify InstanceId, an InstanceType is not required.

" + "documentation":"

Specifies the instance type of the EC2 instance. For information about available instance types, see Available instance types in the Amazon EC2 User Guide.

If you specify InstanceId, an InstanceType is not required.

" }, "KernelId":{ "shape":"XmlStringMaxLen255", - "documentation":"

The ID of the kernel associated with the AMI.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The ID of the kernel associated with the AMI.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon EC2 User Guide.

" }, "RamdiskId":{ "shape":"XmlStringMaxLen255", - "documentation":"

The ID of the RAM disk to select.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The ID of the RAM disk to select.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon EC2 User Guide.

" }, "BlockDeviceMappings":{ "shape":"BlockDeviceMappings", - "documentation":"

The block device mapping entries that define the block devices to attach to the instances at launch. By default, the block devices specified in the block device mapping for the AMI are used. For more information, see Block device mappings in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The block device mapping entries that define the block devices to attach to the instances at launch. By default, the block devices specified in the block device mapping for the AMI are used. For more information, see Block device mappings in the Amazon EC2 User Guide.

" }, "InstanceMonitoring":{ "shape":"InstanceMonitoring", @@ -2209,7 +2215,7 @@ }, "EbsOptimized":{ "shape":"EbsOptimized", - "documentation":"

Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). The optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization is not available with all instance types. Additional fees are incurred when you enable EBS optimization for an instance type that is not EBS-optimized by default. For more information, see Amazon EBS-optimized instances in the Amazon EC2 User Guide for Linux Instances.

The default value is false.

" + "documentation":"

Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). The optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization is not available with all instance types. Additional fees are incurred when you enable EBS optimization for an instance type that is not EBS-optimized by default. For more information, see Amazon EBS-optimized instances in the Amazon EC2 User Guide.

The default value is false.

" }, "AssociatePublicIpAddress":{ "shape":"AssociatePublicIpAddress", @@ -2286,8 +2292,7 @@ }, "DeleteLifecycleHookAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLifecycleHookType":{ "type":"structure", @@ -2366,8 +2371,7 @@ }, "DeleteWarmPoolAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWarmPoolType":{ "type":"structure", @@ -2833,8 +2837,7 @@ }, "DetachLoadBalancerTargetGroupsResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachLoadBalancerTargetGroupsType":{ "type":"structure", @@ -2855,8 +2858,7 @@ }, "DetachLoadBalancersResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachLoadBalancersType":{ "type":"structure", @@ -2877,8 +2879,7 @@ }, "DetachTrafficSourcesResultType":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachTrafficSourcesType":{ "type":"structure", @@ -3180,6 +3181,7 @@ ] }, "IncludeDeletedGroups":{"type":"boolean"}, + "IncludeInstances":{"type":"boolean"}, "Instance":{ "type":"structure", "required":[ @@ -3455,7 +3457,7 @@ }, "CpuManufacturers":{ "shape":"CpuManufacturers", - "documentation":"

Lists which specific CPU manufacturers to include.

  • For instance types with Intel CPUs, specify intel.

  • For instance types with AMD CPUs, specify amd.

  • For instance types with Amazon Web Services CPUs, specify amazon-web-services.

Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.

Default: Any manufacturer

" + "documentation":"

Lists which specific CPU manufacturers to include.

  • For instance types with Intel CPUs, specify intel.

  • For instance types with AMD CPUs, specify amd.

  • For instance types with Amazon Web Services CPUs, specify amazon-web-services.

  • For instance types with Apple CPUs, specify apple.

Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template.

Default: Any manufacturer

" }, "MemoryGiBPerVCpu":{ "shape":"MemoryGiBPerVCpuRequest", @@ -3467,7 +3469,7 @@ }, "InstanceGenerations":{ "shape":"InstanceGenerations", - "documentation":"

Indicates whether current or previous generation instance types are included.

  • For current generation instance types, specify current. The current generation includes EC2 instance types currently recommended for use. This typically includes the latest two to three generations in each instance family. For more information, see Instance types in the Amazon EC2 User Guide for Linux Instances.

  • For previous generation instance types, specify previous.

Default: Any current or previous generation

" + "documentation":"

Indicates whether current or previous generation instance types are included.

  • For current generation instance types, specify current. The current generation includes EC2 instance types currently recommended for use. This typically includes the latest two to three generations in each instance family. For more information, see Instance types in the Amazon EC2 User Guide.

  • For previous generation instance types, specify previous.

Default: Any current or previous generation

" }, "SpotMaxPricePercentageOverLowestPrice":{ "shape":"NullablePositiveInteger", @@ -3487,7 +3489,7 @@ }, "BurstablePerformance":{ "shape":"BurstablePerformance", - "documentation":"

Indicates whether burstable performance instance types are included, excluded, or required. For more information, see Burstable performance instances in the Amazon EC2 User Guide for Linux Instances.

Default: excluded

" + "documentation":"

Indicates whether burstable performance instance types are included, excluded, or required. For more information, see Burstable performance instances in the Amazon EC2 User Guide.

Default: excluded

" }, "RequireHibernateSupport":{ "shape":"NullableBoolean", @@ -3499,7 +3501,7 @@ }, "LocalStorage":{ "shape":"LocalStorage", - "documentation":"

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see Amazon EC2 instance store in the Amazon EC2 User Guide for Linux Instances.

Default: included

" + "documentation":"

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see Amazon EC2 instance store in the Amazon EC2 User Guide.

Default: included

" }, "LocalStorageTypes":{ "shape":"LocalStorageTypes", @@ -3511,7 +3513,7 @@ }, "BaselineEbsBandwidthMbps":{ "shape":"BaselineEbsBandwidthMbpsRequest", - "documentation":"

The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide for Linux Instances.

Default: No minimum or maximum limits

" + "documentation":"

The minimum and maximum baseline bandwidth performance for an instance type, in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Default: No minimum or maximum limits

" }, "AcceleratorTypes":{ "shape":"AcceleratorTypes", @@ -3546,7 +3548,7 @@ "documentation":"

The baseline performance factors for the instance requirements.

" } }, - "documentation":"

The attributes for the instance types for a mixed instances policy. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types.

When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.

To limit the list of instance types from which Amazon EC2 Auto Scaling can identify matching instance types, you can use one of the following parameters, but not both in the same request:

  • AllowedInstanceTypes - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.

  • ExcludedInstanceTypes - The instance types to exclude from the list, even if they match your specified attributes.

You must specify VCpuCount and MemoryMiB. All other attributes are optional. Any unspecified optional attribute is set to its default.

For more information, see Create a mixed instances group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide. For help determining which instance types match your attributes before you apply them to your Auto Scaling group, see Preview instance types with specified attributes in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The attributes for the instance types for a mixed instances policy. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types.

When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.

To limit the list of instance types from which Amazon EC2 Auto Scaling can identify matching instance types, you can use one of the following parameters, but not both in the same request:

  • AllowedInstanceTypes - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.

  • ExcludedInstanceTypes - The instance types to exclude from the list, even if they match your specified attributes.

You must specify VCpuCount and MemoryMiB. All other attributes are optional. Any unspecified optional attribute is set to its default.

For more information, see Create a mixed instances group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide. For help determining which instance types match your attributes before you apply them to your Auto Scaling group, see Preview instance types with specified attributes in the Amazon EC2 User Guide.

" }, "InstanceReusePolicy":{ "type":"structure", @@ -3664,11 +3666,11 @@ }, "ImageId":{ "shape":"XmlStringMaxLen255", - "documentation":"

The ID of the Amazon Machine Image (AMI) to use to launch your EC2 instances. For more information, see Find a Linux AMI in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The ID of the Amazon Machine Image (AMI) to use to launch your EC2 instances. For more information, see Find a Linux AMI in the Amazon EC2 User Guide.

" }, "KeyName":{ "shape":"XmlStringMaxLen255", - "documentation":"

The name of the key pair.

For more information, see Amazon EC2 key pairs and Amazon EC2 instances in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The name of the key pair.

For more information, see Amazon EC2 key pairs and Amazon EC2 instances in the Amazon EC2 User Guide.

" }, "SecurityGroups":{ "shape":"SecurityGroups", @@ -3684,11 +3686,11 @@ }, "UserData":{ "shape":"XmlStringUserData", - "documentation":"

The user data to make available to the launched EC2 instances. For more information, see Instance metadata and user data (Linux) and Instance metadata and user data (Windows). If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.

" + "documentation":"

The user data to make available to the launched EC2 instances. For more information, see Instance metadata and user data in the Amazon EC2 User Guide. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.

" }, "InstanceType":{ "shape":"XmlStringMaxLen255", - "documentation":"

The instance type for the instances. For information about available instance types, see Available instance types in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The instance type for the instances. For information about available instance types, see Available instance types in the Amazon EC2 User Guide.

" }, "KernelId":{ "shape":"XmlStringMaxLen255", @@ -3700,7 +3702,7 @@ }, "BlockDeviceMappings":{ "shape":"BlockDeviceMappings", - "documentation":"

The block device mapping entries that define the block devices to attach to the instances at launch. By default, the block devices specified in the block device mapping for the AMI are used. For more information, see Block device mappings in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

The block device mapping entries that define the block devices to attach to the instances at launch. By default, the block devices specified in the block device mapping for the AMI are used. For more information, see Block device mappings in the Amazon EC2 User Guide.

" }, "InstanceMonitoring":{ "shape":"InstanceMonitoring", @@ -3720,7 +3722,7 @@ }, "EbsOptimized":{ "shape":"EbsOptimized", - "documentation":"

Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). For more information, see Amazon EBS-optimized instances in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

Specifies whether the launch configuration is optimized for EBS I/O (true) or not (false). For more information, see Amazon EBS-optimized instances in the Amazon EC2 User Guide.

" }, "AssociatePublicIpAddress":{ "shape":"AssociatePublicIpAddress", @@ -3811,7 +3813,7 @@ "members":{ "InstanceType":{ "shape":"XmlStringMaxLen255", - "documentation":"

The instance type, such as m3.xlarge. You must specify an instance type that is supported in your requested Region and Availability Zones. For more information, see Instance types in the Amazon EC2 User Guide for Linux Instances.

You can specify up to 40 instance types per Auto Scaling group.

" + "documentation":"

The instance type, such as m3.xlarge. You must specify an instance type that is supported in your requested Region and Availability Zones. For more information, see Instance types in the Amazon EC2 User Guide.

You can specify up to 40 instance types per Auto Scaling group.

" }, "WeightedCapacity":{ "shape":"XmlStringMaxLen32", @@ -4308,7 +4310,7 @@ "documentation":"

The maximum amount of network bandwidth, in gigabits per second (Gbps).

" } }, - "documentation":"

Specifies the minimum and maximum for the NetworkBandwidthGbps object when you specify InstanceRequirements for an Auto Scaling group.

Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see Available instance bandwidth in the Amazon EC2 User Guide for Linux Instances.

" + "documentation":"

Specifies the minimum and maximum for the NetworkBandwidthGbps object when you specify InstanceRequirements for an Auto Scaling group.

Setting the minimum bandwidth does not guarantee that your instance will achieve the minimum bandwidth. Amazon EC2 will identify instance types that support the specified minimum bandwidth, but the actual bandwidth of your instance might go below the specified minimum at times. For more information, see Available instance bandwidth in the Amazon EC2 User Guide.

" }, "NetworkInterfaceCountRequest":{ "type":"structure", @@ -4678,8 +4680,7 @@ "ProtectedFromScaleIn":{"type":"boolean"}, "PutLifecycleHookAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "PutLifecycleHookType":{ "type":"structure", @@ -4860,8 +4861,7 @@ }, "PutWarmPoolAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "PutWarmPoolType":{ "type":"structure", @@ -4891,8 +4891,7 @@ }, "RecordLifecycleActionHeartbeatAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "RecordLifecycleActionHeartbeatType":{ "type":"structure", @@ -5368,8 +5367,7 @@ }, "SetInstanceProtectionAnswer":{ "type":"structure", - "members":{ - } + "members":{} }, "SetInstanceProtectionQuery":{ "type":"structure", @@ -5791,7 +5789,7 @@ }, "PlacementGroup":{ "shape":"UpdatePlacementGroupParam", - "documentation":"

The name of an existing placement group into which to launch your instances. To remove the placement group setting, pass an empty string for placement-group. For more information about placement groups, see Placement groups in the Amazon EC2 User Guide for Linux Instances.

A cluster placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.

" + "documentation":"

The name of an existing placement group into which to launch your instances. To remove the placement group setting, pass an empty string for placement-group. For more information about placement groups, see Placement groups in the Amazon EC2 User Guide.

A cluster placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.

" }, "VPCZoneIdentifier":{ "shape":"XmlStringMaxLen5000", @@ -5815,7 +5813,7 @@ }, "CapacityRebalance":{ "shape":"CapacityRebalanceEnabled", - "documentation":"

Enables or disables Capacity Rebalancing. For more information, see Use Capacity Rebalancing to handle Amazon EC2 Spot Interruptions in the Amazon EC2 Auto Scaling User Guide.

" + "documentation":"

Enables or disables Capacity Rebalancing. If Capacity Rebalancing is disabled, proactive replacement of at-risk Spot Instances does not occur. For more information, see Capacity Rebalancing in Auto Scaling to replace at-risk Spot Instances in the Amazon EC2 Auto Scaling User Guide.

To suspend rebalancing across Availability Zones, use the SuspendProcesses API.

" }, "Context":{ "shape":"Context", @@ -5995,5 +5993,5 @@ }, "ZonalShiftEnabled":{"type":"boolean"} }, - "documentation":"Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling is designed to automatically launch and terminate EC2 instances based on user-defined scaling policies, scheduled actions, and health checks.

For more information, see the Amazon EC2 Auto Scaling User Guide and the Amazon EC2 Auto Scaling API Reference.

" + "documentation":"Amazon EC2 Auto Scaling

The DescribeAutoScalingGroups API operation might be throttled when retrieving details for an Auto Scaling group that contains many instances. By default, this operation returns details for all instances in the group. To help prevent throttling, you can set the IncludeInstances parameter to false to exclude instance details from the response.

Amazon EC2 Auto Scaling is designed to automatically launch and terminate EC2 instances based on user-defined scaling policies, scheduled actions, and health checks.

For more information, see the Amazon EC2 Auto Scaling User Guide and the Amazon EC2 Auto Scaling API Reference.

" } diff -pruN 2.23.6-1/awscli/botocore/data/autoscaling-plans/2018-01-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/autoscaling-plans/2018-01-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/autoscaling-plans/2018-01-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/autoscaling-plans/2018-01-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,13 +212,51 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-east-1" + ] + } + ], + "endpoint": { + "url": "https://autoscaling-plans.us-gov-east-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-west-1" + ] + } + ], + "endpoint": { + "url": "https://autoscaling-plans.us-gov-west-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://autoscaling-plans-fips.{Region}.{PartitionResult#dnsSuffix}", @@ -231,14 +265,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +288,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +307,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +317,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +337,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/autoscaling-plans/2018-01-06/service-2.json 2.31.35-1/awscli/botocore/data/autoscaling-plans/2018-01-06/service-2.json --- 2.23.6-1/awscli/botocore/data/autoscaling-plans/2018-01-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/autoscaling-plans/2018-01-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"autoscaling-plans", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Auto Scaling Plans", "serviceId":"Auto Scaling Plans", "signatureVersion":"v4", "signingName":"autoscaling-plans", "targetPrefix":"AnyScaleScalingPlannerFrontendService", - "uid":"autoscaling-plans-2018-01-06" + "uid":"autoscaling-plans-2018-01-06", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateScalingPlan":{ @@ -267,8 +269,7 @@ }, "DeleteScalingPlanResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeScalingPlanResourcesRequest":{ "type":"structure", @@ -935,8 +936,7 @@ }, "UpdateScalingPlanResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/service-2.json 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/service-2.json --- 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,8 +25,8 @@ "input":{"shape":"CreateCapabilityRequest"}, "output":{"shape":"CreateCapabilityResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, @@ -45,11 +45,11 @@ "input":{"shape":"CreatePartnershipRequest"}, "output":{"shape":"CreatePartnershipResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -65,11 +65,11 @@ "input":{"shape":"CreateProfileRequest"}, "output":{"shape":"CreateProfileResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -101,11 +101,11 @@ "input":{"shape":"CreateTransformerRequest"}, "output":{"shape":"CreateTransformerResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -120,8 +120,8 @@ }, "input":{"shape":"DeleteCapabilityRequest"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, @@ -138,11 +138,11 @@ }, "input":{"shape":"DeletePartnershipRequest"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Deletes the specified partnership. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities.

", @@ -159,8 +159,8 @@ {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Deletes the specified profile. A profile is the mechanism used to create the concept of a private network.

", @@ -174,11 +174,11 @@ }, "input":{"shape":"DeleteTransformerRequest"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Deletes the specified transformer. A transformer can take an EDI file as input and transform it into a JSON-or XML-formatted document. Alternatively, a transformer can take a JSON-or XML-formatted document as input and transform it into an EDI file.

", @@ -198,7 +198,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

Takes sample input and output documents and uses Amazon Bedrock to generate a mapping automatically. Depending on the accuracy and other factors, you can then edit the mapping for your needs.

Before you can use the AI-assisted feature for Amazon Web Services B2B Data Interchange you must enable models in Amazon Bedrock. For details, see AI-assisted template mapping prerequisites in the Amazon Web Services B2B Data Interchange User guide.

", + "documentation":"

Takes sample input and output documents and uses Amazon Bedrock to generate a mapping automatically. Depending on the accuracy and other factors, you can then edit the mapping for your needs.

Before you can use the AI-assisted feature for Amazon Web Services B2B Data Interchange you must enable models in Amazon Bedrock. For details, see AI-assisted template mapping prerequisites in the Amazon Web Services B2B Data Interchange User guide.

To generate a mapping, perform the following steps:

  1. Start with an X12 EDI document to use as the input.

  2. Call TestMapping using your EDI document.

  3. Use the output from the TestMapping operation as either input or output for your GenerateMapping call, along with your sample file.

", "idempotent":true }, "GetCapability":{ @@ -229,8 +229,8 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Retrieves the details for a partnership, based on the partner and profile IDs specified. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities.

" @@ -246,8 +246,8 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Retrieves the details for the profile specified by the profile ID. A profile is the mechanism used to create the concept of a private network.

" @@ -263,8 +263,8 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Retrieves the details for the transformer specified by the transformer ID. A transformer can take an EDI file as input and transform it into a JSON-or XML-formatted document. Alternatively, a transformer can take a JSON-or XML-formatted document as input and transform it into an EDI file.

" @@ -284,7 +284,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns the details of the transformer run, based on the Transformer job ID.

" + "documentation":"

Returns the details of the transformer run, based on the Transformer job ID.

If 30 days have elapsed since your transformer job was started, the system deletes it. So, if you run GetTransformerJob and supply a transformerId and transformerJobId for a job that was started more than 30 days previously, you receive a 404 response.

" }, "ListCapabilities":{ "name":"ListCapabilities", @@ -313,8 +313,8 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Lists the partnerships associated with your Amazon Web Services account for your current or specified region. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities.

" @@ -375,14 +375,14 @@ "input":{"shape":"StartTransformerJobRequest"}, "output":{"shape":"StartTransformerJobResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

Runs a job, using a transformer, to parse input EDI (electronic data interchange) file into the output structures used by Amazon Web Services B2B Data Interchange.

If you only want to transform EDI (electronic data interchange) documents, you don't need to create profiles, partnerships or capabilities. Just create and configure a transformer, and then run the StartTransformerJob API to process your files.

", + "documentation":"

Runs a job, using a transformer, to parse input EDI (electronic data interchange) file into the output structures used by Amazon Web Services B2B Data Interchange.

If you only want to transform EDI (electronic data interchange) documents, you don't need to create profiles, partnerships or capabilities. Just create and configure a transformer, and then run the StartTransformerJob API to process your files.

The system stores transformer jobs for 30 days. During that period, you can run GetTransformerJob and supply its transformerId and transformerJobId to return details of the job.

", "idempotent":true }, "TagResource":{ @@ -394,8 +394,8 @@ "input":{"shape":"TagResourceRequest"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

Attaches a key-value pair to a resource, as identified by its Amazon Resource Name (ARN). Resources are capability, partnership, profile, transformers and other entities.

There is no response returned from this call.

" @@ -478,8 +478,8 @@ "input":{"shape":"UpdateCapabilityRequest"}, "output":{"shape":"UpdateCapabilityResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, @@ -498,11 +498,11 @@ "input":{"shape":"UpdatePartnershipRequest"}, "output":{"shape":"UpdatePartnershipResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -518,11 +518,11 @@ "input":{"shape":"UpdateProfileRequest"}, "output":{"shape":"UpdateProfileResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -538,11 +538,11 @@ "input":{"shape":"UpdateTransformerRequest"}, "output":{"shape":"UpdateTransformerResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -560,6 +560,16 @@ "documentation":"

You do not have sufficient access to perform this action.

", "exception":true }, + "AdvancedOptions":{ + "type":"structure", + "members":{ + "x12":{ + "shape":"X12AdvancedOptions", + "documentation":"

A structure that contains X12-specific advanced options, such as split options for processing X12 EDI files.

" + } + }, + "documentation":"

A structure that contains advanced options for EDI processing. Currently, only X12 advanced options are supported.

" + }, "AmazonResourceName":{ "type":"string", "max":1011, @@ -614,6 +624,10 @@ "outboundEdi":{ "shape":"OutboundEdiOptions", "documentation":"

A structure that contains the outbound EDI options.

" + }, + "inboundEdi":{ + "shape":"InboundEdiOptions", + "documentation":"

A structure that contains the inbound EDI options for the capability.

" } }, "documentation":"

Contains the details for an Outbound EDI capability.

" @@ -654,6 +668,10 @@ "type":"string", "enum":["edi"] }, + "CodeList":{ + "type":"list", + "member":{"shape":"String"} + }, "ConflictException":{ "type":"structure", "required":["message"], @@ -703,7 +721,8 @@ "outputSampleFile":{ "shape":"OutputSampleFileSource", "documentation":"

Customer uses this to provide a sample on what should file look like after conversion X12 EDI use case around this would be discovering the file syntax

" - } + }, + "advancedOptions":{"shape":"AdvancedOptions"} }, "documentation":"

Provide a sample of what the output of the transformation should look like.

" }, @@ -1228,6 +1247,21 @@ "documentation":"

Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.

", "union":true }, + "ElementId":{ + "type":"string", + "documentation":"

A string type representing an X12 element ID. Element IDs are four-digit numeric identifiers that uniquely identify elements within the X12 standard. This type enforces a pattern of exactly four digits to ensure valid element IDs are used in validation rules.

" + }, + "ElementPosition":{ + "type":"string", + "documentation":"

A string type representing the position of an element within an X12 segment. The format follows the pattern of segment identifier followed by element position (e.g., \"ST-01\" for the first element of the ST segment) and optionally a component position (e.g., \"ST-01-02\" for the second component of the first element). This type is used in validation rules to precisely identify which element in which position is being validated.

" + }, + "ElementRequirement":{ + "type":"string", + "enum":[ + "OPTIONAL", + "MANDATORY" + ] + }, "Email":{ "type":"string", "max":254, @@ -1285,11 +1319,11 @@ "members":{ "inputFileContent":{ "shape":"GenerateMappingInputFileContent", - "documentation":"

Provide the contents of a sample X12 EDI file (for inbound EDI) or JSON/XML file (for outbound EDI) to use as a starting point for the mapping.

" + "documentation":"

Provide the contents of a sample X12 EDI file, either in JSON or XML format, to use as a starting point for the mapping.

" }, "outputFileContent":{ "shape":"GenerateMappingOutputFileContent", - "documentation":"

Provide the contents of a sample X12 EDI file (for outbound EDI) or JSON/XML file (for inbound EDI) to use as a target for the mapping.

" + "documentation":"

Provide the contents of a sample X12 EDI file, either in JSON or XML format, to use as a target for the mapping.

" }, "mappingType":{ "shape":"MappingType", @@ -1618,6 +1652,16 @@ } } }, + "InboundEdiOptions":{ + "type":"structure", + "members":{ + "x12":{ + "shape":"X12InboundEdiOptions", + "documentation":"

A structure that contains X12-specific options for processing inbound X12 EDI files.

" + } + }, + "documentation":"

Contains options for processing inbound EDI files. These options allow for customizing how incoming EDI documents are processed.

" + }, "InputConversion":{ "type":"structure", "required":["fromFormat"], @@ -1629,6 +1673,10 @@ "formatOptions":{ "shape":"FormatOptions", "documentation":"

A structure that contains the formatting options for an inbound transformer.

" + }, + "advancedOptions":{ + "shape":"AdvancedOptions", + "documentation":"

Specifies advanced options for the input conversion process. These options provide additional control over how EDI files are processed during transformation.

" } }, "documentation":"

Contains the input formatting options for an inbound transformer (takes an X12-formatted EDI document as input and converts it to JSON or XML.

" @@ -1678,6 +1726,19 @@ "type":"list", "member":{"shape":"SampleDocumentKeys"} }, + "LineLength":{ + "type":"integer", + "box":true, + "min":1 + }, + "LineTerminator":{ + "type":"string", + "enum":[ + "CRLF", + "LF", + "CR" + ] + }, "ListCapabilitiesRequest":{ "type":"structure", "members":{ @@ -1887,7 +1948,8 @@ "formatOptions":{ "shape":"FormatOptions", "documentation":"

A structure that contains the X12 transaction set and version for the transformer output.

" - } + }, + "advancedOptions":{"shape":"AdvancedOptions"} }, "documentation":"

Contains the formatting options for an outbound transformer (takes JSON or XML as input and converts it to an EDI document (currently only X12 format is supported).

" }, @@ -1904,6 +1966,10 @@ "max":2048, "min":1 }, + "ParsedSplitFileContentsList":{ + "type":"list", + "member":{"shape":"String"} + }, "PartnerName":{ "type":"string", "max":254, @@ -2162,6 +2228,24 @@ } } }, + "StartingFunctionalGroupControlNumber":{ + "type":"integer", + "box":true, + "max":999999999, + "min":1 + }, + "StartingInterchangeControlNumber":{ + "type":"integer", + "box":true, + "max":999999999, + "min":1 + }, + "StartingTransactionSetControlNumber":{ + "type":"integer", + "box":true, + "max":999999999, + "min":1 + }, "String":{"type":"string"}, "Tag":{ "type":"structure", @@ -2255,7 +2339,7 @@ }, "validationMessages":{ "shape":"ValidationMessages", - "documentation":"

Returns an array of strings, each containing a message that Amazon Web Services B2B Data Interchange generates during the conversion.

" + "documentation":"

Returns an array of validation messages that Amazon Web Services B2B Data Interchange generates during the conversion process. These messages include both standard EDI validation results and custom validation messages when custom validation rules are configured. Custom validation messages provide detailed feedback on element length constraints, code list validations, and element requirement checks applied during the outbound EDI generation process.

" } } }, @@ -2315,6 +2399,10 @@ "ediType":{ "shape":"EdiType", "documentation":"

Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.

" + }, + "advancedOptions":{ + "shape":"AdvancedOptions", + "documentation":"

Specifies advanced options for parsing the input EDI file. These options allow for more granular control over the parsing process, including split options for X12 files.

" } } }, @@ -2325,6 +2413,14 @@ "parsedFileContent":{ "shape":"String", "documentation":"

Returns the contents of the input file being tested, parsed according to the specified EDI (electronic data interchange) type.

" + }, + "parsedSplitFileContents":{ + "shape":"ParsedSplitFileContentsList", + "documentation":"

Returns an array of parsed file contents when the input file is split according to the specified split options. Each element in the array represents a separate split file's parsed content.

" + }, + "validationMessages":{ + "shape":"ValidationMessages", + "documentation":"

Returns an array of validation messages generated during EDI validation. These messages provide detailed information about validation errors, warnings, or confirmations based on the configured X12 validation rules such as element length constraints, code list validations, and element requirement checks. This field is populated when the TestParsing API validates EDI documents.

" } } }, @@ -2842,30 +2938,108 @@ "members":{ "Message":{"shape":"ErrorMessage"} }, - "documentation":"

Occurs when a B2BI object cannot be validated against a request from another object.

", + "documentation":"

Occurs when a B2BI object cannot be validated against a request from another object. This exception can be thrown during standard EDI validation or when custom validation rules fail, such as when element length constraints are violated, invalid codes are used in code list validations, or required elements are missing based on configured element requirement rules.

", "exception":true }, "ValidationMessages":{ "type":"list", "member":{"shape":"String"} }, + "WrapFormat":{ + "type":"string", + "enum":[ + "SEGMENT", + "ONE_LINE", + "LINE_LENGTH" + ] + }, + "WrapOptions":{ + "type":"structure", + "required":["wrapBy"], + "members":{ + "wrapBy":{ + "shape":"WrapFormat", + "documentation":"

Specifies the method used for wrapping lines in the EDI output. Valid values:

  • SEGMENT: Wraps by segment.

  • ONE_LINE: Indicates that the entire content is on a single line.

    When you specify ONE_LINE, do not provide either the line length nor the line terminator value.

  • LINE_LENGTH: Wraps by character count, as specified by lineLength value.

" + }, + "lineTerminator":{ + "shape":"LineTerminator", + "documentation":"

Specifies the character sequence used to terminate lines when wrapping. Valid values:

  • CRLF: carriage return and line feed

  • LF: line feed)

  • CR: carriage return

" + }, + "lineLength":{ + "shape":"LineLength", + "documentation":"

Specifies the maximum length of a line before wrapping occurs. This value is used when wrapBy is set to LINE_LENGTH.

" + } + }, + "documentation":"

Contains options for wrapping (line folding) in X12 EDI files. Wrapping controls how long lines are handled in the EDI output.

" + }, + "X12AcknowledgmentOptions":{ + "type":"structure", + "required":[ + "functionalAcknowledgment", + "technicalAcknowledgment" + ], + "members":{ + "functionalAcknowledgment":{ + "shape":"X12FunctionalAcknowledgment", + "documentation":"

Specifies whether functional acknowledgments (997/999) should be generated for incoming X12 transactions. Valid values are DO_NOT_GENERATE, GENERATE_ALL_SEGMENTS and GENERATE_WITHOUT_TRANSACTION_SET_RESPONSE_LOOP.

If you choose GENERATE_WITHOUT_TRANSACTION_SET_RESPONSE_LOOP, Amazon Web Services B2B Data Interchange skips the AK2_Loop when generating an acknowledgment document.

" + }, + "technicalAcknowledgment":{ + "shape":"X12TechnicalAcknowledgment", + "documentation":"

Specifies whether technical acknowledgments (TA1) should be generated for incoming X12 interchanges. Valid values are DO_NOT_GENERATE and GENERATE_ALL_SEGMENTS and.

" + } + }, + "documentation":"

Contains options for configuring X12 acknowledgments. These options control how functional and technical acknowledgments are handled.

" + }, "X12AcknowledgmentRequestedCode":{ "type":"string", "max":1, "min":1, "pattern":"[a-zA-Z0-9]*" }, + "X12AdvancedOptions":{ + "type":"structure", + "members":{ + "splitOptions":{ + "shape":"X12SplitOptions", + "documentation":"

Specifies options for splitting X12 EDI files. These options control how large X12 files are divided into smaller, more manageable units.

" + }, + "validationOptions":{ + "shape":"X12ValidationOptions", + "documentation":"

Specifies validation options for X12 EDI processing. These options control how validation rules are applied during EDI document processing, including custom validation rules for element length constraints, code list validations, and element requirement checks.

" + } + }, + "documentation":"

Contains advanced options specific to X12 EDI processing, such as splitting large X12 files into smaller units.

" + }, "X12ApplicationReceiverCode":{ "type":"string", "max":15, "min":2, - "pattern":"[a-zA-Z0-9]*" + "pattern":"[a-zA-Z0-9 ]*" }, "X12ApplicationSenderCode":{ "type":"string", "max":15, "min":2, - "pattern":"[a-zA-Z0-9]*" + "pattern":"[a-zA-Z0-9 ]*" + }, + "X12CodeListValidationRule":{ + "type":"structure", + "required":["elementId"], + "members":{ + "elementId":{ + "shape":"ElementId", + "documentation":"

Specifies the four-digit element ID to which the code list modifications apply. This identifies which X12 element will have its allowed code values modified.

" + }, + "codesToAdd":{ + "shape":"CodeList", + "documentation":"

Specifies a list of code values to add to the element's allowed values. These codes will be considered valid for the specified element in addition to the standard codes defined by the X12 specification.

" + }, + "codesToRemove":{ + "shape":"CodeList", + "documentation":"

Specifies a list of code values to remove from the element's allowed values. These codes will be considered invalid for the specified element, even if they are part of the standard codes defined by the X12 specification.

" + } + }, + "documentation":"

Defines a validation rule that modifies the allowed code values for a specific X12 element. This rule allows you to add or remove valid codes from an element's standard code list, providing flexibility to accommodate trading partner-specific requirements or industry variations. You can specify codes to add to expand the allowed values beyond the X12 standard, or codes to remove to restrict the allowed values for stricter validation.

" }, "X12ComponentSeparator":{ "type":"string", @@ -2873,6 +3047,24 @@ "min":1, "pattern":"[!&'()*+,\\-./:;?=%@\\[\\]_{}|<>~^`\"]" }, + "X12ControlNumbers":{ + "type":"structure", + "members":{ + "startingInterchangeControlNumber":{ + "shape":"StartingInterchangeControlNumber", + "documentation":"

Specifies the starting interchange control number (ISA13) to use for X12 EDI generation. This number is incremented for each new interchange. For the ISA (interchange) envelope, Amazon Web Services B2B Data Interchange generates an interchange control number that is unique for the ISA05 and ISA06 (sender) & ISA07 and ISA08 (receiver) combination.

" + }, + "startingFunctionalGroupControlNumber":{ + "shape":"StartingFunctionalGroupControlNumber", + "documentation":"

Specifies the starting functional group control number (GS06) to use for X12 EDI generation. This number is incremented for each new functional group. For the GS (functional group) envelope, Amazon Web Services B2B Data Interchange generates a functional group control number that is unique to the sender ID, receiver ID, and functional identifier code combination.

" + }, + "startingTransactionSetControlNumber":{ + "shape":"StartingTransactionSetControlNumber", + "documentation":"

Specifies the starting transaction set control number (ST02) to use for X12 EDI generation. This number is incremented for each new transaction set.

" + } + }, + "documentation":"

Contains configuration for X12 control numbers used in X12 EDI generation. Control numbers are used to uniquely identify interchanges, functional groups, and transaction sets.

" + }, "X12DataElementSeparator":{ "type":"string", "max":1, @@ -2911,16 +3103,78 @@ }, "documentation":"

A structure that contains the X12 transaction set and version. The X12 structure is used when the system transforms an EDI (electronic data interchange) file.

If an EDI input file contains more than one transaction, each transaction must have the same transaction set and version, for example 214/4010. If not, the transformer cannot parse the file.

" }, + "X12ElementLengthValidationRule":{ + "type":"structure", + "required":[ + "elementId", + "maxLength", + "minLength" + ], + "members":{ + "elementId":{ + "shape":"ElementId", + "documentation":"

Specifies the four-digit element ID to which the length constraints will be applied. This identifies which X12 element will have its length requirements modified.

" + }, + "maxLength":{ + "shape":"X12ElementLengthValidationRuleMaxLengthInteger", + "documentation":"

Specifies the maximum allowed length for the identified element. This value must be between 1 and 200 characters and defines the upper limit for the element's content length.

" + }, + "minLength":{ + "shape":"X12ElementLengthValidationRuleMinLengthInteger", + "documentation":"

Specifies the minimum required length for the identified element. This value must be between 1 and 200 characters and defines the lower limit for the element's content length.

" + } + }, + "documentation":"

Defines a validation rule that specifies custom length constraints for a specific X12 element. This rule allows you to override the standard minimum and maximum length requirements for an element, enabling validation of trading partner-specific length requirements that may differ from the X12 specification. Both minimum and maximum length values must be specified and must be between 1 and 200 characters.

" + }, + "X12ElementLengthValidationRuleMaxLengthInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "X12ElementLengthValidationRuleMinLengthInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "X12ElementRequirementValidationRule":{ + "type":"structure", + "required":[ + "elementPosition", + "requirement" + ], + "members":{ + "elementPosition":{ + "shape":"ElementPosition", + "documentation":"

Specifies the position of the element within an X12 segment for which the requirement status will be modified. The format follows the pattern of segment identifier followed by element position (e.g., \"ST-01\" for the first element of the ST segment).

" + }, + "requirement":{ + "shape":"ElementRequirement", + "documentation":"

Specifies the requirement status for the element at the specified position. Valid values are OPTIONAL (the element may be omitted) or MANDATORY (the element must be present).

" + } + }, + "documentation":"

Defines a validation rule that modifies the requirement status of a specific X12 element within a segment. This rule allows you to make optional elements mandatory or mandatory elements optional, providing flexibility to accommodate different trading partner requirements and business rules. The rule targets a specific element position within a segment and sets its requirement status to either OPTIONAL or MANDATORY.

" + }, "X12Envelope":{ "type":"structure", "members":{ "common":{ "shape":"X12OutboundEdiHeaders", "documentation":"

A container for the X12 outbound EDI headers.

" - } + }, + "wrapOptions":{"shape":"WrapOptions"} }, "documentation":"

A wrapper structure for an X12 definition object.

the X12 envelope ensures the integrity of the data and the efficiency of the information exchange. The X12 message structure has hierarchical levels. From highest to the lowest, they are:

  • Interchange Envelope

  • Functional Group

  • Transaction Set

" }, + "X12FunctionalAcknowledgment":{ + "type":"string", + "enum":[ + "DO_NOT_GENERATE", + "GENERATE_ALL_SEGMENTS", + "GENERATE_WITHOUT_TRANSACTION_SET_RESPONSE_LOOP" + ] + }, "X12FunctionalGroupHeaders":{ "type":"structure", "members":{ @@ -2939,12 +3193,31 @@ }, "documentation":"

Part of the X12 message structure. These are the functional group headers for the X12 EDI object.

" }, + "X12GS05TimeFormat":{ + "type":"string", + "documentation":"

Specifies the time format in the GS05 element (time) of the functional group header. The following formats use 24-hour clock time:

  • HHMM - Hours and minutes

  • HHMMSS - Hours, minutes, and seconds

  • HHMMSSDD - Hours, minutes, seconds, and decimal seconds

Where:

  • HH - Hours (00-23)

  • MM - Minutes (00-59)

  • SS - Seconds (00-59)

  • DD - Hundredths of seconds (00-99)

", + "enum":[ + "HHMM", + "HHMMSS", + "HHMMSSDD" + ] + }, "X12IdQualifier":{ "type":"string", "max":2, "min":2, "pattern":"[a-zA-Z0-9]*" }, + "X12InboundEdiOptions":{ + "type":"structure", + "members":{ + "acknowledgmentOptions":{ + "shape":"X12AcknowledgmentOptions", + "documentation":"

Specifies acknowledgment options for inbound X12 EDI files. These options control how functional and technical acknowledgments are handled.

" + } + }, + "documentation":"

Contains options specific to processing inbound X12 EDI files.

" + }, "X12InterchangeControlHeaders":{ "type":"structure", "members":{ @@ -2996,8 +3269,13 @@ }, "validateEdi":{ "shape":"X12ValidateEdi", - "documentation":"

Specifies whether or not to validate the EDI for this X12 object: TRUE or FALSE.

" - } + "documentation":"

Specifies whether or not to validate the EDI for this X12 object: TRUE or FALSE. When enabled, this performs both standard EDI validation and applies any configured custom validation rules including element length constraints, code list validations, and element requirement checks. Validation results are returned in the response validation messages.

" + }, + "controlNumbers":{ + "shape":"X12ControlNumbers", + "documentation":"

Specifies control number configuration for outbound X12 EDI headers. These settings determine the starting values for interchange, functional group, and transaction set control numbers.

" + }, + "gs05TimeFormat":{"shape":"X12GS05TimeFormat"} }, "documentation":"

A structure containing the details for an outbound EDI object.

" }, @@ -3005,7 +3283,7 @@ "type":"string", "max":15, "min":15, - "pattern":"[a-zA-Z0-9]*" + "pattern":"[a-zA-Z0-9 ]*" }, "X12RepetitionSeparator":{ "type":"string", @@ -3028,7 +3306,32 @@ "type":"string", "max":15, "min":15, - "pattern":"[a-zA-Z0-9]*" + "pattern":"[a-zA-Z0-9 ]*" + }, + "X12SplitBy":{ + "type":"string", + "enum":[ + "NONE", + "TRANSACTION" + ] + }, + "X12SplitOptions":{ + "type":"structure", + "required":["splitBy"], + "members":{ + "splitBy":{ + "shape":"X12SplitBy", + "documentation":"

Specifies the method used to split X12 EDI files. Valid values include TRANSACTION (split by individual transaction sets), or NONE (no splitting).

" + } + }, + "documentation":"

Contains options for splitting X12 EDI files into smaller units. This is useful for processing large EDI files more efficiently.

" + }, + "X12TechnicalAcknowledgment":{ + "type":"string", + "enum":[ + "DO_NOT_GENERATE", + "GENERATE_ALL_SEGMENTS" + ] }, "X12TransactionSet":{ "type":"string", @@ -3387,6 +3690,40 @@ "type":"boolean", "box":true }, + "X12ValidationOptions":{ + "type":"structure", + "members":{ + "validationRules":{ + "shape":"X12ValidationRules", + "documentation":"

Specifies a list of validation rules to apply during EDI document processing. These rules can include code list modifications, element length constraints, and element requirement changes.

" + } + }, + "documentation":"

Contains configuration options for X12 EDI validation. This structure allows you to specify custom validation rules that will be applied during EDI document processing, including element length constraints, code list modifications, and element requirement changes. These validation options provide flexibility to accommodate trading partner-specific requirements while maintaining EDI compliance. The validation rules are applied in addition to standard X12 validation to ensure documents meet both standard and custom requirements.

" + }, + "X12ValidationRule":{ + "type":"structure", + "members":{ + "codeListValidationRule":{ + "shape":"X12CodeListValidationRule", + "documentation":"

Specifies a code list validation rule that modifies the allowed code values for a specific X12 element. This rule enables you to customize which codes are considered valid for an element, allowing for trading partner-specific code requirements.

" + }, + "elementLengthValidationRule":{ + "shape":"X12ElementLengthValidationRule", + "documentation":"

Specifies an element length validation rule that defines custom length constraints for a specific X12 element. This rule allows you to enforce minimum and maximum length requirements that may differ from the standard X12 specification.

" + }, + "elementRequirementValidationRule":{ + "shape":"X12ElementRequirementValidationRule", + "documentation":"

Specifies an element requirement validation rule that modifies whether a specific X12 element is required or optional within a segment. This rule provides flexibility to accommodate different trading partner requirements for element presence.

" + } + }, + "documentation":"

Represents a single validation rule that can be applied during X12 EDI processing. This is a union type that can contain one of several specific validation rule types: code list validation rules for modifying allowed element codes, element length validation rules for enforcing custom length constraints, or element requirement validation rules for changing mandatory/optional status. Each validation rule targets specific aspects of EDI document validation to ensure compliance with trading partner requirements and business rules.

", + "union":true + }, + "X12ValidationRules":{ + "type":"list", + "member":{"shape":"X12ValidationRule"}, + "documentation":"

A list of X12 validation rules to be applied during EDI document processing. This collection allows you to specify multiple validation rules of different types that will be enforced when validating X12 EDI documents.

" + }, "X12Version":{ "type":"string", "enum":[ diff -pruN 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/waiters-2.json 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/waiters-2.json --- 2.23.6-1/awscli/botocore/data/b2bi/2022-06-23/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/b2bi/2022-06-23/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,21 @@ +{ + "version" : 2, + "waiters" : { + "TransformerJobSucceeded" : { + "delay" : 10, + "maxAttempts" : 12, + "operation" : "GetTransformerJob", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "succeeded" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "failed" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/backup/2018-11-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/backup/2018-11-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/backup/2018-11-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backup/2018-11-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/backup/2018-11-15/paginators-1.json 2.31.35-1/awscli/botocore/data/backup/2018-11-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/backup/2018-11-15/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backup/2018-11-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -107,6 +107,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "IndexedRecoveryPoints" + }, + "ListRestoreAccessBackupVaults": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RestoreAccessBackupVaults" } } } diff -pruN 2.23.6-1/awscli/botocore/data/backup/2018-11-15/service-2.json 2.31.35-1/awscli/botocore/data/backup/2018-11-15/service-2.json --- 2.23.6-1/awscli/botocore/data/backup/2018-11-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backup/2018-11-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,23 @@ "auth":["aws.auth#sigv4"] }, "operations":{ + "AssociateBackupVaultMpaApprovalTeam":{ + "name":"AssociateBackupVaultMpaApprovalTeam", + "http":{ + "method":"PUT", + "requestUri":"/backup-vaults/{backupVaultName}/mpaApprovalTeam", + "responseCode":204 + }, + "input":{"shape":"AssociateBackupVaultMpaApprovalTeamInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

Associates an MPA approval team with a backup vault.

" + }, "CancelLegalHold":{ "name":"CancelLegalHold", "http":{ @@ -158,6 +175,26 @@ "documentation":"

Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it.

If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.

", "idempotent":true }, + "CreateRestoreAccessBackupVault":{ + "name":"CreateRestoreAccessBackupVault", + "http":{ + "method":"PUT", + "requestUri":"/restore-access-backup-vaults" + }, + "input":{"shape":"CreateRestoreAccessBackupVaultInput"}, + "output":{"shape":"CreateRestoreAccessBackupVaultOutput"}, + "errors":[ + {"shape":"AlreadyExistsException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"LimitExceededException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

Creates a restore access backup vault that provides temporary access to recovery points in a logically air-gapped backup vault, subject to MPA approval.

", + "idempotent":true + }, "CreateRestoreTestingPlan":{ "name":"CreateRestoreTestingPlan", "http":{ @@ -244,7 +281,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.

" + "documentation":"

Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.

", + "idempotent":true }, "DeleteBackupVaultAccessPolicy":{ "name":"DeleteBackupVaultAccessPolicy", @@ -554,6 +592,23 @@ "documentation":"

Returns metadata associated with a restore job that is specified by a job ID.

", "idempotent":true }, + "DisassociateBackupVaultMpaApprovalTeam":{ + "name":"DisassociateBackupVaultMpaApprovalTeam", + "http":{ + "method":"POST", + "requestUri":"/backup-vaults/{backupVaultName}/mpaApprovalTeam?delete", + "responseCode":204 + }, + "input":{"shape":"DisassociateBackupVaultMpaApprovalTeamInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

Removes the association between an MPA approval team and a backup vault, disabling the MPA approval workflow for restore operations.

" + }, "DisassociateRecoveryPoint":{ "name":"DisassociateRecoveryPoint", "http":{ @@ -1126,6 +1181,22 @@ ], "documentation":"

Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan.

" }, + "ListRestoreAccessBackupVaults":{ + "name":"ListRestoreAccessBackupVaults", + "http":{ + "method":"GET", + "requestUri":"/logically-air-gapped-backup-vaults/{backupVaultName}/restore-access-backup-vaults/" + }, + "input":{"shape":"ListRestoreAccessBackupVaultsInput"}, + "output":{"shape":"ListRestoreAccessBackupVaultsOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

Returns a list of restore access backup vaults associated with a specified backup vault.

" + }, "ListRestoreJobSummaries":{ "name":"ListRestoreJobSummaries", "http":{ @@ -1218,7 +1289,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault.

", + "documentation":"

Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault.

This operation returns results depending on the resource type used in the value for resourceArn. For example, recovery points of Amazon DynamoDB with Advanced Settings have an ARN (Amazon Resource Name) that begins with arn:aws:backup. Recovery points (backups) of DynamoDB without Advanced Settings enabled have an ARN that begins with arn:aws:dynamodb.

When this operation is called and when you include values of resourceArn that have an ARN other than arn:aws:backup, it may return one of the exceptions listed below. To prevent this exception, include only values representing resource types that are fully managed by Backup. These have an ARN that begins arn:aws:backup and they are noted in the Feature availability by resource table.

", "idempotent":true }, "PutBackupVaultAccessPolicy":{ @@ -1288,6 +1359,22 @@ "documentation":"

This request allows you to send your independent self-run restore test validation results. RestoreJobId and ValidationStatus are required. Optionally, you can input a ValidationStatusMessage.

", "idempotent":true }, + "RevokeRestoreAccessBackupVault":{ + "name":"RevokeRestoreAccessBackupVault", + "http":{ + "method":"DELETE", + "requestUri":"/logically-air-gapped-backup-vaults/{backupVaultName}/restore-access-backup-vaults/{restoreAccessBackupVaultArn}" + }, + "input":{"shape":"RevokeRestoreAccessBackupVaultInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InvalidRequestException"} + ], + "documentation":"

Revokes access to a restore access backup vault, removing the ability to restore from its recovery points and permanently deleting the vault.

" + }, "StartBackupJob":{ "name":"StartBackupJob", "http":{ @@ -1323,7 +1410,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

Starts a job to create a one-time copy of the specified resource.

Does not support continuous backups.

", + "documentation":"

Starts a job to create a one-time copy of the specified resource.

Does not support continuous backups.

See Copy job retry for information on how Backup retries copy job operations.

", "idempotent":true }, "StartReportJob":{ @@ -1375,7 +1462,7 @@ {"shape":"InvalidRequestException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Attempts to cancel a job to create a one-time backup of a resource.

This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP, Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune.

" + "documentation":"

Attempts to cancel a job to create a one-time backup of a resource.

This action is not supported for the following services:

  • Amazon Aurora

  • Amazon DocumentDB (with MongoDB compatibility)

  • Amazon FSx for Lustre

  • Amazon FSx for NetApp ONTAP

  • Amazon FSx for OpenZFS

  • Amazon FSx for Windows File Server

  • Amazon Neptune

  • SAP HANA databases on Amazon EC2 instances

  • Amazon RDS

" }, "TagResource":{ "name":"TagResource", @@ -1391,7 +1478,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).

This API is supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS.

", + "documentation":"

Assigns a set of key-value pairs to a resource.

", "idempotent":true }, "UntagResource":{ @@ -1584,7 +1671,7 @@ }, "BackupOptions":{ "shape":"BackupOptions", - "documentation":"

Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.

Valid values:

Set to \"WindowsVSS\":\"enabled\" to enable the WindowsVSS backup option and create a Windows VSS backup.

Set to \"WindowsVSS\":\"disabled\" to create a regular backup. The WindowsVSS option is not enabled by default.

If you specify an invalid option, you get an InvalidParameterValueException exception.

For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup.

" + "documentation":"

Specifies the backup option for a selected resource. This option is available for Windows VSS backup jobs and S3 backups.

Valid values:

Set to \"WindowsVSS\":\"enabled\" to enable the WindowsVSS backup option and create a Windows VSS backup.

Set to \"WindowsVSS\":\"disabled\" to create a regular backup. The WindowsVSS option is not enabled by default.

For S3 backups, set to \"S3BackupACLs\":\"disabled\" to exclude ACLs from the backup, or \"S3BackupObjectTags\":\"disabled\" to exclude object tags from the backup. By default, both ACLs and object tags are included in S3 backups.

If you specify an invalid option, you get an InvalidParameterValueException exception.

For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup.

" } }, "documentation":"

The backup options for each resource type.

" @@ -1626,6 +1713,29 @@ "documentation":"

The required resource already exists.

", "exception":true }, + "AssociateBackupVaultMpaApprovalTeamInput":{ + "type":"structure", + "required":[ + "BackupVaultName", + "MpaApprovalTeamArn" + ], + "members":{ + "BackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the backup vault to associate with the MPA approval team.

", + "location":"uri", + "locationName":"backupVaultName" + }, + "MpaApprovalTeamArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the MPA approval team to associate with the backup vault.

" + }, + "RequesterComment":{ + "shape":"RequesterComment", + "documentation":"

A comment provided by the requester explaining the association request.

" + } + } + }, "BackupJob":{ "type":"structure", "members":{ @@ -1645,10 +1755,27 @@ "shape":"ARN", "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, + "VaultType":{ + "shape":"string", + "documentation":"

The type of backup vault where the recovery point is stored. Valid values are BACKUP_VAULT for standard backup vaults and LOGICALLY_AIR_GAPPED_BACKUP_VAULT for logically air-gapped vaults.

" + }, + "VaultLockState":{ + "shape":"string", + "documentation":"

The lock state of the backup vault. For logically air-gapped vaults, this indicates whether the vault is locked in compliance mode. Valid values include LOCKED and UNLOCKED.

" + }, "RecoveryPointArn":{ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, + "RecoveryPointLifecycle":{"shape":"Lifecycle"}, + "EncryptionKeyArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the backup. This can be a customer-managed key or an Amazon Web Services managed key, depending on the vault configuration.

" + }, + "IsEncrypted":{ + "shape":"boolean", + "documentation":"

A boolean value indicating whether the backup is encrypted. All backups in Backup are encrypted, but this field indicates the encryption status for transparency.

" + }, "ResourceArn":{ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.

" @@ -1675,7 +1802,7 @@ }, "BackupSizeInBytes":{ "shape":"Long", - "documentation":"

The size, in bytes, of a backup.

" + "documentation":"

The size, in bytes, of a backup (recovery point).

This value can render differently depending on the resource type as Backup pulls in data information from other Amazon Web Services services. For example, the value returned may show a value of 0, which may differ from the anticipated value.

The expected behavior for values by resource type are described as follows:

  • Amazon Aurora, Amazon DocumentDB, and Amazon Neptune do not have this value populate from the operation GetBackupJobStatus.

  • For Amazon DynamoDB with advanced features, this value refers to the size of the recovery point (backup).

  • Amazon EC2 and Amazon EBS show volume size (provisioned storage) returned as part of this value. Amazon EBS does not return backup size information; snapshot size will have the same value as the original resource that was backed up.

  • For Amazon EFS, this value refers to the delta bytes transferred during a backup.

  • Amazon FSx does not populate this value from the operation GetBackupJobStatus for FSx file systems.

  • An Amazon RDS instance will show as 0.

  • For virtual machines running VMware, this value is passed to Backup through an asynchronous workflow, which can mean this displayed value can under-represent the actual backup size.

" }, "IamRoleArn":{ "shape":"IAMRoleArn", @@ -1956,7 +2083,7 @@ }, "ScheduleExpression":{ "shape":"CronExpression", - "documentation":"

A cron expression in UTC specifying when Backup initiates a backup job. For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide.. Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC). For a table of examples, click the preceding link and scroll down the page.

" + "documentation":"

A cron expression in UTC specifying when Backup initiates a backup job. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide.

Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC).

For a table of examples, click the preceding link and scroll down the page.

" }, "StartWindowMinutes":{ "shape":"WindowMinutes", @@ -2014,7 +2141,7 @@ }, "ScheduleExpression":{ "shape":"CronExpression", - "documentation":"

A CRON expression in UTC specifying when Backup initiates a backup job.

" + "documentation":"

A CRON expression in UTC specifying when Backup initiates a backup job. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

" }, "StartWindowMinutes":{ "shape":"WindowMinutes", @@ -2154,7 +2281,11 @@ "BACKUP_PLAN_CREATED", "BACKUP_PLAN_MODIFIED", "S3_BACKUP_OBJECT_FAILED", - "S3_RESTORE_OBJECT_FAILED" + "S3_RESTORE_OBJECT_FAILED", + "CONTINUOUS_BACKUP_INTERRUPTED", + "RECOVERY_POINT_INDEX_COMPLETED", + "RECOVERY_POINT_INDEX_DELETED", + "RECOVERY_POINT_INDEXING_FAILED" ] }, "BackupVaultEvents":{ @@ -2215,6 +2346,10 @@ "LockDate":{ "shape":"timestamp", "documentation":"

The date and time when Backup Vault Lock configuration becomes immutable, meaning it cannot be changed or deleted.

If you applied Vault Lock to your vault without specifying a lock date, you can change your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.

This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" + }, + "EncryptionKeyType":{ + "shape":"EncryptionKeyType", + "documentation":"

The type of encryption key used for the backup vault. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.

" } }, "documentation":"

Contains metadata about a backup vault.

" @@ -2267,8 +2402,7 @@ }, "CancelLegalHoldOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "ComplianceResourceIdList":{ "type":"list", @@ -2438,10 +2572,23 @@ "shape":"ARN", "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a destination copy vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, + "DestinationVaultType":{ + "shape":"string", + "documentation":"

The type of destination backup vault where the copied recovery point is stored. Valid values are BACKUP_VAULT for standard backup vaults and LOGICALLY_AIR_GAPPED_BACKUP_VAULT for logically air-gapped vaults.

" + }, + "DestinationVaultLockState":{ + "shape":"string", + "documentation":"

The lock state of the destination backup vault. For logically air-gapped vaults, this indicates whether the vault is locked in compliance mode. Valid values include LOCKED and UNLOCKED.

" + }, "DestinationRecoveryPointArn":{ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a destination recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, + "DestinationEncryptionKeyArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the copied backup in the destination vault. This can be a customer-managed key or an Amazon Web Services managed key.

" + }, + "DestinationRecoveryPointLifecycle":{"shape":"Lifecycle"}, "ResourceArn":{ "shape":"ARN", "documentation":"

The Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.

" @@ -2597,7 +2744,8 @@ }, "CreatorRequestId":{ "shape":"string", - "documentation":"

Identifies the request and allows failed requests to be retried without the risk of running the operation twice. If the request includes a CreatorRequestId that matches an existing backup plan, that plan is returned. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

Identifies the request and allows failed requests to be retried without the risk of running the operation twice. If the request includes a CreatorRequestId that matches an existing backup plan, that plan is returned. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

", + "idempotencyToken":true } } }, @@ -2645,7 +2793,8 @@ }, "CreatorRequestId":{ "shape":"string", - "documentation":"

A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

", + "idempotencyToken":true } } }, @@ -2686,7 +2835,8 @@ }, "CreatorRequestId":{ "shape":"string", - "documentation":"

A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.

If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

", + "idempotencyToken":true } } }, @@ -2767,7 +2917,8 @@ }, "IdempotencyToken":{ "shape":"string", - "documentation":"

This is a user-chosen string used to distinguish between otherwise identical calls. Retrying a successful request with the same idempotency token results in a success message with no action taken.

" + "documentation":"

This is a user-chosen string used to distinguish between otherwise identical calls. Retrying a successful request with the same idempotency token results in a success message with no action taken.

", + "idempotencyToken":true }, "RecoveryPointSelection":{ "shape":"RecoveryPointSelection", @@ -2832,7 +2983,8 @@ }, "CreatorRequestId":{ "shape":"string", - "documentation":"

The ID of the creation request.

This parameter is optional. If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

The ID of the creation request.

This parameter is optional. If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

", + "idempotencyToken":true }, "MinRetentionDays":{ "shape":"Long", @@ -2841,6 +2993,10 @@ "MaxRetentionDays":{ "shape":"Long", "documentation":"

The maximum retention period that the vault retains its recovery points.

" + }, + "EncryptionKeyArn":{ + "shape":"ARN", + "documentation":"

The ARN of the customer-managed KMS key to use for encrypting the logically air-gapped backup vault. If not specified, the vault will be encrypted with an Amazon Web Services-owned key managed by Amazon Web Services Backup.

" } } }, @@ -2917,6 +3073,54 @@ } } }, + "CreateRestoreAccessBackupVaultInput":{ + "type":"structure", + "required":["SourceBackupVaultArn"], + "members":{ + "SourceBackupVaultArn":{ + "shape":"ARN", + "documentation":"

The ARN of the source backup vault containing the recovery points to which temporary access is requested.

" + }, + "BackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the backup vault to associate with an MPA approval team.

" + }, + "BackupVaultTags":{ + "shape":"Tags", + "documentation":"

Optional tags to assign to the restore access backup vault.

" + }, + "CreatorRequestId":{ + "shape":"string", + "documentation":"

A unique string that identifies the request and allows failed requests to be retried without the risk of executing the operation twice.

", + "idempotencyToken":true + }, + "RequesterComment":{ + "shape":"RequesterComment", + "documentation":"

A comment explaining the reason for requesting restore access to the backup vault.

" + } + } + }, + "CreateRestoreAccessBackupVaultOutput":{ + "type":"structure", + "members":{ + "RestoreAccessBackupVaultArn":{ + "shape":"ARN", + "documentation":"

The ARN that uniquely identifies the created restore access backup vault.

" + }, + "VaultState":{ + "shape":"VaultState", + "documentation":"

The current state of the restore access backup vault.

" + }, + "RestoreAccessBackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the created restore access backup vault.

" + }, + "CreationDate":{ + "shape":"timestamp", + "documentation":"

>The date and time when the restore access backup vault was created, in Unix format and Coordinated Universal Time

" + } + } + }, "CreateRestoreTestingPlanInput":{ "type":"structure", "required":["RestoreTestingPlan"], @@ -3003,7 +3207,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

The name of the restore testing selection for the related restore testing plan.

" + "documentation":"

The name of the restore testing selection for the related restore testing plan.

The name cannot be changed after creation. The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" } } }, @@ -3251,14 +3455,31 @@ "shape":"BackupVaultName", "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, + "RecoveryPointLifecycle":{"shape":"Lifecycle"}, "BackupVaultArn":{ "shape":"ARN", "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, + "VaultType":{ + "shape":"string", + "documentation":"

The type of backup vault where the recovery point is stored. Valid values are BACKUP_VAULT for standard backup vaults and LOGICALLY_AIR_GAPPED_BACKUP_VAULT for logically air-gapped vaults.

" + }, + "VaultLockState":{ + "shape":"string", + "documentation":"

The lock state of the backup vault. For logically air-gapped vaults, this indicates whether the vault is locked in compliance mode. Valid values include LOCKED and UNLOCKED.

" + }, "RecoveryPointArn":{ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, + "EncryptionKeyArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the backup. This can be a customer-managed key or an Amazon Web Services managed key, depending on the vault configuration.

" + }, + "IsEncrypted":{ + "shape":"boolean", + "documentation":"

A boolean value indicating whether the backup is encrypted. All backups in Backup are encrypted, but this field indicates the encryption status for transparency.

" + }, "ResourceArn":{ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a saved resource. The format of the ARN depends on the resource type.

" @@ -3285,7 +3506,7 @@ }, "BackupSizeInBytes":{ "shape":"Long", - "documentation":"

The size, in bytes, of a backup.

" + "documentation":"

The size, in bytes, of a backup (recovery point).

This value can render differently depending on the resource type as Backup pulls in data information from other Amazon Web Services services. For example, the value returned may show a value of 0, which may differ from the anticipated value.

The expected behavior for values by resource type are described as follows:

  • Amazon Aurora, Amazon DocumentDB, and Amazon Neptune do not have this value populate from the operation GetBackupJobStatus.

  • For Amazon DynamoDB with advanced features, this value refers to the size of the recovery point (backup).

  • Amazon EC2 and Amazon EBS show volume size (provisioned storage) returned as part of this value. Amazon EBS does not return backup size information; snapshot size will have the same value as the original resource that was backed up.

  • For Amazon EFS, this value refers to the delta bytes transferred during a backup.

  • Amazon FSx does not populate this value from the operation GetBackupJobStatus for FSx file systems.

  • An Amazon RDS instance will show as 0.

  • For virtual machines running VMware, this value is passed to Backup through an asynchronous workflow, which can mean this displayed value can under-represent the actual backup size.

" }, "IamRoleArn":{ "shape":"IAMRoleArn", @@ -3400,7 +3621,7 @@ }, "NumberOfRecoveryPoints":{ "shape":"long", - "documentation":"

The number of recovery points that are stored in a backup vault.

" + "documentation":"

The number of recovery points that are stored in a backup vault.

Recovery point count value displayed in the console can be an approximation. Use ListRecoveryPointsByBackupVault API to obtain the exact count.

" }, "Locked":{ "shape":"Boolean", @@ -3417,6 +3638,26 @@ "LockDate":{ "shape":"timestamp", "documentation":"

The date and time when Backup Vault Lock configuration cannot be changed or deleted.

If you applied Vault Lock to your vault without specifying a lock date, you can change any of your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.

This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" + }, + "SourceBackupVaultArn":{ + "shape":"ARN", + "documentation":"

The ARN of the source backup vault from which this restore access backup vault was created.

" + }, + "MpaApprovalTeamArn":{ + "shape":"ARN", + "documentation":"

The ARN of the MPA approval team associated with this backup vault.

" + }, + "MpaSessionArn":{ + "shape":"ARN", + "documentation":"

The ARN of the MPA session associated with this backup vault.

" + }, + "LatestMpaApprovalTeamUpdate":{ + "shape":"LatestMpaApprovalTeamUpdate", + "documentation":"

Information about the latest update to the MPA approval team association for this backup vault.

" + }, + "EncryptionKeyType":{ + "shape":"EncryptionKeyType", + "documentation":"

The type of encryption key used for the backup vault. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.

" } } }, @@ -3492,15 +3733,14 @@ }, "DescribeGlobalSettingsInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeGlobalSettingsOutput":{ "type":"structure", "members":{ "GlobalSettings":{ "shape":"GlobalSettings", - "documentation":"

The status of the flag isCrossAccountBackupEnabled.

" + "documentation":"

The status of the flags isCrossAccountBackupEnabled and isMpaEnabled ('Mpa' refers to multi-party approval).

" }, "LastUpdateTime":{ "shape":"timestamp", @@ -3625,7 +3865,7 @@ }, "Status":{ "shape":"RecoveryPointStatus", - "documentation":"

A status code specifying the state of the recovery point.

PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan. You can also increase your backup plan window using the Console by choosing and editing your backup plan.

EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started.

STOPPED status occurs on a continuous backup where a user has taken some action that causes the continuous backup to be disabled. This can be caused by the removal of permissions, turning off versioning, turning off events being sent to EventBridge, or disabling the EventBridge rules that are put in place by Backup. For recovery points of Amazon S3, Amazon RDS, and Amazon Aurora resources, this status occurs when the retention period of a continuous backup rule is changed.

To resolve STOPPED status, ensure that all requested permissions are in place and that versioning is enabled on the S3 bucket. Once these conditions are met, the next instance of a backup rule running will result in a new continuous recovery point being created. The recovery points with STOPPED status do not need to be deleted.

For SAP HANA on Amazon EC2 STOPPED status occurs due to user action, application misconfiguration, or backup failure. To ensure that future continuous backups succeed, refer to the recovery point status and check SAP HANA for details.

" + "documentation":"

A status code specifying the state of the recovery point. For more information, see Recovery point status in the Backup Developer Guide.

  • CREATING status indicates that an Backup job has been initiated for a resource. The backup process has started and is actively processing a backup job for the associated recovery point.

  • AVAILABLE status indicates that the backup was successfully created for the recovery point. The backup process has completed without any issues, and the recovery point is now ready for use.

  • PARTIAL status indicates a composite recovery point has one or more nested recovery points that were not in the backup.

  • EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started.

  • STOPPED status occurs on a continuous backup where a user has taken some action that causes the continuous backup to be disabled. This can be caused by the removal of permissions, turning off versioning, turning off events being sent to EventBridge, or disabling the EventBridge rules that are put in place by Backup. For recovery points of Amazon S3, Amazon RDS, and Amazon Aurora resources, this status occurs when the retention period of a continuous backup rule is changed.

    To resolve STOPPED status, ensure that all requested permissions are in place and that versioning is enabled on the S3 bucket. Once these conditions are met, the next instance of a backup rule running will result in a new continuous recovery point being created. The recovery points with STOPPED status do not need to be deleted.

    For SAP HANA on Amazon EC2 STOPPED status occurs due to user action, application misconfiguration, or backup failure. To ensure that future continuous backups succeed, refer to the recovery point status and check SAP HANA for details.

" }, "StatusMessage":{ "shape":"string", @@ -3635,6 +3875,10 @@ "shape":"timestamp", "documentation":"

The date and time that a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" }, + "InitiationDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the backup job that created this recovery point was initiated, in Unix format and Coordinated Universal Time (UTC).

" + }, "CompletionDate":{ "shape":"timestamp", "documentation":"

The date and time that a job to create a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" @@ -3694,13 +3938,16 @@ "IndexStatusMessage":{ "shape":"string", "documentation":"

A string in the form of a detailed message explaining the status of a backup index associated with the recovery point.

" + }, + "EncryptionKeyType":{ + "shape":"EncryptionKeyType", + "documentation":"

The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.

" } } }, "DescribeRegionSettingsInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeRegionSettingsOutput":{ "type":"structure", @@ -3784,6 +4031,14 @@ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, + "SourceResourceArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the original resource that was backed up. This provides context about what resource is being restored.

" + }, + "BackupVaultArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the backup vault containing the recovery point being restored. This helps identify vault access policies and permissions.

" + }, "CreationDate":{ "shape":"timestamp", "documentation":"

The date and time that a restore job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" @@ -3847,6 +4102,30 @@ "DeletionStatusMessage":{ "shape":"string", "documentation":"

This describes the restore job deletion status.

" + }, + "IsParent":{ + "shape":"boolean", + "documentation":"

This is a boolean value indicating whether the restore job is a parent (composite) restore job.

" + }, + "ParentJobId":{ + "shape":"string", + "documentation":"

This is the unique identifier of the parent restore job for the selected restore job.

" + } + } + }, + "DisassociateBackupVaultMpaApprovalTeamInput":{ + "type":"structure", + "required":["BackupVaultName"], + "members":{ + "BackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the backup vault from which to disassociate the MPA approval team.

", + "location":"uri", + "locationName":"backupVaultName" + }, + "RequesterComment":{ + "shape":"RequesterComment", + "documentation":"

An optional comment explaining the reason for disassociating the MPA approval team from the backup vault.

" } } }, @@ -3892,6 +4171,13 @@ } } }, + "EncryptionKeyType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KMS_KEY", + "CUSTOMER_MANAGED_KMS_KEY" + ] + }, "ExportBackupPlanTemplateInput":{ "type":"structure", "required":["BackupPlanId"], @@ -4041,6 +4327,12 @@ "documentation":"

Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.

", "location":"querystring", "locationName":"versionId" + }, + "MaxScheduledRunsPreview":{ + "shape":"MaxScheduledRunsPreview", + "documentation":"

Number of future scheduled backup runs to preview. When set to 0 (default), no scheduled runs preview is included in the response. Valid range is 0-10.

", + "location":"querystring", + "locationName":"MaxScheduledRunsPreview" } } }, @@ -4082,6 +4374,10 @@ "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", "documentation":"

Contains a list of BackupOptions for each resource type. The list is populated only if the advanced option is set for the backup plan.

" + }, + "ScheduledRunsPreview":{ + "shape":"ScheduledRunsPreview", + "documentation":"

List of upcoming scheduled backup runs. Only included when MaxScheduledRunsPreview parameter is greater than 0. Contains up to 10 future backup executions with their scheduled times, execution types, and associated rule IDs.

" } } }, @@ -4643,6 +4939,58 @@ "type":"list", "member":{"shape":"KeyValue"} }, + "LatestMpaApprovalTeamUpdate":{ + "type":"structure", + "members":{ + "MpaSessionArn":{ + "shape":"ARN", + "documentation":"

The ARN of the MPA session associated with this update.

" + }, + "Status":{ + "shape":"MpaSessionStatus", + "documentation":"

The current status of the MPA approval team update.

" + }, + "StatusMessage":{ + "shape":"string", + "documentation":"

A message describing the current status of the MPA approval team update.

" + }, + "InitiationDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the MPA approval team update was initiated.

" + }, + "ExpiryDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the MPA approval team update will expire.

" + } + }, + "documentation":"

Contains information about the latest update to an MPA approval team association.

" + }, + "LatestRevokeRequest":{ + "type":"structure", + "members":{ + "MpaSessionArn":{ + "shape":"string", + "documentation":"

The ARN of the MPA session associated with this revoke request.

" + }, + "Status":{ + "shape":"MpaRevokeSessionStatus", + "documentation":"

The current status of the revoke request.

" + }, + "StatusMessage":{ + "shape":"string", + "documentation":"

A message describing the current status of the revoke request.

" + }, + "InitiationDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the revoke request was initiated.

" + }, + "ExpiryDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the revoke request will expire.

" + } + }, + "documentation":"

Contains information about the latest request to revoke access to a backup vault.

" + }, "LegalHold":{ "type":"structure", "members":{ @@ -5667,6 +6015,43 @@ } } }, + "ListRestoreAccessBackupVaultsInput":{ + "type":"structure", + "required":["BackupVaultName"], + "members":{ + "BackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the backup vault for which to list associated restore access backup vaults.

", + "location":"uri", + "locationName":"backupVaultName" + }, + "NextToken":{ + "shape":"string", + "documentation":"

The pagination token from a previous request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of items to return in the response.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListRestoreAccessBackupVaultsOutput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"string", + "documentation":"

The pagination token to use in a subsequent request to retrieve the next set of results.

" + }, + "RestoreAccessBackupVaults":{ + "shape":"RestoreAccessBackupVaultList", + "documentation":"

A list of restore access backup vaults associated with the specified backup vault.

" + } + } + }, "ListRestoreJobSummariesInput":{ "type":"structure", "members":{ @@ -5842,6 +6227,12 @@ "documentation":"

This returns only restore testing jobs that match the specified resource Amazon Resource Name (ARN).

", "location":"querystring", "locationName":"restoreTestingPlanArn" + }, + "ByParentJobId":{ + "shape":"string", + "documentation":"

This is a filter to list child (nested) restore jobs based on parent restore job ID.

", + "location":"querystring", + "locationName":"parentJobId" } } }, @@ -5987,6 +6378,11 @@ "max":1000, "min":1 }, + "MaxScheduledRunsPreview":{ + "type":"integer", + "max":10, + "min":0 + }, "MessageCategory":{"type":"string"}, "Metadata":{ "type":"map", @@ -6013,6 +6409,21 @@ "documentation":"

Indicates that a required parameter is missing.

", "exception":true }, + "MpaRevokeSessionStatus":{ + "type":"string", + "enum":[ + "PENDING", + "FAILED" + ] + }, + "MpaSessionStatus":{ + "type":"string", + "enum":[ + "PENDING", + "APPROVED", + "FAILED" + ] + }, "ParameterName":{"type":"string"}, "ParameterValue":{"type":"string"}, "ProtectedResource":{ @@ -6123,7 +6534,7 @@ }, "BackupVaultEvents":{ "shape":"BackupVaultEvents", - "documentation":"

An array of events that indicate the status of jobs to back up resources to the backup vault.

For common use cases and code samples, see Using Amazon SNS to track Backup events.

The following events are supported:

  • BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED

  • COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED

  • RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED

  • S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED

The list below includes both supported events and deprecated events that are no longer in use (for reference). Deprecated events do not return statuses or notifications. Refer to the list above for the supported events.

" + "documentation":"

An array of events that indicate the status of jobs to back up resources to the backup vault. For the list of supported events, common use cases, and code samples, see Notification options with Backup.

" } } }, @@ -6197,6 +6608,10 @@ "shape":"timestamp", "documentation":"

The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" }, + "InitiationDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the backup job that created this recovery point was initiated, in Unix format and Coordinated Universal Time (UTC).

" + }, "CompletionDate":{ "shape":"timestamp", "documentation":"

The date and time a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" @@ -6252,6 +6667,10 @@ "IndexStatusMessage":{ "shape":"string", "documentation":"

A string in the form of a detailed message explaining the status of a backup index associated with the recovery point.

" + }, + "EncryptionKeyType":{ + "shape":"EncryptionKeyType", + "documentation":"

The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.

" } }, "documentation":"

Contains detailed information about the recovery points stored in a backup vault.

" @@ -6314,6 +6733,10 @@ "IndexStatusMessage":{ "shape":"string", "documentation":"

A string in the form of a detailed message explaining the status of a backup index associated with the recovery point.

" + }, + "EncryptionKeyType":{ + "shape":"EncryptionKeyType", + "documentation":"

The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.

" } }, "documentation":"

Contains detailed information about a saved recovery point.

" @@ -6333,6 +6756,10 @@ "shape":"ARN", "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.

" }, + "BackupPlanName":{ + "shape":"string", + "documentation":"

The name of the backup plan that created this recovery point. This provides human-readable context about which backup plan was responsible for the backup job.

" + }, "BackupPlanVersion":{ "shape":"string", "documentation":"

Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.

" @@ -6340,6 +6767,18 @@ "BackupRuleId":{ "shape":"string", "documentation":"

Uniquely identifies a rule used to schedule the backup of a selection of resources.

" + }, + "BackupRuleName":{ + "shape":"string", + "documentation":"

The name of the backup rule within the backup plan that created this recovery point. This helps identify which specific rule triggered the backup job.

" + }, + "BackupRuleCron":{ + "shape":"string", + "documentation":"

The cron expression that defines the schedule for the backup rule. This shows the frequency and timing of when backups are automatically triggered.

" + }, + "BackupRuleTimezone":{ + "shape":"string", + "documentation":"

The timezone used for the backup rule schedule. This provides context for when backups are scheduled to run in the specified timezone.

" } }, "documentation":"

Contains information about the backup plan and rule that Backup used to initiate the recovery point backup.

" @@ -6387,7 +6826,10 @@ "COMPLETED", "PARTIAL", "DELETING", - "EXPIRED" + "EXPIRED", + "AVAILABLE", + "STOPPED", + "CREATING" ] }, "RecoveryPointsList":{ @@ -6560,6 +7002,10 @@ }, "documentation":"

Contains detailed information about a report setting.

" }, + "RequesterComment":{ + "type":"string", + "sensitive":true + }, "ResourceArns":{ "type":"list", "member":{"shape":"ARN"} @@ -6607,6 +7053,36 @@ "type":"list", "member":{"shape":"ResourceType"} }, + "RestoreAccessBackupVaultList":{ + "type":"list", + "member":{"shape":"RestoreAccessBackupVaultListMember"} + }, + "RestoreAccessBackupVaultListMember":{ + "type":"structure", + "members":{ + "RestoreAccessBackupVaultArn":{ + "shape":"ARN", + "documentation":"

The ARN of the restore access backup vault.

" + }, + "CreationDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the restore access backup vault was created.

" + }, + "ApprovalDate":{ + "shape":"timestamp", + "documentation":"

The date and time when the restore access backup vault was approved.

" + }, + "VaultState":{ + "shape":"VaultState", + "documentation":"

The current state of the restore access backup vault.

" + }, + "LatestRevokeRequest":{ + "shape":"LatestRevokeRequest", + "documentation":"

Information about the latest request to revoke access to this backup vault.

" + } + }, + "documentation":"

Contains information about a restore access backup vault.

" + }, "RestoreDeletionStatus":{ "type":"string", "enum":[ @@ -6706,6 +7182,14 @@ "shape":"ARN", "documentation":"

An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, + "SourceResourceArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the original resource that was backed up. This provides context about what resource is being restored.

" + }, + "BackupVaultArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the backup vault containing the recovery point being restored. This helps identify vault access policies and permissions.

" + }, "CreationDate":{ "shape":"timestamp", "documentation":"

The date and time a restore job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" @@ -6750,6 +7234,14 @@ "shape":"timestamp", "documentation":"

The date on which a recovery point was created.

" }, + "IsParent":{ + "shape":"boolean", + "documentation":"

This is a boolean value indicating whether the restore job is a parent (composite) restore job.

" + }, + "ParentJobId":{ + "shape":"string", + "documentation":"

This is the unique identifier of the parent restore job for the selected restore job.

" + }, "CreatedBy":{ "shape":"RestoreJobCreator", "documentation":"

Contains identifying information about the creation of a restore job.

" @@ -6791,7 +7283,7 @@ }, "ScheduleExpression":{ "shape":"String", - "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed.

" + "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

" }, "ScheduleExpressionTimezone":{ "shape":"String", @@ -6844,7 +7336,7 @@ }, "ScheduleExpression":{ "shape":"String", - "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed.

" + "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

" }, "ScheduleExpressionTimezone":{ "shape":"String", @@ -6888,7 +7380,7 @@ }, "ScheduleExpression":{ "shape":"String", - "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed.

" + "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

" }, "ScheduleExpressionTimezone":{ "shape":"String", @@ -6910,7 +7402,7 @@ }, "ScheduleExpression":{ "shape":"String", - "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed.

" + "documentation":"

A CRON expression in specified timezone when a restore testing plan is executed. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).

" }, "ScheduleExpressionTimezone":{ "shape":"String", @@ -7001,11 +7493,11 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

" + "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" }, "ValidationWindowHours":{ "shape":"integer", - "documentation":"

This is amount of hours (1 to 168) available to run a validation script on the data. The data will be deleted upon the completion of the validation script or the end of the specified retention period, whichever comes first.

" + "documentation":"

This is amount of hours (0 to 168) available to run a validation script on the data. The data will be deleted upon the completion of the validation script or the end of the specified retention period, whichever comes first.

" } }, "documentation":"

This contains metadata about a specific restore testing selection.

ProtectedResourceType is required, such as Amazon EBS or Amazon EC2.

This consists of RestoreTestingSelectionName, ProtectedResourceType, and one of the following:

  • ProtectedResourceArns

  • ProtectedResourceConditions

Each protected resource type can have one single value.

A restore testing selection can include a wildcard value (\"*\") for ProtectedResourceArns along with ProtectedResourceConditions. Alternatively, you can include up to 30 specific protected resource ARNs in ProtectedResourceArns.

ProtectedResourceConditions examples include as StringEquals and StringNotEquals.

" @@ -7054,7 +7546,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

" + "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" }, "ValidationWindowHours":{ "shape":"integer", @@ -7091,7 +7583,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

Unique name of a restore testing selection.

" + "documentation":"

Unique name of a restore testing selection.

The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" }, "ValidationWindowHours":{ "shape":"integer", @@ -7139,6 +7631,63 @@ "VALIDATING" ] }, + "RevokeRestoreAccessBackupVaultInput":{ + "type":"structure", + "required":[ + "BackupVaultName", + "RestoreAccessBackupVaultArn" + ], + "members":{ + "BackupVaultName":{ + "shape":"BackupVaultName", + "documentation":"

The name of the source backup vault associated with the restore access backup vault to be revoked.

", + "location":"uri", + "locationName":"backupVaultName" + }, + "RestoreAccessBackupVaultArn":{ + "shape":"ARN", + "documentation":"

The ARN of the restore access backup vault to revoke.

", + "location":"uri", + "locationName":"restoreAccessBackupVaultArn" + }, + "RequesterComment":{ + "shape":"RequesterComment", + "documentation":"

A comment explaining the reason for revoking access to the restore access backup vault.

", + "location":"querystring", + "locationName":"requesterComment" + } + } + }, + "RuleExecutionType":{ + "type":"string", + "enum":[ + "CONTINUOUS", + "SNAPSHOTS", + "CONTINUOUS_AND_SNAPSHOTS" + ] + }, + "ScheduledPlanExecutionMember":{ + "type":"structure", + "members":{ + "ExecutionTime":{ + "shape":"timestamp", + "documentation":"

The timestamp when the backup is scheduled to run, in Unix format and Coordinated Universal Time (UTC). The value is accurate to milliseconds.

" + }, + "RuleId":{ + "shape":"string", + "documentation":"

The unique identifier of the backup rule that will execute at the scheduled time.

" + }, + "RuleExecutionType":{ + "shape":"RuleExecutionType", + "documentation":"

The type of backup rule execution. Valid values are CONTINUOUS (point-in-time recovery), SNAPSHOTS (snapshot backups), or CONTINUOUS_AND_SNAPSHOTS (both types combined).

" + } + }, + "documentation":"

Contains information about a scheduled backup plan execution, including the execution time, rule type, and associated rule identifier.

" + }, + "ScheduledRunsPreview":{ + "type":"list", + "member":{"shape":"ScheduledPlanExecutionMember"} + }, "SensitiveStringMap":{ "type":"map", "key":{"shape":"String"}, @@ -7185,7 +7734,8 @@ }, "IdempotencyToken":{ "shape":"string", - "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartBackupJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

" + "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartBackupJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

", + "idempotencyToken":true }, "StartWindowMinutes":{ "shape":"WindowMinutes", @@ -7261,7 +7811,8 @@ }, "IdempotencyToken":{ "shape":"string", - "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartCopyJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

" + "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartCopyJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

", + "idempotencyToken":true }, "Lifecycle":{"shape":"Lifecycle"} } @@ -7330,7 +7881,8 @@ }, "IdempotencyToken":{ "shape":"string", - "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartRestoreJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

" + "documentation":"

A customer-chosen string that you can use to distinguish between otherwise identical calls to StartRestoreJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.

", + "idempotencyToken":true }, "ResourceType":{ "shape":"ResourceType", @@ -7387,7 +7939,7 @@ "members":{ "ResourceArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.

ARNs that do not include backup are incompatible with tagging. TagResource and UntagResource with invalid ARNs will result in an error. Acceptable ARN content can include arn:aws:backup:us-east. Invalid ARN content may look like arn:aws:ec2:us-east.

", + "documentation":"

The ARN that uniquely identifies the resource.

", "location":"uri", "locationName":"resourceArn" }, @@ -7516,7 +8068,7 @@ "members":{ "GlobalSettings":{ "shape":"GlobalSettings", - "documentation":"

A value for isCrossAccountBackupEnabled and a Region. Example: update-global-settings --global-settings isCrossAccountBackupEnabled=false --region us-west-2.

" + "documentation":"

Inputs can include:

A value for isCrossAccountBackupEnabled and a Region. Example: update-global-settings --global-settings isCrossAccountBackupEnabled=false --region us-west-2.

A value for Multi-party approval, styled as \"Mpa\": isMpaEnabled. Values can be true or false. Example: update-global-settings --global-settings isMpaEnabled=false --region us-west-2.

" } } }, @@ -7796,7 +8348,8 @@ "type":"string", "enum":[ "BACKUP_VAULT", - "LOGICALLY_AIR_GAPPED_BACKUP_VAULT" + "LOGICALLY_AIR_GAPPED_BACKUP_VAULT", + "RESTORE_ACCESS_BACKUP_VAULT" ] }, "WindowMinutes":{"type":"long"}, diff -pruN 2.23.6-1/awscli/botocore/data/backup-gateway/2021-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/backup-gateway/2021-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/backup-gateway/2021-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backup-gateway/2021-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/backupsearch/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/backupsearch/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/backupsearch/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backupsearch/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ @@ -104,15 +104,8 @@ } ], "endpoint": { - "url": "https://backup-search-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "{PartitionResult#implicitGlobalRegion}" - } - ] - }, + "url": "https://backup-search-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, "headers": {} }, "type": "endpoint" @@ -120,15 +113,8 @@ { "conditions": [], "endpoint": { - "url": "https://backup-search.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingRegion": "{PartitionResult#implicitGlobalRegion}" - } - ] - }, + "url": "https://backup-search.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, "headers": {} }, "type": "endpoint" diff -pruN 2.23.6-1/awscli/botocore/data/backupsearch/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/backupsearch/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/backupsearch/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/backupsearch/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -149,6 +149,7 @@ "input":{"shape":"StartSearchJobInput"}, "output":{"shape":"StartSearchJobOutput"}, "errors":[ + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, @@ -1291,8 +1292,7 @@ }, "StopSearchJobOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{"type":"string"}, "StringCondition":{ @@ -1359,8 +1359,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ThrottlingException":{ "type":"structure", @@ -1447,8 +1446,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/batch/2016-08-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/batch/2016-08-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/batch/2016-08-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/batch/2016-08-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/batch/2016-08-10/paginators-1.json 2.31.35-1/awscli/botocore/data/batch/2016-08-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/batch/2016-08-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/batch/2016-08-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,30 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "schedulingPolicies" + }, + "ListConsumableResources": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "consumableResources" + }, + "ListJobsByConsumableResource": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "jobs" + }, + "DescribeServiceEnvironments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "serviceEnvironments" + }, + "ListServiceJobs": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "jobSummaryList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/batch/2016-08-10/service-2.json 2.31.35-1/awscli/botocore/data/batch/2016-08-10/service-2.json --- 2.23.6-1/awscli/botocore/data/batch/2016-08-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/batch/2016-08-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -40,7 +40,21 @@ {"shape":"ClientException"}, {"shape":"ServerException"} ], - "documentation":"

Creates an Batch compute environment. You can create MANAGED or UNMANAGED compute environments. MANAGED compute environments can use Amazon EC2 or Fargate resources. UNMANAGED compute environments can only use EC2 resources.

In a managed compute environment, Batch manages the capacity and instance types of the compute resources within the environment. This is based on the compute resource specification that you define or the launch template that you specify when you create the compute environment. Either, you can choose to use EC2 On-Demand Instances and EC2 Spot Instances. Or, you can use Fargate and Fargate Spot capacity in your managed compute environment. You can optionally set a maximum price so that Spot Instances only launch when the Spot Instance price is less than a specified percentage of the On-Demand price.

Multi-node parallel jobs aren't supported on Spot Instances.

In an unmanaged compute environment, you can manage your own EC2 compute resources and have flexibility with how you configure your compute resources. For example, you can use custom AMIs. However, you must verify that each of your AMIs meet the Amazon ECS container instance AMI specification. For more information, see container instance AMIs in the Amazon Elastic Container Service Developer Guide. After you created your unmanaged compute environment, you can use the DescribeComputeEnvironments operation to find the Amazon ECS cluster that's associated with it. Then, launch your container instances into that Amazon ECS cluster. For more information, see Launching an Amazon ECS container instance in the Amazon Elastic Container Service Developer Guide.

To create a compute environment that uses EKS resources, the caller must have permissions to call eks:DescribeCluster.

Batch doesn't automatically upgrade the AMIs in a compute environment after it's created. For example, it also doesn't update the AMIs in your compute environment when a newer version of the Amazon ECS optimized AMI is available. You're responsible for the management of the guest operating system. This includes any updates and security patches. You're also responsible for any additional application software or utilities that you install on the compute resources. There are two ways to use a new AMI for your Batch jobs. The original method is to complete these steps:

  1. Create a new compute environment with the new AMI.

  2. Add the compute environment to an existing job queue.

  3. Remove the earlier compute environment from your job queue.

  4. Delete the earlier compute environment.

In April 2022, Batch added enhanced support for updating compute environments. For more information, see Updating compute environments. To use the enhanced updating of compute environments to update AMIs, follow these rules:

  • Either don't set the service role (serviceRole) parameter or set it to the AWSBatchServiceRole service-linked role.

  • Set the allocation strategy (allocationStrategy) parameter to BEST_FIT_PROGRESSIVE, SPOT_CAPACITY_OPTIMIZED, or SPOT_PRICE_CAPACITY_OPTIMIZED.

  • Set the update to latest image version (updateToLatestImageVersion) parameter to true. The updateToLatestImageVersion parameter is used when you update a compute environment. This parameter is ignored when you create a compute environment.

  • Don't specify an AMI ID in imageId, imageIdOverride (in ec2Configuration ), or in the launch template (launchTemplate). In that case, Batch selects the latest Amazon ECS optimized AMI that's supported by Batch at the time the infrastructure update is initiated. Alternatively, you can specify the AMI ID in the imageId or imageIdOverride parameters, or the launch template identified by the LaunchTemplate properties. Changing any of these properties starts an infrastructure update. If the AMI ID is specified in the launch template, it can't be replaced by specifying an AMI ID in either the imageId or imageIdOverride parameters. It can only be replaced by specifying a different launch template, or if the launch template version is set to $Default or $Latest, by setting either a new default version for the launch template (if $Default) or by adding a new version to the launch template (if $Latest).

If these rules are followed, any update that starts an infrastructure update causes the AMI ID to be re-selected. If the version setting in the launch template (launchTemplate) is set to $Latest or $Default, the latest or default version of the launch template is evaluated up at the time of the infrastructure update, even if the launchTemplate wasn't updated.

" + "documentation":"

Creates an Batch compute environment. You can create MANAGED or UNMANAGED compute environments. MANAGED compute environments can use Amazon EC2 or Fargate resources. UNMANAGED compute environments can only use EC2 resources.

In a managed compute environment, Batch manages the capacity and instance types of the compute resources within the environment. This is based on the compute resource specification that you define or the launch template that you specify when you create the compute environment. Either, you can choose to use EC2 On-Demand Instances and EC2 Spot Instances. Or, you can use Fargate and Fargate Spot capacity in your managed compute environment. You can optionally set a maximum price so that Spot Instances only launch when the Spot Instance price is less than a specified percentage of the On-Demand price.

In an unmanaged compute environment, you can manage your own EC2 compute resources and have flexibility with how you configure your compute resources. For example, you can use custom AMIs. However, you must verify that each of your AMIs meet the Amazon ECS container instance AMI specification. For more information, see container instance AMIs in the Amazon Elastic Container Service Developer Guide. After you created your unmanaged compute environment, you can use the DescribeComputeEnvironments operation to find the Amazon ECS cluster that's associated with it. Then, launch your container instances into that Amazon ECS cluster. For more information, see Launching an Amazon ECS container instance in the Amazon Elastic Container Service Developer Guide.

Batch doesn't automatically upgrade the AMIs in a compute environment after it's created. For more information on how to update a compute environment's AMI, see Updating compute environments in the Batch User Guide.

" + }, + "CreateConsumableResource":{ + "name":"CreateConsumableResource", + "http":{ + "method":"POST", + "requestUri":"/v1/createconsumableresource" + }, + "input":{"shape":"CreateConsumableResourceRequest"}, + "output":{"shape":"CreateConsumableResourceResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Creates an Batch consumable resource.

" }, "CreateJobQueue":{ "name":"CreateJobQueue", @@ -70,6 +84,20 @@ ], "documentation":"

Creates an Batch scheduling policy.

" }, + "CreateServiceEnvironment":{ + "name":"CreateServiceEnvironment", + "http":{ + "method":"POST", + "requestUri":"/v1/createserviceenvironment" + }, + "input":{"shape":"CreateServiceEnvironmentRequest"}, + "output":{"shape":"CreateServiceEnvironmentResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Creates a service environment for running service jobs. Service environments define capacity limits for specific service types such as SageMaker Training jobs.

" + }, "DeleteComputeEnvironment":{ "name":"DeleteComputeEnvironment", "http":{ @@ -84,6 +112,20 @@ ], "documentation":"

Deletes an Batch compute environment.

Before you can delete a compute environment, you must set its state to DISABLED with the UpdateComputeEnvironment API operation and disassociate it from any job queues with the UpdateJobQueue API operation. Compute environments that use Fargate resources must terminate all active jobs on that compute environment before deleting the compute environment. If this isn't done, the compute environment enters an invalid state.

" }, + "DeleteConsumableResource":{ + "name":"DeleteConsumableResource", + "http":{ + "method":"POST", + "requestUri":"/v1/deleteconsumableresource" + }, + "input":{"shape":"DeleteConsumableResourceRequest"}, + "output":{"shape":"DeleteConsumableResourceResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Deletes the specified consumable resource.

" + }, "DeleteJobQueue":{ "name":"DeleteJobQueue", "http":{ @@ -112,6 +154,20 @@ ], "documentation":"

Deletes the specified scheduling policy.

You can't delete a scheduling policy that's used in any job queues.

" }, + "DeleteServiceEnvironment":{ + "name":"DeleteServiceEnvironment", + "http":{ + "method":"POST", + "requestUri":"/v1/deleteserviceenvironment" + }, + "input":{"shape":"DeleteServiceEnvironmentRequest"}, + "output":{"shape":"DeleteServiceEnvironmentResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Deletes a Service environment. Before you can delete a service environment, you must first set its state to DISABLED with the UpdateServiceEnvironment API operation and disassociate it from any job queues with the UpdateJobQueue API operation.

" + }, "DeregisterJobDefinition":{ "name":"DeregisterJobDefinition", "http":{ @@ -140,6 +196,20 @@ ], "documentation":"

Describes one or more of your compute environments.

If you're using an unmanaged compute environment, you can use the DescribeComputeEnvironment operation to determine the ecsClusterArn that you launch your Amazon ECS container instances into.

" }, + "DescribeConsumableResource":{ + "name":"DescribeConsumableResource", + "http":{ + "method":"POST", + "requestUri":"/v1/describeconsumableresource" + }, + "input":{"shape":"DescribeConsumableResourceRequest"}, + "output":{"shape":"DescribeConsumableResourceResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Returns a description of the specified consumable resource.

" + }, "DescribeJobDefinitions":{ "name":"DescribeJobDefinitions", "http":{ @@ -196,6 +266,34 @@ ], "documentation":"

Describes one or more of your scheduling policies.

" }, + "DescribeServiceEnvironments":{ + "name":"DescribeServiceEnvironments", + "http":{ + "method":"POST", + "requestUri":"/v1/describeserviceenvironments" + }, + "input":{"shape":"DescribeServiceEnvironmentsRequest"}, + "output":{"shape":"DescribeServiceEnvironmentsResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Describes one or more of your service environments.

" + }, + "DescribeServiceJob":{ + "name":"DescribeServiceJob", + "http":{ + "method":"POST", + "requestUri":"/v1/describeservicejob" + }, + "input":{"shape":"DescribeServiceJobRequest"}, + "output":{"shape":"DescribeServiceJobResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

The details of a service job.

" + }, "GetJobQueueSnapshot":{ "name":"GetJobQueueSnapshot", "http":{ @@ -210,6 +308,20 @@ ], "documentation":"

Provides a list of the first 100 RUNNABLE jobs associated to a single job queue.

" }, + "ListConsumableResources":{ + "name":"ListConsumableResources", + "http":{ + "method":"POST", + "requestUri":"/v1/listconsumableresources" + }, + "input":{"shape":"ListConsumableResourcesRequest"}, + "output":{"shape":"ListConsumableResourcesResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Returns a list of Batch consumable resources.

" + }, "ListJobs":{ "name":"ListJobs", "http":{ @@ -224,6 +336,20 @@ ], "documentation":"

Returns a list of Batch jobs.

You must specify only one of the following items:

  • A job queue ID to return a list of jobs in that job queue

  • A multi-node parallel job ID to return a list of nodes for that job

  • An array job ID to return a list of the children for that job

You can filter the results by job status with the jobStatus parameter. If you don't specify a status, only RUNNING jobs are returned.

" }, + "ListJobsByConsumableResource":{ + "name":"ListJobsByConsumableResource", + "http":{ + "method":"POST", + "requestUri":"/v1/listjobsbyconsumableresource" + }, + "input":{"shape":"ListJobsByConsumableResourceRequest"}, + "output":{"shape":"ListJobsByConsumableResourceResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Returns a list of Batch jobs that require a specific consumable resource.

" + }, "ListSchedulingPolicies":{ "name":"ListSchedulingPolicies", "http":{ @@ -238,6 +364,20 @@ ], "documentation":"

Returns a list of Batch scheduling policies.

" }, + "ListServiceJobs":{ + "name":"ListServiceJobs", + "http":{ + "method":"POST", + "requestUri":"/v1/listservicejobs" + }, + "input":{"shape":"ListServiceJobsRequest"}, + "output":{"shape":"ListServiceJobsResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Returns a list of service jobs for a specified job queue.

" + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -278,7 +418,21 @@ {"shape":"ClientException"}, {"shape":"ServerException"} ], - "documentation":"

Submits an Batch job from a job definition. Parameters that are specified during SubmitJob override parameters defined in the job definition. vCPU and memory requirements that are specified in the resourceRequirements objects in the job definition are the exception. They can't be overridden this way using the memory and vcpus parameters. Rather, you must specify updates to job definition parameters in a resourceRequirements object that's included in the containerOverrides parameter.

Job queues with a scheduling policy are limited to 500 active fair share identifiers at a time.

Jobs that run on Fargate resources can't be guaranteed to run for more than 14 days. This is because, after 14 days, Fargate resources might become unavailable and job might be terminated.

" + "documentation":"

Submits an Batch job from a job definition. Parameters that are specified during SubmitJob override parameters defined in the job definition. vCPU and memory requirements that are specified in the resourceRequirements objects in the job definition are the exception. They can't be overridden this way using the memory and vcpus parameters. Rather, you must specify updates to job definition parameters in a resourceRequirements object that's included in the containerOverrides parameter.

Job queues with a scheduling policy are limited to 500 active share identifiers at a time.

Jobs that run on Fargate resources can't be guaranteed to run for more than 14 days. This is because, after 14 days, Fargate resources might become unavailable and job might be terminated.

" + }, + "SubmitServiceJob":{ + "name":"SubmitServiceJob", + "http":{ + "method":"POST", + "requestUri":"/v1/submitservicejob" + }, + "input":{"shape":"SubmitServiceJobRequest"}, + "output":{"shape":"SubmitServiceJobResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Submits a service job to a specified job queue to run on SageMaker AI. A service job is a unit of work that you submit to Batch for execution on SageMaker AI.

" }, "TagResource":{ "name":"TagResource", @@ -308,6 +462,20 @@ ], "documentation":"

Terminates a job in a job queue. Jobs that are in the STARTING or RUNNING state are terminated, which causes them to transition to FAILED. Jobs that have not progressed to the STARTING state are cancelled.

" }, + "TerminateServiceJob":{ + "name":"TerminateServiceJob", + "http":{ + "method":"POST", + "requestUri":"/v1/terminateservicejob" + }, + "input":{"shape":"TerminateServiceJobRequest"}, + "output":{"shape":"TerminateServiceJobResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Terminates a service job in a job queue.

" + }, "UntagResource":{ "name":"UntagResource", "http":{ @@ -336,6 +504,20 @@ ], "documentation":"

Updates an Batch compute environment.

" }, + "UpdateConsumableResource":{ + "name":"UpdateConsumableResource", + "http":{ + "method":"POST", + "requestUri":"/v1/updateconsumableresource" + }, + "input":{"shape":"UpdateConsumableResourceRequest"}, + "output":{"shape":"UpdateConsumableResourceResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Updates a consumable resource.

" + }, "UpdateJobQueue":{ "name":"UpdateJobQueue", "http":{ @@ -363,6 +545,20 @@ {"shape":"ServerException"} ], "documentation":"

Updates a scheduling policy.

" + }, + "UpdateServiceEnvironment":{ + "name":"UpdateServiceEnvironment", + "http":{ + "method":"POST", + "requestUri":"/v1/updateserviceenvironment" + }, + "input":{"shape":"UpdateServiceEnvironmentRequest"}, + "output":{"shape":"UpdateServiceEnvironmentResponse"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServerException"} + ], + "documentation":"

Updates a service environment. You can update the state of a service environment from ENABLED to DISABLED to prevent new service jobs from being placed in the service environment.

" } }, "shapes":{ @@ -603,8 +799,25 @@ }, "CancelJobResponse":{ "type":"structure", + "members":{} + }, + "CapacityLimit":{ + "type":"structure", "members":{ - } + "maxCapacity":{ + "shape":"Integer", + "documentation":"

The maximum capacity available for the service environment. This value represents the maximum amount of resources that can be allocated to service jobs.

For example, maxCapacity=50, capacityUnit=NUM_INSTANCES. This indicates that the maximum number of instances that can be run on this service environment is 50. You could then run 5 SageMaker Training jobs that each use 10 instances. However, if you submit another job that requires 10 instances, it will wait in the queue.

" + }, + "capacityUnit":{ + "shape":"String", + "documentation":"

The unit of measure for the capacity limit. This defines how the maxCapacity value should be interpreted. For SAGEMAKER_TRAINING jobs, use NUM_INSTANCES.

" + } + }, + "documentation":"

Defines the capacity limit for a service environment. This structure specifies the maximum amount of resources that can be used by service jobs in the environment.

" + }, + "CapacityLimits":{ + "type":"list", + "member":{"shape":"CapacityLimit"} }, "ClientException":{ "type":"structure", @@ -615,6 +828,11 @@ "error":{"httpStatusCode":400}, "exception":true }, + "ClientRequestToken":{ + "type":"string", + "max":64, + "min":1 + }, "ComputeEnvironmentDetail":{ "type":"structure", "required":[ @@ -725,7 +943,7 @@ "members":{ "type":{ "shape":"CRType", - "documentation":"

The type of compute environment: EC2, SPOT, FARGATE, or FARGATE_SPOT. For more information, see Compute environments in the Batch User Guide.

If you choose SPOT, you must also specify an Amazon EC2 Spot Fleet role with the spotIamFleetRole parameter. For more information, see Amazon EC2 spot fleet role in the Batch User Guide.

" + "documentation":"

The type of compute environment: EC2, SPOT, FARGATE, or FARGATE_SPOT. For more information, see Compute environments in the Batch User Guide.

If you choose SPOT, you must also specify an Amazon EC2 Spot Fleet role with the spotIamFleetRole parameter. For more information, see Amazon EC2 spot fleet role in the Batch User Guide.

Multi-node parallel jobs aren't supported on Spot Instances.

" }, "allocationStrategy":{ "shape":"CRAllocationStrategy", @@ -745,7 +963,7 @@ }, "instanceTypes":{ "shape":"StringList", - "documentation":"

The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, c5 or p3), or you can specify specific sizes within a family (such as c5.8xlarge). You can also choose optimal to select instance types (from the C4, M4, and R4 instance families) that match the demand of your job queues.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment.

Currently, optimal uses instance types from the C4, M4, and R4 instance families. In Regions that don't have instance types from those instance families, instance types from the C5, M5, and R5 instance families are used.

" + "documentation":"

The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, c5 or p3), or you can specify specific sizes within a family (such as c5.8xlarge).

Batch can select the instance type for you if you choose one of the following:

  • optimal to select instance types (from the c4, m4, r4, c5, m5, and r5 instance families) that match the demand of your job queues.

  • default_x86_64 to choose x86 based instance types (from the m6i, c6i, r6i, and c7i instance families) that matches the resource demands of the job queue.

  • default_arm64 to choose ARM based instance types (from the m6g, c6g, r6g, and c7g instance families) that matches the resource demands of the job queue.

Starting on 11/01/2025 the behavior of optimal is going to be changed to match default_x86_64. During the change your instance families could be updated to a newer generation. You do not need to perform any actions for the upgrade to happen. For more information about change, see Optimal instance type configuration to receive automatic instance family updates.

Instance family availability varies by Amazon Web Services Region. For example, some Amazon Web Services Regions may not have any fourth generation instance families but have fifth and sixth generation instance families.

When using default_x86_64 or default_arm64 instance bundles, Batch selects instance families based on a balance of cost-effectiveness and performance. While newer generation instances often provide better price-performance, Batch may choose an earlier generation instance family if it provides the optimal combination of availability, cost, and performance for your workload. For example, in an Amazon Web Services Region where both c6i and c7i instances are available, Batch might select c6i instances if they offer better cost-effectiveness for your specific job requirements. For more information on Batch instance types and Amazon Web Services Region availability, see Instance type compute table in the Batch User Guide.

Batch periodically updates your instances in default bundles to newer, more cost-effective options. Updates happen automatically without requiring any action from you. Your workloads continue running during updates with no interruption

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment.

" }, "imageId":{ "shape":"String", @@ -771,7 +989,7 @@ }, "tags":{ "shape":"TagsMap", - "documentation":"

Key-value pair tags to be applied to Amazon EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value-for example, { \"Name\": \"Batch Instance - C4OnDemand\" }. This is helpful for recognizing your Batch instances in the Amazon EC2 console. Updating these tags requires an infrastructure update to the compute environment. For more information, see Updating compute environments in the Batch User Guide. These tags aren't seen when using the Batch ListTagsForResource API operation.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

" + "documentation":"

Key-value pair tags to be applied to Amazon EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value (for example, { \"Name\": \"Batch Instance - C4OnDemand\" }). This is helpful for recognizing your Batch instances in the Amazon EC2 console. Updating these tags requires an infrastructure update to the compute environment. For more information, see Updating compute environments in the Batch User Guide. These tags aren't seen when using the Batch ListTagsForResource API operation.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

" }, "placementGroup":{ "shape":"String", @@ -825,7 +1043,7 @@ }, "instanceTypes":{ "shape":"StringList", - "documentation":"

The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, c5 or p3), or you can specify specific sizes within a family (such as c5.8xlarge). You can also choose optimal to select instance types (from the C4, M4, and R4 instance families) that match the demand of your job queues.

When updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see Updating compute environments in the Batch User Guide.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment.

Currently, optimal uses instance types from the C4, M4, and R4 instance families. In Regions that don't have instance types from those instance families, instance types from the C5, M5, and R5 instance families are used.

" + "documentation":"

The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, c5 or p3), or you can specify specific sizes within a family (such as c5.8xlarge).

Batch can select the instance type for you if you choose one of the following:

  • optimal to select instance types (from the c4, m4, r4, c5, m5, and r5 instance families) that match the demand of your job queues.

  • default_x86_64 to choose x86 based instance types (from the m6i, c6i, r6i, and c7i instance families) that matches the resource demands of the job queue.

  • default_arm64 to choose x86 based instance types (from the m6g, c6g, r6g, and c7g instance families) that matches the resource demands of the job queue.

Starting on 11/01/2025 the behavior of optimal is going to be changed to match default_x86_64. During the change your instance families could be updated to a newer generation. You do not need to perform any actions for the upgrade to happen. For more information about change, see Optimal instance type configuration to receive automatic instance family updates.

Instance family availability varies by Amazon Web Services Region. For example, some Amazon Web Services Regions may not have any fourth generation instance families but have fifth and sixth generation instance families.

When using default_x86_64 or default_arm64 instance bundles, Batch selects instance families based on a balance of cost-effectiveness and performance. While newer generation instances often provide better price-performance, Batch may choose an earlier generation instance family if it provides the optimal combination of availability, cost, and performance for your workload. For example, in an Amazon Web Services Region where both c6i and c7i instances are available, Batch might select c6i instances if they offer better cost-effectiveness for your specific job requirements. For more information on Batch instance types and Amazon Web Services Region availability, see Instance type compute table in the Batch User Guide.

Batch periodically updates your instances in default bundles to newer, more cost-effective options. Updates happen automatically without requiring any action from you. Your workloads continue running during updates with no interruption

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment.

" }, "ec2KeyPair":{ "shape":"String", @@ -837,7 +1055,7 @@ }, "tags":{ "shape":"TagsMap", - "documentation":"

Key-value pair tags to be applied to Amazon EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value-for example, { \"Name\": \"Batch Instance - C4OnDemand\" }. This is helpful for recognizing your Batch instances in the Amazon EC2 console. These tags aren't seen when using the Batch ListTagsForResource API operation.

When updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see Updating compute environments in the Batch User Guide.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

" + "documentation":"

Key-value pair tags to be applied to Amazon EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value (for example, { \"Name\": \"Batch Instance - C4OnDemand\" }). This is helpful for recognizing your Batch instances in the Amazon EC2 console. These tags aren't seen when using the Batch ListTagsForResource API operation.

When updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see Updating compute environments in the Batch User Guide.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it.

" }, "placementGroup":{ "shape":"String", @@ -870,6 +1088,68 @@ }, "documentation":"

An object that represents the attributes of a compute environment that can be updated. For more information, see Updating compute environments in the Batch User Guide.

" }, + "ConsumableResourceList":{ + "type":"list", + "member":{"shape":"ConsumableResourceRequirement"} + }, + "ConsumableResourceProperties":{ + "type":"structure", + "members":{ + "consumableResourceList":{ + "shape":"ConsumableResourceList", + "documentation":"

The list of consumable resources required by a job.

" + } + }, + "documentation":"

Contains a list of consumable resources required by a job.

" + }, + "ConsumableResourceRequirement":{ + "type":"structure", + "members":{ + "consumableResource":{ + "shape":"String", + "documentation":"

The name or ARN of the consumable resource.

" + }, + "quantity":{ + "shape":"Long", + "documentation":"

The quantity of the consumable resource that is needed.

" + } + }, + "documentation":"

Information about a consumable resource required to run a job.

" + }, + "ConsumableResourceSummary":{ + "type":"structure", + "required":[ + "consumableResourceArn", + "consumableResourceName" + ], + "members":{ + "consumableResourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the consumable resource.

" + }, + "consumableResourceName":{ + "shape":"String", + "documentation":"

The name of the consumable resource.

" + }, + "totalQuantity":{ + "shape":"Long", + "documentation":"

The total amount of the consumable resource that is available.

" + }, + "inUseQuantity":{ + "shape":"Long", + "documentation":"

The amount of the consumable resource that is currently in use.

" + }, + "resourceType":{ + "shape":"String", + "documentation":"

Indicates whether the resource is available to be re-used after a job completes. Can be one of:

  • REPLENISHABLE

  • NON_REPLENISHABLE

" + } + }, + "documentation":"

Current information about a consumable resource.

" + }, + "ConsumableResourceSummaryList":{ + "type":"list", + "member":{"shape":"ConsumableResourceSummary"} + }, "ContainerDetail":{ "type":"structure", "members":{ @@ -988,6 +1268,10 @@ "repositoryCredentials":{ "shape":"RepositoryCredentials", "documentation":"

The private repository authentication credentials to use.

" + }, + "enableExecuteCommand":{ + "shape":"Boolean", + "documentation":"

Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task.

" } }, "documentation":"

An object that represents the details of a container that's part of a job.

" @@ -1113,6 +1397,10 @@ "shape":"FargatePlatformConfiguration", "documentation":"

The platform configuration for jobs that are running on Fargate resources. Jobs that are running on Amazon EC2 resources must not specify this parameter.

" }, + "enableExecuteCommand":{ + "shape":"Boolean", + "documentation":"

Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task.

" + }, "ephemeralStorage":{ "shape":"EphemeralStorage", "documentation":"

The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate.

" @@ -1163,7 +1451,7 @@ }, "unmanagedvCpus":{ "shape":"Integer", - "documentation":"

The maximum number of vCPUs for an unmanaged compute environment. This parameter is only used for fair share scheduling to reserve vCPU capacity for new share identifiers. If this parameter isn't provided for a fair share job queue, no vCPU capacity is reserved.

This parameter is only supported when the type parameter is set to UNMANAGED.

" + "documentation":"

The maximum number of vCPUs for an unmanaged compute environment. This parameter is only used for fair-share scheduling to reserve vCPU capacity for new share identifiers. If this parameter isn't provided for a fair-share job queue, no vCPU capacity is reserved.

This parameter is only supported when the type parameter is set to UNMANAGED.

" }, "computeResources":{ "shape":"ComputeResource", @@ -1179,7 +1467,7 @@ }, "eksConfiguration":{ "shape":"EksConfiguration", - "documentation":"

The details for the Amazon EKS cluster that supports the compute environment.

" + "documentation":"

The details for the Amazon EKS cluster that supports the compute environment.

To create a compute environment that uses EKS resources, the caller must have permissions to call eks:DescribeCluster.

" }, "context":{ "shape":"String", @@ -1201,12 +1489,50 @@ } } }, + "CreateConsumableResourceRequest":{ + "type":"structure", + "required":["consumableResourceName"], + "members":{ + "consumableResourceName":{ + "shape":"String", + "documentation":"

The name of the consumable resource. Must be unique.

" + }, + "totalQuantity":{ + "shape":"Long", + "documentation":"

The total amount of the consumable resource that is available. Must be non-negative.

" + }, + "resourceType":{ + "shape":"String", + "documentation":"

Indicates whether the resource is available to be re-used after a job completes. Can be one of:

  • REPLENISHABLE (default)

  • NON_REPLENISHABLE

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags that you apply to the consumable resource to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + } + } + }, + "CreateConsumableResourceResponse":{ + "type":"structure", + "required":[ + "consumableResourceName", + "consumableResourceArn" + ], + "members":{ + "consumableResourceName":{ + "shape":"String", + "documentation":"

The name of the consumable resource.

" + }, + "consumableResourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the consumable resource.

" + } + } + }, "CreateJobQueueRequest":{ "type":"structure", "required":[ "jobQueueName", - "priority", - "computeEnvironmentOrder" + "priority" ], "members":{ "jobQueueName":{ @@ -1219,7 +1545,7 @@ }, "schedulingPolicyArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the fair share scheduling policy. Job queues that don't have a scheduling policy are scheduled in a first-in, first-out (FIFO) model. After a job queue has a scheduling policy, it can be replaced but can't be removed.

The format is aws:Partition:batch:Region:Account:scheduling-policy/Name .

An example is aws:aws:batch:us-west-2:123456789012:scheduling-policy/MySchedulingPolicy.

A job queue without a scheduling policy is scheduled as a FIFO job queue and can't have a scheduling policy added. Jobs queues with a scheduling policy can have a maximum of 500 active fair share identifiers. When the limit has been reached, submissions of any jobs that add a new fair share identifier fail.

" + "documentation":"

The Amazon Resource Name (ARN) of the fair-share scheduling policy. Job queues that don't have a fair-share scheduling policy are scheduled in a first-in, first-out (FIFO) model. After a job queue has a fair-share scheduling policy, it can be replaced but can't be removed.

The format is aws:Partition:batch:Region:Account:scheduling-policy/Name .

An example is aws:aws:batch:us-west-2:123456789012:scheduling-policy/MySchedulingPolicy.

A job queue without a fair-share scheduling policy is scheduled as a FIFO job queue and can't have a fair-share scheduling policy added. Jobs queues with a fair-share scheduling policy can have a maximum of 500 active share identifiers. When the limit has been reached, submissions of any jobs that add a new share identifier fail.

" }, "priority":{ "shape":"Integer", @@ -1229,6 +1555,14 @@ "shape":"ComputeEnvironmentOrders", "documentation":"

The set of compute environments mapped to a job queue and their order relative to each other. The job scheduler uses this parameter to determine which compute environment runs a specific job. Compute environments must be in the VALID state before you can associate them with a job queue. You can associate up to three compute environments with a job queue. All of the compute environments must be either EC2 (EC2 or SPOT) or Fargate (FARGATE or FARGATE_SPOT); EC2 and Fargate compute environments can't be mixed.

All compute environments that are associated with a job queue must share the same architecture. Batch doesn't support mixing compute environment architecture types in a single job queue.

" }, + "serviceEnvironmentOrder":{ + "shape":"ServiceEnvironmentOrders", + "documentation":"

A list of service environments that this job queue can use to allocate jobs. All serviceEnvironments must have the same type. A job queue can't have both a serviceEnvironmentOrder and a computeEnvironmentOrder field.

" + }, + "jobQueueType":{ + "shape":"JobQueueType", + "documentation":"

The type of job queue. For service jobs that run on SageMaker Training, this value is SAGEMAKER_TRAINING. For regular container jobs, this value is EKS, ECS, or ECS_FARGATE depending on the compute environment.

" + }, "tags":{ "shape":"TagrisTagsMap", "documentation":"

The tags that you apply to the job queue to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources in Batch User Guide.

" @@ -1263,11 +1597,11 @@ "members":{ "name":{ "shape":"String", - "documentation":"

The name of the scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).

" + "documentation":"

The name of the fair-share scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).

" }, "fairsharePolicy":{ "shape":"FairsharePolicy", - "documentation":"

The fair share policy of the scheduling policy.

" + "documentation":"

The fair-share scheduling policy details.

" }, "tags":{ "shape":"TagrisTagsMap", @@ -1293,6 +1627,53 @@ } } }, + "CreateServiceEnvironmentRequest":{ + "type":"structure", + "required":[ + "serviceEnvironmentName", + "serviceEnvironmentType", + "capacityLimits" + ], + "members":{ + "serviceEnvironmentName":{ + "shape":"String", + "documentation":"

The name for the service environment. It can be up to 128 characters long and can contain letters, numbers, hyphens (-), and underscores (_).

" + }, + "serviceEnvironmentType":{ + "shape":"ServiceEnvironmentType", + "documentation":"

The type of service environment. For SageMaker Training jobs, specify SAGEMAKER_TRAINING.

" + }, + "state":{ + "shape":"ServiceEnvironmentState", + "documentation":"

The state of the service environment. Valid values are ENABLED and DISABLED. The default value is ENABLED.

" + }, + "capacityLimits":{ + "shape":"CapacityLimits", + "documentation":"

The capacity limits for the service environment. The number of instances a job consumes is the total number of instances requested in the submit training job request resource configuration.

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags that you apply to the service environment to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + } + } + }, + "CreateServiceEnvironmentResponse":{ + "type":"structure", + "required":[ + "serviceEnvironmentName", + "serviceEnvironmentArn" + ], + "members":{ + "serviceEnvironmentName":{ + "shape":"String", + "documentation":"

The name of the service environment.

" + }, + "serviceEnvironmentArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the service environment.

" + } + } + }, "DeleteComputeEnvironmentRequest":{ "type":"structure", "required":["computeEnvironment"], @@ -1306,9 +1687,22 @@ }, "DeleteComputeEnvironmentResponse":{ "type":"structure", + "members":{} + }, + "DeleteConsumableResourceRequest":{ + "type":"structure", + "required":["consumableResource"], "members":{ + "consumableResource":{ + "shape":"String", + "documentation":"

The name or ARN of the consumable resource that will be deleted.

" + } } }, + "DeleteConsumableResourceResponse":{ + "type":"structure", + "members":{} + }, "DeleteJobQueueRequest":{ "type":"structure", "required":["jobQueue"], @@ -1322,8 +1716,7 @@ }, "DeleteJobQueueResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSchedulingPolicyRequest":{ "type":"structure", @@ -1338,9 +1731,22 @@ }, "DeleteSchedulingPolicyResponse":{ "type":"structure", + "members":{} + }, + "DeleteServiceEnvironmentRequest":{ + "type":"structure", + "required":["serviceEnvironment"], "members":{ + "serviceEnvironment":{ + "shape":"String", + "documentation":"

The name or ARN of the service environment to delete.

" + } } }, + "DeleteServiceEnvironmentResponse":{ + "type":"structure", + "members":{} + }, "DeregisterJobDefinitionRequest":{ "type":"structure", "required":["jobDefinition"], @@ -1353,8 +1759,7 @@ }, "DeregisterJobDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeComputeEnvironmentsRequest":{ "type":"structure", @@ -1387,6 +1792,57 @@ } } }, + "DescribeConsumableResourceRequest":{ + "type":"structure", + "required":["consumableResource"], + "members":{ + "consumableResource":{ + "shape":"String", + "documentation":"

The name or ARN of the consumable resource whose description will be returned.

" + } + } + }, + "DescribeConsumableResourceResponse":{ + "type":"structure", + "required":[ + "consumableResourceName", + "consumableResourceArn" + ], + "members":{ + "consumableResourceName":{ + "shape":"String", + "documentation":"

The name of the consumable resource.

" + }, + "consumableResourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the consumable resource.

" + }, + "totalQuantity":{ + "shape":"Long", + "documentation":"

The total amount of the consumable resource that is available.

" + }, + "inUseQuantity":{ + "shape":"Long", + "documentation":"

The amount of the consumable resource that is currently in use.

" + }, + "availableQuantity":{ + "shape":"Long", + "documentation":"

The amount of the consumable resource that is currently available to use.

" + }, + "resourceType":{ + "shape":"String", + "documentation":"

Indicates whether the resource is available to be re-used after a job completes. Can be one of:

  • REPLENISHABLE

  • NON_REPLENISHABLE

" + }, + "createdAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the consumable resource was created.

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags that you apply to the consumable resource to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + } + } + }, "DescribeJobDefinitionsRequest":{ "type":"structure", "members":{ @@ -1497,6 +1953,135 @@ } } }, + "DescribeServiceEnvironmentsRequest":{ + "type":"structure", + "members":{ + "serviceEnvironments":{ + "shape":"StringList", + "documentation":"

An array of service environment names or ARN entries.

" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results returned by DescribeServiceEnvironments in paginated output. When this parameter is used, DescribeServiceEnvironments only returns maxResults results in a single page and a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeServiceEnvironments request with the returned nextToken value. This value can be between 1 and 100. If this parameter isn't used, then DescribeServiceEnvironments returns up to 100 results and a nextToken value if applicable.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value returned from a previous paginated DescribeServiceEnvironments request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

Treat this token as an opaque identifier that's only used to retrieve the next items in a list and not for other programmatic purposes.

" + } + } + }, + "DescribeServiceEnvironmentsResponse":{ + "type":"structure", + "members":{ + "serviceEnvironments":{ + "shape":"ServiceEnvironmentDetailList", + "documentation":"

The list of service environments that match the request.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value to include in a future DescribeServiceEnvironments request. When the results of a DescribeServiceEnvironments request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

" + } + } + }, + "DescribeServiceJobRequest":{ + "type":"structure", + "required":["jobId"], + "members":{ + "jobId":{ + "shape":"String", + "documentation":"

The job ID for the service job to describe.

" + } + } + }, + "DescribeServiceJobResponse":{ + "type":"structure", + "required":[ + "jobId", + "jobName", + "jobQueue", + "serviceJobType", + "startedAt", + "status" + ], + "members":{ + "attempts":{ + "shape":"ServiceJobAttemptDetails", + "documentation":"

A list of job attempts associated with the service job.

" + }, + "createdAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job was created.

" + }, + "isTerminated":{ + "shape":"Boolean", + "documentation":"

Indicates whether the service job has been terminated.

" + }, + "jobArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the service job.

" + }, + "jobId":{ + "shape":"String", + "documentation":"

The job ID for the service job.

" + }, + "jobName":{ + "shape":"String", + "documentation":"

The name of the service job.

" + }, + "jobQueue":{ + "shape":"String", + "documentation":"

The ARN of the job queue that the service job is associated with.

" + }, + "latestAttempt":{ + "shape":"LatestServiceJobAttempt", + "documentation":"

The latest attempt associated with the service job.

" + }, + "retryStrategy":{ + "shape":"ServiceJobRetryStrategy", + "documentation":"

The retry strategy to use for failed service jobs that are submitted with this service job.

" + }, + "schedulingPriority":{ + "shape":"Integer", + "documentation":"

The scheduling priority of the service job.

" + }, + "serviceRequestPayload":{ + "shape":"String", + "documentation":"

The request, in JSON, for the service that the SubmitServiceJob operation is queueing.

" + }, + "serviceJobType":{ + "shape":"ServiceJobType", + "documentation":"

The type of service job. For SageMaker Training jobs, this value is SAGEMAKER_TRAINING.

" + }, + "shareIdentifier":{ + "shape":"String", + "documentation":"

The share identifier for the service job. This is used for fair-share scheduling.

" + }, + "startedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job was started.

" + }, + "status":{ + "shape":"ServiceJobStatus", + "documentation":"

The current status of the service job.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

A short, human-readable string to provide more details for the current status of the service job.

" + }, + "stoppedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job stopped running.

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags that are associated with the service job. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + }, + "timeoutConfig":{ + "shape":"ServiceJobTimeout", + "documentation":"

The timeout configuration for the service job.

" + } + } + }, "Device":{ "type":"structure", "required":["hostPath"], @@ -1593,7 +2178,7 @@ "members":{ "imageType":{ "shape":"ImageType", - "documentation":"

The image type to match with the instance type to select an AMI. The supported values are different for ECS and EKS resources.

ECS

If the imageIdOverride parameter isn't specified, then a recent Amazon ECS-optimized Amazon Linux 2 AMI (ECS_AL2) is used. If a new image type is specified in an update, but neither an imageId nor a imageIdOverride parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by Batch is used.

ECS_AL2

Amazon Linux 2: Default for all non-GPU instance families.

ECS_AL2_NVIDIA

Amazon Linux 2 (GPU): Default for all GPU instance families (for example P4 and G4) and can be used for all non Amazon Web Services Graviton-based instance types.

ECS_AL2023

Amazon Linux 2023: Batch supports Amazon Linux 2023.

Amazon Linux 2023 does not support A1 instances.
ECS_AL1

Amazon Linux. Amazon Linux has reached the end-of-life of standard support. For more information, see Amazon Linux AMI.

EKS

If the imageIdOverride parameter isn't specified, then a recent Amazon EKS-optimized Amazon Linux AMI (EKS_AL2) is used. If a new image type is specified in an update, but neither an imageId nor a imageIdOverride parameter is specified, then the latest Amazon EKS optimized AMI for that image type that Batch supports is used.

EKS_AL2

Amazon Linux 2: Default for all non-GPU instance families.

EKS_AL2_NVIDIA

Amazon Linux 2 (accelerated): Default for all GPU instance families (for example, P4 and G4) and can be used for all non Amazon Web Services Graviton-based instance types.

" + "documentation":"

The image type to match with the instance type to select an AMI. The supported values are different for ECS and EKS resources.

ECS

If the imageIdOverride parameter isn't specified, then a recent Amazon ECS-optimized Amazon Linux 2 AMI (ECS_AL2) is used. If a new image type is specified in an update, but neither an imageId nor a imageIdOverride parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by Batch is used.

Amazon Web Services will end support for Amazon ECS optimized AL2-optimized and AL2-accelerated AMIs. Starting in January 2026, Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security. For more information on upgrading from AL2 to AL2023, see How to migrate from ECS AL2 to ECS AL2023 in the Batch User Guide.
ECS_AL2

Amazon Linux 2: Default for all non-GPU instance families.

ECS_AL2_NVIDIA

Amazon Linux 2 (GPU): Default for all GPU instance families (for example P4 and G4) and can be used for all non Amazon Web Services Graviton-based instance types.

ECS_AL2023

Amazon Linux 2023: Batch supports Amazon Linux 2023.

Amazon Linux 2023 does not support A1 instances.
ECS_AL2023_NVIDIA

Amazon Linux 2023 (GPU): For all GPU instance families and can be used for all non Amazon Web Services Graviton-based instance types.

ECS_AL2023_NVIDIA doesn't support p3 and g3 instance types.
EKS

If the imageIdOverride parameter isn't specified, then a recent Amazon EKS-optimized Amazon Linux 2023 AMI (EKS_AL2023) is used. If a new image type is specified in an update, but neither an imageId nor a imageIdOverride parameter is specified, then the latest Amazon EKS optimized AMI for that image type that Batch supports is used.

Amazon Linux 2023 AMIs are the default on Batch for Amazon EKS.

Amazon Web Services will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using Batch-provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from Amazon Web Services. For more information on upgrading from AL2 to AL2023, see How to upgrade from EKS AL2 to EKS AL2023 in the Batch User Guide.
EKS_AL2

Amazon Linux 2: Used for non-GPU instance families.

EKS_AL2_NVIDIA

Amazon Linux 2 (accelerated): Used for GPU instance families (for example, P4 and G4) and can be used for all non Amazon Web Services Graviton-based instance types.

EKS_AL2023

Amazon Linux 2023: Default for non-GPU instance families.

Amazon Linux 2023 does not support A1 instances.
EKS_AL2023_NVIDIA

Amazon Linux 2023 (accelerated): Default for GPU instance families and can be used for all non Amazon Web Services Graviton-based instance types.

" }, "imageIdOverride":{ "shape":"ImageIdOverride", @@ -1670,7 +2255,7 @@ }, "ipcMode":{ "shape":"String", - "documentation":"

The IPC resource namespace to use for the containers in the task.

" + "documentation":"

The IPC resource namespace to use for the containers in the task. The valid values are host, task, or none. For more information see ipcMode in EcsTaskProperties.

" }, "taskRoleArn":{ "shape":"String", @@ -1678,7 +2263,7 @@ }, "pidMode":{ "shape":"String", - "documentation":"

The process namespace to use for the containers in the task.

" + "documentation":"

The process namespace to use for the containers in the task. The valid values are host, or task. For more information see pidMode in EcsTaskProperties.

" }, "networkConfiguration":{ "shape":"NetworkConfiguration", @@ -1691,6 +2276,10 @@ "volumes":{ "shape":"Volumes", "documentation":"

A list of data volumes used in a job.

" + }, + "enableExecuteCommand":{ + "shape":"Boolean", + "documentation":"

Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task.

" } }, "documentation":"

The details of a task definition that describes the container and volume definitions of an Amazon ECS task.

" @@ -1738,6 +2327,10 @@ "volumes":{ "shape":"Volumes", "documentation":"

A list of volumes that are associated with the job.

" + }, + "enableExecuteCommand":{ + "shape":"Boolean", + "documentation":"

Determines whether execute command functionality is turned on for this task. If true, execute command functionality is turned on all the containers in the task.

" } }, "documentation":"

The properties for a task definition that describes the container and volume definitions of an Amazon ECS task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.

" @@ -2229,7 +2822,7 @@ }, "initContainers":{ "shape":"EksContainerOverrideList", - "documentation":"

The overrides for the initContainers defined in the Amazon EKS pod. These containers run before application containers, always runs to completion, and must complete successfully before the next container starts. These containers are registered with the Amazon EKS Connector agent and persists the registration information in the Kubernetes backend data store. For more information, see Init Containers in the Kubernetes documentation.

" + "documentation":"

The overrides for the initContainers defined in the Amazon EKS pod. These containers run before application containers, always run to completion, and must complete successfully before the next container starts. These containers are registered with the Amazon EKS Connector agent and persists the registration information in the Kubernetes backend data store. For more information, see Init Containers in the Kubernetes documentation.

" }, "metadata":{ "shape":"EksMetadata", @@ -2366,18 +2959,18 @@ "members":{ "shareDecaySeconds":{ "shape":"Integer", - "documentation":"

The amount of time (in seconds) to use to calculate a fair share percentage for each fair share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).

The decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn’t meet your needs.

" + "documentation":"

The amount of time (in seconds) to use to calculate a fair-share percentage for each share identifier in use. A value of zero (0) indicates the default minimum time window (600 seconds). The maximum supported value is 604800 (1 week).

The decay allows for more recently run jobs to have more weight than jobs that ran earlier. Consider adjusting this number if you have jobs that (on average) run longer than ten minutes, or a large difference in job count or job run times between share identifiers, and the allocation of resources doesn't meet your needs.

" }, "computeReservation":{ "shape":"Integer", - "documentation":"

A value used to reserve some of the available maximum vCPU for fair share identifiers that aren't already used.

The reserved ratio is (computeReservation/100)^ActiveFairShares where ActiveFairShares is the number of active fair share identifiers.

For example, a computeReservation value of 50 indicates that Batch reserves 50% of the maximum available vCPU if there's only one fair share identifier. It reserves 25% if there are two fair share identifiers. It reserves 12.5% if there are three fair share identifiers. A computeReservation value of 25 indicates that Batch should reserve 25% of the maximum available vCPU if there's only one fair share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three fair share identifiers.

The minimum value is 0 and the maximum value is 99.

" + "documentation":"

A value used to reserve some of the available maximum vCPU for share identifiers that aren't already used.

The reserved ratio is (computeReservation/100)^ActiveFairShares where ActiveFairShares is the number of active share identifiers.

For example, a computeReservation value of 50 indicates that Batch reserves 50% of the maximum available vCPU if there's only one share identifier. It reserves 25% if there are two share identifiers. It reserves 12.5% if there are three share identifiers. A computeReservation value of 25 indicates that Batch should reserve 25% of the maximum available vCPU if there's only one share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three share identifiers.

The minimum value is 0 and the maximum value is 99.

" }, "shareDistribution":{ "shape":"ShareAttributesList", - "documentation":"

An array of SharedIdentifier objects that contain the weights for the fair share identifiers for the fair share policy. Fair share identifiers that aren't included have a default weight of 1.0.

" + "documentation":"

An array of SharedIdentifier objects that contain the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of 1.0.

" } }, - "documentation":"

The fair share policy for a scheduling policy.

" + "documentation":"

The fair-share scheduling policy details.

" }, "FargatePlatformConfiguration":{ "type":"structure", @@ -2389,13 +2982,40 @@ }, "documentation":"

The platform configuration for jobs that are running on Fargate resources. Jobs that run on Amazon EC2 resources must not specify this parameter.

" }, + "FirelensConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"FirelensConfigurationType", + "documentation":"

The log router to use. The valid values are fluentd or fluentbit.

" + }, + "options":{ + "shape":"FirelensConfigurationOptionsMap", + "documentation":"

The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is \"options\":{\"enable-ecs-log-metadata\":\"true|false\",\"config-file-type:\"s3|file\",\"config-file-value\":\"arn:aws:s3:::mybucket/fluent.conf|filepath\"}. For more information, see Creating a task definition that uses a FireLens configuration in the Amazon Elastic Container Service Developer Guide.

" + } + }, + "documentation":"

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.

" + }, + "FirelensConfigurationOptionsMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, + "FirelensConfigurationType":{ + "type":"string", + "enum":[ + "fluentd", + "fluentbit" + ] + }, "Float":{"type":"float"}, "FrontOfQueueDetail":{ "type":"structure", "members":{ "jobs":{ "shape":"FrontOfQueueJobSummaryList", - "documentation":"

The Amazon Resource Names (ARNs) of the first 100 RUNNABLE jobs in a named job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.

" + "documentation":"

The Amazon Resource Names (ARNs) of the first 100 RUNNABLE jobs in a named job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair-share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.

" }, "lastUpdatedAt":{ "shape":"Long", @@ -2437,7 +3057,7 @@ "members":{ "frontOfQueue":{ "shape":"FrontOfQueueDetail", - "documentation":"

The list of the first 100 RUNNABLE jobs in each job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.

" + "documentation":"

The list of the first 100 RUNNABLE jobs in each job queue. For first-in-first-out (FIFO) job queues, jobs are ordered based on their submission time. For fair-share scheduling (FSS) job queues, jobs are ordered based on their job priority and share usage.

" } } }, @@ -2526,7 +3146,7 @@ }, "schedulingPriority":{ "shape":"Integer", - "documentation":"

The scheduling priority of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

" + "documentation":"

The scheduling priority of the job definition. This only affects jobs in job queues with a fair-share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

" }, "parameters":{ "shape":"ParametersMap", @@ -2571,6 +3191,10 @@ "containerOrchestrationType":{ "shape":"OrchestrationType", "documentation":"

The orchestration type of the compute environment. The valid values are ECS (default) or EKS.

" + }, + "consumableResourceProperties":{ + "shape":"ConsumableResourceProperties", + "documentation":"

Contains a list of consumable resources required by the job.

" } }, "documentation":"

An object that represents an Batch job definition.

" @@ -2641,7 +3265,7 @@ }, "schedulingPriority":{ "shape":"Integer", - "documentation":"

The scheduling policy of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

" + "documentation":"

The scheduling policy of the job definition. This only affects jobs in job queues with a fair-share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

" }, "attempts":{ "shape":"AttemptDetails", @@ -2730,6 +3354,10 @@ "isTerminated":{ "shape":"Boolean", "documentation":"

Indicates whether the job is terminated.

" + }, + "consumableResourceProperties":{ + "shape":"ConsumableResourceProperties", + "documentation":"

Contains a list of consumable resources required by the job.

" } }, "documentation":"

An object that represents an Batch job.

" @@ -2785,6 +3413,14 @@ "shape":"ComputeEnvironmentOrders", "documentation":"

The compute environments that are attached to the job queue and the order that job placement is preferred. Compute environments are selected for job placement in ascending order.

" }, + "serviceEnvironmentOrder":{ + "shape":"ServiceEnvironmentOrders", + "documentation":"

The order of the service environment associated with the job queue. Job queues with a higher priority are evaluated first when associated with the same service environment.

" + }, + "jobQueueType":{ + "shape":"JobQueueType", + "documentation":"

The type of job queue. For service jobs that run on SageMaker Training, this value is SAGEMAKER_TRAINING. For regular container jobs, this value is EKS, ECS, or ECS_FARGATE depending on the compute environment.

" + }, "tags":{ "shape":"TagrisTagsMap", "documentation":"

The tags that are applied to the job queue. For more information, see Tagging your Batch resources in Batch User Guide.

" @@ -2800,6 +3436,15 @@ "type":"list", "member":{"shape":"JobQueueDetail"} }, + "JobQueueType":{ + "type":"string", + "enum":[ + "EKS", + "ECS", + "ECS_FARGATE", + "SAGEMAKER_TRAINING" + ] + }, "JobStateTimeLimitAction":{ "type":"structure", "required":[ @@ -2834,7 +3479,10 @@ }, "JobStateTimeLimitActionsAction":{ "type":"string", - "enum":["CANCEL"] + "enum":[ + "CANCEL", + "TERMINATE" + ] }, "JobStateTimeLimitActionsState":{ "type":"string", @@ -2950,13 +3598,23 @@ "documentation":"

The filter values.

" } }, - "documentation":"

A filter name and value pair that's used to return a more specific list of results from a ListJobs API operation.

" + "documentation":"

A filter name and value pair that's used to return a more specific list of results from a ListJobs or ListJobsByConsumableResource API operation.

" }, "KubernetesVersion":{ "type":"string", "max":256, "min":1 }, + "LatestServiceJobAttempt":{ + "type":"structure", + "members":{ + "serviceResourceId":{ + "shape":"ServiceResourceId", + "documentation":"

The service resource identifier associated with the service job attempt.

" + } + }, + "documentation":"

Information about the latest attempt of a service job. A Service job can transition from SCHEDULED back to RUNNABLE state when they encounter capacity constraints.

" + }, "LaunchTemplateSpecification":{ "type":"structure", "members":{ @@ -2975,6 +3633,10 @@ "overrides":{ "shape":"LaunchTemplateSpecificationOverrideList", "documentation":"

A launch template to use in place of the default launch template. You must specify either the launch template ID or launch template name in the request, but not both.

You can specify up to ten (10) launch template overrides that are associated to unique instance types or families for each compute environment.

To unset all override templates for a compute environment, you can pass an empty array to the UpdateComputeEnvironment.overrides parameter, or not include the overrides parameter when submitting the UpdateComputeEnvironment API operation.

" + }, + "userdataType":{ + "shape":"UserdataType", + "documentation":"

The EKS node initialization process to use. You only need to specify this value if you are using a custom AMI. The default value is EKS_BOOTSTRAP_SH. If imageType is a custom AMI based on EKS_AL2023 or EKS_AL2023_NVIDIA then you must choose EKS_NODEADM.

" } }, "documentation":"

An object that represents a launch template that's associated with a compute resource. You must specify either the launch template ID or launch template name in the request, but not both.

If security groups are specified using both the securityGroupIds parameter of CreateComputeEnvironment and the launch template, the values in the securityGroupIds parameter of CreateComputeEnvironment will be used.

This object isn't applicable to jobs that are running on Fargate resources.

" @@ -2996,7 +3658,11 @@ }, "targetInstanceTypes":{ "shape":"StringList", - "documentation":"

The instance type or family that this override launch template should be applied to.

This parameter is required when defining a launch template override.

Information included in this parameter must meet the following requirements:

  • Must be a valid Amazon EC2 instance type or family.

  • optimal isn't allowed.

  • targetInstanceTypes can target only instance types and families that are included within the ComputeResource.instanceTypes set. targetInstanceTypes doesn't need to include all of the instances from the instanceType set, but at least a subset. For example, if ComputeResource.instanceTypes includes [m5, g5], targetInstanceTypes can include [m5.2xlarge] and [m5.large] but not [c5.large].

  • targetInstanceTypes included within the same launch template override or across launch template overrides can't overlap for the same compute environment. For example, you can't define one launch template override to target an instance family and another define an instance type within this same family.

" + "documentation":"

The instance type or family that this override launch template should be applied to.

This parameter is required when defining a launch template override.

Information included in this parameter must meet the following requirements:

  • Must be a valid Amazon EC2 instance type or family.

  • The following Batch InstanceTypes are not allowed: optimal, default_x86_64, and default_arm64.

  • targetInstanceTypes can target only instance types and families that are included within the ComputeResource.instanceTypes set. targetInstanceTypes doesn't need to include all of the instances from the instanceType set, but at least a subset. For example, if ComputeResource.instanceTypes includes [m5, g5], targetInstanceTypes can include [m5.2xlarge] and [m5.large] but not [c5.large].

  • targetInstanceTypes included within the same launch template override or across launch template overrides can't overlap for the same compute environment. For example, you can't define one launch template override to target an instance family and another define an instance type within this same family.

" + }, + "userdataType":{ + "shape":"UserdataType", + "documentation":"

The EKS node initialization process to use. You only need to specify this value if you are using a custom AMI. The default value is EKS_BOOTSTRAP_SH. If imageType is a custom AMI based on EKS_AL2023 or EKS_AL2023_NVIDIA then you must choose EKS_NODEADM.

" } }, "documentation":"

An object that represents a launch template to use in place of the default launch template. You must specify either the launch template ID or launch template name in the request, but not both.

If security groups are specified using both the securityGroupIds parameter of CreateComputeEnvironment and the launch template, the values in the securityGroupIds parameter of CreateComputeEnvironment will be used.

You can define up to ten (10) overrides for each compute environment.

This object isn't applicable to jobs that are running on Fargate resources.

To unset all override templates for a compute environment, you can pass an empty array to the UpdateComputeEnvironment.overrides parameter, or not include the overrides parameter when submitting the UpdateComputeEnvironment API operation.

" @@ -3026,7 +3692,7 @@ }, "maxSwap":{ "shape":"Integer", - "documentation":"

The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap option to docker run where the value is the sum of the container memory plus the maxSwap value. For more information, see --memory-swap details in the Docker documentation.

If a maxSwap value of 0 is specified, the container doesn't use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container doesn't use the swap configuration for the container instance that it's running on. A maxSwap value must be set for the swappiness parameter to be used.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.

" + "documentation":"

The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap option to docker run where the value is the sum of the container memory plus the maxSwap value. For more information, see --memory-swap details in the Docker documentation.

If a maxSwap value of 0 is specified, the container doesn't use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container doesn't use the swap configuration for the container instance on which it runs. A maxSwap value must be set for the swappiness parameter to be used.

This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.

" }, "swappiness":{ "shape":"Integer", @@ -3043,6 +3709,41 @@ "type":"list", "member":{"shape":"AttemptTaskContainerDetails"} }, + "ListConsumableResourcesFilterList":{ + "type":"list", + "member":{"shape":"KeyValuesPair"} + }, + "ListConsumableResourcesRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"ListConsumableResourcesFilterList", + "documentation":"

The filters to apply to the consumable resource list query. If used, only those consumable resources that match the filter are listed. Filter names and values can be:

  • name: CONSUMABLE_RESOURCE_NAME

    values: case-insensitive matches for the consumable resource name. If a filter value ends with an asterisk (*), it matches any consumable resource name that begins with the string before the '*'.

" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results returned by ListConsumableResources in paginated output. When this parameter is used, ListConsumableResources only returns maxResults results in a single page and a nextToken response element. The remaining results of the initial request can be seen by sending another ListConsumableResources request with the returned nextToken value. This value can be between 1 and 100. If this parameter isn't used, then ListConsumableResources returns up to 100 results and a nextToken value if applicable.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value returned from a previous paginated ListConsumableResources request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

Treat this token as an opaque identifier that's only used to retrieve the next items in a list and not for other programmatic purposes.

" + } + } + }, + "ListConsumableResourcesResponse":{ + "type":"structure", + "required":["consumableResources"], + "members":{ + "consumableResources":{ + "shape":"ConsumableResourceSummaryList", + "documentation":"

A list of consumable resources that match the request.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value to include in a future ListConsumableResources request. When the results of a ListConsumableResources request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

" + } + } + }, "ListEcsTaskDetails":{ "type":"list", "member":{"shape":"EcsTaskDetails"} @@ -3051,6 +3752,109 @@ "type":"list", "member":{"shape":"EcsTaskProperties"} }, + "ListJobsByConsumableResourceFilterList":{ + "type":"list", + "member":{"shape":"KeyValuesPair"} + }, + "ListJobsByConsumableResourceRequest":{ + "type":"structure", + "required":["consumableResource"], + "members":{ + "consumableResource":{ + "shape":"String", + "documentation":"

The name or ARN of the consumable resource.

" + }, + "filters":{ + "shape":"ListJobsByConsumableResourceFilterList", + "documentation":"

The filters to apply to the job list query. If used, only those jobs requiring the specified consumable resource (consumableResource) and that match the value of the filters are listed. The filter names and values can be:

  • name: JOB_STATUS

    values: SUBMITTED | PENDING | RUNNABLE | STARTING | RUNNING | SUCCEEDED | FAILED

  • name: JOB_NAME

    The values are case-insensitive matches for the job name. If a filter value ends with an asterisk (*), it matches any job name that begins with the string before the '*'.

" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results returned by ListJobsByConsumableResource in paginated output. When this parameter is used, ListJobsByConsumableResource only returns maxResults results in a single page and a nextToken response element. The remaining results of the initial request can be seen by sending another ListJobsByConsumableResource request with the returned nextToken value. This value can be between 1 and 100. If this parameter isn't used, then ListJobsByConsumableResource returns up to 100 results and a nextToken value if applicable.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value returned from a previous paginated ListJobsByConsumableResource request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

Treat this token as an opaque identifier that's only used to retrieve the next items in a list and not for other programmatic purposes.

" + } + } + }, + "ListJobsByConsumableResourceResponse":{ + "type":"structure", + "required":["jobs"], + "members":{ + "jobs":{ + "shape":"ListJobsByConsumableResourceSummaryList", + "documentation":"

The list of jobs that require the specified consumable resources.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value to include in a future ListJobsByConsumableResource request. When the results of a ListJobsByConsumableResource request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

" + } + } + }, + "ListJobsByConsumableResourceSummary":{ + "type":"structure", + "required":[ + "jobArn", + "jobQueueArn", + "jobName", + "jobStatus", + "quantity", + "createdAt", + "consumableResourceProperties" + ], + "members":{ + "jobArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the job.

" + }, + "jobQueueArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the job queue.

" + }, + "jobName":{ + "shape":"String", + "documentation":"

The name of the job.

" + }, + "jobDefinitionArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the job definition.

" + }, + "shareIdentifier":{ + "shape":"String", + "documentation":"

The fair-share scheduling policy identifier for the job.

" + }, + "jobStatus":{ + "shape":"String", + "documentation":"

The status of the job. Can be one of:

  • SUBMITTED

  • PENDING

  • RUNNABLE

  • STARTING

  • RUNNING

  • SUCCEEDED

  • FAILED

" + }, + "quantity":{ + "shape":"Long", + "documentation":"

The total amount of the consumable resource that is available.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

A short, human-readable string to provide more details for the current status of the job.

" + }, + "startedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp for when the job was started. More specifically, it's when the job transitioned from the STARTING state to the RUNNING state.

" + }, + "createdAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the consumable resource was created.

" + }, + "consumableResourceProperties":{ + "shape":"ConsumableResourceProperties", + "documentation":"

Contains a list of consumable resources required by the job.

" + } + }, + "documentation":"

Current information about a consumable resource required by a job.

" + }, + "ListJobsByConsumableResourceSummaryList":{ + "type":"list", + "member":{"shape":"ListJobsByConsumableResourceSummary"} + }, "ListJobsFilterList":{ "type":"list", "member":{"shape":"KeyValuesPair"} @@ -3130,6 +3934,45 @@ } } }, + "ListServiceJobsRequest":{ + "type":"structure", + "members":{ + "jobQueue":{ + "shape":"String", + "documentation":"

The name or ARN of the job queue with which to list service jobs.

" + }, + "jobStatus":{ + "shape":"ServiceJobStatus", + "documentation":"

The job status with which to filter service jobs.

" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

The maximum number of results returned by ListServiceJobs in paginated output. When this parameter is used, ListServiceJobs only returns maxResults results in a single page and a nextToken response element. The remaining results of the initial request can be seen by sending another ListServiceJobs request with the returned nextToken value. This value can be between 1 and 100. If this parameter isn't used, then ListServiceJobs returns up to 100 results and a nextToken value if applicable.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value returned from a previous paginated ListServiceJobs request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.

Treat this token as an opaque identifier that's only used to retrieve the next items in a list and not for other programmatic purposes.

" + }, + "filters":{ + "shape":"ListJobsFilterList", + "documentation":"

The filter to apply to the query. Only one filter can be used at a time. When the filter is used, jobStatus is ignored. The results are sorted by the createdAt field, with the most recent jobs being first.

JOB_NAME

The value of the filter is a case-insensitive match for the job name. If the value ends with an asterisk (*), the filter matches any job name that begins with the string before the '*'. This corresponds to the jobName value. For example, test1 matches both Test1 and test1, and test1* matches both test1 and Test10. When the JOB_NAME filter is used, the results are grouped by the job name and version.

BEFORE_CREATED_AT

The value for the filter is the time that's before the job was created. This corresponds to the createdAt value. The value is a string representation of the number of milliseconds since 00:00:00 UTC (midnight) on January 1, 1970.

AFTER_CREATED_AT

The value for the filter is the time that's after the job was created. This corresponds to the createdAt value. The value is a string representation of the number of milliseconds since 00:00:00 UTC (midnight) on January 1, 1970.

" + } + } + }, + "ListServiceJobsResponse":{ + "type":"structure", + "required":["jobSummaryList"], + "members":{ + "jobSummaryList":{ + "shape":"ServiceJobSummaryList", + "documentation":"

A list of service job summaries.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The nextToken value to include in a future ListServiceJobs request. When the results of a ListServiceJobs request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

" + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceArn"], @@ -3174,7 +4017,7 @@ "members":{ "logDriver":{ "shape":"LogDriver", - "documentation":"

The log driver to use for the container. The valid values that are listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.

The supported log drivers are awslogs, fluentd, gelf, json-file, journald, logentries, syslog, and splunk.

Jobs that are running on Fargate resources are restricted to the awslogs and splunk log drivers.
awslogs

Specifies the Amazon CloudWatch Logs logging driver. For more information, see Using the awslogs log driver in the Batch User Guide and Amazon CloudWatch Logs logging driver in the Docker documentation.

fluentd

Specifies the Fluentd logging driver. For more information including usage and options, see Fluentd logging driver in the Docker documentation.

gelf

Specifies the Graylog Extended Format (GELF) logging driver. For more information including usage and options, see Graylog Extended Format logging driver in the Docker documentation.

journald

Specifies the journald logging driver. For more information including usage and options, see Journald logging driver in the Docker documentation.

json-file

Specifies the JSON file logging driver. For more information including usage and options, see JSON File logging driver in the Docker documentation.

splunk

Specifies the Splunk logging driver. For more information including usage and options, see Splunk logging driver in the Docker documentation.

syslog

Specifies the syslog logging driver. For more information including usage and options, see Syslog logging driver in the Docker documentation.

If you have a custom driver that's not listed earlier that you want to work with the Amazon ECS container agent, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you want to have included. However, Amazon Web Services doesn't currently support running modified copies of this software.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep \"Server API version\"

" + "documentation":"

The log driver to use for the container. The valid values that are listed for this parameter are log drivers that the Amazon ECS container agent can communicate with by default.

The supported log drivers are awsfirelens, awslogs, fluentd, gelf, json-file, journald, logentries, syslog, and splunk.

Jobs that are running on Fargate resources are restricted to the awslogs and splunk log drivers.
awsfirelens

Specifies the firelens logging driver. For more information on configuring Firelens, see Send Amazon ECS logs to an Amazon Web Services service or Amazon Web Services Partner in the Amazon Elastic Container Service Developer Guide.

awslogs

Specifies the Amazon CloudWatch Logs logging driver. For more information, see Using the awslogs log driver in the Batch User Guide and Amazon CloudWatch Logs logging driver in the Docker documentation.

fluentd

Specifies the Fluentd logging driver. For more information including usage and options, see Fluentd logging driver in the Docker documentation.

gelf

Specifies the Graylog Extended Format (GELF) logging driver. For more information including usage and options, see Graylog Extended Format logging driver in the Docker documentation.

journald

Specifies the journald logging driver. For more information including usage and options, see Journald logging driver in the Docker documentation.

json-file

Specifies the JSON file logging driver. For more information including usage and options, see JSON File logging driver in the Docker documentation.

splunk

Specifies the Splunk logging driver. For more information including usage and options, see Splunk logging driver in the Docker documentation.

syslog

Specifies the syslog logging driver. For more information including usage and options, see Syslog logging driver in the Docker documentation.

If you have a custom driver that's not listed earlier that you want to work with the Amazon ECS container agent, you can fork the Amazon ECS container agent project that's available on GitHub and customize it to work with that driver. We encourage you to submit pull requests for changes that you want to have included. However, Amazon Web Services doesn't currently support running modified copies of this software.

This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version | grep \"Server API version\"

" }, "options":{ "shape":"LogConfigurationOptionsMap", @@ -3201,7 +4044,8 @@ "gelf", "fluentd", "awslogs", - "splunk" + "splunk", + "awsfirelens" ] }, "Long":{"type":"long"}, @@ -3351,6 +4195,10 @@ "eksPropertiesOverride":{ "shape":"EksPropertiesOverride", "documentation":"

An object that contains the properties that you want to replace for the existing Amazon EKS resources of a job.

" + }, + "consumableResourcePropertiesOverride":{ + "shape":"ConsumableResourceProperties", + "documentation":"

An object that contains overrides for the consumable resources of a job.

" } }, "documentation":"

The object that represents any node overrides to a job definition that's used in a SubmitJob API operation.

" @@ -3386,6 +4234,10 @@ "eksProperties":{ "shape":"EksProperties", "documentation":"

This is an object that represents the properties of the node range for a multi-node parallel job.

" + }, + "consumableResourceProperties":{ + "shape":"ConsumableResourceProperties", + "documentation":"

Contains a list of consumable resources required by a job.

" } }, "documentation":"

This is an object that represents the properties of the node range for a multi-node parallel job.

" @@ -3439,7 +4291,7 @@ }, "schedulingPriority":{ "shape":"Integer", - "documentation":"

The scheduling priority for jobs that are submitted with this job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

The minimum supported value is 0 and the maximum supported value is 9999.

" + "documentation":"

The scheduling priority for jobs that are submitted with this job definition. This only affects jobs in job queues with a fair-share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.

The minimum supported value is 0 and the maximum supported value is 9999.

" }, "containerProperties":{ "shape":"ContainerProperties", @@ -3476,6 +4328,10 @@ "ecsProperties":{ "shape":"EcsProperties", "documentation":"

An object with properties that are specific to Amazon ECS-based jobs. This must not be specified for Amazon EKS-based job definitions.

" + }, + "consumableResourceProperties":{ + "shape":"ConsumableResourceProperties", + "documentation":"

Contains a list of consumable resources required by the job.

" } }, "documentation":"

Contains the parameters for RegisterJobDefinition.

" @@ -3569,11 +4425,11 @@ "members":{ "operatingSystemFamily":{ "shape":"String", - "documentation":"

The operating system for the compute environment. Valid values are: LINUX (default), WINDOWS_SERVER_2019_CORE, WINDOWS_SERVER_2019_FULL, WINDOWS_SERVER_2022_CORE, and WINDOWS_SERVER_2022_FULL.

The following parameters can’t be set for Windows containers: linuxParameters, privileged, user, ulimits, readonlyRootFilesystem, and efsVolumeConfiguration.

The Batch Scheduler checks the compute environments that are attached to the job queue before registering a task definition with Fargate. In this scenario, the job queue is where the job is submitted. If the job requires a Windows container and the first compute environment is LINUX, the compute environment is skipped and the next compute environment is checked until a Windows-based compute environment is found.

Fargate Spot is not supported for ARM64 and Windows-based containers on Fargate. A job queue will be blocked if a Fargate ARM64 or Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both FARGATE and FARGATE_SPOT compute environments to the same job queue.

" + "documentation":"

The operating system for the compute environment. Valid values are: LINUX (default), WINDOWS_SERVER_2019_CORE, WINDOWS_SERVER_2019_FULL, WINDOWS_SERVER_2022_CORE, and WINDOWS_SERVER_2022_FULL.

The following parameters can’t be set for Windows containers: linuxParameters, privileged, user, ulimits, readonlyRootFilesystem, and efsVolumeConfiguration.

The Batch Scheduler checks the compute environments that are attached to the job queue before registering a task definition with Fargate. In this scenario, the job queue is where the job is submitted. If the job requires a Windows container and the first compute environment is LINUX, the compute environment is skipped and the next compute environment is checked until a Windows-based compute environment is found.

Fargate Spot is not supported on Windows-based containers on Fargate. A job queue will be blocked if a Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both FARGATE and FARGATE_SPOT compute environments to the same job queue.

" }, "cpuArchitecture":{ "shape":"String", - "documentation":"

The vCPU architecture. The default value is X86_64. Valid values are X86_64 and ARM64.

This parameter must be set to X86_64 for Windows containers.

Fargate Spot is not supported for ARM64 and Windows-based containers on Fargate. A job queue will be blocked if a Fargate ARM64 or Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both FARGATE and FARGATE_SPOT compute environments to the same job queue.

" + "documentation":"

The vCPU architecture. The default value is X86_64. Valid values are X86_64 and ARM64.

This parameter must be set to X86_64 for Windows containers.

Fargate Spot is not supported on Windows-based containers on Fargate. A job queue will be blocked if a Windows job is submitted to a job queue with only Fargate Spot compute environments. However, you can attach both FARGATE and FARGATE_SPOT compute environments to the same job queue.

" } }, "documentation":"

An object that represents the compute environment architecture for Batch jobs on Fargate.

" @@ -3587,7 +4443,7 @@ "members":{ "name":{ "shape":"String", - "documentation":"

The name of the scheduling policy.

" + "documentation":"

The name of the fair-share scheduling policy.

" }, "arn":{ "shape":"String", @@ -3595,11 +4451,11 @@ }, "fairsharePolicy":{ "shape":"FairsharePolicy", - "documentation":"

The fair share policy for the scheduling policy.

" + "documentation":"

The fair-share scheduling policy details.

" }, "tags":{ "shape":"TagrisTagsMap", - "documentation":"

The tags that you apply to the scheduling policy to categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging Amazon Web Services resources in Amazon Web Services General Reference.

" + "documentation":"

The tags that you apply to the fair-share scheduling policy to categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see Tagging Amazon Web Services resources in Amazon Web Services General Reference.

" } }, "documentation":"

An object that represents a scheduling policy.

" @@ -3655,20 +4511,282 @@ "exception":true, "fault":true }, + "ServiceEnvironmentDetail":{ + "type":"structure", + "required":[ + "serviceEnvironmentName", + "serviceEnvironmentArn", + "serviceEnvironmentType", + "capacityLimits" + ], + "members":{ + "serviceEnvironmentName":{ + "shape":"String", + "documentation":"

The name of the service environment.

" + }, + "serviceEnvironmentArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the service environment.

" + }, + "serviceEnvironmentType":{ + "shape":"ServiceEnvironmentType", + "documentation":"

The type of service environment. For SageMaker Training jobs, this value is SAGEMAKER_TRAINING.

" + }, + "state":{ + "shape":"ServiceEnvironmentState", + "documentation":"

The state of the service environment. Valid values are ENABLED and DISABLED.

" + }, + "status":{ + "shape":"ServiceEnvironmentStatus", + "documentation":"

The current status of the service environment.

" + }, + "capacityLimits":{ + "shape":"CapacityLimits", + "documentation":"

The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags associated with the service environment. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + } + }, + "documentation":"

Detailed information about a service environment, including its configuration, state, and capacity limits.

" + }, + "ServiceEnvironmentDetailList":{ + "type":"list", + "member":{"shape":"ServiceEnvironmentDetail"} + }, + "ServiceEnvironmentOrder":{ + "type":"structure", + "required":[ + "order", + "serviceEnvironment" + ], + "members":{ + "order":{ + "shape":"Integer", + "documentation":"

The order of the service environment. Job queues with a higher priority are evaluated first when associated with the same service environment.

" + }, + "serviceEnvironment":{ + "shape":"String", + "documentation":"

The name or ARN of the service environment.

" + } + }, + "documentation":"

Specifies the order of a service environment for a job queue. This determines the priority order when multiple service environments are associated with the same job queue.

" + }, + "ServiceEnvironmentOrders":{ + "type":"list", + "member":{"shape":"ServiceEnvironmentOrder"} + }, + "ServiceEnvironmentState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "ServiceEnvironmentStatus":{ + "type":"string", + "enum":[ + "CREATING", + "UPDATING", + "DELETING", + "DELETED", + "VALID", + "INVALID" + ] + }, + "ServiceEnvironmentType":{ + "type":"string", + "enum":["SAGEMAKER_TRAINING"] + }, + "ServiceJobAttemptDetail":{ + "type":"structure", + "members":{ + "serviceResourceId":{ + "shape":"ServiceResourceId", + "documentation":"

The service resource identifier associated with the service job attempt.

" + }, + "startedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job attempt was started.

" + }, + "stoppedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job attempt stopped running.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

A string that provides additional details for the current status of the service job attempt.

" + } + }, + "documentation":"

Detailed information about an attempt to run a service job.

" + }, + "ServiceJobAttemptDetails":{ + "type":"list", + "member":{"shape":"ServiceJobAttemptDetail"} + }, + "ServiceJobEvaluateOnExit":{ + "type":"structure", + "members":{ + "action":{ + "shape":"ServiceJobRetryAction", + "documentation":"

The action to take if the service job exits with the specified condition. Valid values are RETRY and EXIT.

" + }, + "onStatusReason":{ + "shape":"String", + "documentation":"

Contains a glob pattern to match against the StatusReason returned for a job. The pattern can contain up to 512 characters and can contain all printable characters. It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.

" + } + }, + "documentation":"

Specifies conditions for when to exit or retry a service job based on the exit status or status reason.

" + }, + "ServiceJobEvaluateOnExitList":{ + "type":"list", + "member":{"shape":"ServiceJobEvaluateOnExit"} + }, + "ServiceJobRetryAction":{ + "type":"string", + "enum":[ + "RETRY", + "EXIT" + ] + }, + "ServiceJobRetryStrategy":{ + "type":"structure", + "required":["attempts"], + "members":{ + "attempts":{ + "shape":"Integer", + "documentation":"

The number of times to move a service job to RUNNABLE status. You can specify between 1 and 10 attempts.

" + }, + "evaluateOnExit":{ + "shape":"ServiceJobEvaluateOnExitList", + "documentation":"

Array of ServiceJobEvaluateOnExit objects that specify conditions under which the service job should be retried or failed.

" + } + }, + "documentation":"

The retry strategy for service jobs. This defines how many times to retry a failed service job and under what conditions. For more information, see Service job retry strategies in the Batch User Guide.

" + }, + "ServiceJobStatus":{ + "type":"string", + "enum":[ + "SUBMITTED", + "PENDING", + "RUNNABLE", + "SCHEDULED", + "STARTING", + "RUNNING", + "SUCCEEDED", + "FAILED" + ] + }, + "ServiceJobSummary":{ + "type":"structure", + "required":[ + "jobId", + "jobName", + "serviceJobType" + ], + "members":{ + "latestAttempt":{ + "shape":"LatestServiceJobAttempt", + "documentation":"

Information about the latest attempt for the service job.

" + }, + "createdAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job was created.

" + }, + "jobArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the service job.

" + }, + "jobId":{ + "shape":"String", + "documentation":"

The job ID for the service job.

" + }, + "jobName":{ + "shape":"String", + "documentation":"

The name of the service job.

" + }, + "serviceJobType":{ + "shape":"ServiceJobType", + "documentation":"

The type of service job. For SageMaker Training jobs, this value is SAGEMAKER_TRAINING.

" + }, + "shareIdentifier":{ + "shape":"String", + "documentation":"

The share identifier for the job.

" + }, + "status":{ + "shape":"ServiceJobStatus", + "documentation":"

The current status of the service job.

" + }, + "statusReason":{ + "shape":"String", + "documentation":"

A short string to provide more details on the current status of the service job.

" + }, + "startedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job was started.

" + }, + "stoppedAt":{ + "shape":"Long", + "documentation":"

The Unix timestamp (in milliseconds) for when the service job stopped running.

" + } + }, + "documentation":"

Summary information about a service job.

" + }, + "ServiceJobSummaryList":{ + "type":"list", + "member":{"shape":"ServiceJobSummary"} + }, + "ServiceJobTimeout":{ + "type":"structure", + "members":{ + "attemptDurationSeconds":{ + "shape":"Integer", + "documentation":"

The maximum duration in seconds that a service job attempt can run. After this time is reached, Batch terminates the service job attempt.

" + } + }, + "documentation":"

The timeout configuration for service jobs.

" + }, + "ServiceJobType":{ + "type":"string", + "enum":["SAGEMAKER_TRAINING"] + }, + "ServiceResourceId":{ + "type":"structure", + "required":[ + "name", + "value" + ], + "members":{ + "name":{ + "shape":"ServiceResourceIdName", + "documentation":"

The name of the resource identifier.

" + }, + "value":{ + "shape":"String", + "documentation":"

The value of the resource identifier.

" + } + }, + "documentation":"

The Batch unique identifier.

" + }, + "ServiceResourceIdName":{ + "type":"string", + "enum":["TrainingJobArn"] + }, "ShareAttributes":{ "type":"structure", "required":["shareIdentifier"], "members":{ "shareIdentifier":{ "shape":"String", - "documentation":"

A fair share identifier or fair share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for fair share identifiers that start with that prefix. The list of fair share identifiers in a fair share policy can't overlap. For example, you can't have one that specifies a shareIdentifier of UserA* and another that specifies a shareIdentifier of UserA-1.

There can be no more than 500 fair share identifiers active in a job queue.

The string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).

" + "documentation":"

A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a shareIdentifier of UserA* and another that specifies a shareIdentifier of UserA1.

There can be no more than 500 share identifiers active in a job queue.

The string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).

" }, "weightFactor":{ "shape":"Float", - "documentation":"

The weight factor for the fair share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.

The smallest supported value is 0.0001, and the largest supported value is 999.9999.

" + "documentation":"

The weight factor for the share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.

The smallest supported value is 0.0001, and the largest supported value is 999.9999.

" } }, - "documentation":"

Specifies the weights for the fair share identifiers for the fair share policy. Fair share identifiers that aren't included have a default weight of 1.0.

" + "documentation":"

Specifies the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of 1.0.

" }, "ShareAttributesList":{ "type":"list", @@ -3697,11 +4815,11 @@ }, "shareIdentifier":{ "shape":"String", - "documentation":"

The share identifier for the job. Don't specify this parameter if the job queue doesn't have a scheduling policy. If the job queue has a scheduling policy, then this parameter must be specified.

This string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).

" + "documentation":"

The share identifier for the job. Don't specify this parameter if the job queue doesn't have a fair-share scheduling policy. If the job queue has a fair-share scheduling policy, then this parameter must be specified.

This string is limited to 255 alphanumeric characters, and can be followed by an asterisk (*).

" }, "schedulingPriorityOverride":{ "shape":"Integer", - "documentation":"

The scheduling priority for the job. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority. This overrides any scheduling priority in the job definition and works only within a single share identifier.

The minimum supported value is 0 and the maximum supported value is 9999.

" + "documentation":"

The scheduling priority for the job. This only affects jobs in job queues with a fair-share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority. This overrides any scheduling priority in the job definition and works only within a single share identifier.

The minimum supported value is 0 and the maximum supported value is 9999.

" }, "arrayProperties":{ "shape":"ArrayProperties", @@ -3750,6 +4868,10 @@ "ecsPropertiesOverride":{ "shape":"EcsPropertiesOverride", "documentation":"

An object, with properties that override defaults for the job definition, can only be specified for jobs that are run on Amazon ECS resources.

" + }, + "consumableResourcePropertiesOverride":{ + "shape":"ConsumableResourceProperties", + "documentation":"

An object that contains overrides for the consumable resources of a job.

" } }, "documentation":"

Contains the parameters for SubmitJob.

" @@ -3775,6 +4897,79 @@ } } }, + "SubmitServiceJobRequest":{ + "type":"structure", + "required":[ + "jobName", + "jobQueue", + "serviceRequestPayload", + "serviceJobType" + ], + "members":{ + "jobName":{ + "shape":"String", + "documentation":"

The name of the service job. It can be up to 128 characters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).

" + }, + "jobQueue":{ + "shape":"String", + "documentation":"

The job queue into which the service job is submitted. You can specify either the name or the ARN of the queue. The job queue must have the type SAGEMAKER_TRAINING.

" + }, + "retryStrategy":{ + "shape":"ServiceJobRetryStrategy", + "documentation":"

The retry strategy to use for failed service jobs that are submitted with this service job request.

" + }, + "schedulingPriority":{ + "shape":"Integer", + "documentation":"

The scheduling priority of the service job. Valid values are integers between 0 and 9999.

" + }, + "serviceRequestPayload":{ + "shape":"String", + "documentation":"

The request, in JSON, for the service that the SubmitServiceJob operation is queueing.

" + }, + "serviceJobType":{ + "shape":"ServiceJobType", + "documentation":"

The type of service job. For SageMaker Training jobs, specify SAGEMAKER_TRAINING.

" + }, + "shareIdentifier":{ + "shape":"String", + "documentation":"

The share identifier for the service job. Don't specify this parameter if the job queue doesn't have a fair-share scheduling policy. If the job queue has a fair-share scheduling policy, then this parameter must be specified.

" + }, + "timeoutConfig":{ + "shape":"ServiceJobTimeout", + "documentation":"

The timeout configuration for the service job. If none is specified, Batch defers to the default timeout of the underlying service handling the job.

" + }, + "tags":{ + "shape":"TagrisTagsMap", + "documentation":"

The tags that you apply to the service job request. Each tag consists of a key and an optional value. For more information, see Tagging your Batch resources.

" + }, + "clientToken":{ + "shape":"ClientRequestToken", + "documentation":"

A unique identifier for the request. This token is used to ensure idempotency of requests. If this parameter is specified and two submit requests with identical payloads and clientTokens are received, these requests are considered the same request and the second request is rejected.

", + "idempotencyToken":true + } + } + }, + "SubmitServiceJobResponse":{ + "type":"structure", + "required":[ + "jobName", + "jobId" + ], + "members":{ + "jobArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) for the service job.

" + }, + "jobName":{ + "shape":"String", + "documentation":"

The name of the service job.

" + }, + "jobId":{ + "shape":"String", + "documentation":"

The unique identifier for the service job.

" + } + } + }, "TagKey":{ "type":"string", "max":128, @@ -3808,8 +5003,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3864,6 +5058,10 @@ "shape":"Boolean", "documentation":"

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.

All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.

" }, + "firelensConfiguration":{ + "shape":"FirelensConfiguration", + "documentation":"

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.

" + }, "image":{ "shape":"String", "documentation":"

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the Create a container section of the Docker Remote API and the IMAGE parameter of the docker run .

" @@ -3973,6 +5171,10 @@ "shape":"Boolean", "documentation":"

If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.

All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.

" }, + "firelensConfiguration":{ + "shape":"FirelensConfiguration", + "documentation":"

The FireLens configuration for the container. This is used to specify and configure a log router for container logs. For more information, see Custom log routing in the Amazon Elastic Container Service Developer Guide.

" + }, "image":{ "shape":"String", "documentation":"

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the Create a container section of the Docker Remote API and the IMAGE parameter of the docker run .

" @@ -4054,9 +5256,29 @@ }, "TerminateJobResponse":{ "type":"structure", + "members":{} + }, + "TerminateServiceJobRequest":{ + "type":"structure", + "required":[ + "jobId", + "reason" + ], "members":{ + "jobId":{ + "shape":"String", + "documentation":"

The service job ID of the service job to terminate.

" + }, + "reason":{ + "shape":"String", + "documentation":"

A message to attach to the service job that explains the reason for canceling it. This message is returned by DescribeServiceJob operations on the service job.

" + } } }, + "TerminateServiceJobResponse":{ + "type":"structure", + "members":{} + }, "Tmpfs":{ "type":"structure", "required":[ @@ -4134,8 +5356,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateComputeEnvironmentRequest":{ "type":"structure", @@ -4151,7 +5372,7 @@ }, "unmanagedvCpus":{ "shape":"Integer", - "documentation":"

The maximum number of vCPUs expected to be used for an unmanaged compute environment. Don't specify this parameter for a managed compute environment. This parameter is only used for fair share scheduling to reserve vCPU capacity for new share identifiers. If this parameter isn't provided for a fair share job queue, no vCPU capacity is reserved.

" + "documentation":"

The maximum number of vCPUs expected to be used for an unmanaged compute environment. Don't specify this parameter for a managed compute environment. This parameter is only used for fair-share scheduling to reserve vCPU capacity for new share identifiers. If this parameter isn't provided for a fair-share job queue, no vCPU capacity is reserved.

" }, "computeResources":{ "shape":"ComputeResourceUpdate", @@ -4185,6 +5406,50 @@ } } }, + "UpdateConsumableResourceRequest":{ + "type":"structure", + "required":["consumableResource"], + "members":{ + "consumableResource":{ + "shape":"String", + "documentation":"

The name or ARN of the consumable resource to be updated.

" + }, + "operation":{ + "shape":"String", + "documentation":"

Indicates how the quantity of the consumable resource will be updated. Must be one of:

  • SET

    Sets the quantity of the resource to the value specified by the quantity parameter.

  • ADD

    Increases the quantity of the resource by the value specified by the quantity parameter.

  • REMOVE

    Reduces the quantity of the resource by the value specified by the quantity parameter.

" + }, + "quantity":{ + "shape":"Long", + "documentation":"

The change in the total quantity of the consumable resource. The operation parameter determines whether the value specified here will be the new total quantity, or the amount by which the total quantity will be increased or reduced. Must be a non-negative value.

" + }, + "clientToken":{ + "shape":"ClientRequestToken", + "documentation":"

If this parameter is specified and two update requests with identical payloads and clientTokens are received, these requests are considered the same request. Both requests will succeed, but the update will only happen once. A clientToken is valid for 8 hours.

", + "idempotencyToken":true + } + } + }, + "UpdateConsumableResourceResponse":{ + "type":"structure", + "required":[ + "consumableResourceName", + "consumableResourceArn" + ], + "members":{ + "consumableResourceName":{ + "shape":"String", + "documentation":"

The name of the consumable resource to be updated.

" + }, + "consumableResourceArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the consumable resource.

" + }, + "totalQuantity":{ + "shape":"Long", + "documentation":"

The total amount of the consumable resource that is available.

" + } + } + }, "UpdateJobQueueRequest":{ "type":"structure", "required":["jobQueue"], @@ -4199,7 +5464,7 @@ }, "schedulingPolicyArn":{ "shape":"String", - "documentation":"

Amazon Resource Name (ARN) of the fair share scheduling policy. Once a job queue is created, the fair share scheduling policy can be replaced but not removed. The format is aws:Partition:batch:Region:Account:scheduling-policy/Name . For example, aws:aws:batch:us-west-2:123456789012:scheduling-policy/MySchedulingPolicy.

" + "documentation":"

Amazon Resource Name (ARN) of the fair-share scheduling policy. Once a job queue is created, the fair-share scheduling policy can be replaced but not removed. The format is aws:Partition:batch:Region:Account:scheduling-policy/Name . For example, aws:aws:batch:us-west-2:123456789012:scheduling-policy/MySchedulingPolicy.

" }, "priority":{ "shape":"Integer", @@ -4209,6 +5474,10 @@ "shape":"ComputeEnvironmentOrders", "documentation":"

Details the set of compute environments mapped to a job queue and their order relative to each other. This is one of the parameters used by the job scheduler to determine which compute environment runs a given job. Compute environments must be in the VALID state before you can associate them with a job queue. All of the compute environments must be either EC2 (EC2 or SPOT) or Fargate (FARGATE or FARGATE_SPOT). EC2 and Fargate compute environments can't be mixed.

All compute environments that are associated with a job queue must share the same architecture. Batch doesn't support mixing compute environment architecture types in a single job queue.

" }, + "serviceEnvironmentOrder":{ + "shape":"ServiceEnvironmentOrders", + "documentation":"

The order of the service environment associated with the job queue. Job queues with a higher priority are evaluated first when associated with the same service environment.

" + }, "jobStateTimeLimitActions":{ "shape":"JobStateTimeLimitActions", "documentation":"

The set of actions that Batch perform on jobs that remain at the head of the job queue in the specified state longer than specified times. Batch will perform each action after maxTimeSeconds has passed. (Note: The minimum value for maxTimeSeconds is 600 (10 minutes) and its maximum value is 86,400 (24 hours).)

" @@ -4234,14 +5503,14 @@ "members":{ "terminateJobsOnUpdate":{ "shape":"Boolean", - "documentation":"

Specifies whether jobs are automatically terminated when the computer environment infrastructure is updated. The default value is false.

" + "documentation":"

Specifies whether jobs are automatically terminated when the compute environment infrastructure is updated. The default value is false.

" }, "jobExecutionTimeoutMinutes":{ "shape":"JobExecutionTimeoutMinutes", "documentation":"

Specifies the job timeout (in minutes) when the compute environment infrastructure is updated. The default value is 30.

" } }, - "documentation":"

Specifies the infrastructure update policy for the compute environment. For more information about infrastructure updates, see Updating compute environments in the Batch User Guide.

" + "documentation":"

Specifies the infrastructure update policy for the Amazon EC2 compute environment. For more information about infrastructure updates, see Updating compute environments in the Batch User Guide.

" }, "UpdateSchedulingPolicyRequest":{ "type":"structure", @@ -4253,16 +5522,57 @@ }, "fairsharePolicy":{ "shape":"FairsharePolicy", - "documentation":"

The fair share policy.

" + "documentation":"

The fair-share policy scheduling details.

" } }, "documentation":"

Contains the parameters for UpdateSchedulingPolicy.

" }, "UpdateSchedulingPolicyResponse":{ "type":"structure", + "members":{} + }, + "UpdateServiceEnvironmentRequest":{ + "type":"structure", + "required":["serviceEnvironment"], + "members":{ + "serviceEnvironment":{ + "shape":"String", + "documentation":"

The name or ARN of the service environment to update.

" + }, + "state":{ + "shape":"ServiceEnvironmentState", + "documentation":"

The state of the service environment.

" + }, + "capacityLimits":{ + "shape":"CapacityLimits", + "documentation":"

The capacity limits for the service environment. This defines the maximum resources that can be used by service jobs in this environment.

" + } + } + }, + "UpdateServiceEnvironmentResponse":{ + "type":"structure", + "required":[ + "serviceEnvironmentName", + "serviceEnvironmentArn" + ], "members":{ + "serviceEnvironmentName":{ + "shape":"String", + "documentation":"

The name of the service environment that was updated.

" + }, + "serviceEnvironmentArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the service environment that was updated.

" + } } }, + "UserdataType":{ + "type":"string", + "enum":[ + "EKS_BOOTSTRAP_SH", + "EKS_NODEADM" + ] + }, "Volume":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,151 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://bcm-dashboards-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://bcm-dashboards.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/paginators-1.json 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +{ + "pagination": { + "ListDashboards": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dashboards" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/service-2.json 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/service-2.json --- 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,1111 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2025-08-18", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"bcm-dashboards", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"AWS Billing and Cost Management Dashboards", + "serviceId":"BCM Dashboards", + "signatureVersion":"v4", + "signingName":"bcm-dashboards", + "targetPrefix":"AWSBCMDashboardsService", + "uid":"bcm-dashboards-2025-08-18" + }, + "operations":{ + "CreateDashboard":{ + "name":"CreateDashboard", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateDashboardRequest"}, + "output":{"shape":"CreateDashboardResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates a new dashboard that can contain multiple widgets displaying cost and usage data. You can add custom widgets or use predefined widgets, arranging them in your preferred layout.

" + }, + "DeleteDashboard":{ + "name":"DeleteDashboard", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteDashboardRequest"}, + "output":{"shape":"DeleteDashboardResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Deletes a specified dashboard. This action cannot be undone.

" + }, + "GetDashboard":{ + "name":"GetDashboard", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDashboardRequest"}, + "output":{"shape":"GetDashboardResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves the configuration and metadata of a specified dashboard, including its widgets and layout settings.

" + }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves the resource-based policy attached to a dashboard, showing sharing configurations and permissions.

" + }, + "ListDashboards":{ + "name":"ListDashboards", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDashboardsRequest"}, + "output":{"shape":"ListDashboardsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Returns a list of all dashboards in your account.

" + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Returns a list of all tags associated with a specified dashboard resource.

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Adds or updates tags for a specified dashboard resource.

" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Removes specified tags from a dashboard resource.

" + }, + "UpdateDashboard":{ + "name":"UpdateDashboard", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateDashboardRequest"}, + "output":{"shape":"UpdateDashboardResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Updates an existing dashboard's properties, including its name, description, and widget configurations.

" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

You do not have sufficient permissions to perform this action. Verify your IAM permissions and any resource policies.

", + "exception":true + }, + "CostAndUsageQuery":{ + "type":"structure", + "required":[ + "metrics", + "timeRange", + "granularity" + ], + "members":{ + "metrics":{ + "shape":"MetricNames", + "documentation":"

The specific cost and usage metrics to retrieve.

Valid values for CostAndUsageQuery metrics are AmortizedCost, BlendedCost, NetAmortizedCost, NetUnblendedCost, NormalizedUsageAmount, UnblendedCost, and UsageQuantity.

" + }, + "timeRange":{ + "shape":"DateTimeRange", + "documentation":"

The time period for which to retrieve data. Can be specified as absolute dates or relative time periods.

" + }, + "granularity":{ + "shape":"Granularity", + "documentation":"

The granularity of the retrieved data: HOURLY, DAILY, or MONTHLY.

" + }, + "groupBy":{ + "shape":"GroupDefinitions", + "documentation":"

Specifies how to group the retrieved data, such as by SERVICE, ACCOUNT, or TAG.

" + }, + "filter":{ + "shape":"Expression", + "documentation":"

The filter expression to be applied to the cost and usage data.

" + } + }, + "documentation":"

Defines the parameters for retrieving Amazon Web Services cost and usage data. Includes specifications for metrics, time periods, granularity, grouping dimensions, and filtering conditions.

" + }, + "CostCategoryValues":{ + "type":"structure", + "members":{ + "key":{ + "shape":"String", + "documentation":"

The key of the cost category to filter on.

" + }, + "values":{ + "shape":"StringList", + "documentation":"

The values to match for the specified cost category key.

" + }, + "matchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options for cost category values, such as EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH.

" + } + }, + "documentation":"

Specifies the values and match options for cost category-based filtering in cost and usage queries.

" + }, + "CreateDashboardRequest":{ + "type":"structure", + "required":[ + "name", + "widgets" + ], + "members":{ + "name":{ + "shape":"DashboardName", + "documentation":"

The name of the dashboard. The name must be unique within your account.

" + }, + "description":{ + "shape":"Description", + "documentation":"

A description of the dashboard's purpose or contents.

" + }, + "widgets":{ + "shape":"WidgetList", + "documentation":"

An array of widget configurations that define the visualizations to be displayed in the dashboard. Each dashboard can contain up to 20 widgets.

" + }, + "resourceTags":{ + "shape":"ResourceTagList", + "documentation":"

The tags to apply to the dashboard resource for organization and management.

" + } + } + }, + "CreateDashboardResponse":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the newly created dashboard.

" + } + } + }, + "DashboardArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws[-a-z0-9]*:bcm-dashboards::[0-9]{12}:dashboard/(\\*|[-a-z0-9]+)" + }, + "DashboardName":{ + "type":"string", + "max":50, + "min":2, + "pattern":"(?!.* {2})[a-zA-Z][a-zA-Z0-9 _-]{0,48}[a-zA-Z0-9_-]" + }, + "DashboardReference":{ + "type":"structure", + "required":[ + "arn", + "name", + "type", + "createdAt", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the referenced dashboard.

" + }, + "name":{ + "shape":"DashboardName", + "documentation":"

The name of the referenced dashboard.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the referenced dashboard.

" + }, + "type":{ + "shape":"DashboardType", + "documentation":"

The dashboard type.

" + }, + "createdAt":{ + "shape":"GenericTimeStamp", + "documentation":"

The timestamp when the dashboard was created.

" + }, + "updatedAt":{ + "shape":"GenericTimeStamp", + "documentation":"

The timestamp when the dashboard was last modified.

" + } + }, + "documentation":"

Contains basic information about a dashboard, including its ARN, name, type, and timestamps.

" + }, + "DashboardReferenceList":{ + "type":"list", + "member":{"shape":"DashboardReference"} + }, + "DashboardType":{ + "type":"string", + "enum":["CUSTOM"] + }, + "DateTimeRange":{ + "type":"structure", + "required":[ + "startTime", + "endTime" + ], + "members":{ + "startTime":{ + "shape":"DateTimeValue", + "documentation":"

The start time of the date range for querying data.

" + }, + "endTime":{ + "shape":"DateTimeValue", + "documentation":"

The end time of the date range for querying data.

" + } + }, + "documentation":"

Defines a time period with explicit start and end times for data queries.

" + }, + "DateTimeType":{ + "type":"string", + "enum":[ + "ABSOLUTE", + "RELATIVE" + ] + }, + "DateTimeValue":{ + "type":"structure", + "required":[ + "type", + "value" + ], + "members":{ + "type":{ + "shape":"DateTimeType", + "documentation":"

The type of date/time value: ABSOLUTE for specific dates or RELATIVE for dynamic time periods.

" + }, + "value":{ + "shape":"GenericString", + "documentation":"

The actual date/time value.

" + } + }, + "documentation":"

Represents a point in time that can be specified as either an absolute date (for example, \"2025-07-01\") or a relative time period using ISO 8601 duration format (for example, \"-P3M\" for three months ago).

" + }, + "DeleteDashboardRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard to be deleted.

" + } + } + }, + "DeleteDashboardResponse":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard that was deleted.

" + } + } + }, + "Description":{ + "type":"string", + "max":200, + "min":1, + "pattern":"(?!.* {2})[ a-zA-Z0-9.,!?;:@#$%&\\-_/\\\\]*" + }, + "Dimension":{ + "type":"string", + "enum":[ + "AZ", + "INSTANCE_TYPE", + "LINKED_ACCOUNT", + "OPERATION", + "PURCHASE_TYPE", + "REGION", + "SERVICE", + "USAGE_TYPE", + "USAGE_TYPE_GROUP", + "RECORD_TYPE", + "RESOURCE_ID", + "SUBSCRIPTION_ID", + "TAG_KEY", + "OPERATING_SYSTEM", + "TENANCY", + "BILLING_ENTITY", + "RESERVATION_ID", + "COST_CATEGORY_NAME", + "DATABASE_ENGINE", + "LEGAL_ENTITY_NAME", + "SAVINGS_PLANS_TYPE", + "INSTANCE_TYPE_FAMILY", + "CACHE_ENGINE", + "DEPLOYMENT_OPTION", + "SCOPE", + "PLATFORM" + ] + }, + "DimensionValues":{ + "type":"structure", + "required":[ + "key", + "values" + ], + "members":{ + "key":{ + "shape":"Dimension", + "documentation":"

The key of the dimension to filter on (for example, SERVICE, USAGE_TYPE, or OPERATION).

" + }, + "values":{ + "shape":"StringList", + "documentation":"

The values to match for the specified dimension key.

" + }, + "matchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options for dimension values, such as EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH.

" + } + }, + "documentation":"

Specifies the values and match options for dimension-based filtering in cost and usage queries.

" + }, + "DisplayConfig":{ + "type":"structure", + "members":{ + "graph":{ + "shape":"GraphDisplayConfigMap", + "documentation":"

The configuration for graphical display of the widget data, including chart type and visual options.

" + }, + "table":{ + "shape":"TableDisplayConfigStruct", + "documentation":"

The configuration for tabular display of the widget data.

" + } + }, + "documentation":"

Defines how the widget's data should be visualized, including chart type, color schemes, axis configurations, and other display preferences.

", + "union":true + }, + "Expression":{ + "type":"structure", + "members":{ + "or":{ + "shape":"Expressions", + "documentation":"

A list of expressions to combine with OR logic.

" + }, + "and":{ + "shape":"Expressions", + "documentation":"

A list of expressions to combine with AND logic.

" + }, + "not":{ + "shape":"Expression", + "documentation":"

An expression to negate with NOT logic.

" + }, + "dimensions":{ + "shape":"DimensionValues", + "documentation":"

The dimension values to include in the filter expression.

" + }, + "tags":{ + "shape":"TagValues", + "documentation":"

The tag values to include in the filter expression.

" + }, + "costCategories":{ + "shape":"CostCategoryValues", + "documentation":"

The cost category values to include in the filter expression.

" + } + }, + "documentation":"

Defines complex filtering conditions using logical operators (AND, OR, NOT) and various filter types.

" + }, + "Expressions":{ + "type":"list", + "member":{"shape":"Expression"} + }, + "GenericString":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\S\\s]*" + }, + "GenericTimeStamp":{"type":"timestamp"}, + "GetDashboardRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard to retrieve. This is required to uniquely identify the dashboard.

" + } + } + }, + "GetDashboardResponse":{ + "type":"structure", + "required":[ + "arn", + "name", + "type", + "widgets", + "createdAt", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the retrieved dashboard.

" + }, + "name":{ + "shape":"DashboardName", + "documentation":"

The name of the retrieved dashboard.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the retrieved dashboard.

" + }, + "type":{ + "shape":"DashboardType", + "documentation":"

Indicates the dashboard type.

" + }, + "widgets":{ + "shape":"WidgetList", + "documentation":"

An array of widget configurations that make up the dashboard.

" + }, + "createdAt":{ + "shape":"GenericTimeStamp", + "documentation":"

The timestamp when the dashboard was created.

" + }, + "updatedAt":{ + "shape":"GenericTimeStamp", + "documentation":"

The timestamp when the dashboard was last modified.

" + } + } + }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard whose resource-based policy you want to retrieve.

" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "required":[ + "resourceArn", + "policyDocument" + ], + "members":{ + "resourceArn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard for which the resource-based policy was retrieved.

" + }, + "policyDocument":{ + "shape":"GenericString", + "documentation":"

The JSON policy document that represents the dashboard's resource-based policy.

" + } + } + }, + "Granularity":{ + "type":"string", + "enum":[ + "HOURLY", + "DAILY", + "MONTHLY" + ] + }, + "GraphDisplayConfig":{ + "type":"structure", + "required":["visualType"], + "members":{ + "visualType":{ + "shape":"VisualType", + "documentation":"

The type of visualization to use for the data.

" + } + }, + "documentation":"

Defines the visual representation settings for widget data, including the visualization type, styling options, and display preferences for different metric types.

" + }, + "GraphDisplayConfigMap":{ + "type":"map", + "key":{"shape":"GenericString"}, + "value":{"shape":"GraphDisplayConfig"} + }, + "GroupDefinition":{ + "type":"structure", + "required":["key"], + "members":{ + "key":{ + "shape":"GroupDefinitionKeyString", + "documentation":"

The key to use for grouping cost and usage data.

" + }, + "type":{ + "shape":"GroupDefinitionType", + "documentation":"

The type of grouping to apply.

" + } + }, + "documentation":"

Specifies how to group cost and usage data.

" + }, + "GroupDefinitionKeyString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[\\S\\s]*" + }, + "GroupDefinitionType":{ + "type":"string", + "enum":[ + "DIMENSION", + "TAG", + "COST_CATEGORY" + ] + }, + "GroupDefinitions":{ + "type":"list", + "member":{"shape":"GroupDefinition"} + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

An internal error occurred while processing the request. Retry your request. If the problem persists, contact Amazon Web Services Support.

", + "exception":true, + "fault":true + }, + "ListDashboardsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. The default value is 20.

" + }, + "nextToken":{ + "shape":"NextPageToken", + "documentation":"

The token for the next page of results. Use the value returned in the previous response.

" + } + } + }, + "ListDashboardsResponse":{ + "type":"structure", + "required":["dashboards"], + "members":{ + "dashboards":{ + "shape":"DashboardReferenceList", + "documentation":"

An array of dashboard references, containing basic information about each dashboard.

" + }, + "nextToken":{ + "shape":"NextPageToken", + "documentation":"

The token to use to retrieve the next page of results. Not returned if there are no more results to retrieve.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"DashboardArn", + "documentation":"

The unique identifier for the resource.

" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "resourceTags":{ + "shape":"ResourceTagList", + "documentation":"

The list of tags associated with the specified dashboard resource.

" + } + } + }, + "MatchOption":{ + "type":"string", + "enum":[ + "EQUALS", + "ABSENT", + "STARTS_WITH", + "ENDS_WITH", + "CONTAINS", + "GREATER_THAN_OR_EQUAL", + "CASE_SENSITIVE", + "CASE_INSENSITIVE" + ] + }, + "MatchOptions":{ + "type":"list", + "member":{"shape":"MatchOption"} + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "MetricName":{ + "type":"string", + "enum":[ + "AmortizedCost", + "BlendedCost", + "NetAmortizedCost", + "NetUnblendedCost", + "NormalizedUsageAmount", + "UnblendedCost", + "UsageQuantity", + "SpendCoveredBySavingsPlans", + "Hour", + "Unit", + "Cost" + ] + }, + "MetricNames":{ + "type":"list", + "member":{"shape":"MetricName"} + }, + "NextPageToken":{ + "type":"string", + "max":8192, + "min":1, + "pattern":"[\\S\\s]*" + }, + "QueryParameters":{ + "type":"structure", + "members":{ + "costAndUsage":{ + "shape":"CostAndUsageQuery", + "documentation":"

The parameters for querying cost and usage data, including metrics, time range, granularity, grouping dimensions, and filters.

" + }, + "savingsPlansCoverage":{ + "shape":"SavingsPlansCoverageQuery", + "documentation":"

The parameters for querying Savings Plans coverage data, showing how much of your eligible compute usage is covered by Savings Plans.

" + }, + "savingsPlansUtilization":{ + "shape":"SavingsPlansUtilizationQuery", + "documentation":"

The parameters for querying Savings Plans utilization data, showing how effectively your Savings Plans are being used.

" + }, + "reservationCoverage":{ + "shape":"ReservationCoverageQuery", + "documentation":"

The parameters for querying Reserved Instance coverage data, showing how much of your eligible instance usage is covered by Reserved Instances.

" + }, + "reservationUtilization":{ + "shape":"ReservationUtilizationQuery", + "documentation":"

The parameters for querying Reserved Instance utilization data, showing how effectively your Reserved Instances are being used.

" + } + }, + "documentation":"

Defines the data retrieval parameters for a widget.

", + "union":true + }, + "ReservationCoverageQuery":{ + "type":"structure", + "required":["timeRange"], + "members":{ + "timeRange":{"shape":"DateTimeRange"}, + "groupBy":{ + "shape":"GroupDefinitions", + "documentation":"

Specifies how to group the Reserved Instance coverage data, such as by service, Region, or instance type.

" + }, + "granularity":{ + "shape":"Granularity", + "documentation":"

The time granularity of the retrieved data: HOURLY, DAILY, or MONTHLY.

" + }, + "filter":{"shape":"Expression"}, + "metrics":{ + "shape":"MetricNames", + "documentation":"

The coverage metrics to include in the results.

Valid values for ReservationCoverageQuery metrics are Hour, Unit, and Cost.

" + } + }, + "documentation":"

Defines the parameters for querying Reserved Instance coverage data, including grouping options, metrics, and sorting preferences.

" + }, + "ReservationUtilizationQuery":{ + "type":"structure", + "required":["timeRange"], + "members":{ + "timeRange":{"shape":"DateTimeRange"}, + "groupBy":{ + "shape":"GroupDefinitions", + "documentation":"

Specifies how to group the Reserved Instance utilization data, such as by service, Region, or instance type.

" + }, + "granularity":{ + "shape":"Granularity", + "documentation":"

The time granularity of the retrieved data: HOURLY, DAILY, or MONTHLY.

" + }, + "filter":{"shape":"Expression"} + }, + "documentation":"

Defines the parameters for querying Reserved Instance utilization data, including grouping options and time granularity.

" + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

The specified resource (dashboard, policy, or widget) was not found. Verify the ARN and try again.

", + "exception":true + }, + "ResourceTag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{ + "shape":"ResourceTagKey", + "documentation":"

The key of the tag to be attached to the dashboard resource.

" + }, + "value":{ + "shape":"ResourceTagValue", + "documentation":"

The value of the tag to be attached to the dashboard resource.

" + } + }, + "documentation":"

A key-value pair that can be attached to a dashboard for organization and management purposes.

" + }, + "ResourceTagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\S\\s]*" + }, + "ResourceTagKeyList":{ + "type":"list", + "member":{"shape":"ResourceTagKey"}, + "max":200, + "min":0 + }, + "ResourceTagList":{ + "type":"list", + "member":{"shape":"ResourceTag"}, + "max":200, + "min":0 + }, + "ResourceTagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[\\S\\s]*" + }, + "SavingsPlansCoverageQuery":{ + "type":"structure", + "required":["timeRange"], + "members":{ + "timeRange":{"shape":"DateTimeRange"}, + "metrics":{ + "shape":"MetricNames", + "documentation":"

The coverage metrics to include in the results.

Valid value for SavingsPlansCoverageQuery metrics is SpendCoveredBySavingsPlans.

" + }, + "granularity":{ + "shape":"Granularity", + "documentation":"

The time granularity of the retrieved data: HOURLY, DAILY, or MONTHLY.

" + }, + "groupBy":{ + "shape":"GroupDefinitions", + "documentation":"

Specifies how to group the Savings Plans coverage data, such as by service or instance family.

" + }, + "filter":{"shape":"Expression"} + }, + "documentation":"

Defines the parameters for querying Savings Plans coverage data, including metrics, grouping options, and time granularity.

" + }, + "SavingsPlansUtilizationQuery":{ + "type":"structure", + "required":["timeRange"], + "members":{ + "timeRange":{"shape":"DateTimeRange"}, + "granularity":{ + "shape":"Granularity", + "documentation":"

The time granularity of the retrieved data: HOURLY, DAILY, or MONTHLY.

" + }, + "filter":{"shape":"Expression"} + }, + "documentation":"

Defines the parameters for querying Savings Plans utilization data, including time granularity and sorting preferences.

" + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

The request would exceed service quotas. For example, attempting to create more than 20 widgets in a dashboard or exceeding the maximum number of dashboards per account.

", + "exception":true + }, + "String":{"type":"string"}, + "StringList":{ + "type":"list", + "member":{"shape":"String"} + }, + "TableDisplayConfigStruct":{ + "type":"structure", + "members":{}, + "documentation":"

Configuration structure for customizing the tabular display of widget data.

" + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "resourceTags" + ], + "members":{ + "resourceArn":{ + "shape":"DashboardArn", + "documentation":"

The unique identifier for the resource.

" + }, + "resourceTags":{ + "shape":"ResourceTagList", + "documentation":"

The tags to add to the dashboard resource.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValues":{ + "type":"structure", + "members":{ + "key":{ + "shape":"String", + "documentation":"

The key of the tag to filter on.

" + }, + "values":{ + "shape":"StringList", + "documentation":"

The values to match for the specified tag key.

" + }, + "matchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options for tag values, such as EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH.

" + } + }, + "documentation":"

Specifies tag-based filtering options for cost and usage queries.

" + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

The request was denied due to request throttling. Reduce the frequency of requests and use exponential backoff.

", + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "resourceTagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"DashboardArn", + "documentation":"

The unique identifier for the resource.

" + }, + "resourceTagKeys":{ + "shape":"ResourceTagKeyList", + "documentation":"

The keys of the tags to remove from the dashboard resource.

" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateDashboardRequest":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the dashboard to update.

" + }, + "name":{ + "shape":"DashboardName", + "documentation":"

The new name for the dashboard. If not specified, the existing name is retained.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The new description for the dashboard. If not specified, the existing description is retained.

" + }, + "widgets":{ + "shape":"WidgetList", + "documentation":"

The updated array of widget configurations for the dashboard. Replaces all existing widgets.

" + } + } + }, + "UpdateDashboardResponse":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"DashboardArn", + "documentation":"

The ARN of the updated dashboard.

" + } + } + }, + "ValidationException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

The input parameters do not satisfy the requirements. Check the error message for specific validation details.

", + "exception":true + }, + "VisualType":{ + "type":"string", + "enum":[ + "LINE", + "BAR", + "STACK" + ] + }, + "Widget":{ + "type":"structure", + "required":[ + "title", + "configs" + ], + "members":{ + "title":{ + "shape":"WidgetTitle", + "documentation":"

The title of the widget.

" + }, + "description":{ + "shape":"Description", + "documentation":"

A description of the widget's purpose or the data it displays.

" + }, + "width":{ + "shape":"WidgetWidth", + "documentation":"

The width of the widget in column spans. The dashboard layout consists of a grid system.

" + }, + "height":{ + "shape":"WidgetHeight", + "documentation":"

The height of the widget in row spans. The dashboard layout consists of a grid system.

" + }, + "horizontalOffset":{ + "shape":"Integer", + "documentation":"

Specifies the starting column position of the widget in the dashboard's grid layout. Used to control widget placement.

" + }, + "configs":{ + "shape":"WidgetConfigList", + "documentation":"

An array of configurations that define the data queries and display settings for the widget.

" + } + }, + "documentation":"

A configurable visualization component within a dashboard that displays specific cost and usage metrics. Each widget can show data as charts or tables and includes settings for data querying, filtering, and visual presentation.

" + }, + "WidgetConfig":{ + "type":"structure", + "required":[ + "queryParameters", + "displayConfig" + ], + "members":{ + "queryParameters":{ + "shape":"QueryParameters", + "documentation":"

The parameters that define what data the widget should retrieve and how it should be filtered or grouped.

" + }, + "displayConfig":{ + "shape":"DisplayConfig", + "documentation":"

The configuration that determines how the retrieved data should be visualized in the widget.

" + } + }, + "documentation":"

Defines the complete configuration for a widget, including data retrieval settings and visualization preferences.

" + }, + "WidgetConfigList":{ + "type":"list", + "member":{"shape":"WidgetConfig"}, + "max":2, + "min":1 + }, + "WidgetHeight":{ + "type":"integer", + "box":true, + "max":10, + "min":4 + }, + "WidgetList":{ + "type":"list", + "member":{"shape":"Widget"}, + "max":20, + "min":0 + }, + "WidgetTitle":{ + "type":"string", + "max":50, + "min":2, + "pattern":"(?!.* {2})[a-zA-Z0-9_-][ a-zA-Z0-9_-]*[a-zA-Z0-9_-]" + }, + "WidgetWidth":{ + "type":"integer", + "box":true, + "max":6, + "min":2 + } + }, + "documentation":"

Amazon Web Services Billing and Cost Management Dashboards is a service that enables you to create, manage, and share dashboards that combine multiple visualizations of your Amazon Web Services cost and usage data. You can combine multiple data sources including Cost Explorer, Savings Plans, and Reserved Instance metrics into unified dashboards, helping you analyze spending patterns and share cost insights across your organization.

You can use the Amazon Web Services Billing and Cost Management Dashboards API to programmatically create, manage, and share dashboards. This includes creating custom dashboards, configuring widgets, managing dashboard permissions, and sharing dashboards across accounts in your organization.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/waiters-2.json 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bcm-dashboards/2025-08-18/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-dashboards/2025-08-18/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bcm-data-exports/2023-11-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bcm-data-exports/2023-11-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bcm-data-exports/2023-11-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-data-exports/2023-11-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/service-2.json 2.31.35-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/service-2.json --- 2.23.6-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-pricing-calculator/2024-06-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -32,7 +32,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Create Compute Savings Plans, EC2 Instance Savings Plans, or EC2 Reserved Instances commitments that you want to model in a Bill Scenario.

", + "documentation":"

Create Compute Savings Plans, EC2 Instance Savings Plans, or EC2 Reserved Instances commitments that you want to model in a Bill Scenario.

The BatchCreateBillScenarioCommitmentModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:CreateBillScenarioCommitmentModification in your policies.

", "idempotent":true }, "BatchCreateBillScenarioUsageModification":{ @@ -53,7 +53,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Create Amazon Web Services service usage that you want to model in a Bill Scenario.

", + "documentation":"

Create Amazon Web Services service usage that you want to model in a Bill Scenario.

The BatchCreateBillScenarioUsageModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:CreateBillScenarioUsageModification in your policies.

", "idempotent":true }, "BatchCreateWorkloadEstimateUsage":{ @@ -74,7 +74,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Create Amazon Web Services service usage that you want to model in a Workload Estimate.

", + "documentation":"

Create Amazon Web Services service usage that you want to model in a Workload Estimate.

The BatchCreateWorkloadEstimateUsage operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:CreateWorkloadEstimateUsage in your policies.

", "idempotent":true }, "BatchDeleteBillScenarioCommitmentModification":{ @@ -86,6 +86,7 @@ "input":{"shape":"BatchDeleteBillScenarioCommitmentModificationRequest"}, "output":{"shape":"BatchDeleteBillScenarioCommitmentModificationResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"DataUnavailableException"}, {"shape":"InternalServerException"}, @@ -93,7 +94,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Delete commitment that you have created in a Bill Scenario. You can only delete a commitment that you had added and cannot model deletion (or removal) of a existing commitment. If you want model deletion of an existing commitment, see the negate BillScenarioCommitmentModificationAction of BatchCreateBillScenarioCommitmentModification operation.

", + "documentation":"

Delete commitment that you have created in a Bill Scenario. You can only delete a commitment that you had added and cannot model deletion (or removal) of a existing commitment. If you want model deletion of an existing commitment, see the negate BillScenarioCommitmentModificationAction of BatchCreateBillScenarioCommitmentModification operation.

The BatchDeleteBillScenarioCommitmentModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:DeleteBillScenarioCommitmentModification in your policies.

", "idempotent":true }, "BatchDeleteBillScenarioUsageModification":{ @@ -105,6 +106,7 @@ "input":{"shape":"BatchDeleteBillScenarioUsageModificationRequest"}, "output":{"shape":"BatchDeleteBillScenarioUsageModificationResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"DataUnavailableException"}, {"shape":"ServiceQuotaExceededException"}, @@ -113,7 +115,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Delete usage that you have created in a Bill Scenario. You can only delete usage that you had added and cannot model deletion (or removal) of a existing usage. If you want model removal of an existing usage, see BatchUpdateBillScenarioUsageModification.

", + "documentation":"

Delete usage that you have created in a Bill Scenario. You can only delete usage that you had added and cannot model deletion (or removal) of a existing usage. If you want model removal of an existing usage, see BatchUpdateBillScenarioUsageModification.

The BatchDeleteBillScenarioUsageModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:DeleteBillScenarioUsageModification in your policies.

", "idempotent":true }, "BatchDeleteWorkloadEstimateUsage":{ @@ -133,7 +135,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Delete usage that you have created in a Workload estimate. You can only delete usage that you had added and cannot model deletion (or removal) of a existing usage. If you want model removal of an existing usage, see BatchUpdateWorkloadEstimateUsage.

", + "documentation":"

Delete usage that you have created in a Workload estimate. You can only delete usage that you had added and cannot model deletion (or removal) of a existing usage. If you want model removal of an existing usage, see BatchUpdateWorkloadEstimateUsage.

The BatchDeleteWorkloadEstimateUsage operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:DeleteWorkloadEstimateUsage in your policies.

", "idempotent":true }, "BatchUpdateBillScenarioCommitmentModification":{ @@ -145,6 +147,7 @@ "input":{"shape":"BatchUpdateBillScenarioCommitmentModificationRequest"}, "output":{"shape":"BatchUpdateBillScenarioCommitmentModificationResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"DataUnavailableException"}, {"shape":"InternalServerException"}, @@ -152,7 +155,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Update a newly added or existing commitment. You can update the commitment group based on a commitment ID and a Bill scenario ID.

", + "documentation":"

Update a newly added or existing commitment. You can update the commitment group based on a commitment ID and a Bill scenario ID.

The BatchUpdateBillScenarioCommitmentModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:UpdateBillScenarioCommitmentModification in your policies.

", "idempotent":true }, "BatchUpdateBillScenarioUsageModification":{ @@ -164,6 +167,7 @@ "input":{"shape":"BatchUpdateBillScenarioUsageModificationRequest"}, "output":{"shape":"BatchUpdateBillScenarioUsageModificationResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"DataUnavailableException"}, {"shape":"ServiceQuotaExceededException"}, @@ -172,7 +176,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Update a newly added or existing usage lines. You can update the usage amounts, usage hour, and usage group based on a usage ID and a Bill scenario ID.

", + "documentation":"

Update a newly added or existing usage lines. You can update the usage amounts, usage hour, and usage group based on a usage ID and a Bill scenario ID.

The BatchUpdateBillScenarioUsageModification operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:UpdateBillScenarioUsageModification in your policies.

", "idempotent":true }, "BatchUpdateWorkloadEstimateUsage":{ @@ -192,7 +196,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Update a newly added or existing usage lines. You can update the usage amounts and usage group based on a usage ID and a Workload estimate ID.

", + "documentation":"

Update a newly added or existing usage lines. You can update the usage amounts and usage group based on a usage ID and a Workload estimate ID.

The BatchUpdateWorkloadEstimateUsage operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission bcm-pricing-calculator:UpdateWorkloadEstimateUsage in your policies.

", "idempotent":true }, "CreateBillEstimate":{ @@ -283,6 +287,7 @@ "input":{"shape":"DeleteBillScenarioRequest"}, "output":{"shape":"DeleteBillScenarioResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"DataUnavailableException"}, {"shape":"InternalServerException"}, @@ -361,7 +366,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves the current preferences for the Amazon Web Services Cost Explorer service.

" + "documentation":"

Retrieves the current preferences for Pricing Calculator.

" }, "GetWorkloadEstimate":{ "name":"GetWorkloadEstimate", @@ -666,7 +671,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Updates the preferences for the Amazon Web Services Cost Explorer service.

", + "documentation":"

Updates the preferences for Pricing Calculator.

", "idempotent":true }, "UpdateWorkloadEstimate":{ @@ -2001,7 +2006,8 @@ "enum":[ "READY", "LOCKED", - "FAILED" + "FAILED", + "STALE" ] }, "BillScenarioSummaries":{ @@ -2575,6 +2581,10 @@ "memberAccountRateTypeSelections":{ "shape":"RateTypes", "documentation":"

The preferred rate types for member accounts.

" + }, + "standaloneAccountRateTypeSelections":{ + "shape":"RateTypes", + "documentation":"

The preferred rate types for a standalone account.

" } } }, @@ -2920,11 +2930,11 @@ }, "createdAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter bill estimates based on their creation date.

" + "documentation":"

Filter bill estimates based on the creation date.

" }, "expiresAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter bill estimates based on their expiration date.

" + "documentation":"

Filter bill estimates based on the expiration date.

" }, "nextToken":{ "shape":"NextPageToken", @@ -3061,11 +3071,11 @@ }, "createdAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter bill scenarios based on their creation date.

" + "documentation":"

Filter bill scenarios based on the creation date.

" }, "expiresAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter bill scenarios based on their expiration date.

" + "documentation":"

Filter bill scenarios based on the expiration date.

" }, "nextToken":{ "shape":"NextPageToken", @@ -3172,7 +3182,7 @@ "documentation":"

A token to retrieve the next page of results.

" }, "maxResults":{ - "shape":"MaxResults", + "shape":"WorkloadEstimateUsageMaxResults", "documentation":"

The maximum number of results to return per page.

" } } @@ -3232,11 +3242,11 @@ "members":{ "createdAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter workload estimates based on their creation date.

" + "documentation":"

Filter workload estimates based on the creation date.

" }, "expiresAtFilter":{ "shape":"FilterTimestamp", - "documentation":"

Filter workload estimates based on their expiration date.

" + "documentation":"

Filter workload estimates based on the expiration date.

" }, "filters":{ "shape":"ListWorkloadEstimatesFilters", @@ -3276,7 +3286,8 @@ "MaxResults":{ "type":"integer", "box":true, - "max":25 + "max":25, + "min":1 }, "NegateReservedInstanceAction":{ "type":"structure", @@ -3321,13 +3332,14 @@ "type":"string", "enum":[ "BEFORE_DISCOUNTS", - "AFTER_DISCOUNTS" + "AFTER_DISCOUNTS", + "AFTER_DISCOUNTS_AND_COMMITMENTS" ] }, "RateTypes":{ "type":"list", "member":{"shape":"RateType"}, - "max":2, + "max":3, "min":1 }, "ReservedInstanceInstanceCount":{ @@ -3626,6 +3638,10 @@ "memberAccountRateTypeSelections":{ "shape":"RateTypes", "documentation":"

The updated preferred rate types for member accounts.

" + }, + "standaloneAccountRateTypeSelections":{ + "shape":"RateTypes", + "documentation":"

The updated preferred rate types for a standalone account.

" } } }, @@ -3639,6 +3655,10 @@ "memberAccountRateTypeSelections":{ "shape":"RateTypes", "documentation":"

The updated preferred rate types for member accounts.

" + }, + "standaloneAccountRateTypeSelections":{ + "shape":"RateTypes", + "documentation":"

The updated preferred rate types for a standalone account.

" } } }, @@ -3851,7 +3871,8 @@ "type":"string", "enum":[ "BEFORE_DISCOUNTS", - "AFTER_DISCOUNTS" + "AFTER_DISCOUNTS", + "AFTER_DISCOUNTS_AND_COMMITMENTS" ] }, "WorkloadEstimateStatus":{ @@ -3986,6 +4007,12 @@ "type":"list", "member":{"shape":"WorkloadEstimateUsageItem"} }, + "WorkloadEstimateUsageMaxResults":{ + "type":"integer", + "box":true, + "max":300, + "min":1 + }, "WorkloadEstimateUsageQuantity":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,151 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://bcm-recommended-actions-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://bcm-recommended-actions.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/paginators-1.json 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +{ + "pagination": { + "ListRecommendedActions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "recommendedActions" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json --- 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,328 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-11-14", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"bcm-recommended-actions", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"AWS Billing and Cost Management Recommended Actions", + "serviceId":"BCM Recommended Actions", + "signatureVersion":"v4", + "signingName":"bcm-recommended-actions", + "targetPrefix":"AWSBillingAndCostManagementRecommendedActions", + "uid":"bcm-recommended-actions-2024-11-14" + }, + "operations":{ + "ListRecommendedActions":{ + "name":"ListRecommendedActions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRecommendedActionsRequest"}, + "output":{"shape":"ListRecommendedActionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Returns a list of recommended actions that match the filter criteria.

" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

You do not have sufficient access to perform this action.

", + "exception":true + }, + "AccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]{12}" + }, + "ActionFilter":{ + "type":"structure", + "required":[ + "key", + "matchOption", + "values" + ], + "members":{ + "key":{ + "shape":"FilterName", + "documentation":"

The category to filter on. Valid values are FEATURE for feature type, SEVERITY for severity level, and TYPE for recommendation type.

" + }, + "matchOption":{ + "shape":"MatchOption", + "documentation":"

Specifies how to apply the filter. Use EQUALS to include matching results or NOT_EQUALS to exclude matching results.

" + }, + "values":{ + "shape":"FilterValues", + "documentation":"

One or more values to match against the specified key.

" + } + }, + "documentation":"

Describes a filter that returns a more specific list of recommended actions.

" + }, + "ActionFilterList":{ + "type":"list", + "member":{"shape":"ActionFilter"} + }, + "ActionType":{ + "type":"string", + "enum":[ + "ADD_ALTERNATE_BILLING_CONTACT", + "CREATE_ANOMALY_MONITOR", + "CREATE_BUDGET", + "ENABLE_COST_OPTIMIZATION_HUB", + "MIGRATE_TO_GRANULAR_PERMISSIONS", + "PAYMENTS_DUE", + "PAYMENTS_PAST_DUE", + "REVIEW_ANOMALIES", + "REVIEW_BUDGET_ALERTS", + "REVIEW_BUDGETS_EXCEEDED", + "REVIEW_EXPIRING_RI", + "REVIEW_EXPIRING_SP", + "REVIEW_FREETIER_USAGE_ALERTS", + "REVIEW_SAVINGS_OPPORTUNITY_RECOMMENDATIONS", + "UPDATE_EXPIRED_PAYMENT_METHOD", + "UPDATE_INVALID_PAYMENT_METHOD", + "UPDATE_TAX_EXEMPTION_CERTIFICATE", + "UPDATE_TAX_REGISTRATION_NUMBER" + ] + }, + "Context":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, + "Feature":{ + "type":"string", + "enum":[ + "ACCOUNT", + "BUDGETS", + "COST_ANOMALY_DETECTION", + "COST_OPTIMIZATION_HUB", + "FREE_TIER", + "IAM", + "PAYMENTS", + "RESERVATIONS", + "SAVINGS_PLANS", + "TAX_SETTINGS" + ] + }, + "FilterName":{ + "type":"string", + "enum":[ + "FEATURE", + "SEVERITY", + "TYPE" + ] + }, + "FilterValue":{ + "type":"string", + "max":1024, + "min":1, + "pattern":".*[\\S\\s]*.*" + }, + "FilterValues":{ + "type":"list", + "member":{"shape":"FilterValue"}, + "min":1 + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

An unexpected error occurred during the processing of your request.

", + "exception":true, + "fault":true + }, + "ListRecommendedActionsRequest":{ + "type":"structure", + "members":{ + "filter":{ + "shape":"RequestFilter", + "documentation":"

The criteria that you want all returned recommended actions to match.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token that indicates the next set of results that you want to retrieve.

" + } + } + }, + "ListRecommendedActionsResponse":{ + "type":"structure", + "required":["recommendedActions"], + "members":{ + "recommendedActions":{ + "shape":"RecommendedActions", + "documentation":"

The list of recommended actions that satisfy the filter criteria.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token that indicates the next set of results that you want to retrieve.

" + } + } + }, + "MatchOption":{ + "type":"string", + "enum":[ + "EQUALS", + "NOT_EQUALS" + ] + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "NextStep":{"type":"string"}, + "NextSteps":{ + "type":"list", + "member":{"shape":"NextStep"} + }, + "NextToken":{ + "type":"string", + "max":8192, + "min":1, + "pattern":"[\\S\\s]*" + }, + "RecommendedAction":{ + "type":"structure", + "members":{ + "id":{ + "shape":"String", + "documentation":"

The ID for the recommended action.

" + }, + "type":{ + "shape":"ActionType", + "documentation":"

The type of action you can take by adopting the recommended action.

" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"

The account that the recommended action is for.

" + }, + "severity":{ + "shape":"Severity", + "documentation":"

The severity associated with the recommended action.

" + }, + "feature":{ + "shape":"Feature", + "documentation":"

The feature associated with the recommended action.

" + }, + "context":{ + "shape":"Context", + "documentation":"

Context that applies to the recommended action.

" + }, + "nextSteps":{ + "shape":"NextSteps", + "documentation":"

The possible next steps to execute the recommended action.

" + }, + "lastUpdatedTimeStamp":{ + "shape":"String", + "documentation":"

The time when the recommended action status was last updated.

" + } + }, + "documentation":"

Describes a specific recommended action.

" + }, + "RecommendedActions":{ + "type":"list", + "member":{"shape":"RecommendedAction"} + }, + "RequestFilter":{ + "type":"structure", + "members":{ + "actions":{ + "shape":"ActionFilterList", + "documentation":"

A list of action filters that define criteria for filtering results. Each filter specifies a key, match option, and corresponding values to filter on.

" + } + }, + "documentation":"

Enables filtering of results based on specified action criteria. You can define multiple action filters to refine results using combinations of feature type, severity level, and recommendation type.

" + }, + "Severity":{ + "type":"string", + "enum":[ + "INFO", + "WARNING", + "CRITICAL" + ] + }, + "String":{"type":"string"}, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request was denied due to request throttling.

", + "exception":true + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"String"}, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

Provides a single, overarching explanation for the validation failure.

" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

Lists each problematic field and why it failed validation.

" + } + }, + "documentation":"

The input fails to satisfy the constraints specified by an Amazon Web Services service.

", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

Provides the name of the field that failed validation.

" + }, + "message":{ + "shape":"String", + "documentation":"

Provides a message explaining why the field failed validation.

" + } + }, + "documentation":"

Provides specific details about why a particular field failed validation.

" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "unknownOperation", + "cannotParse", + "fieldValidationFailed", + "other" + ] + } + }, + "documentation":"

You can use the Billing and Cost Management Recommended Actions API to programmatically query your best practices and recommendations to optimize your costs.

The Billing and Cost Management Recommended Actions API provides the following endpoint:

  • https://bcm-recommended-actions.us-east-1.api.aws

" +} diff -pruN 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/waiters-2.json 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bcm-recommended-actions/2024-11-14/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -71,6 +71,36 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "promptRouterSummaries" + }, + "ListCustomModelDeployments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "modelDeploymentSummaries" + }, + "ListAutomatedReasoningPolicies": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "automatedReasoningPolicySummaries" + }, + "ListAutomatedReasoningPolicyBuildWorkflows": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "automatedReasoningPolicyBuildWorkflowSummaries" + }, + "ListAutomatedReasoningPolicyTestCases": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "testCases" + }, + "ListAutomatedReasoningPolicyTestResults": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "testResults" } } } diff -pruN 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/service-2.json 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock/2023-04-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock/2023-04-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,7 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-04-20", - "auth":["aws.auth#sigv4"], + "auth":[ + "aws.auth#sigv4", + "smithy.api#httpBearerAuth" + ], "endpointPrefix":"bedrock", "protocol":"rest-json", "protocols":["rest-json"], @@ -32,6 +35,133 @@ ], "documentation":"

Deletes a batch of evaluation jobs. An evaluation job can only be deleted if it has following status FAILED, COMPLETED, and STOPPED. You can request up to 25 model evaluation jobs be deleted in a single request.

" }, + "CancelAutomatedReasoningPolicyBuildWorkflow":{ + "name":"CancelAutomatedReasoningPolicyBuildWorkflow", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/cancel", + "responseCode":202 + }, + "input":{"shape":"CancelAutomatedReasoningPolicyBuildWorkflowRequest"}, + "output":{"shape":"CancelAutomatedReasoningPolicyBuildWorkflowResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Cancels a running Automated Reasoning policy build workflow. This stops the policy generation process and prevents further processing of the source documents.

", + "idempotent":true + }, + "CreateAutomatedReasoningPolicy":{ + "name":"CreateAutomatedReasoningPolicy", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies", + "responseCode":200 + }, + "input":{"shape":"CreateAutomatedReasoningPolicyRequest"}, + "output":{"shape":"CreateAutomatedReasoningPolicyResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Creates an Automated Reasoning policy for Amazon Bedrock Guardrails. Automated Reasoning policies use mathematical techniques to detect hallucinations, suggest corrections, and highlight unstated assumptions in the responses of your GenAI application.

To create a policy, you upload a source document that describes the rules that you're encoding. Automated Reasoning extracts important concepts from the source document that will become variables in the policy and infers policy rules.

", + "idempotent":true + }, + "CreateAutomatedReasoningPolicyTestCase":{ + "name":"CreateAutomatedReasoningPolicyTestCase", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies/{policyArn}/test-cases", + "responseCode":200 + }, + "input":{"shape":"CreateAutomatedReasoningPolicyTestCaseRequest"}, + "output":{"shape":"CreateAutomatedReasoningPolicyTestCaseResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Creates a test for an Automated Reasoning policy. Tests validate that your policy works as expected by providing sample inputs and expected outcomes. Use tests to verify policy behavior before deploying to production.

", + "idempotent":true + }, + "CreateAutomatedReasoningPolicyVersion":{ + "name":"CreateAutomatedReasoningPolicyVersion", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies/{policyArn}/versions", + "responseCode":200 + }, + "input":{"shape":"CreateAutomatedReasoningPolicyVersionRequest"}, + "output":{"shape":"CreateAutomatedReasoningPolicyVersionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Creates a new version of an existing Automated Reasoning policy. This allows you to iterate on your policy rules while maintaining previous versions for rollback or comparison purposes.

", + "idempotent":true + }, + "CreateCustomModel":{ + "name":"CreateCustomModel", + "http":{ + "method":"POST", + "requestUri":"/custom-models/create-custom-model", + "responseCode":202 + }, + "input":{"shape":"CreateCustomModelRequest"}, + "output":{"shape":"CreateCustomModelResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Creates a new custom model in Amazon Bedrock. After the model is active, you can use it for inference.

To use the model for inference, you must purchase Provisioned Throughput for it. You can't use On-demand inference with these custom models. For more information about Provisioned Throughput, see Provisioned Throughput.

The model appears in ListCustomModels with a customizationType of imported. To track the status of the new model, you use the GetCustomModel API operation. The model can be in the following states:

  • Creating - Initial state during validation and registration

  • Active - Model is ready for use in inference

  • Failed - Creation process encountered an error

Related APIs

", + "idempotent":true + }, + "CreateCustomModelDeployment":{ + "name":"CreateCustomModelDeployment", + "http":{ + "method":"POST", + "requestUri":"/model-customization/custom-model-deployments", + "responseCode":202 + }, + "input":{"shape":"CreateCustomModelDeploymentRequest"}, + "output":{"shape":"CreateCustomModelDeploymentResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deploys a custom model for on-demand inference in Amazon Bedrock. After you deploy your custom model, you use the deployment's Amazon Resource Name (ARN) as the modelId parameter when you submit prompts and generate responses with model inference.

For more information about setting up on-demand inference for custom models, see Set up inference for a custom model.

The following actions are related to the CreateCustomModelDeployment operation:

", + "idempotent":true + }, "CreateEvaluationJob":{ "name":"CreateEvaluationJob", "http":{ @@ -53,6 +183,25 @@ "documentation":"

Creates an evaluation job.

", "idempotent":true }, + "CreateFoundationModelAgreement":{ + "name":"CreateFoundationModelAgreement", + "http":{ + "method":"POST", + "requestUri":"/create-foundation-model-agreement", + "responseCode":202 + }, + "input":{"shape":"CreateFoundationModelAgreementRequest"}, + "output":{"shape":"CreateFoundationModelAgreementResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Request a model access agreement for the specified model.

" + }, "CreateGuardrail":{ "name":"CreateGuardrail", "http":{ @@ -219,6 +368,28 @@ "documentation":"

Creates a batch inference job to invoke a model on multiple prompts. Format your data according to Format your inference data and upload it to an Amazon S3 bucket. For more information, see Process multiple prompts with batch inference.

The response returns a jobArn that you can use to stop or get details about the job.

", "idempotent":true }, + "CreatePromptRouter":{ + "name":"CreatePromptRouter", + "http":{ + "method":"POST", + "requestUri":"/prompt-routers", + "responseCode":200 + }, + "input":{"shape":"CreatePromptRouterRequest"}, + "output":{"shape":"CreatePromptRouterResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Creates a prompt router that manages the routing of requests between multiple foundation models based on the routing criteria.

", + "idempotent":true + }, "CreateProvisionedModelThroughput":{ "name":"CreateProvisionedModelThroughput", "http":{ @@ -240,6 +411,69 @@ "documentation":"

Creates dedicated throughput for a base or custom model with the model units and for the duration that you specify. For pricing details, see Amazon Bedrock Pricing. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide.

", "idempotent":true }, + "DeleteAutomatedReasoningPolicy":{ + "name":"DeleteAutomatedReasoningPolicy", + "http":{ + "method":"DELETE", + "requestUri":"/automated-reasoning-policies/{policyArn}", + "responseCode":202 + }, + "input":{"shape":"DeleteAutomatedReasoningPolicyRequest"}, + "output":{"shape":"DeleteAutomatedReasoningPolicyResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deletes an Automated Reasoning policy or policy version. This operation is idempotent. If you delete a policy more than once, each call succeeds. Deleting a policy removes it permanently and cannot be undone.

", + "idempotent":true + }, + "DeleteAutomatedReasoningPolicyBuildWorkflow":{ + "name":"DeleteAutomatedReasoningPolicyBuildWorkflow", + "http":{ + "method":"DELETE", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}", + "responseCode":202 + }, + "input":{"shape":"DeleteAutomatedReasoningPolicyBuildWorkflowRequest"}, + "output":{"shape":"DeleteAutomatedReasoningPolicyBuildWorkflowResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deletes an Automated Reasoning policy build workflow and its associated artifacts. This permanently removes the workflow history and any generated assets.

", + "idempotent":true + }, + "DeleteAutomatedReasoningPolicyTestCase":{ + "name":"DeleteAutomatedReasoningPolicyTestCase", + "http":{ + "method":"DELETE", + "requestUri":"/automated-reasoning-policies/{policyArn}/test-cases/{testCaseId}", + "responseCode":202 + }, + "input":{"shape":"DeleteAutomatedReasoningPolicyTestCaseRequest"}, + "output":{"shape":"DeleteAutomatedReasoningPolicyTestCaseResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deletes an Automated Reasoning policy test. This operation is idempotent; if you delete a test more than once, each call succeeds.

", + "idempotent":true + }, "DeleteCustomModel":{ "name":"DeleteCustomModel", "http":{ @@ -260,6 +494,45 @@ "documentation":"

Deletes a custom model that you created earlier. For more information, see Custom models in the Amazon Bedrock User Guide.

", "idempotent":true }, + "DeleteCustomModelDeployment":{ + "name":"DeleteCustomModelDeployment", + "http":{ + "method":"DELETE", + "requestUri":"/model-customization/custom-model-deployments/{customModelDeploymentIdentifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteCustomModelDeploymentRequest"}, + "output":{"shape":"DeleteCustomModelDeploymentResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deletes a custom model deployment. This operation stops the deployment and removes it from your account. After deletion, the deployment ARN can no longer be used for inference requests.

The following actions are related to the DeleteCustomModelDeployment operation:

", + "idempotent":true + }, + "DeleteFoundationModelAgreement":{ + "name":"DeleteFoundationModelAgreement", + "http":{ + "method":"POST", + "requestUri":"/delete-foundation-model-agreement", + "responseCode":202 + }, + "input":{"shape":"DeleteFoundationModelAgreementRequest"}, + "output":{"shape":"DeleteFoundationModelAgreementResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Delete the model access agreement for the specified model.

" + }, "DeleteGuardrail":{ "name":"DeleteGuardrail", "http":{ @@ -356,6 +629,25 @@ "documentation":"

Delete the invocation logging.

", "idempotent":true }, + "DeletePromptRouter":{ + "name":"DeletePromptRouter", + "http":{ + "method":"DELETE", + "requestUri":"/prompt-routers/{promptRouterArn}", + "responseCode":200 + }, + "input":{"shape":"DeletePromptRouterRequest"}, + "output":{"shape":"DeletePromptRouterResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Deletes a specified prompt router. This action cannot be undone.

", + "idempotent":true + }, "DeleteProvisionedModelThroughput":{ "name":"DeleteProvisionedModelThroughput", "http":{ @@ -395,6 +687,158 @@ ], "documentation":"

Deregisters an endpoint for a model from Amazon Bedrock Marketplace. This operation removes the endpoint's association with Amazon Bedrock but does not delete the underlying Amazon SageMaker endpoint.

" }, + "ExportAutomatedReasoningPolicyVersion":{ + "name":"ExportAutomatedReasoningPolicyVersion", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/export", + "responseCode":200 + }, + "input":{"shape":"ExportAutomatedReasoningPolicyVersionRequest"}, + "output":{"shape":"ExportAutomatedReasoningPolicyVersionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Exports the policy definition for an Automated Reasoning policy version. Returns the complete policy definition including rules, variables, and custom variable types in a structured format.

", + "readonly":true + }, + "GetAutomatedReasoningPolicy":{ + "name":"GetAutomatedReasoningPolicy", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves details about an Automated Reasoning policy or policy version. Returns information including the policy definition, metadata, and timestamps.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyAnnotations":{ + "name":"GetAutomatedReasoningPolicyAnnotations", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/annotations", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyAnnotationsRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyAnnotationsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves the current annotations for an Automated Reasoning policy build workflow. Annotations contain corrections to the rules, variables and types to be applied to the policy.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyBuildWorkflow":{ + "name":"GetAutomatedReasoningPolicyBuildWorkflow", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyBuildWorkflowRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyBuildWorkflowResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves detailed information about an Automated Reasoning policy build workflow, including its status, configuration, and metadata.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyBuildWorkflowResultAssets":{ + "name":"GetAutomatedReasoningPolicyBuildWorkflowResultAssets", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/result-assets", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyBuildWorkflowResultAssetsRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyBuildWorkflowResultAssetsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves the resulting assets from a completed Automated Reasoning policy build workflow, including build logs, quality reports, and generated policy artifacts.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyNextScenario":{ + "name":"GetAutomatedReasoningPolicyNextScenario", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/scenarios", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyNextScenarioRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyNextScenarioResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves the next test scenario for validating an Automated Reasoning policy. This is used during the interactive policy refinement process to test policy behavior.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyTestCase":{ + "name":"GetAutomatedReasoningPolicyTestCase", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/test-cases/{testCaseId}", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyTestCaseRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyTestCaseResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves details about a specific Automated Reasoning policy test.

", + "readonly":true + }, + "GetAutomatedReasoningPolicyTestResult":{ + "name":"GetAutomatedReasoningPolicyTestResult", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/test-cases/{testCaseId}/test-results", + "responseCode":200 + }, + "input":{"shape":"GetAutomatedReasoningPolicyTestResultRequest"}, + "output":{"shape":"GetAutomatedReasoningPolicyTestResultResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves the test result for a specific Automated Reasoning policy test. Returns detailed validation findings and execution status.

", + "readonly":true + }, "GetCustomModel":{ "name":"GetCustomModel", "http":{ @@ -411,7 +855,27 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Get the properties associated with a Amazon Bedrock custom model that you have created.For more information, see Custom models in the Amazon Bedrock User Guide.

" + "documentation":"

Get the properties associated with a Amazon Bedrock custom model that you have created. For more information, see Custom models in the Amazon Bedrock User Guide.

", + "readonly":true + }, + "GetCustomModelDeployment":{ + "name":"GetCustomModelDeployment", + "http":{ + "method":"GET", + "requestUri":"/model-customization/custom-model-deployments/{customModelDeploymentIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetCustomModelDeploymentRequest"}, + "output":{"shape":"GetCustomModelDeploymentResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Retrieves information about a custom model deployment, including its status, configuration, and metadata. Use this operation to monitor the deployment status and retrieve details needed for inference requests.

The following actions are related to the GetCustomModelDeployment operation:

", + "readonly":true }, "GetEvaluationJob":{ "name":"GetEvaluationJob", @@ -429,7 +893,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets information about an evaluation job, such as the status of the job.

" + "documentation":"

Gets information about an evaluation job, such as the status of the job.

", + "readonly":true }, "GetFoundationModel":{ "name":"GetFoundationModel", @@ -447,7 +912,27 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Get details about a Amazon Bedrock foundation model.

" + "documentation":"

Get details about a Amazon Bedrock foundation model.

", + "readonly":true + }, + "GetFoundationModelAvailability":{ + "name":"GetFoundationModelAvailability", + "http":{ + "method":"GET", + "requestUri":"/foundation-model-availability/{modelId}", + "responseCode":200 + }, + "input":{"shape":"GetFoundationModelAvailabilityRequest"}, + "output":{"shape":"GetFoundationModelAvailabilityResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Get information about the Foundation model availability.

", + "readonly":true }, "GetGuardrail":{ "name":"GetGuardrail", @@ -465,7 +950,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets details about a guardrail. If you don't specify a version, the response returns details for the DRAFT version.

" + "documentation":"

Gets details about a guardrail. If you don't specify a version, the response returns details for the DRAFT version.

", + "readonly":true }, "GetImportedModel":{ "name":"GetImportedModel", @@ -483,7 +969,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets properties associated with a customized model you imported.

" + "documentation":"

Gets properties associated with a customized model you imported.

", + "readonly":true }, "GetInferenceProfile":{ "name":"GetInferenceProfile", @@ -501,7 +988,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets information about an inference profile. For more information, see Increase throughput and resilience with cross-region inference in Amazon Bedrock. in the Amazon Bedrock User Guide.

" + "documentation":"

Gets information about an inference profile. For more information, see Increase throughput and resilience with cross-region inference in Amazon Bedrock. in the Amazon Bedrock User Guide.

", + "readonly":true }, "GetMarketplaceModelEndpoint":{ "name":"GetMarketplaceModelEndpoint", @@ -519,7 +1007,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves details about a specific endpoint for a model from Amazon Bedrock Marketplace.

" + "documentation":"

Retrieves details about a specific endpoint for a model from Amazon Bedrock Marketplace.

", + "readonly":true }, "GetModelCopyJob":{ "name":"GetModelCopyJob", @@ -537,7 +1026,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves information about a model copy job. For more information, see Copy models to be used in other regions in the Amazon Bedrock User Guide.

" + "documentation":"

Retrieves information about a model copy job. For more information, see Copy models to be used in other regions in the Amazon Bedrock User Guide.

", + "readonly":true }, "GetModelCustomizationJob":{ "name":"GetModelCustomizationJob", @@ -555,7 +1045,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves the properties associated with a model-customization job, including the status of the job. For more information, see Custom models in the Amazon Bedrock User Guide.

" + "documentation":"

Retrieves the properties associated with a model-customization job, including the status of the job. For more information, see Custom models in the Amazon Bedrock User Guide.

", + "readonly":true }, "GetModelImportJob":{ "name":"GetModelImportJob", @@ -573,7 +1064,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves the properties associated with import model job, including the status of the job. For more information, see Import a customized model in the Amazon Bedrock User Guide.

" + "documentation":"

Retrieves the properties associated with import model job, including the status of the job. For more information, see Import a customized model in the Amazon Bedrock User Guide.

", + "readonly":true }, "GetModelInvocationJob":{ "name":"GetModelInvocationJob", @@ -591,7 +1083,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets details about a batch inference job. For more information, see Monitor batch inference jobs

" + "documentation":"

Gets details about a batch inference job. For more information, see Monitor batch inference jobs

", + "readonly":true }, "GetModelInvocationLoggingConfiguration":{ "name":"GetModelInvocationLoggingConfiguration", @@ -607,7 +1100,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Get the current configuration values for model invocation logging.

" + "documentation":"

Get the current configuration values for model invocation logging.

", + "readonly":true }, "GetPromptRouter":{ "name":"GetPromptRouter", @@ -625,7 +1119,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves details about a prompt router.

" + "documentation":"

Retrieves details about a prompt router.

", + "readonly":true }, "GetProvisionedModelThroughput":{ "name":"GetProvisionedModelThroughput", @@ -643,7 +1138,121 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns details for a Provisioned Throughput. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide.

" + "documentation":"

Returns details for a Provisioned Throughput. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide.

", + "readonly":true + }, + "GetUseCaseForModelAccess":{ + "name":"GetUseCaseForModelAccess", + "http":{ + "method":"GET", + "requestUri":"/use-case-for-model-access", + "responseCode":200 + }, + "input":{"shape":"GetUseCaseForModelAccessRequest"}, + "output":{"shape":"GetUseCaseForModelAccessResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Get usecase for model access.

", + "readonly":true + }, + "ListAutomatedReasoningPolicies":{ + "name":"ListAutomatedReasoningPolicies", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies", + "responseCode":200 + }, + "input":{"shape":"ListAutomatedReasoningPoliciesRequest"}, + "output":{"shape":"ListAutomatedReasoningPoliciesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Lists all Automated Reasoning policies in your account, with optional filtering by policy ARN. This helps you manage and discover existing policies.

", + "readonly":true + }, + "ListAutomatedReasoningPolicyBuildWorkflows":{ + "name":"ListAutomatedReasoningPolicyBuildWorkflows", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows", + "responseCode":200 + }, + "input":{"shape":"ListAutomatedReasoningPolicyBuildWorkflowsRequest"}, + "output":{"shape":"ListAutomatedReasoningPolicyBuildWorkflowsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Lists all build workflows for an Automated Reasoning policy, showing the history of policy creation and modification attempts.

", + "readonly":true + }, + "ListAutomatedReasoningPolicyTestCases":{ + "name":"ListAutomatedReasoningPolicyTestCases", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/test-cases", + "responseCode":200 + }, + "input":{"shape":"ListAutomatedReasoningPolicyTestCasesRequest"}, + "output":{"shape":"ListAutomatedReasoningPolicyTestCasesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Lists tests for an Automated Reasoning policy. We recommend using pagination to ensure that the operation returns quickly and successfully.

", + "readonly":true + }, + "ListAutomatedReasoningPolicyTestResults":{ + "name":"ListAutomatedReasoningPolicyTestResults", + "http":{ + "method":"GET", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/test-results", + "responseCode":200 + }, + "input":{"shape":"ListAutomatedReasoningPolicyTestResultsRequest"}, + "output":{"shape":"ListAutomatedReasoningPolicyTestResultsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Lists test results for an Automated Reasoning policy, showing how the policy performed against various test scenarios and validation checks.

", + "readonly":true + }, + "ListCustomModelDeployments":{ + "name":"ListCustomModelDeployments", + "http":{ + "method":"GET", + "requestUri":"/model-customization/custom-model-deployments", + "responseCode":200 + }, + "input":{"shape":"ListCustomModelDeploymentsRequest"}, + "output":{"shape":"ListCustomModelDeploymentsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Lists custom model deployments in your account. You can filter the results by creation time, name, status, and associated model. Use this operation to manage and monitor your custom model deployments.

We recommend using pagination to ensure that the operation returns quickly and successfully.

The following actions are related to the ListCustomModelDeployments operation:

", + "readonly":true }, "ListCustomModels":{ "name":"ListCustomModels", @@ -660,7 +1269,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of the custom models that you have created with the CreateModelCustomizationJob operation.

For more information, see Custom models in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of the custom models that you have created with the CreateModelCustomizationJob operation.

For more information, see Custom models in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListEvaluationJobs":{ "name":"ListEvaluationJobs", @@ -677,7 +1287,27 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists all existing evaluation jobs.

" + "documentation":"

Lists all existing evaluation jobs.

", + "readonly":true + }, + "ListFoundationModelAgreementOffers":{ + "name":"ListFoundationModelAgreementOffers", + "http":{ + "method":"GET", + "requestUri":"/list-foundation-model-agreement-offers/{modelId}", + "responseCode":200 + }, + "input":{"shape":"ListFoundationModelAgreementOffersRequest"}, + "output":{"shape":"ListFoundationModelAgreementOffersResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Get the offers associated with the specified model.

", + "readonly":true }, "ListFoundationModels":{ "name":"ListFoundationModels", @@ -694,7 +1324,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists Amazon Bedrock foundation models that you can use. You can filter the results with the request parameters. For more information, see Foundation models in the Amazon Bedrock User Guide.

" + "documentation":"

Lists Amazon Bedrock foundation models that you can use. You can filter the results with the request parameters. For more information, see Foundation models in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListGuardrails":{ "name":"ListGuardrails", @@ -712,7 +1343,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists details about all the guardrails in an account. To list the DRAFT version of all your guardrails, don't specify the guardrailIdentifier field. To list all versions of a guardrail, specify the ARN of the guardrail in the guardrailIdentifier field.

You can set the maximum number of results to return in a response in the maxResults field. If there are more results than the number you set, the response returns a nextToken that you can send in another ListGuardrails request to see the next batch of results.

" + "documentation":"

Lists details about all the guardrails in an account. To list the DRAFT version of all your guardrails, don't specify the guardrailIdentifier field. To list all versions of a guardrail, specify the ARN of the guardrail in the guardrailIdentifier field.

You can set the maximum number of results to return in a response in the maxResults field. If there are more results than the number you set, the response returns a nextToken that you can send in another ListGuardrails request to see the next batch of results.

", + "readonly":true }, "ListImportedModels":{ "name":"ListImportedModels", @@ -729,7 +1361,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of models you've imported. You can filter the results to return based on one or more criteria. For more information, see Import a customized model in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of models you've imported. You can filter the results to return based on one or more criteria. For more information, see Import a customized model in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListInferenceProfiles":{ "name":"ListInferenceProfiles", @@ -746,7 +1379,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of inference profiles that you can use. For more information, see Increase throughput and resilience with cross-region inference in Amazon Bedrock. in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of inference profiles that you can use. For more information, see Increase throughput and resilience with cross-region inference in Amazon Bedrock. in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListMarketplaceModelEndpoints":{ "name":"ListMarketplaceModelEndpoints", @@ -764,7 +1398,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists the endpoints for models from Amazon Bedrock Marketplace in your Amazon Web Services account.

" + "documentation":"

Lists the endpoints for models from Amazon Bedrock Marketplace in your Amazon Web Services account.

", + "readonly":true }, "ListModelCopyJobs":{ "name":"ListModelCopyJobs", @@ -782,7 +1417,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of model copy jobs that you have submitted. You can filter the jobs to return based on one or more criteria. For more information, see Copy models to be used in other regions in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of model copy jobs that you have submitted. You can filter the jobs to return based on one or more criteria. For more information, see Copy models to be used in other regions in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListModelCustomizationJobs":{ "name":"ListModelCustomizationJobs", @@ -799,7 +1435,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of model customization jobs that you have submitted. You can filter the jobs to return based on one or more criteria.

For more information, see Custom models in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of model customization jobs that you have submitted. You can filter the jobs to return based on one or more criteria.

For more information, see Custom models in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListModelImportJobs":{ "name":"ListModelImportJobs", @@ -816,7 +1453,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of import jobs you've submitted. You can filter the results to return based on one or more criteria. For more information, see Import a customized model in the Amazon Bedrock User Guide.

" + "documentation":"

Returns a list of import jobs you've submitted. You can filter the results to return based on one or more criteria. For more information, see Import a customized model in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListModelInvocationJobs":{ "name":"ListModelInvocationJobs", @@ -833,7 +1471,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists all batch inference jobs in the account. For more information, see View details about a batch inference job.

" + "documentation":"

Lists all batch inference jobs in the account. For more information, see View details about a batch inference job.

", + "readonly":true }, "ListPromptRouters":{ "name":"ListPromptRouters", @@ -850,7 +1489,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves a list of prompt routers.

" + "documentation":"

Retrieves a list of prompt routers.

", + "readonly":true }, "ListProvisionedModelThroughputs":{ "name":"ListProvisionedModelThroughputs", @@ -867,7 +1507,8 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists the Provisioned Throughputs in the account. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide.

" + "documentation":"

Lists the Provisioned Throughputs in the account. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -905,6 +1546,23 @@ "documentation":"

Set the configuration values for model invocation logging.

", "idempotent":true }, + "PutUseCaseForModelAccess":{ + "name":"PutUseCaseForModelAccess", + "http":{ + "method":"POST", + "requestUri":"/use-case-for-model-access", + "responseCode":201 + }, + "input":{"shape":"PutUseCaseForModelAccessRequest"}, + "output":{"shape":"PutUseCaseForModelAccessResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Put usecase for model access.

" + }, "RegisterMarketplaceModelEndpoint":{ "name":"RegisterMarketplaceModelEndpoint", "http":{ @@ -924,6 +1582,46 @@ ], "documentation":"

Registers an existing Amazon SageMaker endpoint with Amazon Bedrock Marketplace, allowing it to be used with Amazon Bedrock APIs.

" }, + "StartAutomatedReasoningPolicyBuildWorkflow":{ + "name":"StartAutomatedReasoningPolicyBuildWorkflow", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowType}/start", + "responseCode":200 + }, + "input":{"shape":"StartAutomatedReasoningPolicyBuildWorkflowRequest"}, + "output":{"shape":"StartAutomatedReasoningPolicyBuildWorkflowResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Starts a new build workflow for an Automated Reasoning policy. This initiates the process of analyzing source documents and generating policy rules, variables, and types.

" + }, + "StartAutomatedReasoningPolicyTestWorkflow":{ + "name":"StartAutomatedReasoningPolicyTestWorkflow", + "http":{ + "method":"POST", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/test-workflows", + "responseCode":200 + }, + "input":{"shape":"StartAutomatedReasoningPolicyTestWorkflowRequest"}, + "output":{"shape":"StartAutomatedReasoningPolicyTestWorkflowResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Initiates a test workflow to validate Automated Reasoning policy tests. The workflow executes the specified tests against the policy and generates validation results.

" + }, "StopEvaluationJob":{ "name":"StopEvaluationJob", "http":{ @@ -1019,6 +1717,67 @@ ], "documentation":"

Remove one or more tags from a resource. For more information, see Tagging resources in the Amazon Bedrock User Guide.

" }, + "UpdateAutomatedReasoningPolicy":{ + "name":"UpdateAutomatedReasoningPolicy", + "http":{ + "method":"PATCH", + "requestUri":"/automated-reasoning-policies/{policyArn}", + "responseCode":200 + }, + "input":{"shape":"UpdateAutomatedReasoningPolicyRequest"}, + "output":{"shape":"UpdateAutomatedReasoningPolicyResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Updates an existing Automated Reasoning policy with new rules, variables, or configuration. This creates a new version of the policy while preserving the previous version.

", + "idempotent":true + }, + "UpdateAutomatedReasoningPolicyAnnotations":{ + "name":"UpdateAutomatedReasoningPolicyAnnotations", + "http":{ + "method":"PATCH", + "requestUri":"/automated-reasoning-policies/{policyArn}/build-workflows/{buildWorkflowId}/annotations", + "responseCode":200 + }, + "input":{"shape":"UpdateAutomatedReasoningPolicyAnnotationsRequest"}, + "output":{"shape":"UpdateAutomatedReasoningPolicyAnnotationsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Updates the annotations for an Automated Reasoning policy build workflow. This allows you to modify extracted rules, variables, and types before finalizing the policy.

" + }, + "UpdateAutomatedReasoningPolicyTestCase":{ + "name":"UpdateAutomatedReasoningPolicyTestCase", + "http":{ + "method":"PATCH", + "requestUri":"/automated-reasoning-policies/{policyArn}/test-cases/{testCaseId}", + "responseCode":200 + }, + "input":{"shape":"UpdateAutomatedReasoningPolicyTestCaseRequest"}, + "output":{"shape":"UpdateAutomatedReasoningPolicyTestCaseResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Updates an existing Automated Reasoning policy test. You can modify the content, query, expected result, and confidence threshold.

", + "idempotent":true + }, "UpdateGuardrail":{ "name":"UpdateGuardrail", "http":{ @@ -1098,6 +1857,11 @@ "type":"string", "pattern":"[0-9]{12}" }, + "AcknowledgementFormDataBody":{ + "type":"blob", + "max":16384, + "min":10 + }, "AdditionalModelRequestFields":{ "type":"map", "key":{"shape":"AdditionalModelRequestFieldsKey"}, @@ -1110,9 +1874,32 @@ }, "AdditionalModelRequestFieldsValue":{ "type":"structure", + "members":{}, + "document":true + }, + "AgreementAvailability":{ + "type":"structure", + "required":["status"], "members":{ + "status":{ + "shape":"AgreementStatus", + "documentation":"

Status of the agreement.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

Error message.

" + } }, - "document":true + "documentation":"

Information about the agreement availability

" + }, + "AgreementStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "PENDING", + "NOT_AVAILABLE", + "ERROR" + ] }, "ApplicationType":{ "type":"string", @@ -1126,6 +1913,22 @@ "max":2048, "min":0 }, + "AttributeType":{ + "type":"string", + "enum":[ + "STRING", + "NUMBER", + "BOOLEAN", + "STRING_LIST" + ] + }, + "AuthorizationStatus":{ + "type":"string", + "enum":[ + "AUTHORIZED", + "NOT_AUTHORIZED" + ] + }, "AutomatedEvaluationConfig":{ "type":"structure", "required":["datasetMetricConfigs"], @@ -1137,10 +1940,1788 @@ "evaluatorModelConfig":{ "shape":"EvaluatorModelConfig", "documentation":"

Contains the evaluator model configuration details. EvaluatorModelConfig is required for evaluation jobs that use a knowledge base or in model evaluation job that use a model as judge. This model computes all evaluation related metrics.

" + }, + "customMetricConfig":{ + "shape":"AutomatedEvaluationCustomMetricConfig", + "documentation":"

Defines the configuration of custom metrics to be used in an evaluation job.

" } }, "documentation":"

The configuration details of an automated evaluation job. The EvaluationDatasetMetricConfig object is used to specify the prompt datasets, task type, and metric names.

" }, + "AutomatedEvaluationCustomMetricConfig":{ + "type":"structure", + "required":[ + "customMetrics", + "evaluatorModelConfig" + ], + "members":{ + "customMetrics":{ + "shape":"AutomatedEvaluationCustomMetrics", + "documentation":"

Defines a list of custom metrics to be used in an Amazon Bedrock evaluation job.

" + }, + "evaluatorModelConfig":{ + "shape":"CustomMetricEvaluatorModelConfig", + "documentation":"

Configuration of the evaluator model you want to use to evaluate custom metrics in an Amazon Bedrock evaluation job.

" + } + }, + "documentation":"

Defines the configuration of custom metrics to be used in an evaluation job. To learn more about using custom metrics in Amazon Bedrock evaluation jobs, see Create a prompt for a custom metrics (LLM-as-a-judge model evaluations) and Create a prompt for a custom metrics (RAG evaluations).

" + }, + "AutomatedEvaluationCustomMetricSource":{ + "type":"structure", + "members":{ + "customMetricDefinition":{ + "shape":"CustomMetricDefinition", + "documentation":"

The definition of a custom metric for use in an Amazon Bedrock evaluation job.

" + } + }, + "documentation":"

An array item definining a single custom metric for use in an Amazon Bedrock evaluation job.

", + "union":true + }, + "AutomatedEvaluationCustomMetrics":{ + "type":"list", + "member":{"shape":"AutomatedEvaluationCustomMetricSource"}, + "max":10, + "min":1 + }, + "AutomatedReasoningCheckDifferenceScenarioList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckScenario"}, + "max":2, + "min":0 + }, + "AutomatedReasoningCheckFinding":{ + "type":"structure", + "members":{ + "valid":{ + "shape":"AutomatedReasoningCheckValidFinding", + "documentation":"

Indicates that the claims are true. The claims are implied by the premises and the Automated Reasoning policy. Given the Automated Reasoning policy and premises, it is not possible for these claims to be false.

" + }, + "invalid":{ + "shape":"AutomatedReasoningCheckInvalidFinding", + "documentation":"

Indicates that the claims are false. The claims are not implied by the premises and Automated Reasoning policy. Furthermore, there exist different claims that are consistent with the premises and Automated Reasoning policy.

" + }, + "satisfiable":{ + "shape":"AutomatedReasoningCheckSatisfiableFinding", + "documentation":"

Indicates that the claims can be true or false. It depends on what assumptions are made for the claim to be implied from the premises and Automated Reasoning policy rules. In this situation, different assumptions can make input claims false and alternative claims true.

" + }, + "impossible":{ + "shape":"AutomatedReasoningCheckImpossibleFinding", + "documentation":"

Indicates that Automated Reasoning cannot make a statement about the claims. This can happen if the premises are logically incorrect, or if there is a conflict within the Automated Reasoning policy itself.

" + }, + "translationAmbiguous":{ + "shape":"AutomatedReasoningCheckTranslationAmbiguousFinding", + "documentation":"

Indicates that an ambiguity was detected in the translation, making it unsound to continue with validity checking. Additional context or follow-up questions might be needed to get translation to succeed.

" + }, + "tooComplex":{ + "shape":"AutomatedReasoningCheckTooComplexFinding", + "documentation":"

Indicates that the input contains too much information for Automated Reasoning to process within its latency limits.

" + }, + "noTranslations":{ + "shape":"AutomatedReasoningCheckNoTranslationsFinding", + "documentation":"

Identifies that some or all of the input prompt wasn't translated into logic. This can happen if the input isn't relevant to the Automated Reasoning policy, or if the policy doesn't have variables to model relevant input.

" + } + }, + "documentation":"

Represents the result of an Automated Reasoning validation check, indicating whether the content is logically valid, invalid, or falls into other categories based on the policy rules.

", + "union":true + }, + "AutomatedReasoningCheckFindingList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckFinding"}, + "max":20, + "min":0 + }, + "AutomatedReasoningCheckImpossibleFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"AutomatedReasoningCheckTranslation", + "documentation":"

The logical translation of the input that this finding evaluates.

" + }, + "contradictingRules":{ + "shape":"AutomatedReasoningCheckRuleList", + "documentation":"

The automated reasoning policy rules that contradict the claims and/or premises in the input.

" + }, + "logicWarning":{ + "shape":"AutomatedReasoningCheckLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that no valid claims can be made due to logical contradictions in the premises or rules.

" + }, + "AutomatedReasoningCheckInputTextReference":{ + "type":"structure", + "members":{ + "text":{ + "shape":"AutomatedReasoningNaturalLanguageStatementContent", + "documentation":"

The specific text from the original input that this reference points to.

" + } + }, + "documentation":"

References a portion of the original input text that corresponds to logical elements.

" + }, + "AutomatedReasoningCheckInputTextReferenceList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckInputTextReference"} + }, + "AutomatedReasoningCheckInvalidFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"AutomatedReasoningCheckTranslation", + "documentation":"

The logical translation of the input that this finding invalidates.

" + }, + "contradictingRules":{ + "shape":"AutomatedReasoningCheckRuleList", + "documentation":"

The automated reasoning policy rules that contradict the claims in the input.

" + }, + "logicWarning":{ + "shape":"AutomatedReasoningCheckLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims are logically false and contradictory to the established rules or premises.

" + }, + "AutomatedReasoningCheckLogicWarning":{ + "type":"structure", + "members":{ + "type":{ + "shape":"AutomatedReasoningCheckLogicWarningType", + "documentation":"

The category of the detected logical issue, such as statements that are always true or always false.

" + }, + "premises":{ + "shape":"AutomatedReasoningLogicStatementList", + "documentation":"

The logical statements that serve as premises under which the claims are validated.

" + }, + "claims":{ + "shape":"AutomatedReasoningLogicStatementList", + "documentation":"

The logical statements that are validated while assuming the policy and premises.

" + } + }, + "documentation":"

Identifies logical issues in the translated statements that exist independent of any policy rules, such as statements that are always true or always false.

" + }, + "AutomatedReasoningCheckLogicWarningType":{ + "type":"string", + "enum":[ + "ALWAYS_TRUE", + "ALWAYS_FALSE" + ] + }, + "AutomatedReasoningCheckNoTranslationsFinding":{ + "type":"structure", + "members":{}, + "documentation":"

Indicates that no relevant logical information could be extracted from the input for validation.

" + }, + "AutomatedReasoningCheckResult":{ + "type":"string", + "enum":[ + "VALID", + "INVALID", + "SATISFIABLE", + "IMPOSSIBLE", + "TRANSLATION_AMBIGUOUS", + "TOO_COMPLEX", + "NO_TRANSLATION" + ] + }, + "AutomatedReasoningCheckRule":{ + "type":"structure", + "members":{ + "id":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleId", + "documentation":"

The unique identifier of the automated reasoning rule.

" + }, + "policyVersionArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The ARN of the automated reasoning policy version that contains this rule.

" + } + }, + "documentation":"

References a specific automated reasoning policy rule that was applied during evaluation.

" + }, + "AutomatedReasoningCheckRuleList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckRule"} + }, + "AutomatedReasoningCheckSatisfiableFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"AutomatedReasoningCheckTranslation", + "documentation":"

The logical translation of the input that this finding evaluates.

" + }, + "claimsTrueScenario":{ + "shape":"AutomatedReasoningCheckScenario", + "documentation":"

An example scenario demonstrating how the claims could be logically true.

" + }, + "claimsFalseScenario":{ + "shape":"AutomatedReasoningCheckScenario", + "documentation":"

An example scenario demonstrating how the claims could be logically false.

" + }, + "logicWarning":{ + "shape":"AutomatedReasoningCheckLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims could be either true or false depending on additional assumptions not provided in the input.

" + }, + "AutomatedReasoningCheckScenario":{ + "type":"structure", + "members":{ + "statements":{ + "shape":"AutomatedReasoningLogicStatementList", + "documentation":"

List of logical assignments and statements that define this scenario.

" + } + }, + "documentation":"

Represents a logical scenario where claims can be evaluated as true or false, containing specific logical assignments.

" + }, + "AutomatedReasoningCheckTooComplexFinding":{ + "type":"structure", + "members":{}, + "documentation":"

Indicates that the input exceeds the processing capacity due to the volume or complexity of the logical information.

" + }, + "AutomatedReasoningCheckTranslation":{ + "type":"structure", + "required":[ + "claims", + "confidence" + ], + "members":{ + "premises":{ + "shape":"AutomatedReasoningLogicStatementList", + "documentation":"

The logical statements that serve as the foundation or assumptions for the claims.

" + }, + "claims":{ + "shape":"AutomatedReasoningLogicStatementList", + "documentation":"

The logical statements that are being validated against the premises and policy rules.

" + }, + "untranslatedPremises":{ + "shape":"AutomatedReasoningCheckInputTextReferenceList", + "documentation":"

References to portions of the original input text that correspond to the premises but could not be fully translated.

" + }, + "untranslatedClaims":{ + "shape":"AutomatedReasoningCheckInputTextReferenceList", + "documentation":"

References to portions of the original input text that correspond to the claims but could not be fully translated.

" + }, + "confidence":{ + "shape":"AutomatedReasoningCheckTranslationConfidence", + "documentation":"

A confidence score between 0 and 1 indicating how certain the system is about the logical translation.

" + } + }, + "documentation":"

Contains the logical translation of natural language input into formal logical statements, including premises, claims, and confidence scores.

" + }, + "AutomatedReasoningCheckTranslationAmbiguousFinding":{ + "type":"structure", + "members":{ + "options":{ + "shape":"AutomatedReasoningCheckTranslationOptionList", + "documentation":"

Different logical interpretations that were detected during translation of the input.

" + }, + "differenceScenarios":{ + "shape":"AutomatedReasoningCheckDifferenceScenarioList", + "documentation":"

Scenarios showing how the different translation options differ in meaning.

" + } + }, + "documentation":"

Indicates that the input has multiple valid logical interpretations, requiring additional context or clarification.

" + }, + "AutomatedReasoningCheckTranslationConfidence":{ + "type":"double", + "box":true, + "max":1, + "min":0 + }, + "AutomatedReasoningCheckTranslationList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckTranslation"} + }, + "AutomatedReasoningCheckTranslationOption":{ + "type":"structure", + "members":{ + "translations":{ + "shape":"AutomatedReasoningCheckTranslationList", + "documentation":"

Different logical interpretations that were detected during translation of the input.

" + } + }, + "documentation":"

Represents one possible logical interpretation of ambiguous input content.

" + }, + "AutomatedReasoningCheckTranslationOptionList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningCheckTranslationOption"}, + "max":2, + "min":0 + }, + "AutomatedReasoningCheckValidFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"AutomatedReasoningCheckTranslation", + "documentation":"

The logical translation of the input that this finding validates.

" + }, + "claimsTrueScenario":{ + "shape":"AutomatedReasoningCheckScenario", + "documentation":"

An example scenario demonstrating how the claims are logically true.

" + }, + "supportingRules":{ + "shape":"AutomatedReasoningCheckRuleList", + "documentation":"

The automated reasoning policy rules that support why this result is considered valid.

" + }, + "logicWarning":{ + "shape":"AutomatedReasoningCheckLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims are definitively true and logically implied by the premises, with no possible alternative interpretations.

" + }, + "AutomatedReasoningConfidenceFilterThreshold":{ + "type":"double", + "box":true, + "max":1, + "min":0 + }, + "AutomatedReasoningLogicStatement":{ + "type":"structure", + "required":["logic"], + "members":{ + "logic":{ + "shape":"AutomatedReasoningLogicStatementContent", + "documentation":"

The formal logic representation of the statement using mathematical notation and logical operators.

" + }, + "naturalLanguage":{ + "shape":"AutomatedReasoningNaturalLanguageStatementContent", + "documentation":"

The natural language representation of the logical statement, providing a human-readable interpretation of the formal logic.

" + } + }, + "documentation":"

Represents a logical statement that can be expressed both in formal logic notation and natural language, providing dual representations for better understanding and validation.

" + }, + "AutomatedReasoningLogicStatementContent":{ + "type":"string", + "max":1000, + "min":0, + "sensitive":true + }, + "AutomatedReasoningLogicStatementList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningLogicStatement"} + }, + "AutomatedReasoningNaturalLanguageStatementContent":{ + "type":"string", + "max":1000, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyAddRuleAnnotation":{ + "type":"structure", + "required":["expression"], + "members":{ + "expression":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleExpression", + "documentation":"

The formal logical expression that defines the rule, using mathematical notation and referencing policy variables and types.

" + } + }, + "documentation":"

An annotation for adding a new rule to an Automated Reasoning policy using a formal logical expression.

" + }, + "AutomatedReasoningPolicyAddRuleFromNaturalLanguageAnnotation":{ + "type":"structure", + "required":["naturalLanguage"], + "members":{ + "naturalLanguage":{ + "shape":"AutomatedReasoningPolicyAnnotationRuleNaturalLanguage", + "documentation":"

The natural language description of the rule that should be converted into a formal logical expression.

" + } + }, + "documentation":"

An annotation for adding a new rule to the policy by converting a natural language description into a formal logical expression.

" + }, + "AutomatedReasoningPolicyAddRuleMutation":{ + "type":"structure", + "required":["rule"], + "members":{ + "rule":{ + "shape":"AutomatedReasoningPolicyDefinitionRule", + "documentation":"

The rule definition that specifies the formal logical expression and metadata for the new rule being added to the policy.

" + } + }, + "documentation":"

A mutation operation that adds a new rule to the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyAddTypeAnnotation":{ + "type":"structure", + "required":[ + "name", + "description", + "values" + ], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The name of the new custom type. This name will be used to reference the type in variable definitions and rules.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeDescription", + "documentation":"

A description of what the custom type represents and how it should be used in the policy.

" + }, + "values":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueList", + "documentation":"

The list of possible values that variables of this type can take, each with its own description and identifier.

" + } + }, + "documentation":"

An annotation for adding a new custom type to an Automated Reasoning policy, defining a set of possible values for variables.

" + }, + "AutomatedReasoningPolicyAddTypeMutation":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"AutomatedReasoningPolicyDefinitionType", + "documentation":"

The type definition that specifies the name, description, and possible values for the new custom type being added to the policy.

" + } + }, + "documentation":"

A mutation operation that adds a new custom type to the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyAddTypeValue":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The identifier or name of the new value to add to the type.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueDescription", + "documentation":"

A description of what this new type value represents and when it should be used.

" + } + }, + "documentation":"

Represents a single value that can be added to an existing custom type in the policy.

" + }, + "AutomatedReasoningPolicyAddVariableAnnotation":{ + "type":"structure", + "required":[ + "name", + "type", + "description" + ], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The name of the new variable. This name will be used to reference the variable in rule expressions.

" + }, + "type":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The type of the variable, which can be a built-in type (like string or number) or a custom type defined in the policy.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableDescription", + "documentation":"

A description of what the variable represents and how it should be used in rules.

" + } + }, + "documentation":"

An annotation for adding a new variable to an Automated Reasoning policy, which can be used in rule expressions.

" + }, + "AutomatedReasoningPolicyAddVariableMutation":{ + "type":"structure", + "required":["variable"], + "members":{ + "variable":{ + "shape":"AutomatedReasoningPolicyDefinitionVariable", + "documentation":"

The variable definition that specifies the name, type, and description for the new variable being added to the policy.

" + } + }, + "documentation":"

A mutation operation that adds a new variable to the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyAnnotation":{ + "type":"structure", + "members":{ + "addType":{ + "shape":"AutomatedReasoningPolicyAddTypeAnnotation", + "documentation":"

An operation to add a new custom type to the policy, defining a set of possible values for policy variables.

" + }, + "updateType":{ + "shape":"AutomatedReasoningPolicyUpdateTypeAnnotation", + "documentation":"

An operation to modify an existing custom type in the policy, such as changing its name, description, or allowed values.

" + }, + "deleteType":{ + "shape":"AutomatedReasoningPolicyDeleteTypeAnnotation", + "documentation":"

An operation to remove a custom type from the policy. The type must not be referenced by any variables or rules.

" + }, + "addVariable":{ + "shape":"AutomatedReasoningPolicyAddVariableAnnotation", + "documentation":"

An operation to add a new variable to the policy, which can be used in rule expressions to represent dynamic values.

" + }, + "updateVariable":{ + "shape":"AutomatedReasoningPolicyUpdateVariableAnnotation", + "documentation":"

An operation to modify an existing variable in the policy, such as changing its name, type, or description.

" + }, + "deleteVariable":{ + "shape":"AutomatedReasoningPolicyDeleteVariableAnnotation", + "documentation":"

An operation to remove a variable from the policy. The variable must not be referenced by any rules.

" + }, + "addRule":{ + "shape":"AutomatedReasoningPolicyAddRuleAnnotation", + "documentation":"

An operation to add a new logical rule to the policy using formal mathematical expressions.

" + }, + "updateRule":{ + "shape":"AutomatedReasoningPolicyUpdateRuleAnnotation", + "documentation":"

An operation to modify an existing rule in the policy, such as changing its logical expression or conditions.

" + }, + "deleteRule":{ + "shape":"AutomatedReasoningPolicyDeleteRuleAnnotation", + "documentation":"

An operation to remove a rule from the policy.

" + }, + "addRuleFromNaturalLanguage":{ + "shape":"AutomatedReasoningPolicyAddRuleFromNaturalLanguageAnnotation", + "documentation":"

An operation to add a new rule by converting natural language descriptions into formal logical expressions.

" + }, + "updateFromRulesFeedback":{ + "shape":"AutomatedReasoningPolicyUpdateFromRuleFeedbackAnnotation", + "documentation":"

An operation to update the policy based on feedback about how specific rules performed during testing or validation.

" + }, + "updateFromScenarioFeedback":{ + "shape":"AutomatedReasoningPolicyUpdateFromScenarioFeedbackAnnotation", + "documentation":"

An operation to update the policy based on feedback about how it performed on specific test scenarios.

" + }, + "ingestContent":{ + "shape":"AutomatedReasoningPolicyIngestContentAnnotation", + "documentation":"

An operation to process and incorporate new content into the policy, extracting additional rules and concepts.

" + } + }, + "documentation":"

Contains the various operations that can be performed on an Automated Reasoning policy, including adding, updating, and deleting rules, variables, and types.

", + "union":true + }, + "AutomatedReasoningPolicyAnnotationFeedbackNaturalLanguage":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyAnnotationIngestContent":{ + "type":"string", + "max":4096, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyAnnotationList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyAnnotation"}, + "max":10, + "min":0 + }, + "AutomatedReasoningPolicyAnnotationRuleNaturalLanguage":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyAnnotationStatus":{ + "type":"string", + "enum":[ + "APPLIED", + "FAILED" + ] + }, + "AutomatedReasoningPolicyArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:automated-reasoning-policy/[a-z0-9]{12}(:([1-9][0-9]{0,11}))?" + }, + "AutomatedReasoningPolicyBuildDocumentBlob":{ + "type":"blob", + "max":5000000, + "min":1, + "sensitive":true + }, + "AutomatedReasoningPolicyBuildDocumentContentType":{ + "type":"string", + "enum":[ + "pdf", + "txt" + ] + }, + "AutomatedReasoningPolicyBuildDocumentDescription":{ + "type":"string", + "max":2000, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyBuildDocumentName":{ + "type":"string", + "max":256, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyBuildLog":{ + "type":"structure", + "required":["entries"], + "members":{ + "entries":{ + "shape":"AutomatedReasoningPolicyBuildLogEntryList", + "documentation":"

A list of log entries documenting each step in the policy build process, including timestamps, status, and detailed messages.

" + } + }, + "documentation":"

Contains detailed logging information about the policy build process, including steps taken, decisions made, and any issues encountered.

" + }, + "AutomatedReasoningPolicyBuildLogEntry":{ + "type":"structure", + "required":[ + "annotation", + "status", + "buildSteps" + ], + "members":{ + "annotation":{ + "shape":"AutomatedReasoningPolicyAnnotation", + "documentation":"

The annotation or operation that was being processed when this log entry was created.

" + }, + "status":{ + "shape":"AutomatedReasoningPolicyAnnotationStatus", + "documentation":"

The status of the build step (e.g., SUCCESS, FAILED, IN_PROGRESS).

" + }, + "buildSteps":{ + "shape":"AutomatedReasoningPolicyBuildStepList", + "documentation":"

Detailed information about the specific build steps that were executed, including any sub-operations or transformations.

" + } + }, + "documentation":"

Represents a single entry in the policy build log, containing information about a specific step or event in the build process.

" + }, + "AutomatedReasoningPolicyBuildLogEntryList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyBuildLogEntry"} + }, + "AutomatedReasoningPolicyBuildMessageType":{ + "type":"string", + "enum":[ + "INFO", + "WARNING", + "ERROR" + ] + }, + "AutomatedReasoningPolicyBuildResultAssetType":{ + "type":"string", + "enum":[ + "BUILD_LOG", + "QUALITY_REPORT", + "POLICY_DEFINITION" + ] + }, + "AutomatedReasoningPolicyBuildResultAssets":{ + "type":"structure", + "members":{ + "policyDefinition":{ + "shape":"AutomatedReasoningPolicyDefinition", + "documentation":"

The complete policy definition generated by the build workflow, containing all rules, variables, and custom types extracted from the source documents.

" + }, + "qualityReport":{ + "shape":"AutomatedReasoningPolicyDefinitionQualityReport", + "documentation":"

A comprehensive report analyzing the quality of the generated policy, including metrics about rule coverage, potential conflicts, and unused elements.

" + }, + "buildLog":{ + "shape":"AutomatedReasoningPolicyBuildLog", + "documentation":"

The complete build log containing detailed information about each step in the policy generation process.

" + } + }, + "documentation":"

Contains the various assets generated during a policy build workflow, including logs, quality reports, and the final policy definition.

", + "union":true + }, + "AutomatedReasoningPolicyBuildStep":{ + "type":"structure", + "required":[ + "context", + "messages" + ], + "members":{ + "context":{ + "shape":"AutomatedReasoningPolicyBuildStepContext", + "documentation":"

Contextual information about what was being processed during this build step, such as the type of operation or the source material being analyzed.

" + }, + "priorElement":{ + "shape":"AutomatedReasoningPolicyDefinitionElement", + "documentation":"

Reference to the previous element or step in the build process, helping to trace the sequence of operations.

" + }, + "messages":{ + "shape":"AutomatedReasoningPolicyBuildStepMessageList", + "documentation":"

A list of messages generated during this build step, including informational messages, warnings, and error details.

" + } + }, + "documentation":"

Represents a single step in the policy build process, containing context about what was being processed and any messages or results.

" + }, + "AutomatedReasoningPolicyBuildStepContext":{ + "type":"structure", + "members":{ + "planning":{ + "shape":"AutomatedReasoningPolicyPlanning", + "documentation":"

Indicates that this build step was part of the planning phase, where the system determines what operations to perform.

" + }, + "mutation":{ + "shape":"AutomatedReasoningPolicyMutation", + "documentation":"

Indicates that this build step involved modifying the policy structure, such as adding or updating rules, variables, or types.

" + } + }, + "documentation":"

Provides context about what type of operation was being performed during a build step.

", + "union":true + }, + "AutomatedReasoningPolicyBuildStepList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyBuildStep"} + }, + "AutomatedReasoningPolicyBuildStepMessage":{ + "type":"structure", + "required":[ + "message", + "messageType" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"

The content of the message, describing what occurred during the build step.

" + }, + "messageType":{ + "shape":"AutomatedReasoningPolicyBuildMessageType", + "documentation":"

The type of message (e.g., INFO, WARNING, ERROR) indicating its severity and purpose.

" + } + }, + "documentation":"

Represents a message generated during a build step, providing information about what happened or any issues encountered.

" + }, + "AutomatedReasoningPolicyBuildStepMessageList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyBuildStepMessage"} + }, + "AutomatedReasoningPolicyBuildWorkflowDocument":{ + "type":"structure", + "required":[ + "document", + "documentContentType", + "documentName" + ], + "members":{ + "document":{ + "shape":"AutomatedReasoningPolicyBuildDocumentBlob", + "documentation":"

The actual content of the source document that will be analyzed to extract policy rules and concepts.

" + }, + "documentContentType":{ + "shape":"AutomatedReasoningPolicyBuildDocumentContentType", + "documentation":"

The MIME type of the document content (e.g., text/plain, application/pdf, text/markdown).

" + }, + "documentName":{ + "shape":"AutomatedReasoningPolicyBuildDocumentName", + "documentation":"

A descriptive name for the document that helps identify its purpose and content.

" + }, + "documentDescription":{ + "shape":"AutomatedReasoningPolicyBuildDocumentDescription", + "documentation":"

A detailed description of the document's content and how it should be used in the policy generation process.

" + } + }, + "documentation":"

Represents a source document used in the policy build workflow, containing the content and metadata needed for policy generation.

" + }, + "AutomatedReasoningPolicyBuildWorkflowDocumentList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyBuildWorkflowDocument"}, + "max":1, + "min":1 + }, + "AutomatedReasoningPolicyBuildWorkflowId":{ + "type":"string", + "max":36, + "min":0, + "pattern":"[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12}" + }, + "AutomatedReasoningPolicyBuildWorkflowRepairContent":{ + "type":"structure", + "required":["annotations"], + "members":{ + "annotations":{ + "shape":"AutomatedReasoningPolicyAnnotationList", + "documentation":"

Specific annotations or modifications to apply during the policy repair process, such as rule corrections or variable updates.

" + } + }, + "documentation":"

Contains content and instructions for repairing or improving an existing Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyBuildWorkflowSource":{ + "type":"structure", + "members":{ + "policyDefinition":{ + "shape":"AutomatedReasoningPolicyDefinition", + "documentation":"

An existing policy definition that serves as the starting point for the build workflow, typically used in policy repair or update scenarios.

" + }, + "workflowContent":{ + "shape":"AutomatedReasoningPolicyWorkflowTypeContent", + "documentation":"

The actual content to be processed in the build workflow, such as documents to analyze or repair instructions to apply.

" + } + }, + "documentation":"

Defines the source content for a policy build workflow, which can include documents, repair instructions, or other input materials.

" + }, + "AutomatedReasoningPolicyBuildWorkflowStatus":{ + "type":"string", + "enum":[ + "SCHEDULED", + "CANCEL_REQUESTED", + "PREPROCESSING", + "BUILDING", + "TESTING", + "COMPLETED", + "FAILED", + "CANCELLED" + ] + }, + "AutomatedReasoningPolicyBuildWorkflowSummaries":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyBuildWorkflowSummary"}, + "max":1000, + "min":0 + }, + "AutomatedReasoningPolicyBuildWorkflowSummary":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "status", + "buildWorkflowType", + "createdAt", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy associated with this build workflow.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow.

" + }, + "status":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowStatus", + "documentation":"

The current status of the build workflow (e.g., RUNNING, COMPLETED, FAILED, CANCELLED).

" + }, + "buildWorkflowType":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowType", + "documentation":"

The type of build workflow (e.g., DOCUMENT_INGESTION, POLICY_REPAIR).

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the build workflow was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the build workflow was last updated.

" + } + }, + "documentation":"

Provides a summary of a policy build workflow, including its current status, timing information, and key identifiers.

" + }, + "AutomatedReasoningPolicyBuildWorkflowType":{ + "type":"string", + "enum":[ + "INGEST_CONTENT", + "REFINE_POLICY", + "IMPORT_POLICY" + ] + }, + "AutomatedReasoningPolicyConflictedRuleIdList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionRuleId"}, + "max":500, + "min":0 + }, + "AutomatedReasoningPolicyDefinition":{ + "type":"structure", + "members":{ + "version":{ + "shape":"AutomatedReasoningPolicyFormatVersion", + "documentation":"

The version of the policy definition format.

" + }, + "types":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeList", + "documentation":"

The custom user-defined vairable types used in the policy. Types are enum-based variable types that provide additional context beyond the predefined variable types.

" + }, + "rules":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleList", + "documentation":"

The formal logic rules extracted from the source document. Rules define the logical constraints that determine whether model responses are valid, invalid, or satisfiable.

" + }, + "variables":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableList", + "documentation":"

The variables that represent concepts in the policy. Variables can have values assigned when translating natural language into formal logic. Their descriptions are crucial for accurate translation.

" + } + }, + "documentation":"

Contains the formal logic rules, variables, and custom variable types that define an Automated Reasoning policy. The policy definition specifies the constraints used to validate foundation model responses for accuracy and logical consistency.

" + }, + "AutomatedReasoningPolicyDefinitionElement":{ + "type":"structure", + "members":{ + "policyDefinitionVariable":{ + "shape":"AutomatedReasoningPolicyDefinitionVariable", + "documentation":"

A variable element within the policy definition that represents a concept used in logical expressions and rules.

" + }, + "policyDefinitionType":{ + "shape":"AutomatedReasoningPolicyDefinitionType", + "documentation":"

A custom type element within the policy definition that defines a set of possible values for variables.

" + }, + "policyDefinitionRule":{ + "shape":"AutomatedReasoningPolicyDefinitionRule", + "documentation":"

A rule element within the policy definition that contains a formal logical expression used for validation.

" + } + }, + "documentation":"

Represents a single element in an Automated Reasoning policy definition, such as a rule, variable, or type definition.

", + "union":true + }, + "AutomatedReasoningPolicyDefinitionQualityReport":{ + "type":"structure", + "required":[ + "typeCount", + "variableCount", + "ruleCount", + "unusedTypes", + "unusedTypeValues", + "unusedVariables", + "conflictingRules", + "disjointRuleSets" + ], + "members":{ + "typeCount":{ + "shape":"Integer", + "documentation":"

The total number of custom types defined in the policy.

" + }, + "variableCount":{ + "shape":"Integer", + "documentation":"

The total number of variables defined in the policy.

" + }, + "ruleCount":{ + "shape":"Integer", + "documentation":"

The total number of rules defined in the policy.

" + }, + "unusedTypes":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeNameList", + "documentation":"

A list of custom types that are defined but not referenced by any variables or rules, suggesting they may be unnecessary.

" + }, + "unusedTypeValues":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValuePairList", + "documentation":"

A list of type values that are defined but never used in any rules, indicating potential cleanup opportunities.

" + }, + "unusedVariables":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableNameList", + "documentation":"

A list of variables that are defined but not referenced by any rules, suggesting they may be unnecessary.

" + }, + "conflictingRules":{ + "shape":"AutomatedReasoningPolicyConflictedRuleIdList", + "documentation":"

A list of rules that may conflict with each other, potentially leading to inconsistent policy behavior.

" + }, + "disjointRuleSets":{ + "shape":"AutomatedReasoningPolicyDisjointRuleSetList", + "documentation":"

Groups of rules that operate on completely separate sets of variables, indicating the policy may be addressing multiple unrelated concerns.

" + } + }, + "documentation":"

Provides a comprehensive analysis of the quality and completeness of an Automated Reasoning policy definition, highlighting potential issues and optimization opportunities.

" + }, + "AutomatedReasoningPolicyDefinitionRule":{ + "type":"structure", + "required":[ + "id", + "expression" + ], + "members":{ + "id":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleId", + "documentation":"

The unique identifier of the rule within the policy.

" + }, + "expression":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleExpression", + "documentation":"

The formal logic expression of the rule.

" + }, + "alternateExpression":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleAlternateExpression", + "documentation":"

The human-readable form of the rule expression, often in natural language or simplified notation.

" + } + }, + "documentation":"

Represents a formal logic rule in an Automated Reasoning policy. For example, rules can be expressed as if-then statements that define logical constraints.

" + }, + "AutomatedReasoningPolicyDefinitionRuleAlternateExpression":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionRuleExpression":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionRuleId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[A-Z][0-9A-Z]{11}" + }, + "AutomatedReasoningPolicyDefinitionRuleIdList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionRuleId"}, + "max":100, + "min":0 + }, + "AutomatedReasoningPolicyDefinitionRuleList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionRule"}, + "max":1500, + "min":0 + }, + "AutomatedReasoningPolicyDefinitionType":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The name of the custom type.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeDescription", + "documentation":"

The description of what the custom type represents.

" + }, + "values":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueList", + "documentation":"

The possible values for this enum-based type, each with its own description.

" + } + }, + "documentation":"

Represents a custom user-defined viarble type in an Automated Reasoning policy. Types are enum-based and provide additional context beyond predefined variable types.

" + }, + "AutomatedReasoningPolicyDefinitionTypeDescription":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionTypeList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionType"}, + "max":150, + "min":0 + }, + "AutomatedReasoningPolicyDefinitionTypeName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9_]*", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionTypeNameList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionTypeName"}, + "max":150, + "min":0 + }, + "AutomatedReasoningPolicyDefinitionTypeValue":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The actual value or identifier for this type value.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueDescription", + "documentation":"

A human-readable description explaining what this type value represents and when it should be used.

" + } + }, + "documentation":"

Represents a single value within a custom type definition, including its identifier and description.

" + }, + "AutomatedReasoningPolicyDefinitionTypeValueDescription":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionTypeValueList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionTypeValue"}, + "max":150, + "min":1 + }, + "AutomatedReasoningPolicyDefinitionTypeValueName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9_]*" + }, + "AutomatedReasoningPolicyDefinitionTypeValuePair":{ + "type":"structure", + "required":[ + "typeName", + "valueName" + ], + "members":{ + "typeName":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The name of the custom type that contains the referenced value.

" + }, + "valueName":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The name of the specific value within the type.

" + } + }, + "documentation":"

Associates a type name with a specific value name, used for referencing type values in rules and other policy elements.

" + }, + "AutomatedReasoningPolicyDefinitionTypeValuePairList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionTypeValuePair"}, + "max":22500, + "min":1 + }, + "AutomatedReasoningPolicyDefinitionVariable":{ + "type":"structure", + "required":[ + "name", + "type", + "description" + ], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The name of the variable. Use descriptive names that clearly indicate the concept being represented.

" + }, + "type":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The data type of the variable. Valid types include bool, int, real, enum, and custom types that you can provide.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableDescription", + "documentation":"

The description of the variable that explains what it represents and how users might refer to it. Clear and comprehensive descriptions are essential for accurate natural language translation.

" + } + }, + "documentation":"

Represents a variable in an Automated Reasoning policy. Variables represent concepts that can have values assigned during natural language translation.

" + }, + "AutomatedReasoningPolicyDefinitionVariableDescription":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionVariableList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionVariable"}, + "max":600, + "min":0 + }, + "AutomatedReasoningPolicyDefinitionVariableName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9_]*", + "sensitive":true + }, + "AutomatedReasoningPolicyDefinitionVariableNameList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionVariableName"}, + "max":600, + "min":0 + }, + "AutomatedReasoningPolicyDeleteRuleAnnotation":{ + "type":"structure", + "required":["ruleId"], + "members":{ + "ruleId":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleId", + "documentation":"

The unique identifier of the rule to delete from the policy.

" + } + }, + "documentation":"

An annotation for removing a rule from an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyDeleteRuleMutation":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleId", + "documentation":"

The unique identifier of the rule to delete.

" + } + }, + "documentation":"

A mutation operation that removes a rule from the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyDeleteTypeAnnotation":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The name of the custom type to delete from the policy. The type must not be referenced by any variables or rules.

" + } + }, + "documentation":"

An annotation for removing a custom type from an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyDeleteTypeMutation":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The name of the custom type to delete.

" + } + }, + "documentation":"

A mutation operation that removes a custom type from the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyDeleteTypeValue":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The identifier or name of the value to remove from the type.

" + } + }, + "documentation":"

Represents a value to be removed from an existing custom type in the policy.

" + }, + "AutomatedReasoningPolicyDeleteVariableAnnotation":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The name of the variable to delete from the policy. The variable must not be referenced by any rules.

" + } + }, + "documentation":"

An annotation for removing a variable from an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyDeleteVariableMutation":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The name of the variable to delete.

" + } + }, + "documentation":"

A mutation operation that removes a variable from the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyDescription":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\s\\S]+", + "sensitive":true + }, + "AutomatedReasoningPolicyDisjointRuleSet":{ + "type":"structure", + "required":[ + "variables", + "rules" + ], + "members":{ + "variables":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableNameList", + "documentation":"

The set of variables that are used by the rules in this disjoint set.

" + }, + "rules":{ + "shape":"AutomatedReasoningPolicyDisjointedRuleIdList", + "documentation":"

The list of rules that form this disjoint set, all operating on the same set of variables.

" + } + }, + "documentation":"

Represents a set of rules that operate on completely separate variables, indicating they address different concerns or domains within the policy.

" + }, + "AutomatedReasoningPolicyDisjointRuleSetList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDisjointRuleSet"} + }, + "AutomatedReasoningPolicyDisjointedRuleIdList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyDefinitionRuleId"}, + "max":500, + "min":0 + }, + "AutomatedReasoningPolicyFormatVersion":{"type":"string"}, + "AutomatedReasoningPolicyHash":{ + "type":"string", + "max":128, + "min":128, + "pattern":"[0-9a-z]{128}" + }, + "AutomatedReasoningPolicyId":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[a-z0-9]{12}" + }, + "AutomatedReasoningPolicyIngestContentAnnotation":{ + "type":"structure", + "required":["content"], + "members":{ + "content":{ + "shape":"AutomatedReasoningPolicyAnnotationIngestContent", + "documentation":"

The new content to be analyzed and incorporated into the policy, such as additional documents or rule descriptions.

" + } + }, + "documentation":"

An annotation for processing and incorporating new content into an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyMutation":{ + "type":"structure", + "members":{ + "addType":{ + "shape":"AutomatedReasoningPolicyAddTypeMutation", + "documentation":"

A mutation to add a new custom type to the policy.

" + }, + "updateType":{ + "shape":"AutomatedReasoningPolicyUpdateTypeMutation", + "documentation":"

A mutation to modify an existing custom type in the policy.

" + }, + "deleteType":{ + "shape":"AutomatedReasoningPolicyDeleteTypeMutation", + "documentation":"

A mutation to remove a custom type from the policy.

" + }, + "addVariable":{ + "shape":"AutomatedReasoningPolicyAddVariableMutation", + "documentation":"

A mutation to add a new variable to the policy.

" + }, + "updateVariable":{ + "shape":"AutomatedReasoningPolicyUpdateVariableMutation", + "documentation":"

A mutation to modify an existing variable in the policy.

" + }, + "deleteVariable":{ + "shape":"AutomatedReasoningPolicyDeleteVariableMutation", + "documentation":"

A mutation to remove a variable from the policy.

" + }, + "addRule":{ + "shape":"AutomatedReasoningPolicyAddRuleMutation", + "documentation":"

A mutation to add a new rule to the policy.

" + }, + "updateRule":{ + "shape":"AutomatedReasoningPolicyUpdateRuleMutation", + "documentation":"

A mutation to modify an existing rule in the policy.

" + }, + "deleteRule":{ + "shape":"AutomatedReasoningPolicyDeleteRuleMutation", + "documentation":"

A mutation to remove a rule from the policy.

" + } + }, + "documentation":"

A container for various mutation operations that can be applied to an Automated Reasoning policy, including adding, updating, and deleting policy elements.

", + "union":true + }, + "AutomatedReasoningPolicyName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[0-9a-zA-Z-_ ]+", + "sensitive":true + }, + "AutomatedReasoningPolicyPlanning":{ + "type":"structure", + "members":{}, + "documentation":"

Represents the planning phase of policy build workflow, where the system analyzes source content and determines what operations to perform.

" + }, + "AutomatedReasoningPolicyScenario":{ + "type":"structure", + "required":[ + "expression", + "alternateExpression", + "ruleIds", + "expectedResult" + ], + "members":{ + "expression":{ + "shape":"AutomatedReasoningPolicyScenarioExpression", + "documentation":"

The logical expression or condition that defines this test scenario.

" + }, + "alternateExpression":{ + "shape":"AutomatedReasoningPolicyScenarioAlternateExpression", + "documentation":"

An alternative way to express the same test scenario, used for validation and comparison purposes.

" + }, + "ruleIds":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleIdList", + "documentation":"

The list of rule identifiers that are expected to be triggered or evaluated by this test scenario.

" + }, + "expectedResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"

The expected outcome when this scenario is evaluated against the policy (e.g., PASS, FAIL, VIOLATION).

" + } + }, + "documentation":"

Represents a test scenario used to validate an Automated Reasoning policy, including the test conditions and expected outcomes.

" + }, + "AutomatedReasoningPolicyScenarioAlternateExpression":{ + "type":"string", + "max":1024, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyScenarioExpression":{ + "type":"string", + "max":1024, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicySummaries":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicySummary"}, + "max":1000, + "min":0 + }, + "AutomatedReasoningPolicySummary":{ + "type":"structure", + "required":[ + "policyArn", + "name", + "version", + "policyId", + "createdAt", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The name of the policy.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

The description of the policy.

" + }, + "version":{ + "shape":"AutomatedReasoningPolicyVersion", + "documentation":"

The version of the policy.

" + }, + "policyId":{ + "shape":"AutomatedReasoningPolicyId", + "documentation":"

The unique identifier of the policy.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was last updated.

" + } + }, + "documentation":"

Contains summary information about an Automated Reasoning policy, including metadata and timestamps.

" + }, + "AutomatedReasoningPolicyTestCase":{ + "type":"structure", + "required":[ + "testCaseId", + "guardContent", + "createdAt", + "updatedAt" + ], + "members":{ + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the test.

" + }, + "guardContent":{ + "shape":"AutomatedReasoningPolicyTestGuardContent", + "documentation":"

The output content to be validated by the policy, typically representing a foundation model response.

" + }, + "queryContent":{ + "shape":"AutomatedReasoningPolicyTestQueryContent", + "documentation":"

The input query or prompt that generated the content. This provides context for the validation.

" + }, + "expectedAggregatedFindingsResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"

The expected result of the Automated Reasoning check for this test.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the test was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the test was last updated.

" + }, + "confidenceThreshold":{ + "shape":"AutomatedReasoningCheckTranslationConfidence", + "documentation":"

The minimum confidence level for logic validation. Content meeting this threshold is considered high-confidence and can be validated.

" + } + }, + "documentation":"

Represents a test for validating an Automated Reasoning policy. tests contain sample inputs and expected outcomes to verify policy behavior.

" + }, + "AutomatedReasoningPolicyTestCaseId":{ + "type":"string", + "max":12, + "min":0, + "pattern":"[0-9A-Z]{12}" + }, + "AutomatedReasoningPolicyTestCaseIdList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyTestCaseId"}, + "max":1, + "min":1 + }, + "AutomatedReasoningPolicyTestCaseList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyTestCase"}, + "max":1000, + "min":0 + }, + "AutomatedReasoningPolicyTestGuardContent":{ + "type":"string", + "max":1024, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyTestList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyTestResult"}, + "max":5000, + "min":0 + }, + "AutomatedReasoningPolicyTestQueryContent":{ + "type":"string", + "max":1024, + "min":0, + "sensitive":true + }, + "AutomatedReasoningPolicyTestResult":{ + "type":"structure", + "required":[ + "testCase", + "policyArn", + "testRunStatus", + "updatedAt" + ], + "members":{ + "testCase":{ + "shape":"AutomatedReasoningPolicyTestCase", + "documentation":"

The test case that was executed, including the input content, expected results, and configuration parameters used during validation.

" + }, + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy that was tested.

" + }, + "testRunStatus":{ + "shape":"AutomatedReasoningPolicyTestRunStatus", + "documentation":"

The overall status of the test run (e.g., COMPLETED, FAILED, IN_PROGRESS).

" + }, + "testFindings":{ + "shape":"AutomatedReasoningCheckFindingList", + "documentation":"

Detailed findings from the test run, including any issues, violations, or unexpected behaviors discovered.

" + }, + "testRunResult":{ + "shape":"AutomatedReasoningPolicyTestRunResult", + "documentation":"

The overall result of the test run, indicating whether the policy passed or failed validation.

" + }, + "aggregatedTestFindingsResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"

A summary of all test findings, aggregated to provide an overall assessment of policy quality and correctness.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the test results were last updated.

" + } + }, + "documentation":"

Contains the results of testing an Automated Reasoning policy against various scenarios and validation checks.

" + }, + "AutomatedReasoningPolicyTestRunResult":{ + "type":"string", + "enum":[ + "PASSED", + "FAILED" + ] + }, + "AutomatedReasoningPolicyTestRunStatus":{ + "type":"string", + "enum":[ + "NOT_STARTED", + "SCHEDULED", + "IN_PROGRESS", + "COMPLETED", + "FAILED" + ] + }, + "AutomatedReasoningPolicyTypeValueAnnotation":{ + "type":"structure", + "members":{ + "addTypeValue":{ + "shape":"AutomatedReasoningPolicyAddTypeValue", + "documentation":"

An operation to add a new value to an existing custom type.

" + }, + "updateTypeValue":{ + "shape":"AutomatedReasoningPolicyUpdateTypeValue", + "documentation":"

An operation to modify an existing value within a custom type.

" + }, + "deleteTypeValue":{ + "shape":"AutomatedReasoningPolicyDeleteTypeValue", + "documentation":"

An operation to remove a value from an existing custom type.

" + } + }, + "documentation":"

An annotation for managing values within custom types, including adding, updating, or removing specific type values.

", + "union":true + }, + "AutomatedReasoningPolicyTypeValueAnnotationList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyTypeValueAnnotation"}, + "max":50, + "min":0 + }, + "AutomatedReasoningPolicyUpdateFromRuleFeedbackAnnotation":{ + "type":"structure", + "required":["feedback"], + "members":{ + "ruleIds":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleIdList", + "documentation":"

The list of rule identifiers that the feedback applies to.

" + }, + "feedback":{ + "shape":"AutomatedReasoningPolicyAnnotationFeedbackNaturalLanguage", + "documentation":"

The feedback information about rule performance, including suggestions for improvements or corrections.

" + } + }, + "documentation":"

An annotation for updating the policy based on feedback about how specific rules performed during testing or real-world usage.

" + }, + "AutomatedReasoningPolicyUpdateFromScenarioFeedbackAnnotation":{ + "type":"structure", + "required":["scenarioExpression"], + "members":{ + "ruleIds":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleIdList", + "documentation":"

The list of rule identifiers that were involved in the scenario being evaluated.

" + }, + "scenarioExpression":{ + "shape":"AutomatedReasoningPolicyScenarioExpression", + "documentation":"

The logical expression that defines the test scenario that generated this feedback.

" + }, + "feedback":{ + "shape":"AutomatedReasoningPolicyAnnotationFeedbackNaturalLanguage", + "documentation":"

The feedback information about scenario performance, including any issues or improvements identified.

" + } + }, + "documentation":"

An annotation for updating the policy based on feedback about how it performed on specific test scenarios.

" + }, + "AutomatedReasoningPolicyUpdateRuleAnnotation":{ + "type":"structure", + "required":[ + "ruleId", + "expression" + ], + "members":{ + "ruleId":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleId", + "documentation":"

The unique identifier of the rule to update.

" + }, + "expression":{ + "shape":"AutomatedReasoningPolicyDefinitionRuleExpression", + "documentation":"

The new formal logical expression for the rule, replacing the previous expression.

" + } + }, + "documentation":"

An annotation for modifying an existing rule in an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyUpdateRuleMutation":{ + "type":"structure", + "required":["rule"], + "members":{ + "rule":{ + "shape":"AutomatedReasoningPolicyDefinitionRule", + "documentation":"

The updated rule definition containing the modified formal logical expression and any changed metadata for the existing rule.

" + } + }, + "documentation":"

A mutation operation that modifies an existing rule in the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyUpdateTypeAnnotation":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The current name of the custom type to update.

" + }, + "newName":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeName", + "documentation":"

The new name for the custom type, if you want to rename it. If not provided, the name remains unchanged.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeDescription", + "documentation":"

The new description for the custom type, replacing the previous description.

" + }, + "values":{ + "shape":"AutomatedReasoningPolicyTypeValueAnnotationList", + "documentation":"

The updated list of values for the custom type, which can include additions, modifications, or removals.

" + } + }, + "documentation":"

An annotation for modifying an existing custom type in an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyUpdateTypeMutation":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"AutomatedReasoningPolicyDefinitionType", + "documentation":"

The updated type definition containing the modified name, description, or values for the existing custom type.

" + } + }, + "documentation":"

A mutation operation that modifies an existing custom type in the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyUpdateTypeValue":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The current identifier or name of the type value to update.

" + }, + "newValue":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueName", + "documentation":"

The new identifier or name for the type value, if you want to rename it.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionTypeValueDescription", + "documentation":"

The new description for the type value, replacing the previous description.

" + } + }, + "documentation":"

Represents a modification to a value within an existing custom type.

" + }, + "AutomatedReasoningPolicyUpdateVariableAnnotation":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The current name of the variable to update.

" + }, + "newName":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableName", + "documentation":"

The new name for the variable, if you want to rename it. If not provided, the name remains unchanged.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDefinitionVariableDescription", + "documentation":"

The new description for the variable, replacing the previous description.

" + } + }, + "documentation":"

An annotation for modifying an existing variable in an Automated Reasoning policy.

" + }, + "AutomatedReasoningPolicyUpdateVariableMutation":{ + "type":"structure", + "required":["variable"], + "members":{ + "variable":{ + "shape":"AutomatedReasoningPolicyDefinitionVariable", + "documentation":"

The updated variable definition containing the modified name, type, or description for the existing variable.

" + } + }, + "documentation":"

A mutation operation that modifies an existing variable in the policy definition during the build process.

" + }, + "AutomatedReasoningPolicyVersion":{ + "type":"string", + "max":12, + "min":0, + "pattern":"([1-9][0-9]{0,11})" + }, + "AutomatedReasoningPolicyWorkflowTypeContent":{ + "type":"structure", + "members":{ + "documents":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowDocumentList", + "documentation":"

The list of documents to be processed in a document ingestion workflow.

" + }, + "policyRepairAssets":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowRepairContent", + "documentation":"

The assets and instructions needed for a policy repair workflow, including repair annotations and guidance.

" + } + }, + "documentation":"

Defines the content and configuration for different types of policy build workflows.

", + "union":true + }, "BaseModelIdentifier":{ "type":"string", "max":2048, @@ -1245,7 +3826,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))))|(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):inference-profile/[a-zA-Z0-9-:.]+)|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)" + "pattern":"(arn:aws(-[^:]+)?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" }, "BedrockModelId":{ "type":"string", @@ -1253,6 +3834,12 @@ "min":0, "pattern":"[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12}|)" }, + "BedrockRerankingModelArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/(.*))?" + }, "Boolean":{ "type":"boolean", "box":true @@ -1297,6 +3884,31 @@ }, "documentation":"

Contains the document contained in the wrapper object, along with its attributes/fields.

" }, + "CancelAutomatedReasoningPolicyBuildWorkflowRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose build workflow you want to cancel.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow to cancel. You can get this ID from the StartAutomatedReasoningPolicyBuildWorkflow response or by listing build workflows.

", + "location":"uri", + "locationName":"buildWorkflowId" + } + } + }, + "CancelAutomatedReasoningPolicyBuildWorkflowResponse":{ + "type":"structure", + "members":{} + }, "CloudWatchConfig":{ "type":"structure", "required":[ @@ -1342,6 +3954,279 @@ "type":"string", "pattern":".*[a-z]{1,20}/.{1,20}.*" }, + "CreateAutomatedReasoningPolicyRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

A unique name for the Automated Reasoning policy. The name must be between 1 and 63 characters and can contain letters, numbers, hyphens, and underscores.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

A description of the Automated Reasoning policy. Use this to provide context about the policy's purpose and the types of validations it performs.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than once. If this token matches a previous request, Amazon Bedrock ignores the request but doesn't return an error.

", + "idempotencyToken":true + }, + "policyDefinition":{ + "shape":"AutomatedReasoningPolicyDefinition", + "documentation":"

The policy definition that contains the formal logic rules, variables, and custom variable types used to validate foundation model responses in your application.

" + }, + "kmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

The identifier of the KMS key to use for encrypting the automated reasoning policy and its associated artifacts. If you don't specify a KMS key, Amazon Bedrock uses an KMS managed key for encryption. For enhanced security and control, you can specify a customer managed KMS key.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

A list of tags to associate with the Automated Reasoning policy. Tags help you organize and manage your policies.

" + } + } + }, + "CreateAutomatedReasoningPolicyResponse":{ + "type":"structure", + "required":[ + "policyArn", + "version", + "name", + "createdAt", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy that you created.

" + }, + "version":{ + "shape":"AutomatedReasoningPolicyVersion", + "documentation":"

The version number of the newly created Automated Reasoning policy. The initial version is always DRAFT.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The name of the Automated Reasoning policy.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

The description of the Automated Reasoning policy.

" + }, + "definitionHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash of the policy definition. This is used as a concurrency token for creating policy versions that you can use in your application.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was last updated.

" + } + } + }, + "CreateAutomatedReasoningPolicyTestCaseRequest":{ + "type":"structure", + "required":[ + "policyArn", + "guardContent", + "expectedAggregatedFindingsResult" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy for which to create the test.

", + "location":"uri", + "locationName":"policyArn" + }, + "guardContent":{ + "shape":"AutomatedReasoningPolicyTestGuardContent", + "documentation":"

The output content that's validated by the Automated Reasoning policy. This represents the foundation model response that will be checked for accuracy.

" + }, + "queryContent":{ + "shape":"AutomatedReasoningPolicyTestQueryContent", + "documentation":"

The input query or prompt that generated the content. This provides context for the validation.

" + }, + "expectedAggregatedFindingsResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"

The expected result of the Automated Reasoning check. Valid values include: , TOO_COMPLEX, and NO_TRANSLATIONS.

  • VALID - The claims are true. The claims are implied by the premises and the Automated Reasoning policy. Given the Automated Reasoning policy and premises, it is not possible for these claims to be false. In other words, there are no alternative answers that are true that contradict the claims.

  • INVALID - The claims are false. The claims are not implied by the premises and Automated Reasoning policy. Furthermore, there exists different claims that are consistent with the premises and Automated Reasoning policy.

  • SATISFIABLE - The claims can be true or false. It depends on what assumptions are made for the claim to be implied from the premises and Automated Reasoning policy rules. In this situation, different assumptions can make input claims false and alternative claims true.

  • IMPOSSIBLE - Automated Reasoning can’t make a statement about the claims. This can happen if the premises are logically incorrect, or if there is a conflict within the Automated Reasoning policy itself.

  • TRANSLATION_AMBIGUOUS - Detected an ambiguity in the translation meant it would be unsound to continue with validity checking. Additional context or follow-up questions might be needed to get translation to succeed.

  • TOO_COMPLEX - The input contains too much information for Automated Reasoning to process within its latency limits.

  • NO_TRANSLATIONS - Identifies that some or all of the input prompt wasn't translated into logic. This can happen if the input isn't relevant to the Automated Reasoning policy, or if the policy doesn't have variables to model relevant input. If Automated Reasoning can't translate anything, you get a single NO_TRANSLATIONS finding. You might also see a NO_TRANSLATIONS (along with other findings) if some part of the validation isn't translated.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + }, + "confidenceThreshold":{ + "shape":"AutomatedReasoningCheckTranslationConfidence", + "documentation":"

The minimum confidence level for logic validation. Content that meets the threshold is considered a high-confidence finding that can be validated.

" + } + } + }, + "CreateAutomatedReasoningPolicyTestCaseResponse":{ + "type":"structure", + "required":[ + "policyArn", + "testCaseId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy for which the test was created.

" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the created test.

" + } + } + }, + "CreateAutomatedReasoningPolicyVersionRequest":{ + "type":"structure", + "required":[ + "policyArn", + "lastUpdatedDefinitionHash" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy for which to create a version.

", + "location":"uri", + "locationName":"policyArn" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + }, + "lastUpdatedDefinitionHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash of the current policy definition used as a concurrency token to ensure the policy hasn't been modified since you last retrieved it.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

A list of tags to associate with the policy version.

" + } + } + }, + "CreateAutomatedReasoningPolicyVersionResponse":{ + "type":"structure", + "required":[ + "policyArn", + "version", + "name", + "definitionHash", + "createdAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The versioned Amazon Resource Name (ARN) of the policy version.

" + }, + "version":{ + "shape":"AutomatedReasoningPolicyVersion", + "documentation":"

The version number of the policy version.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The name of the policy version.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

The description of the policy version.

" + }, + "definitionHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash of the policy definition for this version.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy version was created.

" + } + } + }, + "CreateCustomModelDeploymentRequest":{ + "type":"structure", + "required":[ + "modelDeploymentName", + "modelArn" + ], + "members":{ + "modelDeploymentName":{ + "shape":"ModelDeploymentName", + "documentation":"

The name for the custom model deployment. The name must be unique within your Amazon Web Services account and Region.

" + }, + "modelArn":{ + "shape":"CustomModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model to deploy for on-demand inference. The custom model must be in the Active state.

" + }, + "description":{ + "shape":"CustomModelDeploymentDescription", + "documentation":"

A description for the custom model deployment to help you identify its purpose.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

Tags to assign to the custom model deployment. You can use tags to organize and track your Amazon Web Services resources for cost allocation and management purposes.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + } + } + }, + "CreateCustomModelDeploymentResponse":{ + "type":"structure", + "required":["customModelDeploymentArn"], + "members":{ + "customModelDeploymentArn":{ + "shape":"CustomModelDeploymentArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model deployment. Use this ARN as the modelId parameter when invoking the model with the InvokeModel or Converse operations.

" + } + } + }, + "CreateCustomModelRequest":{ + "type":"structure", + "required":[ + "modelName", + "modelSourceConfig" + ], + "members":{ + "modelName":{ + "shape":"CustomModelName", + "documentation":"

A unique name for the custom model.

" + }, + "modelSourceConfig":{ + "shape":"ModelDataSource", + "documentation":"

The data source for the model. The Amazon S3 URI in the model source must be for the Amazon-managed Amazon S3 bucket containing your model artifacts.

" + }, + "modelKmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the customer managed KMS key to encrypt the custom model. If you don't provide a KMS key, Amazon Bedrock uses an Amazon Web Services-managed KMS key to encrypt the model.

If you provide a customer managed KMS key, your Amazon Bedrock service role must have permissions to use it. For more information see Encryption of imported models.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of an IAM service role that Amazon Bedrock assumes to perform tasks on your behalf. This role must have permissions to access the Amazon S3 bucket containing your model artifacts and the KMS key (if specified). For more information, see Setting up an IAM service role for importing models in the Amazon Bedrock User Guide.

" + }, + "modelTags":{ + "shape":"TagList", + "documentation":"

A list of key-value pairs to associate with the custom model resource. You can use these tags to organize and identify your resources.

For more information, see Tagging resources in the Amazon Bedrock User Guide.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + } + } + }, + "CreateCustomModelResponse":{ + "type":"structure", + "required":["modelArn"], + "members":{ + "modelArn":{ + "shape":"ModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the new custom model.

" + } + } + }, "CreateEvaluationJobRequest":{ "type":"structure", "required":[ @@ -1405,6 +4290,33 @@ } } }, + "CreateFoundationModelAgreementRequest":{ + "type":"structure", + "required":[ + "offerToken", + "modelId" + ], + "members":{ + "offerToken":{ + "shape":"OfferToken", + "documentation":"

An offer token encapsulates the information for an offer.

" + }, + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

Model Id of the model for the access request.

" + } + } + }, + "CreateFoundationModelAgreementResponse":{ + "type":"structure", + "required":["modelId"], + "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

Model Id of the model for the access request.

" + } + } + }, "CreateGuardrailRequest":{ "type":"structure", "required":[ @@ -1441,6 +4353,14 @@ "shape":"GuardrailContextualGroundingPolicyConfig", "documentation":"

The contextual grounding policy configuration used to create a guardrail.

" }, + "automatedReasoningPolicyConfig":{ + "shape":"GuardrailAutomatedReasoningPolicyConfig", + "documentation":"

Optional configuration for integrating Automated Reasoning policies with the new guardrail.

" + }, + "crossRegionConfig":{ + "shape":"GuardrailCrossRegionConfig", + "documentation":"

The system-defined guardrail profile that you're using with your guardrail. Guardrail profiles define the destination Amazon Web Services Regions where guardrail inference requests can be automatically routed.

For more information, see the Amazon Bedrock User Guide.

" + }, "blockedInputMessaging":{ "shape":"GuardrailBlockedMessaging", "documentation":"

The message to return when the guardrail blocks a prompt.

" @@ -1858,6 +4778,55 @@ } } }, + "CreatePromptRouterRequest":{ + "type":"structure", + "required":[ + "promptRouterName", + "models", + "routingCriteria", + "fallbackModel" + ], + "members":{ + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure idempotency of your requests. If not specified, the Amazon Web Services SDK automatically generates one for you.

", + "idempotencyToken":true + }, + "promptRouterName":{ + "shape":"PromptRouterName", + "documentation":"

The name of the prompt router. The name must be unique within your Amazon Web Services account in the current region.

" + }, + "models":{ + "shape":"PromptRouterTargetModels", + "documentation":"

A list of foundation models that the prompt router can route requests to. At least one model must be specified.

" + }, + "description":{ + "shape":"PromptRouterDescription", + "documentation":"

An optional description of the prompt router to help identify its purpose.

" + }, + "routingCriteria":{ + "shape":"RoutingCriteria", + "documentation":"

The criteria, which is the response quality difference, used to determine how incoming requests are routed to different models.

" + }, + "fallbackModel":{ + "shape":"PromptRouterTargetModel", + "documentation":"

The default model to use when the routing criteria is not met.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

An array of key-value pairs to apply to this resource as tags. You can use tags to categorize and manage your Amazon Web Services resources.

" + } + } + }, + "CreatePromptRouterResponse":{ + "type":"structure", + "members":{ + "promptRouterArn":{ + "shape":"PromptRouterArn", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the prompt router.

" + } + } + }, "CreateProvisionedModelThroughputRequest":{ "type":"structure", "required":[ @@ -1903,11 +4872,138 @@ } } }, + "CustomMetricBedrockEvaluatorModel":{ + "type":"structure", + "required":["modelIdentifier"], + "members":{ + "modelIdentifier":{ + "shape":"EvaluatorModelIdentifier", + "documentation":"

The Amazon Resource Name (ARN) of the evaluator model for custom metrics. For a list of supported evaluator models, see Evaluate model performance using another LLM as a judge and Evaluate the performance of RAG sources using Amazon Bedrock evaluations.

" + } + }, + "documentation":"

Defines the model you want to evaluate custom metrics in an Amazon Bedrock evaluation job.

" + }, + "CustomMetricBedrockEvaluatorModels":{ + "type":"list", + "member":{"shape":"CustomMetricBedrockEvaluatorModel"}, + "max":1, + "min":1 + }, + "CustomMetricDefinition":{ + "type":"structure", + "required":[ + "name", + "instructions" + ], + "members":{ + "name":{ + "shape":"MetricName", + "documentation":"

The name for a custom metric. Names must be unique in your Amazon Web Services region.

" + }, + "instructions":{ + "shape":"CustomMetricInstructions", + "documentation":"

The prompt for a custom metric that instructs the evaluator model how to rate the model or RAG source under evaluation.

" + }, + "ratingScale":{ + "shape":"RatingScale", + "documentation":"

Defines the rating scale to be used for a custom metric. We recommend that you always define a ratings scale when creating a custom metric. If you don't define a scale, Amazon Bedrock won't be able to visually display the results of the evaluation in the console or calculate average values of numerical scores. For more information on specifying a rating scale, see Specifying an output schema (rating scale).

" + } + }, + "documentation":"

The definition of a custom metric for use in an Amazon Bedrock evaluation job. A custom metric definition includes a metric name, prompt (instructions) and optionally, a rating scale. Your prompt must include a task description and input variables. The required input variables are different for model-as-a-judge and RAG evaluations.

For more information about how to define a custom metric in Amazon Bedrock, see Create a prompt for a custom metrics (LLM-as-a-judge model evaluations) and Create a prompt for a custom metrics (RAG evaluations).

", + "sensitive":true + }, + "CustomMetricEvaluatorModelConfig":{ + "type":"structure", + "required":["bedrockEvaluatorModels"], + "members":{ + "bedrockEvaluatorModels":{ + "shape":"CustomMetricBedrockEvaluatorModels", + "documentation":"

Defines the model you want to evaluate custom metrics in an Amazon Bedrock evaluation job.

" + } + }, + "documentation":"

Configuration of the evaluator model you want to use to evaluate custom metrics in an Amazon Bedrock evaluation job.

" + }, + "CustomMetricInstructions":{ + "type":"string", + "max":5000, + "min":1 + }, "CustomModelArn":{ "type":"string", "max":1011, "min":20, - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}/[a-z0-9]{12}" + "pattern":"arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:custom-model/(imported|[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2})/[a-z0-9]{12}" + }, + "CustomModelDeploymentArn":{ + "type":"string", + "max":1011, + "min":0, + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:custom-model-deployment/[a-z0-9]{12}" + }, + "CustomModelDeploymentDescription":{ + "type":"string", + "max":2048, + "min":1, + "pattern":".*" + }, + "CustomModelDeploymentIdentifier":{ + "type":"string", + "max":93, + "min":1, + "pattern":"(arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:[a-z0-9-]{1,20}:[0-9]{12}:custom-model-deployment/[a-z0-9]{12})|^([0-9a-zA-Z][_-]?){1,63}" + }, + "CustomModelDeploymentStatus":{ + "type":"string", + "enum":[ + "Creating", + "Active", + "Failed" + ] + }, + "CustomModelDeploymentSummary":{ + "type":"structure", + "required":[ + "customModelDeploymentArn", + "customModelDeploymentName", + "modelArn", + "createdAt", + "status" + ], + "members":{ + "customModelDeploymentArn":{ + "shape":"CustomModelDeploymentArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model deployment.

" + }, + "customModelDeploymentName":{ + "shape":"ModelDeploymentName", + "documentation":"

The name of the custom model deployment.

" + }, + "modelArn":{ + "shape":"ModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model associated with this deployment.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the custom model deployment was created.

" + }, + "status":{ + "shape":"CustomModelDeploymentStatus", + "documentation":"

The status of the custom model deployment. Possible values are CREATING, ACTIVE, and FAILED.

" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the custom model deployment was last modified.

" + }, + "failureMessage":{ + "shape":"ErrorMessage", + "documentation":"

If the deployment status is FAILED, this field contains a message describing the failure reason.

" + } + }, + "documentation":"

Contains summary information about a custom model deployment, including its ARN, name, status, and associated custom model.

" + }, + "CustomModelDeploymentSummaryList":{ + "type":"list", + "member":{"shape":"CustomModelDeploymentSummary"} }, "CustomModelName":{ "type":"string", @@ -1952,6 +5048,10 @@ "ownerAccountId":{ "shape":"AccountId", "documentation":"

The unique identifier of the account that owns the model.

" + }, + "modelStatus":{ + "shape":"ModelStatus", + "documentation":"

The current status of the custom model. Possible values include:

  • Creating - The model is being created and validated.

  • Active - The model has been successfully created and is ready for use.

  • Failed - The model creation process failed.

" } }, "documentation":"

Summary information for a custom model.

" @@ -1960,12 +5060,30 @@ "type":"list", "member":{"shape":"CustomModelSummary"} }, + "CustomModelUnits":{ + "type":"structure", + "members":{ + "customModelUnitsPerModelCopy":{ + "shape":"Integer", + "documentation":"

The number of custom model units used to host a model copy.

" + }, + "customModelUnitsVersion":{ + "shape":"CustomModelUnitsVersion", + "documentation":"

The version of the custom model unit. Use to determine the billing rate for the custom model unit.

" + } + }, + "documentation":"

A CustomModelUnit (CMU) is an abstract view of the hardware utilization that Amazon Bedrock needs to host a single copy of your custom model. A model copy represents a single instance of your imported model that is ready to serve inference requests. Amazon Bedrock determines the number of custom model units that a model copy needs when you import the custom model.

You can use CustomModelUnits to estimate the cost of running your custom model. For more information, see Calculate the cost of running a custom model in the Amazon Bedrock user guide.

" + }, + "CustomModelUnitsVersion":{ + "type":"string", + "pattern":"v\\d+.\\d+" + }, "CustomizationConfig":{ "type":"structure", "members":{ "distillationConfig":{ "shape":"DistillationConfig", - "documentation":"

The distillation configuration for the custom model.

" + "documentation":"

The Distillation configuration for the custom model.

" } }, "documentation":"

A model customization configuration

", @@ -1976,9 +5094,130 @@ "enum":[ "FINE_TUNING", "CONTINUED_PRE_TRAINING", - "DISTILLATION" + "DISTILLATION", + "IMPORTED" ] }, + "DataProcessingDetails":{ + "type":"structure", + "members":{ + "status":{ + "shape":"JobStatusDetails", + "documentation":"

The status of the data processing sub-task of the job.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The start time of the data processing sub-task of the job.

" + }, + "lastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

The latest update to the data processing sub-task of the job.

" + } + }, + "documentation":"

For a Distillation job, the status details for the data processing sub-task of the job.

" + }, + "DeleteAutomatedReasoningPolicyBuildWorkflowRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "lastUpdatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose build workflow you want to delete.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow to delete.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the build workflow was last updated. This is used for optimistic concurrency control to prevent accidental deletion of workflows that have been modified.

", + "location":"querystring", + "locationName":"updatedAt" + } + } + }, + "DeleteAutomatedReasoningPolicyBuildWorkflowResponse":{ + "type":"structure", + "members":{} + }, + "DeleteAutomatedReasoningPolicyRequest":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy to delete.

", + "location":"uri", + "locationName":"policyArn" + }, + "force":{ + "shape":"Boolean", + "documentation":"

Specifies whether to force delete the automated reasoning policy even if it has active resources. When false, Amazon Bedrock validates if all artifacts have been deleted (e.g. policy version, test case, test result) for a policy before deletion. When true, Amazon Bedrock will delete the policy and all its artifacts without validation. Default is false.

", + "location":"querystring", + "locationName":"force" + } + } + }, + "DeleteAutomatedReasoningPolicyResponse":{ + "type":"structure", + "members":{} + }, + "DeleteAutomatedReasoningPolicyTestCaseRequest":{ + "type":"structure", + "required":[ + "policyArn", + "testCaseId", + "lastUpdatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy that contains the test.

", + "location":"uri", + "locationName":"policyArn" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the test to delete.

", + "location":"uri", + "locationName":"testCaseId" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the test was last updated. This is used as a concurrency token to prevent conflicting modifications.

", + "location":"querystring", + "locationName":"updatedAt" + } + } + }, + "DeleteAutomatedReasoningPolicyTestCaseResponse":{ + "type":"structure", + "members":{} + }, + "DeleteCustomModelDeploymentRequest":{ + "type":"structure", + "required":["customModelDeploymentIdentifier"], + "members":{ + "customModelDeploymentIdentifier":{ + "shape":"CustomModelDeploymentIdentifier", + "documentation":"

The Amazon Resource Name (ARN) or name of the custom model deployment to delete.

", + "location":"uri", + "locationName":"customModelDeploymentIdentifier" + } + } + }, + "DeleteCustomModelDeploymentResponse":{ + "type":"structure", + "members":{} + }, "DeleteCustomModelRequest":{ "type":"structure", "required":["modelIdentifier"], @@ -1993,9 +5232,22 @@ }, "DeleteCustomModelResponse":{ "type":"structure", + "members":{} + }, + "DeleteFoundationModelAgreementRequest":{ + "type":"structure", + "required":["modelId"], "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

Model Id of the model access to delete.

" + } } }, + "DeleteFoundationModelAgreementResponse":{ + "type":"structure", + "members":{} + }, "DeleteGuardrailRequest":{ "type":"structure", "required":["guardrailIdentifier"], @@ -2016,8 +5268,7 @@ }, "DeleteGuardrailResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImportedModelRequest":{ "type":"structure", @@ -2033,8 +5284,7 @@ }, "DeleteImportedModelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInferenceProfileRequest":{ "type":"structure", @@ -2050,8 +5300,7 @@ }, "DeleteInferenceProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMarketplaceModelEndpointRequest":{ "type":"structure", @@ -2067,19 +5316,32 @@ }, "DeleteMarketplaceModelEndpointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteModelInvocationLoggingConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteModelInvocationLoggingConfigurationResponse":{ "type":"structure", + "members":{} + }, + "DeletePromptRouterRequest":{ + "type":"structure", + "required":["promptRouterArn"], "members":{ + "promptRouterArn":{ + "shape":"PromptRouterArn", + "documentation":"

The Amazon Resource Name (ARN) of the prompt router to delete.

", + "location":"uri", + "locationName":"promptRouterArn" + } } }, + "DeletePromptRouterResponse":{ + "type":"structure", + "members":{} + }, "DeleteProvisionedModelThroughputRequest":{ "type":"structure", "required":["provisionedModelId"], @@ -2094,8 +5356,7 @@ }, "DeleteProvisionedModelThroughputResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterMarketplaceModelEndpointRequest":{ "type":"structure", @@ -2111,8 +5372,29 @@ }, "DeregisterMarketplaceModelEndpointResponse":{ "type":"structure", + "members":{} + }, + "DimensionalPriceRate":{ + "type":"structure", "members":{ - } + "dimension":{ + "shape":"String", + "documentation":"

Dimension for the price rate.

" + }, + "price":{ + "shape":"String", + "documentation":"

Single-dimensional rate information.

" + }, + "description":{ + "shape":"String", + "documentation":"

Description of the price rate.

" + }, + "unit":{ + "shape":"String", + "documentation":"

Unit associated with the price.

" + } + }, + "documentation":"

Dimensional price rate.

" }, "DistillationConfig":{ "type":"structure", @@ -2141,6 +5423,13 @@ "max":30, "min":1 }, + "EntitlementAvailability":{ + "type":"string", + "enum":[ + "AVAILABLE", + "NOT_AVAILABLE" + ] + }, "ErrorMessage":{ "type":"string", "max":2048, @@ -2152,12 +5441,18 @@ "max":20, "min":0 }, + "EvaluationBedrockKnowledgeBaseIdentifiers":{ + "type":"list", + "member":{"shape":"KnowledgeBaseId"}, + "max":1, + "min":0 + }, "EvaluationBedrockModel":{ "type":"structure", "required":["modelIdentifier"], "members":{ "modelIdentifier":{ - "shape":"EvaluationModelIdentifier", + "shape":"EvaluationBedrockModelIdentifier", "documentation":"

The ARN of the Amazon Bedrock model or inference profile specified.

" }, "inferenceParams":{ @@ -2171,6 +5466,18 @@ }, "documentation":"

Contains the ARN of the Amazon Bedrock model or inference profile specified in your evaluation job. Each Amazon Bedrock model supports different inferenceParams. To learn more about supported inference parameters for Amazon Bedrock models, see Inference parameters for foundation models.

The inferenceParams are specified using JSON. To successfully insert JSON as string make sure that all quotations are properly escaped. For example, \"temperature\":\"0.25\" key value pair would need to be formatted as \\\"temperature\\\":\\\"0.25\\\" to successfully accepted in the request.

" }, + "EvaluationBedrockModelIdentifier":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:((:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:application-inference-profile/[a-z0-9]{12})|([0-9]{12}:inference-profile/(([a-z-]{2,8}.)[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63})))|([0-9]{12}:(default-prompt-router|prompt-router)/[a-zA-Z0-9-:.]+)))|(([a-z]{2,4}[.]{1})([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|arn:aws(-[^:]+)?:sagemaker:[a-z0-9-]{1,20}:[0-9]{12}:endpoint/[a-z0-9-]{1,63}" + }, + "EvaluationBedrockModelIdentifiers":{ + "type":"list", + "member":{"shape":"EvaluationBedrockModelIdentifier"}, + "max":2, + "min":0 + }, "EvaluationConfig":{ "type":"structure", "members":{ @@ -2230,7 +5537,7 @@ }, "metricNames":{ "shape":"EvaluationMetricNames", - "documentation":"

The names of the metrics you want to use for your evaluation job.

For knowledge base evaluation jobs that evaluate retrieval only, valid values are \"Builtin.ContextRelevance\", \"Builtin.ContextConverage\".

For knowledge base evaluation jobs that evaluate retrieval with response generation, valid values are \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Helpfulness\", \"Builtin.LogicalCoherence\", \"Builtin.Faithfulness\", \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", \"Builtin.Refusal\".

For automated model evaluation jobs, valid values are \"Builtin.Accuracy\", \"Builtin.Robustness\", and \"Builtin.Toxicity\". In model evaluation jobs that use a LLM as judge you can specify \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Faithfulness\", \"Builtin.Helpfulness\", \"Builtin.Coherence\", \"Builtin.Relevance\", \"Builtin.FollowingInstructions\", \"Builtin.ProfessionalStyleAndTone\", You can also specify the following responsible AI related metrics only for model evaluation job that use a LLM as judge \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", and \"Builtin.Refusal\".

For human-based model evaluation jobs, the list of strings must match the name parameter specified in HumanEvaluationCustomMetric.

" + "documentation":"

The names of the metrics you want to use for your evaluation job.

For knowledge base evaluation jobs that evaluate retrieval only, valid values are \"Builtin.ContextRelevance\", \"Builtin.ContextCoverage\".

For knowledge base evaluation jobs that evaluate retrieval with response generation, valid values are \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Helpfulness\", \"Builtin.LogicalCoherence\", \"Builtin.Faithfulness\", \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", \"Builtin.Refusal\".

For automated model evaluation jobs, valid values are \"Builtin.Accuracy\", \"Builtin.Robustness\", and \"Builtin.Toxicity\". In model evaluation jobs that use a LLM as judge you can specify \"Builtin.Correctness\", \"Builtin.Completeness\", \"Builtin.Faithfulness\", \"Builtin.Helpfulness\", \"Builtin.Coherence\", \"Builtin.Relevance\", \"Builtin.FollowingInstructions\", \"Builtin.ProfessionalStyleAndTone\", You can also specify the following responsible AI related metrics only for model evaluation job that use a LLM as judge \"Builtin.Harmfulness\", \"Builtin.Stereotyping\", and \"Builtin.Refusal\".

For human-based model evaluation jobs, the list of strings must match the name parameter specified in HumanEvaluationCustomMetric.

" } }, "documentation":"

Defines the prompt datasets, built-in metric names and custom metric names, and the task type.

" @@ -2263,6 +5570,20 @@ "documentation":"

The configuration details of the inference model for an evaluation job.

For automated model evaluation jobs, only a single model is supported.

For human-based model evaluation jobs, your annotator can compare the responses for up to two different models.

", "union":true }, + "EvaluationInferenceConfigSummary":{ + "type":"structure", + "members":{ + "modelConfigSummary":{ + "shape":"EvaluationModelConfigSummary", + "documentation":"

A summary of the models used in an Amazon Bedrock model evaluation job. These resources can be models in Amazon Bedrock or models outside of Amazon Bedrock that you use to generate your own inference response data.

" + }, + "ragConfigSummary":{ + "shape":"EvaluationRagConfigSummary", + "documentation":"

A summary of the RAG resources used in an Amazon Bedrock Knowledge Base evaluation job. These resources can be Knowledge Bases in Amazon Bedrock or RAG sources outside of Amazon Bedrock that you use to generate your own inference response data.

" + } + }, + "documentation":"

Identifies the models, Knowledge Bases, or other RAG sources evaluated in a model or Knowledge Base evaluation job.

" + }, "EvaluationJobArn":{ "type":"string", "max":1011, @@ -2330,7 +5651,7 @@ "EvaluationMetricNames":{ "type":"list", "member":{"shape":"EvaluationMetricName"}, - "max":15, + "max":25, "min":1 }, "EvaluationModelConfig":{ @@ -2339,29 +5660,35 @@ "bedrockModel":{ "shape":"EvaluationBedrockModel", "documentation":"

Defines the Amazon Bedrock model or inference profile and inference parameters you want used.

" + }, + "precomputedInferenceSource":{ + "shape":"EvaluationPrecomputedInferenceSource", + "documentation":"

Defines the model used to generate inference response data for a model evaluation job where you provide your own inference response data.

" } }, "documentation":"

Defines the models used in the model evaluation job.

", "union":true }, + "EvaluationModelConfigSummary":{ + "type":"structure", + "members":{ + "bedrockModelIdentifiers":{ + "shape":"EvaluationBedrockModelIdentifiers", + "documentation":"

The Amazon Resource Names (ARNs) of the models used for the evaluation job.

" + }, + "precomputedInferenceSourceIdentifiers":{ + "shape":"EvaluationPrecomputedInferenceSourceIdentifiers", + "documentation":"

A label that identifies the models used for a model evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of the models used in an Amazon Bedrock model evaluation job. These resources can be models in Amazon Bedrock or models outside of Amazon Bedrock that you use to generate your own inference response data.

" + }, "EvaluationModelConfigs":{ "type":"list", "member":{"shape":"EvaluationModelConfig"}, "max":2, "min":1 }, - "EvaluationModelIdentifier":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:((:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:application-inference-profile/[a-z0-9]{12})|([0-9]{12}:inference-profile/(([a-z-]{2,8}.)[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63})))|([0-9]{12}:default-prompt-router/[a-zA-Z0-9-:.]+)))|(([a-z]{2}[.]{1})([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|arn:aws(-[^:]+)?:sagemaker:[a-z0-9-]{1,20}:[0-9]{12}:endpoint/[a-z0-9-]{1,63}" - }, - "EvaluationModelIdentifiers":{ - "type":"list", - "member":{"shape":"EvaluationModelIdentifier"}, - "max":2, - "min":0 - }, "EvaluationModelInferenceParams":{ "type":"string", "max":1023, @@ -2379,6 +5706,92 @@ }, "documentation":"

The Amazon S3 location where the results of your evaluation job are saved.

" }, + "EvaluationPrecomputedInferenceSource":{ + "type":"structure", + "required":["inferenceSourceIdentifier"], + "members":{ + "inferenceSourceIdentifier":{ + "shape":"EvaluationPrecomputedInferenceSourceIdentifier", + "documentation":"

A label that identifies a model used in a model evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of a model used for a model evaluation job where you provide your own inference response data.

" + }, + "EvaluationPrecomputedInferenceSourceIdentifier":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9]([a-zA-Z0-9._-]){0,255}" + }, + "EvaluationPrecomputedInferenceSourceIdentifiers":{ + "type":"list", + "member":{"shape":"EvaluationPrecomputedInferenceSourceIdentifier"}, + "max":2, + "min":0 + }, + "EvaluationPrecomputedRagSourceConfig":{ + "type":"structure", + "members":{ + "retrieveSourceConfig":{ + "shape":"EvaluationPrecomputedRetrieveSourceConfig", + "documentation":"

A summary of a RAG source used for a retrieve-only Knowledge Base evaluation job where you provide your own inference response data.

" + }, + "retrieveAndGenerateSourceConfig":{ + "shape":"EvaluationPrecomputedRetrieveAndGenerateSourceConfig", + "documentation":"

A summary of a RAG source used for a retrieve-and-generate Knowledge Base evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of a RAG source used for a Knowledge Base evaluation job where you provide your own inference response data.

", + "union":true + }, + "EvaluationPrecomputedRagSourceIdentifier":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9]([a-zA-Z0-9._-]){0,255}" + }, + "EvaluationPrecomputedRagSourceIdentifiers":{ + "type":"list", + "member":{"shape":"EvaluationPrecomputedRagSourceIdentifier"}, + "max":1, + "min":0 + }, + "EvaluationPrecomputedRetrieveAndGenerateSourceConfig":{ + "type":"structure", + "required":["ragSourceIdentifier"], + "members":{ + "ragSourceIdentifier":{ + "shape":"EvaluationPrecomputedRagSourceIdentifier", + "documentation":"

A label that identifies the RAG source used for a retrieve-and-generate Knowledge Base evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of a RAG source used for a retrieve-and-generate Knowledge Base evaluation job where you provide your own inference response data.

" + }, + "EvaluationPrecomputedRetrieveSourceConfig":{ + "type":"structure", + "required":["ragSourceIdentifier"], + "members":{ + "ragSourceIdentifier":{ + "shape":"EvaluationPrecomputedRagSourceIdentifier", + "documentation":"

A label that identifies the RAG source used for a retrieve-only Knowledge Base evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of a RAG source used for a retrieve-only Knowledge Base evaluation job where you provide your own inference response data.

" + }, + "EvaluationRagConfigSummary":{ + "type":"structure", + "members":{ + "bedrockKnowledgeBaseIdentifiers":{ + "shape":"EvaluationBedrockKnowledgeBaseIdentifiers", + "documentation":"

The Amazon Resource Names (ARNs) of the Knowledge Base resources used for a Knowledge Base evaluation job where Amazon Bedrock invokes the Knowledge Base for you.

" + }, + "precomputedRagSourceIdentifiers":{ + "shape":"EvaluationPrecomputedRagSourceIdentifiers", + "documentation":"

A label that identifies the RAG sources used for a Knowledge Base evaluation job where you provide your own inference response data.

" + } + }, + "documentation":"

A summary of the RAG resources used in an Amazon Bedrock Knowledge Base evaluation job. These resources can be Knowledge Bases in Amazon Bedrock or RAG sources outside of Amazon Bedrock that you use to generate your own inference response data.

" + }, "EvaluationRatingMethod":{ "type":"string", "max":100, @@ -2427,17 +5840,31 @@ "documentation":"

The type of task for model evaluation.

" }, "modelIdentifiers":{ - "shape":"EvaluationModelIdentifiers", - "documentation":"

The Amazon Resource Names (ARNs) of the model(s) used for the evaluation job.

" + "shape":"EvaluationBedrockModelIdentifiers", + "documentation":"

The Amazon Resource Names (ARNs) of the model(s) used for the evaluation job.

", + "deprecated":true, + "deprecatedMessage":"Inference identifiers should be retrieved from the inferenceConfigSummary", + "deprecatedSince":"2025-03-07" }, "ragIdentifiers":{ - "shape":"RAGIdentifiers", - "documentation":"

The Amazon Resource Names (ARNs) of the knowledge base resources used for a knowledge base evaluation job.

" + "shape":"EvaluationBedrockKnowledgeBaseIdentifiers", + "documentation":"

The Amazon Resource Names (ARNs) of the knowledge base resources used for a knowledge base evaluation job.

", + "deprecated":true, + "deprecatedMessage":"Inference identifiers should be retrieved from the inferenceConfigSummary", + "deprecatedSince":"2025-03-07" }, "evaluatorModelIdentifiers":{ "shape":"EvaluatorModelIdentifiers", "documentation":"

The Amazon Resource Names (ARNs) of the models used to compute the metrics for a knowledge base evaluation job.

" }, + "customMetricsEvaluatorModelIdentifiers":{ + "shape":"EvaluatorModelIdentifiers", + "documentation":"

The Amazon Resource Names (ARNs) of the models used to compute custom metrics in an Amazon Bedrock evaluation job.

" + }, + "inferenceConfigSummary":{ + "shape":"EvaluationInferenceConfigSummary", + "documentation":"

Identifies the models, Knowledge Bases, or other RAG sources evaluated in a model or Knowledge Base evaluation job.

" + }, "applicationType":{ "shape":"ApplicationType", "documentation":"

Specifies whether the evaluation job is for evaluating a model or evaluating a knowledge base (retrieval and response generation).

" @@ -2479,7 +5906,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}$|(^[a-z0-9-]+[.][a-z0-9-]+([.][a-z0-9-]+)*(:[a-z0-9-]+)?$)|^[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12}|)" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:((:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:inference-profile/(([a-z-]{2,8}.)[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63})))))$|(^[a-z0-9-]+[.][a-z0-9-]+([.][a-z0-9-]+)*(:[a-z0-9-]+)?$)|^[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12}|)" }, "EvaluatorModelIdentifiers":{ "type":"list", @@ -2487,6 +5914,29 @@ "max":1, "min":0 }, + "ExportAutomatedReasoningPolicyVersionRequest":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy to export. Can be either the unversioned ARN for the draft policy or a versioned ARN for a specific policy version.

", + "location":"uri", + "locationName":"policyArn" + } + } + }, + "ExportAutomatedReasoningPolicyVersionResponse":{ + "type":"structure", + "required":["policyDefinition"], + "members":{ + "policyDefinition":{ + "shape":"AutomatedReasoningPolicyDefinition", + "documentation":"

The exported policy definition containing the formal logic rules, variables, and custom variable types.

" + } + }, + "payload":"policyDefinition" + }, "ExternalSource":{ "type":"structure", "required":["sourceType"], @@ -2563,6 +6013,29 @@ }, "documentation":"

The configuration of the external source wrapper object in the retrieveAndGenerate function.

" }, + "FieldForReranking":{ + "type":"structure", + "required":["fieldName"], + "members":{ + "fieldName":{ + "shape":"FieldForRerankingFieldNameString", + "documentation":"

The name of the metadata field to be used during the reranking process.

" + } + }, + "documentation":"

Specifies a field to be used during the reranking process in a Knowledge Base vector search. This structure identifies metadata fields that should be considered when reordering search results to improve relevance.

" + }, + "FieldForRerankingFieldNameString":{ + "type":"string", + "max":2000, + "min":1 + }, + "FieldsForReranking":{ + "type":"list", + "member":{"shape":"FieldForReranking"}, + "max":100, + "min":1, + "sensitive":true + }, "FilterAttribute":{ "type":"structure", "required":[ @@ -2588,8 +6061,7 @@ }, "FilterValue":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "FineTuningJobStatus":{ @@ -2602,6 +6074,10 @@ "Stopped" ] }, + "Float":{ + "type":"float", + "box":true + }, "FoundationModelArn":{ "type":"string", "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}" @@ -2750,6 +6226,411 @@ }, "documentation":"

The configuration details for response generation based on retrieved text chunks.

" }, + "GetAutomatedReasoningPolicyAnnotationsRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose annotations you want to retrieve.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow whose annotations you want to retrieve.

", + "location":"uri", + "locationName":"buildWorkflowId" + } + } + }, + "GetAutomatedReasoningPolicyAnnotationsResponse":{ + "type":"structure", + "required":[ + "policyArn", + "name", + "buildWorkflowId", + "annotations", + "annotationSetHash", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The name of the Automated Reasoning policy.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow.

" + }, + "annotations":{ + "shape":"AutomatedReasoningPolicyAnnotationList", + "documentation":"

The current set of annotations containing rules, variables, and types extracted from the source documents. These can be modified before finalizing the policy.

" + }, + "annotationSetHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

A hash value representing the current state of the annotations. This is used for optimistic concurrency control when updating annotations.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the annotations were last updated.

" + } + } + }, + "GetAutomatedReasoningPolicyBuildWorkflowRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose build workflow you want to retrieve.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow to retrieve.

", + "location":"uri", + "locationName":"buildWorkflowId" + } + } + }, + "GetAutomatedReasoningPolicyBuildWorkflowResponse":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "status", + "buildWorkflowType", + "createdAt", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow.

" + }, + "status":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowStatus", + "documentation":"

The current status of the build workflow (e.g., RUNNING, COMPLETED, FAILED, CANCELLED).

" + }, + "buildWorkflowType":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowType", + "documentation":"

The type of build workflow being executed (e.g., DOCUMENT_INGESTION, POLICY_REPAIR).

" + }, + "documentName":{ + "shape":"AutomatedReasoningPolicyBuildDocumentName", + "documentation":"

The name of the source document used in the build workflow.

" + }, + "documentContentType":{ + "shape":"AutomatedReasoningPolicyBuildDocumentContentType", + "documentation":"

The content type of the source document (e.g., text/plain, application/pdf).

" + }, + "documentDescription":{ + "shape":"AutomatedReasoningPolicyBuildDocumentDescription", + "documentation":"

A detailed description of the document's content and how it should be used in the policy generation process.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the build workflow was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the build workflow was last updated.

" + } + } + }, + "GetAutomatedReasoningPolicyBuildWorkflowResultAssetsRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "assetType" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose build workflow assets you want to retrieve.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow whose result assets you want to retrieve.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "assetType":{ + "shape":"AutomatedReasoningPolicyBuildResultAssetType", + "documentation":"

The type of asset to retrieve (e.g., BUILD_LOG, QUALITY_REPORT, POLICY_DEFINITION).

", + "location":"querystring", + "locationName":"assetType" + } + } + }, + "GetAutomatedReasoningPolicyBuildWorkflowResultAssetsResponse":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow.

" + }, + "buildWorkflowAssets":{ + "shape":"AutomatedReasoningPolicyBuildResultAssets", + "documentation":"

The requested build workflow asset. This is a union type that returns only one of the available asset types (logs, reports, or generated artifacts) based on the specific asset type requested in the API call.

" + } + } + }, + "GetAutomatedReasoningPolicyNextScenarioRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy for which you want to get the next test scenario.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow associated with the test scenarios.

", + "location":"uri", + "locationName":"buildWorkflowId" + } + } + }, + "GetAutomatedReasoningPolicyNextScenarioResponse":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "scenario":{ + "shape":"AutomatedReasoningPolicyScenario", + "documentation":"

The next test scenario to validate, including the test expression and expected results.

" + } + } + }, + "GetAutomatedReasoningPolicyRequest":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy to retrieve. Can be either the unversioned ARN for the draft policy or an ARN for a specific policy version.

", + "location":"uri", + "locationName":"policyArn" + } + } + }, + "GetAutomatedReasoningPolicyResponse":{ + "type":"structure", + "required":[ + "policyArn", + "name", + "version", + "policyId", + "definitionHash", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The name of the policy.

" + }, + "version":{ + "shape":"AutomatedReasoningPolicyVersion", + "documentation":"

The version of the policy.

" + }, + "policyId":{ + "shape":"AutomatedReasoningPolicyId", + "documentation":"

The unique identifier of the policy.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

The description of the policy.

" + }, + "definitionHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash of the policy definition used as a concurrency token.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the automated reasoning policy and its associated artifacts. If a KMS key is not provided during the initial CreateAutomatedReasoningPolicyRequest, the kmsKeyArn won't be included in the GetAutomatedReasoningPolicyResponse.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was last updated.

" + } + } + }, + "GetAutomatedReasoningPolicyTestCaseRequest":{ + "type":"structure", + "required":[ + "policyArn", + "testCaseId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy that contains the test.

", + "location":"uri", + "locationName":"policyArn" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the test to retrieve.

", + "location":"uri", + "locationName":"testCaseId" + } + } + }, + "GetAutomatedReasoningPolicyTestCaseResponse":{ + "type":"structure", + "required":[ + "policyArn", + "testCase" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy that contains the test.

" + }, + "testCase":{ + "shape":"AutomatedReasoningPolicyTestCase", + "documentation":"

The test details including the content, query, expected result, and metadata.

" + } + } + }, + "GetAutomatedReasoningPolicyTestResultRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "testCaseId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The build workflow identifier. The build workflow must display a COMPLETED status to get results.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the test for which to retrieve results.

", + "location":"uri", + "locationName":"testCaseId" + } + } + }, + "GetAutomatedReasoningPolicyTestResultResponse":{ + "type":"structure", + "required":["testResult"], + "members":{ + "testResult":{ + "shape":"AutomatedReasoningPolicyTestResult", + "documentation":"

The test result containing validation findings, execution status, and detailed analysis.

" + } + } + }, + "GetCustomModelDeploymentRequest":{ + "type":"structure", + "required":["customModelDeploymentIdentifier"], + "members":{ + "customModelDeploymentIdentifier":{ + "shape":"CustomModelDeploymentIdentifier", + "documentation":"

The Amazon Resource Name (ARN) or name of the custom model deployment to retrieve information about.

", + "location":"uri", + "locationName":"customModelDeploymentIdentifier" + } + } + }, + "GetCustomModelDeploymentResponse":{ + "type":"structure", + "required":[ + "customModelDeploymentArn", + "modelDeploymentName", + "modelArn", + "createdAt", + "status" + ], + "members":{ + "customModelDeploymentArn":{ + "shape":"CustomModelDeploymentArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model deployment.

" + }, + "modelDeploymentName":{ + "shape":"ModelDeploymentName", + "documentation":"

The name of the custom model deployment.

" + }, + "modelArn":{ + "shape":"CustomModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the custom model associated with this deployment.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the custom model deployment was created.

" + }, + "status":{ + "shape":"CustomModelDeploymentStatus", + "documentation":"

The status of the custom model deployment. Possible values are:

  • CREATING - The deployment is being set up and prepared for inference.

  • ACTIVE - The deployment is ready and available for inference requests.

  • FAILED - The deployment failed to be created or became unavailable.

" + }, + "description":{ + "shape":"CustomModelDeploymentDescription", + "documentation":"

The description of the custom model deployment.

" + }, + "failureMessage":{ + "shape":"ErrorMessage", + "documentation":"

If the deployment status is FAILED, this field contains a message describing the failure reason.

" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the custom model deployment was last updated.

" + } + } + }, "GetCustomModelRequest":{ "type":"structure", "required":["modelIdentifier"], @@ -2767,10 +6648,6 @@ "required":[ "modelArn", "modelName", - "jobArn", - "baseModelArn", - "trainingDataConfig", - "outputDataConfig", "creationTime" ], "members":{ @@ -2788,7 +6665,7 @@ }, "jobArn":{ "shape":"ModelCustomizationJobArn", - "documentation":"

Job Amazon Resource Name (ARN) associated with this model.

" + "documentation":"

Job Amazon Resource Name (ARN) associated with this model. For models that you create with the CreateCustomModel API operation, this is NULL.

" }, "baseModelArn":{ "shape":"ModelArn", @@ -2833,6 +6710,14 @@ "customizationConfig":{ "shape":"CustomizationConfig", "documentation":"

The customization configuration for the custom model.

" + }, + "modelStatus":{ + "shape":"ModelStatus", + "documentation":"

The current status of the custom model. Possible values include:

  • Creating - The model is being created and validated.

  • Active - The model has been successfully created and is ready for use.

  • Failed - The model creation process failed. Check the failureMessage field for details.

" + }, + "failureMessage":{ + "shape":"ErrorMessage", + "documentation":"

A failure message for any issues that occurred when creating the custom model. This is included for only a failed CreateCustomModel operation.

" } } }, @@ -2920,12 +6805,62 @@ } } }, + "GetFoundationModelAvailabilityRequest":{ + "type":"structure", + "required":["modelId"], + "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

The model Id of the foundation model.

", + "location":"uri", + "locationName":"modelId" + } + } + }, + "GetFoundationModelAvailabilityResponse":{ + "type":"structure", + "required":[ + "modelId", + "agreementAvailability", + "authorizationStatus", + "entitlementAvailability", + "regionAvailability" + ], + "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

The model Id of the foundation model.

" + }, + "agreementAvailability":{ + "shape":"AgreementAvailability", + "documentation":"

Agreement availability.

" + }, + "authorizationStatus":{ + "shape":"AuthorizationStatus", + "documentation":"

Authorization status.

" + }, + "entitlementAvailability":{ + "shape":"EntitlementAvailability", + "documentation":"

Entitlement availability.

" + }, + "regionAvailability":{ + "shape":"RegionAvailability", + "documentation":"

Region availability.

" + } + } + }, + "GetFoundationModelIdentifier":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2})|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})" + }, "GetFoundationModelRequest":{ "type":"structure", "required":["modelIdentifier"], "members":{ "modelIdentifier":{ - "shape":"ModelIdentifier", + "shape":"GetFoundationModelIdentifier", "documentation":"

The model identifier.

", "location":"uri", "locationName":"modelIdentifier" @@ -3017,6 +6952,14 @@ "shape":"GuardrailContextualGroundingPolicy", "documentation":"

The contextual grounding policy used in the guardrail.

" }, + "automatedReasoningPolicy":{ + "shape":"GuardrailAutomatedReasoningPolicy", + "documentation":"

The current Automated Reasoning policy configuration for the guardrail, if any is configured.

" + }, + "crossRegionDetails":{ + "shape":"GuardrailCrossRegionDetails", + "documentation":"

Details about the system-defined guardrail profile that you're using with your guardrail, including the guardrail profile ID and Amazon Resource Name (ARN).

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The date and time at which the guardrail was created.

" @@ -3097,6 +7040,10 @@ "instructSupported":{ "shape":"InstructSupported", "documentation":"

Specifies if the imported model supports converse.

" + }, + "customModelUnits":{ + "shape":"CustomModelUnits", + "documentation":"

Information about the hardware utilization for a single copy of the model.

" } } }, @@ -3305,6 +7252,10 @@ "shape":"ModelCustomizationJobStatus", "documentation":"

The status of the job. A successful job transitions from in-progress to completed when the output model is ready to use. If the job failed, the failure message contains information about why the job failed.

" }, + "statusDetails":{ + "shape":"StatusDetails", + "documentation":"

For a Distillation job, the details about the statuses of the sub-tasks of the customization job.

" + }, "failureMessage":{ "shape":"ErrorMessage", "documentation":"

Information about why the job failed.

" @@ -3481,7 +7432,7 @@ }, "status":{ "shape":"ModelInvocationJobStatus", - "documentation":"

The status of the batch inference job.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

" + "documentation":"

The status of the batch inference job.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

" }, "message":{ "shape":"Message", @@ -3523,8 +7474,7 @@ }, "GetModelInvocationLoggingConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetModelInvocationLoggingConfigurationResponse":{ "type":"structure", @@ -3682,12 +7632,68 @@ } } }, + "GetUseCaseForModelAccessRequest":{ + "type":"structure", + "members":{} + }, + "GetUseCaseForModelAccessResponse":{ + "type":"structure", + "required":["formData"], + "members":{ + "formData":{ + "shape":"AcknowledgementFormDataBody", + "documentation":"

Get customer profile Response.

" + } + } + }, "GuardrailArn":{ "type":"string", "max":2048, "min":0, "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+" }, + "GuardrailAutomatedReasoningPolicy":{ + "type":"structure", + "required":["policies"], + "members":{ + "policies":{ + "shape":"GuardrailAutomatedReasoningPolicyPoliciesList", + "documentation":"

The list of Automated Reasoning policy ARNs that should be applied as part of this guardrail configuration.

" + }, + "confidenceThreshold":{ + "shape":"AutomatedReasoningConfidenceFilterThreshold", + "documentation":"

The minimum confidence level required for Automated Reasoning policy violations to trigger guardrail actions. Values range from 0.0 to 1.0.

" + } + }, + "documentation":"

Represents the configuration of Automated Reasoning policies within a Amazon Bedrock Guardrail, including the policies to apply and confidence thresholds.

" + }, + "GuardrailAutomatedReasoningPolicyConfig":{ + "type":"structure", + "required":["policies"], + "members":{ + "policies":{ + "shape":"GuardrailAutomatedReasoningPolicyConfigPoliciesList", + "documentation":"

The list of Automated Reasoning policy ARNs to include in the guardrail configuration.

" + }, + "confidenceThreshold":{ + "shape":"AutomatedReasoningConfidenceFilterThreshold", + "documentation":"

The confidence threshold for triggering guardrail actions based on Automated Reasoning policy violations.

" + } + }, + "documentation":"

Configuration settings for integrating Automated Reasoning policies with Amazon Bedrock Guardrails.

" + }, + "GuardrailAutomatedReasoningPolicyConfigPoliciesList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyArn"}, + "max":2, + "min":1 + }, + "GuardrailAutomatedReasoningPolicyPoliciesList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyArn"}, + "max":2, + "min":1 + }, "GuardrailBlockedMessaging":{ "type":"string", "max":500, @@ -3751,10 +7757,34 @@ "outputModalities":{ "shape":"GuardrailModalities", "documentation":"

The output modalities selected for the guardrail content filter.

" + }, + "inputAction":{ + "shape":"GuardrailContentFilterAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailContentFilterAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs.

  • Hate – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).

  • Insults – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.

  • Sexual – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.

  • Violence – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing.

Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence.

For more information, see Guardrails content filters.

This data type is used in the following API operations:

" }, + "GuardrailContentFilterAction":{ + "type":"string", + "enum":[ + "BLOCK", + "NONE" + ], + "sensitive":true + }, "GuardrailContentFilterConfig":{ "type":"structure", "required":[ @@ -3782,6 +7812,22 @@ "outputModalities":{ "shape":"GuardrailModalities", "documentation":"

The output modalities selected for the guardrail content filter configuration.

" + }, + "inputAction":{ + "shape":"GuardrailContentFilterAction", + "documentation":"

Specifies the action to take when harmful content is detected. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailContentFilterAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs.

  • Hate – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).

  • Insults – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.

  • Sexual – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.

  • Violence – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing.

Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence.

For more information, see Guardrails content filters.

" @@ -3809,12 +7855,46 @@ "max":6, "min":1 }, + "GuardrailContentFiltersTier":{ + "type":"structure", + "required":["tierName"], + "members":{ + "tierName":{ + "shape":"GuardrailContentFiltersTierName", + "documentation":"

The tier that your guardrail uses for content filters. Valid values include:

  • CLASSIC tier – Provides established guardrails functionality supporting English, French, and Spanish languages.

  • STANDARD tier – Provides a more robust solution than the CLASSIC tier and has more comprehensive language support. This tier requires that your guardrail use cross-Region inference.

" + } + }, + "documentation":"

The tier that your guardrail uses for content filters.

" + }, + "GuardrailContentFiltersTierConfig":{ + "type":"structure", + "required":["tierName"], + "members":{ + "tierName":{ + "shape":"GuardrailContentFiltersTierName", + "documentation":"

The tier that your guardrail uses for content filters. Valid values include:

  • CLASSIC tier – Provides established guardrails functionality supporting English, French, and Spanish languages.

  • STANDARD tier – Provides a more robust solution than the CLASSIC tier and has more comprehensive language support. This tier requires that your guardrail use cross-Region inference.

" + } + }, + "documentation":"

The tier that your guardrail uses for content filters. Consider using a tier that balances performance, accuracy, and compatibility with your existing generative AI workflows.

" + }, + "GuardrailContentFiltersTierName":{ + "type":"string", + "enum":[ + "CLASSIC", + "STANDARD" + ], + "sensitive":true + }, "GuardrailContentPolicy":{ "type":"structure", "members":{ "filters":{ "shape":"GuardrailContentFilters", "documentation":"

Contains the type of the content filter and how strongly it should apply to prompts and model responses.

" + }, + "tier":{ + "shape":"GuardrailContentFiltersTier", + "documentation":"

The tier that your guardrail uses for content filters.

" } }, "documentation":"

Contains details about how to handle harmful content.

This data type is used in the following API operations:

" @@ -3826,10 +7906,22 @@ "filtersConfig":{ "shape":"GuardrailContentFiltersConfig", "documentation":"

Contains the type of the content filter and how strongly it should apply to prompts and model responses.

" + }, + "tierConfig":{ + "shape":"GuardrailContentFiltersTierConfig", + "documentation":"

The tier that your guardrail uses for content filters.

" } }, "documentation":"

Contains details about how to handle harmful content.

" }, + "GuardrailContextualGroundingAction":{ + "type":"string", + "enum":[ + "BLOCK", + "NONE" + ], + "sensitive":true + }, "GuardrailContextualGroundingFilter":{ "type":"structure", "required":[ @@ -3844,6 +7936,14 @@ "threshold":{ "shape":"GuardrailContextualGroundingFilterThresholdDouble", "documentation":"

The threshold details for the guardrails contextual grounding filter.

" + }, + "action":{ + "shape":"GuardrailContextualGroundingAction", + "documentation":"

The action to take when content fails the contextual grounding evaluation. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "enabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether contextual grounding is enabled for evaluation. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The details for the guardrails contextual grounding filter.

" @@ -3862,6 +7962,14 @@ "threshold":{ "shape":"GuardrailContextualGroundingFilterConfigThresholdDouble", "documentation":"

The threshold details for the guardrails contextual grounding filter.

" + }, + "action":{ + "shape":"GuardrailContextualGroundingAction", + "documentation":"

Specifies the action to take when content fails the contextual grounding evaluation. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "enabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable contextual grounding evaluation. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The filter configuration details for the guardrails contextual grounding filter.

" @@ -3915,6 +8023,49 @@ }, "documentation":"

The policy configuration details for the guardrails contextual grounding policy.

" }, + "GuardrailCrossRegionConfig":{ + "type":"structure", + "required":["guardrailProfileIdentifier"], + "members":{ + "guardrailProfileIdentifier":{ + "shape":"GuardrailCrossRegionGuardrailProfileIdentifier", + "documentation":"

The ID or Amazon Resource Name (ARN) of the guardrail profile that your guardrail is using. Guardrail profile availability depends on your current Amazon Web Services Region. For more information, see the Amazon Bedrock User Guide.

" + } + }, + "documentation":"

The system-defined guardrail profile that you're using with your guardrail. Guardrail profiles define the destination Amazon Web Services Regions where guardrail inference requests can be automatically routed. Using guardrail profiles helps maintain guardrail performance and reliability when demand increases.

For more information, see the Amazon Bedrock User Guide.

" + }, + "GuardrailCrossRegionDetails":{ + "type":"structure", + "members":{ + "guardrailProfileId":{ + "shape":"GuardrailCrossRegionGuardrailProfileId", + "documentation":"

The ID of the guardrail profile that your guardrail is using. Profile availability depends on your current Amazon Web Services Region. For more information, see the Amazon Bedrock User Guide.

" + }, + "guardrailProfileArn":{ + "shape":"GuardrailCrossRegionGuardrailProfileArn", + "documentation":"

The Amazon Resource Name (ARN) of the guardrail profile that you're using with your guardrail.

" + } + }, + "documentation":"

Contains details about the system-defined guardrail profile that you're using with your guardrail for cross-Region inference.

For more information, see the Amazon Bedrock User Guide.

" + }, + "GuardrailCrossRegionGuardrailProfileArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail-profile/[a-z0-9-]+[.]{1}guardrail[.]{1}v[0-9:]+" + }, + "GuardrailCrossRegionGuardrailProfileId":{ + "type":"string", + "max":30, + "min":15, + "pattern":"[a-z0-9-]+[.]{1}guardrail[.]{1}v[0-9:]+" + }, + "GuardrailCrossRegionGuardrailProfileIdentifier":{ + "type":"string", + "max":2048, + "min":15, + "pattern":"[a-z0-9-]+[.]{1}guardrail[.]{1}v[0-9:]+|arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail-profile/[a-z0-9-]+[.]{1}guardrail[.]{1}v[0-9:]+" + }, "GuardrailDescription":{ "type":"string", "max":200, @@ -3975,6 +8126,22 @@ "type":{ "shape":"GuardrailManagedWordsType", "documentation":"

ManagedWords$type The managed word type that was configured for the guardrail. (For now, we only offer profanity word list)

" + }, + "inputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The managed word list that was configured for the guardrail. (This is a list of words that are pre-defined and managed by guardrails only.)

" @@ -3986,6 +8153,22 @@ "type":{ "shape":"GuardrailManagedWordsType", "documentation":"

The managed word type to configure for the guardrail.

" + }, + "inputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

Specifies the action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The managed word list to configure for the guardrail.

" @@ -4043,6 +8226,22 @@ "action":{ "shape":"GuardrailSensitiveInformationAction", "documentation":"

The configured guardrail action when PII entity is detected.

" + }, + "inputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • ANONYMIZE – Mask the content and replace it with identifier tags.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • ANONYMIZE – Mask the content and replace it with identifier tags.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The PII entity configured for the guardrail.

" @@ -4061,6 +8260,22 @@ "action":{ "shape":"GuardrailSensitiveInformationAction", "documentation":"

Configure guardrail action when the PII entity is detected.

" + }, + "inputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

Specifies the action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • ANONYMIZE – Mask the content and replace it with identifier tags.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • ANONYMIZE – Mask the content and replace it with identifier tags.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The PII entity to configure for the guardrail.

" @@ -4124,6 +8339,22 @@ "action":{ "shape":"GuardrailSensitiveInformationAction", "documentation":"

The action taken when a match to the regular expression is detected.

" + }, + "inputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The regular expression configured for the guardrail.

" @@ -4151,6 +8382,22 @@ "action":{ "shape":"GuardrailSensitiveInformationAction", "documentation":"

The guardrail action to configure when matching regular expression is detected.

" + }, + "inputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

Specifies the action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

The regular expression to configure for the guardrail.

" @@ -4199,7 +8446,8 @@ "type":"string", "enum":[ "BLOCK", - "ANONYMIZE" + "ANONYMIZE", + "NONE" ] }, "GuardrailSensitiveInformationPolicy":{ @@ -4302,6 +8550,10 @@ "updatedAt":{ "shape":"Timestamp", "documentation":"

The date and time at which the guardrail was last updated.

" + }, + "crossRegionDetails":{ + "shape":"GuardrailCrossRegionDetails", + "documentation":"

Details about the system-defined guardrail profile that you're using with your guardrail, including the guardrail profile ID and Amazon Resource Name (ARN).

" } }, "documentation":"

Contains details about a guardrail.

This data type is used in the following API operations:

" @@ -4328,10 +8580,34 @@ "type":{ "shape":"GuardrailTopicType", "documentation":"

Specifies to deny the topic.

" + }, + "inputAction":{ + "shape":"GuardrailTopicAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailTopicAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

Details about topics for the guardrail to identify and deny.

This data type is used in the following API operations:

" }, + "GuardrailTopicAction":{ + "type":"string", + "enum":[ + "BLOCK", + "NONE" + ], + "sensitive":true + }, "GuardrailTopicConfig":{ "type":"structure", "required":[ @@ -4355,6 +8631,22 @@ "type":{ "shape":"GuardrailTopicType", "documentation":"

Specifies to deny the topic.

" + }, + "inputAction":{ + "shape":"GuardrailTopicAction", + "documentation":"

Specifies the action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailTopicAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

Details about topics for the guardrail to identify and deny.

" @@ -4391,6 +8683,10 @@ "topics":{ "shape":"GuardrailTopics", "documentation":"

A list of policies related to topics that the guardrail should deny.

" + }, + "tier":{ + "shape":"GuardrailTopicsTier", + "documentation":"

The tier that your guardrail uses for denied topic filters.

" } }, "documentation":"

Contains details about topics that the guardrail should identify and deny.

This data type is used in the following API operations:

" @@ -4402,6 +8698,10 @@ "topicsConfig":{ "shape":"GuardrailTopicsConfig", "documentation":"

A list of policies related to topics that the guardrail should deny.

" + }, + "tierConfig":{ + "shape":"GuardrailTopicsTierConfig", + "documentation":"

The tier that your guardrail uses for denied topic filters.

" } }, "documentation":"

Contains details about topics that the guardrail should identify and deny.

" @@ -4422,6 +8722,36 @@ "max":30, "min":1 }, + "GuardrailTopicsTier":{ + "type":"structure", + "required":["tierName"], + "members":{ + "tierName":{ + "shape":"GuardrailTopicsTierName", + "documentation":"

The tier that your guardrail uses for denied topic filters. Valid values include:

  • CLASSIC tier – Provides established guardrails functionality supporting English, French, and Spanish languages.

  • STANDARD tier – Provides a more robust solution than the CLASSIC tier and has more comprehensive language support. This tier requires that your guardrail use cross-Region inference.

" + } + }, + "documentation":"

The tier that your guardrail uses for denied topic filters.

" + }, + "GuardrailTopicsTierConfig":{ + "type":"structure", + "required":["tierName"], + "members":{ + "tierName":{ + "shape":"GuardrailTopicsTierName", + "documentation":"

The tier that your guardrail uses for denied topic filters. Valid values include:

  • CLASSIC tier – Provides established guardrails functionality supporting English, French, and Spanish languages.

  • STANDARD tier – Provides a more robust solution than the CLASSIC tier and has more comprehensive language support. This tier requires that your guardrail use cross-Region inference.

" + } + }, + "documentation":"

The tier that your guardrail uses for denied topic filters. Consider using a tier that balances performance, accuracy, and compatibility with your existing generative AI workflows.

" + }, + "GuardrailTopicsTierName":{ + "type":"string", + "enum":[ + "CLASSIC", + "STANDARD" + ], + "sensitive":true + }, "GuardrailVersion":{ "type":"string", "pattern":"(([1-9][0-9]{0,7})|(DRAFT))" @@ -4433,10 +8763,34 @@ "text":{ "shape":"GuardrailWordTextString", "documentation":"

Text of the word configured for the guardrail to block.

" + }, + "inputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

The action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

The action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether guardrail evaluation is enabled on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

A word configured for the guardrail.

" }, + "GuardrailWordAction":{ + "type":"string", + "enum":[ + "BLOCK", + "NONE" + ], + "sensitive":true + }, "GuardrailWordConfig":{ "type":"structure", "required":["text"], @@ -4444,6 +8798,22 @@ "text":{ "shape":"GuardrailWordConfigTextString", "documentation":"

Text of the word configured for the guardrail to block.

" + }, + "inputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

Specifies the action to take when harmful content is detected in the input. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "outputAction":{ + "shape":"GuardrailWordAction", + "documentation":"

Specifies the action to take when harmful content is detected in the output. Supported values include:

  • BLOCK – Block the content and replace it with blocked messaging.

  • NONE – Take no action but return detection information in the trace response.

" + }, + "inputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the intput. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" + }, + "outputEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.

" } }, "documentation":"

A word to configure for the guardrail.

" @@ -4571,7 +8941,7 @@ "type":"string", "max":256, "min":1, - "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "pattern":"[a-zA-Z0-9]([-a-zA-Z0-9]{0,254}[a-zA-Z0-9])?" }, "Identifier":{ "type":"string", @@ -4579,6 +8949,24 @@ "min":1, "sensitive":true }, + "ImplicitFilterConfiguration":{ + "type":"structure", + "required":[ + "metadataAttributes", + "modelArn" + ], + "members":{ + "metadataAttributes":{ + "shape":"MetadataAttributeSchemaList", + "documentation":"

A list of metadata attribute schemas that define the structure and properties of metadata fields used for implicit filtering. Each attribute defines a key, type, and optional description.

" + }, + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the foundation model used for implicit filtering. This model processes the query to extract relevant filtering criteria.

" + } + }, + "documentation":"

Configuration for implicit filtering in Knowledge Base vector searches. Implicit filtering allows you to automatically filter search results based on metadata attributes without requiring explicit filter expressions in each query.

" + }, "ImportedModelArn":{ "type":"string", "max":1011, @@ -4836,6 +9224,17 @@ "min":1, "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9\\+\\-\\.])*" }, + "JobStatusDetails":{ + "type":"string", + "enum":[ + "InProgress", + "Completed", + "Stopping", + "Stopped", + "Failed", + "NotStarted" + ] + }, "KbInferenceConfig":{ "type":"structure", "members":{ @@ -4939,6 +9338,14 @@ "filter":{ "shape":"RetrievalFilter", "documentation":"

Specifies the filters to use on the metadata fields in the knowledge base data sources before returning results.

" + }, + "implicitFilterConfiguration":{ + "shape":"ImplicitFilterConfiguration", + "documentation":"

Configuration for implicit filtering in Knowledge Base vector searches. This allows the system to automatically apply filters based on the query context without requiring explicit filter expressions.

" + }, + "rerankingConfiguration":{ + "shape":"VectorSearchRerankingConfiguration", + "documentation":"

Configuration for reranking search results in Knowledge Base vector searches. Reranking improves search relevance by reordering initial vector search results using more sophisticated relevance models.

" } }, "documentation":"

The configuration details for returning the results from the knowledge base vector search.

" @@ -4949,6 +9356,248 @@ "max":100, "min":1 }, + "LegalTerm":{ + "type":"structure", + "members":{ + "url":{ + "shape":"String", + "documentation":"

URL to the legal term document.

" + } + }, + "documentation":"

The legal term of the agreement.

" + }, + "ListAutomatedReasoningPoliciesRequest":{ + "type":"structure", + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

Optional filter to list only the policy versions with the specified Amazon Resource Name (ARN). If not provided, the DRAFT versions for all policies are listed.

", + "location":"querystring", + "locationName":"policyArn" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token from a previous request to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of policies to return in a single call.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAutomatedReasoningPoliciesResponse":{ + "type":"structure", + "required":["automatedReasoningPolicySummaries"], + "members":{ + "automatedReasoningPolicySummaries":{ + "shape":"AutomatedReasoningPolicySummaries", + "documentation":"

A list of Automated Reasoning policy summaries.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token to use in a subsequent request to retrieve the next page of results.

" + } + } + }, + "ListAutomatedReasoningPolicyBuildWorkflowsRequest":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose build workflows you want to list.

", + "location":"uri", + "locationName":"policyArn" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A pagination token from a previous request to continue listing build workflows from where the previous request left off.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of build workflows to return in a single response. Valid range is 1-100.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAutomatedReasoningPolicyBuildWorkflowsResponse":{ + "type":"structure", + "required":["automatedReasoningPolicyBuildWorkflowSummaries"], + "members":{ + "automatedReasoningPolicyBuildWorkflowSummaries":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowSummaries", + "documentation":"

A list of build workflow summaries, each containing key information about a build workflow including its status and timestamps.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A pagination token to use in subsequent requests to retrieve additional build workflows.

" + } + } + }, + "ListAutomatedReasoningPolicyTestCasesRequest":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy for which to list tests.

", + "location":"uri", + "locationName":"policyArn" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token from a previous request to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of tests to return in a single call.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAutomatedReasoningPolicyTestCasesResponse":{ + "type":"structure", + "required":["testCases"], + "members":{ + "testCases":{ + "shape":"AutomatedReasoningPolicyTestCaseList", + "documentation":"

A list of tests for the specified policy.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token to use in a subsequent request to retrieve the next page of results.

" + } + } + }, + "ListAutomatedReasoningPolicyTestResultsRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose test results you want to list.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow whose test results you want to list.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A pagination token from a previous request to continue listing test results from where the previous request left off.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of test results to return in a single response. Valid range is 1-100.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAutomatedReasoningPolicyTestResultsResponse":{ + "type":"structure", + "required":["testResults"], + "members":{ + "testResults":{ + "shape":"AutomatedReasoningPolicyTestList", + "documentation":"

A list of test results, each containing information about how the policy performed on specific test scenarios.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A pagination token to use in subsequent requests to retrieve additional test results.

" + } + } + }, + "ListCustomModelDeploymentsRequest":{ + "type":"structure", + "members":{ + "createdBefore":{ + "shape":"Timestamp", + "documentation":"

Filters deployments created before the specified date and time.

", + "location":"querystring", + "locationName":"createdBefore" + }, + "createdAfter":{ + "shape":"Timestamp", + "documentation":"

Filters deployments created after the specified date and time.

", + "location":"querystring", + "locationName":"createdAfter" + }, + "nameContains":{ + "shape":"ModelDeploymentName", + "documentation":"

Filters deployments whose names contain the specified string.

", + "location":"querystring", + "locationName":"nameContains" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use this token to retrieve additional results when the response is truncated.

", + "location":"querystring", + "locationName":"nextToken" + }, + "sortBy":{ + "shape":"SortModelsBy", + "documentation":"

The field to sort the results by. The only supported value is CreationTime.

", + "location":"querystring", + "locationName":"sortBy" + }, + "sortOrder":{ + "shape":"SortOrder", + "documentation":"

The sort order for the results. Valid values are Ascending and Descending. Default is Descending.

", + "location":"querystring", + "locationName":"sortOrder" + }, + "statusEquals":{ + "shape":"CustomModelDeploymentStatus", + "documentation":"

Filters deployments by status. Valid values are CREATING, ACTIVE, and FAILED.

", + "location":"querystring", + "locationName":"statusEquals" + }, + "modelArnEquals":{ + "shape":"CustomModelArn", + "documentation":"

Filters deployments by the Amazon Resource Name (ARN) of the associated custom model.

", + "location":"querystring", + "locationName":"modelArnEquals" + } + } + }, + "ListCustomModelDeploymentsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. This value is null when there are no more results to return.

" + }, + "modelDeploymentSummaries":{ + "shape":"CustomModelDeploymentSummaryList", + "documentation":"

A list of custom model deployment summaries.

" + } + } + }, "ListCustomModelsRequest":{ "type":"structure", "members":{ @@ -5011,6 +9660,12 @@ "documentation":"

Return custom models depending on if the current account owns them (true) or if they were shared with the current account (false).

", "location":"querystring", "locationName":"isOwned" + }, + "modelStatus":{ + "shape":"ModelStatus", + "documentation":"

The status of them model to filter results by. Possible values include:

  • Creating - Include only models that are currently being created and validated.

  • Active - Include only models that have been successfully created and are ready for use.

  • Failed - Include only models where the creation process failed.

If you don't specify a status, the API returns models in all states.

", + "location":"querystring", + "locationName":"modelStatus" } } }, @@ -5099,6 +9754,41 @@ } } }, + "ListFoundationModelAgreementOffersRequest":{ + "type":"structure", + "required":["modelId"], + "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

Model Id of the foundation model.

", + "location":"uri", + "locationName":"modelId" + }, + "offerType":{ + "shape":"OfferType", + "documentation":"

Type of offer associated with the model.

", + "location":"querystring", + "locationName":"offerType" + } + } + }, + "ListFoundationModelAgreementOffersResponse":{ + "type":"structure", + "required":[ + "modelId", + "offers" + ], + "members":{ + "modelId":{ + "shape":"BedrockModelId", + "documentation":"

Model Id of the foundation model.

" + }, + "offers":{ + "shape":"Offers", + "documentation":"

List of the offers associated with the specified model.

" + } + } + }, "ListFoundationModelsRequest":{ "type":"structure", "members":{ @@ -5533,7 +10223,7 @@ }, "statusEquals":{ "shape":"ModelInvocationJobStatus", - "documentation":"

Specify a status to filter for batch inference jobs whose statuses match the string you specify.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

", + "documentation":"

Specify a status to filter for batch inference jobs whose statuses match the string you specify.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

", "location":"querystring", "locationName":"statusEquals" }, @@ -5596,6 +10286,12 @@ "documentation":"

Specify the pagination token from a previous request to retrieve the next page of results.

", "location":"querystring", "locationName":"nextToken" + }, + "type":{ + "shape":"PromptRouterType", + "documentation":"

The type of the prompt routers, such as whether it's default or custom.

", + "location":"querystring", + "locationName":"type" } } }, @@ -5848,16 +10544,80 @@ "min":0, "sensitive":true }, + "MetadataAttributeSchema":{ + "type":"structure", + "required":[ + "key", + "type", + "description" + ], + "members":{ + "key":{ + "shape":"MetadataAttributeSchemaKeyString", + "documentation":"

The unique identifier for the metadata attribute. This key is used to reference the attribute in filter expressions and reranking configurations.

" + }, + "type":{ + "shape":"AttributeType", + "documentation":"

The data type of the metadata attribute. The type determines how the attribute can be used in filter expressions and reranking.

" + }, + "description":{ + "shape":"MetadataAttributeSchemaDescriptionString", + "documentation":"

An optional description of the metadata attribute that provides additional context about its purpose and usage.

" + } + }, + "documentation":"

Defines the schema for a metadata attribute used in Knowledge Base vector searches. Metadata attributes provide additional context for documents and can be used for filtering and reranking search results.

", + "sensitive":true + }, + "MetadataAttributeSchemaDescriptionString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[\\s\\S]+" + }, + "MetadataAttributeSchemaKeyString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\s\\S]+" + }, + "MetadataAttributeSchemaList":{ + "type":"list", + "member":{"shape":"MetadataAttributeSchema"}, + "max":25, + "min":1 + }, + "MetadataConfigurationForReranking":{ + "type":"structure", + "required":["selectionMode"], + "members":{ + "selectionMode":{ + "shape":"RerankingMetadataSelectionMode", + "documentation":"

The mode for selecting which metadata fields to include in the reranking process. Valid values are ALL (use all available metadata fields) or SELECTIVE (use only specified fields).

" + }, + "selectiveModeConfiguration":{ + "shape":"RerankingMetadataSelectiveModeConfiguration", + "documentation":"

Configuration for selective mode, which allows you to explicitly include or exclude specific metadata fields during reranking. This is only used when selectionMode is set to SELECTIVE.

" + } + }, + "documentation":"

Configuration for how metadata should be used during the reranking process in Knowledge Base vector searches. This determines which metadata fields are included or excluded when reordering search results.

" + }, "MetricFloat":{ "type":"float", "box":true }, + "MetricName":{ + "type":"string", + "max":63, + "min":1, + "pattern":"[0-9a-zA-Z-_.]+", + "sensitive":true + }, "ModelArchitecture":{"type":"string"}, "ModelArn":{ "type":"string", "max":1011, "min":20, - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}))" + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/((imported)|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}))" }, "ModelCopyJobArn":{ "type":"string", @@ -6000,6 +10760,10 @@ "shape":"ModelCustomizationJobStatus", "documentation":"

Status of the customization job.

" }, + "statusDetails":{ + "shape":"StatusDetails", + "documentation":"

Details about the status of the data processing sub-task of the job.

" + }, "lastModifiedTime":{ "shape":"Timestamp", "documentation":"

Time that the customization job was last modified.

" @@ -6036,23 +10800,29 @@ "members":{ "s3DataSource":{ "shape":"S3DataSource", - "documentation":"

The Amazon S3 data source of the imported model.

" + "documentation":"

The Amazon S3 data source of the model to import.

" } }, - "documentation":"

Data source for the imported model.

", + "documentation":"

The data source of the model to import.

", "union":true }, + "ModelDeploymentName":{ + "type":"string", + "max":63, + "min":1, + "pattern":"([0-9a-zA-Z][_-]?){1,63}" + }, "ModelId":{ "type":"string", "max":2048, "min":1, - "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-:]{1,63}/[a-z0-9]{12}$)|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}$)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(([0-9a-zA-Z][_-]?)+)" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-:]{1,63}/[a-z0-9]{12}$)|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(([0-9a-zA-Z][_-]?)+)$)|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(([0-9a-zA-Z][_-]?)+)" }, "ModelIdentifier":{ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)" + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/((imported)|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)" }, "ModelImportJobArn":{ "type":"string", @@ -6259,7 +11029,7 @@ }, "status":{ "shape":"ModelInvocationJobStatus", - "documentation":"

The status of the batch inference job.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

" + "documentation":"

The status of the batch inference job.

The following statuses are possible:

  • Submitted – This job has been submitted to a queue for validation.

  • Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:

    • Your IAM service role has access to the Amazon S3 buckets containing your files.

    • Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.

    • Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.

  • Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.

  • Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.

  • InProgress – This job has begun. You can start viewing the results in the output S3 location.

  • Completed – This job has successfully completed. View the output files in the output S3 location.

  • PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.

  • Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.

  • Stopped – This job was stopped by a user.

  • Stopping – This job is being stopped by a user.

" }, "message":{ "shape":"Message", @@ -6330,10 +11100,53 @@ "min":0, "pattern":".*arn:aws:sagemaker:.*:hub-content/SageMakerPublicHub/Model/.*" }, + "ModelStatus":{ + "type":"string", + "enum":[ + "Active", + "Creating", + "Failed" + ] + }, "NonBlankString":{ "type":"string", "pattern":"[\\s\\S]*" }, + "Offer":{ + "type":"structure", + "required":[ + "offerToken", + "termDetails" + ], + "members":{ + "offerId":{ + "shape":"OfferId", + "documentation":"

Offer Id for a model offer.

" + }, + "offerToken":{ + "shape":"OfferToken", + "documentation":"

Offer token.

" + }, + "termDetails":{ + "shape":"TermDetails", + "documentation":"

Details about the terms of the offer.

" + } + }, + "documentation":"

An offer dictates usage terms for the model.

" + }, + "OfferId":{"type":"string"}, + "OfferToken":{"type":"string"}, + "OfferType":{ + "type":"string", + "enum":[ + "ALL", + "PUBLIC" + ] + }, + "Offers":{ + "type":"list", + "member":{"shape":"Offer"} + }, "OrchestrationConfiguration":{ "type":"structure", "required":["queryTransformationConfiguration"], @@ -6384,6 +11197,17 @@ "box":true, "min":1 }, + "PricingTerm":{ + "type":"structure", + "required":["rateCard"], + "members":{ + "rateCard":{ + "shape":"RateCard", + "documentation":"

Describes a usage price for each dimension.

" + } + }, + "documentation":"

Describes the usage-based pricing term.

" + }, "PromptRouterArn":{ "type":"string", "max":2048, @@ -6468,6 +11292,7 @@ }, "PromptRouterTargetModel":{ "type":"structure", + "required":["modelArn"], "members":{ "modelArn":{ "shape":"PromptRouterTargetModelArn", @@ -6480,7 +11305,7 @@ "type":"string", "max":2048, "min":1, - "pattern":".*(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2})|(^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):inference-profile/[a-zA-Z0-9-:.]+)" + "pattern":".*(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2})|(^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{0,20}):(|[0-9]{12}):(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)" }, "PromptRouterTargetModels":{ "type":"list", @@ -6612,9 +11437,22 @@ }, "PutModelInvocationLoggingConfigurationResponse":{ "type":"structure", + "members":{} + }, + "PutUseCaseForModelAccessRequest":{ + "type":"structure", + "required":["formData"], "members":{ + "formData":{ + "shape":"AcknowledgementFormDataBody", + "documentation":"

Put customer profile Request.

" + } } }, + "PutUseCaseForModelAccessResponse":{ + "type":"structure", + "members":{} + }, "QueryTransformationConfiguration":{ "type":"structure", "required":["type"], @@ -6636,17 +11474,15 @@ "knowledgeBaseConfig":{ "shape":"KnowledgeBaseConfig", "documentation":"

Contains configuration details for knowledge base retrieval and response generation.

" + }, + "precomputedRagSourceConfig":{ + "shape":"EvaluationPrecomputedRagSourceConfig", + "documentation":"

Contains configuration details about the RAG source used to generate inference response data for a Knowledge Base evaluation job.

" } }, "documentation":"

Contains configuration details for retrieval of information and response generation.

", "union":true }, - "RAGIdentifiers":{ - "type":"list", - "member":{"shape":"KnowledgeBaseId"}, - "max":1, - "min":0 - }, "RAGStopSequences":{ "type":"list", "member":{"shape":"RAGStopSequencesMemberString"}, @@ -6664,6 +11500,66 @@ "max":1, "min":1 }, + "RateCard":{ + "type":"list", + "member":{"shape":"DimensionalPriceRate"} + }, + "RatingScale":{ + "type":"list", + "member":{"shape":"RatingScaleItem"}, + "max":10, + "min":1 + }, + "RatingScaleItem":{ + "type":"structure", + "required":[ + "definition", + "value" + ], + "members":{ + "definition":{ + "shape":"RatingScaleItemDefinition", + "documentation":"

Defines the definition for one rating in a custom metric rating scale.

" + }, + "value":{ + "shape":"RatingScaleItemValue", + "documentation":"

Defines the value for one rating in a custom metric rating scale.

" + } + }, + "documentation":"

Defines the value and corresponding definition for one rating in a custom metric rating scale.

" + }, + "RatingScaleItemDefinition":{ + "type":"string", + "max":100, + "min":1 + }, + "RatingScaleItemValue":{ + "type":"structure", + "members":{ + "stringValue":{ + "shape":"RatingScaleItemValueStringValueString", + "documentation":"

A string representing the value for a rating in a custom metric rating scale.

" + }, + "floatValue":{ + "shape":"Float", + "documentation":"

A floating point number representing the value for a rating in a custom metric rating scale.

" + } + }, + "documentation":"

Defines the value for one rating in a custom metric rating scale.

", + "union":true + }, + "RatingScaleItemValueStringValueString":{ + "type":"string", + "max":100, + "min":1 + }, + "RegionAvailability":{ + "type":"string", + "enum":[ + "AVAILABLE", + "NOT_AVAILABLE" + ] + }, "RegisterMarketplaceModelEndpointRequest":{ "type":"structure", "required":[ @@ -6756,6 +11652,40 @@ "min":0, "pattern":"[a-zA-Z0-9\\s._:/=+$@-]{0,256}" }, + "RerankingMetadataSelectionMode":{ + "type":"string", + "enum":[ + "SELECTIVE", + "ALL" + ] + }, + "RerankingMetadataSelectiveModeConfiguration":{ + "type":"structure", + "members":{ + "fieldsToInclude":{ + "shape":"FieldsForReranking", + "documentation":"

A list of metadata field names to explicitly include in the reranking process. Only these fields will be considered when reordering search results. This parameter cannot be used together with fieldsToExclude.

" + }, + "fieldsToExclude":{ + "shape":"FieldsForReranking", + "documentation":"

A list of metadata field names to explicitly exclude from the reranking process. All metadata fields except these will be considered when reordering search results. This parameter cannot be used together with fieldsToInclude.

" + } + }, + "documentation":"

Configuration for selectively including or excluding metadata fields during the reranking process. This allows you to control which metadata attributes are considered when reordering search results.

", + "union":true + }, + "ResourceInUseException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

Thrown when attempting to delete or modify a resource that is currently being used by other resources or operations. For example, trying to delete an Automated Reasoning policy that is referenced by an active guardrail.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -6879,7 +11809,6 @@ }, "RoleArn":{ "type":"string", - "documentation":"

ARN of a IAM role

", "max":2048, "min":0, "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" @@ -6898,7 +11827,7 @@ "RoutingCriteriaResponseQualityDifferenceDouble":{ "type":"double", "box":true, - "max":1, + "max":100, "min":0 }, "S3Config":{ @@ -6925,7 +11854,7 @@ "documentation":"

The URI of the Amazon S3 data source.

" } }, - "documentation":"

The Amazon S3 data source of the imported job.

" + "documentation":"

The Amazon S3 data source of the model to import.

" }, "S3InputFormat":{ "type":"string", @@ -6946,7 +11875,7 @@ "type":"string", "max":1024, "min":1, - "pattern":"s3://[a-z0-9][-.a-z0-9]{1,61}(?:/[-!_*'().a-z0-9A-Z]+(?:/[-!_*'().a-z0-9A-Z]+)*)?/?" + "pattern":"s3://[a-z0-9][-.a-z0-9]{1,61}[a-z0-9](?:/[-!_*'().a-z0-9A-Z]+(?:/[-!_*'().a-z0-9A-Z]+)*)?/?" }, "SageMakerEndpoint":{ "type":"structure", @@ -7045,6 +11974,97 @@ "Descending" ] }, + "StartAutomatedReasoningPolicyBuildWorkflowRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowType", + "sourceContent" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy for which to start the build workflow.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowType":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowType", + "documentation":"

The type of build workflow to start (e.g., DOCUMENT_INGESTION for processing new documents, POLICY_REPAIR for fixing existing policies).

", + "location":"uri", + "locationName":"buildWorkflowType" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than once. If this token matches a previous request, Amazon Bedrock ignores the request but doesn't return an error.

", + "idempotencyToken":true, + "location":"header", + "locationName":"x-amz-client-token" + }, + "sourceContent":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowSource", + "documentation":"

The source content for the build workflow, such as documents to analyze or repair instructions for existing policies.

" + } + }, + "payload":"sourceContent" + }, + "StartAutomatedReasoningPolicyBuildWorkflowResponse":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the newly started build workflow. Use this ID to track the workflow's progress and retrieve its results.

" + } + } + }, + "StartAutomatedReasoningPolicyTestWorkflowRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy to test.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The build workflow identifier. The build workflow must show a COMPLETED status before running tests.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "testCaseIds":{ + "shape":"AutomatedReasoningPolicyTestCaseIdList", + "documentation":"

The list of test identifiers to run. If not provided, all tests for the policy are run.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but doesn't return an error.

", + "idempotencyToken":true + } + } + }, + "StartAutomatedReasoningPolicyTestWorkflowResponse":{ + "type":"structure", + "required":["policyArn"], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy for which the test workflow was started.

" + } + } + }, "Status":{ "type":"string", "enum":[ @@ -7052,6 +12072,24 @@ "INCOMPATIBLE_ENDPOINT" ] }, + "StatusDetails":{ + "type":"structure", + "members":{ + "validationDetails":{ + "shape":"ValidationDetails", + "documentation":"

The status details for the validation sub-task of the job.

" + }, + "dataProcessingDetails":{ + "shape":"DataProcessingDetails", + "documentation":"

The status details for the data processing sub-task of the job.

" + }, + "trainingDetails":{ + "shape":"TrainingDetails", + "documentation":"

The status details for the training sub-task of the job.

" + } + }, + "documentation":"

For a Distillation job, the status details for sub-tasks of the job. Possible statuses for each sub-task include the following:

  • NotStarted

  • InProgress

  • Completed

  • Stopping

  • Stopped

  • Failed

" + }, "StopEvaluationJobRequest":{ "type":"structure", "required":["jobIdentifier"], @@ -7066,8 +12104,7 @@ }, "StopEvaluationJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopModelCustomizationJobRequest":{ "type":"structure", @@ -7083,8 +12120,7 @@ }, "StopModelCustomizationJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopModelInvocationJobRequest":{ "type":"structure", @@ -7100,8 +12136,7 @@ }, "StopModelInvocationJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{"type":"string"}, "SubnetId":{ @@ -7116,6 +12151,16 @@ "max":16, "min":1 }, + "SupportTerm":{ + "type":"structure", + "members":{ + "refundPolicyDescription":{ + "shape":"String", + "documentation":"

Describes the refund policy.

" + } + }, + "documentation":"

Describes a support term.

" + }, "Tag":{ "type":"structure", "required":[ @@ -7171,8 +12216,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7184,7 +12228,7 @@ "type":"string", "max":1011, "min":20, - "pattern":".*(^[a-zA-Z0-9][a-zA-Z0-9\\-]*$)|(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:([0-9]{12}|)((:(fine-tuning-job|model-customization-job|custom-model)/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12})$)|(:guardrail/[a-z0-9]+$)|(:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$)|(:(provisioned-model|model-invocation-job|model-evaluation-job|evaluation-job|model-import-job|imported-model|async-invoke)/[a-z0-9]{12}$))).*" + "pattern":".*(^[a-zA-Z0-9][a-zA-Z0-9\\-]*$)|(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:custom-model/(imported)/[a-z0-9]{12}$)|(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:([0-9]{12}|)((:(fine-tuning-job|model-customization-job|custom-model)/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}(/[a-z0-9]{12})$)|(:guardrail/[a-z0-9]+$)|(:automated-reasoning-policy/[a-zA-Z0-9]+(:[a-zA-Z0-9]+)?$)|(:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+$)|(:(provisioned-model|model-invocation-job|model-evaluation-job|evaluation-job|model-import-job|imported-model|async-invoke|provisioned-model-v2|provisioned-model-reservation|prompt-router|custom-model-deployment)/[a-z0-9]{12}$))).*" }, "TeacherModelConfig":{ "type":"structure", @@ -7203,7 +12247,7 @@ }, "TeacherModelIdentifier":{ "type":"string", - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/[a-z0-9-]{1,63}[.]{1}([a-z0-9-]{1,63}[.]){0,2}[a-z0-9-]{1,63}([:][a-z0-9-]{1,63}){0,2}|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(([0-9a-zA-Z][_-]?)+)" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:((:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})|(([0-9a-zA-Z][_-]?)+)$)|([0-9]{12}:inference-profile/[a-zA-Z0-9-:.]+$)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})" }, "Temperature":{ "type":"float", @@ -7211,6 +12255,30 @@ "max":1, "min":0 }, + "TermDetails":{ + "type":"structure", + "required":[ + "usageBasedPricingTerm", + "legalTerm", + "supportTerm" + ], + "members":{ + "usageBasedPricingTerm":{"shape":"PricingTerm"}, + "legalTerm":{ + "shape":"LegalTerm", + "documentation":"

Describes the legal terms.

" + }, + "supportTerm":{ + "shape":"SupportTerm", + "documentation":"

Describes the support terms.

" + }, + "validityTerm":{ + "shape":"ValidityTerm", + "documentation":"

Describes the validity terms.

" + } + }, + "documentation":"

Describes the usage terms of an offer.

" + }, "TextInferenceConfig":{ "type":"structure", "members":{ @@ -7291,6 +12359,24 @@ }, "documentation":"

S3 Location of the training data.

" }, + "TrainingDetails":{ + "type":"structure", + "members":{ + "status":{ + "shape":"JobStatusDetails", + "documentation":"

The status of the training sub-task of the job.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The start time of the training sub-task of the job.

" + }, + "lastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

The latest update to the training sub-task of the job.

" + } + }, + "documentation":"

For a Distillation job, the status details for the training sub-task of the job.

" + }, "TrainingMetrics":{ "type":"structure", "members":{ @@ -7320,7 +12406,184 @@ }, "UntagResourceResponse":{ "type":"structure", + "members":{} + }, + "UpdateAutomatedReasoningPolicyAnnotationsRequest":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "annotations", + "lastUpdatedAnnotationSetHash" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy whose annotations you want to update.

", + "location":"uri", + "locationName":"policyArn" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow whose annotations you want to update.

", + "location":"uri", + "locationName":"buildWorkflowId" + }, + "annotations":{ + "shape":"AutomatedReasoningPolicyAnnotationList", + "documentation":"

The updated annotations containing modified rules, variables, and types for the policy.

" + }, + "lastUpdatedAnnotationSetHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash value of the annotation set that you're updating. This is used for optimistic concurrency control to prevent conflicting updates.

" + } + } + }, + "UpdateAutomatedReasoningPolicyAnnotationsResponse":{ + "type":"structure", + "required":[ + "policyArn", + "buildWorkflowId", + "annotationSetHash", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy.

" + }, + "buildWorkflowId":{ + "shape":"AutomatedReasoningPolicyBuildWorkflowId", + "documentation":"

The unique identifier of the build workflow.

" + }, + "annotationSetHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The new hash value representing the updated state of the annotations.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the annotations were updated.

" + } + } + }, + "UpdateAutomatedReasoningPolicyRequest":{ + "type":"structure", + "required":[ + "policyArn", + "policyDefinition" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy to update. This must be the ARN of a draft policy.

", + "location":"uri", + "locationName":"policyArn" + }, + "policyDefinition":{ + "shape":"AutomatedReasoningPolicyDefinition", + "documentation":"

The updated policy definition containing the formal logic rules, variables, and types.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The updated name for the Automated Reasoning policy.

" + }, + "description":{ + "shape":"AutomatedReasoningPolicyDescription", + "documentation":"

The updated description for the Automated Reasoning policy.

" + } + } + }, + "UpdateAutomatedReasoningPolicyResponse":{ + "type":"structure", + "required":[ + "policyArn", + "name", + "definitionHash", + "updatedAt" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the updated policy.

" + }, + "name":{ + "shape":"AutomatedReasoningPolicyName", + "documentation":"

The updated name of the policy.

" + }, + "definitionHash":{ + "shape":"AutomatedReasoningPolicyHash", + "documentation":"

The hash of the updated policy definition.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the policy was last updated.

" + } + } + }, + "UpdateAutomatedReasoningPolicyTestCaseRequest":{ + "type":"structure", + "required":[ + "policyArn", + "testCaseId", + "guardContent", + "lastUpdatedAt", + "expectedAggregatedFindingsResult" + ], "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Automated Reasoning policy that contains the test.

", + "location":"uri", + "locationName":"policyArn" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the test to update.

", + "location":"uri", + "locationName":"testCaseId" + }, + "guardContent":{ + "shape":"AutomatedReasoningPolicyTestGuardContent", + "documentation":"

The updated content to be validated by the Automated Reasoning policy.

" + }, + "queryContent":{ + "shape":"AutomatedReasoningPolicyTestQueryContent", + "documentation":"

The updated input query or prompt that generated the content.

" + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the test was last updated. This is used as a concurrency token to prevent conflicting modifications.

" + }, + "expectedAggregatedFindingsResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"

The updated expected result of the Automated Reasoning check.

" + }, + "confidenceThreshold":{ + "shape":"AutomatedReasoningCheckTranslationConfidence", + "documentation":"

The updated minimum confidence level for logic validation. If null is provided, the threshold will be removed.

" + }, + "clientRequestToken":{ + "shape":"IdempotencyToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + } + } + }, + "UpdateAutomatedReasoningPolicyTestCaseResponse":{ + "type":"structure", + "required":[ + "policyArn", + "testCaseId" + ], + "members":{ + "policyArn":{ + "shape":"AutomatedReasoningPolicyArn", + "documentation":"

The Amazon Resource Name (ARN) of the policy that contains the updated test.

" + }, + "testCaseId":{ + "shape":"AutomatedReasoningPolicyTestCaseId", + "documentation":"

The unique identifier of the updated test.

" + } } }, "UpdateGuardrailRequest":{ @@ -7366,6 +12629,14 @@ "shape":"GuardrailContextualGroundingPolicyConfig", "documentation":"

The contextual grounding policy configuration used to update a guardrail.

" }, + "automatedReasoningPolicyConfig":{ + "shape":"GuardrailAutomatedReasoningPolicyConfig", + "documentation":"

Updated configuration for Automated Reasoning policies associated with the guardrail.

" + }, + "crossRegionConfig":{ + "shape":"GuardrailCrossRegionConfig", + "documentation":"

The system-defined guardrail profile that you're using with your guardrail. Guardrail profiles define the destination Amazon Web Services Regions where guardrail inference requests can be automatically routed.

For more information, see the Amazon Bedrock User Guide.

" + }, "blockedInputMessaging":{ "shape":"GuardrailBlockedMessaging", "documentation":"

The message to return when the guardrail blocks a prompt.

" @@ -7463,8 +12734,7 @@ }, "UpdateProvisionedModelThroughputResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UsePromptResponse":{"type":"boolean"}, "ValidationDataConfig":{ @@ -7478,6 +12748,24 @@ }, "documentation":"

Array of up to 10 validators.

" }, + "ValidationDetails":{ + "type":"structure", + "members":{ + "status":{ + "shape":"JobStatusDetails", + "documentation":"

The status of the validation sub-task of the job.

" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

The start time of the validation sub-task of the job.

" + }, + "lastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

The latest update to the validation sub-task of the job.

" + } + }, + "documentation":"

For a Distillation job, the status details for the validation sub-task of the job.

" + }, "ValidationException":{ "type":"structure", "members":{ @@ -7521,6 +12809,75 @@ "max":10, "min":0 }, + "ValidityTerm":{ + "type":"structure", + "members":{ + "agreementDuration":{ + "shape":"String", + "documentation":"

Describes the agreement duration.

" + } + }, + "documentation":"

Describes the validity terms.

" + }, + "VectorSearchBedrockRerankingConfiguration":{ + "type":"structure", + "required":["modelConfiguration"], + "members":{ + "modelConfiguration":{ + "shape":"VectorSearchBedrockRerankingModelConfiguration", + "documentation":"

Configuration for the Amazon Bedrock foundation model used for reranking. This includes the model ARN and any additional request fields required by the model.

" + }, + "numberOfRerankedResults":{ + "shape":"VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger", + "documentation":"

The maximum number of results to rerank. This limits how many of the initial vector search results will be processed by the reranking model. A smaller number improves performance but may exclude potentially relevant results.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfigurationForReranking", + "documentation":"

Configuration for how document metadata should be used during the reranking process. This determines which metadata fields are included when reordering search results.

" + } + }, + "documentation":"

Configuration for using Amazon Bedrock foundation models to rerank Knowledge Base vector search results. This enables more sophisticated relevance ranking using large language models.

" + }, + "VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "VectorSearchBedrockRerankingModelConfiguration":{ + "type":"structure", + "required":["modelArn"], + "members":{ + "modelArn":{ + "shape":"BedrockRerankingModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the foundation model to use for reranking. This model processes the query and search results to determine a more relevant ordering.

" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

A list of additional fields to include in the model request during reranking. These fields provide extra context or configuration options specific to the selected foundation model.

" + } + }, + "documentation":"

Configuration for the Amazon Bedrock foundation model used for reranking vector search results. This specifies which model to use and any additional parameters required by the model.

" + }, + "VectorSearchRerankingConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"VectorSearchRerankingConfigurationType", + "documentation":"

The type of reranking to apply to vector search results. Currently, the only supported value is BEDROCK, which uses Amazon Bedrock foundation models for reranking.

" + }, + "bedrockRerankingConfiguration":{ + "shape":"VectorSearchBedrockRerankingConfiguration", + "documentation":"

Configuration for using Amazon Bedrock foundation models to rerank search results. This is required when the reranking type is set to BEDROCK.

" + } + }, + "documentation":"

Configuration for reranking vector search results to improve relevance. Reranking applies additional relevance models to reorder the initial vector search results based on more sophisticated criteria.

" + }, + "VectorSearchRerankingConfigurationType":{ + "type":"string", + "enum":["BEDROCK_RERANKING_MODEL"] + }, "VpcConfig":{ "type":"structure", "required":[ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-06-05", + "auth":["aws.auth#sigv4"], "endpointPrefix":"bedrock-agent", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Agents for Amazon Bedrock", "serviceId":"Bedrock Agent", "signatureVersion":"v4", "signingName":"bedrock", - "uid":"bedrock-agent-2023-06-05", - "auth":["aws.auth#sigv4"] + "uid":"bedrock-agent-2023-06-05" }, "operations":{ "AssociateAgentCollaborator":{ @@ -458,7 +457,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Deletes documents from a data source and syncs the changes to the knowledge base that is connected to it. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.

", + "documentation":"

Deletes documents from a data source and syncs the changes to the knowledge base that is connected to it. For more information, see Ingest changes directly into a knowledge base in the Amazon Bedrock User Guide.

", "idempotent":true }, "DeletePrompt":{ @@ -754,7 +753,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Retrieves specific documents from a data source that is connected to a knowledge base. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.

" + "documentation":"

Retrieves specific documents from a data source that is connected to a knowledge base. For more information, see Ingest changes directly into a knowledge base in the Amazon Bedrock User Guide.

" }, "GetPrompt":{ "name":"GetPrompt", @@ -791,7 +790,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Ingests documents directly into the knowledge base that is connected to the data source. The dataSourceType specified in the content for each document must match the type of the data source that you specify in the header. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.

", + "documentation":"

Ingests documents directly into the knowledge base that is connected to the data source. The dataSourceType specified in the content for each document must match the type of the data source that you specify in the header. For more information, see Ingest changes directly into a knowledge base in the Amazon Bedrock User Guide.

", "idempotent":true }, "ListAgentActionGroups":{ @@ -1007,7 +1006,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Retrieves all the documents contained in a data source that is connected to a knowledge base. For more information, see Ingest documents into a knowledge base in real-time in the Amazon Bedrock User Guide.

" + "documentation":"

Retrieves all the documents contained in a data source that is connected to a knowledge base. For more information, see Ingest changes directly into a knowledge base in the Amazon Bedrock User Guide.

" }, "ListKnowledgeBases":{ "name":"ListKnowledgeBases", @@ -1410,13 +1409,13 @@ "APISchema":{ "type":"structure", "members":{ - "payload":{ - "shape":"Payload", - "documentation":"

The JSON or YAML-formatted payload defining the OpenAPI schema for the action group. For more information, see Action group OpenAPI schemas.

" - }, "s3":{ "shape":"S3Identifier", "documentation":"

Contains details about the S3 object containing the OpenAPI schema for the action group. For more information, see Action group OpenAPI schemas.

" + }, + "payload":{ + "shape":"Payload", + "documentation":"

The JSON or YAML-formatted payload defining the OpenAPI schema for the action group. For more information, see Action group OpenAPI schemas.

" } }, "documentation":"

Contains details about the OpenAPI schema for the action group. For more information, see Action group OpenAPI schemas. You can either include the schema directly in the payload field or you can upload it to an S3 bucket and specify the S3 bucket location in the s3 field.

", @@ -1437,13 +1436,13 @@ "ActionGroupExecutor":{ "type":"structure", "members":{ - "customControl":{ - "shape":"CustomControlMethod", - "documentation":"

To return the action group invocation results directly in the InvokeAgent response, specify RETURN_CONTROL.

" - }, "lambda":{ "shape":"LambdaArn", "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.

" + }, + "customControl":{ + "shape":"CustomControlMethod", + "documentation":"

To return the action group invocation results directly in the InvokeAgent response, specify RETURN_CONTROL.

" } }, "documentation":"

Contains details about the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

", @@ -1453,9 +1452,27 @@ "type":"string", "enum":[ "AMAZON.UserInput", - "AMAZON.CodeInterpreter" + "AMAZON.CodeInterpreter", + "ANTHROPIC.Computer", + "ANTHROPIC.Bash", + "ANTHROPIC.TextEditor" ] }, + "ActionGroupSignatureParams":{ + "type":"map", + "key":{"shape":"ActionGroupSignatureParamsKeyString"}, + "value":{"shape":"ActionGroupSignatureParamsValueString"} + }, + "ActionGroupSignatureParamsKeyString":{ + "type":"string", + "max":100, + "min":0 + }, + "ActionGroupSignatureParamsValueString":{ + "type":"string", + "max":100, + "min":0 + }, "ActionGroupState":{ "type":"string", "enum":[ @@ -1501,28 +1518,36 @@ }, "documentation":"

Contains details about an action group.

" }, + "AdditionalModelRequestFields":{ + "type":"map", + "key":{"shape":"AdditionalModelRequestFieldsKey"}, + "value":{"shape":"AdditionalModelRequestFieldsValue"} + }, + "AdditionalModelRequestFieldsKey":{ + "type":"string", + "max":100, + "min":1 + }, + "AdditionalModelRequestFieldsValue":{ + "type":"structure", + "members":{ + }, + "document":true + }, "Agent":{ "type":"structure", "required":[ - "agentArn", "agentId", "agentName", - "agentResourceRoleArn", - "agentStatus", + "agentArn", "agentVersion", - "createdAt", + "agentStatus", "idleSessionTTLInSeconds", + "agentResourceRoleArn", + "createdAt", "updatedAt" ], "members":{ - "agentArn":{ - "shape":"AgentArn", - "documentation":"

The Amazon Resource Name (ARN) of the agent.

" - }, - "agentCollaboration":{ - "shape":"AgentCollaboration", - "documentation":"

The agent's collaboration settings.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent.

" @@ -1531,13 +1556,9 @@ "shape":"Name", "documentation":"

The name of the agent.

" }, - "agentResourceRoleArn":{ - "shape":"AgentRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" - }, - "agentStatus":{ - "shape":"AgentStatus", - "documentation":"

The status of the agent and whether it is ready for use. The following statuses are possible:

  • CREATING – The agent is being created.

  • PREPARING – The agent is being prepared.

  • PREPARED – The agent is prepared and ready to be invoked.

  • NOT_PREPARED – The agent has been created but not yet prepared.

  • FAILED – The agent API operation failed.

  • UPDATING – The agent is being updated.

  • DELETING – The agent is being deleted.

" + "agentArn":{ + "shape":"AgentArn", + "documentation":"

The Amazon Resource Name (ARN) of the agent.

" }, "agentVersion":{ "shape":"DraftVersion", @@ -1547,65 +1568,77 @@ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the agent was created.

" + "instruction":{ + "shape":"Instruction", + "documentation":"

Instructions that tell the agent what it should do and how it should interact with users.

" }, - "customOrchestration":{ - "shape":"CustomOrchestration", - "documentation":"

Contains custom orchestration configurations for the agent.

" + "agentStatus":{ + "shape":"AgentStatus", + "documentation":"

The status of the agent and whether it is ready for use. The following statuses are possible:

  • CREATING – The agent is being created.

  • PREPARING – The agent is being prepared.

  • PREPARED – The agent is prepared and ready to be invoked.

  • NOT_PREPARED – The agent has been created but not yet prepared.

  • FAILED – The agent API operation failed.

  • UPDATING – The agent is being updated.

  • DELETING – The agent is being deleted.

" }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that encrypts the agent.

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The foundation model used for orchestration by the agent.

" }, "description":{ "shape":"Description", "documentation":"

The description of the agent.

" }, - "failureReasons":{ - "shape":"FailureReasons", - "documentation":"

Contains reasons that the agent-related API that you invoked failed.

" - }, - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The foundation model used for orchestration by the agent.

" + "orchestrationType":{ + "shape":"OrchestrationType", + "documentation":"

Specifies the orchestration strategy for the agent.

" }, - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

Details about the guardrail associated with the agent.

" + "customOrchestration":{ + "shape":"CustomOrchestration", + "documentation":"

Contains custom orchestration configurations for the agent.

" }, "idleSessionTTLInSeconds":{ "shape":"SessionTTL", "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" }, - "instruction":{ - "shape":"Instruction", - "documentation":"

Instructions that tell the agent what it should do and how it should interact with users.

" + "agentResourceRoleArn":{ + "shape":"AgentRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" }, - "memoryConfiguration":{ - "shape":"MemoryConfiguration", - "documentation":"

Contains memory configuration for the agent.

" + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that encrypts the agent.

" }, - "orchestrationType":{ - "shape":"OrchestrationType", - "documentation":"

Specifies the orchestration strategy for the agent.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the agent was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the agent was last updated.

" }, "preparedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the agent was last prepared.

" }, - "promptOverrideConfiguration":{ - "shape":"PromptOverrideConfiguration", - "documentation":"

Contains configurations to override prompt templates in different parts of an agent sequence. For more information, see Advanced prompts.

" + "failureReasons":{ + "shape":"FailureReasons", + "documentation":"

Contains reasons that the agent-related API that you invoked failed.

" }, "recommendedActions":{ "shape":"RecommendedActions", "documentation":"

Contains recommended actions to take for the agent-related API that you invoked to succeed.

" }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the agent was last updated.

" + "promptOverrideConfiguration":{ + "shape":"PromptOverrideConfiguration", + "documentation":"

Contains configurations to override prompt templates in different parts of an agent sequence. For more information, see Advanced prompts.

" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

Details about the guardrail associated with the agent.

" + }, + "memoryConfiguration":{ + "shape":"MemoryConfiguration", + "documentation":"

Contains memory configuration for the agent.

" + }, + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

The agent's collaboration settings.

" } }, "documentation":"

Contains details about an agent.

" @@ -1613,31 +1646,15 @@ "AgentActionGroup":{ "type":"structure", "required":[ - "actionGroupId", - "actionGroupName", - "actionGroupState", "agentId", "agentVersion", + "actionGroupId", + "actionGroupName", "createdAt", - "updatedAt" + "updatedAt", + "actionGroupState" ], "members":{ - "actionGroupExecutor":{ - "shape":"ActionGroupExecutor", - "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" - }, - "actionGroupId":{ - "shape":"Id", - "documentation":"

The unique identifier of the action group.

" - }, - "actionGroupName":{ - "shape":"Name", - "documentation":"

The name of the action group.

" - }, - "actionGroupState":{ - "shape":"ActionGroupState", - "documentation":"

Specifies whether the action group is available for the agent to invoke or not when sending an InvokeAgent request.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent to which the action group belongs.

" @@ -1646,33 +1663,53 @@ "shape":"Version", "documentation":"

The version of the agent to which the action group belongs.

" }, - "apiSchema":{ - "shape":"APISchema", - "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" + "actionGroupId":{ + "shape":"Id", + "documentation":"

The unique identifier of the action group.

" + }, + "actionGroupName":{ + "shape":"Name", + "documentation":"

The name of the action group.

" }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the action group was created.

" - }, "description":{ "shape":"Description", "documentation":"

The description of the action group.

" }, - "functionSchema":{ - "shape":"FunctionSchema", - "documentation":"

Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the action group was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the action group was last updated.

" }, "parentActionSignature":{ "shape":"ActionGroupSignature", "documentation":"

If this field is set as AMAZON.UserInput, the agent can request the user for additional information when trying to complete a task. The description, apiSchema, and actionGroupExecutor fields must be blank for this action group.

During orchestration, if the agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an Observation reprompting the user for more information.

" }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the action group was last updated.

" + "parentActionGroupSignatureParams":{ + "shape":"ActionGroupSignatureParams", + "documentation":"

The configuration settings for a computer use action.

Computer use is a new Anthropic Claude model capability (in beta) available with Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" + }, + "actionGroupExecutor":{ + "shape":"ActionGroupExecutor", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" + }, + "apiSchema":{ + "shape":"APISchema", + "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" + }, + "functionSchema":{ + "shape":"FunctionSchema", + "documentation":"

Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.

" + }, + "actionGroupState":{ + "shape":"ActionGroupState", + "documentation":"

Specifies whether the action group is available for the agent to invoke or not when sending an InvokeAgent request.

" } }, "documentation":"

Contains details about an action group.

" @@ -1680,23 +1717,19 @@ "AgentAlias":{ "type":"structure", "required":[ - "agentAliasArn", + "agentId", "agentAliasId", "agentAliasName", - "agentAliasStatus", - "agentId", - "createdAt", + "agentAliasArn", "routingConfiguration", - "updatedAt" + "createdAt", + "updatedAt", + "agentAliasStatus" ], "members":{ - "agentAliasArn":{ - "shape":"AgentAliasArn", - "documentation":"

The Amazon Resource Name (ARN) of the alias of the agent.

" - }, - "agentAliasHistoryEvents":{ - "shape":"AgentAliasHistoryEvents", - "documentation":"

Contains details about the history of the alias.

" + "agentId":{ + "shape":"Id", + "documentation":"

The unique identifier of the agent.

" }, "agentAliasId":{ "shape":"AgentAliasId", @@ -1706,37 +1739,45 @@ "shape":"Name", "documentation":"

The name of the alias of the agent.

" }, - "agentAliasStatus":{ - "shape":"AgentAliasStatus", - "documentation":"

The status of the alias of the agent and whether it is ready for use. The following statuses are possible:

  • CREATING – The agent alias is being created.

  • PREPARED – The agent alias is finished being created or updated and is ready to be invoked.

  • FAILED – The agent alias API operation failed.

  • UPDATING – The agent alias is being updated.

  • DELETING – The agent alias is being deleted.

" - }, - "agentId":{ - "shape":"Id", - "documentation":"

The unique identifier of the agent.

" + "agentAliasArn":{ + "shape":"AgentAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the alias of the agent.

" }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the alias of the agent was created.

" - }, "description":{ "shape":"Description", "documentation":"

The description of the alias of the agent.

" }, - "failureReasons":{ - "shape":"FailureReasons", - "documentation":"

Information on the failure of Provisioned Throughput assigned to an agent alias.

" - }, "routingConfiguration":{ "shape":"AgentAliasRoutingConfiguration", "documentation":"

Contains details about the routing configuration of the alias.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the alias of the agent was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the alias was last updated.

" + }, + "agentAliasHistoryEvents":{ + "shape":"AgentAliasHistoryEvents", + "documentation":"

Contains details about the history of the alias.

" + }, + "agentAliasStatus":{ + "shape":"AgentAliasStatus", + "documentation":"

The status of the alias of the agent and whether it is ready for use. The following statuses are possible:

  • CREATING – The agent alias is being created.

  • PREPARED – The agent alias is finished being created or updated and is ready to be invoked.

  • FAILED – The agent alias API operation failed.

  • UPDATING – The agent alias is being updated.

  • DELETING – The agent alias is being deleted.

  • DISSOCIATED - The agent alias has no version associated with it.

" + }, + "failureReasons":{ + "shape":"FailureReasons", + "documentation":"

Information on the failure of Provisioned Throughput assigned to an agent alias.

" + }, + "aliasInvocationState":{ + "shape":"AliasInvocationState", + "documentation":"

The invocation state for the agent alias. If the agent alias is running, the value is ACCEPT_INVOCATIONS. If the agent alias is paused, the value is REJECT_INVOCATIONS. Use the UpdateAgentAlias operation to change the invocation state.

" } }, "documentation":"

Contains details about an alias of an agent.

" @@ -1745,19 +1786,19 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$" + "pattern":"arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}" }, "AgentAliasHistoryEvent":{ "type":"structure", "members":{ - "endDate":{ - "shape":"DateTimestamp", - "documentation":"

The date that the alias stopped being associated to the version in the routingConfiguration object

" - }, "routingConfiguration":{ "shape":"AgentAliasRoutingConfiguration", "documentation":"

Contains details about the version of the agent with which the alias is associated.

" }, + "endDate":{ + "shape":"DateTimestamp", + "documentation":"

The date that the alias stopped being associated to the version in the routingConfiguration object

" + }, "startDate":{ "shape":"DateTimestamp", "documentation":"

The date that the alias began being associated to the version in the routingConfiguration object.

" @@ -1775,7 +1816,7 @@ "type":"string", "max":10, "min":10, - "pattern":"^(\\bTSTALIASID\\b|[0-9a-zA-Z]+)$" + "pattern":"(\\bTSTALIASID\\b|[0-9a-zA-Z]+)" }, "AgentAliasRoutingConfiguration":{ "type":"list", @@ -1804,7 +1845,8 @@ "PREPARED", "FAILED", "UPDATING", - "DELETING" + "DELETING", + "DISSOCIATED" ] }, "AgentAliasSummaries":{ @@ -1831,14 +1873,6 @@ "shape":"Name", "documentation":"

The name of the alias.

" }, - "agentAliasStatus":{ - "shape":"AgentAliasStatus", - "documentation":"

The status of the alias.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the alias of the agent was created.

" - }, "description":{ "shape":"Description", "documentation":"

The description of the alias.

" @@ -1847,9 +1881,21 @@ "shape":"AgentAliasRoutingConfiguration", "documentation":"

Contains details about the version of the agent with which the alias is associated.

" }, + "agentAliasStatus":{ + "shape":"AgentAliasStatus", + "documentation":"

The status of the alias.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the alias of the agent was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the alias was last updated.

" + }, + "aliasInvocationState":{ + "shape":"AliasInvocationState", + "documentation":"

The invocation state for the agent alias. If the agent alias is running, the value is ACCEPT_INVOCATIONS. If the agent alias is paused, the value is REJECT_INVOCATIONS. Use the UpdateAgentAlias operation to change the invocation state.

" } }, "documentation":"

Contains details about an alias of an agent.

" @@ -1858,7 +1904,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$" + "pattern":"arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}" }, "AgentCollaboration":{ "type":"string", @@ -1871,20 +1917,16 @@ "AgentCollaborator":{ "type":"structure", "required":[ - "agentDescriptor", "agentId", "agentVersion", - "collaborationInstruction", + "agentDescriptor", "collaboratorId", + "collaborationInstruction", "collaboratorName", "createdAt", "lastUpdatedAt" ], "members":{ - "agentDescriptor":{ - "shape":"AgentDescriptor", - "documentation":"

The collaborator's agent descriptor.

" - }, "agentId":{ "shape":"Id", "documentation":"

The collaborator's agent ID.

" @@ -1893,18 +1935,18 @@ "shape":"Version", "documentation":"

The collaborator's agent version.

" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

The collaborator's client token.

" - }, - "collaborationInstruction":{ - "shape":"CollaborationInstruction", - "documentation":"

The collaborator's instructions.

" + "agentDescriptor":{ + "shape":"AgentDescriptor", + "documentation":"

The collaborator's agent descriptor.

" }, "collaboratorId":{ "shape":"Id", "documentation":"

The collaborator's collaborator ID.

" }, + "collaborationInstruction":{ + "shape":"CollaborationInstruction", + "documentation":"

The collaborator's instructions.

" + }, "collaboratorName":{ "shape":"Name", "documentation":"

The collaborator's collaborator name.

" @@ -1920,6 +1962,10 @@ "relayConversationHistory":{ "shape":"RelayConversationHistory", "documentation":"

The collaborator's relay conversation history.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

The collaborator's client token.

" } }, "documentation":"

An agent collaborator.

" @@ -1933,21 +1979,17 @@ "AgentCollaboratorSummary":{ "type":"structure", "required":[ - "agentDescriptor", "agentId", "agentVersion", - "collaborationInstruction", "collaboratorId", + "agentDescriptor", + "collaborationInstruction", + "relayConversationHistory", "collaboratorName", "createdAt", - "lastUpdatedAt", - "relayConversationHistory" + "lastUpdatedAt" ], "members":{ - "agentDescriptor":{ - "shape":"AgentDescriptor", - "documentation":"

The collaborator's agent descriptor.

" - }, "agentId":{ "shape":"Id", "documentation":"

The collaborator's agent ID.

" @@ -1956,13 +1998,21 @@ "shape":"Version", "documentation":"

The collaborator's agent version.

" }, + "collaboratorId":{ + "shape":"Id", + "documentation":"

The collaborator's ID.

" + }, + "agentDescriptor":{ + "shape":"AgentDescriptor", + "documentation":"

The collaborator's agent descriptor.

" + }, "collaborationInstruction":{ "shape":"CollaborationInstruction", "documentation":"

The collaborator's collaboration instruction.

" }, - "collaboratorId":{ - "shape":"Id", - "documentation":"

The collaborator's ID.

" + "relayConversationHistory":{ + "shape":"RelayConversationHistory", + "documentation":"

The collaborator's relay conversation history.

" }, "collaboratorName":{ "shape":"Name", @@ -1975,10 +2025,6 @@ "lastUpdatedAt":{ "shape":"DateTimestamp", "documentation":"

When the collaborator was last updated.

" - }, - "relayConversationHistory":{ - "shape":"RelayConversationHistory", - "documentation":"

The collaborator's relay conversation history.

" } }, "documentation":"

An agent collaborator summary.

" @@ -1998,22 +2044,22 @@ "required":["agentAliasArn"], "members":{ "agentAliasArn":{ - "shape":"AgentAliasArn", + "shape":"FlowAgentAliasArn", "documentation":"

The Amazon Resource Name (ARN) of the alias of the agent to invoke.

" } }, - "documentation":"

Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "AgentKnowledgeBase":{ "type":"structure", "required":[ "agentId", "agentVersion", - "createdAt", - "description", "knowledgeBaseId", - "knowledgeBaseState", - "updatedAt" + "description", + "createdAt", + "updatedAt", + "knowledgeBaseState" ], "members":{ "agentId":{ @@ -2024,25 +2070,25 @@ "shape":"Version", "documentation":"

The version of the agent with which the knowledge base is associated.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the association between the agent and the knowledge base was created.

" + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the association between the agent and the knowledge base.

" }, "description":{ "shape":"Description", "documentation":"

The description of the association between the agent and the knowledge base.

" }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the association between the agent and the knowledge base.

" - }, - "knowledgeBaseState":{ - "shape":"KnowledgeBaseState", - "documentation":"

Specifies whether to use the knowledge base or not when sending an InvokeAgent request.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the association between the agent and the knowledge base was created.

" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the association between the agent and the knowledge base was last updated.

" + }, + "knowledgeBaseState":{ + "shape":"KnowledgeBaseState", + "documentation":"

Specifies whether to use the knowledge base or not when sending an InvokeAgent request.

" } }, "documentation":"

Contains details about a knowledge base that is associated with an agent.

" @@ -2061,14 +2107,14 @@ "updatedAt" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

The description of the knowledge base associated with an agent.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base associated with an agent.

" }, + "description":{ + "shape":"Description", + "documentation":"

The description of the knowledge base associated with an agent.

" + }, "knowledgeBaseState":{ "shape":"KnowledgeBaseState", "documentation":"

Specifies whether the agent uses the knowledge base or not when sending an InvokeAgent request.

" @@ -2084,7 +2130,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$" + "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" }, "AgentStatus":{ "type":"string", @@ -2130,17 +2176,17 @@ "shape":"Description", "documentation":"

The description of the agent.

" }, - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

Details about the guardrail associated with the agent.

" + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the agent was last updated.

" }, "latestAgentVersion":{ "shape":"Version", "documentation":"

The latest version of the agent.

" }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the agent was last updated.

" + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

Details about the guardrail associated with the agent.

" } }, "documentation":"

Contains details about an agent.

" @@ -2148,25 +2194,17 @@ "AgentVersion":{ "type":"structure", "required":[ - "agentArn", "agentId", "agentName", - "agentResourceRoleArn", + "agentArn", + "version", "agentStatus", - "createdAt", "idleSessionTTLInSeconds", - "updatedAt", - "version" + "agentResourceRoleArn", + "createdAt", + "updatedAt" ], "members":{ - "agentArn":{ - "shape":"AgentArn", - "documentation":"

The Amazon Resource Name (ARN) of the agent that the version belongs to.

" - }, - "agentCollaboration":{ - "shape":"AgentCollaboration", - "documentation":"

The agent's collaboration settings.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent that the version belongs to.

" @@ -2175,65 +2213,73 @@ "shape":"Name", "documentation":"

The name of the agent that the version belongs to.

" }, - "agentResourceRoleArn":{ - "shape":"AgentRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" + "agentArn":{ + "shape":"AgentArn", + "documentation":"

The Amazon Resource Name (ARN) of the agent that the version belongs to.

" + }, + "version":{ + "shape":"NumericalVersion", + "documentation":"

The version number.

" + }, + "instruction":{ + "shape":"Instruction", + "documentation":"

The instructions provided to the agent.

" }, "agentStatus":{ "shape":"AgentStatus", "documentation":"

The status of the agent that the version belongs to.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the version was created.

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The foundation model that the version invokes.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the version.

" + }, + "idleSessionTTLInSeconds":{ + "shape":"SessionTTL", + "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" + }, + "agentResourceRoleArn":{ + "shape":"AgentRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"

The Amazon Resource Name (ARN) of the KMS key that encrypts the agent.

" }, - "description":{ - "shape":"Description", - "documentation":"

The description of the version.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the version was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the version was last updated.

" }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

A list of reasons that the API operation on the version failed.

" }, - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The foundation model that the version invokes.

" + "recommendedActions":{ + "shape":"RecommendedActions", + "documentation":"

A list of recommended actions to take for the failed API operation on the version to succeed.

" + }, + "promptOverrideConfiguration":{ + "shape":"PromptOverrideConfiguration", + "documentation":"

Contains configurations to override prompt templates in different parts of an agent sequence. For more information, see Advanced prompts.

" }, "guardrailConfiguration":{ "shape":"GuardrailConfiguration", "documentation":"

Details about the guardrail associated with the agent.

" }, - "idleSessionTTLInSeconds":{ - "shape":"SessionTTL", - "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" - }, - "instruction":{ - "shape":"Instruction", - "documentation":"

The instructions provided to the agent.

" - }, "memoryConfiguration":{ "shape":"MemoryConfiguration", "documentation":"

Contains details of the memory configuration on the version of the agent.

" }, - "promptOverrideConfiguration":{ - "shape":"PromptOverrideConfiguration", - "documentation":"

Contains configurations to override prompt templates in different parts of an agent sequence. For more information, see Advanced prompts.

" - }, - "recommendedActions":{ - "shape":"RecommendedActions", - "documentation":"

A list of recommended actions to take for the failed API operation on the version to succeed.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the version was last updated.

" - }, - "version":{ - "shape":"NumericalVersion", - "documentation":"

The version number.

" + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

The agent's collaboration settings.

" } }, "documentation":"

Contains details about a version of an agent.

" @@ -2270,6 +2316,10 @@ "shape":"DateTimestamp", "documentation":"

The time at which the version was created.

" }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the version was last updated.

" + }, "description":{ "shape":"Description", "documentation":"

The description of the version of the agent.

" @@ -2277,14 +2327,18 @@ "guardrailConfiguration":{ "shape":"GuardrailConfiguration", "documentation":"

Details about the guardrail associated with the agent.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the version was last updated.

" } }, "documentation":"

Contains details about a version of an agent.

" }, + "AliasInvocationState":{ + "type":"string", + "documentation":"

Enum representing the invocation state of an agent alias

", + "enum":[ + "ACCEPT_INVOCATIONS", + "REJECT_INVOCATIONS" + ] + }, "AnyToolChoice":{ "type":"structure", "members":{ @@ -2294,17 +2348,13 @@ "AssociateAgentCollaboratorRequest":{ "type":"structure", "required":[ - "agentDescriptor", "agentId", "agentVersion", - "collaborationInstruction", - "collaboratorName" + "agentDescriptor", + "collaboratorName", + "collaborationInstruction" ], "members":{ - "agentDescriptor":{ - "shape":"AgentDescriptor", - "documentation":"

The alias of the collaborator agent.

" - }, "agentId":{ "shape":"Id", "documentation":"

The agent's ID.

", @@ -2317,22 +2367,26 @@ "location":"uri", "locationName":"agentVersion" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A client token.

", - "idempotencyToken":true - }, - "collaborationInstruction":{ - "shape":"CollaborationInstruction", - "documentation":"

Instruction for the collaborator.

" + "agentDescriptor":{ + "shape":"AgentDescriptor", + "documentation":"

The alias of the collaborator agent.

" }, "collaboratorName":{ "shape":"Name", "documentation":"

A name for the collaborator.

" }, + "collaborationInstruction":{ + "shape":"CollaborationInstruction", + "documentation":"

Instruction for the collaborator.

" + }, "relayConversationHistory":{ "shape":"RelayConversationHistory", "documentation":"

A relay conversation history for the collaborator.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A client token.

", + "idempotencyToken":true } } }, @@ -2351,8 +2405,8 @@ "required":[ "agentId", "agentVersion", - "description", - "knowledgeBaseId" + "knowledgeBaseId", + "description" ], "members":{ "agentId":{ @@ -2367,14 +2421,14 @@ "location":"uri", "locationName":"agentVersion" }, - "description":{ - "shape":"Description", - "documentation":"

A description of what the agent should use the knowledge base for.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base to associate with the agent.

" }, + "description":{ + "shape":"Description", + "documentation":"

A description of what the agent should use the knowledge base for.

" + }, "knowledgeBaseState":{ "shape":"KnowledgeBaseState", "documentation":"

Specifies whether to use the knowledge base or not when sending an InvokeAgent request.

" @@ -2401,7 +2455,7 @@ "type":"string", "max":200, "min":1, - "pattern":"^.*\\.*$" + "pattern":".*\\.*" }, "AwsDataCatalogTableNames":{ "type":"list", @@ -2429,7 +2483,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" }, "BedrockEmbeddingModelConfiguration":{ "type":"structure", @@ -2451,24 +2505,48 @@ "members":{ "modelArn":{ "shape":"BedrockModelArn", - "documentation":"

The ARN of the foundation model or inference profile to use for parsing.

" + "documentation":"

The ARN of the foundation model to use for parsing.

" + }, + "parsingPrompt":{ + "shape":"ParsingPrompt", + "documentation":"

Instructions for interpreting the contents of a document.

" }, "parsingModality":{ "shape":"ParsingModality", "documentation":"

Specifies whether to enable parsing of multimodal data, including both text and/or images.

" + } + }, + "documentation":"

Settings for a foundation model used to parse documents for a data source.

" + }, + "BedrockFoundationModelContextEnrichmentConfiguration":{ + "type":"structure", + "required":[ + "enrichmentStrategyConfiguration", + "modelArn" + ], + "members":{ + "enrichmentStrategyConfiguration":{ + "shape":"EnrichmentStrategyConfiguration", + "documentation":"

The enrichment stategy used to provide additional context. For example, Neptune GraphRAG uses Amazon Bedrock foundation models to perform chunk entity extraction.

" }, - "parsingPrompt":{ - "shape":"ParsingPrompt", - "documentation":"

Instructions for interpreting the contents of a document.

" + "modelArn":{ + "shape":"BedrockModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the model used to create vector embeddings for the knowledge base.

" } }, - "documentation":"

Settings for a foundation model or inference profile used to parse documents for a data source.

" + "documentation":"

Context enrichment configuration is used to provide additional context to the RAG application using Amazon Bedrock foundation models.

" }, "BedrockModelArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]{1,12})?:(bedrock):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]{1,12})?:(bedrock):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" + }, + "BedrockRerankingModelArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/(.*))?" }, "Boolean":{ "type":"boolean", @@ -2478,7 +2556,7 @@ "type":"string", "max":12, "min":12, - "pattern":"^[0-9]{12}$" + "pattern":"[0-9]{12}" }, "ByteContentBlob":{ "type":"blob", @@ -2489,33 +2567,44 @@ "ByteContentDoc":{ "type":"structure", "required":[ - "data", - "mimeType" + "mimeType", + "data" ], "members":{ - "data":{ - "shape":"ByteContentBlob", - "documentation":"

The base64-encoded string of the content.

" - }, "mimeType":{ "shape":"ByteContentDocMimeTypeString", "documentation":"

The MIME type of the content. For a list of MIME types, see Media Types. The following MIME types are supported:

  • text/plain

  • text/html

  • text/csv

  • text/vtt

  • message/rfc822

  • application/xhtml+xml

  • application/pdf

  • application/msword

  • application/vnd.ms-word.document.macroenabled.12

  • application/vnd.ms-word.template.macroenabled.12

  • application/vnd.ms-excel

  • application/vnd.ms-excel.addin.macroenabled.12

  • application/vnd.ms-excel.sheet.macroenabled.12

  • application/vnd.ms-excel.template.macroenabled.12

  • application/vnd.ms-excel.sheet.binary.macroenabled.12

  • application/vnd.ms-spreadsheetml

  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet

  • application/vnd.openxmlformats-officedocument.spreadsheetml.template

  • application/vnd.openxmlformats-officedocument.wordprocessingml.document

  • application/vnd.openxmlformats-officedocument.wordprocessingml.template

" + }, + "data":{ + "shape":"ByteContentBlob", + "documentation":"

The base64-encoded string of the content.

" } }, "documentation":"

Contains information about content defined inline in bytes.

" }, "ByteContentDocMimeTypeString":{ "type":"string", - "pattern":"[a-z]{1,20}/.{1,20}" + "pattern":".*[a-z]{1,20}/.{1,20}.*" + }, + "CachePointBlock":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"CachePointType", + "documentation":"

Indicates that the CachePointBlock is of the default type

" + } + }, + "documentation":"

Indicates where a cache checkpoint is located. All information before this checkpoint is cached to be accessed on subsequent requests.

" + }, + "CachePointType":{ + "type":"string", + "enum":["default"] }, "ChatPromptTemplateConfiguration":{ "type":"structure", "required":["messages"], "members":{ - "inputVariables":{ - "shape":"PromptInputVariablesList", - "documentation":"

An array of the variables in the prompt template.

" - }, "messages":{ "shape":"Messages", "documentation":"

Contains messages in the chat for the prompt.

" @@ -2524,6 +2613,10 @@ "shape":"SystemContentBlocks", "documentation":"

Contains system prompts to provide context to the model or to describe how it should behave.

" }, + "inputVariables":{ + "shape":"PromptInputVariablesList", + "documentation":"

An array of the variables in the prompt template.

" + }, "toolConfiguration":{ "shape":"ToolConfiguration", "documentation":"

Configuration information for the tools that the model can use when generating a response.

" @@ -2568,7 +2661,7 @@ "type":"string", "max":256, "min":33, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,256}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,256}" }, "CollaborationInstruction":{ "type":"string", @@ -2580,13 +2673,20 @@ "type":"structure", "members":{ }, - "documentation":"

Defines a collector node in your flow. This node takes an iteration of inputs and consolidates them into an array in the output. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Defines a collector node in your flow. This node takes an iteration of inputs and consolidates them into an array in the output. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "ColumnName":{ "type":"string", "max":63, "min":0, - "pattern":"^[a-zA-Z0-9_\\-]+$" + "pattern":"[a-zA-Z0-9_\\-]+" + }, + "ConcurrencyType":{ + "type":"string", + "enum":[ + "Automatic", + "Manual" + ] }, "ConditionFlowNodeConfiguration":{ "type":"structure", @@ -2597,7 +2697,7 @@ "documentation":"

An array of conditions. Each member contains the name of a condition and an expression that defines the condition.

" } }, - "documentation":"

Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "ConflictException":{ "type":"structure", @@ -2632,13 +2732,13 @@ "type":"structure", "required":["sourceConfiguration"], "members":{ - "crawlerConfiguration":{ - "shape":"ConfluenceCrawlerConfiguration", - "documentation":"

The configuration of the Confluence content. For example, configuring specific types of Confluence content.

" - }, "sourceConfiguration":{ "shape":"ConfluenceSourceConfiguration", "documentation":"

The endpoint information to connect to your Confluence data source.

" + }, + "crawlerConfiguration":{ + "shape":"ConfluenceCrawlerConfiguration", + "documentation":"

The configuration of the Confluence content. For example, configuring specific types of Confluence content.

" } }, "documentation":"

The configuration information to connect to Confluence as your data source.

" @@ -2650,12 +2750,20 @@ "ConfluenceSourceConfiguration":{ "type":"structure", "required":[ - "authType", - "credentialsSecretArn", + "hostUrl", "hostType", - "hostUrl" + "authType", + "credentialsSecretArn" ], "members":{ + "hostUrl":{ + "shape":"HttpsUrl", + "documentation":"

The Confluence host URL or instance URL.

" + }, + "hostType":{ + "shape":"ConfluenceHostType", + "documentation":"

The supported host type, whether online/cloud or server/on-premises.

" + }, "authType":{ "shape":"ConfluenceAuthType", "documentation":"

The supported authentication type to authenticate and connect to your Confluence instance.

" @@ -2663,14 +2771,6 @@ "credentialsSecretArn":{ "shape":"SecretArn", "documentation":"

The Amazon Resource Name of an Secrets Manager secret that stores your authentication credentials for your Confluence instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Confluence connection configuration.

" - }, - "hostType":{ - "shape":"ConfluenceHostType", - "documentation":"

The supported host type, whether online/cloud or server/on-premises.

" - }, - "hostUrl":{ - "shape":"HttpsUrl", - "documentation":"

The Confluence host URL or instance URL.

" } }, "documentation":"

The endpoint information to connect to your Confluence data source.

" @@ -2681,6 +2781,10 @@ "text":{ "shape":"String", "documentation":"

The text in the message.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

Creates a cache checkpoint within a message.

" } }, "documentation":"

Contains the content for the message you pass to, or receive from a model. For more information, see Create a prompt using Prompt management.

", @@ -2698,6 +2802,25 @@ "S3" ] }, + "ContextEnrichmentConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ContextEnrichmentType", + "documentation":"

The method used for context enrichment. It must be Amazon Bedrock foundation models.

" + }, + "bedrockFoundationModelConfiguration":{ + "shape":"BedrockFoundationModelContextEnrichmentConfiguration", + "documentation":"

The configuration of the Amazon Bedrock foundation model used for context enrichment.

" + } + }, + "documentation":"

Context enrichment configuration is used to provide additional context to the RAG application.

" + }, + "ContextEnrichmentType":{ + "type":"string", + "enum":["BEDROCK_FOUNDATION_MODEL"] + }, "ConversationRole":{ "type":"string", "enum":[ @@ -2709,13 +2832,13 @@ "type":"structure", "required":["type"], "members":{ - "patternObjectFilter":{ - "shape":"PatternObjectFilterConfiguration", - "documentation":"

The configuration of filtering certain objects or content types of the data source.

" - }, "type":{ "shape":"CrawlFilterConfigurationType", "documentation":"

The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content.

" + }, + "patternObjectFilter":{ + "shape":"PatternObjectFilterConfiguration", + "documentation":"

The configuration of filtering certain objects or content types of the data source.

" } }, "documentation":"

The configuration of filtering the data source content. For example, configuring regular expression patterns to include or exclude certain content.

" @@ -2727,23 +2850,11 @@ "CreateAgentActionGroupRequest":{ "type":"structure", "required":[ - "actionGroupName", "agentId", - "agentVersion" + "agentVersion", + "actionGroupName" ], "members":{ - "actionGroupExecutor":{ - "shape":"ActionGroupExecutor", - "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" - }, - "actionGroupName":{ - "shape":"Name", - "documentation":"

The name to give the action group.

" - }, - "actionGroupState":{ - "shape":"ActionGroupState", - "documentation":"

Specifies whether the action group is available for the agent to invoke or not when sending an InvokeAgent request.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent for which to create the action group.

", @@ -2756,9 +2867,9 @@ "location":"uri", "locationName":"agentVersion" }, - "apiSchema":{ - "shape":"APISchema", - "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" + "actionGroupName":{ + "shape":"Name", + "documentation":"

The name to give the action group.

" }, "clientToken":{ "shape":"ClientToken", @@ -2769,13 +2880,29 @@ "shape":"Description", "documentation":"

A description of the action group.

" }, + "parentActionGroupSignature":{ + "shape":"ActionGroupSignature", + "documentation":"

Specify a built-in or computer use action for this action group. If you specify a value, you must leave the description, apiSchema, and actionGroupExecutor fields empty for this action group.

  • To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput.

  • To allow your agent to generate, run, and troubleshoot code when trying to complete a task, set this field to AMAZON.CodeInterpreter.

  • To allow your agent to use an Anthropic computer use tool, specify one of the following values.

    Computer use is a new Anthropic Claude model capability (in beta) available with Anthropic Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. When operating computer use functionality, we recommend taking additional security precautions, such as executing computer actions in virtual environments with restricted data access and limited internet connectivity. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

    • ANTHROPIC.Computer - Gives the agent permission to use the mouse and keyboard and take screenshots.

    • ANTHROPIC.TextEditor - Gives the agent permission to view, create and edit files.

    • ANTHROPIC.Bash - Gives the agent permission to run commands in a bash shell.

" + }, + "parentActionGroupSignatureParams":{ + "shape":"ActionGroupSignatureParams", + "documentation":"

The configuration settings for a computer use action.

Computer use is a new Anthropic Claude model capability (in beta) available with Anthropic Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" + }, + "actionGroupExecutor":{ + "shape":"ActionGroupExecutor", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" + }, + "apiSchema":{ + "shape":"APISchema", + "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" + }, + "actionGroupState":{ + "shape":"ActionGroupState", + "documentation":"

Specifies whether the action group is available for the agent to invoke or not when sending an InvokeAgent request.

" + }, "functionSchema":{ "shape":"FunctionSchema", "documentation":"

Contains details about the function schema for the action group or the JSON or YAML-formatted payload defining the schema.

" - }, - "parentActionGroupSignature":{ - "shape":"ActionGroupSignature", - "documentation":"

To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput. You must leave the description, apiSchema, and actionGroupExecutor fields blank for this action group.

To allow your agent to generate, run, and troubleshoot code when trying to complete a task, set this field to AMAZON.CodeInterpreter. You must leave the description, apiSchema, and actionGroupExecutor fields blank for this action group.

During orchestration, if your agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an Observation reprompting the user for more information.

" } } }, @@ -2792,20 +2919,20 @@ "CreateAgentAliasRequest":{ "type":"structure", "required":[ - "agentAliasName", - "agentId" + "agentId", + "agentAliasName" ], "members":{ - "agentAliasName":{ - "shape":"Name", - "documentation":"

The name of the alias.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent.

", "location":"uri", "locationName":"agentId" }, + "agentAliasName":{ + "shape":"Name", + "documentation":"

The name of the alias.

" + }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", @@ -2839,66 +2966,66 @@ "type":"structure", "required":["agentName"], "members":{ - "agentCollaboration":{ - "shape":"AgentCollaboration", - "documentation":"

The agent's collaboration role.

" - }, "agentName":{ "shape":"Name", "documentation":"

A name for the agent that you create.

" }, - "agentResourceRoleArn":{ - "shape":"AgentRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" - }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", "idempotencyToken":true }, - "customOrchestration":{ - "shape":"CustomOrchestration", - "documentation":"

Contains details of the custom orchestration configured for the agent.

" + "instruction":{ + "shape":"Instruction", + "documentation":"

Instructions that tell the agent what it should do and how it should interact with users.

" }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key with which to encrypt the agent.

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The identifier for the model that you want to be used for orchestration by the agent you create.

The modelId to provide depends on the type of model or throughput that you use:

" }, "description":{ "shape":"Description", "documentation":"

A description of the agent.

" }, - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The identifier for the model that you want to be used for orchestration by the agent you create.

The modelId to provide depends on the type of model or throughput that you use:

" + "orchestrationType":{ + "shape":"OrchestrationType", + "documentation":"

Specifies the type of orchestration strategy for the agent. This is set to DEFAULT orchestration type, by default.

" }, - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

The unique Guardrail configuration assigned to the agent when it is created.

" + "customOrchestration":{ + "shape":"CustomOrchestration", + "documentation":"

Contains details of the custom orchestration configured for the agent.

" }, "idleSessionTTLInSeconds":{ "shape":"SessionTTL", "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" }, - "instruction":{ - "shape":"Instruction", - "documentation":"

Instructions that tell the agent what it should do and how it should interact with users.

" + "agentResourceRoleArn":{ + "shape":"AgentRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" }, - "memoryConfiguration":{ - "shape":"MemoryConfiguration", - "documentation":"

Contains the details of the memory configured for the agent.

" + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key with which to encrypt the agent.

" }, - "orchestrationType":{ - "shape":"OrchestrationType", - "documentation":"

Specifies the type of orchestration strategy for the agent. This is set to DEFAULT orchestration type, by default.

" + "tags":{ + "shape":"TagsMap", + "documentation":"

Any tags that you want to attach to the agent.

" }, "promptOverrideConfiguration":{ "shape":"PromptOverrideConfiguration", "documentation":"

Contains configurations to override prompts in different parts of an agent sequence. For more information, see Advanced prompts.

" }, - "tags":{ - "shape":"TagsMap", - "documentation":"

Any tags that you want to attach to the agent.

" + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

The unique Guardrail configuration assigned to the agent when it is created.

" + }, + "memoryConfiguration":{ + "shape":"MemoryConfiguration", + "documentation":"

Contains the details of the memory configured for the agent.

" + }, + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

The agent's collaboration role.

" } } }, @@ -2915,37 +3042,37 @@ "CreateDataSourceRequest":{ "type":"structure", "required":[ - "dataSourceConfiguration", "knowledgeBaseId", - "name" + "name", + "dataSourceConfiguration" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base to which to add the data source.

", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", "idempotencyToken":true }, - "dataDeletionPolicy":{ - "shape":"DataDeletionPolicy", - "documentation":"

The data deletion policy for the data source.

You can set the data deletion policy to:

  • DELETE: Deletes all data from your data source that’s converted into vector embeddings upon deletion of a knowledge base or data source resource. Note that the vector store itself is not deleted, only the data. This flag is ignored if an Amazon Web Services account is deleted.

  • RETAIN: Retains all data from your data source that’s converted into vector embeddings upon deletion of a knowledge base or data source resource. Note that the vector store itself is not deleted if you delete a knowledge base or data source resource.

" - }, - "dataSourceConfiguration":{ - "shape":"DataSourceConfiguration", - "documentation":"

The connection configuration for the data source.

" + "name":{ + "shape":"Name", + "documentation":"

The name of the data source.

" }, "description":{ "shape":"Description", "documentation":"

A description of the data source.

" }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base to which to add the data source.

", - "location":"uri", - "locationName":"knowledgeBaseId" + "dataSourceConfiguration":{ + "shape":"DataSourceConfiguration", + "documentation":"

The connection configuration for the data source.

" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the data source.

" + "dataDeletionPolicy":{ + "shape":"DataDeletionPolicy", + "documentation":"

The data deletion policy for the data source.

You can set the data deletion policy to:

  • DELETE: Deletes all data from your data source that’s converted into vector embeddings upon deletion of a knowledge base or data source resource. Note that the vector store itself is not deleted, only the data. This flag is ignored if an Amazon Web Services account is deleted.

  • RETAIN: Retains all data from your data source that’s converted into vector embeddings upon deletion of a knowledge base or data source resource. Note that the vector store itself is not deleted if you delete a knowledge base or data source resource.

" }, "serverSideEncryptionConfiguration":{ "shape":"ServerSideEncryptionConfiguration", @@ -2970,33 +3097,37 @@ "CreateFlowAliasRequest":{ "type":"structure", "required":[ - "flowIdentifier", "name", - "routingConfiguration" + "routingConfiguration", + "flowIdentifier" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true + "name":{ + "shape":"Name", + "documentation":"

A name for the alias.

" }, "description":{ "shape":"Description", "documentation":"

A description for the alias.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

Contains information about the version to which to map the alias.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed in parallel.

" + }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow for which to create an alias.

", "location":"uri", "locationName":"flowIdentifier" }, - "name":{ - "shape":"Name", - "documentation":"

A name for the alias.

" - }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

Contains information about the version to which to map the alias.

" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true }, "tags":{ "shape":"TagsMap", @@ -3007,27 +3138,31 @@ "CreateFlowAliasResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", - "flowId", - "id", "name", "routingConfiguration", + "flowId", + "id", + "arn", + "createdAt", "updatedAt" ], "members":{ - "arn":{ - "shape":"FlowAliasArn", - "documentation":"

The Amazon Resource Name (ARN) of the alias.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the alias was created.

" + "name":{ + "shape":"Name", + "documentation":"

The name of the alias.

" }, "description":{ "shape":"Description", "documentation":"

The description of the alias.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

Contains information about the version that the alias is mapped to.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed in parallel.

" + }, "flowId":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow that the alias belongs to.

" @@ -3036,13 +3171,13 @@ "shape":"FlowAliasId", "documentation":"

The unique identifier of the alias.

" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the alias.

" + "arn":{ + "shape":"FlowAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the alias.

" }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

Contains information about the version that the alias is mapped to.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the alias was created.

" }, "updatedAt":{ "shape":"DateTimestamp", @@ -3053,22 +3188,13 @@ "CreateFlowRequest":{ "type":"structure", "required":[ - "executionRoleArn", - "name" + "name", + "executionRoleArn" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key to encrypt the flow.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

A definition of the nodes and connections between nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

A name for the flow.

" }, "description":{ "shape":"FlowDescription", @@ -3078,9 +3204,18 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create and manage a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

A name for the flow.

" + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key to encrypt the flow.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

A definition of the nodes and connections between nodes in the flow.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true }, "tags":{ "shape":"TagsMap", @@ -3091,31 +3226,19 @@ "CreateFlowResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", + "name", "executionRoleArn", "id", - "name", + "arn", "status", + "createdAt", "updatedAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that you encrypted the flow with.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

A definition of the nodes and connections between nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the flow.

" }, "description":{ "shape":"FlowDescription", @@ -3125,18 +3248,26 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that you encrypted the flow with.

" + }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the flow.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow. When you submit this request, the status will be NotPrepared. If creation fails, the status becomes Failed.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the flow was last updated.

" @@ -3144,6 +3275,10 @@ "version":{ "shape":"DraftVersion", "documentation":"

The version of the flow. When you create a flow, the version created is the DRAFT version.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

A definition of the nodes and connections between nodes in the flow.

" } } }, @@ -3151,50 +3286,38 @@ "type":"structure", "required":["flowIdentifier"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true - }, - "description":{ - "shape":"FlowDescription", - "documentation":"

A description of the version of the flow.

" - }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow that you want to create a version of.

", "location":"uri", "locationName":"flowIdentifier" + }, + "description":{ + "shape":"FlowDescription", + "documentation":"

A description of the version of the flow.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true } } }, "CreateFlowVersionResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", + "name", "executionRoleArn", "id", - "name", + "arn", "status", + "createdAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The KMS key that the flow is encrypted with.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

A definition of the nodes and connections in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the version.

" }, "description":{ "shape":"FlowDescription", @@ -3204,30 +3327,42 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The KMS key that the flow is encrypted with.

" + }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the version.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "version":{ "shape":"NumericalVersion", "documentation":"

The version of the flow that was created. Versions are numbered incrementally, starting from 1.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

A definition of the nodes and connections in the flow.

" } } }, "CreateKnowledgeBaseRequest":{ "type":"structure", "required":[ - "knowledgeBaseConfiguration", "name", - "roleArn" + "roleArn", + "knowledgeBaseConfiguration" ], "members":{ "clientToken":{ @@ -3235,22 +3370,22 @@ "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", "idempotencyToken":true }, - "description":{ - "shape":"Description", - "documentation":"

A description of the knowledge base.

" - }, - "knowledgeBaseConfiguration":{ - "shape":"KnowledgeBaseConfiguration", - "documentation":"

Contains details about the embeddings model used for the knowledge base.

" - }, "name":{ "shape":"Name", "documentation":"

A name for the knowledge base.

" }, + "description":{ + "shape":"Description", + "documentation":"

A description of the knowledge base.

" + }, "roleArn":{ "shape":"KnowledgeBaseRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base.

" }, + "knowledgeBaseConfiguration":{ + "shape":"KnowledgeBaseConfiguration", + "documentation":"

Contains details about the embeddings model used for the knowledge base.

" + }, "storageConfiguration":{ "shape":"StorageConfiguration", "documentation":"

Contains details about the configuration of the vector database used for the knowledge base.

" @@ -3275,10 +3410,13 @@ "type":"structure", "required":["name"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true + "name":{ + "shape":"PromptName", + "documentation":"

A name for the prompt.

" + }, + "description":{ + "shape":"PromptDescription", + "documentation":"

A description for the prompt.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", @@ -3288,42 +3426,39 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for the prompt. This value must match the name field in the relevant PromptVariant object.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

A description for the prompt.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

A name for the prompt.

" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true }, "tags":{ "shape":"TagsMap", "documentation":"

Any tags that you want to attach to the prompt. For more information, see Tagging resources in Amazon Bedrock.

" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" } } }, "CreatePromptResponse":{ "type":"structure", "required":[ + "name", + "id", "arn", + "version", "createdAt", - "id", - "name", - "updatedAt", - "version" + "updatedAt" ], "members":{ - "arn":{ - "shape":"PromptArn", - "documentation":"

The Amazon Resource Name (ARN) of the prompt.

" + "name":{ + "shape":"PromptName", + "documentation":"

The name of the prompt.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was created.

" + "description":{ + "shape":"PromptDescription", + "documentation":"

The description of the prompt.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", @@ -3333,29 +3468,29 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for your prompt.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

The description of the prompt.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, "id":{ "shape":"PromptId", "documentation":"

The unique identifier of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

The name of the prompt.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was last updated.

" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" + "arn":{ + "shape":"PromptArn", + "documentation":"

The Amazon Resource Name (ARN) of the prompt.

" }, "version":{ "shape":"Version", "documentation":"

The version of the prompt. When you create a prompt, the version created is the DRAFT version.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was last updated.

" } } }, @@ -3363,21 +3498,21 @@ "type":"structure", "required":["promptIdentifier"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true - }, - "description":{ - "shape":"PromptDescription", - "documentation":"

A description for the version of the prompt.

" - }, "promptIdentifier":{ "shape":"PromptIdentifier", "documentation":"

The unique identifier of the prompt that you want to create a version of.

", "location":"uri", "locationName":"promptIdentifier" }, + "description":{ + "shape":"PromptDescription", + "documentation":"

A description for the version of the prompt.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, "tags":{ "shape":"TagsMap", "documentation":"

Any tags that you want to attach to the version of the prompt. For more information, see Tagging resources in Amazon Bedrock.

" @@ -3387,21 +3522,21 @@ "CreatePromptVersionResponse":{ "type":"structure", "required":[ + "name", + "id", "arn", + "version", "createdAt", - "id", - "name", - "updatedAt", - "version" + "updatedAt" ], "members":{ - "arn":{ - "shape":"PromptArn", - "documentation":"

The Amazon Resource Name (ARN) of the version of the prompt.

" + "name":{ + "shape":"PromptName", + "documentation":"

The name of the prompt.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was created.

" + "description":{ + "shape":"PromptDescription", + "documentation":"

A description for the version.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", @@ -3411,29 +3546,29 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for the prompt. This value must match the name field in the relevant PromptVariant object.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

A description for the version.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, "id":{ "shape":"PromptId", "documentation":"

The unique identifier of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

The name of the prompt.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was last updated.

" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" + "arn":{ + "shape":"PromptArn", + "documentation":"

The Amazon Resource Name (ARN) of the version of the prompt.

" }, "version":{ "shape":"Version", "documentation":"

The version of the prompt that was created. Versions are numbered incrementally, starting from 1.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was last updated.

" } } }, @@ -3479,17 +3614,17 @@ "shape":"CustomDocumentIdentifier", "documentation":"

A unique identifier for the document.

" }, - "inlineContent":{ - "shape":"InlineContent", - "documentation":"

Contains information about content defined inline to ingest into a knowledge base.

" + "sourceType":{ + "shape":"CustomSourceType", + "documentation":"

The source of the data to ingest.

" }, "s3Location":{ "shape":"CustomS3Location", "documentation":"

Contains information about the Amazon S3 location of the file from which to ingest data.

" }, - "sourceType":{ - "shape":"CustomSourceType", - "documentation":"

The source of the data to ingest.

" + "inlineContent":{ + "shape":"InlineContent", + "documentation":"

Contains information about content defined inline to ingest into a knowledge base.

" } }, "documentation":"

Contains information about the content to ingest into a knowledge base connected to a custom data source. Choose a sourceType and include the field that corresponds to it.

" @@ -3528,13 +3663,13 @@ "type":"structure", "required":["uri"], "members":{ - "bucketOwnerAccountId":{ - "shape":"BucketOwnerAccountId", - "documentation":"

The identifier of the Amazon Web Services account that owns the S3 bucket containing the content to ingest.

" - }, "uri":{ "shape":"S3ObjectUri", "documentation":"

The S3 URI of the file containing the content to ingest.

" + }, + "bucketOwnerAccountId":{ + "shape":"BucketOwnerAccountId", + "documentation":"

The identifier of the Amazon Web Services account that owns the S3 bucket containing the content to ingest.

" } }, "documentation":"

Contains information about the Amazon S3 location of the file containing the content to ingest into a knowledge base connected to a custom data source.

" @@ -3591,62 +3726,62 @@ "DataSource":{ "type":"structure", "required":[ - "createdAt", - "dataSourceConfiguration", - "dataSourceId", "knowledgeBaseId", + "dataSourceId", "name", "status", + "dataSourceConfiguration", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the data source was created.

" - }, - "dataDeletionPolicy":{ - "shape":"DataDeletionPolicy", - "documentation":"

The data deletion policy for the data source.

" - }, - "dataSourceConfiguration":{ - "shape":"DataSourceConfiguration", - "documentation":"

The connection configuration for the data source.

" + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base to which the data source belongs.

" }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source.

" }, + "name":{ + "shape":"Name", + "documentation":"

The name of the data source.

" + }, + "status":{ + "shape":"DataSourceStatus", + "documentation":"

The status of the data source. The following statuses are possible:

  • Available – The data source has been created and is ready for ingestion into the knowledge base.

  • Deleting – The data source is being deleted.

" + }, "description":{ "shape":"Description", "documentation":"

The description of the data source.

" }, - "failureReasons":{ - "shape":"FailureReasons", - "documentation":"

The detailed reasons on the failure to delete a data source.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base to which the data source belongs.

" - }, - "name":{ - "shape":"Name", - "documentation":"

The name of the data source.

" + "dataSourceConfiguration":{ + "shape":"DataSourceConfiguration", + "documentation":"

The connection configuration for the data source.

" }, "serverSideEncryptionConfiguration":{ "shape":"ServerSideEncryptionConfiguration", "documentation":"

Contains details about the configuration of the server-side encryption.

" }, - "status":{ - "shape":"DataSourceStatus", - "documentation":"

The status of the data source. The following statuses are possible:

  • Available – The data source has been created and is ready for ingestion into the knowledge base.

  • Deleting – The data source is being deleted.

" + "vectorIngestionConfiguration":{ + "shape":"VectorIngestionConfiguration", + "documentation":"

Contains details about how to ingest the documents in the data source.

" + }, + "dataDeletionPolicy":{ + "shape":"DataDeletionPolicy", + "documentation":"

The data deletion policy for the data source.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the data source was created.

" }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the data source was last updated.

" }, - "vectorIngestionConfiguration":{ - "shape":"VectorIngestionConfiguration", - "documentation":"

Contains details about how to ingest the documents in the data source.

" + "failureReasons":{ + "shape":"FailureReasons", + "documentation":"

The detailed reasons on the failure to delete a data source.

" } }, "documentation":"

Contains details about a data source.

" @@ -3655,14 +3790,22 @@ "type":"structure", "required":["type"], "members":{ - "confluenceConfiguration":{ - "shape":"ConfluenceDataSourceConfiguration", - "documentation":"

The configuration information to connect to Confluence as your data source.

Confluence data source connector is in preview release and is subject to change.

" + "type":{ + "shape":"DataSourceType", + "documentation":"

The type of data source.

" }, "s3Configuration":{ "shape":"S3DataSourceConfiguration", "documentation":"

The configuration information to connect to Amazon S3 as your data source.

" }, + "webConfiguration":{ + "shape":"WebDataSourceConfiguration", + "documentation":"

The configuration of web URLs to crawl for your data source. You should be authorized to crawl the URLs.

Crawling web URLs as your data source is in preview release and is subject to change.

" + }, + "confluenceConfiguration":{ + "shape":"ConfluenceDataSourceConfiguration", + "documentation":"

The configuration information to connect to Confluence as your data source.

Confluence data source connector is in preview release and is subject to change.

" + }, "salesforceConfiguration":{ "shape":"SalesforceDataSourceConfiguration", "documentation":"

The configuration information to connect to Salesforce as your data source.

Salesforce data source connector is in preview release and is subject to change.

" @@ -3670,14 +3813,6 @@ "sharePointConfiguration":{ "shape":"SharePointDataSourceConfiguration", "documentation":"

The configuration information to connect to SharePoint as your data source.

SharePoint data source connector is in preview release and is subject to change.

" - }, - "type":{ - "shape":"DataSourceType", - "documentation":"

The type of data source.

" - }, - "webConfiguration":{ - "shape":"WebDataSourceConfiguration", - "documentation":"

The configuration of web URLs to crawl for your data source. You should be authorized to crawl the URLs.

Crawling web URLs as your data source is in preview release and is subject to change.

" } }, "documentation":"

The connection configuration for the data source.

" @@ -3697,25 +3832,21 @@ "DataSourceSummary":{ "type":"structure", "required":[ - "dataSourceId", "knowledgeBaseId", + "dataSourceId", "name", "status", "updatedAt" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data source.

" - }, - "description":{ - "shape":"Description", - "documentation":"

The description of the data source.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base to which the data source belongs.

" }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data source.

" + }, "name":{ "shape":"Name", "documentation":"

The name of the data source.

" @@ -3724,6 +3855,10 @@ "shape":"DataSourceStatus", "documentation":"

The status of the data source.

" }, + "description":{ + "shape":"Description", + "documentation":"

The description of the data source.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the data source was last updated.

" @@ -3750,17 +3885,11 @@ "DeleteAgentActionGroupRequest":{ "type":"structure", "required":[ - "actionGroupId", "agentId", - "agentVersion" + "agentVersion", + "actionGroupId" ], "members":{ - "actionGroupId":{ - "shape":"Id", - "documentation":"

The unique identifier of the action group to delete.

", - "location":"uri", - "locationName":"actionGroupId" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent that the action group belongs to.

", @@ -3773,6 +3902,12 @@ "location":"uri", "locationName":"agentVersion" }, + "actionGroupId":{ + "shape":"Id", + "documentation":"

The unique identifier of the action group to delete.

", + "location":"uri", + "locationName":"actionGroupId" + }, "skipResourceInUseCheck":{ "shape":"Boolean", "documentation":"

By default, this value is false and deletion is stopped if the resource is in use. If you set it to true, the resource will be deleted even if the resource is in use.

", @@ -3789,32 +3924,36 @@ "DeleteAgentAliasRequest":{ "type":"structure", "required":[ - "agentAliasId", - "agentId" + "agentId", + "agentAliasId" ], "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The unique identifier of the alias to delete.

", - "location":"uri", - "locationName":"agentAliasId" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent that the alias belongs to.

", "location":"uri", "locationName":"agentId" + }, + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The unique identifier of the alias to delete.

", + "location":"uri", + "locationName":"agentAliasId" } } }, "DeleteAgentAliasResponse":{ "type":"structure", "required":[ + "agentId", "agentAliasId", - "agentAliasStatus", - "agentId" + "agentAliasStatus" ], "members":{ + "agentId":{ + "shape":"Id", + "documentation":"

The unique identifier of the agent that the alias belongs to.

" + }, "agentAliasId":{ "shape":"AgentAliasId", "documentation":"

The unique identifier of the alias that was deleted.

" @@ -3822,10 +3961,6 @@ "agentAliasStatus":{ "shape":"AgentAliasStatus", "documentation":"

The status of the alias.

" - }, - "agentId":{ - "shape":"Id", - "documentation":"

The unique identifier of the agent that the alias belongs to.

" } } }, @@ -3895,61 +4030,61 @@ "type":"structure", "required":[ "agentId", - "agentStatus", - "agentVersion" + "agentVersion", + "agentStatus" ], "members":{ "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent that the version belongs to.

" }, - "agentStatus":{ - "shape":"AgentStatus", - "documentation":"

The status of the agent version.

" - }, "agentVersion":{ "shape":"NumericalVersion", "documentation":"

The version that was deleted.

" + }, + "agentStatus":{ + "shape":"AgentStatus", + "documentation":"

The status of the agent version.

" } } }, "DeleteDataSourceRequest":{ "type":"structure", "required":[ - "dataSourceId", - "knowledgeBaseId" + "knowledgeBaseId", + "dataSourceId" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data source to delete.

", - "location":"uri", - "locationName":"dataSourceId" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base from which to delete the data source.

", "location":"uri", "locationName":"knowledgeBaseId" + }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data source to delete.

", + "location":"uri", + "locationName":"dataSourceId" } } }, "DeleteDataSourceResponse":{ "type":"structure", "required":[ - "dataSourceId", "knowledgeBaseId", + "dataSourceId", "status" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data source that was deleted.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base to which the data source that was deleted belonged.

" }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data source that was deleted.

" + }, "status":{ "shape":"DataSourceStatus", "documentation":"

The status of the data source.

" @@ -3959,21 +4094,21 @@ "DeleteFlowAliasRequest":{ "type":"structure", "required":[ - "aliasIdentifier", - "flowIdentifier" + "flowIdentifier", + "aliasIdentifier" ], "members":{ - "aliasIdentifier":{ - "shape":"FlowAliasIdentifier", - "documentation":"

The unique identifier of the alias to be deleted.

", - "location":"uri", - "locationName":"aliasIdentifier" - }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow that the alias belongs to.

", "location":"uri", "locationName":"flowIdentifier" + }, + "aliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the alias to be deleted.

", + "location":"uri", + "locationName":"aliasIdentifier" } } }, @@ -4069,15 +4204,16 @@ "DeleteKnowledgeBaseDocumentsRequest":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", - "documentIdentifiers", - "knowledgeBaseId" + "documentIdentifiers" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base that is connected to the data source.

", + "location":"uri", + "locationName":"knowledgeBaseId" }, "dataSourceId":{ "shape":"Id", @@ -4085,15 +4221,14 @@ "location":"uri", "locationName":"dataSourceId" }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, "documentIdentifiers":{ "shape":"DocumentIdentifiers", "documentation":"

A list of objects, each of which contains information to identify a document to delete.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base that is connected to the data source.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -4259,14 +4394,14 @@ "type":"structure", "required":["dataSourceType"], "members":{ - "custom":{ - "shape":"CustomContent", - "documentation":"

Contains information about the content to ingest into a knowledge base connected to a custom data source.

" - }, "dataSourceType":{ "shape":"ContentDataSourceType", "documentation":"

The type of data source that is connected to the knowledge base to which to ingest this document.

" }, + "custom":{ + "shape":"CustomContent", + "documentation":"

Contains information about the content to ingest into a knowledge base connected to a custom data source.

" + }, "s3":{ "shape":"S3Content", "documentation":"

Contains information about the content to ingest into a knowledge base connected to an Amazon S3 data source

" @@ -4278,10 +4413,6 @@ "type":"structure", "required":["dataSourceType"], "members":{ - "custom":{ - "shape":"CustomDocumentIdentifier", - "documentation":"

Contains information that identifies the document in a custom data source.

" - }, "dataSourceType":{ "shape":"ContentDataSourceType", "documentation":"

The type of data source connected to the knowledge base that contains the document.

" @@ -4289,6 +4420,10 @@ "s3":{ "shape":"S3Location", "documentation":"

Contains information that identifies the document in an S3 data source.

" + }, + "custom":{ + "shape":"CustomDocumentIdentifier", + "documentation":"

Contains information that identifies the document in a custom data source.

" } }, "documentation":"

Contains information that identifies the document.

" @@ -4303,6 +4438,10 @@ "type":"structure", "required":["type"], "members":{ + "type":{ + "shape":"MetadataSourceType", + "documentation":"

The type of the source source from which to add metadata.

" + }, "inlineAttributes":{ "shape":"DocumentMetadataInlineAttributesList", "documentation":"

An array of objects, each of which defines a metadata attribute to associate with the content to ingest. You define the attributes inline.

" @@ -4310,10 +4449,6 @@ "s3Location":{ "shape":"CustomS3Location", "documentation":"

The Amazon S3 location of the file containing metadata to associate with the content to ingest.

" - }, - "type":{ - "shape":"MetadataSourceType", - "documentation":"

The type of the source source from which to add metadata.

" } }, "documentation":"

Contains information about the metadata associate with the content to ingest into a knowledge base. Choose a type and include the field that corresponds to it.

" @@ -4345,22 +4480,22 @@ "type":"string", "max":5, "min":5, - "pattern":"^DRAFT$" + "pattern":"DRAFT" }, "DuplicateConditionExpressionFlowValidationDetails":{ "type":"structure", "required":[ - "expression", - "node" + "node", + "expression" ], "members":{ - "expression":{ - "shape":"FlowConditionExpression", - "documentation":"

The duplicated condition expression.

" - }, "node":{ "shape":"FlowNodeName", "documentation":"

The name of the node containing the duplicate condition expressions.

" + }, + "expression":{ + "shape":"FlowConditionExpression", + "documentation":"

The duplicated condition expression.

" } }, "documentation":"

Details about duplicate condition expressions found in a condition node.

" @@ -4407,6 +4542,21 @@ "max":1, "min":1 }, + "EnrichmentStrategyConfiguration":{ + "type":"structure", + "required":["method"], + "members":{ + "method":{ + "shape":"EnrichmentStrategyMethod", + "documentation":"

The method used for the context enrichment strategy.

" + } + }, + "documentation":"

The strategy used for performing context enrichment.

" + }, + "EnrichmentStrategyMethod":{ + "type":"string", + "enum":["CHUNK_ENTITY_EXTRACTION"] + }, "ErrorMessage":{ "type":"string", "max":2048, @@ -4423,11 +4573,34 @@ "max":2048, "min":0 }, + "FieldForReranking":{ + "type":"structure", + "required":["fieldName"], + "members":{ + "fieldName":{ + "shape":"FieldForRerankingFieldNameString", + "documentation":"

The name of the metadata field to include or exclude during reranking.

" + } + }, + "documentation":"

Specifies a metadata field to include or exclude during the reranking process.

" + }, + "FieldForRerankingFieldNameString":{ + "type":"string", + "max":2000, + "min":1 + }, "FieldName":{ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" + }, + "FieldsForReranking":{ + "type":"list", + "member":{"shape":"FieldForReranking"}, + "max":100, + "min":1, + "sensitive":true }, "FilterList":{ "type":"list", @@ -4477,17 +4650,44 @@ "max":99, "min":1 }, + "FlowAgentAliasArn":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"$|^arn:aws(-cn|-us-gov|-eusc|-iso(-[b-f])?)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}" + }, "FlowAliasArn":{ "type":"string", - "pattern":"^arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/(TSTALIASID|[0-9a-zA-Z]{10})$" + "pattern":"arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/(TSTALIASID|[0-9a-zA-Z]{10})" + }, + "FlowAliasConcurrencyConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ConcurrencyType", + "documentation":"

The type of concurrency to use for parallel node execution. Specify one of the following options:

  • Automatic - Amazon Bedrock determines which nodes can be executed in parallel based on the flow definition and its dependencies.

  • Manual - You specify which nodes can be executed in parallel.

" + }, + "maxConcurrency":{ + "shape":"FlowAliasConcurrencyConfigurationMaxConcurrencyInteger", + "documentation":"

The maximum number of nodes that can be executed concurrently in the flow.

" + } + }, + "documentation":"

Determines how multiple nodes in a flow can run in parallel. Running nodes concurrently can improve your flow's performance.

" + }, + "FlowAliasConcurrencyConfigurationMaxConcurrencyInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 }, "FlowAliasId":{ "type":"string", - "pattern":"^(TSTALIASID|[0-9a-zA-Z]{10})$" + "pattern":"(TSTALIASID|[0-9a-zA-Z]{10})" }, "FlowAliasIdentifier":{ "type":"string", - "pattern":"^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10})|(TSTALIASID|[0-9a-zA-Z]{10})$" + "pattern":"(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10})|(TSTALIASID|[0-9a-zA-Z]{10})" }, "FlowAliasRoutingConfiguration":{ "type":"list", @@ -4514,27 +4714,31 @@ "FlowAliasSummary":{ "type":"structure", "required":[ - "arn", - "createdAt", - "flowId", - "id", "name", "routingConfiguration", + "flowId", + "id", + "arn", + "createdAt", "updatedAt" ], "members":{ - "arn":{ - "shape":"FlowAliasArn", - "documentation":"

The Amazon Resource Name (ARN) of the alias.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the alias was created.

" + "name":{ + "shape":"Name", + "documentation":"

The name of the alias.

" }, "description":{ "shape":"Description", "documentation":"

A description of the alias.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

A list of configurations about the versions that the alias maps to. Currently, you can only specify one.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed concurrently.

" + }, "flowId":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" @@ -4543,13 +4747,13 @@ "shape":"FlowAliasId", "documentation":"

The unique identifier of the alias of the flow.

" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the alias.

" + "arn":{ + "shape":"FlowAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the alias.

" }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

A list of configurations about the versions that the alias maps to. Currently, you can only specify one.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the alias was created.

" }, "updatedAt":{ "shape":"DateTimestamp", @@ -4560,19 +4764,19 @@ }, "FlowArn":{ "type":"string", - "pattern":"^arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}$" + "pattern":"arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}" }, "FlowCondition":{ "type":"structure", "required":["name"], "members":{ - "expression":{ - "shape":"FlowConditionExpression", - "documentation":"

Defines the condition. You must refer to at least one of the inputs in the condition. For more information, expand the Condition node section in Node types in prompt flows.

" - }, "name":{ "shape":"FlowConditionName", "documentation":"

A name for the condition that you can reference.

" + }, + "expression":{ + "shape":"FlowConditionExpression", + "documentation":"

Defines the condition. You must refer to at least one of the inputs in the condition. For more information, expand the Condition node section in Node types in prompt flows.

" } }, "documentation":"

Defines a condition in the condition node.

" @@ -4585,7 +4789,7 @@ }, "FlowConditionName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" }, "FlowConditionalConnectionConfiguration":{ "type":"structure", @@ -4607,15 +4811,15 @@ "FlowConnection":{ "type":"structure", "required":[ + "type", "name", "source", - "target", - "type" + "target" ], "members":{ - "configuration":{ - "shape":"FlowConnectionConfiguration", - "documentation":"

The configuration of the connection.

" + "type":{ + "shape":"FlowConnectionType", + "documentation":"

Whether the source node that the connection begins from is a condition node (Conditional) or not (Data).

" }, "name":{ "shape":"FlowConnectionName", @@ -4629,9 +4833,9 @@ "shape":"FlowNodeName", "documentation":"

The node that the connection ends at.

" }, - "type":{ - "shape":"FlowConnectionType", - "documentation":"

Whether the source node that the connection begins from is a condition node (Conditional) or not (Data).

" + "configuration":{ + "shape":"FlowConnectionConfiguration", + "documentation":"

The configuration of the connection.

" } }, "documentation":"

Contains information about a connection between two nodes in the flow.

" @@ -4639,13 +4843,13 @@ "FlowConnectionConfiguration":{ "type":"structure", "members":{ - "conditional":{ - "shape":"FlowConditionalConnectionConfiguration", - "documentation":"

The configuration of a connection originating from a Condition node.

" - }, "data":{ "shape":"FlowDataConnectionConfiguration", "documentation":"

The configuration of a connection originating from a node that isn't a Condition node.

" + }, + "conditional":{ + "shape":"FlowConditionalConnectionConfiguration", + "documentation":"

The configuration of a connection originating from a Condition node.

" } }, "documentation":"

The configuration of the connection.

", @@ -4653,7 +4857,7 @@ }, "FlowConnectionName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){1,100}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,100}" }, "FlowConnectionType":{ "type":"string", @@ -4689,13 +4893,13 @@ "FlowDefinition":{ "type":"structure", "members":{ - "connections":{ - "shape":"FlowConnections", - "documentation":"

An array of connection definitions in the flow.

" - }, "nodes":{ "shape":"FlowNodes", "documentation":"

An array of node definitions in the flow.

" + }, + "connections":{ + "shape":"FlowConnections", + "documentation":"

An array of connection definitions in the flow.

" } }, "documentation":"

The definition of the nodes and connections between nodes in the flow.

", @@ -4710,19 +4914,42 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+$" + "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+" }, "FlowId":{ "type":"string", - "pattern":"^[0-9a-zA-Z]{10}$" + "pattern":"[0-9a-zA-Z]{10}" }, "FlowIdentifier":{ "type":"string", - "pattern":"^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10})|([0-9a-zA-Z]{10})$" + "pattern":"(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10})|([0-9a-zA-Z]{10})" + }, + "FlowKnowledgeBaseId":{ + "type":"string", + "max":10, + "min":0, + "pattern":"$|^[0-9a-zA-Z]+" + }, + "FlowLambdaArn":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"$|^arn:aws(-cn|-us-gov|-eusc|-iso(-[b-f])?)?:lambda:([a-z]{2,}-){2,}\\d:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?" + }, + "FlowLexBotAliasArn":{ + "type":"string", + "max":78, + "min":0, + "pattern":"$|^arn:aws(-cn|-us-gov|-eusc|-iso(-[b-f])?)?:lex:([a-z]{2,}-){2,}\\d:\\d{12}:bot-alias/[0-9a-zA-Z]+/[0-9a-zA-Z]+" + }, + "FlowLexBotLocaleId":{ + "type":"string", + "max":10, + "min":0 }, "FlowName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "FlowNode":{ "type":"structure", @@ -4731,6 +4958,14 @@ "type" ], "members":{ + "name":{ + "shape":"FlowNodeName", + "documentation":"

A name for the node.

" + }, + "type":{ + "shape":"FlowNodeType", + "documentation":"

The type of node. This value must match the name of the key that you provide in the configuration you provide in the FlowNodeConfiguration field.

" + }, "configuration":{ "shape":"FlowNodeConfiguration", "documentation":"

Contains configurations for the node.

" @@ -4739,17 +4974,9 @@ "shape":"FlowNodeInputs", "documentation":"

An array of objects, each of which contains information about an input into the node.

" }, - "name":{ - "shape":"FlowNodeName", - "documentation":"

A name for the node.

" - }, "outputs":{ "shape":"FlowNodeOutputs", "documentation":"

A list of objects, each of which contains information about an output from the node.

" - }, - "type":{ - "shape":"FlowNodeType", - "documentation":"

The type of node. This value must match the name of the key that you provide in the configuration you provide in the FlowNodeConfiguration field.

" } }, "documentation":"

Contains configurations about a node in the flow.

" @@ -4757,56 +4984,72 @@ "FlowNodeConfiguration":{ "type":"structure", "members":{ - "agent":{ - "shape":"AgentFlowNodeConfiguration", - "documentation":"

Contains configurations for an agent node in your flow. Invokes an alias of an agent and returns the response.

" - }, - "collector":{ - "shape":"CollectorFlowNodeConfiguration", - "documentation":"

Contains configurations for a collector node in your flow. Collects an iteration of inputs and consolidates them into an array of outputs.

" - }, - "condition":{ - "shape":"ConditionFlowNodeConfiguration", - "documentation":"

Contains configurations for a Condition node in your flow. Defines conditions that lead to different branches of the flow.

" - }, "input":{ "shape":"InputFlowNodeConfiguration", "documentation":"

Contains configurations for an input flow node in your flow. The first node in the flow. inputs can't be specified for this node.

" }, - "iterator":{ - "shape":"IteratorFlowNodeConfiguration", - "documentation":"

Contains configurations for an iterator node in your flow. Takes an input that is an array and iteratively sends each item of the array as an output to the following node. The size of the array is also returned in the output.

The output flow node at the end of the flow iteration will return a response for each member of the array. To return only one response, you can include a collector node downstream from the iterator node.

" + "output":{ + "shape":"OutputFlowNodeConfiguration", + "documentation":"

Contains configurations for an output flow node in your flow. The last node in the flow. outputs can't be specified for this node.

" }, "knowledgeBase":{ "shape":"KnowledgeBaseFlowNodeConfiguration", "documentation":"

Contains configurations for a knowledge base node in your flow. Queries a knowledge base and returns the retrieved results or generated response.

" }, - "lambdaFunction":{ - "shape":"LambdaFunctionFlowNodeConfiguration", - "documentation":"

Contains configurations for a Lambda function node in your flow. Invokes an Lambda function.

" + "condition":{ + "shape":"ConditionFlowNodeConfiguration", + "documentation":"

Contains configurations for a condition node in your flow. Defines conditions that lead to different branches of the flow.

" }, "lex":{ "shape":"LexFlowNodeConfiguration", "documentation":"

Contains configurations for a Lex node in your flow. Invokes an Amazon Lex bot to identify the intent of the input and return the intent as the output.

" }, - "output":{ - "shape":"OutputFlowNodeConfiguration", - "documentation":"

Contains configurations for an output flow node in your flow. The last node in the flow. outputs can't be specified for this node.

" - }, "prompt":{ "shape":"PromptFlowNodeConfiguration", "documentation":"

Contains configurations for a prompt node in your flow. Runs a prompt and generates the model response as the output. You can use a prompt from Prompt management or you can configure one in this node.

" }, - "retrieval":{ - "shape":"RetrievalFlowNodeConfiguration", - "documentation":"

Contains configurations for a Retrieval node in your flow. Retrieves data from an Amazon S3 location and returns it as the output.

" + "lambdaFunction":{ + "shape":"LambdaFunctionFlowNodeConfiguration", + "documentation":"

Contains configurations for a Lambda function node in your flow. Invokes an Lambda function.

" }, "storage":{ "shape":"StorageFlowNodeConfiguration", - "documentation":"

Contains configurations for a Storage node in your flow. Stores an input in an Amazon S3 location.

" + "documentation":"

Contains configurations for a storage node in your flow. Stores an input in an Amazon S3 location.

" + }, + "agent":{ + "shape":"AgentFlowNodeConfiguration", + "documentation":"

Contains configurations for an agent node in your flow. Invokes an alias of an agent and returns the response.

" + }, + "retrieval":{ + "shape":"RetrievalFlowNodeConfiguration", + "documentation":"

Contains configurations for a retrieval node in your flow. Retrieves data from an Amazon S3 location and returns it as the output.

" + }, + "iterator":{ + "shape":"IteratorFlowNodeConfiguration", + "documentation":"

Contains configurations for an iterator node in your flow. Takes an input that is an array and iteratively sends each item of the array as an output to the following node. The size of the array is also returned in the output.

The output flow node at the end of the flow iteration will return a response for each member of the array. To return only one response, you can include a collector node downstream from the iterator node.

" + }, + "collector":{ + "shape":"CollectorFlowNodeConfiguration", + "documentation":"

Contains configurations for a collector node in your flow. Collects an iteration of inputs and consolidates them into an array of outputs.

" + }, + "inlineCode":{ + "shape":"InlineCodeFlowNodeConfiguration", + "documentation":"

Contains configurations for an inline code node in your flow. Inline code nodes let you write and execute code directly within your flow, enabling data transformations, custom logic, and integrations without needing an external Lambda function.

" + }, + "loop":{ + "shape":"LoopFlowNodeConfiguration", + "documentation":"

Contains configurations for a DoWhile loop in your flow.

" + }, + "loopInput":{ + "shape":"LoopInputFlowNodeConfiguration", + "documentation":"

Contains input node configurations for a DoWhile loop in your flow.

" + }, + "loopController":{ + "shape":"LoopControllerFlowNodeConfiguration", + "documentation":"

Contains controller node configurations for a DoWhile loop in your flow.

" } }, - "documentation":"

Contains configurations for a node in your flow. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

", + "documentation":"

Contains configurations for a node in your flow. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

", "union":true }, "FlowNodeIODataType":{ @@ -4822,25 +5065,37 @@ "FlowNodeInput":{ "type":"structure", "required":[ - "expression", "name", - "type" + "type", + "expression" ], "members":{ - "expression":{ - "shape":"FlowNodeInputExpression", - "documentation":"

An expression that formats the input for the node. For an explanation of how to create expressions, see Expressions in Prompt flows in Amazon Bedrock.

" - }, "name":{ "shape":"FlowNodeInputName", - "documentation":"

A name for the input that you can reference.

" + "documentation":"

Specifies a name for the input that you can reference.

" }, "type":{ "shape":"FlowNodeIODataType", - "documentation":"

The data type of the input. If the input doesn't match this type at runtime, a validation error will be thrown.

" + "documentation":"

Specifies the data type of the input. If the input doesn't match this type at runtime, a validation error will be thrown.

" + }, + "expression":{ + "shape":"FlowNodeInputExpression", + "documentation":"

An expression that formats the input for the node. For an explanation of how to create expressions, see Expressions in Prompt flows in Amazon Bedrock.

" + }, + "category":{ + "shape":"FlowNodeInputCategory", + "documentation":"

Specifies how input data flows between iterations in a DoWhile loop.

  • LoopCondition - Controls whether the loop continues by evaluating condition expressions against the input data. Use this category to define the condition that determines if the loop should continue.

  • ReturnValueToLoopStart - Defines data to pass back to the start of the loop's next iteration. Use this category for variables that you want to update for each loop iteration.

  • ExitLoop - Defines the value that's available once the loop ends. Use this category to expose loop results to nodes outside the loop.

" } }, - "documentation":"

Contains configurations for an input to a node.

" + "documentation":"

Contains configurations for an input in an Amazon Bedrock Flows node.

" + }, + "FlowNodeInputCategory":{ + "type":"string", + "enum":[ + "LoopCondition", + "ReturnValueToLoopStart", + "ExitLoop" + ] }, "FlowNodeInputExpression":{ "type":"string", @@ -4850,17 +5105,17 @@ }, "FlowNodeInputName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" }, "FlowNodeInputs":{ "type":"list", "member":{"shape":"FlowNodeInput"}, - "max":5, + "max":20, "min":0 }, "FlowNodeName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" }, "FlowNodeOutput":{ "type":"structure", @@ -4882,7 +5137,7 @@ }, "FlowNodeOutputName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" }, "FlowNodeOutputs":{ "type":"list", @@ -4904,15 +5159,35 @@ "Agent", "Retrieval", "Iterator", - "Collector" + "Collector", + "InlineCode", + "Loop", + "LoopInput", + "LoopController" ] }, "FlowNodes":{ "type":"list", "member":{"shape":"FlowNode"}, - "max":20, + "max":40, "min":0 }, + "FlowPromptArn":{ + "type":"string", + "pattern":"$|^(arn:aws(-cn|-us-gov|-eusc|-iso(-[b-f])?)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?)" + }, + "FlowPromptModelIdentifier":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"$|^(arn:aws(-cn|-us-gov|-eusc|-iso(-[b-f])?)?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" + }, + "FlowS3BucketName":{ + "type":"string", + "max":63, + "min":0, + "pattern":"$|^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]" + }, "FlowStatus":{ "type":"string", "enum":[ @@ -4931,22 +5206,18 @@ "FlowSummary":{ "type":"structure", "required":[ - "arn", - "createdAt", - "id", "name", + "id", + "arn", "status", + "createdAt", "updatedAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the flow.

" }, "description":{ "shape":"FlowDescription", @@ -4956,14 +5227,18 @@ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the flow.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow. The following statuses are possible:

  • NotPrepared – The flow has been created or updated, but hasn't been prepared. If you just created the flow, you can't test it. If you updated the flow, the DRAFT version won't contain the latest changes for testing. Send a PrepareFlow request to package the latest changes into the DRAFT version.

  • Preparing – The flow is being prepared so that the DRAFT version contains the latest changes for testing.

  • Prepared – The flow is prepared and the DRAFT version contains the latest changes for testing.

  • Failed – The last API operation that you invoked on the flow failed. Send a GetFlow request and check the error message in the validations field.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the flow was last updated.

" @@ -4982,10 +5257,6 @@ "severity" ], "members":{ - "details":{ - "shape":"FlowValidationDetails", - "documentation":"

Specific details about the validation issue encountered in the flow.

" - }, "message":{ "shape":"NonBlankString", "documentation":"

A message describing the validation error.

" @@ -4994,6 +5265,10 @@ "shape":"FlowValidationSeverity", "documentation":"

The severity of the issue described in the message.

" }, + "details":{ + "shape":"FlowValidationDetails", + "documentation":"

Specific details about the validation issue encountered in the flow.

" + }, "type":{ "shape":"FlowValidationType", "documentation":"

The type of validation issue encountered in the flow.

" @@ -5008,17 +5283,37 @@ "shape":"CyclicConnectionFlowValidationDetails", "documentation":"

Details about a cyclic connection in the flow.

" }, + "duplicateConnections":{ + "shape":"DuplicateConnectionsFlowValidationDetails", + "documentation":"

Details about duplicate connections between nodes.

" + }, "duplicateConditionExpression":{ "shape":"DuplicateConditionExpressionFlowValidationDetails", "documentation":"

Details about duplicate condition expressions in a node.

" }, - "duplicateConnections":{ - "shape":"DuplicateConnectionsFlowValidationDetails", - "documentation":"

Details about duplicate connections between nodes.

" + "unreachableNode":{ + "shape":"UnreachableNodeFlowValidationDetails", + "documentation":"

Details about an unreachable node in the flow.

" }, - "incompatibleConnectionDataType":{ - "shape":"IncompatibleConnectionDataTypeFlowValidationDetails", - "documentation":"

Details about incompatible data types in a connection.

" + "unknownConnectionSource":{ + "shape":"UnknownConnectionSourceFlowValidationDetails", + "documentation":"

Details about an unknown source node for a connection.

" + }, + "unknownConnectionSourceOutput":{ + "shape":"UnknownConnectionSourceOutputFlowValidationDetails", + "documentation":"

Details about an unknown source output for a connection.

" + }, + "unknownConnectionTarget":{ + "shape":"UnknownConnectionTargetFlowValidationDetails", + "documentation":"

Details about an unknown target node for a connection.

" + }, + "unknownConnectionTargetInput":{ + "shape":"UnknownConnectionTargetInputFlowValidationDetails", + "documentation":"

Details about an unknown target input for a connection.

" + }, + "unknownConnectionCondition":{ + "shape":"UnknownConnectionConditionFlowValidationDetails", + "documentation":"

Details about an unknown condition for a connection.

" }, "malformedConditionExpression":{ "shape":"MalformedConditionExpressionFlowValidationDetails", @@ -5036,6 +5331,10 @@ "shape":"MismatchedNodeOutputTypeFlowValidationDetails", "documentation":"

Details about mismatched output data types in a node.

" }, + "incompatibleConnectionDataType":{ + "shape":"IncompatibleConnectionDataTypeFlowValidationDetails", + "documentation":"

Details about incompatible data types in a connection.

" + }, "missingConnectionConfiguration":{ "shape":"MissingConnectionConfigurationFlowValidationDetails", "documentation":"

Details about missing configuration for a connection.

" @@ -5072,30 +5371,6 @@ "shape":"UnfulfilledNodeInputFlowValidationDetails", "documentation":"

Details about an unfulfilled node input with no valid connections.

" }, - "unknownConnectionCondition":{ - "shape":"UnknownConnectionConditionFlowValidationDetails", - "documentation":"

Details about an unknown condition for a connection.

" - }, - "unknownConnectionSource":{ - "shape":"UnknownConnectionSourceFlowValidationDetails", - "documentation":"

Details about an unknown source node for a connection.

" - }, - "unknownConnectionSourceOutput":{ - "shape":"UnknownConnectionSourceOutputFlowValidationDetails", - "documentation":"

Details about an unknown source output for a connection.

" - }, - "unknownConnectionTarget":{ - "shape":"UnknownConnectionTargetFlowValidationDetails", - "documentation":"

Details about an unknown target node for a connection.

" - }, - "unknownConnectionTargetInput":{ - "shape":"UnknownConnectionTargetInputFlowValidationDetails", - "documentation":"

Details about an unknown target input for a connection.

" - }, - "unreachableNode":{ - "shape":"UnreachableNodeFlowValidationDetails", - "documentation":"

Details about an unreachable node in the flow.

" - }, "unsatisfiedConnectionConditions":{ "shape":"UnsatisfiedConnectionConditionsFlowValidationDetails", "documentation":"

Details about unsatisfied conditions for a connection.

" @@ -5103,6 +5378,38 @@ "unspecified":{ "shape":"UnspecifiedFlowValidationDetails", "documentation":"

Details about an unspecified validation.

" + }, + "unknownNodeInput":{ + "shape":"UnknownNodeInputFlowValidationDetails", + "documentation":"

Details about an unknown input for a node.

" + }, + "unknownNodeOutput":{ + "shape":"UnknownNodeOutputFlowValidationDetails", + "documentation":"

Details about an unknown output for a node.

" + }, + "missingLoopInputNode":{ + "shape":"MissingLoopInputNodeFlowValidationDetails", + "documentation":"

Details about a flow that's missing a required LoopInput node in a DoWhile loop.

" + }, + "missingLoopControllerNode":{ + "shape":"MissingLoopControllerNodeFlowValidationDetails", + "documentation":"

Details about a flow that's missing a required LoopController node in a DoWhile loop.

" + }, + "multipleLoopInputNodes":{ + "shape":"MultipleLoopInputNodesFlowValidationDetails", + "documentation":"

Details about a flow that contains multiple LoopInput nodes in a DoWhile loop.

" + }, + "multipleLoopControllerNodes":{ + "shape":"MultipleLoopControllerNodesFlowValidationDetails", + "documentation":"

Details about a flow that contains multiple LoopController nodes in a DoWhile loop.

" + }, + "loopIncompatibleNodeType":{ + "shape":"LoopIncompatibleNodeTypeFlowValidationDetails", + "documentation":"

Details about a flow that includes incompatible node types in a DoWhile loop.

" + }, + "invalidLoopBoundary":{ + "shape":"InvalidLoopBoundaryFlowValidationDetails", + "documentation":"

Details about a flow that includes connections that violate loop boundary rules.

" } }, "documentation":"

A union type containing various possible validation issues in the flow.

", @@ -5142,7 +5449,15 @@ "MultipleNodeInputConnections", "UnfulfilledNodeInput", "UnsatisfiedConnectionConditions", - "Unspecified" + "Unspecified", + "UnknownNodeInput", + "UnknownNodeOutput", + "MissingLoopInputNode", + "MissingLoopControllerNode", + "MultipleLoopInputNodes", + "MultipleLoopControllerNodes", + "LoopIncompatibleNodeType", + "InvalidLoopBoundary" ] }, "FlowValidations":{ @@ -5160,29 +5475,29 @@ "FlowVersionSummary":{ "type":"structure", "required":[ - "arn", - "createdAt", "id", + "arn", "status", + "createdAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow that the version belongs to.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at the version was created.

" - }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow that the version belongs to.

" + }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at the version was created.

" + }, "version":{ "shape":"NumericalVersion", "documentation":"

The version of the flow.

" @@ -5194,14 +5509,14 @@ "type":"structure", "required":["name"], "members":{ - "description":{ - "shape":"FunctionDescription", - "documentation":"

A description of the function and its purpose.

" - }, "name":{ "shape":"Name", "documentation":"

A name for the function.

" }, + "description":{ + "shape":"FunctionDescription", + "documentation":"

A description of the function and its purpose.

" + }, "parameters":{ "shape":"ParameterMap", "documentation":"

The parameters that the agent elicits from the user to fulfill the function.

" @@ -5236,17 +5551,11 @@ "GetAgentActionGroupRequest":{ "type":"structure", "required":[ - "actionGroupId", "agentId", - "agentVersion" + "agentVersion", + "actionGroupId" ], "members":{ - "actionGroupId":{ - "shape":"Id", - "documentation":"

The unique identifier of the action group for which to get information.

", - "location":"uri", - "locationName":"actionGroupId" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent that the action group belongs to.

", @@ -5258,6 +5567,12 @@ "documentation":"

The version of the agent that the action group belongs to.

", "location":"uri", "locationName":"agentVersion" + }, + "actionGroupId":{ + "shape":"Id", + "documentation":"

The unique identifier of the action group for which to get information.

", + "location":"uri", + "locationName":"actionGroupId" } } }, @@ -5274,21 +5589,21 @@ "GetAgentAliasRequest":{ "type":"structure", "required":[ - "agentAliasId", - "agentId" + "agentId", + "agentAliasId" ], "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The unique identifier of the alias for which to get information.

", - "location":"uri", - "locationName":"agentAliasId" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent to which the alias to get information belongs.

", "location":"uri", "locationName":"agentId" + }, + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The unique identifier of the alias for which to get information.

", + "location":"uri", + "locationName":"agentAliasId" } } }, @@ -5434,21 +5749,21 @@ "GetDataSourceRequest":{ "type":"structure", "required":[ - "dataSourceId", - "knowledgeBaseId" + "knowledgeBaseId", + "dataSourceId" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data source.

", - "location":"uri", - "locationName":"dataSourceId" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base for the data source.

", "location":"uri", "locationName":"knowledgeBaseId" + }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data source.

", + "location":"uri", + "locationName":"dataSourceId" } } }, @@ -5465,48 +5780,52 @@ "GetFlowAliasRequest":{ "type":"structure", "required":[ - "aliasIdentifier", - "flowIdentifier" + "flowIdentifier", + "aliasIdentifier" ], "members":{ - "aliasIdentifier":{ - "shape":"FlowAliasIdentifier", - "documentation":"

The unique identifier of the alias for which to retrieve information.

", - "location":"uri", - "locationName":"aliasIdentifier" - }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow that the alias belongs to.

", "location":"uri", "locationName":"flowIdentifier" + }, + "aliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the alias for which to retrieve information.

", + "location":"uri", + "locationName":"aliasIdentifier" } } }, "GetFlowAliasResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", - "flowId", - "id", "name", "routingConfiguration", + "flowId", + "id", + "arn", + "createdAt", "updatedAt" ], "members":{ - "arn":{ - "shape":"FlowAliasArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" + "name":{ + "shape":"Name", + "documentation":"

The name of the alias.

" }, "description":{ "shape":"Description", "documentation":"

The description of the flow.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

Contains information about the version that the alias is mapped to.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed in parallel.

" + }, "flowId":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow that the alias belongs to.

" @@ -5515,13 +5834,13 @@ "shape":"FlowAliasId", "documentation":"

The unique identifier of the alias of the flow.

" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the alias.

" + "arn":{ + "shape":"FlowAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

Contains information about the version that the alias is mapped to.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" }, "updatedAt":{ "shape":"DateTimestamp", @@ -5544,31 +5863,19 @@ "GetFlowResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", + "name", "executionRoleArn", "id", - "name", + "arn", "status", + "createdAt", "updatedAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the flow is encrypted with.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

The definition of the nodes and connections between the nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the flow.

" }, "description":{ "shape":"FlowDescription", @@ -5578,29 +5885,41 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create a flow. For more information, see Create a service row for flows in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the flow is encrypted with.

" + }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the flow.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow. The following statuses are possible:

  • NotPrepared – The flow has been created or updated, but hasn't been prepared. If you just created the flow, you can't test it. If you updated the flow, the DRAFT version won't contain the latest changes for testing. Send a PrepareFlow request to package the latest changes into the DRAFT version.

  • Preparing – The flow is being prepared so that the DRAFT version contains the latest changes for testing.

  • Prepared – The flow is prepared and the DRAFT version contains the latest changes for testing.

  • Failed – The last API operation that you invoked on the flow failed. Send a GetFlow request and check the error message in the validations field.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the flow was last updated.

" }, - "validations":{ - "shape":"FlowValidations", - "documentation":"

A list of validation error messages related to the last failed operation on the flow.

" - }, "version":{ "shape":"DraftVersion", "documentation":"

The version of the flow for which information was retrieved.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

The definition of the nodes and connections between the nodes in the flow.

" + }, + "validations":{ + "shape":"FlowValidations", + "documentation":"

A list of validation error messages related to the last failed operation on the flow.

" } } }, @@ -5628,30 +5947,18 @@ "GetFlowVersionResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", + "name", "executionRoleArn", "id", - "name", + "arn", "status", + "createdAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the version of the flow is encrypted with.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

The definition of the nodes and connections between nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the version.

" }, "description":{ "shape":"FlowDescription", @@ -5661,32 +5968,50 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the version of the flow is encrypted with.

" + }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the version.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "version":{ "shape":"NumericalVersion", "documentation":"

The version of the flow for which information was retrieved.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

The definition of the nodes and connections between nodes in the flow.

" } } }, "GetIngestionJobRequest":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", - "ingestionJobId", - "knowledgeBaseId" + "ingestionJobId" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the data ingestion job you want to get information on.

", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source for the data ingestion job you want to get information on.

", @@ -5698,12 +6023,6 @@ "documentation":"

The unique identifier of the data ingestion job you want to get information on.

", "location":"uri", "locationName":"ingestionJobId" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the data ingestion job you want to get information on.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -5720,11 +6039,17 @@ "GetKnowledgeBaseDocumentsRequest":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", - "documentIdentifiers", - "knowledgeBaseId" + "documentIdentifiers" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base that is connected to the data source.

", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source that contains the documents.

", @@ -5734,12 +6059,6 @@ "documentIdentifiers":{ "shape":"DocumentIdentifiers", "documentation":"

A list of objects, each of which contains information to identify a document for which to retrieve information.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base that is connected to the data source.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -5795,21 +6114,21 @@ "GetPromptResponse":{ "type":"structure", "required":[ + "name", + "id", "arn", + "version", "createdAt", - "id", - "name", - "updatedAt", - "version" + "updatedAt" ], "members":{ - "arn":{ - "shape":"PromptArn", - "documentation":"

The Amazon Resource Name (ARN) of the prompt or the prompt version (if you specified a version in the request).

" + "name":{ + "shape":"PromptName", + "documentation":"

The name of the prompt.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was created.

" + "description":{ + "shape":"PromptDescription", + "documentation":"

The descriptino of the prompt.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", @@ -5819,32 +6138,40 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for the prompt. This value must match the name field in the relevant PromptVariant object.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

The descriptino of the prompt.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, "id":{ "shape":"PromptId", "documentation":"

The unique identifier of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

The name of the prompt.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was last updated.

" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" + "arn":{ + "shape":"PromptArn", + "documentation":"

The Amazon Resource Name (ARN) of the prompt or the prompt version (if you specified a version in the request).

" }, "version":{ "shape":"Version", "documentation":"

The version of the prompt.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was last updated.

" } } }, + "GraphArn":{ + "type":"string", + "documentation":"

ARN for Neptune Analytics graph database

", + "max":255, + "min":1, + "pattern":"arn:aws(|-cn|-us-gov):neptune-graph:[a-zA-Z0-9-]*:[0-9]{12}:graph/g-[a-zA-Z0-9]{10}", + "sensitive":true + }, "GuardrailConfiguration":{ "type":"structure", "members":{ @@ -5863,11 +6190,11 @@ "type":"string", "max":2048, "min":0, - "pattern":"^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$" + "pattern":"(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))" }, "GuardrailVersion":{ "type":"string", - "pattern":"^(([0-9]{1,8})|(DRAFT))$" + "pattern":"(([0-9]{1,8})|(DRAFT))" }, "HierarchicalChunkingConfiguration":{ "type":"structure", @@ -5917,11 +6244,11 @@ }, "HttpsUrl":{ "type":"string", - "pattern":"^https://[A-Za-z0-9][^\\s]*$" + "pattern":"https://[A-Za-z0-9][^\\s]*" }, "Id":{ "type":"string", - "pattern":"^[0-9a-zA-Z]{10}$" + "pattern":"[0-9a-zA-Z]{10}" }, "IncludeExclude":{ "type":"string", @@ -5941,28 +6268,47 @@ }, "documentation":"

Details about incompatible data types in a connection between nodes.

" }, + "IncompatibleLoopNodeType":{ + "type":"string", + "enum":[ + "Input", + "Condition", + "Iterator", + "Collector" + ] + }, + "IndexArn":{ + "type":"string", + "sensitive":true + }, + "IndexName":{ + "type":"string", + "max":63, + "min":3, + "sensitive":true + }, "InferenceConfiguration":{ "type":"structure", "members":{ - "maximumLength":{ - "shape":"MaximumLength", - "documentation":"

The maximum number of tokens to allow in the generated response.

" - }, - "stopSequences":{ - "shape":"StopSequences", - "documentation":"

A list of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response.

" - }, "temperature":{ "shape":"Temperature", "documentation":"

The likelihood of the model selecting higher-probability options while generating a response. A lower value makes the model more likely to choose higher-probability options, while a higher value makes the model more likely to choose lower-probability options.

" }, + "topP":{ + "shape":"TopP", + "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 0.8, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" + }, "topK":{ "shape":"TopK", "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for topK is the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topK to 50, the model selects the next token from among the top 50 most likely choices.

" }, - "topP":{ - "shape":"TopP", - "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 80, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" + "maximumLength":{ + "shape":"MaximumLength", + "documentation":"

The maximum number of tokens to allow in the generated response.

" + }, + "stopSequences":{ + "shape":"StopSequences", + "documentation":"

A list of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response.

" } }, "documentation":"

Contains inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the promptType. For more information, see Inference parameters for foundation models.

" @@ -5970,15 +6316,16 @@ "IngestKnowledgeBaseDocumentsRequest":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", - "documents", - "knowledgeBaseId" + "documents" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base to ingest the documents into.

", + "location":"uri", + "locationName":"knowledgeBaseId" }, "dataSourceId":{ "shape":"Id", @@ -5986,15 +6333,14 @@ "location":"uri", "locationName":"dataSourceId" }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, "documents":{ "shape":"KnowledgeBaseDocuments", "documentation":"

A list of objects, each of which contains information about the documents to add.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base to ingest the documents into.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -6010,46 +6356,46 @@ "IngestionJob":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", "ingestionJobId", - "knowledgeBaseId", - "startedAt", "status", + "startedAt", "updatedAt" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge for the data ingestion job.

" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source for the data ingestion job.

" }, + "ingestionJobId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data ingestion job.

" + }, "description":{ "shape":"Description", "documentation":"

The description of the data ingestion job.

" }, + "status":{ + "shape":"IngestionJobStatus", + "documentation":"

The status of the data ingestion job.

" + }, + "statistics":{ + "shape":"IngestionJobStatistics", + "documentation":"

Contains statistics about the data ingestion job.

" + }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

A list of reasons that the data ingestion job failed.

" }, - "ingestionJobId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data ingestion job.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge for the data ingestion job.

" - }, "startedAt":{ "shape":"DateTimestamp", "documentation":"

The time the data ingestion job started.

If you stop a data ingestion job, the startedAt time is the time the job was started before the job was stopped.

" }, - "statistics":{ - "shape":"IngestionJobStatistics", - "documentation":"

Contains statistics about the data ingestion job.

" - }, - "status":{ - "shape":"IngestionJobStatus", - "documentation":"

The status of the data ingestion job.

" - }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time the data ingestion job was last updated.

If you stop a data ingestion job, the updatedAt time is the time the job was stopped.

" @@ -6092,7 +6438,7 @@ "type":"string", "max":100, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "IngestionJobFilterValues":{ "type":"list", @@ -6134,33 +6480,33 @@ "IngestionJobStatistics":{ "type":"structure", "members":{ - "numberOfDocumentsDeleted":{ - "shape":"PrimitiveLong", - "documentation":"

The number of source documents that were deleted.

" - }, - "numberOfDocumentsFailed":{ - "shape":"PrimitiveLong", - "documentation":"

The number of source documents that failed to be ingested.

" - }, "numberOfDocumentsScanned":{ "shape":"PrimitiveLong", "documentation":"

The total number of source documents that were scanned. Includes new, updated, and unchanged documents.

" }, - "numberOfMetadataDocumentsModified":{ - "shape":"PrimitiveLong", - "documentation":"

The number of metadata files that were updated or deleted.

" - }, "numberOfMetadataDocumentsScanned":{ "shape":"PrimitiveLong", "documentation":"

The total number of metadata files that were scanned. Includes new, updated, and unchanged files.

" }, + "numberOfNewDocumentsIndexed":{ + "shape":"PrimitiveLong", + "documentation":"

The number of new source documents in the data source that were successfully indexed.

" + }, "numberOfModifiedDocumentsIndexed":{ "shape":"PrimitiveLong", "documentation":"

The number of modified source documents in the data source that were successfully indexed.

" }, - "numberOfNewDocumentsIndexed":{ + "numberOfMetadataDocumentsModified":{ "shape":"PrimitiveLong", - "documentation":"

The number of new source documents in the data source that were successfully indexed.

" + "documentation":"

The number of metadata files that were updated or deleted.

" + }, + "numberOfDocumentsDeleted":{ + "shape":"PrimitiveLong", + "documentation":"

The number of source documents that were deleted.

" + }, + "numberOfDocumentsFailed":{ + "shape":"PrimitiveLong", + "documentation":"

The number of source documents that failed to be ingested.

" } }, "documentation":"

Contains the statistics for the data ingestion job.

" @@ -6183,53 +6529,81 @@ "IngestionJobSummary":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", "ingestionJobId", - "knowledgeBaseId", - "startedAt", "status", + "startedAt", "updatedAt" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the data ingestion job.

" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source for the data ingestion job.

" }, - "description":{ - "shape":"Description", - "documentation":"

The description of the data ingestion job.

" - }, "ingestionJobId":{ "shape":"Id", "documentation":"

The unique identifier of the data ingestion job.

" }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the data ingestion job.

" - }, - "startedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time the data ingestion job started.

" - }, - "statistics":{ - "shape":"IngestionJobStatistics", - "documentation":"

Contains statistics for the data ingestion job.

" + "description":{ + "shape":"Description", + "documentation":"

The description of the data ingestion job.

" }, "status":{ "shape":"IngestionJobStatus", "documentation":"

The status of the data ingestion job.

" }, + "startedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time the data ingestion job started.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time the data ingestion job was last updated.

" + }, + "statistics":{ + "shape":"IngestionJobStatistics", + "documentation":"

Contains statistics for the data ingestion job.

" } }, "documentation":"

Contains details about a data ingestion job.

" }, + "InlineCode":{ + "type":"string", + "max":5000000, + "min":0, + "sensitive":true + }, + "InlineCodeFlowNodeConfiguration":{ + "type":"structure", + "required":[ + "code", + "language" + ], + "members":{ + "code":{ + "shape":"InlineCode", + "documentation":"

The code that's executed in your inline code node. The code can access input data from previous nodes in the flow, perform operations on that data, and produce output that can be used by other nodes in your flow.

The code must be valid in the programming language that you specify.

" + }, + "language":{ + "shape":"SupportedLanguages", + "documentation":"

The programming language used by your inline code node.

The code must be valid in the programming language that you specify. Currently, only Python 3 (Python_3) is supported.

" + } + }, + "documentation":"

Contains configurations for an inline code node in your flow. Inline code nodes let you write and execute code directly within your flow, enabling data transformations, custom logic, and integrations without needing an external Lambda function.

" + }, "InlineContent":{ "type":"structure", "required":["type"], "members":{ + "type":{ + "shape":"InlineContentType", + "documentation":"

The type of inline content to define.

" + }, "byteContent":{ "shape":"ByteContentDoc", "documentation":"

Contains information about content defined inline in bytes.

" @@ -6237,10 +6611,6 @@ "textContent":{ "shape":"TextContentDoc", "documentation":"

Contains information about content defined inline in text.

" - }, - "type":{ - "shape":"InlineContentType", - "documentation":"

The type of inline content to define.

" } }, "documentation":"

Contains information about content defined inline to ingest into a data source. Choose a type and include the field that corresponds to it.

" @@ -6285,6 +6655,29 @@ "exception":true, "fault":true }, + "InvalidLoopBoundaryFlowValidationDetails":{ + "type":"structure", + "required":[ + "connection", + "source", + "target" + ], + "members":{ + "connection":{ + "shape":"FlowConnectionName", + "documentation":"

The name of the connection that violates loop boundary rules.

" + }, + "source":{ + "shape":"FlowNodeName", + "documentation":"

The source node of the connection that violates DoWhile loop boundary rules.

" + }, + "target":{ + "shape":"FlowNodeName", + "documentation":"

The target node of the connection that violates DoWhile loop boundary rules.

" + } + }, + "documentation":"

Details about a flow that contains connections that violate loop boundary rules.

" + }, "IteratorFlowNodeConfiguration":{ "type":"structure", "members":{ @@ -6293,7 +6686,7 @@ }, "KendraIndexArn":{ "type":"string", - "pattern":"^arn:aws(|-cn|-us-gov):kendra:[a-z0-9-]{1,20}:([0-9]{12}|):index/([a-zA-Z0-9][a-zA-Z0-9-]{35}|[a-zA-Z0-9][a-zA-Z0-9-]{35}-[a-zA-Z0-9][a-zA-Z0-9-]{35})$" + "pattern":"arn:aws(|-cn|-us-gov):kendra:[a-z0-9-]{1,20}:([0-9]{12}|):index/([a-zA-Z0-9][a-zA-Z0-9-]{35}|[a-zA-Z0-9][a-zA-Z0-9-]{35}-[a-zA-Z0-9][a-zA-Z0-9-]{35})" }, "KendraKnowledgeBaseConfiguration":{ "type":"structure", @@ -6316,41 +6709,21 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$" + "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" }, "KnowledgeBase":{ "type":"structure", "required":[ - "createdAt", - "knowledgeBaseArn", - "knowledgeBaseConfiguration", "knowledgeBaseId", "name", + "knowledgeBaseArn", "roleArn", + "knowledgeBaseConfiguration", "status", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time the knowledge base was created.

" - }, - "description":{ - "shape":"Description", - "documentation":"

The description of the knowledge base.

" - }, - "failureReasons":{ - "shape":"FailureReasons", - "documentation":"

A list of reasons that the API operation on the knowledge base failed.

" - }, - "knowledgeBaseArn":{ - "shape":"KnowledgeBaseArn", - "documentation":"

The Amazon Resource Name (ARN) of the knowledge base.

" - }, - "knowledgeBaseConfiguration":{ - "shape":"KnowledgeBaseConfiguration", - "documentation":"

Contains details about the embeddings configuration of the knowledge base.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base.

" @@ -6359,21 +6732,41 @@ "shape":"Name", "documentation":"

The name of the knowledge base.

" }, + "knowledgeBaseArn":{ + "shape":"KnowledgeBaseArn", + "documentation":"

The Amazon Resource Name (ARN) of the knowledge base.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the knowledge base.

" + }, "roleArn":{ "shape":"KnowledgeBaseRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base.

" }, - "status":{ - "shape":"KnowledgeBaseStatus", - "documentation":"

The status of the knowledge base. The following statuses are possible:

  • CREATING – The knowledge base is being created.

  • ACTIVE – The knowledge base is ready to be queried.

  • DELETING – The knowledge base is being deleted.

  • UPDATING – The knowledge base is being updated.

  • FAILED – The knowledge base API operation failed.

" + "knowledgeBaseConfiguration":{ + "shape":"KnowledgeBaseConfiguration", + "documentation":"

Contains details about the embeddings configuration of the knowledge base.

" }, "storageConfiguration":{ "shape":"StorageConfiguration", "documentation":"

Contains details about the storage configuration of the knowledge base.

" }, + "status":{ + "shape":"KnowledgeBaseStatus", + "documentation":"

The status of the knowledge base. The following statuses are possible:

  • CREATING – The knowledge base is being created.

  • ACTIVE – The knowledge base is ready to be queried.

  • DELETING – The knowledge base is being deleted.

  • UPDATING – The knowledge base is being updated.

  • FAILED – The knowledge base API operation failed.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time the knowledge base was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time the knowledge base was last updated.

" + }, + "failureReasons":{ + "shape":"FailureReasons", + "documentation":"

A list of reasons that the API operation on the knowledge base failed.

" } }, "documentation":"

Contains information about a knowledge base.

" @@ -6382,20 +6775,12 @@ "type":"string", "max":128, "min":0, - "pattern":"^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$" + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+" }, "KnowledgeBaseConfiguration":{ "type":"structure", "required":["type"], "members":{ - "kendraKnowledgeBaseConfiguration":{ - "shape":"KendraKnowledgeBaseConfiguration", - "documentation":"

Settings for an Amazon Kendra knowledge base.

" - }, - "sqlKnowledgeBaseConfiguration":{ - "shape":"SqlKnowledgeBaseConfiguration", - "documentation":"

Specifies configurations for a knowledge base connected to an SQL database.

" - }, "type":{ "shape":"KnowledgeBaseType", "documentation":"

The type of data that the data source is converted into for the knowledge base.

" @@ -6403,6 +6788,14 @@ "vectorKnowledgeBaseConfiguration":{ "shape":"VectorKnowledgeBaseConfiguration", "documentation":"

Contains details about the model that's used to convert the data source into vector embeddings.

" + }, + "kendraKnowledgeBaseConfiguration":{ + "shape":"KendraKnowledgeBaseConfiguration", + "documentation":"

Settings for an Amazon Kendra knowledge base.

" + }, + "sqlKnowledgeBaseConfiguration":{ + "shape":"SqlKnowledgeBaseConfiguration", + "documentation":"

Specifies configurations for a knowledge base connected to an SQL database.

" } }, "documentation":"

Contains details about the vector embeddings configuration of the knowledge base.

" @@ -6411,13 +6804,13 @@ "type":"structure", "required":["content"], "members":{ - "content":{ - "shape":"DocumentContent", - "documentation":"

Contains the content of the document.

" - }, "metadata":{ "shape":"DocumentMetadata", "documentation":"

Contains the metadata to associate with the document.

" + }, + "content":{ + "shape":"DocumentContent", + "documentation":"

Contains the content of the document.

" } }, "documentation":"

Contains information about a document to ingest into a knowledge base and metadata to associate with it.

" @@ -6425,28 +6818,28 @@ "KnowledgeBaseDocumentDetail":{ "type":"structure", "required":[ - "dataSourceId", - "identifier", "knowledgeBaseId", - "status" + "dataSourceId", + "status", + "identifier" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The identifier of the data source connected to the knowledge base that the document was ingested into or deleted from.

" - }, - "identifier":{ - "shape":"DocumentIdentifier", - "documentation":"

Contains information that identifies the document.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The identifier of the knowledge base that the document was ingested into or deleted from.

" }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The identifier of the data source connected to the knowledge base that the document was ingested into or deleted from.

" + }, "status":{ "shape":"DocumentStatus", "documentation":"

The ingestion status of the document. The following statuses are possible:

  • STARTED – You submitted the ingestion job containing the document.

  • PENDING – The document is waiting to be ingested.

  • IN_PROGRESS – The document is being ingested.

  • INDEXED – The document was successfully indexed.

  • PARTIALLY_INDEXED – The document was partially indexed.

  • METADATA_PARTIALLY_INDEXED – You submitted metadata for an existing document and it was partially indexed.

  • METADATA_UPDATE_FAILED – You submitted a metadata update for an existing document but it failed.

  • FAILED – The document failed to be ingested.

  • NOT_FOUND – The document wasn't found.

  • IGNORED – The document was ignored during ingestion.

  • DELETING – You submitted the delete job containing the document.

  • DELETE_IN_PROGRESS – The document is being deleted.

" }, + "identifier":{ + "shape":"DocumentIdentifier", + "documentation":"

Contains information that identifies the document.

" + }, "statusReason":{ "shape":"String", "documentation":"

The reason for the status. Appears alongside the status IGNORED.

" @@ -6472,38 +6865,90 @@ "type":"structure", "required":["knowledgeBaseId"], "members":{ - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

Contains configurations for a guardrail to apply during query and response generation for the knowledge base in this configuration.

" - }, "knowledgeBaseId":{ - "shape":"KnowledgeBaseId", + "shape":"FlowKnowledgeBaseId", "documentation":"

The unique identifier of the knowledge base to query.

" }, "modelId":{ "shape":"KnowledgeBaseModelIdentifier", "documentation":"

The unique identifier of the model or inference profile to use to generate a response from the query results. Omit this field if you want to return the retrieved results as an array.

" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

Contains configurations for a guardrail to apply during query and response generation for the knowledge base in this configuration.

" + }, + "numberOfResults":{ + "shape":"KnowledgeBaseFlowNodeConfigurationNumberOfResultsInteger", + "documentation":"

The number of results to retrieve from the knowledge base.

" + }, + "promptTemplate":{ + "shape":"KnowledgeBasePromptTemplate", + "documentation":"

A custom prompt template to use with the knowledge base for generating responses.

" + }, + "inferenceConfiguration":{ + "shape":"PromptInferenceConfiguration", + "documentation":"

Contains inference configurations for the prompt.

" + }, + "rerankingConfiguration":{ + "shape":"VectorSearchRerankingConfiguration", + "documentation":"

The configuration for reranking the retrieved results from the knowledge base to improve relevance.

" + }, + "orchestrationConfiguration":{ + "shape":"KnowledgeBaseOrchestrationConfiguration", + "documentation":"

The configuration for orchestrating the retrieval and generation process in the knowledge base node.

" } }, - "documentation":"

Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, - "KnowledgeBaseId":{ - "type":"string", - "max":10, - "min":0, - "pattern":"^[0-9a-zA-Z]+$" + "KnowledgeBaseFlowNodeConfigurationNumberOfResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 }, "KnowledgeBaseModelIdentifier":{ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" + }, + "KnowledgeBaseOrchestrationConfiguration":{ + "type":"structure", + "members":{ + "promptTemplate":{ + "shape":"KnowledgeBasePromptTemplate", + "documentation":"

A custom prompt template for orchestrating the retrieval and generation process.

" + }, + "inferenceConfig":{ + "shape":"PromptInferenceConfiguration", + "documentation":"

Contains inference configurations for the prompt.

" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

The additional model-specific request parameters as key-value pairs to be included in the request to the foundation model.

" + }, + "performanceConfig":{ + "shape":"PerformanceConfiguration", + "documentation":"

The performance configuration options for the knowledge base retrieval and generation process.

" + } + }, + "documentation":"

Configures how the knowledge base orchestrates the retrieval and generation process, allowing for customization of prompts, inference parameters, and performance settings.

" + }, + "KnowledgeBasePromptTemplate":{ + "type":"structure", + "members":{ + "textPromptTemplate":{ + "shape":"KnowledgeBaseTextPrompt", + "documentation":"

The text of the prompt template.

" + } + }, + "documentation":"

Defines a custom prompt template for orchestrating the retrieval and generation process.

" }, "KnowledgeBaseRoleArn":{ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+$" + "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" }, "KnowledgeBaseState":{ "type":"string", @@ -6530,7 +6975,10 @@ "PINECONE", "REDIS_ENTERPRISE_CLOUD", "RDS", - "MONGO_DB_ATLAS" + "MONGO_DB_ATLAS", + "NEPTUNE_ANALYTICS", + "OPENSEARCH_MANAGED_CLUSTER", + "S3_VECTORS" ] }, "KnowledgeBaseSummaries":{ @@ -6546,10 +6994,6 @@ "updatedAt" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

The description of the knowledge base.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base.

" @@ -6558,6 +7002,10 @@ "shape":"Name", "documentation":"

The name of the knowledge base.

" }, + "description":{ + "shape":"Description", + "documentation":"

The description of the knowledge base.

" + }, "status":{ "shape":"KnowledgeBaseStatus", "documentation":"

The status of the knowledge base.

" @@ -6569,6 +7017,12 @@ }, "documentation":"

Contains details about a knowledge base.

" }, + "KnowledgeBaseTextPrompt":{ + "type":"string", + "max":100000, + "min":1, + "sensitive":true + }, "KnowledgeBaseType":{ "type":"string", "enum":[ @@ -6581,29 +7035,18 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$" + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?" }, "LambdaFunctionFlowNodeConfiguration":{ "type":"structure", "required":["lambdaArn"], "members":{ "lambdaArn":{ - "shape":"LambdaArn", + "shape":"FlowLambdaArn", "documentation":"

The Amazon Resource Name (ARN) of the Lambda function to invoke.

" } }, - "documentation":"

Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" - }, - "LexBotAliasArn":{ - "type":"string", - "max":78, - "min":0, - "pattern":"^arn:aws(|-us-gov):lex:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:bot-alias/[0-9a-zA-Z]+/[0-9a-zA-Z]+$" - }, - "LexBotLocaleId":{ - "type":"string", - "max":10, - "min":1 + "documentation":"

Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "LexFlowNodeConfiguration":{ "type":"structure", @@ -6613,15 +7056,15 @@ ], "members":{ "botAliasArn":{ - "shape":"LexBotAliasArn", + "shape":"FlowLexBotAliasArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Lex bot alias to invoke.

" }, "localeId":{ - "shape":"LexBotLocaleId", + "shape":"FlowLexBotLocaleId", "documentation":"

The Region to invoke the Amazon Lex bot in.

" } }, - "documentation":"

Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "ListAgentActionGroupsRequest":{ "type":"structure", @@ -6991,10 +7434,16 @@ "ListIngestionJobsRequest":{ "type":"structure", "required":[ - "dataSourceId", - "knowledgeBaseId" + "knowledgeBaseId", + "dataSourceId" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the list of data ingestion jobs.

", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source for the list of data ingestion jobs.

", @@ -7005,11 +7454,9 @@ "shape":"IngestionJobFilters", "documentation":"

Contains information about the filters for filtering the data.

" }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the list of data ingestion jobs.

", - "location":"uri", - "locationName":"knowledgeBaseId" + "sortBy":{ + "shape":"IngestionJobSortBy", + "documentation":"

Contains details about how to sort the data.

" }, "maxResults":{ "shape":"MaxResults", @@ -7018,10 +7465,6 @@ "nextToken":{ "shape":"NextToken", "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

" - }, - "sortBy":{ - "shape":"IngestionJobSortBy", - "documentation":"

Contains details about how to sort the data.

" } } }, @@ -7042,22 +7485,22 @@ "ListKnowledgeBaseDocumentsRequest":{ "type":"structure", "required":[ - "dataSourceId", - "knowledgeBaseId" + "knowledgeBaseId", + "dataSourceId" ], "members":{ - "dataSourceId":{ - "shape":"Id", - "documentation":"

The unique identifier of the data source that contains the documents.

", - "location":"uri", - "locationName":"dataSourceId" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base that is connected to the data source.

", "location":"uri", "locationName":"knowledgeBaseId" }, + "dataSourceId":{ + "shape":"Id", + "documentation":"

The unique identifier of the data source that contains the documents.

", + "location":"uri", + "locationName":"dataSourceId" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

" @@ -7112,6 +7555,12 @@ "ListPromptsRequest":{ "type":"structure", "members":{ + "promptIdentifier":{ + "shape":"PromptIdentifier", + "documentation":"

The unique identifier of the prompt for whose versions you want to return information. Omit this field to list information about all prompts in an account.

", + "location":"querystring", + "locationName":"promptIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", @@ -7123,12 +7572,6 @@ "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", "location":"querystring", "locationName":"nextToken" - }, - "promptIdentifier":{ - "shape":"PromptIdentifier", - "documentation":"

The unique identifier of the prompt for whose versions you want to return information. Omit this field to list information about all prompts in an account.

", - "location":"querystring", - "locationName":"promptIdentifier" } } }, @@ -7136,13 +7579,13 @@ "type":"structure", "required":["promptSummaries"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" - }, "promptSummaries":{ "shape":"PromptSummaries", "documentation":"

A list, each member of which contains information about a prompt using Prompt management.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" } } }, @@ -7167,25 +7610,86 @@ } } }, + "LoopControllerFlowNodeConfiguration":{ + "type":"structure", + "required":["continueCondition"], + "members":{ + "continueCondition":{ + "shape":"FlowCondition", + "documentation":"

Specifies the condition that determines when the flow exits the DoWhile loop. The loop executes until this condition evaluates to true.

" + }, + "maxIterations":{ + "shape":"LoopControllerFlowNodeConfigurationMaxIterationsInteger", + "documentation":"

Specifies the maximum number of times the DoWhile loop can iterate before the flow exits the loop.

" + } + }, + "documentation":"

Contains configurations for the controller node of a DoWhile loop in the flow.

" + }, + "LoopControllerFlowNodeConfigurationMaxIterationsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "LoopFlowNodeConfiguration":{ + "type":"structure", + "required":["definition"], + "members":{ + "definition":{ + "shape":"FlowDefinition", + "documentation":"

The definition of the DoWhile loop nodes and connections between nodes in the flow.

" + } + }, + "documentation":"

Contains configurations for the nodes of a DoWhile loop in your flow.

A DoWhile loop is made up of the following nodes:

  • Loop - The container node that holds the loop's flow definition. This node encompasses the entire loop structure.

  • LoopInput - The entry point node for the loop. This node receives inputs from nodes outside the loop and from previous loop iterations.

  • Body nodes - The processing nodes that execute within each loop iteration. These can be nodes for handling data in your flow, such as a prompt or Lambda function nodes. Some node types aren't supported inside a DoWhile loop body. For more information, see LoopIncompatibleNodeTypeFlowValidationDetails.

  • LoopController - The node that evaluates whether the loop should continue or exit based on a condition.

These nodes work together to create a loop that runs at least once and continues until a specified condition is met or a maximum number of iterations is reached.

" + }, + "LoopIncompatibleNodeTypeFlowValidationDetails":{ + "type":"structure", + "required":[ + "node", + "incompatibleNodeType", + "incompatibleNodeName" + ], + "members":{ + "node":{ + "shape":"FlowNodeName", + "documentation":"

The Loop container node that contains an incompatible node.

" + }, + "incompatibleNodeType":{ + "shape":"IncompatibleLoopNodeType", + "documentation":"

The node type of the incompatible node in the DoWhile loop. Some node types, like a condition node, aren't allowed in a DoWhile loop.

" + }, + "incompatibleNodeName":{ + "shape":"FlowNodeName", + "documentation":"

The node that's incompatible in the DoWhile loop.

" + } + }, + "documentation":"

Details about a flow that contains an incompatible node in a DoWhile loop.

" + }, + "LoopInputFlowNodeConfiguration":{ + "type":"structure", + "members":{ + }, + "documentation":"

Contains configurations for the input node of a DoWhile loop in the flow.

" + }, "MalformedConditionExpressionFlowValidationDetails":{ "type":"structure", "required":[ - "cause", + "node", "condition", - "node" + "cause" ], "members":{ - "cause":{ - "shape":"ErrorMessage", - "documentation":"

The error message describing why the condition expression is malformed.

" + "node":{ + "shape":"FlowNodeName", + "documentation":"

The name of the node containing the malformed condition expression.

" }, "condition":{ "shape":"FlowConditionName", "documentation":"

The name of the malformed condition.

" }, - "node":{ - "shape":"FlowNodeName", - "documentation":"

The name of the node containing the malformed condition expression.

" + "cause":{ + "shape":"ErrorMessage", + "documentation":"

The error message describing why the condition expression is malformed.

" } }, "documentation":"

Details about a malformed condition expression in a node.

" @@ -7193,22 +7697,22 @@ "MalformedNodeInputExpressionFlowValidationDetails":{ "type":"structure", "required":[ - "cause", + "node", "input", - "node" + "cause" ], "members":{ - "cause":{ - "shape":"ErrorMessage", - "documentation":"

The error message describing why the input expression is malformed.

" + "node":{ + "shape":"FlowNodeName", + "documentation":"

The name of the node containing the malformed input expression.

" }, "input":{ "shape":"FlowNodeInputName", "documentation":"

The name of the input with the malformed expression.

" }, - "node":{ - "shape":"FlowNodeName", - "documentation":"

The name of the node containing the malformed input expression.

" + "cause":{ + "shape":"ErrorMessage", + "documentation":"

The error message describing why the input expression is malformed.

" } }, "documentation":"

Details about a malformed input expression in a node.

" @@ -7227,7 +7731,6 @@ "MaximumLength":{ "type":"integer", "box":true, - "max":4096, "min":0 }, "MemoryConfiguration":{ @@ -7238,13 +7741,13 @@ "shape":"EnabledMemoryTypes", "documentation":"

The type of memory that is stored.

" }, - "sessionSummaryConfiguration":{ - "shape":"SessionSummaryConfiguration", - "documentation":"

Contains the configuration for SESSION_SUMMARY memory type enabled for the agent.

" - }, "storageDays":{ "shape":"StorageDays", "documentation":"

The number of days the agent is configured to retain the conversational context.

" + }, + "sessionSummaryConfiguration":{ + "shape":"SessionSummaryConfiguration", + "documentation":"

Contains the configuration for SESSION_SUMMARY memory type enabled for the agent.

" } }, "documentation":"

Details of the memory configuration.

" @@ -7256,17 +7759,17 @@ "Message":{ "type":"structure", "required":[ - "content", - "role" + "role", + "content" ], "members":{ - "content":{ - "shape":"ContentBlocks", - "documentation":"

The content in the message.

" - }, "role":{ "shape":"ConversationRole", "documentation":"

The role that the message belongs to.

" + }, + "content":{ + "shape":"ContentBlocks", + "documentation":"

The content in the message.

" } }, "documentation":"

A message input or response from a model. For more information, see Create a prompt using Prompt management.

" @@ -7297,25 +7800,25 @@ "type":"structure", "required":["type"], "members":{ - "booleanValue":{ - "shape":"Boolean", - "documentation":"

The value of the Boolean metadata attribute.

" + "type":{ + "shape":"MetadataValueType", + "documentation":"

The type of the metadata attribute.

" }, "numberValue":{ "shape":"NumberValue", "documentation":"

The value of the numeric metadata attribute.

" }, - "stringListValue":{ - "shape":"MetadataAttributeValueStringListValueList", - "documentation":"

An array of strings that define the value of the metadata attribute.

" + "booleanValue":{ + "shape":"Boolean", + "documentation":"

The value of the Boolean metadata attribute.

" }, "stringValue":{ "shape":"StringValue", "documentation":"

The value of the string metadata attribute.

" }, - "type":{ - "shape":"MetadataValueType", - "documentation":"

The type of the metadata attribute.

" + "stringListValue":{ + "shape":"MetadataAttributeValueStringListValueList", + "documentation":"

An array of strings that define the value of the metadata attribute.

" } }, "documentation":"

Contains the value of the metadata attribute. Choose a type and include the field that corresponds to it.

" @@ -7326,6 +7829,21 @@ "max":10, "min":1 }, + "MetadataConfigurationForReranking":{ + "type":"structure", + "required":["selectionMode"], + "members":{ + "selectionMode":{ + "shape":"RerankingMetadataSelectionMode", + "documentation":"

The mode for selecting metadata fields for reranking.

" + }, + "selectiveModeConfiguration":{ + "shape":"RerankingMetadataSelectiveModeConfiguration", + "documentation":"

The configuration for selective metadata field inclusion or exclusion during reranking.

" + } + }, + "documentation":"

Specifies how metadata fields should be handled during the reranking process.

" + }, "MetadataSourceType":{ "type":"string", "enum":[ @@ -7346,27 +7864,27 @@ "type":"string", "max":36, "min":36, - "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, "MismatchedNodeInputTypeFlowValidationDetails":{ "type":"structure", "required":[ - "expectedType", + "node", "input", - "node" + "expectedType" ], "members":{ - "expectedType":{ - "shape":"FlowNodeIODataType", - "documentation":"

The expected data type for the node input.

" + "node":{ + "shape":"FlowNodeName", + "documentation":"

The name of the node containing the input with the mismatched data type.

" }, "input":{ "shape":"FlowNodeInputName", "documentation":"

The name of the input with the mismatched data type.

" }, - "node":{ - "shape":"FlowNodeName", - "documentation":"

The name of the node containing the input with the mismatched data type.

" + "expectedType":{ + "shape":"FlowNodeIODataType", + "documentation":"

The expected data type for the node input.

" } }, "documentation":"

Details about mismatched input data types in a node.

" @@ -7374,15 +7892,11 @@ "MismatchedNodeOutputTypeFlowValidationDetails":{ "type":"structure", "required":[ - "expectedType", "node", - "output" + "output", + "expectedType" ], "members":{ - "expectedType":{ - "shape":"FlowNodeIODataType", - "documentation":"

The expected data type for the node output.

" - }, "node":{ "shape":"FlowNodeName", "documentation":"

The name of the node containing the output with the mismatched data type.

" @@ -7390,6 +7904,10 @@ "output":{ "shape":"FlowNodeOutputName", "documentation":"

The name of the output with the mismatched data type.

" + }, + "expectedType":{ + "shape":"FlowNodeIODataType", + "documentation":"

The expected data type for the node output.

" } }, "documentation":"

Details about mismatched output data types in a node.

" @@ -7422,31 +7940,53 @@ }, "documentation":"

Details about missing ending nodes (such as FlowOutputNode) in the flow.

" }, + "MissingLoopControllerNodeFlowValidationDetails":{ + "type":"structure", + "required":["loopNode"], + "members":{ + "loopNode":{ + "shape":"FlowNodeName", + "documentation":"

The DoWhile loop in a flow that's missing a required LoopController node.

" + } + }, + "documentation":"

Details about a flow that's missing a required LoopController node in a DoWhile loop.

" + }, + "MissingLoopInputNodeFlowValidationDetails":{ + "type":"structure", + "required":["loopNode"], + "members":{ + "loopNode":{ + "shape":"FlowNodeName", + "documentation":"

The DoWhile loop in a flow that's missing a required LoopInput node.

" + } + }, + "documentation":"

Details about a flow that's missing a required LoopInput node in a DoWhile loop.

" + }, "MissingNodeConfigurationFlowValidationDetails":{ "type":"structure", "required":["node"], "members":{ "node":{ "shape":"FlowNodeName", - "documentation":"

The name of the node missing configuration.

" + "documentation":"

The name of the node missing a required configuration.

" } }, - "documentation":"

Details about a node missing required configuration.

" + "documentation":"

Details about a node missing a required configuration.

" }, "MissingNodeInputFlowValidationDetails":{ "type":"structure", "required":[ - "input", - "node" + "node", + "input" ], "members":{ - "input":{ - "shape":"FlowNodeInputName", - "documentation":"

The name of the missing input.

" - }, "node":{ "shape":"FlowNodeName", "documentation":"

The name of the node missing the required input.

" + }, + "input":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the missing input.

" } }, "documentation":"

Details about a missing required input in a node.

" @@ -7479,52 +8019,56 @@ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" }, "MongoDbAtlasCollectionName":{ "type":"string", "max":63, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "MongoDbAtlasConfiguration":{ "type":"structure", "required":[ + "endpoint", + "databaseName", "collectionName", + "vectorIndexName", "credentialsSecretArn", - "databaseName", - "endpoint", - "fieldMapping", - "vectorIndexName" + "fieldMapping" ], "members":{ + "endpoint":{ + "shape":"MongoDbAtlasEndpoint", + "documentation":"

The endpoint URL of your MongoDB Atlas cluster for your knowledge base.

" + }, + "databaseName":{ + "shape":"MongoDbAtlasDatabaseName", + "documentation":"

The database name in your MongoDB Atlas cluster for your knowledge base.

" + }, "collectionName":{ "shape":"MongoDbAtlasCollectionName", "documentation":"

The collection name of the knowledge base in MongoDB Atlas.

" }, + "vectorIndexName":{ + "shape":"MongoDbAtlasIndexName", + "documentation":"

The name of the MongoDB Atlas vector search index.

" + }, "credentialsSecretArn":{ "shape":"SecretArn", "documentation":"

The Amazon Resource Name (ARN) of the secret that you created in Secrets Manager that contains user credentials for your MongoDB Atlas cluster.

" }, - "databaseName":{ - "shape":"MongoDbAtlasDatabaseName", - "documentation":"

The database name in your MongoDB Atlas cluster for your knowledge base.

" - }, - "endpoint":{ - "shape":"MongoDbAtlasEndpoint", - "documentation":"

The endpoint URL of your MongoDB Atlas cluster for your knowledge base.

" + "fieldMapping":{ + "shape":"MongoDbAtlasFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" }, "endpointServiceName":{ "shape":"MongoDbAtlasEndpointServiceName", "documentation":"

The name of the VPC endpoint service in your account that is connected to your MongoDB Atlas cluster.

" }, - "fieldMapping":{ - "shape":"MongoDbAtlasFieldMapping", - "documentation":"

Contains the names of the fields to which to map information about the vector store.

" - }, - "vectorIndexName":{ + "textIndexName":{ "shape":"MongoDbAtlasIndexName", - "documentation":"

The name of the MongoDB Atlas vector search index.

" + "documentation":"

The name of the text search index in the MongoDB collection. This is required for using the hybrid search feature.

" } }, "documentation":"

Contains details about the storage configuration of the knowledge base in MongoDB Atlas.

" @@ -7533,39 +8077,39 @@ "type":"string", "max":63, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "MongoDbAtlasEndpoint":{ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "MongoDbAtlasEndpointServiceName":{ "type":"string", "max":255, "min":1, - "pattern":"^(?:arn:aws(?:-us-gov|-cn|-iso|-iso-[a-z])*:.+:.*:\\d+:.+/.+$|[a-zA-Z0-9*]+[a-zA-Z0-9._-]*)$" + "pattern":"(?:arn:aws(?:-us-gov|-cn|-iso|-iso-[a-z])*:.+:.*:\\d+:.+/.+$|[a-zA-Z0-9*]+[a-zA-Z0-9._-]*)" }, "MongoDbAtlasFieldMapping":{ "type":"structure", "required":[ - "metadataField", + "vectorField", "textField", - "vectorField" + "metadataField" ], "members":{ - "metadataField":{ + "vectorField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" }, "textField":{ "shape":"FieldName", "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" }, - "vectorField":{ + "metadataField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" } }, "documentation":"

Contains the names of the fields to which to map information about the vector store.

" @@ -7574,44 +8118,102 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" + }, + "MultipleLoopControllerNodesFlowValidationDetails":{ + "type":"structure", + "required":["loopNode"], + "members":{ + "loopNode":{ + "shape":"FlowNodeName", + "documentation":"

The DoWhile loop in a flow that contains multiple LoopController nodes.

" + } + }, + "documentation":"

Details about a flow that contains multiple LoopController nodes in a DoWhile loop.

" + }, + "MultipleLoopInputNodesFlowValidationDetails":{ + "type":"structure", + "required":["loopNode"], + "members":{ + "loopNode":{ + "shape":"FlowNodeName", + "documentation":"

The DoWhile loop in a flow that contains multiple LoopInput nodes.

" + } + }, + "documentation":"

Details about a flow that contains multiple LoopInput nodes in a DoWhile loop.

" }, "MultipleNodeInputConnectionsFlowValidationDetails":{ "type":"structure", "required":[ - "input", - "node" + "node", + "input" ], "members":{ - "input":{ - "shape":"FlowNodeInputName", - "documentation":"

The name of the input with multiple connections to it.

" - }, "node":{ "shape":"FlowNodeName", "documentation":"

The name of the node containing the input with multiple connections.

" + }, + "input":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the input with multiple connections to it.

" } }, "documentation":"

Details about multiple connections to a single node input.

" }, "Name":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "NaturalLanguageString":{ "type":"string", "max":1000, "min":1 }, + "NeptuneAnalyticsConfiguration":{ + "type":"structure", + "required":[ + "graphArn", + "fieldMapping" + ], + "members":{ + "graphArn":{ + "shape":"GraphArn", + "documentation":"

The Amazon Resource Name (ARN) of the Neptune Analytics vector store.

" + }, + "fieldMapping":{ + "shape":"NeptuneAnalyticsFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" + } + }, + "documentation":"

Contains details about the storage configuration of the knowledge base in Amazon Neptune Analytics. For more information, see Create a vector index in Amazon Neptune Analytics.

" + }, + "NeptuneAnalyticsFieldMapping":{ + "type":"structure", + "required":[ + "textField", + "metadataField" + ], + "members":{ + "textField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" + }, + "metadataField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + } + }, + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" + }, "NextToken":{ "type":"string", "max":2048, "min":1, - "pattern":"^\\S*$" + "pattern":"\\S*" }, "NonBlankString":{ "type":"string", - "pattern":"^[\\s\\S]+$" + "pattern":"[\\s\\S]+" }, "NonEmptyString":{ "type":"string", @@ -7624,33 +8226,103 @@ }, "NumericalVersion":{ "type":"string", - "pattern":"^[0-9]{1,5}$" + "pattern":"[0-9]{1,5}" + }, + "OpenSearchManagedClusterConfiguration":{ + "type":"structure", + "required":[ + "domainEndpoint", + "domainArn", + "vectorIndexName", + "fieldMapping" + ], + "members":{ + "domainEndpoint":{ + "shape":"OpenSearchManagedClusterDomainEndpoint", + "documentation":"

The endpoint URL the OpenSearch domain.

" + }, + "domainArn":{ + "shape":"OpenSearchManagedClusterDomainArn", + "documentation":"

The Amazon Resource Name (ARN) of the OpenSearch domain.

" + }, + "vectorIndexName":{ + "shape":"OpenSearchManagedClusterIndexName", + "documentation":"

The name of the vector store.

" + }, + "fieldMapping":{ + "shape":"OpenSearchManagedClusterFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" + } + }, + "documentation":"

Contains details about the Managed Cluster configuration of the knowledge base in Amazon OpenSearch Service. For more information, see Create a vector index in OpenSearch Managed Cluster.

" + }, + "OpenSearchManagedClusterDomainArn":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"arn:aws(|-cn|-us-gov|-iso):es:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:domain/[a-z][a-z0-9-]{3,28}" + }, + "OpenSearchManagedClusterDomainEndpoint":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"https://.*" + }, + "OpenSearchManagedClusterFieldMapping":{ + "type":"structure", + "required":[ + "vectorField", + "textField", + "metadataField" + ], + "members":{ + "vectorField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + }, + "textField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" + }, + "metadataField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + } + }, + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" + }, + "OpenSearchManagedClusterIndexName":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(?![\\-_+.])[a-z0-9][a-z0-9\\-_\\.]*", + "sensitive":true }, "OpenSearchServerlessCollectionArn":{ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}$" + "pattern":"arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}" }, "OpenSearchServerlessConfiguration":{ "type":"structure", "required":[ "collectionArn", - "fieldMapping", - "vectorIndexName" + "vectorIndexName", + "fieldMapping" ], "members":{ "collectionArn":{ "shape":"OpenSearchServerlessCollectionArn", "documentation":"

The Amazon Resource Name (ARN) of the OpenSearch Service vector store.

" }, - "fieldMapping":{ - "shape":"OpenSearchServerlessFieldMapping", - "documentation":"

Contains the names of the fields to which to map information about the vector store.

" - }, "vectorIndexName":{ "shape":"OpenSearchServerlessIndexName", "documentation":"

The name of the vector store.

" + }, + "fieldMapping":{ + "shape":"OpenSearchServerlessFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" } }, "documentation":"

Contains details about the storage configuration of the knowledge base in Amazon OpenSearch Service. For more information, see Create a vector index in Amazon OpenSearch Service.

" @@ -7658,22 +8330,22 @@ "OpenSearchServerlessFieldMapping":{ "type":"structure", "required":[ - "metadataField", + "vectorField", "textField", - "vectorField" + "metadataField" ], "members":{ - "metadataField":{ + "vectorField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" }, "textField":{ "shape":"FieldName", "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" }, - "vectorField":{ + "metadataField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" } }, "documentation":"

Contains the names of the fields to which to map information about the vector store.

" @@ -7682,7 +8354,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "OrchestrationExecutor":{ "type":"structure", @@ -7721,13 +8393,13 @@ "shape":"ParameterDescription", "documentation":"

A description of the parameter. Helps the foundation model determine how to elicit the parameters from the user.

" }, - "required":{ - "shape":"Boolean", - "documentation":"

Whether the parameter is required for the agent to complete the function for action group invocation.

" - }, "type":{ "shape":"Type", "documentation":"

The data type of the parameter.

" + }, + "required":{ + "shape":"Boolean", + "documentation":"

Whether the parameter is required for the agent to complete the function for action group invocation.

" } }, "documentation":"

Contains details about a parameter in a function for an action group.

This data type is used in the following API operations:

" @@ -7741,17 +8413,17 @@ "type":"structure", "required":["parsingStrategy"], "members":{ - "bedrockDataAutomationConfiguration":{ - "shape":"BedrockDataAutomationConfiguration", - "documentation":"

If you specify BEDROCK_DATA_AUTOMATION as the parsing strategy for ingesting your data source, use this object to modify configurations for using the Amazon Bedrock Data Automation parser.

" + "parsingStrategy":{ + "shape":"ParsingStrategy", + "documentation":"

The parsing strategy for the data source.

" }, "bedrockFoundationModelConfiguration":{ "shape":"BedrockFoundationModelConfiguration", "documentation":"

If you specify BEDROCK_FOUNDATION_MODEL as the parsing strategy for ingesting your data source, use this object to modify configurations for using a foundation model to parse documents.

" }, - "parsingStrategy":{ - "shape":"ParsingStrategy", - "documentation":"

The parsing strategy for the data source.

" + "bedrockDataAutomationConfiguration":{ + "shape":"BedrockDataAutomationConfiguration", + "documentation":"

If you specify BEDROCK_DATA_AUTOMATION as the parsing strategy for ingesting your data source, use this object to modify configurations for using the Amazon Bedrock Data Automation parser.

" } }, "documentation":"

Settings for parsing document contents. If you exclude this field, the default parser converts the contents of each document into text before splitting it into chunks. Specify the parsing strategy to use in the parsingStrategy field and include the relevant configuration, or omit it to use the Amazon Bedrock default parser. For more information, see Parsing options for your data source.

If you specify BEDROCK_DATA_AUTOMATION or BEDROCK_FOUNDATION_MODEL and it fails to parse a file, the Amazon Bedrock default parser will be used instead.

" @@ -7787,17 +8459,17 @@ "type":"structure", "required":["objectType"], "members":{ - "exclusionFilters":{ - "shape":"FilterList", - "documentation":"

A list of one or more exclusion regular expression patterns to exclude certain object types that adhere to the pattern. If you specify an inclusion and exclusion filter/pattern and both match a document, the exclusion filter takes precedence and the document isn’t crawled.

" + "objectType":{ + "shape":"FilteredObjectType", + "documentation":"

The supported object type or content type of the data source.

" }, "inclusionFilters":{ "shape":"FilterList", "documentation":"

A list of one or more inclusion regular expression patterns to include certain object types that adhere to the pattern. If you specify an inclusion and exclusion filter/pattern and both match a document, the exclusion filter takes precedence and the document isn’t crawled.

" }, - "objectType":{ - "shape":"FilteredObjectType", - "documentation":"

The supported object type or content type of the data source.

" + "exclusionFilters":{ + "shape":"FilterList", + "documentation":"

A list of one or more exclusion regular expression patterns to exclude certain object types that adhere to the pattern. If you specify an inclusion and exclusion filter/pattern and both match a document, the exclusion filter takes precedence and the document isn’t crawled.

" } }, "documentation":"

The specific filters applied to your data source content. You can filter out or include certain content.

" @@ -7824,6 +8496,23 @@ "type":"string", "sensitive":true }, + "PerformanceConfigLatency":{ + "type":"string", + "enum":[ + "standard", + "optimized" + ] + }, + "PerformanceConfiguration":{ + "type":"structure", + "members":{ + "latency":{ + "shape":"PerformanceConfigLatency", + "documentation":"

The latency optimization setting.

" + } + }, + "documentation":"

The performance-related configuration options for the knowledge base retrieval and generation process.

" + }, "PineconeConfiguration":{ "type":"structure", "required":[ @@ -7840,13 +8529,13 @@ "shape":"SecretArn", "documentation":"

The Amazon Resource Name (ARN) of the secret that you created in Secrets Manager that is linked to your Pinecone API key.

" }, - "fieldMapping":{ - "shape":"PineconeFieldMapping", - "documentation":"

Contains the names of the fields to which to map information about the vector store.

" - }, "namespace":{ "shape":"PineconeNamespace", "documentation":"

The namespace to be used to write new data to your database.

" + }, + "fieldMapping":{ + "shape":"PineconeFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" } }, "documentation":"

Contains details about the storage configuration of the knowledge base in Pinecone. For more information, see Create a vector index in Pinecone.

" @@ -7855,22 +8544,22 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "PineconeFieldMapping":{ "type":"structure", "required":[ - "metadataField", - "textField" + "textField", + "metadataField" ], "members":{ - "metadataField":{ - "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" - }, "textField":{ "shape":"FieldName", "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" + }, + "metadataField":{ + "shape":"FieldName", + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" } }, "documentation":"

Contains the names of the fields to which to map information about the vector store.

" @@ -7879,7 +8568,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "PrepareAgentRequest":{ "type":"structure", @@ -7964,38 +8653,42 @@ }, "PromptArn":{ "type":"string", - "pattern":"^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?)$" + "pattern":"(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?)" }, "PromptConfiguration":{ "type":"structure", "members":{ + "promptType":{ + "shape":"PromptType", + "documentation":"

The step in the agent sequence that this prompt configuration applies to.

" + }, + "promptCreationMode":{ + "shape":"CreationMode", + "documentation":"

Specifies whether to override the default prompt template for this promptType. Set this value to OVERRIDDEN to use the prompt that you provide in the basePromptTemplate. If you leave it as DEFAULT, the agent uses a default prompt template.

" + }, + "promptState":{ + "shape":"PromptState", + "documentation":"

Specifies whether to allow the agent to carry out the step specified in the promptType. If you set this value to DISABLED, the agent skips that step. The default state for each promptType is as follows.

  • PRE_PROCESSINGDISABLED

  • ORCHESTRATIONENABLED

  • KNOWLEDGE_BASE_RESPONSE_GENERATIONENABLED

  • POST_PROCESSINGDISABLED

" + }, "basePromptTemplate":{ "shape":"BasePromptTemplate", "documentation":"

Defines the prompt template with which to replace the default prompt template. You can use placeholder variables in the base prompt template to customize the prompt. For more information, see Prompt template placeholder variables. For more information, see Configure the prompt templates.

" }, - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The agent's foundation model.

" - }, "inferenceConfiguration":{ "shape":"InferenceConfiguration", "documentation":"

Contains inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the promptType. For more information, see Inference parameters for foundation models.

" }, "parserMode":{ "shape":"CreationMode", - "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType. If you set the field as OVERRIDEN, the overrideLambda field in the PromptOverrideConfiguration must be specified with the ARN of a Lambda function.

" + "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType. If you set the field as OVERRIDDEN, the overrideLambda field in the PromptOverrideConfiguration must be specified with the ARN of a Lambda function.

" }, - "promptCreationMode":{ - "shape":"CreationMode", - "documentation":"

Specifies whether to override the default prompt template for this promptType. Set this value to OVERRIDDEN to use the prompt that you provide in the basePromptTemplate. If you leave it as DEFAULT, the agent uses a default prompt template.

" - }, - "promptState":{ - "shape":"PromptState", - "documentation":"

Specifies whether to allow the agent to carry out the step specified in the promptType. If you set this value to DISABLED, the agent skips that step. The default state for each promptType is as follows.

  • PRE_PROCESSINGENABLED

  • ORCHESTRATIONENABLED

  • KNOWLEDGE_BASE_RESPONSE_GENERATIONENABLED

  • POST_PROCESSINGDISABLED

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The agent's foundation model.

" }, - "promptType":{ - "shape":"PromptType", - "documentation":"

The step in the agent sequence that this prompt configuration applies to.

" + "additionalModelRequestFields":{ + "shape":"Document", + "documentation":"

If the Converse or ConverseStream operations support the model, additionalModelRequestFields contains additional inference parameters, beyond the base set of inference parameters in the inferenceConfiguration field.

For more information, see Inference request parameters and response fields for foundation models in the Amazon Bedrock user guide.

" } }, "documentation":"

Contains configurations to override a prompt template in one part of an agent sequence. For more information, see Advanced prompts.

" @@ -8015,44 +8708,44 @@ "type":"structure", "required":["sourceConfiguration"], "members":{ - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

Contains configurations for a guardrail to apply to the prompt in this node and the response generated from it.

" - }, "sourceConfiguration":{ "shape":"PromptFlowNodeSourceConfiguration", "documentation":"

Specifies whether the prompt is from Prompt management or defined inline.

" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

Contains configurations for a guardrail to apply to the prompt in this node and the response generated from it.

" } }, - "documentation":"

Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see Node types in Amazon Bedrock works in the Amazon Bedrock User Guide.

" + "documentation":"

Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see Node types in a flow in the Amazon Bedrock User Guide.

" }, "PromptFlowNodeInlineConfiguration":{ "type":"structure", "required":[ - "modelId", + "templateType", "templateConfiguration", - "templateType" + "modelId" ], "members":{ - "additionalModelRequestFields":{ - "shape":"Document", - "documentation":"

Additional fields to be included in the model request for the Prompt node.

" + "templateType":{ + "shape":"PromptTemplateType", + "documentation":"

The type of prompt template.

" }, - "inferenceConfiguration":{ - "shape":"PromptInferenceConfiguration", - "documentation":"

Contains inference configurations for the prompt.

" + "templateConfiguration":{ + "shape":"PromptTemplateConfiguration", + "documentation":"

Contains a prompt and variables in the prompt that can be replaced with values at runtime.

" }, "modelId":{ - "shape":"PromptModelIdentifier", + "shape":"FlowPromptModelIdentifier", "documentation":"

The unique identifier of the model or inference profile to run inference with.

" }, - "templateConfiguration":{ - "shape":"PromptTemplateConfiguration", - "documentation":"

Contains a prompt and variables in the prompt that can be replaced with values at runtime.

" + "inferenceConfiguration":{ + "shape":"PromptInferenceConfiguration", + "documentation":"

Contains inference configurations for the prompt.

" }, - "templateType":{ - "shape":"PromptTemplateType", - "documentation":"

The type of prompt template.

" + "additionalModelRequestFields":{ + "shape":"Document", + "documentation":"

Additional fields to be included in the model request for the Prompt node.

" } }, "documentation":"

Contains configurations for a prompt defined inline in the node.

" @@ -8062,7 +8755,7 @@ "required":["promptArn"], "members":{ "promptArn":{ - "shape":"PromptArn", + "shape":"FlowPromptArn", "documentation":"

The Amazon Resource Name (ARN) of the prompt from Prompt management.

" } }, @@ -8071,13 +8764,13 @@ "PromptFlowNodeSourceConfiguration":{ "type":"structure", "members":{ - "inline":{ - "shape":"PromptFlowNodeInlineConfiguration", - "documentation":"

Contains configurations for a prompt that is defined inline

" - }, "resource":{ "shape":"PromptFlowNodeResourceConfiguration", "documentation":"

Contains configurations for a prompt from Prompt management.

" + }, + "inline":{ + "shape":"PromptFlowNodeInlineConfiguration", + "documentation":"

Contains configurations for a prompt that is defined inline

" } }, "documentation":"

Contains configurations for a prompt and whether it is from Prompt management or defined inline.

", @@ -8097,11 +8790,11 @@ }, "PromptId":{ "type":"string", - "pattern":"^[0-9a-zA-Z]{10}$" + "pattern":"[0-9a-zA-Z]{10}" }, "PromptIdentifier":{ "type":"string", - "pattern":"^([0-9a-zA-Z]{10})|(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})(?::[0-9]{1,5})?$" + "pattern":"([0-9a-zA-Z]{10})|(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10})(?::[0-9]{1,5})?" }, "PromptInferenceConfiguration":{ "type":"structure", @@ -8126,12 +8819,12 @@ }, "PromptInputVariableName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "PromptInputVariablesList":{ "type":"list", "member":{"shape":"PromptInputVariable"}, - "max":5, + "max":20, "min":0, "sensitive":true }, @@ -8158,7 +8851,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[a-zA-Z0-9\\s._:/=+@-]*$", + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*", "sensitive":true }, "PromptMetadataList":{ @@ -8172,26 +8865,18 @@ "type":"string", "max":1024, "min":0, - "pattern":"^[a-zA-Z0-9\\s._:/=+@-]*$", + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*", "sensitive":true }, "PromptModelIdentifier":{ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]{1,12})?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-zA-Z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" }, "PromptModelInferenceConfiguration":{ "type":"structure", "members":{ - "maxTokens":{ - "shape":"MaximumLength", - "documentation":"

The maximum number of tokens to return in the response.

" - }, - "stopSequences":{ - "shape":"StopSequences", - "documentation":"

A list of strings that define sequences after which the model will stop generating.

" - }, "temperature":{ "shape":"Temperature", "documentation":"

Controls the randomness of the response. Choose a lower value for more predictable outputs and a higher value for more surprising outputs.

" @@ -8199,25 +8884,33 @@ "topP":{ "shape":"TopP", "documentation":"

The percentage of most-likely candidates that the model considers for the next token.

" + }, + "maxTokens":{ + "shape":"MaximumLength", + "documentation":"

The maximum number of tokens to return in the response.

" + }, + "stopSequences":{ + "shape":"StopSequences", + "documentation":"

A list of strings that define sequences after which the model will stop generating.

" } }, "documentation":"

Contains inference configurations related to model inference for a prompt. For more information, see Inference parameters.

" }, "PromptName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "PromptOverrideConfiguration":{ "type":"structure", "required":["promptConfigurations"], "members":{ - "overrideLambda":{ - "shape":"LambdaArn", - "documentation":"

The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN. For more information, see Parser Lambda function in Amazon Bedrock Agents.

" - }, "promptConfigurations":{ "shape":"PromptConfigurations", "documentation":"

Contains configurations to override a prompt template in one part of an agent sequence. For more information, see Advanced prompts.

" + }, + "overrideLambda":{ + "shape":"LambdaArn", + "documentation":"

The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN. For more information, see Parser Lambda function in Amazon Bedrock Agents.

" } }, "documentation":"

Contains configurations to override prompts in different parts of an agent sequence. For more information, see Advanced prompts.

", @@ -8239,21 +8932,17 @@ "PromptSummary":{ "type":"structure", "required":[ + "name", + "id", "arn", + "version", "createdAt", - "id", - "name", - "updatedAt", - "version" + "updatedAt" ], "members":{ - "arn":{ - "shape":"PromptArn", - "documentation":"

The Amazon Resource Name (ARN) of the prompt or the prompt version (if you specified a version in the request).

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was created.

" + "name":{ + "shape":"PromptName", + "documentation":"

The name of the prompt.

" }, "description":{ "shape":"PromptDescription", @@ -8263,17 +8952,21 @@ "shape":"PromptId", "documentation":"

The unique identifier of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

The name of the prompt.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was last updated.

" + "arn":{ + "shape":"PromptArn", + "documentation":"

The Amazon Resource Name (ARN) of the prompt or the prompt version (if you specified a version in the request).

" }, "version":{ "shape":"Version", "documentation":"

The version of the prompt that this summary applies to.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was last updated.

" } }, "documentation":"

Contains information about a prompt in your Prompt management tool.

This data type is used in the following API operations:

" @@ -8281,13 +8974,13 @@ "PromptTemplateConfiguration":{ "type":"structure", "members":{ - "chat":{ - "shape":"ChatPromptTemplateConfiguration", - "documentation":"

Contains configurations to use the prompt in a conversational format.

" - }, "text":{ "shape":"TextPromptTemplateConfiguration", "documentation":"

Contains configurations for the text in a message for a prompt.

" + }, + "chat":{ + "shape":"ChatPromptTemplateConfiguration", + "documentation":"

Contains configurations to use the prompt in a conversational format.

" } }, "documentation":"

Contains the message for a prompt. For more information, see Construct and store reusable prompts with Prompt management in Amazon Bedrock.

", @@ -8314,17 +9007,25 @@ "type":"structure", "required":[ "name", - "templateConfiguration", - "templateType" + "templateType", + "templateConfiguration" ], "members":{ - "additionalModelRequestFields":{ - "shape":"Document", - "documentation":"

Contains model-specific inference configurations that aren't in the inferenceConfiguration field. To see model-specific inference parameters, see Inference request parameters and response fields for foundation models.

" + "name":{ + "shape":"PromptVariantName", + "documentation":"

The name of the prompt variant.

" }, - "genAiResource":{ - "shape":"PromptGenAiResource", - "documentation":"

Specifies a generative AI resource with which to use the prompt.

" + "templateType":{ + "shape":"PromptTemplateType", + "documentation":"

The type of prompt template to use.

" + }, + "templateConfiguration":{ + "shape":"PromptTemplateConfiguration", + "documentation":"

Contains configurations for the prompt template.

" + }, + "modelId":{ + "shape":"PromptModelIdentifier", + "documentation":"

The unique identifier of the model or inference profile with which to run inference on the prompt.

" }, "inferenceConfiguration":{ "shape":"PromptInferenceConfiguration", @@ -8334,21 +9035,13 @@ "shape":"PromptMetadataList", "documentation":"

An array of objects, each containing a key-value pair that defines a metadata tag and value to attach to a prompt variant.

" }, - "modelId":{ - "shape":"PromptModelIdentifier", - "documentation":"

The unique identifier of the model or inference profile with which to run inference on the prompt.

" - }, - "name":{ - "shape":"PromptVariantName", - "documentation":"

The name of the prompt variant.

" - }, - "templateConfiguration":{ - "shape":"PromptTemplateConfiguration", - "documentation":"

Contains configurations for the prompt template.

" + "additionalModelRequestFields":{ + "shape":"Document", + "documentation":"

Contains model-specific inference configurations that aren't in the inferenceConfiguration field. To see model-specific inference parameters, see Inference request parameters and response fields for foundation models.

" }, - "templateType":{ - "shape":"PromptTemplateType", - "documentation":"

The type of prompt template to use.

" + "genAiResource":{ + "shape":"PromptGenAiResource", + "documentation":"

Specifies a generative AI resource with which to use the prompt.

" } }, "documentation":"

Contains details about a variant of the prompt.

", @@ -8363,13 +9056,13 @@ }, "PromptVariantName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "ProvisionedModelIdentifier":{ "type":"string", "max":2048, "min":1, - "pattern":"^((([0-9a-zA-Z][_-]?){1,63})|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:provisioned-model/[a-z0-9]{12}))$" + "pattern":"((([0-9a-zA-Z][_-]?){1,63})|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:provisioned-model/[a-z0-9]{12}))" }, "QueryEngineType":{ "type":"string", @@ -8384,6 +9077,10 @@ "QueryGenerationColumn":{ "type":"structure", "members":{ + "name":{ + "shape":"QueryGenerationColumnName", + "documentation":"

The name of the column for which the other fields in this object apply.

" + }, "description":{ "shape":"DescriptionString", "documentation":"

A description of the column that helps the query engine understand the contents of the column.

" @@ -8391,10 +9088,6 @@ "inclusion":{ "shape":"IncludeExclude", "documentation":"

Specifies whether to include or exclude the column during query generation. If you specify EXCLUDE, the column will be ignored. If you specify INCLUDE, all other columns in the table will be ignored.

" - }, - "name":{ - "shape":"QueryGenerationColumnName", - "documentation":"

The name of the column for which the other fields in this object apply.

" } }, "documentation":"

Contains information about a column in the current table for the query engine to consider.

" @@ -8425,13 +9118,13 @@ "QueryGenerationContext":{ "type":"structure", "members":{ - "curatedQueries":{ - "shape":"CuratedQueries", - "documentation":"

An array of objects, each of which defines information about example queries to help the query engine generate appropriate SQL queries.

" - }, "tables":{ "shape":"QueryGenerationTables", "documentation":"

An array of objects, each of which defines information about a table in the database.

" + }, + "curatedQueries":{ + "shape":"CuratedQueries", + "documentation":"

An array of objects, each of which defines information about example queries to help the query engine generate appropriate SQL queries.

" } }, "documentation":"

>Contains configurations for context to use during query generation.

", @@ -8441,9 +9134,9 @@ "type":"structure", "required":["name"], "members":{ - "columns":{ - "shape":"QueryGenerationColumns", - "documentation":"

An array of objects, each of which defines information about a column in the table.

" + "name":{ + "shape":"QueryGenerationTableName", + "documentation":"

The name of the table for which the other fields in this object apply.

" }, "description":{ "shape":"DescriptionString", @@ -8453,16 +9146,16 @@ "shape":"IncludeExclude", "documentation":"

Specifies whether to include or exclude the table during query generation. If you specify EXCLUDE, the table will be ignored. If you specify INCLUDE, all other tables will be ignored.

" }, - "name":{ - "shape":"QueryGenerationTableName", - "documentation":"

The name of the table for which the other fields in this object apply.

" + "columns":{ + "shape":"QueryGenerationColumns", + "documentation":"

An array of objects, each of which defines information about a column in the table.

" } }, "documentation":"

Contains information about a table for the query engine to consider.

" }, "QueryGenerationTableName":{ "type":"string", - "pattern":"^.*\\..*\\..*$" + "pattern":".*\\..*\\..*" }, "QueryGenerationTables":{ "type":"list", @@ -8472,18 +9165,22 @@ }, "RdsArn":{ "type":"string", - "pattern":"^arn:aws(|-cn|-us-gov):rds:[a-zA-Z0-9-]*:[0-9]{12}:cluster:[a-zA-Z0-9-]{1,63}$" + "pattern":"arn:aws(|-cn|-us-gov):rds:[a-zA-Z0-9-]*:[0-9]{12}:cluster:[a-zA-Z0-9-]{1,63}" }, "RdsConfiguration":{ "type":"structure", "required":[ + "resourceArn", "credentialsSecretArn", "databaseName", - "fieldMapping", - "resourceArn", - "tableName" + "tableName", + "fieldMapping" ], "members":{ + "resourceArn":{ + "shape":"RdsArn", + "documentation":"

The Amazon Resource Name (ARN) of the vector store.

" + }, "credentialsSecretArn":{ "shape":"SecretArn", "documentation":"

The Amazon Resource Name (ARN) of the secret that you created in Secrets Manager that is linked to your Amazon RDS database.

" @@ -8492,17 +9189,13 @@ "shape":"RdsDatabaseName", "documentation":"

The name of your Amazon RDS database.

" }, - "fieldMapping":{ - "shape":"RdsFieldMapping", - "documentation":"

Contains the names of the fields to which to map information about the vector store.

" - }, - "resourceArn":{ - "shape":"RdsArn", - "documentation":"

The Amazon Resource Name (ARN) of the vector store.

" - }, "tableName":{ "shape":"RdsTableName", "documentation":"

The name of the table in the database.

" + }, + "fieldMapping":{ + "shape":"RdsFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" } }, "documentation":"

Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS.

" @@ -8511,32 +9204,36 @@ "type":"string", "max":63, "min":0, - "pattern":"^[a-zA-Z0-9_\\-]+$" + "pattern":"[a-zA-Z0-9_\\-]+" }, "RdsFieldMapping":{ "type":"structure", "required":[ - "metadataField", "primaryKeyField", + "vectorField", "textField", - "vectorField" + "metadataField" ], "members":{ - "metadataField":{ - "shape":"ColumnName", - "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" - }, "primaryKeyField":{ "shape":"ColumnName", "documentation":"

The name of the field in which Amazon Bedrock stores the ID for each entry.

" }, + "vectorField":{ + "shape":"ColumnName", + "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + }, "textField":{ "shape":"ColumnName", "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" }, - "vectorField":{ + "metadataField":{ "shape":"ColumnName", - "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + }, + "customMetadataField":{ + "shape":"ColumnName", + "documentation":"

Provide a name for the universal metadata field where Amazon Bedrock will store any custom metadata from your data source.

" } }, "documentation":"

Contains the names of the fields to which to map information about the vector store.

" @@ -8545,7 +9242,7 @@ "type":"string", "max":63, "min":0, - "pattern":"^[a-zA-Z0-9_\\.\\-]+$" + "pattern":"[a-zA-Z0-9_\\.\\-]+" }, "RecommendedAction":{ "type":"string", @@ -8561,27 +9258,27 @@ "RedisEnterpriseCloudConfiguration":{ "type":"structure", "required":[ - "credentialsSecretArn", "endpoint", - "fieldMapping", - "vectorIndexName" + "vectorIndexName", + "credentialsSecretArn", + "fieldMapping" ], "members":{ - "credentialsSecretArn":{ - "shape":"SecretArn", - "documentation":"

The Amazon Resource Name (ARN) of the secret that you created in Secrets Manager that is linked to your Redis Enterprise Cloud database.

" - }, "endpoint":{ "shape":"RedisEnterpriseCloudEndpoint", "documentation":"

The endpoint URL of the Redis Enterprise Cloud database.

" }, - "fieldMapping":{ - "shape":"RedisEnterpriseCloudFieldMapping", - "documentation":"

Contains the names of the fields to which to map information about the vector store.

" - }, "vectorIndexName":{ "shape":"RedisEnterpriseCloudIndexName", "documentation":"

The name of the vector index.

" + }, + "credentialsSecretArn":{ + "shape":"SecretArn", + "documentation":"

The Amazon Resource Name (ARN) of the secret that you created in Secrets Manager that is linked to your Redis Enterprise Cloud database.

" + }, + "fieldMapping":{ + "shape":"RedisEnterpriseCloudFieldMapping", + "documentation":"

Contains the names of the fields to which to map information about the vector store.

" } }, "documentation":"

Contains details about the storage configuration of the knowledge base in Redis Enterprise Cloud. For more information, see Create a vector index in Redis Enterprise Cloud.

" @@ -8590,27 +9287,27 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "RedisEnterpriseCloudFieldMapping":{ "type":"structure", "required":[ - "metadataField", + "vectorField", "textField", - "vectorField" + "metadataField" ], "members":{ - "metadataField":{ + "vectorField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" + "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" }, "textField":{ "shape":"FieldName", "documentation":"

The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose.

" }, - "vectorField":{ + "metadataField":{ "shape":"FieldName", - "documentation":"

The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources.

" + "documentation":"

The name of the field in which Amazon Bedrock stores metadata about the vector store.

" } }, "documentation":"

Contains the names of the fields to which to map information about the vector store.

" @@ -8619,7 +9316,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^.*$" + "pattern":".*" }, "RedshiftClusterIdentifier":{ "type":"string", @@ -8629,10 +9326,14 @@ "RedshiftConfiguration":{ "type":"structure", "required":[ - "queryEngineConfiguration", - "storageConfigurations" + "storageConfigurations", + "queryEngineConfiguration" ], "members":{ + "storageConfigurations":{ + "shape":"RedshiftQueryEngineStorageConfigurations", + "documentation":"

Specifies configurations for Amazon Redshift database storage.

" + }, "queryEngineConfiguration":{ "shape":"RedshiftQueryEngineConfiguration", "documentation":"

Specifies configurations for an Amazon Redshift query engine.

" @@ -8640,10 +9341,6 @@ "queryGenerationConfiguration":{ "shape":"QueryGenerationConfiguration", "documentation":"

Specifies configurations for generating queries.

" - }, - "storageConfigurations":{ - "shape":"RedshiftQueryEngineStorageConfigurations", - "documentation":"

Specifies configurations for Amazon Redshift database storage.

" } }, "documentation":"

Contains configurations for an Amazon Redshift database. For more information, see Build a knowledge base by connecting to a structured data source in the Amazon Bedrock User Guide.

" @@ -8657,14 +9354,14 @@ "type":"structure", "required":["type"], "members":{ - "databaseUser":{ - "shape":"String", - "documentation":"

The database username for authentication to an Amazon Redshift provisioned data warehouse.

" - }, "type":{ "shape":"RedshiftProvisionedAuthType", "documentation":"

The type of authentication to use.

" }, + "databaseUser":{ + "shape":"String", + "documentation":"

The database username for authentication to an Amazon Redshift provisioned data warehouse.

" + }, "usernamePasswordSecretArn":{ "shape":"SecretArn", "documentation":"

The ARN of an Secrets Manager secret for authentication.

" @@ -8683,17 +9380,17 @@ "RedshiftProvisionedConfiguration":{ "type":"structure", "required":[ - "authConfiguration", - "clusterIdentifier" + "clusterIdentifier", + "authConfiguration" ], "members":{ - "authConfiguration":{ - "shape":"RedshiftProvisionedAuthConfiguration", - "documentation":"

Specifies configurations for authentication to Amazon Redshift.

" - }, "clusterIdentifier":{ "shape":"RedshiftClusterIdentifier", "documentation":"

The ID of the Amazon Redshift cluster.

" + }, + "authConfiguration":{ + "shape":"RedshiftProvisionedAuthConfiguration", + "documentation":"

Specifies configurations for authentication to Amazon Redshift.

" } }, "documentation":"

Contains configurations for a provisioned Amazon Redshift query engine.

" @@ -8713,17 +9410,17 @@ "type":"structure", "required":["type"], "members":{ - "provisionedConfiguration":{ - "shape":"RedshiftProvisionedConfiguration", - "documentation":"

Specifies configurations for a provisioned Amazon Redshift query engine.

" + "type":{ + "shape":"RedshiftQueryEngineType", + "documentation":"

The type of query engine.

" }, "serverlessConfiguration":{ "shape":"RedshiftServerlessConfiguration", "documentation":"

Specifies configurations for a serverless Amazon Redshift query engine.

" }, - "type":{ - "shape":"RedshiftQueryEngineType", - "documentation":"

The type of query engine.

" + "provisionedConfiguration":{ + "shape":"RedshiftProvisionedConfiguration", + "documentation":"

Specifies configurations for a provisioned Amazon Redshift query engine.

" } }, "documentation":"

Contains configurations for an Amazon Redshift query engine. Specify the type of query engine in type and include the corresponding field. For more information, see Build a knowledge base by connecting to a structured data source in the Amazon Bedrock User Guide.

" @@ -8743,6 +9440,10 @@ "type":"structure", "required":["type"], "members":{ + "type":{ + "shape":"RedshiftQueryEngineStorageType", + "documentation":"

The data storage service to use.

" + }, "awsDataCatalogConfiguration":{ "shape":"RedshiftQueryEngineAwsDataCatalogStorageConfiguration", "documentation":"

Specifies configurations for storage in Glue Data Catalog.

" @@ -8750,10 +9451,6 @@ "redshiftConfiguration":{ "shape":"RedshiftQueryEngineRedshiftStorageConfiguration", "documentation":"

Specifies configurations for storage in Amazon Redshift.

" - }, - "type":{ - "shape":"RedshiftQueryEngineStorageType", - "documentation":"

The data storage service to use.

" } }, "documentation":"

Contains configurations for Amazon Redshift data storage. Specify the data storage service to use in the type field and include the corresponding field. For more information, see Build a knowledge base by connecting to a structured data source in the Amazon Bedrock User Guide.

" @@ -8803,17 +9500,17 @@ "RedshiftServerlessConfiguration":{ "type":"structure", "required":[ - "authConfiguration", - "workgroupArn" + "workgroupArn", + "authConfiguration" ], "members":{ - "authConfiguration":{ - "shape":"RedshiftServerlessAuthConfiguration", - "documentation":"

Specifies configurations for authentication to an Amazon Redshift provisioned data warehouse.

" - }, "workgroupArn":{ "shape":"WorkgroupArn", "documentation":"

The ARN of the Amazon Redshift workgroup.

" + }, + "authConfiguration":{ + "shape":"RedshiftServerlessAuthConfiguration", + "documentation":"

Specifies configurations for authentication to an Amazon Redshift provisioned data warehouse.

" } }, "documentation":"

Contains configurations for authentication to Amazon Redshift Serverless.

" @@ -8833,6 +9530,28 @@ "DISABLED" ] }, + "RerankingMetadataSelectionMode":{ + "type":"string", + "enum":[ + "SELECTIVE", + "ALL" + ] + }, + "RerankingMetadataSelectiveModeConfiguration":{ + "type":"structure", + "members":{ + "fieldsToInclude":{ + "shape":"FieldsForReranking", + "documentation":"

Specifies the metadata fields to include in the reranking process.

" + }, + "fieldsToExclude":{ + "shape":"FieldsForReranking", + "documentation":"

Specifies the metadata fields to exclude from the reranking process.

" + } + }, + "documentation":"

Configures the metadata fields to include or exclude during the reranking process when using selective mode.

", + "union":true + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -8861,7 +9580,7 @@ "required":["bucketName"], "members":{ "bucketName":{ - "shape":"S3BucketName", + "shape":"FlowS3BucketName", "documentation":"

The name of the Amazon S3 bucket from which to retrieve data.

" } }, @@ -8882,19 +9601,19 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(|-cn|-us-gov):s3:::[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$" + "pattern":"arn:aws(|-cn|-us-gov):s3:::[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" }, "S3BucketName":{ "type":"string", "max":63, "min":3, - "pattern":"^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$" + "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]" }, "S3BucketUri":{ "type":"string", "max":2048, "min":1, - "pattern":"^s3://.{1,128}$" + "pattern":"s3://.{1,128}" }, "S3Content":{ "type":"structure", @@ -8915,13 +9634,13 @@ "shape":"S3BucketArn", "documentation":"

The Amazon Resource Name (ARN) of the S3 bucket that contains your data.

" }, - "bucketOwnerAccountId":{ - "shape":"BucketOwnerAccountId", - "documentation":"

The account ID for the owner of the S3 bucket.

" - }, "inclusionPrefixes":{ "shape":"S3Prefixes", "documentation":"

A list of S3 prefixes to include certain files or content. For more information, see Organizing objects using prefixes.

" + }, + "bucketOwnerAccountId":{ + "shape":"BucketOwnerAccountId", + "documentation":"

The account ID for the owner of the S3 bucket.

" } }, "documentation":"

The configuration information to connect to Amazon S3 as your data source.

" @@ -8955,13 +9674,13 @@ "type":"string", "max":1024, "min":1, - "pattern":"^[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*$" + "pattern":"[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*" }, "S3ObjectUri":{ "type":"string", "max":1024, "min":1, - "pattern":"^s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}$" + "pattern":"s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}" }, "S3Prefix":{ "type":"string", @@ -8975,6 +9694,24 @@ "max":1, "min":1 }, + "S3VectorsConfiguration":{ + "type":"structure", + "members":{ + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

The Amazon Resource Name (ARN) of the S3 bucket where vector embeddings are stored. This bucket contains the vector data used by the knowledge base.

" + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

The Amazon Resource Name (ARN) of the vector index used for the knowledge base. This ARN identifies the specific vector index resource within Amazon Bedrock.

" + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

The name of the vector index used for the knowledge base. This name identifies the vector index within the Amazon Bedrock service.

" + } + }, + "documentation":"

Contains the storage configuration of the knowledge base for S3 vectors.

" + }, "SalesforceAuthType":{ "type":"string", "enum":["OAUTH2_CLIENT_CREDENTIALS"] @@ -8993,13 +9730,13 @@ "type":"structure", "required":["sourceConfiguration"], "members":{ - "crawlerConfiguration":{ - "shape":"SalesforceCrawlerConfiguration", - "documentation":"

The configuration of the Salesforce content. For example, configuring specific types of Salesforce content.

" - }, "sourceConfiguration":{ "shape":"SalesforceSourceConfiguration", "documentation":"

The endpoint information to connect to your Salesforce data source.

" + }, + "crawlerConfiguration":{ + "shape":"SalesforceCrawlerConfiguration", + "documentation":"

The configuration of the Salesforce content. For example, configuring specific types of Salesforce content.

" } }, "documentation":"

The configuration information to connect to Salesforce as your data source.

" @@ -9007,11 +9744,15 @@ "SalesforceSourceConfiguration":{ "type":"structure", "required":[ + "hostUrl", "authType", - "credentialsSecretArn", - "hostUrl" + "credentialsSecretArn" ], "members":{ + "hostUrl":{ + "shape":"HttpsUrl", + "documentation":"

The Salesforce host URL or instance URL.

" + }, "authType":{ "shape":"SalesforceAuthType", "documentation":"

The supported authentication type to authenticate and connect to your Salesforce instance.

" @@ -9019,17 +9760,13 @@ "credentialsSecretArn":{ "shape":"SecretArn", "documentation":"

The Amazon Resource Name of an Secrets Manager secret that stores your authentication credentials for your Salesforce instance URL. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see Salesforce connection configuration.

" - }, - "hostUrl":{ - "shape":"HttpsUrl", - "documentation":"

The Salesforce host URL or instance URL.

" } }, "documentation":"

The endpoint information to connect to your Salesforce data source.

" }, "SecretArn":{ "type":"string", - "pattern":"^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$" + "pattern":"arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}" }, "SeedUrl":{ "type":"structure", @@ -9050,22 +9787,22 @@ "SemanticChunkingConfiguration":{ "type":"structure", "required":[ - "breakpointPercentileThreshold", + "maxTokens", "bufferSize", - "maxTokens" + "breakpointPercentileThreshold" ], "members":{ - "breakpointPercentileThreshold":{ - "shape":"SemanticChunkingConfigurationBreakpointPercentileThresholdInteger", - "documentation":"

The dissimilarity threshold for splitting chunks.

" + "maxTokens":{ + "shape":"SemanticChunkingConfigurationMaxTokensInteger", + "documentation":"

The maximum number of tokens that a chunk can contain.

" }, "bufferSize":{ "shape":"SemanticChunkingConfigurationBufferSizeInteger", "documentation":"

The buffer size.

" }, - "maxTokens":{ - "shape":"SemanticChunkingConfigurationMaxTokensInteger", - "documentation":"

The maximum number of tokens that a chunk can contain.

" + "breakpointPercentileThreshold":{ + "shape":"SemanticChunkingConfigurationBreakpointPercentileThresholdInteger", + "documentation":"

The dissimilarity threshold for splitting chunks.

" } }, "documentation":"

Settings for semantic document chunking for a data source. Semantic chunking splits a document into into smaller documents based on groups of similar content derived from the text with natural language processing.

With semantic chunking, each sentence is compared to the next to determine how similar they are. You specify a threshold in the form of a percentile, where adjacent sentences that are less similar than that percentage of sentence pairs are divided into separate chunks. For example, if you set the threshold to 90, then the 10 percent of sentence pairs that are least similar are split. So if you have 101 sentences, 100 sentence pairs are compared, and the 10 with the least similarity are split, creating 11 chunks. These chunks are further split if they exceed the max token size.

You must also specify a buffer size, which determines whether sentences are compared in isolation, or within a moving context window that includes the previous and following sentence. For example, if you set the buffer size to 1, the embedding for sentence 10 is derived from sentences 9, 10, and 11 combined.

" @@ -9122,7 +9859,7 @@ "SessionTTL":{ "type":"integer", "box":true, - "max":3600, + "max":5400, "min":60 }, "SharePointAuthType":{ @@ -9146,13 +9883,13 @@ "type":"structure", "required":["sourceConfiguration"], "members":{ - "crawlerConfiguration":{ - "shape":"SharePointCrawlerConfiguration", - "documentation":"

The configuration of the SharePoint content. For example, configuring specific types of SharePoint content.

" - }, "sourceConfiguration":{ "shape":"SharePointSourceConfiguration", "documentation":"

The endpoint information to connect to your SharePoint data source.

" + }, + "crawlerConfiguration":{ + "shape":"SharePointCrawlerConfiguration", + "documentation":"

The configuration of the SharePoint content. For example, configuring specific types of SharePoint content.

" } }, "documentation":"

The configuration information to connect to SharePoint as your data source.

" @@ -9175,36 +9912,36 @@ "SharePointSourceConfiguration":{ "type":"structure", "required":[ - "authType", - "credentialsSecretArn", "domain", + "siteUrls", "hostType", - "siteUrls" + "authType", + "credentialsSecretArn" ], "members":{ - "authType":{ - "shape":"SharePointAuthType", - "documentation":"

The supported authentication type to authenticate and connect to your SharePoint site/sites.

" - }, - "credentialsSecretArn":{ - "shape":"SecretArn", - "documentation":"

The Amazon Resource Name of an Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration.

" + "tenantId":{ + "shape":"Microsoft365TenantId", + "documentation":"

The identifier of your Microsoft 365 tenant.

" }, "domain":{ "shape":"SharePointDomain", "documentation":"

The domain of your SharePoint instance or site URL/URLs.

" }, + "siteUrls":{ + "shape":"SharePointSiteUrls", + "documentation":"

A list of one or more SharePoint site URLs.

" + }, "hostType":{ "shape":"SharePointHostType", "documentation":"

The supported host type, whether online/cloud or server/on-premises.

" }, - "siteUrls":{ - "shape":"SharePointSiteUrls", - "documentation":"

A list of one or more SharePoint site URLs.

" + "authType":{ + "shape":"SharePointAuthType", + "documentation":"

The supported authentication type to authenticate and connect to your SharePoint site/sites.

" }, - "tenantId":{ - "shape":"Microsoft365TenantId", - "documentation":"

The identifier of your Microsoft 365 tenant.

" + "credentialsSecretArn":{ + "shape":"SecretArn", + "documentation":"

The Amazon Resource Name of an Secrets Manager secret that stores your authentication credentials for your SharePoint site/sites. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration.

" } }, "documentation":"

The endpoint information to connect to your SharePoint data source.

" @@ -9231,13 +9968,13 @@ "type":"structure", "required":["type"], "members":{ - "redshiftConfiguration":{ - "shape":"RedshiftConfiguration", - "documentation":"

Specifies configurations for a knowledge base connected to an Amazon Redshift database.

" - }, "type":{ "shape":"QueryEngineType", "documentation":"

The type of SQL database to connect to the knowledge base.

" + }, + "redshiftConfiguration":{ + "shape":"RedshiftConfiguration", + "documentation":"

Specifies configurations for a knowledge base connected to an Amazon Redshift database.

" } }, "documentation":"

Contains configurations for a knowledge base connected to an SQL database. Specify the SQL database type in the type field and include the corresponding field. For more information, see Build a knowledge base by connecting to a structured data source in the Amazon Bedrock User Guide.

" @@ -9250,14 +9987,15 @@ "StartIngestionJobRequest":{ "type":"structure", "required":[ - "dataSourceId", - "knowledgeBaseId" + "knowledgeBaseId", + "dataSourceId" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", - "idempotencyToken":true + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the data ingestion job.

", + "location":"uri", + "locationName":"knowledgeBaseId" }, "dataSourceId":{ "shape":"Id", @@ -9265,15 +10003,14 @@ "location":"uri", "locationName":"dataSourceId" }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, "description":{ "shape":"Description", "documentation":"

A description of the data ingestion job.

" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the data ingestion job.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -9294,11 +10031,17 @@ "StopIngestionJobRequest":{ "type":"structure", "required":[ + "knowledgeBaseId", "dataSourceId", - "ingestionJobId", - "knowledgeBaseId" + "ingestionJobId" ], "members":{ + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the data ingestion job you want to stop.

", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "dataSourceId":{ "shape":"Id", "documentation":"

The unique identifier of the data source for the data ingestion job you want to stop.

", @@ -9310,12 +10053,6 @@ "documentation":"

The unique identifier of the data ingestion job you want to stop.

", "location":"uri", "locationName":"ingestionJobId" - }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the data ingestion job you want to stop.

", - "location":"uri", - "locationName":"knowledgeBaseId" } } }, @@ -9339,29 +10076,41 @@ "type":"structure", "required":["type"], "members":{ - "mongoDbAtlasConfiguration":{ - "shape":"MongoDbAtlasConfiguration", - "documentation":"

Contains the storage configuration of the knowledge base in MongoDB Atlas.

" + "type":{ + "shape":"KnowledgeBaseStorageType", + "documentation":"

The vector store service in which the knowledge base is stored.

" }, "opensearchServerlessConfiguration":{ "shape":"OpenSearchServerlessConfiguration", "documentation":"

Contains the storage configuration of the knowledge base in Amazon OpenSearch Service.

" }, + "opensearchManagedClusterConfiguration":{ + "shape":"OpenSearchManagedClusterConfiguration", + "documentation":"

Contains details about the storage configuration of the knowledge base in OpenSearch Managed Cluster. For more information, see Create a vector index in Amazon OpenSearch Service.

" + }, "pineconeConfiguration":{ "shape":"PineconeConfiguration", "documentation":"

Contains the storage configuration of the knowledge base in Pinecone.

" }, + "redisEnterpriseCloudConfiguration":{ + "shape":"RedisEnterpriseCloudConfiguration", + "documentation":"

Contains the storage configuration of the knowledge base in Redis Enterprise Cloud.

" + }, "rdsConfiguration":{ "shape":"RdsConfiguration", "documentation":"

Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS.

" }, - "redisEnterpriseCloudConfiguration":{ - "shape":"RedisEnterpriseCloudConfiguration", - "documentation":"

Contains the storage configuration of the knowledge base in Redis Enterprise Cloud.

" + "mongoDbAtlasConfiguration":{ + "shape":"MongoDbAtlasConfiguration", + "documentation":"

Contains the storage configuration of the knowledge base in MongoDB Atlas.

" }, - "type":{ - "shape":"KnowledgeBaseStorageType", - "documentation":"

The vector store service in which the knowledge base is stored.

" + "neptuneAnalyticsConfiguration":{ + "shape":"NeptuneAnalyticsConfiguration", + "documentation":"

Contains details about the Neptune Analytics configuration of the knowledge base in Amazon Neptune. For more information, see Create a vector index in Amazon Neptune Analytics..

" + }, + "s3VectorsConfiguration":{ + "shape":"S3VectorsConfiguration", + "documentation":"

The configuration settings for storing knowledge base data using S3 vectors. This includes vector index information and S3 bucket details for vector storage.

" } }, "documentation":"

Contains the storage configuration of the knowledge base.

" @@ -9388,7 +10137,7 @@ "required":["bucketName"], "members":{ "bucketName":{ - "shape":"S3BucketName", + "shape":"FlowS3BucketName", "documentation":"

The name of the Amazon S3 bucket in which to store the input into the node.

" } }, @@ -9427,13 +10176,13 @@ "type":"structure", "required":["type"], "members":{ - "s3Location":{ - "shape":"S3Location", - "documentation":"

Contains information about the Amazon S3 location for the extracted images.

" - }, "type":{ "shape":"SupplementalDataStorageLocationType", "documentation":"

Specifies the storage service used for this location.

" + }, + "s3Location":{ + "shape":"S3Location", + "documentation":"

Contains information about the Amazon S3 location for the extracted images.

" } }, "documentation":"

Contains information about a storage location for images extracted from multimodal documents in your data source.

" @@ -9448,12 +10197,20 @@ "max":1, "min":1 }, + "SupportedLanguages":{ + "type":"string", + "enum":["Python_3"] + }, "SystemContentBlock":{ "type":"structure", "members":{ "text":{ "shape":"NonEmptyString", "documentation":"

The text in the system prompt.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

Creates a cache checkpoint within a tool designation

" } }, "documentation":"

Contains a system prompt to provide context to the model or to describe how it should behave. For more information, see Create a prompt using Prompt management.

", @@ -9468,7 +10225,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[a-zA-Z0-9\\s._:/=+@-]*$" + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TagKeyList":{ "type":"list", @@ -9504,13 +10261,13 @@ "type":"string", "max":256, "min":0, - "pattern":"^[a-zA-Z0-9\\s._:/=+@-]*$" + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" }, "TaggableResourcesArn":{ "type":"string", "max":1011, "min":20, - "pattern":"(^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:(agent|agent-alias|knowledge-base|flow|prompt)/[A-Z0-9]{10}(?:/[A-Z0-9]{10})?$|^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:flow/([A-Z0-9]{10})/alias/([A-Z0-9]{10})$|^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:prompt/([A-Z0-9]{10})?(?::/d+)?$)" + "pattern":".*(^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:(agent|agent-alias|knowledge-base|flow|prompt)/[A-Z0-9]{10}(?:/[A-Z0-9]{10})?$|^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:flow/([A-Z0-9]{10})/alias/([A-Z0-9]{10})$|^arn:aws:bedrock:[a-zA-Z0-9-]+:/d{12}:prompt/([A-Z0-9]{10})?(?::/d+)?$).*" }, "TagsMap":{ "type":"map", @@ -9536,7 +10293,6 @@ }, "TextPrompt":{ "type":"string", - "max":200000, "min":1, "sensitive":true }, @@ -9544,13 +10300,17 @@ "type":"structure", "required":["text"], "members":{ - "inputVariables":{ - "shape":"PromptInputVariablesList", - "documentation":"

An array of the variables in the prompt template.

" - }, "text":{ "shape":"TextPrompt", "documentation":"

The message for the prompt.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

A cache checkpoint within a template configuration.

" + }, + "inputVariables":{ + "shape":"PromptInputVariablesList", + "documentation":"

An array of the variables in the prompt template.

" } }, "documentation":"

Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in {{variable}}.

", @@ -9574,6 +10334,10 @@ "toolSpec":{ "shape":"ToolSpecification", "documentation":"

The specification for the tool.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

Creates a cache checkpoint within a tool designation

" } }, "documentation":"

Contains configurations for a tool that a model can use when generating a response. For more information, see Use a tool to complete an Amazon Bedrock model response.

", @@ -9582,14 +10346,14 @@ "ToolChoice":{ "type":"structure", "members":{ - "any":{ - "shape":"AnyToolChoice", - "documentation":"

Defines tools, at least one of which must be requested by the model. No text is generated but the results of tool use are sent back to the model to help generate a response.

" - }, "auto":{ "shape":"AutoToolChoice", "documentation":"

Defines tools. The model automatically decides whether to call a tool or to generate text instead.

" }, + "any":{ + "shape":"AnyToolChoice", + "documentation":"

Defines tools, at least one of which must be requested by the model. No text is generated but the results of tool use are sent back to the model to help generate a response.

" + }, "tool":{ "shape":"SpecificToolChoice", "documentation":"

Defines a specific tool that the model must request. No text is generated but the results of tool use are sent back to the model to help generate a response.

" @@ -9603,13 +10367,13 @@ "type":"structure", "required":["tools"], "members":{ - "toolChoice":{ - "shape":"ToolChoice", - "documentation":"

Defines which tools the model should request when invoked.

" - }, "tools":{ "shape":"ToolConfigurationToolsList", "documentation":"

An array of tools to pass to a model.

" + }, + "toolChoice":{ + "shape":"ToolChoice", + "documentation":"

Defines which tools the model should request when invoked.

" } }, "documentation":"

Configuration information for the tools that the model can use when generating a response. For more information, see Use a tool to complete an Amazon Bedrock model response.

" @@ -9635,15 +10399,19 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z][a-zA-Z0-9_]*$" + "pattern":"[a-zA-Z][a-zA-Z0-9_]*" }, "ToolSpecification":{ "type":"structure", "required":[ - "inputSchema", - "name" + "name", + "inputSchema" ], "members":{ + "name":{ + "shape":"ToolName", + "documentation":"

The name of the tool.

" + }, "description":{ "shape":"NonEmptyString", "documentation":"

The description of the tool.

" @@ -9651,10 +10419,6 @@ "inputSchema":{ "shape":"ToolInputSchema", "documentation":"

The input schema for the tool.

" - }, - "name":{ - "shape":"ToolName", - "documentation":"

The name of the tool.

" } }, "documentation":"

Contains a specification for a tool. For more information, see Use a tool to complete an Amazon Bedrock model response.

" @@ -9674,17 +10438,17 @@ "Transformation":{ "type":"structure", "required":[ - "stepToApply", - "transformationFunction" + "transformationFunction", + "stepToApply" ], "members":{ - "stepToApply":{ - "shape":"StepType", - "documentation":"

When the service applies the transformation.

" - }, "transformationFunction":{ "shape":"TransformationFunction", "documentation":"

A Lambda function that processes documents.

" + }, + "stepToApply":{ + "shape":"StepType", + "documentation":"

When the service applies the transformation.

" } }, "documentation":"

A custom processing step for documents moving through a data source ingestion pipeline. To process documents after they have been converted into chunks, set the step to apply to POST_CHUNKING.

" @@ -9730,17 +10494,17 @@ "UnfulfilledNodeInputFlowValidationDetails":{ "type":"structure", "required":[ - "input", - "node" + "node", + "input" ], "members":{ - "input":{ - "shape":"FlowNodeInputName", - "documentation":"

The name of the unfulfilled input. An input is unfulfilled if there are no data connections to it.

" - }, "node":{ "shape":"FlowNodeName", "documentation":"

The name of the node containing the unfulfilled input.

" + }, + "input":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the unfulfilled input. An input is unfulfilled if there are no data connections to it.

" } }, "documentation":"

Details about an unfulfilled node input with no valid connections.

" @@ -9800,6 +10564,42 @@ }, "documentation":"

Details about an unknown target input for a connection.

" }, + "UnknownNodeInputFlowValidationDetails":{ + "type":"structure", + "required":[ + "node", + "input" + ], + "members":{ + "node":{ + "shape":"FlowNodeName", + "documentation":"

The name of the unknown input.

" + }, + "input":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the node with the unknown input.

" + } + }, + "documentation":"

Details about an unknown input for a node.

" + }, + "UnknownNodeOutputFlowValidationDetails":{ + "type":"structure", + "required":[ + "node", + "output" + ], + "members":{ + "node":{ + "shape":"FlowNodeName", + "documentation":"

The name of the node with the unknown output.

" + }, + "output":{ + "shape":"FlowNodeOutputName", + "documentation":"

The name of the unknown output.

" + } + }, + "documentation":"

Details about an unknown output for a node.

" + }, "UnreachableNodeFlowValidationDetails":{ "type":"structure", "required":["node"], @@ -9857,15 +10657,23 @@ "UpdateAgentActionGroupRequest":{ "type":"structure", "required":[ - "actionGroupId", - "actionGroupName", "agentId", - "agentVersion" + "agentVersion", + "actionGroupId", + "actionGroupName" ], "members":{ - "actionGroupExecutor":{ - "shape":"ActionGroupExecutor", - "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.

" + "agentId":{ + "shape":"Id", + "documentation":"

The unique identifier of the agent for which to update the action group.

", + "location":"uri", + "locationName":"agentId" + }, + "agentVersion":{ + "shape":"DraftVersion", + "documentation":"

The unique identifier of the agent version for which to update the action group.

", + "location":"uri", + "locationName":"agentVersion" }, "actionGroupId":{ "shape":"Id", @@ -9877,37 +10685,33 @@ "shape":"Name", "documentation":"

Specifies a new name for the action group.

" }, + "description":{ + "shape":"Description", + "documentation":"

Specifies a new name for the action group.

" + }, + "parentActionGroupSignature":{ + "shape":"ActionGroupSignature", + "documentation":"

Update the built-in or computer use action for this action group. If you specify a value, you must leave the description, apiSchema, and actionGroupExecutor fields empty for this action group.

  • To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput.

  • To allow your agent to generate, run, and troubleshoot code when trying to complete a task, set this field to AMAZON.CodeInterpreter.

  • To allow your agent to use an Anthropic computer use tool, specify one of the following values.

    Computer use is a new Anthropic Claude model capability (in beta) available with Anthropic Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. When operating computer use functionality, we recommend taking additional security precautions, such as executing computer actions in virtual environments with restricted data access and limited internet connectivity. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

    • ANTHROPIC.Computer - Gives the agent permission to use the mouse and keyboard and take screenshots.

    • ANTHROPIC.TextEditor - Gives the agent permission to view, create and edit files.

    • ANTHROPIC.Bash - Gives the agent permission to run commands in a bash shell.

During orchestration, if your agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an Observation reprompting the user for more information.

" + }, + "parentActionGroupSignatureParams":{ + "shape":"ActionGroupSignatureParams", + "documentation":"

The configuration settings for a computer use action.

Computer use is a new Anthropic Claude model capability (in beta) available with Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" + }, + "actionGroupExecutor":{ + "shape":"ActionGroupExecutor", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.

" + }, "actionGroupState":{ "shape":"ActionGroupState", "documentation":"

Specifies whether the action group is available for the agent to invoke or not when sending an InvokeAgent request.

" }, - "agentId":{ - "shape":"Id", - "documentation":"

The unique identifier of the agent for which to update the action group.

", - "location":"uri", - "locationName":"agentId" - }, - "agentVersion":{ - "shape":"DraftVersion", - "documentation":"

The unique identifier of the agent version for which to update the action group.

", - "location":"uri", - "locationName":"agentVersion" - }, "apiSchema":{ "shape":"APISchema", "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" }, - "description":{ - "shape":"Description", - "documentation":"

Specifies a new name for the action group.

" - }, "functionSchema":{ "shape":"FunctionSchema", "documentation":"

Contains details about the function schema for the action group or the JSON or YAML-formatted payload defining the schema.

" - }, - "parentActionGroupSignature":{ - "shape":"ActionGroupSignature", - "documentation":"

To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput. You must leave the description, apiSchema, and actionGroupExecutor fields blank for this action group.

During orchestration, if your agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an Observation reprompting the user for more information.

" } } }, @@ -9924,11 +10728,17 @@ "UpdateAgentAliasRequest":{ "type":"structure", "required":[ + "agentId", "agentAliasId", - "agentAliasName", - "agentId" + "agentAliasName" ], "members":{ + "agentId":{ + "shape":"Id", + "documentation":"

The unique identifier of the agent.

", + "location":"uri", + "locationName":"agentId" + }, "agentAliasId":{ "shape":"AgentAliasId", "documentation":"

The unique identifier of the alias.

", @@ -9939,12 +10749,6 @@ "shape":"Name", "documentation":"

Specifies a new name for the alias.

" }, - "agentId":{ - "shape":"Id", - "documentation":"

The unique identifier of the agent.

", - "location":"uri", - "locationName":"agentId" - }, "description":{ "shape":"Description", "documentation":"

Specifies a new description for the alias.

" @@ -9952,6 +10756,10 @@ "routingConfiguration":{ "shape":"AgentAliasRoutingConfiguration", "documentation":"

Contains details about the routing configuration of the alias.

" + }, + "aliasInvocationState":{ + "shape":"AliasInvocationState", + "documentation":"

The invocation state for the agent alias. To pause the agent alias, set the value to REJECT_INVOCATIONS. To start the agent alias running again, set the value to ACCEPT_INVOCATIONS. Use the GetAgentAlias, or ListAgentAliases, operation to get the invocation state of an agent alias.

" } } }, @@ -9968,18 +10776,14 @@ "UpdateAgentCollaboratorRequest":{ "type":"structure", "required":[ - "agentDescriptor", "agentId", "agentVersion", - "collaborationInstruction", "collaboratorId", - "collaboratorName" + "agentDescriptor", + "collaboratorName", + "collaborationInstruction" ], "members":{ - "agentDescriptor":{ - "shape":"AgentDescriptor", - "documentation":"

An agent descriptor for the agent collaborator.

" - }, "agentId":{ "shape":"Id", "documentation":"

The agent's ID.

", @@ -9992,20 +10796,24 @@ "location":"uri", "locationName":"agentVersion" }, - "collaborationInstruction":{ - "shape":"CollaborationInstruction", - "documentation":"

Instruction for the collaborator.

" - }, "collaboratorId":{ "shape":"Id", "documentation":"

The collaborator's ID.

", "location":"uri", "locationName":"collaboratorId" }, + "agentDescriptor":{ + "shape":"AgentDescriptor", + "documentation":"

An agent descriptor for the agent collaborator.

" + }, "collaboratorName":{ "shape":"Name", "documentation":"

The collaborator's name.

" }, + "collaborationInstruction":{ + "shape":"CollaborationInstruction", + "documentation":"

Instruction for the collaborator.

" + }, "relayConversationHistory":{ "shape":"RelayConversationHistory", "documentation":"

A relay conversation history for the collaborator.

" @@ -10042,16 +10850,16 @@ "location":"uri", "locationName":"agentVersion" }, - "description":{ - "shape":"Description", - "documentation":"

Specifies a new description for the knowledge base associated with an agent.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base that has been associated with an agent.

", "location":"uri", "locationName":"knowledgeBaseId" }, + "description":{ + "shape":"Description", + "documentation":"

Specifies a new description for the knowledge base associated with an agent.

" + }, "knowledgeBaseState":{ "shape":"KnowledgeBaseState", "documentation":"

Specifies whether the agent uses the knowledge base or not when sending an InvokeAgent request.

" @@ -10073,14 +10881,10 @@ "required":[ "agentId", "agentName", - "agentResourceRoleArn", - "foundationModel" + "foundationModel", + "agentResourceRoleArn" ], "members":{ - "agentCollaboration":{ - "shape":"AgentCollaboration", - "documentation":"

The agent's collaboration role.

" - }, "agentId":{ "shape":"Id", "documentation":"

The unique identifier of the agent.

", @@ -10091,49 +10895,53 @@ "shape":"Name", "documentation":"

Specifies a new name for the agent.

" }, - "agentResourceRoleArn":{ - "shape":"AgentRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" + "instruction":{ + "shape":"Instruction", + "documentation":"

Specifies new instructions that tell the agent what it should do and how it should interact with users.

" + }, + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The identifier for the model that you want to be used for orchestration by the agent you create.

The modelId to provide depends on the type of model or throughput that you use:

" + }, + "description":{ + "shape":"Description", + "documentation":"

Specifies a new description of the agent.

" + }, + "orchestrationType":{ + "shape":"OrchestrationType", + "documentation":"

Specifies the type of orchestration strategy for the agent. This is set to DEFAULT orchestration type, by default.

" }, "customOrchestration":{ "shape":"CustomOrchestration", "documentation":"

Contains details of the custom orchestration configured for the agent.

" }, + "idleSessionTTLInSeconds":{ + "shape":"SessionTTL", + "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" + }, + "agentResourceRoleArn":{ + "shape":"AgentRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the agent.

" + }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"

The Amazon Resource Name (ARN) of the KMS key with which to encrypt the agent.

" }, - "description":{ - "shape":"Description", - "documentation":"

Specifies a new description of the agent.

" - }, - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The identifier for the model that you want to be used for orchestration by the agent you create.

The modelId to provide depends on the type of model or throughput that you use:

" + "promptOverrideConfiguration":{ + "shape":"PromptOverrideConfiguration", + "documentation":"

Contains configurations to override prompts in different parts of an agent sequence. For more information, see Advanced prompts.

" }, "guardrailConfiguration":{ "shape":"GuardrailConfiguration", "documentation":"

The unique Guardrail configuration assigned to the agent when it is updated.

" }, - "idleSessionTTLInSeconds":{ - "shape":"SessionTTL", - "documentation":"

The number of seconds for which Amazon Bedrock keeps information about a user's conversation with the agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" - }, - "instruction":{ - "shape":"Instruction", - "documentation":"

Specifies new instructions that tell the agent what it should do and how it should interact with users.

" - }, "memoryConfiguration":{ "shape":"MemoryConfiguration", "documentation":"

Specifies the new memory configuration for the agent.

" }, - "orchestrationType":{ - "shape":"OrchestrationType", - "documentation":"

Specifies the type of orchestration strategy for the agent. This is set to DEFAULT orchestration type, by default.

" - }, - "promptOverrideConfiguration":{ - "shape":"PromptOverrideConfiguration", - "documentation":"

Contains configurations to override prompts in different parts of an agent sequence. For more information, see Advanced prompts.

" + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

The agent's collaboration role.

" } } }, @@ -10150,19 +10958,17 @@ "UpdateDataSourceRequest":{ "type":"structure", "required":[ - "dataSourceConfiguration", - "dataSourceId", "knowledgeBaseId", - "name" + "dataSourceId", + "name", + "dataSourceConfiguration" ], "members":{ - "dataDeletionPolicy":{ - "shape":"DataDeletionPolicy", - "documentation":"

The data deletion policy for the data source that you want to update.

" - }, - "dataSourceConfiguration":{ - "shape":"DataSourceConfiguration", - "documentation":"

The connection configuration for the data source that you want to update.

" + "knowledgeBaseId":{ + "shape":"Id", + "documentation":"

The unique identifier of the knowledge base for the data source.

", + "location":"uri", + "locationName":"knowledgeBaseId" }, "dataSourceId":{ "shape":"Id", @@ -10170,19 +10976,21 @@ "location":"uri", "locationName":"dataSourceId" }, + "name":{ + "shape":"Name", + "documentation":"

Specifies a new name for the data source.

" + }, "description":{ "shape":"Description", "documentation":"

Specifies a new description for the data source.

" }, - "knowledgeBaseId":{ - "shape":"Id", - "documentation":"

The unique identifier of the knowledge base for the data source.

", - "location":"uri", - "locationName":"knowledgeBaseId" + "dataSourceConfiguration":{ + "shape":"DataSourceConfiguration", + "documentation":"

The connection configuration for the data source that you want to update.

" }, - "name":{ - "shape":"Name", - "documentation":"

Specifies a new name for the data source.

" + "dataDeletionPolicy":{ + "shape":"DataDeletionPolicy", + "documentation":"

The data deletion policy for the data source that you want to update.

" }, "serverSideEncryptionConfiguration":{ "shape":"ServerSideEncryptionConfiguration", @@ -10207,62 +11015,70 @@ "UpdateFlowAliasRequest":{ "type":"structure", "required":[ - "aliasIdentifier", - "flowIdentifier", "name", - "routingConfiguration" + "routingConfiguration", + "flowIdentifier", + "aliasIdentifier" ], "members":{ - "aliasIdentifier":{ - "shape":"FlowAliasIdentifier", - "documentation":"

The unique identifier of the alias.

", - "location":"uri", - "locationName":"aliasIdentifier" + "name":{ + "shape":"Name", + "documentation":"

The name of the alias.

" }, "description":{ "shape":"Description", "documentation":"

A description for the alias.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

Contains information about the version to which to map the alias.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed in parallel.

" + }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow.

", "location":"uri", "locationName":"flowIdentifier" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the alias.

" - }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

Contains information about the version to which to map the alias.

" + "aliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the alias.

", + "location":"uri", + "locationName":"aliasIdentifier" } } }, "UpdateFlowAliasResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", - "flowId", - "id", "name", "routingConfiguration", + "flowId", + "id", + "arn", + "createdAt", "updatedAt" ], "members":{ - "arn":{ - "shape":"FlowAliasArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" + "name":{ + "shape":"Name", + "documentation":"

The name of the alias.

" }, "description":{ "shape":"Description", "documentation":"

The description of the flow.

" }, + "routingConfiguration":{ + "shape":"FlowAliasRoutingConfiguration", + "documentation":"

Contains information about the version that the alias is mapped to.

" + }, + "concurrencyConfiguration":{ + "shape":"FlowAliasConcurrencyConfiguration", + "documentation":"

The configuration that specifies how nodes in the flow are executed in parallel.

" + }, "flowId":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" @@ -10271,13 +11087,13 @@ "shape":"FlowAliasId", "documentation":"

The unique identifier of the alias.

" }, - "name":{ - "shape":"Name", - "documentation":"

The name of the alias.

" + "arn":{ + "shape":"FlowAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, - "routingConfiguration":{ - "shape":"FlowAliasRoutingConfiguration", - "documentation":"

Contains information about the version that the alias is mapped to.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" }, "updatedAt":{ "shape":"DateTimestamp", @@ -10288,18 +11104,14 @@ "UpdateFlowRequest":{ "type":"structure", "required":[ + "name", "executionRoleArn", - "flowIdentifier", - "name" + "flowIdentifier" ], "members":{ - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key to encrypt the flow.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

A definition of the nodes and the connections between the nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

A name for the flow.

" }, "description":{ "shape":"FlowDescription", @@ -10309,46 +11121,38 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create and manage a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key to encrypt the flow.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

A definition of the nodes and the connections between the nodes in the flow.

" + }, "flowIdentifier":{ "shape":"FlowIdentifier", "documentation":"

The unique identifier of the flow.

", "location":"uri", "locationName":"flowIdentifier" - }, - "name":{ - "shape":"FlowName", - "documentation":"

A name for the flow.

" } } }, "UpdateFlowResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", + "name", "executionRoleArn", "id", - "name", + "arn", "status", + "createdAt", "updatedAt", "version" ], "members":{ - "arn":{ - "shape":"FlowArn", - "documentation":"

The Amazon Resource Name (ARN) of the flow.

" - }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the flow was created.

" - }, - "customerEncryptionKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the flow was encrypted with.

" - }, - "definition":{ - "shape":"FlowDefinition", - "documentation":"

A definition of the nodes and the connections between nodes in the flow.

" + "name":{ + "shape":"FlowName", + "documentation":"

The name of the flow.

" }, "description":{ "shape":"FlowDescription", @@ -10358,18 +11162,26 @@ "shape":"FlowExecutionRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the service role with permissions to create a flow. For more information, see Create a service role for flows in Amazon Bedrock in the Amazon Bedrock User Guide.

" }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that the flow was encrypted with.

" + }, "id":{ "shape":"FlowId", "documentation":"

The unique identifier of the flow.

" }, - "name":{ - "shape":"FlowName", - "documentation":"

The name of the flow.

" + "arn":{ + "shape":"FlowArn", + "documentation":"

The Amazon Resource Name (ARN) of the flow.

" }, "status":{ "shape":"FlowStatus", "documentation":"

The status of the flow. When you submit this request, the status will be NotPrepared. If updating fails, the status becomes Failed.

" }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the flow was created.

" + }, "updatedAt":{ "shape":"DateTimestamp", "documentation":"

The time at which the flow was last updated.

" @@ -10377,26 +11189,22 @@ "version":{ "shape":"DraftVersion", "documentation":"

The version of the flow. When you update a flow, the version updated is the DRAFT version.

" + }, + "definition":{ + "shape":"FlowDefinition", + "documentation":"

A definition of the nodes and the connections between nodes in the flow.

" } } }, "UpdateKnowledgeBaseRequest":{ "type":"structure", "required":[ - "knowledgeBaseConfiguration", "knowledgeBaseId", "name", - "roleArn" + "roleArn", + "knowledgeBaseConfiguration" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

Specifies a new description for the knowledge base.

" - }, - "knowledgeBaseConfiguration":{ - "shape":"KnowledgeBaseConfiguration", - "documentation":"

Specifies the configuration for the embeddings model used for the knowledge base. You must use the same configuration as when the knowledge base was created.

" - }, "knowledgeBaseId":{ "shape":"Id", "documentation":"

The unique identifier of the knowledge base to update.

", @@ -10407,10 +11215,18 @@ "shape":"Name", "documentation":"

Specifies a new name for the knowledge base.

" }, + "description":{ + "shape":"Description", + "documentation":"

Specifies a new description for the knowledge base.

" + }, "roleArn":{ "shape":"KnowledgeBaseRoleArn", "documentation":"

Specifies a different Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base.

" }, + "knowledgeBaseConfiguration":{ + "shape":"KnowledgeBaseConfiguration", + "documentation":"

Specifies the configuration for the embeddings model used for the knowledge base. You must use the same configuration as when the knowledge base was created.

" + }, "storageConfiguration":{ "shape":"StorageConfiguration", "documentation":"

Specifies the configuration for the vector store used for the knowledge base. You must use the same configuration as when the knowledge base was created.

" @@ -10434,6 +11250,14 @@ "promptIdentifier" ], "members":{ + "name":{ + "shape":"PromptName", + "documentation":"

A name for the prompt.

" + }, + "description":{ + "shape":"PromptDescription", + "documentation":"

A description for the prompt.

" + }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"

The Amazon Resource Name (ARN) of the KMS key to encrypt the prompt.

" @@ -10442,44 +11266,36 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for the prompt. This value must match the name field in the relevant PromptVariant object.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

A description for the prompt.

" - }, - "name":{ - "shape":"PromptName", - "documentation":"

A name for the prompt.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, "promptIdentifier":{ "shape":"PromptIdentifier", "documentation":"

The unique identifier of the prompt.

", "location":"uri", "locationName":"promptIdentifier" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" } } }, "UpdatePromptResponse":{ "type":"structure", "required":[ + "name", + "id", "arn", + "version", "createdAt", - "id", - "name", - "updatedAt", - "version" + "updatedAt" ], "members":{ - "arn":{ - "shape":"PromptArn", - "documentation":"

The Amazon Resource Name (ARN) of the prompt.

" + "name":{ + "shape":"PromptName", + "documentation":"

The name of the prompt.

" }, - "createdAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was created.

" + "description":{ + "shape":"PromptDescription", + "documentation":"

The description of the prompt.

" }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", @@ -10489,35 +11305,35 @@ "shape":"PromptVariantName", "documentation":"

The name of the default variant for the prompt. This value must match the name field in the relevant PromptVariant object.

" }, - "description":{ - "shape":"PromptDescription", - "documentation":"

The description of the prompt.

" + "variants":{ + "shape":"PromptVariantList", + "documentation":"

A list of objects, each containing details about a variant of the prompt.

" }, "id":{ "shape":"PromptId", "documentation":"

The unique identifier of the prompt.

" }, - "name":{ - "shape":"PromptName", - "documentation":"

The name of the prompt.

" - }, - "updatedAt":{ - "shape":"DateTimestamp", - "documentation":"

The time at which the prompt was last updated.

" - }, - "variants":{ - "shape":"PromptVariantList", - "documentation":"

A list of objects, each containing details about a variant of the prompt.

" + "arn":{ + "shape":"PromptArn", + "documentation":"

The Amazon Resource Name (ARN) of the prompt.

" }, "version":{ "shape":"Version", "documentation":"

The version of the prompt. When you update a prompt, the version updated is the DRAFT version.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the prompt was last updated.

" } } }, "Url":{ "type":"string", - "pattern":"^https?://[A-Za-z0-9][^\\s]*$" + "pattern":"https?://[A-Za-z0-9][^\\s]*" }, "UrlConfiguration":{ "type":"structure", @@ -10535,6 +11351,12 @@ "min":15, "sensitive":true }, + "UserAgentHeader":{ + "type":"string", + "max":86, + "min":61, + "sensitive":true + }, "ValidateFlowDefinitionRequest":{ "type":"structure", "required":["definition"], @@ -10558,11 +11380,11 @@ "ValidationException":{ "type":"structure", "members":{ + "message":{"shape":"NonBlankString"}, "fieldList":{ "shape":"ValidationExceptionFieldList", "documentation":"

A list of objects containing fields that caused validation errors and their corresponding validation error messages.

" - }, - "message":{"shape":"NonBlankString"} + } }, "documentation":"

Input validation failed. Check your request parameters and retry the request.

", "error":{ @@ -10574,17 +11396,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"NonBlankString", - "documentation":"

A message describing why this field failed validation.

" - }, "name":{ "shape":"NonBlankString", "documentation":"

The name of the field.

" + }, + "message":{ + "shape":"NonBlankString", + "documentation":"

A message describing why this field failed validation.

" } }, "documentation":"

Stores information about a field passed inside a request that resulted in an validation error.

" @@ -10593,6 +11415,10 @@ "type":"list", "member":{"shape":"ValidationExceptionField"} }, + "VectorBucketArn":{ + "type":"string", + "sensitive":true + }, "VectorIngestionConfiguration":{ "type":"structure", "members":{ @@ -10607,6 +11433,10 @@ "parsingConfiguration":{ "shape":"ParsingConfiguration", "documentation":"

Configurations for a parser to use for parsing documents in your data source. If you exclude this field, the default parser will be used.

" + }, + "contextEnrichmentConfiguration":{ + "shape":"ContextEnrichmentConfiguration", + "documentation":"

The context enrichment configuration used for ingestion of the data into the vector store.

" } }, "documentation":"

Contains details about how to ingest the documents in a data source.

" @@ -10617,7 +11447,7 @@ "members":{ "embeddingModelArn":{ "shape":"BedrockEmbeddingModelArn", - "documentation":"

The Amazon Resource Name (ARN) of the model or inference profile used to create vector embeddings for the knowledge base.

" + "documentation":"

The Amazon Resource Name (ARN) of the model used to create vector embeddings for the knowledge base.

" }, "embeddingModelConfiguration":{ "shape":"EmbeddingModelConfiguration", @@ -10630,11 +11460,70 @@ }, "documentation":"

Contains details about the model used to create vector embeddings for the knowledge base.

" }, + "VectorSearchBedrockRerankingConfiguration":{ + "type":"structure", + "required":["modelConfiguration"], + "members":{ + "modelConfiguration":{ + "shape":"VectorSearchBedrockRerankingModelConfiguration", + "documentation":"

Specifies the configuration for the Amazon Bedrock reranker model.

" + }, + "numberOfRerankedResults":{ + "shape":"VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger", + "documentation":"

Specifies the number of results to return after reranking.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfigurationForReranking", + "documentation":"

Specifies how metadata fields should be handled during the reranking process.

" + } + }, + "documentation":"

Configures the Amazon Bedrock reranker model to improve the relevance of retrieved results.

" + }, + "VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "VectorSearchBedrockRerankingModelConfiguration":{ + "type":"structure", + "required":["modelArn"], + "members":{ + "modelArn":{ + "shape":"BedrockRerankingModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Bedrock reranker model.

" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

Specifies additional model-specific request parameters as key-value pairs that are included in the request to the Amazon Bedrock reranker model.

" + } + }, + "documentation":"

Configures the Amazon Bedrock model used for reranking retrieved results.

" + }, + "VectorSearchRerankingConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"VectorSearchRerankingConfigurationType", + "documentation":"

Specifies the type of reranking model to use. Currently, the only supported value is BEDROCK_RERANKING_MODEL.

" + }, + "bedrockRerankingConfiguration":{ + "shape":"VectorSearchBedrockRerankingConfiguration", + "documentation":"

Specifies the configuration for using an Amazon Bedrock reranker model to rerank retrieved results.

" + } + }, + "documentation":"

Specifies how retrieved results from a knowledge base are reranked to improve relevance.

" + }, + "VectorSearchRerankingConfigurationType":{ + "type":"string", + "enum":["BEDROCK_RERANKING_MODEL"] + }, "Version":{ "type":"string", "max":5, "min":1, - "pattern":"^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$" + "pattern":"(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})" }, "WebCrawlerConfiguration":{ "type":"structure", @@ -10643,21 +11532,25 @@ "shape":"WebCrawlerLimits", "documentation":"

The configuration of crawl limits for the web URLs.

" }, - "exclusionFilters":{ - "shape":"FilterList", - "documentation":"

A list of one or more exclusion regular expression patterns to exclude certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

" - }, "inclusionFilters":{ "shape":"FilterList", "documentation":"

A list of one or more inclusion regular expression patterns to include certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

" }, + "exclusionFilters":{ + "shape":"FilterList", + "documentation":"

A list of one or more exclusion regular expression patterns to exclude certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

" + }, "scope":{ "shape":"WebScopeType", "documentation":"

The scope of what is crawled for your URLs.

You can choose to crawl only web pages that belong to the same host or primary domain. For example, only web pages that contain the seed URL \"https://docs.aws.amazon.com/bedrock/latest/userguide/\" and no other domains. You can choose to include sub domains in addition to the host or primary domain. For example, web pages that contain \"aws.amazon.com\" can also include sub domain \"docs.aws.amazon.com\".

" }, "userAgent":{ "shape":"UserAgent", - "documentation":"

A string used for identifying the crawler or a bot when it accesses a web server. By default, this is set to bedrockbot_UUID for your crawler. You can optionally append a custom string to bedrockbot_UUID to allowlist a specific user agent permitted to access your source URLs.

" + "documentation":"

Returns the user agent suffix for your web crawler.

" + }, + "userAgentHeader":{ + "shape":"UserAgentHeader", + "documentation":"

A string used for identifying the crawler or bot when it accesses a web server. The user agent header value consists of the bedrockbot, UUID, and a user agent suffix for your crawler (if one is provided). By default, it is set to bedrockbot_UUID. You can optionally append a custom suffix to bedrockbot_UUID to allowlist a specific user agent permitted to access your source URLs.

" } }, "documentation":"

The configuration of web URLs that you want to crawl. You should be authorized to crawl the URLs.

" @@ -10665,13 +11558,13 @@ "WebCrawlerLimits":{ "type":"structure", "members":{ - "maxPages":{ - "shape":"WebCrawlerLimitsMaxPagesInteger", - "documentation":"

The max number of web pages crawled from your source URLs, up to 25,000 pages. If the web pages exceed this limit, the data source sync will fail and no web pages will be ingested.

" - }, "rateLimit":{ "shape":"WebCrawlerLimitsRateLimitInteger", "documentation":"

The max rate at which pages are crawled, up to 300 per minute per host.

" + }, + "maxPages":{ + "shape":"WebCrawlerLimitsMaxPagesInteger", + "documentation":"

The max number of web pages crawled from your source URLs, up to 25,000 pages. If the web pages exceed this limit, the data source sync will fail and no web pages will be ingested.

" } }, "documentation":"

The rate limits for the URLs that you want to crawl. You should be authorized to crawl the URLs.

" @@ -10691,13 +11584,13 @@ "type":"structure", "required":["sourceConfiguration"], "members":{ - "crawlerConfiguration":{ - "shape":"WebCrawlerConfiguration", - "documentation":"

The Web Crawler configuration details for the web data source.

" - }, "sourceConfiguration":{ "shape":"WebSourceConfiguration", "documentation":"

The source configuration details for the web data source.

" + }, + "crawlerConfiguration":{ + "shape":"WebCrawlerConfiguration", + "documentation":"

The Web Crawler configuration details for the web data source.

" } }, "documentation":"

The configuration details for the web data source.

" @@ -10722,7 +11615,7 @@ }, "WorkgroupArn":{ "type":"string", - "pattern":"^(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$" + "pattern":"(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})" } }, "documentation":"

Describes the API operations for creating and managing Amazon Bedrock agents.

" diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/waiters-2.json 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent/2023-06-05/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent/2023-06-05/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/paginators-1.json 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,36 @@ "input_token": "nextToken", "output_token": "nextToken", "result_key": "results" + }, + "ListInvocationSteps": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "invocationStepSummaries" + }, + "ListInvocations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "invocationSummaries" + }, + "ListSessions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "sessionSummaries" + }, + "ListFlowExecutionEvents": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "flowExecutionEvents" + }, + "ListFlowExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "flowExecutionSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,18 +2,58 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-07-26", + "auth":["aws.auth#sigv4"], "endpointPrefix":"bedrock-agent-runtime", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Agents for Amazon Bedrock Runtime", "serviceId":"Bedrock Agent Runtime", "signatureVersion":"v4", "signingName":"bedrock", - "uid":"bedrock-agent-runtime-2023-07-26", - "auth":["aws.auth#sigv4"] + "uid":"bedrock-agent-runtime-2023-07-26" }, "operations":{ + "CreateInvocation":{ + "name":"CreateInvocation", + "http":{ + "method":"PUT", + "requestUri":"/sessions/{sessionIdentifier}/invocations/", + "responseCode":201 + }, + "input":{"shape":"CreateInvocationRequest"}, + "output":{"shape":"CreateInvocationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates a new invocation within a session. An invocation groups the related invocation steps that store the content from a conversation. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

Related APIs

", + "idempotent":true + }, + "CreateSession":{ + "name":"CreateSession", + "http":{ + "method":"PUT", + "requestUri":"/sessions/", + "responseCode":201 + }, + "input":{"shape":"CreateSessionRequest"}, + "output":{"shape":"CreateSessionResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates a session to temporarily store conversations for generative AI (GenAI) applications built with open-source frameworks such as LangGraph and LlamaIndex. Sessions enable you to save the state of conversations at checkpoints, with the added security and infrastructure of Amazon Web Services. For more information, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

By default, Amazon Bedrock uses Amazon Web Services-managed keys for session encryption, including session metadata, or you can use your own KMS key. For more information, see Amazon Bedrock session encryption.

You use a session to store state and conversation history for generative AI applications built with open-source frameworks. For Amazon Bedrock Agents, the service automatically manages conversation context and associates them with the agent-specific sessionId you specify in the InvokeAgent API operation.

Related APIs:

", + "idempotent":true + }, "DeleteAgentMemory":{ "name":"DeleteAgentMemory", "http":{ @@ -24,8 +64,8 @@ "input":{"shape":"DeleteAgentMemoryRequest"}, "output":{"shape":"DeleteAgentMemoryResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -37,6 +77,46 @@ "documentation":"

Deletes memory from the specified memory identifier.

", "idempotent":true }, + "DeleteSession":{ + "name":"DeleteSession", + "http":{ + "method":"DELETE", + "requestUri":"/sessions/{sessionIdentifier}/", + "responseCode":200 + }, + "input":{"shape":"DeleteSessionRequest"}, + "output":{"shape":"DeleteSessionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Deletes a session that you ended. You can't delete a session with an ACTIVE status. To delete an active session, you must first end it with the EndSession API operation. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "idempotent":true + }, + "EndSession":{ + "name":"EndSession", + "http":{ + "method":"PATCH", + "requestUri":"/sessions/{sessionIdentifier}", + "responseCode":200 + }, + "input":{"shape":"EndSessionRequest"}, + "output":{"shape":"EndSessionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Ends the session. After you end a session, you can still access its content but you can’t add to it. To delete the session and it's content, you use the DeleteSession API operation. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "idempotent":true + }, "GenerateQuery":{ "name":"GenerateQuery", "http":{ @@ -47,8 +127,8 @@ "input":{"shape":"GenerateQueryRequest"}, "output":{"shape":"GenerateQueryResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -57,7 +137,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Generates an SQL query from a natural language query. For more information, see Generate a query for structured data in the Amazon Bedrock User Guide.

" + "documentation":"

Generates an SQL query from a natural language query. For more information, see Generate a query for structured data in the Amazon Bedrock User Guide.

", + "readonly":true }, "GetAgentMemory":{ "name":"GetAgentMemory", @@ -69,8 +150,8 @@ "input":{"shape":"GetAgentMemoryRequest"}, "output":{"shape":"GetAgentMemoryResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -79,7 +160,84 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Gets the sessions stored in the memory of the agent.

" + "documentation":"

Gets the sessions stored in the memory of the agent.

", + "readonly":true + }, + "GetExecutionFlowSnapshot":{ + "name":"GetExecutionFlowSnapshot", + "http":{ + "method":"GET", + "requestUri":"/flows/{flowIdentifier}/aliases/{flowAliasIdentifier}/executions/{executionIdentifier}/flowsnapshot", + "responseCode":200 + }, + "input":{"shape":"GetExecutionFlowSnapshotRequest"}, + "output":{"shape":"GetExecutionFlowSnapshotResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves the flow definition snapshot used for a flow execution. The snapshot represents the flow metadata and definition as it existed at the time the execution was started. Note that even if the flow is edited after an execution starts, the snapshot connected to the execution remains unchanged.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "readonly":true + }, + "GetFlowExecution":{ + "name":"GetFlowExecution", + "http":{ + "method":"GET", + "requestUri":"/flows/{flowIdentifier}/aliases/{flowAliasIdentifier}/executions/{executionIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetFlowExecutionRequest"}, + "output":{"shape":"GetFlowExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves details about a specific flow execution, including its status, start and end times, and any errors that occurred during execution.

", + "readonly":true + }, + "GetInvocationStep":{ + "name":"GetInvocationStep", + "http":{ + "method":"POST", + "requestUri":"/sessions/{sessionIdentifier}/invocationSteps/{invocationStepId}", + "responseCode":200 + }, + "input":{"shape":"GetInvocationStepRequest"}, + "output":{"shape":"GetInvocationStepResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves the details of a specific invocation step within an invocation in a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "readonly":true + }, + "GetSession":{ + "name":"GetSession", + "http":{ + "method":"GET", + "requestUri":"/sessions/{sessionIdentifier}/", + "responseCode":200 + }, + "input":{"shape":"GetSessionRequest"}, + "output":{"shape":"GetSessionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves details about a specific session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "readonly":true }, "InvokeAgent":{ "name":"InvokeAgent", @@ -92,8 +250,8 @@ "output":{"shape":"InvokeAgentResponse"}, "errors":[ {"shape":"ModelNotReadyException"}, - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -102,7 +260,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Sends a prompt for the agent to process and respond to. Note the following fields for the request:

  • To continue the same conversation with an agent, use the same sessionId value in the request.

  • To activate trace enablement, turn enableTrace to true. Trace enablement helps you follow the agent's reasoning process that led it to the information it processed, the actions it took, and the final result it yielded. For more information, see Trace enablement.

  • To stream agent responses, make sure that only orchestration prompt is enabled. Agent streaming is not supported for the following steps:

    • Pre-processing

    • Post-processing

    • Agent with 1 Knowledge base and User Input not enabled

  • End a conversation by setting endSession to true.

  • In the sessionState object, you can include attributes for the session or prompt or, if you configured an action group to return control, results from invocation of the action group.

The response contains both chunk and trace attributes.

The final response is returned in the bytes field of the chunk object. The InvokeAgent returns one chunk for the entire interaction.

  • The attribution object contains citations for parts of the response.

  • If you set enableTrace to true in the request, you can trace the agent's steps and reasoning process that led it to the response.

  • If the action predicted was configured to return control, the response returns parameters for the action, elicited from the user, in the returnControl field.

  • Errors are also surfaced in the response.

" + "documentation":"

Sends a prompt for the agent to process and respond to. Note the following fields for the request:

  • To continue the same conversation with an agent, use the same sessionId value in the request.

  • To activate trace enablement, turn enableTrace to true. Trace enablement helps you follow the agent's reasoning process that led it to the information it processed, the actions it took, and the final result it yielded. For more information, see Trace enablement.

  • End a conversation by setting endSession to true.

  • In the sessionState object, you can include attributes for the session or prompt or, if you configured an action group to return control, results from invocation of the action group.

The response contains both chunk and trace attributes.

The final response is returned in the bytes field of the chunk object. The InvokeAgent returns one chunk for the entire interaction.

  • The attribution object contains citations for parts of the response.

  • If you set enableTrace to true in the request, you can trace the agent's steps and reasoning process that led it to the response.

  • If the action predicted was configured to return control, the response returns parameters for the action, elicited from the user, in the returnControl field.

  • Errors are also surfaced in the response.

" }, "InvokeFlow":{ "name":"InvokeFlow", @@ -114,8 +272,8 @@ "input":{"shape":"InvokeFlowRequest"}, "output":{"shape":"InvokeFlowResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -136,8 +294,8 @@ "input":{"shape":"InvokeInlineAgentRequest"}, "output":{"shape":"InvokeInlineAgentResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -148,6 +306,119 @@ ], "documentation":"

Invokes an inline Amazon Bedrock agent using the configurations you provide with the request.

  • Specify the following fields for security purposes.

    • (Optional) customerEncryptionKeyArn – The Amazon Resource Name (ARN) of a KMS key to encrypt the creation of the agent.

    • (Optional) idleSessionTTLinSeconds – Specify the number of seconds for which the agent should maintain session information. After this time expires, the subsequent InvokeInlineAgent request begins a new session.

  • To override the default prompt behavior for agent orchestration and to use advanced prompts, include a promptOverrideConfiguration object. For more information, see Advanced prompts.

  • The agent instructions will not be honored if your agent has only one knowledge base, uses default prompts, has no action group, and user input is disabled.

" }, + "ListFlowExecutionEvents":{ + "name":"ListFlowExecutionEvents", + "http":{ + "method":"GET", + "requestUri":"/flows/{flowIdentifier}/aliases/{flowAliasIdentifier}/executions/{executionIdentifier}/events", + "responseCode":200 + }, + "input":{"shape":"ListFlowExecutionEventsRequest"}, + "output":{"shape":"ListFlowExecutionEventsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists events that occurred during a flow execution. Events provide detailed information about the execution progress, including node inputs and outputs, flow inputs and outputs, condition results, and failure events.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "readonly":true + }, + "ListFlowExecutions":{ + "name":"ListFlowExecutions", + "http":{ + "method":"GET", + "requestUri":"/flows/{flowIdentifier}/executions", + "responseCode":200 + }, + "input":{"shape":"ListFlowExecutionsRequest"}, + "output":{"shape":"ListFlowExecutionsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all executions of a flow. Results can be paginated and include summary information about each execution, such as status, start and end times, and the execution's Amazon Resource Name (ARN).

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "readonly":true + }, + "ListInvocationSteps":{ + "name":"ListInvocationSteps", + "http":{ + "method":"POST", + "requestUri":"/sessions/{sessionIdentifier}/invocationSteps/", + "responseCode":200 + }, + "input":{"shape":"ListInvocationStepsRequest"}, + "output":{"shape":"ListInvocationStepsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all invocation steps associated with a session and optionally, an invocation within the session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "readonly":true + }, + "ListInvocations":{ + "name":"ListInvocations", + "http":{ + "method":"POST", + "requestUri":"/sessions/{sessionIdentifier}/invocations/", + "responseCode":200 + }, + "input":{"shape":"ListInvocationsRequest"}, + "output":{"shape":"ListInvocationsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all invocations associated with a specific session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "readonly":true + }, + "ListSessions":{ + "name":"ListSessions", + "http":{ + "method":"POST", + "requestUri":"/sessions/", + "responseCode":200 + }, + "input":{"shape":"ListSessionsRequest"}, + "output":{"shape":"ListSessionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all sessions in your Amazon Web Services account. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

List all the tags for the resource you specify.

", + "readonly":true + }, "OptimizePrompt":{ "name":"OptimizePrompt", "http":{ @@ -167,6 +438,27 @@ ], "documentation":"

Optimizes a prompt for the task that you specify. For more information, see Optimize a prompt in the Amazon Bedrock User Guide.

" }, + "PutInvocationStep":{ + "name":"PutInvocationStep", + "http":{ + "method":"PUT", + "requestUri":"/sessions/{sessionIdentifier}/invocationSteps/", + "responseCode":201 + }, + "input":{"shape":"PutInvocationStepRequest"}, + "output":{"shape":"PutInvocationStepResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Add an invocation step to an invocation in a session. An invocation step stores fine-grained state checkpoints, including text and images, for each interaction. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

Related APIs:

", + "idempotent":true + }, "Rerank":{ "name":"Rerank", "http":{ @@ -177,8 +469,8 @@ "input":{"shape":"RerankRequest"}, "output":{"shape":"RerankResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -199,8 +491,8 @@ "input":{"shape":"RetrieveRequest"}, "output":{"shape":"RetrieveResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -209,7 +501,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Queries a knowledge base and retrieves information from it.

" + "documentation":"

Queries a knowledge base and retrieves information from it.

", + "readonly":true }, "RetrieveAndGenerate":{ "name":"RetrieveAndGenerate", @@ -221,8 +514,8 @@ "input":{"shape":"RetrieveAndGenerateRequest"}, "output":{"shape":"RetrieveAndGenerateResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, @@ -243,30 +536,131 @@ "input":{"shape":"RetrieveAndGenerateStreamRequest"}, "output":{"shape":"RetrieveAndGenerateStreamResponse"}, "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"DependencyFailedException"}, + {"shape":"BadGatewayException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Queries a knowledge base and generates responses based on the retrieved results, with output in streaming format.

The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeModelWithResponseStream.

This operation requires permission for the bedrock:RetrieveAndGenerate action.

" + }, + "StartFlowExecution":{ + "name":"StartFlowExecution", + "http":{ + "method":"POST", + "requestUri":"/flows/{flowIdentifier}/aliases/{flowAliasIdentifier}/executions", + "responseCode":200 + }, + "input":{"shape":"StartFlowExecutionRequest"}, + "output":{"shape":"StartFlowExecutionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"DependencyFailedException"}, + {"shape":"BadGatewayException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Starts an execution of an Amazon Bedrock flow. Unlike flows that run until completion or time out after five minutes, flow executions let you run flows asynchronously for longer durations. Flow executions also yield control so that your application can perform other tasks.

This operation returns an Amazon Resource Name (ARN) that you can use to track and manage your flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

" + }, + "StopFlowExecution":{ + "name":"StopFlowExecution", + "http":{ + "method":"POST", + "requestUri":"/flows/{flowIdentifier}/aliases/{flowAliasIdentifier}/executions/{executionIdentifier}/stop", + "responseCode":200 + }, + "input":{"shape":"StopFlowExecutionRequest"}, + "output":{"shape":"StopFlowExecutionResponse"}, + "errors":[ {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"DependencyFailedException"}, {"shape":"BadGatewayException"}, {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Stops an Amazon Bedrock flow's execution. This operation prevents further processing of the flow and changes the execution status to Aborted.

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Queries a knowledge base and generates responses based on the retrieved results, with output in streaming format.

The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeModelWithResponseStream.

" + "documentation":"

Associate tags with a resource. For more information, see Tagging resources in the Amazon Bedrock User Guide.

" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Remove tags from a resource.

", + "idempotent":true + }, + "UpdateSession":{ + "name":"UpdateSession", + "http":{ + "method":"PUT", + "requestUri":"/sessions/{sessionIdentifier}/", + "responseCode":200 + }, + "input":{"shape":"UpdateSessionRequest"}, + "output":{"shape":"UpdateSessionResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Updates the metadata or encryption settings of a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "idempotent":true } }, "shapes":{ "APISchema":{ "type":"structure", "members":{ - "payload":{ - "shape":"Payload", - "documentation":"

The JSON or YAML-formatted payload defining the OpenAPI schema for the action group.

" - }, "s3":{ "shape":"S3Identifier", "documentation":"

Contains details about the S3 object containing the OpenAPI schema for the action group.

" + }, + "payload":{ + "shape":"Payload", + "documentation":"

The JSON or YAML-formatted payload defining the OpenAPI schema for the action group.

" } }, "documentation":"

Contains details about the OpenAPI schema for the action group. For more information, see Action group OpenAPI schemas. You can either include the schema directly in the payload field or you can upload it to an S3 bucket and specify the S3 bucket location in the s3 field.

", @@ -276,7 +670,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}$" + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent/[0-9a-zA-Z]{10}" }, "AccessDeniedException":{ "type":"structure", @@ -293,13 +687,13 @@ "ActionGroupExecutor":{ "type":"structure", "members":{ - "customControl":{ - "shape":"CustomControlMethod", - "documentation":"

To return the action group invocation results directly in the InvokeInlineAgent response, specify RETURN_CONTROL.

" - }, "lambda":{ "shape":"LambdaResourceArn", "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.

" + }, + "customControl":{ + "shape":"CustomControlMethod", + "documentation":"

To return the action group invocation results directly in the InvokeInlineAgent response, specify RETURN_CONTROL.

" } }, "documentation":"

Contains details about the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

", @@ -312,22 +706,14 @@ "shape":"ActionGroupName", "documentation":"

The name of the action group.

" }, + "verb":{ + "shape":"Verb", + "documentation":"

The API method being used, based off the action group.

" + }, "apiPath":{ "shape":"ApiPath", "documentation":"

The path to the API to call, based off the action group.

" }, - "executionType":{ - "shape":"ExecutionType", - "documentation":"

How fulfillment of the action is handled. For more information, see Handling fulfillment of the action.

" - }, - "function":{ - "shape":"Function", - "documentation":"

The function in the action group to call.

" - }, - "invocationId":{ - "shape":"String", - "documentation":"

The unique identifier of the invocation. Only returned if the executionType is RETURN_CONTROL.

" - }, "parameters":{ "shape":"Parameters", "documentation":"

The parameters in the Lambda input event.

" @@ -336,9 +722,17 @@ "shape":"RequestBody", "documentation":"

The parameters in the request body for the Lambda input event.

" }, - "verb":{ - "shape":"Verb", - "documentation":"

The API method being used, based off the action group.

" + "function":{ + "shape":"Function", + "documentation":"

The function in the action group to call.

" + }, + "executionType":{ + "shape":"ExecutionType", + "documentation":"

How fulfillment of the action is handled. For more information, see Handling fulfillment of the action.

" + }, + "invocationId":{ + "shape":"String", + "documentation":"

The unique identifier of the invocation. Only returned if the executionType is RETURN_CONTROL.

" } }, "documentation":"

Contains information about the action group being invoked. For more information about the possible structures, see the InvocationInput tab in OrchestrationTrace in the Amazon Bedrock User Guide.

" @@ -349,6 +743,10 @@ "text":{ "shape":"ActionGroupOutputString", "documentation":"

The JSON-formatted string returned by the API invoked by the action group.

" + }, + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the action group output.

" } }, "documentation":"

Contains the JSON-formatted string returned by the API invoked by the action group.

" @@ -365,9 +763,27 @@ "type":"string", "enum":[ "AMAZON.UserInput", - "AMAZON.CodeInterpreter" + "AMAZON.CodeInterpreter", + "ANTHROPIC.Computer", + "ANTHROPIC.Bash", + "ANTHROPIC.TextEditor" ] }, + "ActionGroupSignatureParams":{ + "type":"map", + "key":{"shape":"ActionGroupSignatureParamsKeyString"}, + "value":{"shape":"ActionGroupSignatureParamsValueString"} + }, + "ActionGroupSignatureParamsKeyString":{ + "type":"string", + "max":100, + "min":0 + }, + "ActionGroupSignatureParamsValueString":{ + "type":"string", + "max":100, + "min":0 + }, "ActionInvocationType":{ "type":"string", "enum":[ @@ -388,37 +804,40 @@ }, "AdditionalModelRequestFieldsValue":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "AgentActionGroup":{ "type":"structure", "required":["actionGroupName"], "members":{ - "actionGroupExecutor":{ - "shape":"ActionGroupExecutor", - "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" - }, "actionGroupName":{ "shape":"ResourceName", "documentation":"

The name of the action group.

" }, - "apiSchema":{ - "shape":"APISchema", - "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" - }, "description":{ "shape":"ResourceDescription", "documentation":"

A description of the action group.

" }, + "parentActionGroupSignature":{ + "shape":"ActionGroupSignature", + "documentation":"

Specify a built-in or computer use action for this action group. If you specify a value, you must leave the description, apiSchema, and actionGroupExecutor fields empty for this action group.

  • To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput.

  • To allow your agent to generate, run, and troubleshoot code when trying to complete a task, set this field to AMAZON.CodeInterpreter.

  • To allow your agent to use an Anthropic computer use tool, specify one of the following values.

    Computer use is a new Anthropic Claude model capability (in beta) available with Anthropic Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. When operating computer use functionality, we recommend taking additional security precautions, such as executing computer actions in virtual environments with restricted data access and limited internet connectivity. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

    • ANTHROPIC.Computer - Gives the agent permission to use the mouse and keyboard and take screenshots.

    • ANTHROPIC.TextEditor - Gives the agent permission to view, create and edit files.

    • ANTHROPIC.Bash - Gives the agent permission to run commands in a bash shell.

" + }, + "actionGroupExecutor":{ + "shape":"ActionGroupExecutor", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.

" + }, + "apiSchema":{ + "shape":"APISchema", + "documentation":"

Contains either details about the S3 object containing the OpenAPI schema for the action group or the JSON or YAML-formatted payload defining the schema. For more information, see Action group OpenAPI schemas.

" + }, "functionSchema":{ "shape":"FunctionSchema", "documentation":"

Contains details about the function schema for the action group or the JSON or YAML-formatted payload defining the schema.

" }, - "parentActionGroupSignature":{ - "shape":"ActionGroupSignature", - "documentation":"

To allow your agent to request the user for additional information when trying to complete a task, set this field to AMAZON.UserInput. You must leave the description, apiSchema, and actionGroupExecutor fields blank for this action group.

To allow your agent to generate, run, and troubleshoot code when trying to complete a task, set this field to AMAZON.CodeInterpreter. You must leave the description, apiSchema, and actionGroupExecutor fields blank for this action group.

During orchestration, if your agent determines that it needs to invoke an API in an action group, but doesn't have enough information to complete the API request, it will invoke this action group instead and return an Observation reprompting the user for more information.

" + "parentActionGroupSignatureParams":{ + "shape":"ActionGroupSignatureParams", + "documentation":"

The configuration settings for a computer use action.

Computer use is a new Anthropic Claude model capability (in beta) available with Claude 3.7 Sonnet and Claude 3.5 Sonnet v2 only. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" } }, "documentation":"

Contains details of the inline agent's action group.

" @@ -431,28 +850,36 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}$" + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:agent-alias/[0-9a-zA-Z]{10}/[0-9a-zA-Z]{10}" }, "AgentAliasId":{ "type":"string", "max":10, "min":0, - "pattern":"^[0-9a-zA-Z]+$" + "pattern":"[0-9a-zA-Z]+" + }, + "AgentCollaboration":{ + "type":"string", + "enum":[ + "SUPERVISOR", + "SUPERVISOR_ROUTER", + "DISABLED" + ] }, "AgentCollaboratorInputPayload":{ "type":"structure", "members":{ - "returnControlResults":{ - "shape":"ReturnControlResults", - "documentation":"

An action invocation result.

" + "type":{ + "shape":"PayloadType", + "documentation":"

The input type.

" }, "text":{ "shape":"AgentCollaboratorPayloadString", "documentation":"

Input text.

" }, - "type":{ - "shape":"PayloadType", - "documentation":"

The input type.

" + "returnControlResults":{ + "shape":"ReturnControlResults", + "documentation":"

An action invocation result.

" } }, "documentation":"

Input for an agent collaborator. The input can be text or an action invocation result.

" @@ -460,14 +887,14 @@ "AgentCollaboratorInvocationInput":{ "type":"structure", "members":{ - "agentCollaboratorAliasArn":{ - "shape":"AgentAliasArn", - "documentation":"

The collaborator's alias ARN.

" - }, "agentCollaboratorName":{ "shape":"String", "documentation":"

The collaborator's name.

" }, + "agentCollaboratorAliasArn":{ + "shape":"AgentAliasArn", + "documentation":"

The collaborator's alias ARN.

" + }, "input":{ "shape":"AgentCollaboratorInputPayload", "documentation":"

Text or action invocation result input for the collaborator.

" @@ -478,17 +905,21 @@ "AgentCollaboratorInvocationOutput":{ "type":"structure", "members":{ - "agentCollaboratorAliasArn":{ - "shape":"AgentAliasArn", - "documentation":"

The output's agent collaborator alias ARN.

" - }, "agentCollaboratorName":{ "shape":"String", "documentation":"

The output's agent collaborator name.

" }, + "agentCollaboratorAliasArn":{ + "shape":"AgentAliasArn", + "documentation":"

The output's agent collaborator alias ARN.

" + }, "output":{ "shape":"AgentCollaboratorOutputPayload", "documentation":"

The output's output.

" + }, + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the output from the agent collaborator.

" } }, "documentation":"

Output from an agent collaborator.

" @@ -496,17 +927,17 @@ "AgentCollaboratorOutputPayload":{ "type":"structure", "members":{ - "returnControlPayload":{ - "shape":"ReturnControlPayload", - "documentation":"

An action invocation result.

" + "type":{ + "shape":"PayloadType", + "documentation":"

The type of output.

" }, "text":{ "shape":"AgentCollaboratorPayloadString", "documentation":"

Text output.

" }, - "type":{ - "shape":"PayloadType", - "documentation":"

The type of output.

" + "returnControlPayload":{ + "shape":"ReturnControlPayload", + "documentation":"

An action invocation result.

" } }, "documentation":"

Output from an agent collaborator. The output can be text or an action invocation result.

" @@ -519,13 +950,17 @@ "type":"string", "max":10, "min":0, - "pattern":"^[0-9a-zA-Z]+$" + "pattern":"[0-9a-zA-Z]+" + }, + "AgentTraces":{ + "type":"list", + "member":{"shape":"TracePart"} }, "AgentVersion":{ "type":"string", "max":5, "min":1, - "pattern":"^(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})$" + "pattern":"(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})" }, "AnalyzePromptEvent":{ "type":"structure", @@ -552,26 +987,14 @@ "shape":"String", "documentation":"

The action group that the API operation belongs to.

" }, - "actionInvocationType":{ - "shape":"ActionInvocationType", - "documentation":"

Contains information about the API operation to invoke.

" - }, - "agentId":{ + "httpMethod":{ "shape":"String", - "documentation":"

The agent's ID.

" + "documentation":"

The HTTP method of the API operation.

" }, "apiPath":{ "shape":"ApiPath", "documentation":"

The path to the API operation.

" }, - "collaboratorName":{ - "shape":"Name", - "documentation":"

The agent collaborator's name.

" - }, - "httpMethod":{ - "shape":"String", - "documentation":"

The HTTP method of the API operation.

" - }, "parameters":{ "shape":"ApiParameters", "documentation":"

The parameters to provide for the API request, as the agent elicited from the user.

" @@ -579,6 +1002,18 @@ "requestBody":{ "shape":"ApiRequestBody", "documentation":"

The request body to provide for the API request, as the agent elicited from the user.

" + }, + "actionInvocationType":{ + "shape":"ActionInvocationType", + "documentation":"

Contains information about the API operation to invoke.

" + }, + "agentId":{ + "shape":"String", + "documentation":"

The agent's ID.

" + }, + "collaboratorName":{ + "shape":"Name", + "documentation":"

The agent collaborator's name.

" } }, "documentation":"

Contains information about the API operation that the agent predicts should be called.

This data type is used in the following API operations:

" @@ -627,9 +1062,9 @@ "shape":"String", "documentation":"

The action group that the API operation belongs to.

" }, - "agentId":{ + "httpMethod":{ "shape":"String", - "documentation":"

The agent's ID.

" + "documentation":"

The HTTP method for the API operation.

" }, "apiPath":{ "shape":"ApiPath", @@ -639,9 +1074,9 @@ "shape":"ConfirmationState", "documentation":"

Controls the API operations or functions to invoke based on the user confirmation.

" }, - "httpMethod":{ - "shape":"String", - "documentation":"

The HTTP method for the API operation.

" + "responseState":{ + "shape":"ResponseState", + "documentation":"

Controls the final response state returned to end user when API/Function execution failed. When this state is FAILURE, the request would fail with dependency failure exception. When this state is REPROMPT, the API/function response will be sent to model for re-prompt

" }, "httpStatusCode":{ "shape":"Integer", @@ -651,9 +1086,9 @@ "shape":"ResponseBody", "documentation":"

The response body from the API operation. The key of the object is the content type (currently, only TEXT is supported). The response may be returned directly or from the Lambda function.

" }, - "responseState":{ - "shape":"ResponseState", - "documentation":"

Controls the final response state returned to end user when API/Function execution failed. When this state is FAILURE, the request would fail with dependency failure exception. When this state is REPROMPT, the API/function response will be sent to model for re-prompt

" + "agentId":{ + "shape":"String", + "documentation":"

The agent's ID.

" } }, "documentation":"

Contains information about the API operation that was called from the action group and the response body that was returned.

This data type is used in the following API operations:

" @@ -701,7 +1136,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]+)?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?$" + "pattern":"(arn:aws(-[^:]+)?:(bedrock|sagemaker):[a-z0-9-]{1,20}:([0-9]{12})?:([a-z-]+/)?)?([a-z0-9.-]{1,63}){0,2}(([:][a-z0-9-]{1,63}){0,2})?(/[a-z0-9]{1,12})?" }, "BedrockModelConfigurations":{ "type":"structure", @@ -717,13 +1152,13 @@ "type":"structure", "required":["modelConfiguration"], "members":{ - "modelConfiguration":{ - "shape":"BedrockRerankingModelConfiguration", - "documentation":"

Contains configurations for a reranker model.

" - }, "numberOfResults":{ "shape":"BedrockRerankingConfigurationNumberOfResultsInteger", "documentation":"

The number of results to return after reranking.

" + }, + "modelConfiguration":{ + "shape":"BedrockRerankingModelConfiguration", + "documentation":"

Contains configurations for a reranker model.

" } }, "documentation":"

Contains configurations for an Amazon Bedrock reranker model.

" @@ -738,23 +1173,49 @@ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/(.*))?$" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/(.*))?" }, "BedrockRerankingModelConfiguration":{ "type":"structure", "required":["modelArn"], "members":{ - "additionalModelRequestFields":{ - "shape":"AdditionalModelRequestFields", - "documentation":"

A JSON object whose keys are request fields for the model and whose values are values for those fields.

" - }, "modelArn":{ "shape":"BedrockModelArn", "documentation":"

The ARN of the reranker model.

" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

A JSON object whose keys are request fields for the model and whose values are values for those fields.

" } }, "documentation":"

Contains configurations for a reranker model.

" }, + "BedrockSessionContentBlock":{ + "type":"structure", + "members":{ + "text":{ + "shape":"BedrockSessionContentBlockTextString", + "documentation":"

The text in the invocation step.

" + }, + "image":{ + "shape":"ImageBlock", + "documentation":"

The image in the invocation step.

" + } + }, + "documentation":"

A block of content that you pass to, or receive from, a Amazon Bedrock session in an invocation step. You pass the content to a session in the payLoad of the PutInvocationStep API operation. You retrieve the content with the GetInvocationStep API operation.

For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

", + "sensitive":true, + "union":true + }, + "BedrockSessionContentBlockTextString":{ + "type":"string", + "min":1 + }, + "BedrockSessionContentBlocks":{ + "type":"list", + "member":{"shape":"BedrockSessionContentBlock"}, + "min":1 + }, + "Blob":{"type":"blob"}, "Boolean":{ "type":"boolean", "box":true @@ -768,11 +1229,15 @@ "ByteContentDoc":{ "type":"structure", "required":[ + "identifier", "contentType", - "data", - "identifier" + "data" ], "members":{ + "identifier":{ + "shape":"Identifier", + "documentation":"

The file name of the document contained in the wrapper object.

" + }, "contentType":{ "shape":"ContentType", "documentation":"

The MIME type of the document contained in the wrapper object.

" @@ -780,10 +1245,6 @@ "data":{ "shape":"ByteContentBlob", "documentation":"

The byte value of the file to upload, encoded as a Base-64 string.

" - }, - "identifier":{ - "shape":"Identifier", - "documentation":"

The file name of the document contained in the wrapper object.

" } }, "documentation":"

This property contains the document to chat with, along with its attributes.

" @@ -791,17 +1252,17 @@ "ByteContentFile":{ "type":"structure", "required":[ - "data", - "mediaType" + "mediaType", + "data" ], "members":{ - "data":{ - "shape":"ByteContentBlob", - "documentation":"

The raw bytes of the file to attach. The maximum size of all files that is attached is 10MB. You can attach a maximum of 5 files.

" - }, "mediaType":{ "shape":"MimeType", "documentation":"

The MIME type of data contained in the file used for chat.

" + }, + "data":{ + "shape":"ByteContentBlob", + "documentation":"

The raw bytes of the file to attach. The maximum size of all files that is attached is 10MB. You can attach a maximum of 5 files.

" } }, "documentation":"

The property contains the file to chat with, along with its attributes.

" @@ -840,7 +1301,18 @@ "members":{ "citation":{ "shape":"Citation", - "documentation":"

The citation.

" + "documentation":"

The citation.

", + "deprecated":true, + "deprecatedMessage":"Citation is deprecated. Please use GeneratedResponsePart and RetrievedReferences for citation event.", + "deprecatedSince":"2024-12-17" + }, + "generatedResponsePart":{ + "shape":"GeneratedResponsePart", + "documentation":"

The generated response to the citation event.

" + }, + "retrievedReferences":{ + "shape":"RetrievedReferences", + "documentation":"

The retrieved references of the citation event.

" } }, "documentation":"

A citation event.

", @@ -867,25 +1339,147 @@ "CodeInterpreterInvocationOutput":{ "type":"structure", "members":{ + "executionOutput":{ + "shape":"String", + "documentation":"

Contains the successful output returned from code execution

" + }, "executionError":{ "shape":"String", "documentation":"

Contains the error returned from code execution.

" }, - "executionOutput":{ - "shape":"String", - "documentation":"

Contains the successful output returned from code execution

" + "files":{ + "shape":"Files", + "documentation":"

Contains output files, if generated by code execution.

" }, "executionTimeout":{ "shape":"Boolean", "documentation":"

Indicates if the execution of the code timed out.

" }, - "files":{ - "shape":"Files", - "documentation":"

Contains output files, if generated by code execution.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the output from the code interpreter.

" } }, "documentation":"

Contains the JSON-formatted string returned by the API invoked by the code interpreter.

" }, + "CollaborationInstruction":{ + "type":"string", + "max":4000, + "min":1, + "sensitive":true + }, + "Collaborator":{ + "type":"structure", + "required":[ + "foundationModel", + "instruction" + ], + "members":{ + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the AWS KMS key that encrypts the inline collaborator.

" + }, + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The foundation model used by the inline collaborator agent.

" + }, + "instruction":{ + "shape":"Instruction", + "documentation":"

Instruction that tell the inline collaborator agent what it should do and how it should interact with users.

" + }, + "idleSessionTTLInSeconds":{ + "shape":"SessionTTL", + "documentation":"

The number of seconds for which the Amazon Bedrock keeps information about the user's conversation with the inline collaborator agent.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Bedrock deletes any data provided before the timeout.

" + }, + "actionGroups":{ + "shape":"AgentActionGroups", + "documentation":"

List of action groups with each action group defining tasks the inline collaborator agent needs to carry out.

" + }, + "knowledgeBases":{ + "shape":"KnowledgeBases", + "documentation":"

Knowledge base associated with the inline collaborator agent.

" + }, + "guardrailConfiguration":{ + "shape":"GuardrailConfigurationWithArn", + "documentation":"

Details of the guardwrail associated with the inline collaborator.

" + }, + "promptOverrideConfiguration":{ + "shape":"PromptOverrideConfiguration", + "documentation":"

Contains configurations to override prompt templates in different parts of an inline collaborator sequence. For more information, see Advanced prompts.

" + }, + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

Defines how the inline supervisor agent handles information across multiple collaborator agents to coordinate a final response.

" + }, + "collaboratorConfigurations":{ + "shape":"CollaboratorConfigurations", + "documentation":"

Settings of the collaborator agent.

" + }, + "agentName":{ + "shape":"Name", + "documentation":"

Name of the inline collaborator agent which must be the same name as specified for collaboratorName.

" + } + }, + "documentation":"

List of inline collaborators.

" + }, + "CollaboratorConfiguration":{ + "type":"structure", + "required":[ + "collaboratorName", + "collaboratorInstruction" + ], + "members":{ + "collaboratorName":{ + "shape":"Name", + "documentation":"

Name of the inline collaborator agent which must be the same name as specified for agentName.

" + }, + "collaboratorInstruction":{ + "shape":"CollaborationInstruction", + "documentation":"

Instructions that tell the inline collaborator agent what it should do and how it should interact with users.

" + }, + "agentAliasArn":{ + "shape":"AgentAliasArn", + "documentation":"

The Amazon Resource Name (ARN) of the inline collaborator agent.

" + }, + "relayConversationHistory":{ + "shape":"RelayConversationHistory", + "documentation":"

A relay conversation history for the inline collaborator agent.

" + } + }, + "documentation":"

Settings of an inline collaborator agent.

" + }, + "CollaboratorConfigurations":{ + "type":"list", + "member":{"shape":"CollaboratorConfiguration"} + }, + "Collaborators":{ + "type":"list", + "member":{"shape":"Collaborator"} + }, + "ConditionResultEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "satisfiedConditions" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the condition node that evaluated the conditions.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the condition evaluation occurred.

" + }, + "satisfiedConditions":{ + "shape":"SatisfiedConditions", + "documentation":"

A list of conditions that were satisfied during the evaluation.

" + } + }, + "documentation":"

Contains information about a condition evaluation result during a flow execution. This event is generated when a condition node in the flow evaluates its conditions.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, "ConfirmationState":{ "type":"string", "enum":[ @@ -927,6 +1521,10 @@ "body":{ "shape":"String", "documentation":"

The body of the API response.

" + }, + "images":{ + "shape":"ImageInputs", + "documentation":"

Lists details, including format and source, for the image in the response from the function call. You can specify only one image and the function in the returnControlInvocationResults must be a computer use action. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" } }, "documentation":"

Contains the body of the API response.

This data type is used in the following API operations:

" @@ -938,7 +1536,7 @@ }, "ContentType":{ "type":"string", - "pattern":"[a-z]{1,20}/.{1,20}" + "pattern":".*[a-z]{1,20}/.{1,20}.*" }, "ConversationHistory":{ "type":"structure", @@ -957,6 +1555,92 @@ "assistant" ] }, + "CreateInvocationRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "invocationId":{ + "shape":"Uuid", + "documentation":"

A unique identifier for the invocation in UUID format.

" + }, + "description":{ + "shape":"InvocationDescription", + "documentation":"

A description for the interactions in the invocation. For example, \"User asking about weather in Seattle\".

" + }, + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the associated session for the invocation. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "CreateInvocationResponse":{ + "type":"structure", + "required":[ + "sessionId", + "invocationId", + "createdAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session associated with the invocation.

" + }, + "invocationId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the invocation.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the invocation was created.

" + } + } + }, + "CreateSessionRequest":{ + "type":"structure", + "members":{ + "sessionMetadata":{ + "shape":"SessionMetadataMap", + "documentation":"

A map of key-value pairs containing attributes to be persisted across the session. For example, the user's ID, their language preference, and the type of device they are using.

" + }, + "encryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key to use to encrypt the session data. The user or role creating the session must have permission to use the key. For more information, see Amazon Bedrock session encryption.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

Specify the key-value pairs for the tags that you want to attach to the session.

" + } + } + }, + "CreateSessionResponse":{ + "type":"structure", + "required":[ + "sessionId", + "sessionArn", + "sessionStatus", + "createdAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session.

" + }, + "sessionArn":{ + "shape":"SessionArn", + "documentation":"

The Amazon Resource Name (ARN) of the created session.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

The current status of the session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was created.

" + } + } + }, "CreationMode":{ "type":"string", "enum":[ @@ -968,16 +1652,26 @@ "type":"string", "enum":["RETURN_CONTROL"] }, + "CustomOrchestration":{ + "type":"structure", + "members":{ + "executor":{ + "shape":"OrchestrationExecutor", + "documentation":"

The structure of the executor invoking the actions in custom orchestration.

" + } + }, + "documentation":"

Contains details of the custom orchestration configured for the agent.

" + }, "CustomOrchestrationTrace":{ "type":"structure", "members":{ - "event":{ - "shape":"CustomOrchestrationTraceEvent", - "documentation":"

The event details used with the custom orchestration.

" - }, "traceId":{ "shape":"TraceId", "documentation":"

The unique identifier of the trace.

" + }, + "event":{ + "shape":"CustomOrchestrationTraceEvent", + "documentation":"

The event details used with the custom orchestration.

" } }, "documentation":"

The trace behavior for the custom orchestration.

", @@ -1002,22 +1696,22 @@ "DeleteAgentMemoryRequest":{ "type":"structure", "required":[ - "agentAliasId", - "agentId" + "agentId", + "agentAliasId" ], "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The unique identifier of an alias of an agent.

", - "location":"uri", - "locationName":"agentAliasId" - }, "agentId":{ "shape":"AgentId", "documentation":"

The unique identifier of the agent to which the alias belongs.

", "location":"uri", "locationName":"agentId" }, + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The unique identifier of an alias of an agent.

", + "location":"uri", + "locationName":"agentAliasId" + }, "memoryId":{ "shape":"MemoryId", "documentation":"

The unique identifier of the memory.

", @@ -1034,9 +1728,24 @@ }, "DeleteAgentMemoryResponse":{ "type":"structure", + "members":{} + }, + "DeleteSessionRequest":{ + "type":"structure", + "required":["sessionIdentifier"], "members":{ + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the session to be deleted. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } } }, + "DeleteSessionResponse":{ + "type":"structure", + "members":{} + }, "DependencyFailedException":{ "type":"structure", "members":{ @@ -1055,14 +1764,47 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "Double":{ "type":"double", "box":true }, + "EndSessionRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the session to end. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "EndSessionResponse":{ + "type":"structure", + "required":[ + "sessionId", + "sessionArn", + "sessionStatus" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier of the session you ended.

" + }, + "sessionArn":{ + "shape":"SessionArn", + "documentation":"

The Amazon Resource Name (ARN) of the session you ended.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

The current status of the session you ended.

" + } + } + }, "ExecutionType":{ "type":"string", "enum":[ @@ -1074,17 +1816,17 @@ "type":"structure", "required":["sourceType"], "members":{ - "byteContent":{ - "shape":"ByteContentDoc", - "documentation":"

The identifier, contentType, and data of the external source wrapper object.

" + "sourceType":{ + "shape":"ExternalSourceType", + "documentation":"

The source type of the external source wrapper object.

" }, "s3Location":{ "shape":"S3ObjectDoc", "documentation":"

The S3 location of the external source wrapper object.

" }, - "sourceType":{ - "shape":"ExternalSourceType", - "documentation":"

The source type of the external source wrapper object.

" + "byteContent":{ + "shape":"ByteContentDoc", + "documentation":"

The identifier, contentType, and data of the external source wrapper object.

" } }, "documentation":"

The unique external source of the content contained in the wrapper object.

" @@ -1105,9 +1847,9 @@ "ExternalSourcesGenerationConfiguration":{ "type":"structure", "members":{ - "additionalModelRequestFields":{ - "shape":"AdditionalModelRequestFields", - "documentation":"

Additional model parameters and their corresponding values not included in the textInferenceConfig structure for an external source. Takes in custom model parameters specific to the language model being used.

" + "promptTemplate":{ + "shape":"PromptTemplate", + "documentation":"

Contain the textPromptTemplate string for the external source wrapper object.

" }, "guardrailConfiguration":{ "shape":"GuardrailConfiguration", @@ -1117,13 +1859,13 @@ "shape":"InferenceConfig", "documentation":"

Configuration settings for inference when using RetrieveAndGenerate to generate responses while using an external source.

" }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

Additional model parameters and their corresponding values not included in the textInferenceConfig structure for an external source. Takes in custom model parameters specific to the language model being used.

" + }, "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"

The latency configuration for the model.

" - }, - "promptTemplate":{ - "shape":"PromptTemplate", - "documentation":"

Contain the textPromptTemplate string for the external source wrapper object.

" } }, "documentation":"

Contains the generation configuration of the external source wrapper object.

" @@ -1135,10 +1877,6 @@ "sources" ], "members":{ - "generationConfiguration":{ - "shape":"ExternalSourcesGenerationConfiguration", - "documentation":"

The prompt used with the external source wrapper object with the retrieveAndGenerate function.

" - }, "modelArn":{ "shape":"BedrockModelArn", "documentation":"

The model Amazon Resource Name (ARN) for the external source wrapper object in the retrieveAndGenerate function.

" @@ -1146,6 +1884,10 @@ "sources":{ "shape":"ExternalSources", "documentation":"

The document for the external source wrapper object in the retrieveAndGenerate function.

" + }, + "generationConfiguration":{ + "shape":"ExternalSourcesGenerationConfiguration", + "documentation":"

The prompt used with the external source wrapper object with the retrieveAndGenerate function.

" } }, "documentation":"

The configurations of the external source wrapper object in the retrieveAndGenerate function.

" @@ -1157,13 +1899,21 @@ "FailureTrace":{ "type":"structure", "members":{ + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" + }, "failureReason":{ "shape":"FailureReasonString", "documentation":"

The reason the interaction failed.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "failureCode":{ + "shape":"Integer", + "documentation":"

The failure code for the trace.

" + }, + "metadata":{ + "shape":"Metadata", + "documentation":"

Information about the failure that occurred.

" } }, "documentation":"

Contains information about the failure of the interaction.

", @@ -1213,17 +1963,17 @@ "type":"structure", "required":["sourceType"], "members":{ - "byteContent":{ - "shape":"ByteContentFile", - "documentation":"

The data and the text of the attached files.

" + "sourceType":{ + "shape":"FileSourceType", + "documentation":"

The source type of the files to attach.

" }, "s3Location":{ "shape":"S3ObjectFile", "documentation":"

The s3 location of the files to attach.

" }, - "sourceType":{ - "shape":"FileSourceType", - "documentation":"

The source type of the files to attach.

" + "byteContent":{ + "shape":"ByteContentFile", + "documentation":"

The data and the text of the attached files.

" } }, "documentation":"

The source file of the content contained in the wrapper object.

" @@ -1271,8 +2021,7 @@ }, "FilterValue":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "FinalResponse":{ @@ -1281,6 +2030,10 @@ "text":{ "shape":"FinalResponseString", "documentation":"

The text in the response to the user.

" + }, + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the invoke agent operation.

" } }, "documentation":"

Contains details about the response to the user.

" @@ -1297,7 +2050,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10})|(\\bTSTALIASID\\b|[0-9a-zA-Z]+)$" + "pattern":"(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10})|(\\bTSTALIASID\\b|[0-9a-zA-Z]+)" }, "FlowCompletionEvent":{ "type":"structure", @@ -1319,33 +2072,282 @@ "INPUT_REQUIRED" ] }, + "FlowControlNodeType":{ + "type":"string", + "enum":[ + "Iterator", + "Loop" + ] + }, + "FlowErrorCode":{ + "type":"string", + "enum":[ + "VALIDATION", + "INTERNAL_SERVER", + "NODE_EXECUTION_FAILED" + ] + }, + "FlowExecutionContent":{ + "type":"structure", + "members":{ + "document":{ + "shape":"Document", + "documentation":"

The document content of the field, which can contain text or structured data.

" + } + }, + "documentation":"

Contains the content of an flow execution input or output field.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true, + "union":true + }, + "FlowExecutionError":{ + "type":"structure", + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node in the flow where the error occurred (if applicable).

" + }, + "error":{ + "shape":"FlowExecutionErrorType", + "documentation":"

The error code for the type of error that occurred.

" + }, + "message":{ + "shape":"String", + "documentation":"

A descriptive message that provides details about the error.

" + } + }, + "documentation":"

Contains information about an error that occurred during an flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

" + }, + "FlowExecutionErrorType":{ + "type":"string", + "enum":["ExecutionTimedOut"] + }, + "FlowExecutionErrors":{ + "type":"list", + "member":{"shape":"FlowExecutionError"} + }, + "FlowExecutionEvent":{ + "type":"structure", + "members":{ + "flowInputEvent":{ + "shape":"FlowExecutionInputEvent", + "documentation":"

Contains information about the inputs provided to the flow at the start of execution.

" + }, + "flowOutputEvent":{ + "shape":"FlowExecutionOutputEvent", + "documentation":"

Contains information about the outputs produced by the flow at the end of execution.

" + }, + "nodeInputEvent":{ + "shape":"NodeInputEvent", + "documentation":"

Contains information about the inputs provided to a specific node during execution.

" + }, + "nodeOutputEvent":{ + "shape":"NodeOutputEvent", + "documentation":"

Contains information about the outputs produced by a specific node during execution.

" + }, + "conditionResultEvent":{ + "shape":"ConditionResultEvent", + "documentation":"

Contains information about a condition evaluation result during the flow execution. This event is generated when a condition node in the flow evaluates its conditions.

" + }, + "nodeFailureEvent":{ + "shape":"NodeFailureEvent", + "documentation":"

Contains information about a failure that occurred at a specific node during execution.

" + }, + "flowFailureEvent":{ + "shape":"FlowFailureEvent", + "documentation":"

Contains information about a failure that occurred at the flow level during execution.

" + }, + "nodeActionEvent":{ + "shape":"NodeActionEvent", + "documentation":"

Contains information about an action (operation) called by a node during execution.

" + }, + "nodeDependencyEvent":{ + "shape":"NodeDependencyEvent", + "documentation":"

Contains information about an internal trace of a specific node during execution.

" + } + }, + "documentation":"

Represents an event that occurred during an flow execution. This is a union type that can contain one of several event types, such as node input and output events; flow input and output events; condition node result events, or failure events.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "union":true + }, + "FlowExecutionEventType":{ + "type":"string", + "enum":[ + "Node", + "Flow" + ] + }, + "FlowExecutionEvents":{ + "type":"list", + "member":{"shape":"FlowExecutionEvent"}, + "max":10, + "min":0 + }, "FlowExecutionId":{ "type":"string", "max":100, "min":2, - "pattern":"^[0-9a-zA-Z._:-]+$" + "pattern":"[0-9a-zA-Z._:-]+" }, - "FlowIdentifier":{ + "FlowExecutionIdentifier":{ "type":"string", "max":2048, "min":0, - "pattern":"^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10})|([0-9a-zA-Z]{10})$" + "pattern":"[a-zA-Z0-9-]{1,36}$|^(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10}/alias/[0-9a-zA-Z]{10}/execution/[a-zA-Z0-9-]{1,36})" }, - "FlowInput":{ + "FlowExecutionInputEvent":{ "type":"structure", "required":[ - "content", - "nodeName" + "nodeName", + "timestamp", + "fields" ], "members":{ - "content":{ - "shape":"FlowInputContent", - "documentation":"

Contains information about an input into the prompt flow.

" + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that receives the inputs.

" }, - "nodeInputName":{ - "shape":"NodeInputName", - "documentation":"

The name of the input from the flow input node.

" + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the inputs are provided.

" + }, + "fields":{ + "shape":"FlowInputFields", + "documentation":"

A list of input fields provided to the flow.

" + } + }, + "documentation":"

Contains information about the inputs provided to the flow at the start of a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "FlowExecutionName":{ + "type":"string", + "max":36, + "min":0, + "pattern":"[a-zA-Z0-9-]{1,36}" + }, + "FlowExecutionOutputEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "fields" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that produces the outputs.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the outputs are produced.

" + }, + "fields":{ + "shape":"FlowOutputFields", + "documentation":"

A list of output fields produced by the flow.

" + } + }, + "documentation":"

Contains information about the outputs produced by the flow during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "FlowExecutionRoleArn":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/(service-role/)?.+" + }, + "FlowExecutionStatus":{ + "type":"string", + "enum":[ + "Running", + "Succeeded", + "Failed", + "TimedOut", + "Aborted" + ] + }, + "FlowExecutionSummaries":{ + "type":"list", + "member":{"shape":"FlowExecutionSummary"}, + "max":10, + "min":0 + }, + "FlowExecutionSummary":{ + "type":"structure", + "required":[ + "executionArn", + "flowAliasIdentifier", + "flowIdentifier", + "flowVersion", + "status", + "createdAt" + ], + "members":{ + "executionArn":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the flow execution.

" }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the execution.

" + }, + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

" + }, + "flowVersion":{ + "shape":"Version", + "documentation":"

The version of the flow used for the execution.

" + }, + "status":{ + "shape":"FlowExecutionStatus", + "documentation":"

The current status of the flow execution.

Flow executions time out after 24 hours.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the flow execution was created.

" + }, + "endedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the flow execution ended. This field is only populated when the execution has completed, failed, timed out, or been aborted.

" + } + }, + "documentation":"

Contains summary information about a flow execution, including its status, timestamps, and identifiers.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

" + }, + "FlowFailureEvent":{ + "type":"structure", + "required":[ + "timestamp", + "errorCode", + "errorMessage" + ], + "members":{ + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the failure occurred.

" + }, + "errorCode":{ + "shape":"FlowErrorCode", + "documentation":"

The error code that identifies the type of failure that occurred.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

A descriptive message that provides details about the failure.

" + } + }, + "documentation":"

Contains information about a failure that occurred at the flow level during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "FlowIdentifier":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"(arn:aws:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:flow/[0-9a-zA-Z]{10})|([0-9a-zA-Z]{10})" + }, + "FlowInput":{ + "type":"structure", + "required":[ + "nodeName", + "content" + ], + "members":{ "nodeName":{ "shape":"NodeName", "documentation":"

The name of the flow input node that begins the prompt flow.

" @@ -1353,6 +2355,14 @@ "nodeOutputName":{ "shape":"NodeOutputName", "documentation":"

The name of the output from the flow input node that begins the prompt flow.

" + }, + "content":{ + "shape":"FlowInputContent", + "documentation":"

Contains information about an input into the prompt flow.

" + }, + "nodeInputName":{ + "shape":"NodeInputName", + "documentation":"

The name of the input from the flow input node.

" } }, "documentation":"

Contains information about an input into the prompt flow and where to send it.

" @@ -1369,6 +2379,31 @@ "sensitive":true, "union":true }, + "FlowInputField":{ + "type":"structure", + "required":[ + "name", + "content" + ], + "members":{ + "name":{ + "shape":"NodeInputName", + "documentation":"

The name of the input field as defined in the flow's input schema.

" + }, + "content":{ + "shape":"FlowExecutionContent", + "documentation":"

The content of the input field, which can contain text or structured data.

" + } + }, + "documentation":"

Represents an input field provided to a flow during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "FlowInputFields":{ + "type":"list", + "member":{"shape":"FlowInputField"}, + "max":5, + "min":1 + }, "FlowInputs":{ "type":"list", "member":{"shape":"FlowInput"}, @@ -1389,15 +2424,11 @@ "FlowMultiTurnInputRequestEvent":{ "type":"structure", "required":[ - "content", "nodeName", - "nodeType" + "nodeType", + "content" ], "members":{ - "content":{ - "shape":"FlowMultiTurnInputContent", - "documentation":"

The content payload containing the input request details for the multi-turn interaction.

" - }, "nodeName":{ "shape":"NodeName", "documentation":"

The name of the node in the flow that is requesting the input.

" @@ -1405,12 +2436,48 @@ "nodeType":{ "shape":"NodeType", "documentation":"

The type of the node in the flow that is requesting the input.

" + }, + "content":{ + "shape":"FlowMultiTurnInputContent", + "documentation":"

The content payload containing the input request details for the multi-turn interaction.

" } }, "documentation":"

Response object from the flow multi-turn node requesting additional information.

", "event":true, "sensitive":true }, + "FlowNodeIODataType":{ + "type":"string", + "enum":[ + "String", + "Number", + "Boolean", + "Object", + "Array" + ] + }, + "FlowNodeInputCategory":{ + "type":"string", + "enum":[ + "LoopCondition", + "ReturnValueToLoopStart", + "ExitLoop" + ] + }, + "FlowNodeInputExpression":{ + "type":"string", + "max":64, + "min":1, + "sensitive":true + }, + "FlowNodeInputName":{ + "type":"string", + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" + }, + "FlowNodeOutputName":{ + "type":"string", + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){1,50}" + }, "FlowOutputContent":{ "type":"structure", "members":{ @@ -1425,15 +2492,11 @@ "FlowOutputEvent":{ "type":"structure", "required":[ - "content", "nodeName", - "nodeType" + "nodeType", + "content" ], "members":{ - "content":{ - "shape":"FlowOutputContent", - "documentation":"

The content in the output.

" - }, "nodeName":{ "shape":"NodeName", "documentation":"

The name of the flow output node that the output is from.

" @@ -1441,43 +2504,52 @@ "nodeType":{ "shape":"NodeType", "documentation":"

The type of the node that the output is from.

" + }, + "content":{ + "shape":"FlowOutputContent", + "documentation":"

The content in the output.

" } }, "documentation":"

Contains information about an output from prompt flow invoction.

", "event":true, "sensitive":true }, - "FlowResponseStream":{ + "FlowOutputField":{ "type":"structure", + "required":[ + "name", + "content" + ], "members":{ - "accessDeniedException":{ - "shape":"AccessDeniedException", - "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" - }, - "badGatewayException":{ - "shape":"BadGatewayException", - "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" - }, - "conflictException":{ - "shape":"ConflictException", - "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" + "name":{ + "shape":"NodeOutputName", + "documentation":"

The name of the output field as defined in the flow's output schema.

" }, - "dependencyFailedException":{ - "shape":"DependencyFailedException", - "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + "content":{ + "shape":"FlowExecutionContent", + "documentation":"

The content of the output field, which can contain text or structured data.

" + } + }, + "documentation":"

Represents an output field produced by a flow during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "FlowOutputFields":{ + "type":"list", + "member":{"shape":"FlowOutputField"}, + "max":5, + "min":1 + }, + "FlowResponseStream":{ + "type":"structure", + "members":{ + "flowOutputEvent":{ + "shape":"FlowOutputEvent", + "documentation":"

Contains information about an output from flow invocation.

" }, "flowCompletionEvent":{ "shape":"FlowCompletionEvent", "documentation":"

Contains information about why the flow completed.

" }, - "flowMultiTurnInputRequestEvent":{ - "shape":"FlowMultiTurnInputRequestEvent", - "documentation":"

The event stream containing the multi-turn input request information from the flow.

" - }, - "flowOutputEvent":{ - "shape":"FlowOutputEvent", - "documentation":"

Contains information about an output from flow invocation.

" - }, "flowTraceEvent":{ "shape":"FlowTraceEvent", "documentation":"

Contains information about a trace, which tracks an input or output for a node in the flow.

" @@ -1486,6 +2558,10 @@ "shape":"InternalServerException", "documentation":"

An internal server error occurred. Retry your request.

" }, + "validationException":{ + "shape":"ValidationException", + "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + }, "resourceNotFoundException":{ "shape":"ResourceNotFoundException", "documentation":"

The specified resource Amazon Resource Name (ARN) was not found. Check the Amazon Resource Name (ARN) and try your request again.

" @@ -1498,9 +2574,25 @@ "shape":"ThrottlingException", "documentation":"

The number of requests exceeds the limit. Resubmit your request later.

" }, - "validationException":{ - "shape":"ValidationException", - "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" + }, + "conflictException":{ + "shape":"ConflictException", + "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" + }, + "flowMultiTurnInputRequestEvent":{ + "shape":"FlowMultiTurnInputRequestEvent", + "documentation":"

The event stream containing the multi-turn input request information from the flow.

" } }, "documentation":"

The output of the flow.

", @@ -1509,10 +2601,6 @@ "FlowTrace":{ "type":"structure", "members":{ - "conditionNodeResultTrace":{ - "shape":"FlowTraceConditionNodeResultEvent", - "documentation":"

Contains information about an output from a condition node.

" - }, "nodeInputTrace":{ "shape":"FlowTraceNodeInputEvent", "documentation":"

Contains information about the input into a node.

" @@ -1520,6 +2608,18 @@ "nodeOutputTrace":{ "shape":"FlowTraceNodeOutputEvent", "documentation":"

Contains information about the output from a node.

" + }, + "conditionNodeResultTrace":{ + "shape":"FlowTraceConditionNodeResultEvent", + "documentation":"

Contains information about an output from a condition node.

" + }, + "nodeActionTrace":{ + "shape":"FlowTraceNodeActionEvent", + "documentation":"

Contains information about an action (operation) called by a node.

" + }, + "nodeDependencyTrace":{ + "shape":"FlowTraceDependencyEvent", + "documentation":"

Contains information about an internal trace of a node.

" } }, "documentation":"

Contains information about an input or output for a node in the flow. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", @@ -1542,21 +2642,21 @@ "type":"structure", "required":[ "nodeName", - "satisfiedConditions", - "timestamp" + "timestamp", + "satisfiedConditions" ], "members":{ "nodeName":{ "shape":"NodeName", "documentation":"

The name of the condition node.

" }, - "satisfiedConditions":{ - "shape":"FlowTraceConditions", - "documentation":"

An array of objects containing information about the conditions that were satisfied.

" - }, "timestamp":{ "shape":"DateTimestamp", "documentation":"

The date and time that the trace was returned.

" + }, + "satisfiedConditions":{ + "shape":"FlowTraceConditions", + "documentation":"

An array of objects containing information about the conditions that were satisfied.

" } }, "documentation":"

Contains information about an output from a condition node. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", @@ -1568,6 +2668,30 @@ "max":5, "min":1 }, + "FlowTraceDependencyEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "traceElements" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that generated the dependency trace.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The date and time that the dependency trace was generated.

" + }, + "traceElements":{ + "shape":"TraceElements", + "documentation":"

The trace elements containing detailed information about the dependency.

" + } + }, + "documentation":"

Contains information about a dependency trace event in the flow.

", + "sensitive":true + }, "FlowTraceEvent":{ "type":"structure", "required":["trace"], @@ -1580,6 +2704,48 @@ "documentation":"

Contains information about a trace, which tracks an input or output for a node in the flow. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", "event":true }, + "FlowTraceNodeActionEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "requestId", + "serviceName", + "operationName" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that called the operation.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The date and time that the operation was called.

" + }, + "requestId":{ + "shape":"String", + "documentation":"

The ID of the request that the node made to the operation.

" + }, + "serviceName":{ + "shape":"String", + "documentation":"

The name of the service that the node called.

" + }, + "operationName":{ + "shape":"String", + "documentation":"

The name of the operation that the node called.

" + }, + "operationRequest":{ + "shape":"Document", + "documentation":"

The request payload sent to the downstream service.

" + }, + "operationResponse":{ + "shape":"Document", + "documentation":"

The response payload received from the downstream service.

" + } + }, + "documentation":"

Contains information about an action (operation) called by a node in an Amazon Bedrock flow. The service generates action events for calls made by prompt nodes, agent nodes, and Amazon Web Services Lambda nodes.

", + "sensitive":true + }, "FlowTraceNodeInputContent":{ "type":"structure", "members":{ @@ -1595,15 +2761,11 @@ "FlowTraceNodeInputEvent":{ "type":"structure", "required":[ - "fields", "nodeName", - "timestamp" + "timestamp", + "fields" ], "members":{ - "fields":{ - "shape":"FlowTraceNodeInputFields", - "documentation":"

An array of objects containing information about each field in the input.

" - }, "nodeName":{ "shape":"NodeName", "documentation":"

The name of the node that received the input.

" @@ -1611,25 +2773,73 @@ "timestamp":{ "shape":"DateTimestamp", "documentation":"

The date and time that the trace was returned.

" + }, + "fields":{ + "shape":"FlowTraceNodeInputFields", + "documentation":"

An array of objects containing information about each field in the input.

" } }, "documentation":"

Contains information about the input into a node. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", "sensitive":true }, + "FlowTraceNodeInputExecutionChain":{ + "type":"list", + "member":{"shape":"FlowTraceNodeInputExecutionChainItem"}, + "sensitive":true + }, + "FlowTraceNodeInputExecutionChainItem":{ + "type":"structure", + "required":[ + "nodeName", + "type" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node in the execution chain.

" + }, + "index":{ + "shape":"Integer", + "documentation":"

The index position of this item in the execution chain.

" + }, + "type":{ + "shape":"FlowControlNodeType", + "documentation":"

The type of execution chain item. Supported values are Iterator and Loop.

" + } + }, + "documentation":"

Represents an item in the execution chain for flow trace node input tracking.

", + "sensitive":true + }, "FlowTraceNodeInputField":{ "type":"structure", "required":[ - "content", - "nodeInputName" + "nodeInputName", + "content" ], "members":{ + "nodeInputName":{ + "shape":"NodeInputName", + "documentation":"

The name of the node input.

" + }, "content":{ "shape":"FlowTraceNodeInputContent", "documentation":"

The content of the node input.

" }, - "nodeInputName":{ - "shape":"NodeInputName", - "documentation":"

The name of the node input.

" + "source":{ + "shape":"FlowTraceNodeInputSource", + "documentation":"

The source node that provides input data to this field.

" + }, + "type":{ + "shape":"FlowNodeIODataType", + "documentation":"

The data type of the input field for compatibility validation.

" + }, + "category":{ + "shape":"FlowNodeInputCategory", + "documentation":"

The category of the input field.

" + }, + "executionChain":{ + "shape":"FlowTraceNodeInputExecutionChain", + "documentation":"

The execution path through nested nodes like iterators and loops.

" } }, "documentation":"

Contains information about a field in the input into a node. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", @@ -1641,6 +2851,30 @@ "max":5, "min":1 }, + "FlowTraceNodeInputSource":{ + "type":"structure", + "required":[ + "nodeName", + "outputFieldName", + "expression" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the source node that provides the input data.

" + }, + "outputFieldName":{ + "shape":"FlowNodeOutputName", + "documentation":"

The name of the output field from the source node.

" + }, + "expression":{ + "shape":"FlowNodeInputExpression", + "documentation":"

The expression used to extract data from the source.

" + } + }, + "documentation":"

Represents the source of input data for a flow trace node field.

", + "sensitive":true + }, "FlowTraceNodeOutputContent":{ "type":"structure", "members":{ @@ -1655,15 +2889,11 @@ "FlowTraceNodeOutputEvent":{ "type":"structure", "required":[ - "fields", "nodeName", - "timestamp" + "timestamp", + "fields" ], "members":{ - "fields":{ - "shape":"FlowTraceNodeOutputFields", - "documentation":"

An array of objects containing information about each field in the output.

" - }, "nodeName":{ "shape":"NodeName", "documentation":"

The name of the node that yielded the output.

" @@ -1671,6 +2901,10 @@ "timestamp":{ "shape":"DateTimestamp", "documentation":"

The date and time that the trace was returned.

" + }, + "fields":{ + "shape":"FlowTraceNodeOutputFields", + "documentation":"

An array of objects containing information about each field in the output.

" } }, "documentation":"

Contains information about the output from a node. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", @@ -1679,17 +2913,25 @@ "FlowTraceNodeOutputField":{ "type":"structure", "required":[ - "content", - "nodeOutputName" + "nodeOutputName", + "content" ], "members":{ + "nodeOutputName":{ + "shape":"NodeOutputName", + "documentation":"

The name of the node output.

" + }, "content":{ "shape":"FlowTraceNodeOutputContent", "documentation":"

The content of the node output.

" }, - "nodeOutputName":{ - "shape":"NodeOutputName", - "documentation":"

The name of the node output.

" + "next":{ + "shape":"FlowTraceNodeOutputNextList", + "documentation":"

The next node that receives output data from this field.

" + }, + "type":{ + "shape":"FlowNodeIODataType", + "documentation":"

The data type of the output field for compatibility validation.

" } }, "documentation":"

Contains information about a field in the output from a node. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

", @@ -1701,6 +2943,29 @@ "max":2, "min":1 }, + "FlowTraceNodeOutputNext":{ + "type":"structure", + "required":[ + "nodeName", + "inputFieldName" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the next node that receives the output data.

" + }, + "inputFieldName":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the input field in the next node that receives the data.

" + } + }, + "documentation":"

Represents the next node that receives output data from a flow trace.

", + "sensitive":true + }, + "FlowTraceNodeOutputNextList":{ + "type":"list", + "member":{"shape":"FlowTraceNodeOutputNext"} + }, "Function":{ "type":"string", "sensitive":true @@ -1709,14 +2974,14 @@ "type":"structure", "required":["name"], "members":{ - "description":{ - "shape":"FunctionDescription", - "documentation":"

A description of the function and its purpose.

" - }, "name":{ "shape":"ResourceName", "documentation":"

A name for the function.

" }, + "description":{ + "shape":"FunctionDescription", + "documentation":"

A description of the function and its purpose.

" + }, "parameters":{ "shape":"ParameterMap", "documentation":"

The parameters that the agent elicits from the user to fulfill the function.

" @@ -1741,6 +3006,14 @@ "shape":"String", "documentation":"

The action group that the function belongs to.

" }, + "parameters":{ + "shape":"FunctionParameters", + "documentation":"

A list of parameters of the function.

" + }, + "function":{ + "shape":"String", + "documentation":"

The name of the function.

" + }, "actionInvocationType":{ "shape":"ActionInvocationType", "documentation":"

Contains information about the function to invoke,

" @@ -1752,14 +3025,6 @@ "collaboratorName":{ "shape":"Name", "documentation":"

The collaborator's name.

" - }, - "function":{ - "shape":"String", - "documentation":"

The name of the function.

" - }, - "parameters":{ - "shape":"FunctionParameters", - "documentation":"

A list of parameters of the function.

" } }, "documentation":"

Contains information about the function that the agent predicts should be called.

This data type is used in the following API operations:

" @@ -1794,10 +3059,6 @@ "shape":"String", "documentation":"

The action group that the function belongs to.

" }, - "agentId":{ - "shape":"String", - "documentation":"

The agent's ID.

" - }, "confirmationState":{ "shape":"ConfirmationState", "documentation":"

Contains the user confirmation information about the function that was called.

" @@ -1808,11 +3069,15 @@ }, "responseBody":{ "shape":"ResponseBody", - "documentation":"

The response from the function call using the parameters. The key of the object is the content type (currently, only TEXT is supported). The response may be returned directly or from the Lambda function.

" + "documentation":"

The response from the function call using the parameters. The response might be returned directly or from the Lambda function. Specify TEXT or IMAGES. The key of the object is the content type. You can only specify one type. If you specify IMAGES, you can specify only one image. You can specify images only when the function in the returnControlInvocationResults is a computer use action. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" }, "responseState":{ "shape":"ResponseState", "documentation":"

Controls the final response state returned to end user when API/Function execution failed. When this state is FAILURE, the request would fail with dependency failure exception. When this state is REPROMPT, the API/function response will be sent to model for re-prompt

" + }, + "agentId":{ + "shape":"String", + "documentation":"

The agent's ID.

" } }, "documentation":"

Contains information about the function that was called from the action group and the response that was returned.

This data type is used in the following API operations:

" @@ -1866,13 +3131,13 @@ "GeneratedQuery":{ "type":"structure", "members":{ - "sql":{ - "shape":"String", - "documentation":"

An SQL query that corresponds to the natural language query.

" - }, "type":{ "shape":"GeneratedQueryType", "documentation":"

The type of transformed query.

" + }, + "sql":{ + "shape":"String", + "documentation":"

An SQL query that corresponds to the natural language query.

" } }, "documentation":"

Contains information about a query generated for a natural language query.

", @@ -1895,9 +3160,9 @@ "GenerationConfiguration":{ "type":"structure", "members":{ - "additionalModelRequestFields":{ - "shape":"AdditionalModelRequestFields", - "documentation":"

Additional model parameters and corresponding values not included in the textInferenceConfig structure for a knowledge base. This allows users to provide custom model parameters specific to the language model being used.

" + "promptTemplate":{ + "shape":"PromptTemplate", + "documentation":"

Contains the template for the prompt that's sent to the model for response generation. Generation prompts must include the $search_results$ variable. For more information, see Use placeholder variables in the user guide.

" }, "guardrailConfiguration":{ "shape":"GuardrailConfiguration", @@ -1907,13 +3172,13 @@ "shape":"InferenceConfig", "documentation":"

Configuration settings for inference when using RetrieveAndGenerate to generate responses while using a knowledge base as a source.

" }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

Additional model parameters and corresponding values not included in the textInferenceConfig structure for a knowledge base. This allows users to provide custom model parameters specific to the language model being used.

" + }, "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"

The latency configuration for the model.

" - }, - "promptTemplate":{ - "shape":"PromptTemplate", - "documentation":"

Contains the template for the prompt that's sent to the model for response generation. Generation prompts must include the $search_results$ variable. For more information, see Use placeholder variables in the user guide.

" } }, "documentation":"

Contains configurations for response generation based on the knowledge base query results.

This data type is used in the following API operations:

" @@ -1921,23 +3186,17 @@ "GetAgentMemoryRequest":{ "type":"structure", "required":[ - "agentAliasId", "agentId", - "memoryId", - "memoryType" + "agentAliasId", + "memoryType", + "memoryId" ], "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The unique identifier of an alias of an agent.

", - "location":"uri", - "locationName":"agentAliasId" - }, - "agentId":{ - "shape":"AgentId", - "documentation":"

The unique identifier of the agent to which the alias belongs.

", - "location":"uri", - "locationName":"agentId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxItems value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" }, "maxItems":{ "shape":"MaxResults", @@ -1945,11 +3204,17 @@ "location":"querystring", "locationName":"maxItems" }, - "memoryId":{ - "shape":"MemoryId", - "documentation":"

The unique identifier of the memory.

", - "location":"querystring", - "locationName":"memoryId" + "agentId":{ + "shape":"AgentId", + "documentation":"

The unique identifier of the agent to which the alias belongs.

", + "location":"uri", + "locationName":"agentId" + }, + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The unique identifier of an alias of an agent.

", + "location":"uri", + "locationName":"agentAliasId" }, "memoryType":{ "shape":"MemoryType", @@ -1957,24 +3222,249 @@ "location":"querystring", "locationName":"memoryType" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

If the total number of results is greater than the maxItems value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory.

", "location":"querystring", - "locationName":"nextToken" + "locationName":"memoryId" } } }, "GetAgentMemoryResponse":{ "type":"structure", "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxItems value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + }, "memoryContents":{ "shape":"Memories", "documentation":"

Contains details of the sessions stored in the memory

" + } + } + }, + "GetExecutionFlowSnapshotRequest":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "executionIdentifier" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

", + "location":"uri", + "locationName":"flowIdentifier" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

If the total number of results is greater than the maxItems value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the flow execution.

", + "location":"uri", + "locationName":"flowAliasIdentifier" + }, + "executionIdentifier":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The unique identifier of the flow execution.

", + "location":"uri", + "locationName":"executionIdentifier" + } + } + }, + "GetExecutionFlowSnapshotResponse":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "flowVersion", + "executionRoleArn", + "definition" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the flow execution.

" + }, + "flowVersion":{ + "shape":"Version", + "documentation":"

The version of the flow used for the flow execution.

" + }, + "executionRoleArn":{ + "shape":"FlowExecutionRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM service role that's used by the flow execution.

" + }, + "definition":{ + "shape":"String", + "documentation":"

The flow definition used for the flow execution, including the nodes, connections, and configuration at the time when the execution started.

The definition returns as a string that follows the structure of a FlowDefinition object.

" + }, + "customerEncryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the customer managed KMS key that's used to encrypt the flow snapshot.

" + } + } + }, + "GetFlowExecutionRequest":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "executionIdentifier" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

", + "location":"uri", + "locationName":"flowIdentifier" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the execution.

", + "location":"uri", + "locationName":"flowAliasIdentifier" + }, + "executionIdentifier":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The unique identifier of the flow execution to retrieve.

", + "location":"uri", + "locationName":"executionIdentifier" + } + } + }, + "GetFlowExecutionResponse":{ + "type":"structure", + "required":[ + "executionArn", + "status", + "startedAt", + "flowAliasIdentifier", + "flowIdentifier", + "flowVersion" + ], + "members":{ + "executionArn":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the flow execution.

" + }, + "status":{ + "shape":"FlowExecutionStatus", + "documentation":"

The current status of the flow execution.

Flow executions time out after 24 hours.

" + }, + "startedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the flow execution started.

" + }, + "endedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the flow execution ended. This field is only populated when the execution has completed, failed, timed out, or been aborted.

" + }, + "errors":{ + "shape":"FlowExecutionErrors", + "documentation":"

A list of errors that occurred during the flow execution. Each error includes an error code, message, and the node where the error occurred, if applicable.

" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the execution.

" + }, + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

" + }, + "flowVersion":{ + "shape":"Version", + "documentation":"

The version of the flow used for the execution.

" + } + } + }, + "GetInvocationStepRequest":{ + "type":"structure", + "required":[ + "invocationIdentifier", + "invocationStepId", + "sessionIdentifier" + ], + "members":{ + "invocationIdentifier":{ + "shape":"InvocationIdentifier", + "documentation":"

The unique identifier for the invocation in UUID format.

" + }, + "invocationStepId":{ + "shape":"Uuid", + "documentation":"

The unique identifier (in UUID format) for the specific invocation step to retrieve.

", + "location":"uri", + "locationName":"invocationStepId" + }, + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the invocation step's associated session. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "GetInvocationStepResponse":{ + "type":"structure", + "required":["invocationStep"], + "members":{ + "invocationStep":{ + "shape":"InvocationStep", + "documentation":"

The complete details of the requested invocation step.

" + } + } + }, + "GetSessionRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

A unique identifier for the session to retrieve. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "GetSessionResponse":{ + "type":"structure", + "required":[ + "sessionId", + "sessionArn", + "sessionStatus", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session in UUID format.

" + }, + "sessionArn":{ + "shape":"SessionArn", + "documentation":"

The Amazon Resource Name (ARN) of the session.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

The current status of the session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was last modified.

" + }, + "sessionMetadata":{ + "shape":"SessionMetadataMap", + "documentation":"

A map of key-value pairs containing attributes persisted across the session.

" + }, + "encryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the Key Management Service key used to encrypt the session data. For more information, see Amazon Bedrock session encryption.

" } } }, @@ -1995,21 +3485,21 @@ "GuardrailAssessment":{ "type":"structure", "members":{ - "contentPolicy":{ - "shape":"GuardrailContentPolicyAssessment", - "documentation":"

Content policy details of the Guardrail.

" - }, - "sensitiveInformationPolicy":{ - "shape":"GuardrailSensitiveInformationPolicyAssessment", - "documentation":"

Sensitive Information policy details of Guardrail.

" - }, "topicPolicy":{ "shape":"GuardrailTopicPolicyAssessment", "documentation":"

Topic policy details of the Guardrail.

" }, + "contentPolicy":{ + "shape":"GuardrailContentPolicyAssessment", + "documentation":"

Content policy details of the Guardrail.

" + }, "wordPolicy":{ "shape":"GuardrailWordPolicyAssessment", "documentation":"

Word policy details of the Guardrail.

" + }, + "sensitiveInformationPolicy":{ + "shape":"GuardrailSensitiveInformationPolicyAssessment", + "documentation":"

Sensitive Information policy details of Guardrail.

" } }, "documentation":"

Assessment details of the content analyzed by Guardrails.

", @@ -2041,13 +3531,13 @@ "type":"string", "max":64, "min":0, - "pattern":"^[a-z0-9]+$" + "pattern":"[a-z0-9]+" }, "GuardrailConfigurationGuardrailVersionString":{ "type":"string", "max":5, "min":1, - "pattern":"^(([1-9][0-9]{0,7})|(DRAFT))$" + "pattern":"(([1-9][0-9]{0,7})|(DRAFT))" }, "GuardrailConfigurationWithArn":{ "type":"structure", @@ -2070,17 +3560,17 @@ "GuardrailContentFilter":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailContentPolicyAction", - "documentation":"

The action placed on the content by the Guardrail filter.

" + "type":{ + "shape":"GuardrailContentFilterType", + "documentation":"

The type of content detected in the filter by the Guardrail.

" }, "confidence":{ "shape":"GuardrailContentFilterConfidence", "documentation":"

The confidence level regarding the content detected in the filter by the Guardrail.

" }, - "type":{ - "shape":"GuardrailContentFilterType", - "documentation":"

The type of content detected in the filter by the Guardrail.

" + "action":{ + "shape":"GuardrailContentPolicyAction", + "documentation":"

The action placed on the content by the Guardrail filter.

" } }, "documentation":"

Details of the content filter used in the Guardrail.

", @@ -2129,13 +3619,13 @@ "GuardrailCustomWord":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailWordPolicyAction", - "documentation":"

The action details for the custom word filter in the Guardrail.

" - }, "match":{ "shape":"String", "documentation":"

The match details for the custom word filter in the Guardrail.

" + }, + "action":{ + "shape":"GuardrailWordPolicyAction", + "documentation":"

The action details for the custom word filter in the Guardrail.

" } }, "documentation":"

The custom word details for the filter in the Guardrail.

", @@ -2161,15 +3651,11 @@ "type":"string", "max":2048, "min":0, - "pattern":"^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$" + "pattern":"(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))" }, "GuardrailManagedWord":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailWordPolicyAction", - "documentation":"

The action details for the managed word filter in the Guardrail.

" - }, "match":{ "shape":"String", "documentation":"

The match details for the managed word filter in the Guardrail.

" @@ -2177,6 +3663,10 @@ "type":{ "shape":"GuardrailManagedWordType", "documentation":"

The type details for the managed word filter in the Guardrail.

" + }, + "action":{ + "shape":"GuardrailWordPolicyAction", + "documentation":"

The action details for the managed word filter in the Guardrail.

" } }, "documentation":"

The managed word details for the filter in the Guardrail.

", @@ -2194,17 +3684,17 @@ "GuardrailPiiEntityFilter":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailSensitiveInformationPolicyAction", - "documentation":"

The action of the Guardrail filter to identify and remove PII.

" + "type":{ + "shape":"GuardrailPiiEntityType", + "documentation":"

The type of PII the Guardrail filter has identified and removed.

" }, "match":{ "shape":"String", "documentation":"

The match to settings in the Guardrail filter to identify and remove PII.

" }, - "type":{ - "shape":"GuardrailPiiEntityType", - "documentation":"

The type of PII the Guardrail filter has identified and removed.

" + "action":{ + "shape":"GuardrailSensitiveInformationPolicyAction", + "documentation":"

The action of the Guardrail filter to identify and remove PII.

" } }, "documentation":"

The Guardrail filter to identify and remove personally identifiable information (PII).

", @@ -2254,14 +3744,6 @@ "GuardrailRegexFilter":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailSensitiveInformationPolicyAction", - "documentation":"

The action details for the regex filter used in the Guardrail.

" - }, - "match":{ - "shape":"String", - "documentation":"

The match details for the regex filter used in the Guardrail.

" - }, "name":{ "shape":"String", "documentation":"

The name details for the regex filter used in the Guardrail.

" @@ -2269,6 +3751,14 @@ "regex":{ "shape":"String", "documentation":"

The regex details for the regex filter used in the Guardrail.

" + }, + "match":{ + "shape":"String", + "documentation":"

The match details for the regex filter used in the Guardrail.

" + }, + "action":{ + "shape":"GuardrailSensitiveInformationPolicyAction", + "documentation":"

The action details for the regex filter used in the Guardrail.

" } }, "documentation":"

The details for the regex filter used in the Guardrail.

", @@ -2304,10 +3794,6 @@ "GuardrailTopic":{ "type":"structure", "members":{ - "action":{ - "shape":"GuardrailTopicPolicyAction", - "documentation":"

The action details on a specific topic in the Guardrail.

" - }, "name":{ "shape":"String", "documentation":"

The name details on a specific topic in the Guardrail.

" @@ -2315,6 +3801,10 @@ "type":{ "shape":"GuardrailTopicType", "documentation":"

The type details on a specific topic in the Guardrail.

" + }, + "action":{ + "shape":"GuardrailTopicPolicyAction", + "documentation":"

The action details on a specific topic in the Guardrail.

" } }, "documentation":"

The details for a specific topic defined in the Guardrail.

", @@ -2351,6 +3841,10 @@ "shape":"GuardrailAction", "documentation":"

The trace action details used with the Guardrail.

" }, + "traceId":{ + "shape":"TraceId", + "documentation":"

The details of the trace Id used in the Guardrail Trace.

" + }, "inputAssessments":{ "shape":"GuardrailAssessmentList", "documentation":"

The details of the input assessments used in the Guardrail Trace.

" @@ -2359,9 +3853,9 @@ "shape":"GuardrailAssessmentList", "documentation":"

The details of the output assessments used in the Guardrail Trace.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The details of the trace Id used in the Guardrail Trace.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the Guardrail output.

" } }, "documentation":"

The trace details used in the Guardrail.

", @@ -2371,7 +3865,7 @@ "type":"string", "max":5, "min":1, - "pattern":"^(([1-9][0-9]{0,7})|(DRAFT))$" + "pattern":"(([1-9][0-9]{0,7})|(DRAFT))" }, "GuardrailWordPolicyAction":{ "type":"string", @@ -2398,6 +3892,98 @@ "min":1, "sensitive":true }, + "ImageBlock":{ + "type":"structure", + "required":[ + "format", + "source" + ], + "members":{ + "format":{ + "shape":"ImageFormat", + "documentation":"

The format of the image.

" + }, + "source":{ + "shape":"ImageSource", + "documentation":"

The source for the image.

" + } + }, + "documentation":"

Image content for an invocation step.

" + }, + "ImageFormat":{ + "type":"string", + "enum":[ + "png", + "jpeg", + "gif", + "webp" + ] + }, + "ImageInput":{ + "type":"structure", + "required":[ + "format", + "source" + ], + "members":{ + "format":{ + "shape":"ImageInputFormat", + "documentation":"

The type of image in the result.

" + }, + "source":{ + "shape":"ImageInputSource", + "documentation":"

The source of the image in the result.

" + } + }, + "documentation":"

Details about an image in the result from a function in the action group invocation. You can specify images only when the function is a computer use action. For more information, see Configure an Amazon Bedrock Agent to complete tasks with computer use tools.

" + }, + "ImageInputFormat":{ + "type":"string", + "enum":[ + "png", + "jpeg", + "gif", + "webp" + ] + }, + "ImageInputSource":{ + "type":"structure", + "members":{ + "bytes":{ + "shape":"ImageInputSourceBytesBlob", + "documentation":"

The raw image bytes for the image. If you use an Amazon Web Services SDK, you don't need to encode the image bytes in base64.

" + } + }, + "documentation":"

Details about the source of an input image in the result from a function in the action group invocation.

", + "union":true + }, + "ImageInputSourceBytesBlob":{ + "type":"blob", + "min":1 + }, + "ImageInputs":{ + "type":"list", + "member":{"shape":"ImageInput"} + }, + "ImageSource":{ + "type":"structure", + "members":{ + "bytes":{ + "shape":"ImageSourceBytesBlob", + "documentation":"

The raw image bytes for the image. If you use an Amazon Web Services SDK, you don't need to encode the image bytes in base64.

" + }, + "s3Location":{ + "shape":"S3Location", + "documentation":"

The path to the Amazon S3 bucket where the image is stored.

" + } + }, + "documentation":"

The source for an image.

", + "union":true + }, + "ImageSourceBytesBlob":{ + "type":"blob", + "min":1 + }, "ImplicitFilterConfiguration":{ "type":"structure", "required":[ @@ -2429,25 +4015,25 @@ "InferenceConfiguration":{ "type":"structure", "members":{ - "maximumLength":{ - "shape":"MaximumLength", - "documentation":"

The maximum number of tokens allowed in the generated response.

" - }, - "stopSequences":{ - "shape":"StopSequences", - "documentation":"

A list of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response.

" - }, "temperature":{ "shape":"Temperature", "documentation":"

The likelihood of the model selecting higher-probability options while generating a response. A lower value makes the model more likely to choose higher-probability options, while a higher value makes the model more likely to choose lower-probability options.

" }, + "topP":{ + "shape":"TopP", + "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 0.8, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" + }, "topK":{ "shape":"TopK", "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for topK is the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topK to 50, the model selects the next token from among the top 50 most likely choices.

" }, - "topP":{ - "shape":"TopP", - "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 0.8, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" + "maximumLength":{ + "shape":"MaximumLength", + "documentation":"

The maximum number of tokens allowed in the generated response.

" + }, + "stopSequences":{ + "shape":"StopSequences", + "documentation":"

A list of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response.

" } }, "documentation":"

Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.

" @@ -2466,13 +4052,13 @@ "InlineAgentPayloadPart":{ "type":"structure", "members":{ - "attribution":{ - "shape":"Attribution", - "documentation":"

Contains citations for a part of an agent response.

" - }, "bytes":{ "shape":"PartBody", "documentation":"

A part of the agent response in bytes.

" + }, + "attribution":{ + "shape":"Attribution", + "documentation":"

Contains citations for a part of an agent response.

" } }, "documentation":"

Contains a part of an agent response and citations for it.

", @@ -2482,42 +4068,30 @@ "InlineAgentResponseStream":{ "type":"structure", "members":{ - "accessDeniedException":{ - "shape":"AccessDeniedException", - "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" - }, - "badGatewayException":{ - "shape":"BadGatewayException", - "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" - }, "chunk":{ "shape":"InlineAgentPayloadPart", "documentation":"

Contains a part of an agent response and citations for it.

" }, - "conflictException":{ - "shape":"ConflictException", - "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" - }, - "dependencyFailedException":{ - "shape":"DependencyFailedException", - "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + "trace":{ + "shape":"InlineAgentTracePart", + "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace events.

" }, - "files":{ - "shape":"InlineAgentFilePart", - "documentation":"

Contains intermediate response for code interpreter if any files have been generated.

" + "returnControl":{ + "shape":"InlineAgentReturnControlPayload", + "documentation":"

Contains the parameters and information that the agent elicited from the customer to carry out an action. This information is returned to the system and can be used in your own setup for fulfilling the action.

" }, "internalServerException":{ "shape":"InternalServerException", "documentation":"

An internal server error occurred. Retry your request.

" }, + "validationException":{ + "shape":"ValidationException", + "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + }, "resourceNotFoundException":{ "shape":"ResourceNotFoundException", "documentation":"

The specified resource Amazon Resource Name (ARN) was not found. Check the Amazon Resource Name (ARN) and try your request again.

" }, - "returnControl":{ - "shape":"InlineAgentReturnControlPayload", - "documentation":"

Contains the parameters and information that the agent elicited from the customer to carry out an action. This information is returned to the system and can be used in your own setup for fulfilling the action.

" - }, "serviceQuotaExceededException":{ "shape":"ServiceQuotaExceededException", "documentation":"

The number of requests exceeds the service quota. Resubmit your request later.

" @@ -2526,13 +4100,25 @@ "shape":"ThrottlingException", "documentation":"

The number of requests exceeds the limit. Resubmit your request later.

" }, - "trace":{ - "shape":"InlineAgentTracePart", - "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace events.

" + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" }, - "validationException":{ - "shape":"ValidationException", - "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + "conflictException":{ + "shape":"ConflictException", + "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" + }, + "files":{ + "shape":"InlineAgentFilePart", + "documentation":"

Contains intermediate response for code interpreter if any files have been generated.

" } }, "documentation":"

The response from invoking the agent and associated citations and trace information.

", @@ -2541,13 +4127,13 @@ "InlineAgentReturnControlPayload":{ "type":"structure", "members":{ - "invocationId":{ - "shape":"String", - "documentation":"

The identifier of the action group invocation.

" - }, "invocationInputs":{ "shape":"InvocationInputs", "documentation":"

A list of objects that contain information about the parameters and inputs that need to be sent into the API operation or function, based on what the agent determines from its session with the user.

" + }, + "invocationId":{ + "shape":"String", + "documentation":"

The identifier of the action group invocation.

" } }, "documentation":"

Contains information to return from the action group that the agent has predicted to invoke.

This data type is used in the InvokeAgent response API operation.

", @@ -2564,6 +4150,18 @@ "trace":{ "shape":"Trace", "documentation":"

Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

" + }, + "callerChain":{ + "shape":"CallerChain", + "documentation":"

The caller chain for the trace part.

" + }, + "eventTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time that trace occurred.

" + }, + "collaboratorName":{ + "shape":"Name", + "documentation":"

The collaborator name for the trace part.

" } }, "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling API actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

", @@ -2583,13 +4181,9 @@ "InlineSessionState":{ "type":"structure", "members":{ - "files":{ - "shape":"InputFiles", - "documentation":"

Contains information about the files used by code interpreter.

" - }, - "invocationId":{ - "shape":"String", - "documentation":"

The identifier of the invocation of an action. This value must match the invocationId returned in the InvokeInlineAgent response for the action whose results are provided in the returnControlInvocationResults field. For more information, see Return control to the agent developer.

" + "sessionAttributes":{ + "shape":"SessionAttributesMap", + "documentation":"

Contains attributes that persist across a session and the values of those attributes.

" }, "promptSessionAttributes":{ "shape":"PromptSessionAttributesMap", @@ -2599,9 +4193,17 @@ "shape":"ReturnControlInvocationResults", "documentation":"

Contains information about the results from the action group invocation. For more information, see Return control to the agent developer.

If you include this field in the sessionState field, the inputText field will be ignored.

" }, - "sessionAttributes":{ - "shape":"SessionAttributesMap", - "documentation":"

Contains attributes that persist across a session and the values of those attributes.

" + "invocationId":{ + "shape":"String", + "documentation":"

The identifier of the invocation of an action. This value must match the invocationId returned in the InvokeInlineAgent response for the action whose results are provided in the returnControlInvocationResults field. For more information, see Return control to the agent developer.

" + }, + "files":{ + "shape":"InputFiles", + "documentation":"

Contains information about the files used by code interpreter.

" + }, + "conversationHistory":{ + "shape":"ConversationHistory", + "documentation":"

Contains the conversation history that persist across sessions.

" } }, "documentation":"

Contains parameters that specify various attributes that persist across a session or prompt. You can define session state attributes as key-value pairs when writing a Lambda function for an action group or pass them when making an InvokeInlineAgent request. Use session state attributes to control and provide conversational context for your inline agent and to help customize your agent's behavior. For more information, see Control session context

" @@ -2666,39 +4268,52 @@ "InternalServerException":{ "type":"structure", "members":{ - "message":{"shape":"NonBlankString"} + "message":{"shape":"NonBlankString"}, + "reason":{ + "shape":"String", + "documentation":"

The reason for the exception. If the reason is BEDROCK_MODEL_INVOCATION_SERVICE_UNAVAILABLE, the model invocation service is unavailable. Retry your request.

" + } }, "documentation":"

An internal server error occurred. Retry your request.

", "error":{"httpStatusCode":500}, "exception":true, "fault":true }, + "InvocationDescription":{ + "type":"string", + "max":200, + "min":1 + }, + "InvocationIdentifier":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "InvocationInput":{ "type":"structure", "members":{ - "actionGroupInvocationInput":{ - "shape":"ActionGroupInvocationInput", - "documentation":"

Contains information about the action group to be invoked.

" - }, - "agentCollaboratorInvocationInput":{ - "shape":"AgentCollaboratorInvocationInput", - "documentation":"

The collaborator's invocation input.

" - }, - "codeInterpreterInvocationInput":{ - "shape":"CodeInterpreterInvocationInput", - "documentation":"

Contains information about the code interpreter to be invoked.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" }, "invocationType":{ "shape":"InvocationType", "documentation":"

Specifies whether the agent is invoking an action group or a knowledge base.

" }, + "actionGroupInvocationInput":{ + "shape":"ActionGroupInvocationInput", + "documentation":"

Contains information about the action group to be invoked.

" + }, "knowledgeBaseLookupInput":{ "shape":"KnowledgeBaseLookupInput", "documentation":"

Contains details about the knowledge base to look up and the query to be made.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "codeInterpreterInvocationInput":{ + "shape":"CodeInterpreterInvocationInput", + "documentation":"

Contains information about the code interpreter to be invoked.

" + }, + "agentCollaboratorInvocationInput":{ + "shape":"AgentCollaboratorInvocationInput", + "documentation":"

The collaborator's invocation input.

" } }, "documentation":"

Contains information pertaining to the action group or knowledge base that is being invoked.

", @@ -2740,6 +4355,109 @@ "documentation":"

A result from the invocation of an action. For more information, see Return control to the agent developer and Control session context.

This data type is used in the following API operations:

", "union":true }, + "InvocationStep":{ + "type":"structure", + "required":[ + "sessionId", + "invocationId", + "invocationStepId", + "invocationStepTime", + "payload" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier of the session containing the invocation step.

" + }, + "invocationId":{ + "shape":"Uuid", + "documentation":"

The unique identifier (in UUID format) for the invocation that includes the invocation step.

" + }, + "invocationStepId":{ + "shape":"Uuid", + "documentation":"

The unique identifier (in UUID format) for the invocation step.

" + }, + "invocationStepTime":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the invocation step was created.

" + }, + "payload":{ + "shape":"InvocationStepPayload", + "documentation":"

Payload content, such as text and images, for the invocation step.

" + } + }, + "documentation":"

Stores fine-grained state checkpoints, including text and images, for each interaction in an invocation in a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

" + }, + "InvocationStepPayload":{ + "type":"structure", + "members":{ + "contentBlocks":{ + "shape":"BedrockSessionContentBlocks", + "documentation":"

The content for the invocation step.

" + } + }, + "documentation":"

Payload content, such as text and images, for the invocation step.

", + "union":true + }, + "InvocationStepSummaries":{ + "type":"list", + "member":{"shape":"InvocationStepSummary"} + }, + "InvocationStepSummary":{ + "type":"structure", + "required":[ + "sessionId", + "invocationId", + "invocationStepId", + "invocationStepTime" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session associated with the invocation step.

" + }, + "invocationId":{ + "shape":"Uuid", + "documentation":"

A unique identifier for the invocation in UUID format.

" + }, + "invocationStepId":{ + "shape":"Uuid", + "documentation":"

The unique identifier (in UUID format) for the invocation step.

" + }, + "invocationStepTime":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the invocation step was created.

" + } + }, + "documentation":"

Contains details about an invocation step within an invocation in a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

" + }, + "InvocationSummaries":{ + "type":"list", + "member":{"shape":"InvocationSummary"} + }, + "InvocationSummary":{ + "type":"structure", + "required":[ + "sessionId", + "invocationId", + "createdAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session associated with the invocation.

" + }, + "invocationId":{ + "shape":"Uuid", + "documentation":"

A unique identifier for the invocation in UUID format.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the invocation was created.

" + } + }, + "documentation":"

Contains details about an invocation in a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

" + }, "InvocationType":{ "type":"string", "enum":[ @@ -2753,16 +4471,14 @@ "InvokeAgentRequest":{ "type":"structure", "required":[ - "agentAliasId", "agentId", + "agentAliasId", "sessionId" ], "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The alias of the agent to use.

", - "location":"uri", - "locationName":"agentAliasId" + "sessionState":{ + "shape":"SessionState", + "documentation":"

Contains parameters that specify various attributes of the session. For more information, see Control session context.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" }, "agentId":{ "shape":"AgentId", @@ -2770,18 +4486,26 @@ "location":"uri", "locationName":"agentId" }, - "bedrockModelConfigurations":{ - "shape":"BedrockModelConfigurations", - "documentation":"

Model performance settings for the request.

" + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The alias of the agent to use.

", + "location":"uri", + "locationName":"agentAliasId" }, - "enableTrace":{ - "shape":"Boolean", - "documentation":"

Specifies whether to turn on the trace or not to track the agent's reasoning process. For more information, see Trace enablement.

" + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session. Use the same value across requests to continue the same conversation.

", + "location":"uri", + "locationName":"sessionId" }, "endSession":{ "shape":"Boolean", "documentation":"

Specifies whether to end the session with the agent or not.

" }, + "enableTrace":{ + "shape":"Boolean", + "documentation":"

Specifies whether to turn on the trace or not to track the agent's reasoning process. For more information, see Trace enablement.

" + }, "inputText":{ "shape":"InputText", "documentation":"

The prompt text to send the agent.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" @@ -2790,25 +4514,23 @@ "shape":"MemoryId", "documentation":"

The unique identifier of the agent memory.

" }, - "sessionId":{ - "shape":"SessionId", - "documentation":"

The unique identifier of the session. Use the same value across requests to continue the same conversation.

", - "location":"uri", - "locationName":"sessionId" + "bedrockModelConfigurations":{ + "shape":"BedrockModelConfigurations", + "documentation":"

Model performance settings for the request.

" }, - "sessionState":{ - "shape":"SessionState", - "documentation":"

Contains parameters that specify various attributes of the session. For more information, see Control session context.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" + "streamingConfigurations":{ + "shape":"StreamingConfigurations", + "documentation":"

Specifies the configurations for streaming.

To use agent streaming, you need permissions to perform the bedrock:InvokeModelWithResponseStream action.

" + }, + "promptCreationConfigurations":{ + "shape":"PromptCreationConfigurations", + "documentation":"

Specifies parameters that control how the service populates the agent prompt for an InvokeAgent request. You can control which aspects of previous invocations in the same agent session the service uses to populate the agent prompt. This gives you more granular control over the contextual history that is used to process the current request.

" }, "sourceArn":{ "shape":"AWSResourceARN", "documentation":"

The ARN of the resource making the request.

", "location":"header", "locationName":"x-amz-source-arn" - }, - "streamingConfigurations":{ - "shape":"StreamingConfigurations", - "documentation":"

Specifies the configurations for streaming.

To use agent streaming, you need permissions to perform the bedrock:InvokeModelWithResponseStream action.

" } } }, @@ -2830,17 +4552,17 @@ "location":"header", "locationName":"x-amzn-bedrock-agent-content-type" }, - "memoryId":{ - "shape":"MemoryId", - "documentation":"

The unique identifier of the agent memory.

", - "location":"header", - "locationName":"x-amz-bedrock-agent-memory-id" - }, "sessionId":{ "shape":"SessionId", "documentation":"

The unique identifier of the session with the agent.

", "location":"header", "locationName":"x-amz-bedrock-agent-session-id" + }, + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the agent memory.

", + "location":"header", + "locationName":"x-amz-bedrock-agent-memory-id" } }, "payload":"completion" @@ -2848,18 +4570,16 @@ "InvokeFlowRequest":{ "type":"structure", "required":[ - "flowAliasIdentifier", "flowIdentifier", + "flowAliasIdentifier", "inputs" ], "members":{ - "enableTrace":{ - "shape":"Boolean", - "documentation":"

Specifies whether to return the trace for the flow or not. Traces track inputs and outputs for nodes in the flow. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

" - }, - "executionId":{ - "shape":"FlowExecutionId", - "documentation":"

The unique identifier for the current flow execution. If you don't provide a value, Amazon Bedrock creates the identifier for you.

" + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

", + "location":"uri", + "locationName":"flowIdentifier" }, "flowAliasIdentifier":{ "shape":"FlowAliasIdentifier", @@ -2867,19 +4587,21 @@ "location":"uri", "locationName":"flowAliasIdentifier" }, - "flowIdentifier":{ - "shape":"FlowIdentifier", - "documentation":"

The unique identifier of the flow.

", - "location":"uri", - "locationName":"flowIdentifier" - }, "inputs":{ "shape":"FlowInputs", "documentation":"

A list of objects, each containing information about an input into the flow.

" }, + "enableTrace":{ + "shape":"Boolean", + "documentation":"

Specifies whether to return the trace for the flow or not. Traces track inputs and outputs for nodes in the flow. For more information, see Track each step in your prompt flow by viewing its trace in Amazon Bedrock.

" + }, "modelPerformanceConfiguration":{ "shape":"ModelPerformanceConfiguration", "documentation":"

Model performance settings for the request.

" + }, + "executionId":{ + "shape":"FlowExecutionId", + "documentation":"

The unique identifier for the current flow execution. If you don't provide a value, Amazon Bedrock creates the identifier for you.

" } } }, @@ -2887,15 +4609,15 @@ "type":"structure", "required":["responseStream"], "members":{ + "responseStream":{ + "shape":"FlowResponseStream", + "documentation":"

The output of the flow, returned as a stream. If there's an error, the error is returned.

" + }, "executionId":{ "shape":"FlowExecutionId", "documentation":"

The unique identifier for the current flow execution.

", "location":"header", "locationName":"x-amz-bedrock-flow-execution-id" - }, - "responseStream":{ - "shape":"FlowResponseStream", - "documentation":"

The output of the flow, returned as a stream. If there's an error, the error is returned.

" } }, "payload":"responseStream" @@ -2908,67 +4630,95 @@ "sessionId" ], "members":{ - "actionGroups":{ - "shape":"AgentActionGroups", - "documentation":"

A list of action groups with each action group defining the action the inline agent needs to carry out.

" - }, - "bedrockModelConfigurations":{ - "shape":"InlineBedrockModelConfigurations", - "documentation":"

Model settings for the request.

" - }, "customerEncryptionKeyArn":{ "shape":"KmsKeyArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services KMS key to use to encrypt your inline agent.

" }, - "enableTrace":{ - "shape":"Boolean", - "documentation":"

Specifies whether to turn on the trace or not to track the agent's reasoning process. For more information, see Using trace. 

 </p>
" - }, - "endSession":{ - "shape":"Boolean", - "documentation":"

Specifies whether to end the session with the inline agent or not.

" - }, "foundationModel":{ "shape":"ModelIdentifier", "documentation":"

The model identifier (ID) of the model to use for orchestration by the inline agent. For example, meta.llama3-1-70b-instruct-v1:0.

" }, - "guardrailConfiguration":{ - "shape":"GuardrailConfigurationWithArn", - "documentation":"

The guardrails to assign to the inline agent.

" + "instruction":{ + "shape":"Instruction", + "documentation":"

The instructions that tell the inline agent what it should do and how it should interact with users.

" }, "idleSessionTTLInSeconds":{ "shape":"SessionTTL", "documentation":"

The number of seconds for which the inline agent should maintain session information. After this time expires, the subsequent InvokeInlineAgent request begins a new session.

A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and the data provided before the timeout is deleted.

" }, - "inlineSessionState":{ - "shape":"InlineSessionState", - "documentation":"

Parameters that specify the various attributes of a sessions. You can include attributes for the session or prompt or, if you configured an action group to return control, results from invocation of the action group. For more information, see Control session context.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" - }, - "inputText":{ - "shape":"InputText", - "documentation":"

The prompt text to send to the agent.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" - }, - "instruction":{ - "shape":"Instruction", - "documentation":"

The instructions that tell the inline agent what it should do and how it should interact with users.

" + "actionGroups":{ + "shape":"AgentActionGroups", + "documentation":"

A list of action groups with each action group defining the action the inline agent needs to carry out.

" }, "knowledgeBases":{ "shape":"KnowledgeBases", "documentation":"

Contains information of the knowledge bases to associate with.

" }, + "guardrailConfiguration":{ + "shape":"GuardrailConfigurationWithArn", + "documentation":"

The guardrails to assign to the inline agent.

" + }, "promptOverrideConfiguration":{ "shape":"PromptOverrideConfiguration", "documentation":"

Configurations for advanced prompts used to override the default prompts to enhance the accuracy of the inline agent.

" }, + "agentCollaboration":{ + "shape":"AgentCollaboration", + "documentation":"

Defines how the inline collaborator agent handles information across multiple collaborator agents to coordinate a final response. The inline collaborator agent can also be the supervisor.

" + }, + "collaboratorConfigurations":{ + "shape":"CollaboratorConfigurations", + "documentation":"

Settings for an inline agent collaborator called with InvokeInlineAgent.

" + }, + "agentName":{ + "shape":"Name", + "documentation":"

The name for the agent.

" + }, "sessionId":{ "shape":"SessionId", "documentation":"

The unique identifier of the session. Use the same value across requests to continue the same conversation.

", "location":"uri", "locationName":"sessionId" }, + "endSession":{ + "shape":"Boolean", + "documentation":"

Specifies whether to end the session with the inline agent or not.

" + }, + "enableTrace":{ + "shape":"Boolean", + "documentation":"

Specifies whether to turn on the trace or not to track the agent's reasoning process. For more information, see Using trace.

" + }, + "inputText":{ + "shape":"InputText", + "documentation":"

The prompt text to send to the agent.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" + }, "streamingConfigurations":{ "shape":"StreamingConfigurations", "documentation":"

Specifies the configurations for streaming.

To use agent streaming, you need permissions to perform the bedrock:InvokeModelWithResponseStream action.

" + }, + "promptCreationConfigurations":{ + "shape":"PromptCreationConfigurations", + "documentation":"

Specifies parameters that control how the service populates the agent prompt for an InvokeInlineAgent request. You can control which aspects of previous invocations in the same agent session the service uses to populate the agent prompt. This gives you more granular control over the contextual history that is used to process the current request.

" + }, + "inlineSessionState":{ + "shape":"InlineSessionState", + "documentation":"

Parameters that specify the various attributes of a sessions. You can include attributes for the session or prompt or, if you configured an action group to return control, results from invocation of the action group. For more information, see Control session context.

If you include returnControlInvocationResults in the sessionState field, the inputText field will be ignored.

" + }, + "collaborators":{ + "shape":"Collaborators", + "documentation":"

List of collaborator inline agents.

" + }, + "bedrockModelConfigurations":{ + "shape":"InlineBedrockModelConfigurations", + "documentation":"

Model settings for the request.

" + }, + "orchestrationType":{ + "shape":"OrchestrationType", + "documentation":"

Specifies the type of orchestration strategy for the agent. This is set to DEFAULT orchestration type, by default.

" + }, + "customOrchestration":{ + "shape":"CustomOrchestration", + "documentation":"

Contains details of the custom orchestration configured for the agent.

" } } }, @@ -2982,7 +4732,7 @@ "members":{ "completion":{ "shape":"InlineAgentResponseStream", - "documentation":"

 </p>
" + "documentation":"

The inline agent's response to the user prompt.

" }, "contentType":{ "shape":"MimeType", @@ -3003,23 +4753,23 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$" + "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" }, "KnowledgeBase":{ "type":"structure", "required":[ - "description", - "knowledgeBaseId" + "knowledgeBaseId", + "description" ], "members":{ - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the knowledge base associated with the inline agent.

" - }, "knowledgeBaseId":{ "shape":"KnowledgeBaseId", "documentation":"

The unique identifier for a knowledge base associated with the inline agent.

" }, + "description":{ + "shape":"ResourceDescription", + "documentation":"

The description of the knowledge base associated with the inline agent.

" + }, "retrievalConfiguration":{ "shape":"KnowledgeBaseRetrievalConfiguration", "documentation":"

The configurations to apply to the knowledge base during query. For more information, see Query configurations.

" @@ -3031,7 +4781,7 @@ "type":"string", "max":128, "min":0, - "pattern":"^arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+$" + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:knowledge-base/[0-9a-zA-Z]+" }, "KnowledgeBaseConfiguration":{ "type":"structure", @@ -3060,18 +4810,18 @@ "type":"string", "max":10, "min":0, - "pattern":"^[0-9a-zA-Z]+$" + "pattern":"[0-9a-zA-Z]+" }, "KnowledgeBaseLookupInput":{ "type":"structure", "members":{ - "knowledgeBaseId":{ - "shape":"TraceKnowledgeBaseId", - "documentation":"

The unique identifier of the knowledge base to look up.

" - }, "text":{ "shape":"KnowledgeBaseLookupInputString", "documentation":"

The query made to the knowledge base.

" + }, + "knowledgeBaseId":{ + "shape":"TraceKnowledgeBaseId", + "documentation":"

The unique identifier of the knowledge base to look up.

" } }, "documentation":"

Contains details about the knowledge base to look up and the query to be made.

" @@ -3086,6 +4836,10 @@ "retrievedReferences":{ "shape":"RetrievedReferences", "documentation":"

Contains metadata about the sources cited for the generated response.

" + }, + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the knowledge base output.

" } }, "documentation":"

Contains details about the results from looking up the knowledge base.

" @@ -3130,13 +4884,13 @@ "shape":"RetrievalResultLocation", "documentation":"

Contains information about the location of the data source.

" }, - "metadata":{ - "shape":"RetrievalResultMetadata", - "documentation":"

Contains metadata attributes and their values for the file in the data source. For more information, see Metadata and filtering.

" - }, "score":{ "shape":"Double", "documentation":"

The level of relevance of the result to the query.

" + }, + "metadata":{ + "shape":"RetrievalResultMetadata", + "documentation":"

Contains metadata attributes and their values for the file in the data source. For more information, see Metadata and filtering.

" } }, "documentation":"

Details about a result from querying the knowledge base.

This data type is used in the following API operations:

" @@ -3153,10 +4907,6 @@ "modelArn" ], "members":{ - "generationConfiguration":{ - "shape":"GenerationConfiguration", - "documentation":"

Contains configurations for response generation based on the knowledge base query results.

" - }, "knowledgeBaseId":{ "shape":"KnowledgeBaseId", "documentation":"

The unique identifier of the knowledge base that is queried.

" @@ -3165,13 +4915,17 @@ "shape":"BedrockModelArn", "documentation":"

The ARN of the foundation model or inference profile used to generate a response.

" }, - "orchestrationConfiguration":{ - "shape":"OrchestrationConfiguration", - "documentation":"

Settings for how the model processes the prompt prior to retrieval and generation.

" - }, "retrievalConfiguration":{ "shape":"KnowledgeBaseRetrievalConfiguration", "documentation":"

Contains configurations for how to retrieve and return the knowledge base query.

" + }, + "generationConfiguration":{ + "shape":"GenerationConfiguration", + "documentation":"

Contains configurations for response generation based on the knowledge base query results.

" + }, + "orchestrationConfiguration":{ + "shape":"OrchestrationConfiguration", + "documentation":"

Settings for how the model processes the prompt prior to retrieval and generation.

" } }, "documentation":"

Contains details about the resource being queried.

This data type is used in the following API operations:

" @@ -3179,14 +4933,6 @@ "KnowledgeBaseVectorSearchConfiguration":{ "type":"structure", "members":{ - "filter":{ - "shape":"RetrievalFilter", - "documentation":"

Specifies the filters to use on the metadata in the knowledge base data sources before returning results. For more information, see Query configurations.

" - }, - "implicitFilterConfiguration":{ - "shape":"ImplicitFilterConfiguration", - "documentation":"

Settings for implicit filtering.

" - }, "numberOfResults":{ "shape":"KnowledgeBaseVectorSearchConfigurationNumberOfResultsInteger", "documentation":"

The number of source chunks to retrieve.

", @@ -3196,9 +4942,17 @@ "shape":"SearchType", "documentation":"

By default, Amazon Bedrock decides a search strategy for you. If you're using an Amazon OpenSearch Serverless vector store that contains a filterable text field, you can specify whether to query the knowledge base with a HYBRID search using both vector embeddings and raw text, or SEMANTIC search using only vector embeddings. For other vector store configurations, only SEMANTIC search is available. For more information, see Test a knowledge base.

" }, + "filter":{ + "shape":"RetrievalFilter", + "documentation":"

Specifies the filters to use on the metadata in the knowledge base data sources before returning results. For more information, see Query configurations.

" + }, "rerankingConfiguration":{ "shape":"VectorSearchRerankingConfiguration", "documentation":"

Contains configurations for reranking the retrieved results. For more information, see Improve the relevance of query responses with a reranker model.

" + }, + "implicitFilterConfiguration":{ + "shape":"ImplicitFilterConfiguration", + "documentation":"

Settings for implicit filtering.

" } }, "documentation":"

Configurations for how to perform the search query and return results. For more information, see Query configurations.

This data type is used in the following API operations:

" @@ -3218,7 +4972,248 @@ "type":"string", "max":2048, "min":0, - "pattern":"^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$" + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?" + }, + "ListFlowExecutionEventsRequest":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "executionIdentifier", + "eventType" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

", + "location":"uri", + "locationName":"flowIdentifier" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the execution.

", + "location":"uri", + "locationName":"flowAliasIdentifier" + }, + "executionIdentifier":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The unique identifier of the flow execution.

", + "location":"uri", + "locationName":"executionIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of events to return in a single response. If more events exist than the specified maxResults value, a token is included in the response so that the remaining results can be retrieved.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next set of results. This value is returned in the response if more results are available.

", + "location":"querystring", + "locationName":"nextToken" + }, + "eventType":{ + "shape":"FlowExecutionEventType", + "documentation":"

The type of events to retrieve. Specify Node for node-level events or Flow for flow-level events.

", + "location":"querystring", + "locationName":"eventType" + } + } + }, + "ListFlowExecutionEventsResponse":{ + "type":"structure", + "required":["flowExecutionEvents"], + "members":{ + "flowExecutionEvents":{ + "shape":"FlowExecutionEvents", + "documentation":"

A list of events that occurred during the flow execution. Events can include node inputs and outputs, flow inputs and outputs, condition results, and failure events.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next set of results. This value is returned if more results are available.

" + } + } + }, + "ListFlowExecutionsRequest":{ + "type":"structure", + "required":["flowIdentifier"], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow to list executions for.

", + "location":"uri", + "locationName":"flowIdentifier" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias to list executions for.

", + "location":"querystring", + "locationName":"flowAliasIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of flow executions to return in a single response. If more executions exist than the specified maxResults value, a token is included in the response so that the remaining results can be retrieved.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next set of results. This value is returned in the response if more results are available.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListFlowExecutionsResponse":{ + "type":"structure", + "required":["flowExecutionSummaries"], + "members":{ + "flowExecutionSummaries":{ + "shape":"FlowExecutionSummaries", + "documentation":"

A list of flow execution summaries. Each summary includes the execution ARN, flow identifier, flow alias identifier, flow version, status, and timestamps.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next set of results. This value is returned if more results are available.

" + } + } + }, + "ListInvocationStepsRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "invocationIdentifier":{ + "shape":"InvocationIdentifier", + "documentation":"

The unique identifier (in UUID format) for the invocation to list invocation steps for.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the session associated with the invocation steps. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "ListInvocationStepsResponse":{ + "type":"structure", + "required":["invocationStepSummaries"], + "members":{ + "invocationStepSummaries":{ + "shape":"InvocationStepSummaries", + "documentation":"

A list of summaries for each invocation step associated with a session and if you specified it, an invocation within the session.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + } + } + }, + "ListInvocationsRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", + "location":"querystring", + "locationName":"maxResults" + }, + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the session to list invocations for. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "ListInvocationsResponse":{ + "type":"structure", + "required":["invocationSummaries"], + "members":{ + "invocationSummaries":{ + "shape":"InvocationSummaries", + "documentation":"

A list of invocation summaries associated with the session.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + } + } + }, + "ListSessionsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListSessionsResponse":{ + "type":"structure", + "required":["sessionSummaries"], + "members":{ + "sessionSummaries":{ + "shape":"SessionSummaries", + "documentation":"

A list of summaries for each session in your Amazon Web Services account.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource for which to list tags.

", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagsMap", + "documentation":"

The key-value pairs for the tags associated with the resource.

" + } + } + }, + "Long":{ + "type":"long", + "box":true }, "MaxResults":{ "type":"integer", @@ -3236,7 +5231,7 @@ "MaximumLength":{ "type":"integer", "box":true, - "max":4096, + "max":8192, "min":0 }, "Memories":{ @@ -3258,7 +5253,7 @@ "type":"string", "max":100, "min":2, - "pattern":"^[0-9a-zA-Z._:-]+$" + "pattern":"[0-9a-zA-Z._:-]+" }, "MemorySessionSummary":{ "type":"structure", @@ -3267,10 +5262,6 @@ "shape":"MemoryId", "documentation":"

The unique identifier of the memory where the session summary is stored.

" }, - "sessionExpiryTime":{ - "shape":"DateTimestamp", - "documentation":"

The time when the memory duration for the session is set to end.

" - }, "sessionId":{ "shape":"SessionId", "documentation":"

The identifier for this session.

" @@ -3279,6 +5270,10 @@ "shape":"DateTimestamp", "documentation":"

The start time for this session.

" }, + "sessionExpiryTime":{ + "shape":"DateTimestamp", + "documentation":"

The time when the memory duration for the session is set to end.

" + }, "summaryText":{ "shape":"SummaryText", "documentation":"

The summarized text for this session.

" @@ -3293,17 +5288,17 @@ "Message":{ "type":"structure", "required":[ - "content", - "role" + "role", + "content" ], "members":{ - "content":{ - "shape":"ContentBlocks", - "documentation":"

The message's content.

" - }, "role":{ "shape":"ConversationRole", "documentation":"

The message's role.

" + }, + "content":{ + "shape":"ContentBlocks", + "documentation":"

The message's content.

" } }, "documentation":"

Details about a message.

" @@ -3315,26 +5310,42 @@ "Metadata":{ "type":"structure", "members":{ + "startTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

In the final response, startTime is the start time of the agent invocation operation.

" + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

In the final response, endTime is the end time of the agent invocation operation.

" + }, + "totalTimeMs":{ + "shape":"Long", + "documentation":"

The total execution time for the specific invocation being processed (model, knowledge base, guardrail, agent collaborator, or code interpreter). It represents how long the individual invocation took.

" + }, + "operationTotalTimeMs":{ + "shape":"Long", + "documentation":"

The total time it took for the agent to complete execution. This field is only set for the final response.

" + }, + "clientRequestId":{ + "shape":"String", + "documentation":"

A unique identifier associated with the downstream invocation. This ID can be used for tracing, debugging, and identifying specific invocations in customer logs or systems.

" + }, "usage":{ "shape":"Usage", - "documentation":"

Contains details of the foundation model usage.

" + "documentation":"

Specific to model invocation and contains details about the usage of a foundation model.

" } }, - "documentation":"

Provides details of the foundation model.

", + "documentation":"

Provides information about the execution process for different types of invocations, such as model invocation, knowledge base invocation, agent collaborator invocation, guardrail invocation, and code interpreter Invocation.

", "sensitive":true }, "MetadataAttributeSchema":{ "type":"structure", "required":[ - "description", "key", - "type" + "type", + "description" ], "members":{ - "description":{ - "shape":"MetadataAttributeSchemaDescriptionString", - "documentation":"

The attribute's description.

" - }, "key":{ "shape":"MetadataAttributeSchemaKeyString", "documentation":"

The attribute's key.

" @@ -3342,6 +5353,10 @@ "type":{ "shape":"AttributeType", "documentation":"

The attribute's type.

" + }, + "description":{ + "shape":"MetadataAttributeSchemaDescriptionString", + "documentation":"

The attribute's description.

" } }, "documentation":"

Details about a metadata attribute.

", @@ -3351,13 +5366,13 @@ "type":"string", "max":1024, "min":1, - "pattern":"^[\\s\\S]+$" + "pattern":"[\\s\\S]+" }, "MetadataAttributeSchemaKeyString":{ "type":"string", "max":256, "min":1, - "pattern":"^[\\s\\S]+$" + "pattern":"[\\s\\S]+" }, "MetadataAttributeSchemaList":{ "type":"list", @@ -3385,42 +5400,42 @@ "type":"string", "max":2048, "min":1, - "pattern":"(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+))$|(^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):inference-profile/[a-zA-Z0-9-:.]+)$" + "pattern":".*(^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+))$|(^arn:aws(|-us-gov|-cn|-iso|-iso-b):bedrock:(|[0-9a-z-]{1,20}):(|[0-9]{12}):inference-profile/[a-zA-Z0-9-:.]+)" }, "ModelInvocationInput":{ "type":"structure", "members":{ - "foundationModel":{ - "shape":"ModelIdentifier", - "documentation":"

The identifier of a foundation model.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" }, - "inferenceConfiguration":{ - "shape":"InferenceConfiguration", - "documentation":"

Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.

" + "text":{ + "shape":"PromptText", + "documentation":"

The text that prompted the agent at this step.

" + }, + "type":{ + "shape":"PromptType", + "documentation":"

The step in the agent sequence.

" }, "overrideLambda":{ "shape":"LambdaArn", "documentation":"

The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence.

" }, - "parserMode":{ - "shape":"CreationMode", - "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType.

" - }, "promptCreationMode":{ "shape":"CreationMode", "documentation":"

Specifies whether the default prompt template was OVERRIDDEN. If it was, the basePromptTemplate that was set in the PromptOverrideConfiguration object when the agent was created or updated is used instead.

" }, - "text":{ - "shape":"PromptText", - "documentation":"

The text that prompted the agent at this step.

" + "inferenceConfiguration":{ + "shape":"InferenceConfiguration", + "documentation":"

Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "parserMode":{ + "shape":"CreationMode", + "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType.

" }, - "type":{ - "shape":"PromptType", - "documentation":"

The step in the agent sequence.

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The identifier of a foundation model.

" } }, "documentation":"

The input for the pre-processing step.

  • The type matches the agent step.

  • The text contains the prompt.

  • The inferenceConfiguration, parserMode, and overrideLambda values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.

", @@ -3450,26 +5465,348 @@ }, "Name":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$", + "pattern":"([0-9a-zA-Z][_-]?){1,100}", "sensitive":true }, "NextToken":{ "type":"string", "max":2048, "min":1, - "pattern":"^\\S*$" + "pattern":"\\S*" + }, + "NodeActionEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "requestId", + "serviceName", + "operationName" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that called the operation.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The date and time that the operation was called.

" + }, + "requestId":{ + "shape":"String", + "documentation":"

The ID of the request that the node made to the operation.

" + }, + "serviceName":{ + "shape":"String", + "documentation":"

The name of the service that the node called.

" + }, + "operationName":{ + "shape":"String", + "documentation":"

The name of the operation that the node called.

" + }, + "operationRequest":{ + "shape":"Document", + "documentation":"

The request payload sent to the downstream service.

" + }, + "operationResponse":{ + "shape":"Document", + "documentation":"

The response payload received from the downstream service.

" + } + }, + "documentation":"

Contains information about an action (operation) called by a node during execution.

", + "sensitive":true + }, + "NodeDependencyEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "traceElements" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that generated the dependency trace.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The date and time that the dependency trace was generated.

" + }, + "traceElements":{ + "shape":"NodeTraceElements", + "documentation":"

The trace elements containing detailed information about the node execution.

" + } + }, + "documentation":"

Contains information about an internal trace of a specific node during execution.

", + "sensitive":true + }, + "NodeErrorCode":{ + "type":"string", + "enum":[ + "VALIDATION", + "DEPENDENCY_FAILED", + "BAD_GATEWAY", + "INTERNAL_SERVER" + ] + }, + "NodeExecutionContent":{ + "type":"structure", + "members":{ + "document":{ + "shape":"Document", + "documentation":"

The document content of the field, which can contain text or structured data.

" + } + }, + "documentation":"

Contains the content of a flow node's input or output field for a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true, + "union":true + }, + "NodeFailureEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "errorCode", + "errorMessage" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node where the failure occurred.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the node failure occurred.

" + }, + "errorCode":{ + "shape":"NodeErrorCode", + "documentation":"

The error code that identifies the type of failure that occurred at the node.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

A descriptive message that provides details about the node failure.

" + } + }, + "documentation":"

Contains information about a failure that occurred at a specific node during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "NodeInputEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "fields" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that received the inputs.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the inputs were provided to the node.

" + }, + "fields":{ + "shape":"NodeInputFields", + "documentation":"

A list of input fields provided to the node.

" + } + }, + "documentation":"

Contains information about the inputs provided to a specific node during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "NodeInputExecutionChain":{ + "type":"list", + "member":{"shape":"NodeInputExecutionChainItem"} + }, + "NodeInputExecutionChainItem":{ + "type":"structure", + "required":[ + "nodeName", + "type" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node in the execution chain.

" + }, + "index":{ + "shape":"Integer", + "documentation":"

The index position of this item in the execution chain.

" + }, + "type":{ + "shape":"FlowControlNodeType", + "documentation":"

The type of execution chain item. Supported values are Iterator and Loop.

" + } + }, + "documentation":"

Represents an item in the execution chain for node input tracking.

" + }, + "NodeInputField":{ + "type":"structure", + "required":[ + "name", + "content" + ], + "members":{ + "name":{ + "shape":"NodeInputName", + "documentation":"

The name of the input field as defined in the node's input schema.

" + }, + "content":{ + "shape":"NodeExecutionContent", + "documentation":"

The content of the input field, which can contain text or structured data.

" + }, + "source":{ + "shape":"NodeInputSource", + "documentation":"

The source node that provides input data to this field.

" + }, + "type":{ + "shape":"FlowNodeIODataType", + "documentation":"

The data type of the input field for compatibility validation.

" + }, + "category":{ + "shape":"FlowNodeInputCategory", + "documentation":"

The category of the input field.

" + }, + "executionChain":{ + "shape":"NodeInputExecutionChain", + "documentation":"

The execution path through nested nodes like iterators and loops.

" + } + }, + "documentation":"

Represents an input field provided to a node during a flow execution.

", + "sensitive":true + }, + "NodeInputFields":{ + "type":"list", + "member":{"shape":"NodeInputField"}, + "max":5, + "min":1 }, "NodeInputName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}" + }, + "NodeInputSource":{ + "type":"structure", + "required":[ + "nodeName", + "outputFieldName", + "expression" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the source node that provides the input data.

" + }, + "outputFieldName":{ + "shape":"FlowNodeOutputName", + "documentation":"

The name of the output field from the source node.

" + }, + "expression":{ + "shape":"FlowNodeInputExpression", + "documentation":"

The expression used to extract data from the source.

" + } + }, + "documentation":"

Represents the source of input data for a node field.

" }, "NodeName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}" + }, + "NodeOutputEvent":{ + "type":"structure", + "required":[ + "nodeName", + "timestamp", + "fields" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the node that produced the outputs.

" + }, + "timestamp":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the outputs were produced by the node.

" + }, + "fields":{ + "shape":"NodeOutputFields", + "documentation":"

A list of output fields produced by the node.

" + } + }, + "documentation":"

Contains information about the outputs produced by a specific node during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "NodeOutputField":{ + "type":"structure", + "required":[ + "name", + "content" + ], + "members":{ + "name":{ + "shape":"NodeOutputName", + "documentation":"

The name of the output field as defined in the node's output schema.

" + }, + "content":{ + "shape":"NodeExecutionContent", + "documentation":"

The content of the output field, which can contain text or structured data.

" + }, + "next":{ + "shape":"NodeOutputNextList", + "documentation":"

The next node that receives output data from this field.

" + }, + "type":{ + "shape":"FlowNodeIODataType", + "documentation":"

The data type of the output field for compatibility validation.

" + } + }, + "documentation":"

Represents an output field produced by a node during a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "NodeOutputFields":{ + "type":"list", + "member":{"shape":"NodeOutputField"}, + "max":2, + "min":1 }, "NodeOutputName":{ "type":"string", - "pattern":"^[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}$" + "pattern":"[a-zA-Z]([_]?[0-9a-zA-Z]){0,99}" + }, + "NodeOutputNext":{ + "type":"structure", + "required":[ + "nodeName", + "inputFieldName" + ], + "members":{ + "nodeName":{ + "shape":"NodeName", + "documentation":"

The name of the next node that receives the output data.

" + }, + "inputFieldName":{ + "shape":"FlowNodeInputName", + "documentation":"

The name of the input field in the next node that receives the data.

" + } + }, + "documentation":"

Represents the next node that receives output data.

", + "sensitive":true + }, + "NodeOutputNextList":{ + "type":"list", + "member":{"shape":"NodeOutputNext"} + }, + "NodeTraceElements":{ + "type":"structure", + "members":{ + "agentTraces":{ + "shape":"AgentTraces", + "documentation":"

Agent trace information for the node execution.

" + } + }, + "documentation":"

Contains trace elements for node execution tracking.

", + "sensitive":true, + "union":true }, "NodeType":{ "type":"string", @@ -3485,11 +5822,19 @@ }, "NonBlankString":{ "type":"string", - "pattern":"^[\\s\\S]*$" + "pattern":"[\\s\\S]*" }, "Observation":{ "type":"structure", "members":{ + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" + }, + "type":{ + "shape":"Type", + "documentation":"

Specifies what kind of information the agent returns in the observation. The following values are possible.

  • ACTION_GROUP – The agent returns the result of an action group.

  • KNOWLEDGE_BASE – The agent returns information from a knowledge base.

  • FINISH – The agent returns a final response to the user with no follow-up.

  • ASK_USER – The agent asks the user a question.

  • REPROMPT – The agent prompts the user again for the same information.

" + }, "actionGroupInvocationOutput":{ "shape":"ActionGroupInvocationOutput", "documentation":"

Contains the JSON-formatted string returned by the API invoked by the action group.

" @@ -3498,29 +5843,21 @@ "shape":"AgentCollaboratorInvocationOutput", "documentation":"

A collaborator's invocation output.

" }, - "codeInterpreterInvocationOutput":{ - "shape":"CodeInterpreterInvocationOutput", - "documentation":"

Contains the JSON-formatted string returned by the API invoked by the code interpreter.

" + "knowledgeBaseLookupOutput":{ + "shape":"KnowledgeBaseLookupOutput", + "documentation":"

Contains details about the results from looking up the knowledge base.

" }, "finalResponse":{ "shape":"FinalResponse", "documentation":"

Contains details about the response to the user.

" }, - "knowledgeBaseLookupOutput":{ - "shape":"KnowledgeBaseLookupOutput", - "documentation":"

Contains details about the results from looking up the knowledge base.

" - }, "repromptResponse":{ "shape":"RepromptResponse", "documentation":"

Contains details about the response to reprompt the input.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" - }, - "type":{ - "shape":"Type", - "documentation":"

Specifies what kind of information the agent returns in the observation. The following values are possible.

  • ACTION_GROUP – The agent returns the result of an action group.

  • KNOWLEDGE_BASE – The agent returns information from a knowledge base.

  • FINISH – The agent returns a final response to the user with no follow-up.

  • ASK_USER – The agent asks the user a question.

  • REPROMPT – The agent prompts the user again for the same information.

" + "codeInterpreterInvocationOutput":{ + "shape":"CodeInterpreterInvocationOutput", + "documentation":"

Contains the JSON-formatted string returned by the API invoked by the code interpreter.

" } }, "documentation":"

Contains the result or output of an action group or knowledge base, or the response to the user.

", @@ -3547,7 +5884,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)" }, "OptimizePromptResponse":{ "type":"structure", @@ -3586,30 +5923,18 @@ "OptimizedPromptStream":{ "type":"structure", "members":{ - "accessDeniedException":{ - "shape":"AccessDeniedException", - "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" + "optimizedPromptEvent":{ + "shape":"OptimizedPromptEvent", + "documentation":"

An event in which the prompt was optimized.

" }, "analyzePromptEvent":{ "shape":"AnalyzePromptEvent", "documentation":"

An event in which the prompt was analyzed in preparation for optimization.

" }, - "badGatewayException":{ - "shape":"BadGatewayException", - "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" - }, - "dependencyFailedException":{ - "shape":"DependencyFailedException", - "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" - }, "internalServerException":{ "shape":"InternalServerException", "documentation":"

An internal server error occurred. Retry your request.

" }, - "optimizedPromptEvent":{ - "shape":"OptimizedPromptEvent", - "documentation":"

An event in which the prompt was optimized.

" - }, "throttlingException":{ "shape":"ThrottlingException", "documentation":"

Your request was throttled because of service-wide limitations. Resubmit your request later or in a different region. You can also purchase Provisioned Throughput to increase the rate or number of tokens you can process.

" @@ -3617,6 +5942,18 @@ "validationException":{ "shape":"ValidationException", "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + }, + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" } }, "documentation":"

The stream containing events in the prompt optimization process.

", @@ -3625,43 +5962,58 @@ "OrchestrationConfiguration":{ "type":"structure", "members":{ - "additionalModelRequestFields":{ - "shape":"AdditionalModelRequestFields", - "documentation":"

Additional model parameters and corresponding values not included in the textInferenceConfig structure for a knowledge base. This allows users to provide custom model parameters specific to the language model being used.

" + "promptTemplate":{ + "shape":"PromptTemplate", + "documentation":"

Contains the template for the prompt that's sent to the model. Orchestration prompts must include the $conversation_history$ and $output_format_instructions$ variables. For more information, see Use placeholder variables in the user guide.

" }, "inferenceConfig":{ "shape":"InferenceConfig", "documentation":"

Configuration settings for inference when using RetrieveAndGenerate to generate responses while using a knowledge base as a source.

" }, - "performanceConfig":{ - "shape":"PerformanceConfiguration", - "documentation":"

The latency configuration for the model.

" - }, - "promptTemplate":{ - "shape":"PromptTemplate", - "documentation":"

Contains the template for the prompt that's sent to the model. Orchestration prompts must include the $conversation_history$ and $output_format_instructions$ variables. For more information, see Use placeholder variables in the user guide.

" + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

Additional model parameters and corresponding values not included in the textInferenceConfig structure for a knowledge base. This allows users to provide custom model parameters specific to the language model being used.

" }, "queryTransformationConfiguration":{ "shape":"QueryTransformationConfiguration", "documentation":"

To split up the prompt and retrieve multiple sources, set the transformation type to QUERY_DECOMPOSITION.

" + }, + "performanceConfig":{ + "shape":"PerformanceConfiguration", + "documentation":"

The latency configuration for the model.

" } }, "documentation":"

Settings for how the model processes the prompt prior to retrieval and generation.

" }, + "OrchestrationExecutor":{ + "type":"structure", + "members":{ + "lambda":{ + "shape":"LambdaArn", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function containing the business logic that is carried out upon invoking the action.

" + } + }, + "documentation":"

The structure of the executor invoking the actions in custom orchestration.

", + "union":true + }, "OrchestrationModelInvocationOutput":{ "type":"structure", "members":{ - "metadata":{ - "shape":"Metadata", - "documentation":"

Contains information about the foundation model output from the orchestration step.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" }, "rawResponse":{ "shape":"RawResponse", "documentation":"

Contains details of the raw response from the foundation model output.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the foundation model output from the orchestration step.

" + }, + "reasoningContent":{ + "shape":"ReasoningContentBlock", + "documentation":"

Contains content about the reasoning that the model made during the orchestration step.

" } }, "documentation":"

The foundation model output from the orchestration step.

", @@ -3670,10 +6022,18 @@ "OrchestrationTrace":{ "type":"structure", "members":{ + "rationale":{ + "shape":"Rationale", + "documentation":"

Details about the reasoning, based on the input, that the agent uses to justify carrying out an action group or getting information from a knowledge base.

" + }, "invocationInput":{ "shape":"InvocationInput", "documentation":"

Contains information pertaining to the action group or knowledge base that is being invoked.

" }, + "observation":{ + "shape":"Observation", + "documentation":"

Details about the observation (the output of the action group Lambda or knowledge base) made by the agent.

" + }, "modelInvocationInput":{ "shape":"ModelInvocationInput", "documentation":"

The input for the orchestration step.

  • The type is ORCHESTRATION.

  • The text contains the prompt.

  • The inferenceConfiguration, parserMode, and overrideLambda values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.

" @@ -3681,27 +6041,22 @@ "modelInvocationOutput":{ "shape":"OrchestrationModelInvocationOutput", "documentation":"

Contains information pertaining to the output from the foundation model that is being invoked.

" - }, - "observation":{ - "shape":"Observation", - "documentation":"

Details about the observation (the output of the action group Lambda or knowledge base) made by the agent.

" - }, - "rationale":{ - "shape":"Rationale", - "documentation":"

Details about the reasoning, based on the input, that the agent uses to justify carrying out an action group or getting information from a knowledge base.

" } }, "documentation":"

Details about the orchestration step, in which the agent determines the order in which actions are executed and which knowledge bases are retrieved.

", "sensitive":true, "union":true }, + "OrchestrationType":{ + "type":"string", + "enum":[ + "DEFAULT", + "CUSTOM_ORCHESTRATION" + ] + }, "OutputFile":{ "type":"structure", "members":{ - "bytes":{ - "shape":"FileBody", - "documentation":"

The byte count of files that contains response from code interpreter.

" - }, "name":{ "shape":"String", "documentation":"

The name of the file containing response from code interpreter.

" @@ -3709,6 +6064,10 @@ "type":{ "shape":"MimeType", "documentation":"

The type of file that contains response from the code interpreter.

" + }, + "bytes":{ + "shape":"FileBody", + "documentation":"

The byte count of files that contains response from code interpreter.

" } }, "documentation":"

Contains details of the response from code interpreter.

", @@ -3755,13 +6114,13 @@ "shape":"ParameterDescription", "documentation":"

A description of the parameter. Helps the foundation model determine how to elicit the parameters from the user.

" }, - "required":{ - "shape":"Boolean", - "documentation":"

Whether the parameter is required for the agent to complete the function for action group invocation.

" - }, "type":{ "shape":"ParameterType", "documentation":"

The data type of the parameter.

" + }, + "required":{ + "shape":"Boolean", + "documentation":"

Whether the parameter is required for the agent to complete the function for action group invocation.

" } }, "documentation":"

Contains details about a parameter in a function for an action group.

" @@ -3777,7 +6136,7 @@ }, "ParameterName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$" + "pattern":"([0-9a-zA-Z][_-]?){1,100}" }, "ParameterType":{ "type":"string", @@ -3806,13 +6165,13 @@ "PayloadPart":{ "type":"structure", "members":{ - "attribution":{ - "shape":"Attribution", - "documentation":"

Contains citations for a part of an agent response.

" - }, "bytes":{ "shape":"PartBody", "documentation":"

A part of the agent response in bytes.

" + }, + "attribution":{ + "shape":"Attribution", + "documentation":"

Contains citations for a part of an agent response.

" } }, "documentation":"

Contains a part of an agent response and citations for it.

", @@ -3846,9 +6205,9 @@ "PostProcessingModelInvocationOutput":{ "type":"structure", "members":{ - "metadata":{ - "shape":"Metadata", - "documentation":"

Contains information about the foundation model output from the post-processing step.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" }, "parsedResponse":{ "shape":"PostProcessingParsedResponse", @@ -3858,9 +6217,13 @@ "shape":"RawResponse", "documentation":"

Details of the raw response from the foundation model output.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the foundation model output from the post-processing step.

" + }, + "reasoningContent":{ + "shape":"ReasoningContentBlock", + "documentation":"

Contains content about the reasoning that the model made during the post-processing step.

" } }, "documentation":"

The foundation model output from the post-processing step.

", @@ -3896,9 +6259,9 @@ "PreProcessingModelInvocationOutput":{ "type":"structure", "members":{ - "metadata":{ - "shape":"Metadata", - "documentation":"

Contains information about the foundation model output from the pre-processing step.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" }, "parsedResponse":{ "shape":"PreProcessingParsedResponse", @@ -3908,9 +6271,13 @@ "shape":"RawResponse", "documentation":"

Details of the raw response from the foundation model output.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The unique identifier of the trace.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the foundation model output from the pre-processing step.

" + }, + "reasoningContent":{ + "shape":"ReasoningContentBlock", + "documentation":"

Contains content about the reasoning that the model made during the pre-processing step.

" } }, "documentation":"

The foundation model output from the pre-processing step.

", @@ -3919,13 +6286,13 @@ "PreProcessingParsedResponse":{ "type":"structure", "members":{ - "isValid":{ - "shape":"Boolean", - "documentation":"

Whether the user input is valid or not. If false, the agent doesn't proceed to orchestration.

" - }, "rationale":{ "shape":"RationaleString", "documentation":"

The text returned by the parsing of the pre-processing step, explaining the steps that the agent plans to take in orchestration, if the user input is valid.

" + }, + "isValid":{ + "shape":"Boolean", + "documentation":"

Whether the user input is valid or not. If false, the agent doesn't proceed to orchestration.

" } }, "documentation":"

Details about the response from the Lambda parsing of the output from the pre-processing step.

", @@ -3950,6 +6317,18 @@ "PromptConfiguration":{ "type":"structure", "members":{ + "promptType":{ + "shape":"PromptType", + "documentation":"

The step in the agent sequence that this prompt configuration applies to.

" + }, + "promptCreationMode":{ + "shape":"CreationMode", + "documentation":"

Specifies whether to override the default prompt template for this promptType. Set this value to OVERRIDDEN to use the prompt that you provide in the basePromptTemplate. If you leave it as DEFAULT, the agent uses a default prompt template.

" + }, + "promptState":{ + "shape":"PromptState", + "documentation":"

Specifies whether to allow the inline agent to carry out the step specified in the promptType. If you set this value to DISABLED, the agent skips that step. The default state for each promptType is as follows.

  • PRE_PROCESSINGENABLED

  • ORCHESTRATIONENABLED

  • KNOWLEDGE_BASE_RESPONSE_GENERATIONENABLED

  • POST_PROCESSINGDISABLED

" + }, "basePromptTemplate":{ "shape":"BasePromptTemplate", "documentation":"

Defines the prompt template with which to replace the default prompt template. You can use placeholder variables in the base prompt template to customize the prompt. For more information, see Prompt template placeholder variables. For more information, see Configure the prompt templates.

" @@ -3960,19 +6339,15 @@ }, "parserMode":{ "shape":"CreationMode", - "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType. If you set the field as OVERRIDEN, the overrideLambda field in the PromptOverrideConfiguration must be specified with the ARN of a Lambda function.

" + "documentation":"

Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType. If you set the field as OVERRIDDEN, the overrideLambda field in the PromptOverrideConfiguration must be specified with the ARN of a Lambda function.

" }, - "promptCreationMode":{ - "shape":"CreationMode", - "documentation":"

Specifies whether to override the default prompt template for this promptType. Set this value to OVERRIDDEN to use the prompt that you provide in the basePromptTemplate. If you leave it as DEFAULT, the agent uses a default prompt template.

" - }, - "promptState":{ - "shape":"PromptState", - "documentation":"

Specifies whether to allow the inline agent to carry out the step specified in the promptType. If you set this value to DISABLED, the agent skips that step. The default state for each promptType is as follows.

  • PRE_PROCESSINGENABLED

  • ORCHESTRATIONENABLED

  • KNOWLEDGE_BASE_RESPONSE_GENERATIONENABLED

  • POST_PROCESSINGDISABLED

" + "foundationModel":{ + "shape":"ModelIdentifier", + "documentation":"

The foundation model to use.

" }, - "promptType":{ - "shape":"PromptType", - "documentation":"

The step in the agent sequence that this prompt configuration applies to.

" + "additionalModelRequestFields":{ + "shape":"Document", + "documentation":"

If the Converse or ConverseStream operations support the model, additionalModelRequestFields contains additional inference parameters, beyond the base set of inference parameters in the inferenceConfiguration field.

For more information, see Inference request parameters and response fields for foundation models in the Amazon Bedrock user guide.

" } }, "documentation":"

Contains configurations to override a prompt template in one part of an agent sequence. For more information, see Advanced prompts.

" @@ -3983,17 +6358,36 @@ "max":10, "min":0 }, + "PromptCreationConfigurations":{ + "type":"structure", + "members":{ + "previousConversationTurnsToInclude":{ + "shape":"PromptCreationConfigurationsPreviousConversationTurnsToIncludeInteger", + "documentation":"

The number of previous conversations from the ongoing agent session to include in the conversation history of the agent prompt, during the current invocation. This gives you more granular control over the context that the model is made aware of, and helps the model remove older context which is no longer useful during the ongoing agent session.

" + }, + "excludePreviousThinkingSteps":{ + "shape":"Boolean", + "documentation":"

If true, the service removes any content between <thinking> tags from previous conversations in an agent session. The service will only remove content from already processed turns. This helps you remove content which might not be useful for current and subsequent invocations. This can reduce the input token count and potentially save costs. The default value is false.

" + } + }, + "documentation":"

Specifies parameters that control how the service populates the agent prompt for an InvokeAgent or InvokeInlineAgent request. You can control which aspects of previous invocations in the same agent session the service uses to populate the agent prompt. This gives you more granular control over the contextual history that is used to process the current request.

" + }, + "PromptCreationConfigurationsPreviousConversationTurnsToIncludeInteger":{ + "type":"integer", + "box":true, + "min":0 + }, "PromptOverrideConfiguration":{ "type":"structure", "required":["promptConfigurations"], "members":{ - "overrideLambda":{ - "shape":"LambdaResourceArn", - "documentation":"

The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN. For more information, see Parser Lambda function in Amazon Bedrock Agents.

" - }, "promptConfigurations":{ "shape":"PromptConfigurations", "documentation":"

Contains configurations to override a prompt template in one part of an agent sequence. For more information, see Advanced prompts.

" + }, + "overrideLambda":{ + "shape":"LambdaResourceArn", + "documentation":"

The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the promptConfigurations must contain a parserMode value that is set to OVERRIDDEN. For more information, see Parser Lambda function in Amazon Bedrock Agents.

" } }, "documentation":"

Contains configurations to override prompts in different parts of an agent sequence. For more information, see Advanced prompts.

", @@ -4045,20 +6439,63 @@ }, "documentation":"

Contains the parameters in the request body.

" }, - "QueryGenerationInput":{ + "PutInvocationStepRequest":{ "type":"structure", "required":[ - "text", - "type" + "sessionIdentifier", + "invocationIdentifier", + "invocationStepTime", + "payload" ], "members":{ - "text":{ - "shape":"QueryGenerationInputTextString", - "documentation":"

The text of the query.

" + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier for the session to add the invocation step to. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + }, + "invocationIdentifier":{ + "shape":"InvocationIdentifier", + "documentation":"

The unique identifier (in UUID format) of the invocation to add the invocation step to.

" + }, + "invocationStepTime":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the invocation step occurred.

" + }, + "payload":{ + "shape":"InvocationStepPayload", + "documentation":"

The payload for the invocation step, including text and images for the interaction.

" }, + "invocationStepId":{ + "shape":"Uuid", + "documentation":"

The unique identifier of the invocation step in UUID format.

" + } + } + }, + "PutInvocationStepResponse":{ + "type":"structure", + "required":["invocationStepId"], + "members":{ + "invocationStepId":{ + "shape":"Uuid", + "documentation":"

The unique identifier of the invocation step in UUID format.

" + } + } + }, + "QueryGenerationInput":{ + "type":"structure", + "required":[ + "type", + "text" + ], + "members":{ "type":{ "shape":"InputQueryType", "documentation":"

The type of the query.

" + }, + "text":{ + "shape":"QueryGenerationInputTextString", + "documentation":"

The text of the query.

" } }, "documentation":"

Contains information about a natural language query to transform into SQL.

", @@ -4102,13 +6539,13 @@ "Rationale":{ "type":"structure", "members":{ - "text":{ - "shape":"RationaleString", - "documentation":"

The reasoning or thought process of the agent, based on the input.

" - }, "traceId":{ "shape":"TraceId", "documentation":"

The unique identifier of the trace step.

" + }, + "text":{ + "shape":"RationaleString", + "documentation":"

The reasoning or thought process of the agent, based on the input.

" } }, "documentation":"

Contains the reasoning, based on the input, that the agent uses to justify carrying out an action group or getting information from a knowledge base.

", @@ -4129,16 +6566,55 @@ "documentation":"

Contains the raw output from the foundation model.

", "sensitive":true }, - "RepromptResponse":{ + "ReasoningContentBlock":{ "type":"structure", "members":{ - "source":{ - "shape":"Source", - "documentation":"

Specifies what output is prompting the agent to reprompt the input.

" + "reasoningText":{ + "shape":"ReasoningTextBlock", + "documentation":"

Contains information about the reasoning that the model used to return the content in the content block.

" + }, + "redactedContent":{ + "shape":"Blob", + "documentation":"

The content in the reasoning that was encrypted by the model provider for trust and safety reasons.

" + } + }, + "documentation":"

Contains content regarding the reasoning that the foundation model made with respect to the content in the content block. Reasoning refers to a Chain of Thought (CoT) that the model generates to enhance the accuracy of its final response.

", + "sensitive":true, + "union":true + }, + "ReasoningTextBlock":{ + "type":"structure", + "required":["text"], + "members":{ + "text":{ + "shape":"String", + "documentation":"

Text describing the reasoning that the model used to return the content in the content block.

" }, + "signature":{ + "shape":"String", + "documentation":"

A hash of all the messages in the conversation to ensure that the content in the reasoning text block isn't tampered with. You must submit the signature in subsequent Converse requests, in addition to the previous messages. If the previous messages are tampered with, the response throws an error.

" + } + }, + "documentation":"

Contains information about the reasoning that the model used to return the content in the content block.

", + "sensitive":true + }, + "RelayConversationHistory":{ + "type":"string", + "enum":[ + "TO_COLLABORATOR", + "DISABLED" + ] + }, + "RepromptResponse":{ + "type":"structure", + "members":{ "text":{ "shape":"String", "documentation":"

The text reprompting the input.

" + }, + "source":{ + "shape":"Source", + "documentation":"

Specifies what output is prompting the agent to reprompt the input.

" } }, "documentation":"

Contains details about the agent's response to reprompt the input.

", @@ -4165,17 +6641,17 @@ "type":"structure", "required":["type"], "members":{ - "jsonDocument":{ - "shape":"Document", - "documentation":"

Contains a JSON document to rerank.

" + "type":{ + "shape":"RerankDocumentType", + "documentation":"

The type of document to rerank.

" }, "textDocument":{ "shape":"RerankTextDocument", "documentation":"

Contains information about a text document to rerank.

" }, - "type":{ - "shape":"RerankDocumentType", - "documentation":"

The type of document to rerank.

" + "jsonDocument":{ + "shape":"Document", + "documentation":"

Contains a JSON document to rerank.

" } }, "documentation":"

Contains information about a document to rerank. Choose the type to define and include the field that corresponds to the type.

", @@ -4198,17 +6674,17 @@ "RerankQuery":{ "type":"structure", "required":[ - "textQuery", - "type" + "type", + "textQuery" ], "members":{ - "textQuery":{ - "shape":"RerankTextDocument", - "documentation":"

Contains information about a text query.

" - }, "type":{ "shape":"RerankQueryContentType", "documentation":"

The type of the query.

" + }, + "textQuery":{ + "shape":"RerankTextDocument", + "documentation":"

Contains information about a text query.

" } }, "documentation":"

Contains information about a query to submit to the reranker model.

", @@ -4222,25 +6698,25 @@ "type":"structure", "required":[ "queries", - "rerankingConfiguration", - "sources" + "sources", + "rerankingConfiguration" ], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

If the total number of results was greater than could fit in a response, a token is returned in the nextToken field. You can enter that token in this field to return the next batch of results.

" - }, "queries":{ "shape":"RerankQueriesList", "documentation":"

An array of objects, each of which contains information about a query to submit to the reranker model.

" }, + "sources":{ + "shape":"RerankSourcesList", + "documentation":"

An array of objects, each of which contains information about the sources to rerank.

" + }, "rerankingConfiguration":{ "shape":"RerankingConfiguration", "documentation":"

Contains configurations for reranking.

" }, - "sources":{ - "shape":"RerankSourcesList", - "documentation":"

An array of objects, each of which contains information about the sources to rerank.

" + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results was greater than could fit in a response, a token is returned in the nextToken field. You can enter that token in this field to return the next batch of results.

" } } }, @@ -4248,13 +6724,13 @@ "type":"structure", "required":["results"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

If the total number of results is greater than can fit in the response, use this token in the nextToken field when making another request to return the next batch of results.

" - }, "results":{ "shape":"RerankResultsList", "documentation":"

An array of objects, each of which contains information about the results of reranking.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If the total number of results is greater than can fit in the response, use this token in the nextToken field when making another request to return the next batch of results.

" } } }, @@ -4265,10 +6741,6 @@ "relevanceScore" ], "members":{ - "document":{ - "shape":"RerankDocument", - "documentation":"

Contains information about the document.

" - }, "index":{ "shape":"RerankResultIndexInteger", "documentation":"

The ranking of the document. The lower a number, the higher the document is ranked.

" @@ -4276,6 +6748,10 @@ "relevanceScore":{ "shape":"Float", "documentation":"

The relevance score of the document.

" + }, + "document":{ + "shape":"RerankDocument", + "documentation":"

Contains information about the document.

" } }, "documentation":"

Contains information about a document that was reranked.

" @@ -4293,17 +6769,17 @@ "RerankSource":{ "type":"structure", "required":[ - "inlineDocumentSource", - "type" + "type", + "inlineDocumentSource" ], "members":{ - "inlineDocumentSource":{ - "shape":"RerankDocument", - "documentation":"

Contains an inline definition of a source for reranking.

" - }, "type":{ "shape":"RerankSourceType", "documentation":"

The type of the source.

" + }, + "inlineDocumentSource":{ + "shape":"RerankDocument", + "documentation":"

Contains an inline definition of a source for reranking.

" } }, "documentation":"

Contains information about a source for reranking.

", @@ -4333,23 +6809,23 @@ }, "RerankTextDocumentTextString":{ "type":"string", - "max":9000, + "max":32000, "min":1 }, "RerankingConfiguration":{ "type":"structure", "required":[ - "bedrockRerankingConfiguration", - "type" + "type", + "bedrockRerankingConfiguration" ], "members":{ - "bedrockRerankingConfiguration":{ - "shape":"BedrockRerankingConfiguration", - "documentation":"

Contains configurations for an Amazon Bedrock reranker.

" - }, "type":{ "shape":"RerankingConfigurationType", "documentation":"

The type of reranker that the configurations apply to.

" + }, + "bedrockRerankingConfiguration":{ + "shape":"BedrockRerankingConfiguration", + "documentation":"

Contains configurations for an Amazon Bedrock reranker.

" } }, "documentation":"

Contains configurations for reranking.

" @@ -4368,13 +6844,13 @@ "RerankingMetadataSelectiveModeConfiguration":{ "type":"structure", "members":{ - "fieldsToExclude":{ - "shape":"FieldsForReranking", - "documentation":"

An array of objects, each of which specifies a metadata field to exclude from consideration when reranking.

" - }, "fieldsToInclude":{ "shape":"FieldsForReranking", "documentation":"

An array of objects, each of which specifies a metadata field to include in consideration when reranking. The remaining metadata fields are ignored.

" + }, + "fieldsToExclude":{ + "shape":"FieldsForReranking", + "documentation":"

An array of objects, each of which specifies a metadata field to exclude from consideration when reranking.

" } }, "documentation":"

Contains configurations for the metadata fields to include or exclude when considering reranking. If you include the fieldsToExclude field, the reranker ignores all the metadata fields that you specify. If you include the fieldsToInclude field, the reranker uses only the metadata fields that you specify and ignores all others. You can include only one of these fields.

", @@ -4389,7 +6865,7 @@ }, "ResourceName":{ "type":"string", - "pattern":"^([0-9a-zA-Z][_-]?){1,100}$", + "pattern":"([0-9a-zA-Z][_-]?){1,100}", "sensitive":true }, "ResourceNotFoundException":{ @@ -4419,46 +6895,30 @@ "ResponseStream":{ "type":"structure", "members":{ - "accessDeniedException":{ - "shape":"AccessDeniedException", - "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" - }, - "badGatewayException":{ - "shape":"BadGatewayException", - "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" - }, "chunk":{ "shape":"PayloadPart", "documentation":"

Contains a part of an agent response and citations for it.

" }, - "conflictException":{ - "shape":"ConflictException", - "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" - }, - "dependencyFailedException":{ - "shape":"DependencyFailedException", - "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + "trace":{ + "shape":"TracePart", + "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace events.

" }, - "files":{ - "shape":"FilePart", - "documentation":"

Contains intermediate response for code interpreter if any files have been generated.

" + "returnControl":{ + "shape":"ReturnControlPayload", + "documentation":"

Contains the parameters and information that the agent elicited from the customer to carry out an action. This information is returned to the system and can be used in your own setup for fulfilling the action.

" }, "internalServerException":{ "shape":"InternalServerException", "documentation":"

An internal server error occurred. Retry your request.

" }, - "modelNotReadyException":{ - "shape":"ModelNotReadyException", - "documentation":"

The model specified in the request is not ready to serve Inference requests. The AWS SDK will automatically retry the operation up to 5 times. For information about configuring automatic retries, see Retry behavior in the AWS SDKs and Tools reference guide.

" + "validationException":{ + "shape":"ValidationException", + "documentation":"

Input validation failed. Check your request parameters and retry the request.

" }, "resourceNotFoundException":{ "shape":"ResourceNotFoundException", "documentation":"

The specified resource Amazon Resource Name (ARN) was not found. Check the Amazon Resource Name (ARN) and try your request again.

" }, - "returnControl":{ - "shape":"ReturnControlPayload", - "documentation":"

Contains the parameters and information that the agent elicited from the customer to carry out an action. This information is returned to the system and can be used in your own setup for fulfilling the action.

" - }, "serviceQuotaExceededException":{ "shape":"ServiceQuotaExceededException", "documentation":"

The number of requests exceeds the service quota. Resubmit your request later.

" @@ -4467,13 +6927,29 @@ "shape":"ThrottlingException", "documentation":"

The number of requests exceeds the limit. Resubmit your request later.

" }, - "trace":{ - "shape":"TracePart", - "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace events.

" + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"

The request is denied because of missing access permissions. Check your permissions and retry your request.

" }, - "validationException":{ - "shape":"ValidationException", - "documentation":"

Input validation failed. Check your request parameters and retry the request.

" + "conflictException":{ + "shape":"ConflictException", + "documentation":"

There was a conflict performing an operation. Resolve the conflict and retry your request.

" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"

There was an issue with a dependency. Check the resource configurations and retry the request.

" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"

There was an issue with a dependency due to a server issue. Retry your request.

" + }, + "modelNotReadyException":{ + "shape":"ModelNotReadyException", + "documentation":"

The model specified in the request is not ready to serve Inference requests. The AWS SDK will automatically retry the operation up to 5 times. For information about configuring automatic retries, see Retry behavior in the AWS SDKs and Tools reference guide.

" + }, + "files":{ + "shape":"FilePart", + "documentation":"

Contains intermediate response for code interpreter if any files have been generated.

" } }, "documentation":"

The response from invoking the agent and associated citations and trace information.

", @@ -4482,14 +6958,14 @@ "RetrievalFilter":{ "type":"structure", "members":{ - "andAll":{ - "shape":"RetrievalFilterList", - "documentation":"

Knowledge base data sources are returned if their metadata attributes fulfill all the filter conditions inside this list.

" - }, "equals":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value matches the value in this object.

The following example would return data sources with an animal attribute whose value is cat:

\"equals\": { \"key\": \"animal\", \"value\": \"cat\" }

" }, + "notEquals":{ + "shape":"FilterAttribute", + "documentation":"

Knowledge base data sources are returned when:

  • It contains a metadata attribute whose name matches the key and whose value doesn't match the value in this object.

  • The key is not present in the document.

The following example would return data sources that don't contain an animal attribute whose value is cat.

\"notEquals\": { \"key\": \"animal\", \"value\": \"cat\" }

" + }, "greaterThan":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is greater than the value in this object.

The following example would return data sources with an year attribute whose value is greater than 1989:

\"greaterThan\": { \"key\": \"year\", \"value\": 1989 }

" @@ -4498,10 +6974,6 @@ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is greater than or equal to the value in this object.

The following example would return data sources with an year attribute whose value is greater than or equal to 1989:

\"greaterThanOrEquals\": { \"key\": \"year\", \"value\": 1989 }

" }, - "in":{ - "shape":"FilterAttribute", - "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is in the list specified in the value in this object.

The following example would return data sources with an animal attribute that is either cat or dog:

\"in\": { \"key\": \"animal\", \"value\": [\"cat\", \"dog\"] }

" - }, "lessThan":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is less than the value in this object.

The following example would return data sources with an year attribute whose value is less than to 1989.

\"lessThan\": { \"key\": \"year\", \"value\": 1989 }

" @@ -4510,29 +6982,33 @@ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is less than or equal to the value in this object.

The following example would return data sources with an year attribute whose value is less than or equal to 1989.

\"lessThanOrEquals\": { \"key\": \"year\", \"value\": 1989 }

" }, - "listContains":{ - "shape":"FilterAttribute", - "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is a list that contains the value as one of its members.

The following example would return data sources with an animals attribute that is a list containing a cat member (for example [\"dog\", \"cat\"]).

\"listContains\": { \"key\": \"animals\", \"value\": \"cat\" }

" - }, - "notEquals":{ + "in":{ "shape":"FilterAttribute", - "documentation":"

Knowledge base data sources that contain a metadata attribute whose name matches the key and whose value doesn't match the value in this object are returned.

The following example would return data sources that don't contain an animal attribute whose value is cat.

\"notEquals\": { \"key\": \"animal\", \"value\": \"cat\" }

" + "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is in the list specified in the value in this object.

The following example would return data sources with an animal attribute that is either cat or dog:

\"in\": { \"key\": \"animal\", \"value\": [\"cat\", \"dog\"] }

" }, "notIn":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value isn't in the list specified in the value in this object.

The following example would return data sources whose animal attribute is neither cat nor dog.

\"notIn\": { \"key\": \"animal\", \"value\": [\"cat\", \"dog\"] }

" }, - "orAll":{ - "shape":"RetrievalFilterList", - "documentation":"

Knowledge base data sources are returned if their metadata attributes fulfill at least one of the filter conditions inside this list.

" - }, "startsWith":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value starts with the value in this object. This filter is currently only supported for Amazon OpenSearch Serverless vector stores.

The following example would return data sources with an animal attribute starts with ca (for example, cat or camel).

\"startsWith\": { \"key\": \"animal\", \"value\": \"ca\" }

" }, + "listContains":{ + "shape":"FilterAttribute", + "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is a list that contains the value as one of its members.

The following example would return data sources with an animals attribute that is a list containing a cat member (for example [\"dog\", \"cat\"]).

\"listContains\": { \"key\": \"animals\", \"value\": \"cat\" }

" + }, "stringContains":{ "shape":"FilterAttribute", "documentation":"

Knowledge base data sources are returned if they contain a metadata attribute whose name matches the key and whose value is one of the following:

  • A string that contains the value as a substring. The following example would return data sources with an animal attribute that contains the substring at (for example cat).

    \"stringContains\": { \"key\": \"animal\", \"value\": \"at\" }

  • A list with a member that contains the value as a substring. The following example would return data sources with an animals attribute that is a list containing a member that contains the substring at (for example [\"dog\", \"cat\"]).

    \"stringContains\": { \"key\": \"animals\", \"value\": \"at\" }

" + }, + "andAll":{ + "shape":"RetrievalFilterList", + "documentation":"

Knowledge base data sources are returned if their metadata attributes fulfill all the filter conditions inside this list.

" + }, + "orAll":{ + "shape":"RetrievalFilterList", + "documentation":"

Knowledge base data sources are returned if their metadata attributes fulfill at least one of the filter conditions inside this list.

" } }, "documentation":"

Specifies the filters to use on the metadata attributes in the knowledge base data sources before returning results. For more information, see Query configurations. See the examples below to see how to use these filters.

This data type is used in the following API operations:

", @@ -4557,6 +7033,14 @@ "RetrievalResultContent":{ "type":"structure", "members":{ + "type":{ + "shape":"RetrievalResultContentType", + "documentation":"

The type of content in the retrieval result.

" + }, + "text":{ + "shape":"String", + "documentation":"

The cited text from the data source.

" + }, "byteContent":{ "shape":"String", "documentation":"

A data URI with base64-encoded content from the data source. The URI is in the following format: returned in the following format: data:image/jpeg;base64,${base64-encoded string}.

" @@ -4564,14 +7048,6 @@ "row":{ "shape":"RetrievalResultContentRow", "documentation":"

Specifies information about the rows with the cells to return in retrieval.

" - }, - "text":{ - "shape":"String", - "documentation":"

The cited text from the data source.

" - }, - "type":{ - "shape":"RetrievalResultContentType", - "documentation":"

The type of content in the retrieval result.

" } }, "documentation":"

Contains information about a chunk of text from a data source in the knowledge base. If the result is from a structured data source, the cell in the database and the type of the value is also identified.

This data type is used in the following API operations:

", @@ -4644,22 +7120,22 @@ "type":"structure", "required":["type"], "members":{ - "confluenceLocation":{ - "shape":"RetrievalResultConfluenceLocation", - "documentation":"

The Confluence data source location.

" - }, - "customDocumentLocation":{ - "shape":"RetrievalResultCustomDocumentLocation", - "documentation":"

Specifies the location of a document in a custom data source.

" - }, - "kendraDocumentLocation":{ - "shape":"RetrievalResultKendraDocumentLocation", - "documentation":"

The location of a document in Amazon Kendra.

" + "type":{ + "shape":"RetrievalResultLocationType", + "documentation":"

The type of data source location.

" }, "s3Location":{ "shape":"RetrievalResultS3Location", "documentation":"

The S3 data source location.

" }, + "webLocation":{ + "shape":"RetrievalResultWebLocation", + "documentation":"

The web URL/URLs data source location.

" + }, + "confluenceLocation":{ + "shape":"RetrievalResultConfluenceLocation", + "documentation":"

The Confluence data source location.

" + }, "salesforceLocation":{ "shape":"RetrievalResultSalesforceLocation", "documentation":"

The Salesforce data source location.

" @@ -4668,17 +7144,17 @@ "shape":"RetrievalResultSharePointLocation", "documentation":"

The SharePoint data source location.

" }, + "customDocumentLocation":{ + "shape":"RetrievalResultCustomDocumentLocation", + "documentation":"

Specifies the location of a document in a custom data source.

" + }, + "kendraDocumentLocation":{ + "shape":"RetrievalResultKendraDocumentLocation", + "documentation":"

The location of a document in Amazon Kendra.

" + }, "sqlLocation":{ "shape":"RetrievalResultSqlLocation", "documentation":"

Specifies information about the SQL query used to retrieve the result.

" - }, - "type":{ - "shape":"RetrievalResultLocationType", - "documentation":"

The type of data source location.

" - }, - "webLocation":{ - "shape":"RetrievalResultWebLocation", - "documentation":"

The web URL/URLs data source location.

" } }, "documentation":"

Contains information about the data source location.

This data type is used in the following API operations:

", @@ -4711,8 +7187,7 @@ }, "RetrievalResultMetadataValue":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "RetrievalResultS3Location":{ @@ -4769,17 +7244,17 @@ "type":"structure", "required":["type"], "members":{ - "externalSourcesConfiguration":{ - "shape":"ExternalSourcesRetrieveAndGenerateConfiguration", - "documentation":"

The configuration for the external source wrapper object in the retrieveAndGenerate function.

" + "type":{ + "shape":"RetrieveAndGenerateType", + "documentation":"

The type of resource that contains your data for retrieving information and generating responses.

If you choose to use EXTERNAL_SOURCES, then currently only Anthropic Claude 3 Sonnet models for knowledge bases are supported.

" }, "knowledgeBaseConfiguration":{ "shape":"KnowledgeBaseRetrieveAndGenerateConfiguration", "documentation":"

Contains details about the knowledge base for retrieving information and generating responses.

" }, - "type":{ - "shape":"RetrieveAndGenerateType", - "documentation":"

The type of resource that contains your data for retrieving information and generating responses.

If you choose ot use EXTERNAL_SOURCES, then currently only Claude 3 Sonnet models for knowledge bases are supported.

" + "externalSourcesConfiguration":{ + "shape":"ExternalSourcesRetrieveAndGenerateConfiguration", + "documentation":"

The configuration for the external source wrapper object in the retrieveAndGenerate function.

" } }, "documentation":"

Contains details about the resource being queried.

This data type is used in the following API operations:

" @@ -4830,6 +7305,10 @@ "type":"structure", "required":["input"], "members":{ + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" + }, "input":{ "shape":"RetrieveAndGenerateInput", "documentation":"

Contains the query to be made to the knowledge base.

" @@ -4841,20 +7320,24 @@ "sessionConfiguration":{ "shape":"RetrieveAndGenerateSessionConfiguration", "documentation":"

Contains details about the session with the knowledge base.

" - }, - "sessionId":{ - "shape":"SessionId", - "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" } } }, "RetrieveAndGenerateResponse":{ "type":"structure", "required":[ - "output", - "sessionId" + "sessionId", + "output" ], "members":{ + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" + }, + "output":{ + "shape":"RetrieveAndGenerateOutput", + "documentation":"

Contains the response generated from querying the knowledge base.

" + }, "citations":{ "shape":"Citations", "documentation":"

A list of segments of the generated response that are based on sources in the knowledge base, alongside information about the sources.

" @@ -4862,14 +7345,6 @@ "guardrailAction":{ "shape":"GuadrailAction", "documentation":"

Specifies if there is a guardrail intervention in the response.

" - }, - "output":{ - "shape":"RetrieveAndGenerateOutput", - "documentation":"

Contains the response generated from querying the knowledge base.

" - }, - "sessionId":{ - "shape":"SessionId", - "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" } } }, @@ -4888,6 +7363,10 @@ "type":"structure", "required":["input"], "members":{ + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" + }, "input":{ "shape":"RetrieveAndGenerateInput", "documentation":"

Contains the query to be made to the knowledge base.

" @@ -4899,29 +7378,25 @@ "sessionConfiguration":{ "shape":"RetrieveAndGenerateSessionConfiguration", "documentation":"

Contains details about the session with the knowledge base.

" - }, - "sessionId":{ - "shape":"SessionId", - "documentation":"

The unique identifier of the session. When you first make a RetrieveAndGenerate request, Amazon Bedrock automatically generates this value. You must reuse this value for all subsequent requests in the same conversational session. This value allows Amazon Bedrock to maintain context and knowledge from previous interactions. You can't explicitly set the sessionId yourself.

" } } }, "RetrieveAndGenerateStreamResponse":{ "type":"structure", "required":[ - "sessionId", - "stream" + "stream", + "sessionId" ], "members":{ + "stream":{ + "shape":"RetrieveAndGenerateStreamResponseOutput", + "documentation":"

A stream of events from the model.

" + }, "sessionId":{ "shape":"SessionId", "documentation":"

The session ID.

", "location":"header", "locationName":"x-amzn-bedrock-knowledge-base-session-id" - }, - "stream":{ - "shape":"RetrieveAndGenerateStreamResponseOutput", - "documentation":"

A stream of events from the model.

" } }, "payload":"stream" @@ -4929,26 +7404,14 @@ "RetrieveAndGenerateStreamResponseOutput":{ "type":"structure", "members":{ - "accessDeniedException":{ - "shape":"AccessDeniedException", - "documentation":"

The request is denied because you do not have sufficient permissions to perform the requested action. For troubleshooting this error, see AccessDeniedException in the Amazon Bedrock User Guide.

" - }, - "badGatewayException":{ - "shape":"BadGatewayException", - "documentation":"

The request failed due to a bad gateway error.

" + "output":{ + "shape":"RetrieveAndGenerateOutputEvent", + "documentation":"

An output event.

" }, "citation":{ "shape":"CitationEvent", "documentation":"

A citation event.

" }, - "conflictException":{ - "shape":"ConflictException", - "documentation":"

Error occurred because of a conflict while performing an operation.

" - }, - "dependencyFailedException":{ - "shape":"DependencyFailedException", - "documentation":"

The request failed due to a dependency error.

" - }, "guardrail":{ "shape":"GuardrailEvent", "documentation":"

A guardrail event.

" @@ -4957,9 +7420,9 @@ "shape":"InternalServerException", "documentation":"

An internal server error occurred. Retry your request.

" }, - "output":{ - "shape":"RetrieveAndGenerateOutputEvent", - "documentation":"

An output event.

" + "validationException":{ + "shape":"ValidationException", + "documentation":"

The input fails to satisfy the constraints specified by Amazon Bedrock. For troubleshooting this error, see ValidationError in the Amazon Bedrock User Guide.

" }, "resourceNotFoundException":{ "shape":"ResourceNotFoundException", @@ -4973,9 +7436,21 @@ "shape":"ThrottlingException", "documentation":"

Your request was denied due to exceeding the account quotas for Amazon Bedrock. For troubleshooting this error, see ThrottlingException in the Amazon Bedrock User Guide.

" }, - "validationException":{ - "shape":"ValidationException", - "documentation":"

The input fails to satisfy the constraints specified by Amazon Bedrock. For troubleshooting this error, see ValidationError in the Amazon Bedrock User Guide.

" + "accessDeniedException":{ + "shape":"AccessDeniedException", + "documentation":"

The request is denied because you do not have sufficient permissions to perform the requested action. For troubleshooting this error, see AccessDeniedException in the Amazon Bedrock User Guide.

" + }, + "conflictException":{ + "shape":"ConflictException", + "documentation":"

Error occurred because of a conflict while performing an operation.

" + }, + "dependencyFailedException":{ + "shape":"DependencyFailedException", + "documentation":"

The request failed due to a dependency error.

" + }, + "badGatewayException":{ + "shape":"BadGatewayException", + "documentation":"

The request failed due to a bad gateway error.

" } }, "documentation":"

A retrieve and generate stream response output.

", @@ -4995,27 +7470,27 @@ "retrievalQuery" ], "members":{ - "guardrailConfiguration":{ - "shape":"GuardrailConfiguration", - "documentation":"

Guardrail settings.

" - }, "knowledgeBaseId":{ "shape":"KnowledgeBaseId", "documentation":"

The unique identifier of the knowledge base to query.

", "location":"uri", "locationName":"knowledgeBaseId" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

If there are more results than can fit in the response, the response returns a nextToken. Use this token in the nextToken field of another request to retrieve the next batch of results.

" + "retrievalQuery":{ + "shape":"KnowledgeBaseQuery", + "documentation":"

Contains the query to send the knowledge base.

" }, "retrievalConfiguration":{ "shape":"KnowledgeBaseRetrievalConfiguration", "documentation":"

Contains configurations for the knowledge base query and retrieval process. For more information, see Query configurations.

" }, - "retrievalQuery":{ - "shape":"KnowledgeBaseQuery", - "documentation":"

Contains the query to send the knowledge base.

" + "guardrailConfiguration":{ + "shape":"GuardrailConfiguration", + "documentation":"

Guardrail settings.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

If there are more results than can fit in the response, the response returns a nextToken. Use this token in the nextToken field of another request to retrieve the next batch of results.

" } } }, @@ -5023,6 +7498,10 @@ "type":"structure", "required":["retrievalResults"], "members":{ + "retrievalResults":{ + "shape":"KnowledgeBaseRetrievalResults", + "documentation":"

A list of results from querying the knowledge base.

" + }, "guardrailAction":{ "shape":"GuadrailAction", "documentation":"

Specifies if there is a guardrail intervention in the response.

" @@ -5030,10 +7509,6 @@ "nextToken":{ "shape":"NextToken", "documentation":"

If there are more results than can fit in the response, the response returns a nextToken. Use this token in the nextToken field of another request to retrieve the next batch of results.

" - }, - "retrievalResults":{ - "shape":"KnowledgeBaseRetrievalResults", - "documentation":"

A list of results from querying the knowledge base.

" } } }, @@ -5068,13 +7543,13 @@ "ReturnControlPayload":{ "type":"structure", "members":{ - "invocationId":{ - "shape":"String", - "documentation":"

The identifier of the action group invocation.

" - }, "invocationInputs":{ "shape":"InvocationInputs", "documentation":"

A list of objects that contain information about the parameters and inputs that need to be sent into the API operation or function, based on what the agent determines from its session with the user.

" + }, + "invocationId":{ + "shape":"String", + "documentation":"

The identifier of the action group invocation.

" } }, "documentation":"

Contains information to return from the action group that the agent has predicted to invoke.

This data type is used in the following API operations:

", @@ -5098,17 +7573,17 @@ "RoutingClassifierModelInvocationOutput":{ "type":"structure", "members":{ - "metadata":{ - "shape":"Metadata", - "documentation":"

The invocation's metadata.

" + "traceId":{ + "shape":"TraceId", + "documentation":"

The invocation's trace ID.

" }, "rawResponse":{ "shape":"RawResponse", "documentation":"

The invocation's raw response.

" }, - "traceId":{ - "shape":"TraceId", - "documentation":"

The invocation's trace ID.

" + "metadata":{ + "shape":"Metadata", + "documentation":"

The invocation's metadata.

" } }, "documentation":"

Invocation output from a routing classifier model.

", @@ -5121,6 +7596,10 @@ "shape":"InvocationInput", "documentation":"

The classifier's invocation input.

" }, + "observation":{ + "shape":"Observation", + "documentation":"

The classifier's observation.

" + }, "modelInvocationInput":{ "shape":"ModelInvocationInput", "documentation":"

The classifier's model invocation input.

" @@ -5128,10 +7607,6 @@ "modelInvocationOutput":{ "shape":"RoutingClassifierModelInvocationOutput", "documentation":"

The classifier's model invocation output.

" - }, - "observation":{ - "shape":"Observation", - "documentation":"

The classifier's observation.

" } }, "documentation":"

A trace for a routing classifier.

", @@ -5142,7 +7617,7 @@ "type":"string", "max":63, "min":3, - "pattern":"^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$" + "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]" }, "S3Identifier":{ "type":"structure", @@ -5158,6 +7633,17 @@ }, "documentation":"

The identifier information for an Amazon S3 bucket.

" }, + "S3Location":{ + "type":"structure", + "required":["uri"], + "members":{ + "uri":{ + "shape":"S3Uri", + "documentation":"

The path to the Amazon S3 bucket where the image is stored.

" + } + }, + "documentation":"

Information about the Amazon S3 bucket where the image is stored.

" + }, "S3ObjectDoc":{ "type":"structure", "required":["uri"], @@ -5184,13 +7670,31 @@ "type":"string", "max":1024, "min":1, - "pattern":"^[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*$" + "pattern":"[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*" }, "S3Uri":{ "type":"string", "max":1024, "min":1, - "pattern":"^s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}$" + "pattern":"s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}" + }, + "SatisfiedCondition":{ + "type":"structure", + "required":["conditionName"], + "members":{ + "conditionName":{ + "shape":"String", + "documentation":"

The name of the condition that was satisfied.

" + } + }, + "documentation":"

Represents a condition that was satisfied during a condition node evaluation in a flow execution.

Flow executions is in preview release for Amazon Bedrock and is subject to change.

", + "sensitive":true + }, + "SatisfiedConditions":{ + "type":"list", + "member":{"shape":"SatisfiedCondition"}, + "max":5, + "min":1 }, "SearchType":{ "type":"string", @@ -5211,6 +7715,10 @@ }, "exception":true }, + "SessionArn":{ + "type":"string", + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]+:[0-9]{12}:session/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "SessionAttributesMap":{ "type":"map", "key":{"shape":"String"}, @@ -5220,41 +7728,107 @@ "type":"string", "max":100, "min":2, - "pattern":"^[0-9a-zA-Z._:-]+$" + "pattern":"[0-9a-zA-Z._:-]+" + }, + "SessionIdentifier":{ + "type":"string", + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]+:[0-9]{12}:session/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})|([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" + }, + "SessionMetadataKey":{ + "type":"string", + "max":100, + "min":1 + }, + "SessionMetadataMap":{ + "type":"map", + "key":{"shape":"SessionMetadataKey"}, + "value":{"shape":"SessionMetadataValue"}, + "max":50, + "min":0 + }, + "SessionMetadataValue":{ + "type":"string", + "max":5000, + "min":0 }, "SessionState":{ "type":"structure", "members":{ - "conversationHistory":{ - "shape":"ConversationHistory", - "documentation":"

The state's conversation history.

" + "sessionAttributes":{ + "shape":"SessionAttributesMap", + "documentation":"

Contains attributes that persist across a session and the values of those attributes. If sessionAttributes are passed to a supervisor agent in multi-agent collaboration, it will be forwarded to all agent collaborators.

" }, - "files":{ - "shape":"InputFiles", - "documentation":"

Contains information about the files used by code interpreter.

" + "promptSessionAttributes":{ + "shape":"PromptSessionAttributesMap", + "documentation":"

Contains attributes that persist across a prompt and the values of those attributes.

  • In orchestration prompt template, these attributes replace the $prompt_session_attributes$ placeholder variable. For more information, see Prompt template placeholder variables.

  • In multi-agent collaboration, the promptSessionAttributes will only be used by supervisor agent when $prompt_session_attributes$ is present in prompt template.

" + }, + "returnControlInvocationResults":{ + "shape":"ReturnControlInvocationResults", + "documentation":"

Contains information about the results from the action group invocation. For more information, see Return control to the agent developer and Control session context.

If you include this field, the inputText field will be ignored.

" }, "invocationId":{ "shape":"String", "documentation":"

The identifier of the invocation of an action. This value must match the invocationId returned in the InvokeAgent response for the action whose results are provided in the returnControlInvocationResults field. For more information, see Return control to the agent developer and Control session context.

" }, + "files":{ + "shape":"InputFiles", + "documentation":"

Contains information about the files used by code interpreter.

" + }, "knowledgeBaseConfigurations":{ "shape":"KnowledgeBaseConfigurations", "documentation":"

An array of configurations, each of which applies to a knowledge base attached to the agent.

" }, - "promptSessionAttributes":{ - "shape":"PromptSessionAttributesMap", - "documentation":"

Contains attributes that persist across a prompt and the values of those attributes. These attributes replace the $prompt_session_attributes$ placeholder variable in the orchestration prompt template. For more information, see Prompt template placeholder variables.

" + "conversationHistory":{ + "shape":"ConversationHistory", + "documentation":"

The state's conversation history.

" + } + }, + "documentation":"

Contains parameters that specify various attributes that persist across a session or prompt. You can define session state attributes as key-value pairs when writing a Lambda function for an action group or pass them when making an InvokeAgent request. Use session state attributes to control and provide conversational context for your agent and to help customize your agent's behavior. For more information, see Control session context.

" + }, + "SessionStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "EXPIRED", + "ENDED" + ] + }, + "SessionSummaries":{ + "type":"list", + "member":{"shape":"SessionSummary"} + }, + "SessionSummary":{ + "type":"structure", + "required":[ + "sessionId", + "sessionArn", + "sessionStatus", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier for the session.

" }, - "returnControlInvocationResults":{ - "shape":"ReturnControlInvocationResults", - "documentation":"

Contains information about the results from the action group invocation. For more information, see Return control to the agent developer and Control session context.

If you include this field, the inputText field will be ignored.

" + "sessionArn":{ + "shape":"SessionArn", + "documentation":"

The Amazon Resource Name (ARN) of the session.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

The current status of the session.

" }, - "sessionAttributes":{ - "shape":"SessionAttributesMap", - "documentation":"

Contains attributes that persist across a session and the values of those attributes.

" + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was last modified.

" } }, - "documentation":"

Contains parameters that specify various attributes that persist across a session or prompt. You can define session state attributes as key-value pairs when writing a Lambda function for an action group or pass them when making an InvokeAgent request. Use session state attributes to control and provide conversational context for your agent and to help customize your agent's behavior. For more information, see Control session context.

" + "documentation":"

Contains details about a session. For more information about sessions, see Store and retrieve conversation history and context with Amazon Bedrock sessions.

" }, "SessionTTL":{ "type":"integer", @@ -5274,13 +7848,13 @@ "Span":{ "type":"structure", "members":{ - "end":{ - "shape":"SpanEndInteger", - "documentation":"

Where the text with a citation ends in the generated output.

" - }, "start":{ "shape":"SpanStartInteger", "documentation":"

Where the text with a citation starts in the generated output.

" + }, + "end":{ + "shape":"SpanEndInteger", + "documentation":"

Where the text with a citation ends in the generated output.

" } }, "documentation":"

Contains information about where the text with a citation begins and ends in the generated output.

This data type is used in the following API operations:

" @@ -5295,6 +7869,91 @@ "box":true, "min":0 }, + "StartFlowExecutionRequest":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "inputs" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow to execute.

", + "location":"uri", + "locationName":"flowIdentifier" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias to use for the flow execution.

", + "location":"uri", + "locationName":"flowAliasIdentifier" + }, + "flowExecutionName":{ + "shape":"FlowExecutionName", + "documentation":"

The unique name for the flow execution. If you don't provide one, a system-generated name is used.

" + }, + "inputs":{ + "shape":"FlowInputs", + "documentation":"

The input data required for the flow execution. This must match the input schema defined in the flow.

" + }, + "modelPerformanceConfiguration":{ + "shape":"ModelPerformanceConfiguration", + "documentation":"

The performance settings for the foundation model used in the flow execution.

" + } + } + }, + "StartFlowExecutionResponse":{ + "type":"structure", + "members":{ + "executionArn":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the flow execution.

" + } + } + }, + "StopFlowExecutionRequest":{ + "type":"structure", + "required":[ + "flowIdentifier", + "flowAliasIdentifier", + "executionIdentifier" + ], + "members":{ + "flowIdentifier":{ + "shape":"FlowIdentifier", + "documentation":"

The unique identifier of the flow.

", + "location":"uri", + "locationName":"flowIdentifier" + }, + "flowAliasIdentifier":{ + "shape":"FlowAliasIdentifier", + "documentation":"

The unique identifier of the flow alias used for the execution.

", + "location":"uri", + "locationName":"flowAliasIdentifier" + }, + "executionIdentifier":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The unique identifier of the flow execution to stop.

", + "location":"uri", + "locationName":"executionIdentifier" + } + } + }, + "StopFlowExecutionResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "executionArn":{ + "shape":"FlowExecutionIdentifier", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the flow execution that was stopped.

" + }, + "status":{ + "shape":"FlowExecutionStatus", + "documentation":"

The updated status of the flow execution after the stop request. This will typically be ABORTED if the execution was successfully stopped.

" + } + } + }, "StopSequences":{ "type":"list", "member":{"shape":"String"}, @@ -5304,16 +7963,16 @@ "StreamingConfigurations":{ "type":"structure", "members":{ - "applyGuardrailInterval":{ - "shape":"StreamingConfigurationsApplyGuardrailIntervalInteger", - "documentation":"

The guardrail interval to apply as response is generated.

" - }, "streamFinalResponse":{ "shape":"Boolean", "documentation":"

Specifies whether to enable streaming for the final response. This is set to false by default.

" + }, + "applyGuardrailInterval":{ + "shape":"StreamingConfigurationsApplyGuardrailIntervalInteger", + "documentation":"

The guardrail interval to apply as response is generated. By default, the guardrail interval is set to 50 characters. If a larger interval is specified, the response will be generated in larger chunks with fewer ApplyGuardrail calls. The following examples show the response generated for Hello, I am an agent input string.

Example response in chunks: Interval set to 3 characters

'Hel', 'lo, ','I am', ' an', ' Age', 'nt'

Each chunk has at least 3 characters except for the last chunk

Example response in chunks: Interval set to 20 or more characters

Hello, I am an Agent

" } }, - "documentation":"

Configurations for streaming.

" + "documentation":"

Configurations for streaming.

" }, "StreamingConfigurationsApplyGuardrailIntervalInteger":{ "type":"integer", @@ -5326,6 +7985,69 @@ "max":25000000, "min":0 }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "TagKey":{ + "type":"string", + "documentation":"

Key of a tag

", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "documentation":"

List of Tag Keys

", + "max":200, + "min":1 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource to tag.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

An object containing key-value pairs that define the tags to attach to the resource.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "documentation":"

Value of a tag

", + "max":256, + "min":0, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "TaggableResourcesArn":{ + "type":"string", + "documentation":"

ARN of Taggable resources: [session]

", + "max":1011, + "min":20, + "pattern":".*(^arn:aws(-[^:]+)?:bedrock:[a-zA-Z0-9-]+:[0-9]{12}:(session)/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$).*" + }, + "TagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "documentation":"

A map of tag keys and values

", + "max":200, + "min":1 + }, "Temperature":{ "type":"float", "box":true, @@ -5335,14 +8057,6 @@ "TextInferenceConfig":{ "type":"structure", "members":{ - "maxTokens":{ - "shape":"MaxTokens", - "documentation":"

The maximum number of tokens to generate in the output text. Do not use the minimum of 0 or the maximum of 65536. The limit values described here are arbitary values, for actual values consult the limits defined by your specific model.

" - }, - "stopSequences":{ - "shape":"RAGStopSequences", - "documentation":"

A list of sequences of characters that, if generated, will cause the model to stop generating further tokens. Do not use a minimum length of 1 or a maximum length of 1000. The limit values described here are arbitary values, for actual values consult the limits defined by your specific model.

" - }, "temperature":{ "shape":"Temperature", "documentation":"

Controls the random-ness of text generated by the language model, influencing how much the model sticks to the most predictable next words versus exploring more surprising options. A lower temperature value (e.g. 0.2 or 0.3) makes model outputs more deterministic or predictable, while a higher temperature (e.g. 0.8 or 0.9) makes the outputs more creative or unpredictable.

" @@ -5350,6 +8064,14 @@ "topP":{ "shape":"TopP", "documentation":"

A probability distribution threshold which controls what the model considers for the set of possible next tokens. The model will only consider the top p% of the probability distribution when generating the next token.

" + }, + "maxTokens":{ + "shape":"MaxTokens", + "documentation":"

The maximum number of tokens to generate in the output text. Do not use the minimum of 0 or the maximum of 65536. The limit values described here are arbitary values, for actual values consult the limits defined by your specific model.

" + }, + "stopSequences":{ + "shape":"RAGStopSequences", + "documentation":"

A list of sequences of characters that, if generated, will cause the model to stop generating further tokens. Do not use a minimum length of 1 or a maximum length of 1000. The limit values described here are arbitary values, for actual values consult the limits defined by your specific model.

" } }, "documentation":"

Configuration settings for text generation using a language model via the RetrieveAndGenerate operation. Includes parameters like temperature, top-p, maximum token count, and stop sequences.

The valid range of maxTokens depends on the accepted values for your chosen model's inference parameters. To see the inference parameters for your model, see Inference parameters for foundation models.

" @@ -5380,13 +8102,13 @@ "TextResponsePart":{ "type":"structure", "members":{ - "span":{ - "shape":"Span", - "documentation":"

Contains information about where the text with a citation begins and ends in the generated output.

" - }, "text":{ "shape":"String", "documentation":"

The part of the generated text that contains a citation.

" + }, + "span":{ + "shape":"Span", + "documentation":"

Contains information about where the text with a citation begins and ends in the generated output.

" } }, "documentation":"

Contains the part of the generated text that contains a citation, alongside where it begins and ends.

This data type is used in the following API operations:

", @@ -5396,13 +8118,13 @@ "type":"structure", "required":["type"], "members":{ - "knowledgeBaseConfiguration":{ - "shape":"TextToSqlKnowledgeBaseConfiguration", - "documentation":"

Specifies configurations for a knowledge base to use in transformation.

" - }, "type":{ "shape":"TextToSqlConfigurationType", "documentation":"

The type of resource to use in transformation.

" + }, + "knowledgeBaseConfiguration":{ + "shape":"TextToSqlKnowledgeBaseConfiguration", + "documentation":"

Specifies configurations for a knowledge base to use in transformation.

" } }, "documentation":"

Contains configurations for transforming text to SQL.

" @@ -5449,18 +8171,14 @@ "Trace":{ "type":"structure", "members":{ - "customOrchestrationTrace":{ - "shape":"CustomOrchestrationTrace", - "documentation":"

Details about the custom orchestration step in which the agent determines the order in which actions are executed.

" - }, - "failureTrace":{ - "shape":"FailureTrace", - "documentation":"

Contains information about the failure of the interaction.

" - }, "guardrailTrace":{ "shape":"GuardrailTrace", "documentation":"

The trace details for a trace defined in the Guardrail filter.

" }, + "preProcessingTrace":{ + "shape":"PreProcessingTrace", + "documentation":"

Details about the pre-processing step, in which the agent contextualizes and categorizes user inputs.

" + }, "orchestrationTrace":{ "shape":"OrchestrationTrace", "documentation":"

Details about the orchestration step, in which the agent determines the order in which actions are executed and which knowledge bases are retrieved.

" @@ -5469,19 +8187,35 @@ "shape":"PostProcessingTrace", "documentation":"

Details about the post-processing step, in which the agent shapes the response..

" }, - "preProcessingTrace":{ - "shape":"PreProcessingTrace", - "documentation":"

Details about the pre-processing step, in which the agent contextualizes and categorizes user inputs.

" - }, "routingClassifierTrace":{ "shape":"RoutingClassifierTrace", "documentation":"

A routing classifier's trace.

" + }, + "failureTrace":{ + "shape":"FailureTrace", + "documentation":"

Contains information about the failure of the interaction.

" + }, + "customOrchestrationTrace":{ + "shape":"CustomOrchestrationTrace", + "documentation":"

Details about the custom orchestration step in which the agent determines the order in which actions are executed.

" } }, "documentation":"

Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

", "sensitive":true, "union":true }, + "TraceElements":{ + "type":"structure", + "members":{ + "agentTraces":{ + "shape":"AgentTraces", + "documentation":"

Agent trace information for the flow execution.

" + } + }, + "documentation":"

Contains trace elements for flow execution tracking.

", + "sensitive":true, + "union":true + }, "TraceId":{ "type":"string", "max":16, @@ -5494,33 +8228,37 @@ "TracePart":{ "type":"structure", "members":{ - "agentAliasId":{ - "shape":"AgentAliasId", - "documentation":"

The unique identifier of the alias of the agent.

" - }, - "agentId":{ - "shape":"AgentId", - "documentation":"

The unique identifier of the agent.

" + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session with the agent.

" }, - "agentVersion":{ - "shape":"AgentVersion", - "documentation":"

The version of the agent.

" + "trace":{ + "shape":"Trace", + "documentation":"

Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

" }, "callerChain":{ "shape":"CallerChain", "documentation":"

The part's caller chain.

" }, + "eventTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time of the trace.

" + }, "collaboratorName":{ "shape":"Name", "documentation":"

The part's collaborator name.

" }, - "sessionId":{ - "shape":"SessionId", - "documentation":"

The unique identifier of the session with the agent.

" + "agentId":{ + "shape":"AgentId", + "documentation":"

The unique identifier of the agent.

" }, - "trace":{ - "shape":"Trace", - "documentation":"

Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

" + "agentAliasId":{ + "shape":"AgentAliasId", + "documentation":"

The unique identifier of the alias of the agent.

" + }, + "agentVersion":{ + "shape":"AgentVersion", + "documentation":"

The version of the agent.

" } }, "documentation":"

Contains information about the agent and session, alongside the agent's reasoning process and results from calling API actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.

", @@ -5553,6 +8291,79 @@ "REPROMPT" ] }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource from which to remove tags.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"

A list of keys of the tags to remove from the resource.

", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateSessionRequest":{ + "type":"structure", + "required":["sessionIdentifier"], + "members":{ + "sessionMetadata":{ + "shape":"SessionMetadataMap", + "documentation":"

A map of key-value pairs containing attributes to be persisted across the session. For example the user's ID, their language preference, and the type of device they are using.

" + }, + "sessionIdentifier":{ + "shape":"SessionIdentifier", + "documentation":"

The unique identifier of the session to modify. You can specify either the session's sessionId or its Amazon Resource Name (ARN).

", + "location":"uri", + "locationName":"sessionIdentifier" + } + } + }, + "UpdateSessionResponse":{ + "type":"structure", + "required":[ + "sessionId", + "sessionArn", + "sessionStatus", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "sessionId":{ + "shape":"Uuid", + "documentation":"

The unique identifier of the session you updated.

" + }, + "sessionArn":{ + "shape":"SessionArn", + "documentation":"

The Amazon Resource Name (ARN) of the session that was updated.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

The status of the session you updated.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp for when the session was last modified.

" + } + } + }, "Usage":{ "type":"structure", "members":{ @@ -5568,6 +8379,10 @@ "documentation":"

Contains information of the usage of the foundation model.

", "sensitive":true }, + "Uuid":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "ValidationException":{ "type":"structure", "members":{ @@ -5584,10 +8399,6 @@ "type":"structure", "required":["modelConfiguration"], "members":{ - "metadataConfiguration":{ - "shape":"MetadataConfigurationForReranking", - "documentation":"

Contains configurations for the metadata to use in reranking.

" - }, "modelConfiguration":{ "shape":"VectorSearchBedrockRerankingModelConfiguration", "documentation":"

Contains configurations for the reranker model.

" @@ -5595,6 +8406,10 @@ "numberOfRerankedResults":{ "shape":"VectorSearchBedrockRerankingConfigurationNumberOfRerankedResultsInteger", "documentation":"

The number of results to return after reranking.

" + }, + "metadataConfiguration":{ + "shape":"MetadataConfigurationForReranking", + "documentation":"

Contains configurations for the metadata to use in reranking.

" } }, "documentation":"

Contains configurations for reranking with an Amazon Bedrock reranker model.

" @@ -5609,13 +8424,13 @@ "type":"structure", "required":["modelArn"], "members":{ - "additionalModelRequestFields":{ - "shape":"AdditionalModelRequestFields", - "documentation":"

A JSON object whose keys are request fields for the model and whose values are values for those fields.

" - }, "modelArn":{ "shape":"BedrockRerankingModelArn", "documentation":"

The ARN of the reranker model to use.

" + }, + "additionalModelRequestFields":{ + "shape":"AdditionalModelRequestFields", + "documentation":"

A JSON object whose keys are request fields for the model and whose values are values for those fields.

" } }, "documentation":"

Contains configurations for an Amazon Bedrock reranker model.

" @@ -5624,13 +8439,13 @@ "type":"structure", "required":["type"], "members":{ - "bedrockRerankingConfiguration":{ - "shape":"VectorSearchBedrockRerankingConfiguration", - "documentation":"

Contains configurations for an Amazon Bedrock reranker model.

" - }, "type":{ "shape":"VectorSearchRerankingConfigurationType", "documentation":"

The type of reranker model.

" + }, + "bedrockRerankingConfiguration":{ + "shape":"VectorSearchBedrockRerankingConfiguration", + "documentation":"

Contains configurations for an Amazon Bedrock reranker model.

" } }, "documentation":"

Contains configurations for reranking the retrieved results.

" @@ -5642,6 +8457,12 @@ "Verb":{ "type":"string", "sensitive":true + }, + "Version":{ + "type":"string", + "max":5, + "min":1, + "pattern":"(DRAFT|[0-9]{0,4}[1-9][0-9]{0,4})" } }, "documentation":"

Contains APIs related to model invocation and querying of knowledge bases.

" diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/waiters-2.json 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agent-runtime/2023-07-26/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,34 @@ +{ + "pagination": { + "ListActors": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "actorSummaries" + }, + "ListEvents": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "events" + }, + "ListMemoryRecords": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "memoryRecordSummaries" + }, + "ListSessions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "sessionSummaries" + }, + "RetrieveMemoryRecords": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "memoryRecordSummaries" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,3747 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-02-28", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"bedrock-agentcore", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"Amazon Bedrock AgentCore", + "serviceId":"Bedrock AgentCore", + "signatureVersion":"v4", + "signingName":"bedrock-agentcore", + "uid":"bedrock-agentcore-2024-02-28" + }, + "operations":{ + "BatchCreateMemoryRecords":{ + "name":"BatchCreateMemoryRecords", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/memoryRecords/batchCreate", + "responseCode":201 + }, + "input":{"shape":"BatchCreateMemoryRecordsInput"}, + "output":{"shape":"BatchCreateMemoryRecordsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Creates multiple memory records in a single batch operation for the specified memory with custom content.

", + "idempotent":true + }, + "BatchDeleteMemoryRecords":{ + "name":"BatchDeleteMemoryRecords", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/memoryRecords/batchDelete", + "responseCode":200 + }, + "input":{"shape":"BatchDeleteMemoryRecordsInput"}, + "output":{"shape":"BatchDeleteMemoryRecordsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Deletes multiple memory records in a single batch operation from the specified memory.

" + }, + "BatchUpdateMemoryRecords":{ + "name":"BatchUpdateMemoryRecords", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/memoryRecords/batchUpdate", + "responseCode":200 + }, + "input":{"shape":"BatchUpdateMemoryRecordsInput"}, + "output":{"shape":"BatchUpdateMemoryRecordsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Updates multiple memory records with custom content in a single batch operation within the specified memory.

" + }, + "CompleteResourceTokenAuth":{ + "name":"CompleteResourceTokenAuth", + "http":{ + "method":"POST", + "requestUri":"/identities/CompleteResourceTokenAuth", + "responseCode":200 + }, + "input":{"shape":"CompleteResourceTokenAuthRequest"}, + "output":{"shape":"CompleteResourceTokenAuthResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Confirms the user authentication session for obtaining OAuth2.0 tokens for a resource.

" + }, + "CreateEvent":{ + "name":"CreateEvent", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/events", + "responseCode":201 + }, + "input":{"shape":"CreateEventInput"}, + "output":{"shape":"CreateEventOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Creates an event in an AgentCore Memory resource. Events represent interactions or activities that occur within a session and are associated with specific actors.

To use this operation, you must have the bedrock-agentcore:CreateEvent permission.

This operation is subject to request rate limiting.

", + "idempotent":true + }, + "DeleteEvent":{ + "name":"DeleteEvent", + "http":{ + "method":"DELETE", + "requestUri":"/memories/{memoryId}/actor/{actorId}/sessions/{sessionId}/events/{eventId}", + "responseCode":200 + }, + "input":{"shape":"DeleteEventInput"}, + "output":{"shape":"DeleteEventOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Deletes an event from an AgentCore Memory resource. When you delete an event, it is permanently removed.

To use this operation, you must have the bedrock-agentcore:DeleteEvent permission.

" + }, + "DeleteMemoryRecord":{ + "name":"DeleteMemoryRecord", + "http":{ + "method":"DELETE", + "requestUri":"/memories/{memoryId}/memoryRecords/{memoryRecordId}", + "responseCode":200 + }, + "input":{"shape":"DeleteMemoryRecordInput"}, + "output":{"shape":"DeleteMemoryRecordOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Deletes a memory record from an AgentCore Memory resource. When you delete a memory record, it is permanently removed.

To use this operation, you must have the bedrock-agentcore:DeleteMemoryRecord permission.

" + }, + "GetAgentCard":{ + "name":"GetAgentCard", + "http":{ + "method":"GET", + "requestUri":"/runtimes/{agentRuntimeArn}/invocations/.well-known/agent-card.json", + "responseCode":200 + }, + "input":{"shape":"GetAgentCardRequest"}, + "output":{"shape":"GetAgentCardResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RuntimeClientError"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves the A2A agent card associated with an AgentCore Runtime agent.

" + }, + "GetBrowserSession":{ + "name":"GetBrowserSession", + "http":{ + "method":"GET", + "requestUri":"/browsers/{browserIdentifier}/sessions/get", + "responseCode":200 + }, + "input":{"shape":"GetBrowserSessionRequest"}, + "output":{"shape":"GetBrowserSessionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves detailed information about a specific browser session in Amazon Bedrock. This operation returns the session's configuration, current status, associated streams, and metadata.

To get a browser session, you must specify both the browser identifier and the session ID. The response includes information about the session's viewport configuration, timeout settings, and stream endpoints.

The following operations are related to GetBrowserSession:

" + }, + "GetCodeInterpreterSession":{ + "name":"GetCodeInterpreterSession", + "http":{ + "method":"GET", + "requestUri":"/code-interpreters/{codeInterpreterIdentifier}/sessions/get", + "responseCode":200 + }, + "input":{"shape":"GetCodeInterpreterSessionRequest"}, + "output":{"shape":"GetCodeInterpreterSessionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves detailed information about a specific code interpreter session in Amazon Bedrock. This operation returns the session's configuration, current status, and metadata.

To get a code interpreter session, you must specify both the code interpreter identifier and the session ID. The response includes information about the session's timeout settings and current status.

The following operations are related to GetCodeInterpreterSession:

" + }, + "GetEvent":{ + "name":"GetEvent", + "http":{ + "method":"GET", + "requestUri":"/memories/{memoryId}/actor/{actorId}/sessions/{sessionId}/events/{eventId}", + "responseCode":200 + }, + "input":{"shape":"GetEventInput"}, + "output":{"shape":"GetEventOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Retrieves information about a specific event in an AgentCore Memory resource.

To use this operation, you must have the bedrock-agentcore:GetEvent permission.

" + }, + "GetMemoryRecord":{ + "name":"GetMemoryRecord", + "http":{ + "method":"GET", + "requestUri":"/memories/{memoryId}/memoryRecord/{memoryRecordId}", + "responseCode":200 + }, + "input":{"shape":"GetMemoryRecordInput"}, + "output":{"shape":"GetMemoryRecordOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Retrieves a specific memory record from an AgentCore Memory resource.

To use this operation, you must have the bedrock-agentcore:GetMemoryRecord permission.

" + }, + "GetResourceApiKey":{ + "name":"GetResourceApiKey", + "http":{ + "method":"POST", + "requestUri":"/identities/api-key", + "responseCode":200 + }, + "input":{"shape":"GetResourceApiKeyRequest"}, + "output":{"shape":"GetResourceApiKeyResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves the API key associated with an API key credential provider.

" + }, + "GetResourceOauth2Token":{ + "name":"GetResourceOauth2Token", + "http":{ + "method":"POST", + "requestUri":"/identities/oauth2/token", + "responseCode":200 + }, + "input":{"shape":"GetResourceOauth2TokenRequest"}, + "output":{"shape":"GetResourceOauth2TokenResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Returns the OAuth 2.0 token of the provided resource.

" + }, + "GetWorkloadAccessToken":{ + "name":"GetWorkloadAccessToken", + "http":{ + "method":"POST", + "requestUri":"/identities/GetWorkloadAccessToken", + "responseCode":200 + }, + "input":{"shape":"GetWorkloadAccessTokenRequest"}, + "output":{"shape":"GetWorkloadAccessTokenResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Obtains a workload access token for agentic workloads not acting on behalf of a user.

" + }, + "GetWorkloadAccessTokenForJWT":{ + "name":"GetWorkloadAccessTokenForJWT", + "http":{ + "method":"POST", + "requestUri":"/identities/GetWorkloadAccessTokenForJWT", + "responseCode":200 + }, + "input":{"shape":"GetWorkloadAccessTokenForJWTRequest"}, + "output":{"shape":"GetWorkloadAccessTokenForJWTResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Obtains a workload access token for agentic workloads acting on behalf of a user, using a JWT token.

" + }, + "GetWorkloadAccessTokenForUserId":{ + "name":"GetWorkloadAccessTokenForUserId", + "http":{ + "method":"POST", + "requestUri":"/identities/GetWorkloadAccessTokenForUserId", + "responseCode":200 + }, + "input":{"shape":"GetWorkloadAccessTokenForUserIdRequest"}, + "output":{"shape":"GetWorkloadAccessTokenForUserIdResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Obtains a workload access token for agentic workloads acting on behalf of a user, using the user's ID.

" + }, + "InvokeAgentRuntime":{ + "name":"InvokeAgentRuntime", + "http":{ + "method":"POST", + "requestUri":"/runtimes/{agentRuntimeArn}/invocations", + "responseCode":200 + }, + "input":{"shape":"InvokeAgentRuntimeRequest"}, + "output":{"shape":"InvokeAgentRuntimeResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RuntimeClientError"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Sends a request to an agent or tool hosted in an Amazon Bedrock AgentCore Runtime and receives responses in real-time.

To invoke an agent you must specify the AgentCore Runtime ARN and provide a payload containing your request. You can optionally specify a qualifier to target a specific version or endpoint of the agent.

This operation supports streaming responses, allowing you to receive partial responses as they become available. We recommend using pagination to ensure that the operation returns quickly and successfully when processing large responses.

For example code, see Invoke an AgentCore Runtime agent.

If you're integrating your agent with OAuth, you can't use the Amazon Web Services SDK to call InvokeAgentRuntime. Instead, make a HTTPS request to InvokeAgentRuntime. For an example, see Authenticate and authorize with Inbound Auth and Outbound Auth.

To use this operation, you must have the bedrock-agentcore:InvokeAgentRuntime permission. If you are making a call to InvokeAgentRuntime on behalf of a user ID with the X-Amzn-Bedrock-AgentCore-Runtime-User-Id header, You require permissions to both actions (bedrock-agentcore:InvokeAgentRuntime and bedrock-agentcore:InvokeAgentRuntimeForUser).

" + }, + "InvokeCodeInterpreter":{ + "name":"InvokeCodeInterpreter", + "http":{ + "method":"POST", + "requestUri":"/code-interpreters/{codeInterpreterIdentifier}/tools/invoke", + "responseCode":200 + }, + "input":{"shape":"InvokeCodeInterpreterRequest"}, + "output":{"shape":"InvokeCodeInterpreterResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Executes code within an active code interpreter session in Amazon Bedrock. This operation processes the provided code, runs it in a secure environment, and returns the execution results including output, errors, and generated visualizations.

To execute code, you must specify the code interpreter identifier, session ID, and the code to run in the arguments parameter. The operation returns a stream containing the execution results, which can include text output, error messages, and data visualizations.

This operation is subject to request rate limiting based on your account's service quotas.

The following operations are related to InvokeCodeInterpreter:

" + }, + "ListActors":{ + "name":"ListActors", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/actors", + "responseCode":200 + }, + "input":{"shape":"ListActorsInput"}, + "output":{"shape":"ListActorsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Lists all actors in an AgentCore Memory resource. We recommend using pagination to ensure that the operation returns quickly and successfully.

To use this operation, you must have the bedrock-agentcore:ListActors permission.

" + }, + "ListBrowserSessions":{ + "name":"ListBrowserSessions", + "http":{ + "method":"POST", + "requestUri":"/browsers/{browserIdentifier}/sessions/list", + "responseCode":200 + }, + "input":{"shape":"ListBrowserSessionsRequest"}, + "output":{"shape":"ListBrowserSessionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves a list of browser sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.

You can filter the results by browser identifier and session status. The operation supports pagination to handle large result sets efficiently.

We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.

The following operations are related to ListBrowserSessions:

" + }, + "ListCodeInterpreterSessions":{ + "name":"ListCodeInterpreterSessions", + "http":{ + "method":"POST", + "requestUri":"/code-interpreters/{codeInterpreterIdentifier}/sessions/list", + "responseCode":200 + }, + "input":{"shape":"ListCodeInterpreterSessionsRequest"}, + "output":{"shape":"ListCodeInterpreterSessionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves a list of code interpreter sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.

You can filter the results by code interpreter identifier and session status. The operation supports pagination to handle large result sets efficiently.

We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.

The following operations are related to ListCodeInterpreterSessions:

" + }, + "ListEvents":{ + "name":"ListEvents", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/actor/{actorId}/sessions/{sessionId}", + "responseCode":200 + }, + "input":{"shape":"ListEventsInput"}, + "output":{"shape":"ListEventsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Lists events in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.

To use this operation, you must have the bedrock-agentcore:ListEvents permission.

" + }, + "ListMemoryRecords":{ + "name":"ListMemoryRecords", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/memoryRecords", + "responseCode":200 + }, + "input":{"shape":"ListMemoryRecordsInput"}, + "output":{"shape":"ListMemoryRecordsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Lists memory records in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.

To use this operation, you must have the bedrock-agentcore:ListMemoryRecords permission.

" + }, + "ListSessions":{ + "name":"ListSessions", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/actor/{actorId}/sessions", + "responseCode":200 + }, + "input":{"shape":"ListSessionsInput"}, + "output":{"shape":"ListSessionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Lists sessions in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.

To use this operation, you must have the bedrock-agentcore:ListSessions permission.

" + }, + "RetrieveMemoryRecords":{ + "name":"RetrieveMemoryRecords", + "http":{ + "method":"POST", + "requestUri":"/memories/{memoryId}/retrieve", + "responseCode":200 + }, + "input":{"shape":"RetrieveMemoryRecordsInput"}, + "output":{"shape":"RetrieveMemoryRecordsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Searches for and retrieves memory records from an AgentCore Memory resource based on specified search criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.

To use this operation, you must have the bedrock-agentcore:RetrieveMemoryRecords permission.

" + }, + "StartBrowserSession":{ + "name":"StartBrowserSession", + "http":{ + "method":"PUT", + "requestUri":"/browsers/{browserIdentifier}/sessions/start", + "responseCode":200 + }, + "input":{"shape":"StartBrowserSessionRequest"}, + "output":{"shape":"StartBrowserSessionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates and initializes a browser session in Amazon Bedrock. The session enables agents to navigate and interact with web content, extract information from websites, and perform web-based tasks as part of their response generation.

To create a session, you must specify a browser identifier and a name. You can also configure the viewport dimensions to control the visible area of web content. The session remains active until it times out or you explicitly stop it using the StopBrowserSession operation.

The following operations are related to StartBrowserSession:

", + "idempotent":true + }, + "StartCodeInterpreterSession":{ + "name":"StartCodeInterpreterSession", + "http":{ + "method":"PUT", + "requestUri":"/code-interpreters/{codeInterpreterIdentifier}/sessions/start", + "responseCode":200 + }, + "input":{"shape":"StartCodeInterpreterSessionRequest"}, + "output":{"shape":"StartCodeInterpreterSessionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates and initializes a code interpreter session in Amazon Bedrock. The session enables agents to execute code as part of their response generation, supporting programming languages such as Python for data analysis, visualization, and computation tasks.

To create a session, you must specify a code interpreter identifier and a name. The session remains active until it times out or you explicitly stop it using the StopCodeInterpreterSession operation.

The following operations are related to StartCodeInterpreterSession:

", + "idempotent":true + }, + "StopBrowserSession":{ + "name":"StopBrowserSession", + "http":{ + "method":"PUT", + "requestUri":"/browsers/{browserIdentifier}/sessions/stop", + "responseCode":200 + }, + "input":{"shape":"StopBrowserSessionRequest"}, + "output":{"shape":"StopBrowserSessionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Terminates an active browser session in Amazon Bedrock. This operation stops the session, releases associated resources, and makes the session unavailable for further use.

To stop a browser session, you must specify both the browser identifier and the session ID. Once stopped, a session cannot be restarted; you must create a new session using StartBrowserSession.

The following operations are related to StopBrowserSession:

", + "idempotent":true + }, + "StopCodeInterpreterSession":{ + "name":"StopCodeInterpreterSession", + "http":{ + "method":"PUT", + "requestUri":"/code-interpreters/{codeInterpreterIdentifier}/sessions/stop", + "responseCode":200 + }, + "input":{"shape":"StopCodeInterpreterSessionRequest"}, + "output":{"shape":"StopCodeInterpreterSessionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Terminates an active code interpreter session in Amazon Bedrock. This operation stops the session, releases associated resources, and makes the session unavailable for further use.

To stop a code interpreter session, you must specify both the code interpreter identifier and the session ID. Once stopped, a session cannot be restarted; you must create a new session using StartCodeInterpreterSession.

The following operations are related to StopCodeInterpreterSession:

", + "idempotent":true + }, + "StopRuntimeSession":{ + "name":"StopRuntimeSession", + "http":{ + "method":"POST", + "requestUri":"/runtimes/{agentRuntimeArn}/stopruntimesession", + "responseCode":200 + }, + "input":{"shape":"StopRuntimeSessionRequest"}, + "output":{"shape":"StopRuntimeSessionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"RuntimeClientError"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Stops a session that is running in an running AgentCore Runtime agent.

", + "idempotent":true + }, + "UpdateBrowserStream":{ + "name":"UpdateBrowserStream", + "http":{ + "method":"PUT", + "requestUri":"/browsers/{browserIdentifier}/sessions/streams/update", + "responseCode":200 + }, + "input":{"shape":"UpdateBrowserStreamRequest"}, + "output":{"shape":"UpdateBrowserStreamResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates a browser stream. To use this operation, you must have permissions to perform the bedrock:UpdateBrowserStream action.

", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when you do not have sufficient permissions to perform an action. Verify that your IAM policy includes the necessary permissions for the operation you are trying to perform.

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccessTokenType":{ + "type":"string", + "max":131072, + "min":1, + "sensitive":true + }, + "ActorId":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-_/]*(?::[a-zA-Z0-9-_/]+)*[a-zA-Z0-9-_/]*" + }, + "ActorSummary":{ + "type":"structure", + "required":["actorId"], + "members":{ + "actorId":{ + "shape":"ActorId", + "documentation":"

The unique identifier of the actor.

" + } + }, + "documentation":"

Contains summary information about an actor in an AgentCore Memory resource.

" + }, + "ActorSummaryList":{ + "type":"list", + "member":{"shape":"ActorSummary"} + }, + "AgentCard":{ + "type":"structure", + "members":{}, + "document":true + }, + "ApiKeyType":{ + "type":"string", + "max":65536, + "min":1, + "sensitive":true + }, + "AuthorizationUrlType":{ + "type":"string", + "min":1, + "sensitive":true + }, + "AutomationStream":{ + "type":"structure", + "required":[ + "streamEndpoint", + "streamStatus" + ], + "members":{ + "streamEndpoint":{ + "shape":"BrowserStreamEndpoint", + "documentation":"

The endpoint URL for the automation stream. This URL is used to establish a WebSocket connection to the stream for sending commands and receiving responses.

" + }, + "streamStatus":{ + "shape":"AutomationStreamStatus", + "documentation":"

The current status of the automation stream. This indicates whether the stream is available for use. Possible values include ACTIVE, CONNECTING, and DISCONNECTED.

" + } + }, + "documentation":"

The configuration for a stream that enables programmatic control of a browser session in Amazon Bedrock. This stream provides a bidirectional communication channel for sending commands to the browser and receiving responses, allowing agents to automate web interactions such as navigation, form filling, and element clicking.

" + }, + "AutomationStreamStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "AutomationStreamUpdate":{ + "type":"structure", + "members":{ + "streamStatus":{ + "shape":"AutomationStreamStatus", + "documentation":"

The status of the automation stream.

" + } + }, + "documentation":"

Contains information about an update to an automation stream.

" + }, + "BatchCreateMemoryRecordsInput":{ + "type":"structure", + "required":[ + "memoryId", + "records" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique ID of the memory resource where records will be created.

", + "location":"uri", + "locationName":"memoryId" + }, + "records":{ + "shape":"MemoryRecordsCreateInputList", + "documentation":"

A list of memory record creation inputs to be processed in the batch operation.

" + }, + "clientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier to ensure idempotent processing of the batch request.

", + "idempotencyToken":true + } + } + }, + "BatchCreateMemoryRecordsOutput":{ + "type":"structure", + "required":[ + "successfulRecords", + "failedRecords" + ], + "members":{ + "successfulRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that were successfully created during the batch operation.

" + }, + "failedRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that failed to be created, including error details for each failure.

" + } + } + }, + "BatchDeleteMemoryRecordsInput":{ + "type":"structure", + "required":[ + "memoryId", + "records" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique ID of the memory resource where records will be deleted.

", + "location":"uri", + "locationName":"memoryId" + }, + "records":{ + "shape":"MemoryRecordsDeleteInputList", + "documentation":"

A list of memory record deletion inputs to be processed in the batch operation.

" + } + } + }, + "BatchDeleteMemoryRecordsOutput":{ + "type":"structure", + "required":[ + "successfulRecords", + "failedRecords" + ], + "members":{ + "successfulRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that were successfully deleted during the batch operation.

" + }, + "failedRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that failed to be deleted, including error details for each failure.

" + } + } + }, + "BatchUpdateMemoryRecordsInput":{ + "type":"structure", + "required":[ + "memoryId", + "records" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique ID of the memory resource where records will be updated.

", + "location":"uri", + "locationName":"memoryId" + }, + "records":{ + "shape":"MemoryRecordsUpdateInputList", + "documentation":"

A list of memory record update inputs to be processed in the batch operation.

" + } + } + }, + "BatchUpdateMemoryRecordsOutput":{ + "type":"structure", + "required":[ + "successfulRecords", + "failedRecords" + ], + "members":{ + "successfulRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that were successfully updated during the batch operation.

" + }, + "failedRecords":{ + "shape":"MemoryRecordsOutputList", + "documentation":"

A list of memory records that failed to be updated, including error details for each failure.

" + } + } + }, + "Blob":{"type":"blob"}, + "Body":{ + "type":"blob", + "max":100000000, + "min":0, + "sensitive":true + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Branch":{ + "type":"structure", + "required":["name"], + "members":{ + "rootEventId":{ + "shape":"EventId", + "documentation":"

The identifier of the root event for this branch.

" + }, + "name":{ + "shape":"BranchName", + "documentation":"

The name of the branch.

" + } + }, + "documentation":"

Contains information about a branch in an AgentCore Memory resource. Branches allow for organizing events into different conversation threads or paths.

" + }, + "BranchFilter":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"BranchName", + "documentation":"

The name of the branch to filter by.

" + }, + "includeParentBranches":{ + "shape":"Boolean", + "documentation":"

Specifies whether to include parent branches in the results. Set to true to include parent branches, or false to exclude them.

" + } + }, + "documentation":"

Contains filter criteria for branches when listing events.

" + }, + "BranchName":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-_]*" + }, + "BrowserSessionId":{ + "type":"string", + "pattern":"[0-9a-zA-Z]{1,40}" + }, + "BrowserSessionStatus":{ + "type":"string", + "enum":[ + "READY", + "TERMINATED" + ] + }, + "BrowserSessionStream":{ + "type":"structure", + "required":["automationStream"], + "members":{ + "automationStream":{ + "shape":"AutomationStream", + "documentation":"

The stream that enables programmatic control of the browser. This stream allows agents to perform actions such as navigating to URLs, clicking elements, and filling forms.

" + }, + "liveViewStream":{ + "shape":"LiveViewStream", + "documentation":"

The stream that provides a visual representation of the browser content. This stream allows agents to observe the current state of the browser, including rendered web pages and visual elements.

" + } + }, + "documentation":"

The collection of streams associated with a browser session in Amazon Bedrock. These streams provide different ways to interact with and observe the browser session, including programmatic control and visual representation of the browser content.

" + }, + "BrowserSessionSummaries":{ + "type":"list", + "member":{"shape":"BrowserSessionSummary"} + }, + "BrowserSessionSummary":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "status", + "createdAt" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the browser associated with the session. This identifier specifies which browser environment is used for the session.

" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The unique identifier of the browser session. This identifier is used in operations that interact with the session.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the browser session. This name helps identify and manage the session.

" + }, + "status":{ + "shape":"BrowserSessionStatus", + "documentation":"

The current status of the browser session. Possible values include ACTIVE, STOPPING, and STOPPED.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser session was created. This value is in ISO 8601 format.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser session was last updated. This value is in ISO 8601 format.

" + } + }, + "documentation":"

A condensed representation of a browser session in Amazon Bedrock. This structure contains key information about a browser session, including identifiers, status, and timestamps, without the full details of the session configuration and streams.

" + }, + "BrowserSessionTimeout":{ + "type":"integer", + "box":true, + "max":28800, + "min":1 + }, + "BrowserStreamEndpoint":{ + "type":"string", + "max":512, + "min":10 + }, + "ClientToken":{ + "type":"string", + "max":256, + "min":33, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,256}" + }, + "CodeInterpreterResult":{ + "type":"structure", + "required":["content"], + "members":{ + "content":{ + "shape":"ContentBlockList", + "documentation":"

The textual content of the execution result. This includes standard output from the code execution, such as print statements, console output, and text representations of results.

" + }, + "structuredContent":{ + "shape":"ToolResultStructuredContent", + "documentation":"

The structured content of the execution result. This includes additional metadata about the execution, such as execution time, memory usage, and structured representations of output data. The format depends on the specific code interpreter and execution context.

" + }, + "isError":{ + "shape":"Boolean", + "documentation":"

Indicates whether the result represents an error. If true, the content contains error messages or exception information. If false, the content contains successful execution results.

" + } + }, + "documentation":"

The output produced by executing code in a code interpreter session in Amazon Bedrock. This structure contains the results of code execution, including textual output, structured data, and error information. Agents use these results to generate responses that incorporate computation, data analysis, and visualization.

", + "event":true + }, + "CodeInterpreterSessionId":{ + "type":"string", + "pattern":"[0-9a-zA-Z]{1,40}" + }, + "CodeInterpreterSessionStatus":{ + "type":"string", + "enum":[ + "READY", + "TERMINATED" + ] + }, + "CodeInterpreterSessionSummaries":{ + "type":"list", + "member":{"shape":"CodeInterpreterSessionSummary"} + }, + "CodeInterpreterSessionSummary":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId", + "status", + "createdAt" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter associated with the session. This identifier specifies which code interpreter environment is used for the session.

" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The unique identifier of the code interpreter session. This identifier is used in operations that interact with the session.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the code interpreter session. This name helps identify and manage the session.

" + }, + "status":{ + "shape":"CodeInterpreterSessionStatus", + "documentation":"

The current status of the code interpreter session. Possible values include ACTIVE, STOPPING, and STOPPED.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter session was created. This value is in ISO 8601 format.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter session was last updated. This value is in ISO 8601 format.

" + } + }, + "documentation":"

A condensed representation of a code interpreter session in Amazon Bedrock. This structure contains key information about a code interpreter session, including identifiers, status, and timestamps, without the full details of the session configuration.

" + }, + "CodeInterpreterSessionTimeout":{ + "type":"integer", + "box":true, + "max":28800, + "min":1 + }, + "CodeInterpreterStreamOutput":{ + "type":"structure", + "members":{ + "result":{"shape":"CodeInterpreterResult"}, + "accessDeniedException":{"shape":"AccessDeniedException"}, + "conflictException":{"shape":"ConflictException"}, + "internalServerException":{"shape":"InternalServerException"}, + "resourceNotFoundException":{"shape":"ResourceNotFoundException"}, + "serviceQuotaExceededException":{"shape":"ServiceQuotaExceededException"}, + "throttlingException":{"shape":"ThrottlingException"}, + "validationException":{"shape":"ValidationException"} + }, + "documentation":"

Contains output from a code interpreter stream.

", + "eventstream":true + }, + "CompleteResourceTokenAuthRequest":{ + "type":"structure", + "required":[ + "userIdentifier", + "sessionUri" + ], + "members":{ + "userIdentifier":{ + "shape":"UserIdentifier", + "documentation":"

The OAuth2.0 token or user ID that was used to generate the workload access token used for initiating the user authorization flow to retrieve OAuth2.0 tokens.

" + }, + "sessionUri":{ + "shape":"RequestUri", + "documentation":"

Unique identifier for the user's authentication session for retrieving OAuth2 tokens. This ID tracks the authorization flow state across multiple requests and responses during the OAuth2 authentication process.

" + } + } + }, + "CompleteResourceTokenAuthResponse":{ + "type":"structure", + "members":{} + }, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when the request conflicts with the current state of the resource. This can happen when trying to modify a resource that is currently being modified by another request, or when trying to create a resource that already exists.

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "Content":{ + "type":"structure", + "members":{ + "text":{ + "shape":"ContentTextString", + "documentation":"

The text content of the memory item.

" + } + }, + "documentation":"

Contains the content of a memory item.

", + "union":true + }, + "ContentBlock":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ContentBlockType", + "documentation":"

The type of content in the block.

" + }, + "text":{ + "shape":"String", + "documentation":"

The text content of the block.

" + }, + "data":{ + "shape":"Blob", + "documentation":"

The binary data content of the block.

" + }, + "mimeType":{ + "shape":"String", + "documentation":"

The MIME type of the content.

" + }, + "uri":{ + "shape":"String", + "documentation":"

The URI of the content.

" + }, + "name":{ + "shape":"String", + "documentation":"

The name of the content block.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description of the content block.

" + }, + "size":{ + "shape":"Long", + "documentation":"

The size of the content in bytes.

" + }, + "resource":{ + "shape":"ResourceContent", + "documentation":"

The resource associated with the content block.

" + } + }, + "documentation":"

A block of content in a response.

" + }, + "ContentBlockList":{ + "type":"list", + "member":{"shape":"ContentBlock"} + }, + "ContentBlockType":{ + "type":"string", + "enum":[ + "text", + "image", + "resource", + "resource_link" + ] + }, + "ContentTextString":{ + "type":"string", + "max":9000, + "min":1, + "sensitive":true + }, + "Conversational":{ + "type":"structure", + "required":[ + "content", + "role" + ], + "members":{ + "content":{ + "shape":"Content", + "documentation":"

The content of the conversation message.

" + }, + "role":{ + "shape":"Role", + "documentation":"

The role of the participant in the conversation (for example, \"user\" or \"assistant\").

" + } + }, + "documentation":"

Contains conversational content for an event payload.

" + }, + "CreateEventInput":{ + "type":"structure", + "required":[ + "memoryId", + "actorId", + "eventTimestamp", + "payload" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource in which to create the event.

", + "location":"uri", + "locationName":"memoryId" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor associated with this event. An actor represents an entity that participates in sessions and generates events.

" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the session in which this event occurs. A session represents a sequence of related events.

" + }, + "eventTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the event occurred. If not specified, the current time is used.

" + }, + "payload":{ + "shape":"PayloadTypeList", + "documentation":"

The content payload of the event. This can include conversational data or binary content.

" + }, + "branch":{ + "shape":"Branch", + "documentation":"

The branch information for this event. Branches allow for organizing events into different conversation threads or paths.

" + }, + "clientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, AgentCore ignores the request, but does not return an error.

", + "idempotencyToken":true + }, + "metadata":{ + "shape":"MetadataMap", + "documentation":"

The key-value metadata to attach to the event.

" + } + } + }, + "CreateEventOutput":{ + "type":"structure", + "required":["event"], + "members":{ + "event":{ + "shape":"Event", + "documentation":"

The event that was created.

" + } + } + }, + "CredentialProviderName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\-_]+" + }, + "CustomRequestKeyType":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9\\-_\\.]+" + }, + "CustomRequestParametersType":{ + "type":"map", + "key":{"shape":"CustomRequestKeyType"}, + "value":{"shape":"CustomRequestValueType"} + }, + "CustomRequestValueType":{ + "type":"string", + "max":2048, + "min":1, + "sensitive":true + }, + "DateTimestamp":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "DeleteEventInput":{ + "type":"structure", + "required":[ + "memoryId", + "sessionId", + "eventId", + "actorId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource from which to delete the event.

", + "location":"uri", + "locationName":"memoryId" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the session containing the event to delete.

", + "location":"uri", + "locationName":"sessionId" + }, + "eventId":{ + "shape":"EventId", + "documentation":"

The identifier of the event to delete.

", + "location":"uri", + "locationName":"eventId" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor associated with the event to delete.

", + "location":"uri", + "locationName":"actorId" + } + } + }, + "DeleteEventOutput":{ + "type":"structure", + "required":["eventId"], + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"

The identifier of the event that was deleted.

" + } + } + }, + "DeleteMemoryRecordInput":{ + "type":"structure", + "required":[ + "memoryId", + "memoryRecordId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource from which to delete the memory record.

", + "location":"uri", + "locationName":"memoryId" + }, + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The identifier of the memory record to delete.

", + "location":"uri", + "locationName":"memoryRecordId" + } + } + }, + "DeleteMemoryRecordOutput":{ + "type":"structure", + "required":["memoryRecordId"], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The identifier of the memory record that was deleted.

" + } + } + }, + "Document":{ + "type":"structure", + "members":{}, + "document":true + }, + "Double":{ + "type":"double", + "box":true + }, + "Event":{ + "type":"structure", + "required":[ + "memoryId", + "actorId", + "sessionId", + "eventId", + "eventTimestamp", + "payload" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource containing the event.

" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor associated with the event.

" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the session containing the event.

" + }, + "eventId":{ + "shape":"EventId", + "documentation":"

The unique identifier of the event.

" + }, + "eventTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the event occurred.

" + }, + "payload":{ + "shape":"PayloadTypeList", + "documentation":"

The content payload of the event.

" + }, + "branch":{ + "shape":"Branch", + "documentation":"

The branch information for the event.

" + }, + "metadata":{ + "shape":"MetadataMap", + "documentation":"

Metadata associated with an event.

" + } + }, + "documentation":"

Contains information about an event in an AgentCore Memory resource.

" + }, + "EventId":{ + "type":"string", + "pattern":"[0-9]+#[a-fA-F0-9]+" + }, + "EventList":{ + "type":"list", + "member":{"shape":"Event"} + }, + "EventMetadataFilterExpression":{ + "type":"structure", + "required":[ + "left", + "operator" + ], + "members":{ + "left":{ + "shape":"LeftExpression", + "documentation":"

Left operand of the event metadata filter expression.

" + }, + "operator":{ + "shape":"OperatorType", + "documentation":"

Operator applied to the event metadata filter expression.

" + }, + "right":{ + "shape":"RightExpression", + "documentation":"

Right operand of the event metadata filter expression.

" + } + }, + "documentation":"

Filter expression for retrieving events based on metadata associated with an event.

" + }, + "EventMetadataFilterList":{ + "type":"list", + "member":{"shape":"EventMetadataFilterExpression"}, + "max":5, + "min":1 + }, + "FilterInput":{ + "type":"structure", + "members":{ + "branch":{ + "shape":"BranchFilter", + "documentation":"

The branch filter criteria to apply when listing events.

" + }, + "eventMetadata":{ + "shape":"EventMetadataFilterList", + "documentation":"

Event metadata filter criteria to apply when retrieving events.

" + } + }, + "documentation":"

Contains filter criteria for listing events.

" + }, + "GetAgentCardRequest":{ + "type":"structure", + "required":["agentRuntimeArn"], + "members":{ + "runtimeSessionId":{ + "shape":"SessionType", + "documentation":"

The session ID that the AgentCore Runtime agent is using.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "agentRuntimeArn":{ + "shape":"String", + "documentation":"

The ARN of the AgentCore Runtime agent for which you want to get the A2A agent card.

", + "location":"uri", + "locationName":"agentRuntimeArn" + }, + "qualifier":{ + "shape":"String", + "documentation":"

Optional qualifier to specify an agent alias, such as prodcode> or dev. If you don't provide a value, the DEFAULT alias is used.

", + "location":"querystring", + "locationName":"qualifier" + } + } + }, + "GetAgentCardResponse":{ + "type":"structure", + "required":["agentCard"], + "members":{ + "runtimeSessionId":{ + "shape":"SessionId", + "documentation":"

The ID of the session associated with the AgentCore Runtime agent.

", + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "agentCard":{ + "shape":"AgentCard", + "documentation":"

An agent card document that contains metadata and capabilities for an AgentCore Runtime agent.

" + }, + "statusCode":{ + "shape":"HttpResponseCode", + "documentation":"

The status code of the request.

", + "location":"statusCode" + } + }, + "payload":"agentCard" + }, + "GetBrowserSessionRequest":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the browser associated with the session.

", + "location":"uri", + "locationName":"browserIdentifier" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The unique identifier of the browser session to retrieve.

", + "location":"querystring", + "locationName":"sessionId" + } + } + }, + "GetBrowserSessionResponse":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "createdAt" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the browser.

" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The identifier of the browser session.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the browser session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the browser session was created.

" + }, + "viewPort":{"shape":"ViewPort"}, + "sessionTimeoutSeconds":{ + "shape":"BrowserSessionTimeout", + "documentation":"

The timeout period for the browser session in seconds.

" + }, + "status":{ + "shape":"BrowserSessionStatus", + "documentation":"

The current status of the browser session. Possible values include ACTIVE, STOPPING, and STOPPED.

" + }, + "streams":{ + "shape":"BrowserSessionStream", + "documentation":"

The streams associated with this browser session. These include the automation stream and live view stream.

" + }, + "sessionReplayArtifact":{ + "shape":"String", + "documentation":"

The artifact containing the session replay information.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the browser session was last updated.

" + } + } + }, + "GetCodeInterpreterSessionRequest":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter associated with the session.

", + "location":"uri", + "locationName":"codeInterpreterIdentifier" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The unique identifier of the code interpreter session to retrieve.

", + "location":"querystring", + "locationName":"sessionId" + } + } + }, + "GetCodeInterpreterSessionResponse":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId", + "createdAt" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the code interpreter.

" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The identifier of the code interpreter session.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the code interpreter session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the code interpreter session was created.

" + }, + "sessionTimeoutSeconds":{ + "shape":"CodeInterpreterSessionTimeout", + "documentation":"

The timeout period for the code interpreter session in seconds.

" + }, + "status":{ + "shape":"CodeInterpreterSessionStatus", + "documentation":"

The current status of the code interpreter session. Possible values include ACTIVE, STOPPING, and STOPPED.

" + } + } + }, + "GetEventInput":{ + "type":"structure", + "required":[ + "memoryId", + "sessionId", + "actorId", + "eventId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource containing the event.

", + "location":"uri", + "locationName":"memoryId" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the session containing the event.

", + "location":"uri", + "locationName":"sessionId" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor associated with the event.

", + "location":"uri", + "locationName":"actorId" + }, + "eventId":{ + "shape":"EventId", + "documentation":"

The identifier of the event to retrieve.

", + "location":"uri", + "locationName":"eventId" + } + } + }, + "GetEventOutput":{ + "type":"structure", + "required":["event"], + "members":{ + "event":{ + "shape":"Event", + "documentation":"

The requested event information.

" + } + } + }, + "GetMemoryRecordInput":{ + "type":"structure", + "required":[ + "memoryId", + "memoryRecordId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource containing the memory record.

", + "location":"uri", + "locationName":"memoryId" + }, + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The identifier of the memory record to retrieve.

", + "location":"uri", + "locationName":"memoryRecordId" + } + } + }, + "GetMemoryRecordOutput":{ + "type":"structure", + "required":["memoryRecord"], + "members":{ + "memoryRecord":{ + "shape":"MemoryRecord", + "documentation":"

The requested memory record.

" + } + } + }, + "GetResourceApiKeyRequest":{ + "type":"structure", + "required":[ + "workloadIdentityToken", + "resourceCredentialProviderName" + ], + "members":{ + "workloadIdentityToken":{ + "shape":"WorkloadIdentityTokenType", + "documentation":"

The identity token of the workload from which you want to retrieve the API key.

" + }, + "resourceCredentialProviderName":{ + "shape":"CredentialProviderName", + "documentation":"

The credential provider name for the resource from which you are retrieving the API key.

" + } + } + }, + "GetResourceApiKeyResponse":{ + "type":"structure", + "required":["apiKey"], + "members":{ + "apiKey":{ + "shape":"ApiKeyType", + "documentation":"

The API key associated with the resource requested.

" + } + } + }, + "GetResourceOauth2TokenRequest":{ + "type":"structure", + "required":[ + "workloadIdentityToken", + "resourceCredentialProviderName", + "scopes", + "oauth2Flow" + ], + "members":{ + "workloadIdentityToken":{ + "shape":"WorkloadIdentityTokenType", + "documentation":"

The identity token of the workload from which you want to retrieve the OAuth2 token.

" + }, + "resourceCredentialProviderName":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the resource's credential provider.

" + }, + "scopes":{ + "shape":"ScopesListType", + "documentation":"

The OAuth scopes being requested.

" + }, + "oauth2Flow":{ + "shape":"Oauth2FlowType", + "documentation":"

The type of flow to be performed.

" + }, + "sessionUri":{ + "shape":"RequestUri", + "documentation":"

Unique identifier for the user's authentication session for retrieving OAuth2 tokens. This ID tracks the authorization flow state across multiple requests and responses during the OAuth2 authentication process.

" + }, + "resourceOauth2ReturnUrl":{ + "shape":"ResourceOauth2ReturnUrlType", + "documentation":"

The callback URL to redirect to after the OAuth 2.0 token retrieval is complete. This URL must be one of the provided URLs configured for the workload identity.

" + }, + "forceAuthentication":{ + "shape":"Boolean", + "documentation":"

Indicates whether to always initiate a new three-legged OAuth (3LO) flow, regardless of any existing session.

" + }, + "customParameters":{ + "shape":"CustomRequestParametersType", + "documentation":"

A map of custom parameters to include in the authorization request to the resource credential provider. These parameters are in addition to the standard OAuth 2.0 flow parameters, and will not override them.

" + }, + "customState":{ + "shape":"State", + "documentation":"

An opaque string that will be sent back to the callback URL provided in resourceOauth2ReturnUrl. This state should be used to protect the callback URL of your application against CSRF attacks by ensuring the response corresponds to the original request.

" + } + } + }, + "GetResourceOauth2TokenResponse":{ + "type":"structure", + "members":{ + "authorizationUrl":{ + "shape":"AuthorizationUrlType", + "documentation":"

The URL to initiate the authorization process, provided when the access token requires user authorization.

" + }, + "accessToken":{ + "shape":"AccessTokenType", + "documentation":"

The OAuth 2.0 access token to use.

" + }, + "sessionUri":{ + "shape":"RequestUri", + "documentation":"

Unique identifier for the user's authorization session for retrieving OAuth2 tokens. This matches the sessionId from the request and can be used to track the session state.

" + }, + "sessionStatus":{ + "shape":"SessionStatus", + "documentation":"

Status indicating whether the user's authorization session is in progress or has failed. This helps determine the next steps in the OAuth2 authentication flow.

" + } + } + }, + "GetWorkloadAccessTokenForJWTRequest":{ + "type":"structure", + "required":[ + "workloadName", + "userToken" + ], + "members":{ + "workloadName":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The unique identifier for the registered workload.

" + }, + "userToken":{ + "shape":"UserTokenType", + "documentation":"

The OAuth 2.0 token issued by the user's identity provider.

" + } + } + }, + "GetWorkloadAccessTokenForJWTResponse":{ + "type":"structure", + "required":["workloadAccessToken"], + "members":{ + "workloadAccessToken":{ + "shape":"WorkloadIdentityTokenType", + "documentation":"

An opaque token representing the identity of both the workload and the user.

" + } + } + }, + "GetWorkloadAccessTokenForUserIdRequest":{ + "type":"structure", + "required":[ + "workloadName", + "userId" + ], + "members":{ + "workloadName":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload from which you want to retrieve the access token.

" + }, + "userId":{ + "shape":"UserIdType", + "documentation":"

The ID of the user for whom you are retrieving the access token.

" + } + } + }, + "GetWorkloadAccessTokenForUserIdResponse":{ + "type":"structure", + "required":["workloadAccessToken"], + "members":{ + "workloadAccessToken":{ + "shape":"WorkloadIdentityTokenType", + "documentation":"

The access token for the specified workload.

" + } + } + }, + "GetWorkloadAccessTokenRequest":{ + "type":"structure", + "required":["workloadName"], + "members":{ + "workloadName":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The unique identifier for the registered workload.

" + } + } + }, + "GetWorkloadAccessTokenResponse":{ + "type":"structure", + "required":["workloadAccessToken"], + "members":{ + "workloadAccessToken":{ + "shape":"WorkloadIdentityTokenType", + "documentation":"

An opaque token representing the identity of both the workload and the user.

" + } + } + }, + "HttpResponseCode":{ + "type":"integer", + "box":true + }, + "InputContentBlock":{ + "type":"structure", + "required":["path"], + "members":{ + "path":{ + "shape":"MaxLenString", + "documentation":"

The path to the input content.

" + }, + "text":{ + "shape":"MaxLenString", + "documentation":"

The text input content.

" + }, + "blob":{ + "shape":"Body", + "documentation":"

The binary input content.

" + } + }, + "documentation":"

A block of input content.

" + }, + "InputContentBlockList":{ + "type":"list", + "member":{"shape":"InputContentBlock"} + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when the service encounters an unexpected internal error. This is a temporary condition that will resolve itself with retries. We recommend implementing exponential backoff retry logic in your application.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "InvalidInputException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The input fails to satisfy the constraints specified by AgentCore. Check your input values and try again.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "InvokeAgentRuntimeRequest":{ + "type":"structure", + "required":[ + "agentRuntimeArn", + "payload" + ], + "members":{ + "contentType":{ + "shape":"MimeType", + "documentation":"

The MIME type of the input data in the payload. This tells the agent runtime how to interpret the payload data. Common values include application/json for JSON data.

", + "location":"header", + "locationName":"Content-Type" + }, + "accept":{ + "shape":"MimeType", + "documentation":"

The desired MIME type for the response from the agent runtime. This tells the agent runtime what format to use for the response data. Common values include application/json for JSON data.

", + "location":"header", + "locationName":"Accept" + }, + "mcpSessionId":{ + "shape":"StringType", + "documentation":"

The identifier of the MCP session.

", + "location":"header", + "locationName":"Mcp-Session-Id" + }, + "runtimeSessionId":{ + "shape":"SessionType", + "documentation":"

The identifier of the runtime session.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "mcpProtocolVersion":{ + "shape":"StringType", + "documentation":"

The version of the MCP protocol being used.

", + "location":"header", + "locationName":"Mcp-Protocol-Version" + }, + "runtimeUserId":{ + "shape":"StringType", + "documentation":"

The identifier of the runtime user.

", + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-User-Id" + }, + "traceId":{ + "shape":"InvokeAgentRuntimeRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"InvokeAgentRuntimeRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "traceState":{ + "shape":"InvokeAgentRuntimeRequestTraceStateString", + "documentation":"

The trace state information for distributed tracing.

", + "location":"header", + "locationName":"tracestate" + }, + "baggage":{ + "shape":"InvokeAgentRuntimeRequestBaggageString", + "documentation":"

Additional context information for distributed tracing.

", + "location":"header", + "locationName":"baggage" + }, + "agentRuntimeArn":{ + "shape":"String", + "documentation":"

The Amazon Web Services Resource Name (ARN) of the agent runtime to invoke. The ARN uniquely identifies the agent runtime resource in Amazon Bedrock.

", + "location":"uri", + "locationName":"agentRuntimeArn" + }, + "qualifier":{ + "shape":"String", + "documentation":"

The qualifier to use for the agent runtime. This can be a version number or an endpoint name that points to a specific version. If not specified, Amazon Bedrock uses the default version of the agent runtime.

", + "location":"querystring", + "locationName":"qualifier" + }, + "accountId":{ + "shape":"InvokeAgentRuntimeRequestAccountIdString", + "documentation":"

The identifier of the Amazon Web Services account for the agent runtime resource.

", + "location":"querystring", + "locationName":"accountId" + }, + "payload":{ + "shape":"Body", + "documentation":"

The input data to send to the agent runtime. The format of this data depends on the specific agent configuration and must match the specified content type. For most agents, this is a JSON object containing the user's request.

" + } + }, + "payload":"payload" + }, + "InvokeAgentRuntimeRequestAccountIdString":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "InvokeAgentRuntimeRequestBaggageString":{ + "type":"string", + "max":8192, + "min":0 + }, + "InvokeAgentRuntimeRequestTraceIdString":{ + "type":"string", + "max":128, + "min":0 + }, + "InvokeAgentRuntimeRequestTraceParentString":{ + "type":"string", + "max":128, + "min":0 + }, + "InvokeAgentRuntimeRequestTraceStateString":{ + "type":"string", + "max":512, + "min":0 + }, + "InvokeAgentRuntimeResponse":{ + "type":"structure", + "required":["contentType"], + "members":{ + "runtimeSessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the runtime session.

", + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "mcpSessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the MCP session.

", + "location":"header", + "locationName":"Mcp-Session-Id" + }, + "mcpProtocolVersion":{ + "shape":"String", + "documentation":"

The version of the MCP protocol being used.

", + "location":"header", + "locationName":"Mcp-Protocol-Version" + }, + "traceId":{ + "shape":"String", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"String", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "traceState":{ + "shape":"String", + "documentation":"

The trace state information for distributed tracing.

", + "location":"header", + "locationName":"tracestate" + }, + "baggage":{ + "shape":"String", + "documentation":"

Additional context information for distributed tracing.

", + "location":"header", + "locationName":"baggage" + }, + "contentType":{ + "shape":"String", + "documentation":"

The MIME type of the response data. This indicates how to interpret the response data. Common values include application/json for JSON data.

", + "location":"header", + "locationName":"Content-Type" + }, + "response":{ + "shape":"ResponseStream", + "documentation":"

The response data from the agent runtime. The format of this data depends on the specific agent configuration and the requested accept type. For most agents, this is a JSON object containing the agent's response to the user's request.

" + }, + "statusCode":{ + "shape":"HttpResponseCode", + "documentation":"

The HTTP status code of the response. A status code of 200 indicates a successful operation. Other status codes indicate various error conditions.

", + "location":"statusCode" + } + }, + "payload":"response" + }, + "InvokeCodeInterpreterRequest":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "name" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter associated with the session. This must match the identifier used when creating the session with StartCodeInterpreterSession.

", + "location":"uri", + "locationName":"codeInterpreterIdentifier" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The unique identifier of the code interpreter session to use. This must be an active session created with StartCodeInterpreterSession. If the session has expired or been stopped, the request will fail.

", + "location":"header", + "locationName":"x-amzn-code-interpreter-session-id" + }, + "traceId":{ + "shape":"InvokeCodeInterpreterRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"InvokeCodeInterpreterRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "name":{ + "shape":"ToolName", + "documentation":"

The name of the code interpreter to invoke.

" + }, + "arguments":{ + "shape":"ToolArguments", + "documentation":"

The arguments for the code interpreter. This includes the code to execute and any additional parameters such as the programming language, whether to clear the execution context, and other execution options. The structure of this parameter depends on the specific code interpreter being used.

" + } + } + }, + "InvokeCodeInterpreterRequestTraceIdString":{ + "type":"string", + "max":1024, + "min":0 + }, + "InvokeCodeInterpreterRequestTraceParentString":{ + "type":"string", + "max":1024, + "min":0 + }, + "InvokeCodeInterpreterResponse":{ + "type":"structure", + "required":["stream"], + "members":{ + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The identifier of the code interpreter session.

", + "location":"header", + "locationName":"x-amzn-code-interpreter-session-id" + }, + "stream":{ + "shape":"CodeInterpreterStreamOutput", + "documentation":"

The stream containing the results of the code execution. This includes output, errors, and execution status.

" + } + }, + "payload":"stream" + }, + "LeftExpression":{ + "type":"structure", + "members":{ + "metadataKey":{ + "shape":"MetadataKey", + "documentation":"

Key associated with the metadata in an event.

" + } + }, + "documentation":"

Left expression of the event metadata filter.

", + "union":true + }, + "ListActorsInput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource for which to list actors.

", + "location":"uri", + "locationName":"memoryId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + } + } + }, + "ListActorsOutput":{ + "type":"structure", + "required":["actorSummaries"], + "members":{ + "actorSummaries":{ + "shape":"ActorSummaryList", + "documentation":"

The list of actor summaries.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use in a subsequent request to get the next set of results. This value is null when there are no more results to return.

" + } + } + }, + "ListBrowserSessionsRequest":{ + "type":"structure", + "required":["browserIdentifier"], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the browser to list sessions for. If specified, only sessions for this browser are returned. If not specified, sessions for all browsers are returned.

", + "location":"uri", + "locationName":"browserIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. The default value is 10. Valid values range from 1 to 100. To retrieve the remaining results, make another call with the returned nextToken value.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results. If not specified, Amazon Bedrock returns the first page of results.

" + }, + "status":{ + "shape":"BrowserSessionStatus", + "documentation":"

The status of the browser sessions to list. Valid values include ACTIVE, STOPPING, and STOPPED. If not specified, sessions with any status are returned.

" + } + } + }, + "ListBrowserSessionsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"BrowserSessionSummaries", + "documentation":"

The list of browser sessions that match the specified criteria.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token to use in a subsequent ListBrowserSessions request to get the next set of results.

" + } + } + }, + "ListCodeInterpreterSessionsRequest":{ + "type":"structure", + "required":["codeInterpreterIdentifier"], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter to list sessions for. If specified, only sessions for this code interpreter are returned. If not specified, sessions for all code interpreters are returned.

", + "location":"uri", + "locationName":"codeInterpreterIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. The default value is 10. Valid values range from 1 to 100. To retrieve the remaining results, make another call with the returned nextToken value.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results. If not specified, Amazon Bedrock returns the first page of results.

" + }, + "status":{ + "shape":"CodeInterpreterSessionStatus", + "documentation":"

The status of the code interpreter sessions to list. Valid values include ACTIVE, STOPPING, and STOPPED. If not specified, sessions with any status are returned.

" + } + } + }, + "ListCodeInterpreterSessionsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"CodeInterpreterSessionSummaries", + "documentation":"

The list of code interpreter sessions that match the specified criteria.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token to use in a subsequent ListCodeInterpreterSessions request to get the next set of results.

" + } + } + }, + "ListEventsInput":{ + "type":"structure", + "required":[ + "memoryId", + "sessionId", + "actorId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource for which to list events.

", + "location":"uri", + "locationName":"memoryId" + }, + "sessionId":{ + "shape":"SessionId", + "documentation":"

The identifier of the session for which to list events. If specified, only events from this session are returned.

", + "location":"uri", + "locationName":"sessionId" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor for which to list events. If specified, only events from this actor are returned.

", + "location":"uri", + "locationName":"actorId" + }, + "includePayloads":{ + "shape":"Boolean", + "documentation":"

Specifies whether to include event payloads in the response. Set to true to include payloads, or false to exclude them.

" + }, + "filter":{ + "shape":"FilterInput", + "documentation":"

Filter criteria to apply when listing events.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + } + } + }, + "ListEventsOutput":{ + "type":"structure", + "required":["events"], + "members":{ + "events":{ + "shape":"EventList", + "documentation":"

The list of events that match the specified criteria.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use in a subsequent request to get the next set of results. This value is null when there are no more results to return.

" + } + } + }, + "ListMemoryRecordsInput":{ + "type":"structure", + "required":[ + "memoryId", + "namespace" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource for which to list memory records.

", + "location":"uri", + "locationName":"memoryId" + }, + "namespace":{ + "shape":"Namespace", + "documentation":"

The namespace to filter memory records by. If specified, only memory records in this namespace are returned.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The memory strategy identifier to filter memory records by. If specified, only memory records with this strategy ID are returned.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + } + } + }, + "ListMemoryRecordsOutput":{ + "type":"structure", + "required":["memoryRecordSummaries"], + "members":{ + "memoryRecordSummaries":{ + "shape":"MemoryRecordSummaryList", + "documentation":"

The list of memory record summaries that match the specified criteria.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use in a subsequent request to get the next set of results. This value is null when there are no more results to return.

" + } + } + }, + "ListSessionsInput":{ + "type":"structure", + "required":[ + "memoryId", + "actorId" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource for which to list sessions.

", + "location":"uri", + "locationName":"memoryId" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor for which to list sessions. If specified, only sessions involving this actor are returned.

", + "location":"uri", + "locationName":"actorId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + } + } + }, + "ListSessionsOutput":{ + "type":"structure", + "required":["sessionSummaries"], + "members":{ + "sessionSummaries":{ + "shape":"SessionSummaryList", + "documentation":"

The list of session summaries that match the specified criteria.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use in a subsequent request to get the next set of results. This value is null when there are no more results to return.

" + } + } + }, + "LiveViewStream":{ + "type":"structure", + "members":{ + "streamEndpoint":{ + "shape":"BrowserStreamEndpoint", + "documentation":"

The endpoint URL for the live view stream. This URL is used to establish a connection to receive visual updates from the browser session.

" + } + }, + "documentation":"

The configuration for a stream that provides a visual representation of a browser session in Amazon Bedrock. This stream enables agents to observe the current state of the browser, including rendered web pages, visual elements, and the results of interactions.

" + }, + "Long":{ + "type":"long", + "box":true + }, + "MaxLenString":{ + "type":"string", + "max":100000000, + "min":0 + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "MemoryContent":{ + "type":"structure", + "members":{ + "text":{ + "shape":"MemoryContentTextString", + "documentation":"

The text content of the memory record.

" + } + }, + "documentation":"

Contains the content of a memory record.

", + "union":true + }, + "MemoryContentTextString":{ + "type":"string", + "max":16000, + "min":1, + "sensitive":true + }, + "MemoryId":{ + "type":"string", + "min":12, + "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" + }, + "MemoryRecord":{ + "type":"structure", + "required":[ + "memoryRecordId", + "content", + "memoryStrategyId", + "namespaces", + "createdAt" + ], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The unique identifier of the memory record.

" + }, + "content":{ + "shape":"MemoryContent", + "documentation":"

The content of the memory record.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The identifier of the memory strategy associated with this record.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with this memory record. Namespaces help organize and categorize memory records.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory record was created.

" + } + }, + "documentation":"

Contains information about a memory record in an AgentCore Memory resource.

" + }, + "MemoryRecordCreateInput":{ + "type":"structure", + "required":[ + "requestIdentifier", + "namespaces", + "content", + "timestamp" + ], + "members":{ + "requestIdentifier":{ + "shape":"RequestIdentifier", + "documentation":"

A client-provided identifier for tracking this specific record creation request.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

A list of namespace identifiers that categorize or group the memory record.

" + }, + "content":{ + "shape":"MemoryContent", + "documentation":"

The content to be stored within the memory record.

" + }, + "timestamp":{ + "shape":"Timestamp", + "documentation":"

Time at which the memory record was created.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The ID of the memory strategy that defines how this memory record is grouped.

" + } + }, + "documentation":"

Input structure to create a new memory record.

" + }, + "MemoryRecordDeleteInput":{ + "type":"structure", + "required":["memoryRecordId"], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The unique ID of the memory record to be deleted.

" + } + }, + "documentation":"

Input structure to delete an existing memory record.

" + }, + "MemoryRecordId":{ + "type":"string", + "max":50, + "min":40, + "pattern":"mem-[a-zA-Z0-9-_]*" + }, + "MemoryRecordOutput":{ + "type":"structure", + "required":[ + "memoryRecordId", + "status" + ], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The unique ID associated to the memory record.

" + }, + "status":{ + "shape":"MemoryRecordStatus", + "documentation":"

The status of the memory record operation (e.g., SUCCEEDED, FAILED).

" + }, + "requestIdentifier":{ + "shape":"RequestIdentifier", + "documentation":"

The client-provided identifier that was used to track this record operation.

" + }, + "errorCode":{ + "shape":"Integer", + "documentation":"

The error code returned when the memory record operation fails.

" + }, + "errorMessage":{ + "shape":"String", + "documentation":"

A human-readable error message describing why the memory record operation failed.

" + } + }, + "documentation":"

Output information returned after processing a memory record operation.

" + }, + "MemoryRecordStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "FAILED" + ] + }, + "MemoryRecordSummary":{ + "type":"structure", + "required":[ + "memoryRecordId", + "content", + "memoryStrategyId", + "namespaces", + "createdAt" + ], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The unique identifier of the memory record.

" + }, + "content":{ + "shape":"MemoryContent", + "documentation":"

The content of the memory record.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The identifier of the memory strategy associated with this record.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with this memory record.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory record was created.

" + }, + "score":{ + "shape":"Double", + "documentation":"

The relevance score of the memory record when returned as part of a search result. Higher values indicate greater relevance to the search query.

" + } + }, + "documentation":"

Contains summary information about a memory record.

" + }, + "MemoryRecordSummaryList":{ + "type":"list", + "member":{"shape":"MemoryRecordSummary"} + }, + "MemoryRecordUpdateInput":{ + "type":"structure", + "required":[ + "memoryRecordId", + "timestamp" + ], + "members":{ + "memoryRecordId":{ + "shape":"MemoryRecordId", + "documentation":"

The unique ID of the memory record to be updated.

" + }, + "timestamp":{ + "shape":"Timestamp", + "documentation":"

Time at which the memory record was updated

" + }, + "content":{ + "shape":"MemoryContent", + "documentation":"

The content to be stored within the memory record.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The updated list of namespace identifiers for categorizing the memory record.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The updated ID of the memory strategy that defines how this memory record is grouped.

" + } + }, + "documentation":"

Input structure to update an existing memory record.

" + }, + "MemoryRecordsCreateInputList":{ + "type":"list", + "member":{"shape":"MemoryRecordCreateInput"}, + "max":100, + "min":0 + }, + "MemoryRecordsDeleteInputList":{ + "type":"list", + "member":{"shape":"MemoryRecordDeleteInput"}, + "max":100, + "min":0 + }, + "MemoryRecordsOutputList":{ + "type":"list", + "member":{"shape":"MemoryRecordOutput"} + }, + "MemoryRecordsUpdateInputList":{ + "type":"list", + "member":{"shape":"MemoryRecordUpdateInput"}, + "max":100, + "min":0 + }, + "MemoryStrategyId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-_]*" + }, + "MetadataKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "MetadataMap":{ + "type":"map", + "key":{"shape":"MetadataKey"}, + "value":{"shape":"MetadataValue"}, + "max":15, + "min":0 + }, + "MetadataValue":{ + "type":"structure", + "members":{ + "stringValue":{ + "shape":"MetadataValueStringValueString", + "documentation":"

Value associated with the eventMetadata key.

" + } + }, + "documentation":"

Value associated with the eventMetadata key.

", + "union":true + }, + "MetadataValueStringValueString":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "MimeType":{ + "type":"string", + "max":256, + "min":1 + }, + "Name":{ + "type":"string", + "max":100, + "min":1 + }, + "Namespace":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[a-zA-Z0-9/*][a-zA-Z0-9-_/*]*(?::[a-zA-Z0-9-_/*]+)*[a-zA-Z0-9-_/*]*" + }, + "NamespacesList":{ + "type":"list", + "member":{"shape":"Namespace"}, + "max":1, + "min":0 + }, + "NextToken":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\S*" + }, + "NonBlankString":{ + "type":"string", + "pattern":"[\\s\\S]+" + }, + "Oauth2FlowType":{ + "type":"string", + "enum":[ + "USER_FEDERATION", + "M2M" + ] + }, + "OperatorType":{ + "type":"string", + "enum":[ + "EQUALS_TO", + "EXISTS", + "NOT_EXISTS" + ] + }, + "PaginationToken":{"type":"string"}, + "PayloadType":{ + "type":"structure", + "members":{ + "conversational":{ + "shape":"Conversational", + "documentation":"

The conversational content of the payload.

" + }, + "blob":{ + "shape":"Document", + "documentation":"

The binary content of the payload.

" + } + }, + "documentation":"

Contains the payload content for an event.

", + "union":true + }, + "PayloadTypeList":{ + "type":"list", + "member":{"shape":"PayloadType"}, + "max":100, + "min":0 + }, + "ProgrammingLanguage":{ + "type":"string", + "enum":[ + "python", + "javascript", + "typescript" + ] + }, + "RequestIdentifier":{ + "type":"string", + "max":80, + "min":1, + "pattern":"[a-zA-Z0-9_-]+" + }, + "RequestUri":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"urn:ietf:params:oauth:request_uri:[a-zA-Z0-9-._~]+" + }, + "ResourceContent":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ResourceContentType", + "documentation":"

The type of resource content.

" + }, + "uri":{ + "shape":"String", + "documentation":"

The URI of the resource content.

" + }, + "mimeType":{ + "shape":"String", + "documentation":"

The MIME type of the resource content.

" + }, + "text":{ + "shape":"String", + "documentation":"

The text resource content.

" + }, + "blob":{ + "shape":"Blob", + "documentation":"

The binary resource content.

" + } + }, + "documentation":"

Contains information about resource content.

" + }, + "ResourceContentType":{ + "type":"string", + "enum":[ + "text", + "blob" + ] + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when the specified resource does not exist. This can happen when using an invalid identifier or when trying to access a resource that has been deleted.

", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ResourceOauth2ReturnUrlType":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\w+:(\\/?\\/?)[^\\s]+" + }, + "ResponseStream":{ + "type":"blob", + "sensitive":true, + "streaming":true + }, + "RetrieveMemoryRecordsInput":{ + "type":"structure", + "required":[ + "memoryId", + "namespace", + "searchCriteria" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The identifier of the AgentCore Memory resource from which to retrieve memory records.

", + "location":"uri", + "locationName":"memoryId" + }, + "namespace":{ + "shape":"Namespace", + "documentation":"

The namespace to filter memory records by. If specified, only memory records in this namespace are searched.

" + }, + "searchCriteria":{ + "shape":"SearchCriteria", + "documentation":"

The search criteria to use for finding relevant memory records. This includes the search query, memory strategy ID, and other search parameters.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.

" + } + } + }, + "RetrieveMemoryRecordsOutput":{ + "type":"structure", + "required":["memoryRecordSummaries"], + "members":{ + "memoryRecordSummaries":{ + "shape":"MemoryRecordSummaryList", + "documentation":"

The list of memory record summaries that match the search criteria, ordered by relevance.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use in a subsequent request to get the next set of results. This value is null when there are no more results to return.

" + } + } + }, + "RightExpression":{ + "type":"structure", + "members":{ + "metadataValue":{ + "shape":"MetadataValue", + "documentation":"

Value associated with the key in eventMetadata.

" + } + }, + "documentation":"

Right expression of the eventMetadatafilter.

", + "union":true + }, + "Role":{ + "type":"string", + "enum":[ + "ASSISTANT", + "USER", + "TOOL", + "OTHER" + ] + }, + "RuntimeClientError":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when there is an error in the runtime client. This can happen due to network issues, invalid configuration, or other client-side problems. Check the error message for specific details about the error.

", + "error":{ + "httpStatusCode":424, + "senderFault":true + }, + "exception":true + }, + "ScopeType":{ + "type":"string", + "max":128, + "min":1 + }, + "ScopesListType":{ + "type":"list", + "member":{"shape":"ScopeType"} + }, + "SearchCriteria":{ + "type":"structure", + "required":["searchQuery"], + "members":{ + "searchQuery":{ + "shape":"SearchCriteriaSearchQueryString", + "documentation":"

The search query to use for finding relevant memory records.

" + }, + "memoryStrategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The memory strategy identifier to filter memory records by.

" + }, + "topK":{ + "shape":"SearchCriteriaTopKInteger", + "documentation":"

The maximum number of top-scoring memory records to return. This value is used for semantic search ranking.

" + } + }, + "documentation":"

Contains search criteria for retrieving memory records.

" + }, + "SearchCriteriaSearchQueryString":{ + "type":"string", + "max":10000, + "min":1, + "sensitive":true + }, + "SearchCriteriaTopKInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ServiceException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The service encountered an internal error. Try your request again later.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when the request would cause a service quota to be exceeded. Review your service quotas and either reduce your request rate or request a quota increase.

", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "SessionId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-_]*" + }, + "SessionStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "FAILED" + ] + }, + "SessionSummary":{ + "type":"structure", + "required":[ + "sessionId", + "actorId", + "createdAt" + ], + "members":{ + "sessionId":{ + "shape":"SessionId", + "documentation":"

The unique identifier of the session.

" + }, + "actorId":{ + "shape":"ActorId", + "documentation":"

The identifier of the actor associated with the session.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the session was created.

" + } + }, + "documentation":"

Contains summary information about a session in an AgentCore Memory resource.

" + }, + "SessionSummaryList":{ + "type":"list", + "member":{"shape":"SessionSummary"} + }, + "SessionType":{ + "type":"string", + "max":256, + "min":33 + }, + "StartBrowserSessionRequest":{ + "type":"structure", + "required":["browserIdentifier"], + "members":{ + "traceId":{ + "shape":"StartBrowserSessionRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"StartBrowserSessionRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "browserIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the browser to use for this session. This identifier specifies which browser environment to initialize for the session.

", + "location":"uri", + "locationName":"browserIdentifier" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the browser session. This name helps you identify and manage the session. The name does not need to be unique.

" + }, + "sessionTimeoutSeconds":{ + "shape":"BrowserSessionTimeout", + "documentation":"

The time in seconds after which the session automatically terminates if there is no activity. The default value is 3600 seconds (1 hour). The minimum allowed value is 60 seconds, and the maximum allowed value is 28800 seconds (8 hours).

" + }, + "viewPort":{ + "shape":"ViewPort", + "documentation":"

The dimensions of the browser viewport for this session. This determines the visible area of the web content and affects how web pages are rendered. If not specified, Amazon Bedrock uses a default viewport size.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. This parameter helps prevent the creation of duplicate sessions if there are temporary network issues.

", + "idempotencyToken":true + } + } + }, + "StartBrowserSessionRequestTraceIdString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StartBrowserSessionRequestTraceParentString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StartBrowserSessionResponse":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "createdAt" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the browser.

" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The unique identifier of the created browser session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser session was created.

" + }, + "streams":{ + "shape":"BrowserSessionStream", + "documentation":"

The streams associated with this browser session. These include the automation stream and live view stream.

" + } + } + }, + "StartCodeInterpreterSessionRequest":{ + "type":"structure", + "required":["codeInterpreterIdentifier"], + "members":{ + "traceId":{ + "shape":"StartCodeInterpreterSessionRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"StartCodeInterpreterSessionRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter to use for this session. This identifier specifies which code interpreter environment to initialize for the session.

", + "location":"uri", + "locationName":"codeInterpreterIdentifier" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the code interpreter session. This name helps you identify and manage the session. The name does not need to be unique.

" + }, + "sessionTimeoutSeconds":{ + "shape":"CodeInterpreterSessionTimeout", + "documentation":"

The time in seconds after which the session automatically terminates if there is no activity. The default value is 900 seconds (15 minutes). The minimum allowed value is 60 seconds, and the maximum allowed value is 28800 seconds (8 hours).

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. This parameter helps prevent the creation of duplicate sessions if there are temporary network issues.

", + "idempotencyToken":true + } + } + }, + "StartCodeInterpreterSessionRequestTraceIdString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StartCodeInterpreterSessionRequestTraceParentString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StartCodeInterpreterSessionResponse":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId", + "createdAt" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the code interpreter.

" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The unique identifier of the created code interpreter session.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the code interpreter session was created.

" + } + } + }, + "State":{ + "type":"string", + "max":4096, + "min":1, + "sensitive":true + }, + "StopBrowserSessionRequest":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId" + ], + "members":{ + "traceId":{ + "shape":"StopBrowserSessionRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"StopBrowserSessionRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "browserIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the browser associated with the session.

", + "location":"uri", + "locationName":"browserIdentifier" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The unique identifier of the browser session to stop.

", + "location":"querystring", + "locationName":"sessionId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + } + } + }, + "StopBrowserSessionRequestTraceIdString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StopBrowserSessionRequestTraceParentString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StopBrowserSessionResponse":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "lastUpdatedAt" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the browser.

" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The identifier of the browser session.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the browser session was last updated.

" + } + } + }, + "StopCodeInterpreterSessionRequest":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId" + ], + "members":{ + "traceId":{ + "shape":"StopCodeInterpreterSessionRequestTraceIdString", + "documentation":"

The trace identifier for request tracking.

", + "location":"header", + "locationName":"X-Amzn-Trace-Id" + }, + "traceParent":{ + "shape":"StopCodeInterpreterSessionRequestTraceParentString", + "documentation":"

The parent trace information for distributed tracing.

", + "location":"header", + "locationName":"traceparent" + }, + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the code interpreter associated with the session.

", + "location":"uri", + "locationName":"codeInterpreterIdentifier" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The unique identifier of the code interpreter session to stop.

", + "location":"querystring", + "locationName":"sessionId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + } + } + }, + "StopCodeInterpreterSessionRequestTraceIdString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StopCodeInterpreterSessionRequestTraceParentString":{ + "type":"string", + "max":1024, + "min":0 + }, + "StopCodeInterpreterSessionResponse":{ + "type":"structure", + "required":[ + "codeInterpreterIdentifier", + "sessionId", + "lastUpdatedAt" + ], + "members":{ + "codeInterpreterIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the code interpreter.

" + }, + "sessionId":{ + "shape":"CodeInterpreterSessionId", + "documentation":"

The identifier of the code interpreter session.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter session was last updated.

" + } + } + }, + "StopRuntimeSessionRequest":{ + "type":"structure", + "required":[ + "runtimeSessionId", + "agentRuntimeArn" + ], + "members":{ + "runtimeSessionId":{ + "shape":"SessionType", + "documentation":"

The ID of the session that you want to stop.

", + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "agentRuntimeArn":{ + "shape":"String", + "documentation":"

The ARN of the agent that contains the session that you want to stop.

", + "location":"uri", + "locationName":"agentRuntimeArn" + }, + "qualifier":{ + "shape":"String", + "documentation":"

Optional qualifier to specify an agent alias, such as prodcode> or dev. If you don't provide a value, the DEFAULT alias is used.

", + "location":"querystring", + "locationName":"qualifier" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

Idempotent token used to identify the request. If you use the same token with multiple requests, the same response is returned. Use ClientToken to prevent the same request from being processed more than once.

", + "idempotencyToken":true + } + } + }, + "StopRuntimeSessionResponse":{ + "type":"structure", + "members":{ + "runtimeSessionId":{ + "shape":"SessionId", + "documentation":"

The ID of the session that you requested to stop.

", + "location":"header", + "locationName":"X-Amzn-Bedrock-AgentCore-Runtime-Session-Id" + }, + "statusCode":{ + "shape":"HttpResponseCode", + "documentation":"

The status code of the request to stop the session.

", + "location":"statusCode" + } + } + }, + "StreamUpdate":{ + "type":"structure", + "members":{ + "automationStreamUpdate":{ + "shape":"AutomationStreamUpdate", + "documentation":"

The update to an automation stream.

" + } + }, + "documentation":"

Contains information about an update to a stream.

", + "union":true + }, + "String":{"type":"string"}, + "StringList":{ + "type":"list", + "member":{"shape":"MaxLenString"} + }, + "StringType":{ + "type":"string", + "max":1024, + "min":1 + }, + "TaskStatus":{ + "type":"string", + "enum":[ + "submitted", + "working", + "completed", + "canceled", + "failed" + ] + }, + "ThrottledException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request was denied due to request throttling. Reduce the frequency of requests and try again.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

The exception that occurs when the request was denied due to request throttling. This happens when you exceed the allowed request rate for an operation. Reduce the frequency of requests or implement exponential backoff retry logic in your application.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "Timestamp":{"type":"timestamp"}, + "ToolArguments":{ + "type":"structure", + "members":{ + "code":{ + "shape":"MaxLenString", + "documentation":"

The code to execute in a code interpreter session. This is the source code in the specified programming language that will be executed by the code interpreter.

" + }, + "language":{ + "shape":"ProgrammingLanguage", + "documentation":"

The programming language of the code to execute. This tells the code interpreter which language runtime to use for execution. Common values include 'python', 'javascript', and 'r'.

" + }, + "clearContext":{ + "shape":"Boolean", + "documentation":"

Whether to clear the context for the tool.

" + }, + "command":{ + "shape":"MaxLenString", + "documentation":"

The command to execute with the tool.

" + }, + "path":{ + "shape":"MaxLenString", + "documentation":"

The path for the tool operation.

" + }, + "paths":{ + "shape":"StringList", + "documentation":"

The paths for the tool operation.

" + }, + "content":{ + "shape":"InputContentBlockList", + "documentation":"

The content for the tool operation.

" + }, + "directoryPath":{ + "shape":"MaxLenString", + "documentation":"

The directory path for the tool operation.

" + }, + "taskId":{ + "shape":"MaxLenString", + "documentation":"

The identifier of the task for the tool operation.

" + } + }, + "documentation":"

The collection of arguments that specify the operation to perform and its parameters when invoking a tool in Amazon Bedrock. Different tools require different arguments, and this structure provides a flexible way to pass the appropriate arguments to each tool type.

" + }, + "ToolName":{ + "type":"string", + "enum":[ + "executeCode", + "executeCommand", + "readFiles", + "listFiles", + "removeFiles", + "writeFiles", + "startCommandExecution", + "getTask", + "stopTask" + ] + }, + "ToolResultStructuredContent":{ + "type":"structure", + "members":{ + "taskId":{ + "shape":"String", + "documentation":"

The identifier of the task that produced the result.

" + }, + "taskStatus":{ + "shape":"TaskStatus", + "documentation":"

The status of the task that produced the result.

" + }, + "stdout":{ + "shape":"String", + "documentation":"

The standard output from the tool execution.

" + }, + "stderr":{ + "shape":"String", + "documentation":"

The standard error output from the tool execution.

" + }, + "exitCode":{ + "shape":"Integer", + "documentation":"

The exit code from the tool execution.

" + }, + "executionTime":{ + "shape":"Double", + "documentation":"

The execution time of the tool operation in milliseconds.

" + } + }, + "documentation":"

Contains structured content from a tool result.

" + }, + "UnauthorizedException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access

", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, + "UpdateBrowserStreamRequest":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "streamUpdate" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the browser.

", + "location":"uri", + "locationName":"browserIdentifier" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The identifier of the browser session.

", + "location":"querystring", + "locationName":"sessionId" + }, + "streamUpdate":{ + "shape":"StreamUpdate", + "documentation":"

The update to apply to the browser stream.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error.

", + "idempotencyToken":true + } + } + }, + "UpdateBrowserStreamResponse":{ + "type":"structure", + "required":[ + "browserIdentifier", + "sessionId", + "streams", + "updatedAt" + ], + "members":{ + "browserIdentifier":{ + "shape":"String", + "documentation":"

The identifier of the browser.

" + }, + "sessionId":{ + "shape":"BrowserSessionId", + "documentation":"

The identifier of the browser session.

" + }, + "streams":{"shape":"BrowserSessionStream"}, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The time at which the browser stream was updated.

" + } + } + }, + "UserIdType":{ + "type":"string", + "max":128, + "min":1 + }, + "UserIdentifier":{ + "type":"structure", + "members":{ + "userToken":{ + "shape":"UserTokenType", + "documentation":"

The OAuth2.0 token issued by the user’s identity provider

" + }, + "userId":{ + "shape":"UserIdType", + "documentation":"

The ID of the user for whom you have retrieved a workload access token for

" + } + }, + "documentation":"

The OAuth2.0 token or user ID that was used to generate the workload access token used for initiating the user authorization flow to retrieve OAuth2.0 tokens.

", + "union":true + }, + "UserTokenType":{ + "type":"string", + "max":131072, + "min":1, + "pattern":"[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+", + "sensitive":true + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"String"}, + "reason":{"shape":"ValidationExceptionReason"}, + "fieldList":{"shape":"ValidationExceptionFieldList"} + }, + "documentation":"

The exception that occurs when the input fails to satisfy the constraints specified by the service. Check the error message for details about which input parameter is invalid and correct your request.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

The name of the field.

" + }, + "message":{ + "shape":"String", + "documentation":"

A message describing why this field failed validation.

" + } + }, + "documentation":"

Stores information about a field passed inside a request that resulted in an exception.

" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "CannotParse", + "FieldValidationFailed", + "IdempotentParameterMismatchException", + "EventInOtherSession", + "ResourceConflict" + ] + }, + "ViewPort":{ + "type":"structure", + "required":[ + "width", + "height" + ], + "members":{ + "width":{ + "shape":"ViewPortWidth", + "documentation":"

The width of the viewport in pixels. This value determines the horizontal dimension of the visible area. Valid values range from 800 to 1920 pixels.

" + }, + "height":{ + "shape":"ViewPortHeight", + "documentation":"

The height of the viewport in pixels. This value determines the vertical dimension of the visible area. Valid values range from 600 to 1080 pixels.

" + } + }, + "documentation":"

The configuration that defines the dimensions of a browser viewport in a browser session. The viewport determines the visible area of web content and affects how web pages are rendered and displayed. Proper viewport configuration ensures that web content is displayed correctly for the agent's browsing tasks.

" + }, + "ViewPortHeight":{ + "type":"integer", + "box":true, + "max":2160, + "min":240 + }, + "ViewPortWidth":{ + "type":"integer", + "box":true, + "max":3840, + "min":320 + }, + "WorkloadIdentityNameType":{ + "type":"string", + "max":255, + "min":3, + "pattern":"[A-Za-z0-9_.-]+" + }, + "WorkloadIdentityTokenType":{ + "type":"string", + "max":131072, + "min":1, + "sensitive":true + } + }, + "documentation":"

Amazon Bedrock AgentCore is in preview release and is subject to change.

Welcome to the Amazon Bedrock AgentCore Data Plane API reference. Data Plane actions process and handle data or workloads within Amazon Web Services services.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/waiters-2.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore/2024-02-28/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-control-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-control-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-control.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://bedrock-agentcore-control.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/paginators-1.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/paginators-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,70 @@ +{ + "pagination": { + "ListAgentRuntimeEndpoints": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "runtimeEndpoints" + }, + "ListAgentRuntimeVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "agentRuntimes" + }, + "ListAgentRuntimes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "agentRuntimes" + }, + "ListApiKeyCredentialProviders": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "credentialProviders" + }, + "ListBrowsers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "browserSummaries" + }, + "ListCodeInterpreters": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "codeInterpreterSummaries" + }, + "ListGatewayTargets": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListGateways": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListMemories": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "memories" + }, + "ListOauth2CredentialProviders": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "credentialProviders" + }, + "ListWorkloadIdentities": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "workloadIdentities" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7357 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2023-06-05", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"bedrock-agentcore-control", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"Amazon Bedrock AgentCore Control", + "serviceId":"Bedrock AgentCore Control", + "signatureVersion":"v4", + "signingName":"bedrock-agentcore", + "uid":"bedrock-agentcore-control-2023-06-05" + }, + "operations":{ + "CreateAgentRuntime":{ + "name":"CreateAgentRuntime", + "http":{ + "method":"PUT", + "requestUri":"/runtimes/", + "responseCode":202 + }, + "input":{"shape":"CreateAgentRuntimeRequest"}, + "output":{"shape":"CreateAgentRuntimeResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates an Amazon Bedrock AgentCore Runtime.

", + "idempotent":true + }, + "CreateAgentRuntimeEndpoint":{ + "name":"CreateAgentRuntimeEndpoint", + "http":{ + "method":"PUT", + "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", + "responseCode":202 + }, + "input":{"shape":"CreateAgentRuntimeEndpointRequest"}, + "output":{"shape":"CreateAgentRuntimeEndpointResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates an AgentCore Runtime endpoint.

", + "idempotent":true + }, + "CreateApiKeyCredentialProvider":{ + "name":"CreateApiKeyCredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/CreateApiKeyCredentialProvider", + "responseCode":201 + }, + "input":{"shape":"CreateApiKeyCredentialProviderRequest"}, + "output":{"shape":"CreateApiKeyCredentialProviderResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ResourceLimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"EncryptionFailure"} + ], + "documentation":"

Creates a new API key credential provider.

", + "idempotent":true + }, + "CreateBrowser":{ + "name":"CreateBrowser", + "http":{ + "method":"PUT", + "requestUri":"/browsers", + "responseCode":202 + }, + "input":{"shape":"CreateBrowserRequest"}, + "output":{"shape":"CreateBrowserResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a custom browser.

", + "idempotent":true + }, + "CreateCodeInterpreter":{ + "name":"CreateCodeInterpreter", + "http":{ + "method":"PUT", + "requestUri":"/code-interpreters", + "responseCode":202 + }, + "input":{"shape":"CreateCodeInterpreterRequest"}, + "output":{"shape":"CreateCodeInterpreterResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a custom code interpreter.

", + "idempotent":true + }, + "CreateGateway":{ + "name":"CreateGateway", + "http":{ + "method":"POST", + "requestUri":"/gateways/", + "responseCode":202 + }, + "input":{"shape":"CreateGatewayRequest"}, + "output":{"shape":"CreateGatewayResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a gateway for Amazon Bedrock Agent. A gateway serves as an integration point between your agent and external services.

If you specify CUSTOM_JWT as the authorizerType, you must provide an authorizerConfiguration.

", + "idempotent":true + }, + "CreateGatewayTarget":{ + "name":"CreateGatewayTarget", + "http":{ + "method":"POST", + "requestUri":"/gateways/{gatewayIdentifier}/targets/", + "responseCode":202 + }, + "input":{"shape":"CreateGatewayTargetRequest"}, + "output":{"shape":"CreateGatewayTargetResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a target for a gateway. A target defines an endpoint that the gateway can connect to.

", + "idempotent":true + }, + "CreateMemory":{ + "name":"CreateMemory", + "http":{ + "method":"POST", + "requestUri":"/memories/create", + "responseCode":202 + }, + "input":{"shape":"CreateMemoryInput"}, + "output":{"shape":"CreateMemoryOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"} + ], + "documentation":"

Creates a new Amazon Bedrock AgentCore Memory resource.

", + "idempotent":true + }, + "CreateOauth2CredentialProvider":{ + "name":"CreateOauth2CredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/CreateOauth2CredentialProvider", + "responseCode":201 + }, + "input":{"shape":"CreateOauth2CredentialProviderRequest"}, + "output":{"shape":"CreateOauth2CredentialProviderResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ResourceLimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"EncryptionFailure"} + ], + "documentation":"

Creates a new OAuth2 credential provider.

", + "idempotent":true + }, + "CreateWorkloadIdentity":{ + "name":"CreateWorkloadIdentity", + "http":{ + "method":"POST", + "requestUri":"/identities/CreateWorkloadIdentity", + "responseCode":201 + }, + "input":{"shape":"CreateWorkloadIdentityRequest"}, + "output":{"shape":"CreateWorkloadIdentityResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates a new workload identity.

", + "idempotent":true + }, + "DeleteAgentRuntime":{ + "name":"DeleteAgentRuntime", + "http":{ + "method":"DELETE", + "requestUri":"/runtimes/{agentRuntimeId}/", + "responseCode":202 + }, + "input":{"shape":"DeleteAgentRuntimeRequest"}, + "output":{"shape":"DeleteAgentRuntimeResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes an Amazon Bedrock AgentCore Runtime.

", + "idempotent":true + }, + "DeleteAgentRuntimeEndpoint":{ + "name":"DeleteAgentRuntimeEndpoint", + "http":{ + "method":"DELETE", + "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", + "responseCode":202 + }, + "input":{"shape":"DeleteAgentRuntimeEndpointRequest"}, + "output":{"shape":"DeleteAgentRuntimeEndpointResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes an AAgentCore Runtime endpoint.

", + "idempotent":true + }, + "DeleteApiKeyCredentialProvider":{ + "name":"DeleteApiKeyCredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/DeleteApiKeyCredentialProvider", + "responseCode":204 + }, + "input":{"shape":"DeleteApiKeyCredentialProviderRequest"}, + "output":{"shape":"DeleteApiKeyCredentialProviderResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes an API key credential provider.

", + "idempotent":true + }, + "DeleteBrowser":{ + "name":"DeleteBrowser", + "http":{ + "method":"DELETE", + "requestUri":"/browsers/{browserId}", + "responseCode":202 + }, + "input":{"shape":"DeleteBrowserRequest"}, + "output":{"shape":"DeleteBrowserResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes a custom browser.

", + "idempotent":true + }, + "DeleteCodeInterpreter":{ + "name":"DeleteCodeInterpreter", + "http":{ + "method":"DELETE", + "requestUri":"/code-interpreters/{codeInterpreterId}", + "responseCode":202 + }, + "input":{"shape":"DeleteCodeInterpreterRequest"}, + "output":{"shape":"DeleteCodeInterpreterResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes a custom code interpreter.

", + "idempotent":true + }, + "DeleteGateway":{ + "name":"DeleteGateway", + "http":{ + "method":"DELETE", + "requestUri":"/gateways/{gatewayIdentifier}/", + "responseCode":202 + }, + "input":{"shape":"DeleteGatewayRequest"}, + "output":{"shape":"DeleteGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes a gateway.

", + "idempotent":true + }, + "DeleteGatewayTarget":{ + "name":"DeleteGatewayTarget", + "http":{ + "method":"DELETE", + "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", + "responseCode":202 + }, + "input":{"shape":"DeleteGatewayTargetRequest"}, + "output":{"shape":"DeleteGatewayTargetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes a gateway target.

", + "idempotent":true + }, + "DeleteMemory":{ + "name":"DeleteMemory", + "http":{ + "method":"DELETE", + "requestUri":"/memories/{memoryId}/delete", + "responseCode":202 + }, + "input":{"shape":"DeleteMemoryInput"}, + "output":{"shape":"DeleteMemoryOutput"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"} + ], + "documentation":"

Deletes an Amazon Bedrock AgentCore Memory resource.

", + "idempotent":true + }, + "DeleteOauth2CredentialProvider":{ + "name":"DeleteOauth2CredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/DeleteOauth2CredentialProvider", + "responseCode":204 + }, + "input":{"shape":"DeleteOauth2CredentialProviderRequest"}, + "output":{"shape":"DeleteOauth2CredentialProviderResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes an OAuth2 credential provider.

", + "idempotent":true + }, + "DeleteWorkloadIdentity":{ + "name":"DeleteWorkloadIdentity", + "http":{ + "method":"POST", + "requestUri":"/identities/DeleteWorkloadIdentity", + "responseCode":204 + }, + "input":{"shape":"DeleteWorkloadIdentityRequest"}, + "output":{"shape":"DeleteWorkloadIdentityResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes a workload identity.

", + "idempotent":true + }, + "GetAgentRuntime":{ + "name":"GetAgentRuntime", + "http":{ + "method":"GET", + "requestUri":"/runtimes/{agentRuntimeId}/", + "responseCode":200 + }, + "input":{"shape":"GetAgentRuntimeRequest"}, + "output":{"shape":"GetAgentRuntimeResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Gets an Amazon Bedrock AgentCore Runtime.

", + "readonly":true + }, + "GetAgentRuntimeEndpoint":{ + "name":"GetAgentRuntimeEndpoint", + "http":{ + "method":"GET", + "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", + "responseCode":200 + }, + "input":{"shape":"GetAgentRuntimeEndpointRequest"}, + "output":{"shape":"GetAgentRuntimeEndpointResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Gets information about an Amazon Secure AgentEndpoint.

", + "readonly":true + }, + "GetApiKeyCredentialProvider":{ + "name":"GetApiKeyCredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/GetApiKeyCredentialProvider", + "responseCode":200 + }, + "input":{"shape":"GetApiKeyCredentialProviderRequest"}, + "output":{"shape":"GetApiKeyCredentialProviderResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about an API key credential provider.

", + "readonly":true + }, + "GetBrowser":{ + "name":"GetBrowser", + "http":{ + "method":"GET", + "requestUri":"/browsers/{browserId}", + "responseCode":200 + }, + "input":{"shape":"GetBrowserRequest"}, + "output":{"shape":"GetBrowserResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Gets information about a custom browser.

", + "readonly":true + }, + "GetCodeInterpreter":{ + "name":"GetCodeInterpreter", + "http":{ + "method":"GET", + "requestUri":"/code-interpreters/{codeInterpreterId}", + "responseCode":200 + }, + "input":{"shape":"GetCodeInterpreterRequest"}, + "output":{"shape":"GetCodeInterpreterResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Gets information about a custom code interpreter.

", + "readonly":true + }, + "GetGateway":{ + "name":"GetGateway", + "http":{ + "method":"GET", + "requestUri":"/gateways/{gatewayIdentifier}/", + "responseCode":200 + }, + "input":{"shape":"GetGatewayRequest"}, + "output":{"shape":"GetGatewayResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about a specific Gateway.

", + "readonly":true + }, + "GetGatewayTarget":{ + "name":"GetGatewayTarget", + "http":{ + "method":"GET", + "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", + "responseCode":200 + }, + "input":{"shape":"GetGatewayTargetRequest"}, + "output":{"shape":"GetGatewayTargetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about a specific gateway target.

", + "readonly":true + }, + "GetMemory":{ + "name":"GetMemory", + "http":{ + "method":"GET", + "requestUri":"/memories/{memoryId}/details", + "responseCode":200 + }, + "input":{"shape":"GetMemoryInput"}, + "output":{"shape":"GetMemoryOutput"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"} + ], + "documentation":"

Retrieve an existing Amazon Bedrock AgentCore Memory resource.

", + "readonly":true + }, + "GetOauth2CredentialProvider":{ + "name":"GetOauth2CredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/GetOauth2CredentialProvider", + "responseCode":200 + }, + "input":{"shape":"GetOauth2CredentialProviderRequest"}, + "output":{"shape":"GetOauth2CredentialProviderResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about an OAuth2 credential provider.

", + "readonly":true + }, + "GetTokenVault":{ + "name":"GetTokenVault", + "http":{ + "method":"POST", + "requestUri":"/identities/get-token-vault", + "responseCode":200 + }, + "input":{"shape":"GetTokenVaultRequest"}, + "output":{"shape":"GetTokenVaultResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about a token vault.

", + "readonly":true + }, + "GetWorkloadIdentity":{ + "name":"GetWorkloadIdentity", + "http":{ + "method":"POST", + "requestUri":"/identities/GetWorkloadIdentity", + "responseCode":200 + }, + "input":{"shape":"GetWorkloadIdentityRequest"}, + "output":{"shape":"GetWorkloadIdentityResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Retrieves information about a workload identity.

", + "readonly":true + }, + "ListAgentRuntimeEndpoints":{ + "name":"ListAgentRuntimeEndpoints", + "http":{ + "method":"POST", + "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/", + "responseCode":200 + }, + "input":{"shape":"ListAgentRuntimeEndpointsRequest"}, + "output":{"shape":"ListAgentRuntimeEndpointsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all endpoints for a specific Amazon Secure Agent.

", + "readonly":true + }, + "ListAgentRuntimeVersions":{ + "name":"ListAgentRuntimeVersions", + "http":{ + "method":"POST", + "requestUri":"/runtimes/{agentRuntimeId}/versions/", + "responseCode":200 + }, + "input":{"shape":"ListAgentRuntimeVersionsRequest"}, + "output":{"shape":"ListAgentRuntimeVersionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all versions of a specific Amazon Secure Agent.

", + "readonly":true + }, + "ListAgentRuntimes":{ + "name":"ListAgentRuntimes", + "http":{ + "method":"POST", + "requestUri":"/runtimes/", + "responseCode":200 + }, + "input":{"shape":"ListAgentRuntimesRequest"}, + "output":{"shape":"ListAgentRuntimesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all Amazon Secure Agents in your account.

", + "readonly":true + }, + "ListApiKeyCredentialProviders":{ + "name":"ListApiKeyCredentialProviders", + "http":{ + "method":"POST", + "requestUri":"/identities/ListApiKeyCredentialProviders", + "responseCode":200 + }, + "input":{"shape":"ListApiKeyCredentialProvidersRequest"}, + "output":{"shape":"ListApiKeyCredentialProvidersResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all API key credential providers in your account.

", + "readonly":true + }, + "ListBrowsers":{ + "name":"ListBrowsers", + "http":{ + "method":"POST", + "requestUri":"/browsers", + "responseCode":200 + }, + "input":{"shape":"ListBrowsersRequest"}, + "output":{"shape":"ListBrowsersResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all custom browsers in your account.

", + "readonly":true + }, + "ListCodeInterpreters":{ + "name":"ListCodeInterpreters", + "http":{ + "method":"POST", + "requestUri":"/code-interpreters", + "responseCode":200 + }, + "input":{"shape":"ListCodeInterpretersRequest"}, + "output":{"shape":"ListCodeInterpretersResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all custom code interpreters in your account.

", + "readonly":true + }, + "ListGatewayTargets":{ + "name":"ListGatewayTargets", + "http":{ + "method":"GET", + "requestUri":"/gateways/{gatewayIdentifier}/targets/", + "responseCode":200 + }, + "input":{"shape":"ListGatewayTargetsRequest"}, + "output":{"shape":"ListGatewayTargetsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all targets for a specific gateway.

", + "readonly":true + }, + "ListGateways":{ + "name":"ListGateways", + "http":{ + "method":"GET", + "requestUri":"/gateways/", + "responseCode":200 + }, + "input":{"shape":"ListGatewaysRequest"}, + "output":{"shape":"ListGatewaysResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all gateways in the account.

", + "readonly":true + }, + "ListMemories":{ + "name":"ListMemories", + "http":{ + "method":"POST", + "requestUri":"/memories/", + "responseCode":200 + }, + "input":{"shape":"ListMemoriesInput"}, + "output":{"shape":"ListMemoriesOutput"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"} + ], + "documentation":"

Lists the available Amazon Bedrock AgentCore Memory resources in the current Amazon Web Services Region.

", + "readonly":true + }, + "ListOauth2CredentialProviders":{ + "name":"ListOauth2CredentialProviders", + "http":{ + "method":"POST", + "requestUri":"/identities/ListOauth2CredentialProviders", + "responseCode":200 + }, + "input":{"shape":"ListOauth2CredentialProvidersRequest"}, + "output":{"shape":"ListOauth2CredentialProvidersResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all OAuth2 credential providers in your account.

", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists the tags associated with the specified resource.

This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.

", + "readonly":true + }, + "ListWorkloadIdentities":{ + "name":"ListWorkloadIdentities", + "http":{ + "method":"POST", + "requestUri":"/identities/ListWorkloadIdentities", + "responseCode":200 + }, + "input":{"shape":"ListWorkloadIdentitiesRequest"}, + "output":{"shape":"ListWorkloadIdentitiesResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists all workload identities in your account.

", + "readonly":true + }, + "SetTokenVaultCMK":{ + "name":"SetTokenVaultCMK", + "http":{ + "method":"POST", + "requestUri":"/identities/set-token-vault-cmk", + "responseCode":200 + }, + "input":{"shape":"SetTokenVaultCMKRequest"}, + "output":{"shape":"SetTokenVaultCMKResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Sets the customer master key (CMK) for a token vault.

" + }, + "SynchronizeGatewayTargets":{ + "name":"SynchronizeGatewayTargets", + "http":{ + "method":"PUT", + "requestUri":"/gateways/{gatewayIdentifier}/synchronizeTargets", + "responseCode":202 + }, + "input":{"shape":"SynchronizeGatewayTargetsRequest"}, + "output":{"shape":"SynchronizeGatewayTargetsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

The gateway targets.

", + "idempotent":true + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are also deleted.

This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.

" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Removes the specified tags from the specified resource.

This feature is currently available only for AgentCore Runtime, Browser, Code Interpreter tool, and Gateway.

", + "idempotent":true + }, + "UpdateAgentRuntime":{ + "name":"UpdateAgentRuntime", + "http":{ + "method":"PUT", + "requestUri":"/runtimes/{agentRuntimeId}/", + "responseCode":202 + }, + "input":{"shape":"UpdateAgentRuntimeRequest"}, + "output":{"shape":"UpdateAgentRuntimeResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates an existing Amazon Secure Agent.

", + "idempotent":true + }, + "UpdateAgentRuntimeEndpoint":{ + "name":"UpdateAgentRuntimeEndpoint", + "http":{ + "method":"PUT", + "requestUri":"/runtimes/{agentRuntimeId}/runtime-endpoints/{endpointName}/", + "responseCode":202 + }, + "input":{"shape":"UpdateAgentRuntimeEndpointRequest"}, + "output":{"shape":"UpdateAgentRuntimeEndpointResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates an existing Amazon Bedrock AgentCore Runtime endpoint.

", + "idempotent":true + }, + "UpdateApiKeyCredentialProvider":{ + "name":"UpdateApiKeyCredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/UpdateApiKeyCredentialProvider", + "responseCode":200 + }, + "input":{"shape":"UpdateApiKeyCredentialProviderRequest"}, + "output":{"shape":"UpdateApiKeyCredentialProviderResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"EncryptionFailure"} + ], + "documentation":"

Updates an existing API key credential provider.

", + "idempotent":true + }, + "UpdateGateway":{ + "name":"UpdateGateway", + "http":{ + "method":"PUT", + "requestUri":"/gateways/{gatewayIdentifier}/", + "responseCode":202 + }, + "input":{"shape":"UpdateGatewayRequest"}, + "output":{"shape":"UpdateGatewayResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates an existing gateway.

", + "idempotent":true + }, + "UpdateGatewayTarget":{ + "name":"UpdateGatewayTarget", + "http":{ + "method":"PUT", + "requestUri":"/gateways/{gatewayIdentifier}/targets/{targetId}/", + "responseCode":202 + }, + "input":{"shape":"UpdateGatewayTargetRequest"}, + "output":{"shape":"UpdateGatewayTargetResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates an existing gateway target.

", + "idempotent":true + }, + "UpdateMemory":{ + "name":"UpdateMemory", + "http":{ + "method":"PUT", + "requestUri":"/memories/{memoryId}/update", + "responseCode":202 + }, + "input":{"shape":"UpdateMemoryInput"}, + "output":{"shape":"UpdateMemoryOutput"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottledException"} + ], + "documentation":"

Update an Amazon Bedrock AgentCore Memory resource memory.

", + "idempotent":true + }, + "UpdateOauth2CredentialProvider":{ + "name":"UpdateOauth2CredentialProvider", + "http":{ + "method":"POST", + "requestUri":"/identities/UpdateOauth2CredentialProvider", + "responseCode":200 + }, + "input":{"shape":"UpdateOauth2CredentialProviderRequest"}, + "output":{"shape":"UpdateOauth2CredentialProviderResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"DecryptionFailure"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"EncryptionFailure"} + ], + "documentation":"

Updates an existing OAuth2 credential provider.

" + }, + "UpdateWorkloadIdentity":{ + "name":"UpdateWorkloadIdentity", + "http":{ + "method":"POST", + "requestUri":"/identities/UpdateWorkloadIdentity", + "responseCode":200 + }, + "input":{"shape":"UpdateWorkloadIdentityRequest"}, + "output":{"shape":"UpdateWorkloadIdentityResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates an existing workload identity.

", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when a request is denied per access permissions

", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AgentEndpointDescription":{ + "type":"string", + "max":256, + "min":1 + }, + "AgentManagedRuntimeType":{ + "type":"string", + "enum":[ + "PYTHON_3_10", + "PYTHON_3_11", + "PYTHON_3_12", + "PYTHON_3_13" + ] + }, + "AgentRuntime":{ + "type":"structure", + "required":[ + "agentRuntimeArn", + "agentRuntimeId", + "agentRuntimeVersion", + "agentRuntimeName", + "description", + "lastUpdatedAt", + "status" + ], + "members":{ + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the agent runtime.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the agent runtime.

" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the agent runtime.

" + }, + "agentRuntimeName":{ + "shape":"AgentRuntimeName", + "documentation":"

The name of the agent runtime.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the agent runtime.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the agent runtime was last updated.

" + }, + "status":{ + "shape":"AgentRuntimeStatus", + "documentation":"

The current status of the agent runtime.

" + } + }, + "documentation":"

Contains information about an agent runtime. An agent runtime is the execution environment for a Amazon Bedrock Agent.

" + }, + "AgentRuntimeArn":{ + "type":"string", + "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agent/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}:([0-9]{0,4}[1-9][0-9]{0,4})" + }, + "AgentRuntimeArtifact":{ + "type":"structure", + "members":{ + "containerConfiguration":{ + "shape":"ContainerConfiguration", + "documentation":"

The container configuration for the agent artifact.

" + }, + "codeConfiguration":{ + "shape":"CodeConfiguration", + "documentation":"

The code configuration for the agent runtime artifact, including the source code location and execution settings.

" + } + }, + "documentation":"

The artifact of the agent.

", + "union":true + }, + "AgentRuntimeEndpoint":{ + "type":"structure", + "required":[ + "name", + "agentRuntimeEndpointArn", + "agentRuntimeArn", + "status", + "id", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "name":{ + "shape":"EndpointName", + "documentation":"

The name of the agent runtime endpoint.

" + }, + "liveVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The live version of the agent runtime endpoint. This is the version that is currently serving requests.

" + }, + "targetVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The target version of the agent runtime endpoint. This is the version that the endpoint is being updated to.

" + }, + "agentRuntimeEndpointArn":{ + "shape":"AgentRuntimeEndpointArn", + "documentation":"

The Amazon Resource Name (ARN) of the agent runtime endpoint.

" + }, + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the agent runtime associated with the endpoint.

" + }, + "status":{ + "shape":"AgentRuntimeEndpointStatus", + "documentation":"

The current status of the agent runtime endpoint.

" + }, + "id":{ + "shape":"AgentRuntimeEndpointId", + "documentation":"

The unique identifier of the agent runtime endpoint.

" + }, + "description":{ + "shape":"AgentEndpointDescription", + "documentation":"

The description of the agent runtime endpoint.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the agent runtime endpoint was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the agent runtime endpoint was last updated.

" + } + }, + "documentation":"

Contains information about an agent runtime endpoint. An endpoint provides a way to connect to and interact with an agent runtime.

" + }, + "AgentRuntimeEndpointArn":{ + "type":"string", + "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:agentEndpoint/[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" + }, + "AgentRuntimeEndpointId":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" + }, + "AgentRuntimeEndpointStatus":{ + "type":"string", + "enum":[ + "CREATING", + "CREATE_FAILED", + "UPDATING", + "UPDATE_FAILED", + "READY", + "DELETING" + ] + }, + "AgentRuntimeEndpoints":{ + "type":"list", + "member":{"shape":"AgentRuntimeEndpoint"} + }, + "AgentRuntimeId":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,99}-[a-zA-Z0-9]{10}" + }, + "AgentRuntimeName":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" + }, + "AgentRuntimeStatus":{ + "type":"string", + "enum":[ + "CREATING", + "CREATE_FAILED", + "UPDATING", + "UPDATE_FAILED", + "READY", + "DELETING" + ] + }, + "AgentRuntimeVersion":{ + "type":"string", + "max":5, + "min":1, + "pattern":"([1-9][0-9]{0,4})" + }, + "AgentRuntimes":{ + "type":"list", + "member":{"shape":"AgentRuntime"} + }, + "AllowedAudience":{"type":"string"}, + "AllowedAudienceList":{ + "type":"list", + "member":{"shape":"AllowedAudience"}, + "min":1 + }, + "AllowedClient":{"type":"string"}, + "AllowedClientsList":{ + "type":"list", + "member":{"shape":"AllowedClient"}, + "min":1 + }, + "ApiKeyCredentialLocation":{ + "type":"string", + "enum":[ + "HEADER", + "QUERY_PARAMETER" + ] + }, + "ApiKeyCredentialParameterName":{ + "type":"string", + "max":64, + "min":1 + }, + "ApiKeyCredentialPrefix":{ + "type":"string", + "max":64, + "min":1 + }, + "ApiKeyCredentialProvider":{ + "type":"structure", + "required":["providerArn"], + "members":{ + "providerArn":{ + "shape":"ApiKeyCredentialProviderArn", + "documentation":"

The Amazon Resource Name (ARN) of the API key credential provider. This ARN identifies the provider in Amazon Web Services.

" + }, + "credentialParameterName":{ + "shape":"ApiKeyCredentialParameterName", + "documentation":"

The name of the credential parameter for the API key. This parameter name is used when sending the API key to the target endpoint.

" + }, + "credentialPrefix":{ + "shape":"ApiKeyCredentialPrefix", + "documentation":"

The prefix for the API key credential. This prefix is added to the API key when sending it to the target endpoint.

" + }, + "credentialLocation":{ + "shape":"ApiKeyCredentialLocation", + "documentation":"

The location of the API key credential. This field specifies where in the request the API key should be placed.

" + } + }, + "documentation":"

An API key credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using an API key.

" + }, + "ApiKeyCredentialProviderArn":{ + "type":"string", + "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" + }, + "ApiKeyCredentialProviderArnType":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/apikeycredentialprovider/[a-zA-Z0-9-.]+" + }, + "ApiKeyCredentialProviderItem":{ + "type":"structure", + "required":[ + "name", + "credentialProviderArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider.

" + }, + "credentialProviderArn":{ + "shape":"ApiKeyCredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the API key credential provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was last updated.

" + } + }, + "documentation":"

Contains information about an API key credential provider.

" + }, + "ApiKeyCredentialProviders":{ + "type":"list", + "member":{"shape":"ApiKeyCredentialProviderItem"} + }, + "ApiKeyType":{ + "type":"string", + "max":65536, + "min":1, + "sensitive":true + }, + "ApiSchemaConfiguration":{ + "type":"structure", + "members":{ + "s3":{"shape":"S3Configuration"}, + "inlinePayload":{ + "shape":"InlinePayload", + "documentation":"

The inline payload containing the API schema definition.

" + } + }, + "documentation":"

Configuration for API schema.

", + "union":true + }, + "Arn":{ + "type":"string", + "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" + }, + "AtlassianOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.

" + } + }, + "documentation":"

Configuration settings for connecting to Atlassian services using OAuth2 authentication. This includes the client credentials required to authenticate with Atlassian's OAuth2 authorization server.

" + }, + "AtlassianOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{"shape":"Oauth2Discovery"}, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Atlassian OAuth2 provider.

" + } + }, + "documentation":"

The configuration details returned for an Atlassian OAuth2 provider, including the client ID and OAuth2 discovery information.

" + }, + "AuthorizationEndpointType":{"type":"string"}, + "AuthorizerConfiguration":{ + "type":"structure", + "members":{ + "customJWTAuthorizer":{ + "shape":"CustomJWTAuthorizerConfiguration", + "documentation":"

The inbound JWT-based authorization, specifying how incoming requests should be authenticated.

" + } + }, + "documentation":"

Represents inbound authorization configuration options used to authenticate incoming requests.

", + "union":true + }, + "AuthorizerType":{ + "type":"string", + "enum":[ + "CUSTOM_JWT", + "AWS_IAM" + ] + }, + "AwsAccountId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "BrowserArn":{ + "type":"string", + "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):browser(-custom)?/(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" + }, + "BrowserId":{ + "type":"string", + "pattern":"(aws\\.browser\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" + }, + "BrowserNetworkConfiguration":{ + "type":"structure", + "required":["networkMode"], + "members":{ + "networkMode":{ + "shape":"BrowserNetworkMode", + "documentation":"

The network mode for the browser. This field specifies how the browser connects to the network.

" + }, + "vpcConfig":{"shape":"VpcConfig"} + }, + "documentation":"

The network configuration for a browser. This structure defines how the browser connects to the network.

" + }, + "BrowserNetworkMode":{ + "type":"string", + "enum":[ + "PUBLIC", + "VPC" + ] + }, + "BrowserSigningConfigInput":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether browser signing is enabled. When enabled, the browser will cryptographically sign HTTP requests to identify itself as an AI agent to bot control vendors.

" + } + }, + "documentation":"

Configuration for enabling browser signing capabilities that allow agents to cryptographically identify themselves to websites using HTTP message signatures.

" + }, + "BrowserSigningConfigOutput":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether browser signing is currently enabled for cryptographic agent identification using HTTP message signatures.

" + } + }, + "documentation":"

The current browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.

" + }, + "BrowserStatus":{ + "type":"string", + "enum":[ + "CREATING", + "CREATE_FAILED", + "READY", + "DELETING", + "DELETE_FAILED", + "DELETED" + ] + }, + "BrowserSummaries":{ + "type":"list", + "member":{"shape":"BrowserSummary"} + }, + "BrowserSummary":{ + "type":"structure", + "required":[ + "browserId", + "browserArn", + "status", + "createdAt" + ], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the browser.

" + }, + "browserArn":{ + "shape":"BrowserArn", + "documentation":"

The Amazon Resource Name (ARN) of the browser.

" + }, + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the browser.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the browser.

" + }, + "status":{ + "shape":"BrowserStatus", + "documentation":"

The current status of the browser.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was last updated.

" + } + }, + "documentation":"

Contains summary information about a browser. A browser enables Amazon Bedrock Agent to interact with web content.

" + }, + "ClientIdType":{ + "type":"string", + "max":256, + "min":1 + }, + "ClientSecretType":{ + "type":"string", + "max":2048, + "min":1, + "sensitive":true + }, + "ClientToken":{ + "type":"string", + "max":256, + "min":33, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,256}" + }, + "Code":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"S3Location", + "documentation":"

The Amazon Amazon S3 object that contains the source code for the agent runtime.

" + } + }, + "documentation":"

The source code configuration that specifies the location and details of the code to be executed.

", + "union":true + }, + "CodeConfiguration":{ + "type":"structure", + "required":[ + "code", + "runtime", + "entryPoint" + ], + "members":{ + "code":{ + "shape":"Code", + "documentation":"

The source code location and configuration details.

" + }, + "runtime":{ + "shape":"AgentManagedRuntimeType", + "documentation":"

The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).

" + }, + "entryPoint":{ + "shape":"CodeConfigurationEntryPointList", + "documentation":"

The entry point for the code execution, specifying the function or method that should be invoked when the code runs.

" + } + }, + "documentation":"

The configuration for the source code that defines how the agent runtime code should be executed, including the code location, runtime environment, and entry point.

" + }, + "CodeConfigurationEntryPointList":{ + "type":"list", + "member":{"shape":"entryPoint"}, + "max":2, + "min":1 + }, + "CodeInterpreterArn":{ + "type":"string", + "pattern":"arn:(-[^:]+)?:bedrock-agentcore:[a-z0-9-]+:(aws|[0-9]{12}):code-interpreter(-custom)?/(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" + }, + "CodeInterpreterId":{ + "type":"string", + "pattern":"(aws\\.codeinterpreter\\.v1|[a-zA-Z][a-zA-Z0-9_]{0,47}-[a-zA-Z0-9]{10})" + }, + "CodeInterpreterNetworkConfiguration":{ + "type":"structure", + "required":["networkMode"], + "members":{ + "networkMode":{ + "shape":"CodeInterpreterNetworkMode", + "documentation":"

The network mode for the code interpreter. This field specifies how the code interpreter connects to the network.

" + }, + "vpcConfig":{"shape":"VpcConfig"} + }, + "documentation":"

The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.

" + }, + "CodeInterpreterNetworkMode":{ + "type":"string", + "enum":[ + "PUBLIC", + "SANDBOX", + "VPC" + ] + }, + "CodeInterpreterStatus":{ + "type":"string", + "enum":[ + "CREATING", + "CREATE_FAILED", + "READY", + "DELETING", + "DELETE_FAILED", + "DELETED" + ] + }, + "CodeInterpreterSummaries":{ + "type":"list", + "member":{"shape":"CodeInterpreterSummary"} + }, + "CodeInterpreterSummary":{ + "type":"structure", + "required":[ + "codeInterpreterId", + "codeInterpreterArn", + "status", + "createdAt" + ], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the code interpreter.

" + }, + "codeInterpreterArn":{ + "shape":"CodeInterpreterArn", + "documentation":"

The Amazon Resource Name (ARN) of the code interpreter.

" + }, + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the code interpreter.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the code interpreter.

" + }, + "status":{ + "shape":"CodeInterpreterStatus", + "documentation":"

The current status of the code interpreter.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was last updated.

" + } + }, + "documentation":"

Contains summary information about a code interpreter. A code interpreter enables Amazon Bedrock Agent to execute code.

" + }, + "ConcurrentModificationException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

Exception thrown when a resource is modified concurrently by multiple requests.

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when there is a conflict performing an operation

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ConsolidationConfiguration":{ + "type":"structure", + "members":{ + "customConsolidationConfiguration":{ + "shape":"CustomConsolidationConfiguration", + "documentation":"

The custom consolidation configuration.

" + } + }, + "documentation":"

Contains consolidation configuration information for a memory strategy.

", + "union":true + }, + "ContainerConfiguration":{ + "type":"structure", + "required":["containerUri"], + "members":{ + "containerUri":{ + "shape":"RuntimeContainerUri", + "documentation":"

The ECR URI of the container.

" + } + }, + "documentation":"

Representation of a container configuration.

" + }, + "CreateAgentRuntimeEndpointRequest":{ + "type":"structure", + "required":[ + "agentRuntimeId", + "name" + ], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to create an endpoint for.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "name":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint.

" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the AgentCore Runtime to use for the endpoint.

" + }, + "description":{ + "shape":"AgentEndpointDescription", + "documentation":"

The description of the AgentCore Runtime endpoint.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the agent runtime endpoint. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateAgentRuntimeEndpointResponse":{ + "type":"structure", + "required":[ + "targetVersion", + "agentRuntimeEndpointArn", + "agentRuntimeArn", + "status", + "createdAt" + ], + "members":{ + "targetVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The target version of the AgentCore Runtime for the endpoint.

" + }, + "agentRuntimeEndpointArn":{ + "shape":"AgentRuntimeEndpointArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.

" + }, + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime.

" + }, + "endpointName":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint.

" + }, + "status":{ + "shape":"AgentRuntimeEndpointStatus", + "documentation":"

The current status of the AgentCore Runtime endpoint.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime endpoint was created.

" + } + } + }, + "CreateAgentRuntimeRequest":{ + "type":"structure", + "required":[ + "agentRuntimeName", + "agentRuntimeArtifact", + "roleArn", + "networkConfiguration" + ], + "members":{ + "agentRuntimeName":{ + "shape":"AgentRuntimeName", + "documentation":"

The name of the AgentCore Runtime.

" + }, + "agentRuntimeArtifact":{ + "shape":"AgentRuntimeArtifact", + "documentation":"

The artifact of the AgentCore Runtime.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The IAM role ARN that provides permissions for the AgentCore Runtime.

" + }, + "networkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"

The network configuration for the AgentCore Runtime.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the AgentCore Runtime.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The authorizer configuration for the AgentCore Runtime.

" + }, + "requestHeaderConfiguration":{ + "shape":"RequestHeaderConfiguration", + "documentation":"

Configuration for HTTP request headers that will be passed through to the runtime.

" + }, + "protocolConfiguration":{"shape":"ProtocolConfiguration"}, + "lifecycleConfiguration":{ + "shape":"LifecycleConfiguration", + "documentation":"

The life cycle configuration for the AgentCore Runtime.

" + }, + "environmentVariables":{ + "shape":"EnvironmentVariablesMap", + "documentation":"

Environment variables to set in the AgentCore Runtime environment.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the agent runtime. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateAgentRuntimeResponse":{ + "type":"structure", + "required":[ + "agentRuntimeArn", + "agentRuntimeId", + "agentRuntimeVersion", + "createdAt", + "status" + ], + "members":{ + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the AgentCore Runtime.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime.

" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the AgentCore Runtime.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime was created.

" + }, + "status":{ + "shape":"AgentRuntimeStatus", + "documentation":"

The current status of the AgentCore Runtime.

" + } + } + }, + "CreateApiKeyCredentialProviderRequest":{ + "type":"structure", + "required":[ + "name", + "apiKey" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider. The name must be unique within your account.

" + }, + "apiKey":{ + "shape":"ApiKeyType", + "documentation":"

The API key to use for authentication. This value is encrypted and stored securely.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the API key credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateApiKeyCredentialProviderResponse":{ + "type":"structure", + "required":[ + "apiKeySecretArn", + "name", + "credentialProviderArn" + ], + "members":{ + "apiKeySecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the secret containing the API key.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the created API key credential provider.

" + }, + "credentialProviderArn":{ + "shape":"ApiKeyCredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the created API key credential provider.

" + } + } + }, + "CreateBrowserRequest":{ + "type":"structure", + "required":[ + "name", + "networkConfiguration" + ], + "members":{ + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the browser. The name must be unique within your account.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the browser.

" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the browser to access Amazon Web Services services.

" + }, + "networkConfiguration":{ + "shape":"BrowserNetworkConfiguration", + "documentation":"

The network configuration for the browser. This configuration specifies the network mode for the browser.

" + }, + "recording":{ + "shape":"RecordingConfig", + "documentation":"

The recording configuration for the browser. When enabled, browser sessions are recorded and stored in the specified Amazon S3 location.

" + }, + "browserSigning":{ + "shape":"BrowserSigningConfigInput", + "documentation":"

The browser signing configuration that enables cryptographic agent identification using HTTP message signatures for web bot authentication.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.

", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the browser. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateBrowserResponse":{ + "type":"structure", + "required":[ + "browserId", + "browserArn", + "createdAt", + "status" + ], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the created browser.

" + }, + "browserArn":{ + "shape":"BrowserArn", + "documentation":"

The Amazon Resource Name (ARN) of the created browser.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was created.

" + }, + "status":{ + "shape":"BrowserStatus", + "documentation":"

The current status of the browser.

" + } + } + }, + "CreateCodeInterpreterRequest":{ + "type":"structure", + "required":[ + "name", + "networkConfiguration" + ], + "members":{ + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the code interpreter. The name must be unique within your account.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the code interpreter.

" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the code interpreter to access Amazon Web Services services.

" + }, + "networkConfiguration":{ + "shape":"CodeInterpreterNetworkConfiguration", + "documentation":"

The network configuration for the code interpreter. This configuration specifies the network mode for the code interpreter.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.

", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the code interpreter. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateCodeInterpreterResponse":{ + "type":"structure", + "required":[ + "codeInterpreterId", + "codeInterpreterArn", + "createdAt", + "status" + ], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the created code interpreter.

" + }, + "codeInterpreterArn":{ + "shape":"CodeInterpreterArn", + "documentation":"

The Amazon Resource Name (ARN) of the created code interpreter.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was created.

" + }, + "status":{ + "shape":"CodeInterpreterStatus", + "documentation":"

The current status of the code interpreter.

" + } + } + }, + "CreateGatewayRequest":{ + "type":"structure", + "required":[ + "name", + "roleArn", + "protocolType", + "authorizerType" + ], + "members":{ + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway. The name must be unique within your account.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The description of the gateway.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the gateway to access Amazon Web Services services.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

The protocol type for the gateway.

" + }, + "protocolConfiguration":{ + "shape":"GatewayProtocolConfiguration", + "documentation":"

The configuration settings for the protocol specified in the protocolType parameter.

" + }, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

The type of authorizer to use for the gateway.

  • CUSTOM_JWT - Authorize with a bearer token.

  • AWS_IAM - Authorize with your Amazon Web Services IAM credentials.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The authorizer configuration for the gateway. Required if authorizerType is CUSTOM_JWT.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.

" + }, + "exceptionLevel":{ + "shape":"ExceptionLevel", + "documentation":"

The level of detail in error messages returned when invoking the gateway.

  • If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.

  • If the value is omitted, a generic error message is returned to the end user.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of key-value pairs to associate with the gateway as metadata tags.

" + } + } + }, + "CreateGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "gatewayId", + "createdAt", + "updatedAt", + "status", + "name", + "protocolType", + "authorizerType" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the created gateway.

" + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

The unique identifier of the created gateway.

" + }, + "gatewayUrl":{ + "shape":"GatewayUrl", + "documentation":"

The URL endpoint for the created gateway.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was last updated.

" + }, + "status":{ + "shape":"GatewayStatus", + "documentation":"

The current status of the gateway.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the gateway.

" + }, + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The description of the gateway.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role associated with the gateway.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

The protocol type of the gateway.

" + }, + "protocolConfiguration":{ + "shape":"GatewayProtocolConfiguration", + "documentation":"

The configuration settings for the protocol used by the gateway.

" + }, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

The type of authorizer used by the gateway.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The authorizer configuration for the created gateway.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the created gateway.

" + }, + "exceptionLevel":{ + "shape":"ExceptionLevel", + "documentation":"

The level of detail in error messages returned when invoking the gateway.

  • If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.

  • If the value is omitted, a generic error message is returned to the end user.

" + } + } + }, + "CreateGatewayTargetRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "name", + "targetConfiguration" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway to create a target for.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The name of the gateway target. The name must be unique within the gateway.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The description of the gateway target.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + }, + "targetConfiguration":{ + "shape":"TargetConfiguration", + "documentation":"

The configuration settings for the target, including endpoint information and schema definitions.

" + }, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The credential provider configurations for the target. These configurations specify how the gateway authenticates with the target endpoint.

" + } + } + }, + "CreateGatewayTargetResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "targetId", + "createdAt", + "updatedAt", + "status", + "name", + "targetConfiguration", + "credentialProviderConfigurations" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway.

" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the created target.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the target was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the target was last updated.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The current status of the target.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the target.

" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The name of the target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The description of the target.

" + }, + "targetConfiguration":{ + "shape":"TargetConfiguration", + "documentation":"

The configuration settings for the target.

" + }, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The credential provider configurations for the target.

" + }, + "lastSynchronizedAt":{ + "shape":"DateTimestamp", + "documentation":"

The last synchronization of the target.

" + } + } + }, + "CreateMemoryInput":{ + "type":"structure", + "required":[ + "name", + "eventExpiryDuration" + ], + "members":{ + "clientToken":{ + "shape":"CreateMemoryInputClientTokenString", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request but does not return an error.

", + "idempotencyToken":true + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the memory. The name must be unique within your account.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the memory.

" + }, + "encryptionKeyArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the memory data.

" + }, + "memoryExecutionRoleArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that provides permissions for the memory to access Amazon Web Services services.

" + }, + "eventExpiryDuration":{ + "shape":"CreateMemoryInputEventExpiryDurationInteger", + "documentation":"

The duration after which memory events expire. Specified as an ISO 8601 duration.

" + }, + "memoryStrategies":{ + "shape":"MemoryStrategyInputList", + "documentation":"

The memory strategies to use for this memory. Strategies define how information is extracted, processed, and consolidated.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to an AgentCore Memory. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateMemoryInputClientTokenString":{ + "type":"string", + "max":500, + "min":0 + }, + "CreateMemoryInputEventExpiryDurationInteger":{ + "type":"integer", + "box":true, + "max":365, + "min":7 + }, + "CreateMemoryOutput":{ + "type":"structure", + "members":{ + "memory":{ + "shape":"Memory", + "documentation":"

The details of the created memory, including its ID, ARN, name, description, and configuration settings.

" + } + } + }, + "CreateOauth2CredentialProviderRequest":{ + "type":"structure", + "required":[ + "name", + "credentialProviderVendor", + "oauth2ProviderConfigInput" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider. The name must be unique within your account.

" + }, + "credentialProviderVendor":{ + "shape":"CredentialProviderVendorType", + "documentation":"

The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.

" + }, + "oauth2ProviderConfigInput":{ + "shape":"Oauth2ProviderConfigInput", + "documentation":"

The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateOauth2CredentialProviderResponse":{ + "type":"structure", + "required":[ + "clientSecretArn", + "name", + "credentialProviderArn" + ], + "members":{ + "clientSecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider.

" + }, + "credentialProviderArn":{ + "shape":"CredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the OAuth2 credential provider.

" + }, + "callbackUrl":{ + "shape":"String", + "documentation":"

Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.

" + }, + "oauth2ProviderConfigOutput":{"shape":"Oauth2ProviderConfigOutput"} + } + }, + "CreateWorkloadIdentityRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity. The name must be unique within your account.

" + }, + "allowedResourceOauth2ReturnUrls":{ + "shape":"ResourceOauth2ReturnUrlListType", + "documentation":"

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

A map of tag keys and values to assign to the workload identity. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.

" + } + } + }, + "CreateWorkloadIdentityResponse":{ + "type":"structure", + "required":[ + "name", + "workloadIdentityArn" + ], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity.

" + }, + "workloadIdentityArn":{ + "shape":"WorkloadIdentityArnType", + "documentation":"

The Amazon Resource Name (ARN) of the workload identity.

" + }, + "allowedResourceOauth2ReturnUrls":{ + "shape":"ResourceOauth2ReturnUrlListType", + "documentation":"

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

" + } + } + }, + "CredentialProvider":{ + "type":"structure", + "members":{ + "oauthCredentialProvider":{ + "shape":"OAuthCredentialProvider", + "documentation":"

The OAuth credential provider. This provider uses OAuth authentication to access the target endpoint.

" + }, + "apiKeyCredentialProvider":{ + "shape":"ApiKeyCredentialProvider", + "documentation":"

The API key credential provider. This provider uses an API key to authenticate with the target endpoint.

" + } + }, + "documentation":"

A credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint.

", + "union":true + }, + "CredentialProviderArnType":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov):acps:[A-Za-z0-9-]{1,64}:[0-9]{12}:token-vault/[a-zA-Z0-9-.]+/oauth2credentialprovider/[a-zA-Z0-9-.]+" + }, + "CredentialProviderConfiguration":{ + "type":"structure", + "required":["credentialProviderType"], + "members":{ + "credentialProviderType":{ + "shape":"CredentialProviderType", + "documentation":"

The type of credential provider. This field specifies which authentication method the gateway uses.

" + }, + "credentialProvider":{ + "shape":"CredentialProvider", + "documentation":"

The credential provider. This field contains the specific configuration for the credential provider type.

" + } + }, + "documentation":"

The configuration for a credential provider. This structure defines how the gateway authenticates with the target endpoint.

" + }, + "CredentialProviderConfigurations":{ + "type":"list", + "member":{"shape":"CredentialProviderConfiguration"}, + "max":1, + "min":1 + }, + "CredentialProviderName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\-_]+" + }, + "CredentialProviderType":{ + "type":"string", + "enum":[ + "GATEWAY_IAM_ROLE", + "OAUTH", + "API_KEY" + ] + }, + "CredentialProviderVendorType":{ + "type":"string", + "enum":[ + "GoogleOauth2", + "GithubOauth2", + "SlackOauth2", + "SalesforceOauth2", + "MicrosoftOauth2", + "CustomOauth2", + "AtlassianOauth2", + "LinkedinOauth2", + "XOauth2", + "OktaOauth2", + "OneLoginOauth2", + "PingOneOauth2", + "FacebookOauth2", + "YandexOauth2", + "RedditOauth2", + "ZoomOauth2", + "TwitchOauth2", + "SpotifyOauth2", + "DropboxOauth2", + "NotionOauth2", + "HubspotOauth2", + "CyberArkOauth2", + "FusionAuthOauth2", + "Auth0Oauth2", + "CognitoOauth2" + ] + }, + "CustomConfigurationInput":{ + "type":"structure", + "members":{ + "semanticOverride":{ + "shape":"SemanticOverrideConfigurationInput", + "documentation":"

The semantic override configuration for a custom memory strategy.

" + }, + "summaryOverride":{ + "shape":"SummaryOverrideConfigurationInput", + "documentation":"

The summary override configuration for a custom memory strategy.

" + }, + "userPreferenceOverride":{ + "shape":"UserPreferenceOverrideConfigurationInput", + "documentation":"

The user preference override configuration for a custom memory strategy.

" + }, + "selfManagedConfiguration":{ + "shape":"SelfManagedConfigurationInput", + "documentation":"

The self managed configuration for a custom memory strategy.

" + } + }, + "documentation":"

Input for custom configuration of a memory strategy.

", + "union":true + }, + "CustomConsolidationConfiguration":{ + "type":"structure", + "members":{ + "semanticConsolidationOverride":{ + "shape":"SemanticConsolidationOverride", + "documentation":"

The semantic consolidation override configuration.

" + }, + "summaryConsolidationOverride":{ + "shape":"SummaryConsolidationOverride", + "documentation":"

The summary consolidation override configuration.

" + }, + "userPreferenceConsolidationOverride":{ + "shape":"UserPreferenceConsolidationOverride", + "documentation":"

The user preference consolidation override configuration.

" + } + }, + "documentation":"

Contains custom consolidation configuration information.

", + "union":true + }, + "CustomConsolidationConfigurationInput":{ + "type":"structure", + "members":{ + "semanticConsolidationOverride":{ + "shape":"SemanticOverrideConsolidationConfigurationInput", + "documentation":"

The semantic consolidation override configuration input.

" + }, + "summaryConsolidationOverride":{ + "shape":"SummaryOverrideConsolidationConfigurationInput", + "documentation":"

The summary consolidation override configuration input.

" + }, + "userPreferenceConsolidationOverride":{ + "shape":"UserPreferenceOverrideConsolidationConfigurationInput", + "documentation":"

The user preference consolidation override configuration input.

" + } + }, + "documentation":"

Input for a custom consolidation configuration.

", + "union":true + }, + "CustomExtractionConfiguration":{ + "type":"structure", + "members":{ + "semanticExtractionOverride":{ + "shape":"SemanticExtractionOverride", + "documentation":"

The semantic extraction override configuration.

" + }, + "userPreferenceExtractionOverride":{ + "shape":"UserPreferenceExtractionOverride", + "documentation":"

The user preference extraction override configuration.

" + } + }, + "documentation":"

Contains custom extraction configuration information.

", + "union":true + }, + "CustomExtractionConfigurationInput":{ + "type":"structure", + "members":{ + "semanticExtractionOverride":{ + "shape":"SemanticOverrideExtractionConfigurationInput", + "documentation":"

The semantic extraction override configuration input.

" + }, + "userPreferenceExtractionOverride":{ + "shape":"UserPreferenceOverrideExtractionConfigurationInput", + "documentation":"

The user preference extraction override configuration input.

" + } + }, + "documentation":"

Input for a custom extraction configuration.

", + "union":true + }, + "CustomJWTAuthorizerConfiguration":{ + "type":"structure", + "required":["discoveryUrl"], + "members":{ + "discoveryUrl":{ + "shape":"DiscoveryUrl", + "documentation":"

This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

" + }, + "allowedAudience":{ + "shape":"AllowedAudienceList", + "documentation":"

Represents individual audience values that are validated in the incoming JWT token validation process.

" + }, + "allowedClients":{ + "shape":"AllowedClientsList", + "documentation":"

Represents individual client IDs that are validated in the incoming JWT token validation process.

" + } + }, + "documentation":"

Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.

" + }, + "CustomMemoryStrategyInput":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"Name", + "documentation":"

The name of the custom memory strategy.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the custom memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with the custom memory strategy.

" + }, + "configuration":{ + "shape":"CustomConfigurationInput", + "documentation":"

The configuration for the custom memory strategy.

" + } + }, + "documentation":"

Input for creating a custom memory strategy.

" + }, + "CustomOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "oauthDiscovery", + "clientId", + "clientSecret" + ], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the custom provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the custom OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the custom OAuth2 provider.

" + } + }, + "documentation":"

Input configuration for a custom OAuth2 provider.

" + }, + "CustomOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the custom provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the custom OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a custom OAuth2 provider.

" + }, + "DateTimestamp":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "DecryptionFailure":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

Exception thrown when decryption of a secret fails.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "DeleteAgentRuntimeEndpointRequest":{ + "type":"structure", + "required":[ + "agentRuntimeId", + "endpointName" + ], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime associated with the endpoint.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "endpointName":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint to delete.

", + "location":"uri", + "locationName":"endpointName" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteAgentRuntimeEndpointResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"AgentRuntimeEndpointStatus", + "documentation":"

The current status of the AgentCore Runtime endpoint deletion.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime.

" + }, + "endpointName":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint.

" + } + } + }, + "DeleteAgentRuntimeRequest":{ + "type":"structure", + "required":["agentRuntimeId"], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to delete.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service ignores the request but does not return an error.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteAgentRuntimeResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"AgentRuntimeStatus", + "documentation":"

The current status of the AgentCore Runtime deletion.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime.

" + } + } + }, + "DeleteApiKeyCredentialProviderRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider to delete.

" + } + } + }, + "DeleteApiKeyCredentialProviderResponse":{ + "type":"structure", + "members":{} + }, + "DeleteBrowserRequest":{ + "type":"structure", + "required":["browserId"], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the browser to delete.

", + "location":"uri", + "locationName":"browserId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteBrowserResponse":{ + "type":"structure", + "required":[ + "browserId", + "status", + "lastUpdatedAt" + ], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the deleted browser.

" + }, + "status":{ + "shape":"BrowserStatus", + "documentation":"

The current status of the browser deletion.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was last updated.

" + } + } + }, + "DeleteCodeInterpreterRequest":{ + "type":"structure", + "required":["codeInterpreterId"], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the code interpreter to delete.

", + "location":"uri", + "locationName":"codeInterpreterId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteCodeInterpreterResponse":{ + "type":"structure", + "required":[ + "codeInterpreterId", + "status", + "lastUpdatedAt" + ], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the deleted code interpreter.

" + }, + "status":{ + "shape":"CodeInterpreterStatus", + "documentation":"

The current status of the code interpreter deletion.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was last updated.

" + } + } + }, + "DeleteGatewayRequest":{ + "type":"structure", + "required":["gatewayIdentifier"], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway to delete.

", + "location":"uri", + "locationName":"gatewayIdentifier" + } + } + }, + "DeleteGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

The unique identifier of the deleted gateway.

" + }, + "status":{ + "shape":"GatewayStatus", + "documentation":"

The current status of the gateway deletion.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the gateway deletion.

" + } + } + }, + "DeleteGatewayTargetRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "targetId" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The unique identifier of the gateway associated with the target.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the gateway target to delete.

", + "location":"uri", + "locationName":"targetId" + } + } + }, + "DeleteGatewayTargetResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "targetId", + "status" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway.

" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the deleted gateway target.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The current status of the gateway target deletion.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the gateway target deletion.

" + } + } + }, + "DeleteMemoryInput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "clientToken":{ + "shape":"DeleteMemoryInputClientTokenString", + "documentation":"

A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + }, + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory to delete.

", + "location":"uri", + "locationName":"memoryId" + } + } + }, + "DeleteMemoryInputClientTokenString":{ + "type":"string", + "max":500, + "min":0 + }, + "DeleteMemoryOutput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the deleted AgentCore Memory resource.

" + }, + "status":{ + "shape":"MemoryStatus", + "documentation":"

The current status of the AgentCore Memory resource deletion.

" + } + } + }, + "DeleteMemoryStrategiesList":{ + "type":"list", + "member":{"shape":"DeleteMemoryStrategyInput"} + }, + "DeleteMemoryStrategyInput":{ + "type":"structure", + "required":["memoryStrategyId"], + "members":{ + "memoryStrategyId":{ + "shape":"String", + "documentation":"

The unique identifier of the memory strategy to delete.

" + } + }, + "documentation":"

Input for deleting a memory strategy.

" + }, + "DeleteOauth2CredentialProviderRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider to delete.

" + } + } + }, + "DeleteOauth2CredentialProviderResponse":{ + "type":"structure", + "members":{} + }, + "DeleteWorkloadIdentityRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity to delete.

" + } + } + }, + "DeleteWorkloadIdentityResponse":{ + "type":"structure", + "members":{} + }, + "Description":{ + "type":"string", + "max":4096, + "min":1, + "sensitive":true + }, + "DiscoveryUrl":{ + "type":"string", + "pattern":".+/\\.well-known/openid-configuration" + }, + "DiscoveryUrlType":{ + "type":"string", + "pattern":".+/\\.well-known/openid-configuration" + }, + "EncryptionFailure":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

Exception thrown when encryption of a secret fails.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "EndpointName":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}", + "sensitive":true + }, + "EnvironmentVariableKey":{ + "type":"string", + "max":100, + "min":1 + }, + "EnvironmentVariableValue":{ + "type":"string", + "max":5000, + "min":0 + }, + "EnvironmentVariablesMap":{ + "type":"map", + "key":{"shape":"EnvironmentVariableKey"}, + "value":{"shape":"EnvironmentVariableValue"}, + "max":50, + "min":0, + "sensitive":true + }, + "ExceptionLevel":{ + "type":"string", + "enum":["DEBUG"] + }, + "ExtractionConfiguration":{ + "type":"structure", + "members":{ + "customExtractionConfiguration":{ + "shape":"CustomExtractionConfiguration", + "documentation":"

The custom extraction configuration.

" + } + }, + "documentation":"

Contains extraction configuration information for a memory strategy.

", + "union":true + }, + "GatewayArn":{ + "type":"string", + "pattern":"arn:aws(|-cn|-us-gov):bedrock-agentcore:[a-z0-9-]{1,20}:[0-9]{12}:gateway/[0-9a-zA-Z]{10}" + }, + "GatewayDescription":{ + "type":"string", + "max":200, + "min":1, + "sensitive":true + }, + "GatewayId":{ + "type":"string", + "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" + }, + "GatewayIdentifier":{ + "type":"string", + "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" + }, + "GatewayMaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "GatewayName":{ + "type":"string", + "pattern":"([0-9a-zA-Z][-]?){1,100}", + "sensitive":true + }, + "GatewayNextToken":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\S*" + }, + "GatewayProtocolConfiguration":{ + "type":"structure", + "members":{ + "mcp":{ + "shape":"MCPGatewayConfiguration", + "documentation":"

The configuration for the Model Context Protocol (MCP). This protocol enables communication between Amazon Bedrock Agent and external tools.

" + } + }, + "documentation":"

The configuration for a gateway protocol. This structure defines how the gateway communicates with external services.

", + "union":true + }, + "GatewayProtocolType":{ + "type":"string", + "enum":["MCP"] + }, + "GatewayStatus":{ + "type":"string", + "enum":[ + "CREATING", + "UPDATING", + "UPDATE_UNSUCCESSFUL", + "DELETING", + "READY", + "FAILED" + ] + }, + "GatewaySummaries":{ + "type":"list", + "member":{"shape":"GatewaySummary"} + }, + "GatewaySummary":{ + "type":"structure", + "required":[ + "gatewayId", + "name", + "status", + "createdAt", + "updatedAt", + "authorizerType", + "protocolType" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

The unique identifier of the gateway.

" + }, + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway.

" + }, + "status":{ + "shape":"GatewayStatus", + "documentation":"

The current status of the gateway.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The description of the gateway.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was last updated.

" + }, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

The type of authorizer used by the gateway.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

The protocol type used by the gateway.

" + } + }, + "documentation":"

Contains summary information about a gateway.

" + }, + "GatewayTarget":{ + "type":"structure", + "required":[ + "gatewayArn", + "targetId", + "createdAt", + "updatedAt", + "status", + "name", + "targetConfiguration", + "credentialProviderConfigurations" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway target.

" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The target ID.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The date and time at which the target was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The date and time at which the target was updated.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The status of the gateway target.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The status reasons for the target status.

" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The name of the gateway target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The description for the gateway target.

" + }, + "targetConfiguration":{"shape":"TargetConfiguration"}, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The provider configurations.

" + }, + "lastSynchronizedAt":{ + "shape":"DateTimestamp", + "documentation":"

The last synchronization time.

" + } + }, + "documentation":"

The gateway target.

" + }, + "GatewayTargetList":{ + "type":"list", + "member":{"shape":"GatewayTarget"} + }, + "GatewayUrl":{ + "type":"string", + "max":1024, + "min":1 + }, + "GetAgentRuntimeEndpointRequest":{ + "type":"structure", + "required":[ + "agentRuntimeId", + "endpointName" + ], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime associated with the endpoint.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "endpointName":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint to retrieve.

", + "location":"uri", + "locationName":"endpointName" + } + } + }, + "GetAgentRuntimeEndpointResponse":{ + "type":"structure", + "required":[ + "agentRuntimeEndpointArn", + "agentRuntimeArn", + "status", + "createdAt", + "lastUpdatedAt", + "name", + "id" + ], + "members":{ + "liveVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The currently deployed version of the AgentCore Runtime on the endpoint.

" + }, + "targetVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The target version of the AgentCore Runtime for the endpoint.

" + }, + "agentRuntimeEndpointArn":{ + "shape":"AgentRuntimeEndpointArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.

" + }, + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime.

" + }, + "description":{ + "shape":"AgentEndpointDescription", + "documentation":"

The description of the AgentCore Runtime endpoint.

" + }, + "status":{ + "shape":"AgentRuntimeEndpointStatus", + "documentation":"

The current status of the AgentCore Runtime endpoint.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime endpoint was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime endpoint was last updated.

" + }, + "failureReason":{ + "shape":"String", + "documentation":"

The reason for failure if the AgentCore Runtime endpoint is in a failed state.

" + }, + "name":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint.

" + }, + "id":{ + "shape":"AgentRuntimeEndpointId", + "documentation":"

The unique identifier of the AgentCore Runtime endpoint.

" + } + } + }, + "GetAgentRuntimeRequest":{ + "type":"structure", + "required":["agentRuntimeId"], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to retrieve.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the AgentCore Runtime to retrieve.

", + "location":"querystring", + "locationName":"version" + } + } + }, + "GetAgentRuntimeResponse":{ + "type":"structure", + "required":[ + "agentRuntimeArn", + "agentRuntimeName", + "agentRuntimeId", + "agentRuntimeVersion", + "createdAt", + "lastUpdatedAt", + "roleArn", + "networkConfiguration", + "status", + "lifecycleConfiguration" + ], + "members":{ + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime.

" + }, + "agentRuntimeName":{ + "shape":"AgentRuntimeName", + "documentation":"

The name of the AgentCore Runtime.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime.

" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the AgentCore Runtime.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime was last updated.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The IAM role ARN that provides permissions for the AgentCore Runtime.

" + }, + "networkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"

The network configuration for the AgentCore Runtime.

" + }, + "status":{ + "shape":"AgentRuntimeStatus", + "documentation":"

The current status of the AgentCore Runtime.

" + }, + "lifecycleConfiguration":{ + "shape":"LifecycleConfiguration", + "documentation":"

The life cycle configuration for the AgentCore Runtime.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the AgentCore Runtime.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the AgentCore Runtime.

" + }, + "agentRuntimeArtifact":{ + "shape":"AgentRuntimeArtifact", + "documentation":"

The artifact of the AgentCore Runtime.

" + }, + "protocolConfiguration":{"shape":"ProtocolConfiguration"}, + "environmentVariables":{ + "shape":"EnvironmentVariablesMap", + "documentation":"

Environment variables set in the AgentCore Runtime environment.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The authorizer configuration for the AgentCore Runtime.

" + }, + "requestHeaderConfiguration":{ + "shape":"RequestHeaderConfiguration", + "documentation":"

Configuration for HTTP request headers that will be passed through to the runtime.

" + } + } + }, + "GetApiKeyCredentialProviderRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider to retrieve.

" + } + } + }, + "GetApiKeyCredentialProviderResponse":{ + "type":"structure", + "required":[ + "apiKeySecretArn", + "name", + "credentialProviderArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "apiKeySecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider.

" + }, + "credentialProviderArn":{ + "shape":"ApiKeyCredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the API key credential provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was last updated.

" + } + } + }, + "GetBrowserRequest":{ + "type":"structure", + "required":["browserId"], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the browser to retrieve.

", + "location":"uri", + "locationName":"browserId" + } + } + }, + "GetBrowserResponse":{ + "type":"structure", + "required":[ + "browserId", + "browserArn", + "name", + "networkConfiguration", + "status", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "browserId":{ + "shape":"BrowserId", + "documentation":"

The unique identifier of the browser.

" + }, + "browserArn":{ + "shape":"BrowserArn", + "documentation":"

The Amazon Resource Name (ARN) of the browser.

" + }, + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the browser.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the browser.

" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"

The IAM role ARN that provides permissions for the browser.

" + }, + "networkConfiguration":{"shape":"BrowserNetworkConfiguration"}, + "recording":{"shape":"RecordingConfig"}, + "browserSigning":{ + "shape":"BrowserSigningConfigOutput", + "documentation":"

The browser signing configuration that shows whether cryptographic agent identification is enabled for web bot authentication.

" + }, + "status":{ + "shape":"BrowserStatus", + "documentation":"

The current status of the browser.

" + }, + "failureReason":{ + "shape":"String", + "documentation":"

The reason for failure if the browser is in a failed state.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the browser was last updated.

" + } + } + }, + "GetCodeInterpreterRequest":{ + "type":"structure", + "required":["codeInterpreterId"], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the code interpreter to retrieve.

", + "location":"uri", + "locationName":"codeInterpreterId" + } + } + }, + "GetCodeInterpreterResponse":{ + "type":"structure", + "required":[ + "codeInterpreterId", + "codeInterpreterArn", + "name", + "networkConfiguration", + "status", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "codeInterpreterId":{ + "shape":"CodeInterpreterId", + "documentation":"

The unique identifier of the code interpreter.

" + }, + "codeInterpreterArn":{ + "shape":"CodeInterpreterArn", + "documentation":"

The Amazon Resource Name (ARN) of the code interpreter.

" + }, + "name":{ + "shape":"SandboxName", + "documentation":"

The name of the code interpreter.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the code interpreter.

" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"

The IAM role ARN that provides permissions for the code interpreter.

" + }, + "networkConfiguration":{"shape":"CodeInterpreterNetworkConfiguration"}, + "status":{ + "shape":"CodeInterpreterStatus", + "documentation":"

The current status of the code interpreter.

" + }, + "failureReason":{ + "shape":"String", + "documentation":"

The reason for failure if the code interpreter is in a failed state.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the code interpreter was last updated.

" + } + } + }, + "GetGatewayRequest":{ + "type":"structure", + "required":["gatewayIdentifier"], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway to retrieve.

", + "location":"uri", + "locationName":"gatewayIdentifier" + } + } + }, + "GetGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "gatewayId", + "createdAt", + "updatedAt", + "status", + "name", + "protocolType", + "authorizerType" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway.

" + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

The unique identifier of the gateway.

" + }, + "gatewayUrl":{ + "shape":"GatewayUrl", + "documentation":"

An endpoint for invoking gateway.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was last updated.

" + }, + "status":{ + "shape":"GatewayStatus", + "documentation":"

The current status of the gateway.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the gateway.

" + }, + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The description of the gateway.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The IAM role ARN that provides permissions for the gateway.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

Protocol applied to a gateway.

" + }, + "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

Authorizer type for the gateway.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The authorizer configuration for the gateway.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the gateway.

" + }, + "exceptionLevel":{ + "shape":"ExceptionLevel", + "documentation":"

The level of detail in error messages returned when invoking the gateway.

  • If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.

  • If the value is omitted, a generic error message is returned to the end user.

" + } + } + }, + "GetGatewayTargetRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "targetId" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway that contains the target.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the target to retrieve.

", + "location":"uri", + "locationName":"targetId" + } + } + }, + "GetGatewayTargetResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "targetId", + "createdAt", + "updatedAt", + "status", + "name", + "targetConfiguration", + "credentialProviderConfigurations" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway.

" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the gateway target.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway target was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway target was last updated.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The current status of the gateway target.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the gateway target.

" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The name of the gateway target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The description of the gateway target.

" + }, + "targetConfiguration":{"shape":"TargetConfiguration"}, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The credential provider configurations for the gateway target.

" + }, + "lastSynchronizedAt":{ + "shape":"DateTimestamp", + "documentation":"

The last synchronization of the target.

" + } + } + }, + "GetMemoryInput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory to retrieve.

", + "location":"uri", + "locationName":"memoryId" + } + } + }, + "GetMemoryOutput":{ + "type":"structure", + "required":["memory"], + "members":{ + "memory":{ + "shape":"Memory", + "documentation":"

The retrieved AgentCore Memory resource details.

" + } + } + }, + "GetOauth2CredentialProviderRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider to retrieve.

" + } + } + }, + "GetOauth2CredentialProviderResponse":{ + "type":"structure", + "required":[ + "clientSecretArn", + "name", + "credentialProviderArn", + "credentialProviderVendor", + "oauth2ProviderConfigOutput", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "clientSecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider.

" + }, + "credentialProviderArn":{ + "shape":"CredentialProviderArnType", + "documentation":"

ARN of the credential provider requested.

" + }, + "credentialProviderVendor":{ + "shape":"CredentialProviderVendorType", + "documentation":"

The vendor of the OAuth2 credential provider.

" + }, + "callbackUrl":{ + "shape":"String", + "documentation":"

Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.

" + }, + "oauth2ProviderConfigOutput":{ + "shape":"Oauth2ProviderConfigOutput", + "documentation":"

The configuration output for the OAuth2 provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was last updated.

" + } + } + }, + "GetTokenVaultRequest":{ + "type":"structure", + "members":{ + "tokenVaultId":{ + "shape":"TokenVaultIdType", + "documentation":"

The unique identifier of the token vault to retrieve.

" + } + } + }, + "GetTokenVaultResponse":{ + "type":"structure", + "required":[ + "tokenVaultId", + "kmsConfiguration", + "lastModifiedDate" + ], + "members":{ + "tokenVaultId":{ + "shape":"TokenVaultIdType", + "documentation":"

The ID of the token vault.

" + }, + "kmsConfiguration":{ + "shape":"KmsConfiguration", + "documentation":"

The KMS configuration for the token vault.

" + }, + "lastModifiedDate":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the token vault was last modified.

" + } + } + }, + "GetWorkloadIdentityRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity to retrieve.

" + } + } + }, + "GetWorkloadIdentityResponse":{ + "type":"structure", + "required":[ + "name", + "workloadIdentityArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity.

" + }, + "workloadIdentityArn":{ + "shape":"WorkloadIdentityArnType", + "documentation":"

The Amazon Resource Name (ARN) of the workload identity.

" + }, + "allowedResourceOauth2ReturnUrls":{ + "shape":"ResourceOauth2ReturnUrlListType", + "documentation":"

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the workload identity was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the workload identity was last updated.

" + } + } + }, + "GithubOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the GitHub OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the GitHub OAuth2 provider.

" + } + }, + "documentation":"

Input configuration for a GitHub OAuth2 provider.

" + }, + "GithubOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the GitHub provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the GitHub OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a GitHub OAuth2 provider.

" + }, + "GoogleOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Google OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the Google OAuth2 provider.

" + } + }, + "documentation":"

Input configuration for a Google OAuth2 provider.

" + }, + "GoogleOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the Google provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Google OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a Google OAuth2 provider.

" + }, + "HeaderName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"(Authorization|X-Amzn-Bedrock-AgentCore-Runtime-Custom-[a-zA-Z0-9-]+)" + }, + "IncludedOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.

" + }, + "issuer":{ + "shape":"IssuerUrlType", + "documentation":"

Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.

" + }, + "authorizationEndpoint":{ + "shape":"AuthorizationEndpointType", + "documentation":"

OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.

" + }, + "tokenEndpoint":{ + "shape":"TokenEndpointType", + "documentation":"

OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.

" + } + }, + "documentation":"

Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.

" + }, + "IncludedOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{"shape":"Oauth2Discovery"}, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the supported OAuth2 provider.

" + } + }, + "documentation":"

The configuration details returned for a supported OAuth2 provider, including client credentials and OAuth2 discovery information.

" + }, + "InlinePayload":{ + "type":"string", + "sensitive":true + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown if there was an unexpected error during processing of request

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "InvocationConfiguration":{ + "type":"structure", + "required":[ + "topicArn", + "payloadDeliveryBucketName" + ], + "members":{ + "topicArn":{ + "shape":"Arn", + "documentation":"

The ARN of the SNS topic for job notifications.

" + }, + "payloadDeliveryBucketName":{ + "shape":"String", + "documentation":"

The S3 bucket name for event payload delivery.

" + } + }, + "documentation":"

The configuration to invoke a self-managed memory processing pipeline with.

" + }, + "InvocationConfigurationInput":{ + "type":"structure", + "required":[ + "topicArn", + "payloadDeliveryBucketName" + ], + "members":{ + "topicArn":{ + "shape":"Arn", + "documentation":"

The ARN of the SNS topic for job notifications.

" + }, + "payloadDeliveryBucketName":{ + "shape":"InvocationConfigurationInputPayloadDeliveryBucketNameString", + "documentation":"

The S3 bucket name for event payload delivery.

" + } + }, + "documentation":"

The configuration to invoke a self-managed memory processing pipeline with.

" + }, + "InvocationConfigurationInputPayloadDeliveryBucketNameString":{ + "type":"string", + "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" + }, + "IssuerUrlType":{"type":"string"}, + "KeyType":{ + "type":"string", + "enum":[ + "CustomerManagedKey", + "ServiceManagedKey" + ] + }, + "KmsConfiguration":{ + "type":"structure", + "required":["keyType"], + "members":{ + "keyType":{ + "shape":"KeyType", + "documentation":"

The type of KMS key (CustomerManagedKey or ServiceManagedKey).

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon Resource Name (ARN) of the KMS key.

" + } + }, + "documentation":"

Contains the KMS configuration for a resource.

" + }, + "KmsKeyArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" + }, + "LambdaFunctionArn":{ + "type":"string", + "max":170, + "min":1, + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\\d{1}):(\\d{12}):function:([a-zA-Z0-9-_.]+)(:(\\$LATEST|[a-zA-Z0-9-]+))?" + }, + "LifecycleConfiguration":{ + "type":"structure", + "members":{ + "idleRuntimeSessionTimeout":{ + "shape":"LifecycleConfigurationIdleRuntimeSessionTimeoutInteger", + "documentation":"

Timeout in seconds for idle runtime sessions. When a session remains idle for this duration, it will be automatically terminated. Default: 900 seconds (15 minutes).

" + }, + "maxLifetime":{ + "shape":"LifecycleConfigurationMaxLifetimeInteger", + "documentation":"

Maximum lifetime for the instance in seconds. Once reached, instances will be automatically terminated and replaced. Default: 28800 seconds (8 hours).

" + } + }, + "documentation":"

LifecycleConfiguration lets you manage the lifecycle of runtime sessions and resources in AgentCore Runtime. This configuration helps optimize resource utilization by automatically cleaning up idle sessions and preventing long-running instances from consuming resources indefinitely.

" + }, + "LifecycleConfigurationIdleRuntimeSessionTimeoutInteger":{ + "type":"integer", + "box":true, + "max":28800, + "min":60 + }, + "LifecycleConfigurationMaxLifetimeInteger":{ + "type":"integer", + "box":true, + "max":28800, + "min":60 + }, + "LinkedinOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.

" + } + }, + "documentation":"

Configuration settings for connecting to LinkedIn services using OAuth2 authentication. This includes the client credentials required to authenticate with LinkedIn's OAuth2 authorization server.

" + }, + "LinkedinOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{"shape":"Oauth2Discovery"}, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the LinkedIn OAuth2 provider.

" + } + }, + "documentation":"

The configuration details returned for a LinkedIn OAuth2 provider, including the client ID and OAuth2 discovery information.

" + }, + "ListAgentRuntimeEndpointsRequest":{ + "type":"structure", + "required":["agentRuntimeId"], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to list endpoints for.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAgentRuntimeEndpointsResponse":{ + "type":"structure", + "required":["runtimeEndpoints"], + "members":{ + "runtimeEndpoints":{ + "shape":"AgentRuntimeEndpoints", + "documentation":"

The list of AgentCore Runtime endpoints.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListAgentRuntimeVersionsRequest":{ + "type":"structure", + "required":["agentRuntimeId"], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to list versions for.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAgentRuntimeVersionsResponse":{ + "type":"structure", + "required":["agentRuntimes"], + "members":{ + "agentRuntimes":{ + "shape":"AgentRuntimes", + "documentation":"

The list of AgentCore Runtime versions.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListAgentRuntimesRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAgentRuntimesResponse":{ + "type":"structure", + "required":["agentRuntimes"], + "members":{ + "agentRuntimes":{ + "shape":"AgentRuntimes", + "documentation":"

The list of AgentCore Runtime resources.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListApiKeyCredentialProvidersRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

Maximum number of results to return.

" + } + } + }, + "ListApiKeyCredentialProvidersResponse":{ + "type":"structure", + "required":["credentialProviders"], + "members":{ + "credentialProviders":{ + "shape":"ApiKeyCredentialProviders", + "documentation":"

The list of API key credential providers.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token for the next page of results.

" + } + } + }, + "ListBrowsersRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "type":{ + "shape":"ResourceType", + "documentation":"

The type of browsers to list. If not specified, all browser types are returned.

", + "location":"querystring", + "locationName":"type" + } + } + }, + "ListBrowsersResponse":{ + "type":"structure", + "required":["browserSummaries"], + "members":{ + "browserSummaries":{ + "shape":"BrowserSummaries", + "documentation":"

The list of browser summaries.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListCodeInterpretersRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in the response.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "type":{ + "shape":"ResourceType", + "documentation":"

The type of code interpreters to list.

", + "location":"querystring", + "locationName":"type" + } + } + }, + "ListCodeInterpretersResponse":{ + "type":"structure", + "required":["codeInterpreterSummaries"], + "members":{ + "codeInterpreterSummaries":{ + "shape":"CodeInterpreterSummaries", + "documentation":"

The list of code interpreter summaries.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListGatewayTargetsRequest":{ + "type":"structure", + "required":["gatewayIdentifier"], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway to list targets for.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "maxResults":{ + "shape":"TargetMaxResults", + "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"TargetNextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListGatewayTargetsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"TargetSummaries", + "documentation":"

The list of gateway target summaries.

" + }, + "nextToken":{ + "shape":"TargetNextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + } + } + }, + "ListGatewaysRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"GatewayMaxResults", + "documentation":"

The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the nextToken field when making another request to return the next batch of results.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"GatewayNextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, enter the token returned in the nextToken field in the response in this field to return the next batch of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListGatewaysResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"GatewaySummaries", + "documentation":"

The list of gateway summaries.

" + }, + "nextToken":{ + "shape":"GatewayNextToken", + "documentation":"

If the total number of results is greater than the maxResults value provided in the request, use this token when making another request in the nextToken field to return the next batch of results.

" + } + } + }, + "ListMemoriesInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListMemoriesInputMaxResultsInteger", + "documentation":"

The maximum number of results to return in a single call. The default value is 10. The maximum value is 50.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + } + } + }, + "ListMemoriesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListMemoriesOutput":{ + "type":"structure", + "required":["memories"], + "members":{ + "memories":{ + "shape":"MemorySummaryList", + "documentation":"

The list of AgentCore Memory resource summaries.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

A token to retrieve the next page of results.

" + } + } + }, + "ListOauth2CredentialProvidersRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token.

" + }, + "maxResults":{ + "shape":"ListOauth2CredentialProvidersRequestMaxResultsInteger", + "documentation":"

Maximum number of results to return.

" + } + } + }, + "ListOauth2CredentialProvidersRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "ListOauth2CredentialProvidersResponse":{ + "type":"structure", + "required":["credentialProviders"], + "members":{ + "credentialProviders":{ + "shape":"Oauth2CredentialProviders", + "documentation":"

The list of OAuth2 credential providers.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token for the next page of results.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource for which you want to list tags.

", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagsMap", + "documentation":"

The tags associated with the resource.

" + } + } + }, + "ListWorkloadIdentitiesRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token.

" + }, + "maxResults":{ + "shape":"ListWorkloadIdentitiesRequestMaxResultsInteger", + "documentation":"

Maximum number of results to return.

" + } + } + }, + "ListWorkloadIdentitiesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "ListWorkloadIdentitiesResponse":{ + "type":"structure", + "required":["workloadIdentities"], + "members":{ + "workloadIdentities":{ + "shape":"WorkloadIdentityList", + "documentation":"

The list of workload identities.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Pagination token for the next page of results.

" + } + } + }, + "MCPGatewayConfiguration":{ + "type":"structure", + "members":{ + "supportedVersions":{ + "shape":"McpSupportedVersions", + "documentation":"

The supported versions of the Model Context Protocol. This field specifies which versions of the protocol the gateway can use.

" + }, + "instructions":{ + "shape":"McpInstructions", + "documentation":"

The instructions for using the Model Context Protocol gateway. These instructions provide guidance on how to interact with the gateway.

" + }, + "searchType":{ + "shape":"SearchType", + "documentation":"

The search type for the Model Context Protocol gateway. This field specifies how the gateway handles search operations.

" + } + }, + "documentation":"

The configuration for a Model Context Protocol (MCP) gateway. This structure defines how the gateway implements the MCP protocol.

" + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "McpInstructions":{ + "type":"string", + "max":2048, + "min":1 + }, + "McpLambdaTargetConfiguration":{ + "type":"structure", + "required":[ + "lambdaArn", + "toolSchema" + ], + "members":{ + "lambdaArn":{ + "shape":"LambdaFunctionArn", + "documentation":"

The Amazon Resource Name (ARN) of the Lambda function. This function is invoked by the gateway to communicate with the target.

" + }, + "toolSchema":{ + "shape":"ToolSchema", + "documentation":"

The tool schema for the Lambda function. This schema defines the structure of the tools that the Lambda function provides.

" + } + }, + "documentation":"

The Lambda configuration for a Model Context Protocol target. This structure defines how the gateway uses a Lambda function to communicate with the target.

" + }, + "McpServerTargetConfiguration":{ + "type":"structure", + "required":["endpoint"], + "members":{ + "endpoint":{ + "shape":"McpServerTargetConfigurationEndpointString", + "documentation":"

The endpoint for the MCP server target configuration.

" + } + }, + "documentation":"

The target configuration for the MCP server.

" + }, + "McpServerTargetConfigurationEndpointString":{ + "type":"string", + "pattern":"https://.*" + }, + "McpSupportedVersions":{ + "type":"list", + "member":{"shape":"McpVersion"} + }, + "McpTargetConfiguration":{ + "type":"structure", + "members":{ + "openApiSchema":{ + "shape":"ApiSchemaConfiguration", + "documentation":"

The OpenAPI schema for the Model Context Protocol target. This schema defines the API structure of the target.

" + }, + "smithyModel":{ + "shape":"ApiSchemaConfiguration", + "documentation":"

The Smithy model for the Model Context Protocol target. This model defines the API structure of the target using the Smithy specification.

" + }, + "lambda":{ + "shape":"McpLambdaTargetConfiguration", + "documentation":"

The Lambda configuration for the Model Context Protocol target. This configuration defines how the gateway uses a Lambda function to communicate with the target.

" + }, + "mcpServer":{ + "shape":"McpServerTargetConfiguration", + "documentation":"

The MCP server specified as the gateway target.

" + } + }, + "documentation":"

The Model Context Protocol (MCP) configuration for a target. This structure defines how the gateway uses MCP to communicate with the target.

", + "union":true + }, + "McpVersion":{"type":"string"}, + "Memory":{ + "type":"structure", + "required":[ + "arn", + "id", + "name", + "eventExpiryDuration", + "status", + "createdAt", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"MemoryArn", + "documentation":"

The Amazon Resource Name (ARN) of the memory.

" + }, + "id":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the memory.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the memory.

" + }, + "encryptionKeyArn":{ + "shape":"Arn", + "documentation":"

The ARN of the KMS key used to encrypt the memory.

" + }, + "memoryExecutionRoleArn":{ + "shape":"Arn", + "documentation":"

The ARN of the IAM role that provides permissions for the memory.

" + }, + "eventExpiryDuration":{ + "shape":"MemoryEventExpiryDurationInteger", + "documentation":"

The number of days after which memory events will expire.

" + }, + "status":{ + "shape":"MemoryStatus", + "documentation":"

The current status of the memory.

" + }, + "failureReason":{ + "shape":"String", + "documentation":"

The reason for failure if the memory is in a failed state.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory was last updated.

" + }, + "strategies":{ + "shape":"MemoryStrategyList", + "documentation":"

The list of memory strategies associated with this memory.

" + } + }, + "documentation":"

Contains information about a memory resource.

" + }, + "MemoryArn":{ + "type":"string", + "pattern":"arn:aws:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:memory\\/[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" + }, + "MemoryEventExpiryDurationInteger":{ + "type":"integer", + "box":true, + "max":365, + "min":1 + }, + "MemoryId":{ + "type":"string", + "min":12, + "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" + }, + "MemoryStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "FAILED", + "DELETING" + ] + }, + "MemoryStrategy":{ + "type":"structure", + "required":[ + "strategyId", + "name", + "type", + "namespaces" + ], + "members":{ + "strategyId":{ + "shape":"MemoryStrategyId", + "documentation":"

The unique identifier of the memory strategy.

" + }, + "name":{ + "shape":"Name", + "documentation":"

The name of the memory strategy.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the memory strategy.

" + }, + "configuration":{ + "shape":"StrategyConfiguration", + "documentation":"

The configuration of the memory strategy.

" + }, + "type":{ + "shape":"MemoryStrategyType", + "documentation":"

The type of the memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with the memory strategy.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory strategy was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory strategy was last updated.

" + }, + "status":{ + "shape":"MemoryStrategyStatus", + "documentation":"

The current status of the memory strategy.

" + } + }, + "documentation":"

Contains information about a memory strategy.

" + }, + "MemoryStrategyId":{ + "type":"string", + "min":12, + "pattern":"[a-zA-Z][a-zA-Z0-9-_]{0,99}-[a-zA-Z0-9]{10}" + }, + "MemoryStrategyInput":{ + "type":"structure", + "members":{ + "semanticMemoryStrategy":{ + "shape":"SemanticMemoryStrategyInput", + "documentation":"

Input for creating a semantic memory strategy.

" + }, + "summaryMemoryStrategy":{ + "shape":"SummaryMemoryStrategyInput", + "documentation":"

Input for creating a summary memory strategy.

" + }, + "userPreferenceMemoryStrategy":{ + "shape":"UserPreferenceMemoryStrategyInput", + "documentation":"

Input for creating a user preference memory strategy.

" + }, + "customMemoryStrategy":{ + "shape":"CustomMemoryStrategyInput", + "documentation":"

Input for creating a custom memory strategy.

" + } + }, + "documentation":"

Contains input information for creating a memory strategy.

", + "union":true + }, + "MemoryStrategyInputList":{ + "type":"list", + "member":{"shape":"MemoryStrategyInput"} + }, + "MemoryStrategyList":{ + "type":"list", + "member":{"shape":"MemoryStrategy"} + }, + "MemoryStrategyStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "DELETING", + "FAILED" + ] + }, + "MemoryStrategyType":{ + "type":"string", + "enum":[ + "SEMANTIC", + "SUMMARIZATION", + "USER_PREFERENCE", + "CUSTOM" + ] + }, + "MemorySummary":{ + "type":"structure", + "required":[ + "createdAt", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"MemoryArn", + "documentation":"

The Amazon Resource Name (ARN) of the memory.

" + }, + "id":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory.

" + }, + "status":{ + "shape":"MemoryStatus", + "documentation":"

The current status of the memory.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the memory was last updated.

" + } + }, + "documentation":"

Contains summary information about a memory resource.

" + }, + "MemorySummaryList":{ + "type":"list", + "member":{"shape":"MemorySummary"} + }, + "MessageBasedTrigger":{ + "type":"structure", + "members":{ + "messageCount":{ + "shape":"Integer", + "documentation":"

The number of messages that trigger memory processing.

" + } + }, + "documentation":"

The trigger configuration based on a message.

" + }, + "MessageBasedTriggerInput":{ + "type":"structure", + "members":{ + "messageCount":{ + "shape":"MessageBasedTriggerInputMessageCountInteger", + "documentation":"

The number of messages that trigger memory processing.

" + } + }, + "documentation":"

The trigger configuration based on a message.

" + }, + "MessageBasedTriggerInputMessageCountInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, + "MicrosoftOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Microsoft OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the Microsoft OAuth2 provider.

" + }, + "tenantId":{ + "shape":"TenantIdType", + "documentation":"

The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.

" + } + }, + "documentation":"

Input configuration for a Microsoft OAuth2 provider.

" + }, + "MicrosoftOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the Microsoft provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Microsoft OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a Microsoft OAuth2 provider.

" + }, + "ModifyConsolidationConfiguration":{ + "type":"structure", + "members":{ + "customConsolidationConfiguration":{ + "shape":"CustomConsolidationConfigurationInput", + "documentation":"

The updated custom consolidation configuration.

" + } + }, + "documentation":"

Contains information for modifying a consolidation configuration.

", + "union":true + }, + "ModifyExtractionConfiguration":{ + "type":"structure", + "members":{ + "customExtractionConfiguration":{ + "shape":"CustomExtractionConfigurationInput", + "documentation":"

The updated custom extraction configuration.

" + } + }, + "documentation":"

Contains information for modifying an extraction configuration.

", + "union":true + }, + "ModifyInvocationConfigurationInput":{ + "type":"structure", + "members":{ + "topicArn":{ + "shape":"Arn", + "documentation":"

The updated ARN of the SNS topic for job notifications.

" + }, + "payloadDeliveryBucketName":{ + "shape":"ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString", + "documentation":"

The updated S3 bucket name for event payload delivery.

" + } + }, + "documentation":"

The configuration for updating invocation settings.

" + }, + "ModifyInvocationConfigurationInputPayloadDeliveryBucketNameString":{ + "type":"string", + "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" + }, + "ModifyMemoryStrategies":{ + "type":"structure", + "members":{ + "addMemoryStrategies":{ + "shape":"MemoryStrategyInputList", + "documentation":"

The list of memory strategies to add.

" + }, + "modifyMemoryStrategies":{ + "shape":"ModifyMemoryStrategiesList", + "documentation":"

The list of memory strategies to modify.

" + }, + "deleteMemoryStrategies":{ + "shape":"DeleteMemoryStrategiesList", + "documentation":"

The list of memory strategies to delete.

" + } + }, + "documentation":"

Contains information for modifying memory strategies.

" + }, + "ModifyMemoryStrategiesList":{ + "type":"list", + "member":{"shape":"ModifyMemoryStrategyInput"} + }, + "ModifyMemoryStrategyInput":{ + "type":"structure", + "required":["memoryStrategyId"], + "members":{ + "memoryStrategyId":{ + "shape":"String", + "documentation":"

The unique identifier of the memory strategy to modify.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The updated description of the memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The updated namespaces for the memory strategy.

" + }, + "configuration":{ + "shape":"ModifyStrategyConfiguration", + "documentation":"

The updated configuration for the memory strategy.

" + } + }, + "documentation":"

Input for modifying a memory strategy.

" + }, + "ModifySelfManagedConfiguration":{ + "type":"structure", + "members":{ + "triggerConditions":{ + "shape":"TriggerConditionInputList", + "documentation":"

The updated list of conditions that trigger memory processing.

" + }, + "invocationConfiguration":{ + "shape":"ModifyInvocationConfigurationInput", + "documentation":"

The updated configuration to invoke self-managed memory processing pipeline.

" + }, + "historicalContextWindowSize":{ + "shape":"ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger", + "documentation":"

The updated number of historical messages to include in processing context.

" + } + }, + "documentation":"

The configuration for updating the self-managed memory strategy.

" + }, + "ModifySelfManagedConfigurationHistoricalContextWindowSizeInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":0 + }, + "ModifyStrategyConfiguration":{ + "type":"structure", + "members":{ + "extraction":{ + "shape":"ModifyExtractionConfiguration", + "documentation":"

The updated extraction configuration.

" + }, + "consolidation":{ + "shape":"ModifyConsolidationConfiguration", + "documentation":"

The updated consolidation configuration.

" + }, + "selfManagedConfiguration":{ + "shape":"ModifySelfManagedConfiguration", + "documentation":"

The updated self-managed configuration.

" + } + }, + "documentation":"

Contains information for modifying a strategy configuration.

" + }, + "Name":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" + }, + "Namespace":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[a-zA-Z0-9\\-_\\/]*(\\{(actorId|sessionId|memoryStrategyId)\\}[a-zA-Z0-9\\-_\\/]*)*" + }, + "NamespacesList":{ + "type":"list", + "member":{"shape":"Namespace"}, + "min":1 + }, + "NetworkConfiguration":{ + "type":"structure", + "required":["networkMode"], + "members":{ + "networkMode":{ + "shape":"NetworkMode", + "documentation":"

The network mode for the AgentCore Runtime.

" + }, + "networkModeConfig":{ + "shape":"VpcConfig", + "documentation":"

The network mode configuration for the AgentCore Runtime.

" + } + }, + "documentation":"

SecurityConfig for the Agent.

" + }, + "NetworkMode":{ + "type":"string", + "enum":[ + "PUBLIC", + "VPC" + ] + }, + "NextToken":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\S*" + }, + "NonBlankString":{ + "type":"string", + "pattern":"[\\s\\S]+" + }, + "OAuthCredentialProvider":{ + "type":"structure", + "required":[ + "providerArn", + "scopes" + ], + "members":{ + "providerArn":{ + "shape":"OAuthCredentialProviderArn", + "documentation":"

The Amazon Resource Name (ARN) of the OAuth credential provider. This ARN identifies the provider in Amazon Web Services.

" + }, + "scopes":{ + "shape":"OAuthScopes", + "documentation":"

The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.

" + }, + "customParameters":{ + "shape":"OAuthCustomParameters", + "documentation":"

The custom parameters for the OAuth credential provider. These parameters provide additional configuration for the OAuth authentication process.

" + } + }, + "documentation":"

An OAuth credential provider for gateway authentication. This structure contains the configuration for authenticating with the target endpoint using OAuth.

" + }, + "OAuthCredentialProviderArn":{ + "type":"string", + "pattern":"arn:([^:]*):([^:]*):([^:]*):([0-9]{12})?:(.+)" + }, + "OAuthCustomParameters":{ + "type":"map", + "key":{"shape":"OAuthCustomParametersKey"}, + "value":{"shape":"OAuthCustomParametersValue"}, + "max":10, + "min":1 + }, + "OAuthCustomParametersKey":{ + "type":"string", + "max":256, + "min":1 + }, + "OAuthCustomParametersValue":{ + "type":"string", + "max":2048, + "min":1, + "sensitive":true + }, + "OAuthScope":{ + "type":"string", + "max":64, + "min":1 + }, + "OAuthScopes":{ + "type":"list", + "member":{"shape":"OAuthScope"}, + "max":100, + "min":0 + }, + "Oauth2AuthorizationServerMetadata":{ + "type":"structure", + "required":[ + "issuer", + "authorizationEndpoint", + "tokenEndpoint" + ], + "members":{ + "issuer":{ + "shape":"IssuerUrlType", + "documentation":"

The issuer URL for the OAuth2 authorization server.

" + }, + "authorizationEndpoint":{ + "shape":"AuthorizationEndpointType", + "documentation":"

The authorization endpoint URL for the OAuth2 authorization server.

" + }, + "tokenEndpoint":{ + "shape":"TokenEndpointType", + "documentation":"

The token endpoint URL for the OAuth2 authorization server.

" + }, + "responseTypes":{ + "shape":"ResponseListType", + "documentation":"

The supported response types for the OAuth2 authorization server.

" + }, + "tokenEndpointAuthMethods":{ + "shape":"TokenEndpointAuthMethodsType", + "documentation":"

The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

" + } + }, + "documentation":"

Contains the authorization server metadata for an OAuth2 provider.

" + }, + "Oauth2CredentialProviderItem":{ + "type":"structure", + "required":[ + "name", + "credentialProviderVendor", + "credentialProviderArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider.

" + }, + "credentialProviderVendor":{ + "shape":"CredentialProviderVendorType", + "documentation":"

The vendor of the OAuth2 credential provider.

" + }, + "credentialProviderArn":{ + "shape":"CredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the OAuth2 credential provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was last updated.

" + } + }, + "documentation":"

Contains information about an OAuth2 credential provider.

" + }, + "Oauth2CredentialProviders":{ + "type":"list", + "member":{"shape":"Oauth2CredentialProviderItem"} + }, + "Oauth2Discovery":{ + "type":"structure", + "members":{ + "discoveryUrl":{ + "shape":"DiscoveryUrlType", + "documentation":"

The discovery URL for the OAuth2 provider.

" + }, + "authorizationServerMetadata":{ + "shape":"Oauth2AuthorizationServerMetadata", + "documentation":"

The authorization server metadata for the OAuth2 provider.

" + } + }, + "documentation":"

Contains the discovery information for an OAuth2 provider.

", + "union":true + }, + "Oauth2ProviderConfigInput":{ + "type":"structure", + "members":{ + "customOauth2ProviderConfig":{ + "shape":"CustomOauth2ProviderConfigInput", + "documentation":"

The configuration for a custom OAuth2 provider.

" + }, + "googleOauth2ProviderConfig":{ + "shape":"GoogleOauth2ProviderConfigInput", + "documentation":"

The configuration for a Google OAuth2 provider.

" + }, + "githubOauth2ProviderConfig":{ + "shape":"GithubOauth2ProviderConfigInput", + "documentation":"

The configuration for a GitHub OAuth2 provider.

" + }, + "slackOauth2ProviderConfig":{ + "shape":"SlackOauth2ProviderConfigInput", + "documentation":"

The configuration for a Slack OAuth2 provider.

" + }, + "salesforceOauth2ProviderConfig":{ + "shape":"SalesforceOauth2ProviderConfigInput", + "documentation":"

The configuration for a Salesforce OAuth2 provider.

" + }, + "microsoftOauth2ProviderConfig":{ + "shape":"MicrosoftOauth2ProviderConfigInput", + "documentation":"

The configuration for a Microsoft OAuth2 provider.

" + }, + "atlassianOauth2ProviderConfig":{ + "shape":"AtlassianOauth2ProviderConfigInput", + "documentation":"

Configuration settings for Atlassian OAuth2 provider integration.

" + }, + "linkedinOauth2ProviderConfig":{ + "shape":"LinkedinOauth2ProviderConfigInput", + "documentation":"

Configuration settings for LinkedIn OAuth2 provider integration.

" + }, + "includedOauth2ProviderConfig":{ + "shape":"IncludedOauth2ProviderConfigInput", + "documentation":"

The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.

" + } + }, + "documentation":"

Contains the input configuration for an OAuth2 provider.

", + "union":true + }, + "Oauth2ProviderConfigOutput":{ + "type":"structure", + "members":{ + "customOauth2ProviderConfig":{ + "shape":"CustomOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a custom OAuth2 provider.

" + }, + "googleOauth2ProviderConfig":{ + "shape":"GoogleOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a Google OAuth2 provider.

" + }, + "githubOauth2ProviderConfig":{ + "shape":"GithubOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a GitHub OAuth2 provider.

" + }, + "slackOauth2ProviderConfig":{ + "shape":"SlackOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a Slack OAuth2 provider.

" + }, + "salesforceOauth2ProviderConfig":{ + "shape":"SalesforceOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a Salesforce OAuth2 provider.

" + }, + "microsoftOauth2ProviderConfig":{ + "shape":"MicrosoftOauth2ProviderConfigOutput", + "documentation":"

The output configuration for a Microsoft OAuth2 provider.

" + }, + "atlassianOauth2ProviderConfig":{ + "shape":"AtlassianOauth2ProviderConfigOutput", + "documentation":"

The configuration details for the Atlassian OAuth2 provider.

" + }, + "linkedinOauth2ProviderConfig":{ + "shape":"LinkedinOauth2ProviderConfigOutput", + "documentation":"

The configuration details for the LinkedIn OAuth2 provider.

" + }, + "includedOauth2ProviderConfig":{ + "shape":"IncludedOauth2ProviderConfigOutput", + "documentation":"

The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.

" + } + }, + "documentation":"

Contains the output configuration for an OAuth2 provider.

", + "union":true + }, + "OverrideType":{ + "type":"string", + "enum":[ + "SEMANTIC_OVERRIDE", + "SUMMARY_OVERRIDE", + "USER_PREFERENCE_OVERRIDE", + "SELF_MANAGED" + ] + }, + "Prompt":{ + "type":"string", + "max":30000, + "min":1, + "sensitive":true + }, + "ProtocolConfiguration":{ + "type":"structure", + "required":["serverProtocol"], + "members":{ + "serverProtocol":{ + "shape":"ServerProtocol", + "documentation":"

The server protocol for the agent runtime. This field specifies which protocol the agent runtime uses to communicate with clients.

" + } + }, + "documentation":"

The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.

" + }, + "RecordingConfig":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether recording is enabled for the browser. When set to true, browser sessions are recorded.

" + }, + "s3Location":{ + "shape":"S3Location", + "documentation":"

The Amazon S3 location where browser recordings are stored. This location contains the recorded browser sessions.

" + } + }, + "documentation":"

The recording configuration for a browser. This structure defines how browser sessions are recorded.

" + }, + "RequestHeaderAllowlist":{ + "type":"list", + "member":{"shape":"HeaderName"}, + "max":20, + "min":1 + }, + "RequestHeaderConfiguration":{ + "type":"structure", + "members":{ + "requestHeaderAllowlist":{ + "shape":"RequestHeaderAllowlist", + "documentation":"

A list of HTTP request headers that are allowed to be passed through to the runtime.

" + } + }, + "documentation":"

Configuration for HTTP request headers that will be passed through to the runtime.

", + "union":true + }, + "RequiredProperties":{ + "type":"list", + "member":{"shape":"String"} + }, + "ResourceLimitExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

Exception thrown when a resource limit is exceeded.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when a resource referenced by the operation does not exist

", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ResourceOauth2ReturnUrlListType":{ + "type":"list", + "member":{"shape":"ResourceOauth2ReturnUrlType"} + }, + "ResourceOauth2ReturnUrlType":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\w+:(\\/?\\/?)[^\\s]+" + }, + "ResourceType":{ + "type":"string", + "enum":[ + "SYSTEM", + "CUSTOM" + ] + }, + "ResponseListType":{ + "type":"list", + "member":{"shape":"ResponseType"} + }, + "ResponseType":{"type":"string"}, + "RoleArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(-[^:]+)?:iam::([0-9]{12})?:role/.+" + }, + "RuntimeContainerUri":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"([0-9]{12})\\.dkr\\.ecr\\.([a-z0-9-]+)\\.amazonaws\\.com/((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*)(?::([^:@]{1,300}))?(?:@(.+))?" + }, + "S3BucketUri":{ + "type":"string", + "pattern":"s3://.{1,2043}" + }, + "S3Configuration":{ + "type":"structure", + "members":{ + "uri":{ + "shape":"S3BucketUri", + "documentation":"

The URI of the Amazon S3 object. This URI specifies the location of the object in Amazon S3.

" + }, + "bucketOwnerAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The account ID of the Amazon S3 bucket owner. This ID is used for cross-account access to the bucket.

" + } + }, + "documentation":"

The Amazon S3 configuration for a gateway. This structure defines how the gateway accesses files in Amazon S3.

" + }, + "S3Location":{ + "type":"structure", + "required":[ + "bucket", + "prefix" + ], + "members":{ + "bucket":{ + "shape":"S3LocationBucketString", + "documentation":"

The name of the Amazon S3 bucket. This bucket contains the stored data.

" + }, + "prefix":{ + "shape":"S3LocationPrefixString", + "documentation":"

The prefix for objects in the Amazon S3 bucket. This prefix is added to the object keys to organize the data.

" + }, + "versionId":{ + "shape":"S3LocationVersionIdString", + "documentation":"

The version ID of the Amazon Amazon S3 object. If not specified, the latest version of the object is used.

" + } + }, + "documentation":"

The Amazon S3 location for storing data. This structure defines where in Amazon S3 data is stored.

" + }, + "S3LocationBucketString":{ + "type":"string", + "pattern":"[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]" + }, + "S3LocationPrefixString":{ + "type":"string", + "max":1024, + "min":1 + }, + "S3LocationVersionIdString":{ + "type":"string", + "max":1024, + "min":3 + }, + "SalesforceOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Salesforce OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the Salesforce OAuth2 provider.

" + } + }, + "documentation":"

Input configuration for a Salesforce OAuth2 provider.

" + }, + "SalesforceOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the Salesforce provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Salesforce OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a Salesforce OAuth2 provider.

" + }, + "SandboxName":{ + "type":"string", + "pattern":"[a-zA-Z][a-zA-Z0-9_]{0,47}" + }, + "SchemaDefinition":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"SchemaType", + "documentation":"

The type of the schema definition. This field specifies the data type of the schema.

" + }, + "properties":{ + "shape":"SchemaProperties", + "documentation":"

The properties of the schema definition. These properties define the fields in the schema.

" + }, + "required":{ + "shape":"RequiredProperties", + "documentation":"

The required fields in the schema definition. These fields must be provided when using the schema.

" + }, + "items":{ + "shape":"SchemaDefinition", + "documentation":"

The items in the schema definition. This field is used for array types to define the structure of the array elements.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description of the schema definition. This description provides information about the purpose and usage of the schema.

" + } + }, + "documentation":"

A schema definition for a gateway target. This structure defines the structure of the API that the target exposes.

" + }, + "SchemaProperties":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"SchemaDefinition"} + }, + "SchemaType":{ + "type":"string", + "enum":[ + "string", + "number", + "object", + "array", + "boolean", + "integer" + ] + }, + "SearchType":{ + "type":"string", + "enum":["SEMANTIC"] + }, + "Secret":{ + "type":"structure", + "required":["secretArn"], + "members":{ + "secretArn":{ + "shape":"SecretArn", + "documentation":"

The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.

" + } + }, + "documentation":"

Contains information about a secret in AWS Secrets Manager.

" + }, + "SecretArn":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov):secretsmanager:[A-Za-z0-9-]{1,64}:[0-9]{12}:secret:[a-zA-Z0-9-_/+=.@!]+" + }, + "SecurityGroupId":{ + "type":"string", + "pattern":"sg-[0-9a-zA-Z]{8,17}" + }, + "SecurityGroups":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "max":16, + "min":1 + }, + "SelfManagedConfiguration":{ + "type":"structure", + "required":[ + "triggerConditions", + "invocationConfiguration", + "historicalContextWindowSize" + ], + "members":{ + "triggerConditions":{ + "shape":"TriggerConditionsList", + "documentation":"

A list of conditions that trigger memory processing.

" + }, + "invocationConfiguration":{ + "shape":"InvocationConfiguration", + "documentation":"

The configuration to use when invoking memory processing.

" + }, + "historicalContextWindowSize":{ + "shape":"Integer", + "documentation":"

The number of historical messages to include in processing context.

" + } + }, + "documentation":"

A configuration for a self-managed memory strategy.

" + }, + "SelfManagedConfigurationInput":{ + "type":"structure", + "required":["invocationConfiguration"], + "members":{ + "triggerConditions":{ + "shape":"TriggerConditionInputList", + "documentation":"

A list of conditions that trigger memory processing.

" + }, + "invocationConfiguration":{ + "shape":"InvocationConfigurationInput", + "documentation":"

Configuration to invoke a self-managed memory processing pipeline with.

" + }, + "historicalContextWindowSize":{ + "shape":"SelfManagedConfigurationInputHistoricalContextWindowSizeInteger", + "documentation":"

Number of historical messages to include in processing context.

" + } + }, + "documentation":"

Input configuration for a self-managed memory strategy.

" + }, + "SelfManagedConfigurationInputHistoricalContextWindowSizeInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":0 + }, + "SemanticConsolidationOverride":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for semantic consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for semantic consolidation.

" + } + }, + "documentation":"

Contains semantic consolidation override configuration.

" + }, + "SemanticExtractionOverride":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for semantic extraction.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for semantic extraction.

" + } + }, + "documentation":"

Contains semantic extraction override configuration.

" + }, + "SemanticMemoryStrategyInput":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"Name", + "documentation":"

The name of the semantic memory strategy.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the semantic memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with the semantic memory strategy.

" + } + }, + "documentation":"

Input for creating a semantic memory strategy.

" + }, + "SemanticOverrideConfigurationInput":{ + "type":"structure", + "members":{ + "extraction":{ + "shape":"SemanticOverrideExtractionConfigurationInput", + "documentation":"

The extraction configuration for a semantic override.

" + }, + "consolidation":{ + "shape":"SemanticOverrideConsolidationConfigurationInput", + "documentation":"

The consolidation configuration for a semantic override.

" + } + }, + "documentation":"

Input for semantic override configuration in a memory strategy.

" + }, + "SemanticOverrideConsolidationConfigurationInput":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for semantic consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for semantic consolidation.

" + } + }, + "documentation":"

Input for semantic override consolidation configuration in a memory strategy.

" + }, + "SemanticOverrideExtractionConfigurationInput":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for semantic extraction.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for semantic extraction.

" + } + }, + "documentation":"

Input for semantic override extraction configuration in a memory strategy.

" + }, + "ServerProtocol":{ + "type":"string", + "enum":[ + "MCP", + "HTTP", + "A2A" + ] + }, + "ServiceException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

An internal error occurred.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when a request is made beyond the service quota

", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "SetTokenVaultCMKRequest":{ + "type":"structure", + "required":["kmsConfiguration"], + "members":{ + "tokenVaultId":{ + "shape":"TokenVaultIdType", + "documentation":"

The unique identifier of the token vault to update.

" + }, + "kmsConfiguration":{ + "shape":"KmsConfiguration", + "documentation":"

The KMS configuration for the token vault, including the key type and KMS key ARN.

" + } + } + }, + "SetTokenVaultCMKResponse":{ + "type":"structure", + "required":[ + "tokenVaultId", + "kmsConfiguration", + "lastModifiedDate" + ], + "members":{ + "tokenVaultId":{ + "shape":"TokenVaultIdType", + "documentation":"

The ID of the token vault.

" + }, + "kmsConfiguration":{ + "shape":"KmsConfiguration", + "documentation":"

The KMS configuration for the token vault.

" + }, + "lastModifiedDate":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the token vault was last modified.

" + } + } + }, + "SlackOauth2ProviderConfigInput":{ + "type":"structure", + "required":[ + "clientId", + "clientSecret" + ], + "members":{ + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Slack OAuth2 provider.

" + }, + "clientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret for the Slack OAuth2 provider.

" + } + }, + "documentation":"

Input configuration for a Slack OAuth2 provider.

" + }, + "SlackOauth2ProviderConfigOutput":{ + "type":"structure", + "required":["oauthDiscovery"], + "members":{ + "oauthDiscovery":{ + "shape":"Oauth2Discovery", + "documentation":"

The OAuth2 discovery information for the Slack provider.

" + }, + "clientId":{ + "shape":"ClientIdType", + "documentation":"

The client ID for the Slack OAuth2 provider.

" + } + }, + "documentation":"

Output configuration for a Slack OAuth2 provider.

" + }, + "StatusReason":{ + "type":"string", + "max":2048, + "min":0 + }, + "StatusReasons":{ + "type":"list", + "member":{"shape":"StatusReason"}, + "max":100, + "min":0 + }, + "StrategyConfiguration":{ + "type":"structure", + "members":{ + "type":{ + "shape":"OverrideType", + "documentation":"

The type of override for the strategy configuration.

" + }, + "extraction":{ + "shape":"ExtractionConfiguration", + "documentation":"

The extraction configuration for the memory strategy.

" + }, + "consolidation":{ + "shape":"ConsolidationConfiguration", + "documentation":"

The consolidation configuration for the memory strategy.

" + }, + "selfManagedConfiguration":{ + "shape":"SelfManagedConfiguration", + "documentation":"

Self-managed configuration settings.

" + } + }, + "documentation":"

Contains configuration information for a memory strategy.

" + }, + "String":{"type":"string"}, + "SubnetId":{ + "type":"string", + "pattern":"subnet-[0-9a-zA-Z]{8,17}" + }, + "Subnets":{ + "type":"list", + "member":{"shape":"SubnetId"}, + "max":16, + "min":1 + }, + "SummaryConsolidationOverride":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for summary consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for summary consolidation.

" + } + }, + "documentation":"

Contains summary consolidation override configuration.

" + }, + "SummaryMemoryStrategyInput":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"Name", + "documentation":"

The name of the summary memory strategy.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the summary memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with the summary memory strategy.

" + } + }, + "documentation":"

Input for creating a summary memory strategy.

" + }, + "SummaryOverrideConfigurationInput":{ + "type":"structure", + "members":{ + "consolidation":{ + "shape":"SummaryOverrideConsolidationConfigurationInput", + "documentation":"

The consolidation configuration for a summary override.

" + } + }, + "documentation":"

Input for summary override configuration in a memory strategy.

" + }, + "SummaryOverrideConsolidationConfigurationInput":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for summary consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for summary consolidation.

" + } + }, + "documentation":"

Input for summary override consolidation configuration in a memory strategy.

" + }, + "SynchronizeGatewayTargetsRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "targetIdList" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The gateway Identifier.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "targetIdList":{ + "shape":"TargetIdList", + "documentation":"

The target ID list.

" + } + } + }, + "SynchronizeGatewayTargetsResponse":{ + "type":"structure", + "members":{ + "targets":{ + "shape":"GatewayTargetList", + "documentation":"

The gateway targets for synchronization.

" + } + } + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource that you want to tag.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

The tags to add to the resource. A tag is a key-value pair.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[a-zA-Z0-9\\s._:/=+@-]*" + }, + "TaggableResourcesArn":{ + "type":"string", + "max":1011, + "min":20, + "pattern":"arn:(?:[^:]+)?:bedrock-agentcore:[a-z0-9-]+:[0-9]{12}:([a-z-]+/[^/]+)(?:/[a-z-]+/[^/]+)*" + }, + "TagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":50, + "min":0 + }, + "TargetConfiguration":{ + "type":"structure", + "members":{ + "mcp":{ + "shape":"McpTargetConfiguration", + "documentation":"

The Model Context Protocol (MCP) configuration for the target. This configuration defines how the gateway uses MCP to communicate with the target.

" + } + }, + "documentation":"

The configuration for a gateway target. This structure defines how the gateway connects to and interacts with the target endpoint.

", + "union":true + }, + "TargetDescription":{ + "type":"string", + "max":200, + "min":1, + "sensitive":true + }, + "TargetId":{ + "type":"string", + "pattern":"[0-9a-zA-Z]{10}" + }, + "TargetIdList":{ + "type":"list", + "member":{"shape":"TargetId"}, + "max":1, + "min":1 + }, + "TargetMaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "TargetName":{ + "type":"string", + "pattern":"([0-9a-zA-Z][-]?){1,100}", + "sensitive":true + }, + "TargetNextToken":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"\\S*" + }, + "TargetStatus":{ + "type":"string", + "enum":[ + "CREATING", + "UPDATING", + "UPDATE_UNSUCCESSFUL", + "DELETING", + "READY", + "FAILED", + "SYNCHRONIZING", + "SYNCHRONIZE_UNSUCCESSFUL" + ] + }, + "TargetSummaries":{ + "type":"list", + "member":{"shape":"TargetSummary"} + }, + "TargetSummary":{ + "type":"structure", + "required":[ + "targetId", + "name", + "status", + "createdAt", + "updatedAt" + ], + "members":{ + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the target.

" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The name of the target.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The current status of the target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The description of the target.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the target was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the target was last updated.

" + } + }, + "documentation":"

Contains summary information about a gateway target. A target represents an endpoint that the gateway can connect to.

" + }, + "TenantIdType":{ + "type":"string", + "max":2048, + "min":1 + }, + "ThrottledException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

API rate limit has been exceeded.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when the number of requests exceeds the limit

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "TimeBasedTrigger":{ + "type":"structure", + "members":{ + "idleSessionTimeout":{ + "shape":"Integer", + "documentation":"

Idle session timeout (seconds) that triggers memory processing.

" + } + }, + "documentation":"

Trigger configuration based on time.

" + }, + "TimeBasedTriggerInput":{ + "type":"structure", + "members":{ + "idleSessionTimeout":{ + "shape":"TimeBasedTriggerInputIdleSessionTimeoutInteger", + "documentation":"

Idle session timeout (seconds) that triggers memory processing.

" + } + }, + "documentation":"

Trigger configuration based on time.

" + }, + "TimeBasedTriggerInputIdleSessionTimeoutInteger":{ + "type":"integer", + "box":true, + "max":3000, + "min":10 + }, + "Timestamp":{"type":"timestamp"}, + "TokenAuthMethod":{ + "type":"string", + "pattern":"(client_secret_post|client_secret_basic)" + }, + "TokenBasedTrigger":{ + "type":"structure", + "members":{ + "tokenCount":{ + "shape":"Integer", + "documentation":"

Number of tokens that trigger memory processing.

" + } + }, + "documentation":"

Trigger configuration based on tokens.

" + }, + "TokenBasedTriggerInput":{ + "type":"structure", + "members":{ + "tokenCount":{ + "shape":"TokenBasedTriggerInputTokenCountInteger", + "documentation":"

Number of tokens that trigger memory processing.

" + } + }, + "documentation":"

Trigger configuration based on tokens.

" + }, + "TokenBasedTriggerInputTokenCountInteger":{ + "type":"integer", + "box":true, + "max":500000, + "min":100 + }, + "TokenEndpointAuthMethodsType":{ + "type":"list", + "member":{"shape":"TokenAuthMethod"}, + "max":2, + "min":1 + }, + "TokenEndpointType":{"type":"string"}, + "TokenVaultIdType":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9\\-_]+" + }, + "ToolDefinition":{ + "type":"structure", + "required":[ + "name", + "description", + "inputSchema" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

The name of the tool. This name identifies the tool in the Model Context Protocol.

" + }, + "description":{ + "shape":"String", + "documentation":"

The description of the tool. This description provides information about the purpose and usage of the tool.

" + }, + "inputSchema":{ + "shape":"SchemaDefinition", + "documentation":"

The input schema for the tool. This schema defines the structure of the input that the tool accepts.

" + }, + "outputSchema":{ + "shape":"SchemaDefinition", + "documentation":"

The output schema for the tool. This schema defines the structure of the output that the tool produces.

" + } + }, + "documentation":"

A tool definition for a gateway target. This structure defines a tool that the target exposes through the Model Context Protocol.

" + }, + "ToolDefinitions":{ + "type":"list", + "member":{"shape":"ToolDefinition"} + }, + "ToolSchema":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"S3Configuration", + "documentation":"

The Amazon S3 location of the tool schema. This location contains the schema definition file.

" + }, + "inlinePayload":{ + "shape":"ToolDefinitions", + "documentation":"

The inline payload of the tool schema. This payload contains the schema definition directly in the request.

" + } + }, + "documentation":"

A tool schema for a gateway target. This structure defines the schema for a tool that the target exposes through the Model Context Protocol.

", + "union":true + }, + "TriggerCondition":{ + "type":"structure", + "members":{ + "messageBasedTrigger":{ + "shape":"MessageBasedTrigger", + "documentation":"

Message based trigger configuration.

" + }, + "tokenBasedTrigger":{ + "shape":"TokenBasedTrigger", + "documentation":"

Token based trigger configuration.

" + }, + "timeBasedTrigger":{ + "shape":"TimeBasedTrigger", + "documentation":"

Time based trigger configuration.

" + } + }, + "documentation":"

Condition that triggers memory processing.

", + "union":true + }, + "TriggerConditionInput":{ + "type":"structure", + "members":{ + "messageBasedTrigger":{ + "shape":"MessageBasedTriggerInput", + "documentation":"

Message based trigger configuration.

" + }, + "tokenBasedTrigger":{ + "shape":"TokenBasedTriggerInput", + "documentation":"

Token based trigger configuration.

" + }, + "timeBasedTrigger":{ + "shape":"TimeBasedTriggerInput", + "documentation":"

Time based trigger configuration.

" + } + }, + "documentation":"

Condition that triggers memory processing.

", + "union":true + }, + "TriggerConditionInputList":{ + "type":"list", + "member":{"shape":"TriggerConditionInput"}, + "min":1 + }, + "TriggerConditionsList":{ + "type":"list", + "member":{"shape":"TriggerCondition"}, + "min":1 + }, + "UnauthorizedException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"

This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access

", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableResourcesArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource that you want to untag.

", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"

The tag keys of the tags to remove from the resource.

", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateAgentRuntimeEndpointRequest":{ + "type":"structure", + "required":[ + "agentRuntimeId", + "endpointName" + ], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime associated with the endpoint.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "endpointName":{ + "shape":"EndpointName", + "documentation":"

The name of the AgentCore Runtime endpoint to update.

", + "location":"uri", + "locationName":"endpointName" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The updated version of the AgentCore Runtime for the endpoint.

" + }, + "description":{ + "shape":"AgentEndpointDescription", + "documentation":"

The updated description of the AgentCore Runtime endpoint.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "UpdateAgentRuntimeEndpointResponse":{ + "type":"structure", + "required":[ + "agentRuntimeEndpointArn", + "agentRuntimeArn", + "status", + "createdAt", + "lastUpdatedAt" + ], + "members":{ + "liveVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The currently deployed version of the AgentCore Runtime on the endpoint.

" + }, + "targetVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The target version of the AgentCore Runtime for the endpoint.

" + }, + "agentRuntimeEndpointArn":{ + "shape":"AgentRuntimeEndpointArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime endpoint.

" + }, + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the AgentCore Runtime.

" + }, + "status":{ + "shape":"AgentRuntimeEndpointStatus", + "documentation":"

The current status of the updated AgentCore Runtime endpoint.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime endpoint was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime endpoint was last updated.

" + } + } + }, + "UpdateAgentRuntimeRequest":{ + "type":"structure", + "required":[ + "agentRuntimeId", + "agentRuntimeArtifact", + "roleArn", + "networkConfiguration" + ], + "members":{ + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the AgentCore Runtime to update.

", + "location":"uri", + "locationName":"agentRuntimeId" + }, + "agentRuntimeArtifact":{ + "shape":"AgentRuntimeArtifact", + "documentation":"

The updated artifact of the AgentCore Runtime.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The updated IAM role ARN that provides permissions for the AgentCore Runtime.

" + }, + "networkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"

The updated network configuration for the AgentCore Runtime.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The updated description of the AgentCore Runtime.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The updated authorizer configuration for the AgentCore Runtime.

" + }, + "requestHeaderConfiguration":{ + "shape":"RequestHeaderConfiguration", + "documentation":"

The updated configuration for HTTP request headers that will be passed through to the runtime.

" + }, + "protocolConfiguration":{"shape":"ProtocolConfiguration"}, + "lifecycleConfiguration":{ + "shape":"LifecycleConfiguration", + "documentation":"

The updated life cycle configuration for the AgentCore Runtime.

" + }, + "environmentVariables":{ + "shape":"EnvironmentVariablesMap", + "documentation":"

Updated environment variables to set in the AgentCore Runtime environment.

" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "UpdateAgentRuntimeResponse":{ + "type":"structure", + "required":[ + "agentRuntimeArn", + "agentRuntimeId", + "agentRuntimeVersion", + "createdAt", + "lastUpdatedAt", + "status" + ], + "members":{ + "agentRuntimeArn":{ + "shape":"AgentRuntimeArn", + "documentation":"

The Amazon Resource Name (ARN) of the updated AgentCore Runtime.

" + }, + "agentRuntimeId":{ + "shape":"AgentRuntimeId", + "documentation":"

The unique identifier of the updated AgentCore Runtime.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the updated AgentCore Runtime.

" + }, + "agentRuntimeVersion":{ + "shape":"AgentRuntimeVersion", + "documentation":"

The version of the updated AgentCore Runtime.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime was created.

" + }, + "lastUpdatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the AgentCore Runtime was last updated.

" + }, + "status":{ + "shape":"AgentRuntimeStatus", + "documentation":"

The current status of the updated AgentCore Runtime.

" + } + } + }, + "UpdateApiKeyCredentialProviderRequest":{ + "type":"structure", + "required":[ + "name", + "apiKey" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider to update.

" + }, + "apiKey":{ + "shape":"ApiKeyType", + "documentation":"

The new API key to use for authentication. This value replaces the existing API key and is encrypted and stored securely.

" + } + } + }, + "UpdateApiKeyCredentialProviderResponse":{ + "type":"structure", + "required":[ + "apiKeySecretArn", + "name", + "credentialProviderArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "apiKeySecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the API key credential provider.

" + }, + "credentialProviderArn":{ + "shape":"ApiKeyCredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the API key credential provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the API key credential provider was last updated.

" + } + } + }, + "UpdateGatewayRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "name", + "roleArn", + "protocolType", + "authorizerType" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The identifier of the gateway to update.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway. This name must be the same as the one when the gateway was created.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The updated description for the gateway.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The updated IAM role ARN that provides permissions for the gateway.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

The updated protocol type for the gateway.

" + }, + "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

The updated authorizer type for the gateway.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The updated authorizer configuration for the gateway.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The updated ARN of the KMS key used to encrypt the gateway.

" + }, + "exceptionLevel":{ + "shape":"ExceptionLevel", + "documentation":"

The level of detail in error messages returned when invoking the gateway.

  • If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.

  • If the value is omitted, a generic error message is returned to the end user.

" + } + } + }, + "UpdateGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "gatewayId", + "createdAt", + "updatedAt", + "status", + "name", + "protocolType", + "authorizerType" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the updated gateway.

" + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

The unique identifier of the updated gateway.

" + }, + "gatewayUrl":{ + "shape":"GatewayUrl", + "documentation":"

An endpoint for invoking the updated gateway.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway was last updated.

" + }, + "status":{ + "shape":"GatewayStatus", + "documentation":"

The current status of the updated gateway.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the updated gateway.

" + }, + "name":{ + "shape":"GatewayName", + "documentation":"

The name of the gateway.

" + }, + "description":{ + "shape":"GatewayDescription", + "documentation":"

The updated description of the gateway.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The updated IAM role ARN that provides permissions for the gateway.

" + }, + "protocolType":{ + "shape":"GatewayProtocolType", + "documentation":"

The updated protocol type for the gateway.

" + }, + "protocolConfiguration":{"shape":"GatewayProtocolConfiguration"}, + "authorizerType":{ + "shape":"AuthorizerType", + "documentation":"

The updated authorizer type for the gateway.

" + }, + "authorizerConfiguration":{ + "shape":"AuthorizerConfiguration", + "documentation":"

The updated authorizer configuration for the gateway.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The updated ARN of the KMS key used to encrypt the gateway.

" + }, + "workloadIdentityDetails":{ + "shape":"WorkloadIdentityDetails", + "documentation":"

The workload identity details for the updated gateway.

" + }, + "exceptionLevel":{ + "shape":"ExceptionLevel", + "documentation":"

The level of detail in error messages returned when invoking the gateway.

  • If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.

  • If the value is omitted, a generic error message is returned to the end user.

" + } + } + }, + "UpdateGatewayTargetRequest":{ + "type":"structure", + "required":[ + "gatewayIdentifier", + "targetId", + "name", + "targetConfiguration" + ], + "members":{ + "gatewayIdentifier":{ + "shape":"GatewayIdentifier", + "documentation":"

The unique identifier of the gateway associated with the target.

", + "location":"uri", + "locationName":"gatewayIdentifier" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the gateway target to update.

", + "location":"uri", + "locationName":"targetId" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The updated name for the gateway target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The updated description for the gateway target.

" + }, + "targetConfiguration":{"shape":"TargetConfiguration"}, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The updated credential provider configurations for the gateway target.

" + } + } + }, + "UpdateGatewayTargetResponse":{ + "type":"structure", + "required":[ + "gatewayArn", + "targetId", + "createdAt", + "updatedAt", + "status", + "name", + "targetConfiguration", + "credentialProviderConfigurations" + ], + "members":{ + "gatewayArn":{ + "shape":"GatewayArn", + "documentation":"

The Amazon Resource Name (ARN) of the gateway.

" + }, + "targetId":{ + "shape":"TargetId", + "documentation":"

The unique identifier of the updated gateway target.

" + }, + "createdAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway target was created.

" + }, + "updatedAt":{ + "shape":"DateTimestamp", + "documentation":"

The timestamp when the gateway target was last updated.

" + }, + "status":{ + "shape":"TargetStatus", + "documentation":"

The current status of the updated gateway target.

" + }, + "statusReasons":{ + "shape":"StatusReasons", + "documentation":"

The reasons for the current status of the updated gateway target.

" + }, + "name":{ + "shape":"TargetName", + "documentation":"

The updated name of the gateway target.

" + }, + "description":{ + "shape":"TargetDescription", + "documentation":"

The updated description of the gateway target.

" + }, + "targetConfiguration":{"shape":"TargetConfiguration"}, + "credentialProviderConfigurations":{ + "shape":"CredentialProviderConfigurations", + "documentation":"

The updated credential provider configurations for the gateway target.

" + }, + "lastSynchronizedAt":{ + "shape":"DateTimestamp", + "documentation":"

The date and time at which the targets were last synchronized.

" + } + } + }, + "UpdateMemoryInput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "clientToken":{ + "shape":"UpdateMemoryInputClientTokenString", + "documentation":"

A client token is used for keeping track of idempotent requests. It can contain a session id which can be around 250 chars, combined with a unique AWS identifier.

", + "idempotencyToken":true + }, + "memoryId":{ + "shape":"MemoryId", + "documentation":"

The unique identifier of the memory to update.

", + "location":"uri", + "locationName":"memoryId" + }, + "description":{ + "shape":"Description", + "documentation":"

The updated description of the AgentCore Memory resource.

" + }, + "eventExpiryDuration":{ + "shape":"UpdateMemoryInputEventExpiryDurationInteger", + "documentation":"

The number of days after which memory events will expire, between 7 and 365 days.

" + }, + "memoryExecutionRoleArn":{ + "shape":"Arn", + "documentation":"

The ARN of the IAM role that provides permissions for the AgentCore Memory resource.

" + }, + "memoryStrategies":{ + "shape":"ModifyMemoryStrategies", + "documentation":"

The memory strategies to add, modify, or delete.

" + } + } + }, + "UpdateMemoryInputClientTokenString":{ + "type":"string", + "max":500, + "min":0 + }, + "UpdateMemoryInputEventExpiryDurationInteger":{ + "type":"integer", + "box":true, + "max":365, + "min":7 + }, + "UpdateMemoryOutput":{ + "type":"structure", + "members":{ + "memory":{ + "shape":"Memory", + "documentation":"

The updated AgentCore Memory resource details.

" + } + } + }, + "UpdateOauth2CredentialProviderRequest":{ + "type":"structure", + "required":[ + "name", + "credentialProviderVendor", + "oauth2ProviderConfigInput" + ], + "members":{ + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider to update.

" + }, + "credentialProviderVendor":{ + "shape":"CredentialProviderVendorType", + "documentation":"

The vendor of the OAuth2 credential provider.

" + }, + "oauth2ProviderConfigInput":{ + "shape":"Oauth2ProviderConfigInput", + "documentation":"

The configuration input for the OAuth2 provider.

" + } + } + }, + "UpdateOauth2CredentialProviderResponse":{ + "type":"structure", + "required":[ + "clientSecretArn", + "name", + "credentialProviderVendor", + "credentialProviderArn", + "oauth2ProviderConfigOutput", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "clientSecretArn":{ + "shape":"Secret", + "documentation":"

The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.

" + }, + "name":{ + "shape":"CredentialProviderName", + "documentation":"

The name of the OAuth2 credential provider.

" + }, + "credentialProviderVendor":{ + "shape":"CredentialProviderVendorType", + "documentation":"

The vendor of the OAuth2 credential provider.

" + }, + "credentialProviderArn":{ + "shape":"CredentialProviderArnType", + "documentation":"

The Amazon Resource Name (ARN) of the OAuth2 credential provider.

" + }, + "callbackUrl":{ + "shape":"String", + "documentation":"

Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.

" + }, + "oauth2ProviderConfigOutput":{ + "shape":"Oauth2ProviderConfigOutput", + "documentation":"

The configuration output for the OAuth2 provider.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the OAuth2 credential provider was last updated.

" + } + } + }, + "UpdateWorkloadIdentityRequest":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity to update.

" + }, + "allowedResourceOauth2ReturnUrls":{ + "shape":"ResourceOauth2ReturnUrlListType", + "documentation":"

The new list of allowed OAuth2 return URLs for resources associated with this workload identity. This list replaces the existing list.

" + } + } + }, + "UpdateWorkloadIdentityResponse":{ + "type":"structure", + "required":[ + "name", + "workloadIdentityArn", + "createdTime", + "lastUpdatedTime" + ], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity.

" + }, + "workloadIdentityArn":{ + "shape":"WorkloadIdentityArnType", + "documentation":"

The Amazon Resource Name (ARN) of the workload identity.

" + }, + "allowedResourceOauth2ReturnUrls":{ + "shape":"ResourceOauth2ReturnUrlListType", + "documentation":"

The list of allowed OAuth2 return URLs for resources associated with this workload identity.

" + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the workload identity was created.

" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the workload identity was last updated.

" + } + } + }, + "UserPreferenceConsolidationOverride":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for user preference consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for user preference consolidation.

" + } + }, + "documentation":"

Contains user preference consolidation override configuration.

" + }, + "UserPreferenceExtractionOverride":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for user preference extraction.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for user preference extraction.

" + } + }, + "documentation":"

Contains user preference extraction override configuration.

" + }, + "UserPreferenceMemoryStrategyInput":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"Name", + "documentation":"

The name of the user preference memory strategy.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the user preference memory strategy.

" + }, + "namespaces":{ + "shape":"NamespacesList", + "documentation":"

The namespaces associated with the user preference memory strategy.

" + } + }, + "documentation":"

Input for creating a user preference memory strategy.

" + }, + "UserPreferenceOverrideConfigurationInput":{ + "type":"structure", + "members":{ + "extraction":{ + "shape":"UserPreferenceOverrideExtractionConfigurationInput", + "documentation":"

The extraction configuration for a user preference override.

" + }, + "consolidation":{ + "shape":"UserPreferenceOverrideConsolidationConfigurationInput", + "documentation":"

The consolidation configuration for a user preference override.

" + } + }, + "documentation":"

Input for user preference override configuration in a memory strategy.

" + }, + "UserPreferenceOverrideConsolidationConfigurationInput":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for user preference consolidation.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for user preference consolidation.

" + } + }, + "documentation":"

Input for user preference override consolidation configuration in a memory strategy.

" + }, + "UserPreferenceOverrideExtractionConfigurationInput":{ + "type":"structure", + "required":[ + "appendToPrompt", + "modelId" + ], + "members":{ + "appendToPrompt":{ + "shape":"Prompt", + "documentation":"

The text to append to the prompt for user preference extraction.

" + }, + "modelId":{ + "shape":"String", + "documentation":"

The model ID to use for user preference extraction.

" + } + }, + "documentation":"

Input for user preference override extraction configuration in a memory strategy.

" + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"String"}, + "reason":{"shape":"ValidationExceptionReason"}, + "fieldList":{"shape":"ValidationExceptionFieldList"} + }, + "documentation":"

The input fails to satisfy the constraints specified by the service.

", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

The name of the field.

" + }, + "message":{ + "shape":"String", + "documentation":"

A message describing why this field failed validation.

" + } + }, + "documentation":"

Stores information about a field passed inside a request that resulted in an exception.

" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "CannotParse", + "FieldValidationFailed", + "IdempotentParameterMismatchException", + "EventInOtherSession", + "ResourceConflict" + ] + }, + "VpcConfig":{ + "type":"structure", + "required":[ + "securityGroups", + "subnets" + ], + "members":{ + "securityGroups":{ + "shape":"SecurityGroups", + "documentation":"

The security groups associated with the VPC configuration.

" + }, + "subnets":{ + "shape":"Subnets", + "documentation":"

The subnets associated with the VPC configuration.

" + } + }, + "documentation":"

VpcConfig for the Agent.

" + }, + "WorkloadIdentityArn":{ + "type":"string", + "max":1024, + "min":1 + }, + "WorkloadIdentityArnType":{ + "type":"string", + "max":1024, + "min":1 + }, + "WorkloadIdentityDetails":{ + "type":"structure", + "required":["workloadIdentityArn"], + "members":{ + "workloadIdentityArn":{ + "shape":"WorkloadIdentityArn", + "documentation":"

The ARN associated with the workload identity.

" + } + }, + "documentation":"

The information about the workload identity.

" + }, + "WorkloadIdentityList":{ + "type":"list", + "member":{"shape":"WorkloadIdentityType"} + }, + "WorkloadIdentityNameType":{ + "type":"string", + "max":255, + "min":3, + "pattern":"[A-Za-z0-9_.-]+" + }, + "WorkloadIdentityType":{ + "type":"structure", + "required":[ + "name", + "workloadIdentityArn" + ], + "members":{ + "name":{ + "shape":"WorkloadIdentityNameType", + "documentation":"

The name of the workload identity.

" + }, + "workloadIdentityArn":{ + "shape":"WorkloadIdentityArnType", + "documentation":"

The Amazon Resource Name (ARN) of the workload identity.

" + } + }, + "documentation":"

Contains information about a workload identity.

" + }, + "entryPoint":{ + "type":"string", + "max":128, + "min":1 + } + }, + "documentation":"

Welcome to the Amazon Bedrock AgentCore Control plane API reference. Control plane actions configure, create, modify, and monitor Amazon Web Services resources.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/waiters-2.json 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/waiters-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,26 @@ +{ + "version" : 2, + "waiters" : { + "MemoryCreated" : { + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetMemory", + "acceptors" : [ { + "matcher" : "path", + "argument" : "memory.status", + "state" : "retry", + "expected" : "CREATING" + }, { + "matcher" : "path", + "argument" : "memory.status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "memory.status", + "state" : "failure", + "expected" : "FAILED" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -78,7 +78,7 @@ "http":{ "method":"DELETE", "requestUri":"/blueprints/{blueprintArn}/", - "responseCode":204 + "responseCode":200 }, "input":{"shape":"DeleteBlueprintRequest"}, "output":{"shape":"DeleteBlueprintResponse"}, @@ -97,7 +97,7 @@ "http":{ "method":"DELETE", "requestUri":"/data-automation-projects/{projectArn}/", - "responseCode":204 + "responseCode":200 }, "input":{"shape":"DeleteDataAutomationProjectRequest"}, "output":{"shape":"DeleteDataAutomationProjectResponse"}, @@ -127,7 +127,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets an existing Amazon Bedrock Data Automation Blueprint

" + "documentation":"

Gets an existing Amazon Bedrock Data Automation Blueprint

", + "readonly":true }, "GetDataAutomationProject":{ "name":"GetDataAutomationProject", @@ -145,7 +146,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets an existing Amazon Bedrock Data Automation Project

" + "documentation":"

Gets an existing Amazon Bedrock Data Automation Project

", + "readonly":true }, "ListBlueprints":{ "name":"ListBlueprints", @@ -163,7 +165,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Lists all existing Amazon Bedrock Data Automation Blueprints

" + "documentation":"

Lists all existing Amazon Bedrock Data Automation Blueprints

", + "readonly":true }, "ListDataAutomationProjects":{ "name":"ListDataAutomationProjects", @@ -181,7 +184,63 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Lists all existing Amazon Bedrock Data Automation Projects

" + "documentation":"

Lists all existing Amazon Bedrock Data Automation Projects

", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/listTagsForResource", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

List tags for an Amazon Bedrock Data Automation resource

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tagResource", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Tag an Amazon Bedrock Data Automation resource

" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/untagResource", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Untag an Amazon Bedrock Data Automation resource

" }, "UpdateBlueprint":{ "name":"UpdateBlueprint", @@ -213,6 +272,7 @@ "input":{"shape":"UpdateDataAutomationProjectRequest"}, "output":{"shape":"UpdateDataAutomationProjectResponse"}, "errors":[ + {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -242,7 +302,8 @@ "required":["state"], "members":{ "state":{"shape":"State"}, - "types":{"shape":"AudioExtractionCategoryTypes"} + "types":{"shape":"AudioExtractionCategoryTypes"}, + "typeConfiguration":{"shape":"AudioExtractionCategoryTypeConfiguration"} }, "documentation":"

Category of Audio Extraction

" }, @@ -250,15 +311,55 @@ "type":"string", "enum":[ "AUDIO_CONTENT_MODERATION", - "CHAPTER_CONTENT_MODERATION", - "TRANSCRIPT" + "TRANSCRIPT", + "TOPIC_CONTENT_MODERATION" ] }, + "AudioExtractionCategoryTypeConfiguration":{ + "type":"structure", + "members":{ + "transcript":{"shape":"TranscriptConfiguration"} + }, + "documentation":"

Configuration for different audio extraction category types

" + }, "AudioExtractionCategoryTypes":{ "type":"list", "member":{"shape":"AudioExtractionCategoryType"}, "documentation":"

List of Audio Extraction Category Type

" }, + "AudioGenerativeOutputLanguage":{ + "type":"string", + "documentation":"

Configuration for Audio output language

", + "enum":[ + "DEFAULT", + "EN" + ] + }, + "AudioInputLanguages":{ + "type":"list", + "member":{"shape":"Language"}, + "documentation":"

List of supported audio languages

" + }, + "AudioLanguageConfiguration":{ + "type":"structure", + "members":{ + "inputLanguages":{"shape":"AudioInputLanguages"}, + "generativeOutputLanguage":{"shape":"AudioGenerativeOutputLanguage"}, + "identifyMultipleLanguages":{ + "shape":"Boolean", + "documentation":"

Enable multiple language identification in audio

" + } + }, + "documentation":"

Optional configuration for audio language settings

" + }, + "AudioOverrideConfiguration":{ + "type":"structure", + "members":{ + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"}, + "languageConfiguration":{"shape":"AudioLanguageConfiguration"} + }, + "documentation":"

Override Configuration of Audio

" + }, "AudioStandardExtraction":{ "type":"structure", "required":["category"], @@ -280,8 +381,8 @@ "type":"string", "enum":[ "AUDIO_SUMMARY", - "CHAPTER_SUMMARY", - "IAB" + "IAB", + "TOPIC_SUMMARY" ] }, "AudioStandardGenerativeFieldTypes":{ @@ -366,7 +467,6 @@ "documentation":"

Schema of the blueprint

", "max":100000, "min":1, - "pattern":"[a-zA-Z0-9\\s!\"\\#\\$%'&\\(\\)\\*\\+\\,\\-\\./:;=\\?@\\[\\\\\\]\\^_`\\{\\|\\}~><]+", "sensitive":true }, "BlueprintStage":{ @@ -414,6 +514,18 @@ "member":{"shape":"BlueprintSummary"}, "documentation":"

List of Blueprints

" }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "ChannelLabelingConfiguration":{ + "type":"structure", + "required":["state"], + "members":{ + "state":{"shape":"State"} + }, + "documentation":"

Channel labeling configuration

" + }, "ClientToken":{ "type":"string", "documentation":"

Client specified token used for idempotency checks

", @@ -449,7 +561,8 @@ "shape":"ClientToken", "idempotencyToken":true }, - "encryptionConfiguration":{"shape":"EncryptionConfiguration"} + "encryptionConfiguration":{"shape":"EncryptionConfiguration"}, + "tags":{"shape":"TagList"} }, "documentation":"

Create Blueprint Request

" }, @@ -503,7 +616,8 @@ "shape":"ClientToken", "idempotencyToken":true }, - "encryptionConfiguration":{"shape":"EncryptionConfiguration"} + "encryptionConfiguration":{"shape":"EncryptionConfiguration"}, + "tags":{"shape":"TagList"} }, "documentation":"

Create DataAutomationProject Request

" }, @@ -559,6 +673,8 @@ "DataAutomationProjectDescription":{ "type":"string", "documentation":"

Description of the DataAutomationProject

", + "max":300, + "min":0, "sensitive":true }, "DataAutomationProjectFilter":{ @@ -649,8 +765,7 @@ }, "DeleteBlueprintResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Delete Blueprint Response

" }, "DeleteDataAutomationProjectRequest":{ @@ -675,6 +790,16 @@ }, "documentation":"

Delete DataAutomationProject Response

" }, + "DesiredModality":{ + "type":"string", + "documentation":"

Desired Modality types

", + "enum":[ + "IMAGE", + "DOCUMENT", + "AUDIO", + "VIDEO" + ] + }, "DocumentBoundingBox":{ "type":"structure", "required":["state"], @@ -749,7 +874,8 @@ "DocumentOverrideConfiguration":{ "type":"structure", "members":{ - "splitter":{"shape":"SplitterConfiguration"} + "splitter":{"shape":"SplitterConfiguration"}, + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} }, "documentation":"

Override Configuration of Document

" }, @@ -791,6 +917,20 @@ }, "documentation":"

KMS Encryption Configuration

" }, + "EncryptionContextKey":{ + "type":"string", + "documentation":"

Encryption context key.

", + "max":2000, + "min":1, + "pattern":".*\\S.*" + }, + "EncryptionContextValue":{ + "type":"string", + "documentation":"

Encryption context value.

", + "max":2000, + "min":1, + "pattern":".*\\S.*" + }, "GetBlueprintRequest":{ "type":"structure", "required":["blueprintArn"], @@ -866,7 +1006,8 @@ "type":"string", "enum":[ "CONTENT_MODERATION", - "TEXT_DETECTION" + "TEXT_DETECTION", + "LOGOS" ] }, "ImageExtractionCategoryTypes":{ @@ -874,6 +1015,13 @@ "member":{"shape":"ImageExtractionCategoryType"}, "documentation":"

List of Image Extraction Category

" }, + "ImageOverrideConfiguration":{ + "type":"structure", + "members":{ + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} + }, + "documentation":"

Override Configuration of Image

" + }, "ImageStandardExtraction":{ "type":"structure", "required":[ @@ -927,8 +1075,8 @@ }, "KmsEncryptionContext":{ "type":"map", - "key":{"shape":"String"}, - "value":{"shape":"String"}, + "key":{"shape":"EncryptionContextKey"}, + "value":{"shape":"EncryptionContextValue"}, "documentation":"

KMS Encryption Context

", "min":1 }, @@ -936,7 +1084,25 @@ "type":"string", "documentation":"

KMS Key Identifier

", "max":2048, - "min":1 + "min":1, + "pattern":"[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]+" + }, + "Language":{ + "type":"string", + "documentation":"

Supported input languages

", + "enum":[ + "EN", + "DE", + "ES", + "FR", + "IT", + "PT", + "JA", + "KO", + "CN", + "TW", + "HK" + ] }, "ListBlueprintsRequest":{ "type":"structure", @@ -979,6 +1145,19 @@ }, "documentation":"

List DataAutomationProject Response

" }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceARN"], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"} + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{"shape":"TagList"} + } + }, "MaxResults":{ "type":"integer", "documentation":"

Max Results

", @@ -986,6 +1165,23 @@ "max":1000, "min":1 }, + "ModalityProcessingConfiguration":{ + "type":"structure", + "members":{ + "state":{"shape":"State"} + }, + "documentation":"

Configuration to enable/disable processing of modality

" + }, + "ModalityRoutingConfiguration":{ + "type":"structure", + "members":{ + "jpeg":{"shape":"DesiredModality"}, + "png":{"shape":"DesiredModality"}, + "mp4":{"shape":"DesiredModality"}, + "mov":{"shape":"DesiredModality"} + }, + "documentation":"

Configuration for routing file type to desired modality

" + }, "NextToken":{ "type":"string", "documentation":"

Pagination token

", @@ -1001,7 +1197,11 @@ "OverrideConfiguration":{ "type":"structure", "members":{ - "document":{"shape":"DocumentOverrideConfiguration"} + "document":{"shape":"DocumentOverrideConfiguration"}, + "image":{"shape":"ImageOverrideConfiguration"}, + "video":{"shape":"VideoOverrideConfiguration"}, + "audio":{"shape":"AudioOverrideConfiguration"}, + "modalityRouting":{"shape":"ModalityRoutingConfiguration"} }, "documentation":"

Override configuration

" }, @@ -1037,6 +1237,14 @@ }, "exception":true }, + "SpeakerLabelingConfiguration":{ + "type":"structure", + "required":["state"], + "members":{ + "state":{"shape":"State"} + }, + "documentation":"

Speaker labeling configuration

" + }, "SplitterConfiguration":{ "type":"structure", "members":{ @@ -1062,7 +1270,66 @@ "DISABLED" ] }, - "String":{"type":"string"}, + "Tag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, + "documentation":"

Key value pair of a tag

" + }, + "TagKey":{ + "type":"string", + "documentation":"

Defines the context of the tag.

", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "documentation":"

List of tag keys

", + "max":200, + "min":0 + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "documentation":"

List of tags

", + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceARN", + "tags" + ], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"}, + "tags":{"shape":"TagList"} + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "documentation":"

Defines the value within the context. e.g. <key=reason, value=training>.

", + "max":256, + "min":0 + }, + "TaggableResourceArn":{ + "type":"string", + "documentation":"

ARN of a taggable resource

", + "max":1011, + "min":20, + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-z0-9-]*:[0-9]{12}:(blueprint|data-automation-project)/[a-zA-Z0-9-]{12,36}" + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -1075,14 +1342,39 @@ }, "exception":true }, + "TranscriptConfiguration":{ + "type":"structure", + "members":{ + "speakerLabeling":{"shape":"SpeakerLabelingConfiguration"}, + "channelLabeling":{"shape":"ChannelLabelingConfiguration"} + }, + "documentation":"

Configuration for transcript related features

" + }, "Type":{ "type":"string", "documentation":"

Type

", "enum":[ "DOCUMENT", - "IMAGE" + "IMAGE", + "AUDIO", + "VIDEO" ] }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceARN", + "tagKeys" + ], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"}, + "tagKeys":{"shape":"TagKeyList"} + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, "UpdateBlueprintRequest":{ "type":"structure", "required":[ @@ -1097,7 +1389,8 @@ "locationName":"blueprintArn" }, "schema":{"shape":"BlueprintSchema"}, - "blueprintStage":{"shape":"BlueprintStage"} + "blueprintStage":{"shape":"BlueprintStage"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} }, "documentation":"

Update Blueprint Request

" }, @@ -1126,7 +1419,8 @@ "projectDescription":{"shape":"DataAutomationProjectDescription"}, "standardOutputConfiguration":{"shape":"StandardOutputConfiguration"}, "customOutputConfiguration":{"shape":"CustomOutputConfiguration"}, - "overrideConfiguration":{"shape":"OverrideConfiguration"} + "overrideConfiguration":{"shape":"OverrideConfiguration"}, + "encryptionConfiguration":{"shape":"EncryptionConfiguration"} }, "documentation":"

Update DataAutomationProject Request

" }, @@ -1192,7 +1486,8 @@ "enum":[ "CONTENT_MODERATION", "TEXT_DETECTION", - "TRANSCRIPT" + "TRANSCRIPT", + "LOGOS" ] }, "VideoExtractionCategoryTypes":{ @@ -1200,6 +1495,13 @@ "member":{"shape":"VideoExtractionCategoryType"}, "documentation":"

List of Video Extraction Category Type

" }, + "VideoOverrideConfiguration":{ + "type":"structure", + "members":{ + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} + }, + "documentation":"

Override Configuration of Video

" + }, "VideoStandardExtraction":{ "type":"structure", "required":[ @@ -1225,8 +1527,8 @@ "type":"string", "enum":[ "VIDEO_SUMMARY", - "SCENE_SUMMARY", - "IAB" + "IAB", + "CHAPTER_SUMMARY" ] }, "VideoStandardGenerativeFieldTypes":{ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,8 +24,8 @@ "input":{"shape":"GetDataAutomationStatusRequest"}, "output":{"shape":"GetDataAutomationStatusResponse"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} @@ -42,13 +42,65 @@ "output":{"shape":"InvokeDataAutomationAsyncResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], "documentation":"

Async API: Invoke data automation.

", "idempotent":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

List tags for an Amazon Bedrock Data Automation resource

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Tag an Amazon Bedrock Data Automation resource

" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Untag an Amazon Bedrock Data Automation resource

" } }, "shapes":{ @@ -60,6 +112,16 @@ "documentation":"

This exception will be thrown when customer does not have access to API.

", "exception":true }, + "AssetProcessingConfiguration":{ + "type":"structure", + "members":{ + "video":{ + "shape":"VideoAssetProcessingConfiguration", + "documentation":"

Video asset processing configuration

" + } + }, + "documentation":"

Config containing asset processing related knobs for all modalities

" + }, "AutomationJobStatus":{ "type":"string", "documentation":"

List of status supported by automation jobs

", @@ -104,6 +166,7 @@ "documentation":"

Blueprint.

" }, "documentation":"

Blueprint list.

", + "max":40, "min":1 }, "BlueprintStage":{ @@ -134,11 +197,11 @@ }, "DataAutomationConfiguration":{ "type":"structure", - "required":["dataAutomationArn"], + "required":["dataAutomationProjectArn"], "members":{ - "dataAutomationArn":{ + "dataAutomationProjectArn":{ "shape":"DataAutomationArn", - "documentation":"

Data automation arn.

" + "documentation":"

Data automation project arn.

" }, "stage":{ "shape":"DataAutomationStage", @@ -147,6 +210,13 @@ }, "documentation":"

Data automation configuration.

" }, + "DataAutomationProfileArn":{ + "type":"string", + "documentation":"

Data automation profile arn.

", + "max":128, + "min":1, + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-profile/[a-zA-Z0-9-_.]+" + }, "DataAutomationStage":{ "type":"string", "documentation":"

Data automation stage.

", @@ -160,8 +230,8 @@ "required":["kmsKeyId"], "members":{ "kmsKeyId":{ - "shape":"NonEmptyString", - "documentation":"

KMS key id.

" + "shape":"KMSKeyId", + "documentation":"

Customer KMS key used for encryption

" }, "kmsEncryptionContext":{ "shape":"EncryptionContextMap", @@ -249,6 +319,10 @@ "s3Uri":{ "shape":"S3Uri", "documentation":"

S3 uri.

" + }, + "assetProcessingConfiguration":{ + "shape":"AssetProcessingConfiguration", + "documentation":"

Asset processing configuration

" } }, "documentation":"

Input configuration.

" @@ -273,7 +347,8 @@ "type":"structure", "required":[ "inputConfiguration", - "outputConfiguration" + "outputConfiguration", + "dataAutomationProfileArn" ], "members":{ "clientToken":{ @@ -304,6 +379,14 @@ "blueprints":{ "shape":"BlueprintList", "documentation":"

Blueprint list.

" + }, + "dataAutomationProfileArn":{ + "shape":"DataAutomationProfileArn", + "documentation":"

Data automation profile ARN

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

List of tags.

" } }, "documentation":"

Invoke Data Automation Async Request

" @@ -319,13 +402,28 @@ }, "documentation":"

Invoke Data Automation Async Response

" }, - "NonBlankString":{ + "KMSKeyId":{ "type":"string", - "pattern":"[\\s\\S]*" + "max":2048, + "min":1, + "pattern":"[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]+" }, - "NonEmptyString":{ + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceARN"], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"} + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{"shape":"TagList"} + } + }, + "NonBlankString":{ "type":"string", - "pattern":".*\\S.*" + "pattern":"[\\s\\S]*" }, "NotificationConfiguration":{ "type":"structure", @@ -362,7 +460,7 @@ "documentation":"

A path in S3

", "max":1024, "min":1, - "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]([^\\x00-\\x1F\\x7F\\{^}%`\\]\">\\[~<#|]*)?" + "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/[^\\x00-\\x1F\\x7F\\{^}%`\\]\">\\[~<#|]*)?" }, "ServiceQuotaExceededException":{ "type":"structure", @@ -373,6 +471,69 @@ "exception":true }, "String":{"type":"string"}, + "Tag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, + "documentation":"

Key value pair of a tag

" + }, + "TagKey":{ + "type":"string", + "documentation":"

Defines the context of the tag.

", + "max":128, + "min":1, + "pattern":"(?!aws:)[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "documentation":"

List of tag keys

", + "max":200, + "min":0 + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "documentation":"

List of tags

", + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceARN", + "tags" + ], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"}, + "tags":{"shape":"TagList"} + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "documentation":"

Defines the value within the context. e.g. <key=reason, value=training>.

", + "max":256, + "min":0, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" + }, + "TaggableResourceArn":{ + "type":"string", + "documentation":"

ARN of a taggable resource

", + "max":1011, + "min":20, + "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:data-automation-invocation/[a-zA-Z0-9-_]+" + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -381,6 +542,50 @@ "documentation":"

This exception will be thrown when customer reached API TPS limit.

", "exception":true }, + "TimestampSegment":{ + "type":"structure", + "required":[ + "startTimeMillis", + "endTimeMillis" + ], + "members":{ + "startTimeMillis":{ + "shape":"TimestampSegmentStartTimeMillisLong", + "documentation":"

Start timestamp in milliseconds

" + }, + "endTimeMillis":{ + "shape":"TimestampSegmentEndTimeMillisLong", + "documentation":"

End timestamp in milliseconds

" + } + }, + "documentation":"

Timestamp segment

" + }, + "TimestampSegmentEndTimeMillisLong":{ + "type":"long", + "box":true, + "min":300000 + }, + "TimestampSegmentStartTimeMillisLong":{ + "type":"long", + "box":true, + "min":0 + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceARN", + "tagKeys" + ], + "members":{ + "resourceARN":{"shape":"TaggableResourceArn"}, + "tagKeys":{"shape":"TagKeyList"} + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, "ValidationException":{ "type":"structure", "members":{ @@ -388,6 +593,27 @@ }, "documentation":"

This exception will be thrown when customer provided invalid parameters.

", "exception":true + }, + "VideoAssetProcessingConfiguration":{ + "type":"structure", + "members":{ + "segmentConfiguration":{ + "shape":"VideoSegmentConfiguration", + "documentation":"

Delimits the segment of the input that will be processed

" + } + }, + "documentation":"

Video asset processing configuration

" + }, + "VideoSegmentConfiguration":{ + "type":"structure", + "members":{ + "timestampSegment":{ + "shape":"TimestampSegment", + "documentation":"

Timestamp segment

" + } + }, + "documentation":"

Delimits the segment of the input that will be processed

", + "union":true } }, "documentation":"

Amazon Bedrock Data Automation Runtime

" diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-runtime/2023-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/bedrock-runtime/2023-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/bedrock-runtime/2023-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-runtime/2023-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json 2.31.35-1/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json --- 2.23.6-1/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,13 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-09-30", - "auth":["aws.auth#sigv4"], + "auth":[ + "aws.auth#sigv4", + "smithy.api#httpBearerAuth" + ], "endpointPrefix":"bedrock-runtime", "protocol":"rest-json", + "protocolSettings":{"h2":"optional"}, "protocols":["rest-json"], "serviceFullName":"Amazon Bedrock Runtime", "serviceId":"Bedrock Runtime", @@ -27,6 +31,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], @@ -43,8 +48,8 @@ "output":{"shape":"ConverseResponse"}, "errors":[ {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ModelTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"ServiceUnavailableException"}, @@ -65,8 +70,8 @@ "output":{"shape":"ConverseStreamResponse"}, "errors":[ {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ModelTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"ServiceUnavailableException"}, @@ -76,6 +81,26 @@ ], "documentation":"

Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.

To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.

The CLI doesn't support streaming operations in Amazon Bedrock, including ConverseStream.

Amazon Bedrock doesn't store any text, images, or documents that you provide as content. The data is only used to generate the response.

You can submit a prompt by including it in the messages field, specifying the modelId of a foundation model or inference profile to run inference on it, and including any other fields that are relevant to your use case.

You can also submit a prompt from Prompt management by specifying the ARN of the prompt version and including a map of variables to values in the promptVariables field. You can append more messages to the prompt by using the messages field. If you use a prompt from Prompt management, you can't include the following fields in the request: additionalModelRequestFields, inferenceConfig, system, or toolConfig. Instead, these fields must be defined through Prompt management. For more information, see Use a prompt from Prompt management.

For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide

For example code, see Conversation streaming example in the Amazon Bedrock User Guide.

This operation requires permission for the bedrock:InvokeModelWithResponseStream action.

To deny all inference access to resources that you specify in the modelId field, you need to deny access to the bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream actions. Doing this also denies access to the resource through the base inference actions (InvokeModel and InvokeModelWithResponseStream). For more information see Deny access for inference on specific models.

For troubleshooting some of the common errors you might encounter when using the ConverseStream API, see Troubleshooting Amazon Bedrock API Error Codes in the Amazon Bedrock User Guide

" }, + "CountTokens":{ + "name":"CountTokens", + "http":{ + "method":"POST", + "requestUri":"/model/{modelId}/count-tokens", + "responseCode":200 + }, + "input":{"shape":"CountTokensRequest"}, + "output":{"shape":"CountTokensResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Returns the token count for a given inference request. This operation helps you estimate token usage before sending requests to foundation models by returning the token count that would be used if the same input were sent to the model in an inference request.

Token counting is model-specific because different models use different tokenization strategies. The token count returned by this operation will match the token count that would be charged if the same input were sent to the model in an InvokeModel or Converse request.

You can use this operation to:

  • Estimate costs before sending inference requests.

  • Optimize prompts to fit within token limits.

  • Plan for token usage in your applications.

This operation accepts the same input formats as InvokeModel and Converse, allowing you to count tokens for both raw text inputs and structured conversation formats.

The following operations are related to CountTokens:

  • InvokeModel - Sends inference requests to foundation models

  • Converse - Sends conversation-based inference requests to foundation models

", + "readonly":true + }, "GetAsyncInvoke":{ "name":"GetAsyncInvoke", "http":{ @@ -91,7 +116,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieve information about an asynchronous invocation.

" + "documentation":"

Retrieve information about an asynchronous invocation.

", + "readonly":true }, "InvokeModel":{ "name":"InvokeModel", @@ -110,12 +136,36 @@ {"shape":"InternalServerException"}, {"shape":"ServiceUnavailableException"}, {"shape":"ValidationException"}, - {"shape":"ModelNotReadyException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"ModelNotReadyException"}, {"shape":"ModelErrorException"} ], "documentation":"

Invokes the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. You use model inference to generate text, images, and embeddings.

For example code, see Invoke model code examples in the Amazon Bedrock User Guide.

This operation requires permission for the bedrock:InvokeModel action.

To deny all inference access to resources that you specify in the modelId field, you need to deny access to the bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream actions. Doing this also denies access to the resource through the Converse API actions (Converse and ConverseStream). For more information see Deny access for inference on specific models.

For troubleshooting some of the common errors you might encounter when using the InvokeModel API, see Troubleshooting Amazon Bedrock API Error Codes in the Amazon Bedrock User Guide

" }, + "InvokeModelWithBidirectionalStream":{ + "name":"InvokeModelWithBidirectionalStream", + "http":{ + "method":"POST", + "requestUri":"/model/{modelId}/invoke-with-bidirectional-stream", + "responseCode":200 + }, + "input":{"shape":"InvokeModelWithBidirectionalStreamRequest"}, + "output":{"shape":"InvokeModelWithBidirectionalStreamResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ModelTimeoutException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ModelStreamErrorException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ModelNotReadyException"}, + {"shape":"ModelErrorException"} + ], + "documentation":"

Invoke the specified Amazon Bedrock model to run inference using the bidirectional stream. The response is returned in a stream that remains open for 8 minutes. A single session can contain multiple prompts and responses from the model. The prompts to the model are provided as audio files and the model's responses are spoken back to the user and transcribed.

It is possible for users to interrupt the model's response with a new prompt, which will halt the response speech. The model will retain contextual awareness of the conversation while pivoting to respond to the new prompt.

" + }, "InvokeModelWithResponseStream":{ "name":"InvokeModelWithResponseStream", "http":{ @@ -134,8 +184,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ModelStreamErrorException"}, {"shape":"ValidationException"}, - {"shape":"ModelNotReadyException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"ModelNotReadyException"}, {"shape":"ModelErrorException"} ], "documentation":"

Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.

To see if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response.

The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeModelWithResponseStream.

For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide.

This operation requires permissions to perform the bedrock:InvokeModelWithResponseStream action.

To deny all inference access to resources that you specify in the modelId field, you need to deny access to the bedrock:InvokeModel and bedrock:InvokeModelWithResponseStream actions. Doing this also denies access to the resource through the Converse API actions (Converse and ConverseStream). For more information see Deny access for inference on specific models.

For troubleshooting some of the common errors you might encounter when using the InvokeModelWithResponseStream API, see Troubleshooting Amazon Bedrock API Error Codes in the Amazon Bedrock User Guide

" @@ -155,7 +205,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists asynchronous invocations.

" + "documentation":"

Lists asynchronous invocations.

", + "readonly":true }, "StartAsyncInvoke":{ "name":"StartAsyncInvoke", @@ -168,8 +219,8 @@ "output":{"shape":"StartAsyncInvokeResponse"}, "errors":[ {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, {"shape":"ServiceUnavailableException"}, {"shape":"ValidationException"}, @@ -199,9 +250,8 @@ }, "AnyToolChoice":{ "type":"structure", - "members":{ - }, - "documentation":"

The model must request at least one tool (no text is generated). For example, {\"any\" : {}}.

" + "members":{}, + "documentation":"

The model must request at least one tool (no text is generated). For example, {\"any\" : {}}. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" }, "ApplyGuardrailRequest":{ "type":"structure", @@ -231,6 +281,10 @@ "content":{ "shape":"GuardrailContentBlockList", "documentation":"

The content details used in the request to apply the guardrail.

" + }, + "outputScope":{ + "shape":"GuardrailOutputScope", + "documentation":"

Specifies the scope of the output that you get in the response. Set to FULL to return the entire output, including any detected and non-detected entries in the response for enhanced debugging.

Note that the full output scope doesn't apply to word filters or regex in sensitive information filters. It does apply to all other filtering policies, including sensitive information with filters that can detect personally identifiable information (PII).

" } } }, @@ -251,6 +305,10 @@ "shape":"GuardrailAction", "documentation":"

The action taken in the response from the guardrail.

" }, + "actionReason":{ + "shape":"String", + "documentation":"

The reason for the action taken when harmful content is detected.

" + }, "outputs":{ "shape":"GuardrailOutputContentList", "documentation":"

The output details in the response from the guardrail.

" @@ -381,16 +439,197 @@ }, "AutoToolChoice":{ "type":"structure", + "members":{}, + "documentation":"

The Model automatically decides if a tool should be called or whether to generate text instead. For example, {\"auto\" : {}}. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide

" + }, + "AutomatedReasoningRuleIdentifier":{ + "type":"string", + "max":12, + "min":0, + "pattern":"[a-z0-9]{12}" + }, + "BidirectionalInputPayloadPart":{ + "type":"structure", + "members":{ + "bytes":{ + "shape":"PartBody", + "documentation":"

The audio content for the bidirectional input.

" + } + }, + "documentation":"

Payload content for the bidirectional input. The input is an audio stream.

", + "event":true, + "sensitive":true + }, + "BidirectionalOutputPayloadPart":{ + "type":"structure", "members":{ + "bytes":{ + "shape":"PartBody", + "documentation":"

The speech output of the bidirectional stream.

" + } }, - "documentation":"

The Model automatically decides if a tool should be called or whether to generate text instead. For example, {\"auto\" : {}}.

" + "documentation":"

Output from the bidirectional stream. The output is speech and a text transcription.

", + "event":true, + "sensitive":true }, + "Blob":{"type":"blob"}, "Body":{ "type":"blob", "max":25000000, "min":0, "sensitive":true }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CachePointBlock":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"CachePointType", + "documentation":"

Specifies the type of cache point within the CachePointBlock.

" + } + }, + "documentation":"

Defines a section of content to be cached for reuse in subsequent API calls.

" + }, + "CachePointType":{ + "type":"string", + "enum":["default"] + }, + "Citation":{ + "type":"structure", + "members":{ + "title":{ + "shape":"String", + "documentation":"

The title or identifier of the source document being cited.

" + }, + "sourceContent":{ + "shape":"CitationSourceContentList", + "documentation":"

The specific content from the source document that was referenced or cited in the generated response.

" + }, + "location":{ + "shape":"CitationLocation", + "documentation":"

The precise location within the source document where the cited content can be found, including character positions, page numbers, or chunk identifiers.

" + } + }, + "documentation":"

Contains information about a citation that references a specific source document. Citations provide traceability between the model's generated response and the source documents that informed that response.

" + }, + "CitationGeneratedContent":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

The text content that was generated by the model and is supported by the associated citation.

" + } + }, + "documentation":"

Contains the generated text content that corresponds to or is supported by a citation from a source document.

", + "union":true + }, + "CitationGeneratedContentList":{ + "type":"list", + "member":{"shape":"CitationGeneratedContent"} + }, + "CitationLocation":{ + "type":"structure", + "members":{ + "web":{ + "shape":"WebLocation", + "documentation":"

The web URL that was cited for this reference.

" + }, + "documentChar":{ + "shape":"DocumentCharLocation", + "documentation":"

The character-level location within the document where the cited content is found.

" + }, + "documentPage":{ + "shape":"DocumentPageLocation", + "documentation":"

The page-level location within the document where the cited content is found.

" + }, + "documentChunk":{ + "shape":"DocumentChunkLocation", + "documentation":"

The chunk-level location within the document where the cited content is found, typically used for documents that have been segmented into logical chunks.

" + } + }, + "documentation":"

Specifies the precise location within a source document where cited content can be found. This can include character-level positions, page numbers, or document chunks depending on the document type and indexing method.

", + "union":true + }, + "CitationSourceContent":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

The text content from the source document that is being cited.

" + } + }, + "documentation":"

Contains the actual text content from a source document that is being cited or referenced in the model's response.

", + "union":true + }, + "CitationSourceContentDelta":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

An incremental update to the text content from the source document that is being cited.

" + } + }, + "documentation":"

Contains incremental updates to the source content text during streaming responses, allowing clients to build up the cited content progressively.

" + }, + "CitationSourceContentList":{ + "type":"list", + "member":{"shape":"CitationSourceContent"} + }, + "CitationSourceContentListDelta":{ + "type":"list", + "member":{"shape":"CitationSourceContentDelta"} + }, + "Citations":{ + "type":"list", + "member":{"shape":"Citation"} + }, + "CitationsConfig":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether citations from the selected document should be used in the model's response. When set to true, the model can generate citations that reference the source documents used to inform the response.

" + } + }, + "documentation":"

Configuration settings for enabling and controlling document citations in Converse API responses. When enabled, the model can include citation information that links generated content back to specific source documents.

" + }, + "CitationsContentBlock":{ + "type":"structure", + "members":{ + "content":{ + "shape":"CitationGeneratedContentList", + "documentation":"

The generated content that is supported by the associated citations.

" + }, + "citations":{ + "shape":"Citations", + "documentation":"

An array of citations that reference the source documents used to generate the associated content.

" + } + }, + "documentation":"

A content block that contains both generated text and associated citation information. This block type is returned when document citations are enabled, providing traceability between the generated content and the source documents that informed the response.

" + }, + "CitationsDelta":{ + "type":"structure", + "members":{ + "title":{ + "shape":"String", + "documentation":"

The title or identifier of the source document being cited.

" + }, + "sourceContent":{ + "shape":"CitationSourceContentListDelta", + "documentation":"

The specific content from the source document that was referenced or cited in the generated response.

" + }, + "location":{ + "shape":"CitationLocation", + "documentation":"

Specifies the precise location within a source document where cited content can be found. This can include character-level positions, page numbers, or document chunks depending on the document type and indexing method.

" + } + }, + "documentation":"

Contains incremental updates to citation information during streaming responses. This allows clients to build up citation data progressively as the response is generated.

" + }, "ConflictException":{ "type":"structure", "members":{ @@ -432,7 +671,19 @@ }, "guardContent":{ "shape":"GuardrailConverseContentBlock", - "documentation":"

Contains the content to assess with the guardrail. If you don't specify guardContent in a call to the Converse API, the guardrail (if passed in the Converse API) assesses the entire message.

For more information, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. 

 </p>
" + "documentation":"

Contains the content to assess with the guardrail. If you don't specify guardContent in a call to the Converse API, the guardrail (if passed in the Converse API) assesses the entire message.

For more information, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

CachePoint to include in the message.

" + }, + "reasoningContent":{ + "shape":"ReasoningContentBlock", + "documentation":"

Contains content regarding the reasoning that is carried out by the model. Reasoning refers to a Chain of Thought (CoT) that the model generates to enhance the accuracy of its final response.

" + }, + "citationsContent":{ + "shape":"CitationsContentBlock", + "documentation":"

A content block that contains both generated text and associated citation information, providing traceability between the response and source documents.

" } }, "documentation":"

A block of content for a message that you pass to, or receive from, a model with the Converse or ConverseStream API operations.

", @@ -448,9 +699,21 @@ "toolUse":{ "shape":"ToolUseBlockDelta", "documentation":"

Information about a tool that the model is requesting to use.

" + }, + "toolResult":{ + "shape":"ToolResultBlocksDelta", + "documentation":"

An incremental update that contains the results from a tool call.

" + }, + "reasoningContent":{ + "shape":"ReasoningContentBlockDelta", + "documentation":"

Contains content regarding the reasoning that is carried out by the model. Reasoning refers to a Chain of Thought (CoT) that the model generates to enhance the accuracy of its final response.

" + }, + "citation":{ + "shape":"CitationsDelta", + "documentation":"

Incremental citation information that is streamed as part of the response generation process.

" } }, - "documentation":"

A bock of content in a streaming response.

", + "documentation":"

A block of content in a streaming response.

", "union":true }, "ContentBlockDeltaEvent":{ @@ -478,6 +741,10 @@ "toolUse":{ "shape":"ToolUseBlockStart", "documentation":"

Information about a tool that the model is requesting to use.

" + }, + "toolResult":{ + "shape":"ToolResultBlockStart", + "documentation":"

The

" } }, "documentation":"

Content block start information.

", @@ -529,7 +796,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)|([a-zA-Z0-9-:.]+)|(^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?))$|(^arn:aws:sagemaker:[a-z0-9-]+:[0-9]{12}:endpoint/[a-zA-Z0-9-]+$)|(^arn:aws(-[^:]+)?:bedrock:([0-9a-z-]{1,20}):([0-9]{12}):default-prompt-router/[a-zA-Z0-9-:.]+$)" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:custom-model-deployment/[a-z0-9]{12})|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)|([a-zA-Z0-9-:.]+)|(^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?))$|(^arn:aws:sagemaker:[a-z0-9-]+:[0-9]{12}:endpoint/[a-zA-Z0-9-]+$)|(^arn:aws(-[^:]+)?:bedrock:([0-9a-z-]{1,20}):([0-9]{12}):(default-)?prompt-router/[a-zA-Z0-9-:.]+$)" }, "ConverseMetrics":{ "type":"structure", @@ -730,11 +997,11 @@ }, "validationException":{ "shape":"ValidationException", - "documentation":"

The input fails to satisfy the constraints specified by Amazon Bedrock. For troubleshooting this error, see ValidationError in the Amazon Bedrock User Guide

" + "documentation":"

The input fails to satisfy the constraints specified by Amazon Bedrock. For troubleshooting this error, see ValidationError in the Amazon Bedrock User Guide.

" }, "throttlingException":{ "shape":"ThrottlingException", - "documentation":"

Your request was denied due to exceeding the account quotas for Amazon Bedrock. For troubleshooting this error, see ThrottlingException in the Amazon Bedrock User Guide

" + "documentation":"

Your request was denied due to exceeding the account quotas for Amazon Bedrock. For troubleshooting this error, see ThrottlingException in the Amazon Bedrock User Guide.

" }, "serviceUnavailableException":{ "shape":"ServiceUnavailableException", @@ -829,7 +1096,21 @@ "documentation":"

The request's prompt router.

" } }, - "documentation":"

The trace object in a response from ConverseStream. Currently, you can only trace guardrails.

" + "documentation":"

The trace object in a response from ConverseStream.

" + }, + "ConverseTokensRequest":{ + "type":"structure", + "members":{ + "messages":{ + "shape":"Messages", + "documentation":"

An array of messages to count tokens for.

" + }, + "system":{ + "shape":"SystemContentBlocks", + "documentation":"

The system content blocks to count tokens for. System content provides instructions or context to the model about how it should behave or respond. The token count will include any system content provided.

" + } + }, + "documentation":"

The inputs from a Converse API request for token counting.

This structure mirrors the input format for the Converse operation, allowing you to count tokens for conversation-based inference requests.

" }, "ConverseTrace":{ "type":"structure", @@ -843,18 +1124,60 @@ "documentation":"

The request's prompt router.

" } }, - "documentation":"

The trace object in a response from Converse. Currently, you can only trace guardrails.

" + "documentation":"

The trace object in a response from Converse.

" }, - "Document":{ + "CountTokensInput":{ "type":"structure", "members":{ + "invokeModel":{ + "shape":"InvokeModelTokensRequest", + "documentation":"

An InvokeModel request for which to count tokens. Use this field when you want to count tokens for a raw text input that would be sent to the InvokeModel operation.

" + }, + "converse":{ + "shape":"ConverseTokensRequest", + "documentation":"

A Converse request for which to count tokens. Use this field when you want to count tokens for a conversation-based input that would be sent to the Converse operation.

" + } }, + "documentation":"

The input value for token counting. The value should be either an InvokeModel or Converse request body.

", + "union":true + }, + "CountTokensRequest":{ + "type":"structure", + "required":[ + "modelId", + "input" + ], + "members":{ + "modelId":{ + "shape":"FoundationModelVersionIdentifier", + "documentation":"

The unique identifier or ARN of the foundation model to use for token counting. Each model processes tokens differently, so the token count is specific to the model you specify.

", + "location":"uri", + "locationName":"modelId" + }, + "input":{ + "shape":"CountTokensInput", + "documentation":"

The input for which to count tokens. The structure of this parameter depends on whether you're counting tokens for an InvokeModel or Converse request:

  • For InvokeModel requests, provide the request body in the invokeModel field

  • For Converse requests, provide the messages and system content in the converse field

The input format must be compatible with the model specified in the modelId parameter.

" + } + } + }, + "CountTokensResponse":{ + "type":"structure", + "required":["inputTokens"], + "members":{ + "inputTokens":{ + "shape":"Integer", + "documentation":"

The number of tokens in the provided input according to the specified model's tokenization rules. This count represents the number of input tokens that would be processed if the same input were sent to the model in an inference request. Use this value to estimate costs and ensure your inputs stay within model token limits.

" + } + } + }, + "Document":{ + "type":"structure", + "members":{}, "document":true }, "DocumentBlock":{ "type":"structure", "required":[ - "format", "name", "source" ], @@ -870,6 +1193,14 @@ "source":{ "shape":"DocumentSource", "documentation":"

Contains the content of the document.

" + }, + "context":{ + "shape":"String", + "documentation":"

Contextual information about how the document should be processed or interpreted by the model when generating citations.

" + }, + "citations":{ + "shape":"CitationsConfig", + "documentation":"

Configuration settings that control how citations should be generated for this specific document.

" } }, "documentation":"

A document to include in a message.

" @@ -879,6 +1210,87 @@ "max":200, "min":1 }, + "DocumentCharLocation":{ + "type":"structure", + "members":{ + "documentIndex":{ + "shape":"DocumentCharLocationDocumentIndexInteger", + "documentation":"

The index of the document within the array of documents provided in the request.

" + }, + "start":{ + "shape":"DocumentCharLocationStartInteger", + "documentation":"

The starting character position of the cited content within the document.

" + }, + "end":{ + "shape":"DocumentCharLocationEndInteger", + "documentation":"

The ending character position of the cited content within the document.

" + } + }, + "documentation":"

Specifies a character-level location within a document, providing precise positioning information for cited content using start and end character indices.

" + }, + "DocumentCharLocationDocumentIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentCharLocationEndInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentCharLocationStartInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentChunkLocation":{ + "type":"structure", + "members":{ + "documentIndex":{ + "shape":"DocumentChunkLocationDocumentIndexInteger", + "documentation":"

The index of the document within the array of documents provided in the request.

" + }, + "start":{ + "shape":"DocumentChunkLocationStartInteger", + "documentation":"

The starting chunk identifier or index of the cited content within the document.

" + }, + "end":{ + "shape":"DocumentChunkLocationEndInteger", + "documentation":"

The ending chunk identifier or index of the cited content within the document.

" + } + }, + "documentation":"

Specifies a chunk-level location within a document, providing positioning information for cited content using logical document segments or chunks.

" + }, + "DocumentChunkLocationDocumentIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentChunkLocationEndInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentChunkLocationStartInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentContentBlock":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

The text content of the document.

" + } + }, + "documentation":"

Contains the actual content of a document that can be processed by the model and potentially cited in the response.

", + "union":true + }, + "DocumentContentBlocks":{ + "type":"list", + "member":{"shape":"DocumentContentBlock"} + }, "DocumentFormat":{ "type":"string", "enum":[ @@ -893,12 +1305,57 @@ "md" ] }, + "DocumentPageLocation":{ + "type":"structure", + "members":{ + "documentIndex":{ + "shape":"DocumentPageLocationDocumentIndexInteger", + "documentation":"

The index of the document within the array of documents provided in the request.

" + }, + "start":{ + "shape":"DocumentPageLocationStartInteger", + "documentation":"

The starting page number of the cited content within the document.

" + }, + "end":{ + "shape":"DocumentPageLocationEndInteger", + "documentation":"

The ending page number of the cited content within the document.

" + } + }, + "documentation":"

Specifies a page-level location within a document, providing positioning information for cited content using page numbers.

" + }, + "DocumentPageLocationDocumentIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentPageLocationEndInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "DocumentPageLocationStartInteger":{ + "type":"integer", + "box":true, + "min":0 + }, "DocumentSource":{ "type":"structure", "members":{ "bytes":{ "shape":"DocumentSourceBytesBlob", "documentation":"

The raw bytes for the document. If you use an Amazon Web Services SDK, you don't need to encode the bytes in base64.

" + }, + "s3Location":{ + "shape":"S3Location", + "documentation":"

The location of a document object in an Amazon S3 bucket. To see which models support S3 uploads, see Supported models and features for Converse.

" + }, + "text":{ + "shape":"String", + "documentation":"

The text content of the document source.

" + }, + "content":{ + "shape":"DocumentContentBlocks", + "documentation":"

The structured content of the document source, which may include various content blocks such as text, images, or other document elements.

" } }, "documentation":"

Contains the content of a document.

", @@ -908,6 +1365,13 @@ "type":"blob", "min":1 }, + "FoundationModelVersionIdentifier":{ + "type":"string", + "documentation":"

ARN or ID of a Bedrock model

", + "max":256, + "min":1, + "pattern":"[a-zA-Z_\\.\\-/0-9:]+" + }, "GetAsyncInvokeRequest":{ "type":"structure", "required":["invocationArn"], @@ -998,6 +1462,10 @@ "shape":"GuardrailContextualGroundingPolicyAssessment", "documentation":"

The contextual grounding policy used for the guardrail assessment.

" }, + "automatedReasoningPolicy":{ + "shape":"GuardrailAutomatedReasoningPolicyAssessment", + "documentation":"

The automated reasoning policy assessment results, including logical validation findings for the input content.

" + }, "invocationMetrics":{ "shape":"GuardrailInvocationMetrics", "documentation":"

The invocation metrics for the guardrail assessment.

" @@ -1019,6 +1487,328 @@ "key":{"shape":"String"}, "value":{"shape":"GuardrailAssessment"} }, + "GuardrailAutomatedReasoningDifferenceScenarioList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningScenario"}, + "max":2, + "min":0 + }, + "GuardrailAutomatedReasoningFinding":{ + "type":"structure", + "members":{ + "valid":{ + "shape":"GuardrailAutomatedReasoningValidFinding", + "documentation":"

Contains the result when the automated reasoning evaluation determines that the claims in the input are logically valid and definitively true based on the provided premises and policy rules.

" + }, + "invalid":{ + "shape":"GuardrailAutomatedReasoningInvalidFinding", + "documentation":"

Contains the result when the automated reasoning evaluation determines that the claims in the input are logically invalid and contradict the established premises or policy rules.

" + }, + "satisfiable":{ + "shape":"GuardrailAutomatedReasoningSatisfiableFinding", + "documentation":"

Contains the result when the automated reasoning evaluation determines that the claims in the input could be either true or false depending on additional assumptions not provided in the input context.

" + }, + "impossible":{ + "shape":"GuardrailAutomatedReasoningImpossibleFinding", + "documentation":"

Contains the result when the automated reasoning evaluation determines that no valid logical conclusions can be drawn due to contradictions in the premises or policy rules themselves.

" + }, + "translationAmbiguous":{ + "shape":"GuardrailAutomatedReasoningTranslationAmbiguousFinding", + "documentation":"

Contains the result when the automated reasoning evaluation detects that the input has multiple valid logical interpretations, requiring additional context or clarification to proceed with validation.

" + }, + "tooComplex":{ + "shape":"GuardrailAutomatedReasoningTooComplexFinding", + "documentation":"

Contains the result when the automated reasoning evaluation cannot process the input due to its complexity or volume exceeding the system's processing capacity for logical analysis.

" + }, + "noTranslations":{ + "shape":"GuardrailAutomatedReasoningNoTranslationsFinding", + "documentation":"

Contains the result when the automated reasoning evaluation cannot extract any relevant logical information from the input that can be validated against the policy rules.

" + } + }, + "documentation":"

Represents a logical validation result from automated reasoning policy evaluation. The finding indicates whether claims in the input are logically valid, invalid, satisfiable, impossible, or have other logical issues.

", + "union":true + }, + "GuardrailAutomatedReasoningFindingList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningFinding"} + }, + "GuardrailAutomatedReasoningImpossibleFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"GuardrailAutomatedReasoningTranslation", + "documentation":"

The logical translation of the input that this finding evaluates.

" + }, + "contradictingRules":{ + "shape":"GuardrailAutomatedReasoningRuleList", + "documentation":"

The automated reasoning policy rules that contradict the claims and/or premises in the input.

" + }, + "logicWarning":{ + "shape":"GuardrailAutomatedReasoningLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that no valid claims can be made due to logical contradictions in the premises or rules.

" + }, + "GuardrailAutomatedReasoningInputTextReference":{ + "type":"structure", + "members":{ + "text":{ + "shape":"GuardrailAutomatedReasoningStatementNaturalLanguageContent", + "documentation":"

The specific text from the original input that this reference points to.

" + } + }, + "documentation":"

References a portion of the original input text that corresponds to logical elements.

" + }, + "GuardrailAutomatedReasoningInputTextReferenceList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningInputTextReference"} + }, + "GuardrailAutomatedReasoningInvalidFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"GuardrailAutomatedReasoningTranslation", + "documentation":"

The logical translation of the input that this finding invalidates.

" + }, + "contradictingRules":{ + "shape":"GuardrailAutomatedReasoningRuleList", + "documentation":"

The automated reasoning policy rules that contradict the claims in the input.

" + }, + "logicWarning":{ + "shape":"GuardrailAutomatedReasoningLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims are logically false and contradictory to the established rules or premises.

" + }, + "GuardrailAutomatedReasoningLogicWarning":{ + "type":"structure", + "members":{ + "type":{ + "shape":"GuardrailAutomatedReasoningLogicWarningType", + "documentation":"

The category of the detected logical issue, such as statements that are always true or always false.

" + }, + "premises":{ + "shape":"GuardrailAutomatedReasoningStatementList", + "documentation":"

The logical statements that serve as premises under which the claims are validated.

" + }, + "claims":{ + "shape":"GuardrailAutomatedReasoningStatementList", + "documentation":"

The logical statements that are validated while assuming the policy and premises.

" + } + }, + "documentation":"

Identifies logical issues in the translated statements that exist independent of any policy rules, such as statements that are always true or always false.

" + }, + "GuardrailAutomatedReasoningLogicWarningType":{ + "type":"string", + "enum":[ + "ALWAYS_FALSE", + "ALWAYS_TRUE" + ] + }, + "GuardrailAutomatedReasoningNoTranslationsFinding":{ + "type":"structure", + "members":{}, + "documentation":"

Indicates that no relevant logical information could be extracted from the input for validation.

" + }, + "GuardrailAutomatedReasoningPoliciesProcessed":{ + "type":"integer", + "box":true + }, + "GuardrailAutomatedReasoningPolicyAssessment":{ + "type":"structure", + "members":{ + "findings":{ + "shape":"GuardrailAutomatedReasoningFindingList", + "documentation":"

List of logical validation results produced by evaluating the input content against automated reasoning policies.

" + } + }, + "documentation":"

Contains the results of automated reasoning policy evaluation, including logical findings about the validity of claims made in the input content.

" + }, + "GuardrailAutomatedReasoningPolicyUnitsProcessed":{ + "type":"integer", + "box":true + }, + "GuardrailAutomatedReasoningPolicyVersionArn":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:automated-reasoning-policy/[a-z0-9]{12}(:([1-9][0-9]{0,11}))?" + }, + "GuardrailAutomatedReasoningRule":{ + "type":"structure", + "members":{ + "identifier":{ + "shape":"AutomatedReasoningRuleIdentifier", + "documentation":"

The unique identifier of the automated reasoning rule.

" + }, + "policyVersionArn":{ + "shape":"GuardrailAutomatedReasoningPolicyVersionArn", + "documentation":"

The ARN of the automated reasoning policy version that contains this rule.

" + } + }, + "documentation":"

References a specific automated reasoning policy rule that was applied during evaluation.

" + }, + "GuardrailAutomatedReasoningRuleList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningRule"} + }, + "GuardrailAutomatedReasoningSatisfiableFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"GuardrailAutomatedReasoningTranslation", + "documentation":"

The logical translation of the input that this finding evaluates.

" + }, + "claimsTrueScenario":{ + "shape":"GuardrailAutomatedReasoningScenario", + "documentation":"

An example scenario demonstrating how the claims could be logically true.

" + }, + "claimsFalseScenario":{ + "shape":"GuardrailAutomatedReasoningScenario", + "documentation":"

An example scenario demonstrating how the claims could be logically false.

" + }, + "logicWarning":{ + "shape":"GuardrailAutomatedReasoningLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims could be either true or false depending on additional assumptions not provided in the input.

" + }, + "GuardrailAutomatedReasoningScenario":{ + "type":"structure", + "members":{ + "statements":{ + "shape":"GuardrailAutomatedReasoningStatementList", + "documentation":"

List of logical assignments and statements that define this scenario.

" + } + }, + "documentation":"

Represents a logical scenario where claims can be evaluated as true or false, containing specific logical assignments.

" + }, + "GuardrailAutomatedReasoningStatement":{ + "type":"structure", + "members":{ + "logic":{ + "shape":"GuardrailAutomatedReasoningStatementLogicContent", + "documentation":"

The formal logical representation of the statement.

" + }, + "naturalLanguage":{ + "shape":"GuardrailAutomatedReasoningStatementNaturalLanguageContent", + "documentation":"

The natural language explanation of the logical statement.

" + } + }, + "documentation":"

A logical statement that includes both formal logic representation and natural language explanation.

" + }, + "GuardrailAutomatedReasoningStatementList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningStatement"} + }, + "GuardrailAutomatedReasoningStatementLogicContent":{ + "type":"string", + "max":1000, + "min":0, + "sensitive":true + }, + "GuardrailAutomatedReasoningStatementNaturalLanguageContent":{ + "type":"string", + "max":1000, + "min":0, + "sensitive":true + }, + "GuardrailAutomatedReasoningTooComplexFinding":{ + "type":"structure", + "members":{}, + "documentation":"

Indicates that the input exceeds the processing capacity due to the volume or complexity of the logical information.

" + }, + "GuardrailAutomatedReasoningTranslation":{ + "type":"structure", + "members":{ + "premises":{ + "shape":"GuardrailAutomatedReasoningStatementList", + "documentation":"

The logical statements that serve as the foundation or assumptions for the claims.

" + }, + "claims":{ + "shape":"GuardrailAutomatedReasoningStatementList", + "documentation":"

The logical statements that are being validated against the premises and policy rules.

" + }, + "untranslatedPremises":{ + "shape":"GuardrailAutomatedReasoningInputTextReferenceList", + "documentation":"

References to portions of the original input text that correspond to the premises but could not be fully translated.

" + }, + "untranslatedClaims":{ + "shape":"GuardrailAutomatedReasoningInputTextReferenceList", + "documentation":"

References to portions of the original input text that correspond to the claims but could not be fully translated.

" + }, + "confidence":{ + "shape":"GuardrailAutomatedReasoningTranslationConfidence", + "documentation":"

A confidence score between 0 and 1 indicating how certain the system is about the logical translation.

" + } + }, + "documentation":"

Contains the logical translation of natural language input into formal logical statements, including premises, claims, and confidence scores.

" + }, + "GuardrailAutomatedReasoningTranslationAmbiguousFinding":{ + "type":"structure", + "members":{ + "options":{ + "shape":"GuardrailAutomatedReasoningTranslationOptionList", + "documentation":"

Different logical interpretations that were detected during translation of the input.

" + }, + "differenceScenarios":{ + "shape":"GuardrailAutomatedReasoningDifferenceScenarioList", + "documentation":"

Scenarios showing how the different translation options differ in meaning.

" + } + }, + "documentation":"

Indicates that the input has multiple valid logical interpretations, requiring additional context or clarification.

" + }, + "GuardrailAutomatedReasoningTranslationConfidence":{ + "type":"double", + "box":true, + "max":1, + "min":0 + }, + "GuardrailAutomatedReasoningTranslationList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningTranslation"} + }, + "GuardrailAutomatedReasoningTranslationOption":{ + "type":"structure", + "members":{ + "translations":{ + "shape":"GuardrailAutomatedReasoningTranslationList", + "documentation":"

Example translations that provide this possible interpretation of the input.

" + } + }, + "documentation":"

Represents one possible logical interpretation of ambiguous input content.

" + }, + "GuardrailAutomatedReasoningTranslationOptionList":{ + "type":"list", + "member":{"shape":"GuardrailAutomatedReasoningTranslationOption"}, + "max":2, + "min":0 + }, + "GuardrailAutomatedReasoningValidFinding":{ + "type":"structure", + "members":{ + "translation":{ + "shape":"GuardrailAutomatedReasoningTranslation", + "documentation":"

The logical translation of the input that this finding validates.

" + }, + "claimsTrueScenario":{ + "shape":"GuardrailAutomatedReasoningScenario", + "documentation":"

An example scenario demonstrating how the claims are logically true.

" + }, + "supportingRules":{ + "shape":"GuardrailAutomatedReasoningRuleList", + "documentation":"

The automated reasoning policy rules that support why this result is considered valid.

" + }, + "logicWarning":{ + "shape":"GuardrailAutomatedReasoningLogicWarning", + "documentation":"

Indication of a logic issue with the translation without needing to consider the automated reasoning policy rules.

" + } + }, + "documentation":"

Indicates that the claims are definitively true and logically implied by the premises, with no possible alternative interpretations.

" + }, "GuardrailConfiguration":{ "type":"structure", "required":[ @@ -1083,6 +1873,10 @@ "action":{ "shape":"GuardrailContentPolicyAction", "documentation":"

The guardrail action.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether content that breaches the guardrail configuration is detected.

" } }, "documentation":"

The content filter for a guardrail.

" @@ -1122,7 +1916,10 @@ }, "GuardrailContentPolicyAction":{ "type":"string", - "enum":["BLOCKED"] + "enum":[ + "BLOCKED", + "NONE" + ] }, "GuardrailContentPolicyAssessment":{ "type":"structure", @@ -1135,6 +1932,10 @@ }, "documentation":"

An assessment of a content policy for a guardrail.

" }, + "GuardrailContentPolicyImageUnitsProcessed":{ + "type":"integer", + "box":true + }, "GuardrailContentPolicyUnitsProcessed":{ "type":"integer", "box":true @@ -1182,6 +1983,10 @@ "action":{ "shape":"GuardrailContextualGroundingPolicyAction", "documentation":"

The action performed by the guardrails contextual grounding filter.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether content that fails the contextual grounding evaluation (grounding or relevance score less than the corresponding threshold) was detected.

" } }, "documentation":"

The details for the guardrails contextual grounding filter.

" @@ -1312,7 +2117,7 @@ "documentation":"

The qualifier details for the guardrails contextual grounding filter.

" } }, - "documentation":"

A text block that contains text that you want to assess with a guardrail. For more information, see GuardrailConverseContentBlock.

" + "documentation":"

A text block that contains text that you want to assess with a guardrail. For more information, see GuardrailConverseContentBlock.

" }, "GuardrailCoverage":{ "type":"structure", @@ -1342,6 +2147,10 @@ "action":{ "shape":"GuardrailWordPolicyAction", "documentation":"

The action for the custom word.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether custom word content that breaches the guardrail configuration is detected.

" } }, "documentation":"

A custom word configured in a guardrail.

" @@ -1449,6 +2258,10 @@ "action":{ "shape":"GuardrailWordPolicyAction", "documentation":"

The action for the managed word.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether managed word content that breaches the guardrail configuration is detected.

" } }, "documentation":"

A managed word configured in a guardrail.

" @@ -1475,6 +2288,13 @@ "type":"list", "member":{"shape":"GuardrailOutputContent"} }, + "GuardrailOutputScope":{ + "type":"string", + "enum":[ + "INTERVENTIONS", + "FULL" + ] + }, "GuardrailOutputText":{"type":"string"}, "GuardrailPiiEntityFilter":{ "type":"structure", @@ -1495,6 +2315,10 @@ "action":{ "shape":"GuardrailSensitiveInformationPolicyAction", "documentation":"

The PII entity filter action.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether personally identifiable information (PII) that breaches the guardrail configuration is detected.

" } }, "documentation":"

A Personally Identifiable Information (PII) entity configured in a guardrail.

" @@ -1562,6 +2386,10 @@ "action":{ "shape":"GuardrailSensitiveInformationPolicyAction", "documentation":"

The region filter action.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether custom regex entities that breach the guardrail configuration are detected.

" } }, "documentation":"

A Regex filter configured in a guardrail.

" @@ -1574,7 +2402,8 @@ "type":"string", "enum":[ "ANONYMIZED", - "BLOCKED" + "BLOCKED", + "NONE" ] }, "GuardrailSensitiveInformationPolicyAssessment":{ @@ -1593,7 +2422,7 @@ "documentation":"

The regex queries in the assessment.

" } }, - "documentation":"

The assessment for aPersonally Identifiable Information (PII) policy.

" + "documentation":"

The assessment for a Personally Identifiable Information (PII) policy.

" }, "GuardrailSensitiveInformationPolicyFreeUnitsProcessed":{ "type":"integer", @@ -1627,7 +2456,7 @@ "documentation":"

The processing mode.

The processing mode. For more information, see Configure streaming response behavior in the Amazon Bedrock User Guide.

" } }, - "documentation":"

Configuration information for a guardrail that you use with the ConverseStream action.

" + "documentation":"

Configuration information for a guardrail that you use with the ConverseStream action.

" }, "GuardrailStreamProcessingMode":{ "type":"string", @@ -1684,6 +2513,10 @@ "action":{ "shape":"GuardrailTopicPolicyAction", "documentation":"

The action the guardrail should take when it intervenes on a topic.

" + }, + "detected":{ + "shape":"Boolean", + "documentation":"

Indicates whether topic content that breaches the guardrail configuration is detected.

" } }, "documentation":"

Information about a topic guardrail.

" @@ -1694,7 +2527,10 @@ }, "GuardrailTopicPolicyAction":{ "type":"string", - "enum":["BLOCKED"] + "enum":[ + "BLOCKED", + "NONE" + ] }, "GuardrailTopicPolicyAssessment":{ "type":"structure", @@ -1719,7 +2555,8 @@ "type":"string", "enum":[ "enabled", - "disabled" + "disabled", + "enabled_full" ] }, "GuardrailTraceAssessment":{ @@ -1736,9 +2573,13 @@ "outputAssessments":{ "shape":"GuardrailAssessmentListMap", "documentation":"

the output assessments.

" + }, + "actionReason":{ + "shape":"String", + "documentation":"

Provides the reason for the action taken when harmful content is detected.

" } }, - "documentation":"

A Top level guardrail trace object. For more information, see ConverseTrace.

" + "documentation":"

A Top level guardrail trace object. For more information, see ConverseTrace.

" }, "GuardrailUsage":{ "type":"structure", @@ -1774,6 +2615,18 @@ "contextualGroundingPolicyUnits":{ "shape":"GuardrailContextualGroundingPolicyUnitsProcessed", "documentation":"

The contextual grounding policy units processed by the guardrail.

" + }, + "contentPolicyImageUnits":{ + "shape":"GuardrailContentPolicyImageUnitsProcessed", + "documentation":"

The content policy image units processed by the guardrail.

" + }, + "automatedReasoningPolicyUnits":{ + "shape":"GuardrailAutomatedReasoningPolicyUnitsProcessed", + "documentation":"

The number of text units processed by the automated reasoning policy.

" + }, + "automatedReasoningPolicies":{ + "shape":"GuardrailAutomatedReasoningPoliciesProcessed", + "documentation":"

The number of automated reasoning policies that were processed during the guardrail evaluation.

" } }, "documentation":"

The details on the use of the guardrail.

" @@ -1784,7 +2637,10 @@ }, "GuardrailWordPolicyAction":{ "type":"string", - "enum":["BLOCKED"] + "enum":[ + "BLOCKED", + "NONE" + ] }, "GuardrailWordPolicyAssessment":{ "type":"structure", @@ -1841,6 +2697,10 @@ "bytes":{ "shape":"ImageSourceBytesBlob", "documentation":"

The raw image bytes for the image. If you use an AWS SDK, you don't need to encode the image bytes in base64.

" + }, + "s3Location":{ + "shape":"S3Location", + "documentation":"

The location of an image object in an Amazon S3 bucket. To see which models support S3 uploads, see Supported models and features for Converse.

" } }, "documentation":"

The source for an image.

", @@ -1888,7 +2748,7 @@ "InferenceConfigurationStopSequencesList":{ "type":"list", "member":{"shape":"NonEmptyString"}, - "max":4, + "max":2500, "min":0 }, "InferenceConfigurationTemperatureFloat":{ @@ -1903,6 +2763,10 @@ "max":1, "min":0 }, + "Integer":{ + "type":"integer", + "box":true + }, "InternalServerException":{ "type":"structure", "members":{ @@ -1923,7 +2787,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)|([a-zA-Z0-9-:.]+)$|(^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?))$|(^arn:aws:sagemaker:[a-z0-9-]+:[0-9]{12}:endpoint/[a-zA-Z0-9-]+$)|(^arn:aws(-[^:]+)?:bedrock:([0-9a-z-]{1,20}):([0-9]{12}):default-prompt-router/[a-zA-Z0-9-:.]+$)" + "pattern":"(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:imported-model/[a-z0-9]{12})|([0-9]{12}:provisioned-model/[a-z0-9]{12})|([0-9]{12}:custom-model-deployment/[a-z0-9]{12})|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+)))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)|([a-zA-Z0-9-:.]+)$|(^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:prompt/[0-9a-zA-Z]{10}(?::[0-9]{1,5})?))$|(^arn:aws:sagemaker:[a-z0-9-]+:[0-9]{12}:endpoint/[a-zA-Z0-9-]+$)|(^arn:aws(-[^:]+)?:bedrock:([0-9a-z-]{1,20}):([0-9]{12}):(default-)?prompt-router/[a-zA-Z0-9-:.]+$)" }, "InvokeModelRequest":{ "type":"structure", @@ -1947,7 +2811,7 @@ }, "modelId":{ "shape":"InvokeModelIdentifier", - "documentation":"

The unique identifier of the model to invoke to run inference.

The modelId to provide depends on the type of model or throughput that you use:

", + "documentation":"

The unique identifier of the model to invoke to run inference.

The modelId to provide depends on the type of model or throughput that you use:

", "location":"uri", "locationName":"modelId" }, @@ -2004,6 +2868,94 @@ }, "payload":"body" }, + "InvokeModelTokensRequest":{ + "type":"structure", + "required":["body"], + "members":{ + "body":{ + "shape":"Body", + "documentation":"

The request body to count tokens for, formatted according to the model's expected input format. To learn about the input format for different models, see Model inference parameters and responses.

" + } + }, + "documentation":"

The body of an InvokeModel API request for token counting. This structure mirrors the input format for the InvokeModel operation, allowing you to count tokens for raw text inference requests.

" + }, + "InvokeModelWithBidirectionalStreamInput":{ + "type":"structure", + "members":{ + "chunk":{ + "shape":"BidirectionalInputPayloadPart", + "documentation":"

The audio chunk that is used as input for the invocation step.

" + } + }, + "documentation":"

Payload content, the speech chunk, for the bidirectional input of the invocation step.

", + "eventstream":true + }, + "InvokeModelWithBidirectionalStreamOutput":{ + "type":"structure", + "members":{ + "chunk":{ + "shape":"BidirectionalOutputPayloadPart", + "documentation":"

The speech chunk that was provided as output from the invocation step.

" + }, + "internalServerException":{ + "shape":"InternalServerException", + "documentation":"

The request encountered an unknown internal error.

" + }, + "modelStreamErrorException":{ + "shape":"ModelStreamErrorException", + "documentation":"

The request encountered an error with the model stream.

" + }, + "validationException":{ + "shape":"ValidationException", + "documentation":"

The input fails to satisfy the constraints specified by an Amazon Web Services service.

" + }, + "throttlingException":{ + "shape":"ThrottlingException", + "documentation":"

The request was denied due to request throttling.

" + }, + "modelTimeoutException":{ + "shape":"ModelTimeoutException", + "documentation":"

The connection was closed because a request was not received within the timeout period.

" + }, + "serviceUnavailableException":{ + "shape":"ServiceUnavailableException", + "documentation":"

The request has failed due to a temporary failure of the server.

" + } + }, + "documentation":"

Output from the bidirectional stream that was used for model invocation.

", + "eventstream":true + }, + "InvokeModelWithBidirectionalStreamRequest":{ + "type":"structure", + "required":[ + "modelId", + "body" + ], + "members":{ + "modelId":{ + "shape":"InvokeModelIdentifier", + "documentation":"

The model ID or ARN of the model ID to use. Currently, only amazon.nova-sonic-v1:0 is supported.

", + "location":"uri", + "locationName":"modelId" + }, + "body":{ + "shape":"InvokeModelWithBidirectionalStreamInput", + "documentation":"

The prompt and inference parameters in the format specified in the BidirectionalInputPayloadPart in the header. You must provide the body in JSON format. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.

" + } + }, + "payload":"body" + }, + "InvokeModelWithBidirectionalStreamResponse":{ + "type":"structure", + "required":["body"], + "members":{ + "body":{ + "shape":"InvokeModelWithBidirectionalStreamOutput", + "documentation":"

Streaming response from the model in the format specified by the BidirectionalOutputPayloadPart header.

" + } + }, + "payload":"body" + }, "InvokeModelWithResponseStreamRequest":{ "type":"structure", "required":["modelId"], @@ -2026,7 +2978,7 @@ }, "modelId":{ "shape":"InvokeModelIdentifier", - "documentation":"

The unique identifier of the model to invoke to run inference.

The modelId to provide depends on the type of model or throughput that you use:

", + "documentation":"

The unique identifier of the model to invoke to run inference.

The modelId to provide depends on the type of model or throughput that you use:

", "location":"uri", "locationName":"modelId" }, @@ -2236,8 +3188,7 @@ }, "ModelInputPayload":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true, "sensitive":true }, @@ -2371,6 +3322,58 @@ "documentation":"

Contains a map of variables in a prompt from Prompt management to an object containing the values to fill in for them when running model invocation. For more information, see How Prompt management works.

", "union":true }, + "ReasoningContentBlock":{ + "type":"structure", + "members":{ + "reasoningText":{ + "shape":"ReasoningTextBlock", + "documentation":"

The reasoning that the model used to return the output.

" + }, + "redactedContent":{ + "shape":"Blob", + "documentation":"

The content in the reasoning that was encrypted by the model provider for safety reasons. The encryption doesn't affect the quality of responses.

" + } + }, + "documentation":"

Contains content regarding the reasoning that is carried out by the model with respect to the content in the content block. Reasoning refers to a Chain of Thought (CoT) that the model generates to enhance the accuracy of its final response.

", + "sensitive":true, + "union":true + }, + "ReasoningContentBlockDelta":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

The reasoning that the model used to return the output.

" + }, + "redactedContent":{ + "shape":"Blob", + "documentation":"

The content in the reasoning that was encrypted by the model provider for safety reasons. The encryption doesn't affect the quality of responses.

" + }, + "signature":{ + "shape":"String", + "documentation":"

A token that verifies that the reasoning text was generated by the model. If you pass a reasoning block back to the API in a multi-turn conversation, include the text and its signature unmodified.

" + } + }, + "documentation":"

Contains content regarding the reasoning that is carried out by the model with respect to the content in the content block. Reasoning refers to a Chain of Thought (CoT) that the model generates to enhance the accuracy of its final response.

", + "sensitive":true, + "union":true + }, + "ReasoningTextBlock":{ + "type":"structure", + "required":["text"], + "members":{ + "text":{ + "shape":"String", + "documentation":"

The reasoning that the model used to return the output.

" + }, + "signature":{ + "shape":"String", + "documentation":"

A token that verifies that the reasoning text was generated by the model. If you pass a reasoning block back to the API in a multi-turn conversation, include the text and its signature unmodified.

" + } + }, + "documentation":"

Contains the reasoning that the model used to return the output.

", + "sensitive":true + }, "RequestMetadata":{ "type":"map", "key":{"shape":"RequestMetadataKeyString"}, @@ -2451,7 +3454,7 @@ "documentation":"

If the bucket belongs to another AWS account, specify that account's ID.

" } }, - "documentation":"

A storage location in an S3 bucket.

" + "documentation":"

A storage location in an Amazon S3 bucket.

" }, "S3Uri":{ "type":"string", @@ -2501,7 +3504,7 @@ "documentation":"

The name of the tool that the model must request.

" } }, - "documentation":"

The model must request a specific tool. For example, {\"tool\" : {\"name\" : \"Your tool name\"}}.

This field is only supported by Anthropic Claude 3 models.

" + "documentation":"

The model must request a specific tool. For example, {\"tool\" : {\"name\" : \"Your tool name\"}}. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide

This field is only supported by Anthropic Claude 3 models.

" }, "StartAsyncInvokeRequest":{ "type":"structure", @@ -2558,7 +3561,8 @@ "max_tokens", "stop_sequence", "guardrail_intervened", - "content_filtered" + "content_filtered", + "model_context_window_exceeded" ] }, "String":{"type":"string"}, @@ -2572,15 +3576,30 @@ "guardContent":{ "shape":"GuardrailConverseContentBlock", "documentation":"

A content block to assess with the guardrail. Use with the Converse or ConverseStream API operations.

For more information, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

CachePoint to include in the system prompt.

" } }, - "documentation":"

A system content block.

", + "documentation":"

Contains configurations for instructions to provide the model for how to handle input. To learn more, see Using the Converse API.

", "union":true }, "SystemContentBlocks":{ "type":"list", "member":{"shape":"SystemContentBlock"} }, + "SystemTool":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"ToolName", + "documentation":"

The name of the system-defined tool that you want to call.

" + } + }, + "documentation":"

Specifies a system-defined tool for the model to use. System-defined tools are tools that are created and provided by the model provider.

" + }, "Tag":{ "type":"structure", "required":[ @@ -2660,10 +3679,28 @@ "totalTokens":{ "shape":"TokenUsageTotalTokensInteger", "documentation":"

The total of input tokens and tokens generated by the model.

" + }, + "cacheReadInputTokens":{ + "shape":"TokenUsageCacheReadInputTokensInteger", + "documentation":"

The number of input tokens read from the cache for the request.

" + }, + "cacheWriteInputTokens":{ + "shape":"TokenUsageCacheWriteInputTokensInteger", + "documentation":"

The number of input tokens written to the cache for the request.

" } }, "documentation":"

The tokens used in a message API inference call.

" }, + "TokenUsageCacheReadInputTokensInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "TokenUsageCacheWriteInputTokensInteger":{ + "type":"integer", + "box":true, + "min":0 + }, "TokenUsageInputTokensInteger":{ "type":"integer", "box":true, @@ -2684,10 +3721,18 @@ "members":{ "toolSpec":{ "shape":"ToolSpecification", - "documentation":"

The specfication for the tool.

" + "documentation":"

The specfication for the tool.

" + }, + "systemTool":{ + "shape":"SystemTool", + "documentation":"

Specifies the system-defined tool that you want use.

" + }, + "cachePoint":{ + "shape":"CachePointBlock", + "documentation":"

CachePoint to include in the tool configuration.

" } }, - "documentation":"

Information about a tool that you can use with the Converse API. For more information, see Tool use (function calling) in the Amazon Bedrock User Guide.

", + "documentation":"

Information about a tool that you can use with the Converse API. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

", "union":true }, "ToolChoice":{ @@ -2703,10 +3748,10 @@ }, "tool":{ "shape":"SpecificToolChoice", - "documentation":"

The Model must request the specified tool. Only supported by Anthropic Claude 3 models.

" + "documentation":"

The Model must request the specified tool. Only supported by Anthropic Claude 3 and Amazon Nova models.

" } }, - "documentation":"

Determines which tools the model should request in a call to Converse or ConverseStream. ToolChoice is only supported by Anthropic Claude 3 models and by Mistral AI Mistral Large.

", + "documentation":"

Determines which tools the model should request in a call to Converse or ConverseStream. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

", "union":true }, "ToolConfiguration":{ @@ -2715,11 +3760,11 @@ "members":{ "tools":{ "shape":"ToolConfigurationToolsList", - "documentation":"

An array of tools that you want to pass to a model.

" + "documentation":"

An array of tools that you want to pass to a model.

" }, "toolChoice":{ "shape":"ToolChoice", - "documentation":"

If supported by model, forces the model to request a tool.

" + "documentation":"

If supported by model, forces the model to request a tool.

" } }, "documentation":"

Configuration information for the tools that you pass to a model. For more information, see Tool use (function calling) in the Amazon Bedrock User Guide.

" @@ -2737,7 +3782,7 @@ "documentation":"

The JSON schema for the tool. For more information, see JSON Schema Reference.

" } }, - "documentation":"

The schema for the tool. The top level schema type must be object.

", + "documentation":"

The schema for the tool. The top level schema type must be object. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

", "union":true }, "ToolName":{ @@ -2755,7 +3800,7 @@ "members":{ "toolUseId":{ "shape":"ToolUseId", - "documentation":"

The ID of the tool request that this is the result for.

" + "documentation":"

The ID of the tool request that this is the result for.

" }, "content":{ "shape":"ToolResultContentBlocks", @@ -2763,25 +3808,63 @@ }, "status":{ "shape":"ToolResultStatus", - "documentation":"

The status for the tool result content block.

This field is only supported Anthropic Claude 3 models.

" + "documentation":"

The status for the tool result content block.

This field is only supported by Amazon Nova and Anthropic Claude 3 and 4 models.

" + }, + "type":{ + "shape":"String", + "documentation":"

The type for the tool result content block.

" + } + }, + "documentation":"

A tool result block that contains the results for a tool request that the model previously made. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" + }, + "ToolResultBlockDelta":{ + "type":"structure", + "members":{ + "text":{ + "shape":"String", + "documentation":"

The reasoning the model used to return the output.

" + } + }, + "documentation":"

Contains incremental updates to tool results information during streaming responses. This allows clients to build up tool results data progressively as the response is generated.

", + "union":true + }, + "ToolResultBlockStart":{ + "type":"structure", + "required":["toolUseId"], + "members":{ + "toolUseId":{ + "shape":"ToolUseId", + "documentation":"

The ID of the tool that was used to generate this tool result block.

" + }, + "type":{ + "shape":"String", + "documentation":"

The type for the tool that was used to generate this tool result block.

" + }, + "status":{ + "shape":"ToolResultStatus", + "documentation":"

The status of the tool result block.

" } }, - "documentation":"

A tool result block that contains the results for a tool request that the model previously made.

" + "documentation":"

The start of a tool result block. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" + }, + "ToolResultBlocksDelta":{ + "type":"list", + "member":{"shape":"ToolResultBlockDelta"} }, "ToolResultContentBlock":{ "type":"structure", "members":{ "json":{ "shape":"Document", - "documentation":"

A tool result that is JSON format data.

" + "documentation":"

A tool result that is JSON format data.

" }, "text":{ "shape":"String", - "documentation":"

A tool result that is text.

" + "documentation":"

A tool result that is text.

" }, "image":{ "shape":"ImageBlock", - "documentation":"

A tool result that is an image.

This field is only supported by Anthropic Claude 3 models.

" + "documentation":"

A tool result that is an image.

This field is only supported by Amazon Nova and Anthropic Claude 3 and 4 models.

" }, "document":{ "shape":"DocumentBlock", @@ -2792,7 +3875,7 @@ "documentation":"

A tool result that is video.

" } }, - "documentation":"

The tool result content block.

", + "documentation":"

The tool result content block. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

", "union":true }, "ToolResultContentBlocks":{ @@ -2826,7 +3909,7 @@ "documentation":"

The input schema for the tool in JSON format.

" } }, - "documentation":"

The specification for the tool.

" + "documentation":"

The specification for the tool. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" }, "ToolUseBlock":{ "type":"structure", @@ -2847,9 +3930,13 @@ "input":{ "shape":"Document", "documentation":"

The input to pass to the tool.

" + }, + "type":{ + "shape":"ToolUseType", + "documentation":"

The type for the tool request.

" } }, - "documentation":"

A tool use content block. Contains information about a tool that the model is requesting be run., The model uses the result from the tool to generate a response.

" + "documentation":"

A tool use content block. Contains information about a tool that the model is requesting be run., The model uses the result from the tool to generate a response. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" }, "ToolUseBlockDelta":{ "type":"structure", @@ -2876,9 +3963,13 @@ "name":{ "shape":"ToolName", "documentation":"

The name of the tool that the model is requesting to use.

" + }, + "type":{ + "shape":"ToolUseType", + "documentation":"

The type for the tool request.

" } }, - "documentation":"

The start of a tool use block.

" + "documentation":"

The start of a tool use block. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.

" }, "ToolUseId":{ "type":"string", @@ -2886,11 +3977,16 @@ "min":1, "pattern":"[a-zA-Z0-9_-]+" }, + "ToolUseType":{ + "type":"string", + "enum":["server_tool_use"] + }, "Trace":{ "type":"string", "enum":[ "ENABLED", - "DISABLED" + "DISABLED", + "ENABLED_FULL" ] }, "ValidationException":{ @@ -2946,7 +4042,7 @@ }, "s3Location":{ "shape":"S3Location", - "documentation":"

The location of a video object in an S3 bucket.

" + "documentation":"

The location of a video object in an Amazon S3 bucket. To see which models support S3 uploads, see Supported models and features for Converse.

" } }, "documentation":"

A video source. You can upload a smaller video as a base64-encoded string as long as the encoded file is less than 25MB. You can also transfer videos up to 1GB in size from an S3 bucket.

", @@ -2955,6 +4051,20 @@ "VideoSourceBytesBlob":{ "type":"blob", "min":1 + }, + "WebLocation":{ + "type":"structure", + "members":{ + "url":{ + "shape":"String", + "documentation":"

The URL that was cited when performing a web search.

" + }, + "domain":{ + "shape":"String", + "documentation":"

The domain that was cited when performing a web search.

" + } + }, + "documentation":"

Provides the URL and domain information for the website that was cited when performing a web search.

" } }, "documentation":"

Describes the API operations for running inference using Amazon Bedrock models.

" diff -pruN 2.23.6-1/awscli/botocore/data/billing/2023-09-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/billing/2023-09-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/billing/2023-09-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/billing/2023-09-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,24 +1,31 @@ { "version": "1.0", "parameters": { + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ @@ -51,14 +58,35 @@ }, { "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" } ], "type": "tree" @@ -94,22 +122,96 @@ { "conditions": [ { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { "fn": "booleanEquals", "argv": [ { "ref": "UseFIPS" }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "endpoint": { - "url": "https://billing-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://billing.us-east-1.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://billing.us-east-1.api.aws", "properties": { "authSchemes": [ { "name": "sigv4", - "signingRegion": "{PartitionResult#implicitGlobalRegion}" + "signingRegion": "us-east-1" } ] }, @@ -118,9 +220,228 @@ "type": "endpoint" }, { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://billing-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://billing-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://billing.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { "conditions": [], "endpoint": { - "url": "https://billing.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://billing.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", "properties": { "authSchemes": [ { diff -pruN 2.23.6-1/awscli/botocore/data/billing/2023-09-07/service-2.json 2.31.35-1/awscli/botocore/data/billing/2023-09-07/service-2.json --- 2.23.6-1/awscli/botocore/data/billing/2023-09-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/billing/2023-09-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,27 @@ "uid":"billing-2023-09-07" }, "operations":{ + "AssociateSourceViews":{ + "name":"AssociateSourceViews", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateSourceViewsRequest"}, + "output":{"shape":"AssociateSourceViewsResponse"}, + "errors":[ + {"shape":"BillingViewHealthStatusException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Associates one or more source billing views with an existing billing view. This allows creating aggregate billing views that combine data from multiple sources.

", + "idempotent":true + }, "CreateBillingView":{ "name":"CreateBillingView", "http":{ @@ -24,8 +45,10 @@ "input":{"shape":"CreateBillingViewRequest"}, "output":{"shape":"CreateBillingViewResponse"}, "errors":[ + {"shape":"BillingViewHealthStatusException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, @@ -52,6 +75,26 @@ "documentation":"

Deletes the specified billing view.

", "idempotent":true }, + "DisassociateSourceViews":{ + "name":"DisassociateSourceViews", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateSourceViewsRequest"}, + "output":{"shape":"DisassociateSourceViewsResponse"}, + "errors":[ + {"shape":"BillingViewHealthStatusException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Removes the association between one or more source billing views and an existing billing view. This allows modifying the composition of aggregate billing views.

", + "idempotent":true + }, "GetBillingView":{ "name":"GetBillingView", "http":{ @@ -67,7 +110,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns the metadata associated to the specified billing view ARN.

" + "documentation":"

Returns the metadata associated to the specified billing view ARN.

", + "readonly":true }, "GetResourcePolicy":{ "name":"GetResourcePolicy", @@ -84,7 +128,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Returns the resource-based policy document attached to the resource in JSON format.

" + "documentation":"

Returns the resource-based policy document attached to the resource in JSON format.

", + "readonly":true }, "ListBillingViews":{ "name":"ListBillingViews", @@ -100,7 +145,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the billing views available for a given time period.

Every Amazon Web Services account has a unique PRIMARY billing view that represents the billing data available by default. Accounts that use Billing Conductor also have BILLING_GROUP billing views representing pro forma costs associated with each created billing group.

" + "documentation":"

Lists the billing views available for a given time period.

Every Amazon Web Services account has a unique PRIMARY billing view that represents the billing data available by default. Accounts that use Billing Conductor also have BILLING_GROUP billing views representing pro forma costs associated with each created billing group.

", + "readonly":true }, "ListSourceViewsForBillingView":{ "name":"ListSourceViewsForBillingView", @@ -117,7 +163,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists the source views (managed Amazon Web Services billing views) associated with the billing view.

" + "documentation":"

Lists the source views (managed Amazon Web Services billing views) associated with the billing view.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -134,7 +181,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists tags associated with the billing view resource.

" + "documentation":"

Lists tags associated with the billing view resource.

", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -179,6 +227,7 @@ "input":{"shape":"UpdateBillingViewRequest"}, "output":{"shape":"UpdateBillingViewResponse"}, "errors":[ + {"shape":"BillingViewHealthStatusException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, @@ -223,9 +272,36 @@ }, "documentation":"

A time range with a start and end time.

" }, + "AssociateSourceViewsRequest":{ + "type":"structure", + "required":[ + "arn", + "sourceViews" + ], + "members":{ + "arn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) of the billing view to associate source views with.

" + }, + "sourceViews":{ + "shape":"BillingViewSourceViewsList", + "documentation":"

A list of ARNs of the source billing views to associate.

" + } + } + }, + "AssociateSourceViewsResponse":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"BillingViewArn", + "documentation":"

The ARN of the billing view that the source views were associated with.

" + } + } + }, "BillingViewArn":{ "type":"string", - "pattern":"arn:aws[a-z-]*:(billing)::[0-9]{12}:billingview/[a-zA-Z0-9/:_\\+=\\.\\-@]{0,59}[a-zA-Z0-9]" + "pattern":"arn:aws[a-z-]*:(billing)::[0-9]{12}:billingview/[a-zA-Z0-9/:_\\+=\\.\\-@]{0,75}[a-zA-Z0-9]" }, "BillingViewArnList":{ "type":"list", @@ -249,7 +325,7 @@ }, "name":{ "shape":"BillingViewName", - "documentation":"

A list of names of the billing view.

" + "documentation":"

The account name of the billing view.

" }, "description":{ "shape":"BillingViewDescription", @@ -261,11 +337,15 @@ }, "ownerAccountId":{ "shape":"AccountId", - "documentation":"

The list of owners of the billing view.

" + "documentation":"

The account owner of the billing view.

" + }, + "sourceAccountId":{ + "shape":"AccountId", + "documentation":"

The Amazon Web Services account ID that owns the source billing view, if this is a derived billing view.

" }, "dataFilterExpression":{ "shape":"Expression", - "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" + "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" }, "createdAt":{ "shape":"Timestamp", @@ -274,10 +354,49 @@ "updatedAt":{ "shape":"Timestamp", "documentation":"

The time when the billing view was last updated.

" + }, + "derivedViewCount":{ + "shape":"Integer", + "documentation":"

The number of billing views that use this billing view as a source.

" + }, + "sourceViewCount":{ + "shape":"Integer", + "documentation":"

The number of source views associated with this billing view.

" + }, + "viewDefinitionLastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the billing view definition was last updated.

" + }, + "healthStatus":{ + "shape":"BillingViewHealthStatus", + "documentation":"

The current health status of the billing view.

" } }, "documentation":"

The metadata associated to the billing view.

" }, + "BillingViewHealthStatus":{ + "type":"structure", + "members":{ + "statusCode":{ + "shape":"BillingViewStatus", + "documentation":"

The current health status code of the billing view.

" + }, + "statusReasons":{ + "shape":"BillingViewStatusReasons", + "documentation":"

A list of reasons explaining the current health status, if applicable.

" + } + }, + "documentation":"

Represents the health status of a billing view, including a status code and optional reasons for the status.

" + }, + "BillingViewHealthStatusException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

Exception thrown when a billing view's health status prevents an operation from being performed. This may occur if the billing view is in a state other than HEALTHY.

", + "exception":true + }, "BillingViewList":{ "type":"list", "member":{"shape":"BillingViewListElement"} @@ -301,9 +420,17 @@ "shape":"AccountId", "documentation":"

The list of owners of the Billing view.

" }, + "sourceAccountId":{ + "shape":"AccountId", + "documentation":"

The Amazon Web Services account ID that owns the source billing view, if this is a derived billing view.

" + }, "billingViewType":{ "shape":"BillingViewType", "documentation":"

The type of billing view.

" + }, + "healthStatus":{ + "shape":"BillingViewHealthStatus", + "documentation":"

The current health status of the billing view.

" } }, "documentation":"

A representation of a billing view.

" @@ -318,9 +445,35 @@ "BillingViewSourceViewsList":{ "type":"list", "member":{"shape":"BillingViewArn"}, - "max":1, + "max":10, "min":1 }, + "BillingViewStatus":{ + "type":"string", + "enum":[ + "HEALTHY", + "UNHEALTHY", + "CREATING", + "UPDATING" + ] + }, + "BillingViewStatusReason":{ + "type":"string", + "enum":[ + "SOURCE_VIEW_UNHEALTHY", + "SOURCE_VIEW_UPDATING", + "SOURCE_VIEW_ACCESS_DENIED", + "SOURCE_VIEW_NOT_FOUND", + "CYCLIC_DEPENDENCY", + "SOURCE_VIEW_DEPTH_EXCEEDED", + "AGGREGATE_SOURCE", + "VIEW_OWNER_NOT_MANAGEMENT_ACCOUNT" + ] + }, + "BillingViewStatusReasons":{ + "type":"list", + "member":{"shape":"BillingViewStatusReason"} + }, "BillingViewType":{ "type":"string", "enum":[ @@ -339,6 +492,10 @@ "max":100, "min":1 }, + "Boolean":{ + "type":"boolean", + "box":true + }, "ClientToken":{ "type":"string", "pattern":"[a-zA-Z0-9-]+" @@ -385,7 +542,7 @@ }, "dataFilterExpression":{ "shape":"Expression", - "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" + "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" }, "clientToken":{ "shape":"ClientToken", @@ -419,6 +576,10 @@ "arn":{ "shape":"BillingViewArn", "documentation":"

The Amazon Resource Name (ARN) that can be used to uniquely identify the billing view.

" + }, + "force":{ + "shape":"Boolean", + "documentation":"

If set to true, forces deletion of the billing view even if it has derived resources (e.g. other billing views or budgets). Use with caution as this may break dependent resources.

" } } }, @@ -454,6 +615,33 @@ }, "documentation":"

The metadata that you can use to filter and group your results.

" }, + "DisassociateSourceViewsRequest":{ + "type":"structure", + "required":[ + "arn", + "sourceViews" + ], + "members":{ + "arn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) of the billing view to disassociate source views from.

" + }, + "sourceViews":{ + "shape":"BillingViewSourceViewsList", + "documentation":"

A list of ARNs of the source billing views to disassociate.

" + } + } + }, + "DisassociateSourceViewsResponse":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"BillingViewArn", + "documentation":"

The ARN of the billing view that the source views were disassociated from.

" + } + } + }, "ErrorMessage":{ "type":"string", "max":1024, @@ -469,9 +657,13 @@ "tags":{ "shape":"TagValues", "documentation":"

The specific Tag to use for Expression.

" + }, + "timeRange":{ + "shape":"TimeRange", + "documentation":"

Specifies a time range filter for the billing view data.

" } }, - "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" + "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" }, "FieldName":{ "type":"string", @@ -522,6 +714,10 @@ } } }, + "Integer":{ + "type":"integer", + "box":true + }, "InternalServerException":{ "type":"structure", "required":["message"], @@ -551,6 +747,10 @@ "shape":"AccountId", "documentation":"

The list of owners of the billing view.

" }, + "sourceAccountId":{ + "shape":"AccountId", + "documentation":"

Filters the results to include only billing views that use the specified account as a source.

" + }, "maxResults":{ "shape":"BillingViewsMaxResults", "documentation":"

The maximum number of billing views to retrieve. Default is 100.

" @@ -770,8 +970,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValues":{ "type":"structure", @@ -800,6 +999,20 @@ "documentation":"

The request was denied due to request throttling.

", "exception":true }, + "TimeRange":{ + "type":"structure", + "members":{ + "beginDateInclusive":{ + "shape":"Timestamp", + "documentation":"

The inclusive start date of the time range.

" + }, + "endDateInclusive":{ + "shape":"Timestamp", + "documentation":"

The inclusive end date of the time range.

" + } + }, + "documentation":"

Specifies a time range with inclusive begin and end dates.

" + }, "Timestamp":{"type":"timestamp"}, "UntagResourceRequest":{ "type":"structure", @@ -820,8 +1033,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBillingViewRequest":{ "type":"structure", @@ -841,7 +1053,7 @@ }, "dataFilterExpression":{ "shape":"Expression", - "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" + "documentation":"

See Expression. Billing view only supports LINKED_ACCOUNT and Tags.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/billingconductor/2021-07-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/billingconductor/2021-07-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/billingconductor/2021-07-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/billingconductor/2021-07-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/billingconductor/2021-07-30/service-2.json 2.31.35-1/awscli/botocore/data/billingconductor/2021-07-30/service-2.json --- 2.23.6-1/awscli/botocore/data/billingconductor/2021-07-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/billingconductor/2021-07-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2021-07-30", + "auth":["aws.auth#sigv4"], "endpointPrefix":"billingconductor", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWSBillingConductor", "serviceId":"billingconductor", "signatureVersion":"v4", @@ -22,8 +23,8 @@ "input":{"shape":"AssociateAccountsInput"}, "output":{"shape":"AssociateAccountsOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -43,8 +44,8 @@ "input":{"shape":"AssociatePricingRulesInput"}, "output":{"shape":"AssociatePricingRulesOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -64,8 +65,8 @@ "input":{"shape":"BatchAssociateResourcesToCustomLineItemInput"}, "output":{"shape":"BatchAssociateResourcesToCustomLineItemOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -85,8 +86,8 @@ "input":{"shape":"BatchDisassociateResourcesFromCustomLineItemInput"}, "output":{"shape":"BatchDisassociateResourcesFromCustomLineItemOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -105,8 +106,8 @@ "input":{"shape":"CreateBillingGroupInput"}, "output":{"shape":"CreateBillingGroupOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -125,8 +126,8 @@ "input":{"shape":"CreateCustomLineItemInput"}, "output":{"shape":"CreateCustomLineItemOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -144,8 +145,8 @@ "input":{"shape":"CreatePricingPlanInput"}, "output":{"shape":"CreatePricingPlanOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -165,8 +166,8 @@ "input":{"shape":"CreatePricingRuleInput"}, "output":{"shape":"CreatePricingRuleOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceLimitExceededException"}, @@ -203,8 +204,8 @@ "input":{"shape":"DeleteCustomLineItemInput"}, "output":{"shape":"DeleteCustomLineItemOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"} @@ -222,8 +223,8 @@ "input":{"shape":"DeletePricingPlanInput"}, "output":{"shape":"DeletePricingPlanOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"} @@ -241,8 +242,8 @@ "input":{"shape":"DeletePricingRuleInput"}, "output":{"shape":"DeletePricingRuleOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"} @@ -260,8 +261,8 @@ "input":{"shape":"DisassociateAccountsInput"}, "output":{"shape":"DisassociateAccountsOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -280,8 +281,8 @@ "input":{"shape":"DisassociatePricingRulesInput"}, "output":{"shape":"DisassociatePricingRulesOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -306,7 +307,7 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Retrieves the margin summary report, which includes the Amazon Web Services cost and charged amount (pro forma cost) by Amazon Web Service for a specific billing group.

" + "documentation":"

Retrieves the margin summary report, which includes the Amazon Web Services cost and charged amount (pro forma cost) by Amazon Web Services service for a specific billing group.

" }, "ListAccountAssociations":{ "name":"ListAccountAssociations", @@ -549,8 +550,8 @@ "input":{"shape":"UpdateBillingGroupInput"}, "output":{"shape":"UpdateBillingGroupOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -588,8 +589,8 @@ "input":{"shape":"UpdatePricingPlanInput"}, "output":{"shape":"UpdatePricingPlanOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -608,8 +609,8 @@ "input":{"shape":"UpdatePricingRuleInput"}, "output":{"shape":"UpdatePricingRuleOutput"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -885,11 +886,11 @@ }, "BillingEntity":{ "type":"string", - "pattern":"[a-zA-Z0-9 ]+" + "pattern":"[a-zA-Z0-9() ]+" }, "BillingGroupArn":{ "type":"string", - "pattern":"(arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/)?[0-9]{12}" + "pattern":"(arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/)?[a-zA-Z0-9]{10,12}" }, "BillingGroupArnList":{ "type":"list", @@ -977,7 +978,7 @@ }, "BillingGroupFullArn":{ "type":"string", - "pattern":"arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/[0-9]{12}" + "pattern":"arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/[a-zA-Z0-9]{10,12}" }, "BillingGroupList":{ "type":"list", @@ -1094,6 +1095,11 @@ }, "documentation":"

The preferences and settings that will be used to compute the Amazon Web Services charges for a billing group.

" }, + "ComputationRuleEnum":{ + "type":"string", + "documentation":"

The display settings of the custom line item

", + "enum":["CONSOLIDATED"] + }, "ConflictException":{ "type":"structure", "required":[ @@ -1143,7 +1149,7 @@ "members":{ "ClientToken":{ "shape":"ClientToken", - "documentation":"

The token that is needed to support idempotency. Idempotency isn't currently supported, but will be implemented in a future update.

", + "documentation":"

A unique, case-sensitive identifier that you specify to ensure idempotency of the request. Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

", "idempotencyToken":true, "location":"header", "locationName":"X-Amzn-Client-Token" @@ -1194,7 +1200,7 @@ "members":{ "ClientToken":{ "shape":"ClientToken", - "documentation":"

The token that is needed to support idempotency. Idempotency isn't currently supported, but will be implemented in a future update.

", + "documentation":"

A unique, case-sensitive identifier that you specify to ensure idempotency of the request. Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

", "idempotencyToken":true, "location":"header", "locationName":"X-Amzn-Client-Token" @@ -1226,7 +1232,9 @@ "AccountId":{ "shape":"AccountId", "documentation":"

The Amazon Web Services account in which this custom line item will be applied to.

" - } + }, + "ComputationRule":{"shape":"ComputationRuleEnum"}, + "PresentationDetails":{"shape":"PresentationObject"} } }, "CreateCustomLineItemOutput":{ @@ -1255,7 +1263,7 @@ "members":{ "ClientToken":{ "shape":"ClientToken", - "documentation":"

The token that is needed to support idempotency. Idempotency isn't currently supported, but will be implemented in a future update.

", + "documentation":"

A unique, case-sensitive identifier that you specify to ensure idempotency of the request. Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

", "idempotencyToken":true, "location":"header", "locationName":"X-Amzn-Client-Token" @@ -1297,7 +1305,7 @@ "members":{ "ClientToken":{ "shape":"ClientToken", - "documentation":"

The token that's needed to support idempotency. Idempotency isn't currently supported, but will be implemented in a future update.

", + "documentation":"

A unique, case-sensitive identifier that you specify to ensure idempotency of the request. Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

", "idempotencyToken":true, "location":"header", "locationName":"X-Amzn-Client-Token" @@ -1320,7 +1328,7 @@ }, "ModifierPercentage":{ "shape":"ModifierPercentage", - "documentation":"

A percentage modifier that's applied on the public pricing rates.

" + "documentation":"

A percentage modifier that's applied on the public pricing rates. Your entry will be rounded to the nearest 2 decimal places.

" }, "Service":{ "shape":"Service", @@ -1340,7 +1348,7 @@ }, "UsageType":{ "shape":"UsageType", - "documentation":"

Usage type is the unit that each service uses to measure the usage of a specific type of resource.

If the Scope attribute is set to SKU, this attribute indicates which usage type the PricingRule is modifying. For example, USW2-BoxUsage:m2.2xlarge describes an M2 High Memory Double Extra Large instance in the US West (Oregon) Region. 

</p>
" + "documentation":"

Usage type is the unit that each service uses to measure the usage of a specific type of resource.

If the Scope attribute is set to SKU, this attribute indicates which usage type the PricingRule is modifying. For example, USW2-BoxUsage:m2.2xlarge describes an M2 High Memory Double Extra Large instance in the US West (Oregon) Region.

" }, "Operation":{ "shape":"Operation", @@ -1519,6 +1527,14 @@ "AccountId":{ "shape":"AccountId", "documentation":"

The Amazon Web Services account in which this custom line item will be applied to.

" + }, + "ComputationRule":{ + "shape":"ComputationRuleEnum", + "documentation":"

The display settings of the custom line item

" + }, + "PresentationDetails":{ + "shape":"PresentationObject", + "documentation":"

The presentation configuration of the custom line item

" } }, "documentation":"

A representation of a custom line item.

" @@ -1635,6 +1651,14 @@ "AccountId":{ "shape":"AccountId", "documentation":"

The Amazon Web Services account in which this custom line item will be applied to.

" + }, + "ComputationRule":{ + "shape":"ComputationRuleEnum", + "documentation":"

The display settings of the custom line item

" + }, + "PresentationDetails":{ + "shape":"PresentationObject", + "documentation":"

The presentation configuration of the custom line item

" } }, "documentation":"

A representation of a custom line item version.

" @@ -1811,7 +1835,7 @@ }, "GroupBy":{ "shape":"GroupByAttributesList", - "documentation":"

A list of strings that specify the attributes that are used to break down costs in the margin summary reports for the billing group. For example, you can view your costs by the Amazon Web Service name or the billing period.

" + "documentation":"

A list of strings that specify the attributes that are used to break down costs in the margin summary reports for the billing group. For example, you can view your costs by the Amazon Web Services service name or the billing period.

" }, "MaxResults":{ "shape":"MaxBillingGroupCostReportResults", @@ -2567,9 +2591,20 @@ "min":1, "pattern":"\\S+" }, + "PresentationObject":{ + "type":"structure", + "required":["Service"], + "members":{ + "Service":{ + "shape":"Service", + "documentation":"

This defines the service of where the custom line item is presented

" + } + }, + "documentation":"

The presentation configuration of the custom line item

" + }, "PricingPlanArn":{ "type":"string", - "pattern":"(arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingplan/)?[a-zA-Z0-9]{10}" + "pattern":"(arn:aws(-cn)?:billingconductor::(aws|[0-9]{12}):pricingplan/)?(BasicPricingPlan|[a-zA-Z0-9]{10})" }, "PricingPlanArns":{ "type":"list", @@ -2585,7 +2620,7 @@ }, "PricingPlanFullArn":{ "type":"string", - "pattern":"arn:aws(-cn)?:billingconductor::[0-9]{12}:pricingplan/[a-zA-Z0-9]{10}" + "pattern":"arn:aws(-cn)?:billingconductor::(aws|[0-9]{12}):pricingplan/(BasicPricingPlan|[a-zA-Z0-9]{10})" }, "PricingPlanList":{ "type":"list", @@ -2713,7 +2748,7 @@ }, "UsageType":{ "shape":"UsageType", - "documentation":"

Usage type is the unit that each service uses to measure the usage of a specific type of resource.

If the Scope attribute is set to SKU, this attribute indicates which usage type the PricingRule is modifying. For example, USW2-BoxUsage:m2.2xlarge describes an M2 High Memory Double Extra Large instance in the US West (Oregon) Region. 

</p>
" + "documentation":"

Usage type is the unit that each service uses to measure the usage of a specific type of resource.

If the Scope attribute is set to SKU, this attribute indicates which usage type the PricingRule is modifying. For example, USW2-BoxUsage:m2.2xlarge describes an M2 High Memory Double Extra Large instance in the US West (Oregon) Region.

" }, "Operation":{ "shape":"Operation", @@ -2852,8 +2887,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2918,8 +2952,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBillingGroupAccountGrouping":{ "type":"structure", @@ -3178,7 +3211,7 @@ }, "ModifierPercentage":{ "shape":"ModifierPercentage", - "documentation":"

The new modifier to show pricing plan rates as a percentage.

" + "documentation":"

The new modifier to show pricing plan rates as a percentage. Your entry will be rounded to the nearest 2 decimal places.

" }, "Tiering":{ "shape":"UpdateTieringInput", @@ -3274,7 +3307,7 @@ "documentation":"

The fields that caused the error, if applicable.

" } }, - "documentation":"

The input doesn't match with the constraints specified by Amazon Web Services.

", + "documentation":"

The input doesn't match with the constraints specified by Amazon Web Services services.

", "error":{ "httpStatusCode":400, "senderFault":true @@ -3328,6 +3361,7 @@ "MISSING_PRICINGPLAN", "MISMATCHED_PRICINGRULE_ARN", "DUPLICATE_PRICINGRULE_ARNS", + "MISSING_COSTCATEGORY", "ILLEGAL_EXPRESSION", "ILLEGAL_SCOPE", "ILLEGAL_SERVICE", @@ -3365,9 +3399,12 @@ "INVALID_FILTER", "TOO_MANY_AUTO_ASSOCIATE_BILLING_GROUPS", "CANNOT_DELETE_AUTO_ASSOCIATE_BILLING_GROUP", - "ILLEGAL_ACCOUNT_ID" + "ILLEGAL_ACCOUNT_ID", + "BILLING_GROUP_ALREADY_EXIST_IN_CURRENT_BILLING_PERIOD", + "ILLEGAL_COMPUTATION_RULE", + "ILLEGAL_LINE_ITEM_FILTER" ] } }, - "documentation":"

Amazon Web Services Billing Conductor is a fully managed service that you can use to customize a proforma version of your billing data each month, to accurately show or chargeback your end customers. Amazon Web Services Billing Conductor doesn't change the way you're billed by Amazon Web Services each month by design. Instead, it provides you with a mechanism to configure, generate, and display rates to certain customers over a given billing period. You can also analyze the difference between the rates you apply to your accounting groupings relative to your actual rates from Amazon Web Services. As a result of your Amazon Web Services Billing Conductor configuration, the payer account can also see the custom rate applied on the billing details page of the Amazon Web Services Billing console, or configure a cost and usage report per billing group.

This documentation shows how you can configure Amazon Web Services Billing Conductor using its API. For more information about using the Amazon Web Services Billing Conductor user interface, see the Amazon Web Services Billing Conductor User Guide.

" + "documentation":"

Billing Conductor is a fully managed service that you can use to customize a pro forma version of your billing data each month, to accurately show or chargeback your end customers. Billing Conductor doesn't change the way you're billed by Amazon Web Services each month by design. Instead, it provides you with a mechanism to configure, generate, and display rates to certain customers over a given billing period. You can also analyze the difference between the rates you apply to your accounting groupings relative to your actual rates from Amazon Web Services. As a result of your Billing Conductor configuration, the payer account can also see the custom rate applied on the billing details page of the Billing console, or configure a cost and usage report per billing group.

This documentation shows how you can configure Billing Conductor by using its API. For more information about using the Billing Conductor user interface, see the Billing Conductor User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/braket/2019-09-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/braket/2019-09-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/braket/2019-09-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/braket/2019-09-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/braket/2019-09-01/service-2.json 2.31.35-1/awscli/botocore/data/braket/2019-09-01/service-2.json --- 2.23.6-1/awscli/botocore/data/braket/2019-09-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/braket/2019-09-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2019-09-01", + "auth":["aws.auth#sigv4"], "endpointPrefix":"braket", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Braket", "serviceId":"Braket", "signatureVersion":"v4", @@ -29,7 +30,7 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Cancels an Amazon Braket job.

", + "documentation":"

Cancels an Amazon Braket hybrid job.

", "idempotent":true }, "CancelQuantumTask":{ @@ -67,11 +68,11 @@ {"shape":"ThrottlingException"}, {"shape":"DeviceOfflineException"}, {"shape":"DeviceRetiredException"}, - {"shape":"InternalServiceException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates an Amazon Braket job.

" + "documentation":"

Creates an Amazon Braket hybrid job.

" }, "CreateQuantumTask":{ "name":"CreateQuantumTask", @@ -84,11 +85,11 @@ "output":{"shape":"CreateQuantumTaskResponse"}, "errors":[ {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"DeviceOfflineException"}, + {"shape":"ThrottlingException"}, {"shape":"DeviceRetiredException"}, - {"shape":"InternalServiceException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], "documentation":"

Creates a quantum task.

" @@ -109,7 +110,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves the devices available in Amazon Braket.

For backwards compatibility with older versions of BraketSchemas, OpenQASM information is omitted from GetDevice API calls. To get this information the user-agent needs to present a recent version of the BraketSchemas (1.8.0 or later). The Braket SDK automatically reports this for you. If you do not see OpenQASM results in the GetDevice response when using a Braket SDK, you may need to set AWS_EXECUTION_ENV environment variable to configure user-agent. See the code examples provided below for how to do this for the AWS CLI, Boto3, and the Go, Java, and JavaScript/TypeScript SDKs.

" + "documentation":"

Retrieves the devices available in Amazon Braket.

For backwards compatibility with older versions of BraketSchemas, OpenQASM information is omitted from GetDevice API calls. To get this information the user-agent needs to present a recent version of the BraketSchemas (1.8.0 or later). The Braket SDK automatically reports this for you. If you do not see OpenQASM results in the GetDevice response when using a Braket SDK, you may need to set AWS_EXECUTION_ENV environment variable to configure user-agent. See the code examples provided below for how to do this for the AWS CLI, Boto3, and the Go, Java, and JavaScript/TypeScript SDKs.

", + "readonly":true }, "GetJob":{ "name":"GetJob", @@ -127,7 +129,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves the specified Amazon Braket job.

" + "documentation":"

Retrieves the specified Amazon Braket hybrid job.

", + "readonly":true }, "GetQuantumTask":{ "name":"GetQuantumTask", @@ -145,7 +148,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves the specified quantum task.

" + "documentation":"

Retrieves the specified quantum task.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -161,7 +165,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Shows the tags associated with this resource.

" + "documentation":"

Shows the tags associated with this resource.

", + "readonly":true }, "SearchDevices":{ "name":"SearchDevices", @@ -178,7 +183,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Searches for devices using the specified filters.

" + "documentation":"

Searches for devices using the specified filters.

", + "readonly":true }, "SearchJobs":{ "name":"SearchJobs", @@ -195,7 +201,7 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Searches for Amazon Braket jobs that match the specified filter values.

" + "documentation":"

Searches for Amazon Braket hybrid jobs that match the specified filter values.

" }, "SearchQuantumTasks":{ "name":"SearchQuantumTasks", @@ -212,7 +218,8 @@ {"shape":"InternalServiceException"}, {"shape":"ValidationException"} ], - "documentation":"

Searches for tasks that match the specified filter values.

" + "documentation":"

Searches for tasks that match the specified filter values.

", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -254,26 +261,45 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

You do not have sufficient access to perform this action.

", + "documentation":"

You do not have sufficient permissions to perform this action.

", "error":{ "httpStatusCode":403, "senderFault":true }, "exception":true }, - "AlgorithmSpecification":{ + "ActionMetadata":{ "type":"structure", + "required":["actionType"], "members":{ - "containerImage":{ - "shape":"ContainerImage", - "documentation":"

The container image used to create an Amazon Braket job.

" + "actionType":{ + "shape":"String", + "documentation":"

The type of action associated with the quantum task.

" + }, + "programCount":{ + "shape":"Long", + "documentation":"

The number of programs in a program set. This is only available for a program set.

" }, + "executableCount":{ + "shape":"Long", + "documentation":"

The number of executables in a program set. This is only available for a program set.

" + } + }, + "documentation":"

Contains metadata about the quantum task action, including the action type and program statistics.

" + }, + "AlgorithmSpecification":{ + "type":"structure", + "members":{ "scriptModeConfig":{ "shape":"ScriptModeConfig", "documentation":"

Configures the paths to the Python scripts used for entry and training.

" + }, + "containerImage":{ + "shape":"ContainerImage", + "documentation":"

The container image used to create an Amazon Braket hybrid job.

" } }, - "documentation":"

Defines the Amazon Braket job to be created. Specifies the container image the job uses and the paths to the Python scripts used for entry and training.

" + "documentation":"

Defines the Amazon Braket hybrid job to be created. Specifies the container image the job uses and the paths to the Python scripts used for entry and training.

" }, "Association":{ "type":"structure", @@ -303,7 +329,7 @@ }, "BraketResourceArn":{ "type":"string", - "pattern":"^arn:aws[a-z\\-]*:braket:[a-z0-9\\-]*:[0-9]{12}:.*$" + "pattern":"arn:aws[a-z\\-]*:braket:[a-z0-9\\-]*:[0-9]{12}:.*" }, "CancelJobRequest":{ "type":"structure", @@ -311,7 +337,7 @@ "members":{ "jobArn":{ "shape":"JobArn", - "documentation":"

The ARN of the Amazon Braket job to cancel.

", + "documentation":"

The ARN of the Amazon Braket hybrid job to cancel.

", "location":"uri", "locationName":"jobArn" } @@ -320,54 +346,54 @@ "CancelJobResponse":{ "type":"structure", "required":[ - "cancellationStatus", - "jobArn" + "jobArn", + "cancellationStatus" ], "members":{ - "cancellationStatus":{ - "shape":"CancellationStatus", - "documentation":"

The status of the job cancellation request.

" - }, "jobArn":{ "shape":"JobArn", "documentation":"

The ARN of the Amazon Braket job.

" + }, + "cancellationStatus":{ + "shape":"CancellationStatus", + "documentation":"

The status of the hybrid job.

" } } }, "CancelQuantumTaskRequest":{ "type":"structure", "required":[ - "clientToken", - "quantumTaskArn" + "quantumTaskArn", + "clientToken" ], "members":{ - "clientToken":{ - "shape":"String64", - "documentation":"

The client token associated with the request.

", - "idempotencyToken":true - }, "quantumTaskArn":{ "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task to cancel.

", + "documentation":"

The ARN of the quantum task to cancel.

", "location":"uri", "locationName":"quantumTaskArn" + }, + "clientToken":{ + "shape":"String64", + "documentation":"

The client token associated with the cancellation request.

", + "idempotencyToken":true } } }, "CancelQuantumTaskResponse":{ "type":"structure", "required":[ - "cancellationStatus", - "quantumTaskArn" + "quantumTaskArn", + "cancellationStatus" ], "members":{ - "cancellationStatus":{ - "shape":"CancellationStatus", - "documentation":"

The status of the cancellation request.

" - }, "quantumTaskArn":{ "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task.

" + "documentation":"

The ARN of the quantum task.

" + }, + "cancellationStatus":{ + "shape":"CancellationStatus", + "documentation":"

The status of the quantum task.

" } } }, @@ -406,72 +432,72 @@ "documentation":"

The URI locating the container image.

" } }, - "documentation":"

The container image used to create an Amazon Braket job.

" + "documentation":"

The container image used to create an Amazon Braket hybrid job.

" }, "CreateJobRequest":{ "type":"structure", "required":[ - "algorithmSpecification", "clientToken", - "deviceConfig", - "instanceConfig", - "jobName", + "algorithmSpecification", "outputDataConfig", - "roleArn" + "jobName", + "roleArn", + "instanceConfig", + "deviceConfig" ], "members":{ - "algorithmSpecification":{ - "shape":"AlgorithmSpecification", - "documentation":"

Definition of the Amazon Braket job to be created. Specifies the container image the job uses and information about the Python scripts used for entry and training.

" - }, - "associations":{ - "shape":"CreateJobRequestAssociationsList", - "documentation":"

The list of Amazon Braket resources associated with the hybrid job.

" - }, - "checkpointConfig":{ - "shape":"JobCheckpointConfig", - "documentation":"

Information about the output locations for job checkpoint data.

" - }, "clientToken":{ "shape":"String64", - "documentation":"

A unique token that guarantees that the call to this API is idempotent.

", + "documentation":"

The client token associated with this request that guarantees that the request is idempotent.

", "idempotencyToken":true }, - "deviceConfig":{ - "shape":"DeviceConfig", - "documentation":"

The quantum processing unit (QPU) or simulator used to create an Amazon Braket job.

" - }, - "hyperParameters":{ - "shape":"HyperParameters", - "documentation":"

Algorithm-specific parameters used by an Amazon Braket job that influence the quality of the training job. The values are set with a string of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of th hyperparameter.

" + "algorithmSpecification":{ + "shape":"AlgorithmSpecification", + "documentation":"

Definition of the Amazon Braket job to be created. Specifies the container image the job uses and information about the Python scripts used for entry and training.

" }, "inputDataConfig":{ "shape":"CreateJobRequestInputDataConfigList", "documentation":"

A list of parameters that specify the name and type of input data and where it is located.

" }, - "instanceConfig":{ - "shape":"InstanceConfig", - "documentation":"

Configuration of the resource instances to use while running the hybrid job on Amazon Braket.

" + "outputDataConfig":{ + "shape":"JobOutputDataConfig", + "documentation":"

The path to the S3 location where you want to store hybrid job artifacts and the encryption key used to store them.

" + }, + "checkpointConfig":{ + "shape":"JobCheckpointConfig", + "documentation":"

Information about the output locations for hybrid job checkpoint data.

" }, "jobName":{ "shape":"CreateJobRequestJobNameString", - "documentation":"

The name of the Amazon Braket job.

" - }, - "outputDataConfig":{ - "shape":"JobOutputDataConfig", - "documentation":"

The path to the S3 location where you want to store job artifacts and the encryption key used to store them.

" + "documentation":"

The name of the Amazon Braket hybrid job.

" }, "roleArn":{ "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output resources to the users' s3 buckets.

" + "documentation":"

The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output results and hybrid job details to the users' s3 buckets.

" }, "stoppingCondition":{ "shape":"JobStoppingCondition", - "documentation":"

The user-defined criteria that specifies when a job stops running.

" + "documentation":"

The user-defined criteria that specifies when a hybrid job stops running.

" + }, + "instanceConfig":{ + "shape":"InstanceConfig", + "documentation":"

Configuration of the resource instances to use while running the hybrid job on Amazon Braket.

" + }, + "hyperParameters":{ + "shape":"HyperParameters", + "documentation":"

Algorithm-specific parameters used by an Amazon Braket hybrid job that influence the quality of the training job. The values are set with a map of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of the hyperparameter.

Do not include any security-sensitive information including account access IDs, secrets, or tokens in any hyperparameter fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request hyperparameter variable or plain text fields.

" + }, + "deviceConfig":{ + "shape":"DeviceConfig", + "documentation":"

The quantum processing unit (QPU) or simulator used to create an Amazon Braket hybrid job.

" }, "tags":{ "shape":"TagsMap", - "documentation":"

A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.

" + "documentation":"

Tags to be added to the hybrid job you're creating.

" + }, + "associations":{ + "shape":"CreateJobRequestAssociationsList", + "documentation":"

The list of Amazon Braket resources associated with the hybrid job.

" } } }, @@ -491,7 +517,7 @@ "type":"string", "max":50, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}" }, "CreateJobResponse":{ "type":"structure", @@ -499,30 +525,21 @@ "members":{ "jobArn":{ "shape":"JobArn", - "documentation":"

The ARN of the Amazon Braket job created.

" + "documentation":"

The ARN of the Amazon Braket hybrid job created.

" } } }, "CreateQuantumTaskRequest":{ "type":"structure", "required":[ - "action", "clientToken", "deviceArn", + "shots", "outputS3Bucket", "outputS3KeyPrefix", - "shots" + "action" ], "members":{ - "action":{ - "shape":"JsonValue", - "documentation":"

The action associated with the task.

", - "jsonvalue":true - }, - "associations":{ - "shape":"CreateQuantumTaskRequestAssociationsList", - "documentation":"

The list of Amazon Braket resources associated with the quantum task.

" - }, "clientToken":{ "shape":"String64", "documentation":"

The client token associated with the request.

", @@ -530,32 +547,45 @@ }, "deviceArn":{ "shape":"DeviceArn", - "documentation":"

The ARN of the device to run the task on.

" + "documentation":"

The ARN of the device to run the quantum task on.

" }, "deviceParameters":{ "shape":"CreateQuantumTaskRequestDeviceParametersString", - "documentation":"

The parameters for the device to run the task on.

", + "documentation":"

The parameters for the device to run the quantum task on.

", "jsonvalue":true }, - "jobToken":{ - "shape":"JobToken", - "documentation":"

The token for an Amazon Braket job that associates it with the quantum task.

" + "shots":{ + "shape":"CreateQuantumTaskRequestShotsLong", + "documentation":"

The number of shots to use for the quantum task.

" }, "outputS3Bucket":{ "shape":"CreateQuantumTaskRequestOutputS3BucketString", - "documentation":"

The S3 bucket to store task result files in.

" + "documentation":"

The S3 bucket to store quantum task result files in.

" }, "outputS3KeyPrefix":{ "shape":"CreateQuantumTaskRequestOutputS3KeyPrefixString", - "documentation":"

The key prefix for the location in the S3 bucket to store task results in.

" + "documentation":"

The key prefix for the location in the S3 bucket to store quantum task results in.

" }, - "shots":{ - "shape":"CreateQuantumTaskRequestShotsLong", - "documentation":"

The number of shots to use for the task.

" + "action":{ + "shape":"JsonValue", + "documentation":"

The action associated with the quantum task.

", + "jsonvalue":true }, "tags":{ "shape":"TagsMap", "documentation":"

Tags to be added to the quantum task you're creating.

" + }, + "jobToken":{ + "shape":"JobToken", + "documentation":"

The token for an Amazon Braket hybrid job that associates it with the quantum task.

" + }, + "associations":{ + "shape":"CreateQuantumTaskRequestAssociationsList", + "documentation":"

The list of Amazon Braket resources associated with the quantum task.

" + }, + "experimentalCapabilities":{ + "shape":"ExperimentalCapabilities", + "documentation":"

Enable experimental capabilities for the quantum task.

" } } }, @@ -591,7 +621,7 @@ "members":{ "quantumTaskArn":{ "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task created by the request.

" + "documentation":"

The ARN of the quantum task created by the request.

" } } }, @@ -601,10 +631,10 @@ "members":{ "s3DataSource":{ "shape":"S3DataSource", - "documentation":"

Information about the data stored in Amazon S3 used by the Amazon Braket job.

" + "documentation":"

Amazon S3 path of the input data used by the hybrid job.

" } }, - "documentation":"

Information about the source of the data used by the Amazon Braket job.

" + "documentation":"

Information about the source of the input data used by the Amazon Braket hybrid job.

" }, "DeviceArn":{ "type":"string", @@ -617,10 +647,10 @@ "members":{ "device":{ "shape":"String256", - "documentation":"

The primary quantum processing unit (QPU) or simulator used to create and run an Amazon Braket job.

" + "documentation":"

The primary device ARN used to create and run an Amazon Braket hybrid job.

" } }, - "documentation":"

Configures the quantum processing units (QPUs) or simulator used to create and run an Amazon Braket job.

" + "documentation":"

Configures the primary device used to create and run an Amazon Braket hybrid job.

" }, "DeviceOfflineException":{ "type":"structure", @@ -645,16 +675,16 @@ "shape":"QueueName", "documentation":"

The name of the queue.

" }, - "queuePriority":{ - "shape":"QueuePriority", - "documentation":"

Optional. Specifies the priority of the queue. Tasks in a priority queue are processed before the tasks in a normal queue.

" - }, "queueSize":{ "shape":"String", - "documentation":"

The number of jobs or tasks in the queue for a given device.

" + "documentation":"

The number of hybrid jobs or quantum tasks in the queue for a given device.

" + }, + "queuePriority":{ + "shape":"QueuePriority", + "documentation":"

Optional. Specifies the priority of the queue. Quantum tasks in a priority queue are processed before the quantum tasks in a normal queue.

" } }, - "documentation":"

Information about tasks and jobs queued on a device.

" + "documentation":"

Information about quantum tasks and hybrid jobs queued on a device.

" }, "DeviceQueueInfoList":{ "type":"list", @@ -685,9 +715,9 @@ "required":[ "deviceArn", "deviceName", - "deviceStatus", + "providerName", "deviceType", - "providerName" + "deviceStatus" ], "members":{ "deviceArn":{ @@ -698,17 +728,17 @@ "shape":"String", "documentation":"

The name of the device.

" }, - "deviceStatus":{ - "shape":"DeviceStatus", - "documentation":"

The status of the device.

" + "providerName":{ + "shape":"String", + "documentation":"

The provider of the device.

" }, "deviceType":{ "shape":"DeviceType", "documentation":"

The type of the device.

" }, - "providerName":{ - "shape":"String", - "documentation":"

The provider of the device.

" + "deviceStatus":{ + "shape":"DeviceStatus", + "documentation":"

The status of the device.

" } }, "documentation":"

Includes information about the device.

" @@ -724,6 +754,24 @@ "SIMULATOR" ] }, + "ExperimentalCapabilities":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"ExperimentalCapabilitiesEnablementType", + "documentation":"

Enabled experimental capabilities.

" + } + }, + "documentation":"

Enabled experimental capabilities for quantum hardware. Note that the use of these features may impact device capabilities and performance beyond its standard specifications.

", + "union":true + }, + "ExperimentalCapabilitiesEnablementType":{ + "type":"string", + "enum":[ + "ALL", + "NONE" + ] + }, "GetDeviceRequest":{ "type":"structure", "required":["deviceArn"], @@ -740,41 +788,41 @@ "type":"structure", "required":[ "deviceArn", - "deviceCapabilities", "deviceName", - "deviceStatus", + "providerName", "deviceType", - "providerName" + "deviceStatus", + "deviceCapabilities" ], "members":{ "deviceArn":{ "shape":"DeviceArn", "documentation":"

The ARN of the device.

" }, - "deviceCapabilities":{ - "shape":"JsonValue", - "documentation":"

Details about the capabilities of the device.

", - "jsonvalue":true - }, "deviceName":{ "shape":"String", "documentation":"

The name of the device.

" }, - "deviceQueueInfo":{ - "shape":"DeviceQueueInfoList", - "documentation":"

List of information about tasks and jobs queued on a device.

" + "providerName":{ + "shape":"String", + "documentation":"

The name of the partner company for the device.

" + }, + "deviceType":{ + "shape":"DeviceType", + "documentation":"

The type of the device.

" }, "deviceStatus":{ "shape":"DeviceStatus", "documentation":"

The status of the device.

" }, - "deviceType":{ - "shape":"DeviceType", - "documentation":"

The type of the device.

" + "deviceCapabilities":{ + "shape":"JsonValue", + "documentation":"

Details about the capabilities of the device.

", + "jsonvalue":true }, - "providerName":{ - "shape":"String", - "documentation":"

The name of the partner company for the device.

" + "deviceQueueInfo":{ + "shape":"DeviceQueueInfoList", + "documentation":"

The number of quantum tasks and hybrid jobs currently queued on the device.

" } } }, @@ -782,116 +830,116 @@ "type":"structure", "required":["jobArn"], "members":{ - "additionalAttributeNames":{ - "shape":"HybridJobAdditionalAttributeNamesList", - "documentation":"

A list of attributes to return information for.

", - "location":"querystring", - "locationName":"additionalAttributeNames" - }, "jobArn":{ "shape":"JobArn", - "documentation":"

The ARN of the job to retrieve.

", + "documentation":"

The ARN of the hybrid job to retrieve.

", "location":"uri", "locationName":"jobArn" + }, + "additionalAttributeNames":{ + "shape":"HybridJobAdditionalAttributeNamesList", + "documentation":"

A list of attributes to return additional information for. Only the QueueInfo additional attribute name is currently supported.

", + "location":"querystring", + "locationName":"additionalAttributeNames" } } }, "GetJobResponse":{ "type":"structure", "required":[ - "algorithmSpecification", - "createdAt", - "instanceConfig", + "status", "jobArn", + "roleArn", "jobName", "outputDataConfig", - "roleArn", - "status" + "algorithmSpecification", + "instanceConfig", + "createdAt" ], "members":{ - "algorithmSpecification":{ - "shape":"AlgorithmSpecification", - "documentation":"

Definition of the Amazon Braket job created. Specifies the container image the job uses, information about the Python scripts used for entry and training, and the user-defined metrics used to evaluation the job.

" - }, - "associations":{ - "shape":"Associations", - "documentation":"

The list of Amazon Braket resources associated with the hybrid job.

" - }, - "billableDuration":{ - "shape":"Integer", - "documentation":"

The billable time the Amazon Braket job used to complete.

" - }, - "checkpointConfig":{ - "shape":"JobCheckpointConfig", - "documentation":"

Information about the output locations for job checkpoint data.

" - }, - "createdAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job was created.

" - }, - "deviceConfig":{ - "shape":"DeviceConfig", - "documentation":"

The quantum processing unit (QPU) or simulator used to run the Amazon Braket job.

" + "status":{ + "shape":"JobPrimaryStatus", + "documentation":"

The status of the Amazon Braket hybrid job.

" }, - "endedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job ended.

" + "jobArn":{ + "shape":"JobArn", + "documentation":"

The ARN of the Amazon Braket hybrid job.

" }, - "events":{ - "shape":"JobEvents", - "documentation":"

Details about the type and time events occurred related to the Amazon Braket job.

" + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output results and other hybrid job details to the s3 buckets of a user.

" }, "failureReason":{ "shape":"String1024", - "documentation":"

A description of the reason why an Amazon Braket job failed, if it failed.

" + "documentation":"

A description of the reason why an Amazon Braket hybrid job failed, if it failed.

" + }, + "jobName":{ + "shape":"GetJobResponseJobNameString", + "documentation":"

The name of the Amazon Braket hybrid job.

" }, "hyperParameters":{ "shape":"HyperParameters", - "documentation":"

Algorithm-specific parameters used by an Amazon Braket job that influence the quality of the traiing job. The values are set with a string of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of th hyperparameter.

" + "documentation":"

Algorithm-specific parameters used by an Amazon Braket hybrid job that influence the quality of the traiing job. The values are set with a map of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of th hyperparameter.

" }, "inputDataConfig":{ "shape":"InputConfigList", "documentation":"

A list of parameters that specify the name and type of input data and where it is located.

" }, - "instanceConfig":{ - "shape":"InstanceConfig", - "documentation":"

The resource instances to use while running the hybrid job on Amazon Braket.

" + "outputDataConfig":{ + "shape":"JobOutputDataConfig", + "documentation":"

The path to the S3 location where hybrid job artifacts are stored and the encryption key used to store them there.

" }, - "jobArn":{ - "shape":"JobArn", - "documentation":"

The ARN of the Amazon Braket job.

" + "stoppingCondition":{ + "shape":"JobStoppingCondition", + "documentation":"

The user-defined criteria that specifies when to stop a running hybrid job.

" }, - "jobName":{ - "shape":"GetJobResponseJobNameString", - "documentation":"

The name of the Amazon Braket job.

" + "checkpointConfig":{ + "shape":"JobCheckpointConfig", + "documentation":"

Information about the output locations for hybrid job checkpoint data.

" }, - "outputDataConfig":{ - "shape":"JobOutputDataConfig", - "documentation":"

The path to the S3 location where job artifacts are stored and the encryption key used to store them there.

" + "algorithmSpecification":{ + "shape":"AlgorithmSpecification", + "documentation":"

Definition of the Amazon Braket hybrid job created. Provides information about the container image used, and the Python scripts used for training.

" }, - "queueInfo":{ - "shape":"HybridJobQueueInfo", - "documentation":"

Queue information for the requested job. Only returned if QueueInfo is specified in the additionalAttributeNames\" field in the GetJob API request.

" + "instanceConfig":{ + "shape":"InstanceConfig", + "documentation":"

The resource instances to use while running the hybrid job on Amazon Braket.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output resources to the s3 buckets of a user.

" + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the Amazon Braket hybrid job was created.

" }, "startedAt":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job was started.

" + "documentation":"

The time at which the Amazon Braket hybrid job was started.

" }, - "status":{ - "shape":"JobPrimaryStatus", - "documentation":"

The status of the Amazon Braket job.

" + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the Amazon Braket hybrid job ended.

" }, - "stoppingCondition":{ - "shape":"JobStoppingCondition", - "documentation":"

The user-defined criteria that specifies when to stop a job running.

" + "billableDuration":{ + "shape":"Integer", + "documentation":"

The billable time for which the Amazon Braket hybrid job used to complete.

" + }, + "deviceConfig":{ + "shape":"DeviceConfig", + "documentation":"

The primary device used by the Amazon Braket hybrid job.

" + }, + "events":{ + "shape":"JobEvents", + "documentation":"

Details about the time and type of events occurred related to the Amazon Braket hybrid job.

" }, "tags":{ "shape":"TagsMap", - "documentation":"

A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.

" + "documentation":"

The tags associated with this hybrid job.

" + }, + "queueInfo":{ + "shape":"HybridJobQueueInfo", + "documentation":"

Queue information for the requested hybrid job. Only returned if QueueInfo is specified in the additionalAttributeNames\" field in the GetJob API request.

" + }, + "associations":{ + "shape":"Associations", + "documentation":"

The list of Amazon Braket resources associated with the hybrid job.

" } } }, @@ -899,95 +947,107 @@ "type":"string", "max":50, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}" }, "GetQuantumTaskRequest":{ "type":"structure", "required":["quantumTaskArn"], "members":{ - "additionalAttributeNames":{ - "shape":"QuantumTaskAdditionalAttributeNamesList", - "documentation":"

A list of attributes to return information for.

", - "location":"querystring", - "locationName":"additionalAttributeNames" - }, "quantumTaskArn":{ "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task to retrieve.

", + "documentation":"

The ARN of the quantum task to retrieve.

", "location":"uri", "locationName":"quantumTaskArn" + }, + "additionalAttributeNames":{ + "shape":"QuantumTaskAdditionalAttributeNamesList", + "documentation":"

A list of attributes to return additional information for. Only the QueueInfo additional attribute name is currently supported.

", + "location":"querystring", + "locationName":"additionalAttributeNames" } } }, "GetQuantumTaskResponse":{ "type":"structure", "required":[ - "createdAt", + "quantumTaskArn", + "status", "deviceArn", "deviceParameters", + "shots", "outputS3Bucket", "outputS3Directory", - "quantumTaskArn", - "shots", - "status" + "createdAt" ], "members":{ - "associations":{ - "shape":"Associations", - "documentation":"

The list of Amazon Braket resources associated with the quantum task.

" + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"

The ARN of the quantum task.

" }, - "createdAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the task was created.

" + "status":{ + "shape":"QuantumTaskStatus", + "documentation":"

The status of the quantum task.

" + }, + "failureReason":{ + "shape":"String", + "documentation":"

The reason that a quantum task failed.

" }, "deviceArn":{ "shape":"DeviceArn", - "documentation":"

The ARN of the device the task was run on.

" + "documentation":"

The ARN of the device the quantum task was run on.

" }, "deviceParameters":{ "shape":"JsonValue", - "documentation":"

The parameters for the device on which the task ran.

", + "documentation":"

The parameters for the device on which the quantum task ran.

", "jsonvalue":true }, - "endedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the task ended.

" - }, - "failureReason":{ - "shape":"String", - "documentation":"

The reason that a task failed.

" - }, - "jobArn":{ - "shape":"JobArn", - "documentation":"

The ARN of the Amazon Braket job associated with the quantum task.

" + "shots":{ + "shape":"Long", + "documentation":"

The number of shots used in the quantum task.

" }, "outputS3Bucket":{ "shape":"String", - "documentation":"

The S3 bucket where task results are stored.

" + "documentation":"

The S3 bucket where quantum task results are stored.

" }, "outputS3Directory":{ "shape":"String", - "documentation":"

The folder in the S3 bucket where task results are stored.

" + "documentation":"

The folder in the S3 bucket where quantum task results are stored.

" }, - "quantumTaskArn":{ - "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task.

" + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the quantum task was created.

" + }, + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the quantum task ended.

" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

The tags that belong to this quantum task.

" + }, + "jobArn":{ + "shape":"JobArn", + "documentation":"

The ARN of the Amazon Braket job associated with the quantum task.

" }, "queueInfo":{ "shape":"QuantumTaskQueueInfo", "documentation":"

Queue information for the requested quantum task. Only returned if QueueInfo is specified in the additionalAttributeNames\" field in the GetQuantumTask API request.

" }, - "shots":{ - "shape":"Long", - "documentation":"

The number of shots used in the task.

" + "associations":{ + "shape":"Associations", + "documentation":"

The list of Amazon Braket resources associated with the quantum task.

" }, - "status":{ - "shape":"QuantumTaskStatus", - "documentation":"

The status of the task.

" + "numSuccessfulShots":{ + "shape":"Long", + "documentation":"

The number of successful shots for the quantum task. This is available after a successfully completed quantum task.

" }, - "tags":{ - "shape":"TagsMap", - "documentation":"

The tags that belong to this task.

" + "actionMetadata":{ + "shape":"ActionMetadata", + "documentation":"

Metadata about the action performed by the quantum task, including information about the type of action and program counts.

" + }, + "experimentalCapabilities":{ + "shape":"ExperimentalCapabilities", + "documentation":"

Enabled experimental capabilities for the quantum task, if any.

" } } }, @@ -1002,24 +1062,24 @@ "HybridJobQueueInfo":{ "type":"structure", "required":[ - "position", - "queue" + "queue", + "position" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

Optional. Provides more information about the queue position. For example, if the job is complete and no longer in the queue, the message field contains that information.

" + "queue":{ + "shape":"QueueName", + "documentation":"

The name of the queue.

" }, "position":{ "shape":"String", - "documentation":"

Current position of the job in the jobs queue.

" + "documentation":"

Current position of the hybrid job in the jobs queue.

" }, - "queue":{ - "shape":"QueueName", - "documentation":"

The name of the queue.

" + "message":{ + "shape":"String", + "documentation":"

Optional. Provides more information about the queue position. For example, if the hybrid job is complete and no longer in the queue, the message field contains that information.

" } }, - "documentation":"

Information about the queue for a specified job.

" + "documentation":"

Information about the queue for a specified hybrid job.

" }, "HyperParameters":{ "type":"map", @@ -1032,7 +1092,7 @@ "type":"string", "max":2500, "min":1, - "pattern":"^.*$" + "pattern":".*" }, "InputConfigList":{ "type":"list", @@ -1047,7 +1107,7 @@ "members":{ "channelName":{ "shape":"InputFileConfigChannelNameString", - "documentation":"

A named input source that an Amazon Braket job can consume.

" + "documentation":"

A named input source that an Amazon Braket hybrid job can consume.

" }, "contentType":{ "shape":"String256", @@ -1055,7 +1115,7 @@ }, "dataSource":{ "shape":"DataSource", - "documentation":"

The location of the channel data.

" + "documentation":"

The location of the input data.

" } }, "documentation":"

A list of parameters that specify the input channels, type of input data, and where it is located.

" @@ -1064,7 +1124,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[A-Za-z0-9\\.\\-_]+$" + "pattern":"[A-Za-z0-9\\.\\-_]+" }, "InstanceConfig":{ "type":"structure", @@ -1073,17 +1133,17 @@ "volumeSizeInGb" ], "members":{ - "instanceCount":{ - "shape":"InstanceConfigInstanceCountInteger", - "documentation":"

Configures the number of resource instances to use while running an Amazon Braket job on Amazon Braket. The default value is 1.

" - }, "instanceType":{ "shape":"InstanceType", - "documentation":"

Configures the type resource instances to use while running an Amazon Braket hybrid job.

" + "documentation":"

Configures the type of resource instances to use while running an Amazon Braket hybrid job.

" }, "volumeSizeInGb":{ "shape":"InstanceConfigVolumeSizeInGbInteger", - "documentation":"

The size of the storage volume, in GB, that user wants to provision.

" + "documentation":"

The size of the storage volume, in GB, to provision.

" + }, + "instanceCount":{ + "shape":"InstanceConfigInstanceCountInteger", + "documentation":"

Configures the number of resource instances to use while running an Amazon Braket hybrid job on Amazon Braket. The default value is 1.

" } }, "documentation":"

Configures the resource instances to use while running the Amazon Braket hybrid job on Amazon Braket.

" @@ -1151,14 +1211,14 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

The request processing has failed because of an unknown error, exception, or failure.

", + "documentation":"

The request failed because of an unknown error.

", "error":{"httpStatusCode":500}, "exception":true, "fault":true }, "JobArn":{ "type":"string", - "pattern":"^arn:aws[a-z\\-]*:braket:[a-z0-9\\-]+:[0-9]{12}:job/.*$" + "pattern":"arn:aws[a-z\\-]*:braket:[a-z0-9\\-]+:[0-9]{12}:job/.*" }, "JobCheckpointConfig":{ "type":"structure", @@ -1166,32 +1226,32 @@ "members":{ "localPath":{ "shape":"String4096", - "documentation":"

(Optional) The local directory where checkpoints are written. The default directory is /opt/braket/checkpoints/.

" + "documentation":"

(Optional) The local directory where checkpoint data is stored. The default directory is /opt/braket/checkpoints/.

" }, "s3Uri":{ "shape":"S3Path", - "documentation":"

Identifies the S3 path where you want Amazon Braket to store checkpoints. For example, s3://bucket-name/key-name-prefix.

" + "documentation":"

Identifies the S3 path where you want Amazon Braket to store checkpoint data. For example, s3://bucket-name/key-name-prefix.

" } }, - "documentation":"

Contains information about the output locations for job checkpoint data.

" + "documentation":"

Contains information about the output locations for hybrid job checkpoint data.

" }, "JobEventDetails":{ "type":"structure", "members":{ "eventType":{ "shape":"JobEventType", - "documentation":"

The type of event that occurred related to the Amazon Braket job.

" - }, - "message":{ - "shape":"JobEventDetailsMessageString", - "documentation":"

A message describing the event that occurred related to the Amazon Braket job.

" + "documentation":"

The type of event that occurred related to the Amazon Braket hybrid job.

" }, "timeOfEvent":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

The type of event that occurred related to the Amazon Braket job.

" + "documentation":"

The time of the event that occurred related to the Amazon Braket hybrid job.

" + }, + "message":{ + "shape":"JobEventDetailsMessageString", + "documentation":"

A message describing the event that occurred related to the Amazon Braket hybrid job.

" } }, - "documentation":"

Details about the type and time events occurred related to the Amazon Braket job.

" + "documentation":"

Details about the type and time events that occurred related to the Amazon Braket hybrid job.

" }, "JobEventDetailsMessageString":{ "type":"string", @@ -1226,14 +1286,14 @@ "members":{ "kmsKeyId":{ "shape":"String2048", - "documentation":"

The AWS Key Management Service (AWS KMS) key that Amazon Braket uses to encrypt the job training artifacts at rest using Amazon S3 server-side encryption.

" + "documentation":"

The AWS Key Management Service (AWS KMS) key that Amazon Braket uses to encrypt the hybrid job training artifacts at rest using Amazon S3 server-side encryption.

" }, "s3Path":{ "shape":"S3Path", - "documentation":"

Identifies the S3 path where you want Amazon Braket to store the job training artifacts. For example, s3://bucket-name/key-name-prefix.

" + "documentation":"

Identifies the S3 path where you want Amazon Braket to store the hybrid job training artifacts. For example, s3://bucket-name/key-name-prefix.

" } }, - "documentation":"

Specifies the path to the S3 location where you want to store job artifacts and the encryption key used to store them.

" + "documentation":"

Specifies the path to the S3 location where you want to store hybrid job artifacts and the encryption key used to store them.

" }, "JobPrimaryStatus":{ "type":"string", @@ -1251,10 +1311,10 @@ "members":{ "maxRuntimeInSeconds":{ "shape":"JobStoppingConditionMaxRuntimeInSecondsInteger", - "documentation":"

The maximum length of time, in seconds, that an Amazon Braket job can run.

" + "documentation":"

The maximum length of time, in seconds, that an Amazon Braket hybrid job can run.

" } }, - "documentation":"

Specifies limits for how long an Amazon Braket job can run.

" + "documentation":"

Specifies limits for how long an Amazon Braket hybrid job can run.

" }, "JobStoppingConditionMaxRuntimeInSecondsInteger":{ "type":"integer", @@ -1265,47 +1325,47 @@ "JobSummary":{ "type":"structure", "required":[ - "createdAt", - "device", + "status", "jobArn", "jobName", - "status" + "device", + "createdAt" ], "members":{ - "createdAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job was created.

" - }, - "device":{ - "shape":"String256", - "documentation":"

Provides summary information about the primary device used by an Amazon Braket job.

" - }, - "endedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job ended.

" + "status":{ + "shape":"JobPrimaryStatus", + "documentation":"

The status of the Amazon Braket hybrid job.

" }, "jobArn":{ "shape":"JobArn", - "documentation":"

The ARN of the Amazon Braket job.

" + "documentation":"

The ARN of the Amazon Braket hybrid job.

" }, "jobName":{ "shape":"String", - "documentation":"

The name of the Amazon Braket job.

" + "documentation":"

The name of the Amazon Braket hybrid job.

" + }, + "device":{ + "shape":"String256", + "documentation":"

The primary device used by an Amazon Braket hybrid job.

" + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the Amazon Braket hybrid job was created.

" }, "startedAt":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

The date and time that the Amazon Braket job was started.

" + "documentation":"

The time at which the Amazon Braket hybrid job was started.

" }, - "status":{ - "shape":"JobPrimaryStatus", - "documentation":"

The status of the Amazon Braket job.

" + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the Amazon Braket hybrid job ended.

" }, "tags":{ "shape":"TagsMap", - "documentation":"

A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.

" + "documentation":"

Displays the key, value pairs of tags associated with this hybrid job.

" } }, - "documentation":"

Provides summary information about an Amazon Braket job.

" + "documentation":"

Provides summary information about an Amazon Braket hybrid job.

" }, "JobSummaryList":{ "type":"list", @@ -1342,6 +1402,33 @@ "type":"long", "box":true }, + "ProgramSetValidationFailure":{ + "type":"structure", + "required":["programIndex"], + "members":{ + "programIndex":{ + "shape":"Long", + "documentation":"

The index of the program within the program set that failed validation.

" + }, + "inputsIndex":{ + "shape":"Long", + "documentation":"

The index of the input within the program set that failed validation.

" + }, + "errors":{ + "shape":"ProgramValidationFailuresList", + "documentation":"

A list of error messages describing the validation failures that occurred.

" + } + }, + "documentation":"

Contains information about validation failures that occurred during the processing of a program set in a quantum task.

" + }, + "ProgramSetValidationFailuresList":{ + "type":"list", + "member":{"shape":"ProgramSetValidationFailure"} + }, + "ProgramValidationFailuresList":{ + "type":"list", + "member":{"shape":"String"} + }, "QuantumTaskAdditionalAttributeName":{ "type":"string", "enum":["QueueInfo"] @@ -1358,28 +1445,28 @@ "QuantumTaskQueueInfo":{ "type":"structure", "required":[ - "position", - "queue" + "queue", + "position" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

Optional. Provides more information about the queue position. For example, if the task is complete and no longer in the queue, the message field contains that information.

" - }, - "position":{ - "shape":"String", - "documentation":"

Current position of the task in the quantum tasks queue.

" - }, "queue":{ "shape":"QueueName", "documentation":"

The name of the queue.

" }, + "position":{ + "shape":"String", + "documentation":"

Current position of the quantum task in the quantum tasks queue.

" + }, "queuePriority":{ "shape":"QueuePriority", - "documentation":"

Optional. Specifies the priority of the queue. Quantum tasks in a priority queue are processed before the tasks in a normal queue.

" + "documentation":"

Optional. Specifies the priority of the queue. Quantum tasks in a priority queue are processed before the quantum tasks in a normal queue.

" + }, + "message":{ + "shape":"String", + "documentation":"

Optional. Provides more information about the queue position. For example, if the quantum task is complete and no longer in the queue, the message field contains that information.

" } }, - "documentation":"

Information about the queue for the specified quantum task.

" + "documentation":"

The queue information for the specified quantum task.

" }, "QuantumTaskStatus":{ "type":"string", @@ -1396,46 +1483,46 @@ "QuantumTaskSummary":{ "type":"structure", "required":[ - "createdAt", + "quantumTaskArn", + "status", "deviceArn", + "shots", "outputS3Bucket", "outputS3Directory", - "quantumTaskArn", - "shots", - "status" + "createdAt" ], "members":{ - "createdAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the task was created.

" + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"

The ARN of the quantum task.

" + }, + "status":{ + "shape":"QuantumTaskStatus", + "documentation":"

The status of the quantum task.

" }, "deviceArn":{ "shape":"DeviceArn", - "documentation":"

The ARN of the device the task ran on.

" + "documentation":"

The ARN of the device the quantum task ran on.

" }, - "endedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the task finished.

" + "shots":{ + "shape":"Long", + "documentation":"

The shots used for the quantum task.

" }, "outputS3Bucket":{ "shape":"String", - "documentation":"

The S3 bucket where the task result file is stored..

" + "documentation":"

The S3 bucket where the quantum task result file is stored.

" }, "outputS3Directory":{ "shape":"String", - "documentation":"

The folder in the S3 bucket where the task result file is stored.

" + "documentation":"

The folder in the S3 bucket where the quantum task result file is stored.

" }, - "quantumTaskArn":{ - "shape":"QuantumTaskArn", - "documentation":"

The ARN of the task.

" - }, - "shots":{ - "shape":"Long", - "documentation":"

The shots used for the task.

" + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the quantum task was created.

" }, - "status":{ - "shape":"QuantumTaskStatus", - "documentation":"

The status of the task.

" + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the quantum task finished.

" }, "tags":{ "shape":"TagsMap", @@ -1476,7 +1563,7 @@ }, "RoleArn":{ "type":"string", - "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "S3DataSource":{ "type":"structure", @@ -1487,13 +1574,13 @@ "documentation":"

Depending on the value specified for the S3DataType, identifies either a key name prefix or a manifest that locates the S3 data source.

" } }, - "documentation":"

Information about the data stored in Amazon S3 used by the Amazon Braket job.

" + "documentation":"

Information about the Amazon S3 storage used by the Amazon Braket hybrid job.

" }, "S3Path":{ "type":"string", "max":1024, "min":0, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "ScriptModeConfig":{ "type":"structure", @@ -1502,20 +1589,20 @@ "s3Uri" ], "members":{ - "compressionType":{ - "shape":"CompressionType", - "documentation":"

The type of compression used by the Python scripts for an Amazon Braket job.

" - }, "entryPoint":{ "shape":"String", - "documentation":"

The path to the Python script that serves as the entry point for an Amazon Braket job.

" + "documentation":"

The entry point in the algorithm scripts from where the execution begins in the hybrid job.

" }, "s3Uri":{ "shape":"S3Path", - "documentation":"

The URI that specifies the S3 path to the Python script module that contains the training script used by an Amazon Braket job.

" + "documentation":"

The URI that specifies the S3 path to the algorithm scripts used by an Amazon Braket hybrid job.

" + }, + "compressionType":{ + "shape":"CompressionType", + "documentation":"

The type of compression used to store the algorithm scripts in Amazon S3 storage.

" } }, - "documentation":"

Contains information about the Python scripts used for entry and by an Amazon Braket job.

" + "documentation":"

Contains information about algorithm scripts used for the Amazon Braket hybrid job.

" }, "SearchDevicesFilter":{ "type":"structure", @@ -1526,14 +1613,14 @@ "members":{ "name":{ "shape":"SearchDevicesFilterNameString", - "documentation":"

The name to use to filter results.

" + "documentation":"

The name of the device parameter to filter based on. Only deviceArn filter name is currently supported.

" }, "values":{ "shape":"SearchDevicesFilterValuesList", - "documentation":"

The values to use to filter results.

" + "documentation":"

The values used to filter devices based on the filter name.

" } }, - "documentation":"

The filter to use for searching devices.

" + "documentation":"

The filter used to search for devices.

" }, "SearchDevicesFilterNameString":{ "type":"string", @@ -1550,17 +1637,17 @@ "type":"structure", "required":["filters"], "members":{ - "filters":{ - "shape":"SearchDevicesRequestFiltersList", - "documentation":"

The filter values to use to search for a device.

" + "nextToken":{ + "shape":"String", + "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request to continue search where the previous request ended.

" }, "maxResults":{ "shape":"SearchDevicesRequestMaxResultsInteger", "documentation":"

The maximum number of results to return in the response.

" }, - "nextToken":{ - "shape":"String", - "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request continue results where the previous request ended.

" + "filters":{ + "shape":"SearchDevicesRequestFiltersList", + "documentation":"

Array of SearchDevicesFilter objects to use when searching for devices.

" } } }, @@ -1586,7 +1673,7 @@ }, "nextToken":{ "shape":"String", - "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.

" + "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue search where the previous request ended.

" } } }, @@ -1594,24 +1681,24 @@ "type":"structure", "required":[ "name", - "operator", - "values" + "values", + "operator" ], "members":{ "name":{ "shape":"String64", - "documentation":"

The name to use for the jobs filter.

" - }, - "operator":{ - "shape":"SearchJobsFilterOperator", - "documentation":"

An operator to use for the jobs filter.

" + "documentation":"

The name of the hybrid job parameter to filter based on. Filter name can be either jobArn or createdAt.

" }, "values":{ "shape":"SearchJobsFilterValuesList", - "documentation":"

The values to use for the jobs filter.

" + "documentation":"

The values used to filter hybrid jobs based on the filter name and operator.

" + }, + "operator":{ + "shape":"SearchJobsFilterOperator", + "documentation":"

An operator to use for the filter.

" } }, - "documentation":"

A filter used to search for Amazon Braket jobs.

" + "documentation":"

A filter used to search for Amazon Braket hybrid jobs.

" }, "SearchJobsFilterOperator":{ "type":"string", @@ -1635,17 +1722,17 @@ "type":"structure", "required":["filters"], "members":{ - "filters":{ - "shape":"SearchJobsRequestFiltersList", - "documentation":"

The filter values to use when searching for a job.

" + "nextToken":{ + "shape":"String", + "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request to continue search where the previous request ended.

" }, "maxResults":{ "shape":"SearchJobsRequestMaxResultsInteger", "documentation":"

The maximum number of results to return in the response.

" }, - "nextToken":{ - "shape":"String", - "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request to continue results where the previous request ended.

" + "filters":{ + "shape":"SearchJobsRequestFiltersList", + "documentation":"

Array of SearchJobsFilter objects to use when searching for hybrid jobs.

" } } }, @@ -1671,7 +1758,7 @@ }, "nextToken":{ "shape":"String", - "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.

" + "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue search where the previous request ended.

" } } }, @@ -1679,24 +1766,24 @@ "type":"structure", "required":[ "name", - "operator", - "values" + "values", + "operator" ], "members":{ "name":{ "shape":"String64", - "documentation":"

The name of the device used for the task.

" - }, - "operator":{ - "shape":"SearchQuantumTasksFilterOperator", - "documentation":"

An operator to use in the filter.

" + "documentation":"

The name of the quantum task parameter to filter based on. Filter name can be either quantumTaskArn, deviceArn, jobArn, status or createdAt.

" }, "values":{ "shape":"SearchQuantumTasksFilterValuesList", - "documentation":"

The values to use for the filter.

" + "documentation":"

The values used to filter quantum tasks based on the filter name and operator.

" + }, + "operator":{ + "shape":"SearchQuantumTasksFilterOperator", + "documentation":"

An operator to use for the filter.

" } }, - "documentation":"

A filter to use to search for tasks.

" + "documentation":"

A filter used to search for quantum tasks.

" }, "SearchQuantumTasksFilterOperator":{ "type":"string", @@ -1719,17 +1806,17 @@ "type":"structure", "required":["filters"], "members":{ - "filters":{ - "shape":"SearchQuantumTasksRequestFiltersList", - "documentation":"

Array of SearchQuantumTasksFilter objects.

" + "nextToken":{ + "shape":"String", + "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request to continue search where the previous request ended.

" }, "maxResults":{ "shape":"SearchQuantumTasksRequestMaxResultsInteger", "documentation":"

Maximum number of results to return in the response.

" }, - "nextToken":{ - "shape":"String", - "documentation":"

A token used for pagination of results returned in the response. Use the token returned from the previous request continue results where the previous request ended.

" + "filters":{ + "shape":"SearchQuantumTasksRequestFiltersList", + "documentation":"

Array of SearchQuantumTasksFilter objects to use when searching for quantum tasks.

" } } }, @@ -1749,13 +1836,13 @@ "type":"structure", "required":["quantumTasks"], "members":{ - "nextToken":{ - "shape":"String", - "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.

" - }, "quantumTasks":{ "shape":"QuantumTaskSummaryList", - "documentation":"

An array of QuantumTaskSummary objects for tasks that match the specified filters.

" + "documentation":"

An array of QuantumTaskSummary objects for quantum tasks that match the specified filters.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue search where the previous request ended.

" } } }, @@ -1820,14 +1907,13 @@ }, "tags":{ "shape":"TagsMap", - "documentation":"

Specify the tags to add to the resource.

" + "documentation":"

Specify the tags to add to the resource. Tags can be specified as a key-value map.

" } } }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagsMap":{ "type":"map", @@ -1839,7 +1925,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

The throttling rate limit is met.

", + "documentation":"

The API throttling rate limit is exceeded.

", "error":{ "httpStatusCode":429, "senderFault":true @@ -1869,8 +1955,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Uri":{ "type":"string", @@ -1881,15 +1966,27 @@ "ValidationException":{ "type":"structure", "members":{ - "message":{"shape":"String"} + "message":{"shape":"String"}, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

The reason for validation failure.

" + }, + "programSetValidationFailures":{ + "shape":"ProgramSetValidationFailuresList", + "documentation":"

The validation failures in the program set submitted in the request.

" + } }, - "documentation":"

The input fails to satisfy the constraints specified by an AWS service.

", + "documentation":"

The input request failed to satisfy constraints expected by Amazon Braket.

", "error":{ "httpStatusCode":400, "senderFault":true }, "exception":true + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":["ProgramSetValidationFailed"] } }, - "documentation":"

The Amazon Braket API Reference provides information about the operations and structures supported in Amazon Braket.

Additional Resources:

" + "documentation":"

The Amazon Braket API Reference provides information about the operations and structures supported by Amazon Braket.

To learn about the permissions required to call an Amazon Braket API action, see Actions, resources, and condition keys for Amazon Braket. Amazon Braket Python SDK and the AWS Command Line Interface can be used to make discovery and creation of API calls easier. For more information about Amazon Braket features, see What is Amazon Braket? and important terms and concepts in the Amazon Braket Developer Guide.

In this guide:

Available languages for AWS SDK:

Code examples from the Amazon Braket Tutorials GitHub repository:

" } diff -pruN 2.23.6-1/awscli/botocore/data/budgets/2016-10-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/budgets/2016-10-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/budgets/2016-10-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/budgets/2016-10-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,564 +57,616 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://budgets.us-east-1.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-iso-b" ] }, - "aws-cn" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "cn-northwest-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://budgets.global.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-iso-e" ] }, - "aws-iso" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.c2s.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "us-iso-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://budgets.global.cloud.adc-e.uk", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-iso-f" ] }, - "aws-iso-b" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.global.sc2s.sgov.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "us-isob-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://budgets.global.csp.hci.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-eusc" ] }, - "aws-iso-e" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.global.cloud.adc-e.uk", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "eu-isoe-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://budgets.eusc-de-east-1.api.amazonwebservices.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-eusc" ] }, - "aws-iso-f" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://budgets.global.csp.hci.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "budgets", - "signingRegion": "us-isof-south-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + ], + "endpoint": { + "url": "https://budgets.eusc-de-east-1.api.amazonwebservices.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] }, - true - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "UseFIPS" + }, + true ] }, { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://budgets-fips.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://budgets-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseFIPS" }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://budgets-fips.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://budgets-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://budgets.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://budgets.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://budgets.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://budgets.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/budgets/2016-10-20/service-2.json 2.31.35-1/awscli/botocore/data/budgets/2016-10-20/service-2.json --- 2.23.6-1/awscli/botocore/data/budgets/2016-10-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/budgets/2016-10-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,14 +25,16 @@ "output":{"shape":"CreateBudgetResponse"}, "errors":[ {"shape":"InvalidParameterException"}, + {"shape":"BillingViewHealthStatusException"}, {"shape":"InternalErrorException"}, {"shape":"CreationLimitExceededException"}, {"shape":"DuplicateRecordException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} + {"shape":"ServiceQuotaExceededException"}, + {"shape":"NotFoundException"} ], - "documentation":"

Creates a budget and, if included, notifications and subscribers.

Only one of BudgetLimit or PlannedBudgetLimits can be present in the syntax at one time. Use the syntax that matches your case. The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" + "documentation":"

Creates a budget and, if included, notifications and subscribers.

Only one of BudgetLimit or PlannedBudgetLimits can be present in the syntax at one time. Use the syntax that matches your use case. The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

Similarly, only one set of filter and metric selections can be present in the syntax at one time. Either FilterExpression and Metrics or CostFilters and CostTypes, not both or a different combination. We recommend using FilterExpression and Metrics as they provide more flexible and powerful filtering capabilities. The Request Syntax section shows the FilterExpression/Metrics syntax.

" }, "CreateBudgetAction":{ "name":"CreateBudgetAction", @@ -176,7 +178,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Describes a budget.

The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" + "documentation":"

Describes a budget.

The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" }, "DescribeBudgetAction":{ "name":"DescribeBudgetAction", @@ -303,7 +305,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists the budgets that are associated with an account.

The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" + "documentation":"

Lists the budgets that are associated with an account.

The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" }, "DescribeNotificationsForBudget":{ "name":"DescribeNotificationsForBudget", @@ -424,11 +426,12 @@ "errors":[ {"shape":"InternalErrorException"}, {"shape":"InvalidParameterException"}, + {"shape":"BillingViewHealthStatusException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Updates a budget. You can change every part of a budget except for the budgetName and the calculatedSpend. When you modify a budget, the calculatedSpend drops to zero until Amazon Web Services has new usage data to use for forecasting.

Only one of BudgetLimit or PlannedBudgetLimits can be present in the syntax at one time. Use the syntax that matches your case. The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

" + "documentation":"

Updates a budget. You can change every part of a budget except for the budgetName and the calculatedSpend. When you modify a budget, the calculatedSpend drops to zero until Amazon Web Services has new usage data to use for forecasting.

Only one of BudgetLimit or PlannedBudgetLimits can be present in the syntax at one time. Use the syntax that matches your case. The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.

Similarly, only one set of filter and metric selections can be present in the syntax at one time. Either FilterExpression and Metrics or CostFilters and CostTypes, not both or a different combination. We recommend using FilterExpression and Metrics as they provide more flexible and powerful filtering capabilities. The Request Syntax section shows the FilterExpression/Metrics syntax.

" }, "UpdateBudgetAction":{ "name":"UpdateBudgetAction", @@ -694,6 +697,20 @@ "FORECAST" ] }, + "BillingViewArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:aws[a-z-]*:(billing)::[0-9]{12}:billingview/[a-zA-Z0-9/:_\\+=\\.\\-@]{0,75}[a-zA-Z0-9]$" + }, + "BillingViewHealthStatusException":{ + "type":"structure", + "members":{ + "Message":{"shape":"errorMessage"} + }, + "documentation":"

The billing view status must be HEALTHY to perform this action. Try again when the status is HEALTHY.

", + "exception":true + }, "Budget":{ "type":"structure", "required":[ @@ -716,11 +733,17 @@ }, "CostFilters":{ "shape":"CostFilters", - "documentation":"

The cost filters, such as Region, Service, LinkedAccount, Tag, or CostCategory, that are applied to a budget.

Amazon Web Services Budgets supports the following services as a Service filter for RI budgets:

  • Amazon EC2

  • Amazon Redshift

  • Amazon Relational Database Service

  • Amazon ElastiCache

  • Amazon OpenSearch Service

" + "documentation":"

The cost filters, such as Region, Service, LinkedAccount, Tag, or CostCategory, that are applied to a budget.

Amazon Web Services Budgets supports the following services as a Service filter for RI budgets:

  • Amazon EC2

  • Amazon Redshift

  • Amazon Relational Database Service

  • Amazon ElastiCache

  • Amazon OpenSearch Service

", + "deprecated":true, + "deprecatedMessage":"CostFilters lack support for newer dimensions and filtering options. Please consider using the new 'FilterExpression' field.", + "deprecatedSince":"2025-04-18" }, "CostTypes":{ "shape":"CostTypes", - "documentation":"

The types of costs that are included in this COST budget.

USAGE, RI_UTILIZATION, RI_COVERAGE, SAVINGS_PLANS_UTILIZATION, and SAVINGS_PLANS_COVERAGE budgets do not have CostTypes.

" + "documentation":"

The types of costs that are included in this COST budget.

USAGE, RI_UTILIZATION, RI_COVERAGE, SAVINGS_PLANS_UTILIZATION, and SAVINGS_PLANS_COVERAGE budgets do not have CostTypes.

", + "deprecated":true, + "deprecatedMessage":"CostTypes lack support for newer record type dimensions and filtering options. Please consider using the new 'Metrics' field.", + "deprecatedSince":"2025-04-18" }, "TimeUnit":{ "shape":"TimeUnit", @@ -728,7 +751,7 @@ }, "TimePeriod":{ "shape":"TimePeriod", - "documentation":"

The period of time that's covered by a budget. You setthe start date and end date. The start date must come before the end date. The end date must come before 06/15/87 00:00 UTC.

If you create your budget and don't specify a start date, Amazon Web Services defaults to the start of your chosen time period (DAILY, MONTHLY, QUARTERLY, or ANNUALLY). For example, if you created your budget on January 24, 2018, chose DAILY, and didn't set a start date, Amazon Web Services set your start date to 01/24/18 00:00 UTC. If you chose MONTHLY, Amazon Web Services set your start date to 01/01/18 00:00 UTC. If you didn't specify an end date, Amazon Web Services set your end date to 06/15/87 00:00 UTC. The defaults are the same for the Billing and Cost Management console and the API.

You can change either date with the UpdateBudget operation.

After the end date, Amazon Web Services deletes the budget and all the associated notifications and subscribers.

" + "documentation":"

The period of time that's covered by a budget. You set the start date and end date. The start date must come before the end date. The end date must come before 06/15/87 00:00 UTC.

If you create your budget and don't specify a start date, Amazon Web Services defaults to the start of your chosen time period (DAILY, MONTHLY, QUARTERLY, ANNUALLY, or CUSTOM). For example, if you created your budget on January 24, 2018, chose DAILY, and didn't set a start date, Amazon Web Services set your start date to 01/24/18 00:00 UTC. If you chose MONTHLY, Amazon Web Services set your start date to 01/01/18 00:00 UTC. If you didn't specify an end date, Amazon Web Services set your end date to 06/15/87 00:00 UTC. The defaults are the same for the Billing and Cost Management console and the API.

You can change either date with the UpdateBudget operation.

After the end date, Amazon Web Services deletes the budget and all the associated notifications and subscribers.

" }, "CalculatedSpend":{ "shape":"CalculatedSpend", @@ -745,6 +768,22 @@ "AutoAdjustData":{ "shape":"AutoAdjustData", "documentation":"

The parameters that determine the budget amount for an auto-adjusting budget.

" + }, + "FilterExpression":{ + "shape":"Expression", + "documentation":"

The filtering dimensions for the budget and their corresponding values.

" + }, + "Metrics":{ + "shape":"Metrics", + "documentation":"

The definition for how the budget data is aggregated.

" + }, + "BillingViewArn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies a specific billing view. The ARN is used to specify which particular billing view you want to interact with or retrieve information from when making API calls related to Amazon Web Services Billing and Cost Management features. The BillingViewArn can be retrieved by calling the ListBillingViews API.

" + }, + "HealthStatus":{ + "shape":"HealthStatus", + "documentation":"

The current operational state of a Billing View derived resource.

" } }, "documentation":"

Represents the output of the CreateBudget operation. The content consists of the detailed metadata and data file information, and the current status of the budget object.

This is the Amazon Resource Name (ARN) pattern for a budget:

arn:aws:budgets::AccountId:budget/budgetName

" @@ -783,6 +822,10 @@ "documentation":"

The history of the cost types for a budget during the specified time period.

" }, "TimeUnit":{"shape":"TimeUnit"}, + "BillingViewArn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies a specific billing view. The ARN is used to specify which particular billing view you want to interact with or retrieve information from when making API calls related to Amazon Web Services Billing and Cost Management features. The BillingViewArn can be retrieved by calling the ListBillingViews API.

" + }, "BudgetedAndActualAmountsList":{ "shape":"BudgetedAndActualAmountsList", "documentation":"

A list of amounts of cost or usage that you created budgets for, which are compared to your actual costs or usage.

" @@ -853,6 +896,25 @@ "EQUAL_TO" ] }, + "CostCategoryName":{"type":"string"}, + "CostCategoryValues":{ + "type":"structure", + "members":{ + "Key":{ + "shape":"CostCategoryName", + "documentation":"

The unique name of the cost category.

" + }, + "Values":{ + "shape":"Values", + "documentation":"

The specific value of the cost category.

" + }, + "MatchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options that you can use to filter your results.

" + } + }, + "documentation":"

The cost category values used for filtering the costs.

" + }, "CostFilters":{ "type":"map", "key":{"shape":"GenericString"}, @@ -991,8 +1053,7 @@ }, "CreateBudgetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of CreateBudget

" }, "CreateNotificationRequest":{ @@ -1025,8 +1086,7 @@ }, "CreateNotificationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of CreateNotification

" }, "CreateSubscriberRequest":{ @@ -1059,8 +1119,7 @@ }, "CreateSubscriberResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of CreateSubscriber

" }, "CreationLimitExceededException":{ @@ -1138,8 +1197,7 @@ }, "DeleteBudgetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of DeleteBudget

" }, "DeleteNotificationRequest":{ @@ -1167,8 +1225,7 @@ }, "DeleteNotificationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of DeleteNotification

" }, "DeleteSubscriberRequest":{ @@ -1201,8 +1258,7 @@ }, "DeleteSubscriberResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of DeleteSubscriber

" }, "DescribeBudgetActionHistoriesRequest":{ @@ -1374,6 +1430,10 @@ "BudgetName":{ "shape":"BudgetName", "documentation":"

The name of the budget that you want a description of.

" + }, + "ShowFilterExpression":{ + "shape":"NullableBoolean", + "documentation":"

Specifies whether the response includes the filter expression associated with the budget. By showing the filter expression, you can see detailed filtering logic applied to the budget, such as Amazon Web Services services or tags that are being tracked.

" } }, "documentation":"

Request of DescribeBudget

" @@ -1403,6 +1463,10 @@ "NextToken":{ "shape":"GenericString", "documentation":"

The pagination token that you include in your request to indicate the next set of results that you want to retrieve.

" + }, + "ShowFilterExpression":{ + "shape":"NullableBoolean", + "documentation":"

Specifies whether the response includes the filter expression associated with the budgets. By showing the filter expression, you can see detailed filtering logic applied to the budgets, such as Amazon Web Services services or tags that are being tracked.

" } }, "documentation":"

Request of DescribeBudgets

" @@ -1506,6 +1570,44 @@ }, "documentation":"

Response of DescribeSubscribersForNotification

" }, + "Dimension":{ + "type":"string", + "enum":[ + "AZ", + "INSTANCE_TYPE", + "LINKED_ACCOUNT", + "LINKED_ACCOUNT_NAME", + "OPERATION", + "PURCHASE_TYPE", + "REGION", + "SERVICE", + "SERVICE_CODE", + "USAGE_TYPE", + "USAGE_TYPE_GROUP", + "RECORD_TYPE", + "OPERATING_SYSTEM", + "TENANCY", + "SCOPE", + "PLATFORM", + "SUBSCRIPTION_ID", + "LEGAL_ENTITY_NAME", + "INVOICING_ENTITY", + "DEPLOYMENT_OPTION", + "DATABASE_ENGINE", + "CACHE_ENGINE", + "INSTANCE_TYPE_FAMILY", + "BILLING_ENTITY", + "RESERVATION_ID", + "RESOURCE_ID", + "RIGHTSIZING_TYPE", + "SAVINGS_PLANS_TYPE", + "SAVINGS_PLAN_ARN", + "PAYMENT_OPTION", + "RESERVATION_MODIFIED", + "TAG_KEY", + "COST_CATEGORY_NAME" + ] + }, "DimensionValue":{ "type":"string", "max":2147483647, @@ -1593,6 +1695,62 @@ "documentation":"

The pagination token expired.

", "exception":true }, + "Expression":{ + "type":"structure", + "members":{ + "Or":{ + "shape":"Expressions", + "documentation":"

Return results that match either Dimension object.

" + }, + "And":{ + "shape":"Expressions", + "documentation":"

Return results that match both Dimension objects.

" + }, + "Not":{ + "shape":"Expression", + "documentation":"

Return results that don't match a Dimension object.

" + }, + "Dimensions":{ + "shape":"ExpressionDimensionValues", + "documentation":"

The specific Dimension to use for Expression.

" + }, + "Tags":{ + "shape":"TagValues", + "documentation":"

The specific Tag to use for Expression.

" + }, + "CostCategories":{ + "shape":"CostCategoryValues", + "documentation":"

The filter that's based on CostCategoryValues.

" + } + }, + "documentation":"

Use Expression to filter in various Budgets APIs.

" + }, + "ExpressionDimensionValues":{ + "type":"structure", + "required":[ + "Key", + "Values" + ], + "members":{ + "Key":{ + "shape":"Dimension", + "documentation":"

The name of the dimension that you want to filter on.

" + }, + "Values":{ + "shape":"Values", + "documentation":"

The metadata values you can specify to filter upon, so that the results all match at least one of the specified values.

" + }, + "MatchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options that you can use to filter your results. You can specify only one of these values in the array.

" + } + }, + "documentation":"

Contains the specifications for the filters to use for your request.

" + }, + "Expressions":{ + "type":"list", + "member":{"shape":"Expression"} + }, "GenericString":{ "type":"string", "documentation":"

A generic string.

", @@ -1616,6 +1774,37 @@ "max":100, "min":1 }, + "HealthStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"HealthStatusValue", + "documentation":"

The current status of the billing view resource.

" + }, + "StatusReason":{ + "shape":"HealthStatusReason", + "documentation":"

The reason for the current status.

  • BILLING_VIEW_NO_ACCESS: The billing view resource does not grant billing:GetBillingViewData permission to this account.

  • BILLING_VIEW_UNHEALTHY: The billing view associated with the budget is unhealthy.

  • FILTER_INVALID: The filter contains reference to an account you do not have access to.

  • MULTI_YEAR_HISTORICAL_DATA_DISABLED: The budget is not being updated. Enable multi-year historical data in your Cost Management preferences.

" + }, + "LastUpdatedTime":{"shape":"GenericTimestamp"} + }, + "documentation":"

Provides information about the current operational state of a billing view resource, including its ability to access and update based on its associated billing view.

" + }, + "HealthStatusReason":{ + "type":"string", + "enum":[ + "BILLING_VIEW_NO_ACCESS", + "BILLING_VIEW_UNHEALTHY", + "FILTER_INVALID", + "MULTI_YEAR_HISTORICAL_DATA_DISABLED" + ] + }, + "HealthStatusValue":{ + "type":"string", + "enum":[ + "HEALTHY", + "UNHEALTHY" + ] + }, "HistoricalOptions":{ "type":"structure", "required":["BudgetAdjustmentPeriod"], @@ -1709,6 +1898,23 @@ } } }, + "MatchOption":{ + "type":"string", + "enum":[ + "EQUALS", + "ABSENT", + "STARTS_WITH", + "ENDS_WITH", + "CONTAINS", + "GREATER_THAN_OR_EQUAL", + "CASE_SENSITIVE", + "CASE_INSENSITIVE" + ] + }, + "MatchOptions":{ + "type":"list", + "member":{"shape":"MatchOption"} + }, "MaxResults":{ "type":"integer", "documentation":"

An integer that represents how many entries a paginated response contains. The maximum is 100.

", @@ -1728,6 +1934,24 @@ "max":1000, "min":1 }, + "Metric":{ + "type":"string", + "enum":[ + "BlendedCost", + "UnblendedCost", + "AmortizedCost", + "NetUnblendedCost", + "NetAmortizedCost", + "UsageQuantity", + "NormalizedUsageAmount", + "Hours" + ] + }, + "Metrics":{ + "type":"list", + "member":{"shape":"Metric"}, + "max":1 + }, "NotFoundException":{ "type":"structure", "members":{ @@ -1837,7 +2061,7 @@ "type":"string", "max":684, "min":25, - "pattern":"^arn:aws(-cn|-us-gov|-iso|-iso-[a-z]{1})?:iam::(\\d{12}|aws):policy(\\u002F[\\u0021-\\u007F]+\\u002F|\\u002F)[\\w+=,.@-]+$" + "pattern":"^arn:aws(-eusc|-cn|-us-gov|-iso|-iso-[a-z]{1})?:iam::(\\d{12}|aws):policy(\\u002F[\\u0021-\\u007F]+\\u002F|\\u002F)[\\w+=,.@-]+$" }, "PolicyId":{ "type":"string", @@ -1849,7 +2073,7 @@ "type":"string", "max":20, "min":9, - "pattern":"^\\w{2}-\\w+(-\\w+)?-\\d$" + "pattern":"^\\w{2,4}-\\w+(-\\w+)?-\\d$" }, "ResourceLockedException":{ "type":"structure", @@ -1909,7 +2133,7 @@ "type":"string", "max":618, "min":32, - "pattern":"^arn:aws(-cn|-us-gov|-iso|-iso-[a-z]{1})?:iam::\\d{12}:role(\\u002F[\\u0021-\\u007F]+\\u002F|\\u002F)[\\w+=,.@-]+$" + "pattern":"^arn:aws(-eusc|-cn|-us-gov|-iso|-iso-[a-z]{1})?:iam::\\d{12}:role(\\u002F[\\u0021-\\u007F]+\\u002F|\\u002F)[\\w+=,.@-]+$" }, "Roles":{ "type":"list", @@ -2025,6 +2249,12 @@ "EMAIL" ] }, + "TagKey":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\S\\s]*" + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -2044,8 +2274,25 @@ }, "TagResourceResponse":{ "type":"structure", + "members":{} + }, + "TagValues":{ + "type":"structure", "members":{ - } + "Key":{ + "shape":"TagKey", + "documentation":"

The key for the tag.

" + }, + "Values":{ + "shape":"Values", + "documentation":"

The specific value of the tag.

" + }, + "MatchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options that you can use to filter your results.

" + } + }, + "documentation":"

The values that are available for a tag.

" }, "TargetId":{ "type":"string", @@ -2080,7 +2327,7 @@ "members":{ "Start":{ "shape":"GenericTimestamp", - "documentation":"

The start date for a budget. If you created your budget and didn't specify a start date, Amazon Web Services defaults to the start of your chosen time period (DAILY, MONTHLY, QUARTERLY, or ANNUALLY). For example, if you created your budget on January 24, 2018, chose DAILY, and didn't set a start date, Amazon Web Services set your start date to 01/24/18 00:00 UTC. If you chose MONTHLY, Amazon Web Services set your start date to 01/01/18 00:00 UTC. The defaults are the same for the Billing and Cost Management console and the API.

You can change your start date with the UpdateBudget operation.

" + "documentation":"

The start date for a budget. If you created your budget and didn't specify a start date, Amazon Web Services defaults to the start of your chosen time period (DAILY, MONTHLY, QUARTERLY, ANNUALLY, or CUSTOM). For example, if you created your budget on January 24, 2018, chose DAILY, and didn't set a start date, Amazon Web Services set your start date to 01/24/18 00:00 UTC. If you chose MONTHLY, Amazon Web Services set your start date to 01/01/18 00:00 UTC. The defaults are the same for the Billing and Cost Management console and the API.

You can change your start date with the UpdateBudget operation.

" }, "End":{ "shape":"GenericTimestamp", @@ -2096,7 +2343,8 @@ "DAILY", "MONTHLY", "QUARTERLY", - "ANNUALLY" + "ANNUALLY", + "CUSTOM" ] }, "UnitValue":{ @@ -2125,8 +2373,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBudgetActionRequest":{ "type":"structure", @@ -2197,8 +2444,7 @@ }, "UpdateBudgetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of UpdateBudget

" }, "UpdateNotificationRequest":{ @@ -2231,8 +2477,7 @@ }, "UpdateNotificationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of UpdateNotification

" }, "UpdateSubscriberRequest":{ @@ -2270,8 +2515,7 @@ }, "UpdateSubscriberResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response of UpdateSubscriber

" }, "User":{ @@ -2286,6 +2530,17 @@ "max":100, "min":1 }, + "Value":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[\\S\\s]*" + }, + "Values":{ + "type":"list", + "member":{"shape":"Value"}, + "min":1 + }, "errorMessage":{ "type":"string", "documentation":"

The error message the exception carries.

" diff -pruN 2.23.6-1/awscli/botocore/data/ce/2017-10-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ce/2017-10-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ce/2017-10-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ce/2017-10-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,254 +57,422 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://ce.us-east-1.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "ce", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://ce.us-east-1.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-cn" ] }, - "aws-cn" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ce.cn-northwest-1.api.amazonwebservices.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://ce.cn-northwest-1.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "ce", - "signingRegion": "cn-northwest-1" + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://ce.us-iso-east-1.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://ce.us-isob-east-1.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-iso-e" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://ce.eu-isoe-west-1.cloud.adc-e.uk", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-iso-f" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://ce-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://ce.us-isof-south-1.csp.hci.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ce.eusc-de-east-1.api.amazonwebservices.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -312,105 +480,293 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://ce.eusc-de-east-1.api.amazonwebservices.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ce-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://ce-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ce-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ce.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://ce.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://ce.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://ce.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/ce/2017-10-25/paginators-1.json 2.31.35-1/awscli/botocore/data/ce/2017-10-25/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ce/2017-10-25/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ce/2017-10-25/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,34 @@ { - "pagination": {} + "pagination": { + "GetAnomalies": { + "input_token": "NextPageToken", + "output_token": "NextPageToken", + "limit_key": "MaxResults", + "result_key": "Anomalies" + }, + "GetAnomalyMonitors": { + "input_token": "NextPageToken", + "output_token": "NextPageToken", + "limit_key": "MaxResults", + "result_key": "AnomalyMonitors" + }, + "GetAnomalySubscriptions": { + "input_token": "NextPageToken", + "output_token": "NextPageToken", + "limit_key": "MaxResults", + "result_key": "AnomalySubscriptions" + }, + "GetCostAndUsageComparisons": { + "input_token": "NextPageToken", + "output_token": "NextPageToken", + "limit_key": "MaxResults", + "result_key": "CostAndUsageComparisons" + }, + "GetCostComparisonDrivers": { + "input_token": "NextPageToken", + "output_token": "NextPageToken", + "limit_key": "MaxResults", + "result_key": "CostComparisonDrivers" + } + } } diff -pruN 2.23.6-1/awscli/botocore/data/ce/2017-10-25/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/ce/2017-10-25/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/ce/2017-10-25/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ce/2017-10-25/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "GetCostAndUsageComparisons": { + "non_aggregate_keys": [ + "TotalCostAndUsage" + ] + } + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/ce/2017-10-25/service-2.json 2.31.35-1/awscli/botocore/data/ce/2017-10-25/service-2.json --- 2.23.6-1/awscli/botocore/data/ce/2017-10-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ce/2017-10-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -200,10 +200,28 @@ {"shape":"DataUnavailableException"}, {"shape":"InvalidNextTokenException"}, {"shape":"RequestChangedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves cost and usage metrics for your account. You can specify which cost and usage-related metric that you want the request to return. For example, you can specify BlendedCosts or UsageQuantity. You can also filter and group your data by various dimensions, such as SERVICE or AZ, in a specific time range. For a complete list of valid dimensions, see the GetDimensionValues operation. Management account in an organization in Organizations have access to all member accounts.

For information about filter limitations, see Quotas and restrictions in the Billing and Cost Management User Guide.

" }, + "GetCostAndUsageComparisons":{ + "name":"GetCostAndUsageComparisons", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCostAndUsageComparisonsRequest"}, + "output":{"shape":"GetCostAndUsageComparisonsResponse"}, + "errors":[ + {"shape":"DataUnavailableException"}, + {"shape":"InvalidNextTokenException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} + ], + "documentation":"

Retrieves cost and usage comparisons for your account between two periods within the last 13 months. If you have enabled multi-year data at monthly granularity, you can go back up to 38 months.

" + }, "GetCostAndUsageWithResources":{ "name":"GetCostAndUsageWithResources", "http":{ @@ -218,7 +236,8 @@ {"shape":"BillExpirationException"}, {"shape":"InvalidNextTokenException"}, {"shape":"RequestChangedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves cost and usage metrics with resources for your account. You can specify which cost and usage-related metric, such as BlendedCosts or UsageQuantity, that you want the request to return. You can also filter and group your data by various dimensions, such as SERVICE or AZ, in a specific time range. For a complete list of valid dimensions, see the GetDimensionValues operation. Management account in an organization in Organizations have access to all member accounts.

Hourly granularity is only available for EC2-Instances (Elastic Compute Cloud) resource-level data. All other resource-level data is available at daily granularity.

This is an opt-in only feature. You can enable this feature from the Cost Explorer Settings page. For information about how to access the Settings page, see Controlling Access for Cost Explorer in the Billing and Cost Management User Guide.

" }, @@ -236,10 +255,28 @@ {"shape":"DataUnavailableException"}, {"shape":"InvalidNextTokenException"}, {"shape":"RequestChangedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves an array of Cost Category names and values incurred cost.

If some Cost Category names and values are not associated with any cost, they will not be returned by this API.

" }, + "GetCostComparisonDrivers":{ + "name":"GetCostComparisonDrivers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCostComparisonDriversRequest"}, + "output":{"shape":"GetCostComparisonDriversResponse"}, + "errors":[ + {"shape":"DataUnavailableException"}, + {"shape":"InvalidNextTokenException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} + ], + "documentation":"

Retrieves key factors driving cost changes between two time periods within the last 13 months, such as usage changes, discount changes, and commitment-based savings. If you have enabled multi-year data at monthly granularity, you can go back up to 38 months.

" + }, "GetCostForecast":{ "name":"GetCostForecast", "http":{ @@ -251,7 +288,8 @@ "errors":[ {"shape":"LimitExceededException"}, {"shape":"DataUnavailableException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves a forecast for how much Amazon Web Services predicts that you will spend over the forecast time period that you select, based on your past costs.

" }, @@ -269,7 +307,8 @@ {"shape":"DataUnavailableException"}, {"shape":"InvalidNextTokenException"}, {"shape":"RequestChangedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves all available filter values for a specified filter over a period of time. You can search the dimension values for an arbitrary string.

" }, @@ -418,7 +457,8 @@ {"shape":"DataUnavailableException"}, {"shape":"InvalidNextTokenException"}, {"shape":"RequestChangedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Queries for available tag keys and tag values for a specified period. You can search the tag values for an arbitrary string.

" }, @@ -434,7 +474,8 @@ {"shape":"LimitExceededException"}, {"shape":"DataUnavailableException"}, {"shape":"UnresolvableUsageUnitException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"

Retrieves a forecast for how much Amazon Web Services predicts that you will use over the forecast time period that you select, based on your past usage.

" }, @@ -564,7 +605,7 @@ {"shape":"LimitExceededException"}, {"shape":"BackfillLimitExceededException"} ], - "documentation":"

Request a cost allocation tag backfill. This will backfill the activation status (either active or inactive) for all tag keys from para:BackfillFrom up to the when this request is made.

You can request a backfill once every 24 hours.

" + "documentation":"

Request a cost allocation tag backfill. This will backfill the activation status (either active or inactive) for all tag keys from para:BackfillFrom up to the time this request is made.

You can request a backfill once every 24 hours.

" }, "StartSavingsPlansPurchaseRecommendationGeneration":{ "name":"StartSavingsPlansPurchaseRecommendationGeneration", @@ -1013,6 +1054,14 @@ "min":20, "pattern":"^arn:aws[a-z-]*:(billing)::[0-9]{12}:billingview/[-a-zA-Z0-9/:_+=.-@]{1,43}$" }, + "BillingViewHealthStatusException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

The billing view status must be HEALTHY to perform this action. Try again when the status is HEALTHY.

", + "exception":true + }, "CommitmentPurchaseAnalysisConfiguration":{ "type":"structure", "members":{ @@ -1023,6 +1072,33 @@ }, "documentation":"

The configuration for the commitment purchase analysis.

" }, + "ComparisonMetricValue":{ + "type":"structure", + "members":{ + "BaselineTimePeriodAmount":{ + "shape":"GenericString", + "documentation":"

The numeric value for the baseline time period measurement.

" + }, + "ComparisonTimePeriodAmount":{ + "shape":"GenericString", + "documentation":"

The numeric value for the comparison time period measurement.

" + }, + "Difference":{ + "shape":"GenericString", + "documentation":"

The calculated difference between ComparisonTimePeriodAmount and BaselineTimePeriodAmount.

" + }, + "Unit":{ + "shape":"GenericString", + "documentation":"

The unit of measurement applicable to all numeric values in this comparison.

" + } + }, + "documentation":"

Contains cost or usage metric values for comparing two time periods. Each value includes amounts for the baseline and comparison time periods, their difference, and the unit of measurement.

" + }, + "ComparisonMetrics":{ + "type":"map", + "key":{"shape":"MetricName"}, + "value":{"shape":"ComparisonMetricValue"} + }, "Context":{ "type":"string", "enum":[ @@ -1157,6 +1233,27 @@ "max":1000, "min":1 }, + "CostAndUsageComparison":{ + "type":"structure", + "members":{ + "CostAndUsageSelector":{"shape":"Expression"}, + "Metrics":{ + "shape":"ComparisonMetrics", + "documentation":"

A mapping of metric names to their comparison values.

" + } + }, + "documentation":"

Represents a comparison of cost and usage metrics between two time periods.

" + }, + "CostAndUsageComparisons":{ + "type":"list", + "member":{"shape":"CostAndUsageComparison"} + }, + "CostAndUsageComparisonsMaxResults":{ + "type":"integer", + "box":true, + "max":2000, + "min":1 + }, "CostCategory":{ "type":"structure", "required":[ @@ -1443,6 +1540,53 @@ "type":"list", "member":{"shape":"CostCategoryValue"} }, + "CostComparisonDriver":{ + "type":"structure", + "members":{ + "CostSelector":{"shape":"Expression"}, + "Metrics":{ + "shape":"ComparisonMetrics", + "documentation":"

A mapping of metric names to their comparison values.

" + }, + "CostDrivers":{ + "shape":"CostDrivers", + "documentation":"

An array of cost drivers, each representing a cost difference between the baseline and comparison time periods. Each entry also includes a metric delta (for example, usage change) that contributed to the cost variance, along with the identifier and type of change.

" + } + }, + "documentation":"

Represents a collection of cost drivers and their associated metrics for cost comparison analysis.

" + }, + "CostComparisonDrivers":{ + "type":"list", + "member":{"shape":"CostComparisonDriver"} + }, + "CostComparisonDriversMaxResults":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "CostDriver":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"GenericString", + "documentation":"

The category or classification of the cost driver.

Values include: BUNDLED_DISCOUNT, CREDIT, OUT_OF_CYCLE_CHARGE, REFUND, RECURRING_RESERVATION_FEE, RESERVATION_USAGE, RI_VOLUME_DISCOUNT, SAVINGS_PLAN_USAGE, SAVINGS_PLAN_RECURRING_FEE, SUPPORT_FEE, TAX, UPFRONT_RESERVATION_FEE, USAGE_CHANGE, COMMITMENT

" + }, + "Name":{ + "shape":"GenericString", + "documentation":"

The specific identifier of the cost driver.

" + }, + "Metrics":{ + "shape":"ComparisonMetrics", + "documentation":"

A mapping of metric names to their comparison values, measuring the impact of this cost driver.

" + } + }, + "documentation":"

Represents factors that contribute to cost variations between the baseline and comparison time periods, including the type of driver, an identifier of the driver, and associated metrics.

" + }, + "CostDrivers":{ + "type":"list", + "member":{"shape":"CostDriver"} + }, "Coverage":{ "type":"structure", "members":{ @@ -1717,8 +1861,7 @@ }, "DeleteAnomalyMonitorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAnomalySubscriptionRequest":{ "type":"structure", @@ -1732,8 +1875,7 @@ }, "DeleteAnomalySubscriptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCostCategoryDefinitionRequest":{ "type":"structure", @@ -1784,6 +1926,7 @@ "AZ", "INSTANCE_TYPE", "LINKED_ACCOUNT", + "PAYER_ACCOUNT", "LINKED_ACCOUNT_NAME", "OPERATION", "PURCHASE_TYPE", @@ -1822,7 +1965,7 @@ "members":{ "Key":{ "shape":"Dimension", - "documentation":"

The names of the metadata types that you can use to filter and group your results. For example, AZ returns a list of Availability Zones.

Not all dimensions are supported in each API. Refer to the documentation for each specific API to see what is supported.

LINK_ACCOUNT_NAME and SERVICE_CODE can only be used in CostCategoryRule.

ANOMALY_TOTAL_IMPACT_ABSOLUTE and ANOMALY_TOTAL_IMPACT_PERCENTAGE can only be used in AnomalySubscriptions.

" + "documentation":"

The names of the metadata types that you can use to filter and group your results. For example, AZ returns a list of Availability Zones.

Not all dimensions are supported in each API. Refer to the documentation for each specific API to see what is supported.

LINKED_ACCOUNT_NAME and SERVICE_CODE can only be used in CostCategoryRule.

ANOMALY_TOTAL_IMPACT_ABSOLUTE and ANOMALY_TOTAL_IMPACT_PERCENTAGE can only be used in AnomalySubscriptions.

" }, "Values":{ "shape":"Values", @@ -2265,7 +2408,8 @@ }, "MaxResults":{ "shape":"PageSize", - "documentation":"

The number of entries a paginated response contains.

" + "documentation":"

The number of entries a paginated response contains.

", + "box":true } } }, @@ -2296,7 +2440,8 @@ }, "MaxResults":{ "shape":"PageSize", - "documentation":"

The number of entries that a paginated response contains.

" + "documentation":"

The number of entries that a paginated response contains.

", + "box":true } } }, @@ -2331,7 +2476,8 @@ }, "MaxResults":{ "shape":"PageSize", - "documentation":"

The number of entries a paginated response contains.

" + "documentation":"

The number of entries a paginated response contains.

", + "box":true } } }, @@ -2441,6 +2587,63 @@ } } }, + "GetCostAndUsageComparisonsRequest":{ + "type":"structure", + "required":[ + "BaselineTimePeriod", + "ComparisonTimePeriod", + "MetricForComparison" + ], + "members":{ + "BillingViewArn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies a specific billing view. The ARN is used to specify which particular billing view you want to interact with or retrieve information from when making API calls related to Amazon Web Services Billing and Cost Management features. The BillingViewArn can be retrieved by calling the ListBillingViews API.

" + }, + "BaselineTimePeriod":{ + "shape":"DateInterval", + "documentation":"

The reference time period for comparison. This time period serves as the baseline against which other cost and usage data will be compared. The interval must start and end on the first day of a month, with a duration of exactly one month.

" + }, + "ComparisonTimePeriod":{ + "shape":"DateInterval", + "documentation":"

The comparison time period for analysis. This time period's cost and usage data will be compared against the baseline time period. The interval must start and end on the first day of a month, with a duration of exactly one month.

" + }, + "MetricForComparison":{ + "shape":"MetricName", + "documentation":"

The cost and usage metric to compare. Valid values are AmortizedCost, BlendedCost, NetAmortizedCost, NetUnblendedCost, NormalizedUsageAmount, UnblendedCost, and UsageQuantity.

" + }, + "Filter":{"shape":"Expression"}, + "GroupBy":{ + "shape":"GroupDefinitions", + "documentation":"

You can group results using the attributes DIMENSION, TAG, and COST_CATEGORY.

" + }, + "MaxResults":{ + "shape":"CostAndUsageComparisonsMaxResults", + "documentation":"

The maximum number of results that are returned for the request.

", + "box":true + }, + "NextPageToken":{ + "shape":"NextPageToken", + "documentation":"

The token to retrieve the next set of paginated results.

" + } + } + }, + "GetCostAndUsageComparisonsResponse":{ + "type":"structure", + "members":{ + "CostAndUsageComparisons":{ + "shape":"CostAndUsageComparisons", + "documentation":"

An array of comparison results showing cost and usage metrics between BaselineTimePeriod and ComparisonTimePeriod.

" + }, + "TotalCostAndUsage":{ + "shape":"ComparisonMetrics", + "documentation":"

A summary of the total cost and usage, comparing amounts between BaselineTimePeriod and ComparisonTimePeriod and their differences. This total represents the aggregate total across all paginated results, if the response spans multiple pages.

" + }, + "NextPageToken":{ + "shape":"NextPageToken", + "documentation":"

The token to retrieve the next set of paginated results.

" + } + } + }, "GetCostAndUsageRequest":{ "type":"structure", "required":[ @@ -2518,7 +2721,7 @@ }, "Filter":{ "shape":"Expression", - "documentation":"

Filters Amazon Web Services costs by different dimensions. For example, you can specify SERVICE and LINKED_ACCOUNT and get the costs that are associated with that account's usage of that service. You can nest Expression objects to define any combination of dimension filters. For more information, see Expression.

The GetCostAndUsageWithResources operation requires that you either group by or filter by a ResourceId. It requires the Expression \"SERVICE = Amazon Elastic Compute Cloud - Compute\" in the filter.

Valid values for MatchOptions for Dimensions are EQUALS and CASE_SENSITIVE.

Valid values for MatchOptions for CostCategories and Tags are EQUALS, ABSENT, and CASE_SENSITIVE. Default values are EQUALS and CASE_SENSITIVE.

" + "documentation":"

Filters Amazon Web Services costs by different dimensions. For example, you can specify SERVICE and LINKED_ACCOUNT and get the costs that are associated with that account's usage of that service. You can nest Expression objects to define any combination of dimension filters. For more information, see Expression.

Valid values for MatchOptions for Dimensions are EQUALS and CASE_SENSITIVE.

Valid values for MatchOptions for CostCategories and Tags are EQUALS, ABSENT, and CASE_SENSITIVE. Default values are EQUALS and CASE_SENSITIVE.

" }, "Metrics":{ "shape":"MetricNames", @@ -2617,6 +2820,59 @@ } } }, + "GetCostComparisonDriversRequest":{ + "type":"structure", + "required":[ + "BaselineTimePeriod", + "ComparisonTimePeriod", + "MetricForComparison" + ], + "members":{ + "BillingViewArn":{ + "shape":"BillingViewArn", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies a specific billing view. The ARN is used to specify which particular billing view you want to interact with or retrieve information from when making API calls related to Amazon Web Services Billing and Cost Management features. The BillingViewArn can be retrieved by calling the ListBillingViews API.

" + }, + "BaselineTimePeriod":{ + "shape":"DateInterval", + "documentation":"

The reference time period for comparison. This time period serves as the baseline against which other cost and usage data will be compared. The interval must start and end on the first day of a month, with a duration of exactly one month.

" + }, + "ComparisonTimePeriod":{ + "shape":"DateInterval", + "documentation":"

The comparison time period for analysis. This time period's cost and usage data will be compared against the baseline time period. The interval must start and end on the first day of a month, with a duration of exactly one month.

" + }, + "MetricForComparison":{ + "shape":"MetricName", + "documentation":"

The cost and usage metric to compare. Valid values are AmortizedCost, BlendedCost, NetAmortizedCost, NetUnblendedCost, NormalizedUsageAmount, UnblendedCost, and UsageQuantity.

" + }, + "Filter":{"shape":"Expression"}, + "GroupBy":{ + "shape":"GroupDefinitions", + "documentation":"

You can group results using the attributes DIMENSION, TAG, and COST_CATEGORY. Note that SERVICE and USAGE_TYPE dimensions are automatically included in the cost comparison drivers analysis.

" + }, + "MaxResults":{ + "shape":"CostComparisonDriversMaxResults", + "documentation":"

The maximum number of results that are returned for the request.

", + "box":true + }, + "NextPageToken":{ + "shape":"NextPageToken", + "documentation":"

The token to retrieve the next set of paginated results.

" + } + } + }, + "GetCostComparisonDriversResponse":{ + "type":"structure", + "members":{ + "CostComparisonDrivers":{ + "shape":"CostComparisonDrivers", + "documentation":"

An array of comparison results showing factors that drive significant cost differences between BaselineTimePeriod and ComparisonTimePeriod.

" + }, + "NextPageToken":{ + "shape":"NextPageToken", + "documentation":"

The token to retrieve the next set of paginated results.

" + } + } + }, "GetCostForecastRequest":{ "type":"structure", "required":[ @@ -2639,7 +2895,7 @@ }, "Filter":{ "shape":"Expression", - "documentation":"

The filters that you want to use to filter your forecast. The GetCostForecast API supports filtering by the following dimensions:

  • AZ

  • INSTANCE_TYPE

  • LINKED_ACCOUNT

  • LINKED_ACCOUNT_NAME

  • OPERATION

  • PURCHASE_TYPE

  • REGION

  • SERVICE

  • USAGE_TYPE

  • USAGE_TYPE_GROUP

  • RECORD_TYPE

  • OPERATING_SYSTEM

  • TENANCY

  • SCOPE

  • PLATFORM

  • SUBSCRIPTION_ID

  • LEGAL_ENTITY_NAME

  • DEPLOYMENT_OPTION

  • DATABASE_ENGINE

  • INSTANCE_TYPE_FAMILY

  • BILLING_ENTITY

  • RESERVATION_ID

  • SAVINGS_PLAN_ARN

" + "documentation":"

The filters that you want to use to filter your forecast. The GetCostForecast API supports filtering by the following dimensions:

  • AZ

  • INSTANCE_TYPE

  • LINKED_ACCOUNT

  • OPERATION

  • PURCHASE_TYPE

  • REGION

  • SERVICE

  • USAGE_TYPE

  • USAGE_TYPE_GROUP

  • RECORD_TYPE

  • OPERATING_SYSTEM

  • TENANCY

  • SCOPE

  • PLATFORM

  • SUBSCRIPTION_ID

  • LEGAL_ENTITY_NAME

  • DEPLOYMENT_OPTION

  • DATABASE_ENGINE

  • INSTANCE_TYPE_FAMILY

  • BILLING_ENTITY

  • RESERVATION_ID

  • SAVINGS_PLAN_ARN

" }, "BillingViewArn":{ "shape":"BillingViewArn", @@ -5329,8 +5585,7 @@ }, "StartSavingsPlansPurchaseRecommendationGenerationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "StartSavingsPlansPurchaseRecommendationGenerationResponse":{ "type":"structure", @@ -5428,8 +5683,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValues":{ "type":"structure", @@ -5593,8 +5847,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UnusedHours":{"type":"string"}, "UnusedUnits":{"type":"string"}, diff -pruN 2.23.6-1/awscli/botocore/data/chatbot/2017-10-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chatbot/2017-10-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chatbot/2017-10-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chatbot/2017-10-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/chime/2018-05-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime/2018-05-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime/2018-05-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime/2018-05-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -184,7 +182,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -219,7 +216,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -230,14 +226,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -251,14 +249,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -267,11 +263,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -282,14 +278,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -303,7 +301,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -323,7 +320,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -334,14 +330,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -352,9 +350,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/chime/2018-05-01/service-2.json 2.31.35-1/awscli/botocore/data/chime/2018-05-01/service-2.json --- 2.23.6-1/awscli/botocore/data/chime/2018-05-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime/2018-05-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,10 +4,12 @@ "apiVersion":"2018-05-01", "endpointPrefix":"chime", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Chime", "serviceId":"Chime", "signatureVersion":"v4", - "uid":"chime-2018-05-01" + "uid":"chime-2018-05-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociatePhoneNumberWithUser":{ @@ -31,52 +33,6 @@ ], "documentation":"

Associates a phone number with the specified Amazon Chime user.

" }, - "AssociatePhoneNumbersWithVoiceConnector":{ - "name":"AssociatePhoneNumbersWithVoiceConnector", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}?operation=associate-phone-numbers", - "responseCode":200 - }, - "input":{"shape":"AssociatePhoneNumbersWithVoiceConnectorRequest"}, - "output":{"shape":"AssociatePhoneNumbersWithVoiceConnectorResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Associates phone numbers with the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, AssociatePhoneNumbersWithVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by AssociatePhoneNumbersWithVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "AssociatePhoneNumbersWithVoiceConnectorGroup":{ - "name":"AssociatePhoneNumbersWithVoiceConnectorGroup", - "http":{ - "method":"POST", - "requestUri":"/voice-connector-groups/{voiceConnectorGroupId}?operation=associate-phone-numbers", - "responseCode":200 - }, - "input":{"shape":"AssociatePhoneNumbersWithVoiceConnectorGroupRequest"}, - "output":{"shape":"AssociatePhoneNumbersWithVoiceConnectorGroupResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Associates phone numbers with the specified Amazon Chime Voice Connector group.

This API is is no longer supported and will not be updated. We recommend using the latest version, AssociatePhoneNumbersWithVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by AssociatePhoneNumbersWithVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, "AssociateSigninDelegateGroupsWithAccount":{ "name":"AssociateSigninDelegateGroupsWithAccount", "http":{ @@ -97,51 +53,6 @@ ], "documentation":"

Associates the specified sign-in delegate groups with the specified Amazon Chime account.

" }, - "BatchCreateAttendee":{ - "name":"BatchCreateAttendee", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/attendees?operation=batch-create", - "responseCode":201 - }, - "input":{"shape":"BatchCreateAttendeeRequest"}, - "output":{"shape":"BatchCreateAttendeeResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates up to 100 new attendees for an active Amazon Chime SDK meeting.

This API is is no longer supported and will not be updated. We recommend using the latest version, BatchCreateAttendee, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by BatchCreateAttendee in the Amazon Chime SDK Meetings Namespace" - }, - "BatchCreateChannelMembership":{ - "name":"BatchCreateChannelMembership", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/memberships?operation=batch-create", - "responseCode":200 - }, - "input":{"shape":"BatchCreateChannelMembershipRequest"}, - "output":{"shape":"BatchCreateChannelMembershipResponse"}, - "errors":[ - {"shape":"ServiceFailureException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"} - ], - "documentation":"

Adds a specified number of users to a channel.

This API is is no longer supported and will not be updated. We recommend using the latest version, BatchCreateChannelMembership, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by BatchCreateChannelMembership in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "BatchCreateRoomMembership":{ "name":"BatchCreateRoomMembership", "http":{ @@ -282,101 +193,6 @@ ], "documentation":"

Creates an Amazon Chime account under the administrator's AWS account. Only Team account types are currently supported for this action. For more information about different account types, see Managing Your Amazon Chime Accounts in the Amazon Chime Administration Guide.

" }, - "CreateAppInstance":{ - "name":"CreateAppInstance", - "http":{ - "method":"POST", - "requestUri":"/app-instances", - "responseCode":201 - }, - "input":{"shape":"CreateAppInstanceRequest"}, - "output":{"shape":"CreateAppInstanceResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates an Amazon Chime SDK messaging AppInstance under an AWS account. Only SDK messaging customers use this API. CreateAppInstance supports idempotency behavior as described in the AWS API Standard.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateAppInstance, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateAppInstance in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "CreateAppInstanceAdmin":{ - "name":"CreateAppInstanceAdmin", - "http":{ - "method":"POST", - "requestUri":"/app-instances/{appInstanceArn}/admins", - "responseCode":201 - }, - "input":{"shape":"CreateAppInstanceAdminRequest"}, - "output":{"shape":"CreateAppInstanceAdminResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Promotes an AppInstanceUser to an AppInstanceAdmin. The promoted user can perform the following actions.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateAppInstanceAdmin, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

  • ChannelModerator actions across all channels in the AppInstance.

  • DeleteChannelMessage actions.

Only an AppInstanceUser can be promoted to an AppInstanceAdmin role.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateAppInstanceAdmin in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "CreateAppInstanceUser":{ - "name":"CreateAppInstanceUser", - "http":{ - "method":"POST", - "requestUri":"/app-instance-users", - "responseCode":201 - }, - "input":{"shape":"CreateAppInstanceUserRequest"}, - "output":{"shape":"CreateAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a user under an Amazon Chime AppInstance. The request consists of a unique appInstanceUserId and Name for that user.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateAppInstanceUser in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "CreateAttendee":{ - "name":"CreateAttendee", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/attendees", - "responseCode":201 - }, - "input":{"shape":"CreateAttendeeRequest"}, - "output":{"shape":"CreateAttendeeResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a new attendee for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateAttendee, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateAttendee in the Amazon Chime SDK Meetings Namespace" - }, "CreateBot":{ "name":"CreateBot", "http":{ @@ -398,146 +214,6 @@ ], "documentation":"

Creates a bot for an Amazon Chime Enterprise account.

" }, - "CreateChannel":{ - "name":"CreateChannel", - "http":{ - "method":"POST", - "requestUri":"/channels", - "responseCode":201 - }, - "input":{"shape":"CreateChannelRequest"}, - "output":{"shape":"CreateChannelResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a channel to which you can add users and send messages.

Restriction: You can't change a channel's privacy.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateChannel, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateChannel in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "CreateChannelBan":{ - "name":"CreateChannelBan", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/bans", - "responseCode":201 - }, - "input":{"shape":"CreateChannelBanRequest"}, - "output":{"shape":"CreateChannelBanResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Permanently bans a member from a channel. Moderators can't add banned members to a channel. To undo a ban, you first have to DeleteChannelBan, and then CreateChannelMembership. Bans are cleaned up when you delete users or channels.

If you ban a user who is already part of a channel, that user is automatically kicked from the channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateChannelBan, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateChannelBan in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "CreateChannelMembership":{ - "name":"CreateChannelMembership", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/memberships", - "responseCode":201 - }, - "input":{"shape":"CreateChannelMembershipRequest"}, - "output":{"shape":"CreateChannelMembershipResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds a user to a channel. The InvitedBy response field is derived from the request header. A channel member can:

  • List messages

  • Send messages

  • Receive messages

  • Edit their own messages

  • Leave the channel

Privacy settings impact this action as follows:

  • Public Channels: You do not need to be a member to list messages, but you must be a member to send messages.

  • Private Channels: You must be a member to list or send messages.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateChannelMembership, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateChannelMembership in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "CreateChannelModerator":{ - "name":"CreateChannelModerator", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/moderators", - "responseCode":201 - }, - "input":{"shape":"CreateChannelModeratorRequest"}, - "output":{"shape":"CreateChannelModeratorResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a new ChannelModerator. A channel moderator can:

  • Add and remove other members of the channel.

  • Add and remove other moderators of the channel.

  • Add and remove user bans for the channel.

  • Redact messages in the channel.

  • List messages in the channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateChannelModerator, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateChannelModerator in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "CreateMediaCapturePipeline":{ - "name":"CreateMediaCapturePipeline", - "http":{ - "method":"POST", - "requestUri":"/media-capture-pipelines", - "responseCode":201 - }, - "input":{"shape":"CreateMediaCapturePipelineRequest"}, - "output":{"shape":"CreateMediaCapturePipelineResponse"}, - "errors":[ - {"shape":"ResourceLimitExceededException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a media capture pipeline.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateMediaCapturePipeline, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateMediaCapturePipeline in the Amazon Chime SDK Media Pipelines Namespace" - }, - "CreateMeeting":{ - "name":"CreateMeeting", - "http":{ - "method":"POST", - "requestUri":"/meetings", - "responseCode":201 - }, - "input":{"shape":"CreateMeetingRequest"}, - "output":{"shape":"CreateMeetingResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime SDK Developer Guide . For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateMeeting, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateMeeting in the Amazon Chime SDK Meetings Namespace" - }, "CreateMeetingDialOut":{ "name":"CreateMeetingDialOut", "http":{ @@ -557,29 +233,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

Uses the join token and call metadata in a meeting request (From number, To number, and so forth) to initiate an outbound call to a public switched telephone network (PSTN) and join them into a Chime meeting. Also ensures that the From number belongs to the customer.

To play welcome audio or implement an interactive voice response (IVR), use the CreateSipMediaApplicationCall action with the corresponding SIP media application ID.

This API is is not available in a dedicated namespace.

" - }, - "CreateMeetingWithAttendees":{ - "name":"CreateMeetingWithAttendees", - "http":{ - "method":"POST", - "requestUri":"/meetings?operation=create-attendees", - "responseCode":201 - }, - "input":{"shape":"CreateMeetingWithAttendeesRequest"}, - "output":{"shape":"CreateMeetingWithAttendeesResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region, with attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime SDK Developer Guide . For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide .

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateMeetingWithAttendees, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateMeetingWithAttendees in the Amazon Chime SDK Meetings Namespace" + "documentation":"

Uses the join token and call metadata in a meeting request (From number, To number, and so forth) to initiate an outbound call to a public switched telephone network (PSTN) and join them into a Chime meeting. Also ensures that the From number belongs to the customer.

To play welcome audio or implement an interactive voice response (IVR), use the CreateSipMediaApplicationCall action with the corresponding SIP media application ID.

This API is not available in a dedicated namespace.

" }, "CreatePhoneNumberOrder":{ "name":"CreatePhoneNumberOrder", @@ -602,28 +256,6 @@ ], "documentation":"

Creates an order for phone numbers to be provisioned. For toll-free numbers, you cannot use the Amazon Chime Business Calling product type. For numbers outside the U.S., you must use the Amazon Chime SIP Media Application Dial-In product type.

" }, - "CreateProxySession":{ - "name":"CreateProxySession", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}/proxy-sessions", - "responseCode":201 - }, - "input":{"shape":"CreateProxySessionRequest"}, - "output":{"shape":"CreateProxySessionResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a proxy session on the specified Amazon Chime Voice Connector for the specified participant phone numbers.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateProxySession, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateProxySession in the Amazon Chime SDK Voice Namespace" - }, "CreateRoom":{ "name":"CreateRoom", "http":{ @@ -667,77 +299,6 @@ ], "documentation":"

Adds a member to a chat room in an Amazon Chime Enterprise account. A member can be either a user or a bot. The member role designates whether the member is a chat room administrator or a general chat room member.

" }, - "CreateSipMediaApplication":{ - "name":"CreateSipMediaApplication", - "http":{ - "method":"POST", - "requestUri":"/sip-media-applications", - "responseCode":201 - }, - "input":{"shape":"CreateSipMediaApplicationRequest"}, - "output":{"shape":"CreateSipMediaApplicationResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"AccessDeniedException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ConflictException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a SIP media application.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateSipMediaApplication, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateSipMediaApplication in the Amazon Chime SDK Voice Namespace" - }, - "CreateSipMediaApplicationCall":{ - "name":"CreateSipMediaApplicationCall", - "http":{ - "method":"POST", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}/calls", - "responseCode":201 - }, - "input":{"shape":"CreateSipMediaApplicationCallRequest"}, - "output":{"shape":"CreateSipMediaApplicationCallResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates an outbound call to a phone number from the phone number specified in the request, and it invokes the endpoint of the specified sipMediaApplicationId.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateSipMediaApplicationCall, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateSipMediaApplicationCall in the Amazon Chime SDK Voice Namespace" - }, - "CreateSipRule":{ - "name":"CreateSipRule", - "http":{ - "method":"POST", - "requestUri":"/sip-rules", - "responseCode":201 - }, - "input":{"shape":"CreateSipRuleRequest"}, - "output":{"shape":"CreateSipRuleResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"AccessDeniedException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ConflictException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates a SIP rule which can be used to run a SIP media application as a target for a specific trigger type.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateSipRule, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateSipRule in the Amazon Chime SDK Voice Namespace" - }, "CreateUser":{ "name":"CreateUser", "http":{ @@ -759,52 +320,6 @@ ], "documentation":"

Creates a user under the specified Amazon Chime account.

" }, - "CreateVoiceConnector":{ - "name":"CreateVoiceConnector", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors", - "responseCode":201 - }, - "input":{"shape":"CreateVoiceConnectorRequest"}, - "output":{"shape":"CreateVoiceConnectorResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"AccessDeniedException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates an Amazon Chime Voice Connector under the administrator's AWS account. You can choose to create an Amazon Chime Voice Connector in a specific AWS Region.

Enabling CreateVoiceConnectorRequest$RequireEncryption configures your Amazon Chime Voice Connector to use TLS transport for SIP signaling and Secure RTP (SRTP) for media. Inbound calls use TLS transport, and unencrypted outbound calls are blocked.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "CreateVoiceConnectorGroup":{ - "name":"CreateVoiceConnectorGroup", - "http":{ - "method":"POST", - "requestUri":"/voice-connector-groups", - "responseCode":201 - }, - "input":{"shape":"CreateVoiceConnectorGroupRequest"}, - "output":{"shape":"CreateVoiceConnectorGroupResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"AccessDeniedException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Creates an Amazon Chime Voice Connector group under the administrator's AWS account. You can associate Amazon Chime Voice Connectors with the Amazon Chime Voice Connector group by including VoiceConnectorItems in the request.

You can include Amazon Chime Voice Connectors from different AWS Regions in your group. This creates a fault tolerant mechanism for fallback in case of availability events.

This API is is no longer supported and will not be updated. We recommend using the latest version, CreateVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by CreateVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, "DeleteAccount":{ "name":"DeleteAccount", "http":{ @@ -826,218 +341,6 @@ ], "documentation":"

Deletes the specified Amazon Chime account. You must suspend all users before deleting Team account. You can use the BatchSuspendUser action to dodo.

For EnterpriseLWA and EnterpriseAD accounts, you must release the claimed domains for your Amazon Chime account before deletion. As soon as you release the domain, all users under that account are suspended.

Deleted accounts appear in your Disabled accounts list for 90 days. To restore deleted account from your Disabled accounts list, you must contact AWS Support.

After 90 days, deleted accounts are permanently removed from your Disabled accounts list.

" }, - "DeleteAppInstance":{ - "name":"DeleteAppInstance", - "http":{ - "method":"DELETE", - "requestUri":"/app-instances/{appInstanceArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteAppInstanceRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes an AppInstance and all associated data asynchronously.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteAppInstance, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteAppInstance in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DeleteAppInstanceAdmin":{ - "name":"DeleteAppInstanceAdmin", - "http":{ - "method":"DELETE", - "requestUri":"/app-instances/{appInstanceArn}/admins/{appInstanceAdminArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteAppInstanceAdminRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Demotes an AppInstanceAdmin to an AppInstanceUser. This action does not delete the user.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteAppInstanceAdmin, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteAppInstanceAdmin in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DeleteAppInstanceStreamingConfigurations":{ - "name":"DeleteAppInstanceStreamingConfigurations", - "http":{ - "method":"DELETE", - "requestUri":"/app-instances/{appInstanceArn}/streaming-configurations", - "responseCode":204 - }, - "input":{"shape":"DeleteAppInstanceStreamingConfigurationsRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the streaming configurations of an AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteAppInstanceStreamingConfigurations, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteAppInstanceStreamingConfigurations in the Amazon Chime SDK Messaging Namespace" - }, - "DeleteAppInstanceUser":{ - "name":"DeleteAppInstanceUser", - "http":{ - "method":"DELETE", - "requestUri":"/app-instance-users/{appInstanceUserArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteAppInstanceUserRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes an AppInstanceUser.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteAppInstanceUser in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DeleteAttendee":{ - "name":"DeleteAttendee", - "http":{ - "method":"DELETE", - "requestUri":"/meetings/{meetingId}/attendees/{attendeeId}", - "responseCode":204 - }, - "input":{"shape":"DeleteAttendeeRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes an attendee from the specified Amazon Chime SDK meeting and deletes their JoinToken. Attendees are automatically deleted when a Amazon Chime SDK meeting is deleted. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteAttendee, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteAttendee in the Amazon Chime SDK Meetings Namespace" - }, - "DeleteChannel":{ - "name":"DeleteChannel", - "http":{ - "method":"DELETE", - "requestUri":"/channels/{channelArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteChannelRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Immediately makes a channel and its memberships inaccessible and marks them for deletion. This is an irreversible process.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteChannel, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteChannel in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DeleteChannelBan":{ - "name":"DeleteChannelBan", - "http":{ - "method":"DELETE", - "requestUri":"/channels/{channelArn}/bans/{memberArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteChannelBanRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Removes a user from a channel's ban list.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteChannelBan, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteChannelBan in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DeleteChannelMembership":{ - "name":"DeleteChannelMembership", - "http":{ - "method":"DELETE", - "requestUri":"/channels/{channelArn}/memberships/{memberArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteChannelMembershipRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Removes a member from a channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteChannelMembership, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteChannelMembership in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DeleteChannelMessage":{ - "name":"DeleteChannelMessage", - "http":{ - "method":"DELETE", - "requestUri":"/channels/{channelArn}/messages/{messageId}", - "responseCode":204 - }, - "input":{"shape":"DeleteChannelMessageRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes a channel message. Only admins can perform this action. Deletion makes messages inaccessible immediately. A background process deletes any revisions created by UpdateChannelMessage.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteChannelMessage, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteChannelMessage in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DeleteChannelModerator":{ - "name":"DeleteChannelModerator", - "http":{ - "method":"DELETE", - "requestUri":"/channels/{channelArn}/moderators/{channelModeratorArn}", - "responseCode":204 - }, - "input":{"shape":"DeleteChannelModeratorRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes a channel moderator.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteChannelModerator, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteChannelModerator in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "DeleteEventsConfiguration":{ "name":"DeleteEventsConfiguration", "http":{ @@ -1056,48 +359,6 @@ ], "documentation":"

Deletes the events configuration that allows a bot to receive outgoing events.

" }, - "DeleteMediaCapturePipeline":{ - "name":"DeleteMediaCapturePipeline", - "http":{ - "method":"DELETE", - "requestUri":"/media-capture-pipelines/{mediaPipelineId}", - "responseCode":204 - }, - "input":{"shape":"DeleteMediaCapturePipelineRequest"}, - "errors":[ - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the media capture pipeline.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteMediaCapturePipeline, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteMediaCapturePipeline in the Amazon Chime SDK Media Pipelines Namespace" - }, - "DeleteMeeting":{ - "name":"DeleteMeeting", - "http":{ - "method":"DELETE", - "requestUri":"/meetings/{meetingId}", - "responseCode":204 - }, - "input":{"shape":"DeleteMeetingRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the specified Amazon Chime SDK meeting. The operation deletes all attendees, disconnects all clients, and prevents new clients from joining the meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteMeeting, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteMeeting in the Amazon Chime SDK Meetings Namespace" - }, "DeletePhoneNumber":{ "name":"DeletePhoneNumber", "http":{ @@ -1117,27 +378,6 @@ ], "documentation":"

Moves the specified phone number into the Deletion queue. A phone number must be disassociated from any users or Amazon Chime Voice Connectors before it can be deleted.

Deleted phone numbers remain in the Deletion queue for 7 days before they are deleted permanently.

" }, - "DeleteProxySession":{ - "name":"DeleteProxySession", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/proxy-sessions/{proxySessionId}", - "responseCode":204 - }, - "input":{"shape":"DeleteProxySessionRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the specified proxy session from the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteProxySession, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteProxySession in the Amazon Chime SDK Voice Namespace" - }, "DeleteRoom":{ "name":"DeleteRoom", "http":{ @@ -1176,421 +416,6 @@ ], "documentation":"

Removes a member from a chat room in an Amazon Chime Enterprise account.

" }, - "DeleteSipMediaApplication":{ - "name":"DeleteSipMediaApplication", - "http":{ - "method":"DELETE", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}", - "responseCode":204 - }, - "input":{"shape":"DeleteSipMediaApplicationRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes a SIP media application.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteSipMediaApplication, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteSipMediaApplication in the Amazon Chime SDK Voice Namespace" - }, - "DeleteSipRule":{ - "name":"DeleteSipRule", - "http":{ - "method":"DELETE", - "requestUri":"/sip-rules/{sipRuleId}", - "responseCode":204 - }, - "input":{"shape":"DeleteSipRuleRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes a SIP rule. You must disable a SIP rule before you can delete it.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteSipRule, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteSipRule in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnector":{ - "name":"DeleteVoiceConnector", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the specified Amazon Chime Voice Connector. Any phone numbers associated with the Amazon Chime Voice Connector must be disassociated from it before it can be deleted.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorEmergencyCallingConfiguration":{ - "name":"DeleteVoiceConnectorEmergencyCallingConfiguration", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/emergency-calling-configuration", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorEmergencyCallingConfigurationRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the emergency calling configuration details from the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorEmergencyCallingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorEmergencyCallingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorGroup":{ - "name":"DeleteVoiceConnectorGroup", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connector-groups/{voiceConnectorGroupId}", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorGroupRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the specified Amazon Chime Voice Connector group. Any VoiceConnectorItems and phone numbers associated with the group must be removed before it can be deleted.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorOrigination":{ - "name":"DeleteVoiceConnectorOrigination", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/origination", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorOriginationRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the origination settings for the specified Amazon Chime Voice Connector.

If emergency calling is configured for the Amazon Chime Voice Connector, it must be deleted prior to deleting the origination settings.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorOrigination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorOrigination in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorProxy":{ - "name":"DeleteVoiceConnectorProxy", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/programmable-numbers/proxy", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorProxyRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the proxy configuration from the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceProxy, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorProxy in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorStreamingConfiguration":{ - "name":"DeleteVoiceConnectorStreamingConfiguration", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/streaming-configuration", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorStreamingConfigurationRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the streaming configuration for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorStreamingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorStreamingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorTermination":{ - "name":"DeleteVoiceConnectorTermination", - "http":{ - "method":"DELETE", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorTerminationRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the termination settings for the specified Amazon Chime Voice Connector.

If emergency calling is configured for the Amazon Chime Voice Connector, it must be deleted prior to deleting the termination settings.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorTermination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorTermination in the Amazon Chime SDK Voice Namespace" - }, - "DeleteVoiceConnectorTerminationCredentials":{ - "name":"DeleteVoiceConnectorTerminationCredentials", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination/credentials?operation=delete", - "responseCode":204 - }, - "input":{"shape":"DeleteVoiceConnectorTerminationCredentialsRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Deletes the specified SIP credentials used by your equipment to authenticate during call termination.

This API is is no longer supported and will not be updated. We recommend using the latest version, DeleteVoiceConnectorTerminationCredentials, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DeleteVoiceConnectorTerminationCredentials in the Amazon Chime SDK Voice Namespace" - }, - "DescribeAppInstance":{ - "name":"DescribeAppInstance", - "http":{ - "method":"GET", - "requestUri":"/app-instances/{appInstanceArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeAppInstanceRequest"}, - "output":{"shape":"DescribeAppInstanceResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of an AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeAppInstance, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeAppInstance in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DescribeAppInstanceAdmin":{ - "name":"DescribeAppInstanceAdmin", - "http":{ - "method":"GET", - "requestUri":"/app-instances/{appInstanceArn}/admins/{appInstanceAdminArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeAppInstanceAdminRequest"}, - "output":{"shape":"DescribeAppInstanceAdminResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of an AppInstanceAdmin.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeAppInstanceAdmin, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeAppInstanceAdmin in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DescribeAppInstanceUser":{ - "name":"DescribeAppInstanceUser", - "http":{ - "method":"GET", - "requestUri":"/app-instance-users/{appInstanceUserArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeAppInstanceUserRequest"}, - "output":{"shape":"DescribeAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of an AppInstanceUser.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeAppInstanceUser in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "DescribeChannel":{ - "name":"DescribeChannel", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelRequest"}, - "output":{"shape":"DescribeChannelResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of a channel in an Amazon Chime AppInstance.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannel, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannel in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DescribeChannelBan":{ - "name":"DescribeChannelBan", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/bans/{memberArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelBanRequest"}, - "output":{"shape":"DescribeChannelBanResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of a channel ban.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannelBan, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannelBan in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DescribeChannelMembership":{ - "name":"DescribeChannelMembership", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/memberships/{memberArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelMembershipRequest"}, - "output":{"shape":"DescribeChannelMembershipResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of a user's channel membership.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannelMembership, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannelMembership in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DescribeChannelMembershipForAppInstanceUser":{ - "name":"DescribeChannelMembershipForAppInstanceUser", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}?scope=app-instance-user-membership", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelMembershipForAppInstanceUserRequest"}, - "output":{"shape":"DescribeChannelMembershipForAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the details of a channel based on the membership of the specified AppInstanceUser.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannelMembershipForAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannelMembershipForAppInstanceUser in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DescribeChannelModeratedByAppInstanceUser":{ - "name":"DescribeChannelModeratedByAppInstanceUser", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}?scope=app-instance-user-moderated-channel", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelModeratedByAppInstanceUserRequest"}, - "output":{"shape":"DescribeChannelModeratedByAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of a channel moderated by the specified AppInstanceUser.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannelModeratedByAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannelModeratedByAppInstanceUser in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "DescribeChannelModerator":{ - "name":"DescribeChannelModerator", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/moderators/{channelModeratorArn}", - "responseCode":200 - }, - "input":{"shape":"DescribeChannelModeratorRequest"}, - "output":{"shape":"DescribeChannelModeratorResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the full details of a single ChannelModerator.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, DescribeChannelModerator, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DescribeChannelModerator in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "DisassociatePhoneNumberFromUser":{ "name":"DisassociatePhoneNumberFromUser", "http":{ @@ -1611,50 +436,6 @@ ], "documentation":"

Disassociates the primary provisioned phone number from the specified Amazon Chime user.

" }, - "DisassociatePhoneNumbersFromVoiceConnector":{ - "name":"DisassociatePhoneNumbersFromVoiceConnector", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}?operation=disassociate-phone-numbers", - "responseCode":200 - }, - "input":{"shape":"DisassociatePhoneNumbersFromVoiceConnectorRequest"}, - "output":{"shape":"DisassociatePhoneNumbersFromVoiceConnectorResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Disassociates the specified phone numbers from the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, DisassociatePhoneNumbersFromVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DisassociatePhoneNumbersFromVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "DisassociatePhoneNumbersFromVoiceConnectorGroup":{ - "name":"DisassociatePhoneNumbersFromVoiceConnectorGroup", - "http":{ - "method":"POST", - "requestUri":"/voice-connector-groups/{voiceConnectorGroupId}?operation=disassociate-phone-numbers", - "responseCode":200 - }, - "input":{"shape":"DisassociatePhoneNumbersFromVoiceConnectorGroupRequest"}, - "output":{"shape":"DisassociatePhoneNumbersFromVoiceConnectorGroupResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Disassociates the specified phone numbers from the specified Amazon Chime Voice Connector group.

This API is is no longer supported and will not be updated. We recommend using the latest version, DisassociatePhoneNumbersFromVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by DisassociatePhoneNumbersFromVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, "DisassociateSigninDelegateGroupsFromAccount":{ "name":"DisassociateSigninDelegateGroupsFromAccount", "http":{ @@ -1713,73 +494,6 @@ ], "documentation":"

Retrieves account settings for the specified Amazon Chime account ID, such as remote control and dialout settings. For more information about these settings, see Use the Policies Page in the Amazon Chime Administration Guide.

" }, - "GetAppInstanceRetentionSettings":{ - "name":"GetAppInstanceRetentionSettings", - "http":{ - "method":"GET", - "requestUri":"/app-instances/{appInstanceArn}/retention-settings", - "responseCode":200 - }, - "input":{"shape":"GetAppInstanceRetentionSettingsRequest"}, - "output":{"shape":"GetAppInstanceRetentionSettingsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the retention settings for an AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetMessagingRetentionSettings, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetAppInstanceRetentionSettings in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "GetAppInstanceStreamingConfigurations":{ - "name":"GetAppInstanceStreamingConfigurations", - "http":{ - "method":"GET", - "requestUri":"/app-instances/{appInstanceArn}/streaming-configurations", - "responseCode":200 - }, - "input":{"shape":"GetAppInstanceStreamingConfigurationsRequest"}, - "output":{"shape":"GetAppInstanceStreamingConfigurationsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the streaming settings for an AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetMessagingStreamingConfigurations, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetAppInstanceStreamingConfigurations in the Amazon Chime SDK Messaging Namespace" - }, - "GetAttendee":{ - "name":"GetAttendee", - "http":{ - "method":"GET", - "requestUri":"/meetings/{meetingId}/attendees/{attendeeId}", - "responseCode":200 - }, - "input":{"shape":"GetAttendeeRequest"}, - "output":{"shape":"GetAttendeeResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the Amazon Chime SDK attendee details for a specified meeting ID and attendee ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetAttendee, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetAttendee in the Amazon Chime SDK Meetings Namespace" - }, "GetBot":{ "name":"GetBot", "http":{ @@ -1800,29 +514,6 @@ ], "documentation":"

Retrieves details for the specified bot, such as bot email address, bot type, status, and display name.

" }, - "GetChannelMessage":{ - "name":"GetChannelMessage", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/messages/{messageId}", - "responseCode":200 - }, - "input":{"shape":"GetChannelMessageRequest"}, - "output":{"shape":"GetChannelMessageResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the full details of a channel message.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetChannelMessage, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetChannelMessage in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "GetEventsConfiguration":{ "name":"GetEventsConfiguration", "http":{ @@ -1861,71 +552,6 @@ ], "documentation":"

Retrieves global settings for the administrator's AWS account, such as Amazon Chime Business Calling and Amazon Chime Voice Connector settings.

" }, - "GetMediaCapturePipeline":{ - "name":"GetMediaCapturePipeline", - "http":{ - "method":"GET", - "requestUri":"/media-capture-pipelines/{mediaPipelineId}", - "responseCode":200 - }, - "input":{"shape":"GetMediaCapturePipelineRequest"}, - "output":{"shape":"GetMediaCapturePipelineResponse"}, - "errors":[ - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets an existing media capture pipeline.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetMediaCapturePipeline, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetMediaCapturePipeline in the Amazon Chime SDK Media Pipelines Namespace" - }, - "GetMeeting":{ - "name":"GetMeeting", - "http":{ - "method":"GET", - "requestUri":"/meetings/{meetingId}", - "responseCode":200 - }, - "input":{"shape":"GetMeetingRequest"}, - "output":{"shape":"GetMeetingResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

This API is is no longer supported and will not be updated. We recommend using the latest version, GetMeeting, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

Gets the Amazon Chime SDK meeting details for the specified meeting ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide .

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetMeeting in the Amazon Chime SDK Meetings Namespace" - }, - "GetMessagingSessionEndpoint":{ - "name":"GetMessagingSessionEndpoint", - "http":{ - "method":"GET", - "requestUri":"/endpoints/messaging-session", - "responseCode":200 - }, - "input":{"shape":"GetMessagingSessionEndpointRequest"}, - "output":{"shape":"GetMessagingSessionEndpointResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

The details of the endpoint for the messaging session.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetMessagingSessionEndpoint, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetMessagingSessionEndpoint in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "GetPhoneNumber":{ "name":"GetPhoneNumber", "http":{ @@ -1983,28 +609,6 @@ ], "documentation":"

Retrieves the phone number settings for the administrator's AWS account, such as the default outbound calling name.

" }, - "GetProxySession":{ - "name":"GetProxySession", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/proxy-sessions/{proxySessionId}", - "responseCode":200 - }, - "input":{"shape":"GetProxySessionRequest"}, - "output":{"shape":"GetProxySessionResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the specified proxy session details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetProxySession, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetProxySession in the Amazon Chime SDK Voice Namespace" - }, "GetRetentionSettings":{ "name":"GetRetentionSettings", "http":{ @@ -2044,72 +648,6 @@ ], "documentation":"

Retrieves room details, such as the room name, for a room in an Amazon Chime Enterprise account.

" }, - "GetSipMediaApplication":{ - "name":"GetSipMediaApplication", - "http":{ - "method":"GET", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}", - "responseCode":200 - }, - "input":{"shape":"GetSipMediaApplicationRequest"}, - "output":{"shape":"GetSipMediaApplicationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves the information for a SIP media application, including name, AWS Region, and endpoints.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetSipMediaApplication, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetSipMediaApplication in the Amazon Chime SDK Voice Namespace" - }, - "GetSipMediaApplicationLoggingConfiguration":{ - "name":"GetSipMediaApplicationLoggingConfiguration", - "http":{ - "method":"GET", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}/logging-configuration", - "responseCode":200 - }, - "input":{"shape":"GetSipMediaApplicationLoggingConfigurationRequest"}, - "output":{"shape":"GetSipMediaApplicationLoggingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns the logging configuration for the specified SIP media application.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetSipMediaApplicationLoggingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetSipMediaApplicationLoggingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "GetSipRule":{ - "name":"GetSipRule", - "http":{ - "method":"GET", - "requestUri":"/sip-rules/{sipRuleId}", - "responseCode":200 - }, - "input":{"shape":"GetSipRuleRequest"}, - "output":{"shape":"GetSipRuleResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves the details of a SIP rule, such as the rule ID, name, triggers, and target endpoints.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetSipRule, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetSipRule in the Amazon Chime SDK Voice Namespace" - }, "GetUser":{ "name":"GetUser", "http":{ @@ -2150,204 +688,6 @@ ], "documentation":"

Retrieves settings for the specified user ID, such as any associated phone number settings.

" }, - "GetVoiceConnector":{ - "name":"GetVoiceConnector", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorRequest"}, - "output":{"shape":"GetVoiceConnectorResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves details for the specified Amazon Chime Voice Connector, such as timestamps,name, outbound host, and encryption requirements.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorEmergencyCallingConfiguration":{ - "name":"GetVoiceConnectorEmergencyCallingConfiguration", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/emergency-calling-configuration", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorEmergencyCallingConfigurationRequest"}, - "output":{"shape":"GetVoiceConnectorEmergencyCallingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the emergency calling configuration details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorEmergencyCallingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorEmergencyCallingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorGroup":{ - "name":"GetVoiceConnectorGroup", - "http":{ - "method":"GET", - "requestUri":"/voice-connector-groups/{voiceConnectorGroupId}", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorGroupRequest"}, - "output":{"shape":"GetVoiceConnectorGroupResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves details for the specified Amazon Chime Voice Connector group, such as timestamps,name, and associated VoiceConnectorItems.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorLoggingConfiguration":{ - "name":"GetVoiceConnectorLoggingConfiguration", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/logging-configuration", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorLoggingConfigurationRequest"}, - "output":{"shape":"GetVoiceConnectorLoggingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves the logging configuration details for the specified Amazon Chime Voice Connector. Shows whether SIP message logs are enabled for sending to Amazon CloudWatch Logs.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorLoggingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorLoggingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorOrigination":{ - "name":"GetVoiceConnectorOrigination", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/origination", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorOriginationRequest"}, - "output":{"shape":"GetVoiceConnectorOriginationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves origination setting details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorOrigination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorOrigination in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorProxy":{ - "name":"GetVoiceConnectorProxy", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/programmable-numbers/proxy", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorProxyRequest"}, - "output":{"shape":"GetVoiceConnectorProxyResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Gets the proxy configuration details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorProxy, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorProxy in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorStreamingConfiguration":{ - "name":"GetVoiceConnectorStreamingConfiguration", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/streaming-configuration", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorStreamingConfigurationRequest"}, - "output":{"shape":"GetVoiceConnectorStreamingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves the streaming configuration details for the specified Amazon Chime Voice Connector. Shows whether media streaming is enabled for sending to Amazon Kinesis. It also shows the retention period, in hours, for the Amazon Kinesis data.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorStreamingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorStreamingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorTermination":{ - "name":"GetVoiceConnectorTermination", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorTerminationRequest"}, - "output":{"shape":"GetVoiceConnectorTerminationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Retrieves termination setting details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorTermination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorTermination in the Amazon Chime SDK Voice Namespace" - }, - "GetVoiceConnectorTerminationHealth":{ - "name":"GetVoiceConnectorTerminationHealth", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination/health", - "responseCode":200 - }, - "input":{"shape":"GetVoiceConnectorTerminationHealthRequest"}, - "output":{"shape":"GetVoiceConnectorTerminationHealthResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

This API is is no longer supported and will not be updated. We recommend using the latest version, GetVoiceConnectorTerminationHealth, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

Retrieves information about the last time a SIP OPTIONS ping was received from your SIP infrastructure for the specified Amazon Chime Voice Connector.

", - "deprecated":true, - "deprecatedMessage":"Replaced by GetVoiceConnectorTerminationHealth in the Amazon Chime SDK Voice Namespace" - }, "InviteUsers":{ "name":"InviteUsers", "http":{ @@ -2387,116 +727,6 @@ ], "documentation":"

Lists the Amazon Chime accounts under the administrator's AWS account. You can filter accounts by account name prefix. To find out which Amazon Chime account a user belongs to, you can filter by the user's email address, which returns one account result.

" }, - "ListAppInstanceAdmins":{ - "name":"ListAppInstanceAdmins", - "http":{ - "method":"GET", - "requestUri":"/app-instances/{appInstanceArn}/admins", - "responseCode":200 - }, - "input":{"shape":"ListAppInstanceAdminsRequest"}, - "output":{"shape":"ListAppInstanceAdminsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns a list of the administrators in the AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListAppInstanceAdmins, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListAppInstanceAdmins in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "ListAppInstanceUsers":{ - "name":"ListAppInstanceUsers", - "http":{ - "method":"GET", - "requestUri":"/app-instance-users", - "responseCode":200 - }, - "input":{"shape":"ListAppInstanceUsersRequest"}, - "output":{"shape":"ListAppInstanceUsersResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

List all AppInstanceUsers created under a single AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListAppInstanceUsers, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListAppInstanceUsers in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "ListAppInstances":{ - "name":"ListAppInstances", - "http":{ - "method":"GET", - "requestUri":"/app-instances", - "responseCode":200 - }, - "input":{"shape":"ListAppInstancesRequest"}, - "output":{"shape":"ListAppInstancesResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all Amazon Chime AppInstances created under a single AWS account.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListAppInstances, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListAppInstances in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "ListAttendeeTags":{ - "name":"ListAttendeeTags", - "http":{ - "method":"GET", - "requestUri":"/meetings/{meetingId}/attendees/{attendeeId}/tags", - "responseCode":200 - }, - "input":{"shape":"ListAttendeeTagsRequest"}, - "output":{"shape":"ListAttendeeTagsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the tags applied to an Amazon Chime SDK attendee resource.

ListAttendeeTags is not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API.

", - "deprecated":true, - "deprecatedMessage":"Attendee Tags are not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API." - }, - "ListAttendees":{ - "name":"ListAttendees", - "http":{ - "method":"GET", - "requestUri":"/meetings/{meetingId}/attendees", - "responseCode":200 - }, - "input":{"shape":"ListAttendeesRequest"}, - "output":{"shape":"ListAttendeesResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the attendees for the specified Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListAttendees, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListAttendees in the Amazon Chime SDK Meetings Namespace" - }, "ListBots":{ "name":"ListBots", "http":{ @@ -2517,224 +747,6 @@ ], "documentation":"

Lists the bots associated with the administrator's Amazon Chime Enterprise account ID.

" }, - "ListChannelBans":{ - "name":"ListChannelBans", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/bans", - "responseCode":200 - }, - "input":{"shape":"ListChannelBansRequest"}, - "output":{"shape":"ListChannelBansResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all the users banned from a particular channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelBans, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelBans in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannelMemberships":{ - "name":"ListChannelMemberships", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/memberships", - "responseCode":200 - }, - "input":{"shape":"ListChannelMembershipsRequest"}, - "output":{"shape":"ListChannelMembershipsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all channel memberships in a channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelMemberships, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelMemberships in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannelMembershipsForAppInstanceUser":{ - "name":"ListChannelMembershipsForAppInstanceUser", - "http":{ - "method":"GET", - "requestUri":"/channels?scope=app-instance-user-memberships", - "responseCode":200 - }, - "input":{"shape":"ListChannelMembershipsForAppInstanceUserRequest"}, - "output":{"shape":"ListChannelMembershipsForAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all channels that a particular AppInstanceUser is a part of. Only an AppInstanceAdmin can call the API with a user ARN that is not their own.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelMembershipsForAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelMembershipsForAppInstanceUser in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannelMessages":{ - "name":"ListChannelMessages", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/messages", - "responseCode":200 - }, - "input":{"shape":"ListChannelMessagesRequest"}, - "output":{"shape":"ListChannelMessagesResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

List all the messages in a channel. Returns a paginated list of ChannelMessages. By default, sorted by creation timestamp in descending order.

Redacted messages appear in the results as empty, since they are only redacted, not deleted. Deleted messages do not appear in the results. This action always returns the latest version of an edited message.

Also, the x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelMessages, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelMessages in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannelModerators":{ - "name":"ListChannelModerators", - "http":{ - "method":"GET", - "requestUri":"/channels/{channelArn}/moderators", - "responseCode":200 - }, - "input":{"shape":"ListChannelModeratorsRequest"}, - "output":{"shape":"ListChannelModeratorsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all the moderators for a channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelModerators, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelModerators in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannels":{ - "name":"ListChannels", - "http":{ - "method":"GET", - "requestUri":"/channels", - "responseCode":200 - }, - "input":{"shape":"ListChannelsRequest"}, - "output":{"shape":"ListChannelsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists all Channels created under a single Chime App as a paginated list. You can specify filters to narrow results.

Functionality & restrictions

  • Use privacy = PUBLIC to retrieve all public channels in the account.

  • Only an AppInstanceAdmin can set privacy = PRIVATE to list the private channels in an account.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannels, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannels in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListChannelsModeratedByAppInstanceUser":{ - "name":"ListChannelsModeratedByAppInstanceUser", - "http":{ - "method":"GET", - "requestUri":"/channels?scope=app-instance-user-moderated-channels", - "responseCode":200 - }, - "input":{"shape":"ListChannelsModeratedByAppInstanceUserRequest"}, - "output":{"shape":"ListChannelsModeratedByAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

A list of the channels moderated by an AppInstanceUser.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListChannelsModeratedByAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListChannelsModeratedByAppInstanceUser in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "ListMediaCapturePipelines":{ - "name":"ListMediaCapturePipelines", - "http":{ - "method":"GET", - "requestUri":"/media-capture-pipelines", - "responseCode":200 - }, - "input":{"shape":"ListMediaCapturePipelinesRequest"}, - "output":{"shape":"ListMediaCapturePipelinesResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Returns a list of media capture pipelines.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListMediaCapturePipelines, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListMediaCapturePipelines in the Amazon Chime SDK Media Pipelines Namespace" - }, - "ListMeetingTags":{ - "name":"ListMeetingTags", - "http":{ - "method":"GET", - "requestUri":"/meetings/{meetingId}/tags", - "responseCode":200 - }, - "input":{"shape":"ListMeetingTagsRequest"}, - "output":{"shape":"ListMeetingTagsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the tags applied to an Amazon Chime SDK meeting resource.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListTagsForResource, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Use ListTagsForResource in the Amazon Chime SDK Meetings Namespace." - }, - "ListMeetings":{ - "name":"ListMeetings", - "http":{ - "method":"GET", - "requestUri":"/meetings", - "responseCode":200 - }, - "input":{"shape":"ListMeetingsRequest"}, - "output":{"shape":"ListMeetingsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists up to 100 active Amazon Chime SDK meetings.

ListMeetings is not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API.

For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"ListMeetings is not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API." - }, "ListPhoneNumberOrders":{ "name":"ListPhoneNumberOrders", "http":{ @@ -2773,28 +785,6 @@ ], "documentation":"

Lists the phone numbers for the specified Amazon Chime account, Amazon Chime user, Amazon Chime Voice Connector, or Amazon Chime Voice Connector group.

" }, - "ListProxySessions":{ - "name":"ListProxySessions", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/proxy-sessions", - "responseCode":200 - }, - "input":{"shape":"ListProxySessionsRequest"}, - "output":{"shape":"ListProxySessionsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the proxy sessions for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListProxySessions, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListProxySessions in the Amazon Chime SDK Voice Namespace" - }, "ListRoomMemberships":{ "name":"ListRoomMemberships", "http":{ @@ -2835,48 +825,6 @@ ], "documentation":"

Lists the room details for the specified Amazon Chime Enterprise account. Optionally, filter the results by a member ID (user ID or bot ID) to see a list of rooms that the member belongs to.

" }, - "ListSipMediaApplications":{ - "name":"ListSipMediaApplications", - "http":{ - "method":"GET", - "requestUri":"/sip-media-applications", - "responseCode":200 - }, - "input":{"shape":"ListSipMediaApplicationsRequest"}, - "output":{"shape":"ListSipMediaApplicationsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the SIP media applications under the administrator's AWS account.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListSipMediaApplications, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListSipMediaApplications in the Amazon Chime SDK Voice Namespace" - }, - "ListSipRules":{ - "name":"ListSipRules", - "http":{ - "method":"GET", - "requestUri":"/sip-rules", - "responseCode":200 - }, - "input":{"shape":"ListSipRulesRequest"}, - "output":{"shape":"ListSipRulesResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the SIP rules under the administrator's AWS account.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListSipRules, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListSipRules in the Amazon Chime SDK Voice Namespace" - }, "ListSupportedPhoneNumberCountries":{ "name":"ListSupportedPhoneNumberCountries", "http":{ @@ -2897,26 +845,6 @@ ], "documentation":"

Lists supported phone number countries.

" }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the tags applied to an Amazon Chime SDK meeting and messaging resources.

This API is is no longer supported and will not be updated. We recommend using the applicable latest version in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListTagsForResource in the Amazon Chime SDK Voice, Amazon Chime SDK Meetings, Amazon Chime SDK Identity, Amazon Chime SDK Messaging, and Amazon Chime SDK Media Pipelines Namespaces" - }, "ListUsers":{ "name":"ListUsers", "http":{ @@ -2937,70 +865,6 @@ ], "documentation":"

Lists the users that belong to the specified Amazon Chime account. You can specify an email address to list only the user that the email address belongs to.

" }, - "ListVoiceConnectorGroups":{ - "name":"ListVoiceConnectorGroups", - "http":{ - "method":"GET", - "requestUri":"/voice-connector-groups", - "responseCode":200 - }, - "input":{"shape":"ListVoiceConnectorGroupsRequest"}, - "output":{"shape":"ListVoiceConnectorGroupsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the Amazon Chime Voice Connector groups for the administrator's AWS account.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListVoiceConnectorGroups, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListVoiceConnectorGroups in the Amazon Chime SDK Voice Namespace" - }, - "ListVoiceConnectorTerminationCredentials":{ - "name":"ListVoiceConnectorTerminationCredentials", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination/credentials", - "responseCode":200 - }, - "input":{"shape":"ListVoiceConnectorTerminationCredentialsRequest"}, - "output":{"shape":"ListVoiceConnectorTerminationCredentialsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the SIP credentials for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListVoiceConnectorTerminationCredentials, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListVoiceConnectorTerminationCredentials in the Amazon Chime SDK Voice Namespace" - }, - "ListVoiceConnectors":{ - "name":"ListVoiceConnectors", - "http":{ - "method":"GET", - "requestUri":"/voice-connectors", - "responseCode":200 - }, - "input":{"shape":"ListVoiceConnectorsRequest"}, - "output":{"shape":"ListVoiceConnectorsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Lists the Amazon Chime Voice Connectors for the administrator's AWS account.

This API is is no longer supported and will not be updated. We recommend using the latest version, ListVoiceConnectors, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ListVoiceConnectors in the Amazon Chime SDK Voice Namespace" - }, "LogoutUser":{ "name":"LogoutUser", "http":{ @@ -3021,52 +885,6 @@ ], "documentation":"

Logs out the specified user from all of the devices they are currently logged into.

" }, - "PutAppInstanceRetentionSettings":{ - "name":"PutAppInstanceRetentionSettings", - "http":{ - "method":"PUT", - "requestUri":"/app-instances/{appInstanceArn}/retention-settings", - "responseCode":200 - }, - "input":{"shape":"PutAppInstanceRetentionSettingsRequest"}, - "output":{"shape":"PutAppInstanceRetentionSettingsResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Sets the amount of time in days that a given AppInstance retains data.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutAppInstanceRetentionSettings, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutAppInstanceRetentionSettings in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "PutAppInstanceStreamingConfigurations":{ - "name":"PutAppInstanceStreamingConfigurations", - "http":{ - "method":"PUT", - "requestUri":"/app-instances/{appInstanceArn}/streaming-configurations", - "responseCode":200 - }, - "input":{"shape":"PutAppInstanceStreamingConfigurationsRequest"}, - "output":{"shape":"PutAppInstanceStreamingConfigurationsResponse"}, - "errors":[ - {"shape":"NotFoundException"}, - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

The data streaming configurations of an AppInstance.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutMessagingStreamingConfigurations, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutAppInstanceStreamingConfigurations in the Amazon Chime SDK Messaging Namespace" - }, "PutEventsConfiguration":{ "name":"PutEventsConfiguration", "http":{ @@ -3108,204 +926,6 @@ ], "documentation":"

Puts retention settings for the specified Amazon Chime Enterprise account. We recommend using AWS CloudTrail to monitor usage of this API for your account. For more information, see Logging Amazon Chime API Calls with AWS CloudTrail in the Amazon Chime Administration Guide.

To turn off existing retention settings, remove the number of days from the corresponding RetentionDays field in the RetentionSettings object. For more information about retention settings, see Managing Chat Retention Policies in the Amazon Chime Administration Guide.

" }, - "PutSipMediaApplicationLoggingConfiguration":{ - "name":"PutSipMediaApplicationLoggingConfiguration", - "http":{ - "method":"PUT", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}/logging-configuration", - "responseCode":200 - }, - "input":{"shape":"PutSipMediaApplicationLoggingConfigurationRequest"}, - "output":{"shape":"PutSipMediaApplicationLoggingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the logging configuration for the specified SIP media application.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutSipMediaApplicationLoggingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutSipMediaApplicationLoggingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorEmergencyCallingConfiguration":{ - "name":"PutVoiceConnectorEmergencyCallingConfiguration", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/emergency-calling-configuration", - "responseCode":200 - }, - "input":{"shape":"PutVoiceConnectorEmergencyCallingConfigurationRequest"}, - "output":{"shape":"PutVoiceConnectorEmergencyCallingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Puts emergency calling configuration details to the specified Amazon Chime Voice Connector, such as emergency phone numbers and calling countries. Origination and termination settings must be enabled for the Amazon Chime Voice Connector before emergency calling can be configured.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorEmergencyCallingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorEmergencyCallingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorLoggingConfiguration":{ - "name":"PutVoiceConnectorLoggingConfiguration", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/logging-configuration", - "responseCode":200 - }, - "input":{"shape":"PutVoiceConnectorLoggingConfigurationRequest"}, - "output":{"shape":"PutVoiceConnectorLoggingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds a logging configuration for the specified Amazon Chime Voice Connector. The logging configuration specifies whether SIP message logs are enabled for sending to Amazon CloudWatch Logs.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorLoggingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorLoggingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorOrigination":{ - "name":"PutVoiceConnectorOrigination", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/origination", - "responseCode":200 - }, - "input":{"shape":"PutVoiceConnectorOriginationRequest"}, - "output":{"shape":"PutVoiceConnectorOriginationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds origination settings for the specified Amazon Chime Voice Connector.

If emergency calling is configured for the Amazon Chime Voice Connector, it must be deleted prior to turning off origination settings.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorOrigination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorOrigination in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorProxy":{ - "name":"PutVoiceConnectorProxy", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/programmable-numbers/proxy" - }, - "input":{"shape":"PutVoiceConnectorProxyRequest"}, - "output":{"shape":"PutVoiceConnectorProxyResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Puts the specified proxy configuration to the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorProxy, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorProxy in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorStreamingConfiguration":{ - "name":"PutVoiceConnectorStreamingConfiguration", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/streaming-configuration", - "responseCode":200 - }, - "input":{"shape":"PutVoiceConnectorStreamingConfigurationRequest"}, - "output":{"shape":"PutVoiceConnectorStreamingConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds a streaming configuration for the specified Amazon Chime Voice Connector. The streaming configuration specifies whether media streaming is enabled for sending to Kinesis. It also sets the retention period, in hours, for the Amazon Kinesis data.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorStreamingConfiguration, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorStreamingConfiguration in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorTermination":{ - "name":"PutVoiceConnectorTermination", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination", - "responseCode":200 - }, - "input":{"shape":"PutVoiceConnectorTerminationRequest"}, - "output":{"shape":"PutVoiceConnectorTerminationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds termination settings for the specified Amazon Chime Voice Connector.

If emergency calling is configured for the Amazon Chime Voice Connector, it must be deleted prior to turning off termination settings.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorTermination, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorTermination in the Amazon Chime SDK Voice Namespace" - }, - "PutVoiceConnectorTerminationCredentials":{ - "name":"PutVoiceConnectorTerminationCredentials", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}/termination/credentials?operation=put", - "responseCode":204 - }, - "input":{"shape":"PutVoiceConnectorTerminationCredentialsRequest"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Adds termination SIP credentials for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, PutVoiceConnectorTerminationCredentials, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by PutVoiceConnectorTerminationCredentials in the Amazon Chime SDK Voice Namespace" - }, - "RedactChannelMessage":{ - "name":"RedactChannelMessage", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/messages/{messageId}?operation=redact", - "responseCode":200 - }, - "input":{"shape":"RedactChannelMessageRequest"}, - "output":{"shape":"RedactChannelMessageResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Redacts message content, but not metadata. The message exists in the back end, but the action returns null content, and the state shows as redacted.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, RedactChannelMessage, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by RedactChannelMessage in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "RedactConversationMessage":{ "name":"RedactConversationMessage", "http":{ @@ -3426,202 +1046,6 @@ ], "documentation":"

Searches for phone numbers that can be ordered. For US numbers, provide at least one of the following search filters: AreaCode, City, State, or TollFreePrefix. If you provide City, you must also provide State. Numbers outside the US only support the PhoneNumberType filter, which you must use.

" }, - "SendChannelMessage":{ - "name":"SendChannelMessage", - "http":{ - "method":"POST", - "requestUri":"/channels/{channelArn}/messages", - "responseCode":201 - }, - "input":{"shape":"SendChannelMessageRequest"}, - "output":{"shape":"SendChannelMessageResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Sends a message to a particular channel that the member is a part of.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

Also, STANDARD messages can contain 4KB of data and the 1KB of metadata. CONTROL messages can contain 30 bytes of data and no metadata.

This API is is no longer supported and will not be updated. We recommend using the latest version, SendChannelMessage, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by SendChannelMessage in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "StartMeetingTranscription":{ - "name":"StartMeetingTranscription", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/transcription?operation=start", - "responseCode":200 - }, - "input":{"shape":"StartMeetingTranscriptionRequest"}, - "output":{"shape":"StartMeetingTranscriptionResponse"}, - "errors":[ - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"UnprocessableEntityException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Starts transcription for the specified meetingId. For more information, refer to Using Amazon Chime SDK live transcription in the Amazon Chime SDK Developer Guide.

If you specify an invalid configuration, a TranscriptFailed event will be sent with the contents of the BadRequestException generated by Amazon Transcribe. For more information on each parameter and which combinations are valid, refer to the StartStreamTranscription API in the Amazon Transcribe Developer Guide.

Amazon Chime SDK live transcription is powered by Amazon Transcribe. Use of Amazon Transcribe is subject to the AWS Service Terms, including the terms specific to the AWS Machine Learning and Artificial Intelligence Services.

This API is is no longer supported and will not be updated. We recommend using the latest version, StartMeetingTranscription, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by StartMeetingTranscription in the Amazon Chime SDK Meetings Namespace" - }, - "StopMeetingTranscription":{ - "name":"StopMeetingTranscription", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/transcription?operation=stop", - "responseCode":200 - }, - "input":{"shape":"StopMeetingTranscriptionRequest"}, - "output":{"shape":"StopMeetingTranscriptionResponse"}, - "errors":[ - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"UnprocessableEntityException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Stops transcription for the specified meetingId.

This API is is no longer supported and will not be updated. We recommend using the latest version, StopMeetingTranscription, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by StopMeetingTranscription in the Amazon Chime SDK Meetings Namespace" - }, - "TagAttendee":{ - "name":"TagAttendee", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/attendees/{attendeeId}/tags?operation=add", - "responseCode":204 - }, - "input":{"shape":"TagAttendeeRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Applies the specified tags to the specified Amazon Chime attendee.

TagAttendee is not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API.

", - "deprecated":true, - "deprecatedMessage":"Attendee Tags are not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API." - }, - "TagMeeting":{ - "name":"TagMeeting", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/tags?operation=add", - "responseCode":204 - }, - "input":{"shape":"TagMeetingRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Applies the specified tags to the specified Amazon Chime SDK meeting.

This API is is no longer supported and will not be updated. We recommend using the latest version, TagResource, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Use TagResource in the Amazon Chime SDK Meetings Namespace." - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags?operation=tag-resource", - "responseCode":204 - }, - "input":{"shape":"TagResourceRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Applies the specified tags to the specified Amazon Chime SDK meeting resource.

This API is is no longer supported and will not be updated. We recommend using the latest version, TagResource, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by TagResource in the Amazon Chime SDK Voice, Amazon Chime SDK Meetings, Amazon Chime SDK Identity, Amazon Chime SDK Messaging, and Amazon Chime SDK Media Pipelines Namespaces" - }, - "UntagAttendee":{ - "name":"UntagAttendee", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/attendees/{attendeeId}/tags?operation=delete", - "responseCode":204 - }, - "input":{"shape":"UntagAttendeeRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Untags the specified tags from the specified Amazon Chime SDK attendee.

UntagAttendee is not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API.

", - "deprecated":true, - "deprecatedMessage":"Attendee Tags are not supported in the Amazon Chime SDK Meetings Namespace. Update your application to remove calls to this API." - }, - "UntagMeeting":{ - "name":"UntagMeeting", - "http":{ - "method":"POST", - "requestUri":"/meetings/{meetingId}/tags?operation=delete", - "responseCode":204 - }, - "input":{"shape":"UntagMeetingRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Untags the specified tags from the specified Amazon Chime SDK meeting.

This API is is no longer supported and will not be updated. We recommend using the latest version, UntagResource, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Use UntagResource in the Amazon Chime SDK Meetings Namespace." - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"POST", - "requestUri":"/tags?operation=untag-resource", - "responseCode":204 - }, - "input":{"shape":"UntagResourceRequest"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"NotFoundException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Untags the specified tags from the specified Amazon Chime SDK meeting resource.

Applies the specified tags to the specified Amazon Chime SDK meeting resource.

This API is is no longer supported and will not be updated. We recommend using the latest version, UntagResource, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UntagResource in the Amazon Chime SDK Voice, Amazon Chime SDK Meetings, Amazon Chime SDK Identity, Amazon Chime SDK Messaging, and Amazon Chime SDK Media Pipelines Namespaces" - }, "UpdateAccount":{ "name":"UpdateAccount", "http":{ @@ -3663,52 +1087,6 @@ ], "documentation":"

Updates the settings for the specified Amazon Chime account. You can update settings for remote control of shared screens, or for the dial-out option. For more information about these settings, see Use the Policies Page in the Amazon Chime Administration Guide.

" }, - "UpdateAppInstance":{ - "name":"UpdateAppInstance", - "http":{ - "method":"PUT", - "requestUri":"/app-instances/{appInstanceArn}", - "responseCode":200 - }, - "input":{"shape":"UpdateAppInstanceRequest"}, - "output":{"shape":"UpdateAppInstanceResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates AppInstance metadata.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateAppInstance, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateAppInstance in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, - "UpdateAppInstanceUser":{ - "name":"UpdateAppInstanceUser", - "http":{ - "method":"PUT", - "requestUri":"/app-instance-users/{appInstanceUserArn}", - "responseCode":200 - }, - "input":{"shape":"UpdateAppInstanceUserRequest"}, - "output":{"shape":"UpdateAppInstanceUserResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the details of an AppInstanceUser. You can update names and metadata.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateAppInstanceUser, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateAppInstanceUser in the Amazon Chime SDK Identity Namespace", - "endpoint":{"hostPrefix":"identity-"} - }, "UpdateBot":{ "name":"UpdateBot", "http":{ @@ -3729,75 +1107,6 @@ ], "documentation":"

Updates the status of the specified bot, such as starting or stopping the bot from running in your Amazon Chime Enterprise account.

" }, - "UpdateChannel":{ - "name":"UpdateChannel", - "http":{ - "method":"PUT", - "requestUri":"/channels/{channelArn}", - "responseCode":200 - }, - "input":{"shape":"UpdateChannelRequest"}, - "output":{"shape":"UpdateChannelResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ConflictException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Update a channel's attributes.

Restriction: You can't change a channel's privacy.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateChannel, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateChannel in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "UpdateChannelMessage":{ - "name":"UpdateChannelMessage", - "http":{ - "method":"PUT", - "requestUri":"/channels/{channelArn}/messages/{messageId}", - "responseCode":200 - }, - "input":{"shape":"UpdateChannelMessageRequest"}, - "output":{"shape":"UpdateChannelMessageResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ForbiddenException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the content of a message.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateChannelMessage, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateChannelMessage in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, - "UpdateChannelReadMarker":{ - "name":"UpdateChannelReadMarker", - "http":{ - "method":"PUT", - "requestUri":"/channels/{channelArn}/readMarker", - "responseCode":200 - }, - "input":{"shape":"UpdateChannelReadMarkerRequest"}, - "output":{"shape":"UpdateChannelReadMarkerResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ForbiddenException"}, - {"shape":"ConflictException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

The details of the time when a user last read messages in a channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateChannelReadMarker, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateChannelReadMarker in the Amazon Chime SDK Messaging Namespace", - "endpoint":{"hostPrefix":"messaging-"} - }, "UpdateGlobalSettings":{ "name":"UpdateGlobalSettings", "http":{ @@ -3855,28 +1164,6 @@ ], "documentation":"

Updates the phone number settings for the administrator's AWS account, such as the default outbound calling name. You can update the default outbound calling name once every seven days. Outbound calling names can take up to 72 hours to update.

" }, - "UpdateProxySession":{ - "name":"UpdateProxySession", - "http":{ - "method":"POST", - "requestUri":"/voice-connectors/{voiceConnectorId}/proxy-sessions/{proxySessionId}", - "responseCode":201 - }, - "input":{"shape":"UpdateProxySessionRequest"}, - "output":{"shape":"UpdateProxySessionResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the specified proxy session details, such as voice or SMS capabilities.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateProxySession, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateProxySession in the Amazon Chime SDK Voice Namespace" - }, "UpdateRoom":{ "name":"UpdateRoom", "http":{ @@ -3917,76 +1204,6 @@ ], "documentation":"

Updates room membership details, such as the member role, for a room in an Amazon Chime Enterprise account. The member role designates whether the member is a chat room administrator or a general chat room member. The member role can be updated only for user IDs.

" }, - "UpdateSipMediaApplication":{ - "name":"UpdateSipMediaApplication", - "http":{ - "method":"PUT", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}", - "responseCode":200 - }, - "input":{"shape":"UpdateSipMediaApplicationRequest"}, - "output":{"shape":"UpdateSipMediaApplicationResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the details of the specified SIP media application.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateSipMediaApplication, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateSipMediaApplication in the Amazon Chime SDK Voice Namespace" - }, - "UpdateSipMediaApplicationCall":{ - "name":"UpdateSipMediaApplicationCall", - "http":{ - "method":"POST", - "requestUri":"/sip-media-applications/{sipMediaApplicationId}/calls/{transactionId}", - "responseCode":202 - }, - "input":{"shape":"UpdateSipMediaApplicationCallRequest"}, - "output":{"shape":"UpdateSipMediaApplicationCallResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ThrottledClientException"}, - {"shape":"UnauthorizedClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Invokes the AWS Lambda function associated with the SIP media application and transaction ID in an update request. The Lambda function can then return a new set of actions.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateSipMediaApplicationCall, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateSipMediaApplicationCall in the Amazon Chime SDK Voice Namespace" - }, - "UpdateSipRule":{ - "name":"UpdateSipRule", - "http":{ - "method":"PUT", - "requestUri":"/sip-rules/{sipRuleId}", - "responseCode":202 - }, - "input":{"shape":"UpdateSipRuleRequest"}, - "output":{"shape":"UpdateSipRuleResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ResourceLimitExceededException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates the details of the specified SIP rule.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateSipRule, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateSipRule in the Amazon Chime SDK Voice Namespace" - }, "UpdateUser":{ "name":"UpdateUser", "http":{ @@ -4025,73 +1242,6 @@ {"shape":"ServiceFailureException"} ], "documentation":"

Updates the settings for the specified user, such as phone number settings.

" - }, - "UpdateVoiceConnector":{ - "name":"UpdateVoiceConnector", - "http":{ - "method":"PUT", - "requestUri":"/voice-connectors/{voiceConnectorId}", - "responseCode":200 - }, - "input":{"shape":"UpdateVoiceConnectorRequest"}, - "output":{"shape":"UpdateVoiceConnectorResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates details for the specified Amazon Chime Voice Connector.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateVoiceConnector, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateVoiceConnector in the Amazon Chime SDK Voice Namespace" - }, - "UpdateVoiceConnectorGroup":{ - "name":"UpdateVoiceConnectorGroup", - "http":{ - "method":"PUT", - "requestUri":"/voice-connector-groups/{voiceConnectorGroupId}", - "responseCode":202 - }, - "input":{"shape":"UpdateVoiceConnectorGroupRequest"}, - "output":{"shape":"UpdateVoiceConnectorGroupResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Updates details of the specified Amazon Chime Voice Connector group, such as the name and Amazon Chime Voice Connector priority ranking.

This API is is no longer supported and will not be updated. We recommend using the latest version, UpdateVoiceConnectorGroup, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by UpdateVoiceConnectorGroup in the Amazon Chime SDK Voice Namespace" - }, - "ValidateE911Address":{ - "name":"ValidateE911Address", - "http":{ - "method":"POST", - "requestUri":"/emergency-calling/address", - "responseCode":202 - }, - "input":{"shape":"ValidateE911AddressRequest"}, - "output":{"shape":"ValidateE911AddressResponse"}, - "errors":[ - {"shape":"UnauthorizedClientException"}, - {"shape":"NotFoundException"}, - {"shape":"ForbiddenException"}, - {"shape":"BadRequestException"}, - {"shape":"ThrottledClientException"}, - {"shape":"ServiceUnavailableException"}, - {"shape":"ServiceFailureException"} - ], - "documentation":"

Validates an address to be used for 911 calls made with Amazon Chime Voice Connectors. You can use validated addresses in a Presence Information Data Format Location Object file that you include in SIP requests. That helps ensure that addresses are routed to the appropriate Public Safety Answering Point.

This API is is no longer supported and will not be updated. We recommend using the latest version, ValidateE911Address, in the Amazon Chime SDK.

Using the latest version requires migrating to a dedicated namespace. For more information, refer to Migrating from the Amazon Chime namespace in the Amazon Chime SDK Developer Guide.

", - "deprecated":true, - "deprecatedMessage":"Replaced by ValidateE911Address in the Amazon Chime SDK Voice Namespace" } }, "shapes":{ @@ -4192,52 +1342,6 @@ "EnterpriseOIDC" ] }, - "Address":{ - "type":"structure", - "members":{ - "streetName":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address street, such as 8th Avenue.

" - }, - "streetSuffix":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address suffix, such as the N in 8th Avenue N.

" - }, - "postDirectional":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

An address suffix location, such as the S. Unit A in Central Park S. Unit A.

" - }, - "preDirectional":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

An address prefix location, such as the N in N. Third St..

" - }, - "streetNumber":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The numeric portion of an address.

" - }, - "city":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The city of an address.

" - }, - "state":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The state of an address.

" - }, - "postalCode":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The postal code of an address.

" - }, - "postalCodePlus4":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The Zip + 4 or postal code + 4 of an address.

" - }, - "country":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The country of an address.

" - } - }, - "documentation":"

A validated address.

" - }, "AlexaForBusinessMetadata":{ "type":"structure", "members":{ @@ -4256,230 +1360,6 @@ "type":"string", "pattern":"[A-Z]{2}" }, - "AppInstance":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the messaging instance.

" - }, - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of an AppInstance.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of an AppInstance.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which an AppInstance was created. In epoch milliseconds.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time an AppInstance was last updated. In epoch milliseconds.

" - } - }, - "documentation":"

The details of an AppInstance, an instance of an Amazon Chime SDK messaging application.

" - }, - "AppInstanceAdmin":{ - "type":"structure", - "members":{ - "Admin":{ - "shape":"Identity", - "documentation":"

The AppInstanceAdmin data.

" - }, - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance for which the user is an administrator.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which an administrator was created.

" - } - }, - "documentation":"

The details of an AppInstanceAdmin.

" - }, - "AppInstanceAdminList":{ - "type":"list", - "member":{"shape":"AppInstanceAdminSummary"} - }, - "AppInstanceAdminSummary":{ - "type":"structure", - "members":{ - "Admin":{ - "shape":"Identity", - "documentation":"

The details of the AppInstanceAdmin.

" - } - }, - "documentation":"

Summary of the details of an AppInstanceAdmin.

" - }, - "AppInstanceDataType":{ - "type":"string", - "enum":[ - "Channel", - "ChannelMessage" - ] - }, - "AppInstanceList":{ - "type":"list", - "member":{"shape":"AppInstanceSummary"} - }, - "AppInstanceRetentionSettings":{ - "type":"structure", - "members":{ - "ChannelRetentionSettings":{ - "shape":"ChannelRetentionSettings", - "documentation":"

The length of time in days to retain the messages in a channel.

" - } - }, - "documentation":"

The details of the data-retention settings for an AppInstance.

" - }, - "AppInstanceStreamingConfiguration":{ - "type":"structure", - "required":[ - "AppInstanceDataType", - "ResourceArn" - ], - "members":{ - "AppInstanceDataType":{ - "shape":"AppInstanceDataType", - "documentation":"

The type of data to be streamed.

" - }, - "ResourceArn":{ - "shape":"Arn", - "documentation":"

The resource ARN.

" - } - }, - "documentation":"

The details of the streaming configuration of an AppInstance.

" - }, - "AppInstanceStreamingConfigurationList":{ - "type":"list", - "member":{"shape":"AppInstanceStreamingConfiguration"}, - "max":2, - "min":1 - }, - "AppInstanceSummary":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The AppInstance ARN.

" - }, - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the AppInstance.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the AppInstance.

" - } - }, - "documentation":"

Summary of the data for an AppInstance.

" - }, - "AppInstanceUser":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser.

" - }, - "Name":{ - "shape":"UserName", - "documentation":"

The name of the AppInstanceUser.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the AppInstanceUser was created.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the AppInstanceUser.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the AppInstanceUser was last updated.

" - } - }, - "documentation":"

The details of an AppInstanceUser.

" - }, - "AppInstanceUserList":{ - "type":"list", - "member":{"shape":"AppInstanceUserSummary"} - }, - "AppInstanceUserMembershipSummary":{ - "type":"structure", - "members":{ - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The type of ChannelMembership.

" - }, - "ReadMarkerTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a message was last read.

" - } - }, - "documentation":"

Summary of the membership details of an AppInstanceUser.

" - }, - "AppInstanceUserSummary":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser.

" - }, - "Name":{ - "shape":"UserName", - "documentation":"

The name of an AppInstanceUser.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the AppInstanceUser.

" - } - }, - "documentation":"

Summary of the details of an AppInstanceUser.

" - }, - "AreaCode":{ - "type":"string", - "pattern":"^$|^[0-9]{3,3}$" - }, - "Arn":{ - "type":"string", - "max":1024, - "min":1, - "pattern":"^arn[\\/\\:\\-\\_\\.a-zA-Z0-9]+$", - "sensitive":true - }, - "ArtifactsConfiguration":{ - "type":"structure", - "required":[ - "Audio", - "Video", - "Content" - ], - "members":{ - "Audio":{ - "shape":"AudioArtifactsConfiguration", - "documentation":"

The configuration for the audio artifacts.

" - }, - "Video":{ - "shape":"VideoArtifactsConfiguration", - "documentation":"

The configuration for the video artifacts.

" - }, - "Content":{ - "shape":"ContentArtifactsConfiguration", - "documentation":"

The configuration for the content artifacts.

" - } - }, - "documentation":"

The configuration for the artifacts.

" - }, - "ArtifactsState":{ - "type":"string", - "enum":[ - "Enabled", - "Disabled" - ] - }, "AssociatePhoneNumberWithUserRequest":{ "type":"structure", "required":[ @@ -4508,72 +1388,7 @@ }, "AssociatePhoneNumberWithUserResponse":{ "type":"structure", - "members":{ - } - }, - "AssociatePhoneNumbersWithVoiceConnectorGroupRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorGroupId", - "E164PhoneNumbers" - ], - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

", - "location":"uri", - "locationName":"voiceConnectorGroupId" - }, - "E164PhoneNumbers":{ - "shape":"E164PhoneNumberList", - "documentation":"

List of phone numbers, in E.164 format.

" - }, - "ForceAssociate":{ - "shape":"NullableBoolean", - "documentation":"

If true, associates the provided phone numbers with the provided Amazon Chime Voice Connector Group and removes any previously existing associations. If false, does not associate any phone numbers that have previously existing associations.

" - } - } - }, - "AssociatePhoneNumbersWithVoiceConnectorGroupResponse":{ - "type":"structure", - "members":{ - "PhoneNumberErrors":{ - "shape":"PhoneNumberErrorList", - "documentation":"

If the action fails for one or more of the phone numbers in the request, a list of the phone numbers is returned, along with error codes and error messages.

" - } - } - }, - "AssociatePhoneNumbersWithVoiceConnectorRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "E164PhoneNumbers" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "E164PhoneNumbers":{ - "shape":"E164PhoneNumberList", - "documentation":"

List of phone numbers, in E.164 format.

" - }, - "ForceAssociate":{ - "shape":"NullableBoolean", - "documentation":"

If true, associates the provided phone numbers with the provided Amazon Chime Voice Connector and removes any previously existing associations. If false, does not associate any phone numbers that have previously existing associations.

" - } - } - }, - "AssociatePhoneNumbersWithVoiceConnectorResponse":{ - "type":"structure", - "members":{ - "PhoneNumberErrors":{ - "shape":"PhoneNumberErrorList", - "documentation":"

If the action fails for one or more of the phone numbers in the request, a list of the phone numbers is returned, along with error codes and error messages.

" - } - } + "members":{} }, "AssociateSigninDelegateGroupsWithAccountRequest":{ "type":"structure", @@ -4596,65 +1411,7 @@ }, "AssociateSigninDelegateGroupsWithAccountResponse":{ "type":"structure", - "members":{ - } - }, - "Attendee":{ - "type":"structure", - "members":{ - "ExternalUserId":{ - "shape":"ExternalUserIdType", - "documentation":"

The Amazon Chime SDK external user ID. An idempotency token. Links the attendee to an identity managed by a builder application.

" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

" - }, - "JoinToken":{ - "shape":"JoinTokenString", - "documentation":"

The join token used by the Amazon Chime SDK attendee.

" - } - }, - "documentation":"

An Amazon Chime SDK meeting attendee. Includes a unique AttendeeId and JoinToken . The JoinToken allows a client to authenticate and join as the specified attendee. The JoinToken expires when the meeting ends or when DeleteAttendee is called. After that, the attendee is unable to join the meeting.

We recommend securely transferring each JoinToken from your server application to the client so that no other client has access to the token except for the one authorized to represent the attendee.

" - }, - "AttendeeIdList":{ - "type":"list", - "member":{"shape":"GuidString"}, - "min":1 - }, - "AttendeeList":{ - "type":"list", - "member":{"shape":"Attendee"} - }, - "AttendeeTagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":10, - "min":1 - }, - "AttendeeTagList":{ - "type":"list", - "member":{"shape":"Tag"}, - "max":10, - "min":1 - }, - "AudioArtifactsConfiguration":{ - "type":"structure", - "required":["MuxType"], - "members":{ - "MuxType":{ - "shape":"AudioMuxType", - "documentation":"

The MUX type of the audio artifact configuration object.

" - } - }, - "documentation":"

The audio artifact configuration object.

" - }, - "AudioMuxType":{ - "type":"string", - "enum":[ - "AudioOnly", - "AudioWithActiveSpeakerVideo" - ] + "members":{} }, "BadRequestException":{ "type":"structure", @@ -4666,128 +1423,6 @@ "error":{"httpStatusCode":400}, "exception":true }, - "BatchChannelMemberships":{ - "type":"structure", - "members":{ - "InvitedBy":{ - "shape":"Identity", - "documentation":"

The identifier of the member who invited another member.

" - }, - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The membership types set for the channel users.

" - }, - "Members":{ - "shape":"Members", - "documentation":"

The users successfully added to the request.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel to which you're adding users.

" - } - }, - "documentation":"

The membership information, including member ARNs, the channel ARN, and membership types.

" - }, - "BatchCreateAttendeeErrorList":{ - "type":"list", - "member":{"shape":"CreateAttendeeError"} - }, - "BatchCreateAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "Attendees" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "Attendees":{ - "shape":"CreateAttendeeRequestItemList", - "documentation":"

The request containing the attendees to create.

" - } - } - }, - "BatchCreateAttendeeResponse":{ - "type":"structure", - "members":{ - "Attendees":{ - "shape":"AttendeeList", - "documentation":"

The attendee information, including attendees IDs and join tokens.

" - }, - "Errors":{ - "shape":"BatchCreateAttendeeErrorList", - "documentation":"

If the action fails for one or more of the attendees in the request, a list of the attendees is returned, along with error codes and error messages.

" - } - } - }, - "BatchCreateChannelMembershipError":{ - "type":"structure", - "members":{ - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member that the service couldn't add.

" - }, - "ErrorCode":{ - "shape":"ErrorCode", - "documentation":"

The error code.

" - }, - "ErrorMessage":{ - "shape":"String", - "documentation":"

The error message.

" - } - }, - "documentation":"

A list of failed member ARNs, error codes, and error messages.

" - }, - "BatchCreateChannelMembershipErrors":{ - "type":"list", - "member":{"shape":"BatchCreateChannelMembershipError"} - }, - "BatchCreateChannelMembershipRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArns" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel to which you're adding users.

", - "location":"uri", - "locationName":"channelArn" - }, - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The membership type of a user, DEFAULT or HIDDEN. Default members are always returned as part of ListChannelMemberships. Hidden members are only returned if the type filter in ListChannelMemberships equals HIDDEN. Otherwise hidden members are not returned. This is only supported by moderators.

" - }, - "MemberArns":{ - "shape":"MemberArns", - "documentation":"

The ARNs of the members you want to add to the channel.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "BatchCreateChannelMembershipResponse":{ - "type":"structure", - "members":{ - "BatchChannelMemberships":{ - "shape":"BatchChannelMemberships", - "documentation":"

The list of channel memberships in the response.

" - }, - "Errors":{ - "shape":"BatchCreateChannelMembershipErrors", - "documentation":"

If the action fails for one or more of the memberships in the request, a list of the memberships is returned, along with error codes and error messages.

" - } - } - }, "BatchCreateRoomMembershipRequest":{ "type":"structure", "required":[ @@ -5021,445 +1656,6 @@ "UpdateFailed" ] }, - "CallingRegion":{"type":"string"}, - "CallingRegionList":{ - "type":"list", - "member":{"shape":"CallingRegion"} - }, - "CandidateAddress":{ - "type":"structure", - "members":{ - "streetInfo":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The street information of a candidate address

" - }, - "streetNumber":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The numeric portion of a candidate address.

" - }, - "city":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The city of a candidate address.

" - }, - "state":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The state of a candidate address.

" - }, - "postalCode":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The postal code of a candidate address.

" - }, - "postalCodePlus4":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The Zip + 4 or postal code + 4 of a candidate address.

" - }, - "country":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The country of a candidate address.

" - } - }, - "documentation":"

A suggested address.

" - }, - "CandidateAddressList":{ - "type":"list", - "member":{"shape":"CandidateAddress"} - }, - "Capability":{ - "type":"string", - "enum":[ - "Voice", - "SMS" - ] - }, - "CapabilityList":{ - "type":"list", - "member":{"shape":"Capability"} - }, - "Channel":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the channel.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "Mode":{ - "shape":"ChannelMode", - "documentation":"

The mode of the channel.

" - }, - "Privacy":{ - "shape":"ChannelPrivacy", - "documentation":"

The channel's privacy setting.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The channel's metadata.

" - }, - "CreatedBy":{ - "shape":"Identity", - "documentation":"

The AppInstanceUser who created the channel.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the AppInstanceUser created the channel.

" - }, - "LastMessageTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a member sent the last message in the channel.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a channel was last updated.

" - } - }, - "documentation":"

The details of a channel.

" - }, - "ChannelBan":{ - "type":"structure", - "members":{ - "Member":{ - "shape":"Identity", - "documentation":"

The member being banned from the channel.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel from which a member is being banned.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the ban was created.

" - }, - "CreatedBy":{ - "shape":"Identity", - "documentation":"

The AppInstanceUser who created the ban.

" - } - }, - "documentation":"

The details of a channel ban.

" - }, - "ChannelBanSummary":{ - "type":"structure", - "members":{ - "Member":{ - "shape":"Identity", - "documentation":"

The member being banned from a channel.

" - } - }, - "documentation":"

Summary of the details of a ChannelBan.

" - }, - "ChannelBanSummaryList":{ - "type":"list", - "member":{"shape":"ChannelBanSummary"} - }, - "ChannelMembership":{ - "type":"structure", - "members":{ - "InvitedBy":{ - "shape":"Identity", - "documentation":"

The identifier of the member who invited another member.

" - }, - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The membership type set for the channel member.

" - }, - "Member":{ - "shape":"Identity", - "documentation":"

The data of the channel member.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member's channel.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the channel membership was created.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a channel membership was last updated.

" - } - }, - "documentation":"

The details of a channel member.

" - }, - "ChannelMembershipForAppInstanceUserSummary":{ - "type":"structure", - "members":{ - "ChannelSummary":{ - "shape":"ChannelSummary", - "documentation":"

Summary of the details of a Channel.

" - }, - "AppInstanceUserMembershipSummary":{ - "shape":"AppInstanceUserMembershipSummary", - "documentation":"

Summary of the membership details of an AppInstanceUser.

" - } - }, - "documentation":"

Summary of the channel membership details of an AppInstanceUser.

" - }, - "ChannelMembershipForAppInstanceUserSummaryList":{ - "type":"list", - "member":{"shape":"ChannelMembershipForAppInstanceUserSummary"} - }, - "ChannelMembershipSummary":{ - "type":"structure", - "members":{ - "Member":{ - "shape":"Identity", - "documentation":"

A member's summary data.

" - } - }, - "documentation":"

Summary of the details of a ChannelMembership.

" - }, - "ChannelMembershipSummaryList":{ - "type":"list", - "member":{"shape":"ChannelMembershipSummary"} - }, - "ChannelMembershipType":{ - "type":"string", - "enum":[ - "DEFAULT", - "HIDDEN" - ] - }, - "ChannelMessage":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of a message.

" - }, - "Content":{ - "shape":"Content", - "documentation":"

The message content.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The message metadata.

" - }, - "Type":{ - "shape":"ChannelMessageType", - "documentation":"

The message type.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the message was created.

" - }, - "LastEditedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a message was edited.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a message was updated.

" - }, - "Sender":{ - "shape":"Identity", - "documentation":"

The message sender.

" - }, - "Redacted":{ - "shape":"NonNullableBoolean", - "documentation":"

Hides the content of a message.

" - }, - "Persistence":{ - "shape":"ChannelMessagePersistenceType", - "documentation":"

The persistence setting for a channel message.

" - } - }, - "documentation":"

The details of a message in a channel.

" - }, - "ChannelMessagePersistenceType":{ - "type":"string", - "enum":[ - "PERSISTENT", - "NON_PERSISTENT" - ] - }, - "ChannelMessageSummary":{ - "type":"structure", - "members":{ - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of the message.

" - }, - "Content":{ - "shape":"Content", - "documentation":"

The content of the message.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the message.

" - }, - "Type":{ - "shape":"ChannelMessageType", - "documentation":"

The type of message.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the message summary was created.

" - }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a message was last updated.

" - }, - "LastEditedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which a message was last edited.

" - }, - "Sender":{ - "shape":"Identity", - "documentation":"

The message sender.

" - }, - "Redacted":{ - "shape":"NonNullableBoolean", - "documentation":"

Indicates whether a message was redacted.

" - } - }, - "documentation":"

Summary of the messages in a Channel.

" - }, - "ChannelMessageSummaryList":{ - "type":"list", - "member":{"shape":"ChannelMessageSummary"} - }, - "ChannelMessageType":{ - "type":"string", - "enum":[ - "STANDARD", - "CONTROL" - ] - }, - "ChannelMode":{ - "type":"string", - "enum":[ - "UNRESTRICTED", - "RESTRICTED" - ] - }, - "ChannelModeratedByAppInstanceUserSummary":{ - "type":"structure", - "members":{ - "ChannelSummary":{ - "shape":"ChannelSummary", - "documentation":"

Summary of the details of a Channel.

" - } - }, - "documentation":"

Summary of the details of a moderated channel.

" - }, - "ChannelModeratedByAppInstanceUserSummaryList":{ - "type":"list", - "member":{"shape":"ChannelModeratedByAppInstanceUserSummary"} - }, - "ChannelModerator":{ - "type":"structure", - "members":{ - "Moderator":{ - "shape":"Identity", - "documentation":"

The moderator's data.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the moderator's channel.

" - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the moderator was created.

" - }, - "CreatedBy":{ - "shape":"Identity", - "documentation":"

The AppInstanceUser who created the moderator.

" - } - }, - "documentation":"

The details of a channel moderator.

" - }, - "ChannelModeratorSummary":{ - "type":"structure", - "members":{ - "Moderator":{ - "shape":"Identity", - "documentation":"

The data for a moderator.

" - } - }, - "documentation":"

Summary of the details of a ChannelModerator.

" - }, - "ChannelModeratorSummaryList":{ - "type":"list", - "member":{"shape":"ChannelModeratorSummary"} - }, - "ChannelPrivacy":{ - "type":"string", - "enum":[ - "PUBLIC", - "PRIVATE" - ] - }, - "ChannelRetentionSettings":{ - "type":"structure", - "members":{ - "RetentionDays":{ - "shape":"RetentionDays", - "documentation":"

The time in days to retain the messages in a channel.

" - } - }, - "documentation":"

The details of the retention settings for a channel.

" - }, - "ChannelSummary":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the channel.

" - }, - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "Mode":{ - "shape":"ChannelMode", - "documentation":"

The mode of the channel.

" - }, - "Privacy":{ - "shape":"ChannelPrivacy", - "documentation":"

The privacy setting of the channel.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the channel.

" - }, - "LastMessageTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the last message in a channel was sent.

" - } - }, - "documentation":"

Summary of the details of a Channel.

" - }, - "ChannelSummaryList":{ - "type":"list", - "member":{"shape":"ChannelSummary"} - }, - "ChimeArn":{ - "type":"string", - "max":1600, - "min":5, - "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" - }, - "ChimeSdkMeetingConfiguration":{ - "type":"structure", - "members":{ - "SourceConfiguration":{ - "shape":"SourceConfiguration", - "documentation":"

The source configuration for a specified media capture pipeline.

" - }, - "ArtifactsConfiguration":{ - "shape":"ArtifactsConfiguration", - "documentation":"

The configuration for the artifacts in an Amazon Chime SDK meeting.

" - } - }, - "documentation":"

The configuration object of the Amazon Chime SDK meeting for a specified media capture pipeline. SourceType must be ChimeSdkMeeting.

" - }, "ClientRequestToken":{ "type":"string", "max":64, @@ -5477,32 +1673,6 @@ "error":{"httpStatusCode":409}, "exception":true }, - "Content":{ - "type":"string", - "max":4096, - "min":0, - "pattern":"[\\s\\S]*", - "sensitive":true - }, - "ContentArtifactsConfiguration":{ - "type":"structure", - "required":["State"], - "members":{ - "State":{ - "shape":"ArtifactsState", - "documentation":"

Indicates whether the content artifact is enabled or disabled.

" - }, - "MuxType":{ - "shape":"ContentMuxType", - "documentation":"

The MUX type of the artifact configuration.

" - } - }, - "documentation":"

The content artifact object.

" - }, - "ContentMuxType":{ - "type":"string", - "enum":["ContentOnly"] - }, "ConversationRetentionSettings":{ "type":"structure", "members":{ @@ -5513,20 +1683,6 @@ }, "documentation":"

The retention settings that determine how long to retain conversation messages for an Amazon Chime Enterprise account.

" }, - "Country":{ - "type":"string", - "pattern":"^$|^[A-Z]{2,2}$" - }, - "CountryList":{ - "type":"list", - "member":{"shape":"Country"}, - "max":100, - "min":1 - }, - "CpsLimit":{ - "type":"integer", - "min":1 - }, "CreateAccountRequest":{ "type":"structure", "required":["Name"], @@ -5546,187 +1702,6 @@ } } }, - "CreateAppInstanceAdminRequest":{ - "type":"structure", - "required":[ - "AppInstanceAdminArn", - "AppInstanceArn" - ], - "members":{ - "AppInstanceAdminArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the administrator of the current AppInstance.

" - }, - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "CreateAppInstanceAdminResponse":{ - "type":"structure", - "members":{ - "AppInstanceAdmin":{ - "shape":"Identity", - "documentation":"

The name and ARN of the admin for the AppInstance.

" - }, - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the of the admin for the AppInstance.

" - } - } - }, - "CreateAppInstanceRequest":{ - "type":"structure", - "required":[ - "Name", - "ClientRequestToken" - ], - "members":{ - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the AppInstance.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the AppInstance. Limited to a 1KB string in UTF-8.

" - }, - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The ClientRequestToken of the AppInstance.

", - "idempotencyToken":true - }, - "Tags":{ - "shape":"TagList", - "documentation":"

Tags assigned to the AppInstance.

" - } - } - }, - "CreateAppInstanceResponse":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The Amazon Resource Number (ARN) of the AppInstance.

" - } - } - }, - "CreateAppInstanceUserRequest":{ - "type":"structure", - "required":[ - "AppInstanceArn", - "AppInstanceUserId", - "Name", - "ClientRequestToken" - ], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance request.

" - }, - "AppInstanceUserId":{ - "shape":"UserId", - "documentation":"

The user ID of the AppInstance.

" - }, - "Name":{ - "shape":"UserName", - "documentation":"

The user's name.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The request's metadata. Limited to a 1KB string in UTF-8.

" - }, - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The token assigned to the user requesting an AppInstance.

", - "idempotencyToken":true - }, - "Tags":{ - "shape":"TagList", - "documentation":"

Tags assigned to the AppInstanceUser.

" - } - } - }, - "CreateAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The user's ARN.

" - } - } - }, - "CreateAttendeeError":{ - "type":"structure", - "members":{ - "ExternalUserId":{ - "shape":"ExternalUserIdType", - "documentation":"

The Amazon Chime SDK external user ID. An idempotency token. Links the attendee to an identity managed by a builder application.

" - }, - "ErrorCode":{ - "shape":"String", - "documentation":"

The error code.

" - }, - "ErrorMessage":{ - "shape":"String", - "documentation":"

The error message.

" - } - }, - "documentation":"

The list of errors returned when errors are encountered during the BatchCreateAttendee and CreateAttendee actions. This includes external user IDs, error codes, and error messages.

" - }, - "CreateAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "ExternalUserId" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "ExternalUserId":{ - "shape":"ExternalUserIdType", - "documentation":"

The Amazon Chime SDK external user ID. An idempotency token. Links the attendee to an identity managed by a builder application.

" - }, - "Tags":{ - "shape":"AttendeeTagList", - "documentation":"

The tag key-value pairs.

" - } - } - }, - "CreateAttendeeRequestItem":{ - "type":"structure", - "required":["ExternalUserId"], - "members":{ - "ExternalUserId":{ - "shape":"ExternalUserIdType", - "documentation":"

The Amazon Chime SDK external user ID. An idempotency token. Links the attendee to an identity managed by a builder application.

" - }, - "Tags":{ - "shape":"AttendeeTagList", - "documentation":"

The tag key-value pairs.

" - } - }, - "documentation":"

The Amazon Chime SDK attendee fields to create, used with the BatchCreateAttendee action.

" - }, - "CreateAttendeeRequestItemList":{ - "type":"list", - "member":{"shape":"CreateAttendeeRequestItem"} - }, - "CreateAttendeeResponse":{ - "type":"structure", - "members":{ - "Attendee":{ - "shape":"Attendee", - "documentation":"

The attendee information, including attendee ID and join token.

" - } - } - }, "CreateBotRequest":{ "type":"structure", "required":[ @@ -5759,224 +1734,6 @@ } } }, - "CreateChannelBanRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the ban request.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member being banned.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "CreateChannelBanResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the response to the ban request.

" - }, - "Member":{ - "shape":"Identity", - "documentation":"

The ChannelArn and BannedIdentity of the member in the ban response.

" - } - } - }, - "CreateChannelMembershipRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn", - "Type" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel to which you're adding users.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member you want to add to the channel.

" - }, - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The membership type of a user, DEFAULT or HIDDEN. Default members are always returned as part of ListChannelMemberships. Hidden members are only returned if the type filter in ListChannelMemberships equals HIDDEN. Otherwise hidden members are not returned. This is only supported by moderators.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "CreateChannelMembershipResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "Member":{ - "shape":"Identity", - "documentation":"

The ARN and metadata of the member being added.

" - } - } - }, - "CreateChannelModeratorRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "ChannelModeratorArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChannelModeratorArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the moderator.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "CreateChannelModeratorResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "ChannelModerator":{ - "shape":"Identity", - "documentation":"

The ARNs of the channel and the moderator.

" - } - } - }, - "CreateChannelRequest":{ - "type":"structure", - "required":[ - "AppInstanceArn", - "Name", - "ClientRequestToken" - ], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel request.

" - }, - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the channel.

" - }, - "Mode":{ - "shape":"ChannelMode", - "documentation":"

The channel mode: UNRESTRICTED or RESTRICTED. Administrators, moderators, and channel members can add themselves and other members to unrestricted channels. Only administrators and moderators can add members to restricted channels.

" - }, - "Privacy":{ - "shape":"ChannelPrivacy", - "documentation":"

The channel's privacy level: PUBLIC or PRIVATE. Private channels aren't discoverable by users outside the channel. Public channels are discoverable by anyone in the AppInstance.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the creation request. Limited to 1KB and UTF-8.

" - }, - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The client token for the request. An Idempotency token.

", - "idempotencyToken":true - }, - "Tags":{ - "shape":"TagList", - "documentation":"

The tags for the creation request.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "CreateChannelResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - } - } - }, - "CreateMediaCapturePipelineRequest":{ - "type":"structure", - "required":[ - "SourceType", - "SourceArn", - "SinkType", - "SinkArn" - ], - "members":{ - "SourceType":{ - "shape":"MediaPipelineSourceType", - "documentation":"

Source type from which the media artifacts will be captured. A Chime SDK Meeting is the only supported source.

" - }, - "SourceArn":{ - "shape":"Arn", - "documentation":"

ARN of the source from which the media artifacts are captured.

" - }, - "SinkType":{ - "shape":"MediaPipelineSinkType", - "documentation":"

Destination type to which the media artifacts are saved. You must use an S3 bucket.

" - }, - "SinkArn":{ - "shape":"Arn", - "documentation":"

The ARN of the sink type.

" - }, - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The unique identifier for the client request. The token makes the API request idempotent. Use a different token for different media pipeline requests.

", - "idempotencyToken":true - }, - "ChimeSdkMeetingConfiguration":{ - "shape":"ChimeSdkMeetingConfiguration", - "documentation":"

The configuration for a specified media capture pipeline. SourceType must be ChimeSdkMeeting.

" - } - } - }, - "CreateMediaCapturePipelineResponse":{ - "type":"structure", - "members":{ - "MediaCapturePipeline":{ - "shape":"MediaCapturePipeline", - "documentation":"

A media capture pipeline object, the ID, source type, source ARN, sink type, and sink ARN of a media capture pipeline object.

" - } - } - }, "CreateMeetingDialOutRequest":{ "type":"structure", "required":[ @@ -6015,104 +1772,6 @@ } } }, - "CreateMeetingRequest":{ - "type":"structure", - "required":["ClientRequestToken"], - "members":{ - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The unique identifier for the client request. Use a different token for different meetings.

", - "idempotencyToken":true - }, - "ExternalMeetingId":{ - "shape":"ExternalMeetingIdType", - "documentation":"

The external meeting ID.

" - }, - "MeetingHostId":{ - "shape":"ExternalUserIdType", - "documentation":"

Reserved.

" - }, - "MediaRegion":{ - "shape":"String", - "documentation":"

The Region in which to create the meeting. Default: us-east-1.

Available values: af-south-1 , ap-northeast-1 , ap-northeast-2 , ap-south-1 , ap-southeast-1 , ap-southeast-2 , ca-central-1 , eu-central-1 , eu-north-1 , eu-south-1 , eu-west-1 , eu-west-2 , eu-west-3 , sa-east-1 , us-east-1 , us-east-2 , us-west-1 , us-west-2 .

" - }, - "Tags":{ - "shape":"MeetingTagList", - "documentation":"

The tag key-value pairs.

" - }, - "NotificationsConfiguration":{ - "shape":"MeetingNotificationConfiguration", - "documentation":"

The configuration for resource targets to receive notifications when meeting and attendee events occur.

" - } - } - }, - "CreateMeetingResponse":{ - "type":"structure", - "members":{ - "Meeting":{ - "shape":"Meeting", - "documentation":"

The meeting information, including the meeting ID and MediaPlacement .

" - } - } - }, - "CreateMeetingWithAttendeesRequest":{ - "type":"structure", - "required":["ClientRequestToken"], - "members":{ - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The unique identifier for the client request. Use a different token for different meetings.

", - "idempotencyToken":true - }, - "ExternalMeetingId":{ - "shape":"ExternalMeetingIdType", - "documentation":"

The external meeting ID.

" - }, - "MeetingHostId":{ - "shape":"ExternalUserIdType", - "documentation":"

Reserved.

" - }, - "MediaRegion":{ - "shape":"String", - "documentation":"

The Region in which to create the meeting. Default: us-east-1 .

Available values: af-south-1 , ap-northeast-1 , ap-northeast-2 , ap-south-1 , ap-southeast-1 , ap-southeast-2 , ca-central-1 , eu-central-1 , eu-north-1 , eu-south-1 , eu-west-1 , eu-west-2 , eu-west-3 , sa-east-1 , us-east-1 , us-east-2 , us-west-1 , us-west-2 .

" - }, - "Tags":{ - "shape":"MeetingTagList", - "documentation":"

The tag key-value pairs.

" - }, - "NotificationsConfiguration":{ - "shape":"MeetingNotificationConfiguration", - "documentation":"

The resource target configurations for receiving Amazon Chime SDK meeting and attendee event notifications. The Amazon Chime SDK supports resource targets located in the US East (N. Virginia) AWS Region (us-east-1).

" - }, - "Attendees":{ - "shape":"CreateMeetingWithAttendeesRequestItemList", - "documentation":"

The request containing the attendees to create.

" - } - } - }, - "CreateMeetingWithAttendeesRequestItemList":{ - "type":"list", - "member":{"shape":"CreateAttendeeRequestItem"}, - "max":10, - "min":1 - }, - "CreateMeetingWithAttendeesResponse":{ - "type":"structure", - "members":{ - "Meeting":{ - "shape":"Meeting", - "documentation":"

A meeting created using the Amazon Chime SDK.

" - }, - "Attendees":{ - "shape":"AttendeeList", - "documentation":"

The attendee information, including attendees IDs and join tokens.

" - }, - "Errors":{ - "shape":"BatchCreateAttendeeErrorList", - "documentation":"

If the action fails for one or more of the attendees in the request, a list of the attendees is returned, along with error codes and error messages.

" - } - } - }, "CreatePhoneNumberOrderRequest":{ "type":"structure", "required":[ @@ -6139,59 +1798,6 @@ } } }, - "CreateProxySessionRequest":{ - "type":"structure", - "required":[ - "ParticipantPhoneNumbers", - "Capabilities", - "VoiceConnectorId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "ParticipantPhoneNumbers":{ - "shape":"ParticipantPhoneNumberList", - "documentation":"

The participant phone numbers.

" - }, - "Name":{ - "shape":"ProxySessionNameString", - "documentation":"

The name of the proxy session.

" - }, - "ExpiryMinutes":{ - "shape":"PositiveInteger", - "documentation":"

The number of minutes allowed for the proxy session.

" - }, - "Capabilities":{ - "shape":"CapabilityList", - "documentation":"

The proxy session capabilities.

" - }, - "NumberSelectionBehavior":{ - "shape":"NumberSelectionBehavior", - "documentation":"

The preference for proxy phone number reuse, or stickiness, between the same participants across sessions.

" - }, - "GeoMatchLevel":{ - "shape":"GeoMatchLevel", - "documentation":"

The preference for matching the country or area code of the proxy phone number with that of the first participant.

" - }, - "GeoMatchParams":{ - "shape":"GeoMatchParams", - "documentation":"

The country and area code for the proxy phone number.

" - } - } - }, - "CreateProxySessionResponse":{ - "type":"structure", - "members":{ - "ProxySession":{ - "shape":"ProxySession", - "documentation":"

The proxy session details.

" - } - } - }, "CreateRoomMembershipRequest":{ "type":"structure", "required":[ @@ -6264,114 +1870,6 @@ } } }, - "CreateSipMediaApplicationCallRequest":{ - "type":"structure", - "required":[ - "FromPhoneNumber", - "ToPhoneNumber", - "SipMediaApplicationId" - ], - "members":{ - "FromPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The phone number that a user calls from. This is a phone number in your Amazon Chime phone number inventory.

" - }, - "ToPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The phone number that the service should call.

" - }, - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The ID of the SIP media application.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - }, - "SipHeaders":{ - "shape":"SipHeadersMap", - "documentation":"

The SIP headers added to an outbound call leg.

" - } - } - }, - "CreateSipMediaApplicationCallResponse":{ - "type":"structure", - "members":{ - "SipMediaApplicationCall":{ - "shape":"SipMediaApplicationCall", - "documentation":"

The actual call.

" - } - } - }, - "CreateSipMediaApplicationRequest":{ - "type":"structure", - "required":[ - "AwsRegion", - "Name", - "Endpoints" - ], - "members":{ - "AwsRegion":{ - "shape":"String", - "documentation":"

The AWS Region assigned to the SIP media application.

" - }, - "Name":{ - "shape":"SipMediaApplicationName", - "documentation":"

The SIP media application name.

" - }, - "Endpoints":{ - "shape":"SipMediaApplicationEndpointList", - "documentation":"

List of endpoints (Lambda Amazon Resource Names) specified for the SIP media application. Currently, only one endpoint is supported.

" - } - } - }, - "CreateSipMediaApplicationResponse":{ - "type":"structure", - "members":{ - "SipMediaApplication":{ - "shape":"SipMediaApplication", - "documentation":"

The SIP media application details.

" - } - } - }, - "CreateSipRuleRequest":{ - "type":"structure", - "required":[ - "Name", - "TriggerType", - "TriggerValue", - "TargetApplications" - ], - "members":{ - "Name":{ - "shape":"SipRuleName", - "documentation":"

The name of the SIP rule.

" - }, - "TriggerType":{ - "shape":"SipRuleTriggerType", - "documentation":"

The type of trigger assigned to the SIP rule in TriggerValue, currently RequestUriHostname or ToPhoneNumber.

" - }, - "TriggerValue":{ - "shape":"NonEmptyString", - "documentation":"

If TriggerType is RequestUriHostname, the value can be the outbound host name of an Amazon Chime Voice Connector. If TriggerType is ToPhoneNumber, the value can be a customer-owned phone number in the E164 format. The SipMediaApplication specified in the SipRule is triggered if the request URI in an incoming SIP request matches the RequestUriHostname, or if the To header in the incoming SIP request matches the ToPhoneNumber value.

" - }, - "Disabled":{ - "shape":"NullableBoolean", - "documentation":"

Enables or disables a rule. You must disable rules before you can delete them.

" - }, - "TargetApplications":{ - "shape":"SipRuleTargetApplicationList", - "documentation":"

List of SIP media applications with priority and AWS Region. Only one SIP application per AWS Region can be used.

" - } - } - }, - "CreateSipRuleResponse":{ - "type":"structure", - "members":{ - "SipRule":{ - "shape":"SipRule", - "documentation":"

Returns the SIP rule information, including the rule ID, triggers, and target applications.

" - } - } - }, "CreateUserRequest":{ "type":"structure", "required":["AccountId"], @@ -6405,107 +1903,6 @@ } } }, - "CreateVoiceConnectorGroupRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"VoiceConnectorGroupName", - "documentation":"

The name of the Amazon Chime Voice Connector group.

" - }, - "VoiceConnectorItems":{ - "shape":"VoiceConnectorItemList", - "documentation":"

The Amazon Chime Voice Connectors to route inbound calls to.

" - } - } - }, - "CreateVoiceConnectorGroupResponse":{ - "type":"structure", - "members":{ - "VoiceConnectorGroup":{ - "shape":"VoiceConnectorGroup", - "documentation":"

The Amazon Chime Voice Connector group details.

" - } - } - }, - "CreateVoiceConnectorRequest":{ - "type":"structure", - "required":[ - "Name", - "RequireEncryption" - ], - "members":{ - "Name":{ - "shape":"VoiceConnectorName", - "documentation":"

The name of the Amazon Chime Voice Connector.

" - }, - "AwsRegion":{ - "shape":"VoiceConnectorAwsRegion", - "documentation":"

The AWS Region in which the Amazon Chime Voice Connector is created. Default value: us-east-1 .

" - }, - "RequireEncryption":{ - "shape":"Boolean", - "documentation":"

When enabled, requires encryption for the Amazon Chime Voice Connector.

" - } - } - }, - "CreateVoiceConnectorResponse":{ - "type":"structure", - "members":{ - "VoiceConnector":{ - "shape":"VoiceConnector", - "documentation":"

The Amazon Chime Voice Connector details.

" - } - } - }, - "Credential":{ - "type":"structure", - "members":{ - "Username":{ - "shape":"SensitiveString", - "documentation":"

The RFC2617 compliant user name associated with the SIP credentials, in US-ASCII format.

" - }, - "Password":{ - "shape":"SensitiveString", - "documentation":"

The RFC2617 compliant password associated with the SIP credentials, in US-ASCII format.

" - } - }, - "documentation":"

The SIP credentials used to authenticate requests to your Amazon Chime Voice Connector.

" - }, - "CredentialList":{ - "type":"list", - "member":{"shape":"Credential"} - }, - "DNISEmergencyCallingConfiguration":{ - "type":"structure", - "required":[ - "EmergencyPhoneNumber", - "CallingCountry" - ], - "members":{ - "EmergencyPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The DNIS phone number to route emergency calls to, in E.164 format.

" - }, - "TestPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The DNIS phone number to route test emergency calls to, in E.164 format.

" - }, - "CallingCountry":{ - "shape":"Alpha2CountryCode", - "documentation":"

The country from which emergency calls are allowed, in ISO 3166-1 alpha-2 format.

" - } - }, - "documentation":"

The Dialed Number Identification Service (DNIS) emergency calling configuration details associated with an Amazon Chime Voice Connector's emergency calling configuration.

" - }, - "DNISEmergencyCallingConfigurationList":{ - "type":"list", - "member":{"shape":"DNISEmergencyCallingConfiguration"} - }, - "DataRetentionInHours":{ - "type":"integer", - "min":0 - }, "DeleteAccountRequest":{ "type":"structure", "required":["AccountId"], @@ -6520,212 +1917,7 @@ }, "DeleteAccountResponse":{ "type":"structure", - "members":{ - } - }, - "DeleteAppInstanceAdminRequest":{ - "type":"structure", - "required":[ - "AppInstanceAdminArn", - "AppInstanceArn" - ], - "members":{ - "AppInstanceAdminArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance's administrator.

", - "location":"uri", - "locationName":"appInstanceAdminArn" - }, - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "DeleteAppInstanceRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "DeleteAppInstanceStreamingConfigurationsRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the streaming configurations being deleted.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "DeleteAppInstanceUserRequest":{ - "type":"structure", - "required":["AppInstanceUserArn"], - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the user request being deleted.

", - "location":"uri", - "locationName":"appInstanceUserArn" - } - } - }, - "DeleteAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "AttendeeId" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

", - "location":"uri", - "locationName":"attendeeId" - } - } - }, - "DeleteChannelBanRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel from which the AppInstanceUser was banned.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser that you want to reinstate.

", - "location":"uri", - "locationName":"memberArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DeleteChannelMembershipRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel from which you want to remove the user.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member that you're removing from the channel.

", - "location":"uri", - "locationName":"memberArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DeleteChannelMessageRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MessageId" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of the message being deleted.

", - "location":"uri", - "locationName":"messageId" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DeleteChannelModeratorRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "ChannelModeratorArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChannelModeratorArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the moderator being deleted.

", - "location":"uri", - "locationName":"channelModeratorArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DeleteChannelRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel being deleted.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } + "members":{} }, "DeleteEventsConfigurationRequest":{ "type":"structure", @@ -6748,30 +1940,6 @@ } } }, - "DeleteMediaCapturePipelineRequest":{ - "type":"structure", - "required":["MediaPipelineId"], - "members":{ - "MediaPipelineId":{ - "shape":"GuidString", - "documentation":"

The ID of the media capture pipeline being deleted.

", - "location":"uri", - "locationName":"mediaPipelineId" - } - } - }, - "DeleteMeetingRequest":{ - "type":"structure", - "required":["MeetingId"], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - } - } - }, "DeletePhoneNumberRequest":{ "type":"structure", "required":["PhoneNumberId"], @@ -6784,27 +1952,6 @@ } } }, - "DeleteProxySessionRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "ProxySessionId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "ProxySessionId":{ - "shape":"NonEmptyString128", - "documentation":"

The proxy session ID.

", - "location":"uri", - "locationName":"proxySessionId" - } - } - }, "DeleteRoomMembershipRequest":{ "type":"structure", "required":[ @@ -6854,412 +2001,6 @@ } } }, - "DeleteSipMediaApplicationRequest":{ - "type":"structure", - "required":["SipMediaApplicationId"], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - } - } - }, - "DeleteSipRuleRequest":{ - "type":"structure", - "required":["SipRuleId"], - "members":{ - "SipRuleId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP rule ID.

", - "location":"uri", - "locationName":"sipRuleId" - } - } - }, - "DeleteVoiceConnectorEmergencyCallingConfigurationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DeleteVoiceConnectorGroupRequest":{ - "type":"structure", - "required":["VoiceConnectorGroupId"], - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

", - "location":"uri", - "locationName":"voiceConnectorGroupId" - } - } - }, - "DeleteVoiceConnectorOriginationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DeleteVoiceConnectorProxyRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DeleteVoiceConnectorRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DeleteVoiceConnectorStreamingConfigurationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DeleteVoiceConnectorTerminationCredentialsRequest":{ - "type":"structure", - "required":[ - "Usernames", - "VoiceConnectorId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Usernames":{ - "shape":"SensitiveStringList", - "documentation":"

The RFC2617 compliant username associated with the SIP credentials, in US-ASCII format.

" - } - } - }, - "DeleteVoiceConnectorTerminationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "DescribeAppInstanceAdminRequest":{ - "type":"structure", - "required":[ - "AppInstanceAdminArn", - "AppInstanceArn" - ], - "members":{ - "AppInstanceAdminArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceAdmin.

", - "location":"uri", - "locationName":"appInstanceAdminArn" - }, - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "DescribeAppInstanceAdminResponse":{ - "type":"structure", - "members":{ - "AppInstanceAdmin":{ - "shape":"AppInstanceAdmin", - "documentation":"

The ARN and name of the AppInstanceUser, the ARN of the AppInstance, and the created and last-updated timestamps. All timestamps use epoch milliseconds.

" - } - } - }, - "DescribeAppInstanceRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "DescribeAppInstanceResponse":{ - "type":"structure", - "members":{ - "AppInstance":{ - "shape":"AppInstance", - "documentation":"

The ARN, metadata, created and last-updated timestamps, and the name of the AppInstance. All timestamps use epoch milliseconds.

" - } - } - }, - "DescribeAppInstanceUserRequest":{ - "type":"structure", - "required":["AppInstanceUserArn"], - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser.

", - "location":"uri", - "locationName":"appInstanceUserArn" - } - } - }, - "DescribeAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "AppInstanceUser":{ - "shape":"AppInstanceUser", - "documentation":"

The name of the AppInstanceUser.

" - } - } - }, - "DescribeChannelBanRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel from which the user is banned.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member being banned.

", - "location":"uri", - "locationName":"memberArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelBanResponse":{ - "type":"structure", - "members":{ - "ChannelBan":{ - "shape":"ChannelBan", - "documentation":"

The details of the ban.

" - } - } - }, - "DescribeChannelMembershipForAppInstanceUserRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "AppInstanceUserArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel to which the user belongs.

", - "location":"uri", - "locationName":"channelArn" - }, - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the user in a channel.

", - "location":"querystring", - "locationName":"app-instance-user-arn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelMembershipForAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "ChannelMembership":{ - "shape":"ChannelMembershipForAppInstanceUserSummary", - "documentation":"

The channel to which a user belongs.

" - } - } - }, - "DescribeChannelMembershipRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MemberArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MemberArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the member.

", - "location":"uri", - "locationName":"memberArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelMembershipResponse":{ - "type":"structure", - "members":{ - "ChannelMembership":{ - "shape":"ChannelMembership", - "documentation":"

The details of the membership.

" - } - } - }, - "DescribeChannelModeratedByAppInstanceUserRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "AppInstanceUserArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the moderated channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser in the moderated channel.

", - "location":"querystring", - "locationName":"app-instance-user-arn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelModeratedByAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "Channel":{ - "shape":"ChannelModeratedByAppInstanceUserSummary", - "documentation":"

The moderated channel.

" - } - } - }, - "DescribeChannelModeratorRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "ChannelModeratorArn" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChannelModeratorArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel moderator.

", - "location":"uri", - "locationName":"channelModeratorArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelModeratorResponse":{ - "type":"structure", - "members":{ - "ChannelModerator":{ - "shape":"ChannelModerator", - "documentation":"

The details of the channel moderator.

" - } - } - }, - "DescribeChannelRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "DescribeChannelResponse":{ - "type":"structure", - "members":{ - "Channel":{ - "shape":"Channel", - "documentation":"

The channel details.

" - } - } - }, "DisassociatePhoneNumberFromUserRequest":{ "type":"structure", "required":[ @@ -7283,64 +2024,7 @@ }, "DisassociatePhoneNumberFromUserResponse":{ "type":"structure", - "members":{ - } - }, - "DisassociatePhoneNumbersFromVoiceConnectorGroupRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorGroupId", - "E164PhoneNumbers" - ], - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

", - "location":"uri", - "locationName":"voiceConnectorGroupId" - }, - "E164PhoneNumbers":{ - "shape":"E164PhoneNumberList", - "documentation":"

List of phone numbers, in E.164 format.

" - } - } - }, - "DisassociatePhoneNumbersFromVoiceConnectorGroupResponse":{ - "type":"structure", - "members":{ - "PhoneNumberErrors":{ - "shape":"PhoneNumberErrorList", - "documentation":"

If the action fails for one or more of the phone numbers in the request, a list of the phone numbers is returned, along with error codes and error messages.

" - } - } - }, - "DisassociatePhoneNumbersFromVoiceConnectorRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "E164PhoneNumbers" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "E164PhoneNumbers":{ - "shape":"E164PhoneNumberList", - "documentation":"

List of phone numbers, in E.164 format.

" - } - } - }, - "DisassociatePhoneNumbersFromVoiceConnectorResponse":{ - "type":"structure", - "members":{ - "PhoneNumberErrors":{ - "shape":"PhoneNumberErrorList", - "documentation":"

If the action fails for one or more of the phone numbers in the request, a list of the phone numbers is returned, along with error codes and error messages.

" - } - } + "members":{} }, "DisassociateSigninDelegateGroupsFromAccountRequest":{ "type":"structure", @@ -7363,8 +2047,7 @@ }, "DisassociateSigninDelegateGroupsFromAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "E164PhoneNumber":{ "type":"string", @@ -7388,121 +2071,6 @@ "Failed" ] }, - "EmergencyCallingConfiguration":{ - "type":"structure", - "members":{ - "DNIS":{ - "shape":"DNISEmergencyCallingConfigurationList", - "documentation":"

The Dialed Number Identification Service (DNIS) emergency calling configuration details.

" - } - }, - "documentation":"

The emergency calling configuration details associated with an Amazon Chime Voice Connector.

" - }, - "EngineTranscribeMedicalSettings":{ - "type":"structure", - "required":[ - "LanguageCode", - "Specialty", - "Type" - ], - "members":{ - "LanguageCode":{ - "shape":"TranscribeMedicalLanguageCode", - "documentation":"

The language code specified for the Amazon Transcribe Medical engine.

" - }, - "Specialty":{ - "shape":"TranscribeMedicalSpecialty", - "documentation":"

The specialty specified for the Amazon Transcribe Medical engine.

" - }, - "Type":{ - "shape":"TranscribeMedicalType", - "documentation":"

The type of transcription.

" - }, - "VocabularyName":{ - "shape":"String", - "documentation":"

The name of the vocabulary passed to Amazon Transcribe Medical.

" - }, - "Region":{ - "shape":"TranscribeMedicalRegion", - "documentation":"

The AWS Region passed to Amazon Transcribe Medical. If you don't specify a Region, Amazon Chime uses the meeting's Region.

" - }, - "ContentIdentificationType":{ - "shape":"TranscribeMedicalContentIdentificationType", - "documentation":"

Labels all personally identifiable information (PII) identified in your transcript. If you don't include PiiEntityTypes, all PII is identified.

You can’t set ContentIdentificationType and ContentRedactionType.

" - } - }, - "documentation":"

Settings specific to the Amazon Transcribe Medical engine.

" - }, - "EngineTranscribeSettings":{ - "type":"structure", - "members":{ - "LanguageCode":{ - "shape":"TranscribeLanguageCode", - "documentation":"

Specify the language code that represents the language spoken.

If you're unsure of the language spoken in your audio, consider using IdentifyLanguage to enable automatic language identification.

" - }, - "VocabularyFilterMethod":{ - "shape":"TranscribeVocabularyFilterMethod", - "documentation":"

Specify how you want your vocabulary filter applied to your transcript.

To replace words with ***, choose mask.

To delete words, choose remove.

To flag words without changing them, choose tag.

" - }, - "VocabularyFilterName":{ - "shape":"String", - "documentation":"

Specify the name of the custom vocabulary filter that you want to use when processing your transcription. Note that vocabulary filter names are case sensitive.

If you use Amazon Transcribe in multiple Regions, the vocabulary filter must be available in Amazon Transcribe in each Region.

If you include IdentifyLanguage and want to use one or more vocabulary filters with your transcription, use the VocabularyFilterNames parameter instead.

" - }, - "VocabularyName":{ - "shape":"String", - "documentation":"

Specify the name of the custom vocabulary that you want to use when processing your transcription. Note that vocabulary names are case sensitive.

If you use Amazon Transcribe multiple Regions, the vocabulary must be available in Amazon Transcribe in each Region.

If you include IdentifyLanguage and want to use one or more custom vocabularies with your transcription, use the VocabularyNames parameter instead.

" - }, - "Region":{ - "shape":"TranscribeRegion", - "documentation":"

The AWS Region in which to use Amazon Transcribe.

If you don't specify a Region, then the MediaRegion parameter of the CreateMeeting.html API will be used. However, if Amazon Transcribe is not available in the MediaRegion, then a TranscriptFailed event is sent.

Use auto to use Amazon Transcribe in a Region near the meeting’s MediaRegion. For more information, refer to Choosing a transcription Region in the Amazon Chime SDK Developer Guide.

" - }, - "EnablePartialResultsStabilization":{ - "shape":"Boolean", - "documentation":"

Enables partial result stabilization for your transcription. Partial result stabilization can reduce latency in your output, but may impact accuracy.

" - }, - "PartialResultsStability":{ - "shape":"TranscribePartialResultsStability", - "documentation":"

Specify the level of stability to use when you enable partial results stabilization (EnablePartialResultsStabilization).

Low stability provides the highest accuracy. High stability transcribes faster, but with slightly lower accuracy.

" - }, - "ContentIdentificationType":{ - "shape":"TranscribeContentIdentificationType", - "documentation":"

Labels all personally identifiable information (PII) identified in your transcript. If you don't include PiiEntityTypes, all PII is identified.

You can’t set ContentIdentificationType and ContentRedactionType.

" - }, - "ContentRedactionType":{ - "shape":"TranscribeContentRedactionType", - "documentation":"

Content redaction is performed at the segment level. If you don't include PiiEntityTypes, all PII is redacted.

You can’t set ContentIdentificationType and ContentRedactionType.

" - }, - "PiiEntityTypes":{ - "shape":"TranscribePiiEntityTypes", - "documentation":"

Specify which types of personally identifiable information (PII) you want to redact in your transcript. You can include as many types as you'd like, or you can select ALL.

Values must be comma-separated and can include: ADDRESS, BANK_ACCOUNT_NUMBER, BANK_ROUTING, CREDIT_DEBIT_CVV, CREDIT_DEBIT_EXPIRY CREDIT_DEBIT_NUMBER, EMAIL,NAME, PHONE, PIN, SSN, or ALL.

Note that if you include PiiEntityTypes, you must also include ContentIdentificationType or ContentRedactionType.

If you include ContentRedactionType or ContentIdentificationType, but do not include PiiEntityTypes, all PII is redacted or identified.

" - }, - "LanguageModelName":{ - "shape":"TranscribeLanguageModelName", - "documentation":"

Specify the name of the custom language model that you want to use when processing your transcription. Note that language model names are case sensitive.

The language of the specified language model must match the language code. If the languages don't match, the custom language model isn't applied. There are no errors or warnings associated with a language mismatch.

If you use Amazon Transcribe in multiple Regions, the custom language model must be available in Amazon Transcribe in each Region.

" - }, - "IdentifyLanguage":{ - "shape":"Boolean", - "documentation":"

Enables automatic language identification for your transcription.

If you include IdentifyLanguage, you can optionally use LanguageOptions to include a list of language codes that you think may be present in your audio stream. Including language options can improve transcription accuracy.

You can also use PreferredLanguage to include a preferred language. Doing so can help Amazon Transcribe identify the language faster.

You must include either LanguageCode or IdentifyLanguage.

Language identification can't be combined with custom language models or redaction.

" - }, - "LanguageOptions":{ - "shape":"TranscribeLanguageOptions", - "documentation":"

Specify two or more language codes that represent the languages you think may be present in your media; including more than five is not recommended. If you're unsure what languages are present, do not include this parameter.

Including language options can improve the accuracy of language identification.

If you include LanguageOptions, you must also include IdentifyLanguage.

You can only include one language dialect per language. For example, you cannot include en-US and en-AU.

" - }, - "PreferredLanguage":{ - "shape":"TranscribeLanguageCode", - "documentation":"

Specify a preferred language from the subset of languages codes you specified in LanguageOptions.

You can only use this parameter if you include IdentifyLanguage and LanguageOptions.

" - }, - "VocabularyNames":{ - "shape":"TranscribeVocabularyNamesOrFilterNamesString", - "documentation":"

Specify the names of the custom vocabularies that you want to use when processing your transcription. Note that vocabulary names are case sensitive.

If you use Amazon Transcribe in multiple Regions, the vocabulary must be available in Amazon Transcribe in each Region.

If you don't include IdentifyLanguage and want to use a custom vocabulary with your transcription, use the VocabularyName parameter instead.

" - }, - "VocabularyFilterNames":{ - "shape":"TranscribeVocabularyNamesOrFilterNamesString", - "documentation":"

Specify the names of the custom vocabulary filters that you want to use when processing your transcription. Note that vocabulary filter names are case sensitive.

If you use Amazon Transcribe in multiple Regions, the vocabulary filter must be available in Amazon Transcribe in each Region.

If you're not including IdentifyLanguage and want to use a custom vocabulary filter with your transcription, use the VocabularyFilterName parameter instead.

" - } - }, - "documentation":"

Settings specific for Amazon Transcribe as the live transcription engine.

If you specify an invalid combination of parameters, a TranscriptFailed event will be sent with the contents of the BadRequestException generated by Amazon Transcribe. For more information on each parameter and which combinations are valid, refer to the StartStreamTranscription API in the Amazon Transcribe Developer Guide.

" - }, "ErrorCode":{ "type":"string", "enum":[ @@ -7541,23 +2109,6 @@ }, "documentation":"

The configuration that allows a bot to receive outgoing events. Can be either an HTTPS endpoint or a Lambda function ARN.

" }, - "ExternalMeetingIdType":{ - "type":"string", - "max":64, - "min":2, - "sensitive":true - }, - "ExternalUserIdList":{ - "type":"list", - "member":{"shape":"ExternalUserIdType"}, - "min":1 - }, - "ExternalUserIdType":{ - "type":"string", - "max":64, - "min":2, - "sensitive":true - }, "ForbiddenException":{ "type":"structure", "members":{ @@ -7568,37 +2119,6 @@ "error":{"httpStatusCode":403}, "exception":true }, - "FunctionArn":{ - "type":"string", - "max":10000, - "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?", - "sensitive":true - }, - "GeoMatchLevel":{ - "type":"string", - "enum":[ - "Country", - "AreaCode" - ] - }, - "GeoMatchParams":{ - "type":"structure", - "required":[ - "Country", - "AreaCode" - ], - "members":{ - "Country":{ - "shape":"Country", - "documentation":"

The country.

" - }, - "AreaCode":{ - "shape":"AreaCode", - "documentation":"

The area code.

" - } - }, - "documentation":"

The country and area code for a proxy phone number in a proxy phone session.

" - }, "GetAccountRequest":{ "type":"structure", "required":["AccountId"], @@ -7641,82 +2161,6 @@ } } }, - "GetAppInstanceRetentionSettingsRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "GetAppInstanceRetentionSettingsResponse":{ - "type":"structure", - "members":{ - "AppInstanceRetentionSettings":{ - "shape":"AppInstanceRetentionSettings", - "documentation":"

The retention settings for the AppInstance.

" - }, - "InitiateDeletionTimestamp":{ - "shape":"Timestamp", - "documentation":"

The timestamp representing the time at which the specified items are retained, in Epoch Seconds.

" - } - } - }, - "GetAppInstanceStreamingConfigurationsRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - } - } - }, - "GetAppInstanceStreamingConfigurationsResponse":{ - "type":"structure", - "members":{ - "AppInstanceStreamingConfigurations":{ - "shape":"AppInstanceStreamingConfigurationList", - "documentation":"

The streaming settings.

" - } - } - }, - "GetAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "AttendeeId" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

", - "location":"uri", - "locationName":"attendeeId" - } - } - }, - "GetAttendeeResponse":{ - "type":"structure", - "members":{ - "Attendee":{ - "shape":"Attendee", - "documentation":"

The Amazon Chime SDK attendee information.

" - } - } - }, "GetBotRequest":{ "type":"structure", "required":[ @@ -7747,42 +2191,6 @@ } } }, - "GetChannelMessageRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MessageId" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of the message.

", - "location":"uri", - "locationName":"messageId" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "GetChannelMessageResponse":{ - "type":"structure", - "members":{ - "ChannelMessage":{ - "shape":"ChannelMessage", - "documentation":"

The details of and content in the message.

" - } - } - }, "GetEventsConfigurationRequest":{ "type":"structure", "required":[ @@ -7826,62 +2234,6 @@ } } }, - "GetMediaCapturePipelineRequest":{ - "type":"structure", - "required":["MediaPipelineId"], - "members":{ - "MediaPipelineId":{ - "shape":"GuidString", - "documentation":"

The ID of the pipeline that you want to get.

", - "location":"uri", - "locationName":"mediaPipelineId" - } - } - }, - "GetMediaCapturePipelineResponse":{ - "type":"structure", - "members":{ - "MediaCapturePipeline":{ - "shape":"MediaCapturePipeline", - "documentation":"

The media capture pipeline object.

" - } - } - }, - "GetMeetingRequest":{ - "type":"structure", - "required":["MeetingId"], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - } - } - }, - "GetMeetingResponse":{ - "type":"structure", - "members":{ - "Meeting":{ - "shape":"Meeting", - "documentation":"

The Amazon Chime SDK meeting information.

" - } - } - }, - "GetMessagingSessionEndpointRequest":{ - "type":"structure", - "members":{ - } - }, - "GetMessagingSessionEndpointResponse":{ - "type":"structure", - "members":{ - "Endpoint":{ - "shape":"MessagingSessionEndpoint", - "documentation":"

The endpoint returned in the response.

" - } - } - }, "GetPhoneNumberOrderRequest":{ "type":"structure", "required":["PhoneNumberOrderId"], @@ -7937,36 +2289,6 @@ } } }, - "GetProxySessionRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "ProxySessionId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "ProxySessionId":{ - "shape":"NonEmptyString128", - "documentation":"

The proxy session ID.

", - "location":"uri", - "locationName":"proxySessionId" - } - } - }, - "GetProxySessionResponse":{ - "type":"structure", - "members":{ - "ProxySession":{ - "shape":"ProxySession", - "documentation":"

The proxy session details.

" - } - } - }, "GetRetentionSettingsRequest":{ "type":"structure", "required":["AccountId"], @@ -8022,69 +2344,6 @@ } } }, - "GetSipMediaApplicationLoggingConfigurationRequest":{ - "type":"structure", - "required":["SipMediaApplicationId"], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - } - } - }, - "GetSipMediaApplicationLoggingConfigurationResponse":{ - "type":"structure", - "members":{ - "SipMediaApplicationLoggingConfiguration":{ - "shape":"SipMediaApplicationLoggingConfiguration", - "documentation":"

The actual logging configuration.

" - } - } - }, - "GetSipMediaApplicationRequest":{ - "type":"structure", - "required":["SipMediaApplicationId"], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - } - } - }, - "GetSipMediaApplicationResponse":{ - "type":"structure", - "members":{ - "SipMediaApplication":{ - "shape":"SipMediaApplication", - "documentation":"

The SIP media application details.

" - } - } - }, - "GetSipRuleRequest":{ - "type":"structure", - "required":["SipRuleId"], - "members":{ - "SipRuleId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP rule ID.

", - "location":"uri", - "locationName":"sipRuleId" - } - } - }, - "GetSipRuleResponse":{ - "type":"structure", - "members":{ - "SipRule":{ - "shape":"SipRule", - "documentation":"

The SIP rule details.

" - } - } - }, "GetUserRequest":{ "type":"structure", "required":[ @@ -8145,214 +2404,10 @@ } } }, - "GetVoiceConnectorEmergencyCallingConfigurationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorEmergencyCallingConfigurationResponse":{ - "type":"structure", - "members":{ - "EmergencyCallingConfiguration":{ - "shape":"EmergencyCallingConfiguration", - "documentation":"

The emergency calling configuration details.

" - } - } - }, - "GetVoiceConnectorGroupRequest":{ - "type":"structure", - "required":["VoiceConnectorGroupId"], - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

", - "location":"uri", - "locationName":"voiceConnectorGroupId" - } - } - }, - "GetVoiceConnectorGroupResponse":{ - "type":"structure", - "members":{ - "VoiceConnectorGroup":{ - "shape":"VoiceConnectorGroup", - "documentation":"

The Amazon Chime Voice Connector group details.

" - } - } - }, - "GetVoiceConnectorLoggingConfigurationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorLoggingConfigurationResponse":{ - "type":"structure", - "members":{ - "LoggingConfiguration":{ - "shape":"LoggingConfiguration", - "documentation":"

The logging configuration details.

" - } - } - }, - "GetVoiceConnectorOriginationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorOriginationResponse":{ - "type":"structure", - "members":{ - "Origination":{ - "shape":"Origination", - "documentation":"

The origination setting details.

" - } - } - }, - "GetVoiceConnectorProxyRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorProxyResponse":{ - "type":"structure", - "members":{ - "Proxy":{ - "shape":"Proxy", - "documentation":"

The proxy configuration details.

" - } - } - }, - "GetVoiceConnectorRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorResponse":{ - "type":"structure", - "members":{ - "VoiceConnector":{ - "shape":"VoiceConnector", - "documentation":"

The Amazon Chime Voice Connector details.

" - } - } - }, - "GetVoiceConnectorStreamingConfigurationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorStreamingConfigurationResponse":{ - "type":"structure", - "members":{ - "StreamingConfiguration":{ - "shape":"StreamingConfiguration", - "documentation":"

The streaming configuration details.

" - } - } - }, - "GetVoiceConnectorTerminationHealthRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorTerminationHealthResponse":{ - "type":"structure", - "members":{ - "TerminationHealth":{ - "shape":"TerminationHealth", - "documentation":"

The termination health details.

" - } - } - }, - "GetVoiceConnectorTerminationRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "GetVoiceConnectorTerminationResponse":{ - "type":"structure", - "members":{ - "Termination":{ - "shape":"Termination", - "documentation":"

The termination setting details.

" - } - } - }, "GuidString":{ "type":"string", "pattern":"[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}" }, - "Identity":{ - "type":"structure", - "members":{ - "Arn":{ - "shape":"ChimeArn", - "documentation":"

The ARN in an Identity.

" - }, - "Name":{ - "shape":"ResourceName", - "documentation":"

The name in an Identity.

" - } - }, - "documentation":"

The details of a user.

" - }, - "Integer":{"type":"integer"}, "Invite":{ "type":"structure", "members":{ @@ -8485,185 +2540,6 @@ } } }, - "ListAppInstanceAdminsRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of administrators that you want to return.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of administrators is reached.

", - "location":"querystring", - "locationName":"next-token" - } - } - }, - "ListAppInstanceAdminsResponse":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

" - }, - "AppInstanceAdmins":{ - "shape":"AppInstanceAdminList", - "documentation":"

The information for each administrator.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of administrators is reached.

" - } - } - }, - "ListAppInstanceUsersRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"querystring", - "locationName":"app-instance-arn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of requests that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested users are returned.

", - "location":"querystring", - "locationName":"next-token" - } - } - }, - "ListAppInstanceUsersResponse":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

" - }, - "AppInstanceUsers":{ - "shape":"AppInstanceUserList", - "documentation":"

The information for each requested AppInstanceUser.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested users are returned.

" - } - } - }, - "ListAppInstancesRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of AppInstances that you want to return.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API requests until you reach the maximum number of AppInstances.

", - "location":"querystring", - "locationName":"next-token" - } - } - }, - "ListAppInstancesResponse":{ - "type":"structure", - "members":{ - "AppInstances":{ - "shape":"AppInstanceList", - "documentation":"

The information for each AppInstance.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API requests until the maximum number of AppInstances is reached.

" - } - } - }, - "ListAttendeeTagsRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "AttendeeId" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

", - "location":"uri", - "locationName":"attendeeId" - } - } - }, - "ListAttendeeTagsResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagList", - "documentation":"

A list of tag key-value pairs.

" - } - } - }, - "ListAttendeesRequest":{ - "type":"structure", - "required":["MeetingId"], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListAttendeesResponse":{ - "type":"structure", - "members":{ - "Attendees":{ - "shape":"AttendeeList", - "documentation":"

The Amazon Chime SDK attendee information.

" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, "ListBotsRequest":{ "type":"structure", "required":["AccountId"], @@ -8701,432 +2577,6 @@ } } }, - "ListChannelBansRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of bans that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested bans are returned.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelBansResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested bans are returned.

" - }, - "ChannelBans":{ - "shape":"ChannelBanSummaryList", - "documentation":"

The information for each requested ban.

" - } - } - }, - "ListChannelMembershipsForAppInstanceUserRequest":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUsers

", - "location":"querystring", - "locationName":"app-instance-user-arn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of users that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of channel memberships is reached.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelMembershipsForAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "ChannelMemberships":{ - "shape":"ChannelMembershipForAppInstanceUserSummaryList", - "documentation":"

The information for the requested channel memberships.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested users are returned.

" - } - } - }, - "ListChannelMembershipsRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The maximum number of channel memberships that you want returned.

", - "location":"uri", - "locationName":"channelArn" - }, - "Type":{ - "shape":"ChannelMembershipType", - "documentation":"

The membership type of a user, DEFAULT or HIDDEN. Default members are always returned as part of ListChannelMemberships. Hidden members are only returned if the type filter in ListChannelMemberships equals HIDDEN. Otherwise hidden members are not returned.

", - "location":"querystring", - "locationName":"type" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of channel memberships that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested channel memberships are returned.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelMembershipsResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "ChannelMemberships":{ - "shape":"ChannelMembershipSummaryList", - "documentation":"

The information for the requested channel memberships.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested channel memberships are returned.

" - } - } - }, - "ListChannelMessagesRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "SortOrder":{ - "shape":"SortOrder", - "documentation":"

The order in which you want messages sorted. Default is Descending, based on time created.

", - "location":"querystring", - "locationName":"sort-order" - }, - "NotBefore":{ - "shape":"Timestamp", - "documentation":"

The initial or starting time stamp for your requested messages.

", - "location":"querystring", - "locationName":"not-before" - }, - "NotAfter":{ - "shape":"Timestamp", - "documentation":"

The final or ending time stamp for your requested messages.

", - "location":"querystring", - "locationName":"not-after" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of messages that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested messages are returned.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelMessagesResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel containing the requested messages.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested messages are returned.

" - }, - "ChannelMessages":{ - "shape":"ChannelMessageSummaryList", - "documentation":"

The information about, and content of, each requested message.

" - } - } - }, - "ListChannelModeratorsRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of moderators that you want returned.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested moderators are returned.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelModeratorsResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested moderators are returned.

" - }, - "ChannelModerators":{ - "shape":"ChannelModeratorSummaryList", - "documentation":"

The information about and names of each moderator.

" - } - } - }, - "ListChannelsModeratedByAppInstanceUserRequest":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the user in the moderated channel.

", - "location":"querystring", - "locationName":"app-instance-user-arn" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of channels in the request.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of channels moderated by the user is reached.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelsModeratedByAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "Channels":{ - "shape":"ChannelModeratedByAppInstanceUserSummaryList", - "documentation":"

The moderated channels in the request.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of channels moderated by the user is reached.

" - } - } - }, - "ListChannelsRequest":{ - "type":"structure", - "required":["AppInstanceArn"], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"querystring", - "locationName":"app-instance-arn" - }, - "Privacy":{ - "shape":"ChannelPrivacy", - "documentation":"

The privacy setting. PUBLIC retrieves all the public channels. PRIVATE retrieves private channels. Only an AppInstanceAdmin can retrieve private channels.

", - "location":"querystring", - "locationName":"privacy" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

The maximum number of channels that you want to return.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token passed by previous API calls until all requested channels are returned.

", - "location":"querystring", - "locationName":"next-token" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "ListChannelsResponse":{ - "type":"structure", - "members":{ - "Channels":{ - "shape":"ChannelSummaryList", - "documentation":"

The information about each channel.

" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

The token returned from previous API requests until the number of channels is reached.

" - } - } - }, - "ListMediaCapturePipelinesRequest":{ - "type":"structure", - "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

The token used to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call. Valid Range: 1 - 99.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListMediaCapturePipelinesResponse":{ - "type":"structure", - "members":{ - "MediaCapturePipelines":{ - "shape":"MediaCapturePipelineList", - "documentation":"

The media capture pipeline objects in the list.

" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token used to retrieve the next page of results.

" - } - } - }, - "ListMeetingTagsRequest":{ - "type":"structure", - "required":["MeetingId"], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - } - } - }, - "ListMeetingTagsResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagList", - "documentation":"

A list of tag key-value pairs.

" - } - } - }, - "ListMeetingsRequest":{ - "type":"structure", - "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListMeetingsResponse":{ - "type":"structure", - "members":{ - "Meetings":{ - "shape":"MeetingList", - "documentation":"

The Amazon Chime SDK meeting information.

" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, "ListPhoneNumberOrdersRequest":{ "type":"structure", "members":{ @@ -9211,49 +2661,6 @@ } } }, - "ListProxySessionsRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Status":{ - "shape":"ProxySessionStatus", - "documentation":"

The proxy session status.

", - "location":"querystring", - "locationName":"status" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListProxySessionsResponse":{ - "type":"structure", - "members":{ - "ProxySessions":{ - "shape":"ProxySessions", - "documentation":"

The proxy session details.

" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, "ListRoomMembershipsRequest":{ "type":"structure", "required":[ @@ -9343,72 +2750,6 @@ } } }, - "ListSipMediaApplicationsRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call. Defaults to 100.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - } - } - }, - "ListSipMediaApplicationsResponse":{ - "type":"structure", - "members":{ - "SipMediaApplications":{ - "shape":"SipMediaApplicationList", - "documentation":"

List of SIP media applications and application details.

" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, - "ListSipRulesRequest":{ - "type":"structure", - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"querystring", - "locationName":"sip-media-application" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call. Defaults to 100.

", - "location":"querystring", - "locationName":"max-results" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - } - } - }, - "ListSipRulesResponse":{ - "type":"structure", - "members":{ - "SipRules":{ - "shape":"SipRuleList", - "documentation":"

List of SIP rules and rule details.

" - }, - "NextToken":{ - "shape":"NextTokenString", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, "ListSupportedPhoneNumberCountriesRequest":{ "type":"structure", "required":["ProductType"], @@ -9430,27 +2771,6 @@ } } }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["ResourceARN"], - "members":{ - "ResourceARN":{ - "shape":"Arn", - "documentation":"

The resource ARN.

", - "location":"querystring", - "locationName":"arn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagList", - "documentation":"

A list of tag-key value pairs.

" - } - } - }, "ListUsersRequest":{ "type":"structure", "required":["AccountId"], @@ -9500,101 +2820,6 @@ } } }, - "ListVoiceConnectorGroupsRequest":{ - "type":"structure", - "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListVoiceConnectorGroupsResponse":{ - "type":"structure", - "members":{ - "VoiceConnectorGroups":{ - "shape":"VoiceConnectorGroupList", - "documentation":"

The details of the Amazon Chime Voice Connector groups.

" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, - "ListVoiceConnectorTerminationCredentialsRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - } - } - }, - "ListVoiceConnectorTerminationCredentialsResponse":{ - "type":"structure", - "members":{ - "Usernames":{ - "shape":"SensitiveStringList", - "documentation":"

A list of user names.

" - } - } - }, - "ListVoiceConnectorsRequest":{ - "type":"structure", - "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

", - "location":"querystring", - "locationName":"next-token" - }, - "MaxResults":{ - "shape":"ResultMax", - "documentation":"

The maximum number of results to return in a single call.

", - "location":"querystring", - "locationName":"max-results" - } - } - }, - "ListVoiceConnectorsResponse":{ - "type":"structure", - "members":{ - "VoiceConnectors":{ - "shape":"VoiceConnectorList", - "documentation":"

The details of the Amazon Chime Voice Connectors.

" - }, - "NextToken":{ - "shape":"String", - "documentation":"

The token to use to retrieve the next page of results.

" - } - } - }, - "LoggingConfiguration":{ - "type":"structure", - "members":{ - "EnableSIPLogs":{ - "shape":"Boolean", - "documentation":"

Boolean that enables SIP message logs to Amazon CloudWatch logs.

" - }, - "EnableMediaMetricLogs":{ - "shape":"Boolean", - "documentation":"

Boolean that enables logging of detailed media metrics for Voice Connectors to Amazon CloudWatch logs.

" - } - }, - "documentation":"

The logging configuration associated with an Amazon Chime Voice Connector. Specifies whether SIP message logs are enabled for sending to Amazon CloudWatch Logs.

" - }, "LogoutUserRequest":{ "type":"structure", "required":[ @@ -9618,167 +2843,7 @@ }, "LogoutUserResponse":{ "type":"structure", - "members":{ - } - }, - "MaxResults":{ - "type":"integer", - "max":50, - "min":1 - }, - "MediaCapturePipeline":{ - "type":"structure", - "members":{ - "MediaPipelineId":{ - "shape":"GuidString", - "documentation":"

The ID of a media capture pipeline.

" - }, - "SourceType":{ - "shape":"MediaPipelineSourceType", - "documentation":"

Source type from which media artifacts are saved. You must use ChimeMeeting.

" - }, - "SourceArn":{ - "shape":"Arn", - "documentation":"

ARN of the source from which the media artifacts will be saved.

" - }, - "Status":{ - "shape":"MediaPipelineStatus", - "documentation":"

The status of the media capture pipeline.

" - }, - "SinkType":{ - "shape":"MediaPipelineSinkType", - "documentation":"

Destination type to which the media artifacts are saved. You must use an S3 Bucket.

" - }, - "SinkArn":{ - "shape":"Arn", - "documentation":"

ARN of the destination to which the media artifacts are saved.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The time at which the capture pipeline was created, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The time at which the capture pipeline was updated, in ISO 8601 format.

" - }, - "ChimeSdkMeetingConfiguration":{ - "shape":"ChimeSdkMeetingConfiguration", - "documentation":"

The configuration for a specified media capture pipeline. SourceType must be ChimeSdkMeeting.

" - } - }, - "documentation":"

A media capture pipeline object consisting of an ID, source type, source ARN, a sink type, a sink ARN, and a configuration object.

" - }, - "MediaCapturePipelineList":{ - "type":"list", - "member":{"shape":"MediaCapturePipeline"} - }, - "MediaPipelineSinkType":{ - "type":"string", - "enum":["S3Bucket"] - }, - "MediaPipelineSourceType":{ - "type":"string", - "enum":["ChimeSdkMeeting"] - }, - "MediaPipelineStatus":{ - "type":"string", - "enum":[ - "Initializing", - "InProgress", - "Failed", - "Stopping", - "Stopped" - ] - }, - "MediaPlacement":{ - "type":"structure", - "members":{ - "AudioHostUrl":{ - "shape":"UriType", - "documentation":"

The audio host URL.

" - }, - "AudioFallbackUrl":{ - "shape":"UriType", - "documentation":"

The audio fallback URL.

" - }, - "ScreenDataUrl":{ - "shape":"UriType", - "documentation":"

The screen data URL.

This parameter is is no longer supported and no longer used by the Amazon Chime SDK.

" - }, - "ScreenSharingUrl":{ - "shape":"UriType", - "documentation":"

The screen sharing URL.

This parameter is is no longer supported and no longer used by the Amazon Chime SDK..

" - }, - "ScreenViewingUrl":{ - "shape":"UriType", - "documentation":"

The screen viewing URL.

This parameter is is no longer supported and no longer used by the Amazon Chime SDK.

" - }, - "SignalingUrl":{ - "shape":"UriType", - "documentation":"

The signaling URL.

" - }, - "TurnControlUrl":{ - "shape":"UriType", - "documentation":"

The turn control URL.

This parameter is is no longer supported and no longer used by the Amazon Chime SDK.

" - }, - "EventIngestionUrl":{ - "shape":"UriType", - "documentation":"

The event ingestion URL to which you send client meeting events.

" - } - }, - "documentation":"

A set of endpoints used by clients to connect to the media service group for an Amazon Chime SDK meeting.

" - }, - "Meeting":{ - "type":"structure", - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

" - }, - "ExternalMeetingId":{ - "shape":"ExternalMeetingIdType", - "documentation":"

The external meeting ID.

" - }, - "MediaPlacement":{ - "shape":"MediaPlacement", - "documentation":"

The media placement for the meeting.

" - }, - "MediaRegion":{ - "shape":"String", - "documentation":"

The Region in which you create the meeting. Available values: af-south-1, ap-northeast-1, ap-northeast-2, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, sa-east-1, us-east-1, us-east-2, us-west-1, us-west-2.

" - } - }, - "documentation":"

A meeting created using the Amazon Chime SDK.

" - }, - "MeetingList":{ - "type":"list", - "member":{"shape":"Meeting"} - }, - "MeetingNotificationConfiguration":{ - "type":"structure", - "members":{ - "SnsTopicArn":{ - "shape":"Arn", - "documentation":"

The SNS topic ARN.

" - }, - "SqsQueueArn":{ - "shape":"Arn", - "documentation":"

The SQS queue ARN.

" - } - }, - "documentation":"

The resource target configurations for receiving Amazon Chime SDK meeting and attendee event notifications. The Amazon Chime SDK supports resource targets located in the US East (N. Virginia) AWS Region (us-east-1).

" - }, - "MeetingTagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":50, - "min":1 - }, - "MeetingTagList":{ - "type":"list", - "member":{"shape":"Tag"}, - "max":50, - "min":1 + "members":{} }, "Member":{ "type":"structure", @@ -9806,12 +2871,6 @@ }, "documentation":"

The member details, such as email address, name, member ID, and member type.

" }, - "MemberArns":{ - "type":"list", - "member":{"shape":"ChimeArn"}, - "max":100, - "min":1 - }, "MemberError":{ "type":"structure", "members":{ @@ -9842,10 +2901,6 @@ "Webhook" ] }, - "Members":{ - "type":"list", - "member":{"shape":"Identity"} - }, "MembershipItem":{ "type":"structure", "members":{ @@ -9865,69 +2920,15 @@ "member":{"shape":"MembershipItem"}, "max":50 }, - "MessageId":{ - "type":"string", - "max":128, - "min":1, - "pattern":"[-_a-zA-Z0-9]*" - }, - "MessagingSessionEndpoint":{ - "type":"structure", - "members":{ - "Url":{ - "shape":"UrlType", - "documentation":"

The endpoint to which you establish a websocket connection.

" - } - }, - "documentation":"

The websocket endpoint used to connect to Amazon Chime SDK messaging.

" - }, - "Metadata":{ - "type":"string", - "max":1024, - "min":0, - "pattern":".*", - "sensitive":true - }, - "NextToken":{ - "type":"string", - "max":2048, - "min":0, - "pattern":".*", - "sensitive":true - }, - "NextTokenString":{ - "type":"string", - "max":65535 - }, - "NonEmptyContent":{ - "type":"string", - "min":1, - "pattern":"[\\s\\S]*", - "sensitive":true - }, - "NonEmptyResourceName":{ - "type":"string", - "max":256, - "min":1, - "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u0085\\u00A0-\\uD7FF\\uE000-\\uFFFD\\u10000-\\u10FFFF]*", - "sensitive":true - }, "NonEmptyString":{ "type":"string", "pattern":".*\\S.*" }, - "NonEmptyString128":{ - "type":"string", - "max":128, - "min":1, - "pattern":".*\\S.*" - }, "NonEmptyStringList":{ "type":"list", "member":{"shape":"String"}, "min":1 }, - "NonNullableBoolean":{"type":"boolean"}, "NotFoundException":{ "type":"structure", "members":{ @@ -9938,22 +2939,7 @@ "error":{"httpStatusCode":404}, "exception":true }, - "NotificationTarget":{ - "type":"string", - "enum":[ - "EventBridge", - "SNS", - "SQS" - ] - }, "NullableBoolean":{"type":"boolean"}, - "NumberSelectionBehavior":{ - "type":"string", - "enum":[ - "PreferSticky", - "AvoidSticky" - ] - }, "OrderedPhoneNumber":{ "type":"structure", "members":{ @@ -9980,91 +2966,6 @@ "Failed" ] }, - "Origination":{ - "type":"structure", - "members":{ - "Routes":{ - "shape":"OriginationRouteList", - "documentation":"

The call distribution properties defined for your SIP hosts. Valid range: Minimum value of 1. Maximum value of 20. This parameter is not required, but you must specify this parameter or Disabled.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

When origination settings are disabled, inbound calls are not enabled for your Amazon Chime Voice Connector. This parameter is not required, but you must specify this parameter or Routes.

" - } - }, - "documentation":"

Origination settings enable your SIP hosts to receive inbound calls using your Amazon Chime Voice Connector.

The parameters listed below are not required, but you must use at least one.

" - }, - "OriginationRoute":{ - "type":"structure", - "members":{ - "Host":{ - "shape":"String", - "documentation":"

The FQDN or IP address to contact for origination traffic.

" - }, - "Port":{ - "shape":"Port", - "documentation":"

The designated origination route port. Defaults to 5060.

" - }, - "Protocol":{ - "shape":"OriginationRouteProtocol", - "documentation":"

The protocol to use for the origination route. Encryption-enabled Amazon Chime Voice Connectors use TCP protocol by default.

" - }, - "Priority":{ - "shape":"OriginationRoutePriority", - "documentation":"

The priority associated with the host, with 1 being the highest priority. Higher priority hosts are attempted first.

" - }, - "Weight":{ - "shape":"OriginationRouteWeight", - "documentation":"

The weight associated with the host. If hosts are equal in priority, calls are redistributed among them based on their relative weight.

" - } - }, - "documentation":"

Origination routes define call distribution properties for your SIP hosts to receive inbound calls using your Amazon Chime Voice Connector. Limit: Ten origination routes for each Amazon Chime Voice Connector.

The parameters listed below are not required, but you must use at least one.

" - }, - "OriginationRouteList":{ - "type":"list", - "member":{"shape":"OriginationRoute"} - }, - "OriginationRoutePriority":{ - "type":"integer", - "max":100, - "min":1 - }, - "OriginationRouteProtocol":{ - "type":"string", - "enum":[ - "TCP", - "UDP" - ] - }, - "OriginationRouteWeight":{ - "type":"integer", - "max":100, - "min":1 - }, - "Participant":{ - "type":"structure", - "members":{ - "PhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The participant's phone number.

" - }, - "ProxyPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The participant's proxy phone number.

" - } - }, - "documentation":"

The phone number and proxy phone number for a participant in an Amazon Chime Voice Connector proxy session.

" - }, - "ParticipantPhoneNumberList":{ - "type":"list", - "member":{"shape":"E164PhoneNumber"}, - "max":2, - "min":2 - }, - "Participants":{ - "type":"list", - "member":{"shape":"Participant"} - }, "PhoneNumber":{ "type":"structure", "members":{ @@ -10309,177 +3210,11 @@ "type":"list", "member":{"shape":"PhoneNumberType"} }, - "Port":{ - "type":"integer", - "max":65535, - "min":0 - }, - "PositiveInteger":{ - "type":"integer", - "min":1 - }, "ProfileServiceMaxResults":{ "type":"integer", "max":200, "min":1 }, - "Proxy":{ - "type":"structure", - "members":{ - "DefaultSessionExpiryMinutes":{ - "shape":"Integer", - "documentation":"

The default number of minutes allowed for proxy sessions.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

When true, stops proxy sessions from being created on the specified Amazon Chime Voice Connector.

" - }, - "FallBackPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The phone number to route calls to after a proxy session expires.

" - }, - "PhoneNumberCountries":{ - "shape":"StringList", - "documentation":"

The countries for proxy phone numbers to be selected from.

" - } - }, - "documentation":"

The proxy configuration for an Amazon Chime Voice Connector.

" - }, - "ProxySession":{ - "type":"structure", - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

" - }, - "ProxySessionId":{ - "shape":"NonEmptyString128", - "documentation":"

The proxy session ID.

" - }, - "Name":{ - "shape":"String128", - "documentation":"

The name of the proxy session.

" - }, - "Status":{ - "shape":"ProxySessionStatus", - "documentation":"

The status of the proxy session.

" - }, - "ExpiryMinutes":{ - "shape":"PositiveInteger", - "documentation":"

The number of minutes allowed for the proxy session.

" - }, - "Capabilities":{ - "shape":"CapabilityList", - "documentation":"

The proxy session capabilities.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The created time stamp, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The updated time stamp, in ISO 8601 format.

" - }, - "EndedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The ended time stamp, in ISO 8601 format.

" - }, - "Participants":{ - "shape":"Participants", - "documentation":"

The proxy session participants.

" - }, - "NumberSelectionBehavior":{ - "shape":"NumberSelectionBehavior", - "documentation":"

The preference for proxy phone number reuse, or stickiness, between the same participants across sessions.

" - }, - "GeoMatchLevel":{ - "shape":"GeoMatchLevel", - "documentation":"

The preference for matching the country or area code of the proxy phone number with that of the first participant.

" - }, - "GeoMatchParams":{ - "shape":"GeoMatchParams", - "documentation":"

The country and area code for the proxy phone number.

" - } - }, - "documentation":"

The proxy session for an Amazon Chime Voice Connector.

" - }, - "ProxySessionNameString":{ - "type":"string", - "pattern":"^$|^[a-zA-Z0-9 ]{0,30}$", - "sensitive":true - }, - "ProxySessionStatus":{ - "type":"string", - "enum":[ - "Open", - "InProgress", - "Closed" - ] - }, - "ProxySessions":{ - "type":"list", - "member":{"shape":"ProxySession"} - }, - "PutAppInstanceRetentionSettingsRequest":{ - "type":"structure", - "required":[ - "AppInstanceArn", - "AppInstanceRetentionSettings" - ], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - }, - "AppInstanceRetentionSettings":{ - "shape":"AppInstanceRetentionSettings", - "documentation":"

The time in days to retain data. Data type: number.

" - } - } - }, - "PutAppInstanceRetentionSettingsResponse":{ - "type":"structure", - "members":{ - "AppInstanceRetentionSettings":{ - "shape":"AppInstanceRetentionSettings", - "documentation":"

The time in days to retain data. Data type: number.

" - }, - "InitiateDeletionTimestamp":{ - "shape":"Timestamp", - "documentation":"

The time at which the API deletes data.

" - } - } - }, - "PutAppInstanceStreamingConfigurationsRequest":{ - "type":"structure", - "required":[ - "AppInstanceArn", - "AppInstanceStreamingConfigurations" - ], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - }, - "AppInstanceStreamingConfigurations":{ - "shape":"AppInstanceStreamingConfigurationList", - "documentation":"

The streaming configurations set for an AppInstance.

" - } - } - }, - "PutAppInstanceStreamingConfigurationsResponse":{ - "type":"structure", - "members":{ - "AppInstanceStreamingConfigurations":{ - "shape":"AppInstanceStreamingConfigurationList", - "documentation":"

The streaming configurations of an AppInstance.

" - } - } - }, "PutEventsConfigurationRequest":{ "type":"structure", "required":[ @@ -10550,268 +3285,6 @@ } } }, - "PutSipMediaApplicationLoggingConfigurationRequest":{ - "type":"structure", - "required":["SipMediaApplicationId"], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - }, - "SipMediaApplicationLoggingConfiguration":{ - "shape":"SipMediaApplicationLoggingConfiguration", - "documentation":"

The actual logging configuration.

" - } - } - }, - "PutSipMediaApplicationLoggingConfigurationResponse":{ - "type":"structure", - "members":{ - "SipMediaApplicationLoggingConfiguration":{ - "shape":"SipMediaApplicationLoggingConfiguration", - "documentation":"

The logging configuration of the SIP media application.

" - } - } - }, - "PutVoiceConnectorEmergencyCallingConfigurationRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "EmergencyCallingConfiguration" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "EmergencyCallingConfiguration":{ - "shape":"EmergencyCallingConfiguration", - "documentation":"

The emergency calling configuration details.

" - } - } - }, - "PutVoiceConnectorEmergencyCallingConfigurationResponse":{ - "type":"structure", - "members":{ - "EmergencyCallingConfiguration":{ - "shape":"EmergencyCallingConfiguration", - "documentation":"

The emergency calling configuration details.

" - } - } - }, - "PutVoiceConnectorLoggingConfigurationRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "LoggingConfiguration" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "LoggingConfiguration":{ - "shape":"LoggingConfiguration", - "documentation":"

The logging configuration details to add.

" - } - } - }, - "PutVoiceConnectorLoggingConfigurationResponse":{ - "type":"structure", - "members":{ - "LoggingConfiguration":{ - "shape":"LoggingConfiguration", - "documentation":"

The updated logging configuration details.

" - } - } - }, - "PutVoiceConnectorOriginationRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "Origination" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Origination":{ - "shape":"Origination", - "documentation":"

The origination setting details to add.

" - } - } - }, - "PutVoiceConnectorOriginationResponse":{ - "type":"structure", - "members":{ - "Origination":{ - "shape":"Origination", - "documentation":"

The updated origination setting details.

" - } - } - }, - "PutVoiceConnectorProxyRequest":{ - "type":"structure", - "required":[ - "DefaultSessionExpiryMinutes", - "PhoneNumberPoolCountries", - "VoiceConnectorId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "DefaultSessionExpiryMinutes":{ - "shape":"Integer", - "documentation":"

The default number of minutes allowed for proxy sessions.

" - }, - "PhoneNumberPoolCountries":{ - "shape":"CountryList", - "documentation":"

The countries for proxy phone numbers to be selected from.

" - }, - "FallBackPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The phone number to route calls to after a proxy session expires.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

When true, stops proxy sessions from being created on the specified Amazon Chime Voice Connector.

" - } - } - }, - "PutVoiceConnectorProxyResponse":{ - "type":"structure", - "members":{ - "Proxy":{ - "shape":"Proxy", - "documentation":"

The proxy configuration details.

" - } - } - }, - "PutVoiceConnectorStreamingConfigurationRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "StreamingConfiguration" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "StreamingConfiguration":{ - "shape":"StreamingConfiguration", - "documentation":"

The streaming configuration details to add.

" - } - } - }, - "PutVoiceConnectorStreamingConfigurationResponse":{ - "type":"structure", - "members":{ - "StreamingConfiguration":{ - "shape":"StreamingConfiguration", - "documentation":"

The updated streaming configuration details.

" - } - } - }, - "PutVoiceConnectorTerminationCredentialsRequest":{ - "type":"structure", - "required":["VoiceConnectorId"], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Credentials":{ - "shape":"CredentialList", - "documentation":"

The termination SIP credentials.

" - } - } - }, - "PutVoiceConnectorTerminationRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "Termination" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Termination":{ - "shape":"Termination", - "documentation":"

The termination setting details to add.

" - } - } - }, - "PutVoiceConnectorTerminationResponse":{ - "type":"structure", - "members":{ - "Termination":{ - "shape":"Termination", - "documentation":"

The updated termination setting details.

" - } - } - }, - "RedactChannelMessageRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MessageId" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel containing the messages that you want to redact.

", - "location":"uri", - "locationName":"channelArn" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of the message being redacted.

", - "location":"uri", - "locationName":"messageId" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "RedactChannelMessageResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel containing the messages that you want to redact.

" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID of the message being redacted.

" - } - } - }, "RedactConversationMessageRequest":{ "type":"structure", "required":[ @@ -10842,8 +3315,7 @@ }, "RedactConversationMessageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RedactRoomMessageRequest":{ "type":"structure", @@ -10875,8 +3347,7 @@ }, "RedactRoomMessageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RegenerateSecurityTokenRequest":{ "type":"structure", @@ -10956,13 +3427,6 @@ "error":{"httpStatusCode":400}, "exception":true }, - "ResourceName":{ - "type":"string", - "max":256, - "min":0, - "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u0085\\u00A0-\\uD7FF\\uE000-\\uFFFD\\u10000-\\u10FFFF]*", - "sensitive":true - }, "RestorePhoneNumberRequest":{ "type":"structure", "required":["PhoneNumberId"], @@ -11089,13 +3553,6 @@ }, "documentation":"

The retention settings that determine how long to retain chat-room messages for an Amazon Chime Enterprise account.

" }, - "SMAUpdateCallArgumentsMap":{ - "type":"map", - "key":{"shape":"SensitiveString"}, - "value":{"shape":"SensitiveString"}, - "max":20, - "min":0 - }, "SearchAvailablePhoneNumbersRequest":{ "type":"structure", "members":{ @@ -11162,91 +3619,10 @@ } } }, - "SelectedVideoStreams":{ - "type":"structure", - "members":{ - "AttendeeIds":{ - "shape":"AttendeeIdList", - "documentation":"

The attendee IDs of the streams selected for a media capture pipeline.

" - }, - "ExternalUserIds":{ - "shape":"ExternalUserIdList", - "documentation":"

The external user IDs of the streams selected for a media capture pipeline.

" - } - }, - "documentation":"

The video streams to capture for a specified media capture pipeline. The total number of video streams can't exceed 25.

" - }, - "SendChannelMessageRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "Content", - "Type", - "Persistence", - "ClientRequestToken" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "Content":{ - "shape":"NonEmptyContent", - "documentation":"

The content of the message.

" - }, - "Type":{ - "shape":"ChannelMessageType", - "documentation":"

The type of message, STANDARD or CONTROL.

" - }, - "Persistence":{ - "shape":"ChannelMessagePersistenceType", - "documentation":"

Boolean that controls whether the message is persisted on the back end. Required.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The optional metadata for each message.

" - }, - "ClientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

The Idempotency token for each client request.

", - "idempotencyToken":true - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "SendChannelMessageResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID string assigned to each message.

" - } - } - }, - "SensitiveNonEmptyString":{ - "type":"string", - "pattern":".*\\S.*", - "sensitive":true - }, "SensitiveString":{ "type":"string", "sensitive":true }, - "SensitiveStringList":{ - "type":"list", - "member":{"shape":"SensitiveString"} - }, "ServiceFailureException":{ "type":"structure", "members":{ @@ -11283,377 +3659,7 @@ "type":"list", "member":{"shape":"SigninDelegateGroup"} }, - "SipApplicationPriority":{ - "type":"integer", - "min":1 - }, - "SipHeadersMap":{ - "type":"map", - "key":{"shape":"SensitiveString"}, - "value":{"shape":"SensitiveString"}, - "max":20, - "min":0 - }, - "SipMediaApplication":{ - "type":"structure", - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

" - }, - "AwsRegion":{ - "shape":"String", - "documentation":"

The AWS Region in which the SIP media application is created.

" - }, - "Name":{ - "shape":"SipMediaApplicationName", - "documentation":"

The name of the SIP media application.

" - }, - "Endpoints":{ - "shape":"SipMediaApplicationEndpointList", - "documentation":"

List of endpoints for SIP media application. Currently, only one endpoint per SIP media application is permitted.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The SIP media application creation timestamp, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The SIP media application updated timestamp, in ISO 8601 format.

" - } - }, - "documentation":"

The details of the SIP media application, including name and endpoints. An AWS account can have multiple SIP media applications.

" - }, - "SipMediaApplicationCall":{ - "type":"structure", - "members":{ - "TransactionId":{ - "shape":"GuidString", - "documentation":"

The transaction ID of a call.

" - } - }, - "documentation":"

A Call instance for a SIP media application.

" - }, - "SipMediaApplicationEndpoint":{ - "type":"structure", - "members":{ - "LambdaArn":{ - "shape":"FunctionArn", - "documentation":"

Valid Amazon Resource Name (ARN) of the Lambda function, version, or alias. The function must be created in the same AWS Region as the SIP media application.

" - } - }, - "documentation":"

The endpoint assigned to the SIP media application.

" - }, - "SipMediaApplicationEndpointList":{ - "type":"list", - "member":{"shape":"SipMediaApplicationEndpoint"}, - "max":1, - "min":1 - }, - "SipMediaApplicationList":{ - "type":"list", - "member":{"shape":"SipMediaApplication"} - }, - "SipMediaApplicationLoggingConfiguration":{ - "type":"structure", - "members":{ - "EnableSipMediaApplicationMessageLogs":{ - "shape":"Boolean", - "documentation":"

Enables application message logs for the SIP media application.

" - } - }, - "documentation":"

Logging configuration of the SIP media application.

" - }, - "SipMediaApplicationName":{ - "type":"string", - "max":256, - "min":1 - }, - "SipRule":{ - "type":"structure", - "members":{ - "SipRuleId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP rule ID.

" - }, - "Name":{ - "shape":"SipRuleName", - "documentation":"

The name of the SIP rule.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

Indicates whether the SIP rule is enabled or disabled. You must disable a rule before you can delete it.

" - }, - "TriggerType":{ - "shape":"SipRuleTriggerType", - "documentation":"

The type of trigger assigned to the SIP rule in TriggerValue, currently RequestUriHostname or ToPhoneNumber.

" - }, - "TriggerValue":{ - "shape":"NonEmptyString", - "documentation":"

If TriggerType is RequestUriHostname, then the value can be the outbound host name of the Amazon Chime Voice Connector. If TriggerType is ToPhoneNumber, then the value can be a customer-owned phone number in E164 format. SipRule is triggered when a SIP rule requests host name or ToPhoneNumber matches in the incoming SIP request.

" - }, - "TargetApplications":{ - "shape":"SipRuleTargetApplicationList", - "documentation":"

Target SIP media application and other details, such as priority and AWS Region, to be specified in the SIP rule. Only one SIP rule per AWS Region can be provided.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The time at which the SIP rule was created, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The time at which the SIP rule was last updated, in ISO 8601 format.

" - } - }, - "documentation":"

The SIP rule details, including name, triggers, and target applications. An AWS account can have multiple SIP rules.

" - }, - "SipRuleList":{ - "type":"list", - "member":{"shape":"SipRule"} - }, - "SipRuleName":{ - "type":"string", - "max":256, - "min":1 - }, - "SipRuleTargetApplication":{ - "type":"structure", - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

" - }, - "Priority":{ - "shape":"SipApplicationPriority", - "documentation":"

Priority of the SIP media application in the target list.

" - }, - "AwsRegion":{ - "shape":"String", - "documentation":"

The AWS Region of the target application.

" - } - }, - "documentation":"

Target SIP media application and other details, such as priority and AWS Region, to be specified in the SIP rule. Only one SIP rule per AWS Region can be provided.

" - }, - "SipRuleTargetApplicationList":{ - "type":"list", - "member":{"shape":"SipRuleTargetApplication"}, - "max":25, - "min":1 - }, - "SipRuleTriggerType":{ - "type":"string", - "enum":[ - "ToPhoneNumber", - "RequestUriHostname" - ] - }, - "SortOrder":{ - "type":"string", - "enum":[ - "ASCENDING", - "DESCENDING" - ] - }, - "SourceConfiguration":{ - "type":"structure", - "members":{ - "SelectedVideoStreams":{ - "shape":"SelectedVideoStreams", - "documentation":"

The selected video streams to capture for a specified media capture pipeline. The number of video streams can't exceed 25.

" - } - }, - "documentation":"

Source configuration for a specified media capture pipeline.

" - }, - "StartMeetingTranscriptionRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "TranscriptionConfiguration" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The unique ID of the meeting being transcribed.

", - "location":"uri", - "locationName":"meetingId" - }, - "TranscriptionConfiguration":{ - "shape":"TranscriptionConfiguration", - "documentation":"

The configuration for the current transcription operation. Must contain EngineTranscribeSettings or EngineTranscribeMedicalSettings.

" - } - } - }, - "StartMeetingTranscriptionResponse":{ - "type":"structure", - "members":{ - } - }, - "StopMeetingTranscriptionRequest":{ - "type":"structure", - "required":["MeetingId"], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The unique ID of the meeting for which you stop transcription.

", - "location":"uri", - "locationName":"meetingId" - } - } - }, - "StopMeetingTranscriptionResponse":{ - "type":"structure", - "members":{ - } - }, - "StreamingConfiguration":{ - "type":"structure", - "required":["DataRetentionInHours"], - "members":{ - "DataRetentionInHours":{ - "shape":"DataRetentionInHours", - "documentation":"

The retention period, in hours, for the Amazon Kinesis data.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

When true, media streaming to Amazon Kinesis is turned off.

" - }, - "StreamingNotificationTargets":{ - "shape":"StreamingNotificationTargetList", - "documentation":"

The streaming notification targets.

" - } - }, - "documentation":"

The streaming configuration associated with an Amazon Chime Voice Connector. Specifies whether media streaming is enabled for sending to Amazon Kinesis, and shows the retention period for the Amazon Kinesis data, in hours.

" - }, - "StreamingNotificationTarget":{ - "type":"structure", - "required":["NotificationTarget"], - "members":{ - "NotificationTarget":{ - "shape":"NotificationTarget", - "documentation":"

The streaming notification target.

" - } - }, - "documentation":"

The targeted recipient for a streaming configuration notification.

" - }, - "StreamingNotificationTargetList":{ - "type":"list", - "member":{"shape":"StreamingNotificationTarget"}, - "max":3, - "min":1 - }, "String":{"type":"string"}, - "String128":{ - "type":"string", - "max":128 - }, - "StringList":{ - "type":"list", - "member":{"shape":"String"} - }, - "Tag":{ - "type":"structure", - "required":[ - "Key", - "Value" - ], - "members":{ - "Key":{ - "shape":"TagKey", - "documentation":"

The key of the tag.

" - }, - "Value":{ - "shape":"TagValue", - "documentation":"

The value of the tag.

" - } - }, - "documentation":"

Describes a tag applied to a resource.

" - }, - "TagAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "AttendeeId", - "Tags" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

", - "location":"uri", - "locationName":"attendeeId" - }, - "Tags":{ - "shape":"AttendeeTagList", - "documentation":"

The tag key-value pairs.

" - } - } - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "sensitive":true - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":50, - "min":1 - }, - "TagList":{ - "type":"list", - "member":{"shape":"Tag"}, - "max":50, - "min":1 - }, - "TagMeetingRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "Tags" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "Tags":{ - "shape":"MeetingTagList", - "documentation":"

The tag key-value pairs.

" - } - } - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceARN", - "Tags" - ], - "members":{ - "ResourceARN":{ - "shape":"Arn", - "documentation":"

The resource ARN.

" - }, - "Tags":{ - "shape":"TagList", - "documentation":"

The tag key-value pairs.

" - } - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":1, - "sensitive":true - }, "TelephonySettings":{ "type":"structure", "required":[ @@ -11677,46 +3683,6 @@ }, "documentation":"

Settings that allow management of telephony permissions for an Amazon Chime user, such as inbound and outbound calling and text messaging.

" }, - "Termination":{ - "type":"structure", - "members":{ - "CpsLimit":{ - "shape":"CpsLimit", - "documentation":"

The limit on calls per second. Max value based on account service quota. Default value of 1.

" - }, - "DefaultPhoneNumber":{ - "shape":"E164PhoneNumber", - "documentation":"

The default caller ID phone number.

" - }, - "CallingRegions":{ - "shape":"CallingRegionList", - "documentation":"

The countries to which calls are allowed, in ISO 3166-1 alpha-2 format. Required.

" - }, - "CidrAllowedList":{ - "shape":"StringList", - "documentation":"

The IP addresses allowed to make calls, in CIDR format. Required.

" - }, - "Disabled":{ - "shape":"Boolean", - "documentation":"

When termination settings are disabled, outbound calls can not be made.

" - } - }, - "documentation":"

Termination settings enable your SIP hosts to make outbound calls using your Amazon Chime Voice Connector.

" - }, - "TerminationHealth":{ - "type":"structure", - "members":{ - "Timestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The timestamp, in ISO 8601 format.

" - }, - "Source":{ - "shape":"String", - "documentation":"

The source IP address.

" - } - }, - "documentation":"

The termination health details, including the source IP address and timestamp of the last successful SIP OPTIONS message from your SIP infrastructure.

" - }, "ThrottledClientException":{ "type":"structure", "members":{ @@ -11727,149 +3693,12 @@ "error":{"httpStatusCode":429}, "exception":true }, - "Timestamp":{"type":"timestamp"}, "TollFreePrefix":{ "type":"string", "max":3, "min":3, "pattern":"^8(00|33|44|55|66|77|88)$" }, - "TranscribeContentIdentificationType":{ - "type":"string", - "enum":["PII"] - }, - "TranscribeContentRedactionType":{ - "type":"string", - "enum":["PII"] - }, - "TranscribeLanguageCode":{ - "type":"string", - "enum":[ - "en-US", - "en-GB", - "es-US", - "fr-CA", - "fr-FR", - "en-AU", - "it-IT", - "de-DE", - "pt-BR", - "ja-JP", - "ko-KR", - "zh-CN", - "th-TH", - "hi-IN" - ] - }, - "TranscribeLanguageModelName":{ - "type":"string", - "max":200, - "min":1, - "pattern":"^[0-9a-zA-Z._-]+" - }, - "TranscribeLanguageOptions":{ - "type":"string", - "max":200, - "min":1, - "pattern":"^[a-zA-Z-,]+" - }, - "TranscribeMedicalContentIdentificationType":{ - "type":"string", - "enum":["PHI"] - }, - "TranscribeMedicalLanguageCode":{ - "type":"string", - "enum":["en-US"] - }, - "TranscribeMedicalRegion":{ - "type":"string", - "enum":[ - "us-east-1", - "us-east-2", - "us-west-2", - "ap-southeast-2", - "ca-central-1", - "eu-west-1", - "auto" - ] - }, - "TranscribeMedicalSpecialty":{ - "type":"string", - "enum":[ - "PRIMARYCARE", - "CARDIOLOGY", - "NEUROLOGY", - "ONCOLOGY", - "RADIOLOGY", - "UROLOGY" - ] - }, - "TranscribeMedicalType":{ - "type":"string", - "enum":[ - "CONVERSATION", - "DICTATION" - ] - }, - "TranscribePartialResultsStability":{ - "type":"string", - "enum":[ - "low", - "medium", - "high" - ] - }, - "TranscribePiiEntityTypes":{ - "type":"string", - "max":300, - "min":1, - "pattern":"^[A-Z_, ]+" - }, - "TranscribeRegion":{ - "type":"string", - "enum":[ - "us-east-2", - "us-east-1", - "us-west-2", - "ap-northeast-2", - "ap-southeast-2", - "ap-northeast-1", - "ca-central-1", - "eu-central-1", - "eu-west-1", - "eu-west-2", - "sa-east-1", - "auto" - ] - }, - "TranscribeVocabularyFilterMethod":{ - "type":"string", - "enum":[ - "remove", - "mask", - "tag" - ] - }, - "TranscribeVocabularyNamesOrFilterNamesString":{ - "type":"string", - "max":3000, - "min":1, - "pattern":"^[a-zA-Z0-9,-._]+" - }, - "TranscriptionConfiguration":{ - "type":"structure", - "members":{ - "EngineTranscribeSettings":{ - "shape":"EngineTranscribeSettings", - "documentation":"

The transcription configuration settings passed to Amazon Transcribe.

" - }, - "EngineTranscribeMedicalSettings":{ - "shape":"EngineTranscribeMedicalSettings", - "documentation":"

The transcription configuration settings passed to Amazon Transcribe Medical.

" - } - }, - "documentation":"

The configuration for the current transcription operation. Must contain EngineTranscribeSettings or EngineTranscribeMedicalSettings.

" - }, "UnauthorizedClientException":{ "type":"structure", "members":{ @@ -11890,68 +3719,6 @@ "error":{"httpStatusCode":422}, "exception":true }, - "UntagAttendeeRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "TagKeys", - "AttendeeId" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "AttendeeId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK attendee ID.

", - "location":"uri", - "locationName":"attendeeId" - }, - "TagKeys":{ - "shape":"AttendeeTagKeyList", - "documentation":"

The tag keys.

" - } - } - }, - "UntagMeetingRequest":{ - "type":"structure", - "required":[ - "MeetingId", - "TagKeys" - ], - "members":{ - "MeetingId":{ - "shape":"GuidString", - "documentation":"

The Amazon Chime SDK meeting ID.

", - "location":"uri", - "locationName":"meetingId" - }, - "TagKeys":{ - "shape":"MeetingTagKeyList", - "documentation":"

The tag keys.

" - } - } - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceARN", - "TagKeys" - ], - "members":{ - "ResourceARN":{ - "shape":"Arn", - "documentation":"

The resource ARN.

" - }, - "TagKeys":{ - "shape":"TagKeyList", - "documentation":"

The tag keys.

" - } - } - }, "UpdateAccountRequest":{ "type":"structure", "required":["AccountId"], @@ -12002,72 +3769,7 @@ }, "UpdateAccountSettingsResponse":{ "type":"structure", - "members":{ - } - }, - "UpdateAppInstanceRequest":{ - "type":"structure", - "required":[ - "AppInstanceArn", - "Name" - ], - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

", - "location":"uri", - "locationName":"appInstanceArn" - }, - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name that you want to change.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata that you want to change.

" - } - } - }, - "UpdateAppInstanceResponse":{ - "type":"structure", - "members":{ - "AppInstanceArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstance.

" - } - } - }, - "UpdateAppInstanceUserRequest":{ - "type":"structure", - "required":[ - "AppInstanceUserArn", - "Name" - ], - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser.

", - "location":"uri", - "locationName":"appInstanceUserArn" - }, - "Name":{ - "shape":"UserName", - "documentation":"

The name of the AppInstanceUser.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the AppInstanceUser.

" - } - } - }, - "UpdateAppInstanceUserResponse":{ - "type":"structure", - "members":{ - "AppInstanceUserArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the AppInstanceUser.

" - } - } + "members":{} }, "UpdateBotRequest":{ "type":"structure", @@ -12103,124 +3805,6 @@ } } }, - "UpdateChannelMessageRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "MessageId" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID string of the message being updated.

", - "location":"uri", - "locationName":"messageId" - }, - "Content":{ - "shape":"Content", - "documentation":"

The content of the message being updated.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata of the message being updated.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "UpdateChannelMessageResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - }, - "MessageId":{ - "shape":"MessageId", - "documentation":"

The ID string of the message being updated.

" - } - } - }, - "UpdateChannelReadMarkerRequest":{ - "type":"structure", - "required":["ChannelArn"], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "UpdateChannelReadMarkerResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - } - } - }, - "UpdateChannelRequest":{ - "type":"structure", - "required":[ - "ChannelArn", - "Name", - "Mode" - ], - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

", - "location":"uri", - "locationName":"channelArn" - }, - "Name":{ - "shape":"NonEmptyResourceName", - "documentation":"

The name of the channel.

" - }, - "Mode":{ - "shape":"ChannelMode", - "documentation":"

The mode of the update request.

" - }, - "Metadata":{ - "shape":"Metadata", - "documentation":"

The metadata for the update request.

" - }, - "ChimeBearer":{ - "shape":"ChimeArn", - "documentation":"

The AppInstanceUserArn of the user that makes the API call.

", - "location":"header", - "locationName":"x-amz-chime-bearer" - } - } - }, - "UpdateChannelResponse":{ - "type":"structure", - "members":{ - "ChannelArn":{ - "shape":"ChimeArn", - "documentation":"

The ARN of the channel.

" - } - } - }, "UpdateGlobalSettingsRequest":{ "type":"structure", "members":{ @@ -12296,45 +3880,6 @@ } } }, - "UpdateProxySessionRequest":{ - "type":"structure", - "required":[ - "Capabilities", - "VoiceConnectorId", - "ProxySessionId" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString128", - "documentation":"

The Amazon Chime voice connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "ProxySessionId":{ - "shape":"NonEmptyString128", - "documentation":"

The proxy session ID.

", - "location":"uri", - "locationName":"proxySessionId" - }, - "Capabilities":{ - "shape":"CapabilityList", - "documentation":"

The proxy session capabilities.

" - }, - "ExpiryMinutes":{ - "shape":"PositiveInteger", - "documentation":"

The number of minutes allowed for the proxy session.

" - } - } - }, - "UpdateProxySessionResponse":{ - "type":"structure", - "members":{ - "ProxySession":{ - "shape":"ProxySession", - "documentation":"

The proxy session details.

" - } - } - }, "UpdateRoomMembershipRequest":{ "type":"structure", "required":[ @@ -12410,106 +3955,6 @@ } } }, - "UpdateSipMediaApplicationCallRequest":{ - "type":"structure", - "required":[ - "SipMediaApplicationId", - "TransactionId", - "Arguments" - ], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The ID of the SIP media application handling the call.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - }, - "TransactionId":{ - "shape":"NonEmptyString", - "documentation":"

The ID of the call transaction.

", - "location":"uri", - "locationName":"transactionId" - }, - "Arguments":{ - "shape":"SMAUpdateCallArgumentsMap", - "documentation":"

Arguments made available to the Lambda function as part of the CALL_UPDATE_REQUESTED event. Can contain 0-20 key-value pairs.

" - } - } - }, - "UpdateSipMediaApplicationCallResponse":{ - "type":"structure", - "members":{ - "SipMediaApplicationCall":{ - "shape":"SipMediaApplicationCall", - "documentation":"

A Call instance for a SIP media application.

" - } - } - }, - "UpdateSipMediaApplicationRequest":{ - "type":"structure", - "required":["SipMediaApplicationId"], - "members":{ - "SipMediaApplicationId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP media application ID.

", - "location":"uri", - "locationName":"sipMediaApplicationId" - }, - "Name":{ - "shape":"SipMediaApplicationName", - "documentation":"

The new name for the specified SIP media application.

" - }, - "Endpoints":{ - "shape":"SipMediaApplicationEndpointList", - "documentation":"

The new set of endpoints for the specified SIP media application.

" - } - } - }, - "UpdateSipMediaApplicationResponse":{ - "type":"structure", - "members":{ - "SipMediaApplication":{ - "shape":"SipMediaApplication", - "documentation":"

The updated SIP media application details.

" - } - } - }, - "UpdateSipRuleRequest":{ - "type":"structure", - "required":[ - "SipRuleId", - "Name" - ], - "members":{ - "SipRuleId":{ - "shape":"NonEmptyString", - "documentation":"

The SIP rule ID.

", - "location":"uri", - "locationName":"sipRuleId" - }, - "Name":{ - "shape":"SipRuleName", - "documentation":"

The new name for the specified SIP rule.

" - }, - "Disabled":{ - "shape":"NullableBoolean", - "documentation":"

The new value specified to indicate whether the rule is disabled.

" - }, - "TargetApplications":{ - "shape":"SipRuleTargetApplicationList", - "documentation":"

The new value of the list of target applications.

" - } - } - }, - "UpdateSipRuleResponse":{ - "type":"structure", - "members":{ - "SipRule":{ - "shape":"SipRule", - "documentation":"

Updated SIP rule details.

" - } - } - }, "UpdateUserRequest":{ "type":"structure", "required":[ @@ -12606,80 +4051,6 @@ } } }, - "UpdateVoiceConnectorGroupRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorGroupId", - "Name", - "VoiceConnectorItems" - ], - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

", - "location":"uri", - "locationName":"voiceConnectorGroupId" - }, - "Name":{ - "shape":"VoiceConnectorGroupName", - "documentation":"

The name of the Amazon Chime Voice Connector group.

" - }, - "VoiceConnectorItems":{ - "shape":"VoiceConnectorItemList", - "documentation":"

The VoiceConnectorItems to associate with the group.

" - } - } - }, - "UpdateVoiceConnectorGroupResponse":{ - "type":"structure", - "members":{ - "VoiceConnectorGroup":{ - "shape":"VoiceConnectorGroup", - "documentation":"

The updated Amazon Chime Voice Connector group details.

" - } - } - }, - "UpdateVoiceConnectorRequest":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "Name", - "RequireEncryption" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

", - "location":"uri", - "locationName":"voiceConnectorId" - }, - "Name":{ - "shape":"VoiceConnectorName", - "documentation":"

The name of the Amazon Chime Voice Connector.

" - }, - "RequireEncryption":{ - "shape":"Boolean", - "documentation":"

When enabled, requires encryption for the Amazon Chime Voice Connector.

" - } - } - }, - "UpdateVoiceConnectorResponse":{ - "type":"structure", - "members":{ - "VoiceConnector":{ - "shape":"VoiceConnector", - "documentation":"

The updated Amazon Chime Voice Connector details.

" - } - } - }, - "UriType":{ - "type":"string", - "max":4096 - }, - "UrlType":{ - "type":"string", - "max":4096 - }, "User":{ "type":"structure", "required":["UserId"], @@ -12766,13 +4137,6 @@ "type":"list", "member":{"shape":"UserError"} }, - "UserId":{ - "type":"string", - "max":64, - "min":1, - "pattern":"[A-Za-z0-9]([A-Za-z0-9\\:\\-\\_\\.\\@]{0,62}[A-Za-z0-9])?", - "sensitive":true - }, "UserIdList":{ "type":"list", "member":{"shape":"NonEmptyString"}, @@ -12782,13 +4146,6 @@ "type":"list", "member":{"shape":"User"} }, - "UserName":{ - "type":"string", - "max":100, - "min":1, - "pattern":".*\\S.*", - "sensitive":true - }, "UserSettings":{ "type":"structure", "required":["Telephony"], @@ -12807,213 +4164,6 @@ "SharedDevice" ] }, - "ValidateE911AddressRequest":{ - "type":"structure", - "required":[ - "AwsAccountId", - "StreetNumber", - "StreetInfo", - "City", - "State", - "Country", - "PostalCode" - ], - "members":{ - "AwsAccountId":{ - "shape":"NonEmptyString", - "documentation":"

The AWS account ID.

" - }, - "StreetNumber":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address street number, such as 200 or 2121.

" - }, - "StreetInfo":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address street information, such as 8th Avenue.

" - }, - "City":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address city, such as Portland.

" - }, - "State":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address state, such as ME.

" - }, - "Country":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address country, such as US.

" - }, - "PostalCode":{ - "shape":"SensitiveNonEmptyString", - "documentation":"

The address postal code, such as 04352.

" - } - } - }, - "ValidateE911AddressResponse":{ - "type":"structure", - "members":{ - "ValidationResult":{ - "shape":"ValidationResult", - "documentation":"

Number indicating the result of address validation. 0 means the address was perfect as is and successfully validated. 1 means the address was corrected. 2 means the address sent was not close enough and was not validated.

" - }, - "AddressExternalId":{ - "shape":"String", - "documentation":"

The ID that represents the address.

" - }, - "Address":{ - "shape":"Address", - "documentation":"

The validated address.

" - }, - "CandidateAddressList":{ - "shape":"CandidateAddressList", - "documentation":"

The list of address suggestions.

" - } - } - }, - "ValidationResult":{ - "type":"integer", - "max":2, - "min":0 - }, - "VideoArtifactsConfiguration":{ - "type":"structure", - "required":["State"], - "members":{ - "State":{ - "shape":"ArtifactsState", - "documentation":"

Indicates whether the video artifact is enabled or disabled.

" - }, - "MuxType":{ - "shape":"VideoMuxType", - "documentation":"

The MUX type of the video artifact configuration object.

" - } - }, - "documentation":"

The video artifact configuration object.

" - }, - "VideoMuxType":{ - "type":"string", - "enum":["VideoOnly"] - }, - "VoiceConnector":{ - "type":"structure", - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

" - }, - "AwsRegion":{ - "shape":"VoiceConnectorAwsRegion", - "documentation":"

The AWS Region in which the Amazon Chime Voice Connector is created. Default: us-east-1.

" - }, - "Name":{ - "shape":"VoiceConnectorName", - "documentation":"

The name of the Amazon Chime Voice Connector.

" - }, - "OutboundHostName":{ - "shape":"String", - "documentation":"

The outbound host name for the Amazon Chime Voice Connector.

" - }, - "RequireEncryption":{ - "shape":"Boolean", - "documentation":"

Designates whether encryption is required for the Amazon Chime Voice Connector.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The Amazon Chime Voice Connector creation timestamp, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The updated Amazon Chime Voice Connector timestamp, in ISO 8601 format.

" - }, - "VoiceConnectorArn":{ - "shape":"NonEmptyString", - "documentation":"

The ARN of the specified Amazon Chime Voice Connector.

" - } - }, - "documentation":"

The Amazon Chime Voice Connector configuration, including outbound host name and encryption settings.

" - }, - "VoiceConnectorAwsRegion":{ - "type":"string", - "enum":[ - "us-east-1", - "us-west-2" - ] - }, - "VoiceConnectorGroup":{ - "type":"structure", - "members":{ - "VoiceConnectorGroupId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector group ID.

" - }, - "Name":{ - "shape":"VoiceConnectorGroupName", - "documentation":"

The name of the Amazon Chime Voice Connector group.

" - }, - "VoiceConnectorItems":{ - "shape":"VoiceConnectorItemList", - "documentation":"

The Amazon Chime Voice Connectors to which to route inbound calls.

" - }, - "CreatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The Amazon Chime Voice Connector group creation time stamp, in ISO 8601 format.

" - }, - "UpdatedTimestamp":{ - "shape":"Iso8601Timestamp", - "documentation":"

The updated Amazon Chime Voice Connector group time stamp, in ISO 8601 format.

" - }, - "VoiceConnectorGroupArn":{ - "shape":"NonEmptyString", - "documentation":"

The ARN of the specified Amazon Chime Voice Connector group.

" - } - }, - "documentation":"

The Amazon Chime Voice Connector group configuration, including associated Amazon Chime Voice Connectors. You can include Amazon Chime Voice Connectors from different AWS Regions in your group. This creates a fault tolerant mechanism for fallback in case of availability events.

" - }, - "VoiceConnectorGroupList":{ - "type":"list", - "member":{"shape":"VoiceConnectorGroup"} - }, - "VoiceConnectorGroupName":{ - "type":"string", - "max":256, - "min":1 - }, - "VoiceConnectorItem":{ - "type":"structure", - "required":[ - "VoiceConnectorId", - "Priority" - ], - "members":{ - "VoiceConnectorId":{ - "shape":"NonEmptyString", - "documentation":"

The Amazon Chime Voice Connector ID.

" - }, - "Priority":{ - "shape":"VoiceConnectorItemPriority", - "documentation":"

The priority associated with the Amazon Chime Voice Connector, with 1 being the highest priority. Higher priority Amazon Chime Voice Connectors are attempted first.

" - } - }, - "documentation":"

For Amazon Chime Voice Connector groups, the Amazon Chime Voice Connectors to which to route inbound calls. Includes priority configuration settings. Limit: 3 VoiceConnectorItems per Amazon Chime Voice Connector group.

" - }, - "VoiceConnectorItemList":{ - "type":"list", - "member":{"shape":"VoiceConnectorItem"} - }, - "VoiceConnectorItemPriority":{ - "type":"integer", - "max":99, - "min":1 - }, - "VoiceConnectorList":{ - "type":"list", - "member":{"shape":"VoiceConnector"} - }, - "VoiceConnectorName":{ - "type":"string", - "max":256, - "min":1 - }, "VoiceConnectorSettings":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/service-2.json 2.31.35-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/service-2.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-identity/2021-04-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2021-04-20", "endpointPrefix":"identity-chime", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Chime SDK Identity", "serviceId":"Chime SDK Identity", "signatureVersion":"v4", "signingName":"chime", - "uid":"chime-sdk-identity-2021-04-20" + "uid":"chime-sdk-identity-2021-04-20", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateAppInstance":{ diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json 2.31.35-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -3575,8 +3575,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3676,8 +3675,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMediaInsightsPipelineConfigurationRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json 2.31.35-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2021-07-15", "endpointPrefix":"meetings-chime", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Chime SDK Meetings", "serviceId":"Chime SDK Meetings", "signatureVersion":"v4", "signingName":"chime", - "uid":"chime-sdk-meetings-2021-07-15" + "uid":"chime-sdk-meetings-2021-07-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchCreateAttendee":{ @@ -30,7 +32,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Creates up to 100 attendees for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Creates up to 100 attendees for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "BatchUpdateAttendeeCapabilitiesExcept":{ "name":"BatchUpdateAttendeeCapabilitiesExcept", @@ -50,7 +52,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Updates AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" + "documentation":"

Updates AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • If meeting features is defined as Video:MaxResolution:None but Content:MaxResolution is defined as something other than None and attendee capabilities are not defined in the API request, then the default attendee video capability is set to Receive and attendee content capability is set to SendReceive. This is because content SendReceive requires video to be at least Receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" }, "CreateAttendee":{ "name":"CreateAttendee", @@ -71,7 +73,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Creates a new attendee for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Creates a new attendee for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "CreateMeeting":{ "name":"CreateMeeting", @@ -91,7 +93,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime Developer Guide. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about specifying media Regions, see Available Regions and Using meeting Regions, both in the Amazon Chime SDK Developer Guide. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

If you use this API in conjuction with the and APIs, and you don't specify the MeetingFeatures.Content.MaxResolution or MeetingFeatures.Video.MaxResolution parameters, the following defaults are used:

  • Content.MaxResolution: FHD

  • Video.MaxResolution: HD

" }, "CreateMeetingWithAttendees":{ "name":"CreateMeetingWithAttendees", @@ -111,7 +113,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region, with attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime Developer Guide. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Creates a new Amazon Chime SDK meeting in the specified media Region, with attendees. For more information about specifying media Regions, see Available Regions and Using meeting Regions, both in the Amazon Chime SDK Developer Guide. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime SDK Developer Guide.

If you use this API in conjuction with the and APIs, and you don't specify the MeetingFeatures.Content.MaxResolution or MeetingFeatures.Video.MaxResolution parameters, the following defaults are used:

  • Content.MaxResolution: FHD

  • Video.MaxResolution: HD

" }, "DeleteAttendee":{ "name":"DeleteAttendee", @@ -130,7 +132,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Deletes an attendee from the specified Amazon Chime SDK meeting and deletes their JoinToken. Attendees are automatically deleted when a Amazon Chime SDK meeting is deleted. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Deletes an attendee from the specified Amazon Chime SDK meeting and deletes their JoinToken. Attendees are automatically deleted when a Amazon Chime SDK meeting is deleted. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "DeleteMeeting":{ "name":"DeleteMeeting", @@ -149,7 +151,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Deletes the specified Amazon Chime SDK meeting. The operation deletes all attendees, disconnects all clients, and prevents new clients from joining the meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Deletes the specified Amazon Chime SDK meeting. The operation deletes all attendees, disconnects all clients, and prevents new clients from joining the meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "GetAttendee":{ "name":"GetAttendee", @@ -168,7 +170,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets the Amazon Chime SDK attendee details for a specified meeting ID and attendee ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Gets the Amazon Chime SDK attendee details for a specified meeting ID and attendee ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "GetMeeting":{ "name":"GetMeeting", @@ -187,7 +189,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Gets the Amazon Chime SDK meeting details for the specified meeting ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Gets the Amazon Chime SDK meeting details for the specified meeting ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "ListAttendees":{ "name":"ListAttendees", @@ -207,7 +209,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists the attendees for the specified Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" + "documentation":"

Lists the attendees for the specified Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

" }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -332,7 +334,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

The capabilities that you want to update.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" + "documentation":"

The capabilities that you want to update.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • If meeting features is defined as Video:MaxResolution:None but Content:MaxResolution is defined as something other than None and attendee capabilities are not defined in the API request, then the default attendee video capability is set to Receive and attendee content capability is set to SendReceive. This is because content SendReceive requires video to be at least Receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" } }, "shapes":{ @@ -366,7 +368,7 @@ }, "Capabilities":{ "shape":"AttendeeCapabilities", - "documentation":"

The capabilities assigned to an attendee: audio, video, or content.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" + "documentation":"

The capabilities assigned to an attendee: audio, video, or content.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • If meeting features is defined as Video:MaxResolution:None but Content:MaxResolution is defined as something other than None and attendee capabilities are not defined in the API request, then the default attendee video capability is set to Receive and attendee content capability is set to SendReceive. This is because content SendReceive requires video to be at least Receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" } }, "documentation":"

An Amazon Chime SDK meeting attendee. Includes a unique AttendeeId and JoinToken. The JoinToken allows a client to authenticate and join as the specified attendee. The JoinToken expires when the meeting ends, or when DeleteAttendee is called. After that, the attendee is unable to join the meeting.

We recommend securely transferring each JoinToken from your server application to the client so that no other client has access to the token except for the one authorized to represent the attendee.

" @@ -392,7 +394,7 @@ "documentation":"

The content capability assigned to an attendee.

" } }, - "documentation":"

The media capabilities of an attendee: audio, video, or content.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information, refer to and .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and an attendee unmutes their microphone, audio flows from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and the attendee turns on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" + "documentation":"

The media capabilities of an attendee: audio, video, or content.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information, refer to and .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • If meeting features is defined as Video:MaxResolution:None but Content:MaxResolution is defined as something other than None and attendee capabilities are not defined in the API request, then the default attendee video capability is set to Receive and attendee content capability is set to SendReceive. This is because content SendReceive requires video to be at least Receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and an attendee unmutes their microphone, audio flows from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and the attendee turns on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" }, "AttendeeFeatures":{ "type":"structure", @@ -591,7 +593,7 @@ }, "Capabilities":{ "shape":"AttendeeCapabilities", - "documentation":"

The capabilities (audio, video, or content) that you want to grant an attendee. If you don't specify capabilities, all users have send and receive capabilities on all media channels by default.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" + "documentation":"

The capabilities (audio, video, or content) that you want to grant an attendee. If you don't specify capabilities, all users have send and receive capabilities on all media channels by default.

You use the capabilities with a set of values that control what the capabilities can do, such as SendReceive data. For more information about those values, see .

When using capabilities, be aware of these corner cases:

  • If you specify MeetingFeatures:Video:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Video will be rejected with ValidationError 400.

  • If you specify MeetingFeatures:Content:MaxResolution:None when you create a meeting, all API requests that include SendReceive, Send, or Receive for AttendeeCapabilities:Content will be rejected with ValidationError 400.

  • You can't set content capabilities to SendReceive or Receive unless you also set video capabilities to SendReceive or Receive. If you don't set the video capability to receive, the response will contain an HTTP 400 Bad Request status code. However, you can set your video capability to receive and you set your content capability to not receive.

  • If meeting features is defined as Video:MaxResolution:None but Content:MaxResolution is defined as something other than None and attendee capabilities are not defined in the API request, then the default attendee video capability is set to Receive and attendee content capability is set to SendReceive. This is because content SendReceive requires video to be at least Receive.

  • When you change an audio capability from None or Receive to Send or SendReceive , and if the attendee left their microphone unmuted, audio will flow from the attendee to the other meeting participants.

  • When you change a video or content capability from None or Receive to Send or SendReceive , and if the attendee turned on their video or content streams, remote attendees can receive those streams, but only after media renegotiation between the client and the Amazon Chime back-end server.

" } } }, @@ -669,6 +671,10 @@ "Tags":{ "shape":"TagList", "documentation":"

Applies one or more tags to an Amazon Chime SDK meeting. Note the following:

  • Not all resources have tags. For a list of services with resources that support tagging using this operation, see Services that support the Resource Groups Tagging API. If the resource doesn't yet support this operation, the resource's service might support tagging using its own API operations. For more information, refer to the documentation for that service.

  • Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the AWS General Reference.

  • You can only tag resources that are located in the specified Amazon Web Services Region for the Amazon Web Services account.

  • To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see the documentation for each service.

Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.

Minimum permissions

In addition to the tag:TagResources permission required by this operation, you must also have the tagging permission defined by the service that created the resource. For example, to tag a ChimeSDKMeetings instance using the TagResources operation, you must have both of the following permissions:

tag:TagResources

ChimeSDKMeetings:CreateTags

Some services might have specific requirements for tagging some resources. For example, to tag an Amazon S3 bucket, you must also have the s3:GetBucketTagging permission. If the expected minimum permissions don't work, check the documentation for that service's tagging APIs for more information.

" + }, + "MediaPlacementNetworkType":{ + "shape":"MediaPlacementNetworkType", + "documentation":"

The type of network for the media placement. Either IPv4 only or dual-stack (IPv4 and IPv6).

" } } }, @@ -730,6 +736,10 @@ "Tags":{ "shape":"TagList", "documentation":"

The tags in the request.

" + }, + "MediaPlacementNetworkType":{ + "shape":"MediaPlacementNetworkType", + "documentation":"

The type of network for the media placement. Either IPv4 only or dual-stack (IPv4 and IPv6).

" } } }, @@ -1100,6 +1110,13 @@ }, "documentation":"

A set of endpoints used by clients to connect to the media service group for an Amazon Chime SDK meeting.

" }, + "MediaPlacementNetworkType":{ + "type":"string", + "enum":[ + "Ipv4Only", + "DualStack" + ] + }, "MediaRegion":{ "type":"string", "max":64, @@ -1363,8 +1380,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1600,8 +1616,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAttendeeCapabilitiesRequest":{ "type":"structure", @@ -1657,5 +1672,5 @@ ] } }, - "documentation":"

The Amazon Chime SDK meetings APIs in this section allow software developers to create Amazon Chime SDK meetings, set the Amazon Web Services Regions for meetings, create and manage users, and send and receive meeting notifications. For more information about the meeting APIs, see Amazon Chime SDK meetings.

" + "documentation":"

The Amazon Chime SDK meetings APIs in this section allow software developers to create Amazon Chime SDK meetings, set the Amazon Web Services Regions for meetings, create and manage users, and send and receive meeting notifications. For more information about the meeting APIs, see Amazon Chime SDK meetings.

" } diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json 2.31.35-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2021-05-15", "endpointPrefix":"messaging-chime", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Chime SDK Messaging", "serviceId":"Chime SDK Messaging", "signatureVersion":"v4", "signingName":"chime", - "uid":"chime-sdk-messaging-2021-05-15" + "uid":"chime-sdk-messaging-2021-05-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateChannelFlow":{ @@ -133,7 +135,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

Creates a channel flow, a container for processors. Processors are AWS Lambda functions that perform actions on chat messages, such as stripping out profanity. You can associate channel flows with channels, and the processors in the channel flow then take action on all messages sent to that channel. This is a developer API.

Channel flows process the following items:

  1. New and updated messages

  2. Persistent and non-persistent messages

  3. The Standard message type

Channel flows don't process Control or System messages. For more information about the message types provided by Chime SDK messaging, refer to Message types in the Amazon Chime developer guide.

" + "documentation":"

Creates a channel flow, a container for processors. Processors are AWS Lambda functions that perform actions on chat messages, such as stripping out profanity. You can associate channel flows with channels, and the processors in the channel flow then take action on all messages sent to that channel. This is a developer API.

Channel flows process the following items:

  1. New and updated messages

  2. Persistent and non-persistent messages

  3. The Standard message type

Channel flows don't process Control or System messages. For more information about the message types provided by Chime SDK messaging, refer to Message types in the Amazon Chime developer guide.

" }, "CreateChannelMembership":{ "name":"CreateChannelMembership", @@ -614,7 +616,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

Lists all channel memberships in a channel.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

If you want to list the channels to which a specific app instance user belongs, see the ListChannelMembershipsForAppInstanceUser API.

" + "documentation":"

Lists all channel memberships in a channel.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

If you want to list the channels to which a specific app instance user belongs, see the ListChannelMembershipsForAppInstanceUser API.

" }, "ListChannelMembershipsForAppInstanceUser":{ "name":"ListChannelMembershipsForAppInstanceUser", @@ -847,7 +849,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

Redacts message content, but not metadata. The message exists in the back end, but the action returns null content, and the state shows as redacted.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

" + "documentation":"

Redacts message content and metadata. The message exists in the back end, but the action returns null content, and the state shows as redacted.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

" }, "SearchChannels":{ "name":"SearchChannels", @@ -866,7 +868,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

Allows the ChimeBearer to search channels by channel members. Users or bots can search across the channels that they belong to. Users in the AppInstanceAdmin role can search across all channels.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

" + "documentation":"

Allows the ChimeBearer to search channels by channel members. Users or bots can search across the channels that they belong to. Users in the AppInstanceAdmin role can search across all channels.

The x-amz-chime-bearer request header is mandatory. Use the ARN of the AppInstanceUser or AppInstanceBot that makes the API call as the value in the header.

This operation isn't supported for AppInstanceUsers with a large number of memberships.

" }, "SendChannelMessage":{ "name":"SendChannelMessage", @@ -2042,7 +2044,7 @@ }, "ChannelId":{ "shape":"ChannelId", - "documentation":"

The ID of the channel in the request.

" + "documentation":"

An ID for the channel being created. If you do not specify an ID, a UUID will be created for the channel.

" }, "MemberArns":{ "shape":"ChannelMemberArns", @@ -2740,6 +2742,12 @@ "GetMessagingSessionEndpointRequest":{ "type":"structure", "members":{ + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The type of network for the messaging session endpoint. Either IPv4 only or dual-stack (IPv4 and IPv6).

", + "location":"querystring", + "locationName":"network-type" + } } }, "GetMessagingSessionEndpointResponse":{ @@ -3425,6 +3433,13 @@ "max":40, "min":1 }, + "NetworkType":{ + "type":"string", + "enum":[ + "IPV4_ONLY", + "DUAL_STACK" + ] + }, "NextToken":{ "type":"string", "max":2048, @@ -3789,14 +3804,14 @@ }, "Values":{ "shape":"SearchFieldValues", - "documentation":"

The values that you want to search for, a list of strings. The values must be AppInstanceUserArns specified as a list of strings.

This operation isn't supported for AppInstanceUsers with large number of memberships.

" + "documentation":"

The values that you want to search for, a list of strings. The values must be AppInstanceUserArns specified as a list of strings.

This operation isn't supported for AppInstanceUsers with a large number of memberships.

" }, "Operator":{ "shape":"SearchFieldOperator", "documentation":"

The operator used to compare field values, currently EQUALS or INCLUDES. Use the EQUALS operator to find channels whose memberships equal the specified values. Use the INCLUDES operator to find channels whose memberships include the specified values.

" } }, - "documentation":"

A Field of the channel that you want to search.

" + "documentation":"

A Field of the channel that you want to search.

This operation isn't supported for AppInstanceUsers with a large number of memberships.

" }, "SearchFieldKey":{ "type":"string", @@ -4291,5 +4306,5 @@ "max":4096 } }, - "documentation":"

The Amazon Chime SDK messaging APIs in this section allow software developers to send and receive messages in custom messaging applications. These APIs depend on the frameworks provided by the Amazon Chime SDK identity APIs. For more information about the messaging APIs, see Amazon Chime SDK messaging.

" + "documentation":"

The Amazon Chime SDK messaging APIs in this section allow software developers to send and receive messages in custom messaging applications. These APIs depend on the frameworks provided by the Amazon Chime SDK identity APIs. For more information about the messaging APIs, see Amazon Chime SDK messaging.

" } diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/service-2.json 2.31.35-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/service-2.json --- 2.23.6-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/chime-sdk-voice/2022-08-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1952,6 +1952,7 @@ {"shape":"ForbiddenException"}, {"shape":"BadRequestException"}, {"shape":"ThrottledClientException"}, + {"shape":"AccessDeniedException"}, {"shape":"ServiceUnavailableException"}, {"shape":"ServiceFailureException"} ], @@ -1961,8 +1962,7 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You don't have the permissions needed to run this action.

", "error":{"httpStatusCode":403}, "exception":true @@ -2113,8 +2113,7 @@ }, "BadRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The input parameters don't match the service's restrictions.

", "error":{"httpStatusCode":400}, "exception":true @@ -2262,8 +2261,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Multiple instances of the same request were made simultaneously.

", "error":{"httpStatusCode":409}, "exception":true @@ -2542,6 +2540,10 @@ "IntegrationType":{ "shape":"VoiceConnectorIntegrationType", "documentation":"

The connectors for use with Amazon Connect.

The following options are available:

  • CONNECT_CALL_TRANSFER_CONNECTOR - Enables enterprises to integrate Amazon Connect with other voice systems to directly transfer voice calls and metadata without using the public telephone network. They can use Amazon Connect telephony and Interactive Voice Response (IVR) with their existing voice systems to modernize the IVR experience of their existing contact center and their enterprise and branch voice systems. Additionally, enterprises migrating their contact center to Amazon Connect can start with Connect telephony and IVR for immediate modernization ahead of agent migration.

  • CONNECT_ANALYTICS_CONNECTOR - Enables enterprises to integrate Amazon Connect with other voice systems for real-time and post-call analytics. They can use Amazon Connect Contact Lens with their existing voice systems to provides call recordings, conversational analytics (including contact transcript, sensitive data redaction, content categorization, theme detection, sentiment analysis, real-time alerts, and post-contact summary), and agent performance evaluations (including evaluation forms, automated evaluation, supervisor review) with a rich user experience to display, search and filter customer interactions, and programmatic access to data streams and the data lake. Additionally, enterprises migrating their contact center to Amazon Connect can start with Contact Lens analytics and performance insights ahead of agent migration.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The type of network for the Voice Connector. Either IPv4 only or dual-stack (IPv4 and IPv6).

" } } }, @@ -2967,8 +2969,7 @@ }, "ForbiddenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The client is permanently forbidden from making the request.

", "error":{"httpStatusCode":403}, "exception":true @@ -3503,8 +3504,7 @@ }, "GoneException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Access to the target resource is no longer available at the origin server. This condition is likely to be permanent.

", "error":{"httpStatusCode":410}, "exception":true @@ -3942,6 +3942,13 @@ }, "documentation":"

The configuration for a call analytics task.

" }, + "NetworkType":{ + "type":"string", + "enum":[ + "IPV4_ONLY", + "DUAL_STACK" + ] + }, "NextTokenString":{ "type":"string", "max":65535 @@ -3969,8 +3976,7 @@ }, "NotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested resource couldn't be found.

", "error":{"httpStatusCode":404}, "exception":true @@ -4314,6 +4320,10 @@ "UpdatedTimestamp":{ "shape":"Iso8601Timestamp", "documentation":"

The updated phone number order time stamp, in ISO 8601 format.

" + }, + "FocDate":{ + "shape":"Iso8601Timestamp", + "documentation":"

The Firm Order Commitment (FOC) date for phone number porting orders. This field is null if a phone number order is not a porting order.

" } }, "documentation":"

The details of an Amazon Chime SDK phone number order.

" @@ -4763,8 +4773,7 @@ }, "ResourceLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request exceeds the resource limit.

", "error":{"httpStatusCode":400}, "exception":true @@ -4901,8 +4910,7 @@ }, "ServiceFailureException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The service encountered an unexpected error.

", "error":{"httpStatusCode":500}, "exception":true, @@ -4910,8 +4918,7 @@ }, "ServiceUnavailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The service is currently unavailable.

", "error":{"httpStatusCode":503}, "exception":true, @@ -5461,8 +5468,7 @@ }, "ThrottledClientException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of customer requests exceeds the request rate limit.

", "error":{"httpStatusCode":429}, "exception":true @@ -5475,16 +5481,14 @@ }, "UnauthorizedClientException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The client isn't authorized to request a resource.

", "error":{"httpStatusCode":401}, "exception":true }, "UnprocessableEntityException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A well-formed request couldn't be followed due to semantic errors.

", "error":{"httpStatusCode":422}, "exception":true @@ -5953,6 +5957,10 @@ "IntegrationType":{ "shape":"VoiceConnectorIntegrationType", "documentation":"

The connectors for use with Amazon Connect.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The type of network of the Voice Connector. Either IPv4 only or dual-stack (IPv4 and IPv6).

" } }, "documentation":"

The Amazon Chime SDK Voice Connector configuration, including outbound host name and encryption settings.

" diff -pruN 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/paginators-1.json 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/paginators-1.json --- 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -107,6 +107,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "idNamespaceAssociationSummaries" + }, + "ListProtectedJobs": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "protectedJobs" + }, + "ListCollaborationChangeRequests": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "collaborationChangeRequestSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json --- 2.23.6-1/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanrooms/2022-02-17/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,7 +29,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves multiple analysis templates within a collaboration by their Amazon Resource Names (ARNs).

" + "documentation":"

Retrieves multiple analysis templates within a collaboration by their Amazon Resource Names (ARNs).

", + "readonly":true }, "BatchGetSchema":{ "name":"BatchGetSchema", @@ -47,7 +48,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves multiple schemas by their identifiers.

" + "documentation":"

Retrieves multiple schemas by their identifiers.

", + "readonly":true }, "BatchGetSchemaAnalysisRule":{ "name":"BatchGetSchemaAnalysisRule", @@ -65,7 +67,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves multiple analysis rule schemas.

" + "documentation":"

Retrieves multiple analysis rule schemas.

", + "readonly":true }, "CreateAnalysisTemplate":{ "name":"CreateAnalysisTemplate", @@ -105,6 +108,26 @@ ], "documentation":"

Creates a new collaboration.

" }, + "CreateCollaborationChangeRequest":{ + "name":"CreateCollaborationChangeRequest", + "http":{ + "method":"POST", + "requestUri":"/collaborations/{collaborationIdentifier}/changeRequests", + "responseCode":200 + }, + "input":{"shape":"CreateCollaborationChangeRequestInput"}, + "output":{"shape":"CreateCollaborationChangeRequestOutput"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Creates a new change request to modify an existing collaboration. This enables post-creation modifications to collaborations through a structured API-driven approach.

" + }, "CreateConfiguredAudienceModelAssociation":{ "name":"CreateConfiguredAudienceModelAssociation", "http":{ @@ -157,6 +180,7 @@ "output":{"shape":"CreateConfiguredTableAnalysisRuleOutput"}, "errors":[ {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -277,13 +301,14 @@ "output":{"shape":"CreatePrivacyBudgetTemplateOutput"}, "errors":[ {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Creates a privacy budget template for a specified membership. Each membership can have only one privacy budget template, but it can be deleted and recreated. If you need to change the privacy budget template for a membership, use the UpdatePrivacyBudgetTemplate operation.

" + "documentation":"

Creates a privacy budget template for a specified collaboration. Each collaboration can have only one privacy budget template. If you need to change the privacy budget template, use the UpdatePrivacyBudgetTemplate operation.

" }, "DeleteAnalysisTemplate":{ "name":"DeleteAnalysisTemplate", @@ -515,7 +540,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Deletes a privacy budget template for a specified membership.

", + "documentation":"

Deletes a privacy budget template for a specified collaboration.

", "idempotent":true }, "GetAnalysisTemplate":{ @@ -534,7 +559,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves an analysis template.

" + "documentation":"

Retrieves an analysis template.

", + "readonly":true }, "GetCollaboration":{ "name":"GetCollaboration", @@ -551,7 +577,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns metadata about a collaboration.

" + "documentation":"

Returns metadata about a collaboration.

", + "readonly":true }, "GetCollaborationAnalysisTemplate":{ "name":"GetCollaborationAnalysisTemplate", @@ -569,7 +596,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves an analysis template within a collaboration.

" + "documentation":"

Retrieves an analysis template within a collaboration.

", + "readonly":true + }, + "GetCollaborationChangeRequest":{ + "name":"GetCollaborationChangeRequest", + "http":{ + "method":"GET", + "requestUri":"/collaborations/{collaborationIdentifier}/changeRequests/{changeRequestIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetCollaborationChangeRequestInput"}, + "output":{"shape":"GetCollaborationChangeRequestOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Retrieves detailed information about a specific collaboration change request.

", + "readonly":true }, "GetCollaborationConfiguredAudienceModelAssociation":{ "name":"GetCollaborationConfiguredAudienceModelAssociation", @@ -587,7 +634,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a configured audience model association within a collaboration.

" + "documentation":"

Retrieves a configured audience model association within a collaboration.

", + "readonly":true }, "GetCollaborationIdNamespaceAssociation":{ "name":"GetCollaborationIdNamespaceAssociation", @@ -605,7 +653,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves an ID namespace association from a specific collaboration.

" + "documentation":"

Retrieves an ID namespace association from a specific collaboration.

", + "readonly":true }, "GetCollaborationPrivacyBudgetTemplate":{ "name":"GetCollaborationPrivacyBudgetTemplate", @@ -623,7 +672,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns details about a specified privacy budget template.

" + "documentation":"

Returns details about a specified privacy budget template.

", + "readonly":true }, "GetConfiguredAudienceModelAssociation":{ "name":"GetConfiguredAudienceModelAssociation", @@ -641,7 +691,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns information about a configured audience model association.

" + "documentation":"

Returns information about a configured audience model association.

", + "readonly":true }, "GetConfiguredTable":{ "name":"GetConfiguredTable", @@ -659,7 +710,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a configured table.

" + "documentation":"

Retrieves a configured table.

", + "readonly":true }, "GetConfiguredTableAnalysisRule":{ "name":"GetConfiguredTableAnalysisRule", @@ -677,7 +729,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a configured table analysis rule.

" + "documentation":"

Retrieves a configured table analysis rule.

", + "readonly":true }, "GetConfiguredTableAssociation":{ "name":"GetConfiguredTableAssociation", @@ -695,7 +748,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a configured table association.

" + "documentation":"

Retrieves a configured table association.

", + "readonly":true }, "GetConfiguredTableAssociationAnalysisRule":{ "name":"GetConfiguredTableAssociationAnalysisRule", @@ -713,7 +767,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the analysis rule for a configured table association.

" + "documentation":"

Retrieves the analysis rule for a configured table association.

", + "readonly":true }, "GetIdMappingTable":{ "name":"GetIdMappingTable", @@ -731,7 +786,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves an ID mapping table.

" + "documentation":"

Retrieves an ID mapping table.

", + "readonly":true }, "GetIdNamespaceAssociation":{ "name":"GetIdNamespaceAssociation", @@ -749,7 +805,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves an ID namespace association.

" + "documentation":"

Retrieves an ID namespace association.

", + "readonly":true }, "GetMembership":{ "name":"GetMembership", @@ -767,7 +824,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a specified membership for an identifier.

" + "documentation":"

Retrieves a specified membership for an identifier.

", + "readonly":true }, "GetPrivacyBudgetTemplate":{ "name":"GetPrivacyBudgetTemplate", @@ -785,7 +843,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns details for a specified privacy budget template.

" + "documentation":"

Returns details for a specified privacy budget template.

", + "readonly":true + }, + "GetProtectedJob":{ + "name":"GetProtectedJob", + "http":{ + "method":"GET", + "requestUri":"/memberships/{membershipIdentifier}/protectedJobs/{protectedJobIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetProtectedJobInput"}, + "output":{"shape":"GetProtectedJobOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Returns job processing metadata.

", + "readonly":true }, "GetProtectedQuery":{ "name":"GetProtectedQuery", @@ -803,7 +881,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns query processing metadata.

" + "documentation":"

Returns query processing metadata.

", + "readonly":true }, "GetSchema":{ "name":"GetSchema", @@ -821,7 +900,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves the schema for a relation within a collaboration.

" + "documentation":"

Retrieves the schema for a relation within a collaboration.

", + "readonly":true }, "GetSchemaAnalysisRule":{ "name":"GetSchemaAnalysisRule", @@ -839,7 +919,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Retrieves a schema analysis rule.

" + "documentation":"

Retrieves a schema analysis rule.

", + "readonly":true }, "ListAnalysisTemplates":{ "name":"ListAnalysisTemplates", @@ -857,7 +938,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists analysis templates that the caller owns.

" + "documentation":"

Lists analysis templates that the caller owns.

", + "readonly":true }, "ListCollaborationAnalysisTemplates":{ "name":"ListCollaborationAnalysisTemplates", @@ -875,7 +957,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists analysis templates within a collaboration.

" + "documentation":"

Lists analysis templates within a collaboration.

", + "readonly":true + }, + "ListCollaborationChangeRequests":{ + "name":"ListCollaborationChangeRequests", + "http":{ + "method":"GET", + "requestUri":"/collaborations/{collaborationIdentifier}/changeRequests", + "responseCode":200 + }, + "input":{"shape":"ListCollaborationChangeRequestsInput"}, + "output":{"shape":"ListCollaborationChangeRequestsOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all change requests for a collaboration with pagination support. Returns change requests sorted by creation time.

", + "readonly":true }, "ListCollaborationConfiguredAudienceModelAssociations":{ "name":"ListCollaborationConfiguredAudienceModelAssociations", @@ -893,7 +995,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured audience model associations within a collaboration.

" + "documentation":"

Lists configured audience model associations within a collaboration.

", + "readonly":true }, "ListCollaborationIdNamespaceAssociations":{ "name":"ListCollaborationIdNamespaceAssociations", @@ -911,7 +1014,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of the ID namespace associations in a collaboration.

" + "documentation":"

Returns a list of the ID namespace associations in a collaboration.

", + "readonly":true }, "ListCollaborationPrivacyBudgetTemplates":{ "name":"ListCollaborationPrivacyBudgetTemplates", @@ -929,7 +1033,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns an array that summarizes each privacy budget template in a specified collaboration.

" + "documentation":"

Returns an array that summarizes each privacy budget template in a specified collaboration.

", + "readonly":true }, "ListCollaborationPrivacyBudgets":{ "name":"ListCollaborationPrivacyBudgets", @@ -947,7 +1052,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns an array that summarizes each privacy budget in a specified collaboration. The summary includes the collaboration ARN, creation time, creating account, and privacy budget details.

" + "documentation":"

Returns an array that summarizes each privacy budget in a specified collaboration. The summary includes the collaboration ARN, creation time, creating account, and privacy budget details.

", + "readonly":true }, "ListCollaborations":{ "name":"ListCollaborations", @@ -964,7 +1070,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists collaborations the caller owns, is active in, or has been invited to.

" + "documentation":"

Lists collaborations the caller owns, is active in, or has been invited to.

", + "readonly":true }, "ListConfiguredAudienceModelAssociations":{ "name":"ListConfiguredAudienceModelAssociations", @@ -982,7 +1089,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists information about requested configured audience model associations.

" + "documentation":"

Lists information about requested configured audience model associations.

", + "readonly":true }, "ListConfiguredTableAssociations":{ "name":"ListConfiguredTableAssociations", @@ -1000,7 +1108,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured table associations for a membership.

" + "documentation":"

Lists configured table associations for a membership.

", + "readonly":true }, "ListConfiguredTables":{ "name":"ListConfiguredTables", @@ -1017,7 +1126,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists configured tables.

" + "documentation":"

Lists configured tables.

", + "readonly":true }, "ListIdMappingTables":{ "name":"ListIdMappingTables", @@ -1035,7 +1145,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of ID mapping tables.

" + "documentation":"

Returns a list of ID mapping tables.

", + "readonly":true }, "ListIdNamespaceAssociations":{ "name":"ListIdNamespaceAssociations", @@ -1053,7 +1164,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of ID namespace associations.

" + "documentation":"

Returns a list of ID namespace associations.

", + "readonly":true }, "ListMembers":{ "name":"ListMembers", @@ -1071,7 +1183,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all members within a collaboration.

" + "documentation":"

Lists all members within a collaboration.

", + "readonly":true }, "ListMemberships":{ "name":"ListMemberships", @@ -1088,7 +1201,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all memberships resources within the caller's account.

" + "documentation":"

Lists all memberships resources within the caller's account.

", + "readonly":true }, "ListPrivacyBudgetTemplates":{ "name":"ListPrivacyBudgetTemplates", @@ -1106,7 +1220,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns detailed information about the privacy budget templates in a specified membership.

" + "documentation":"

Returns detailed information about the privacy budget templates in a specified membership.

", + "readonly":true }, "ListPrivacyBudgets":{ "name":"ListPrivacyBudgets", @@ -1124,7 +1239,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns detailed information about the privacy budgets in a specified membership.

" + "documentation":"

Returns detailed information about the privacy budgets in a specified membership.

", + "readonly":true + }, + "ListProtectedJobs":{ + "name":"ListProtectedJobs", + "http":{ + "method":"GET", + "requestUri":"/memberships/{membershipIdentifier}/protectedJobs", + "responseCode":200 + }, + "input":{"shape":"ListProtectedJobsInput"}, + "output":{"shape":"ListProtectedJobsOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists protected jobs, sorted by most recent job.

", + "readonly":true }, "ListProtectedQueries":{ "name":"ListProtectedQueries", @@ -1142,7 +1277,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists protected queries, sorted by the most recent query.

" + "documentation":"

Lists protected queries, sorted by the most recent query.

", + "readonly":true }, "ListSchemas":{ "name":"ListSchemas", @@ -1160,7 +1296,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists the schemas for relations within a collaboration.

" + "documentation":"

Lists the schemas for relations within a collaboration.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1175,7 +1312,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], - "documentation":"

Lists all of the tags that have been added to a resource.

" + "documentation":"

Lists all of the tags that have been added to a resource.

", + "readonly":true }, "PopulateIdMappingTable":{ "name":"PopulateIdMappingTable", @@ -1215,6 +1353,25 @@ ], "documentation":"

An estimate of the number of aggregation functions that the member who can query can run given epsilon and noise parameters.

" }, + "StartProtectedJob":{ + "name":"StartProtectedJob", + "http":{ + "method":"POST", + "requestUri":"/memberships/{membershipIdentifier}/protectedJobs", + "responseCode":200 + }, + "input":{"shape":"StartProtectedJobInput"}, + "output":{"shape":"StartProtectedJobOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Creates a protected job that is started by Clean Rooms.

" + }, "StartProtectedQuery":{ "name":"StartProtectedQuery", "http":{ @@ -1328,6 +1485,7 @@ "output":{"shape":"UpdateConfiguredTableOutput"}, "errors":[ {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -1465,7 +1623,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Updates the privacy budget template for the specified membership.

" + "documentation":"

Updates the privacy budget template for the specified collaboration.

" + }, + "UpdateProtectedJob":{ + "name":"UpdateProtectedJob", + "http":{ + "method":"PATCH", + "requestUri":"/memberships/{membershipIdentifier}/protectedJobs/{protectedJobIdentifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateProtectedJobInput"}, + "output":{"shape":"UpdateProtectedJobOutput"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Updates the processing of a currently running job.

", + "idempotent":true }, "UpdateProtectedQuery":{ "name":"UpdateProtectedQuery", @@ -1489,6 +1667,127 @@ } }, "shapes":{ + "AccessBudget":{ + "type":"structure", + "required":[ + "resourceArn", + "details", + "aggregateRemainingBudget" + ], + "members":{ + "resourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the access budget resource.

" + }, + "details":{ + "shape":"AccessBudgetDetailsList", + "documentation":"

Detailed budget information including time bounds, remaining budget, and refresh settings.

" + }, + "aggregateRemainingBudget":{ + "shape":"RemainingBudget", + "documentation":"

The total remaining budget across all budget parameters, showing the lower value between the per-period budget and lifetime budget for this access budget. For individual parameter budgets, see remainingBudget.

" + } + }, + "documentation":"

Controls and tracks usage limits for associated configured tables within a collaboration across queries and job. Supports both period-based budgets that can renew (daily, weekly, or monthly) and fixed lifetime budgets. Contains the resource ARN, remaining budget information, and up to two budget configurations (period-based and lifetime). By default, table usage is unlimited unless a budget is configured.

" + }, + "AccessBudgetDetails":{ + "type":"structure", + "required":[ + "startTime", + "remainingBudget", + "budget", + "budgetType" + ], + "members":{ + "startTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the access budget period.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the access budget period.

" + }, + "remainingBudget":{ + "shape":"RemainingBudget", + "documentation":"

The remaining budget amount available for use within this access budget.

" + }, + "budget":{ + "shape":"Budget", + "documentation":"

The total budget allocation amount for this access budget.

" + }, + "budgetType":{ + "shape":"AccessBudgetType", + "documentation":"

Specifies the time period for limiting table usage in queries and jobs. For calendar-based periods, the budget can renew if auto refresh is enabled. For lifetime budgets, the limit applies to the total usage throughout the collaboration. Valid values are:

CALENDAR_DAY - Limit table usage per day.

CALENDAR_WEEK - Limit table usage per week.

CALENDAR_MONTH - Limit table usage per month.

LIFETIME - Limit total table usage for the collaboration duration.

" + }, + "autoRefresh":{ + "shape":"AutoRefreshMode", + "documentation":"

Indicates whether the budget automatically refreshes for each time period specified in budgetType. Valid values are:

ENABLED - The budget refreshes automatically at the start of each period.

DISABLED - The budget must be refreshed manually.

NULL - The value is null when budgetType is set to LIFETIME.

" + } + }, + "documentation":"

Detailed information about an access budget including time bounds, budget allocation, and configuration settings.

" + }, + "AccessBudgetDetailsList":{ + "type":"list", + "member":{"shape":"AccessBudgetDetails"}, + "max":2, + "min":1 + }, + "AccessBudgetType":{ + "type":"string", + "enum":[ + "CALENDAR_DAY", + "CALENDAR_MONTH", + "CALENDAR_WEEK", + "LIFETIME" + ] + }, + "AccessBudgetsPrivacyTemplateParametersInput":{ + "type":"structure", + "required":[ + "budgetParameters", + "resourceArn" + ], + "members":{ + "budgetParameters":{ + "shape":"BudgetParameters", + "documentation":"

An array of budget parameters that define the access budget configuration for the privacy template.

" + }, + "resourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource associated with this privacy budget template.

" + } + }, + "documentation":"

Input parameters for privacy budget templates that support access budgets functionality, enabling enhanced budget management capabilities.

" + }, + "AccessBudgetsPrivacyTemplateParametersOutput":{ + "type":"structure", + "required":[ + "budgetParameters", + "resourceArn" + ], + "members":{ + "budgetParameters":{ + "shape":"BudgetParameters", + "documentation":"

An array of budget parameters returned from the access budget configuration.

" + }, + "resourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource associated with this privacy budget template.

" + } + }, + "documentation":"

Output parameters for privacy budget templates with access budgets support, containing the configured budget information.

" + }, + "AccessBudgetsPrivacyTemplateUpdateParameters":{ + "type":"structure", + "required":["budgetParameters"], + "members":{ + "budgetParameters":{ + "shape":"BudgetParameters", + "documentation":"

Updated array of budget parameters for the access budget configuration.

" + } + }, + "documentation":"

Update parameters for privacy budget templates with access budgets functionality, allowing modification of existing budget configurations.

" + }, "AccessDeniedException":{ "type":"structure", "members":{ @@ -1609,20 +1908,30 @@ "AllowedColumnList":{ "type":"list", "member":{"shape":"ColumnName"}, - "max":225, "min":1 }, "AllowedResultReceivers":{ "type":"list", "member":{"shape":"AccountId"} }, + "AllowedResultRegions":{ + "type":"list", + "member":{"shape":"SupportedS3Region"} + }, "AnalysisFormat":{ "type":"string", - "enum":["SQL"] + "enum":[ + "SQL", + "PYSPARK_1_0" + ] }, "AnalysisMethod":{ "type":"string", - "enum":["DIRECT_QUERY"] + "enum":[ + "DIRECT_QUERY", + "DIRECT_JOB", + "MULTIPLE" + ] }, "AnalysisParameter":{ "type":"structure", @@ -1650,7 +1959,7 @@ "AnalysisParameterList":{ "type":"list", "member":{"shape":"AnalysisParameter"}, - "max":10, + "max":50, "min":0 }, "AnalysisRule":{ @@ -1687,6 +1996,11 @@ "policy":{ "shape":"AnalysisRulePolicy", "documentation":"

A policy that describes the associated data usage limitations.

" + }, + "collaborationPolicy":{"shape":"ConfiguredTableAssociationAnalysisRulePolicy"}, + "consolidatedPolicy":{ + "shape":"ConsolidatedPolicy", + "documentation":"

The consolidated policy for the analysis rule.

" } }, "documentation":"

A specification about how data from the configured table can be used in a query.

" @@ -1910,10 +2224,24 @@ "text":{ "shape":"AnalysisTemplateText", "documentation":"

The query text.

" + }, + "artifacts":{ + "shape":"AnalysisTemplateArtifacts", + "documentation":"

The artifacts of the analysis source.

" } }, "documentation":"

The structure that defines the body of the analysis template.

", - "sensitive":true, + "union":true + }, + "AnalysisSourceMetadata":{ + "type":"structure", + "members":{ + "artifacts":{ + "shape":"AnalysisTemplateArtifactMetadata", + "documentation":"

The artifacts of the analysis source metadata.

" + } + }, + "documentation":"

The analysis source metadata.

", "union":true }, "AnalysisTemplate":{ @@ -1985,6 +2313,10 @@ "shape":"AnalysisSource", "documentation":"

The source of the analysis template.

" }, + "sourceMetadata":{ + "shape":"AnalysisSourceMetadata", + "documentation":"

The source metadata for the analysis template.

" + }, "analysisParameters":{ "shape":"AnalysisParameterList", "documentation":"

The parameters of the analysis template.

" @@ -1992,6 +2324,10 @@ "validations":{ "shape":"AnalysisTemplateValidationStatusDetailList", "documentation":"

Information about the validations performed on the analysis template.

" + }, + "errorMessageConfiguration":{ + "shape":"ErrorMessageConfiguration", + "documentation":"

The configuration that specifies the level of detail in error messages returned by analyses using this template. When set to DETAILED, error messages include more information to help troubleshoot issues with PySpark jobs. Detailed error messages may expose underlying data, including sensitive information. Recommended for faster troubleshooting in development and testing environments.

" } }, "documentation":"

The analysis template.

" @@ -2014,6 +2350,60 @@ "min":0, "pattern":"(ANY_QUERY|ANY_JOB|arn:aws:cleanrooms:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership/[\\d\\w-]+/analysistemplate/[\\d\\w-]+)" }, + "AnalysisTemplateArtifact":{ + "type":"structure", + "required":["location"], + "members":{ + "location":{ + "shape":"S3Location", + "documentation":"

The artifact location.

" + } + }, + "documentation":"

The analysis template artifact.

" + }, + "AnalysisTemplateArtifactList":{ + "type":"list", + "member":{"shape":"AnalysisTemplateArtifact"}, + "max":1, + "min":1 + }, + "AnalysisTemplateArtifactMetadata":{ + "type":"structure", + "required":["entryPointHash"], + "members":{ + "entryPointHash":{ + "shape":"Hash", + "documentation":"

The hash of the entry point for the analysis template artifact metadata.

" + }, + "additionalArtifactHashes":{ + "shape":"HashList", + "documentation":"

Additional artifact hashes for the analysis template.

" + } + }, + "documentation":"

The analysis template artifact metadata.

" + }, + "AnalysisTemplateArtifacts":{ + "type":"structure", + "required":[ + "entryPoint", + "roleArn" + ], + "members":{ + "entryPoint":{ + "shape":"AnalysisTemplateArtifact", + "documentation":"

The entry point for the analysis template artifacts.

" + }, + "additionalArtifacts":{ + "shape":"AnalysisTemplateArtifactList", + "documentation":"

Additional artifacts for the analysis template.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The role ARN for the analysis template artifacts.

" + } + }, + "documentation":"

The analysis template artifacts.

" + }, "AnalysisTemplateIdentifier":{ "type":"string", "max":36, @@ -2084,7 +2474,8 @@ "AnalysisTemplateText":{ "type":"string", "max":90000, - "min":0 + "min":0, + "sensitive":true }, "AnalysisTemplateValidationStatus":{ "type":"string", @@ -2169,7 +2560,7 @@ "type":"string", "max":128, "min":0, - "pattern":"[a-zA-Z0-9_](([a-zA-Z0-9_ ]+-)*([a-zA-Z0-9_ ]+))?" + "pattern":"[a-zA-Z0-9_](([a-zA-Z0-9_]+)*([a-zA-Z0-9_]+))?" }, "AthenaTableReference":{ "type":"structure", @@ -2179,6 +2570,10 @@ "tableName" ], "members":{ + "region":{ + "shape":"CommercialRegion", + "documentation":"

The Amazon Web Services Region where the Athena table is located. This parameter is required to uniquely identify and access tables across different Regions.

" + }, "workGroup":{ "shape":"AthenaWorkGroup", "documentation":"

The workgroup of the Athena table reference.

" @@ -2204,6 +2599,21 @@ "min":1, "pattern":"([a-zA-Z0-9._-])*" }, + "AutoApprovedChangeType":{ + "type":"string", + "enum":["ADD_MEMBER"] + }, + "AutoApprovedChangeTypeList":{ + "type":"list", + "member":{"shape":"AutoApprovedChangeType"} + }, + "AutoRefreshMode":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "BatchGetCollaborationAnalysisTemplateError":{ "type":"structure", "required":[ @@ -2404,6 +2814,17 @@ } } }, + "BilledJobResourceUtilization":{ + "type":"structure", + "required":["units"], + "members":{ + "units":{ + "shape":"Double", + "documentation":"

The number of Clean Rooms Processing Unit (CRPU) hours that have been billed.

" + } + }, + "documentation":"

Information related to the utilization of resources that have been billed or charged for in a given context, such as a protected job.

" + }, "BilledResourceUtilization":{ "type":"structure", "required":["units"], @@ -2419,6 +2840,133 @@ "type":"boolean", "box":true }, + "Budget":{ + "type":"integer", + "box":true, + "max":1000000, + "min":0 + }, + "BudgetParameter":{ + "type":"structure", + "required":[ + "type", + "budget" + ], + "members":{ + "type":{ + "shape":"AccessBudgetType", + "documentation":"

The type of budget parameter being configured.

" + }, + "budget":{ + "shape":"Budget", + "documentation":"

The budget allocation amount for this specific parameter.

" + }, + "autoRefresh":{ + "shape":"AutoRefreshMode", + "documentation":"

Whether this individual budget parameter automatically refreshes when the budget period resets.

" + } + }, + "documentation":"

Individual budget parameter configuration that defines specific budget allocation settings for access budgets.

" + }, + "BudgetParameters":{ + "type":"list", + "member":{"shape":"BudgetParameter"}, + "max":2, + "min":1 + }, + "BudgetedResourceArn":{ + "type":"string", + "max":200, + "min":0, + "pattern":"arn:aws:[\\w]+:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership/[\\d\\w-]+/configuredtableassociation/[\\d\\w-]+" + }, + "Change":{ + "type":"structure", + "required":[ + "specificationType", + "specification", + "types" + ], + "members":{ + "specificationType":{ + "shape":"ChangeSpecificationType", + "documentation":"

The type of specification for this change.

" + }, + "specification":{ + "shape":"ChangeSpecification", + "documentation":"

The specification details for this change.

" + }, + "types":{ + "shape":"ChangeTypeList", + "documentation":"

The list of change types that were applied.

" + } + }, + "documentation":"

Represents a single change within a collaboration change request, containing the change identifier and specification.

" + }, + "ChangeInput":{ + "type":"structure", + "required":[ + "specificationType", + "specification" + ], + "members":{ + "specificationType":{ + "shape":"ChangeSpecificationType", + "documentation":"

The type of specification for the change. Currently supports MEMBER for member-related changes.

" + }, + "specification":{ + "shape":"ChangeSpecification", + "documentation":"

The specification details for the change. The structure depends on the specification type.

" + } + }, + "documentation":"

Specifies a change to apply to a collaboration.

" + }, + "ChangeInputList":{ + "type":"list", + "member":{"shape":"ChangeInput"}, + "max":10, + "min":1 + }, + "ChangeList":{ + "type":"list", + "member":{"shape":"Change"}, + "max":10, + "min":1 + }, + "ChangeRequestStatus":{ + "type":"string", + "enum":[ + "PENDING", + "APPROVED", + "CANCELLED", + "DENIED", + "COMMITTED" + ] + }, + "ChangeSpecification":{ + "type":"structure", + "members":{ + "member":{ + "shape":"MemberChangeSpecification", + "documentation":"

The member change specification when the change type is MEMBER.

" + } + }, + "documentation":"

A union that contains the specification details for different types of changes.

", + "union":true + }, + "ChangeSpecificationType":{ + "type":"string", + "enum":["MEMBER"] + }, + "ChangeType":{ + "type":"string", + "enum":["ADD_MEMBER"] + }, + "ChangeTypeList":{ + "type":"list", + "member":{"shape":"ChangeType"}, + "min":1 + }, "CleanroomsArn":{ "type":"string", "max":100, @@ -2489,11 +3037,23 @@ }, "queryLogStatus":{ "shape":"CollaborationQueryLogStatus", - "documentation":"

An indicator as to whether query logging has been enabled or disabled for the collaboration.

" + "documentation":"

An indicator as to whether query logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about queries run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" + }, + "jobLogStatus":{ + "shape":"CollaborationJobLogStatus", + "documentation":"

An indicator as to whether job logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about jobs run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" }, "analyticsEngine":{ "shape":"AnalyticsEngine", - "documentation":"

The analytics engine for the collaboration.

" + "documentation":"

The analytics engine for the collaboration.

After July 16, 2025, the CLEAN_ROOMS_SQL parameter will no longer be available.

" + }, + "autoApprovedChangeTypes":{ + "shape":"AutoApprovedChangeTypeList", + "documentation":"

The types of change requests that are automatically approved for this collaboration.

" + }, + "allowedResultRegions":{ + "shape":"AllowedResultRegions", + "documentation":"

The Amazon Web Services Regions where collaboration query results can be stored. Returns the list of Region identifiers that were specified when the collaboration was created. This list is used to enforce regional storage policies and compliance requirements.

" } }, "documentation":"

The multi-party data share environment. The collaboration contains metadata about its purpose and participants.

" @@ -2510,8 +3070,7 @@ "createTime", "updateTime", "schema", - "format", - "source" + "format" ], "members":{ "id":{ @@ -2562,6 +3121,10 @@ "shape":"AnalysisSource", "documentation":"

The source of the analysis template within a collaboration.

" }, + "sourceMetadata":{ + "shape":"AnalysisSourceMetadata", + "documentation":"

The source metadata for the collaboration analysis template.

" + }, "analysisParameters":{ "shape":"AnalysisParameterList", "documentation":"

The analysis parameters that have been specified in the analysis template.

" @@ -2569,6 +3132,10 @@ "validations":{ "shape":"AnalysisTemplateValidationStatusDetailList", "documentation":"

The validations that were performed.

" + }, + "errorMessageConfiguration":{ + "shape":"ErrorMessageConfiguration", + "documentation":"

The configuration that specifies the level of detail in error messages returned by analyses using this template. When set to DETAILED, error messages include more information to help troubleshoot issues with PySpark jobs. Detailed error messages may expose underlying data, including sensitive information. Recommended for faster troubleshooting in development and testing environments.

" } }, "documentation":"

The analysis template within a collaboration.

" @@ -2641,6 +3208,102 @@ "min":0, "pattern":"arn:aws:[\\w]+:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:collaboration/[\\d\\w-]+" }, + "CollaborationChangeRequest":{ + "type":"structure", + "required":[ + "id", + "collaborationId", + "createTime", + "updateTime", + "status", + "isAutoApproved", + "changes" + ], + "members":{ + "id":{ + "shape":"UUID", + "documentation":"

The unique identifier for the change request.

" + }, + "collaborationId":{ + "shape":"UUID", + "documentation":"

The unique identifier for the collaboration being modified.

" + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

The time when the change request was created.

" + }, + "updateTime":{ + "shape":"Timestamp", + "documentation":"

The time when the change request was last updated.

" + }, + "status":{ + "shape":"ChangeRequestStatus", + "documentation":"

The current status of the change request. Valid values are PENDING, APPROVED, DENIED, COMMITTED, and CANCELLED.

" + }, + "isAutoApproved":{ + "shape":"Boolean", + "documentation":"

Whether the change request was automatically approved based on the collaboration's auto-approval settings.

" + }, + "changes":{ + "shape":"ChangeList", + "documentation":"

The list of changes specified in this change request.

" + } + }, + "documentation":"

Represents a request to modify a collaboration. Change requests enable structured modifications to collaborations after they have been created.

" + }, + "CollaborationChangeRequestIdentifier":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, + "CollaborationChangeRequestSummary":{ + "type":"structure", + "required":[ + "id", + "collaborationId", + "createTime", + "updateTime", + "status", + "isAutoApproved", + "changes" + ], + "members":{ + "id":{ + "shape":"UUID", + "documentation":"

The unique identifier for the change request.

" + }, + "collaborationId":{ + "shape":"UUID", + "documentation":"

The unique identifier for the collaboration.

" + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

The time when the change request was created.

" + }, + "updateTime":{ + "shape":"Timestamp", + "documentation":"

The time when the change request was last updated.

" + }, + "status":{ + "shape":"ChangeRequestStatus", + "documentation":"

The current status of the change request.

" + }, + "isAutoApproved":{ + "shape":"Boolean", + "documentation":"

Whether the change request was automatically approved.

" + }, + "changes":{ + "shape":"ChangeList", + "documentation":"

Summary of the changes in this change request.

" + } + }, + "documentation":"

Summary information about a collaboration change request.

" + }, + "CollaborationChangeRequestSummaryList":{ + "type":"list", + "member":{"shape":"CollaborationChangeRequestSummary"} + }, "CollaborationConfiguredAudienceModelAssociation":{ "type":"structure", "required":[ @@ -2895,6 +3558,13 @@ "min":36, "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, + "CollaborationJobLogStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "CollaborationName":{ "type":"string", "max":100, @@ -3135,7 +3805,7 @@ }, "analyticsEngine":{ "shape":"AnalyticsEngine", - "documentation":"

The analytics engine.

" + "documentation":"

The analytics engine.

After July 16, 2025, the CLEAN_ROOMS_SQL parameter will no longer be available.

" } }, "documentation":"

The metadata of the collaboration.

" @@ -3178,6 +3848,44 @@ "min":0, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDBFF-\\uDC00\\uDFFF\\t]*" }, + "CommercialRegion":{ + "type":"string", + "enum":[ + "us-west-1", + "us-west-2", + "us-east-1", + "us-east-2", + "af-south-1", + "ap-east-1", + "ap-south-2", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ap-southeast-5", + "ap-southeast-4", + "ap-southeast-7", + "ap-south-1", + "ap-northeast-3", + "ap-northeast-1", + "ap-northeast-2", + "ca-central-1", + "ca-west-1", + "eu-south-1", + "eu-west-3", + "eu-south-2", + "eu-central-2", + "eu-central-1", + "eu-north-1", + "eu-west-1", + "eu-west-2", + "me-south-1", + "me-central-1", + "il-central-1", + "sa-east-1", + "mx-central-1", + "ap-east-2" + ] + }, "ComputeConfiguration":{ "type":"structure", "members":{ @@ -3405,11 +4113,15 @@ }, "analysisMethod":{ "shape":"AnalysisMethod", - "documentation":"

The analysis method for the configured table. The only valid value is currently `DIRECT_QUERY`.

" + "documentation":"

The analysis method for the configured table.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" }, "allowedColumns":{ "shape":"AllowedColumnList", - "documentation":"

The columns within the underlying Glue table that can be utilized within collaborations.

" + "documentation":"

The columns within the underlying Glue table that can be used within collaborations.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The selected analysis methods for the configured table.

" } }, "documentation":"

A table that has been configured for use in a collaboration.

" @@ -3746,6 +4458,10 @@ "arn":{ "shape":"ConfiguredTableAssociationArn", "documentation":"

The unique ARN for the configured table association.

" + }, + "analysisRuleTypes":{ + "shape":"ConfiguredTableAssociationAnalysisRuleTypeList", + "documentation":"

The analysis rule types that are associated with the configured table associations in this summary.

" } }, "documentation":"

The configured table association summary for the objects listed by the request.

" @@ -3798,7 +4514,11 @@ }, "analysisMethod":{ "shape":"AnalysisMethod", - "documentation":"

The analysis method for the configured tables. The only valid value is currently `DIRECT_QUERY`.

" + "documentation":"

The analysis method for the configured tables.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The selected analysis methods for the configured table summary.

" } }, "documentation":"

The configured table summary for the objects listed by the request.

" @@ -3842,6 +4562,175 @@ "INVALID_STATE" ] }, + "ConsolidatedPolicy":{ + "type":"structure", + "members":{ + "v1":{ + "shape":"ConsolidatedPolicyV1", + "documentation":"

The consolidated policy version 1.

" + } + }, + "documentation":"

Controls on the analysis specifications that can be run on a configured table.

", + "union":true + }, + "ConsolidatedPolicyAggregation":{ + "type":"structure", + "required":[ + "aggregateColumns", + "joinColumns", + "dimensionColumns", + "scalarFunctions", + "outputConstraints" + ], + "members":{ + "aggregateColumns":{ + "shape":"ConsolidatedPolicyAggregationAggregateColumnsList", + "documentation":"

Aggregate columns in consolidated policy aggregation.

" + }, + "joinColumns":{ + "shape":"AnalysisRuleColumnList", + "documentation":"

The columns to join on.

" + }, + "joinRequired":{ + "shape":"JoinRequiredOption", + "documentation":"

Join required

" + }, + "allowedJoinOperators":{ + "shape":"JoinOperatorsList", + "documentation":"

The allowed join operators.

" + }, + "dimensionColumns":{ + "shape":"AnalysisRuleColumnList", + "documentation":"

The dimension columns of the consolidated policy aggregation.

" + }, + "scalarFunctions":{ + "shape":"ScalarFunctionsList", + "documentation":"

The scalar functions.

" + }, + "outputConstraints":{ + "shape":"AggregationConstraints", + "documentation":"

The output constraints of the consolidated policy aggregation.

" + }, + "additionalAnalyses":{ + "shape":"AdditionalAnalyses", + "documentation":"

Additional analyses for the consolidated policy aggregation.

" + }, + "allowedResultReceivers":{ + "shape":"AllowedResultReceivers", + "documentation":"

The allowed result receivers.

" + }, + "allowedAdditionalAnalyses":{ + "shape":"AllowedAdditionalAnalyses", + "documentation":"

The additional analyses allowed by the consolidated policy aggregation.

" + } + }, + "documentation":"

Controls on the analysis specifications that can be run on a configured table.

" + }, + "ConsolidatedPolicyAggregationAggregateColumnsList":{ + "type":"list", + "member":{"shape":"AggregateColumn"}, + "min":1 + }, + "ConsolidatedPolicyCustom":{ + "type":"structure", + "required":["allowedAnalyses"], + "members":{ + "allowedAnalyses":{ + "shape":"ConsolidatedPolicyCustomAllowedAnalysesList", + "documentation":"

The allowed analyses.

" + }, + "allowedAnalysisProviders":{ + "shape":"ConsolidatedPolicyCustomAllowedAnalysisProvidersList", + "documentation":"

The allowed analysis providers.

" + }, + "additionalAnalyses":{ + "shape":"AdditionalAnalyses", + "documentation":"

Additional analyses for the consolidated policy.

" + }, + "disallowedOutputColumns":{ + "shape":"AnalysisRuleColumnList", + "documentation":"

Disallowed output columns

" + }, + "differentialPrivacy":{"shape":"DifferentialPrivacyConfiguration"}, + "allowedResultReceivers":{ + "shape":"AllowedResultReceivers", + "documentation":"

The allowed result receivers.

" + }, + "allowedAdditionalAnalyses":{ + "shape":"AllowedAdditionalAnalyses", + "documentation":"

The additional analyses allowed by the consolidated policy.

" + } + }, + "documentation":"

Controls on the analysis specifications that can be run on a configured table.

" + }, + "ConsolidatedPolicyCustomAllowedAnalysesList":{ + "type":"list", + "member":{"shape":"AnalysisTemplateArnOrQueryWildcard"}, + "min":0 + }, + "ConsolidatedPolicyCustomAllowedAnalysisProvidersList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "min":0 + }, + "ConsolidatedPolicyList":{ + "type":"structure", + "required":[ + "joinColumns", + "listColumns" + ], + "members":{ + "joinColumns":{ + "shape":"ConsolidatedPolicyListJoinColumnsList", + "documentation":"

The columns to join on.

" + }, + "allowedJoinOperators":{ + "shape":"JoinOperatorsList", + "documentation":"

The allowed join operators in the consolidated policy list.

" + }, + "listColumns":{ + "shape":"AnalysisRuleColumnList", + "documentation":"

The columns in the consolidated policy list.

" + }, + "additionalAnalyses":{ + "shape":"AdditionalAnalyses", + "documentation":"

Additional analyses for the consolidated policy list.

" + }, + "allowedResultReceivers":{ + "shape":"AllowedResultReceivers", + "documentation":"

The allowed result receivers.

" + }, + "allowedAdditionalAnalyses":{ + "shape":"AllowedAdditionalAnalyses", + "documentation":"

The additional analyses allowed by the consolidated policy list.

" + } + }, + "documentation":"

Controls on the analysis specifications that can be run on a configured table.

" + }, + "ConsolidatedPolicyListJoinColumnsList":{ + "type":"list", + "member":{"shape":"AnalysisRuleColumnName"}, + "min":1 + }, + "ConsolidatedPolicyV1":{ + "type":"structure", + "members":{ + "list":{ + "shape":"ConsolidatedPolicyList", + "documentation":"

The list of consolidated policies.

" + }, + "aggregation":{ + "shape":"ConsolidatedPolicyAggregation", + "documentation":"

The aggregation setting for the consolidated policy.

" + }, + "custom":{ + "shape":"ConsolidatedPolicyCustom", + "documentation":"

Custom policy

" + } + }, + "documentation":"

Controls on the analysis specifications that can be run on a configured table.

", + "union":true + }, "CreateAnalysisTemplateInput":{ "type":"structure", "required":[ @@ -3871,7 +4760,7 @@ }, "source":{ "shape":"AnalysisSource", - "documentation":"

The information in the analysis template. Currently supports text, the query text for the analysis template.

" + "documentation":"

The information in the analysis template.

" }, "tags":{ "shape":"TagMap", @@ -3880,6 +4769,11 @@ "analysisParameters":{ "shape":"AnalysisParameterList", "documentation":"

The parameters of the analysis template.

" + }, + "schema":{"shape":"AnalysisSchema"}, + "errorMessageConfiguration":{ + "shape":"ErrorMessageConfiguration", + "documentation":"

The configuration that specifies the level of detail in error messages returned by analyses using this template. When set to DETAILED, error messages include more information to help troubleshoot issues with PySpark jobs. Detailed error messages may expose underlying data, including sensitive information. Recommended for faster troubleshooting in development and testing environments.

" } } }, @@ -3893,6 +4787,32 @@ } } }, + "CreateCollaborationChangeRequestInput":{ + "type":"structure", + "required":[ + "collaborationIdentifier", + "changes" + ], + "members":{ + "collaborationIdentifier":{ + "shape":"CollaborationIdentifier", + "documentation":"

The identifier of the collaboration that the change request is made against.

", + "location":"uri", + "locationName":"collaborationIdentifier" + }, + "changes":{ + "shape":"ChangeInputList", + "documentation":"

The list of changes to apply to the collaboration. Each change specifies the type of modification and the details of what should be changed.

" + } + } + }, + "CreateCollaborationChangeRequestOutput":{ + "type":"structure", + "required":["collaborationChangeRequest"], + "members":{ + "collaborationChangeRequest":{"shape":"CollaborationChangeRequest"} + } + }, "CreateCollaborationInput":{ "type":"structure", "required":[ @@ -3922,7 +4842,7 @@ }, "creatorMLMemberAbilities":{ "shape":"MLMemberAbilities", - "documentation":"

The ML abilities granted to the collaboration creator.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

The ML abilities granted to the collaboration creator.

" }, "creatorDisplayName":{ "shape":"DisplayName", @@ -3934,7 +4854,11 @@ }, "queryLogStatus":{ "shape":"CollaborationQueryLogStatus", - "documentation":"

An indicator as to whether query logging has been enabled or disabled for the collaboration.

" + "documentation":"

An indicator as to whether query logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about queries run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" + }, + "jobLogStatus":{ + "shape":"CollaborationJobLogStatus", + "documentation":"

Specifies whether job logs are enabled for this collaboration.

When ENABLED, Clean Rooms logs details about jobs run within this collaboration; those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" }, "tags":{ "shape":"TagMap", @@ -3946,7 +4870,15 @@ }, "analyticsEngine":{ "shape":"AnalyticsEngine", - "documentation":"

The analytics engine.

" + "documentation":"

The analytics engine.

After July 16, 2025, the CLEAN_ROOMS_SQL parameter will no longer be available.

" + }, + "autoApprovedChangeRequestTypes":{ + "shape":"AutoApprovedChangeTypeList", + "documentation":"

The types of change requests that are automatically approved for this collaboration.

" + }, + "allowedResultRegions":{ + "shape":"AllowedResultRegions", + "documentation":"

The Amazon Web Services Regions where collaboration query results can be stored. When specified, results can only be written to these Regions. This parameter enables you to meet your compliance and data governance requirements, and implement regional data governance policies.

" } } }, @@ -4156,7 +5088,11 @@ }, "analysisMethod":{ "shape":"AnalysisMethod", - "documentation":"

The analysis method for the configured tables. The only valid value is currently `DIRECT_QUERY`.

" + "documentation":"

The analysis method allowed for the configured tables.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The analysis methods to enable for the configured table. When configured, you must specify at least two analysis methods.

" }, "tags":{ "shape":"TagMap", @@ -4279,7 +5215,11 @@ }, "queryLogStatus":{ "shape":"MembershipQueryLogStatus", - "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

" + "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

When ENABLED, Clean Rooms logs details about queries run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" + }, + "jobLogStatus":{ + "shape":"MembershipJobLogStatus", + "documentation":"

An indicator as to whether job logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about jobs run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" }, "tags":{ "shape":"TagMap", @@ -4289,6 +5229,10 @@ "shape":"MembershipProtectedQueryResultConfiguration", "documentation":"

The default protected query result configuration as specified by the member who can receive results.

" }, + "defaultJobResultConfiguration":{ + "shape":"MembershipProtectedJobResultConfiguration", + "documentation":"

The default job result configuration that determines how job results are protected and managed within this membership. This configuration applies to all jobs.

" + }, "paymentConfiguration":{ "shape":"MembershipPaymentConfiguration", "documentation":"

The payment responsibilities accepted by the collaboration member.

Not required if the collaboration member has the member ability to run queries.

Required if the collaboration member doesn't have the member ability to run queries but is configured as a payer by the collaboration creator.

" @@ -4309,7 +5253,6 @@ "type":"structure", "required":[ "membershipIdentifier", - "autoRefresh", "privacyBudgetType", "parameters" ], @@ -4411,8 +5354,7 @@ }, "DeleteAnalysisTemplateOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCollaborationInput":{ "type":"structure", @@ -4428,8 +5370,7 @@ }, "DeleteCollaborationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConfiguredAudienceModelAssociationInput":{ "type":"structure", @@ -4454,8 +5395,7 @@ }, "DeleteConfiguredAudienceModelAssociationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConfiguredTableAnalysisRuleInput":{ "type":"structure", @@ -4480,8 +5420,7 @@ }, "DeleteConfiguredTableAnalysisRuleOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An empty response that indicates a successful delete.

" }, "DeleteConfiguredTableAssociationAnalysisRuleInput":{ @@ -4514,8 +5453,7 @@ }, "DeleteConfiguredTableAssociationAnalysisRuleOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConfiguredTableAssociationInput":{ "type":"structure", @@ -4540,8 +5478,7 @@ }, "DeleteConfiguredTableAssociationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConfiguredTableInput":{ "type":"structure", @@ -4557,8 +5494,7 @@ }, "DeleteConfiguredTableOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The empty output for a successful deletion.

" }, "DeleteIdMappingTableInput":{ @@ -4584,8 +5520,7 @@ }, "DeleteIdMappingTableOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIdNamespaceAssociationInput":{ "type":"structure", @@ -4610,8 +5545,7 @@ }, "DeleteIdNamespaceAssociationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMemberInput":{ "type":"structure", @@ -4636,8 +5570,7 @@ }, "DeleteMemberOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMembershipInput":{ "type":"structure", @@ -4653,8 +5586,7 @@ }, "DeleteMembershipOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePrivacyBudgetTemplateInput":{ "type":"structure", @@ -4679,8 +5611,7 @@ }, "DeletePrivacyBudgetTemplateOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DifferentialPrivacyAggregationExpression":{ "type":"string", @@ -4701,7 +5632,7 @@ "required":["name"], "members":{ "name":{ - "shape":"String", + "shape":"ColumnName", "documentation":"

The name of the column, such as user_id, that contains the unique identifier of your users, whose privacy you want to protect. If you want to turn on differential privacy for two or more tables in a collaboration, you must configure the same column as the user identifier column in both analysis rules.

" } }, @@ -4954,8 +5885,7 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "Double":{ @@ -4968,6 +5898,21 @@ "max":20, "min":1 }, + "ErrorMessageConfiguration":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ErrorMessageType", + "documentation":"

The level of detail for error messages returned by the PySpark job. When set to DETAILED, error messages include more information to help troubleshoot issues with your PySpark job.

Because this setting may expose sensitive data, it is recommended for development and testing environments.

" + } + }, + "documentation":"

A structure that defines the level of detail included in error messages returned by PySpark jobs. This configuration allows you to control the verbosity of error messages to help with troubleshooting PySpark jobs while maintaining appropriate security controls.

" + }, + "ErrorMessageType":{ + "type":"string", + "enum":["DETAILED"] + }, "FilterableMemberStatus":{ "type":"string", "enum":[ @@ -5047,6 +5992,37 @@ } } }, + "GetCollaborationChangeRequestInput":{ + "type":"structure", + "required":[ + "collaborationIdentifier", + "changeRequestIdentifier" + ], + "members":{ + "collaborationIdentifier":{ + "shape":"CollaborationIdentifier", + "documentation":"

The identifier of the collaboration that the change request is made against.

", + "location":"uri", + "locationName":"collaborationIdentifier" + }, + "changeRequestIdentifier":{ + "shape":"CollaborationChangeRequestIdentifier", + "documentation":"

A unique identifier for the change request to retrieve.

", + "location":"uri", + "locationName":"changeRequestIdentifier" + } + } + }, + "GetCollaborationChangeRequestOutput":{ + "type":"structure", + "required":["collaborationChangeRequest"], + "members":{ + "collaborationChangeRequest":{ + "shape":"CollaborationChangeRequest", + "documentation":"

The collaboration change request that was requested.

" + } + } + }, "GetCollaborationConfiguredAudienceModelAssociationInput":{ "type":"structure", "required":[ @@ -5430,6 +6406,37 @@ } } }, + "GetProtectedJobInput":{ + "type":"structure", + "required":[ + "membershipIdentifier", + "protectedJobIdentifier" + ], + "members":{ + "membershipIdentifier":{ + "shape":"MembershipIdentifier", + "documentation":"

The identifier for a membership in a protected job instance.

", + "location":"uri", + "locationName":"membershipIdentifier" + }, + "protectedJobIdentifier":{ + "shape":"ProtectedJobIdentifier", + "documentation":"

The identifier for the protected job instance.

", + "location":"uri", + "locationName":"protectedJobIdentifier" + } + } + }, + "GetProtectedJobOutput":{ + "type":"structure", + "required":["protectedJob"], + "members":{ + "protectedJob":{ + "shape":"ProtectedJob", + "documentation":"

The protected job metadata.

" + } + } + }, "GetProtectedQueryInput":{ "type":"structure", "required":[ @@ -5549,6 +6556,10 @@ "databaseName" ], "members":{ + "region":{ + "shape":"CommercialRegion", + "documentation":"

The Amazon Web Services Region where the Glue table is located. This parameter is required to uniquely identify and access tables across different Regions.

" + }, "tableName":{ "shape":"GlueTableName", "documentation":"

The name of the Glue table.

" @@ -5560,6 +6571,20 @@ }, "documentation":"

A reference to a table within an Glue data catalog.

" }, + "Hash":{ + "type":"structure", + "members":{ + "sha256":{ + "shape":"String", + "documentation":"

The SHA-256 hash value.

" + } + }, + "documentation":"

Hash

" + }, + "HashList":{ + "type":"list", + "member":{"shape":"Hash"} + }, "IdMappingConfig":{ "type":"structure", "required":["allowUseAsDimensionColumn"], @@ -6012,6 +7037,25 @@ "exception":true, "fault":true }, + "JobComputePaymentConfig":{ + "type":"structure", + "required":["isResponsible"], + "members":{ + "isResponsible":{ + "shape":"Boolean", + "documentation":"

Indicates whether the collaboration creator has configured the collaboration member to pay for query and job compute costs (TRUE) or has not configured the collaboration member to pay for query and job compute costs (FALSE).

Exactly one member can be configured to pay for query and job compute costs. An error is returned if the collaboration creator sets a TRUE value for more than one member in the collaboration.

An error is returned if the collaboration creator sets a FALSE value for the member who can run queries and jobs.

" + } + }, + "documentation":"

An object representing the collaboration member's payment responsibilities set by the collaboration creator for query and job compute costs.

" + }, + "JobType":{ + "type":"string", + "enum":[ + "BATCH", + "INCREMENTAL", + "DELETE_ONLY" + ] + }, "JoinOperator":{ "type":"string", "enum":[ @@ -6117,6 +7161,50 @@ } } }, + "ListCollaborationChangeRequestsInput":{ + "type":"structure", + "required":["collaborationIdentifier"], + "members":{ + "collaborationIdentifier":{ + "shape":"CollaborationIdentifier", + "documentation":"

The identifier of the collaboration that the change request is made against.

", + "location":"uri", + "locationName":"collaborationIdentifier" + }, + "status":{ + "shape":"ChangeRequestStatus", + "documentation":"

A filter to only return change requests with the specified status.

", + "location":"querystring", + "locationName":"status" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results that are returned for an API request call.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListCollaborationChangeRequestsOutput":{ + "type":"structure", + "required":["collaborationChangeRequestSummaries"], + "members":{ + "collaborationChangeRequestSummaries":{ + "shape":"CollaborationChangeRequestSummaryList", + "documentation":"

The list of collaboration change request summaries.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

" + } + } + }, "ListCollaborationConfiguredAudienceModelAssociationsInput":{ "type":"structure", "required":["collaborationIdentifier"], @@ -6261,6 +7349,12 @@ "documentation":"

The pagination token that's used to fetch the next set of results.

", "location":"querystring", "locationName":"nextToken" + }, + "accessBudgetResourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the Configured Table Association (ConfiguredTableAssociation) used to filter privacy budgets.

", + "location":"querystring", + "locationName":"accessBudgetResourceArn" } } }, @@ -6641,6 +7735,12 @@ "documentation":"

The maximum number of results that are returned for an API request call. The service chooses a default number if you don't set one. The service might return a `nextToken` even if the `maxResults` value has not been met.

", "location":"querystring", "locationName":"maxResults" + }, + "accessBudgetResourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the access budget resource to filter privacy budgets by.

", + "location":"querystring", + "locationName":"accessBudgetResourceArn" } } }, @@ -6658,6 +7758,50 @@ } } }, + "ListProtectedJobsInput":{ + "type":"structure", + "required":["membershipIdentifier"], + "members":{ + "membershipIdentifier":{ + "shape":"MembershipIdentifier", + "documentation":"

The identifier for the membership in the collaboration.

", + "location":"uri", + "locationName":"membershipIdentifier" + }, + "status":{ + "shape":"ProtectedJobStatus", + "documentation":"

A filter on the status of the protected job.

", + "location":"querystring", + "locationName":"status" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results that are returned for an API request call. The service chooses a default number if you don't set one. The service might return a `nextToken` even if the `maxResults` value has not been met.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListProtectedJobsOutput":{ + "type":"structure", + "required":["protectedJobs"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

" + }, + "protectedJobs":{ + "shape":"ProtectedJobSummaryList", + "documentation":"

A list of protected job summaries.

" + } + } + }, "ListProtectedQueriesInput":{ "type":"structure", "required":["membershipIdentifier"], @@ -6778,10 +7922,10 @@ "members":{ "customMLMemberAbilities":{ "shape":"CustomMLMemberAbilities", - "documentation":"

The custom ML member abilities for a collaboration member. The inference feature is not available in the custom ML modeling beta.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

The custom ML member abilities for a collaboration member.

" } }, - "documentation":"

The ML member abilities for a collaboration member.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

The ML member abilities for a collaboration member.

" }, "MLPaymentConfig":{ "type":"structure", @@ -6811,9 +7955,32 @@ "type":"string", "enum":[ "CAN_QUERY", - "CAN_RECEIVE_RESULTS" + "CAN_RECEIVE_RESULTS", + "CAN_RUN_JOB" ] }, + "MemberChangeSpecification":{ + "type":"structure", + "required":[ + "accountId", + "memberAbilities" + ], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

The Amazon Web Services account ID of the member to add to the collaboration.

" + }, + "memberAbilities":{ + "shape":"MemberAbilities", + "documentation":"

The abilities granted to the collaboration member. These determine what actions the member can perform within the collaboration.

The following values are currently not supported: CAN_QUERY, CAN_RECEIVE_RESULTS, and CAN_RUN_JOB.

Set the value of memberAbilities to [] to allow a member to contribute data.

" + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

Specifies the display name that will be shown for this member in the collaboration. While this field is required when inviting new members, it becomes optional when modifying abilities of existing collaboration members.

" + } + }, + "documentation":"

Specifies changes to collaboration membership, including adding new members with their abilities and display names.

" + }, "MemberList":{ "type":"list", "member":{"shape":"MemberSpecification"}, @@ -6838,7 +8005,7 @@ }, "mlMemberAbilities":{ "shape":"MLMemberAbilities", - "documentation":"

The ML abilities granted to the collaboration member.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

The ML abilities granted to the collaboration member.

" }, "displayName":{ "shape":"DisplayName", @@ -6890,7 +8057,7 @@ }, "mlAbilities":{ "shape":"MLMemberAbilities", - "documentation":"

Provides a summary of the ML abilities for the collaboration member.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

Provides a summary of the ML abilities for the collaboration member.

" }, "createTime":{ "shape":"Timestamp", @@ -6983,16 +8150,24 @@ }, "mlMemberAbilities":{ "shape":"MLMemberAbilities", - "documentation":"

Specifies the ML member abilities that are granted to a collaboration member.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

Specifies the ML member abilities that are granted to a collaboration member.

" }, "queryLogStatus":{ "shape":"MembershipQueryLogStatus", - "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

" + "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

When ENABLED, Clean Rooms logs details about queries run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" + }, + "jobLogStatus":{ + "shape":"MembershipJobLogStatus", + "documentation":"

An indicator as to whether job logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about jobs run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" }, "defaultResultConfiguration":{ "shape":"MembershipProtectedQueryResultConfiguration", "documentation":"

The default protected query result configuration as specified by the member who can receive results.

" }, + "defaultJobResultConfiguration":{ + "shape":"MembershipProtectedJobResultConfiguration", + "documentation":"

The default job result configuration for the membership.

" + }, "paymentConfiguration":{ "shape":"MembershipPaymentConfiguration", "documentation":"

The payment responsibilities accepted by the collaboration member.

" @@ -7012,6 +8187,24 @@ "min":36, "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, + "MembershipJobComputePaymentConfig":{ + "type":"structure", + "required":["isResponsible"], + "members":{ + "isResponsible":{ + "shape":"Boolean", + "documentation":"

Indicates whether the collaboration member has accepted to pay for job compute costs (TRUE) or has not accepted to pay for query and job compute costs (FALSE).

There is only one member who pays for queries and jobs.

An error message is returned for the following reasons:

  • If you set the value to FALSE but you are responsible to pay for query and job compute costs.

  • If you set the value to TRUE but you are not responsible to pay for query and job compute costs.

" + } + }, + "documentation":"

An object representing the payment responsibilities accepted by the collaboration member for query and job compute costs.

" + }, + "MembershipJobLogStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "MembershipMLPaymentConfig":{ "type":"structure", "members":{ @@ -7059,10 +8252,43 @@ "machineLearning":{ "shape":"MembershipMLPaymentConfig", "documentation":"

The payment responsibilities accepted by the collaboration member for machine learning costs.

" + }, + "jobCompute":{ + "shape":"MembershipJobComputePaymentConfig", + "documentation":"

The payment responsibilities accepted by the collaboration member for job compute costs.

" } }, "documentation":"

An object representing the payment responsibilities accepted by the collaboration member.

" }, + "MembershipProtectedJobOutputConfiguration":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"ProtectedJobS3OutputConfigurationInput", + "documentation":"

Contains the configuration to write the job results to S3.

" + } + }, + "documentation":"

Contains configurations for protected job results.

", + "union":true + }, + "MembershipProtectedJobResultConfiguration":{ + "type":"structure", + "required":[ + "outputConfiguration", + "roleArn" + ], + "members":{ + "outputConfiguration":{ + "shape":"MembershipProtectedJobOutputConfiguration", + "documentation":"

The output configuration for a protected job result.

" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The unique ARN for an IAM role that is used by Clean Rooms to write protected job results to the result location, given by the member who can receive results.

" + } + }, + "documentation":"

Contains configurations for protected job results.

" + }, "MembershipProtectedQueryOutputConfiguration":{ "type":"structure", "members":{ @@ -7175,7 +8401,7 @@ }, "mlMemberAbilities":{ "shape":"MLMemberAbilities", - "documentation":"

Provides a summary of the ML abilities for the collaboration member.

Custom ML modeling is in beta release and is subject to change. For beta terms and conditions, see Betas and Previews in the Amazon Web Services Service Terms.

" + "documentation":"

Provides a summary of the ML abilities for the collaboration member.

" }, "paymentConfiguration":{ "shape":"MembershipPaymentConfiguration", @@ -7275,6 +8501,10 @@ "machineLearning":{ "shape":"MLPaymentConfig", "documentation":"

An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator.

" + }, + "jobCompute":{ + "shape":"JobComputePaymentConfig", + "documentation":"

The compute configuration for the job.

" } }, "documentation":"

An object representing the collaboration member's payment responsibilities set by the collaboration creator.

" @@ -7297,6 +8527,10 @@ "documentation":"

The unique identifier of the membership that contains the ID mapping table that you want to populate.

", "location":"uri", "locationName":"membershipIdentifier" + }, + "jobType":{ + "shape":"JobType", + "documentation":"

The job type of the rule-based ID mapping job. Valid values include:

INCREMENTAL: Processes only new or changed data since the last job run. This is the default job type if the ID mapping workflow was created in Entity Resolution with incrementalRunConfig specified.

BATCH: Processes all data from the input source, regardless of previous job runs. This is the default job type if the ID mapping workflow was created in Entity Resolution but incrementalRunConfig wasn't specified.

DELETE_ONLY: Processes only deletion requests from BatchDeleteUniqueId, which is set in Entity Resolution.

For more information about incrementalRunConfig and BatchDeleteUniqueId, see the Entity Resolution API Reference.

" } } }, @@ -7356,6 +8590,10 @@ "differentialPrivacy":{ "shape":"DifferentialPrivacyPrivacyBudget", "documentation":"

An object that specifies the epsilon parameter and the utility in terms of total aggregations, as well as the remaining aggregations available.

" + }, + "accessBudget":{ + "shape":"AccessBudget", + "documentation":"

Access budget information associated with this privacy budget.

" } }, "documentation":"

The epsilon parameter value and number of each aggregation function that you can perform.

", @@ -7516,6 +8754,10 @@ "differentialPrivacy":{ "shape":"DifferentialPrivacyTemplateParametersInput", "documentation":"

An object that specifies the epsilon and noise parameters.

" + }, + "accessBudget":{ + "shape":"AccessBudgetsPrivacyTemplateParametersInput", + "documentation":"

Access budget configuration for the privacy budget template input, enabling integration with access budget functionality.

" } }, "documentation":"

The epsilon and noise parameters that you want to use for the privacy budget template.

", @@ -7527,6 +8769,10 @@ "differentialPrivacy":{ "shape":"DifferentialPrivacyTemplateParametersOutput", "documentation":"

The epsilon and noise parameters.

" + }, + "accessBudget":{ + "shape":"AccessBudgetsPrivacyTemplateParametersOutput", + "documentation":"

Access budget configuration returned from the privacy budget template, containing the configured access budget settings.

" } }, "documentation":"

The epsilon and noise parameters that were used in the privacy budget template.

", @@ -7595,6 +8841,10 @@ "differentialPrivacy":{ "shape":"DifferentialPrivacyTemplateUpdateParameters", "documentation":"

An object that specifies the new values for the epsilon and noise parameters.

" + }, + "accessBudget":{ + "shape":"AccessBudgetsPrivacyTemplateUpdateParameters", + "documentation":"

The new access budget configuration that completely replaces the existing access budget settings in the privacy budget template.

" } }, "documentation":"

The epsilon and noise parameters that you want to update in the privacy budget template.

", @@ -7602,7 +8852,10 @@ }, "PrivacyBudgetType":{ "type":"string", - "enum":["DIFFERENTIAL_PRIVACY"] + "enum":[ + "DIFFERENTIAL_PRIVACY", + "ACCESS_BUDGET" + ] }, "PrivacyImpact":{ "type":"structure", @@ -7615,6 +8868,422 @@ "documentation":"

Provides an estimate of the number of aggregation functions that the member who can query can run given the epsilon and noise parameters.

", "union":true }, + "ProtectedJob":{ + "type":"structure", + "required":[ + "id", + "membershipId", + "membershipArn", + "createTime", + "status" + ], + "members":{ + "id":{ + "shape":"ProtectedJobIdentifier", + "documentation":"

The identifier for a protected job instance.

" + }, + "membershipId":{ + "shape":"MembershipIdentifier", + "documentation":"

he identifier for the membership.

" + }, + "membershipArn":{ + "shape":"MembershipArn", + "documentation":"

The ARN of the membership.

" + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

The creation time of the protected job.

" + }, + "jobParameters":{ + "shape":"ProtectedJobParameters", + "documentation":"

The job parameters for the protected job.

" + }, + "status":{ + "shape":"ProtectedJobStatus", + "documentation":"

The status of the protected job.

" + }, + "resultConfiguration":{ + "shape":"ProtectedJobResultConfigurationOutput", + "documentation":"

Contains any details needed to write the job results.

" + }, + "statistics":{ + "shape":"ProtectedJobStatistics", + "documentation":"

The statistics of the protected job.

" + }, + "result":{ + "shape":"ProtectedJobResult", + "documentation":"

The result of the protected job.

" + }, + "error":{ + "shape":"ProtectedJobError", + "documentation":"

The error from the protected job.

" + }, + "computeConfiguration":{ + "shape":"ProtectedJobComputeConfiguration", + "documentation":"

The compute configuration for the protected job.

" + } + }, + "documentation":"

The parameters for an Clean Rooms protected job.

" + }, + "ProtectedJobAnalysisType":{ + "type":"string", + "enum":["DIRECT_ANALYSIS"] + }, + "ProtectedJobComputeConfiguration":{ + "type":"structure", + "members":{ + "worker":{ + "shape":"ProtectedJobWorkerComputeConfiguration", + "documentation":"

The worker configuration for the compute environment.

" + } + }, + "documentation":"

The configuration of the compute resources for a PySpark job.

", + "union":true + }, + "ProtectedJobConfigurationDetails":{ + "type":"structure", + "members":{ + "directAnalysisConfigurationDetails":{ + "shape":"ProtectedJobDirectAnalysisConfigurationDetails", + "documentation":"

The details needed to configure the direct analysis.

" + } + }, + "documentation":"

The protected job configuration details.

", + "union":true + }, + "ProtectedJobDirectAnalysisConfigurationDetails":{ + "type":"structure", + "members":{ + "receiverAccountIds":{ + "shape":"ProtectedJobReceiverAccountIds", + "documentation":"

The receiver account IDs.

" + } + }, + "documentation":"

The protected job direct analysis configuration details.

" + }, + "ProtectedJobError":{ + "type":"structure", + "required":[ + "message", + "code" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"

The message for the protected job error.

" + }, + "code":{ + "shape":"String", + "documentation":"

The error code for the protected job.

" + } + }, + "documentation":"

The protected job error.

" + }, + "ProtectedJobIdentifier":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, + "ProtectedJobMemberOutputConfigurationInput":{ + "type":"structure", + "required":["accountId"], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

The account ID.

" + } + }, + "documentation":"

The protected job member output configuration input.

" + }, + "ProtectedJobMemberOutputConfigurationOutput":{ + "type":"structure", + "required":["accountId"], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

The account ID.

" + } + }, + "documentation":"

The protected job member output configuration output.

" + }, + "ProtectedJobMemberOutputList":{ + "type":"list", + "member":{"shape":"ProtectedJobSingleMemberOutput"} + }, + "ProtectedJobOutput":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"ProtectedJobS3Output", + "documentation":"

If present, the output for a protected job with an `S3` output type.

" + }, + "memberList":{ + "shape":"ProtectedJobMemberOutputList", + "documentation":"

The list of member Amazon Web Services account(s) that received the results of the job.

" + } + }, + "documentation":"

Contains details about the protected job output.

", + "union":true + }, + "ProtectedJobOutputConfigurationInput":{ + "type":"structure", + "members":{ + "member":{ + "shape":"ProtectedJobMemberOutputConfigurationInput", + "documentation":"

The member of the protected job output configuration input.

" + } + }, + "documentation":"

The protected job output configuration input.

", + "union":true + }, + "ProtectedJobOutputConfigurationOutput":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"ProtectedJobS3OutputConfigurationOutput", + "documentation":"

If present, the output for a protected job with an `S3` output type.

" + }, + "member":{ + "shape":"ProtectedJobMemberOutputConfigurationOutput", + "documentation":"

The member output configuration for a protected job.

" + } + }, + "documentation":"

The protected job output configuration output.

", + "union":true + }, + "ProtectedJobParameters":{ + "type":"structure", + "members":{ + "analysisTemplateArn":{ + "shape":"AnalysisTemplateArn", + "documentation":"

The ARN of the analysis template.

" + } + }, + "documentation":"

The parameters for the protected job.

" + }, + "ProtectedJobReceiverAccountIds":{ + "type":"list", + "member":{"shape":"AccountId"} + }, + "ProtectedJobReceiverConfiguration":{ + "type":"structure", + "required":["analysisType"], + "members":{ + "analysisType":{ + "shape":"ProtectedJobAnalysisType", + "documentation":"

The analysis type for the protected job receiver configuration.

" + }, + "configurationDetails":{ + "shape":"ProtectedJobConfigurationDetails", + "documentation":"

The configuration details for the protected job receiver.

" + } + }, + "documentation":"

The protected job receiver configuration.

" + }, + "ProtectedJobReceiverConfigurations":{ + "type":"list", + "member":{"shape":"ProtectedJobReceiverConfiguration"} + }, + "ProtectedJobResult":{ + "type":"structure", + "required":["output"], + "members":{ + "output":{ + "shape":"ProtectedJobOutput", + "documentation":"

The output of the protected job.

" + } + }, + "documentation":"

Details about the job results.

" + }, + "ProtectedJobResultConfigurationInput":{ + "type":"structure", + "required":["outputConfiguration"], + "members":{ + "outputConfiguration":{ + "shape":"ProtectedJobOutputConfigurationInput", + "documentation":"

The output configuration for a protected job result.

" + } + }, + "documentation":"

The protected job result configuration input.

" + }, + "ProtectedJobResultConfigurationOutput":{ + "type":"structure", + "required":["outputConfiguration"], + "members":{ + "outputConfiguration":{ + "shape":"ProtectedJobOutputConfigurationOutput", + "documentation":"

The output configuration.

" + } + }, + "documentation":"

The output configuration for a protected job result.

" + }, + "ProtectedJobS3Output":{ + "type":"structure", + "required":["location"], + "members":{ + "location":{ + "shape":"String", + "documentation":"

The S3 location for the protected job output.

" + } + }, + "documentation":"

Contains output information for protected jobs with an S3 output type.

" + }, + "ProtectedJobS3OutputConfigurationInput":{ + "type":"structure", + "required":["bucket"], + "members":{ + "bucket":{ + "shape":"ProtectedJobS3OutputConfigurationInputBucketString", + "documentation":"

The S3 bucket for job output.

" + }, + "keyPrefix":{ + "shape":"KeyPrefix", + "documentation":"

The S3 prefix to unload the protected job results.

" + } + }, + "documentation":"

Contains input information for protected jobs with an S3 output type.

" + }, + "ProtectedJobS3OutputConfigurationInputBucketString":{ + "type":"string", + "max":63, + "min":3, + "pattern":".*(?!^(\\d+\\.)+\\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])$).*" + }, + "ProtectedJobS3OutputConfigurationOutput":{ + "type":"structure", + "required":["bucket"], + "members":{ + "bucket":{ + "shape":"ProtectedJobS3OutputConfigurationOutputBucketString", + "documentation":"

The S3 bucket for job output.

" + }, + "keyPrefix":{ + "shape":"KeyPrefix", + "documentation":"

The S3 prefix to unload the protected job results.

" + } + }, + "documentation":"

The output configuration for a protected job's S3 output.

" + }, + "ProtectedJobS3OutputConfigurationOutputBucketString":{ + "type":"string", + "max":63, + "min":3, + "pattern":".*(?!^(\\d+\\.)+\\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])$).*" + }, + "ProtectedJobSingleMemberOutput":{ + "type":"structure", + "required":["accountId"], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

The Amazon Web Services account ID of the member in the collaboration who can receive results from analyses.

" + } + }, + "documentation":"

Details about the member who received the job result.

" + }, + "ProtectedJobStatistics":{ + "type":"structure", + "members":{ + "totalDurationInMillis":{ + "shape":"Long", + "documentation":"

The duration of the protected job, from creation until job completion, in milliseconds.

" + }, + "billedResourceUtilization":{ + "shape":"BilledJobResourceUtilization", + "documentation":"

The billed resource utilization for the protected job.

" + } + }, + "documentation":"

Contains statistics about the execution of the protected job.

" + }, + "ProtectedJobStatus":{ + "type":"string", + "enum":[ + "SUBMITTED", + "STARTED", + "CANCELLED", + "CANCELLING", + "FAILED", + "SUCCESS" + ] + }, + "ProtectedJobSummary":{ + "type":"structure", + "required":[ + "id", + "membershipId", + "membershipArn", + "createTime", + "status", + "receiverConfigurations" + ], + "members":{ + "id":{ + "shape":"UUID", + "documentation":"

The ID of the protected job.

" + }, + "membershipId":{ + "shape":"MembershipIdentifier", + "documentation":"

The unique ID for the membership that initiated the protected job.

" + }, + "membershipArn":{ + "shape":"MembershipArn", + "documentation":"

The unique ARN for the membership that initiated the protected job.

" + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

The time the protected job was created.

" + }, + "status":{ + "shape":"ProtectedJobStatus", + "documentation":"

The status of the protected job.

" + }, + "receiverConfigurations":{ + "shape":"ProtectedJobReceiverConfigurations", + "documentation":"

The receiver configurations for the protected job.

" + } + }, + "documentation":"

The protected job summary for the objects listed by the request.

" + }, + "ProtectedJobSummaryList":{ + "type":"list", + "member":{"shape":"ProtectedJobSummary"} + }, + "ProtectedJobType":{ + "type":"string", + "enum":["PYSPARK"] + }, + "ProtectedJobWorkerComputeConfiguration":{ + "type":"structure", + "required":[ + "type", + "number" + ], + "members":{ + "type":{ + "shape":"ProtectedJobWorkerComputeType", + "documentation":"

The worker compute configuration type.

" + }, + "number":{ + "shape":"ProtectedJobWorkerComputeConfigurationNumberInteger", + "documentation":"

The number of workers for a PySpark job.

" + } + }, + "documentation":"

The configuration of the compute resources for a PySpark job.

" + }, + "ProtectedJobWorkerComputeConfigurationNumberInteger":{ + "type":"integer", + "box":true, + "max":128, + "min":4 + }, + "ProtectedJobWorkerComputeType":{ + "type":"string", + "enum":[ + "CR.1X", + "CR.4X" + ] + }, "ProtectedQuery":{ "type":"structure", "required":[ @@ -7676,6 +9345,42 @@ }, "documentation":"

The parameters for an Clean Rooms protected query.

" }, + "ProtectedQueryDistributeOutput":{ + "type":"structure", + "members":{ + "s3":{"shape":"ProtectedQueryS3Output"}, + "memberList":{ + "shape":"ProtectedQueryMemberOutputList", + "documentation":"

Contains the output results for each member location specified in the distribute output configuration. Each entry provides details about the result distribution to a specific collaboration member.

" + } + }, + "documentation":"

Contains the output information for a protected query with a distribute output configuration.

This output type allows query results to be distributed to multiple receivers, including S3 and collaboration members. It is only available for queries using the Spark analytics engine.

" + }, + "ProtectedQueryDistributeOutputConfiguration":{ + "type":"structure", + "required":["locations"], + "members":{ + "locations":{ + "shape":"ProtectedQueryDistributeOutputConfigurationLocationsList", + "documentation":"

A list of locations where you want to distribute the protected query results. Each location must specify either an S3 destination or a collaboration member destination.

You can't specify more than one S3 location.

You can't specify the query runner's account as a member location.

You must include either an S3 or member output configuration for each location, but not both.

" + } + }, + "documentation":"

Specifies the configuration for distributing protected query results to multiple receivers, including S3 and collaboration members.

" + }, + "ProtectedQueryDistributeOutputConfigurationLocation":{ + "type":"structure", + "members":{ + "s3":{"shape":"ProtectedQueryS3OutputConfiguration"}, + "member":{"shape":"ProtectedQueryMemberOutputConfiguration"} + }, + "documentation":"

Specifies where you'll distribute the results of your protected query. You must configure either an S3 destination or a collaboration member destination.

", + "union":true + }, + "ProtectedQueryDistributeOutputConfigurationLocationsList":{ + "type":"list", + "member":{"shape":"ProtectedQueryDistributeOutputConfigurationLocation"}, + "min":1 + }, "ProtectedQueryError":{ "type":"structure", "required":[ @@ -7720,11 +9425,15 @@ "members":{ "s3":{ "shape":"ProtectedQueryS3Output", - "documentation":"

If present, the output for a protected query with an `S3` output type.

" + "documentation":"

If present, the output for a protected query with an S3 output type.

" }, "memberList":{ "shape":"ProtectedQueryMemberOutputList", "documentation":"

The list of member Amazon Web Services account(s) that received the results of the query.

" + }, + "distribute":{ + "shape":"ProtectedQueryDistributeOutput", + "documentation":"

Contains output information for protected queries that use a distribute output type. This output type lets you send query results to multiple locations - either to S3 or to collaboration members.

You can only use the distribute output type with the Spark analytics engine.

" } }, "documentation":"

Contains details about the protected query output.

", @@ -7740,6 +9449,10 @@ "member":{ "shape":"ProtectedQueryMemberOutputConfiguration", "documentation":"

Required configuration for a protected query with a member output type.

" + }, + "distribute":{ + "shape":"ProtectedQueryDistributeOutputConfiguration", + "documentation":"

Required configuration for a protected query with a distribute output type.

" } }, "documentation":"

Contains configuration details for protected query output.

", @@ -7850,7 +9563,7 @@ "members":{ "totalDurationInMillis":{ "shape":"Long", - "documentation":"

The duration of the protected query, from creation until query completion.

" + "documentation":"

The duration of the protected query, from creation until query completion, in milliseconds.

" }, "billedResourceUtilization":{ "shape":"BilledResourceUtilization", @@ -7982,6 +9695,11 @@ "type":"list", "member":{"shape":"ReceiverConfiguration"} }, + "RemainingBudget":{ + "type":"integer", + "box":true, + "min":0 + }, "ResourceAlias":{ "type":"string", "max":128, @@ -8041,6 +9759,36 @@ "min":32, "pattern":"arn:aws:iam::[\\w]+:role/[\\w+=./@-]+" }, + "S3Location":{ + "type":"structure", + "required":[ + "bucket", + "key" + ], + "members":{ + "bucket":{ + "shape":"S3LocationBucketString", + "documentation":"

The bucket name.

" + }, + "key":{ + "shape":"S3LocationKeyString", + "documentation":"

The object key.

" + } + }, + "documentation":"

The S3 location.

" + }, + "S3LocationBucketString":{ + "type":"string", + "max":63, + "min":3, + "pattern":".*(?!^(\\d+\\.)+\\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])$).*" + }, + "S3LocationKeyString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[a-zA-Z0-9!_.*'()-/]+" + }, "ScalarFunctions":{ "type":"string", "enum":[ @@ -8105,7 +9853,11 @@ }, "analysisMethod":{ "shape":"AnalysisMethod", - "documentation":"

The analysis method for the schema. The only valid value is currently DIRECT_QUERY.

" + "documentation":"

The analysis method for the schema.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The selected analysis methods for the schema.

" }, "creatorAccountId":{ "shape":"AccountId", @@ -8143,6 +9895,10 @@ "shape":"SchemaStatusDetailList", "documentation":"

Details about the status of the schema. Currently, only one entry is present.

" }, + "resourceArn":{ + "shape":"SchemaResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the schema resource.

" + }, "schemaTypeProperties":{ "shape":"SchemaTypeProperties", "documentation":"

The schema type properties.

" @@ -8194,6 +9950,12 @@ "max":25, "min":0 }, + "SchemaResourceArn":{ + "type":"string", + "max":200, + "min":0, + "pattern":"arn:aws:cleanrooms:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership\\/[\\d\\w-]+\\/(configuredtableassociation|idmappingtable)\\/[\\d\\w-]+" + }, "SchemaStatus":{ "type":"string", "enum":[ @@ -8320,7 +10082,15 @@ }, "analysisMethod":{ "shape":"AnalysisMethod", - "documentation":"

The analysis method for the associated schema. The only valid value is currently `DIRECT_QUERY`.

" + "documentation":"

The analysis method for the associated schema.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" + }, + "resourceArn":{ + "shape":"SchemaResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the schema summary resource.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The selected analysis methods for the schema.

" } }, "documentation":"

The schema summary for the objects listed by the request.

" @@ -8353,6 +10123,17 @@ "min":0, "pattern":"arn:aws:secretsmanager:[a-z]{2}-[a-z]+-[0-9]:\\d{12}:secret:.*" }, + "SelectedAnalysisMethod":{ + "type":"string", + "enum":[ + "DIRECT_QUERY", + "DIRECT_JOB" + ] + }, + "SelectedAnalysisMethods":{ + "type":"list", + "member":{"shape":"SelectedAnalysisMethod"} + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -8475,6 +10256,65 @@ }, "documentation":"

The Snowflake table schema.

" }, + "SparkProperties":{ + "type":"map", + "key":{"shape":"SparkPropertyKey"}, + "value":{"shape":"SparkPropertyValue"}, + "max":50, + "min":0 + }, + "SparkPropertyKey":{ + "type":"string", + "max":200, + "min":1 + }, + "SparkPropertyValue":{ + "type":"string", + "max":500, + "min":0 + }, + "StartProtectedJobInput":{ + "type":"structure", + "required":[ + "type", + "membershipIdentifier", + "jobParameters" + ], + "members":{ + "type":{ + "shape":"ProtectedJobType", + "documentation":"

The type of protected job to start.

" + }, + "membershipIdentifier":{ + "shape":"MembershipIdentifier", + "documentation":"

A unique identifier for the membership to run this job against. Currently accepts a membership ID.

", + "location":"uri", + "locationName":"membershipIdentifier" + }, + "jobParameters":{ + "shape":"ProtectedJobParameters", + "documentation":"

The job parameters.

" + }, + "resultConfiguration":{ + "shape":"ProtectedJobResultConfigurationInput", + "documentation":"

The details needed to write the job results.

" + }, + "computeConfiguration":{ + "shape":"ProtectedJobComputeConfiguration", + "documentation":"

The compute configuration for the protected job.

" + } + } + }, + "StartProtectedJobOutput":{ + "type":"structure", + "required":["protectedJob"], + "members":{ + "protectedJob":{ + "shape":"ProtectedJob", + "documentation":"

The protected job.

" + } + } + }, "StartProtectedQueryInput":{ "type":"structure", "required":[ @@ -8518,6 +10358,44 @@ } }, "String":{"type":"string"}, + "SupportedS3Region":{ + "type":"string", + "enum":[ + "us-west-1", + "us-west-2", + "us-east-1", + "us-east-2", + "af-south-1", + "ap-east-1", + "ap-east-2", + "ap-south-2", + "ap-southeast-1", + "ap-southeast-2", + "ap-southeast-3", + "ap-southeast-5", + "ap-southeast-4", + "ap-southeast-7", + "ap-south-1", + "ap-northeast-3", + "ap-northeast-1", + "ap-northeast-2", + "ca-central-1", + "ca-west-1", + "eu-south-1", + "eu-west-3", + "eu-south-2", + "eu-central-2", + "eu-central-1", + "eu-north-1", + "eu-west-1", + "eu-west-2", + "me-south-1", + "me-central-1", + "il-central-1", + "sa-east-1", + "mx-central-1" + ] + }, "TableAlias":{ "type":"string", "max":128, @@ -8593,14 +10471,17 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0 }, + "TargetProtectedJobStatus":{ + "type":"string", + "enum":["CANCELLED"] + }, "TargetProtectedQueryStatus":{ "type":"string", "enum":["CANCELLED"] @@ -8647,8 +10528,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAnalysisTemplateInput":{ "type":"structure", @@ -8702,6 +10582,10 @@ "description":{ "shape":"CollaborationDescription", "documentation":"

A description of the collaboration.

" + }, + "analyticsEngine":{ + "shape":"AnalyticsEngine", + "documentation":"

The analytics engine.

After July 16, 2025, the CLEAN_ROOMS_SQL parameter will no longer be available.

" } } }, @@ -8889,6 +10773,19 @@ "description":{ "shape":"TableDescription", "documentation":"

A new description for the configured table.

" + }, + "tableReference":{"shape":"TableReference"}, + "allowedColumns":{ + "shape":"AllowedColumnList", + "documentation":"

The columns of the underlying table that can be used by collaborations or analysis rules.

" + }, + "analysisMethod":{ + "shape":"AnalysisMethod", + "documentation":"

The analysis method for the configured table.

DIRECT_QUERY allows SQL queries to be run directly on this table.

DIRECT_JOB allows PySpark jobs to be run directly on this table.

MULTIPLE allows both SQL queries and PySpark jobs to be run directly on this table.

" + }, + "selectedAnalysisMethods":{ + "shape":"SelectedAnalysisMethods", + "documentation":"

The selected analysis methods for the table configuration update.

" } } }, @@ -8996,11 +10893,19 @@ }, "queryLogStatus":{ "shape":"MembershipQueryLogStatus", - "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

" + "documentation":"

An indicator as to whether query logging has been enabled or disabled for the membership.

When ENABLED, Clean Rooms logs details about queries run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" + }, + "jobLogStatus":{ + "shape":"MembershipJobLogStatus", + "documentation":"

An indicator as to whether job logging has been enabled or disabled for the collaboration.

When ENABLED, Clean Rooms logs details about jobs run within this collaboration and those logs can be viewed in Amazon CloudWatch Logs. The default value is DISABLED.

" }, "defaultResultConfiguration":{ "shape":"MembershipProtectedQueryResultConfiguration", "documentation":"

The default protected query result configuration as specified by the member who can receive results.

" + }, + "defaultJobResultConfiguration":{ + "shape":"MembershipProtectedJobResultConfiguration", + "documentation":"

The default job result configuration.

" } } }, @@ -9051,6 +10956,42 @@ } } }, + "UpdateProtectedJobInput":{ + "type":"structure", + "required":[ + "membershipIdentifier", + "protectedJobIdentifier", + "targetStatus" + ], + "members":{ + "membershipIdentifier":{ + "shape":"MembershipIdentifier", + "documentation":"

The identifier for a member of a protected job instance.

", + "location":"uri", + "locationName":"membershipIdentifier" + }, + "protectedJobIdentifier":{ + "shape":"ProtectedJobIdentifier", + "documentation":"

The identifier of the protected job to update.

", + "location":"uri", + "locationName":"protectedJobIdentifier" + }, + "targetStatus":{ + "shape":"TargetProtectedJobStatus", + "documentation":"

The target status of a protected job. Used to update the execution status of a currently running job.

" + } + } + }, + "UpdateProtectedJobOutput":{ + "type":"structure", + "required":["protectedJob"], + "members":{ + "protectedJob":{ + "shape":"ProtectedJob", + "documentation":"

The protected job output.

" + } + } + }, "UpdateProtectedQueryInput":{ "type":"structure", "required":[ @@ -9153,7 +11094,11 @@ }, "number":{ "shape":"WorkerComputeConfigurationNumberInteger", - "documentation":"

The number of workers.

" + "documentation":"

The number of workers.

SQL queries support a minimum value of 2 and a maximum value of 400.

PySpark jobs support a minimum value of 4 and a maximum value of 128.

" + }, + "properties":{ + "shape":"WorkerComputeConfigurationProperties", + "documentation":"

The configuration properties for the worker compute environment. These properties allow you to customize the compute settings for your Clean Rooms workloads.

" } }, "documentation":"

The configuration of the compute resources for workers running an analysis with the Clean Rooms SQL analytics engine.

" @@ -9164,6 +11109,17 @@ "max":400, "min":2 }, + "WorkerComputeConfigurationProperties":{ + "type":"structure", + "members":{ + "spark":{ + "shape":"SparkProperties", + "documentation":"

The Spark configuration properties for SQL workloads. This map contains key-value pairs that configure Apache Spark settings to optimize performance for your data processing jobs. You can specify up to 50 Spark properties, with each key being 1-200 characters and each value being 0-500 characters. These properties allow you to adjust compute capacity for large datasets and complex workloads.

" + } + }, + "documentation":"

The configuration properties that define the compute environment settings for workers in Clean Rooms. These properties enable customization of the underlying compute environment to optimize performance for your specific workloads.

", + "union":true + }, "WorkerComputeType":{ "type":"string", "enum":[ @@ -9172,5 +11128,5 @@ ] } }, - "documentation":"

Welcome to the Clean Rooms API Reference.

Clean Rooms is an Amazon Web Services service that helps multiple parties to join their data together in a secure collaboration workspace. In the collaboration, members who can query and receive results can get insights into the collective datasets without either party getting access to the other party's raw data.

To learn more about Clean Rooms concepts, procedures, and best practices, see the Clean Rooms User Guide.

To learn more about SQL commands, functions, and conditions supported in Clean Rooms, see the Clean Rooms SQL Reference.

" + "documentation":"

Welcome to the Clean Rooms API Reference.

Clean Rooms is an Amazon Web Services service that helps multiple parties to join their data together in a secure collaboration workspace. In the collaboration, members who can run queries and jobs and receive results can get insights into the collective datasets without either party getting access to the other party's raw data.

To learn more about Clean Rooms concepts, procedures, and best practices, see the Clean Rooms User Guide.

To learn more about SQL commands, functions, and conditions supported in Clean Rooms, see the Clean Rooms SQL Reference.

" } diff -pruN 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/paginators-1.json 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/paginators-1.json --- 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -89,6 +89,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "trainedModels" + }, + "ListTrainedModelVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "trainedModels" } } } diff -pruN 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/service-2.json 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/service-2.json --- 2.23.6-1/awscli/botocore/data/cleanroomsml/2023-09-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cleanroomsml/2023-09-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,7 +25,8 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Submits a request to cancel the trained model job.

", "idempotent":true @@ -42,7 +43,8 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Submits a request to cancel a trained model inference job.

", "idempotent":true @@ -117,6 +119,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Associates a configured model algorithm to a collaboration for use by any member of the collaboration.

", @@ -136,6 +139,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Provides the information to create an ML input channel. An ML input channel is the result of a query that can be used for ML modeling.

", @@ -155,6 +159,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Creates a trained model from an associated configured model algorithm using data from any member of the collaboration.

", @@ -273,7 +279,8 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Deletes a configured model algorithm association.

", "idempotent":true @@ -289,7 +296,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Deletes a ML modeling configuration.

", "idempotent":true @@ -306,7 +314,8 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Provides the information necessary to delete an ML input channel.

", "idempotent":true @@ -323,9 +332,10 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Deletes the output of a trained model.

", + "documentation":"

Deletes the model artifacts stored by the service.

", "idempotent":true }, "DeleteTrainingDataset":{ @@ -359,7 +369,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about an audience generation job.

" + "documentation":"

Returns information about an audience generation job.

", + "readonly":true }, "GetAudienceModel":{ "name":"GetAudienceModel", @@ -375,7 +386,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about an audience model

" + "documentation":"

Returns information about an audience model

", + "readonly":true }, "GetCollaborationConfiguredModelAlgorithmAssociation":{ "name":"GetCollaborationConfiguredModelAlgorithmAssociation", @@ -389,9 +401,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about the configured model algorithm association in a collaboration.

" + "documentation":"

Returns information about the configured model algorithm association in a collaboration.

", + "readonly":true }, "GetCollaborationMLInputChannel":{ "name":"GetCollaborationMLInputChannel", @@ -405,9 +419,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a specific ML input channel in a collaboration.

" + "documentation":"

Returns information about a specific ML input channel in a collaboration.

", + "readonly":true }, "GetCollaborationTrainedModel":{ "name":"GetCollaborationTrainedModel", @@ -421,9 +437,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a trained model in a collaboration.

" + "documentation":"

Returns information about a trained model in a collaboration.

", + "readonly":true }, "GetConfiguredAudienceModel":{ "name":"GetConfiguredAudienceModel", @@ -439,7 +457,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about a specified configured audience model.

" + "documentation":"

Returns information about a specified configured audience model.

", + "readonly":true }, "GetConfiguredAudienceModelPolicy":{ "name":"GetConfiguredAudienceModelPolicy", @@ -455,7 +474,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about a configured audience model policy.

" + "documentation":"

Returns information about a configured audience model policy.

", + "readonly":true }, "GetConfiguredModelAlgorithm":{ "name":"GetConfiguredModelAlgorithm", @@ -471,7 +491,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about a configured model algorithm.

" + "documentation":"

Returns information about a configured model algorithm.

", + "readonly":true }, "GetConfiguredModelAlgorithmAssociation":{ "name":"GetConfiguredModelAlgorithmAssociation", @@ -485,9 +506,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a configured model algorithm association.

" + "documentation":"

Returns information about a configured model algorithm association.

", + "readonly":true }, "GetMLConfiguration":{ "name":"GetMLConfiguration", @@ -501,9 +524,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a specific ML configuration.

" + "documentation":"

Returns information about a specific ML configuration.

", + "readonly":true }, "GetMLInputChannel":{ "name":"GetMLInputChannel", @@ -517,9 +542,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about an ML input channel.

" + "documentation":"

Returns information about an ML input channel.

", + "readonly":true }, "GetTrainedModel":{ "name":"GetTrainedModel", @@ -533,9 +560,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a trained model.

" + "documentation":"

Returns information about a trained model.

", + "readonly":true }, "GetTrainedModelInferenceJob":{ "name":"GetTrainedModelInferenceJob", @@ -549,9 +578,11 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns information about a trained model inference job.

" + "documentation":"

Returns information about a trained model inference job.

", + "readonly":true }, "GetTrainingDataset":{ "name":"GetTrainingDataset", @@ -567,7 +598,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns information about a training dataset.

" + "documentation":"

Returns information about a training dataset.

", + "readonly":true }, "ListAudienceExportJobs":{ "name":"ListAudienceExportJobs", @@ -582,7 +614,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of the audience export jobs.

" + "documentation":"

Returns a list of the audience export jobs.

", + "readonly":true }, "ListAudienceGenerationJobs":{ "name":"ListAudienceGenerationJobs", @@ -597,7 +630,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of audience generation jobs.

" + "documentation":"

Returns a list of audience generation jobs.

", + "readonly":true }, "ListAudienceModels":{ "name":"ListAudienceModels", @@ -612,7 +646,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of audience models.

" + "documentation":"

Returns a list of audience models.

", + "readonly":true }, "ListCollaborationConfiguredModelAlgorithmAssociations":{ "name":"ListCollaborationConfiguredModelAlgorithmAssociations", @@ -625,9 +660,11 @@ "output":{"shape":"ListCollaborationConfiguredModelAlgorithmAssociationsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of the configured model algorithm associations in a collaboration.

" + "documentation":"

Returns a list of the configured model algorithm associations in a collaboration.

", + "readonly":true }, "ListCollaborationMLInputChannels":{ "name":"ListCollaborationMLInputChannels", @@ -640,9 +677,11 @@ "output":{"shape":"ListCollaborationMLInputChannelsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of the ML input channels in a collaboration.

" + "documentation":"

Returns a list of the ML input channels in a collaboration.

", + "readonly":true }, "ListCollaborationTrainedModelExportJobs":{ "name":"ListCollaborationTrainedModelExportJobs", @@ -655,9 +694,11 @@ "output":{"shape":"ListCollaborationTrainedModelExportJobsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of the export jobs for a trained model in a collaboration.

" + "documentation":"

Returns a list of the export jobs for a trained model in a collaboration.

", + "readonly":true }, "ListCollaborationTrainedModelInferenceJobs":{ "name":"ListCollaborationTrainedModelInferenceJobs", @@ -670,9 +711,11 @@ "output":{"shape":"ListCollaborationTrainedModelInferenceJobsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of trained model inference jobs in a specified collaboration.

" + "documentation":"

Returns a list of trained model inference jobs in a specified collaboration.

", + "readonly":true }, "ListCollaborationTrainedModels":{ "name":"ListCollaborationTrainedModels", @@ -685,9 +728,11 @@ "output":{"shape":"ListCollaborationTrainedModelsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of the trained models in a collaboration.

" + "documentation":"

Returns a list of the trained models in a collaboration.

", + "readonly":true }, "ListConfiguredAudienceModels":{ "name":"ListConfiguredAudienceModels", @@ -702,7 +747,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of the configured audience models.

" + "documentation":"

Returns a list of the configured audience models.

", + "readonly":true }, "ListConfiguredModelAlgorithmAssociations":{ "name":"ListConfiguredModelAlgorithmAssociations", @@ -715,9 +761,11 @@ "output":{"shape":"ListConfiguredModelAlgorithmAssociationsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of configured model algorithm associations.

" + "documentation":"

Returns a list of configured model algorithm associations.

", + "readonly":true }, "ListConfiguredModelAlgorithms":{ "name":"ListConfiguredModelAlgorithms", @@ -732,7 +780,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of configured model algorithms.

" + "documentation":"

Returns a list of configured model algorithms.

", + "readonly":true }, "ListMLInputChannels":{ "name":"ListMLInputChannels", @@ -745,9 +794,11 @@ "output":{"shape":"ListMLInputChannelsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of ML input channels.

" + "documentation":"

Returns a list of ML input channels.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -763,7 +814,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns a list of tags for a provided resource.

" + "documentation":"

Returns a list of tags for a provided resource.

", + "readonly":true }, "ListTrainedModelInferenceJobs":{ "name":"ListTrainedModelInferenceJobs", @@ -776,9 +828,29 @@ "output":{"shape":"ListTrainedModelInferenceJobsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of trained model inference jobs that match the request parameters.

" + "documentation":"

Returns a list of trained model inference jobs that match the request parameters.

", + "readonly":true + }, + "ListTrainedModelVersions":{ + "name":"ListTrainedModelVersions", + "http":{ + "method":"GET", + "requestUri":"/memberships/{membershipIdentifier}/trained-models/{trainedModelArn}/versions", + "responseCode":200 + }, + "input":{"shape":"ListTrainedModelVersionsRequest"}, + "output":{"shape":"ListTrainedModelVersionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Returns a list of trained model versions for a specified trained model. This operation allows you to view all versions of a trained model, including information about their status and creation details. You can use this to track the evolution of your trained models and select specific versions for inference or further training.

", + "readonly":true }, "ListTrainedModels":{ "name":"ListTrainedModels", @@ -791,9 +863,11 @@ "output":{"shape":"ListTrainedModelsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of trained models.

" + "documentation":"

Returns a list of trained models.

", + "readonly":true }, "ListTrainingDatasets":{ "name":"ListTrainingDatasets", @@ -808,7 +882,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns a list of training datasets.

" + "documentation":"

Returns a list of training datasets.

", + "readonly":true }, "PutConfiguredAudienceModelPolicy":{ "name":"PutConfiguredAudienceModelPolicy", @@ -837,7 +912,8 @@ "input":{"shape":"PutMLConfigurationRequest"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Assigns information about an ML configuration.

", "idempotent":true @@ -874,6 +950,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Information necessary to start the audience generation job.

", @@ -891,7 +968,8 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Provides the information necessary to start a trained model export job.

", "idempotent":true @@ -910,6 +988,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Defines the information necessary to begin a trained model inference job.

", @@ -968,6 +1047,86 @@ } }, "shapes":{ + "AccessBudget":{ + "type":"structure", + "required":[ + "resourceArn", + "details", + "aggregateRemainingBudget" + ], + "members":{ + "resourceArn":{ + "shape":"BudgetedResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the resource that this access budget applies to.

" + }, + "details":{ + "shape":"AccessBudgetDetailsList", + "documentation":"

A list of budget details for this resource. Contains active budget periods that apply to the resource.

" + }, + "aggregateRemainingBudget":{ + "shape":"Budget", + "documentation":"

The total remaining budget across all active budget periods for this resource.

" + } + }, + "documentation":"

An access budget that defines consumption limits for a specific resource within defined time periods.

" + }, + "AccessBudgetDetails":{ + "type":"structure", + "required":[ + "startTime", + "remainingBudget", + "budget", + "budgetType" + ], + "members":{ + "startTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The start time of this budget period.

" + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The end time of this budget period. If not specified, the budget period continues indefinitely.

" + }, + "remainingBudget":{ + "shape":"Budget", + "documentation":"

The amount of budget remaining in this period.

" + }, + "budget":{ + "shape":"Budget", + "documentation":"

The total budget amount allocated for this period.

" + }, + "budgetType":{ + "shape":"AccessBudgetType", + "documentation":"

The type of budget period. Calendar-based types reset automatically at regular intervals, while LIFETIME budgets never reset.

" + }, + "autoRefresh":{ + "shape":"AutoRefreshMode", + "documentation":"

Specifies whether this budget automatically refreshes when the current period ends.

" + } + }, + "documentation":"

The detailed information for a specific budget period, including time boundaries and budget amounts.

" + }, + "AccessBudgetDetailsList":{ + "type":"list", + "member":{"shape":"AccessBudgetDetails"}, + "max":2, + "min":1 + }, + "AccessBudgetType":{ + "type":"string", + "enum":[ + "CALENDAR_DAY", + "CALENDAR_MONTH", + "CALENDAR_WEEK", + "LIFETIME" + ] + }, + "AccessBudgets":{ + "type":"list", + "member":{"shape":"AccessBudget"}, + "max":100, + "min":1 + }, "AccessDeniedException":{ "type":"structure", "required":["message"], @@ -1305,10 +1464,28 @@ "max":20000000, "min":1 }, + "AutoRefreshMode":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Boolean":{ "type":"boolean", "box":true }, + "Budget":{ + "type":"integer", + "box":true, + "min":0 + }, + "BudgetedResourceArn":{ + "type":"string", + "max":200, + "min":0, + "pattern":"arn:aws:[\\w]+:[\\w]{2}-[\\w]{4,9}-[\\d]:[\\d]{12}:membership/[\\d\\w-]+/configuredtableassociation/[\\d\\w-]+" + }, "CancelTrainedModelInferenceJobRequest":{ "type":"structure", "required":[ @@ -1348,6 +1525,12 @@ "documentation":"

The Amazon Resource Name (ARN) of the trained model job that you want to cancel.

", "location":"uri", "locationName":"trainedModelArn" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to cancel. This parameter allows you to specify which version of the trained model you want to cancel when multiple versions exist.

If versionIdentifier is not specified, the base model will be cancelled.

", + "location":"querystring", + "locationName":"versionIdentifier" } } }, @@ -1522,6 +1705,10 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model that is being exported.

" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model that was exported in this job.

" + }, "membershipIdentifier":{ "shape":"UUID", "documentation":"

The membership ID of the member that created the trained model export job.

" @@ -1568,6 +1755,10 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model that is used for the trained model inference job.

" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model that was used for inference in this job.

" + }, "collaborationIdentifier":{ "shape":"UUID", "documentation":"

The collaboration ID of the collaboration that contains the trained model inference job.

" @@ -1653,6 +1844,14 @@ "shape":"NameString", "documentation":"

The name of the trained model.

" }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of this trained model version.

" + }, + "incrementalTrainingDataChannels":{ + "shape":"IncrementalTrainingDataChannelsOutput", + "documentation":"

Information about the incremental training data channels used to create this version of the trained model.

" + }, "description":{ "shape":"ResourceDescription", "documentation":"

The description of the trained model.

" @@ -1817,7 +2016,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:(membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/)?configured-model-algorithm-association/[-a-zA-Z0-9_/.]+" + "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/configured-model-algorithm-association/[-a-zA-Z0-9_/.]+" }, "ConfiguredModelAlgorithmAssociationList":{ "type":"list", @@ -1937,7 +2136,7 @@ "members":{ "imageUri":{ "shape":"AlgorithmImage", - "documentation":"

The registry path of the docker image that contains the algorithm. Clean Rooms ML supports both registry/repository[:tag] and registry/repositry[@digest] image path formats. For more information about using images in Clean Rooms ML, see the Sagemaker API reference.

" + "documentation":"

The registry path of the docker image that contains the algorithm. Clean Rooms ML currently only supports the registry/repository[:tag] image path format. For more information about using images in Clean Rooms ML, see the Sagemaker API reference.

" }, "entrypoint":{ "shape":"ContainerEntrypoint", @@ -2271,9 +2470,17 @@ "shape":"StoppingCondition", "documentation":"

The criteria that is used to stop model training.

" }, + "incrementalTrainingDataChannels":{ + "shape":"IncrementalTrainingDataChannels", + "documentation":"

Specifies the incremental training data channels for the trained model.

Incremental training allows you to create a new trained model with updates without retraining from scratch. You can specify up to one incremental training data channel that references a previously trained model and its version.

Limit: Maximum of 20 channels total (including both incrementalTrainingDataChannels and dataChannels).

" + }, "dataChannels":{ "shape":"ModelTrainingDataChannels", - "documentation":"

Defines the data channels that are used as input for the trained model request.

" + "documentation":"

Defines the data channels that are used as input for the trained model request.

Limit: Maximum of 20 channels total (including both dataChannels and incrementalTrainingDataChannels).

" + }, + "trainingInputMode":{ + "shape":"TrainingInputMode", + "documentation":"

The input mode for accessing the training data. This parameter determines how the training data is made available to the training algorithm. Valid values are:

  • File - The training data is downloaded to the training instance and made available as files.

  • FastFile - The training data is streamed directly from Amazon S3 to the training algorithm, providing faster access for large datasets.

  • Pipe - The training data is streamed to the training algorithm using named pipes, which can improve performance for certain algorithms.

" }, "description":{ "shape":"ResourceDescription", @@ -2296,6 +2503,10 @@ "trainedModelArn":{ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model.

" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The unique version identifier assigned to the newly created trained model. This identifier can be used to reference this specific version of the trained model in subsequent operations such as inference jobs or incremental training.

The initial version identifier for the base version of the trained model is \"NULL\".

" } } }, @@ -2345,6 +2556,29 @@ } } }, + "CustomDataIdentifier":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[a-zA-Z0-9\\_\\#\\=\\@/\\;\\,\\-\\ \\^\\$\\?\\[\\]\\{\\}\\|\\\\\\*\\+\\.\\(\\)]+" + }, + "CustomDataIdentifierList":{ + "type":"list", + "member":{"shape":"CustomDataIdentifier"}, + "max":10, + "min":1 + }, + "CustomEntityConfig":{ + "type":"structure", + "required":["customDataIdentifiers"], + "members":{ + "customDataIdentifiers":{ + "shape":"CustomDataIdentifierList", + "documentation":"

Defines data identifiers for the custom entity configuration. Provide this only if CUSTOM redaction is configured.

" + } + }, + "documentation":"

The configuration for defining custom patterns to be redacted from logs and error messages. This is for the CUSTOM config under entitiesToRedact. Both CustomEntityConfig and entitiesToRedact need to be present or not present.

" + }, "DataSource":{ "type":"structure", "required":["glueDataSource"], @@ -2538,6 +2772,12 @@ "documentation":"

The membership ID of the member that is deleting the trained model output.

", "location":"uri", "locationName":"membershipIdentifier" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to delete. If not specified, the operation will delete the base version of the trained model. When specified, only the particular version will be deleted.

", + "location":"querystring", + "locationName":"versionIdentifier" } } }, @@ -2561,6 +2801,19 @@ }, "documentation":"

The Amazon S3 location where the exported model artifacts are stored.

" }, + "EntityType":{ + "type":"string", + "enum":[ + "ALL_PERSONALLY_IDENTIFIABLE_INFORMATION", + "NUMBERS", + "CUSTOM" + ] + }, + "EntityTypeList":{ + "type":"list", + "member":{"shape":"EntityType"}, + "min":1 + }, "Environment":{ "type":"map", "key":{"shape":"EnvironmentKeyString"}, @@ -2835,30 +3088,18 @@ "GetCollaborationMLInputChannelResponse":{ "type":"structure", "required":[ - "createTime", - "updateTime", - "creatorAccountId", "membershipIdentifier", "collaborationIdentifier", "mlInputChannelArn", "name", "configuredModelAlgorithmAssociations", "status", - "retentionInDays" + "retentionInDays", + "createTime", + "updateTime", + "creatorAccountId" ], "members":{ - "createTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the ML input channel was created.

" - }, - "updateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The most recent time at which the ML input channel was updated.

" - }, - "creatorAccountId":{ - "shape":"AccountId", - "documentation":"

The account ID of the member who created the ML input channel.

" - }, "membershipIdentifier":{ "shape":"UUID", "documentation":"

The membership ID of the membership that contains the ML input channel.

" @@ -2892,9 +3133,25 @@ "shape":"GetCollaborationMLInputChannelResponseNumberOfRecordsLong", "documentation":"

The number of records in the ML input channel.

" }, + "privacyBudgets":{ + "shape":"PrivacyBudgets", + "documentation":"

Returns the privacy budgets that control access to this Clean Rooms ML input channel. Use these budgets to monitor and limit resource consumption over specified time periods.

" + }, "description":{ "shape":"ResourceDescription", "documentation":"

The description of the ML input channel.

" + }, + "createTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the ML input channel was created.

" + }, + "updateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The most recent time at which the ML input channel was updated.

" + }, + "creatorAccountId":{ + "shape":"AccountId", + "documentation":"

The account ID of the member who created the ML input channel.

" } } }, @@ -2934,6 +3191,12 @@ "documentation":"

The collaboration ID that contains the trained model that you want to return information about.

", "location":"uri", "locationName":"collaborationIdentifier" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to retrieve. If not specified, the operation returns information about the latest version of the trained model.

", + "location":"querystring", + "locationName":"versionIdentifier" } } }, @@ -2963,6 +3226,14 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model.

" }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model. This unique identifier distinguishes this version from other versions of the same trained model.

" + }, + "incrementalTrainingDataChannels":{ + "shape":"IncrementalTrainingDataChannelsOutput", + "documentation":"

Information about the incremental training data channels used to create this version of the trained model. This includes details about the base model that was used for incremental training and the channel configuration.

" + }, "name":{ "shape":"NameString", "documentation":"

The name of the trained model.

" @@ -2984,6 +3255,10 @@ "shape":"ResourceConfig", "documentation":"

The EC2 resource configuration that was used to train this model.

" }, + "trainingInputMode":{ + "shape":"TrainingInputMode", + "documentation":"

The input mode that was used for accessing the training data when this trained model was created. This indicates how the training data was made available to the training algorithm.

" + }, "stoppingCondition":{ "shape":"StoppingCondition", "documentation":"

The stopping condition that determined when model training ended.

" @@ -3337,26 +3612,18 @@ "GetMLInputChannelResponse":{ "type":"structure", "required":[ - "createTime", - "updateTime", "membershipIdentifier", "collaborationIdentifier", - "inputChannel", "mlInputChannelArn", "name", "configuredModelAlgorithmAssociations", "status", - "retentionInDays" + "retentionInDays", + "createTime", + "updateTime", + "inputChannel" ], "members":{ - "createTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the ML input channel was created.

" - }, - "updateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The most recent time at which the ML input channel was updated.

" - }, "membershipIdentifier":{ "shape":"UUID", "documentation":"

The membership ID of the membership that contains the ML input channel.

" @@ -3365,14 +3632,6 @@ "shape":"UUID", "documentation":"

The collaboration ID of the collaboration that contains the ML input channel.

" }, - "inputChannel":{ - "shape":"InputChannel", - "documentation":"

The input channel that was used to create the ML input channel.

" - }, - "protectedQueryIdentifier":{ - "shape":"UUID", - "documentation":"

The ID of the protected query that was used to create the ML input channel.

" - }, "mlInputChannelArn":{ "shape":"MLInputChannelArn", "documentation":"

The Amazon Resource Name (ARN) of the ML input channel.

" @@ -3398,6 +3657,30 @@ "shape":"GetMLInputChannelResponseNumberOfRecordsLong", "documentation":"

The number of records in the ML input channel.

" }, + "privacyBudgets":{ + "shape":"PrivacyBudgets", + "documentation":"

Returns the privacy budgets that control access to this Clean Rooms ML input channel. Use these budgets to monitor and limit resource consumption over specified time periods.

" + }, + "description":{ + "shape":"ResourceDescription", + "documentation":"

The description of the ML input channel.

" + }, + "createTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the ML input channel was created.

" + }, + "updateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The most recent time at which the ML input channel was updated.

" + }, + "inputChannel":{ + "shape":"InputChannel", + "documentation":"

The input channel that was used to create the ML input channel.

" + }, + "protectedQueryIdentifier":{ + "shape":"UUID", + "documentation":"

The ID of the protected query that was used to create the ML input channel.

" + }, "numberOfFiles":{ "shape":"GetMLInputChannelResponseNumberOfFilesDouble", "documentation":"

The number of files in the ML input channel.

" @@ -3406,10 +3689,6 @@ "shape":"GetMLInputChannelResponseSizeInGbDouble", "documentation":"

The size, in GB, of the ML input channel.

" }, - "description":{ - "shape":"ResourceDescription", - "documentation":"

The description of the ML input channel.

" - }, "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"

The Amazon Resource Name (ARN) of the KMS key that was used to create the ML input channel.

" @@ -3514,6 +3793,10 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) for the trained model that was used for the trained model inference job.

" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model used for this inference job. This identifies the specific version of the trained model that was used to generate the inference results.

" + }, "resourceConfig":{ "shape":"InferenceResourceConfig", "documentation":"

The resource configuration information for the trained model inference job.

" @@ -3591,6 +3874,12 @@ "documentation":"

The membership ID of the member that created the trained model that you are interested in.

", "location":"uri", "locationName":"membershipIdentifier" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to retrieve. If not specified, the operation returns information about the latest version of the trained model.

", + "location":"querystring", + "locationName":"versionIdentifier" } } }, @@ -3620,6 +3909,14 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model.

" }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model. This unique identifier distinguishes this version from other versions of the same trained model.

" + }, + "incrementalTrainingDataChannels":{ + "shape":"IncrementalTrainingDataChannelsOutput", + "documentation":"

Information about the incremental training data channels used to create this version of the trained model. This includes details about the base model that was used for incremental training and the channel configuration.

" + }, "name":{ "shape":"NameString", "documentation":"

The name of the trained model.

" @@ -3641,6 +3938,10 @@ "shape":"ResourceConfig", "documentation":"

The EC2 resource configuration that was used to create the trained model.

" }, + "trainingInputMode":{ + "shape":"TrainingInputMode", + "documentation":"

The input mode that was used for accessing the training data when this trained model was created. This indicates how the training data was made available to the training algorithm.

" + }, "stoppingCondition":{ "shape":"StoppingCondition", "documentation":"

The stopping condition that was used to terminate model training.

" @@ -3822,13 +4123,69 @@ "min":20, "pattern":"arn:aws[-a-z]*:iam::[0-9]{12}:role/.+" }, + "IncrementalTrainingDataChannel":{ + "type":"structure", + "required":[ + "trainedModelArn", + "channelName" + ], + "members":{ + "trainedModelArn":{ + "shape":"TrainedModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the base trained model to use for incremental training. This model serves as the starting point for the incremental training process.

" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the base trained model to use for incremental training. If not specified, the latest version of the trained model is used.

" + }, + "channelName":{ + "shape":"ModelTrainingDataChannelName", + "documentation":"

The name of the incremental training data channel. This name is used to identify the channel during the training process and must be unique within the training job.

" + } + }, + "documentation":"

Defines an incremental training data channel that references a previously trained model. Incremental training allows you to update an existing trained model with new data, building upon the knowledge from a base model rather than training from scratch. This can significantly reduce training time and computational costs while improving model performance with additional data.

" + }, + "IncrementalTrainingDataChannelOutput":{ + "type":"structure", + "required":[ + "channelName", + "modelName" + ], + "members":{ + "channelName":{ + "shape":"ModelTrainingDataChannelName", + "documentation":"

The name of the incremental training data channel that was used.

" + }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model that was used for incremental training.

" + }, + "modelName":{ + "shape":"NameString", + "documentation":"

The name of the base trained model that was used for incremental training.

" + } + }, + "documentation":"

Contains information about an incremental training data channel that was used to create a trained model. This structure provides details about the base model and channel configuration used during incremental training.

" + }, + "IncrementalTrainingDataChannels":{ + "type":"list", + "member":{"shape":"IncrementalTrainingDataChannel"}, + "max":1, + "min":1 + }, + "IncrementalTrainingDataChannelsOutput":{ + "type":"list", + "member":{"shape":"IncrementalTrainingDataChannelOutput"}, + "max":1, + "min":1 + }, "InferenceContainerConfig":{ "type":"structure", "required":["imageUri"], "members":{ "imageUri":{ "shape":"AlgorithmImage", - "documentation":"

The registry path of the docker image that contains the inference algorithm. Clean Rooms ML supports both registry/repository[:tag] and registry/repositry[@digest] image path formats. For more information about using images in Clean Rooms ML, see the Sagemaker API reference.

" + "documentation":"

The registry path of the docker image that contains the inference algorithm. Clean Rooms ML currently only supports the registry/repository[:tag] image path format. For more information about using images in Clean Rooms ML, see the Sagemaker API reference.

" } }, "documentation":"

Provides configuration information for the inference container.

" @@ -3889,7 +4246,6 @@ "ml.r6i.large", "ml.g5.2xlarge", "ml.m5.large", - "ml.p3.16xlarge", "ml.m7i.48xlarge", "ml.m6i.16xlarge", "ml.p2.16xlarge", @@ -3937,7 +4293,6 @@ "ml.m6i.2xlarge", "ml.g5.16xlarge", "ml.m7i.4xlarge", - "ml.p3.2xlarge", "ml.r6i.32xlarge", "ml.m6i.4xlarge", "ml.m5.xlarge", @@ -3963,8 +4318,10 @@ "ml.p2.8xlarge", "ml.r6i.4xlarge", "ml.m6i.32xlarge", - "ml.p3.8xlarge", - "ml.m4.4xlarge" + "ml.m4.4xlarge", + "ml.p3.16xlarge", + "ml.p3.2xlarge", + "ml.p3.8xlarge" ] }, "InferenceOutputConfiguration":{ @@ -4039,7 +4396,7 @@ }, "roleArn":{ "shape":"IamRoleArn", - "documentation":"

The ARN of the IAM role that Clean Rooms ML can assume to read the data referred to in the dataSource field the input channel.

Passing a role across AWS accounts is not allowed. If you pass a role that isn't in your account, you get an AccessDeniedException error.

" + "documentation":"

The Amazon Resource Name (ARN) of the role used to run the query specified in the dataSource field of the input channel.

Passing a role across AWS accounts is not allowed. If you pass a role that isn't in your account, you get an AccessDeniedException error.

" } }, "documentation":"

Provides information about the data source that is used to create an ML input channel.

" @@ -4079,10 +4436,6 @@ "ml.p2.xlarge", "ml.p2.8xlarge", "ml.p2.16xlarge", - "ml.p3.2xlarge", - "ml.p3.8xlarge", - "ml.p3.16xlarge", - "ml.p3dn.24xlarge", "ml.p4d.24xlarge", "ml.p4de.24xlarge", "ml.p5.48xlarge", @@ -4143,9 +4496,68 @@ "ml.r5.8xlarge", "ml.r5.12xlarge", "ml.r5.16xlarge", - "ml.r5.24xlarge" + "ml.r5.24xlarge", + "ml.c7i.large", + "ml.c7i.xlarge", + "ml.c7i.2xlarge", + "ml.c7i.4xlarge", + "ml.c7i.8xlarge", + "ml.c7i.12xlarge", + "ml.c7i.16xlarge", + "ml.c7i.24xlarge", + "ml.c7i.48xlarge", + "ml.m7i.large", + "ml.m7i.xlarge", + "ml.m7i.2xlarge", + "ml.m7i.4xlarge", + "ml.m7i.8xlarge", + "ml.m7i.12xlarge", + "ml.m7i.16xlarge", + "ml.m7i.24xlarge", + "ml.m7i.48xlarge", + "ml.r7i.large", + "ml.r7i.xlarge", + "ml.r7i.2xlarge", + "ml.r7i.4xlarge", + "ml.r7i.8xlarge", + "ml.r7i.12xlarge", + "ml.r7i.16xlarge", + "ml.r7i.24xlarge", + "ml.r7i.48xlarge", + "ml.g6.xlarge", + "ml.g6.2xlarge", + "ml.g6.4xlarge", + "ml.g6.8xlarge", + "ml.g6.12xlarge", + "ml.g6.16xlarge", + "ml.g6.24xlarge", + "ml.g6.48xlarge", + "ml.g6e.xlarge", + "ml.g6e.2xlarge", + "ml.g6e.4xlarge", + "ml.g6e.8xlarge", + "ml.g6e.12xlarge", + "ml.g6e.16xlarge", + "ml.g6e.24xlarge", + "ml.g6e.48xlarge", + "ml.p5en.48xlarge", + "ml.p3.2xlarge", + "ml.p3.8xlarge", + "ml.p3.16xlarge", + "ml.p3dn.24xlarge" ] }, + "InternalServiceException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

An internal service error occurred. Retry your request. If the problem persists, contact AWS Support.

", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, "KmsKeyArn":{ "type":"string", "max":2048, @@ -4369,6 +4781,12 @@ "documentation":"

The Amazon Resource Name (ARN) of the trained model that was used to create the export jobs that you are interested in.

", "location":"uri", "locationName":"trainedModelArn" + }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to filter export jobs by. When specified, only export jobs for this specific version of the trained model are returned.

", + "location":"querystring", + "locationName":"trainedModelVersionIdentifier" } } }, @@ -4413,6 +4831,12 @@ "documentation":"

The Amazon Resource Name (ARN) of the trained model that was used to create the trained model inference jobs that you are interested in.

", "location":"querystring", "locationName":"trainedModelArn" + }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to filter inference jobs by. When specified, only inference jobs that used this specific version of the trained model are returned.

", + "location":"querystring", + "locationName":"trainedModelVersionIdentifier" } } }, @@ -4655,6 +5079,12 @@ "documentation":"

The Amazon Resource Name (ARN) of a trained model that was used to create the trained model inference jobs that you are interested in.

", "location":"querystring", "locationName":"trainedModelArn" + }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to filter inference jobs by. When specified, only inference jobs that used this specific version of the trained model are returned.

", + "location":"querystring", + "locationName":"trainedModelVersionIdentifier" } } }, @@ -4672,6 +5102,59 @@ } } }, + "ListTrainedModelVersionsRequest":{ + "type":"structure", + "required":[ + "membershipIdentifier", + "trainedModelArn" + ], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from a previous ListTrainedModelVersions request. Use this token to retrieve the next page of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of trained model versions to return in a single page. The default value is 10, and the maximum value is 100.

", + "location":"querystring", + "locationName":"maxResults" + }, + "membershipIdentifier":{ + "shape":"UUID", + "documentation":"

The membership identifier for the collaboration that contains the trained model.

", + "location":"uri", + "locationName":"membershipIdentifier" + }, + "trainedModelArn":{ + "shape":"TrainedModelArn", + "documentation":"

The Amazon Resource Name (ARN) of the trained model for which to list versions.

", + "location":"uri", + "locationName":"trainedModelArn" + }, + "status":{ + "shape":"TrainedModelStatus", + "documentation":"

Filter the results to only include trained model versions with the specified status. Valid values include CREATE_PENDING, CREATE_IN_PROGRESS, ACTIVE, CREATE_FAILED, and others.

", + "location":"querystring", + "locationName":"status" + } + } + }, + "ListTrainedModelVersionsResponse":{ + "type":"structure", + "required":["trainedModels"], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token to use in a subsequent ListTrainedModelVersions request to retrieve the next page of results. This value is null when there are no more results to return.

" + }, + "trainedModels":{ + "shape":"TrainedModelList", + "documentation":"

A list of trained model versions that match the specified criteria. Each entry contains summary information about a trained model version, including its version identifier, status, and creation details.

" + } + } + }, "ListTrainedModelsRequest":{ "type":"structure", "required":["membershipIdentifier"], @@ -4741,6 +5224,28 @@ } } }, + "LogRedactionConfiguration":{ + "type":"structure", + "required":["entitiesToRedact"], + "members":{ + "entitiesToRedact":{ + "shape":"EntityTypeList", + "documentation":"

Specifies the entities to be redacted from logs. Entities to redact are \"ALL_PERSONALLY_IDENTIFIABLE_INFORMATION\", \"NUMBERS\",\"CUSTOM\". If CUSTOM is supplied or configured, custom patterns (customDataIdentifiers) should be provided, and the patterns will be redacted in logs or error messages.

" + }, + "customEntityConfig":{ + "shape":"CustomEntityConfig", + "documentation":"

Specifies the configuration for custom entities in the context of log redaction.

" + } + }, + "documentation":"

The configuration for log redaction.

" + }, + "LogType":{ + "type":"string", + "enum":[ + "ALL", + "ERROR_SUMMARY" + ] + }, "LogsConfigurationPolicy":{ "type":"structure", "required":["allowedAccountIds"], @@ -4752,6 +5257,14 @@ "filterPattern":{ "shape":"LogsConfigurationPolicyFilterPatternString", "documentation":"

A regular expression pattern that is used to parse the logs and return information that matches the pattern.

" + }, + "logType":{ + "shape":"LogType", + "documentation":"

Specifies the type of log this policy applies to. The currently supported policies are ALL or ERROR_SUMMARY.

" + }, + "logRedactionConfiguration":{ + "shape":"LogRedactionConfiguration", + "documentation":"

Specifies the log redaction configuration for this policy.

" } }, "documentation":"

Provides the information necessary for a user to access the logs.

" @@ -4971,6 +5484,10 @@ "channelName":{ "shape":"ModelTrainingDataChannelName", "documentation":"

The name of the training data channel.

" + }, + "s3DataDistributionType":{ + "shape":"S3DataDistributionType", + "documentation":"

Specifies how the training data stored in Amazon S3 should be distributed to training instances. This parameter controls the data distribution strategy for the training job:

  • FullyReplicated - The entire dataset is replicated on each training instance. This is suitable for smaller datasets and algorithms that require access to the complete dataset.

  • ShardedByS3Key - The dataset is distributed across training instances based on Amazon S3 key names. This is suitable for larger datasets and distributed training scenarios where each instance processes a subset of the data.

" } }, "documentation":"

Information about the model training data channel. A training data channel is a named data source that the training algorithms can consume.

" @@ -5030,6 +5547,17 @@ "POLICY_MUST_NOT_EXIST" ] }, + "PrivacyBudgets":{ + "type":"structure", + "members":{ + "accessBudgets":{ + "shape":"AccessBudgets", + "documentation":"

A list of access budgets that apply to resources associated with this Clean Rooms ML input channel.

" + } + }, + "documentation":"

The privacy budget information that controls access to Clean Rooms ML input channels.

", + "union":true + }, "PrivacyConfiguration":{ "type":"structure", "required":["policies"], @@ -5067,6 +5595,10 @@ "computeConfiguration":{ "shape":"ComputeConfiguration", "documentation":"

Provides configuration information for the workers that will perform the protected query.

" + }, + "resultFormat":{ + "shape":"ResultFormat", + "documentation":"

The format in which the query results should be returned. If not specified, defaults to CSV.

" } }, "documentation":"

Provides information necessary to perform the protected query.

" @@ -5205,7 +5737,7 @@ "ResourceConfigInstanceCountInteger":{ "type":"integer", "box":true, - "max":1, + "max":5, "min":1 }, "ResourceConfigVolumeSizeInGBInteger":{ @@ -5238,6 +5770,14 @@ "max":20480, "min":1 }, + "ResultFormat":{ + "type":"string", + "documentation":"

File format of the returned data.

", + "enum":[ + "CSV", + "PARQUET" + ] + }, "S3ConfigMap":{ "type":"structure", "required":["s3Uri"], @@ -5249,6 +5789,13 @@ }, "documentation":"

Provides information about an Amazon S3 bucket and path.

" }, + "S3DataDistributionType":{ + "type":"string", + "enum":[ + "FullyReplicated", + "ShardedByS3Key" + ] + }, "S3Path":{ "type":"string", "max":1285, @@ -5259,7 +5806,15 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"} + "message":{"shape":"String"}, + "quotaName":{ + "shape":"String", + "documentation":"

The name of the service quota limit that was exceeded

" + }, + "quotaValue":{ + "shape":"ServiceQuotaExceededExceptionQuotaValueDouble", + "documentation":"

The current limit on the service quota that was exceeded

" + } }, "documentation":"

You have exceeded your service quota.

", "error":{ @@ -5268,6 +5823,12 @@ }, "exception":true }, + "ServiceQuotaExceededExceptionQuotaValueDouble":{ + "type":"double", + "box":true, + "max":100000, + "min":0 + }, "SharedAudienceMetrics":{ "type":"string", "enum":[ @@ -5365,6 +5926,10 @@ "location":"uri", "locationName":"trainedModelArn" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to export. This specifies which version of the trained model should be exported to the specified destination.

" + }, "membershipIdentifier":{ "shape":"UUID", "documentation":"

The membership ID of the member that is receiving the exported trained model artifacts.

", @@ -5406,6 +5971,10 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model that is used for this trained model inference job.

" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model to use for inference. This specifies which version of the trained model should be used to generate predictions on the input data.

" + }, "configuredModelAlgorithmAssociationArn":{ "shape":"ConfiguredModelAlgorithmAssociationArn", "documentation":"

The Amazon Resource Name (ARN) of the configured model algorithm association that is used for this trained model inference job.

" @@ -5535,8 +6104,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5547,13 +6115,54 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:(membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/(configured-model-algorithm-association|trained-model|trained-model-inference-job|ml-input-channel)|training-dataset|audience-model|configured-audience-model|audience-generation-job|configured-model-algorithm|configured-model-algorithm-association|trained-model|trained-model-inference-job)/[-a-zA-Z0-9_/.]+" + "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:((membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/(configured-model-algorithm-association|trained-model|trained-model-inference-job|ml-input-channel))|training-dataset|audience-model|configured-audience-model|audience-generation-job|configured-model-algorithm)/[-a-zA-Z0-9_/.]+" + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

The request was denied due to request throttling.

", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true }, "TrainedModelArn":{ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:(membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/)?trained-model/[-a-zA-Z0-9_/.]+" + "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/trained-model/[-a-zA-Z0-9_/.]+" + }, + "TrainedModelArtifactMaxSize":{ + "type":"structure", + "required":[ + "unit", + "value" + ], + "members":{ + "unit":{ + "shape":"TrainedModelArtifactMaxSizeUnitType", + "documentation":"

The unit of measurement for the maximum artifact size. Valid values include common storage units such as bytes, kilobytes, megabytes, gigabytes, and terabytes.

" + }, + "value":{ + "shape":"TrainedModelArtifactMaxSizeValue", + "documentation":"

The numerical value for the maximum artifact size limit. This value is interpreted according to the specified unit.

" + } + }, + "documentation":"

Specifies the maximum size limit for trained model artifacts. This configuration helps control storage costs and ensures that trained models don't exceed specified size constraints. The size limit applies to the total size of all artifacts produced by the training job.

" + }, + "TrainedModelArtifactMaxSizeUnitType":{ + "type":"string", + "enum":["GB"] + }, + "TrainedModelArtifactMaxSizeValue":{ + "type":"double", + "box":true, + "max":10.0, + "min":0.01 }, "TrainedModelExportFileType":{ "type":"string", @@ -5655,7 +6264,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:(membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/)?trained-model-inference-job/[-a-zA-Z0-9_/.]+" + "pattern":"arn:aws[-a-z]*:cleanrooms-ml:[-a-z0-9]+:[0-9]{12}:membership/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/trained-model-inference-job/[-a-zA-Z0-9_/.]+" }, "TrainedModelInferenceJobList":{ "type":"list", @@ -5704,6 +6313,10 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model that is used for the trained model inference job.

" }, + "trainedModelVersionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of the trained model that was used for inference in this job.

" + }, "collaborationIdentifier":{ "shape":"UUID", "documentation":"

The collaboration ID of the collaboration that contains the trained model inference job.

" @@ -5790,7 +6403,7 @@ "TrainedModelInferenceMaxOutputSizeValue":{ "type":"double", "box":true, - "max":10.0, + "max":50.0, "min":0.01 }, "TrainedModelList":{ @@ -5838,6 +6451,14 @@ "shape":"TrainedModelArn", "documentation":"

The Amazon Resource Name (ARN) of the trained model.

" }, + "versionIdentifier":{ + "shape":"UUID", + "documentation":"

The version identifier of this trained model version.

" + }, + "incrementalTrainingDataChannels":{ + "shape":"IncrementalTrainingDataChannelsOutput", + "documentation":"

Information about the incremental training data channels used to create this version of the trained model.

" + }, "name":{ "shape":"NameString", "documentation":"

The name of the trained model.

" @@ -5875,6 +6496,10 @@ "containerMetrics":{ "shape":"MetricsConfigurationPolicy", "documentation":"

The container for the metrics of the trained model.

" + }, + "maxArtifactSize":{ + "shape":"TrainedModelArtifactMaxSize", + "documentation":"

The maximum size limit for trained model artifacts as defined in the configuration policy. This setting helps enforce consistent size limits across trained models in the collaboration.

" } }, "documentation":"

The configuration policy for the trained models.

" @@ -5930,6 +6555,14 @@ }, "documentation":"

Provides information about the training dataset.

" }, + "TrainingInputMode":{ + "type":"string", + "enum":[ + "File", + "FastFile", + "Pipe" + ] + }, "UUID":{ "type":"string", "max":36, @@ -5959,8 +6592,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConfiguredAudienceModelRequest":{ "type":"structure", @@ -6049,5 +6681,5 @@ ] } }, - "documentation":"

Welcome to the Amazon Web Services Clean Rooms ML API Reference.

Amazon Web Services Clean Rooms ML provides a privacy-enhancing method for two parties to identify similar users in their data without the need to share their data with each other. The first party brings the training data to Clean Rooms so that they can create and configure an audience model (lookalike model) and associate it with a collaboration. The second party then brings their seed data to Clean Rooms and generates an audience (lookalike segment) that resembles the training data.

To learn more about Amazon Web Services Clean Rooms ML concepts, procedures, and best practices, see the Clean Rooms User Guide.

To learn more about SQL commands, functions, and conditions supported in Clean Rooms, see the Clean Rooms SQL Reference.

" + "documentation":"

Welcome to the Amazon Web Services Clean Rooms ML API Reference.

Amazon Web Services Clean Rooms ML provides a privacy-enhancing method for two parties to identify similar users in their data without the need to share their data with each other. The first party brings the training data to Clean Rooms so that they can create and configure an audience model (lookalike model) and associate it with a collaboration. The second party then brings their seed data to Clean Rooms and generates an audience (lookalike segment) that resembles the training data.

To learn more about Amazon Web Services Clean Rooms ML concepts, procedures, and best practices, see the Clean Rooms User Guide.

To learn more about SQL commands, functions, and conditions supported in Clean Rooms, see the Clean Rooms SQL Reference.

" } diff -pruN 2.23.6-1/awscli/botocore/data/cloud9/2017-09-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloud9/2017-09-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloud9/2017-09-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloud9/2017-09-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cloud9/2017-09-23/service-2.json 2.31.35-1/awscli/botocore/data/cloud9/2017-09-23/service-2.json --- 2.23.6-1/awscli/botocore/data/cloud9/2017-09-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloud9/2017-09-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -267,8 +267,7 @@ }, "BadRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target request is invalid.

", "exception":true }, @@ -284,15 +283,13 @@ }, "ConcurrentAccessException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A concurrent access issue occurred.

", "exception":true }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A conflict occurred.

", "exception":true }, @@ -417,8 +414,7 @@ }, "DeleteEnvironmentMembershipResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEnvironmentRequest":{ "type":"structure", @@ -432,8 +428,7 @@ }, "DeleteEnvironmentResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEnvironmentMembershipsRequest":{ "type":"structure", @@ -677,8 +672,7 @@ }, "ForbiddenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An access permissions issue occurred.

", "exception":true }, @@ -694,16 +688,14 @@ }, "InternalServerErrorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An internal server error occurred.

", "exception":true, "fault":true }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A service limit was exceeded.

", "exception":true }, @@ -790,8 +782,7 @@ }, "NotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target resource cannot be found.

", "exception":true }, @@ -873,8 +864,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -885,8 +875,7 @@ "Timestamp":{"type":"timestamp"}, "TooManyRequestsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Too many service requests were made over the given time period.

", "exception":true }, @@ -909,8 +898,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEnvironmentMembershipRequest":{ "type":"structure", @@ -967,8 +955,7 @@ }, "UpdateEnvironmentResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UserArn":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/cloudcontrol/2021-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudcontrol/2021-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudcontrol/2021-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudcontrol/2021-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/clouddirectory/2017-01-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/clouddirectory/2017-01-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/clouddirectory/2017-01-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/clouddirectory/2017-01-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/clouddirectory/2017-01-11/service-2.json 2.31.35-1/awscli/botocore/data/clouddirectory/2017-01-11/service-2.json --- 2.23.6-1/awscli/botocore/data/clouddirectory/2017-01-11/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/clouddirectory/2017-01-11/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1498,8 +1498,7 @@ }, "AddFacetToObjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ApplySchemaRequest":{ "type":"structure", @@ -1602,8 +1601,7 @@ }, "AttachPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachToIndexRequest":{ "type":"structure", @@ -1787,8 +1785,7 @@ }, "BatchAddFacetToObjectResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of a batch add facet to object operation.

" }, "BatchAttachObject":{ @@ -1844,8 +1841,7 @@ }, "BatchAttachPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of an AttachPolicy response operation.

" }, "BatchAttachToIndex":{ @@ -2007,8 +2003,7 @@ }, "BatchDeleteObjectResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a DeleteObject response operation.

" }, "BatchDetachFromIndex":{ @@ -2091,8 +2086,7 @@ }, "BatchDetachPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a DetachPolicy response operation.

" }, "BatchDetachTypedLink":{ @@ -2108,8 +2102,7 @@ }, "BatchDetachTypedLinkResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a DetachTypedLink response operation.

" }, "BatchGetLinkAttributes":{ @@ -2816,8 +2809,7 @@ }, "BatchRemoveFacetFromObjectResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An empty result that represents success.

" }, "BatchUpdateLinkAttributes":{ @@ -2840,8 +2832,7 @@ }, "BatchUpdateLinkAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the output of a UpdateLinkAttributes response operation.

" }, "BatchUpdateObjectAttributes":{ @@ -3171,8 +3162,7 @@ }, "CreateFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateIndexRequest":{ "type":"structure", @@ -3295,8 +3285,7 @@ }, "CreateTypedLinkFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Date":{"type":"timestamp"}, "DatetimeAttributeValue":{"type":"timestamp"}, @@ -3343,8 +3332,7 @@ }, "DeleteFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteObjectRequest":{ "type":"structure", @@ -3367,8 +3355,7 @@ }, "DeleteObjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSchemaRequest":{ "type":"structure", @@ -3412,8 +3399,7 @@ }, "DeleteTypedLinkFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachFromIndexRequest":{ "type":"structure", @@ -3507,8 +3493,7 @@ }, "DetachPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachTypedLinkRequest":{ "type":"structure", @@ -5388,8 +5373,7 @@ }, "RemoveFacetFromObjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RequiredAttributeBehavior":{ "type":"string", @@ -5553,8 +5537,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{"type":"string"}, "TagsNumberResults":{ @@ -5802,8 +5785,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateActionType":{ "type":"string", @@ -5841,8 +5823,7 @@ }, "UpdateFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLinkAttributesRequest":{ "type":"structure", @@ -5870,8 +5851,7 @@ }, "UpdateLinkAttributesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateObjectAttributesRequest":{ "type":"structure", @@ -5965,8 +5945,7 @@ }, "UpdateTypedLinkFacetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpgradeAppliedSchemaRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -119,6 +119,18 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "ResourceScanSummaries" + }, + "ListStackRefactorActions": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "StackRefactorActions" + }, + "ListStackRefactors": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "StackRefactorSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/service-2.json 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -45,7 +45,7 @@ {"shape":"CFNRegistryException"}, {"shape":"TypeNotFoundException"} ], - "documentation":"

Activates a public third-party extension, making it available for use in stack templates. Once you have activated a public third-party extension in your account and Region, use SetTypeConfiguration to specify configuration properties for the extension. For more information, see Using public extensions in the CloudFormation User Guide.

", + "documentation":"

Activates a public third-party extension, such as a resource or module, to make it available for use in stack templates in your current account and Region. It can also create CloudFormation Hooks, which allow you to evaluate resource configurations before CloudFormation provisions them. Hooks integrate with both CloudFormation and Cloud Control API operations.

After you activate an extension, you can use SetTypeConfiguration to set specific properties for the extension.

To see which extensions have been activated, use ListTypes. To see configuration details for an extension, use DescribeType.

For more information, see Activate a third-party public extension in your account in the CloudFormation User Guide. For information about creating Hooks, see the CloudFormation Hooks User Guide.

", "idempotent":true }, "BatchDescribeTypeConfigurations":{ @@ -63,7 +63,7 @@ {"shape":"TypeConfigurationNotFoundException"}, {"shape":"CFNRegistryException"} ], - "documentation":"

Returns configuration data for the specified CloudFormation extensions, from the CloudFormation registry for the account and Region.

For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

" + "documentation":"

Returns configuration data for the specified CloudFormation extensions, from the CloudFormation registry in your current account and Region.

For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

" }, "CancelUpdateStack":{ "name":"CancelUpdateStack", @@ -91,7 +91,7 @@ "errors":[ {"shape":"TokenAlreadyExistsException"} ], - "documentation":"

For a specified stack that's in the UPDATE_ROLLBACK_FAILED state, continues rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can manually fix the error and continue the rollback. By continuing the rollback, you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.

A stack goes into the UPDATE_ROLLBACK_FAILED state when CloudFormation can't roll back all changes after a failed stack update. For example, you might have a stack that's rolling back to an old database instance that was deleted outside of CloudFormation. Because CloudFormation doesn't know the database was deleted, it assumes that the database instance still exists and attempts to roll back to it, causing the update rollback to fail.

" + "documentation":"

Continues rolling back a stack from UPDATE_ROLLBACK_FAILED to UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can manually fix the error and continue the rollback. By continuing the rollback, you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE state) and then try to update the stack again.

A stack enters the UPDATE_ROLLBACK_FAILED state when CloudFormation can't roll back all changes after a failed stack update. For example, this might occur when a stack attempts to roll back to an old database that was deleted outside of CloudFormation. Because CloudFormation doesn't know the instance was deleted, it assumes the instance still exists and attempts to roll back to it, causing the update rollback to fail.

For more information, see Continue rolling back an update in the CloudFormation User Guide. For information for troubleshooting a failed update rollback, see Update rollback failed.

" }, "CreateChangeSet":{ "name":"CreateChangeSet", @@ -167,7 +167,20 @@ {"shape":"InvalidOperationException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region. You must specify at least one value for either Accounts or DeploymentTargets, and you must specify at least one value for Regions.

" + "documentation":"

Creates stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region. You must specify at least one value for either Accounts or DeploymentTargets, and you must specify at least one value for Regions.

The maximum number of organizational unit (OUs) supported by a CreateStackInstances operation is 50.

If you need more than 50, consider the following options:

  • Batch processing: If you don't want to expose your OU hierarchy, split up the operations into multiple calls with less than 50 OUs each.

  • Parent OU strategy: If you don't mind exposing the OU hierarchy, target a parent OU that contains all desired child OUs.

" + }, + "CreateStackRefactor":{ + "name":"CreateStackRefactor", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateStackRefactorInput"}, + "output":{ + "shape":"CreateStackRefactorOutput", + "resultWrapper":"CreateStackRefactorResult" + }, + "documentation":"

Creates a refactor across multiple stacks, with the list of stacks and resources that are affected.

" }, "CreateStackSet":{ "name":"CreateStackSet", @@ -185,7 +198,7 @@ {"shape":"CreatedButModifiedException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates a stack set.

" + "documentation":"

Creates a StackSet.

" }, "DeactivateOrganizationsAccess":{ "name":"DeactivateOrganizationsAccess", @@ -219,7 +232,7 @@ {"shape":"CFNRegistryException"}, {"shape":"TypeNotFoundException"} ], - "documentation":"

Deactivates a public extension that was previously activated in this account and Region.

Once deactivated, an extension can't be used in any CloudFormation operation. This includes stack update operations where the stack template includes the extension, even if no updates are being made to the extension. In addition, deactivated extensions aren't automatically updated if a new version of the extension is released.

", + "documentation":"

Deactivates a public third-party extension, such as a resource or module, or a CloudFormation Hook when you no longer use it.

Deactivating an extension deletes the configuration details that are associated with it. To temporarily disable a CloudFormation Hook instead, you can use SetTypeConfiguration.

Once deactivated, an extension can't be used in any CloudFormation operation. This includes stack update operations where the stack template includes the extension, even if no updates are being made to the extension. In addition, deactivated extensions aren't automatically updated if a new version of the extension is released.

To see which extensions are currently activated, use ListTypes.

", "idempotent":true }, "DeleteChangeSet":{ @@ -281,7 +294,7 @@ {"shape":"StaleRequestException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

Deletes stack instances for the specified accounts, in the specified Amazon Web Services Regions.

" + "documentation":"

Deletes stack instances for the specified accounts, in the specified Amazon Web Services Regions.

The maximum number of organizational unit (OUs) supported by a DeleteStackInstances operation is 50.

If you need more than 50, consider the following options:

  • Batch processing: If you don't want to expose your OU hierarchy, split up the operations into multiple calls with less than 50 OUs each.

  • Parent OU strategy: If you don't mind exposing the OU hierarchy, target a parent OU that contains all desired child OUs.

" }, "DeleteStackSet":{ "name":"DeleteStackSet", @@ -298,7 +311,7 @@ {"shape":"StackSetNotEmptyException"}, {"shape":"OperationInProgressException"} ], - "documentation":"

Deletes a stack set. Before you can delete a stack set, all its member stack instances must be deleted. For more information about how to complete this, see DeleteStackInstances.

" + "documentation":"

Deletes a StackSet. Before you can delete a StackSet, all its member stack instances must be deleted. For more information about how to complete this, see DeleteStackInstances.

" }, "DeregisterType":{ "name":"DeregisterType", @@ -315,7 +328,7 @@ {"shape":"CFNRegistryException"}, {"shape":"TypeNotFoundException"} ], - "documentation":"

Marks an extension or extension version as DEPRECATED in the CloudFormation registry, removing it from active use. Deprecated extensions or extension versions cannot be used in CloudFormation operations.

To deregister an entire extension, you must individually deregister all active versions of that extension. If an extension has only a single active version, deregistering that version results in the extension itself being deregistered and marked as deprecated in the registry.

You can't deregister the default version of an extension if there are other active version of that extension. If you do deregister the default version of an extension, the extension type itself is deregistered as well and marked as deprecated.

To view the deprecation status of an extension or extension version, use DescribeType.

", + "documentation":"

Marks an extension or extension version as DEPRECATED in the CloudFormation registry, removing it from active use. Deprecated extensions or extension versions cannot be used in CloudFormation operations.

To deregister an entire extension, you must individually deregister all active versions of that extension. If an extension has only a single active version, deregistering that version results in the extension itself being deregistered and marked as deprecated in the registry.

You can't deregister the default version of an extension if there are other active version of that extension. If you do deregister the default version of an extension, the extension type itself is deregistered as well and marked as deprecated.

To view the deprecation status of an extension or extension version, use DescribeType.

For more information, see Remove third-party private extensions from your account in the CloudFormation User Guide.

", "idempotent":true }, "DescribeAccountLimits":{ @@ -472,6 +485,22 @@ ], "documentation":"

Returns the stack instance that's associated with the specified StackSet, Amazon Web Services account, and Amazon Web Services Region.

For a list of stack instances that are associated with a specific StackSet, use ListStackInstances.

" }, + "DescribeStackRefactor":{ + "name":"DescribeStackRefactor", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeStackRefactorInput"}, + "output":{ + "shape":"DescribeStackRefactorOutput", + "resultWrapper":"DescribeStackRefactorResult" + }, + "errors":[ + {"shape":"StackRefactorNotFoundException"} + ], + "documentation":"

Describes the stack refactor status.

" + }, "DescribeStackResource":{ "name":"DescribeStackResource", "http":{ @@ -525,7 +554,7 @@ "errors":[ {"shape":"StackSetNotFoundException"} ], - "documentation":"

Returns the description of the specified StackSet.

" + "documentation":"

Returns the description of the specified StackSet.

This API provides strongly consistent reads meaning it will always return the most up-to-date data.

" }, "DescribeStackSetOperation":{ "name":"DescribeStackSetOperation", @@ -542,7 +571,7 @@ {"shape":"StackSetNotFoundException"}, {"shape":"OperationNotFoundException"} ], - "documentation":"

Returns the description of the specified StackSet operation.

" + "documentation":"

Returns the description of the specified StackSet operation.

This API provides strongly consistent reads meaning it will always return the most up-to-date data.

" }, "DescribeStacks":{ "name":"DescribeStacks", @@ -572,7 +601,7 @@ {"shape":"CFNRegistryException"}, {"shape":"TypeNotFoundException"} ], - "documentation":"

Returns detailed information about an extension that has been registered.

If you specify a VersionId, DescribeType returns information about that specific extension version. Otherwise, it returns information about the default extension version.

", + "documentation":"

Returns detailed information about an extension from the CloudFormation registry in your current account and Region.

If you specify a VersionId, DescribeType returns information about that specific extension version. Otherwise, it returns information about the default extension version.

For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

", "idempotent":true }, "DescribeTypeRegistration":{ @@ -634,7 +663,7 @@ {"shape":"OperationInProgressException"}, {"shape":"StackSetNotFoundException"} ], - "documentation":"

Detect drift on a stack set. When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more information, see How CloudFormation performs drift detection on a stack set.

DetectStackSetDrift returns the OperationId of the stack set drift detection operation. Use this operation id with DescribeStackSetOperation to monitor the progress of the drift detection operation. The drift detection operation may take some time, depending on the number of stack instances included in the stack set, in addition to the number of resources included in each stack.

Once the operation has completed, use the following actions to return drift information:

  • Use DescribeStackSet to return detailed information about the stack set, including detailed information about the last completed drift operation performed on the stack set. (Information about drift operations that are in progress isn't included.)

  • Use ListStackInstances to return a list of stack instances belonging to the stack set, including the drift status and last drift time checked of each instance.

  • Use DescribeStackInstance to return detailed information about a specific stack instance, including its drift status and last drift time checked.

For more information about performing a drift detection operation on a stack set, see Detecting unmanaged changes in stack sets.

You can only run a single drift detection operation on a given stack set at one time.

To stop a drift detection stack set operation, use StopStackSetOperation.

" + "documentation":"

Detect drift on a StackSet. When CloudFormation performs drift detection on a StackSet, it performs drift detection on the stack associated with each stack instance in the StackSet. For more information, see Performing drift detection on CloudFormation StackSets.

DetectStackSetDrift returns the OperationId of the StackSet drift detection operation. Use this operation id with DescribeStackSetOperation to monitor the progress of the drift detection operation. The drift detection operation may take some time, depending on the number of stack instances included in the StackSet, in addition to the number of resources included in each stack.

Once the operation has completed, use the following actions to return drift information:

  • Use DescribeStackSet to return detailed information about the stack set, including detailed information about the last completed drift operation performed on the StackSet. (Information about drift operations that are in progress isn't included.)

  • Use ListStackInstances to return a list of stack instances belonging to the StackSet, including the drift status and last drift time checked of each instance.

  • Use DescribeStackInstance to return detailed information about a specific stack instance, including its drift status and last drift time checked.

You can only run a single drift detection operation on a given StackSet at one time.

To stop a drift detection StackSet operation, use StopStackSetOperation.

" }, "EstimateTemplateCost":{ "name":"EstimateTemplateCost", @@ -668,6 +697,15 @@ ], "documentation":"

Updates a stack using the input information that was provided when the specified change set was created. After the call successfully completes, CloudFormation starts updating the stack. Use the DescribeStacks action to view the status of the update.

When you execute a change set, CloudFormation deletes all other change sets associated with the stack because they aren't valid for the updated stack.

If a stack policy is associated with the stack, CloudFormation enforces the policy during the update. You can't specify a temporary stack policy that overrides the current policy.

To create a change set for the entire stack hierarchy, IncludeNestedStacks must have been set to True.

" }, + "ExecuteStackRefactor":{ + "name":"ExecuteStackRefactor", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ExecuteStackRefactorInput"}, + "documentation":"

Executes the stack refactor operation.

" + }, "GetGeneratedTemplate":{ "name":"GetGeneratedTemplate", "http":{ @@ -727,7 +765,7 @@ "errors":[ {"shape":"StackSetNotFoundException"} ], - "documentation":"

Returns information about a new or existing template. The GetTemplateSummary action is useful for viewing parameter information, such as default parameter values and parameter types, before you create or update a stack or stack set.

You can use the GetTemplateSummary action when you submit a template, or you can get template information for a stack set, or a running or deleted stack.

For deleted stacks, GetTemplateSummary returns the template information for up to 90 days after the stack has been deleted. If the template doesn't exist, a ValidationError is returned.

" + "documentation":"

Returns information about a new or existing template. The GetTemplateSummary action is useful for viewing parameter information, such as default parameter values and parameter types, before you create or update a stack or StackSet.

You can use the GetTemplateSummary action when you submit a template, or you can get template information for a StackSet, or a running or deleted stack.

For deleted stacks, GetTemplateSummary returns the template information for up to 90 days after the stack has been deleted. If the template doesn't exist, a ValidationError is returned.

" }, "ImportStacksToStackSet":{ "name":"ImportStacksToStackSet", @@ -749,7 +787,7 @@ {"shape":"StackNotFoundException"}, {"shape":"StaleRequestException"} ], - "documentation":"

Import existing stacks into a new stack sets. Use the stack import operation to import up to 10 stacks into a new stack set in the same account as the source stack or in a different administrator account and Region, by specifying the stack ID of the stack you intend to import.

" + "documentation":"

Import existing stacks into a new StackSets. Use the stack import operation to import up to 10 stacks into a new StackSet in the same account as the source stack or in a different administrator account and Region, by specifying the stack ID of the stack you intend to import.

" }, "ListChangeSets":{ "name":"ListChangeSets", @@ -775,7 +813,7 @@ "shape":"ListExportsOutput", "resultWrapper":"ListExportsResult" }, - "documentation":"

Lists all exported output values in the account and Region in which you call this action. Use this action to see the exported output values that you can import into other stacks. To import values, use the Fn::ImportValue function.

For more information, see Get exported outputs from a deployed CloudFormation stack.

" + "documentation":"

Lists all exported output values in the account and Region in which you call this action. Use this action to see the exported output values that you can import into other stacks. To import values, use the Fn::ImportValue function.

For more information, see Get exported outputs from a deployed CloudFormation stack.

" }, "ListGeneratedTemplates":{ "name":"ListGeneratedTemplates", @@ -804,7 +842,7 @@ "errors":[ {"shape":"HookResultNotFoundException"} ], - "documentation":"

Returns summaries of invoked Hooks when a change set or Cloud Control API operation target is provided.

" + "documentation":"

Returns summaries of invoked Hooks. For more information, see View invocation summaries for CloudFormation Hooks in the CloudFormation Hooks User Guide.

This operation supports the following parameter combinations:

  • No parameters: Returns all Hook invocation summaries.

  • TypeArn only: Returns summaries for a specific Hook.

  • TypeArn and Status: Returns summaries for a specific Hook filtered by status.

  • TargetId and TargetType: Returns summaries for a specific Hook invocation target.

" }, "ListImports":{ "name":"ListImports", @@ -817,7 +855,7 @@ "shape":"ListImportsOutput", "resultWrapper":"ListImportsResult" }, - "documentation":"

Lists all stacks that are importing an exported output value. To modify or remove an exported output value, first use this action to see which stacks are using it. To see the exported output values in your account, see ListExports.

For more information about importing an exported output value, see the Fn::ImportValue function.

" + "documentation":"

Lists all stacks that are importing an exported output value. To modify or remove an exported output value, first use this action to see which stacks are using it. To see the exported output values in your account, see ListExports.

For more information about importing an exported output value, see the Fn::ImportValue function.

" }, "ListResourceScanRelatedResources":{ "name":"ListResourceScanRelatedResources", @@ -898,7 +936,33 @@ "errors":[ {"shape":"StackSetNotFoundException"} ], - "documentation":"

Returns summary information about stack instances that are associated with the specified stack set. You can filter for stack instances that are associated with a specific Amazon Web Services account name or Region, or that have a specific status.

" + "documentation":"

Returns summary information about stack instances that are associated with the specified StackSet. You can filter for stack instances that are associated with a specific Amazon Web Services account name or Region, or that have a specific status.

" + }, + "ListStackRefactorActions":{ + "name":"ListStackRefactorActions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListStackRefactorActionsInput"}, + "output":{ + "shape":"ListStackRefactorActionsOutput", + "resultWrapper":"ListStackRefactorActionsResult" + }, + "documentation":"

Lists the stack refactor actions that will be taken after calling the ExecuteStackRefactor action.

" + }, + "ListStackRefactors":{ + "name":"ListStackRefactors", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListStackRefactorsInput"}, + "output":{ + "shape":"ListStackRefactorsOutput", + "resultWrapper":"ListStackRefactorsResult" + }, + "documentation":"

Lists all account stack refactor operations and their statuses.

" }, "ListStackResources":{ "name":"ListStackResources", @@ -927,7 +991,7 @@ "errors":[ {"shape":"StackSetNotFoundException"} ], - "documentation":"

Returns summary information about deployment targets for a stack set.

" + "documentation":"

Returns summary information about deployment targets for a StackSet.

" }, "ListStackSetOperationResults":{ "name":"ListStackSetOperationResults", @@ -944,7 +1008,7 @@ {"shape":"StackSetNotFoundException"}, {"shape":"OperationNotFoundException"} ], - "documentation":"

Returns summary information about the results of a stack set operation.

" + "documentation":"

Returns summary information about the results of a StackSet operation.

This API provides eventually consistent reads meaning it may take some time but will eventually return the most up-to-date data.

" }, "ListStackSetOperations":{ "name":"ListStackSetOperations", @@ -960,7 +1024,7 @@ "errors":[ {"shape":"StackSetNotFoundException"} ], - "documentation":"

Returns summary information about operations performed on a stack set.

" + "documentation":"

Returns summary information about operations performed on a StackSet.

This API provides eventually consistent reads meaning it may take some time but will eventually return the most up-to-date data.

" }, "ListStackSets":{ "name":"ListStackSets", @@ -973,7 +1037,7 @@ "shape":"ListStackSetsOutput", "resultWrapper":"ListStackSetsResult" }, - "documentation":"

Returns summary information about stack sets that are associated with the user.

  • [Self-managed permissions] If you set the CallAs parameter to SELF while signed in to your Amazon Web Services account, ListStackSets returns all self-managed stack sets in your Amazon Web Services account.

  • [Service-managed permissions] If you set the CallAs parameter to SELF while signed in to the organization's management account, ListStackSets returns all stack sets in the management account.

  • [Service-managed permissions] If you set the CallAs parameter to DELEGATED_ADMIN while signed in to your member account, ListStackSets returns all stack sets with service-managed permissions in the management account.

" + "documentation":"

Returns summary information about StackSets that are associated with the user.

This API provides strongly consistent reads meaning it will always return the most up-to-date data.

  • [Self-managed permissions] If you set the CallAs parameter to SELF while signed in to your Amazon Web Services account, ListStackSets returns all self-managed StackSets in your Amazon Web Services account.

  • [Service-managed permissions] If you set the CallAs parameter to SELF while signed in to the organization's management account, ListStackSets returns all StackSets in the management account.

  • [Service-managed permissions] If you set the CallAs parameter to DELEGATED_ADMIN while signed in to your member account, ListStackSets returns all StackSets with service-managed permissions in the management account.

" }, "ListStacks":{ "name":"ListStacks", @@ -986,7 +1050,7 @@ "shape":"ListStacksOutput", "resultWrapper":"ListStacksResult" }, - "documentation":"

Returns the summary information for stacks whose status matches the specified StackStatusFilter. Summary information for stacks that have been deleted is kept for 90 days after the stack is deleted. If no StackStatusFilter is specified, summary information for all stacks is returned (including existing stacks and stacks that have been deleted).

" + "documentation":"

Returns the summary information for stacks whose status matches the specified StackStatusFilter. Summary information for stacks that have been deleted is kept for 90 days after the stack is deleted. If no StackStatusFilter is specified, summary information for all stacks is returned (including existing stacks and stacks that have been deleted).

" }, "ListTypeRegistrations":{ "name":"ListTypeRegistrations", @@ -1036,7 +1100,7 @@ "errors":[ {"shape":"CFNRegistryException"} ], - "documentation":"

Returns summary information about extension that have been registered with CloudFormation.

", + "documentation":"

Returns summary information about all extensions, including your private resource types, modules, and Hooks as well as all public extensions from Amazon Web Services and third-party publishers.

", "idempotent":true }, "PublishType":{ @@ -1149,7 +1213,7 @@ {"shape":"CFNRegistryException"}, {"shape":"TypeNotFoundException"} ], - "documentation":"

Specifies the configuration data for a registered CloudFormation extension, in the given account and Region.

To view the current configuration data for an extension, refer to the ConfigurationSchema element of DescribeType. For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

It's strongly recommended that you use dynamic references to restrict sensitive configuration definitions, such as third-party credentials. For more details on dynamic references, see Specify values stored in other services using dynamic references in the CloudFormation User Guide.

" + "documentation":"

Specifies the configuration data for a CloudFormation extension, such as a resource or Hook, in the given account and Region.

For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

To view the current configuration data for an extension, refer to the ConfigurationSchema element of DescribeType.

It's strongly recommended that you use dynamic references to restrict sensitive configuration definitions, such as third-party credentials. For more information, see Specify values stored in other services using dynamic references in the CloudFormation User Guide.

For more information about setting the configuration data for resource types, see Defining the account-level configuration of an extension in the CloudFormation Command Line Interface (CLI) User Guide. For more information about setting the configuration data for Hooks, see the CloudFormation Hooks User Guide.

" }, "SetTypeDefaultVersion":{ "name":"SetTypeDefaultVersion", @@ -1211,7 +1275,7 @@ {"shape":"OperationNotFoundException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

Stops an in-progress operation on a stack set and its associated stack instances. StackSets will cancel all the unstarted stack instance deployments and wait for those are in-progress to complete.

" + "documentation":"

Stops an in-progress operation on a StackSet and its associated stack instances. StackSets will cancel all the unstarted stack instance deployments and wait for those are in-progress to complete.

" }, "TestType":{ "name":"TestType", @@ -1285,7 +1349,7 @@ {"shape":"StaleRequestException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

Updates the parameter values for stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region.

You can only update stack instances in Amazon Web Services Regions and accounts where they already exist; to create additional stack instances, use CreateStackInstances.

During stack set updates, any parameters overridden for a stack instance aren't updated, but retain their overridden value.

You can only update the parameter values that are specified in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use UpdateStackSet to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using UpdateStackInstances.

" + "documentation":"

Updates the parameter values for stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region.

You can only update stack instances in Amazon Web Services Regions and accounts where they already exist; to create additional stack instances, use CreateStackInstances.

During StackSet updates, any parameters overridden for a stack instance aren't updated, but retain their overridden value.

You can only update the parameter values that are specified in the StackSet. To add or delete a parameter itself, use UpdateStackSet to update the StackSet template. If you add a parameter to a template, before you can override the parameter value specified in the StackSet you must first use UpdateStackSet to update all stack instances with the updated template and parameter value specified in the StackSet. Once a stack instance has been updated with the new parameter, you can then override the parameter value using UpdateStackInstances.

The maximum number of organizational unit (OUs) supported by a UpdateStackInstances operation is 50.

If you need more than 50, consider the following options:

  • Batch processing: If you don't want to expose your OU hierarchy, split up the operations into multiple calls with less than 50 OUs each.

  • Parent OU strategy: If you don't mind exposing the OU hierarchy, target a parent OU that contains all desired child OUs.

" }, "UpdateStackSet":{ "name":"UpdateStackSet", @@ -1306,7 +1370,7 @@ {"shape":"InvalidOperationException"}, {"shape":"StackInstanceNotFoundException"} ], - "documentation":"

Updates the stack set, and associated stack instances in the specified accounts and Amazon Web Services Regions.

Even if the stack set operation created by updating the stack set fails (completely or partially, below or above a specified failure tolerance), the stack set is updated with your changes. Subsequent CreateStackInstances calls on the specified stack set use the updated stack set.

" + "documentation":"

Updates the StackSet and associated stack instances in the specified accounts and Amazon Web Services Regions.

Even if the StackSet operation created by updating the StackSet fails (completely or partially, below or above a specified failure tolerance), the StackSet is updated with your changes. Subsequent CreateStackInstances calls on the specified StackSet use the updated StackSet.

The maximum number of organizational unit (OUs) supported by a UpdateStackSet operation is 50.

If you need more than 50, consider the following options:

  • Batch processing: If you don't want to expose your OU hierarchy, split up the operations into multiple calls with less than 50 OUs each.

  • Parent OU strategy: If you don't mind exposing the OU hierarchy, target a parent OU that contains all desired child OUs.

" }, "UpdateTerminationProtection":{ "name":"UpdateTerminationProtection", @@ -1355,14 +1419,14 @@ "members":{ "Status":{ "shape":"AccountGateStatus", - "documentation":"

The status of the account gate function.

  • SUCCEEDED: The account gate function has determined that the account and Region passes any requirements for a stack set operation to occur. CloudFormation proceeds with the stack operation in that account and Region.

  • FAILED: The account gate function has determined that the account and Region doesn't meet the requirements for a stack set operation to occur. CloudFormation cancels the stack set operation in that account and Region, and sets the stack set operation result status for that account and Region to FAILED.

  • SKIPPED: CloudFormation has skipped calling the account gate function for this account and Region, for one of the following reasons:

    • An account gate function hasn't been specified for the account and Region. CloudFormation proceeds with the stack set operation in this account and Region.

    • The AWSCloudFormationStackSetExecutionRole of the stack set administration account lacks permissions to invoke the function. CloudFormation proceeds with the stack set operation in this account and Region.

    • Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the stack set operation in this account and Region.

" + "documentation":"

The status of the account gate function.

  • SUCCEEDED: The account gate function has determined that the account and Region passes any requirements for a StackSet operation to occur. CloudFormation proceeds with the stack operation in that account and Region.

  • FAILED: The account gate function has determined that the account and Region doesn't meet the requirements for a StackSet operation to occur. CloudFormation cancels the StackSet operation in that account and Region, and sets the StackSet operation result status for that account and Region to FAILED.

  • SKIPPED: CloudFormation has skipped calling the account gate function for this account and Region, for one of the following reasons:

    • An account gate function hasn't been specified for the account and Region. CloudFormation proceeds with the StackSet operation in this account and Region.

    • The AWSCloudFormationStackSetExecutionRole of the administration account lacks permissions to invoke the function. CloudFormation proceeds with the StackSet operation in this account and Region.

    • Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the StackSet operation in this account and Region.

" }, "StatusReason":{ "shape":"AccountGateStatusReason", - "documentation":"

The reason for the account gate status assigned to this account and Region for the stack set operation.

" + "documentation":"

The reason for the account gate status assigned to this account and Region for the StackSet operation.

" } }, - "documentation":"

Structure that contains the results of the account gate function which CloudFormation invokes, if present, before proceeding with a stack set operation in an account and Region.

For each account and Region, CloudFormation lets you specify a Lambda function that encapsulates any requirements that must be met before CloudFormation can proceed with a stack set operation in that account and Region. CloudFormation invokes the function each time a stack set operation is requested for that account and Region; if the function returns FAILED, CloudFormation cancels the operation in that account and Region, and sets the stack set operation result status for that account and Region to FAILED.

For more information, see Configuring a target account gate.

" + "documentation":"

Structure that contains the results of the account gate function which CloudFormation invokes, if present, before proceeding with a StackSet operation in an account and Region.

For each account and Region, CloudFormation lets you specify a Lambda function that encapsulates any requirements that must be met before CloudFormation can proceed with a StackSet operation in that account and Region. CloudFormation invokes the function each time a StackSet operation is requested for that account and Region; if the function returns FAILED, CloudFormation cancels the operation in that account and Region, and sets the StackSet operation result status for that account and Region to FAILED.

For more information, see Prevent failed StackSets deployments using target account gates in the CloudFormation User Guide.

" }, "AccountGateStatus":{ "type":"string", @@ -1385,7 +1449,7 @@ "documentation":"

The value that's associated with the account limit name.

" } }, - "documentation":"

The AccountLimit data type.

CloudFormation has the following limits per account:

  • Number of concurrent resources

  • Number of stacks

  • Number of stack outputs

For more information about these account limits, and other CloudFormation limits, see Understand CloudFormation quotas in the CloudFormation User Guide.

" + "documentation":"

Describes the current CloudFormation limits for your account.

CloudFormation has the following limits per account:

  • Number of concurrent resources

  • Number of stacks

  • Number of stack outputs

For more information, see Understand CloudFormation quotas in the CloudFormation User Guide.

" }, "AccountLimitList":{ "type":"list", @@ -1403,13 +1467,11 @@ }, "ActivateOrganizationsAccessInput":{ "type":"structure", - "members":{ - } + "members":{} }, "ActivateOrganizationsAccessOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "ActivateTypeInput":{ "type":"structure", @@ -1432,7 +1494,7 @@ }, "TypeNameAlias":{ "shape":"TypeName", - "documentation":"

An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.

An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.

" + "documentation":"

An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.

An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.

" }, "AutoUpdate":{ "shape":"AutoUpdate", @@ -1461,7 +1523,7 @@ "members":{ "Arn":{ "shape":"PrivateTypeArn", - "documentation":"

The Amazon Resource Name (ARN) of the activated extension, in this account and Region.

" + "documentation":"

The Amazon Resource Name (ARN) of the activated extension in this account and Region.

" } } }, @@ -1474,8 +1536,7 @@ }, "AlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The resource with the name requested already exists.

", "error":{ "code":"AlreadyExistsException", @@ -1505,7 +1566,7 @@ "documentation":"

If set to true, stack resources are retained when an account is removed from a target organization or OU. If set to false, stack resources are deleted. Specify only if Enabled is set to True.

" } }, - "documentation":"

[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).

" + "documentation":"

Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see Enable or disable automatic deployments for StackSets in Organizations in the CloudFormation User Guide.

" }, "AutoDeploymentNullable":{"type":"boolean"}, "AutoUpdate":{"type":"boolean"}, @@ -1640,7 +1701,7 @@ }, "HookInvocationCount":{ "shape":"HookInvocationCount", - "documentation":"

Is either null, if no hooks invoke for the resource, or contains the number of hooks that will invoke for the resource.

" + "documentation":"

Is either null, if no Hooks invoke for the resource, or contains the number of Hooks that will invoke for the resource.

" }, "ResourceChange":{ "shape":"ResourceChange", @@ -1664,15 +1725,15 @@ "members":{ "InvocationPoint":{ "shape":"HookInvocationPoint", - "documentation":"

Specifies the points in provisioning logic where a hook is invoked.

" + "documentation":"

The specific point in the provisioning process where the Hook is invoked.

" }, "FailureMode":{ "shape":"HookFailureMode", - "documentation":"

Specify the hook failure mode for non-compliant resources in the followings ways.

  • FAIL Stops provisioning resources.

  • WARN Allows provisioning to continue with a warning message.

" + "documentation":"

Specify the Hook failure mode for non-compliant resources in the followings ways.

  • FAIL Stops provisioning resources.

  • WARN Allows provisioning to continue with a warning message.

" }, "TypeName":{ "shape":"HookTypeName", - "documentation":"

The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of Organization::Service::Hook.

The following organization namespaces are reserved and can't be used in your hook type names:

  • Alexa

  • AMZN

  • Amazon

  • ASK

  • AWS

  • Custom

  • Dev

" + "documentation":"

The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of Organization::Service::Hook.

The following organization namespaces are reserved and can't be used in your Hook type names:

  • Alexa

  • AMZN

  • Amazon

  • ASK

  • AWS

  • Custom

  • Dev

" }, "TypeVersionId":{ "shape":"HookTypeVersionId", @@ -1684,10 +1745,10 @@ }, "TargetDetails":{ "shape":"ChangeSetHookTargetDetails", - "documentation":"

Specifies details about the target that the hook will run against.

" + "documentation":"

Specifies details about the target that the Hook will run against.

" } }, - "documentation":"

Specifies the resource, the hook, and the hook version to be invoked.

" + "documentation":"

Specifies the resource, the Hook, and the Hook version to be invoked.

" }, "ChangeSetHookResourceTargetDetails":{ "type":"structure", @@ -1705,7 +1766,7 @@ "documentation":"

Specifies the action of the resource.

" } }, - "documentation":"

Specifies RESOURCE type target details for activated hooks.

" + "documentation":"

Specifies RESOURCE type target details for activated Hooks.

" }, "ChangeSetHookTargetDetails":{ "type":"structure", @@ -1719,7 +1780,7 @@ "documentation":"

Required if TargetType is RESOURCE.

" } }, - "documentation":"

Specifies target details for an activated hook.

" + "documentation":"

Specifies target details for an activated Hook.

" }, "ChangeSetHooks":{ "type":"list", @@ -1752,8 +1813,7 @@ }, "ChangeSetNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified change set name or ID doesn't exit. To view valid change sets for a stack, use the ListChangeSets operation.

", "error":{ "code":"ChangeSetNotFound", @@ -1805,7 +1865,7 @@ }, "Status":{ "shape":"ChangeSetStatus", - "documentation":"

The state of the change set, such as CREATE_IN_PROGRESS, CREATE_COMPLETE, or FAILED.

" + "documentation":"

The state of the change set, such as CREATE_PENDING, CREATE_COMPLETE, or FAILED.

" }, "StatusReason":{ "shape":"ChangeSetStatusReason", @@ -1884,8 +1944,7 @@ }, "ConcurrentResourcesLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

No more than 5 generated templates can be in an InProgress or Pending status at one time. This error is also returned if a generated template that is in an InProgress or Pending status is attempted to be updated or deleted.

", "error":{ "code":"ConcurrentResourcesLimitExceeded", @@ -1931,8 +1990,7 @@ }, "ContinueUpdateRollbackOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The output for a ContinueUpdateRollback operation.

" }, "CreateChangeSetInput":{ @@ -1952,7 +2010,7 @@ }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify only TemplateBody or TemplateURL.

" + "documentation":"

The URL of the file that contains the revised template. The URL must point to a template (max size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

Conditional: You must specify only TemplateBody or TemplateURL.

" }, "UsePreviousTemplate":{ "shape":"UsePreviousTemplate", @@ -1964,11 +2022,11 @@ }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.

    If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.

    For more information about macros, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.

    If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.

    For more information about macros, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "ResourceTypes":{ "shape":"ResourceTypes", - "documentation":"

The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see Control access with Identity and Access Management in the CloudFormation User Guide.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see Control access with Identity and Access Management in the CloudFormation User Guide.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "RoleARN":{ "shape":"RoleARN", @@ -2016,7 +2074,7 @@ }, "ImportExistingResources":{ "shape":"ImportExistingResources", - "documentation":"

Indicates if the change set imports resources that already exist.

This parameter can only import resources that have custom names in templates. For more information, see name type in the CloudFormation User Guide. To import resources that do not accept custom names, such as EC2 instances, use the resource import feature instead. For more information, see Import Amazon Web Services resources into a CloudFormation stack with a resource import in the CloudFormation User Guide.

" + "documentation":"

Indicates if the change set auto-imports resources that already exist. For more information, see Import Amazon Web Services resources into a CloudFormation stack automatically in the CloudFormation User Guide.

This parameter can only import resources that have custom names in templates. For more information, see name type in the CloudFormation User Guide. To import resources that do not accept custom names, such as EC2 instances, use the ResourcesToImport parameter instead.

" } }, "documentation":"

The input for the CreateChangeSet action.

" @@ -2041,7 +2099,7 @@ "members":{ "Resources":{ "shape":"ResourceDefinitions", - "documentation":"

An optional list of resources to be included in the generated template.

If no resources are specified,the template will be created without any resources. Resources can be added to the template using the UpdateGeneratedTemplate API action.

" + "documentation":"

An optional list of resources to be included in the generated template.

If no resources are specified,the template will be created without any resources. Resources can be added to the template using the UpdateGeneratedTemplate API action.

" }, "GeneratedTemplateName":{ "shape":"GeneratedTemplateName", @@ -2076,11 +2134,11 @@ }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" + "documentation":"

Structure that contains the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify either TemplateBody or TemplateURL, but not both.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template (max size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" }, "Parameters":{ "shape":"Parameters", @@ -2104,11 +2162,11 @@ }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.

    You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.

    Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

    For more information, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.

    You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.

    Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

    For more information, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "ResourceTypes":{ "shape":"ResourceTypes", - "documentation":"

The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources), Custom::* (for all custom resources), Custom::logical_ID (for a specific custom resource), AWS::service_name::* (for all resources of a particular Amazon Web Services service), and AWS::service_name::resource_logical_ID (for a specific Amazon Web Services resource).

If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources), Custom::* (for all custom resources), Custom::logical_ID (for a specific custom resource), AWS::service_name::* (for all resources of a particular Amazon Web Services service), and AWS::service_name::resource_logical_ID (for a specific Amazon Web Services resource).

If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "RoleARN":{ "shape":"RoleARN", @@ -2116,15 +2174,15 @@ }, "OnFailure":{ "shape":"OnFailure", - "documentation":"

Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either OnFailure or DisableRollback, but not both.

Default: ROLLBACK

" + "documentation":"

Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either OnFailure or DisableRollback, but not both.

Although the default setting is ROLLBACK, there is one exception. This exception occurs when a StackSet attempts to deploy a stack instance and the stack instance fails to create successfully. In this case, the CreateStack call overrides the default setting and sets the value of OnFailure to DELETE.

Default: ROLLBACK

" }, "StackPolicyBody":{ "shape":"StackPolicyBody", - "documentation":"

Structure containing the stack policy body. For more information, see Prevent updates to stack resources in the CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" + "documentation":"

Structure that contains the stack policy body. For more information, see Prevent updates to stack resources in the CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" }, "StackPolicyURL":{ "shape":"StackPolicyURL", - "documentation":"

Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" + "documentation":"

Location of a file that contains the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" }, "Tags":{ "shape":"Tags", @@ -2154,15 +2212,15 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to create stack instances from.

" + "documentation":"

The name or unique ID of the StackSet that you want to create stack instances from.

" }, "Accounts":{ "shape":"AccountList", - "documentation":"

[Self-managed permissions] The names of one or more Amazon Web Services accounts that you want to create stack instances in the specified Region(s) for.

You can specify Accounts or DeploymentTargets, but not both.

" + "documentation":"

[Self-managed permissions] The account IDs of one or more Amazon Web Services accounts that you want to create stack instances in the specified Region(s) for.

You can specify Accounts or DeploymentTargets, but not both.

" }, "DeploymentTargets":{ "shape":"DeploymentTargets", - "documentation":"

[Service-managed permissions] The Organizations accounts for which to create stack instances in the specified Amazon Web Services Regions.

You can specify Accounts or DeploymentTargets, but not both.

" + "documentation":"

[Service-managed permissions] The Organizations accounts in which to create stack instances in the specified Amazon Web Services Regions.

You can specify Accounts or DeploymentTargets, but not both.

" }, "Regions":{ "shape":"RegionList", @@ -2170,20 +2228,20 @@ }, "ParameterOverrides":{ "shape":"Parameters", - "documentation":"

A list of stack set parameters whose values you want to override in the selected stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance operations:

  • To override the current value for a parameter, include the parameter and specify its value.

  • To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You can't specify both a value and set UsePreviousValue to true.)

  • To set an overridden parameter back to the value specified in the stack set, specify a parameter list but don't include the parameter in the list.

  • To leave all parameters set to their present values, don't specify this property at all.

During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.

You can only override the parameter values that are specified in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template.

" + "documentation":"

A list of StackSet parameters whose values you want to override in the selected stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance operations:

  • To override the current value for a parameter, include the parameter and specify its value.

  • To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You can't specify both a value and set UsePreviousValue to true.)

  • To set an overridden parameter back to the value specified in the StackSet, specify a parameter list but don't include the parameter in the list.

  • To leave all parameters set to their present values, don't specify this property at all.

During StackSet updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.

You can only override the parameter values that are specified in the StackSet; to add or delete a parameter itself, use UpdateStackSet to update the StackSet template.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

Preferences for how CloudFormation performs this stack set operation.

" + "documentation":"

Preferences for how CloudFormation performs this StackSet operation.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

", + "documentation":"

The unique identifier for this StackSet operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the StackSet operation only once, even if you retry the request multiple times. You might retry StackSet operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

Repeating this StackSet operation with a new operation ID retries all stack instances whose status is OUTDATED.

", "idempotencyToken":true }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -2192,7 +2250,7 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

" + "documentation":"

The unique identifier for this StackSet operation.

" } } }, @@ -2206,70 +2264,102 @@ }, "documentation":"

The output for a CreateStack action.

" }, + "CreateStackRefactorInput":{ + "type":"structure", + "required":["StackDefinitions"], + "members":{ + "Description":{ + "shape":"Description", + "documentation":"

A description to help you identify the stack refactor.

" + }, + "EnableStackCreation":{ + "shape":"EnableStackCreation", + "documentation":"

Determines if a new stack is created with the refactor.

" + }, + "ResourceMappings":{ + "shape":"ResourceMappings", + "documentation":"

The mappings for the stack resource Source and stack resource Destination.

" + }, + "StackDefinitions":{ + "shape":"StackDefinitions", + "documentation":"

The stacks being refactored.

" + } + } + }, + "CreateStackRefactorOutput":{ + "type":"structure", + "required":["StackRefactorId"], + "members":{ + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + } + } + }, "CreateStackSetInput":{ "type":"structure", "required":["StackSetName"], "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name to associate with the stack set. The name must be unique in the Region where you create your stack set.

A stack name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and can't be longer than 128 characters.

" + "documentation":"

The name to associate with the StackSet. The name must be unique in the Region where you create your StackSet.

A stack name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and can't be longer than 128 characters.

" }, "Description":{ "shape":"Description", - "documentation":"

A description of the stack set. You can use the description to identify the stack set's purpose or other important information.

" + "documentation":"

A description of the StackSet. You can use the description to identify the StackSet's purpose or other important information.

" }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" + "documentation":"

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template (maximum size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://. S3 static website URLs are not supported.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

" }, "StackId":{ "shape":"StackId", - "documentation":"

The stack ID you are importing into a new stack set. Specify the Amazon Resource Name (ARN) of the stack.

" + "documentation":"

The stack ID you are importing into a new StackSet. Specify the Amazon Resource Name (ARN) of the stack.

" }, "Parameters":{ "shape":"Parameters", - "documentation":"

The input parameters for the stack set template.

" + "documentation":"

The input parameters for the StackSet template.

" }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for CloudFormation to create the stack set and related stack instances.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stack sets, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some templates reference macros. If your stack set template references one or more macros, you must create the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To create the stack set directly, you must acknowledge this capability. For more information, see Using CloudFormation Macros to Perform Custom Processing on Templates.

    Stack sets with service-managed permissions don't currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.
" + "documentation":"

In some cases, you must explicitly acknowledge that your StackSet template contains certain capabilities in order for CloudFormation to create the StackSet and related stack instances.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those StackSets, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some templates reference macros. If your StackSet template references one or more macros, you must create the StackSet directly from the processed template, without first reviewing the resulting changes in a change set. To create the StackSet directly, you must acknowledge this capability. For more information, see Perform custom processing on CloudFormation templates with template macros.

    StackSets with service-managed permissions don't currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a StackSet with service-managed permissions, if you reference a macro in your template the StackSet operation will fail.
" }, "Tags":{ "shape":"Tags", - "documentation":"

The key-value pairs to associate with this stack set and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

If you specify tags as part of a CreateStackSet action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you don't, the entire CreateStackSet action fails with an access denied error, and the stack set is not created.

" + "documentation":"

The key-value pairs to associate with this StackSet and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

If you specify tags as part of a CreateStackSet action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you don't, the entire CreateStackSet action fails with an access denied error, and the StackSet is not created.

" }, "AdministrationRoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to use to create this stack set.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the CloudFormation User Guide.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to use to create this StackSet.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Grant self-managed permissions in the CloudFormation User Guide.

Valid only if the permissions model is SELF_MANAGED.

" }, "ExecutionRoleName":{ "shape":"ExecutionRoleName", - "documentation":"

The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.

" + "documentation":"

The name of the IAM execution role to use to create the StackSet. If you do not specify an execution role, CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the StackSet operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their StackSets.

Valid only if the permissions model is SELF_MANAGED.

" }, "PermissionModel":{ "shape":"PermissionModels", - "documentation":"

Describes how the IAM roles required for stack set operations are created. By default, SELF-MANAGED is specified.

" + "documentation":"

Describes how the IAM roles required for StackSet operations are created. By default, SELF-MANAGED is specified.

" }, "AutoDeployment":{ "shape":"AutoDeployment", - "documentation":"

Describes whether StackSets automatically deploys to Organizations accounts that are added to the target organization or organizational unit (OU). Specify only if PermissionModel is SERVICE_MANAGED.

" + "documentation":"

Describes whether StackSets automatically deploys to Organizations accounts that are added to the target organization or organizational unit (OU). For more information, see Enable or disable automatic deployments for StackSets in Organizations in the CloudFormation User Guide.

Required if the permissions model is SERVICE_MANAGED. (Not used with self-managed permissions.)

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • To create a stack set with service-managed permissions while signed in to the management account, specify SELF.

  • To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators.

" + "documentation":"

Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • To create a StackSet with service-managed permissions while signed in to the management account, specify SELF.

  • To create a StackSet with service-managed permissions while signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

StackSets with service-managed permissions are created in the management account, including StackSets that are created by delegated administrators.

Valid only if the permissions model is SERVICE_MANAGED.

" }, "ClientRequestToken":{ "shape":"ClientRequestToken", - "documentation":"

A unique identifier for this CreateStackSet request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create another stack set with the same name. You might retry CreateStackSet requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

", + "documentation":"

A unique identifier for this CreateStackSet request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create another StackSet with the same name. You might retry CreateStackSet requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

", "idempotencyToken":true }, "ManagedExecution":{ "shape":"ManagedExecution", - "documentation":"

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

" + "documentation":"

Describes whether CloudFormation performs non-conflicting operations concurrently and queues conflicting operations.

" } } }, @@ -2278,14 +2368,13 @@ "members":{ "StackSetId":{ "shape":"StackSetId", - "documentation":"

The ID of the stack set that you're creating.

" + "documentation":"

The ID of the StackSet that you're creating.

" } } }, "CreatedButModifiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource exists, but has been changed.

", "error":{ "code":"CreatedButModifiedException", @@ -2297,20 +2386,18 @@ "CreationTime":{"type":"timestamp"}, "DeactivateOrganizationsAccessInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeactivateOrganizationsAccessOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeactivateTypeInput":{ "type":"structure", "members":{ "TypeName":{ "shape":"TypeName", - "documentation":"

The type name of the extension, in this account and Region. If you specified a type name alias when enabling the extension, use the type name alias.

Conditional: You must specify either Arn, or TypeName and Type.

" + "documentation":"

The type name of the extension in this account and Region. If you specified a type name alias when enabling the extension, use the type name alias.

Conditional: You must specify either Arn, or TypeName and Type.

" }, "Type":{ "shape":"ThirdPartyType", @@ -2318,14 +2405,13 @@ }, "Arn":{ "shape":"PrivateTypeArn", - "documentation":"

The Amazon Resource Name (ARN) for the extension, in this account and Region.

Conditional: You must specify either Arn, or TypeName and Type.

" + "documentation":"

The Amazon Resource Name (ARN) for the extension in this account and Region.

Conditional: You must specify either Arn, or TypeName and Type.

" } } }, "DeactivateTypeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChangeSetInput":{ "type":"structure", @@ -2344,8 +2430,7 @@ }, "DeleteChangeSetOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The output for the DeleteChangeSet action.

" }, "DeleteGeneratedTemplateInput":{ @@ -2395,11 +2480,11 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to delete stack instances for.

" + "documentation":"

The name or unique ID of the StackSet that you want to delete stack instances for.

" }, "Accounts":{ "shape":"AccountList", - "documentation":"

[Self-managed permissions] The names of the Amazon Web Services accounts that you want to delete stack instances for.

You can specify Accounts or DeploymentTargets, but not both.

" + "documentation":"

[Self-managed permissions] The account IDs of the Amazon Web Services accounts that you want to delete stack instances for.

You can specify Accounts or DeploymentTargets, but not both.

" }, "DeploymentTargets":{ "shape":"DeploymentTargets", @@ -2407,24 +2492,24 @@ }, "Regions":{ "shape":"RegionList", - "documentation":"

The Amazon Web Services Regions where you want to delete stack set instances.

" + "documentation":"

The Amazon Web Services Regions where you want to delete StackSet instances.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

Preferences for how CloudFormation performs this stack set operation.

" + "documentation":"

Preferences for how CloudFormation performs this StackSet operation.

" }, "RetainStacks":{ "shape":"RetainStacks", - "documentation":"

Removes the stack instances from the specified stack set, but doesn't delete the stacks. You can't reassociate a retained stack or add an existing, saved stack to a new stack set.

For more information, see Stack set operation options.

" + "documentation":"

Removes the stack instances from the specified StackSet, but doesn't delete the stacks. You can't reassociate a retained stack or add an existing, saved stack to a new stack set.

For more information, see StackSet operation options.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

If you don't specify an operation ID, the SDK generates one automatically.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You can retry stack set operation requests to ensure that CloudFormation successfully received them.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

", + "documentation":"

The unique identifier for this StackSet operation.

If you don't specify an operation ID, the SDK generates one automatically.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the StackSet operation only once, even if you retry the request multiple times. You can retry StackSet operation requests to ensure that CloudFormation successfully received them.

Repeating this StackSet operation with a new operation ID retries all stack instances whose status is OUTDATED.

", "idempotencyToken":true }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -2433,7 +2518,7 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

" + "documentation":"

The unique identifier for this StackSet operation.

" } } }, @@ -2443,18 +2528,17 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you're deleting. You can obtain this value by running ListStackSets.

" + "documentation":"

The name or unique ID of the StackSet that you're deleting. You can obtain this value by running ListStackSets.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, "DeleteStackSetOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletionMode":{ "type":"string", @@ -2469,22 +2553,22 @@ "members":{ "Accounts":{ "shape":"AccountList", - "documentation":"

The names of one or more Amazon Web Services accounts for which you want to deploy stack set updates.

" + "documentation":"

The Amazon Web Services account IDs where you want to perform stack operations. How these accounts are used depends on the AccountFilterType property.

If you have many account numbers, you can provide those accounts using the AccountsUrl property instead.

" }, "AccountsUrl":{ "shape":"AccountsUrl", - "documentation":"

Returns the value of the AccountsUrl property.

" + "documentation":"

The Amazon S3 URL path to a file that contains a list of Amazon Web Services account IDs. The file format must be either .csv or .txt, and the data can be comma-separated or new-line-separated. There is currently a 10MB limit for the data (approximately 800,000 accounts).

This property serves the same purpose as Accounts but allows you to specify a large number of accounts.

" }, "OrganizationalUnitIds":{ "shape":"OrganizationalUnitIdList", - "documentation":"

The organization root ID or organizational unit (OU) IDs to which StackSets deploys.

" + "documentation":"

The organization root ID or organizational unit (OU) IDs where you want to perform stack operations. CloudFormation will perform operations on accounts within these OUs and their child OUs.

" }, "AccountFilterType":{ "shape":"AccountFilterType", - "documentation":"

Limit deployment targets to individual accounts or include additional accounts with provided OUs.

The following is a list of possible values for the AccountFilterType operation.

  • INTERSECTION: StackSets deploys to the accounts specified in Accounts parameter.

  • DIFFERENCE: StackSets excludes the accounts specified in Accounts parameter. This enables user to avoid certain accounts within an OU such as suspended accounts.

  • UNION: StackSets includes additional accounts deployment targets.

    This is the default value if AccountFilterType is not provided. This enables user to update an entire OU and individual accounts from a different OU in one request, which used to be two separate requests.

  • NONE: Deploys to all the accounts in specified organizational units (OU).

" + "documentation":"

Refines which accounts will have stack operations performed on them by specifying how to use the Accounts and OrganizationalUnitIds properties together.

The following values determine how CloudFormation selects target accounts:

  • INTERSECTION: Performs stack operations only on specific individual accounts within the selected OUs. Only accounts that are both specified in the Accounts property and belong to the specified OUs will be targeted.

  • DIFFERENCE: Performs stack operations on all accounts in the selected OUs except for specific accounts listed in the Accounts property. This enables you to exclude certain accounts within an OU, such as suspended accounts.

  • UNION: Performs stack operations on the specified OUs plus additional individual accounts listed in the Accounts property. This is the default value if AccountFilterType is not provided. This lets you target an entire OU and individual accounts from a different OU in one request. Note that UNION is not supported for CreateStackInstances operations.

  • NONE: Performs stack operations on all accounts in the specified organizational units (OUs).

" } }, - "documentation":"

[Service-managed permissions] The Organizations accounts to which StackSets deploys. StackSets doesn't deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization.

For update operations, you can specify either Accounts or OrganizationalUnitIds. For create and delete operations, specify OrganizationalUnitIds.

" + "documentation":"

Specifies the Organizations accounts where you want to create, update, or delete stack instances. You can target either your entire organization or specific accounts using organizational units (OUs) and account filter options.

CloudFormation doesn't deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization.

When performing create operations, if you specify both OrganizationalUnitIds and Accounts, you must also specify the AccountFilterType property.

" }, "DeprecatedStatus":{ "type":"string", @@ -2516,8 +2600,7 @@ }, "DeregisterTypeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountLimitsInput":{ "type":"structure", @@ -2561,7 +2644,7 @@ }, "LogicalResourceId":{ "shape":"LogicalResourceId", - "documentation":"

If specified, lists only the hooks related to the specified LogicalResourceId.

" + "documentation":"

If specified, lists only the Hooks related to the specified LogicalResourceId.

" } } }, @@ -2578,7 +2661,7 @@ }, "Hooks":{ "shape":"ChangeSetHooks", - "documentation":"

List of hook objects.

" + "documentation":"

List of Hook objects.

" }, "Status":{ "shape":"ChangeSetHooksStatus", @@ -2658,7 +2741,7 @@ }, "Status":{ "shape":"ChangeSetStatus", - "documentation":"

The current status of the change set, such as CREATE_IN_PROGRESS, CREATE_COMPLETE, or FAILED.

" + "documentation":"

The current status of the change set, such as CREATE_PENDING, CREATE_COMPLETE, or FAILED.

" }, "StatusReason":{ "shape":"ChangeSetStatusReason", @@ -2706,7 +2789,7 @@ }, "ImportExistingResources":{ "shape":"ImportExistingResources", - "documentation":"

Indicates if the change set imports resources that already exist.

This parameter can only import resources that have custom names in templates. To import resources that do not accept custom names, such as EC2 instances, use the resource import feature instead.

" + "documentation":"

Indicates if the change set imports resources that already exist.

This parameter can only import resources that have custom names in templates. To import resources that do not accept custom names, such as EC2 instances, use the resource import feature instead.

" } }, "documentation":"

The output for the DescribeChangeSet action.

" @@ -2837,7 +2920,7 @@ }, "Status":{ "shape":"ResourceScanStatus", - "documentation":"

Status of the resource scan.

INPROGRESS

The resource scan is still in progress.

COMPLETE

The resource scan is complete.

EXPIRED

The resource scan has expired.

FAILED

The resource scan has failed.

" + "documentation":"

Status of the resource scan.

IN_PROGRESS

The resource scan is still in progress.

COMPLETE

The resource scan is complete.

EXPIRED

The resource scan has expired.

FAILED

The resource scan has failed.

" }, "StatusReason":{ "shape":"ResourceScanStatusReason", @@ -2865,7 +2948,11 @@ }, "ResourcesRead":{ "shape":"ResourcesRead", - "documentation":"

The number of resources that were read. This is only available for scans with a Status set to COMPLETE, EXPIRED, or FAILED .

This field may be 0 if the resource scan failed with a ResourceScanLimitExceededException.

" + "documentation":"

The number of resources that were read. This is only available for scans with a Status set to COMPLETE, EXPIRED, or FAILED.

This field may be 0 if the resource scan failed with a ResourceScanLimitExceededException.

" + }, + "ScanFilters":{ + "shape":"ScanFilters", + "documentation":"

The scan filters that were used.

" } } }, @@ -2898,7 +2985,7 @@ }, "StackDriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack's actual configuration compared to its expected configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the stack's actual configuration compared to its expected configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: CloudFormation could not run drift detection for a resource in the stack. See the DetectionStatusReason for details.

" }, "DetectionStatus":{ "shape":"StackDriftDetectionStatus", @@ -2923,7 +3010,7 @@ "members":{ "StackName":{ "shape":"StackName", - "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

" + "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

" }, "NextToken":{ "shape":"NextToken", @@ -2956,7 +3043,7 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or the unique stack ID of the stack set that you want to get stack instance information for.

" + "documentation":"

The name or the unique stack ID of the StackSet that you want to get stack instance information for.

" }, "StackInstanceAccount":{ "shape":"Account", @@ -2968,7 +3055,7 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -2981,6 +3068,49 @@ } } }, + "DescribeStackRefactorInput":{ + "type":"structure", + "required":["StackRefactorId"], + "members":{ + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + } + } + }, + "DescribeStackRefactorOutput":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"Description", + "documentation":"

A description to help you identify the refactor.

" + }, + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + }, + "StackIds":{ + "shape":"StackIds", + "documentation":"

The unique ID for each stack.

" + }, + "ExecutionStatus":{ + "shape":"StackRefactorExecutionStatus", + "documentation":"

The stack refactor execution operation status that's provided after calling the ExecuteStackRefactor action.

" + }, + "ExecutionStatusReason":{ + "shape":"ExecutionStatusReason", + "documentation":"

A detailed explanation for the stack refactor ExecutionStatus.

" + }, + "Status":{ + "shape":"StackRefactorStatus", + "documentation":"

The stack refactor operation status that's provided after calling the CreateStackRefactor action.

" + }, + "StatusReason":{ + "shape":"StackRefactorStatusReason", + "documentation":"

A detailed explanation for the stack refactor operation Status.

" + } + } + }, "DescribeStackResourceDriftsInput":{ "type":"structure", "required":["StackName"], @@ -2991,7 +3121,7 @@ }, "StackResourceDriftStatusFilters":{ "shape":"StackResourceDriftStatusFilters", - "documentation":"

The resource drift status values to use as filters for the resource drift results returned.

  • DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

  • MODIFIED: One or more resource properties differ from their expected template values.

  • IN_SYNC: The resource's actual configuration matches its expected template configuration.

  • NOT_CHECKED: CloudFormation doesn't currently return this value.

" + "documentation":"

The resource drift status values to use as filters for the resource drift results returned.

  • DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

  • MODIFIED: One or more resource properties differ from their expected template values.

  • IN_SYNC: The resource's actual configuration matches its expected template configuration.

  • NOT_CHECKED: CloudFormation doesn't currently return this value.

  • UNKNOWN: CloudFormation could not run drift detection for the resource.

" }, "NextToken":{ "shape":"NextToken", @@ -3026,11 +3156,11 @@ "members":{ "StackName":{ "shape":"StackName", - "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

" + "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

" }, "LogicalResourceId":{ "shape":"LogicalResourceId", - "documentation":"

The logical name of the resource as specified in the template.

Default: There is no default value.

" + "documentation":"

The logical name of the resource as specified in the template.

" } }, "documentation":"

The input for DescribeStackResource action.

" @@ -3040,7 +3170,7 @@ "members":{ "StackResourceDetail":{ "shape":"StackResourceDetail", - "documentation":"

A StackResourceDetail structure containing the description of the specified resource in the specified stack.

" + "documentation":"

A StackResourceDetail structure that contains the description of the specified resource in the specified stack.

" } }, "documentation":"

The output for a DescribeStackResource action.

" @@ -3050,15 +3180,15 @@ "members":{ "StackName":{ "shape":"StackName", - "documentation":"

The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

Required: Conditional. If you don't specify StackName, you must specify PhysicalResourceId.

" + "documentation":"

The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Required: Conditional. If you don't specify StackName, you must specify PhysicalResourceId.

" }, "LogicalResourceId":{ "shape":"LogicalResourceId", - "documentation":"

The logical name of the resource as specified in the template.

Default: There is no default value.

" + "documentation":"

The logical name of the resource as specified in the template.

" }, "PhysicalResourceId":{ "shape":"PhysicalResourceId", - "documentation":"

The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.

For example, for an Amazon Elastic Compute Cloud (EC2) instance, PhysicalResourceId corresponds to the InstanceId. You can pass the EC2 InstanceId to DescribeStackResources to find which stack the instance belongs to and what other resources are part of the stack.

Required: Conditional. If you don't specify PhysicalResourceId, you must specify StackName.

Default: There is no default value.

" + "documentation":"

The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.

For example, for an Amazon Elastic Compute Cloud (EC2) instance, PhysicalResourceId corresponds to the InstanceId. You can pass the EC2 InstanceId to DescribeStackResources to find which stack the instance belongs to and what other resources are part of the stack.

Required: Conditional. If you don't specify PhysicalResourceId, you must specify StackName.

" } }, "documentation":"

The input for DescribeStackResources action.

" @@ -3079,11 +3209,11 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set whose description you want.

" + "documentation":"

The name or unique ID of the StackSet whose description you want.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -3096,15 +3226,15 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or the unique stack ID of the stack set for the stack operation.

" + "documentation":"

The name or the unique stack ID of the StackSet for the stack operation.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique ID of the stack set operation.

" + "documentation":"

The unique ID of the StackSet operation.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -3113,7 +3243,7 @@ "members":{ "StackSetOperation":{ "shape":"StackSetOperation", - "documentation":"

The specified stack set operation.

" + "documentation":"

The specified StackSet operation.

" } } }, @@ -3122,7 +3252,7 @@ "members":{ "StackSet":{ "shape":"StackSet", - "documentation":"

The specified stack set.

" + "documentation":"

The specified StackSet.

" } } }, @@ -3131,7 +3261,7 @@ "members":{ "StackName":{ "shape":"StackName", - "documentation":"

If you don't pass a parameter to StackName, the API returns a response that describes all resources in the account, which can impact performance. This requires ListStacks and DescribeStacks permissions.

Consider using the ListStacks API if you're not passing a parameter to StackName.

The IAM policy below can be added to IAM policies when you want to limit resource-level permissions and avoid returning a response when no parameter is sent in the request:

{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Deny\", \"Action\": \"cloudformation:DescribeStacks\", \"NotResource\": \"arn:aws:cloudformation:*:*:stack/*/*\" }] }

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

" + "documentation":"

If you don't pass a parameter to StackName, the API returns a response that describes all resources in the account, which can impact performance. This requires ListStacks and DescribeStacks permissions.

Consider using the ListStacks API if you're not passing a parameter to StackName.

The IAM policy below can be added to IAM policies when you want to limit resource-level permissions and avoid returning a response when no parameter is sent in the request:

{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Deny\", \"Action\": \"cloudformation:DescribeStacks\", \"NotResource\": \"arn:aws:cloudformation:*:*:stack/*/*\" }] }

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

" }, "NextToken":{ "shape":"NextToken", @@ -3220,7 +3350,7 @@ }, "Schema":{ "shape":"TypeSchema", - "documentation":"

The schema that defines the extension.

For more information about extension schemas, see Resource type schema in the CloudFormation Command Line Interface (CLI) User Guide.

" + "documentation":"

The schema that defines the extension.

For more information, see Resource type schema in the CloudFormation Command Line Interface (CLI) User Guide and the CloudFormation Hooks User Guide.

" }, "ProvisioningType":{ "shape":"ProvisioningType", @@ -3264,7 +3394,7 @@ }, "ConfigurationSchema":{ "shape":"ConfigurationSchema", - "documentation":"

A JSON string that represent the current configuration data for the extension in this account and Region.

To set the configuration data for an extension, use SetTypeConfiguration. For more information, see Edit configuration data for extensions in your account in the CloudFormation User Guide.

" + "documentation":"

A JSON string that represent the current configuration data for the extension in this account and Region.

To set the configuration data for an extension, use SetTypeConfiguration.

" }, "PublisherId":{ "shape":"PublisherId", @@ -3396,20 +3526,20 @@ "members":{ "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name of the stack set on which to perform the drift detection operation.

" + "documentation":"

The name of the StackSet on which to perform the drift detection operation.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

The user-specified preferences for how CloudFormation performs a stack set operation.

For more information about maximum concurrent accounts and failure tolerance, see Stack set operation options.

" + "documentation":"

The user-specified preferences for how CloudFormation performs a StackSet operation.

For more information about maximum concurrent accounts and failure tolerance, see StackSet operation options.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The ID of the stack set operation.

", + "documentation":"

The ID of the StackSet operation.

", "idempotencyToken":true }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -3418,10 +3548,11 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The ID of the drift detection stack set operation.

You can use this operation ID with DescribeStackSetOperation to monitor the progress of the drift detection operation.

" + "documentation":"

The ID of the drift detection StackSet operation.

You can use this operation ID with DescribeStackSetOperation to monitor the progress of the drift detection operation.

" } } }, + "DetectionReason":{"type":"string"}, "DifferenceType":{ "type":"string", "enum":[ @@ -3435,6 +3566,7 @@ "type":"integer", "min":0 }, + "EnableStackCreation":{"type":"boolean"}, "EnableTerminationProtection":{"type":"boolean"}, "ErrorCode":{ "type":"string", @@ -3451,11 +3583,11 @@ "members":{ "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must pass TemplateBody or TemplateURL. If both are passed, only TemplateBody is used.

" + "documentation":"

Structure that contains the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must pass TemplateBody or TemplateURL. If both are passed, only TemplateBody is used.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" }, "Parameters":{ "shape":"Parameters", @@ -3511,10 +3643,19 @@ }, "ExecuteChangeSetOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The output for the ExecuteChangeSet action.

" }, + "ExecuteStackRefactorInput":{ + "type":"structure", + "required":["StackRefactorId"], + "members":{ + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + } + } + }, "ExecutionRoleName":{ "type":"string", "max":64, @@ -3532,6 +3673,7 @@ "OBSOLETE" ] }, + "ExecutionStatusReason":{"type":"string"}, "Export":{ "type":"structure", "members":{ @@ -3548,7 +3690,7 @@ "documentation":"

The value of the exported output, such as a resource physical ID. This value is defined in the Export field in the associated stack's Outputs section.

" } }, - "documentation":"

The Export structure describes the exported output values for a stack.

" + "documentation":"

The Export structure describes the exported output values for a stack.

For more information, see Get exported outputs from a deployed CloudFormation stack.

" }, "ExportName":{"type":"string"}, "ExportValue":{"type":"string"}, @@ -3588,8 +3730,7 @@ }, "GeneratedTemplateNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The generated template was not found.

", "error":{ "code":"GeneratedTemplateNotFound", @@ -3670,7 +3811,7 @@ "members":{ "StackPolicyBody":{ "shape":"StackPolicyBody", - "documentation":"

Structure containing the stack policy body. (For more information, see Prevent updates to stack resources in the CloudFormation User Guide.)

" + "documentation":"

Structure that contains the stack policy body. (For more information, see Prevent updates to stack resources in the CloudFormation User Guide.)

" } }, "documentation":"

The output for the GetStackPolicy action.

" @@ -3680,7 +3821,7 @@ "members":{ "StackName":{ "shape":"StackName", - "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

" + "documentation":"

The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

" }, "ChangeSetName":{ "shape":"ChangeSetNameOrId", @@ -3698,7 +3839,7 @@ "members":{ "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body.

CloudFormation returns the same template that was used when the stack was created.

" + "documentation":"

Structure that contains the template body.

CloudFormation returns the same template that was used when the stack was created.

" }, "StagesAvailable":{ "shape":"StageList", @@ -3712,11 +3853,11 @@ "members":{ "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" + "documentation":"

Structure that contains the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template (max size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" }, "StackName":{ "shape":"StackNameOrId", @@ -3724,11 +3865,11 @@ }, "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name or unique ID of the stack set from which the stack was created.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" + "documentation":"

The name or unique ID of the StackSet from which the stack was created.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" }, "TemplateSummaryConfig":{ "shape":"TemplateSummaryConfig", @@ -3750,7 +3891,7 @@ }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the CreateStack or UpdateStack actions with your template; otherwise, those actions return an InsufficientCapabilities error.

For more information, see Acknowledging IAM resources in CloudFormation templates.

" + "documentation":"

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the CreateStack or UpdateStack actions with your template; otherwise, those actions return an InsufficientCapabilities error.

For more information, see Acknowledging IAM resources in CloudFormation templates.

" }, "CapabilitiesReason":{ "shape":"CapabilitiesReason", @@ -3778,7 +3919,7 @@ }, "Warnings":{ "shape":"Warnings", - "documentation":"

An object containing any warnings returned.

" + "documentation":"

An object that contains any warnings returned.

" } }, "documentation":"

The output for the GetTemplateSummary action.

" @@ -3819,6 +3960,12 @@ "max":100, "min":1 }, + "HookInvocationId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + }, "HookInvocationPoint":{ "type":"string", "enum":["PRE_PROVISION"] @@ -3831,8 +3978,7 @@ }, "HookResultNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified target doesn't have any requested Hook invocations.

", "error":{ "code":"HookResultNotFound", @@ -3848,33 +3994,57 @@ "HookResultSummary":{ "type":"structure", "members":{ + "HookResultId":{ + "shape":"HookInvocationId", + "documentation":"

The unique identifier for this Hook invocation result.

" + }, "InvocationPoint":{ "shape":"HookInvocationPoint", - "documentation":"

The exact point in the provisioning logic where the Hook runs.

" + "documentation":"

The specific point in the provisioning process where the Hook is invoked.

" }, "FailureMode":{ "shape":"HookFailureMode", - "documentation":"

The failure mode of the invocation. The following are potential modes:

  • FAIL: If the hook invocation returns a failure, then the requested target operation should fail.

  • WARN: If the hook invocation returns a failure, then the requested target operation should warn.

" + "documentation":"

The failure mode of the invocation.

" }, "TypeName":{ "shape":"HookTypeName", - "documentation":"

The type name of the Hook being invoked.

" + "documentation":"

The name of the Hook that was invoked.

" }, "TypeVersionId":{ "shape":"HookTypeVersionId", - "documentation":"

The version of the Hook being invoked.

" + "documentation":"

The version of the Hook that was invoked.

" }, "TypeConfigurationVersionId":{ "shape":"HookTypeConfigurationVersionId", - "documentation":"

The version of the Hook type configuration.

" + "documentation":"

The version of the Hook configuration.

" }, "Status":{ "shape":"HookStatus", - "documentation":"

The state of the Hook invocation.

" + "documentation":"

The status of the Hook invocation. The following statuses are possible:

  • HOOK_IN_PROGRESS: The Hook is currently running.

  • HOOK_COMPLETE_SUCCEEDED: The Hook completed successfully.

  • HOOK_COMPLETE_FAILED: The Hook completed but failed validation.

  • HOOK_FAILED: The Hook encountered an error during execution.

" }, "HookStatusReason":{ "shape":"HookStatusReason", - "documentation":"

A description of the Hook results status. For example, if the Hook result is in a FAILED state, this may contain additional information for the FAILED state.

" + "documentation":"

A description of the Hook results status. For example, if the Hook result is in a failed state, this may contain additional information for the failed state.

" + }, + "InvokedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the Hook was invoked.

Only shown in responses when the request does not specify TargetType and TargetId filters.

" + }, + "TargetType":{ + "shape":"ListHookResultsTargetType", + "documentation":"

The target type that the Hook was invoked against.

" + }, + "TargetId":{ + "shape":"HookResultId", + "documentation":"

The unique identifier of the Hook invocation target.

" + }, + "TypeArn":{ + "shape":"HookTypeArn", + "documentation":"

The ARN of the Hook that was invoked.

" + }, + "HookExecutionTarget":{ + "shape":"HookResultId", + "documentation":"

The ARN of the target stack or request token of the Cloud Control API operation.

Only shown in responses when the request does not specify TargetType and TargetId filters.

" } }, "documentation":"

Describes a Hook invocation, its status, and the reason for its status.

" @@ -3908,6 +4078,11 @@ "max":255, "min":1 }, + "HookTypeArn":{ + "type":"string", + "max":1024, + "pattern":"arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:([0-9]{12})?:type/hook/[A-Za-z0-9-]+/?" + }, "HookTypeConfigurationVersionId":{ "type":"string", "max":128, @@ -3940,11 +4115,11 @@ "members":{ "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name of the stack set. The name must be unique in the Region where you create your stack set.

" + "documentation":"

The name of the StackSet. The name must be unique in the Region where you create your StackSet.

" }, "StackIds":{ "shape":"StackIdList", - "documentation":"

The IDs of the stacks you are importing into a stack set. You import up to 10 stacks per stack set at a time.

Specify either StackIds or StackIdsUrl.

" + "documentation":"

The IDs of the stacks you are importing into a StackSet. You import up to 10 stacks per StackSet at a time.

Specify either StackIds or StackIdsUrl.

" }, "StackIdsUrl":{ "shape":"StackIdsUrl", @@ -3952,20 +4127,20 @@ }, "OrganizationalUnitIds":{ "shape":"OrganizationalUnitIdList", - "documentation":"

The list of OU ID's to which the stacks being imported has to be mapped as deployment target.

" + "documentation":"

The list of OU ID's to which the imported stacks must be mapped as deployment targets.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

The user-specified preferences for how CloudFormation performs a stack set operation.

For more information about maximum concurrent accounts and failure tolerance, see Stack set operation options.

" + "documentation":"

The user-specified preferences for how CloudFormation performs a StackSet operation.

For more information about maximum concurrent accounts and failure tolerance, see StackSet operation options.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

A unique, user defined, identifier for the stack set operation.

", + "documentation":"

A unique, user defined, identifier for the StackSet operation.

", "idempotencyToken":true }, "CallAs":{ "shape":"CallAs", - "documentation":"

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • For service managed stack sets, specify DELEGATED_ADMIN.

" + "documentation":"

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • For service managed StackSets, specify DELEGATED_ADMIN.

" } } }, @@ -3974,7 +4149,7 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for the stack set operation.

" + "documentation":"

The unique identifier for the StackSet operation.

" } } }, @@ -3994,8 +4169,7 @@ "IncludePropertyValues":{"type":"boolean"}, "InsufficientCapabilitiesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The template contains resources with capabilities that weren't specified in the Capabilities parameter.

", "error":{ "code":"InsufficientCapabilitiesException", @@ -4006,8 +4180,7 @@ }, "InvalidChangeSetStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified change set can't be used to update the stack. For example, the change set status might be CREATE_IN_PROGRESS, or the stack status might be UPDATE_IN_PROGRESS.

", "error":{ "code":"InvalidChangeSetStatus", @@ -4018,8 +4191,7 @@ }, "InvalidOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified operation isn't valid.

", "error":{ "code":"InvalidOperationException", @@ -4030,8 +4202,7 @@ }, "InvalidStateTransitionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Error reserved for use by the CloudFormation CLI. CloudFormation doesn't return this error to users.

", "error":{ "code":"InvalidStateTransition", @@ -4060,8 +4231,7 @@ "LastUpdatedTime":{"type":"timestamp"}, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The quota for the resource has already been reached.

For information about resource and stack limitations, see CloudFormation quotas in the CloudFormation User Guide.

", "error":{ "code":"LimitExceededException", @@ -4132,7 +4302,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListGeneratedTemplates API action will return at most 50 results in each response. The maximum value is 100.

" + "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListGeneratedTemplates API action will return at most 50 results in each response. The maximum value is 100.

" } } }, @@ -4151,18 +4321,22 @@ }, "ListHookResultsInput":{ "type":"structure", - "required":[ - "TargetType", - "TargetId" - ], "members":{ "TargetType":{ "shape":"ListHookResultsTargetType", - "documentation":"

The type of operation being targeted by the Hook.

" + "documentation":"

Filters results by target type. Currently, only CHANGE_SET and CLOUD_CONTROL are supported filter options.

Required when TargetId is specified and cannot be used otherwise.

" }, "TargetId":{ "shape":"HookResultId", - "documentation":"

The logical ID of the target the operation is acting on by the Hook. If the target is a change set, it's the ARN of the change set.

If the target is a Cloud Control API operation, this will be the HookRequestToken returned by the Cloud Control API operation request. For more information on the HookRequestToken, see ProgressEvent.

" + "documentation":"

Filters results by the unique identifier of the target the Hook was invoked against.

For change sets, this is the change set ARN. When the target is a Cloud Control API operation, this value must be the HookRequestToken returned by the Cloud Control API request. For more information on the HookRequestToken, see ProgressEvent.

Required when TargetType is specified and cannot be used otherwise.

" + }, + "TypeArn":{ + "shape":"HookTypeArn", + "documentation":"

Filters results by the ARN of the Hook. Can be used alone or in combination with Status.

" + }, + "Status":{ + "shape":"HookStatus", + "documentation":"

Filters results by the status of Hook invocations. Can only be used in combination with TypeArn. Valid values are:

  • HOOK_IN_PROGRESS: The Hook is currently running.

  • HOOK_COMPLETE_SUCCEEDED: The Hook completed successfully.

  • HOOK_COMPLETE_FAILED: The Hook completed but failed validation.

  • HOOK_FAILED: The Hook encountered an error during execution.

" }, "NextToken":{ "shape":"NextToken", @@ -4175,11 +4349,11 @@ "members":{ "TargetType":{ "shape":"ListHookResultsTargetType", - "documentation":"

The type of operation being targeted by the Hook.

" + "documentation":"

The target type.

" }, "TargetId":{ "shape":"HookResultId", - "documentation":"

The logical ID of the target the operation is acting on by the Hook. If the target is a change set, it's the ARN of the change set.

If the target is a Cloud Control API operation, this will be the HooksRequestToken returned by the Cloud Control API operation request. For more information on the HooksRequestToken, see ProgressEvent.

" + "documentation":"

The unique identifier of the Hook invocation target.

" }, "HookResults":{ "shape":"HookResultSummaries", @@ -4248,7 +4422,7 @@ }, "MaxResults":{ "shape":"BoxedMaxResults", - "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListResourceScanRelatedResources API action will return up to 100 results in each response. The maximum value is 100.

" + "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListResourceScanRelatedResources API action will return up to 100 results in each response. The maximum value is 100.

" } } }, @@ -4295,7 +4469,7 @@ }, "MaxResults":{ "shape":"ResourceScannerMaxResults", - "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListResourceScanResources API action will return at most 100 results in each response. The maximum value is 100.

" + "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. By default the ListResourceScanResources API action will return at most 100 results in each response. The maximum value is 100.

" } } }, @@ -4321,7 +4495,11 @@ }, "MaxResults":{ "shape":"ResourceScannerMaxResults", - "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. The default value is 10. The maximum value is 100.

" + "documentation":"

If the number of available results exceeds this maximum, the response includes a NextToken value that you can use for the NextToken parameter to get the next set of results. The default value is 10. The maximum value is 100.

" + }, + "ScanTypeFilter":{ + "shape":"ScanType", + "documentation":"

The scan type that you want to get summary information about. The default is FULL.

" } } }, @@ -4349,7 +4527,7 @@ "members":{ "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name or unique ID of the stack set that you want to list drifted resources for.

" + "documentation":"

The name or unique ID of the StackSet that you want to list drifted resources for.

" }, "NextToken":{ "shape":"NextToken", @@ -4377,7 +4555,7 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -4400,7 +4578,7 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to list stack instances for.

" + "documentation":"

The name or unique ID of the StackSet that you want to list stack instances for.

" }, "NextToken":{ "shape":"NextToken", @@ -4424,7 +4602,7 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -4441,13 +4619,76 @@ } } }, + "ListStackRefactorActionsInput":{ + "type":"structure", + "required":["StackRefactorId"], + "members":{ + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

" + } + } + }, + "ListStackRefactorActionsOutput":{ + "type":"structure", + "required":["StackRefactorActions"], + "members":{ + "StackRefactorActions":{ + "shape":"StackRefactorActions", + "documentation":"

The stack refactor actions.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

" + } + } + }, + "ListStackRefactorsInput":{ + "type":"structure", + "members":{ + "ExecutionStatusFilter":{ + "shape":"StackRefactorExecutionStatusFilter", + "documentation":"

Execution status to use as a filter. Specify one or more execution status codes to list only stack refactors with the specified execution status codes.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

" + } + } + }, + "ListStackRefactorsOutput":{ + "type":"structure", + "required":["StackRefactorSummaries"], + "members":{ + "StackRefactorSummaries":{ + "shape":"StackRefactorSummaries", + "documentation":"

Provides a summary of a stack refactor, including the following:

  • StackRefactorId

  • Status

  • StatusReason

  • ExecutionStatus

  • ExecutionStatusReason

  • Description

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

" + } + } + }, "ListStackResourcesInput":{ "type":"structure", "required":["StackName"], "members":{ "StackName":{ "shape":"StackName", - "documentation":"

The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

" + "documentation":"

The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:

  • Running stacks: You can specify either the stack's name or its unique stack ID.

  • Deleted stacks: You must specify the unique stack ID.

" }, "NextToken":{ "shape":"NextToken", @@ -4476,11 +4717,11 @@ "members":{ "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name or unique ID of the stack set that you want to get automatic deployment targets for.

" + "documentation":"

The name or unique ID of the StackSet that you want to get automatic deployment targets for.

" }, "NextToken":{ "shape":"NextToken", - "documentation":"

A string that identifies the next page of stack set deployment targets that you want to retrieve.

" + "documentation":"

A string that identifies the next page of deployment targets that you want to retrieve.

" }, "MaxResults":{ "shape":"MaxResults", @@ -4497,7 +4738,7 @@ "members":{ "Summaries":{ "shape":"StackSetAutoDeploymentTargetSummaries", - "documentation":"

An array of summaries of the deployment targets for the stack set.

" + "documentation":"

An array of summaries of the deployment targets for the StackSet.

" }, "NextToken":{ "shape":"NextToken", @@ -4514,11 +4755,11 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to get operation results for.

" + "documentation":"

The name or unique ID of the StackSet that you want to get operation results for.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The ID of the stack set operation.

" + "documentation":"

The ID of the StackSet operation.

" }, "NextToken":{ "shape":"NextToken", @@ -4530,7 +4771,7 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" }, "Filters":{ "shape":"OperationResultFilters", @@ -4557,7 +4798,7 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to get operation summaries for.

" + "documentation":"

The name or unique ID of the StackSet that you want to get operation summaries for.

" }, "NextToken":{ "shape":"NextToken", @@ -4569,7 +4810,7 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -4578,7 +4819,7 @@ "members":{ "Summaries":{ "shape":"StackSetOperationSummaries", - "documentation":"

A list of StackSetOperationSummary structures that contain summary information about operations for the specified stack set.

" + "documentation":"

A list of StackSetOperationSummary structures that contain summary information about operations for the specified StackSet.

" }, "NextToken":{ "shape":"NextToken", @@ -4599,11 +4840,11 @@ }, "Status":{ "shape":"StackSetStatus", - "documentation":"

The status of the stack sets that you want to get summary information about.

" + "documentation":"

The status of the StackSets that you want to get summary information about.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -4612,7 +4853,7 @@ "members":{ "Summaries":{ "shape":"StackSetSummaries", - "documentation":"

A list of StackSetSummary structures that contain information about the user's stack sets.

" + "documentation":"

A list of StackSetSummary structures that contain information about the user's StackSets.

" }, "NextToken":{ "shape":"NextToken", @@ -4639,7 +4880,7 @@ "members":{ "StackSummaries":{ "shape":"StackSummaries", - "documentation":"

A list of StackSummary structures containing information about the specified stacks.

" + "documentation":"

A list of StackSummary structures that contains information about the specified stacks.

" }, "NextToken":{ "shape":"NextToken", @@ -4741,7 +4982,7 @@ "members":{ "Visibility":{ "shape":"Visibility", - "documentation":"

The scope at which the extensions are visible and usable in CloudFormation operations.

Valid values include:

  • PRIVATE: Extensions that are visible and usable within this account and Region. This includes:

    • Private extensions you have registered in this account and Region.

    • Public extensions that you have activated in this account and Region.

  • PUBLIC: Extensions that are publicly visible and available to be activated within any Amazon Web Services account. This includes extensions from Amazon Web Services, in addition to third-party publishers.

The default is PRIVATE.

" + "documentation":"

The scope at which the extensions are visible and usable in CloudFormation operations.

Valid values include:

  • PRIVATE: Extensions that are visible and usable within this account and Region. This includes:

    • Private extensions you have registered in this account and Region.

    • Public extensions that you have activated in this account and Region.

  • PUBLIC: Extensions that are publicly visible and available to be activated within any Amazon Web Services account. This includes extensions from Amazon Web Services and third-party publishers.

The default is PRIVATE.

" }, "ProvisioningType":{ "shape":"ProvisioningType", @@ -4825,7 +5066,7 @@ "members":{ "Active":{ "shape":"ManagedExecutionNullable", - "documentation":"

When true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order.

If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting.

You can't modify your stack set's execution configuration while there are running or queued operations for that stack set.

When false (default), StackSets performs one operation at a time in request order.

" + "documentation":"

When true, CloudFormation performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, CloudFormation starts queued operations in request order.

If there are already running or queued operations, CloudFormation queues all incoming operations even if they are non-conflicting.

You can't modify your StackSet's execution configuration while there are running or queued operations for that StackSet.

When false (default), StackSets performs one operation at a time in request order.

" } }, "documentation":"

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

" @@ -4851,11 +5092,11 @@ "members":{ "TypeHierarchy":{ "shape":"TypeHierarchy", - "documentation":"

A concatenated list of the module type or types containing the resource. Module types are listed starting with the inner-most nested module, and separated by /.

In the following example, the resource was created from a module of type AWS::First::Example::MODULE, that's nested inside a parent module of type AWS::Second::Example::MODULE.

AWS::First::Example::MODULE/AWS::Second::Example::MODULE

" + "documentation":"

A concatenated list of the module type or types that contains the resource. Module types are listed starting with the inner-most nested module, and separated by /.

In the following example, the resource was created from a module of type AWS::First::Example::MODULE, that's nested inside a parent module of type AWS::Second::Example::MODULE.

AWS::First::Example::MODULE/AWS::Second::Example::MODULE

" }, "LogicalIdHierarchy":{ "shape":"LogicalIdHierarchy", - "documentation":"

A concatenated list of the logical IDs of the module or modules containing the resource. Modules are listed starting with the inner-most nested module, and separated by /.

In the following example, the resource was created from a module, moduleA, that's nested inside a parent module, moduleB.

moduleA/moduleB

For more information, see Reference module resources in CloudFormation templates in the CloudFormation User Guide.

" + "documentation":"

A concatenated list of the logical IDs of the module or modules that contains the resource. Modules are listed starting with the inner-most nested module, and separated by /.

In the following example, the resource was created from a module, moduleA, that's nested inside a parent module, moduleB.

moduleA/moduleB

For more information, see Reference module resources in CloudFormation templates in the CloudFormation User Guide.

" } }, "documentation":"

Contains information about the module from which the resource was created, if the resource was created from a module included in the stack template.

For more information about modules, see Create reusable resource configurations that can be included across templates with CloudFormation modules in the CloudFormation User Guide.

" @@ -4867,8 +5108,7 @@ }, "NameAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified name is already in use.

", "error":{ "code":"NameAlreadyExistsException", @@ -4911,8 +5151,7 @@ }, "OperationIdAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified operation ID already exists.

", "error":{ "code":"OperationIdAlreadyExistsException", @@ -4923,9 +5162,8 @@ }, "OperationInProgressException":{ "type":"structure", - "members":{ - }, - "documentation":"

Another operation is currently in progress for this stack set. Only one operation can be performed for a stack set at a given time.

", + "members":{}, + "documentation":"

Another operation is currently in progress for this StackSet. Only one operation can be performed for a stack set at a given time.

", "error":{ "code":"OperationInProgressException", "httpStatusCode":409, @@ -4935,8 +5173,7 @@ }, "OperationNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ID refers to an operation that doesn't exist.

", "error":{ "code":"OperationNotFoundException", @@ -4985,8 +5222,7 @@ }, "OperationStatusCheckFailedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Error reserved for use by the CloudFormation CLI. CloudFormation doesn't return this error to users.

", "error":{ "code":"ConditionalCheckFailed", @@ -5060,7 +5296,7 @@ }, "ResolvedValue":{ "shape":"ParameterValue", - "documentation":"

Read-only. The value that corresponds to a Systems Manager parameter key. This field is returned only for Systems Manager parameter types in the template. For more information, see Use CloudFormation-supplied parameter types in the CloudFormation User Guide.

" + "documentation":"

Read-only. The value that corresponds to a Systems Manager parameter key. This field is returned only for Systems Manager parameter types in the template. For more information, see Specify existing resources at runtime with CloudFormation-supplied parameter types in the CloudFormation User Guide.

" } }, "documentation":"

The Parameter data type.

" @@ -5308,8 +5544,7 @@ }, "RecordHandlerProgressOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RefreshAllResources":{"type":"boolean"}, "Region":{ @@ -5362,11 +5597,11 @@ }, "TypeName":{ "shape":"TypeName", - "documentation":"

The name of the extension being registered.

We suggest that extension names adhere to the following patterns:

  • For resource types, company_or_organization::service::type.

  • For modules, company_or_organization::service::type::MODULE.

  • For hooks, MyCompany::Testing::MyTestHook.

The following organization namespaces are reserved and can't be used in your extension names:

  • Alexa

  • AMZN

  • Amazon

  • AWS

  • Custom

  • Dev

" + "documentation":"

The name of the extension being registered.

We suggest that extension names adhere to the following patterns:

  • For resource types, company_or_organization::service::type.

  • For modules, company_or_organization::service::type::MODULE.

  • For Hooks, MyCompany::Testing::MyTestHook.

The following organization namespaces are reserved and can't be used in your extension names:

  • Alexa

  • AMZN

  • Amazon

  • AWS

  • Custom

  • Dev

" }, "SchemaHandlerPackage":{ "shape":"S3Url", - "documentation":"

A URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register.

For information about generating a schema handler package for the extension you want to register, see submit in the CloudFormation Command Line Interface (CLI) User Guide.

The user registering the extension must be able to access the package in the S3 bucket. That's, the user needs to have GetObject permissions for the schema handler package. For more information, see Actions, Resources, and Condition Keys for Amazon S3 in the Identity and Access Management User Guide.

" + "documentation":"

A URL to the S3 bucket that contains the extension project package that contains the necessary files for the extension you want to register.

For information about generating a schema handler package for the extension you want to register, see submit in the CloudFormation Command Line Interface (CLI) User Guide.

The user registering the extension must be able to access the package in the S3 bucket. That's, the user needs to have GetObject permissions for the schema handler package. For more information, see Actions, Resources, and Condition Keys for Amazon S3 in the Identity and Access Management User Guide.

" }, "LoggingConfig":{ "shape":"LoggingConfig", @@ -5527,11 +5762,11 @@ }, "BeforeContext":{ "shape":"BeforeContext", - "documentation":"

An encoded JSON string containing the context of the resource before the change is executed.

" + "documentation":"

An encoded JSON string that contains the context of the resource before the change is executed.

" }, "AfterContext":{ "shape":"AfterContext", - "documentation":"

An encoded JSON string containing the context of the resource after the change is executed.

" + "documentation":"

An encoded JSON string that contains the context of the resource after the change is executed.

" } }, "documentation":"

The ResourceChange structure describes the resource and the action that CloudFormation will perform on it if you execute this change set.

" @@ -5670,6 +5905,46 @@ "type":"list", "member":{"shape":"ResourceIdentifierPropertyKey"} }, + "ResourceLocation":{ + "type":"structure", + "required":[ + "StackName", + "LogicalResourceId" + ], + "members":{ + "StackName":{ + "shape":"StackName", + "documentation":"

The name associated with the stack.

" + }, + "LogicalResourceId":{ + "shape":"LogicalResourceId", + "documentation":"

The logical name of the resource specified in the template.

" + } + }, + "documentation":"

The location of the resource in a stack template.

" + }, + "ResourceMapping":{ + "type":"structure", + "required":[ + "Source", + "Destination" + ], + "members":{ + "Source":{ + "shape":"ResourceLocation", + "documentation":"

The source stack StackName and LogicalResourceId for the resource being refactored.

" + }, + "Destination":{ + "shape":"ResourceLocation", + "documentation":"

The destination stack StackName and LogicalResourceId for the resource being refactored.

" + } + }, + "documentation":"

Specifies the current source of the resource and the destination of where it will be moved to.

" + }, + "ResourceMappings":{ + "type":"list", + "member":{"shape":"ResourceMapping"} + }, "ResourceModel":{ "type":"string", "max":16384, @@ -5680,8 +5955,7 @@ "ResourceScanId":{"type":"string"}, "ResourceScanInProgressException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A resource scan is currently in progress. Only one can be run at a time for an account in a Region.

", "error":{ "code":"ResourceScanInProgress", @@ -5692,8 +5966,7 @@ }, "ResourceScanLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The limit on resource scans has been exceeded. Reasons include:

  • Exceeded the daily quota for resource scans.

  • A resource scan recently failed. You must wait 10 minutes before starting a new resource scan.

  • The last resource scan failed after exceeding 100,000 resources. When this happens, you must wait 24 hours before starting a new resource scan.

", "error":{ "code":"ResourceScanLimitExceeded", @@ -5704,8 +5977,7 @@ }, "ResourceScanNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The resource scan was not found.

", "error":{ "code":"ResourceScanNotFound", @@ -5737,7 +6009,7 @@ }, "Status":{ "shape":"ResourceScanStatus", - "documentation":"

Status of the resource scan.

INPROGRESS

The resource scan is still in progress.

COMPLETE

The resource scan is complete.

EXPIRED

The resource scan has expired.

FAILED

The resource scan has failed.

" + "documentation":"

Status of the resource scan.

IN_PROGRESS

The resource scan is still in progress.

COMPLETE

The resource scan is complete.

EXPIRED

The resource scan has expired.

FAILED

The resource scan has failed.

" }, "StatusReason":{ "shape":"ResourceScanStatusReason", @@ -5754,6 +6026,10 @@ "PercentageCompleted":{ "shape":"PercentageCompleted", "documentation":"

The percentage of the resource scan that has been completed.

" + }, + "ScanType":{ + "shape":"ScanType", + "documentation":"

The scan type that has been completed.

" } }, "documentation":"

A summary of the resource scan. This is returned by the ListResourceScan API action.

" @@ -5793,6 +6069,12 @@ "IMPORT_ROLLBACK_IN_PROGRESS", "IMPORT_ROLLBACK_FAILED", "IMPORT_ROLLBACK_COMPLETE", + "EXPORT_FAILED", + "EXPORT_COMPLETE", + "EXPORT_IN_PROGRESS", + "EXPORT_ROLLBACK_IN_PROGRESS", + "EXPORT_ROLLBACK_FAILED", + "EXPORT_ROLLBACK_COMPLETE", "UPDATE_ROLLBACK_IN_PROGRESS", "UPDATE_ROLLBACK_COMPLETE", "UPDATE_ROLLBACK_FAILED", @@ -5868,6 +6150,16 @@ "max":256, "min":1 }, + "ResourceTypeFilter":{ + "type":"string", + "max":100, + "min":1 + }, + "ResourceTypeFilters":{ + "type":"list", + "member":{"shape":"ResourceTypeFilter"}, + "max":100 + }, "ResourceTypePrefix":{"type":"string"}, "ResourceTypes":{ "type":"list", @@ -5931,7 +6223,7 @@ "documentation":"

The amount of time, in minutes, during which CloudFormation should monitor all the rollback triggers after the stack creation or update operation deploys all necessary resources.

The default is 0 minutes.

If you specify a monitoring period but don't specify any rollback triggers, CloudFormation still waits the specified period of time before cleaning up old resources after update operations. You can use this monitoring period to perform any manual stack validation desired, and manually cancel the stack creation or update (using CancelUpdateStack, for example) as necessary.

If you specify 0 for this parameter, CloudFormation still monitors the specified rollback triggers during stack creation and update operations. Then, for update operations, it begins disposing of old resources immediately once the operation completes.

" } }, - "documentation":"

Structure containing the rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

Rollback triggers enable you to have CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Roll back your CloudFormation stack on alarm breach with rollback triggers.

" + "documentation":"

Structure that contains the rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

Rollback triggers enable you to have CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Roll back your CloudFormation stack on alarm breach with rollback triggers.

" }, "RollbackStackInput":{ "type":"structure", @@ -5977,7 +6269,7 @@ }, "Type":{ "shape":"Type", - "documentation":"

The resource type of the rollback trigger. Specify either AWS::CloudWatch::Alarm or AWS::CloudWatch::CompositeAlarm resource types.

" + "documentation":"

The resource type of the rollback trigger. Specify either AWS::CloudWatch::Alarm or AWS::CloudWatch::CompositeAlarm resource types.

" } }, "documentation":"

A rollback trigger CloudFormation monitors during creation and updating of stacks. If any of the alarms you specify goes to ALARM state during the stack operation or within the specified monitoring period afterwards, CloudFormation rolls back the entire stack operation.

" @@ -5998,6 +6290,29 @@ "max":4096, "min":1 }, + "ScanFilter":{ + "type":"structure", + "members":{ + "Types":{ + "shape":"ResourceTypeFilters", + "documentation":"

An array of strings where each string represents an Amazon Web Services resource type you want to scan. Each string defines the resource type using the format AWS::ServiceName::ResourceType, for example, AWS::DynamoDB::Table. For the full list of supported resource types, see the Resource type support table in the CloudFormation User Guide.

To scan all resource types within a service, you can use a wildcard, represented by an asterisk (*). You can place an asterisk at only the end of the string, for example, AWS::S3::*.

" + } + }, + "documentation":"

A filter that is used to specify which resource types to scan.

" + }, + "ScanFilters":{ + "type":"list", + "member":{"shape":"ScanFilter"}, + "max":1, + "min":1 + }, + "ScanType":{ + "type":"string", + "enum":[ + "FULL", + "PARTIAL" + ] + }, "ScannedResource":{ "type":"structure", "members":{ @@ -6056,11 +6371,11 @@ }, "StackPolicyBody":{ "shape":"StackPolicyBody", - "documentation":"

Structure containing the stack policy body. For more information, see Prevent updates to stack resources in the CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" + "documentation":"

Structure that contains the stack policy body. For more information, see Prevent updates to stack resources in the CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" }, "StackPolicyURL":{ "shape":"StackPolicyURL", - "documentation":"

Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an Amazon S3 bucket in the same Amazon Web Services Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" + "documentation":"

Location of a file that contains the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an Amazon S3 bucket in the same Amazon Web Services Region as the stack. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

" } }, "documentation":"

The input for the SetStackPolicy action.

" @@ -6071,11 +6386,11 @@ "members":{ "TypeArn":{ "shape":"TypeArn", - "documentation":"

The Amazon Resource Name (ARN) for the extension, in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

Do not include the extension versions suffix at the end of the ARN. You can set the configuration for an extension, but not for a specific extension version.

" + "documentation":"

The Amazon Resource Name (ARN) for the extension in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

Do not include the extension versions suffix at the end of the ARN. You can set the configuration for an extension, but not for a specific extension version.

" }, "Configuration":{ "shape":"TypeConfiguration", - "documentation":"

The configuration data for the extension, in this account and Region.

The configuration data must be formatted as JSON, and validate against the schema returned in the ConfigurationSchema response element of DescribeType. For more information, see Defining the account-level configuration of an extension in the CloudFormation Command Line Interface (CLI) User Guide.

" + "documentation":"

The configuration data for the extension in this account and Region.

The configuration data must be formatted as JSON and validate against the extension's schema returned in the Schema response element of DescribeType.

" }, "ConfigurationAlias":{ "shape":"TypeConfigurationAlias", @@ -6096,7 +6411,7 @@ "members":{ "ConfigurationArn":{ "shape":"TypeConfigurationArn", - "documentation":"

The Amazon Resource Name (ARN) for the configuration data, in this account and Region.

Conditional: You must specify ConfigurationArn, or Type and TypeName.

" + "documentation":"

The Amazon Resource Name (ARN) for the configuration data in this account and Region.

Conditional: You must specify ConfigurationArn, or Type and TypeName.

" } } }, @@ -6123,8 +6438,7 @@ }, "SetTypeDefaultVersionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "SignalResourceInput":{ "type":"structure", @@ -6240,11 +6554,11 @@ }, "ParentId":{ "shape":"StackId", - "documentation":"

For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.

For more information, see Embed stacks within other stacks using nested stacks in the CloudFormation User Guide.

" + "documentation":"

For nested stacks, the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.

For more information, see Nested stacks in the CloudFormation User Guide.

" }, "RootId":{ "shape":"StackId", - "documentation":"

For nested stacks--stacks created as resources for another stack--the stack ID of the top-level stack to which the nested stack ultimately belongs.

For more information, see Embed stacks within other stacks using nested stacks in the CloudFormation User Guide.

" + "documentation":"

For nested stacks, the stack ID of the top-level stack to which the nested stack ultimately belongs.

For more information, see Nested stacks in the CloudFormation User Guide.

" }, "DriftInformation":{ "shape":"StackDriftInformation", @@ -6260,11 +6574,33 @@ }, "DetailedStatus":{ "shape":"DetailedStatus", - "documentation":"

The detailed status of the resource or stack. If CONFIGURATION_COMPLETE is present, the resource or resource configuration phase has completed and the stabilization of the resources is in progress. The stack sets CONFIGURATION_COMPLETE when all of the resources in the stack have reached that event. For more information, see Understand CloudFormation stack creation events in the CloudFormation User Guide.

" + "documentation":"

The detailed status of the resource or stack. If CONFIGURATION_COMPLETE is present, the resource or resource configuration phase has completed and the stabilization of the resources is in progress. The StackSets CONFIGURATION_COMPLETE when all of the resources in the stack have reached that event. For more information, see Understand CloudFormation stack creation events in the CloudFormation User Guide.

" } }, "documentation":"

The Stack data type.

" }, + "StackDefinition":{ + "type":"structure", + "members":{ + "StackName":{ + "shape":"StackName", + "documentation":"

The name associated with the stack.

" + }, + "TemplateBody":{ + "shape":"TemplateBody", + "documentation":"

The file path for the stack template file.

" + }, + "TemplateURL":{ + "shape":"TemplateURL", + "documentation":"

The desired final state of the stack template.

" + } + }, + "documentation":"

Describes the stack and the template used by the stack.

" + }, + "StackDefinitions":{ + "type":"list", + "member":{"shape":"StackDefinition"} + }, "StackDriftDetectionId":{ "type":"string", "max":36, @@ -6285,7 +6621,7 @@ "members":{ "StackDriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack's actual configuration compared to its expected template configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the stack's actual configuration compared to its expected template configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: CloudFormation could not run drift detection for a resource in the stack.

" }, "LastCheckTimestamp":{ "shape":"Timestamp", @@ -6300,7 +6636,7 @@ "members":{ "StackDriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack's actual configuration compared to its expected template configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the stack's actual configuration compared to its expected template configuration.

  • DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack differs from its expected template configuration.

  • IN_SYNC: The stack's actual configuration matches its expected template configuration.

  • UNKNOWN: CloudFormation could not run drift detection for a resource in the stack.

" }, "LastCheckTimestamp":{ "shape":"Timestamp", @@ -6333,7 +6669,7 @@ }, "EventId":{ "shape":"EventId", - "documentation":"

The unique ID of this event.

" + "documentation":"

The unique identifier of this event.

" }, "StackName":{ "shape":"StackName", @@ -6373,27 +6709,31 @@ }, "HookType":{ "shape":"HookType", - "documentation":"

The name of the hook.

" + "documentation":"

The name of the Hook.

" }, "HookStatus":{ "shape":"HookStatus", - "documentation":"

Provides the status of the change set hook.

" + "documentation":"

Provides the status of the change set Hook.

" }, "HookStatusReason":{ "shape":"HookStatusReason", - "documentation":"

Provides the reason for the hook status.

" + "documentation":"

Provides the reason for the Hook status.

" }, "HookInvocationPoint":{ "shape":"HookInvocationPoint", - "documentation":"

Invocation points are points in provisioning logic where hooks are initiated.

" + "documentation":"

The specific point in the provisioning process where the Hook is invoked.

" + }, + "HookInvocationId":{ + "shape":"HookInvocationId", + "documentation":"

The unique identifier of the Hook invocation.

" }, "HookFailureMode":{ "shape":"HookFailureMode", - "documentation":"

Specify the hook failure mode for non-compliant resources in the followings ways.

  • FAIL Stops provisioning resources.

  • WARN Allows provisioning to continue with a warning message.

" + "documentation":"

Specify the Hook failure mode for non-compliant resources in the followings ways.

  • FAIL Stops provisioning resources.

  • WARN Allows provisioning to continue with a warning message.

" }, "DetailedStatus":{ "shape":"DetailedStatus", - "documentation":"

An optional field containing information about the detailed status of the stack event.

  • VALIDATION_FAILED - template validation failed because of invalid properties in the template. The ResourceStatusReason field shows what properties are defined incorrectly.

" + "documentation":"

An optional field that contains information about the detailed status of the stack event.

  • VALIDATION_FAILED - template validation failed because of invalid properties in the template. The ResourceStatusReason field shows what properties are defined incorrectly.

" } }, "documentation":"

The StackEvent data type.

" @@ -6407,6 +6747,10 @@ "type":"list", "member":{"shape":"StackId"} }, + "StackIds":{ + "type":"list", + "member":{"shape":"StackId"} + }, "StackIdsUrl":{ "type":"string", "max":5120, @@ -6418,7 +6762,7 @@ "members":{ "StackSetId":{ "shape":"StackSetId", - "documentation":"

The name or unique ID of the stack set that the stack instance is associated with.

" + "documentation":"

The name or unique ID of the StackSet that the stack instance is associated with.

" }, "Region":{ "shape":"Region", @@ -6434,11 +6778,11 @@ }, "ParameterOverrides":{ "shape":"Parameters", - "documentation":"

A list of parameters from the stack set template whose values have been overridden in this stack instance.

" + "documentation":"

A list of parameters from the StackSet template whose values have been overridden in this stack instance.

" }, "Status":{ "shape":"StackInstanceStatus", - "documentation":"

The status of the stack instance, in terms of its synchronization with its associated stack set.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually. INOPERABLE can be returned here when the cause is a failed import. If it's due to a failed import, the operation can be retried once the failures are fixed. To see if this is due to a failed import, look at the DetailedStatus member in the StackInstanceSummary member that is a peer to this Status member.

  • OUTDATED: The stack isn't currently up to date with the stack set because:

    • The associated stack failed during a CreateStackSet or UpdateStackSet operation.

    • The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.

  • CURRENT: The stack is currently up to date with the stack set.

" + "documentation":"

The status of the stack instance, in terms of its synchronization with its associated stack set.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually. INOPERABLE can be returned here when the cause is a failed import. If it's due to a failed import, the operation can be retried once the failures are fixed. To see if this is due to a failed import, look at the DetailedStatus member in the StackInstanceSummary member that is a peer to this Status member.

  • OUTDATED: The stack isn't currently up to date with the StackSet because:

    • The associated stack failed during a CreateStackSet or UpdateStackSet operation.

    • The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.

  • CURRENT: The stack is currently up to date with the StackSet.

" }, "StackInstanceStatus":{ "shape":"StackInstanceComprehensiveStatus", @@ -6454,25 +6798,25 @@ }, "DriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.

  • DRIFTED: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.

  • IN_SYNC: The stack instance's actual configuration matches its expected stack set configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the StackSet it belongs to.

  • DRIFTED: The stack differs from the expected template and parameter configuration of the StackSet it belongs to. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected StackSet configuration.

  • IN_SYNC: The stack instance's actual configuration matches its expected StackSset configuration.

  • UNKNOWN: This value is reserved for future use.

" }, "LastDriftCheckTimestamp":{ "shape":"Timestamp", - "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance on which drift detection hasn't yet been performed.

" + "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance that drift detection hasn't yet been performed on.

" }, "LastOperationId":{ "shape":"ClientRequestToken", "documentation":"

The last unique ID of a StackSet operation performed on a stack instance.

" } }, - "documentation":"

A CloudFormation stack, in a specific account and Region, that's part of a stack set operation. A stack instance is a reference to an attempted or actual stack in a given account within a given Region. A stack instance can exist without a stack—for example, if the stack couldn't be created for some reason. A stack instance is associated with only one stack set. Each stack instance contains the ID of its associated stack set, in addition to the ID of the actual stack and the stack status.

" + "documentation":"

A CloudFormation stack, in a specific account and Region, that's part of a StackSet operation. A stack instance is a reference to an attempted or actual stack in a given account within a given Region. A stack instance can exist without a stack—for example, if the stack couldn't be created for some reason. A stack instance is associated with only one StackSet. Each stack instance contains the ID of its associated StackSet, in addition to the ID of the actual stack and the stack status.

" }, "StackInstanceComprehensiveStatus":{ "type":"structure", "members":{ "DetailedStatus":{ "shape":"StackInstanceDetailedStatus", - "documentation":"

  • CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.

  • FAILED: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.

  • FAILED_IMPORT: The import of the stack instance in the specified account and Region failed and left the stack in an unstable state. Once the issues causing the failure are fixed, the import operation can be retried. If enough stack set operations fail in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.

  • PENDING: The operation in the specified account and Region has yet to start.

  • RUNNING: The operation in the specified account and Region is currently in progress.

  • SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.

  • SUCCEEDED: The operation in the specified account and Region completed successfully.

" + "documentation":"

  • CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the StackSet operation, or because the failure tolerance of the StackSet operation has been exceeded.

  • FAILED: The operation in the specified account and Region failed. If the StackSet operation fails in enough accounts within a Region, the failure tolerance for the StackSet operation as a whole might be exceeded.

  • FAILED_IMPORT: The import of the stack instance in the specified account and Region failed and left the stack in an unstable state. Once the issues causing the failure are fixed, the import operation can be retried. If enough StackSet operations fail in enough accounts within a Region, the failure tolerance for the StackSet operation as a whole might be exceeded.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.

  • PENDING: The operation in the specified account and Region has yet to start.

  • RUNNING: The operation in the specified account and Region is currently in progress.

  • SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.

  • SUCCEEDED: The operation in the specified account and Region completed successfully.

" } }, "documentation":"

The detailed status of the stack instance.

" @@ -6525,8 +6869,7 @@ }, "StackInstanceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified stack instance doesn't exist.

", "error":{ "code":"StackInstanceNotFoundException", @@ -6601,7 +6944,7 @@ "members":{ "StackSetId":{ "shape":"StackSetId", - "documentation":"

The name or unique ID of the stack set that the stack instance is associated with.

" + "documentation":"

The name or unique ID of the StackSet that the stack instance is associated with.

" }, "Region":{ "shape":"Region", @@ -6617,7 +6960,7 @@ }, "Status":{ "shape":"StackInstanceStatus", - "documentation":"

The status of the stack instance, in terms of its synchronization with its associated stack set.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually. INOPERABLE can be returned here when the cause is a failed import. If it's due to a failed import, the operation can be retried once the failures are fixed. To see if this is due to a failed import, call the DescribeStackInstance API operation, look at the DetailedStatus member returned in the StackInstanceSummary member.

  • OUTDATED: The stack isn't currently up to date with the stack set because:

    • The associated stack failed during a CreateStackSet or UpdateStackSet operation.

    • The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.

  • CURRENT: The stack is currently up to date with the stack set.

" + "documentation":"

The status of the stack instance, in terms of its synchronization with its associated stack set.

  • INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually. INOPERABLE can be returned here when the cause is a failed import. If it's due to a failed import, the operation can be retried once the failures are fixed. To see if this is due to a failed import, call the DescribeStackInstance API operation, look at the DetailedStatus member returned in the StackInstanceSummary member.

  • OUTDATED: The stack isn't currently up to date with the StackSet because:

    • The associated stack failed during a CreateStackSet or UpdateStackSet operation.

    • The stack was part of a CreateStackSet or UpdateStackSet operation that failed or was stopped before the stack was created or updated.

  • CURRENT: The stack is currently up to date with the StackSet.

" }, "StatusReason":{ "shape":"Reason", @@ -6633,11 +6976,11 @@ }, "DriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.

  • DRIFTED: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.

  • IN_SYNC: The stack instance's actual configuration matches its expected stack set configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the StackSet it belongs to.

  • DRIFTED: The stack differs from the expected template and parameter configuration of the StackSet it belongs to. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked if the stack instance differs from its expected StackSet configuration.

  • IN_SYNC: The stack instance's actual configuration matches its expected StackSet configuration.

  • UNKNOWN: This value is reserved for future use.

" }, "LastDriftCheckTimestamp":{ "shape":"Timestamp", - "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance on which drift detection hasn't yet been performed.

" + "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be NULL for any stack instance that drift detection hasn't yet been performed on.

" }, "LastOperationId":{ "shape":"ClientRequestToken", @@ -6654,8 +6997,7 @@ }, "StackNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified stack ARN doesn't exist or stack doesn't exist corresponding to the ARN in input.

", "error":{ "code":"StackNotFoundException", @@ -6676,14 +7018,170 @@ }, "StackPolicyDuringUpdateURL":{ "type":"string", - "max":1350, + "max":5120, "min":1 }, "StackPolicyURL":{ "type":"string", - "max":1350, + "max":5120, "min":1 }, + "StackRefactorAction":{ + "type":"structure", + "members":{ + "Action":{ + "shape":"StackRefactorActionType", + "documentation":"

The action that CloudFormation takes on the stack.

" + }, + "Entity":{ + "shape":"StackRefactorActionEntity", + "documentation":"

The type that will be evaluated in the StackRefactorAction. The following are potential Entity types:

  • Stack

  • Resource

" + }, + "PhysicalResourceId":{ + "shape":"PhysicalResourceId", + "documentation":"

The name or unique identifier associated with the physical instance of the resource.

" + }, + "ResourceIdentifier":{ + "shape":"StackRefactorResourceIdentifier", + "documentation":"

A key-value pair that identifies the target resource. The key is an identifier property (for example, BucketName for AWS::S3::Bucket resources) and the value is the actual property value (for example, MyS3Bucket).

" + }, + "Description":{ + "shape":"Description", + "documentation":"

A description to help you identify the refactor.

" + }, + "Detection":{ + "shape":"StackRefactorDetection", + "documentation":"

The detection type is one of the following:

  • Auto: CloudFormation figured out the mapping on its own.

  • Manual: The customer provided the mapping in the ResourceMapping parameter.

" + }, + "DetectionReason":{ + "shape":"DetectionReason", + "documentation":"

The description of the detection type.

" + }, + "TagResources":{ + "shape":"StackRefactorTagResources", + "documentation":"

Assigns one or more tags to specified resources.

" + }, + "UntagResources":{ + "shape":"StackRefactorUntagResources", + "documentation":"

Removes one or more tags to specified resources.

" + }, + "ResourceMapping":{ + "shape":"ResourceMapping", + "documentation":"

The mapping for the stack resource Source and stack resource Destination.

" + } + }, + "documentation":"

Describes the stack and the action that CloudFormation will perform on it if you execute the stack refactor.

" + }, + "StackRefactorActionEntity":{ + "type":"string", + "enum":[ + "RESOURCE", + "STACK" + ] + }, + "StackRefactorActionType":{ + "type":"string", + "enum":[ + "MOVE", + "CREATE" + ] + }, + "StackRefactorActions":{ + "type":"list", + "member":{"shape":"StackRefactorAction"} + }, + "StackRefactorDetection":{ + "type":"string", + "enum":[ + "AUTO", + "MANUAL" + ] + }, + "StackRefactorExecutionStatus":{ + "type":"string", + "enum":[ + "UNAVAILABLE", + "AVAILABLE", + "OBSOLETE", + "EXECUTE_IN_PROGRESS", + "EXECUTE_COMPLETE", + "EXECUTE_FAILED", + "ROLLBACK_IN_PROGRESS", + "ROLLBACK_COMPLETE", + "ROLLBACK_FAILED" + ] + }, + "StackRefactorExecutionStatusFilter":{ + "type":"list", + "member":{"shape":"StackRefactorExecutionStatus"} + }, + "StackRefactorId":{"type":"string"}, + "StackRefactorNotFoundException":{ + "type":"structure", + "members":{}, + "documentation":"

The specified stack refactor can't be found.

", + "error":{ + "code":"StackRefactorNotFoundException", + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "StackRefactorResourceIdentifier":{"type":"string"}, + "StackRefactorStatus":{ + "type":"string", + "enum":[ + "CREATE_IN_PROGRESS", + "CREATE_COMPLETE", + "CREATE_FAILED", + "DELETE_IN_PROGRESS", + "DELETE_COMPLETE", + "DELETE_FAILED" + ] + }, + "StackRefactorStatusReason":{"type":"string"}, + "StackRefactorSummaries":{ + "type":"list", + "member":{"shape":"StackRefactorSummary"} + }, + "StackRefactorSummary":{ + "type":"structure", + "members":{ + "StackRefactorId":{ + "shape":"StackRefactorId", + "documentation":"

The ID associated with the stack refactor created from the CreateStackRefactor action.

" + }, + "Description":{ + "shape":"Description", + "documentation":"

A description to help you identify the refactor.

" + }, + "ExecutionStatus":{ + "shape":"StackRefactorExecutionStatus", + "documentation":"

The operation status that's provided after calling the ExecuteStackRefactor action.

" + }, + "ExecutionStatusReason":{ + "shape":"ExecutionStatusReason", + "documentation":"

A detailed explanation for the stack refactor ExecutionStatus.

" + }, + "Status":{ + "shape":"StackRefactorStatus", + "documentation":"

The stack refactor operation status that's provided after calling the CreateStackRefactor action.

" + }, + "StatusReason":{ + "shape":"StackRefactorStatusReason", + "documentation":"

A detailed explanation for the stack refactor Status.

" + } + }, + "documentation":"

The summary of a stack refactor operation.

" + }, + "StackRefactorTagResources":{ + "type":"list", + "member":{"shape":"Tag"} + }, + "StackRefactorUntagResources":{ + "type":"list", + "member":{"shape":"TagKey"} + }, "StackResource":{ "type":"structure", "required":[ @@ -6832,11 +7330,11 @@ }, "ExpectedProperties":{ "shape":"Properties", - "documentation":"

A JSON structure containing the expected property values of the stack resource, as defined in the stack template and any values specified as template parameters.

For resources whose StackResourceDriftStatus is DELETED, this structure will not be present.

" + "documentation":"

A JSON structure that contains the expected property values of the stack resource, as defined in the stack template and any values specified as template parameters.

For resources whose StackResourceDriftStatus is DELETED, this structure will not be present.

" }, "ActualProperties":{ "shape":"Properties", - "documentation":"

A JSON structure containing the actual property values of the stack resource.

For resources whose StackResourceDriftStatus is DELETED, this structure will not be present.

" + "documentation":"

A JSON structure that contains the actual property values of the stack resource.

For resources whose StackResourceDriftStatus is DELETED, this structure will not be present.

" }, "PropertyDifferences":{ "shape":"PropertyDifferences", @@ -6844,7 +7342,7 @@ }, "StackResourceDriftStatus":{ "shape":"StackResourceDriftStatus", - "documentation":"

Status of the resource's actual configuration compared to its expected configuration.

  • DELETED: The resource differs from its expected template configuration because the resource has been deleted.

  • MODIFIED: One or more resource properties differ from their expected values (as defined in the stack template and any values specified as template parameters).

  • IN_SYNC: The resource's actual configuration matches its expected template configuration.

  • NOT_CHECKED: CloudFormation does not currently return this value.

" + "documentation":"

Status of the resource's actual configuration compared to its expected configuration.

  • DELETED: The resource differs from its expected template configuration because the resource has been deleted.

  • MODIFIED: One or more resource properties differ from their expected values (as defined in the stack template and any values specified as template parameters).

  • IN_SYNC: The resource's actual configuration matches its expected template configuration.

  • NOT_CHECKED: CloudFormation does not currently return this value.

  • UNKNOWN: CloudFormation could not run drift detection for the resource. See the DriftStatusReason for details.

" }, "Timestamp":{ "shape":"Timestamp", @@ -6853,6 +7351,10 @@ "ModuleInfo":{ "shape":"ModuleInfo", "documentation":"

Contains information about the module from which the resource was created, if the resource was created from a module included in the stack template.

" + }, + "DriftStatusReason":{ + "shape":"StackResourceDriftStatusReason", + "documentation":"

The reason for the drift status.

" } }, "documentation":"

Contains the drift information for a resource that has been checked for drift. This includes actual and expected property values for resources in which CloudFormation has detected drift. Only resource properties explicitly defined in the stack template are checked for drift. For more information, see Detect unmanaged configuration changes to stacks and resources with drift detection.

Resources that don't currently support drift detection can't be checked. For a list of resources that support drift detection, see Resource type support for imports and drift detection.

Use DetectStackResourceDrift to detect drift on individual resources, or DetectStackDrift to detect drift on all resources in a given stack that support drift detection.

" @@ -6893,7 +7395,8 @@ "IN_SYNC", "MODIFIED", "DELETED", - "NOT_CHECKED" + "NOT_CHECKED", + "UNKNOWN" ] }, "StackResourceDriftStatusFilters":{ @@ -6902,6 +7405,7 @@ "max":4, "min":1 }, + "StackResourceDriftStatusReason":{"type":"string"}, "StackResourceDrifts":{ "type":"list", "member":{"shape":"StackResourceDrift"} @@ -6963,59 +7467,59 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name that's associated with the stack set.

" + "documentation":"

The name that's associated with the StackSet.

" }, "StackSetId":{ "shape":"StackSetId", - "documentation":"

The ID of the stack set.

" + "documentation":"

The ID of the StackSet.

" }, "Description":{ "shape":"Description", - "documentation":"

A description of the stack set that you specify when the stack set is created or updated.

" + "documentation":"

A description of the StackSet that you specify when the StackSet is created or updated.

" }, "Status":{ "shape":"StackSetStatus", - "documentation":"

The status of the stack set.

" + "documentation":"

The status of the StackSet.

" }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

The structure that contains the body of the template that was used to create or update the stack set.

" + "documentation":"

The structure that contains the body of the template that was used to create or update the StackSet.

" }, "Parameters":{ "shape":"Parameters", - "documentation":"

A list of input parameters for a stack set.

" + "documentation":"

A list of input parameters for a StackSet.

" }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your Amazon Web Services account—for example, by creating new Identity and Access Management (IAM) users. For more information, see Acknowledging IAM resources in CloudFormation templates.

" + "documentation":"

The capabilities that are allowed in the StackSet. Some StackSet templates might include resources that can affect permissions in your Amazon Web Services account—for example, by creating new Identity and Access Management (IAM) users. For more information, see Acknowledging IAM resources in CloudFormation templates.

" }, "Tags":{ "shape":"Tags", - "documentation":"

A list of tags that specify information about the stack set. A maximum number of 50 tags can be specified.

" + "documentation":"

A list of tags that specify information about the StackSet. A maximum number of 50 tags can be specified.

" }, "StackSetARN":{ "shape":"StackSetARN", - "documentation":"

The Amazon Resource Name (ARN) of the stack set.

" + "documentation":"

The Amazon Resource Name (ARN) of the StackSet.

" }, "AdministrationRoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role used to create or update the stack set.

Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the CloudFormation User Guide.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role used to create or update the stack set.

Use customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Prerequisites for using CloudFormation StackSets in the CloudFormation User Guide.

" }, "ExecutionRoleName":{ "shape":"ExecutionRoleName", - "documentation":"

The name of the IAM execution role used to create or update the stack set.

Use customized execution roles to control which stack resources users and groups can include in their stack sets.

" + "documentation":"

The name of the IAM execution role used to create or update the StackSet.

Use customized execution roles to control which stack resources users and groups can include in their StackSets.

" }, "StackSetDriftDetectionDetails":{ "shape":"StackSetDriftDetectionDetails", - "documentation":"

Detailed information about the drift status of the stack set.

For stack sets, contains information about the last completed drift operation performed on the stack set. Information about drift operations currently in progress isn't included.

" + "documentation":"

Detailed information about the drift status of the StackSet.

For StackSets, contains information about the last completed drift operation performed on the StackSet. Information about drift operations currently in progress isn't included.

" }, "AutoDeployment":{ "shape":"AutoDeployment", - "documentation":"

[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).

" + "documentation":"

Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU). Valid only if the StackSet uses service-managed permissions.

" }, "PermissionModel":{ "shape":"PermissionModels", - "documentation":"

Describes how the IAM roles required for stack set operations are created.

" + "documentation":"

Describes how the IAM roles required for StackSet operations are created.

" }, "OrganizationalUnitIds":{ "shape":"OrganizationalUnitIdList", @@ -7030,7 +7534,7 @@ "documentation":"

Returns a list of all Amazon Web Services Regions the given StackSet has stack instances deployed in. The Amazon Web Services Regions list output is in no particular order.

" } }, - "documentation":"

A structure that contains information about a stack set. A stack set enables you to provision stacks into Amazon Web Services accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, in addition to any parameters and capabilities that the template requires.

" + "documentation":"

A structure that contains information about a StackSet. With StackSets, you can provision stacks across Amazon Web Services accounts and Regions from a single CloudFormation template. Each stack is based on the same CloudFormation template, but you can customize individual stacks using parameters.

" }, "StackSetARN":{"type":"string"}, "StackSetAutoDeploymentTargetSummaries":{ @@ -7042,41 +7546,41 @@ "members":{ "OrganizationalUnitId":{ "shape":"OrganizationalUnitId", - "documentation":"

The organization root ID or organizational unit (OU) IDs where the stack set is targeted.

" + "documentation":"

The organization root ID or organizational unit (OU) IDs where the StackSet is targeted.

" }, "Regions":{ "shape":"RegionList", "documentation":"

The list of Regions targeted for this organization or OU.

" } }, - "documentation":"

One of the targets for the stack set. Returned by the ListStackSetAutoDeploymentTargets API operation.

" + "documentation":"

One of the targets for the StackSet. Returned by the ListStackSetAutoDeploymentTargets API operation.

" }, "StackSetDriftDetectionDetails":{ "type":"structure", "members":{ "DriftStatus":{ "shape":"StackSetDriftStatus", - "documentation":"

Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.

  • DRIFTED: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.

  • IN_SYNC: All of the stack instances belonging to the stack set stack match from the expected template and parameter configuration.

" + "documentation":"

Status of the StackSet's actual configuration compared to its expected template and parameter configuration.

  • DRIFTED: One or more of the stack instances belonging to the StackSet differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked the StackSet for drift.

  • IN_SYNC: All of the stack instances belonging to the StackSet stack match the expected template and parameter configuration.

" }, "DriftDetectionStatus":{ "shape":"StackSetDriftDetectionStatus", - "documentation":"

The status of the stack set drift detection operation.

  • COMPLETED: The drift detection operation completed without failing on any stack instances.

  • FAILED: The drift detection operation exceeded the specified failure tolerance.

  • PARTIAL_SUCCESS: The drift detection operation completed without exceeding the failure tolerance for the operation.

  • IN_PROGRESS: The drift detection operation is currently being performed.

  • STOPPED: The user has canceled the drift detection operation.

" + "documentation":"

The status of the StackSet drift detection operation.

  • COMPLETED: The drift detection operation completed without failing on any stack instances.

  • FAILED: The drift detection operation exceeded the specified failure tolerance.

  • PARTIAL_SUCCESS: The drift detection operation completed without exceeding the failure tolerance for the operation.

  • IN_PROGRESS: The drift detection operation is currently being performed.

  • STOPPED: The user has canceled the drift detection operation.

" }, "LastDriftCheckTimestamp":{ "shape":"Timestamp", - "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be NULL for any stack set on which drift detection hasn't yet been performed.

" + "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the StackSet. This value will be NULL for any StackSet that drift detection hasn't yet been performed on.

" }, "TotalStackInstancesCount":{ "shape":"TotalStackInstancesCount", - "documentation":"

The total number of stack instances belonging to this stack set.

The total number of stack instances is equal to the total of:

  • Stack instances that match the stack set configuration.

  • Stack instances that have drifted from the stack set configuration.

  • Stack instances where the drift detection operation has failed.

  • Stack instances currently being checked for drift.

" + "documentation":"

The total number of stack instances belonging to this StackSet.

The total number of stack instances is equal to the total of:

  • Stack instances that match the StackSet configuration.

  • Stack instances that have drifted from the StackSet configuration.

  • Stack instances where the drift detection operation has failed.

  • Stack instances currently being checked for drift.

" }, "DriftedStackInstancesCount":{ "shape":"DriftedStackInstancesCount", - "documentation":"

The number of stack instances that have drifted from the expected template and parameter configuration of the stack set. A stack instance is considered to have drifted if one or more of the resources in the associated stack don't match their expected configuration.

" + "documentation":"

The number of stack instances that have drifted from the expected template and parameter configuration of the StackSet. A stack instance is considered to have drifted if one or more of the resources in the associated stack don't match their expected configuration.

" }, "InSyncStackInstancesCount":{ "shape":"InSyncStackInstancesCount", - "documentation":"

The number of stack instances which match the expected template and parameter configuration of the stack set.

" + "documentation":"

The number of stack instances which match the expected template and parameter configuration of the StackSet.

" }, "InProgressStackInstancesCount":{ "shape":"InProgressStackInstancesCount", @@ -7087,7 +7591,7 @@ "documentation":"

The number of stack instances for which the drift detection operation failed.

" } }, - "documentation":"

Detailed information about the drift status of the stack set.

For stack sets, contains information about the last completed drift operation performed on the stack set. Information about drift operations in-progress isn't included.

For stack set operations, includes information about drift operations currently being performed on the stack set.

For more information, see Detecting unmanaged changes in stack sets in the CloudFormation User Guide.

" + "documentation":"

Detailed information about the drift status of the StackSet.

For StackSets, contains information about the last completed drift operation performed on the StackSet. Information about drift operations in-progress isn't included.

For StackSet operations, includes information about drift operations currently being performed on the StackSet.

For more information, see Performing drift detection on CloudFormation StackSets in the CloudFormation User Guide.

" }, "StackSetDriftDetectionStatus":{ "type":"string", @@ -7115,9 +7619,8 @@ }, "StackSetNotEmptyException":{ "type":"structure", - "members":{ - }, - "documentation":"

You can't yet delete this stack set, because it still contains one or more stack instances. Delete all stack instances from the stack set before deleting the stack set.

", + "members":{}, + "documentation":"

You can't yet delete this StackSet, because it still contains one or more stack instances. Delete all stack instances from the StackSet before deleting the StackSet.

", "error":{ "code":"StackSetNotEmptyException", "httpStatusCode":409, @@ -7127,9 +7630,8 @@ }, "StackSetNotFoundException":{ "type":"structure", - "members":{ - }, - "documentation":"

The specified stack set doesn't exist.

", + "members":{}, + "documentation":"

The specified StackSet doesn't exist.

", "error":{ "code":"StackSetNotFoundException", "httpStatusCode":404, @@ -7142,35 +7644,35 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique ID of a stack set operation.

" + "documentation":"

The unique ID of a StackSet operation.

" }, "StackSetId":{ "shape":"StackSetId", - "documentation":"

The ID of the stack set.

" + "documentation":"

The ID of the StackSet.

" }, "Action":{ "shape":"StackSetOperationAction", - "documentation":"

The type of stack set operation: CREATE, UPDATE, or DELETE. Create and delete operations affect only the specified stack set instances that are associated with the specified stack set. Update operations affect both the stack set itself, in addition to all associated stack set instances.

" + "documentation":"

The type of StackSet operation: CREATE, UPDATE, or DELETE. Create and delete operations affect only the specified stack instances that are associated with the specified StackSet. Update operations affect both the StackSet itself, in addition to all associated stack instances.

" }, "Status":{ "shape":"StackSetOperationStatus", - "documentation":"

The status of the operation.

  • FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.

  • QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the stack set operation status codes in the CloudFormation User Guide.

  • RUNNING: The operation is currently being performed.

  • STOPPED: The user has canceled the operation.

  • STOPPING: The operation is in the process of stopping, at user request.

  • SUCCEEDED: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.

" + "documentation":"

The status of the operation.

  • FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.

  • QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the StackSets status codes in the CloudFormation User Guide.

  • RUNNING: The operation is currently being performed.

  • STOPPED: The user has canceled the operation.

  • STOPPING: The operation is in the process of stopping, at user request.

  • SUCCEEDED: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

The preferences for how CloudFormation performs this stack set operation.

" + "documentation":"

The preferences for how CloudFormation performs this StackSet operation.

" }, "RetainStacks":{ "shape":"RetainStacksNullable", - "documentation":"

For stack set operations of action type DELETE, specifies whether to remove the stack instances from the specified stack set, but doesn't delete the stacks. You can't re-associate a retained stack, or add an existing, saved stack to a new stack set.

" + "documentation":"

For StackSet operations of action type DELETE, specifies whether to remove the stack instances from the specified StackSet, but doesn't delete the stacks. You can't re-associate a retained stack, or add an existing, saved stack to a new StackSet.

" }, "AdministrationRoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role used to perform this stack set operation.

Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Define Permissions for Multiple Administrators in the CloudFormation User Guide.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role used to perform this StackSet operation.

Use customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Grant self-managed permissions in the CloudFormation User Guide.

" }, "ExecutionRoleName":{ "shape":"ExecutionRoleName", - "documentation":"

The name of the IAM execution role used to create or update the stack set.

Use customized execution roles to control which stack resources users and groups can include in their stack sets.

" + "documentation":"

The name of the IAM execution role used to create or update the StackSet.

Use customized execution roles to control which stack resources users and groups can include in their StackSets.

" }, "CreationTimestamp":{ "shape":"Timestamp", @@ -7178,15 +7680,15 @@ }, "EndTimestamp":{ "shape":"Timestamp", - "documentation":"

The time at which the stack set operation ended, across all accounts and Regions specified. Note that this doesn't necessarily mean that the stack set operation was successful, or even attempted, in each account or Region.

" + "documentation":"

The time at which the StackSet operation ended, across all accounts and Regions specified. Note that this doesn't necessarily mean that the StackSet operation was successful, or even attempted, in each account or Region.

" }, "DeploymentTargets":{ "shape":"DeploymentTargets", - "documentation":"

[Service-managed permissions] The Organizations accounts affected by the stack operation.

" + "documentation":"

The Organizations accounts affected by the stack operation. Valid only if the StackSet uses service-managed permissions.

" }, "StackSetDriftDetectionDetails":{ "shape":"StackSetDriftDetectionDetails", - "documentation":"

Detailed information about the drift status of the stack set. This includes information about drift operations currently being performed on the stack set.

This information will only be present for stack set operations whose Action type is DETECT_DRIFT.

For more information, see Detect stack set drift in the CloudFormation User Guide.

" + "documentation":"

Detailed information about the drift status of the StackSet. This includes information about drift operations currently being performed on the StackSet.

This information will only be present for StackSet operations whose Action type is DETECT_DRIFT.

For more information, see Performing drift detection on CloudFormation StackSets in the CloudFormation User Guide.

" }, "StatusReason":{ "shape":"StackSetOperationStatusReason", @@ -7197,7 +7699,7 @@ "documentation":"

Detailed information about the StackSet operation.

" } }, - "documentation":"

The structure that contains information about a stack set operation.

" + "documentation":"

The structure that contains information about a StackSet operation.

" }, "StackSetOperationAction":{ "type":"string", @@ -7217,30 +7719,30 @@ }, "RegionOrder":{ "shape":"RegionList", - "documentation":"

The order of the Regions where you want to perform the stack operation.

RegionOrder isn't followed if AutoDeployment is enabled.

" + "documentation":"

The order of the Regions where you want to perform the stack operation.

" }, "FailureToleranceCount":{ "shape":"FailureToleranceCount", - "documentation":"

The number of accounts, per Region, for which this operation can fail before CloudFormation stops the operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the operation in any subsequent Regions.

Conditional: You must specify either FailureToleranceCount or FailureTolerancePercentage (but not both).

By default, 0 is specified.

" + "documentation":"

The number of accounts per Region this operation can fail in before CloudFormation stops the operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the operation in any subsequent Regions.

You can specify either FailureToleranceCount or FailureTolerancePercentage, but not both.

By default, 0 is specified.

" }, "FailureTolerancePercentage":{ "shape":"FailureTolerancePercentage", - "documentation":"

The percentage of accounts, per Region, for which this stack operation can fail before CloudFormation stops the operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the operation in any subsequent Regions.

When calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number.

Conditional: You must specify either FailureToleranceCount or FailureTolerancePercentage, but not both.

By default, 0 is specified.

" + "documentation":"

The percentage of accounts per Region this stack operation can fail in before CloudFormation stops the operation in that Region. If the operation is stopped in a Region, CloudFormation doesn't attempt the operation in any subsequent Regions.

When calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number.

You can specify either FailureToleranceCount or FailureTolerancePercentage, but not both.

By default, 0 is specified.

" }, "MaxConcurrentCount":{ "shape":"MaxConcurrentCount", - "documentation":"

The maximum number of accounts in which to perform this operation at one time. This can depend on the value of FailureToleranceCount depending on your ConcurrencyMode. MaxConcurrentCount is at most one more than the FailureToleranceCount if you're using STRICT_FAILURE_TOLERANCE.

Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.

Conditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage, but not both.

By default, 1 is specified.

" + "documentation":"

The maximum number of accounts in which to perform this operation at one time. This can depend on the value of FailureToleranceCount depending on your ConcurrencyMode. MaxConcurrentCount is at most one more than the FailureToleranceCount if you're using STRICT_FAILURE_TOLERANCE.

Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.

You can specify either MaxConcurrentCount or MaxConcurrentPercentage, but not both.

By default, 1 is specified.

" }, "MaxConcurrentPercentage":{ "shape":"MaxConcurrentPercentage", - "documentation":"

The maximum percentage of accounts in which to perform this operation at one time.

When calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, CloudFormation sets the number as one instead.

Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.

Conditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage, but not both.

By default, 1 is specified.

" + "documentation":"

The maximum percentage of accounts in which to perform this operation at one time.

When calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, CloudFormation sets the number as one instead.

Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.

You can specify either MaxConcurrentCount or MaxConcurrentPercentage, but not both.

By default, 1 is specified.

" }, "ConcurrencyMode":{ "shape":"ConcurrencyMode", - "documentation":"

Specifies how the concurrency level behaves during the operation execution.

  • STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of FailureToleranceCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior.

    If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.

  • SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows stack set operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.

" + "documentation":"

Specifies how the concurrency level behaves during the operation execution.

  • STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of FailureToleranceCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior.

    If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.

  • SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows StackSet operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.

" } }, - "documentation":"

The user-specified preferences for how CloudFormation performs a stack set operation.

For more information about maximum concurrent accounts and failure tolerance, see Stack set operation options.

" + "documentation":"

The user-specified preferences for how CloudFormation performs a StackSet operation.

For more information about maximum concurrent accounts and failure tolerance, see StackSet operation options.

StackSetOperationPreferences don't apply to AutoDeployment, even if it's enabled.

" }, "StackSetOperationResultStatus":{ "type":"string", @@ -7269,7 +7771,7 @@ }, "Status":{ "shape":"StackSetOperationResultStatus", - "documentation":"

The result status of the stack set operation for the given account in the given Region.

  • CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.

  • FAILED: The operation in the specified account and Region failed.

    If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.

  • RUNNING: The operation in the specified account and Region is currently in progress.

  • PENDING: The operation in the specified account and Region has yet to start.

  • SUCCEEDED: The operation in the specified account and Region completed successfully.

" + "documentation":"

The result status of the StackSet operation for the given account in the given Region.

  • CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the StackSet operation, or because the failure tolerance of the StackSet operation has been exceeded.

  • FAILED: The operation in the specified account and Region failed.

    If the StackSet operation fails in enough accounts within a Region, the failure tolerance for the StackSet operation as a whole might be exceeded.

  • RUNNING: The operation in the specified account and Region is currently in progress.

  • PENDING: The operation in the specified account and Region has yet to start.

  • SUCCEEDED: The operation in the specified account and Region completed successfully.

" }, "StatusReason":{ "shape":"Reason", @@ -7277,7 +7779,7 @@ }, "AccountGateResult":{ "shape":"AccountGateResult", - "documentation":"

The results of the account gate function CloudFormation invokes, if present, before proceeding with stack set operations in an account.

" + "documentation":"

The results of the account gate function CloudFormation invokes, if present, before proceeding with StackSet operations in an account.

" }, "OrganizationalUnitId":{ "shape":"OrganizationalUnitId", @@ -7317,23 +7819,23 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique ID of the stack set operation.

" + "documentation":"

The unique ID of the StackSet operation.

" }, "Action":{ "shape":"StackSetOperationAction", - "documentation":"

The type of operation: CREATE, UPDATE, or DELETE. Create and delete operations affect only the specified stack instances that are associated with the specified stack set. Update operations affect both the stack set itself and all associated stack set instances.

" + "documentation":"

The type of operation: CREATE, UPDATE, or DELETE. Create and delete operations affect only the specified stack instances that are associated with the specified StackSet. Update operations affect both the StackSet itself and all associated StackSet instances.

" }, "Status":{ "shape":"StackSetOperationStatus", - "documentation":"

The overall status of the operation.

  • FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.

  • QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the stack set operation status codes in the CloudFormation User Guide.

  • RUNNING: The operation is currently being performed.

  • STOPPED: The user has canceled the operation.

  • STOPPING: The operation is in the process of stopping, at user request.

  • SUCCEEDED: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.

" + "documentation":"

The overall status of the operation.

  • FAILED: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to FAILED. This in turn sets the status of the operation as a whole to FAILED, and CloudFormation cancels the operation in any remaining Regions.

  • QUEUED: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the StackSet status codes in the CloudFormation User Guide.

  • RUNNING: The operation is currently being performed.

  • STOPPED: The user has canceled the operation.

  • STOPPING: The operation is in the process of stopping, at user request.

  • SUCCEEDED: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.

" }, "CreationTimestamp":{ "shape":"Timestamp", - "documentation":"

The time at which the operation was initiated. Note that the creation times for the stack set operation might differ from the creation time of the individual stacks themselves. This is because CloudFormation needs to perform preparatory work for the operation, such as dispatching the work to the requested Regions, before actually creating the first stacks.

" + "documentation":"

The time at which the operation was initiated. Note that the creation times for the StackSet operation might differ from the creation time of the individual stacks themselves. This is because CloudFormation needs to perform preparatory work for the operation, such as dispatching the work to the requested Regions, before actually creating the first stacks.

" }, "EndTimestamp":{ "shape":"Timestamp", - "documentation":"

The time at which the stack set operation ended, across all accounts and Regions specified. Note that this doesn't necessarily mean that the stack set operation was successful, or even attempted, in each account or Region.

" + "documentation":"

The time at which the StackSet operation ended, across all accounts and Regions specified. Note that this doesn't necessarily mean that the StackSet operation was successful, or even attempted, in each account or Region.

" }, "StatusReason":{ "shape":"StackSetOperationStatusReason", @@ -7341,11 +7843,11 @@ }, "StatusDetails":{ "shape":"StackSetOperationStatusDetails", - "documentation":"

Detailed information about the stack set operation.

" + "documentation":"

Detailed information about the StackSet operation.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

The user-specified preferences for how CloudFormation performs a stack set operation.

For more information about maximum concurrent accounts and failure tolerance, see Stack set operation options.

" + "documentation":"

The user-specified preferences for how CloudFormation performs a StackSet operation.

For more information about maximum concurrent accounts and failure tolerance, see StackSet operation options.

" } }, "documentation":"

The structures that contain summary information about the specified operation.

" @@ -7366,19 +7868,19 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name of the stack set.

" + "documentation":"

The name of the StackSet.

" }, "StackSetId":{ "shape":"StackSetId", - "documentation":"

The ID of the stack set.

" + "documentation":"

The ID of the StackSet.

" }, "Description":{ "shape":"Description", - "documentation":"

A description of the stack set that you specify when the stack set is created or updated.

" + "documentation":"

A description of the StackSet that you specify when the StackSet is created or updated.

" }, "Status":{ "shape":"StackSetStatus", - "documentation":"

The status of the stack set.

" + "documentation":"

The status of the StackSet.

" }, "AutoDeployment":{ "shape":"AutoDeployment", @@ -7386,22 +7888,22 @@ }, "PermissionModel":{ "shape":"PermissionModels", - "documentation":"

Describes how the IAM roles required for stack set operations are created.

" + "documentation":"

Describes how the IAM roles required for StackSet operations are created.

" }, "DriftStatus":{ "shape":"StackDriftStatus", - "documentation":"

Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.

  • DRIFTED: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.

  • IN_SYNC: All the stack instances belonging to the stack set stack match from the expected template and parameter configuration.

  • UNKNOWN: This value is reserved for future use.

" + "documentation":"

Status of the StackSet's actual configuration compared to its expected template and parameter configuration.

  • DRIFTED: One or more of the stack instances belonging to the StackSet differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.

  • NOT_CHECKED: CloudFormation hasn't checked the StackSet for drift.

  • IN_SYNC: All the stack instances belonging to the StackSet match the expected template and parameter configuration.

  • UNKNOWN: This value is reserved for future use.

" }, "LastDriftCheckTimestamp":{ "shape":"Timestamp", - "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be NULL for any stack set on which drift detection hasn't yet been performed.

" + "documentation":"

Most recent time when CloudFormation performed a drift detection operation on the StackSet. This value will be NULL for any StackSet that drift detection hasn't yet been performed on.

" }, "ManagedExecution":{ "shape":"ManagedExecution", "documentation":"

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

" } }, - "documentation":"

The structures that contain summary information about the specified stack set.

" + "documentation":"

The structures that contain summary information about the specified StackSet.

" }, "StackStatus":{ "type":"string", @@ -7482,11 +7984,11 @@ }, "ParentId":{ "shape":"StackId", - "documentation":"

For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.

For more information, see Embed stacks within other stacks using nested stacks in the CloudFormation User Guide.

" + "documentation":"

For nested stacks, the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.

For more information, see Nested stacks in the CloudFormation User Guide.

" }, "RootId":{ "shape":"StackId", - "documentation":"

For nested stacks--stacks created as resources for another stack--the stack ID of the top-level stack to which the nested stack ultimately belongs.

For more information, see Embed stacks within other stacks using nested stacks in the CloudFormation User Guide.

" + "documentation":"

For nested stacks, the stack ID of the top-level stack to which the nested stack ultimately belongs.

For more information, see Nested stacks in the CloudFormation User Guide.

" }, "DriftInformation":{ "shape":"StackDriftInformationSummary", @@ -7505,9 +8007,8 @@ }, "StaleRequestException":{ "type":"structure", - "members":{ - }, - "documentation":"

Another operation has been performed on this stack set since the specified operation was performed.

", + "members":{}, + "documentation":"

Another operation has been performed on this StackSet since the specified operation was performed.

", "error":{ "code":"StaleRequestException", "httpStatusCode":409, @@ -7521,6 +8022,10 @@ "ClientRequestToken":{ "shape":"ClientRequestToken", "documentation":"

A unique identifier for this StartResourceScan request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to start a new resource scan.

" + }, + "ScanFilters":{ + "shape":"ScanFilters", + "documentation":"

The scan filters to use.

" } } }, @@ -7546,7 +8051,7 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to stop the operation for.

" + "documentation":"

The name or unique ID of the StackSet that you want to stop the operation for.

" }, "OperationId":{ "shape":"ClientRequestToken", @@ -7554,14 +8059,13 @@ }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid only if the StackSet uses service-managed permissions.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, "StopStackSetOperationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "SupportedMajorVersion":{ "type":"integer", @@ -7581,11 +8085,11 @@ "members":{ "Key":{ "shape":"TagKey", - "documentation":"

Required. A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by Amazon Web Services have the reserved prefix: aws:.

" + "documentation":"

A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by Amazon Web Services have the reserved prefix: aws:.

" }, "Value":{ "shape":"TagValue", - "documentation":"

Required. A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value.

" + "documentation":"

A string that contains the value for this tag. You can specify a maximum of 256 characters for a tag value.

" } }, "documentation":"

The Tag type enables you to specify a key-value pair that can be used to store information about an CloudFormation stack.

" @@ -7741,7 +8245,7 @@ }, "TemplateURL":{ "type":"string", - "max":1024, + "max":5120, "min":1 }, "TestTypeInput":{ @@ -7798,8 +8302,7 @@ "Timestamp":{"type":"timestamp"}, "TokenAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A client request token already exists.

", "error":{ "code":"TokenAlreadyExistsException", @@ -7850,7 +8353,7 @@ "members":{ "Arn":{ "shape":"TypeConfigurationArn", - "documentation":"

The Amazon Resource Name (ARN) for the configuration data, in this account and Region.

" + "documentation":"

The ARN for the configuration data, in this account and Region.

" }, "Alias":{ "shape":"TypeConfigurationAlias", @@ -7866,7 +8369,7 @@ }, "TypeArn":{ "shape":"TypeArn", - "documentation":"

The Amazon Resource Name (ARN) for the extension, in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

" + "documentation":"

The ARN for the extension, in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

" }, "TypeName":{ "shape":"TypeName", @@ -7888,7 +8391,7 @@ "members":{ "TypeArn":{ "shape":"TypeArn", - "documentation":"

The Amazon Resource Name (ARN) for the extension, in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

" + "documentation":"

The ARN for the extension, in this account and Region.

For public extensions, this will be the ARN assigned when you call the ActivateType API operation in this account and Region. For private extensions, this will be the ARN assigned when you call the RegisterType API operation in this account and Region.

" }, "TypeConfigurationAlias":{ "shape":"TypeConfigurationAlias", @@ -7896,7 +8399,7 @@ }, "TypeConfigurationArn":{ "shape":"TypeConfigurationArn", - "documentation":"

The Amazon Resource Name (ARN) for the configuration, in this account and Region.

" + "documentation":"

The ARN for the configuration, in this account and Region.

" }, "Type":{ "shape":"ThirdPartyType", @@ -7916,8 +8419,7 @@ }, "TypeConfigurationNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified extension configuration can't be found.

", "error":{ "code":"TypeConfigurationNotFoundException", @@ -7959,8 +8461,7 @@ }, "TypeNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified extension doesn't exist in the CloudFormation registry.

", "error":{ "code":"TypeNotFoundException", @@ -7995,7 +8496,7 @@ }, "TypeArn":{ "shape":"TypeArn", - "documentation":"

The Amazon Resource Name (ARN) of the extension.

" + "documentation":"

The ARN of the extension.

" }, "LastUpdated":{ "shape":"Timestamp", @@ -8074,7 +8575,7 @@ }, "VersionId":{ "shape":"TypeVersionId", - "documentation":"

The ID of a specific version of the extension. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the extension version when it's registered.

" + "documentation":"

The ID of a specific version of the extension. The version ID is the value at the end of the ARN assigned to the extension version when it's registered.

" }, "IsDefaultVersion":{ "shape":"IsDefaultVersion", @@ -8082,7 +8583,7 @@ }, "Arn":{ "shape":"TypeArn", - "documentation":"

The Amazon Resource Name (ARN) of the extension version.

" + "documentation":"

The ARN of the extension version.

" }, "TimeCreated":{ "shape":"Timestamp", @@ -8152,11 +8653,11 @@ }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

" + "documentation":"

Structure that contains the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

" }, "UsePreviousTemplate":{ "shape":"UsePreviousTemplate", @@ -8164,11 +8665,11 @@ }, "StackPolicyDuringUpdateBody":{ "shape":"StackPolicyDuringUpdateBody", - "documentation":"

Structure containing the temporary overriding stack policy body. You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don't specify a stack policy, the current policy that is associated with the stack will be used.

" + "documentation":"

Structure that contains the temporary overriding stack policy body. You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don't specify a stack policy, the current policy that is associated with the stack will be used.

" }, "StackPolicyDuringUpdateURL":{ "shape":"StackPolicyDuringUpdateURL", - "documentation":"

Location of a file containing the temporary overriding stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don't specify a stack policy, the current policy that is associated with the stack will be used.

" + "documentation":"

Location of a file that contains the temporary overriding stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don't specify a stack policy, the current policy that is associated with the stack will be used.

" }, "Parameters":{ "shape":"Parameters", @@ -8176,11 +8677,11 @@ }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually updating the stack. If your stack template contains one or more macros, and you choose to update a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    If you want to update a stack from a stack template that contains macros and nested stacks, you must update the stack directly from the template using this capability.

    You should only update stacks directly from a stack template that contains macros if you know what processing the macro performs.

    Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

    For more information, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually updating the stack. If your stack template contains one or more macros, and you choose to update a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

    If you want to update a stack from a stack template that contains macros and nested stacks, you must update the stack directly from the template using this capability.

    You should only update stacks directly from a stack template that contains macros if you know what processing the macro performs.

    Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

    For more information, see Perform custom processing on CloudFormation templates with template macros.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "ResourceTypes":{ "shape":"ResourceTypes", - "documentation":"

The template resource types that you have permissions to work with for this update stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.

Only one of the Capabilities and ResourceType parameters can be specified.

" + "documentation":"

The template resource types that you have permissions to work with for this update stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.

Only one of the Capabilities and ResourceType parameters can be specified.

" }, "RoleARN":{ "shape":"RoleARN", @@ -8192,11 +8693,11 @@ }, "StackPolicyBody":{ "shape":"StackPolicyBody", - "documentation":"

Structure containing a new stack policy body. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.

" + "documentation":"

Structure that contains a new stack policy body. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.

" }, "StackPolicyURL":{ "shape":"StackPolicyURL", - "documentation":"

Location of a file containing the updated stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.

" + "documentation":"

Location of a file that contains the updated stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.

You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.

" }, "NotificationARNs":{ "shape":"NotificationARNs", @@ -8230,15 +8731,15 @@ "members":{ "StackSetName":{ "shape":"StackSetNameOrId", - "documentation":"

The name or unique ID of the stack set associated with the stack instances.

" + "documentation":"

The name or unique ID of the StackSet associated with the stack instances.

" }, "Accounts":{ "shape":"AccountList", - "documentation":"

[Self-managed permissions] The names of one or more Amazon Web Services accounts for which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions.

You can specify Accounts or DeploymentTargets, but not both.

" + "documentation":"

[Self-managed permissions] The account IDs of one or more Amazon Web Services accounts in which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions.

You can specify Accounts or DeploymentTargets, but not both.

" }, "DeploymentTargets":{ "shape":"DeploymentTargets", - "documentation":"

[Service-managed permissions] The Organizations accounts for which you want to update parameter values for stack instances. If your update targets OUs, the overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future won't use the overridden values.

You can specify Accounts or DeploymentTargets, but not both.

" + "documentation":"

[Service-managed permissions] The Organizations accounts in which you want to update parameter values for stack instances. If your update targets OUs, the overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future won't use the overridden values.

You can specify Accounts or DeploymentTargets, but not both.

" }, "Regions":{ "shape":"RegionList", @@ -8246,20 +8747,20 @@ }, "ParameterOverrides":{ "shape":"Parameters", - "documentation":"

A list of input parameters whose values you want to update for the specified stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance update operations:

  • To override the current value for a parameter, include the parameter and specify its value.

  • To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You can't specify both a value and set UsePreviousValue to true.)

  • To set an overridden parameter back to the value specified in the stack set, specify a parameter list but don't include the parameter in the list.

  • To leave all parameters set to their present values, don't specify this property at all.

During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.

You can only override the parameter values that are specified in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use UpdateStackSet to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using UpdateStackInstances.

" + "documentation":"

A list of input parameters whose values you want to update for the specified stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance update operations:

  • To override the current value for a parameter, include the parameter and specify its value.

  • To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You can't specify both a value and set UsePreviousValue to true.)

  • To set an overridden parameter back to the value specified in the StackSet, specify a parameter list but don't include the parameter in the list.

  • To leave all parameters set to their present values, don't specify this property at all.

During StackSet updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.

You can only override the parameter values that are specified in the StackSet. To add or delete a parameter itself, use UpdateStackSet to update the StackSet template. If you add a parameter to a template, before you can override the parameter value specified in the StackSet you must first use UpdateStackSet to update all stack instances with the updated template and parameter value specified in the StackSet. Once a stack instance has been updated with the new parameter, you can then override the parameter value using UpdateStackInstances.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

Preferences for how CloudFormation performs this stack set operation.

" + "documentation":"

Preferences for how CloudFormation performs this StackSet operation.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

", + "documentation":"

The unique identifier for this StackSet operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the StackSet operation only once, even if you retry the request multiple times. You might retry StackSet operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

", "idempotencyToken":true }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" } } }, @@ -8268,7 +8769,7 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique identifier for this stack set operation.

" + "documentation":"

The unique identifier for this StackSet operation.

" } } }, @@ -8288,7 +8789,7 @@ "members":{ "StackSetName":{ "shape":"StackSetName", - "documentation":"

The name or unique ID of the stack set that you want to update.

" + "documentation":"

The name or unique ID of the StackSet that you want to update.

" }, "Description":{ "shape":"Description", @@ -8300,68 +8801,68 @@ }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document.

Conditional: You must specify only one of the following parameters: TemplateBody or TemplateURL—or set UsePreviousTemplate to true.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template (maximum size: 1 MB) that is located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://. S3 static website URLs are not supported.

Conditional: You must specify only one of the following parameters: TemplateBody or TemplateURL—or set UsePreviousTemplate to true.

" }, "UsePreviousTemplate":{ "shape":"UsePreviousTemplate", - "documentation":"

Use the existing template that's associated with the stack set that you're updating.

Conditional: You must specify only one of the following parameters: TemplateBody or TemplateURL—or set UsePreviousTemplate to true.

" + "documentation":"

Use the existing template that's associated with the StackSet that you're updating.

Conditional: You must specify only one of the following parameters: TemplateBody or TemplateURL—or set UsePreviousTemplate to true.

" }, "Parameters":{ "shape":"Parameters", - "documentation":"

A list of input parameters for the stack set template.

" + "documentation":"

A list of input parameters for the StackSet template.

" }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack set and its associated stack instances.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks sets, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some templates reference macros. If your stack set template references one or more macros, you must update the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To update the stack set directly, you must acknowledge this capability. For more information, see Using CloudFormation Macros to Perform Custom Processing on Templates.

    Stack sets with service-managed permissions do not currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.
" + "documentation":"

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the StackSet and its associated stack instances.

  • CAPABILITY_IAM and CAPABILITY_NAMED_IAM

    Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks sets, you must explicitly acknowledge this by specifying one of these capabilities.

    The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

    • If you have IAM resources, you can specify either capability.

    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

    • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

  • CAPABILITY_AUTO_EXPAND

    Some templates reference macros. If your StackSet template references one or more macros, you must update the StackSet directly from the processed template, without first reviewing the resulting changes in a change set. To update the StackSet directly, you must acknowledge this capability. For more information, see Perform custom processing on CloudFormation templates with template macros.

    StackSets with service-managed permissions do not currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a StackSet with service-managed permissions, if you reference a macro in your template the StackSet operation will fail.
" }, "Tags":{ "shape":"Tags", - "documentation":"

The key-value pairs to associate with this stack set and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. You can specify a maximum number of 50 tags.

If you specify tags for this parameter, those tags replace any list of tags that are currently associated with this stack set. This means:

  • If you don't specify this parameter, CloudFormation doesn't modify the stack's tags.

  • If you specify any tags using this parameter, you must specify all the tags that you want associated with this stack set, even tags you've specified before (for example, when creating the stack set or during a previous update of the stack set.). Any tags that you don't include in the updated list of tags are removed from the stack set, and therefore from the stacks and resources as well.

  • If you specify an empty value, CloudFormation removes all currently associated tags.

If you specify new tags as part of an UpdateStackSet action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you omit tags that are currently associated with the stack set from the list of tags you specify, CloudFormation assumes that you want to remove those tags from the stack set, and checks to see if you have permission to untag resources. If you don't have the necessary permission(s), the entire UpdateStackSet action fails with an access denied error, and the stack set is not updated.

" + "documentation":"

The key-value pairs to associate with this StackSet and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. You can specify a maximum number of 50 tags.

If you specify tags for this parameter, those tags replace any list of tags that are currently associated with this StackSet. This means:

  • If you don't specify this parameter, CloudFormation doesn't modify the stack's tags.

  • If you specify any tags using this parameter, you must specify all the tags that you want associated with this StackSet, even tags you've specified before (for example, when creating the StackSet or during a previous update of the StackSet.). Any tags that you don't include in the updated list of tags are removed from the StackSet, and therefore from the stacks and resources as well.

  • If you specify an empty value, CloudFormation removes all currently associated tags.

If you specify new tags as part of an UpdateStackSet action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you omit tags that are currently associated with the StackSet from the list of tags you specify, CloudFormation assumes that you want to remove those tags from the StackSet, and checks to see if you have permission to untag resources. If you don't have the necessary permission(s), the entire UpdateStackSet action fails with an access denied error, and the StackSet is not updated.

" }, "OperationPreferences":{ "shape":"StackSetOperationPreferences", - "documentation":"

Preferences for how CloudFormation performs this stack set operation.

" + "documentation":"

Preferences for how CloudFormation performs this StackSet operation.

" }, "AdministrationRoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to use to update this stack set.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Granting Permissions for Stack Set Operations in the CloudFormation User Guide.

If you specified a customized administrator role when you created the stack set, you must specify a customized administrator role, even if it is the same customized administrator role used with this stack set previously.

" + "documentation":"

[Self-managed permissions] The Amazon Resource Name (ARN) of the IAM role to use to update this StackSet.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Grant self-managed permissions in the CloudFormation User Guide.

If you specified a customized administrator role when you created the StackSet, you must specify a customized administrator role, even if it is the same customized administrator role used with this StackSet previously.

" }, "ExecutionRoleName":{ "shape":"ExecutionRoleName", - "documentation":"

The name of the IAM execution role to use to update the stack set. If you do not specify an execution role, CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.

If you specify a customized execution role, CloudFormation uses that role to update the stack. If you do not specify a customized execution role, CloudFormation performs the update using the role previously associated with the stack set, so long as you have permissions to perform operations on the stack set.

" + "documentation":"

[Self-managed permissions] The name of the IAM execution role to use to update the stack set. If you do not specify an execution role, CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the StackSet operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their StackSets.

If you specify a customized execution role, CloudFormation uses that role to update the stack. If you do not specify a customized execution role, CloudFormation performs the update using the role previously associated with the StackSet, so long as you have permissions to perform operations on the StackSet.

" }, "DeploymentTargets":{ "shape":"DeploymentTargets", - "documentation":"

[Service-managed permissions] The Organizations accounts in which to update associated stack instances.

To update all the stack instances associated with this stack set, do not specify DeploymentTargets or Regions.

If the stack set update includes changes to the template (that is, if TemplateBody or TemplateURL is specified), or the Parameters, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the stack set update doesn't include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.

" + "documentation":"

[Service-managed permissions] The Organizations accounts in which to update associated stack instances.

To update all the stack instances associated with this StackSet, do not specify DeploymentTargets or Regions.

If the StackSet update includes changes to the template (that is, if TemplateBody or TemplateURL is specified), or the Parameters, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the StackSet update doesn't include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.

" }, "PermissionModel":{ "shape":"PermissionModels", - "documentation":"

Describes how the IAM roles required for stack set operations are created. You cannot modify PermissionModel if there are stack instances associated with your stack set.

" + "documentation":"

Describes how the IAM roles required for StackSet operations are created. You cannot modify PermissionModel if there are stack instances associated with your stack set.

" }, "AutoDeployment":{ "shape":"AutoDeployment", - "documentation":"

[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).

If you specify AutoDeployment, don't specify DeploymentTargets or Regions.

" + "documentation":"

[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see Enable or disable automatic deployments for StackSets in Organizations in the CloudFormation User Guide.

If you specify AutoDeployment, don't specify DeploymentTargets or Regions.

" }, "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique ID for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, CloudFormation generates one automatically.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

", + "documentation":"

The unique ID for this StackSet operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the StackSet operation only once, even if you retry the request multiple times. You might retry StackSet operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, CloudFormation generates one automatically.

Repeating this StackSet operation with a new operation ID retries all stack instances whose status is OUTDATED.

", "idempotencyToken":true }, "Accounts":{ "shape":"AccountList", - "documentation":"

[Self-managed permissions] The accounts in which to update associated stack instances. If you specify accounts, you must also specify the Amazon Web Services Regions in which to update stack set instances.

To update all the stack instances associated with this stack set, don't specify the Accounts or Regions properties.

If the stack set update includes changes to the template (that is, if the TemplateBody or TemplateURL properties are specified), or the Parameters property, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Amazon Web Services Regions, while leaving all other stack instances with their existing stack instance status.

" + "documentation":"

[Self-managed permissions] The accounts in which to update associated stack instances. If you specify accounts, you must also specify the Amazon Web Services Regions in which to update StackSet instances.

To update all the stack instances associated with this StackSet, don't specify the Accounts or Regions properties.

If the StackSet update includes changes to the template (that is, if the TemplateBody or TemplateURL properties are specified), or the Parameters property, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the StackSet update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Amazon Web Services Regions, while leaving all other stack instances with their existing stack instance status.

" }, "Regions":{ "shape":"RegionList", - "documentation":"

The Amazon Web Services Regions in which to update associated stack instances. If you specify Regions, you must also specify accounts in which to update stack set instances.

To update all the stack instances associated with this stack set, do not specify the Accounts or Regions properties.

If the stack set update includes changes to the template (that is, if the TemplateBody or TemplateURL properties are specified), or the Parameters property, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.

" + "documentation":"

The Amazon Web Services Regions in which to update associated stack instances. If you specify Regions, you must also specify accounts in which to update StackSet instances.

To update all the stack instances associated with this StackSet, do not specify the Accounts or Regions properties.

If the StackSet update includes changes to the template (that is, if the TemplateBody or TemplateURL properties are specified), or the Parameters property, CloudFormation marks all stack instances with a status of OUTDATED prior to updating the stack instances in the specified accounts and Regions. If the StackSet update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.

" }, "CallAs":{ "shape":"CallAs", - "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" + "documentation":"

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for StackSets with self-managed permissions.

  • If you are signed in to the management account, specify SELF.

  • If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

    Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

" }, "ManagedExecution":{ "shape":"ManagedExecution", - "documentation":"

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

" + "documentation":"

Describes whether CloudFormation performs non-conflicting operations concurrently and queues conflicting operations.

" } } }, @@ -8370,7 +8871,7 @@ "members":{ "OperationId":{ "shape":"ClientRequestToken", - "documentation":"

The unique ID for this stack set operation.

" + "documentation":"

The unique ID for this StackSet operation.

" } } }, @@ -8408,11 +8909,11 @@ "members":{ "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" + "documentation":"

Structure that contains the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" }, "TemplateURL":{ "shape":"TemplateURL", - "documentation":"

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" + "documentation":"

The URL of a file that contains the template body. The URL must point to a template (max size: 1 MB) that is located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

" } }, "documentation":"

The input for ValidateTemplate action.

" @@ -8430,7 +8931,7 @@ }, "Capabilities":{ "shape":"Capabilities", - "documentation":"

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the CreateStack or UpdateStack actions with your template; otherwise, those actions return an InsufficientCapabilities error.

For more information, see Acknowledging IAM resources in CloudFormation templates.

" + "documentation":"

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the CreateStack or UpdateStack actions with your template; otherwise, those actions return an InsufficientCapabilities error.

For more information, see Acknowledging IAM resources in CloudFormation templates.

" }, "CapabilitiesReason":{ "shape":"CapabilitiesReason", @@ -8504,7 +9005,9 @@ "enum":[ "MUTUALLY_EXCLUSIVE_PROPERTIES", "UNSUPPORTED_PROPERTIES", - "MUTUALLY_EXCLUSIVE_TYPES" + "MUTUALLY_EXCLUSIVE_TYPES", + "EXCLUDED_PROPERTIES", + "EXCLUDED_RESOURCES" ] }, "Warnings":{ diff -pruN 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/waiters-2.json 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/waiters-2.json --- 2.23.6-1/awscli/botocore/data/cloudformation/2010-05-15/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudformation/2010-05-15/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -324,6 +324,62 @@ } ] }, + "StackRefactorCreateComplete": { + "delay": 5, + "operation": "DescribeStackRefactor", + "maxAttempts": 120, + "description": "Wait until the stack refactor status is CREATE_COMPLETE.", + "acceptors": [ + { + "argument": "Status", + "expected": "CREATE_COMPLETE", + "matcher": "path", + "state": "success" + }, + { + "argument": "Status", + "expected": "CREATE_FAILED", + "matcher": "path", + "state": "failure" + }, + { + "expected": "ValidationError", + "matcher": "error", + "state": "failure" + } + ] + }, + "StackRefactorExecuteComplete": { + "delay": 15, + "operation": "DescribeStackRefactor", + "maxAttempts": 120, + "description": "Wait until the stack refactor status is EXECUTE_COMPLETE.", + "acceptors": [ + { + "argument": "ExecutionStatus", + "expected": "EXECUTE_COMPLETE", + "matcher": "path", + "state": "success" + }, + { + "argument": "ExecutionStatus", + "expected": "EXECUTE_FAILED", + "matcher": "path", + "state": "failure" + }, + { + "argument": "ExecutionStatus", + "expected": "ROLLBACK_COMPLETE", + "matcher": "path", + "state": "failure" + }, + { + "expected": "ValidationError", + "matcher": "error", + "state": "failure" + } + ] + }, "TypeRegistrationComplete": { "delay": 30, "operation": "DescribeTypeRegistration", diff -pruN 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,314 +57,284 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://cloudfront.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "cloudfront", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://cloudfront.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://cloudfront-fips.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "cloudfront", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://cloudfront-fips.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-cn" ] }, - "aws-cn" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://cloudfront.cn-northwest-1.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "cloudfront", - "signingRegion": "cn-northwest-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + ], + "endpoint": { + "url": "https://cloudfront.cn-northwest-1.amazonaws.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] }, - true - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-cn" ] }, { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseFIPS" + }, + true ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://cloudfront-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://cloudfront-fips.cn-northwest-1.amazonaws.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseDualStack" }, true ] @@ -372,96 +342,231 @@ ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cloudfront-fips.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://cloudfront-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cloudfront-fips.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cloudfront.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://cloudfront.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://cloudfront.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://cloudfront.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/paginators-1.json 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/paginators-1.json --- 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -39,6 +39,48 @@ "output_token": "PublicKeyList.NextMarker", "limit_key": "MaxItems", "result_key": "PublicKeyList.Items" + }, + "ListConnectionGroups": { + "input_token": "Marker", + "output_token": "NextMarker", + "limit_key": "MaxItems", + "result_key": "ConnectionGroups" + }, + "ListDistributionTenants": { + "input_token": "Marker", + "output_token": "NextMarker", + "limit_key": "MaxItems", + "result_key": "DistributionTenantList" + }, + "ListDistributionTenantsByCustomization": { + "input_token": "Marker", + "output_token": "NextMarker", + "limit_key": "MaxItems", + "result_key": "DistributionTenantList" + }, + "ListDistributionsByConnectionMode": { + "input_token": "Marker", + "output_token": "DistributionList.NextMarker", + "limit_key": "MaxItems", + "result_key": "DistributionList.Items" + }, + "ListDomainConflicts": { + "input_token": "Marker", + "output_token": "NextMarker", + "limit_key": "MaxItems", + "result_key": "DomainConflicts" + }, + "ListInvalidationsForDistributionTenant": { + "input_token": "Marker", + "output_token": "InvalidationList.NextMarker", + "limit_key": "MaxItems", + "result_key": "InvalidationList.Items" + }, + "ListOriginAccessControls": { + "input_token": "Marker", + "output_token": "OriginAccessControlList.NextMarker", + "limit_key": "MaxItems", + "result_key": "OriginAccessControlList.Items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/service-2.json 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -26,11 +26,55 @@ "errors":[ {"shape":"NoSuchDistribution"}, {"shape":"AccessDenied"}, + {"shape":"IllegalUpdate"}, {"shape":"InvalidArgument"}, - {"shape":"TooManyDistributionCNAMEs"}, - {"shape":"IllegalUpdate"} + {"shape":"TooManyDistributionCNAMEs"} + ], + "documentation":"

The AssociateAlias API operation only supports standard distributions. To move domains between distribution tenants and/or standard distributions, we recommend that you use the UpdateDomainAssociation API operation instead.

Associates an alias with a CloudFront standard distribution. An alias is commonly known as a custom domain or vanity domain. It can also be called a CNAME or alternate domain name.

With this operation, you can move an alias that's already used for a standard distribution to a different standard distribution. This prevents the downtime that could occur if you first remove the alias from one standard distribution and then separately add the alias to another standard distribution.

To use this operation, specify the alias and the ID of the target standard distribution.

For more information, including how to set up the target standard distribution, prerequisites that you must complete, and other restrictions, see Moving an alternate domain name to a different standard distribution or distribution tenant in the Amazon CloudFront Developer Guide.

" + }, + "AssociateDistributionTenantWebACL":{ + "name":"AssociateDistributionTenantWebACL2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution-tenant/{Id}/associate-web-acl", + "responseCode":200 + }, + "input":{ + "shape":"AssociateDistributionTenantWebACLRequest", + "locationName":"AssociateDistributionTenantWebACLRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"AssociateDistributionTenantWebACLResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Associates the WAF web ACL with a distribution tenant.

" + }, + "AssociateDistributionWebACL":{ + "name":"AssociateDistributionWebACL2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution/{Id}/associate-web-acl", + "responseCode":200 + }, + "input":{ + "shape":"AssociateDistributionWebACLRequest", + "locationName":"AssociateDistributionWebACLRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"AssociateDistributionWebACLResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} ], - "documentation":"

Associates an alias (also known as a CNAME or an alternate domain name) with a CloudFront distribution.

With this operation you can move an alias that's already in use on a CloudFront distribution to a different distribution in one step. This prevents the downtime that could occur if you first remove the alias from one distribution and then separately add the alias to another distribution.

To use this operation to associate an alias with a distribution, you provide the alias and the ID of the target distribution for the alias. For more information, including how to set up the target distribution, prerequisites that you must complete, and other restrictions, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.

" + "documentation":"

Associates the WAF web ACL with a distribution.

" }, "CopyDistribution":{ "name":"CopyDistribution2020_05_31", @@ -131,8 +175,8 @@ {"shape":"UnsupportedOperation"}, {"shape":"EntityAlreadyExists"}, {"shape":"InvalidTagging"}, - {"shape":"InvalidArgument"}, - {"shape":"EntityLimitExceeded"} + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"} ], "documentation":"

Creates an Anycast static IP list.

" }, @@ -155,7 +199,7 @@ {"shape":"InvalidArgument"}, {"shape":"TooManyQueryStringsInCachePolicy"} ], - "documentation":"

Creates a cache policy.

After you create a cache policy, you can attach it to one or more cache behaviors. When it's attached to a cache behavior, the cache policy determines the following:

  • The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.

  • The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.

The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

For more information about cache policies, see Controlling the cache key in the Amazon CloudFront Developer Guide.

" + "documentation":"

Creates a cache policy.

After you create a cache policy, you can attach it to one or more cache behaviors. When it's attached to a cache behavior, the cache policy determines the following:

  • The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.

  • The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.

    If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

For more information about cache policies, see Controlling the cache key in the Amazon CloudFront Developer Guide.

" }, "CreateCloudFrontOriginAccessIdentity":{ "name":"CreateCloudFrontOriginAccessIdentity2020_05_31", @@ -170,11 +214,34 @@ {"shape":"MissingBody"}, {"shape":"TooManyCloudFrontOriginAccessIdentities"}, {"shape":"InconsistentQuantities"}, - {"shape":"InvalidArgument"}, - {"shape":"CloudFrontOriginAccessIdentityAlreadyExists"} + {"shape":"CloudFrontOriginAccessIdentityAlreadyExists"}, + {"shape":"InvalidArgument"} ], "documentation":"

Creates a new origin access identity. If you're using Amazon S3 for your origin, you can use an origin access identity to require users to access your content using a CloudFront URL instead of the Amazon S3 URL. For more information about how to use origin access identities, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" }, + "CreateConnectionGroup":{ + "name":"CreateConnectionGroup2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/connection-group", + "responseCode":201 + }, + "input":{ + "shape":"CreateConnectionGroupRequest", + "locationName":"CreateConnectionGroupRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"CreateConnectionGroupResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"EntityAlreadyExists"}, + {"shape":"InvalidTagging"}, + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Creates a connection group.

" + }, "CreateContinuousDeploymentPolicy":{ "name":"CreateContinuousDeploymentPolicy2020_05_31", "http":{ @@ -267,12 +334,38 @@ {"shape":"InvalidFunctionAssociation"}, {"shape":"TooManyDistributionsWithLambdaAssociations"}, {"shape":"TooManyDistributionsAssociatedToKeyGroup"}, + {"shape":"EntityLimitExceeded"}, {"shape":"DistributionAlreadyExists"}, {"shape":"NoSuchOrigin"}, {"shape":"TooManyCacheBehaviors"} ], "documentation":"

Creates a CloudFront distribution.

" }, + "CreateDistributionTenant":{ + "name":"CreateDistributionTenant2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/distribution-tenant", + "responseCode":201 + }, + "input":{ + "shape":"CreateDistributionTenantRequest", + "locationName":"CreateDistributionTenantRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"CreateDistributionTenantResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"EntityAlreadyExists"}, + {"shape":"CNAMEAlreadyExists"}, + {"shape":"InvalidTagging"}, + {"shape":"InvalidAssociation"}, + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Creates a distribution tenant.

" + }, "CreateDistributionWithTags":{ "name":"CreateDistributionWithTags2020_05_31", "http":{ @@ -364,8 +457,8 @@ "output":{"shape":"CreateFieldLevelEncryptionConfigResult"}, "errors":[ {"shape":"QueryArgProfileEmpty"}, - {"shape":"TooManyFieldLevelEncryptionQueryArgProfiles"}, {"shape":"TooManyFieldLevelEncryptionContentTypeProfiles"}, + {"shape":"TooManyFieldLevelEncryptionQueryArgProfiles"}, {"shape":"FieldLevelEncryptionConfigAlreadyExists"}, {"shape":"InconsistentQuantities"}, {"shape":"TooManyFieldLevelEncryptionConfigs"}, @@ -432,11 +525,31 @@ {"shape":"TooManyInvalidationsInProgress"}, {"shape":"MissingBody"}, {"shape":"InconsistentQuantities"}, - {"shape":"InvalidArgument"}, - {"shape":"BatchTooLarge"} + {"shape":"BatchTooLarge"}, + {"shape":"InvalidArgument"} ], "documentation":"

Create a new invalidation. For more information, see Invalidating files in the Amazon CloudFront Developer Guide.

" }, + "CreateInvalidationForDistributionTenant":{ + "name":"CreateInvalidationForDistributionTenant2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/distribution-tenant/{Id}/invalidation", + "responseCode":201 + }, + "input":{"shape":"CreateInvalidationForDistributionTenantRequest"}, + "output":{"shape":"CreateInvalidationForDistributionTenantResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"TooManyInvalidationsInProgress"}, + {"shape":"MissingBody"}, + {"shape":"InconsistentQuantities"}, + {"shape":"BatchTooLarge"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Creates an invalidation for a distribution tenant. For more information, see Invalidating files in the Amazon CloudFront Developer Guide.

" + }, "CreateKeyGroup":{ "name":"CreateKeyGroup2020_05_31", "http":{ @@ -471,8 +584,8 @@ {"shape":"AccessDenied"}, {"shape":"UnsupportedOperation"}, {"shape":"EntityAlreadyExists"}, - {"shape":"InvalidArgument"}, {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"}, {"shape":"EntitySizeLimitExceeded"} ], "documentation":"

Specifies the key value store resource to add to your account. In your account, the key value store names must be unique. You can also import key value store data in JSON format from an S3 bucket by providing a valid ImportSource that you own.

" @@ -492,7 +605,7 @@ {"shape":"MonitoringSubscriptionAlreadyExists"}, {"shape":"UnsupportedOperation"} ], - "documentation":"

Enables additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost.

For more information, see Viewing additional CloudFront distribution metrics in the Amazon CloudFront Developer Guide.

" + "documentation":"

Enables or disables additional Amazon CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost.

For more information, see Viewing additional CloudFront distribution metrics in the Amazon CloudFront Developer Guide.

" }, "CreateOriginAccessControl":{ "name":"CreateOriginAccessControl2020_05_31", @@ -658,11 +771,11 @@ "errors":[ {"shape":"AccessDenied"}, {"shape":"UnsupportedOperation"}, - {"shape":"InconsistentQuantities"}, {"shape":"EntityAlreadyExists"}, + {"shape":"InconsistentQuantities"}, {"shape":"InvalidTagging"}, - {"shape":"InvalidArgument"}, - {"shape":"EntityLimitExceeded"} + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"} ], "documentation":"

Create an Amazon CloudFront VPC origin.

" }, @@ -677,8 +790,8 @@ "errors":[ {"shape":"CannotDeleteEntityWhileInUse"}, {"shape":"PreconditionFailed"}, - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"IllegalDelete"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"}, @@ -715,12 +828,30 @@ "errors":[ {"shape":"PreconditionFailed"}, {"shape":"AccessDenied"}, + {"shape":"CloudFrontOriginAccessIdentityInUse"}, {"shape":"InvalidIfMatchVersion"}, - {"shape":"NoSuchCloudFrontOriginAccessIdentity"}, - {"shape":"CloudFrontOriginAccessIdentityInUse"} + {"shape":"NoSuchCloudFrontOriginAccessIdentity"} ], "documentation":"

Delete an origin access identity.

" }, + "DeleteConnectionGroup":{ + "name":"DeleteConnectionGroup2020_05_31", + "http":{ + "method":"DELETE", + "requestUri":"/2020-05-31/connection-group/{Id}", + "responseCode":204 + }, + "input":{"shape":"DeleteConnectionGroupRequest"}, + "errors":[ + {"shape":"CannotDeleteEntityWhileInUse"}, + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"ResourceNotDisabled"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Deletes a connection group.

" + }, "DeleteContinuousDeploymentPolicy":{ "name":"DeleteContinuousDeploymentPolicy2020_05_31", "http":{ @@ -748,13 +879,31 @@ }, "input":{"shape":"DeleteDistributionRequest"}, "errors":[ + {"shape":"ResourceInUse"}, {"shape":"NoSuchDistribution"}, {"shape":"PreconditionFailed"}, {"shape":"AccessDenied"}, {"shape":"DistributionNotDisabled"}, {"shape":"InvalidIfMatchVersion"} ], - "documentation":"

Delete a distribution.

" + "documentation":"

Delete a distribution.

Before you can delete a distribution, you must disable it, which requires permission to update the distribution. Once deleted, a distribution cannot be recovered.

" + }, + "DeleteDistributionTenant":{ + "name":"DeleteDistributionTenant2020_05_31", + "http":{ + "method":"DELETE", + "requestUri":"/2020-05-31/distribution-tenant/{Id}", + "responseCode":204 + }, + "input":{"shape":"DeleteDistributionTenantRequest"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"ResourceNotDisabled"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Deletes a distribution tenant. If you use this API operation to delete a distribution tenant that is currently enabled, the request will fail.

To delete a distribution tenant, you must first disable the distribution tenant by using the UpdateDistributionTenant API operation.

" }, "DeleteFieldLevelEncryptionConfig":{ "name":"DeleteFieldLevelEncryptionConfig2020_05_31", @@ -816,8 +965,8 @@ }, "input":{"shape":"DeleteKeyGroupRequest"}, "errors":[ - {"shape":"ResourceInUse"}, {"shape":"PreconditionFailed"}, + {"shape":"ResourceInUse"}, {"shape":"NoSuchResource"}, {"shape":"InvalidIfMatchVersion"} ], @@ -834,8 +983,8 @@ "errors":[ {"shape":"CannotDeleteEntityWhileInUse"}, {"shape":"PreconditionFailed"}, - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidIfMatchVersion"} ], @@ -926,11 +1075,33 @@ "errors":[ {"shape":"AccessDenied"}, {"shape":"InvalidArgument"}, - {"shape":"RealtimeLogConfigInUse"}, - {"shape":"NoSuchRealtimeLogConfig"} + {"shape":"NoSuchRealtimeLogConfig"}, + {"shape":"RealtimeLogConfigInUse"} ], "documentation":"

Deletes a real-time log configuration.

You cannot delete a real-time log configuration if it's attached to a cache behavior. First update your distributions to remove the real-time log configuration from all cache behaviors, then delete the real-time log configuration.

To delete a real-time log configuration, you can provide the configuration's name or its Amazon Resource Name (ARN). You must provide at least one. If you provide both, CloudFront uses the name to identify the real-time log configuration to delete.

" }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/delete-resource-policy", + "responseCode":200 + }, + "input":{ + "shape":"DeleteResourcePolicyRequest", + "locationName":"DeleteResourcePolicyRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"IllegalDelete"}, + {"shape":"UnsupportedOperation"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Deletes the resource policy attached to the CloudFront resource.

" + }, "DeleteResponseHeadersPolicy":{ "name":"DeleteResponseHeadersPolicy2020_05_31", "http":{ @@ -940,8 +1111,8 @@ }, "input":{"shape":"DeleteResponseHeadersPolicyRequest"}, "errors":[ - {"shape":"ResponseHeadersPolicyInUse"}, {"shape":"PreconditionFailed"}, + {"shape":"ResponseHeadersPolicyInUse"}, {"shape":"AccessDenied"}, {"shape":"IllegalDelete"}, {"shape":"NoSuchResponseHeadersPolicy"}, @@ -960,8 +1131,8 @@ "errors":[ {"shape":"PreconditionFailed"}, {"shape":"AccessDenied"}, - {"shape":"StreamingDistributionNotDisabled"}, {"shape":"NoSuchStreamingDistribution"}, + {"shape":"StreamingDistributionNotDisabled"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Delete a streaming distribution. To delete an RTMP distribution using the CloudFront API, perform the following steps.

To delete an RTMP distribution using the CloudFront API:

  1. Disable the RTMP distribution.

  2. Submit a GET Streaming Distribution Config request to get the current configuration and the Etag header for the distribution.

  3. Update the XML document that was returned in the response to your GET Streaming Distribution Config request to change the value of Enabled to false.

  4. Submit a PUT Streaming Distribution Config request to update the configuration for your distribution. In the request body, include the XML document that you updated in Step 3. Then set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GET Streaming Distribution Config request in Step 2.

  5. Review the response to the PUT Streaming Distribution Config request to confirm that the distribution was successfully disabled.

  6. Submit a GET Streaming Distribution Config request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed.

  7. Submit a DELETE Streaming Distribution request. Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GET Streaming Distribution Config request in Step 2.

  8. Review the response to your DELETE Streaming Distribution request to confirm that the distribution was successfully deleted.

For information about deleting a distribution using the CloudFront console, see Deleting a Distribution in the Amazon CloudFront Developer Guide.

" @@ -978,8 +1149,8 @@ "errors":[ {"shape":"CannotDeleteEntityWhileInUse"}, {"shape":"PreconditionFailed"}, - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"IllegalDelete"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"}, @@ -1012,13 +1183,49 @@ "input":{"shape":"DescribeKeyValueStoreRequest"}, "output":{"shape":"DescribeKeyValueStoreResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], "documentation":"

Specifies the key value store and its configuration.

" }, + "DisassociateDistributionTenantWebACL":{ + "name":"DisassociateDistributionTenantWebACL2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution-tenant/{Id}/disassociate-web-acl", + "responseCode":200 + }, + "input":{"shape":"DisassociateDistributionTenantWebACLRequest"}, + "output":{"shape":"DisassociateDistributionTenantWebACLResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Disassociates a distribution tenant from the WAF web ACL.

" + }, + "DisassociateDistributionWebACL":{ + "name":"DisassociateDistributionWebACL2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution/{Id}/disassociate-web-acl", + "responseCode":200 + }, + "input":{"shape":"DisassociateDistributionWebACLRequest"}, + "output":{"shape":"DisassociateDistributionWebACLResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Disassociates a distribution from the WAF web ACL.

" + }, "GetAnycastIpList":{ "name":"GetAnycastIpList2020_05_31", "http":{ @@ -1029,8 +1236,8 @@ "input":{"shape":"GetAnycastIpListRequest"}, "output":{"shape":"GetAnycastIpListResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1096,6 +1303,36 @@ ], "documentation":"

Get the configuration information about an origin access identity.

" }, + "GetConnectionGroup":{ + "name":"GetConnectionGroup2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/connection-group/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetConnectionGroupRequest"}, + "output":{"shape":"GetConnectionGroupResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"} + ], + "documentation":"

Gets information about a connection group.

" + }, + "GetConnectionGroupByRoutingEndpoint":{ + "name":"GetConnectionGroupByRoutingEndpoint2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/connection-group", + "responseCode":200 + }, + "input":{"shape":"GetConnectionGroupByRoutingEndpointRequest"}, + "output":{"shape":"GetConnectionGroupByRoutingEndpointResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"} + ], + "documentation":"

Gets information about a connection group by using the endpoint that you specify.

" + }, "GetContinuousDeploymentPolicy":{ "name":"GetContinuousDeploymentPolicy2020_05_31", "http":{ @@ -1156,6 +1393,36 @@ ], "documentation":"

Get the configuration information about a distribution.

" }, + "GetDistributionTenant":{ + "name":"GetDistributionTenant2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distribution-tenant/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetDistributionTenantRequest"}, + "output":{"shape":"GetDistributionTenantResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"} + ], + "documentation":"

Gets information about a distribution tenant.

" + }, + "GetDistributionTenantByDomain":{ + "name":"GetDistributionTenantByDomain2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distribution-tenant", + "responseCode":200 + }, + "input":{"shape":"GetDistributionTenantByDomainRequest"}, + "output":{"shape":"GetDistributionTenantByDomainResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"} + ], + "documentation":"

Gets information about a distribution tenant by the associated domain.

" + }, "GetFieldLevelEncryption":{ "name":"GetFieldLevelEncryption2020_05_31", "http":{ @@ -1247,6 +1514,22 @@ ], "documentation":"

Get the information about an invalidation.

" }, + "GetInvalidationForDistributionTenant":{ + "name":"GetInvalidationForDistributionTenant2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distribution-tenant/{DistributionTenantId}/invalidation/{Id}", + "responseCode":200 + }, + "input":{"shape":"GetInvalidationForDistributionTenantRequest"}, + "output":{"shape":"GetInvalidationForDistributionTenantResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"NoSuchInvalidation"} + ], + "documentation":"

Gets information about a specific invalidation for a distribution tenant.

" + }, "GetKeyGroup":{ "name":"GetKeyGroup2020_05_31", "http":{ @@ -1275,6 +1558,21 @@ ], "documentation":"

Gets a key group configuration.

To get a key group configuration, you must provide the key group's identifier. If the key group is referenced in a distribution's cache behavior, you can get the key group's identifier using ListDistributions or GetDistribution. If the key group is not referenced in a cache behavior, you can get the identifier using ListKeyGroups.

" }, + "GetManagedCertificateDetails":{ + "name":"GetManagedCertificateDetails2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/managed-certificate/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedCertificateDetailsRequest"}, + "output":{"shape":"GetManagedCertificateDetailsResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"} + ], + "documentation":"

Gets details about the CloudFront managed ACM certificate.

" + }, "GetMonitoringSubscription":{ "name":"GetMonitoringSubscription2020_05_31", "http":{ @@ -1402,6 +1700,27 @@ ], "documentation":"

Gets a real-time log configuration.

To get a real-time log configuration, you can provide the configuration's name or its Amazon Resource Name (ARN). You must provide at least one. If you provide both, CloudFront uses the name to identify the real-time log configuration to get.

" }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/get-resource-policy", + "responseCode":200 + }, + "input":{ + "shape":"GetResourcePolicyRequest", + "locationName":"GetResourcePolicyRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"GetResourcePolicyResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"UnsupportedOperation"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Retrieves the resource policy for the specified CloudFront resource that you own and have shared.

" + }, "GetResponseHeadersPolicy":{ "name":"GetResponseHeadersPolicy2020_05_31", "http":{ @@ -1472,8 +1791,8 @@ "input":{"shape":"GetVpcOriginRequest"}, "output":{"shape":"GetVpcOriginResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1489,8 +1808,8 @@ "input":{"shape":"ListAnycastIpListsRequest"}, "output":{"shape":"ListAnycastIpListsResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1539,7 +1858,27 @@ {"shape":"NoSuchDistribution"}, {"shape":"InvalidArgument"} ], - "documentation":"

Gets a list of aliases (also called CNAMEs or alternate domain names) that conflict or overlap with the provided alias, and the associated CloudFront distributions and Amazon Web Services accounts for each conflicting alias. In the returned list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don't own.

Use this operation to find aliases that are in use in CloudFront that conflict or overlap with the provided alias. For example, if you provide www.example.com as input, the returned list can include www.example.com and the overlapping wildcard alternate domain name (*.example.com), if they exist. If you provide *.example.com as input, the returned list can include *.example.com and any alternate domain names covered by that wildcard (for example, www.example.com, test.example.com, dev.example.com, and so on), if they exist.

To list conflicting aliases, you provide the alias to search and the ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias. For more information, including how to set up the distribution and certificate, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" + "documentation":"

The ListConflictingAliases API operation only supports standard distributions. To list domain conflicts for both standard distributions and distribution tenants, we recommend that you use the ListDomainConflicts API operation instead.

Gets a list of aliases that conflict or overlap with the provided alias, and the associated CloudFront standard distribution and Amazon Web Services accounts for each conflicting alias. An alias is commonly known as a custom domain or vanity domain. It can also be called a CNAME or alternate domain name.

In the returned list, the standard distribution and account IDs are partially hidden, which allows you to identify the standard distribution and accounts that you own, and helps to protect the information of ones that you don't own.

Use this operation to find aliases that are in use in CloudFront that conflict or overlap with the provided alias. For example, if you provide www.example.com as input, the returned list can include www.example.com and the overlapping wildcard alternate domain name (.example.com), if they exist. If you provide .example.com as input, the returned list can include *.example.com and any alternate domain names covered by that wildcard (for example, www.example.com, test.example.com, dev.example.com, and so on), if they exist.

To list conflicting aliases, specify the alias to search and the ID of a standard distribution in your account that has an attached TLS certificate that includes the provided alias. For more information, including how to set up the standard distribution and certificate, see Moving an alternate domain name to a different standard distribution or distribution tenant in the Amazon CloudFront Developer Guide.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" + }, + "ListConnectionGroups":{ + "name":"ListConnectionGroups2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/connection-groups", + "responseCode":200 + }, + "input":{ + "shape":"ListConnectionGroupsRequest", + "locationName":"ListConnectionGroupsRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"ListConnectionGroupsResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists the connection groups in your Amazon Web Services account.

" }, "ListContinuousDeploymentPolicies":{ "name":"ListContinuousDeploymentPolicies2020_05_31", @@ -1557,6 +1896,46 @@ ], "documentation":"

Gets a list of the continuous deployment policies in your Amazon Web Services account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" }, + "ListDistributionTenants":{ + "name":"ListDistributionTenants2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/distribution-tenants", + "responseCode":200 + }, + "input":{ + "shape":"ListDistributionTenantsRequest", + "locationName":"ListDistributionTenantsRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"ListDistributionTenantsResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists the distribution tenants in your Amazon Web Services account.

" + }, + "ListDistributionTenantsByCustomization":{ + "name":"ListDistributionTenantsByCustomization2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/distribution-tenants-by-customization", + "responseCode":200 + }, + "input":{ + "shape":"ListDistributionTenantsByCustomizationRequest", + "locationName":"ListDistributionTenantsByCustomizationRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"ListDistributionTenantsByCustomizationResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists distribution tenants by the customization that you specify.

You must specify either the CertificateArn parameter or WebACLArn parameter, but not both in the same request.

" + }, "ListDistributions":{ "name":"ListDistributions2020_05_31", "http":{ @@ -1581,8 +1960,8 @@ "input":{"shape":"ListDistributionsByAnycastIpListIdRequest"}, "output":{"shape":"ListDistributionsByAnycastIpListIdResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1604,6 +1983,21 @@ ], "documentation":"

Gets a list of distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" }, + "ListDistributionsByConnectionMode":{ + "name":"ListDistributionsByConnectionMode2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distributionsByConnectionMode/{ConnectionMode}", + "responseCode":200 + }, + "input":{"shape":"ListDistributionsByConnectionModeRequest"}, + "output":{"shape":"ListDistributionsByConnectionModeResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists the distributions by the connection mode that you specify.

" + }, "ListDistributionsByKeyGroup":{ "name":"ListDistributionsByKeyGroup2020_05_31", "http":{ @@ -1635,6 +2029,23 @@ ], "documentation":"

Gets a list of distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" }, + "ListDistributionsByOwnedResource":{ + "name":"ListDistributionsByOwnedResource2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distributionsByOwnedResource/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListDistributionsByOwnedResourceRequest"}, + "output":{"shape":"ListDistributionsByOwnedResourceResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"UnsupportedOperation"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists the CloudFront distributions that are associated with the specified resource that you own.

" + }, "ListDistributionsByRealtimeLogConfig":{ "name":"ListDistributionsByRealtimeLogConfig2020_05_31", "http":{ @@ -1679,8 +2090,8 @@ "input":{"shape":"ListDistributionsByVpcOriginIdRequest"}, "output":{"shape":"ListDistributionsByVpcOriginIdResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1701,6 +2112,26 @@ ], "documentation":"

List the distributions that are associated with a specified WAF web ACL.

" }, + "ListDomainConflicts":{ + "name":"ListDomainConflicts2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/domain-conflicts", + "responseCode":200 + }, + "input":{ + "shape":"ListDomainConflictsRequest", + "locationName":"ListDomainConflictsRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"ListDomainConflictsResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

We recommend that you use the ListDomainConflicts API operation to check for domain conflicts, as it supports both standard distributions and distribution tenants. ListConflictingAliases performs similar checks but only supports standard distributions.

Lists existing domain associations that conflict with the domain that you specify.

You can use this API operation to identify potential domain conflicts when moving domains between standard distributions and/or distribution tenants. Domain conflicts must be resolved first before they can be moved.

For example, if you provide www.example.com as input, the returned list can include www.example.com and the overlapping wildcard alternate domain name (.example.com), if they exist. If you provide .example.com as input, the returned list can include *.example.com and any alternate domain names covered by that wildcard (for example, www.example.com, test.example.com, dev.example.com, and so on), if they exist.

To list conflicting domains, specify the following:

  • The domain to search for

  • The ID of a standard distribution or distribution tenant in your account that has an attached TLS certificate, which covers the specified domain

For more information, including how to set up the standard distribution or distribution tenant, and the certificate, see Moving an alternate domain name to a different standard distribution or distribution tenant in the Amazon CloudFront Developer Guide.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

" + }, "ListFieldLevelEncryptionConfigs":{ "name":"ListFieldLevelEncryptionConfigs2020_05_31", "http":{ @@ -1760,6 +2191,22 @@ ], "documentation":"

Lists invalidation batches.

" }, + "ListInvalidationsForDistributionTenant":{ + "name":"ListInvalidationsForDistributionTenant2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/distribution-tenant/{Id}/invalidation", + "responseCode":200 + }, + "input":{"shape":"ListInvalidationsForDistributionTenantRequest"}, + "output":{"shape":"ListInvalidationsForDistributionTenantResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Lists the invalidations for a distribution tenant.

" + }, "ListKeyGroups":{ "name":"ListKeyGroups2020_05_31", "http":{ @@ -1907,8 +2354,8 @@ "input":{"shape":"ListVpcOriginsRequest"}, "output":{"shape":"ListVpcOriginsResult"}, "errors":[ - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"} ], @@ -1932,6 +2379,29 @@ ], "documentation":"

Publishes a CloudFront function by copying the function code from the DEVELOPMENT stage to LIVE. This automatically updates all cache behaviors that are using this function to use the newly published copy in the LIVE stage.

When a function is published to the LIVE stage, you can attach the function to a distribution's cache behavior, using the function's Amazon Resource Name (ARN).

To publish a function, you must provide the function's name and version (ETag value). To get these values, you can use ListFunctions and DescribeFunction.

" }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/put-resource-policy", + "responseCode":200 + }, + "input":{ + "shape":"PutResourcePolicyRequest", + "locationName":"PutResourcePolicyRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"PutResourcePolicyResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"UnsupportedOperation"}, + {"shape":"InvalidArgument"}, + {"shape":"IllegalUpdate"} + ], + "documentation":"

Creates a resource control policy for a given CloudFront resource.

" + }, "TagResource":{ "name":"TagResource2020_05_31", "http":{ @@ -1986,6 +2456,29 @@ ], "documentation":"

Remove tags from a CloudFront resource. For more information, see Tagging a distribution in the Amazon CloudFront Developer Guide.

" }, + "UpdateAnycastIpList":{ + "name":"UpdateAnycastIpList2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/anycast-ip-list/{Id}", + "responseCode":200 + }, + "input":{ + "shape":"UpdateAnycastIpListRequest", + "locationName":"UpdateAnycastIpListRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"UpdateAnycastIpListResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"UnsupportedOperation"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Updates an Anycast static IP list.

" + }, "UpdateCachePolicy":{ "name":"UpdateCachePolicy2020_05_31", "http":{ @@ -2003,12 +2496,12 @@ {"shape":"CachePolicyAlreadyExists"}, {"shape":"TooManyCookiesInCachePolicy"}, {"shape":"InconsistentQuantities"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"TooManyQueryStringsInCachePolicy"}, {"shape":"InvalidIfMatchVersion"} ], - "documentation":"

Updates a cache policy configuration.

When you update a cache policy configuration, all the fields are updated with the values provided in the request. You cannot update some fields independent of others. To update a cache policy configuration:

  1. Use GetCachePolicyConfig to get the current configuration.

  2. Locally modify the fields in the cache policy configuration that you want to update.

  3. Call UpdateCachePolicy by providing the entire cache policy configuration, including the fields that you modified and those that you didn't.

" + "documentation":"

Updates a cache policy configuration.

When you update a cache policy configuration, all the fields are updated with the values provided in the request. You cannot update some fields independent of others. To update a cache policy configuration:

  1. Use GetCachePolicyConfig to get the current configuration.

  2. Locally modify the fields in the cache policy configuration that you want to update.

  3. Call UpdateCachePolicy by providing the entire cache policy configuration, including the fields that you modified and those that you didn't.

If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

" }, "UpdateCloudFrontOriginAccessIdentity":{ "name":"UpdateCloudFrontOriginAccessIdentity2020_05_31", @@ -2024,13 +2517,38 @@ {"shape":"AccessDenied"}, {"shape":"MissingBody"}, {"shape":"InconsistentQuantities"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"}, {"shape":"NoSuchCloudFrontOriginAccessIdentity"} ], "documentation":"

Update an origin access identity.

" }, + "UpdateConnectionGroup":{ + "name":"UpdateConnectionGroup2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/connection-group/{Id}", + "responseCode":200 + }, + "input":{ + "shape":"UpdateConnectionGroupRequest", + "locationName":"UpdateConnectionGroupRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"UpdateConnectionGroupResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"ResourceInUse"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"EntityAlreadyExists"}, + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Updates a connection group.

" + }, "UpdateContinuousDeploymentPolicy":{ "name":"UpdateContinuousDeploymentPolicy2020_05_31", "http":{ @@ -2131,6 +2649,32 @@ ], "documentation":"

Updates the configuration for a CloudFront distribution.

The update process includes getting the current distribution configuration, updating it to make your changes, and then submitting an UpdateDistribution request to make the updates.

To update a web distribution using the CloudFront API

  1. Use GetDistributionConfig to get the current configuration, including the version identifier (ETag).

  2. Update the distribution configuration that was returned in the response. Note the following important requirements and restrictions:

    • You must copy the ETag field value from the response. (You'll use it for the IfMatch parameter in your request.) Then, remove the ETag field from the distribution configuration.

    • You can't change the value of CallerReference.

  3. Submit an UpdateDistribution request, providing the updated distribution configuration. The new configuration replaces the existing configuration. The values that you specify in an UpdateDistribution request are not merged into your existing configuration. Make sure to include all fields: the ones that you modified and also the ones that you didn't.

" }, + "UpdateDistributionTenant":{ + "name":"UpdateDistributionTenant2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution-tenant/{Id}", + "responseCode":200 + }, + "input":{ + "shape":"UpdateDistributionTenantRequest", + "locationName":"UpdateDistributionTenantRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"UpdateDistributionTenantResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"EntityAlreadyExists"}, + {"shape":"CNAMEAlreadyExists"}, + {"shape":"InvalidAssociation"}, + {"shape":"EntityLimitExceeded"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

Updates a distribution tenant.

" + }, "UpdateDistributionWithStagingConfig":{ "name":"UpdateDistributionWithStagingConfig2020_05_31", "http":{ @@ -2162,9 +2706,9 @@ {"shape":"InvalidTTLOrder"}, {"shape":"IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior"}, {"shape":"InvalidOriginKeepaliveTimeout"}, + {"shape":"IllegalUpdate"}, {"shape":"InvalidArgument"}, {"shape":"InvalidOriginReadTimeout"}, - {"shape":"IllegalUpdate"}, {"shape":"InvalidOriginAccessControl"}, {"shape":"EntityNotFound"}, {"shape":"InvalidHeadersForS3Origin"}, @@ -2183,21 +2727,21 @@ {"shape":"InvalidIfMatchVersion"}, {"shape":"TooManyDistributionsAssociatedToOriginRequestPolicy"}, {"shape":"TooManyQueryStringParameters"}, - {"shape":"RealtimeLogConfigOwnerMismatch"}, {"shape":"PreconditionFailed"}, + {"shape":"RealtimeLogConfigOwnerMismatch"}, {"shape":"MissingBody"}, {"shape":"TooManyHeadersInForwardedValues"}, {"shape":"InvalidLambdaFunctionAssociation"}, {"shape":"CNAMEAlreadyExists"}, {"shape":"TooManyCertificates"}, - {"shape":"TrustedKeyGroupDoesNotExist"}, {"shape":"TooManyDistributionsAssociatedToResponseHeadersPolicy"}, + {"shape":"TrustedKeyGroupDoesNotExist"}, {"shape":"NoSuchResponseHeadersPolicy"}, - {"shape":"NoSuchRealtimeLogConfig"}, {"shape":"InvalidResponseCode"}, + {"shape":"NoSuchRealtimeLogConfig"}, {"shape":"InvalidGeoRestrictionParameter"}, - {"shape":"TooManyOrigins"}, {"shape":"InvalidViewerCertificate"}, + {"shape":"TooManyOrigins"}, {"shape":"InvalidFunctionAssociation"}, {"shape":"TooManyDistributionsWithLambdaAssociations"}, {"shape":"TooManyDistributionsAssociatedToKeyGroup"}, @@ -2206,6 +2750,29 @@ ], "documentation":"

Copies the staging distribution's configuration to its corresponding primary distribution. The primary distribution retains its Aliases (also known as alternate domain names or CNAMEs) and ContinuousDeploymentPolicyId value, but otherwise its configuration is overwritten to match the staging distribution.

You can use this operation in a continuous deployment workflow after you have tested configuration changes on the staging distribution. After using a continuous deployment policy to move a portion of your domain name's traffic to the staging distribution and verifying that it works as intended, you can use this operation to copy the staging distribution's configuration to the primary distribution. This action will disable the continuous deployment policy and move your domain's traffic back to the primary distribution.

This API operation requires the following IAM permissions:

" }, + "UpdateDomainAssociation":{ + "name":"UpdateDomainAssociation2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/domain-association", + "responseCode":200 + }, + "input":{ + "shape":"UpdateDomainAssociationRequest", + "locationName":"UpdateDomainAssociationRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"UpdateDomainAssociationResult"}, + "errors":[ + {"shape":"PreconditionFailed"}, + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, + {"shape":"InvalidIfMatchVersion"} + ], + "documentation":"

We recommend that you use the UpdateDomainAssociation API operation to move a domain association, as it supports both standard distributions and distribution tenants. AssociateAlias performs similar checks but only supports standard distributions.

Moves a domain from its current standard distribution or distribution tenant to another one.

You must first disable the source distribution (standard distribution or distribution tenant) and then separately call this operation to move the domain to another target distribution (standard distribution or distribution tenant).

To use this operation, specify the domain and the ID of the target resource (standard distribution or distribution tenant). For more information, including how to set up the target resource, prerequisites that you must complete, and other restrictions, see Moving an alternate domain name to a different standard distribution or distribution tenant in the Amazon CloudFront Developer Guide.

" + }, "UpdateFieldLevelEncryptionConfig":{ "name":"UpdateFieldLevelEncryptionConfig2020_05_31", "http":{ @@ -2216,16 +2783,16 @@ "input":{"shape":"UpdateFieldLevelEncryptionConfigRequest"}, "output":{"shape":"UpdateFieldLevelEncryptionConfigResult"}, "errors":[ - {"shape":"QueryArgProfileEmpty"}, {"shape":"PreconditionFailed"}, + {"shape":"QueryArgProfileEmpty"}, {"shape":"AccessDenied"}, - {"shape":"TooManyFieldLevelEncryptionQueryArgProfiles"}, {"shape":"NoSuchFieldLevelEncryptionConfig"}, {"shape":"TooManyFieldLevelEncryptionContentTypeProfiles"}, + {"shape":"TooManyFieldLevelEncryptionQueryArgProfiles"}, {"shape":"InconsistentQuantities"}, {"shape":"NoSuchFieldLevelEncryptionProfile"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Update a field-level encryption configuration.

" @@ -2249,8 +2816,8 @@ {"shape":"InconsistentQuantities"}, {"shape":"NoSuchFieldLevelEncryptionProfile"}, {"shape":"TooManyFieldLevelEncryptionEncryptionEntities"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Update a field-level encryption profile.

" @@ -2312,8 +2879,8 @@ "output":{"shape":"UpdateKeyValueStoreResult"}, "errors":[ {"shape":"PreconditionFailed"}, - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} @@ -2332,11 +2899,11 @@ "output":{"shape":"UpdateOriginAccessControlResult"}, "errors":[ {"shape":"PreconditionFailed"}, - {"shape":"OriginAccessControlAlreadyExists"}, {"shape":"AccessDenied"}, + {"shape":"OriginAccessControlAlreadyExists"}, {"shape":"NoSuchOriginAccessControl"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Updates a CloudFront origin access control.

" @@ -2359,8 +2926,8 @@ {"shape":"InconsistentQuantities"}, {"shape":"OriginRequestPolicyAlreadyExists"}, {"shape":"TooManyQueryStringsInOriginRequestPolicy"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Updates an origin request policy configuration.

When you update an origin request policy configuration, all the fields are updated with the values provided in the request. You cannot update some fields independent of others. To update an origin request policy configuration:

  1. Use GetOriginRequestPolicyConfig to get the current configuration.

  2. Locally modify the fields in the origin request policy configuration that you want to update.

  3. Call UpdateOriginRequestPolicy by providing the entire origin request policy configuration, including the fields that you modified and those that you didn't.

" @@ -2379,8 +2946,8 @@ {"shape":"AccessDenied"}, {"shape":"NoSuchPublicKey"}, {"shape":"CannotChangeImmutablePublicKeyFields"}, - {"shape":"InvalidArgument"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Update public key information. Note that the only value you can change is the comment.

" @@ -2420,11 +2987,11 @@ {"shape":"TooManyCustomHeadersInResponseHeadersPolicy"}, {"shape":"ResponseHeadersPolicyAlreadyExists"}, {"shape":"InconsistentQuantities"}, - {"shape":"TooLongCSPInResponseHeadersPolicy"}, {"shape":"NoSuchResponseHeadersPolicy"}, + {"shape":"TooLongCSPInResponseHeadersPolicy"}, + {"shape":"IllegalUpdate"}, {"shape":"InvalidArgument"}, {"shape":"TooManyRemoveHeadersInResponseHeadersPolicy"}, - {"shape":"IllegalUpdate"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Updates a response headers policy.

When you update a response headers policy, the entire policy is replaced. You cannot update some policy fields independent of others. To update a response headers policy configuration:

  1. Use GetResponseHeadersPolicyConfig to get the current policy's configuration.

  2. Modify the fields in the response headers policy configuration that you want to update.

  3. Call UpdateResponseHeadersPolicy, providing the entire response headers policy configuration, including the fields that you modified and those that you didn't.

" @@ -2467,18 +3034,38 @@ "output":{"shape":"UpdateVpcOriginResult"}, "errors":[ {"shape":"PreconditionFailed"}, - {"shape":"EntityNotFound"}, {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, {"shape":"UnsupportedOperation"}, - {"shape":"InconsistentQuantities"}, {"shape":"EntityAlreadyExists"}, + {"shape":"InconsistentQuantities"}, {"shape":"CannotUpdateEntityWhileInUse"}, - {"shape":"InvalidArgument"}, {"shape":"EntityLimitExceeded"}, {"shape":"IllegalUpdate"}, + {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"} ], "documentation":"

Update an Amazon CloudFront VPC origin in your account.

" + }, + "VerifyDnsConfiguration":{ + "name":"VerifyDnsConfiguration2020_05_31", + "http":{ + "method":"POST", + "requestUri":"/2020-05-31/verify-dns-configuration", + "responseCode":200 + }, + "input":{ + "shape":"VerifyDnsConfigurationRequest", + "locationName":"VerifyDnsConfigurationRequest", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + }, + "output":{"shape":"VerifyDnsConfigurationResult"}, + "errors":[ + {"shape":"AccessDenied"}, + {"shape":"EntityNotFound"}, + {"shape":"InvalidArgument"} + ], + "documentation":"

Verify the DNS configuration for your domain names. This API operation checks whether your domain name points to the correct routing endpoint of the connection group, such as d111111abcdef8.cloudfront.net. You can use this API operation to troubleshoot and resolve DNS configuration issues.

" } }, "shapes":{ @@ -2575,7 +3162,7 @@ }, "ICPRecordalStatus":{ "shape":"ICPRecordalStatus", - "documentation":"

The Internet Content Provider (ICP) recordal status for a CNAME. The ICPRecordalStatus is set to APPROVED for all CNAMEs (aliases) in regions outside of China.

The status values returned are the following:

  • APPROVED indicates that the associated CNAME has a valid ICP recordal number. Multiple CNAMEs can be associated with a distribution, and CNAMEs can correspond to different ICP recordals. To be marked as APPROVED, that is, valid to use with China region, a CNAME must have one ICP recordal number associated with it.

  • SUSPENDED indicates that the associated CNAME does not have a valid ICP recordal number.

  • PENDING indicates that CloudFront can't determine the ICP recordal status of the CNAME associated with the distribution because there was an error in trying to determine the status. You can try again to see if the error is resolved in which case CloudFront returns an APPROVED or SUSPENDED status.

" + "documentation":"

The Internet Content Provider (ICP) recordal status for a CNAME. The ICPRecordalStatus is set to APPROVED for all CNAMEs (aliases) in Amazon Web Services Regions outside of China.

The status values returned are the following:

  • APPROVED indicates that the associated CNAME has a valid ICP recordal number. Multiple CNAMEs can be associated with a distribution, and CNAMEs can correspond to different ICP recordals. To be marked as APPROVED, that is, valid to use with the China Regions, a CNAME must have one ICP recordal number associated with it.

  • SUSPENDED indicates that the associated CNAME does not have a valid ICP recordal number.

  • PENDING indicates that CloudFront can't determine the ICP recordal status of the CNAME associated with the distribution because there was an error in trying to determine the status. You can try again to see if the error is resolved in which case CloudFront returns an APPROVED or SUSPENDED status.

" } }, "documentation":"

Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.

" @@ -2656,6 +3243,10 @@ "shape":"string", "documentation":"

The Amazon Resource Name (ARN) of the Anycast static IP list.

" }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type for the Anycast static IP list.

" + }, "AnycastIps":{ "shape":"AnycastIps", "documentation":"

The static IP addresses that are allocated to the Anycast static IP list.

" @@ -2669,7 +3260,7 @@ "documentation":"

The last time the Anycast static IP list was modified.

" } }, - "documentation":"

An Anycast static IP list.

" + "documentation":"

An Anycast static IP list. For more information, see Request Anycast static IPs to use for allowlisting in the Amazon CloudFront Developer Guide.

" }, "AnycastIpListCollection":{ "type":"structure", @@ -2754,6 +3345,14 @@ "LastModifiedTime":{ "shape":"timestamp", "documentation":"

The last time the Anycast static IP list was modified.

" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type for the Anycast static IP list.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version (ETag value) of the Anycast static IP list.

" } }, "documentation":"

An abbreviated version of the AnycastIpList structure. Omits the allocated static IP addresses (AnycastIpList$AnycastIps).

" @@ -2774,18 +3373,106 @@ "members":{ "TargetDistributionId":{ "shape":"string", - "documentation":"

The ID of the distribution that you're associating the alias with.

", + "documentation":"

The ID of the standard distribution that you're associating the alias with.

", "location":"uri", "locationName":"TargetDistributionId" }, "Alias":{ "shape":"string", - "documentation":"

The alias (also known as a CNAME) to add to the target distribution.

", + "documentation":"

The alias (also known as a CNAME) to add to the target standard distribution.

", "location":"querystring", "locationName":"Alias" } } }, + "AssociateDistributionTenantWebACLRequest":{ + "type":"structure", + "required":[ + "Id", + "WebACLArn" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"Id" + }, + "WebACLArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the WAF web ACL to associate.

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The current ETag of the distribution tenant. This value is returned in the response of the GetDistributionTenant API operation.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "AssociateDistributionTenantWebACLResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

" + }, + "WebACLArn":{ + "shape":"string", + "documentation":"

The ARN of the WAF web ACL that you associated with the distribution tenant.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + } + }, + "AssociateDistributionWebACLRequest":{ + "type":"structure", + "required":[ + "Id", + "WebACLArn" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution.

", + "location":"uri", + "locationName":"Id" + }, + "WebACLArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the WAF web ACL to associate.

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the distribution that you're associating with the WAF web ACL.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "AssociateDistributionWebACLResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution.

" + }, + "WebACLArn":{ + "shape":"string", + "documentation":"

The ARN of the WAF web ACL that you associated with the distribution.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution.

", + "location":"header", + "locationName":"ETag" + } + } + }, "AwsAccountNumberList":{ "type":"list", "member":{ @@ -2835,7 +3522,7 @@ }, "TrustedSigners":{ "shape":"TrustedSigners", - "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of Amazon Web Services account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer's Amazon Web Services account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

" + "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A list of Amazon Web Services account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer's Amazon Web Services account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

" }, "TrustedKeyGroups":{ "shape":"TrustedKeyGroups", @@ -2848,7 +3535,7 @@ "AllowedMethods":{"shape":"AllowedMethods"}, "SmoothStreaming":{ "shape":"boolean", - "documentation":"

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

" }, "Compress":{ "shape":"boolean", @@ -2893,21 +3580,21 @@ }, "MinTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).

", "deprecated":true }, "DefaultTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", "deprecated":true }, "MaxTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", "deprecated":true } }, - "documentation":"

A complex type that describes how CloudFront processes requests.

You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.

For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see Quotas in the Amazon CloudFront Developer Guide.

If you don't want to specify any cache behaviors, include only an empty CacheBehaviors element. Don't specify an empty individual CacheBehavior element, because this is invalid. For more information, see CacheBehaviors.

To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty CacheBehaviors element.

To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.

For more information about cache behaviors, see Cache Behavior Settings in the Amazon CloudFront Developer Guide.

" + "documentation":"

A complex type that describes how CloudFront processes requests.

You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.

For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see Quotas in the Amazon CloudFront Developer Guide.

If you don't want to specify any cache behaviors, include only an empty CacheBehaviors element. Don't specify an empty individual CacheBehavior element, because this is invalid. For more information, see CacheBehaviors.

To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty CacheBehaviors element.

To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.

If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

For more information about cache behaviors, see Cache Behavior Settings in the Amazon CloudFront Developer Guide.

" }, "CacheBehaviorList":{ "type":"list", @@ -2998,7 +3685,7 @@ "documentation":"

The HTTP headers, cookies, and URL query strings to include in the cache key. The values included in the cache key are also included in requests that CloudFront sends to the origin.

" } }, - "documentation":"

A cache policy configuration.

This configuration determines the following:

  • The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.

  • The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.

The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

" + "documentation":"

A cache policy configuration.

This configuration determines the following:

  • The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.

  • The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.

    If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

" }, "CachePolicyCookieBehavior":{ "type":"string", @@ -3188,6 +3875,17 @@ }, "exception":true }, + "Certificate":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the ACM certificate.

" + } + }, + "documentation":"

The Certificate Manager (ACM) certificate associated with your distribution.

" + }, "CertificateSource":{ "type":"string", "enum":[ @@ -3196,6 +3894,13 @@ "acm" ] }, + "CertificateTransparencyLoggingPreference":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, "CloudFrontOriginAccessIdentity":{ "type":"structure", "required":[ @@ -3339,14 +4044,14 @@ }, "DistributionId":{ "shape":"string", - "documentation":"

The (partially hidden) ID of the CloudFront distribution associated with the alias.

" + "documentation":"

The (partially hidden) ID of the CloudFront standard distribution associated with the alias.

" }, "AccountId":{ "shape":"string", - "documentation":"

The (partially hidden) ID of the Amazon Web Services account that owns the distribution that's associated with the alias.

" + "documentation":"

The (partially hidden) ID of the Amazon Web Services account that owns the standard distribution that's associated with the alias.

" } }, - "documentation":"

An alias (also called a CNAME) and the CloudFront distribution and Amazon Web Services account ID that it's associated with. The distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don't own.

" + "documentation":"

An alias (also called a CNAME) and the CloudFront standard distribution and Amazon Web Services account ID that it's associated with. The standard distribution and account IDs are partially hidden, which allows you to identify the standard distributions and accounts that you own, and helps to protect the information of ones that you don't own.

" }, "ConflictingAliases":{ "type":"list", @@ -3375,7 +4080,141 @@ "documentation":"

Contains the conflicting aliases in the list.

" } }, - "documentation":"

A list of aliases (also called CNAMEs) and the CloudFront distributions and Amazon Web Services accounts that they are associated with. In the list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don't own.

" + "documentation":"

A list of aliases (also called CNAMEs) and the CloudFront standard distributions and Amazon Web Services accounts that they are associated with. In the list, the standard distribution and account IDs are partially hidden, which allows you to identify the standard distributions and accounts that you own, but helps to protect the information of ones that you don't own.

" + }, + "ConnectionGroup":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the connection group.

" + }, + "Name":{ + "shape":"string", + "documentation":"

The name of the connection group.

" + }, + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the connection group.

" + }, + "CreatedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the connection group was created.

" + }, + "LastModifiedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the connection group was updated.

" + }, + "Tags":{"shape":"Tags"}, + "Ipv6Enabled":{ + "shape":"boolean", + "documentation":"

IPv6 is enabled for the connection group.

" + }, + "RoutingEndpoint":{ + "shape":"string", + "documentation":"

The routing endpoint (also known as the DNS name) that is assigned to the connection group, such as d111111abcdef8.cloudfront.net.

" + }, + "AnycastIpListId":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

" + }, + "Status":{ + "shape":"string", + "documentation":"

The status of the connection group.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Whether the connection group is enabled.

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

Whether the connection group is the default connection group for the distribution tenants.

" + } + }, + "documentation":"

The connection group for your distribution tenants. When you first create a distribution tenant and you don't specify a connection group, CloudFront will automatically create a default connection group for you. When you create a new distribution tenant and don't specify a connection group, the default one will be associated with your distribution tenant.

" + }, + "ConnectionGroupAssociationFilter":{ + "type":"structure", + "members":{ + "AnycastIpListId":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

" + } + }, + "documentation":"

Contains information about what CloudFront resources your connection groups are associated with.

" + }, + "ConnectionGroupSummary":{ + "type":"structure", + "required":[ + "Id", + "Name", + "Arn", + "RoutingEndpoint", + "CreatedTime", + "LastModifiedTime", + "ETag" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the connection group.

" + }, + "Name":{ + "shape":"string", + "documentation":"

The name of the connection group.

" + }, + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the connection group.

" + }, + "RoutingEndpoint":{ + "shape":"string", + "documentation":"

The routing endpoint (also known as the DNS name) that is assigned to the connection group, such as d111111abcdef8.cloudfront.net.

" + }, + "CreatedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the connection group was created.

" + }, + "LastModifiedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the connection group was updated.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the connection group.

" + }, + "AnycastIpListId":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Whether the connection group is enabled

" + }, + "Status":{ + "shape":"string", + "documentation":"

The status of the connection group.

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

Whether the connection group is the default connection group for the distribution tenants.

" + } + }, + "documentation":"

A summary that contains details about your connection groups.

" + }, + "ConnectionGroupSummaryList":{ + "type":"list", + "member":{ + "shape":"ConnectionGroupSummary", + "locationName":"ConnectionGroupSummary" + } + }, + "ConnectionMode":{ + "type":"string", + "enum":[ + "direct", + "tenant-only" + ] }, "ContentTypeProfile":{ "type":"structure", @@ -3687,9 +4526,13 @@ }, "IpCount":{ "shape":"integer", - "documentation":"

The number of static IP addresses that are allocated to the Anycast static IP list.

" + "documentation":"

The number of static IP addresses that are allocated to the Anycast static IP list. Valid values: 21 or 3.

" }, - "Tags":{"shape":"Tags"} + "Tags":{"shape":"Tags"}, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type for the Anycast static IP list. You can specify one of the following options:

  • ipv4 - Allocate a list of only IPv4 addresses

  • ipv6 - Allocate a list of only IPv4 addresses

  • dualstack - Allocate a list of both IPv4 and IPv6 addresses

" + } } }, "CreateAnycastIpListResult":{ @@ -3780,6 +4623,45 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"CloudFrontOriginAccessIdentity" }, + "CreateConnectionGroupRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"string", + "documentation":"

The name of the connection group. Enter a friendly identifier that is unique within your Amazon Web Services account. This name can't be updated after you create the connection group.

" + }, + "Ipv6Enabled":{ + "shape":"boolean", + "documentation":"

Enable IPv6 for the connection group. The default is true. For more information, see Enable IPv6 in the Amazon CloudFront Developer Guide.

" + }, + "Tags":{"shape":"Tags"}, + "AnycastIpListId":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Enable the connection group.

" + } + } + }, + "CreateConnectionGroupResult":{ + "type":"structure", + "members":{ + "ConnectionGroup":{ + "shape":"ConnectionGroup", + "documentation":"

The connection group that you created.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the connection group.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"ConnectionGroup" + }, "CreateContinuousDeploymentPolicyRequest":{ "type":"structure", "required":["ContinuousDeploymentPolicyConfig"], @@ -3852,6 +4734,69 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"Distribution" }, + "CreateDistributionTenantRequest":{ + "type":"structure", + "required":[ + "DistributionId", + "Name", + "Domains" + ], + "members":{ + "DistributionId":{ + "shape":"string", + "documentation":"

The ID of the multi-tenant distribution to use for creating the distribution tenant.

" + }, + "Name":{ + "shape":"CreateDistributionTenantRequestNameString", + "documentation":"

The name of the distribution tenant. Enter a friendly identifier that is unique within your Amazon Web Services account. This name can't be updated after you create the distribution tenant.

" + }, + "Domains":{ + "shape":"DomainList", + "documentation":"

The domains associated with the distribution tenant. You must specify at least one domain in the request.

" + }, + "Tags":{"shape":"Tags"}, + "Customizations":{ + "shape":"Customizations", + "documentation":"

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

" + }, + "Parameters":{ + "shape":"Parameters", + "documentation":"

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

" + }, + "ConnectionGroupId":{ + "shape":"string", + "documentation":"

The ID of the connection group to associate with the distribution tenant.

" + }, + "ManagedCertificateRequest":{ + "shape":"ManagedCertificateRequest", + "documentation":"

The configuration for the CloudFront managed ACM certificate request.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Indicates whether the distribution tenant should be enabled when created. If the distribution tenant is disabled, the distribution tenant won't serve traffic.

" + } + } + }, + "CreateDistributionTenantRequestNameString":{ + "type":"string", + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-.]{1,126}[a-zA-Z0-9]" + }, + "CreateDistributionTenantResult":{ + "type":"structure", + "members":{ + "DistributionTenant":{ + "shape":"DistributionTenant", + "documentation":"

The distribution tenant that you created.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"DistributionTenant" + }, "CreateDistributionWithTagsRequest":{ "type":"structure", "required":["DistributionConfigWithTags"], @@ -4003,6 +4948,40 @@ }, "payload":"FunctionSummary" }, + "CreateInvalidationForDistributionTenantRequest":{ + "type":"structure", + "required":[ + "Id", + "InvalidationBatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"Id" + }, + "InvalidationBatch":{ + "shape":"InvalidationBatch", + "locationName":"InvalidationBatch", + "xmlNamespace":{"uri":"http://cloudfront.amazonaws.com/doc/2020-05-31/"} + } + }, + "payload":"InvalidationBatch" + }, + "CreateInvalidationForDistributionTenantResult":{ + "type":"structure", + "members":{ + "Location":{ + "shape":"string", + "documentation":"

The location for the invalidation.

", + "location":"header", + "locationName":"Location" + }, + "Invalidation":{"shape":"Invalidation"} + }, + "payload":"Invalidation" + }, "CreateInvalidationRequest":{ "type":"structure", "required":[ @@ -4515,19 +5494,48 @@ }, "OriginSslProtocols":{ "shape":"OriginSslProtocols", - "documentation":"

Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

For more information, see Minimum Origin SSL Protocol in the Amazon CloudFront Developer Guide.

" + "documentation":"

Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

For more information, see Minimum Origin SSL Protocol in the Amazon CloudFront Developer Guide.

" }, "OriginReadTimeout":{ "shape":"integer", - "documentation":"

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the origin response timeout. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.

For more information, see Response timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" + "documentation":"

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the origin response timeout. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.

For more information, see Response timeout in the Amazon CloudFront Developer Guide.

" }, "OriginKeepaliveTimeout":{ "shape":"integer", - "documentation":"

Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.

For more information, see Keep-alive timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" + "documentation":"

Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.

For more information, see Keep-alive timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

Specifies which IP protocol CloudFront uses when connecting to your origin. If your origin uses both IPv4 and IPv6 protocols, you can choose dualstack to help optimize reliability.

" } }, "documentation":"

A custom origin. A custom origin is any origin that is not an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is configured with static website hosting is a custom origin.

" }, + "CustomizationActionType":{ + "type":"string", + "enum":[ + "override", + "disable" + ] + }, + "Customizations":{ + "type":"structure", + "members":{ + "WebAcl":{ + "shape":"WebAclCustomization", + "documentation":"

The WAF web ACL.

" + }, + "Certificate":{ + "shape":"Certificate", + "documentation":"

The Certificate Manager (ACM) certificate.

" + }, + "GeoRestrictions":{ + "shape":"GeoRestrictionCustomization", + "documentation":"

The geographic restrictions.

" + } + }, + "documentation":"

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

" + }, "DefaultCacheBehavior":{ "type":"structure", "required":[ @@ -4541,7 +5549,7 @@ }, "TrustedSigners":{ "shape":"TrustedSigners", - "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of Amazon Web Services account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's Amazon Web Services account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

" + "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A list of Amazon Web Services account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's Amazon Web Services account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

" }, "TrustedKeyGroups":{ "shape":"TrustedKeyGroups", @@ -4554,7 +5562,7 @@ "AllowedMethods":{"shape":"AllowedMethods"}, "SmoothStreaming":{ "shape":"boolean", - "documentation":"

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

" }, "Compress":{ "shape":"boolean", @@ -4599,21 +5607,21 @@ }, "MinTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).

", "deprecated":true }, "DefaultTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", "deprecated":true }, "MaxTTL":{ "shape":"long", - "documentation":"

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.

The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.

", "deprecated":true } }, - "documentation":"

A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if request URLs don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.

" + "documentation":"

A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if request URLs don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.

If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

" }, "DeleteAnycastIpListRequest":{ "type":"structure", @@ -4673,6 +5681,27 @@ }, "documentation":"

Deletes a origin access identity.

" }, + "DeleteConnectionGroupRequest":{ + "type":"structure", + "required":[ + "Id", + "IfMatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the connection group to delete.

", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the connection group to delete.

", + "location":"header", + "locationName":"If-Match" + } + } + }, "DeleteContinuousDeploymentPolicyRequest":{ "type":"structure", "required":["Id"], @@ -4710,6 +5739,27 @@ }, "documentation":"

This action deletes a web distribution. To delete a web distribution using the CloudFront API, perform the following steps.

To delete a web distribution using the CloudFront API:

  1. Disable the web distribution

  2. Submit a GET Distribution Config request to get the current configuration and the Etag header for the distribution.

  3. Update the XML document that was returned in the response to your GET Distribution Config request to change the value of Enabled to false.

  4. Submit a PUT Distribution Config request to update the configuration for your distribution. In the request body, include the XML document that you updated in Step 3. Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GET Distribution Config request in Step 2.

  5. Review the response to the PUT Distribution Config request to confirm that the distribution was successfully disabled.

  6. Submit a GET Distribution request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed.

  7. Submit a DELETE Distribution request. Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GET Distribution Config request in Step 6.

  8. Review the response to your DELETE Distribution request to confirm that the distribution was successfully deleted.

For information about deleting a distribution using the CloudFront console, see Deleting a Distribution in the Amazon CloudFront Developer Guide.

" }, + "DeleteDistributionTenantRequest":{ + "type":"structure", + "required":[ + "Id", + "IfMatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant to delete.

", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the distribution tenant. This value is returned in the response of the GetDistributionTenant API operation.

", + "location":"header", + "locationName":"If-Match" + } + } + }, "DeleteFieldLevelEncryptionConfigRequest":{ "type":"structure", "required":["Id"], @@ -4754,7 +5804,7 @@ ], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function that you are deleting.

", "location":"uri", "locationName":"Name" @@ -4820,8 +5870,7 @@ }, "DeleteMonitoringSubscriptionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOriginAccessControlRequest":{ "type":"structure", @@ -4890,6 +5939,16 @@ } } }, + "DeleteResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the CloudFront resource for which the resource policy should be deleted.

" + } + } + }, "DeleteResponseHeadersPolicyRequest":{ "type":"structure", "required":["Id"], @@ -4942,7 +6001,7 @@ }, "IfMatch":{ "shape":"string", - "documentation":"

The VPC origin to delete, if a match occurs.

", + "documentation":"

The version identifier of the VPC origin to delete. This is the ETag value returned in the response to GetVpcOrigin.

", "location":"header", "locationName":"If-Match" } @@ -4969,7 +6028,7 @@ "required":["Name"], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function that you are getting information about.

", "location":"uri", "locationName":"Name" @@ -5026,6 +6085,72 @@ }, "payload":"KeyValueStore" }, + "DisassociateDistributionTenantWebACLRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant that you're disassociating from the WAF web ACL. This is the ETag value returned in the response to the GetDistributionTenant API operation.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "DisassociateDistributionTenantWebACLResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + } + }, + "DisassociateDistributionWebACLRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution.

", + "location":"uri", + "locationName":"Id" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the distribution that you're disassociating from the WAF web ACL.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "DisassociateDistributionWebACLResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution.

", + "location":"header", + "locationName":"ETag" + } + } + }, "Distribution":{ "type":"structure", "required":[ @@ -5064,7 +6189,7 @@ }, "ActiveTrustedSigners":{ "shape":"ActiveTrustedSigners", - "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

This field contains a list of Amazon Web Services account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.

" + "documentation":"

We recommend using TrustedKeyGroups instead of TrustedSigners.

This field contains a list of Amazon Web Services account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.

" }, "ActiveTrustedKeyGroups":{ "shape":"ActiveTrustedKeyGroups", @@ -5109,7 +6234,7 @@ }, "Aliases":{ "shape":"Aliases", - "documentation":"

A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.

" }, "DefaultRootObject":{ "shape":"string", @@ -5145,7 +6270,7 @@ }, "PriceClass":{ "shape":"PriceClass", - "documentation":"

The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.

If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.

For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.

If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.

For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing.

" }, "Enabled":{ "shape":"boolean", @@ -5161,7 +6286,7 @@ }, "WebACLId":{ "shape":"string", - "documentation":"

A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. To specify a web ACL created using WAF Classic, use the ACL ID, for example a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.

" + "documentation":"

Multi-tenant distributions only support WAF V2 web ACLs.

A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. To specify a web ACL created using WAF Classic, use the ACL ID, for example a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.

" }, "HttpVersion":{ "shape":"HttpVersion", @@ -5169,19 +6294,27 @@ }, "IsIPV6Enabled":{ "shape":"boolean", - "documentation":"

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

  • You enable IPv6 for the distribution

  • You're using alternate domain names in the URLs for your objects

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Route 53 Amazon Web Services Integration Developer Guide.

If you created a CNAME resource record set, either with Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

" + "documentation":"

To use this field for a multi-tenant distribution, use a connection group instead. For more information, see ConnectionGroup.

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

  • You enable IPv6 for the distribution

  • You're using alternate domain names in the URLs for your objects

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Route 53 Amazon Web Services Integration Developer Guide.

If you created a CNAME resource record set, either with Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

" }, "ContinuousDeploymentPolicyId":{ "shape":"string", - "documentation":"

The identifier of a continuous deployment policy. For more information, see CreateContinuousDeploymentPolicy.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

The identifier of a continuous deployment policy. For more information, see CreateContinuousDeploymentPolicy.

" }, "Staging":{ "shape":"boolean", - "documentation":"

A Boolean that indicates whether this is a staging distribution. When this value is true, this is a staging distribution. When this value is false, this is not a staging distribution.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A Boolean that indicates whether this is a staging distribution. When this value is true, this is a staging distribution. When this value is false, this is not a staging distribution.

" }, "AnycastIpListId":{ "shape":"string", - "documentation":"

ID of the Anycast static IP list that is associated with the distribution.

" + "documentation":"

To use this field for a multi-tenant distribution, use a connection group instead. For more information, see ConnectionGroup.

ID of the Anycast static IP list that is associated with the distribution.

" + }, + "TenantConfig":{ + "shape":"TenantConfig", + "documentation":"

This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A distribution tenant configuration.

" + }, + "ConnectionMode":{ + "shape":"ConnectionMode", + "documentation":"

This field specifies whether the connection mode is through a standard distribution (direct) or a multi-tenant distribution with distribution tenants (tenant-only).

" } }, "documentation":"

A distribution configuration.

" @@ -5247,6 +6380,67 @@ "locationName":"DistributionId" } }, + "DistributionIdOwner":{ + "type":"structure", + "required":[ + "DistributionId", + "OwnerAccountId" + ], + "members":{ + "DistributionId":{ + "shape":"string", + "documentation":"

The ID of the distribution.

" + }, + "OwnerAccountId":{ + "shape":"string", + "documentation":"

The ID of the Amazon Web Services account that owns the distribution.

" + } + }, + "documentation":"

A structure that pairs a CloudFront distribution ID with its owning Amazon Web Services account ID.

" + }, + "DistributionIdOwnerItemList":{ + "type":"list", + "member":{ + "shape":"DistributionIdOwner", + "locationName":"DistributionIdOwner" + } + }, + "DistributionIdOwnerList":{ + "type":"structure", + "required":[ + "Marker", + "MaxItems", + "IsTruncated", + "Quantity" + ], + "members":{ + "Marker":{ + "shape":"string", + "documentation":"

Use this field when paginating results to indicate where to begin in your list of DistributionIdOwner objects. The response includes distributions in the list that occur after the marker. To get the next page of the list, set this field's value to the value of NextMarker from the current page's response.

" + }, + "NextMarker":{ + "shape":"string", + "documentation":"

A token used for pagination of results returned in the response. You can use the token from the previous request to define where the current request should begin.

" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of DistributionIdOwner objects to return.

" + }, + "IsTruncated":{ + "shape":"boolean", + "documentation":"

A flag that indicates whether more DistributionIdOwner objects remain to be listed. If your results were truncated, you can make a follow-up pagination request using the Marker request parameter to retrieve more results in the list.

" + }, + "Quantity":{ + "shape":"integer", + "documentation":"

Specifies the actual number of DistributionIdOwner objects included in the list for the current page.

" + }, + "Items":{ + "shape":"DistributionIdOwnerItemList", + "documentation":"

The number of DistributionIdOwner objects.

" + } + }, + "documentation":"

The list of distribution IDs and the Amazon Web Services accounts that they belong to.

" + }, "DistributionList":{ "type":"structure", "required":[ @@ -5295,6 +6489,27 @@ }, "exception":true }, + "DistributionResourceId":{ + "type":"structure", + "members":{ + "DistributionId":{ + "shape":"string", + "documentation":"

The ID of the multi-tenant distribution.

" + }, + "DistributionTenantId":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

" + } + }, + "documentation":"

The IDs for the distribution resources.

" + }, + "DistributionResourceType":{ + "type":"string", + "enum":[ + "distribution", + "distribution-tenant" + ] + }, "DistributionSummary":{ "type":"structure", "required":[ @@ -5327,6 +6542,10 @@ "shape":"string", "documentation":"

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your Amazon Web Services account ID.

" }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution.

" + }, "Status":{ "shape":"string", "documentation":"

The current status of the distribution. When the status is Deployed, the distribution's information is propagated to all CloudFront edge locations.

" @@ -5364,12 +6583,12 @@ "documentation":"

A complex type that contains zero or more CustomErrorResponses elements.

" }, "Comment":{ - "shape":"string", + "shape":"sensitiveStringType", "documentation":"

The comment originally specified when this distribution was created.

" }, "PriceClass":{ "shape":"PriceClass", - "documentation":"

A complex type that contains information about price class for this streaming distribution.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

A complex type that contains information about price class for this streaming distribution.

" }, "Enabled":{ "shape":"boolean", @@ -5403,6 +6622,10 @@ "shape":"boolean", "documentation":"

A Boolean that indicates whether this is a staging distribution. When this value is true, this is a staging distribution. When this value is false, this is not a staging distribution.

" }, + "ConnectionMode":{ + "shape":"ConnectionMode", + "documentation":"

This field specifies whether the connection mode is through a standard distribution (direct) or a multi-tenant distribution with distribution tenants (tenant-only).

" + }, "AnycastIpListId":{ "shape":"string", "documentation":"

ID of the Anycast static IP list that is associated with the distribution.

" @@ -5417,6 +6640,259 @@ "locationName":"DistributionSummary" } }, + "DistributionTenant":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

" + }, + "DistributionId":{ + "shape":"string", + "documentation":"

The ID of the multi-tenant distribution.

" + }, + "Name":{ + "shape":"string", + "documentation":"

The name of the distribution tenant.

" + }, + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the distribution tenant.

" + }, + "Domains":{ + "shape":"DomainResultList", + "documentation":"

The domains associated with the distribution tenant.

" + }, + "Tags":{"shape":"Tags"}, + "Customizations":{ + "shape":"Customizations", + "documentation":"

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

" + }, + "Parameters":{ + "shape":"Parameters", + "documentation":"

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

" + }, + "ConnectionGroupId":{ + "shape":"string", + "documentation":"

The ID of the connection group for the distribution tenant. If you don't specify a connection group, CloudFront uses the default connection group.

" + }, + "CreatedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the distribution tenant was created.

" + }, + "LastModifiedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the distribution tenant was updated.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Indicates whether the distribution tenant is in an enabled state. If disabled, the distribution tenant won't serve traffic.

" + }, + "Status":{ + "shape":"string", + "documentation":"

The status of the distribution tenant.

" + } + }, + "documentation":"

The distribution tenant.

" + }, + "DistributionTenantAssociationFilter":{ + "type":"structure", + "members":{ + "DistributionId":{ + "shape":"string", + "documentation":"

The distribution ID to filter by. You can find distribution tenants associated with a specific distribution.

" + }, + "ConnectionGroupId":{ + "shape":"string", + "documentation":"

The ID of the connection group to filter by. You can find distribution tenants associated with a specific connection group.

" + } + }, + "documentation":"

Filter by the associated distribution ID or connection group ID.

" + }, + "DistributionTenantList":{ + "type":"list", + "member":{ + "shape":"DistributionTenantSummary", + "locationName":"DistributionTenantSummary" + } + }, + "DistributionTenantSummary":{ + "type":"structure", + "required":[ + "Id", + "DistributionId", + "Name", + "Arn", + "Domains", + "CreatedTime", + "LastModifiedTime", + "ETag" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

" + }, + "DistributionId":{ + "shape":"string", + "documentation":"

The identifier for the multi-tenant distribution. For example: EDFDVBD632BHDS5.

" + }, + "Name":{ + "shape":"string", + "documentation":"

The name of the distribution tenant.

" + }, + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the distribution tenant.

" + }, + "Domains":{ + "shape":"DomainResultList", + "documentation":"

The domains associated with the distribution tenant.

" + }, + "ConnectionGroupId":{ + "shape":"string", + "documentation":"

The ID of the connection group ID for the distribution tenant. If you don't specify a connection group, CloudFront uses the default connection group.

" + }, + "Customizations":{ + "shape":"Customizations", + "documentation":"

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

" + }, + "CreatedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the distribution tenant was created.

" + }, + "LastModifiedTime":{ + "shape":"timestamp", + "documentation":"

The date and time when the distribution tenant was updated.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Indicates whether the distribution tenants are in an enabled state. If disabled, the distribution tenant won't service traffic.

" + }, + "Status":{ + "shape":"string", + "documentation":"

The status of the distribution tenant.

" + } + }, + "documentation":"

A summary of the information about a distribution tenant.

" + }, + "DnsConfiguration":{ + "type":"structure", + "required":[ + "Domain", + "Status" + ], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain name that you're verifying.

" + }, + "Status":{ + "shape":"DnsConfigurationStatus", + "documentation":"

The status of your domain name.

  • valid-configuration: The domain name is correctly configured and points to the correct routing endpoint of the connection group.

  • invalid-configuration: There is either a missing DNS record or the DNS record exists but it's using an incorrect routing endpoint. Update the DNS record to point to the correct routing endpoint.

  • unknown-configuration: CloudFront can't validate your DNS configuration. This status can appear if CloudFront can't verify the DNS record, or the DNS lookup request failed or timed out.

" + }, + "Reason":{ + "shape":"string", + "documentation":"

Explains the status of the DNS configuration.

" + } + }, + "documentation":"

The DNS configuration for your domain names.

" + }, + "DnsConfigurationList":{ + "type":"list", + "member":{ + "shape":"DnsConfiguration", + "locationName":"DnsConfiguration" + } + }, + "DnsConfigurationStatus":{ + "type":"string", + "enum":[ + "valid-configuration", + "invalid-configuration", + "unknown-configuration" + ] + }, + "DomainConflict":{ + "type":"structure", + "required":[ + "Domain", + "ResourceType", + "ResourceId", + "AccountId" + ], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain used to find existing conflicts for domain configurations.

" + }, + "ResourceType":{ + "shape":"DistributionResourceType", + "documentation":"

The CloudFront resource type that has a domain conflict.

" + }, + "ResourceId":{ + "shape":"string", + "documentation":"

The ID of the resource that has a domain conflict.

" + }, + "AccountId":{ + "shape":"string", + "documentation":"

The ID of the Amazon Web Services account for the domain conflict.

" + } + }, + "documentation":"

Contains information about the domain conflict. Use this information to determine the affected domain, the related resource, and the affected Amazon Web Services account.

" + }, + "DomainConflictsList":{ + "type":"list", + "member":{ + "shape":"DomainConflict", + "locationName":"DomainConflicts" + } + }, + "DomainItem":{ + "type":"structure", + "required":["Domain"], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain name.

" + } + }, + "documentation":"

The domain for the specified distribution tenant.

" + }, + "DomainList":{ + "type":"list", + "member":{"shape":"DomainItem"} + }, + "DomainResult":{ + "type":"structure", + "required":["Domain"], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The specified domain.

" + }, + "Status":{ + "shape":"DomainStatus", + "documentation":"

Whether the domain is active or inactive.

" + } + }, + "documentation":"

The details about the domain result.

" + }, + "DomainResultList":{ + "type":"list", + "member":{"shape":"DomainResult"} + }, + "DomainStatus":{ + "type":"string", + "enum":[ + "active", + "inactive" + ] + }, "EncryptionEntities":{ "type":"structure", "required":["Quantity"], @@ -5472,10 +6948,10 @@ }, "KinesisStreamConfig":{ "shape":"KinesisStreamConfig", - "documentation":"

Contains information about the Amazon Kinesis data stream where you are sending real-time log data.

" + "documentation":"

Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.

" } }, - "documentation":"

Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.

" + "documentation":"

Contains information about the Amazon Kinesis data stream where you're sending real-time log data in a real-time log configuration.

" }, "EndPointList":{ "type":"list", @@ -5879,7 +7355,7 @@ "documentation":"

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include query strings in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

A complex type that contains information about the query string parameters that you want CloudFront to use for caching for this cache behavior.

" } }, - "documentation":"

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include values in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.

" + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include values in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.

" }, "FrameOptionsList":{ "type":"string", @@ -6137,6 +7613,21 @@ }, "documentation":"

A complex type that controls the countries in which your content is distributed. CloudFront determines the location of your users using MaxMind GeoIP databases.

" }, + "GeoRestrictionCustomization":{ + "type":"structure", + "required":["RestrictionType"], + "members":{ + "RestrictionType":{ + "shape":"GeoRestrictionType", + "documentation":"

The method that you want to use to restrict distribution of your content by country:

  • none: No geographic restriction is enabled, meaning access to content is not restricted by client geo location.

  • blacklist: The Location elements specify the countries in which you don't want CloudFront to distribute your content.

  • whitelist: The Location elements specify the countries in which you want CloudFront to distribute your content.

" + }, + "Locations":{ + "shape":"LocationList", + "documentation":"

The locations for geographic restrictions.

" + } + }, + "documentation":"

The customizations that you specified for the distribution tenant for geographic restrictions.

" + }, "GeoRestrictionType":{ "type":"string", "enum":[ @@ -6289,6 +7780,59 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"CloudFrontOriginAccessIdentity" }, + "GetConnectionGroupByRoutingEndpointRequest":{ + "type":"structure", + "required":["RoutingEndpoint"], + "members":{ + "RoutingEndpoint":{ + "shape":"string", + "documentation":"

The routing endpoint for the target connection group, such as d111111abcdef8.cloudfront.net.

", + "location":"querystring", + "locationName":"RoutingEndpoint" + } + } + }, + "GetConnectionGroupByRoutingEndpointResult":{ + "type":"structure", + "members":{ + "ConnectionGroup":{"shape":"ConnectionGroup"}, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the connection group.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"ConnectionGroup" + }, + "GetConnectionGroupRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"string", + "documentation":"

The ID, name, or Amazon Resource Name (ARN) of the connection group.

", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetConnectionGroupResult":{ + "type":"structure", + "members":{ + "ConnectionGroup":{ + "shape":"ConnectionGroup", + "documentation":"

The connection group that you retrieved.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the connection group.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"ConnectionGroup" + }, "GetContinuousDeploymentPolicyConfigRequest":{ "type":"structure", "required":["Id"], @@ -6402,6 +7946,59 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"Distribution" }, + "GetDistributionTenantByDomainRequest":{ + "type":"structure", + "required":["Domain"], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

A domain name associated with the target distribution tenant.

", + "location":"querystring", + "locationName":"domain" + } + } + }, + "GetDistributionTenantByDomainResult":{ + "type":"structure", + "members":{ + "DistributionTenant":{"shape":"DistributionTenant"}, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"DistributionTenant" + }, + "GetDistributionTenantRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"string", + "documentation":"

The identifier of the distribution tenant. You can specify the ARN, ID, or name of the distribution tenant.

", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetDistributionTenantResult":{ + "type":"structure", + "members":{ + "DistributionTenant":{ + "shape":"DistributionTenant", + "documentation":"

The distribution tenant that you retrieved.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"DistributionTenant" + }, "GetFieldLevelEncryptionConfigRequest":{ "type":"structure", "required":["Id"], @@ -6519,7 +8116,7 @@ "required":["Name"], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function whose code you are getting.

", "location":"uri", "locationName":"Name" @@ -6554,6 +8151,34 @@ }, "payload":"FunctionCode" }, + "GetInvalidationForDistributionTenantRequest":{ + "type":"structure", + "required":[ + "DistributionTenantId", + "Id" + ], + "members":{ + "DistributionTenantId":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"DistributionTenantId" + }, + "Id":{ + "shape":"string", + "documentation":"

The ID of the invalidation to retrieve.

", + "location":"uri", + "locationName":"Id" + } + } + }, + "GetInvalidationForDistributionTenantResult":{ + "type":"structure", + "members":{ + "Invalidation":{"shape":"Invalidation"} + }, + "payload":"Invalidation" + }, "GetInvalidationRequest":{ "type":"structure", "required":[ @@ -6643,6 +8268,28 @@ }, "payload":"KeyGroup" }, + "GetManagedCertificateDetailsRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"string", + "documentation":"

The identifier of the distribution tenant. You can specify the ARN, ID, or name of the distribution tenant.

", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedCertificateDetailsResult":{ + "type":"structure", + "members":{ + "ManagedCertificateDetails":{ + "shape":"ManagedCertificateDetails", + "documentation":"

Contains details about the CloudFront managed ACM certificate.

" + } + }, + "payload":"ManagedCertificateDetails" + }, "GetMonitoringSubscriptionRequest":{ "type":"structure", "required":["DistributionId"], @@ -6855,6 +8502,29 @@ } } }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the CloudFront resource that is associated with the resource policy.

" + } + } + }, + "GetResourcePolicyResult":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the CloudFront resource that is associated with the resource policy.

" + }, + "PolicyDocument":{ + "shape":"string", + "documentation":"

The resource policy in JSON format.

" + } + } + }, "GetResponseHeadersPolicyConfigRequest":{ "type":"structure", "required":["Id"], @@ -7143,6 +8813,18 @@ }, "exception":true }, + "InvalidAssociation":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "documentation":"

The specified CloudFront resource can't be associated.

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, "InvalidDefaultRootObject":{ "type":"structure", "members":{ @@ -7555,6 +9237,14 @@ "locationName":"InvalidationSummary" } }, + "IpAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6", + "dualstack" + ] + }, "ItemSelection":{ "type":"string", "enum":[ @@ -7986,7 +9676,7 @@ "members":{ "DistributionId":{ "shape":"distributionIdString", - "documentation":"

The ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias.

", + "documentation":"

The ID of a standard distribution in your account that has an attached TLS certificate that includes the provided alias.

", "location":"querystring", "locationName":"DistributionId" }, @@ -8020,6 +9710,36 @@ }, "payload":"ConflictingAliasesList" }, + "ListConnectionGroupsRequest":{ + "type":"structure", + "members":{ + "AssociationFilter":{ + "shape":"ConnectionGroupAssociationFilter", + "documentation":"

Filter by associated Anycast IP list ID.

" + }, + "Marker":{ + "shape":"string", + "documentation":"

The marker for the next set of connection groups to retrieve.

" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of connection groups to return.

" + } + } + }, + "ListConnectionGroupsResult":{ + "type":"structure", + "members":{ + "NextMarker":{ + "shape":"string", + "documentation":"

A token used for pagination of results returned in the response. You can use the token from the previous request to define where the current request should begin.

" + }, + "ConnectionGroups":{ + "shape":"ConnectionGroupSummaryList", + "documentation":"

The list of connection groups that you retrieved.

" + } + } + }, "ListContinuousDeploymentPoliciesRequest":{ "type":"structure", "members":{ @@ -8047,6 +9767,67 @@ }, "payload":"ContinuousDeploymentPolicyList" }, + "ListDistributionTenantsByCustomizationRequest":{ + "type":"structure", + "members":{ + "WebACLArn":{ + "shape":"string", + "documentation":"

Filter by the ARN of the associated WAF web ACL.

" + }, + "CertificateArn":{ + "shape":"string", + "documentation":"

Filter by the ARN of the associated ACM certificate.

" + }, + "Marker":{ + "shape":"string", + "documentation":"

The marker for the next set of results.

" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of distribution tenants to return by the specified customization.

" + } + } + }, + "ListDistributionTenantsByCustomizationResult":{ + "type":"structure", + "members":{ + "NextMarker":{ + "shape":"string", + "documentation":"

A token used for pagination of results returned in the response. You can use the token from the previous request to define where the current request should begin.

" + }, + "DistributionTenantList":{ + "shape":"DistributionTenantList", + "documentation":"

A list of distribution tenants with the specified customization.

" + } + } + }, + "ListDistributionTenantsRequest":{ + "type":"structure", + "members":{ + "AssociationFilter":{"shape":"DistributionTenantAssociationFilter"}, + "Marker":{ + "shape":"string", + "documentation":"

The marker for the next set of results.

" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of distribution tenants to return.

" + } + } + }, + "ListDistributionTenantsResult":{ + "type":"structure", + "members":{ + "NextMarker":{ + "shape":"string", + "documentation":"

A token used for pagination of results returned in the response. You can use the token from the previous request to define where the current request should begin.

" + }, + "DistributionTenantList":{ + "shape":"DistributionTenantList", + "documentation":"

The list of distribution tenants that you retrieved.

" + } + } + }, "ListDistributionsByAnycastIpListIdRequest":{ "type":"structure", "required":["AnycastIpListId"], @@ -8112,6 +9893,37 @@ }, "payload":"DistributionIdList" }, + "ListDistributionsByConnectionModeRequest":{ + "type":"structure", + "required":["ConnectionMode"], + "members":{ + "Marker":{ + "shape":"string", + "documentation":"

The marker for the next set of distributions to retrieve.

", + "location":"querystring", + "locationName":"Marker" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of distributions to return.

", + "location":"querystring", + "locationName":"MaxItems" + }, + "ConnectionMode":{ + "shape":"ConnectionMode", + "documentation":"

This field specifies whether the connection mode is through a standard distribution (direct) or a multi-tenant distribution with distribution tenants (tenant-only).

", + "location":"uri", + "locationName":"ConnectionMode" + } + } + }, + "ListDistributionsByConnectionModeResult":{ + "type":"structure", + "members":{ + "DistributionList":{"shape":"DistributionList"} + }, + "payload":"DistributionList" + }, "ListDistributionsByKeyGroupRequest":{ "type":"structure", "required":["KeyGroupId"], @@ -8177,6 +9989,40 @@ }, "payload":"DistributionIdList" }, + "ListDistributionsByOwnedResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The ARN of the CloudFront resource that you've shared with other Amazon Web Services accounts.

", + "location":"uri", + "locationName":"ResourceArn" + }, + "Marker":{ + "shape":"string", + "documentation":"

Use this field when paginating results to indicate where to begin in your list of distributions. The response includes distributions in the list that occur after the marker. To get the next page of the list, set this field's value to the value of NextMarker from the current page's response.

", + "location":"querystring", + "locationName":"Marker" + }, + "MaxItems":{ + "shape":"string", + "documentation":"

The maximum number of distributions to return.

", + "location":"querystring", + "locationName":"MaxItems" + } + } + }, + "ListDistributionsByOwnedResourceResult":{ + "type":"structure", + "members":{ + "DistributionList":{ + "shape":"DistributionIdOwnerList", + "documentation":"

The list of distributions that are using the shared resource.

" + } + }, + "payload":"DistributionList" + }, "ListDistributionsByRealtimeLogConfigRequest":{ "type":"structure", "members":{ @@ -8332,6 +10178,44 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"DistributionList" }, + "ListDomainConflictsRequest":{ + "type":"structure", + "required":[ + "Domain", + "DomainControlValidationResource" + ], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain to check for conflicts.

" + }, + "DomainControlValidationResource":{ + "shape":"DistributionResourceId", + "documentation":"

The distribution resource identifier. This can be the standard distribution or distribution tenant that has a valid certificate, which covers the domain that you specify.

" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of domain conflicts to return.

" + }, + "Marker":{ + "shape":"string", + "documentation":"

The marker for the next set of domain conflicts.

" + } + } + }, + "ListDomainConflictsResult":{ + "type":"structure", + "members":{ + "DomainConflicts":{ + "shape":"DomainConflictsList", + "documentation":"

Contains details about the domain conflicts.

" + }, + "NextMarker":{ + "shape":"string", + "documentation":"

A token used for pagination of results returned in the response. You can use the token from the previous request to define where the current request should begin.

" + } + } + }, "ListFieldLevelEncryptionConfigsRequest":{ "type":"structure", "members":{ @@ -8419,6 +10303,37 @@ }, "payload":"FunctionList" }, + "ListInvalidationsForDistributionTenantRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"Id" + }, + "Marker":{ + "shape":"string", + "documentation":"

Use this parameter when paginating results to indicate where to begin in your list of invalidation batches. Because the results are returned in decreasing order from most recent to oldest, the most recent results are on the first page, the second page will contain earlier results, and so on. To get the next page of results, set Marker to the value of the NextMarker from the current page's response. This value is the same as the ID of the last invalidation batch on that page.

", + "location":"querystring", + "locationName":"Marker" + }, + "MaxItems":{ + "shape":"integer", + "documentation":"

The maximum number of invalidations to return for the distribution tenant.

", + "location":"querystring", + "locationName":"MaxItems" + } + } + }, + "ListInvalidationsForDistributionTenantResult":{ + "type":"structure", + "members":{ + "InvalidationList":{"shape":"InvalidationList"} + }, + "payload":"InvalidationList" + }, "ListInvalidationsRequest":{ "type":"structure", "required":["DistributionId"], @@ -8774,6 +10689,59 @@ }, "documentation":"

A complex type that specifies whether access logs are written for the distribution.

If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a different Amazon S3 bucket or use a separate path in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see Standard logging (access logs) in the Amazon CloudFront Developer Guide.

" }, + "ManagedCertificateDetails":{ + "type":"structure", + "members":{ + "CertificateArn":{ + "shape":"string", + "documentation":"

The ARN of the CloudFront managed ACM certificate.

" + }, + "CertificateStatus":{ + "shape":"ManagedCertificateStatus", + "documentation":"

The status of the CloudFront managed ACM certificate.

Your distribution tenant will be updated with the latest certificate status. When calling the UpdateDistributionTenant operation, use the latest value for the ETag.

" + }, + "ValidationTokenHost":{ + "shape":"ValidationTokenHost", + "documentation":"

Contains details about the validation token host of the specified CloudFront managed ACM certificate.

  • For cloudfront, CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.

  • For self-hosted, you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.

This setting only affects the initial certificate request. Once the DNS points to CloudFront, all future certificate renewals are automatically handled through CloudFront.

" + }, + "ValidationTokenDetails":{ + "shape":"ValidationTokenDetailList", + "documentation":"

Contains details about the validation token of the specified CloudFront managed ACM certificate.

" + } + }, + "documentation":"

Contains details about the CloudFront managed ACM certificate.

" + }, + "ManagedCertificateRequest":{ + "type":"structure", + "required":["ValidationTokenHost"], + "members":{ + "ValidationTokenHost":{ + "shape":"ValidationTokenHost", + "documentation":"

Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate.

  • For cloudfront, CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.

  • For self-hosted, you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.

" + }, + "PrimaryDomainName":{ + "shape":"string", + "documentation":"

The primary domain name associated with the CloudFront managed ACM certificate.

" + }, + "CertificateTransparencyLoggingPreference":{ + "shape":"CertificateTransparencyLoggingPreference", + "documentation":"

You can opt out of certificate transparency logging by specifying the disabled option. Opt in by specifying enabled. For more information, see Certificate Transparency Logging in the Certificate Manager User Guide.

" + } + }, + "documentation":"

An object that represents the request for the Amazon CloudFront managed ACM certificate.

" + }, + "ManagedCertificateStatus":{ + "type":"string", + "enum":[ + "pending-validation", + "issued", + "inactive", + "expired", + "validation-timed-out", + "revoked", + "failed" + ] + }, "Method":{ "type":"string", "enum":[ @@ -8802,7 +10770,9 @@ "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", - "TLSv1.2_2021" + "TLSv1.2_2021", + "TLSv1.3_2025", + "TLSv1.2_2025" ] }, "MissingBody":{ @@ -9086,6 +11056,10 @@ "shape":"integer", "documentation":"

The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you don't specify otherwise) is 10 seconds.

For more information, see Origin Connection Timeout in the Amazon CloudFront Developer Guide.

" }, + "ResponseCompletionTimeout":{ + "shape":"integer", + "documentation":"

The time (in seconds) that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection.

The value for ResponseCompletionTimeout must be equal to or greater than the value for OriginReadTimeout. If you don't set a value for ResponseCompletionTimeout, CloudFront doesn't enforce a maximum value.

For more information, see Response completion timeout in the Amazon CloudFront Developer Guide.

" + }, "OriginShield":{ "shape":"OriginShield", "documentation":"

CloudFront Origin Shield. Using Origin Shield can help reduce the load on your origin.

For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

" @@ -9095,7 +11069,7 @@ "documentation":"

The unique identifier of an origin access control for this origin.

For more information, see Restricting access to an Amazon S3 origin in the Amazon CloudFront Developer Guide.

" } }, - "documentation":"

An origin.

An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:

  • Use S3OriginConfig to specify an Amazon S3 bucket that is not configured with static website hosting.

  • Use CustomOriginConfig to specify all other kinds of origins, including:

    • An Amazon S3 bucket that is configured with static website hosting

    • An Elastic Load Balancing load balancer

    • An Elemental MediaPackage endpoint

    • An Elemental MediaStore container

    • Any other HTTP server, running on an Amazon EC2 instance or any other kind of host

For the current maximum number of origins that you can specify per distribution, see General Quotas on Web Distributions in the Amazon CloudFront Developer Guide (quotas were formerly referred to as limits).

" + "documentation":"

An origin.

An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:

  • Use S3OriginConfig to specify an Amazon S3 bucket that is not configured with static website hosting.

  • Use VpcOriginConfig to specify a VPC origin.

  • Use CustomOriginConfig to specify all other kinds of origins, including:

    • An Amazon S3 bucket that is configured with static website hosting

    • An Elastic Load Balancing load balancer

    • An Elemental MediaPackage endpoint

    • An Elemental MediaStore container

    • Any other HTTP server, running on an Amazon EC2 instance or any other kind of host

For the current maximum number of origins that you can specify per distribution, see General Quotas on Web Distributions in the Amazon CloudFront Developer Guide (quotas were formerly referred to as limits).

" }, "OriginAccessControl":{ "type":"structure", @@ -9679,6 +11653,71 @@ }, "documentation":"

Contains information about the origins for this distribution.

" }, + "Parameter":{ + "type":"structure", + "required":[ + "Name", + "Value" + ], + "members":{ + "Name":{ + "shape":"ParameterName", + "documentation":"

The parameter name.

" + }, + "Value":{ + "shape":"ParameterValue", + "documentation":"

The parameter value.

" + } + }, + "documentation":"

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

" + }, + "ParameterDefinition":{ + "type":"structure", + "required":[ + "Name", + "Definition" + ], + "members":{ + "Name":{ + "shape":"ParameterName", + "documentation":"

The name of the parameter.

" + }, + "Definition":{ + "shape":"ParameterDefinitionSchema", + "documentation":"

The value that you assigned to the parameter.

" + } + }, + "documentation":"

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

" + }, + "ParameterDefinitionSchema":{ + "type":"structure", + "members":{ + "StringSchema":{ + "shape":"StringSchemaConfig", + "documentation":"

An object that contains information about the string schema.

" + } + }, + "documentation":"

An object that contains information about the parameter definition.

" + }, + "ParameterDefinitions":{ + "type":"list", + "member":{"shape":"ParameterDefinition"} + }, + "ParameterName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9-_]+" + }, + "ParameterValue":{ + "type":"string", + "max":256, + "min":1 + }, + "Parameters":{ + "type":"list", + "member":{"shape":"Parameter"} + }, "ParametersInCacheKeyAndForwardedToOrigin":{ "type":"structure", "required":[ @@ -9750,7 +11789,8 @@ "enum":[ "PriceClass_100", "PriceClass_200", - "PriceClass_All" + "PriceClass_All", + "None" ] }, "PublicKey":{ @@ -9774,7 +11814,7 @@ "documentation":"

Configuration information about a public key that you can use with signed URLs and signed cookies, or with field-level encryption.

" } }, - "documentation":"

A public key that you can use with signed URLs and signed cookies, or with field-level encryption.

" + "documentation":"

A public key that you can use with signed URLs and signed cookies, or with field-level encryption.

CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.

" }, "PublicKeyAlreadyExists":{ "type":"structure", @@ -9813,7 +11853,7 @@ "documentation":"

A comment to describe the public key. The comment cannot be longer than 128 characters.

" } }, - "documentation":"

Configuration information about a public key that you can use with signed URLs and signed cookies, or with field-level encryption.

" + "documentation":"

Configuration information about a public key that you can use with signed URLs and signed cookies, or with field-level encryption.

CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.

" }, "PublicKeyIdList":{ "type":"list", @@ -9907,7 +11947,7 @@ ], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function that you are publishing.

", "location":"uri", "locationName":"Name" @@ -9930,6 +11970,32 @@ }, "payload":"FunctionSummary" }, + "PutResourcePolicyRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "PolicyDocument" + ], + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the CloudFront resource for which the policy is being created.

" + }, + "PolicyDocument":{ + "shape":"string", + "documentation":"

The JSON-formatted resource policy to create.

" + } + } + }, + "PutResourcePolicyResult":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the CloudFront resource for which the policy was created.

" + } + } + }, "QueryArgProfile":{ "type":"structure", "required":[ @@ -10192,6 +12258,18 @@ }, "exception":true }, + "ResourceNotDisabled":{ + "type":"structure", + "members":{ + "Message":{"shape":"string"} + }, + "documentation":"

The specified CloudFront resource hasn't been disabled yet.

", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, "ResponseHeadersPolicy":{ "type":"structure", "required":[ @@ -10730,7 +12808,11 @@ "members":{ "OriginAccessIdentity":{ "shape":"string", - "documentation":"

If you're using origin access control (OAC) instead of origin access identity, specify an empty OriginAccessIdentity element. For more information, see Restricting access to an Amazon Web Services in the Amazon CloudFront Developer Guide.

The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can only access objects in an Amazon S3 bucket through CloudFront. The format of the value is:

origin-access-identity/cloudfront/ID-of-origin-access-identity

The ID-of-origin-access-identity is the value that CloudFront returned in the ID element when you created the origin access identity.

If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.

To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.

To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

For more information about the origin access identity, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" + "documentation":"

If you're using origin access control (OAC) instead of origin access identity, specify an empty OriginAccessIdentity element. For more information, see Restricting access to an Amazon Web Services in the Amazon CloudFront Developer Guide.

The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can only access objects in an Amazon S3 bucket through CloudFront. The format of the value is:

origin-access-identity/cloudfront/ID-of-origin-access-identity

The ID-of-origin-access-identity is the value that CloudFront returned in the ID element when you created the origin access identity.

If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.

To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.

To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

For more information about the origin access identity, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" + }, + "OriginReadTimeout":{ + "shape":"integer", + "documentation":"

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the origin response timeout. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.

For more information, see Response timeout in the Amazon CloudFront Developer Guide.

" } }, "documentation":"

A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the CustomOriginConfig element instead.

" @@ -10749,6 +12831,11 @@ "max":100.0, "min":0.0 }, + "ServerCertificateId":{ + "type":"string", + "max":32, + "min":0 + }, "SessionStickinessConfig":{ "type":"structure", "required":[ @@ -11123,6 +13210,25 @@ }, "documentation":"

A complex type that controls whether access logs are written for this streaming distribution.

" }, + "StringSchemaConfig":{ + "type":"structure", + "required":["Required"], + "members":{ + "Comment":{ + "shape":"sensitiveStringType", + "documentation":"

A comment to describe the parameter.

" + }, + "DefaultValue":{ + "shape":"ParameterValue", + "documentation":"

The default value of the parameter.

" + }, + "Required":{ + "shape":"boolean", + "documentation":"

Whether the defined parameter is required.

" + } + }, + "documentation":"

The configuration for a string schema.

" + }, "Tag":{ "type":"structure", "required":["Key"], @@ -11208,6 +13314,16 @@ }, "documentation":"

A complex type that contains zero or more Tag elements.

" }, + "TenantConfig":{ + "type":"structure", + "members":{ + "ParameterDefinitions":{ + "shape":"ParameterDefinitions", + "documentation":"

The parameters that you specify for a distribution tenant.

" + } + }, + "documentation":"

This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

The configuration for a distribution tenant.

" + }, "TestFunctionFailed":{ "type":"structure", "members":{ @@ -11227,7 +13343,7 @@ ], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function that you are testing.

", "location":"uri", "locationName":"Name" @@ -12007,7 +14123,7 @@ "members":{ "Message":{"shape":"string"} }, - "documentation":"

This operation is not supported in this region.

", + "documentation":"

This operation is not supported in this Amazon Web Services Region.

", "error":{ "httpStatusCode":400, "senderFault":true @@ -12037,6 +14153,44 @@ "documentation":"

The request to remove tags from a CloudFront resource.

", "payload":"TagKeys" }, + "UpdateAnycastIpListRequest":{ + "type":"structure", + "required":[ + "Id", + "IfMatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

", + "location":"uri", + "locationName":"Id" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type for the Anycast static IP list. You can specify one of the following options:

  • ipv4 - Allocate a list of only IPv4 addresses

  • ipv6 - Allocate a list of only IPv4 addresses

  • dualstack - Allocate a list of both IPv4 and IPv6 addresses

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The current version (ETag value) of the Anycast static IP list that you are updating.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "UpdateAnycastIpListResult":{ + "type":"structure", + "members":{ + "AnycastIpList":{"shape":"AnycastIpList"}, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the Anycast static IP list.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"AnycastIpList" + }, "UpdateCachePolicyRequest":{ "type":"structure", "required":[ @@ -12127,6 +14281,55 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"CloudFrontOriginAccessIdentity" }, + "UpdateConnectionGroupRequest":{ + "type":"structure", + "required":[ + "Id", + "IfMatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the connection group.

", + "location":"uri", + "locationName":"Id" + }, + "Ipv6Enabled":{ + "shape":"boolean", + "documentation":"

Enable IPv6 for the connection group. For more information, see Enable IPv6 in the Amazon CloudFront Developer Guide.

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the connection group that you're updating.

", + "location":"header", + "locationName":"If-Match" + }, + "AnycastIpListId":{ + "shape":"string", + "documentation":"

The ID of the Anycast static IP list.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Whether the connection group is enabled.

" + } + } + }, + "UpdateConnectionGroupResult":{ + "type":"structure", + "members":{ + "ConnectionGroup":{ + "shape":"ConnectionGroup", + "documentation":"

The connection group that you updated.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the connection group.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"ConnectionGroup" + }, "UpdateContinuousDeploymentPolicyRequest":{ "type":"structure", "required":[ @@ -12217,6 +14420,71 @@ "documentation":"

The returned result of the corresponding request.

", "payload":"Distribution" }, + "UpdateDistributionTenantRequest":{ + "type":"structure", + "required":[ + "Id", + "IfMatch" + ], + "members":{ + "Id":{ + "shape":"string", + "documentation":"

The ID of the distribution tenant.

", + "location":"uri", + "locationName":"Id" + }, + "DistributionId":{ + "shape":"string", + "documentation":"

The ID for the multi-tenant distribution.

" + }, + "Domains":{ + "shape":"DomainList", + "documentation":"

The domains to update for the distribution tenant. A domain object can contain only a domain property. You must specify at least one domain. Each distribution tenant can have up to 5 domains.

" + }, + "Customizations":{ + "shape":"Customizations", + "documentation":"

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

" + }, + "Parameters":{ + "shape":"Parameters", + "documentation":"

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

" + }, + "ConnectionGroupId":{ + "shape":"string", + "documentation":"

The ID of the target connection group.

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag header that you received when retrieving the distribution tenant to update. This value is returned in the response of the GetDistributionTenant API operation.

", + "location":"header", + "locationName":"If-Match" + }, + "ManagedCertificateRequest":{ + "shape":"ManagedCertificateRequest", + "documentation":"

An object that contains the CloudFront managed ACM certificate request.

" + }, + "Enabled":{ + "shape":"boolean", + "documentation":"

Indicates whether the distribution tenant should be updated to an enabled state. If you update the distribution tenant and it's not enabled, the distribution tenant won't serve traffic.

" + } + } + }, + "UpdateDistributionTenantResult":{ + "type":"structure", + "members":{ + "DistributionTenant":{ + "shape":"DistributionTenant", + "documentation":"

The distribution tenant that you're updating.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the distribution tenant.

", + "location":"header", + "locationName":"ETag" + } + }, + "payload":"DistributionTenant" + }, "UpdateDistributionWithStagingConfigRequest":{ "type":"structure", "required":["Id"], @@ -12254,6 +14522,48 @@ }, "payload":"Distribution" }, + "UpdateDomainAssociationRequest":{ + "type":"structure", + "required":[ + "Domain", + "TargetResource" + ], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain to update.

" + }, + "TargetResource":{ + "shape":"DistributionResourceId", + "documentation":"

The target standard distribution or distribution tenant resource for the domain. You can specify either DistributionId or DistributionTenantId, but not both.

" + }, + "IfMatch":{ + "shape":"string", + "documentation":"

The value of the ETag identifier for the standard distribution or distribution tenant that will be associated with the domain.

", + "location":"header", + "locationName":"If-Match" + } + } + }, + "UpdateDomainAssociationResult":{ + "type":"structure", + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain that you're moving.

" + }, + "ResourceId":{ + "shape":"string", + "documentation":"

The intended destination for the domain.

" + }, + "ETag":{ + "shape":"string", + "documentation":"

The current version of the target standard distribution or distribution tenant that was associated with the domain.

", + "location":"header", + "locationName":"ETag" + } + } + }, "UpdateFieldLevelEncryptionConfigRequest":{ "type":"structure", "required":[ @@ -12352,7 +14662,7 @@ ], "members":{ "Name":{ - "shape":"string", + "shape":"FunctionName", "documentation":"

The name of the function that you are updating.

", "location":"uri", "locationName":"Name" @@ -12776,6 +15086,59 @@ }, "payload":"VpcOrigin" }, + "ValidationTokenDetail":{ + "type":"structure", + "required":["Domain"], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain name.

" + }, + "RedirectTo":{ + "shape":"string", + "documentation":"

The domain to redirect to.

" + }, + "RedirectFrom":{ + "shape":"string", + "documentation":"

The domain to redirect from.

" + } + }, + "documentation":"

Contains details about the validation token.

" + }, + "ValidationTokenDetailList":{ + "type":"list", + "member":{"shape":"ValidationTokenDetail"} + }, + "ValidationTokenHost":{ + "type":"string", + "enum":[ + "cloudfront", + "self-hosted" + ] + }, + "VerifyDnsConfigurationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Domain":{ + "shape":"string", + "documentation":"

The domain name that you're verifying.

" + }, + "Identifier":{ + "shape":"string", + "documentation":"

The identifier of the distribution tenant. You can specify the ARN, ID, or name of the distribution tenant.

" + } + } + }, + "VerifyDnsConfigurationResult":{ + "type":"structure", + "members":{ + "DnsConfigurationList":{ + "shape":"DnsConfigurationList", + "documentation":"

The list of domain names, their statuses, and a description of each status.

" + } + } + }, "ViewerCertificate":{ "type":"structure", "members":{ @@ -12784,8 +15147,8 @@ "documentation":"

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, set this field to true.

If the distribution uses Aliases (alternate domain names or CNAMEs), set this field to false and specify values for the following fields:

  • ACMCertificateArn or IAMCertificateId (specify a value for one, not both)

  • MinimumProtocolVersion

  • SSLSupportMethod

" }, "IAMCertificateId":{ - "shape":"string", - "documentation":"

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate.

If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

" + "shape":"ServerCertificateId", + "documentation":"

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide.

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate.

If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

" }, "ACMCertificateArn":{ "shape":"string", @@ -12793,7 +15156,7 @@ }, "SSLSupportMethod":{ "shape":"SSLSupportMethod", - "documentation":"

If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.

  • sni-only – The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.

  • vip – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.

  • static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the Amazon Web Services Support Center.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don't set a value for this field.

" + "documentation":"

If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.

  • sni-only – The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.

  • vip – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.

  • static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the Amazon Web ServicesSupport Center.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don't set a value for this field.

" }, "MinimumProtocolVersion":{ "shape":"MinimumProtocolVersion", @@ -12839,6 +15202,10 @@ "shape":"string", "documentation":"

The VPC origin ARN.

" }, + "AccountId":{ + "shape":"string", + "documentation":"

The account ID of the Amazon Web Services account that owns the VPC origin.

" + }, "Status":{ "shape":"string", "documentation":"

The VPC origin status.

" @@ -12866,13 +15233,17 @@ "shape":"string", "documentation":"

The VPC origin ID.

" }, + "OwnerAccountId":{ + "shape":"string", + "documentation":"

The account ID of the Amazon Web Services account that owns the VPC origin.

" + }, "OriginReadTimeout":{ "shape":"integer", - "documentation":"

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the origin response timeout. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.

For more information, see Response timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" + "documentation":"

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the origin response timeout. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.

For more information, see Response timeout in the Amazon CloudFront Developer Guide.

" }, "OriginKeepaliveTimeout":{ "shape":"integer", - "documentation":"

Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.

For more information, see Keep-alive timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" + "documentation":"

Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.

For more information, see Keep-alive timeout (custom origins only) in the Amazon CloudFront Developer Guide.

" } }, "documentation":"

An Amazon CloudFront VPC origin configuration.

" @@ -12897,11 +15268,11 @@ }, "HTTPPort":{ "shape":"integer", - "documentation":"

The HTTP port for the CloudFront VPC origin endpoint configuration.

" + "documentation":"

The HTTP port for the CloudFront VPC origin endpoint configuration. The default value is 80.

" }, "HTTPSPort":{ "shape":"integer", - "documentation":"

The HTTPS port of the CloudFront VPC origin endpoint configuration.

" + "documentation":"

The HTTPS port of the CloudFront VPC origin endpoint configuration. The default value is 443.

" }, "OriginProtocolPolicy":{ "shape":"OriginProtocolPolicy", @@ -12983,6 +15354,10 @@ "shape":"string", "documentation":"

The VPC origin summary ARN.

" }, + "AccountId":{ + "shape":"string", + "documentation":"

The account ID of the Amazon Web Services account that owns the VPC origin.

" + }, "OriginEndpointArn":{ "shape":"string", "documentation":"

The VPC origin summary origin endpoint ARN.

" @@ -12997,6 +15372,21 @@ "locationName":"VpcOriginSummary" } }, + "WebAclCustomization":{ + "type":"structure", + "required":["Action"], + "members":{ + "Action":{ + "shape":"CustomizationActionType", + "documentation":"

The action for the WAF web ACL customization. You can specify override to specify a separate WAF web ACL for the distribution tenant. If you specify disable, the distribution tenant won't have WAF web ACL protections and won't inherit from the multi-tenant distribution.

" + }, + "Arn":{ + "shape":"string", + "documentation":"

The Amazon Resource Name (ARN) of the WAF web ACL.

" + } + }, + "documentation":"

The WAF web ACL customization specified for the distribution tenant.

" + }, "aliasString":{ "type":"string", "max":253, diff -pruN 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/waiters-2.json 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/waiters-2.json --- 2.23.6-1/awscli/botocore/data/cloudfront/2020-05-31/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudfront/2020-05-31/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,6 +25,18 @@ "expected" : "Completed" } ] }, + "InvalidationForDistributionTenantCompleted" : { + "description" : "Wait until an invalidation for distribution tenant has completed.", + "delay" : 20, + "maxAttempts" : 30, + "operation" : "GetInvalidationForDistributionTenant", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Invalidation.Status", + "state" : "success", + "expected" : "Completed" + } ] + }, "StreamingDistributionDeployed" : { "description" : "Wait until a streaming distribution is deployed.", "delay" : 60, diff -pruN 2.23.6-1/awscli/botocore/data/cloudfront-keyvaluestore/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudfront-keyvaluestore/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudfront-keyvaluestore/2022-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudfront-keyvaluestore/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,26 +4,26 @@ "KvsARN": { "required": false, "documentation": "The ARN of the Key Value Store", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cloudhsm/2014-05-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudhsm/2014-05-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudhsm/2014-05-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudhsm/2014-05-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/cloudhsm/2014-05-30/service-2.json 2.31.35-1/awscli/botocore/data/cloudhsm/2014-05-30/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudhsm/2014-05-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudhsm/2014-05-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"cloudhsm", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"CloudHSM", "serviceFullName":"Amazon CloudHSM", "serviceId":"CloudHSM", "signatureVersion":"v4", "targetPrefix":"CloudHsmFrontendService", - "uid":"cloudhsm-2014-05-30" + "uid":"cloudhsm-2014-05-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddTagsToResource":{ @@ -424,8 +426,7 @@ }, "CloudHsmInternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Indicates that an internal error occurred.

", "exception":true, "fault":true @@ -893,8 +894,7 @@ }, "InvalidRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Indicates that one or more of the request parameters are not valid.

", "exception":true }, @@ -908,8 +908,7 @@ }, "ListAvailableZonesRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the inputs for the ListAvailableZones action.

" }, "ListAvailableZonesResponse":{ diff -pruN 2.23.6-1/awscli/botocore/data/cloudhsmv2/2017-04-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudhsmv2/2017-04-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudhsmv2/2017-04-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudhsmv2/2017-04-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cloudhsmv2/2017-04-28/service-2.json 2.31.35-1/awscli/botocore/data/cloudhsmv2/2017-04-28/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudhsmv2/2017-04-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudhsmv2/2017-04-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1335,8 +1335,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1364,8 +1363,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "VpcId":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/cloudsearch/2013-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudsearch/2013-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudsearch/2013-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudsearch/2013-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/cloudsearch/2013-01-01/service-2.json 2.31.35-1/awscli/botocore/data/cloudsearch/2013-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudsearch/2013-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudsearch/2013-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2013-01-01", "endpointPrefix":"cloudsearch", "protocol":"query", + "protocols":["query"], "serviceFullName":"Amazon CloudSearch", "serviceId":"CloudSearch", "signatureVersion":"v4", "uid":"cloudsearch-2013-01-01", - "xmlNamespace":"http://cloudsearch.amazonaws.com/doc/2013-01-01/" + "xmlNamespace":"http://cloudsearch.amazonaws.com/doc/2013-01-01/", + "auth":["aws.auth#sigv4"] }, "operations":{ "BuildSuggesters":{ @@ -1193,8 +1195,7 @@ }, "DisabledOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because it attempted an operation which is not enabled.

", "error":{ "code":"DisabledAction", @@ -1609,8 +1610,7 @@ }, "InternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An internal error occurred while processing the request. If this problem persists, report an issue from the Service Health Dashboard.

", "error":{ "code":"InternalException", @@ -1620,8 +1620,7 @@ }, "InvalidTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because it specified an invalid type definition.

", "error":{ "code":"InvalidType", @@ -1659,8 +1658,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because a resource limit has already been met.

", "error":{ "code":"LimitExceeded", @@ -1828,8 +1826,7 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because it attempted to create a resource that already exists.

", "error":{ "code":"ResourceAlreadyExists", @@ -1840,8 +1837,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because it attempted to reference a resource that does not exist.

", "error":{ "code":"ResourceNotFound", @@ -2111,8 +2107,7 @@ "UpdateTimestamp":{"type":"timestamp"}, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was rejected because it has invalid parameters.

", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/paginators-1.json 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,3 @@ +{ + "pagination": {} +} diff -pruN 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/service-2.json 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudsearchdomain/2013-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"cloudsearchdomain", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon CloudSearch Domain", "serviceId":"CloudSearch Domain", "signatureVersion":"v4", "signingName":"cloudsearch", - "uid":"cloudsearchdomain-2013-01-01" + "uid":"cloudsearchdomain-2013-01-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "Search":{ diff -pruN 2.23.6-1/awscli/botocore/data/cloudtrail/2013-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudtrail/2013-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudtrail/2013-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudtrail/2013-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cloudtrail/2013-11-01/service-2.json 2.31.35-1/awscli/botocore/data/cloudtrail/2013-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudtrail/2013-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudtrail/2013-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -459,6 +459,29 @@ "documentation":"

Returns the specified dashboard.

", "idempotent":true }, + "GetEventConfiguration":{ + "name":"GetEventConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetEventConfigurationRequest"}, + "output":{"shape":"GetEventConfigurationResponse"}, + "errors":[ + {"shape":"CloudTrailARNInvalidException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"EventDataStoreARNInvalidException"}, + {"shape":"EventDataStoreNotFoundException"}, + {"shape":"InvalidEventDataStoreStatusException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidEventDataStoreCategoryException"}, + {"shape":"NoManagementAccountSLRExistsException"}, + {"shape":"InvalidParameterCombinationException"} + ], + "documentation":"

Retrieves the current event configuration settings for the specified event data store, including details about maximum event size and context key selectors configured for the event data store.

", + "idempotent":true + }, "GetEventDataStore":{ "name":"GetEventDataStore", "http":{ @@ -814,6 +837,35 @@ "documentation":"

Looks up management events or CloudTrail Insights events that are captured by CloudTrail. You can look up events that occurred in a Region within the last 90 days.

LookupEvents returns recent Insights events for trails that enable Insights. To view Insights events for an event data store, you can run queries on your Insights event data store, and you can also view the Lake dashboard for Insights.

Lookup supports the following attributes for management events:

  • Amazon Web Services access key

  • Event ID

  • Event name

  • Event source

  • Read only

  • Resource name

  • Resource type

  • User name

Lookup supports the following attributes for Insights events:

  • Event ID

  • Event name

  • Event source

All attributes are optional. The default number of results returned is 50, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results.

The rate of lookup requests is limited to two per second, per account, per Region. If this limit is exceeded, a throttling error occurs.

", "idempotent":true }, + "PutEventConfiguration":{ + "name":"PutEventConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"PutEventConfigurationRequest"}, + "output":{"shape":"PutEventConfigurationResponse"}, + "errors":[ + {"shape":"EventDataStoreARNInvalidException"}, + {"shape":"EventDataStoreNotFoundException"}, + {"shape":"InvalidEventDataStoreStatusException"}, + {"shape":"InvalidEventDataStoreCategoryException"}, + {"shape":"InactiveEventDataStoreException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"CloudTrailARNInvalidException"}, + {"shape":"ConflictException"}, + {"shape":"NotOrganizationMasterAccountException"}, + {"shape":"NoManagementAccountSLRExistsException"}, + {"shape":"InsufficientDependencyServiceAccessPermissionException"}, + {"shape":"InsufficientIAMAccessPermissionException"} + ], + "documentation":"

Updates the event configuration settings for the specified event data store. You can update the maximum event size and context key selectors.

", + "idempotent":true + }, "PutEventSelectors":{ "name":"PutEventSelectors", "http":{ @@ -909,7 +961,8 @@ {"shape":"OrganizationNotInAllFeaturesModeException"}, {"shape":"OrganizationsNotInUseException"}, {"shape":"UnsupportedOperationException"}, - {"shape":"OperationNotPermittedException"} + {"shape":"OperationNotPermittedException"}, + {"shape":"InsufficientIAMAccessPermissionException"} ], "documentation":"

Registers an organization’s member account as the CloudTrail delegated administrator.

", "idempotent":true @@ -1019,7 +1072,8 @@ {"shape":"UnsupportedOperationException"}, {"shape":"NotOrganizationMasterAccountException"}, {"shape":"NoManagementAccountSLRExistsException"}, - {"shape":"InsufficientDependencyServiceAccessPermissionException"} + {"shape":"InsufficientDependencyServiceAccessPermissionException"}, + {"shape":"ConflictException"} ], "documentation":"

Starts the ingestion of live events on an event data store specified as either an ARN or the ID portion of the ARN. To start ingestion, the event data store Status must be STOPPED_INGESTION and the eventCategory must be Management, Data, NetworkActivity, or ConfigurationItem.

" }, @@ -1118,7 +1172,8 @@ {"shape":"UnsupportedOperationException"}, {"shape":"NotOrganizationMasterAccountException"}, {"shape":"NoManagementAccountSLRExistsException"}, - {"shape":"InsufficientDependencyServiceAccessPermissionException"} + {"shape":"InsufficientDependencyServiceAccessPermissionException"}, + {"shape":"ConflictException"} ], "documentation":"

Stops the ingestion of live events on an event data store specified as either an ARN or the ID portion of the ARN. To stop ingestion, the event data store Status must be ENABLED and the eventCategory must be Management, Data, NetworkActivity, or ConfigurationItem.

" }, @@ -1289,15 +1344,13 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You do not have sufficient access to perform this action.

", "exception":true }, "AccountHasOngoingImportException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when you start a new import and a previous import is still in progress.

", "exception":true }, @@ -1309,22 +1362,19 @@ }, "AccountNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified account is not found or not part of an organization.

", "exception":true }, "AccountNotRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified account is not registered as the CloudTrail delegated administrator.

", "exception":true }, "AccountRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the account is already registered as the CloudTrail delegated administrator.

", "exception":true }, @@ -1348,8 +1398,7 @@ }, "AddTagsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the objects or data if successful. Otherwise, returns an error.

" }, "AdvancedEventSelector":{ @@ -1463,8 +1512,7 @@ }, "CannotDelegateManagementAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the management account of an organization is registered as the CloudTrail delegated administrator.

", "exception":true }, @@ -1484,15 +1532,13 @@ }, "ChannelARNInvalidException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified value of ChannelARN is not valid.

", "exception":true }, "ChannelAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided channel already exists.

", "exception":true }, @@ -1504,15 +1550,13 @@ }, "ChannelExistsForEDSException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified event data store cannot yet be deleted because it is in use by a channel.

", "exception":true }, "ChannelMaxLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the maximum number of channels limit is exceeded.

", "exception":true }, @@ -1524,8 +1568,7 @@ }, "ChannelNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when CloudTrail cannot find the specified channel.

", "exception":true }, @@ -1535,46 +1578,63 @@ }, "CloudTrailARNInvalidException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when an operation is called with an ARN that is not valid.

The following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

The following is the format of an event data store ARN: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

The following is the format of a dashboard ARN: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash

The following is the format of a channel ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

", "exception":true }, "CloudTrailAccessNotEnabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when trusted access has not been enabled between CloudTrail and Organizations. For more information, see How to enable or disable trusted access in the Organizations User Guide and Prepare For Creating a Trail For Your Organization in the CloudTrail User Guide.

", "exception":true }, "CloudTrailInvalidClientTokenIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when a call results in the InvalidClientTokenId error code. This can occur when you are creating or updating a trail to send notifications to an Amazon SNS topic that is in a suspended Amazon Web Services account.

", "exception":true }, "CloudWatchLogsDeliveryUnavailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Cannot set a CloudWatch Logs delivery for this Region.

", "exception":true }, "ConcurrentModificationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You are trying to update a resource when another request is in progress. Allow sufficient wait time for the previous request to complete, then retry your request.

", "exception":true }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified resource is not ready for an operation. This can occur when you try to run an operation on a resource before CloudTrail has time to fully load the resource, or because another operation is modifying the resource. If this exception occurs, wait a few minutes, and then try the operation again.

", "exception":true }, + "ContextKeySelector":{ + "type":"structure", + "required":[ + "Type", + "Equals" + ], + "members":{ + "Type":{ + "shape":"Type", + "documentation":"

Specifies the type of the event record field in ContextKeySelector. Valid values include RequestContext, TagContext.

" + }, + "Equals":{ + "shape":"OperatorTargetList", + "documentation":"

A list of keys defined by Type to be included in CloudTrail enriched events.

" + } + }, + "documentation":"

An object that contains information types to be included in CloudTrail enriched events.

" + }, + "ContextKeySelectors":{ + "type":"list", + "member":{"shape":"ContextKeySelector"}, + "max":2 + }, "CreateChannelRequest":{ "type":"structure", "required":[ @@ -1791,7 +1851,7 @@ }, "SnsTopicName":{ "shape":"String", - "documentation":"

Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

" + "documentation":"

Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

" }, "IncludeGlobalServiceEvents":{ "shape":"Boolean", @@ -1954,8 +2014,7 @@ "Date":{"type":"timestamp"}, "DelegatedAdminAccountLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the maximum number of CloudTrail delegated administrators is reached.

", "exception":true }, @@ -1971,8 +2030,7 @@ }, "DeleteChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDashboardRequest":{ "type":"structure", @@ -1986,8 +2044,7 @@ }, "DeleteDashboardResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventDataStoreRequest":{ "type":"structure", @@ -2001,8 +2058,7 @@ }, "DeleteEventDataStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourcePolicyRequest":{ "type":"structure", @@ -2016,8 +2072,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrailRequest":{ "type":"structure", @@ -2032,8 +2087,7 @@ }, "DeleteTrailResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the objects or data listed below if successful. Otherwise, returns an error.

" }, "DeliveryS3Uri":{ @@ -2068,8 +2122,7 @@ }, "DeregisterOrganizationDelegatedAdminResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the following response if successful. Otherwise, returns an error.

" }, "DescribeQueryRequest":{ @@ -2374,15 +2427,13 @@ }, "EventDataStoreARNInvalidException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified event data store ARN is not valid or does not map to an event data store in your account.

", "exception":true }, "EventDataStoreAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An event data store with that name already exists.

", "exception":true }, @@ -2394,15 +2445,13 @@ }, "EventDataStoreFederationEnabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot delete the event data store because Lake query federation is enabled. To delete the event data store, run the DisableFederation operation to disable Lake query federation on the event data store.

", "exception":true }, "EventDataStoreHasOngoingImportException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when you try to update or delete an event data store that currently has an import in progress.

", "exception":true }, @@ -2420,8 +2469,7 @@ }, "EventDataStoreMaxLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Your account has used the maximum number of event data stores.

", "exception":true }, @@ -2433,8 +2481,7 @@ }, "EventDataStoreNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified event data store was not found.

", "exception":true }, @@ -2451,8 +2498,7 @@ }, "EventDataStoreTerminationProtectedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The event data store cannot be deleted because termination protection is enabled for it.

", "exception":true }, @@ -2555,8 +2601,7 @@ }, "GenerateResponseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when a valid query could not be generated for the provided prompt.

", "exception":true }, @@ -2654,6 +2699,32 @@ } } }, + "GetEventConfigurationRequest":{ + "type":"structure", + "members":{ + "EventDataStore":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to retrieve event configuration settings.

" + } + } + }, + "GetEventConfigurationResponse":{ + "type":"structure", + "members":{ + "EventDataStoreArn":{ + "shape":"EventDataStoreArn", + "documentation":"

The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings are returned.

" + }, + "MaxEventSize":{ + "shape":"MaxEventSize", + "documentation":"

The maximum allowed size for events stored in the specified event data store.

" + }, + "ContextKeySelectors":{ + "shape":"ContextKeySelectors", + "documentation":"

The list of context key selectors that are configured for the event data store.

" + } + } + }, "GetEventDataStoreRequest":{ "type":"structure", "required":["EventDataStore"], @@ -3068,8 +3139,7 @@ }, "ImportNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified import was not found.

", "exception":true }, @@ -3152,15 +3222,13 @@ }, "InactiveEventDataStoreException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The event data store is inactive.

", "exception":true }, "InactiveQueryException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified query cannot be canceled because it is in the FINISHED, FAILED, TIMED_OUT, or CANCELLED state.

", "exception":true }, @@ -3192,8 +3260,7 @@ }, "InsightNotEnabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

If you run GetInsightSelectors on a trail or event data store that does not have Insights events enabled, the operation throws the exception InsightNotEnabledException.

", "exception":true }, @@ -3246,234 +3313,207 @@ }, "InsufficientDependencyServiceAccessPermissionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the IAM identity that is used to create the organization resource lacks one or more required permissions for creating an organization resource in a required service.

", "exception":true }, "InsufficientEncryptionPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

For the CreateTrail PutInsightSelectors, UpdateTrail, StartQuery, and StartImport operations, this exception is thrown when the policy on the S3 bucket or KMS key does not have sufficient permissions for the operation.

For all other operations, this exception is thrown when the policy for the KMS key does not have sufficient permissions for the operation.

", "exception":true }, + "InsufficientIAMAccessPermissionException":{ + "type":"structure", + "members":{}, + "documentation":"

The task can't be completed because you are signed in with an account that lacks permissions to view or create a service-linked role. Sign in with an account that has the required permissions and then try again.

", + "exception":true + }, "InsufficientS3BucketPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the policy on the S3 bucket is not sufficient.

", "exception":true }, "InsufficientSnsTopicPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the policy on the Amazon SNS topic is not sufficient.

", "exception":true }, "Integer":{"type":"integer"}, "InvalidCloudWatchLogsLogGroupArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided CloudWatch Logs log group is not valid.

", "exception":true }, "InvalidCloudWatchLogsRoleArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided role is not valid.

", "exception":true }, "InvalidDateRangeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A date range for the query was specified that is not valid. Be sure that the start time is chronologically before the end time. For more information about writing a query, see Create or edit a query in the CloudTrail User Guide.

", "exception":true }, "InvalidEventCategoryException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Occurs if an event category that is not valid is specified as a value of EventCategory.

", "exception":true }, "InvalidEventDataStoreCategoryException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when event categories of specified event data stores are not valid.

", "exception":true }, "InvalidEventDataStoreStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The event data store is not in a status that supports the operation.

", "exception":true }, "InvalidEventSelectorsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the PutEventSelectors operation is called with a number of event selectors, advanced event selectors, or data resources that is not valid. The combination of event selectors or advanced event selectors and data resources is not valid. A trail can have up to 5 event selectors. If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. A trail is limited to 250 data resources. These data resources can be distributed across event selectors, but the overall total cannot exceed 250.

You can:

  • Specify a valid number of event selectors (1 to 5) for a trail.

  • Specify a valid number of data resources (1 to 250) for an event selector. The limit of number of resources on an individual event selector is configurable up to 250. However, this upper limit is allowed only if the total number of data resources does not exceed 250 across all event selectors for a trail.

  • Specify up to 500 values for all conditions in all advanced event selectors for a trail.

  • Specify a valid value for a parameter. For example, specifying the ReadWriteType parameter with a value of read-only is not valid.

", "exception":true }, "InvalidHomeRegionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when an operation is called on a trail from a Region other than the Region in which the trail was created.

", "exception":true }, "InvalidImportSourceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided source S3 bucket is not valid for import.

", "exception":true }, "InvalidInsightSelectorsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

For PutInsightSelectors, this exception is thrown when the formatting or syntax of the InsightSelectors JSON statement is not valid, or the specified InsightType in the InsightSelectors statement is not valid. Valid values for InsightType are ApiCallRateInsight and ApiErrorRateInsight. To enable Insights on an event data store, the destination event data store specified by the InsightsDestination parameter must log Insights events and the source event data store specified by the EventDataStore parameter must log management events.

For UpdateEventDataStore, this exception is thrown if Insights are enabled on the event data store and the updated advanced event selectors are not compatible with the configured InsightSelectors. If the InsightSelectors includes an InsightType of ApiCallRateInsight, the source event data store must log write management events. If the InsightSelectors includes an InsightType of ApiErrorRateInsight, the source event data store must log management events.

", "exception":true }, "InvalidKmsKeyIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the KMS key ARN is not valid.

", "exception":true }, "InvalidLookupAttributesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Occurs when a lookup attribute is specified that is not valid.

", "exception":true }, "InvalidMaxResultsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown if the limit specified is not valid.

", "exception":true }, "InvalidNextTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A token that is not valid, or a token that was previously used in a request with different parameters. This exception is thrown if the token is not valid.

", "exception":true }, "InvalidParameterCombinationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the combination of parameters provided is not valid.

", "exception":true }, "InvalidParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request includes a parameter that is not valid.

", "exception":true }, "InvalidQueryStatementException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The query that was submitted has validation errors, or uses incorrect syntax or unsupported keywords. For more information about writing a query, see Create or edit a query in the CloudTrail User Guide.

", "exception":true }, "InvalidQueryStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The query status is not valid for the operation.

", "exception":true }, "InvalidS3BucketNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided S3 bucket name is not valid.

", "exception":true }, "InvalidS3PrefixException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided S3 prefix is not valid.

", "exception":true }, "InvalidSnsTopicNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided SNS topic name is not valid.

", "exception":true }, "InvalidSourceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified value of Source is not valid.

", "exception":true }, "InvalidTagParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified tag key or values are not valid. It can also occur if there are duplicate tags or too many tags on the resource.

", "exception":true }, "InvalidTimeRangeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or the time range is outside the range of possible values.

", "exception":true }, "InvalidTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Reserved for future use.

", "exception":true }, "InvalidTrailNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

  • Start with a letter or number, and end with a letter or number

  • Be between 3 and 128 characters

  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

  • Not be in IP address format (for example, 192.168.5.4)

", "exception":true }, "KmsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when there is an issue with the specified KMS key and the trail or event data store can't be updated.

", "exception":true }, "KmsKeyDisabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is no longer in use.

", "deprecated":true, "exception":true }, "KmsKeyNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the KMS key does not exist, when the S3 bucket and the KMS key are not in the same Region, or when the KMS key associated with the Amazon SNS topic either does not exist or is not in the same Region.

", "exception":true }, @@ -3871,7 +3911,7 @@ "type":"string", "max":1024, "min":3, - "pattern":"^[a-zA-Z0-9._/\\-:]+$" + "pattern":"^[a-zA-Z0-9._/\\-:*]+$" }, "Long":{"type":"long"}, "LookupAttribute":{ @@ -3960,11 +4000,17 @@ }, "MaxConcurrentQueriesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You are already running the maximum number of concurrent queries. The maximum number of concurrent queries is 10. Wait a minute for some queries to finish, and then run the query again.

", "exception":true }, + "MaxEventSize":{ + "type":"string", + "enum":[ + "Standard", + "Large" + ] + }, "MaxQueryResults":{ "type":"integer", "max":1000, @@ -3977,37 +4023,32 @@ }, "MaximumNumberOfTrailsExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the maximum number of trails is reached.

", "exception":true }, "NextToken":{"type":"string"}, "NoManagementAccountSLRExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the management account does not have a service-linked role.

", "exception":true }, "NotOrganizationManagementAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the account making the request is not the organization's management account.

", "exception":true }, "NotOrganizationMasterAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the Amazon Web Services account making the request to create or update an organization trail or event data store is not the management account for an organization in Organizations. For more information, see Prepare For Creating a Trail For Your Organization or Organization event data stores.

", "exception":true }, "OperationNotPermittedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the requested operation is not permitted.

", "exception":true }, @@ -4016,6 +4057,17 @@ "member":{"shape":"OperatorValue"}, "min":1 }, + "OperatorTargetList":{ + "type":"list", + "member":{"shape":"OperatorTargetListMember"}, + "max":50, + "min":1 + }, + "OperatorTargetListMember":{ + "type":"string", + "max":128, + "min":1 + }, "OperatorValue":{ "type":"string", "max":2048, @@ -4024,15 +4076,13 @@ }, "OrganizationNotInAllFeaturesModeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when Organizations is not configured to support all features. All features must be enabled in Organizations to support creating an organization trail or event data store.

", "exception":true }, "OrganizationsNotInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the request is made from an Amazon Web Services account that is not a member of an organization. To make this request, sign in using the credentials of an account that belongs to an organization.

", "exception":true }, @@ -4109,6 +4159,44 @@ "type":"list", "member":{"shape":"PublicKey"} }, + "PutEventConfigurationRequest":{ + "type":"structure", + "required":[ + "MaxEventSize", + "ContextKeySelectors" + ], + "members":{ + "EventDataStore":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to update event configuration settings.

" + }, + "MaxEventSize":{ + "shape":"MaxEventSize", + "documentation":"

The maximum allowed size for events to be stored in the specified event data store. If you are using context key selectors, MaxEventSize must be set to Large.

" + }, + "ContextKeySelectors":{ + "shape":"ContextKeySelectors", + "documentation":"

A list of context key selectors that will be included to provide enriched event data.

" + } + } + }, + "PutEventConfigurationResponse":{ + "type":"structure", + "members":{ + "EventDataStoreArn":{ + "shape":"EventDataStoreArn", + "documentation":"

The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings were updated.

" + }, + "MaxEventSize":{ + "shape":"MaxEventSize", + "documentation":"

The maximum allowed size for events stored in the specified event data store.

" + }, + "ContextKeySelectors":{ + "shape":"ContextKeySelectors", + "documentation":"

The list of context key selectors that are configured for the event data store.

" + } + } + }, "PutEventSelectorsRequest":{ "type":"structure", "required":["TrailName"], @@ -4251,8 +4339,7 @@ }, "QueryIdNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The query ID does not exist or does not map to a query.

", "exception":true }, @@ -4435,8 +4522,7 @@ }, "RegisterOrganizationDelegatedAdminResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the following response if successful. Otherwise, returns an error.

" }, "RemoveTagsRequest":{ @@ -4459,8 +4545,7 @@ }, "RemoveTagsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the objects or data listed below if successful. Otherwise, returns an error.

" }, "RequestWidget":{ @@ -4505,8 +4590,7 @@ }, "ResourceARNNotValidException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the provided resource does not exist, or the ARN format of the resource is not valid.

The following is the format of an event data store ARN: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

The following is the format of a dashboard ARN: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash

The following is the format of a channel ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

", "exception":true }, @@ -4527,8 +4611,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified resource is not found.

", "exception":true }, @@ -4539,15 +4622,13 @@ }, "ResourcePolicyNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified resource policy is not found.

", "exception":true }, "ResourcePolicyNotValidException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the resouce-based policy has syntax errors, or contains a principal that is not valid.

", "exception":true }, @@ -4571,8 +4652,7 @@ }, "ResourceTypeNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified resource type is not supported by CloudTrail.

", "exception":true }, @@ -4646,8 +4726,7 @@ }, "S3BucketDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified S3 bucket does not exist.

", "exception":true }, @@ -4760,8 +4839,7 @@ }, "ServiceQuotaExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the quota is exceeded. For information about CloudTrail quotas, see Service quotas in the Amazon Web Services General Reference.

", "exception":true }, @@ -4820,8 +4898,7 @@ }, "StartEventDataStoreIngestionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartImportRequest":{ "type":"structure", @@ -4898,8 +4975,7 @@ }, "StartLoggingResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the objects or data listed below if successful. Otherwise, returns an error.

" }, "StartQueryRequest":{ @@ -4952,8 +5028,7 @@ }, "StopEventDataStoreIngestionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopImportRequest":{ "type":"structure", @@ -5019,8 +5094,7 @@ }, "StopLoggingResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Returns the objects or data listed below if successful. Otherwise, returns an error.

" }, "String":{"type":"string"}, @@ -5051,8 +5125,7 @@ }, "TagsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of tags per trail, event data store, dashboard, or channel has exceeded the permitted amount. Currently, the limit is 50.

", "exception":true }, @@ -5065,8 +5138,7 @@ "TerminationProtectionEnabled":{"type":"boolean"}, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the request rate exceeds the limit.

", "exception":true }, @@ -5151,8 +5223,7 @@ }, "TrailAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the specified trail already exists.

", "exception":true }, @@ -5184,15 +5255,13 @@ }, "TrailNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the trail with the given name is not found.

", "exception":true }, "TrailNotProvidedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is no longer in use.

", "exception":true }, @@ -5200,6 +5269,13 @@ "type":"list", "member":{"shape":"TrailInfo"} }, + "Type":{ + "type":"string", + "enum":[ + "TagContext", + "RequestContext" + ] + }, "UUID":{ "type":"string", "max":36, @@ -5208,8 +5284,7 @@ }, "UnsupportedOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception is thrown when the requested operation is not supported.

", "exception":true }, @@ -5432,7 +5507,7 @@ }, "SnsTopicName":{ "shape":"String", - "documentation":"

Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

" + "documentation":"

Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

" }, "IncludeGlobalServiceEvents":{ "shape":"Boolean", diff -pruN 2.23.6-1/awscli/botocore/data/cloudtrail-data/2021-08-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudtrail-data/2021-08-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudtrail-data/2021-08-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudtrail-data/2021-08-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/cloudwatch/2010-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cloudwatch/2010-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cloudwatch/2010-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudwatch/2010-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,161 +57,170 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://monitoring.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-us-gov" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://monitoring-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://monitoring.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseDualStack" }, true ] @@ -221,119 +230,201 @@ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] - }, - "aws-us-gov" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } ] } ], - "endpoint": { - "url": "https://monitoring.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://monitoring-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": "https://monitoring-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://monitoring-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://monitoring.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://monitoring.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://monitoring.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://monitoring.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json 2.31.35-1/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json --- 2.23.6-1/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cloudwatch/2010-08-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,7 @@ "errors":[ {"shape":"ResourceNotFound"} ], - "documentation":"

Deletes the specified alarms. You can delete up to 100 alarms in one operation. However, this total can include no more than one composite alarm. For example, you could delete 99 metric alarms and one composite alarms with one operation, but you can't delete two composite alarms with one operation.

If you specify an incorrect alarm name or make any other error in the operation, no alarms are deleted. To confirm that alarms were deleted successfully, you can use the DescribeAlarms operation after using DeleteAlarms.

It is possible to create a loop or cycle of composite alarms, where composite alarm A depends on composite alarm B, and composite alarm B also depends on composite alarm A. In this scenario, you can't delete any composite alarm that is part of the cycle because there is always still a composite alarm that depends on that alarm that you want to delete.

To get out of such a situation, you must break the cycle by changing the rule of one of the composite alarms in the cycle to remove a dependency that creates the cycle. The simplest change to make to break a cycle is to change the AlarmRule of one of the alarms to false.

Additionally, the evaluation of composite alarms stops if CloudWatch detects a cycle in the evaluation path.

" + "documentation":"

Deletes the specified alarms. You can delete up to 100 alarms in one operation. However, this total can include no more than one composite alarm. For example, you could delete 99 metric alarms and one composite alarms with one operation, but you can't delete two composite alarms with one operation.

If you specify any incorrect alarm names, the alarms you specify with correct names are still deleted. Other syntax errors might result in no alarms being deleted. To confirm that alarms were deleted successfully, you can use the DescribeAlarms operation after using DeleteAlarms.

It is possible to create a loop or cycle of composite alarms, where composite alarm A depends on composite alarm B, and composite alarm B also depends on composite alarm A. In this scenario, you can't delete any composite alarm that is part of the cycle because there is always still a composite alarm that depends on that alarm that you want to delete.

To get out of such a situation, you must break the cycle by changing the rule of one of the composite alarms in the cycle to remove a dependency that creates the cycle. The simplest change to make to break a cycle is to change the AlarmRule of one of the alarms to false.

Additionally, the evaluation of composite alarms stops if CloudWatch detects a cycle in the evaluation path.

" }, "DeleteAnomalyDetector":{ "name":"DeleteAnomalyDetector", @@ -60,7 +60,8 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"DashboardNotFoundError"}, - {"shape":"InternalServiceFault"} + {"shape":"InternalServiceFault"}, + {"shape":"ConflictException"} ], "documentation":"

Deletes all dashboards that you specify. You can specify up to 100 dashboards to delete. If there is an error during this call, no dashboards are deleted.

" }, @@ -99,6 +100,23 @@ ], "documentation":"

Permanently deletes the metric stream that you specify.

" }, + "DescribeAlarmContributors":{ + "name":"DescribeAlarmContributors", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeAlarmContributorsInput"}, + "output":{ + "shape":"DescribeAlarmContributorsOutput", + "resultWrapper":"DescribeAlarmContributorsResult" + }, + "errors":[ + {"shape":"InvalidNextToken"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Returns the information of the current alarm contributors that are in ALARM state. This operation returns details about the individual time series that contribute to the alarm's state.

" + }, "DescribeAlarmHistory":{ "name":"DescribeAlarmHistory", "http":{ @@ -470,7 +488,8 @@ }, "errors":[ {"shape":"DashboardInvalidInputError"}, - {"shape":"InternalServiceFault"} + {"shape":"InternalServiceFault"}, + {"shape":"ConflictException"} ], "documentation":"

Creates a dashboard if it does not already exist, or updates an existing dashboard. If you update a dashboard, the entire contents are replaced with what you specify here.

All dashboards in your account are global, not region-specific.

A simple way to create a dashboard using PutDashboard is to copy an existing dashboard. To copy an existing dashboard using the console, you can load the dashboard and then use the View/edit source command in the Actions menu to display the JSON block for that dashboard. Another way to copy a dashboard is to use GetDashboard, and then use the data returned within DashboardBody as the template for the new dashboard when you call PutDashboard.

When you create a dashboard with PutDashboard, a good practice is to add a text widget at the top of the dashboard with a message that the dashboard was created by script and should not be changed in the console. This message could also point console users to the location of the DashboardBody script or the CloudFormation template used to create the dashboard.

" }, @@ -621,7 +640,8 @@ {"shape":"InvalidParameterValueException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConcurrentModificationException"}, - {"shape":"InternalServiceFault"} + {"shape":"InternalServiceFault"}, + {"shape":"ConflictException"} ], "documentation":"

Assigns one or more tags (key-value pairs) to the specified CloudWatch resource. Currently, the only CloudWatch resources that can be tagged are alarms and Contributor Insights rules.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

You can use the TagResource action with an alarm that already has tags. If you specify a new tag key for the alarm, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces the previous value for that tag.

You can associate as many as 50 tags with a CloudWatch resource.

" }, @@ -640,7 +660,8 @@ {"shape":"InvalidParameterValueException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConcurrentModificationException"}, - {"shape":"InternalServiceFault"} + {"shape":"InternalServiceFault"}, + {"shape":"ConflictException"} ], "documentation":"

Removes one or more tags from the specified resource.

" } @@ -675,6 +696,43 @@ "max":1600, "min":1 }, + "AlarmContributor":{ + "type":"structure", + "required":[ + "ContributorId", + "ContributorAttributes", + "StateReason" + ], + "members":{ + "ContributorId":{ + "shape":"ContributorId", + "documentation":"

The unique identifier for this alarm contributor.

" + }, + "ContributorAttributes":{ + "shape":"ContributorAttributes", + "documentation":"

A map of attributes that describe the contributor, such as metric dimensions and other identifying characteristics.

" + }, + "StateReason":{ + "shape":"StateReason", + "documentation":"

An explanation for the contributor's current state, providing context about why it is in its current condition.

" + }, + "StateTransitionedTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp when the contributor last transitioned to its current state.

" + } + }, + "documentation":"

Represents an individual contributor to a multi-timeseries alarm, containing information about a specific time series and its contribution to the alarm's state.

", + "xmlOrder":[ + "ContributorId", + "ContributorAttributes", + "StateReason", + "StateTransitionedTimestamp" + ] + }, + "AlarmContributors":{ + "type":"list", + "member":{"shape":"AlarmContributor"} + }, "AlarmDescription":{ "type":"string", "max":1024, @@ -687,6 +745,10 @@ "shape":"AlarmName", "documentation":"

The descriptive name for the alarm.

" }, + "AlarmContributorId":{ + "shape":"ContributorId", + "documentation":"

The unique identifier of the alarm contributor associated with this history item, if applicable.

" + }, "AlarmType":{ "shape":"AlarmType", "documentation":"

The type of alarm, either metric alarm or composite alarm.

" @@ -706,6 +768,10 @@ "HistoryData":{ "shape":"HistoryData", "documentation":"

Data about the alarm, in JSON format.

" + }, + "AlarmContributorAttributes":{ + "shape":"ContributorAttributes", + "documentation":"

A map of attributes that describe the alarm contributor associated with this history item, providing context about the contributor's characteristics at the time of the event.

" } }, "documentation":"

Represents the history of a specific alarm.

" @@ -852,6 +918,16 @@ "type":"list", "member":{"shape":"AnomalyDetector"} }, + "AttributeName":{ + "type":"string", + "max":255, + "min":1 + }, + "AttributeValue":{ + "type":"string", + "max":1024, + "min":1 + }, "AwsQueryErrorMessage":{"type":"string"}, "BatchFailures":{ "type":"list", @@ -978,8 +1054,7 @@ }, "ConcurrentModificationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

More than one process tried to modify a resource at the same time.

", "error":{ "code":"ConcurrentModificationException", @@ -988,6 +1063,25 @@ }, "exception":true }, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

This operation attempted to create a resource that already exists.

", + "exception":true + }, + "ContributorAttributes":{ + "type":"map", + "key":{"shape":"AttributeName"}, + "value":{"shape":"AttributeValue"}, + "max":30 + }, + "ContributorId":{ + "type":"string", + "max":1024, + "min":1 + }, "Counts":{ "type":"list", "member":{"shape":"DatapointValue"} @@ -1188,8 +1282,7 @@ }, "DeleteAnomalyDetectorOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDashboardsInput":{ "type":"structure", @@ -1203,8 +1296,7 @@ }, "DeleteDashboardsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInsightRulesInput":{ "type":"structure", @@ -1237,7 +1329,34 @@ }, "DeleteMetricStreamOutput":{ "type":"structure", + "members":{} + }, + "DescribeAlarmContributorsInput":{ + "type":"structure", + "required":["AlarmName"], "members":{ + "AlarmName":{ + "shape":"AlarmName", + "documentation":"

The name of the alarm for which to retrieve contributor information.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token returned by a previous call to indicate that there is more data available.

" + } + } + }, + "DescribeAlarmContributorsOutput":{ + "type":"structure", + "required":["AlarmContributors"], + "members":{ + "AlarmContributors":{ + "shape":"AlarmContributors", + "documentation":"

A list of alarm contributors that provide details about the individual time series contributing to the alarm's state.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token that marks the start of the next batch of returned results.

" + } } }, "DescribeAlarmHistoryInput":{ @@ -1247,6 +1366,10 @@ "shape":"AlarmName", "documentation":"

The name of the alarm.

" }, + "AlarmContributorId":{ + "shape":"ContributorId", + "documentation":"

The unique identifier of a specific alarm contributor to filter the alarm history results.

" + }, "AlarmTypes":{ "shape":"AlarmTypes", "documentation":"

Use this parameter to specify whether you want the operation to return metric alarms or composite alarms. If you omit this parameter, only metric alarms are returned.

" @@ -1782,7 +1905,7 @@ }, "StartTime":{ "shape":"Timestamp", - "documentation":"

The time stamp indicating the earliest data to be returned.

The value specified is inclusive; results include data points with the specified time stamp.

CloudWatch rounds the specified time stamp as follows:

  • Start time less than 15 days ago - Round down to the nearest whole minute. For example, 12:32:34 is rounded down to 12:32:00.

  • Start time between 15 and 63 days ago - Round down to the nearest 5-minute clock interval. For example, 12:32:34 is rounded down to 12:30:00.

  • Start time greater than 63 days ago - Round down to the nearest 1-hour clock interval. For example, 12:32:34 is rounded down to 12:00:00.

If you set Period to 5, 10, or 30, the start time of your request is rounded down to the nearest time that corresponds to even 5-, 10-, or 30-second divisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23 for the previous 10-second period, the start time of your request is rounded down and you receive data from 01:05:10 to 01:05:20. If you make a query at 15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you receive data timestamped between 15:02:15 and 15:07:15.

For better performance, specify StartTime and EndTime values that align with the value of the metric's Period and sync up with the beginning and end of an hour. For example, if the Period of a metric is 5 minutes, specifying 12:05 or 12:30 as StartTime can get a faster response from CloudWatch than setting 12:07 or 12:29 as the StartTime.

" + "documentation":"

The time stamp indicating the earliest data to be returned.

The value specified is inclusive; results include data points with the specified time stamp.

CloudWatch rounds the specified time stamp as follows:

  • Start time less than 15 days ago - Round down to the nearest whole minute. For example, 12:32:34 is rounded down to 12:32:00.

  • Start time between 15 and 63 days ago - Round down to the nearest 5-minute clock interval. For example, 12:32:34 is rounded down to 12:30:00.

  • Start time greater than 63 days ago - Round down to the nearest 1-hour clock interval. For example, 12:32:34 is rounded down to 12:00:00.

If you set Period to 5, 10, 20, or 30, the start time of your request is rounded down to the nearest time that corresponds to even 5-, 10-, 20-, or 30-second divisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23 for the previous 10-second period, the start time of your request is rounded down and you receive data from 01:05:10 to 01:05:20. If you make a query at 15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you receive data timestamped between 15:02:15 and 15:07:15.

For better performance, specify StartTime and EndTime values that align with the value of the metric's Period and sync up with the beginning and end of an hour. For example, if the Period of a metric is 5 minutes, specifying 12:05 or 12:30 as StartTime can get a faster response from CloudWatch than setting 12:07 or 12:29 as the StartTime.

" }, "EndTime":{ "shape":"Timestamp", @@ -1849,7 +1972,7 @@ }, "StartTime":{ "shape":"Timestamp", - "documentation":"

The time stamp that determines the first data point to return. Start times are evaluated relative to the time that CloudWatch receives the request.

The value specified is inclusive; results include data points with the specified time stamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for example, 2016-10-03T23:00:00Z).

CloudWatch rounds the specified time stamp as follows:

  • Start time less than 15 days ago - Round down to the nearest whole minute. For example, 12:32:34 is rounded down to 12:32:00.

  • Start time between 15 and 63 days ago - Round down to the nearest 5-minute clock interval. For example, 12:32:34 is rounded down to 12:30:00.

  • Start time greater than 63 days ago - Round down to the nearest 1-hour clock interval. For example, 12:32:34 is rounded down to 12:00:00.

If you set Period to 5, 10, or 30, the start time of your request is rounded down to the nearest time that corresponds to even 5-, 10-, or 30-second divisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23 for the previous 10-second period, the start time of your request is rounded down and you receive data from 01:05:10 to 01:05:20. If you make a query at 15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you receive data timestamped between 15:02:15 and 15:07:15.

" + "documentation":"

The time stamp that determines the first data point to return. Start times are evaluated relative to the time that CloudWatch receives the request.

The value specified is inclusive; results include data points with the specified time stamp. In a raw HTTP query, the time stamp must be in ISO 8601 UTC format (for example, 2016-10-03T23:00:00Z).

CloudWatch rounds the specified time stamp as follows:

  • Start time less than 15 days ago - Round down to the nearest whole minute. For example, 12:32:34 is rounded down to 12:32:00.

  • Start time between 15 and 63 days ago - Round down to the nearest 5-minute clock interval. For example, 12:32:34 is rounded down to 12:30:00.

  • Start time greater than 63 days ago - Round down to the nearest 1-hour clock interval. For example, 12:32:34 is rounded down to 12:00:00.

If you set Period to 5, 10, 20, or 30, the start time of your request is rounded down to the nearest time that corresponds to even 5-, 10-, 20-, or 30-second divisions of a minute. For example, if you make a query at (HH:mm:ss) 01:05:23 for the previous 10-second period, the start time of your request is rounded down and you receive data from 01:05:10 to 01:05:20. If you make a query at 15:07:17 for the previous 5 minutes of data, using a period of 5 seconds, you receive data timestamped between 15:02:15 and 15:07:15.

" }, "EndTime":{ "shape":"Timestamp", @@ -1857,7 +1980,7 @@ }, "Period":{ "shape":"Period", - "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData call that includes a StorageResolution of 1 second.

If the StartTime parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:

  • Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).

  • Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).

  • Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).

" + "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 20, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData call that includes a StorageResolution of 1 second.

If the StartTime parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:

  • Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).

  • Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).

  • Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).

" }, "Statistics":{ "shape":"Statistics", @@ -1982,7 +2105,9 @@ "enum":[ "ConfigurationUpdate", "StateUpdate", - "Action" + "Action", + "AlarmContributorStateUpdate", + "AlarmContributorAction" ] }, "HistorySummary":{ @@ -2020,6 +2145,10 @@ "ManagedRule":{ "shape":"InsightRuleIsManaged", "documentation":"

An optional built-in rule that Amazon Web Services manages.

" + }, + "ApplyOnTransformedLogs":{ + "shape":"InsightRuleOnTransformedLogs", + "documentation":"

Displays whether the rule is evaluated on the transformed versions of logs, for log groups that have Log transformation enabled. If this is false, log events are evaluated before they are transformed.

" } }, "documentation":"

This structure contains the definition for a Contributor Insights rule. For more information about this rule, see Using Constributor Insights to analyze high-cardinality data in the Amazon CloudWatch User Guide.

" @@ -2159,6 +2288,7 @@ "type":"list", "member":{"shape":"InsightRuleName"} }, + "InsightRuleOnTransformedLogs":{"type":"boolean"}, "InsightRuleOrderBy":{ "type":"string", "max":32, @@ -2274,8 +2404,7 @@ "LastModified":{"type":"timestamp"}, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The operation exceeded one or more limits.

", "error":{ "code":"LimitExceededException", @@ -2401,7 +2530,7 @@ }, "Dimensions":{ "shape":"DimensionFilters", - "documentation":"

The dimensions to filter against. Only the dimensions that match exactly will be returned.

" + "documentation":"

The dimensions to filter against. Only the dimension with names that match exactly will be returned. If you specify one dimension name and a metric has that dimension and also other dimensions, it will be returned.

" }, "NextToken":{ "shape":"NextToken", @@ -2778,7 +2907,7 @@ }, "Period":{ "shape":"Period", - "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData operation that includes a StorageResolution of 1 second.

" + "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 20, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData operation that includes a StorageResolution of 1 second.

" }, "AccountId":{ "shape":"AccountId", @@ -2908,7 +3037,7 @@ }, "Period":{ "shape":"Period", - "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData call that includes a StorageResolution of 1 second.

If the StartTime parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:

  • Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).

  • Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).

  • Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).

" + "documentation":"

The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 20, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a PutMetricData call that includes a StorageResolution of 1 second.

If the StartTime parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:

  • Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).

  • Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).

  • Start time greater than 63 days ago - Use a multiple of 3600 seconds (1 hour).

" }, "Stat":{ "shape":"Stat", @@ -3159,8 +3288,7 @@ }, "PutAnomalyDetectorOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutCompositeAlarmInput":{ "type":"structure", @@ -3175,7 +3303,7 @@ }, "AlarmActions":{ "shape":"ResourceList", - "documentation":"

The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).

Valid Values: ]

Amazon SNS actions:

arn:aws:sns:region:account-id:sns-topic-name

Lambda actions:

  • Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name

  • Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number

  • Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name

Systems Manager actions:

arn:aws:ssm:region:account-id:opsitem:severity

Start a Amazon Q Developer operational investigation

arn:aws:aiops:region:account-id:investigation-group:ingestigation-group-id

" + "documentation":"

The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).

Valid Values: ]

Amazon SNS actions:

arn:aws:sns:region:account-id:sns-topic-name

Lambda actions:

  • Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name

  • Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number

  • Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name

Systems Manager actions:

arn:aws:ssm:region:account-id:opsitem:severity

Start a Amazon Q Developer operational investigation

arn:aws:aiops:region:account-id:investigation-group:investigation-group-id

" }, "AlarmDescription":{ "shape":"AlarmDescription", @@ -3263,13 +3391,16 @@ "Tags":{ "shape":"TagList", "documentation":"

A list of key-value pairs to associate with the Contributor Insights rule. You can associate as many as 50 tags with a rule.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only the resources that have certain tag values.

To be able to associate tags with a rule, you must have the cloudwatch:TagResource permission in addition to the cloudwatch:PutInsightRule permission.

If you are using this operation to update an existing Contributor Insights rule, any tags you specify in this parameter are ignored. To change the tags of an existing rule, use TagResource.

" + }, + "ApplyOnTransformedLogs":{ + "shape":"InsightRuleOnTransformedLogs", + "documentation":"

Specify true to have this rule evaluate log events after they have been transformed by Log transformation. If you specify true, then the log events in log groups that have transformers will be evaluated by Contributor Insights after being transformed. Log groups that don't have transformers will still have their original log events evaluated by Contributor Insights.

The default is false

If a log group has a transformer, and transformation fails for some log events, those log events won't be evaluated by Contributor Insights. For information about investigating log transformation failures, see Transformation metrics and errors.

" } } }, "PutInsightRuleOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutManagedInsightRulesInput":{ "type":"structure", @@ -3316,7 +3447,7 @@ }, "AlarmActions":{ "shape":"ResourceList", - "documentation":"

The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). Valid values:

EC2 actions:

  • arn:aws:automate:region:ec2:stop

  • arn:aws:automate:region:ec2:terminate

  • arn:aws:automate:region:ec2:reboot

  • arn:aws:automate:region:ec2:recover

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Recover/1.0

Autoscaling action:

  • arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name

Lambda actions:

  • Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name

  • Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number

  • Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name

SNS notification action:

  • arn:aws:sns:region:account-id:sns-topic-name

SSM integration actions:

  • arn:aws:ssm:region:account-id:opsitem:severity#CATEGORY=category-name

  • arn:aws:ssm-incidents::account-id:responseplan/response-plan-name

Start a Amazon Q Developer operational investigation

arn:aws:aiops:region:account-id:investigation-group:ingestigation-group-id

" + "documentation":"

The actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). Valid values:

EC2 actions:

  • arn:aws:automate:region:ec2:stop

  • arn:aws:automate:region:ec2:terminate

  • arn:aws:automate:region:ec2:reboot

  • arn:aws:automate:region:ec2:recover

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Terminate/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Reboot/1.0

  • arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Recover/1.0

Autoscaling action:

  • arn:aws:autoscaling:region:account-id:scalingPolicy:policy-id:autoScalingGroupName/group-friendly-name:policyName/policy-friendly-name

Lambda actions:

  • Invoke the latest version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name

  • Invoke a specific version of a Lambda function: arn:aws:lambda:region:account-id:function:function-name:version-number

  • Invoke a function by using an alias Lambda function: arn:aws:lambda:region:account-id:function:function-name:alias-name

SNS notification action:

  • arn:aws:sns:region:account-id:sns-topic-name

SSM integration actions:

  • arn:aws:ssm:region:account-id:opsitem:severity#CATEGORY=category-name

  • arn:aws:ssm-incidents::account-id:responseplan/response-plan-name

Start a Amazon Q Developer operational investigation

arn:aws:aiops:region:account-id:investigation-group:investigation-group-id

" }, "InsufficientDataActions":{ "shape":"ResourceList", @@ -3344,7 +3475,7 @@ }, "Period":{ "shape":"Period", - "documentation":"

The length, in seconds, used each time the metric specified in MetricName is evaluated. Valid values are 10, 30, and any multiple of 60.

Period is required for alarms based on static thresholds. If you are creating an alarm based on a metric math expression, you specify the period for each metric within the objects in the Metrics array.

Be sure to specify 10 or 30 only for metrics that are stored by a PutMetricData call with a StorageResolution of 1. If you specify a period of 10 or 30 for a metric that does not have sub-minute resolution, the alarm still attempts to gather data at the period rate that you specify. In this case, it does not receive data for the attempts that do not correspond to a one-minute data resolution, and the alarm might often lapse into INSUFFICENT_DATA status. Specifying 10 or 30 also sets this alarm as a high-resolution alarm, which has a higher charge than other alarms. For more information about pricing, see Amazon CloudWatch Pricing.

An alarm's total current evaluation period can be no longer than one day, so Period multiplied by EvaluationPeriods cannot be more than 86,400 seconds.

" + "documentation":"

The length, in seconds, used each time the metric specified in MetricName is evaluated. Valid values are 10, 20, 30, and any multiple of 60.

Period is required for alarms based on static thresholds. If you are creating an alarm based on a metric math expression, you specify the period for each metric within the objects in the Metrics array.

Be sure to specify 10, 20, or 30 only for metrics that are stored by a PutMetricData call with a StorageResolution of 1. If you specify a period of 10, 20, or 30 for a metric that does not have sub-minute resolution, the alarm still attempts to gather data at the period rate that you specify. In this case, it does not receive data for the attempts that do not correspond to a one-minute data resolution, and the alarm might often lapse into INSUFFICENT_DATA status. Specifying 10, 20, or 30 also sets this alarm as a high-resolution alarm, which has a higher charge than other alarms. For more information about pricing, see Amazon CloudWatch Pricing.

An alarm's total current evaluation period can be no longer than seven days, so Period multiplied by EvaluationPeriods can't be more than 604,800 seconds. For alarms with a period of less than one hour (3,600 seconds), the total evaluation period can't be longer than one day (86,400 seconds).

" }, "Unit":{ "shape":"StandardUnit", @@ -3352,7 +3483,7 @@ }, "EvaluationPeriods":{ "shape":"EvaluationPeriods", - "documentation":"

The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an \"M out of N\" alarm, this value is the N.

An alarm's total current evaluation period can be no longer than one day, so this number multiplied by Period cannot be more than 86,400 seconds.

" + "documentation":"

The number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an \"M out of N\" alarm, this value is the N.

" }, "DatapointsToAlarm":{ "shape":"DatapointsToAlarm", @@ -3406,7 +3537,7 @@ }, "StrictEntityValidation":{ "shape":"StrictEntityValidation", - "documentation":"

Whether to accept valid metric data when an invalid entity is sent.

  • When set to true: Any validation error (for entity or metric data) will fail the entire request, and no data will be ingested. The failed operation will return a 400 result with the error.

  • When set to false: Validation errors in the entity will not associate the metric with the entity, but the metric data will still be accepted and ingested. Validation errors in the metric data will fail the entire request, and no data will be ingested.

    In the case of an invalid entity, the operation will return a 200 status, but an additional response header will contain information about the validation errors. The new header, X-Amzn-Failure-Message is an enumeration of the following values:

    • InvalidEntity - The provided entity is invalid.

    • InvalidKeyAttributes - The provided KeyAttributes of an entity is invalid.

    • InvalidAttributes - The provided Attributes of an entity is invalid.

    • InvalidTypeValue - The provided Type in the KeyAttributes of an entity is invalid.

    • EntitySizeTooLarge - The number of EntityMetricData objects allowed is 2.

    • MissingRequiredFields - There are missing required fields in the KeyAttributes for the provided Type.

    For details of the requirements for specifying an entity, see How to add related information to telemetry in the CloudWatch User Guide.

This parameter is required when EntityMetricData is included.

", + "documentation":"

Whether to accept valid metric data when an invalid entity is sent.

  • When set to true: Any validation error (for entity or metric data) will fail the entire request, and no data will be ingested. The failed operation will return a 400 result with the error.

  • When set to false: Validation errors in the entity will not associate the metric with the entity, but the metric data will still be accepted and ingested. Validation errors in the metric data will fail the entire request, and no data will be ingested.

    In the case of an invalid entity, the operation will return a 200 status, but an additional response header will contain information about the validation errors. The new header, X-Amzn-Failure-Message is an enumeration of the following values:

    • InvalidEntity - The provided entity is invalid.

    • InvalidKeyAttributes - The provided KeyAttributes of an entity is invalid.

    • InvalidAttributes - The provided Attributes of an entity is invalid.

    • InvalidTypeValue - The provided Type in the KeyAttributes of an entity is invalid.

    • EntitySizeTooLarge - The number of EntityMetricData objects allowed is 2.

    • MissingRequiredFields - There are missing required fields in the KeyAttributes for the provided Type.

    For details of the requirements for specifying an entity, see How to add related information to telemetry in the CloudWatch User Guide.

This parameter is required when EntityMetricData is included.

", "box":true } } @@ -3640,8 +3771,7 @@ }, "StartMetricStreamsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Stat":{"type":"string"}, "StateReason":{ @@ -3727,8 +3857,7 @@ }, "StopMetricStreamsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StorageResolution":{ "type":"integer", @@ -3786,8 +3915,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3830,8 +3958,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Values":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/codeartifact/2018-09-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codeartifact/2018-09-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codeartifact/2018-09-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeartifact/2018-09-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codeartifact/2018-09-22/service-2.json 2.31.35-1/awscli/botocore/data/codeartifact/2018-09-22/service-2.json --- 2.23.6-1/awscli/botocore/data/codeartifact/2018-09-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeartifact/2018-09-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4256,8 +4256,7 @@ }, "TagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4303,8 +4302,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePackageGroupOriginConfigurationRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/paginators-1.json 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/paginators-1.json --- 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -68,6 +68,24 @@ "limit_key": "maxResults", "output_token": "nextToken", "result_key": "ids" + }, + "ListCommandExecutionsForSandbox": { + "input_token": "nextToken", + "limit_key": "maxResults", + "output_token": "nextToken", + "result_key": "commandExecutions" + }, + "ListSandboxes": { + "input_token": "nextToken", + "limit_key": "maxResults", + "output_token": "nextToken", + "result_key": "ids" + }, + "ListSandboxesForProject": { + "input_token": "nextToken", + "limit_key": "maxResults", + "output_token": "nextToken", + "result_key": "ids" } } } diff -pruN 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/service-2.json 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/service-2.json --- 2.23.6-1/awscli/botocore/data/codebuild/2016-10-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codebuild/2016-10-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,6 +53,19 @@ ], "documentation":"

Gets information about one or more builds.

" }, + "BatchGetCommandExecutions":{ + "name":"BatchGetCommandExecutions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"BatchGetCommandExecutionsInput"}, + "output":{"shape":"BatchGetCommandExecutionsOutput"}, + "errors":[ + {"shape":"InvalidInputException"} + ], + "documentation":"

Gets information about the command executions.

" + }, "BatchGetFleets":{ "name":"BatchGetFleets", "http":{ @@ -105,6 +118,19 @@ ], "documentation":"

Returns an array of reports.

" }, + "BatchGetSandboxes":{ + "name":"BatchGetSandboxes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"BatchGetSandboxesInput"}, + "output":{"shape":"BatchGetSandboxesOutput"}, + "errors":[ + {"shape":"InvalidInputException"} + ], + "documentation":"

Gets information about the sandbox status.

" + }, "CreateFleet":{ "name":"CreateFleet", "http":{ @@ -411,6 +437,20 @@ ], "documentation":"

Gets a list of build identifiers for the specified build project, with each build identifier representing a single build.

" }, + "ListCommandExecutionsForSandbox":{ + "name":"ListCommandExecutionsForSandbox", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListCommandExecutionsForSandboxInput"}, + "output":{"shape":"ListCommandExecutionsForSandboxOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Gets a list of command executions for a sandbox.

" + }, "ListCuratedEnvironmentImages":{ "name":"ListCuratedEnvironmentImages", "http":{ @@ -487,6 +527,33 @@ ], "documentation":"

Returns a list of ARNs for the reports that belong to a ReportGroup.

" }, + "ListSandboxes":{ + "name":"ListSandboxes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListSandboxesInput"}, + "output":{"shape":"ListSandboxesOutput"}, + "errors":[ + {"shape":"InvalidInputException"} + ], + "documentation":"

Gets a list of sandboxes.

" + }, + "ListSandboxesForProject":{ + "name":"ListSandboxesForProject", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListSandboxesForProjectInput"}, + "output":{"shape":"ListSandboxesForProjectOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Gets a list of sandboxes for a given project.

" + }, "ListSharedProjects":{ "name":"ListSharedProjects", "http":{ @@ -598,6 +665,49 @@ ], "documentation":"

Starts a batch build for a project.

" }, + "StartCommandExecution":{ + "name":"StartCommandExecution", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartCommandExecutionInput"}, + "output":{"shape":"StartCommandExecutionOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Starts a command execution.

" + }, + "StartSandbox":{ + "name":"StartSandbox", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartSandboxInput"}, + "output":{"shape":"StartSandboxOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccountSuspendedException"} + ], + "documentation":"

Starts a sandbox.

" + }, + "StartSandboxConnection":{ + "name":"StartSandboxConnection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartSandboxConnectionInput"}, + "output":{"shape":"StartSandboxConnectionOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Starts a sandbox connection.

" + }, "StopBuild":{ "name":"StopBuild", "http":{ @@ -626,6 +736,20 @@ ], "documentation":"

Stops a running batch build.

" }, + "StopSandbox":{ + "name":"StopSandbox", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopSandboxInput"}, + "output":{"shape":"StopSandboxOutput"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Stops a sandbox.

" + }, "UpdateFleet":{ "name":"UpdateFleet", "http":{ @@ -702,11 +826,16 @@ "shapes":{ "AccountLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An Amazon Web Services service limit was exceeded for the calling Amazon Web Services account.

", "exception":true }, + "AccountSuspendedException":{ + "type":"structure", + "members":{}, + "documentation":"

The CodeBuild access has been suspended for the calling Amazon Web Services account.

", + "exception":true + }, "ArtifactNamespace":{ "type":"string", "enum":[ @@ -830,6 +959,36 @@ } } }, + "BatchGetCommandExecutionsInput":{ + "type":"structure", + "required":[ + "sandboxId", + "commandExecutionIds" + ], + "members":{ + "sandboxId":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxId or sandboxArn.

" + }, + "commandExecutionIds":{ + "shape":"CommandExecutionIds", + "documentation":"

A comma separated list of commandExecutionIds.

" + } + } + }, + "BatchGetCommandExecutionsOutput":{ + "type":"structure", + "members":{ + "commandExecutions":{ + "shape":"CommandExecutions", + "documentation":"

Information about the requested command executions.

" + }, + "commandExecutionsNotFound":{ + "shape":"CommandExecutionIds", + "documentation":"

The IDs of command executions for which information could not be found.

" + } + } + }, "BatchGetFleetsInput":{ "type":"structure", "required":["names"], @@ -922,6 +1081,29 @@ } } }, + "BatchGetSandboxesInput":{ + "type":"structure", + "required":["ids"], + "members":{ + "ids":{ + "shape":"SandboxIds", + "documentation":"

A comma separated list of sandboxIds or sandboxArns.

" + } + } + }, + "BatchGetSandboxesOutput":{ + "type":"structure", + "members":{ + "sandboxes":{ + "shape":"Sandboxes", + "documentation":"

Information about the requested sandboxes.

" + }, + "sandboxesNotFound":{ + "shape":"SandboxIds", + "documentation":"

The IDs of sandboxes for which information could not be found.

" + } + } + }, "BatchReportModeType":{ "type":"string", "enum":[ @@ -1236,6 +1418,10 @@ "debugSessionEnabled":{ "shape":"WrapperBoolean", "documentation":"

Specifies if session debugging is enabled for this batch build. For more information, see Viewing a running build in Session Manager. Batch session debugging is not supported for matrix batch builds.

" + }, + "reportArns":{ + "shape":"BuildReportArns", + "documentation":"

An array that contains the ARNs of reports created by merging reports from builds associated with this batch build.

" } }, "documentation":"

Contains information about a batch build.

" @@ -1584,6 +1770,75 @@ "type":"list", "member":{"shape":"CodeCoverage"} }, + "CommandExecution":{ + "type":"structure", + "members":{ + "id":{ + "shape":"NonEmptyString", + "documentation":"

The ID of the command execution.

" + }, + "sandboxId":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxId.

" + }, + "submitTime":{ + "shape":"Timestamp", + "documentation":"

When the command execution process was initially submitted, expressed in Unix time format.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

When the command execution process started, expressed in Unix time format.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

When the command execution process ended, expressed in Unix time format.

" + }, + "status":{ + "shape":"NonEmptyString", + "documentation":"

The status of the command execution.

" + }, + "command":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

The command that needs to be executed.

" + }, + "type":{ + "shape":"CommandType", + "documentation":"

The command type.

" + }, + "exitCode":{ + "shape":"NonEmptyString", + "documentation":"

The exit code to return upon completion.

" + }, + "standardOutputContent":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

The text written by the command to stdout.

" + }, + "standardErrContent":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

The text written by the command to stderr.

" + }, + "logs":{"shape":"LogsLocation"}, + "sandboxArn":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxArn.

" + } + }, + "documentation":"

Contains command execution information.

" + }, + "CommandExecutionIds":{ + "type":"list", + "member":{"shape":"NonEmptyString"}, + "max":100, + "min":1 + }, + "CommandExecutions":{ + "type":"list", + "member":{"shape":"CommandExecution"} + }, + "CommandType":{ + "type":"string", + "enum":["SHELL"] + }, "ComputeConfiguration":{ "type":"structure", "members":{ @@ -1602,9 +1857,13 @@ "machineType":{ "shape":"MachineType", "documentation":"

The machine type of the instance type included in your fleet.

" + }, + "instanceType":{ + "shape":"NonEmptyString", + "documentation":"

The EC2 instance type to be launched in your fleet.

" } }, - "documentation":"

Contains compute attributes. These attributes only need be specified when your project's or fleet's computeType is set to ATTRIBUTE_BASED_COMPUTE.

" + "documentation":"

Contains compute attributes. These attributes only need be specified when your project's or fleet's computeType is set to ATTRIBUTE_BASED_COMPUTE or CUSTOM_INSTANCE_TYPE.

" }, "ComputeType":{ "type":"string", @@ -1619,7 +1878,8 @@ "BUILD_LAMBDA_4GB", "BUILD_LAMBDA_8GB", "BUILD_LAMBDA_10GB", - "ATTRIBUTE_BASED_COMPUTE" + "ATTRIBUTE_BASED_COMPUTE", + "CUSTOM_INSTANCE_TYPE" ] }, "ComputeTypesAllowed":{ @@ -1649,11 +1909,11 @@ }, "computeType":{ "shape":"ComputeType", - "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" + "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • CUSTOM_INSTANCE_TYPE: Specify the instance type for your compute fleet. For a list of supported instance types, see Supported instance families in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" }, "computeConfiguration":{ "shape":"ComputeConfiguration", - "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE.

" + "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE or CUSTOM_INSTANCE_TYPE.

" }, "scalingConfiguration":{ "shape":"ScalingConfigurationInput", @@ -1853,7 +2113,7 @@ }, "buildType":{ "shape":"WebhookBuildType", - "documentation":"

Specifies the type of build this webhook will trigger.

" + "documentation":"

Specifies the type of build this webhook will trigger.

RUNNER_BUILDKITE_BUILD is only available for NO_SOURCE source type projects configured for Buildkite runner builds. For more information about CodeBuild-hosted Buildkite runner builds, see Tutorial: Configure a CodeBuild-hosted Buildkite runner in the CodeBuild user guide.

" }, "manualCreation":{ "shape":"WrapperBoolean", @@ -1862,6 +2122,10 @@ "scopeConfiguration":{ "shape":"ScopeConfiguration", "documentation":"

The scope configuration for global or organization webhooks.

Global or organization webhooks are only available for GitHub and Github Enterprise webhooks.

" + }, + "pullRequestBuildPolicy":{ + "shape":"PullRequestBuildPolicy", + "documentation":"

A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.

" } } }, @@ -1931,8 +2195,7 @@ }, "DeleteFleetOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectInput":{ "type":"structure", @@ -1946,8 +2209,7 @@ }, "DeleteProjectOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteReportGroupInput":{ "type":"structure", @@ -1965,8 +2227,7 @@ }, "DeleteReportGroupOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteReportInput":{ "type":"structure", @@ -1980,8 +2241,7 @@ }, "DeleteReportOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourcePolicyInput":{ "type":"structure", @@ -1995,8 +2255,7 @@ }, "DeleteResourcePolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSourceCredentialsInput":{ "type":"structure", @@ -2029,8 +2288,7 @@ }, "DeleteWebhookOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeCodeCoveragesInput":{ "type":"structure", @@ -2114,6 +2372,39 @@ } } }, + "DockerServer":{ + "type":"structure", + "required":["computeType"], + "members":{ + "computeType":{ + "shape":"ComputeType", + "documentation":"

Information about the compute resources the docker server uses. Available values include:

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for your docker server.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for your docker server.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for your docker server.

  • BUILD_GENERAL1_XLARGE: Use up to 64 GiB memory and 32 vCPUs for your docker server.

  • BUILD_GENERAL1_2XLARGE: Use up to 128 GiB memory and 64 vCPUs for your docker server.

" + }, + "securityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

A list of one or more security groups IDs.

Security groups configured for Docker servers should allow ingress network traffic from the VPC configured in the project. They should allow ingress on port 9876.

" + }, + "status":{ + "shape":"DockerServerStatus", + "documentation":"

A DockerServerStatus object to use for this docker server.

" + } + }, + "documentation":"

Contains docker server information.

" + }, + "DockerServerStatus":{ + "type":"structure", + "members":{ + "status":{ + "shape":"String", + "documentation":"

The status of the docker server.

" + }, + "message":{ + "shape":"String", + "documentation":"

A message associated with the status of a docker server.

" + } + }, + "documentation":"

Contains information about the status of the docker server.

" + }, "EnvironmentImage":{ "type":"structure", "members":{ @@ -2180,6 +2471,7 @@ "LINUX_GPU_CONTAINER", "ARM_CONTAINER", "WINDOWS_SERVER_2019_CONTAINER", + "WINDOWS_SERVER_2022_CONTAINER", "LINUX_LAMBDA_CONTAINER", "ARM_LAMBDA_CONTAINER", "LINUX_EC2", @@ -2289,11 +2581,11 @@ }, "computeType":{ "shape":"ComputeType", - "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" + "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • CUSTOM_INSTANCE_TYPE: Specify the instance type for your compute fleet. For a list of supported instance types, see Supported instance families in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" }, "computeConfiguration":{ "shape":"ComputeConfiguration", - "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE.

" + "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE or CUSTOM_INSTANCE_TYPE.

" }, "scalingConfiguration":{ "shape":"ScalingConfigurationOutput", @@ -2329,10 +2621,7 @@ "max":100, "min":1 }, - "FleetCapacity":{ - "type":"integer", - "min":1 - }, + "FleetCapacity":{"type":"integer"}, "FleetContextCode":{ "type":"string", "enum":[ @@ -2598,8 +2887,7 @@ }, "InvalidInputException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The input value that was provided is not valid.

", "exception":true }, @@ -2615,8 +2903,7 @@ }, "InvalidateProjectCacheOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "KeyInput":{ "type":"string", @@ -2768,11 +3055,45 @@ } } }, - "ListCuratedEnvironmentImagesInput":{ + "ListCommandExecutionsForSandboxInput":{ "type":"structure", + "required":["sandboxId"], "members":{ + "sandboxId":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxId or sandboxArn.

" + }, + "maxResults":{ + "shape":"PageSize", + "documentation":"

The maximum number of sandbox records to be retrieved.

" + }, + "sortOrder":{ + "shape":"SortOrderType", + "documentation":"

The order in which sandbox records should be retrieved.

" + }, + "nextToken":{ + "shape":"SensitiveString", + "documentation":"

The next token, if any, to get paginated results. You will get this value from previous execution of list sandboxes.

" + } } }, + "ListCommandExecutionsForSandboxOutput":{ + "type":"structure", + "members":{ + "commandExecutions":{ + "shape":"CommandExecutions", + "documentation":"

Information about the requested command executions.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Information about the next token to get paginated results.

" + } + } + }, + "ListCuratedEnvironmentImagesInput":{ + "type":"structure", + "members":{} + }, "ListCuratedEnvironmentImagesOutput":{ "type":"structure", "members":{ @@ -2953,6 +3274,71 @@ } } }, + "ListSandboxesForProjectInput":{ + "type":"structure", + "required":["projectName"], + "members":{ + "projectName":{ + "shape":"NonEmptyString", + "documentation":"

The CodeBuild project name.

" + }, + "maxResults":{ + "shape":"PageSize", + "documentation":"

The maximum number of sandbox records to be retrieved.

" + }, + "sortOrder":{ + "shape":"SortOrderType", + "documentation":"

The order in which sandbox records should be retrieved.

" + }, + "nextToken":{ + "shape":"SensitiveString", + "documentation":"

The next token, if any, to get paginated results. You will get this value from previous execution of list sandboxes.

" + } + } + }, + "ListSandboxesForProjectOutput":{ + "type":"structure", + "members":{ + "ids":{ + "shape":"SandboxIds", + "documentation":"

Information about the requested sandbox IDs.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Information about the next token to get paginated results.

" + } + } + }, + "ListSandboxesInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"PageSize", + "documentation":"

The maximum number of sandbox records to be retrieved.

" + }, + "sortOrder":{ + "shape":"SortOrderType", + "documentation":"

The order in which sandbox records should be retrieved.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The next token, if any, to get paginated results. You will get this value from previous execution of list sandboxes.

" + } + } + }, + "ListSandboxesOutput":{ + "type":"structure", + "members":{ + "ids":{ + "shape":"SandboxIds", + "documentation":"

Information about the requested sandbox IDs.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

Information about the next token to get paginated results.

" + } + } + }, "ListSharedProjectsInput":{ "type":"structure", "members":{ @@ -3023,8 +3409,7 @@ }, "ListSourceCredentialsInput":{ "type":"structure", - "members":{ - } + "members":{} }, "ListSourceCredentialsOutput":{ "type":"structure", @@ -3125,8 +3510,7 @@ }, "OAuthProviderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There was a problem with the underlying OAuth provider.

", "exception":true }, @@ -3397,6 +3781,10 @@ "modes":{ "shape":"ProjectCacheModes", "documentation":"

An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.

Possible values are:

LOCAL_SOURCE_CACHE

Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.

LOCAL_DOCKER_LAYER_CACHE

Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.

  • You can use a Docker layer cache in the Linux environment only.

  • The privileged flag must be set so that your project has the required Docker permissions.

  • You should consider the security implications before you use a Docker layer cache.

LOCAL_CUSTOM_CACHE

Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:

  • Only directories can be specified for caching. You cannot specify individual files.

  • Symlinks are used to reference cached directories.

  • Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.

" + }, + "cacheNamespace":{ + "shape":"String", + "documentation":"

Defines the scope of the cache. You can use this namespace to share a cache across multiple projects. For more information, see Cache sharing between projects in the CodeBuild User Guide.

" } }, "documentation":"

Information about the cache for the build project.

" @@ -3420,7 +3808,7 @@ "members":{ "type":{ "shape":"EnvironmentType", - "documentation":"

The type of build environment to use for related builds.

  • The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).

  • The environment type LINUX_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).

  • The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).

  • The environment types ARM_LAMBDA_CONTAINER and LINUX_LAMBDA_CONTAINER are available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), and South America (São Paulo).

  • The environment types WINDOWS_CONTAINER and WINDOWS_SERVER_2019_CONTAINER are available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), and EU (Ireland).

If you're using compute fleets during project creation, type will be ignored.

For more information, see Build environment compute types in the CodeBuild user guide.

" + "documentation":"

The type of build environment to use for related builds.

If you're using compute fleets during project creation, type will be ignored.

For more information, see Build environment compute types in the CodeBuild user guide.

" }, "image":{ "shape":"NonEmptyString", @@ -3457,6 +3845,10 @@ "imagePullCredentialsType":{ "shape":"ImagePullCredentialsType", "documentation":"

The type of credentials CodeBuild uses to pull images in your build. There are two valid values:

  • CODEBUILD specifies that CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust CodeBuild service principal.

  • SERVICE_ROLE specifies that CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.

" + }, + "dockerServer":{ + "shape":"DockerServer", + "documentation":"

A DockerServer object to use for this build project.

" } }, "documentation":"

Information about the build environment of the build project.

" @@ -3624,6 +4016,52 @@ }, "documentation":"

Information about the proxy configurations that apply network access control to your reserved capacity instances.

" }, + "PullRequestBuildApproverRole":{ + "type":"string", + "enum":[ + "GITHUB_READ", + "GITHUB_TRIAGE", + "GITHUB_WRITE", + "GITHUB_MAINTAIN", + "GITHUB_ADMIN", + "GITLAB_GUEST", + "GITLAB_PLANNER", + "GITLAB_REPORTER", + "GITLAB_DEVELOPER", + "GITLAB_MAINTAINER", + "GITLAB_OWNER", + "BITBUCKET_READ", + "BITBUCKET_WRITE", + "BITBUCKET_ADMIN" + ] + }, + "PullRequestBuildApproverRoles":{ + "type":"list", + "member":{"shape":"PullRequestBuildApproverRole"} + }, + "PullRequestBuildCommentApproval":{ + "type":"string", + "enum":[ + "DISABLED", + "ALL_PULL_REQUESTS", + "FORK_PULL_REQUESTS" + ] + }, + "PullRequestBuildPolicy":{ + "type":"structure", + "required":["requiresCommentApproval"], + "members":{ + "requiresCommentApproval":{ + "shape":"PullRequestBuildCommentApproval", + "documentation":"

Specifies when comment-based approval is required before triggering a build on pull requests. This setting determines whether builds run automatically or require explicit approval through comments.

  • DISABLED: Builds trigger automatically without requiring comment approval

  • ALL_PULL_REQUESTS: All pull requests require comment approval before builds execute (unless contributor is one of the approver roles)

  • FORK_PULL_REQUESTS: Only pull requests from forked repositories require comment approval (unless contributor is one of the approver roles)

" + }, + "approverRoles":{ + "shape":"PullRequestBuildApproverRoles", + "documentation":"

List of repository roles that have approval privileges for pull request builds when comment approval is required. Only users with these roles can provide valid comment approvals. If a pull request contributor is one of these roles, their pull request builds will trigger automatically. This field is only applicable when requiresCommentApproval is not DISABLED.

" + } + }, + "documentation":"

A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.

" + }, "PutResourcePolicyInput":{ "type":"structure", "required":[ @@ -3945,15 +4383,13 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon Web Services resource cannot be created, because an Amazon Web Services resource with the same settings already exists.

", "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon Web Services resource cannot be found.

", "exception":true }, @@ -4056,6 +4492,176 @@ }, "documentation":"

Information about the S3 bucket where the raw data of a report are exported.

" }, + "SSMSession":{ + "type":"structure", + "members":{ + "sessionId":{ + "shape":"String", + "documentation":"

The ID of the session.

" + }, + "tokenValue":{ + "shape":"String", + "documentation":"

An encrypted token value containing session and caller information.

" + }, + "streamUrl":{ + "shape":"String", + "documentation":"

A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node.

" + } + }, + "documentation":"

Contains information about the Session Manager session.

" + }, + "Sandbox":{ + "type":"structure", + "members":{ + "id":{ + "shape":"NonEmptyString", + "documentation":"

The ID of the sandbox.

" + }, + "arn":{ + "shape":"NonEmptyString", + "documentation":"

The ARN of the sandbox.

" + }, + "projectName":{ + "shape":"NonEmptyString", + "documentation":"

The CodeBuild project name.

" + }, + "requestTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox process was initially requested, expressed in Unix time format.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox process started, expressed in Unix time format.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox process ended, expressed in Unix time format.

" + }, + "status":{ + "shape":"String", + "documentation":"

The status of the sandbox.

" + }, + "source":{"shape":"ProjectSource"}, + "sourceVersion":{ + "shape":"NonEmptyString", + "documentation":"

Any version identifier for the version of the sandbox to be built.

" + }, + "secondarySources":{ + "shape":"ProjectSources", + "documentation":"

An array of ProjectSource objects.

" + }, + "secondarySourceVersions":{ + "shape":"ProjectSecondarySourceVersions", + "documentation":"

An array of ProjectSourceVersion objects.

" + }, + "environment":{"shape":"ProjectEnvironment"}, + "fileSystemLocations":{ + "shape":"ProjectFileSystemLocations", + "documentation":"

An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.

" + }, + "timeoutInMinutes":{ + "shape":"WrapperInt", + "documentation":"

How long, in minutes, from 5 to 2160 (36 hours), for CodeBuild to wait before timing out this sandbox if it does not get marked as completed.

" + }, + "queuedTimeoutInMinutes":{ + "shape":"WrapperInt", + "documentation":"

The number of minutes a sandbox is allowed to be queued before it times out.

" + }, + "vpcConfig":{"shape":"VpcConfig"}, + "logConfig":{"shape":"LogsConfig"}, + "encryptionKey":{ + "shape":"NonEmptyString", + "documentation":"

The Key Management Service customer master key (CMK) to be used for encrypting the sandbox output artifacts.

" + }, + "serviceRole":{ + "shape":"NonEmptyString", + "documentation":"

The name of a service role used for this sandbox.

" + }, + "currentSession":{ + "shape":"SandboxSession", + "documentation":"

The current session for the sandbox.

" + } + }, + "documentation":"

Contains sandbox information.

" + }, + "SandboxIds":{ + "type":"list", + "member":{"shape":"NonEmptyString"} + }, + "SandboxSession":{ + "type":"structure", + "members":{ + "id":{ + "shape":"NonEmptyString", + "documentation":"

The ID of the sandbox session.

" + }, + "status":{ + "shape":"String", + "documentation":"

The status of the sandbox session.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox session started, expressed in Unix time format.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox session ended, expressed in Unix time format.

" + }, + "currentPhase":{ + "shape":"String", + "documentation":"

The current phase for the sandbox.

" + }, + "phases":{ + "shape":"SandboxSessionPhases", + "documentation":"

An array of SandboxSessionPhase objects.

" + }, + "resolvedSourceVersion":{ + "shape":"NonEmptyString", + "documentation":"

An identifier for the version of this sandbox's source code.

" + }, + "logs":{"shape":"LogsLocation"}, + "networkInterface":{"shape":"NetworkInterface"} + }, + "documentation":"

Contains information about the sandbox session.

" + }, + "SandboxSessionPhase":{ + "type":"structure", + "members":{ + "phaseType":{ + "shape":"String", + "documentation":"

The name of the sandbox phase.

" + }, + "phaseStatus":{ + "shape":"StatusType", + "documentation":"

The current status of the sandbox phase. Valid values include:

FAILED

The sandbox phase failed.

FAULT

The sandbox phase faulted.

IN_PROGRESS

The sandbox phase is still in progress.

STOPPED

The sandbox phase stopped.

SUCCEEDED

The sandbox phase succeeded.

TIMED_OUT

The sandbox phase timed out.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox phase started, expressed in Unix time format.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

When the sandbox phase ended, expressed in Unix time format.

" + }, + "durationInSeconds":{ + "shape":"WrapperLong", + "documentation":"

How long, in seconds, between the starting and ending times of the sandbox's phase.

" + }, + "contexts":{ + "shape":"PhaseContexts", + "documentation":"

An array of PhaseContext objects.

" + } + }, + "documentation":"

Contains information about the sandbox phase.

" + }, + "SandboxSessionPhases":{ + "type":"list", + "member":{"shape":"SandboxSessionPhase"} + }, + "Sandboxes":{ + "type":"list", + "member":{"shape":"Sandbox"} + }, "ScalingConfigurationInput":{ "type":"structure", "members":{ @@ -4113,7 +4719,7 @@ }, "scope":{ "shape":"WebhookScopeType", - "documentation":"

The type of scope for a GitHub or GitLab webhook.

" + "documentation":"

The type of scope for a GitHub or GitLab webhook. The scope default is GITHUB_ORGANIZATION.

" } }, "documentation":"

Contains configuration information about the scope for a webhook.

" @@ -4412,7 +5018,7 @@ }, "buildspecOverride":{ "shape":"String", - "documentation":"

A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.

If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.

Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket.

" + "documentation":"

A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.

If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.

Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket. Alternatively, you can restrict overrides to the buildspec by using a condition key: Prevent unauthorized modifications to project buildspec.

" }, "insecureSslOverride":{ "shape":"WrapperBoolean", @@ -4505,6 +5111,77 @@ } } }, + "StartCommandExecutionInput":{ + "type":"structure", + "required":[ + "sandboxId", + "command" + ], + "members":{ + "sandboxId":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxId or sandboxArn.

" + }, + "command":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

The command that needs to be executed.

" + }, + "type":{ + "shape":"CommandType", + "documentation":"

The command type.

" + } + } + }, + "StartCommandExecutionOutput":{ + "type":"structure", + "members":{ + "commandExecution":{ + "shape":"CommandExecution", + "documentation":"

Information about the requested command executions.

" + } + } + }, + "StartSandboxConnectionInput":{ + "type":"structure", + "required":["sandboxId"], + "members":{ + "sandboxId":{ + "shape":"NonEmptyString", + "documentation":"

A sandboxId or sandboxArn.

" + } + } + }, + "StartSandboxConnectionOutput":{ + "type":"structure", + "members":{ + "ssmSession":{ + "shape":"SSMSession", + "documentation":"

Information about the Session Manager session.

" + } + } + }, + "StartSandboxInput":{ + "type":"structure", + "members":{ + "projectName":{ + "shape":"NonEmptyString", + "documentation":"

The CodeBuild project name.

" + }, + "idempotencyToken":{ + "shape":"SensitiveString", + "documentation":"

A unique client token.

" + } + } + }, + "StartSandboxOutput":{ + "type":"structure", + "members":{ + "sandbox":{ + "shape":"Sandbox", + "documentation":"

Information about the requested sandbox.

" + } + } + }, "StatusType":{ "type":"string", "enum":[ @@ -4551,6 +5228,25 @@ } } }, + "StopSandboxInput":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"NonEmptyString", + "documentation":"

Information about the requested sandbox ID.

" + } + } + }, + "StopSandboxOutput":{ + "type":"structure", + "members":{ + "sandbox":{ + "shape":"Sandbox", + "documentation":"

Information about the requested sandbox.

" + } + } + }, "String":{"type":"string"}, "Subnets":{ "type":"list", @@ -4629,6 +5325,10 @@ "expired":{ "shape":"Timestamp", "documentation":"

The date and time a test case expires. A test case expires 30 days after it is created. An expired test case is not available to view in CodeBuild.

" + }, + "testSuiteName":{ + "shape":"String", + "documentation":"

The name of the test suite that the test case is a part of.

" } }, "documentation":"

Information about a test case created using a framework such as NUnit or Cucumber. A test case might be a unit test or a configuration test.

" @@ -4698,11 +5398,11 @@ }, "computeType":{ "shape":"ComputeType", - "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" + "documentation":"

Information about the compute resources the compute fleet uses. Available values include:

  • ATTRIBUTE_BASED_COMPUTE: Specify the amount of vCPUs, memory, disk space, and the type of machine.

    If you use ATTRIBUTE_BASED_COMPUTE, you must define your attributes by using computeConfiguration. CodeBuild will select the cheapest instance that satisfies your specified attributes. For more information, see Reserved capacity environment types in the CodeBuild User Guide.

  • CUSTOM_INSTANCE_TYPE: Specify the instance type for your compute fleet. For a list of supported instance types, see Supported instance families in the CodeBuild User Guide.

  • BUILD_GENERAL1_SMALL: Use up to 4 GiB memory and 2 vCPUs for builds.

  • BUILD_GENERAL1_MEDIUM: Use up to 8 GiB memory and 4 vCPUs for builds.

  • BUILD_GENERAL1_LARGE: Use up to 16 GiB memory and 8 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_XLARGE: Use up to 72 GiB memory and 36 vCPUs for builds, depending on your environment type.

  • BUILD_GENERAL1_2XLARGE: Use up to 144 GiB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.

  • BUILD_LAMBDA_1GB: Use up to 1 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_2GB: Use up to 2 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_4GB: Use up to 4 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_8GB: Use up to 8 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

  • BUILD_LAMBDA_10GB: Use up to 10 GiB memory for builds. Only available for environment type LINUX_LAMBDA_CONTAINER and ARM_LAMBDA_CONTAINER.

If you use BUILD_GENERAL1_SMALL:

  • For environment type LINUX_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 16 GiB memory, 4 vCPUs, and 1 NVIDIA A10G Tensor Core GPU for builds.

  • For environment type ARM_CONTAINER, you can use up to 4 GiB memory and 2 vCPUs on ARM-based processors for builds.

If you use BUILD_GENERAL1_LARGE:

  • For environment type LINUX_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs for builds.

  • For environment type LINUX_GPU_CONTAINER, you can use up to 255 GiB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.

  • For environment type ARM_CONTAINER, you can use up to 16 GiB memory and 8 vCPUs on ARM-based processors for builds.

For more information, see On-demand environment types in the CodeBuild User Guide.

" }, "computeConfiguration":{ "shape":"ComputeConfiguration", - "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE.

" + "documentation":"

The compute configuration of the compute fleet. This is only required if computeType is set to ATTRIBUTE_BASED_COMPUTE or CUSTOM_INSTANCE_TYPE.

" }, "scalingConfiguration":{ "shape":"ScalingConfigurationInput", @@ -4921,7 +5621,11 @@ }, "buildType":{ "shape":"WebhookBuildType", - "documentation":"

Specifies the type of build this webhook will trigger.

" + "documentation":"

Specifies the type of build this webhook will trigger.

RUNNER_BUILDKITE_BUILD is only available for NO_SOURCE source type projects configured for Buildkite runner builds. For more information about CodeBuild-hosted Buildkite runner builds, see Tutorial: Configure a CodeBuild-hosted Buildkite runner in the CodeBuild user guide.

" + }, + "pullRequestBuildPolicy":{ + "shape":"PullRequestBuildPolicy", + "documentation":"

A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.

" } } }, @@ -4983,7 +5687,7 @@ }, "buildType":{ "shape":"WebhookBuildType", - "documentation":"

Specifies the type of build this webhook will trigger.

" + "documentation":"

Specifies the type of build this webhook will trigger.

RUNNER_BUILDKITE_BUILD is only available for NO_SOURCE source type projects configured for Buildkite runner builds. For more information about CodeBuild-hosted Buildkite runner builds, see Tutorial: Configure a CodeBuild-hosted Buildkite runner in the CodeBuild user guide.

" }, "manualCreation":{ "shape":"WrapperBoolean", @@ -4996,7 +5700,16 @@ "scopeConfiguration":{ "shape":"ScopeConfiguration", "documentation":"

The scope configuration for global or organization webhooks.

Global or organization webhooks are only available for GitHub and Github Enterprise webhooks.

" - } + }, + "status":{ + "shape":"WebhookStatus", + "documentation":"

The status of the webhook. Valid values include:

  • CREATING: The webhook is being created.

  • CREATE_FAILED: The webhook has failed to create.

  • ACTIVE: The webhook has succeeded and is active.

  • DELETING: The webhook is being deleted.

" + }, + "statusMessage":{ + "shape":"String", + "documentation":"

A message associated with the status of a webhook.

" + }, + "pullRequestBuildPolicy":{"shape":"PullRequestBuildPolicy"} }, "documentation":"

Information about a webhook that connects repository events to a build project in CodeBuild.

" }, @@ -5004,7 +5717,8 @@ "type":"string", "enum":[ "BUILD", - "BUILD_BATCH" + "BUILD_BATCH", + "RUNNER_BUILDKITE_BUILD" ] }, "WebhookFilter":{ @@ -5016,7 +5730,7 @@ "members":{ "type":{ "shape":"WebhookFilterType", - "documentation":"

The type of webhook filter. There are nine webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, COMMIT_MESSAGE, TAG_NAME, RELEASE_NAME, and WORKFLOW_NAME.

  • EVENT

    • A webhook event triggers a build when the provided pattern matches one of nine event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_CLOSED, PULL_REQUEST_REOPENED, PULL_REQUEST_MERGED, RELEASED, PRERELEASED, and WORKFLOW_JOB_QUEUED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.

      Types PULL_REQUEST_REOPENED and WORKFLOW_JOB_QUEUED work with GitHub and GitHub Enterprise only. Types RELEASED and PRERELEASED work with GitHub only.

  • ACTOR_ACCOUNT_ID

    • A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.

  • HEAD_REF

    • A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.

      Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.

  • BASE_REF

    • A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.

      Works with pull request events only.

  • FILE_PATH

    • A webhook triggers a build when the path of a changed file matches the regular expression pattern.

      Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.

  • COMMIT_MESSAGE

    • A webhook triggers a build when the head commit message matches the regular expression pattern.

      Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.

  • TAG_NAME

    • A webhook triggers a build when the tag name of the release matches the regular expression pattern.

      Works with RELEASED and PRERELEASED events only.

  • RELEASE_NAME

    • A webhook triggers a build when the release name matches the regular expression pattern.

      Works with RELEASED and PRERELEASED events only.

  • REPOSITORY_NAME

    • A webhook triggers a build when the repository name matches the regular expression pattern.

      Works with GitHub global or organization webhooks only.

  • WORKFLOW_NAME

    • A webhook triggers a build when the workflow name matches the regular expression pattern.

      Works with WORKFLOW_JOB_QUEUED events only.

" + "documentation":"

The type of webhook filter. There are 11 webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, COMMIT_MESSAGE, TAG_NAME, RELEASE_NAME, REPOSITORY_NAME, ORGANIZATION_NAME, and WORKFLOW_NAME.

  • EVENT

    • A webhook event triggers a build when the provided pattern matches one of nine event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_CLOSED, PULL_REQUEST_REOPENED, PULL_REQUEST_MERGED, RELEASED, PRERELEASED, and WORKFLOW_JOB_QUEUED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.

      Types PULL_REQUEST_REOPENED and WORKFLOW_JOB_QUEUED work with GitHub and GitHub Enterprise only. Types RELEASED and PRERELEASED work with GitHub only.

  • ACTOR_ACCOUNT_ID

    • A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.

  • HEAD_REF

    • A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.

      Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.

  • BASE_REF

    • A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.

      Works with pull request events only.

  • FILE_PATH

    • A webhook triggers a build when the path of a changed file matches the regular expression pattern.

      Works with push and pull request events only.

  • COMMIT_MESSAGE

    • A webhook triggers a build when the head commit message matches the regular expression pattern.

      Works with push and pull request events only.

  • TAG_NAME

    • A webhook triggers a build when the tag name of the release matches the regular expression pattern.

      Works with RELEASED and PRERELEASED events only.

  • RELEASE_NAME

    • A webhook triggers a build when the release name matches the regular expression pattern.

      Works with RELEASED and PRERELEASED events only.

  • REPOSITORY_NAME

    • A webhook triggers a build when the repository name matches the regular expression pattern.

      Works with GitHub global or organization webhooks only.

  • ORGANIZATION_NAME

    • A webhook triggers a build when the organization name matches the regular expression pattern.

      Works with GitHub global webhooks only.

  • WORKFLOW_NAME

    • A webhook triggers a build when the workflow name matches the regular expression pattern.

      Works with WORKFLOW_JOB_QUEUED events only.

      For CodeBuild-hosted Buildkite runner builds, WORKFLOW_NAME filters will filter by pipeline name.
" }, "pattern":{ "shape":"String", @@ -5027,7 +5741,7 @@ "documentation":"

Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.

" } }, - "documentation":"

A filter used to determine which webhooks trigger a build.

" + "documentation":"

A filter used to determine which webhooks trigger a build.

" }, "WebhookFilterType":{ "type":"string", @@ -5041,7 +5755,8 @@ "WORKFLOW_NAME", "TAG_NAME", "RELEASE_NAME", - "REPOSITORY_NAME" + "REPOSITORY_NAME", + "ORGANIZATION_NAME" ] }, "WebhookScopeType":{ @@ -5052,6 +5767,15 @@ "GITLAB_GROUP" ] }, + "WebhookStatus":{ + "type":"string", + "enum":[ + "CREATING", + "CREATE_FAILED", + "ACTIVE", + "DELETING" + ] + }, "WrapperBoolean":{"type":"boolean"}, "WrapperDouble":{"type":"double"}, "WrapperInt":{"type":"integer"}, diff -pruN 2.23.6-1/awscli/botocore/data/codecatalyst/2022-09-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codecatalyst/2022-09-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codecatalyst/2022-09-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codecatalyst/2022-09-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codecommit/2015-04-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codecommit/2015-04-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codecommit/2015-04-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codecommit/2015-04-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codecommit/2015-04-13/service-2.json 2.31.35-1/awscli/botocore/data/codecommit/2015-04-13/service-2.json --- 2.23.6-1/awscli/botocore/data/codecommit/2015-04-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codecommit/2015-04-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2060,8 +2060,7 @@ "AccountId":{"type":"string"}, "ActorDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon Resource Name (ARN) does not exist in the Amazon Web Services account.

", "exception":true }, @@ -2129,15 +2128,13 @@ }, "ApprovalRuleContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The content for the approval rule is empty. You must provide some content for an approval rule. The content cannot be null.

", "exception":true }, "ApprovalRuleDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified approval rule does not exist.

", "exception":true }, @@ -2167,15 +2164,13 @@ }, "ApprovalRuleNameAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An approval rule with that name already exists. Approval rule names must be unique within the scope of a pull request.

", "exception":true }, "ApprovalRuleNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An approval rule name is required, but was not specified.

", "exception":true }, @@ -2238,8 +2233,7 @@ }, "ApprovalRuleTemplateContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The content for the approval rule template is empty. You must provide some content for an approval rule template. The content cannot be null.

", "exception":true }, @@ -2250,16 +2244,14 @@ }, "ApprovalRuleTemplateDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified approval rule template does not exist. Verify that the name is correct and that you are signed in to the Amazon Web Services Region where the template was created, and then try again.

", "exception":true }, "ApprovalRuleTemplateId":{"type":"string"}, "ApprovalRuleTemplateInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval rule template is associated with one or more repositories. You cannot delete a template that is associated with a repository. Remove all associations, and then try again.

", "exception":true }, @@ -2270,8 +2262,7 @@ }, "ApprovalRuleTemplateNameAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot create an approval rule template with that name because a template with that name already exists in this Amazon Web Services Region for your Amazon Web Services account. Approval rule template names must be unique.

", "exception":true }, @@ -2281,8 +2272,7 @@ }, "ApprovalRuleTemplateNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An approval rule template name is required, but was not specified.

", "exception":true }, @@ -2321,8 +2311,7 @@ }, "ApprovalStateRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An approval state is required, but was not specified.

", "exception":true }, @@ -2347,8 +2336,7 @@ }, "AuthorDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon Resource Name (ARN) does not exist in the Amazon Web Services account.

", "exception":true }, @@ -2696,22 +2684,19 @@ }, "BeforeCommitIdAndAfterCommitIdAreSameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The before commit ID and the after commit ID are the same, which is not valid. The before commit ID and the after commit ID must be different commit IDs.

", "exception":true }, "BlobIdDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified blob does not exist.

", "exception":true }, "BlobIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A blob ID is required, but was not specified.

", "exception":true }, @@ -2735,8 +2720,7 @@ }, "BranchDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified branch does not exist.

", "exception":true }, @@ -2761,15 +2745,13 @@ }, "BranchNameExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Cannot create the branch with the specified name because the commit conflicts with an existing branch with the same name. Branch names must be unique.

", "exception":true }, "BranchNameIsTagNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified branch name is not valid because it is a tag name. Enter the name of a branch in the repository. For a list of valid branch names, use ListBranches.

", "exception":true }, @@ -2779,8 +2761,7 @@ }, "BranchNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A branch name is required, but was not specified.

", "exception":true }, @@ -2790,15 +2771,13 @@ }, "CannotDeleteApprovalRuleFromTemplateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval rule cannot be deleted from the pull request because it was created by an approval rule template and applied to the pull request automatically.

", "exception":true }, "CannotModifyApprovalRuleFromTemplateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval rule cannot be modified for the pull request because it was created by an approval rule template and applied to the pull request automatically.

", "exception":true }, @@ -2814,8 +2793,7 @@ "ClientRequestToken":{"type":"string"}, "ClientRequestTokenRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A client request token is required. A client request token is an unique, client-generated idempotency token that, when provided in a request, ensures the request cannot be repeated with a changed parameter. If a request is received with the same parameters and a token is included, the request returns information about the initial request that used that token.

", "exception":true }, @@ -2869,44 +2847,38 @@ }, "CommentContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The comment is empty. You must provide some content for a comment. The content cannot be null.

", "exception":true }, "CommentContentSizeLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The comment is too large. Comments are limited to 10,240 characters.

", "exception":true }, "CommentDeletedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This comment has already been deleted. You cannot edit or delete a deleted comment.

", "exception":true }, "CommentDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

No comment exists with the provided ID. Verify that you have used the correct ID, and then try again.

", "exception":true }, "CommentId":{"type":"string"}, "CommentIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The comment ID is missing or null. A comment ID is required.

", "exception":true }, "CommentNotCreatedByCallerException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot modify or delete this comment. Only comment authors can modify or delete their comments.

", "exception":true }, @@ -3030,23 +3002,20 @@ }, "CommitDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified commit does not exist or no commit was specified, and the specified repository has no default branch.

", "exception":true }, "CommitId":{"type":"string"}, "CommitIdDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified commit ID does not exist.

", "exception":true }, "CommitIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A commit ID was not specified.

", "exception":true }, @@ -3056,22 +3025,19 @@ }, "CommitIdsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of allowed commit IDs in a batch request is 100. Verify that your batch requests contains no more than 100 commit IDs, and then try again.

", "exception":true }, "CommitIdsListRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A list of commit IDs is required, but was either not specified or the list was empty.

", "exception":true }, "CommitMessageLengthExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit message is too long. Provide a shorter string.

", "exception":true }, @@ -3082,15 +3048,13 @@ }, "CommitRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A commit was not specified.

", "exception":true }, "ConcurrentReferenceUpdateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The merge cannot be completed because the target branch has been modified. Another user might have modified the target branch while the merge was in progress. Wait a few minutes, and then try again.

", "exception":true }, @@ -3499,8 +3463,7 @@ "Date":{"type":"string"}, "DefaultBranchCannotBeDeletedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified branch is the default branch for the repository, and cannot be deleted. To delete this branch, you must first set another branch as the default branch.

", "exception":true }, @@ -3855,8 +3818,7 @@ }, "DirectoryNameConflictsWithFileNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A file cannot be added to the repository because the specified path name has the same name as a file that already exists in this repository. Either provide a different name for the file, or specify a different path for the file.

", "exception":true }, @@ -3880,58 +3842,50 @@ "Email":{"type":"string"}, "EncryptionIntegrityChecksFailedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An encryption integrity check failed.

", "exception":true, "fault":true }, "EncryptionKeyAccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An encryption key could not be accessed.

", "exception":true }, "EncryptionKeyDisabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The encryption key is disabled.

", "exception":true }, "EncryptionKeyInvalidIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Key Management Service encryption key is not valid.

", "exception":true }, "EncryptionKeyInvalidUsageException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A KMS encryption key was used to try and encrypt or decrypt a repository, but either the repository or the key was not in a valid state to support the operation.

", "exception":true }, "EncryptionKeyNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

No encryption key was found.

", "exception":true }, "EncryptionKeyRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A KMS encryption key ID is required but was not specified.

", "exception":true }, "EncryptionKeyUnavailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The encryption key is not available.

", "exception":true }, @@ -4016,36 +3970,31 @@ }, "FileContentAndSourceFileSpecifiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because both a source file and file content have been specified for the same file. You cannot provide both. Either specify a source file or provide the file content directly.

", "exception":true }, "FileContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The file cannot be added because it is empty. Empty files cannot be added to the repository with this API.

", "exception":true }, "FileContentSizeLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The file cannot be added because it is too large. The maximum file size is 6 MB, and the combined file content change size is 7 MB. Consider making these changes using a Git client.

", "exception":true }, "FileDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified file does not exist. Verify that you have used the correct file name, full path, and extension.

", "exception":true }, "FileEntryRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because no files have been specified as added, updated, or changed (PutFile or DeleteFile) for the commit.

", "exception":true }, @@ -4073,8 +4022,7 @@ }, "FileModeRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because no file mode has been specified. A file mode is required to update mode permissions for a file.

", "exception":true }, @@ -4106,15 +4054,13 @@ }, "FileNameConflictsWithDirectoryNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A file cannot be added to the repository because the specified file name has the same name as a directory in this repository. Either provide another name for the file, or add the file in a directory that does not match the file name.

", "exception":true }, "FilePathConflictsWithSubmodulePathException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because a specified file path points to a submodule. Verify that the destination files have valid file paths that do not point to a submodule.

", "exception":true }, @@ -4143,8 +4089,7 @@ }, "FileTooLargeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified file exceeds the file size limit for CodeCommit. For more information about limits in CodeCommit, see Quotas in the CodeCommit User Guide.

", "exception":true }, @@ -4191,15 +4136,13 @@ }, "FolderContentSizeLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because at least one of the overall changes in the commit results in a folder whose contents exceed the limit of 6 MB. Either reduce the number and size of your changes, or split the changes across multiple folders.

", "exception":true }, "FolderDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified folder does not exist. Either the folder name is not correct, or you did not enter the full path to the folder.

", "exception":true }, @@ -4926,449 +4869,385 @@ "HunkContent":{"type":"string"}, "IdempotencyParameterMismatchException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The client request token is not valid. Either the token is not in a valid format, or the token has been used in a previous request and cannot be reused.

", "exception":true }, "InvalidActorArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Resource Name (ARN) is not valid. Make sure that you have provided the full ARN for the user who initiated the change for the pull request, and then try again.

", "exception":true }, "InvalidApprovalRuleContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The content for the approval rule is not valid.

", "exception":true }, "InvalidApprovalRuleNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The name for the approval rule is not valid.

", "exception":true }, "InvalidApprovalRuleTemplateContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The content of the approval rule template is not valid.

", "exception":true }, "InvalidApprovalRuleTemplateDescriptionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The description for the approval rule template is not valid because it exceeds the maximum characters allowed for a description. For more information about limits in CodeCommit, see Quotas in the CodeCommit User Guide.

", "exception":true }, "InvalidApprovalRuleTemplateNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The name of the approval rule template is not valid. Template names must be between 1 and 100 valid characters in length. For more information about limits in CodeCommit, see Quotas in the CodeCommit User Guide.

", "exception":true }, "InvalidApprovalStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The state for the approval is not valid. Valid values include APPROVE and REVOKE.

", "exception":true }, "InvalidAuthorArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Resource Name (ARN) is not valid. Make sure that you have provided the full ARN for the author of the pull request, and then try again.

", "exception":true }, "InvalidBlobIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified blob is not valid.

", "exception":true }, "InvalidBranchNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified reference name is not valid.

", "exception":true }, "InvalidClientRequestTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The client request token is not valid.

", "exception":true }, "InvalidCommentIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The comment ID is not in a valid format. Make sure that you have provided the full comment ID.

", "exception":true }, "InvalidCommitException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified commit is not valid.

", "exception":true }, "InvalidCommitIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified commit ID is not valid.

", "exception":true }, "InvalidConflictDetailLevelException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified conflict detail level is not valid.

", "exception":true }, "InvalidConflictResolutionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified conflict resolution list is not valid.

", "exception":true }, "InvalidConflictResolutionStrategyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified conflict resolution strategy is not valid.

", "exception":true }, "InvalidContinuationTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified continuation token is not valid.

", "exception":true }, "InvalidDeletionParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified deletion parameter is not valid.

", "exception":true }, "InvalidDescriptionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request description is not valid. Descriptions cannot be more than 1,000 characters.

", "exception":true }, "InvalidDestinationCommitSpecifierException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The destination commit specifier is not valid. You must provide a valid branch name, tag, or full commit ID.

", "exception":true }, "InvalidEmailException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified email address either contains one or more characters that are not allowed, or it exceeds the maximum number of characters allowed for an email address.

", "exception":true }, "InvalidFileLocationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The location of the file is not valid. Make sure that you include the file name and extension.

", "exception":true }, "InvalidFileModeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified file mode permission is not valid. For a list of valid file mode permissions, see PutFile.

", "exception":true }, "InvalidFilePositionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The position is not valid. Make sure that the line number exists in the version of the file you want to comment on.

", "exception":true }, "InvalidMaxConflictFilesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified value for the number of conflict files to return is not valid.

", "exception":true }, "InvalidMaxMergeHunksException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified value for the number of merge hunks to return is not valid.

", "exception":true }, "InvalidMaxResultsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified number of maximum results is not valid.

", "exception":true }, "InvalidMergeOptionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified merge option is not valid for this operation. Not all merge strategies are supported for all operations.

", "exception":true }, "InvalidOrderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified sort order is not valid.

", "exception":true }, "InvalidOverrideStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The override status is not valid. Valid statuses are OVERRIDE and REVOKE.

", "exception":true }, "InvalidParentCommitIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The parent commit ID is not valid. The commit ID cannot be empty, and must match the head commit ID for the branch of the repository where you want to add or update a file.

", "exception":true }, "InvalidPathException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified path is not valid.

", "exception":true }, "InvalidPullRequestEventTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request event type is not valid.

", "exception":true }, "InvalidPullRequestIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request ID is not valid. Make sure that you have provided the full ID and that the pull request is in the specified repository, and then try again.

", "exception":true }, "InvalidPullRequestStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request status is not valid. The only valid values are OPEN and CLOSED.

", "exception":true }, "InvalidPullRequestStatusUpdateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request status update is not valid. The only valid update is from OPEN to CLOSED.

", "exception":true }, "InvalidReactionUserArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Resource Name (ARN) of the user or identity is not valid.

", "exception":true }, "InvalidReactionValueException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The value of the reaction is not valid. For more information, see the CodeCommit User Guide.

", "exception":true }, "InvalidReferenceNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified reference name format is not valid. Reference names must conform to the Git references format (for example, refs/heads/main). For more information, see Git Internals - Git References or consult your Git documentation.

", "exception":true }, "InvalidRelativeFileVersionEnumException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Either the enum is not in a valid format, or the specified file version enum is not valid in respect to the current file version.

", "exception":true }, "InvalidReplacementContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Automerge was specified for resolving the conflict, but the replacement type is not valid or content is missing.

", "exception":true }, "InvalidReplacementTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Automerge was specified for resolving the conflict, but the specified replacement type is not valid.

", "exception":true }, "InvalidRepositoryDescriptionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified repository description is not valid.

", "exception":true }, "InvalidRepositoryNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A specified repository name is not valid.

This exception occurs only when a specified repository name is not valid. Other exceptions occur when a required repository parameter is missing, or when a specified repository does not exist.

", "exception":true }, "InvalidRepositoryTriggerBranchNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more branch names specified for the trigger is not valid.

", "exception":true }, "InvalidRepositoryTriggerCustomDataException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The custom data provided for the trigger is not valid.

", "exception":true }, "InvalidRepositoryTriggerDestinationArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Resource Name (ARN) for the trigger is not valid for the specified destination. The most common reason for this error is that the ARN does not meet the requirements for the service type.

", "exception":true }, "InvalidRepositoryTriggerEventsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more events specified for the trigger is not valid. Check to make sure that all events specified match the requirements for allowed events.

", "exception":true }, "InvalidRepositoryTriggerNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The name of the trigger is not valid.

", "exception":true }, "InvalidRepositoryTriggerRegionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Web Services Region for the trigger target does not match the Amazon Web Services Region for the repository. Triggers must be created in the same Amazon Web Services Region as the target for the trigger.

", "exception":true }, "InvalidResourceArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The value for the resource ARN is not valid. For more information about resources in CodeCommit, see CodeCommit Resources and Operations in the CodeCommit User Guide.

", "exception":true }, "InvalidRevisionIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The revision ID is not valid. Use GetPullRequest to determine the value.

", "exception":true }, "InvalidRuleContentSha256Exception":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The SHA-256 hash signature for the rule content is not valid.

", "exception":true }, "InvalidSortByException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified sort by value is not valid.

", "exception":true }, "InvalidSourceCommitSpecifierException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The source commit specifier is not valid. You must provide a valid branch name, tag, or full commit ID.

", "exception":true }, "InvalidSystemTagUsageException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified tag is not valid. Key names cannot be prefixed with aws:.

", "exception":true }, "InvalidTagKeysListException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The list of tags is not valid.

", "exception":true }, "InvalidTagsMapException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The map of tags is not valid.

", "exception":true }, "InvalidTargetBranchException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified target branch is not valid.

", "exception":true }, "InvalidTargetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target for the pull request is not valid. A target must contain the full values for the repository name, source branch, and destination branch for the pull request.

", "exception":true }, "InvalidTargetsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The targets for the pull request is not valid or not in a valid format. Targets are a list of target objects. Each target object must contain the full values for the repository name, source branch, and destination branch for a pull request.

", "exception":true }, "InvalidTitleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The title of the pull request is not valid. Pull request titles cannot exceed 100 characters in length.

", "exception":true }, @@ -5688,79 +5567,68 @@ }, "ManualMergeRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request cannot be merged automatically into the destination branch. You must manually merge the branches and resolve any conflicts.

", "exception":true }, "MaxResults":{"type":"integer"}, "MaximumBranchesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of branches for the trigger was exceeded.

", "exception":true }, "MaximumConflictResolutionEntriesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of allowed conflict resolution entries was exceeded.

", "exception":true }, "MaximumFileContentToLoadExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of files to load exceeds the allowed limit.

", "exception":true }, "MaximumFileEntriesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of specified files to change as part of this commit exceeds the maximum number of files that can be changed in a single commit. Consider using a Git client for these changes.

", "exception":true }, "MaximumItemsToCompareExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of items to compare between the source or destination branches and the merge base has exceeded the maximum allowed.

", "exception":true }, "MaximumNumberOfApprovalsExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of approvals required for the approval rule exceeds the maximum number allowed.

", "exception":true }, "MaximumOpenPullRequestsExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot create the pull request because the repository has too many open pull requests. The maximum number of open pull requests for a repository is 1,000. Close one or more open pull requests, and then try again.

", "exception":true }, "MaximumRepositoryNamesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of allowed repository names was exceeded. Currently, this number is 100.

", "exception":true }, "MaximumRepositoryTriggersExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of triggers allowed for the repository was exceeded.

", "exception":true }, "MaximumRuleTemplatesAssociatedWithRepositoryException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of approval rule templates for a repository has been exceeded. You cannot associate more than 25 approval rule templates with a repository.

", "exception":true }, @@ -6019,8 +5887,7 @@ }, "MergeOptionRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A merge option or stategy is required, and none was provided.

", "exception":true }, @@ -6180,46 +6047,40 @@ "Mode":{"type":"string"}, "MultipleConflictResolutionEntriesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

More than one conflict resolution entries exists for the conflict. A conflict can have only one conflict resolution entry.

", "exception":true }, "MultipleRepositoriesInPullRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot include more than one repository in a pull request. Make sure you have specified only one repository name in your request, and then try again.

", "exception":true }, "Name":{"type":"string"}, "NameLengthExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user name is not valid because it has exceeded the character limit for author names.

", "exception":true }, "NextToken":{"type":"string"}, "NoChangeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because no changes will be made to the repository as a result of this commit. A commit must contain at least one change.

", "exception":true }, "NumberOfConflicts":{"type":"integer"}, "NumberOfRuleTemplatesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of approval rule templates has been exceeded for this Amazon Web Services Region.

", "exception":true }, "NumberOfRulesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval rule cannot be added. The pull request has the maximum number of approval rules associated with it.

", "exception":true }, @@ -6254,8 +6115,7 @@ }, "OperationNotAllowedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested action is not allowed.

", "exception":true }, @@ -6283,8 +6143,7 @@ "Overridden":{"type":"boolean"}, "OverrideAlreadySetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request has already had its approval rules set to override.

", "exception":true }, @@ -6319,29 +6178,25 @@ }, "OverrideStatusRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An override status is required, but no value was provided. Valid values include OVERRIDE and REVOKE.

", "exception":true }, "ParentCommitDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The parent commit ID is not valid because it does not exist. The specified parent commit ID does not exist in the specified branch of the repository.

", "exception":true }, "ParentCommitIdOutdatedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The file could not be added because the provided parent commit ID is not the current tip of the specified branch. To view the full commit ID of the current head of the branch, use GetBranch.

", "exception":true }, "ParentCommitIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A parent commit ID is required. To view the full commit ID of a branch in a repository, use GetBranch or a Git command (for example, git pull or git log).

", "exception":true }, @@ -6352,15 +6207,13 @@ "Path":{"type":"string"}, "PathDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified path does not exist.

", "exception":true }, "PathRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The folderPath for a location cannot be null.

", "exception":true }, @@ -6594,22 +6447,19 @@ }, "PullRequestAlreadyClosedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request status cannot be updated because it is already closed.

", "exception":true }, "PullRequestApprovalRulesNotSatisfiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request cannot be merged because one or more approval rules applied to the pull request have conditions that have not been met.

", "exception":true }, "PullRequestCannotBeApprovedByAuthorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval cannot be applied because the user approving the pull request matches the user who created the pull request. You cannot approve a pull request that you created.

", "exception":true }, @@ -6637,8 +6487,7 @@ }, "PullRequestDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pull request ID could not be found. Make sure that you have specified the correct repository name and pull request ID, and then try again.

", "exception":true }, @@ -6717,8 +6566,7 @@ }, "PullRequestIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A pull request ID is required, but none was provided.

", "exception":true }, @@ -6781,8 +6629,7 @@ }, "PullRequestStatusRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A pull request status is required, but none was provided.

", "exception":true }, @@ -6870,8 +6717,7 @@ }, "PutFileEntryConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because one or more files specified in the commit reference both a file and a folder.

", "exception":true }, @@ -6998,8 +6844,7 @@ }, "ReactionLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of reactions has been exceeded. Reactions are limited to one reaction per user for each individual comment ID.

", "exception":true }, @@ -7030,8 +6875,7 @@ }, "ReactionValueRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A reaction value is required.

", "exception":true }, @@ -7041,23 +6885,20 @@ }, "ReferenceDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified reference does not exist. You must provide a full commit ID.

", "exception":true }, "ReferenceName":{"type":"string"}, "ReferenceNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A reference name is required, but none was provided.

", "exception":true }, "ReferenceTypeNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified reference is not a supported type.

", "exception":true }, @@ -7100,8 +6941,7 @@ }, "ReplacementContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

USE_NEW_CONTENT was specified, but no replacement content has been provided.

", "exception":true }, @@ -7116,8 +6956,7 @@ }, "ReplacementTypeRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A replacement type is required.

", "exception":true }, @@ -7127,16 +6966,14 @@ }, "RepositoryDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified repository does not exist.

", "exception":true }, "RepositoryId":{"type":"string"}, "RepositoryLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A repository resource limit was exceeded.

", "exception":true }, @@ -7202,8 +7039,7 @@ }, "RepositoryNameExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified repository name already exists.

", "exception":true }, @@ -7231,22 +7067,19 @@ }, "RepositoryNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A repository name is required, but was not specified.

", "exception":true }, "RepositoryNamesRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one repository name object is required, but was not specified.

", "exception":true }, "RepositoryNotAssociatedWithPullRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The repository does not contain any pull requests with that pull request ID. Use GetPullRequest to verify the correct repository name for the pull request ID.

", "exception":true }, @@ -7287,16 +7120,14 @@ }, "RepositoryTriggerBranchNameListRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one branch name is required, but was not specified in the trigger configuration.

", "exception":true }, "RepositoryTriggerCustomData":{"type":"string"}, "RepositoryTriggerDestinationArnRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A destination ARN for the target service for the trigger is required, but was not specified.

", "exception":true }, @@ -7315,8 +7146,7 @@ }, "RepositoryTriggerEventsListRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one event for the trigger is required, but was not specified.

", "exception":true }, @@ -7346,8 +7176,7 @@ }, "RepositoryTriggerNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A name for the trigger is required, but was not specified.

", "exception":true }, @@ -7358,23 +7187,20 @@ }, "RepositoryTriggersListRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The list of triggers for the repository is required, but was not specified.

", "exception":true }, "ResourceArn":{"type":"string"}, "ResourceArnRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A valid Amazon Resource Name (ARN) for an CodeCommit resource is required. For a list of valid resources in CodeCommit, see CodeCommit Resources and Operations in the CodeCommit User Guide.

", "exception":true }, "RestrictedSourceFileException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because one of the changes specifies copying or moving a .gitkeep file.

", "exception":true }, @@ -7389,30 +7215,26 @@ "RevisionId":{"type":"string"}, "RevisionIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A revision ID is required, but was not provided.

", "exception":true }, "RevisionNotCurrentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The revision ID provided in the request does not match the current revision ID. Use GetPullRequest to retrieve the current revision ID.

", "exception":true }, "RuleContentSha256":{"type":"string"}, "SameFileContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The file was not added or updated because the content of the file is exactly the same as the content of that file in the repository and branch that you specified.

", "exception":true }, "SamePathRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because one or more changes in this commit duplicate actions in the same file path. For example, you cannot make the same delete request to the same file in the same file path twice, or make a delete request and a move request to the same file as part of the same commit.

", "exception":true }, @@ -7447,15 +7269,13 @@ }, "SourceAndDestinationAreSameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The source branch and destination branch for the pull request are the same. You must specify different branches for the source and destination.

", "exception":true }, "SourceFileOrContentRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The commit cannot be created because no source files or file content have been specified for the commit.

", "exception":true }, @@ -7533,15 +7353,13 @@ }, "TagKeysListRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A list of tag keys is required. The list cannot be empty or null.

", "exception":true }, "TagPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tag policy is not valid.

", "exception":true }, @@ -7574,8 +7392,7 @@ }, "TagsMapRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A map of tags is required.

", "exception":true }, @@ -7607,15 +7424,13 @@ }, "TargetRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A pull request target is required. It cannot be empty or null. A pull request target must contain the full values for the repository name, source branch, and destination branch for the pull request.

", "exception":true }, "TargetsRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An array of target objects is required. It cannot be empty or null.

", "exception":true }, @@ -7653,15 +7468,13 @@ }, "TipOfSourceReferenceIsDifferentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tip of the source branch in the destination repository does not match the tip of the source branch specified in your request. The pull request might have been updated. Make sure that you have the latest changes.

", "exception":true }, "TipsDivergenceExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The divergence between the tips of the provided commit specifiers is too great to determine whether there might be any merge conflicts. Locally compare the specifiers using git diff or a diff tool.

", "exception":true }, @@ -7671,15 +7484,13 @@ }, "TitleRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A pull request title is required. It cannot be empty or null.

", "exception":true }, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of tags for an CodeCommit resource has been exceeded.

", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/codeconnections/2023-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codeconnections/2023-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codeconnections/2023-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeconnections/2023-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codeconnections/2023-12-01/service-2.json 2.31.35-1/awscli/botocore/data/codeconnections/2023-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/codeconnections/2023-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeconnections/2023-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -520,7 +520,7 @@ }, "ConnectionArn":{ "shape":"ConnectionArn", - "documentation":"

The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between Amazon Web Servicesservices.

The ARN is never reused if the connection is deleted.

" + "documentation":"

The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between Amazon Web Services services.

The ARN is never reused if the connection is deleted.

" }, "ProviderType":{ "shape":"ProviderType", @@ -756,8 +756,7 @@ }, "DeleteConnectionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteHostInput":{ "type":"structure", @@ -771,8 +770,7 @@ }, "DeleteHostOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRepositoryLinkInput":{ "type":"structure", @@ -786,8 +784,7 @@ }, "DeleteRepositoryLinkOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSyncConfigurationInput":{ "type":"structure", @@ -808,8 +805,7 @@ }, "DeleteSyncConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeploymentFilePath":{"type":"string"}, "Directory":{"type":"string"}, @@ -1317,7 +1313,8 @@ "GitHub", "GitHubEnterpriseServer", "GitLab", - "GitLabSelfManaged" + "GitLabSelfManaged", + "AzureDevOps" ] }, "PublishDeploymentStatus":{ @@ -1915,8 +1912,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1983,8 +1979,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateHostInput":{ "type":"structure", @@ -2006,8 +2001,7 @@ }, "UpdateHostOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOutOfSyncException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/codedeploy/2014-10-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codedeploy/2014-10-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codedeploy/2014-10-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codedeploy/2014-10-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codedeploy/2014-10-06/service-2.json 2.31.35-1/awscli/botocore/data/codedeploy/2014-10-06/service-2.json --- 2.23.6-1/awscli/botocore/data/codedeploy/2014-10-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codedeploy/2014-10-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -971,8 +971,7 @@ "AlarmName":{"type":"string"}, "AlarmsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of alarms for a deployment group (10) was exceeded.

", "exception":true }, @@ -992,15 +991,13 @@ }, "ApplicationAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An application with the specified name with the user or Amazon Web Services account already exists.

", "exception":true }, "ApplicationDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The application does not exist with the user or Amazon Web Services account.

", "exception":true }, @@ -1037,8 +1034,7 @@ }, "ApplicationLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

More applications were attempted to be created than are allowed.

", "exception":true }, @@ -1049,8 +1045,7 @@ }, "ApplicationNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The minimum number of required application names was not specified.

", "exception":true }, @@ -1077,8 +1072,7 @@ }, "ArnNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ARN is not supported. For example, it might be an ARN for a resource that is not expected.

", "exception":true }, @@ -1327,8 +1321,7 @@ }, "BatchLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of names or IDs allowed for this request (100) was exceeded.

", "exception":true }, @@ -1367,8 +1360,7 @@ "Boolean":{"type":"boolean"}, "BucketNameFilterRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A bucket name is required, but was not provided.

", "exception":true }, @@ -1744,42 +1736,36 @@ }, "DeleteResourcesByExternalIdOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeploymentAlreadyCompletedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment is already complete.

", "exception":true }, "DeploymentAlreadyStartedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A deployment to a target was attempted while another deployment was in progress.

", "exception":true }, "DeploymentConfigAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A deployment configuration with the specified name with the user or Amazon Web Services account already exists.

", "exception":true }, "DeploymentConfigDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment configuration does not exist with the user or Amazon Web Services account.

", "exception":true }, "DeploymentConfigId":{"type":"string"}, "DeploymentConfigInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment configuration is still in use.

", "exception":true }, @@ -1819,8 +1805,7 @@ }, "DeploymentConfigLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment configurations limit was exceeded.

", "exception":true }, @@ -1831,8 +1816,7 @@ }, "DeploymentConfigNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment configuration name was not specified.

", "exception":true }, @@ -1855,22 +1839,19 @@ }, "DeploymentDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment with the user or Amazon Web Services account does not exist.

", "exception":true }, "DeploymentGroupAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A deployment group with the specified name with the user or Amazon Web Services account already exists.

", "exception":true }, "DeploymentGroupDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The named deployment group with the user or Amazon Web Services account does not exist.

", "exception":true }, @@ -1979,8 +1960,7 @@ }, "DeploymentGroupLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment groups limit was exceeded.

", "exception":true }, @@ -1991,8 +1971,7 @@ }, "DeploymentGroupNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment group name was not specified.

", "exception":true }, @@ -2003,8 +1982,7 @@ "DeploymentId":{"type":"string"}, "DeploymentIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one deployment ID must be specified.

", "exception":true }, @@ -2130,22 +2108,19 @@ }, "DeploymentIsNotInReadyStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment does not have a status of Ready and can't continue yet.

", "exception":true }, "DeploymentLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of allowed deployments was exceeded.

", "exception":true }, "DeploymentNotStartedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified deployment has not started.

", "exception":true }, @@ -2267,15 +2242,13 @@ }, "DeploymentTargetDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The provided target ID does not belong to the attempted deployment.

", "exception":true }, "DeploymentTargetIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A deployment target ID was not provided.

", "exception":true }, @@ -2285,8 +2258,7 @@ }, "DeploymentTargetListSizeExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of targets that can be associated with an Amazon ECS or Lambda deployment was exceeded. The target list of both types of deployments must have exactly one item. This exception does not apply to EC2/On-premises deployments.

", "exception":true }, @@ -2335,8 +2307,7 @@ "Description":{"type":"string"}, "DescriptionTooLongException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The description is too long.

", "exception":true }, @@ -2428,8 +2399,7 @@ }, "ECSServiceMappingLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon ECS service is associated with more than one deployment groups. An Amazon ECS service can be associated with only one deployment group.

", "exception":true }, @@ -2827,8 +2797,7 @@ }, "GitHubAccountTokenDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

No GitHub account connection exists with the named specified in the call.

", "exception":true }, @@ -2839,8 +2808,7 @@ }, "GitHubAccountTokenNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The call is missing a required GitHub account connection name.

", "exception":true }, @@ -2877,31 +2845,27 @@ }, "IamArnRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

No IAM ARN was included in the request. You must use an IAM session ARN or user ARN in the request.

", "exception":true }, "IamSessionArn":{"type":"string"}, "IamSessionArnAlreadyRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request included an IAM session ARN that has already been used to register a different instance.

", "exception":true }, "IamUserArn":{"type":"string"}, "IamUserArnAlreadyRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified user ARN is already registered with an on-premises instance.

", "exception":true }, "IamUserArnRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An user ARN was not specified.

", "exception":true }, @@ -2916,8 +2880,7 @@ "InstanceCount":{"type":"long"}, "InstanceDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified instance does not exist in the deployment group.

", "deprecated":true, "deprecatedMessage":"This exception is deprecated, use DeploymentTargetDoesNotExistException instead.", @@ -2926,8 +2889,7 @@ "InstanceId":{"type":"string"}, "InstanceIdRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The instance ID was not specified.

", "deprecated":true, "deprecatedMessage":"This exception is deprecated, use DeploymentTargetIdRequiredException instead.", @@ -2973,16 +2935,14 @@ }, "InstanceLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum number of allowed on-premises instances in a single call was exceeded.

", "exception":true }, "InstanceName":{"type":"string"}, "InstanceNameAlreadyRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified on-premises instance name is already registered.

", "exception":true }, @@ -2992,15 +2952,13 @@ }, "InstanceNameRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An on-premises instance name was not specified.

", "exception":true }, "InstanceNotRegisteredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified on-premises instance is not registered.

", "exception":true }, @@ -3109,400 +3067,343 @@ }, "InvalidAlarmConfigException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The format of the alarm configuration is invalid. Possible causes include:

  • The alarm list is null.

  • The alarm object is null.

  • The alarm name is empty or null or exceeds the limit of 255 characters.

  • Two alarms with the same name have been specified.

  • The alarm configuration is enabled, but the alarm list is empty.

", "exception":true }, "InvalidApplicationNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The application name was specified in an invalid format.

", "exception":true }, "InvalidArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ARN is not in a valid format.

", "exception":true }, "InvalidAutoRollbackConfigException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The automatic rollback configuration was specified in an invalid format. For example, automatic rollback is enabled, but an invalid triggering event type or no event types were listed.

", "exception":true }, "InvalidAutoScalingGroupException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Auto Scaling group was specified in an invalid format or does not exist.

", "exception":true }, "InvalidBlueGreenDeploymentConfigurationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The configuration for the blue/green deployment group was provided in an invalid format. For information about deployment configuration format, see CreateDeploymentConfig.

", "exception":true }, "InvalidBucketNameFilterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The bucket name either doesn't exist or was specified in an invalid format.

", "exception":true }, "InvalidComputePlatformException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The computePlatform is invalid. The computePlatform should be Lambda, Server, or ECS.

", "exception":true }, "InvalidDeployedStateFilterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployed state filter was specified in an invalid format.

", "exception":true }, "InvalidDeploymentConfigNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment configuration name was specified in an invalid format.

", "exception":true }, "InvalidDeploymentGroupNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The deployment group name was specified in an invalid format.

", "exception":true }, "InvalidDeploymentIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one of the deployment IDs was specified in an invalid format.

", "exception":true }, "InvalidDeploymentInstanceTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An instance type was specified for an in-place deployment. Instance types are supported for blue/green deployments only.

", "exception":true }, "InvalidDeploymentStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified deployment status doesn't exist or cannot be determined.

", "exception":true }, "InvalidDeploymentStyleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid deployment style was specified. Valid deployment types include \"IN_PLACE\" and \"BLUE_GREEN.\" Valid deployment options include \"WITH_TRAFFIC_CONTROL\" and \"WITHOUT_TRAFFIC_CONTROL.\"

", "exception":true }, "InvalidDeploymentTargetIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target ID provided was not valid.

", "exception":true }, "InvalidDeploymentWaitTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The wait type is invalid.

", "exception":true }, "InvalidEC2TagCombinationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A call was submitted that specified both Ec2TagFilters and Ec2TagSet, but only one of these data types can be used in a single call.

", "exception":true }, "InvalidEC2TagException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tag was specified in an invalid format.

", "exception":true }, "InvalidECSServiceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon ECS service identifier is not valid.

", "exception":true }, "InvalidExternalIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The external ID was specified in an invalid format.

", "exception":true }, "InvalidFileExistsBehaviorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid fileExistsBehavior option was specified to determine how CodeDeploy handles files or directories that already exist in a deployment target location, but weren't part of the previous successful deployment. Valid values include \"DISALLOW,\" \"OVERWRITE,\" and \"RETAIN.\"

", "exception":true }, "InvalidGitHubAccountTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The GitHub token is not valid.

", "exception":true }, "InvalidGitHubAccountTokenNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The format of the specified GitHub account connection name is invalid.

", "exception":true }, "InvalidIamSessionArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The IAM session ARN was specified in an invalid format.

", "exception":true }, "InvalidIamUserArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user ARN was specified in an invalid format.

", "exception":true }, "InvalidIgnoreApplicationStopFailuresValueException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The IgnoreApplicationStopFailures value is invalid. For Lambda deployments, false is expected. For EC2/On-premises deployments, true or false is expected.

", "exception":true }, "InvalidInputException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The input was specified in an invalid format.

", "exception":true }, "InvalidInstanceIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

", "exception":true }, "InvalidInstanceNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The on-premises instance name was specified in an invalid format.

", "exception":true }, "InvalidInstanceStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified instance status does not exist.

", "exception":true }, "InvalidInstanceTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid instance type was specified for instances in a blue/green deployment. Valid values include \"Blue\" for an original environment and \"Green\" for a replacement environment.

", "exception":true }, "InvalidKeyPrefixFilterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified key prefix filter was specified in an invalid format.

", "exception":true }, "InvalidLifecycleEventHookExecutionIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A lifecycle event hook is invalid. Review the hooks section in your AppSpec file to ensure the lifecycle events and hooks functions are valid.

", "exception":true }, "InvalidLifecycleEventHookExecutionStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of a Lambda validation function that verifies a lifecycle event is invalid. It should return Succeeded or Failed.

", "exception":true }, "InvalidLoadBalancerInfoException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid load balancer name, or no load balancer name, was specified.

", "exception":true }, "InvalidMinimumHealthyHostValueException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The minimum healthy instance value was specified in an invalid format.

", "exception":true }, "InvalidNextTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The next token was specified in an invalid format.

", "exception":true }, "InvalidOnPremisesTagCombinationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A call was submitted that specified both OnPremisesTagFilters and OnPremisesTagSet, but only one of these data types can be used in a single call.

", "exception":true }, "InvalidOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid operation was detected.

", "exception":true }, "InvalidRegistrationStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The registration status was specified in an invalid format.

", "exception":true }, "InvalidRevisionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The revision was specified in an invalid format.

", "exception":true }, "InvalidRoleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The service role ARN was specified in an invalid format. Or, if an Auto Scaling group was specified, the specified service role does not grant the appropriate permissions to Amazon EC2 Auto Scaling.

", "exception":true }, "InvalidSortByException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The column name to sort by is either not present or was specified in an invalid format.

", "exception":true }, "InvalidSortOrderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The sort order was specified in an invalid format.

", "exception":true }, "InvalidTagException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tag was specified in an invalid format.

", "exception":true }, "InvalidTagFilterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tag filter was specified in an invalid format.

", "exception":true }, "InvalidTagsToAddException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified tags are not valid.

", "exception":true }, "InvalidTargetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A target is not valid.

", "exception":true }, "InvalidTargetFilterNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target filter name is invalid.

", "exception":true }, "InvalidTargetGroupPairException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A target group pair associated with this deployment is not valid.

", "exception":true }, "InvalidTargetInstancesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The target instance configuration is invalid. Possible causes include:

  • Configuration data for target instances was entered for an in-place deployment.

  • The limit of 10 tags for a tag type was exceeded.

  • The combined length of the tag names exceeded the limit.

  • A specified tag is not currently applied to any instances.

", "exception":true }, "InvalidTimeRangeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified time range was specified in an invalid format.

", "exception":true }, "InvalidTrafficRoutingConfigurationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The configuration that specifies how traffic is routed during a deployment is invalid.

", "exception":true }, "InvalidTriggerConfigException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The trigger was specified in an invalid format.

", "exception":true }, "InvalidUpdateOutdatedInstancesOnlyValueException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The UpdateOutdatedInstancesOnly value is invalid. For Lambda deployments, false is expected. For EC2/On-premises deployments, true or false is expected.

", "exception":true }, "InvalidZonalDeploymentConfigurationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The ZonalConfig object is not valid.

", "exception":true }, @@ -3630,8 +3531,7 @@ }, "LifecycleEventAlreadyCompletedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An attempt to return the status of an already completed lifecycle event occurred.

", "exception":true }, @@ -3654,8 +3554,7 @@ }, "LifecycleHookLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The limit for lifecycle hooks was exceeded.

", "exception":true }, @@ -4064,8 +3963,7 @@ "MinimumHealthyHostsValue":{"type":"integer"}, "MultipleIamArnsProvidedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Both an user ARN and an IAM session ARN were included in the request. Use only one ARN type.

", "exception":true }, @@ -4087,8 +3985,7 @@ }, "OperationNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The API used does not support the deployment.

", "exception":true }, @@ -4227,22 +4124,19 @@ "Repository":{"type":"string"}, "ResourceArnRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The ARN of a resource is required, but was not found.

", "exception":true }, "ResourceValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource could not be validated.

", "exception":true }, "RevisionDoesNotExistException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The named revision does not exist with the user or Amazon Web Services account.

", "exception":true }, @@ -4305,16 +4199,14 @@ }, "RevisionRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The revision ID was not specified.

", "exception":true }, "Role":{"type":"string"}, "RoleRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The role ID was not specified.

", "exception":true }, @@ -4467,8 +4359,7 @@ }, "TagLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum allowed number of tags was exceeded.

", "exception":true }, @@ -4478,8 +4369,7 @@ }, "TagRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A tag was not specified.

", "exception":true }, @@ -4502,13 +4392,11 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagSetListLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of tag groups included in the tag set list exceeded the maximum allowed limit of 3.

", "exception":true }, @@ -4606,8 +4494,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An API function was called too frequently.

", "exception":true }, @@ -4737,15 +4624,13 @@ "TriggerTargetArn":{"type":"string"}, "TriggerTargetsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The maximum allowed number of triggers was exceeded.

", "exception":true }, "UnsupportedActionForDeploymentTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A call was submitted that is not supported for the specified deployment type.

", "exception":true }, @@ -4768,8 +4653,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationInput":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/service-2.json 2.31.35-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/service-2.json --- 2.23.6-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguru-reviewer/2019-09-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"codeguru-reviewer", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"CodeGuruReviewer", "serviceFullName":"Amazon CodeGuru Reviewer", "serviceId":"CodeGuru Reviewer", "signatureVersion":"v4", "signingName":"codeguru-reviewer", - "uid":"codeguru-reviewer-2019-09-19" + "uid":"codeguru-reviewer-2019-09-19", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateRepository":{ @@ -1155,8 +1157,7 @@ }, "PutRecommendationFeedbackResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Reaction":{ "type":"string", @@ -1682,8 +1683,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1757,8 +1757,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UserId":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,8 +2,8 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], "endpointPrefix":"codeguru-security", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Amazon CodeGuru Security", @@ -25,8 +25,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns a list of requested findings from standard scans.

" }, @@ -44,8 +44,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Use to create a scan using code uploaded to an Amazon S3 bucket.

" }, @@ -61,8 +61,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Generates a pre-signed URL, request headers used to upload a code resource, and code artifact identifier for the uploaded resource.

You can upload your code resource to the URL with the request headers using any HTTP client.

" }, @@ -78,8 +78,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Use to get the encryption configuration for an account.

" }, @@ -97,8 +97,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns a list of all findings generated by a particular scan.

" }, @@ -114,8 +114,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns a summary of metrics for an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.

" }, @@ -132,8 +132,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns details about a scan, including whether or not a scan has completed.

" }, @@ -149,8 +149,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns metrics about all findings in an account within a specified time range.

" }, @@ -166,8 +166,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns a list of all scans in an account. Does not return EXPRESS scans.

" }, @@ -185,8 +185,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Returns a list of all tags associated with a scan.

" }, @@ -204,8 +204,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Use to add one or more tags to an existing scan.

" }, @@ -223,8 +223,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Use to remove one or more tags from an existing scan.

", "idempotent":true @@ -242,8 +242,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} ], "documentation":"

Use to update the encryption configuration for an account.

" } @@ -283,25 +283,25 @@ "AccountFindingsMetric":{ "type":"structure", "members":{ - "closedFindings":{ - "shape":"FindingMetricsValuePerSeverity", - "documentation":"

The number of closed findings of each severity on the specified date.

" - }, "date":{ "shape":"Timestamp", "documentation":"

The date from which the findings metrics were retrieved.

" }, - "meanTimeToClose":{ - "shape":"FindingMetricsValuePerSeverity", - "documentation":"

The average time in days it takes to close findings of each severity as of a specified date.

" - }, "newFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"

The number of new findings of each severity on the specified date.

" }, + "closedFindings":{ + "shape":"FindingMetricsValuePerSeverity", + "documentation":"

The number of closed findings of each severity on the specified date.

" + }, "openFindings":{ "shape":"FindingMetricsValuePerSeverity", "documentation":"

The number of open findings of each severity as of the specified date.

" + }, + "meanTimeToClose":{ + "shape":"FindingMetricsValuePerSeverity", + "documentation":"

The average time in days it takes to close findings of each severity as of a specified date.

" } }, "documentation":"

A summary of findings metrics for an account on a specified date.

" @@ -316,27 +316,27 @@ "BatchGetFindingsError":{ "type":"structure", "required":[ - "errorCode", + "scanName", "findingId", - "message", - "scanName" + "errorCode", + "message" ], "members":{ - "errorCode":{ - "shape":"ErrorCode", - "documentation":"

A code associated with the type of error.

" + "scanName":{ + "shape":"ScanName", + "documentation":"

The name of the scan that generated the finding.

" }, "findingId":{ "shape":"String", "documentation":"

The finding ID of the finding that was not fetched.

" }, + "errorCode":{ + "shape":"ErrorCode", + "documentation":"

A code associated with the type of error.

" + }, "message":{ "shape":"String", "documentation":"

Describes the error.

" - }, - "scanName":{ - "shape":"ScanName", - "documentation":"

The name of the scan that generated the finding.

" } }, "documentation":"

Contains information about the error that caused a finding to fail to be retrieved.

" @@ -358,17 +358,17 @@ "BatchGetFindingsResponse":{ "type":"structure", "required":[ - "failedFindings", - "findings" + "findings", + "failedFindings" ], "members":{ - "failedFindings":{ - "shape":"BatchGetFindingsErrors", - "documentation":"

A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the scanName, findingId, errorCode and error message.

" - }, "findings":{ "shape":"Findings", "documentation":"

A list of all findings which were successfully fetched.

" + }, + "failedFindings":{ + "shape":"BatchGetFindingsErrors", + "documentation":"

A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the scanName, findingId, errorCode and error message.

" } } }, @@ -396,18 +396,18 @@ "type":"string", "max":64, "min":1, - "pattern":"^[\\S]+$" + "pattern":"[\\S]+" }, "CodeLine":{ "type":"structure", "members":{ - "content":{ - "shape":"String", - "documentation":"

The code that contains a vulnerability.

" - }, "number":{ "shape":"Integer", "documentation":"

The code line number.

" + }, + "content":{ + "shape":"String", + "documentation":"

The code that contains a vulnerability.

" } }, "documentation":"

The line of code where a finding was detected.

" @@ -456,10 +456,6 @@ "scanName" ], "members":{ - "analysisType":{ - "shape":"AnalysisType", - "documentation":"

The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.

" - }, "clientToken":{ "shape":"ClientToken", "documentation":"

The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.

", @@ -477,6 +473,10 @@ "shape":"ScanType", "documentation":"

The type of scan, either Standard or Express. Defaults to Standard type if missing.

Express scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. Standard scans have standard resource limits and use the full set of detectors to analyze your code.

" }, + "analysisType":{ + "shape":"AnalysisType", + "documentation":"

The type of analysis you want CodeGuru Security to perform in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings. Defaults to Security type if missing.

" + }, "tags":{ "shape":"TagMap", "documentation":"

An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:

  • A tag key. For example, CostCenter, Environment, or Secret. Tag keys are case sensitive.

  • An optional tag value field. For example, 111122223333, Production, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.

" @@ -486,31 +486,31 @@ "CreateScanResponse":{ "type":"structure", "required":[ - "resourceId", - "runId", "scanName", + "runId", + "resourceId", "scanState" ], "members":{ - "resourceId":{ - "shape":"ResourceId", - "documentation":"

The identifier for the resource object that contains resources that were scanned.

" + "scanName":{ + "shape":"ScanName", + "documentation":"

The name of the scan.

" }, "runId":{ "shape":"Uuid", "documentation":"

UUID that identifies the individual scan run.

" }, - "scanName":{ - "shape":"ScanName", - "documentation":"

The name of the scan.

" - }, - "scanNameArn":{ - "shape":"ScanNameArn", - "documentation":"

The ARN for the scan name.

" + "resourceId":{ + "shape":"ResourceId", + "documentation":"

The identifier for the resource object that contains resources that were scanned.

" }, "scanState":{ "shape":"ScanState", "documentation":"

The current state of the scan. Returns either InProgress, Successful, or Failed.

" + }, + "scanNameArn":{ + "shape":"ScanNameArn", + "documentation":"

The ARN for the scan name.

" } } }, @@ -527,22 +527,22 @@ "CreateUploadUrlResponse":{ "type":"structure", "required":[ - "codeArtifactId", + "s3Url", "requestHeaders", - "s3Url" + "codeArtifactId" ], "members":{ - "codeArtifactId":{ - "shape":"Uuid", - "documentation":"

The identifier for the uploaded code resource. Pass this to CreateScan to use the uploaded resources.

" + "s3Url":{ + "shape":"S3Url", + "documentation":"

A pre-signed S3 URL. You can upload the code file you want to scan with the required requestHeaders using any HTTP client.

" }, "requestHeaders":{ "shape":"RequestHeaderMap", "documentation":"

A set of key-value pairs that contain the required headers when uploading your resource.

" }, - "s3Url":{ - "shape":"S3Url", - "documentation":"

A pre-signed S3 URL. You can upload the code file you want to scan with the required requestHeaders using any HTTP client.

" + "codeArtifactId":{ + "shape":"Uuid", + "documentation":"

The identifier for the uploaded code resource. Pass this to CreateScan to use the uploaded resources.

" } } }, @@ -581,14 +581,6 @@ "FilePath":{ "type":"structure", "members":{ - "codeSnippet":{ - "shape":"CodeSnippet", - "documentation":"

A list of CodeLine objects that describe where the security vulnerability appears in your code.

" - }, - "endLine":{ - "shape":"Integer", - "documentation":"

The last line number of the code snippet where the security vulnerability appears in your code.

" - }, "name":{ "shape":"String", "documentation":"

The name of the file.

" @@ -600,6 +592,14 @@ "startLine":{ "shape":"Integer", "documentation":"

The first line number of the code snippet where the security vulnerability appears in your code.

" + }, + "endLine":{ + "shape":"Integer", + "documentation":"

The last line number of the code snippet where the security vulnerability appears in your code.

" + }, + "codeSnippet":{ + "shape":"CodeSnippet", + "documentation":"

A list of CodeLine objects that describe where the security vulnerability appears in your code.

" } }, "documentation":"

Information about the location of security vulnerabilities that Amazon CodeGuru Security detected in your code.

" @@ -615,18 +615,6 @@ "shape":"String", "documentation":"

A description of the finding.

" }, - "detectorId":{ - "shape":"String", - "documentation":"

The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.

" - }, - "detectorName":{ - "shape":"String", - "documentation":"

The name of the detector that identified the security vulnerability in your code.

" - }, - "detectorTags":{ - "shape":"DetectorTags", - "documentation":"

One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.

" - }, "generatorId":{ "shape":"String", "documentation":"

The identifier for the component that generated a finding such as AmazonCodeGuruSecurity.

" @@ -635,41 +623,53 @@ "shape":"String", "documentation":"

The identifier for a finding.

" }, - "remediation":{ - "shape":"Remediation", - "documentation":"

An object that contains the details about how to remediate a finding.

" + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.

" + }, + "type":{ + "shape":"String", + "documentation":"

The type of finding.

" + }, + "status":{ + "shape":"Status", + "documentation":"

The status of the finding. A finding status can be open or closed.

" }, "resource":{ "shape":"Resource", "documentation":"

The resource where Amazon CodeGuru Security detected a finding.

" }, - "ruleId":{ - "shape":"String", - "documentation":"

The identifier for the rule that generated the finding.

" + "vulnerability":{ + "shape":"Vulnerability", + "documentation":"

An object that describes the detected security vulnerability.

" }, "severity":{ "shape":"Severity", "documentation":"

The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the Amazon CodeGuru Security User Guide.

" }, - "status":{ - "shape":"Status", - "documentation":"

The status of the finding. A finding status can be open or closed.

" + "remediation":{ + "shape":"Remediation", + "documentation":"

An object that contains the details about how to remediate a finding.

" }, "title":{ "shape":"String", "documentation":"

The title of the finding.

" }, - "type":{ + "detectorTags":{ + "shape":"DetectorTags", + "documentation":"

One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.

" + }, + "detectorId":{ "shape":"String", - "documentation":"

The type of finding.

" + "documentation":"

The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.

" }, - "updatedAt":{ - "shape":"Timestamp", - "documentation":"

The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.

" + "detectorName":{ + "shape":"String", + "documentation":"

The name of the detector that identified the security vulnerability in your code.

" }, - "vulnerability":{ - "shape":"Vulnerability", - "documentation":"

An object that describes the detected security vulnerability.

" + "ruleId":{ + "shape":"String", + "documentation":"

The identifier for the rule that generated the finding.

" } }, "documentation":"

Information about a finding that was detected in your code.

" @@ -677,17 +677,17 @@ "FindingIdentifier":{ "type":"structure", "required":[ - "findingId", - "scanName" + "scanName", + "findingId" ], "members":{ - "findingId":{ - "shape":"String", - "documentation":"

The identifier for a finding.

" - }, "scanName":{ "shape":"String", "documentation":"

The name of the scan that generated the finding.

" + }, + "findingId":{ + "shape":"String", + "documentation":"

The identifier for a finding.

" } }, "documentation":"

An object that contains information about a finding and the scan that generated it.

" @@ -701,14 +701,6 @@ "FindingMetricsValuePerSeverity":{ "type":"structure", "members":{ - "critical":{ - "shape":"Double", - "documentation":"

A numeric value corresponding to a critical finding.

" - }, - "high":{ - "shape":"Double", - "documentation":"

A numeric value corresponding to a high severity finding.

" - }, "info":{ "shape":"Double", "documentation":"

A numeric value corresponding to an informational finding.

" @@ -720,6 +712,14 @@ "medium":{ "shape":"Double", "documentation":"

A numeric value corresponding to a medium severity finding.

" + }, + "high":{ + "shape":"Double", + "documentation":"

A numeric value corresponding to a high severity finding.

" + }, + "critical":{ + "shape":"Double", + "documentation":"

A numeric value corresponding to a critical finding.

" } }, "documentation":"

A numeric value corresponding to the severity of a finding, such as the number of open findings or the average time it takes to close findings of a given severity.

" @@ -734,8 +734,7 @@ }, "GetAccountConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountConfigurationResponse":{ "type":"structure", @@ -751,11 +750,11 @@ "type":"structure", "required":["scanName"], "members":{ - "maxResults":{ - "shape":"GetFindingsRequestMaxResultsInteger", - "documentation":"

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.

", - "location":"querystring", - "locationName":"maxResults" + "scanName":{ + "shape":"ScanName", + "documentation":"

The name of the scan you want to retrieve findings from.

", + "location":"uri", + "locationName":"scanName" }, "nextToken":{ "shape":"NextToken", @@ -763,11 +762,11 @@ "location":"querystring", "locationName":"nextToken" }, - "scanName":{ - "shape":"ScanName", - "documentation":"

The name of the scan you want to retrieve findings from.

", - "location":"uri", - "locationName":"scanName" + "maxResults":{ + "shape":"GetFindingsRequestMaxResultsInteger", + "documentation":"

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 1000 results.

", + "location":"querystring", + "locationName":"maxResults" }, "status":{ "shape":"Status", @@ -821,65 +820,65 @@ "type":"structure", "required":["scanName"], "members":{ - "runId":{ - "shape":"Uuid", - "documentation":"

UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the CreateScan operation. Defaults to the latest scan run if missing.

", - "location":"querystring", - "locationName":"runId" - }, "scanName":{ "shape":"ScanName", "documentation":"

The name of the scan you want to view details about.

", "location":"uri", "locationName":"scanName" + }, + "runId":{ + "shape":"Uuid", + "documentation":"

UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the CreateScan operation. Defaults to the latest scan run if missing.

", + "location":"querystring", + "locationName":"runId" } } }, "GetScanResponse":{ "type":"structure", "required":[ - "analysisType", - "createdAt", - "runId", "scanName", - "scanState" + "runId", + "scanState", + "createdAt", + "analysisType" ], "members":{ - "analysisType":{ - "shape":"AnalysisType", - "documentation":"

The type of analysis CodeGuru Security performed in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings.

" + "scanName":{ + "shape":"ScanName", + "documentation":"

The name of the scan.

" + }, + "runId":{ + "shape":"Uuid", + "documentation":"

UUID that identifies the individual scan run.

" + }, + "scanState":{ + "shape":"ScanState", + "documentation":"

The current state of the scan. Returns either InProgress, Successful, or Failed.

" }, "createdAt":{ "shape":"Timestamp", "documentation":"

The time the scan was created.

" }, - "errorMessage":{ - "shape":"ErrorMessage", - "documentation":"

Details about the error that causes a scan to fail to be retrieved.

" + "analysisType":{ + "shape":"AnalysisType", + "documentation":"

The type of analysis CodeGuru Security performed in the scan, either Security or All. The Security type only generates findings related to security. The All type generates both security findings and quality findings.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The time when the scan was last updated. Only available for STANDARD scan types.

" }, "numberOfRevisions":{ "shape":"Long", "documentation":"

The number of times a scan has been re-run on a revised resource.

" }, - "runId":{ - "shape":"Uuid", - "documentation":"

UUID that identifies the individual scan run.

" - }, - "scanName":{ - "shape":"ScanName", - "documentation":"

The name of the scan.

" - }, "scanNameArn":{ "shape":"ScanNameArn", "documentation":"

The ARN for the scan name.

" }, - "scanState":{ - "shape":"ScanState", - "documentation":"

The current state of the scan. Returns either InProgress, Successful, or Failed.

" - }, - "updatedAt":{ - "shape":"Timestamp", - "documentation":"

The time when the scan was last updated. Only available for STANDARD scan types.

" + "errorMessage":{ + "shape":"ErrorMessage", + "documentation":"

Details about the error that causes a scan to fail to be retrieved.

" } } }, @@ -917,20 +916,20 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws:kms:[\\S]+:[\\d]{12}:key\\/(([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})|(mrk-[0-9a-zA-Z]{32}))$" + "pattern":"arn:aws:kms:[\\S]+:[\\d]{12}:key\\/(([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})|(mrk-[0-9a-zA-Z]{32}))" }, "ListFindingsMetricsRequest":{ "type":"structure", "required":[ - "endDate", - "startDate" + "startDate", + "endDate" ], "members":{ - "endDate":{ - "shape":"Timestamp", - "documentation":"

The end date of the interval which you want to retrieve metrics from. Round to the nearest day.

", + "nextToken":{ + "shape":"NextToken", + "documentation":"

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

", "location":"querystring", - "locationName":"endDate" + "locationName":"nextToken" }, "maxResults":{ "shape":"ListFindingsMetricsRequestMaxResultsInteger", @@ -938,17 +937,17 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

", - "location":"querystring", - "locationName":"nextToken" - }, "startDate":{ "shape":"Timestamp", "documentation":"

The start date of the interval which you want to retrieve metrics from. Rounds to the nearest day.

", "location":"querystring", "locationName":"startDate" + }, + "endDate":{ + "shape":"Timestamp", + "documentation":"

The end date of the interval which you want to retrieve metrics from. Round to the nearest day.

", + "location":"querystring", + "locationName":"endDate" } } }, @@ -974,17 +973,17 @@ "ListScansRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListScansRequestMaxResultsInteger", - "documentation":"

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 100 results.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListScansRequestMaxResultsInteger", + "documentation":"

The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the nextToken element is returned in the response. Use nextToken in a subsequent request to retrieve additional results. If not specified, returns 100 results.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -997,13 +996,13 @@ "ListScansResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

A pagination token. You can use this in future calls to ListScans to continue listing results after the current page.

" - }, "summaries":{ "shape":"ScanSummaries", "documentation":"

A list of ScanSummary objects with information about all scans in an account.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

A pagination token. You can use this in future calls to ListScans to continue listing results after the current page.

" } } }, @@ -1035,10 +1034,6 @@ "MetricsSummary":{ "type":"structure", "members":{ - "categoriesWithMostFindings":{ - "shape":"CategoriesWithMostFindings", - "documentation":"

A list of CategoryWithFindingNum objects for the top 5 finding categories with the most findings.

" - }, "date":{ "shape":"Timestamp", "documentation":"

The date from which the metrics summary information was retrieved.

" @@ -1047,13 +1042,17 @@ "shape":"FindingMetricsValuePerSeverity", "documentation":"

The number of open findings of each severity.

" }, - "scansWithMostOpenCriticalFindings":{ - "shape":"ScansWithMostOpenCriticalFindings", - "documentation":"

A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open critical findings.

" + "categoriesWithMostFindings":{ + "shape":"CategoriesWithMostFindings", + "documentation":"

A list of CategoryWithFindingNum objects for the top 5 finding categories with the most findings.

" }, "scansWithMostOpenFindings":{ "shape":"ScansWithMostOpenFindings", "documentation":"

A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open findings.

" + }, + "scansWithMostOpenCriticalFindings":{ + "shape":"ScansWithMostOpenCriticalFindings", + "documentation":"

A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open critical findings.

" } }, "documentation":"

A summary of metrics for an account as of a specified date.

" @@ -1062,7 +1061,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"^[\\S]+$" + "pattern":"[\\S]+" }, "Recommendation":{ "type":"structure", @@ -1173,24 +1172,24 @@ "type":"string", "max":140, "min":1, - "pattern":"^[a-zA-Z0-9-_$:.]*$" + "pattern":"[a-zA-Z0-9-_$:.]*" }, "ScanNameArn":{ "type":"string", "max":300, "min":1, - "pattern":"^arn:aws:codeguru-security:[\\S]+:[\\d]{12}:scans\\/[a-zA-Z0-9-_$:.]*$" + "pattern":"arn:aws:codeguru-security:[\\S]+:[\\d]{12}:scans\\/[a-zA-Z0-9-_$:.]*" }, "ScanNameWithFindingNum":{ "type":"structure", "members":{ - "findingNumber":{ - "shape":"Integer", - "documentation":"

The number of findings generated by a scan.

" - }, "scanName":{ "shape":"String", "documentation":"

The name of the scan.

" + }, + "findingNumber":{ + "shape":"Integer", + "documentation":"

The number of findings generated by a scan.

" } }, "documentation":"

Information about the number of findings generated by a scan.

" @@ -1210,35 +1209,35 @@ "ScanSummary":{ "type":"structure", "required":[ + "scanState", "createdAt", - "runId", "scanName", - "scanState" + "runId" ], "members":{ + "scanState":{ + "shape":"ScanState", + "documentation":"

The state of the scan. A scan can be In Progress, Complete, or Failed.

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The time when the scan was created.

" }, - "runId":{ - "shape":"Uuid", - "documentation":"

The identifier for the scan run.

" + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The time the scan was last updated. A scan is updated when it is re-run.

" }, "scanName":{ "shape":"ScanName", "documentation":"

The name of the scan.

" }, + "runId":{ + "shape":"Uuid", + "documentation":"

The identifier for the scan run.

" + }, "scanNameArn":{ "shape":"ScanNameArn", "documentation":"

The ARN for the scan name.

" - }, - "scanState":{ - "shape":"ScanState", - "documentation":"

The state of the scan. A scan can be In Progress, Complete, or Failed.

" - }, - "updatedAt":{ - "shape":"Timestamp", - "documentation":"

The time the scan was last updated. A scan is updated when it is re-run.

" } }, "documentation":"

Information about a scan.

" @@ -1284,13 +1283,13 @@ "SuggestedFix":{ "type":"structure", "members":{ - "code":{ - "shape":"String", - "documentation":"

The suggested code fix. If applicable, includes code patch to replace your source code.

" - }, "description":{ "shape":"String", "documentation":"

A description of the suggested code fix and why it is being suggested.

" + }, + "code":{ + "shape":"String", + "documentation":"

The suggested code fix. If applicable, includes code patch to replace your source code.

" } }, "documentation":"

Information about the suggested code fix to remediate a finding.

" @@ -1338,8 +1337,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1361,13 +1359,13 @@ "shape":"String", "documentation":"

Description of the error.

" }, - "quotaCode":{ - "shape":"String", - "documentation":"

The identifier for the originating quota.

" - }, "serviceCode":{ "shape":"String", "documentation":"

The identifier for the originating service.

" + }, + "quotaCode":{ + "shape":"String", + "documentation":"

The identifier for the originating quota.

" } }, "documentation":"

The request was denied due to request throttling.

", @@ -1402,8 +1400,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccountConfigurationRequest":{ "type":"structure", @@ -1427,7 +1424,7 @@ }, "Uuid":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "ValidationException":{ "type":"structure", @@ -1441,10 +1438,6 @@ "shape":"String", "documentation":"

The identifier for the error.

" }, - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

The field that caused the error, if applicable.

" - }, "message":{ "shape":"String", "documentation":"

Description of the error.

" @@ -1452,6 +1445,10 @@ "reason":{ "shape":"ValidationExceptionReason", "documentation":"

The reason the request failed validation.

" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

The field that caused the error, if applicable.

" } }, "documentation":"

The input fails to satisfy the specified constraints.

", @@ -1464,17 +1461,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

Describes the exception.

" - }, "name":{ "shape":"String", "documentation":"

The name of the exception.

" + }, + "message":{ + "shape":"String", + "documentation":"

Describes the exception.

" } }, "documentation":"

Information about a validation exception.

" @@ -1496,31 +1493,31 @@ "Vulnerability":{ "type":"structure", "members":{ - "filePath":{ - "shape":"FilePath", - "documentation":"

An object that describes the location of the detected security vulnerability in your code.

" + "referenceUrls":{ + "shape":"ReferenceUrls", + "documentation":"

One or more URL addresses that contain details about a vulnerability.

" + }, + "relatedVulnerabilities":{ + "shape":"RelatedVulnerabilities", + "documentation":"

One or more vulnerabilities that are related to the vulnerability being described.

" }, "id":{ "shape":"String", "documentation":"

The identifier for the vulnerability.

" }, + "filePath":{ + "shape":"FilePath", + "documentation":"

An object that describes the location of the detected security vulnerability in your code.

" + }, "itemCount":{ "shape":"Integer", "documentation":"

The number of times the vulnerability appears in your code.

", "deprecated":true, "deprecatedMessage":"This shape is not used." - }, - "referenceUrls":{ - "shape":"ReferenceUrls", - "documentation":"

One or more URL addresses that contain details about a vulnerability.

" - }, - "relatedVulnerabilities":{ - "shape":"RelatedVulnerabilities", - "documentation":"

One or more vulnerabilities that are related to the vulnerability being described.

" } }, "documentation":"

Information about a security vulnerability that Amazon CodeGuru Security detected.

" } }, - "documentation":"

Amazon CodeGuru Security is in preview release and is subject to change.

This section provides documentation for the Amazon CodeGuru Security API operations. CodeGuru Security is a service that uses program analysis and machine learning to detect security policy violations and vulnerabilities, and recommends ways to address these security risks.

By proactively detecting and providing recommendations for addressing security risks, CodeGuru Security improves the overall security of your application code. For more information about CodeGuru Security, see the Amazon CodeGuru Security User Guide.

" + "documentation":"

On November 20, 2025, AWS will discontinue support for Amazon CodeGuru Security. After November 20, 2025, you will no longer be able to access the /codeguru/security console, service resources, or documentation. For more information, see https://docs.aws.amazon.com/codeguru/latest/security-ug/end-of-support.html.

This section provides documentation for the Amazon CodeGuru Security API operations. CodeGuru Security is a service that uses program analysis and machine learning to detect security policy violations and vulnerabilities, and recommends ways to address these security risks.

By proactively detecting and providing recommendations for addressing security risks, CodeGuru Security improves the overall security of your application code. For more information about CodeGuru Security, see the Amazon CodeGuru Security User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/waiters-2.json 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/waiters-2.json --- 2.23.6-1/awscli/botocore/data/codeguru-security/2018-05-10/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguru-security/2018-05-10/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/codeguruprofiler/2019-07-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codeguruprofiler/2019-07-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codeguruprofiler/2019-07-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codeguruprofiler/2019-07-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/paginators-1.json 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/paginators-1.json --- 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -40,6 +40,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "ruleExecutionDetails" + }, + "ListDeployActionExecutionTargets": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "targets" } } } diff -pruN 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/service-2.json 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/service-2.json --- 2.23.6-1/awscli/botocore/data/codepipeline/2015-07-09/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codepipeline/2015-07-09/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -285,6 +285,22 @@ ], "documentation":"

Gets a summary of all CodePipeline action types associated with your account.

" }, + "ListDeployActionExecutionTargets":{ + "name":"ListDeployActionExecutionTargets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDeployActionExecutionTargetsInput"}, + "output":{"shape":"ListDeployActionExecutionTargetsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"PipelineNotFoundException"}, + {"shape":"InvalidNextTokenException"}, + {"shape":"ActionExecutionNotFoundException"} + ], + "documentation":"

Lists the targets for the deploy action.

" + }, "ListPipelineExecutions":{ "name":"ListPipelineExecutions", "http":{ @@ -342,7 +358,7 @@ {"shape":"ValidationException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

Lists the rules for the condition. For more information about conditions, see Stage conditions. For more information about rules, see the CodePipeline rule reference.

" + "documentation":"

Lists the rules for the condition. For more information about conditions, see Stage conditions and How do stage conditions work?.For more information about rules, see the CodePipeline rule reference.

" }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -390,7 +406,7 @@ {"shape":"NotLatestPipelineExecutionException"}, {"shape":"ConcurrentPipelineExecutionsLimitExceededException"} ], - "documentation":"

Used to override a stage condition.

" + "documentation":"

Used to override a stage condition. For more information about conditions, see Stage conditions and How do stage conditions work?.

" }, "PollForJobs":{ "name":"PollForJobs", @@ -950,6 +966,10 @@ "timeoutInMinutes":{ "shape":"ActionTimeout", "documentation":"

A timeout duration in minutes that can be applied against the ActionType’s default timeout value specified in Quotas for CodePipeline . This attribute is available only to the manual approval ActionType.

" + }, + "environmentVariables":{ + "shape":"EnvironmentVariableList", + "documentation":"

The environment variables for the action.

" } }, "documentation":"

Represents information about an action declaration.

" @@ -1104,6 +1124,14 @@ }, "documentation":"

Input information used for an action execution.

" }, + "ActionExecutionNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"Message"} + }, + "documentation":"

The action execution was not found.

", + "exception":true + }, "ActionExecutionOutput":{ "type":"structure", "members":{ @@ -1169,8 +1197,7 @@ }, "ActionNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified action cannot be found.

", "exception":true }, @@ -1285,8 +1312,7 @@ }, "ActionTypeAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified action type already exists with a different definition.

", "exception":true }, @@ -1445,8 +1471,7 @@ }, "ActionTypeNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified action type cannot be found.

", "exception":true }, @@ -1562,8 +1587,7 @@ }, "ApprovalAlreadyCompletedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval action has already been approved or rejected.

", "exception":true }, @@ -1763,7 +1787,7 @@ "documentation":"

The conditions that are configured as entry conditions.

" } }, - "documentation":"

The conditions for making checks for entry to a stage.

" + "documentation":"

The conditions for making checks for entry to a stage. For more information about conditions, see Stage conditions and How do stage conditions work?.

" }, "BlockerDeclaration":{ "type":"structure", @@ -1848,7 +1872,7 @@ "documentation":"

The rules that make up the condition.

" } }, - "documentation":"

The condition for the stage. A condition is made up of the rules and the result for the condition. For more information about conditions, see Stage conditions. For more information about rules, see the CodePipeline rule reference.

" + "documentation":"

The condition for the stage. A condition is made up of the rules and the result for the condition. For more information about conditions, see Stage conditions and How do stage conditions work?.. For more information about rules, see the CodePipeline rule reference.

" }, "ConditionExecution":{ "type":"structure", @@ -2093,8 +2117,85 @@ }, "DeleteWebhookOutput":{ "type":"structure", + "members":{} + }, + "DeployActionExecutionTarget":{ + "type":"structure", "members":{ - } + "targetId":{ + "shape":"String", + "documentation":"

The ID of the target for the deploy action.

" + }, + "targetType":{ + "shape":"String", + "documentation":"

The type of target for the deploy action.

" + }, + "status":{ + "shape":"String", + "documentation":"

The status of the deploy action.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the deploy action.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the deploy action.

" + }, + "events":{ + "shape":"DeployTargetEventList", + "documentation":"

The lifecycle events for the deploy action.

" + } + }, + "documentation":"

The target for the deploy action.

" + }, + "DeployActionExecutionTargetList":{ + "type":"list", + "member":{"shape":"DeployActionExecutionTarget"} + }, + "DeployTargetEvent":{ + "type":"structure", + "members":{ + "name":{ + "shape":"String", + "documentation":"

The name of the event for the deploy action.

" + }, + "status":{ + "shape":"String", + "documentation":"

The status of the event for the deploy action.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The start time for the event for the deploy action.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The end time for the event for the deploy action.

" + }, + "context":{ + "shape":"DeployTargetEventContext", + "documentation":"

The context for the event for the deploy action.

" + } + }, + "documentation":"

A lifecycle event for the deploy action.

" + }, + "DeployTargetEventContext":{ + "type":"structure", + "members":{ + "ssmCommandId":{ + "shape":"String", + "documentation":"

The command ID for the event for the deploy action.

" + }, + "message":{ + "shape":"String", + "documentation":"

The context message for the event for the deploy action.

" + } + }, + "documentation":"

The context for the event for the deploy action.

" + }, + "DeployTargetEventList":{ + "type":"list", + "member":{"shape":"DeployTargetEvent"} }, "DeregisterWebhookWithThirdPartyInput":{ "type":"structure", @@ -2107,8 +2208,7 @@ }, "DeregisterWebhookWithThirdPartyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -2208,6 +2308,53 @@ "type":"string", "enum":["KMS"] }, + "EnvironmentVariable":{ + "type":"structure", + "required":[ + "name", + "value" + ], + "members":{ + "name":{ + "shape":"EnvironmentVariableName", + "documentation":"

The environment variable name in the key-value pair.

" + }, + "value":{ + "shape":"EnvironmentVariableValue", + "documentation":"

The environment variable value in the key-value pair.

" + }, + "type":{ + "shape":"EnvironmentVariableType", + "documentation":"

Specifies the type of use for the environment variable value. The value can be either PLAINTEXT or SECRETS_MANAGER. If the value is SECRETS_MANAGER, provide the Secrets reference in the EnvironmentVariable value.

" + } + }, + "documentation":"

The environment variables for the action.

" + }, + "EnvironmentVariableList":{ + "type":"list", + "member":{"shape":"EnvironmentVariable"}, + "max":10, + "min":1 + }, + "EnvironmentVariableName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9_]+" + }, + "EnvironmentVariableType":{ + "type":"string", + "enum":[ + "PLAINTEXT", + "SECRETS_MANAGER" + ] + }, + "EnvironmentVariableValue":{ + "type":"string", + "max":2000, + "min":1, + "pattern":".*" + }, "ErrorDetails":{ "type":"structure", "members":{ @@ -2315,10 +2462,10 @@ }, "conditions":{ "shape":"ConditionList", - "documentation":"

The conditions that are configured as failure conditions.

" + "documentation":"

The conditions that are configured as failure conditions. For more information about conditions, see Stage conditions and How do stage conditions work?.

" } }, - "documentation":"

The configuration that specifies the result, such as rollback, to occur upon stage failure.

" + "documentation":"

The configuration that specifies the result, such as rollback, to occur upon stage failure. For more information about conditions, see Stage conditions and How do stage conditions work?.

" }, "FailureDetails":{ "type":"structure", @@ -2633,7 +2780,7 @@ "members":{ "events":{ "shape":"GitPullRequestEventTypeList", - "documentation":"

The field that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration.

" + "documentation":"

The field that specifies which pull request events to filter on (OPEN, UPDATED, CLOSED) for the trigger configuration.

" }, "branches":{ "shape":"GitBranchFilterCriteria", @@ -2644,7 +2791,7 @@ "documentation":"

The field that specifies to filter on file paths for the pull request trigger configuration.

" } }, - "documentation":"

The event criteria for the pull request trigger configuration, such as the lists of branches or file paths to include and exclude.

" + "documentation":"

The event criteria for the pull request trigger configuration, such as the lists of branches or file paths to include and exclude.

The following are valid values for the events for this filter:

  • CLOSED

  • OPEN

  • UPDATED

" }, "GitPullRequestFilterList":{ "type":"list", @@ -2718,15 +2865,13 @@ }, "InvalidActionDeclarationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The action declaration was specified in an invalid format.

", "exception":true }, "InvalidApprovalTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The approval request already received a response or has expired.

", "exception":true }, @@ -2740,57 +2885,49 @@ }, "InvalidBlockerDeclarationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Reserved for future use.

", "exception":true }, "InvalidClientTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The client token was specified in an invalid format

", "exception":true }, "InvalidJobException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The job was specified in an invalid format or cannot be found.

", "exception":true }, "InvalidJobStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The job state was specified in an invalid format.

", "exception":true }, "InvalidNextTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The next token was specified in an invalid format. Make sure that the next token you provide is the token returned by a previous call.

", "exception":true }, "InvalidNonceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The nonce was specified in an invalid format.

", "exception":true }, "InvalidStageDeclarationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The stage declaration was specified in an invalid format.

", "exception":true }, "InvalidStructureException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The structure was specified in an invalid format.

", "exception":true }, @@ -2804,15 +2941,13 @@ }, "InvalidWebhookAuthenticationParametersException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified authentication type is in an invalid format.

", "exception":true }, "InvalidWebhookFilterPatternException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified event filter rule is in an invalid format.

", "exception":true }, @@ -2904,8 +3039,7 @@ }, "JobNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The job was specified in an invalid format or cannot be found.

", "exception":true }, @@ -2985,8 +3119,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of pipelines associated with the Amazon Web Services account has exceeded the limit allowed for the account.

", "exception":true }, @@ -3058,6 +3191,45 @@ }, "documentation":"

Represents the output of a ListActionTypes action.

" }, + "ListDeployActionExecutionTargetsInput":{ + "type":"structure", + "required":["actionExecutionId"], + "members":{ + "pipelineName":{ + "shape":"PipelineName", + "documentation":"

The name of the pipeline with the deploy action.

" + }, + "actionExecutionId":{ + "shape":"ActionExecutionId", + "documentation":"

The execution ID for the deploy action.

" + }, + "filters":{ + "shape":"TargetFilterList", + "documentation":"

Filters the targets for a specified deploy action.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned nextToken value.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

An identifier that was returned from the previous list action types call, which can be used to return the next set of action types in the list.

" + } + } + }, + "ListDeployActionExecutionTargetsOutput":{ + "type":"structure", + "members":{ + "targets":{ + "shape":"DeployActionExecutionTargetList", + "documentation":"

The targets for the deploy action.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

An identifier that was returned from the previous list action types call, which can be used to return the next set of action types in the list.

" + } + } + }, "ListPipelineExecutionsInput":{ "type":"structure", "required":["pipelineName"], @@ -3337,8 +3509,7 @@ }, "NotLatestPipelineExecutionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The stage has failed in a later run of the pipeline and the pipelineExecutionId associated with the request is out of date.

", "exception":true }, @@ -3566,8 +3737,7 @@ }, "PipelineExecutionNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pipeline execution was specified in an invalid format or cannot be found, or an execution ID does not belong to the specified pipeline.

", "exception":true }, @@ -3675,7 +3845,7 @@ }, "pollingDisabledAt":{ "shape":"Timestamp", - "documentation":"

The date and time that polling for source changes (periodic checks) was stopped for the pipeline, in timestamp format. You can migrate (update) a polling pipeline to use event-based change detection. For example, for a pipeline with a CodeCommit source, we recommend you migrate (update) your pipeline to use CloudWatch Events. To learn more, see Migrate polling pipelines to use event-based change detection in the CodePipeline User Guide.

" + "documentation":"

The date and time that polling for source changes (periodic checks) was stopped for the pipeline, in timestamp format.

Pipelines that are inactive for longer than 30 days will have polling disabled for the pipeline. For more information, see pollingDisabledAt in the pipeline structure reference. For the steps to migrate your pipeline from polling to event-based change detection, see Migrate polling pipelines to use event-based change detection.

You can migrate (update) a polling pipeline to use event-based change detection. For example, for a pipeline with a CodeCommit source, we recommend you migrate (update) your pipeline to use CloudWatch Events. To learn more, see Migrate polling pipelines to use event-based change detection in the CodePipeline User Guide.

" } }, "documentation":"

Information about a pipeline.

" @@ -3688,15 +3858,13 @@ }, "PipelineNameInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified pipeline name is already in use.

", "exception":true }, "PipelineNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pipeline was specified in an invalid format or cannot be found.

", "exception":true }, @@ -3850,8 +4018,7 @@ }, "PipelineVersionNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The pipeline version was specified in an invalid format or cannot be found.

", "exception":true }, @@ -4001,7 +4168,7 @@ }, "token":{ "shape":"ApprovalToken", - "documentation":"

The system-generated token used to identify a unique approval request. The token for each open approval request can be obtained using the GetPipelineState action. It is used to validate that the approval request corresponding to this token is still valid.

For a pipeline where the execution mode is set to PARALLEL, the token required to approve/reject approval request as detailed above is not available. Instead, use the externalExecutionId from the GetPipelineState action as the token in the approval request.

" + "documentation":"

The system-generated token used to identify a unique approval request. The token for each open approval request can be obtained using the GetPipelineState action. It is used to validate that the approval request corresponding to this token is still valid.

For a pipeline where the execution mode is set to PARALLEL, the token required to approve/reject an approval request as detailed above is not available. Instead, use the externalExecutionId in the response output from the ListActionExecutions action as the token in the approval request.

" } }, "documentation":"

Represents the input of a PutApprovalResult action.

" @@ -4155,8 +4322,7 @@ }, "RegisterWebhookWithThirdPartyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RequestFailedException":{ "type":"structure", @@ -4200,8 +4366,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The resource was specified in an invalid format.

", "exception":true }, @@ -4457,7 +4622,7 @@ "documentation":"

The action timeout for the rule.

" } }, - "documentation":"

Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage. For more information about conditions, see Stage conditions. For more information about rules, see the CodePipeline rule reference.

" + "documentation":"

Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage. For more information about conditions, see Stage conditions and How do stage conditions work?. For more information about rules, see the CodePipeline rule reference.

" }, "RuleDeclarationList":{ "type":"list", @@ -4579,7 +4744,7 @@ "members":{ "ruleTypeId":{ "shape":"RuleTypeId", - "documentation":"

The ID for the rule type, which is made up of the combined values for category, owner, provider, and version.

" + "documentation":"

The ID for the rule type, which is made up of the combined values for category, owner, provider, and version. For more information about conditions, see Stage conditions. For more information about rules, see the CodePipeline rule reference.

" }, "configuration":{ "shape":"RuleConfigurationMap", @@ -4763,14 +4928,14 @@ }, "provider":{ "shape":"RuleProvider", - "documentation":"

The rule provider, such as the DeploymentWindow rule.

" + "documentation":"

The rule provider, such as the DeploymentWindow rule. For a list of rule provider names, see the rules listed in the CodePipeline rule reference.

" }, "version":{ "shape":"Version", "documentation":"

A string that describes the rule version.

" } }, - "documentation":"

The ID for the rule type, which is made up of the combined values for category, owner, provider, and version.

" + "documentation":"

The ID for the rule type, which is made up of the combined values for category, owner, provider, and version. For more information about conditions, see Stage conditions. For more information about rules, see the CodePipeline rule reference.

" }, "RuleTypeList":{ "type":"list", @@ -5046,15 +5211,13 @@ }, "StageNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The stage was specified in an invalid format or cannot be found.

", "exception":true }, "StageNotRetryableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Unable to retry. The pipeline structure or stage state might have changed while actions awaited retry, or the stage contains no failed actions.

", "exception":true }, @@ -5228,7 +5391,7 @@ "documentation":"

The conditions that are success conditions.

" } }, - "documentation":"

The conditions for making checks that, if met, succeed a stage.

" + "documentation":"

The conditions for making checks that, if met, succeed a stage. For more information about conditions, see Stage conditions and How do stage conditions work?.

" }, "Tag":{ "type":"structure", @@ -5280,14 +5443,43 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0 }, + "TargetFilter":{ + "type":"structure", + "members":{ + "name":{ + "shape":"TargetFilterName", + "documentation":"

The name on which to filter.

" + }, + "values":{ + "shape":"TargetFilterValueList", + "documentation":"

The values on which to filter.

" + } + }, + "documentation":"

Filters the list of targets.

" + }, + "TargetFilterList":{ + "type":"list", + "member":{"shape":"TargetFilter"} + }, + "TargetFilterName":{ + "type":"string", + "enum":["TARGET_STATUS"] + }, + "TargetFilterValue":{ + "type":"string", + "min":1 + }, + "TargetFilterValueList":{ + "type":"list", + "member":{"shape":"TargetFilterValue"} + }, "ThirdPartyJob":{ "type":"structure", "members":{ @@ -5445,8 +5637,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateActionTypeInput":{ "type":"structure", @@ -5491,8 +5682,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The validation was specified in an invalid format.

", "exception":true }, @@ -5608,8 +5798,7 @@ }, "WebhookNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified webhook was entered in an invalid format or cannot be found.

", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/codestar-connections/2019-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codestar-connections/2019-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codestar-connections/2019-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codestar-connections/2019-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/codestar-connections/2019-12-01/service-2.json 2.31.35-1/awscli/botocore/data/codestar-connections/2019-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/codestar-connections/2019-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codestar-connections/2019-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"codestar-connections", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS CodeStar connections", "serviceId":"CodeStar connections", "signatureVersion":"v4", "signingName":"codestar-connections", "targetPrefix":"com.amazonaws.codestar.connections.CodeStar_connections_20191201", - "uid":"codestar-connections-2019-12-01" + "uid":"codestar-connections-2019-12-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateConnection":{ @@ -518,7 +520,7 @@ }, "ConnectionArn":{ "shape":"ConnectionArn", - "documentation":"

The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between Amazon Web Services.

The ARN is never reused if the connection is deleted.

" + "documentation":"

The Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between Amazon Web Services services.

The ARN is never reused if the connection is deleted.

" }, "ProviderType":{ "shape":"ProviderType", @@ -750,8 +752,7 @@ }, "DeleteConnectionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteHostInput":{ "type":"structure", @@ -765,8 +766,7 @@ }, "DeleteHostOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRepositoryLinkInput":{ "type":"structure", @@ -780,8 +780,7 @@ }, "DeleteRepositoryLinkOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSyncConfigurationInput":{ "type":"structure", @@ -802,8 +801,7 @@ }, "DeleteSyncConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeploymentFilePath":{"type":"string"}, "Directory":{"type":"string"}, @@ -1898,8 +1896,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1966,8 +1963,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateHostInput":{ "type":"structure", @@ -1989,8 +1985,7 @@ }, "UpdateHostOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOutOfSyncException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/codestar-notifications/2019-10-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/codestar-notifications/2019-10-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/codestar-notifications/2019-10-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codestar-notifications/2019-10-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/codestar-notifications/2019-10-15/service-2.json 2.31.35-1/awscli/botocore/data/codestar-notifications/2019-10-15/service-2.json --- 2.23.6-1/awscli/botocore/data/codestar-notifications/2019-10-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/codestar-notifications/2019-10-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"codestar-notifications", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS CodeStar Notifications", "serviceId":"codestar notifications", "signatureVersion":"v4", "signingName":"codestar-notifications", - "uid":"codestar-notifications-2019-10-15" + "uid":"codestar-notifications-2019-10-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateNotificationRule":{ @@ -28,7 +30,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Creates a notification rule for a resource. The rule specifies the events you want notifications about and the targets (such as Chatbot topics or Chatbot clients configured for Slack) where you want to receive them.

" + "documentation":"

Creates a notification rule for a resource. The rule specifies the events you want notifications about and the targets (such as Amazon Q Developer in chat applications topics or Amazon Q Developer in chat applications clients configured for Slack) where you want to receive them.

" }, "DeleteNotificationRule":{ "name":"DeleteNotificationRule", @@ -141,7 +143,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ConfigurationException"} ], - "documentation":"

Creates an association between a notification rule and an Chatbot topic or Chatbot client so that the associated target can receive notifications when the events described in the rule are triggered.

" + "documentation":"

Creates an association between a notification rule and an Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client so that the associated target can receive notifications when the events described in the rule are triggered.

" }, "TagResource":{ "name":"TagResource", @@ -170,7 +172,7 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"

Removes an association between a notification rule and an Chatbot topic so that subscribers to that topic stop receiving notifications when the events described in the rule are triggered.

" + "documentation":"

Removes an association between a notification rule and an Amazon Q Developer in chat applications topic so that subscribers to that topic stop receiving notifications when the events described in the rule are triggered.

" }, "UntagResource":{ "name":"UntagResource", @@ -210,7 +212,7 @@ "members":{ "Message":{"shape":"Message"} }, - "documentation":"

AWS CodeStar Notifications can't create the notification rule because you do not have sufficient permissions.

", + "documentation":"

CodeStar Notifications can't create the notification rule because you do not have sufficient permissions.

", "error":{"httpStatusCode":403}, "exception":true }, @@ -225,7 +227,7 @@ "members":{ "Message":{"shape":"Message"} }, - "documentation":"

AWS CodeStar Notifications can't complete the request because the resource is being modified by another process. Wait a few minutes and try again.

", + "documentation":"

CodeStar Notifications can't complete the request because the resource is being modified by another process. Wait a few minutes and try again.

", "error":{"httpStatusCode":400}, "exception":true }, @@ -262,11 +264,11 @@ }, "Targets":{ "shape":"Targets", - "documentation":"

A list of Amazon Resource Names (ARNs) of Amazon Simple Notification Service topics and Chatbot clients to associate with the notification rule.

" + "documentation":"

A list of Amazon Resource Names (ARNs) of Amazon Simple Notification Service topics and Amazon Q Developer in chat applications clients to associate with the notification rule.

" }, "DetailType":{ "shape":"DetailType", - "documentation":"

The level of detail to include in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by AWS CodeStar Notifications and/or the service for the resource for which the notification is created.

" + "documentation":"

The level of detail to include in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by CodeStar Notifications and/or the service for the resource for which the notification is created.

" }, "ClientRequestToken":{ "shape":"ClientRequestToken", @@ -318,18 +320,17 @@ "members":{ "TargetAddress":{ "shape":"TargetAddress", - "documentation":"

The Amazon Resource Name (ARN) of the Chatbot topic or Chatbot client to delete.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client to delete.

" }, "ForceUnsubscribeAll":{ "shape":"ForceUnsubscribeAll", - "documentation":"

A Boolean value that can be used to delete all associations with this Chatbot topic. The default value is FALSE. If set to TRUE, all associations between that target and every notification rule in your Amazon Web Services account are deleted.

" + "documentation":"

A Boolean value that can be used to delete all associations with this Amazon Q Developer in chat applications topic. The default value is FALSE. If set to TRUE, all associations between that target and every notification rule in your Amazon Web Services account are deleted.

" } } }, "DeleteTargetResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeNotificationRuleRequest":{ "type":"structure", @@ -363,11 +364,11 @@ }, "Targets":{ "shape":"TargetsBatch", - "documentation":"

A list of the Chatbot topics and Chatbot clients associated with the notification rule.

" + "documentation":"

A list of the Amazon Q Developer in chat applications topics and Amazon Q Developer in chat applications clients associated with the notification rule.

" }, "DetailType":{ "shape":"DetailType", - "documentation":"

The level of detail included in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by AWS CodeStar Notifications and/or the service for the resource for which the notification is created.

" + "documentation":"

The level of detail included in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by CodeStar Notifications and/or the service for the resource for which the notification is created.

" }, "CreatedBy":{ "shape":"NotificationRuleCreatedBy", @@ -450,7 +451,7 @@ "members":{ "Message":{"shape":"Message"} }, - "documentation":"

One of the AWS CodeStar Notifications limits has been exceeded. Limits apply to accounts, notification rules, notifications, resources, and targets. For more information, see Limits.

", + "documentation":"

One of the CodeStar Notifications limits has been exceeded. Limits apply to accounts, notification rules, notifications, resources, and targets. For more information, see Limits.

", "error":{"httpStatusCode":400}, "exception":true }, @@ -616,7 +617,7 @@ "documentation":"

The value of the attribute you want to use to filter the returned targets. For example, if you specify SNS for the Target type, you could specify an Amazon Resource Name (ARN) for a topic as the value.

" } }, - "documentation":"

Information about a filter to apply to the list of returned targets. You can filter by target type, address, or status. For example, to filter results to notification rules that have active Chatbot topics as targets, you could specify a ListTargetsFilter Name as TargetType and a Value of SNS, and a Name of TARGET_STATUS and a Value of ACTIVE.

" + "documentation":"

Information about a filter to apply to the list of returned targets. You can filter by target type, address, or status. For example, to filter results to notification rules that have active Amazon Q Developer in chat applications topics as targets, you could specify a ListTargetsFilter Name as TargetType and a Value of SNS, and a Name of TARGET_STATUS and a Value of ACTIVE.

" }, "ListTargetsFilterName":{ "type":"string", @@ -741,7 +742,7 @@ "members":{ "Message":{"shape":"Message"} }, - "documentation":"

AWS CodeStar Notifications can't find a resource that matches the provided ARN.

", + "documentation":"

CodeStar Notifications can't find a resource that matches the provided ARN.

", "error":{"httpStatusCode":404}, "exception":true }, @@ -829,14 +830,14 @@ "members":{ "TargetType":{ "shape":"TargetType", - "documentation":"

The target type. Can be an Chatbot topic or Chatbot client.

  • Chatbot topics are specified as SNS.

  • Chatbot clients are specified as AWSChatbotSlack.

" + "documentation":"

The target type. Can be an Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client.

  • Amazon Q Developer in chat applications topics are specified as SNS.

  • Amazon Q Developer in chat applications clients are specified as AWSChatbotSlack.

" }, "TargetAddress":{ "shape":"TargetAddress", - "documentation":"

The Amazon Resource Name (ARN) of the Chatbot topic or Chatbot client.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client.

" } }, - "documentation":"

Information about the Chatbot topics or Chatbot clients associated with a notification rule.

" + "documentation":"

Information about the Amazon Q Developer in chat applications topics or Amazon Q Developer in chat applications clients associated with a notification rule.

" }, "TargetAddress":{ "type":"string", @@ -859,11 +860,11 @@ "members":{ "TargetAddress":{ "shape":"TargetAddress", - "documentation":"

The Amazon Resource Name (ARN) of the Chatbot topic or Chatbot client.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client.

" }, "TargetType":{ "shape":"TargetType", - "documentation":"

The type of the target (for example, SNS).

  • Chatbot topics are specified as SNS.

  • Chatbot clients are specified as AWSChatbotSlack.

" + "documentation":"

The type of the target (for example, SNS).

  • Amazon Q Developer in chat applications topics are specified as SNS.

  • Amazon Q Developer in chat applications clients are specified as AWSChatbotSlack.

" }, "TargetStatus":{ "shape":"TargetStatus", @@ -898,7 +899,7 @@ }, "TargetAddress":{ "shape":"TargetAddress", - "documentation":"

The ARN of the Chatbot topic to unsubscribe from the notification rule.

" + "documentation":"

The ARN of the Amazon Q Developer in chat applications topic to unsubscribe from the notification rule.

" } } }, @@ -935,8 +936,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotificationRuleRequest":{ "type":"structure", @@ -964,14 +964,13 @@ }, "DetailType":{ "shape":"DetailType", - "documentation":"

The level of detail to include in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by AWS CodeStar Notifications and/or the service for the resource for which the notification is created.

" + "documentation":"

The level of detail to include in the notifications for this resource. BASIC will include only the contents of the event as it would appear in Amazon CloudWatch. FULL will include any supplemental information provided by CodeStar Notifications and/or the service for the resource for which the notification is created.

" } } }, "UpdateNotificationRuleResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -983,5 +982,5 @@ "exception":true } }, - "documentation":"

This AWS CodeStar Notifications API Reference provides descriptions and usage examples of the operations and data types for the AWS CodeStar Notifications API. You can use the AWS CodeStar Notifications API to work with the following objects:

Notification rules, by calling the following:

Targets, by calling the following:

  • DeleteTarget, which removes a notification rule target from a notification rule.

  • ListTargets, which lists the targets associated with a notification rule.

Events, by calling the following:

  • ListEventTypes, which lists the event types you can include in a notification rule.

Tags, by calling the following:

  • ListTagsForResource, which lists the tags already associated with a notification rule in your account.

  • TagResource, which associates a tag you provide with a notification rule in your account.

  • UntagResource, which removes a tag from a notification rule in your account.

For information about how to use AWS CodeStar Notifications, see the Amazon Web Services Developer Tools Console User Guide.

" + "documentation":"

This CodeStar Notifications API Reference provides descriptions and usage examples of the operations and data types for the CodeStar Notifications API. You can use the CodeStar Notifications API to work with the following objects:

Notification rules, by calling the following:

Targets, by calling the following:

  • DeleteTarget, which removes a notification rule target from a notification rule.

  • ListTargets, which lists the targets associated with a notification rule.

Events, by calling the following:

  • ListEventTypes, which lists the event types you can include in a notification rule.

Tags, by calling the following:

  • ListTagsForResource, which lists the tags already associated with a notification rule in your account.

  • TagResource, which associates a tag you provide with a notification rule in your account.

  • UntagResource, which removes a tag from a notification rule in your account.

For information about how to use CodeStar Notifications, see the Amazon Web Services Developer Tools Console User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/cognito-identity/2014-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cognito-identity/2014-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cognito-identity/2014-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-identity/2014-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json 2.31.35-1/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json --- 2.23.6-1/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"InternalErrorException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates a new identity pool. The identity pool is a store of user identity information that is specific to your AWS account. The keys for SupportedLoginProviders are as follows:

  • Facebook: graph.facebook.com

  • Google: accounts.google.com

  • Amazon: www.amazon.com

  • Twitter: api.twitter.com

  • Digits: www.digits.com

You must use AWS Developer credentials to call this API.

" + "documentation":"

Creates a new identity pool. The identity pool is a store of user identity information that is specific to your Amazon Web Services account. The keys for SupportedLoginProviders are as follows:

  • Facebook: graph.facebook.com

  • Google: accounts.google.com

  • Sign in With Apple: appleid.apple.com

  • Amazon: www.amazon.com

  • Twitter: api.twitter.com

  • Digits: www.digits.com

If you don't provide a value for a parameter, Amazon Cognito sets it to its default value.

You must use Amazon Web Services developer credentials to call this operation.

" }, "DeleteIdentities":{ "name":"DeleteIdentities", @@ -45,7 +45,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Deletes identities from an identity pool. You can specify a list of 1-60 identities that you want to delete.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Deletes identities from an identity pool. You can specify a list of 1-60 identities that you want to delete.

You must use Amazon Web Services developer credentials to call this operation.

" }, "DeleteIdentityPool":{ "name":"DeleteIdentityPool", @@ -61,7 +61,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Deletes an identity pool. Once a pool is deleted, users will not be able to authenticate with the pool.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Deletes an identity pool. Once a pool is deleted, users will not be able to authenticate with the pool.

You must use Amazon Web Services developer credentials to call this operation.

" }, "DescribeIdentity":{ "name":"DescribeIdentity", @@ -78,7 +78,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Returns metadata related to the given identity, including when the identity was created and any associated linked logins.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Returns metadata related to the given identity, including when the identity was created and any associated linked logins.

You must use Amazon Web Services developer credentials to call this operation.

" }, "DescribeIdentityPool":{ "name":"DescribeIdentityPool", @@ -95,7 +95,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.

You must use Amazon Web Services developer credentials to call this operation.

" }, "GetCredentialsForIdentity":{ "name":"GetCredentialsForIdentity", @@ -115,7 +115,7 @@ {"shape":"InternalErrorException"}, {"shape":"ExternalServiceException"} ], - "documentation":"

Returns credentials for the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to AWS Security Token Service with the appropriate role for the token.

This is a public API. You do not need any credentials to call this API.

", + "documentation":"

Returns credentials for the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to Security Token Service with the appropriate role for the token.

This is a public API. You do not need any credentials to call this API.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -137,7 +137,7 @@ {"shape":"LimitExceededException"}, {"shape":"ExternalServiceException"} ], - "documentation":"

Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicit linked account.

This is a public API. You do not need any credentials to call this API.

", + "documentation":"

Generates (or retrieves) IdentityID. Supplying multiple logins will create an implicit linked account.

This is a public API. You do not need any credentials to call this API.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -157,7 +157,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets the roles for an identity pool.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Gets the roles for an identity pool.

You must use Amazon Web Services developer credentials to call this operation.

" }, "GetOpenIdToken":{ "name":"GetOpenIdToken", @@ -197,7 +197,7 @@ {"shape":"InternalErrorException"}, {"shape":"DeveloperUserAlreadyRegisteredException"} ], - "documentation":"

Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process. Supplying multiple logins will create an implicit linked account. You can only specify one developer provider as part of the Logins map, which is linked to the identity pool. The developer provider is the \"domain\" by which Cognito will refer to your users.

You can use GetOpenIdTokenForDeveloperIdentity to create a new identity and to link new logins (that is, user credentials issued by a public provider or developer provider) to an existing identity. When you want to create a new identity, the IdentityId should be null. When you want to associate a new login with an existing authenticated/unauthenticated identity, you can do so by providing the existing IdentityId. This API will create the identity in the specified IdentityPoolId.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process. Supplying multiple logins will create an implicit linked account. You can only specify one developer provider as part of the Logins map, which is linked to the identity pool. The developer provider is the \"domain\" by which Cognito will refer to your users.

You can use GetOpenIdTokenForDeveloperIdentity to create a new identity and to link new logins (that is, user credentials issued by a public provider or developer provider) to an existing identity. When you want to create a new identity, the IdentityId should be null. When you want to associate a new login with an existing authenticated/unauthenticated identity, you can do so by providing the existing IdentityId. This API will create the identity in the specified IdentityPoolId.

You must use Amazon Web Services developer credentials to call this operation.

" }, "GetPrincipalTagAttributeMap":{ "name":"GetPrincipalTagAttributeMap", @@ -231,7 +231,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the identities in an identity pool.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Lists the identities in an identity pool.

You must use Amazon Web Services developer credentials to call this operation.

" }, "ListIdentityPools":{ "name":"ListIdentityPools", @@ -248,7 +248,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists all of the Cognito identity pools registered for your account.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Lists all of the Cognito identity pools registered for your account.

You must use Amazon Web Services developer credentials to call this operation.

" }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -283,7 +283,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Retrieves the IdentityID associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifier values associated with an IdentityId for an existing identity. Either IdentityID or DeveloperUserIdentifier must not be null. If you supply only one of these values, the other value will be searched in the database and returned as a part of the response. If you supply both, DeveloperUserIdentifier will be matched against IdentityID. If the values are verified against the database, the response returns both values and is the same as the request. Otherwise a ResourceConflictException is thrown.

LookupDeveloperIdentity is intended for low-throughput control plane operations: for example, to enable customer service to locate an identity ID by username. If you are using it for higher-volume operations such as user authentication, your requests are likely to be throttled. GetOpenIdTokenForDeveloperIdentity is a better option for higher-volume operations for user authentication.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Retrieves the IdentityID associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifier values associated with an IdentityId for an existing identity. Either IdentityID or DeveloperUserIdentifier must not be null. If you supply only one of these values, the other value will be searched in the database and returned as a part of the response. If you supply both, DeveloperUserIdentifier will be matched against IdentityID. If the values are verified against the database, the response returns both values and is the same as the request. Otherwise, a ResourceConflictException is thrown.

LookupDeveloperIdentity is intended for low-throughput control plane operations: for example, to enable customer service to locate an identity ID by username. If you are using it for higher-volume operations such as user authentication, your requests are likely to be throttled. GetOpenIdTokenForDeveloperIdentity is a better option for higher-volume operations for user authentication.

You must use Amazon Web Services developer credentials to call this operation.

" }, "MergeDeveloperIdentities":{ "name":"MergeDeveloperIdentities", @@ -301,7 +301,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Merges two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider. You can use this action to request that discrete users be merged and identified as a single user in the Cognito environment. Cognito associates the given source user (SourceUserIdentifier) with the IdentityId of the DestinationUserIdentifier. Only developer-authenticated users can be merged. If the users to be merged are associated with the same public provider, but as two different users, an exception will be thrown.

The number of linked logins is limited to 20. So, the number of linked logins for the source user, SourceUserIdentifier, and the destination user, DestinationUserIdentifier, together should not be larger than 20. Otherwise, an exception will be thrown.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Merges two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider. You can use this action to request that discrete users be merged and identified as a single user in the Cognito environment. Cognito associates the given source user (SourceUserIdentifier) with the IdentityId of the DestinationUserIdentifier. Only developer-authenticated users can be merged. If the users to be merged are associated with the same public provider, but as two different users, an exception will be thrown.

The number of linked logins is limited to 20. So, the number of linked logins for the source user, SourceUserIdentifier, and the destination user, DestinationUserIdentifier, together should not be larger than 20. Otherwise, an exception will be thrown.

You must use Amazon Web Services developer credentials to call this operation.

" }, "SetIdentityPoolRoles":{ "name":"SetIdentityPoolRoles", @@ -319,7 +319,7 @@ {"shape":"InternalErrorException"}, {"shape":"ConcurrentModificationException"} ], - "documentation":"

Sets the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Sets the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action.

You must use Amazon Web Services developer credentials to call this operation.

" }, "SetPrincipalTagAttributeMap":{ "name":"SetPrincipalTagAttributeMap", @@ -370,7 +370,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Unlinks a DeveloperUserIdentifier from an existing identity. Unlinked developer users will be considered new identities next time they are seen. If, for a given Cognito identity, you remove all federated identities as well as the developer user identifier, the Cognito identity becomes inaccessible.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Unlinks a DeveloperUserIdentifier from an existing identity. Unlinked developer users will be considered new identities next time they are seen. If, for a given Cognito identity, you remove all federated identities as well as the developer user identifier, the Cognito identity becomes inaccessible.

You must use Amazon Web Services developer credentials to call this operation.

" }, "UnlinkIdentity":{ "name":"UnlinkIdentity", @@ -427,7 +427,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Updates an identity pool.

You must use AWS Developer credentials to call this API.

" + "documentation":"

Updates the configuration of an identity pool.

If you don't provide a value for a parameter, Amazon Cognito sets it to its default value.

You must use Amazon Web Services developer credentials to call this operation.

" } }, "shapes":{ @@ -475,7 +475,7 @@ }, "ServerSideTokenCheck":{ "shape":"CognitoIdentityProviderTokenCheck", - "documentation":"

TRUE if server-side token validation is enabled for the identity provider’s token.

Once you set ServerSideTokenCheck to TRUE for an identity pool, that identity pool will check with the integrated user pools to make sure that the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.

If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.

", + "documentation":"

TRUE if server-side token validation is enabled for the identity provider’s token.

Once you set ServerSideTokenCheck to TRUE for an identity pool, that identity pool will check with the integrated user pools to make sure that the user has not been globally signed out or deleted before the identity pool provides an OIDC token or Amazon Web Services credentials for the user.

If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.

", "box":true } }, @@ -715,7 +715,7 @@ "members":{ "AccountId":{ "shape":"AccountId", - "documentation":"

A standard AWS account ID (9+ digits).

" + "documentation":"

A standard Amazon Web Services account ID (9+ digits).

" }, "IdentityPoolId":{ "shape":"IdentityPoolId", @@ -762,7 +762,7 @@ }, "RoleMappings":{ "shape":"RoleMappingMap", - "documentation":"

How users for a specific identity provider are to mapped to roles. This is a String-to-RoleMapping object map. The string identifies the identity provider, for example, \"graph.facebook.com\" or \"cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id\".

" + "documentation":"

How users for a specific identity provider are to mapped to roles. This is a String-to-RoleMapping object map. The string identifies the identity provider, for example, graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id.

" } }, "documentation":"

Returned in response to a successful GetIdentityPoolRoles operation.

" @@ -792,7 +792,7 @@ }, "TokenDuration":{ "shape":"TokenDuration", - "documentation":"

The expiration time of the token, in seconds. You can specify a custom expiration time for the token so that you can cache it. If you don't provide an expiration time, the token is valid for 15 minutes. You can exchange the token with Amazon STS for temporary AWS credentials, which are valid for a maximum of one hour. The maximum token duration you can set is 24 hours. You should take care in setting the expiration time for a token, as there are significant security implications: an attacker could use a leaked token to access your AWS resources for the token's duration.

Please provide for a small grace period, usually no more than 5 minutes, to account for clock skew.

" + "documentation":"

The expiration time of the token, in seconds. You can specify a custom expiration time for the token so that you can cache it. If you don't provide an expiration time, the token is valid for 15 minutes. You can exchange the token with Amazon STS for temporary Amazon Web Services credentials, which are valid for a maximum of one hour. The maximum token duration you can set is 24 hours. You should take care in setting the expiration time for a token, as there are significant security implications: an attacker could use a leaked token to access your Amazon Web Services resources for the token's duration.

Please provide for a small grace period, usually no more than 5 minutes, to account for clock skew.

" } }, "documentation":"

Input to the GetOpenIdTokenForDeveloperIdentity action.

" @@ -1051,7 +1051,7 @@ "documentation":"

The message returned for an InvalidIdentityPoolConfigurationException

" } }, - "documentation":"

Thrown if the identity pool has no role associated for the given auth type (auth/unauth) or if the AssumeRole fails.

", + "documentation":"

If you provided authentication information in the request, the identity pool has no authenticated role configured, or STS returned an error response to the request to assume the authenticated role from the identity pool. If you provided no authentication information in the request, the identity pool has no unauthenticated role configured, or STS returned an error response to the request to assume the unauthenticated role from the identity pool.

Your role trust policy must grant AssumeRoleWithWebIdentity permissions to cognito-identity.amazonaws.com.

", "exception":true }, "InvalidParameterException":{ @@ -1453,7 +1453,7 @@ }, "RoleMappings":{ "shape":"RoleMappingMap", - "documentation":"

How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, \"graph.facebook.com\" or \"cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id\".

Up to 25 rules can be specified per identity provider.

" + "documentation":"

How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id.

Up to 25 rules can be specified per identity provider.

" } }, "documentation":"

Input to the SetIdentityPoolRoles action.

" @@ -1529,8 +1529,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValueType":{ "type":"string", @@ -1642,10 +1641,9 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UseDefaults":{"type":"boolean"} }, - "documentation":"Amazon Cognito Federated Identities

Amazon Cognito Federated Identities is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. It uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.

Using Amazon Cognito Federated Identities, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon) or an Amazon Cognito user pool, and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.

For a description of the authentication flow from the Amazon Cognito Developer Guide see Authentication Flow.

For more information see Amazon Cognito Federated Identities.

" + "documentation":"Amazon Cognito Federated Identities

Amazon Cognito Federated Identities is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. It uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.

Using Amazon Cognito Federated Identities, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon) or an Amazon Cognito user pool, and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by Security Token Service (STS) to access temporary, limited-privilege Amazon Web Services credentials.

For a description of the authentication flow from the Amazon Cognito Developer Guide see Authentication Flow.

For more information see Amazon Cognito Federated Identities.

" } diff -pruN 2.23.6-1/awscli/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cognito-idp/2016-04-18/service-2.json 2.31.35-1/awscli/botocore/data/cognito-idp/2016-04-18/service-2.json --- 2.23.6-1/awscli/botocore/data/cognito-idp/2016-04-18/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-idp/2016-04-18/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"UserImportInProgressException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Adds additional user attributes to the user pool schema. Custom attributes can be mutable or immutable and have a custom: or dev: prefix. For more information, see Custom attributes.

You can also create custom attributes in the Schema parameter of CreateUserPool and UpdateUserPool. You can't delete custom attributes after you create them.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Adds additional user attributes to the user pool schema. Custom attributes can be mutable or immutable and have a custom: or dev: prefix. For more information, see Custom attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminAddUserToGroup":{ "name":"AdminAddUserToGroup", @@ -70,7 +70,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Confirms user sign-up as an administrator. Unlike ConfirmSignUp, your IAM credentials authorize user account confirmation. No confirmation code is required.

This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

To configure your user pool to require administrative confirmation of users, set AllowAdminCreateUserOnly to true in a CreateUserPool or UpdateUserPool request.

" + "documentation":"

Confirms user sign-up as an administrator.

This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

To configure your user pool to require administrative confirmation of users, set AllowAdminCreateUserOnly to true in a CreateUserPool or UpdateUserPool request.

" }, "AdminCreateUser":{ "name":"AdminCreateUser", @@ -98,7 +98,7 @@ {"shape":"UnsupportedUserStateException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Creates a new user in the specified user pool.

If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.

In either case, if the user has a password, they will be in the FORCE_CHANGE_PASSWORD state until they sign in and set their password. Your invitation message template must have the {####} password placeholder if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito doesn't deliver the invitation message. In this case, you must update your message template and resend the password with a new AdminCreateUser request with a MessageAction value of RESEND.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates a new user in the specified user pool.

If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.

In either case, if the user has a password, they will be in the FORCE_CHANGE_PASSWORD state until they sign in and set their password. Your invitation message template must have the {####} password placeholder if your users have passwords. If your template doesn't have this placeholder, Amazon Cognito doesn't deliver the invitation message. In this case, you must update your message template and resend the password with a new AdminCreateUser request with a MessageAction value of RESEND.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminDeleteUser":{ "name":"AdminDeleteUser", @@ -133,7 +133,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have this attribute.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Deletes attribute values from a user. This operation doesn't affect tokens for existing user sessions. The next ID token that the user receives will no longer have the deleted attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminDisableProviderForUser":{ "name":"AdminDisableProviderForUser", @@ -152,7 +152,7 @@ {"shape":"AliasExistsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account. See AdminLinkProviderForUser.

The ProviderName must match the value specified when creating an IdP for the pool.

To deactivate a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject. The ProviderAttributeValue must be the name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account.

The value of ProviderName must match the name of a user pool IdP.

To deactivate a local user, set ProviderName to Cognito and the ProviderAttributeName to Cognito_Subject. The ProviderAttributeValue must be user's local username.

The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. This is also true if the linking was done with ProviderAttributeName set to Cognito_Subject. If the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the NameID from their SAML assertion.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminDisableUser":{ "name":"AdminDisableUser", @@ -188,7 +188,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Activate sign-in for a user profile that previously had sign-in access disabled.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Activates sign-in for a user profile that previously had sign-in access disabled.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminForgetDevice":{ "name":"AdminForgetDevice", @@ -224,7 +224,7 @@ {"shape":"InternalErrorException"}, {"shape":"NotAuthorizedException"} ], - "documentation":"

Given the device key, returns details for a user' device. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given the device key, returns details for a user's device. For more information, see Working with devices.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminGetUser":{ "name":"AdminGetUser", @@ -242,7 +242,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Given the username, returns details about a user profile in a user pool. This operation contributes to your monthly active user (MAU) count for the purpose of billing. You can specify alias attributes in the Username parameter.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a username, returns details about a user profile in a user pool. You can specify alias attributes in the Username request parameter.

This operation contributes to your monthly active user (MAU) count for the purpose of billing.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminInitiateAuth":{ "name":"AdminInitiateAuth", @@ -254,6 +254,7 @@ "output":{"shape":"AdminInitiateAuthResponse"}, "errors":[ {"shape":"ResourceNotFoundException"}, + {"shape":"UnsupportedOperationException"}, {"shape":"InvalidParameterException"}, {"shape":"NotAuthorizedException"}, {"shape":"TooManyRequestsException"}, @@ -290,7 +291,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account.

For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.

The maximum number of federated identities linked to a user is five.

Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Links an existing user account in a user pool, or DestinationUser, to an identity from an external IdP, or SourceUser, based on a specified attribute name and value from the external IdP.

This operation connects a local user profile with a user identity who hasn't yet signed in from their third-party IdP. When the user signs in with their IdP, they get access-control configuration from the local user profile. Linked local users can also sign in with SDK-based API operations like InitiateAuth after they sign in at least once through their IdP. For more information, see Linking federated users.

The maximum number of federated identities linked to a user is five.

Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminListDevices":{ "name":"AdminListDevices", @@ -362,7 +363,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Given a username and a group name. removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a username and a group name, removes them from the group. User pool groups are identifiers that you can reference from the contents of ID and access tokens, and set preferred IAM roles for identity-pool authentication. For more information, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminResetUserPassword":{ "name":"AdminResetUserPassword", @@ -387,7 +388,7 @@ {"shape":"InvalidSmsRoleTrustRelationshipException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code. This operation is the administrative authentication API equivalent to ForgotPassword.

This operation deactivates a user's password, requiring them to change it. If a user tries to sign in after the API request, Amazon Cognito responds with a PasswordResetRequiredException error. Your app must then complete the forgot-password flow by prompting the user for their code and a new password, then submitting those values in a ConfirmForgotPassword request. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.

To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Begins the password reset process. Sets the requested user’s account into a RESET_REQUIRED status, and sends them a password-reset code. Your user pool also sends the user a notification with a reset code and the information that their password has been reset. At sign-in, your application or the managed login session receives a challenge to complete the reset by confirming the code and setting a new password.

To use this API operation, your user pool must have self-service account recovery configured.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminRespondToAuthChallenge":{ "name":"AdminRespondToAuthChallenge", @@ -440,7 +441,7 @@ {"shape":"UserNotConfirmedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.

This operation doesn't reset an existing TOTP MFA for a user. To register a new TOTP factor for a user, make an AssociateSoftwareToken request. For more information, see TOTP software token MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminSetUserPassword":{ "name":"AdminSetUserPassword", @@ -477,7 +478,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminUpdateAuthEventFeedback":{ "name":"AdminUpdateAuthEventFeedback", @@ -496,7 +497,7 @@ {"shape":"UserPoolAddOnNotEnabledException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminUpdateDeviceStatus":{ "name":"AdminUpdateDeviceStatus", @@ -540,7 +541,7 @@ {"shape":"InvalidEmailRoleAccessPolicyException"}, {"shape":"InvalidSmsRoleTrustRelationshipException"} ], - "documentation":"

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.

For custom attributes, you must prepend the custom: prefix to the attribute name.

This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools that require verification of these attributes. To do this, set the email_verified or phone_number_verified attribute to true.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

This operation can set a user's email address or phone number as verified and permit immediate sign-in in user pools that require verification of these attributes. To do this, set the email_verified or phone_number_verified attribute to true.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

" }, "AdminUserGlobalSignOut":{ "name":"AdminUserGlobalSignOut", @@ -577,7 +578,7 @@ {"shape":"SoftwareTokenMFANotFoundException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs in. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.

After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", + "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -603,7 +604,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Changes the password for a specified user in a user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Changes the password for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -629,7 +630,7 @@ {"shape":"WebAuthnOriginNotAllowedException"}, {"shape":"WebAuthnCredentialNotSupportedException"} ], - "documentation":"

Completes registration of a passkey authenticator for the current user. Your application provides data from a successful registration request with the data from the output of a StartWebAuthnRegistration.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", + "documentation":"

Completes registration of a passkey authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -654,6 +655,7 @@ {"shape":"UserNotFoundException"}, {"shape":"UserNotConfirmedException"}, {"shape":"InternalErrorException"}, + {"shape":"DeviceKeyExistsException"}, {"shape":"ForbiddenException"} ], "documentation":"

Confirms a device that a user wants to remember. A remembered device is a \"Remember me on this device\" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", @@ -716,7 +718,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool via the SignUp API operation. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.

Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users, users created with the AdminCreateUser API operation, confirm their accounts when they respond to their invitation email message and choose a password. They do not receive a confirmation code. Instead, they receive a temporary password.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.

Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -737,7 +739,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Creates a new group in the specified user pool. For more information about user pool groups see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates a new group in the specified user pool. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "CreateIdentityProvider":{ "name":"CreateIdentityProvider", @@ -776,7 +778,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.

Provides values for UI customization in a Settings JSON object and image files in an Assets array. To send the JSON object Document type parameter in Settings, you might need to update to the most recent version of your Amazon Web Services SDK. To create a new style with default settings, set UseCognitoProvidedValues to true and don't provide values for any other options.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

As a best practice, modify the output of DescribeManagedLoginBrandingByClient into the request parameters for this operation. To get all settings, set ReturnMergedResources to true. For more information, see API and SDK operations for managed login branding.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array. To send the JSON object Document type parameter in Settings, you might need to update to the most recent version of your Amazon Web Services SDK. To create a new style with default settings, set UseCognitoProvidedValues to true and don't provide values for any other options.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "CreateResourceServer":{ "name":"CreateResourceServer", @@ -796,6 +798,26 @@ ], "documentation":"

Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, + "CreateTerms":{ + "name":"CreateTerms", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateTermsRequest"}, + "output":{"shape":"CreateTermsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"TermsExistsException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"LimitExceededException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Creates terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + }, "CreateUserImportJob":{ "name":"CreateUserImportJob", "http":{ @@ -813,7 +835,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill. To generate a template for your import, see GetCSVHeader. To learn more about CSV import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates a user import job. You can import users into user pools from a comma-separated values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services bill.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "CreateUserPool":{ "name":"CreateUserPool", @@ -836,7 +858,7 @@ {"shape":"TierChangeNotAllowedException"}, {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options. You can create a user pool in the Amazon Cognito console to your preferences and use the output of DescribeUserPool to generate requests from that baseline.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration options.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "CreateUserPoolClient":{ "name":"CreateUserPoolClient", @@ -854,9 +876,10 @@ {"shape":"NotAuthorizedException"}, {"shape":"ScopeDoesNotExistException"}, {"shape":"InvalidOAuthFlowException"}, - {"shape":"InternalErrorException"} + {"shape":"InternalErrorException"}, + {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

Creates an app client in a user pool. This operation sets basic and advanced configuration options. You can create an app client in the Amazon Cognito console to your preferences and use the output of DescribeUserPoolClient to generate requests from that baseline.

New app clients activate token revocation by default. For more information about revoking tokens, see RevokeToken.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Creates an app client in a user pool. This operation sets basic and advanced configuration options.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "CreateUserPoolDomain":{ "name":"CreateUserPoolDomain", @@ -869,12 +892,13 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"NotAuthorizedException"}, + {"shape":"ConcurrentModificationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"LimitExceededException"}, {"shape":"InternalErrorException"}, {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "DeleteGroup":{ "name":"DeleteGroup", @@ -943,6 +967,23 @@ ], "documentation":"

Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server.

Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, + "DeleteTerms":{ + "name":"DeleteTerms", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteTermsRequest"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Deletes the terms documents with the requested ID from your app client.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + }, "DeleteUser":{ "name":"DeleteUser", "http":{ @@ -961,7 +1002,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Self-deletes a user profile. A deleted user profile can no longer be used to sign in and can't be restored.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -984,7 +1025,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Self-deletes attributes for a user. For example, your application can submit a request to this operation when a user wants to remove their birthdate attribute value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Deletes attributes from the currently signed-in user. For example, your application can submit a request to this operation when a user wants to remove their birthdate attribute value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1003,7 +1044,7 @@ {"shape":"UserImportInProgressException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.

" + "documentation":"

Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications.

When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance.

Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted.

" }, "DeleteUserPoolClient":{ "name":"DeleteUserPoolClient", @@ -1033,6 +1074,7 @@ "errors":[ {"shape":"NotAuthorizedException"}, {"shape":"InvalidParameterException"}, + {"shape":"ConcurrentModificationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalErrorException"} ], @@ -1050,10 +1092,12 @@ {"shape":"ForbiddenException"}, {"shape":"InternalErrorException"}, {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"LimitExceededException"}, {"shape":"NotAuthorizedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Deletes a registered passkey, or webauthN, authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1143,6 +1187,23 @@ ], "documentation":"

Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection.

" }, + "DescribeTerms":{ + "name":"DescribeTerms", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeTermsRequest"}, + "output":{"shape":"DescribeTermsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Returns details for the requested terms documents ID. For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + }, "DescribeUserImportJob":{ "name":"DescribeUserImportJob", "http":{ @@ -1230,7 +1291,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Forgets the specified device. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1259,7 +1320,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the password, call ConfirmForgotPassword.

If neither a verified phone number nor a verified email exists, this API returns InvalidParameterException. If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.

To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "documentation":"

Sends a password-reset confirmation code to the email address or phone number of the requested username. The message delivery method is determined by the user's available attributes and the AccountRecoverySetting configuration of the user pool.

For the Username parameter, you can use the username or an email, phone, or preferred username alias.

If neither a verified phone number nor a verified email exists, Amazon Cognito responds with an InvalidParameterException error . If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1278,7 +1339,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.

" + "documentation":"

Given a user pool ID, generates a comma-separated value (CSV) list populated with available user attributes in the user pool. This list is the header for the CSV file that determines the users in a user import job. Save the content of CSVHeader in the response as a .csv file and populate it with the usernames and attributes of users that you want to import. For more information about CSV user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "GetDevice":{ "name":"GetDevice", @@ -1300,7 +1361,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Gets the device. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1319,7 +1380,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets a group.

Calling this action requires developer credentials.

" + "documentation":"

Given a user pool ID and a group name, returns information about the user group.

For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "GetIdentityProviderByIdentifier":{ "name":"GetIdentityProviderByIdentifier", @@ -1336,7 +1397,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets the specified IdP.

" + "documentation":"

Given the identifier of an identity provider (IdP), for example examplecorp, returns information about the user pool configuration for that IdP. For more information about IdPs, see Third-party IdP sign-in.

" }, "GetLogDeliveryConfiguration":{ "name":"GetLogDeliveryConfiguration", @@ -1353,7 +1414,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets the logging configuration of a user pool.

" + "documentation":"

Given a user pool ID, returns the logging configuration. User pools can export message-delivery error and threat-protection activity logs to external Amazon Web Services services. For more information, see Exporting user pool logs.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "GetSigningCertificate":{ "name":"GetSigningCertificate", @@ -1368,7 +1429,32 @@ {"shape":"InvalidParameterException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

This method takes a user pool ID, and returns the signing certificate. The issued certificate is valid for 10 years from the date of issue.

Amazon Cognito issues and assigns a new signing certificate annually. This process returns a new value in the response to GetSigningCertificate, but doesn't invalidate the original certificate.

" + "documentation":"

Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to GetSigningCertificate, but doesn't invalidate the original certificate.

For more information, see Signing SAML requests.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + }, + "GetTokensFromRefreshToken":{ + "name":"GetTokensFromRefreshToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTokensFromRefreshTokenRequest"}, + "output":{"shape":"GetTokensFromRefreshTokenResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UserNotFoundException"}, + {"shape":"UnexpectedLambdaException"}, + {"shape":"UserLambdaValidationException"}, + {"shape":"InvalidLambdaResponseException"}, + {"shape":"ForbiddenException"}, + {"shape":"RefreshTokenReuseException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Given a refresh token, issues new ID, access, and optionally refresh tokens for the user who owns the submitted token. This operation issues a new refresh token and invalidates the original refresh token after an optional grace period when refresh token rotation is enabled. If refresh token rotation is disabled, issues new ID and access tokens only.

", + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "GetUICustomization":{ "name":"GetUICustomization", @@ -1385,7 +1471,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client. If nothing is set for the particular client, but there is an existing pool level customization (the app clientId is ALL), then that information is returned. If nothing is present, then an empty shape is returned.

" + "documentation":"

Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding.

" }, "GetUser":{ "name":"GetUser", @@ -1406,7 +1492,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Gets the user attributes and metadata for a user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Gets user attributes and and MFA settings for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1437,7 +1523,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "documentation":"

Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1460,7 +1546,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Lists the authentication options for the currently signed-in user. Returns the following:

  1. The user's multi-factor authentication (MFA) preferences.

  2. The user's options in the USER_AUTH flow that they can select in a SELECT_CHALLENGE response or request in a PREFERRED_CHALLENGErequest.

", + "documentation":"

Lists the authentication options for the currently signed-in user. Returns the following:

  1. The user's multi-factor authentication (MFA) preferences.

  2. The user's options for choice-based authentication with the USER_AUTH flow.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1479,7 +1565,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Gets the user pool multi-factor authentication (MFA) configuration.

" + "documentation":"

Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:

  • The WebAuthn relying party (RP) ID and user-verification settings.

  • The required, optional, or disabled state of MFA for all user pool users.

  • The message templates for email and SMS MFA.

  • The enabled or disabled state of time-based one-time password (TOTP) MFA.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "GlobalSignOut":{ "name":"GlobalSignOut", @@ -1512,6 +1598,7 @@ "input":{"shape":"InitiateAuthRequest"}, "output":{"shape":"InitiateAuthResponse"}, "errors":[ + {"shape":"UnsupportedOperationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterException"}, {"shape":"NotAuthorizedException"}, @@ -1529,7 +1616,7 @@ {"shape":"InvalidSmsRoleTrustRelationshipException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Adding user pool sign-in through a third party.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "documentation":"

Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito user directory. Amazon Cognito might respond with an additional challenge or an AuthenticationResult that contains the outcome of a successful authentication. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Authentication.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1553,7 +1640,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Lists the sign-in devices that Amazon Cognito has registered to the current user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1572,7 +1659,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the groups associated with a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, returns user pool groups and their details.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListIdentityProviders":{ "name":"ListIdentityProviders", @@ -1589,7 +1676,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists information about all IdPs for a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, returns information about configured identity providers (IdPs). For more information about IdPs, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListResourceServers":{ "name":"ListResourceServers", @@ -1606,7 +1693,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the resource servers for a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, returns all resource servers and their details. For more information about resource servers, see Access control with resource servers.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1623,7 +1710,24 @@ {"shape":"InvalidParameterException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the tags that are assigned to an Amazon Cognito user pool.

A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.

You can use this action up to 10 times per second, per account.

" + "documentation":"

Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources.

" + }, + "ListTerms":{ + "name":"ListTerms", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTermsRequest"}, + "output":{"shape":"ListTermsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Returns details about all terms documents for the requested user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListUserImportJobs":{ "name":"ListUserImportJobs", @@ -1640,7 +1744,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists user import jobs for a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, returns user import jobs and their details. Import jobs are retained in user pool configuration so that you can stage, stop, start, review, and delete them. For more information about user import, see Importing users from a CSV file.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListUserPoolClients":{ "name":"ListUserPoolClients", @@ -1657,7 +1761,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the clients that have been created for the specified user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, lists app clients. App clients are sets of rules for the access that you want a user pool to grant to one application. For more information, see App clients.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListUserPools":{ "name":"ListUserPools", @@ -1673,7 +1777,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the user pools associated with an Amazon Web Services account.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Lists user pools and their details in the current Amazon Web Services account.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListUsers":{ "name":"ListUsers", @@ -1690,7 +1794,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists users and their basic details in a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID, returns a list of users and their basic details in a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListUsersInGroup":{ "name":"ListUsersInGroup", @@ -1707,7 +1811,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Lists the users in the specified group.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool ID and a group name, returns a list of users in the group. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "ListWebAuthnCredentials":{ "name":"ListWebAuthnCredentials", @@ -1721,9 +1825,11 @@ {"shape":"ForbiddenException"}, {"shape":"InternalErrorException"}, {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"LimitExceededException"}, {"shape":"NotAuthorizedException"} ], - "documentation":"

Generates a list of the current user's registered passkey, or webauthN, credentials.

", + "documentation":"

Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1752,7 +1858,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Resends the confirmation (for confirmation of registration) to a specific user in the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "documentation":"

Resends the code that confirms a new account for a user who has signed up in your user pool. Amazon Cognito sends confirmation codes to the user attribute in the AutoVerifiedAttributes property of your user pool. When you prompt new users for the confirmation code, include a \"Resend code\" option that generates a call to this API operation.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1830,7 +1936,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.

" + "documentation":"

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

" }, "SetRiskConfiguration":{ "name":"SetRiskConfiguration", @@ -1850,7 +1956,7 @@ {"shape":"InvalidEmailRoleAccessPolicyException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Configures actions on detected risks. To delete the risk configuration for UserPoolId or ClientId, pass null values for all four configuration types.

To activate Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns keyAdvancedSecurityMode.

" + "documentation":"

Configures threat protection for a user pool or app client. Sets configuration for the following.

  • Responses to risks with adaptive authentication

  • Responses to vulnerable passwords with compromised-credentials detection

  • Notifications to users who have had risky activity detected

  • IP-address denylist and allowlist

To set the risk configuration for the user pool to defaults, send this request with only the UserPoolId parameter. To reset the threat protection settings of an app client to be inherited from the user pool, send UserPoolId and ClientId parameters only. To change threat protection to audit-only or off, update the value of UserPoolAddOns in an UpdateUserPool request. To activate this setting, your user pool must be on the Plus tier.

" }, "SetUICustomization":{ "name":"SetUICustomization", @@ -1867,7 +1973,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Sets the user interface (UI) customization information for a user pool's built-in app UI.

You can specify app UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to ALL). If you specify ALL, the default configuration is used for every client that has no previously set UI customization. If you specify UI customization settings for a particular client, it will no longer return to the ALL configuration.

To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.

" + "documentation":"

Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .

Set the default configuration for all clients with a ClientId of ALL. When the ClientId value is an app client ID, the settings you pass in this request apply to that app client and override the default ALL configuration.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "SetUserMFAPreference":{ "name":"SetUserMFAPreference", @@ -1887,7 +1993,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

This operation doesn't reset an existing TOTP MFA for a user. To register a new TOTP factor for a user, make an AssociateSoftwareToken request. For more information, see TOTP software token MFA.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1910,7 +2016,7 @@ {"shape":"InternalErrorException"}, {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

Sets the user pool multi-factor authentication (MFA) and passkey configuration.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

" + "documentation":"

Sets user pool multi-factor authentication (MFA) and passkey configuration. For more information about user pool MFA, see Adding MFA. For more information about WebAuthn passkeys see Authentication flows.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

" }, "SetUserSettings":{ "name":"SetUserSettings", @@ -1930,7 +2036,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use SetUserMFAPreference instead.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1960,7 +2066,7 @@ {"shape":"CodeDeliveryFailureException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Registers the user in the specified user pool and creates a user name, password, and user attributes.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

You might receive a LimitExceeded exception in response to this request if you have exceeded a rate quota for email or SMS messages, and if your user pool automatically verifies email addresses or phone numbers. When you get this exception in the response, the user is successfully created and is in an UNCONFIRMED state. You can send a new code with the ResendConfirmationCode request, or confirm the user as an administrator with an AdminConfirmSignUp request.

", + "documentation":"

Registers a user with an app client and requests a user name, password, and user attributes in the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

You might receive a LimitExceeded exception in response to this request if you have exceeded a rate quota for email or SMS messages, and if your user pool automatically verifies email addresses or phone numbers. When you get this exception in the response, the user is successfully created and is in an UNCONFIRMED state.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -1980,7 +2086,7 @@ {"shape":"PreconditionNotMetException"}, {"shape":"NotAuthorizedException"} ], - "documentation":"

Starts the user import.

" + "documentation":"

Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

" }, "StartWebAuthnRegistration":{ "name":"StartWebAuthnRegistration", @@ -2000,7 +2106,7 @@ {"shape":"WebAuthnNotEnabledException"}, {"shape":"WebAuthnConfigurationMissingException"} ], - "documentation":"

Requests credential creation options from your user pool for registration of a passkey authenticator. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.

After users present this data and register with their passkey provider, return the response to your user pool in a CompleteWebAuthnRegistration API request.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", + "documentation":"

Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -2020,7 +2126,7 @@ {"shape":"PreconditionNotMetException"}, {"shape":"NotAuthorizedException"} ], - "documentation":"

Stops the user import job.

" + "documentation":"

Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file.

" }, "TagResource":{ "name":"TagResource", @@ -2054,7 +2160,7 @@ {"shape":"InvalidParameterException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account.

" + "documentation":"

Given tag IDs that you previously assigned to a user pool, removes them.

" }, "UpdateAuthEventFeedback":{ "name":"UpdateAuthEventFeedback", @@ -2073,7 +2179,7 @@ {"shape":"UserPoolAddOnNotEnabledException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.

This operation requires a FeedbackToken that Amazon Cognito generates and adds to notification emails when users have potentially suspicious authentication events. Users invoke this operation when they select the link that corresponds to {one-click-link-valid} or {one-click-link-invalid} in your notification template. Because FeedbackToken is a required parameter, you can't make requests to UpdateAuthEventFeedback without the contents of the notification email message.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -2097,7 +2203,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Updates the device status. For more information about device authentication, see Working with user devices in your user pool.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a \"remember me\" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -2116,7 +2222,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Updates the specified group with the specified attributes.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given the name of a user pool group, updates any of the properties for precedence, IAM role, or description. For more information about user pool groups, see Adding groups to a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateIdentityProvider":{ "name":"UpdateIdentityProvider", @@ -2135,7 +2241,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Updates IdP information for a user pool.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Modifies the configuration and trust relationship between a third-party identity provider (IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers through managed login and OIDC relying-party libraries. For more information, see Third-party IdP sign-in.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateManagedLoginBranding":{ "name":"UpdateManagedLoginBranding", @@ -2153,7 +2259,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding designer.

Provides values for UI customization in a Settings JSON object and image files in an Assets array.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

As a best practice, modify the output of DescribeManagedLoginBrandingByClient into the request parameters for this operation. To get all settings, set ReturnMergedResources to true. For more information, see API and SDK operations for managed login branding

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding editor.

Provides values for UI customization in a Settings JSON object and image files in an Assets array.

This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateResourceServer":{ "name":"UpdateResourceServer", @@ -2170,7 +2276,26 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Updates the name and scopes of resource server. All other fields are read-only.

If you don't provide a value for an attribute, it is set to the default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Updates the name and scopes of a resource server. All other fields are read-only. For more information about resource servers, see Access control with resource servers.

If you don't provide a value for an attribute, it is set to the default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + }, + "UpdateTerms":{ + "name":"UpdateTerms", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateTermsRequest"}, + "output":{"shape":"UpdateTermsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"TermsExistsException"}, + {"shape":"InvalidParameterException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotAuthorizedException"}, + {"shape":"InternalErrorException"} + ], + "documentation":"

Modifies existing terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.

You can provide URLs for terms documents in the languages that are supported by managed login localization. Amazon Cognito directs users to the terms documents for their current language, with fallback to default if no document exists for the language.

Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.

For more information, see Terms documents.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateUserAttributes":{ "name":"UpdateUserAttributes", @@ -2201,7 +2326,7 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "documentation":"

Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.

For custom attributes, you must add a custom: prefix to the attribute name, for example custom:department.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -2228,7 +2353,7 @@ {"shape":"TierChangeNotAllowedException"}, {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your user pool, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateUserPoolClient":{ "name":"UpdateUserPoolClient", @@ -2246,9 +2371,10 @@ {"shape":"NotAuthorizedException"}, {"shape":"ScopeDoesNotExistException"}, {"shape":"InvalidOAuthFlowException"}, - {"shape":"InternalErrorException"} + {"shape":"InternalErrorException"}, + {"shape":"FeatureUnavailableInTierException"} ], - "documentation":"

Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using DescribeUserPoolClient.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see RevokeToken.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

Given a user pool app client ID, updates the configuration. To avoid setting parameters to Amazon Cognito defaults, construct this API request to pass the existing configuration of your app client, modified to include the changes that you want to make.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "UpdateUserPoolDomain":{ "name":"UpdateUserPoolDomain", @@ -2261,6 +2387,7 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"NotAuthorizedException"}, + {"shape":"ConcurrentModificationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, {"shape":"InternalErrorException"}, @@ -2292,7 +2419,7 @@ {"shape":"CodeMismatchException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Registers the current user's time-based one-time password (TOTP) authenticator with a code generated in their authenticator app from a private key that's supplied by your user pool. Marks the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -2319,7 +2446,7 @@ {"shape":"AliasExistsException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Verifies the specified user attributes in the user pool.

If your user pool requires verification before Amazon Cognito updates the attribute value, VerifyUserAttribute updates the affected attribute to its pending value. For more information, see UserAttributeUpdateSettingsType.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Submits a verification code for a signed-in user who has added or changed a value of an auto-verified attribute. When successful, the user's attribute becomes verified and the attribute email_verified or phone_number_verified becomes true.

If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.

Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] } @@ -2343,7 +2470,7 @@ "documentation":"

The list of options and priorities for user message delivery in forgot-password operations. Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators.

" } }, - "documentation":"

The settings for user message delivery in forgot-password operations. Contains preference for email or SMS message delivery of password reset codes, or for admin-only password reset.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The settings for user message delivery in forgot-password operations. Contains preference for email or SMS message delivery of password reset codes, or for admin-only password reset.

" }, "AccountTakeoverActionNotifyType":{"type":"boolean"}, "AccountTakeoverActionType":{ @@ -2362,25 +2489,25 @@ "documentation":"

The action to take for the attempted account takeover action for the associated risk level. Valid values are as follows:

  • BLOCK: Block the request.

  • MFA_IF_CONFIGURED: Present an MFA challenge if possible. MFA is possible if the user pool has active MFA methods that the user can set up. For example, if the user pool only supports SMS message MFA but the user doesn't have a phone number attribute, MFA setup isn't possible. If MFA setup isn't possible, allow the request.

  • MFA_REQUIRED: Present an MFA challenge if possible. Block the request if a user hasn't set up MFA. To sign in with required MFA, users must have an email address or phone number attribute, or a registered TOTP factor.

  • NO_ACTION: Take no action. Permit sign-in.

" } }, - "documentation":"

The automated response to a risk level for adaptive authentication in full-function, or ENFORCED, mode. You can assign an action to each risk level that advanced security features evaluates.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

The automated response to a risk level for adaptive authentication in full-function, or ENFORCED, mode. You can assign an action to each risk level that threat protection evaluates.

" }, "AccountTakeoverActionsType":{ "type":"structure", "members":{ "LowAction":{ "shape":"AccountTakeoverActionType", - "documentation":"

The action that you assign to a low-risk assessment by advanced security features.

" + "documentation":"

The action that you assign to a low-risk assessment by threat protection.

" }, "MediumAction":{ "shape":"AccountTakeoverActionType", - "documentation":"

The action that you assign to a medium-risk assessment by advanced security features.

" + "documentation":"

The action that you assign to a medium-risk assessment by threat protection.

" }, "HighAction":{ "shape":"AccountTakeoverActionType", - "documentation":"

The action that you assign to a high-risk assessment by advanced security features.

" + "documentation":"

The action that you assign to a high-risk assessment by threat protection.

" } }, - "documentation":"

A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection features.

" }, "AccountTakeoverEventActionType":{ "type":"string", @@ -2397,14 +2524,14 @@ "members":{ "NotifyConfiguration":{ "shape":"NotifyConfigurationType", - "documentation":"

The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in AccountTakeoverRiskConfiguration, Amazon Cognito sends an email message using the method and template that you set with this data type.

" + "documentation":"

The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in AccountTakeoverRiskConfiguration, Amazon Cognito sends an email message using the method and template that you set with this data type.

" }, "Actions":{ "shape":"AccountTakeoverActionsType", - "documentation":"

A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features.

" + "documentation":"

A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection.

" } }, - "documentation":"

The settings for automated responses and notification templates for adaptive authentication with advanced security features.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

The settings for automated responses and notification templates for adaptive authentication with threat protection features.

" }, "AddCustomAttributesRequest":{ "type":"structure", @@ -2426,8 +2553,7 @@ }, "AddCustomAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server for the request to add custom attributes.

" }, "AdminAddUserToGroupRequest":{ @@ -2444,7 +2570,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "GroupName":{ "shape":"GroupNameType", @@ -2465,19 +2591,18 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the clientMetadata attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the clientMetadata attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Confirm a user's registration as a user pool administrator.

" }, "AdminConfirmSignUpResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server for the request to confirm registration.

" }, "AdminCreateUserConfigType":{ @@ -2485,18 +2610,18 @@ "members":{ "AllowAdminCreateUserOnly":{ "shape":"BooleanType", - "documentation":"

The setting for allowing self-service sign-up. When true, only administrators can create new user profiles. When false, users can register themselves and create a new user profile with the SignUp operation.

" + "documentation":"

The setting for allowing self-service sign-up. When true, only administrators can create new user profiles. When false, users can register themselves and create a new user profile with the SignUp operation.

" }, "UnusedAccountValidityDays":{ "shape":"AdminCreateUserUnusedAccountValidityDaysType", - "documentation":"

This parameter is no longer in use. Configure the duration of temporary passwords with the TemporaryPasswordValidityDays parameter of PasswordPolicyType. For older user pools that have a UnusedAccountValidityDays configuration, that value is effective until you set a value for TemporaryPasswordValidityDays.

The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call AdminCreateUser again, specifying RESEND for the MessageAction parameter.

The default value for this parameter is 7.

" + "documentation":"

This parameter is no longer in use.

The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call AdminCreateUser again, specifying RESEND for the MessageAction parameter.

The default value for this parameter is 7.

" }, "InviteMessageTemplate":{ "shape":"MessageTemplateType", "documentation":"

The template for the welcome message to new users. This template must include the {####} temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder.

See also Customizing User Invitation Messages.

" } }, - "documentation":"

The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.

" }, "AdminCreateUserRequest":{ "type":"structure", @@ -2515,15 +2640,15 @@ }, "UserAttributes":{ "shape":"AttributeListType", - "documentation":"

An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) either you should supply (in your call to AdminCreateUser) or the user should supply (when they sign up in response to your welcome message).

For custom attributes, you must prepend the custom: prefix to the attribute name.

To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.

You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a TemporaryPassword.

In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. You can also do this by calling AdminUpdateUserAttributes.

  • email: The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified attribute is set to True, or if \"EMAIL\" is specified in the DesiredDeliveryMediums parameter.

  • phone_number: The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified attribute is set to True, or if \"SMS\" is specified in the DesiredDeliveryMediums parameter.

" + "documentation":"

An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) either you should supply (in your call to AdminCreateUser) or the user should supply (when they sign up in response to your welcome message).

For custom attributes, you must prepend the custom: prefix to the attribute name.

To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.

You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a TemporaryPassword.

In your AdminCreateUser request, you can set the email_verified and phone_number_verified attributes to true. The following conditions apply:

email

The email address where you want the user to receive their confirmation code and username. You must provide a value for email when you want to set email_verified to true, or if you set EMAIL in the DesiredDeliveryMediums parameter.

phone_number

The phone number where you want the user to receive their confirmation code and username. You must provide a value for phone_number when you want to set phone_number_verified to true, or if you set SMS in the DesiredDeliveryMediums parameter.

" }, "ValidationData":{ "shape":"AttributeListType", - "documentation":"

Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.

Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.

For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.

" + "documentation":"

Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.

Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.

For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.

" }, "TemporaryPassword":{ "shape":"PasswordType", - "documentation":"

The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.

The exception to the requirement for a password is when your user pool supports passwordless sign-in with email or SMS OTPs. To create a user with no password, omit this parameter or submit a blank value. You can only create a passwordless user when passwordless sign-in is available. See the SignInPolicyType property of CreateUserPool and UpdateUserPool.

The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page, along with a new password to be used in all future sign-ins.

If you don't specify a value, Amazon Cognito generates one for you unless you have passwordless options active for your user pool.

The temporary password can only be used until the user account expiration limit that you set for your user pool. To reset the account after that time limit, you must call AdminCreateUser again and specify RESEND for the MessageAction parameter.

" + "documentation":"

The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.

The exception to the requirement for a password is when your user pool supports passwordless sign-in with email or SMS OTPs. To create a user with no password, omit this parameter or submit a blank value. You can only create a passwordless user when passwordless sign-in is available.

The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page, along with a new password to be used in all future sign-ins.

If you don't specify a value, Amazon Cognito generates one for you unless you have passwordless options active for your user pool.

The temporary password can only be used until the user account expiration limit that you set for your user pool. To reset the account after that time limit, you must call AdminCreateUser again and specify RESEND for the MessageAction parameter.

" }, "ForceAliasCreation":{ "shape":"ForceAliasCreation", @@ -2539,7 +2664,7 @@ }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a ClientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the pre sign-up trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a ClientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Creates a new user in the specified user pool.

" @@ -2573,7 +2698,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "UserAttributeNames":{ "shape":"AttributeNameListType", @@ -2584,8 +2709,7 @@ }, "AdminDeleteUserAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response received from the server for a request to delete user attributes.

" }, "AdminDeleteUserRequest":{ @@ -2601,7 +2725,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

Represents the request to delete a user as an administrator.

" @@ -2625,8 +2749,7 @@ }, "AdminDisableProviderForUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AdminDisableUserRequest":{ "type":"structure", @@ -2641,15 +2764,14 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

Represents the request to disable the user as an administrator.

" }, "AdminDisableUserResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response received from the server to disable the user as an administrator.

" }, "AdminEnableUserRequest":{ @@ -2665,15 +2787,14 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

Represents the request that enables the user as an administrator.

" }, "AdminEnableUserResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server for the request to enable a user as an administrator.

" }, "AdminForgetDeviceRequest":{ @@ -2690,11 +2811,11 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "DeviceKey":{ "shape":"DeviceKeyType", - "documentation":"

The key ID of the device that you want to delete. You can get device keys in the response to an AdminListDevices request.

" + "documentation":"

The key ID of the device that you want to delete.

" } }, "documentation":"

Sends the forgot device request, as an administrator.

" @@ -2709,7 +2830,7 @@ "members":{ "DeviceKey":{ "shape":"DeviceKeyType", - "documentation":"

The key of the device that you want to delete. You can get device IDs in the response to an AdminListDevices request.

" + "documentation":"

The key of the device that you want to delete.

" }, "UserPoolId":{ "shape":"UserPoolIdType", @@ -2717,7 +2838,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

Represents the request to get the device, as an administrator.

" @@ -2746,7 +2867,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

Represents the request to get the specified user as an administrator.

" @@ -2773,7 +2894,7 @@ }, "Enabled":{ "shape":"BooleanType", - "documentation":"

Indicates whether the user is activated for sign-in. The AdminDisableUser and AdminEnableUser API operations deactivate and activate user sign-in, respectively.

" + "documentation":"

Indicates whether the user is activated for sign-in.

" }, "UserStatus":{ "shape":"UserStatusType", @@ -2789,7 +2910,7 @@ }, "UserMFASettingList":{ "shape":"UserMFASettingListType", - "documentation":"

The MFA options that are activated for the user. The possible values in this list are SMS_MFA, EMAIL_OTP, and SOFTWARE_TOKEN_MFA. You can change the MFA preference for users who have more than one available MFA factor with AdminSetUserMFAPreference or SetUserMFAPreference.

" + "documentation":"

The MFA options that are activated for the user. The possible values in this list are SMS_MFA, EMAIL_OTP, and SOFTWARE_TOKEN_MFA.

" } }, "documentation":"

Represents the response from the server from the request to get the specified user as an administrator.

" @@ -2812,23 +2933,23 @@ }, "AuthFlow":{ "shape":"AuthFlowType", - "documentation":"

The authentication flow that you want to initiate. Each AuthFlow has linked AuthParameters that you must submit. The following are some example flows and their parameters.

  • USER_AUTH: Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response.

  • REFRESH_TOKEN_AUTH: Receive new ID and access tokens when you pass a REFRESH_TOKEN parameter with a valid refresh token as the value.

  • USER_SRP_AUTH: Receive secure remote password (SRP) variables for the next challenge, PASSWORD_VERIFIER, when you pass USERNAME and SRP_A parameters..

  • ADMIN_USER_PASSWORD_AUTH: Receive new tokens or the next challenge, for example SOFTWARE_TOKEN_MFA, when you pass USERNAME and PASSWORD parameters.

All flows

USER_AUTH

The entry point for sign-in with passwords, one-time passwords, and WebAuthN authenticators.

USER_SRP_AUTH

Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.

REFRESH_TOKEN_AUTH and REFRESH_TOKEN

Provide a valid refresh token and receive new ID and access tokens. For more information, see Using the refresh token.

CUSTOM_AUTH

Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.

ADMIN_USER_PASSWORD_AUTH

Username-password authentication with the password sent directly in the request. For more information, see Admin authentication flow.

USER_PASSWORD_AUTH is a flow type of InitiateAuth and isn't valid for AdminInitiateAuth.

" + "documentation":"

The authentication flow that you want to initiate. Each AuthFlow has linked AuthParameters that you must submit. The following are some example flows.

USER_AUTH

The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.

USER_SRP_AUTH

Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.

REFRESH_TOKEN_AUTH and REFRESH_TOKEN

Receive new ID and access tokens when you pass a REFRESH_TOKEN parameter with a valid refresh token as the value. For more information, see Using the refresh token.

CUSTOM_AUTH

Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.

ADMIN_USER_PASSWORD_AUTH

Server-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.

" }, "AuthParameters":{ "shape":"AuthParametersType", - "documentation":"

The authentication parameters. These are inputs corresponding to the AuthFlow that you're invoking. The required values depend on the value of AuthFlow:

  • For USER_AUTH: USERNAME (required), PREFERRED_CHALLENGE. If you don't provide a value for PREFERRED_CHALLENGE, Amazon Cognito responds with the AvailableChallenges parameter that specifies the available sign-in methods.

  • For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For ADMIN_USER_PASSWORD_AUTH: USERNAME (required), PASSWORD (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), DEVICE_KEY. To start the authentication flow with password verification, include ChallengeName: SRP_A and SRP_A: (The SRP_A Value).

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" + "documentation":"

The authentication parameters. These are inputs corresponding to the AuthFlow that you're invoking.

The following are some authentication flows and their parameters. Add a SECRET_HASH parameter if your app client has a client secret. Add DEVICE_KEY if you want to bypass multi-factor authentication with a remembered device.

USER_AUTH

  • USERNAME (required)

  • PREFERRED_CHALLENGE. If you don't provide a value for PREFERRED_CHALLENGE, Amazon Cognito responds with the AvailableChallenges parameter that specifies the available sign-in methods.

USER_SRP_AUTH

  • USERNAME (required)

  • SRP_A (required)

ADMIN_USER_PASSWORD_AUTH

  • USERNAME (required)

  • PASSWORD (required)

REFRESH_TOKEN_AUTH/REFRESH_TOKEN

  • REFRESH_TOKEN(required)

CUSTOM_AUTH

  • USERNAME (required)

  • ChallengeName: SRP_A (when preceding custom authentication with SRP authentication)

  • SRP_A: (An SRP_A value) (when preceding custom authentication with SRP authentication)

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:

  • Pre signup

  • Pre authentication

  • User migration

When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.

When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:

  • Post authentication

  • Custom message

  • Pre token generation

  • Create auth challenge

  • Define auth challenge

  • Custom email sender

  • Custom SMS sender

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:

  • Pre signup

  • Pre authentication

  • User migration

When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.

When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:

  • Post authentication

  • Custom message

  • Pre token generation

  • Create auth challenge

  • Define auth challenge

  • Custom email sender

  • Custom SMS sender

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The analytics metadata for collecting Amazon Pinpoint metrics.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "ContextData":{ "shape":"ContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "Session":{ "shape":"SessionType", @@ -2842,19 +2963,23 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a passkey, or webauthN, factor. These are typically biometric devices or security keys.

  • PASSWORD: Respond with USER_PASSWORD_AUTH parameters: USERNAME (required), PASSWORD (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • PASSWORD_SRP: Respond with USER_SRP_AUTH parameters: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • SELECT_CHALLENGE: Respond to the challenge with USERNAME and an ANSWER that matches one of the challenge types in the AvailableChallenges response parameter.

  • MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.

  • SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for SMS message MFA, EMAIL_OTP for email message MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.

  • SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an SMS message.

  • EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered in an email message.

  • PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.

  • DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.

  • DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.

  • ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.

    Amazon Cognito only returns this challenge for users who have temporary passwords. Because of this, and because in some cases you can create users who don't have values for required attributes, take care to collect and submit required-attribute values for all users who don't have passwords. You can create a user in the Amazon Cognito console without, for example, a required birthdate attribute. The API response from Amazon Cognito won't prompt you to submit a birthdate for the user if they don't have a password.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.

" + "documentation":"

The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that must be passed to challenge-response requests. If an AdminInitiateAuth or AdminRespondToAuthChallenge API request determines that the caller must pass another challenge, Amazon Cognito returns a session ID and the parameters of the next challenge. Pass this session Id in the Session parameter of AdminRespondToAuthChallenge.

" + "documentation":"

The session that must be passed to challenge-response requests. If an AdminInitiateAuth or AdminRespondToAuthChallenge API request results in another authentication challenge, Amazon Cognito returns a session ID and the parameters of the next challenge. Pass this session ID in the Session parameter of AdminRespondToAuthChallenge.

" }, "ChallengeParameters":{ "shape":"ChallengeParametersType", - "documentation":"

The challenge parameters. These are returned to you in the AdminInitiateAuth response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (AdminRespondToAuthChallenge).

All challenges require USERNAME and SECRET_HASH (if applicable).

The value of the USER_ID_FOR_SRP attribute is the user's actual username, not an alias (such as email address or phone number), even if you specified an alias in your call to AdminInitiateAuth. This happens because, in the AdminRespondToAuthChallenge API ChallengeResponses, the USERNAME attribute can't be an alias.

" + "documentation":"

The parameters of an authentication challenge. Amazon Cognito returns challenge parameters as a guide to the responses your user or application must provide for the returned ChallengeName. Calculate responses to the challenge parameters and pass them in the ChallengeParameters of AdminRespondToAuthChallenge.

All challenges require USERNAME and, when the app client has a client secret, SECRET_HASH.

In SRP challenges, Amazon Cognito returns the username attribute in USER_ID_FOR_SRP instead of any email address, preferred username, or phone number alias that you might have specified in your AdminInitiateAuth request. You must use the username and not an alias in the ChallengeResponses of your challenge response.

" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", "documentation":"

The outcome of successful authentication. This is only returned if the user pool has no additional challenges to return. If Amazon Cognito returns another challenge, the response includes ChallengeName, ChallengeParameters, and Session so that your user can answer the challenge.

" + }, + "AvailableChallenges":{ + "shape":"AvailableChallengeListType", + "documentation":"

This response parameter lists the available authentication challenges that users can select from in choice-based authentication. For example, they might be able to choose between passkey authentication, a one-time password from an SMS message, and a traditional password.

" } }, "documentation":"

Initiates the authentication response, as an administrator.

" @@ -2883,8 +3008,7 @@ }, "AdminLinkProviderForUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AdminListDevicesRequest":{ "type":"structure", @@ -2899,7 +3023,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "Limit":{ "shape":"QueryLimitType", @@ -2935,7 +3059,7 @@ "members":{ "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "UserPoolId":{ "shape":"UserPoolIdType", @@ -2977,7 +3101,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "MaxResults":{ "shape":"QueryLimitType", @@ -3016,7 +3140,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "GroupName":{ "shape":"GroupNameType", @@ -3037,19 +3161,18 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. The AdminResetUserPassword API operation invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. The AdminResetUserPassword API operation invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to reset a user's password as an administrator.

" }, "AdminResetUserPasswordResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server to reset a user password as an administrator.

" }, "AdminRespondToAuthChallengeRequest":{ @@ -3070,11 +3193,11 @@ }, "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The name of the challenge that you are responding to. You can find more information about values for ChallengeName in the response parameters of AdminInitiateAuth.

" + "documentation":"

The name of the challenge that you are responding to.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "ChallengeResponses":{ "shape":"ChallengeResponsesType", - "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" + "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

WEB_AUTHN

\"ChallengeName\": \"WEB_AUTHN\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

See AuthenticationResponseJSON.

PASSWORD

\"ChallengeName\": \"PASSWORD\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

PASSWORD_SRP

\"ChallengeName\": \"PASSWORD_SRP\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA|EMAIL_MFA|SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" }, "Session":{ "shape":"SessionType", @@ -3082,15 +3205,15 @@ }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The analytics metadata for collecting Amazon Pinpoint metrics for AdminRespondToAuthChallenge calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "ContextData":{ "shape":"ContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that you have assigned to the following triggers:

  • Pre sign-up

  • custom message

  • Post authentication

  • User migration

  • Pre token generation

  • Define auth challenge

  • Create auth challenge

  • Verify auth challenge response

When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute that provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that you have assigned to the following triggers:

  • Pre sign-up

  • custom message

  • Post authentication

  • User migration

  • Pre token generation

  • Define auth challenge

  • Create auth challenge

  • Verify auth challenge response

When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute that provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

The request to respond to the authentication challenge, as an administrator.

" @@ -3100,7 +3223,7 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The name of the challenge that you must next respond to. You can find more information about values for ChallengeName in the response parameters of AdminInitiateAuth.

" + "documentation":"

The name of the next challenge that you must respond to.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "Session":{ "shape":"SessionType", @@ -3108,7 +3231,7 @@ }, "ChallengeParameters":{ "shape":"ChallengeParametersType", - "documentation":"

The parameters that define your response to the next challenge. Take the values in ChallengeParameters and provide values for them in the ChallengeResponses of the next AdminRespondToAuthChallenge request.

" + "documentation":"

The parameters that define your response to the next challenge.

" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", @@ -3130,15 +3253,15 @@ }, "SoftwareTokenMfaSettings":{ "shape":"SoftwareTokenMfaSettingsType", - "documentation":"

User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available.

" + "documentation":"

User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available. This operation can set TOTP as a user's preferred MFA method before they register a TOTP authenticator.

" }, "EmailMfaSettings":{ "shape":"EmailMfaSettingsType", - "documentation":"

User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "UserPoolId":{ "shape":"UserPoolIdType", @@ -3148,8 +3271,7 @@ }, "AdminSetUserMFAPreferenceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AdminSetUserPasswordRequest":{ "type":"structure", @@ -3165,7 +3287,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "Password":{ "shape":"PasswordType", @@ -3179,8 +3301,7 @@ }, "AdminSetUserPasswordResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AdminSetUserSettingsRequest":{ "type":"structure", @@ -3196,7 +3317,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "MFAOptions":{ "shape":"MFAOptionListType", @@ -3207,8 +3328,7 @@ }, "AdminSetUserSettingsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server to set user settings as an administrator.

" }, "AdminUpdateAuthEventFeedbackRequest":{ @@ -3226,22 +3346,21 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "EventId":{ "shape":"EventIdType", - "documentation":"

The authentication event ID. To query authentication events for a user, see AdminListUserAuthEvents.

" + "documentation":"

The ID of the threat protection authentication event that you want to update.

" }, "FeedbackValue":{ "shape":"FeedbackValueType", - "documentation":"

The authentication event feedback value. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" + "documentation":"

Your feedback to the authentication event. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" } } }, "AdminUpdateAuthEventFeedbackResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AdminUpdateDeviceStatusRequest":{ "type":"structure", @@ -3257,7 +3376,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "DeviceKey":{ "shape":"DeviceKeyType", @@ -3272,8 +3391,7 @@ }, "AdminUpdateDeviceStatusResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The status response to the request to update the device, as an administrator.

" }, "AdminUpdateUserAttributesRequest":{ @@ -3290,7 +3408,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "UserAttributes":{ "shape":"AttributeListType", @@ -3298,15 +3416,14 @@ }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to update the user's attributes as an administrator.

" }, "AdminUpdateUserAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server for the request to update user attributes as an administrator.

" }, "AdminUserGlobalSignOutRequest":{ @@ -3322,15 +3439,14 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" } }, "documentation":"

The request to sign out of all devices, as an administrator.

" }, "AdminUserGlobalSignOutResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The global sign-out response, as an administrator.

" }, "AdvancedSecurityAdditionalFlowsType":{ @@ -3338,10 +3454,10 @@ "members":{ "CustomAuthMode":{ "shape":"AdvancedSecurityEnabledModeType", - "documentation":"

The operating mode of advanced security features in custom authentication with Custom authentication challenge Lambda triggers.

" + "documentation":"

The operating mode of threat protection in custom authentication with Custom authentication challenge Lambda triggers.

" } }, - "documentation":"

Advanced security configuration options for additional authentication types in your user pool, including custom authentication.

" + "documentation":"

Threat protection configuration options for additional authentication types in your user pool, including custom authentication.

" }, "AdvancedSecurityEnabledModeType":{ "type":"string", @@ -3411,7 +3527,7 @@ "documentation":"

If UserDataShared is true, Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.

" } }, - "documentation":"

The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign.

Amazon Pinpoint isn't available in all Amazon Web Services Regions. For a list of available Regions, see Amazon Cognito and Amazon Pinpoint Region availability.

This data type is a request parameter of CreateUserPoolClient and UpdateUserPoolClient, and a response parameter of DescribeUserPoolClient.

" + "documentation":"

The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign.

Amazon Pinpoint isn't available in all Amazon Web Services Regions. For a list of available Regions, see Amazon Cognito and Amazon Pinpoint Region availability.

" }, "AnalyticsMetadataType":{ "type":"structure", @@ -3421,7 +3537,7 @@ "documentation":"

The endpoint ID. Information that you want to pass to Amazon Pinpoint about where to send notifications.

" } }, - "documentation":"

Information that your application adds to authentication requests. Applies an endpoint ID to the analytics data that your user pool sends to Amazon Pinpoint.

An endpoint ID uniquely identifies a mobile device, email address or phone number that can receive messages from Amazon Pinpoint analytics. For more information about Amazon Web Services Regions that can contain Amazon Pinpoint resources for use with Amazon Cognito user pools, see Using Amazon Pinpoint analytics with Amazon Cognito user pools.

This data type is a request parameter of authentication operations like InitiateAuth, AdminInitiateAuth, RespondToAuthChallenge, and AdminRespondToAuthChallenge.

" + "documentation":"

Information that your application adds to authentication requests. Applies an endpoint ID to the analytics data that your user pool sends to Amazon Pinpoint.

An endpoint ID uniquely identifies a mobile device, email address or phone number that can receive messages from Amazon Pinpoint analytics. For more information about Amazon Web Services Regions that can contain Amazon Pinpoint resources for use with Amazon Cognito user pools, see Using Amazon Pinpoint analytics with Amazon Cognito user pools.

" }, "ArnType":{ "type":"string", @@ -3498,14 +3614,14 @@ "documentation":"

The ID of the asset.

" } }, - "documentation":"

An image file from a managed login branding style in a user pool.

This data type is a request parameter of CreateManagedLoginBranding and UpdateManagedLoginBranding, and a response parameter of DescribeManagedLoginBranding.

" + "documentation":"

An image file from a managed login branding style in a user pool.

" }, "AssociateSoftwareTokenRequest":{ "type":"structure", "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose software token you want to generate. You can provide either an access token or a session ID in the request.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

You can provide either an access token or a session ID in the request.

" }, "Session":{ "shape":"SessionType", @@ -3522,7 +3638,7 @@ }, "Session":{ "shape":"SessionType", - "documentation":"

The session identifier that maintains the state of authentication requests and challenge responses. This session ID is valid for the next request in this flow, VerifySoftwareToken.

" + "documentation":"

The session identifier that maintains the state of authentication requests and challenge responses.

" } } }, @@ -3572,7 +3688,7 @@ "documentation":"

The value of the attribute.

" } }, - "documentation":"

The name and value of a user attribute.

This data type is a request parameter of AdminUpdateUserAttributes and UpdateUserAttributes.

" + "documentation":"

The name and value of a user attribute.

" }, "AttributeValueType":{ "type":"string", @@ -3616,10 +3732,10 @@ }, "EventFeedback":{ "shape":"EventFeedbackType", - "documentation":"

The UpdateAuthEventFeedback or AdminUpdateAuthEventFeedback feedback that you or your user provided in response to the event. A value of Valid indicates that you disagreed with the level of risk that your user pool assigned, and evaluated a session to be valid, or likely safe. A value of Invalid indicates that you agreed with the user pool risk level and evaluated a session to be invalid, or likely malicious.

" + "documentation":"

The UpdateAuthEventFeedback or AdminUpdateAuthEventFeedback feedback that you or your user provided in response to the event. A value of Valid indicates that you disagreed with the level of risk that your user pool assigned, and evaluated a session to be valid, or likely safe. A value of Invalid indicates that you agreed with the user pool risk level and evaluated a session to be invalid, or likely malicious.

" } }, - "documentation":"

One authentication event that Amazon Cognito logged in a user pool with advanced security features active. Contains user and device metadata and a risk assessment from your user pool.

This data type is a request parameter of AdminListUserAuthEvents.

" + "documentation":"

One authentication event that Amazon Cognito logged in a user pool with threat protection active. Contains user and device metadata and a risk assessment from your user pool.

" }, "AuthEventsType":{ "type":"list", @@ -3686,7 +3802,7 @@ "documentation":"

The new device metadata from an authentication result.

" } }, - "documentation":"

The object that your application receives after authentication. Contains tokens and information for device authentication.

This data type is a response parameter of authentication operations like InitiateAuth, AdminInitiateAuth, RespondToAuthChallenge, and AdminRespondToAuthChallenge.

" + "documentation":"

The object that your application receives after authentication. Contains tokens and information for device authentication.

" }, "AvailableChallengeListType":{ "type":"list", @@ -3766,7 +3882,7 @@ "documentation":"

The set of key-value pairs that provides a response to the requested challenge.

" } }, - "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

This data type is a request parameter of RespondToAuthChallenge and AdminRespondToAuthChallenge.

" + "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

WEB_AUTHN

\"ChallengeName\": \"WEB_AUTHN\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

See AuthenticationResponseJSON.

PASSWORD

\"ChallengeName\": \"PASSWORD\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

PASSWORD_SRP

\"ChallengeName\": \"PASSWORD_SRP\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA|EMAIL_MFA|SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" }, "ChallengeResponsesType":{ "type":"map", @@ -3798,8 +3914,7 @@ }, "ChangePasswordResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response from the server to the change password request.

" }, "ClientIdType":{ @@ -3844,7 +3959,7 @@ "documentation":"

The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user pool sends logs. The log group must not be encrypted with Key Management Service and must be in the same Amazon Web Services account as your user pool.

To send logs to log groups with a resource policy of a size greater than 5120 characters, configure a log group with a path that starts with /aws/vendedlogs. For more information, see Enabling logging from certain Amazon Web Services services.

" } }, - "documentation":"

Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features.

This data type is a request parameter of SetLogDeliveryConfiguration and a response parameter of GetLogDeliveryConfiguration.

" + "documentation":"

Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with threat protection.

" }, "CodeDeliveryDetailsListType":{ "type":"list", @@ -3866,7 +3981,7 @@ "documentation":"

The name of the attribute that Amazon Cognito verifies with the code.

" } }, - "documentation":"

The delivery details for an email or SMS message that Amazon Cognito sent for authentication or verification.

This data type is a response parameter of operations that send a code for user profile confirmation, verification, or management, for example ForgotPassword and SignUp.

" + "documentation":"

The delivery details for an email or SMS message that Amazon Cognito sent for authentication or verification.

" }, "CodeDeliveryFailureException":{ "type":"structure", @@ -3907,18 +4022,17 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose passkey registration you want to complete.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "Credential":{ "shape":"Document", - "documentation":"

A RegistrationResponseJSON public-key credential response from the user's passkey provider.

" + "documentation":"

A RegistrationResponseJSON public-key credential response from the user's passkey provider.

" } } }, "CompleteWebAuthnRegistrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CompletionMessageType":{ "type":"string", @@ -3935,7 +4049,7 @@ "documentation":"

The action that Amazon Cognito takes when it detects compromised credentials.

" } }, - "documentation":"

Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function ENFORCED mode.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

Settings for user pool actions when Amazon Cognito detects compromised credentials with threat protection in full-function ENFORCED mode.

" }, "CompromisedCredentialsEventActionType":{ "type":"string", @@ -3957,7 +4071,7 @@ "documentation":"

Settings for the actions that you want your user pool to take when Amazon Cognito detects compromised credentials.

" } }, - "documentation":"

Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function ENFORCED mode.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

Settings for compromised-credentials actions and authentication-event sources with threat protection in full-function ENFORCED mode.

" }, "ConcurrentModificationException":{ "type":"structure", @@ -3985,7 +4099,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose device you want to confirm.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "DeviceKey":{ "shape":"DeviceKeyType", @@ -4007,7 +4121,7 @@ "members":{ "UserConfirmationNecessary":{ "shape":"BooleanType", - "documentation":"

When true, your user must confirm that they want to remember the device. Prompt the user for an answer. You must then make an UpdateUserDevice request that sets the device to remembered or not_remembered.

When false, immediately sets the device as remembered and eligible for device authentication.

You can configure your user pool to always remember devices, in which case this response is false, or to allow users to opt in, in which case this response is true. Configure this option under Device tracking in the Sign-in menu of your user pool. You can also configure this option with the DeviceConfiguration parameter of a CreateUserPool or UpdateUserPool request.

" + "documentation":"

When true, your user must confirm that they want to remember the device. Prompt the user for an answer.

When false, immediately sets the device as remembered and eligible for device authentication.

You can configure your user pool to always remember devices, in which case this response is false, or to allow users to opt in, in which case this response is true. Configure this option under Device tracking in the Sign-in menu of your user pool.

" } }, "documentation":"

The confirm-device response.

" @@ -4023,7 +4137,7 @@ "members":{ "ClientId":{ "shape":"ClientIdType", - "documentation":"

The ID of the app client where the user wants to reset their password. This parameter is an identifier of the client application that users are resetting their password from, but this operation resets users' passwords for all app clients in the user pool.

" + "documentation":"

The ID of the app client where the user wants to reset their password. This parameter is an identifier of the client application that users are resetting their password from, but this operation resets users' irrespective of the app clients they sign in to.

" }, "SecretHash":{ "shape":"SecretHashType", @@ -4031,11 +4145,11 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "ConfirmationCode":{ "shape":"ConfirmationCodeType", - "documentation":"

The confirmation code that your user pool sent in response to an AdminResetUserPassword or a ForgotPassword request.

" + "documentation":"

The confirmation code that your user pool delivered when your user requested to reset their password.

" }, "Password":{ "shape":"PasswordType", @@ -4043,23 +4157,22 @@ }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmForgotPassword calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

The request representing the confirmation for a password reset.

" }, "ConfirmForgotPasswordResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response from the server that results from a user's request to retrieve a forgotten password.

" }, "ConfirmSignUpRequest":{ @@ -4080,7 +4193,7 @@ }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "ConfirmationCode":{ "shape":"ConfirmationCodeType", @@ -4092,15 +4205,15 @@ }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmSignUp calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the post confirmation trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" }, "Session":{ "shape":"SessionType", @@ -4114,7 +4227,7 @@ "members":{ "Session":{ "shape":"SessionType", - "documentation":"

A session identifier that you can use to immediately sign in the confirmed user. You can automatically sign users in with the one-time password that they provided in a successful ConfirmSignUp request. To do this, pass the Session parameter from this response in the Session parameter of an InitiateAuth or AdminInitiateAuth request.

" + "documentation":"

A session identifier that you can use to immediately sign in the confirmed user. You can automatically sign users in with the one-time password that they provided in a successful ConfirmSignUp request.

" } }, "documentation":"

Represents the response from the server for the registration confirmation.

" @@ -4155,7 +4268,7 @@ "documentation":"

Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.

" } }, - "documentation":"

Contextual user data used for evaluating the risk of an authentication event by user pool threat protection.

This data type is a request parameter of server-side authentication operations like AdminInitiateAuth and AdminRespondToAuthChallenge.

" + "documentation":"

Contextual user data used for evaluating the risk of an authentication event by user pool threat protection.

" }, "CreateGroupRequest":{ "type":"structure", @@ -4253,19 +4366,19 @@ }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The app client that you want to create the branding style for. Each style is permanently linked to an app client. To change the style for an app client, delete the existing style with DeleteManagedLoginBranding and create a new one.

" + "documentation":"

The app client that you want to create the branding style for. Each style is linked to an app client until you delete it.

" }, "UseCognitoProvidedValues":{ "shape":"BooleanType", - "documentation":"

When true, applies the default branding style options. These default options are managed by Amazon Cognito. You can modify them later in the branding designer.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" + "documentation":"

When true, applies the default branding style options. These default options are managed by Amazon Cognito. You can modify them later in the branding editor.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" }, "Settings":{ "shape":"Document", - "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

" + "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

The following components are not currently implemented and reserved for future use:

" }, "Assets":{ "shape":"AssetListType", - "documentation":"

An array of image files that you want to apply to roles like backgrounds, logos, and icons. Each object must also indicate whether it is for dark mode, light mode, or browser-adaptive mode.

" + "documentation":"

An array of image files that you want to apply to functions like backgrounds, logos, and icons. Each object must also indicate whether it is for dark mode, light mode, or browser-adaptive mode.

" } } }, @@ -4314,6 +4427,51 @@ } } }, + "CreateTermsRequest":{ + "type":"structure", + "required":[ + "UserPoolId", + "ClientId", + "TermsName", + "TermsSource", + "Enforcement" + ], + "members":{ + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool where you want to create terms documents.

" + }, + "ClientId":{ + "shape":"ClientIdType", + "documentation":"

The ID of the app client where you want to create terms documents. Must be an app client in the requested user pool.

" + }, + "TermsName":{ + "shape":"TermsNameType", + "documentation":"

A friendly name for the document that you want to create in the current request. Must begin with terms-of-use or privacy-policy as identification of the document type. Provide URLs for both terms-of-use and privacy-policy in separate requests.

" + }, + "TermsSource":{ + "shape":"TermsSourceType", + "documentation":"

This parameter is reserved for future use and currently accepts only one value.

" + }, + "Enforcement":{ + "shape":"TermsEnforcementType", + "documentation":"

This parameter is reserved for future use and currently accepts only one value.

" + }, + "Links":{ + "shape":"LinksType", + "documentation":"

A map of URLs to languages. For each localized language that will view the requested TermsName, assign a URL. A selection of cognito:default displays for all languages that don't have a language-specific URL.

For example, \"cognito:default\": \"https://terms.example.com\", \"cognito:spanish\": \"https://terms.example.com/es\".

" + } + } + }, + "CreateTermsResponse":{ + "type":"structure", + "members":{ + "Terms":{ + "shape":"TermsType", + "documentation":"

A summary of your terms documents. Includes a unique identifier for later changes to the terms documents.

" + } + } + }, "CreateUserImportJobRequest":{ "type":"structure", "required":[ @@ -4342,7 +4500,7 @@ "members":{ "UserImportJob":{ "shape":"UserImportJobType", - "documentation":"

The details of the user import job.

" + "documentation":"

The details of the user import job. Includes logging destination, status, and the Amazon S3 pre-signed URL for CSV upload.

" } }, "documentation":"

Represents the response from the server to the request to create the user import job.

" @@ -4364,7 +4522,7 @@ }, "GenerateSecret":{ "shape":"GenerateSecret", - "documentation":"

When true, generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see App client types.

" + "documentation":"

When true, generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see App client types.

" }, "RefreshTokenValidity":{ "shape":"RefreshTokenValidityType", @@ -4384,27 +4542,27 @@ }, "ReadAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" + "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" }, "WriteAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" + "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" }, "ExplicitAuthFlows":{ "shape":"ExplicitAuthFlowsListType", - "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

Valid values include:

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" + "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your app client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

The values for authentication flow options include the following.

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

    To activate this setting, your user pool must be in the Essentials tier or higher.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" }, "SupportedIdentityProviders":{ "shape":"SupportedIdentityProvidersListType", - "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This setting applies to providers that you can access with managed login. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent API-based authentication is to block access with a WAF rule.

" + "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This parameter sets the IdPs that managed login will display on the login page for your app client. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent SDK-based authentication is to block access with a WAF rule.

" }, "CallbackURLs":{ "shape":"CallbackURLsListType", - "documentation":"

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

  • Be an absolute URI.

  • Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with redirect_uri values that aren't in the list of CallbackURLs that you provide in this parameter.

  • Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" + "documentation":"

A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.

A redirect URI must meet the following requirements:

  • Be an absolute URI.

  • Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with redirect_uri values that aren't in the list of CallbackURLs that you provide in this parameter.

  • Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" }, "LogoutURLs":{ "shape":"LogoutURLsListType", - "documentation":"

A list of allowed logout URLs for managed login authentication. For more information, see Logout endpoint.

" + "documentation":"

A list of allowed logout URLs for managed login authentication. When you pass logout_uri and client_id parameters to /logout, Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of logout_uri. A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see Logout endpoint.

" }, "DefaultRedirectURI":{ "shape":"RedirectUrlType", @@ -4412,15 +4570,15 @@ }, "AllowedOAuthFlows":{ "shape":"OAuthFlowsType", - "documentation":"

The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add client_credentials as the only allowed OAuth flow.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

" + "documentation":"

The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add client_credentials as the only allowed OAuth flow.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token, and the ID token when scopes like openid and profile are requested, directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user, authorized by a combination of the client ID and client secret.

" }, "AllowedOAuthScopes":{ "shape":"ScopeListType", - "documentation":"

The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the userInfo endpoint, and third-party APIs. Possible values provided by OAuth are phone, email, openid, and profile. Possible values provided by Amazon Web Services are aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

" + "documentation":"

The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the userInfo endpoint, and third-party APIs. Scope values include phone, email, openid, and profile. The aws.cognito.signin.user.admin scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs.

" }, "AllowedOAuthFlowsUserPoolClient":{ "shape":"BooleanType", - "documentation":"

Set to true to use OAuth 2.0 features in your user pool app client.

AllowedOAuthFlowsUserPoolClient must be true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false.

" + "documentation":"

Set to true to use OAuth 2.0 authorization server features in your app client.

This parameter must have a value of true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use authorization server features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false. When false, only SDK-based API sign-in is permitted.

" }, "AnalyticsConfiguration":{ "shape":"AnalyticsConfigurationType", @@ -4428,19 +4586,23 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

  • ENABLED - This prevents user existence-related errors.

  • LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.

Defaults to LEGACY when you don't provide a value.

" + "documentation":"

When ENABLED, suppresses messages that might indicate a valid user exists when someone attempts sign-in. This parameters sets your preference for the errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Defaults to LEGACY.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", - "documentation":"

Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.

If you don't include this parameter, token revocation is automatically activated for the new user pool client.

" + "documentation":"

Activates or deactivates token revocation in the target app client.

If you don't include this parameter, token revocation is automatically activated for the new user pool client.

" }, "EnablePropagateAdditionalUserContextData":{ "shape":"WrappedBooleanType", - "documentation":"

Activates the propagation of additional user context data. For more information about propagation of user context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.

" + "documentation":"

When true, your application can include additional UserContextData in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see Adding session data to API requests. If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.

" }, "AuthSessionValidity":{ "shape":"AuthSessionValidityType", "documentation":"

Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.

" + }, + "RefreshTokenRotation":{ + "shape":"RefreshTokenRotationType", + "documentation":"

The configuration of your app client for refresh token rotation. When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens.

" } }, "documentation":"

Represents the request to create a user pool client.

" @@ -4464,7 +4626,7 @@ "members":{ "Domain":{ "shape":"DomainType", - "documentation":"

The domain string. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For prefix domains, this is the prefix alone, such as myprefix. A prefix value of myprefix for a user pool in the us-east-1 Region results in a domain of myprefix.auth.us-east-1.amazoncognito.com.

" + "documentation":"

The domain string. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For prefix domains, this is the prefix alone, such as myprefix. A prefix value of myprefix for a user pool in the us-east-1 Region results in a domain of myprefix.auth.us-east-1.amazoncognito.com.

" }, "UserPoolId":{ "shape":"UserPoolIdType", @@ -4476,7 +4638,7 @@ }, "CustomDomainConfig":{ "shape":"CustomDomainConfigType", - "documentation":"

The configuration for a custom domain. Configures your domain with an Certificate Manager certificate in the us-east-1 Region.

Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can exclude this parameter and use a prefix domain instead.

For more information about the hosted domain and custom domains, see Configuring a User Pool Domain.

" + "documentation":"

The configuration for a custom domain. Configures your domain with an Certificate Manager certificate in the us-east-1 Region.

Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can omit this parameter and use a prefix domain instead.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.

" } } }, @@ -4489,7 +4651,7 @@ }, "CloudFrontDomain":{ "shape":"DomainType", - "documentation":"

The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider. Amazon Cognito returns this value if you set a custom domain with CustomDomainConfig. If you set an Amazon Cognito prefix domain, this operation returns a blank response.

" + "documentation":"

The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your managed login or classic hosted UI pages. Your domain-name authority must have an alias record that points requests for your custom domain to this FQDN. Amazon Cognito returns this value if you set a custom domain with CustomDomainConfig. If you set an Amazon Cognito prefix domain, this parameter returns null.

" } } }, @@ -4499,7 +4661,7 @@ "members":{ "PoolName":{ "shape":"UserPoolNameType", - "documentation":"

A friendlhy name for your user pool.

" + "documentation":"

A friendly name for your user pool.

" }, "Policies":{ "shape":"UserPoolPolicyType", @@ -4515,11 +4677,11 @@ }, "AutoVerifiedAttributes":{ "shape":"VerifiedAttributesListType", - "documentation":"

The attributes that you want your user pool to automatically verify. Possible values: email, phone_number. For more information see Verifying contact information at sign-up.

" + "documentation":"

The attributes that you want your user pool to automatically verify. For more information, see Verifying contact information at sign-up.

" }, "AliasAttributes":{ "shape":"AliasAttributesListType", - "documentation":"

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. For more information about alias attributes, see Customizing sign-in attributes.

" + "documentation":"

Attributes supported as an alias for this user pool. For more information about alias attributes, see Customizing sign-in attributes.

" }, "UsernameAttributes":{ "shape":"UsernameAttributesListType", @@ -4527,15 +4689,15 @@ }, "SmsVerificationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationMessage":{ "shape":"EmailVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationSubject":{ "shape":"EmailVerificationSubjectType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "VerificationMessageTemplate":{ "shape":"VerificationMessageTemplateType", @@ -4543,11 +4705,11 @@ }, "SmsAuthenticationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"

A string representing the SMS authentication message.

" + "documentation":"

The contents of the SMS message that your user pool sends to users in SMS OTP and MFA authentication.

" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", - "documentation":"

Sets multi-factor authentication (MFA) to be on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

" + "documentation":"

Sets multi-factor authentication (MFA) to be on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

When MfaConfiguration is OPTIONAL, managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor.

" }, "UserAttributeUpdateSettings":{ "shape":"UserAttributeUpdateSettingsType", @@ -4555,7 +4717,7 @@ }, "DeviceConfiguration":{ "shape":"DeviceConfigurationType", - "documentation":"

The device-remembering configuration for a user pool. Device remembering or device tracking is a \"Remember me on this device\" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool. A null value indicates that you have deactivated device remembering in your user pool.

When you provide a value for any DeviceConfiguration field, you activate the Amazon Cognito device-remembering feature. For more infor

" + "documentation":"

The device-remembering configuration for a user pool. Device remembering or device tracking is a \"Remember me on this device\" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool. A null value indicates that you have deactivated device remembering in your user pool.

When you provide a value for any DeviceConfiguration field, you activate the Amazon Cognito device-remembering feature. For more information, see Working with devices.

" }, "EmailConfiguration":{ "shape":"EmailConfigurationType", @@ -4563,7 +4725,7 @@ }, "SmsConfiguration":{ "shape":"SmsConfigurationType", - "documentation":"

The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account. For more information see SMS message settings.

" + "documentation":"

The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account. For more information see SMS message settings.

" }, "UserPoolTags":{ "shape":"UserPoolTagsType", @@ -4571,7 +4733,7 @@ }, "AdminCreateUserConfig":{ "shape":"AdminCreateUserConfigType", - "documentation":"

The configuration for AdminCreateUser requests. Includes the template for the invitation message for new users, the duration of temporary passwords, and permitting self-service sign-up.

" + "documentation":"

The configuration for administrative creation of users. Includes the template for the invitation message for new users, the duration of temporary passwords, and permitting self-service sign-up.

" }, "Schema":{ "shape":"SchemaAttributesListType", @@ -4579,7 +4741,7 @@ }, "UserPoolAddOns":{ "shape":"UserPoolAddOnsType", - "documentation":"

User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT. To configure automatic security responses to risky traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool.

" + "documentation":"

Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to AUDIT. To configure automatic security responses to potentially unwanted traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool. To activate this setting, your user pool must be on the Plus tier.

" }, "UsernameConfiguration":{ "shape":"UsernameConfigurationType", @@ -4587,7 +4749,7 @@ }, "AccountRecoverySetting":{ "shape":"AccountRecoverySettingType", - "documentation":"

The available verified method a user can use to recover their password when they call ForgotPassword. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.

" + "documentation":"

The available verified method a user can use to recover their password when they call ForgotPassword. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. Email MFA is also disqualifying for account recovery with email. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.

As a best practice, configure both verified_email and verified_phone_number, with one having a higher priority than the other.

" }, "UserPoolTier":{ "shape":"UserPoolTierType", @@ -4627,7 +4789,7 @@ "documentation":"

The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.

" } }, - "documentation":"

The configuration for a hosted UI custom domain.

This data type is a request parameter of CreateUserPoolDomain and UpdateUserPoolDomain.

" + "documentation":"

The configuration for a hosted UI custom domain.

" }, "CustomEmailLambdaVersionConfigType":{ "type":"structure", @@ -4645,7 +4807,7 @@ "documentation":"

The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.

" } }, - "documentation":"

The properties of a custom email sender Lambda trigger.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The properties of a custom email sender Lambda trigger.

" }, "CustomEmailSenderLambdaVersionType":{ "type":"string", @@ -4667,7 +4829,7 @@ "documentation":"

The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.

" } }, - "documentation":"

The properties of a custom SMS sender Lambda trigger.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The properties of a custom SMS sender Lambda trigger.

" }, "CustomSMSSenderLambdaVersionType":{ "type":"string", @@ -4749,6 +4911,23 @@ } } }, + "DeleteTermsRequest":{ + "type":"structure", + "required":[ + "TermsId", + "UserPoolId" + ], + "members":{ + "TermsId":{ + "shape":"TermsIdType", + "documentation":"

The ID of the terms documents that you want to delete.

" + }, + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool that contains the terms documents that you want to delete.

" + } + } + }, "DeleteUserAttributesRequest":{ "type":"structure", "required":[ @@ -4762,15 +4941,14 @@ }, "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose attributes you want to delete.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } }, "documentation":"

Represents the request to delete user attributes.

" }, "DeleteUserAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server to delete user attributes.

" }, "DeleteUserPoolClientRequest":{ @@ -4800,7 +4978,7 @@ "members":{ "Domain":{ "shape":"DomainType", - "documentation":"

The domain that you want to delete. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For Amazon Cognito prefix domains, this is the prefix alone, such as auth.

" + "documentation":"

The domain that you want to delete. For custom domains, this is the fully-qualified domain name like auth.example.com. For Amazon Cognito prefix domains, this is the prefix alone, like myprefix.

" }, "UserPoolId":{ "shape":"UserPoolIdType", @@ -4810,8 +4988,7 @@ }, "DeleteUserPoolDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserPoolRequest":{ "type":"structure", @@ -4830,7 +5007,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose user profile you want to delete.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } }, "documentation":"

Represents the request to delete a user.

" @@ -4844,18 +5021,17 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose passkey credential you want to delete.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "CredentialId":{ "shape":"StringType", - "documentation":"

The unique identifier of the passkey that you want to delete. Look up registered devices with ListWebAuthnCredentials.

" + "documentation":"

The unique identifier of the passkey that you want to delete.

" } } }, "DeleteWebAuthnCredentialResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletionProtectionType":{ "type":"string", @@ -5013,6 +5189,32 @@ } } }, + "DescribeTermsRequest":{ + "type":"structure", + "required":[ + "TermsId", + "UserPoolId" + ], + "members":{ + "TermsId":{ + "shape":"TermsIdType", + "documentation":"

The ID of the terms documents that you want to describe.

" + }, + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool that contains the terms documents that you want to describe.

" + } + } + }, + "DescribeTermsResponse":{ + "type":"structure", + "members":{ + "Terms":{ + "shape":"TermsType", + "documentation":"

A summary of the requested terms documents. Includes a unique identifier for later changes to the terms documents.

" + } + } + }, "DescribeUserImportJobRequest":{ "type":"structure", "required":[ @@ -5036,7 +5238,7 @@ "members":{ "UserImportJob":{ "shape":"UserImportJobType", - "documentation":"

The details of the user import job.

" + "documentation":"

The details of the user import job. Includes logging destination, status, and the Amazon S3 pre-signed URL for CSV upload.

" } }, "documentation":"

Represents the response from the server to the request to describe the user import job.

" @@ -5122,10 +5324,18 @@ }, "DeviceOnlyRememberedOnUserPrompt":{ "shape":"BooleanType", - "documentation":"

When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.

When DeviceOnlyRememberedOnUserPrompt is false, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice API request.

" + "documentation":"

When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an UpdateDeviceStatus API request.

When DeviceOnlyRememberedOnUserPrompt is false, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice API request.

" } }, - "documentation":"

The device-remembering configuration for a user pool. A DescribeUserPool request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a ConfirmDevice API request. Additionally. when the property DeviceOnlyRememberedOnUserPrompt is true, you must follow ConfirmDevice with an UpdateDeviceStatus API request that sets the user's device to remembered or not_remembered.

To sign in with a remembered device, include DEVICE_KEY in the authentication parameters in your user's InitiateAuth request. If your app doesn't include a DEVICE_KEY parameter, the response from Amazon Cognito includes newly-generated DEVICE_KEY and DEVICE_GROUP_KEY values under NewDeviceMetadata. Store these values to use in future device-authentication requests.

When you provide a value for any property of DeviceConfiguration, you activate the device remembering for the user pool.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The device-remembering configuration for a user pool.

When you provide a value for any property of DeviceConfiguration, you activate the device remembering for the user pool.

" + }, + "DeviceKeyExistsException":{ + "type":"structure", + "members":{ + "message":{"shape":"MessageType"} + }, + "documentation":"

This exception is thrown when a user attempts to confirm a device with a device key that already exists.

", + "exception":true }, "DeviceKeyType":{ "type":"string", @@ -5161,7 +5371,7 @@ "documentation":"

The salt that you want to use in SRP authentication with the user's device.

" } }, - "documentation":"

A Secure Remote Password (SRP) value that your application generates when you register a user's device. For more information, see Getting a device key.

This data type is a request parameter of ConfirmDevice.

" + "documentation":"

A Secure Remote Password (SRP) value that your application generates when you register a user's device. For more information, see Getting a device key.

" }, "DeviceType":{ "type":"structure", @@ -5187,12 +5397,11 @@ "documentation":"

The date when the user last signed in with the device.

" } }, - "documentation":"

Information about a user's device that they've registered for device SRP authentication in your application. For more information, see Working with user devices in your user pool.

The data type is a response parameter of AdminGetDevice, AdminListDevices, and GetDevice.

" + "documentation":"

Information about a user's device that they've registered for device SRP authentication in your application. For more information, see Working with user devices in your user pool.

" }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "DomainDescriptionType":{ @@ -5235,7 +5444,7 @@ "documentation":"

The version of managed login branding that you want to apply to your domain. A value of 1 indicates hosted UI (classic) branding and a version of 2 indicates managed login branding.

Managed login requires that your user pool be configured for any feature plan other than Lite.

" } }, - "documentation":"

A container for information about the user pool domain associated with the hosted UI and OAuth endpoints.

This data type is a response parameter of DescribeUserPoolDomain.

" + "documentation":"

A container for information about the user pool domain associated with the hosted UI and OAuth endpoints.

" }, "DomainStatusType":{ "type":"string", @@ -5294,7 +5503,7 @@ "documentation":"

The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:

Event publishing

Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as and Amazon CloudWatch

IP pool management

When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.

" } }, - "documentation":"

The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.

Amazon Cognito can send email messages with Amazon Simple Email Service resources in the Amazon Web Services Region where you created your user pool, and in alternate Regions in some cases. For more information on the supported Regions, see Email settings for Amazon Cognito user pools.

This data type is a request parameter of CreateUserPool, UpdateUserPool, and SetUserPoolMfaConfig, and a response parameter of CreateUserPool, UpdateUserPool, and GetUserPoolMfaConfig.

" + "documentation":"

The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.

Amazon Cognito can send email messages with Amazon Simple Email Service resources in the Amazon Web Services Region where you created your user pool, and in alternate Regions in some cases. For more information on the supported Regions, see Email settings for Amazon Cognito user pools.

" }, "EmailInviteMessageType":{ "type":"string", @@ -5307,14 +5516,14 @@ "members":{ "Message":{ "shape":"EmailMfaMessageType", - "documentation":"

The template for the email message that your user pool sends to users with a code for MFA and sign-in with an email OTP. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.

" + "documentation":"

The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.

" }, "Subject":{ "shape":"EmailMfaSubjectType", - "documentation":"

The subject of the email message that your user pool sends to users with a code for MFA and email OTP sign-in.

" + "documentation":"

The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

" } }, - "documentation":"

Sets or shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig.

" + "documentation":"

Sets or shows configuration for user pool email message MFA and sign-in with one-time passwords (OTPs). Includes the subject and body of the email message template for sign-in and MFA messages. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "EmailMfaMessageType":{ "type":"string", @@ -5334,7 +5543,7 @@ "documentation":"

Specifies whether email message MFA is the user's preferred method.

" } }, - "documentation":"

User preferences for multi-factor authentication with email messages. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.

This data type is a request parameter of SetUserMFAPreference and AdminSetUserMFAPreference.

" + "documentation":"

User preferences for multi-factor authentication with email messages. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "EmailMfaSubjectType":{ "type":"string", @@ -5415,7 +5624,7 @@ "documentation":"

The user's country.

" } }, - "documentation":"

The context data that your application submitted in an authentication request with advanced security features, as displayed in an AdminListUserAuthEvents response.

" + "documentation":"

The context data that your application submitted in an authentication request with threat protection, as displayed in an AdminListUserAuthEvents response.

" }, "EventFeedbackType":{ "type":"structure", @@ -5426,7 +5635,7 @@ "members":{ "FeedbackValue":{ "shape":"FeedbackValueType", - "documentation":"

The authentication event feedback value. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" + "documentation":"

Your feedback to the authentication event. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" }, "Provider":{ "shape":"StringType", @@ -5437,7 +5646,7 @@ "documentation":"

The date that you or your user submitted the feedback.

" } }, - "documentation":"

The feedback that your application submitted to an advanced security features event log, as displayed in an AdminListUserAuthEvents response.

" + "documentation":"

The feedback that your application submitted to a threat protection event log, as displayed in an AdminListUserAuthEvents response.

" }, "EventFilterType":{ "type":"string", @@ -5481,7 +5690,7 @@ "documentation":"

Indicates whether compromised credentials were detected during an authentication event.

" } }, - "documentation":"

The risk evaluation by adaptive authentication, as displayed in an AdminListUserAuthEvents response. Contains evaluations of compromised-credentials detection and assessed risk level and action taken by adaptive authentication.

" + "documentation":"

The risk evaluation by adaptive authentication, as displayed in an AdminListUserAuthEvents response. Contains evaluations of compromised-credentials detection and assessed risk level and action taken by adaptive authentication.

" }, "EventSourceName":{ "type":"string", @@ -5529,6 +5738,13 @@ "ALLOW_USER_AUTH" ] }, + "FeatureType":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "FeatureUnavailableInTierException":{ "type":"structure", "members":{ @@ -5549,10 +5765,10 @@ "members":{ "StreamArn":{ "shape":"ArnType", - "documentation":"

The ARN of an Amazon Data Firehose stream that's the destination for advanced security features log export.

" + "documentation":"

The ARN of an Amazon Data Firehose stream that's the destination for threat protection log export.

" } }, - "documentation":"

Configuration for the Amazon Data Firehose stream destination of user activity log export with advanced security features.

" + "documentation":"

Configuration for the Amazon Data Firehose stream destination of user activity log export with threat protection.

" }, "ForbiddenException":{ "type":"structure", @@ -5572,11 +5788,11 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose registered device you want to forget.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "DeviceKey":{ "shape":"DeviceKeyType", - "documentation":"

The device key.

" + "documentation":"

The unique identifier, or device key, of the device that the user wants to forget.

" } }, "documentation":"

Represents the request to forget the device.

" @@ -5590,7 +5806,7 @@ "members":{ "ClientId":{ "shape":"ClientIdType", - "documentation":"

The ID of the client associated with the user pool.

" + "documentation":"

The ID of the user pool app client associated with the current signed-in user.

" }, "SecretHash":{ "shape":"SecretHashType", @@ -5598,19 +5814,19 @@ }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata that contributes to your metrics for ForgotPassword calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and user migration. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and user migration. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to reset a user's password.

" @@ -5620,7 +5836,7 @@ "members":{ "CodeDeliveryDetails":{ "shape":"CodeDeliveryDetailsType", - "documentation":"

The code delivery details returned by the server in response to the request to reset a password.

" + "documentation":"

Information about the phone number or email address that Amazon Cognito sent the password-recovery code to.

" } }, "documentation":"

The response from Amazon Cognito to a request to reset a password.

" @@ -5632,7 +5848,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that the users are to be imported into.

" + "documentation":"

The ID of the user pool that you want to import users into.

" } }, "documentation":"

Represents the request to get the header information of the CSV file for the user import job.

" @@ -5642,11 +5858,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that the users are to be imported into.

" + "documentation":"

The ID of the requested user pool.

" }, "CSVHeader":{ "shape":"ListOfStringTypes", - "documentation":"

The header information of the CSV file for the user import job.

" + "documentation":"

A comma-separated list of attributes from your user pool. Save this output to a .csv file and populate it with the attributes of the users that you want to import.

" } }, "documentation":"

Represents the response from the server to the request to get the header information of the CSV file for the user import job.

" @@ -5657,11 +5873,11 @@ "members":{ "DeviceKey":{ "shape":"DeviceKeyType", - "documentation":"

The device key.

" + "documentation":"

The key of the device that you want to get information about.

" }, "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose device information you want to request.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } }, "documentation":"

Represents the request to get the device.

" @@ -5672,7 +5888,7 @@ "members":{ "Device":{ "shape":"DeviceType", - "documentation":"

The device.

" + "documentation":"

Details of the requested device. Includes device information, last-accessed and created dates, and the device key.

" } }, "documentation":"

Gets the device response.

" @@ -5686,11 +5902,11 @@ "members":{ "GroupName":{ "shape":"GroupNameType", - "documentation":"

The name of the group.

" + "documentation":"

The name of the group that you want to get information about.

" }, "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool that contains the group that you want to query.

" } } }, @@ -5699,7 +5915,7 @@ "members":{ "Group":{ "shape":"GroupType", - "documentation":"

The group object for the group.

" + "documentation":"

A container for the requested group. Includes description, precedence, and IAM role values.

" } } }, @@ -5712,11 +5928,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to get information about the IdP.

" }, "IdpIdentifier":{ "shape":"IdpIdentifierType", - "documentation":"

The IdP identifier.

" + "documentation":"

The identifier that you assigned to your user pool. The identifier is an alternative name for an IdP that is distinct from the IdP name. For example, an IdP with a name of MyIdP might have an identifier of the email domain example.com.

" } } }, @@ -5726,7 +5942,7 @@ "members":{ "IdentityProvider":{ "shape":"IdentityProviderType", - "documentation":"

The identity provider details.

" + "documentation":"

The configuration of the IdP in your user pool. Includes additional identifiers, the IdP name and type, and trust-relationship details like the issuer URL.

" } } }, @@ -5745,7 +5961,7 @@ "members":{ "LogDeliveryConfiguration":{ "shape":"LogDeliveryConfigurationType", - "documentation":"

The logging configuration of the requested user pool.

" + "documentation":"

The logging configuration of the requested user pool. Includes types of logs configured and their destinations.

" } } }, @@ -5755,7 +5971,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to view the signing certificate.

" } }, "documentation":"

Request to get a signing certificate from Amazon Cognito.

" @@ -5765,22 +5981,57 @@ "members":{ "Certificate":{ "shape":"StringType", - "documentation":"

The signing certificate.

" + "documentation":"

The x.509 certificate that signs SAML 2.0 authentication requests for your user pool.

" } }, "documentation":"

Response from Amazon Cognito for a signing certificate request.

" }, + "GetTokensFromRefreshTokenRequest":{ + "type":"structure", + "required":[ + "RefreshToken", + "ClientId" + ], + "members":{ + "RefreshToken":{ + "shape":"TokenModelType", + "documentation":"

A valid refresh token that can authorize the request for new tokens. When refresh token rotation is active in the requested app client, this token is invalidated after the request is complete and after an optional grace period.

" + }, + "ClientId":{ + "shape":"ClientIdType", + "documentation":"

The app client that issued the refresh token to the user who wants to request new tokens.

" + }, + "ClientSecret":{ + "shape":"ClientSecretType", + "documentation":"

The client secret of the requested app client, if the client has a secret.

" + }, + "DeviceKey":{ + "shape":"DeviceKeyType", + "documentation":"

When you enable device remembering, Amazon Cognito issues a device key that you can use for device authentication that bypasses multi-factor authentication (MFA). To implement GetTokensFromRefreshToken in a user pool with device remembering, you must capture the device key from the initial authentication request. If your application doesn't provide the key of a registered device, Amazon Cognito issues a new one. You must provide the confirmed device key in this request if device remembering is enabled in your user pool.

For more information about device remembering, see Working with devices.

" + }, + "ClientMetadata":{ + "shape":"ClientMetadataType", + "documentation":"

A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetTokensFromRefreshToken API action, Amazon Cognito invokes the Lambda function the pre token generation trigger.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + } + } + }, + "GetTokensFromRefreshTokenResponse":{ + "type":"structure", + "members":{ + "AuthenticationResult":{"shape":"AuthenticationResultType"} + } + }, "GetUICustomizationRequest":{ "type":"structure", "required":["UserPoolId"], "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool that you want to query for branding settings.

" }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The client ID for the client app.

" + "documentation":"

The ID of the app client that you want to query for branding settings.

" } } }, @@ -5790,7 +6041,7 @@ "members":{ "UICustomization":{ "shape":"UICustomizationType", - "documentation":"

The UI customization information.

" + "documentation":"

Information about the classic hosted UI custom CSS and logo-image branding that you applied to the user pool or app client.

" } } }, @@ -5803,15 +6054,15 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A non-expired access token for the user whose attribute verification code you want to generate.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "AttributeName":{ "shape":"AttributeNameType", - "documentation":"

The attribute name returned by the server response to get the user attribute verification code.

" + "documentation":"

The name of the attribute that the user wants to verify, for example email.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to get user attribute verification.

" @@ -5821,7 +6072,7 @@ "members":{ "CodeDeliveryDetails":{ "shape":"CodeDeliveryDetailsType", - "documentation":"

The code delivery details returned by the server in response to the request to get the user attribute verification code.

" + "documentation":"

Information about the delivery destination of the user attribute verification code.

" } }, "documentation":"

The verification code response returned by the server response to get the user attribute verification code.

" @@ -5832,7 +6083,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose authentication factors you want to view.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } } }, @@ -5842,11 +6093,11 @@ "members":{ "Username":{ "shape":"UsernameType", - "documentation":"

The username of the currently sign-in user.

" + "documentation":"

The name of the user who is eligible for the authentication factors in the response.

" }, "PreferredMfaSetting":{ "shape":"StringType", - "documentation":"

The user's preferred MFA setting.

" + "documentation":"

The challenge method that Amazon Cognito returns to the user in response to sign-in requests. Users can prefer SMS message, email message, or TOTP MFA.

" }, "UserMFASettingList":{ "shape":"UserMFASettingListType", @@ -5854,7 +6105,7 @@ }, "ConfiguredUserAuthFactors":{ "shape":"ConfiguredUserAuthFactorsListType", - "documentation":"

The authentication types that are available to the user with USER_AUTH sign-in.

" + "documentation":"

The authentication types that are available to the user with USER_AUTH sign-in, for example [\"PASSWORD\", \"WEB_AUTHN\"].

" } } }, @@ -5864,7 +6115,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to query WebAuthn and MFA configuration.

" } } }, @@ -5873,7 +6124,7 @@ "members":{ "SmsMfaConfiguration":{ "shape":"SmsMfaConfigType", - "documentation":"

Shows user pool SMS message configuration for MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.

" + "documentation":"

Shows user pool configuration for SMS message MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.

" }, "SoftwareTokenMfaConfiguration":{ "shape":"SoftwareTokenMfaConfigType", @@ -5881,15 +6132,15 @@ }, "EmailMfaConfiguration":{ "shape":"EmailMfaConfigType", - "documentation":"

Shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

Shows configuration for user pool email message MFA and sign-in with one-time passwords (OTPs). Includes the subject and body of the email message template for sign-in and MFA messages. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", - "documentation":"

The multi-factor authentication (MFA) configuration. Valid values include:

  • OFF MFA won't be used for any users.

  • ON MFA is required for all users to sign in.

  • OPTIONAL MFA will be required only for individual users who have an MFA factor activated.

" + "documentation":"

Displays the state of multi-factor authentication (MFA) as on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

When MfaConfiguration is OPTIONAL, managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor.

" }, "WebAuthnConfiguration":{ "shape":"WebAuthnConfigurationType", - "documentation":"

Shows user pool configuration for MFA with passkeys from biometric devices and security keys.

" + "documentation":"

Shows user pool configuration for sign-in with passkey authenticators like biometric devices and security keys. Passkeys are not eligible MFA factors. They are instead an eligible primary sign-in factor for choice-based authentication, or the USER_AUTH flow.

" } } }, @@ -5899,7 +6150,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A non-expired access token for the user whose information you want to query.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } }, "documentation":"

Represents the request to get information about the user.

" @@ -5913,11 +6164,11 @@ "members":{ "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you requested.

" + "documentation":"

The name of the user that you requested.

" }, "UserAttributes":{ "shape":"AttributeListType", - "documentation":"

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

" + "documentation":"

An array of name-value pairs representing user attributes.

Custom attributes are prepended with the custom: prefix.

" }, "MFAOptions":{ "shape":"MFAOptionListType", @@ -5925,7 +6176,7 @@ }, "PreferredMfaSetting":{ "shape":"StringType", - "documentation":"

The user's preferred MFA setting.

" + "documentation":"

The user's preferred MFA. Users can prefer SMS message, email message, or TOTP MFA.

" }, "UserMFASettingList":{ "shape":"UserMFASettingListType", @@ -5940,15 +6191,14 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user who you want to sign out.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } }, "documentation":"

Represents the request to sign out all devices.

" }, "GlobalSignOutResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response to the request to sign out all devices.

" }, "GroupExistsException":{ @@ -6001,7 +6251,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group.

This data type is a response parameter of AdminListGroupsForUser, CreateGroup, GetGroup, ListGroups, and UpdateGroup.

" + "documentation":"

A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group.

" }, "HexStringType":{ "type":"string", @@ -6019,7 +6269,7 @@ "documentation":"

The header value.

" } }, - "documentation":"

The HTTP header in the ContextData parameter.

This data type is a request parameter of server-side authentication operations like AdminInitiateAuth and AdminRespondToAuthChallenge.

" + "documentation":"

The HTTP header in the ContextData parameter.

" }, "HttpHeaderList":{ "type":"list", @@ -6066,7 +6316,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

A user pool identity provider (IdP). Contains information about a third-party IdP to a user pool, the attributes that it populates to user profiles, and the trust relationship between the IdP and your user pool.

This data type is a response parameter of CreateIdentityProvider, DescribeIdentityProvider, GetIdentityProviderByIdentifier, and UpdateIdentityProvider.

" + "documentation":"

A user pool identity provider (IdP). Contains information about a third-party IdP to a user pool, the attributes that it populates to user profiles, and the trust relationship between the IdP and your user pool.

" }, "IdentityProviderTypeType":{ "type":"string", @@ -6106,31 +6356,31 @@ "members":{ "AuthFlow":{ "shape":"AuthFlowType", - "documentation":"

The authentication flow that you want to initiate. Each AuthFlow has linked AuthParameters that you must submit. The following are some example flows and their parameters.

  • USER_AUTH: Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response.

  • REFRESH_TOKEN_AUTH: Receive new ID and access tokens when you pass a REFRESH_TOKEN parameter with a valid refresh token as the value.

  • USER_SRP_AUTH: Receive secure remote password (SRP) variables for the next challenge, PASSWORD_VERIFIER, when you pass USERNAME and SRP_A parameters.

  • USER_PASSWORD_AUTH: Receive new tokens or the next challenge, for example SOFTWARE_TOKEN_MFA, when you pass USERNAME and PASSWORD parameters.

All flows

USER_AUTH

The entry point for sign-in with passwords, one-time passwords, and WebAuthN authenticators.

USER_SRP_AUTH

Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.

REFRESH_TOKEN_AUTH and REFRESH_TOKEN

Provide a valid refresh token and receive new ID and access tokens. For more information, see Using the refresh token.

CUSTOM_AUTH

Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.

USER_PASSWORD_AUTH

Username-password authentication with the password sent directly in the request. For more information, see Admin authentication flow.

ADMIN_USER_PASSWORD_AUTH is a flow type of AdminInitiateAuth and isn't valid for InitiateAuth. ADMIN_NO_SRP_AUTH is a legacy server-side username-password flow and isn't valid for InitiateAuth.

" + "documentation":"

The authentication flow that you want to initiate. Each AuthFlow has linked AuthParameters that you must submit. The following are some example flows.

USER_AUTH

The entry point for choice-based authentication with passwords, one-time passwords, and WebAuthn authenticators. Request a preferred authentication type or review available authentication types. From the offered authentication types, select one in a challenge response and then authenticate with that method in an additional challenge response. To activate this setting, your user pool must be in the Essentials tier or higher.

USER_SRP_AUTH

Username-password authentication with the Secure Remote Password (SRP) protocol. For more information, see Use SRP password verification in custom authentication flow.

REFRESH_TOKEN_AUTH and REFRESH_TOKEN

Receive new ID and access tokens when you pass a REFRESH_TOKEN parameter with a valid refresh token as the value. For more information, see Using the refresh token.

CUSTOM_AUTH

Custom authentication with Lambda triggers. For more information, see Custom authentication challenge Lambda triggers.

USER_PASSWORD_AUTH

Client-side username-password authentication with the password sent directly in the request. For more information about client-side and server-side authentication, see SDK authorization models.

ADMIN_USER_PASSWORD_AUTH is a flow type of AdminInitiateAuth and isn't valid for InitiateAuth. ADMIN_NO_SRP_AUTH is a legacy server-side username-password flow and isn't valid for InitiateAuth.

" }, "AuthParameters":{ "shape":"AuthParametersType", - "documentation":"

The authentication parameters. These are inputs corresponding to the AuthFlow that you're invoking. The required values depend on the value of AuthFlow:

  • For USER_AUTH: USERNAME (required), PREFERRED_CHALLENGE. If you don't provide a value for PREFERRED_CHALLENGE, Amazon Cognito responds with the AvailableChallenges parameter that specifies the available sign-in methods.

  • For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For USER_PASSWORD_AUTH: USERNAME (required), PASSWORD (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client secret), DEVICE_KEY. To start the authentication flow with password verification, include ChallengeName: SRP_A and SRP_A: (The SRP_A Value).

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" + "documentation":"

The authentication parameters. These are inputs corresponding to the AuthFlow that you're invoking.

The following are some authentication flows and their parameters. Add a SECRET_HASH parameter if your app client has a client secret. Add DEVICE_KEY if you want to bypass multi-factor authentication with a remembered device.

USER_AUTH

  • USERNAME (required)

  • PREFERRED_CHALLENGE. If you don't provide a value for PREFERRED_CHALLENGE, Amazon Cognito responds with the AvailableChallenges parameter that specifies the available sign-in methods.

USER_SRP_AUTH

  • USERNAME (required)

  • SRP_A (required)

USER_PASSWORD_AUTH

  • USERNAME (required)

  • PASSWORD (required)

REFRESH_TOKEN_AUTH/REFRESH_TOKEN

  • REFRESH_TOKEN(required)

CUSTOM_AUTH

  • USERNAME (required)

  • ChallengeName: SRP_A (when doing SRP authentication before custom challenges)

  • SRP_A: (An SRP_A value) (when doing SRP authentication before custom challenges)

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:

  • Pre signup

  • Pre authentication

  • User migration

When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a validationData attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the validationData value to enhance your workflow for your specific needs.

When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:

  • Post authentication

  • Custom message

  • Pre token generation

  • Create auth challenge

  • Define auth challenge

  • Custom email sender

  • Custom SMS sender

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you send an InitiateAuth request, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers.

  • Pre sign-up

  • Pre authentication

  • User migration

When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload as input to the function. This payload contains a validationData attribute with the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function, validationData can contribute to operations that require data that isn't in the default payload.

InitiateAuth requests invokes the following triggers without ClientMetadata as input.

  • Post authentication

  • Custom message

  • Pre token generation

  • Create auth challenge

  • Define auth challenge

  • Custom email sender

  • Custom SMS sender

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The app client ID.

" + "documentation":"

The ID of the app client that your user wants to sign in to.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata that contributes to your metrics for InitiateAuth calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The optional session ID from a ConfirmSignUp API request. You can sign in a user directly from the sign-up process with the USER_AUTH authentication flow.

" + "documentation":"

The optional session ID from a ConfirmSignUp API request. You can sign in a user directly from the sign-up process with the USER_AUTH authentication flow. When you pass the session ID to InitiateAuth, Amazon Cognito assumes the SMS or email message one-time verification password from ConfirmSignUp as the primary authentication factor. You're not required to submit this code a second time. This option is only valid for users who have confirmed their sign-up and are signing in for the first time within the authentication flow session duration of the session ID.

" } }, "documentation":"

Initiates the authentication request.

" @@ -6140,23 +6390,23 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The name of the challenge that you're responding to with this call. This name is returned in the InitiateAuth response if you must pass another challenge.

Valid values include the following:

All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a passkey, or webauthN, factor. These are typically biometric devices or security keys.

  • PASSWORD: Respond with USER_PASSWORD_AUTH parameters: USERNAME (required), PASSWORD (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • PASSWORD_SRP: Respond with USER_SRP_AUTH parameters: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app client is configured with a client secret), DEVICE_KEY.

  • SELECT_CHALLENGE: Respond to the challenge with USERNAME and an ANSWER that matches one of the challenge types in the AvailableChallenges response parameter.

  • SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an SMS message.

  • EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered in an email message.

  • PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.

  • DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.

  • DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login.

    Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.

    Amazon Cognito only returns this challenge for users who have temporary passwords. Because of this, and because in some cases you can create users who don't have values for required attributes, take care to collect and submit required-attribute values for all users who don't have passwords. You can create a user in the Amazon Cognito console without, for example, a required birthdate attribute. The API response from Amazon Cognito won't prompt you to submit a birthdate for the user if they don't have a password.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.

" + "documentation":"

The name of an additional authentication challenge that you must respond to.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that should pass both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. Include this session identifier in a RespondToAuthChallenge API request.

" + "documentation":"

The session identifier that links a challenge response to the initial authentication request. If the user must pass another challenge, Amazon Cognito returns a session ID and challenge parameters.

" }, "ChallengeParameters":{ "shape":"ChallengeParametersType", - "documentation":"

The challenge parameters. These are returned in the InitiateAuth response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (RespondToAuthChallenge).

All challenges require USERNAME. They also require SECRET_HASH if your app client has a client secret.

" + "documentation":"

The required parameters of the ChallengeName challenge.

All challenges require USERNAME. They also require SECRET_HASH if your app client has a client secret.

" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", - "documentation":"

The result of the authentication response. This result is only returned if the caller doesn't need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, ChallengeName, ChallengeParameters, and Session are returned.

" + "documentation":"

The result of a successful and complete authentication request. This result is only returned if the user doesn't need to pass another challenge. If they must pass another challenge before they get tokens, Amazon Cognito returns a challenge in ChallengeName, ChallengeParameters, and Session response parameters.

" }, "AvailableChallenges":{ "shape":"AvailableChallengeListType", - "documentation":"

This response parameter prompts a user to select from multiple available challenges that they can complete authentication with. For example, they might be able to continue with passwordless authentication or with a one-time password from an SMS message.

" + "documentation":"

This response parameter lists the available authentication challenges that users can select from in choice-based authentication. For example, they might be able to choose between passkey authentication, a one-time password from an SMS message, and a traditional password.

" } }, "documentation":"

Initiates the authentication response.

" @@ -6324,7 +6574,11 @@ "documentation":"

The ARN of an KMS key. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.

" } }, - "documentation":"

A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.

" + }, + "LanguageIdType":{ + "type":"string", + "pattern":"^cognito:(default|english|french|spanish|german|bahasa-indonesia|italian|japanese|korean|portuguese-brazil|chinese-(simplified|traditional))$" }, "LimitExceededException":{ "type":"structure", @@ -6337,17 +6591,30 @@ "documentation":"

This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource.

", "exception":true }, + "LinkUrlType":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+$" + }, + "LinksType":{ + "type":"map", + "key":{"shape":"LanguageIdType"}, + "value":{"shape":"LinkUrlType"}, + "max":12, + "min":1 + }, "ListDevicesRequest":{ "type":"structure", "required":["AccessToken"], "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose list of devices you want to view.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "Limit":{ "shape":"QueryLimitType", - "documentation":"

The limit of the device request.

" + "documentation":"

The maximum number of devices that you want Amazon Cognito to return in the response.

" }, "PaginationToken":{ "shape":"SearchPaginationTokenType", @@ -6361,7 +6628,7 @@ "members":{ "Devices":{ "shape":"DeviceListType", - "documentation":"

The devices returned in the list devices response.

" + "documentation":"

An array of devices and their details. Each entry that's returned includes device information, last-accessed and created dates, and the device key.

" }, "PaginationToken":{ "shape":"SearchPaginationTokenType", @@ -6376,15 +6643,15 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool where you want to list user groups.

" }, "Limit":{ "shape":"QueryLimitType", - "documentation":"

The limit of the request to list groups.

" + "documentation":"

The maximum number of groups that you want Amazon Cognito to return in the response.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6393,11 +6660,11 @@ "members":{ "Groups":{ "shape":"GroupListType", - "documentation":"

The group objects for the groups.

" + "documentation":"

An array of groups and their details. Each entry that's returned includes description, precedence, and IAM role values.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6407,15 +6674,15 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to list IdPs.

" }, "MaxResults":{ "shape":"ListProvidersLimitType", - "documentation":"

The maximum number of IdPs to return.

" + "documentation":"

The maximum number of IdPs that you want Amazon Cognito to return in the response.

" }, "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

A pagination token.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6425,11 +6692,11 @@ "members":{ "Providers":{ "shape":"ProvidersListType", - "documentation":"

A list of IdP objects.

" + "documentation":"

An array of the IdPs in your user pool. For each, the response includes identifiers, the IdP name and type, and trust-relationship details like the issuer URL.

" }, "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

A pagination token.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6453,15 +6720,15 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool where you want to list resource servers.

" }, "MaxResults":{ "shape":"ListResourceServersLimitType", - "documentation":"

The maximum number of resource servers to return.

" + "documentation":"

The maximum number of resource servers that you want Amazon Cognito to return in the response.

" }, "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

A pagination token.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6471,11 +6738,11 @@ "members":{ "ResourceServers":{ "shape":"ResourceServersListType", - "documentation":"

The resource servers.

" + "documentation":"

An array of resource servers and the details of their configuration. For each, the response includes names, identifiers, and custom scopes.

" }, "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

A pagination token.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6498,6 +6765,43 @@ } } }, + "ListTermsRequest":{ + "type":"structure", + "required":["UserPoolId"], + "members":{ + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool where you want to list terms documents.

" + }, + "MaxResults":{ + "shape":"ListTermsRequestMaxResultsInteger", + "documentation":"

The maximum number of terms documents that you want Amazon Cognito to return in the response.

" + }, + "NextToken":{ + "shape":"StringType", + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" + } + } + }, + "ListTermsRequestMaxResultsInteger":{ + "type":"integer", + "max":60, + "min":1 + }, + "ListTermsResponse":{ + "type":"structure", + "required":["Terms"], + "members":{ + "Terms":{ + "shape":"TermsDescriptionListType", + "documentation":"

A summary of the requested terms documents. Includes unique identifiers for later changes to the terms documents.

" + }, + "NextToken":{ + "shape":"StringType", + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" + } + } + }, "ListUserImportJobsRequest":{ "type":"structure", "required":[ @@ -6507,11 +6811,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that the users are being imported into.

" + "documentation":"

The ID of the user pool where you want to list import jobs.

" }, "MaxResults":{ "shape":"PoolQueryLimitType", - "documentation":"

The maximum number of import jobs you want the request to return.

" + "documentation":"

The maximum number of import jobs that you want Amazon Cognito to return in the response.

" }, "PaginationToken":{ "shape":"PaginationKeyType", @@ -6525,7 +6829,7 @@ "members":{ "UserImportJobs":{ "shape":"UserImportJobsListType", - "documentation":"

The user import jobs.

" + "documentation":"

An array of user import jobs from the requested user pool. For each, the response includes logging destination, status, and the Amazon S3 pre-signed URL for CSV upload.

" }, "PaginationToken":{ "shape":"PaginationKeyType", @@ -6544,11 +6848,11 @@ }, "MaxResults":{ "shape":"QueryLimit", - "documentation":"

The maximum number of results you want the request to return when listing the user pool clients.

" + "documentation":"

The maximum number of app clients that you want Amazon Cognito to return in the response.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" } }, "documentation":"

Represents the request to list the user pool clients.

" @@ -6558,11 +6862,11 @@ "members":{ "UserPoolClients":{ "shape":"UserPoolClientListType", - "documentation":"

The user pool clients in the response that lists user pool clients.

" + "documentation":"

An array of app clients and their details. Includes app client ID and name.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } }, "documentation":"

Represents the response from the server that lists user pool clients.

" @@ -6573,11 +6877,11 @@ "members":{ "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" }, "MaxResults":{ "shape":"PoolQueryLimitType", - "documentation":"

The maximum number of results you want the request to return when listing the user pools.

" + "documentation":"

The maximum number of user pools that you want Amazon Cognito to return in the response.

" } }, "documentation":"

Represents the request to list user pools.

" @@ -6587,11 +6891,11 @@ "members":{ "UserPools":{ "shape":"UserPoolListType", - "documentation":"

The user pools from the response to list users.

" + "documentation":"

An array of user pools and their configuration details.

" }, "NextToken":{ "shape":"PaginationKeyType", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } }, "documentation":"

Represents the response to list user pools.

" @@ -6605,19 +6909,19 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool where you want to view the membership of the requested group.

" }, "GroupName":{ "shape":"GroupNameType", - "documentation":"

The name of the group.

" + "documentation":"

The name of the group that you want to query for user membership.

" }, "Limit":{ "shape":"QueryLimitType", - "documentation":"

The maximum number of users that you want to retrieve before pagination.

" + "documentation":"

The maximum number of groups that you want Amazon Cognito to return in the response.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6626,11 +6930,11 @@ "members":{ "Users":{ "shape":"UsersListType", - "documentation":"

A list of users in the group, and their attributes.

" + "documentation":"

An array of users who are members in the group, and their attributes.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that you can use in a later request to return the next set of items in the list.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6640,7 +6944,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool on which the search should be performed.

" + "documentation":"

The ID of the user pool where you want to display or search for users.

" }, "AttributesToGet":{ "shape":"SearchedAttributeNamesListType", @@ -6648,7 +6952,7 @@ }, "Limit":{ "shape":"QueryLimitType", - "documentation":"

Maximum number of users to be returned.

" + "documentation":"

The maximum number of users that you want Amazon Cognito to return in the response.

" }, "PaginationToken":{ "shape":"SearchPaginationTokenType", @@ -6666,7 +6970,7 @@ "members":{ "Users":{ "shape":"UsersListType", - "documentation":"

A list of the user pool users, and their attributes, that match your query.

Amazon Cognito creates a profile in your user pool for each native user in your user pool, and each unique user ID from your third-party identity providers (IdPs). When you link users with the AdminLinkProviderForUser API operation, the output of ListUsers displays both the IdP user and the native user that you linked. You can identify IdP users in the Users object of this API response by the IdP prefix that Amazon Cognito appends to Username.

" + "documentation":"

An array of user pool users who match your query, and their attributes.

" }, "PaginationToken":{ "shape":"SearchPaginationTokenType", @@ -6681,11 +6985,11 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose registered passkeys you want to list.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "documentation":"

This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

" }, "MaxResults":{ "shape":"WebAuthnCredentialsQueryLimitType", @@ -6703,7 +7007,7 @@ }, "NextToken":{ "shape":"PaginationKey", - "documentation":"

An identifier that you can use in a later request to return the next set of items in the list.

" + "documentation":"

The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

" } } }, @@ -6722,26 +7026,26 @@ "members":{ "LogLevel":{ "shape":"LogLevel", - "documentation":"

The errorlevel selection of logs that a user pool sends for detailed activity logging. To send userNotification activity with information about message delivery, choose ERROR with CloudWatchLogsConfiguration. To send userAuthEvents activity with user logs from advanced security features, choose INFO with one of CloudWatchLogsConfiguration, FirehoseConfiguration, or S3Configuration.

" + "documentation":"

The errorlevel selection of logs that a user pool sends for detailed activity logging. To send userNotification activity with information about message delivery, choose ERROR with CloudWatchLogsConfiguration. To send userAuthEvents activity with user logs from threat protection with the Plus feature plan, choose INFO with one of CloudWatchLogsConfiguration, FirehoseConfiguration, or S3Configuration.

" }, "EventSource":{ "shape":"EventSourceName", - "documentation":"

The source of events that your user pool sends for logging. To send error-level logs about user notification activity, set to userNotification. To send info-level logs about advanced security features user activity, set to userAuthEvents.

" + "documentation":"

The source of events that your user pool sends for logging. To send error-level logs about user notification activity, set to userNotification. To send info-level logs about threat-protection user activity in user pools with the Plus feature plan, set to userAuthEvents.

" }, "CloudWatchLogsConfiguration":{ "shape":"CloudWatchLogsConfigurationType", - "documentation":"

The CloudWatch log group destination of user pool detailed activity logs, or of user activity log export with advanced security features.

" + "documentation":"

The CloudWatch log group destination of user pool detailed activity logs, or of user activity log export with threat protection.

" }, "S3Configuration":{ "shape":"S3ConfigurationType", - "documentation":"

The Amazon S3 bucket destination of user activity log export with advanced security features. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

The Amazon S3 bucket destination of user activity log export with threat protection. To activate this setting, your user pool must be on the Plus tier.

" }, "FirehoseConfiguration":{ "shape":"FirehoseConfigurationType", - "documentation":"

The Amazon Data Firehose stream destination of user activity log export with advanced security features. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

The Amazon Data Firehose stream destination of user activity log export with threat protection. To activate this setting, your user pool must be on the Plus tier.

" } }, - "documentation":"

The configuration of user event logs to an external Amazon Web Services service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs.

This data type is a request parameter of SetLogDeliveryConfiguration and a response parameter of GetLogDeliveryConfiguration.

" + "documentation":"

The configuration of user event logs to an external Amazon Web Services service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs.

" }, "LogDeliveryConfigurationType":{ "type":"structure", @@ -6759,7 +7063,7 @@ "documentation":"

A logging destination of a user pool. User pools can have multiple logging destinations for message-delivery and user-activity logs.

" } }, - "documentation":"

The logging parameters of a user pool, as returned in the response to a GetLogDeliveryConfiguration request.

" + "documentation":"

The logging parameters of a user pool, as returned in the response to a GetLogDeliveryConfiguration request.

" }, "LogLevel":{ "type":"string", @@ -6829,11 +7133,11 @@ }, "UseCognitoProvidedValues":{ "shape":"BooleanType", - "documentation":"

When true, applies the default branding style options. This option reverts to default style options that are managed by Amazon Cognito. You can modify them later in the branding designer.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" + "documentation":"

When true, applies the default branding style options. This option reverts to default style options that are managed by Amazon Cognito. You can modify them later in the branding editor.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" }, "Settings":{ "shape":"Document", - "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

" + "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

The following components are not currently implemented and reserved for future use:

" }, "Assets":{ "shape":"AssetListType", @@ -6848,7 +7152,7 @@ "documentation":"

The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

A managed login branding style that's assigned to a user pool app client.

This data type is a response parameter of CreateManagedLoginBranding, UpdateManagedLoginBranding, DescribeManagedLoginBranding, and DescribeManagedLoginBrandingByClient.

" + "documentation":"

A managed login branding style that's assigned to a user pool app client.

" }, "MessageActionType":{ "type":"string", @@ -6888,7 +7192,7 @@ "documentation":"

The device group key, an identifier used in generating the DEVICE_PASSWORD_VERIFIER for device SRP authentication.

" } }, - "documentation":"

Information that your user pool responds with in AuthenticationResultwhen you configure it to remember devices and a user signs in with an unrecognized device. Amazon Cognito presents a new device key that you can use to set up device authentication in a \"Remember me on this device\" authentication model.

This data type is a response parameter of authentication operations like InitiateAuth, AdminInitiateAuth, RespondToAuthChallenge, and AdminRespondToAuthChallenge.

" + "documentation":"

Information that your user pool responds with in AuthenticationResultwhen you configure it to remember devices and a user signs in with an unrecognized device. Amazon Cognito presents a new device key that you can use to set up device authentication in a \"Remember me on this device\" authentication model.

" }, "NotAuthorizedException":{ "type":"structure", @@ -6930,7 +7234,7 @@ "documentation":"

The template for the email message that your user pool sends when MFA is challenged in response to a detected risk.

" } }, - "documentation":"

The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a Notify action.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

The configuration for Amazon SES email messages that threat protection sends to a user when your adaptive authentication automated response has a Notify action.

" }, "NotifyEmailType":{ "type":"structure", @@ -6949,7 +7253,7 @@ "documentation":"

The body of an email notification formatted in plaintext. Choose an HtmlBody or a TextBody to send an HTML-formatted or plaintext message, respectively.

" } }, - "documentation":"

The template for email messages that advanced security features sends to a user when your threat protection automated response has a Notify action.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

The template for email messages that threat protection sends to a user when your threat protection automated response has a Notify action.

" }, "NumberAttributeConstraintsType":{ "type":"structure", @@ -6963,7 +7267,7 @@ "documentation":"

The maximum length of a number attribute value. Must be a number less than or equal to 2^1023, represented as a string with a length of 131072 characters or fewer.

" } }, - "documentation":"

The minimum and maximum values of an attribute that is of the number type, for example custom:age.

This data type is part of SchemaAttributeType. It defines the length constraints on number-type attributes that you configure in CreateUserPool and UpdateUserPool, and displays the length constraints of all number-type attributes in the response to DescribeUserPool

" + "documentation":"

The minimum and maximum values of an attribute that is of the number type, for example custom:age.

" }, "OAuthFlowType":{ "type":"string", @@ -7033,14 +7337,14 @@ }, "PasswordHistorySize":{ "shape":"PasswordHistorySizeType", - "documentation":"

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Password history isn't enforced and isn't displayed in DescribeUserPool responses when you set this value to 0 or don't provide it. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

" }, "TemporaryPasswordValidityDays":{ "shape":"TemporaryPasswordValidityDaysType", "documentation":"

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

" } }, - "documentation":"

The password policy settings for a user pool, including complexity, history, and length requirements.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The password policy settings for a user pool, including complexity, history, and length requirements.

" }, "PasswordResetRequiredException":{ "type":"structure", @@ -7073,7 +7377,8 @@ "type":"string", "enum":[ "V1_0", - "V2_0" + "V2_0", + "V3_0" ] }, "PreTokenGenerationVersionConfigType":{ @@ -7092,7 +7397,7 @@ "documentation":"

The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.

This parameter and the PreTokenGeneration property of LambdaConfig have the same value. For new instances of pre token generation triggers, set LambdaArn.

" } }, - "documentation":"

The properties of a pre token generation Lambda trigger.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The properties of a pre token generation Lambda trigger.

" }, "PrecedenceType":{ "type":"integer", @@ -7141,7 +7446,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

The details of a user pool identity provider (IdP), including name and type.

This data type is a response parameter of ListIdentityProviders.

" + "documentation":"

The details of a user pool identity provider (IdP), including name and type.

" }, "ProviderDetailsType":{ "type":"map", @@ -7176,7 +7481,7 @@ "documentation":"

The value of the provider attribute to link to, such as xxxxx_account.

" } }, - "documentation":"

The characteristics of a source or destination user for linking a federated user profile to a local user profile.

This data type is a request parameter of AdminLinkProviderForUser and AdminDisableProviderForUser.

" + "documentation":"

The characteristics of a source or destination user for linking a federated user profile to a local user profile.

" }, "ProvidersListType":{ "type":"list", @@ -7224,7 +7529,7 @@ "documentation":"

The recovery method that this object sets a recovery option for.

" } }, - "documentation":"

A recovery option for a user. The AccountRecoverySettingType data type is an array of this object. Each RecoveryOptionType has a priority property that determines whether it is a primary or secondary option.

For example, if verified_email has a priority of 1 and verified_phone_number has a priority of 2, your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The admin_only option prevents self-service account recovery.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

A recovery option for a user. The AccountRecoverySettingType data type is an array of this object. Each RecoveryOptionType has a priority property that determines whether it is a primary or secondary option.

For example, if verified_email has a priority of 1 and verified_phone_number has a priority of 2, your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The admin_only option prevents self-service account recovery.

" }, "RedirectUrlType":{ "type":"string", @@ -7232,6 +7537,29 @@ "min":1, "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+" }, + "RefreshTokenReuseException":{ + "type":"structure", + "members":{ + "message":{"shape":"MessageType"} + }, + "documentation":"

This exception is throw when your application requests token refresh with a refresh token that has been invalidated by refresh-token rotation.

", + "exception":true + }, + "RefreshTokenRotationType":{ + "type":"structure", + "required":["Feature"], + "members":{ + "Feature":{ + "shape":"FeatureType", + "documentation":"

The state of refresh token rotation for the current app client.

" + }, + "RetryGracePeriodSeconds":{ + "shape":"RetryGracePeriodSecondsType", + "documentation":"

When you request a token refresh with GetTokensFromRefreshToken, the original refresh token that you're rotating out can remain valid for a period of time of up to 60 seconds. This allows for client-side retries. When RetryGracePeriodSeconds is 0, the grace period is disabled and a successful request immediately invalidates the submitted refresh token.

" + } + }, + "documentation":"

The configuration of your app client for refresh token rotation. When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens.

" + }, "RefreshTokenValidityType":{ "type":"integer", "max":315360000, @@ -7256,7 +7584,7 @@ "members":{ "ClientId":{ "shape":"ClientIdType", - "documentation":"

The ID of the client associated with the user pool.

" + "documentation":"

The ID of the user pool app client where the user signed up.

" }, "SecretHash":{ "shape":"SecretHashType", @@ -7264,19 +7592,19 @@ }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata that contributes to your metrics for ResendConfirmationCode calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to resend the confirmation code.

" @@ -7286,7 +7614,7 @@ "members":{ "CodeDeliveryDetails":{ "shape":"CodeDeliveryDetailsType", - "documentation":"

The code delivery details returned by the server in response to the request to resend the confirmation code.

" + "documentation":"

Information about the phone number or email address that Amazon Cognito sent the confirmation code to.

" } }, "documentation":"

The response from the server when Amazon Cognito makes the request to resend a confirmation code.

" @@ -7352,7 +7680,7 @@ "documentation":"

A friendly description of a custom scope.

" } }, - "documentation":"

One custom scope associated with a user pool resource server. This data type is a member of ResourceServerScopeType. For more information, see Scopes, M2M, and API authorization with resource servers.

This data type is a request parameter of CreateResourceServer and a response parameter of DescribeResourceServer.

" + "documentation":"

One custom scope associated with a user pool resource server. This data type is a member of ResourceServerScopeType. For more information, see Scopes, M2M, and API authorization with resource servers.

" }, "ResourceServerType":{ "type":"structure", @@ -7374,7 +7702,7 @@ "documentation":"

A list of scopes that are defined for the resource server.

" } }, - "documentation":"

The details of a resource server configuration and associated custom scopes in a user pool.

This data type is a request parameter of CreateResourceServer and a response parameter of DescribeResourceServer.

" + "documentation":"

The details of a resource server configuration and associated custom scopes in a user pool.

" }, "ResourceServersListType":{ "type":"list", @@ -7389,31 +7717,31 @@ "members":{ "ClientId":{ "shape":"ClientIdType", - "documentation":"

The app client ID.

" + "documentation":"

The ID of the app client where the user is signing in.

" }, "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The challenge name. For more information, see InitiateAuth.

ADMIN_NO_SRP_AUTH isn't a valid value.

" + "documentation":"

The name of the challenge that you are responding to.

You can't respond to an ADMIN_NO_SRP_AUTH challenge with this operation.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that should be passed both ways in challenge-response calls to the service. If InitiateAuth or RespondToAuthChallenge API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge API call.

" + "documentation":"

The session identifier that maintains the state of authentication requests and challenge responses. If an AdminInitiateAuth or AdminRespondToAuthChallenge API request results in a determination that your application must pass another challenge, Amazon Cognito returns a session with other challenge parameters. Send this session identifier, unmodified, to the next AdminRespondToAuthChallenge request.

" }, "ChallengeResponses":{ "shape":"ChallengeResponsesType", - "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

Add \"DEVICE_KEY\" when you sign in with a remembered device.

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" + "documentation":"

The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.
SELECT_CHALLENGE

\"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"ANSWER\": \"[Challenge name]\"}

Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"WEB_AUTHN\", \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

    See AuthenticationResponseJSON.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD\", \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"PASSWORD_SRP\", \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"SMS_OTP\", \"USERNAME\": \"[username]\"}

  • \"ChallengeName\": \"SELECT_CHALLENGE\", \"ChallengeResponses\": { \"ANSWER\": \"EMAIL_OTP\", \"USERNAME\": \"[username]\"}

WEB_AUTHN

\"ChallengeName\": \"WEB_AUTHN\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"CREDENTIAL\": \"[AuthenticationResponseJSON]\"}

See AuthenticationResponseJSON.

PASSWORD

\"ChallengeName\": \"PASSWORD\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"PASSWORD\": \"[password]\"}

PASSWORD_SRP

\"ChallengeName\": \"PASSWORD_SRP\", \"ChallengeResponses\": { \"USERNAME\": \"[username]\", \"SRP_A\": \"[SRP_A]\"}

SMS_OTP

\"ChallengeName\": \"SMS_OTP\", \"ChallengeResponses\": {\"SMS_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

EMAIL_OTP

\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

SMS_MFA

\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}

PASSWORD_VERIFIER

This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

CUSTOM_CHALLENGE

\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}

NEW_PASSWORD_REQUIRED

\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}

To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.

In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.
SOFTWARE_TOKEN_MFA

\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}

DEVICE_SRP_AUTH

\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}

DEVICE_PASSWORD_VERIFIER

\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}

MFA_SETUP

\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"

SELECT_MFA_TYPE

\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA|EMAIL_MFA|SOFTWARE_TOKEN_MFA]\"}

For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata that contributes to your metrics for RespondToAuthChallenge calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: post authentication, pre token generation, define auth challenge, create auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: post authentication, pre token generation, define auth challenge, create auth challenge, and verify auth challenge. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

The request to respond to an authentication challenge.

" @@ -7423,23 +7751,28 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"

The challenge name. For more information, see InitiateAuth.

" + "documentation":"

The name of the next challenge that you must respond to.

Possible challenges include the following:

All of the following challenges require USERNAME and, when the app client has a client secret, SECRET_HASH in the parameters. Include a DEVICE_KEY for device authentication.

  • WEB_AUTHN: Respond to the challenge with the results of a successful authentication with a WebAuthn authenticator, or passkey, as CREDENTIAL. Examples of WebAuthn authenticators include biometric devices and security keys.

  • PASSWORD: Respond with the user's password as PASSWORD.

  • PASSWORD_SRP: Respond with the initial SRP secret as SRP_A.

  • SELECT_CHALLENGE: Respond with a challenge selection as ANSWER. It must be one of the challenge types in the AvailableChallenges response parameter. Add the parameters of the selected challenge, for example USERNAME and SMS_OTP.

  • SMS_MFA: Respond with the code that your user pool delivered in an SMS message, as SMS_MFA_CODE

  • EMAIL_MFA: Respond with the code that your user pool delivered in an email message, as EMAIL_MFA_CODE

  • EMAIL_OTP: Respond with the code that your user pool delivered in an email message, as EMAIL_OTP_CODE .

  • SMS_OTP: Respond with the code that your user pool delivered in an SMS message, as SMS_OTP_CODE.

  • PASSWORD_VERIFIER: Respond with the second stage of SRP secrets as PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP.

  • CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued. The parameters of the challenge are determined by your Lambda function and issued in the ChallengeParameters of a challenge response.

  • DEVICE_SRP_AUTH: Respond with the initial parameters of device SRP authentication. For more information, see Signing in with a device.

  • DEVICE_PASSWORD_VERIFIER: Respond with PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after client-side SRP calculations. For more information, see Signing in with a device.

  • NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write.

    Amazon Cognito only returns this challenge for users who have temporary passwords. When you create passwordless users, you must provide values for all required attributes.

    In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge or RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes or UpdateUserAttributes API operation to modify the value of any additional attributes.

  • MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.

    To set up time-based one-time password (TOTP) MFA, use the session returned in this challenge from InitiateAuth or AdminInitiateAuth as an input to AssociateSoftwareToken. Then, use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge or AdminRespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in.

    To set up SMS or email MFA, collect a phone_number or email attribute for the user. Then restart the authentication flow with an InitiateAuth or AdminInitiateAuth request.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that should be passed both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge API call.

" + "documentation":"

The session identifier that maintains the state of authentication requests and challenge responses. If an InitiateAuth or RespondToAuthChallenge API request results in a determination that your application must pass another challenge, Amazon Cognito returns a session with other challenge parameters. Send this session identifier, unmodified, to the next RespondToAuthChallenge request.

" }, "ChallengeParameters":{ "shape":"ChallengeParametersType", - "documentation":"

The challenge parameters. For more information, see InitiateAuth.

" + "documentation":"

The parameters that define your response to the next challenge.

" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", - "documentation":"

The result returned by the server in response to the request to respond to the authentication challenge.

" + "documentation":"

The outcome of a successful authentication process. After your application has passed all challenges, Amazon Cognito returns an AuthenticationResult with the JSON web tokens (JWTs) that indicate successful sign-in.

" } }, "documentation":"

The response to respond to the authentication challenge.

" }, + "RetryGracePeriodSecondsType":{ + "type":"integer", + "max":60, + "min":0 + }, "RevokeTokenRequest":{ "type":"structure", "required":[ @@ -7453,18 +7786,17 @@ }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The client ID for the token that you want to revoke.

" + "documentation":"

The ID of the app client where the token that you want to revoke was issued.

" }, "ClientSecret":{ "shape":"ClientSecretType", - "documentation":"

The secret for the client ID. This is required only if the client ID has a secret.

" + "documentation":"

The client secret of the requested app client, if the client has a secret.

" } } }, "RevokeTokenResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RiskConfigurationType":{ "type":"structure", @@ -7479,11 +7811,11 @@ }, "CompromisedCredentialsRiskConfiguration":{ "shape":"CompromisedCredentialsRiskConfigurationType", - "documentation":"

Settings for compromised-credentials actions and authentication types with advanced security features in full-function ENFORCED mode.

" + "documentation":"

Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.

" }, "AccountTakeoverRiskConfiguration":{ "shape":"AccountTakeoverRiskConfigurationType", - "documentation":"

The settings for automated responses and notification templates for adaptive authentication with advanced security features.

" + "documentation":"

The settings for automated responses and notification templates for adaptive authentication with threat protection.

" }, "RiskExceptionConfiguration":{ "shape":"RiskExceptionConfigurationType", @@ -7494,7 +7826,7 @@ "documentation":"

The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

The settings of risk configuration for threat protection with advanced security features in a user pool.

This data type is a response parameter of DescribeRiskConfiguration and SetRiskConfiguration.

" + "documentation":"

The settings of risk configuration for threat protection with threat protection in a user pool.

" }, "RiskDecisionType":{ "type":"string", @@ -7516,7 +7848,7 @@ "documentation":"

An always-allow IP address list. Risk detection isn't performed on the IP addresses in this range list. This parameter is displayed and set in CIDR notation.

" } }, - "documentation":"

Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.

This data type is a request parameter of SetRiskConfiguration and a response parameter of DescribeRiskConfiguration.

" + "documentation":"

Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.

" }, "RiskLevelType":{ "type":"string", @@ -7543,10 +7875,10 @@ "members":{ "BucketArn":{ "shape":"S3ArnType", - "documentation":"

The ARN of an Amazon S3 bucket that's the destination for advanced security features log export.

" + "documentation":"

The ARN of an Amazon S3 bucket that's the destination for threat protection log export.

" } }, - "documentation":"

Configuration for the Amazon S3 bucket destination of user activity log export with advanced security features.

" + "documentation":"

Configuration for the Amazon S3 bucket destination of user activity log export with threat protection.

" }, "SESConfigurationSet":{ "type":"string", @@ -7566,7 +7898,7 @@ "documentation":"

Specifies whether SMS is the preferred MFA method. If true, your user pool prompts the specified user for a code delivered by SMS message after username-password sign-in succeeds.

" } }, - "documentation":"

A user's preference for using SMS message multi-factor authentication (MFA). Turns SMS MFA on and off, and can set SMS as preferred when other MFA options are available. You can't turn off SMS MFA for any of your users when MFA is required in your user pool; you can only set the type that your user prefers.

This data type is a request parameter of SetUserMFAPreference and AdminSetUserMFAPreference.

" + "documentation":"

A user's preference for using SMS message multi-factor authentication (MFA). Turns SMS MFA on and off, and can set SMS as preferred when other MFA options are available. You can't turn off SMS MFA for any of your users when MFA is required in your user pool; you can only set the type that your user prefers.

" }, "SchemaAttributeType":{ "type":"structure", @@ -7603,7 +7935,7 @@ "documentation":"

Specifies the constraints for an attribute of the string type.

" } }, - "documentation":"

A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a custom: prefix, and developer attributes with a dev: prefix. For more information, see User pool attributes.

Developer-only dev: attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a custom: prefix, and developer attributes with a dev: prefix. For more information, see User pool attributes.

Developer-only dev: attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.

" }, "SchemaAttributesListType":{ "type":"list", @@ -7680,7 +8012,7 @@ "members":{ "LogDeliveryConfiguration":{ "shape":"LogDeliveryConfigurationType", - "documentation":"

The detailed activity logging configuration that you applied to the requested user pool.

" + "documentation":"

The logging configuration that you applied to the requested user pool.

" } } }, @@ -7690,23 +8022,23 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to set a risk configuration. If you include UserPoolId in your request, don't include ClientId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool. When you include both ClientId and UserPoolId, Amazon Cognito maps the configuration to the app client only.

" }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The app client ID. If ClientId is null, then the risk configuration is mapped to userPoolId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.

Otherwise, ClientId is mapped to the client. When the client ID isn't null, the user pool configuration is overridden and the risk configuration for the client is used instead.

" + "documentation":"

The ID of the app client where you want to set a risk configuration. If ClientId is null, then the risk configuration is mapped to UserPoolId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.

When you include a ClientId parameter, Amazon Cognito maps the configuration to the app client. When you include both ClientId and UserPoolId, Amazon Cognito maps the configuration to the app client only.

" }, "CompromisedCredentialsRiskConfiguration":{ "shape":"CompromisedCredentialsRiskConfigurationType", - "documentation":"

The compromised credentials risk configuration.

" + "documentation":"

The configuration of automated reactions to detected compromised credentials. Includes settings for blocking future sign-in requests and for the types of password-submission events you want to monitor.

" }, "AccountTakeoverRiskConfiguration":{ "shape":"AccountTakeoverRiskConfigurationType", - "documentation":"

The account takeover risk configuration.

" + "documentation":"

The settings for automated responses and notification templates for adaptive authentication with threat protection.

" }, "RiskExceptionConfiguration":{ "shape":"RiskExceptionConfigurationType", - "documentation":"

The configuration to override the risk decision.

" + "documentation":"

A set of IP-address overrides to threat protection. You can set up IP-address always-block and always-allow lists.

" } } }, @@ -7716,7 +8048,7 @@ "members":{ "RiskConfiguration":{ "shape":"RiskConfigurationType", - "documentation":"

The risk configuration.

" + "documentation":"

The API response that contains the risk configuration that you set and the timestamp of the most recent change.

" } } }, @@ -7726,19 +8058,19 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool where you want to apply branding to the classic hosted UI.

" }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The client ID for the client app.

" + "documentation":"

The ID of the app client that you want to customize. To apply a default style to all app clients not configured with client-level branding, set this parameter value to ALL.

" }, "CSS":{ "shape":"CSSType", - "documentation":"

The CSS values in the UI customization.

" + "documentation":"

A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool App clients tab, select Login pages, edit Hosted UI (classic) style, and select the link to CSS template.css.

" }, "ImageFile":{ "shape":"ImageFileType", - "documentation":"

The uploaded logo image for the UI customization.

" + "documentation":"

The image that you want to set as your login in the classic hosted UI, as a Base64-formatted binary object.

" } } }, @@ -7748,7 +8080,7 @@ "members":{ "UICustomization":{ "shape":"UICustomizationType", - "documentation":"

The UI customization information.

" + "documentation":"

Information about the hosted UI branding that you applied.

" } } }, @@ -7762,22 +8094,21 @@ }, "SoftwareTokenMfaSettings":{ "shape":"SoftwareTokenMfaSettingsType", - "documentation":"

User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available.

" + "documentation":"

User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available. Users must register a TOTP authenticator before they set this as their preferred MFA method.

" }, "EmailMfaSettings":{ "shape":"EmailMfaSettingsType", - "documentation":"

User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose MFA preference you want to set.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } } }, "SetUserMFAPreferenceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "SetUserPoolMfaConfigRequest":{ "type":"structure", @@ -7797,15 +8128,15 @@ }, "EmailMfaConfiguration":{ "shape":"EmailMfaConfigType", - "documentation":"

Configures user pool email messages for MFA. Sets the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

Sets configuration for user pool email message MFA and sign-in with one-time passwords (OTPs). Includes the subject and body of the email message template for sign-in and MFA messages. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", - "documentation":"

The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who have set up an MFA factor can sign in. To learn more, see Adding Multi-Factor Authentication (MFA) to a user pool. Valid values include:

  • OFF MFA won't be used for any users.

  • ON MFA is required for all users to sign in.

  • OPTIONAL MFA will be required only for individual users who have an MFA factor activated.

" + "documentation":"

Sets multi-factor authentication (MFA) to be on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

When MfaConfiguration is OPTIONAL, managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor.

" }, "WebAuthnConfiguration":{ "shape":"WebAuthnConfigurationType", - "documentation":"

The configuration of your user pool for passkey, or webauthN, authentication and registration. You can set this configuration independent of the MFA configuration options in this operation.

" + "documentation":"

The configuration of your user pool for passkey, or WebAuthn, authentication and registration. You can set this configuration independent of the MFA configuration options in this operation.

" } } }, @@ -7814,7 +8145,7 @@ "members":{ "SmsMfaConfiguration":{ "shape":"SmsMfaConfigType", - "documentation":"

Shows user pool SMS message configuration for MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.

" + "documentation":"

Shows user pool SMS message configuration for MFA and sign-in with SMS-message OTPs. Includes the message template and the SMS message sending configuration for Amazon SNS.

" }, "SoftwareTokenMfaConfiguration":{ "shape":"SoftwareTokenMfaConfigType", @@ -7822,15 +8153,15 @@ }, "EmailMfaConfiguration":{ "shape":"EmailMfaConfigType", - "documentation":"

Shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

" + "documentation":"

Shows configuration for user pool email message MFA and sign-in with one-time passwords (OTPs). Includes the subject and body of the email message template for sign-in and MFA messages. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", - "documentation":"

The MFA configuration. Valid values include:

  • OFF MFA won't be used for any users.

  • ON MFA is required for all users to sign in.

  • OPTIONAL MFA will be required only for individual users who have an MFA factor enabled.

" + "documentation":"

Displays multi-factor authentication (MFA) as on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

When MfaConfiguration is OPTIONAL, managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor.

" }, "WebAuthnConfiguration":{ "shape":"WebAuthnConfigurationType", - "documentation":"

The configuration of your user pool for passkey, or webauthN, biometric and security-key devices.

" + "documentation":"

The configuration of your user pool for passkey, or WebAuthn, sign-in with authenticators like biometric and security-key devices. Includes relying-party configuration and settings for user-verification requirements.

" } } }, @@ -7843,7 +8174,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose user settings you want to configure.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "MFAOptions":{ "shape":"MFAOptionListType", @@ -7854,8 +8185,7 @@ }, "SetUserSettingsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response from the server for a set user settings request.

" }, "SignInPolicyType":{ @@ -7866,7 +8196,7 @@ "documentation":"

The sign-in methods that a user pool supports as the first factor. You can permit users to start authentication with a standard username and password, or with other one-time password and hardware factors.

" } }, - "documentation":"

The policy for allowed types of authentication in a user pool.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the Essentials tier or higher.

" }, "SignUpRequest":{ "type":"structure", @@ -7877,7 +8207,7 @@ "members":{ "ClientId":{ "shape":"ClientIdType", - "documentation":"

The ID of the client associated with the user pool.

" + "documentation":"

The ID of the app client where the user wants to sign up.

" }, "SecretHash":{ "shape":"SecretHashType", @@ -7889,27 +8219,27 @@ }, "Password":{ "shape":"PasswordType", - "documentation":"

The password of the user you want to register.

Users can sign up without a password when your user pool supports passwordless sign-in with email or SMS OTPs. To create a user with no password, omit this parameter or submit a blank value. You can only create a passwordless user when passwordless sign-in is available. See the SignInPolicyType property of CreateUserPool and UpdateUserPool.

" + "documentation":"

The user's proposed password. The password must comply with the password requirements of your user pool.

Users can sign up without a password when your user pool supports passwordless sign-in with email or SMS OTPs. To create a user with no password, omit this parameter or submit a blank value. You can only create a passwordless user when passwordless sign-in is available.

" }, "UserAttributes":{ "shape":"AttributeListType", - "documentation":"

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

" + "documentation":"

An array of name-value pairs representing user attributes.

For custom attributes, include a custom: prefix in the attribute name, for example custom:department.

" }, "ValidationData":{ "shape":"AttributeListType", - "documentation":"

Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.

Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.

For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.

" + "documentation":"

Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.

Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.

For more information about the pre sign-up Lambda trigger, see Pre sign-up Lambda trigger.

" }, "AnalyticsMetadata":{ "shape":"AnalyticsMetadataType", - "documentation":"

The Amazon Pinpoint analytics metadata that contributes to your metrics for SignUp calls.

" + "documentation":"

Information that supports analytics outcomes with Amazon Pinpoint, including the user's endpoint ID. The endpoint ID is a destination for Amazon Pinpoint push notifications, for example a device identifier, email address, or phone number.

" }, "UserContextData":{ "shape":"UserContextDataType", - "documentation":"

Contextual data about your user session, such as the device fingerprint, IP address, or location. Amazon Cognito advanced security evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" + "documentation":"

Contextual data about your user session like the device fingerprint, IP address, or location. Amazon Cognito threat protection evaluates the risk of an authentication event based on the context that your app generates and passes to Amazon Cognito when it makes API requests.

For more information, see Collecting data for threat protection in applications.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and post confirmation. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: pre sign-up, custom message, and post confirmation. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to register a user.

" @@ -7923,15 +8253,15 @@ "members":{ "UserConfirmed":{ "shape":"BooleanType", - "documentation":"

A response from the server indicating that a user registration has been confirmed.

" + "documentation":"

Indicates whether the user was automatically confirmed. You can auto-confirm users with a pre sign-up Lambda trigger.

" }, "CodeDeliveryDetails":{ "shape":"CodeDeliveryDetailsType", - "documentation":"

The code delivery details returned by the server response to the user registration request.

" + "documentation":"

In user pools that automatically verify and confirm new users, Amazon Cognito sends users a message with a code or link that confirms ownership of the phone number or email address that they entered. The CodeDeliveryDetails object is information about the delivery destination for that link or code.

" }, "UserSub":{ "shape":"StringType", - "documentation":"

The 128-bit ID of the authenticated user. This isn't the same as username.

" + "documentation":"

The unique identifier of the new user, for example a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

" }, "Session":{ "shape":"SessionType", @@ -7962,7 +8292,7 @@ "documentation":"

The Amazon Web Services Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region.

Amazon Cognito resources in the Asia Pacific (Seoul) Amazon Web Services Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

" } }, - "documentation":"

User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.

This data type is a request parameter of CreateUserPool, UpdateUserPool, and SetUserPoolMfaConfig, and a response parameter of CreateUserPool, UpdateUserPool, and GetUserPoolMfaConfig.

" + "documentation":"

User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.

" }, "SmsInviteMessageType":{ "type":"string", @@ -7982,7 +8312,7 @@ "documentation":"

User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.

You can set SmsConfiguration in CreateUserPool and UpdateUserPool, or in SetUserPoolMfaConfig.

" } }, - "documentation":"

The configuration of multi-factor authentication (MFA) with SMS messages in a user pool.

This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig.

" + "documentation":"

The configuration of multi-factor authentication (MFA) with SMS messages in a user pool.

" }, "SmsVerificationMessageType":{ "type":"string", @@ -8013,7 +8343,7 @@ "documentation":"

The activation state of TOTP MFA.

" } }, - "documentation":"

Settings for time-based one-time password (TOTP) multi-factor authentication (MFA) in a user pool. Enables and disables availability of this feature.

This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig.

" + "documentation":"

Settings for time-based one-time password (TOTP) multi-factor authentication (MFA) in a user pool. Enables and disables availability of this feature.

" }, "SoftwareTokenMfaSettingsType":{ "type":"structure", @@ -8027,7 +8357,7 @@ "documentation":"

Specifies whether software token MFA is the preferred MFA method.

" } }, - "documentation":"

A user's preference for using time-based one-time password (TOTP) multi-factor authentication (MFA). Turns TOTP MFA on and off, and can set TOTP as preferred when other MFA options are available. You can't turn off TOTP MFA for any of your users when MFA is required in your user pool; you can only set the type that your user prefers.

This data type is a request parameter of SetUserMFAPreference and AdminSetUserMFAPreference.

" + "documentation":"

A user's preference for using time-based one-time password (TOTP) multi-factor authentication (MFA). Turns TOTP MFA on and off, and can set TOTP as preferred when other MFA options are available. You can't turn off TOTP MFA for any of your users when MFA is required in your user pool; you can only set the type that your user prefers.

" }, "StartUserImportJobRequest":{ "type":"structure", @@ -8038,11 +8368,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that the users are being imported into.

" + "documentation":"

The ID of the user pool that you want to start importing users into.

" }, "JobId":{ "shape":"UserImportJobIdType", - "documentation":"

The job ID for the user import job.

" + "documentation":"

The ID of a user import job that you previously created.

" } }, "documentation":"

Represents the request to start the user import job.

" @@ -8052,7 +8382,7 @@ "members":{ "UserImportJob":{ "shape":"UserImportJobType", - "documentation":"

The job object that represents the user import job.

" + "documentation":"

The details of the user import job. Includes logging destination, status, and the Amazon S3 pre-signed URL for CSV upload.

" } }, "documentation":"

Represents the response from the server to the request to start the user import job.

" @@ -8063,7 +8393,7 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose passkey metadata you want to generate.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" } } }, @@ -8093,11 +8423,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that the users are being imported into.

" + "documentation":"

The ID of the user pool that you want to stop.

" }, "JobId":{ "shape":"UserImportJobIdType", - "documentation":"

The job ID for the user import job.

" + "documentation":"

The ID of a running user import job.

" } }, "documentation":"

Represents the request to stop the user import job.

" @@ -8107,7 +8437,7 @@ "members":{ "UserImportJob":{ "shape":"UserImportJobType", - "documentation":"

The job object that represents the user import job.

" + "documentation":"

The details of the user import job. Includes logging destination, status, and the Amazon S3 pre-signed URL for CSV upload.

" } }, "documentation":"

Represents the response from the server to the request to stop the user import job.

" @@ -8124,7 +8454,7 @@ "documentation":"

The maximum length of a string attribute value. Must be a number less than or equal to 2^1023, represented as a string with a length of 131072 characters or fewer.

" } }, - "documentation":"

The minimum and maximum length values of an attribute that is of the string type, for example custom:department.

This data type is part of SchemaAttributeType. It defines the length constraints on string-type attributes that you configure in CreateUserPool and UpdateUserPool, and displays the length constraints of all string-type attributes in the response to DescribeUserPool

" + "documentation":"

The minimum and maximum length values of an attribute that is of the string type, for example custom:department.

" }, "StringType":{ "type":"string", @@ -8153,14 +8483,13 @@ }, "Tags":{ "shape":"UserPoolTagsType", - "documentation":"

The tags to assign to the user pool.

" + "documentation":"

An array of tag keys and values that you want to assign to the user pool.

" } } }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValueType":{ "type":"string", @@ -8172,6 +8501,120 @@ "max":365, "min":0 }, + "TermsDescriptionListType":{ + "type":"list", + "member":{"shape":"TermsDescriptionType"} + }, + "TermsDescriptionType":{ + "type":"structure", + "required":[ + "TermsId", + "TermsName", + "Enforcement", + "CreationDate", + "LastModifiedDate" + ], + "members":{ + "TermsId":{ + "shape":"TermsIdType", + "documentation":"

The ID of the requested terms documents.

" + }, + "TermsName":{ + "shape":"TermsNameType", + "documentation":"

The type and friendly name of the requested terms documents.

" + }, + "Enforcement":{ + "shape":"TermsEnforcementType", + "documentation":"

This parameter is reserved for future use and currently accepts one value.

" + }, + "CreationDate":{ + "shape":"DateType", + "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" + }, + "LastModifiedDate":{ + "shape":"DateType", + "documentation":"

The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" + } + }, + "documentation":"

The details of a set of terms documents. For more information, see Terms documents.

" + }, + "TermsEnforcementType":{ + "type":"string", + "enum":["NONE"] + }, + "TermsExistsException":{ + "type":"structure", + "members":{ + "message":{"shape":"MessageType"} + }, + "documentation":"

Terms document names must be unique to the app client. This exception is thrown when you attempt to create terms documents with a duplicate TermsName.

", + "exception":true + }, + "TermsIdType":{ + "type":"string", + "pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + "TermsNameType":{ + "type":"string", + "pattern":"^(terms-of-use|privacy-policy)$" + }, + "TermsSourceType":{ + "type":"string", + "enum":["LINK"] + }, + "TermsType":{ + "type":"structure", + "required":[ + "TermsId", + "UserPoolId", + "ClientId", + "TermsName", + "TermsSource", + "Enforcement", + "Links", + "CreationDate", + "LastModifiedDate" + ], + "members":{ + "TermsId":{ + "shape":"TermsIdType", + "documentation":"

The ID of the terms documents.

" + }, + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool that contains the terms documents.

" + }, + "ClientId":{ + "shape":"ClientIdType", + "documentation":"

The ID of the app client that the terms documents are assigned to.

" + }, + "TermsName":{ + "shape":"TermsNameType", + "documentation":"

The type and friendly name of the terms documents.

" + }, + "TermsSource":{ + "shape":"TermsSourceType", + "documentation":"

This parameter is reserved for future use and currently accepts one value.

" + }, + "Enforcement":{ + "shape":"TermsEnforcementType", + "documentation":"

This parameter is reserved for future use and currently accepts one value.

" + }, + "Links":{ + "shape":"LinksType", + "documentation":"

A map of URLs to languages. For each localized language that will view the requested TermsName, assign a URL. A selection of cognito:default displays for all languages that don't have a language-specific URL.

For example, \"cognito:default\": \"https://terms.example.com\", \"cognito:spanish\": \"https://terms.example.com/es\".

" + }, + "CreationDate":{ + "shape":"DateType", + "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" + }, + "LastModifiedDate":{ + "shape":"DateType", + "documentation":"

The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" + } + }, + "documentation":"

The details of a set of terms documents. For more information, see Terms documents.

" + }, "TierChangeNotAllowedException":{ "type":"structure", "members":{ @@ -8210,7 +8653,7 @@ "documentation":"

A time unit for the value that you set in the RefreshTokenValidity parameter. The default RefreshTokenValidity time unit is days. RefreshTokenValidity duration can range from 60 minutes to 10 years.

" } }, - "documentation":"

The time units that, with IdTokenValidity, AccessTokenValidity, and RefreshTokenValidity, set and display the duration of ID, access, and refresh tokens for an app client. You can assign a separate token validity unit to each type of token.

This data type is a request parameter of CreateUserPoolClient and UpdateUserPoolClient, and a response parameter of DescribeUserPoolClient.

" + "documentation":"

The time units that, with IdTokenValidity, AccessTokenValidity, and RefreshTokenValidity, set and display the duration of ID, access, and refresh tokens for an app client. You can assign a separate token validity unit to each type of token.

" }, "TooManyFailedAttemptsException":{ "type":"structure", @@ -8251,7 +8694,7 @@ }, "CSS":{ "shape":"CSSType", - "documentation":"

The CSS values in the UI customization. To get a template with your UI customization options, make a GetUiCustomization request.

" + "documentation":"

The CSS values in the UI customization.

" }, "CSSVersion":{ "shape":"CSSVersionType", @@ -8266,7 +8709,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

A container for the UI customization information for the hosted UI in a user pool.

This data type is a response parameter of GetUICustomization.

" + "documentation":"

A container for the UI customization information for the hosted UI in a user pool.

" }, "UnauthorizedException":{ "type":"structure", @@ -8335,14 +8778,13 @@ }, "TagKeys":{ "shape":"UserPoolTagsListType", - "documentation":"

The keys of the tags to remove from the user pool.

" + "documentation":"

An array of tag keys that you want to remove from the user pool.

" } } }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAuthEventFeedbackRequest":{ "type":"structure", @@ -8356,30 +8798,29 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The ID of the user pool where you want to update auth event feedback.

" }, "Username":{ "shape":"UsernameType", - "documentation":"

The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" + "documentation":"

The name of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username isn't an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

" }, "EventId":{ "shape":"EventIdType", - "documentation":"

The event ID.

" + "documentation":"

The ID of the authentication event that you want to submit feedback for.

" }, "FeedbackToken":{ "shape":"TokenModelType", - "documentation":"

The feedback token.

" + "documentation":"

The feedback token, an encrypted object generated by Amazon Cognito and passed to your user in the notification email message from the event.

" }, "FeedbackValue":{ "shape":"FeedbackValueType", - "documentation":"

The authentication event feedback value. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" + "documentation":"

Your feedback to the authentication event. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don't trust a user session, or you don't believe that Amazon Cognito evaluated a high-enough risk level.

" } } }, "UpdateAuthEventFeedbackResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDeviceStatusRequest":{ "type":"structure", @@ -8390,23 +8831,22 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose device status you want to update.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "DeviceKey":{ "shape":"DeviceKeyType", - "documentation":"

The device key.

" + "documentation":"

The device key of the device you want to update, for example us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.

" }, "DeviceRememberedStatus":{ "shape":"DeviceRememberedStatusType", - "documentation":"

The status of whether a device is remembered.

" + "documentation":"

To enable device authentication with the specified device, set to remembered.To disable, set to not_remembered.

" } }, "documentation":"

Represents the request to update the device status.

" }, "UpdateDeviceStatusResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response to the request to update the device status.

" }, "UpdateGroupRequest":{ @@ -8418,23 +8858,23 @@ "members":{ "GroupName":{ "shape":"GroupNameType", - "documentation":"

The name of the group.

" + "documentation":"

The name of the group that you want to update.

" }, "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool that contains the group you want to update.

" }, "Description":{ "shape":"DescriptionType", - "documentation":"

A string containing the new description of the group.

" + "documentation":"

A new description of the existing group.

" }, "RoleArn":{ "shape":"ArnType", - "documentation":"

The new role Amazon Resource Name (ARN) for the group. This is used for setting the cognito:roles and cognito:preferred_role claims in the token.

" + "documentation":"

The Amazon Resource Name (ARN) of an IAM role that you want to associate with the group. The role assignment contributes to the cognito:roles and cognito:preferred_role claims in group members' tokens.

" }, "Precedence":{ "shape":"PrecedenceType", - "documentation":"

The new precedence value for the group. For more information about this parameter, see CreateGroup.

" + "documentation":"

A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher or null Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.

Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.

The default Precedence value is null. The maximum Precedence value is 2^31-1.

" } } }, @@ -8443,7 +8883,7 @@ "members":{ "Group":{ "shape":"GroupType", - "documentation":"

The group object for the group.

" + "documentation":"

Contains the updated details of the group, including precedence, IAM role, and description.

" } } }, @@ -8456,11 +8896,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The user pool ID.

" + "documentation":"

The Id of the user pool where you want to update your IdP.

" }, "ProviderName":{ "shape":"ProviderNameType", - "documentation":"

The IdP name.

" + "documentation":"

The name of the IdP that you want to update. You can pass the identity provider name in the identity_provider query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.

" }, "ProviderDetails":{ "shape":"ProviderDetailsType", @@ -8468,11 +8908,11 @@ }, "AttributeMapping":{ "shape":"AttributeMappingType", - "documentation":"

The IdP attribute mapping to be changed.

" + "documentation":"

A mapping of IdP attributes to standard and custom user pool attributes. Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.

" }, "IdpIdentifiers":{ "shape":"IdpIdentifiersListType", - "documentation":"

A list of IdP identifiers.

" + "documentation":"

An array of IdP identifiers, for example \"IdPIdentifiers\": [ \"MyIdP\", \"MyIdP2\" ]. Identifiers are friendly names that you can pass in the idp_identifier query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers.

" } } }, @@ -8499,11 +8939,11 @@ }, "UseCognitoProvidedValues":{ "shape":"BooleanType", - "documentation":"

When true, applies the default branding style options. This option reverts to default style options that are managed by Amazon Cognito. You can modify them later in the branding designer.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" + "documentation":"

When true, applies the default branding style options. This option reverts to default style options that are managed by Amazon Cognito. You can modify them later in the branding editor.

When you specify true for this option, you must also omit values for Settings and Assets in the request.

" }, "Settings":{ "shape":"Document", - "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

" + "documentation":"

A JSON file, encoded as a Document type, with the the settings that you want to apply to your style.

The following components are not currently implemented and reserved for future use:

" }, "Assets":{ "shape":"AssetListType", @@ -8530,7 +8970,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool.

" + "documentation":"

The ID of the user pool that contains the resource server that you want to update.

" }, "Identifier":{ "shape":"ResourceServerIdentifierType", @@ -8538,11 +8978,11 @@ }, "Name":{ "shape":"ResourceServerNameType", - "documentation":"

The name of the resource server.

" + "documentation":"

The updated name of the resource server.

" }, "Scopes":{ "shape":"ResourceServerScopeListType", - "documentation":"

The scope values to be set for the resource server.

" + "documentation":"

An array of updated custom scope names and descriptions that you want to associate with your resource server.

" } } }, @@ -8552,7 +8992,49 @@ "members":{ "ResourceServer":{ "shape":"ResourceServerType", - "documentation":"

The resource server.

" + "documentation":"

The updated details of the requested resource server.

" + } + } + }, + "UpdateTermsRequest":{ + "type":"structure", + "required":[ + "TermsId", + "UserPoolId" + ], + "members":{ + "TermsId":{ + "shape":"TermsIdType", + "documentation":"

The ID of the terms document that you want to update.

" + }, + "UserPoolId":{ + "shape":"UserPoolIdType", + "documentation":"

The ID of the user pool that contains the terms that you want to update.

" + }, + "TermsName":{ + "shape":"TermsNameType", + "documentation":"

The new name that you want to apply to the requested terms documents.

" + }, + "TermsSource":{ + "shape":"TermsSourceType", + "documentation":"

This parameter is reserved for future use and currently accepts only one value.

" + }, + "Enforcement":{ + "shape":"TermsEnforcementType", + "documentation":"

This parameter is reserved for future use and currently accepts only one value.

" + }, + "Links":{ + "shape":"LinksType", + "documentation":"

A map of URLs to languages. For each localized language that will view the requested TermsName, assign a URL. A selection of cognito:default displays for all languages that don't have a language-specific URL.

For example, \"cognito:default\": \"https://terms.example.com\", \"cognito:spanish\": \"https://terms.example.com/es\".

" + } + } + }, + "UpdateTermsResponse":{ + "type":"structure", + "members":{ + "Terms":{ + "shape":"TermsType", + "documentation":"

A summary of the updates to your terms documents.

" } } }, @@ -8565,15 +9047,15 @@ "members":{ "UserAttributes":{ "shape":"AttributeListType", - "documentation":"

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.

" + "documentation":"

An array of name-value pairs representing user attributes.

For custom attributes, you must add a custom: prefix to the attribute name.

If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.

" }, "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose user attributes you want to update.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "ClientMetadata":{ "shape":"ClientMetadataType", - "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action initiates.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" + "documentation":"

A map of custom key-value pairs that you can provide as input for any custom workflows that this action initiates.

You create custom workflows by assigning Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the custom message trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a clientMetadata attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in Lambda, you can process the clientMetadata value to enhance your workflow for your specific needs.

For more information, see Using Lambda triggers in the Amazon Cognito Developer Guide.

When you use the ClientMetadata parameter, note that Amazon Cognito won't do the following:

  • Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.

  • Validate the ClientMetadata value.

  • Encrypt the ClientMetadata value. Don't send sensitive information in this parameter.

" } }, "documentation":"

Represents the request to update user attributes.

" @@ -8583,7 +9065,7 @@ "members":{ "CodeDeliveryDetailsList":{ "shape":"CodeDeliveryDetailsListType", - "documentation":"

The code delivery details list from the server for the request to update user attributes.

" + "documentation":"

When the attribute-update request includes an email address or phone number attribute, Amazon Cognito sends a message to users with a code that confirms ownership of the new value that they entered. The CodeDeliveryDetails object is information about the delivery destination for that link or code. This behavior happens in user pools configured to automatically verify changes to those attributes. For more information, see Verifying when users change their email or phone number.

" } }, "documentation":"

Represents the response from the server for the request to update user attributes.

" @@ -8597,15 +9079,15 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool where you want to update the user pool client.

" + "documentation":"

The ID of the user pool where you want to update the app client.

" }, "ClientId":{ "shape":"ClientIdType", - "documentation":"

The ID of the client associated with the user pool.

" + "documentation":"

The ID of the app client that you want to update.

" }, "ClientName":{ "shape":"ClientNameType", - "documentation":"

The client name from the update user pool client request.

" + "documentation":"

A friendly name for the app client.

" }, "RefreshTokenValidity":{ "shape":"RefreshTokenValidityType", @@ -8621,67 +9103,71 @@ }, "TokenValidityUnits":{ "shape":"TokenValidityUnitsType", - "documentation":"

The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.

" + "documentation":"

The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours.

" }, "ReadAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" + "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" }, "WriteAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" + "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" }, "ExplicitAuthFlows":{ "shape":"ExplicitAuthFlowsListType", - "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

Valid values include:

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" + "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your app client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

The values for authentication flow options include the following.

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

    To activate this setting, your user pool must be in the Essentials tier or higher.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" }, "SupportedIdentityProviders":{ "shape":"SupportedIdentityProvidersListType", - "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This setting applies to providers that you can access with managed login. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent API-based authentication is to block access with a WAF rule.

" + "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This parameter sets the IdPs that managed login will display on the login page for your app client. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent SDK-based authentication is to block access with a WAF rule.

" }, "CallbackURLs":{ "shape":"CallbackURLsListType", - "documentation":"

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

  • Be an absolute URI.

  • Be registered with the authorization server.

  • Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" + "documentation":"

A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.

A redirect URI must meet the following requirements:

  • Be an absolute URI.

  • Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with redirect_uri values that aren't in the list of CallbackURLs that you provide in this parameter.

  • Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" }, "LogoutURLs":{ "shape":"LogoutURLsListType", - "documentation":"

A list of allowed logout URLs for the IdPs.

" + "documentation":"

A list of allowed logout URLs for managed login authentication. When you pass logout_uri and client_id parameters to /logout, Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of logout_uri. A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see Logout endpoint.

" }, "DefaultRedirectURI":{ "shape":"RedirectUrlType", - "documentation":"

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:

  • Be an absolute URI.

  • Be registered with the authorization server.

  • Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" + "documentation":"

The default redirect URI. In app clients with one assigned IdP, replaces redirect_uri in authentication requests. Must be in the CallbackURLs list.

" }, "AllowedOAuthFlows":{ "shape":"OAuthFlowsType", - "documentation":"

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

" + "documentation":"

The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add client_credentials as the only allowed OAuth flow.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

" }, "AllowedOAuthScopes":{ "shape":"ScopeListType", - "documentation":"

The allowed OAuth scopes. Possible values provided by OAuth are phone, email, openid, and profile. Possible values provided by Amazon Web Services are aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

" + "documentation":"

The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the userInfo endpoint, and third-party APIs. Scope values include phone, email, openid, and profile. The aws.cognito.signin.user.admin scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs.

" }, "AllowedOAuthFlowsUserPoolClient":{ "shape":"BooleanType", - "documentation":"

Set to true to use OAuth 2.0 features in your user pool app client.

AllowedOAuthFlowsUserPoolClient must be true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false.

" + "documentation":"

Set to true to use OAuth 2.0 authorization server features in your app client.

This parameter must have a value of true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use authorization server features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false. When false, only SDK-based API sign-in is permitted.

" }, "AnalyticsConfiguration":{ "shape":"AnalyticsConfigurationType", - "documentation":"

The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.

In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

" + "documentation":"

The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools might not have access to analytics or might be configurable with campaigns in the US East (N. Virginia) Region. For more information, see Using Amazon Pinpoint analytics.

" }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

  • ENABLED - This prevents user existence-related errors.

  • LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.

Defaults to LEGACY when you don't provide a value.

" + "documentation":"

When ENABLED, suppresses messages that might indicate a valid user exists when someone attempts sign-in. This parameters sets your preference for the errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Defaults to LEGACY.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", - "documentation":"

Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.

" + "documentation":"

Activates or deactivates token revocation in the target app client.

" }, "EnablePropagateAdditionalUserContextData":{ "shape":"WrappedBooleanType", - "documentation":"

Activates the propagation of additional user context data. For more information about propagation of user context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.

" + "documentation":"

When true, your application can include additional UserContextData in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see Adding session data to API requests. If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.

" }, "AuthSessionValidity":{ "shape":"AuthSessionValidityType", "documentation":"

Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.

" + }, + "RefreshTokenRotation":{ + "shape":"RefreshTokenRotationType", + "documentation":"

The configuration of your app client for refresh token rotation. When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens.

" } }, "documentation":"

Represents the request to update the user pool client.

" @@ -8691,7 +9177,7 @@ "members":{ "UserPoolClient":{ "shape":"UserPoolClientType", - "documentation":"

The user pool client value from the response from the server when you request to update the user pool client.

" + "documentation":"

The updated details of your app client.

" } }, "documentation":"

Represents the response from the server to the request to update the user pool client.

" @@ -8705,19 +9191,19 @@ "members":{ "Domain":{ "shape":"DomainType", - "documentation":"

The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.

" + "documentation":"

The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example auth.example.com. For prefix domains, this is the prefix alone, such as myprefix.

" }, "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool that is associated with the custom domain whose certificate you're updating.

" + "documentation":"

The ID of the user pool that is associated with the domain you're updating.

" }, "ManagedLoginVersion":{ "shape":"WrappedIntegerType", - "documentation":"

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

" + "documentation":"

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding editor. For more information, see Managed login.

" }, "CustomDomainConfig":{ "shape":"CustomDomainConfigType", - "documentation":"

The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a SetUserPoolMfaConfig request.

" + "documentation":"

The configuration for a custom domain that hosts managed login for your application. In an UpdateUserPoolDomain request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in us-east-1.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.

" } }, "documentation":"

The UpdateUserPoolDomain request input.

" @@ -8727,11 +9213,11 @@ "members":{ "ManagedLoginVersion":{ "shape":"WrappedIntegerType", - "documentation":"

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

" + "documentation":"

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding editor. For more information, see Managed login.

" }, "CloudFrontDomain":{ "shape":"DomainType", - "documentation":"

The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.

" + "documentation":"

The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your managed login or classic hosted UI pages. You domain-name authority must have an alias record that points requests for your custom domain to this FQDN. Amazon Cognito returns this value if you set a custom domain with CustomDomainConfig. If you set an Amazon Cognito prefix domain, this operation returns a blank response.

" } }, "documentation":"

The UpdateUserPoolDomain response output.

" @@ -8746,7 +9232,7 @@ }, "Policies":{ "shape":"UserPoolPolicyType", - "documentation":"

A container with the policies you want to update in a user pool.

" + "documentation":"

The password policy and sign-in policy in the user pool. The password policy sets options like password complexity requirements and password history. The sign-in policy sets the options available to applications in choice-based authentication.

" }, "DeletionProtection":{ "shape":"DeletionProtectionType", @@ -8754,31 +9240,31 @@ }, "LambdaConfig":{ "shape":"LambdaConfigType", - "documentation":"

The Lambda configuration information from the request to update the user pool.

" + "documentation":"

A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them.

" }, "AutoVerifiedAttributes":{ "shape":"VerifiedAttributesListType", - "documentation":"

The attributes that are automatically verified when Amazon Cognito requests to update user pools.

" + "documentation":"

The attributes that you want your user pool to automatically verify. Possible values: email, phone_number. For more information see Verifying contact information at sign-up.

" }, "SmsVerificationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationMessage":{ "shape":"EmailVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationSubject":{ "shape":"EmailVerificationSubjectType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "VerificationMessageTemplate":{ "shape":"VerificationMessageTemplateType", - "documentation":"

The template for verification messages.

" + "documentation":"

The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.

Set the email message type that corresponds to your DefaultEmailOption selection. For CONFIRM_WITH_LINK, specify an EmailMessageByLink and leave EmailMessage blank. For CONFIRM_WITH_CODE, specify an EmailMessage and leave EmailMessageByLink blank. When you supply both parameters with either choice, Amazon Cognito returns an error.

" }, "SmsAuthenticationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"

The contents of the SMS authentication message.

" + "documentation":"

The contents of the SMS message that your user pool sends to users in SMS authentication.

" }, "UserAttributeUpdateSettings":{ "shape":"UserAttributeUpdateSettingsType", @@ -8786,11 +9272,11 @@ }, "MfaConfiguration":{ "shape":"UserPoolMfaType", - "documentation":"

Possible values include:

  • OFF - MFA tokens aren't required and can't be specified during user registration.

  • ON - MFA tokens are required for all user registrations. You can only specify ON when you're initially creating a user pool. You can use the SetUserPoolMfaConfig API operation to turn MFA \"ON\" for existing user pools.

  • OPTIONAL - Users have the option when registering to create an MFA token.

" + "documentation":"

Sets multi-factor authentication (MFA) to be on, off, or optional. When ON, all users must set up MFA before they can sign in. When OPTIONAL, your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose OPTIONAL.

When MfaConfiguration is OPTIONAL, managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor.

" }, "DeviceConfiguration":{ "shape":"DeviceConfigurationType", - "documentation":"

The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.

When you provide a value for any DeviceConfiguration field, you activate the Amazon Cognito device-remembering feature.

" + "documentation":"

The device-remembering configuration for a user pool. Device remembering or device tracking is a \"Remember me on this device\" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool. A null value indicates that you have deactivated device remembering in your user pool.

When you provide a value for any DeviceConfiguration field, you activate the Amazon Cognito device-remembering feature. For more information, see Working with devices.

" }, "EmailConfiguration":{ "shape":"EmailConfigurationType", @@ -8798,7 +9284,7 @@ }, "SmsConfiguration":{ "shape":"SmsConfigurationType", - "documentation":"

The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.

" + "documentation":"

The SMS configuration with the settings for your Amazon Cognito user pool to send SMS message with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account. For more information see SMS message settings.

" }, "UserPoolTags":{ "shape":"UserPoolTagsType", @@ -8806,11 +9292,11 @@ }, "AdminCreateUserConfig":{ "shape":"AdminCreateUserConfigType", - "documentation":"

The configuration for AdminCreateUser requests.

" + "documentation":"

The configuration for administrative creation of users. Includes the template for the invitation message for new users, the duration of temporary passwords, and permitting self-service sign-up.

" }, "UserPoolAddOns":{ "shape":"UserPoolAddOnsType", - "documentation":"

User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT. To configure automatic security responses to risky traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool.

" + "documentation":"

Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to AUDIT. To configure automatic security responses to potentially unwanted traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool. To activate this setting, your user pool must be on the Plus tier.

" }, "AccountRecoverySetting":{ "shape":"AccountRecoverySettingType", @@ -8829,8 +9315,7 @@ }, "UpdateUserPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the response from the server when you make a request to update the user pool.

" }, "UserAttributeUpdateSettingsType":{ @@ -8838,10 +9323,10 @@ "members":{ "AttributesRequireVerificationBeforeUpdate":{ "shape":"AttributesRequireVerificationBeforeUpdateType", - "documentation":"

Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.

You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the AdminUpdateUserAttributes API and set email_verified or phone_number_verified to true.

When AttributesRequireVerificationBeforeUpdate is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where AttributesRequireVerificationBeforeUpdate is false, API operations that change attribute values can immediately update a user’s email or phone_number attribute.

" + "documentation":"

Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.

When AttributesRequireVerificationBeforeUpdate is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where AttributesRequireVerificationBeforeUpdate is false, API operations that change attribute values can immediately update a user’s email or phone_number attribute.

" } }, - "documentation":"

The settings for updates to user attributes. These settings include the property AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The settings for updates to user attributes. These settings include the property AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.

" }, "UserContextDataType":{ "type":"structure", @@ -8855,7 +9340,7 @@ "documentation":"

Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.

" } }, - "documentation":"

Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

This data type is a request parameter of public-client authentication operations like InitiateAuth and RespondToAuthChallenge.

", + "documentation":"

Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito threat protection.

", "sensitive":true }, "UserFilterType":{ @@ -8954,7 +9439,7 @@ "documentation":"

The message returned when the user import job is completed.

" } }, - "documentation":"

A user import job in a user pool. Describes the status of user import with a CSV file. For more information, see Importing users into user pools from a CSV file.

This data type is a request parameter of CreateUserImportJob, DescribeUserImportJob, ListUserImportJobs, StartUserImportJob, and StopUserImportJob.

" + "documentation":"

A user import job in a user pool. Describes the status of user import with a CSV file. For more information, see Importing users into user pools from a CSV file.

" }, "UserImportJobsListType":{ "type":"list", @@ -9013,14 +9498,14 @@ "members":{ "AdvancedSecurityMode":{ "shape":"AdvancedSecurityModeType", - "documentation":"

The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.

" + "documentation":"

The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.

" }, "AdvancedSecurityAdditionalFlows":{ "shape":"AdvancedSecurityAdditionalFlowsType", - "documentation":"

Advanced security configuration options for additional authentication types in your user pool, including custom authentication.

" + "documentation":"

Threat protection configuration options for additional authentication types in your user pool, including custom authentication.

" } }, - "documentation":"

User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT. To configure automatic security responses to risky traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to AUDIT. To configure automatic security responses to potentially unwanted traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool. To activate this setting, your user pool must be on the Plus tier.

" }, "UserPoolClientDescription":{ "type":"structure", @@ -9038,7 +9523,7 @@ "documentation":"

The app client name.

" } }, - "documentation":"

A short description of a user pool app client.

This data type is a response parameter of ListUserPoolClients.

" + "documentation":"

A short description of a user pool app client.

" }, "UserPoolClientListType":{ "type":"list", @@ -9089,19 +9574,19 @@ }, "ReadAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" + "documentation":"

The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.

When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.

" }, "WriteAttributes":{ "shape":"ClientPermissionListType", - "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" + "documentation":"

The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.

When you don't specify the WriteAttributes for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates WriteAttributes in the API response if you have specified your own custom set of write attributes.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

" }, "ExplicitAuthFlows":{ "shape":"ExplicitAuthFlowsListType", - "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

Valid values include:

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" + "documentation":"

The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

If you don't specify a value for ExplicitAuthFlows, your app client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

The values for authentication flow options include the following.

  • ALLOW_USER_AUTH: Enable selection-based sign-in with USER_AUTH. This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other ExplicitAuthFlows permitting them. For example users can complete an SRP challenge through USER_AUTH without the flow USER_SRP_AUTH being active for the app client. This flow doesn't include CUSTOM_AUTH.

    To activate this setting, your user pool must be in the Essentials tier or higher.

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

  • ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

  • ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user pool clients at the same time as values that begin with ALLOW_, like ALLOW_USER_SRP_AUTH.

" }, "SupportedIdentityProviders":{ "shape":"SupportedIdentityProvidersListType", - "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This setting applies to providers that you can access with managed login. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent API-based authentication is to block access with a WAF rule.

" + "documentation":"

A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: COGNITO, Facebook, Google, SignInWithApple, and LoginWithAmazon. You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP or MyOIDCIdP.

This parameter sets the IdPs that managed login will display on the login page for your app client. The removal of COGNITO from this list doesn't prevent authentication operations for local users with the user pools API in an Amazon Web Services SDK. The only way to prevent SDK-based authentication is to block access with a WAF rule.

" }, "CallbackURLs":{ "shape":"CallbackURLsListType", @@ -9125,7 +9610,7 @@ }, "AllowedOAuthFlowsUserPoolClient":{ "shape":"BooleanType", - "documentation":"

Set to true to use OAuth 2.0 features in your user pool app client.

AllowedOAuthFlowsUserPoolClient must be true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false.

", + "documentation":"

Set to true to use OAuth 2.0 authorization server features in your app client.

This parameter must have a value of true before you can configure the following features in your app client.

  • CallBackURLs: Callback URLs.

  • LogoutURLs: Sign-out redirect URLs.

  • AllowedOAuthScopes: OAuth 2.0 scopes.

  • AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0 grants.

To use authorization server features, configure one of these features in the Amazon Cognito console or set AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or UpdateUserPoolClient API request. If you don't set a value for AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false. When false, only SDK-based API sign-in is permitted.

", "box":true }, "AnalyticsConfiguration":{ @@ -9134,22 +9619,26 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

  • ENABLED - This prevents user existence-related errors.

  • LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.

Defaults to LEGACY when you don't provide a value.

" + "documentation":"

When ENABLED, suppresses messages that might indicate a valid user exists when someone attempts sign-in. This parameters sets your preference for the errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Defaults to LEGACY.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", - "documentation":"

Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.

" + "documentation":"

Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default.

" }, "EnablePropagateAdditionalUserContextData":{ "shape":"WrappedBooleanType", - "documentation":"

When EnablePropagateAdditionalUserContextData is true, Amazon Cognito accepts an IpAddress value that you send in the UserContextData parameter. The UserContextData parameter sends information to Amazon Cognito advanced security for risk analysis. You can send UserContextData when you sign in Amazon Cognito native users with the InitiateAuth and RespondToAuthChallenge API operations.

When EnablePropagateAdditionalUserContextData is false, you can't send your user's source IP address to Amazon Cognito advanced security with unauthenticated API operations. EnablePropagateAdditionalUserContextData doesn't affect whether you can send a source IP address in a ContextData parameter with the authenticated API operations AdminInitiateAuth and AdminRespondToAuthChallenge.

You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret. For more information about propagation of user context data, see Adding user device and session data to API requests.

" + "documentation":"

When EnablePropagateAdditionalUserContextData is true, Amazon Cognito accepts an IpAddress value that you send in the UserContextData parameter. The UserContextData parameter sends information to Amazon Cognito threat protection for risk analysis. You can send UserContextData when you sign in Amazon Cognito native users with the InitiateAuth and RespondToAuthChallenge API operations.

When EnablePropagateAdditionalUserContextData is false, you can't send your user's source IP address to Amazon Cognito threat protection with unauthenticated API operations. EnablePropagateAdditionalUserContextData doesn't affect whether you can send a source IP address in a ContextData parameter with the authenticated API operations AdminInitiateAuth and AdminRespondToAuthChallenge.

You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret. For more information about propagation of user context data, see Adding user device and session data to API requests.

" }, "AuthSessionValidity":{ "shape":"AuthSessionValidityType", "documentation":"

Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.

" + }, + "RefreshTokenRotation":{ + "shape":"RefreshTokenRotationType", + "documentation":"

The configuration of your app client for refresh token rotation. When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens.

" } }, - "documentation":"

The configuration of a user pool client.

This data type is a request parameter of CreateUserPoolClient and UpdateUserPoolClient, and a response parameter of DescribeUserPoolClient.

" + "documentation":"

The configuration of a user pool client.

" }, "UserPoolDescriptionType":{ "type":"structure", @@ -9181,7 +9670,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

A short description of a user pool.

This data type is a response parameter of ListUserPools.

" + "documentation":"

A short description of a user pool.

" }, "UserPoolIdType":{ "type":"string", @@ -9219,7 +9708,7 @@ "documentation":"

The policy for allowed types of authentication in a user pool.

" } }, - "documentation":"

A list of user pool policies. Contains the policy that sets password-complexity requirements.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

A list of user pool policies. Contains the policy that sets password-complexity requirements.

" }, "UserPoolTaggingException":{ "type":"structure", @@ -9301,15 +9790,15 @@ }, "SmsVerificationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationMessage":{ "shape":"EmailVerificationMessageType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "EmailVerificationSubject":{ "shape":"EmailVerificationSubjectType", - "documentation":"

This parameter is no longer used. See VerificationMessageTemplateType.

" + "documentation":"

This parameter is no longer used.

" }, "VerificationMessageTemplate":{ "shape":"VerificationMessageTemplateType", @@ -9369,11 +9858,11 @@ }, "UserPoolAddOns":{ "shape":"UserPoolAddOnsType", - "documentation":"

User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT. To configure automatic security responses to risky traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool.

" + "documentation":"

Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to AUDIT. To configure automatic security responses to potentially unwanted traffic to your user pool, set to ENFORCED.

For more information, see Adding advanced security to a user pool. To activate this setting, your user pool must be on the Plus tier.

" }, "UsernameConfiguration":{ "shape":"UsernameConfigurationType", - "documentation":"

Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to False (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, username, USERNAME, or UserName, or for email, email@example.com or EMaiL@eXamplE.Com. For most use cases, set case sensitivity to False (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.

This configuration is immutable after you set it. For more information, see UsernameConfigurationType.

" + "documentation":"

Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to False (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, username, USERNAME, or UserName, or for email, email@example.com or EMaiL@eXamplE.Com. For most use cases, set case sensitivity to False (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.

" }, "Arn":{ "shape":"ArnType", @@ -9388,7 +9877,7 @@ "documentation":"

The user pool feature plan, or tier. This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection. Defaults to ESSENTIALS.

" } }, - "documentation":"

The configuration of a user pool.

This data type is a response parameter of CreateUserPool, UpdateUserPool, and DescribeUserPool.

" + "documentation":"

The configuration of a user pool.

" }, "UserStatusType":{ "type":"string", @@ -9428,14 +9917,14 @@ }, "UserStatus":{ "shape":"UserStatusType", - "documentation":"

The user status. This can be one of the following:

  • UNCONFIRMED - User has been created but not confirmed.

  • CONFIRMED - User has been confirmed.

  • EXTERNAL_PROVIDER - User signed in with a third-party IdP.

  • UNKNOWN - User status isn't known.

  • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.

  • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

" + "documentation":"

The user status. This can be one of the following:

  • UNCONFIRMED: User has been created but not confirmed.

  • CONFIRMED: User has been confirmed.

  • EXTERNAL_PROVIDER: User signed in with a third-party IdP.

  • RESET_REQUIRED: User is confirmed, but the user must request a code and reset their password before they can sign in.

  • FORCE_CHANGE_PASSWORD: The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

The statuses ARCHIVED, UNKNOWN, and COMPROMISED are no longer used.

" }, "MFAOptions":{ "shape":"MFAOptionListType", "documentation":"

The user's MFA configuration.

" } }, - "documentation":"

A user profile in a Amazon Cognito user pool.

This data type is a response parameter to AdminCreateUser and ListUsers.

" + "documentation":"

A user profile in a Amazon Cognito user pool.

" }, "UserVerificationType":{ "type":"string", @@ -9464,7 +9953,7 @@ "documentation":"

Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity to False (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.

Valid values include:

true

Enables case sensitivity for all username input. When this option is set to true, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.

false

Enables case insensitivity for all username input. For example, when this option is set to false, users can sign in using username, USERNAME, or UserName. This option also enables both preferred_username and email alias to be case insensitive, in addition to the username attribute.

" } }, - "documentation":"

The configuration of a user pool for username case sensitivity.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The configuration of a user pool for username case sensitivity.

" }, "UsernameExistsException":{ "type":"structure", @@ -9516,7 +10005,7 @@ "documentation":"

The configuration of verification emails to contain a clickable link or a verification code.

For link, your template body must contain link text in the format {##Click here##}. \"Click here\" in the example is a customizable string. For code, your template body must contain a code placeholder in the format {####}.

" } }, - "documentation":"

The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.

This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.

" + "documentation":"

The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.

" }, "VerifiedAttributeType":{ "type":"string", @@ -9535,19 +10024,19 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose software token you want to verify.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that should be passed both ways in challenge-response calls to the service.

" + "documentation":"

The session ID from an AssociateSoftwareToken request.

" }, "UserCode":{ "shape":"SoftwareTokenMFAUserCodeType", - "documentation":"

The one- time password computed using the secret code returned by AssociateSoftwareToken.

" + "documentation":"

A TOTP that the user generated in their configured authenticator app.

" }, "FriendlyDeviceName":{ "shape":"StringType", - "documentation":"

The friendly device name.

" + "documentation":"

A friendly name for the device that's running the TOTP authenticator.

" } } }, @@ -9556,11 +10045,11 @@ "members":{ "Status":{ "shape":"VerifySoftwareTokenResponseType", - "documentation":"

The status of the verify software token.

" + "documentation":"

Amazon Cognito can accept or reject the code that you provide. This response parameter indicates the success of TOTP verification. Some reasons that this operation might return an error are clock skew on the user's device and excessive retries.

" }, "Session":{ "shape":"SessionType", - "documentation":"

The session that should be passed both ways in challenge-response calls to the service.

" + "documentation":"

This session ID satisfies an MFA_SETUP challenge. Supply the session ID in your challenge response.

" } } }, @@ -9581,23 +10070,22 @@ "members":{ "AccessToken":{ "shape":"TokenModelType", - "documentation":"

A valid access token that Amazon Cognito issued to the user whose user attributes you want to verify.

" + "documentation":"

A valid access token that Amazon Cognito issued to the currently signed-in user. Must include a scope claim for aws.cognito.signin.user.admin.

" }, "AttributeName":{ "shape":"AttributeNameType", - "documentation":"

The attribute name in the request to verify user attributes.

" + "documentation":"

The name of the attribute that you want to verify.

" }, "Code":{ "shape":"ConfirmationCodeType", - "documentation":"

The verification code in the request to verify user attributes.

" + "documentation":"

The verification code that your user pool sent to the added or changed attribute, for example the user's email address.

" } }, "documentation":"

Represents the request to verify user attributes.

" }, "VerifyUserAttributeResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A container representing the response from the server from the request to verify user attributes.

" }, "WebAuthnAuthenticatorAttachmentType":{"type":"string"}, @@ -9642,7 +10130,7 @@ "documentation":"

When required, users can only register and sign in users with passkeys that are capable of user verification. When preferred, your user pool doesn't require the use of authenticators with user verification but encourages it.

" } }, - "documentation":"

Settings for multi-factor authentication (MFA) with passkey, or webauthN, biometric and security-key devices in a user pool. Configures the following:

  • Configuration at the user-pool level for whether you want to require passkey configuration as an MFA factor, or include it as a choice.

  • The user pool relying-party ID. This is the user pool domain that user's passkey providers should trust as a receiver of passkey authentication.

  • The providers that you want to allow as origins for passkey authentication.

This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig.

" + "documentation":"

Settings for authentication (MFA) with passkey, or webauthN, biometric and security-key devices in a user pool. Configures the following:

  • Configuration for requiring user-verification support in passkeys.

  • The user pool relying-party ID. This is the domain, typically your user pool domain, that user's passkey providers should trust as a receiver of passkey authentication.

  • The providers that you want to allow as origins for passkey authentication.

" }, "WebAuthnCredentialDescription":{ "type":"structure", @@ -9679,7 +10167,7 @@ "documentation":"

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

" } }, - "documentation":"

The details of a passkey, or webauthN, biometric or security-key authentication factor for a user.

This data type is a response parameter of ListWebAuthnCredentials.

" + "documentation":"

The details of a passkey, or webauthN, biometric or security-key authentication factor for a user.

" }, "WebAuthnCredentialDescriptionListType":{ "type":"list", @@ -9725,5 +10213,5 @@ "WrappedBooleanType":{"type":"boolean"}, "WrappedIntegerType":{"type":"integer"} }, - "documentation":"

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and hosted UI reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Using the Amazon Cognito user pools API and user pool endpoints in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in other supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

" + "documentation":"

With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and managed login reference.

This API reference provides detailed information about API operations and object types in Amazon Cognito.

Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.

  1. An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.

  2. A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.

  3. A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.

For more information, see Understanding API, OIDC, and managed login pages authentication in the Amazon Cognito Developer Guide.

With your Amazon Web Services SDK, you can build the logic to support operational flows in every use case for this API. You can also make direct REST API requests to Amazon Cognito user pools service endpoints. The following links can get you started with the CognitoIdentityProvider client in supported Amazon Web Services SDKs.

To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.

" } diff -pruN 2.23.6-1/awscli/botocore/data/cognito-sync/2014-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cognito-sync/2014-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cognito-sync/2014-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-sync/2014-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/cognito-sync/2014-06-30/service-2.json 2.31.35-1/awscli/botocore/data/cognito-sync/2014-06-30/service-2.json --- 2.23.6-1/awscli/botocore/data/cognito-sync/2014-06-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cognito-sync/2014-06-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,10 +5,12 @@ "endpointPrefix":"cognito-sync", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Cognito Sync", "serviceId":"Cognito Sync", "signatureVersion":"v4", - "uid":"cognito-sync-2014-06-30" + "uid":"cognito-sync-2014-06-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "BulkPublish":{ @@ -1350,8 +1352,7 @@ }, "SubscribeToDatasetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response to a SubscribeToDataset request.

" }, "SyncSessionToken":{"type":"string"}, @@ -1406,8 +1407,7 @@ }, "UnsubscribeFromDatasetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Response to an UnsubscribeFromDataset request.

" }, "UpdateRecordsRequest":{ diff -pruN 2.23.6-1/awscli/botocore/data/comprehend/2017-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/comprehend/2017-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/comprehend/2017-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/comprehend/2017-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/comprehend/2017-11-27/service-2.json 2.31.35-1/awscli/botocore/data/comprehend/2017-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/comprehend/2017-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/comprehend/2017-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"comprehend", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Comprehend", "serviceId":"Comprehend", "signatureVersion":"v4", "signingName":"comprehend", "targetPrefix":"Comprehend_20171127", - "uid":"comprehend-2017-11-27" + "uid":"comprehend-2017-11-27", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchDetectDominantLanguage":{ @@ -2650,8 +2652,7 @@ }, "DeleteDocumentClassifierResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEndpointRequest":{ "type":"structure", @@ -2665,8 +2666,7 @@ }, "DeleteEndpointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEntityRecognizerRequest":{ "type":"structure", @@ -2680,8 +2680,7 @@ }, "DeleteEntityRecognizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFlywheelRequest":{ "type":"structure", @@ -2695,8 +2694,7 @@ }, "DeleteFlywheelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourcePolicyRequest":{ "type":"structure", @@ -2714,8 +2712,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDatasetRequest":{ "type":"structure", @@ -7116,8 +7113,7 @@ }, "StopTrainingDocumentClassifierResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopTrainingEntityRecognizerRequest":{ "type":"structure", @@ -7131,8 +7127,7 @@ }, "StopTrainingEntityRecognizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{ "type":"string", @@ -7238,8 +7233,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7610,8 +7604,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataSecurityConfig":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/comprehendmedical/2018-10-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/comprehendmedical/2018-10-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/comprehendmedical/2018-10-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/comprehendmedical/2018-10-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/comprehendmedical/2018-10-30/service-2.json 2.31.35-1/awscli/botocore/data/comprehendmedical/2018-10-30/service-2.json --- 2.23.6-1/awscli/botocore/data/comprehendmedical/2018-10-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/comprehendmedical/2018-10-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,13 +5,15 @@ "endpointPrefix":"comprehendmedical", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"ComprehendMedical", "serviceFullName":"AWS Comprehend Medical", "serviceId":"ComprehendMedical", "signatureVersion":"v4", "signingName":"comprehendmedical", "targetPrefix":"ComprehendMedical_20181030", - "uid":"comprehendmedical-2018-10-30" + "uid":"comprehendmedical-2018-10-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "DescribeEntitiesDetectionV2Job":{ diff -pruN 2.23.6-1/awscli/botocore/data/compute-optimizer/2019-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/compute-optimizer/2019-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/compute-optimizer/2019-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/compute-optimizer/2019-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/compute-optimizer/2019-11-01/service-2.json 2.31.35-1/awscli/botocore/data/compute-optimizer/2019-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/compute-optimizer/2019-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/compute-optimizer/2019-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -213,7 +213,7 @@ {"shape":"ThrottlingException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Export optimization recommendations for your Amazon Relational Database Service (Amazon RDS).

Recommendations are exported in a comma-separated values (CSV) file, and its metadata in a JavaScript Object Notation (JSON) file, to an existing Amazon Simple Storage Service (Amazon S3) bucket that you specify. For more information, see Exporting Recommendations in the Compute Optimizer User Guide.

You can have only one Amazon RDS export job in progress per Amazon Web Services Region.

" + "documentation":"

Export optimization recommendations for your Amazon Aurora and Amazon Relational Database Service (Amazon RDS) databases.

Recommendations are exported in a comma-separated values (CSV) file, and its metadata in a JavaScript Object Notation (JSON) file, to an existing Amazon Simple Storage Service (Amazon S3) bucket that you specify. For more information, see Exporting Recommendations in the Compute Optimizer User Guide.

You can have only one Amazon Aurora or RDS export job in progress per Amazon Web Services Region.

" }, "GetAutoScalingGroupRecommendations":{ "name":"GetAutoScalingGroupRecommendations", @@ -469,7 +469,7 @@ {"shape":"MissingAuthenticationToken"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns the projected metrics of Amazon RDS recommendations.

" + "documentation":"

Returns the projected metrics of Aurora and RDS database recommendations.

" }, "GetRDSDatabaseRecommendations":{ "name":"GetRDSDatabaseRecommendations", @@ -489,7 +489,7 @@ {"shape":"MissingAuthenticationToken"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns Amazon RDS recommendations.

Compute Optimizer generates recommendations for Amazon RDS that meet a specific set of requirements. For more information, see the Supported resources and requirements in the Compute Optimizer User Guide.

" + "documentation":"

Returns Amazon Aurora and RDS database recommendations.

Compute Optimizer generates recommendations for Amazon Aurora and RDS databases that meet a specific set of requirements. For more information, see the Supported resources and requirements in the Compute Optimizer User Guide.

" }, "GetRecommendationPreferences":{ "name":"GetRecommendationPreferences", @@ -528,7 +528,7 @@ {"shape":"MissingAuthenticationToken"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns the optimization findings for an account.

It returns the number of:

  • Amazon EC2 instances in an account that are Underprovisioned, Overprovisioned, or Optimized.

  • Auto Scaling groups in an account that are NotOptimized, or Optimized.

  • Amazon EBS volumes in an account that are NotOptimized, or Optimized.

  • Lambda functions in an account that are NotOptimized, or Optimized.

  • Amazon ECS services in an account that are Underprovisioned, Overprovisioned, or Optimized.

" + "documentation":"

Returns the optimization findings for an account.

It returns the number of:

  • Amazon EC2 instances in an account that are Underprovisioned, Overprovisioned, or Optimized.

  • EC2Auto Scaling groups in an account that are NotOptimized, or Optimized.

  • Amazon EBS volumes in an account that are NotOptimized, or Optimized.

  • Lambda functions in an account that are NotOptimized, or Optimized.

  • Amazon ECS services in an account that are Underprovisioned, Overprovisioned, or Optimized.

  • Commercial software licenses in an account that are InsufficientMetrics, NotOptimized or Optimized.

  • Amazon Aurora and Amazon RDS databases in an account that are Underprovisioned, Overprovisioned, Optimized, or NotOptimized.

" }, "PutRecommendationPreferences":{ "name":"PutRecommendationPreferences", @@ -952,23 +952,23 @@ "members":{ "storageType":{ "shape":"StorageType", - "documentation":"

The type of RDS storage.

" + "documentation":"

The type of DB storage.

" }, "allocatedStorage":{ "shape":"AllocatedStorage", - "documentation":"

The size of the RDS storage in gigabytes (GB).

" + "documentation":"

The size of the DB storage in gigabytes (GB).

" }, "iops":{ "shape":"NullableIOPS", - "documentation":"

The provisioned IOPs of the RDS storage.

" + "documentation":"

The provisioned IOPs of the DB storage.

" }, "maxAllocatedStorage":{ "shape":"NullableMaxAllocatedStorage", - "documentation":"

The maximum limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the RDS instance.

" + "documentation":"

The maximum limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

" }, "storageThroughput":{ "shape":"NullableStorageThroughput", - "documentation":"

The storage throughput of the RDS storage.

" + "documentation":"

The storage throughput of the DB storage.

" } }, "documentation":"

The configuration of the recommended RDS storage.

" @@ -996,8 +996,7 @@ }, "DeleteRecommendationPreferencesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeRecommendationExportJobsRequest":{ "type":"structure", @@ -1877,11 +1876,11 @@ "members":{ "accountIds":{ "shape":"AccountIds", - "documentation":"

The Amazon Web Services account IDs for the export Amazon RDS recommendations.

If your account is the management account or the delegated administrator of an organization, use this parameter to specify the member account you want to export recommendations to.

This parameter can't be specified together with the include member accounts parameter. The parameters are mutually exclusive.

If this parameter or the include member accounts parameter is omitted, the recommendations for member accounts aren't included in the export.

You can specify multiple account IDs per request.

" + "documentation":"

The Amazon Web Services account IDs for the export Amazon Aurora and RDS database recommendations.

If your account is the management account or the delegated administrator of an organization, use this parameter to specify the member account you want to export recommendations to.

This parameter can't be specified together with the include member accounts parameter. The parameters are mutually exclusive.

If this parameter or the include member accounts parameter is omitted, the recommendations for member accounts aren't included in the export.

You can specify multiple account IDs per request.

" }, "filters":{ "shape":"RDSDBRecommendationFilters", - "documentation":"

An array of objects to specify a filter that exports a more specific set of Amazon RDS recommendations.

" + "documentation":"

An array of objects to specify a filter that exports a more specific set of Amazon Aurora and RDS recommendations.

" }, "fieldsToExport":{ "shape":"ExportableRDSDBFields", @@ -2216,15 +2215,20 @@ "EngineVersion", "Idle", "MultiAZDBInstance", + "ClusterWriter", "CurrentDBInstanceClass", "CurrentStorageConfigurationStorageType", "CurrentStorageConfigurationAllocatedStorage", "CurrentStorageConfigurationMaxAllocatedStorage", "CurrentStorageConfigurationIOPS", "CurrentStorageConfigurationStorageThroughput", + "CurrentStorageEstimatedMonthlyVolumeIOPsCostVariation", "CurrentInstanceOnDemandHourlyPrice", "CurrentStorageOnDemandMonthlyPrice", "LookbackPeriodInDays", + "CurrentStorageEstimatedClusterInstanceOnDemandMonthlyCost", + "CurrentStorageEstimatedClusterStorageOnDemandMonthlyCost", + "CurrentStorageEstimatedClusterStorageIOOnDemandMonthlyCost", "CurrentInstancePerformanceRisk", "UtilizationMetricsCpuMaximum", "UtilizationMetricsMemoryMaximum", @@ -2244,6 +2248,9 @@ "UtilizationMetricsAuroraMemoryNumKillQueryTotalMaximum", "UtilizationMetricsReadIOPSEphemeralStorageMaximum", "UtilizationMetricsWriteIOPSEphemeralStorageMaximum", + "UtilizationMetricsVolumeBytesUsedAverage", + "UtilizationMetricsVolumeReadIOPsAverage", + "UtilizationMetricsVolumeWriteIOPsAverage", "InstanceFinding", "InstanceFindingReasonCodes", "StorageFinding", @@ -2258,6 +2265,7 @@ "StorageRecommendationOptionsIOPS", "StorageRecommendationOptionsStorageThroughput", "StorageRecommendationOptionsRank", + "StorageRecommendationOptionsEstimatedMonthlyVolumeIOPsCostVariation", "InstanceRecommendationOptionsInstanceOnDemandHourlyPrice", "InstanceRecommendationOptionsSavingsOpportunityPercentage", "InstanceRecommendationOptionsEstimatedMonthlySavingsCurrency", @@ -2266,6 +2274,9 @@ "InstanceRecommendationOptionsEstimatedMonthlySavingsCurrencyAfterDiscounts", "InstanceRecommendationOptionsEstimatedMonthlySavingsValueAfterDiscounts", "StorageRecommendationOptionsOnDemandMonthlyPrice", + "StorageRecommendationOptionsEstimatedClusterInstanceOnDemandMonthlyCost", + "StorageRecommendationOptionsEstimatedClusterStorageOnDemandMonthlyCost", + "StorageRecommendationOptionsEstimatedClusterStorageIOOnDemandMonthlyCost", "StorageRecommendationOptionsSavingsOpportunityPercentage", "StorageRecommendationOptionsEstimatedMonthlySavingsCurrency", "StorageRecommendationOptionsEstimatedMonthlySavingsValue", @@ -2737,8 +2748,7 @@ }, "GetEnrollmentStatusRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetEnrollmentStatusResponse":{ "type":"structure", @@ -2933,7 +2943,7 @@ "members":{ "resourceArn":{ "shape":"ResourceArn", - "documentation":"

The ARN that identifies the Amazon RDS.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

" + "documentation":"

The ARN that identifies the Amazon Aurora or RDS database.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

" }, "stat":{ "shape":"MetricStatistic", @@ -2968,23 +2978,23 @@ "members":{ "resourceArns":{ "shape":"ResourceArns", - "documentation":"

The ARN that identifies the Amazon RDS.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

The following is the format of a DB Cluster ARN:

arn:aws:rds:{region}:{accountId}:cluster:{resourceName}

" + "documentation":"

The ARN that identifies the Amazon Aurora or RDS database.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

The following is the format of a DB Cluster ARN:

arn:aws:rds:{region}:{accountId}:cluster:{resourceName}

" }, "nextToken":{ "shape":"NextToken", - "documentation":"

The token to advance to the next page of Amazon RDS recommendations.

" + "documentation":"

The token to advance to the next page of Amazon Aurora and RDS database recommendations.

" }, "maxResults":{ "shape":"MaxResults", - "documentation":"

The maximum number of Amazon RDS recommendations to return with a single request.

To retrieve the remaining results, make another request with the returned nextToken value.

" + "documentation":"

The maximum number of Amazon Aurora and RDS database recommendations to return with a single request.

To retrieve the remaining results, make another request with the returned nextToken value.

" }, "filters":{ "shape":"RDSDBRecommendationFilters", - "documentation":"

An array of objects to specify a filter that returns a more specific list of Amazon RDS recommendations.

" + "documentation":"

An array of objects to specify a filter that returns a more specific list of Amazon Aurora and RDS database recommendations.

" }, "accountIds":{ "shape":"AccountIds", - "documentation":"

Return the Amazon RDS recommendations to the specified Amazon Web Services account IDs.

If your account is the management account or the delegated administrator of an organization, use this parameter to return the Amazon RDS recommendations to specific member accounts.

You can only specify one account ID per request.

" + "documentation":"

Return the Amazon Aurora and RDS database recommendations to the specified Amazon Web Services account IDs.

If your account is the management account or the delegated administrator of an organization, use this parameter to return the Amazon Aurora and RDS database recommendations to specific member accounts.

You can only specify one account ID per request.

" }, "recommendationPreferences":{"shape":"RecommendationPreferences"} } @@ -2994,11 +3004,11 @@ "members":{ "nextToken":{ "shape":"NextToken", - "documentation":"

The token to advance to the next page of Amazon RDS recommendations.

" + "documentation":"

The token to advance to the next page of Amazon Aurora and RDS database recommendations.

" }, "rdsDBRecommendations":{ "shape":"RDSDBRecommendations", - "documentation":"

An array of objects that describe the Amazon RDS recommendations.

" + "documentation":"

An array of objects that describe the Amazon Aurora and RDS database recommendations.

" }, "errors":{ "shape":"GetRecommendationErrors", @@ -4431,8 +4441,7 @@ }, "PutRecommendationPreferencesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RDSCurrentInstancePerformanceRisk":{ "type":"string", @@ -4448,27 +4457,27 @@ "members":{ "dbInstanceClass":{ "shape":"DBInstanceClass", - "documentation":"

Describes the DB instance class recommendation option for your Amazon RDS instance.

" + "documentation":"

Describes the DB instance class recommendation option for your Amazon Aurora or RDS database.

" }, "projectedUtilizationMetrics":{ "shape":"RDSDBProjectedUtilizationMetrics", - "documentation":"

An array of objects that describe the projected utilization metrics of the RDS instance recommendation option.

" + "documentation":"

An array of objects that describe the projected utilization metrics of the DB instance recommendation option.

" }, "performanceRisk":{ "shape":"PerformanceRisk", - "documentation":"

The performance risk of the RDS instance recommendation option.

" + "documentation":"

The performance risk of the DB instance recommendation option.

" }, "rank":{ "shape":"Rank", - "documentation":"

The rank identifier of the RDS instance recommendation option.

" + "documentation":"

The rank identifier of the DB instance recommendation option.

" }, "savingsOpportunity":{"shape":"SavingsOpportunity"}, "savingsOpportunityAfterDiscounts":{ "shape":"RDSInstanceSavingsOpportunityAfterDiscounts", - "documentation":"

Describes the savings opportunity for Amazon RDS recommendations or for the recommendation option.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" + "documentation":"

Describes the savings opportunity for Amazon Aurora and RDS database recommendations or for the recommendation option.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" } }, - "documentation":"

Describes the recommendation options for an Amazon RDS instance.

" + "documentation":"

Describes the recommendation options for a DB instance.

" }, "RDSDBInstanceRecommendationOptions":{ "type":"list", @@ -4494,7 +4503,10 @@ "AuroraMemoryNumKillConnTotal", "AuroraMemoryNumKillQueryTotal", "ReadIOPSEphemeralStorage", - "WriteIOPSEphemeralStorage" + "WriteIOPSEphemeralStorage", + "VolumeReadIOPs", + "VolumeBytesUsed", + "VolumeWriteIOPs" ] }, "RDSDBMetricStatistic":{ @@ -4514,15 +4526,15 @@ "members":{ "resourceArn":{ "shape":"ResourceArn", - "documentation":"

The ARN of the current Amazon RDS.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

" + "documentation":"

The ARN of the current Amazon Aurora or RDS database.

The following is the format of the ARN:

arn:aws:rds:{region}:{accountId}:db:{resourceName}

" }, "accountId":{ "shape":"AccountId", - "documentation":"

The Amazon Web Services account ID of the Amazon RDS.

" + "documentation":"

The Amazon Web Services account ID of the Amazon Aurora or RDS database.

" }, "engine":{ "shape":"Engine", - "documentation":"

The engine of the RDS instance.

" + "documentation":"

The engine of the DB instance.

" }, "engineVersion":{ "shape":"EngineVersion", @@ -4534,11 +4546,11 @@ }, "currentDBInstanceClass":{ "shape":"CurrentDBInstanceClass", - "documentation":"

The DB instance class of the current RDS instance.

" + "documentation":"

The DB instance class of the current Aurora or RDS DB instance.

" }, "currentStorageConfiguration":{ "shape":"DBStorageConfiguration", - "documentation":"

The configuration of the current RDS storage.

" + "documentation":"

The configuration of the current DB storage.

" }, "dbClusterIdentifier":{ "shape":"DBClusterIdentifier", @@ -4546,72 +4558,76 @@ }, "idle":{ "shape":"Idle", - "documentation":"

This indicates if the RDS instance is idle or not.

" + "documentation":"

This indicates if the DB instance is idle or not.

" }, "instanceFinding":{ "shape":"RDSInstanceFinding", - "documentation":"

The finding classification of an Amazon RDS instance.

Findings for Amazon RDS instance include:

  • Underprovisioned — When Compute Optimizer detects that there’s not enough resource specifications, an Amazon RDS is considered under-provisioned.

  • Overprovisioned — When Compute Optimizer detects that there’s excessive resource specifications, an Amazon RDS is considered over-provisioned.

  • Optimized — When the specifications of your Amazon RDS instance meet the performance requirements of your workload, the service is considered optimized.

" + "documentation":"

The finding classification of an Amazon Aurora and RDS DB instance.

For more information about finding classifications, see Finding classifications for Aurora and RDS databases in the Compute Optimizer User Guide.

" }, "storageFinding":{ "shape":"RDSStorageFinding", - "documentation":"

The finding classification of Amazon RDS storage.

Findings for Amazon RDS instance include:

  • Underprovisioned — When Compute Optimizer detects that there’s not enough storage, an Amazon RDS is considered under-provisioned.

  • Overprovisioned — When Compute Optimizer detects that there’s excessive storage, an Amazon RDS is considered over-provisioned.

  • Optimized — When the storage of your Amazon RDS meet the performance requirements of your workload, the service is considered optimized.

" + "documentation":"

The finding classification of Amazon RDS DB instance storage.

For more information about finding classifications, see Finding classifications for Aurora and RDS databases in the Compute Optimizer User Guide.

" }, "instanceFindingReasonCodes":{ "shape":"RDSInstanceFindingReasonCodes", - "documentation":"

The reason for the finding classification of an Amazon RDS instance.

" + "documentation":"

The reason for the finding classification of a DB instance.

" }, "currentInstancePerformanceRisk":{ "shape":"RDSCurrentInstancePerformanceRisk", "documentation":"

The performance risk for the current DB instance.

" }, + "currentStorageEstimatedMonthlyVolumeIOPsCostVariation":{ + "shape":"RDSEstimatedMonthlyVolumeIOPsCostVariation", + "documentation":"

The level of variation in monthly I/O costs for the current DB storage configuration.

" + }, "storageFindingReasonCodes":{ "shape":"RDSStorageFindingReasonCodes", - "documentation":"

The reason for the finding classification of Amazon RDS storage.

" + "documentation":"

The reason for the finding classification of RDS DB instance storage.

" }, "instanceRecommendationOptions":{ "shape":"RDSDBInstanceRecommendationOptions", - "documentation":"

An array of objects that describe the recommendation options for the Amazon RDS instance.

" + "documentation":"

An array of objects that describe the recommendation options for the RDS DB instance.

" }, "storageRecommendationOptions":{ "shape":"RDSDBStorageRecommendationOptions", - "documentation":"

An array of objects that describe the recommendation options for Amazon RDS storage.

" + "documentation":"

An array of objects that describe the recommendation options for DB instance storage.

" }, "utilizationMetrics":{ "shape":"RDSDBUtilizationMetrics", - "documentation":"

An array of objects that describe the utilization metrics of the Amazon RDS.

" + "documentation":"

An array of objects that describe the utilization metrics of the DB instance.

" }, "effectiveRecommendationPreferences":{ "shape":"RDSEffectiveRecommendationPreferences", - "documentation":"

Describes the effective recommendation preferences for Amazon RDS.

" + "documentation":"

Describes the effective recommendation preferences for DB instances.

" }, "lookbackPeriodInDays":{ "shape":"LookBackPeriodInDays", - "documentation":"

The number of days the Amazon RDS utilization metrics were analyzed.

" + "documentation":"

The number of days the DB instance utilization metrics were analyzed.

" }, "lastRefreshTimestamp":{ "shape":"LastRefreshTimestamp", - "documentation":"

The timestamp of when the Amazon RDS recommendation was last generated.

" + "documentation":"

The timestamp of when the DB instance recommendation was last generated.

" }, "tags":{ "shape":"Tags", - "documentation":"

A list of tags assigned to your Amazon RDS recommendations.

" + "documentation":"

A list of tags assigned to your DB instance recommendations.

" } }, - "documentation":"

Describes an Amazon RDS recommendation.

" + "documentation":"

Describes an Amazon Aurora and RDS database recommendation.

" }, "RDSDBRecommendationFilter":{ "type":"structure", "members":{ "name":{ "shape":"RDSDBRecommendationFilterName", - "documentation":"

The name of the filter.

Specify Finding to return recommendations with a specific finding classification.

You can filter your Amazon RDS recommendations by tag:key and tag-key tags.

A tag:key is a key and value combination of a tag assigned to your Amazon RDS recommendations. Use the tag key in the filter name and the tag value as the filter value. For example, to find all Amazon RDS service recommendations that have a tag with the key of Owner and the value of TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

A tag-key is the key of a tag assigned to your Amazon RDS recommendations. Use this filter to find all of your Amazon RDS recommendations that have a tag with a specific key. This doesn’t consider the tag value. For example, you can find your Amazon RDS service recommendations with a tag key value of Owner or without any tag keys assigned.

" + "documentation":"

The name of the filter.

Specify Finding to return recommendations with a specific finding classification.

You can filter your DB instance recommendations by tag:key and tag-key tags.

A tag:key is a key and value combination of a tag assigned to your DB instance recommendations. Use the tag key in the filter name and the tag value as the filter value. For example, to find all DB instance recommendations that have a tag with the key of Owner and the value of TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

A tag-key is the key of a tag assigned to your DB instance recommendations. Use this filter to find all of your DB instance recommendations that have a tag with a specific key. This doesn’t consider the tag value. For example, you can find your DB instance recommendations with a tag key value of Owner or without any tag keys assigned.

" }, "values":{ "shape":"FilterValues", "documentation":"

The value of the filter.

" } }, - "documentation":"

Describes a filter that returns a more specific list of Amazon RDS recommendations. Use this filter with the GetECSServiceRecommendations action.

" + "documentation":"

Describes a filter that returns a more specific list of DB instance recommendations. Use this filter with the GetECSServiceRecommendations action.

" }, "RDSDBRecommendationFilterName":{ "type":"string", @@ -4640,15 +4656,19 @@ }, "rank":{ "shape":"Rank", - "documentation":"

The rank identifier of the RDS storage recommendation option.

" + "documentation":"

The rank identifier of the DB storage recommendation option.

" }, "savingsOpportunity":{"shape":"SavingsOpportunity"}, "savingsOpportunityAfterDiscounts":{ "shape":"RDSStorageSavingsOpportunityAfterDiscounts", - "documentation":"

Describes the savings opportunity for Amazon RDS storage recommendations or for the recommendation option.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" + "documentation":"

Describes the savings opportunity for DB storage recommendations or for the recommendation option.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" + }, + "estimatedMonthlyVolumeIOPsCostVariation":{ + "shape":"RDSEstimatedMonthlyVolumeIOPsCostVariation", + "documentation":"

The projected level of variation in monthly I/O costs for the DB storage recommendation option.

" } }, - "documentation":"

Describes the recommendation options for Amazon RDS storage.

" + "documentation":"

Describes the recommendation options for DB storage.

" }, "RDSDBStorageRecommendationOptions":{ "type":"list", @@ -4670,7 +4690,7 @@ "documentation":"

The value of the utilization metric.

" } }, - "documentation":"

Describes the utilization metric of an Amazon RDS.

To determine the performance difference between your current Amazon RDS and the recommended option, compare the utilization metric data of your service against its projected utilization metric data.

" + "documentation":"

Describes the utilization metric of an Amazon Aurora and RDS database.

To determine the performance difference between your current DB instance and the recommended option, compare the utilization metric data of your service against its projected utilization metric data.

" }, "RDSDBUtilizationMetrics":{ "type":"list", @@ -4692,7 +4712,7 @@ "documentation":"

The values for the projected metric.

" } }, - "documentation":"

Describes the projected metrics of an Amazon RDS recommendation option.

To determine the performance difference between your current Amazon RDS and the recommended option, compare the metric data of your service against its projected metric data.

" + "documentation":"

Describes the projected metrics of an Amazon Aurora and RDS database recommendation option.

To determine the performance difference between your current Amazon Aurora and RDS database and the recommended option, compare the metric data of your service against its projected metric data.

" }, "RDSDatabaseProjectedMetrics":{ "type":"list", @@ -4703,18 +4723,18 @@ "members":{ "recommendedDBInstanceClass":{ "shape":"RecommendedDBInstanceClass", - "documentation":"

The recommended DB instance class for the Amazon RDS.

" + "documentation":"

The recommended DB instance class for the Amazon Aurora or RDS database.

" }, "rank":{ "shape":"Rank", - "documentation":"

The rank identifier of the RDS instance recommendation option.

" + "documentation":"

The rank identifier of the Amazon Aurora or RDS DB instance recommendation option.

" }, "projectedMetrics":{ "shape":"RDSDatabaseProjectedMetrics", "documentation":"

An array of objects that describe the projected metric.

" } }, - "documentation":"

Describes the projected metrics of an Amazon RDS recommendation option.

To determine the performance difference between your current Amazon RDS and the recommended option, compare the metric data of your service against its projected metric data.

" + "documentation":"

Describes the projected metrics of an Amazon Aurora and RDS database recommendation option.

To determine the performance difference between your current Amazon Aurora and RDS database and the recommended option, compare the metric data of your service against its projected metric data.

" }, "RDSDatabaseRecommendedOptionProjectedMetrics":{ "type":"list", @@ -4725,7 +4745,7 @@ "members":{ "cpuVendorArchitectures":{ "shape":"CpuVendorArchitectures", - "documentation":"

Describes the CPU vendor and architecture for Amazon RDS recommendations.

" + "documentation":"

Describes the CPU vendor and architecture for DB instance recommendations.

" }, "enhancedInfrastructureMetrics":{ "shape":"EnhancedInfrastructureMetrics", @@ -4733,14 +4753,23 @@ }, "lookBackPeriod":{ "shape":"LookBackPeriodPreference", - "documentation":"

The number of days the utilization metrics of the Amazon RDS are analyzed.

" + "documentation":"

The number of days the utilization metrics of the DB instance are analyzed.

" }, "savingsEstimationMode":{ "shape":"RDSSavingsEstimationMode", - "documentation":"

Describes the savings estimation mode preference applied for calculating savings opportunity for Amazon RDS.

" + "documentation":"

Describes the savings estimation mode preference applied for calculating savings opportunity for DB instances.

" } }, - "documentation":"

Describes the effective recommendation preferences for Amazon RDS.

" + "documentation":"

Describes the effective recommendation preferences for Amazon Aurora and RDS databases.

" + }, + "RDSEstimatedMonthlyVolumeIOPsCostVariation":{ + "type":"string", + "enum":[ + "None", + "Low", + "Medium", + "High" + ] }, "RDSInstanceEstimatedMonthlySavings":{ "type":"structure", @@ -4751,10 +4780,10 @@ }, "value":{ "shape":"Value", - "documentation":"

The value of the estimated monthly savings for Amazon RDS instances.

" + "documentation":"

The value of the estimated monthly savings for DB instances.

" } }, - "documentation":"

Describes the estimated monthly savings possible for Amazon RDS instances by adopting Compute Optimizer recommendations. This is based on Amazon RDS pricing after applying Savings Plans discounts.

" + "documentation":"

Describes the estimated monthly savings possible for DB instances by adopting Compute Optimizer recommendations. This is based on DB instance pricing after applying Savings Plans discounts.

" }, "RDSInstanceFinding":{ "type":"string", @@ -4792,24 +4821,24 @@ "members":{ "savingsOpportunityPercentage":{ "shape":"SavingsOpportunityPercentage", - "documentation":"

The estimated monthly savings possible as a percentage of monthly cost by adopting Compute Optimizer’s Amazon RDS instance recommendations. This includes any applicable Savings Plans discounts.

" + "documentation":"

The estimated monthly savings possible as a percentage of monthly cost by adopting Compute Optimizer’s DB instance recommendations. This includes any applicable Savings Plans discounts.

" }, "estimatedMonthlySavings":{ "shape":"RDSInstanceEstimatedMonthlySavings", - "documentation":"

The estimated monthly savings possible by adopting Compute Optimizer’s Amazon RDS instance recommendations. This includes any applicable Savings Plans discounts.

" + "documentation":"

The estimated monthly savings possible by adopting Compute Optimizer’s DB instance recommendations. This includes any applicable Savings Plans discounts.

" } }, - "documentation":"

Describes the savings opportunity for Amazon RDS instance recommendations after applying Savings Plans discounts.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" + "documentation":"

Describes the savings opportunity for DB instance recommendations after applying Savings Plans discounts.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" }, "RDSSavingsEstimationMode":{ "type":"structure", "members":{ "source":{ "shape":"RDSSavingsEstimationModeSource", - "documentation":"

Describes the source for calculating the savings opportunity for Amazon RDS.

" + "documentation":"

Describes the source for calculating the savings opportunity for DB instances.

" } }, - "documentation":"

Describes the savings estimation mode used for calculating savings opportunity for Amazon RDS.

" + "documentation":"

Describes the savings estimation mode used for calculating savings opportunity for DB instances.

" }, "RDSSavingsEstimationModeSource":{ "type":"string", @@ -4828,17 +4857,18 @@ }, "value":{ "shape":"Value", - "documentation":"

The value of the estimated monthly savings for Amazon RDS storage.

" + "documentation":"

The value of the estimated monthly savings for DB instance storage.

" } }, - "documentation":"

Describes the estimated monthly savings possible for Amazon RDS storage by adopting Compute Optimizer recommendations. This is based on Amazon RDS pricing after applying Savings Plans discounts.

" + "documentation":"

Describes the estimated monthly savings possible for DB instance storage by adopting Compute Optimizer recommendations. This is based on DB instance pricing after applying Savings Plans discounts.

" }, "RDSStorageFinding":{ "type":"string", "enum":[ "Optimized", "Underprovisioned", - "Overprovisioned" + "Overprovisioned", + "NotOptimized" ] }, "RDSStorageFindingReasonCode":{ @@ -4848,7 +4878,9 @@ "EBSVolumeThroughputUnderprovisioned", "EBSVolumeIOPSOverprovisioned", "EBSVolumeThroughputOverprovisioned", - "NewGenerationStorageTypeAvailable" + "NewGenerationStorageTypeAvailable", + "DBClusterStorageOptionAvailable", + "DBClusterStorageSavingsAvailable" ] }, "RDSStorageFindingReasonCodes":{ @@ -4860,11 +4892,11 @@ "members":{ "savingsOpportunityPercentage":{ "shape":"SavingsOpportunityPercentage", - "documentation":"

The estimated monthly savings possible as a percentage of monthly cost by adopting Compute Optimizer’s Amazon RDS storage recommendations. This includes any applicable Savings Plans discounts.

" + "documentation":"

The estimated monthly savings possible as a percentage of monthly cost by adopting Compute Optimizer’s DB instance storage recommendations. This includes any applicable Savings Plans discounts.

" }, "estimatedMonthlySavings":{ "shape":"RDSStorageEstimatedMonthlySavings", - "documentation":"

The estimated monthly savings possible by adopting Compute Optimizer’s Amazon RDS storage recommendations. This includes any applicable Savings Plans discounts.

" + "documentation":"

The estimated monthly savings possible by adopting Compute Optimizer’s DB instance storage recommendations. This includes any applicable Savings Plans discounts.

" } }, "documentation":"

Describes the savings opportunity for Amazon RDS storage recommendations after applying Savings Plans discounts.

Savings opportunity represents the estimated monthly savings after applying Savings Plans discounts. You can achieve this by implementing a given Compute Optimizer recommendation.

" @@ -5026,7 +5058,8 @@ "EcsService", "License", "RdsDBInstance", - "RdsDBInstanceStorage" + "RdsDBInstanceStorage", + "AuroraDBClusterStorage" ] }, "RecommendationSources":{ @@ -5123,6 +5156,7 @@ "EcsService", "License", "RdsDBInstance", + "AuroraDBClusterStorage", "Idle" ] }, diff -pruN 2.23.6-1/awscli/botocore/data/config/2014-11-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/config/2014-11-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/config/2014-11-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/config/2014-11-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/config/2014-11-12/service-2.json 2.31.35-1/awscli/botocore/data/config/2014-11-12/service-2.json --- 2.23.6-1/awscli/botocore/data/config/2014-11-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/config/2014-11-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -81,7 +81,7 @@ {"shape":"NoSuchConfigRuleException"}, {"shape":"ResourceInUseException"} ], - "documentation":"

Deletes the specified Config rule and all of its evaluation results.

Config sets the state of a rule to DELETING until the deletion is complete. You cannot update a rule while it is in this state. If you make a PutConfigRule or DeleteConfigRule request for the rule, you will receive a ResourceInUseException.

You can check the state of a rule by using the DescribeConfigRules request.

Recommendation: Stop recording resource compliance before deleting rules

It is highly recommended that you stop recording for the AWS::Config::ResourceCompliance resource type before you delete rules in your account. Deleting rules creates CIs for AWS::Config::ResourceCompliance and can affect your Config configuration recorder costs. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

Best practice:

  1. Stop recording AWS::Config::ResourceCompliance

  2. Delete rule(s)

  3. Turn on recording for AWS::Config::ResourceCompliance

" + "documentation":"

Deletes the specified Config rule and all of its evaluation results.

Config sets the state of a rule to DELETING until the deletion is complete. You cannot update a rule while it is in this state. If you make a PutConfigRule or DeleteConfigRule request for the rule, you will receive a ResourceInUseException.

You can check the state of a rule by using the DescribeConfigRules request.

Recommendation: Consider excluding the AWS::Config::ResourceCompliance resource type from recording before deleting rules

Deleting rules creates configuration items (CIs) for AWS::Config::ResourceCompliance that can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

To avoid the associated costs, you can opt to disable recording for the AWS::Config::ResourceCompliance resource type before deleting rules, and re-enable recording after the rules have been deleted.

However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.

" }, "DeleteConfigurationAggregator":{ "name":"DeleteConfigurationAggregator", @@ -119,7 +119,7 @@ {"shape":"NoSuchConformancePackException"}, {"shape":"ResourceInUseException"} ], - "documentation":"

Deletes the specified conformance pack and all the Config rules, remediation actions, and all evaluation results within that conformance pack.

Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.

" + "documentation":"

Deletes the specified conformance pack and all the Config rules, remediation actions, and all evaluation results within that conformance pack.

Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.

Recommendation: Consider excluding the AWS::Config::ResourceCompliance resource type from recording before deleting rules

Deleting rules creates configuration items (CIs) for AWS::Config::ResourceCompliance that can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

To avoid the associated costs, you can opt to disable recording for the AWS::Config::ResourceCompliance resource type before deleting rules, and re-enable recording after the rules have been deleted.

However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.

" }, "DeleteDeliveryChannel":{ "name":"DeleteDeliveryChannel", @@ -160,7 +160,7 @@ {"shape":"ResourceInUseException"}, {"shape":"OrganizationAccessDeniedException"} ], - "documentation":"

Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that organization.

Only a management account and a delegated administrator account can delete an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.

" + "documentation":"

Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that organization.

Only a management account and a delegated administrator account can delete an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.

Recommendation: Consider excluding the AWS::Config::ResourceCompliance resource type from recording before deleting rules

Deleting rules creates configuration items (CIs) for AWS::Config::ResourceCompliance that can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

To avoid the associated costs, you can opt to disable recording for the AWS::Config::ResourceCompliance resource type before deleting rules, and re-enable recording after the rules have been deleted.

However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.

" }, "DeleteOrganizationConformancePack":{ "name":"DeleteOrganizationConformancePack", @@ -174,7 +174,7 @@ {"shape":"ResourceInUseException"}, {"shape":"OrganizationAccessDeniedException"} ], - "documentation":"

Deletes the specified organization conformance pack and all of the Config rules and remediation actions from all member accounts in that organization.

Only a management account or a delegated administrator account can delete an organization conformance pack. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.

" + "documentation":"

Deletes the specified organization conformance pack and all of the Config rules and remediation actions from all member accounts in that organization.

Only a management account or a delegated administrator account can delete an organization conformance pack. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.

Recommendation: Consider excluding the AWS::Config::ResourceCompliance resource type from recording before deleting rules

Deleting rules creates configuration items (CIs) for AWS::Config::ResourceCompliance that can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

To avoid the associated costs, you can opt to disable recording for the AWS::Config::ResourceCompliance resource type before deleting rules, and re-enable recording after the rules have been deleted.

However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.

" }, "DeletePendingAggregationRequest":{ "name":"DeletePendingAggregationRequest", @@ -927,7 +927,7 @@ {"shape":"NoAvailableConfigurationRecorderException"}, {"shape":"ResourceNotDiscoveredException"} ], - "documentation":"

For accurate reporting on the compliance status, you must record the AWS::Config::ResourceCompliance resource type. For more information, see Selecting Which Resources Config Records.

Returns a list of ConfigurationItems for the specified resource. The list contains details about each state of the resource during the specified time interval. If you specified a retention period to retain your ConfigurationItems between a minimum of 30 days and a maximum of 7 years (2557 days), Config returns the ConfigurationItems for the specified retention period.

The response is paginated. By default, Config returns a limit of 10 configuration items per page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit. In such cases, you can make another call, using the nextToken.

" + "documentation":"

For accurate reporting on the compliance status, you must record the AWS::Config::ResourceCompliance resource type.

For more information, see Recording Amazon Web Services Resources in the Config Resources Developer Guide.

Returns a list of configurations items (CIs) for the specified resource.

Contents

The list contains details about each state of the resource during the specified time interval. If you specified a retention period to retain your CIs between a minimum of 30 days and a maximum of 7 years (2557 days), Config returns the CIs for the specified retention period.

Pagination

The response is paginated. By default, Config returns a limit of 10 configuration items per page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit. In such cases, you can make another call, using the nextToken.

" }, "GetResourceEvaluationSummary":{ "name":"GetResourceEvaluationSummary", @@ -1014,7 +1014,7 @@ {"shape":"InvalidNextTokenException"}, {"shape":"NoAvailableConfigurationRecorderException"} ], - "documentation":"

Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that Config has discovered, including those that Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.

You can specify either resource IDs or a resource name, but not both, in the same request.

The response is paginated. By default, Config lists 100 resource identifiers on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

" + "documentation":"

Returns a list of resource resource identifiers for the specified resource types for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name.

The results consist of resources that Config has discovered, including those that Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.

You can specify either resource IDs or a resource name, but not both, in the same request.

CloudFormation stack recording behavior in Config

When a CloudFormation stack fails to create (for example, it enters the ROLLBACK_FAILED state), Config does not record a configuration item (CI) for that stack. Configuration items are only recorded for stacks that reach the following states:

  • CREATE_COMPLETE

  • UPDATE_COMPLETE

  • UPDATE_ROLLBACK_COMPLETE

  • UPDATE_ROLLBACK_FAILED

  • DELETE_FAILED

  • DELETE_COMPLETE

Because no CI is created for a failed stack creation, you won't see configuration history for that stack in Config, even after the stack is deleted. This helps make sure that Config only tracks resources that were successfully provisioned.

" }, "ListResourceEvaluations":{ "name":"ListResourceEvaluations", @@ -1140,7 +1140,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MaxNumberOfConformancePacksExceededException"} ], - "documentation":"

Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across an organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.

You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails.

" + "documentation":"

Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily deployed in an account and a region and across an organization. For information on how many conformance packs you can have per account, see Service Limits in the Config Developer Guide.

When you use PutConformancePack to deploy conformance packs in your account, the operation can create Config rules and remediation actions without requiring config:PutConfigRule or config:PutRemediationConfigurations permissions in your account IAM policies.

This API uses the AWSServiceRoleForConfigConforms service-linked role in your account to create conformance pack resources. This service-linked role includes the permissions to create Config rules and remediation configurations, even if your account IAM policies explicitly deny these actions.

This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.

You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails.

" }, "PutDeliveryChannel":{ "name":"PutDeliveryChannel", @@ -1228,7 +1228,7 @@ {"shape":"OrganizationAllFeaturesNotEnabledException"}, {"shape":"NoAvailableOrganizationException"} ], - "documentation":"

Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.

Only a management account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.

This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.

" + "documentation":"

Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.

Only a management account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.

When you use PutOrganizationConformancePack to deploy conformance packs across member accounts, the operation can create Config rules and remediation actions without requiring config:PutConfigRule or config:PutRemediationConfigurations permissions in member account IAM policies.

This API uses the AWSServiceRoleForConfigConforms service-linked role in each member account to create conformance pack resources. This service-linked role includes the permissions to create Config rules and remediation configurations, even if member account IAM policies explicitly deny these actions.

This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.

" }, "PutRemediationConfigurations":{ "name":"PutRemediationConfigurations", @@ -1301,7 +1301,7 @@ {"shape":"LimitExceededException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates a service-linked configuration recorder that is linked to a specific Amazon Web Services service based on the ServicePrincipal you specify.

The configuration recorder's name, recordingGroup, recordingMode, and recordingScope is set by the service that is linked to the configuration recorder.

For more information, see Working with the Configuration Recorder in the Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfig in your account. The service-linked role is created only when the role does not exist in your account.

The recording scope determines if you receive configuration items

The recording scope is set by the service that is linked to the configuration recorder and determines whether you receive configuration items (CIs) in the delivery channel. If the recording scope is internal, you will not receive CIs in the delivery channel.

Tags are added at creation and cannot be updated with this operation

Use TagResource and UntagResource to update tags after creation.

" + "documentation":"

Creates a service-linked configuration recorder that is linked to a specific Amazon Web Services service based on the ServicePrincipal you specify.

The configuration recorder's name, recordingGroup, recordingMode, and recordingScope is set by the service that is linked to the configuration recorder.

For more information and a list of supported services/service principals, see Working with the Configuration Recorder in the Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfig in your account. The service-linked role is created only when the role does not exist in your account.

The recording scope determines if you receive configuration items

The recording scope is set by the service that is linked to the configuration recorder and determines whether you receive configuration items (CIs) in the delivery channel. If the recording scope is internal, you will not receive CIs in the delivery channel.

Tags are added at creation and cannot be updated with this operation

Use TagResource and UntagResource to update tags after creation.

" }, "PutStoredQuery":{ "name":"PutStoredQuery", @@ -1963,15 +1963,15 @@ }, "configuration":{ "shape":"Configuration", - "documentation":"

The description of the resource configuration.

" + "documentation":"

A JSON-encoded string that contains the contents for the resource configuration. This string needs to be deserialized using json.loads() before you can access the contents.

" }, "supplementaryConfiguration":{ "shape":"SupplementaryConfiguration", - "documentation":"

Configuration attributes that Config returns for certain resource types to supplement the information returned for the configuration parameter.

" + "documentation":"

A string to string map that contains additional contents for the resource configuration.Config returns this field for certain resource types to supplement the information returned for the configuration field.

This string needs to be deserialized using json.loads() before you can access the contents.

" }, "recordingFrequency":{ "shape":"RecordingFrequency", - "documentation":"

The recording frequency that Config uses to record configuration changes for the resource.

" + "documentation":"

The recording frequency that Config uses to record configuration changes for the resource.

This field only appears in the API response when DAILY recording is enabled for a resource type. If this field is not present, CONTINUOUS recording is enabled for that resource type. For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.

" }, "configurationItemDeliveryTime":{ "shape":"ConfigurationItemDeliveryTime", @@ -2238,7 +2238,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.

The scope can be empty.

" + "documentation":"

Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.

" }, "Source":{ "shape":"Source", @@ -2565,19 +2565,19 @@ }, "configuration":{ "shape":"Configuration", - "documentation":"

The description of the resource configuration.

" + "documentation":"

A JSON-encoded string that contains the contents for the resource configuration. This string needs to be deserialized using json.loads() before you can access the contents.

" }, "supplementaryConfiguration":{ "shape":"SupplementaryConfiguration", - "documentation":"

Configuration attributes that Config returns for certain resource types to supplement the information returned for the configuration parameter.

" + "documentation":"

A string to string map that contains additional contents for the resource configuration.Config returns this field for certain resource types to supplement the information returned for the configuration field.

This string to string map needs to be deserialized using json.loads() before you can accessing the contents.

" }, "recordingFrequency":{ "shape":"RecordingFrequency", - "documentation":"

The recording frequency that Config uses to record configuration changes for the resource.

" + "documentation":"

The recording frequency that Config uses to record configuration changes for the resource.

This field only appears in the API response when DAILY recording is enabled for a resource type. If this field is not present, CONTINUOUS recording is enabled for that resource type. For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.

" }, "configurationItemDeliveryTime":{ "shape":"ConfigurationItemDeliveryTime", - "documentation":"

The time when configuration changes for the resource were delivered.

This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.

" + "documentation":"

The time when configuration changes for the resource were delivered.

This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away.

For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.

" } }, "documentation":"

A list that contains detailed configurations of a specified resource.

" @@ -2608,7 +2608,7 @@ }, "name":{ "shape":"RecorderName", - "documentation":"

The name of the configuration recorder.

For customer managed configuration recorders, Config automatically assigns the name of \"default\" when creating a configuration recorder if you do not specify a name at creation time.

For service-linked configuration recorders, Config automatically assigns a name that has the prefix \"AWS\" to a new service-linked configuration recorder.

Changing the name of a configuration recorder

To change the name of the customer managed configuration recorder, you must delete it and create a new customer managed configuration recorder with a new name.

You cannot change the name of a service-linked configuration recorder.

" + "documentation":"

The name of the configuration recorder.

For customer managed configuration recorders, Config automatically assigns the name of \"default\" when creating a configuration recorder if you do not specify a name at creation time.

For service-linked configuration recorders, Config automatically assigns a name that has the prefix \"AWSConfigurationRecorderFor\" to a new service-linked configuration recorder.

Changing the name of a configuration recorder

To change the name of the customer managed configuration recorder, you must delete it and create a new customer managed configuration recorder with a new name.

You cannot change the name of a service-linked configuration recorder.

" }, "roleARN":{ "shape":"String", @@ -2755,8 +2755,7 @@ "ConfigurationStateId":{"type":"string"}, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

For PutServiceLinkedConfigurationRecorder, you cannot create a service-linked recorder because a service-linked recorder already exists for the specified service.

For DeleteServiceLinkedConfigurationRecorder, you cannot delete the service-linked recorder because it is currently in use by the linked Amazon Web Services service.

For DeleteDeliveryChannel, you cannot delete the specified delivery channel because the customer managed configuration recorder is running. Use the StopConfigurationRecorder operation to stop the customer managed configuration recorder.

For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:

  • For service-linked configuration recorders, the configuration recorder is not in use by the service. No association or dissociation of resource types is permitted.

  • For service-linked configuration recorders, your requested change to the configuration recorder has been denied by its linked Amazon Web Services service.

", "exception":true }, @@ -3112,8 +3111,7 @@ }, "ConformancePackTemplateValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a template that is not valid or supported.

", "exception":true }, @@ -3240,8 +3238,7 @@ }, "DeleteEvaluationResultsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The output when you delete the evaluation results for the specified Config rule.

" }, "DeleteOrganizationConfigRuleRequest":{ @@ -3297,8 +3294,7 @@ }, "DeleteRemediationConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRemediationExceptionsRequest":{ "type":"structure", @@ -3392,8 +3388,7 @@ }, "DeleteStoredQueryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeliverConfigSnapshotRequest":{ "type":"structure", @@ -3810,7 +3805,7 @@ "members":{ "ConfigurationRecorderNames":{ "shape":"ConfigurationRecorderNameList", - "documentation":"

The name of the configuration recorder. If the name is not specified, the opertation returns the status for the customer managed configuration recorder configured for the account, if applicable.

When making a request to this operation, you can only specify one configuration recorder.

" + "documentation":"

The name of the configuration recorder. If the name is not specified, the operation returns the status for the customer managed configuration recorder configured for the account, if applicable.

When making a request to this operation, you can only specify one configuration recorder.

" }, "ServicePrincipal":{ "shape":"ServicePrincipal", @@ -3838,7 +3833,7 @@ "members":{ "ConfigurationRecorderNames":{ "shape":"ConfigurationRecorderNameList", - "documentation":"

A list of names of the configuration recorders that you want to specify.

" + "documentation":"

A list of names of the configuration recorders that you want to specify.

When making a request to this operation, you can only specify one configuration recorder.

" }, "ServicePrincipal":{ "shape":"ServicePrincipal", @@ -5198,7 +5193,7 @@ "members":{ "configurationItems":{ "shape":"ConfigurationItemList", - "documentation":"

A list that contains the configuration history of one or more resources.

" + "documentation":"

An array of ConfigurationItems Objects. Contatins the configuration history for one or more resources.

" }, "nextToken":{ "shape":"NextToken", @@ -5307,114 +5302,98 @@ "IncludeGlobalResourceTypes":{"type":"boolean"}, "InsufficientDeliveryPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Your Amazon S3 bucket policy does not allow Config to write to it.

", "exception":true }, "InsufficientPermissionsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

  • For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service-linked role.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:

    • You do not have permission to call IAM GetRole action or create a service-linked role.

    • You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.

  • For PutServiceLinkedConfigurationRecorder, a service-linked configuration recorder cannot be created because you do not have the following permissions: IAM CreateServiceLinkedRole.

", "exception":true }, "Integer":{"type":"integer"}, "InvalidConfigurationRecorderNameException":{ "type":"structure", - "members":{ - }, - "documentation":"

You have provided a name for the customer managed configuration recorder that is not valid.

", + "members":{}, + "documentation":"

The configuration recorder name is not valid. The prefix \"AWSConfigurationRecorderFor\" is reserved for service-linked configuration recorders.

", "exception":true }, "InvalidDeliveryChannelNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified delivery channel name is not valid.

", "exception":true }, "InvalidExpressionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The syntax of the query is incorrect.

", "exception":true }, "InvalidLimitException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified limit is outside the allowable range.

", "exception":true }, "InvalidNextTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified next token is not valid. Specify the nextToken string that was returned in the previous response to get the next page of results.

", "exception":true }, "InvalidParameterValueException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.

", "exception":true }, "InvalidRecordingGroupException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One of the following errors:

  • You have provided a combination of parameter values that is not valid. For example:

  • Every parameter is either null, false, or empty.

  • You have reached the limit of the number of resource types you can provide for the recording group.

  • You have provided resource types or a recording strategy that are not valid.

", "exception":true }, "InvalidResultTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ResultToken is not valid.

", "exception":true }, "InvalidRoleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used by the customer managed configuration recorder.

", "exception":true }, "InvalidS3KeyPrefixException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon S3 key prefix is not valid.

", "exception":true }, "InvalidS3KmsKeyArnException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon KMS Key ARN is not valid.

", "exception":true }, "InvalidSNSTopicARNException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon SNS topic does not exist.

", "exception":true }, "InvalidTimeRangeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified time range is not valid. The earlier time is not chronologically before the later time.

", "exception":true }, "LastDeliveryChannelDeleteFailedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot delete the delivery channel you specified because the customer managed configuration recorder is running.

", "exception":true }, @@ -5427,8 +5406,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

For PutServiceLinkedConfigurationRecorder API, this exception is thrown if the number of service-linked roles in the account exceeds the limit.

For StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress or if you call the StartConfigRulesEvaluation API more than once per minute.

For PutConfigurationAggregator API, this exception is thrown if the number of accounts and aggregators exceeds the limit.

", "exception":true }, @@ -5687,57 +5665,49 @@ "Long":{"type":"long"}, "MaxActiveResourcesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of active custom resource types in your account. There is a limit of 100,000. Delete unused resources using DeleteResourceConfig .

", "exception":true }, "MaxNumberOfConfigRulesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Failed to add the Config rule because the account already contains the maximum number of 1000 rules. Consider deleting any deactivated rules before you add new rules.

", "exception":true }, "MaxNumberOfConfigurationRecordersExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of configuration recorders you can create.

", "exception":true }, "MaxNumberOfConformancePacksExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.

", "exception":true }, "MaxNumberOfDeliveryChannelsExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of delivery channels you can create.

", "exception":true }, "MaxNumberOfOrganizationConfigRulesExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of organization Config rules you can create. For more information, see see Service Limits in the Config Developer Guide.

", "exception":true }, "MaxNumberOfOrganizationConformancePacksExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of organization conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.

", "exception":true }, "MaxNumberOfRetentionConfigurationsExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Failed to add the retention configuration because a retention configuration with that name already exists.

", "exception":true }, @@ -5818,121 +5788,104 @@ "NextToken":{"type":"string"}, "NoAvailableConfigurationRecorderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There are no customer managed configuration recorders available to record your resources. Use the PutConfigurationRecorder operation to create the customer managed configuration recorder.

", "exception":true }, "NoAvailableDeliveryChannelException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is no delivery channel available to record configurations.

", "exception":true }, "NoAvailableOrganizationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Organization is no longer available.

", "exception":true }, "NoRunningConfigurationRecorderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is no configuration recorder running.

", "exception":true }, "NoSuchBucketException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon S3 bucket does not exist.

", "exception":true }, "NoSuchConfigRuleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.

", "exception":true }, "NoSuchConfigRuleInConformancePackException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Config rule that you passed in the filter does not exist.

", "exception":true }, "NoSuchConfigurationAggregatorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a configuration aggregator that does not exist.

", "exception":true }, "NoSuchConfigurationRecorderException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a configuration recorder that does not exist.

", "exception":true }, "NoSuchConformancePackException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You specified one or more conformance packs that do not exist.

", "exception":true }, "NoSuchDeliveryChannelException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a delivery channel that does not exist.

", "exception":true }, "NoSuchOrganizationConfigRuleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.

", "exception":true }, "NoSuchOrganizationConformancePackException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Config organization conformance pack that you passed in the filter does not exist.

For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not exist.

", "exception":true }, "NoSuchRemediationConfigurationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You specified an Config rule without a remediation configuration.

", "exception":true }, "NoSuchRemediationExceptionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You tried to delete a remediation exception that does not exist.

", "exception":true }, "NoSuchRetentionConfigurationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a retention configuration that does not exist.

", "exception":true }, "OrderingTimestamp":{"type":"timestamp"}, "OrganizationAccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

For PutConfigurationAggregator API, you can see this exception for the following reasons:

  • No permission to call EnableAWSServiceAccess API

  • The configuration aggregator cannot be updated because your Amazon Web Services Organization management account or the delegated administrator role changed. Delete this aggregator and create a new one with the current Amazon Web Services Organization.

  • The configuration aggregator is associated with a previous Amazon Web Services Organization and Config cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a new one with the current Amazon Web Services Organization.

  • You are not a registered delegated administrator for Config with permissions to call ListDelegatedAdministrators API. Ensure that the management account registers delagated administrator for Config service principal name before the delegated administrator creates an aggregator.

For all OrganizationConfigRule and OrganizationConformancePack APIs, Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.

", "exception":true }, @@ -5957,8 +5910,7 @@ }, "OrganizationAllFeaturesNotEnabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Config resource cannot be created because your organization does not have all features enabled.

", "exception":true }, @@ -6203,8 +6155,7 @@ }, "OrganizationConformancePackTemplateValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a template that is not valid or supported.

", "exception":true }, @@ -6455,8 +6406,7 @@ }, "OversizedConfigurationItemException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The configuration item size is outside the allowable range.

", "exception":true }, @@ -6626,7 +6576,7 @@ }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.

You can use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and remediation action (AWS::Config::RemediationConfiguration).

" + "documentation":"

A string that contains the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.

You can use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and remediation action (AWS::Config::RemediationConfiguration).

" }, "DeliveryS3Bucket":{ "shape":"DeliveryS3Bucket", @@ -6714,8 +6664,7 @@ }, "PutExternalEvaluationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutOrganizationConfigRuleRequest":{ "type":"structure", @@ -6766,7 +6715,7 @@ }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

" + "documentation":"

A string that contains the full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

" }, "DeliveryS3Bucket":{ "shape":"DeliveryS3Bucket", @@ -6925,7 +6874,7 @@ }, "Name":{ "shape":"RecorderName", - "documentation":"

The name of the specified configuration recorder.

For service-linked configuration recorders, Config automatically assigns a name that has the prefix \"AWS\" to the new service-linked configuration recorder.

" + "documentation":"

The name of the specified configuration recorder.

For service-linked configuration recorders, Config automatically assigns a name that has the prefix \"AWSConfigurationRecorderFor\" to the new service-linked configuration recorder.

" } } }, @@ -7277,7 +7226,8 @@ "QUEUED", "IN_PROGRESS", "SUCCEEDED", - "FAILED" + "FAILED", + "UNKNOWN" ] }, "RemediationExecutionStatus":{ @@ -7338,7 +7288,10 @@ "enum":[ "SUCCEEDED", "PENDING", - "FAILED" + "FAILED", + "IN_PROGRESS", + "EXITED", + "UNKNOWN" ] }, "RemediationExecutionSteps":{ @@ -7347,8 +7300,7 @@ }, "RemediationInProgressException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Remediation action is in progress. You can either cancel execution in Amazon Web Services Systems Manager or wait and try again later.

", "exception":true }, @@ -7585,8 +7537,7 @@ }, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You see this exception in the following cases:

  • For DeleteConfigRule, Config is deleting this rule. Try your request again later.

  • For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.

  • For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.

  • For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again later.

  • For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request again later.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

  • For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

", "exception":true }, @@ -7617,15 +7568,13 @@ "ResourceName":{"type":"string"}, "ResourceNotDiscoveredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a resource that is either unknown or has not been discovered.

", "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have specified a resource that does not exist.

", "exception":true }, @@ -8038,7 +7987,42 @@ "AWS::RDS::OptionGroup", "AWS::Redshift::EndpointAccess", "AWS::Route53Resolver::FirewallRuleGroup", - "AWS::SSM::Document" + "AWS::SSM::Document", + "AWS::AppConfig::ExtensionAssociation", + "AWS::AppIntegrations::Application", + "AWS::AppSync::ApiCache", + "AWS::Bedrock::Guardrail", + "AWS::Bedrock::KnowledgeBase", + "AWS::Cognito::IdentityPool", + "AWS::Connect::Rule", + "AWS::Connect::User", + "AWS::EC2::ClientVpnTargetNetworkAssociation", + "AWS::EC2::EIPAssociation", + "AWS::EC2::IPAMResourceDiscovery", + "AWS::EC2::IPAMResourceDiscoveryAssociation", + "AWS::EC2::InstanceConnectEndpoint", + "AWS::EC2::SnapshotBlockPublicAccess", + "AWS::EC2::VPCBlockPublicAccessExclusion", + "AWS::EC2::VPCBlockPublicAccessOptions", + "AWS::EC2::VPCEndpointConnectionNotification", + "AWS::EC2::VPNConnectionRoute", + "AWS::Evidently::Segment", + "AWS::IAM::OIDCProvider", + "AWS::InspectorV2::Activation", + "AWS::MSK::ClusterPolicy", + "AWS::MSK::VpcConnection", + "AWS::MediaConnect::Gateway", + "AWS::MemoryDB::SubnetGroup", + "AWS::OpenSearchServerless::Collection", + "AWS::OpenSearchServerless::VpcEndpoint", + "AWS::Redshift::EndpointAuthorization", + "AWS::Route53Profiles::Profile", + "AWS::S3::StorageLensGroup", + "AWS::S3Express::BucketPolicy", + "AWS::S3Express::DirectoryBucket", + "AWS::SageMaker::InferenceExperiment", + "AWS::SecurityHub::Standard", + "AWS::Transfer::Profile" ] }, "ResourceTypeList":{ @@ -8354,8 +8338,7 @@ }, "StartConfigRulesEvaluationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The output when you start the evaluation for the specified Config rule.

" }, "StartConfigurationRecorderRequest":{ @@ -8416,7 +8399,7 @@ }, "EvaluationMode":{ "shape":"EvaluationMode", - "documentation":"

The mode of an evaluation. The valid values for this API are DETECTIVE and PROACTIVE.

" + "documentation":"

The mode of an evaluation.

The only valid value for this API is PROACTIVE.

" }, "EvaluationTimeout":{ "shape":"EvaluationTimeout", @@ -8690,15 +8673,13 @@ }, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit of the number of tags you can use. For more information, see Service Limits in the Config Developer Guide.

", "exception":true }, "UnmodifiableEntityException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested operation is not valid.

For PutConfigurationRecorder, you will see this exception because you cannot use this operation to create a service-linked configuration recorder. Use the PutServiceLinkedConfigurationRecorder operation to create a service-linked configuration recorder.

For DeleteConfigurationRecorder, you will see this exception because you cannot use this operation to delete a service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.

For StartConfigurationRecorder and StopConfigurationRecorder, you will see this exception because these operations do not affect service-linked configuration recorders. Service-linked configuration recorders are always recording. To stop recording, you must delete the service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.

", "exception":true }, @@ -8725,8 +8706,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested operation is not valid. You will see this exception if there are missing required fields or if the input value fails the validation.

For PutStoredQuery, one of the following errors:

  • There are missing required fields.

  • The input value fails the validation.

  • You are trying to create more than 300 queries.

For DescribeConfigurationRecorders and DescribeConfigurationRecorderStatus, one of the following errors:

  • You have specified more than one configuration recorder.

  • You have provided a service principal for service-linked configuration recorder that is not valid.

For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:

  • Your configuraiton recorder has a recording strategy that does not allow the association or disassociation of resource types.

  • One or more of the specified resource types are already associated or disassociated with the configuration recorder.

  • For service-linked configuration recorders, the configuration recorder does not record one or more of the specified resource types.

", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/connect/2017-08-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connect/2017-08-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connect/2017-08-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connect/2017-08-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connect/2017-08-08/paginators-1.json 2.31.35-1/awscli/botocore/data/connect/2017-08-08/paginators-1.json --- 2.23.6-1/awscli/botocore/data/connect/2017-08-08/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connect/2017-08-08/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -435,6 +435,16 @@ ], "output_token": "NextToken", "result_key": "HoursOfOperationOverrides" + }, + "ListRoutingProfileManualAssignmentQueues": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "non_aggregate_keys": [ + "LastModifiedRegion", + "LastModifiedTime" + ], + "output_token": "NextToken", + "result_key": "RoutingProfileManualAssignmentQueueConfigSummaryList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/connect/2017-08-08/service-2.json 2.31.35-1/awscli/botocore/data/connect/2017-08-08/service-2.json --- 2.23.6-1/awscli/botocore/data/connect/2017-08-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connect/2017-08-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -85,6 +85,24 @@ ], "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Allows the specified Amazon Connect instance to access the specified Amazon Lex or Amazon Lex V2 bot.

" }, + "AssociateContactWithUser":{ + "name":"AssociateContactWithUser", + "http":{ + "method":"POST", + "requestUri":"/contacts/{InstanceId}/{ContactId}/associate-user" + }, + "input":{"shape":"AssociateContactWithUserRequest"}, + "output":{"shape":"AssociateContactWithUserResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Associates a queued contact with an agent.

Use cases

Following are common uses cases for this API:

  • Programmatically assign queued contacts to available users.

  • Leverage the IAM context key connect:PreferredUserArn to restrict contact association to specific preferred user.

Important things to know

  • Use this API with chat, email, and task contacts. It does not support voice contacts.

  • Use it to associate contacts with users regardless of their current state, including custom states. Ensure your application logic accounts for user availability before making associations.

  • It honors the IAM context key connect:PreferredUserArn to prevent unauthorized contact associations.

  • It respects the IAM context key connect:PreferredUserArn to enforce authorization controls and prevent unauthorized contact associations. Verify that your IAM policies are properly configured to support your intended use cases.

  • The service quota Queues per routing profile per instance applies to manually assigned queues, too. For more information about this quota, see Amazon Connect quotas in the Amazon Connect Administrator Guide.

Endpoints: See Amazon Connect endpoints and quotas.

" + }, "AssociateDefaultVocabulary":{ "name":"AssociateDefaultVocabulary", "http":{ @@ -102,6 +120,26 @@ ], "documentation":"

Associates an existing vocabulary as the default. Contact Lens for Amazon Connect uses the vocabulary in post-call and real-time analysis sessions for the given language.

" }, + "AssociateEmailAddressAlias":{ + "name":"AssociateEmailAddressAlias", + "http":{ + "method":"POST", + "requestUri":"/email-addresses/{InstanceId}/{EmailAddressId}/associate-alias" + }, + "input":{"shape":"AssociateEmailAddressAliasRequest"}, + "output":{"shape":"AssociateEmailAddressAliasResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceConflictException"}, + {"shape":"IdempotencyException"} + ], + "documentation":"

Associates an email address alias with an existing email address in an Amazon Connect instance. This creates a forwarding relationship where emails sent to the alias email address are automatically forwarded to the primary email address.

Use cases

Following are common uses cases for this API:

  • Unified customer support: Create multiple entry points (for example, support@example.com, help@example.com, customercare@example.com) that all forward to a single agent queue for streamlined management.

  • Department consolidation: Forward emails from legacy department addresses (for example, sales@example.com, info@example.com) to a centralized customer service email during organizational restructuring.

  • Brand management: Enable you to use familiar brand-specific email addresses that forward to the appropriate Amazon Connect instance email address.

Important things to know

  • Each email address can have a maximum of one alias. You cannot create multiple aliases for the same email address.

  • If the alias email address already receives direct emails, it continues to receive direct emails plus forwarded emails.

  • You cannot chain email aliases together (that is, create an alias of an alias).

AssociateEmailAddressAlias does not return the following information:

  • A confirmation of the alias relationship details (you must call DescribeEmailAddress to verify).

  • The timestamp of when the association occurred.

  • The status of the forwarding configuration.

Endpoints: See Amazon Connect endpoints and quotas.

Related operations

" + }, "AssociateFlow":{ "name":"AssociateFlow", "http":{ @@ -205,7 +243,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Associates a set of quick connects with a queue.

" + "documentation":"

Associates a set of quick connects with a queue.

" }, "AssociateRoutingProfileQueues":{ "name":"AssociateRoutingProfileQueues", @@ -417,7 +455,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Creates an agent status for the specified Amazon Connect instance.

" + "documentation":"

Creates an agent status for the specified Amazon Connect instance.

" }, "CreateContact":{ "name":"CreateContact", @@ -438,7 +476,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a new contact.

" + "documentation":"

Only the VOICE, EMAIL, and TASK channels are supported.

  • For VOICE: The supported initiation method is TRANSFER. The contacts created with this initiation method have a subtype connect:ExternalAudio.

  • For EMAIL: The supported initiation methods are OUTBOUND, AGENT_REPLY, and FLOW.

  • For TASK: The supported initiation method is API. Contacts created with this API have a sub-type of connect:ExternalTask.

Creates a new VOICE, EMAIL, or TASK contact.

After a contact is created, you can move it to the desired state by using the InitiateAs parameter. While you can use API to create task contacts that are in the COMPLETED state, you must contact Amazon Web Services Support before using it for bulk import use cases. Bulk import causes your requests to be throttled or fail if your CreateContact limits aren't high enough.

" }, "CreateContactFlow":{ "name":"CreateContactFlow", @@ -559,7 +597,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Creates hours of operation.

" + "documentation":"

Creates hours of operation.

" }, "CreateHoursOfOperationOverride":{ "name":"CreateHoursOfOperationOverride", @@ -578,7 +616,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Creates an hours of operation override in an Amazon Connect hours of operation resource

" + "documentation":"

Creates an hours of operation override in an Amazon Connect hours of operation resource.

" }, "CreateInstance":{ "name":"CreateInstance", @@ -627,9 +665,10 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServiceException"}, {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"} ], - "documentation":"

Adds a new participant into an on-going chat contact. For more information, see Customize chat flow experiences by integrating custom participants.

" + "documentation":"

Adds a new participant into an on-going chat contact or webRTC call. For more information, see Customize chat flow experiences by integrating custom participants or Enable multi-user web, in-app, and video calling.

" }, "CreatePersistentContactAssociation":{ "name":"CreatePersistentContactAssociation", @@ -665,7 +704,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Creates a new predefined attribute for the specified Amazon Connect instance. Predefined attributes are attributes in an Amazon Connect instance that can be used to route contacts to an agent or pools of agents within a queue. For more information, see Create predefined attributes for routing contacts to agents.

" + "documentation":"

Creates a new predefined attribute for the specified Amazon Connect instance. A predefined attribute is made up of a name and a value.

For the predefined attributes per instance quota, see Amazon Connect quotas.

Use cases

Following are common uses cases for this API:

  • Create an attribute for routing proficiency (for example, agent certification) that has predefined values (for example, a list of possible certifications). For more information, see Create predefined attributes for routing contacts to agents.

  • Create an attribute for business unit name that has a list of predefined business unit names used in your organization. This is a use case where information for a contact varies between transfers or conferences. For more information, see Use contact segment attributes.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "CreatePrompt":{ "name":"CreatePrompt", @@ -870,7 +909,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Creates a user account for the specified Amazon Connect instance.

Certain UserIdentityInfo parameters are required in some situations. For example, Email is required if you are using SAML for identity management. FirstName and LastName are required if you are using Amazon Connect or SAML for identity management.

For information about how to create users using the Amazon Connect admin website, see Add Users in the Amazon Connect Administrator Guide.

" + "documentation":"

Creates a user account for the specified Amazon Connect instance.

Certain UserIdentityInfo parameters are required in some situations. For example, Email, FirstName and LastName are required if you are using Amazon Connect or SAML for identity management.

For information about how to create users using the Amazon Connect admin website, see Add Users in the Amazon Connect Administrator Guide.

" }, "CreateUserHierarchyGroup":{ "name":"CreateUserHierarchyGroup", @@ -1108,7 +1147,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Deletes an hours of operation.

" + "documentation":"

Deletes an hours of operation.

" }, "DeleteHoursOfOperationOverride":{ "name":"DeleteHoursOfOperationOverride", @@ -1124,7 +1163,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Deletes an hours of operation override in an Amazon Connect hours of operation resource

" + "documentation":"

Deletes an hours of operation override in an Amazon Connect hours of operation resource.

" }, "DeleteInstance":{ "name":"DeleteInstance", @@ -1443,7 +1482,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Describes an agent status.

" + "documentation":"

Describes an agent status.

" }, "DescribeAuthenticationProfile":{ "name":"DescribeAuthenticationProfile", @@ -1477,7 +1516,7 @@ {"shape":"InternalServiceException"}, {"shape":"ThrottlingException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Describes the specified contact.

Contact information remains available in Amazon Connect for 24 months from the InitiationTimestamp, and then it is deleted. Only contact information that is available in Amazon Connect is returned by this API

" + "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Describes the specified contact.

Use cases

Following are common uses cases for this API:

  • Retrieve contact information such as the caller's phone number and the specific number the caller dialed to integrate into custom monitoring or custom agent experience solutions.

  • Detect when a customer chat session disconnects due to a network issue on the agent's end. Use the DisconnectReason field in the ContactTraceRecord to detect this event and then re-queue the chat for followup.

  • Identify after contact work (ACW) duration and call recordings information when a COMPLETED event is received by using the contact event stream.

Important things to know

  • SystemEndpoint is not populated for contacts with initiation method of MONITOR, QUEUE_TRANSFER, or CALLBACK

  • Contact information remains available in Amazon Connect for 24 months from the InitiationTimestamp, and then it is deleted. Only contact information that is available in Amazon Connect is returned by this API.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "DescribeContactEvaluation":{ "name":"DescribeContactEvaluation", @@ -1580,7 +1619,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Describes the hours of operation.

" + "documentation":"

Describes the hours of operation.

" }, "DescribeHoursOfOperationOverride":{ "name":"DescribeHoursOfOperationOverride", @@ -1680,7 +1719,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Describes a predefined attribute for the specified Amazon Connect instance. Predefined attributes are attributes in an Amazon Connect instance that can be used to route contacts to an agent or pools of agents within a queue. For more information, see Create predefined attributes for routing contacts to agents.

" + "documentation":"

Describes a predefined attribute for the specified Amazon Connect instance. A predefined attribute is made up of a name and a value. You can use predefined attributes for:

For the predefined attributes per instance quota, see Amazon Connect quotas.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "DescribePrompt":{ "name":"DescribePrompt", @@ -1714,7 +1753,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Describes the specified queue.

" + "documentation":"

Describes the specified queue.

" }, "DescribeQuickConnect":{ "name":"DescribeQuickConnect", @@ -1748,7 +1787,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Describes the specified routing profile.

" + "documentation":"

Describes the specified routing profile.

DescribeRoutingProfile does not populate AssociatedQueueIds in its response. The example Response Syntax shown on this page is incorrect; we are working to update it. SearchRoutingProfiles does include AssociatedQueueIds.

" }, "DescribeRule":{ "name":"DescribeRule", @@ -1934,6 +1973,25 @@ ], "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Revokes authorization from the specified instance to access the specified Amazon Lex or Amazon Lex V2 bot.

" }, + "DisassociateEmailAddressAlias":{ + "name":"DisassociateEmailAddressAlias", + "http":{ + "method":"POST", + "requestUri":"/email-addresses/{InstanceId}/{EmailAddressId}/disassociate-alias" + }, + "input":{"shape":"DisassociateEmailAddressAliasRequest"}, + "output":{"shape":"DisassociateEmailAddressAliasResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceConflictException"} + ], + "documentation":"

Removes the alias association between two email addresses in an Amazon Connect instance. After disassociation, emails sent to the former alias email address are no longer forwarded to the primary email address. Both email addresses continue to exist independently and can receive emails directly.

Use cases

Following are common uses cases for this API:

  • Department separation: Remove alias relationships when splitting a consolidated support queue back into separate department-specific queues.

  • Email address retirement: Cleanly remove forwarding relationships before decommissioning old email addresses.

  • Organizational restructuring: Reconfigure email routing when business processes change and aliases are no longer needed.

Important things to know

  • Concurrent operations: This API uses distributed locking, so concurrent operations on the same email addresses may be temporarily blocked.

  • Emails sent to the former alias address are still delivered directly to that address if it exists.

  • You do not need to delete the email addresses after disassociation. Both addresses remain active independently.

  • After a successful disassociation, you can immediately create a new alias relationship with the same addresses.

  • 200 status means alias was successfully disassociated.

DisassociateEmailAddressAlias does not return the following information:

  • Details in the response about the email that was disassociated. The response returns an empty body.

  • The timestamp of when the disassociation occurred.

Endpoints: See Amazon Connect endpoints and quotas.

Related operations

" + }, "DisassociateFlow":{ "name":"DisassociateFlow", "http":{ @@ -2030,7 +2088,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Disassociates a set of quick connects from a queue.

" + "documentation":"

Disassociates a set of quick connects from a queue.

" }, "DisassociateRoutingProfileQueues":{ "name":"DisassociateRoutingProfileQueues", @@ -2046,7 +2104,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Disassociates a set of queues from a routing profile.

" + "documentation":"

Disassociates a set of queues from a routing profile.

Up to 10 queue references can be disassociated in a single API call. More than 10 queue references results in a single call results in an InvalidParameterException.

" }, "DisassociateSecurityKey":{ "name":"DisassociateSecurityKey", @@ -2149,6 +2207,24 @@ ], "documentation":"

Retrieves the contact attributes for the specified contact.

" }, + "GetContactMetrics":{ + "name":"GetContactMetrics", + "http":{ + "method":"POST", + "requestUri":"/metrics/contact" + }, + "input":{"shape":"GetContactMetricsRequest"}, + "output":{"shape":"GetContactMetricsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Retrieves the position of the contact in the queue.

Use cases

Following are common uses cases for position in queue:

  • Understand the expected wait experience of a contact.

  • Inform customers of their position in queue and potentially offer a callback.

  • Make data-driven routing decisions between primary and alternative queues.

  • Enhance queue visibility and leverage agent proficiencies to streamline contact routing.

Important things to know

  • The only way to retrieve the position of the contact in queue is by using this API. You can't retrieve the position by using flows and attributes.

  • For more information, see the Position in queue metric in the Amazon Connect Administrator Guide.

Endpoints: See Amazon Connect endpoints and quotas.

" + }, "GetCurrentMetricData":{ "name":"GetCurrentMetricData", "http":{ @@ -2164,7 +2240,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets the real-time metric data from the specified Amazon Connect instance.

For a description of each metric, see Real-time Metrics Definitions in the Amazon Connect Administrator Guide.

" + "documentation":"

Gets the real-time metric data from the specified Amazon Connect instance.

For a description of each metric, see Metrics definitions in the Amazon Connect Administrator Guide.

When you make a successful API request, you can expect the following metric values in the response:

  1. Metric value is null: The calculation cannot be performed due to divide by zero or insufficient data

  2. Metric value is a number (including 0) of defined type: The number provided is the calculation result

  3. MetricResult list is empty: The request cannot find any data in the system

The following guidelines can help you work with the API:

  • Each dimension in the metric response must contain a value

  • Each item in MetricResult must include all requested metrics

  • If the response is slow due to large result sets, try these approaches:

    • Add filters to reduce the amount of data returned

" }, "GetCurrentUserData":{ "name":"GetCurrentUserData", @@ -2251,7 +2327,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets historical metric data from the specified Amazon Connect instance.

For a description of each historical metric, see Historical Metrics Definitions in the Amazon Connect Administrator Guide.

We recommend using the GetMetricDataV2 API. It provides more flexibility, features, and the ability to query longer time ranges than GetMetricData. Use it to retrieve historical agent and contact metrics for the last 3 months, at varying intervals. You can also use it to build custom dashboards to measure historical queue and agent performance. For example, you can track the number of incoming contacts for the last 7 days, with data split by day, to see how contact volume changed per day of the week.

" + "documentation":"

Gets historical metric data from the specified Amazon Connect instance.

For a description of each historical metric, see Metrics definitions in the Amazon Connect Administrator Guide.

We recommend using the GetMetricDataV2 API. It provides more flexibility, features, and the ability to query longer time ranges than GetMetricData. Use it to retrieve historical agent and contact metrics for the last 3 months, at varying intervals. You can also use it to build custom dashboards to measure historical queue and agent performance. For example, you can track the number of incoming contacts for the last 7 days, with data split by day, to see how contact volume changed per day of the week.

" }, "GetMetricDataV2":{ "name":"GetMetricDataV2", @@ -2268,7 +2344,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets metric data from the specified Amazon Connect instance.

GetMetricDataV2 offers more features than GetMetricData, the previous version of this API. It has new metrics, offers filtering at a metric level, and offers the ability to filter and group data by channels, queues, routing profiles, agents, and agent hierarchy levels. It can retrieve historical data for the last 3 months, at varying intervals. It does not support agent queues.

For a description of the historical metrics that are supported by GetMetricDataV2 and GetMetricData, see Historical metrics definitions in the Amazon Connect Administrator Guide.

" + "documentation":"

Gets metric data from the specified Amazon Connect instance.

GetMetricDataV2 offers more features than GetMetricData, the previous version of this API. It has new metrics, offers filtering at a metric level, and offers the ability to filter and group data by channels, queues, routing profiles, agents, and agent hierarchy levels. It can retrieve historical data for the last 3 months, at varying intervals. It does not support agent queues.

For a description of the historical metrics that are supported by GetMetricDataV2 and GetMetricData, see Metrics definitions in the Amazon Connect Administrator Guide.

When you make a successful API request, you can expect the following metric values in the response:

  1. Metric value is null: The calculation cannot be performed due to divide by zero or insufficient data

  2. Metric value is a number (including 0) of defined type: The number provided is the calculation result

  3. MetricResult list is empty: The request cannot find any data in the system

The following guidelines can help you work with the API:

  • Each dimension in the metric response must contain a value

  • Each item in MetricResult must include all requested metrics

  • If the response is slow due to large result sets, try these approaches:

    • Narrow the time range of your request

    • Add filters to reduce the amount of data returned

" }, "GetPromptFile":{ "name":"GetPromptFile", @@ -2354,7 +2430,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Lists agent statuses.

" + "documentation":"

Lists agent statuses.

" }, "ListAnalyticsDataAssociations":{ "name":"ListAnalyticsDataAssociations", @@ -2373,6 +2449,23 @@ ], "documentation":"

Lists the association status of requested dataset ID for a given Amazon Connect instance.

" }, + "ListAnalyticsDataLakeDataSets":{ + "name":"ListAnalyticsDataLakeDataSets", + "http":{ + "method":"GET", + "requestUri":"/analytics-data/instance/{InstanceId}/datasets" + }, + "input":{"shape":"ListAnalyticsDataLakeDataSetsRequest"}, + "output":{"shape":"ListAnalyticsDataLakeDataSetsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Lists the data lake datasets available to associate with for a given Amazon Connect instance.

" + }, "ListApprovedOrigins":{ "name":"ListApprovedOrigins", "http":{ @@ -2773,7 +2866,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Lists predefined attributes for the specified Amazon Connect instance. Predefined attributes are attributes in an Amazon Connect instance that can be used to route contacts to an agent or pools of agents within a queue. For more information, see Create predefined attributes for routing contacts to agents.

" + "documentation":"

Lists predefined attributes for the specified Amazon Connect instance. A predefined attribute is made up of a name and a value. You can use predefined attributes for:

For the predefined attributes per instance quota, see Amazon Connect quotas.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "ListPrompts":{ "name":"ListPrompts", @@ -2807,7 +2900,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Lists the quick connects associated with a queue.

" + "documentation":"

Lists the quick connects associated with a queue.

" }, "ListQueues":{ "name":"ListQueues", @@ -2859,7 +2952,24 @@ {"shape":"InternalServiceException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Provides a list of analysis segments for a real-time analysis session.

" + "documentation":"

Provides a list of analysis segments for a real-time chat analysis session. This API supports CHAT channels only.

This API does not support VOICE. If you attempt to use it for VOICE, an InvalidRequestException occurs.

" + }, + "ListRoutingProfileManualAssignmentQueues":{ + "name":"ListRoutingProfileManualAssignmentQueues", + "http":{ + "method":"GET", + "requestUri":"/routing-profiles/{InstanceId}/{RoutingProfileId}/manual-assignment-queues" + }, + "input":{"shape":"ListRoutingProfileManualAssignmentQueuesRequest"}, + "output":{"shape":"ListRoutingProfileManualAssignmentQueuesResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Lists the manual assignment queues associated with a routing profile.

Use cases

Following are common uses cases for this API:

  • This API returns list of queues where contacts can be manually assigned or picked by an agent who has access to the Worklist app. The user can additionally filter on queues, if they have access to those queues (otherwise a invalid request exception will be thrown).

    For information about how manual contact assignment works in the agent workspace, see the Access the Worklist app in the Amazon Connect agent workspace in the Amazon Connect Administrator Guide.

Important things to know

  • This API only returns the manual assignment queues associated with a routing profile. Use the ListRoutingProfileQueues API to list the auto assignment queues for the routing profile.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "ListRoutingProfileQueues":{ "name":"ListRoutingProfileQueues", @@ -3312,6 +3422,23 @@ ], "documentation":"

Searches for available phone numbers that you can claim to your Amazon Connect instance or traffic distribution group. If the provided TargetArn is a traffic distribution group, you can call this API in both Amazon Web Services Regions associated with the traffic distribution group.

" }, + "SearchContactEvaluations":{ + "name":"SearchContactEvaluations", + "http":{ + "method":"POST", + "requestUri":"/search-contact-evaluations" + }, + "input":{"shape":"SearchContactEvaluationsRequest"}, + "output":{"shape":"SearchContactEvaluationsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Searches contact evaluations in an Amazon Connect instance, with optional filtering.

Use cases

Following are common uses cases for this API:

  • Find contact evaluations by using specific search criteria.

  • Find contact evaluations that are tagged with a specific set of tags.

Important things to know

  • A Search operation, unlike a List operation, takes time to index changes to resource (create, update or delete). If you don't see updated information for recently changed contact evaluations, try calling the API again in a few seconds. Contact Evaluations may not be fully backfilled with historical data in all regions yet, however all recently created Contact Evaluations should be available for search.

Endpoints: See Amazon Connect endpoints and quotas.

" + }, "SearchContactFlowModules":{ "name":"SearchContactFlowModules", "http":{ @@ -3381,6 +3508,23 @@ ], "documentation":"

Searches email address in an instance, with optional filtering.

" }, + "SearchEvaluationForms":{ + "name":"SearchEvaluationForms", + "http":{ + "method":"POST", + "requestUri":"/search-evaluation-forms" + }, + "input":{"shape":"SearchEvaluationFormsRequest"}, + "output":{"shape":"SearchEvaluationFormsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"

Searches evaluation forms in an Amazon Connect instance, with optional filtering.

Use cases

Following are common uses cases for this API:

  • List all evaluation forms in an instance.

  • Find all evaluation forms that meet specific criteria, such as Title, Description, Status, and more.

  • Find all evaluation forms that are tagged with a specific set of tags.

Important things to know

  • A Search operation, unlike a List operation, takes time to index changes to resource (create, update or delete). If you don't see updated information for recently changed contact evaluations, try calling the API again in a few seconds.

Endpoints: See Amazon Connect endpoints and quotas.

" + }, "SearchHoursOfOperationOverrides":{ "name":"SearchHoursOfOperationOverrides", "http":{ @@ -3430,7 +3574,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Searches predefined attributes that meet certain criteria. Predefined attributes are attributes in an Amazon Connect instance that can be used to route contacts to an agent or pools of agents within a queue. For more information, see Create predefined attributes for routing contacts to agents.

" + "documentation":"

Searches predefined attributes that meet certain criteria. A predefined attribute is made up of a name and a value. You can use predefined attributes for:

For the predefined attributes per instance quota, see Amazon Connect quotas.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "SearchPrompts":{ "name":"SearchPrompts", @@ -3516,7 +3660,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Searches routing profiles in an Amazon Connect instance, with optional filtering.

" + "documentation":"

Searches routing profiles in an Amazon Connect instance, with optional filtering.

SearchRoutingProfiles does not populate LastModifiedRegion, LastModifiedTime, MediaConcurrencies.CrossChannelBehavior, and AgentAvailabilityTimer in its response, but DescribeRoutingProfile does.

" }, "SearchSecurityProfiles":{ "name":"SearchSecurityProfiles", @@ -3915,7 +4059,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

When a contact is being recorded, this API suspends recording whatever is selected in the flow configuration: call, screen, or both. If only call recording or only screen recording is enabled, then it would be suspended. For example, you might suspend the screen recording while collecting sensitive information, such as a credit card number. Then use ResumeContactRecording to restart recording the screen.

The period of time that the recording is suspended is filled with silence in the final recording.

Voice and screen recordings are supported.

" + "documentation":"

When a contact is being recorded, this API suspends recording whatever is selected in the flow configuration: call (IVR or agent), screen, or both. If only call recording or only screen recording is enabled, then it would be suspended. For example, you might suspend the screen recording while collecting sensitive information, such as a credit card number. Then use ResumeContactRecording to restart recording the screen.

The period of time that the recording is suspended is filled with silence in the final recording.

Voice (IVR, agent) and screen recordings are supported.

" }, "TagContact":{ "name":"TagContact", @@ -3968,7 +4112,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Transfers contacts from one agent or queue to another agent or queue at any point after a contact is created. You can transfer a contact to another queue by providing the flow which orchestrates the contact to the destination queue. This gives you more control over contact handling and helps you adhere to the service level agreement (SLA) guaranteed to your customers.

Note the following requirements:

  • Transfer is supported for only TASK contacts.

  • Do not use both QueueId and UserId in the same call.

  • The following flow types are supported: Inbound flow, Transfer to agent flow, and Transfer to queue flow.

  • The TransferContact API can be called only on active contacts.

  • A contact cannot be transferred more than 11 times.

" + "documentation":"

Transfers TASK or EMAIL contacts from one agent or queue to another agent or queue at any point after a contact is created. You can transfer a contact to another queue by providing the flow which orchestrates the contact to the destination queue. This gives you more control over contact handling and helps you adhere to the service level agreement (SLA) guaranteed to your customers.

Note the following requirements:

  • Transfer is only supported for TASK and EMAIL contacts.

  • Do not use both QueueId and UserId in the same call.

  • The following flow types are supported: Inbound flow, Transfer to agent flow, and Transfer to queue flow.

  • The TransferContact API can be called only on active contacts.

  • A contact cannot be transferred more than 11 times.

" }, "UntagContact":{ "name":"UntagContact", @@ -4020,7 +4164,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates agent status.

" + "documentation":"

Updates agent status.

" }, "UpdateAuthenticationProfile":{ "name":"UpdateAuthenticationProfile", @@ -4270,7 +4414,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the hours of operation.

" + "documentation":"

Updates the hours of operation.

" }, "UpdateHoursOfOperationOverride":{ "name":"UpdateHoursOfOperationOverride", @@ -4410,7 +4554,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Updates a predefined attribute for the specified Amazon Connect instance. Predefined attributes are attributes in an Amazon Connect instance that can be used to route contacts to an agent or pools of agents within a queue. For more information, see Create predefined attributes for routing contacts to agents.

" + "documentation":"

Updates a predefined attribute for the specified Amazon Connect instance. A predefined attribute is made up of a name and a value.

For the predefined attributes per instance quota, see Amazon Connect quotas.

Use cases

Following are common uses cases for this API:

  • Update routing proficiency (for example, agent certification) that has predefined values (for example, a list of possible certifications). For more information, see Create predefined attributes for routing contacts to agents.

  • Update an attribute for business unit name that has a list of predefined business unit names used in your organization. This is a use case where information for a contact varies between transfers or conferences. For more information, see Use contact segment attributes.

Endpoints: See Amazon Connect endpoints and quotas.

" }, "UpdatePrompt":{ "name":"UpdatePrompt", @@ -4443,7 +4587,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the hours of operation for the specified queue.

" + "documentation":"

Updates the hours of operation for the specified queue.

" }, "UpdateQueueMaxContacts":{ "name":"UpdateQueueMaxContacts", @@ -4459,7 +4603,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the maximum number of contacts allowed in a queue before it is considered full.

" + "documentation":"

Updates the maximum number of contacts allowed in a queue before it is considered full.

" }, "UpdateQueueName":{ "name":"UpdateQueueName", @@ -4476,7 +4620,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the name and description of a queue. At least Name or Description must be provided.

" + "documentation":"

Updates the name and description of a queue. At least Name or Description must be provided.

" }, "UpdateQueueOutboundCallerConfig":{ "name":"UpdateQueueOutboundCallerConfig", @@ -4492,7 +4636,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the outbound caller ID name, number, and outbound whisper flow for a specified queue.

  • If the phone number is claimed to a traffic distribution group that was created in the same Region as the Amazon Connect instance where you are calling this API, then you can use a full phone number ARN or a UUID for OutboundCallerIdNumberId. However, if the phone number is claimed to a traffic distribution group that is in one Region, and you are calling this API from an instance in another Amazon Web Services Region that is associated with the traffic distribution group, you must provide a full phone number ARN. If a UUID is provided in this scenario, you will receive a ResourceNotFoundException.

  • Only use the phone number ARN format that doesn't contain instance in the path, for example, arn:aws:connect:us-east-1:1234567890:phone-number/uuid. This is the same ARN format that is returned when you call the ListPhoneNumbersV2 API.

  • If you plan to use IAM policies to allow/deny access to this API for phone number resources claimed to a traffic distribution group, see Allow or Deny queue API actions for phone numbers in a replica Region.

" + "documentation":"

Updates the outbound caller ID name, number, and outbound whisper flow for a specified queue.

  • If the phone number is claimed to a traffic distribution group that was created in the same Region as the Amazon Connect instance where you are calling this API, then you can use a full phone number ARN or a UUID for OutboundCallerIdNumberId. However, if the phone number is claimed to a traffic distribution group that is in one Region, and you are calling this API from an instance in another Amazon Web Services Region that is associated with the traffic distribution group, you must provide a full phone number ARN. If a UUID is provided in this scenario, you will receive a ResourceNotFoundException.

  • Only use the phone number ARN format that doesn't contain instance in the path, for example, arn:aws:connect:us-east-1:1234567890:phone-number/uuid. This is the same ARN format that is returned when you call the ListPhoneNumbersV2 API.

  • If you plan to use IAM policies to allow/deny access to this API for phone number resources claimed to a traffic distribution group, see Allow or Deny queue API actions for phone numbers in a replica Region.

" }, "UpdateQueueOutboundEmailConfig":{ "name":"UpdateQueueOutboundEmailConfig", @@ -4526,7 +4670,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Updates the status of the queue.

" + "documentation":"

Updates the status of the queue.

" }, "UpdateQuickConnectConfig":{ "name":"UpdateQuickConnectConfig", @@ -4708,7 +4852,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"

Updates the traffic distribution for a given traffic distribution group.

The SignInConfig distribution is available only on a default TrafficDistributionGroup (see the IsDefault parameter in the TrafficDistributionGroup data type). If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.

For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.

" + "documentation":"

Updates the traffic distribution for a given traffic distribution group.

When you shift telephony traffic, also shift agents and/or agent sign-ins to ensure they can handle the calls in the other Region. If you don't shift the agents, voice calls will go to the shifted Region but there won't be any agents available to receive the calls.

The SignInConfig distribution is available only on a default TrafficDistributionGroup (see the IsDefault parameter in the TrafficDistributionGroup data type). If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.

For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.

" }, "UpdateUserHierarchy":{ "name":"UpdateUserHierarchy", @@ -4922,6 +5066,7 @@ "SEND_NOTIFICATION", "CREATE_CASE", "UPDATE_CASE", + "ASSIGN_SLA", "END_ASSOCIATED_TASKS", "SUBMIT_AUTO_EVALUATION" ] @@ -5045,6 +5190,16 @@ "type":"list", "member":{"shape":"AgentContactReference"} }, + "AgentFirst":{ + "type":"structure", + "members":{ + "Preview":{ + "shape":"Preview", + "documentation":"

Information about preview configuration of agent first outbound strategy

" + } + }, + "documentation":"

Information about agent-first outbound strategy configuration.

" + }, "AgentFirstName":{ "type":"string", "max":255, @@ -5102,6 +5257,14 @@ "shape":"AgentResourceId", "documentation":"

The identifier of the agent who accepted the contact.

" }, + "AcceptedByAgentTimestamp":{ + "shape":"timestamp", + "documentation":"

The timestamp when the contact was accepted by the agent.

" + }, + "PreviewEndTimestamp":{ + "shape":"timestamp", + "documentation":"

The timestamp when the agent finished previewing the contact.

" + }, "ConnectedToAgentTimestamp":{ "shape":"timestamp", "documentation":"

The timestamp when the contact was connected to the agent.

" @@ -5118,7 +5281,27 @@ "shape":"DeviceInfo", "documentation":"

Information regarding Agent’s device.

" }, - "Capabilities":{"shape":"ParticipantCapabilities"} + "Capabilities":{"shape":"ParticipantCapabilities"}, + "AfterContactWorkDuration":{ + "shape":"Duration", + "documentation":"

The difference in time, in whole seconds, between AfterContactWorkStartTimestamp and AfterContactWorkEndTimestamp.

" + }, + "AfterContactWorkStartTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the agent started doing After Contact Work for the contact, in UTC time.

" + }, + "AfterContactWorkEndTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the agent ended After Contact Work for the contact, in UTC time. In cases when agent finishes doing AfterContactWork for chat contacts and switches their activity status to offline or equivalent without clearing the contact in CCP, discrepancies may be noticed for AfterContactWorkEndTimestamp.

" + }, + "AgentInitiatedHoldDuration":{ + "shape":"Duration", + "documentation":"

The total hold duration in seconds initiated by the agent.

" + }, + "StateTransitions":{ + "shape":"StateTransitions", + "documentation":"

List of StateTransition for a supervisor.

" + } }, "documentation":"

Information about the agent who accepted the contact.

" }, @@ -5205,6 +5388,20 @@ "min":1 }, "AgentStatusId":{"type":"string"}, + "AgentStatusIdentifier":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the agent status.

" + }, + "Id":{ + "shape":"AgentStatusId", + "documentation":"

The identifier of the agent status.

" + } + }, + "documentation":"

Information about the agent status assigned to the user.

" + }, "AgentStatusList":{ "type":"list", "member":{"shape":"AgentStatus"} @@ -5323,6 +5520,10 @@ "member":{"shape":"AgentStatusType"}, "max":3 }, + "AgentStatuses":{ + "type":"list", + "member":{"shape":"AgentStatusId"} + }, "AgentUsername":{ "type":"string", "max":100, @@ -5349,6 +5550,22 @@ "max":100, "min":1 }, + "AliasConfiguration":{ + "type":"structure", + "required":["EmailAddressId"], + "members":{ + "EmailAddressId":{ + "shape":"EmailAddressId", + "documentation":"

The email address ID.

" + } + }, + "documentation":"

Configuration information of an email alias.

" + }, + "AliasConfigurationList":{ + "type":"list", + "member":{"shape":"AliasConfiguration"}, + "max":1 + }, "AllowedAccessControlTags":{ "type":"map", "key":{"shape":"SecurityProfilePolicyKey"}, @@ -5374,6 +5591,17 @@ "member":{"shape":"MonitorCapability"}, "max":2 }, + "AllowedUserAction":{ + "type":"string", + "enum":[ + "CALL", + "DISCARD" + ] + }, + "AllowedUserActions":{ + "type":"list", + "member":{"shape":"AllowedUserAction"} + }, "AnalyticsDataAssociationResult":{ "type":"structure", "members":{ @@ -5392,6 +5620,10 @@ "ResourceShareArn":{ "shape":"ARN", "documentation":"

The Amazon Resource Name (ARN) of the Resource Access Manager share.

" + }, + "ResourceShareStatus":{ + "shape":"String", + "documentation":"

The Amazon Web Services Resource Access Manager status of association.

" } }, "documentation":"

This API is in preview release for Amazon Connect and is subject to change.

Information about associations that are successfully created: DataSetId, TargetAccountId, ResourceShareId, ResourceShareArn.

" @@ -5400,6 +5632,24 @@ "type":"list", "member":{"shape":"AnalyticsDataAssociationResult"} }, + "AnalyticsDataSetsResult":{ + "type":"structure", + "members":{ + "DataSetId":{ + "shape":"DataSetId", + "documentation":"

The identifier of the dataset.

" + }, + "DataSetName":{ + "shape":"String", + "documentation":"

The name of the dataset.

" + } + }, + "documentation":"

Information about datasets that are available to associate with: DataSetId, DataSetName.

" + }, + "AnalyticsDataSetsResults":{ + "type":"list", + "member":{"shape":"AnalyticsDataSetsResult"} + }, "AnswerMachineDetectionConfig":{ "type":"structure", "members":{ @@ -5474,9 +5724,23 @@ }, "AssignContactCategoryActionDefinition":{ "type":"structure", + "members":{}, + "documentation":"

This action must be set if TriggerEventSource is one of the following values: OnPostCallAnalysisAvailable | OnRealTimeCallAnalysisAvailable | OnRealTimeChatAnalysisAvailable | OnPostChatAnalysisAvailable. Contact is categorized using the rule name.

RuleName is used as ContactCategory.

" + }, + "AssignSlaActionDefinition":{ + "type":"structure", + "required":["SlaAssignmentType"], "members":{ + "SlaAssignmentType":{ + "shape":"SlaAssignmentType", + "documentation":"

Type of SLA assignment.

" + }, + "CaseSlaConfiguration":{ + "shape":"CaseSlaConfiguration", + "documentation":"

The SLA configuration for Case SLA Assignment.

" + } }, - "documentation":"

This action must be set if TriggerEventSource is one of the following values: OnPostCallAnalysisAvailable | OnRealTimeCallAnalysisAvailable | OnRealTimeChatAnalysisAvailable | OnPostChatAnalysisAvailable. Contact is categorized using the rule name.

RuleName is used as ContactCategory.

" + "documentation":"

The AssignSla action definition.

" }, "AssociateAnalyticsDataSetRequest":{ "type":"structure", @@ -5538,6 +5802,11 @@ "Origin":{ "shape":"Origin", "documentation":"

The domain to add to your allow list.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -5555,9 +5824,44 @@ "LexV2Bot":{ "shape":"LexV2Bot", "documentation":"

The Amazon Lex V2 bot to associate with the instance.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, + "AssociateContactWithUserRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactId", + "UserId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactId":{ + "shape":"ContactId", + "documentation":"

The identifier of the contact in this instance of Amazon Connect.

", + "location":"uri", + "locationName":"ContactId" + }, + "UserId":{ + "shape":"AgentResourceId", + "documentation":"

The identifier for the user. This can be the ID or the ARN of the user.

" + } + } + }, + "AssociateContactWithUserResponse":{ + "type":"structure", + "members":{} + }, "AssociateDefaultVocabularyRequest":{ "type":"structure", "required":[ @@ -5585,9 +5889,43 @@ }, "AssociateDefaultVocabularyResponse":{ "type":"structure", + "members":{} + }, + "AssociateEmailAddressAliasRequest":{ + "type":"structure", + "required":[ + "EmailAddressId", + "InstanceId", + "AliasConfiguration" + ], "members":{ + "EmailAddressId":{ + "shape":"EmailAddressId", + "documentation":"

The identifier of the email address.

", + "location":"uri", + "locationName":"EmailAddressId" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "location":"uri", + "locationName":"InstanceId" + }, + "AliasConfiguration":{ + "shape":"AliasConfiguration", + "documentation":"

Configuration object that specifies which email address will serve as the alias. The specified email address must already exist in the Amazon Connect instance and cannot already be configured as an alias or have an alias of its own.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true + } } }, + "AssociateEmailAddressAliasResponse":{ + "type":"structure", + "members":{} + }, "AssociateFlowRequest":{ "type":"structure", "required":[ @@ -5619,8 +5957,7 @@ }, "AssociateFlowResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateInstanceStorageConfigRequest":{ "type":"structure", @@ -5643,6 +5980,11 @@ "StorageConfig":{ "shape":"InstanceStorageConfig", "documentation":"

A valid storage type.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -5671,6 +6013,11 @@ "FunctionArn":{ "shape":"FunctionArn", "documentation":"

The Amazon Resource Name (ARN) for the Lambda function being associated. Maximum number of characters allowed is 140.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -5690,6 +6037,11 @@ "LexBot":{ "shape":"LexBot", "documentation":"

The Amazon Lex bot to associate with the instance.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -5747,8 +6099,7 @@ "type":"structure", "required":[ "InstanceId", - "RoutingProfileId", - "QueueConfigs" + "RoutingProfileId" ], "members":{ "InstanceId":{ @@ -5766,6 +6117,10 @@ "QueueConfigs":{ "shape":"RoutingProfileQueueConfigList", "documentation":"

The queues to associate with this routing profile.

" + }, + "ManualAssignmentQueueConfigs":{ + "shape":"RoutingProfileManualAssignmentQueueConfigList", + "documentation":"

The manual assignment queues to associate with this routing profile.

" } } }, @@ -5785,6 +6140,11 @@ "Key":{ "shape":"PEM", "documentation":"

A valid security key in PEM format as a String.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -5823,8 +6183,7 @@ }, "AssociateTrafficDistributionGroupUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateUserProficienciesRequest":{ "type":"structure", @@ -5869,7 +6228,7 @@ }, "DisconnectTimestamp":{ "shape":"Timestamp", - "documentation":"

The timestamp when the customer endpoint disconnected from Amazon Connect.

" + "documentation":"

The date and time that the customer endpoint disconnected from the current contact, in UTC time. In transfer scenarios, the DisconnectTimestamp of the previous contact indicates the date and time when that contact ended.

" }, "InitialContactId":{ "shape":"ContactId", @@ -6207,11 +6566,24 @@ }, "PeriodicSessionDuration":{ "shape":"AccessTokenDuration", - "documentation":"

The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.

" + "documentation":"

The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.

", + "deprecated":true, + "deprecatedMessage":"PeriodicSessionDuration is deprecated. Use SessionInactivityDuration instead.", + "deprecatedSince":"10/31/2025" }, "MaxSessionDuration":{ "shape":"RefreshTokenDuration", "documentation":"

The long lived session duration for users logged in to Amazon Connect, in minutes. After this time period, users must log in again. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.

" + }, + "SessionInactivityDuration":{ + "shape":"InactivityDuration", + "documentation":"

The period, in minutes, before an agent is automatically signed out of the contact center when they go inactive.

", + "box":true + }, + "SessionInactivityHandlingEnabled":{ + "shape":"Boolean", + "documentation":"

Determines if automatic logout on user inactivity is enabled.

", + "box":true } }, "documentation":"

This API is in preview release for Amazon Connect and is subject to change. To request access to this API, contact Amazon Web Services Support.

Information about an authentication profile. An authentication profile is a resource that stores the authentication settings for users in your contact center. You use authentication profiles to set up IP address range restrictions and session timeouts. For more information, see Set IP address restrictions or session timeouts.

" @@ -6272,6 +6644,50 @@ "sensitive":true }, "AutoAccept":{"type":"boolean"}, + "AutoEvaluationConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

Whether automated evaluations are enabled.

" + } + }, + "documentation":"

Configuration information about automated evaluations.

" + }, + "AutoEvaluationDetails":{ + "type":"structure", + "required":["AutoEvaluationEnabled"], + "members":{ + "AutoEvaluationEnabled":{ + "shape":"Boolean", + "documentation":"

Whether automated evaluation is enabled.

" + }, + "AutoEvaluationStatus":{ + "shape":"AutoEvaluationStatus", + "documentation":"

The status of the contact auto-evaluation.

" + } + }, + "documentation":"

Details about automated evaluations.

" + }, + "AutoEvaluationStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "FAILED", + "SUCCEEDED" + ] + }, + "AutomaticFailConfiguration":{ + "type":"structure", + "members":{ + "TargetSection":{ + "shape":"ReferenceId", + "documentation":"

The referenceId of the target section for auto failure.

" + } + }, + "documentation":"

Information about automatic fail configuration for an evaluation form.

" + }, "AvailableNumberSummary":{ "type":"structure", "members":{ @@ -6494,6 +6910,27 @@ "sensitive":true }, "Boolean":{"type":"boolean"}, + "BooleanComparisonType":{ + "type":"string", + "enum":[ + "IS_TRUE", + "IS_FALSE" + ] + }, + "BooleanCondition":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"String", + "documentation":"

A name of the property to be searched.

" + }, + "ComparisonType":{ + "shape":"BooleanComparisonType", + "documentation":"

Boolean property comparison type.

" + } + }, + "documentation":"

A boolean search condition for Search APIs.

" + }, "BotName":{ "type":"string", "max":50 @@ -6519,6 +6956,37 @@ "max":100, "min":1 }, + "CaseSlaConfiguration":{ + "type":"structure", + "required":[ + "Name", + "Type", + "TargetSlaMinutes" + ], + "members":{ + "Name":{ + "shape":"SlaName", + "documentation":"

Name of an SLA.

" + }, + "Type":{ + "shape":"SlaType", + "documentation":"

Type of SLA for Case SlaAssignmentType.

" + }, + "FieldId":{ + "shape":"FieldValueId", + "documentation":"

Unique identifier of a Case field.

" + }, + "TargetFieldValues":{ + "shape":"SlaFieldValueUnionList", + "documentation":"

Represents a list of target field values for the fieldId specified in CaseSlaConfiguration. The SLA is considered met if any one of these target field values matches the actual field value.

" + }, + "TargetSlaMinutes":{ + "shape":"TargetSlaMinutes", + "documentation":"

Target duration in minutes within which an SLA should be completed.

" + } + }, + "documentation":"

The SLA configuration for Case SlaAssignmentType.

" + }, "Channel":{ "type":"string", "enum":[ @@ -6542,6 +7010,44 @@ "member":{"shape":"Channel"}, "max":4 }, + "ChatContactMetrics":{ + "type":"structure", + "members":{ + "MultiParty":{ + "shape":"NullableBoolean", + "documentation":"

A boolean flag indicating whether multiparty chat or supervisor barge were enabled on this contact.

" + }, + "TotalMessages":{ + "shape":"Count", + "documentation":"

The number of chat messages on the contact.

" + }, + "TotalBotMessages":{ + "shape":"Count", + "documentation":"

The total number of bot and automated messages on a chat contact.

" + }, + "TotalBotMessageLengthInChars":{ + "shape":"Count", + "documentation":"

The total number of characters from bot and automated messages on a chat contact.

" + }, + "ConversationCloseTimeInMillis":{ + "shape":"DurationMillis", + "documentation":"

The time it took for a contact to end after the last customer message.

" + }, + "ConversationTurnCount":{ + "shape":"Count", + "documentation":"

The number of conversation turns in a chat contact, which represents the back-and-forth exchanges between customer and other participants.

" + }, + "AgentFirstResponseTimestamp":{ + "shape":"timestamp", + "documentation":"

The agent first response timestamp for a chat contact.

" + }, + "AgentFirstResponseTimeInMillis":{ + "shape":"DurationMillis", + "documentation":"

The time for an agent to respond after obtaining a chat contact.

" + } + }, + "documentation":"

Information about the overall participant interactions at the contact level.

" + }, "ChatContent":{ "type":"string", "max":16384, @@ -6602,6 +7108,24 @@ }, "documentation":"

A chat message.

" }, + "ChatMetrics":{ + "type":"structure", + "members":{ + "ChatContactMetrics":{ + "shape":"ChatContactMetrics", + "documentation":"

Information about the overall participant interactions at the contact level.

" + }, + "AgentMetrics":{ + "shape":"ParticipantMetrics", + "documentation":"

Information about agent interactions in a contact.

" + }, + "CustomerMetrics":{ + "shape":"ParticipantMetrics", + "documentation":"

Information about customer interactions in a contact.

" + } + }, + "documentation":"

Information about how agent, bot, and customer interact in a chat contact.

" + }, "ChatParticipantRoleConfig":{ "type":"structure", "required":["ParticipantTimerConfigList"], @@ -6794,8 +7318,7 @@ }, "CompleteAttachedFileUploadResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"Response from CompleteAttachedFileUpload API" }, "Concurrency":{ @@ -6906,7 +7429,7 @@ }, "DisconnectTimestamp":{ "shape":"timestamp", - "documentation":"

The timestamp when the customer endpoint disconnected from Amazon Connect.

" + "documentation":"

The date and time that the customer endpoint disconnected from the current contact, in UTC time. In transfer scenarios, the DisconnectTimestamp of the previous contact indicates the date and time when that contact ended.

" }, "LastUpdateTimestamp":{ "shape":"timestamp", @@ -6989,6 +7512,10 @@ "shape":"QualityMetrics", "documentation":"

Information about the quality of the participant's media connection.

" }, + "ChatMetrics":{ + "shape":"ChatMetrics", + "documentation":"

Information about how agent, bot, and customer interact in a chat contact.

" + }, "DisconnectDetails":{ "shape":"DisconnectDetails", "documentation":"

Information about the call disconnect experience.

" @@ -7000,6 +7527,34 @@ "SegmentAttributes":{ "shape":"SegmentAttributes", "documentation":"

A set of system defined key-value pairs stored on individual contact segments using an attribute map. The attributes are standard Amazon Connect attributes and can be accessed in flows. Attribute keys can include only alphanumeric, -, and _ characters. This field can be used to show channel subtype. For example, connect:Guide or connect:SMS.

" + }, + "Recordings":{ + "shape":"Recordings", + "documentation":"

If recording was enabled, this is information about the recordings.

" + }, + "DisconnectReason":{ + "shape":"String", + "documentation":"

The disconnect reason for the contact. For a list and description of all the possible disconnect reasons by channel, see DisconnectReason under ContactTraceRecord in the Amazon Connect Administrator Guide.

" + }, + "ContactEvaluations":{ + "shape":"ContactEvaluations", + "documentation":"

Information about the contact evaluations where the key is the FormId, which is a unique identifier for the form.

" + }, + "TaskTemplateInfo":{ + "shape":"TaskTemplateInfoV2", + "documentation":"

If this contact was created using a task template, this contains information about the task template.

" + }, + "ContactDetails":{ + "shape":"ContactDetails", + "documentation":"

A map of string key/value pairs that contain user-defined attributes which are lightly typed within the contact. This object is used only for task contacts.

" + }, + "OutboundStrategy":{ + "shape":"OutboundStrategy", + "documentation":"

Information about the outbound strategy.

" + }, + "Attributes":{ + "shape":"Attributes", + "documentation":"

The attributes of the contact.

" } }, "documentation":"

Contains information about a contact.

" @@ -7059,6 +7614,10 @@ "Campaign":{ "shape":"Campaign", "documentation":"

Structure to store information associated with a campaign.

" + }, + "OutboundStrategy":{ + "shape":"OutboundStrategy", + "documentation":"

Information about the outbound strategy.

" } }, "documentation":"

Request object with information to create a contact.

" @@ -7069,6 +7628,69 @@ "max":25, "min":1 }, + "ContactDetailDescription":{ + "type":"string", + "max":1024, + "min":0 + }, + "ContactDetailName":{ + "type":"string", + "max":1024, + "min":0 + }, + "ContactDetails":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"ContactDetailName", + "documentation":"

The name of the contact details.

" + }, + "Description":{ + "shape":"ContactDetailDescription", + "documentation":"

Teh description of the contact details.

" + } + }, + "documentation":"

A map of string key/value pairs that contain user-defined attributes which are lightly typed within the contact. This object is used only for task contacts.

" + }, + "ContactEvaluation":{ + "type":"structure", + "members":{ + "FormId":{ + "shape":"FormId", + "documentation":"

The FormId of the contact evaluation.

" + }, + "EvaluationArn":{ + "shape":"EvaluationArn", + "documentation":"

The Amazon Resource Name for the evaluation form. It is always present.

" + }, + "Status":{ + "shape":"Status", + "documentation":"

The status of the evaluation.

" + }, + "StartTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the evaluation was started, in UTC time.

" + }, + "EndTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the evaluation was submitted, in UTC time.

" + }, + "DeleteTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the evaluation was deleted, in UTC time.

" + }, + "ExportLocation":{ + "shape":"ExportLocation", + "documentation":"

The path where evaluation was exported.

" + } + }, + "documentation":"

Information about the contact evaluations where the key is the FormId, which is a unique identifier for the form.

" + }, + "ContactEvaluations":{ + "type":"map", + "key":{"shape":"EvaluationId"}, + "value":{"shape":"ContactEvaluation"} + }, "ContactFilter":{ "type":"structure", "members":{ @@ -7452,6 +8074,59 @@ "FLOW" ] }, + "ContactMetricInfo":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"ContactMetricName", + "documentation":"

The name of the metric being retrieved in type String.

" + } + }, + "documentation":"

The object that contains information about metric being requested.

" + }, + "ContactMetricName":{ + "type":"string", + "enum":["POSITION_IN_QUEUE"] + }, + "ContactMetricResult":{ + "type":"structure", + "required":[ + "Name", + "Value" + ], + "members":{ + "Name":{ + "shape":"ContactMetricName", + "documentation":"

The name of the metric being retrieved in type String.

" + }, + "Value":{ + "shape":"ContactMetricValue", + "documentation":"

Object result associated with the metric received.

" + } + }, + "documentation":"

Object containing information about metric requested for the contact.

" + }, + "ContactMetricResults":{ + "type":"list", + "member":{"shape":"ContactMetricResult"} + }, + "ContactMetricValue":{ + "type":"structure", + "members":{ + "Number":{ + "shape":"Double", + "documentation":"

The number of type Double. This number is the contact's position in queue.

" + } + }, + "documentation":"

Object which contains the number.

", + "union":true + }, + "ContactMetrics":{ + "type":"list", + "member":{"shape":"ContactMetricInfo"}, + "min":1 + }, "ContactNotFoundException":{ "type":"structure", "members":{ @@ -7460,7 +8135,7 @@ "documentation":"

The message.

" } }, - "documentation":"

The contact with the specified ID is not active or does not exist. Applies to Voice calls only, not to Chat or Task contacts.

", + "documentation":"

The contact with the specified ID does not exist.

", "error":{"httpStatusCode":410}, "exception":true }, @@ -7527,7 +8202,12 @@ "SegmentAttributes":{ "shape":"ContactSearchSummarySegmentAttributes", "documentation":"

Set of segment attributes for a contact.

" - } + }, + "Name":{ + "shape":"Name", + "documentation":"

Indicates name of the contact.

" + }, + "RoutingCriteria":{"shape":"RoutingCriteria"} }, "documentation":"

Information of returned contact.

" }, @@ -7565,6 +8245,10 @@ "ValueString":{ "shape":"SegmentAttributeValueString", "documentation":"

The value of a segment attribute represented as a string.

" + }, + "ValueMap":{ + "shape":"SegmentAttributeValueMap", + "documentation":"

The key and value of a segment attribute.

" } }, "documentation":"

The value of a segment attribute. This is structured as a map with a single key-value pair. The key 'valueString' indicates that the attribute type is a string, and its corresponding value is the actual string value of the segment attribute.

" @@ -7572,7 +8256,8 @@ "ContactSearchSummarySegmentAttributes":{ "type":"map", "key":{"shape":"SegmentAttributeName"}, - "value":{"shape":"ContactSearchSummarySegmentAttributeValue"} + "value":{"shape":"ContactSearchSummarySegmentAttributeValue"}, + "sensitive":true }, "ContactState":{ "type":"string", @@ -7679,6 +8364,7 @@ }, "documentation":"

An object that can be used to specify Tag conditions or Hierarchy Group conditions inside the SearchFilter.

This accepts an OR of AND (List of List) input where:

  • The top level list specifies conditions that need to be applied with OR operator

  • The inner list specifies conditions that need to be applied with AND operator.

Only one field can be populated. Maximum number of allowed Tag conditions is 25. Maximum number of allowed Hierarchy Group conditions is 20.

" }, + "Count":{"type":"integer"}, "CreateAgentStatusRequest":{ "type":"structure", "required":[ @@ -7936,15 +8622,15 @@ }, "References":{ "shape":"ContactReferences", - "documentation":"

A formatted URL that is shown to an agent in the Contact Control Panel (CCP). Tasks can have the following reference types at the time of creation: URL | NUMBER | STRING | DATE | EMAIL | ATTACHMENT.

" + "documentation":"

A formatted URL that is shown to an agent in the Contact Control Panel (CCP). Tasks can have the following reference types at the time of creation: URL | NUMBER | STRING | DATE | EMAIL | ATTACHMENT.

" }, "Channel":{ "shape":"Channel", - "documentation":"

The channel for the contact

" + "documentation":"

The channel for the contact.

The CHAT channel is not supported. The following information is incorrect. We're working to correct it.

" }, "InitiationMethod":{ "shape":"ContactInitiationMethod", - "documentation":"

Indicates how the contact was initiated.

" + "documentation":"

Indicates how the contact was initiated.

CreateContact only supports the following initiation methods. Valid values by channel are:

  • For VOICE: TRANSFER and the subtype connect:ExternalAudio

  • For EMAIL: OUTBOUND | AGENT_REPLY | FLOW

  • For TASK: API

The other channels listed below are incorrect. We're working to correct this information.

" }, "ExpiryDurationInMinutes":{ "shape":"ExpiryDurationInMinutes", @@ -7952,11 +8638,11 @@ }, "UserInfo":{ "shape":"UserInfo", - "documentation":"

User details for the contact

" + "documentation":"

User details for the contact

UserInfo is required when creating an EMAIL contact with OUTBOUND and AGENT_REPLY contact initiation methods.

" }, "InitiateAs":{ "shape":"InitiateAs", - "documentation":"

Initial state of the contact when it's created

" + "documentation":"

Initial state of the contact when it's created. Only TASK channel contacts can be initiated with COMPLETED state.

" }, "Name":{ "shape":"Name", @@ -7969,6 +8655,10 @@ "SegmentAttributes":{ "shape":"SegmentAttributes", "documentation":"

A set of system defined key-value pairs stored on individual contact segments (unique contact ID) using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.

Attribute keys can include only alphanumeric, -, and _.

This field can be used to set Segment Contact Expiry as a duration in minutes.

To set contact expiry, a ValueMap must be specified containing the integer number of minutes the contact will be active for before expiring, with SegmentAttributes like { \"connect:ContactExpiry\": {\"ValueMap\" : { \"ExpiryDuration\": { \"ValueInteger\": 135}}}}.

" + }, + "PreviousContactId":{ + "shape":"ContactId", + "documentation":"

The ID of the previous contact when creating a transfer contact. This value can be provided only for external audio contacts. For more information, see Integrate Amazon Connect Contact Lens with external voice systems in the Amazon Connect Administrator Guide.

" } } }, @@ -8004,7 +8694,7 @@ }, "EmailAddress":{ "shape":"EmailAddress", - "documentation":"

The email address with the instance, in [^\\s@]+@[^\\s@]+\\.[^\\s@]+ format.

" + "documentation":"

The email address, including the domain.

" }, "DisplayName":{ "shape":"EmailAddressDisplayName", @@ -8063,10 +8753,18 @@ "shape":"EvaluationFormScoringStrategy", "documentation":"

A scoring strategy of the evaluation form.

" }, + "AutoEvaluationConfiguration":{ + "shape":"EvaluationFormAutoEvaluationConfiguration", + "documentation":"

Configuration information about automated evaluations.

" + }, "ClientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", "idempotencyToken":true + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" } } }, @@ -8124,11 +8822,11 @@ }, "EffectiveFrom":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The date from when the hours of operation override would be effective.

" + "documentation":"

The date from when the hours of operation override is effective.

" }, "EffectiveTill":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The date until when the hours of operation override would be effective.

" + "documentation":"

The date until when the hours of operation override is effective.

" } } }, @@ -8201,7 +8899,8 @@ "members":{ "ClientToken":{ "shape":"ClientToken", - "documentation":"

The idempotency token.

" + "documentation":"

The idempotency token.

", + "idempotencyToken":true }, "IdentityManagementType":{ "shape":"DirectoryType", @@ -8309,7 +9008,7 @@ }, "ContactId":{ "shape":"ContactId", - "documentation":"

The identifier of the contact in this instance of Amazon Connect. Only contacts in the CHAT channel are supported.

" + "documentation":"

The identifier of the contact in this instance of Amazon Connect. Supports contacts in the CHAT channel and VOICE (WebRTC) channels. For WebRTC calls, this should be the initial contact ID that was generated when the contact was first created (from the StartWebRTCContact API) in the VOICE channel

" }, "ClientToken":{ "shape":"ClientToken", @@ -8318,7 +9017,7 @@ }, "ParticipantDetails":{ "shape":"ParticipantDetailsToAdd", - "documentation":"

Information identifying the participant.

The only Valid value for ParticipantRole is CUSTOM_BOT.

DisplayName is Required.

" + "documentation":"

Information identifying the participant.

The only valid value for ParticipantRole is CUSTOM_BOT for chat contact and CUSTOMER for voice contact.

" } } }, @@ -8383,8 +9082,7 @@ "type":"structure", "required":[ "InstanceId", - "Name", - "Values" + "Name" ], "members":{ "InstanceId":{ @@ -8400,6 +9098,14 @@ "Values":{ "shape":"PredefinedAttributeValues", "documentation":"

The values of the predefined attribute.

" + }, + "Purposes":{ + "shape":"PredefinedAttributePurposeNameList", + "documentation":"

Values that enable you to categorize your predefined attributes. You can use them in custom UI elements across the Amazon Connect admin website.

" + }, + "AttributeConfiguration":{ + "shape":"InputPredefinedAttributeConfiguration", + "documentation":"

Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.

" } } }, @@ -8636,6 +9342,10 @@ "shape":"RoutingProfileQueueConfigList", "documentation":"

The inbound queues associated with the routing profile. If no queue is added, the agent can make only outbound calls.

The limit of 10 array members applies to the maximum number of RoutingProfileQueueConfig objects that can be passed during a CreateRoutingProfile API request. It is different from the quota of 50 queues per routing profile per instance that is listed in Amazon Connect service quotas.

" }, + "ManualAssignmentQueueConfigs":{ + "shape":"RoutingProfileManualAssignmentQueueConfigList", + "documentation":"

The manual assignment queues associated with the routing profile. If no queue is added, agents and supervisors can't pick or assign any contacts from this routing profile. The limit of 10 array members applies to the maximum number of RoutingProfileManualAssignmentQueueConfig objects that can be passed during a CreateRoutingProfile API request. It is different from the quota of 50 queues per routing profile per instance that is listed in Amazon Connect service quotas.

" + }, "MediaConcurrencies":{ "shape":"MediaConcurrencies", "documentation":"

The channels that agents can handle in the Contact Control Panel (CCP) for this routing profile.

" @@ -8765,7 +9475,7 @@ }, "TagRestrictedResources":{ "shape":"TagRestrictedResourceList", - "documentation":"

The list of resources that a security profile applies tag restrictions to in Amazon Connect. Following are acceptable ResourceNames: User | SecurityProfile | Queue | RoutingProfile

" + "documentation":"

The list of resources that a security profile applies tag restrictions to in Amazon Connect. For a list of Amazon Connect resources that you can tag, see Add tags to resources in Amazon Connect in the Amazon Connect Administrator Guide.

" }, "Applications":{ "shape":"Applications", @@ -9266,7 +9976,7 @@ "documentation":"

The unit for the metric.

" } }, - "documentation":"

Contains information about a real-time metric. For a description of each metric, see Real-time Metrics Definitions in the Amazon Connect Administrator Guide.

" + "documentation":"

Contains information about a real-time metric. For a description of each metric, see Metrics definitions in the Amazon Connect Administrator Guide.

" }, "CurrentMetricData":{ "type":"structure", @@ -9443,6 +10153,43 @@ }, "documentation":"

Information about a reference when the referenceType is DATE. Otherwise, null.

" }, + "DateTimeComparisonType":{ + "type":"string", + "enum":[ + "GREATER_THAN", + "LESS_THAN", + "GREATER_THAN_OR_EQUAL_TO", + "LESS_THAN_OR_EQUAL_TO", + "EQUAL_TO", + "RANGE" + ] + }, + "DateTimeCondition":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"String", + "documentation":"

A name of the datetime property to be searched

" + }, + "MinValue":{ + "shape":"DateTimeFormat", + "documentation":"

A minimum value of the property.

" + }, + "MaxValue":{ + "shape":"DateTimeFormat", + "documentation":"

A maximum value of the property.

" + }, + "ComparisonType":{ + "shape":"DateTimeComparisonType", + "documentation":"

Datetime property comparison type.

" + } + }, + "documentation":"

A datetime search condition for Search APIs.

" + }, + "DateTimeFormat":{ + "type":"string", + "pattern":"^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(\\.\\d{3})?Z?$" + }, "DateYearMonthDayFormat":{ "type":"string", "pattern":"^\\d{4}-\\d{2}-\\d{2}$" @@ -9495,6 +10242,40 @@ } } }, + "DecimalComparisonType":{ + "type":"string", + "enum":[ + "GREATER_OR_EQUAL", + "GREATER", + "LESSER_OR_EQUAL", + "LESSER", + "EQUAL", + "NOT_EQUAL", + "RANGE" + ] + }, + "DecimalCondition":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"String", + "documentation":"

A name of the decimal property to be searched.

" + }, + "MinValue":{ + "shape":"NullableDouble", + "documentation":"

A minimum value of the decimal property.

" + }, + "MaxValue":{ + "shape":"NullableDouble", + "documentation":"

A maximum value of the decimal property.

" + }, + "ComparisonType":{ + "shape":"DecimalComparisonType", + "documentation":"

The type of comparison to be made when evaluating the decimal condition.

" + } + }, + "documentation":"

A decimal search condition for Search APIs.

" + }, "DefaultVocabulary":{ "type":"structure", "required":[ @@ -9563,8 +10344,7 @@ }, "DeleteAttachedFileResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"Response from DeleteAttachedFile API" }, "DeleteContactEvaluationRequest":{ @@ -9611,8 +10391,7 @@ }, "DeleteContactFlowModuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContactFlowRequest":{ "type":"structure", @@ -9637,8 +10416,7 @@ }, "DeleteContactFlowResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContactFlowVersionRequest":{ "type":"structure", @@ -9670,8 +10448,7 @@ }, "DeleteContactFlowVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEmailAddressRequest":{ "type":"structure", @@ -9696,8 +10473,7 @@ }, "DeleteEmailAddressResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEvaluationFormRequest":{ "type":"structure", @@ -9785,6 +10561,13 @@ "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", "location":"uri", "locationName":"InstanceId" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -9881,8 +10664,7 @@ }, "DeletePushNotificationRegistrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteQueueRequest":{ "type":"structure", @@ -10012,8 +10794,7 @@ }, "DeleteTaskTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrafficDistributionGroupRequest":{ "type":"structure", @@ -10029,8 +10810,7 @@ }, "DeleteTrafficDistributionGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUseCaseRequest":{ "type":"structure", @@ -10125,8 +10905,7 @@ }, "DeleteViewResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteViewVersionRequest":{ "type":"structure", @@ -10158,8 +10937,7 @@ }, "DeleteViewVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVocabularyRequest":{ "type":"structure", @@ -10426,7 +11204,7 @@ }, "EmailAddress":{ "shape":"EmailAddress", - "documentation":"

The email address with the instance, in [^\\s@]+@[^\\s@]+\\.[^\\s@]+ format.

" + "documentation":"

The email address, including the domain.

" }, "DisplayName":{ "shape":"EmailAddressDisplayName", @@ -10444,6 +11222,10 @@ "shape":"ISO8601Datetime", "documentation":"

The email address last modification timestamp in ISO 8601 Datetime.

" }, + "AliasConfigurations":{ + "shape":"AliasConfigurationList", + "documentation":"

A list of alias configurations associated with this email address. Contains details about email addresses that forward to this primary email address. The list can contain at most one alias configuration per email address.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" @@ -11117,6 +11899,10 @@ "RoutingStepExpression":{ "shape":"RoutingExpression", "documentation":"

The expression of a step in a routing criteria.

" + }, + "AgentStatus":{ + "shape":"AgentStatusIdentifier", + "documentation":"

Information about the agent status assigned to the user.

" } }, "documentation":"

Contains information about the dimensions for a set of metrics.

" @@ -11191,6 +11977,13 @@ "documentation":"

The domain URL of the integrated application.

", "location":"querystring", "locationName":"origin" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -11208,9 +12001,49 @@ "LexV2Bot":{ "shape":"LexV2Bot", "documentation":"

The Amazon Lex V2 bot to disassociate from the instance.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, + "DisassociateEmailAddressAliasRequest":{ + "type":"structure", + "required":[ + "EmailAddressId", + "InstanceId", + "AliasConfiguration" + ], + "members":{ + "EmailAddressId":{ + "shape":"EmailAddressId", + "documentation":"

The identifier of the email address.

", + "location":"uri", + "locationName":"EmailAddressId" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "location":"uri", + "locationName":"InstanceId" + }, + "AliasConfiguration":{ + "shape":"AliasConfiguration", + "documentation":"

Configuration object that specifies which alias relationship to remove. The alias association must currently exist between the primary email address and the specified alias email address.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true + } + } + }, + "DisassociateEmailAddressAliasResponse":{ + "type":"structure", + "members":{} + }, "DisassociateFlowRequest":{ "type":"structure", "required":[ @@ -11241,8 +12074,7 @@ }, "DisassociateFlowResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateInstanceStorageConfigRequest":{ "type":"structure", @@ -11269,6 +12101,13 @@ "documentation":"

A valid resource type.

", "location":"querystring", "locationName":"resourceType" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -11290,6 +12129,13 @@ "documentation":"

The Amazon Resource Name (ARN) of the Lambda function being disassociated.

", "location":"querystring", "locationName":"functionArn" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -11318,6 +12164,13 @@ "documentation":"

The Amazon Web Services Region in which the Amazon Lex bot has been created.

", "location":"querystring", "locationName":"lexRegion" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -11372,8 +12225,7 @@ "type":"structure", "required":[ "InstanceId", - "RoutingProfileId", - "QueueReferences" + "RoutingProfileId" ], "members":{ "InstanceId":{ @@ -11391,6 +12243,10 @@ "QueueReferences":{ "shape":"RoutingProfileQueueReferenceList", "documentation":"

The queues to disassociate from this routing profile.

" + }, + "ManualAssignmentQueueReferences":{ + "shape":"RoutingProfileQueueReferenceList", + "documentation":"

The manual assignment queues to disassociate with this routing profile.

" } } }, @@ -11412,6 +12268,13 @@ "documentation":"

The existing association identifier that uniquely identifies the resource type and storage config for the given instance ID.

", "location":"uri", "locationName":"AssociationId" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" } } }, @@ -11445,8 +12308,7 @@ }, "DisassociateTrafficDistributionGroupUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateUserProficienciesRequest":{ "type":"structure", @@ -11523,8 +12385,7 @@ }, "DismissUserContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisplayName":{ "type":"string", @@ -11577,7 +12438,15 @@ "error":{"httpStatusCode":409}, "exception":true }, + "Duration":{ + "type":"integer", + "min":0 + }, "DurationInSeconds":{"type":"integer"}, + "DurationMillis":{ + "type":"long", + "min":0 + }, "EffectiveHoursOfOperationList":{ "type":"list", "member":{"shape":"EffectiveHoursOfOperations"} @@ -11629,14 +12498,14 @@ "members":{ "EmailAddress":{ "shape":"EmailAddress", - "documentation":"

The email address with the instance, in [^\\s@]+@[^\\s@]+\\.[^\\s@]+ format.

" + "documentation":"

The email address, including the domain.

" }, "DisplayName":{ "shape":"EmailAddressDisplayName", "documentation":"

The display name of email address.

" } }, - "documentation":"

Contains information about a source or destination email address

" + "documentation":"

Contains information about a source or destination email address.

" }, "EmailAddressList":{ "type":"list", @@ -11655,7 +12524,7 @@ }, "EmailAddress":{ "shape":"EmailAddress", - "documentation":"

The email address with the instance, in [^\\s@]+@[^\\s@]+\\.[^\\s@]+ format.

" + "documentation":"

The email address, including the domain.

" }, "Description":{ "shape":"Description", @@ -11664,6 +12533,10 @@ "DisplayName":{ "shape":"EmailAddressDisplayName", "documentation":"

The display name of email address.

" + }, + "AliasConfigurations":{ + "shape":"AliasConfigurationList", + "documentation":"

A list of alias configurations for this email address, showing which email addresses forward to this primary address. Each configuration contains the email address ID of an alias that forwards emails to this address.

" } }, "documentation":"

Contains information about an email address for a contact center.

" @@ -11671,7 +12544,7 @@ "EmailAddressRecipientList":{ "type":"list", "member":{"shape":"EmailAddressInfo"}, - "max":10, + "max":50, "min":1 }, "EmailAddressSearchConditionList":{ @@ -11769,11 +12642,11 @@ "members":{ "Address":{ "shape":"EndpointAddress", - "documentation":"

Address of the email recipient.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

" + "documentation":"

Address of the email recipient.

" }, "DisplayName":{ "shape":"EndpointDisplayName", - "documentation":"

Display name of the email recipient.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

" + "documentation":"

Display name of the email recipient.

" } }, "documentation":"

Information about the email recipient

" @@ -11798,10 +12671,10 @@ }, "EmptyFieldValue":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An empty value.

" }, + "EnableValueValidationOnAssociation":{"type":"boolean"}, "EncryptionConfig":{ "type":"structure", "required":[ @@ -11826,8 +12699,7 @@ }, "EndAssociatedTasksActionDefinition":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

End associated tasks related to a case.

" }, "Endpoint":{ @@ -11951,6 +12823,10 @@ "shape":"Timestamp", "documentation":"

The timestamp for when the evaluation was last updated.

" }, + "EvaluationType":{ + "shape":"EvaluationType", + "documentation":"

Type of the evaluation.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" @@ -11958,6 +12834,51 @@ }, "documentation":"

Information about a contact evaluation.

" }, + "EvaluationAcknowledgement":{ + "type":"structure", + "required":[ + "AcknowledgedTime", + "AcknowledgedBy" + ], + "members":{ + "AcknowledgedTime":{ + "shape":"Timestamp", + "documentation":"

When the agent acknowledged the evaluation.

" + }, + "AcknowledgedBy":{ + "shape":"ARN", + "documentation":"

The agent who acknowledged the evaluation.

" + }, + "AcknowledgerComment":{ + "shape":"EvaluationAcknowledgerCommentString", + "documentation":"

A comment from the agent when they confirmed they acknowledged the evaluation.

" + } + }, + "documentation":"

Information about the evaluation acknowledgement.

" + }, + "EvaluationAcknowledgementSummary":{ + "type":"structure", + "members":{ + "AcknowledgedTime":{ + "shape":"Timestamp", + "documentation":"

The time when an agent acknowledged the evaluation.

" + }, + "AcknowledgedBy":{ + "shape":"ARN", + "documentation":"

The agent who acknowledged the evaluation.

" + }, + "AcknowledgerComment":{ + "shape":"EvaluationAcknowledgerCommentString", + "documentation":"

A comment from the agent when they confirmed they acknowledged the evaluation.

" + } + }, + "documentation":"

Summary information about an evaluation acknowledgement.

" + }, + "EvaluationAcknowledgerCommentString":{ + "type":"string", + "max":3072, + "min":0 + }, "EvaluationAnswerData":{ "type":"structure", "members":{ @@ -11980,7 +12901,7 @@ "EvaluationAnswerDataNumericValue":{"type":"double"}, "EvaluationAnswerDataStringValue":{ "type":"string", - "max":128, + "max":300, "min":0 }, "EvaluationAnswerInput":{ @@ -12003,6 +12924,10 @@ "SystemSuggestedValue":{ "shape":"EvaluationAnswerData", "documentation":"

The system suggested value for an answer in a contact evaluation.

" + }, + "SuggestedAnswers":{ + "shape":"EvaluationSuggestedAnswersList", + "documentation":"

Automation suggested answers for the questions.

" } }, "documentation":"

Information about output answers for a contact evaluation.

" @@ -12019,6 +12944,43 @@ "value":{"shape":"EvaluationAnswerOutput"}, "max":100 }, + "EvaluationArn":{"type":"string"}, + "EvaluationAutomationRuleCategory":{ + "type":"structure", + "required":[ + "Category", + "Condition" + ], + "members":{ + "Category":{ + "shape":"QuestionRuleCategoryAutomationLabel", + "documentation":"

A category label.

" + }, + "Condition":{ + "shape":"QuestionRuleCategoryAutomationCondition", + "documentation":"

An automation condition for a Contact Lens category.

" + }, + "PointsOfInterest":{ + "shape":"EvaluationTranscriptPointsOfInterest", + "documentation":"

A point of interest in a contact transcript that indicates match of condition.

" + } + }, + "documentation":"

The Contact Lens category used by evaluation automation.

" + }, + "EvaluationAutomationRuleCategoryList":{ + "type":"list", + "member":{"shape":"EvaluationAutomationRuleCategory"} + }, + "EvaluationContactLensAnswerAnalysisDetails":{ + "type":"structure", + "members":{ + "MatchedRuleCategories":{ + "shape":"EvaluationAutomationRuleCategoryList", + "documentation":"

A list of match rule categories.

" + } + }, + "documentation":"

Analysis details providing explanation for Contact Lens automation decision.

" + }, "EvaluationForm":{ "type":"structure", "required":[ @@ -12087,6 +13049,10 @@ "shape":"ARN", "documentation":"

The Amazon Resource Name (ARN) of the user who last updated the evaluation form.

" }, + "AutoEvaluationConfiguration":{ + "shape":"EvaluationFormAutoEvaluationConfiguration", + "documentation":"

The automatic evaluation configuration of an evaluation form.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" @@ -12094,6 +13060,17 @@ }, "documentation":"

Information about the evaluation form.

" }, + "EvaluationFormAutoEvaluationConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

When automated evaluation is enabled.

" + } + }, + "documentation":"

The automatic evaluation configuration of an evaluation form.

" + }, "EvaluationFormContent":{ "type":"structure", "required":[ @@ -12131,6 +13108,10 @@ "ScoringStrategy":{ "shape":"EvaluationFormScoringStrategy", "documentation":"

A scoring strategy of the evaluation form.

" + }, + "AutoEvaluationConfiguration":{ + "shape":"EvaluationFormAutoEvaluationConfiguration", + "documentation":"

The configuration of the automated evaluation.

" } }, "documentation":"

Information about an evaluation form used in a contact evaluation.

" @@ -12160,6 +13141,150 @@ "documentation":"

Information about an item from an evaluation form. The item must be either a section or a question.

", "union":true }, + "EvaluationFormItemEnablementAction":{ + "type":"string", + "enum":[ + "DISABLE", + "ENABLE" + ] + }, + "EvaluationFormItemEnablementCondition":{ + "type":"structure", + "required":["Operands"], + "members":{ + "Operands":{ + "shape":"EvaluationFormItemEnablementConditionOperandList", + "documentation":"

Operands of the enablement condition.

" + }, + "Operator":{ + "shape":"EvaluationFormItemEnablementOperator", + "documentation":"

The operator to be used to be applied to operands if more than one provided.

" + } + }, + "documentation":"

A condition for item enablement.

" + }, + "EvaluationFormItemEnablementConditionOperand":{ + "type":"structure", + "members":{ + "Expression":{ + "shape":"EvaluationFormItemEnablementExpression", + "documentation":"

An expression of the enablement condition.

" + }, + "Condition":{ + "shape":"EvaluationFormItemEnablementCondition", + "documentation":"

A condition for item enablement.

" + } + }, + "documentation":"

An operand of the enablement condition.

", + "union":true + }, + "EvaluationFormItemEnablementConditionOperandList":{ + "type":"list", + "member":{"shape":"EvaluationFormItemEnablementConditionOperand"}, + "min":1 + }, + "EvaluationFormItemEnablementConfiguration":{ + "type":"structure", + "required":[ + "Condition", + "Action" + ], + "members":{ + "Condition":{ + "shape":"EvaluationFormItemEnablementCondition", + "documentation":"

A condition for item enablement configuration.

" + }, + "Action":{ + "shape":"EvaluationFormItemEnablementAction", + "documentation":"

An enablement action that if condition is satisfied.

" + }, + "DefaultAction":{ + "shape":"EvaluationFormItemEnablementAction", + "documentation":"

An enablement action that if condition is not satisfied.

" + } + }, + "documentation":"

An item enablement configuration.

" + }, + "EvaluationFormItemEnablementExpression":{ + "type":"structure", + "required":[ + "Source", + "Values", + "Comparator" + ], + "members":{ + "Source":{ + "shape":"EvaluationFormItemEnablementSource", + "documentation":"

A source item of enablement expression.

" + }, + "Values":{ + "shape":"EvaluationFormItemEnablementSourceValueList", + "documentation":"

A list of values from source item.

" + }, + "Comparator":{ + "shape":"EvaluationFormItemSourceValuesComparator", + "documentation":"

A comparator to be used against list of values.

" + } + }, + "documentation":"

An expression that defines a basic building block of conditional enablement.

" + }, + "EvaluationFormItemEnablementOperator":{ + "type":"string", + "enum":[ + "OR", + "AND" + ] + }, + "EvaluationFormItemEnablementSource":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"EvaluationFormItemEnablementSourceType", + "documentation":"

A type of source item.

" + }, + "RefId":{ + "shape":"ReferenceId", + "documentation":"

A referenceId of the source item.

" + } + }, + "documentation":"

An enablement expression source item.

" + }, + "EvaluationFormItemEnablementSourceType":{ + "type":"string", + "enum":["QUESTION_REF_ID"] + }, + "EvaluationFormItemEnablementSourceValue":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"EvaluationFormItemEnablementSourceValueType", + "documentation":"

A type of source item value.

" + }, + "RefId":{ + "shape":"ReferenceId", + "documentation":"

A referenceId of the source value.

" + } + }, + "documentation":"

An enablement expression source value.

" + }, + "EvaluationFormItemEnablementSourceValueList":{ + "type":"list", + "member":{"shape":"EvaluationFormItemEnablementSourceValue"}, + "min":1 + }, + "EvaluationFormItemEnablementSourceValueType":{ + "type":"string", + "enum":["OPTION_REF_ID"] + }, + "EvaluationFormItemSourceValuesComparator":{ + "type":"string", + "enum":[ + "IN", + "NOT_IN" + ] + }, "EvaluationFormItemWeight":{ "type":"double", "max":100, @@ -12177,6 +13302,10 @@ "PropertyValue":{ "shape":"NumericQuestionPropertyValueAutomation", "documentation":"

The property value of the automation.

" + }, + "AnswerSource":{ + "shape":"EvaluationFormQuestionAutomationAnswerSource", + "documentation":"

A source of automation answer for numeric question.

" } }, "documentation":"

Information about the automation configuration in numeric questions.

", @@ -12204,6 +13333,10 @@ "AutomaticFail":{ "shape":"Boolean", "documentation":"

The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0.

" + }, + "AutomaticFailConfiguration":{ + "shape":"AutomaticFailConfiguration", + "documentation":"

A configuration for automatic fail.

" } }, "documentation":"

Information about the option range used for scoring in numeric questions.

" @@ -12272,6 +13405,10 @@ "shape":"EvaluationFormQuestionTypeProperties", "documentation":"

The properties of the type of question. Text questions do not have to define question type properties.

" }, + "Enablement":{ + "shape":"EvaluationFormItemEnablementConfiguration", + "documentation":"

A question conditional enablement.

" + }, "Weight":{ "shape":"EvaluationFormItemWeight", "documentation":"

The scoring weight of the section.

" @@ -12284,6 +13421,24 @@ "max":10, "min":0 }, + "EvaluationFormQuestionAutomationAnswerSource":{ + "type":"structure", + "required":["SourceType"], + "members":{ + "SourceType":{ + "shape":"EvaluationFormQuestionAutomationAnswerSourceType", + "documentation":"

The automation answer source type.

" + } + }, + "documentation":"

A question automation answer.

" + }, + "EvaluationFormQuestionAutomationAnswerSourceType":{ + "type":"string", + "enum":[ + "CONTACT_LENS_DATA", + "GEN_AI" + ] + }, "EvaluationFormQuestionInstructions":{ "type":"string", "max":1024, @@ -12312,6 +13467,10 @@ "SingleSelect":{ "shape":"EvaluationFormSingleSelectQuestionProperties", "documentation":"

The properties of the numeric question.

" + }, + "Text":{ + "shape":"EvaluationFormTextQuestionProperties", + "documentation":"

The properties of the text question.

" } }, "documentation":"

Information about properties for a question in an evaluation form. The question type properties must be either for a numeric question or a single select question.

", @@ -12349,6 +13508,124 @@ }, "documentation":"

Information about scoring strategy for an evaluation form.

" }, + "EvaluationFormSearchConditionList":{ + "type":"list", + "member":{"shape":"EvaluationFormSearchCriteria"} + }, + "EvaluationFormSearchCriteria":{ + "type":"structure", + "members":{ + "OrConditions":{ + "shape":"EvaluationFormSearchConditionList", + "documentation":"

A list of conditions which would be applied together with an OR condition.

" + }, + "AndConditions":{ + "shape":"EvaluationFormSearchConditionList", + "documentation":"

A list of conditions which would be applied together with an AND condition.

" + }, + "StringCondition":{"shape":"StringCondition"}, + "NumberCondition":{"shape":"NumberCondition"}, + "BooleanCondition":{ + "shape":"BooleanCondition", + "documentation":"

Boolean search condition.

" + }, + "DateTimeCondition":{ + "shape":"DateTimeCondition", + "documentation":"

Datetime search condition.

" + } + }, + "documentation":"

The search criteria to be used to return evaluation forms.

" + }, + "EvaluationFormSearchFilter":{ + "type":"structure", + "members":{ + "AttributeFilter":{"shape":"ControlPlaneAttributeFilter"} + }, + "documentation":"

Filters to be applied to search results.

" + }, + "EvaluationFormSearchSummary":{ + "type":"structure", + "required":[ + "EvaluationFormId", + "EvaluationFormArn", + "Title", + "Status", + "CreatedTime", + "CreatedBy", + "LastModifiedTime", + "LastModifiedBy", + "LatestVersion" + ], + "members":{ + "EvaluationFormId":{ + "shape":"ResourceId", + "documentation":"

The unique identifier for the evaluation form.

" + }, + "EvaluationFormArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) for the evaluation form resource.

" + }, + "Title":{ + "shape":"EvaluationFormTitle", + "documentation":"

The title of the evaluation form.

" + }, + "Status":{ + "shape":"EvaluationFormVersionStatus", + "documentation":"

The status of the evaluation form.

" + }, + "Description":{ + "shape":"EvaluationFormDescription", + "documentation":"

The description of the evaluation form.

" + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

When the evaluation form was created.

" + }, + "CreatedBy":{ + "shape":"ARN", + "documentation":"

Who created the evaluation form.

" + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

When the evaluation form was last changed.

" + }, + "LastModifiedBy":{ + "shape":"ARN", + "documentation":"

Who changed the evaluation form.

" + }, + "LastActivatedTime":{ + "shape":"Timestamp", + "documentation":"

When the evaluation format was last activated.

" + }, + "LastActivatedBy":{ + "shape":"ARN", + "documentation":"

The ID of user who last activated evaluation form.

" + }, + "LatestVersion":{ + "shape":"VersionNumber", + "documentation":"

Latest version of the evaluation form.

", + "box":true + }, + "ActiveVersion":{ + "shape":"VersionNumber", + "documentation":"

Active version of the evaluation form.

", + "box":true + }, + "AutoEvaluationEnabled":{ + "shape":"Boolean", + "documentation":"

Whether automated evaluation is enabled.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" + } + }, + "documentation":"

Information about the returned evaluation forms.

" + }, + "EvaluationFormSearchSummaryList":{ + "type":"list", + "member":{"shape":"EvaluationFormSearchSummary"} + }, "EvaluationFormSection":{ "type":"structure", "required":[ @@ -12387,7 +13664,6 @@ }, "EvaluationFormSingleSelectQuestionAutomation":{ "type":"structure", - "required":["Options"], "members":{ "Options":{ "shape":"EvaluationFormSingleSelectQuestionAutomationOptionList", @@ -12396,6 +13672,10 @@ "DefaultOptionRefId":{ "shape":"ReferenceId", "documentation":"

The identifier of the default answer option, when none of the automation options match the criteria.

" + }, + "AnswerSource":{ + "shape":"EvaluationFormQuestionAutomationAnswerSource", + "documentation":"

Automation answer source.

" } }, "documentation":"

Information about the automation configuration in single select questions. Automation options are evaluated in order, and the first matched option is applied. If no automation option matches, and there is a default option, then the default option is applied.

" @@ -12414,8 +13694,7 @@ "EvaluationFormSingleSelectQuestionAutomationOptionList":{ "type":"list", "member":{"shape":"EvaluationFormSingleSelectQuestionAutomationOption"}, - "max":20, - "min":1 + "max":20 }, "EvaluationFormSingleSelectQuestionDisplayMode":{ "type":"string", @@ -12446,6 +13725,10 @@ "AutomaticFail":{ "shape":"Boolean", "documentation":"

The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0.

" + }, + "AutomaticFailConfiguration":{ + "shape":"AutomaticFailConfiguration", + "documentation":"

Whether automatic fail is configured on a single select question.

" } }, "documentation":"

Information about the automation configuration in single select questions.

" @@ -12545,6 +13828,26 @@ "type":"list", "member":{"shape":"EvaluationFormSummary"} }, + "EvaluationFormTextQuestionAutomation":{ + "type":"structure", + "members":{ + "AnswerSource":{ + "shape":"EvaluationFormQuestionAutomationAnswerSource", + "documentation":"

Automation answer source.

" + } + }, + "documentation":"

Information about the automation configuration in text questions.

" + }, + "EvaluationFormTextQuestionProperties":{ + "type":"structure", + "members":{ + "Automation":{ + "shape":"EvaluationFormTextQuestionAutomation", + "documentation":"

The automation properties of the text question.

" + } + }, + "documentation":"

Information about properties for a text question in an evaluation form.

" + }, "EvaluationFormTitle":{ "type":"string", "max":128, @@ -12615,6 +13918,21 @@ "type":"list", "member":{"shape":"EvaluationFormVersionSummary"} }, + "EvaluationGenAIAnswerAnalysisDetails":{ + "type":"structure", + "members":{ + "Justification":{ + "shape":"EvaluationSuggestedAnswerJustification", + "documentation":"

Generative AI automation answer justification.

" + }, + "PointsOfInterest":{ + "shape":"EvaluationTranscriptPointsOfInterest", + "documentation":"

Generative AI automation answer analysis points of interest.

" + } + }, + "documentation":"

An analysis for a generative AI answer to the question.

" + }, + "EvaluationId":{"type":"string"}, "EvaluationMetadata":{ "type":"structure", "required":[ @@ -12634,9 +13952,21 @@ "shape":"ResourceId", "documentation":"

The identifier of the agent who performed the contact.

" }, + "CalibrationSessionId":{ + "shape":"ResourceId", + "documentation":"

The calibration session ID that this evaluation belongs to.

" + }, "Score":{ "shape":"EvaluationScore", "documentation":"

The overall score of the contact evaluation.

" + }, + "AutoEvaluation":{ + "shape":"AutoEvaluationDetails", + "documentation":"

Information related to automated evaluation.

" + }, + "Acknowledgement":{ + "shape":"EvaluationAcknowledgement", + "documentation":"

Information related to evaluation acknowledgement.

" } }, "documentation":"

Metadata information about a contact evaluation.

" @@ -12662,6 +13992,38 @@ "value":{"shape":"EvaluationNote"}, "max":100 }, + "EvaluationQuestionAnswerAnalysisDetails":{ + "type":"structure", + "members":{ + "GenAI":{ + "shape":"EvaluationGenAIAnswerAnalysisDetails", + "documentation":"

Analysis results from the generative AI automation for the question.

" + }, + "ContactLens":{ + "shape":"EvaluationContactLensAnswerAnalysisDetails", + "documentation":"

Analysis results from the Contact Lens automation for the question.

" + } + }, + "documentation":"

Detailed analysis results of the automated answer to the evaluation question.

", + "union":true + }, + "EvaluationQuestionAnswerAnalysisType":{ + "type":"string", + "enum":[ + "CONTACT_LENS_DATA", + "GEN_AI" + ] + }, + "EvaluationQuestionInputDetails":{ + "type":"structure", + "members":{ + "TranscriptType":{ + "shape":"EvaluationTranscriptType", + "documentation":"

Transcript type.

" + } + }, + "documentation":"

Details of the input data used for automated question processing.

" + }, "EvaluationScore":{ "type":"structure", "members":{ @@ -12691,6 +14053,163 @@ "value":{"shape":"EvaluationScore"}, "max":100 }, + "EvaluationSearchConditionList":{ + "type":"list", + "member":{"shape":"EvaluationSearchCriteria"} + }, + "EvaluationSearchCriteria":{ + "type":"structure", + "members":{ + "OrConditions":{ + "shape":"EvaluationSearchConditionList", + "documentation":"

A list of conditions which would be applied together with an OR condition.

" + }, + "AndConditions":{ + "shape":"EvaluationSearchConditionList", + "documentation":"

A list of conditions which would be applied together with an AND condition.

" + }, + "StringCondition":{"shape":"StringCondition"}, + "NumberCondition":{"shape":"NumberCondition"}, + "BooleanCondition":{ + "shape":"BooleanCondition", + "documentation":"

The boolean condition search criteria for searching evaluations.

" + }, + "DateTimeCondition":{ + "shape":"DateTimeCondition", + "documentation":"

The datetime condition search criteria for searching evaluations.

" + }, + "DecimalCondition":{ + "shape":"DecimalCondition", + "documentation":"

The decimal condition search criteria for searching evaluations.

" + } + }, + "documentation":"

The search criteria to be used to return evaluations.

" + }, + "EvaluationSearchFilter":{ + "type":"structure", + "members":{ + "AttributeFilter":{"shape":"ControlPlaneAttributeFilter"} + }, + "documentation":"

Filters to be applied to search results.

" + }, + "EvaluationSearchMetadata":{ + "type":"structure", + "required":[ + "ContactId", + "EvaluatorArn" + ], + "members":{ + "ContactId":{ + "shape":"ContactId", + "documentation":"

The identifier of the contact in this instance of Amazon Connect.

" + }, + "EvaluatorArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the person who evaluated the contact.

" + }, + "ContactAgentId":{ + "shape":"ResourceId", + "documentation":"

The unique ID of the agent who handled the contact.

" + }, + "CalibrationSessionId":{ + "shape":"ResourceId", + "documentation":"

The calibration session ID that this evaluation belongs to.

" + }, + "ScorePercentage":{ + "shape":"EvaluationScorePercentage", + "documentation":"

The total evaluation score expressed as a percentage.

" + }, + "ScoreAutomaticFail":{ + "shape":"Boolean", + "documentation":"

The flag that marks the item as automatic fail. If the item or a child item gets an automatic fail answer, this flag is true.

" + }, + "ScoreNotApplicable":{ + "shape":"Boolean", + "documentation":"

The flag to mark the item as not applicable for scoring.

" + }, + "AutoEvaluationEnabled":{ + "shape":"Boolean", + "documentation":"

Whether auto-evaluation is enabled.

" + }, + "AutoEvaluationStatus":{ + "shape":"AutoEvaluationStatus", + "documentation":"

The status of the contact auto evaluation.

" + }, + "AcknowledgedTime":{ + "shape":"Timestamp", + "documentation":"

When the evaluation was acknowledged by the agent.

" + }, + "AcknowledgedBy":{ + "shape":"ARN", + "documentation":"

The agent who acknowledged the evaluation.

" + }, + "AcknowledgerComment":{ + "shape":"EvaluationAcknowledgerCommentString", + "documentation":"

The comment from the agent when they acknowledged the evaluation.

" + } + }, + "documentation":"

Metadata information about an evaluation search.

" + }, + "EvaluationSearchSummary":{ + "type":"structure", + "required":[ + "EvaluationId", + "EvaluationArn", + "EvaluationFormVersion", + "Metadata", + "Status", + "CreatedTime", + "LastModifiedTime" + ], + "members":{ + "EvaluationId":{ + "shape":"ResourceId", + "documentation":"

A unique identifier for the contact evaluation.

" + }, + "EvaluationArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) for the contact evaluation resource.

" + }, + "EvaluationFormId":{ + "shape":"ResourceId", + "documentation":"

The unique identifier for the evaluation form.

" + }, + "EvaluationFormVersion":{ + "shape":"VersionNumber", + "documentation":"

A version of the evaluation form.

", + "box":true + }, + "Metadata":{ + "shape":"EvaluationSearchMetadata", + "documentation":"

Summary information about the evaluation search.

" + }, + "Status":{ + "shape":"EvaluationStatus", + "documentation":"

The status of the evaluation.

" + }, + "EvaluationType":{ + "shape":"EvaluationType", + "documentation":"

Type of the evaluation.

" + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

The date and time when the evaluation was created, in UTC time.

" + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

The date and time when the evaluation was modified last time, in UTC time.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" + } + }, + "documentation":"

Summary of evaluation obtained from the search operation.

" + }, + "EvaluationSearchSummaryList":{ + "type":"list", + "member":{"shape":"EvaluationSearchSummary"} + }, "EvaluationStatus":{ "type":"string", "enum":[ @@ -12698,6 +14217,65 @@ "SUBMITTED" ] }, + "EvaluationSuggestedAnswer":{ + "type":"structure", + "required":[ + "Status", + "AnalysisType" + ], + "members":{ + "Value":{"shape":"EvaluationAnswerData"}, + "Status":{ + "shape":"EvaluationSuggestedAnswerStatus", + "documentation":"

The status of the suggested answer. D

" + }, + "Input":{ + "shape":"EvaluationQuestionInputDetails", + "documentation":"

Details about the input used to question automation.

" + }, + "AnalysisType":{ + "shape":"EvaluationQuestionAnswerAnalysisType", + "documentation":"

Type of analysis used to provide suggested answer.

" + }, + "AnalysisDetails":{ + "shape":"EvaluationQuestionAnswerAnalysisDetails", + "documentation":"

Detailed analysis results.

" + } + }, + "documentation":"

The information about the suggested answer for the question.

" + }, + "EvaluationSuggestedAnswerJustification":{ + "type":"string", + "min":1 + }, + "EvaluationSuggestedAnswerStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "FAILED", + "SUCCEEDED" + ] + }, + "EvaluationSuggestedAnswerTranscriptMillisOffset":{ + "type":"integer", + "min":0 + }, + "EvaluationSuggestedAnswerTranscriptMillisecondOffsets":{ + "type":"structure", + "required":["BeginOffsetMillis"], + "members":{ + "BeginOffsetMillis":{ + "shape":"EvaluationSuggestedAnswerTranscriptMillisOffset", + "documentation":"

Offset in milliseconds from the beginning of the transcript.

" + } + }, + "documentation":"

The milliseconds offset for transcript reference in suggested answer.

" + }, + "EvaluationSuggestedAnswerTranscriptSegment":{"type":"string"}, + "EvaluationSuggestedAnswersList":{ + "type":"list", + "member":{"shape":"EvaluationSuggestedAnswer"} + }, "EvaluationSummary":{ "type":"structure", "required":[ @@ -12727,10 +14305,22 @@ "shape":"ResourceId", "documentation":"

The unique identifier for the evaluation form.

" }, + "CalibrationSessionId":{ + "shape":"ResourceId", + "documentation":"

The calibration session ID that this evaluation belongs to.

" + }, "Status":{ "shape":"EvaluationStatus", "documentation":"

The status of the contact evaluation.

" }, + "AutoEvaluationEnabled":{ + "shape":"Boolean", + "documentation":"

Whether automated evaluation is enabled.

" + }, + "AutoEvaluationStatus":{ + "shape":"AutoEvaluationStatus", + "documentation":"

The status of the contact auto evaluation.

" + }, "EvaluatorArn":{ "shape":"ARN", "documentation":"

The Amazon Resource Name (ARN) of the user who last updated the evaluation.

" @@ -12739,6 +14329,14 @@ "shape":"EvaluationScore", "documentation":"

The overall score of the contact evaluation.

" }, + "Acknowledgement":{ + "shape":"EvaluationAcknowledgementSummary", + "documentation":"

Information related to evaluation acknowledgement.

" + }, + "EvaluationType":{ + "shape":"EvaluationType", + "documentation":"

Type of the evaluation.

" + }, "CreatedTime":{ "shape":"Timestamp", "documentation":"

The timestamp for when the evaluation was created.

" @@ -12754,6 +14352,51 @@ "type":"list", "member":{"shape":"EvaluationSummary"} }, + "EvaluationTranscriptPointOfInterest":{ + "type":"structure", + "members":{ + "MillisecondOffsets":{ + "shape":"EvaluationSuggestedAnswerTranscriptMillisecondOffsets", + "documentation":"

Offset in milliseconds from the beginning of transcript.

" + }, + "TranscriptSegment":{ + "shape":"EvaluationSuggestedAnswerTranscriptSegment", + "documentation":"

Segment of transcript.

" + } + }, + "documentation":"

Information about the point of interest in transcript provided to evaluation.

" + }, + "EvaluationTranscriptPointsOfInterest":{ + "type":"list", + "member":{"shape":"EvaluationTranscriptPointOfInterest"}, + "max":100, + "min":0 + }, + "EvaluationTranscriptType":{ + "type":"string", + "enum":[ + "RAW", + "REDACTED" + ] + }, + "EvaluationType":{ + "type":"string", + "enum":[ + "STANDARD", + "CALIBRATION" + ] + }, + "EvaluatorUserUnion":{ + "type":"structure", + "members":{ + "ConnectUserArn":{ + "shape":"ARN", + "documentation":"

Represents the Amazon Connect ARN of the user.

" + } + }, + "documentation":"

Represents the entity that performed the action on the evaluation.

", + "union":true + }, "EventBridgeActionDefinition":{ "type":"structure", "required":["Name"], @@ -12783,7 +14426,8 @@ "OnContactEvaluationSubmit", "OnMetricDataUpdate", "OnCaseCreate", - "OnCaseUpdate" + "OnCaseUpdate", + "OnSlaBreach" ] }, "Expiry":{ @@ -12801,6 +14445,7 @@ "documentation":"

An object to specify the expiration of a routing step.

" }, "ExpiryDurationInMinutes":{"type":"integer"}, + "ExportLocation":{"type":"string"}, "Expression":{ "type":"structure", "members":{ @@ -12853,6 +14498,7 @@ "INVALID_CUSTOMER_ENDPOINT", "INVALID_SYSTEM_ENDPOINT", "INVALID_QUEUE", + "INVALID_OUTBOUND_STRATEGY", "MISSING_CAMPAIGN", "MISSING_CUSTOMER_ENDPOINT", "MISSING_QUEUE_ID_AND_SYSTEM_ENDPOINT", @@ -12991,6 +14637,10 @@ "RoutingStepExpressions":{ "shape":"RoutingExpressions", "documentation":"

A list of expressions as a filter, in which an expression is an object of a step in a routing criteria.

" + }, + "AgentStatuses":{ + "shape":"AgentStatuses", + "documentation":"

A list of up to 50 agent status IDs or ARNs.

" } }, "documentation":"

Contains the filter to apply when retrieving metrics.

" @@ -13039,6 +14689,12 @@ "min":1, "pattern":"^[a-zA-Z0-9]{64}$" }, + "FormId":{"type":"string"}, + "FragmentNumber":{ + "type":"string", + "max":128, + "min":0 + }, "FunctionArn":{ "type":"string", "max":140, @@ -13165,6 +14821,45 @@ } } }, + "GetContactMetricsRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactId", + "Metrics" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceIdOrArn", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

" + }, + "ContactId":{ + "shape":"InstanceIdOrArn", + "documentation":"

The identifier of the contact in this instance of Amazon Connect.

" + }, + "Metrics":{ + "shape":"ContactMetrics", + "documentation":"

A list of contact-level metrics to retrieve.

" + } + } + }, + "GetContactMetricsResponse":{ + "type":"structure", + "members":{ + "MetricResults":{ + "shape":"ContactMetricResults", + "documentation":"

A list of metric results containing the calculated values for each requested metric. Each result includes the metric name and its corresponding calculated value.

" + }, + "Id":{ + "shape":"ContactId", + "documentation":"

The unique identifier of the contact for which metrics were retrieved.

" + }, + "Arn":{ + "shape":"ARN", + "documentation":"

The ARN of the contact for which metrics were retrieved.

" + } + } + }, "GetCurrentMetricDataRequest":{ "type":"structure", "required":[ @@ -13181,15 +14876,15 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

The filters to apply to returned metrics. You can filter up to the following limits:

  • Queues: 100

  • Routing profiles: 100

  • Channels: 3 (VOICE, CHAT, and TASK channels are supported.)

  • RoutingStepExpressions: 50

Metric data is retrieved only for the resources associated with the queues or routing profiles, and by any channels included in the filter. (You cannot filter by both queue AND routing profile.) You can include both resource IDs and resource ARNs in the same request.

When using the RoutingStepExpression filter, you need to pass exactly one QueueId. The filter is also case sensitive so when using the RoutingStepExpression filter, grouping by ROUTING_STEP_EXPRESSION is required.

Currently tagging is only supported on the resources that are passed in the filter.

" + "documentation":"

The filters to apply to returned metrics. You can filter up to the following limits:

  • Queues: 100

  • Routing profiles: 100

  • Channels: 3 (VOICE, CHAT, and TASK channels are supported.)

  • RoutingStepExpressions: 50

  • AgentStatuses: 50

Metric data is retrieved only for the resources associated with the queues or routing profiles, and by any channels included in the filter. (You cannot filter by both queue AND routing profile.) You can include both resource IDs and resource ARNs in the same request.

When using AgentStatuses as filter make sure Queues is added as primary filter.

When using the RoutingStepExpression filter, you need to pass exactly one QueueId. The filter is also case sensitive so when using the RoutingStepExpression filter, grouping by ROUTING_STEP_EXPRESSION is required.

Currently tagging is only supported on the resources that are passed in the filter.

" }, "Groupings":{ "shape":"Groupings", - "documentation":"

The grouping applied to the metrics returned. For example, when grouped by QUEUE, the metrics returned apply to each queue rather than aggregated for all queues.

  • If you group by CHANNEL, you should include a Channels filter. VOICE, CHAT, and TASK channels are supported.

  • If you group by ROUTING_PROFILE, you must include either a queue or routing profile filter. In addition, a routing profile filter is required for metrics CONTACTS_SCHEDULED, CONTACTS_IN_QUEUE, and OLDEST_CONTACT_AGE.

  • If no Grouping is included in the request, a summary of metrics is returned.

  • When using the RoutingStepExpression filter, group by ROUTING_STEP_EXPRESSION is required.

" + "documentation":"

Defines the level of aggregation for metrics data by a dimension(s). Its similar to sorting items into buckets based on a common characteristic, then counting or calculating something for each bucket. For example, when grouped by QUEUE, the metrics returned apply to each queue rather than aggregated for all queues.

The grouping list is an ordered list, with the first item in the list defined as the primary grouping. If no grouping is included in the request, the aggregation happens at the instance-level.

  • If you group by CHANNEL, you should include a Channels filter. VOICE, CHAT, and TASK channels are supported.

  • If you group by AGENT_STATUS, you must include the QUEUE as the primary grouping and use queue filter. When you group by AGENT_STATUS, the only metric available is the AGENTS_ONLINE metric.

  • If you group by ROUTING_PROFILE, you must include either a queue or routing profile filter. In addition, a routing profile filter is required for metrics CONTACTS_SCHEDULED, CONTACTS_IN_QUEUE, and OLDEST_CONTACT_AGE.

  • When using the RoutingStepExpression filter, group by ROUTING_STEP_EXPRESSION is required.

" }, "CurrentMetrics":{ "shape":"CurrentMetrics", - "documentation":"

The metrics to retrieve. Specify the name and unit for each metric. The following metrics are available. For a description of all the metrics, see Real-time Metrics Definitions in the Amazon Connect Administrator Guide.

AGENTS_AFTER_CONTACT_WORK

Unit: COUNT

Name in real-time metrics report: ACW

AGENTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Available

AGENTS_ERROR

Unit: COUNT

Name in real-time metrics report: Error

AGENTS_NON_PRODUCTIVE

Unit: COUNT

Name in real-time metrics report: NPT (Non-Productive Time)

AGENTS_ON_CALL

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ON_CONTACT

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ONLINE

Unit: COUNT

Name in real-time metrics report: Online

AGENTS_STAFFED

Unit: COUNT

Name in real-time metrics report: Staffed

CONTACTS_IN_QUEUE

Unit: COUNT

Name in real-time metrics report: In queue

CONTACTS_SCHEDULED

Unit: COUNT

Name in real-time metrics report: Scheduled

OLDEST_CONTACT_AGE

Unit: SECONDS

When you use groupings, Unit says SECONDS and the Value is returned in SECONDS.

When you do not use groupings, Unit says SECONDS but the Value is returned in MILLISECONDS. For example, if you get a response like this:

{ \"Metric\": { \"Name\": \"OLDEST_CONTACT_AGE\", \"Unit\": \"SECONDS\" }, \"Value\": 24113.0 }

The actual OLDEST_CONTACT_AGE is 24 seconds.

When the filter RoutingStepExpression is used, this metric is still calculated from enqueue time. For example, if a contact that has been queued under <Expression 1> for 10 seconds has expired and <Expression 2> becomes active, then OLDEST_CONTACT_AGE for this queue will be counted starting from 10, not 0.

Name in real-time metrics report: Oldest

SLOTS_ACTIVE

Unit: COUNT

Name in real-time metrics report: Active

SLOTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Availability

" + "documentation":"

The metrics to retrieve. Specify the name and unit for each metric. The following metrics are available. For a description of all the metrics, see Metrics definitions in the Amazon Connect Administrator Guide.

AGENTS_AFTER_CONTACT_WORK

Unit: COUNT

Name in real-time metrics report: ACW

AGENTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Available

AGENTS_ERROR

Unit: COUNT

Name in real-time metrics report: Error

AGENTS_NON_PRODUCTIVE

Unit: COUNT

Name in real-time metrics report: NPT (Non-Productive Time)

AGENTS_ON_CALL

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ON_CONTACT

Unit: COUNT

Name in real-time metrics report: On contact

AGENTS_ONLINE

Unit: COUNT

Name in real-time metrics report: Online

AGENTS_STAFFED

Unit: COUNT

Name in real-time metrics report: Staffed

CONTACTS_IN_QUEUE

Unit: COUNT

Name in real-time metrics report: In queue

CONTACTS_SCHEDULED

Unit: COUNT

Name in real-time metrics report: Scheduled

OLDEST_CONTACT_AGE

Unit: SECONDS

When you use groupings, Unit says SECONDS and the Value is returned in SECONDS.

When you do not use groupings, Unit says SECONDS but the Value is returned in MILLISECONDS. For example, if you get a response like this:

{ \"Metric\": { \"Name\": \"OLDEST_CONTACT_AGE\", \"Unit\": \"SECONDS\" }, \"Value\": 24113.0 }

The actual OLDEST_CONTACT_AGE is 24 seconds.

When the filter RoutingStepExpression is used, this metric is still calculated from enqueue time. For example, if a contact that has been queued under <Expression 1> for 10 seconds has expired and <Expression 2> becomes active, then OLDEST_CONTACT_AGE for this queue will be counted starting from 10, not 0.

Name in real-time metrics report: Oldest

SLOTS_ACTIVE

Unit: COUNT

Name in real-time metrics report: Active

SLOTS_AVAILABLE

Unit: COUNT

Name in real-time metrics report: Availability

" }, "NextToken":{ "shape":"NextToken", @@ -13295,13 +14990,13 @@ }, "FromDate":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The Date from when the hours of operation are listed.

", + "documentation":"

The date from when the hours of operation are listed.

", "location":"querystring", "locationName":"fromDate" }, "ToDate":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The Date until when the hours of operation are listed.

", + "documentation":"

The date until when the hours of operation are listed.

", "location":"querystring", "locationName":"toDate" } @@ -13312,7 +15007,7 @@ "members":{ "EffectiveHoursOfOperationList":{ "shape":"EffectiveHoursOfOperationList", - "documentation":"

Information about the effective hours of operations

" + "documentation":"

Information about the effective hours of operations.

" }, "TimeZone":{ "shape":"TimeZone", @@ -13432,7 +15127,7 @@ }, "HistoricalMetrics":{ "shape":"HistoricalMetrics", - "documentation":"

The metrics to retrieve. Specify the name, unit, and statistic for each metric. The following historical metrics are available. For a description of each metric, see Historical Metrics Definitions in the Amazon Connect Administrator Guide.

This API does not support a contacts incoming metric (there's no CONTACTS_INCOMING metric missing from the documented list).

ABANDON_TIME

Unit: SECONDS

Statistic: AVG

AFTER_CONTACT_WORK_TIME

Unit: SECONDS

Statistic: AVG

API_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

CALLBACK_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

CONTACTS_ABANDONED

Unit: COUNT

Statistic: SUM

CONTACTS_AGENT_HUNG_UP_FIRST

Unit: COUNT

Statistic: SUM

CONTACTS_CONSULTED

Unit: COUNT

Statistic: SUM

CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

CONTACTS_HANDLED_INCOMING

Unit: COUNT

Statistic: SUM

CONTACTS_HANDLED_OUTBOUND

Unit: COUNT

Statistic: SUM

CONTACTS_HOLD_ABANDONS

Unit: COUNT

Statistic: SUM

CONTACTS_MISSED

Unit: COUNT

Statistic: SUM

CONTACTS_QUEUED

Unit: COUNT

Statistic: SUM

CONTACTS_TRANSFERRED_IN

Unit: COUNT

Statistic: SUM

CONTACTS_TRANSFERRED_IN_FROM_QUEUE

Unit: COUNT

Statistic: SUM

CONTACTS_TRANSFERRED_OUT

Unit: COUNT

Statistic: SUM

CONTACTS_TRANSFERRED_OUT_FROM_QUEUE

Unit: COUNT

Statistic: SUM

HANDLE_TIME

Unit: SECONDS

Statistic: AVG

HOLD_TIME

Unit: SECONDS

Statistic: AVG

INTERACTION_AND_HOLD_TIME

Unit: SECONDS

Statistic: AVG

INTERACTION_TIME

Unit: SECONDS

Statistic: AVG

OCCUPANCY

Unit: PERCENT

Statistic: AVG

QUEUE_ANSWER_TIME

Unit: SECONDS

Statistic: AVG

QUEUED_TIME

Unit: SECONDS

Statistic: MAX

SERVICE_LEVEL

You can include up to 20 SERVICE_LEVEL metrics in a request.

Unit: PERCENT

Statistic: AVG

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").

" + "documentation":"

The metrics to retrieve. Specify the name, unit, and statistic for each metric. The following historical metrics are available. For a description of each metric, see Metrics definition in the Amazon Connect Administrator Guide.

This API does not support a contacts incoming metric (there's no CONTACTS_INCOMING metric missing from the documented list).

ABANDON_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average queue abandon time

AFTER_CONTACT_WORK_TIME

Unit: SECONDS

Statistic: AVG

UI name: After contact work time

API_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: API contacts handled

AVG_HOLD_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average customer hold time

CALLBACK_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: Callback contacts handled

CONTACTS_ABANDONED

Unit: COUNT

Statistic: SUM

UI name: Contacts abandoned

CONTACTS_AGENT_HUNG_UP_FIRST

Unit: COUNT

Statistic: SUM

UI name: Contacts agent hung up first

CONTACTS_CONSULTED

Unit: COUNT

Statistic: SUM

UI name: Contacts consulted

CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: Contacts handled

CONTACTS_HANDLED_INCOMING

Unit: COUNT

Statistic: SUM

UI name: Contacts handled incoming

CONTACTS_HANDLED_OUTBOUND

Unit: COUNT

Statistic: SUM

UI name: Contacts handled outbound

CONTACTS_HOLD_ABANDONS

Unit: COUNT

Statistic: SUM

UI name: Contacts hold disconnect

CONTACTS_MISSED

Unit: COUNT

Statistic: SUM

UI name: AGENT_NON_RESPONSE

CONTACTS_QUEUED

Unit: COUNT

Statistic: SUM

UI name: Contacts queued

CONTACTS_TRANSFERRED_IN

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred in

CONTACTS_TRANSFERRED_IN_FROM_QUEUE

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out queue

CONTACTS_TRANSFERRED_OUT

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out

CONTACTS_TRANSFERRED_OUT_FROM_QUEUE

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out queue

HANDLE_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average handle time

INTERACTION_AND_HOLD_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average agent interaction and customer hold time

INTERACTION_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average agent interaction time

OCCUPANCY

Unit: PERCENT

Statistic: AVG

UI name: Occupancy

QUEUE_ANSWER_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average queue answer time

QUEUED_TIME

Unit: SECONDS

Statistic: MAX

UI name: Minimum flow time

SERVICE_LEVEL

You can include up to 20 SERVICE_LEVEL metrics in a request.

Unit: PERCENT

Statistic: AVG

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").

UI name: Average queue abandon time

" }, "NextToken":{ "shape":"NextToken", @@ -13486,15 +15181,15 @@ }, "Filters":{ "shape":"FiltersV2List", - "documentation":"

The filters to apply to returned metrics. You can filter on the following resources:

  • Agents

  • Campaigns

  • Channels

  • Feature

  • Queues

  • Routing profiles

  • Routing step expression

  • User hierarchy groups

At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.

For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.

To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.

Note the following limits:

  • Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE |CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FEATURE | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_MODULE_RESOURCE_ID | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |

  • Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.

    contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.

    connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.

    ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.

    Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.

    • TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.

    • FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow

    This filter is available only for contact record-driven metrics.

    Campaign ARNs are valid filterValues for the CAMPAIGN filter key.

" + "documentation":"

The filters to apply to returned metrics. You can filter on the following resources:

  • Agents

  • Campaigns

  • Channels

  • Feature

  • Queues

  • Routing profiles

  • Routing step expression

  • User hierarchy groups

At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.

For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.

To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.

Note the following limits:

  • Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | FEATURE | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_MODULE_RESOURCE_ID | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |

  • Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.

    contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.

    connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.

    ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.

    Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.

    • TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.

    • FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow

    This filter is available only for contact record-driven metrics.

    Campaign ARNs are valid filterValues for the CAMPAIGN filter key.

" }, "Groupings":{ "shape":"GroupingsV2", - "documentation":"

The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.

If no grouping is specified, a summary of all metrics is returned.

Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION

" + "documentation":"

The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.

If no grouping is specified, a summary of all metrics is returned.

Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CAMPAIGN_EXECUTION_TIMESTAMP | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION

Type: Array of strings

Array Members: Maximum number of 4 items

Required: No

" }, "Metrics":{ "shape":"MetricsV2", - "documentation":"

The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Historical metrics definitions in the Amazon Connect Administrator Guide.

ABANDONMENT_RATE

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Abandonment rate

AGENT_ADHERENT_TIME

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Adherent time

AGENT_ANSWER_RATE

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent answer rate

AGENT_NON_ADHERENT_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Non-adherent time

AGENT_NON_RESPONSE

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent non-response

AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

Data for this metric is available starting from October 1, 2023 0:00:00 GMT.

UI name: Agent non-response without customer abandons

AGENT_OCCUPANCY

Unit: Percentage

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Occupancy

AGENT_SCHEDULE_ADHERENCE

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Adherence

AGENT_SCHEDULED_TIME

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Scheduled time

AVG_ABANDON_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average queue abandon time

AVG_ACTIVE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Average active time

AVG_AFTER_CONTACT_WORK_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average after contact work time

Feature is a valid filter but not a valid grouping.
AVG_AGENT_CONNECTING_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Average agent API connecting time

The Negate key in metric-level filters is not applicable for this metric.
AVG_AGENT_PAUSE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Average agent pause time

AVG_BOT_CONVERSATION_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Average bot conversation time

AVG_BOT_CONVERSATION_TURNS

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Average bot conversation turns

AVG_CASE_RELATED_CONTACTS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Average contacts per case

AVG_CASE_RESOLUTION_TIME

Unit: Seconds

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Average case resolution time

AVG_CONTACT_DURATION

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average contact duration

Feature is a valid filter but not a valid grouping.
AVG_CONVERSATION_DURATION

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average conversation duration

AVG_DIALS_PER_MINUTE

This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.

Unit: Count

Valid groupings and filters: Agent, Campaign, Queue, Routing Profile

UI name: Average dials per minute

AVG_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Average flow time

AVG_GREETING_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent greeting time

AVG_HANDLE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression

UI name: Average handle time

Feature is a valid filter but not a valid grouping.
AVG_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer hold time

Feature is a valid filter but not a valid grouping.
AVG_HOLD_TIME_ALL_CONTACTS

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer hold time all contacts

AVG_HOLDS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average holds

Feature is a valid filter but not a valid grouping.
AVG_INTERACTION_AND_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interaction and customer hold time

AVG_INTERACTION_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interaction time

Feature is a valid filter but not a valid grouping.
AVG_INTERRUPTIONS_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interruptions

AVG_INTERRUPTION_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interruption time

AVG_NON_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average non-talk time

AVG_QUEUE_ANSWER_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average queue answer time

Feature is a valid filter but not a valid grouping.
AVG_RESOLUTION_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average resolution time

AVG_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average talk time

AVG_TALK_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent talk time

AVG_TALK_TIME_CUSTOMER

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer talk time

AVG_WAIT_TIME_AFTER_CUSTOMER_CONNECTION

This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.

Unit: Seconds

Valid groupings and filters: Campaign

UI name: Average wait time after customer connection

BOT_CONVERSATIONS_COMPLETED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Bot conversations

BOT_INTENTS_COMPLETED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Bot intents completed

CAMPAIGN_CONTACTS_ABANDONED_AFTER_X

This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.

Unit: Count

Valid groupings and filters: Agent, Campaign

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).

UI name: Campaign contacts abandoned after X

CAMPAIGN_CONTACTS_ABANDONED_AFTER_X_RATE

This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.

Unit: Percent

Valid groupings and filters: Agent, Campaign

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).

UI name: Campaign contacts abandoned after X rate

CAMPAIGN_INTERACTIONS

This metric is available only for outbound campaigns using the email delivery mode.

Unit: Count

Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE

Valid groupings and filters: Campaign

UI name: Campaign interactions

CAMPAIGN_SEND_ATTEMPTS

This metric is available only for outbound campaigns.

Unit: Count

Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype

UI name: Campaign send attempts

CASES_CREATED

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases created

CONTACTS_CREATED

Unit: Count

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts created

Feature is a valid filter but not a valid grouping.
CONTACTS_HANDLED

Unit: Count

Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect

UI name: API contacts handled

Feature is a valid filter but not a valid grouping.
CONTACTS_HANDLED_BY_CONNECTED_TO_AGENT

Unit: Count

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts handled (connected to agent timestamp)

CONTACTS_HOLD_ABANDONS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts hold disconnect

CONTACTS_ON_HOLD_AGENT_DISCONNECT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts hold agent disconnect

CONTACTS_ON_HOLD_CUSTOMER_DISCONNECT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts hold customer disconnect

CONTACTS_PUT_ON_HOLD

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts put on hold

CONTACTS_TRANSFERRED_OUT_EXTERNAL

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts transferred out external

CONTACTS_TRANSFERRED_OUT_INTERNAL

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts transferred out internal

CONTACTS_QUEUED

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts queued

CONTACTS_QUEUED_BY_ENQUEUE

Unit: Count

Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype

UI name: Contacts queued (enqueue timestamp)

CONTACTS_REMOVED_FROM_QUEUE_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts removed from queue in X seconds

CONTACTS_RESOLVED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts resolved in X

CONTACTS_TRANSFERRED_OUT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out

Feature is a valid filter but not a valid grouping.
CONTACTS_TRANSFERRED_OUT_BY_AGENT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out by agent

CONTACTS_TRANSFERRED_OUT_FROM_QUEUE

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out queue

CURRENT_CASES

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Current cases

DELIVERY_ATTEMPTS

This metric is available only for outbound campaigns.

Unit: Count

Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON

Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile

UI name: Delivery attempts

Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.

DELIVERY_ATTEMPT_DISPOSITION_RATE

This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.

Unit: Percent

Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON

Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile

UI name: Delivery attempt disposition rate

Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.

FLOWS_OUTCOME

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows outcome

FLOWS_STARTED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows started

HUMAN_ANSWERED_CALLS

This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.

Unit: Count

Valid groupings and filters: Agent, Campaign

UI name: Human answered

MAX_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Maximum flow time

MAX_QUEUED_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Maximum queued time

MIN_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Minimum flow time

PERCENT_BOT_CONVERSATIONS_OUTCOME

Unit: Percent

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Percent bot conversations outcome

PERCENT_BOT_INTENTS_OUTCOME

Unit: Percent

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Percent bot intents outcome

PERCENT_CASES_FIRST_CONTACT_RESOLVED

Unit: Percent

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases resolved on first contact

PERCENT_CONTACTS_STEP_EXPIRED

Unit: Percent

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

PERCENT_CONTACTS_STEP_JOINED

Unit: Percent

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

PERCENT_FLOWS_OUTCOME

Unit: Percent

Valid metric filter key: FLOWS_OUTCOME_TYPE

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows outcome percentage.

The FLOWS_OUTCOME_TYPE is not a valid grouping.
PERCENT_NON_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Non-talk time percent

PERCENT_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Talk time percent

PERCENT_TALK_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Agent talk time percent

PERCENT_TALK_TIME_CUSTOMER

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Customer talk time percent

REOPENED_CASE_ACTIONS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases reopened

RESOLVED_CASE_ACTIONS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases resolved

SERVICE_LEVEL

You can include up to 20 SERVICE_LEVEL metrics in a request.

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Service level X

STEP_CONTACTS_QUEUED

Unit: Count

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

SUM_AFTER_CONTACT_WORK_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: After contact work time

SUM_CONNECTING_TIME_AGENT

Unit: Seconds

Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent API connecting time

The Negate key in metric-level filters is not applicable for this metric.
CONTACTS_ABANDONED

Unit: Count

Metric filter:

  • Valid values: API| Incoming | Outbound | Transfer | Callback | Queue_Transfer| Disconnect

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect

UI name: Contact abandoned

SUM_CONTACTS_ABANDONED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts abandoned in X seconds

SUM_CONTACTS_ANSWERED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts answered in X seconds

SUM_CONTACT_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contact flow time

SUM_CONTACT_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Agent on contact time

SUM_CONTACTS_DISCONNECTED

Valid metric filter key: DISCONNECT_REASON

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contact disconnected

SUM_ERROR_STATUS_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Error status time

SUM_HANDLE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contact handle time

SUM_HOLD_TIME

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Customer hold time

SUM_IDLE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Agent idle time

SUM_INTERACTION_AND_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Agent interaction and hold time

SUM_INTERACTION_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent interaction time

SUM_NON_PRODUCTIVE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Non-Productive Time

SUM_ONLINE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Online time

SUM_RETRY_CALLBACK_ATTEMPTS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Callback attempts

" + "documentation":"

The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Metrics definition in the Amazon Connect Administrator Guide.

ABANDONMENT_RATE

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Abandonment rate

AGENT_ADHERENT_TIME

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Adherent time

AGENT_ANSWER_RATE

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent answer rate

AGENT_NON_ADHERENT_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Non-adherent time

AGENT_NON_RESPONSE

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent non-response

AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

Data for this metric is available starting from October 1, 2023 0:00:00 GMT.

UI name: Agent non-response without customer abandons

AGENT_OCCUPANCY

Unit: Percentage

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Occupancy

AGENT_SCHEDULE_ADHERENCE

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Adherence

AGENT_SCHEDULED_TIME

This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Scheduled time

AVG_ABANDON_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

Valid metric filter key: INITIATION_METHOD

UI name: Average queue abandon time

AVG_ACTIVE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Average active time

AVG_AFTER_CONTACT_WORK_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average after contact work time

Feature is a valid filter but not a valid grouping.
AVG_AGENT_CONNECTING_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Average agent API connecting time

The Negate key in metric-level filters is not applicable for this metric.
AVG_AGENT_PAUSE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Average agent pause time

AVG_BOT_CONVERSATION_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Average bot conversation time

AVG_BOT_CONVERSATION_TURNS

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Average bot conversation turns

AVG_CASE_RELATED_CONTACTS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Average contacts per case

AVG_CASE_RESOLUTION_TIME

Unit: Seconds

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Average case resolution time

AVG_CONTACT_DURATION

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average contact duration

Feature is a valid filter but not a valid grouping.
AVG_CONTACT_FIRST_RESPONSE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Agent average contact first response wait time

AVG_CONVERSATION_CLOSE_TIME

Unit: Seconds

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average conversation close time

AVG_CONVERSATION_DURATION

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average conversation duration

AVG_DIALS_PER_MINUTE

This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.

Unit: Count

Valid groupings and filters: Agent, Campaign, Queue, Routing Profile

UI name: Average dials per minute

AVG_EVALUATION_SCORE

Unit: Percent

Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile

UI name: Average evaluation score

AVG_FIRST_RESPONSE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average agent first response time

AVG_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Average flow time

AVG_GREETING_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent greeting time

AVG_HANDLE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression

UI name: Average handle time

Feature is a valid filter but not a valid grouping.
AVG_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer hold time

Feature is a valid filter but not a valid grouping.
AVG_HOLD_TIME_ALL_CONTACTS

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer hold time all contacts

AVG_HOLDS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average holds

Feature is a valid filter but not a valid grouping.
AVG_INTERACTION_AND_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interaction and customer hold time

AVG_INTERACTION_TIME

Unit: Seconds

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interaction time

Feature is a valid filter but not a valid grouping.
AVG_INTERRUPTIONS_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interruptions

AVG_INTERRUPTION_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent interruption time

AVG_MESSAGE_LENGTH_AGENT

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average agent message length

AVG_MESSAGE_LENGTH_CUSTOMER

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average customer message length

AVG_MESSAGES

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average messages

AVG_MESSAGES_AGENT

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average agent messages

AVG_MESSAGES_BOT

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average bot messages

AVG_MESSAGES_CUSTOMER

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average customer messages

AVG_NON_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average non-talk time

AVG_QUEUE_ANSWER_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average queue answer time

Valid metric level filters: INITIATION_METHOD, FEATURE, DISCONNECT_REASON

Feature is a valid filter but not a valid grouping.
AVG_QUEUE_ANSWER_TIME_CUSTOMER_FIRST_CALLBACK

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy

UI name: Avg. queue answer time - customer first callback

AVG_RESPONSE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average agent response time

AVG_RESPONSE_TIME_CUSTOMER

Unit: Seconds

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Average customer response time

AVG_RESOLUTION_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average resolution time

AVG_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average talk time

AVG_TALK_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average agent talk time

AVG_TALK_TIME_CUSTOMER

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Average customer talk time

AVG_WAIT_TIME_AFTER_CUSTOMER_CONNECTION

This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.

Unit: Seconds

Valid groupings and filters: Campaign

UI name: Average wait time after customer connection

AVG_WAIT_TIME_AFTER_CUSTOMER_FIRST_CALLBACK_CONNECTION

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy

UI name: Avg. wait time after customer connection - customer first callback

AVG_WEIGHTED_EVALUATION_SCORE

Unit: Percent

Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form Id, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile

UI name: Average weighted evaluation score

BOT_CONVERSATIONS_COMPLETED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Bot conversations completed

BOT_INTENTS_COMPLETED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Bot intents completed

CAMPAIGN_CONTACTS_ABANDONED_AFTER_X

This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.

Unit: Count

Valid groupings and filters: Agent, Campaign

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).

UI name: Campaign contacts abandoned after X

CAMPAIGN_CONTACTS_ABANDONED_AFTER_X_RATE

This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.

Unit: Percent

Valid groupings and filters: Agent, Campaign

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).

UI name: Campaign contacts abandoned after X rate

CAMPAIGN_INTERACTIONS

This metric is available only for outbound campaigns using the email delivery mode.

Unit: Count

Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE

Valid groupings and filters: Campaign

UI name: Campaign interactions

CAMPAIGN_PROGRESS_RATE

This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.

Unit: Percent

Valid groupings and filters: Campaign, Campaign Execution Timestamp

UI name: Campaign progress rate

CAMPAIGN_SEND_ATTEMPTS

This metric is available only for outbound campaigns.

Unit: Count

Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype

UI name: Campaign send attempts

CAMPAIGN_SEND_EXCLUSIONS

This metric is available only for outbound campaigns.

Valid metric filter key: CAMPAIGN_EXCLUDED_EVENT_TYPE

Unit: Count

Valid groupings and filters: Campaign, Campaign Excluded Event Type, Campaign Execution Timestamp

UI name: Campaign send exclusions

CASES_CREATED

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases created

CONTACTS_CREATED

Unit: Count

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts created

Feature is a valid filter but not a valid grouping.
CONTACTS_HANDLED

Unit: Count

Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect

UI name: Contacts handled

Feature is a valid filter but not a valid grouping.
CONTACTS_HANDLED_BY_CONNECTED_TO_AGENT

Unit: Count

Valid metric filter key: INITIATION_METHOD

Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts handled (connected to agent timestamp)

CONTACTS_HOLD_ABANDONS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts hold disconnect

CONTACTS_ON_HOLD_AGENT_DISCONNECT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts hold agent disconnect

CONTACTS_ON_HOLD_CUSTOMER_DISCONNECT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts hold customer disconnect

CONTACTS_PUT_ON_HOLD

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts put on hold

CONTACTS_TRANSFERRED_OUT_EXTERNAL

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts transferred out external

CONTACTS_TRANSFERRED_OUT_INTERNAL

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contacts transferred out internal

CONTACTS_QUEUED

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts queued

CONTACTS_QUEUED_BY_ENQUEUE

Unit: Count

Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype

UI name: Contacts queued (enqueue timestamp)

CONTACTS_REMOVED_FROM_QUEUE_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts removed from queue in X seconds

CONTACTS_RESOLVED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts resolved in X

CONTACTS_TRANSFERRED_OUT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out

Feature is a valid filter but not a valid grouping.
CONTACTS_TRANSFERRED_OUT_BY_AGENT

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out by agent

CONTACTS_TRANSFERRED_OUT_FROM_QUEUE

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contacts transferred out queue

CURRENT_CASES

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Current cases

CONVERSATIONS_ABANDONED

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect

UI name: Conversations abandoned

DELIVERY_ATTEMPTS

This metric is available only for outbound campaigns.

Unit: Count

Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON

Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile

UI name: Delivery attempts

Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.

DELIVERY_ATTEMPT_DISPOSITION_RATE

This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.

Unit: Percent

Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON

Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile

UI name: Delivery attempt disposition rate

Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.

EVALUATIONS_PERFORMED

Unit: Count

Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile

UI name: Evaluations performed

FLOWS_OUTCOME

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows outcome

FLOWS_STARTED

Unit: Count

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows started

HUMAN_ANSWERED_CALLS

This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.

Unit: Count

Valid groupings and filters: Agent, Campaign

UI name: Human answered

MAX_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Maximum flow time

MAX_QUEUED_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Maximum queued time

MIN_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Minimum flow time

PERCENT_AUTOMATIC_FAILS

Unit: Percent

Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile

UI name: Automatic fails percent

PERCENT_BOT_CONVERSATIONS_OUTCOME

Unit: Percent

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Percent bot conversations outcome

PERCENT_BOT_INTENTS_OUTCOME

Unit: Percent

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID

UI name: Percent bot intents outcome

PERCENT_CASES_FIRST_CONTACT_RESOLVED

Unit: Percent

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases resolved on first contact

PERCENT_CONTACTS_STEP_EXPIRED

Unit: Percent

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

PERCENT_CONTACTS_STEP_JOINED

Unit: Percent

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

PERCENT_FLOWS_OUTCOME

Unit: Percent

Valid metric filter key: FLOWS_OUTCOME_TYPE

Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp

UI name: Flows outcome percentage.

The FLOWS_OUTCOME_TYPE is not a valid grouping.
PERCENT_NON_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Non-talk time percent

PERCENT_TALK_TIME

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Talk time percent

PERCENT_TALK_TIME_AGENT

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Agent talk time percent

PERCENT_TALK_TIME_CUSTOMER

This metric is available only for contacts analyzed by Contact Lens conversational analytics.

Unit: Percentage

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Customer talk time percent

RECIPIENTS_ATTEMPTED

This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.

Unit: Count

Valid groupings and filters: Campaign, Campaign Execution Timestamp

UI name: Recipients attempted

RECIPIENTS_INTERACTED

This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.

Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE

Unit: Count

Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype, Campaign Execution Timestamp

UI name: Recipients interacted

RECIPIENTS_TARGETED

This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.

Unit: Count

Valid groupings and filters: Campaign, Campaign Execution Timestamp

UI name: Recipients targeted

REOPENED_CASE_ACTIONS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases reopened

RESOLVED_CASE_ACTIONS

Unit: Count

Required filter key: CASE_TEMPLATE_ARN

Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS

UI name: Cases resolved

SERVICE_LEVEL

You can include up to 20 SERVICE_LEVEL metrics in a request.

Unit: Percent

Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Service level X

STEP_CONTACTS_QUEUED

Unit: Count

Valid groupings and filters: Queue, RoutingStepExpression

UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.

SUM_AFTER_CONTACT_WORK_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: After contact work time

SUM_CONNECTING_TIME_AGENT

Unit: Seconds

Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API | CALLBACK_CUSTOMER_FIRST_DIALED

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent API connecting time

The Negate key in metric-level filters is not applicable for this metric.
CONTACTS_ABANDONED

Unit: Count

Metric filter:

  • Valid values: API| INCOMING | OUTBOUND | TRANSFER | CALLBACK | QUEUE_TRANSFER| Disconnect | CALLBACK_CUSTOMER_FIRST_DIALED

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect

UI name: Contact abandoned

SUM_CONTACTS_ABANDONED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts abandoned in X seconds

SUM_CONTACTS_ANSWERED_IN_X

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").

UI name: Contacts answered in X seconds

SUM_CONTACT_FLOW_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contact flow time

SUM_CONTACT_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Agent on contact time

SUM_CONTACTS_DISCONNECTED

Valid metric filter key: DISCONNECT_REASON

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Contact disconnected

SUM_ERROR_STATUS_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Error status time

SUM_HANDLE_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Contact handle time

SUM_HOLD_TIME

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Customer hold time

SUM_IDLE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Agent idle time

SUM_INTERACTION_AND_HOLD_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect

UI name: Agent interaction and hold time

SUM_INTERACTION_TIME

Unit: Seconds

Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy

UI name: Agent interaction time

SUM_NON_PRODUCTIVE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Agent non-productive time

SUM_ONLINE_TIME_AGENT

Unit: Seconds

Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy

UI name: Online time

SUM_RETRY_CALLBACK_ATTEMPTS

Unit: Count

Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect

UI name: Callback attempts

" }, "NextToken":{ "shape":"NextToken2500", @@ -13619,7 +15314,7 @@ }, "SelfAssignFlowId":{ "shape":"ContactFlowId", - "documentation":"

ContactFlowId for the flow that will be run if this template is used to create a self-assigned task

" + "documentation":"

The ContactFlowId for the flow that will be run if this template is used to create a self-assigned task.

" }, "Constraints":{ "shape":"TaskTemplateConstraints", @@ -13699,7 +15394,8 @@ "QUEUE", "CHANNEL", "ROUTING_PROFILE", - "ROUTING_STEP_EXPRESSION" + "ROUTING_STEP_EXPRESSION", + "AGENT_STATUS" ] }, "GroupingV2":{"type":"string"}, @@ -14007,7 +15703,7 @@ "members":{ "Name":{ "shape":"HistoricalMetricName", - "documentation":"

The name of the metric.

" + "documentation":"

The name of the metric. Following is a list of each supported metric mapped to the UI name, linked to a detailed description in the Amazon Connect Administrator Guide.

ABANDON_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average queue abandon time

AFTER_CONTACT_WORK_TIME

Unit: SECONDS

Statistic: AVG

UI name: After contact work time

API_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: API contacts handled

AVG_HOLD_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average customer hold time

CALLBACK_CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: Callback contacts handled

CONTACTS_ABANDONED

Unit: COUNT

Statistic: SUM

UI name: Contacts abandoned

CONTACTS_AGENT_HUNG_UP_FIRST

Unit: COUNT

Statistic: SUM

UI name: Contacts agent hung up first

CONTACTS_CONSULTED

Unit: COUNT

Statistic: SUM

UI name: Contacts consulted

CONTACTS_HANDLED

Unit: COUNT

Statistic: SUM

UI name: Contacts handled

CONTACTS_HANDLED_INCOMING

Unit: COUNT

Statistic: SUM

UI name: Contacts handled incoming

CONTACTS_HANDLED_OUTBOUND

Unit: COUNT

Statistic: SUM

UI name: Contacts handled outbound

CONTACTS_HOLD_ABANDONS

Unit: COUNT

Statistic: SUM

UI name: Contacts hold disconnect

CONTACTS_MISSED

Unit: COUNT

Statistic: SUM

UI name: AGENT_NON_RESPONSE

CONTACTS_QUEUED

Unit: COUNT

Statistic: SUM

UI name: Contacts queued

CONTACTS_TRANSFERRED_IN

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred in

CONTACTS_TRANSFERRED_IN_FROM_QUEUE

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out queue

CONTACTS_TRANSFERRED_OUT

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out

CONTACTS_TRANSFERRED_OUT_FROM_QUEUE

Unit: COUNT

Statistic: SUM

UI name: Contacts transferred out queue

HANDLE_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average handle time

INTERACTION_AND_HOLD_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average agent interaction and customer hold time

INTERACTION_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average agent interaction time

OCCUPANCY

Unit: PERCENT

Statistic: AVG

UI name: Occupancy

QUEUE_ANSWER_TIME

Unit: SECONDS

Statistic: AVG

UI name: Average queue answer time

QUEUED_TIME

Unit: SECONDS

Statistic: MAX

UI name: Minimum flow time

SERVICE_LEVEL

You can include up to 20 SERVICE_LEVEL metrics in a request.

Unit: PERCENT

Statistic: AVG

Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").

UI name: Service level X

" }, "Threshold":{ "shape":"Threshold", @@ -14023,7 +15719,7 @@ "documentation":"

The unit for the metric.

" } }, - "documentation":"

Contains information about a historical metric. For a description of each metric, see Historical Metrics Definitions in the Amazon Connect Administrator Guide.

" + "documentation":"

Contains information about a historical metric.

" }, "HistoricalMetricData":{ "type":"structure", @@ -14234,7 +15930,7 @@ }, "EffectiveTill":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The date till which the hours of operation override would be effective.

" + "documentation":"

The date until the hours of operation override is effective.

" } }, "documentation":"

Information about the hours of operations override.

" @@ -14431,19 +16127,25 @@ } } }, + "InactivityDuration":{ + "type":"integer", + "box":true, + "max":720, + "min":15 + }, "InboundAdditionalRecipients":{ "type":"structure", "members":{ "ToAddresses":{ "shape":"EmailAddressRecipientList", - "documentation":"

The additional recipients information present in to list.

" + "documentation":"

The additional recipients information present in to list. You must have 1 required recipient (DestinationEmailAddress). You can then specify up to 49 additional recipients (across ToAddresses and CcAddresses), for a total of 50 recipients.

" }, "CcAddresses":{ "shape":"EmailAddressRecipientList", - "documentation":"

The additional recipients information present in cc list.

" + "documentation":"

The additional recipients information present in cc list. You must have 1 required recipient (DestinationEmailAddress). You can then specify up to 49 additional recipients (across ToAddresses and CcAddresses), for a total of 50 recipients.

" } }, - "documentation":"

The additional TO CC recipients information of inbound email.

" + "documentation":"

Information about the additional TO and CC recipients of an inbound email contact.

You can include up to 50 email addresses in total, distributed across DestinationEmailAddress, ToAddresses, and CcAddresses. This total must include one required DestinationEmailAddress. You can then specify up to 49 addresses allocated across ToAddresses and CcAddresses as needed.

" }, "InboundCallsEnabled":{"type":"boolean"}, "InboundEmailContent":{ @@ -14502,12 +16204,25 @@ "Index":{"type":"integer"}, "InitiateAs":{ "type":"string", - "enum":["CONNECTED_TO_USER"] + "enum":[ + "CONNECTED_TO_USER", + "COMPLETED" + ] }, "InitiationMethodList":{ "type":"list", "member":{"shape":"ContactInitiationMethod"} }, + "InputPredefinedAttributeConfiguration":{ + "type":"structure", + "members":{ + "EnableValueValidationOnAssociation":{ + "shape":"EnableValueValidationOnAssociation", + "documentation":"

When this parameter is set to true, Amazon Connect enforces strict validation on the specific values, if the values are predefined in attributes. The contact will store only valid and predefined values for the predefined attribute key.

" + } + }, + "documentation":"

Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.

" + }, "Instance":{ "type":"structure", "members":{ @@ -14920,6 +16635,7 @@ "type":"list", "member":{"shape":"IpCidr"} }, + "IsReadOnly":{"type":"boolean"}, "IvrRecordingTrack":{ "type":"string", "enum":["ALL"] @@ -15140,6 +16856,43 @@ } } }, + "ListAnalyticsDataLakeDataSetsRequest":{ + "type":"structure", + "required":["InstanceId"], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "location":"uri", + "locationName":"InstanceId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResult1000", + "documentation":"

The maximum number of results to return per page.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAnalyticsDataLakeDataSetsResponse":{ + "type":"structure", + "members":{ + "Results":{ + "shape":"AnalyticsDataSetsResults", + "documentation":"

An array of successful results: DataSetId, DataSetName. This is a paginated API, so nextToken is given if there are more results to be returned.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If there are additional results, this is the token for the next set of results.

" + } + } + }, "ListApprovedOriginsRequest":{ "type":"structure", "required":["InstanceId"], @@ -15199,7 +16952,7 @@ }, "MaxResults":{ "shape":"ListAssociatedContactsRequestMaxResults", - "documentation":"

The maximum number of results to return per page.

The maximum number of results to return per page. The default MaxResult size is 25.

Valid Range: Minimum value of 1. Maximum value of 100.

", + "documentation":"

The maximum number of results to return per page.

", "location":"querystring", "locationName":"maxResults" }, @@ -15744,7 +17497,7 @@ }, "HoursOfOperationId":{ "shape":"HoursOfOperationId", - "documentation":"

The identifier for the hours of operation

", + "documentation":"

The identifier for the hours of operation.

", "location":"uri", "locationName":"HoursOfOperationId" }, @@ -15756,7 +17509,7 @@ }, "MaxResults":{ "shape":"MaxResult100", - "documentation":"

The maximum number of results to return per page. The default MaxResult size is 100. Valid Range: Minimum value of 1. Maximum value of 1000.

", + "documentation":"

The maximum number of results to return per page.

", "box":true, "location":"querystring", "locationName":"maxResults" @@ -15776,7 +17529,7 @@ }, "LastModifiedRegion":{ "shape":"RegionName", - "documentation":"

The AWS Region where this resource was last modified.

" + "documentation":"

The Amazon Web Services Region where this resource was last modified.

" }, "LastModifiedTime":{ "shape":"Timestamp", @@ -16223,7 +17976,7 @@ }, "MaxResults":{ "shape":"MaxResult100", - "documentation":"

The maximum number of results to return per page.

", + "documentation":"

The maximum number of results to return per page.

", "box":true, "location":"querystring", "locationName":"maxResults" @@ -16385,7 +18138,7 @@ "members":{ "InstanceId":{ "shape":"InstanceId", - "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance. Both Instance ID and Instance ARN are supported input formats.

", "location":"uri", "locationName":"InstanceId" }, @@ -16472,7 +18225,7 @@ "members":{ "Channel":{ "shape":"RealTimeContactAnalysisSupportedChannel", - "documentation":"

The channel of the contact. Voice will not be returned.

" + "documentation":"

The channel of the contact.

Only CHAT is supported. This API does not support VOICE. If you attempt to use it for the VOICE channel, an InvalidRequestException error occurs.

" }, "Status":{ "shape":"RealTimeContactAnalysisStatus", @@ -16488,6 +18241,61 @@ } } }, + "ListRoutingProfileManualAssignmentQueuesRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "RoutingProfileId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

", + "location":"uri", + "locationName":"InstanceId" + }, + "RoutingProfileId":{ + "shape":"RoutingProfileId", + "documentation":"

The identifier of the routing profile.

", + "location":"uri", + "locationName":"RoutingProfileId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResult100", + "documentation":"

The maximum number of results to return per page.

", + "box":true, + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListRoutingProfileManualAssignmentQueuesResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

If there are additional results, this is the token for the next set of results.

" + }, + "RoutingProfileManualAssignmentQueueConfigSummaryList":{ + "shape":"RoutingProfileManualAssignmentQueueConfigSummaryList", + "documentation":"

Information about the manual assignment queues associated with the routing profile.

" + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

The timestamp when this resource was last modified.

" + }, + "LastModifiedRegion":{ + "shape":"RegionName", + "documentation":"

The Amazon Web Services Region where this resource was last modified.

" + } + } + }, "ListRoutingProfileQueuesRequest":{ "type":"structure", "required":[ @@ -17351,6 +19159,13 @@ "documentation":"

A set of endpoints used by clients to connect to the media service group for an Amazon Chime SDK meeting.

" }, "MediaRegion":{"type":"string"}, + "MediaStreamType":{ + "type":"string", + "enum":[ + "AUDIO", + "VIDEO" + ] + }, "Meeting":{ "type":"structure", "members":{ @@ -17435,7 +19250,7 @@ }, "MetricFilterValues":{ "shape":"MetricFilterValueList", - "documentation":"

The values to use for filtering data. Values for metric-level filters can be either a fixed set of values or a customized list, depending on the use case.

For valid values of metric-level filters INITIATION_METHOD, DISCONNECT_REASON, and ANSWERING_MACHINE_DETECTION_STATUS, see ContactTraceRecord in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter FLOWS_OUTCOME_TYPE, see the description for the Flow outcome metric in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter BOT_CONVERSATION_OUTCOME_TYPE, see the description for the Bot conversations completed in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter BOT_INTENT_OUTCOME_TYPE, see the description for the Bot intents completed metric in the Amazon Connect Administrator Guide.

" + "documentation":"

The values to use for filtering data. Values for metric-level filters can be either a fixed set of values or a customized list, depending on the use case.

For valid values of metric-level filters INITIATION_METHOD, DISCONNECT_REASON, and ANSWERING_MACHINE_DETECTION_STATUS, see ContactTraceRecord in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter FLOWS_OUTCOME_TYPE, see the description for the Flow outcome metric in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter BOT_CONVERSATION_OUTCOME_TYPE, see the description for the Bot conversations completed in the Amazon Connect Administrator Guide.

For valid values of the metric-level filter BOT_INTENT_OUTCOME_TYPE, see the description for the Bot intents completed metric in the Amazon Connect Administrator Guide.

" }, "Negate":{ "shape":"Boolean", @@ -17586,6 +19401,24 @@ "min":1, "pattern":"(^[\\S].*[\\S]$)|(^[\\S]$)" }, + "NameCriteria":{ + "type":"structure", + "required":[ + "SearchText", + "MatchType" + ], + "members":{ + "SearchText":{ + "shape":"SearchTextList", + "documentation":"

The words or phrases used to match the contact name.

" + }, + "MatchType":{ + "shape":"SearchContactsMatchType", + "documentation":"

The match type combining name search criteria using multiple search texts in a name criteria.

" + } + }, + "documentation":"

The search criteria based on the contact name

" + }, "Namespace":{ "type":"string", "max":128, @@ -17631,11 +19464,13 @@ }, "UserIds":{ "shape":"UserIdList", - "documentation":"

A list of user IDs.

" + "documentation":"

A list of user IDs. Supports variable injection of $.ContactLens.ContactEvaluation.Agent.AgentId for OnContactEvaluationSubmit event source.

" } }, "documentation":"

The type of notification recipient.

" }, + "NullableBoolean":{"type":"boolean"}, + "NullableDouble":{"type":"double"}, "NullableProficiencyLevel":{ "type":"float", "max":5.0, @@ -17700,7 +19535,10 @@ "NUMBER_OF_INTERRUPTIONS", "CONTACT_DURATION", "AGENT_INTERACTION_DURATION", - "CUSTOMER_HOLD_TIME" + "CUSTOMER_HOLD_TIME", + "LONGEST_HOLD_DURATION", + "NUMBER_OF_HOLDS", + "AGENT_INTERACTION_AND_HOLD_DURATION" ] }, "NumericQuestionPropertyValueAutomation":{ @@ -17750,10 +19588,10 @@ "members":{ "CcEmailAddresses":{ "shape":"EmailAddressRecipientList", - "documentation":"

The additional CC email address recipients information.

" + "documentation":"

Information about the additional CC email address recipients. Email recipients are limited to 50 total addresses: 1 required recipient in the DestinationEmailAddress field and up to 49 recipients in the 'CcEmailAddresses' field.

" } }, - "documentation":"

The additional recipients information of outbound email.

" + "documentation":"

Information about the additional recipients of outbound email.

" }, "OutboundCallerConfig":{ "type":"structure", @@ -17799,7 +19637,7 @@ "documentation":"

The identifier of the email address.

" } }, - "documentation":"

The outbound email address Id.

" + "documentation":"

The outbound email address ID.

" }, "OutboundEmailContent":{ "type":"structure", @@ -17855,6 +19693,35 @@ "max":36, "min":36 }, + "OutboundStrategy":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"OutboundStrategyType", + "documentation":"

Type of the outbound strategy.

" + }, + "Config":{ + "shape":"OutboundStrategyConfig", + "documentation":"

Config of the outbound strategy.

" + } + }, + "documentation":"

Information about the outbound strategy.

" + }, + "OutboundStrategyConfig":{ + "type":"structure", + "members":{ + "AgentFirst":{ + "shape":"AgentFirst", + "documentation":"

The config of agent first outbound strategy.

" + } + }, + "documentation":"

The config of the outbound strategy.

" + }, + "OutboundStrategyType":{ + "type":"string", + "enum":["AGENT_FIRST"] + }, "OutboundSubject":{ "type":"string", "max":998, @@ -17942,7 +19809,8 @@ "DisplayName":{ "shape":"DisplayName", "documentation":"

The display name of the participant.

" - } + }, + "ParticipantCapabilities":{"shape":"ParticipantCapabilities"} }, "documentation":"

The details to add for the participant.

" }, @@ -17951,6 +19819,48 @@ "max":256, "min":1 }, + "ParticipantMetrics":{ + "type":"structure", + "members":{ + "ParticipantId":{ + "shape":"ParticipantId", + "documentation":"

The Participant's ID.

" + }, + "ParticipantType":{ + "shape":"ParticipantType", + "documentation":"

Information about the conversation participant. Following are the participant types: [Agent, Customer, Supervisor].

" + }, + "ConversationAbandon":{ + "shape":"NullableBoolean", + "documentation":"

A boolean flag indicating whether the chat conversation was abandoned by a Participant.

" + }, + "MessagesSent":{ + "shape":"Count", + "documentation":"

Number of chat messages sent by Participant.

" + }, + "NumResponses":{ + "shape":"Count", + "documentation":"

Number of chat messages sent by Participant.

" + }, + "MessageLengthInChars":{ + "shape":"Count", + "documentation":"

Number of chat characters sent by Participant.

" + }, + "TotalResponseTimeInMillis":{ + "shape":"DurationMillis", + "documentation":"

Total chat response time by Participant.

" + }, + "MaxResponseTimeInMillis":{ + "shape":"DurationMillis", + "documentation":"

Maximum chat response time by Participant.

" + }, + "LastMessageTimestamp":{ + "shape":"timestamp", + "documentation":"

Timestamp of last chat message by Participant.

" + } + }, + "documentation":"

Information about a participant's interactions in a contact.

" + }, "ParticipantRole":{ "type":"string", "enum":[ @@ -17961,6 +19871,15 @@ "SUPERVISOR" ] }, + "ParticipantState":{ + "type":"string", + "enum":[ + "INITIAL", + "CONNECTED", + "DISCONNECTED", + "MISSED" + ] + }, "ParticipantTimerAction":{ "type":"string", "enum":["Unset"] @@ -18040,6 +19959,16 @@ }, "documentation":"

The credentials used by the participant.

" }, + "ParticipantType":{ + "type":"string", + "enum":[ + "ALL", + "MANAGER", + "AGENT", + "CUSTOMER", + "THIRDPARTY" + ] + }, "Password":{ "type":"string", "pattern":"/^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)[a-zA-Z\\d\\S]{8,64}$/", @@ -18068,8 +19997,7 @@ }, "PauseContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Percentage":{ "type":"integer", @@ -18100,6 +20028,7 @@ }, "documentation":"

Enable persistent chats. For more information about enabling persistent chat, and for example use cases and how to configure for them, see Enable persistent chat.

" }, + "PersistentConnection":{"type":"boolean"}, "PhoneNumber":{ "type":"string", "pattern":"\\\\+[1-9]\\\\d{1,14}$" @@ -18465,6 +20394,21 @@ "max":128, "min":0 }, + "PostAcceptPreviewTimeoutDurationInSeconds":{ + "type":"integer", + "min":0 + }, + "PostAcceptTimeoutConfig":{ + "type":"structure", + "required":["DurationInSeconds"], + "members":{ + "DurationInSeconds":{ + "shape":"PostAcceptPreviewTimeoutDurationInSeconds", + "documentation":"

Duration in seconds for the countdown timer after the agent accepted the contact.

" + } + }, + "documentation":"

Countdown timer configuration after the agent accepted the contact.

" + }, "PotentialAudioQualityIssue":{ "type":"string", "max":128, @@ -18497,6 +20441,14 @@ "shape":"PredefinedAttributeValues", "documentation":"

The values of the predefined attribute.

" }, + "Purposes":{ + "shape":"PredefinedAttributePurposeNameList", + "documentation":"

Values that enable you to categorize your predefined attributes. You can use them in custom UI elements across the Amazon Connect admin website.

" + }, + "AttributeConfiguration":{ + "shape":"PredefinedAttributeConfiguration", + "documentation":"

Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.

" + }, "LastModifiedTime":{ "shape":"Timestamp", "documentation":"

Last modified time.

" @@ -18508,11 +20460,36 @@ }, "documentation":"

Information about a predefined attribute.

" }, + "PredefinedAttributeConfiguration":{ + "type":"structure", + "members":{ + "EnableValueValidationOnAssociation":{ + "shape":"EnableValueValidationOnAssociation", + "documentation":"

When this parameter is set to true, Amazon Connect enforces strict validation on the specific values, if the values are predefined in attributes. The contact will store only valid and predefined values for teh predefined attribute key.

" + }, + "IsReadOnly":{ + "shape":"IsReadOnly", + "documentation":"

A boolean flag used to indicate whether a predefined attribute should be displayed in the Amazon Connect admin website.

" + } + }, + "documentation":"

Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.

" + }, "PredefinedAttributeName":{ "type":"string", - "max":64, + "max":100, "min":1 }, + "PredefinedAttributePurposeName":{ + "type":"string", + "max":100, + "min":1 + }, + "PredefinedAttributePurposeNameList":{ + "type":"list", + "member":{"shape":"PredefinedAttributePurposeName"}, + "max":10, + "min":0 + }, "PredefinedAttributeSearchConditionList":{ "type":"list", "member":{"shape":"PredefinedAttributeSearchCriteria"} @@ -18538,14 +20515,14 @@ }, "PredefinedAttributeStringValue":{ "type":"string", - "max":64, + "max":100, "min":1 }, "PredefinedAttributeStringValuesList":{ "type":"list", "member":{"shape":"PredefinedAttributeStringValue"}, - "max":128, - "min":1 + "max":500, + "min":0 }, "PredefinedAttributeSummary":{ "type":"structure", @@ -18585,6 +20562,24 @@ "max":128, "min":1 }, + "Preview":{ + "type":"structure", + "required":[ + "PostAcceptTimeoutConfig", + "AllowedUserActions" + ], + "members":{ + "PostAcceptTimeoutConfig":{ + "shape":"PostAcceptTimeoutConfig", + "documentation":"

Countdown timer configuration after the agent accepted the preview outbound contact.

" + }, + "AllowedUserActions":{ + "shape":"AllowedUserActions", + "documentation":"

The actions the agent can perform after accepting the preview outbound contact.

" + } + }, + "documentation":"

Information about agent-first preview mode outbound strategy configuration.

" + }, "Priority":{ "type":"integer", "max":99, @@ -18816,8 +20811,7 @@ }, "PutUserStatusResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "QualityMetrics":{ "type":"structure", @@ -18833,6 +20827,18 @@ }, "documentation":"

Information about the quality of the participant's media connection.

" }, + "QuestionRuleCategoryAutomationCondition":{ + "type":"string", + "enum":[ + "PRESENT", + "NOT_PRESENT" + ] + }, + "QuestionRuleCategoryAutomationLabel":{ + "type":"string", + "max":50, + "min":1 + }, "Queue":{ "type":"structure", "members":{ @@ -19703,6 +21709,69 @@ "type":"list", "member":{"shape":"RealtimeContactAnalysisSegment"} }, + "RecordingDeletionReason":{"type":"string"}, + "RecordingInfo":{ + "type":"structure", + "members":{ + "StorageType":{ + "shape":"StorageType", + "documentation":"

Where the recording/transcript is stored.

" + }, + "Location":{ + "shape":"RecordingLocation", + "documentation":"

The location, in Amazon S3, for the recording/transcript.

" + }, + "MediaStreamType":{ + "shape":"MediaStreamType", + "documentation":"

Information about the media stream used during the conversation.

" + }, + "ParticipantType":{ + "shape":"ParticipantType", + "documentation":"

Information about the conversation participant, whether they are an agent or contact. The participant types are as follows:

  • All

  • Manager

  • Agent

  • Customer

  • Thirdparty

  • Supervisor

" + }, + "FragmentStartNumber":{ + "shape":"FragmentNumber", + "documentation":"

The number that identifies the Kinesis Video Streams fragment where the customer audio stream started.

" + }, + "FragmentStopNumber":{ + "shape":"FragmentNumber", + "documentation":"

The number that identifies the Kinesis Video Streams fragment where the customer audio stream stopped.

" + }, + "StartTimestamp":{ + "shape":"timestamp", + "documentation":"

When the conversation of the last leg of the recording started in UTC time.

" + }, + "StopTimestamp":{ + "shape":"timestamp", + "documentation":"

When the conversation of the last leg of recording stopped in UTC time.

" + }, + "Status":{ + "shape":"RecordingStatus", + "documentation":"

The status of the recording/transcript.

" + }, + "DeletionReason":{ + "shape":"RecordingDeletionReason", + "documentation":"

If the recording/transcript was deleted, this is the reason entered for the deletion.

" + } + }, + "documentation":"

Information about a voice recording, chat transcript, or screen recording.

" + }, + "RecordingLocation":{ + "type":"string", + "max":1024, + "min":0 + }, + "RecordingStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "DELETED" + ] + }, + "Recordings":{ + "type":"list", + "member":{"shape":"RecordingInfo"} + }, "Reference":{ "type":"structure", "required":["Type"], @@ -20004,7 +22073,7 @@ "documentation":"

The identifier for the resource.

" } }, - "documentation":"

That resource is already in use. Please try another.

", + "documentation":"

That resource is already in use (for example, you're trying to add a record with the same name as an existing record). If you are trying to delete a resource (for example, DeleteHoursOfOperation or DeletePredefinedAttribute), remove its reference from related resources and then try again.

", "error":{"httpStatusCode":409}, "exception":true }, @@ -20088,8 +22157,7 @@ }, "ResumeContactRecordingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResumeContactRequest":{ "type":"structure", @@ -20114,8 +22182,7 @@ }, "ResumeContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RoutingCriteria":{ "type":"structure", @@ -20231,6 +22298,10 @@ "shape":"Long", "documentation":"

The number of associated queues in routing profile.

" }, + "NumberOfAssociatedManualAssignmentQueues":{ + "shape":"Long", + "documentation":"

The number of associated manual assignment queues in routing profile.

" + }, "NumberOfAssociatedUsers":{ "shape":"Long", "documentation":"

The number of associated users in routing profile.

" @@ -20254,6 +22325,10 @@ "AssociatedQueueIds":{ "shape":"AssociatedQueueIdList", "documentation":"

The IDs of the associated queue.

" + }, + "AssociatedManualAssignmentQueueIds":{ + "shape":"AssociatedQueueIdList", + "documentation":"

The IDs of the associated manual assignment queues.

" } }, "documentation":"

Contains information about a routing profile.

" @@ -20268,6 +22343,52 @@ "type":"list", "member":{"shape":"RoutingProfile"} }, + "RoutingProfileManualAssignmentQueueConfig":{ + "type":"structure", + "required":["QueueReference"], + "members":{ + "QueueReference":{"shape":"RoutingProfileQueueReference"} + }, + "documentation":"

Contains information about the queue and channel for manual assignment behaviour can be enabled.

" + }, + "RoutingProfileManualAssignmentQueueConfigList":{ + "type":"list", + "member":{"shape":"RoutingProfileManualAssignmentQueueConfig"}, + "max":10, + "min":1 + }, + "RoutingProfileManualAssignmentQueueConfigSummary":{ + "type":"structure", + "required":[ + "QueueId", + "QueueArn", + "QueueName", + "Channel" + ], + "members":{ + "QueueId":{ + "shape":"QueueId", + "documentation":"

The identifier for the queue.

" + }, + "QueueArn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the queue.

" + }, + "QueueName":{ + "shape":"QueueName", + "documentation":"

The name of the queue.

" + }, + "Channel":{ + "shape":"Channel", + "documentation":"

The channels this queue supports. Valid Values: CHAT | TASK | EMAIL

VOICE is not supported. The information shown below is incorrect. We're working to correct it.

" + } + }, + "documentation":"

Contains summary information about a routing profile manual assignment queue.

" + }, + "RoutingProfileManualAssignmentQueueConfigSummaryList":{ + "type":"list", + "member":{"shape":"RoutingProfileManualAssignmentQueueConfigSummary"} + }, "RoutingProfileName":{ "type":"string", "max":127, @@ -20541,6 +22662,10 @@ "shape":"UpdateCaseActionDefinition", "documentation":"

Information about the update case action.

Supported only for TriggerEventSource values: OnCaseCreate | OnCaseUpdate.

" }, + "AssignSlaAction":{ + "shape":"AssignSlaActionDefinition", + "documentation":"

Information about the assign SLA action.

" + }, "EndAssociatedTasksAction":{ "shape":"EndAssociatedTasksActionDefinition", "documentation":"

Information about the end associated tasks action.

Supported only for TriggerEventSource values: OnCaseUpdate.

" @@ -20769,6 +22894,50 @@ } } }, + "SearchContactEvaluationsRequest":{ + "type":"structure", + "required":["InstanceId"], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + }, + "MaxResults":{ + "shape":"MaxResult100", + "documentation":"

The maximum number of results to return per page.

", + "box":true + }, + "SearchCriteria":{ + "shape":"EvaluationSearchCriteria", + "documentation":"

The search criteria to be used to return contact evaluations.

" + }, + "SearchFilter":{ + "shape":"EvaluationSearchFilter", + "documentation":"

Filters to be applied to search results.

" + } + } + }, + "SearchContactEvaluationsResponse":{ + "type":"structure", + "members":{ + "EvaluationSearchSummaryList":{ + "shape":"EvaluationSearchSummaryList", + "documentation":"

Contains information about contact evaluations.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If there are additional results, this is the token for the next set of results.

" + }, + "ApproximateTotalCount":{ + "shape":"ApproximateTotalCount", + "documentation":"

The total number of contact evaluations that matched your search query.

" + } + } + }, "SearchContactFlowModulesRequest":{ "type":"structure", "required":["InstanceId"], @@ -20857,11 +23026,46 @@ } } }, + "SearchContactsAdditionalTimeRange":{ + "type":"structure", + "required":[ + "Criteria", + "MatchType" + ], + "members":{ + "Criteria":{ + "shape":"SearchContactsAdditionalTimeRangeCriteriaList", + "documentation":"

List of criteria of the time range to additionally filter on.

" + }, + "MatchType":{ + "shape":"SearchContactsMatchType", + "documentation":"

The match type combining multiple time range filters.

" + } + }, + "documentation":"

Time range that you additionally want to filter on.

This is different from the SearchContactsTimeRange data type.

" + }, + "SearchContactsAdditionalTimeRangeCriteria":{ + "type":"structure", + "members":{ + "TimeRange":{"shape":"SearchContactsTimeRange"}, + "TimestampCondition":{ + "shape":"SearchContactsTimestampCondition", + "documentation":"

List of the timestamp conditions.

" + } + }, + "documentation":"

The criteria of the time range to additionally filter on.

" + }, + "SearchContactsAdditionalTimeRangeCriteriaList":{ + "type":"list", + "member":{"shape":"SearchContactsAdditionalTimeRangeCriteria"} + }, "SearchContactsMatchType":{ "type":"string", "enum":[ "MATCH_ALL", - "MATCH_ANY" + "MATCH_ANY", + "MATCH_EXACT", + "MATCH_NONE" ] }, "SearchContactsRequest":{ @@ -20939,18 +23143,45 @@ }, "documentation":"

A structure of time range that you want to search results.

" }, + "SearchContactsTimeRangeConditionType":{ + "type":"string", + "enum":["NOT_EXISTS"] + }, "SearchContactsTimeRangeType":{ "type":"string", "enum":[ "INITIATION_TIMESTAMP", "SCHEDULED_TIMESTAMP", "CONNECTED_TO_AGENT_TIMESTAMP", - "DISCONNECT_TIMESTAMP" + "DISCONNECT_TIMESTAMP", + "ENQUEUE_TIMESTAMP" ] }, + "SearchContactsTimestampCondition":{ + "type":"structure", + "required":[ + "Type", + "ConditionType" + ], + "members":{ + "Type":{ + "shape":"SearchContactsTimeRangeType", + "documentation":"

Type of the timestamps to use for the filter.

" + }, + "ConditionType":{ + "shape":"SearchContactsTimeRangeConditionType", + "documentation":"

Condition of the timestamp on the contact.

" + } + }, + "documentation":"

The timestamp condition indicating which contact timestamp should be used and how it should be filtered. It is not an actual timestamp value.

" + }, "SearchCriteria":{ "type":"structure", "members":{ + "Name":{ + "shape":"NameCriteria", + "documentation":"

Name of the contact.

" + }, "AgentIds":{ "shape":"AgentResourceIdList", "documentation":"

The identifiers of agents who handled the contacts.

" @@ -20975,6 +23206,14 @@ "shape":"QueueIdList", "documentation":"

The list of queue IDs associated with contacts.

" }, + "RoutingCriteria":{ + "shape":"SearchableRoutingCriteria", + "documentation":"

Routing criteria for the contact.

" + }, + "AdditionalTimeRange":{ + "shape":"SearchContactsAdditionalTimeRange", + "documentation":"

Additional TimeRange used to filter contacts.

" + }, "SearchableContactAttributes":{ "shape":"SearchableContactAttributes", "documentation":"

The search criteria based on user-defined contact attributes that have been configured for contact search. For more information, see Search by custom contact attributes in the Amazon Connect Administrator Guide.

To use SearchableContactAttributes in a search request, the GetContactAttributes action is required to perform an API request. For more information, see https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html#amazonconnect-actions-as-permissionsActions defined by Amazon Connect.

" @@ -21029,6 +23268,50 @@ } } }, + "SearchEvaluationFormsRequest":{ + "type":"structure", + "required":["InstanceId"], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + }, + "MaxResults":{ + "shape":"MaxResult100", + "documentation":"

The maximum number of results to return per page.

", + "box":true + }, + "SearchCriteria":{ + "shape":"EvaluationFormSearchCriteria", + "documentation":"

The search criteria to be used to return evaluation forms.

" + }, + "SearchFilter":{ + "shape":"EvaluationFormSearchFilter", + "documentation":"

Filters to be applied to search results.

" + } + } + }, + "SearchEvaluationFormsResponse":{ + "type":"structure", + "members":{ + "EvaluationFormSearchSummaryList":{ + "shape":"EvaluationFormSearchSummaryList", + "documentation":"

Information about the returned evaluation forms.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If there are additional results, this is the token for the next set of results.

" + }, + "ApproximateTotalCount":{ + "shape":"ApproximateTotalCount", + "documentation":"

The total number of evaluation forms that matched your search query.

" + } + } + }, "SearchHoursOfOperationOverridesRequest":{ "type":"structure", "required":["InstanceId"], @@ -21039,11 +23322,11 @@ }, "NextToken":{ "shape":"NextToken2500", - "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results. Length Constraints: Minimum length of 1. Maximum length of 2500.

" + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" }, "MaxResults":{ "shape":"MaxResult100", - "documentation":"

The maximum number of results to return per page. Valid Range: Minimum value of 1. Maximum value of 100.

", + "documentation":"

The maximum number of results to return per page.

", "box":true }, "SearchFilter":{"shape":"HoursOfOperationSearchFilter"}, @@ -21062,7 +23345,7 @@ }, "NextToken":{ "shape":"NextToken2500", - "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results. Length Constraints: Minimum length of 1. Maximum length of 2500.

" + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" }, "ApproximateTotalCount":{ "shape":"ApproximateTotalCount", @@ -21296,7 +23579,7 @@ }, "ResourceTypes":{ "shape":"ResourceTypeList", - "documentation":"

The list of resource types to be used to search tags from. If not provided or if any empty list is provided, this API will search from all supported resource types.

Supported resource types

  • AGENT

  • ROUTING_PROFILE

  • STANDARD_QUEUE

  • SECURITY_PROFILE

  • OPERATING_HOURS

  • PROMPT

  • CONTACT_FLOW

  • FLOW_MODULE

" + "documentation":"

The list of resource types to be used to search tags from. If not provided or if any empty list is provided, this API will search from all supported resource types. Note that lowercase and - are required.

Supported resource types

  • agent

  • agent-state

  • routing-profile

  • standard-queue

  • security-profile

  • operating-hours

  • prompt

  • contact-flow

  • flow- module

  • transfer-destination (also known as quick connect)

" }, "NextToken":{ "shape":"NextToken2500", @@ -21475,7 +23758,7 @@ "members":{ "InstanceId":{ "shape":"InstanceId", - "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

InstanceID is a required field. The \"Required: No\" below is incorrect.

" + "documentation":"

The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

" }, "NextToken":{ "shape":"NextToken2500", @@ -21555,6 +23838,20 @@ } } }, + "SearchableAgentCriteriaStep":{ + "type":"structure", + "members":{ + "AgentIds":{ + "shape":"AgentResourceIdList", + "documentation":"

The identifiers of agents used in preferred agents matching.

" + }, + "MatchType":{ + "shape":"SearchContactsMatchType", + "documentation":"

The match type combining multiple agent criteria steps.

" + } + }, + "documentation":"

The agent criteria to search for preferred agents on the routing criteria.

" + }, "SearchableContactAttributeKey":{ "type":"string", "max":100, @@ -21616,6 +23913,30 @@ "type":"string", "enum":["STANDARD"] }, + "SearchableRoutingCriteria":{ + "type":"structure", + "members":{ + "Steps":{ + "shape":"SearchableRoutingCriteriaStepList", + "documentation":"

The list of Routing criteria steps of the contact routing.

" + } + }, + "documentation":"

Routing criteria of the contact to match on.

" + }, + "SearchableRoutingCriteriaStep":{ + "type":"structure", + "members":{ + "AgentCriteria":{ + "shape":"SearchableAgentCriteriaStep", + "documentation":"

Agent matching the routing step of the routing criteria

" + } + }, + "documentation":"

Routing criteria of the contact to match on.

" + }, + "SearchableRoutingCriteriaStepList":{ + "type":"list", + "member":{"shape":"SearchableRoutingCriteriaStep"} + }, "SearchableSegmentAttributeKey":{ "type":"string", "max":64, @@ -21889,11 +24210,23 @@ "ValueInteger":{ "shape":"SegmentAttributeValueInteger", "documentation":"

The value of a segment attribute.

" + }, + "ValueList":{ + "shape":"SegmentAttributeValueList", + "documentation":"

The value of a segment attribute. This is only supported for system-defined attributes, not for user-defined attributes.

" + }, + "ValueArn":{ + "shape":"SegmentAttributeValueString", + "documentation":"

The value of a segment attribute that has to be a valid ARN. This is only supported for system-defined attributes, not for user-defined attributes.

" } }, "documentation":"

A value for a segment attribute. This is structured as a map where the key is valueString and the value is a string.

" }, "SegmentAttributeValueInteger":{"type":"integer"}, + "SegmentAttributeValueList":{ + "type":"list", + "member":{"shape":"SegmentAttributeValue"} + }, "SegmentAttributeValueMap":{ "type":"map", "key":{"shape":"SegmentAttributeName"}, @@ -22018,7 +24351,7 @@ }, "TrafficType":{ "shape":"TrafficType", - "documentation":"

Denotes the class of traffic.

" + "documentation":"

Denotes the class of traffic.

Only the CAMPAIGN traffic type is supported.

" }, "SourceCampaign":{ "shape":"SourceCampaign", @@ -22033,8 +24366,7 @@ }, "SendOutboundEmailResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ServiceQuotaExceededException":{ "type":"structure", @@ -22129,6 +24461,25 @@ "max":50, "min":1 }, + "SlaAssignmentType":{ + "type":"string", + "enum":["CASES"] + }, + "SlaFieldValueUnionList":{ + "type":"list", + "member":{"shape":"FieldValueUnion"}, + "max":1 + }, + "SlaName":{ + "type":"string", + "max":500, + "min":1, + "pattern":"^.*[\\S]$" + }, + "SlaType":{ + "type":"string", + "enum":["CaseField"] + }, "SnapshotVersion":{"type":"string"}, "Sort":{ "type":"structure", @@ -22163,7 +24514,8 @@ "CONNECTED_TO_AGENT_TIMESTAMP", "DISCONNECT_TIMESTAMP", "INITIATION_METHOD", - "CHANNEL" + "CHANNEL", + "EXPIRY_TIMESTAMP" ] }, "SourceApplicationName":{ @@ -22309,7 +24661,7 @@ }, "InitialMessage":{ "shape":"ChatMessage", - "documentation":"

The initial message to be sent to the newly created chat. If you have a Lex bot in your flow, the initial message is not delivered to the Lex bot.

" + "documentation":"

The initial message to be sent to the newly created chat.

" }, "ClientToken":{ "shape":"ClientToken", @@ -22385,10 +24737,18 @@ "shape":"ResourceId", "documentation":"

The unique identifier for the evaluation form.

" }, + "AutoEvaluationConfiguration":{ + "shape":"AutoEvaluationConfiguration", + "documentation":"

Whether automated evaluations are enabled.

" + }, "ClientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", "idempotencyToken":true + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

" } } }, @@ -22438,8 +24798,7 @@ }, "StartContactRecordingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartContactStreamingRequest":{ "type":"structure", @@ -22498,7 +24857,7 @@ }, "DestinationEmailAddress":{ "shape":"EmailAddress", - "documentation":"

The email address associated with the instance.

" + "documentation":"

The email address associated with the Amazon Connect instance.

" }, "Description":{ "shape":"Description", @@ -22518,7 +24877,7 @@ }, "AdditionalRecipients":{ "shape":"InboundAdditionalRecipients", - "documentation":"

The addtional recipients address of the email.

" + "documentation":"

The additional recipients address of the email.

" }, "Attachments":{ "shape":"EmailAttachments", @@ -22633,7 +24992,7 @@ }, "FromEmailAddress":{ "shape":"EmailAddressInfo", - "documentation":"

The email address associated with the instance.

" + "documentation":"

The email address associated with the Amazon Connect instance.

" }, "DestinationEmailAddress":{ "shape":"EmailAddressInfo", @@ -22641,7 +25000,7 @@ }, "AdditionalRecipients":{ "shape":"OutboundAdditionalRecipients", - "documentation":"

The addtional recipients address of email in CC.

" + "documentation":"

The additional recipients address of email in CC.

" }, "EmailMessage":{ "shape":"OutboundEmailContent", @@ -22677,7 +25036,7 @@ }, "Description":{ "shape":"Description", - "documentation":"

A description of the voice contact that is shown to an agent in the Contact Control Panel (CCP).

" + "documentation":"

A description of the voice contact that appears in the agent's snapshot in the CCP logs. For more information about CCP logs, see Download and review CCP logs in the Amazon Connect Administrator Guide.

" }, "References":{ "shape":"ContactReferences", @@ -22727,6 +25086,10 @@ "TrafficType":{ "shape":"TrafficType", "documentation":"

Denotes the class of traffic. Calls with different traffic types are handled differently by Amazon Connect. The default value is GENERAL. Use CAMPAIGN if EnableAnswerMachineDetection is set to true. For all other cases, use GENERAL.

" + }, + "OutboundStrategy":{ + "shape":"OutboundStrategy", + "documentation":"

Information about the outbound strategy.

" } } }, @@ -22763,8 +25126,7 @@ }, "StartScreenSharingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartTaskContactRequest":{ "type":"structure", @@ -22902,6 +25264,28 @@ } } }, + "StateTransition":{ + "type":"structure", + "members":{ + "State":{ + "shape":"ParticipantState", + "documentation":"

The state of the transition.

" + }, + "StateStartTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the state started in UTC time.

" + }, + "StateEndTimestamp":{ + "shape":"timestamp", + "documentation":"

The date and time when the state ended in UTC time.

" + } + }, + "documentation":"

Information about the state transition of a supervisor.

" + }, + "StateTransitions":{ + "type":"list", + "member":{"shape":"StateTransition"} + }, "Statistic":{ "type":"string", "enum":[ @@ -22910,6 +25294,14 @@ "AVG" ] }, + "Status":{ + "type":"string", + "enum":[ + "COMPLETE", + "IN_PROGRESS", + "DELETED" + ] + }, "Step":{ "type":"structure", "members":{ @@ -22960,8 +25352,7 @@ }, "StopContactRecordingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopContactRequest":{ "type":"structure", @@ -22980,14 +25371,13 @@ }, "DisconnectReason":{ "shape":"DisconnectReason", - "documentation":"

The reason a contact can be disconnected. Only Amazon Connect outbound campaigns can provide this field.

" + "documentation":"

The reason a contact can be disconnected. Only Amazon Connect outbound campaigns can provide this field. For a list and description of all the possible disconnect reasons by channel (including outbound campaign voice contacts) see DisconnectReason under ContactTraceRecord in the Amazon Connect Administrator Guide.

" } } }, "StopContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopContactStreamingRequest":{ "type":"structure", @@ -23013,8 +25403,7 @@ }, "StopContactStreamingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StorageType":{ "type":"string", @@ -23113,6 +25502,10 @@ "Notes":{ "shape":"EvaluationNotesMap", "documentation":"

A map of question identifiers to note value.

" + }, + "SubmittedBy":{ + "shape":"EvaluatorUserUnion", + "documentation":"

The ID of the user who submitted the contact evaluation.

" } } }, @@ -23193,8 +25586,7 @@ }, "SuspendContactRecordingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagAndConditionList":{ "type":"list", @@ -23238,8 +25630,7 @@ }, "TagContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagKey":{ "type":"string", @@ -23349,6 +25740,11 @@ "type":"string", "enum":["PROFICIENCIES"] }, + "TargetSlaMinutes":{ + "type":"long", + "max":129600, + "min":1 + }, "TaskActionDefinition":{ "type":"structure", "required":[ @@ -23517,6 +25913,20 @@ "max":500, "min":1 }, + "TaskTemplateInfoV2":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ARN", + "documentation":"

The Amazon Resource Name (ARN) of the task template used to create this contact.

" + }, + "Name":{ + "shape":"TaskTemplateName", + "documentation":"

The name of the task template used to create this contact.

" + } + }, + "documentation":"

Information about the task template used to create this contact.

" + }, "TaskTemplateList":{ "type":"list", "member":{"shape":"TaskTemplateMetadata"} @@ -23958,8 +26368,7 @@ }, "UntagContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UntagResourceRequest":{ "type":"structure", @@ -24067,6 +26476,19 @@ "PeriodicSessionDuration":{ "shape":"AccessTokenDuration", "documentation":"

The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, For more information on how to configure IP addresses, see Configure session timeouts in the Amazon Connect Administrator Guide.

", + "box":true, + "deprecated":true, + "deprecatedMessage":"PeriodicSessionDuration is deprecated. Use SessionInactivityDuration instead.", + "deprecatedSince":"10/31/2025" + }, + "SessionInactivityDuration":{ + "shape":"InactivityDuration", + "documentation":"

The period, in minutes, before an agent is automatically signed out of the contact center when they go inactive.

", + "box":true + }, + "SessionInactivityHandlingEnabled":{ + "shape":"Boolean", + "documentation":"

Determines if automatic logout on user inactivity is enabled.

", "box":true } } @@ -24100,14 +26522,13 @@ }, "Attributes":{ "shape":"Attributes", - "documentation":"

The Amazon Connect attributes. These attributes can be accessed in flows just like any other contact attributes.

You can have up to 32,768 UTF-8 bytes across all attributes for a contact. Attribute keys can include only alphanumeric, dash, and underscore characters.

When the attributes for a contact exceed 32 KB, the contact is routed down the Error branch of the flow. As a mitigation, consider the following options:

  • Remove unnecessary attributes by setting their values to empty.

  • If the attributes are only used in one flow and don't need to be referred to outside of that flow (for example, by a Lambda or another flow), then use flow attributes. This way you aren't needlessly persisting the 32 KB of information from one flow to another. For more information, see Flow block: Set contact attributes in the Amazon Connect Administrator Guide.

" + "documentation":"

The Amazon Connect attributes. These attributes can be accessed in flows just like any other contact attributes.

You can have up to 32,768 UTF-8 bytes across all attributes for a contact. Attribute keys can include only alphanumeric, dash, and underscore characters.

In the Set contact attributes block, when the attributes for a contact exceed 32 KB, the contact is routed down the Error branch of the flow. As a mitigation, consider the following options:

  • Remove unnecessary attributes by setting their values to empty.

  • If the attributes are only used in one flow and don't need to be referred to outside of that flow (for example, by a Lambda or another flow), then use flow attributes. This way you aren't needlessly persisting the 32 KB of information from one flow to another. For more information, see Flow block: Set contact attributes in the Amazon Connect Administrator Guide.

" } } }, "UpdateContactAttributesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactEvaluationRequest":{ "type":"structure", @@ -24135,6 +26556,10 @@ "Notes":{ "shape":"EvaluationNotesMap", "documentation":"

A map of question identifiers to note value.

" + }, + "UpdatedBy":{ + "shape":"EvaluatorUserUnion", + "documentation":"

The ID of the user who updated the contact evaluation.

" } } }, @@ -24183,8 +26608,7 @@ }, "UpdateContactFlowContentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactFlowMetadataRequest":{ "type":"structure", @@ -24221,8 +26645,7 @@ }, "UpdateContactFlowMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactFlowModuleContentRequest":{ "type":"structure", @@ -24252,8 +26675,7 @@ }, "UpdateContactFlowModuleContentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactFlowModuleMetadataRequest":{ "type":"structure", @@ -24290,8 +26712,7 @@ }, "UpdateContactFlowModuleMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactFlowNameRequest":{ "type":"structure", @@ -24324,8 +26745,7 @@ }, "UpdateContactFlowNameResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactRequest":{ "type":"structure", @@ -24360,7 +26780,7 @@ }, "SegmentAttributes":{ "shape":"SegmentAttributes", - "documentation":"

A set of system defined key-value pairs stored on individual contact segments (unique contact ID) using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.

Attribute keys can include only alphanumeric, -, and _.

This field can be used to show channel subtype, such as connect:Guide.

Currently Contact Expiry is the only segment attribute which can be updated by using the UpdateContact API.

" + "documentation":"

A set of system defined key-value pairs stored on individual contact segments (unique contact ID) using an attribute map. The attributes are standard Amazon Connect attributes. They can be accessed in flows.

Attribute keys can include only alphanumeric, -, and _.

This field can be used to show channel subtype, such as connect:Guide.

Contact Expiry, and user-defined attributes (String - String) that are defined in predefined attributes, can be updated by using the UpdateContact API.

" }, "QueueInfo":{ "shape":"QueueInfoInput", @@ -24382,8 +26802,7 @@ }, "UpdateContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactRoutingDataRequest":{ "type":"structure", @@ -24420,8 +26839,7 @@ }, "UpdateContactRoutingDataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactScheduleRequest":{ "type":"structure", @@ -24447,8 +26865,7 @@ }, "UpdateContactScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEmailAddressMetadataRequest":{ "type":"structure", @@ -24543,6 +26960,10 @@ "shape":"EvaluationFormScoringStrategy", "documentation":"

A scoring strategy of the evaluation form.

" }, + "AutoEvaluationConfiguration":{ + "shape":"EvaluationFormAutoEvaluationConfiguration", + "documentation":"

Whether automated evaluations are enabled.

" + }, "ClientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", @@ -24621,7 +27042,7 @@ }, "EffectiveTill":{ "shape":"HoursOfOperationOverrideYearMonthDayDateFormat", - "documentation":"

The date till when the hours of operation override would be effective.

" + "documentation":"

The date until the hours of operation override is effective.

" } } }, @@ -24685,6 +27106,11 @@ "Value":{ "shape":"InstanceAttributeValue", "documentation":"

The value for the attribute. Maximum character limit is 100.

" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true } } }, @@ -24715,7 +27141,12 @@ "location":"querystring", "locationName":"resourceType" }, - "StorageConfig":{"shape":"InstanceStorageConfig"} + "StorageConfig":{"shape":"InstanceStorageConfig"}, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true + } } }, "UpdateParticipantAuthenticationRequest":{ @@ -24749,8 +27180,7 @@ }, "UpdateParticipantAuthenticationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateParticipantRoleConfigChannelInfo":{ "type":"structure", @@ -24791,8 +27221,7 @@ }, "UpdateParticipantRoleConfigResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePhoneNumberMetadataRequest":{ "type":"structure", @@ -24875,6 +27304,14 @@ "Values":{ "shape":"PredefinedAttributeValues", "documentation":"

The values of the predefined attribute.

" + }, + "Purposes":{ + "shape":"PredefinedAttributePurposeNameList", + "documentation":"

Values that enable you to categorize your predefined attributes. You can use them in custom UI elements across the Amazon Connect admin website.

" + }, + "AttributeConfiguration":{ + "shape":"InputPredefinedAttributeConfiguration", + "documentation":"

Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.

" } } }, @@ -25502,8 +27939,7 @@ }, "UpdateTrafficDistributionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateUserHierarchyGroupNameRequest":{ "type":"structure", @@ -25776,8 +28212,7 @@ }, "UpdateViewMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UploadUrlMetadata":{ "type":"structure", @@ -26112,6 +28547,11 @@ "DeskPhoneNumber":{ "shape":"PhoneNumber", "documentation":"

The phone number for the user's desk phone.

" + }, + "PersistentConnection":{ + "shape":"PersistentConnection", + "documentation":"

The persistent connection setting for the user.

", + "box":true } }, "documentation":"

Contains information about the phone configuration settings for a user.

" @@ -26214,7 +28654,7 @@ }, "StringCondition":{ "shape":"StringCondition", - "documentation":"

A leaf node condition which can be used to specify a string condition.

The currently supported values for FieldName are Username, FirstName, LastName, RoutingProfileId, SecurityProfileId, ResourceId.

" + "documentation":"

A leaf node condition which can be used to specify a string condition.

The currently supported values for FieldName are Username, FirstName, LastName, RoutingProfileId, SecurityProfileId, resourceId.

" }, "ListCondition":{ "shape":"ListCondition", diff -pruN 2.23.6-1/awscli/botocore/data/connect-contact-lens/2020-08-21/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connect-contact-lens/2020-08-21/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connect-contact-lens/2020-08-21/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connect-contact-lens/2020-08-21/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connect-contact-lens/2020-08-21/service-2.json 2.31.35-1/awscli/botocore/data/connect-contact-lens/2020-08-21/service-2.json --- 2.23.6-1/awscli/botocore/data/connect-contact-lens/2020-08-21/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connect-contact-lens/2020-08-21/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -353,8 +353,7 @@ "ParticipantRole", "Content", "BeginOffsetMillis", - "EndOffsetMillis", - "Sentiment" + "EndOffsetMillis" ], "members":{ "Id":{ diff -pruN 2.23.6-1/awscli/botocore/data/connectcampaigns/2021-01-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connectcampaigns/2021-01-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connectcampaigns/2021-01-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcampaigns/2021-01-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json 2.31.35-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json --- 2.23.6-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -231,6 +231,23 @@ ], "documentation":"

Get the specific Connect instance config.

" }, + "GetInstanceCommunicationLimits":{ + "name":"GetInstanceCommunicationLimits", + "http":{ + "method":"GET", + "requestUri":"/v2/connect-instance/{connectInstanceId}/communication-limits", + "responseCode":200 + }, + "input":{"shape":"GetInstanceCommunicationLimitsRequest"}, + "output":{"shape":"GetInstanceCommunicationLimitsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Get the instance communication limits.

" + }, "GetInstanceOnboardingJobStatus":{ "name":"GetInstanceOnboardingJobStatus", "http":{ @@ -338,6 +355,24 @@ "documentation":"

Put or update the integration for the specified Amazon Connect instance.

", "idempotent":true }, + "PutInstanceCommunicationLimits":{ + "name":"PutInstanceCommunicationLimits", + "http":{ + "method":"PUT", + "requestUri":"/v2/connect-instance/{connectInstanceId}/communication-limits", + "responseCode":200 + }, + "input":{"shape":"PutInstanceCommunicationLimitsRequest"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Put the instance communication limits. This API is idempotent.

", + "idempotent":true + }, "PutOutboundRequestBatch":{ "name":"PutOutboundRequestBatch", "http":{ @@ -644,6 +679,16 @@ }, "exception":true }, + "AgentAction":{ + "type":"string", + "documentation":"

Actions that can performed on a contact by an agent

", + "enum":["DISCARD"] + }, + "AgentActions":{ + "type":"list", + "member":{"shape":"AgentAction"}, + "documentation":"

Actions that can be performed by agent during preview phase.

" + }, "AgentlessConfig":{ "type":"structure", "members":{ @@ -753,8 +798,8 @@ "type":"string", "documentation":"

Identifier representing a Campaign

", "max":256, - "min":0, - "pattern":"[a-zA-Z0-9\\-:/]*" + "min":1, + "pattern":"[-:/a-zA-Z0-9]+" }, "CampaignName":{ "type":"string", @@ -900,7 +945,8 @@ "CommunicationLimitsConfig":{ "type":"structure", "members":{ - "allChannelSubtypes":{"shape":"CommunicationLimits"} + "allChannelSubtypes":{"shape":"CommunicationLimits"}, + "instanceLimitsHandling":{"shape":"InstanceLimitsHandling"} }, "documentation":"

Communication limits config

" }, @@ -1181,8 +1227,8 @@ "type":"string", "documentation":"

Identifier representing a Dial request

", "max":256, - "min":0, - "pattern":"[a-zA-Z0-9_\\-.]*" + "min":1, + "pattern":"[-_.a-zA-Z0-9]+" }, "EmailAddress":{ "type":"string", @@ -1415,6 +1461,25 @@ }, "documentation":"

The response for GetConnectInstanceConfig API.

" }, + "GetInstanceCommunicationLimitsRequest":{ + "type":"structure", + "required":["connectInstanceId"], + "members":{ + "connectInstanceId":{ + "shape":"InstanceId", + "location":"uri", + "locationName":"connectInstanceId" + } + }, + "documentation":"

The request for GetInstanceCommunicationLimits API.

" + }, + "GetInstanceCommunicationLimitsResponse":{ + "type":"structure", + "members":{ + "communicationLimitsConfig":{"shape":"InstanceCommunicationLimitsConfig"} + }, + "documentation":"

The response for GetInstanceCommunicationLimits API.

" + }, "GetInstanceOnboardingJobStatusRequest":{ "type":"structure", "required":["connectInstanceId"], @@ -1434,6 +1499,13 @@ }, "documentation":"

The response for GetInstanceOnboardingJobStatus API.

" }, + "InstanceCommunicationLimitsConfig":{ + "type":"structure", + "members":{ + "allChannelSubtypes":{"shape":"CommunicationLimits"} + }, + "documentation":"

Instance Communication limits config

" + }, "InstanceConfig":{ "type":"structure", "required":[ @@ -1452,8 +1524,8 @@ "type":"string", "documentation":"

Amazon Connect Instance Id

", "max":256, - "min":0, - "pattern":"[a-zA-Z0-9_\\-.]*" + "min":1, + "pattern":"[-_.a-zA-Z0-9]+" }, "InstanceIdFilter":{ "type":"structure", @@ -1472,6 +1544,14 @@ "documentation":"

Operators for Connect instance identifier filter

", "enum":["Eq"] }, + "InstanceLimitsHandling":{ + "type":"string", + "documentation":"

Instance limits handling

", + "enum":[ + "OPT_IN", + "OPT_OUT" + ] + }, "InstanceOnboardingJobFailureCode":{ "type":"string", "documentation":"

Enumeration of the possible failure codes for instance onboarding job

", @@ -1773,6 +1853,19 @@ }, "documentation":"

Predictive config

" }, + "PreviewConfig":{ + "type":"structure", + "required":[ + "bandwidthAllocation", + "timeoutConfig" + ], + "members":{ + "bandwidthAllocation":{"shape":"BandwidthAllocation"}, + "timeoutConfig":{"shape":"TimeoutConfig"}, + "agentActions":{"shape":"AgentActions"} + }, + "documentation":"

Preview config

" + }, "ProfileId":{ "type":"string", "documentation":"

Identifier of the customer profile

", @@ -1840,6 +1933,22 @@ }, "documentation":"

The request for PutConnectInstanceIntegration API.

" }, + "PutInstanceCommunicationLimitsRequest":{ + "type":"structure", + "required":[ + "connectInstanceId", + "communicationLimitsConfig" + ], + "members":{ + "connectInstanceId":{ + "shape":"InstanceId", + "location":"uri", + "locationName":"connectInstanceId" + }, + "communicationLimitsConfig":{"shape":"InstanceCommunicationLimitsConfig"} + }, + "documentation":"

The request for PutInstanceCommunicationLimits API.

" + }, "PutOutboundRequestBatchRequest":{ "type":"structure", "required":[ @@ -2257,7 +2366,8 @@ "members":{ "progressive":{"shape":"ProgressiveConfig"}, "predictive":{"shape":"PredictiveConfig"}, - "agentless":{"shape":"AgentlessConfig"} + "agentless":{"shape":"AgentlessConfig"}, + "preview":{"shape":"PreviewConfig"} }, "documentation":"

Telephony Outbound Mode

", "union":true @@ -2319,6 +2429,21 @@ "min":0, "pattern":"[a-zA-Z0-9_\\-/]*" }, + "TimeoutConfig":{ + "type":"structure", + "required":["durationInSeconds"], + "members":{ + "durationInSeconds":{"shape":"TimeoutDuration"} + }, + "documentation":"

Timeout Config for preview contacts.

" + }, + "TimeoutDuration":{ + "type":"integer", + "documentation":"

Timeout duration for a preview contact in seconds.

", + "box":true, + "max":300, + "min":1 + }, "UntagResourceRequest":{ "type":"structure", "required":[ diff -pruN 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/paginators-1.json 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/paginators-1.json --- 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "relatedItems" + }, + "ListCaseRules": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "caseRules" + }, + "SearchAllRelatedItems": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "relatedItems" } } } diff -pruN 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/service-2.json 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/service-2.json --- 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-10-03", + "auth":["aws.auth#sigv4"], "endpointPrefix":"cases", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"ConnectCases", "serviceFullName":"Amazon Connect Cases", "serviceId":"ConnectCases", @@ -13,6 +14,25 @@ "uid":"connectcases-2022-10-03" }, "operations":{ + "BatchGetCaseRule":{ + "name":"BatchGetCaseRule", + "http":{ + "method":"POST", + "requestUri":"/domains/{domainId}/rules-batch", + "responseCode":200 + }, + "input":{"shape":"BatchGetCaseRuleRequest"}, + "output":{"shape":"BatchGetCaseRuleResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Gets a batch of case rules. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "readonly":true + }, "BatchGetField":{ "name":"BatchGetField", "http":{ @@ -29,7 +49,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the description for the list of fields in the request parameters.

" + "documentation":"

Returns the description for the list of fields in the request parameters.

", + "readonly":true }, "BatchPutFieldOptions":{ "name":"BatchPutFieldOptions", @@ -68,7 +89,28 @@ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"} ], - "documentation":"

If you provide a value for PerformedBy.UserArn you must also have connect:DescribeUser permission on the User ARN resource that you provide

 
 <p>Creates a case in the specified Cases domain. Case system and custom fields are taken as an array id/value pairs with a declared data types.</p> <p>The following fields are required when creating a case:</p> <ul> <li> <p> <code>customer_id</code> - You must provide the full customer profile ARN in this format: <code>arn:aws:profile:your_AWS_Region:your_AWS_account ID:domains/your_profiles_domain_name/profiles/profile_ID</code> </p> </li> <li> <p> <code>title</code> </p> </li> </ul>
", + "documentation":"

If you provide a value for PerformedBy.UserArn you must also have connect:DescribeUser permission on the User ARN resource that you provide

Creates a case in the specified Cases domain. Case system and custom fields are taken as an array id/value pairs with a declared data types.

The following fields are required when creating a case:

  • customer_id - You must provide the full customer profile ARN in this format: arn:aws:profile:your_AWS_Region:your_AWS_account ID:domains/your_profiles_domain_name/profiles/profile_ID

  • title

", + "idempotent":true + }, + "CreateCaseRule":{ + "name":"CreateCaseRule", + "http":{ + "method":"POST", + "requestUri":"/domains/{domainId}/case-rules", + "responseCode":200 + }, + "input":{"shape":"CreateCaseRuleRequest"}, + "output":{"shape":"CreateCaseRuleResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates a new case rule. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", "idempotent":true }, "CreateDomain":{ @@ -88,7 +130,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a domain, which is a container for all case data, such as cases, fields, templates and layouts. Each Amazon Connect instance can be associated with only one Cases domain.

This will not associate your connect instance to Cases domain. Instead, use the Amazon Connect CreateIntegrationAssociation API. You need specific IAM permissions to successfully associate the Cases domain. For more information, see Onboard to Cases.

 </important>
", + "documentation":"

Creates a domain, which is a container for all case data, such as cases, fields, templates and layouts. Each Amazon Connect instance can be associated with only one Cases domain.

This will not associate your connect instance to Cases domain. Instead, use the Amazon Connect CreateIntegrationAssociation API. You need specific IAM permissions to successfully associate the Cases domain. For more information, see Onboard to Cases.

", "idempotent":true }, "CreateField":{ @@ -149,7 +191,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a related item (comments, tasks, and contacts) and associates it with a case.

  • A Related Item is a resource that is associated with a case. It may or may not have an external identifier linking it to an external resource (for example, a contactArn). All Related Items have their own internal identifier, the relatedItemArn. Examples of related items include comments and contacts.

  • If you provide a value for performedBy.userArn you must also have DescribeUser permission on the ARN of the user that you provide.

 </note>
", + "documentation":"

Creates a related item (comments, tasks, and contacts) and associates it with a case.

There's a quota for the number of fields allowed in a Custom type related item. See Amazon Connect Cases quotas.

Use cases

Following are examples of related items that you may want to associate with a case:

  • Related contacts, such as calls, chats, emails tasks

  • Comments, for agent notes

  • SLAs, to capture target resolution goals

  • Cases, to capture related Amazon Connect Cases

  • Files, such as policy documentation or customer-provided attachments

  • Custom related items, which provide flexibility for you to define related items that such as bookings, orders, products, notices, and more

Important things to know

  • If you are associating a contact to a case by passing in Contact for a type, you must have DescribeContact permission on the ARN of the contact that you provide in content.contact.contactArn.

  • A Related Item is a resource that is associated with a case. It may or may not have an external identifier linking it to an external resource (for example, a contactArn). All Related Items have their own internal identifier, the relatedItemArn. Examples of related items include comments and contacts.

  • If you provide a value for performedBy.userArn you must also have DescribeUser permission on the ARN of the user that you provide.

  • The type field is reserved for internal use only.

Endpoints: See Amazon Connect endpoints and quotas.

", "idempotent":true }, "CreateTemplate":{ @@ -170,7 +212,45 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a template in the Cases domain. This template is used to define the case object model (that is, to define what data can be captured on cases) in a Cases domain. A template must have a unique name within a domain, and it must reference existing field IDs and layout IDs. Additionally, multiple fields with same IDs are not allowed within the same Template. A template can be either Active or Inactive, as indicated by its status. Inactive templates cannot be used to create cases.

", + "documentation":"

Creates a template in the Cases domain. This template is used to define the case object model (that is, to define what data can be captured on cases) in a Cases domain. A template must have a unique name within a domain, and it must reference existing field IDs and layout IDs. Additionally, multiple fields with same IDs are not allowed within the same Template. A template can be either Active or Inactive, as indicated by its status. Inactive templates cannot be used to create cases.

Other template APIs are:

", + "idempotent":true + }, + "DeleteCase":{ + "name":"DeleteCase", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{domainId}/cases/{caseId}", + "responseCode":200 + }, + "input":{"shape":"DeleteCaseRequest"}, + "output":{"shape":"DeleteCaseResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

The DeleteCase API permanently deletes a case and all its associated resources from the cases data store. After a successful deletion, you cannot:

  • Retrieve related items

  • Access audit history

  • Perform any operations that require the CaseID

This action is irreversible. After you delete a case, you cannot recover its data.

", + "idempotent":true + }, + "DeleteCaseRule":{ + "name":"DeleteCaseRule", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{domainId}/case-rules/{caseRuleId}", + "responseCode":200 + }, + "input":{"shape":"DeleteCaseRuleRequest"}, + "output":{"shape":"DeleteCaseRuleResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Deletes a case rule. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", "idempotent":true }, "DeleteDomain":{ @@ -190,7 +270,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"} ], - "documentation":"

Deletes a Cases domain.

 <note> <p>After deleting your domain you must disassociate the deleted domain from your Amazon Connect instance with another API call before being able to use Cases again with this Amazon Connect instance. See <a href="https://docs.aws.amazon.com/connect/latest/APIReference/API_DeleteIntegrationAssociation.html">DeleteIntegrationAssociation</a>.</p> </note>
", + "documentation":"

Deletes a Cases domain.

After deleting your domain you must disassociate the deleted domain from your Amazon Connect instance with another API call before being able to use Cases again with this Amazon Connect instance. See DeleteIntegrationAssociation.

", "idempotent":true }, "DeleteField":{ @@ -211,7 +291,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Deletes a field from a cases template. You can delete up to 100 fields per domain.

After a field is deleted:

  • You can still retrieve the field by calling BatchGetField.

  • You cannot update a deleted field by calling UpdateField; it throws a ValidationException.

  • Deleted fields are not included in the ListFields response.

  • Calling CreateCase with a deleted field throws a ValidationException denoting which field IDs in the request have been deleted.

  • Calling GetCase with a deleted field ID returns the deleted field's value if one exists.

  • Calling UpdateCase with a deleted field ID throws a ValidationException if the case does not already contain a value for the deleted field. Otherwise it succeeds, allowing you to update or remove (using emptyValue: {}) the field's value from the case.

  • GetTemplate does not return field IDs for deleted fields.

  • GetLayout does not return field IDs for deleted fields.

  • Calling SearchCases with the deleted field ID as a filter returns any cases that have a value for the deleted field that matches the filter criteria.

  • Calling SearchCases with a searchTerm value that matches a deleted field's value on a case returns the case in the response.

  • Calling BatchPutFieldOptions with a deleted field ID throw a ValidationException.

  • Calling GetCaseEventConfiguration does not return field IDs for deleted fields.

", + "documentation":"

Deletes a field from a cases template. You can delete up to 100 fields per domain.

After a field is deleted:

  • You can still retrieve the field by calling BatchGetField.

  • You cannot update a deleted field by calling UpdateField; it throws a ValidationException.

  • Deleted fields are not included in the ListFields response.

  • Calling CreateCase with a deleted field throws a ValidationException denoting which field identifiers in the request have been deleted.

  • Calling GetCase with a deleted field identifier returns the deleted field's value if one exists.

  • Calling UpdateCase with a deleted field ID throws a ValidationException if the case does not already contain a value for the deleted field. Otherwise it succeeds, allowing you to update or remove (using emptyValue: {}) the field's value from the case.

  • GetTemplate does not return field IDs for deleted fields.

  • GetLayout does not return field IDs for deleted fields.

  • Calling SearchCases with the deleted field ID as a filter returns any cases that have a value for the deleted field that matches the filter criteria.

  • Calling SearchCases with a searchTerm value that matches a deleted field's value on a case returns the case in the response.

  • Calling BatchPutFieldOptions with a deleted field ID throw a ValidationException.

  • Calling GetCaseEventConfiguration does not return field IDs for deleted fields.

", "idempotent":true }, "DeleteLayout":{ @@ -231,7 +311,26 @@ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"} ], - "documentation":"

Deletes a layout from a cases template. You can delete up to 100 layouts per domain.

 <p>After a layout is deleted:</p> <ul> <li> <p>You can still retrieve the layout by calling <code>GetLayout</code>.</p> </li> <li> <p>You cannot update a deleted layout by calling <code>UpdateLayout</code>; it throws a <code>ValidationException</code>.</p> </li> <li> <p>Deleted layouts are not included in the <code>ListLayouts</code> response.</p> </li> </ul>
", + "documentation":"

Deletes a layout from a cases template. You can delete up to 100 layouts per domain.

After a layout is deleted:

  • You can still retrieve the layout by calling GetLayout.

  • You cannot update a deleted layout by calling UpdateLayout; it throws a ValidationException.

  • Deleted layouts are not included in the ListLayouts response.

", + "idempotent":true + }, + "DeleteRelatedItem":{ + "name":"DeleteRelatedItem", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{domainId}/cases/{caseId}/related-items/{relatedItemId}", + "responseCode":200 + }, + "input":{"shape":"DeleteRelatedItemRequest"}, + "output":{"shape":"DeleteRelatedItemResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Deletes the related item resource under a case.

This API cannot be used on a FILE type related attachment. To delete this type of file, use the DeleteAttachedFile API

", "idempotent":true }, "DeleteTemplate":{ @@ -251,7 +350,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ConflictException"} ], - "documentation":"

Deletes a cases template. You can delete up to 100 templates per domain.

 <p>After a cases template is deleted:</p> <ul> <li> <p>You can still retrieve the template by calling <code>GetTemplate</code>.</p> </li> <li> <p>You cannot update the template. </p> </li> <li> <p>You cannot create a case by using the deleted template.</p> </li> <li> <p>Deleted templates are not included in the <code>ListTemplates</code> response.</p> </li> </ul>
", + "documentation":"

Deletes a cases template. You can delete up to 100 templates per domain.

After a cases template is deleted:

  • You can still retrieve the template by calling GetTemplate.

  • You cannot update the template.

  • You cannot create a case by using the deleted template.

  • Deleted templates are not included in the ListTemplates response.

", "idempotent":true }, "GetCase":{ @@ -270,7 +369,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns information about a specific case if it exists.

" + "documentation":"

Returns information about a specific case if it exists.

", + "readonly":true }, "GetCaseAuditEvents":{ "name":"GetCaseAuditEvents", @@ -288,7 +388,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the audit history about a specific case if it exists.

" + "documentation":"

Returns the audit history about a specific case if it exists.

", + "readonly":true }, "GetCaseEventConfiguration":{ "name":"GetCaseEventConfiguration", @@ -306,7 +407,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the case event publishing configuration.

" + "documentation":"

Returns the case event publishing configuration.

", + "readonly":true }, "GetDomain":{ "name":"GetDomain", @@ -324,7 +426,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns information about a specific domain if it exists.

" + "documentation":"

Returns information about a specific domain if it exists.

", + "readonly":true }, "GetLayout":{ "name":"GetLayout", @@ -342,7 +445,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the details for the requested layout.

" + "documentation":"

Returns the details for the requested layout.

", + "readonly":true }, "GetTemplate":{ "name":"GetTemplate", @@ -360,7 +464,27 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Returns the details for the requested template.

" + "documentation":"

Returns the details for the requested template. Other template APIs are:

", + "readonly":true + }, + "ListCaseRules":{ + "name":"ListCaseRules", + "http":{ + "method":"POST", + "requestUri":"/domains/{domainId}/rules-list/", + "responseCode":200 + }, + "input":{"shape":"ListCaseRulesRequest"}, + "output":{"shape":"ListCaseRulesResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Lists all case rules in a Cases domain. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "readonly":true }, "ListCasesForContact":{ "name":"ListCasesForContact", @@ -378,7 +502,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists cases for a given contact.

" + "documentation":"

Lists cases for a given contact.

", + "readonly":true }, "ListDomains":{ "name":"ListDomains", @@ -395,7 +520,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all cases domains in the Amazon Web Services account. Each list item is a condensed summary object of the domain.

" + "documentation":"

Lists all cases domains in the Amazon Web Services account. Each list item is a condensed summary object of the domain.

", + "readonly":true }, "ListFieldOptions":{ "name":"ListFieldOptions", @@ -413,7 +539,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all of the field options for a field identifier in the domain.

" + "documentation":"

Lists all of the field options for a field identifier in the domain.

", + "readonly":true }, "ListFields":{ "name":"ListFields", @@ -431,7 +558,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all fields in a Cases domain.

" + "documentation":"

Lists all fields in a Cases domain.

", + "readonly":true }, "ListLayouts":{ "name":"ListLayouts", @@ -449,7 +577,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all layouts in the given cases domain. Each list item is a condensed summary object of the layout.

" + "documentation":"

Lists all layouts in the given cases domain. Each list item is a condensed summary object of the layout.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -486,7 +615,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all of the templates in a Cases domain. Each list item is a condensed summary object of the template.

" + "documentation":"

Lists all of the templates in a Cases domain. Each list item is a condensed summary object of the template.

Other template APIs are:

", + "readonly":true }, "PutCaseEventConfiguration":{ "name":"PutCaseEventConfiguration", @@ -502,10 +632,30 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} ], "documentation":"

Adds case event publishing configuration. For a complete list of fields you can add to the event message, see Create case fields in the Amazon Connect Administrator Guide

" }, + "SearchAllRelatedItems":{ + "name":"SearchAllRelatedItems", + "http":{ + "method":"POST", + "requestUri":"/domains/{domainId}/related-items-search", + "responseCode":200 + }, + "input":{"shape":"SearchAllRelatedItemsRequest"}, + "output":{"shape":"SearchAllRelatedItemsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Searches for related items across all cases within a domain. This is a global search operation that returns related items from multiple cases, unlike the case-specific SearchRelatedItems API.

Use cases

Following are common uses cases for this API:

  • Find cases with similar issues across the domain. For example, search for all cases containing comments about \"product defect\" to identify patterns and existing solutions.

  • Locate all cases associated with specific contacts or orders. For example, find all cases linked to a contactArn to understand the complete customer journey.

  • Monitor SLA compliance across cases. For example, search for all cases with \"Active\" SLA status to prioritize remediation efforts.

Important things to know

  • This API returns case identifiers, not complete case objects. To retrieve full case details, you must make additional calls to the GetCase API for each returned case ID.

  • This API searches across related items content, not case fields. Use the SearchCases API to search within case field values.

Endpoints: See Amazon Connect endpoints and quotas.

", + "readonly":true + }, "SearchCases":{ "name":"SearchCases", "http":{ @@ -522,7 +672,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Searches for cases within their associated Cases domain. Search results are returned as a paginated list of abridged case documents.

For customer_id you must provide the full customer profile ARN in this format: arn:aws:profile:your AWS Region:your AWS account ID:domains/profiles domain name/profiles/profile ID.

" + "documentation":"

Searches for cases within their associated Cases domain. Search results are returned as a paginated list of abridged case documents.

For customer_id you must provide the full customer profile ARN in this format: arn:aws:profile:your AWS Region:your AWS account ID:domains/profiles domain name/profiles/profile ID.

", + "readonly":true }, "SearchRelatedItems":{ "name":"SearchRelatedItems", @@ -540,7 +691,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Searches for related items that are associated with a case.

If no filters are provided, this returns all related items associated with a case.

" + "documentation":"

Searches for related items that are associated with a case.

If no filters are provided, this returns all related items associated with a case.

", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -594,7 +746,28 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

If you provide a value for PerformedBy.UserArn you must also have connect:DescribeUser permission on the User ARN resource that you provide

 
 <p>Updates the values of fields on a case. Fields to be updated are received as an array of id/value pairs identical to the <code>CreateCase</code> input .</p> <p>If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.</p>
" + "documentation":"

If you provide a value for PerformedBy.UserArn you must also have connect:DescribeUser permission on the User ARN resource that you provide

Updates the values of fields on a case. Fields to be updated are received as an array of id/value pairs identical to the CreateCase input .

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

" + }, + "UpdateCaseRule":{ + "name":"UpdateCaseRule", + "http":{ + "method":"PUT", + "requestUri":"/domains/{domainId}/case-rules/{caseRuleId}", + "responseCode":200 + }, + "input":{"shape":"UpdateCaseRuleRequest"}, + "output":{"shape":"UpdateCaseRuleResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Updates a case rule. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "idempotent":true }, "UpdateField":{ "name":"UpdateField", @@ -652,9 +825,10 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Updates the attributes of an existing template. The template attributes that can be modified include name, description, layoutConfiguration, requiredFields, and status. At least one of these attributes must not be null. If a null value is provided for a given attribute, that attribute is ignored and its current value is preserved.

", + "documentation":"

Updates the attributes of an existing template. The template attributes that can be modified include name, description, layoutConfiguration, requiredFields, and status. At least one of these attributes must not be null. If a null value is provided for a given attribute, that attribute is ignored and its current value is preserved.

Other template APIs are:

", "idempotent":true } }, @@ -685,34 +859,34 @@ "type":"structure", "required":[ "eventId", - "fields", + "type", "performedTime", - "type" + "fields" ], "members":{ "eventId":{ "shape":"AuditEventId", "documentation":"

Unique identifier of a case audit history event.

" }, - "fields":{ - "shape":"AuditEventFieldList", - "documentation":"

A list of Case Audit History event fields.

" + "type":{ + "shape":"AuditEventType", + "documentation":"

The Type of an audit history event.

" }, - "performedBy":{ - "shape":"AuditEventPerformedBy", - "documentation":"

Information of the user which performed the audit.

" + "relatedItemType":{ + "shape":"RelatedItemType", + "documentation":"

The Type of the related item.

" }, "performedTime":{ "shape":"AuditEventDateTime", "documentation":"

Time at which an Audit History event took place.

" }, - "relatedItemType":{ - "shape":"RelatedItemType", - "documentation":"

The Type of the related item.

" + "fields":{ + "shape":"AuditEventFieldList", + "documentation":"

A list of Case Audit History event fields.

" }, - "type":{ - "shape":"AuditEventType", - "documentation":"

The Type of an audit history event.

" + "performedBy":{ + "shape":"AuditEventPerformedBy", + "documentation":"

Information of the user which performed the audit.

" } }, "documentation":"

Represents the content of a particular audit event.

" @@ -732,11 +906,11 @@ "shape":"AuditEventFieldId", "documentation":"

Unique identifier of field in an Audit History entry.

" }, - "newValue":{ + "oldValue":{ "shape":"AuditEventFieldValueUnion", "documentation":"

Union of potential field value types.

" }, - "oldValue":{ + "newValue":{ "shape":"AuditEventFieldValueUnion", "documentation":"

Union of potential field value types.

" } @@ -755,19 +929,19 @@ "AuditEventFieldValueUnion":{ "type":"structure", "members":{ - "booleanValue":{ - "shape":"Boolean", - "documentation":"

Can be either null, or have a Boolean value type. Only one value can be provided.

" + "stringValue":{ + "shape":"AuditEventFieldValueUnionStringValueString", + "documentation":"

Can be either null, or have a String value type. Only one value can be provided.

" }, "doubleValue":{ "shape":"Double", "documentation":"

Can be either null, or have a Double value type. Only one value can be provided.

" }, - "emptyValue":{"shape":"EmptyFieldValue"}, - "stringValue":{ - "shape":"AuditEventFieldValueUnionStringValueString", - "documentation":"

Can be either null, or have a String value type. Only one value can be provided.

" + "booleanValue":{ + "shape":"Boolean", + "documentation":"

Can be either null, or have a Boolean value type. Only one value can be provided.

" }, + "emptyValue":{"shape":"EmptyFieldValue"}, "userArnValue":{ "shape":"String", "documentation":"

Can be either null, or have a String value type formatted as an ARN. Only one value can be provided.

" @@ -790,11 +964,11 @@ "type":"structure", "required":["iamPrincipalArn"], "members":{ + "user":{"shape":"UserUnion"}, "iamPrincipalArn":{ "shape":"IamPrincipalArn", "documentation":"

Unique identifier of an IAM role.

" - }, - "user":{"shape":"UserUnion"} + } }, "documentation":"

Information of the user which performed the audit.

" }, @@ -809,17 +983,75 @@ "BasicLayout":{ "type":"structure", "members":{ - "moreInfo":{ - "shape":"LayoutSections", - "documentation":"

This represents sections in a tab of the page layout.

" - }, "topPanel":{ "shape":"LayoutSections", "documentation":"

This represents sections in a panel of the page layout.

" + }, + "moreInfo":{ + "shape":"LayoutSections", + "documentation":"

This represents sections in a tab of the page layout.

" } }, "documentation":"

Content specific to BasicLayout type. It configures fields in the top panel and More Info tab of agent application.

" }, + "BatchGetCaseRuleRequest":{ + "type":"structure", + "required":[ + "domainId", + "caseRules" + ], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

Unique identifier of a Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "caseRules":{ + "shape":"CaseRuleIdentifierList", + "documentation":"

A list of case rule identifiers.

" + } + } + }, + "BatchGetCaseRuleResponse":{ + "type":"structure", + "required":[ + "caseRules", + "errors" + ], + "members":{ + "caseRules":{ + "shape":"BatchGetCaseRuleResponseCaseRulesList", + "documentation":"

A list of detailed case rule information.

" + }, + "errors":{ + "shape":"BatchGetCaseRuleResponseErrorsList", + "documentation":"

A list of case rule errors.

" + }, + "unprocessedCaseRules":{ + "shape":"BatchGetCaseRuleResponseUnprocessedCaseRulesList", + "documentation":"

A list of unprocessed case rule identifiers.

" + } + } + }, + "BatchGetCaseRuleResponseCaseRulesList":{ + "type":"list", + "member":{"shape":"GetCaseRuleResponse"}, + "max":50, + "min":0 + }, + "BatchGetCaseRuleResponseErrorsList":{ + "type":"list", + "member":{"shape":"CaseRuleError"}, + "max":50, + "min":0 + }, + "BatchGetCaseRuleResponseUnprocessedCaseRulesList":{ + "type":"list", + "member":{"shape":"CaseRuleId"}, + "max":50, + "min":0 + }, "BatchGetFieldIdentifierList":{ "type":"list", "member":{"shape":"FieldIdentifier"}, @@ -848,17 +1080,17 @@ "BatchGetFieldResponse":{ "type":"structure", "required":[ - "errors", - "fields" + "fields", + "errors" ], "members":{ - "errors":{ - "shape":"BatchGetFieldResponseErrorsList", - "documentation":"

A list of field errors.

" - }, "fields":{ "shape":"BatchGetFieldResponseFieldsList", "documentation":"

A list of detailed field information.

" + }, + "errors":{ + "shape":"BatchGetFieldResponseErrorsList", + "documentation":"

A list of field errors.

" } } }, @@ -925,6 +1157,50 @@ "type":"boolean", "box":true }, + "BooleanCondition":{ + "type":"structure", + "members":{ + "equalTo":{ + "shape":"BooleanOperands", + "documentation":"

Tests that operandOne is equal to operandTwo.

" + }, + "notEqualTo":{ + "shape":"BooleanOperands", + "documentation":"

Tests that operandOne is not equal to operandTwo.

" + } + }, + "documentation":"

Boolean condition for a rule. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "union":true + }, + "BooleanConditionList":{ + "type":"list", + "member":{"shape":"BooleanCondition"}, + "max":100, + "min":0 + }, + "BooleanOperands":{ + "type":"structure", + "required":[ + "operandOne", + "operandTwo", + "result" + ], + "members":{ + "operandOne":{ + "shape":"OperandOne", + "documentation":"

Represents the left hand operand in the condition.

" + }, + "operandTwo":{ + "shape":"OperandTwo", + "documentation":"

Represents the right hand operand in the condition.

" + }, + "result":{ + "shape":"Boolean", + "documentation":"

The value of the outer rule if the condition evaluates to true.

" + } + }, + "documentation":"

Boolean operands for a condition. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, "CaseArn":{ "type":"string", "max":500, @@ -950,15 +1226,15 @@ "CaseFilter":{ "type":"structure", "members":{ - "andAll":{ - "shape":"CaseFilterAndAllList", - "documentation":"

Provides \"and all\" filtering.

" - }, "field":{ "shape":"FieldFilter", "documentation":"

A list of fields to filter on.

" }, "not":{"shape":"CaseFilter"}, + "andAll":{ + "shape":"CaseFilterAndAllList", + "documentation":"

Provides \"and all\" filtering.

" + }, "orAll":{ "shape":"CaseFilterOrAllList", "documentation":"

Provides \"or all\" filtering.

" @@ -984,6 +1260,117 @@ "max":500, "min":1 }, + "CaseRuleArn":{ + "type":"string", + "max":500, + "min":1 + }, + "CaseRuleDescription":{ + "type":"string", + "max":255, + "min":0 + }, + "CaseRuleDetails":{ + "type":"structure", + "members":{ + "required":{ + "shape":"RequiredCaseRule", + "documentation":"

Required rule type, used to indicate whether a field is required.

" + }, + "fieldOptions":{ + "shape":"FieldOptionsCaseRule", + "documentation":"

Which options are available in a child field based on the selected value in a parent field.

" + }, + "hidden":{ + "shape":"HiddenCaseRule", + "documentation":"

Whether a field is visible, based on values in other fields.

" + } + }, + "documentation":"

Represents what rule type should take place, under what conditions. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "union":true + }, + "CaseRuleError":{ + "type":"structure", + "required":[ + "id", + "errorCode" + ], + "members":{ + "id":{ + "shape":"CaseRuleId", + "documentation":"

The case rule identifier that caused the error.

" + }, + "errorCode":{ + "shape":"String", + "documentation":"

Error code from getting a case rule.

" + }, + "message":{ + "shape":"String", + "documentation":"

Error message from getting a case rule.

" + } + }, + "documentation":"

Error for batch describe case rules API failure. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, + "CaseRuleId":{ + "type":"string", + "max":500, + "min":1 + }, + "CaseRuleIdentifier":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

" + } + }, + "documentation":"

Object containing case rule identifier information.

" + }, + "CaseRuleIdentifierList":{ + "type":"list", + "member":{"shape":"CaseRuleIdentifier"}, + "max":50, + "min":1 + }, + "CaseRuleName":{ + "type":"string", + "max":100, + "min":1, + "pattern":".*[\\S]" + }, + "CaseRuleSummary":{ + "type":"structure", + "required":[ + "caseRuleId", + "name", + "caseRuleArn", + "ruleType" + ], + "members":{ + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

" + }, + "name":{ + "shape":"CaseRuleName", + "documentation":"

Name of the case rule.

" + }, + "caseRuleArn":{ + "shape":"CaseRuleArn", + "documentation":"

The Amazon Resource Name (ARN) of the case rule.

" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"

Possible types for a rule.

" + }, + "description":{ + "shape":"CaseRuleDescription", + "documentation":"

Description of a case rule.

" + } + }, + "documentation":"

Summary information of this case rule. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, "CaseSummary":{ "type":"structure", "required":[ @@ -1009,7 +1396,7 @@ }, "CommentBody":{ "type":"string", - "max":3000, + "max":15000, "min":1 }, "CommentBodyTextType":{ @@ -1036,8 +1423,7 @@ }, "CommentFilter":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A filter for related items of type Comment.

" }, "ConflictException":{ @@ -1053,6 +1439,38 @@ }, "exception":true }, + "ConnectCaseContent":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

" + } + }, + "documentation":"

Represents the content of a ConnectCase type related item.

" + }, + "ConnectCaseFilter":{ + "type":"structure", + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

" + } + }, + "documentation":"

A filter for related items of type ConnectCase.

" + }, + "ConnectCaseInputContent":{ + "type":"structure", + "required":["caseId"], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

" + } + }, + "documentation":"

Represents the content of a ConnectCase related item.

" + }, "ConnectedToSystemTime":{ "type":"timestamp", "timestampFormat":"iso8601" @@ -1076,11 +1494,15 @@ "ContactContent":{ "type":"structure", "required":[ + "contactArn", "channel", - "connectedToSystemTime", - "contactArn" + "connectedToSystemTime" ], "members":{ + "contactArn":{ + "shape":"ContactArn", + "documentation":"

A unique identifier of a contact in Amazon Connect.

" + }, "channel":{ "shape":"Channel", "documentation":"

A list of channels to filter on for related items of type Contact.

" @@ -1088,10 +1510,6 @@ "connectedToSystemTime":{ "shape":"ConnectedToSystemTime", "documentation":"

The difference between the InitiationTimestamp and the DisconnectTimestamp of the contact.

" - }, - "contactArn":{ - "shape":"ContactArn", - "documentation":"

A unique identifier of a contact in Amazon Connect.

" } }, "documentation":"

An object that represents a content of an Amazon Connect contact object.

" @@ -1120,30 +1538,30 @@ "type":"structure", "required":[ "domainId", - "fields", - "templateId" + "templateId", + "fields" ], "members":{ - "clientToken":{ - "shape":"CreateCaseRequestClientTokenString", - "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", - "idempotencyToken":true - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, + "templateId":{ + "shape":"TemplateId", + "documentation":"

A unique identifier of a template.

" + }, "fields":{ "shape":"CreateCaseRequestFieldsList", "documentation":"

An array of objects with field ID (matching ListFields/DescribeField) and value union data.

" }, - "performedBy":{"shape":"UserUnion"}, - "templateId":{ - "shape":"TemplateId", - "documentation":"

A unique identifier of a template.

" - } + "clientToken":{ + "shape":"CreateCaseRequestClientTokenString", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

", + "idempotencyToken":true + }, + "performedBy":{"shape":"UserUnion"} } }, "CreateCaseRequestClientTokenString":{ @@ -1160,17 +1578,62 @@ "CreateCaseResponse":{ "type":"structure", "required":[ - "caseArn", - "caseId" + "caseId", + "caseArn" ], "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

" + }, "caseArn":{ "shape":"CaseArn", "documentation":"

The Amazon Resource Name (ARN) of the case.

" + } + } + }, + "CreateCaseRuleRequest":{ + "type":"structure", + "required":[ + "domainId", + "name", + "rule" + ], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

Unique identifier of a Cases domain.

", + "location":"uri", + "locationName":"domainId" }, - "caseId":{ - "shape":"CaseId", - "documentation":"

A unique identifier of the case.

" + "name":{ + "shape":"CaseRuleName", + "documentation":"

Name of the case rule.

" + }, + "description":{ + "shape":"CaseRuleDescription", + "documentation":"

The description of a case rule.

" + }, + "rule":{ + "shape":"CaseRuleDetails", + "documentation":"

Represents what rule type should take place, under what conditions.

" + } + } + }, + "CreateCaseRuleResponse":{ + "type":"structure", + "required":[ + "caseRuleId", + "caseRuleArn" + ], + "members":{ + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

" + }, + "caseRuleArn":{ + "shape":"CaseRuleArn", + "documentation":"

The Amazon Resource Name (ARN) of a case rule.

" } } }, @@ -1187,19 +1650,19 @@ "CreateDomainResponse":{ "type":"structure", "required":[ - "domainArn", "domainId", + "domainArn", "domainStatus" ], "members":{ - "domainArn":{ - "shape":"DomainArn", - "documentation":"

The Amazon Resource Name (ARN) for the Cases domain.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

" }, + "domainArn":{ + "shape":"DomainArn", + "documentation":"

The Amazon Resource Name (ARN) for the Cases domain.

" + }, "domainStatus":{ "shape":"DomainStatus", "documentation":"

The status of the domain.

" @@ -1214,10 +1677,6 @@ "type" ], "members":{ - "description":{ - "shape":"FieldDescription", - "documentation":"

The description of the field.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", @@ -1231,38 +1690,38 @@ "type":{ "shape":"FieldType", "documentation":"

Defines the data type, some system constraints, and default display of the field.

" + }, + "description":{ + "shape":"FieldDescription", + "documentation":"

The description of the field.

" } } }, "CreateFieldResponse":{ "type":"structure", "required":[ - "fieldArn", - "fieldId" + "fieldId", + "fieldArn" ], "members":{ - "fieldArn":{ - "shape":"FieldArn", - "documentation":"

The Amazon Resource Name (ARN) of the field.

" - }, "fieldId":{ "shape":"FieldId", "documentation":"

The unique identifier of a field.

" + }, + "fieldArn":{ + "shape":"FieldArn", + "documentation":"

The Amazon Resource Name (ARN) of the field.

" } } }, "CreateLayoutRequest":{ "type":"structure", "required":[ - "content", "domainId", - "name" + "name", + "content" ], "members":{ - "content":{ - "shape":"LayoutContent", - "documentation":"

Information about which fields will be present in the layout, and information about the order of the fields.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", @@ -1272,75 +1731,79 @@ "name":{ "shape":"LayoutName", "documentation":"

The name of the layout. It must be unique for the Cases domain.

" + }, + "content":{ + "shape":"LayoutContent", + "documentation":"

Information about which fields will be present in the layout, and information about the order of the fields.

" } } }, "CreateLayoutResponse":{ "type":"structure", "required":[ - "layoutArn", - "layoutId" + "layoutId", + "layoutArn" ], "members":{ - "layoutArn":{ - "shape":"LayoutArn", - "documentation":"

The Amazon Resource Name (ARN) of the newly created layout.

" - }, "layoutId":{ "shape":"LayoutId", "documentation":"

The unique identifier of the layout.

" + }, + "layoutArn":{ + "shape":"LayoutArn", + "documentation":"

The Amazon Resource Name (ARN) of the newly created layout.

" } } }, "CreateRelatedItemRequest":{ "type":"structure", "required":[ - "caseId", - "content", "domainId", - "type" + "caseId", + "type", + "content" ], "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

The unique identifier of the Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, "caseId":{ "shape":"CaseId", "documentation":"

A unique identifier of the case.

", "location":"uri", "locationName":"caseId" }, + "type":{ + "shape":"RelatedItemType", + "documentation":"

The type of a related item.

" + }, "content":{ "shape":"RelatedItemInputContent", "documentation":"

The content of a related item to be created.

" }, - "domainId":{ - "shape":"DomainId", - "documentation":"

The unique identifier of the Cases domain.

", - "location":"uri", - "locationName":"domainId" - }, "performedBy":{ "shape":"UserUnion", "documentation":"

Represents the creator of the related item.

" - }, - "type":{ - "shape":"RelatedItemType", - "documentation":"

The type of a related item.

" } } }, "CreateRelatedItemResponse":{ "type":"structure", "required":[ - "relatedItemArn", - "relatedItemId" + "relatedItemId", + "relatedItemArn" ], "members":{ - "relatedItemArn":{ - "shape":"RelatedItemArn", - "documentation":"

The Amazon Resource Name (ARN) of the related item.

" - }, "relatedItemId":{ "shape":"RelatedItemId", "documentation":"

The unique identifier of the related item.

" + }, + "relatedItemArn":{ + "shape":"RelatedItemArn", + "documentation":"

The Amazon Resource Name (ARN) of the related item.

" } } }, @@ -1351,24 +1814,24 @@ "name" ], "members":{ - "description":{ - "shape":"TemplateDescription", - "documentation":"

A brief description of the template.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, - "layoutConfiguration":{ - "shape":"LayoutConfiguration", - "documentation":"

Configuration of layouts associated to the template.

" - }, "name":{ "shape":"TemplateName", "documentation":"

A name for the template. It must be unique per domain.

" }, + "description":{ + "shape":"TemplateDescription", + "documentation":"

A brief description of the template.

" + }, + "layoutConfiguration":{ + "shape":"LayoutConfiguration", + "documentation":"

Configuration of layouts associated to the template.

" + }, "requiredFields":{ "shape":"RequiredFieldList", "documentation":"

A list of fields that must contain a value for a case to be successfully created with this template.

" @@ -1376,23 +1839,27 @@ "status":{ "shape":"TemplateStatus", "documentation":"

The status of the template.

" + }, + "rules":{ + "shape":"TemplateCaseRuleList", + "documentation":"

A list of case rules (also known as case field conditions) on a template.

" } } }, "CreateTemplateResponse":{ "type":"structure", "required":[ - "templateArn", - "templateId" + "templateId", + "templateArn" ], "members":{ - "templateArn":{ - "shape":"TemplateArn", - "documentation":"

The Amazon Resource Name (ARN) of the newly created template.

" - }, "templateId":{ "shape":"TemplateId", "documentation":"

A unique identifier of a template.

" + }, + "templateArn":{ + "shape":"TemplateArn", + "documentation":"

The Amazon Resource Name (ARN) of the newly created template.

" } } }, @@ -1400,6 +1867,133 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "CustomContent":{ + "type":"structure", + "required":["fields"], + "members":{ + "fields":{ + "shape":"FieldValueList", + "documentation":"

List of field values for the Custom related item.

" + } + }, + "documentation":"

Represents the content of a Custom type related item.

" + }, + "CustomEntity":{ + "type":"string", + "max":500, + "min":1, + "pattern":"[a-zA-Z0-9_\\-\\.@:/ ]*[a-zA-Z0-9_\\-\\.@:/]", + "sensitive":true + }, + "CustomFieldsFilter":{ + "type":"structure", + "members":{ + "field":{"shape":"FieldFilter"}, + "not":{ + "shape":"CustomFieldsFilter", + "documentation":"

Excludes items matching the filter.

" + }, + "andAll":{ + "shape":"CustomFieldsFilterAndAllList", + "documentation":"

Provides \"and all\" filtering.

" + }, + "orAll":{ + "shape":"CustomFieldsFilterOrAllList", + "documentation":"

Provides \"or all\" filtering.

" + } + }, + "documentation":"

A filter for fields in Custom type related items. Only one value can be provided.

", + "union":true + }, + "CustomFieldsFilterAndAllList":{ + "type":"list", + "member":{"shape":"CustomFieldsFilter"}, + "max":10, + "min":0 + }, + "CustomFieldsFilterOrAllList":{ + "type":"list", + "member":{"shape":"CustomFieldsFilter"}, + "max":10, + "min":0 + }, + "CustomFilter":{ + "type":"structure", + "members":{ + "fields":{ + "shape":"CustomFieldsFilter", + "documentation":"

Filter conditions for custom fields.

" + } + }, + "documentation":"

A filter for related items of type Custom.

" + }, + "CustomInputContent":{ + "type":"structure", + "required":["fields"], + "members":{ + "fields":{ + "shape":"CustomInputContentFieldsList", + "documentation":"

List of field values for the Custom related item.

" + } + }, + "documentation":"

Represents the content of a Custom related item.

" + }, + "CustomInputContentFieldsList":{ + "type":"list", + "member":{"shape":"FieldValue"}, + "max":50, + "min":1 + }, + "DeleteCaseRequest":{ + "type":"structure", + "required":[ + "domainId", + "caseId" + ], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

A unique identifier of the Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

", + "location":"uri", + "locationName":"caseId" + } + } + }, + "DeleteCaseResponse":{ + "type":"structure", + "members":{} + }, + "DeleteCaseRuleRequest":{ + "type":"structure", + "required":[ + "domainId", + "caseRuleId" + ], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

Unique identifier of a Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

", + "location":"uri", + "locationName":"caseRuleId" + } + } + }, + "DeleteCaseRuleResponse":{ + "type":"structure", + "members":{} + }, "DeleteDomainRequest":{ "type":"structure", "required":["domainId"], @@ -1414,8 +2008,7 @@ }, "DeleteDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFieldRequest":{ "type":"structure", @@ -1440,8 +2033,7 @@ }, "DeleteFieldResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLayoutRequest":{ "type":"structure", @@ -1466,9 +2058,40 @@ }, "DeleteLayoutResponse":{ "type":"structure", + "members":{} + }, + "DeleteRelatedItemRequest":{ + "type":"structure", + "required":[ + "domainId", + "caseId", + "relatedItemId" + ], "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

A unique identifier of the Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

", + "location":"uri", + "locationName":"caseId" + }, + "relatedItemId":{ + "shape":"RelatedItemId", + "documentation":"

A unique identifier of a related item.

", + "location":"uri", + "locationName":"relatedItemId" + } } }, + "DeleteRelatedItemResponse":{ + "type":"structure", + "members":{} + }, "DeleteTemplateRequest":{ "type":"structure", "required":[ @@ -1492,8 +2115,7 @@ }, "DeleteTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Deleted":{"type":"boolean"}, "DomainArn":{ @@ -1510,7 +2132,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" }, "DomainStatus":{ "type":"string", @@ -1523,19 +2145,19 @@ "DomainSummary":{ "type":"structure", "required":[ - "domainArn", "domainId", + "domainArn", "name" ], "members":{ - "domainArn":{ - "shape":"DomainArn", - "documentation":"

The Amazon Resource Name (ARN) of the domain.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the domain.

" }, + "domainArn":{ + "shape":"DomainArn", + "documentation":"

The Amazon Resource Name (ARN) of the domain.

" + }, "name":{ "shape":"DomainName", "documentation":"

The name of the domain.

" @@ -1553,10 +2175,14 @@ }, "EmptyFieldValue":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An empty value. You cannot set EmptyFieldValue on a field that is required on a case template.

This structure will never have any data members. It signifies an empty value on a case field.

" }, + "EmptyOperandValue":{ + "type":"structure", + "members":{}, + "documentation":"

Represents an empty operand value. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, "EventBridgeConfiguration":{ "type":"structure", "required":["enabled"], @@ -1599,18 +2225,18 @@ "FieldError":{ "type":"structure", "required":[ - "errorCode", - "id" + "id", + "errorCode" ], "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

The error code from getting a field.

" - }, "id":{ "shape":"FieldId", "documentation":"

The field identifier that caused the error.

" }, + "errorCode":{ + "shape":"String", + "documentation":"

The error code from getting a field.

" + }, "message":{ "shape":"String", "documentation":"

The error message from getting a field.

" @@ -1621,11 +2247,11 @@ "FieldFilter":{ "type":"structure", "members":{ - "contains":{ + "equalTo":{ "shape":"FieldValue", "documentation":"

Object containing field identifier and value information.

" }, - "equalTo":{ + "contains":{ "shape":"FieldValue", "documentation":"

Object containing field identifier and value information.

" }, @@ -1653,13 +2279,13 @@ "type":"structure", "required":["fields"], "members":{ - "fields":{ - "shape":"FieldGroupFieldsList", - "documentation":"

Represents an ordered list containing field related information.

" - }, "name":{ "shape":"FieldGroupNameString", "documentation":"

Name of the field group.

" + }, + "fields":{ + "shape":"FieldGroupFieldsList", + "documentation":"

Represents an ordered list containing field related information.

" } }, "documentation":"

Object for a group of fields and associated properties.

" @@ -1706,7 +2332,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" }, "FieldNamespace":{ "type":"string", @@ -1718,15 +2344,11 @@ "FieldOption":{ "type":"structure", "required":[ - "active", "name", - "value" + "value", + "active" ], "members":{ - "active":{ - "shape":"Boolean", - "documentation":"

Describes whether the FieldOption is active (displayed) or inactive.

" - }, "name":{ "shape":"FieldOptionName", "documentation":"

FieldOptionName has max length 100 and disallows trailing spaces.

" @@ -1734,6 +2356,10 @@ "value":{ "shape":"FieldOptionValue", "documentation":"

FieldOptionValue has max length 100 and must be alphanumeric with hyphens and underscores.

" + }, + "active":{ + "shape":"Boolean", + "documentation":"

Describes whether the FieldOption is active (displayed) or inactive.

" } }, "documentation":"

Object for field Options information.

" @@ -1741,19 +2367,19 @@ "FieldOptionError":{ "type":"structure", "required":[ - "errorCode", "message", + "errorCode", "value" ], "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

Error code from creating or updating field option.

" - }, "message":{ "shape":"String", "documentation":"

Error message from creating or updating field option.

" }, + "errorCode":{ + "shape":"String", + "documentation":"

Error code from creating or updating field option.

" + }, "value":{ "shape":"FieldOptionValue", "documentation":"

The field option value that caused the error.

" @@ -1765,13 +2391,32 @@ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" }, "FieldOptionValue":{ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" + }, + "FieldOptionsCaseRule":{ + "type":"structure", + "required":["parentChildFieldOptionsMappings"], + "members":{ + "parentFieldId":{ + "shape":"FieldId", + "documentation":"

The identifier of the parent field that controls options.

" + }, + "childFieldId":{ + "shape":"FieldId", + "documentation":"

The identifier of the child field whose options are controlled.

" + }, + "parentChildFieldOptionsMappings":{ + "shape":"ParentChildFieldOptionsMappingList", + "documentation":"

A mapping between a parent field option value and child field option values.

" + } + }, + "documentation":"

Rules that control which options are available in a child field based on the selected value in a parent field.

" }, "FieldOptionsList":{ "type":"list", @@ -1780,32 +2425,32 @@ "FieldSummary":{ "type":"structure", "required":[ - "fieldArn", "fieldId", + "fieldArn", "name", - "namespace", - "type" + "type", + "namespace" ], "members":{ - "fieldArn":{ - "shape":"FieldArn", - "documentation":"

The Amazon Resource Name (ARN) of the field.

" - }, "fieldId":{ "shape":"FieldId", "documentation":"

The unique identifier of a field.

" }, + "fieldArn":{ + "shape":"FieldArn", + "documentation":"

The Amazon Resource Name (ARN) of the field.

" + }, "name":{ "shape":"FieldName", "documentation":"

Name of the field.

" }, - "namespace":{ - "shape":"FieldNamespace", - "documentation":"

The namespace of a field.

" - }, "type":{ "shape":"FieldType", "documentation":"

The type of a field.

" + }, + "namespace":{ + "shape":"FieldNamespace", + "documentation":"

The namespace of a field.

" } }, "documentation":"

Object for the summarized details of the field.

" @@ -1840,36 +2485,40 @@ }, "documentation":"

Object for case field values.

" }, + "FieldValueList":{ + "type":"list", + "member":{"shape":"FieldValue"} + }, "FieldValueUnion":{ "type":"structure", "members":{ - "booleanValue":{ - "shape":"Boolean", - "documentation":"

Can be either null, or have a Boolean value type. Only one value can be provided.

" + "stringValue":{ + "shape":"FieldValueUnionStringValueString", + "documentation":"

String value type.

" }, "doubleValue":{ "shape":"Double", "documentation":"

Can be either null, or have a Double number value type. Only one value can be provided.

" }, + "booleanValue":{ + "shape":"Boolean", + "documentation":"

Can be either null, or have a Boolean value type. Only one value can be provided.

" + }, "emptyValue":{ "shape":"EmptyFieldValue", "documentation":"

An empty value.

" }, - "stringValue":{ - "shape":"FieldValueUnionStringValueString", - "documentation":"

String value type.

" - }, "userArnValue":{ "shape":"String", "documentation":"

Represents the user that performed the audit.

" } }, - "documentation":"

Object to store union of Field values.

The Summary system field accepts 1500 characters while all other fields accept 500 characters.

", + "documentation":"

Object to store union of Field values.

The Summary system field accepts 3000 characters while all other fields accept 500 characters.

", "union":true }, "FieldValueUnionStringValueString":{ "type":"string", - "max":1500, + "max":3000, "min":0 }, "FileArn":{ @@ -1919,7 +2568,7 @@ }, "maxResults":{ "shape":"GetCaseAuditEventsRequestMaxResultsInteger", - "documentation":"

The maximum number of audit events to return. The current maximum supported value is 25. This is also the default when no other value is provided.

" + "documentation":"

The maximum number of audit events to return. When no value is provided, 25 is the default.

" }, "nextToken":{ "shape":"NextToken", @@ -1937,13 +2586,13 @@ "type":"structure", "required":["auditEvents"], "members":{ - "auditEvents":{ - "shape":"GetCaseAuditEventsResponseAuditEventsList", - "documentation":"

A list of case audits where each represents a particular edit of the case.

" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" + }, + "auditEvents":{ + "shape":"GetCaseAuditEventsResponseAuditEventsList", + "documentation":"

A list of case audits where each represents a particular edit of the case.

" } } }, @@ -2022,6 +2671,10 @@ "shape":"GetCaseResponseFieldsList", "documentation":"

A list of detailed field information.

" }, + "templateId":{ + "shape":"TemplateId", + "documentation":"

A unique identifier of a template.

" + }, "nextToken":{ "shape":"NextToken", "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" @@ -2029,10 +2682,6 @@ "tags":{ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" - }, - "templateId":{ - "shape":"TemplateId", - "documentation":"

A unique identifier of a template.

" } } }, @@ -2042,6 +2691,54 @@ "max":100, "min":0 }, + "GetCaseRuleResponse":{ + "type":"structure", + "required":[ + "caseRuleId", + "name", + "caseRuleArn", + "rule" + ], + "members":{ + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

" + }, + "name":{ + "shape":"CaseRuleName", + "documentation":"

Name of the case rule.

" + }, + "caseRuleArn":{ + "shape":"CaseRuleArn", + "documentation":"

The Amazon Resource Name (ARN) of the case rule.

" + }, + "rule":{ + "shape":"CaseRuleDetails", + "documentation":"

Represents what rule type should take place, under what conditions.

" + }, + "description":{ + "shape":"CaseRuleDescription", + "documentation":"

Description of a case rule.

" + }, + "deleted":{ + "shape":"Deleted", + "documentation":"

Indicates whether the resource has been deleted.

" + }, + "createdTime":{ + "shape":"CreatedTime", + "documentation":"

Timestamp when the resource was created.

" + }, + "lastModifiedTime":{ + "shape":"LastModifiedTime", + "documentation":"

Timestamp when the resource was created or last modified.

" + }, + "tags":{ + "shape":"Tags", + "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" + } + }, + "documentation":"

Detailed case rule information. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, "GetDomainRequest":{ "type":"structure", "required":["domainId"], @@ -2057,33 +2754,33 @@ "GetDomainResponse":{ "type":"structure", "required":[ - "createdTime", - "domainArn", "domainId", - "domainStatus", - "name" + "domainArn", + "name", + "createdTime", + "domainStatus" ], "members":{ - "createdTime":{ - "shape":"CreatedTime", - "documentation":"

The timestamp when the Cases domain was created.

" + "domainId":{ + "shape":"DomainId", + "documentation":"

The unique identifier of the Cases domain.

" }, "domainArn":{ "shape":"DomainArn", "documentation":"

The Amazon Resource Name (ARN) for the Cases domain.

" }, - "domainId":{ - "shape":"DomainId", - "documentation":"

The unique identifier of the Cases domain.

" + "name":{ + "shape":"DomainName", + "documentation":"

The name of the Cases domain.

" + }, + "createdTime":{ + "shape":"CreatedTime", + "documentation":"

The timestamp when the Cases domain was created.

" }, "domainStatus":{ "shape":"DomainStatus", "documentation":"

The status of the Cases domain.

" }, - "name":{ - "shape":"DomainName", - "documentation":"

The name of the Cases domain.

" - }, "tags":{ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" @@ -2093,41 +2790,33 @@ "GetFieldResponse":{ "type":"structure", "required":[ - "fieldArn", "fieldId", "name", - "namespace", - "type" + "fieldArn", + "type", + "namespace" ], "members":{ - "createdTime":{ - "shape":"CreatedTime", - "documentation":"

Timestamp at which the resource was created.

" - }, - "deleted":{ - "shape":"Deleted", - "documentation":"

Denotes whether or not the resource has been deleted.

" - }, - "description":{ - "shape":"FieldDescription", - "documentation":"

Description of the field.

" - }, - "fieldArn":{ - "shape":"FieldArn", - "documentation":"

The Amazon Resource Name (ARN) of the field.

" - }, "fieldId":{ "shape":"FieldId", "documentation":"

Unique identifier of the field.

" }, - "lastModifiedTime":{ - "shape":"LastModifiedTime", - "documentation":"

Timestamp at which the resource was created or last modified.

" - }, "name":{ "shape":"FieldName", "documentation":"

Name of the field.

" }, + "fieldArn":{ + "shape":"FieldArn", + "documentation":"

The Amazon Resource Name (ARN) of the field.

" + }, + "description":{ + "shape":"FieldDescription", + "documentation":"

Description of the field.

" + }, + "type":{ + "shape":"FieldType", + "documentation":"

Type of the field.

" + }, "namespace":{ "shape":"FieldNamespace", "documentation":"

Namespace of the field.

" @@ -2136,9 +2825,17 @@ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" }, - "type":{ - "shape":"FieldType", - "documentation":"

Type of the field.

" + "deleted":{ + "shape":"Deleted", + "documentation":"

Denotes whether or not the resource has been deleted.

" + }, + "createdTime":{ + "shape":"CreatedTime", + "documentation":"

Timestamp at which the resource was created.

" + }, + "lastModifiedTime":{ + "shape":"LastModifiedTime", + "documentation":"

Timestamp at which the resource was created or last modified.

" } }, "documentation":"

Object to store detailed field information.

" @@ -2167,43 +2864,43 @@ "GetLayoutResponse":{ "type":"structure", "required":[ - "content", - "layoutArn", "layoutId", - "name" + "layoutArn", + "name", + "content" ], "members":{ - "content":{ - "shape":"LayoutContent", - "documentation":"

Information about which fields will be present in the layout, the order of the fields, and read-only attribute of the field.

" - }, - "createdTime":{ - "shape":"CreatedTime", - "documentation":"

Timestamp at which the resource was created.

" - }, - "deleted":{ - "shape":"Deleted", - "documentation":"

Denotes whether or not the resource has been deleted.

" - }, - "lastModifiedTime":{ - "shape":"LastModifiedTime", - "documentation":"

Timestamp at which the resource was created or last modified.

" + "layoutId":{ + "shape":"LayoutId", + "documentation":"

The unique identifier of the layout.

" }, "layoutArn":{ "shape":"LayoutArn", "documentation":"

The Amazon Resource Name (ARN) of the newly created layout.

" }, - "layoutId":{ - "shape":"LayoutId", - "documentation":"

The unique identifier of the layout.

" - }, "name":{ "shape":"LayoutName", "documentation":"

The name of the layout. It must be unique.

" }, + "content":{ + "shape":"LayoutContent", + "documentation":"

Information about which fields will be present in the layout, the order of the fields, and read-only attribute of the field.

" + }, "tags":{ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" + }, + "deleted":{ + "shape":"Deleted", + "documentation":"

Denotes whether or not the resource has been deleted.

" + }, + "createdTime":{ + "shape":"CreatedTime", + "documentation":"

Timestamp at which the resource was created.

" + }, + "lastModifiedTime":{ + "shape":"LastModifiedTime", + "documentation":"

Timestamp at which the resource was created or last modified.

" } } }, @@ -2231,58 +2928,80 @@ "GetTemplateResponse":{ "type":"structure", "required":[ - "name", - "status", + "templateId", "templateArn", - "templateId" + "name", + "status" ], "members":{ - "createdTime":{ - "shape":"CreatedTime", - "documentation":"

Timestamp at which the resource was created.

" + "templateId":{ + "shape":"TemplateId", + "documentation":"

A unique identifier of a template.

" }, - "deleted":{ - "shape":"Deleted", - "documentation":"

Denotes whether or not the resource has been deleted.

" + "templateArn":{ + "shape":"TemplateArn", + "documentation":"

The Amazon Resource Name (ARN) of the template.

" + }, + "name":{ + "shape":"TemplateName", + "documentation":"

The name of the template.

" }, "description":{ "shape":"TemplateDescription", "documentation":"

A brief description of the template.

" }, - "lastModifiedTime":{ - "shape":"LastModifiedTime", - "documentation":"

Timestamp at which the resource was created or last modified.

" - }, "layoutConfiguration":{ "shape":"LayoutConfiguration", "documentation":"

Configuration of layouts associated to the template.

" }, - "name":{ - "shape":"TemplateName", - "documentation":"

The name of the template.

" - }, "requiredFields":{ "shape":"RequiredFieldList", "documentation":"

A list of fields that must contain a value for a case to be successfully created with this template.

" }, + "tags":{ + "shape":"Tags", + "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" + }, "status":{ "shape":"TemplateStatus", "documentation":"

The status of the template.

" }, - "tags":{ - "shape":"Tags", - "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" + "deleted":{ + "shape":"Deleted", + "documentation":"

Denotes whether or not the resource has been deleted.

" }, - "templateArn":{ - "shape":"TemplateArn", - "documentation":"

The Amazon Resource Name (ARN) of the template.

" + "createdTime":{ + "shape":"CreatedTime", + "documentation":"

Timestamp at which the resource was created.

" }, - "templateId":{ - "shape":"TemplateId", - "documentation":"

A unique identifier of a template.

" + "lastModifiedTime":{ + "shape":"LastModifiedTime", + "documentation":"

Timestamp at which the resource was created or last modified.

" + }, + "rules":{ + "shape":"TemplateCaseRuleList", + "documentation":"

A list of case rules (also known as case field conditions) on a template.

" } } }, + "HiddenCaseRule":{ + "type":"structure", + "required":[ + "defaultValue", + "conditions" + ], + "members":{ + "defaultValue":{ + "shape":"Boolean", + "documentation":"

Whether the field is hidden when no conditions match.

" + }, + "conditions":{ + "shape":"BooleanConditionList", + "documentation":"

A list of conditions that determine field visibility.

" + } + }, + "documentation":"

A rule that controls field visibility based on conditions. Fields can be shown or hidden dynamically based on values in other fields.

" + }, "IamPrincipalArn":{ "type":"string", "max":500, @@ -2349,7 +3068,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" }, "LayoutSections":{ "type":"structure", @@ -2361,19 +3080,19 @@ "LayoutSummary":{ "type":"structure", "required":[ - "layoutArn", "layoutId", + "layoutArn", "name" ], "members":{ - "layoutArn":{ - "shape":"LayoutArn", - "documentation":"

The Amazon Resource Name (ARN) of the layout.

" - }, "layoutId":{ "shape":"LayoutId", "documentation":"

The unique identifier for of the layout.

" }, + "layoutArn":{ + "shape":"LayoutArn", + "documentation":"

The Amazon Resource Name (ARN) of the layout.

" + }, "name":{ "shape":"LayoutName", "documentation":"

The name of the layout.

" @@ -2385,23 +3104,67 @@ "type":"list", "member":{"shape":"LayoutSummary"} }, + "ListCaseRulesRequest":{ + "type":"structure", + "required":["domainId"], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

Unique identifier of a Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return per page.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListCaseRulesResponse":{ + "type":"structure", + "required":["caseRules"], + "members":{ + "caseRules":{ + "shape":"ListCaseRulesResponseCaseRulesList", + "documentation":"

A list of field summary objects.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" + } + } + }, + "ListCaseRulesResponseCaseRulesList":{ + "type":"list", + "member":{"shape":"CaseRuleSummary"}, + "max":100, + "min":0 + }, "ListCasesForContactRequest":{ "type":"structure", "required":[ - "contactArn", - "domainId" + "domainId", + "contactArn" ], "members":{ - "contactArn":{ - "shape":"ContactArn", - "documentation":"

A unique identifier of a contact in Amazon Connect.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, + "contactArn":{ + "shape":"ContactArn", + "documentation":"

A unique identifier of a contact in Amazon Connect.

" + }, "maxResults":{ "shape":"ListCasesForContactRequestMaxResultsInteger", "documentation":"

The maximum number of results to return per page.

" @@ -2518,13 +3281,13 @@ "type":"structure", "required":["options"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" - }, "options":{ "shape":"FieldOptionsList", "documentation":"

A list of FieldOption objects.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" } } }, @@ -2665,13 +3428,13 @@ "type":"structure", "required":["templates"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" - }, "templates":{ "shape":"ListTemplatesResponseTemplatesList", "documentation":"

List of template summary objects.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" } } }, @@ -2692,6 +3455,45 @@ "max":9000, "min":0 }, + "OperandOne":{ + "type":"structure", + "members":{ + "fieldId":{ + "shape":"FieldId", + "documentation":"

The field ID that this operand should take the value of.

" + } + }, + "documentation":"

Represents the left hand operand in the condition. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "union":true + }, + "OperandTwo":{ + "type":"structure", + "members":{ + "stringValue":{ + "shape":"OperandTwoStringValueString", + "documentation":"

String value type.

" + }, + "booleanValue":{ + "shape":"Boolean", + "documentation":"

Boolean value type.

" + }, + "doubleValue":{ + "shape":"Double", + "documentation":"

Double value type.

" + }, + "emptyValue":{ + "shape":"EmptyOperandValue", + "documentation":"

Empty value type.

" + } + }, + "documentation":"

Represents the right hand operand in the condition. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

", + "union":true + }, + "OperandTwoStringValueString":{ + "type":"string", + "max":1500, + "min":1 + }, "Order":{ "type":"string", "enum":[ @@ -2699,6 +3501,42 @@ "Desc" ] }, + "ParentChildFieldOptionValue":{ + "type":"string", + "max":100, + "min":0, + "pattern":"$|^.*[\\S]" + }, + "ParentChildFieldOptionsMapping":{ + "type":"structure", + "required":[ + "parentFieldOptionValue", + "childFieldOptionValues" + ], + "members":{ + "parentFieldOptionValue":{ + "shape":"ParentChildFieldOptionValue", + "documentation":"

The value in the parent field.

" + }, + "childFieldOptionValues":{ + "shape":"ParentChildFieldOptionsMappingChildFieldOptionValuesList", + "documentation":"

A list of allowed values in the child field.

" + } + }, + "documentation":"

A mapping between a parent field option value and child field option values.

" + }, + "ParentChildFieldOptionsMappingChildFieldOptionValuesList":{ + "type":"list", + "member":{"shape":"ParentChildFieldOptionValue"}, + "max":1500, + "min":0 + }, + "ParentChildFieldOptionsMappingList":{ + "type":"list", + "member":{"shape":"ParentChildFieldOptionsMapping"}, + "max":200, + "min":1 + }, "PutCaseEventConfigurationRequest":{ "type":"structure", "required":[ @@ -2720,8 +3558,7 @@ }, "PutCaseEventConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RelatedItemArn":{ "type":"string", @@ -2731,17 +3568,29 @@ "RelatedItemContent":{ "type":"structure", "members":{ - "comment":{ - "shape":"CommentContent", - "documentation":"

Represents the content of a comment to be returned to agents.

" - }, "contact":{ "shape":"ContactContent", "documentation":"

Represents the content of a contact to be returned to agents.

" }, + "comment":{ + "shape":"CommentContent", + "documentation":"

Represents the content of a comment to be returned to agents.

" + }, "file":{ "shape":"FileContent", "documentation":"

Represents the content of a File to be returned to agents.

" + }, + "sla":{ + "shape":"SlaContent", + "documentation":"

Represents the content of an SLA to be returned to agents.

" + }, + "connectCase":{ + "shape":"ConnectCaseContent", + "documentation":"

Represents the Amazon Connect case to be created as a related item.

" + }, + "custom":{ + "shape":"CustomContent", + "documentation":"

Represents the content of a Custom type related item.

" } }, "documentation":"

Represents the content of a particular type of related item.

", @@ -2766,17 +3615,29 @@ "RelatedItemInputContent":{ "type":"structure", "members":{ - "comment":{ - "shape":"CommentContent", - "documentation":"

Represents the content of a comment to be returned to agents.

" - }, "contact":{ "shape":"Contact", "documentation":"

Object representing a contact in Amazon Connect as an API request field.

" }, + "comment":{ + "shape":"CommentContent", + "documentation":"

Represents the content of a comment to be returned to agents.

" + }, "file":{ "shape":"FileContent", "documentation":"

A file of related items.

" + }, + "sla":{ + "shape":"SlaInputContent", + "documentation":"

Represents the content of an SLA to be created.

" + }, + "connectCase":{ + "shape":"ConnectCaseInputContent", + "documentation":"

Represents the Amazon Connect case to be created as a related item.

" + }, + "custom":{ + "shape":"CustomInputContent", + "documentation":"

Represents the content of a Custom type related item.

" } }, "documentation":"

Represents the content of a related item to be created.

", @@ -2787,28 +3648,61 @@ "enum":[ "Contact", "Comment", - "File" + "File", + "Sla", + "ConnectCase", + "Custom" ] }, "RelatedItemTypeFilter":{ "type":"structure", "members":{ - "comment":{ - "shape":"CommentFilter", - "documentation":"

A filter for related items of type Comment.

" - }, "contact":{ "shape":"ContactFilter", "documentation":"

A filter for related items of type Contact.

" }, + "comment":{ + "shape":"CommentFilter", + "documentation":"

A filter for related items of type Comment.

" + }, "file":{ "shape":"FileFilter", "documentation":"

A filter for related items of this type of File.

" + }, + "sla":{ + "shape":"SlaFilter", + "documentation":"

Filter for related items of type SLA.

" + }, + "connectCase":{ + "shape":"ConnectCaseFilter", + "documentation":"

Represents the Amazon Connect case to be created as a related item.

" + }, + "custom":{ + "shape":"CustomFilter", + "documentation":"

Represents the content of a Custom type related item.

" } }, "documentation":"

The list of types of related items and their parameters to use for filtering.

", "union":true }, + "RequiredCaseRule":{ + "type":"structure", + "required":[ + "defaultValue", + "conditions" + ], + "members":{ + "defaultValue":{ + "shape":"Boolean", + "documentation":"

The value of the rule (that is, whether the field is required) should none of the conditions evaluate to true.

" + }, + "conditions":{ + "shape":"BooleanConditionList", + "documentation":"

List of conditions for the required rule; the first condition to evaluate to true dictates the value of the rule.

" + } + }, + "documentation":"

Required rule type, used to indicate whether a field is required. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" + }, "RequiredField":{ "type":"structure", "required":["fieldId"], @@ -2851,7 +3745,15 @@ }, "exception":true }, - "SearchCasesRequest":{ + "RuleType":{ + "type":"string", + "enum":[ + "Required", + "Hidden", + "FieldOptions" + ] + }, + "SearchAllRelatedItemsRequest":{ "type":"structure", "required":["domainId"], "members":{ @@ -2861,17 +3763,135 @@ "location":"uri", "locationName":"domainId" }, - "fields":{ - "shape":"SearchCasesRequestFieldsList", - "documentation":"

The list of field identifiers to be returned as part of the response.

" + "maxResults":{ + "shape":"SearchAllRelatedItemsRequestMaxResultsInteger", + "documentation":"

The maximum number of results to return per page.

" }, - "filter":{ - "shape":"CaseFilter", - "documentation":"

A list of filter objects.

" + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + }, + "filters":{ + "shape":"SearchAllRelatedItemsRequestFiltersList", + "documentation":"

The list of types of related items and their parameters to use for filtering. The filters work as an OR condition: caller gets back related items that match any of the specified filter types.

" + }, + "sorts":{ + "shape":"SearchAllRelatedItemsRequestSortsList", + "documentation":"

A structured set of sort terms to specify the order in which related items should be returned. Supports sorting by association time or case ID. The sorts work in the order specified: first sort term takes precedence over subsequent terms.

" + } + } + }, + "SearchAllRelatedItemsRequestFiltersList":{ + "type":"list", + "member":{"shape":"RelatedItemTypeFilter"}, + "max":10, + "min":0 + }, + "SearchAllRelatedItemsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "SearchAllRelatedItemsRequestSortsList":{ + "type":"list", + "member":{"shape":"SearchAllRelatedItemsSort"}, + "max":2, + "min":0 + }, + "SearchAllRelatedItemsResponse":{ + "type":"structure", + "required":["relatedItems"], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" + }, + "relatedItems":{ + "shape":"SearchAllRelatedItemsResponseRelatedItemsList", + "documentation":"

A list of items related to a case.

" + } + } + }, + "SearchAllRelatedItemsResponseItem":{ + "type":"structure", + "required":[ + "relatedItemId", + "caseId", + "type", + "associationTime", + "content" + ], + "members":{ + "relatedItemId":{ + "shape":"RelatedItemId", + "documentation":"

Unique identifier of a related item.

" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

" + }, + "type":{ + "shape":"RelatedItemType", + "documentation":"

Type of a related item.

" + }, + "associationTime":{ + "shape":"AssociationTime", + "documentation":"

Time at which a related item was associated with a case.

" + }, + "content":{"shape":"RelatedItemContent"}, + "performedBy":{"shape":"UserUnion"}, + "tags":{ + "shape":"Tags", + "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" + } + }, + "documentation":"

A list of items that represent RelatedItems. This data type is similar to SearchRelatedItemsResponseItem except SearchAllRelatedItemsResponseItem has a caseId field.

" + }, + "SearchAllRelatedItemsResponseRelatedItemsList":{ + "type":"list", + "member":{"shape":"SearchAllRelatedItemsResponseItem"}, + "max":25, + "min":0 + }, + "SearchAllRelatedItemsSort":{ + "type":"structure", + "required":[ + "sortProperty", + "sortOrder" + ], + "members":{ + "sortProperty":{ + "shape":"SearchAllRelatedItemsSortProperty", + "documentation":"

Whether related items should be sorted in ascending or descending order.

" + }, + "sortOrder":{ + "shape":"Order", + "documentation":"

Whether related items should be sorted by association time or case ID.

" + } + }, + "documentation":"

The order in which all returned related items should be sorted.

" + }, + "SearchAllRelatedItemsSortProperty":{ + "type":"string", + "enum":[ + "AssociationTime", + "CaseId" + ] + }, + "SearchCasesRequest":{ + "type":"structure", + "required":["domainId"], + "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

The unique identifier of the Cases domain.

", + "location":"uri", + "locationName":"domainId" }, "maxResults":{ "shape":"SearchCasesRequestMaxResultsInteger", - "documentation":"

The maximum number of cases to return. The current maximum supported value is 25. This is also the default value when no other value is provided.

" + "documentation":"

The maximum number of cases to return. When no value is provided, 25 is the default.

" }, "nextToken":{ "shape":"NextToken", @@ -2881,9 +3901,17 @@ "shape":"SearchCasesRequestSearchTermString", "documentation":"

A word or phrase used to perform a quick search.

" }, + "filter":{ + "shape":"CaseFilter", + "documentation":"

A list of filter objects.

" + }, "sorts":{ "shape":"SearchCasesRequestSortsList", "documentation":"

A list of sorts where each sort specifies a field and their sort order to be applied to the results.

" + }, + "fields":{ + "shape":"SearchCasesRequestFieldsList", + "documentation":"

The list of field identifiers to be returned as part of the response.

" } } }, @@ -2896,7 +3924,7 @@ "SearchCasesRequestMaxResultsInteger":{ "type":"integer", "box":true, - "max":25, + "max":100, "min":1 }, "SearchCasesRequestSearchTermString":{ @@ -2914,34 +3942,38 @@ "type":"structure", "required":["cases"], "members":{ - "cases":{ - "shape":"SearchCasesResponseCasesList", - "documentation":"

A list of case documents where each case contains the properties CaseId and Fields where each field is a complex union structure.

" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The token for the next set of results. This is null if there are no more results to return.

" + }, + "cases":{ + "shape":"SearchCasesResponseCasesList", + "documentation":"

A list of case documents where each case contains the properties CaseId and Fields where each field is a complex union structure.

" } } }, "SearchCasesResponseCasesList":{ "type":"list", "member":{"shape":"SearchCasesResponseItem"}, - "max":25, + "max":100, "min":0 }, "SearchCasesResponseItem":{ "type":"structure", "required":[ "caseId", - "fields", - "templateId" + "templateId", + "fields" ], "members":{ "caseId":{ "shape":"CaseId", "documentation":"

A unique identifier of the case.

" }, + "templateId":{ + "shape":"TemplateId", + "documentation":"

A unique identifier of a template.

" + }, "fields":{ "shape":"SearchCasesResponseItemFieldsList", "documentation":"

List of case field values.

" @@ -2949,10 +3981,6 @@ "tags":{ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" - }, - "templateId":{ - "shape":"TemplateId", - "documentation":"

A unique identifier of a template.

" } }, "documentation":"

A list of items that represent cases.

" @@ -2966,25 +3994,21 @@ "SearchRelatedItemsRequest":{ "type":"structure", "required":[ - "caseId", - "domainId" + "domainId", + "caseId" ], "members":{ - "caseId":{ - "shape":"CaseId", - "documentation":"

A unique identifier of the case.

", - "location":"uri", - "locationName":"caseId" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, - "filters":{ - "shape":"SearchRelatedItemsRequestFiltersList", - "documentation":"

The list of types of related items and their parameters to use for filtering.

" + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

", + "location":"uri", + "locationName":"caseId" }, "maxResults":{ "shape":"SearchRelatedItemsRequestMaxResultsInteger", @@ -2993,6 +4017,10 @@ "nextToken":{ "shape":"NextToken", "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

" + }, + "filters":{ + "shape":"SearchRelatedItemsRequestFiltersList", + "documentation":"

The list of types of related items and their parameters to use for filtering.

" } } }, @@ -3025,12 +4053,20 @@ "SearchRelatedItemsResponseItem":{ "type":"structure", "required":[ - "associationTime", - "content", "relatedItemId", - "type" + "type", + "associationTime", + "content" ], "members":{ + "relatedItemId":{ + "shape":"RelatedItemId", + "documentation":"

Unique identifier of a related item.

" + }, + "type":{ + "shape":"RelatedItemType", + "documentation":"

Type of a related item.

" + }, "associationTime":{ "shape":"AssociationTime", "documentation":"

Time at which a related item was associated with a case.

" @@ -3039,21 +4075,13 @@ "shape":"RelatedItemContent", "documentation":"

Represents the content of a particular type of related item.

" }, - "performedBy":{ - "shape":"UserUnion", - "documentation":"

Represents the creator of the related item.

" - }, - "relatedItemId":{ - "shape":"RelatedItemId", - "documentation":"

Unique identifier of a related item.

" - }, "tags":{ "shape":"Tags", "documentation":"

A map of of key-value pairs that represent tags on a resource. Tags are used to organize, track, or control access for this resource.

" }, - "type":{ - "shape":"RelatedItemType", - "documentation":"

Type of a related item.

" + "performedBy":{ + "shape":"UserUnion", + "documentation":"

Represents the creator of the related item.

" } }, "documentation":"

A list of items that represent RelatedItems.

" @@ -3095,6 +4123,147 @@ }, "exception":true }, + "SlaCompletionTime":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "SlaConfiguration":{ + "type":"structure", + "required":[ + "name", + "type", + "status", + "targetTime" + ], + "members":{ + "name":{ + "shape":"SlaName", + "documentation":"

Name of an SLA.

" + }, + "type":{ + "shape":"SlaType", + "documentation":"

Type of SLA.

" + }, + "status":{ + "shape":"SlaStatus", + "documentation":"

Status of an SLA.

" + }, + "fieldId":{ + "shape":"FieldId", + "documentation":"

Unique identifier of a field.

" + }, + "targetFieldValues":{ + "shape":"SlaFieldValueUnionList", + "documentation":"

Represents a list of target field values for the fieldId specified in SlaConfiguration.

" + }, + "targetTime":{ + "shape":"SlaTargetTime", + "documentation":"

Target time by which an SLA should be completed.

" + }, + "completionTime":{ + "shape":"SlaCompletionTime", + "documentation":"

Time at which an SLA was completed.

" + } + }, + "documentation":"

Represents an SLA configuration.

" + }, + "SlaContent":{ + "type":"structure", + "required":["slaConfiguration"], + "members":{ + "slaConfiguration":{ + "shape":"SlaConfiguration", + "documentation":"

Represents an SLA configuration.

" + } + }, + "documentation":"

Represents the content of an SLA to be returned to agents.

" + }, + "SlaFieldValueUnionList":{ + "type":"list", + "member":{"shape":"FieldValueUnion"}, + "max":1, + "min":1 + }, + "SlaFilter":{ + "type":"structure", + "members":{ + "name":{ + "shape":"SlaName", + "documentation":"

Name of an SLA.

" + }, + "status":{ + "shape":"SlaStatus", + "documentation":"

Status of an SLA.

" + } + }, + "documentation":"

A filter for related items of type SLA.

" + }, + "SlaInputConfiguration":{ + "type":"structure", + "required":[ + "name", + "type", + "targetSlaMinutes" + ], + "members":{ + "name":{ + "shape":"SlaName", + "documentation":"

Name of an SLA.

" + }, + "type":{ + "shape":"SlaType", + "documentation":"

Type of SLA.

" + }, + "fieldId":{ + "shape":"FieldId", + "documentation":"

Unique identifier of a field.

" + }, + "targetFieldValues":{ + "shape":"SlaFieldValueUnionList", + "documentation":"

Represents a list of target field values for the fieldId specified in SlaInputConfiguration. The SLA is considered met if any one of these target field values matches the actual field value.

" + }, + "targetSlaMinutes":{ + "shape":"TargetSlaMinutes", + "documentation":"

Target duration in minutes within which an SLA should be completed.

" + } + }, + "documentation":"

Represents the input configuration of an SLA being created.

" + }, + "SlaInputContent":{ + "type":"structure", + "members":{ + "slaInputConfiguration":{ + "shape":"SlaInputConfiguration", + "documentation":"

Represents an input SLA configuration.

" + } + }, + "documentation":"

Represents the content of an SLA.

", + "union":true + }, + "SlaName":{ + "type":"string", + "max":500, + "min":1, + "pattern":".*[\\S]", + "sensitive":true + }, + "SlaStatus":{ + "type":"string", + "enum":[ + "Active", + "Overdue", + "Met", + "NotMet" + ] + }, + "SlaTargetTime":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "SlaType":{ + "type":"string", + "enum":["CaseField"] + }, "Sort":{ "type":"structure", "required":[ @@ -3118,7 +4287,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" + "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" }, "TagKeyList":{ "type":"list", @@ -3150,11 +4319,23 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "TargetSlaMinutes":{ + "type":"long", + "box":true, + "max":129600, + "min":1 + }, "TemplateArn":{ "type":"string", "max":500, "min":1 }, + "TemplateCaseRuleList":{ + "type":"list", + "member":{"shape":"TemplateRule"}, + "max":50, + "min":0 + }, "TemplateDescription":{ "type":"string", "max":255, @@ -3169,7 +4350,22 @@ "type":"string", "max":100, "min":1, - "pattern":"^.*[\\S]$" + "pattern":".*[\\S]" + }, + "TemplateRule":{ + "type":"structure", + "required":["caseRuleId"], + "members":{ + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

" + }, + "fieldId":{ + "shape":"FieldId", + "documentation":"

Unique identifier of a field.

" + } + }, + "documentation":"

An association representing a case rule acting upon a field. In the Amazon Connect admin website, case rules are known as case field conditions. For more information about case field conditions, see Add case field conditions to a case template.

" }, "TemplateStatus":{ "type":"string", @@ -3187,12 +4383,20 @@ "TemplateSummary":{ "type":"structure", "required":[ - "name", - "status", + "templateId", "templateArn", - "templateId" + "name", + "status" ], "members":{ + "templateId":{ + "shape":"TemplateId", + "documentation":"

The unique identifier for the template.

" + }, + "templateArn":{ + "shape":"TemplateArn", + "documentation":"

The Amazon Resource Name (ARN) of the template.

" + }, "name":{ "shape":"TemplateName", "documentation":"

The template name.

" @@ -3200,14 +4404,6 @@ "status":{ "shape":"TemplateStatus", "documentation":"

The status of the template.

" - }, - "templateArn":{ - "shape":"TemplateArn", - "documentation":"

The Amazon Resource Name (ARN) of the template.

" - }, - "templateId":{ - "shape":"TemplateId", - "documentation":"

The unique identifier for the template.

" } }, "documentation":"

Template summary information.

" @@ -3250,23 +4446,23 @@ "UpdateCaseRequest":{ "type":"structure", "required":[ - "caseId", "domainId", + "caseId", "fields" ], "members":{ - "caseId":{ - "shape":"CaseId", - "documentation":"

A unique identifier of the case.

", - "location":"uri", - "locationName":"caseId" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, + "caseId":{ + "shape":"CaseId", + "documentation":"

A unique identifier of the case.

", + "location":"uri", + "locationName":"caseId" + }, "fields":{ "shape":"UpdateCaseRequestFieldsList", "documentation":"

An array of objects with fieldId (matching ListFields/DescribeField) and value union data, structured identical to CreateCase.

" @@ -3282,9 +4478,45 @@ }, "UpdateCaseResponse":{ "type":"structure", + "members":{} + }, + "UpdateCaseRuleRequest":{ + "type":"structure", + "required":[ + "domainId", + "caseRuleId" + ], "members":{ + "domainId":{ + "shape":"DomainId", + "documentation":"

Unique identifier of a Cases domain.

", + "location":"uri", + "locationName":"domainId" + }, + "caseRuleId":{ + "shape":"CaseRuleId", + "documentation":"

Unique identifier of a case rule.

", + "location":"uri", + "locationName":"caseRuleId" + }, + "name":{ + "shape":"CaseRuleName", + "documentation":"

Name of the case rule.

" + }, + "description":{ + "shape":"CaseRuleDescription", + "documentation":"

Description of a case rule.

" + }, + "rule":{ + "shape":"CaseRuleDetails", + "documentation":"

Represents what rule type should take place, under what conditions.

" + } } }, + "UpdateCaseRuleResponse":{ + "type":"structure", + "members":{} + }, "UpdateFieldRequest":{ "type":"structure", "required":[ @@ -3292,10 +4524,6 @@ "fieldId" ], "members":{ - "description":{ - "shape":"FieldDescription", - "documentation":"

The description of a field.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", @@ -3311,13 +4539,16 @@ "name":{ "shape":"FieldName", "documentation":"

The name of the field.

" + }, + "description":{ + "shape":"FieldDescription", + "documentation":"

The description of a field.

" } } }, "UpdateFieldResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLayoutRequest":{ "type":"structure", @@ -3326,10 +4557,6 @@ "layoutId" ], "members":{ - "content":{ - "shape":"LayoutContent", - "documentation":"

Information about which fields will be present in the layout, the order of the fields.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", @@ -3345,13 +4572,16 @@ "name":{ "shape":"LayoutName", "documentation":"

The name of the layout. It must be unique per domain.

" + }, + "content":{ + "shape":"LayoutContent", + "documentation":"

Information about which fields will be present in the layout, the order of the fields.

" } } }, "UpdateLayoutResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTemplateRequest":{ "type":"structure", @@ -3360,24 +4590,30 @@ "templateId" ], "members":{ - "description":{ - "shape":"TemplateDescription", - "documentation":"

A brief description of the template.

" - }, "domainId":{ "shape":"DomainId", "documentation":"

The unique identifier of the Cases domain.

", "location":"uri", "locationName":"domainId" }, - "layoutConfiguration":{ - "shape":"LayoutConfiguration", - "documentation":"

Configuration of layouts associated to the template.

" + "templateId":{ + "shape":"TemplateId", + "documentation":"

A unique identifier for the template.

", + "location":"uri", + "locationName":"templateId" }, "name":{ "shape":"TemplateName", "documentation":"

The name of the template. It must be unique per domain.

" }, + "description":{ + "shape":"TemplateDescription", + "documentation":"

A brief description of the template.

" + }, + "layoutConfiguration":{ + "shape":"LayoutConfiguration", + "documentation":"

Configuration of layouts associated to the template.

" + }, "requiredFields":{ "shape":"RequiredFieldList", "documentation":"

A list of fields that must contain a value for a case to be successfully created with this template.

" @@ -3386,18 +4622,15 @@ "shape":"TemplateStatus", "documentation":"

The status of the template.

" }, - "templateId":{ - "shape":"TemplateId", - "documentation":"

A unique identifier for the template.

", - "location":"uri", - "locationName":"templateId" + "rules":{ + "shape":"TemplateCaseRuleList", + "documentation":"

A list of case rules (also known as case field conditions) on a template.

" } } }, "UpdateTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UserArn":{ "type":"string", @@ -3410,9 +4643,13 @@ "userArn":{ "shape":"UserArn", "documentation":"

Represents the Amazon Connect ARN of the user.

" + }, + "customEntity":{ + "shape":"CustomEntity", + "documentation":"

Any provided entity.

" } }, - "documentation":"

Represents the identity of the person who performed the action.

", + "documentation":"

Represents the entity that performed the action.

", "union":true }, "ValidationException":{ @@ -3440,5 +4677,5 @@ "min":0 } }, - "documentation":"

With Amazon Connect Cases, your agents can track and manage customer issues that require multiple interactions, follow-up tasks, and teams in your contact center. A case represents a customer issue. It records the issue, the steps and interactions taken to resolve the issue, and the outcome. For more information, see Amazon Connect Cases in the Amazon Connect Administrator Guide.

" + "documentation":"

With Amazon Connect Cases, your agents can track and manage customer issues that require multiple interactions, follow-up tasks, and teams in your contact center. A case represents a customer issue. It records the issue, the steps and interactions taken to resolve the issue, and the outcome. For more information, see Amazon Connect Cases in the Amazon Connect Administrator Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/waiters-2.json 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/waiters-2.json --- 2.23.6-1/awscli/botocore/data/connectcases/2022-10-03/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectcases/2022-10-03/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/connectparticipant/2018-09-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/connectparticipant/2018-09-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/connectparticipant/2018-09-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectparticipant/2018-09-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/connectparticipant/2018-09-07/service-2.json 2.31.35-1/awscli/botocore/data/connectparticipant/2018-09-07/service-2.json --- 2.23.6-1/awscli/botocore/data/connectparticipant/2018-09-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/connectparticipant/2018-09-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,7 +29,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Cancels the authentication session. The opted out branch of the Authenticate Customer flow block will be taken.

The current supported channel is chat. This API is not supported for Apple Messages for Business, WhatsApp, or SMS chats.

" + "documentation":"

Cancels the authentication session. The opted out branch of the Authenticate Customer flow block will be taken.

The current supported channel is chat. This API is not supported for Apple Messages for Business, WhatsApp, or SMS chats.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "CompleteAttachmentUpload":{ "name":"CompleteAttachmentUpload", @@ -47,7 +47,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"} ], - "documentation":"

Allows you to confirm that the attachment has been uploaded using the pre-signed URL provided in StartAttachmentUpload API. A conflict exception is thrown when an attachment with that identifier is already being uploaded.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Allows you to confirm that the attachment has been uploaded using the pre-signed URL provided in StartAttachmentUpload API. A conflict exception is thrown when an attachment with that identifier is already being uploaded.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "CreateParticipantConnection":{ "name":"CreateParticipantConnection", @@ -63,7 +63,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates the participant's connection.

For security recommendations, see Amazon Connect Chat security best practices.

ParticipantToken is used for invoking this API instead of ConnectionToken.

The participant token is valid for the lifetime of the participant – until they are part of a contact.

The response URL for WEBSOCKET Type has a connect expiry timeout of 100s. Clients must manually connect to the returned websocket URL and subscribe to the desired topic.

For chat, you need to publish the following on the established websocket connection:

{\"topic\":\"aws/subscribe\",\"content\":{\"topics\":[\"aws/chat\"]}}

Upon websocket URL expiry, as specified in the response ConnectionExpiry parameter, clients need to call this API again to obtain a new websocket URL and perform the same steps as before.

Message streaming support: This API can also be used together with the StartContactStreaming API to create a participant connection for chat contacts that are not using a websocket. For more information about message streaming, Enable real-time chat message streaming in the Amazon Connect Administrator Guide.

Feature specifications: For information about feature specifications, such as the allowed number of open websocket connections per participant, see Feature specifications in the Amazon Connect Administrator Guide.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Creates the participant's connection.

For security recommendations, see Amazon Connect Chat security best practices.

For WebRTC security recommendations, see Amazon Connect WebRTC security best practices.

ParticipantToken is used for invoking this API instead of ConnectionToken.

The participant token is valid for the lifetime of the participant – until they are part of a contact. For WebRTC participants, if they leave or are disconnected for 60 seconds, a new participant needs to be created using the CreateParticipant API.

For WEBSOCKET Type:

The response URL for has a connect expiry timeout of 100s. Clients must manually connect to the returned websocket URL and subscribe to the desired topic.

For chat, you need to publish the following on the established websocket connection:

{\"topic\":\"aws/subscribe\",\"content\":{\"topics\":[\"aws/chat\"]}}

Upon websocket URL expiry, as specified in the response ConnectionExpiry parameter, clients need to call this API again to obtain a new websocket URL and perform the same steps as before.

The expiry time for the connection token is different than the ChatDurationInMinutes. Expiry time for the connection token is 1 day.

For WEBRTC_CONNECTION Type:

The response includes connection data required for the client application to join the call using the Amazon Chime SDK client libraries. The WebRTCConnection response contains Meeting and Attendee information needed to establish the media connection.

The attendee join token in WebRTCConnection response is valid for the lifetime of the participant in the call. If a participant leaves or is disconnected for 60 seconds, their participant credentials will no longer be valid, and a new participant will need to be created to rejoin the call.

Message streaming support: This API can also be used together with the StartContactStreaming API to create a participant connection for chat contacts that are not using a websocket. For more information about message streaming, Enable real-time chat message streaming in the Amazon Connect Administrator Guide.

Multi-user web, in-app, video calling support:

For WebRTC calls, this API is used in conjunction with the CreateParticipant API to enable multi-party calling. The StartWebRTCContact API creates the initial contact and routes it to an agent, while CreateParticipant adds additional participants to the ongoing call. For more information about multi-party WebRTC calls, see Enable multi-user web, in-app, and video calling in the Amazon Connect Administrator Guide.

Feature specifications: For information about feature specifications, such as the allowed number of open websocket connections per participant or maximum number of WebRTC participants, see Feature specifications in the Amazon Connect Administrator Guide.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "DescribeView":{ "name":"DescribeView", @@ -80,7 +80,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves the view for the specified view token.

For security recommendations, see Amazon Connect Chat security best practices.

" + "documentation":"

Retrieves the view for the specified view token.

For security recommendations, see Amazon Connect Chat security best practices.

" }, "DisconnectParticipant":{ "name":"DisconnectParticipant", @@ -96,7 +96,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Disconnects a participant.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Disconnects a participant.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "GetAttachment":{ "name":"GetAttachment", @@ -112,7 +112,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Provides a pre-signed URL for download of a completed attachment. This is an asynchronous API for use with active contacts.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Provides a pre-signed URL for download of a completed attachment. This is an asynchronous API for use with active contacts.

For security recommendations, see Amazon Connect Chat security best practices.

  • The participant role CUSTOM_BOT is not permitted to access attachments customers may upload. An AccessDeniedException can indicate that the participant may be a CUSTOM_BOT, and it doesn't have access to attachments.

  • ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "GetAuthenticationUrl":{ "name":"GetAuthenticationUrl", @@ -128,7 +128,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves the AuthenticationUrl for the current authentication session for the AuthenticateCustomer flow block.

For security recommendations, see Amazon Connect Chat security best practices.

  • This API can only be called within one minute of receiving the authenticationInitiated event.

  • The current supported channel is chat. This API is not supported for Apple Messages for Business, WhatsApp, or SMS chats.

" + "documentation":"

Retrieves the AuthenticationUrl for the current authentication session for the AuthenticateCustomer flow block.

For security recommendations, see Amazon Connect Chat security best practices.

  • This API can only be called within one minute of receiving the authenticationInitiated event.

  • The current supported channel is chat. This API is not supported for Apple Messages for Business, WhatsApp, or SMS chats.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "GetTranscript":{ "name":"GetTranscript", @@ -144,7 +144,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Retrieves a transcript of the session, including details about any attachments. For information about accessing past chat contact transcripts for a persistent chat, see Enable persistent chat.

For security recommendations, see Amazon Connect Chat security best practices.

If you have a process that consumes events in the transcript of an chat that has ended, note that chat transcripts contain the following event content types if the event has occurred during the chat session:

  • application/vnd.amazonaws.connect.event.participant.left

  • application/vnd.amazonaws.connect.event.participant.joined

  • application/vnd.amazonaws.connect.event.chat.ended

  • application/vnd.amazonaws.connect.event.transfer.succeeded

  • application/vnd.amazonaws.connect.event.transfer.failed

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Retrieves a transcript of the session, including details about any attachments. For information about accessing past chat contact transcripts for a persistent chat, see Enable persistent chat.

For security recommendations, see Amazon Connect Chat security best practices.

If you have a process that consumes events in the transcript of an chat that has ended, note that chat transcripts contain the following event content types if the event has occurred during the chat session:

  • application/vnd.amazonaws.connect.event.participant.invited

  • application/vnd.amazonaws.connect.event.participant.joined

  • application/vnd.amazonaws.connect.event.participant.left

  • application/vnd.amazonaws.connect.event.chat.ended

  • application/vnd.amazonaws.connect.event.transfer.succeeded

  • application/vnd.amazonaws.connect.event.transfer.failed

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "SendEvent":{ "name":"SendEvent", @@ -161,7 +161,7 @@ {"shape":"ValidationException"}, {"shape":"ConflictException"} ], - "documentation":"

The application/vnd.amazonaws.connect.event.connection.acknowledged ContentType will no longer be supported starting December 31, 2024. This event has been migrated to the CreateParticipantConnection API using the ConnectParticipant field.

Sends an event. Message receipts are not supported when there are more than two active participants in the chat. Using the SendEvent API for message receipts when a supervisor is barged-in will result in a conflict exception.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

The application/vnd.amazonaws.connect.event.connection.acknowledged ContentType is no longer maintained since December 31, 2024. This event has been migrated to the CreateParticipantConnection API using the ConnectParticipant field.

Sends an event. Message receipts are not supported when there are more than two active participants in the chat. Using the SendEvent API for message receipts when a supervisor is barged-in will result in a conflict exception.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "SendMessage":{ "name":"SendMessage", @@ -177,7 +177,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

Sends a message.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Sends a message.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" }, "StartAttachmentUpload":{ "name":"StartAttachmentUpload", @@ -194,7 +194,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Provides a pre-signed Amazon S3 URL in response for uploading the file directly to S3.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" + "documentation":"

Provides a pre-signed Amazon S3 URL in response for uploading the file directly to S3.

For security recommendations, see Amazon Connect Chat security best practices.

ConnectionToken is used for invoking this API instead of ParticipantToken.

The Amazon Connect Participant Service APIs do not use Signature Version 4 authentication.

" } }, "shapes":{ @@ -263,6 +263,31 @@ "type":"list", "member":{"shape":"AttachmentItem"} }, + "Attendee":{ + "type":"structure", + "members":{ + "AttendeeId":{ + "shape":"AttendeeId", + "documentation":"

The Amazon Chime SDK attendee ID.

" + }, + "JoinToken":{ + "shape":"JoinToken", + "documentation":"

The join token used by the Amazon Chime SDK attendee.

" + } + }, + "documentation":"

The attendee information, including attendee ID and join token.

" + }, + "AttendeeId":{"type":"string"}, + "AudioFeatures":{ + "type":"structure", + "members":{ + "EchoReduction":{ + "shape":"MeetingFeatureStatus", + "documentation":"

Makes echo reduction available to clients who connect to the meeting.

" + } + }, + "documentation":"

Has audio-specific configurations as the operating parameter for Echo Reduction.

" + }, "AuthenticationUrl":{ "type":"string", "max":2083, @@ -290,8 +315,7 @@ }, "CancelParticipantAuthenticationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ChatContent":{ "type":"string", @@ -356,8 +380,7 @@ }, "CompleteAttachmentUploadResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ConflictException":{ "type":"structure", @@ -387,7 +410,8 @@ "type":"string", "enum":[ "WEBSOCKET", - "CONNECTION_CREDENTIALS" + "CONNECTION_CREDENTIALS", + "WEBRTC_CONNECTION" ] }, "ConnectionTypeList":{ @@ -435,6 +459,10 @@ "ConnectionCredentials":{ "shape":"ConnectionCredentials", "documentation":"

Creates the participant's connection credentials. The authentication token associated with the participant's connection.

" + }, + "WebRTCConnection":{ + "shape":"WebRTCConnection", + "documentation":"

Creates the participant's WebRTC connection data required for the client application (mobile application or website) to connect to the call.

" } } }, @@ -487,8 +515,7 @@ }, "DisconnectParticipantResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisplayName":{ "type":"string", @@ -624,6 +651,10 @@ } } }, + "GuidString":{ + "type":"string", + "pattern":"[a-fA-F0-9]{8}(?:-[a-fA-F0-9]{4}){3}-[a-fA-F0-9]{12}" + }, "ISO8601Datetime":{"type":"string"}, "Instant":{ "type":"string", @@ -695,11 +726,32 @@ }, "documentation":"

An item - message or event - that has been sent.

" }, + "JoinToken":{ + "type":"string", + "sensitive":true + }, "MaxResults":{ "type":"integer", "max":100, "min":0 }, + "MeetingFeatureStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "UNAVAILABLE" + ] + }, + "MeetingFeaturesConfiguration":{ + "type":"structure", + "members":{ + "Audio":{ + "shape":"AudioFeatures", + "documentation":"

The configuration settings for the audio features available to a meeting.

" + } + }, + "documentation":"

The configuration settings of the features available to a meeting.

" + }, "Message":{"type":"string"}, "MessageMetadata":{ "type":"structure", @@ -839,7 +891,7 @@ "members":{ "ContentType":{ "shape":"ChatContentType", - "documentation":"

The content type of the request. Supported types are:

  • application/vnd.amazonaws.connect.event.typing

  • application/vnd.amazonaws.connect.event.connection.acknowledged (will be deprecated on December 31, 2024)

  • application/vnd.amazonaws.connect.event.message.delivered

  • application/vnd.amazonaws.connect.event.message.read

" + "documentation":"

The content type of the request. Supported types are:

  • application/vnd.amazonaws.connect.event.typing

  • application/vnd.amazonaws.connect.event.connection.acknowledged (is no longer maintained since December 31, 2024)

  • application/vnd.amazonaws.connect.event.message.delivered

  • application/vnd.amazonaws.connect.event.message.read

" }, "Content":{ "shape":"ChatContent", @@ -881,7 +933,7 @@ "members":{ "ContentType":{ "shape":"ChatContentType", - "documentation":"

The type of the content. Supported types are text/plain, text/markdown, application/json, and application/vnd.amazonaws.connect.message.interactive.response.

" + "documentation":"

The type of the content. Possible types are text/plain, text/markdown, application/json, and application/vnd.amazonaws.connect.message.interactive.response.

Supported types on the contact are configured through SupportedMessagingContentTypes on StartChatContact and StartOutboundChatContact.

For Apple Messages for Business, SMS, and WhatsApp Business Messaging contacts, only text/plain is supported.

" }, "Content":{ "shape":"ChatContent", @@ -1015,6 +1067,11 @@ "type":"list", "member":{"shape":"Item"} }, + "URI":{ + "type":"string", + "max":2000, + "min":1 + }, "URLExpiryInSeconds":{ "type":"integer", "max":300, @@ -1150,6 +1207,54 @@ "min":1 }, "ViewVersion":{"type":"integer"}, + "WebRTCConnection":{ + "type":"structure", + "members":{ + "Attendee":{"shape":"Attendee"}, + "Meeting":{ + "shape":"WebRTCMeeting", + "documentation":"

A meeting created using the Amazon Chime SDK.

" + } + }, + "documentation":"

Creates the participant’s WebRTC connection data required for the client application (mobile or web) to connect to the call.

" + }, + "WebRTCMediaPlacement":{ + "type":"structure", + "members":{ + "AudioHostUrl":{ + "shape":"URI", + "documentation":"

The audio host URL.

" + }, + "AudioFallbackUrl":{ + "shape":"URI", + "documentation":"

The audio fallback URL.

" + }, + "SignalingUrl":{ + "shape":"URI", + "documentation":"

The signaling URL.

" + }, + "EventIngestionUrl":{ + "shape":"URI", + "documentation":"

The event ingestion URL to which you send client meeting events.

" + } + }, + "documentation":"

A set of endpoints used by clients to connect to the media service group for an Amazon Chime SDK meeting.

" + }, + "WebRTCMeeting":{ + "type":"structure", + "members":{ + "MediaPlacement":{ + "shape":"WebRTCMediaPlacement", + "documentation":"

The media placement for the meeting.

" + }, + "MeetingFeatures":{"shape":"MeetingFeaturesConfiguration"}, + "MeetingId":{ + "shape":"GuidString", + "documentation":"

The Amazon Chime SDK meeting ID.

" + } + }, + "documentation":"

A meeting created using the Amazon Chime SDK.

" + }, "Websocket":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -23,6 +23,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Controls" + }, + "ListControlMappings": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ControlMappings" } } } diff -pruN 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -48,6 +48,23 @@ ], "documentation":"

Returns a paginated list of common controls from the Amazon Web Services Control Catalog.

You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls.

" }, + "ListControlMappings":{ + "name":"ListControlMappings", + "http":{ + "method":"POST", + "requestUri":"/list-control-mappings", + "responseCode":200 + }, + "input":{"shape":"ListControlMappingsRequest"}, + "output":{"shape":"ListControlMappingsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks.

" + }, "ListControls":{ "name":"ListControls", "http":{ @@ -63,7 +80,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a paginated list of all available controls in the Amazon Web Services Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.

" + "documentation":"

Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.

" }, "ListDomains":{ "name":"ListDomains", @@ -80,7 +97,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a paginated list of domains from the Amazon Web Services Control Catalog.

" + "documentation":"

Returns a paginated list of domains from the Control Catalog.

" }, "ListObjectives":{ "name":"ListObjectives", @@ -97,7 +114,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a paginated list of objectives from the Amazon Web Services Control Catalog.

You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.

" + "documentation":"

Returns a paginated list of objectives from the Control Catalog.

You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.

" } }, "shapes":{ @@ -147,16 +164,33 @@ "min":41, "pattern":"arn:(aws(?:[-a-z]*)?):controlcatalog:::common-control/[0-9a-z]+" }, + "CommonControlArnFilterList":{ + "type":"list", + "member":{"shape":"CommonControlArn"}, + "max":1, + "min":1 + }, "CommonControlFilter":{ "type":"structure", "members":{ "Objectives":{ "shape":"ObjectiveResourceFilterList", - "documentation":"

The objective that's used as filter criteria.

You can use this parameter to specify one objective ARN at a time. Passing multiple ARNs in the CommonControlFilter isn’t currently supported.

" + "documentation":"

The objective that's used as filter criteria.

You can use this parameter to specify one objective ARN at a time. Passing multiple ARNs in the CommonControlFilter isn’t supported.

" } }, "documentation":"

An optional filter that narrows the results to a specific objective.

" }, + "CommonControlMappingDetails":{ + "type":"structure", + "required":["CommonControlArn"], + "members":{ + "CommonControlArn":{ + "shape":"CommonControlArn", + "documentation":"

The Amazon Resource Name (ARN) that identifies the common control in the mapping.

" + } + }, + "documentation":"

A structure that contains details about a common control mapping. In particular, it returns the Amazon Resource Name (ARN) of the common control.

" + }, "CommonControlSummary":{ "type":"structure", "required":[ @@ -204,12 +238,26 @@ "type":"list", "member":{"shape":"CommonControlSummary"} }, + "ControlAlias":{ + "type":"string", + "pattern":"[a-zA-Z0-9](?:[a-zA-Z0-9_.-]{0,254}[a-zA-Z0-9])" + }, + "ControlAliases":{ + "type":"list", + "member":{"shape":"ControlAlias"} + }, "ControlArn":{ "type":"string", "max":2048, "min":34, "pattern":"arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\\-]+" }, + "ControlArnFilterList":{ + "type":"list", + "member":{"shape":"ControlArn"}, + "max":1, + "min":1 + }, "ControlBehavior":{ "type":"string", "enum":[ @@ -218,6 +266,61 @@ "DETECTIVE" ] }, + "ControlFilter":{ + "type":"structure", + "members":{ + "Implementations":{ + "shape":"ImplementationFilter", + "documentation":"

A filter that narrows the results to controls with specific implementation types or identifiers. This field allows you to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.

" + } + }, + "documentation":"

A structure that defines filtering criteria for the ListControls operation. You can use this filter to narrow down the list of controls based on their implementation details.

" + }, + "ControlMapping":{ + "type":"structure", + "required":[ + "ControlArn", + "MappingType", + "Mapping" + ], + "members":{ + "ControlArn":{ + "shape":"ControlArn", + "documentation":"

The Amazon Resource Name (ARN) that identifies the control in the mapping.

" + }, + "MappingType":{ + "shape":"MappingType", + "documentation":"

The type of mapping relationship between the control and other entities. Indicates whether the mapping is to a framework or common control.

" + }, + "Mapping":{ + "shape":"Mapping", + "documentation":"

The details of the mapping relationship, containing either framework or common control information.

" + } + }, + "documentation":"

A structure that contains information about a control mapping, including the control ARN, mapping type, and mapping details.

" + }, + "ControlMappingFilter":{ + "type":"structure", + "members":{ + "ControlArns":{ + "shape":"ControlArnFilterList", + "documentation":"

A list of control ARNs to filter the mappings. When specified, only mappings associated with these controls are returned.

" + }, + "CommonControlArns":{ + "shape":"CommonControlArnFilterList", + "documentation":"

A list of common control ARNs to filter the mappings. When specified, only mappings associated with these common controls are returned.

" + }, + "MappingTypes":{ + "shape":"MappingTypeFilterList", + "documentation":"

A list of mapping types to filter the mappings. When specified, only mappings of these types are returned.

" + } + }, + "documentation":"

A structure that defines filtering criteria for the ListControlMappings operation. You can use this filter to narrow down the list of control mappings based on control ARNs, common control ARNs, or mapping types.

" + }, + "ControlMappings":{ + "type":"list", + "member":{"shape":"ControlMapping"} + }, "ControlParameter":{ "type":"structure", "required":["Name"], @@ -227,7 +330,7 @@ "documentation":"

The parameter name. This name is the parameter key when you call EnableControl or UpdateEnabledControl .

" } }, - "documentation":"

Four types of control parameters are supported.

  • AllowedRegions: List of Amazon Web Services Regions exempted from the control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the OU Region deny control, CT.MULTISERVICE.PV.1.

    Example: [\"us-east-1\",\"us-west-2\"]

  • ExemptedActions: List of Amazon Web Services IAM actions exempted from the control. Each string is expected to be an IAM action.

    Example: [\"logs:DescribeLogGroups\",\"logs:StartQuery\",\"logs:GetQueryResults\"]

  • ExemptedPrincipalArns: List of Amazon Web Services IAM principal ARNs exempted from the control. Each string is expected to be an IAM principal that follows the pattern ^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$

    Example: [\"arn:aws:iam::*:role/ReadOnly\",\"arn:aws:sts::*:assumed-role/ReadOnly/*\"]

  • ExemptedResourceArns: List of resource ARNs exempted from the control. Each string is expected to be a resource ARN.

    Example: [\"arn:aws:s3:::my-bucket-name\"]

" + "documentation":"

Five types of control parameters are supported.

  • AllowedRegions: List of Amazon Web Services Regions exempted from the control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the OU Region deny control, CT.MULTISERVICE.PV.1.

    Example: [\"us-east-1\",\"us-west-2\"]

  • ExemptedActions: List of Amazon Web Services IAM actions exempted from the control. Each string is expected to be an IAM action.

    Example: [\"logs:DescribeLogGroups\",\"logs:StartQuery\",\"logs:GetQueryResults\"]

  • ExemptedPrincipalArns: List of Amazon Web Services IAM principal ARNs exempted from the control. Each string is expected to be an IAM principal that follows the pattern ^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$

    Example: [\"arn:aws:iam::*:role/ReadOnly\",\"arn:aws:sts::*:assumed-role/ReadOnly/*\"]

  • ExemptedResourceArns: List of resource ARNs exempted from the control. Each string is expected to be a resource ARN.

    Example: [\"arn:aws:s3:::my-bucket-name\"]

  • ExemptAssumeRoot: A parameter that lets you choose whether to exempt requests made with AssumeRoot from this control, for this OU. For member accounts, the AssumeRoot property is included in requests initiated by IAM centralized root access. This parameter applies only to the AWS-GR_RESTRICT_ROOT_USER control. If you add the parameter when enabling the control, the AssumeRoot exemption is allowed. If you omit the parameter, the AssumeRoot exception is not permitted. The parameter does not accept False as a value.

    Example: Enabling the control and allowing AssumeRoot

    { \"controlIdentifier\": \"arn:aws:controlcatalog:::control/5kvme4m5d2b4d7if2fs5yg2ui\", \"parameters\": [ { \"key\": \"ExemptAssumeRoot\", \"value\": true } ], \"targetIdentifier\": \"arn:aws:organizations::8633900XXXXX:ou/o-6jmn81636m/ou-qsah-jtiihcla\" }

" }, "ControlParameters":{ "type":"list", @@ -240,6 +343,15 @@ "REGIONAL" ] }, + "ControlSeverity":{ + "type":"string", + "enum":[ + "LOW", + "MEDIUM", + "HIGH", + "CRITICAL" + ] + }, "ControlSummary":{ "type":"structure", "required":[ @@ -252,6 +364,10 @@ "shape":"ControlArn", "documentation":"

The Amazon Resource Name (ARN) of the control.

" }, + "Aliases":{ + "shape":"ControlAliases", + "documentation":"

A list of alternative identifiers for the control. These are human-readable designators, such as SH.S3.1. Several aliases can refer to the same control across different Amazon Web Services services or compliance frameworks.

" + }, "Name":{ "shape":"String", "documentation":"

The display name of the control.

" @@ -259,6 +375,26 @@ "Description":{ "shape":"String", "documentation":"

A description of the control, as it may appear in the console. Describes the functionality of the control.

" + }, + "Behavior":{ + "shape":"ControlBehavior", + "documentation":"

An enumerated type, with the following possible values:

" + }, + "Severity":{ + "shape":"ControlSeverity", + "documentation":"

An enumerated type, with the following possible values:

" + }, + "Implementation":{ + "shape":"ImplementationSummary", + "documentation":"

An object of type ImplementationSummary that describes how the control is implemented.

" + }, + "CreateTime":{ + "shape":"Timestamp", + "documentation":"

A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.

" + }, + "GovernedResources":{ + "shape":"GovernedResources", + "documentation":"

A list of Amazon Web Services resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as Amazon Web Services CloudFormation resource types. If GovernedResources cannot be represented by available CloudFormation resource types, it’s returned as an empty list.

" } }, "documentation":"

Overview of information about a control.

" @@ -328,6 +464,34 @@ "type":"list", "member":{"shape":"DomainSummary"} }, + "FrameworkItem":{ + "type":"string", + "max":250, + "min":3 + }, + "FrameworkMappingDetails":{ + "type":"structure", + "required":[ + "Name", + "Item" + ], + "members":{ + "Name":{ + "shape":"FrameworkName", + "documentation":"

The name of the compliance framework that the control maps to.

" + }, + "Item":{ + "shape":"FrameworkItem", + "documentation":"

The specific item or requirement within the framework that the control maps to.

" + } + }, + "documentation":"

A structure that contains details about a framework mapping, including the framework name and specific item within the framework that the control maps to.

" + }, + "FrameworkName":{ + "type":"string", + "max":250, + "min":3 + }, "GetControlRequest":{ "type":"structure", "required":["ControlArn"], @@ -352,6 +516,10 @@ "shape":"ControlArn", "documentation":"

The Amazon Resource Name (ARN) of the control.

" }, + "Aliases":{ + "shape":"ControlAliases", + "documentation":"

A list of alternative identifiers for the control. These are human-readable designators, such as SH.S3.1. Several aliases can refer to the same control across different Amazon Web Services services or compliance frameworks.

" + }, "Name":{ "shape":"String", "documentation":"

The display name of the control.

" @@ -364,6 +532,10 @@ "shape":"ControlBehavior", "documentation":"

A term that identifies the control's functional behavior. One of Preventive, Detective, Proactive

" }, + "Severity":{ + "shape":"ControlSeverity", + "documentation":"

An enumerated type, with the following possible values:

" + }, "RegionConfiguration":{"shape":"RegionConfiguration"}, "Implementation":{ "shape":"ImplementationDetails", @@ -372,9 +544,25 @@ "Parameters":{ "shape":"ControlParameters", "documentation":"

Returns an array of ControlParameter objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters.

" + }, + "CreateTime":{ + "shape":"Timestamp", + "documentation":"

A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.

" + }, + "GovernedResources":{ + "shape":"GovernedResources", + "documentation":"

A list of Amazon Web Services resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as Amazon Web Services CloudFormation resource types. If GovernedResources cannot be represented by available CloudFormation resource types, it’s returned as an empty list.

" } } }, + "GovernedResource":{ + "type":"string", + "pattern":"[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}" + }, + "GovernedResources":{ + "type":"list", + "member":{"shape":"GovernedResource"} + }, "ImplementationDetails":{ "type":"structure", "required":["Type"], @@ -382,16 +570,67 @@ "Type":{ "shape":"ImplementationType", "documentation":"

A string that describes a control's implementation type.

" + }, + "Identifier":{ + "shape":"ImplementationIdentifier", + "documentation":"

A service-specific identifier for the control, assigned by the service that implemented the control. For example, this identifier could be an Amazon Web Services Config Rule ID or a Security Hub Control ID.

" } }, "documentation":"

An object that describes the implementation type for a control.

Our ImplementationDetails Type format has three required segments:

  • SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME

For example, AWS::Config::ConfigRule or AWS::SecurityHub::SecurityControl resources have the format with three required segments.

Our ImplementationDetails Type format has an optional fourth segment, which is present for applicable implementation types. The format is as follows:

  • SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION

For example, AWS::Organizations::Policy::SERVICE_CONTROL_POLICY or AWS::CloudFormation::Type::HOOK have the format with four segments.

Although the format is similar, the values for the Type field do not match any Amazon Web Services CloudFormation values.

" }, + "ImplementationFilter":{ + "type":"structure", + "members":{ + "Types":{ + "shape":"ImplementationTypeFilterList", + "documentation":"

A list of implementation types that can serve as filters. For example, you can filter for controls implemented as Amazon Web Services Config Rules by specifying AWS::Config::ConfigRule as a type.

" + }, + "Identifiers":{ + "shape":"ImplementationIdentifierFilterList", + "documentation":"

A list of service-specific identifiers that can serve as filters. For example, you can filter for controls with specific Amazon Web Services Config Rule IDs or Security Hub Control IDs.

" + } + }, + "documentation":"

A structure that defines filtering criteria for control implementations. You can use this filter to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.

" + }, + "ImplementationIdentifier":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9_\\.-]+" + }, + "ImplementationIdentifierFilterList":{ + "type":"list", + "member":{"shape":"ImplementationIdentifier"}, + "max":1, + "min":1 + }, + "ImplementationSummary":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"ImplementationType", + "documentation":"

A string that represents the Amazon Web Services service that implements this control. For example, a value of AWS::Config::ConfigRule indicates that the control is implemented by Amazon Web Services Config, and AWS::SecurityHub::SecurityControl indicates implementation by Amazon Web Services Security Hub.

" + }, + "Identifier":{ + "shape":"ImplementationIdentifier", + "documentation":"

The identifier originally assigned by the Amazon Web Services service that implements the control. For example, CODEPIPELINE_DEPLOYMENT_COUNT_CHECK.

" + } + }, + "documentation":"

A summary of how the control is implemented, including the Amazon Web Services service that enforces the control and its service-specific identifier. For example, the value of this field could indicate that the control is implemented as an Amazon Web Services Config Rule or an Amazon Web Services Security Hub control.

" + }, "ImplementationType":{ "type":"string", "max":2048, "min":7, "pattern":"[A-Za-z0-9]+(::[A-Za-z0-9_]+){2,3}" }, + "ImplementationTypeFilterList":{ + "type":"list", + "member":{"shape":"ImplementationType"}, + "max":1, + "min":1 + }, "InternalServerException":{ "type":"structure", "members":{ @@ -420,7 +659,7 @@ }, "CommonControlFilter":{ "shape":"CommonControlFilter", - "documentation":"

An optional filter that narrows the results to a specific objective.

This filter allows you to specify one objective ARN at a time. Passing multiple ARNs in the CommonControlFilter isn’t currently supported.

" + "documentation":"

An optional filter that narrows the results to a specific objective.

This filter allows you to specify one objective ARN at a time. Passing multiple ARNs in the CommonControlFilter isn’t supported.

" } } }, @@ -438,6 +677,41 @@ } } }, + "ListControlMappingsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxListControlMappingsResults", + "documentation":"

The maximum number of results on a page or for an API request call.

", + "location":"querystring", + "locationName":"maxResults" + }, + "Filter":{ + "shape":"ControlMappingFilter", + "documentation":"

An optional filter that narrows the results to specific control mappings based on control ARNs, common control ARNs, or mapping types.

" + } + } + }, + "ListControlMappingsResponse":{ + "type":"structure", + "required":["ControlMappings"], + "members":{ + "ControlMappings":{ + "shape":"ControlMappings", + "documentation":"

The list of control mappings that the ListControlMappings API returns.

" + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

The pagination token that's used to fetch the next set of results.

" + } + } + }, "ListControlsRequest":{ "type":"structure", "members":{ @@ -452,6 +726,10 @@ "documentation":"

The maximum number of results on a page or for an API request call.

", "location":"querystring", "locationName":"maxResults" + }, + "Filter":{ + "shape":"ControlFilter", + "documentation":"

An optional filter that narrows the results to controls with specific implementation types or identifiers. If you don't provide a filter, the operation returns all available controls.

" } } }, @@ -517,7 +795,7 @@ }, "ObjectiveFilter":{ "shape":"ObjectiveFilter", - "documentation":"

An optional filter that narrows the results to a specific domain.

This filter allows you to specify one domain ARN at a time. Passing multiple ARNs in the ObjectiveFilter isn’t currently supported.

" + "documentation":"

An optional filter that narrows the results to a specific domain.

This filter allows you to specify one domain ARN at a time. Passing multiple ARNs in the ObjectiveFilter isn’t supported.

" } } }, @@ -535,12 +813,46 @@ } } }, + "Mapping":{ + "type":"structure", + "members":{ + "Framework":{ + "shape":"FrameworkMappingDetails", + "documentation":"

The framework mapping details when the mapping type relates to a compliance framework.

" + }, + "CommonControl":{ + "shape":"CommonControlMappingDetails", + "documentation":"

The common control mapping details when the mapping type relates to a common control.

" + } + }, + "documentation":"

A structure that contains the details of a mapping relationship, which can be either to a framework or to a common control.

", + "union":true + }, + "MappingType":{ + "type":"string", + "enum":[ + "FRAMEWORK", + "COMMON_CONTROL" + ] + }, + "MappingTypeFilterList":{ + "type":"list", + "member":{"shape":"MappingType"}, + "max":1, + "min":1 + }, "MaxListCommonControlsResults":{ "type":"integer", "box":true, "max":100, "min":1 }, + "MaxListControlMappingsResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, "MaxListControlsResults":{ "type":"integer", "box":true, @@ -570,7 +882,7 @@ "members":{ "Domains":{ "shape":"DomainResourceFilterList", - "documentation":"

The domain that's used as filter criteria.

You can use this parameter to specify one domain ARN at a time. Passing multiple ARNs in the ObjectiveFilter isn’t currently supported.

" + "documentation":"

The domain that's used as filter criteria.

You can use this parameter to specify one domain ARN at a time. Passing multiple ARNs in the ObjectiveFilter isn’t supported.

" } }, "documentation":"

An optional filter that narrows the list of objectives to a specific domain.

" @@ -653,7 +965,7 @@ "documentation":"

Regions in which the control is available to be deployed.

" } }, - "documentation":"

Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see Global services.

If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the RegionConfiguration API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions A,B,and C while the control is available in Regions A, B, C, and D, you'd see a response with DeployableRegions of A, B, C, and D for a control with REGIONAL scope, even though you may not intend to deploy the control in Region D, because you do not govern it through your landing zone.

" + "documentation":"

Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see Global services.

If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the RegionConfiguration API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions A,B,and C while the control is available in Regions A, B, C, and D, you'd see a response with DeployableRegions of A, B, C, and D for a control with REGIONAL scope, even though you may not intend to deploy the control in Region D, because you do not govern it through your landing zone.

" }, "ResourceNotFoundException":{ "type":"structure", @@ -695,5 +1007,5 @@ "exception":true } }, - "documentation":"

Welcome to the Amazon Web Services Control Catalog API reference. This guide is for developers who need detailed information about how to programmatically identify and filter the common controls and related metadata that are available to Amazon Web Services customers. This API reference provides descriptions, syntax, and usage examples for each of the actions and data types that are supported by Amazon Web Services Control Catalog.

Use the following links to get started with the Amazon Web Services Control Catalog API:

  • Actions: An alphabetical list of all Control Catalog API operations.

  • Data types: An alphabetical list of all Control Catalog data types.

  • Common parameters: Parameters that all operations can use.

  • Common errors: Client and server errors that all operations can return.

" + "documentation":"

Welcome to the Control Catalog API reference. This guide is for developers who need detailed information about how to programmatically identify and filter the common controls and related metadata that are available to Amazon Web Services customers. This API reference provides descriptions, syntax, and usage examples for each of the actions and data types that are supported by Control Catalog.

Use the following links to get started with the Control Catalog API:

  • Actions: An alphabetical list of all Control Catalog API operations.

  • Data types: An alphabetical list of all Control Catalog data types.

  • Common parameters: Parameters that all operations can use.

  • Common errors: Client and server errors that all operations can return.

" } diff -pruN 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], "endpointPrefix":"controltower", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS Control Tower", "serviceId":"ControlTower", "signatureVersion":"v4", "signingName":"controltower", - "uid":"controltower-2018-05-10", - "auth":["aws.auth#sigv4"] + "uid":"controltower-2018-05-10" }, "operations":{ "CreateLandingZone":{ @@ -24,8 +23,8 @@ "input":{"shape":"CreateLandingZoneInput"}, "output":{"shape":"CreateLandingZoneOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} @@ -42,14 +41,14 @@ "input":{"shape":"DeleteLandingZoneInput"}, "output":{"shape":"DeleteLandingZoneOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.

", + "documentation":"

Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.

Decommissioning a landing zone is a process with significant consequences, and it cannot be undone. We strongly recommend that you perform this decommissioning process only if you intend to stop using your landing zone.

", "idempotent":true }, "DisableBaseline":{ @@ -62,13 +61,13 @@ "input":{"shape":"DisableBaselineInput"}, "output":{"shape":"DisableBaselineOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Disable an EnabledBaseline resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline. For usage examples, see the Amazon Web Services Control Tower User Guide .

", "idempotent":true @@ -83,13 +82,13 @@ "input":{"shape":"DisableControlInput"}, "output":{"shape":"DisableControlOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

This API call turns off a control. It starts an asynchronous operation that deletes Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Controls Reference Guide .

" }, @@ -103,13 +102,13 @@ "input":{"shape":"EnableBaselineInput"}, "output":{"shape":"EnableBaselineOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Enable (apply) a Baseline to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline to the specified Target. For usage examples, see the Amazon Web Services Control Tower User Guide .

" }, @@ -123,13 +122,13 @@ "input":{"shape":"EnableControlInput"}, "output":{"shape":"EnableControlOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Controls Reference Guide .

" }, @@ -146,10 +145,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Retrieve details about an existing Baseline resource by specifying its identifier. For usage examples, see the Amazon Web Services Control Tower User Guide .

" + "documentation":"

Retrieve details about an existing Baseline resource by specifying its identifier. For usage examples, see the Amazon Web Services Control Tower User Guide .

", + "readonly":true }, "GetBaselineOperation":{ "name":"GetBaselineOperation", @@ -164,10 +164,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline. A status message is displayed in case of operation failure. For usage examples, see the Amazon Web Services Control Tower User Guide .

" + "documentation":"

Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline. A status message is displayed in case of operation failure. For usage examples, see the Amazon Web Services Control Tower User Guide .

", + "readonly":true }, "GetControlOperation":{ "name":"GetControlOperation", @@ -182,10 +183,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see the Controls Reference Guide .

" + "documentation":"

Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see the Controls Reference Guide .

", + "readonly":true }, "GetEnabledBaseline":{ "name":"GetEnabledBaseline", @@ -200,10 +202,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Retrieve details of an EnabledBaseline resource by specifying its identifier.

" + "documentation":"

Retrieve details of an EnabledBaseline resource by specifying its identifier.

", + "readonly":true }, "GetEnabledControl":{ "name":"GetEnabledControl", @@ -218,10 +221,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide .

" + "documentation":"

Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide .

", + "readonly":true }, "GetLandingZone":{ "name":"GetLandingZone", @@ -236,10 +240,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns details about the landing zone. Displays a message in case of error.

" + "documentation":"

Returns details about the landing zone. Displays a message in case of error.

", + "readonly":true }, "GetLandingZoneOperation":{ "name":"GetLandingZoneOperation", @@ -254,10 +259,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Returns the status of the specified landing zone operation. Details for an operation are available for 90 days.

" + "documentation":"

Returns the status of the specified landing zone operation. Details for an operation are available for 90 days.

", + "readonly":true }, "ListBaselines":{ "name":"ListBaselines", @@ -274,7 +280,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a summary list of all available baselines. For usage examples, see the Amazon Web Services Control Tower User Guide .

" + "documentation":"

Returns a summary list of all available baselines. For usage examples, see the Amazon Web Services Control Tower User Guide .

", + "readonly":true }, "ListControlOperations":{ "name":"ListControlOperations", @@ -291,7 +298,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Provides a list of operations in progress or queued. For usage examples, see ListControlOperation examples.

" + "documentation":"

Provides a list of operations in progress or queued. For usage examples, see ListControlOperation examples.

", + "readonly":true }, "ListEnabledBaselines":{ "name":"ListEnabledBaselines", @@ -308,7 +316,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources. For usage examples, see the Amazon Web Services Control Tower User Guide .

" + "documentation":"

Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources. For usage examples, see the Amazon Web Services Control Tower User Guide .

", + "readonly":true }, "ListEnabledControls":{ "name":"ListEnabledControls", @@ -323,10 +332,11 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the Controls Reference Guide .

" + "documentation":"

Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the Controls Reference Guide .

", + "readonly":true }, "ListLandingZoneOperations":{ "name":"ListLandingZoneOperations", @@ -343,7 +353,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Lists all landing zone operations from the past 90 days. Results are sorted by time, with the most recent operation first.

" + "documentation":"

Lists all landing zone operations from the past 90 days. Results are sorted by time, with the most recent operation first.

", + "readonly":true }, "ListLandingZones":{ "name":"ListLandingZones", @@ -360,7 +371,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Returns the landing zone ARN for the landing zone deployed in your managed account. This API also creates an ARN for existing accounts that do not yet have a landing zone ARN.

Returns one landing zone ARN.

" + "documentation":"

Returns the landing zone ARN for the landing zone deployed in your managed account. This API also creates an ARN for existing accounts that do not yet have a landing zone ARN.

Returns one landing zone ARN.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -376,7 +388,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns a list of tags associated with the resource. For usage examples, see the Controls Reference Guide .

" + "documentation":"

Returns a list of tags associated with the resource. For usage examples, see the Controls Reference Guide .

", + "readonly":true }, "ResetEnabledBaseline":{ "name":"ResetEnabledBaseline", @@ -388,13 +401,13 @@ "input":{"shape":"ResetEnabledBaselineInput"}, "output":{"shape":"ResetEnabledBaselineOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Re-enables an EnabledBaseline resource. For example, this API can re-apply the existing Baseline after a new member account is moved to the target OU. For usage examples, see the Amazon Web Services Control Tower User Guide .

" }, @@ -408,15 +421,15 @@ "input":{"shape":"ResetEnabledControlInput"}, "output":{"shape":"ResetEnabledControlOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Resets an enabled control.

" + "documentation":"

Resets an enabled control. Does not work for controls implemented with SCPs.

" }, "ResetLandingZone":{ "name":"ResetLandingZone", @@ -428,12 +441,12 @@ "input":{"shape":"ResetLandingZoneInput"}, "output":{"shape":"ResetLandingZoneOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

This API call resets a landing zone. It starts an asynchronous operation that resets the landing zone to the parameters specified in the original configuration, which you specified in the manifest file. Nothing in the manifest file's original landing zone configuration is changed during the reset process, by default. This API is not the same as a rollback of a landing zone version, which is not a supported operation.

" }, @@ -479,13 +492,13 @@ "input":{"shape":"UpdateEnabledBaselineInput"}, "output":{"shape":"UpdateEnabledBaselineOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Updates an EnabledBaseline resource's applied parameters or version. For usage examples, see the Amazon Web Services Control Tower User Guide .

" }, @@ -499,13 +512,13 @@ "input":{"shape":"UpdateEnabledControlInput"}, "output":{"shape":"UpdateEnabledControlOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Updates the configuration of an already enabled control.

If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.

If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower updates the control to match any valid parameters that you supply.

If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling the ResetEnabledControl API. Alternatively, you can call DisableControl and then call EnableControl again. Also, you can run an extending governance operation to repair drift. For usage examples, see the Controls Reference Guide .

" }, @@ -519,12 +532,12 @@ "input":{"shape":"UpdateLandingZoneInput"}, "output":{"shape":"UpdateLandingZoneOutput"}, "errors":[ - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

This API call updates the landing zone. It starts an asynchronous operation that updates the landing zone based on the new landing zone version, or on the changed parameters specified in the updated manifest file.

" } @@ -547,19 +560,15 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" + "pattern":"arn:aws[0-9a-zA-Z_\\-:\\/]+" }, "BaselineArn":{ "type":"string", - "pattern":"^arn:[a-z-]+:controltower:[a-z0-9-]*:[0-9]{0,12}:baseline/[A-Z0-9]{16}$" + "pattern":"arn:[a-z-]+:controltower:[a-z0-9-]*:[0-9]{0,12}:baseline/[A-Z0-9]{16}" }, "BaselineOperation":{ "type":"structure", "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

The end time of the operation (if applicable), in ISO 8601 format.

" - }, "operationIdentifier":{ "shape":"OperationIdentifier", "documentation":"

The identifier of the specified operation.

" @@ -568,13 +577,17 @@ "shape":"BaselineOperationType", "documentation":"

An enumerated type (enum) with possible values of ENABLE_BASELINE, DISABLE_BASELINE, UPDATE_ENABLED_BASELINE, or RESET_ENABLED_BASELINE.

" }, + "status":{ + "shape":"BaselineOperationStatus", + "documentation":"

An enumerated type (enum) with possible values of SUCCEEDED, FAILED, or IN_PROGRESS.

" + }, "startTime":{ "shape":"Timestamp", "documentation":"

The start time of the operation, in ISO 8601 format.

" }, - "status":{ - "shape":"BaselineOperationStatus", - "documentation":"

An enumerated type (enum) with possible values of SUCCEEDED, FAILED, or IN_PROGRESS.

" + "endTime":{ + "shape":"Timestamp", + "documentation":"

The end time of the operation (if applicable), in ISO 8601 format.

" }, "statusMessage":{ "shape":"String", @@ -611,13 +624,13 @@ "shape":"String", "documentation":"

The full ARN of a Baseline.

" }, - "description":{ - "shape":"String", - "documentation":"

A summary description of a Baseline.

" - }, "name":{ "shape":"String", "documentation":"

The human-readable name of a Baseline.

" + }, + "description":{ + "shape":"String", + "documentation":"

A summary description of a Baseline.

" } }, "documentation":"

Returns a summary of information about a Baseline object.

" @@ -626,7 +639,7 @@ "type":"string", "max":10, "min":1, - "pattern":"^\\d+(?:\\.\\d+){0,2}$" + "pattern":"\\d+(?:\\.\\d+){0,2}" }, "Baselines":{ "type":"list", @@ -653,7 +666,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" + "pattern":"arn:aws[0-9a-zA-Z_\\-:\\/]+" }, "ControlIdentifiers":{ "type":"list", @@ -664,22 +677,6 @@ "ControlOperation":{ "type":"structure", "members":{ - "controlIdentifier":{ - "shape":"ControlIdentifier", - "documentation":"

The controlIdentifier of the control for the operation.

" - }, - "enabledControlIdentifier":{ - "shape":"Arn", - "documentation":"

The controlIdentifier of the enabled control.

" - }, - "endTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time that the operation finished.

" - }, - "operationIdentifier":{ - "shape":"OperationIdentifier", - "documentation":"

The identifier of the specified operation.

" - }, "operationType":{ "shape":"ControlOperationType", "documentation":"

One of ENABLE_CONTROL or DISABLE_CONTROL.

" @@ -688,6 +685,10 @@ "shape":"SyntheticTimestamp_date_time", "documentation":"

The time that the operation began.

" }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time that the operation finished.

" + }, "status":{ "shape":"ControlOperationStatus", "documentation":"

One of IN_PROGRESS, SUCEEDED, or FAILED.

" @@ -696,9 +697,21 @@ "shape":"String", "documentation":"

If the operation result is FAILED, this string contains a message explaining why the operation failed.

" }, + "operationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"

The identifier of the specified operation.

" + }, + "controlIdentifier":{ + "shape":"ControlIdentifier", + "documentation":"

The controlIdentifier of the control for the operation.

" + }, "targetIdentifier":{ "shape":"TargetIdentifier", "documentation":"

The target upon which the control operation is working.

" + }, + "enabledControlIdentifier":{ + "shape":"Arn", + "documentation":"

The controlIdentifier of the enabled control.

" } }, "documentation":"

An operation performed by the control.

" @@ -710,9 +723,9 @@ "shape":"ControlIdentifiers", "documentation":"

The set of controlIdentifier returned by the filter.

" }, - "controlOperationTypes":{ - "shape":"ControlOperationTypes", - "documentation":"

The set of ControlOperation objects returned by the filter.

" + "targetIdentifiers":{ + "shape":"TargetIdentifiers", + "documentation":"

The set of targetIdentifier objects returned by the filter.

" }, "enabledControlIdentifiers":{ "shape":"EnabledControlIdentifiers", @@ -722,9 +735,9 @@ "shape":"ControlOperationStatuses", "documentation":"

Lists the status of control operations.

" }, - "targetIdentifiers":{ - "shape":"TargetIdentifiers", - "documentation":"

The set of targetIdentifier objects returned by the filter.

" + "controlOperationTypes":{ + "shape":"ControlOperationTypes", + "documentation":"

The set of ControlOperation objects returned by the filter.

" } }, "documentation":"

A filter object that lets you call ListControlOperations with a specific filter.

" @@ -746,22 +759,6 @@ "ControlOperationSummary":{ "type":"structure", "members":{ - "controlIdentifier":{ - "shape":"ControlIdentifier", - "documentation":"

The controlIdentifier of a control.

" - }, - "enabledControlIdentifier":{ - "shape":"Arn", - "documentation":"

The controlIdentifier of an enabled control.

" - }, - "endTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

The time at which the control operation was completed.

" - }, - "operationIdentifier":{ - "shape":"OperationIdentifier", - "documentation":"

The unique identifier of a control operation.

" - }, "operationType":{ "shape":"ControlOperationType", "documentation":"

The type of operation.

" @@ -770,6 +767,10 @@ "shape":"SyntheticTimestamp_date_time", "documentation":"

The time at which a control operation began.

" }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time at which the control operation was completed.

" + }, "status":{ "shape":"ControlOperationStatus", "documentation":"

The status of the specified control operation.

" @@ -778,9 +779,21 @@ "shape":"String", "documentation":"

A speficic message displayed as part of the control status.

" }, + "operationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"

The unique identifier of a control operation.

" + }, + "controlIdentifier":{ + "shape":"ControlIdentifier", + "documentation":"

The controlIdentifier of a control.

" + }, "targetIdentifier":{ "shape":"TargetIdentifier", "documentation":"

The unique identifier of the target of a control operation.

" + }, + "enabledControlIdentifier":{ + "shape":"Arn", + "documentation":"

The controlIdentifier of an enabled control.

" } }, "documentation":"

A summary of information about the specified control operation.

" @@ -807,21 +820,25 @@ "CreateLandingZoneInput":{ "type":"structure", "required":[ - "manifest", - "version" + "version", + "manifest" ], "members":{ + "version":{ + "shape":"LandingZoneVersion", + "documentation":"

The landing zone version, for example, 3.0.

" + }, "manifest":{ "shape":"Manifest", "documentation":"

The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.

" }, + "remediationTypes":{ + "shape":"RemediationTypes", + "documentation":"

Specifies the types of remediation actions to apply when creating the landing zone, such as automatic drift correction or compliance enforcement.

" + }, "tags":{ "shape":"TagMap", "documentation":"

Tags to be applied to the landing zone.

" - }, - "version":{ - "shape":"LandingZoneVersion", - "documentation":"

The landing zone version, for example, 3.0.

" } } }, @@ -884,10 +901,6 @@ }, "DisableControlInput":{ "type":"structure", - "required":[ - "controlIdentifier", - "targetIdentifier" - ], "members":{ "controlIdentifier":{ "shape":"ControlIdentifier", @@ -896,6 +909,10 @@ "targetIdentifier":{ "shape":"TargetIdentifier", "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" + }, + "enabledControlIdentifier":{ + "shape":"Arn", + "documentation":"

The ARN of the enabled control to be disabled, which uniquely identifies the control instance on the target organizational unit.

" } } }, @@ -911,8 +928,7 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "DriftStatus":{ @@ -930,6 +946,10 @@ "driftStatus":{ "shape":"DriftStatus", "documentation":"

The drift status of the enabled control.

Valid values:

  • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.

  • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.

  • NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

  • UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.

" + }, + "types":{ + "shape":"EnabledControlDriftTypes", + "documentation":"

An object that categorizes the different types of drift detected for the enabled control.

" } }, "documentation":"

The drift summary of the enabled control.

Amazon Web Services Control Tower expects the enabled control configuration to include all supported and governed Regions. If the enabled control differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

" @@ -943,15 +963,11 @@ "EnableBaselineInput":{ "type":"structure", "required":[ - "baselineIdentifier", "baselineVersion", + "baselineIdentifier", "targetIdentifier" ], "members":{ - "baselineIdentifier":{ - "shape":"Arn", - "documentation":"

The ARN of the baseline to be enabled.

" - }, "baselineVersion":{ "shape":"BaselineVersion", "documentation":"

The specific version to be enabled of the specified baseline.

" @@ -960,30 +976,34 @@ "shape":"EnabledBaselineParameters", "documentation":"

A list of key-value objects that specify enablement parameters, where key is a string and value is a document of any type.

" }, - "tags":{ - "shape":"TagMap", - "documentation":"

Tags associated with input to EnableBaseline.

" + "baselineIdentifier":{ + "shape":"Arn", + "documentation":"

The ARN of the baseline to be enabled.

" }, "targetIdentifier":{ "shape":"Arn", "documentation":"

The ARN of the target on which the baseline will be enabled. Only OUs are supported as targets.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

Tags associated with input to EnableBaseline.

" } } }, "EnableBaselineOutput":{ "type":"structure", "required":[ - "arn", - "operationIdentifier" + "operationIdentifier", + "arn" ], "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

The ARN of the EnabledBaseline resource.

" - }, "operationIdentifier":{ "shape":"OperationIdentifier", "documentation":"

The ID (in UUID format) of the asynchronous EnableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.

" + }, + "arn":{ + "shape":"Arn", + "documentation":"

The ARN of the EnabledBaseline resource.

" } } }, @@ -998,17 +1018,17 @@ "shape":"ControlIdentifier", "documentation":"

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.

" }, - "parameters":{ - "shape":"EnabledControlParameters", - "documentation":"

A list of input parameter values, which are specified to configure the control when you enable it.

" + "targetIdentifier":{ + "shape":"TargetIdentifier", + "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" }, "tags":{ "shape":"TagMap", "documentation":"

Tags to be applied to the EnabledControl resource.

" }, - "targetIdentifier":{ - "shape":"TargetIdentifier", - "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" + "parameters":{ + "shape":"EnabledControlParameters", + "documentation":"

A list of input parameter values, which are specified to configure the control when you enable it.

" } } }, @@ -1016,13 +1036,13 @@ "type":"structure", "required":["operationIdentifier"], "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

The ARN of the EnabledControl resource.

" - }, "operationIdentifier":{ "shape":"OperationIdentifier", "documentation":"

The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

" + }, + "arn":{ + "shape":"Arn", + "documentation":"

The ARN of the EnabledControl resource.

" } } }, @@ -1037,8 +1057,8 @@ "required":[ "arn", "baselineIdentifier", - "statusSummary", - "targetIdentifier" + "targetIdentifier", + "statusSummary" ], "members":{ "arn":{ @@ -1053,25 +1073,72 @@ "shape":"String", "documentation":"

The enabled version of the Baseline.

" }, - "parameters":{ - "shape":"EnabledBaselineParameterSummaries", - "documentation":"

Shows the parameters that are applied when enabling this Baseline.

" + "driftStatusSummary":{ + "shape":"EnabledBaselineDriftStatusSummary", + "documentation":"

The drift status of the enabled baseline.

" + }, + "targetIdentifier":{ + "shape":"String", + "documentation":"

The target on which to enable the Baseline.

" }, "parentIdentifier":{ "shape":"Arn", "documentation":"

An ARN that represents the parent EnabledBaseline at the Organizational Unit (OU) level, from which the child EnabledBaseline inherits its configuration. The value is returned by GetEnabledBaseline.

" }, "statusSummary":{"shape":"EnablementStatusSummary"}, - "targetIdentifier":{ - "shape":"String", - "documentation":"

The target on which to enable the Baseline.

" + "parameters":{ + "shape":"EnabledBaselineParameterSummaries", + "documentation":"

Shows the parameters that are applied when enabling this Baseline.

" } }, "documentation":"

Details of the EnabledBaseline resource.

" }, + "EnabledBaselineDriftStatus":{ + "type":"string", + "enum":[ + "IN_SYNC", + "DRIFTED" + ] + }, + "EnabledBaselineDriftStatusSummary":{ + "type":"structure", + "members":{ + "types":{ + "shape":"EnabledBaselineDriftTypes", + "documentation":"

The types of drift that can be detected for an enabled baseline. Amazon Web Services Control Tower detects inheritance drift on enabled baselines that apply at the OU level.

" + } + }, + "documentation":"

The drift summary of the enabled baseline. Amazon Web Services Control Tower reports inheritance drift when an enabled baseline configuration of a member account is different than the configuration that applies to the OU. Amazon Web Services Control Tower reports this type of drift for a parent or child enabled baseline. One way to repair this drift by resetting the parent enabled baseline, on the OU.

For example, you may see this type of drift if you move accounts between OUs, but the accounts are not yet (re-)enrolled.

" + }, + "EnabledBaselineDriftStatuses":{ + "type":"list", + "member":{"shape":"EnabledBaselineDriftStatus"}, + "max":1, + "min":1 + }, + "EnabledBaselineDriftTypes":{ + "type":"structure", + "members":{ + "inheritance":{ + "shape":"EnabledBaselineInheritanceDrift", + "documentation":"

At least one account within the target OU does not match the baseline configuration defined on that OU. An account is in inheritance drift when it does not match the configuration of a parent OU, possibly a new parent OU, if the account is moved.

" + } + }, + "documentation":"

The types of drift that can be detected for an enabled baseline.

  • Amazon Web Services Control Tower detects inheritance drift on the enabled baselines that target OUs: AWSControlTowerBaseline and BackupBaseline.

  • Amazon Web Services Control Tower does not detect drift on the baselines that apply to your landing zone: IdentityCenterBaseline, AuditBaseline, LogArchiveBaseline, BackupCentralVaultBaseline, or BackupAdminBaseline. For more information, see Types of baselines.

Baselines enabled on an OU are inherited by its member accounts as child EnabledBaseline resources. The baseline on the OU serves as the parent EnabledBaseline, which governs the configuration of each child EnabledBaseline.

If the baseline configuration of a member account in an OU does not match the configuration of the parent OU, the parent and child baseline is in a state of inheritance drift. This drift could occur in the AWSControlTowerBaseline or the BackupBaseline related to that account.

" + }, + "EnabledBaselineEnablementStatuses":{ + "type":"list", + "member":{"shape":"EnablementStatus"}, + "max":1, + "min":1 + }, "EnabledBaselineFilter":{ "type":"structure", "members":{ + "targetIdentifiers":{ + "shape":"EnabledBaselineTargetIdentifiers", + "documentation":"

Identifiers for the targets of the Baseline filter operation.

" + }, "baselineIdentifiers":{ "shape":"EnabledBaselineBaselineIdentifiers", "documentation":"

Identifiers for the Baseline objects returned as part of the filter operation.

" @@ -1080,13 +1147,27 @@ "shape":"EnabledBaselineParentIdentifiers", "documentation":"

An optional filter that sets up a list of parentIdentifiers to filter the results of the ListEnabledBaseline output.

" }, - "targetIdentifiers":{ - "shape":"EnabledBaselineTargetIdentifiers", - "documentation":"

Identifiers for the targets of the Baseline filter operation.

" + "statuses":{ + "shape":"EnabledBaselineEnablementStatuses", + "documentation":"

A list of EnablementStatus items.

" + }, + "inheritanceDriftStatuses":{ + "shape":"EnabledBaselineDriftStatuses", + "documentation":"

A list of EnabledBaselineDriftStatus items for enabled baselines.

" } }, "documentation":"

A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers. The filter can be applied for either, or both.

" }, + "EnabledBaselineInheritanceDrift":{ + "type":"structure", + "members":{ + "status":{ + "shape":"EnabledBaselineDriftStatus", + "documentation":"

The inheritance drift status for enabled baselines.

" + } + }, + "documentation":"

The inheritance drift summary for the enabled baseline. Inheritance drift occurs when any accounts in the target OU do not match the baseline configuration defined on that OU.

" + }, "EnabledBaselineParameter":{ "type":"structure", "required":[ @@ -1107,8 +1188,7 @@ }, "EnabledBaselineParameterDocument":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "EnabledBaselineParameterSummaries":{ @@ -1148,8 +1228,8 @@ "required":[ "arn", "baselineIdentifier", - "statusSummary", - "targetIdentifier" + "targetIdentifier", + "statusSummary" ], "members":{ "arn":{ @@ -1164,15 +1244,19 @@ "shape":"String", "documentation":"

The enabled version of the baseline.

" }, - "parentIdentifier":{ - "shape":"Arn", - "documentation":"

An ARN that represents an object returned by ListEnabledBaseline, to describe an enabled baseline.

" + "driftStatusSummary":{ + "shape":"EnabledBaselineDriftStatusSummary", + "documentation":"

The drift status of the enabled baseline.

" }, - "statusSummary":{"shape":"EnablementStatusSummary"}, "targetIdentifier":{ "shape":"String", "documentation":"

The target upon which the baseline is enabled.

" - } + }, + "parentIdentifier":{ + "shape":"Arn", + "documentation":"

An ARN that represents an object returned by ListEnabledBaseline, to describe an enabled baseline.

" + }, + "statusSummary":{"shape":"EnablementStatusSummary"} }, "documentation":"

Returns a summary of information about an EnabledBaseline object.

" }, @@ -1197,29 +1281,47 @@ "shape":"ControlIdentifier", "documentation":"

The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.

" }, - "driftStatusSummary":{ - "shape":"DriftStatusSummary", - "documentation":"

The drift status of the enabled control.

" - }, - "parameters":{ - "shape":"EnabledControlParameterSummaries", - "documentation":"

Array of EnabledControlParameter objects.

" + "targetIdentifier":{ + "shape":"TargetIdentifier", + "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" }, "statusSummary":{ "shape":"EnablementStatusSummary", "documentation":"

The deployment summary of the enabled control.

" }, - "targetIdentifier":{ - "shape":"TargetIdentifier", - "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" + "driftStatusSummary":{ + "shape":"DriftStatusSummary", + "documentation":"

The drift status of the enabled control.

" + }, + "parentIdentifier":{ + "shape":"ParentIdentifier", + "documentation":"

The ARN of the parent enabled control from which this control inherits its configuration, if applicable.

" }, "targetRegions":{ "shape":"TargetRegions", "documentation":"

Target Amazon Web Services Regions for the enabled control.

" + }, + "parameters":{ + "shape":"EnabledControlParameterSummaries", + "documentation":"

Array of EnabledControlParameter objects.

" } }, "documentation":"

Information about the enabled control.

" }, + "EnabledControlDriftTypes":{ + "type":"structure", + "members":{ + "inheritance":{ + "shape":"EnabledControlInheritanceDrift", + "documentation":"

Indicates drift related to inheritance configuration between parent and child controls.

" + }, + "resource":{ + "shape":"EnabledControlResourceDrift", + "documentation":"

Indicates drift related to the underlying Amazon Web Services resources managed by the control.

" + } + }, + "documentation":"

Defines the various categories of drift that can occur for an enabled control resource.

" + }, "EnabledControlFilter":{ "type":"structure", "members":{ @@ -1227,13 +1329,25 @@ "shape":"ControlIdentifiers", "documentation":"

The set of controlIdentifier returned by the filter.

" }, + "statuses":{ + "shape":"EnablementStatuses", + "documentation":"

A list of EnablementStatus items.

" + }, "driftStatuses":{ "shape":"DriftStatuses", "documentation":"

A list of DriftStatus items.

" }, - "statuses":{ - "shape":"EnablementStatuses", - "documentation":"

A list of EnablementStatus items.

" + "parentIdentifiers":{ + "shape":"ParentIdentifiers", + "documentation":"

Filters enabled controls by their parent control identifiers, allowing you to find child controls of specific parent controls.

" + }, + "inheritanceDriftStatuses":{ + "shape":"DriftStatuses", + "documentation":"

Filters enabled controls by their inheritance drift status, allowing you to find controls with specific inheritance-related drift conditions.

" + }, + "resourceDriftStatuses":{ + "shape":"DriftStatuses", + "documentation":"

Filters enabled controls by their resource drift status, allowing you to find controls with specific resource-related drift conditions.

" } }, "documentation":"

A structure that returns a set of control identifiers, the control status for each control in the set, and the drift status for each control in the set.

" @@ -1244,6 +1358,16 @@ "max":1, "min":1 }, + "EnabledControlInheritanceDrift":{ + "type":"structure", + "members":{ + "status":{ + "shape":"DriftStatus", + "documentation":"

The status of inheritance drift for the enabled control, indicating whether inheritance configuration matches expectations.

" + } + }, + "documentation":"

Represents drift information related to control inheritance between organizational units.

" + }, "EnabledControlParameter":{ "type":"structure", "required":[ @@ -1288,6 +1412,16 @@ "type":"list", "member":{"shape":"EnabledControlParameter"} }, + "EnabledControlResourceDrift":{ + "type":"structure", + "members":{ + "status":{ + "shape":"DriftStatus", + "documentation":"

The status of resource drift for the enabled control, indicating whether the underlying resources match the expected configuration.

" + } + }, + "documentation":"

Represents drift information related to the underlying Amazon Web Services resources managed by the control.

" + }, "EnabledControlSummary":{ "type":"structure", "members":{ @@ -1299,17 +1433,21 @@ "shape":"ControlIdentifier", "documentation":"

The controlIdentifier of the enabled control.

" }, - "driftStatusSummary":{ - "shape":"DriftStatusSummary", - "documentation":"

The drift status of the enabled control.

" + "targetIdentifier":{ + "shape":"TargetIdentifier", + "documentation":"

The ARN of the organizational unit.

" }, "statusSummary":{ "shape":"EnablementStatusSummary", "documentation":"

A short description of the status of the enabled control.

" }, - "targetIdentifier":{ - "shape":"TargetIdentifier", - "documentation":"

The ARN of the organizational unit.

" + "driftStatusSummary":{ + "shape":"DriftStatusSummary", + "documentation":"

The drift status of the enabled control.

" + }, + "parentIdentifier":{ + "shape":"ParentIdentifier", + "documentation":"

The ARN of the parent enabled control from which this control inherits its configuration, if applicable.

" } }, "documentation":"

Returns a summary of information about an enabled control.

" @@ -1329,13 +1467,13 @@ "EnablementStatusSummary":{ "type":"structure", "members":{ - "lastOperationIdentifier":{ - "shape":"OperationIdentifier", - "documentation":"

The last operation identifier for the enabled resource.

" - }, "status":{ "shape":"EnablementStatus", "documentation":"

The deployment status of the enabled resource.

Valid values:

  • SUCCEEDED: The EnabledControl or EnabledBaseline configuration was deployed successfully.

  • UNDER_CHANGE: The EnabledControl or EnabledBaseline configuration is changing.

  • FAILED: The EnabledControl or EnabledBaseline configuration failed to deploy.

" + }, + "lastOperationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"

The last operation identifier for the enabled resource.

" } }, "documentation":"

The deployment summary of an EnabledControl or EnabledBaseline resource.

" @@ -1387,13 +1525,13 @@ "shape":"BaselineArn", "documentation":"

The baseline ARN.

" }, - "description":{ - "shape":"String", - "documentation":"

A description of the baseline.

" - }, "name":{ "shape":"String", "documentation":"

A user-friendly name for the baseline.

" + }, + "description":{ + "shape":"String", + "documentation":"

A description of the baseline.

" } } }, @@ -1515,33 +1653,37 @@ "LandingZoneDetail":{ "type":"structure", "required":[ - "manifest", - "version" + "version", + "manifest" ], "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

The ARN of the landing zone.

" - }, - "driftStatus":{ - "shape":"LandingZoneDriftStatusSummary", - "documentation":"

The drift status of the landing zone.

" - }, - "latestAvailableVersion":{ + "version":{ "shape":"LandingZoneVersion", - "documentation":"

The latest available version of the landing zone.

" + "documentation":"

The landing zone's current deployed version.

" }, "manifest":{ "shape":"Manifest", "documentation":"

The landing zone manifest JSON text file that specifies the landing zone configurations.

" }, + "remediationTypes":{ + "shape":"RemediationTypes", + "documentation":"

The types of remediation actions configured for the landing zone, such as automatic drift correction or compliance enforcement.

" + }, + "arn":{ + "shape":"Arn", + "documentation":"

The ARN of the landing zone.

" + }, "status":{ "shape":"LandingZoneStatus", "documentation":"

The landing zone deployment status. One of ACTIVE, PROCESSING, FAILED.

" }, - "version":{ + "latestAvailableVersion":{ "shape":"LandingZoneVersion", - "documentation":"

The landing zone's current deployed version.

" + "documentation":"

The latest available version of the landing zone.

" + }, + "driftStatus":{ + "shape":"LandingZoneDriftStatusSummary", + "documentation":"

The drift status of the landing zone.

" } }, "documentation":"

Information about the landing zone.

" @@ -1566,25 +1708,25 @@ "LandingZoneOperationDetail":{ "type":"structure", "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

The landing zone operation end time.

" + "operationType":{ + "shape":"LandingZoneOperationType", + "documentation":"

The landing zone operation type.

Valid values:

  • DELETE: The DeleteLandingZone operation.

  • CREATE: The CreateLandingZone operation.

  • UPDATE: The UpdateLandingZone operation.

  • RESET: The ResetLandingZone operation.

" }, "operationIdentifier":{ "shape":"OperationIdentifier", "documentation":"

The operationIdentifier of the landing zone operation.

" }, - "operationType":{ - "shape":"LandingZoneOperationType", - "documentation":"

The landing zone operation type.

Valid values:

  • DELETE: The DeleteLandingZone operation.

  • CREATE: The CreateLandingZone operation.

  • UPDATE: The UpdateLandingZone operation.

  • RESET: The ResetLandingZone operation.

" + "status":{ + "shape":"LandingZoneOperationStatus", + "documentation":"

Valid values:

  • SUCCEEDED: The landing zone operation succeeded.

  • IN_PROGRESS: The landing zone operation is in progress.

  • FAILED: The landing zone operation failed.

" }, "startTime":{ "shape":"Timestamp", "documentation":"

The landing zone operation start time.

" }, - "status":{ - "shape":"LandingZoneOperationStatus", - "documentation":"

Valid values:

  • SUCCEEDED: The landing zone operation succeeded.

  • IN_PROGRESS: The landing zone operation is in progress.

  • FAILED: The landing zone operation failed.

" + "endTime":{ + "shape":"Timestamp", + "documentation":"

The landing zone operation end time.

" }, "statusMessage":{ "shape":"String", @@ -1596,13 +1738,13 @@ "LandingZoneOperationFilter":{ "type":"structure", "members":{ - "statuses":{ - "shape":"LandingZoneOperationStatuses", - "documentation":"

The statuses of the set of landing zone operations selected by the filter.

" - }, "types":{ "shape":"LandingZoneOperationTypes", "documentation":"

The set of landing zone operation types selected by the filter.

" + }, + "statuses":{ + "shape":"LandingZoneOperationStatuses", + "documentation":"

The statuses of the set of landing zone operations selected by the filter.

" } }, "documentation":"

A filter object that lets you call ListLandingZoneOperations with a specific filter.

" @@ -1624,14 +1766,14 @@ "LandingZoneOperationSummary":{ "type":"structure", "members":{ - "operationIdentifier":{ - "shape":"OperationIdentifier", - "documentation":"

The operationIdentifier of the landing zone operation.

" - }, "operationType":{ "shape":"LandingZoneOperationType", "documentation":"

The type of the landing zone operation.

" }, + "operationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"

The operationIdentifier of the landing zone operation.

" + }, "status":{ "shape":"LandingZoneOperationStatus", "documentation":"

The status of the landing zone operation.

" @@ -1680,18 +1822,18 @@ "type":"string", "max":10, "min":3, - "pattern":"^\\d+.\\d+$" + "pattern":"\\d+.\\d+" }, "ListBaselinesInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListBaselinesMaxResults", - "documentation":"

The maximum number of results to be shown.

" - }, "nextToken":{ "shape":"String", "documentation":"

A pagination token.

" + }, + "maxResults":{ + "shape":"ListBaselinesMaxResults", + "documentation":"

The maximum number of results to be shown.

" } } }, @@ -1722,13 +1864,13 @@ "shape":"ControlOperationFilter", "documentation":"

An input filter for the ListControlOperations API that lets you select the types of control operations to view.

" }, - "maxResults":{ - "shape":"ListControlOperationsMaxResults", - "documentation":"

The maximum number of results to be shown.

" - }, "nextToken":{ "shape":"ListControlOperationsNextToken", "documentation":"

A pagination token.

" + }, + "maxResults":{ + "shape":"ListControlOperationsMaxResults", + "documentation":"

The maximum number of results to be shown.

" } } }, @@ -1740,7 +1882,7 @@ }, "ListControlOperationsNextToken":{ "type":"string", - "pattern":"\\S+" + "pattern":".*\\S+.*" }, "ListControlOperationsOutput":{ "type":"structure", @@ -1763,17 +1905,17 @@ "shape":"EnabledBaselineFilter", "documentation":"

A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers. The filter can be applied for either, or both.

" }, - "includeChildren":{ - "shape":"Boolean", - "documentation":"

A value that can be set to include the child enabled baselines in responses. The default value is false.

" + "nextToken":{ + "shape":"ListEnabledBaselinesNextToken", + "documentation":"

A pagination token.

" }, "maxResults":{ "shape":"ListEnabledBaselinesMaxResults", "documentation":"

The maximum number of results to be shown.

" }, - "nextToken":{ - "shape":"ListEnabledBaselinesNextToken", - "documentation":"

A pagination token.

" + "includeChildren":{ + "shape":"Boolean", + "documentation":"

A value that can be set to include the child enabled baselines in responses. The default value is false.

" } } }, @@ -1785,7 +1927,7 @@ }, "ListEnabledBaselinesNextToken":{ "type":"string", - "pattern":"\\S+" + "pattern":".*\\S+.*" }, "ListEnabledBaselinesOutput":{ "type":"structure", @@ -1804,21 +1946,25 @@ "ListEnabledControlsInput":{ "type":"structure", "members":{ - "filter":{ - "shape":"EnabledControlFilter", - "documentation":"

An input filter for the ListEnabledControls API that lets you select the types of control operations to view.

" + "targetIdentifier":{ + "shape":"TargetIdentifier", + "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The token to continue the list from a previous API call with the same parameters.

" }, "maxResults":{ "shape":"MaxResults", "documentation":"

How many results to return per API call.

" }, - "nextToken":{ - "shape":"String", - "documentation":"

The token to continue the list from a previous API call with the same parameters.

" + "filter":{ + "shape":"EnabledControlFilter", + "documentation":"

An input filter for the ListEnabledControls API that lets you select the types of control operations to view.

" }, - "targetIdentifier":{ - "shape":"TargetIdentifier", - "documentation":"

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

" + "includeChildren":{ + "shape":"Boolean", + "documentation":"

A boolean value that determines whether to include enabled controls from child organizational units in the response.

" } } }, @@ -1843,13 +1989,13 @@ "shape":"LandingZoneOperationFilter", "documentation":"

An input filter for the ListLandingZoneOperations API that lets you select the types of landing zone operations to view.

" }, - "maxResults":{ - "shape":"ListLandingZoneOperationsMaxResults", - "documentation":"

How many results to return per API call.

" - }, "nextToken":{ "shape":"String", "documentation":"

The token to continue the list from a previous API call with the same parameters.

" + }, + "maxResults":{ + "shape":"ListLandingZoneOperationsMaxResults", + "documentation":"

How many results to return per API call.

" } } }, @@ -1876,13 +2022,13 @@ "ListLandingZonesInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListLandingZonesMaxResults", - "documentation":"

The maximum number of returned landing zone ARNs, which is one.

" - }, "nextToken":{ "shape":"String", "documentation":"

The token to continue the list from a previous API call with the same parameters.

" + }, + "maxResults":{ + "shape":"ListLandingZonesMaxResults", + "documentation":"

The maximum number of returned landing zone ARNs, which is one.

" } } }, @@ -1936,8 +2082,7 @@ }, "Manifest":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "MaxResults":{ @@ -1950,7 +2095,19 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, + "ParentIdentifier":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws[0-9a-zA-Z_\\-:\\/]+" + }, + "ParentIdentifiers":{ + "type":"list", + "member":{"shape":"ParentIdentifier"}, + "max":1, + "min":1 }, "Region":{ "type":"structure", @@ -1967,6 +2124,16 @@ "max":50, "min":1 }, + "RemediationType":{ + "type":"string", + "enum":["INHERITANCE_DRIFT"] + }, + "RemediationTypes":{ + "type":"list", + "member":{"shape":"RemediationType"}, + "max":1, + "min":1 + }, "ResetEnabledBaselineInput":{ "type":"structure", "required":["enabledBaselineIdentifier"], @@ -2046,7 +2213,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

", + "documentation":"

The request would cause a service quota to be exceeded. See Service quotas.

", "error":{ "httpStatusCode":402, "senderFault":true @@ -2097,8 +2264,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2109,7 +2275,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" + "pattern":"arn:aws[0-9a-zA-Z_\\-:\\/]+" }, "TargetIdentifiers":{ "type":"list", @@ -2126,6 +2292,10 @@ "required":["message"], "members":{ "message":{"shape":"String"}, + "serviceCode":{ + "shape":"String", + "documentation":"

The ID of the service that is associated with the error.

" + }, "quotaCode":{ "shape":"String", "documentation":"

The ID of the service quota that was exceeded.

" @@ -2135,10 +2305,6 @@ "documentation":"

The number of seconds the caller should wait before retrying.

", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"String", - "documentation":"

The ID of the service that is associated with the error.

" } }, "documentation":"

The request was denied due to request throttling.

", @@ -2176,8 +2342,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEnabledBaselineInput":{ "type":"structure", @@ -2190,13 +2355,13 @@ "shape":"BaselineVersion", "documentation":"

Specifies the new Baseline version, to which the EnabledBaseline should be updated.

" }, - "enabledBaselineIdentifier":{ - "shape":"Arn", - "documentation":"

Specifies the EnabledBaseline resource to be updated.

" - }, "parameters":{ "shape":"EnabledBaselineParameters", "documentation":"

Parameters to apply when making an update.

" + }, + "enabledBaselineIdentifier":{ + "shape":"Arn", + "documentation":"

Specifies the EnabledBaseline resource to be updated.

" } } }, @@ -2213,17 +2378,17 @@ "UpdateEnabledControlInput":{ "type":"structure", "required":[ - "enabledControlIdentifier", - "parameters" + "parameters", + "enabledControlIdentifier" ], "members":{ - "enabledControlIdentifier":{ - "shape":"Arn", - "documentation":"

The ARN of the enabled control that will be updated.

" - }, "parameters":{ "shape":"EnabledControlParameters", "documentation":"

A key/value pair, where Key is of type String and Value is of type Document.

" + }, + "enabledControlIdentifier":{ + "shape":"Arn", + "documentation":"

The ARN of the enabled control that will be updated.

" } } }, @@ -2240,22 +2405,26 @@ "UpdateLandingZoneInput":{ "type":"structure", "required":[ - "landingZoneIdentifier", + "version", "manifest", - "version" + "landingZoneIdentifier" ], "members":{ - "landingZoneIdentifier":{ - "shape":"String", - "documentation":"

The unique identifier of the landing zone.

" + "version":{ + "shape":"LandingZoneVersion", + "documentation":"

The landing zone version, for example, 3.2.

" }, "manifest":{ "shape":"Manifest", "documentation":"

The manifest file (JSON) is a text file that describes your Amazon Web Services resources. For an example, review Launch your landing zone. The example manifest file contains each of the available parameters. The schema for the landing zone's JSON manifest file is not published, by design.

" }, - "version":{ - "shape":"LandingZoneVersion", - "documentation":"

The landing zone version, for example, 3.2.

" + "remediationTypes":{ + "shape":"RemediationTypes", + "documentation":"

Specifies the types of remediation actions to apply when updating the landing zone configuration.

" + }, + "landingZoneIdentifier":{ + "shape":"String", + "documentation":"

The unique identifier of the landing zone.

" } } }, @@ -2283,5 +2452,5 @@ "exception":true } }, - "documentation":"

Amazon Web Services Control Tower offers application programming interface (API) operations that support programmatic interaction with these types of resources:

For more information about these types of resources, see the Amazon Web Services Control Tower User Guide .

About control APIs

These interfaces allow you to apply the Amazon Web Services library of pre-defined controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.

To call these APIs, you'll need to know:

  • the controlIdentifier for the control--or guardrail--you are targeting.

  • the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

  • the ARN associated with a resource that you wish to tag or untag.

To get the controlIdentifier for your Amazon Web Services Control Tower control:

The controlIdentifier is an ARN that is specified for each control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

About identifiers for Amazon Web Services Control Tower

The Amazon Web Services Control Tower controlIdentifier is unique in each Amazon Web Services Region for each control. You can find the controlIdentifier for each Region and control in the Tables of control metadata or the Control availability by Region tables in the Amazon Web Services Control Tower Controls Reference Guide.

A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and Elective controls is given in Resource identifiers for APIs and controls in the Amazon Web Services Control Tower Controls Reference Guide . Remember that Mandatory controls cannot be added or removed.

Some controls have two identifiers

  • ARN format for Amazon Web Services Control Tower: arn:aws:controltower:{REGION}::control/{CONTROL_TOWER_OPAQUE_ID}

    Example:

    arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • ARN format for Amazon Web Services Control Catalog: arn:{PARTITION}:controlcatalog:::control/{CONTROL_CATALOG_OPAQUE_ID}

You can find the {CONTROL_CATALOG_OPAQUE_ID} in the Amazon Web Services Control Tower Controls Reference Guide , or in the Amazon Web Services Control Tower console, on the Control details page.

The Amazon Web Services Control Tower APIs for enabled controls, such as GetEnabledControl and ListEnabledControls always return an ARN of the same type given when the control was enabled.

To get the targetIdentifier:

The targetIdentifier is the ARN for an OU.

In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

OU ARN format:

arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}

About landing zone APIs

You can configure and launch an Amazon Web Services Control Tower landing zone with APIs. For an introduction and steps, see Getting started with Amazon Web Services Control Tower using APIs.

For an overview of landing zone API operations, see Amazon Web Services Control Tower supports landing zone APIs. The individual API operations for landing zones are detailed in this document, the API reference manual, in the \"Actions\" section.

About baseline APIs

You can apply the AWSControlTowerBaseline baseline to an organizational unit (OU) as a way to register the OU with Amazon Web Services Control Tower, programmatically. For a general overview of this capability, see Amazon Web Services Control Tower supports APIs for OU registration and configuration with baselines.

You can call the baseline API operations to view the baselines that Amazon Web Services Control Tower enables for your landing zone, on your behalf, when setting up the landing zone. These baselines are read-only baselines.

The individual API operations for baselines are detailed in this document, the API reference manual, in the \"Actions\" section. For usage examples, see Baseline API input and output examples with CLI.

About Amazon Web Services Control Catalog identifiers

  • The EnableControl and DisableControl API operations can be called by specifying either the Amazon Web Services Control Tower identifer or the Amazon Web Services Control Catalog identifier. The API response returns the same type of identifier that you specified when calling the API.

  • If you use an Amazon Web Services Control Tower identifier to call the EnableControl API, and then call EnableControl again with an Amazon Web Services Control Catalog identifier, Amazon Web Services Control Tower returns an error message stating that the control is already enabled. Similar behavior applies to the DisableControl API operation.

  • Mandatory controls and the landing-zone-level Region deny control have Amazon Web Services Control Tower identifiers only.

Details and examples

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower

Recording API Requests

Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for CloudTrail, see Logging Amazon Web Services Control Tower Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User Guide.

" + "documentation":"

Amazon Web Services Control Tower offers application programming interface (API) operations that support programmatic interaction with these types of resources:

For more information about these types of resources, see the Amazon Web Services Control Tower User Guide .

About control APIs

These interfaces allow you to apply the Amazon Web Services library of pre-defined controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.

To call these APIs, you'll need to know:

  • the controlIdentifier for the control--or guardrail--you are targeting.

  • the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

  • the ARN associated with a resource that you wish to tag or untag.

To get the controlIdentifier for your Amazon Web Services Control Tower control:

The controlIdentifier is an ARN that is specified for each control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

About identifiers for Amazon Web Services Control Tower

The Amazon Web Services Control Tower controlIdentifier is unique in each Amazon Web Services Region for each control. You can find the controlIdentifier for each Region and control in the Tables of control metadata or the Control availability by Region tables in the Amazon Web Services Control Tower Controls Reference Guide.

A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and Elective controls is given in Resource identifiers for APIs and controls in the Amazon Web Services Control Tower Controls Reference Guide . Remember that Mandatory controls cannot be added or removed.

Some controls have two identifiers

  • ARN format for Amazon Web Services Control Tower: arn:aws:controltower:{REGION}::control/{CONTROL_TOWER_OPAQUE_ID}

    Example:

    arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED

  • ARN format for Amazon Web Services Control Catalog: arn:{PARTITION}:controlcatalog:::control/{CONTROL_CATALOG_OPAQUE_ID}

You can find the {CONTROL_CATALOG_OPAQUE_ID} in the Amazon Web Services Control Tower Controls Reference Guide , or in the Amazon Web Services Control Tower console, on the Control details page.

The Amazon Web Services Control Tower APIs for enabled controls, such as GetEnabledControl and ListEnabledControls always return an ARN of the same type given when the control was enabled.

To get the targetIdentifier:

The targetIdentifier is the ARN for an OU.

In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

OU ARN format:

arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}

About landing zone APIs

You can configure and launch an Amazon Web Services Control Tower landing zone with APIs. For an introduction and steps, see Getting started with Amazon Web Services Control Tower using APIs.

For an overview of landing zone API operations, see Amazon Web Services Control Tower supports landing zone APIs. The individual API operations for landing zones are detailed in this document, the API reference manual, in the \"Actions\" section.

About baseline APIs

You can apply the AWSControlTowerBaseline baseline to an organizational unit (OU) as a way to register the OU with Amazon Web Services Control Tower, programmatically. For a general overview of this capability, see Amazon Web Services Control Tower supports APIs for OU registration and configuration with baselines.

You can call the baseline API operations to view the baselines that Amazon Web Services Control Tower enables for your landing zone, on your behalf, when setting up the landing zone. These baselines are read-only baselines.

The individual API operations for baselines are detailed in this document, the API reference manual, in the \"Actions\" section. For usage examples, see Baseline API input and output examples with CLI.

About Amazon Web Services Control Catalog identifiers

  • The EnableControl and DisableControl API operations can be called by specifying either the Amazon Web Services Control Tower identifer or the Amazon Web Services Control Catalog identifier. The API response returns the same type of identifier that you specified when calling the API.

  • If you use an Amazon Web Services Control Tower identifier to call the EnableControl API, and then call EnableControl again with an Amazon Web Services Control Catalog identifier, Amazon Web Services Control Tower returns an error message stating that the control is already enabled. Similar behavior applies to the DisableControl API operation.

  • Mandatory controls and the landing-zone-level Region deny control have Amazon Web Services Control Tower identifiers only.

Details and examples

To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower

Recording API Requests

Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for CloudTrail, see Logging Amazon Web Services Control Tower Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User Guide.

" } diff -pruN 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/waiters-2.json 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/waiters-2.json --- 2.23.6-1/awscli/botocore/data/controltower/2018-05-10/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/controltower/2018-05-10/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json 2.31.35-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -184,7 +184,8 @@ "PurchaseSavingsPlans", "PurchaseReservedInstances", "MigrateToGraviton", - "Delete" + "Delete", + "ScaleIn" ] }, "ActionTypeList":{ @@ -193,6 +194,34 @@ "max":100, "min":1 }, + "AllocationStrategy":{ + "type":"string", + "enum":[ + "Prioritized", + "LowestPrice" + ] + }, + "AuroraDbClusterStorage":{ + "type":"structure", + "members":{ + "configuration":{ + "shape":"AuroraDbClusterStorageConfiguration", + "documentation":"

The Aurora DB cluster storage configuration used for recommendations.

" + }, + "costCalculation":{"shape":"ResourceCostCalculation"} + }, + "documentation":"

Contains the details of an Aurora DB cluster storage.

" + }, + "AuroraDbClusterStorageConfiguration":{ + "type":"structure", + "members":{ + "storageType":{ + "shape":"String", + "documentation":"

The storage type to associate with the Aurora DB cluster.

" + } + }, + "documentation":"

The Aurora DB cluster storage configuration used for recommendations.

" + }, "BlockStoragePerformanceConfiguration":{ "type":"structure", "members":{ @@ -252,7 +281,7 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for. Amazon Web Services calculates recommendations including the management account and member accounts if the value is set to PAYER. If the value is LINKED, recommendations are calculated for individual member accounts only.

" + "documentation":"

The account scope for which you want recommendations. Amazon Web Services calculates recommendations including the management account and member accounts if the value is set to PAYER. If the value is LINKED, recommendations are calculated for individual member accounts only.

" }, "term":{ "shape":"String", @@ -284,6 +313,59 @@ "type":"double", "box":true }, + "DynamoDbReservedCapacity":{ + "type":"structure", + "members":{ + "configuration":{ + "shape":"DynamoDbReservedCapacityConfiguration", + "documentation":"

The DynamoDB reserved capacity configuration used for recommendations.

" + }, + "costCalculation":{"shape":"ReservedInstancesCostCalculation"} + }, + "documentation":"

The DynamoDB reserved capacity recommendation details.

" + }, + "DynamoDbReservedCapacityConfiguration":{ + "type":"structure", + "members":{ + "accountScope":{ + "shape":"String", + "documentation":"

The account scope for which you want recommendations.

" + }, + "service":{ + "shape":"String", + "documentation":"

The service for which you want recommendations.

" + }, + "term":{ + "shape":"String", + "documentation":"

The reserved capacity recommendation term in years.

" + }, + "paymentOption":{ + "shape":"String", + "documentation":"

The payment option for the commitment.

" + }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this reserved capacity costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing this reserved capacity costs you on a monthly basis.

" + }, + "numberOfCapacityUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of reserved capacity units that Amazon Web Services recommends that you purchase.

" + }, + "capacityUnits":{ + "shape":"String", + "documentation":"

The capacity unit of the recommended reservation.

" + } + }, + "documentation":"

The DynamoDB reserved capacity configuration used for recommendations.

" + }, "EbsVolume":{ "type":"structure", "members":{ @@ -335,10 +417,29 @@ "members":{ "instance":{ "shape":"InstanceConfiguration", - "documentation":"

Details about the instance.

" + "documentation":"

Details about the instance for the EC2 Auto Scaling group with a single instance type.

" + }, + "mixedInstances":{ + "shape":"MixedInstanceConfigurationList", + "documentation":"

A list of instance types for an EC2 Auto Scaling group with mixed instance types.

" + }, + "type":{ + "shape":"Ec2AutoScalingGroupType", + "documentation":"

The type of EC2 Auto Scaling group, showing whether it consists of a single instance type or mixed instance types.

" + }, + "allocationStrategy":{ + "shape":"AllocationStrategy", + "documentation":"

The strategy used for allocating instances, based on a predefined priority order or based on the lowest available price.

" } }, - "documentation":"

The EC2 auto scaling group configuration used for recommendations.

" + "documentation":"

The EC2 Auto Scaling group configuration used for recommendations.

" + }, + "Ec2AutoScalingGroupType":{ + "type":"string", + "enum":[ + "SingleInstanceType", + "MixedInstanceTypes" + ] }, "Ec2Instance":{ "type":"structure", @@ -383,7 +484,7 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "term":{ "shape":"String", @@ -427,15 +528,11 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "service":{ "shape":"String", - "documentation":"

The service that you want your recommendations for.

" - }, - "normalizedUnitsToPurchase":{ - "shape":"String", - "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + "documentation":"

The service for which you want recommendations.

" }, "term":{ "shape":"String", @@ -445,6 +542,22 @@ "shape":"String", "documentation":"

The payment option for the commitment.

" }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, "numberOfInstancesToPurchase":{ "shape":"String", "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" @@ -461,10 +574,6 @@ "shape":"String", "documentation":"

The type of instance that Amazon Web Services recommends.

" }, - "reservedInstancesRegion":{ - "shape":"String", - "documentation":"

The Amazon Web Services Region of the commitment.

" - }, "currentGeneration":{ "shape":"String", "documentation":"

Determines whether the recommendation is for a current generation instance.

" @@ -480,14 +589,6 @@ "sizeFlexEligible":{ "shape":"Boolean", "documentation":"

Determines whether the recommendation is size flexible.

" - }, - "upfrontCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you upfront.

" - }, - "monthlyRecurringCost":{ - "shape":"String", - "documentation":"

How much purchasing reserved instances costs you on a monthly basis.

" } }, "documentation":"

The EC2 reserved instances configuration used for recommendations.

" @@ -535,15 +636,11 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "service":{ "shape":"String", - "documentation":"

The service that you want your recommendations for.

" - }, - "normalizedUnitsToPurchase":{ - "shape":"String", - "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + "documentation":"

The service for which you want recommendations.

" }, "term":{ "shape":"String", @@ -553,6 +650,22 @@ "shape":"String", "documentation":"

The payment option for the commitment.

" }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, "numberOfInstancesToPurchase":{ "shape":"String", "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" @@ -565,10 +678,6 @@ "shape":"String", "documentation":"

The type of instance that Amazon Web Services recommends.

" }, - "reservedInstancesRegion":{ - "shape":"String", - "documentation":"

The Amazon Web Services Region of the commitment.

" - }, "currentGeneration":{ "shape":"String", "documentation":"

Determines whether the recommendation is for a current generation instance.

" @@ -576,14 +685,6 @@ "sizeFlexEligible":{ "shape":"Boolean", "documentation":"

Determines whether the recommendation is size flexible.

" - }, - "upfrontCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you upfront.

" - }, - "monthlyRecurringCost":{ - "shape":"String", - "documentation":"

How much purchasing reserved instances costs you on a monthly basis.

" } }, "documentation":"

The ElastiCache reserved instances configuration used for recommendations.

" @@ -630,7 +731,7 @@ }, "accountIds":{ "shape":"AccountIdList", - "documentation":"

The account that the recommendation is for.

" + "documentation":"

The account to which the recommendation applies.

" }, "regions":{ "shape":"RegionList", @@ -678,6 +779,10 @@ "memberAccountDiscountVisibility":{ "shape":"MemberAccountDiscountVisibility", "documentation":"

Retrieves the status of the \"member account discount visibility\" preference.

" + }, + "preferredCommitment":{ + "shape":"PreferredCommitment", + "documentation":"

Retrieves the current preferences for how Reserved Instances and Savings Plans cost-saving opportunities are prioritized in terms of payment option and term length.

" } } }, @@ -708,7 +813,7 @@ }, "accountId":{ "shape":"String", - "documentation":"

The account that the recommendation is for.

" + "documentation":"

The account to which the recommendation applies.

" }, "currencyCode":{ "shape":"String", @@ -809,10 +914,10 @@ "members":{ "type":{ "shape":"String", - "documentation":"

Details about the type.

" + "documentation":"

The instance type of the configuration.

" } }, - "documentation":"

The Instance configuration used for recommendations.

" + "documentation":"

The instance configuration used for recommendations.

" }, "Integer":{ "type":"integer", @@ -1005,6 +1110,89 @@ "None" ] }, + "MemoryDbReservedInstances":{ + "type":"structure", + "members":{ + "configuration":{ + "shape":"MemoryDbReservedInstancesConfiguration", + "documentation":"

The MemoryDB reserved instances configuration used for recommendations.

" + }, + "costCalculation":{"shape":"ReservedInstancesCostCalculation"} + }, + "documentation":"

The MemoryDB reserved instances recommendation details.

While the API reference uses \"MemoryDB reserved instances\", the user guide and other documentation refer to them as \"MemoryDB reserved nodes\", as the terms are used interchangeably.

" + }, + "MemoryDbReservedInstancesConfiguration":{ + "type":"structure", + "members":{ + "accountScope":{ + "shape":"String", + "documentation":"

The account scope for which you want recommendations.

" + }, + "service":{ + "shape":"String", + "documentation":"

The service for which you want recommendations.

" + }, + "term":{ + "shape":"String", + "documentation":"

The reserved instances recommendation term in years.

" + }, + "paymentOption":{ + "shape":"String", + "documentation":"

The payment option for the commitment.

" + }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, + "numberOfInstancesToPurchase":{ + "shape":"String", + "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" + }, + "instanceType":{ + "shape":"String", + "documentation":"

The type of instance that Amazon Web Services recommends.

" + }, + "instanceFamily":{ + "shape":"String", + "documentation":"

The instance family of the recommended reservation.

" + }, + "sizeFlexEligible":{ + "shape":"Boolean", + "documentation":"

Determines whether the recommendation is size flexible.

" + }, + "currentGeneration":{ + "shape":"String", + "documentation":"

Determines whether the recommendation is for a current generation instance.

" + } + }, + "documentation":"

The MemoryDB reserved instances configuration used for recommendations.

While the API reference uses \"MemoryDB reserved instances\", the user guide and other documentation refer to them as \"MemoryDB reserved nodes\", as the terms are used interchangeably.

" + }, + "MixedInstanceConfiguration":{ + "type":"structure", + "members":{ + "type":{ + "shape":"String", + "documentation":"

The instance type of the configuration.

" + } + }, + "documentation":"

The configuration for the EC2 Auto Scaling group with mixed instance types.

" + }, + "MixedInstanceConfigurationList":{ + "type":"list", + "member":{"shape":"MixedInstanceConfiguration"} + }, "OpenSearchReservedInstances":{ "type":"structure", "members":{ @@ -1024,15 +1212,11 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "service":{ "shape":"String", - "documentation":"

The service that you want your recommendations for.

" - }, - "normalizedUnitsToPurchase":{ - "shape":"String", - "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + "documentation":"

The service for which you want recommendations.

" }, "term":{ "shape":"String", @@ -1042,6 +1226,22 @@ "shape":"String", "documentation":"

The payment option for the commitment.

" }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, "numberOfInstancesToPurchase":{ "shape":"String", "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" @@ -1050,10 +1250,6 @@ "shape":"String", "documentation":"

The type of instance that Amazon Web Services recommends.

" }, - "reservedInstancesRegion":{ - "shape":"String", - "documentation":"

The Amazon Web Services Region of the commitment.

" - }, "currentGeneration":{ "shape":"String", "documentation":"

Determines whether the recommendation is for a current generation instance.

" @@ -1061,14 +1257,6 @@ "sizeFlexEligible":{ "shape":"Boolean", "documentation":"

Determines whether the recommendation is size flexible.

" - }, - "upfrontCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you upfront.

" - }, - "monthlyRecurringCost":{ - "shape":"String", - "documentation":"

How much purchasing reserved instances costs you on a monthly basis.

" } }, "documentation":"

The OpenSearch reserved instances configuration used for recommendations.

" @@ -1094,6 +1282,28 @@ }, "documentation":"

Defines how rows will be sorted in the response.

" }, + "PaymentOption":{ + "type":"string", + "enum":[ + "AllUpfront", + "PartialUpfront", + "NoUpfront" + ] + }, + "PreferredCommitment":{ + "type":"structure", + "members":{ + "term":{ + "shape":"Term", + "documentation":"

The preferred length of the commitment period. If the value is null, it will default to ThreeYears (highest savings) where applicable.

" + }, + "paymentOption":{ + "shape":"PaymentOption", + "documentation":"

The preferred upfront payment structure for commitments. If the value is null, it will default to AllUpfront (highest savings) where applicable.

" + } + }, + "documentation":"

The preferred configuration for Reserved Instances and Savings Plans commitment-based discounts, consisting of a payment option and a commitment duration.

" + }, "PrimitiveBoolean":{"type":"boolean"}, "RdsDbInstance":{ "type":"structure", @@ -1168,15 +1378,11 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "service":{ "shape":"String", - "documentation":"

The service that you want your recommendations for.

" - }, - "normalizedUnitsToPurchase":{ - "shape":"String", - "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + "documentation":"

The service for which you want recommendations.

" }, "term":{ "shape":"String", @@ -1186,6 +1392,22 @@ "shape":"String", "documentation":"

The payment option for the commitment.

" }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, "numberOfInstancesToPurchase":{ "shape":"String", "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" @@ -1198,10 +1420,6 @@ "shape":"String", "documentation":"

The type of instance that Amazon Web Services recommends.

" }, - "reservedInstancesRegion":{ - "shape":"String", - "documentation":"

The Amazon Web Services Region of the commitment.

" - }, "sizeFlexEligible":{ "shape":"Boolean", "documentation":"

Determines whether the recommendation is size flexible.

" @@ -1210,14 +1428,6 @@ "shape":"String", "documentation":"

Determines whether the recommendation is for a current generation instance.

" }, - "upfrontCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you upfront.

" - }, - "monthlyRecurringCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you on a monthly basis.

" - }, "licenseModel":{ "shape":"String", "documentation":"

The license model that the recommended reservation supports.

" @@ -1246,7 +1456,7 @@ }, "accountId":{ "shape":"String", - "documentation":"

The account that the recommendation is for.

" + "documentation":"

The account to which the recommendation applies.

" }, "region":{ "shape":"String", @@ -1378,15 +1588,11 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "service":{ "shape":"String", - "documentation":"

The service that you want your recommendations for.

" - }, - "normalizedUnitsToPurchase":{ - "shape":"String", - "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + "documentation":"

The service for which you want recommendations.

" }, "term":{ "shape":"String", @@ -1396,6 +1602,22 @@ "shape":"String", "documentation":"

The payment option for the commitment.

" }, + "reservedInstancesRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the commitment.

" + }, + "upfrontCost":{ + "shape":"String", + "documentation":"

How much purchasing this instance costs you upfront.

" + }, + "monthlyRecurringCost":{ + "shape":"String", + "documentation":"

How much purchasing these reserved instances costs you on a monthly basis.

" + }, + "normalizedUnitsToPurchase":{ + "shape":"String", + "documentation":"

The number of normalized units that Amazon Web Services recommends that you purchase.

" + }, "numberOfInstancesToPurchase":{ "shape":"String", "documentation":"

The number of instances that Amazon Web Services recommends that you purchase.

" @@ -1408,10 +1630,6 @@ "shape":"String", "documentation":"

The type of instance that Amazon Web Services recommends.

" }, - "reservedInstancesRegion":{ - "shape":"String", - "documentation":"

The Amazon Web Services Region of the commitment.

" - }, "sizeFlexEligible":{ "shape":"Boolean", "documentation":"

Determines whether the recommendation is size flexible.

" @@ -1419,14 +1637,6 @@ "currentGeneration":{ "shape":"String", "documentation":"

Determines whether the recommendation is for a current generation instance.

" - }, - "upfrontCost":{ - "shape":"String", - "documentation":"

How much purchasing this instance costs you upfront.

" - }, - "monthlyRecurringCost":{ - "shape":"String", - "documentation":"

How much purchasing reserved instances costs you on a monthly basis.

" } }, "documentation":"

The Redshift reserved instances configuration used for recommendations.

" @@ -1542,7 +1752,7 @@ }, "sageMakerSavingsPlans":{ "shape":"SageMakerSavingsPlans", - "documentation":"

The SageMaker Savings Plans recommendation details.

" + "documentation":"

The SageMaker AI Savings Plans recommendation details.

" }, "rdsDbInstance":{ "shape":"RdsDbInstance", @@ -1551,6 +1761,18 @@ "rdsDbInstanceStorage":{ "shape":"RdsDbInstanceStorage", "documentation":"

The DB instance storage recommendation details.

" + }, + "auroraDbClusterStorage":{ + "shape":"AuroraDbClusterStorage", + "documentation":"

The Aurora DB cluster storage recommendation details.

" + }, + "dynamoDbReservedCapacity":{ + "shape":"DynamoDbReservedCapacity", + "documentation":"

The DynamoDB reserved capacity recommendation details.

" + }, + "memoryDbReservedInstances":{ + "shape":"MemoryDbReservedInstances", + "documentation":"

The MemoryDB reserved instances recommendation details.

" } }, "documentation":"

Contains detailed information about the specified resource.

", @@ -1617,7 +1839,10 @@ "RedshiftReservedInstances", "ElastiCacheReservedInstances", "RdsDbInstanceStorage", - "RdsDbInstance" + "RdsDbInstance", + "AuroraDbClusterStorage", + "DynamoDbReservedCapacity", + "MemoryDbReservedInstances" ] }, "ResourceTypeList":{ @@ -1645,7 +1870,7 @@ "members":{ "accountScope":{ "shape":"String", - "documentation":"

The account scope that you want your recommendations for.

" + "documentation":"

The account scope for which you want recommendations.

" }, "term":{ "shape":"String", @@ -1763,6 +1988,13 @@ "max":100, "min":1 }, + "Term":{ + "type":"string", + "enum":[ + "OneYear", + "ThreeYears" + ] + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -1805,6 +2037,10 @@ "memberAccountDiscountVisibility":{ "shape":"MemberAccountDiscountVisibility", "documentation":"

Sets the \"member account discount visibility\" preference.

" + }, + "preferredCommitment":{ + "shape":"PreferredCommitment", + "documentation":"

Sets the preferences for how Reserved Instances and Savings Plans cost-saving opportunities are prioritized in terms of payment option and term length.

" } } }, @@ -1818,6 +2054,10 @@ "memberAccountDiscountVisibility":{ "shape":"MemberAccountDiscountVisibility", "documentation":"

Shows the status of the \"member account discount visibility\" preference.

" + }, + "preferredCommitment":{ + "shape":"PreferredCommitment", + "documentation":"

Shows the updated preferences for how Reserved Instances and Savings Plans cost-saving opportunities are prioritized in terms of payment option and term length.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/cur/2017-01-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/cur/2017-01-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/cur/2017-01-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cur/2017-01-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/cur/2017-01-06/service-2.json 2.31.35-1/awscli/botocore/data/cur/2017-01-06/service-2.json --- 2.23.6-1/awscli/botocore/data/cur/2017-01-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/cur/2017-01-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -303,8 +303,7 @@ }, "ModifyReportDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutReportDefinitionRequest":{ "type":"structure", @@ -323,8 +322,7 @@ }, "PutReportDefinitionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

" }, "RefreshClosedReports":{ @@ -515,8 +513,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -552,8 +549,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/paginators-1.json 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -35,6 +35,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Items" + }, + "ListDomainLayouts": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListUploadJobs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/service-2.json 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/service-2.json --- 2.23.6-1/awscli/botocore/data/customer-profiles/2020-08-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/customer-profiles/2020-08-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -100,6 +100,23 @@ ], "documentation":"

Creates a domain, which is a container for all customer data, such as customer profile attributes, object types, profile keys, and encryption keys. You can create multiple domains, and each domain can have multiple third-party integrations.

Each Amazon Connect instance can be associated with only one domain. Multiple Amazon Connect instances can be associated with one domain.

Use this API or UpdateDomain to enable identity resolution: set Matching to true.

To prevent cross-service impersonation when you call this API, see Cross-service confused deputy prevention for sample policies that you should apply.

It is not possible to associate a Customer Profiles domain with an Amazon Connect Instance directly from the API. If you would like to create a domain and associate a Customer Profiles domain, use the Amazon Connect admin website. For more information, see Enable Customer Profiles.

Each Amazon Connect instance can be associated with only one domain. Multiple Amazon Connect instances can be associated with one domain.

" }, + "CreateDomainLayout":{ + "name":"CreateDomainLayout", + "http":{ + "method":"POST", + "requestUri":"/domains/{DomainName}/layouts/{LayoutDefinitionName}" + }, + "input":{"shape":"CreateDomainLayoutRequest"}, + "output":{"shape":"CreateDomainLayoutResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Creates the layout to view data for a specific domain. This API can only be invoked from the Amazon Connect admin website.

" + }, "CreateEventStream":{ "name":"CreateEventStream", "http":{ @@ -221,6 +238,24 @@ ], "documentation":"

Triggers a job to export a segment to a specified destination.

" }, + "CreateUploadJob":{ + "name":"CreateUploadJob", + "http":{ + "method":"POST", + "requestUri":"/domains/{DomainName}/upload-jobs", + "responseCode":200 + }, + "input":{"shape":"CreateUploadJobRequest"}, + "output":{"shape":"CreateUploadJobResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Creates an Upload job to ingest data for segment imports. The metadata is created for the job with the provided field mapping and unique key.

" + }, "DeleteCalculatedAttributeDefinition":{ "name":"DeleteCalculatedAttributeDefinition", "http":{ @@ -255,6 +290,23 @@ ], "documentation":"

Deletes a specific domain and all of its customer data, such as customer profile attributes and their related objects.

" }, + "DeleteDomainLayout":{ + "name":"DeleteDomainLayout", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{DomainName}/layouts/{LayoutDefinitionName}" + }, + "input":{"shape":"DeleteDomainLayoutRequest"}, + "output":{"shape":"DeleteDomainLayoutResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Deletes the layout used to view data for a specific domain. This API can only be invoked from the Amazon Connect admin website.

" + }, "DeleteEventStream":{ "name":"DeleteEventStream", "http":{ @@ -496,6 +548,23 @@ ], "documentation":"

Returns information about a specific domain.

" }, + "GetDomainLayout":{ + "name":"GetDomainLayout", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/layouts/{LayoutDefinitionName}" + }, + "input":{"shape":"GetDomainLayoutRequest"}, + "output":{"shape":"GetDomainLayoutResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Gets the layout to view data for a specific domain. This API can only be invoked from the Amazon Connect admin website.

" + }, "GetEventStream":{ "name":"GetEventStream", "http":{ @@ -581,6 +650,23 @@ ], "documentation":"

Before calling this API, use CreateDomain or UpdateDomain to enable identity resolution: set Matching to true.

GetMatches returns potentially matching profiles, based on the results of the latest run of a machine learning process.

The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains.

After the Identity Resolution Job completes, use the GetMatches API to return and review the results. Or, if you have configured ExportingConfig in the MatchingRequest, you can download the results from S3.

Amazon Connect uses the following profile attributes to identify matches:

  • PhoneNumber

  • HomePhoneNumber

  • BusinessPhoneNumber

  • MobilePhoneNumber

  • EmailAddress

  • PersonalEmailAddress

  • BusinessEmailAddress

  • FullName

For example, two or more profiles—with spelling mistakes such as John Doe and Jhn Doe, or different casing email addresses such as JOHN_DOE@ANYCOMPANY.COM and johndoe@anycompany.com, or different phone number formats such as 555-010-0000 and +1-555-010-0000—can be detected as belonging to the same customer John Doe and merged into a unified profile.

" }, + "GetProfileHistoryRecord":{ + "name":"GetProfileHistoryRecord", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/profiles/{ProfileId}/history-records/{Id}" + }, + "input":{"shape":"GetProfileHistoryRecordRequest"}, + "output":{"shape":"GetProfileHistoryRecordResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Returns a history record for a specific profile, for a specific domain.

" + }, "GetProfileObjectType":{ "name":"GetProfileObjectType", "http":{ @@ -631,7 +717,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Gets a segment definition from the domain.

" + "documentation":"

Gets a segment definition from the domain.

", + "readonly":true }, "GetSegmentEstimate":{ "name":"GetSegmentEstimate", @@ -703,6 +790,44 @@ ], "documentation":"

Returns a set of profiles that belong to the same matching group using the matchId or profileId. You can also specify the type of matching that you want for finding similar profiles using either RULE_BASED_MATCHING or ML_BASED_MATCHING.

" }, + "GetUploadJob":{ + "name":"GetUploadJob", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/upload-jobs/{JobId}", + "responseCode":200 + }, + "input":{"shape":"GetUploadJobRequest"}, + "output":{"shape":"GetUploadJobResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

This API retrieves the details of a specific upload job.

", + "readonly":true + }, + "GetUploadJobPath":{ + "name":"GetUploadJobPath", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/upload-jobs/{JobId}/path", + "responseCode":200 + }, + "input":{"shape":"GetUploadJobPathRequest"}, + "output":{"shape":"GetUploadJobPathResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

This API retrieves the pre-signed URL and client token for uploading the file associated with the upload job.

", + "readonly":true + }, "GetWorkflow":{ "name":"GetWorkflow", "http":{ @@ -788,6 +913,23 @@ ], "documentation":"

Retrieve a list of calculated attributes for a customer profile.

" }, + "ListDomainLayouts":{ + "name":"ListDomainLayouts", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/layouts" + }, + "input":{"shape":"ListDomainLayoutsRequest"}, + "output":{"shape":"ListDomainLayoutsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Lists the existing layouts that can be used to view data for a specific domain. This API can only be invoked from the Amazon Connect admin website.

" + }, "ListDomains":{ "name":"ListDomains", "http":{ @@ -907,6 +1049,23 @@ ], "documentation":"

Fetch the possible attribute values given the attribute name.

" }, + "ListProfileHistoryRecords":{ + "name":"ListProfileHistoryRecords", + "http":{ + "method":"POST", + "requestUri":"/domains/{DomainName}/profiles/history-records" + }, + "input":{"shape":"ListProfileHistoryRecordsRequest"}, + "output":{"shape":"ListProfileHistoryRecordsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Returns a list of history records for a specific profile, for a specific domain.

" + }, "ListProfileObjectTypeTemplates":{ "name":"ListProfileObjectTypeTemplates", "http":{ @@ -991,7 +1150,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Lists all segment definitions under a domain.

" + "documentation":"

Lists all segment definitions under a domain.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1008,6 +1168,25 @@ ], "documentation":"

Displays the tags associated with an Amazon Connect Customer Profiles resource. In Connect Customer Profiles, domains, profile object types, and integrations can be tagged.

" }, + "ListUploadJobs":{ + "name":"ListUploadJobs", + "http":{ + "method":"GET", + "requestUri":"/domains/{DomainName}/upload-jobs", + "responseCode":200 + }, + "input":{"shape":"ListUploadJobsRequest"}, + "output":{"shape":"ListUploadJobsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

This API retrieves a list of upload jobs for the specified domain.

", + "readonly":true + }, "ListWorkflows":{ "name":"ListWorkflows", "http":{ @@ -1109,6 +1288,42 @@ ], "documentation":"

Searches for profiles within a specific domain using one or more predefined search keys (e.g., _fullName, _phone, _email, _account, etc.) and/or custom-defined search keys. A search key is a data type pair that consists of a KeyName and Values list.

This operation supports searching for profiles with a minimum of 1 key-value(s) pair and up to 5 key-value(s) pairs using either AND or OR logic.

" }, + "StartUploadJob":{ + "name":"StartUploadJob", + "http":{ + "method":"PUT", + "requestUri":"/domains/{DomainName}/upload-jobs/{JobId}", + "responseCode":200 + }, + "input":{"shape":"StartUploadJobRequest"}, + "output":{"shape":"StartUploadJobResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

This API starts the processing of an upload job to ingest profile data.

" + }, + "StopUploadJob":{ + "name":"StopUploadJob", + "http":{ + "method":"PUT", + "requestUri":"/domains/{DomainName}/upload-jobs/{JobId}/stop", + "responseCode":200 + }, + "input":{"shape":"StopUploadJobRequest"}, + "output":{"shape":"StopUploadJobResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

This API stops the processing of an upload job.

" + }, "TagResource":{ "name":"TagResource", "http":{ @@ -1173,6 +1388,23 @@ ], "documentation":"

Updates the properties of a domain, including creating or selecting a dead letter queue or an encryption key.

After a domain is created, the name can’t be changed.

Use this API or CreateDomain to enable identity resolution: set Matching to true.

To prevent cross-service impersonation when you call this API, see Cross-service confused deputy prevention for sample policies that you should apply.

To add or remove tags on an existing Domain, see TagResource/UntagResource.

" }, + "UpdateDomainLayout":{ + "name":"UpdateDomainLayout", + "http":{ + "method":"PUT", + "requestUri":"/domains/{DomainName}/layouts/{LayoutDefinitionName}" + }, + "input":{"shape":"UpdateDomainLayoutRequest"}, + "output":{"shape":"UpdateDomainLayoutResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

Updates the layout used to view data for a specific domain. This API can only be invoked from the Amazon Connect admin website.

" + }, "UpdateEventTrigger":{ "name":"UpdateEventTrigger", "http":{ @@ -1224,6 +1456,20 @@ "error":{"httpStatusCode":403}, "exception":true }, + "ActionType":{ + "type":"string", + "enum":[ + "ADDED_PROFILE_KEY", + "DELETED_PROFILE_KEY", + "CREATED", + "UPDATED", + "INGESTED", + "DELETED_BY_CUSTOMER", + "EXPIRED", + "MERGED", + "DELETED_BY_MERGE" + ] + }, "AddProfileKeyRequest":{ "type":"structure", "required":[ @@ -1551,7 +1797,7 @@ "AttributeList":{ "type":"list", "member":{"shape":"AttributeItem"}, - "max":2, + "max":50, "min":1 }, "AttributeMap":{ @@ -1876,6 +2122,10 @@ "Value":{ "shape":"string1To255", "documentation":"

The value of the calculated attribute.

" + }, + "LastObjectTimestamp":{ + "shape":"timestamp", + "documentation":"

The timestamp of the newest object included in the calculated attribute calculation.

" } }, "documentation":"

The object containing the values of a single calculated attribute value.

" @@ -2007,6 +2257,40 @@ }, "documentation":"

The matching criteria to be used during the auto-merging process.

" }, + "ContactPreference":{ + "type":"structure", + "members":{ + "KeyName":{ + "shape":"name", + "documentation":"

A searchable, unique identifier of a customer profile.

" + }, + "KeyValue":{ + "shape":"string1To255", + "documentation":"

The key value used to look up profile based off the keyName.

" + }, + "ProfileId":{ + "shape":"uuid", + "documentation":"

The unique identifier of a customer profile.

" + }, + "ContactType":{ + "shape":"ContactType", + "documentation":"

The contact type used for engagement. For example: HomePhoneNumber, PersonalEmailAddress.

" + } + }, + "documentation":"

Object that defines users contact preference.

" + }, + "ContactType":{ + "type":"string", + "enum":[ + "PhoneNumber", + "MobilePhoneNumber", + "HomePhoneNumber", + "BusinessPhoneNumber", + "EmailAddress", + "PersonalEmailAddress", + "BusinessEmailAddress" + ] + }, "CreateCalculatedAttributeDefinitionRequest":{ "type":"structure", "required":[ @@ -2052,6 +2336,10 @@ "shape":"Statistic", "documentation":"

The aggregation operation to perform for the calculated attribute.

" }, + "UseHistoricalData":{ + "shape":"optionalBoolean", + "documentation":"

Whether historical data ingested before the Calculated Attribute was created should be included in calculations.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" @@ -2097,12 +2385,127 @@ "shape":"timestamp", "documentation":"

The timestamp of when the calculated attribute definition was most recently edited.

" }, + "UseHistoricalData":{ + "shape":"optionalBoolean", + "documentation":"

Whether historical data ingested before the Calculated Attribute was created should be included in calculations.

" + }, + "Status":{ + "shape":"ReadinessStatus", + "documentation":"

Status of the Calculated Attribute creation (whether all historical data has been indexed.)

" + }, + "Readiness":{ + "shape":"Readiness", + "documentation":"

Information indicating if the Calculated Attribute is ready for use by confirming all historical data has been processed and reflected.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" } } }, + "CreateDomainLayoutRequest":{ + "type":"structure", + "required":[ + "DomainName", + "LayoutDefinitionName", + "Description", + "DisplayName", + "LayoutType", + "Layout" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain.

", + "location":"uri", + "locationName":"DomainName" + }, + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

", + "location":"uri", + "locationName":"LayoutDefinitionName" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then the layout will not be used by default, but it can be used to view data by explicitly selecting it in the console.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under a Customer Profiles domain.

" + }, + "Layout":{ + "shape":"sensitiveString1To2000000", + "documentation":"

A customizable layout that can be used to view data under a Customer Profiles domain.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" + } + } + }, + "CreateDomainLayoutResponse":{ + "type":"structure", + "required":[ + "LayoutDefinitionName", + "Description", + "DisplayName", + "LayoutType", + "Layout", + "Version", + "CreatedAt" + ], + "members":{ + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then the layout will not be used by default, but it can be used to view data by explicitly selecting it in the console.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under customer profiles domain.

" + }, + "Layout":{ + "shape":"sensitiveString1To2000000", + "documentation":"

A customizable layout that can be used to view data under Customer Profiles domain.

" + }, + "Version":{ + "shape":"string1To255", + "documentation":"

The version used to create layout.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was most recently updated.

" + } + } + }, "CreateDomainRequest":{ "type":"structure", "required":[ @@ -2388,7 +2791,7 @@ }, "AccountNumber":{ "shape":"sensitiveString1To255", - "documentation":"

An account number that you have given to the customer.

" + "documentation":"

An account number that you have assigned to the customer.

" }, "AdditionalInformation":{ "shape":"sensitiveString1To1000", @@ -2477,6 +2880,14 @@ "GenderString":{ "shape":"sensitiveString1To255", "documentation":"

An alternative to Gender which accepts any string as input.

" + }, + "ProfileType":{ + "shape":"ProfileType", + "documentation":"

The type of the profile.

" + }, + "EngagementPreferences":{ + "shape":"EngagementPreferences", + "documentation":"

Object that defines the preferred methods of engagement, per channel.

" } } }, @@ -2650,6 +3061,50 @@ } } }, + "CreateUploadJobRequest":{ + "type":"structure", + "required":[ + "DomainName", + "DisplayName", + "Fields", + "UniqueKey" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain. Domain should be exists for the upload job to be created.

", + "location":"uri", + "locationName":"DomainName" + }, + "DisplayName":{ + "shape":"string1To255", + "documentation":"

The unique name of the upload job. Could be a file name to identify the upload job.

" + }, + "Fields":{ + "shape":"FieldMap", + "documentation":"

The mapping between CSV Columns and Profile Object attributes. A map of the name and ObjectType field.

" + }, + "UniqueKey":{ + "shape":"text", + "documentation":"

The unique key columns for de-duping the profiles used to map data to the profile.

" + }, + "DataExpiry":{ + "shape":"expirationDaysInteger", + "documentation":"

The expiry duration for the profiles ingested with the job. If not provided, the system default of 2 weeks is used.

" + } + } + }, + "CreateUploadJobResponse":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"uuid", + "documentation":"

The unique identifier for the created upload job.

", + "locationName":"JobId" + } + } + }, "CustomAttributes":{ "type":"map", "key":{"shape":"typeName"}, @@ -2735,7 +3190,37 @@ }, "DeleteCalculatedAttributeDefinitionResponse":{ "type":"structure", + "members":{} + }, + "DeleteDomainLayoutRequest":{ + "type":"structure", + "required":[ + "DomainName", + "LayoutDefinitionName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain.

", + "location":"uri", + "locationName":"DomainName" + }, + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

", + "location":"uri", + "locationName":"LayoutDefinitionName" + } + } + }, + "DeleteDomainLayoutResponse":{ + "type":"structure", + "required":["Message"], "members":{ + "Message":{ + "shape":"message", + "documentation":"

A message that indicates the delete request is done.

" + } } }, "DeleteDomainRequest":{ @@ -2783,8 +3268,7 @@ }, "DeleteEventStreamResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventTriggerRequest":{ "type":"structure", @@ -3035,8 +3519,7 @@ }, "DeleteWorkflowResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DestinationField":{ "type":"string", @@ -3174,10 +3657,25 @@ "max":3, "min":1 }, - "End":{ - "type":"integer", - "max":366, - "min":0 + "EmailPreferenceList":{ + "type":"list", + "member":{"shape":"ContactPreference"} + }, + "End":{"type":"integer"}, + "EngagementPreferences":{ + "type":"structure", + "members":{ + "Phone":{ + "shape":"PhonePreferenceList", + "documentation":"

A list of phone-related contact preferences

" + }, + "Email":{ + "shape":"EmailPreferenceList", + "documentation":"

A list of email-related contact preferences

" + } + }, + "documentation":"

Object that defines users preferred methods of engagement.

", + "sensitive":true }, "EstimateStatus":{ "type":"string", @@ -3444,7 +3942,7 @@ }, "FieldMap":{ "type":"map", - "key":{"shape":"name"}, + "key":{"shape":"fieldName"}, "value":{"shape":"ObjectTypeField"}, "sensitive":true }, @@ -3538,6 +4036,14 @@ "Attributes":{ "shape":"AttributeSourceIdMap", "documentation":"

A unique identifier for the attributes field to be merged.

" + }, + "ProfileType":{ + "shape":"uuid", + "documentation":"

A unique identifier for the profile type field to be merged.

" + }, + "EngagementPreferences":{ + "shape":"uuid", + "documentation":"

A unique identifier for the engagement preferences field to be merged.

" } }, "documentation":"

A duplicate customer profile that is to be merged into a main profile.

" @@ -3815,6 +4321,18 @@ "shape":"AttributeDetails", "documentation":"

Mathematical expression and a list of attribute items specified in that expression.

" }, + "UseHistoricalData":{ + "shape":"optionalBoolean", + "documentation":"

Whether historical data ingested before the Calculated Attribute was created should be included in calculations.

" + }, + "Status":{ + "shape":"ReadinessStatus", + "documentation":"

Status of the Calculated Attribute creation (whether all historical data has been indexed).

" + }, + "Readiness":{ + "shape":"Readiness", + "documentation":"

Information indicating if the Calculated Attribute is ready for use by confirming all historical data has been processed and reflected.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" @@ -3867,6 +4385,86 @@ "Value":{ "shape":"string1To255", "documentation":"

The value of the calculated attribute.

" + }, + "LastObjectTimestamp":{ + "shape":"timestamp", + "documentation":"

The timestamp of the newest object included in the calculated attribute calculation.

" + } + } + }, + "GetDomainLayoutRequest":{ + "type":"structure", + "required":[ + "DomainName", + "LayoutDefinitionName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain.

", + "location":"uri", + "locationName":"DomainName" + }, + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

", + "location":"uri", + "locationName":"LayoutDefinitionName" + } + } + }, + "GetDomainLayoutResponse":{ + "type":"structure", + "required":[ + "LayoutDefinitionName", + "Description", + "DisplayName", + "LayoutType", + "Layout", + "Version", + "CreatedAt", + "LastUpdatedAt" + ], + "members":{ + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then the layout will not be used by default, but it can be used to view data by explicitly selecting it in the console.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under a Customer Profiles domain.

" + }, + "Layout":{ + "shape":"sensitiveString1To2000000", + "documentation":"

A customizable layout that can be used to view data under a Customer Profiles domain.

" + }, + "Version":{ + "shape":"string1To255", + "documentation":"

The version used to create layout.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was most recently updated.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" } } }, @@ -4244,6 +4842,77 @@ } } }, + "GetProfileHistoryRecordRequest":{ + "type":"structure", + "required":[ + "DomainName", + "ProfileId", + "Id" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain for which to return a profile history record.

", + "location":"uri", + "locationName":"DomainName" + }, + "ProfileId":{ + "shape":"uuid", + "documentation":"

The unique identifier of the profile for which to return a history record.

", + "location":"uri", + "locationName":"ProfileId" + }, + "Id":{ + "shape":"uuid", + "documentation":"

The unique identifier of the profile history record to return.

", + "location":"uri", + "locationName":"Id" + } + } + }, + "GetProfileHistoryRecordResponse":{ + "type":"structure", + "required":[ + "Id", + "ObjectTypeName", + "CreatedAt", + "ActionType" + ], + "members":{ + "Id":{ + "shape":"uuid", + "documentation":"

The unique identifier of the profile history record.

" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"

The name of the profile object type.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the profile history record was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the profile history record was last updated.

" + }, + "ActionType":{ + "shape":"ActionType", + "documentation":"

The action type of the profile history record.

" + }, + "ProfileObjectUniqueKey":{ + "shape":"string1To255", + "documentation":"

The unique identifier of the profile object generated by the service.

" + }, + "Content":{ + "shape":"stringifiedJson", + "documentation":"

A string containing the customer profile, profile object, or profile key content.

" + }, + "PerformedBy":{ + "shape":"string1To255", + "documentation":"

The Amazon Resource Name (ARN) of the person or service principal who performed the action.

" + } + } + }, "GetProfileObjectTypeRequest":{ "type":"structure", "required":[ @@ -4676,6 +5345,124 @@ } } }, + "GetUploadJobPathRequest":{ + "type":"structure", + "required":[ + "DomainName", + "JobId" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain containing the upload job.

", + "location":"uri", + "locationName":"DomainName" + }, + "JobId":{ + "shape":"name", + "documentation":"

The unique identifier of the upload job to retrieve the upload path for. This is generated from the CreateUploadJob API.

", + "location":"uri", + "locationName":"JobId" + } + } + }, + "GetUploadJobPathResponse":{ + "type":"structure", + "required":["Url"], + "members":{ + "Url":{ + "shape":"stringTo2048", + "documentation":"

The pre-signed S3 URL for uploading the CSV file associated with the upload job.

", + "locationName":"Url" + }, + "ClientToken":{ + "shape":"text", + "documentation":"

The plaintext data key used to encrypt the upload file.

To persist to the pre-signed url, use the client token and MD5 client token as header. The required headers are as follows:

  • x-amz-server-side-encryption-customer-key: Client Token

  • x-amz-server-side-encryption-customer-key-MD5: MD5 Client Token

  • x-amz-server-side-encryption-customer-algorithm: AES256

", + "locationName":"ClientToken" + }, + "ValidUntil":{ + "shape":"timestamp", + "documentation":"

The expiry timestamp for the pre-signed URL, after which the URL will no longer be valid.

", + "locationName":"ValidUntil" + } + } + }, + "GetUploadJobRequest":{ + "type":"structure", + "required":[ + "DomainName", + "JobId" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain containing the upload job.

", + "location":"uri", + "locationName":"DomainName" + }, + "JobId":{ + "shape":"uuid", + "documentation":"

The unique identifier of the upload job to retrieve.

", + "location":"uri", + "locationName":"JobId" + } + } + }, + "GetUploadJobResponse":{ + "type":"structure", + "members":{ + "JobId":{ + "shape":"uuid", + "documentation":"

The unique identifier of the upload job.

", + "locationName":"JobId" + }, + "DisplayName":{ + "shape":"string1To255", + "documentation":"

The unique name of the upload job. Could be a file name to identify the upload job.

", + "locationName":"DisplayName" + }, + "Status":{ + "shape":"UploadJobStatus", + "documentation":"

The status describing the status for the upload job. The following are Valid Values:

  • CREATED: The upload job has been created, but has not started processing yet.

  • IN_PROGRESS: The upload job is currently in progress, ingesting and processing the profile data.

  • PARTIALLY_SUCCEEDED: The upload job has successfully completed the ingestion and processing of all profile data.

  • SUCCEEDED: The upload job has successfully completed the ingestion and processing of all profile data.

  • FAILED: The upload job has failed to complete.

  • STOPPED: The upload job has been manually stopped or terminated before completion.

", + "locationName":"Status" + }, + "StatusReason":{ + "shape":"StatusReason", + "documentation":"

The reason for the current status of the upload job. Possible reasons:

  • VALIDATION_FAILURE: The upload job has encountered an error or issue and was unable to complete the profile data ingestion.

  • INTERNAL_FAILURE: Failure caused from service side

", + "locationName":"StatusReason" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp when the upload job was created.

", + "locationName":"CreatedAt" + }, + "CompletedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp when the upload job was completed.

", + "locationName":"CompletedAt" + }, + "Fields":{ + "shape":"FieldMap", + "documentation":"

The mapping between CSV Columns and Profile Object attributes for the upload job.

", + "locationName":"Fields" + }, + "UniqueKey":{ + "shape":"text", + "documentation":"

The unique key columns used for de-duping the keys in the upload job.

", + "locationName":"UniqueKey" + }, + "ResultsSummary":{ + "shape":"ResultsSummary", + "documentation":"

The summary of results for the upload job, including the number of updated, created, and failed records.

", + "locationName":"ResultsSummary" + }, + "DataExpiry":{ + "shape":"expirationDaysInteger", + "documentation":"

The expiry duration for the profiles ingested with the upload job.

", + "locationName":"DataExpiry" + } + } + }, "GetWorkflowRequest":{ "type":"structure", "required":[ @@ -4990,6 +5777,60 @@ "min":20, "pattern":"arn:aws:kms:.*:[0-9]+:.*" }, + "LayoutItem":{ + "type":"structure", + "required":[ + "LayoutDefinitionName", + "Description", + "DisplayName", + "LayoutType", + "CreatedAt", + "LastUpdatedAt" + ], + "members":{ + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then layout will not be used by default but it can be used to view data by explicit selection on UI.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under customer profiles domain.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was most recently updated.

" + } + }, + "documentation":"

The layout object that contains LayoutDefinitionName, Description, DisplayName, IsDefault, LayoutType, Tags, CreatedAt, LastUpdatedAt

" + }, + "LayoutList":{ + "type":"list", + "member":{"shape":"LayoutItem"} + }, + "LayoutType":{ + "type":"string", + "enum":["PROFILE_EXPLORER"] + }, "ListAccountIntegrationsRequest":{ "type":"structure", "required":["Uri"], @@ -5054,6 +5895,14 @@ "shape":"timestamp", "documentation":"

The timestamp of when the calculated attribute definition was most recently edited.

" }, + "UseHistoricalData":{ + "shape":"optionalBoolean", + "documentation":"

Whether historical data ingested before the Calculated Attribute was created should be included in calculations.

" + }, + "Status":{ + "shape":"ReadinessStatus", + "documentation":"

Status of the Calculated Attribute creation (whether all historical data has been indexed.)

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" @@ -5116,6 +5965,10 @@ "Value":{ "shape":"string1To255", "documentation":"

The value of the calculated attribute.

" + }, + "LastObjectTimestamp":{ + "shape":"timestamp", + "documentation":"

The timestamp of the newest object included in the calculated attribute calculation.

" } }, "documentation":"

The details of a single calculated attribute for a profile.

" @@ -5193,6 +6046,43 @@ }, "documentation":"

An object in a list that represents a domain.

" }, + "ListDomainLayoutsRequest":{ + "type":"structure", + "required":["DomainName"], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain.

", + "location":"uri", + "locationName":"DomainName" + }, + "NextToken":{ + "shape":"token", + "documentation":"

Identifies the next page of results to return.

", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"maxSize100", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"max-results" + } + } + }, + "ListDomainLayoutsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"LayoutList", + "documentation":"

Contains summary information about an EventStream.

" + }, + "NextToken":{ + "shape":"token", + "documentation":"

Identifies the next page of results to return.

" + } + } + }, "ListDomainsRequest":{ "type":"structure", "members":{ @@ -5501,6 +6391,62 @@ } } }, + "ListProfileHistoryRecordsRequest":{ + "type":"structure", + "required":[ + "DomainName", + "ProfileId" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain for which to return profile history records.

", + "location":"uri", + "locationName":"DomainName" + }, + "ProfileId":{ + "shape":"uuid", + "documentation":"

The identifier of the profile to be taken.

" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"

Applies a filter to include profile history records only with the specified ObjectTypeName value in the response.

" + }, + "NextToken":{ + "shape":"token", + "documentation":"

The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"maxSize100", + "documentation":"

The maximum number of results to return per page.

", + "location":"querystring", + "locationName":"max-results" + }, + "ActionType":{ + "shape":"ActionType", + "documentation":"

Applies a filter to include profile history records only with the specified ActionType value in the response.

" + }, + "PerformedBy":{ + "shape":"string1To255", + "documentation":"

Applies a filter to include profile history records only with the specified PerformedBy value in the response. The PerformedBy value can be the Amazon Resource Name (ARN) of the person or service principal who performed the action.

" + } + } + }, + "ListProfileHistoryRecordsResponse":{ + "type":"structure", + "members":{ + "ProfileHistoryRecords":{ + "shape":"ProfileHistoryRecords", + "documentation":"

The list of profile history records.

" + }, + "NextToken":{ + "shape":"token", + "documentation":"

If there are additional results, this is the token for the next set of results.

" + } + } + }, "ListProfileObjectTypeItem":{ "type":"structure", "required":[ @@ -5792,6 +6738,45 @@ } } }, + "ListUploadJobsRequest":{ + "type":"structure", + "required":["DomainName"], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain to list upload jobs for.

", + "location":"uri", + "locationName":"DomainName" + }, + "MaxResults":{ + "shape":"MaxSize500", + "documentation":"

The maximum number of upload jobs to return per page.

", + "location":"querystring", + "locationName":"max-results" + }, + "NextToken":{ + "shape":"token", + "documentation":"

The pagination token from the previous call to retrieve the next page of results.

", + "location":"querystring", + "locationName":"next-token" + } + } + }, + "ListUploadJobsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"token", + "documentation":"

The pagination token to use to retrieve the next page of results.

", + "locationName":"NextToken" + }, + "Items":{ + "shape":"UploadJobsList", + "documentation":"

The list of upload jobs for the specified domain.

", + "locationName":"Items" + } + } + }, "ListWorkflowsItem":{ "type":"structure", "required":[ @@ -6120,7 +7105,6 @@ }, "ObjectCount":{ "type":"integer", - "max":100, "min":1 }, "ObjectFilter":{ @@ -6274,6 +7258,10 @@ "max":4, "min":1 }, + "PhonePreferenceList":{ + "type":"list", + "member":{"shape":"ContactPreference"} + }, "Profile":{ "type":"structure", "members":{ @@ -6283,7 +7271,7 @@ }, "AccountNumber":{ "shape":"sensitiveString1To255", - "documentation":"

An account number that you have given to the customer.

" + "documentation":"

An account number that you have assigned to the customer.

" }, "AdditionalInformation":{ "shape":"sensitiveString1To1000", @@ -6376,6 +7364,14 @@ "GenderString":{ "shape":"sensitiveString1To255", "documentation":"

An alternative to Gender which accepts any string as input.

" + }, + "ProfileType":{ + "shape":"ProfileType", + "documentation":"

The type of the profile.

" + }, + "EngagementPreferences":{ + "shape":"EngagementPreferences", + "documentation":"

The customer or account’s engagement preferences.

" } }, "documentation":"

The standard profile of a customer.

" @@ -6530,6 +7526,11 @@ "shape":"CustomAttributes", "documentation":"

A field to describe values to segment on within attributes.

", "locationName":"Attributes" + }, + "ProfileType":{ + "shape":"ProfileTypeDimension", + "documentation":"

A field to describe values to segment on within profile type.

", + "locationName":"ProfileType" } }, "documentation":"

The object used to segment on attributes within the customer profile.

", @@ -6555,6 +7556,50 @@ }, "documentation":"

Object to hold the dimensions of a profile's fields to segment on.

" }, + "ProfileHistoryRecord":{ + "type":"structure", + "required":[ + "Id", + "ObjectTypeName", + "CreatedAt", + "ActionType" + ], + "members":{ + "Id":{ + "shape":"uuid", + "documentation":"

The unique identifier of the profile history record.

" + }, + "ObjectTypeName":{ + "shape":"typeName", + "documentation":"

The name of the profile object type.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the profile history record was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the profile history record was last updated.

" + }, + "ActionType":{ + "shape":"ActionType", + "documentation":"

The action type of the profile history record.

" + }, + "ProfileObjectUniqueKey":{ + "shape":"string1To255", + "documentation":"

The unique identifier of the profile object generated by the service.

" + }, + "PerformedBy":{ + "shape":"string1To255", + "documentation":"

The Amazon Resource Name (ARN) of the person or service principal who performed the action.

" + } + }, + "documentation":"

Contains profile history record metadata.

" + }, + "ProfileHistoryRecords":{ + "type":"list", + "member":{"shape":"ProfileHistoryRecord"} + }, "ProfileId":{"type":"string"}, "ProfileIdList":{ "type":"list", @@ -6638,6 +7683,47 @@ }, "documentation":"

Object that holds the results for membership.

" }, + "ProfileType":{ + "type":"string", + "enum":[ + "ACCOUNT_PROFILE", + "PROFILE" + ], + "sensitive":true + }, + "ProfileTypeDimension":{ + "type":"structure", + "required":[ + "DimensionType", + "Values" + ], + "members":{ + "DimensionType":{ + "shape":"ProfileTypeDimensionType", + "documentation":"

The action to segment on.

", + "locationName":"DimensionType" + }, + "Values":{ + "shape":"ProfileTypeValues", + "documentation":"

The values to apply the DimensionType on.

", + "locationName":"Values" + } + }, + "documentation":"

Object to hold the dimension of a profile type field to segment on.

" + }, + "ProfileTypeDimensionType":{ + "type":"string", + "enum":[ + "INCLUSIVE", + "EXCLUSIVE" + ] + }, + "ProfileTypeValues":{ + "type":"list", + "member":{"shape":"ProfileType"}, + "max":1, + "min":1 + }, "Profiles":{ "type":"list", "member":{"shape":"ProfileQueryResult"} @@ -6911,10 +7997,6 @@ }, "Range":{ "type":"structure", - "required":[ - "Value", - "Unit" - ], "members":{ "Value":{ "shape":"Value", @@ -6923,6 +8005,18 @@ "Unit":{ "shape":"Unit", "documentation":"

The unit of time.

" + }, + "ValueRange":{ + "shape":"ValueRange", + "documentation":"

A structure letting customers specify a relative time window over which over which data is included in the Calculated Attribute. Use positive numbers to indicate that the endpoint is in the past, and negative numbers to indicate it is in the future. ValueRange overrides Value.

" + }, + "TimestampSource":{ + "shape":"string1To255", + "documentation":"

An expression specifying the field in your JSON object from which the date should be parsed. The expression should follow the structure of \\\"{ObjectTypeName.<Location of timestamp field in JSON pointer format>}\\\". E.g. if your object type is MyType and source JSON is {\"generatedAt\": {\"timestamp\": \"1737587945945\"}}, then TimestampSource should be \"{MyType.generatedAt.timestamp}\".

" + }, + "TimestampFormat":{ + "shape":"string1To255", + "documentation":"

The format the timestamp field in your JSON object is specified. This value should be one of EPOCHMILLI (for Unix epoch timestamps with second/millisecond level precision) or ISO_8601 (following ISO_8601 format with second/millisecond level precision, with an optional offset of Z or in the format HH:MM or HHMM.). E.g. if your object type is MyType and source JSON is {\"generatedAt\": {\"timestamp\": \"2001-07-04T12:08:56.235-0700\"}}, then TimestampFormat should be \"ISO_8601\".

" } }, "documentation":"

The relative time period over which data is included in the aggregation.

" @@ -6953,6 +8047,29 @@ "type":"string", "enum":["DAYS"] }, + "Readiness":{ + "type":"structure", + "members":{ + "ProgressPercentage":{ + "shape":"percentageInteger", + "documentation":"

Approximately how far the Calculated Attribute creation is from completion.

" + }, + "Message":{ + "shape":"text", + "documentation":"

Any customer messaging.

" + } + }, + "documentation":"

Information indicating if the Calculated Attribute is ready for use by confirming all historical data has been processed and reflected.

" + }, + "ReadinessStatus":{ + "type":"string", + "enum":[ + "PREPARING", + "IN_PROGRESS", + "COMPLETED", + "FAILED" + ] + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -6962,6 +8079,27 @@ "error":{"httpStatusCode":404}, "exception":true }, + "ResultsSummary":{ + "type":"structure", + "members":{ + "UpdatedRecords":{ + "shape":"optionalLong", + "documentation":"

The number of records that were updated during the upload job.

", + "locationName":"UpdatedRecords" + }, + "CreatedRecords":{ + "shape":"optionalLong", + "documentation":"

The number of records that were newly created during the upload job.

", + "locationName":"CreatedRecords" + }, + "FailedRecords":{ + "shape":"optionalLong", + "documentation":"

The number of records that failed to be processed during the upload job.

", + "locationName":"FailedRecords" + } + }, + "documentation":"

The summary of results for an upload job, including the number of updated, created, and failed records.

" + }, "RoleArn":{ "type":"string", "max":512, @@ -7472,6 +8610,15 @@ "CASE", "ORDER", "COMMUNICATION_RECORD", + "AIR_PREFERENCE", + "HOTEL_PREFERENCE", + "AIR_BOOKING", + "AIR_SEGMENT", + "HOTEL_RESERVATION", + "HOTEL_STAY_REVENUE", + "LOYALTY", + "LOYALTY_TRANSACTION", + "LOYALTY_PROMOTION", "UNIQUE", "SECONDARY", "LOOKUP_ONLY", @@ -7482,10 +8629,31 @@ "type":"list", "member":{"shape":"StandardIdentifier"} }, - "Start":{ - "type":"integer", - "max":366, - "min":1 + "Start":{"type":"integer"}, + "StartUploadJobRequest":{ + "type":"structure", + "required":[ + "DomainName", + "JobId" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain containing the upload job to start.

", + "location":"uri", + "locationName":"DomainName" + }, + "JobId":{ + "shape":"name", + "documentation":"

The unique identifier of the upload job to start.

", + "location":"uri", + "locationName":"JobId" + } + } + }, + "StartUploadJobResponse":{ + "type":"structure", + "members":{} }, "Statistic":{ "type":"string", @@ -7514,6 +8682,38 @@ ] }, "StatusCode":{"type":"integer"}, + "StatusReason":{ + "type":"string", + "enum":[ + "VALIDATION_FAILURE", + "INTERNAL_FAILURE" + ] + }, + "StopUploadJobRequest":{ + "type":"structure", + "required":[ + "DomainName", + "JobId" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain containing the upload job to stop.

", + "location":"uri", + "locationName":"DomainName" + }, + "JobId":{ + "shape":"name", + "documentation":"

The unique identifier of the upload job to stop.

", + "location":"uri", + "locationName":"JobId" + } + } + }, + "StopUploadJobResponse":{ + "type":"structure", + "members":{} + }, "String":{"type":"string"}, "StringDimensionType":{ "type":"string", @@ -7570,8 +8770,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7728,8 +8927,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAddress":{ "type":"structure", @@ -7852,6 +9050,104 @@ "shape":"AttributeDetails", "documentation":"

The mathematical expression and a list of attribute items specified in that expression.

" }, + "UseHistoricalData":{ + "shape":"optionalBoolean", + "documentation":"

Whether historical data ingested before the Calculated Attribute was created should be included in calculations.

" + }, + "Status":{ + "shape":"ReadinessStatus", + "documentation":"

Status of the Calculated Attribute creation (whether all historical data has been indexed.)

" + }, + "Readiness":{ + "shape":"Readiness", + "documentation":"

Information indicating if the Calculated Attribute is ready for use by confirming all historical data has been processed and reflected.

" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" + } + } + }, + "UpdateDomainLayoutRequest":{ + "type":"structure", + "required":[ + "DomainName", + "LayoutDefinitionName" + ], + "members":{ + "DomainName":{ + "shape":"name", + "documentation":"

The unique name of the domain.

", + "location":"uri", + "locationName":"DomainName" + }, + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

", + "location":"uri", + "locationName":"LayoutDefinitionName" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then the layout will not be used by default, but it can be used to view data by explicitly selecting it in the console.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under a Customer Profiles domain.

" + }, + "Layout":{ + "shape":"sensitiveString1To2000000", + "documentation":"

A customizable layout that can be used to view data under a Customer Profiles domain.

" + } + } + }, + "UpdateDomainLayoutResponse":{ + "type":"structure", + "members":{ + "LayoutDefinitionName":{ + "shape":"name", + "documentation":"

The unique name of the layout.

" + }, + "Description":{ + "shape":"sensitiveText", + "documentation":"

The description of the layout

" + }, + "DisplayName":{ + "shape":"displayName", + "documentation":"

The display name of the layout

" + }, + "IsDefault":{ + "shape":"boolean", + "documentation":"

If set to true for a layout, this layout will be used by default to view data. If set to false, then the layout will not be used by default, but it can be used to view data by explicitly selecting it in the console.

" + }, + "LayoutType":{ + "shape":"LayoutType", + "documentation":"

The type of layout that can be used to view data under a Customer Profiles domain.

" + }, + "Layout":{ + "shape":"sensitiveString1To2000000", + "documentation":"

A customizable layout that can be used to view data under a Customer Profiles domain.

" + }, + "Version":{ + "shape":"string1To255", + "documentation":"

The version used to create layout.

" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was created.

" + }, + "LastUpdatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp of when the layout was most recently updated.

" + }, "Tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" @@ -8045,7 +9341,7 @@ }, "AccountNumber":{ "shape":"sensitiveString0To255", - "documentation":"

An account number that you have given to the customer.

" + "documentation":"

An account number that you have assigned to the customer.

" }, "PartyType":{ "shape":"PartyType", @@ -8130,6 +9426,14 @@ "GenderString":{ "shape":"sensitiveString0To255", "documentation":"

An alternative to Gender which accepts any string as input.

" + }, + "ProfileType":{ + "shape":"ProfileType", + "documentation":"

Determines the type of the profile.

" + }, + "EngagementPreferences":{ + "shape":"EngagementPreferences", + "documentation":"

Object that defines users preferred methods of engagement.

" } } }, @@ -8143,10 +9447,66 @@ } } }, + "UploadJobItem":{ + "type":"structure", + "members":{ + "JobId":{ + "shape":"uuid", + "documentation":"

The unique identifier of the upload job.

", + "locationName":"JobId" + }, + "DisplayName":{ + "shape":"string1To255", + "documentation":"

The name of the upload job.

", + "locationName":"DisplayName" + }, + "Status":{ + "shape":"UploadJobStatus", + "documentation":"

The current status of the upload job.

", + "locationName":"Status" + }, + "StatusReason":{ + "shape":"StatusReason", + "documentation":"

The reason for the current status of the upload job.

", + "locationName":"StatusReason" + }, + "CreatedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp when the upload job was created.

", + "locationName":"CreatedAt" + }, + "CompletedAt":{ + "shape":"timestamp", + "documentation":"

The timestamp when the upload job was completed.

", + "locationName":"CompletedAt" + }, + "DataExpiry":{ + "shape":"expirationDaysInteger", + "documentation":"

The expiry duration for the profiles ingested with the upload job.

", + "locationName":"DataExpiry" + } + }, + "documentation":"

The summary information for an individual upload job.

" + }, + "UploadJobStatus":{ + "type":"string", + "enum":[ + "CREATED", + "IN_PROGRESS", + "PARTIALLY_SUCCEEDED", + "SUCCEEDED", + "FAILED", + "STOPPED" + ] + }, + "UploadJobsList":{ + "type":"list", + "member":{"shape":"UploadJobItem"} + }, "Value":{ "type":"integer", - "max":366, - "min":1 + "max":2147483647, + "min":0 }, "ValueList":{ "type":"list", @@ -8154,6 +9514,26 @@ "max":10, "min":1 }, + "ValueRange":{ + "type":"structure", + "required":[ + "Start", + "End" + ], + "members":{ + "Start":{ + "shape":"ValueRangeStart", + "documentation":"

The start time of when to include objects. Use positive numbers to indicate that the starting point is in the past, and negative numbers to indicate it is in the future.

" + }, + "End":{ + "shape":"ValueRangeEnd", + "documentation":"

The end time of when to include objects. Use positive numbers to indicate that the starting point is in the past, and negative numbers to indicate it is in the future.

" + } + }, + "documentation":"

A structure letting customers specify a relative time window over which over which data is included in the Calculated Attribute. Use positive numbers to indicate that the endpoint is in the past, and negative numbers to indicate it is in the future. ValueRange overrides Value.

" + }, + "ValueRangeEnd":{"type":"integer"}, + "ValueRangeStart":{"type":"integer"}, "Values":{ "type":"list", "member":{"shape":"string1To255"}, @@ -8311,6 +9691,11 @@ }, "optionalBoolean":{"type":"boolean"}, "optionalLong":{"type":"long"}, + "percentageInteger":{ + "type":"integer", + "max":100, + "min":0 + }, "requestValueList":{ "type":"list", "member":{"shape":"string1To255"} @@ -8351,6 +9736,12 @@ "min":1, "sensitive":true }, + "sensitiveString1To2000000":{ + "type":"string", + "max":2000000, + "min":1, + "sensitive":true + }, "sensitiveString1To255":{ "type":"string", "max":255, diff -pruN 2.23.6-1/awscli/botocore/data/databrew/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/databrew/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/databrew/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/databrew/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -250,14 +246,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -271,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -291,7 +288,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -302,14 +298,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -320,9 +318,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/databrew/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/databrew/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/databrew/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/databrew/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"databrew", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS Glue DataBrew", "serviceId":"DataBrew", "signatureVersion":"v4", "signingName":"databrew", - "uid":"databrew-2017-07-25" + "uid":"databrew-2017-07-25", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchDeleteRecipeVersion":{ @@ -3943,8 +3945,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4027,8 +4028,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatasetRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/dataexchange/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dataexchange/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dataexchange/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dataexchange/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/dataexchange/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/dataexchange/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/dataexchange/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dataexchange/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -990,7 +990,7 @@ "required":["JobId"], "members":{ "JobId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a job.

", "location":"uri", "locationName":"JobId" @@ -1245,6 +1245,10 @@ "Event":{ "shape":"Event", "documentation":"

What occurs to start an action.

" + }, + "Tags":{ + "shape":"MapOf__string", + "documentation":"

Key-value pairs that you can associate with the event action.

" } } }, @@ -1271,6 +1275,10 @@ "shape":"Id", "documentation":"

The unique identifier for the event action.

" }, + "Tags":{ + "shape":"MapOf__string", + "documentation":"

The tags for the event action.

" + }, "UpdatedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the event action was last updated, in ISO 8601 format.

" @@ -1340,7 +1348,7 @@ "documentation":"

An optional comment about the revision.

" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -1649,19 +1657,19 @@ ], "members":{ "AssetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for an asset.

", "location":"uri", "locationName":"AssetId" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -1685,7 +1693,7 @@ "required":["DataSetId"], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -1712,13 +1720,13 @@ ], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -1986,19 +1994,19 @@ ], "members":{ "AssetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for an asset.

", "location":"uri", "locationName":"AssetId" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -2145,7 +2153,7 @@ "required":["DataSetId"], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -2236,6 +2244,10 @@ "shape":"Id", "documentation":"

The unique identifier for the event action.

" }, + "Tags":{ + "shape":"MapOf__string", + "documentation":"

The tags for the event action.

" + }, "UpdatedAt":{ "shape":"Timestamp", "documentation":"

The date and time that the event action was last updated, in ISO 8601 format.

" @@ -2247,7 +2259,7 @@ "required":["JobId"], "members":{ "JobId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a job.

", "location":"uri", "locationName":"JobId" @@ -2379,13 +2391,13 @@ ], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -2452,7 +2464,10 @@ "NONE" ] }, - "Id":{"type":"string"}, + "Id":{ + "type":"string", + "pattern":"[a-zA-Z0-9]{30,40}" + }, "ImportAssetFromApiGatewayApiRequestDetails":{ "type":"structure", "required":[ @@ -3131,7 +3146,7 @@ "required":["DataSetId"], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -3416,7 +3431,7 @@ ], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -3434,7 +3449,7 @@ "locationName":"nextToken" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -3879,13 +3894,13 @@ ], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -4184,7 +4199,7 @@ "documentation":"

Free-form text field for providers to add information about their notifications.

" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

Affected data set of the notification.

", "location":"uri", "locationName":"DataSetId" @@ -4244,7 +4259,7 @@ "required":["JobId"], "members":{ "JobId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a job.

", "location":"uri", "locationName":"JobId" @@ -4389,13 +4404,13 @@ ], "members":{ "AssetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for an asset.

", "location":"uri", "locationName":"AssetId" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -4405,7 +4420,7 @@ "documentation":"

The name of the asset. When importing from Amazon S3, the Amazon S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target Amazon S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name. When importing from AWS Lake Formation, the static values of \"Database(s) included in the LF-tag policy\" or \"Table(s) included in LF-tag policy\" are used as the name.

" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" @@ -4462,7 +4477,7 @@ "required":["DataSetId"], "members":{ "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -4579,7 +4594,7 @@ "documentation":"

An optional comment about the revision.

" }, "DataSetId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a data set.

", "location":"uri", "locationName":"DataSetId" @@ -4589,7 +4604,7 @@ "documentation":"

Finalizing a revision tells AWS Data Exchange that your changes to the assets in the revision are complete. After it's in this read-only state, you can publish the revision to your products.

" }, "RevisionId":{ - "shape":"__string", + "shape":"Id", "documentation":"

The unique identifier for a revision.

", "location":"uri", "locationName":"RevisionId" diff -pruN 2.23.6-1/awscli/botocore/data/datapipeline/2012-10-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/datapipeline/2012-10-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/datapipeline/2012-10-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datapipeline/2012-10-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/datapipeline/2012-10-29/service-2.json 2.31.35-1/awscli/botocore/data/datapipeline/2012-10-29/service-2.json --- 2.23.6-1/awscli/botocore/data/datapipeline/2012-10-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datapipeline/2012-10-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"datapipeline", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Data Pipeline", "serviceId":"Data Pipeline", "signatureVersion":"v4", "targetPrefix":"DataPipeline", - "uid":"datapipeline-2012-10-29" + "uid":"datapipeline-2012-10-29", + "auth":["aws.auth#sigv4"] }, "operations":{ "ActivatePipeline":{ @@ -332,8 +334,7 @@ }, "ActivatePipelineOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of ActivatePipeline.

" }, "AddTagsInput":{ @@ -356,8 +357,7 @@ }, "AddTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of AddTags.

" }, "CreatePipelineInput":{ @@ -414,8 +414,7 @@ }, "DeactivatePipelineOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of DeactivatePipeline.

" }, "DeletePipelineInput":{ @@ -993,8 +992,7 @@ }, "RemoveTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of RemoveTags.

" }, "ReportTaskProgressInput":{ @@ -1124,8 +1122,7 @@ }, "SetTaskStatusOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of SetTaskStatus.

" }, "Tag":{ diff -pruN 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/paginators-1.json 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/paginators-1.json --- 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,24 +29,6 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "Tasks" - }, - "DescribeStorageSystemResourceMetrics": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "Metrics" - }, - "ListDiscoveryJobs": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "DiscoveryJobs" - }, - "ListStorageSystems": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "StorageSystems" } } } diff -pruN 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/service-2.json 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/service-2.json --- 2.23.6-1/awscli/botocore/data/datasync/2018-11-09/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datasync/2018-11-09/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -16,21 +16,6 @@ "auth":["aws.auth#sigv4"] }, "operations":{ - "AddStorageSystem":{ - "name":"AddStorageSystem", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AddStorageSystemRequest"}, - "output":{"shape":"AddStorageSystemResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Creates an Amazon Web Services resource for an on-premises storage system that you want DataSync Discovery to collect information about.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "CancelTaskExecution":{ "name":"CancelTaskExecution", "http":{ @@ -71,7 +56,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"

Creates a transfer location for a Microsoft Azure Blob Storage container. DataSync can use this location as a transfer source or destination.

Before you begin, make sure you know how DataSync accesses Azure Blob Storage and works with access tiers and blob types. You also need a DataSync agent that can connect to your container.

" + "documentation":"

Creates a transfer location for a Microsoft Azure Blob Storage container. DataSync can use this location as a transfer source or destination. You can make transfers with or without a DataSync agent that connects to your container.

Before you begin, make sure you know how DataSync accesses Azure Blob Storage and works with access tiers and blob types.

" }, "CreateLocationEfs":{ "name":"CreateLocationEfs", @@ -183,7 +168,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"

Creates a transfer location for an object storage system. DataSync can use this location as a source or destination for transferring data.

Before you begin, make sure that you understand the prerequisites for DataSync to work with object storage systems.

" + "documentation":"

Creates a transfer location for an object storage system. DataSync can use this location as a source or destination for transferring data. You can make transfers with or without a DataSync agent.

Before you begin, make sure that you understand the prerequisites for DataSync to work with object storage systems.

" }, "CreateLocationS3":{ "name":"CreateLocationS3", @@ -211,7 +196,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"

Creates a transfer location for a Server Message Block (SMB) file server. DataSync can use this location as a source or destination for transferring data.

Before you begin, make sure that you understand how DataSync accesses SMB file servers.

" + "documentation":"

Creates a transfer location for a Server Message Block (SMB) file server. DataSync can use this location as a source or destination for transferring data.

Before you begin, make sure that you understand how DataSync accesses SMB file servers. For more information, see Providing DataSync access to SMB file servers.

" }, "CreateTask":{ "name":"CreateTask", @@ -283,21 +268,6 @@ ], "documentation":"

Returns information about an DataSync agent, such as its name, service endpoint type, and status.

" }, - "DescribeDiscoveryJob":{ - "name":"DescribeDiscoveryJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeDiscoveryJobRequest"}, - "output":{"shape":"DescribeDiscoveryJobResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Returns information about a DataSync discovery job.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "DescribeLocationAzureBlob":{ "name":"DescribeLocationAzureBlob", "http":{ @@ -452,51 +422,6 @@ ], "documentation":"

Provides details about how an DataSync transfer location for a Server Message Block (SMB) file server is configured.

" }, - "DescribeStorageSystem":{ - "name":"DescribeStorageSystem", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStorageSystemRequest"}, - "output":{"shape":"DescribeStorageSystemResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Returns information about an on-premises storage system that you're using with DataSync Discovery.

", - "endpoint":{"hostPrefix":"discovery-"} - }, - "DescribeStorageSystemResourceMetrics":{ - "name":"DescribeStorageSystemResourceMetrics", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStorageSystemResourceMetricsRequest"}, - "output":{"shape":"DescribeStorageSystemResourceMetricsResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Returns information, including performance data and capacity usage, which DataSync Discovery collects about a specific resource in your-premises storage system.

", - "endpoint":{"hostPrefix":"discovery-"} - }, - "DescribeStorageSystemResources":{ - "name":"DescribeStorageSystemResources", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStorageSystemResourcesRequest"}, - "output":{"shape":"DescribeStorageSystemResourcesResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Returns information that DataSync Discovery collects about resources in your on-premises storage system.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "DescribeTask":{ "name":"DescribeTask", "http":{ @@ -525,21 +450,6 @@ ], "documentation":"

Provides information about an execution of your DataSync task. You can use this operation to help monitor the progress of an ongoing data transfer or check the results of the transfer.

Some DescribeTaskExecution response elements are only relevant to a specific task mode. For information, see Understanding task mode differences and Understanding data transfer performance counters.

" }, - "GenerateRecommendations":{ - "name":"GenerateRecommendations", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GenerateRecommendationsRequest"}, - "output":{"shape":"GenerateRecommendationsResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Creates recommendations about where to migrate your data to in Amazon Web Services. Recommendations are generated based on information that DataSync Discovery collects about your on-premises storage system's resources. For more information, see Recommendations provided by DataSync Discovery.

Once generated, you can view your recommendations by using the DescribeStorageSystemResources operation.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "ListAgents":{ "name":"ListAgents", "http":{ @@ -554,21 +464,6 @@ ], "documentation":"

Returns a list of DataSync agents that belong to an Amazon Web Services account in the Amazon Web Services Region specified in the request.

With pagination, you can reduce the number of agents returned in a response. If you get a truncated list of agents in a response, the response contains a marker that you can specify in your next request to fetch the next page of agents.

ListAgents is eventually consistent. This means the result of running the operation might not reflect that you just created or deleted an agent. For example, if you create an agent with CreateAgent and then immediately run ListAgents, that agent might not show up in the list right away. In situations like this, you can always confirm whether an agent has been created (or deleted) by using DescribeAgent.

" }, - "ListDiscoveryJobs":{ - "name":"ListDiscoveryJobs", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ListDiscoveryJobsRequest"}, - "output":{"shape":"ListDiscoveryJobsResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Provides a list of the existing discovery jobs in the Amazon Web Services Region and Amazon Web Services account where you're using DataSync Discovery.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "ListLocations":{ "name":"ListLocations", "http":{ @@ -583,21 +478,6 @@ ], "documentation":"

Returns a list of source and destination locations.

If you have more locations than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a token that you can specify in your next request to fetch the next page of locations.

" }, - "ListStorageSystems":{ - "name":"ListStorageSystems", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ListStorageSystemsRequest"}, - "output":{"shape":"ListStorageSystemsResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Lists the on-premises storage systems that you're using with DataSync Discovery.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -640,36 +520,6 @@ ], "documentation":"

Returns a list of the DataSync tasks you created.

" }, - "RemoveStorageSystem":{ - "name":"RemoveStorageSystem", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RemoveStorageSystemRequest"}, - "output":{"shape":"RemoveStorageSystemResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Permanently removes a storage system resource from DataSync Discovery, including the associated discovery jobs, collected data, and recommendations.

", - "endpoint":{"hostPrefix":"discovery-"} - }, - "StartDiscoveryJob":{ - "name":"StartDiscoveryJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartDiscoveryJobRequest"}, - "output":{"shape":"StartDiscoveryJobResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Runs a DataSync discovery job on your on-premises storage system. If you haven't added the storage system to DataSync Discovery yet, do this first by using the AddStorageSystem operation.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "StartTaskExecution":{ "name":"StartTaskExecution", "http":{ @@ -684,21 +534,6 @@ ], "documentation":"

Starts an DataSync transfer task. For each task, you can only run one task execution at a time.

There are several steps to a task execution. For more information, see Task execution statuses.

If you're planning to transfer data to or from an Amazon S3 location, review how DataSync can affect your S3 request charges and the DataSync pricing page before you begin.

" }, - "StopDiscoveryJob":{ - "name":"StopDiscoveryJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StopDiscoveryJobRequest"}, - "output":{"shape":"StopDiscoveryJobResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Stops a running DataSync discovery job.

You can stop a discovery job anytime. A job that's stopped before it's scheduled to end likely will provide you some information about your on-premises storage system resources. To get recommendations for a stopped job, you must use the GenerateRecommendations operation.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "TagResource":{ "name":"TagResource", "http":{ @@ -741,21 +576,6 @@ ], "documentation":"

Updates the name of an DataSync agent.

" }, - "UpdateDiscoveryJob":{ - "name":"UpdateDiscoveryJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateDiscoveryJobRequest"}, - "output":{"shape":"UpdateDiscoveryJobResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Edits a DataSync discovery job configuration.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "UpdateLocationAzureBlob":{ "name":"UpdateLocationAzureBlob", "http":{ @@ -910,21 +730,6 @@ ], "documentation":"

Modifies the following configuration parameters of the Server Message Block (SMB) transfer location that you're using with DataSync.

For more information, see Configuring DataSync transfers with an SMB file server.

" }, - "UpdateStorageSystem":{ - "name":"UpdateStorageSystem", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateStorageSystemRequest"}, - "output":{"shape":"UpdateStorageSystemResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalException"} - ], - "documentation":"

Modifies some configurations of an on-premises storage system resource that you're using with DataSync Discovery.

", - "endpoint":{"hostPrefix":"discovery-"} - }, "UpdateTask":{ "name":"UpdateTask", "http":{ @@ -960,61 +765,6 @@ "max":29, "pattern":"[A-Z0-9]{5}(-[A-Z0-9]{5}){4}" }, - "AddStorageSystemRequest":{ - "type":"structure", - "required":[ - "ServerConfiguration", - "SystemType", - "AgentArns", - "ClientToken", - "Credentials" - ], - "members":{ - "ServerConfiguration":{ - "shape":"DiscoveryServerConfiguration", - "documentation":"

Specifies the server name and network port required to connect with the management interface of your on-premises storage system.

" - }, - "SystemType":{ - "shape":"DiscoverySystemType", - "documentation":"

Specifies the type of on-premises storage system that you want DataSync Discovery to collect information about.

DataSync Discovery currently supports NetApp Fabric-Attached Storage (FAS) and All Flash FAS (AFF) systems running ONTAP 9.7 or later.

" - }, - "AgentArns":{ - "shape":"DiscoveryAgentArnList", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the DataSync agent that connects to and reads from your on-premises storage system's management interface. You can only specify one ARN.

" - }, - "CloudWatchLogGroupArn":{ - "shape":"LogGroupArn", - "documentation":"

Specifies the ARN of the Amazon CloudWatch log group for monitoring and logging discovery job events.

" - }, - "Tags":{ - "shape":"InputTagList", - "documentation":"

Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources. We recommend creating at least a name tag for your on-premises storage system.

" - }, - "Name":{ - "shape":"Name", - "documentation":"

Specifies a familiar name for your on-premises storage system.

" - }, - "ClientToken":{ - "shape":"PtolemyUUID", - "documentation":"

Specifies a client token to make sure requests with this API operation are idempotent. If you don't specify a client token, DataSync generates one for you automatically.

", - "idempotencyToken":true - }, - "Credentials":{ - "shape":"Credentials", - "documentation":"

Specifies the user name and password for accessing your on-premises storage system's management interface.

" - } - } - }, - "AddStorageSystemResponse":{ - "type":"structure", - "required":["StorageSystemArn"], - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

The ARN of the on-premises storage system that you can use with DataSync Discovery.

" - } - } - }, "AgentArn":{ "type":"string", "max":128, @@ -1082,7 +832,10 @@ }, "AzureBlobAuthenticationType":{ "type":"string", - "enum":["SAS"] + "enum":[ + "SAS", + "NONE" + ] }, "AzureBlobContainerUrl":{ "type":"string", @@ -1133,35 +886,21 @@ }, "CancelTaskExecutionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, - "Capacity":{ + "CmkSecretConfig":{ "type":"structure", "members":{ - "Used":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of space that's being used in a storage system resource.

" - }, - "Provisioned":{ - "shape":"NonNegativeLong", - "documentation":"

The total amount of space available in a storage system resource.

" + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

Specifies the ARN for the DataSync-managed Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.

" }, - "LogicalUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of space that's being used in a storage system resource without accounting for compression or deduplication.

" - }, - "ClusterCloudStorageUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of space in the cluster that's in cloud storage (for example, if you're using data tiering).

" + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

Specifies the ARN for the customer-managed KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to Secrets Manager.

" } }, - "documentation":"

The storage capacity of an on-premises storage system resource (for example, a volume).

" - }, - "CollectionDurationMinutes":{ - "type":"integer", - "max":44640, - "min":60 + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed KMS key.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" }, "CreateAgentRequest":{ "type":"structure", @@ -1208,8 +947,7 @@ "type":"structure", "required":[ "ContainerUrl", - "AuthenticationType", - "AgentArns" + "AuthenticationType" ], "members":{ "ContainerUrl":{ @@ -1222,7 +960,7 @@ }, "SasConfiguration":{ "shape":"AzureBlobSasConfiguration", - "documentation":"

Specifies the SAS configuration that allows DataSync to access your Azure Blob Storage.

" + "documentation":"

Specifies the SAS configuration that allows DataSync to access your Azure Blob Storage.

If you provide an authentication token using SasConfiguration, but do not provide secret configuration details using CmkSecretConfig or CustomSecretConfig, then DataSync stores the token using your Amazon Web Services account's secrets manager secret.

" }, "BlobType":{ "shape":"AzureBlobType", @@ -1238,11 +976,19 @@ }, "AgentArns":{ "shape":"AgentArnList", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container.

You can specify more than one agent. For more information, see Using multiple agents for your transfer.

" + "documentation":"

(Optional) Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.

You can specify more than one agent. For more information, see Using multiple agents for your transfer.

Make sure you configure this parameter correctly when you first create your storage location. You cannot add or remove agents from a storage location after you create it.

" }, "Tags":{ "shape":"InputTagList", "documentation":"

Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources. We recommend creating at least a name tag for your transfer location.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the authentication token that DataSync uses to access a specific AzureBlob storage location, with a customer-managed KMS key.

When you include this paramater as part of a CreateLocationAzureBlob request, you provide only the KMS key ARN. DataSync uses this KMS key together with the authentication token you specify for SasConfiguration to create a DataSync-managed secret to store the location access credentials.

Make sure the DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the authentication token for an AzureBlob storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SasConfiguration) or CustomSecretConfig (without SasConfiguration) to provide credentials for a CreateLocationAzureBlob request. Do not provide both parameters for the same request.

" } } }, @@ -1506,7 +1252,7 @@ }, "KerberosKeytab":{ "shape":"KerberosKeytabFile", - "documentation":"

The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. You can load the keytab from a file by providing the file's address. If you're using the CLI, it performs base64 encoding for you. Otherwise, provide the base64-encoded text.

If KERBEROS is specified for AuthenticationType, this parameter is required.

" + "documentation":"

The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. You can load the keytab from a file by providing the file's address.

If KERBEROS is specified for AuthenticationType, this parameter is required.

" }, "KerberosKrb5Conf":{ "shape":"KerberosKrb5ConfFile", @@ -1545,7 +1291,7 @@ }, "ServerHostname":{ "shape":"ServerHostname", - "documentation":"

Specifies the Domain Name System (DNS) name or IP version 4 address of the NFS file server that your DataSync agent connects to.

" + "documentation":"

Specifies the DNS name or IP address (IPv4 or IPv6) of the NFS file server that your DataSync agent connects to.

" }, "OnPremConfig":{ "shape":"OnPremConfig", @@ -1576,13 +1322,12 @@ "type":"structure", "required":[ "ServerHostname", - "BucketName", - "AgentArns" + "BucketName" ], "members":{ "ServerHostname":{ "shape":"ServerHostname", - "documentation":"

Specifies the domain name or IP address of the object storage server. A DataSync agent uses this hostname to mount the object storage server in a network.

" + "documentation":"

Specifies the domain name or IP address (IPv4 or IPv6) of the object storage server that your DataSync agent connects to.

" }, "ServerPort":{ "shape":"ObjectStorageServerPort", @@ -1590,7 +1335,7 @@ }, "ServerProtocol":{ "shape":"ObjectStorageServerProtocol", - "documentation":"

Specifies the protocol that your object storage server uses to communicate.

" + "documentation":"

Specifies the protocol that your object storage server uses to communicate. If not specified, the default value is HTTPS.

" }, "Subdirectory":{ "shape":"S3Subdirectory", @@ -1606,11 +1351,11 @@ }, "SecretKey":{ "shape":"ObjectStorageSecretKey", - "documentation":"

Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.

" + "documentation":"

Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.

If you provide a secret using SecretKey, but do not provide secret configuration details using CmkSecretConfig or CustomSecretConfig, then DataSync stores the token using your Amazon Web Services account's Secrets Manager secret.

" }, "AgentArns":{ "shape":"AgentArnList", - "documentation":"

Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system.

" + "documentation":"

(Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.

Make sure you configure this parameter correctly when you first create your storage location. You cannot add or remove agents from a storage location after you create it.

" }, "Tags":{ "shape":"InputTagList", @@ -1619,6 +1364,14 @@ "ServerCertificate":{ "shape":"ObjectStorageCertificate", "documentation":"

Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single .pem file with a full certificate chain (for example, file:///home/user/.ssh/object_storage_certificates.pem).

The certificate chain might include:

  • The object storage system's certificate

  • All intermediate certificates (if there are any)

  • The root certificate of the signing CA

You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:

cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem

To use this parameter, configure ServerProtocol to HTTPS.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, which includes the SecretKey that DataSync uses to access a specific object storage location, with a customer-managed KMS key.

When you include this paramater as part of a CreateLocationObjectStorage request, you provide only the KMS key ARN. DataSync uses this KMS key together with the value you specify for the SecretKey parameter to create a DataSync-managed secret to store the location access credentials.

Make sure the DataSync has permission to access the KMS key that you specify.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig (with SecretKey) or CustomSecretConfig (without SecretKey) to provide credentials for a CreateLocationObjectStorage request. Do not provide both parameters for the same request.

" } }, "documentation":"

CreateLocationObjectStorageRequest

" @@ -1679,30 +1432,28 @@ "required":[ "Subdirectory", "ServerHostname", - "User", - "Password", "AgentArns" ], "members":{ "Subdirectory":{ "shape":"SmbSubdirectory", - "documentation":"

Specifies the name of the share exported by your SMB file server where DataSync will read or write data. You can include a subdirectory in the share path (for example, /path/to/subdirectory). Make sure that other SMB clients in your network can also mount this path.

To copy all data in the subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see required permissions for SMB locations.

" + "documentation":"

Specifies the name of the share exported by your SMB file server where DataSync will read or write data. You can include a subdirectory in the share path (for example, /path/to/subdirectory). Make sure that other SMB clients in your network can also mount this path.

To copy all data in the subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see Providing DataSync access to SMB file servers.

" }, "ServerHostname":{ "shape":"ServerHostname", - "documentation":"

Specifies the Domain Name Service (DNS) name or IP address of the SMB file server that your DataSync agent will mount.

You can't specify an IP version 6 (IPv6) address.

" + "documentation":"

Specifies the domain name or IP address (IPv4 or IPv6) of the SMB file server that your DataSync agent connects to.

If you're using Kerberos authentication, you must specify a domain name.

" }, "User":{ "shape":"SmbUser", - "documentation":"

Specifies the user that can mount and access the files, folders, and file metadata in your SMB file server.

For information about choosing a user with the right level of access for your transfer, see required permissions for SMB locations.

" + "documentation":"

Specifies the user that can mount and access the files, folders, and file metadata in your SMB file server. This parameter applies only if AuthenticationType is set to NTLM.

For information about choosing a user with the right level of access for your transfer, see Providing DataSync access to SMB file servers.

" }, "Domain":{ "shape":"SmbDomain", - "documentation":"

Specifies the name of the Active Directory domain that your SMB file server belongs to.

If you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.

" + "documentation":"

Specifies the Windows domain name that your SMB file server belongs to. This parameter applies only if AuthenticationType is set to NTLM.

If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.

" }, "Password":{ "shape":"SmbPassword", - "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer.

For more information, see required permissions for SMB locations.

" + "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if AuthenticationType is set to NTLM.

" }, "AgentArns":{ "shape":"AgentArnList", @@ -1715,6 +1466,26 @@ "Tags":{ "shape":"InputTagList", "documentation":"

Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources. We recommend creating at least a name tag for your location.

" + }, + "AuthenticationType":{ + "shape":"SmbAuthenticationType", + "documentation":"

Specifies the authentication protocol that DataSync uses to connect to your SMB file server. DataSync supports NTLM (default) and KERBEROS authentication.

For more information, see Providing DataSync access to SMB file servers.

" + }, + "DnsIpAddresses":{ + "shape":"DnsIpList", + "documentation":"

Specifies the IPv4 or IPv6 addresses for the DNS servers that your SMB file server belongs to. This parameter applies only if AuthenticationType is set to KERBEROS.

If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right SMB file server.

" + }, + "KerberosPrincipal":{ + "shape":"KerberosPrincipal", + "documentation":"

Specifies a Kerberos principal, which is an identity in your Kerberos realm that has permission to access the files, folders, and file metadata in your SMB file server.

A Kerberos principal might look like HOST/kerberosuser@MYDOMAIN.ORG.

Principal names are case sensitive. Your DataSync task execution will fail if the principal that you specify for this parameter doesn’t exactly match the principal that you use to create the keytab file.

" + }, + "KerberosKeytab":{ + "shape":"KerberosKeytabFile", + "documentation":"

Specifies your Kerberos key table (keytab) file, which includes mappings between your Kerberos principal and encryption keys.

To avoid task execution errors, make sure that the Kerberos principal that you use to create the keytab file matches exactly what you specify for KerberosPrincipal.

" + }, + "KerberosKrb5Conf":{ + "shape":"KerberosKrb5ConfFile", + "documentation":"

Specifies a Kerberos configuration file (krb5.conf) that defines your Kerberos realm configuration.

The file must be base64 encoded. If you're using the CLI, the encoding is done for you.

" } }, "documentation":"

CreateLocationSmbRequest

" @@ -1782,7 +1553,7 @@ }, "TaskMode":{ "shape":"TaskMode", - "documentation":"

Specifies one of the following task modes for your data transfer:

  • ENHANCED - Transfer virtually unlimited numbers of objects with higher performance than Basic mode. Enhanced mode tasks optimize the data transfer process by listing, preparing, transferring, and verifying data in parallel. Enhanced mode is currently available for transfers between Amazon S3 locations.

    To create an Enhanced mode task, the IAM role that you use to call the CreateTask operation must have the iam:CreateServiceLinkedRole permission.

  • BASIC (default) - Transfer files or objects between Amazon Web Services storage and all other supported DataSync locations. Basic mode tasks are subject to quotas on the number of files, objects, and directories in a dataset. Basic mode sequentially prepares, transfers, and verifies data, making it slower than Enhanced mode for most workloads.

For more information, see Understanding task mode differences.

" + "documentation":"

Specifies one of the following task modes for your data transfer:

  • ENHANCED - Transfer virtually unlimited numbers of objects with higher performance than Basic mode. Enhanced mode tasks optimize the data transfer process by listing, preparing, transferring, and verifying data in parallel. Enhanced mode is currently available for transfers between Amazon S3 locations, transfers between Azure Blob and Amazon S3 without an agent, and transfers between other clouds and Amazon S3 without an agent.

    To create an Enhanced mode task, the IAM role that you use to call the CreateTask operation must have the iam:CreateServiceLinkedRole permission.

  • BASIC (default) - Transfer files or objects between Amazon Web Services storage and all other supported DataSync locations. Basic mode tasks are subject to quotas on the number of files, objects, and directories in a dataset. Basic mode sequentially prepares, transfers, and verifies data, making it slower than Enhanced mode for most workloads.

For more information, see Understanding task mode differences.

" } }, "documentation":"

CreateTaskRequest

" @@ -1797,23 +1568,19 @@ }, "documentation":"

CreateTaskResponse

" }, - "Credentials":{ + "CustomSecretConfig":{ "type":"structure", - "required":[ - "Username", - "Password" - ], "members":{ - "Username":{ - "shape":"PtolemyUsername", - "documentation":"

Specifies the user name for your storage system's management interface.

" + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

Specifies the ARN for an Secrets Manager secret.

" }, - "Password":{ - "shape":"PtolemyPassword", - "documentation":"

Specifies the password for your storage system's management interface.

" + "SecretAccessRoleArn":{ + "shape":"IamRoleArnOrEmptyString", + "documentation":"

Specifies the ARN for the Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.

" } }, - "documentation":"

The credentials that provide DataSync Discovery read access to your on-premises storage system's management interface.

DataSync Discovery stores these credentials in Secrets Manager. For more information, see Accessing your on-premises storage system.

" + "documentation":"

Specifies configuration information for a customer-managed Secrets Manager secret where a storage location authentication token or secret key is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

" }, "DeleteAgentRequest":{ "type":"structure", @@ -1828,8 +1595,7 @@ }, "DeleteAgentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLocationRequest":{ "type":"structure", @@ -1844,8 +1610,7 @@ }, "DeleteLocationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTaskRequest":{ "type":"structure", @@ -1860,8 +1625,7 @@ }, "DeleteTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAgentRequest":{ "type":"structure", @@ -1912,45 +1676,6 @@ }, "documentation":"

DescribeAgentResponse

" }, - "DescribeDiscoveryJobRequest":{ - "type":"structure", - "required":["DiscoveryJobArn"], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that you want information about.

" - } - } - }, - "DescribeDiscoveryJobResponse":{ - "type":"structure", - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

The ARN of the on-premises storage system you're running the discovery job on.

" - }, - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

The ARN of the discovery job.

" - }, - "CollectionDurationMinutes":{ - "shape":"CollectionDurationMinutes", - "documentation":"

The number of minutes that the discovery job runs.

" - }, - "Status":{ - "shape":"DiscoveryJobStatus", - "documentation":"

Indicates the status of a discovery job. For more information, see Discovery job statuses.

" - }, - "JobStartTime":{ - "shape":"DiscoveryTime", - "documentation":"

The time when the discovery job started.

" - }, - "JobEndTime":{ - "shape":"DiscoveryTime", - "documentation":"

The time when the discovery job ended.

" - } - } - }, "DescribeLocationAzureBlobRequest":{ "type":"structure", "required":["LocationArn"], @@ -1991,6 +1716,18 @@ "CreationTime":{ "shape":"Time", "documentation":"

The time that your Azure Blob Storage transfer location was created.

" + }, + "ManagedSecretConfig":{ + "shape":"ManagedSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as an authentication token that DataSync uses to access a specific storage location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as an authentication token that DataSync uses to access a specific storage location, with a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Describes configuration information for a customer-managed secret, such as an authentication token that DataSync uses to access a specific storage location, with a customer-managed KMS key.

" } } }, @@ -2323,6 +2060,18 @@ "ServerCertificate":{ "shape":"ObjectStorageCertificate", "documentation":"

The certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA).

" + }, + "ManagedSecretConfig":{ + "shape":"ManagedSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Describes configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Describes configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" } }, "documentation":"

DescribeLocationObjectStorageResponse

" @@ -2393,174 +2142,34 @@ }, "User":{ "shape":"SmbUser", - "documentation":"

The user that can mount and access the files, folders, and file metadata in your SMB file server.

" + "documentation":"

The user that can mount and access the files, folders, and file metadata in your SMB file server. This element applies only if AuthenticationType is set to NTLM.

" }, "Domain":{ "shape":"SmbDomain", - "documentation":"

The name of the Microsoft Active Directory domain that the SMB file server belongs to.

" + "documentation":"

The name of the Windows domain that the SMB file server belongs to. This element applies only if AuthenticationType is set to NTLM.

" }, "MountOptions":{ "shape":"SmbMountOptions", - "documentation":"

The protocol that DataSync use to access your SMB file.

" + "documentation":"

The SMB protocol version that DataSync uses to access your SMB file server.

" }, "CreationTime":{ "shape":"Time", "documentation":"

The time that the SMB location was created.

" - } - }, - "documentation":"

DescribeLocationSmbResponse

" - }, - "DescribeStorageSystemRequest":{ - "type":"structure", - "required":["StorageSystemArn"], - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of an on-premises storage system that you're using with DataSync Discovery.

" - } - } - }, - "DescribeStorageSystemResourceMetricsRequest":{ - "type":"structure", - "required":[ - "DiscoveryJobArn", - "ResourceType", - "ResourceId" - ], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that collects information about your on-premises storage system.

" - }, - "ResourceType":{ - "shape":"DiscoveryResourceType", - "documentation":"

Specifies the kind of storage system resource that you want information about.

" - }, - "ResourceId":{ - "shape":"ResourceId", - "documentation":"

Specifies the universally unique identifier (UUID) of the storage system resource that you want information about.

" - }, - "StartTime":{ - "shape":"DiscoveryTime", - "documentation":"

Specifies a time within the total duration that the discovery job ran. To see information gathered during a certain time frame, use this parameter with EndTime.

" - }, - "EndTime":{ - "shape":"DiscoveryTime", - "documentation":"

Specifies a time within the total duration that the discovery job ran. To see information gathered during a certain time frame, use this parameter with StartTime.

" - }, - "MaxResults":{ - "shape":"DiscoveryMaxResults", - "documentation":"

Specifies how many results that you want in the response.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

Specifies an opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "DescribeStorageSystemResourceMetricsResponse":{ - "type":"structure", - "members":{ - "Metrics":{ - "shape":"Metrics", - "documentation":"

The details that your discovery job collected about your storage system resource.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

The opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "DescribeStorageSystemResourcesRequest":{ - "type":"structure", - "required":[ - "DiscoveryJobArn", - "ResourceType" - ], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that's collecting data from your on-premises storage system.

" - }, - "ResourceType":{ - "shape":"DiscoveryResourceType", - "documentation":"

Specifies what kind of storage system resources that you want information about.

" - }, - "ResourceIds":{ - "shape":"ResourceIds", - "documentation":"

Specifies the universally unique identifiers (UUIDs) of the storage system resources that you want information about. You can't use this parameter in combination with the Filter parameter.

" - }, - "Filter":{ - "shape":"ResourceFilters", - "documentation":"

Filters the storage system resources that you want returned. For example, this might be volumes associated with a specific storage virtual machine (SVM).

" - }, - "MaxResults":{ - "shape":"DiscoveryMaxResults", - "documentation":"

Specifies the maximum number of storage system resources that you want to list in a response.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

Specifies an opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "DescribeStorageSystemResourcesResponse":{ - "type":"structure", - "members":{ - "ResourceDetails":{ - "shape":"ResourceDetails", - "documentation":"

The information collected about your storage system's resources. A response can also include Amazon Web Services storage service recommendations.

For more information, see storage resource information collected by and recommendations provided by DataSync Discovery.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

The opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "DescribeStorageSystemResponse":{ - "type":"structure", - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

The ARN of the on-premises storage system that the discovery job looked at.

" - }, - "ServerConfiguration":{ - "shape":"DiscoveryServerConfiguration", - "documentation":"

The server name and network port required to connect with your on-premises storage system's management interface.

" - }, - "SystemType":{ - "shape":"DiscoverySystemType", - "documentation":"

The type of on-premises storage system.

DataSync Discovery currently only supports NetApp Fabric-Attached Storage (FAS) and All Flash FAS (AFF) systems running ONTAP 9.7 or later.

" }, - "AgentArns":{ - "shape":"DiscoveryAgentArnList", - "documentation":"

The ARN of the DataSync agent that connects to and reads from your on-premises storage system.

" - }, - "Name":{ - "shape":"Name", - "documentation":"

The name that you gave your on-premises storage system when adding it to DataSync Discovery.

" + "DnsIpAddresses":{ + "shape":"DnsIpList", + "documentation":"

The IPv4 or IPv6 addresses for the DNS servers that your SMB file server belongs to. This element applies only if AuthenticationType is set to KERBEROS.

" }, - "ErrorMessage":{ - "shape":"ErrorMessage", - "documentation":"

Describes the connectivity error that the DataSync agent is encountering with your on-premises storage system.

" - }, - "ConnectivityStatus":{ - "shape":"StorageSystemConnectivityStatus", - "documentation":"

Indicates whether your DataSync agent can connect to your on-premises storage system.

" - }, - "CloudWatchLogGroupArn":{ - "shape":"LogGroupArn", - "documentation":"

The ARN of the Amazon CloudWatch log group that's used to monitor and log discovery job events.

" - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

The time when you added the on-premises storage system to DataSync Discovery.

" + "KerberosPrincipal":{ + "shape":"KerberosPrincipal", + "documentation":"

The Kerberos principal that has permission to access the files, folders, and file metadata in your SMB file server.

" }, - "SecretsManagerArn":{ - "shape":"SecretsManagerArn", - "documentation":"

The ARN of the secret that stores your on-premises storage system's credentials. DataSync Discovery stores these credentials in Secrets Manager.

" + "AuthenticationType":{ + "shape":"SmbAuthenticationType", + "documentation":"

The authentication protocol that DataSync uses to connect to your SMB file server.

" } - } + }, + "documentation":"

DescribeLocationSmbResponse

" }, "DescribeTaskExecutionRequest":{ "type":"structure", @@ -2599,7 +2208,7 @@ }, "StartTime":{ "shape":"Time", - "documentation":"

The time when the task execution started.

" + "documentation":"

The time that DataSync sends the request to start the task execution. For non-queued tasks, LaunchTime and StartTime are typically the same. For queued tasks, LaunchTime is typically later than StartTime because previously queued tasks must finish running before newer tasks can begin.

" }, "EstimatedFilesToTransfer":{ "shape":"long", @@ -2668,6 +2277,14 @@ "FilesFailed":{ "shape":"TaskExecutionFilesFailedDetail", "documentation":"

The number of objects that DataSync fails to prepare, transfer, verify, and delete during your task execution.

Applies only to Enhanced mode tasks.

" + }, + "LaunchTime":{ + "shape":"Time", + "documentation":"

The time that the task execution actually begins. For non-queued tasks, LaunchTime and StartTime are typically the same. For queued tasks, LaunchTime is typically later than StartTime because previously queued tasks must finish running before newer tasks can begin.

" + }, + "EndTime":{ + "shape":"Time", + "documentation":"

The time that the transfer task ends.

" } }, "documentation":"

DescribeTaskExecutionResponse

" @@ -2773,100 +2390,11 @@ "type":"list", "member":{"shape":"NetworkInterfaceArn"} }, - "DiscoveryAgentArnList":{ + "DnsIpList":{ "type":"list", - "member":{"shape":"AgentArn"}, - "max":1, - "min":1 - }, - "DiscoveryJobArn":{ - "type":"string", - "max":256, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:system/storage-system-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/job/discovery-job-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" - }, - "DiscoveryJobList":{ - "type":"list", - "member":{"shape":"DiscoveryJobListEntry"} - }, - "DiscoveryJobListEntry":{ - "type":"structure", - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

The Amazon Resource Name (ARN) of a discovery job.

" - }, - "Status":{ - "shape":"DiscoveryJobStatus", - "documentation":"

The status of a discovery job. For more information, see Discovery job statuses.

" - } - }, - "documentation":"

The details about a specific DataSync discovery job.

" - }, - "DiscoveryJobStatus":{ - "type":"string", - "enum":[ - "RUNNING", - "WARNING", - "TERMINATED", - "FAILED", - "STOPPED", - "COMPLETED", - "COMPLETED_WITH_ISSUES" - ] - }, - "DiscoveryMaxResults":{ - "type":"integer", - "max":100, - "min":1 - }, - "DiscoveryNextToken":{ - "type":"string", - "max":65535, - "pattern":"[a-zA-Z0-9=_-]+" + "member":{"shape":"ServerIpAddress"}, + "max":2 }, - "DiscoveryResourceFilter":{ - "type":"string", - "enum":["SVM"] - }, - "DiscoveryResourceType":{ - "type":"string", - "enum":[ - "SVM", - "VOLUME", - "CLUSTER" - ] - }, - "DiscoveryServerConfiguration":{ - "type":"structure", - "required":["ServerHostname"], - "members":{ - "ServerHostname":{ - "shape":"DiscoveryServerHostname", - "documentation":"

The domain name or IP address of your storage system's management interface.

" - }, - "ServerPort":{ - "shape":"DiscoveryServerPort", - "documentation":"

The network port for accessing the storage system's management interface.

" - } - }, - "documentation":"

The network settings that DataSync Discovery uses to connect with your on-premises storage system's management interface.

" - }, - "DiscoveryServerHostname":{ - "type":"string", - "max":255, - "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])$" - }, - "DiscoveryServerPort":{ - "type":"integer", - "box":true, - "max":65535, - "min":1 - }, - "DiscoverySystemType":{ - "type":"string", - "enum":["NetAppONTAP"] - }, - "DiscoveryTime":{"type":"timestamp"}, "Duration":{ "type":"long", "min":0 @@ -2927,10 +2455,6 @@ "max":4096, "pattern":"^[a-zA-Z0-9_\\-\\+\\./\\(\\)\\p{Zs}]*$" }, - "EnabledProtocols":{ - "type":"list", - "member":{"shape":"PtolemyString"} - }, "Endpoint":{ "type":"string", "max":15, @@ -2942,14 +2466,10 @@ "enum":[ "PUBLIC", "PRIVATE_LINK", - "FIPS" + "FIPS", + "FIPS_PRIVATE_LINK" ] }, - "ErrorMessage":{ - "type":"string", - "max":128, - "pattern":".*" - }, "FilterAttributeValue":{ "type":"string", "max":255, @@ -2962,10 +2482,6 @@ "max":1, "min":0 }, - "FilterMembers":{ - "type":"list", - "member":{"shape":"PtolemyString"} - }, "FilterRule":{ "type":"structure", "members":{ @@ -3074,7 +2590,7 @@ "type":"structure", "members":{ "Domain":{ - "shape":"FsxUpdateSmbDomain", + "shape":"UpdateSmbDomain", "documentation":"

Specifies the name of the Windows domain that your storage virtual machine (SVM) belongs to.

If you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right SVM.

" }, "MountOptions":{"shape":"SmbMountOptions"}, @@ -3089,43 +2605,11 @@ }, "documentation":"

Specifies the Server Message Block (SMB) protocol configuration that DataSync uses to access your Amazon FSx for NetApp ONTAP file system's storage virtual machine (SVM). For more information, see Providing DataSync access to FSx for ONTAP file systems.

" }, - "FsxUpdateSmbDomain":{ - "type":"string", - "max":253, - "pattern":"^([A-Za-z0-9]((\\.|-+)?[A-Za-z0-9]){0,252})?$" - }, "FsxWindowsSubdirectory":{ "type":"string", "max":4096, "pattern":"^[a-zA-Z0-9_\\-\\+\\./\\(\\)\\$\\p{Zs}]+$" }, - "GenerateRecommendationsRequest":{ - "type":"structure", - "required":[ - "DiscoveryJobArn", - "ResourceIds", - "ResourceType" - ], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that collects information about your on-premises storage system.

" - }, - "ResourceIds":{ - "shape":"ResourceIds", - "documentation":"

Specifies the universally unique identifiers (UUIDs) of the resources in your storage system that you want recommendations on.

" - }, - "ResourceType":{ - "shape":"DiscoveryResourceType", - "documentation":"

Specifies the type of resource in your storage system that you want recommendations on.

" - } - } - }, - "GenerateRecommendationsResponse":{ - "type":"structure", - "members":{ - } - }, "Gid":{ "type":"string", "enum":[ @@ -3218,33 +2702,16 @@ "min":1, "pattern":"^[_.A-Za-z0-9][-_.A-Za-z0-9]*$" }, - "IOPS":{ - "type":"structure", - "members":{ - "Read":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS related to read operations.

" - }, - "Write":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS related to write operations.

" - }, - "Other":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS unrelated to read and write operations.

" - }, - "Total":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak total IOPS on your on-premises storage system resource.

" - } - }, - "documentation":"

The IOPS peaks for an on-premises storage system resource. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - }, "IamRoleArn":{ "type":"string", "max":2048, "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$" }, + "IamRoleArnOrEmptyString":{ + "type":"string", + "max":2048, + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+|)$" + }, "InputTagList":{ "type":"list", "member":{"shape":"TagListEntry"}, @@ -3285,30 +2752,17 @@ "min":1, "pattern":"^.+$" }, + "KmsKeyArn":{ + "type":"string", + "max":2048, + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):kms:[a-z\\-0-9]+:[0-9]{12}:key/.*|)$" + }, "KmsKeyProviderUri":{ "type":"string", "max":255, "min":1, "pattern":"^kms:\\/\\/http[s]?@(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])(;(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9]))*:[0-9]{1,5}\\/kms$" }, - "Latency":{ - "type":"structure", - "members":{ - "Read":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for read operations.

" - }, - "Write":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for write operations.

" - }, - "Other":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for operations unrelated to read and write operations.

" - } - }, - "documentation":"

The latency peaks for an on-premises storage system resource. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - }, "ListAgentsRequest":{ "type":"structure", "members":{ @@ -3337,36 +2791,6 @@ }, "documentation":"

ListAgentsResponse

" }, - "ListDiscoveryJobsRequest":{ - "type":"structure", - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of an on-premises storage system. Use this parameter if you only want to list the discovery jobs that are associated with a specific storage system.

" - }, - "MaxResults":{ - "shape":"DiscoveryMaxResults", - "documentation":"

Specifies how many results you want in the response.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

Specifies an opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "ListDiscoveryJobsResponse":{ - "type":"structure", - "members":{ - "DiscoveryJobs":{ - "shape":"DiscoveryJobList", - "documentation":"

The discovery jobs that you've run.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

The opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, "ListLocationsRequest":{ "type":"structure", "members":{ @@ -3399,32 +2823,6 @@ }, "documentation":"

ListLocationsResponse

" }, - "ListStorageSystemsRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"DiscoveryMaxResults", - "documentation":"

Specifies how many results you want in the response.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

Specifies an opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, - "ListStorageSystemsResponse":{ - "type":"structure", - "members":{ - "StorageSystems":{ - "shape":"StorageSystemList", - "documentation":"

The Amazon Resource Names ARNs) of the on-premises storage systems that you're using with DataSync Discovery.

" - }, - "NextToken":{ - "shape":"DiscoveryNextToken", - "documentation":"

The opaque string that indicates the position to begin the next list of results in the response.

" - } - } - }, "ListTagsForResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -3575,7 +2973,7 @@ }, "LocationUri":{ "shape":"LocationUri", - "documentation":"

Represents a list of URIs of a location. LocationUri returns an array that contains a list of locations when the ListLocations operation is called.

Format: TYPE://GLOBAL_ID/SUBDIR.

TYPE designates the type of location (for example, nfs or s3).

GLOBAL_ID is the globally unique identifier of the resource that backs the location. An example for EFS is us-east-2.fs-abcd1234. An example for Amazon S3 is the bucket name, such as myBucket. An example for NFS is a valid IPv4 address or a hostname that is compliant with Domain Name Service (DNS).

SUBDIR is a valid file system path, delimited by forward slashes as is the *nix convention. For NFS and Amazon EFS, it's the export path to mount the location. For Amazon S3, it's the prefix path that you mount to and treat as the root of the location.

" + "documentation":"

Represents a list of URIs of a location. LocationUri returns an array that contains a list of locations when the ListLocations operation is called.

Format: TYPE://GLOBAL_ID/SUBDIR.

TYPE designates the type of location (for example, nfs or s3).

GLOBAL_ID is the globally unique identifier of the resource that backs the location. An example for EFS is us-east-2.fs-abcd1234. An example for Amazon S3 is the bucket name, such as myBucket. An example for NFS is a valid IPv4 or IPv6 address or a hostname that is compliant with DNS.

SUBDIR is a valid file system path, delimited by forward slashes as is the *nix convention. For NFS and Amazon EFS, it's the export path to mount the location. For Amazon S3, it's the prefix path that you mount to and treat as the root of the location.

" } }, "documentation":"

Represents a single entry in a list of locations. LocationListEntry returns an array that contains a list of locations when the ListLocations operation is called.

" @@ -3598,6 +2996,16 @@ "TRANSFER" ] }, + "ManagedSecretConfig":{ + "type":"structure", + "members":{ + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

Specifies the ARN for an Secrets Manager secret.

" + } + }, + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default Amazon Web Services-managed KMS key to encrypt this secret in Secrets Manager.

" + }, "ManifestAction":{ "type":"string", "enum":["TRANSFER"] @@ -3624,65 +3032,11 @@ "type":"string", "enum":["CSV"] }, - "MaxP95Performance":{ - "type":"structure", - "members":{ - "IopsRead":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS related to read operations.

" - }, - "IopsWrite":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS related to write operations.

" - }, - "IopsOther":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak IOPS unrelated to read and write operations.

" - }, - "IopsTotal":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak total IOPS on your on-premises storage system resource.

" - }, - "ThroughputRead":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput related to read operations.

" - }, - "ThroughputWrite":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput related to write operations.

" - }, - "ThroughputOther":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput unrelated to read and write operations.

" - }, - "ThroughputTotal":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak total throughput on your on-premises storage system resource.

" - }, - "LatencyRead":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for read operations.

" - }, - "LatencyWrite":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for write operations.

" - }, - "LatencyOther":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak latency for operations unrelated to read and write operations.

" - } - }, - "documentation":"

The performance data that DataSync Discovery collects about an on-premises storage system resource.

" - }, "MaxResults":{ "type":"integer", "max":100, "min":0 }, - "Metrics":{ - "type":"list", - "member":{"shape":"ResourceMetrics"} - }, "Mtime":{ "type":"string", "enum":[ @@ -3690,206 +3044,6 @@ "PRESERVE" ] }, - "Name":{ - "type":"string", - "max":256, - "min":1, - "pattern":"^[\\p{L}\\p{M}\\p{N}\\s+=._:@\\/-]+$" - }, - "NetAppONTAPCluster":{ - "type":"structure", - "members":{ - "CifsShareCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of CIFS shares in the cluster.

" - }, - "NfsExportedVolumes":{ - "shape":"NonNegativeLong", - "documentation":"

The number of NFS volumes in the cluster.

" - }, - "ResourceId":{ - "shape":"PtolemyUUID", - "documentation":"

The universally unique identifier (UUID) of the cluster.

" - }, - "ClusterName":{ - "shape":"PtolemyString", - "documentation":"

The name of the cluster.

" - }, - "MaxP95Performance":{ - "shape":"MaxP95Performance", - "documentation":"

The performance data that DataSync Discovery collects about the cluster.

" - }, - "ClusterBlockStorageSize":{ - "shape":"NonNegativeLong", - "documentation":"

The total storage space that's available in the cluster.

" - }, - "ClusterBlockStorageUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in a cluster.

" - }, - "ClusterBlockStorageLogicalUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in the cluster without accounting for compression or deduplication.

" - }, - "Recommendations":{ - "shape":"Recommendations", - "documentation":"

The Amazon Web Services storage services that DataSync Discovery recommends for the cluster. For more information, see Recommendations provided by DataSync Discovery.

" - }, - "RecommendationStatus":{ - "shape":"RecommendationStatus", - "documentation":"

Indicates whether DataSync Discovery recommendations for the cluster are ready to view, incomplete, or can't be determined.

For more information, see Recommendation statuses.

" - }, - "LunCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of LUNs (logical unit numbers) in the cluster.

" - }, - "ClusterCloudStorageUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of space in the cluster that's in cloud storage (for example, if you're using data tiering).

" - } - }, - "documentation":"

The information that DataSync Discovery collects about an on-premises storage system cluster.

" - }, - "NetAppONTAPClusters":{ - "type":"list", - "member":{"shape":"NetAppONTAPCluster"} - }, - "NetAppONTAPSVM":{ - "type":"structure", - "members":{ - "ClusterUuid":{ - "shape":"PtolemyUUID", - "documentation":"

The universally unique identifier (UUID) of the cluster associated with the SVM.

" - }, - "ResourceId":{ - "shape":"PtolemyUUID", - "documentation":"

The UUID of the SVM.

" - }, - "SvmName":{ - "shape":"PtolemyString", - "documentation":"

The name of the SVM

" - }, - "CifsShareCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of CIFS shares in the SVM.

" - }, - "EnabledProtocols":{ - "shape":"EnabledProtocols", - "documentation":"

The data transfer protocols (such as NFS) configured for the SVM.

" - }, - "TotalCapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in the SVM.

" - }, - "TotalCapacityProvisioned":{ - "shape":"NonNegativeLong", - "documentation":"

The total storage space that's available in the SVM.

" - }, - "TotalLogicalCapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in the SVM without accounting for compression or deduplication.

" - }, - "MaxP95Performance":{ - "shape":"MaxP95Performance", - "documentation":"

The performance data that DataSync Discovery collects about the SVM.

" - }, - "Recommendations":{ - "shape":"Recommendations", - "documentation":"

The Amazon Web Services storage services that DataSync Discovery recommends for the SVM. For more information, see Recommendations provided by DataSync Discovery.

" - }, - "NfsExportedVolumes":{ - "shape":"NonNegativeLong", - "documentation":"

The number of NFS volumes in the SVM.

" - }, - "RecommendationStatus":{ - "shape":"RecommendationStatus", - "documentation":"

Indicates whether DataSync Discovery recommendations for the SVM are ready to view, incomplete, or can't be determined.

For more information, see Recommendation statuses.

" - }, - "TotalSnapshotCapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of storage in the SVM that's being used for snapshots.

" - }, - "LunCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of LUNs (logical unit numbers) in the SVM.

" - } - }, - "documentation":"

The information that DataSync Discovery collects about a storage virtual machine (SVM) in your on-premises storage system.

" - }, - "NetAppONTAPSVMs":{ - "type":"list", - "member":{"shape":"NetAppONTAPSVM"} - }, - "NetAppONTAPVolume":{ - "type":"structure", - "members":{ - "VolumeName":{ - "shape":"PtolemyString", - "documentation":"

The name of the volume.

" - }, - "ResourceId":{ - "shape":"PtolemyUUID", - "documentation":"

The universally unique identifier (UUID) of the volume.

" - }, - "CifsShareCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of CIFS shares in the volume.

" - }, - "SecurityStyle":{ - "shape":"PtolemyString", - "documentation":"

The volume's security style (such as Unix or NTFS).

" - }, - "SvmUuid":{ - "shape":"PtolemyUUID", - "documentation":"

The UUID of the storage virtual machine (SVM) associated with the volume.

" - }, - "SvmName":{ - "shape":"PtolemyString", - "documentation":"

The name of the SVM associated with the volume.

" - }, - "CapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in the volume.

" - }, - "CapacityProvisioned":{ - "shape":"NonNegativeLong", - "documentation":"

The total storage space that's available in the volume.

" - }, - "LogicalCapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The storage space that's being used in the volume without accounting for compression or deduplication.

" - }, - "NfsExported":{ - "shape":"PtolemyBoolean", - "documentation":"

The number of NFS volumes in the volume.

" - }, - "SnapshotCapacityUsed":{ - "shape":"NonNegativeLong", - "documentation":"

The amount of storage in the volume that's being used for snapshots.

" - }, - "MaxP95Performance":{ - "shape":"MaxP95Performance", - "documentation":"

The performance data that DataSync Discovery collects about the volume.

" - }, - "Recommendations":{ - "shape":"Recommendations", - "documentation":"

The Amazon Web Services storage services that DataSync Discovery recommends for the volume. For more information, see Recommendations provided by DataSync Discovery.

" - }, - "RecommendationStatus":{ - "shape":"RecommendationStatus", - "documentation":"

Indicates whether DataSync Discovery recommendations for the volume are ready to view, incomplete, or can't be determined.

For more information, see Recommendation statuses.

" - }, - "LunCount":{ - "shape":"NonNegativeLong", - "documentation":"

The number of LUNs (logical unit numbers) in the volume.

" - } - }, - "documentation":"

The information that DataSync Discovery collects about a volume in your on-premises storage system.

" - }, - "NetAppONTAPVolumes":{ - "type":"list", - "member":{"shape":"NetAppONTAPVolume"} - }, "NetworkInterfaceArn":{ "type":"string", "max":128, @@ -3924,16 +3078,6 @@ "NFS4_1" ] }, - "NonNegativeDouble":{ - "type":"double", - "box":true, - "min":0 - }, - "NonNegativeLong":{ - "type":"long", - "box":true, - "min":0 - }, "ObjectStorageAccessKey":{ "type":"string", "max":200, @@ -3944,7 +3088,7 @@ "type":"string", "max":63, "min":3, - "pattern":"^[a-zA-Z0-9_\\-\\+\\./\\(\\)\\$\\p{Zs}]+$" + "pattern":"^[a-zA-Z0-9_\\-\\+\\.\\(\\)\\$\\p{Zs}]+$" }, "ObjectStorageCertificate":{ "type":"blob", @@ -4089,24 +3233,6 @@ "NEVER" ] }, - "P95Metrics":{ - "type":"structure", - "members":{ - "IOPS":{ - "shape":"IOPS", - "documentation":"

The IOPS peaks for an on-premises storage system resource. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - }, - "Throughput":{ - "shape":"Throughput", - "documentation":"

The throughput peaks for an on-premises storage system resource. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - }, - "Latency":{ - "shape":"Latency", - "documentation":"

The latency peaks for an on-premises storage system resource. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - } - }, - "documentation":"

The types of performance data that DataSync Discovery collects about an on-premises storage system resource.

" - }, "PLSecurityGroupArnList":{ "type":"list", "member":{"shape":"Ec2SecurityGroupArn"}, @@ -4180,28 +3306,6 @@ }, "documentation":"

Specifies how your DataSync agent connects to Amazon Web Services using a virtual private cloud (VPC) service endpoint. An agent that uses a VPC endpoint isn't accessible over the public internet.

" }, - "PtolemyBoolean":{"type":"boolean"}, - "PtolemyPassword":{ - "type":"string", - "max":1024, - "pattern":"^(?!.*[:\\\"][^:\"]*$).+$", - "sensitive":true - }, - "PtolemyString":{ - "type":"string", - "max":1024, - "pattern":"^.{0,1024}$" - }, - "PtolemyUUID":{ - "type":"string", - "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" - }, - "PtolemyUsername":{ - "type":"string", - "max":1024, - "pattern":"^(?!.*[:\\\"][^:\"]*$).+$", - "sensitive":true - }, "QopConfiguration":{ "type":"structure", "members":{ @@ -4216,57 +3320,6 @@ }, "documentation":"

The Quality of Protection (QOP) configuration specifies the Remote Procedure Call (RPC) and data transfer privacy settings configured on the Hadoop Distributed File System (HDFS) cluster.

" }, - "Recommendation":{ - "type":"structure", - "members":{ - "StorageType":{ - "shape":"PtolemyString", - "documentation":"

A recommended Amazon Web Services storage service that you can migrate data to based on information that DataSync Discovery collects about your on-premises storage system.

" - }, - "StorageConfiguration":{ - "shape":"RecommendationsConfigMap", - "documentation":"

Information about how you can set up a recommended Amazon Web Services storage service.

" - }, - "EstimatedMonthlyStorageCost":{ - "shape":"PtolemyString", - "documentation":"

The estimated monthly cost of the recommended Amazon Web Services storage service.

" - } - }, - "documentation":"

The details about an Amazon Web Services storage service that DataSync Discovery recommends for a resource in your on-premises storage system.

For more information, see Recommendations provided by DataSync Discovery.

" - }, - "RecommendationStatus":{ - "type":"string", - "enum":[ - "NONE", - "IN_PROGRESS", - "COMPLETED", - "FAILED" - ] - }, - "Recommendations":{ - "type":"list", - "member":{"shape":"Recommendation"} - }, - "RecommendationsConfigMap":{ - "type":"map", - "key":{"shape":"PtolemyString"}, - "value":{"shape":"PtolemyString"} - }, - "RemoveStorageSystemRequest":{ - "type":"structure", - "required":["StorageSystemArn"], - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the storage system that you want to permanently remove from DataSync Discovery.

" - } - } - }, - "RemoveStorageSystemResponse":{ - "type":"structure", - "members":{ - } - }, "ReportDestination":{ "type":"structure", "members":{ @@ -4363,65 +3416,6 @@ }, "documentation":"

Indicates whether DataSync created a complete task report for your transfer.

" }, - "ResourceDetails":{ - "type":"structure", - "members":{ - "NetAppONTAPSVMs":{ - "shape":"NetAppONTAPSVMs", - "documentation":"

The information that DataSync Discovery collects about storage virtual machines (SVMs) in your on-premises storage system.

" - }, - "NetAppONTAPVolumes":{ - "shape":"NetAppONTAPVolumes", - "documentation":"

The information that DataSync Discovery collects about volumes in your on-premises storage system.

" - }, - "NetAppONTAPClusters":{ - "shape":"NetAppONTAPClusters", - "documentation":"

The information that DataSync Discovery collects about the cluster in your on-premises storage system.

" - } - }, - "documentation":"

Information provided by DataSync Discovery about the resources in your on-premises storage system.

" - }, - "ResourceFilters":{ - "type":"map", - "key":{"shape":"DiscoveryResourceFilter"}, - "value":{"shape":"FilterMembers"} - }, - "ResourceId":{ - "type":"string", - "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" - }, - "ResourceIds":{ - "type":"list", - "member":{"shape":"ResourceId"}, - "max":100, - "min":1 - }, - "ResourceMetrics":{ - "type":"structure", - "members":{ - "Timestamp":{ - "shape":"Timestamp", - "documentation":"

The time when DataSync Discovery collected this information from the resource.

" - }, - "P95Metrics":{ - "shape":"P95Metrics", - "documentation":"

The types of performance data that DataSync Discovery collects about the on-premises storage system resource.

" - }, - "Capacity":{ - "shape":"Capacity", - "documentation":"

The storage capacity of the on-premises storage system resource.

" - }, - "ResourceId":{ - "shape":"ResourceId", - "documentation":"

The universally unique identifier (UUID) of the on-premises storage system resource.

" - }, - "ResourceType":{ - "shape":"DiscoveryResourceType", - "documentation":"

The type of on-premises storage system resource.

" - } - }, - "documentation":"

Information, including performance data and capacity usage, provided by DataSync Discovery about a resource in your on-premises storage system.

" - }, "S3BucketArn":{ "type":"string", "max":268, @@ -4513,15 +3507,28 @@ "DISABLED" ] }, - "SecretsManagerArn":{ + "SecretArn":{ "type":"string", "max":2048, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z\\-0-9]+:[0-9]{12}:secret:.*" + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z\\-0-9]+:[0-9]{12}:secret:.*|)$" }, "ServerHostname":{ "type":"string", "max":255, - "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])$" + "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-:]*[A-Za-z0-9])$" + }, + "ServerIpAddress":{ + "type":"string", + "max":39, + "min":7, + "pattern":"\\A((25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}|([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6}))\\z" + }, + "SmbAuthenticationType":{ + "type":"string", + "enum":[ + "NTLM", + "KERBEROS" + ] }, "SmbDomain":{ "type":"string", @@ -4560,7 +3567,7 @@ "SmbUser":{ "type":"string", "max":104, - "pattern":"^[^\\x5B\\x5D\\\\/:;|=,+*?]{1,104}$" + "pattern":"^[^\\x22\\x5B\\x5D/\\\\:;|=,+*?\\x3C\\x3E]{1,104}$" }, "SmbVersion":{ "type":"string", @@ -4587,42 +3594,6 @@ "type":"list", "member":{"shape":"NetworkInterfaceArn"} }, - "StartDiscoveryJobRequest":{ - "type":"structure", - "required":[ - "StorageSystemArn", - "CollectionDurationMinutes", - "ClientToken" - ], - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the on-premises storage system that you want to run the discovery job on.

" - }, - "CollectionDurationMinutes":{ - "shape":"CollectionDurationMinutes", - "documentation":"

Specifies in minutes how long you want the discovery job to run.

For more accurate recommendations, we recommend a duration of at least 14 days. Longer durations allow time to collect a sufficient number of data points and provide a realistic representation of storage performance and utilization.

" - }, - "ClientToken":{ - "shape":"PtolemyUUID", - "documentation":"

Specifies a client token to make sure requests with this API operation are idempotent. If you don't specify a client token, DataSync generates one for you automatically.

", - "idempotencyToken":true - }, - "Tags":{ - "shape":"InputTagList", - "documentation":"

Specifies labels that help you categorize, filter, and search for your Amazon Web Services resources.

" - } - } - }, - "StartDiscoveryJobResponse":{ - "type":"structure", - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

The ARN of the discovery job that you started.

" - } - } - }, "StartTaskExecutionRequest":{ "type":"structure", "required":["TaskArn"], @@ -4665,52 +3636,6 @@ }, "documentation":"

StartTaskExecutionResponse

" }, - "StopDiscoveryJobRequest":{ - "type":"structure", - "required":["DiscoveryJobArn"], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that you want to stop.

" - } - } - }, - "StopDiscoveryJobResponse":{ - "type":"structure", - "members":{ - } - }, - "StorageSystemArn":{ - "type":"string", - "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:system/storage-system-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" - }, - "StorageSystemConnectivityStatus":{ - "type":"string", - "enum":[ - "PASS", - "FAIL", - "UNKNOWN" - ] - }, - "StorageSystemList":{ - "type":"list", - "member":{"shape":"StorageSystemListEntry"} - }, - "StorageSystemListEntry":{ - "type":"structure", - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

The Amazon Resource Names (ARN) of an on-premises storage system that you added to DataSync Discovery.

" - }, - "Name":{ - "shape":"Name", - "documentation":"

The name of an on-premises storage system that you added to DataSync Discovery.

" - } - }, - "documentation":"

Information that identifies an on-premises storage system that you're using with DataSync Discovery.

" - }, "StorageVirtualMachineArn":{ "type":"string", "max":162, @@ -4763,8 +3688,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5043,30 +3967,7 @@ "UNAVAILABLE" ] }, - "Throughput":{ - "type":"structure", - "members":{ - "Read":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput related to read operations.

" - }, - "Write":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput related to write operations.

" - }, - "Other":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak throughput unrelated to read and write operations.

" - }, - "Total":{ - "shape":"NonNegativeDouble", - "documentation":"

Peak total throughput on your on-premises storage system resource.

" - } - }, - "documentation":"

The throughput peaks for an on-premises storage system volume. Each data point represents the 95th percentile peak value during a 1-hour interval.

" - }, "Time":{"type":"timestamp"}, - "Timestamp":{"type":"timestamp"}, "TransferMode":{ "type":"string", "enum":[ @@ -5103,8 +4004,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAgentRequest":{ "type":"structure", @@ -5123,30 +4023,7 @@ }, "UpdateAgentResponse":{ "type":"structure", - "members":{ - } - }, - "UpdateDiscoveryJobRequest":{ - "type":"structure", - "required":[ - "DiscoveryJobArn", - "CollectionDurationMinutes" - ], - "members":{ - "DiscoveryJobArn":{ - "shape":"DiscoveryJobArn", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the discovery job that you want to update.

" - }, - "CollectionDurationMinutes":{ - "shape":"CollectionDurationMinutes", - "documentation":"

Specifies in minutes how long that you want the discovery job to run. (You can't set this parameter to less than the number of minutes that the job has already run for.)

" - } - } - }, - "UpdateDiscoveryJobResponse":{ - "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationAzureBlobRequest":{ "type":"structure", @@ -5178,14 +4055,21 @@ }, "AgentArns":{ "shape":"AgentArnList", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container.

You can specify more than one agent. For more information, see Using multiple agents for your transfer.

" + "documentation":"

(Optional) Specifies the Amazon Resource Name (ARN) of the DataSync agent that can connect with your Azure Blob Storage container. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.

You can specify more than one agent. For more information, see Using multiple agents for your transfer.

You cannot add or remove agents from a storage location after you initially create it.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" } } }, "UpdateLocationAzureBlobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationEfsRequest":{ "type":"structure", @@ -5215,8 +4099,7 @@ }, "UpdateLocationEfsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationFsxLustreRequest":{ "type":"structure", @@ -5234,8 +4117,7 @@ }, "UpdateLocationFsxLustreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationFsxOntapRequest":{ "type":"structure", @@ -5257,8 +4139,7 @@ }, "UpdateLocationFsxOntapResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationFsxOpenZfsRequest":{ "type":"structure", @@ -5277,8 +4158,7 @@ }, "UpdateLocationFsxOpenZfsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationFsxWindowsRequest":{ "type":"structure", @@ -5293,7 +4173,7 @@ "documentation":"

Specifies a mount path for your file system using forward slashes. DataSync uses this subdirectory to read or write data (depending on whether the file system is a source or destination location).

" }, "Domain":{ - "shape":"FsxUpdateSmbDomain", + "shape":"UpdateSmbDomain", "documentation":"

Specifies the name of the Windows domain that your FSx for Windows File Server file system belongs to.

If you have multiple Active Directory domains in your environment, configuring this parameter makes sure that DataSync connects to the right file system.

" }, "User":{ @@ -5308,8 +4188,7 @@ }, "UpdateLocationFsxWindowsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationHdfsRequest":{ "type":"structure", @@ -5357,7 +4236,7 @@ }, "KerberosKeytab":{ "shape":"KerberosKeytabFile", - "documentation":"

The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. You can load the keytab from a file by providing the file's address. If you use the CLI, it performs base64 encoding for you. Otherwise, provide the base64-encoded text.

" + "documentation":"

The Kerberos key table (keytab) that contains mappings between the defined Kerberos principal and the encrypted keys. You can load the keytab from a file by providing the file's address.

" }, "KerberosKrb5Conf":{ "shape":"KerberosKrb5ConfFile", @@ -5371,8 +4250,7 @@ }, "UpdateLocationHdfsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationNfsRequest":{ "type":"structure", @@ -5386,14 +4264,17 @@ "shape":"NfsSubdirectory", "documentation":"

Specifies the export path in your NFS file server that you want DataSync to mount.

This path (or a subdirectory of the path) is where DataSync transfers data to or from. For information on configuring an export for DataSync, see Accessing NFS file servers.

" }, + "ServerHostname":{ + "shape":"ServerHostname", + "documentation":"

Specifies the DNS name or IP address (IPv4 or IPv6) of the NFS file server that your DataSync agent connects to.

" + }, "OnPremConfig":{"shape":"OnPremConfig"}, "MountOptions":{"shape":"NfsMountOptions"} } }, "UpdateLocationNfsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationObjectStorageRequest":{ "type":"structure", @@ -5415,28 +4296,39 @@ "shape":"S3Subdirectory", "documentation":"

Specifies the object prefix for your object storage server. If this is a source location, DataSync only copies objects with this prefix. If this is a destination location, DataSync writes all objects with this prefix.

" }, + "ServerHostname":{ + "shape":"ServerHostname", + "documentation":"

Specifies the domain name or IP address (IPv4 or IPv6) of the object storage server that your DataSync agent connects to.

" + }, "AccessKey":{ "shape":"ObjectStorageAccessKey", "documentation":"

Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.

" }, "SecretKey":{ "shape":"ObjectStorageSecretKey", - "documentation":"

Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.

" + "documentation":"

Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.

If you provide a secret using SecretKey, but do not provide secret configuration details using CmkSecretConfig or CustomSecretConfig, then DataSync stores the token using your Amazon Web Services account's Secrets Manager secret.

" }, "AgentArns":{ "shape":"AgentArnList", - "documentation":"

Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system.

" + "documentation":"

(Optional) Specifies the Amazon Resource Names (ARNs) of the DataSync agents that can connect with your object storage system. If you are setting up an agentless cross-cloud transfer, you do not need to specify a value for this parameter.

You cannot add or remove agents from a storage location after you initially create it.

" }, "ServerCertificate":{ "shape":"ObjectStorageCertificate", "documentation":"

Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single .pem file with a full certificate chain (for example, file:///home/user/.ssh/object_storage_certificates.pem).

The certificate chain might include:

  • The object storage system's certificate

  • All intermediate certificates (if there are any)

  • The root certificate of the signing CA

You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:

cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem

To use this parameter, configure ServerProtocol to HTTPS.

Updating this parameter doesn't interfere with tasks that you have in progress.

" + }, + "CmkSecretConfig":{ + "shape":"CmkSecretConfig", + "documentation":"

Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" + }, + "CustomSecretConfig":{ + "shape":"CustomSecretConfig", + "documentation":"

Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed KMS key.

" } } }, "UpdateLocationObjectStorageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationS3Request":{ "type":"structure", @@ -5459,8 +4351,7 @@ }, "UpdateLocationS3Response":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLocationSmbRequest":{ "type":"structure", @@ -5472,66 +4363,59 @@ }, "Subdirectory":{ "shape":"SmbSubdirectory", - "documentation":"

Specifies the name of the share exported by your SMB file server where DataSync will read or write data. You can include a subdirectory in the share path (for example, /path/to/subdirectory). Make sure that other SMB clients in your network can also mount this path.

To copy all data in the specified subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see required permissions for SMB locations.

" + "documentation":"

Specifies the name of the share exported by your SMB file server where DataSync will read or write data. You can include a subdirectory in the share path (for example, /path/to/subdirectory). Make sure that other SMB clients in your network can also mount this path.

To copy all data in the specified subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see Providing DataSync access to SMB file servers.

" + }, + "ServerHostname":{ + "shape":"ServerHostname", + "documentation":"

Specifies the domain name or IP address (IPv4 or IPv6) of the SMB file server that your DataSync agent connects to.

If you're using Kerberos authentication, you must specify a domain name.

" }, "User":{ "shape":"SmbUser", - "documentation":"

Specifies the user name that can mount your SMB file server and has permission to access the files and folders involved in your transfer.

For information about choosing a user with the right level of access for your transfer, see required permissions for SMB locations.

" + "documentation":"

Specifies the user name that can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if AuthenticationType is set to NTLM.

For information about choosing a user with the right level of access for your transfer, see Providing DataSync access to SMB file servers.

" }, "Domain":{ "shape":"SmbDomain", - "documentation":"

Specifies the Windows domain name that your SMB file server belongs to.

If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.

For more information, see required permissions for SMB locations.

" + "documentation":"

Specifies the Windows domain name that your SMB file server belongs to. This parameter applies only if AuthenticationType is set to NTLM.

If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.

" }, "Password":{ "shape":"SmbPassword", - "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer.

For more information, see required permissions for SMB locations.

" + "documentation":"

Specifies the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer. This parameter applies only if AuthenticationType is set to NTLM.

" }, "AgentArns":{ "shape":"AgentArnList", "documentation":"

Specifies the DataSync agent (or agents) that can connect to your SMB file server. You specify an agent by using its Amazon Resource Name (ARN).

" }, - "MountOptions":{"shape":"SmbMountOptions"} - } - }, - "UpdateLocationSmbResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateStorageSystemRequest":{ - "type":"structure", - "required":["StorageSystemArn"], - "members":{ - "StorageSystemArn":{ - "shape":"StorageSystemArn", - "documentation":"

Specifies the ARN of the on-premises storage system that you want reconfigure.

" + "MountOptions":{"shape":"SmbMountOptions"}, + "AuthenticationType":{ + "shape":"SmbAuthenticationType", + "documentation":"

Specifies the authentication protocol that DataSync uses to connect to your SMB file server. DataSync supports NTLM (default) and KERBEROS authentication.

For more information, see Providing DataSync access to SMB file servers.

" }, - "ServerConfiguration":{ - "shape":"DiscoveryServerConfiguration", - "documentation":"

Specifies the server name and network port required to connect with your on-premises storage system's management interface.

" + "DnsIpAddresses":{ + "shape":"DnsIpList", + "documentation":"

Specifies the IP addresses (IPv4 or IPv6) for the DNS servers that your SMB file server belongs to. This parameter applies only if AuthenticationType is set to KERBEROS.

If you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right SMB file server.

" }, - "AgentArns":{ - "shape":"DiscoveryAgentArnList", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the DataSync agent that connects to and reads your on-premises storage system. You can only specify one ARN.

" - }, - "Name":{ - "shape":"Name", - "documentation":"

Specifies a familiar name for your on-premises storage system.

" + "KerberosPrincipal":{ + "shape":"KerberosPrincipal", + "documentation":"

Specifies a Kerberos prinicpal, which is an identity in your Kerberos realm that has permission to access the files, folders, and file metadata in your SMB file server.

A Kerberos principal might look like HOST/kerberosuser@MYDOMAIN.ORG.

Principal names are case sensitive. Your DataSync task execution will fail if the principal that you specify for this parameter doesn’t exactly match the principal that you use to create the keytab file.

" }, - "CloudWatchLogGroupArn":{ - "shape":"LogGroupArn", - "documentation":"

Specifies the ARN of the Amazon CloudWatch log group for monitoring and logging discovery job events.

" + "KerberosKeytab":{ + "shape":"KerberosKeytabFile", + "documentation":"

Specifies your Kerberos key table (keytab) file, which includes mappings between your Kerberos principal and encryption keys.

To avoid task execution errors, make sure that the Kerberos principal that you use to create the keytab file matches exactly what you specify for KerberosPrincipal.

" }, - "Credentials":{ - "shape":"Credentials", - "documentation":"

Specifies the user name and password for accessing your on-premises storage system's management interface.

" + "KerberosKrb5Conf":{ + "shape":"KerberosKrb5ConfFile", + "documentation":"

Specifies a Kerberos configuration file (krb5.conf) that defines your Kerberos realm configuration.

The file must be base64 encoded. If you're using the CLI, the encoding is done for you.

" } } }, - "UpdateStorageSystemResponse":{ + "UpdateLocationSmbResponse":{ "type":"structure", - "members":{ - } + "members":{} + }, + "UpdateSmbDomain":{ + "type":"string", + "max":253, + "pattern":"^([A-Za-z0-9]((\\.|-+)?[A-Za-z0-9]){0,252})?$" }, "UpdateTaskExecutionRequest":{ "type":"structure", @@ -5549,8 +4433,7 @@ }, "UpdateTaskExecutionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTaskRequest":{ "type":"structure", @@ -5594,8 +4477,7 @@ }, "UpdateTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatedEfsAccessPointArn":{ "type":"string", @@ -5622,5 +4504,5 @@ "long":{"type":"long"}, "string":{"type":"string"} }, - "documentation":"DataSync

DataSync is an online data movement and discovery service that simplifies data migration and helps you quickly, easily, and securely transfer your file or object data to, from, and between Amazon Web Services storage services.

This API interface reference includes documentation for using DataSync programmatically. For complete information, see the DataSync User Guide .

" + "documentation":"DataSync

DataSync is an online data movement service that simplifies data migration and helps you quickly, easily, and securely transfer your file or object data to, from, and between Amazon Web Services storage services.

This API interface reference includes documentation for using DataSync programmatically. For complete information, see the DataSync User Guide .

" } diff -pruN 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -209,6 +209,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListAccountPools": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListAccountsInAccountPool": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.sdk-extras.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -9,7 +9,8 @@ }, "SearchListings": { "non_aggregate_keys": [ - "totalMatchCount" + "totalMatchCount", + "aggregates" ] }, "SearchTypes": { diff -pruN 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/datazone/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/datazone/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"datazone", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon DataZone", "serviceId":"DataZone", "signatureVersion":"v4", "signingName":"datazone", - "uid":"datazone-2018-05-10" + "uid":"datazone-2018-05-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptPredictions":{ @@ -117,6 +119,26 @@ ], "documentation":"

Associates the environment role in Amazon DataZone.

" }, + "AssociateGovernedTerms":{ + "name":"AssociateGovernedTerms", + "http":{ + "method":"PATCH", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/associate-governed-terms", + "responseCode":200 + }, + "input":{"shape":"AssociateGovernedTermsInput"}, + "output":{"shape":"AssociateGovernedTermsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Associates governed terms with an asset.

" + }, "CancelMetadataGenerationRun":{ "name":"CancelMetadataGenerationRun", "http":{ @@ -135,7 +157,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Cancels the metadata generation run.

" + "documentation":"

Cancels the metadata generation run.

Prerequisites:

  • The run must exist and be in a cancelable status (e.g., SUBMITTED, IN_PROGRESS).

  • Runs in SUCCEEDED status cannot be cancelled.

  • User must have access to the run and cancel permissions.

" }, "CancelSubscription":{ "name":"CancelSubscription", @@ -158,6 +180,27 @@ "documentation":"

Cancels the subscription to the specified asset.

", "idempotent":true }, + "CreateAccountPool":{ + "name":"CreateAccountPool", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools", + "responseCode":201 + }, + "input":{"shape":"CreateAccountPoolInput"}, + "output":{"shape":"CreateAccountPoolOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Creates an account pool.

" + }, "CreateAsset":{ "name":"CreateAsset", "http":{ @@ -177,7 +220,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates an asset in Amazon DataZone catalog.

", + "documentation":"

Creates an asset in Amazon DataZone catalog.

Before creating assets, make sure that the following requirements are met:

  • --domain-identifier must refer to an existing domain.

  • --owning-project-identifier must be a valid project within the domain.

  • Asset type must be created beforehand using create-asset-type, or be a supported system-defined type. For more information, see create-asset-type.

  • --type-revision (if used) must match a valid revision of the asset type.

  • formsInput is required when it is associated as required in the asset-type. For more information, see create-form-type.

  • Form content must include all required fields as per the form schema (e.g., bucketArn).

You must invoke the following pre-requisite commands before invoking this API:

", "idempotent":true }, "CreateAssetFilter":{ @@ -199,7 +242,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a data asset filter.

", + "documentation":"

Creates a data asset filter.

Asset filters provide a sophisticated way to create controlled views of data assets by selecting specific columns or applying row-level filters. This capability is crucial for organizations that need to share data while maintaining security and privacy controls. For example, your database might be filtered to show only non-PII fields to certain users, or sales data might be filtered by region for different regional teams. Asset filters enable fine-grained access control while maintaining a single source of truth.

Prerequisites:

  • A valid domain (--domain-identifier) must exist.

  • A data asset (--asset-identifier) must already be created under that domain.

  • The asset must have the referenced columns available in its schema for column-based filtering.

  • You cannot specify both (columnConfiguration, rowConfiguration)at the same time.

", "idempotent":true }, "CreateAssetRevision":{ @@ -220,7 +263,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a revision of the asset.

", + "documentation":"

Creates a revision of the asset.

Asset revisions represent new versions of existing assets, capturing changes to either the underlying data or its metadata. They maintain a historical record of how assets evolve over time, who made changes, and when those changes occurred. This versioning capability is crucial for governance and compliance, allowing organizations to track changes, understand their impact, and roll back if necessary.

Prerequisites:

  • Asset must already exist in the domain with identifier.

  • formsInput is required when asset has the form type. typeRevision should be the latest version of form type.

  • The form content must include all required fields (e.g., bucketArn for S3ObjectCollectionForm).

  • The owning project of the original asset must still exist and be active.

  • User must have write access to the project and domain.

", "idempotent":true }, "CreateAssetType":{ @@ -241,7 +284,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a custom asset type.

" + "documentation":"

Creates a custom asset type.

Prerequisites:

  • The formsInput field is required, however, can be passed as empty (e.g. -forms-input {}).

  • You must have CreateAssetType permissions.

  • The domain-identifier and owning-project-identifier must be valid and active.

  • The name of the asset type must be unique within the domain — duplicate names will cause failure.

  • JSON input must be valid — incorrect formatting causes Invalid JSON errors.

" }, "CreateConnection":{ "name":"CreateConnection", @@ -284,7 +327,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a data product.

", + "documentation":"

Creates a data product.

A data product is a comprehensive package that combines data assets with their associated metadata, documentation, and access controls. It's designed to serve specific business needs or use cases, making it easier for users to find and consume data appropriately. Data products include important information about data quality, freshness, and usage guidelines, effectively bridging the gap between data producers and consumers while ensuring proper governance.

Prerequisites:

  • The domain must exist and be accessible.

  • The owning project must be valid and active.

  • The name must be unique within the domain (no existing data product with the same name).

  • User must have create permissions for data products in the project.

", "idempotent":true }, "CreateDataProductRevision":{ @@ -305,7 +348,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a data product revision.

", + "documentation":"

Creates a data product revision.

Prerequisites:

  • The original data product must exist in the given domain.

  • User must have permissions on the data product.

  • The domain must be valid and accessible.

  • The new revision name must comply with naming constraints (if required).

", "idempotent":true }, "CreateDataSource":{ @@ -413,6 +456,27 @@ ], "documentation":"

Creates an action for the environment, for example, creates a console link for an analytics tool that is available in this environment.

" }, + "CreateEnvironmentBlueprint":{ + "name":"CreateEnvironmentBlueprint", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/environment-blueprints", + "responseCode":201 + }, + "input":{"shape":"CreateEnvironmentBlueprintInput"}, + "output":{"shape":"CreateEnvironmentBlueprintOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Creates a Amazon DataZone blueprint.

" + }, "CreateEnvironmentProfile":{ "name":"CreateEnvironmentProfile", "http":{ @@ -452,7 +516,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a metadata form type.

" + "documentation":"

Creates a metadata form type.

Prerequisites:

  • The domain must exist and be in an ENABLED state.

  • The owning project must exist and be accessible.

  • The name must be unique within the domain.

For custom form types, to indicate that a field should be searchable, annotate it with @amazon.datazone#searchable. By default, searchable fields are indexed for semantic search, where related query terms will match the attribute value even if they are not stemmed or keyword matches. To indicate that a field should be indexed for lexical search (which disables semantic search but supports stemmed and partial matches), annotate it with @amazon.datazone#searchable(modes:[\"LEXICAL\"]). To indicate that a field should be indexed for technical identifier search (for more information on technical identifier search, see: https://aws.amazon.com/blogs/big-data/streamline-data-discovery-with-precise-technical-identifier-search-in-amazon-sagemaker-unified-studio/), annotate it with @amazon.datazone#searchable(modes:[\"TECHNICAL\"]).

To denote that a field will store glossary term ids (which are filterable via the Search/SearchListings APIs), annotate it with @amazon.datazone#glossaryterm(\"${GLOSSARY_ID}\"), where ${GLOSSARY_ID} is the id of the glossary that the glossary terms stored in the field belong to.

" }, "CreateGlossary":{ "name":"CreateGlossary", @@ -472,7 +536,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates an Amazon DataZone business glossary.

", + "documentation":"

Creates an Amazon DataZone business glossary.

Specifies that this is a create glossary policy.

A glossary serves as the central repository for business terminology and definitions within an organization. It helps establish and maintain a common language across different departments and teams, reducing miscommunication and ensuring consistent interpretation of business concepts. Glossaries can include hierarchical relationships between terms, cross-references, and links to actual data assets, making them invaluable for both business users and technical teams trying to understand and use data correctly.

Prerequisites:

  • Domain must exist and be in an active state.

  • Owning project must exist and be accessible by the caller.

  • The glossary name must be unique within the domain.

", "idempotent":true }, "CreateGlossaryTerm":{ @@ -494,7 +558,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Creates a business glossary term.

", + "documentation":"

Creates a business glossary term.

A glossary term represents an individual entry within the Amazon DataZone glossary, serving as a standardized definition for a specific business concept or data element. Each term can include rich metadata such as detailed definitions, synonyms, related terms, and usage examples. Glossary terms can be linked directly to data assets, providing business context to technical data elements. This linking capability helps users understand the business meaning of data fields and ensures consistent interpretation across different systems and teams. Terms can also have relationships with other terms, creating a semantic network that reflects the complexity of business concepts.

Prerequisites:

  • Domain must exist.

  • Glossary must exist.

  • The term name must be unique within the glossary.

  • Ensure term does not conflict with existing terms in hierarchy.

", "idempotent":true }, "CreateGroupProfile":{ @@ -701,6 +765,26 @@ "documentation":"

Creates a user profile in Amazon DataZone.

", "idempotent":true }, + "DeleteAccountPool":{ + "name":"DeleteAccountPool", + "http":{ + "method":"DELETE", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools/{identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteAccountPoolInput"}, + "output":{"shape":"DeleteAccountPoolOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Deletes an account pool.

", + "idempotent":true + }, "DeleteAsset":{ "name":"DeleteAsset", "http":{ @@ -719,7 +803,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes an asset in Amazon DataZone.

", + "documentation":"

Deletes an asset in Amazon DataZone.

  • --domain-identifier must refer to a valid and existing domain.

  • --identifier must refer to an existing asset in the specified domain.

  • Asset must not be referenced in any existing asset filters.

  • Asset must not be linked to any draft or published data product.

  • User must have delete permissions for the domain and project.

", "idempotent":true }, "DeleteAssetFilter":{ @@ -739,7 +823,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes an asset filter.

", + "documentation":"

Deletes an asset filter.

Prerequisites:

  • The asset filter must exist.

  • The domain and asset must not have been deleted.

  • Ensure the --identifier refers to a valid filter ID.

", "idempotent":true }, "DeleteAssetType":{ @@ -760,7 +844,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes an asset type in Amazon DataZone.

" + "documentation":"

Deletes an asset type in Amazon DataZone.

Prerequisites:

  • The asset type must exist in the domain.

  • You must have DeleteAssetType permission.

  • The asset type must not be in use (e.g., assigned to any asset). If used, deletion will fail.

  • You should retrieve the asset type using get-asset-type to confirm its presence before deletion.

" }, "DeleteConnection":{ "name":"DeleteConnection", @@ -800,7 +884,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes a data product in Amazon DataZone.

", + "documentation":"

Deletes a data product in Amazon DataZone.

Prerequisites:

  • The data product must exist and not be deleted or archived.

  • The user must have delete permissions for the data product.

  • Domain and project must be active.

", "idempotent":true }, "DeleteDataSource":{ @@ -906,6 +990,26 @@ "documentation":"

Deletes an action for the environment, for example, deletes a console link for an analytics tool that is available in this environment.

", "idempotent":true }, + "DeleteEnvironmentBlueprint":{ + "name":"DeleteEnvironmentBlueprint", + "http":{ + "method":"DELETE", + "requestUri":"/v2/domains/{domainIdentifier}/environment-blueprints/{identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteEnvironmentBlueprintInput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Deletes a blueprint in Amazon DataZone.

", + "idempotent":true + }, "DeleteEnvironmentBlueprintConfiguration":{ "name":"DeleteEnvironmentBlueprintConfiguration", "http":{ @@ -962,7 +1066,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Delets and metadata form type in Amazon DataZone.

" + "documentation":"

Deletes and metadata form type in Amazon DataZone.

Prerequisites:

  • The form type must exist in the domain.

  • The form type must not be in use by any asset types or assets.

  • The domain must be valid and accessible.

  • User must have delete permissions on the form type.

  • Any dependencies (such as linked asset types) must be removed first.

" }, "DeleteGlossary":{ "name":"DeleteGlossary", @@ -982,7 +1086,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes a business glossary in Amazon DataZone.

", + "documentation":"

Deletes a business glossary in Amazon DataZone.

Prerequisites:

  • The glossary must be in DISABLED state.

  • The glossary must not have any glossary terms associated with it.

  • The glossary must exist in the specified domain.

  • The caller must have the datazone:DeleteGlossary permission in the domain and glossary.

  • Glossary should not be linked to any active metadata forms.

", "idempotent":true }, "DeleteGlossaryTerm":{ @@ -1003,7 +1107,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Deletes a business glossary term in Amazon DataZone.

", + "documentation":"

Deletes a business glossary term in Amazon DataZone.

Prerequisites:

  • Glossary term must exist and be active.

  • The term must not be linked to other assets or child terms.

  • Caller must have delete permissions in the domain/glossary.

  • Ensure all associations (such as to assets or parent terms) are removed before deletion.

", "idempotent":true }, "DeleteListing":{ @@ -1207,6 +1311,45 @@ ], "documentation":"

Disassociates the environment role in Amazon DataZone.

" }, + "DisassociateGovernedTerms":{ + "name":"DisassociateGovernedTerms", + "http":{ + "method":"PATCH", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/disassociate-governed-terms", + "responseCode":200 + }, + "input":{"shape":"DisassociateGovernedTermsInput"}, + "output":{"shape":"DisassociateGovernedTermsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Disassociates restricted terms from an asset.

" + }, + "GetAccountPool":{ + "name":"GetAccountPool", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools/{identifier}", + "responseCode":200 + }, + "input":{"shape":"GetAccountPoolInput"}, + "output":{"shape":"GetAccountPoolOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Gets the details of the account pool.

" + }, "GetAsset":{ "name":"GetAsset", "http":{ @@ -1224,7 +1367,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets an Amazon DataZone asset.

" + "documentation":"

Gets an Amazon DataZone asset.

An asset is the fundamental building block in Amazon DataZone, representing any data resource that needs to be cataloged and managed. It can take many forms, from Amazon S3 buckets and database tables to dashboards and machine learning models. Each asset contains comprehensive metadata about the resource, including its location, schema, ownership, and lineage information. Assets are essential for organizing and managing data resources across an organization, making them discoverable and usable while maintaining proper governance.

Before using the Amazon DataZone GetAsset command, ensure the following prerequisites are met:

  • Domain identifier must exist and be valid

  • Asset identifier must exist

  • User must have the required permissions to perform the action

" }, "GetAssetFilter":{ "name":"GetAssetFilter", @@ -1243,7 +1386,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets an asset filter.

" + "documentation":"

Gets an asset filter.

Prerequisites:

  • Domain (--domain-identifier), asset (--asset-identifier), and filter (--identifier) must all exist.

  • The asset filter should not have been deleted.

  • The asset must still exist (since the filter is linked to it).

" }, "GetAssetType":{ "name":"GetAssetType", @@ -1262,7 +1405,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets an Amazon DataZone asset type.

" + "documentation":"

Gets an Amazon DataZone asset type.

Asset types define the categories and characteristics of different kinds of data assets within Amazon DataZone.. They determine what metadata fields are required, what operations are possible, and how the asset integrates with other Amazon Web Services services. Asset types can range from built-in types like Amazon S3 buckets and Amazon Web Services Glue tables to custom types defined for specific organizational needs. Understanding asset types is crucial for properly organizing and managing different kinds of data resources.

Prerequisites:

  • The asset type with identifier must exist in the domain. ResourceNotFoundException.

  • You must have the GetAssetType permission.

  • Ensure the domain-identifier value is correct and accessible.

" }, "GetConnection":{ "name":"GetConnection", @@ -1300,7 +1443,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets the data product.

" + "documentation":"

Gets the data product.

Prerequisites:

  • The data product ID must exist.

  • The domain must be valid and accessible.

  • User must have read or discovery permissions for the data product.

" }, "GetDataSource":{ "name":"GetDataSource", @@ -1514,7 +1657,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets a metadata form type in Amazon DataZone.

" + "documentation":"

Gets a metadata form type in Amazon DataZone.

Form types define the structure and validation rules for collecting metadata about assets in Amazon DataZone. They act as templates that ensure consistent metadata capture across similar types of assets, while allowing for customization to meet specific organizational needs. Form types can include required fields, validation rules, and dependencies, helping maintain high-quality metadata that makes data assets more discoverable and usable.

  • The form type with the specified identifier must exist in the given domain.

  • The domain must be valid and active.

  • User must have permission on the form type.

  • The form type should not be deleted or in an invalid state.

One use case for this API is to determine whether a form field is indexed for search.

A searchable field will be annotated with @amazon.datazone#searchable. By default, searchable fields are indexed for semantic search, where related query terms will match the attribute value even if they are not stemmed or keyword matches. If a field is indexed technical identifier search, it will be annotated with @amazon.datazone#searchable(modes:[\"TECHNICAL\"]). If a field is indexed for lexical search (supports stemmed and prefix matches but not semantic matches), it will be annotated with @amazon.datazone#searchable(modes:[\"LEXICAL\"]).

A field storing glossary term IDs (which is filterable) will be annotated with @amazon.datazone#glossaryterm(\"${glossaryId}\").

" }, "GetGlossary":{ "name":"GetGlossary", @@ -1533,7 +1676,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets a business glossary in Amazon DataZone.

" + "documentation":"

Gets a business glossary in Amazon DataZone.

Prerequisites:

  • The specified glossary ID must exist and be associated with the given domain.

  • The caller must have the datazone:GetGlossary permission on the domain.

" }, "GetGlossaryTerm":{ "name":"GetGlossaryTerm", @@ -1552,7 +1695,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets a business glossary term in Amazon DataZone.

" + "documentation":"

Gets a business glossary term in Amazon DataZone.

Prerequisites:

  • Glossary term with identifier must exist in the domain.

  • User must have permission on the glossary term.

  • Domain must be accessible and active.

" }, "GetGroupProfile":{ "name":"GetGroupProfile", @@ -1686,7 +1829,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Gets a metadata generation run in Amazon DataZone.

" + "documentation":"

Gets a metadata generation run in Amazon DataZone.

Prerequisites:

  • Valid domain and run identifier.

  • The metadata generation run must exist.

  • User must have read access to the metadata run.

" }, "GetProject":{ "name":"GetProject", @@ -1859,6 +2002,43 @@ ], "documentation":"

Gets a user profile in Amazon DataZone.

" }, + "ListAccountPools":{ + "name":"ListAccountPools", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools", + "responseCode":200 + }, + "input":{"shape":"ListAccountPoolsInput"}, + "output":{"shape":"ListAccountPoolsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Lists existing account pools.

" + }, + "ListAccountsInAccountPool":{ + "name":"ListAccountsInAccountPool", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools/{identifier}/accounts", + "responseCode":200 + }, + "input":{"shape":"ListAccountsInAccountPoolInput"}, + "output":{"shape":"ListAccountsInAccountPoolOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Lists the accounts in the specified account pool.

" + }, "ListAssetFilters":{ "name":"ListAssetFilters", "http":{ @@ -1876,7 +2056,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Lists asset filters.

" + "documentation":"

Lists asset filters.

Prerequisites:

  • A valid domain and asset must exist.

  • The asset must have at least one filter created to return results.

" }, "ListAssetRevisions":{ "name":"ListAssetRevisions", @@ -1895,7 +2075,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Lists the revisions for the asset.

" + "documentation":"

Lists the revisions for the asset.

Prerequisites:

  • The asset must exist in the domain.

  • There must be at least one revision of the asset (which happens automatically after creation).

  • The domain must be valid and active.

  • User must have permissions on the asset and domain.

" }, "ListConnections":{ "name":"ListConnections", @@ -1932,7 +2112,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Lists data product revisions.

" + "documentation":"

Lists data product revisions.

Prerequisites:

  • The data product ID must exist within the domain.

  • User must have view permissions on the data product.

  • The domain must be in a valid and accessible state.

" }, "ListDataSourceRunActivities":{ "name":"ListDataSourceRunActivities", @@ -2219,7 +2399,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Lists all metadata generation runs.

" + "documentation":"

Lists all metadata generation runs.

Metadata generation runs represent automated processes that leverage AI/ML capabilities to create or enhance asset metadata at scale. This feature helps organizations maintain comprehensive and consistent metadata across large numbers of assets without manual intervention. It can automatically generate business descriptions, tags, and other metadata elements, significantly reducing the time and effort required for metadata management while improving consistency and completeness.

Prerequisites:

  • Valid domain identifier.

  • User must have access to metadata generation runs in the domain.

" }, "ListNotifications":{ "name":"ListNotifications", @@ -2629,7 +2809,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Searches for assets in Amazon DataZone.

" + "documentation":"

Searches for assets in Amazon DataZone.

Search in Amazon DataZone is a powerful capability that enables users to discover and explore data assets, glossary terms, and data products across their organization. It provides both basic and advanced search functionality, allowing users to find resources based on names, descriptions, metadata, and other attributes. Search can be scoped to specific types of resources (like assets, glossary terms, or data products) and can be filtered using various criteria such as creation date, owner, or status. The search functionality is essential for making the wealth of data resources in an organization discoverable and usable, helping users find the right data for their needs quickly and efficiently.

Many search commands in Amazon DataZone are paginated, including search and search-types. When the result set is large, Amazon DataZone returns a nextToken in the response. This token can be used to retrieve the next page of results.

Prerequisites:

  • The --domain-identifier must refer to an existing Amazon DataZone domain.

  • --search-scope must be one of: ASSET, GLOSSARY_TERM, DATA_PRODUCT, or GLOSSARY.

  • The user must have search permissions in the specified domain.

  • If using --filters, ensure that the JSON is well-formed and that each filter includes valid attribute and value keys.

  • For paginated results, be prepared to use --next-token to fetch additional pages.

" }, "SearchGroupProfiles":{ "name":"SearchGroupProfiles", @@ -2666,7 +2846,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Searches listings (records of an asset at a given time) in Amazon DataZone.

" + "documentation":"

Searches listings in Amazon DataZone.

SearchListings is a powerful capability that enables users to discover and explore published assets and data products across their organization. It provides both basic and advanced search functionality, allowing users to find resources based on names, descriptions, metadata, and other attributes. SearchListings also supports filtering using various criteria such as creation date, owner, or status. This API is essential for making the wealth of data resources in an organization discoverable and usable, helping users find the right data for their needs quickly and efficiently.

SearchListings returns results in a paginated format. When the result set is large, the response will include a nextToken, which can be used to retrieve the next page of results.

The SearchListings API gives users flexibility in specifying what kind of search is run.

To run a free-text search, the searchText parameter must be supplied. By default, all searchable fields are indexed for semantic search and will return semantic matches for SearchListings queries. To prevent semantic search indexing for a custom form attribute, see the CreateFormType API documentation. To run a lexical search query, enclose the query with double quotes (\"\"). This will disable semantic search even for fields that have semantic search enabled and will only return results that contain the keywords wrapped by double quotes (order of tokens in the query is not enforced). Free-text search is supported for all attributes annotated with @amazon.datazone#searchable.

To run a filtered search, provide filter clause using the filters parameter. To filter on glossary terms, use the special attribute __DataZoneGlossaryTerms.

To find out whether an attribute has been annotated and indexed for a given search type, use the GetFormType API to retrieve the form containing the attribute.

" }, "SearchTypes":{ "name":"SearchTypes", @@ -2684,7 +2864,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Searches for types in Amazon DataZone.

" + "documentation":"

Searches for types in Amazon DataZone.

Prerequisites:

  • The --domain-identifier must refer to an existing Amazon DataZone domain.

  • --search-scope must be one of the valid values including: ASSET_TYPE, GLOSSARY_TERM_TYPE, DATA_PRODUCT_TYPE.

  • The --managed flag must be present without a value.

  • The user must have permissions for form or asset types in the domain.

  • If using --filters, ensure that the JSON is valid.

  • Filters contain correct structure (attribute, value, operator).

" }, "SearchUserProfiles":{ "name":"SearchUserProfiles", @@ -2746,7 +2926,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Starts the metadata generation run.

", + "documentation":"

Starts the metadata generation run.

Prerequisites:

  • Asset must be created and belong to the specified domain and project.

  • Asset type must be supported for metadata generation (e.g., Amazon Web Services Glue table).

  • Asset must have a structured schema with valid rows and columns.

  • Valid values for --type: BUSINESS_DESCRIPTIONS, BUSINESS_NAMES.

  • The user must have permission to run metadata generation in the domain/project.

", "idempotent":true }, "TagResource":{ @@ -2787,6 +2967,28 @@ "documentation":"

Untags a resource in Amazon DataZone.

", "idempotent":true }, + "UpdateAccountPool":{ + "name":"UpdateAccountPool", + "http":{ + "method":"PATCH", + "requestUri":"/v2/domains/{domainIdentifier}/account-pools/{identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateAccountPoolInput"}, + "output":{"shape":"UpdateAccountPoolOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Updates the account pool.

", + "idempotent":true + }, "UpdateAssetFilter":{ "name":"UpdateAssetFilter", "http":{ @@ -2805,7 +3007,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Updates an asset filter.

", + "documentation":"

Updates an asset filter.

Prerequisites:

  • The domain, asset, and asset filter identifier must all exist.

  • The asset must contain the columns being referenced in the update.

  • If applying a row filter, ensure the column referenced in the expression exists in the asset schema.

", "idempotent":true }, "UpdateConnection":{ @@ -2935,6 +3137,28 @@ ], "documentation":"

Updates an environment action.

" }, + "UpdateEnvironmentBlueprint":{ + "name":"UpdateEnvironmentBlueprint", + "http":{ + "method":"PATCH", + "requestUri":"/v2/domains/{domainIdentifier}/environment-blueprints/{identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateEnvironmentBlueprintInput"}, + "output":{"shape":"UpdateEnvironmentBlueprintOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Updates an environment blueprint in Amazon DataZone.

", + "idempotent":true + }, "UpdateEnvironmentProfile":{ "name":"UpdateEnvironmentProfile", "http":{ @@ -2974,7 +3198,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Updates the business glossary in Amazon DataZone.

", + "documentation":"

Updates the business glossary in Amazon DataZone.

Prerequisites:

  • The glossary must exist in the given domain.

  • The caller must have the datazone:UpdateGlossary permission to update it.

  • When updating the name, the new name must be unique within the domain.

  • The glossary must not be deleted or in a terminal state.

", "idempotent":true }, "UpdateGlossaryTerm":{ @@ -2995,7 +3219,7 @@ {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

Updates a business glossary term in Amazon DataZone.

", + "documentation":"

Updates a business glossary term in Amazon DataZone.

Prerequisites:

  • Glossary term must exist in the specified domain.

  • New name must not conflict with existing terms in the same glossary.

  • User must have permissions on the term.

  • The term must not be in DELETED status.

", "idempotent":true }, "UpdateGroupProfile":{ @@ -3421,6 +3645,104 @@ }, "exception":true }, + "AccountInfo":{ + "type":"structure", + "required":[ + "awsAccountId", + "supportedRegions" + ], + "members":{ + "awsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The account ID.

" + }, + "awsAccountName":{ + "shape":"AwsAccountName", + "documentation":"

The account name.

" + }, + "supportedRegions":{ + "shape":"AwsRegionList", + "documentation":"

The regions supported for an account within an account pool.

" + } + }, + "documentation":"

The account information within an account pool.

" + }, + "AccountInfoList":{ + "type":"list", + "member":{"shape":"AccountInfo"}, + "max":25, + "min":1 + }, + "AccountPoolId":{ + "type":"string", + "pattern":"^[a-zA-Z0-9_-]{1,36}$" + }, + "AccountPoolList":{ + "type":"list", + "member":{"shape":"AccountPoolId"}, + "max":10, + "min":1 + }, + "AccountPoolName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[\\w -]+$", + "sensitive":true + }, + "AccountPoolSummaries":{ + "type":"list", + "member":{"shape":"AccountPoolSummary"} + }, + "AccountPoolSummary":{ + "type":"structure", + "members":{ + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the account pool.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain.

" + }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, + "id":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool.

" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who updated the account pool.

" + } + }, + "documentation":"

The summary of the account pool.

" + }, + "AccountSource":{ + "type":"structure", + "members":{ + "accounts":{ + "shape":"AccountInfoList", + "documentation":"

The static list of accounts within an account pool.

" + }, + "customAccountPoolHandler":{ + "shape":"CustomAccountPoolHandler", + "documentation":"

The custom Amazon Web Services Lambda handler within an account pool.

" + } + }, + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

", + "union":true + }, "ActionLink":{ "type":"string", "sensitive":true @@ -3476,8 +3798,7 @@ }, "AddEntityOwnerOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AddPolicyGrantInput":{ "type":"structure", @@ -3530,6 +3851,10 @@ "AddPolicyGrantOutput":{ "type":"structure", "members":{ + "grantId":{ + "shape":"GrantIdentifier", + "documentation":"

The ID of the policy grant that was added to a specified entity.

" + } } }, "AddToProjectMemberPoolPolicyGrantDetail":{ @@ -3542,17 +3867,177 @@ }, "documentation":"

The details of the policy grant.

" }, - "AllDomainUnitsGrantFilter":{ + "AggregationAttributeDisplayValue":{"type":"string"}, + "AggregationAttributeValue":{"type":"string"}, + "AggregationDisplayValue":{ + "type":"string", + "max":100, + "min":1 + }, + "AggregationList":{ + "type":"list", + "member":{"shape":"AggregationListItem"}, + "max":10, + "min":1 + }, + "AggregationListItem":{ + "type":"structure", + "required":["attribute"], + "members":{ + "attribute":{ + "shape":"Attribute", + "documentation":"

An attribute on which to compute aggregations.

" + }, + "displayValue":{ + "shape":"AggregationDisplayValue", + "documentation":"

The display value of the aggregation list item. Supported values include value and glossaryTerm.name.

" + } + }, + "documentation":"

An aggregation list item.

" + }, + "AggregationOutput":{ "type":"structure", "members":{ + "attribute":{ + "shape":"Attribute", + "documentation":"

The attribute for this aggregation.

" + }, + "displayValue":{ + "shape":"AggregationDisplayValue", + "documentation":"

The display value of the aggregation output item.

" + }, + "items":{ + "shape":"AggregationOutputItems", + "documentation":"

A list of aggregation output items.

" + } }, + "documentation":"

The aggregation for an attribute.

" + }, + "AggregationOutputItem":{ + "type":"structure", + "members":{ + "count":{ + "shape":"Integer", + "documentation":"

The count of the aggregation output item.

" + }, + "displayValue":{ + "shape":"AggregationAttributeDisplayValue", + "documentation":"

The display value of the aggregation. If the attribute being aggregated corresponds to the id of a public resource, the service automatically resolves the id to the provided display value.

" + }, + "value":{ + "shape":"AggregationAttributeValue", + "documentation":"

The attribute value of the aggregation output item.

" + } + }, + "documentation":"

An aggregation output item.

" + }, + "AggregationOutputItems":{ + "type":"list", + "member":{"shape":"AggregationOutputItem"} + }, + "AggregationOutputList":{ + "type":"list", + "member":{"shape":"AggregationOutput"} + }, + "AllDomainUnitsGrantFilter":{ + "type":"structure", + "members":{}, "documentation":"

The grant filter for all domain units.

" }, "AllUsersGrantFilter":{ "type":"structure", + "members":{}, + "documentation":"

The all users grant filter.

" + }, + "AmazonQPropertiesInput":{ + "type":"structure", + "required":["isEnabled"], "members":{ + "authMode":{ + "shape":"AmazonQPropertiesInputAuthModeString", + "documentation":"

The authentication mode of the connection's Amazon Q properties.

" + }, + "isEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether Amazon Q is enabled for the connection.

" + }, + "profileArn":{ + "shape":"AmazonQPropertiesInputProfileArnString", + "documentation":"

The profile ARN of the connection's Amazon Q properties.

" + } }, - "documentation":"

The all users grant filter.

" + "documentation":"

The Amazon Q properties of the connection.

" + }, + "AmazonQPropertiesInputAuthModeString":{ + "type":"string", + "max":128, + "min":0 + }, + "AmazonQPropertiesInputProfileArnString":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^arn:aws[a-z\\-]*:[a-z0-9\\-]+:[a-z0-9\\-]*:[0-9]*:.*" + }, + "AmazonQPropertiesOutput":{ + "type":"structure", + "required":["isEnabled"], + "members":{ + "authMode":{ + "shape":"AmazonQPropertiesOutputAuthModeString", + "documentation":"

The authentication mode of the connection's Amazon Q properties.

" + }, + "isEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether Amazon Q is enabled for the connection.

" + }, + "profileArn":{ + "shape":"AmazonQPropertiesOutputProfileArnString", + "documentation":"

The profile ARN of the connection's Amazon Q properties.

" + } + }, + "documentation":"

The Amazon Q properties of the connection.

" + }, + "AmazonQPropertiesOutputAuthModeString":{ + "type":"string", + "max":128, + "min":0 + }, + "AmazonQPropertiesOutputProfileArnString":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^arn:aws[a-z\\-]*:[a-z0-9\\-]+:[a-z0-9\\-]*:[0-9]*:.*" + }, + "AmazonQPropertiesPatch":{ + "type":"structure", + "required":["isEnabled"], + "members":{ + "authMode":{ + "shape":"AmazonQPropertiesPatchAuthModeString", + "documentation":"

The authentication mode of the connection's Amazon Q properties.

" + }, + "isEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether Amazon Q is enabled for the connection.

" + }, + "profileArn":{ + "shape":"AmazonQPropertiesPatchProfileArnString", + "documentation":"

The profile ARN of the connection's Amazon Q properties.

" + } + }, + "documentation":"

The Amazon Q properties of the connection.

" + }, + "AmazonQPropertiesPatchAuthModeString":{ + "type":"string", + "max":128, + "min":0 + }, + "AmazonQPropertiesPatchProfileArnString":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^arn:aws[a-z\\-]*:[a-z0-9\\-]+:[a-z0-9\\-]*:[0-9]*:.*" }, "ApplicableAssetTypes":{ "type":"list", @@ -3706,6 +4191,10 @@ "shape":"GlossaryTerms", "documentation":"

The glossary terms attached to the Amazon DataZone inventory asset.

" }, + "governedGlossaryTerms":{ + "shape":"AssetItemGovernedGlossaryTermsList", + "documentation":"

The restricted glossary terms accociated with an asset.

" + }, "identifier":{ "shape":"AssetIdentifier", "documentation":"

the identifier of the Amazon DataZone inventory asset.

" @@ -3740,6 +4229,10 @@ "shape":"TimeSeriesDataPointSummaryFormOutputList", "documentation":"

The latest time series data points forms included in the additional attributes of an asset.

" }, + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" + }, "readOnlyFormsOutput":{ "shape":"FormOutputList", "documentation":"

The read-only forms included in the additional attributes of an inventory asset.

" @@ -3747,6 +4240,12 @@ }, "documentation":"

The additional attributes of an inventory asset.

" }, + "AssetItemGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":20, + "min":0 + }, "AssetListing":{ "type":"structure", "members":{ @@ -3774,6 +4273,10 @@ "shape":"DetailedGlossaryTerms", "documentation":"

The glossary terms attached to an asset published in an Amazon DataZone catalog.

" }, + "governedGlossaryTerms":{ + "shape":"AssetListingGovernedGlossaryTermsList", + "documentation":"

The restricted glossary terms associated with an asset.

" + }, "latestTimeSeriesDataPointForms":{ "shape":"TimeSeriesDataPointSummaryFormOutputList", "documentation":"

The latest time series data points forms included in the additional attributes of an asset.

" @@ -3803,6 +4306,12 @@ }, "documentation":"

The details of an asset published in an Amazon DataZone catalog.

" }, + "AssetListingGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"DetailedGlossaryTerm"}, + "max":20, + "min":0 + }, "AssetListingItem":{ "type":"structure", "members":{ @@ -3834,6 +4343,10 @@ "shape":"DetailedGlossaryTerms", "documentation":"

Glossary terms attached to the inventory asset.

" }, + "governedGlossaryTerms":{ + "shape":"AssetListingItemGovernedGlossaryTermsList", + "documentation":"

The restricted glossary terms associated with an asset.

" + }, "listingCreatedBy":{ "shape":"CreatedBy", "documentation":"

The Amazon DataZone user who created the listing.

" @@ -3871,10 +4384,20 @@ "latestTimeSeriesDataPointForms":{ "shape":"TimeSeriesDataPointSummaryFormOutputList", "documentation":"

The latest time series data points forms included in the additional attributes of an asset.

" + }, + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" } }, "documentation":"

Additional attributes of an inventory asset.

" }, + "AssetListingItemGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"DetailedGlossaryTerm"}, + "max":20, + "min":0 + }, "AssetName":{ "type":"string", "max":256, @@ -4076,9 +4599,51 @@ }, "AssociateEnvironmentRoleOutput":{ "type":"structure", + "members":{} + }, + "AssociateGovernedTermsInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "governedGlossaryTerms" + ], "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where governed terms are to be associated with an asset.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"EntityIdentifier", + "documentation":"

The ID of the asset with which you want to associate a governed term.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"GovernedEntityType", + "documentation":"

The type of the asset with which you want to associate a governed term.

", + "location":"uri", + "locationName":"entityType" + }, + "governedGlossaryTerms":{ + "shape":"AssociateGovernedTermsInputGovernedGlossaryTermsList", + "documentation":"

The glossary terms in a restricted glossary.

" + } } }, + "AssociateGovernedTermsInputGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":5, + "min":1 + }, + "AssociateGovernedTermsOutput":{ + "type":"structure", + "members":{} + }, "AthenaPropertiesInput":{ "type":"structure", "members":{ @@ -4253,7 +4818,7 @@ "AuthorizedPrincipalIdentifiers":{ "type":"list", "member":{"shape":"AuthorizedPrincipalIdentifier"}, - "max":10, + "max":20, "min":1 }, "AwsAccount":{ @@ -4275,6 +4840,12 @@ "type":"string", "pattern":"^\\d{12}$" }, + "AwsAccountName":{ + "type":"string", + "max":256, + "min":1, + "sensitive":true + }, "AwsConsoleLinkParameters":{ "type":"structure", "members":{ @@ -4315,6 +4886,12 @@ "type":"string", "pattern":"^[a-z]{2}-[a-z]{4,10}-\\d$" }, + "AwsRegionList":{ + "type":"list", + "member":{"shape":"AwsRegion"}, + "max":3, + "min":1 + }, "BasicAuthenticationCredentials":{ "type":"structure", "members":{ @@ -4379,8 +4956,7 @@ }, "CancelMetadataGenerationRunOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelSubscriptionInput":{ "type":"structure", @@ -4615,6 +5191,10 @@ "ConnectionPropertiesInput":{ "type":"structure", "members":{ + "amazonQProperties":{ + "shape":"AmazonQPropertiesInput", + "documentation":"

The Amazon Q properties of the connection.

" + }, "athenaProperties":{ "shape":"AthenaPropertiesInput", "documentation":"

The Amazon Athena properties of a connection.

" @@ -4631,10 +5211,18 @@ "shape":"IamPropertiesInput", "documentation":"

The IAM properties of a connection.

" }, + "mlflowProperties":{ + "shape":"MlflowPropertiesInput", + "documentation":"

The MLflow properties of a connection.

" + }, "redshiftProperties":{ "shape":"RedshiftPropertiesInput", "documentation":"

The Amazon Redshift properties of a connection.

" }, + "s3Properties":{ + "shape":"S3PropertiesInput", + "documentation":"

The Amazon S3 properties of a connection.

" + }, "sparkEmrProperties":{ "shape":"SparkEmrPropertiesInput", "documentation":"

The Spark EMR properties of a connection.

" @@ -4650,6 +5238,10 @@ "ConnectionPropertiesOutput":{ "type":"structure", "members":{ + "amazonQProperties":{ + "shape":"AmazonQPropertiesOutput", + "documentation":"

The Amazon Q properties of the connection.

" + }, "athenaProperties":{ "shape":"AthenaPropertiesOutput", "documentation":"

The Amazon Athena properties of a connection.

" @@ -4666,10 +5258,18 @@ "shape":"IamPropertiesOutput", "documentation":"

The IAM properties of a connection.

" }, + "mlflowProperties":{ + "shape":"MlflowPropertiesOutput", + "documentation":"

The MLflow properties of a connection.

" + }, "redshiftProperties":{ "shape":"RedshiftPropertiesOutput", "documentation":"

The Amazon Redshift properties of a connection.

" }, + "s3Properties":{ + "shape":"S3PropertiesOutput", + "documentation":"

The Amazon S3 properties of a connection.

" + }, "sparkEmrProperties":{ "shape":"SparkEmrPropertiesOutput", "documentation":"

The Spark EMR properties of a connection.

" @@ -4685,6 +5285,10 @@ "ConnectionPropertiesPatch":{ "type":"structure", "members":{ + "amazonQProperties":{ + "shape":"AmazonQPropertiesPatch", + "documentation":"

The Amazon Q properties of the connection.

" + }, "athenaProperties":{ "shape":"AthenaPropertiesPatch", "documentation":"

The Amazon Athena properties of a connection properties patch.

" @@ -4697,10 +5301,18 @@ "shape":"IamPropertiesPatch", "documentation":"

The IAM properties of a connection properties patch.

" }, + "mlflowProperties":{ + "shape":"MlflowPropertiesPatch", + "documentation":"

The MLflow properties of a connection.

" + }, "redshiftProperties":{ "shape":"RedshiftPropertiesPatch", "documentation":"

The Amazon Redshift properties of a connection properties patch.

" }, + "s3Properties":{ + "shape":"S3PropertiesPatch", + "documentation":"

The Amazon S3 properties of a connection properties patch.

" + }, "sparkEmrProperties":{ "shape":"SparkEmrPropertiesPatch", "documentation":"

The Spark EMR properties of a connection properties patch.

" @@ -4714,6 +5326,13 @@ "max":2048, "min":1 }, + "ConnectionScope":{ + "type":"string", + "enum":[ + "DOMAIN", + "PROJECT" + ] + }, "ConnectionStatus":{ "type":"string", "enum":[ @@ -4774,6 +5393,10 @@ "shape":"ConnectionPropertiesOutput", "documentation":"

The connection props.

" }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

" + }, "type":{ "shape":"ConnectionType", "documentation":"

The connection type.

" @@ -4796,15 +5419,104 @@ "ORACLE", "POSTGRESQL", "REDSHIFT", + "S3", "SAPHANA", "SNOWFLAKE", "SPARK", "SQLSERVER", "TERADATA", "VERTICA", - "WORKFLOWS_MWAA" + "WORKFLOWS_MWAA", + "AMAZON_Q", + "MLFLOW" ] }, + "CreateAccountPoolInput":{ + "type":"structure", + "required":[ + "accountSource", + "domainIdentifier", + "name", + "resolutionStrategy" + ], + "members":{ + "accountSource":{ + "shape":"AccountSource", + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the account pool.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where the account pool is created.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + } + } + }, + "CreateAccountPoolOutput":{ + "type":"structure", + "required":[ + "accountSource", + "createdBy" + ], + "members":{ + "accountSource":{ + "shape":"AccountSource", + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

" + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the account pool.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the account pool.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where the account pool is created.

" + }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain where the account pool is created.

" + }, + "id":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool.

" + }, + "lastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was last updated.

" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who last updated the account pool.

" + } + } + }, "CreateAssetFilterInput":{ "type":"structure", "required":[ @@ -4927,7 +5639,7 @@ }, "externalIdentifier":{ "shape":"ExternalIdentifier", - "documentation":"

The external identifier of the asset.

" + "documentation":"

The external identifier of the asset.

If the value for the externalIdentifier parameter is specified, it must be a unique value.

" }, "formsInput":{ "shape":"FormInputList", @@ -5008,6 +5720,10 @@ "shape":"GlossaryTerms", "documentation":"

The glossary terms that are attached to the created asset.

" }, + "governedGlossaryTerms":{ + "shape":"CreateAssetOutputGovernedGlossaryTermsList", + "documentation":"

The glossary terms in a restricted glossary.

" + }, "id":{ "shape":"AssetId", "documentation":"

The unique identifier of the created asset.

" @@ -5050,6 +5766,12 @@ } } }, + "CreateAssetOutputGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":20, + "min":0 + }, "CreateAssetRevisionInput":{ "type":"structure", "required":[ @@ -5150,6 +5872,10 @@ "shape":"GlossaryTerms", "documentation":"

The glossary terms that were attached to the asset as part of asset revision.

" }, + "governedGlossaryTerms":{ + "shape":"CreateAssetRevisionOutputGovernedGlossaryTermsList", + "documentation":"

The glossary terms in a restricted glossary.

" + }, "id":{ "shape":"AssetId", "documentation":"

The unique identifier of the asset revision.

" @@ -5192,6 +5918,12 @@ } } }, + "CreateAssetRevisionOutputGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":20, + "min":0 + }, "CreateAssetTypeInput":{ "type":"structure", "required":[ @@ -5298,7 +6030,6 @@ "type":"structure", "required":[ "domainIdentifier", - "environmentIdentifier", "name" ], "members":{ @@ -5321,6 +6052,10 @@ "location":"uri", "locationName":"domainIdentifier" }, + "enableTrustedIdentityPropagation":{ + "shape":"Boolean", + "documentation":"

Specifies whether the trusted identity propagation is enabled.

" + }, "environmentIdentifier":{ "shape":"EnvironmentId", "documentation":"

The ID of the environment where the connection is created.

" @@ -5332,6 +6067,10 @@ "props":{ "shape":"ConnectionPropertiesInput", "documentation":"

The connection props.

" + }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

" } } }, @@ -5388,6 +6127,10 @@ "shape":"ConnectionPropertiesOutput", "documentation":"

The connection props.

" }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

" + }, "type":{ "shape":"ConnectionType", "documentation":"

The connection type.

" @@ -5690,7 +6433,7 @@ }, "type":{ "shape":"DataSourceType", - "documentation":"

The type of the data source.

" + "documentation":"

The type of the data source. In Amazon DataZone, you can use data sources to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone. In the current release of Amazon DataZone, you can create and run data sources for Amazon Web Services Glue and Amazon Redshift.

" } } }, @@ -6067,11 +6810,93 @@ } } }, + "CreateEnvironmentBlueprintInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "name", + "provisioningProperties" + ], + "members":{ + "description":{ + "shape":"Description", + "documentation":"

The description of the Amazon DataZone blueprint.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The identifier of the domain in which this blueprint is created.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "name":{ + "shape":"EnvironmentBlueprintName", + "documentation":"

The name of this Amazon DataZone blueprint.

" + }, + "provisioningProperties":{ + "shape":"ProvisioningProperties", + "documentation":"

The provisioning properties of this Amazon DataZone blueprint.

" + }, + "userParameters":{ + "shape":"CustomParameterList", + "documentation":"

The user parameters of this Amazon DataZone blueprint.

" + } + } + }, + "CreateEnvironmentBlueprintOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "provider", + "provisioningProperties" + ], + "members":{ + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the environment blueprint was created.

" + }, + "deploymentProperties":{ + "shape":"DeploymentProperties", + "documentation":"

The deployment properties of this Amazon DataZone blueprint.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of this Amazon DataZone blueprint.

" + }, + "glossaryTerms":{ + "shape":"GlossaryTerms", + "documentation":"

The glossary terms attached to this Amazon DataZone blueprint.

" + }, + "id":{ + "shape":"EnvironmentBlueprintId", + "documentation":"

The ID of this Amazon DataZone blueprint.

" + }, + "name":{ + "shape":"EnvironmentBlueprintName", + "documentation":"

The name of this Amazon DataZone blueprint.

" + }, + "provider":{ + "shape":"String", + "documentation":"

The provider of this Amazon DataZone blueprint.

" + }, + "provisioningProperties":{ + "shape":"ProvisioningProperties", + "documentation":"

The provisioning properties of this Amazon DataZone blueprint.

" + }, + "updatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp of when this blueprint was updated.

" + }, + "userParameters":{ + "shape":"CustomParameterList", + "documentation":"

The user parameters of this Amazon DataZone blueprint.

" + } + } + }, "CreateEnvironmentInput":{ "type":"structure", "required":[ "domainIdentifier", - "environmentProfileIdentifier", "name", "projectIdentifier" ], @@ -6174,6 +6999,10 @@ "shape":"EnvironmentBlueprintId", "documentation":"

The ID of the blueprint with which this Amazon DataZone environment was created.

" }, + "environmentConfigurationId":{ + "shape":"EnvironmentConfigurationId", + "documentation":"

The configuration ID of the environment.

" + }, "environmentProfileId":{ "shape":"EnvironmentProfileId", "documentation":"

The ID of the environment profile with which this Amazon DataZone environment was created.

" @@ -6458,6 +7287,10 @@ "status":{ "shape":"GlossaryStatus", "documentation":"

The status of this business glossary.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of the restricted glossary.

" } } }, @@ -6493,6 +7326,10 @@ "status":{ "shape":"GlossaryStatus", "documentation":"

The status of this business glossary.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of the restricted glossary.

" } } }, @@ -6592,6 +7429,10 @@ "termRelations":{ "shape":"TermRelations", "documentation":"

The term relations of this business glossary term.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of the restricted glossary.

" } } }, @@ -6747,12 +7588,23 @@ "shape":"ProjectProfileId", "documentation":"

The ID of the project profile.

" }, + "resourceTags":{ + "shape":"CreateProjectInputResourceTagsMap", + "documentation":"

The resource tags of the project.

" + }, "userParameters":{ "shape":"EnvironmentConfigurationUserParametersList", "documentation":"

The user parameters of the project.

" } } }, + "CreateProjectInputResourceTagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":25, + "min":0 + }, "CreateProjectMembershipInput":{ "type":"structure", "required":[ @@ -6786,8 +7638,7 @@ }, "CreateProjectMembershipOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateProjectOutput":{ "type":"structure", @@ -6850,6 +7701,10 @@ "shape":"ProjectStatus", "documentation":"

The status of the Amazon DataZone project that was created.

" }, + "resourceTags":{ + "shape":"ResourceTags", + "documentation":"

The resource tags of the project.

" + }, "userParameters":{ "shape":"EnvironmentConfigurationUserParametersList", "documentation":"

The user parameters of the project.

" @@ -6873,6 +7728,10 @@ "name" ], "members":{ + "allowCustomProjectResourceTags":{ + "shape":"Boolean", + "documentation":"

Specifies whether custom project resource tags are supported.

" + }, "description":{ "shape":"Description", "documentation":"

A description of a project profile.

" @@ -6895,6 +7754,14 @@ "shape":"ProjectProfileName", "documentation":"

Project profile name.

" }, + "projectResourceTags":{ + "shape":"ProjectResourceTagParameters", + "documentation":"

The resource tags of the project profile.

" + }, + "projectResourceTagsDescription":{ + "shape":"Description", + "documentation":"

Field viewable through the UI that provides a project user with the allowed resource tag specifications.

" + }, "status":{ "shape":"Status", "documentation":"

Project profile status.

" @@ -6910,6 +7777,10 @@ "name" ], "members":{ + "allowCustomProjectResourceTags":{ + "shape":"Boolean", + "documentation":"

Specifies whether custom project resource tags are supported.

" + }, "createdAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

A timestamp at which a project profile is created.

" @@ -6946,6 +7817,14 @@ "shape":"ProjectProfileName", "documentation":"

Project profile name.

" }, + "projectResourceTags":{ + "shape":"ProjectResourceTagParameters", + "documentation":"

The resource tags of the project profile.

" + }, + "projectResourceTagsDescription":{ + "shape":"Description", + "documentation":"

Field viewable through the UI that provides a project user with the allowed resource tag specifications.

" + }, "status":{ "shape":"Status", "documentation":"

Project profile status.

" @@ -7493,6 +8372,21 @@ "min":1, "pattern":"cron\\((\\b[0-5]?[0-9]\\b) (\\b2[0-3]\\b|\\b[0-1]?[0-9]\\b) ([-?*,/\\dLW]){1,83} ([-*,/\\d]|[a-zA-Z]{3}){1,23} ([-?#*,/\\dL]|[a-zA-Z]{3}){1,13} ([^\\)]+)\\)" }, + "CustomAccountPoolHandler":{ + "type":"structure", + "required":["lambdaFunctionArn"], + "members":{ + "lambdaExecutionRoleArn":{ + "shape":"LambdaExecutionRoleArn", + "documentation":"

The ARN of the IAM role that enables Amazon SageMaker Unified Studio to invoke the Amazon Web Services Lambda funtion if the account source is the custom account pool handler.

" + }, + "lambdaFunctionArn":{ + "shape":"LambdaFunctionArn", + "documentation":"

The ARN of the Amazon Web Services Lambda function for the custom Amazon Web Services Lambda handler.

" + } + }, + "documentation":"

The custom Amazon Web Services Lambda handler within an account pool.

" + }, "CustomParameter":{ "type":"structure", "required":[ @@ -7520,6 +8414,10 @@ "shape":"Boolean", "documentation":"

Specifies whether the custom parameter is optional.

" }, + "isUpdateSupported":{ + "shape":"Boolean", + "documentation":"

Specifies whether a parameter value can be updated after creation.

" + }, "keyName":{ "shape":"CustomParameterKeyNameString", "documentation":"

The key name of the parameter.

" @@ -7588,6 +8486,16 @@ }, "documentation":"

The data product.

" }, + "DataProductItemAdditionalAttributes":{ + "type":"structure", + "members":{ + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" + } + }, + "documentation":"

The additional attributes of an Amazon DataZone data product.

" + }, "DataProductItemType":{ "type":"string", "enum":["ASSET"] @@ -7695,6 +8603,10 @@ "forms":{ "shape":"Forms", "documentation":"

The metadata forms of the asset of the data product.

" + }, + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" } }, "documentation":"

The additional attributes of the asset of the data product.

" @@ -7714,6 +8626,10 @@ "owningProjectId" ], "members":{ + "additionalAttributes":{ + "shape":"DataProductItemAdditionalAttributes", + "documentation":"

The additional attributes of an Amazon DataZone data product.

" + }, "createdAt":{ "shape":"CreatedAt", "documentation":"

The timestamp at which the data product was created.

" @@ -8123,6 +9039,31 @@ "min":1, "sensitive":true }, + "DeleteAccountPoolInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where the account pool is deleted.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool to be deleted.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "DeleteAccountPoolOutput":{ + "type":"structure", + "members":{} + }, "DeleteAssetFilterInput":{ "type":"structure", "required":[ @@ -8174,8 +9115,7 @@ }, "DeleteAssetOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssetTypeInput":{ "type":"structure", @@ -8200,8 +9140,7 @@ }, "DeleteAssetTypeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConnectionInput":{ "type":"structure", @@ -8256,8 +9195,7 @@ }, "DeleteDataProductOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataSourceInput":{ "type":"structure", @@ -8452,8 +9390,7 @@ }, "DeleteDomainUnitOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEnvironmentActionInput":{ "type":"structure", @@ -8506,7 +9443,27 @@ }, "DeleteEnvironmentBlueprintConfigurationOutput":{ "type":"structure", + "members":{} + }, + "DeleteEnvironmentBlueprintInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the Amazon DataZone domain in which the blueprint is deleted.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"EnvironmentBlueprintId", + "documentation":"

The ID of the blueprint that is deleted.

", + "location":"uri", + "locationName":"identifier" + } } }, "DeleteEnvironmentInput":{ @@ -8574,8 +9531,7 @@ }, "DeleteFormTypeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGlossaryInput":{ "type":"structure", @@ -8600,8 +9556,7 @@ }, "DeleteGlossaryOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGlossaryTermInput":{ "type":"structure", @@ -8626,8 +9581,7 @@ }, "DeleteGlossaryTermOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteListingInput":{ "type":"structure", @@ -8652,8 +9606,7 @@ }, "DeleteListingOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectInput":{ "type":"structure", @@ -8710,13 +9663,11 @@ }, "DeleteProjectMembershipOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectProfileInput":{ "type":"structure", @@ -8741,8 +9692,7 @@ }, "DeleteProjectProfileOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleInput":{ "type":"structure", @@ -8767,8 +9717,7 @@ }, "DeleteRuleOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSubscriptionGrantInput":{ "type":"structure", @@ -8945,8 +9894,7 @@ }, "DeleteTimeSeriesDataPointsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Deployment":{ "type":"structure", @@ -9093,9 +10041,51 @@ }, "DisassociateEnvironmentRoleOutput":{ "type":"structure", + "members":{} + }, + "DisassociateGovernedTermsInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "governedGlossaryTerms" + ], "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to disassociate restricted terms from an asset.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"EntityIdentifier", + "documentation":"

The ID of an asset from which you want to disassociate restricted terms.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"GovernedEntityType", + "documentation":"

The type of the asset from which you want to disassociate restricted terms.

", + "location":"uri", + "locationName":"entityType" + }, + "governedGlossaryTerms":{ + "shape":"DisassociateGovernedTermsInputGovernedGlossaryTermsList", + "documentation":"

The restricted glossary terms that you want to disassociate from an asset.

" + } } }, + "DisassociateGovernedTermsInputGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":5, + "min":1 + }, + "DisassociateGovernedTermsOutput":{ + "type":"structure", + "members":{} + }, "DomainDescription":{ "type":"string", "sensitive":true @@ -9535,12 +10525,14 @@ "EnvironmentConfiguration":{ "type":"structure", "required":[ - "awsAccount", - "awsRegion", "environmentBlueprintId", "name" ], "members":{ + "accountPools":{ + "shape":"AccountPoolList", + "documentation":"

The account pools used by a custom project profile.

" + }, "awsAccount":{ "shape":"AwsAccount", "documentation":"

The Amazon Web Services account of the environment.

" @@ -9643,9 +10635,17 @@ "shape":"EnvironmentConfigurationName", "documentation":"

The environment configuration name.

" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

The ID of the environment.

" + }, "environmentParameters":{ "shape":"EnvironmentParametersList", "documentation":"

The environment parameters.

" + }, + "environmentResolvedAccount":{ + "shape":"EnvironmentResolvedAccount", + "documentation":"

Specifies the account/Region that is to be used during project creation for a particular blueprint.

" } }, "documentation":"

The environment configuration user parameters.

" @@ -9797,6 +10797,28 @@ }, "documentation":"

The details of an environment profile.

" }, + "EnvironmentResolvedAccount":{ + "type":"structure", + "required":[ + "awsAccountId", + "regionName" + ], + "members":{ + "awsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The ID of the resolved account.

" + }, + "regionName":{ + "shape":"AwsRegion", + "documentation":"

The name of the resolved Region.

" + }, + "sourceAccountPoolId":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool.

" + } + }, + "documentation":"

Specifies the account/Region that is to be used during project creation for a particular blueprint.

" + }, "EnvironmentStatus":{ "type":"string", "enum":[ @@ -9853,6 +10875,10 @@ "shape":"DomainId", "documentation":"

The identifier of the Amazon DataZone domain in which the environment exists.

" }, + "environmentConfigurationId":{ + "shape":"EnvironmentConfigurationId", + "documentation":"

The configuration ID with which the environment is created.

" + }, "environmentProfileId":{ "shape":"EnvironmentProfileId", "documentation":"

The identifier of the environment profile with which the environment was created.

" @@ -10260,6 +11286,80 @@ "max":10, "min":0 }, + "GetAccountPoolInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which the account pool lives whose details are to be displayed.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool whose details are to be displayed.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetAccountPoolOutput":{ + "type":"structure", + "required":[ + "accountSource", + "createdBy" + ], + "members":{ + "accountSource":{ + "shape":"AccountSource", + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

" + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the account pool.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the account pool.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which the account pool lives whose details are to be displayed.

" + }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The domain unit ID of the account pool.

" + }, + "id":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool.

" + }, + "lastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was last updated.

" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who last updated the account pool.

" + } + } + }, "GetAssetFilterInput":{ "type":"structure", "required":[ @@ -10359,7 +11459,7 @@ }, "identifier":{ "shape":"AssetIdentifier", - "documentation":"

The ID of the Amazon DataZone asset.

", + "documentation":"

The ID of the Amazon DataZone asset.

This parameter supports either the value of assetId or externalIdentifier as input. If you are passing the value of externalIdentifier, you must prefix this value with externalIdentifer%2F.

", "location":"uri", "locationName":"identifier" }, @@ -10420,6 +11520,10 @@ "shape":"GlossaryTerms", "documentation":"

The business glossary terms attached to the asset.

" }, + "governedGlossaryTerms":{ + "shape":"GetAssetOutputGovernedGlossaryTermsList", + "documentation":"

The restricted glossary terms attached to an asset.

" + }, "id":{ "shape":"AssetId", "documentation":"

The ID of the asset.

" @@ -10458,6 +11562,12 @@ } } }, + "GetAssetOutputGovernedGlossaryTermsList":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":20, + "min":0 + }, "GetAssetTypeInput":{ "type":"structure", "required":[ @@ -10627,6 +11737,10 @@ "shape":"ConnectionPropertiesOutput", "documentation":"

Connection props.

" }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

" + }, "type":{ "shape":"ConnectionType", "documentation":"

The type of the connection.

" @@ -11415,6 +12529,10 @@ "shape":"EnvironmentBlueprintId", "documentation":"

The blueprint with which the environment is created.

" }, + "environmentConfigurationId":{ + "shape":"EnvironmentConfigurationId", + "documentation":"

The configuration ID that is used to create the environment.

" + }, "environmentProfileId":{ "shape":"EnvironmentProfileId", "documentation":"

The ID of the environment profile with which the environment is created.

" @@ -11702,6 +12820,10 @@ "updatedBy":{ "shape":"UpdatedBy", "documentation":"

The Amazon DataZone user who updated the business glossary.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of the restricted glossary.

" } } }, @@ -11783,6 +12905,10 @@ "updatedBy":{ "shape":"UpdatedBy", "documentation":"

The Amazon DataZone user who updated the business glossary term.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of a term within a restricted glossary.

" } } }, @@ -12318,6 +13444,10 @@ "shape":"ProjectStatus", "documentation":"

The status of the project.

" }, + "resourceTags":{ + "shape":"ResourceTags", + "documentation":"

The resource tags of the project.

" + }, "userParameters":{ "shape":"EnvironmentConfigurationUserParametersList", "documentation":"

The user parameters of a project.

" @@ -12354,6 +13484,10 @@ "name" ], "members":{ + "allowCustomProjectResourceTags":{ + "shape":"Boolean", + "documentation":"

Specifies whether custom project resource tags are supported.

" + }, "createdAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

The timestamp of when the project profile was created.

" @@ -12390,6 +13524,14 @@ "shape":"ProjectProfileName", "documentation":"

The name of the project profile.

" }, + "projectResourceTags":{ + "shape":"ProjectResourceTagParameters", + "documentation":"

The resource tags of the project profile.

" + }, + "projectResourceTagsDescription":{ + "shape":"Description", + "documentation":"

Field viewable through the UI that provides a project user with the allowed resource tag specifications.

" + }, "status":{ "shape":"Status", "documentation":"

The status of the project profile.

" @@ -12988,6 +14130,11 @@ } } }, + "GlobalParameterMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, "GlossaryDescription":{ "type":"string", "max":4096, @@ -13008,6 +14155,10 @@ "status" ], "members":{ + "additionalAttributes":{ + "shape":"GlossaryItemAdditionalAttributes", + "documentation":"

The additional attributes of an Amazon DataZone glossary.

" + }, "createdAt":{ "shape":"CreatedAt", "documentation":"

The timestamp of when the glossary was created.

" @@ -13047,10 +14198,24 @@ "updatedBy":{ "shape":"UpdatedBy", "documentation":"

The Amazon DataZone user who updated the business glossary.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restrictions associated with a goverened glossary term.

" } }, "documentation":"

The details of a business glossary.

" }, + "GlossaryItemAdditionalAttributes":{ + "type":"structure", + "members":{ + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" + } + }, + "documentation":"

The additional attributes of an Amazon DataZone glossary.

" + }, "GlossaryName":{ "type":"string", "max":256, @@ -13078,6 +14243,10 @@ "status" ], "members":{ + "additionalAttributes":{ + "shape":"GlossaryTermItemAdditionalAttributes", + "documentation":"

The additional attributes of an Amazon DataZone glossary term.

" + }, "createdAt":{ "shape":"CreatedAt", "documentation":"

The timestamp of when a business glossary term was created.

" @@ -13125,10 +14294,24 @@ "updatedBy":{ "shape":"UpdatedBy", "documentation":"

The Amazon DataZone user who updated the business glossary term.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restrictions associated with a goverened glossary term.

" } }, "documentation":"

The details of a business glossary term.

" }, + "GlossaryTermItemAdditionalAttributes":{ + "type":"structure", + "members":{ + "matchRationale":{ + "shape":"MatchRationale", + "documentation":"

List of rationales indicating why this item was matched by search.

" + } + }, + "documentation":"

The additional attributes of an Amazon DataZone glossary term.

" + }, "GlossaryTermName":{ "type":"string", "max":256, @@ -13148,6 +14331,16 @@ "max":20, "min":1 }, + "GlossaryUsageRestriction":{ + "type":"string", + "enum":["ASSET_GOVERNED_TERMS"] + }, + "GlossaryUsageRestrictions":{ + "type":"list", + "member":{"shape":"GlossaryUsageRestriction"}, + "max":1, + "min":1 + }, "GlueConnection":{ "type":"structure", "members":{ @@ -13525,6 +14718,14 @@ "USER_MANAGED" ] }, + "GovernedEntityType":{ + "type":"string", + "enum":["ASSET"] + }, + "GrantIdentifier":{ + "type":"string", + "pattern":"^[A-Za-z0-9+/]{10}$" + }, "GrantedEntity":{ "type":"structure", "members":{ @@ -13752,6 +14953,10 @@ "arn":{ "shape":"String", "documentation":"

The ARN of an IAM user profile in Amazon DataZone.

" + }, + "principalId":{ + "shape":"String", + "documentation":"

Principal ID of the IAM user.

" } }, "documentation":"

The details of an IAM user profile in Amazon DataZone.

" @@ -13966,11 +15171,19 @@ }, "locationRegistrationRole":{ "shape":"RoleArn", - "documentation":"

The role that is used to manage read/write access to the chosen Amazon S3 bucket(s) for Data Lake using AWS Lake Formation hybrid access mode.

" + "documentation":"

The role that is used to manage read/write access to the chosen Amazon S3 bucket(s) for Data Lake using Amazon Web Services Lake Formation hybrid access mode.

" } }, "documentation":"

The Lake Formation configuration of the Data Lake blueprint.

" }, + "LambdaExecutionRoleArn":{ + "type":"string", + "pattern":"^arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*$" + }, + "LambdaFunctionArn":{ + "type":"string", + "pattern":"^arn:(?:aws|aws-cn|aws-us-gov):lambda:(?:[a-z]{2}(?:-gov)?-[a-z]+-\\d{1,}):(\\d{12}):function:[a-zA-Z0-9-_]+(?::[a-zA-Z0-9-_]+)?(?:\\$[\\w-]+)?$" + }, "LastName":{ "type":"string", "sensitive":true @@ -14303,6 +15516,107 @@ "type":"string", "pattern":"^cron\\((\\b[0-5]?[0-9]\\b) (\\b2[0-3]\\b|\\b[0-1]?[0-9]\\b) ([-?*,/\\dLW]){1,83} ([-*,/\\d]|[a-zA-Z]{3}){1,23} ([-?#*,/\\dL]|[a-zA-Z]{3}){1,13} ([^\\)]+)\\)$" }, + "ListAccountPoolsInput":{ + "type":"structure", + "required":["domainIdentifier"], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where exsting account pools are to be listed.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of account pools to return in a single call to ListAccountPools. When the number of account pools to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListAccountPools to list the next set of account pools.

", + "location":"querystring", + "locationName":"maxResults" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool to be listed.

", + "location":"querystring", + "locationName":"name" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of account pools is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of account pools, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListAccountPools to list the next set of account pools.

", + "location":"querystring", + "locationName":"nextToken" + }, + "sortBy":{ + "shape":"SortFieldAccountPool", + "documentation":"

The sort by mechanism in which the existing account pools are to be listed.

", + "location":"querystring", + "locationName":"sortBy" + }, + "sortOrder":{ + "shape":"SortOrder", + "documentation":"

The sort order in which the existing account pools are to be listed.

", + "location":"querystring", + "locationName":"sortOrder" + } + } + }, + "ListAccountPoolsOutput":{ + "type":"structure", + "members":{ + "items":{ + "shape":"AccountPoolSummaries", + "documentation":"

The results of the ListAccountPools operation.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of account pools is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of account pools, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListAccountPools to list the next set of account pools.

" + } + } + }, + "ListAccountsInAccountPoolInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which the accounts in the specified account pool are to be listed.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool whose accounts are to be listed.

", + "location":"uri", + "locationName":"identifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of accounts to return in a single call to ListAccountsInAccountPool. When the number of accounts to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListAccountsInAccountPool to list the next set of accounts.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of accounts is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of accounts, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListAccountsInAccountPool to list the next set of accounts.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAccountsInAccountPoolOutput":{ + "type":"structure", + "members":{ + "items":{ + "shape":"AccountInfoList", + "documentation":"

The results of the ListAccountsInAccountPool operation.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of accounts is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of accounts, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListAccountsInAccountPool to list the next set of accounts.

" + } + } + }, "ListAssetFiltersInput":{ "type":"structure", "required":[ @@ -14404,10 +15718,7 @@ }, "ListConnectionsInput":{ "type":"structure", - "required":[ - "domainIdentifier", - "projectIdentifier" - ], + "required":["domainIdentifier"], "members":{ "domainIdentifier":{ "shape":"DomainId", @@ -14445,6 +15756,12 @@ "location":"querystring", "locationName":"projectIdentifier" }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

", + "location":"querystring", + "locationName":"scope" + }, "sortBy":{ "shape":"SortFieldConnection", "documentation":"

Specifies how you want to sort the listed connections.

", @@ -16283,6 +17600,26 @@ "min":0, "sensitive":true }, + "ManagedEndpointCredentials":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ManagedEndpointCredentialsIdString", + "documentation":"

The identifier of the managed endpoint credentials.

" + }, + "token":{ + "shape":"String", + "documentation":"

The ARN of the managed endpoint credentials.

" + } + }, + "documentation":"

The managed endpoint credentials of the EMR on EKS cluster.

", + "sensitive":true + }, + "ManagedEndpointCredentialsIdString":{ + "type":"string", + "max":64, + "min":0 + }, "ManagedPolicyType":{ "type":"string", "enum":[ @@ -16298,7 +17635,8 @@ "DELEGATE_CREATE_ENVIRONMENT_PROFILE", "CREATE_ENVIRONMENT", "CREATE_ENVIRONMENT_FROM_BLUEPRINT", - "CREATE_PROJECT_FROM_PROJECT_PROFILE" + "CREATE_PROJECT_FROM_PROJECT_PROFILE", + "USE_ASSET_TYPE" ] }, "MatchCriteria":{ @@ -16307,6 +17645,39 @@ "max":10, "min":0 }, + "MatchOffset":{ + "type":"structure", + "members":{ + "endOffset":{ + "shape":"Integer", + "documentation":"

The 0-indexed number indicating the end position (exclusive) of a matched term.

" + }, + "startOffset":{ + "shape":"Integer", + "documentation":"

The 0-indexed number indicating the start position (inclusive) of a matched term.

" + } + }, + "documentation":"

The offset of a matched term.

" + }, + "MatchOffsets":{ + "type":"list", + "member":{"shape":"MatchOffset"} + }, + "MatchRationale":{ + "type":"list", + "member":{"shape":"MatchRationaleItem"} + }, + "MatchRationaleItem":{ + "type":"structure", + "members":{ + "textMatches":{ + "shape":"TextMatches", + "documentation":"

A list of TextMatchItems.

" + } + }, + "documentation":"

A rationale indicating why this item was matched by search.

", + "union":true + }, "MaxResults":{ "type":"integer", "box":true, @@ -16513,6 +17884,36 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "MlflowPropertiesInput":{ + "type":"structure", + "members":{ + "trackingServerArn":{ + "shape":"String", + "documentation":"

The tracking server ARN as part of the MLflow properties of a connection.

" + } + }, + "documentation":"

The MLflow properties of a connection.

" + }, + "MlflowPropertiesOutput":{ + "type":"structure", + "members":{ + "trackingServerArn":{ + "shape":"String", + "documentation":"

The tracking server ARN as part of the MLflow properties of a connection.

" + } + }, + "documentation":"

The MLflow properties of a connection.

" + }, + "MlflowPropertiesPatch":{ + "type":"structure", + "members":{ + "trackingServerArn":{ + "shape":"String", + "documentation":"

The tracking server ARN as part of the MLflow properties of a connection.

" + } + }, + "documentation":"

The MLflow properties of a connection.

" + }, "Model":{ "type":"structure", "members":{ @@ -16974,6 +18375,10 @@ "shape":"AwsLocation", "documentation":"

The location of a connection.

" }, + "enableTrustedIdentityPropagation":{ + "shape":"Boolean", + "documentation":"

Specified whether trusted identity propagation for the connection is enabled.

" + }, "glueConnection":{ "shape":"GlueConnection", "documentation":"

The Amazon Web Services Glue connection.

" @@ -17039,7 +18444,7 @@ }, "createGlossary":{ "shape":"CreateGlossaryPolicyGrantDetail", - "documentation":"

Specifies that this is a create glossary policy.

" + "documentation":"

Specifies that this is a create glossary policy.

" }, "createProject":{ "shape":"CreateProjectPolicyGrantDetail", @@ -17060,6 +18465,10 @@ "overrideProjectOwners":{ "shape":"OverrideProjectOwnersPolicyGrantDetail", "documentation":"

Specifies whether to override project owners.

" + }, + "useAssetType":{ + "shape":"UseAssetTypePolicyGrantDetail", + "documentation":"

Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.

" } }, "documentation":"

The details of the policy grant.

", @@ -17084,6 +18493,10 @@ "shape":"PolicyGrantDetail", "documentation":"

The details of the policy grant member.

" }, + "grantId":{ + "shape":"GrantIdentifier", + "documentation":"

The ID of the policy grant.

" + }, "principal":{ "shape":"PolicyGrantPrincipal", "documentation":"

The principal of the policy grant member.

" @@ -17383,12 +18796,21 @@ }, "documentation":"

The summary of a project profile.

" }, + "ProjectResourceTagParameters":{ + "type":"list", + "member":{"shape":"ResourceTagParameter"}, + "max":25, + "min":0 + }, "ProjectStatus":{ "type":"string", "enum":[ "ACTIVE", "DELETING", - "DELETE_FAILED" + "DELETE_FAILED", + "UPDATING", + "UPDATE_FAILED", + "MOVING" ] }, "ProjectSummaries":{ @@ -17543,6 +18965,10 @@ "shape":"PolicyArn", "documentation":"

The environment role permissions boundary.

" }, + "globalParameters":{ + "shape":"GlobalParameterMap", + "documentation":"

Region-agnostic environment blueprint parameters.

" + }, "manageAccessRoleArn":{ "shape":"RoleArn", "documentation":"

The ARN of the manage access role.

" @@ -18276,8 +19702,7 @@ }, "RemoveEntityOwnerOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemovePolicyGrantInput":{ "type":"structure", @@ -18312,6 +19737,10 @@ "location":"uri", "locationName":"entityType" }, + "grantIdentifier":{ + "shape":"GrantIdentifier", + "documentation":"

The ID of the policy grant that is to be removed from a specified entity.

" + }, "policyType":{ "shape":"ManagedPolicyType", "documentation":"

The type of the policy that you want to remove.

" @@ -18324,8 +19753,7 @@ }, "RemovePolicyGrantOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RequestReason":{ "type":"string", @@ -18339,6 +19767,10 @@ "max":5, "min":1 }, + "ResolutionStrategy":{ + "type":"string", + "enum":["MANUAL"] + }, "Resource":{ "type":"structure", "required":[ @@ -18382,6 +19814,65 @@ }, "exception":true }, + "ResourceTag":{ + "type":"structure", + "required":[ + "key", + "source", + "value" + ], + "members":{ + "key":{ + "shape":"TagKey", + "documentation":"

The key of the resource tag of the project.

" + }, + "source":{ + "shape":"ResourceTagSource", + "documentation":"

The source of the resource tag of the project.

" + }, + "value":{ + "shape":"TagValue", + "documentation":"

The value of the resource tag of the project.

" + } + }, + "documentation":"

The resource tag of the project.

" + }, + "ResourceTagParameter":{ + "type":"structure", + "required":[ + "isValueEditable", + "key", + "value" + ], + "members":{ + "isValueEditable":{ + "shape":"Boolean", + "documentation":"

Specifies whether the value of the resource tag parameter of the project profile is editable at the project level.

" + }, + "key":{ + "shape":"TagKey", + "documentation":"

The key of the resource tag parameter of the project profile.

" + }, + "value":{ + "shape":"TagValue", + "documentation":"

The value of the resource tag parameter key of the project profile.

" + } + }, + "documentation":"

The resource tag parameter of the project profile.

" + }, + "ResourceTagSource":{ + "type":"string", + "enum":[ + "PROJECT", + "PROJECT_PROFILE" + ] + }, + "ResourceTags":{ + "type":"list", + "member":{"shape":"ResourceTag"}, + "max":25, + "min":0 + }, "Revision":{ "type":"string", "max":64, @@ -18576,7 +20067,10 @@ }, "RuleAction":{ "type":"string", - "enum":["CREATE_SUBSCRIPTION_REQUEST"] + "enum":[ + "CREATE_LISTING_CHANGE_SET", + "CREATE_SUBSCRIPTION_REQUEST" + ] }, "RuleAssetTypeList":{ "type":"list", @@ -18734,6 +20228,12 @@ }, "documentation":"

The asset statistics from the data source run.

" }, + "S3AccessGrantLocationId":{ + "type":"string", + "max":64, + "min":0, + "pattern":"^[a-zA-Z0-9\\-]+$" + }, "S3Location":{ "type":"string", "max":1024, @@ -18746,6 +20246,65 @@ "max":20, "min":0 }, + "S3PropertiesInput":{ + "type":"structure", + "required":["s3Uri"], + "members":{ + "s3AccessGrantLocationId":{ + "shape":"S3AccessGrantLocationId", + "documentation":"

The Amazon S3 Access Grant location ID that's part of the Amazon S3 properties of a connection.

" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

The Amazon S3 URI that's part of the Amazon S3 properties of a connection.

" + } + }, + "documentation":"

The Amazon S3 properties of a connection.

" + }, + "S3PropertiesOutput":{ + "type":"structure", + "required":["s3Uri"], + "members":{ + "errorMessage":{ + "shape":"String", + "documentation":"

The error message that gets displayed.

" + }, + "s3AccessGrantLocationId":{ + "shape":"S3AccessGrantLocationId", + "documentation":"

The Amazon S3 Access Grant location ID that's part of the Amazon S3 properties of a connection.

" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

The Amazon S3 URI that's part of the Amazon S3 properties of a connection.

" + }, + "status":{ + "shape":"ConnectionStatus", + "documentation":"

The status of the Amazon S3 connection.

" + } + }, + "documentation":"

The Amazon S3 properties of a connection.

" + }, + "S3PropertiesPatch":{ + "type":"structure", + "required":["s3Uri"], + "members":{ + "s3AccessGrantLocationId":{ + "shape":"S3AccessGrantLocationId", + "documentation":"

The Amazon S3 Access Grant location ID that's part of the Amazon S3 properties patch of a connection.

" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"

The Amazon S3 URI that's part of the Amazon S3 properties patch of a connection.

" + } + }, + "documentation":"

The Amazon S3 properties patch of a connection.

" + }, + "S3Uri":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"^s3://.+$" + }, "SageMakerAssetType":{ "type":"string", "max":64, @@ -18959,6 +20518,10 @@ "shape":"SearchOutputAdditionalAttributes", "documentation":"

Specifies additional attributes for the search.

" }, + "aggregations":{ + "shape":"AggregationList", + "documentation":"

Enables you to specify one or more attributes to compute and return counts grouped by field values.

" + }, "domainIdentifier":{ "shape":"DomainId", "documentation":"

The identifier of the domain in which to search listings.

", @@ -18982,7 +20545,7 @@ "documentation":"

The details of the search.

" }, "searchText":{ - "shape":"String", + "shape":"SearchListingsInputSearchTextString", "documentation":"

Specifies the text for which to search.

" }, "sort":{ @@ -18991,9 +20554,18 @@ } } }, + "SearchListingsInputSearchTextString":{ + "type":"string", + "max":512, + "min":0 + }, "SearchListingsOutput":{ "type":"structure", "members":{ + "aggregates":{ + "shape":"AggregationOutputList", + "documentation":"

Contains computed counts grouped by field values based on the requested aggregation attributes for the matching listings.

" + }, "items":{ "shape":"SearchResultItems", "documentation":"

The results of the SearchListings action.

" @@ -19029,7 +20601,8 @@ "type":"string", "enum":[ "FORMS", - "TIME_SERIES_DATA_POINT_FORMS" + "TIME_SERIES_DATA_POINT_FORMS", + "TEXT_MATCH_RATIONALE" ] }, "SearchOutputAdditionalAttributes":{ @@ -19072,7 +20645,7 @@ }, "SearchText":{ "type":"string", - "max":4096, + "max":512, "min":1 }, "SearchTypesInput":{ @@ -19307,6 +20880,10 @@ "SingleSignOn":{ "type":"structure", "members":{ + "idcInstanceArn":{ + "shape":"SingleSignOnIdcInstanceArnString", + "documentation":"

The ARN of the IDC instance.

" + }, "type":{ "shape":"AuthType", "documentation":"

The type of single sign-on in Amazon DataZone.

" @@ -19318,11 +20895,19 @@ }, "documentation":"

The single sign-on details in Amazon DataZone.

" }, + "SingleSignOnIdcInstanceArnString":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" + }, "Smithy":{ "type":"string", "max":100000, "min":1 }, + "SortFieldAccountPool":{ + "type":"string", + "enum":["NAME"] + }, "SortFieldConnection":{ "type":"string", "enum":["NAME"] @@ -19364,6 +20949,10 @@ "shape":"SparkEmrPropertiesInputLogUriString", "documentation":"

The log URI of the Spark EMR.

" }, + "managedEndpointArn":{ + "shape":"SparkEmrPropertiesInputManagedEndpointArnString", + "documentation":"

The managed endpoint ARN of the EMR on EKS cluster.

" + }, "pythonVirtualEnv":{ "shape":"SparkEmrPropertiesInputPythonVirtualEnvString", "documentation":"

The Python virtual env of the Spark EMR.

" @@ -19381,8 +20970,9 @@ }, "SparkEmrPropertiesInputComputeArnString":{ "type":"string", - "max":256, - "min":0 + "max":2048, + "min":0, + "pattern":"^arn:aws(-(cn|us-gov|iso(-[bef])?))?:(elasticmapreduce|emr-serverless|emr-containers):.*" }, "SparkEmrPropertiesInputInstanceProfileArnString":{ "type":"string", @@ -19399,6 +20989,11 @@ "max":256, "min":0 }, + "SparkEmrPropertiesInputManagedEndpointArnString":{ + "type":"string", + "max":2048, + "min":0 + }, "SparkEmrPropertiesInputPythonVirtualEnvString":{ "type":"string", "max":256, @@ -19416,6 +21011,10 @@ "SparkEmrPropertiesOutput":{ "type":"structure", "members":{ + "certificateData":{ + "shape":"String", + "documentation":"

The certificate data of the EMR on EKS cluster.

" + }, "computeArn":{ "shape":"String", "documentation":"

The compute ARN of the Spark EMR.

" @@ -19448,6 +21047,14 @@ "shape":"String", "documentation":"

The log URI of the Spark EMR.

" }, + "managedEndpointArn":{ + "shape":"SparkEmrPropertiesOutputManagedEndpointArnString", + "documentation":"

The managed endpoint ARN of the EMR on EKS cluster.

" + }, + "managedEndpointCredentials":{ + "shape":"ManagedEndpointCredentials", + "documentation":"

The managed endpoint credentials of the EMR on EKS cluster.

" + }, "pythonVirtualEnv":{ "shape":"String", "documentation":"

The Python virtual env of the Spark EMR.

" @@ -19463,6 +21070,11 @@ }, "documentation":"

The Spark EMR properties.

" }, + "SparkEmrPropertiesOutputManagedEndpointArnString":{ + "type":"string", + "max":2048, + "min":0 + }, "SparkEmrPropertiesPatch":{ "type":"structure", "members":{ @@ -19482,6 +21094,10 @@ "shape":"SparkEmrPropertiesPatchLogUriString", "documentation":"

The log URI in the Spark EMR properties patch.

" }, + "managedEndpointArn":{ + "shape":"SparkEmrPropertiesPatchManagedEndpointArnString", + "documentation":"

The managed endpoint ARN of the EMR on EKS cluster.

" + }, "pythonVirtualEnv":{ "shape":"SparkEmrPropertiesPatchPythonVirtualEnvString", "documentation":"

The Python virtual env in the Spark EMR properties patch.

" @@ -19499,8 +21115,9 @@ }, "SparkEmrPropertiesPatchComputeArnString":{ "type":"string", - "max":256, - "min":0 + "max":2048, + "min":0, + "pattern":"^arn:aws(-(cn|us-gov|iso(-[bef])?))?:(elasticmapreduce|emr-serverless|emr-containers):.*" }, "SparkEmrPropertiesPatchInstanceProfileArnString":{ "type":"string", @@ -19517,6 +21134,11 @@ "max":256, "min":0 }, + "SparkEmrPropertiesPatchManagedEndpointArnString":{ + "type":"string", + "max":2048, + "min":0 + }, "SparkEmrPropertiesPatchPythonVirtualEnvString":{ "type":"string", "max":256, @@ -20162,7 +21784,7 @@ }, "updatedAt":{ "shape":"UpdatedAt", - "documentation":"

The timestampf of when the subscription grant was updated.

" + "documentation":"

The timestamp of when the subscription grant was updated.

" }, "updatedBy":{ "shape":"UpdatedBy", @@ -20503,8 +22125,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -20522,7 +22143,8 @@ "enum":[ "DOMAIN_UNIT", "ENVIRONMENT_BLUEPRINT_CONFIGURATION", - "ENVIRONMENT_PROFILE" + "ENVIRONMENT_PROFILE", + "ASSET_TYPE" ] }, "TaskId":{ @@ -20562,6 +22184,28 @@ "max":10, "min":1 }, + "TextMatchItem":{ + "type":"structure", + "members":{ + "attribute":{ + "shape":"Attribute", + "documentation":"

The name of the attribute.

" + }, + "matchOffsets":{ + "shape":"MatchOffsets", + "documentation":"

List of offsets indicating matching terms in the TextMatchItem text.

" + }, + "text":{ + "shape":"String", + "documentation":"

Snippet of attribute text containing highlighted content.

" + } + }, + "documentation":"

A structure indicating matched terms for an attribute.

" + }, + "TextMatches":{ + "type":"list", + "member":{"shape":"TextMatchItem"} + }, "ThrottlingException":{ "type":"structure", "required":["message"], @@ -20873,8 +22517,7 @@ }, "Unit":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The details of the policy of creating an environment.

" }, "UntagResourceRequest":{ @@ -20900,7 +22543,96 @@ }, "UntagResourceResponse":{ "type":"structure", + "members":{} + }, + "UpdateAccountPoolInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], "members":{ + "accountSource":{ + "shape":"AccountSource", + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the account pool that is to be udpated.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The domain ID where the account pool that is to be updated lives.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool that is to be updated.

", + "location":"uri", + "locationName":"identifier" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool that is to be updated.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + } + } + }, + "UpdateAccountPoolOutput":{ + "type":"structure", + "required":[ + "accountSource", + "createdBy" + ], + "members":{ + "accountSource":{ + "shape":"AccountSource", + "documentation":"

The source of accounts for the account pool. In the current release, it's either a static list of accounts provided by the customer or a custom Amazon Web Services Lambda handler.

" + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the account pool.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the account pool that is to be udpated.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The domain ID where the account pool that is to be updated lives.

" + }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The domain ID in which the account pool that is to be updated lives.

" + }, + "id":{ + "shape":"AccountPoolId", + "documentation":"

The ID of the account pool that is to be updated.

" + }, + "lastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp at which the account pool was last updated.

" + }, + "name":{ + "shape":"AccountPoolName", + "documentation":"

The name of the account pool that is to be updated.

" + }, + "resolutionStrategy":{ + "shape":"ResolutionStrategy", + "documentation":"

The mechanism used to resolve the account selection from the account pool.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who last updated the account pool.

" + } } }, "UpdateAssetFilterInput":{ @@ -21085,6 +22817,10 @@ "shape":"ConnectionPropertiesOutput", "documentation":"

The connection props.

" }, + "scope":{ + "shape":"ConnectionScope", + "documentation":"

The scope of the connection.

" + }, "type":{ "shape":"ConnectionType", "documentation":"

The connection type.

" @@ -21484,6 +23220,90 @@ } } }, + "UpdateEnvironmentBlueprintInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "description":{ + "shape":"String", + "documentation":"

The description to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The identifier of the Amazon DataZone domain in which an environment blueprint is to be updated.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"EnvironmentBlueprintId", + "documentation":"

The identifier of the environment blueprint to be updated.

", + "location":"uri", + "locationName":"identifier" + }, + "provisioningProperties":{ + "shape":"ProvisioningProperties", + "documentation":"

The provisioning properties to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "userParameters":{ + "shape":"CustomParameterList", + "documentation":"

The user parameters to be updated as part of the UpdateEnvironmentBlueprint action.

" + } + } + }, + "UpdateEnvironmentBlueprintOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "provider", + "provisioningProperties" + ], + "members":{ + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp of when the environment blueprint was created.

" + }, + "deploymentProperties":{ + "shape":"DeploymentProperties", + "documentation":"

The deployment properties to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "glossaryTerms":{ + "shape":"GlossaryTerms", + "documentation":"

The glossary terms to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "id":{ + "shape":"EnvironmentBlueprintId", + "documentation":"

The identifier of the blueprint to be updated.

" + }, + "name":{ + "shape":"EnvironmentBlueprintName", + "documentation":"

The name to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "provider":{ + "shape":"String", + "documentation":"

The provider of the blueprint to be udpated.

" + }, + "provisioningProperties":{ + "shape":"ProvisioningProperties", + "documentation":"

The provisioning properties to be updated as part of the UpdateEnvironmentBlueprint action.

" + }, + "updatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp of when the blueprint was updated.

" + }, + "userParameters":{ + "shape":"CustomParameterList", + "documentation":"

The user parameters to be updated as part of the UpdateEnvironmentBlueprint action.

" + } + } + }, "UpdateEnvironmentInput":{ "type":"structure", "required":[ @@ -21491,6 +23311,10 @@ "identifier" ], "members":{ + "blueprintVersion":{ + "shape":"String", + "documentation":"

The blueprint version to which the environment should be updated. You can only specify the following string for this parameter: latest.

" + }, "description":{ "shape":"String", "documentation":"

The description to be updated as part of the UpdateEnvironment action.

" @@ -21514,6 +23338,10 @@ "name":{ "shape":"String", "documentation":"

The name to be updated as part of the UpdateEnvironment action.

" + }, + "userParameters":{ + "shape":"EnvironmentParametersList", + "documentation":"

The user parameters of the environment.

" } } }, @@ -21563,6 +23391,10 @@ "shape":"EnvironmentBlueprintId", "documentation":"

The blueprint identifier of the environment.

" }, + "environmentConfigurationId":{ + "shape":"EnvironmentConfigurationId", + "documentation":"

The configuration ID of the environment.

" + }, "environmentProfileId":{ "shape":"EnvironmentProfileId", "documentation":"

The profile identifier of the environment.

" @@ -21784,6 +23616,10 @@ "status":{ "shape":"GlossaryStatus", "documentation":"

The status to be updated as part of the UpdateGlossary action.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of the restricted glossary.

" } } }, @@ -21873,6 +23709,10 @@ "termRelations":{ "shape":"TermRelations", "documentation":"

The term relations to be updated as part of the UpdateGlossaryTerm action.

" + }, + "usageRestrictions":{ + "shape":"GlossaryUsageRestrictions", + "documentation":"

The usage restriction of a term within a restricted glossary.

" } } }, @@ -21940,6 +23780,10 @@ "location":"uri", "locationName":"domainIdentifier" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, "environmentDeploymentDetails":{ "shape":"EnvironmentDeploymentDetails", "documentation":"

The environment deployment details of the project.

" @@ -21957,9 +23801,28 @@ "name":{ "shape":"ProjectName", "documentation":"

The name to be updated as part of the UpdateProject action.

" + }, + "projectProfileVersion":{ + "shape":"String", + "documentation":"

The project profile version to which the project should be updated. You can only specify the following string for this parameter: latest.

" + }, + "resourceTags":{ + "shape":"UpdateProjectInputResourceTagsMap", + "documentation":"

The resource tags of the project.

" + }, + "userParameters":{ + "shape":"EnvironmentConfigurationUserParametersList", + "documentation":"

The user parameters of the project.

" } } }, + "UpdateProjectInputResourceTagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":25, + "min":0 + }, "UpdateProjectOutput":{ "type":"structure", "required":[ @@ -22021,6 +23884,10 @@ "shape":"ProjectStatus", "documentation":"

The status of the project.

" }, + "resourceTags":{ + "shape":"ResourceTags", + "documentation":"

The resource tags of the project.

" + }, "userParameters":{ "shape":"EnvironmentConfigurationUserParametersList", "documentation":"

The user parameters of the project.

" @@ -22034,6 +23901,10 @@ "identifier" ], "members":{ + "allowCustomProjectResourceTags":{ + "shape":"Boolean", + "documentation":"

Specifies whether custom project resource tags are supported.

" + }, "description":{ "shape":"Description", "documentation":"

The description of a project profile.

" @@ -22062,6 +23933,14 @@ "shape":"ProjectProfileName", "documentation":"

The name of a project profile.

" }, + "projectResourceTags":{ + "shape":"ProjectResourceTagParameters", + "documentation":"

The resource tags of the project profile.

" + }, + "projectResourceTagsDescription":{ + "shape":"Description", + "documentation":"

Field viewable through the UI that provides a project user with the allowed resource tag specifications.

" + }, "status":{ "shape":"Status", "documentation":"

The status of a project profile.

" @@ -22077,6 +23956,10 @@ "name" ], "members":{ + "allowCustomProjectResourceTags":{ + "shape":"Boolean", + "documentation":"

Specifies whether custom project resource tags are supported.

" + }, "createdAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

The timestamp at which a project profile is created.

" @@ -22113,6 +23996,14 @@ "shape":"ProjectProfileName", "documentation":"

The name of the project profile.

" }, + "projectResourceTags":{ + "shape":"ProjectResourceTagParameters", + "documentation":"

The resource tags of the project profile.

" + }, + "projectResourceTagsDescription":{ + "shape":"Description", + "documentation":"

Field viewable through the UI that provides a project user with the allowed resource tag specifications.

" + }, "status":{ "shape":"Status", "documentation":"

The status of the project profile.

" @@ -22518,7 +24409,7 @@ }, "authorizedPrincipals":{ "shape":"AuthorizedPrincipalIdentifiers", - "documentation":"

The authorized principals to be updated as part of the UpdateSubscriptionTarget action.

" + "documentation":"

The authorized principals to be updated as part of the UpdateSubscriptionTarget action. Updates are supported in batches of 5 at a time.

" }, "createdAt":{ "shape":"CreatedAt", @@ -22628,6 +24519,16 @@ }, "UpdatedAt":{"type":"timestamp"}, "UpdatedBy":{"type":"string"}, + "UseAssetTypePolicyGrantDetail":{ + "type":"structure", + "members":{ + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + } + }, + "documentation":"

Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.

" + }, "UserAssignment":{ "type":"string", "enum":[ diff -pruN 2.23.6-1/awscli/botocore/data/dax/2017-04-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dax/2017-04-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dax/2017-04-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dax/2017-04-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/dax/2017-04-19/service-2.json 2.31.35-1/awscli/botocore/data/dax/2017-04-19/service-2.json --- 2.23.6-1/awscli/botocore/data/dax/2017-04-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dax/2017-04-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"dax", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Amazon DAX", "serviceFullName":"Amazon DynamoDB Accelerator (DAX)", "serviceId":"DAX", "signatureVersion":"v4", "targetPrefix":"AmazonDAXV3", - "uid":"dax-2017-04-19" + "uid":"dax-2017-04-19", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateCluster":{ @@ -71,7 +73,8 @@ {"shape":"SubnetGroupQuotaExceededFault"}, {"shape":"SubnetQuotaExceededFault"}, {"shape":"InvalidSubnet"}, - {"shape":"ServiceLinkedRoleNotFoundFault"} + {"shape":"ServiceLinkedRoleNotFoundFault"}, + {"shape":"SubnetNotAllowedFault"} ], "documentation":"

Creates a new subnet group.

" }, @@ -289,7 +292,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"

Reboots a single node of a DAX cluster. The reboot action takes place as soon as possible. During the reboot, the node status is set to REBOOTING.

RebootNode restarts the DAX engine process and does not remove the contents of the cache.

" + "documentation":"

Reboots a single node of a DAX cluster. The reboot action takes place as soon as possible. During the reboot, the node status is set to REBOOTING.

RebootNode restarts the DAX engine process and does not remove the contents of the cache.

" }, "TagResource":{ "name":"TagResource", @@ -378,7 +381,8 @@ {"shape":"SubnetQuotaExceededFault"}, {"shape":"SubnetInUse"}, {"shape":"InvalidSubnet"}, - {"shape":"ServiceLinkedRoleNotFoundFault"} + {"shape":"ServiceLinkedRoleNotFoundFault"}, + {"shape":"SubnetNotAllowedFault"} ], "documentation":"

Modifies an existing subnet group.

" } @@ -470,14 +474,17 @@ "ClusterEndpointEncryptionType":{ "shape":"ClusterEndpointEncryptionType", "documentation":"

The type of encryption supported by the cluster's endpoint. Values are:

  • NONE for no encryption

    TLS for Transport Layer Security

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The IP address type of the cluster. Values are:

  • ipv4 - IPv4 addresses only

  • ipv6 - IPv6 addresses only

  • dual_stack - Both IPv4 and IPv6 addresses

" } }, "documentation":"

Contains all of the attributes of a specific DAX cluster.

" }, "ClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a DAX cluster with the given identifier.

", "exception":true }, @@ -498,16 +505,14 @@ }, "ClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cluster ID does not refer to an existing DAX cluster.

", "exception":true }, "ClusterQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

You have attempted to exceed the maximum number of DAX clusters for your AWS account.

", + "members":{}, + "documentation":"

You have attempted to exceed the maximum number of DAX clusters for your Amazon Web Services account.

", "exception":true }, "CreateClusterRequest":{ @@ -533,7 +538,7 @@ }, "ReplicationFactor":{ "shape":"Integer", - "documentation":"

The number of nodes in the DAX cluster. A replication factor of 1 will create a single-node cluster, without any read replicas. For additional fault tolerance, you can create a multiple node cluster with one or more read replicas. To do this, set ReplicationFactor to a number between 3 (one primary and two read replicas) and 10 (one primary and nine read replicas). If the AvailabilityZones parameter is provided, its length must equal the ReplicationFactor.

AWS recommends that you have at least two read replicas per cluster.

" + "documentation":"

The number of nodes in the DAX cluster. A replication factor of 1 will create a single-node cluster, without any read replicas. For additional fault tolerance, you can create a multiple node cluster with one or more read replicas. To do this, set ReplicationFactor to a number between 3 (one primary and two read replicas) and 10 (one primary and nine read replicas). If the AvailabilityZones parameter is provided, its length must equal the ReplicationFactor.

Amazon Web Services recommends that you have at least two read replicas per cluster.

" }, "AvailabilityZones":{ "shape":"AvailabilityZoneList", @@ -574,6 +579,10 @@ "ClusterEndpointEncryptionType":{ "shape":"ClusterEndpointEncryptionType", "documentation":"

The type of encryption the cluster's endpoint should support. Values are:

  • NONE for no encryption

  • TLS for Transport Layer Security

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

Specifies the IP protocol(s) the cluster uses for network communications. Values are:

  • ipv4 - The cluster is accessible only through IPv4 addresses

  • ipv6 - The cluster is accessible only through IPv6 addresses

  • dual_stack - The cluster is accessible through both IPv4 and IPv6 addresses.

If no explicit NetworkType is provided, the network type is derived based on the subnet group's configuration.

" } } }, @@ -997,14 +1006,13 @@ "members":{ "Cluster":{ "shape":"Cluster", - "documentation":"

A description of the DAX cluster. with its new replication factor.

" + "documentation":"

A description of the DAX cluster, with its new replication factor.

" } } }, "InsufficientClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There are not enough system resources to create the cluster you requested (or to resize an already-existing cluster).

", "exception":true }, @@ -1012,15 +1020,13 @@ "IntegerOptional":{"type":"integer"}, "InvalidARNFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Amazon Resource Name (ARN) supplied in the request is not valid.

", "exception":true }, "InvalidClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested DAX cluster is not in the available state.

", "exception":true }, @@ -1035,8 +1041,7 @@ }, "InvalidParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more parameters in a parameter group are in an invalid state.

", "exception":true }, @@ -1051,15 +1056,13 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid subnet identifier was specified.

", "exception":true }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The VPC network is in an invalid state.

", "exception":true }, @@ -1102,6 +1105,18 @@ } } }, + "NetworkType":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6", + "dual_stack" + ] + }, + "NetworkTypeList":{ + "type":"list", + "member":{"shape":"NetworkType"} + }, "Node":{ "type":"structure", "members":{ @@ -1142,23 +1157,20 @@ }, "NodeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

None of the nodes in the cluster have the given node ID.

", "exception":true }, "NodeQuotaForClusterExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have attempted to exceed the maximum number of nodes for a DAX cluster.

", "exception":true }, "NodeQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

You have attempted to exceed the maximum number of nodes for your AWS account.

", + "members":{}, + "documentation":"

You have attempted to exceed the maximum number of nodes for your Amazon Web Services account.

", "exception":true }, "NodeTypeSpecificValue":{ @@ -1184,7 +1196,7 @@ "members":{ "TopicArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) that identifies the topic.

" + "documentation":"

The Amazon Resource Name (ARN) that identifies the topic.

" }, "TopicStatus":{ "shape":"String", @@ -1255,8 +1267,7 @@ }, "ParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified parameter group already exists.

", "exception":true }, @@ -1270,15 +1281,13 @@ }, "ParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified parameter group does not exist.

", "exception":true }, "ParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have attempted to exceed the maximum number of parameter groups.

", "exception":true }, @@ -1410,16 +1419,14 @@ }, "ServiceLinkedRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified service linked role (SLR) was not found.

", "exception":true }, "ServiceQuotaExceededException":{ "type":"structure", - "members":{ - }, - "documentation":"

You have reached the maximum number of x509 certificates that can be created for encrypted clusters in a 30 day period. Contact AWS customer support to discuss options for continuing to create encrypted clusters.

", + "members":{}, + "documentation":"

You have reached the maximum number of x509 certificates that can be created for encrypted clusters in a 30 day period. Contact Amazon Web Services customer support to discuss options for continuing to create encrypted clusters.

", "exception":true }, "SourceType":{ @@ -1441,6 +1448,10 @@ "SubnetAvailabilityZone":{ "shape":"String", "documentation":"

The Availability Zone (AZ) for the subnet.

" + }, + "SupportedNetworkTypes":{ + "shape":"NetworkTypeList", + "documentation":"

The network types supported by this subnet. Returns an array of strings that can include ipv4, ipv6, or both, indicating whether the subnet supports IPv4 only, IPv6 only, or dual-stack deployments.

" } }, "documentation":"

Represents the subnet associated with a DAX cluster. This parameter refers to subnets defined in Amazon Virtual Private Cloud (Amazon VPC) and used with DAX.

" @@ -1463,21 +1474,23 @@ "Subnets":{ "shape":"SubnetList", "documentation":"

A list of subnets associated with the subnet group.

" + }, + "SupportedNetworkTypes":{ + "shape":"NetworkTypeList", + "documentation":"

The network types supported by this subnet. Returns an array of strings that can include ipv4, ipv6, or both, indicating whether the subnet group supports IPv4 only, IPv6 only, or dual-stack deployments.

" } }, "documentation":"

Represents the output of one of the following actions:

  • CreateSubnetGroup

  • ModifySubnetGroup

" }, "SubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified subnet group already exists.

", "exception":true }, "SubnetGroupInUseFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified subnet group is currently in use.

", "exception":true }, @@ -1491,15 +1504,13 @@ }, "SubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested subnet group name does not refer to an existing subnet group.

", "exception":true }, "SubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of subnets in a subnet group.

", "exception":true }, @@ -1509,8 +1520,7 @@ }, "SubnetInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested subnet is being used by another subnet group.

", "exception":true }, @@ -1518,10 +1528,15 @@ "type":"list", "member":{"shape":"Subnet"} }, + "SubnetNotAllowedFault":{ + "type":"structure", + "members":{}, + "documentation":"

The specified subnet can't be used for the requested network type. This error occurs when either there aren't enough subnets of the required network type to create the cluster, or when you try to use a subnet that doesn't support the requested network type (for example, trying to create a dual-stack cluster with a subnet that doesn't have IPv6 CIDR).

", + "exception":true + }, "SubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of subnets in a subnet group.

", "exception":true }, @@ -1535,10 +1550,10 @@ }, "Value":{ "shape":"String", - "documentation":"

The value of the tag. Tag values are case-sensitive and can be null.

" + "documentation":"

The value of the tag. Tag values are case-sensitive and can be null.

" } }, - "documentation":"

A description of a tag. Every tag is a key-value pair. You can add up to 50 tags to a single DAX cluster.

AWS-assigned tag names and values are automatically assigned the aws: prefix, which the user cannot assign. AWS-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix user:.

You cannot backdate the application of a tag.

" + "documentation":"

A description of a tag. Every tag is a key-value pair. You can add up to 50 tags to a single DAX cluster.

Amazon Web Services-assigned tag names and values are automatically assigned the aws: prefix, which the user cannot assign. Amazon Web Services-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix user:.

You cannot backdate the application of a tag.

" }, "TagList":{ "type":"list", @@ -1546,15 +1561,13 @@ }, "TagNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The tag does not exist.

", "exception":true }, "TagQuotaPerResourceExceeded":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have exceeded the maximum number of tags for this DAX cluster.

", "exception":true }, @@ -1707,5 +1720,5 @@ } } }, - "documentation":"

DAX is a managed caching service engineered for Amazon DynamoDB. DAX dramatically speeds up database reads by caching frequently-accessed data from DynamoDB, so applications can access that data with sub-millisecond latency. You can create a DAX cluster easily, using the AWS Management Console. With a few simple modifications to your code, your application can begin taking advantage of the DAX cluster and realize significant improvements in read performance.

" + "documentation":"

DAX is a managed caching service engineered for Amazon DynamoDB. DAX dramatically speeds up database reads by caching frequently-accessed data from DynamoDB, so applications can access that data with sub-millisecond latency. You can create a DAX cluster easily, using the Amazon Web Services Management Console. With a few simple modifications to your code, your application can begin taking advantage of the DAX cluster and realize significant improvements in read performance.

" } diff -pruN 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/paginators-1.json 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/paginators-1.json --- 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -161,6 +161,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "jobParameterDefinitions" + }, + "ListLimits": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "limits" + }, + "ListQueueLimitAssociations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "queueLimitAssociations" } } } diff -pruN 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/service-2.json 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/service-2.json --- 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -312,7 +312,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Creates a job. A job is a set of instructions that AWS Deadline Cloud uses to schedule and run work on available workers. For more information, see Deadline Cloud jobs.

", + "documentation":"

Creates a job. A job is a set of instructions that Deadline Cloud uses to schedule and run work on available workers. For more information, see Deadline Cloud jobs.

", "endpoint":{"hostPrefix":"management."}, "idempotent":true }, @@ -337,6 +337,27 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "CreateLimit":{ + "name":"CreateLimit", + "http":{ + "method":"POST", + "requestUri":"/2023-10-12/farms/{farmId}/limits", + "responseCode":200 + }, + "input":{"shape":"CreateLimitRequest"}, + "output":{"shape":"CreateLimitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

Creates a limit that manages the distribution of shared resources, such as floating licenses. A limit can throttle work assignments, help manage workloads, and track current usage. Before you use a limit, you must associate the limit with one or more queues.

You must add the amountRequirementName to a step in a job template to declare the limit requirement.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "CreateMonitor":{ "name":"CreateMonitor", "http":{ @@ -419,6 +440,26 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "CreateQueueLimitAssociation":{ + "name":"CreateQueueLimitAssociation", + "http":{ + "method":"PUT", + "requestUri":"/2023-10-12/farms/{farmId}/queue-limit-associations", + "responseCode":200 + }, + "input":{"shape":"CreateQueueLimitAssociationRequest"}, + "output":{"shape":"CreateQueueLimitAssociationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Associates a limit with a particular queue. After the limit is associated, all workers for jobs that specify the limit associated with the queue are subject to the limit. You can't associate two limits with the same amountRequirementName to the same queue.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "CreateStorageProfile":{ "name":"CreateStorageProfile", "http":{ @@ -457,7 +498,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates a worker. A worker tells your instance how much processing power (vCPU), and memory (GiB) you’ll need to assemble the digital assets held within a particular instance. You can specify certain instance types to use, or let the worker know which instances types to exclude.

", + "documentation":"

Creates a worker. A worker tells your instance how much processing power (vCPU), and memory (GiB) you’ll need to assemble the digital assets held within a particular instance. You can specify certain instance types to use, or let the worker know which instances types to exclude.

Deadline Cloud limits the number of workers to less than or equal to the fleet's maximum worker count. The service maintains eventual consistency for the worker count. If you make multiple rapid calls to CreateWorker before the field updates, you might exceed your fleet's maximum worker count. For example, if your maxWorkerCount is 10 and you currently have 9 workers, making two quick CreateWorker calls might successfully create 2 workers instead of 1, resulting in 11 total workers.

", "endpoint":{"hostPrefix":"scheduling."}, "idempotent":true }, @@ -543,6 +584,25 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "DeleteLimit":{ + "name":"DeleteLimit", + "http":{ + "method":"DELETE", + "requestUri":"/2023-10-12/farms/{farmId}/limits/{limitId}", + "responseCode":200 + }, + "input":{"shape":"DeleteLimitRequest"}, + "output":{"shape":"DeleteLimitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Removes a limit from the specified farm. Before you delete a limit you must use the DeleteQueueLimitAssociation operation to remove the association with any queues.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "DeleteMeteredProduct":{ "name":"DeleteMeteredProduct", "http":{ @@ -644,6 +704,27 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "DeleteQueueLimitAssociation":{ + "name":"DeleteQueueLimitAssociation", + "http":{ + "method":"DELETE", + "requestUri":"/2023-10-12/farms/{farmId}/queue-limit-associations/{queueId}/{limitId}", + "responseCode":200 + }, + "input":{"shape":"DeleteQueueLimitAssociationRequest"}, + "output":{"shape":"DeleteQueueLimitAssociationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Removes the association between a queue and a limit. You must use the UpdateQueueLimitAssociation operation to set the status to STOP_LIMIT_USAGE_AND_COMPLETE_TASKS or STOP_LIMIT_USAGE_AND_CANCEL_TASKS. The status does not change immediately. Use the GetQueueLimitAssociation operation to see if the status changed to STOPPED before deleting the association.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "DeleteStorageProfile":{ "name":"DeleteStorageProfile", "http":{ @@ -861,6 +942,25 @@ "documentation":"

Gets a licence endpoint.

", "endpoint":{"hostPrefix":"management."} }, + "GetLimit":{ + "name":"GetLimit", + "http":{ + "method":"GET", + "requestUri":"/2023-10-12/farms/{farmId}/limits/{limitId}", + "responseCode":200 + }, + "input":{"shape":"GetLimitRequest"}, + "output":{"shape":"GetLimitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Gets information about a specific limit.

", + "endpoint":{"hostPrefix":"management."} + }, "GetMonitor":{ "name":"GetMonitor", "http":{ @@ -937,6 +1037,25 @@ "documentation":"

Gets a queue-fleet association.

", "endpoint":{"hostPrefix":"management."} }, + "GetQueueLimitAssociation":{ + "name":"GetQueueLimitAssociation", + "http":{ + "method":"GET", + "requestUri":"/2023-10-12/farms/{farmId}/queue-limit-associations/{queueId}/{limitId}", + "responseCode":200 + }, + "input":{"shape":"GetQueueLimitAssociationRequest"}, + "output":{"shape":"GetQueueLimitAssociationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Gets information about a specific association between a queue and a limit.

", + "endpoint":{"hostPrefix":"management."} + }, "GetSession":{ "name":"GetSession", "http":{ @@ -1275,6 +1394,25 @@ "documentation":"

Lists license endpoints.

", "endpoint":{"hostPrefix":"management."} }, + "ListLimits":{ + "name":"ListLimits", + "http":{ + "method":"GET", + "requestUri":"/2023-10-12/farms/{farmId}/limits", + "responseCode":200 + }, + "input":{"shape":"ListLimitsRequest"}, + "output":{"shape":"ListLimitsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Gets a list of limits defined in the specified farm.

", + "endpoint":{"hostPrefix":"management."} + }, "ListMeteredProducts":{ "name":"ListMeteredProducts", "http":{ @@ -1349,6 +1487,24 @@ "documentation":"

Lists queue-fleet associations.

", "endpoint":{"hostPrefix":"management."} }, + "ListQueueLimitAssociations":{ + "name":"ListQueueLimitAssociations", + "http":{ + "method":"GET", + "requestUri":"/2023-10-12/farms/{farmId}/queue-limit-associations", + "responseCode":200 + }, + "input":{"shape":"ListQueueLimitAssociationsRequest"}, + "output":{"shape":"ListQueueLimitAssociationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Gets a list of the associations between queues and limits defined in a farm.

", + "endpoint":{"hostPrefix":"management."} + }, "ListQueueMembers":{ "name":"ListQueueMembers", "http":{ @@ -1834,6 +1990,26 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "UpdateLimit":{ + "name":"UpdateLimit", + "http":{ + "method":"PATCH", + "requestUri":"/2023-10-12/farms/{farmId}/limits/{limitId}", + "responseCode":200 + }, + "input":{"shape":"UpdateLimitRequest"}, + "output":{"shape":"UpdateLimitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Updates the properties of the specified limit.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "UpdateMonitor":{ "name":"UpdateMonitor", "http":{ @@ -1913,6 +2089,26 @@ "endpoint":{"hostPrefix":"management."}, "idempotent":true }, + "UpdateQueueLimitAssociation":{ + "name":"UpdateQueueLimitAssociation", + "http":{ + "method":"PATCH", + "requestUri":"/2023-10-12/farms/{farmId}/queue-limit-associations/{queueId}/{limitId}", + "responseCode":200 + }, + "input":{"shape":"UpdateQueueLimitAssociationRequest"}, + "output":{"shape":"UpdateQueueLimitAssociationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Updates the status of the queue. If you set the status to one of the STOP_LIMIT_USAGE* values, there will be a delay before the status transitions to the STOPPED state.

", + "endpoint":{"hostPrefix":"management."}, + "idempotent":true + }, "UpdateSession":{ "name":"UpdateSession", "http":{ @@ -2046,14 +2242,14 @@ "members":{ "selections":{ "shape":"AcceleratorSelections", - "documentation":"

A list of objects that contain the GPU name of the accelerator and driver for the instance types that support the accelerator.

" + "documentation":"

A list of accelerator capabilities requested for this fleet. Only Amazon Elastic Compute Cloud instances that provide these capabilities will be used. For example, if you specify both L4 and T4 chips, Deadline Cloud will use Amazon EC2 instances that have either the L4 or the T4 chip installed.

" }, "count":{ "shape":"AcceleratorCountRange", - "documentation":"

The number of GPUs on each worker. The default is 1.

" + "documentation":"

The number of GPU accelerators specified for worker hosts in this fleet.

" } }, - "documentation":"

Provides information about the GPU accelerators and drivers for the instance types in a fleet. If you include the acceleratorCapabilities property in the ServiceManagedEc2InstanceCapabilities object, all of the Amazon EC2 instances will have at least one accelerator.

" + "documentation":"

Provides information about the GPU accelerators used for jobs processed by a fleet.

" }, "AcceleratorCountRange":{ "type":"structure", @@ -2061,14 +2257,14 @@ "members":{ "min":{ "shape":"MinZeroMaxInteger", - "documentation":"

The minimum number of GPUs for the accelerator. If you set the value to 0, a worker will still have 1 GPU.

" + "documentation":"

The minimum number of GPU accelerators in the worker host.

" }, "max":{ "shape":"MinZeroMaxInteger", - "documentation":"

The maximum number of GPUs for the accelerator.

" + "documentation":"

The maximum number of GPU accelerators in the worker host.

" } }, - "documentation":"

The range for the GPU fleet acceleration.

" + "documentation":"

Defines the maximum and minimum number of GPU accelerators required for a worker instance..

" }, "AcceleratorName":{ "type":"string", @@ -2090,14 +2286,14 @@ "members":{ "name":{ "shape":"AcceleratorName", - "documentation":"

The name of the GPU accelerator.

" + "documentation":"

The name of the chip used by the GPU accelerator.

If you specify l4 as the name of the accelerator, you must specify latest or grid:r570 as the runtime.

The available GPU accelerators are:

  • t4 - NVIDIA T4 Tensor Core GPU

  • a10g - NVIDIA A10G Tensor Core GPU

  • l4 - NVIDIA L4 Tensor Core GPU

  • l40s - NVIDIA L40S Tensor Core GPU

" }, "runtime":{ "shape":"AcceleratorRuntime", - "documentation":"

The driver version that the GPU accelerator uses.

" + "documentation":"

Specifies the runtime driver to use for the GPU accelerator. You must use the same runtime for all GPUs.

You can choose from the following runtimes:

  • latest - Use the latest runtime available for the chip. If you specify latest and a new version of the runtime is released, the new version of the runtime is used.

  • grid:r570 - NVIDIA vGPU software 18

  • grid:r535 - NVIDIA vGPU software 16

If you don't specify a runtime, Deadline Cloud uses latest as the default. However, if you have multiple accelerators and specify latest for some and leave others blank, Deadline Cloud raises an exception.

" } }, - "documentation":"

Values that you can use to select a particular Amazon EC2 instance type.

" + "documentation":"

Describes a specific GPU accelerator required for an Amazon Elastic Compute Cloud worker host.

" }, "AcceleratorSelections":{ "type":"list", @@ -2116,7 +2312,7 @@ "documentation":"

The maximum amount of memory to use for the accelerator, measured in MiB.

" } }, - "documentation":"

The range for memory, in MiB, to use for the accelerator.

" + "documentation":"

Defines the maximum and minimum amount of memory, in MiB, to use for the accelerator.

" }, "AcceleratorType":{ "type":"string", @@ -2147,6 +2343,28 @@ "type":"string", "sensitive":true }, + "AcquiredLimit":{ + "type":"structure", + "required":[ + "limitId", + "count" + ], + "members":{ + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit.

" + }, + "count":{ + "shape":"MinOneMaxInteger", + "documentation":"

The number of limit resources used.

" + } + }, + "documentation":"

Provides information about the number of resources used.

" + }, + "AcquiredLimits":{ + "type":"list", + "member":{"shape":"AcquiredLimit"} + }, "AggregationId":{ "type":"string", "pattern":"[0-9a-f]{32}" @@ -2163,6 +2381,11 @@ "min":1, "pattern":"([a-zA-Z][a-zA-Z0-9]{0,63}:)?amount(\\.[a-zA-Z][a-zA-Z0-9]{0,63})+" }, + "AmountRequirementName":{ + "type":"string", + "max":1024, + "min":0 + }, "AssignedEnvironmentEnterSessionActionDefinition":{ "type":"structure", "required":["environmentId"], @@ -2276,7 +2499,6 @@ "AssignedTaskRunSessionActionDefinition":{ "type":"structure", "required":[ - "taskId", "stepId", "parameters" ], @@ -3243,7 +3465,7 @@ }, "maxWorkerCount":{ "shape":"MinZeroMaxInteger", - "documentation":"

The maximum number of workers for the fleet.

" + "documentation":"

The maximum number of workers for the fleet.

Deadline Cloud limits the number of workers to less than or equal to the fleet's maximum worker count. The service maintains eventual consistency for the worker count. If you make multiple rapid calls to CreateWorker before the field updates, you might exceed your fleet's maximum worker count. For example, if your maxWorkerCount is 10 and you currently have 9 workers, making two quick CreateWorker calls might successfully create 2 workers instead of 1, resulting in 11 total workers.

" }, "configuration":{ "shape":"FleetConfiguration", @@ -3252,6 +3474,10 @@ "tags":{ "shape":"Tags", "documentation":"

Each tag consists of a tag key and a tag value. Tag keys and values are both required, but tag values can be empty strings.

" + }, + "hostConfiguration":{ + "shape":"HostConfiguration", + "documentation":"

Provides a script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet.

" } } }, @@ -3302,7 +3528,7 @@ }, "priority":{ "shape":"JobPriority", - "documentation":"

The priority of the job on a scale of 0 to 100. The highest priority (first scheduled) is 100. When two jobs have the same priority, the oldest job is scheduled first.

" + "documentation":"

The priority of the job. The highest priority (first scheduled) is 100. When two jobs have the same priority, the oldest job is scheduled first.

" }, "parameters":{ "shape":"JobParameters", @@ -3328,6 +3554,10 @@ "shape":"MaxRetriesPerTask", "documentation":"

The maximum number of retries for each task.

" }, + "maxWorkerCount":{ + "shape":"MaxWorkerCount", + "documentation":"

The maximum number of worker hosts that can concurrently process a job. When the maxWorkerCount is reached, no more workers will be assigned to process the job, even if the fleets assigned to the job's queue has available workers.

You can't set the maxWorkerCount to 0. If you set it to -1, there is no maximum number of workers.

If you don't specify the maxWorkerCount, Deadline Cloud won't throttle the number of workers used to process the job.

" + }, "sourceJobId":{ "shape":"JobId", "documentation":"

The job ID for the source job.

" @@ -3406,6 +3636,56 @@ } } }, + "CreateLimitRequest":{ + "type":"structure", + "required":[ + "displayName", + "amountRequirementName", + "maxCount", + "farmId" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

The unique token which the server uses to recognize retries of the same request.

", + "idempotencyToken":true, + "location":"header", + "locationName":"X-Amz-Client-Token" + }, + "displayName":{ + "shape":"ResourceName", + "documentation":"

The display name of the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" + }, + "amountRequirementName":{ + "shape":"AmountRequirementName", + "documentation":"

The value that you specify as the name in the amounts field of the hostRequirements in a step of a job template to declare the limit requirement.

" + }, + "maxCount":{ + "shape":"MaxCount", + "documentation":"

The maximum number of resources constrained by this limit. When all of the resources are in use, steps that require the limit won't be scheduled until the resource is available.

The maxCount must not be 0. If the value is -1, there is no restriction on the number of resources that can be acquired for this limit.

" + }, + "farmId":{ + "shape":"FarmId", + "documentation":"

The farm ID of the farm that contains the limit.

", + "location":"uri", + "locationName":"farmId" + }, + "description":{ + "shape":"Description", + "documentation":"

A description of the limit. A description helps you identify the purpose of the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" + } + } + }, + "CreateLimitResponse":{ + "type":"structure", + "required":["limitId"], + "members":{ + "limitId":{ + "shape":"LimitId", + "documentation":"

A unique identifier for the limit. Use this identifier in other operations, such as CreateQueueLimitAssociation and DeleteLimit.

" + } + } + }, "CreateMonitorRequest":{ "type":"structure", "required":[ @@ -3437,6 +3717,10 @@ "roleArn":{ "shape":"IamRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role that the monitor uses to connect to Deadline Cloud. Every user that signs in to the monitor using IAM Identity Center uses this role to access Deadline Cloud resources.

" + }, + "tags":{ + "shape":"Tags", + "documentation":"

The tags to add to your monitor. Each tag consists of a tag key and a tag value. Tag keys and values are both required, but tag values can be empty strings.

" } } }, @@ -3488,7 +3772,7 @@ }, "priority":{ "shape":"Priority", - "documentation":"

Sets the priority of the environments in the queue from 0 to 10,000, where 0 is the highest priority. If two environments share the same priority value, the environment created first takes higher priority.

" + "documentation":"

Sets the priority of the environments in the queue from 0 to 10,000, where 0 is the highest priority (activated first and deactivated last). If two environments share the same priority value, the environment created first takes higher priority.

" }, "templateType":{ "shape":"EnvironmentTemplateType", @@ -3539,6 +3823,35 @@ "members":{ } }, + "CreateQueueLimitAssociationRequest":{ + "type":"structure", + "required":[ + "farmId", + "queueId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the queue and limit to associate.

", + "location":"uri", + "locationName":"farmId" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue to associate with the limit.

" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit to associate with the queue.

" + } + } + }, + "CreateQueueLimitAssociationResponse":{ + "type":"structure", + "members":{ + } + }, "CreateQueueRequest":{ "type":"structure", "required":[ @@ -3681,6 +3994,10 @@ "idempotencyToken":true, "location":"header", "locationName":"X-Amz-Client-Token" + }, + "tags":{ + "shape":"Tags", + "documentation":"

Each tag consists of a tag key and a tag value. Tag keys and values are both required, but tag values can be empty strings.

" } } }, @@ -3729,6 +4046,10 @@ "storageProfileId":{ "shape":"StorageProfileId", "documentation":"

The storage profile ID.

" + }, + "tagPropagationMode":{ + "shape":"TagPropagationMode", + "documentation":"

Specifies whether tags associated with a fleet are attached to workers when the worker is launched.

When the tagPropagationMode is set to PROPAGATE_TAGS_TO_WORKERS_AT_LAUNCH any tag associated with a fleet is attached to workers when they launch. If the tags for a fleet change, the tags associated with running workers do not change.

If you don't specify tagPropagationMode, the default is NO_PROPAGATION.

" } }, "documentation":"

The details of a customer managed fleet configuration.

" @@ -3913,6 +4234,32 @@ "members":{ } }, + "DeleteLimitRequest":{ + "type":"structure", + "required":[ + "farmId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limit to delete.

", + "location":"uri", + "locationName":"farmId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit to delete.

", + "location":"uri", + "locationName":"limitId" + } + } + }, + "DeleteLimitResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteMeteredProductRequest":{ "type":"structure", "required":[ @@ -4022,6 +4369,39 @@ "members":{ } }, + "DeleteQueueLimitAssociationRequest":{ + "type":"structure", + "required":[ + "farmId", + "queueId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the queue and limit to disassociate.

", + "location":"uri", + "locationName":"farmId" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue to disassociate.

", + "location":"uri", + "locationName":"queueId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit to disassociate.

", + "location":"uri", + "locationName":"limitId" + } + } + }, + "DeleteQueueLimitAssociationResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteQueueRequest":{ "type":"structure", "required":[ @@ -4288,10 +4668,7 @@ "members":{ } }, - "DnsName":{ - "type":"string", - "pattern":"vpce-[\\w]+-[\\w]+.vpce-svc-[\\w]+.*.vpce.amazonaws.com" - }, + "DnsName":{"type":"string"}, "Document":{ "type":"structure", "members":{ @@ -4337,7 +4714,8 @@ "type":"string", "enum":[ "on-demand", - "spot" + "spot", + "wait-and-save" ] }, "EndedAt":{ @@ -4622,8 +5000,7 @@ "type":"string", "max":64, "min":1, - "pattern":"[0-9A-Za-z ]*", - "sensitive":true + "pattern":"[0-9A-Za-z ]*" }, "FileSystemLocationType":{ "type":"string", @@ -4790,7 +5167,8 @@ "CREATE_IN_PROGRESS", "UPDATE_IN_PROGRESS", "CREATE_FAILED", - "UPDATE_FAILED" + "UPDATE_FAILED", + "SUSPENDED" ] }, "FleetSummaries":{ @@ -4828,6 +5206,10 @@ "shape":"FleetStatus", "documentation":"

The status of the fleet.

" }, + "statusMessage":{ + "shape":"String", + "documentation":"

A message that communicates a suspended status of the fleet.

" + }, "autoScalingStatus":{ "shape":"AutoScalingStatus", "documentation":"

The Auto Scaling status of a fleet.

" @@ -5086,7 +5468,11 @@ }, "status":{ "shape":"FleetStatus", - "documentation":"

The Auto Scaling status of the fleet.

" + "documentation":"

The status of the fleet.

" + }, + "statusMessage":{ + "shape":"String", + "documentation":"

A message that communicates a suspended status of the fleet.

" }, "autoScalingStatus":{ "shape":"AutoScalingStatus", @@ -5112,6 +5498,10 @@ "shape":"FleetConfiguration", "documentation":"

The configuration setting for the fleet.

" }, + "hostConfiguration":{ + "shape":"HostConfiguration", + "documentation":"

The script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet.

" + }, "capabilities":{ "shape":"FleetCapabilities", "documentation":"

Outlines what the fleet is capable of for minimums, maximums, and naming, in addition to attribute names and values.

" @@ -5165,8 +5555,8 @@ "type":"structure", "required":[ "farmId", - "jobId", - "queueId" + "queueId", + "jobId" ], "members":{ "farmId":{ @@ -5175,17 +5565,17 @@ "location":"uri", "locationName":"farmId" }, - "jobId":{ - "shape":"JobId", - "documentation":"

The job ID.

", - "location":"uri", - "locationName":"jobId" - }, "queueId":{ "shape":"QueueId", "documentation":"

The queue ID associated with the job.

", "location":"uri", "locationName":"queueId" + }, + "jobId":{ + "shape":"JobId", + "documentation":"

The job ID.

", + "location":"uri", + "locationName":"jobId" } } }, @@ -5257,6 +5647,10 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the job failed and were retried.

" + }, "storageProfileId":{ "shape":"StorageProfileId", "documentation":"

The storage profile ID associated with the job.

" @@ -5281,6 +5675,10 @@ "shape":"JobDescription", "documentation":"

The description of the job.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" }, + "maxWorkerCount":{ + "shape":"MaxWorkerCount", + "documentation":"

The maximum number of worker hosts that can concurrently process a job. When the maxWorkerCount is reached, no more workers will be assigned to process the job, even if the fleets assigned to the job's queue has available workers.

If you don't set the maxWorkerCount when you create a job, this value is not returned in the response.

" + }, "sourceJobId":{ "shape":"JobId", "documentation":"

The job ID for the source job.

" @@ -5349,6 +5747,86 @@ "max":10, "min":1 }, + "GetLimitRequest":{ + "type":"structure", + "required":[ + "farmId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limit.

", + "location":"uri", + "locationName":"farmId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit to return.

", + "location":"uri", + "locationName":"limitId" + } + } + }, + "GetLimitResponse":{ + "type":"structure", + "required":[ + "displayName", + "amountRequirementName", + "maxCount", + "createdAt", + "createdBy", + "farmId", + "limitId", + "currentCount" + ], + "members":{ + "displayName":{ + "shape":"ResourceName", + "documentation":"

The display name of the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" + }, + "amountRequirementName":{ + "shape":"AmountRequirementName", + "documentation":"

The value that you specify as the name in the amounts field of the hostRequirements in a step of a job template to declare the limit requirement.

" + }, + "maxCount":{ + "shape":"MaxCount", + "documentation":"

The maximum number of resources constrained by this limit. When all of the resources are in use, steps that require the limit won't be scheduled until the resource is available.

The maxValue must not be 0. If the value is -1, there is no restriction on the number of resources that can be acquired for this limit.

" + }, + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The Unix timestamp of the date and time that the limit was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user identifier of the person that created the limit.

" + }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The Unix timestamp of the date and time that the limit was last updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user identifier of the person that last updated the limit.

" + }, + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limit.

" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit.

" + }, + "currentCount":{ + "shape":"MinZeroMaxInteger", + "documentation":"

The number of resources from the limit that are being used by jobs. The result is delayed and may not be the count at the time that you called the operation.

" + }, + "description":{ + "shape":"Description", + "documentation":"

The description of the limit that helps identify what the limit is used for.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" + } + } + }, "GetMonitorRequest":{ "type":"structure", "required":["monitorId"], @@ -5567,6 +6045,74 @@ } } }, + "GetQueueLimitAssociationRequest":{ + "type":"structure", + "required":[ + "farmId", + "queueId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the associated queue and limit.

", + "location":"uri", + "locationName":"farmId" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue associated with the limit.

", + "location":"uri", + "locationName":"queueId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit associated with the queue.

", + "location":"uri", + "locationName":"limitId" + } + } + }, + "GetQueueLimitAssociationResponse":{ + "type":"structure", + "required":[ + "createdAt", + "createdBy", + "queueId", + "limitId", + "status" + ], + "members":{ + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The Unix timestamp of the date and time that the association was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user identifier of the person that created the association.

" + }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The Unix timestamp of the date and time that the association was last updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user identifier of the person that last updated the association.

" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue associated with the limit.

" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit associated with the queue.

" + }, + "status":{ + "shape":"QueueLimitAssociationStatus", + "documentation":"

The current status of the limit.

" + } + } + }, "GetQueueRequest":{ "type":"structure", "required":[ @@ -5740,7 +6286,7 @@ }, "processExitCode":{ "shape":"ProcessExitCode", - "documentation":"

The exit code to exit the session.

" + "documentation":"

The process exit code. The default Deadline Cloud worker agent converts unsigned 32-bit exit codes to signed 32-bit exit codes.

" }, "progressMessage":{ "shape":"SessionActionProgressMessage", @@ -5749,6 +6295,14 @@ "definition":{ "shape":"SessionActionDefinition", "documentation":"

The session action definition.

" + }, + "acquiredLimits":{ + "shape":"AcquiredLimits", + "documentation":"

The limits and their amounts acquired during a session action. If no limits were acquired during the session, this field isn't returned.

" + }, + "manifests":{ + "shape":"TaskRunManifestPropertiesListResponse", + "documentation":"

The list of manifest properties that describe file attachments for the task run.

" } } }, @@ -5974,6 +6528,10 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the step failed and were retried.

" + }, "targetTaskRunStatus":{ "shape":"StepTargetTaskRunStatus", "documentation":"

The task status with which the job started.

" @@ -6271,18 +6829,14 @@ "GetWorkerResponse":{ "type":"structure", "required":[ - "workerId", "farmId", "fleetId", + "workerId", "status", "createdAt", "createdBy" ], "members":{ - "workerId":{ - "shape":"WorkerId", - "documentation":"

The worker ID.

" - }, "farmId":{ "shape":"FarmId", "documentation":"

The farm ID.

" @@ -6291,6 +6845,10 @@ "shape":"FleetId", "documentation":"

The fleet ID.

" }, + "workerId":{ + "shape":"WorkerId", + "documentation":"

The worker ID.

" + }, "hostProperties":{ "shape":"HostPropertiesResponse", "documentation":"

The host properties for the worker.

" @@ -6321,6 +6879,33 @@ } } }, + "HostConfiguration":{ + "type":"structure", + "required":["scriptBody"], + "members":{ + "scriptBody":{ + "shape":"HostConfigurationScript", + "documentation":"

The text of the script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet. The script runs after a worker enters the STARTING state and before the worker processes tasks.

For more information about using the script, see Run scripts as an administrator to configure workers in the Deadline Cloud Developer Guide.

The script runs as an administrative user (sudo root on Linux, as an Administrator on Windows).

" + }, + "scriptTimeoutSeconds":{ + "shape":"HostConfigurationScriptTimeoutSeconds", + "documentation":"

The maximum time that the host configuration can run. If the timeout expires, the worker enters the NOT RESPONDING state and shuts down. You are charged for the time that the worker is running the host configuration script.

You should configure your fleet for a maximum of one worker while testing your host configuration script to avoid starting additional workers.

The default is 300 seconds (5 minutes).

" + } + }, + "documentation":"

Provides a script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet.

To remove a script from a fleet, use the UpdateFleet operation with the hostConfiguration scriptBody parameter set to an empty string (\"\").

" + }, + "HostConfigurationScript":{ + "type":"string", + "max":15000, + "min":0, + "sensitive":true + }, + "HostConfigurationScriptTimeoutSeconds":{ + "type":"integer", + "box":true, + "max":3600, + "min":300 + }, "HostName":{ "type":"string", "pattern":"[a-zA-Z0-9_\\.\\-]{0,255}" @@ -6778,10 +7363,15 @@ }, "JobParameters":{ "type":"map", - "key":{"shape":"String"}, + "key":{"shape":"JobParametersKeyString"}, "value":{"shape":"JobParameter"}, "sensitive":true }, + "JobParametersKeyString":{ + "type":"string", + "max":1024, + "min":1 + }, "JobPriority":{ "type":"integer", "box":true, @@ -6846,6 +7436,10 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the job failed and were retried.

" + }, "priority":{ "shape":"JobPriority", "documentation":"

The job priority.

" @@ -6874,10 +7468,22 @@ "shape":"StartedAt", "documentation":"

The date and time the resource started running.

" }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The date and time the resource was updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user or system that updated this resource.

" + }, "jobParameters":{ "shape":"JobParameters", "documentation":"

The job parameters.

" }, + "maxWorkerCount":{ + "shape":"MaxWorkerCount", + "documentation":"

The maximum number of worker hosts that can concurrently process a job. When the maxWorkerCount is reached, no more workers will be assigned to process the job, even if the fleets assigned to the job's queue has available workers.

You can't set the maxWorkerCount to 0. If you set it to -1, there is no maximum number of workers.

If you don't specify the maxWorkerCount, the default is -1.

" + }, "sourceJobId":{ "shape":"JobId", "documentation":"

The job ID for the source job.

" @@ -6957,6 +7563,10 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the job failed and were retried.

" + }, "maxFailedTasksCount":{ "shape":"MaxFailedTasksCount", "documentation":"

The number of task failures before the job stops running and is marked as FAILED.

" @@ -6965,6 +7575,10 @@ "shape":"MaxRetriesPerTask", "documentation":"

The maximum number of retries for a job.

" }, + "maxWorkerCount":{ + "shape":"MaxWorkerCount", + "documentation":"

The maximum number of worker hosts that can concurrently process a job. When the maxWorkerCount is reached, no more workers will be assigned to process the job, even if the fleets assigned to the job's queue has available workers.

You can't set the maxWorkerCount to 0. If you set it to -1, there is no maximum number of workers.

If you don't specify the maxWorkerCount, the default is -1.

" + }, "sourceJobId":{ "shape":"JobId", "documentation":"

The job ID for the source job.

" @@ -6985,7 +7599,7 @@ }, "JobTemplate":{ "type":"string", - "max":300000, + "max":1000000, "min":1, "sensitive":true }, @@ -7040,6 +7654,70 @@ "documentation":"

The details for a license endpoint.

" }, "LicenseProduct":{"type":"string"}, + "LimitId":{ + "type":"string", + "pattern":"limit-[0-9a-f]{32}" + }, + "LimitSummaries":{ + "type":"list", + "member":{"shape":"LimitSummary"} + }, + "LimitSummary":{ + "type":"structure", + "required":[ + "displayName", + "amountRequirementName", + "maxCount", + "createdAt", + "createdBy", + "farmId", + "limitId", + "currentCount" + ], + "members":{ + "displayName":{ + "shape":"ResourceName", + "documentation":"

The name of the limit used in lists to identify the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" + }, + "amountRequirementName":{ + "shape":"AmountRequirementName", + "documentation":"

The value that you specify as the name in the amounts field of the hostRequirements in a step of a job template to declare the limit requirement.

" + }, + "maxCount":{ + "shape":"MaxCount", + "documentation":"

The maximum number of resources constrained by this limit. When all of the resources are in use, steps that require the limit won't be scheduled until the resource is available.

The maxValue must not be 0. If the value is -1, there is no restriction on the number of resources that can be acquired for this limit.

" + }, + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The Unix timestamp of the date and time that the limit was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user identifier of the person that created the limit.

" + }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The Unix timestamp of the date and time that the limit was last updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user identifier of the person that last updated the limit.

" + }, + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limit.

" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit.

" + }, + "currentCount":{ + "shape":"MinZeroMaxInteger", + "documentation":"

The number of resources from the limit that are being used by jobs. The result is delayed and may not be the count at the time that you called the operation.

" + } + }, + "documentation":"

Provides information about a specific limit.

" + }, "ListAttributeCapabilityValue":{ "type":"list", "member":{"shape":"AttributeCapabilityValue"} @@ -7489,6 +8167,44 @@ } } }, + "ListLimitsRequest":{ + "type":"structure", + "required":["farmId"], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limits.

", + "location":"uri", + "locationName":"farmId" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The token for the next set of results, or null to start from the beginning.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of limits to return in each page of results.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListLimitsResponse":{ + "type":"structure", + "required":["limits"], + "members":{ + "limits":{ + "shape":"LimitSummaries", + "documentation":"

A list of limits that the farm contains.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

If Deadline Cloud returns nextToken, then there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, then nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, then you receive an HTTP 400 ValidationException error.

" + } + } + }, "ListMeteredProductsRequest":{ "type":"structure", "required":["licenseEndpointId"], @@ -7655,6 +8371,56 @@ } } }, + "ListQueueLimitAssociationsRequest":{ + "type":"structure", + "required":["farmId"], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limits and associations.

", + "location":"uri", + "locationName":"farmId" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

Specifies that the operation should return only the queue limit associations for the specified queue. If you specify both the queueId and the limitId, only the specified limit is returned if it exists.

", + "location":"querystring", + "locationName":"queueId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

Specifies that the operation should return only the queue limit associations for the specified limit. If you specify both the queueId and the limitId, only the specified limit is returned if it exists.

", + "location":"querystring", + "locationName":"limitId" + }, + "nextToken":{ + "shape":"String", + "documentation":"

The token for the next set of results, or null to start from the beginning.

", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of associations to return in each page of results.

", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListQueueLimitAssociationsResponse":{ + "type":"structure", + "required":["queueLimitAssociations"], + "members":{ + "queueLimitAssociations":{ + "shape":"QueueLimitAssociationSummaries", + "documentation":"

A list of associations between limits and queues in the farm specified in the request.

" + }, + "nextToken":{ + "shape":"String", + "documentation":"

If Deadline Cloud returns nextToken, then there are more results available. The value of nextToken is a unique pagination token for each page. To retrieve the next page, call the operation again using the returned token. Keep all other arguments unchanged. If no results remain, then nextToken is set to null. Each pagination token expires after 24 hours. If you provide a token that isn't valid, then you receive an HTTP 400 ValidationException error.

" + } + } + }, "ListQueueMembersRequest":{ "type":"structure", "required":[ @@ -8411,7 +9177,7 @@ }, "inputManifestHash":{ "shape":"ManifestPropertiesInputManifestHashString", - "documentation":"

The has value of the file.

" + "documentation":"

The hash value of the file.

" } }, "documentation":"

The details of the manifest that links a job's source information.

", @@ -8438,6 +9204,12 @@ "max":1024, "min":1 }, + "MaxCount":{ + "type":"integer", + "box":true, + "max":2147483647, + "min":-1 + }, "MaxFailedTasksCount":{ "type":"integer", "box":true, @@ -8456,6 +9228,12 @@ "max":2147483647, "min":0 }, + "MaxWorkerCount":{ + "type":"integer", + "box":true, + "max":2147483647, + "min":-1 + }, "MembershipLevel":{ "type":"string", "enum":[ @@ -8522,6 +9300,12 @@ "type":"list", "member":{"shape":"MeteredProductSummary"} }, + "MinOneMaxInteger":{ + "type":"integer", + "box":true, + "max":2147483647, + "min":1 + }, "MinOneMaxTenThousand":{ "type":"integer", "box":true, @@ -8912,6 +9696,60 @@ "type":"string", "pattern":"queue-[0-9a-f]{32}" }, + "QueueLimitAssociationStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "STOP_LIMIT_USAGE_AND_COMPLETE_TASKS", + "STOP_LIMIT_USAGE_AND_CANCEL_TASKS", + "STOPPED" + ] + }, + "QueueLimitAssociationSummaries":{ + "type":"list", + "member":{"shape":"QueueLimitAssociationSummary"} + }, + "QueueLimitAssociationSummary":{ + "type":"structure", + "required":[ + "createdAt", + "createdBy", + "queueId", + "limitId", + "status" + ], + "members":{ + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The Unix timestamp of the date and time that the association was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user identifier of the person that created the association.

" + }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The Unix timestamp of the date and time that the association was last updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user identifier of the person that updated the association.

" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue in the association.

" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit in the association.

" + }, + "status":{ + "shape":"QueueLimitAssociationStatus", + "documentation":"

The status of task scheduling in the queue-limit association.

  • ACTIVE - Association is active.

  • STOP_LIMIT_USAGE_AND_COMPLETE_TASKS - Association has stopped scheduling new tasks and is completing current tasks.

  • STOP_LIMIT_USAGE_AND_CANCEL_TASKS - Association has stopped scheduling new tasks and is canceling current tasks.

  • STOPPED - Association has been stopped.

" + } + }, + "documentation":"

Provides information about the association between a queue and a limit.

" + }, "QueueMember":{ "type":"structure", "required":[ @@ -9451,10 +10289,21 @@ "searchTerm":{ "shape":"SearchTerm", "documentation":"

The term to search for.

" + }, + "matchType":{ + "shape":"SearchTermMatchingType", + "documentation":"

Specifies how Deadline Cloud matches your search term in the results. If you don't specify a matchType the default is FUZZY_MATCH.

  • FUZZY_MATCH - Matches if a portion of the search term is found in the result.

  • CONTAINS - Matches if the exact search term is contained in the result.

" } }, "documentation":"

Searches for a particular search term.

" }, + "SearchTermMatchingType":{ + "type":"string", + "enum":[ + "FUZZY_MATCH", + "CONTAINS" + ] + }, "SearchWorkersRequest":{ "type":"structure", "required":[ @@ -9552,6 +10401,14 @@ "instanceMarketOptions":{ "shape":"ServiceManagedEc2InstanceMarketOptions", "documentation":"

The Amazon EC2 market type.

" + }, + "vpcConfiguration":{ + "shape":"VpcConfiguration", + "documentation":"

The VPC configuration details for a service managed Amazon EC2 fleet.

" + }, + "storageProfileId":{ + "shape":"StorageProfileId", + "documentation":"

The storage profile ID.

" } }, "documentation":"

The configuration details for a service managed Amazon EC2 fleet.

" @@ -9587,7 +10444,7 @@ }, "acceleratorCapabilities":{ "shape":"AcceleratorCapabilities", - "documentation":"

The GPU accelerator capabilities required for the Amazon EC2 instances. If you include the acceleratorCapabilities property in the ServiceManagedEc2InstanceCapabilities object, all of the Amazon EC2 instances will have at least one accelerator.

" + "documentation":"

Describes the GPU accelerator capabilities required for worker host instances in this fleet.

" }, "allowedInstanceTypes":{ "shape":"InstanceTypes", @@ -9673,7 +10530,8 @@ "type":"string", "enum":[ "SERVICE_QUOTA_EXCEEDED_EXCEPTION", - "KMS_KEY_LIMIT_EXCEEDED" + "KMS_KEY_LIMIT_EXCEEDED", + "DEPENDENCY_LIMIT_EXCEEDED" ] }, "SessionActionDefinition":{ @@ -9799,6 +10657,10 @@ "definition":{ "shape":"SessionActionDefinitionSummary", "documentation":"

The session action definition.

" + }, + "manifests":{ + "shape":"TaskRunManifestPropertiesListResponse", + "documentation":"

The list of manifest properties that describe file attachments for the task run.

" } }, "documentation":"

The details of a session action.

" @@ -10314,7 +11176,8 @@ "INT", "FLOAT", "STRING", - "PATH" + "PATH", + "CHUNK_INT" ] }, "StepRequiredCapabilities":{ @@ -10378,10 +11241,18 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the step failed and were retried.

" + }, "createdAt":{ "shape":"CreatedAt", "documentation":"

The date and time the resource was created.

" }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user or system that created this resource.

" + }, "startedAt":{ "shape":"StartedAt", "documentation":"

The date and time the resource started running.

" @@ -10390,6 +11261,14 @@ "shape":"EndedAt", "documentation":"

The date and time the resource ended running.

" }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The date and time the resource was updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user or system that updated this resource.

" + }, "parameterSpace":{ "shape":"ParameterSpace", "documentation":"

The parameters and combination expressions for the search.

" @@ -10437,6 +11316,10 @@ "shape":"TaskRunStatusCounts", "documentation":"

The number of tasks running on the job.

" }, + "taskFailureRetryCount":{ + "shape":"TaskFailureRetryCount", + "documentation":"

The total number of times tasks from the step failed and were retried.

" + }, "targetTaskRunStatus":{ "shape":"StepTargetTaskRunStatus", "documentation":"

The task status to start with on the job.

" @@ -10589,6 +11472,13 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "TagPropagationMode":{ + "type":"string", + "enum":[ + "NO_PROPAGATION", + "PROPAGATE_TAGS_TO_WORKERS_AT_LAUNCH" + ] + }, "TagResourceRequest":{ "type":"structure", "required":["resourceArn"], @@ -10615,6 +11505,12 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "TaskFailureRetryCount":{ + "type":"integer", + "box":true, + "max":2147483647, + "min":0 + }, "TaskId":{ "type":"string", "pattern":"task-[0-9a-f]{32}-(0|([1-9][0-9]{0,9}))" @@ -10637,6 +11533,10 @@ "path":{ "shape":"PathString", "documentation":"

A file system path represented as a string.

" + }, + "chunkInt":{ + "shape":"String", + "documentation":"

A range (for example 1-10) or selection of specific (for example 1,3,7,8,10) integers represented as a string.

" } }, "documentation":"

The data types for the task parameters.

", @@ -10655,10 +11555,57 @@ "max":2147483647, "min":0 }, + "TaskRunManifestPropertiesListRequest":{ + "type":"list", + "member":{"shape":"TaskRunManifestPropertiesRequest"}, + "max":10, + "min":0 + }, + "TaskRunManifestPropertiesListResponse":{ + "type":"list", + "member":{"shape":"TaskRunManifestPropertiesResponse"} + }, + "TaskRunManifestPropertiesRequest":{ + "type":"structure", + "members":{ + "outputManifestPath":{ + "shape":"TaskRunManifestPropertiesRequestOutputManifestPathString", + "documentation":"

The manifest file path.

" + }, + "outputManifestHash":{ + "shape":"TaskRunManifestPropertiesRequestOutputManifestHashString", + "documentation":"

The hash value of the file.

" + } + }, + "documentation":"

The output manifest properties reported by the worker agent for a completed task run.

" + }, + "TaskRunManifestPropertiesRequestOutputManifestHashString":{ + "type":"string", + "max":256, + "min":1 + }, + "TaskRunManifestPropertiesRequestOutputManifestPathString":{ + "type":"string", + "max":512, + "min":1 + }, + "TaskRunManifestPropertiesResponse":{ + "type":"structure", + "members":{ + "outputManifestPath":{ + "shape":"String", + "documentation":"

The manifest file path.

" + }, + "outputManifestHash":{ + "shape":"String", + "documentation":"

The hash value of the file.

" + } + }, + "documentation":"

The manifest properties for a task run, corresponding to the manifest properties in the job.

" + }, "TaskRunSessionActionDefinition":{ "type":"structure", "required":[ - "taskId", "stepId", "parameters" ], @@ -10680,10 +11627,7 @@ }, "TaskRunSessionActionDefinitionSummary":{ "type":"structure", - "required":[ - "taskId", - "stepId" - ], + "required":["stepId"], "members":{ "taskId":{ "shape":"TaskId", @@ -10692,6 +11636,10 @@ "stepId":{ "shape":"StepId", "documentation":"

The step ID.

" + }, + "parameters":{ + "shape":"TaskParameters", + "documentation":"

The parameters of a task run in a session action.

" } }, "documentation":"

The details of a task run in a session action.

" @@ -10764,6 +11712,14 @@ "endedAt":{ "shape":"EndedAt", "documentation":"

The date and time the resource ended running.

" + }, + "updatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The date and time the resource was updated.

" + }, + "updatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user or system that updated this resource.

" } }, "documentation":"

The details of a task search.

" @@ -11053,11 +12009,15 @@ }, "maxWorkerCount":{ "shape":"MinZeroMaxInteger", - "documentation":"

The maximum number of workers in the fleet.

" + "documentation":"

The maximum number of workers in the fleet.

Deadline Cloud limits the number of workers to less than or equal to the fleet's maximum worker count. The service maintains eventual consistency for the worker count. If you make multiple rapid calls to CreateWorker before the field updates, you might exceed your fleet's maximum worker count. For example, if your maxWorkerCount is 10 and you currently have 9 workers, making two quick CreateWorker calls might successfully create 2 workers instead of 1, resulting in 11 total workers.

" }, "configuration":{ "shape":"FleetConfiguration", "documentation":"

The fleet configuration to update.

" + }, + "hostConfiguration":{ + "shape":"HostConfiguration", + "documentation":"

Provides a script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet.

" } } }, @@ -11085,6 +12045,30 @@ "location":"header", "locationName":"X-Amz-Client-Token" }, + "targetTaskRunStatus":{ + "shape":"JobTargetTaskRunStatus", + "documentation":"

The task status to update the job's tasks to.

" + }, + "priority":{ + "shape":"JobPriority", + "documentation":"

The job priority to update.

" + }, + "maxFailedTasksCount":{ + "shape":"MaxFailedTasksCount", + "documentation":"

The number of task failures before the job stops running and is marked as FAILED.

" + }, + "maxRetriesPerTask":{ + "shape":"MaxRetriesPerTask", + "documentation":"

The maximum number of retries for a job.

" + }, + "lifecycleStatus":{ + "shape":"UpdateJobLifecycleStatus", + "documentation":"

The status of a job in its lifecycle. When you change the status of the job to ARCHIVED, the job can't be scheduled or archived.

An archived jobs and its steps and tasks are deleted after 120 days. The job can't be recovered.

" + }, + "maxWorkerCount":{ + "shape":"MaxWorkerCount", + "documentation":"

The maximum number of worker hosts that can concurrently process a job. When the maxWorkerCount is reached, no more workers will be assigned to process the job, even if the fleets assigned to the job's queue has available workers.

You can't set the maxWorkerCount to 0. If you set it to -1, there is no maximum number of workers.

If you don't specify the maxWorkerCount, the default is -1.

The maximum number of workers that can process tasks in the job.

" + }, "farmId":{ "shape":"FarmId", "documentation":"

The farm ID of the job to update.

", @@ -11102,30 +12086,48 @@ "documentation":"

The job ID to update.

", "location":"uri", "locationName":"jobId" + } + } + }, + "UpdateJobResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateLimitRequest":{ + "type":"structure", + "required":[ + "farmId", + "limitId" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the limit.

", + "location":"uri", + "locationName":"farmId" }, - "targetTaskRunStatus":{ - "shape":"JobTargetTaskRunStatus", - "documentation":"

The task status to update the job's tasks to.

" - }, - "priority":{ - "shape":"JobPriority", - "documentation":"

The job priority to update.

" + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit to update.

", + "location":"uri", + "locationName":"limitId" }, - "maxFailedTasksCount":{ - "shape":"MaxFailedTasksCount", - "documentation":"

The number of task failures before the job stops running and is marked as FAILED.

" + "displayName":{ + "shape":"ResourceName", + "documentation":"

The new display name of the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" }, - "maxRetriesPerTask":{ - "shape":"MaxRetriesPerTask", - "documentation":"

The maximum number of retries for a job.

" + "description":{ + "shape":"Description", + "documentation":"

The new description of the limit.

This field can store any content. Escape or encode this content before displaying it on a webpage or any other system that might interpret the content of this field.

" }, - "lifecycleStatus":{ - "shape":"UpdateJobLifecycleStatus", - "documentation":"

The status of a job in its lifecycle. When you change the status of the job to ARCHIVED, the job can't be scheduled or archived.

An archived jobs and its steps and tasks are deleted after 120 days. The job can't be recovered.

" + "maxCount":{ + "shape":"MaxCount", + "documentation":"

The maximum number of resources constrained by this limit. When all of the resources are in use, steps that require the limit won't be scheduled until the resource is available.

If more than the new maximum number is currently in use, running jobs finish but no new jobs are started until the number of resources in use is below the new maximum number.

The maxCount must not be 0. If the value is -1, there is no restriction on the number of resources that can be acquired for this limit.

" } } }, - "UpdateJobResponse":{ + "UpdateLimitResponse":{ "type":"structure", "members":{ } @@ -11257,6 +12259,52 @@ "STOP_SCHEDULING_AND_CANCEL_TASKS" ] }, + "UpdateQueueLimitAssociationRequest":{ + "type":"structure", + "required":[ + "farmId", + "queueId", + "limitId", + "status" + ], + "members":{ + "farmId":{ + "shape":"FarmId", + "documentation":"

The unique identifier of the farm that contains the associated queues and limits.

", + "location":"uri", + "locationName":"farmId" + }, + "queueId":{ + "shape":"QueueId", + "documentation":"

The unique identifier of the queue associated to the limit.

", + "location":"uri", + "locationName":"queueId" + }, + "limitId":{ + "shape":"LimitId", + "documentation":"

The unique identifier of the limit associated to the queue.

", + "location":"uri", + "locationName":"limitId" + }, + "status":{ + "shape":"UpdateQueueLimitAssociationStatus", + "documentation":"

Sets the status of the limit. You can mark the limit active, or you can stop usage of the limit and either complete existing tasks or cancel any existing tasks immediately.

" + } + } + }, + "UpdateQueueLimitAssociationResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateQueueLimitAssociationStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "STOP_LIMIT_USAGE_AND_COMPLETE_TASKS", + "STOP_LIMIT_USAGE_AND_CANCEL_TASKS" + ] + }, "UpdateQueueRequest":{ "type":"structure", "required":[ @@ -11333,11 +12381,11 @@ "UpdateSessionRequest":{ "type":"structure", "required":[ + "targetLifecycleStatus", "farmId", "queueId", "jobId", - "sessionId", - "targetLifecycleStatus" + "sessionId" ], "members":{ "clientToken":{ @@ -11347,6 +12395,10 @@ "location":"header", "locationName":"X-Amz-Client-Token" }, + "targetLifecycleStatus":{ + "shape":"SessionLifecycleTargetStatus", + "documentation":"

The life cycle status to update in the session.

" + }, "farmId":{ "shape":"FarmId", "documentation":"

The farm ID to update in the session.

", @@ -11370,10 +12422,6 @@ "documentation":"

The session ID to update.

", "location":"uri", "locationName":"sessionId" - }, - "targetLifecycleStatus":{ - "shape":"SessionLifecycleTargetStatus", - "documentation":"

The life cycle status to update in the session.

" } } }, @@ -11385,13 +12433,17 @@ "UpdateStepRequest":{ "type":"structure", "required":[ + "targetTaskRunStatus", "farmId", "queueId", "jobId", - "stepId", - "targetTaskRunStatus" + "stepId" ], "members":{ + "targetTaskRunStatus":{ + "shape":"StepTargetTaskRunStatus", + "documentation":"

The task status to update the step's tasks to.

" + }, "clientToken":{ "shape":"ClientToken", "documentation":"

The unique token which the server uses to recognize retries of the same request.

", @@ -11422,10 +12474,6 @@ "documentation":"

The step ID to update.

", "location":"uri", "locationName":"stepId" - }, - "targetTaskRunStatus":{ - "shape":"StepTargetTaskRunStatus", - "documentation":"

The task status to update the step's tasks to.

" } } }, @@ -11486,12 +12534,12 @@ "UpdateTaskRequest":{ "type":"structure", "required":[ + "targetRunStatus", "farmId", "queueId", "jobId", "stepId", - "taskId", - "targetRunStatus" + "taskId" ], "members":{ "clientToken":{ @@ -11501,6 +12549,10 @@ "location":"header", "locationName":"X-Amz-Client-Token" }, + "targetRunStatus":{ + "shape":"TaskTargetRunStatus", + "documentation":"

The run status with which to start the task.

" + }, "farmId":{ "shape":"FarmId", "documentation":"

The farm ID to update.

", @@ -11530,10 +12582,6 @@ "documentation":"

The task ID to update.

", "location":"uri", "locationName":"taskId" - }, - "targetRunStatus":{ - "shape":"TaskTargetRunStatus", - "documentation":"

The run status with which to start the task.

" } } }, @@ -11588,6 +12636,10 @@ "log":{ "shape":"LogConfiguration", "documentation":"

The worker log to update.

" + }, + "hostConfiguration":{ + "shape":"HostConfiguration", + "documentation":"

The script that runs as a worker is starting up that you can use to provide additional configuration for workers in your fleet.

" } } }, @@ -11668,7 +12720,7 @@ }, "processExitCode":{ "shape":"ProcessExitCode", - "documentation":"

The process exit code.

" + "documentation":"

The process exit code. The default Deadline Cloud worker agent converts unsigned 32-bit exit codes to signed 32-bit exit codes.

" }, "progressMessage":{ "shape":"SessionActionProgressMessage", @@ -11689,6 +12741,10 @@ "progressPercent":{ "shape":"SessionActionProgressPercent", "documentation":"

The percentage completed.

" + }, + "manifests":{ + "shape":"TaskRunManifestPropertiesListRequest", + "documentation":"

A list of output manifest properties reported by the worker agent, with each entry corresponding to a manifest property in the job.

" } }, "documentation":"

The updated session action information as it relates to completion and progress of the session.

" @@ -11844,12 +12900,31 @@ "OTHER" ] }, + "VpcConfiguration":{ + "type":"structure", + "members":{ + "resourceConfigurationArns":{ + "shape":"VpcResourceConfigurationArns", + "documentation":"

The ARNs of the VPC Lattice resource configurations attached to the fleet.

" + } + }, + "documentation":"

The configuration options for a service managed fleet's VPC.

" + }, "VpcId":{ "type":"string", "max":32, "min":1, "pattern":"vpc-[\\w]{1,120}" }, + "VpcResourceConfigurationArn":{ + "type":"string", + "max":2048, + "min":1 + }, + "VpcResourceConfigurationArns":{ + "type":"list", + "member":{"shape":"VpcResourceConfigurationArn"} + }, "WindowsUser":{ "type":"structure", "required":[ diff -pruN 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/waiters-2.json 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/waiters-2.json --- 2.23.6-1/awscli/botocore/data/deadline/2023-10-12/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/deadline/2023-10-12/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -105,6 +105,18 @@ "expected" : "STOPPED" } ] }, + "QueueLimitAssociationStopped" : { + "description" : "Wait until a QueueLimitAssociation is stopped. Use this after setting the status to STOP_LIMIT_USAGE_AND_COMPLETE_TASKS or STOP_LIMIT_USAGE_AND_CANCEL_TASKS to wait for a QueueLimitAssociation to reach STOPPED", + "delay" : 10, + "maxAttempts" : 60, + "operation" : "GetQueueLimitAssociation", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "STOPPED" + } ] + }, "QueueScheduling" : { "delay" : 10, "maxAttempts" : 70, diff -pruN 2.23.6-1/awscli/botocore/data/detective/2018-10-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/detective/2018-10-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/detective/2018-10-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/detective/2018-10-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,152 +57,201 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://detective.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://api.detective-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://detective-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://detective.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -210,105 +259,258 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://detective-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.detective-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://api.detective-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.detective-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.detective.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://api.detective.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://api.detective.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://api.detective.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/detective/2018-10-26/service-2.json 2.31.35-1/awscli/botocore/data/detective/2018-10-26/service-2.json --- 2.23.6-1/awscli/botocore/data/detective/2018-10-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/detective/2018-10-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1941,8 +1941,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2033,8 +2032,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatasourcePackagesRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/devicefarm/2015-06-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/devicefarm/2015-06-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/devicefarm/2015-06-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/devicefarm/2015-06-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/devicefarm/2015-06-23/service-2.json 2.31.35-1/awscli/botocore/data/devicefarm/2015-06-23/service-2.json --- 2.23.6-1/awscli/botocore/data/devicefarm/2015-06-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/devicefarm/2015-06-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1383,6 +1383,12 @@ "type":"list", "member":{"shape":"Artifact"} }, + "AuxiliaryAppArnList":{ + "type":"list", + "member":{"shape":"AmazonResourceName"}, + "max":3, + "min":0 + }, "BillingMethod":{ "type":"string", "enum":[ @@ -1635,6 +1641,10 @@ "CreateRemoteAccessSessionConfiguration":{ "type":"structure", "members":{ + "auxiliaryApps":{ + "shape":"AuxiliaryAppArnList", + "documentation":"

A list of upload ARNs for app packages to be installed onto your device. (Maximum 3)

" + }, "billingMethod":{ "shape":"BillingMethod", "documentation":"

The billing method for the remote access session.

" @@ -1642,6 +1652,10 @@ "vpceConfigurationArns":{ "shape":"AmazonResourceNames", "documentation":"

An array of ARNs included in the VPC endpoint configuration.

" + }, + "deviceProxy":{ + "shape":"DeviceProxy", + "documentation":"

The device proxy to be configured on the device for the remote access session.

" } }, "documentation":"

Configuration settings for a remote access session, including billing method.

" @@ -1661,6 +1675,10 @@ "shape":"AmazonResourceName", "documentation":"

The ARN of the device for which you want to create a remote access session.

" }, + "appArn":{ + "shape":"AmazonResourceName", + "documentation":"

The Amazon Resource Name (ARN) of the app to create the remote access session.

" + }, "instanceArn":{ "shape":"AmazonResourceName", "documentation":"

The Amazon Resource Name (ARN) of the device instance for which you want to create a remote access session.

" @@ -1879,8 +1897,7 @@ }, "DeleteDevicePoolResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the result of a delete device pool request.

" }, "DeleteInstanceProfileRequest":{ @@ -1895,8 +1912,7 @@ }, "DeleteInstanceProfileResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNetworkProfileRequest":{ "type":"structure", @@ -1910,8 +1926,7 @@ }, "DeleteNetworkProfileResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectRequest":{ "type":"structure", @@ -1926,8 +1941,7 @@ }, "DeleteProjectResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the result of a delete project request.

" }, "DeleteRemoteAccessSessionRequest":{ @@ -1943,8 +1957,7 @@ }, "DeleteRemoteAccessSessionResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response from the server when a request is made to delete the remote access session.

" }, "DeleteRunRequest":{ @@ -1960,8 +1973,7 @@ }, "DeleteRunResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the result of a delete run request.

" }, "DeleteTestGridProjectRequest":{ @@ -1976,8 +1988,7 @@ }, "DeleteTestGridProjectResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUploadRequest":{ "type":"structure", @@ -1992,8 +2003,7 @@ }, "DeleteUploadResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the result of a delete upload request.

" }, "DeleteVPCEConfigurationRequest":{ @@ -2008,8 +2018,7 @@ }, "DeleteVPCEConfigurationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Device":{ "type":"structure", @@ -2315,6 +2324,36 @@ "type":"list", "member":{"shape":"DevicePool"} }, + "DeviceProxy":{ + "type":"structure", + "required":[ + "host", + "port" + ], + "members":{ + "host":{ + "shape":"DeviceProxyHost", + "documentation":"

Hostname or IPv4 address of the proxy.

" + }, + "port":{ + "shape":"DeviceProxyPort", + "documentation":"

The port number on which the http/s proxy is listening.

" + } + }, + "documentation":"

Represents the http/s proxy configuration that will be applied to a device during a run.

" + }, + "DeviceProxyHost":{ + "type":"string", + "max":255, + "min":1, + "pattern":"^([a-zA-Z0-9])([a-zA-Z0-9-.]+)([a-zA-Z0-9])$" + }, + "DeviceProxyPort":{ + "type":"integer", + "box":true, + "max":65535, + "min":1 + }, "DeviceSelectionConfiguration":{ "type":"structure", "required":[ @@ -2423,8 +2462,7 @@ }, "GetAccountSettingsRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the request sent to retrieve the account settings.

" }, "GetAccountSettingsResult":{ @@ -2479,6 +2517,10 @@ "configuration":{ "shape":"ScheduleRunConfiguration", "documentation":"

An object that contains information about the settings for a run.

" + }, + "projectArn":{ + "shape":"AmazonResourceName", + "documentation":"

The ARN of the project for which you want to check device pool compatibility.

" } }, "documentation":"

Represents a request to the get device pool compatibility operation.

" @@ -4287,6 +4329,14 @@ "vpcConfig":{ "shape":"VpcConfig", "documentation":"

The VPC security groups and subnets that are attached to a project.

" + }, + "deviceProxy":{ + "shape":"DeviceProxy", + "documentation":"

The device proxy configured for the remote access session.

" + }, + "appUpload":{ + "shape":"AmazonResourceName", + "documentation":"

The ARN for the app to be installed onto your device.

" } }, "documentation":"

Represents information about the remote access session.

" @@ -4457,6 +4507,10 @@ "shape":"NetworkProfile", "documentation":"

The network profile being used for a test run.

" }, + "deviceProxy":{ + "shape":"DeviceProxy", + "documentation":"

The device proxy configured for the devices in the run.

" + }, "parsingResultUrl":{ "shape":"String", "documentation":"

Read-only URL for an object in an S3 bucket where you can get the parsing results of the test package. If the test package doesn't parse, the reason why it doesn't parse appears in the file that this URL points to.

" @@ -4595,6 +4649,10 @@ "shape":"AmazonResourceNames", "documentation":"

An array of ARNs for your VPC endpoint configurations.

" }, + "deviceProxy":{ + "shape":"DeviceProxy", + "documentation":"

The device proxy to be configured on the device for the run.

" + }, "customerArtifactPaths":{ "shape":"CustomerArtifactPaths", "documentation":"

Input CustomerArtifactPaths object for the scheduled run configuration.

" @@ -4935,8 +4993,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5262,8 +5319,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDeviceInstanceRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/devops-guru/2020-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/devops-guru/2020-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/devops-guru/2020-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/devops-guru/2020-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/devops-guru/2020-12-01/service-2.json 2.31.35-1/awscli/botocore/data/devops-guru/2020-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/devops-guru/2020-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/devops-guru/2020-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"devops-guru", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon DevOps Guru", "serviceId":"DevOps Guru", "signatureVersion":"v4", "signingName":"devops-guru", - "uid":"devops-guru-2020-12-01" + "uid":"devops-guru-2020-12-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddNotificationChannel":{ @@ -1055,13 +1057,11 @@ }, "DeleteInsightResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountHealthRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountHealthResponse":{ "type":"structure", @@ -1163,8 +1163,7 @@ }, "DescribeEventSourcesConfigRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEventSourcesConfigResponse":{ "type":"structure", @@ -1392,8 +1391,7 @@ }, "DescribeServiceIntegrationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeServiceIntegrationResponse":{ "type":"structure", @@ -2939,8 +2937,7 @@ }, "PutFeedbackResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ReactiveAnomalies":{ "type":"list", @@ -3329,8 +3326,7 @@ }, "RemoveNotificationChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceArn":{ "type":"string", @@ -3781,8 +3777,7 @@ }, "StartCostEstimationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartTimeRange":{ "type":"structure", @@ -3970,8 +3965,7 @@ }, "UpdateEventSourcesConfigResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResourceCollectionAction":{ "type":"string", @@ -4010,8 +4004,7 @@ }, "UpdateResourceCollectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateServiceIntegrationConfig":{ "type":"structure", @@ -4040,8 +4033,7 @@ }, "UpdateServiceIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStackNames":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/directconnect/2012-10-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/directconnect/2012-10-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/directconnect/2012-10-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/directconnect/2012-10-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/directconnect/2012-10-25/service-2.json 2.31.35-1/awscli/botocore/data/directconnect/2012-10-25/service-2.json --- 2.23.6-1/awscli/botocore/data/directconnect/2012-10-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/directconnect/2012-10-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -147,7 +147,7 @@ {"shape":"DirectConnectServerException"}, {"shape":"DirectConnectClientException"} ], - "documentation":"

Associates a MAC Security (MACsec) Connection Key Name (CKN)/ Connectivity Association Key (CAK) pair with an Direct Connect dedicated connection.

You must supply either the secretARN, or the CKN/CAK (ckn and cak) pair in the request.

For information about MAC Security (MACsec) key considerations, see MACsec pre-shared CKN/CAK key considerations in the Direct Connect User Guide.

" + "documentation":"

Associates a MAC Security (MACsec) Connection Key Name (CKN)/ Connectivity Association Key (CAK) pair with a Direct Connect connection.

You must supply either the secretARN, or the CKN/CAK (ckn and cak) pair in the request.

For information about MAC Security (MACsec) key considerations, see MACsec pre-shared CKN/CAK key considerations in the Direct Connect User Guide.

" }, "AssociateVirtualInterface":{ "name":"AssociateVirtualInterface", @@ -580,7 +580,7 @@ {"shape":"DirectConnectServerException"}, {"shape":"DirectConnectClientException"} ], - "documentation":"

Lists the associations between your Direct Connect gateways and virtual private gateways and transit gateways. You must specify one of the following:

  • A Direct Connect gateway

    The response contains all virtual private gateways and transit gateways associated with the Direct Connect gateway.

  • A virtual private gateway

    The response contains the Direct Connect gateway.

  • A transit gateway

    The response contains the Direct Connect gateway.

  • A Direct Connect gateway and a virtual private gateway

    The response contains the association between the Direct Connect gateway and virtual private gateway.

  • A Direct Connect gateway and a transit gateway

    The response contains the association between the Direct Connect gateway and transit gateway.

" + "documentation":"

Lists the associations between your Direct Connect gateways and virtual private gateways and transit gateways. You must specify one of the following:

  • A Direct Connect gateway

    The response contains all virtual private gateways and transit gateways associated with the Direct Connect gateway.

  • A virtual private gateway

    The response contains the Direct Connect gateway.

  • A transit gateway

    The response contains the Direct Connect gateway.

  • A Direct Connect gateway and a virtual private gateway

    The response contains the association between the Direct Connect gateway and virtual private gateway.

  • A Direct Connect gateway and a transit gateway

    The response contains the association between the Direct Connect gateway and transit gateway.

  • A Direct Connect gateway and a virtual private gateway

    The response contains the association between the Direct Connect gateway and virtual private gateway.

  • A Direct Connect gateway association to a Cloud WAN core network

    The response contains the Cloud WAN core network ID that the Direct Connect gateway is associated to.

" }, "DescribeDirectConnectGatewayAttachments":{ "name":"DescribeDirectConnectGatewayAttachments", @@ -747,7 +747,7 @@ {"shape":"DirectConnectServerException"}, {"shape":"DirectConnectClientException"} ], - "documentation":"

Displays all virtual interfaces for an Amazon Web Services account. Virtual interfaces deleted fewer than 15 minutes before you make the request are also returned. If you specify a connection ID, only the virtual interfaces associated with the connection are returned. If you specify a virtual interface ID, then only a single virtual interface is returned.

A virtual interface (VLAN) transmits the traffic between the Direct Connect location and the customer network.

" + "documentation":"

Displays all virtual interfaces for an Amazon Web Services account. Virtual interfaces deleted fewer than 15 minutes before you make the request are also returned. If you specify a connection ID, only the virtual interfaces associated with the connection are returned. If you specify a virtual interface ID, then only a single virtual interface is returned.

A virtual interface (VLAN) transmits the traffic between the Direct Connect location and the customer network.

  • If you're using an asn, the response includes ASN value in both the asn and asnLong fields.

  • If you're using asnLong, the response returns a value of 0 (zero) for the asn attribute because it exceeds the highest ASN value of 2,147,483,647 that it can support

" }, "DisassociateConnectionFromLag":{ "name":"DisassociateConnectionFromLag", @@ -775,7 +775,7 @@ {"shape":"DirectConnectServerException"}, {"shape":"DirectConnectClientException"} ], - "documentation":"

Removes the association between a MAC Security (MACsec) security key and an Direct Connect dedicated connection.

" + "documentation":"

Removes the association between a MAC Security (MACsec) security key and a Direct Connect connection.

" }, "ListVirtualInterfaceTestHistory":{ "name":"ListVirtualInterfaceTestHistory", @@ -861,7 +861,7 @@ {"shape":"DirectConnectServerException"}, {"shape":"DirectConnectClientException"} ], - "documentation":"

Updates the Direct Connect dedicated connection configuration.

You can update the following parameters for a connection:

  • The connection name

  • The connection's MAC Security (MACsec) encryption mode.

" + "documentation":"

Updates the Direct Connect connection configuration.

You can update the following parameters for a connection:

  • The connection name

  • The connection's MAC Security (MACsec) encryption mode.

" }, "UpdateDirectConnectGateway":{ "name":"UpdateDirectConnectGateway", @@ -1156,19 +1156,19 @@ "members":{ "connectionId":{ "shape":"ConnectionId", - "documentation":"

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

You can use DescribeConnections or DescribeLags to retrieve connection ID.

" + "documentation":"

The ID of the dedicated connection (dxcon-xxxx), interconnect (dxcon-xxxx), or LAG (dxlag-xxxx).

You can use DescribeConnections, DescribeInterconnects, or DescribeLags to retrieve connection ID.

" }, "secretARN":{ "shape":"SecretARN", - "documentation":"

The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection.

You can use DescribeConnections or DescribeLags to retrieve the MAC Security (MACsec) secret key.

If you use this request parameter, you do not use the ckn and cak request parameters.

" + "documentation":"

The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the connection.

You can use DescribeConnections or DescribeLags to retrieve the MAC Security (MACsec) secret key.

If you use this request parameter, you do not use the ckn and cak request parameters.

" }, "ckn":{ "shape":"Ckn", - "documentation":"

The MAC Security (MACsec) CKN to associate with the dedicated connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the cak request parameter and not use the secretARN request parameter.

" + "documentation":"

The MAC Security (MACsec) CKN to associate with the connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the cak request parameter and not use the secretARN request parameter.

" }, "cak":{ "shape":"Cak", - "documentation":"

The MAC Security (MACsec) CAK to associate with the dedicated connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the ckn request parameter and not use the secretARN request parameter.

" + "documentation":"

The MAC Security (MACsec) CAK to associate with the connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the ckn request parameter and not use the secretARN request parameter.

" } } }, @@ -1177,11 +1177,11 @@ "members":{ "connectionId":{ "shape":"ConnectionId", - "documentation":"

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

" + "documentation":"

The ID of the dedicated connection (dxcon-xxxx), interconnect (dxcon-xxxx), or LAG (dxlag-xxxx).

" }, "macSecKeys":{ "shape":"MacSecKeyList", - "documentation":"

The MAC Security (MACsec) security keys associated with the dedicated connection.

" + "documentation":"

The MAC Security (MACsec) security keys associated with the connection.

" } } }, @@ -1207,7 +1207,7 @@ "members":{ "id":{ "shape":"CoreNetworkIdentifier", - "documentation":"

The ID of the Cloud WAN core network.

" + "documentation":"

The ID of the Cloud WAN core network that the Direct Connect gateway is associated to.

" }, "ownerAccount":{ "shape":"OwnerAccount", @@ -1215,10 +1215,10 @@ }, "attachmentId":{ "shape":"CoreNetworkAttachmentId", - "documentation":"

the ID of the Direct Connect attachment

" + "documentation":"

the ID of the Direct Connect gateway attachment.

" } }, - "documentation":"

The Amazon Web Services Cloud WAN core network that the Direct Connect attachment is associated with.

" + "documentation":"

The Amazon Web Services Cloud WAN core network that the Direct Connect gateway is associated to. This is only returned when a Direct Connect gateway is associated to a Cloud WAN core network.

" }, "AssociatedGateway":{ "type":"structure", @@ -1267,7 +1267,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for the BGP peer. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "authKey":{ "shape":"BGPAuthKey", @@ -1396,7 +1400,7 @@ "members":{ "virtualInterfaceState":{ "shape":"VirtualInterfaceState", - "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" + "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • testing: A virtual interface is in this state immediately after calling StartBgpFailoverTest and remains in this state during the duration of the test.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" } } }, @@ -1415,7 +1419,7 @@ "members":{ "virtualInterfaceState":{ "shape":"VirtualInterfaceState", - "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" + "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • testing: A virtual interface is in this state immediately after calling StartBgpFailoverTest and remains in this state during the duration of the test.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" } } }, @@ -1441,7 +1445,7 @@ "members":{ "virtualInterfaceState":{ "shape":"VirtualInterfaceState", - "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" + "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • testing: A virtual interface is in this state immediately after calling StartBgpFailoverTest and remains in this state during the duration of the test.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" } } }, @@ -1535,6 +1539,10 @@ "macSecKeys":{ "shape":"MacSecKeyList", "documentation":"

The MAC Security (MACsec) security keys associated with the connection.

" + }, + "partnerInterconnectMacSecCapable":{ + "shape":"PartnerInterconnectMacSecCapable", + "documentation":"

Indicates whether the interconnect hosting this connection supports MAC Security (MACsec).

" } }, "documentation":"

Information about an Direct Connect connection.

" @@ -1565,6 +1573,10 @@ "connections":{ "shape":"ConnectionList", "documentation":"

The connections.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

" } } }, @@ -1637,7 +1649,7 @@ }, "requestMACSec":{ "shape":"RequestMACSec", - "documentation":"

Indicates whether you want the connection to support MAC Security (MACsec).

MAC Security (MACsec) is only available on dedicated connections. For information about MAC Security (MACsec) prerequisties, see MACsec prerequisties in the Direct Connect User Guide.

" + "documentation":"

Indicates whether you want the connection to support MAC Security (MACsec).

MAC Security (MACsec) is unavailable on hosted connections. For information about MAC Security (MACsec) prerequisites, see MAC Security in Direct Connect in the Direct Connect User Guide.

" } } }, @@ -1719,6 +1731,10 @@ "shape":"DirectConnectGatewayName", "documentation":"

The name of the Direct Connect gateway.

" }, + "tags":{ + "shape":"TagList", + "documentation":"

The key-value pair tags associated with the request.

" + }, "amazonSideAsn":{ "shape":"LongAsn", "documentation":"

The autonomous system number (ASN) for Border Gateway Protocol (BGP) to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294. The default is 64512.

" @@ -1765,6 +1781,10 @@ "providerName":{ "shape":"ProviderName", "documentation":"

The name of the service provider associated with the interconnect.

" + }, + "requestMACSec":{ + "shape":"RequestMACSec", + "documentation":"

Indicates whether you want the interconnect to support MAC Security (MACsec).

" } } }, @@ -1899,7 +1919,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for the BGP peer to be deleted from a Direct Connect virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "customerAddress":{ "shape":"CustomerAddress", @@ -2038,7 +2062,7 @@ "members":{ "virtualInterfaceState":{ "shape":"VirtualInterfaceState", - "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" + "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • testing: A virtual interface is in this state immediately after calling StartBgpFailoverTest and remains in this state during the duration of the test.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" } } }, @@ -2085,6 +2109,14 @@ "connectionId":{ "shape":"ConnectionId", "documentation":"

The ID of the connection.

" + }, + "maxResults":{ + "shape":"MaxResultSetSize", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If MaxResults is given a value larger than 100, only 100 results are returned.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next page of results.

" } } }, @@ -2252,6 +2284,14 @@ "connectionId":{ "shape":"ConnectionId", "documentation":"

The ID of the interconnect or LAG.

" + }, + "maxResults":{ + "shape":"MaxResultSetSize", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If MaxResults is given a value larger than 100, only 100 results are returned.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next page of results.

" } } }, @@ -2288,6 +2328,14 @@ "interconnectId":{ "shape":"InterconnectId", "documentation":"

The ID of the interconnect.

" + }, + "maxResults":{ + "shape":"MaxResultSetSize", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If MaxResults is given a value larger than 100, only 100 results are returned.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next page of results.

" } } }, @@ -2297,6 +2345,14 @@ "lagId":{ "shape":"LagId", "documentation":"

The ID of the LAG.

" + }, + "maxResults":{ + "shape":"MaxResultSetSize", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If MaxResults is given a value larger than 100, only 100 results are returned.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next page of results.

" } } }, @@ -2383,6 +2439,14 @@ "virtualInterfaceId":{ "shape":"VirtualInterfaceId", "documentation":"

The ID of the virtual interface.

" + }, + "maxResults":{ + "shape":"MaxResultSetSize", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

If MaxResults is given a value larger than 100, only 100 results are returned.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token for the next page of results.

" } } }, @@ -2407,7 +2471,7 @@ }, "amazonSideAsn":{ "shape":"LongAsn", - "documentation":"

The autonomous system number (ASN) for the Amazon side of the connection.

" + "documentation":"

The autonomous system number (AS) for the Amazon side of the connection.

" }, "ownerAccount":{ "shape":"OwnerAccount", @@ -2420,6 +2484,10 @@ "stateChangeError":{ "shape":"StateChangeError", "documentation":"

The error message if the state of an object failed to advance.

" + }, + "tags":{ + "shape":"TagList", + "documentation":"

Information about a tag.

" } }, "documentation":"

Information about a Direct Connect gateway, which enables you to connect virtual interfaces and virtual private gateway or transit gateways.

" @@ -2457,7 +2525,7 @@ }, "associatedCoreNetwork":{ "shape":"AssociatedCoreNetwork", - "documentation":"

The ID of the Cloud WAN core network associated with the Direct Connect attachment.

" + "documentation":"

The ID of the Cloud WAN core network associated with the Direct Connect gateway attachment.

" }, "virtualGatewayId":{ "shape":"VirtualGatewayId", @@ -2639,7 +2707,7 @@ "members":{ "connectionId":{ "shape":"ConnectionId", - "documentation":"

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

You can use DescribeConnections or DescribeLags to retrieve connection ID.

" + "documentation":"

The ID of the dedicated connection (dxcon-xxxx), interconnect (dxcon-xxxx), or LAG (dxlag-xxxx).

You can use DescribeConnections, DescribeInterconnects, or DescribeLags to retrieve connection ID.

" }, "secretARN":{ "shape":"SecretARN", @@ -2652,18 +2720,17 @@ "members":{ "connectionId":{ "shape":"ConnectionId", - "documentation":"

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

" + "documentation":"

The ID of the dedicated connection (dxcon-xxxx), interconnect (dxcon-xxxx), or LAG (dxlag-xxxx).

" }, "macSecKeys":{ "shape":"MacSecKeyList", - "documentation":"

The MAC Security (MACsec) security keys no longer associated with the dedicated connection.

" + "documentation":"

The MAC Security (MACsec) security keys no longer associated with the connection.

" } } }, "DuplicateTagKeysException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A tag key was specified more than once.

", "exception":true }, @@ -2751,6 +2818,22 @@ "providerName":{ "shape":"ProviderName", "documentation":"

The name of the service provider associated with the interconnect.

" + }, + "macSecCapable":{ + "shape":"MacSecCapable", + "documentation":"

Indicates whether the interconnect supports MAC Security (MACsec).

" + }, + "portEncryptionStatus":{ + "shape":"PortEncryptionStatus", + "documentation":"

The MAC Security (MACsec) port link status.

The valid values are Encryption Up, which means that there is an active Connection Key Name, or Encryption Down.

" + }, + "encryptionMode":{ + "shape":"EncryptionMode", + "documentation":"

The MAC Security (MACsec) encryption mode.

The valid values are no_encrypt, should_encrypt, and must_encrypt.

" + }, + "macSecKeys":{ + "shape":"MacSecKeyList", + "documentation":"

The MAC Security (MACsec) security keys.

" } }, "documentation":"

Information about an interconnect.

" @@ -2779,6 +2862,10 @@ "interconnects":{ "shape":"InterconnectList", "documentation":"

The interconnects.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

" } } }, @@ -2897,6 +2984,10 @@ "lags":{ "shape":"LagList", "documentation":"

The LAGs.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

" } } }, @@ -3045,7 +3136,11 @@ "members":{ "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for a new BGP peer. The valid range is from 1 to 4294967294.

" }, "authKey":{ "shape":"BGPAuthKey", @@ -3070,8 +3165,7 @@ "type":"structure", "required":[ "virtualInterfaceName", - "vlan", - "asn" + "vlan" ], "members":{ "virtualInterfaceName":{ @@ -3084,7 +3178,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

The valid values are 1-2147483646.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for a new private virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "mtu":{ "shape":"MTU", @@ -3129,8 +3227,7 @@ "type":"structure", "required":[ "virtualInterfaceName", - "vlan", - "asn" + "vlan" ], "members":{ "virtualInterfaceName":{ @@ -3143,7 +3240,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

The valid values are 1-2147483646.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The ASN when allocating a new private virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "mtu":{ "shape":"MTU", @@ -3176,8 +3277,7 @@ "type":"structure", "required":[ "virtualInterfaceName", - "vlan", - "asn" + "vlan" ], "members":{ "virtualInterfaceName":{ @@ -3190,7 +3290,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for a new public virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "authKey":{ "shape":"BGPAuthKey", @@ -3223,8 +3327,7 @@ "type":"structure", "required":[ "virtualInterfaceName", - "vlan", - "asn" + "vlan" ], "members":{ "virtualInterfaceName":{ @@ -3237,7 +3340,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

The valid values are 1-2147483646.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The ASN when allocating a new public virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "authKey":{ "shape":"BGPAuthKey", @@ -3279,7 +3386,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for a new transit virtual interface.The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "mtu":{ "shape":"MTU", @@ -3329,7 +3440,11 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

The valid values are 1-2147483646.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The ASN when allocating a new transit virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "mtu":{ "shape":"MTU", @@ -3368,6 +3483,7 @@ }, "OwnerAccount":{"type":"string"}, "PaginationToken":{"type":"string"}, + "PartnerInterconnectMacSecCapable":{"type":"boolean"}, "PartnerName":{"type":"string"}, "Platform":{"type":"string"}, "PortEncryptionStatus":{"type":"string"}, @@ -3554,8 +3670,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3570,8 +3685,7 @@ "TestId":{"type":"string"}, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the limit on the number of tags that can be assigned.

", "exception":true }, @@ -3594,8 +3708,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectionRequest":{ "type":"structure", @@ -3603,7 +3716,7 @@ "members":{ "connectionId":{ "shape":"ConnectionId", - "documentation":"

The ID of the dedicated connection.

You can use DescribeConnections to retrieve the connection ID.

" + "documentation":"

The ID of the connection.

You can use DescribeConnections to retrieve the connection ID.

" }, "connectionName":{ "shape":"ConnectionName", @@ -3779,11 +3892,15 @@ }, "asn":{ "shape":"ASN", - "documentation":"

The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.

The valid values are 1-2147483647.

" + "documentation":"

The autonomous system number (ASN). The valid range is from 1 to 2147483646 for Border Gateway Protocol (BGP) configuration. If you provide a number greater than the maximum, an error is returned. Use asnLong instead.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" + }, + "asnLong":{ + "shape":"LongAsn", + "documentation":"

The long ASN for the virtual interface. The valid range is from 1 to 4294967294 for BGP configuration.

You can use asnLong or asn, but not both. We recommend using asnLong as it supports a greater pool of numbers.

  • The asnLong attribute accepts both ASN and long ASN ranges.

  • If you provide a value in the same API call for both asn and asnLong, the API will only accept the value for asnLong.

" }, "amazonSideAsn":{ "shape":"LongAsn", - "documentation":"

The autonomous system number (ASN) for the Amazon side of the connection.

" + "documentation":"

The autonomous system number (AS) for the Amazon side of the connection.

" }, "authKey":{ "shape":"BGPAuthKey", @@ -3803,7 +3920,7 @@ }, "virtualInterfaceState":{ "shape":"VirtualInterfaceState", - "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" + "documentation":"

The state of the virtual interface. The following are the possible values:

  • confirming: The creation of the virtual interface is pending confirmation from the virtual interface owner. If the owner of the virtual interface is different from the owner of the connection on which it is provisioned, then the virtual interface will remain in this state until it is confirmed by the virtual interface owner.

  • verifying: This state only applies to public virtual interfaces. Each public virtual interface needs validation before the virtual interface can be created.

  • pending: A virtual interface is in this state from the time that it is created until the virtual interface is ready to forward traffic.

  • available: A virtual interface that is able to forward traffic.

  • down: A virtual interface that is BGP down.

  • testing: A virtual interface is in this state immediately after calling StartBgpFailoverTest and remains in this state during the duration of the test.

  • deleting: A virtual interface is in this state immediately after calling DeleteVirtualInterface until it can no longer forward traffic.

  • deleted: A virtual interface that cannot forward traffic.

  • rejected: The virtual interface owner has declined creation of the virtual interface. If a virtual interface in the Confirming state is deleted by the virtual interface owner, the virtual interface enters the Rejected state.

  • unknown: The state of the virtual interface is not available.

" }, "customerRouterConfig":{ "shape":"RouterConfig", @@ -3871,6 +3988,7 @@ "pending", "available", "down", + "testing", "deleting", "deleted", "rejected", @@ -3926,6 +4044,10 @@ "virtualInterfaces":{ "shape":"VirtualInterfaceList", "documentation":"

The virtual interfaces

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/discovery/2015-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/discovery/2015-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/discovery/2015-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/discovery/2015-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/discovery/2015-11-01/service-2.json 2.31.35-1/awscli/botocore/data/discovery/2015-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/discovery/2015-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/discovery/2015-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -665,8 +665,7 @@ }, "AssociateConfigurationItemsToApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AuthorizationErrorException":{ "type":"structure", @@ -1018,8 +1017,7 @@ }, "CreateTagsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomerAgentInfo":{ "type":"structure", @@ -1243,8 +1241,7 @@ }, "DeleteApplicationsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTagsRequest":{ "type":"structure", @@ -1262,8 +1259,7 @@ }, "DeleteTagsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletionConfigurationItemType":{ "type":"string", @@ -1561,8 +1557,7 @@ }, "DisassociateConfigurationItemsFromApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EC2InstanceType":{ "type":"string", @@ -1802,8 +1797,7 @@ }, "GetDiscoverySummaryRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetDiscoverySummaryResponse":{ "type":"structure", @@ -2260,8 +2254,7 @@ }, "StartContinuousExportRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "StartContinuousExportResponse":{ "type":"structure", @@ -2520,8 +2513,7 @@ }, "UpdateApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UsageMetricBasis":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/dlm/2018-01-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dlm/2018-01-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dlm/2018-01-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dlm/2018-01-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/dlm/2018-01-12/service-2.json 2.31.35-1/awscli/botocore/data/dlm/2018-01-12/service-2.json --- 2.23.6-1/awscli/botocore/data/dlm/2018-01-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dlm/2018-01-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -469,8 +469,7 @@ }, "DeleteLifecyclePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeprecateRule":{ "type":"structure", @@ -1356,8 +1355,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1438,8 +1436,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLifecyclePolicyRequest":{ "type":"structure", @@ -1495,8 +1492,7 @@ }, "UpdateLifecyclePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "VariableTagsList":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/dms/2016-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dms/2016-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dms/2016-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dms/2016-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/dms/2016-01-01/paginators-1.json 2.31.35-1/awscli/botocore/data/dms/2016-01-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/dms/2016-01-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dms/2016-01-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -83,6 +83,18 @@ "output_token": "Marker", "limit_key": "MaxRecords", "result_key": "DataMigrations" + }, + "DescribeMetadataModelChildren": { + "input_token": "Marker", + "output_token": "Marker", + "limit_key": "MaxRecords", + "result_key": "MetadataModelChildren" + }, + "DescribeMetadataModelCreations": { + "input_token": "Marker", + "output_token": "Marker", + "limit_key": "MaxRecords", + "result_key": "Requests" } } } diff -pruN 2.23.6-1/awscli/botocore/data/dms/2016-01-01/service-2.json 2.31.35-1/awscli/botocore/data/dms/2016-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/dms/2016-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dms/2016-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -54,7 +54,37 @@ {"shape":"AccessDeniedFault"}, {"shape":"ResourceNotFoundFault"} ], - "documentation":"

Starts the analysis of up to 20 source databases to recommend target engines for each source database. This is a batch version of StartRecommendations.

The result of analysis of each source database is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Starts the analysis of up to 20 source databases to recommend target engines for each source database. This is a batch version of StartRecommendations.

The result of analysis of each source database is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

" + }, + "CancelMetadataModelConversion":{ + "name":"CancelMetadataModelConversion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelMetadataModelConversionMessage"}, + "output":{"shape":"CancelMetadataModelConversionResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"InvalidResourceStateFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Cancels a single metadata model conversion operation that was started with StartMetadataModelConversion.

" + }, + "CancelMetadataModelCreation":{ + "name":"CancelMetadataModelCreation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelMetadataModelCreationMessage"}, + "output":{"shape":"CancelMetadataModelCreationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"InvalidResourceStateFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Cancels a single metadata model creation operation that was started with StartMetadataModelCreation.

" }, "CancelReplicationTaskAssessmentRun":{ "name":"CancelReplicationTaskAssessmentRun", @@ -160,7 +190,7 @@ {"shape":"S3ResourceNotFoundFault"}, {"shape":"ResourceQuotaExceededFault"} ], - "documentation":"

Creates a Fleet Advisor collector using the specified parameters.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Creates a Fleet Advisor collector using the specified parameters.

" }, "CreateInstanceProfile":{ "name":"CreateInstanceProfile", @@ -381,7 +411,7 @@ {"shape":"CollectorNotFoundFault"}, {"shape":"AccessDeniedFault"} ], - "documentation":"

Deletes the specified Fleet Advisor collector.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Deletes the specified Fleet Advisor collector.

" }, "DeleteFleetAdvisorDatabases":{ "name":"DeleteFleetAdvisorDatabases", @@ -396,7 +426,7 @@ {"shape":"InvalidOperationFault"}, {"shape":"AccessDeniedFault"} ], - "documentation":"

Deletes the specified Fleet Advisor collector databases.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Deletes the specified Fleet Advisor collector databases.

" }, "DeleteInstanceProfile":{ "name":"DeleteInstanceProfile", @@ -695,7 +725,7 @@ "errors":[ {"shape":"InvalidResourceStateFault"} ], - "documentation":"

Returns a list of the Fleet Advisor collectors in your account.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Returns a list of the Fleet Advisor collectors in your account.

" }, "DescribeFleetAdvisorDatabases":{ "name":"DescribeFleetAdvisorDatabases", @@ -708,7 +738,7 @@ "errors":[ {"shape":"InvalidResourceStateFault"} ], - "documentation":"

Returns a list of Fleet Advisor databases in your account.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Returns a list of Fleet Advisor databases in your account.

" }, "DescribeFleetAdvisorLsaAnalysis":{ "name":"DescribeFleetAdvisorLsaAnalysis", @@ -721,7 +751,7 @@ "errors":[ {"shape":"InvalidResourceStateFault"} ], - "documentation":"

Provides descriptions of large-scale assessment (LSA) analyses produced by your Fleet Advisor collectors.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Provides descriptions of large-scale assessment (LSA) analyses produced by your Fleet Advisor collectors.

" }, "DescribeFleetAdvisorSchemaObjectSummary":{ "name":"DescribeFleetAdvisorSchemaObjectSummary", @@ -734,7 +764,7 @@ "errors":[ {"shape":"InvalidResourceStateFault"} ], - "documentation":"

Provides descriptions of the schemas discovered by your Fleet Advisor collectors.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Provides descriptions of the schemas discovered by your Fleet Advisor collectors.

" }, "DescribeFleetAdvisorSchemas":{ "name":"DescribeFleetAdvisorSchemas", @@ -747,7 +777,7 @@ "errors":[ {"shape":"InvalidResourceStateFault"} ], - "documentation":"

Returns a list of schemas detected by Fleet Advisor Collectors in your account.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Returns a list of schemas detected by Fleet Advisor Collectors in your account.

" }, "DescribeInstanceProfiles":{ "name":"DescribeInstanceProfiles", @@ -764,6 +794,20 @@ ], "documentation":"

Returns a paginated list of instance profiles for your account in the current region.

" }, + "DescribeMetadataModel":{ + "name":"DescribeMetadataModel", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelMessage"}, + "output":{"shape":"DescribeMetadataModelResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Gets detailed information about the specified metadata model, including its definition and corresponding converted objects in the target database if applicable.

" + }, "DescribeMetadataModelAssessments":{ "name":"DescribeMetadataModelAssessments", "http":{ @@ -777,6 +821,20 @@ ], "documentation":"

Returns a paginated list of metadata model assessments for your account in the current region.

" }, + "DescribeMetadataModelChildren":{ + "name":"DescribeMetadataModelChildren", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelChildrenMessage"}, + "output":{"shape":"DescribeMetadataModelChildrenResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Gets a list of child metadata models for the specified metadata model in the database hierarchy.

" + }, "DescribeMetadataModelConversions":{ "name":"DescribeMetadataModelConversions", "http":{ @@ -790,6 +848,20 @@ ], "documentation":"

Returns a paginated list of metadata model conversions for a migration project.

" }, + "DescribeMetadataModelCreations":{ + "name":"DescribeMetadataModelCreations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelCreationsMessage"}, + "output":{"shape":"DescribeMetadataModelCreationsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Returns a paginated list of metadata model creation requests for a migration project.

" + }, "DescribeMetadataModelExportsAsScript":{ "name":"DescribeMetadataModelExportsAsScript", "http":{ @@ -865,7 +937,7 @@ "errors":[ {"shape":"ResourceNotFoundFault"} ], - "documentation":"

For internal use only

" + "documentation":"

Returns a list of upcoming maintenance events for replication instances in your account in the current Region.

" }, "DescribeRecommendationLimitations":{ "name":"DescribeRecommendationLimitations", @@ -879,7 +951,7 @@ {"shape":"InvalidResourceStateFault"}, {"shape":"AccessDeniedFault"} ], - "documentation":"

Returns a paginated list of limitations for recommendations of target Amazon Web Services engines.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Returns a paginated list of limitations for recommendations of target Amazon Web Services engines.

" }, "DescribeRecommendations":{ "name":"DescribeRecommendations", @@ -893,7 +965,7 @@ {"shape":"InvalidResourceStateFault"}, {"shape":"AccessDeniedFault"} ], - "documentation":"

Returns a paginated list of target engine recommendations for your source databases.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Returns a paginated list of target engine recommendations for your source databases.

" }, "DescribeRefreshSchemasStatus":{ "name":"DescribeRefreshSchemasStatus", @@ -1083,6 +1155,21 @@ ], "documentation":"

Saves a copy of a database migration assessment report to your Amazon S3 bucket. DMS can save your assessment report as a comma-separated value (CSV) or a PDF file.

" }, + "GetTargetSelectionRules":{ + "name":"GetTargetSelectionRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTargetSelectionRulesMessage"}, + "output":{"shape":"GetTargetSelectionRulesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"InvalidResourceStateFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Converts source selection rules into their target counterparts for schema conversion operations.

" + }, "ImportCertificate":{ "name":"ImportCertificate", "http":{ @@ -1404,7 +1491,7 @@ {"shape":"InvalidResourceStateFault"}, {"shape":"ResourceNotFoundFault"} ], - "documentation":"

Runs large-scale assessment (LSA) analysis on every Fleet Advisor collector in your account.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Runs large-scale assessment (LSA) analysis on every Fleet Advisor collector in your account.

" }, "StartDataMigration":{ "name":"StartDataMigration", @@ -1483,6 +1570,22 @@ ], "documentation":"

Converts your source database objects to a format compatible with the target database.

" }, + "StartMetadataModelCreation":{ + "name":"StartMetadataModelCreation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartMetadataModelCreationMessage"}, + "output":{"shape":"StartMetadataModelCreationResponse"}, + "errors":[ + {"shape":"ResourceAlreadyExistsFault"}, + {"shape":"ResourceNotFoundFault"}, + {"shape":"ResourceQuotaExceededFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"

Creates source metadata model of the given type with the specified properties for schema conversion operations.

This action supports only these directions: from SQL Server to Aurora PostgreSQL, or from SQL Server to RDS for PostgreSQL.

" + }, "StartMetadataModelExportAsScript":{ "name":"StartMetadataModelExportAsScript", "http":{ @@ -1555,7 +1658,7 @@ {"shape":"AccessDeniedFault"}, {"shape":"ResourceNotFoundFault"} ], - "documentation":"

Starts the analysis of your source database to provide recommendations of target engines.

You can create recommendations for multiple source databases using BatchStartRecommendations.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Starts the analysis of your source database to provide recommendations of target engines.

You can create recommendations for multiple source databases using BatchStartRecommendations.

" }, "StartReplication":{ "name":"StartReplication", @@ -1755,8 +1858,7 @@ }, "AddTagsToResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

" }, "ApplyPendingMaintenanceActionMessage":{ @@ -1773,7 +1875,7 @@ }, "ApplyAction":{ "shape":"String", - "documentation":"

The pending maintenance action to apply to this resource.

Valid values: os-upgrade, system-update, db-upgrade

" + "documentation":"

The pending maintenance action to apply to this resource.

Valid values: os-upgrade, system-update, db-upgrade, os-patch

" }, "OptInType":{ "shape":"String", @@ -1883,6 +1985,52 @@ }, "Boolean":{"type":"boolean"}, "BooleanOptional":{"type":"boolean"}, + "CancelMetadataModelConversionMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "RequestIdentifier" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "RequestIdentifier":{ + "shape":"String", + "documentation":"

The identifier for the metadata model conversion operation to cancel. This operation was initiated by StartMetadataModelConversion.

" + } + } + }, + "CancelMetadataModelConversionResponse":{ + "type":"structure", + "members":{ + "Request":{"shape":"SchemaConversionRequest"} + } + }, + "CancelMetadataModelCreationMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "RequestIdentifier" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "RequestIdentifier":{ + "shape":"String", + "documentation":"

The identifier for the metadata model creation operation to cancel. This operation was initiated by StartMetadataModelCreation.

" + } + } + }, + "CancelMetadataModelCreationResponse":{ + "type":"structure", + "members":{ + "Request":{"shape":"SchemaConversionRequest"} + } + }, "CancelReplicationTaskAssessmentRunMessage":{ "type":"structure", "required":["ReplicationTaskAssessmentRunArn"], @@ -2202,6 +2350,10 @@ "shape":"SourceDataSettings", "documentation":"

Specifies information about the source data provider.

" }, + "TargetDataSettings":{ + "shape":"TargetDataSettings", + "documentation":"

Specifies information about the target data provider.

" + }, "NumberOfJobs":{ "shape":"IntegerOptional", "documentation":"

The number of parallel jobs that trigger parallel threads to unload the tables from the source, and then load them to the target.

" @@ -2242,7 +2394,11 @@ }, "Engine":{ "shape":"String", - "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + }, + "Virtual":{ + "shape":"BooleanOptional", + "documentation":"

Indicates whether the data provider is virtual.

" }, "Settings":{ "shape":"DataProviderSettings", @@ -2526,7 +2682,7 @@ }, "KmsKeyArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses your default encryption key.

KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.

" + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses an Amazon Web Services owned encryption key to encrypt your resources.

" }, "PubliclyAccessible":{ "shape":"BooleanOptional", @@ -2755,7 +2911,7 @@ }, "KerberosAuthenticationSettings":{ "shape":"KerberosAuthenticationSettings", - "documentation":"

Specifies the ID of the secret that stores the key cache file required for kerberos authentication, when creating a replication instance.

" + "documentation":"

Specifies the settings required for kerberos authentication when creating the replication instance.

" } }, "documentation":"

" @@ -2784,7 +2940,7 @@ }, "ReplicationSubnetGroupDescription":{ "shape":"String", - "documentation":"

The description for the subnet group.

" + "documentation":"

The description for the subnet group.

Constraints: This parameter Must not contain non-printable control characters.

" }, "SubnetIds":{ "shape":"SubnetIdentifierList", @@ -2933,6 +3089,10 @@ "shape":"SourceDataSettings", "documentation":"

Specifies information about the data migration's source data provider.

" }, + "TargetDataSettings":{ + "shape":"TargetDataSettings", + "documentation":"

Specifies information about the data migration's target data provider.

" + }, "DataMigrationStatistics":{ "shape":"DataMigrationStatistics", "documentation":"

Provides information about the data migration's run, including start and stop time, latency, and data migration progress.

" @@ -3049,7 +3209,11 @@ }, "Engine":{ "shape":"String", - "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + }, + "Virtual":{ + "shape":"BooleanOptional", + "documentation":"

Indicates whether the data provider is virtual.

" }, "Settings":{ "shape":"DataProviderSettings", @@ -3124,6 +3288,14 @@ "shape":"MariaDbDataProviderSettings", "documentation":"

Provides information that defines a MariaDB data provider.

" }, + "IbmDb2LuwSettings":{ + "shape":"IbmDb2LuwDataProviderSettings", + "documentation":"

Provides information that defines an IBM DB2 LUW data provider.

" + }, + "IbmDb2zOsSettings":{ + "shape":"IbmDb2zOsDataProviderSettings", + "documentation":"

Provides information that defines an IBM DB2 for z/OS data provider.

" + }, "MongoDbSettings":{ "shape":"MongoDbDataProviderSettings", "documentation":"

Provides information that defines a MongoDB data provider.

" @@ -3511,8 +3683,7 @@ }, "DeleteReplicationSubnetGroupResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

" }, "DeleteReplicationTaskAssessmentRunMessage":{ @@ -3559,8 +3730,7 @@ }, "DescribeAccountAttributesMessage":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

" }, "DescribeAccountAttributesResponse":{ @@ -3588,6 +3758,10 @@ "shape":"String", "documentation":"

ARN of a replication instance on which you want to base the default list of individual assessments.

" }, + "ReplicationConfigArn":{ + "shape":"String", + "documentation":"

Amazon Resource Name (ARN) of a serverless replication on which you want to base the default list of individual assessments.

" + }, "SourceEngineName":{ "shape":"String", "documentation":"

Name of a database engine that the specified replication instance supports as a source.

" @@ -3692,7 +3866,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The name or Amazon Resource Name (ARN) for the schema conversion project to describe.

" } } @@ -3932,7 +4106,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

Filters applied to event subscriptions.

Valid filter names: event-subscription-arn | event-subscription-id

" + "documentation":"

Filters applied to event subscriptions.

Valid filter names: event-subscription-arn | event-subscription-id

" }, "MaxRecords":{ "shape":"IntegerOptional", @@ -4020,7 +4194,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The name or Amazon Resource Name (ARN) for the migration project.

" }, "Filters":{ @@ -4145,7 +4319,7 @@ }, "MaxRecords":{ "shape":"IntegerOptional", - "documentation":"

Sets the maximum number of records returned in the response.

" + "documentation":"

End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.

Sets the maximum number of records returned in the response.

" }, "NextToken":{ "shape":"String", @@ -4231,7 +4405,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The name or Amazon Resource Name (ARN) of the migration project.

" }, "Filters":{ @@ -4261,12 +4435,55 @@ } } }, + "DescribeMetadataModelChildrenMessage":{ + "type":"structure", + "required":[ + "SelectionRules", + "MigrationProjectIdentifier", + "Origin" + ], + "members":{ + "SelectionRules":{ + "shape":"String", + "documentation":"

The JSON string that specifies which metadata model's children to retrieve. Only one selection rule with \"rule-action\": \"explicit\" can be provided. For more information, see Selection Rules in the DMS User Guide.

" + }, + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "Origin":{ + "shape":"OriginTypeValue", + "documentation":"

Specifies whether to retrieve metadata from the source or target tree. Valid values: SOURCE | TARGET

" + }, + "Marker":{ + "shape":"String", + "documentation":"

Specifies the unique pagination token that indicates where the next page should start. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

" + }, + "MaxRecords":{ + "shape":"IntegerOptional", + "documentation":"

The maximum number of metadata model children to include in the response. If more items exist than the specified MaxRecords value, a marker is included in the response so that the remaining results can be retrieved.

" + } + } + }, + "DescribeMetadataModelChildrenResponse":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"String", + "documentation":"

Specifies the unique pagination token that makes it possible to display the next page of metadata model children. If a marker is returned, there are more metadata model children available.

" + }, + "MetadataModelChildren":{ + "shape":"MetadataModelReferenceList", + "documentation":"

A list of child metadata models.

" + } + } + }, "DescribeMetadataModelConversionsMessage":{ "type":"structure", "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "Filters":{ @@ -4296,12 +4513,47 @@ } } }, - "DescribeMetadataModelExportsAsScriptMessage":{ + "DescribeMetadataModelCreationsMessage":{ "type":"structure", "required":["MigrationProjectIdentifier"], "members":{ + "Filters":{ + "shape":"FilterList", + "documentation":"

Filters applied to the metadata model creation requests described in the form of key-value pairs. The supported filters are request-id and status.

" + }, + "Marker":{ + "shape":"String", + "documentation":"

Specifies the unique pagination token that makes it possible to display the next page of metadata model creation requests. If Marker is returned by a previous response, there are more metadata model creation requests available.

" + }, + "MaxRecords":{ + "shape":"IntegerOptional", + "documentation":"

The maximum number of metadata model creation requests to include in the response. If more requests exist than the specified MaxRecords value, a pagination token is provided in the response so that you can retrieve the remaining results.

" + }, "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + } + } + }, + "DescribeMetadataModelCreationsResponse":{ + "type":"structure", + "members":{ + "Marker":{ "shape":"String", + "documentation":"

Specifies the unique pagination token that makes it possible to display the next page of metadata model creation requests. If Marker is returned, there are more metadata model creation requests available.

" + }, + "Requests":{ + "shape":"SchemaConversionRequestList", + "documentation":"

A list of metadata model creation requests. The ExportSqlDetails field will never be populated for the DescribeMetadataModelCreations operation.

" + } + } + }, + "DescribeMetadataModelExportsAsScriptMessage":{ + "type":"structure", + "required":["MigrationProjectIdentifier"], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "Filters":{ @@ -4336,7 +4588,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "Filters":{ @@ -4371,7 +4623,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "Filters":{ @@ -4401,6 +4653,49 @@ } } }, + "DescribeMetadataModelMessage":{ + "type":"structure", + "required":[ + "SelectionRules", + "MigrationProjectIdentifier", + "Origin" + ], + "members":{ + "SelectionRules":{ + "shape":"String", + "documentation":"

The JSON string that specifies which metadata model to retrieve. Only one selection rule with \"rule-action\": \"explicit\" can be provided. For more information, see Selection Rules in the DMS User Guide.

" + }, + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "Origin":{ + "shape":"OriginTypeValue", + "documentation":"

Specifies whether to retrieve metadata from the source or target tree. Valid values: SOURCE | TARGET

" + } + } + }, + "DescribeMetadataModelResponse":{ + "type":"structure", + "members":{ + "MetadataModelName":{ + "shape":"String", + "documentation":"

The name of the metadata model.

" + }, + "MetadataModelType":{ + "shape":"String", + "documentation":"

The type of the metadata model.

" + }, + "TargetMetadataModels":{ + "shape":"MetadataModelReferenceList", + "documentation":"

A list of counterpart metadata models in the target. This field is populated only when Origin is SOURCE and after the object has been converted by DMS Schema Conversion.

" + }, + "Definition":{ + "shape":"String", + "documentation":"

The SQL text of the metadata model. This field might not be populated for some metadata models.

" + } + } + }, "DescribeMigrationProjectsMessage":{ "type":"structure", "members":{ @@ -4500,7 +4795,7 @@ "members":{ "Filters":{ "shape":"FilterList", - "documentation":"

Filters applied to the limitations described in the form of key-value pairs.

" + "documentation":"

Filters applied to the limitations described in the form of key-value pairs.

Valid filter names: database-id | engine-name

" }, "MaxRecords":{ "shape":"IntegerOptional", @@ -4530,7 +4825,7 @@ "members":{ "Filters":{ "shape":"FilterList", - "documentation":"

Filters applied to the target engine recommendations described in the form of key-value pairs.

" + "documentation":"

Filters applied to the target engine recommendations described in the form of key-value pairs.

Valid filter names: database-id | engine-name

" }, "MaxRecords":{ "shape":"IntegerOptional", @@ -4889,7 +5184,7 @@ "members":{ "Filters":{ "shape":"FilterList", - "documentation":"

Filters applied to the replications.

" + "documentation":"

Filters applied to the replications.

Valid filter names: replication-config-arn | replication-config-id

" }, "MaxRecords":{ "shape":"IntegerOptional", @@ -5528,7 +5823,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -5734,6 +6029,32 @@ }, "documentation":"

Settings in JSON format for the source GCP MySQL endpoint.

" }, + "GetTargetSelectionRulesMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "SelectionRules" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"

The JSON string representing the source selection rules for conversion. Selection rules must contain only supported metadata model types. For more information, see Selection Rules in the DMS User Guide.

" + } + } + }, + "GetTargetSelectionRulesResponse":{ + "type":"structure", + "members":{ + "TargetSelectionRules":{ + "shape":"String", + "documentation":"

The JSON string representing the counterpart selection rules in the target.

" + } + } + }, "IBMDb2Settings":{ "type":"structure", "members":{ @@ -5796,6 +6117,74 @@ }, "documentation":"

Provides information that defines an IBM Db2 LUW endpoint.

" }, + "IbmDb2LuwDataProviderSettings":{ + "type":"structure", + "members":{ + "ServerName":{ + "shape":"String", + "documentation":"

The name of the DB2 LUW server.

" + }, + "Port":{ + "shape":"IntegerOptional", + "documentation":"

The port value for the DB2 LUW data provider.

" + }, + "DatabaseName":{ + "shape":"String", + "documentation":"

The database name on the DB2 LUW data provider.

" + }, + "SslMode":{ + "shape":"DmsSslModeValue", + "documentation":"

The SSL mode used to connect to the DB2 LUW data provider. The default value is none. Valid Values: none and verify-ca.

" + }, + "CertificateArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" + } + }, + "documentation":"

Provides information about an IBM DB2 LUW data provider.

" + }, + "IbmDb2zOsDataProviderSettings":{ + "type":"structure", + "members":{ + "ServerName":{ + "shape":"String", + "documentation":"

The name of the DB2 for z/OS server.

" + }, + "Port":{ + "shape":"IntegerOptional", + "documentation":"

The port value for the DB2 for z/OS data provider.

" + }, + "DatabaseName":{ + "shape":"String", + "documentation":"

The database name on the DB2 for z/OS data provider.

" + }, + "SslMode":{ + "shape":"DmsSslModeValue", + "documentation":"

The SSL mode used to connect to the DB2 for z/OS data provider. The default value is none. Valid Values: none and verify-ca.

" + }, + "CertificateArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" + } + }, + "documentation":"

Provides information about an IBM DB2 for z/OS data provider.

" + }, "ImportCertificateMessage":{ "type":"structure", "required":["CertificateIdentifier"], @@ -5848,7 +6237,7 @@ }, "KmsKeyArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses your default encryption key.

KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.

" + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses an Amazon Web Services owned encryption key to encrypt your resources.

" }, "PubliclyAccessible":{ "shape":"BooleanOptional", @@ -6135,18 +6524,18 @@ "members":{ "KeyCacheSecretId":{ "shape":"String", - "documentation":"

Specifies the secret ID of the key cache for the replication instance.

" + "documentation":"

Specifies the ID of the secret that stores the key cache file required for kerberos authentication.

" }, "KeyCacheSecretIamArn":{ "shape":"String", - "documentation":"

Specifies the Amazon Resource Name (ARN) of the IAM role that grants Amazon Web Services DMS access to the secret containing key cache file for the replication instance.

" + "documentation":"

Specifies the Amazon Resource Name (ARN) of the IAM role that grants Amazon Web Services DMS access to the secret containing key cache file for the kerberos authentication.

" }, "Krb5FileContents":{ "shape":"String", - "documentation":"

Specifies the ID of the secret that stores the key cache file required for kerberos authentication of the replication instance.

" + "documentation":"

Specifies the contents of krb5 configuration file required for kerberos authentication.

" } }, - "documentation":"

Specifies using Kerberos authentication settings for use with DMS.

" + "documentation":"

Specifies the settings required for kerberos authentication when creating the replication instance.

" }, "KeyList":{ "type":"list", @@ -6288,6 +6677,14 @@ "CertificateArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines a MariaDB data provider.

" @@ -6303,6 +6700,35 @@ "json-unformatted" ] }, + "MetadataModelProperties":{ + "type":"structure", + "members":{ + "StatementProperties":{ + "shape":"StatementProperties", + "documentation":"

The properties of the statement.

" + } + }, + "documentation":"

The properties of metadata model in JSON format. This object is a Union. Only one member of this object can be specified or returned.

", + "union":true + }, + "MetadataModelReference":{ + "type":"structure", + "members":{ + "MetadataModelName":{ + "shape":"String", + "documentation":"

The name of the metadata model.

" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"

The JSON string representing metadata model location.

" + } + }, + "documentation":"

A reference to a metadata model, including its name and selection rules for location identification.

" + }, + "MetadataModelReferenceList":{ + "type":"list", + "member":{"shape":"MetadataModelReference"} + }, "MicrosoftSQLServerSettings":{ "type":"structure", "members":{ @@ -6376,7 +6802,7 @@ }, "AuthenticationMethod":{ "shape":"SqlServerAuthenticationMethod", - "documentation":"

Specifies using Kerberos authentication with Microsoft SQL Server.

" + "documentation":"

Specifies the authentication method to be used with Microsoft SQL Server.

" } }, "documentation":"

Provides information that defines a Microsoft SQL Server endpoint.

" @@ -6403,6 +6829,14 @@ "CertificateArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines a Microsoft SQL Server data provider.

" @@ -6453,6 +6887,10 @@ }, "documentation":"

Provides information that defines a migration project.

" }, + "MigrationProjectIdentifier":{ + "type":"string", + "max":255 + }, "MigrationProjectList":{ "type":"list", "member":{"shape":"MigrationProject"} @@ -6473,7 +6911,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "ConversionConfiguration":{ @@ -6519,6 +6957,10 @@ "shape":"SourceDataSettings", "documentation":"

The new information about the source data provider for the data migration.

" }, + "TargetDataSettings":{ + "shape":"TargetDataSettings", + "documentation":"

The new information about the target data provider for the data migration.

" + }, "NumberOfJobs":{ "shape":"IntegerOptional", "documentation":"

The number of parallel jobs that trigger parallel threads to unload the tables from the source, and then load them to the target.

" @@ -6556,7 +6998,11 @@ }, "Engine":{ "shape":"String", - "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + "documentation":"

The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.

" + }, + "Virtual":{ + "shape":"BooleanOptional", + "documentation":"

Indicates whether the data provider is virtual.

" }, "ExactSettings":{ "shape":"BooleanOptional", @@ -6778,7 +7224,7 @@ }, "KmsKeyArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses your default encryption key.

KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.

" + "documentation":"

The Amazon Resource Name (ARN) of the KMS key that is used to encrypt the connection parameters for the instance profile.

If you don't specify a value for the KmsKeyArn parameter, then DMS uses an Amazon Web Services owned encryption key to encrypt your resources.

" }, "PubliclyAccessible":{ "shape":"BooleanOptional", @@ -6968,7 +7414,7 @@ }, "KerberosAuthenticationSettings":{ "shape":"KerberosAuthenticationSettings", - "documentation":"

Specifies the ID of the secret that stores the key cache file required for kerberos authentication, when modifying a replication instance.

" + "documentation":"

Specifies the settings required for kerberos authentication when modifying a replication instance.

" } }, "documentation":"

" @@ -7204,6 +7650,13 @@ }, "documentation":"

" }, + "MySQLAuthenticationMethod":{ + "type":"string", + "enum":[ + "password", + "iam" + ] + }, "MySQLSettings":{ "type":"structure", "members":{ @@ -7266,6 +7719,14 @@ "ExecuteTimeout":{ "shape":"IntegerOptional", "documentation":"

Sets the client statement timeout (in seconds) for a MySQL source endpoint.

" + }, + "ServiceAccessRoleArn":{ + "shape":"String", + "documentation":"

The IAM role you can use to authenticate when connecting to your endpoint. Ensure to include iam:PassRole and rds-db:connect actions in permission policy.

" + }, + "AuthenticationMethod":{ + "shape":"MySQLAuthenticationMethod", + "documentation":"

This attribute allows you to specify the authentication method as \"iam auth\".

" } }, "documentation":"

Provides information that defines a MySQL endpoint.

" @@ -7288,6 +7749,14 @@ "CertificateArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines a MySQL data provider.

" @@ -7386,6 +7855,14 @@ "SecretsManagerSecurityDbEncryptionAccessRoleArn":{ "shape":"String", "documentation":"

The ARN of the IAM role that provides access to the secret in Secrets Manager that contains the TDE password.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines an Oracle data provider.

" @@ -7567,7 +8044,7 @@ }, "AuthenticationMethod":{ "shape":"OracleAuthenticationMethod", - "documentation":"

Specifies using Kerberos authentication with Oracle.

" + "documentation":"

Specifies the authentication method to be used with Oracle.

" } }, "documentation":"

Provides information that defines an Oracle endpoint.

" @@ -7678,6 +8155,13 @@ "pglogical" ] }, + "PostgreSQLAuthenticationMethod":{ + "type":"string", + "enum":[ + "password", + "iam" + ] + }, "PostgreSQLSettings":{ "type":"structure", "members":{ @@ -7780,6 +8264,14 @@ "DisableUnicodeSourceFilter":{ "shape":"BooleanOptional", "documentation":"

Disables the Unicode source filter with PostgreSQL, for values passed into the Selection rule filter on Source Endpoint column values. By default DMS performs source filter comparisons using a Unicode string which can cause look ups to ignore the indexes in the text columns and slow down migrations.

Unicode support should only be disabled when using a selection rule filter is on a text column in the Source database that is indexed.

" + }, + "ServiceAccessRoleArn":{ + "shape":"String", + "documentation":"

The IAM role arn you can use to authenticate the connection to your endpoint. Ensure to include iam:PassRole and rds-db:connect actions in permission policy.

" + }, + "AuthenticationMethod":{ + "shape":"PostgreSQLAuthenticationMethod", + "documentation":"

This attribute allows you to specify the authentication method as \"iam auth\".

" } }, "documentation":"

Provides information that defines a PostgreSQL endpoint.

" @@ -7806,10 +8298,66 @@ "CertificateArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the certificate used for SSL connection.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines a PostgreSQL data provider.

" }, + "PremigrationAssessmentStatus":{ + "type":"structure", + "members":{ + "PremigrationAssessmentRunArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of this assessment run.

" + }, + "FailOnAssessmentFailure":{ + "shape":"Boolean", + "documentation":"

A configurable setting you can set to true (the defualt setting) or false. Use this setting to to stop the replication from starting automatically if the assessment fails. This can help you evaluate the issue that is preventing the replication from running successfully.

" + }, + "Status":{ + "shape":"String", + "documentation":"

This describes the assessment run status. The status can be one of the following values:

  • cancelling: The assessment run was canceled.

  • deleting: The assessment run was deleted.

  • failed: At least one individual assessment completed with a failed status.

  • error-provisioning: An internal error occurred while resources were provisioned (during the provisioning status).

  • error-executing An internal error occurred while individual assessments ran (during the running status).

  • invalid state: The assessment run is in an unknown state.

  • passed: All individual assessments have completed and none have a failed status.

  • provisioning: The resources required to run individual assessments are being provisioned.

  • running: Individual assessments are being run.

  • starting: The assessment run is starting, but resources are not yet being provisioned for individual assessments.

  • warning: At least one individual assessment completed with a warning status.

" + }, + "PremigrationAssessmentRunCreationDate":{ + "shape":"TStamp", + "documentation":"

The date which the assessment run was created.

" + }, + "AssessmentProgress":{"shape":"ReplicationTaskAssessmentRunProgress"}, + "LastFailureMessage":{ + "shape":"String", + "documentation":"

The last message generated by an individual assessment failure.

" + }, + "ResultLocationBucket":{ + "shape":"String", + "documentation":"

The Amazon S3 bucket that Database Migration Service Serverless created to store the results of this assessment run.

" + }, + "ResultLocationFolder":{ + "shape":"String", + "documentation":"

The folder within an Amazon S3 bucket where you want Database Migration Service to store the results of this assessment run.

" + }, + "ResultEncryptionMode":{ + "shape":"String", + "documentation":"

The supported values are SSE_KMS and SSE_S3. If these values are not provided, then the files are not encrypted at rest. For more information, see Creating Amazon Web Services KMS keys to encrypt Amazon S3 target objects.

" + }, + "ResultKmsKeyArn":{ + "shape":"String", + "documentation":"

The ARN of a custom KMS encryption key that you specify when you set ResultEncryptionMode to SSE_KMS.

" + }, + "ResultStatistic":{"shape":"ReplicationTaskAssessmentRunResultStatistic"} + }, + "documentation":"

The results returned in describe-replications to display the results of the premigration assessment from the replication configuration.

" + }, + "PremigrationAssessmentStatusList":{ + "type":"list", + "member":{"shape":"PremigrationAssessmentStatus"} + }, "ProvisionData":{ "type":"structure", "members":{ @@ -8088,6 +8636,14 @@ "DatabaseName":{ "shape":"String", "documentation":"

The database name on the Amazon Redshift data provider.

" + }, + "S3Path":{ + "shape":"String", + "documentation":"

The path for the Amazon S3 bucket that the application uses for accessing the user-defined schema.

" + }, + "S3AccessRoleArn":{ + "shape":"String", + "documentation":"

The ARN for the role the application uses to access its Amazon S3 bucket.

" } }, "documentation":"

Provides information that defines an Amazon Redshift data provider.

" @@ -8380,8 +8936,7 @@ }, "RemoveTagsFromResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

" }, "Replication":{ @@ -8415,6 +8970,10 @@ "shape":"ProvisionData", "documentation":"

Information about provisioning resources for an DMS serverless replication.

" }, + "PremigrationAssessmentStatuses":{ + "shape":"PremigrationAssessmentStatusList", + "documentation":"

The status output of premigration assessment in describe-replications.

" + }, "StopReason":{ "shape":"String", "documentation":"

The reason the replication task was stopped. This response parameter can return one of the following values:

  • \"Stop Reason NORMAL\"

  • \"Stop Reason RECOVERABLE_ERROR\"

  • \"Stop Reason FATAL_ERROR\"

  • \"Stop Reason FULL_LOAD_ONLY_FINISHED\"

  • \"Stop Reason STOPPED_AFTER_FULL_LOAD\" – Full load completed, with cached changes not applied

  • \"Stop Reason STOPPED_AFTER_CACHED_EVENTS\" – Full load completed, with cached changes applied

  • \"Stop Reason EXPRESS_LICENSE_LIMITS_REACHED\"

  • \"Stop Reason STOPPED_AFTER_DDL_APPLY\" – User-defined stop task after DDL applied

  • \"Stop Reason STOPPED_DUE_TO_LOW_MEMORY\"

  • \"Stop Reason STOPPED_DUE_TO_LOW_DISK\"

  • \"Stop Reason STOPPED_AT_SERVER_TIME\" – User-defined server time for stopping task

  • \"Stop Reason STOPPED_AT_COMMIT_TIME\" – User-defined commit time for stopping task

  • \"Stop Reason RECONFIGURATION_RESTART\"

  • \"Stop Reason RECYCLE_TASK\"

" @@ -8634,7 +9193,7 @@ }, "KerberosAuthenticationSettings":{ "shape":"KerberosAuthenticationSettings", - "documentation":"

Specifies the ID of the secret that stores the key cache file required for kerberos authentication, when replicating an instance.

" + "documentation":"

Specifies the settings required for kerberos authentication when replicating an instance.

" } }, "documentation":"

Provides information that defines a replication instance.

" @@ -8943,7 +9502,7 @@ }, "Status":{ "shape":"String", - "documentation":"

Assessment run status.

This status can have one of the following values:

  • \"cancelling\" – The assessment run was canceled by the CancelReplicationTaskAssessmentRun operation.

  • \"deleting\" – The assessment run was deleted by the DeleteReplicationTaskAssessmentRun operation.

  • \"failed\" – At least one individual assessment completed with a failed status.

  • \"error-provisioning\" – An internal error occurred while resources were provisioned (during provisioning status).

  • \"error-executing\" – An internal error occurred while individual assessments ran (during running status).

  • \"invalid state\" – The assessment run is in an unknown state.

  • \"passed\" – All individual assessments have completed, and none has a failed status.

  • \"provisioning\" – Resources required to run individual assessments are being provisioned.

  • \"running\" – Individual assessments are being run.

  • \"starting\" – The assessment run is starting, but resources are not yet being provisioned for individual assessments.

  • \"warning\" – At least one individual assessment completed with a warning status.

" + "documentation":"

Assessment run status.

This status can have one of the following values:

  • \"cancelling\" – The assessment run was canceled by the CancelReplicationTaskAssessmentRun operation.

  • \"deleting\" – The assessment run was deleted by the DeleteReplicationTaskAssessmentRun operation.

  • \"failed\" – At least one individual assessment completed with a failed status.

  • \"error-provisioning\" – An internal error occurred while resources were provisioned (during provisioning status).

  • \"error-executing\" – An internal error occurred while individual assessments ran (during running status).

  • \"invalid state\" – The assessment run is in an unknown state.

  • \"passed\" – All individual assessments have completed, and none has a failed status.

  • \"provisioning\" – Resources required to run individual assessments are being provisioned.

  • \"running\" – Individual assessments are being run.

  • \"starting\" – The assessment run is starting, but resources are not yet being provisioned for individual assessments.

  • \"warning\" – At least one individual assessment completed with a warning status or all individual assessments were skipped (completed with a skipped status).

" }, "ReplicationTaskAssessmentRunCreationDate":{ "shape":"TStamp", @@ -9032,6 +9591,10 @@ "Cancelled":{ "shape":"Integer", "documentation":"

The number of individual assessments that were cancelled during the assessment run.

" + }, + "Skipped":{ + "shape":"Integer", + "documentation":"

The number of individual assessments that were skipped during the assessment run.

" } }, "documentation":"

The object containing the result statistics for a completed assessment run.

" @@ -9053,7 +9616,7 @@ }, "Status":{ "shape":"String", - "documentation":"

Individual assessment status.

This status can have one of the following values:

  • \"cancelled\"

  • \"error\"

  • \"failed\"

  • \"passed\"

  • \"pending\"

  • \"running\"

" + "documentation":"

Individual assessment status.

This status can have one of the following values:

  • \"cancelled\"

  • \"error\"

  • \"failed\"

  • \"passed\"

  • \"pending\"

  • \"skipped\"

  • \"running\"

" }, "ReplicationTaskIndividualAssessmentStartDate":{ "shape":"TStamp", @@ -9354,7 +9917,7 @@ }, "DatePartitionTimezone":{ "shape":"String", - "documentation":"

When creating an S3 target endpoint, set DatePartitionTimezone to convert the current UTC time into a specified time zone. The conversion occurs when a date partition folder is created and a CDC filename is generated. The time zone format is Area/Location. Use this parameter when DatePartitionedEnabled is set to true, as shown in the following example.

s3-settings='{\"DatePartitionEnabled\": true, \"DatePartitionSequence\": \"YYYYMMDDHH\", \"DatePartitionDelimiter\": \"SLASH\", \"DatePartitionTimezone\":\"Asia/Seoul\", \"BucketName\": \"dms-nattarat-test\"}'

" + "documentation":"

When creating an S3 target endpoint, set DatePartitionTimezone to convert the current UTC time into a specified time zone. The conversion occurs when a date partition folder is created and a CDC filename is generated. The time zone format is Area/Location. Use this parameter when DatePartitionedEnabled is set to true, as shown in the following example:

s3-settings='{\"DatePartitionEnabled\": true, \"DatePartitionSequence\": \"YYYYMMDDHH\", \"DatePartitionDelimiter\": \"SLASH\", \"DatePartitionTimezone\":\"Asia/Seoul\", \"BucketName\": \"dms-nattarat-test\"}'

" }, "AddTrailingPaddingCharacter":{ "shape":"BooleanOptional", @@ -9609,7 +10172,7 @@ "required":["MigrationProjectIdentifier"], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" } } @@ -9631,7 +10194,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -9657,7 +10220,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -9675,6 +10238,42 @@ } } }, + "StartMetadataModelCreationMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "SelectionRules", + "MetadataModelName", + "Properties" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"

The migration project name or Amazon Resource Name (ARN).

" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"

The JSON string that specifies the location where the metadata model will be created. Selection rules must specify a single schema. For more information, see Selection Rules in the DMS User Guide.

" + }, + "MetadataModelName":{ + "shape":"String", + "documentation":"

The name of the metadata model.

" + }, + "Properties":{ + "shape":"MetadataModelProperties", + "documentation":"

The properties of metadata model in JSON format. This object is a Union. Only one member of this object can be specified or returned.

" + } + } + }, + "StartMetadataModelCreationResponse":{ + "type":"structure", + "members":{ + "RequestIdentifier":{ + "shape":"String", + "documentation":"

The identifier for the metadata model creation operation.

" + } + } + }, "StartMetadataModelExportAsScriptMessage":{ "type":"structure", "required":[ @@ -9684,7 +10283,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -9718,7 +10317,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -9749,7 +10348,7 @@ ], "members":{ "MigrationProjectIdentifier":{ - "shape":"String", + "shape":"MigrationProjectIdentifier", "documentation":"

The migration project name or Amazon Resource Name (ARN).

" }, "SelectionRules":{ @@ -9829,6 +10428,10 @@ "shape":"String", "documentation":"

The replication type.

When the replication type is full-load or full-load-and-cdc, the only valid value for the first run of the replication is start-replication. This option will start the replication.

You can also use ReloadTables to reload specific tables that failed during replication instead of restarting the replication.

The resume-processing option isn't applicable for a full-load replication, because you can't resume partially loaded tables during the full load phase.

For a full-load-and-cdc replication, DMS migrates table data, and then applies data changes that occur on the source. To load all the tables again, and start capturing source changes, use reload-target. Otherwise use resume-processing, to replicate the changes from the last stop position.

" }, + "PremigrationAssessmentSettings":{ + "shape":"String", + "documentation":"

User-defined settings for the premigration assessment. The possible values are:

  • ResultLocationFolder: The folder within an Amazon S3 bucket where you want DMS to store the results of this assessment run.

  • ResultEncryptionMode: The supported values are SSE_KMS and SSE_S3. If these values are not provided, then the files are not encrypted at rest. For more information, see Creating Amazon Web Services KMS keys to encrypt Amazon S3 target objects.

  • ResultKmsKeyArn: The ARN of a customer KMS encryption key that you specify when you set ResultEncryptionMode to SSE_KMS.

  • IncludeOnly: A space-separated list of names for specific individual assessments that you want to include. These names come from the default list of individual assessments that Database Migration Service supports for the associated migration.

  • Exclude: A space-separated list of names for specific individual assessments that you want to exclude. These names come from the default list of individual assessments that Database Migration Service supports for the associated migration.

  • FailOnAssessmentFailure: A configurable setting you can set to true (the default setting) or false. Use this setting to to stop the replication from starting automatically if the assessment fails. This can help you evaluate the issue that is preventing the replication from running successfully.

" + }, "CdcStartTime":{ "shape":"TStamp", "documentation":"

Indicates the start time for a change data capture (CDC) operation. Use either CdcStartTime or CdcStartPosition to specify when you want a CDC operation to start. Specifying both values results in an error.

" @@ -9958,7 +10561,7 @@ }, "StartReplicationTaskType":{ "shape":"StartReplicationTaskTypeValue", - "documentation":"

The type of replication task to start.

When the migration type is full-load or full-load-and-cdc, the only valid value for the first run of the task is start-replication. This option will start the migration.

You can also use ReloadTables to reload specific tables that failed during migration instead of restarting the task.

The resume-processing option isn't applicable for a full-load task, because you can't resume partially loaded tables during the full load phase.

For a full-load-and-cdc task, DMS migrates table data, and then applies data changes that occur on the source. To load all the tables again, and start capturing source changes, use reload-target. Otherwise use resume-processing, to replicate the changes from the last stop position.

" + "documentation":"

The type of replication task to start.

start-replication is the only valid action that can be used for the first time a task with the migration type of full-loadfull-load, full-load-and-cdc or cdc is run. Any other action used for the first time on a given task, such as resume-processing and reload-target will result in data errors.

You can also use ReloadTables to reload specific tables that failed during migration instead of restarting the task.

For a full-load task, the resume-processing option will reload any tables that were partially loaded or not yet loaded during the full load phase.

For a full-load-and-cdc task, DMS migrates table data, and then applies data changes that occur on the source. To load all the tables again, and start capturing source changes, use reload-target. Otherwise use resume-processing, to replicate the changes from the last stop position.

For a cdc only task, to start from a specific position, you must use start-replication and also specify the start position. Check the source endpoint DMS documentation for any limitations. For example, not all sources support starting from a time.

resume-processing is only available for previously executed tasks.

" }, "CdcStartTime":{ "shape":"TStamp", @@ -9993,6 +10596,17 @@ "reload-target" ] }, + "StatementProperties":{ + "type":"structure", + "required":["Definition"], + "members":{ + "Definition":{ + "shape":"String", + "documentation":"

The SQL text of the statement.

" + } + }, + "documentation":"

The properties of the statement for metadata model creation.

" + }, "StopDataMigrationMessage":{ "type":"structure", "required":["DataMigrationIdentifier"], @@ -10175,6 +10789,14 @@ "type":"list", "member":{"shape":"TableToReload"} }, + "TablePreparationMode":{ + "type":"string", + "enum":[ + "drop-tables-on-target", + "truncate", + "do-nothing" + ] + }, "TableStatistics":{ "type":"structure", "members":{ @@ -10269,6 +10891,26 @@ "ValidationStateDetails":{ "shape":"String", "documentation":"

Additional details about the state of validation.

" + }, + "ResyncState":{ + "shape":"String", + "documentation":"

Records the current state of table resynchronization in the migration task.

This parameter can have the following values:

  • Not enabled – Resync is not enabled for the table in the migration task.

  • Pending – The tables are waiting for resync.

  • In progress – Resync in progress for some records in the table.

  • No primary key – The table could not be resynced because it has no primary key.

  • Last resync at: date/time – Resync session is finished at time. Time provided in UTC format.

" + }, + "ResyncRowsAttempted":{ + "shape":"LongOptional", + "documentation":"

Records the total number of mismatched data rows where the system attempted to apply fixes in the target database.

" + }, + "ResyncRowsSucceeded":{ + "shape":"LongOptional", + "documentation":"

Records the total number of mismatched data rows where fixes were successfully applied in the target database.

" + }, + "ResyncRowsFailed":{ + "shape":"LongOptional", + "documentation":"

Records the total number of mismatched data rows where fix attempts failed in the target database.

" + }, + "ResyncProgress":{ + "shape":"DoubleOptional", + "documentation":"

Calculates the percentage of failed validations that were successfully resynced to the system.

" } }, "documentation":"

Provides a collection of table statistics in response to a request by the DescribeTableStatistics operation.

" @@ -10317,6 +10959,20 @@ "type":"list", "member":{"shape":"Tag"} }, + "TargetDataSetting":{ + "type":"structure", + "members":{ + "TablePreparationMode":{ + "shape":"TablePreparationMode", + "documentation":"

This setting determines how DMS handles the target tables before starting a data migration, either by leaving them untouched, dropping and recreating them, or truncating the existing data in the target tables.

" + } + }, + "documentation":"

Defines settings for a target data provider for a data migration.

" + }, + "TargetDataSettings":{ + "type":"list", + "member":{"shape":"TargetDataSetting"} + }, "TargetDbType":{ "type":"string", "enum":[ diff -pruN 2.23.6-1/awscli/botocore/data/docdb/2014-10-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/docdb/2014-10-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/docdb/2014-10-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/docdb/2014-10-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/docdb/2014-10-31/service-2.json 2.31.35-1/awscli/botocore/data/docdb/2014-10-31/service-2.json --- 2.23.6-1/awscli/botocore/data/docdb/2014-10-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/docdb/2014-10-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -131,7 +131,8 @@ {"shape":"DBInstanceNotFoundFault"}, {"shape":"DBSubnetGroupDoesNotCoverEnoughAZs"}, {"shape":"GlobalClusterNotFoundFault"}, - {"shape":"InvalidGlobalClusterStateFault"} + {"shape":"InvalidGlobalClusterStateFault"}, + {"shape":"NetworkTypeNotSupported"} ], "documentation":"

Creates a new Amazon DocumentDB cluster.

" }, @@ -261,7 +262,7 @@ {"shape":"InvalidDBClusterStateFault"}, {"shape":"DBClusterNotFoundFault"} ], - "documentation":"

Creates an Amazon DocumentDB global cluster that can span multiple multiple Amazon Web Services Regions. The global cluster contains one primary cluster with read-write capability, and up-to give read-only secondary clusters. Global clusters uses storage-based fast replication across regions with latencies less than one second, using dedicated infrastructure with no impact to your workload’s performance.

You can create a global cluster that is initially empty, and then add a primary and a secondary to it. Or you can specify an existing cluster during the create operation, and this cluster becomes the primary of the global cluster.

This action only applies to Amazon DocumentDB clusters.

" + "documentation":"

Creates an Amazon DocumentDB global cluster that can span multiple multiple Amazon Web Services Regions. The global cluster contains one primary cluster with read-write capability, and up-to 10 read-only secondary clusters. Global clusters uses storage-based fast replication across regions with latencies less than one second, using dedicated infrastructure with no impact to your workload’s performance.

You can create a global cluster that is initially empty, and then add a primary and a secondary to it. Or you can specify an existing cluster during the create operation, and this cluster becomes the primary of the global cluster.

This action only applies to Amazon DocumentDB clusters.

" }, "DeleteDBCluster":{ "name":"DeleteDBCluster", @@ -699,7 +700,8 @@ {"shape":"DBClusterParameterGroupNotFoundFault"}, {"shape":"InvalidDBSecurityGroupStateFault"}, {"shape":"InvalidDBInstanceStateFault"}, - {"shape":"DBClusterAlreadyExistsFault"} + {"shape":"DBClusterAlreadyExistsFault"}, + {"shape":"NetworkTypeNotSupported"} ], "documentation":"

Modifies a setting for an Amazon DocumentDB cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request.

" }, @@ -934,7 +936,8 @@ {"shape":"InvalidRestoreFault"}, {"shape":"DBSubnetGroupNotFoundFault"}, {"shape":"InvalidSubnet"}, - {"shape":"KMSKeyNotAccessibleFault"} + {"shape":"KMSKeyNotAccessibleFault"}, + {"shape":"NetworkTypeNotSupported"} ], "documentation":"

Creates a new cluster from a snapshot or cluster snapshot.

If a snapshot is specified, the target cluster is created from the source DB snapshot with a default configuration and default security group.

If a cluster snapshot is specified, the target cluster is created from the source cluster restore point with the same configuration as the original source DB cluster, except that the new cluster is created with the default security group.

" }, @@ -964,7 +967,8 @@ {"shape":"InvalidSubnet"}, {"shape":"InvalidVPCNetworkStateFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"StorageQuotaExceededFault"} + {"shape":"StorageQuotaExceededFault"}, + {"shape":"NetworkTypeNotSupported"} ], "documentation":"

Restores a cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target cluster is created from the source cluster with the same configuration as the original cluster, except that the new cluster is created with the default security group.

" }, @@ -1112,8 +1116,7 @@ }, "AuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified CIDR IP or Amazon EC2 security group isn't authorized for the specified security group.

Amazon DocumentDB also might not be authorized to perform necessary actions on your behalf using IAM.

", "error":{ "code":"AuthorizationNotFound", @@ -1220,8 +1223,7 @@ }, "CertificateNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

CertificateIdentifier doesn't refer to an existing certificate.

", "error":{ "code":"CertificateNotFound", @@ -1304,7 +1306,7 @@ "members":{ "SourceDBClusterSnapshotIdentifier":{ "shape":"String", - "documentation":"

The identifier of the cluster snapshot to copy. This parameter is not case sensitive.

Constraints:

  • Must specify a valid system snapshot in the available state.

  • If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid snapshot identifier.

  • If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid cluster snapshot ARN.

Example: my-cluster-snapshot1

" + "documentation":"

The identifier of the cluster snapshot to copy. This parameter is not case sensitive.

Constraints:

  • Must specify a valid cluster snapshot in the available state.

  • If the source cluster snapshot is in the same Amazon Web Services Region as the copy, specify a valid snapshot identifier.

  • If the source cluster snapshot is in a different Amazon Web Services Region or owned by another Amazon Web Services account, specify the snapshot ARN.

Example: my-cluster-snapshot1

" }, "TargetDBClusterSnapshotIdentifier":{ "shape":"String", @@ -1424,7 +1426,11 @@ }, "StorageType":{ "shape":"String", - "documentation":"

The storage type to associate with the DB cluster.

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

When you create a DocumentDB DB cluster with the storage type set to iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to standard.

" + "documentation":"

The storage type to associate with the DB cluster.

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

When you create an Amazon DocumentDB cluster with the storage type set to iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to standard.

" + }, + "ServerlessV2ScalingConfiguration":{ + "shape":"ServerlessV2ScalingConfiguration", + "documentation":"

Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.

" }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", @@ -1433,6 +1439,10 @@ "MasterUserSecretKmsKeyId":{ "shape":"String", "documentation":"

The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager. This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the DB cluster.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

" + }, + "NetworkType":{ + "shape":"String", + "documentation":"

The network type of the cluster.

The network type is determined by the DBSubnetGroup specified for the cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.

Valid Values: IPV4 | DUAL

" } }, "documentation":"

Represents the input to CreateDBCluster.

" @@ -1823,13 +1833,25 @@ "shape":"Boolean", "documentation":"

Specifies whether this cluster can be deleted. If DeletionProtection is enabled, the cluster cannot be deleted unless it is modified and DeletionProtection is disabled. DeletionProtection protects clusters from being accidentally deleted.

" }, + "IOOptimizedNextAllowedModificationTime":{ + "shape":"TStamp", + "documentation":"

The next time you can modify the Amazon DocumentDB cluster to use the iopt1 storage type.

" + }, "StorageType":{ "shape":"String", - "documentation":"

Storage type associated with your cluster

Storage type associated with your cluster

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" + "documentation":"

Storage type associated with your cluster

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" + }, + "ServerlessV2ScalingConfiguration":{ + "shape":"ServerlessV2ScalingConfigurationInfo", + "documentation":"

The scaling configuration of an Amazon DocumentDB Serverless cluster.

" }, "MasterUserSecret":{ "shape":"ClusterMasterUserSecret", "documentation":"

The secret managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the master user password.

" + }, + "NetworkType":{ + "shape":"String", + "documentation":"

The network type of the cluster.

The network type is determined by the DBSubnetGroup specified for the cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.

Valid Values: IPV4 | DUAL

" } }, "documentation":"

Detailed information about a cluster.

", @@ -1837,8 +1859,7 @@ }, "DBClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a cluster with the given identifier.

", "error":{ "code":"DBClusterAlreadyExistsFault", @@ -1906,8 +1927,7 @@ }, "DBClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBClusterIdentifier doesn't refer to an existing cluster.

", "error":{ "code":"DBClusterNotFoundFault", @@ -1972,8 +1992,7 @@ }, "DBClusterParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBClusterParameterGroupName doesn't refer to an existing cluster parameter group.

", "error":{ "code":"DBClusterParameterGroupNotFound", @@ -1998,8 +2017,7 @@ }, "DBClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The cluster can't be created because you have reached the maximum allowed quota of clusters.

", "error":{ "code":"DBClusterQuotaExceededFault", @@ -2102,7 +2120,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

Storage type associated with your cluster snapshot

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" + "documentation":"

Storage type associated with your cluster snapshot

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" } }, "documentation":"

Detailed information about a cluster snapshot.

", @@ -2110,8 +2128,7 @@ }, "DBClusterSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a cluster snapshot with the given identifier.

", "error":{ "code":"DBClusterSnapshotAlreadyExistsFault", @@ -2179,8 +2196,7 @@ }, "DBClusterSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBClusterSnapshotIdentifier doesn't refer to an existing cluster snapshot.

", "error":{ "code":"DBClusterSnapshotNotFoundFault", @@ -2231,6 +2247,10 @@ "SupportsCertificateRotationWithoutRestart":{ "shape":"BooleanOptional", "documentation":"

Indicates whether the engine version supports rotating the server certificate without rebooting the DB instance.

" + }, + "ServerlessV2FeaturesSupport":{ + "shape":"ServerlessV2FeaturesSupport", + "documentation":"

Specifies any Amazon DocumentDB Serverless properties or limits that differ between Amazon DocumentDB engine versions. You can test the values of this attribute when deciding which Amazon DocumentDB version to use in a new or upgraded cluster. You can also retrieve the version of an existing cluster and check whether that version supports certain Amazon DocumentDB Serverless features before you attempt to use those features.

" } }, "documentation":"

Detailed information about an engine version.

" @@ -2385,8 +2405,7 @@ }, "DBInstanceAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a instance with the given identifier.

", "error":{ "code":"DBInstanceAlreadyExists", @@ -2418,8 +2437,7 @@ }, "DBInstanceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBInstanceIdentifier doesn't refer to an existing instance.

", "error":{ "code":"DBInstanceNotFound", @@ -2459,8 +2477,7 @@ }, "DBParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A parameter group with the same name already exists.

", "error":{ "code":"DBParameterGroupAlreadyExists", @@ -2471,8 +2488,7 @@ }, "DBParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBParameterGroupName doesn't refer to an existing parameter group.

", "error":{ "code":"DBParameterGroupNotFound", @@ -2483,8 +2499,7 @@ }, "DBParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This request would cause you to exceed the allowed number of parameter groups.

", "error":{ "code":"DBParameterGroupQuotaExceeded", @@ -2495,8 +2510,7 @@ }, "DBSecurityGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBSecurityGroupName doesn't refer to an existing security group.

", "error":{ "code":"DBSecurityGroupNotFound", @@ -2507,8 +2521,7 @@ }, "DBSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBSnapshotIdentifier is already being used by an existing snapshot.

", "error":{ "code":"DBSnapshotAlreadyExists", @@ -2519,8 +2532,7 @@ }, "DBSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBSnapshotIdentifier doesn't refer to an existing snapshot.

", "error":{ "code":"DBSnapshotNotFound", @@ -2555,6 +2567,10 @@ "DBSubnetGroupArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) for the DB subnet group.

" + }, + "SupportedNetworkTypes":{ + "shape":"NetworkTypeList", + "documentation":"

The network type of the DB subnet group.

Valid Values: IPV4 | DUAL

A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

" } }, "documentation":"

Detailed information about a subnet group.

", @@ -2562,8 +2578,7 @@ }, "DBSubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBSubnetGroupName is already being used by an existing subnet group.

", "error":{ "code":"DBSubnetGroupAlreadyExists", @@ -2574,8 +2589,7 @@ }, "DBSubnetGroupDoesNotCoverEnoughAZs":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Subnets in the subnet group should cover at least two Availability Zones unless there is only one Availability Zone.

", "error":{ "code":"DBSubnetGroupDoesNotCoverEnoughAZs", @@ -2600,8 +2614,7 @@ }, "DBSubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

DBSubnetGroupName doesn't refer to an existing subnet group.

", "error":{ "code":"DBSubnetGroupNotFoundFault", @@ -2612,8 +2625,7 @@ }, "DBSubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request would cause you to exceed the allowed number of subnet groups.

", "error":{ "code":"DBSubnetGroupQuotaExceeded", @@ -2631,8 +2643,7 @@ }, "DBSubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request would cause you to exceed the allowed number of subnets in a subnet group.

", "error":{ "code":"DBSubnetQuotaExceededFault", @@ -2643,8 +2654,7 @@ }, "DBUpgradeDependencyFailureFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The upgrade failed because a resource that the depends on can't be modified.

", "error":{ "code":"DBUpgradeDependencyFailure", @@ -3190,6 +3200,7 @@ }, "documentation":"

Represents the input to DescribePendingMaintenanceActions.

" }, + "DoubleOptional":{"type":"double"}, "Endpoint":{ "type":"structure", "members":{ @@ -3352,8 +3363,7 @@ }, "EventSubscriptionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have reached the maximum number of event subscriptions.

", "error":{ "code":"EventSubscriptionQuotaExceeded", @@ -3448,6 +3458,37 @@ "GlobalCluster":{"shape":"GlobalCluster"} } }, + "FailoverState":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"FailoverStatus", + "documentation":"

The current status of the global cluster. Possible values are as follows:

  • pending – The service received a request to switch over or fail over the global cluster. The global cluster's primary cluster and the specified secondary cluster are being verified before the operation starts.

  • failing-over – The chosen secondary cluster is being promoted to become the new primary cluster to fail over the global cluster.

  • cancelling – The request to switch over or fail over the global cluster was cancelled and the primary cluster and the selected secondary cluster are returning to their previous states.

" + }, + "FromDbClusterArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon DocumentDB cluster that is currently being demoted, and which is associated with this state.

" + }, + "ToDbClusterArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon DocumentDB cluster that is currently being promoted, and which is associated with this state.

" + }, + "IsDataLossAllowed":{ + "shape":"Boolean", + "documentation":"

Indicates whether the operation is a global switchover or a global failover. If data loss is allowed, then the operation is a global failover. Otherwise, it's a switchover.

" + } + }, + "documentation":"

Contains the state of scheduled or in-process operations on an Amazon DocumentDB global cluster. This data type is empty unless a switchover or failover operation is scheduled or is in progress on the global cluster.

", + "wrapper":true + }, + "FailoverStatus":{ + "type":"string", + "enum":[ + "pending", + "failing-over", + "cancelling" + ] + }, "Filter":{ "type":"structure", "required":[ @@ -3489,7 +3530,7 @@ }, "GlobalClusterResourceId":{ "shape":"String", - "documentation":"

The Amazon Web Services Region-unique, immutable identifier for the global database cluster. This identifier is found in CloudTrail log entries whenever the KMS customer master key (CMK) for the cluster is accessed.

" + "documentation":"

The Amazon Web Services RegionRegion-unique, immutable identifier for the global database cluster. This identifier is found in CloudTrail log entries whenever the KMS customer master key (CMK) for the cluster is accessed.

" }, "GlobalClusterArn":{ "shape":"String", @@ -3522,6 +3563,14 @@ "GlobalClusterMembers":{ "shape":"GlobalClusterMemberList", "documentation":"

The list of cluster IDs for secondary clusters within the global cluster. Currently limited to one item.

" + }, + "FailoverState":{ + "shape":"FailoverState", + "documentation":"

A data object containing all properties for the current state of an in-process or pending switchover or failover process for this global cluster. This object is empty unless the SwitchoverGlobalCluster or FailoverGlobalCluster operation was called on this global cluster.

" + }, + "TagList":{ + "shape":"TagList", + "documentation":"

A list of global cluster tags.

" } }, "documentation":"

A data type representing an Amazon DocumentDB global cluster.

", @@ -3529,8 +3578,7 @@ }, "GlobalClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The GlobalClusterIdentifier already exists. Choose a new global cluster identifier (unique name) to create a new global cluster.

", "error":{ "code":"GlobalClusterAlreadyExistsFault", @@ -3561,11 +3609,15 @@ }, "Readers":{ "shape":"ReadersArnList", - "documentation":"

The Amazon Resource Name (ARN) for each read-only secondary cluster associated with the Aurora global cluster.

" + "documentation":"

The Amazon Resource Name (ARN) for each read-only secondary cluster associated with the Amazon DocumentDB global cluster.

" }, "IsWriter":{ "shape":"Boolean", "documentation":"

Specifies whether the Amazon DocumentDB cluster is the primary cluster (that is, has read-write capability) for the Amazon DocumentDB global cluster with which it is associated.

" + }, + "SynchronizationStatus":{ + "shape":"GlobalClusterMemberSynchronizationStatus", + "documentation":"

The status of synchronization of each Amazon DocumentDB cluster in the global cluster.

" } }, "documentation":"

A data structure with information about any primary and secondary clusters associated with an Amazon DocumentDB global clusters.

", @@ -3578,10 +3630,16 @@ "locationName":"GlobalClusterMember" } }, + "GlobalClusterMemberSynchronizationStatus":{ + "type":"string", + "enum":[ + "connected", + "pending-resync" + ] + }, "GlobalClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The GlobalClusterIdentifier doesn't refer to an existing global cluster.

", "error":{ "code":"GlobalClusterNotFoundFault", @@ -3592,8 +3650,7 @@ }, "GlobalClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of global clusters for this account is already at the maximum allowed.

", "error":{ "code":"GlobalClusterQuotaExceededFault", @@ -3617,8 +3674,7 @@ }, "InstanceQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request would cause you to exceed the allowed number of instances.

", "error":{ "code":"InstanceQuotaExceeded", @@ -3629,8 +3685,7 @@ }, "InsufficientDBClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The cluster doesn't have enough capacity for the current operation.

", "error":{ "code":"InsufficientDBClusterCapacityFault", @@ -3641,8 +3696,7 @@ }, "InsufficientDBInstanceCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified instance class isn't available in the specified Availability Zone.

", "error":{ "code":"InsufficientDBInstanceCapacity", @@ -3653,8 +3707,7 @@ }, "InsufficientStorageClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is not enough storage available for the current action. You might be able to resolve this error by updating your subnet group to use different Availability Zones that have more storage available.

", "error":{ "code":"InsufficientStorageClusterCapacity", @@ -3667,8 +3720,7 @@ "IntegerOptional":{"type":"integer"}, "InvalidDBClusterSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The provided value isn't a valid cluster snapshot state.

", "error":{ "code":"InvalidDBClusterSnapshotStateFault", @@ -3679,8 +3731,7 @@ }, "InvalidDBClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The cluster isn't in a valid state.

", "error":{ "code":"InvalidDBClusterStateFault", @@ -3691,8 +3742,7 @@ }, "InvalidDBInstanceStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified instance isn't in the available state.

", "error":{ "code":"InvalidDBInstanceState", @@ -3703,8 +3753,7 @@ }, "InvalidDBParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The parameter group is in use, or it is in a state that is not valid. If you are trying to delete the parameter group, you can't delete it when the parameter group is in this state.

", "error":{ "code":"InvalidDBParameterGroupState", @@ -3715,8 +3764,7 @@ }, "InvalidDBSecurityGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The state of the security group doesn't allow deletion.

", "error":{ "code":"InvalidDBSecurityGroupState", @@ -3727,8 +3775,7 @@ }, "InvalidDBSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The state of the snapshot doesn't allow deletion.

", "error":{ "code":"InvalidDBSnapshotState", @@ -3739,8 +3786,7 @@ }, "InvalidDBSubnetGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The subnet group can't be deleted because it's in use.

", "error":{ "code":"InvalidDBSubnetGroupStateFault", @@ -3751,8 +3797,7 @@ }, "InvalidDBSubnetStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The subnet isn't in the available state.

", "error":{ "code":"InvalidDBSubnetStateFault", @@ -3763,8 +3808,7 @@ }, "InvalidEventSubscriptionStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Someone else might be modifying a subscription. Wait a few seconds, and try again.

", "error":{ "code":"InvalidEventSubscriptionState", @@ -3775,8 +3819,7 @@ }, "InvalidGlobalClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested operation can't be performed while the cluster is in this state.

", "error":{ "code":"InvalidGlobalClusterStateFault", @@ -3787,8 +3830,7 @@ }, "InvalidRestoreFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot restore from a virtual private cloud (VPC) backup to a non-VPC DB instance.

", "error":{ "code":"InvalidRestoreFault", @@ -3799,8 +3841,7 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested subnet is not valid, or multiple subnets were requested that are not all in a common virtual private cloud (VPC).

", "error":{ "code":"InvalidSubnet", @@ -3811,8 +3852,7 @@ }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The subnet group doesn't cover all Availability Zones after it is created because of changes that were made.

", "error":{ "code":"InvalidVPCNetworkStateFault", @@ -3823,8 +3863,7 @@ }, "KMSKeyNotAccessibleFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An error occurred when accessing an KMS key.

", "error":{ "code":"KMSKeyNotAccessibleFault", @@ -3910,7 +3949,7 @@ }, "AllowMajorVersionUpgrade":{ "shape":"Boolean", - "documentation":"

A value that indicates whether major version upgrades are allowed.

Constraints: You must allow major version upgrades when specifying a value for the EngineVersion parameter that is a different major version than the DB cluster's current version.

" + "documentation":"

A value that indicates whether major version upgrades are allowed.

Constraints:

  • You must allow major version upgrades when specifying a value for the EngineVersion parameter that is a different major version than the cluster's current version.

  • Since some parameters are version specific, changing them requires executing a new ModifyDBCluster API call after the in-place MVU completes.

Performing an MVU directly impacts the following parameters:

  • MasterUserPassword

  • NewDBClusterIdentifier

  • VpcSecurityGroupIds

  • Port

" }, "DeletionProtection":{ "shape":"BooleanOptional", @@ -3920,6 +3959,10 @@ "shape":"String", "documentation":"

The storage type to associate with the DB cluster.

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" }, + "ServerlessV2ScalingConfiguration":{ + "shape":"ServerlessV2ScalingConfiguration", + "documentation":"

Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.

" + }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", "documentation":"

Specifies whether to manage the master user password with Amazon Web Services Secrets Manager. If the cluster doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword. If the cluster already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, Amazon DocumentDB deletes the secret and uses the new password for the master user specified by MasterUserPassword.

" @@ -3931,6 +3974,10 @@ "RotateMasterUserPassword":{ "shape":"BooleanOptional", "documentation":"

Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the cluster. The secret value contains the updated password.

Constraint: You must apply the change immediately when rotating the master user password.

" + }, + "NetworkType":{ + "shape":"String", + "documentation":"

The network type of the cluster.

The network type is determined by the DBSubnetGroup specified for the cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.

Valid Values: IPV4 | DUAL

" } }, "documentation":"

Represents the input to ModifyDBCluster.

" @@ -4138,6 +4185,21 @@ "GlobalCluster":{"shape":"GlobalCluster"} } }, + "NetworkTypeList":{ + "type":"list", + "member":{"shape":"String"} + }, + "NetworkTypeNotSupported":{ + "type":"structure", + "members":{}, + "documentation":"

The network type is not supported by either DBSubnetGroup or the DB engine version.

", + "error":{ + "code":"NetworkTypeNotSupported", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "OrderableDBInstanceOption":{ "type":"structure", "members":{ @@ -4203,7 +4265,7 @@ }, "ParameterValue":{ "shape":"String", - "documentation":"

Specifies the value of the parameter.

" + "documentation":"

Specifies the value of the parameter. Must be one or more of the cluster parameter's AllowedValues in CSV format:

Valid values are:

  • enabled: The cluster accepts secure connections using TLS version 1.0 through 1.3.

  • disabled: The cluster does not accept secure connections using TLS.

  • fips-140-3: The cluster only accepts secure connections per the requirements of the Federal Information Processing Standards (FIPS) publication 140-3. Only supported starting with Amazon DocumentDB 5.0 (engine version 3.0.3727) clusters in these regions: ca-central-1, us-west-2, us-east-1, us-east-2, us-gov-east-1, us-gov-west-1.

  • tls1.2+: The cluster accepts secure connections using TLS version 1.2 and above. Only supported starting with Amazon DocumentDB 4.0 (engine version 2.0.10980) and Amazon DocumentDB 5.0 (engine version 3.0.11051).

  • tls1.3+: The cluster accepts secure connections using TLS version 1.3 and above. Only supported starting with Amazon DocumentDB 4.0 (engine version 2.0.10980) and Amazon DocumentDB 5.0 (engine version 3.0.11051).

" }, "Description":{ "shape":"String", @@ -4500,8 +4562,7 @@ }, "ResourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource ID was not found.

", "error":{ "code":"ResourceNotFoundFault", @@ -4585,9 +4646,17 @@ "shape":"String", "documentation":"

The name of the DB cluster parameter group to associate with this DB cluster.

Type: String.       Required: No.

If this argument is omitted, the default DB cluster parameter group is used. If supplied, must match the name of an existing default DB cluster parameter group. The string must consist of from 1 to 255 letters, numbers or hyphens. Its first character must be a letter, and it cannot end with a hyphen or contain two consecutive hyphens.

" }, + "ServerlessV2ScalingConfiguration":{ + "shape":"ServerlessV2ScalingConfiguration", + "documentation":"

Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.

" + }, "StorageType":{ "shape":"String", "documentation":"

The storage type to associate with the DB cluster.

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" + }, + "NetworkType":{ + "shape":"String", + "documentation":"

The network type of the cluster.

The network type is determined by the DBSubnetGroup specified for the cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.

Valid Values: IPV4 | DUAL

" } }, "documentation":"

Represents the input to RestoreDBClusterFromSnapshot.

" @@ -4653,9 +4722,17 @@ "shape":"BooleanOptional", "documentation":"

Specifies whether this cluster can be deleted. If DeletionProtection is enabled, the cluster cannot be deleted unless it is modified and DeletionProtection is disabled. DeletionProtection protects clusters from being accidentally deleted.

" }, + "ServerlessV2ScalingConfiguration":{ + "shape":"ServerlessV2ScalingConfiguration", + "documentation":"

Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.

" + }, "StorageType":{ "shape":"String", "documentation":"

The storage type to associate with the DB cluster.

For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide.

Valid values for storage type - standard | iopt1

Default value is standard

" + }, + "NetworkType":{ + "shape":"String", + "documentation":"

The network type of the cluster.

The network type is determined by the DBSubnetGroup specified for the cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.

Valid Values: IPV4 | DUAL

" } }, "documentation":"

Represents the input to RestoreDBClusterToPointInTime.

" @@ -4668,8 +4745,7 @@ }, "SNSInvalidTopicFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Amazon SNS has responded that there is a problem with the specified topic.

", "error":{ "code":"SNSInvalidTopic", @@ -4680,8 +4756,7 @@ }, "SNSNoAuthorizationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You do not have permission to publish to the SNS topic Amazon Resource Name (ARN).

", "error":{ "code":"SNSNoAuthorization", @@ -4692,8 +4767,7 @@ }, "SNSTopicArnNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The SNS topic Amazon Resource Name (ARN) does not exist.

", "error":{ "code":"SNSTopicArnNotFound", @@ -4702,10 +4776,51 @@ }, "exception":true }, - "SharedSnapshotQuotaExceededFault":{ + "ServerlessV2FeaturesSupport":{ + "type":"structure", + "members":{ + "MinCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The minimum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 8, 8.5, 9, and so on.

" + }, + "MaxCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The maximum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 32, 32.5, 33, and so on.

" + } + }, + "documentation":"

Specifies any Amazon DocumentDB Serverless properties or limits that differ between Amazon DocumentDB engine versions. You can test the values of this attribute when deciding which Amazon DocumentDB version to use in a new or upgraded cluster. You can also retrieve the version of an existing cluster and check whether that version supports certain Amazon DocumentDB Serverless features before you attempt to use those features.

" + }, + "ServerlessV2ScalingConfiguration":{ "type":"structure", "members":{ + "MinCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The minimum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 8, 8.5, 9, and so on.

" + }, + "MaxCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The maximum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 32, 32.5, 33, and so on.

" + } }, + "documentation":"

Sets the scaling configuration of an Amazon DocumentDB Serverless cluster.

" + }, + "ServerlessV2ScalingConfigurationInfo":{ + "type":"structure", + "members":{ + "MinCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The minimum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 8, 8.5, 9, and so on.

" + }, + "MaxCapacity":{ + "shape":"DoubleOptional", + "documentation":"

The maximum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. You can specify DCU values in half-step increments, such as 32, 32.5, 33, and so on.

" + } + }, + "documentation":"

Retrieves the scaling configuration for an Amazon DocumentDB Serverless cluster.

" + }, + "SharedSnapshotQuotaExceededFault":{ + "type":"structure", + "members":{}, "documentation":"

You have exceeded the maximum number of accounts that you can share a manual DB snapshot with.

", "error":{ "code":"SharedSnapshotQuotaExceeded", @@ -4716,8 +4831,7 @@ }, "SnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request would cause you to exceed the allowed number of snapshots.

", "error":{ "code":"SnapshotQuotaExceeded", @@ -4735,8 +4849,7 @@ }, "SourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested source could not be found.

", "error":{ "code":"SourceNotFound", @@ -4790,8 +4903,7 @@ }, "StorageQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request would cause you to exceed the allowed amount of storage available across all instances.

", "error":{ "code":"StorageQuotaExceeded", @@ -4802,8 +4914,7 @@ }, "StorageTypeNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Storage of the specified StorageType can't be associated with the DB instance.

", "error":{ "code":"StorageTypeNotSupported", @@ -4833,8 +4944,7 @@ }, "SubnetAlreadyInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The subnet is already in use in the Availability Zone.

", "error":{ "code":"SubnetAlreadyInUse", @@ -4859,8 +4969,7 @@ }, "SubscriptionAlreadyExistFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The provided subscription name already exists.

", "error":{ "code":"SubscriptionAlreadyExist", @@ -4871,8 +4980,7 @@ }, "SubscriptionCategoryNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The provided category does not exist.

", "error":{ "code":"SubscriptionCategoryNotFound", @@ -4883,8 +4991,7 @@ }, "SubscriptionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The subscription name does not exist.

", "error":{ "code":"SubscriptionNotFound", diff -pruN 2.23.6-1/awscli/botocore/data/docdb-elastic/2022-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/docdb-elastic/2022-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/docdb-elastic/2022-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/docdb-elastic/2022-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/drs/2020-02-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/drs/2020-02-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/drs/2020-02-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/drs/2020-02-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ds/2015-04-16/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ds/2015-04-16/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ds/2015-04-16/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds/2015-04-16/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ds/2015-04-16/paginators-1.json 2.31.35-1/awscli/botocore/data/ds/2015-04-16/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ds/2015-04-16/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds/2015-04-16/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -81,6 +81,12 @@ "limit_key": "Limit", "output_token": "NextToken", "result_key": "CertificatesInfo" + }, + "ListADAssessments": { + "input_token": "NextToken", + "limit_key": "Limit", + "output_token": "NextToken", + "result_key": "Assessments" } } } diff -pruN 2.23.6-1/awscli/botocore/data/ds/2015-04-16/service-2.json 2.31.35-1/awscli/botocore/data/ds/2015-04-16/service-2.json --- 2.23.6-1/awscli/botocore/data/ds/2015-04-16/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds/2015-04-16/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -193,6 +193,25 @@ ], "documentation":"

Creates a Simple AD directory. For more information, see Simple Active Directory in the Directory Service Admin Guide.

Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.

" }, + "CreateHybridAD":{ + "name":"CreateHybridAD", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateHybridADRequest"}, + "output":{"shape":"CreateHybridADResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"DirectoryLimitExceededException"}, + {"shape":"ADAssessmentLimitExceededException"}, + {"shape":"EntityDoesNotExistException"} + ], + "documentation":"

Creates a hybrid directory that connects your self-managed Active Directory (AD) infrastructure and Amazon Web Services.

You must have a successful directory assessment using StartADAssessment to validate your environment compatibility before you use this operation.

Updates are applied asynchronously. Use DescribeDirectories to monitor the progress of directory creation.

" + }, "CreateLogSubscription":{ "name":"CreateLogSubscription", "http":{ @@ -263,6 +282,23 @@ ], "documentation":"

Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.

This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.

" }, + "DeleteADAssessment":{ + "name":"DeleteADAssessment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteADAssessmentRequest"}, + "output":{"shape":"DeleteADAssessmentResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"EntityDoesNotExistException"} + ], + "documentation":"

Deletes a directory assessment and all associated data. This operation permanently removes the assessment results, validation reports, and configuration information.

You cannot delete system-initiated assessments. You can delete customer-created assessments even if they are in progress.

" + }, "DeleteConditionalForwarder":{ "name":"DeleteConditionalForwarder", "http":{ @@ -381,6 +417,39 @@ ], "documentation":"

Removes the specified directory as a publisher to the specified Amazon SNS topic.

" }, + "DescribeADAssessment":{ + "name":"DescribeADAssessment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeADAssessmentRequest"}, + "output":{"shape":"DescribeADAssessmentResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"EntityDoesNotExistException"} + ], + "documentation":"

Retrieves detailed information about a directory assessment, including its current status, validation results, and configuration details. Use this operation to monitor assessment progress and review results.

" + }, + "DescribeCAEnrollmentPolicy":{ + "name":"DescribeCAEnrollmentPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCAEnrollmentPolicyRequest"}, + "output":{"shape":"DescribeCAEnrollmentPolicyResult"}, + "errors":[ + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"ClientException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Retrieves detailed information about the certificate authority (CA) enrollment policy for the specified directory. This policy determines how client certificates are automatically enrolled and managed through Amazon Web Services Private Certificate Authority.

" + }, "DescribeCertificate":{ "name":"DescribeCertificate", "http":{ @@ -503,6 +572,24 @@ ], "documentation":"

Obtains information about which Amazon SNS topics receive status messages from the specified directory.

If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account.

" }, + "DescribeHybridADUpdate":{ + "name":"DescribeHybridADUpdate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeHybridADUpdateRequest"}, + "output":{"shape":"DescribeHybridADUpdateResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidNextTokenException"} + ], + "documentation":"

Retrieves information about update activities for a hybrid directory. This operation provides details about configuration changes, administrator account updates, and self-managed instance settings (IDs and DNS IPs).

" + }, "DescribeLDAPSSettings":{ "name":"DescribeLDAPSSettings", "http":{ @@ -629,6 +716,26 @@ ], "documentation":"

Describes the updates of a directory for a particular update type.

" }, + "DisableCAEnrollmentPolicy":{ + "name":"DisableCAEnrollmentPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableCAEnrollmentPolicyRequest"}, + "output":{"shape":"DisableCAEnrollmentPolicyResult"}, + "errors":[ + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"DirectoryUnavailableException"}, + {"shape":"InvalidParameterException"}, + {"shape":"DisableAlreadyInProgressException"}, + {"shape":"EntityDoesNotExistException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ClientException"}, + {"shape":"ServiceException"} + ], + "documentation":"

Disables the certificate authority (CA) enrollment policy for the specified directory. This stops automatic certificate enrollment and management for domain-joined clients, but does not affect existing certificates.

Disabling the CA enrollment policy prevents new certificates from being automatically enrolled, but existing certificates remain valid and functional until they expire.

" + }, "DisableClientAuthentication":{ "name":"DisableClientAuthentication", "http":{ @@ -664,7 +771,7 @@ {"shape":"ClientException"}, {"shape":"ServiceException"} ], - "documentation":"

Deactivates access to directory data via the Directory Service Data API for the specified directory.

" + "documentation":"

Deactivates access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

" }, "DisableLDAPS":{ "name":"DisableLDAPS", @@ -717,6 +824,27 @@ ], "documentation":"

Disables single-sign on for a directory.

" }, + "EnableCAEnrollmentPolicy":{ + "name":"EnableCAEnrollmentPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableCAEnrollmentPolicyRequest"}, + "output":{"shape":"EnableCAEnrollmentPolicyResult"}, + "errors":[ + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"DirectoryUnavailableException"}, + {"shape":"InvalidParameterException"}, + {"shape":"EntityAlreadyExistsException"}, + {"shape":"EntityDoesNotExistException"}, + {"shape":"EnableAlreadyInProgressException"}, + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

Enables certificate authority (CA) enrollment policy for the specified directory. This allows domain-joined clients to automatically request and receive certificates from the specified Amazon Web Services Private Certificate Authority.

Before enabling CA enrollment, ensure that the PCA connector is properly configured and accessible from the directory. The connector must be in an active state and have the necessary permissions.

" + }, "EnableClientAuthentication":{ "name":"EnableClientAuthentication", "http":{ @@ -753,7 +881,7 @@ {"shape":"ClientException"}, {"shape":"ServiceException"} ], - "documentation":"

Enables access to directory data via the Directory Service Data API for the specified directory.

" + "documentation":"

Enables access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

" }, "EnableLDAPS":{ "name":"EnableLDAPS", @@ -839,6 +967,23 @@ ], "documentation":"

Obtains the manual snapshot limits for a directory.

" }, + "ListADAssessments":{ + "name":"ListADAssessments", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListADAssessmentsRequest"}, + "output":{"shape":"ListADAssessmentsResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"DirectoryDoesNotExistException"} + ], + "documentation":"

Retrieves a list of directory assessments for the specified directory or all assessments in your account. Use this operation to monitor assessment status and manage multiple assessments.

" + }, "ListCertificates":{ "name":"ListCertificates", "http":{ @@ -1085,6 +1230,24 @@ ], "documentation":"

Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region.

When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account.

The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE).

The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.

" }, + "StartADAssessment":{ + "name":"StartADAssessment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartADAssessmentRequest"}, + "output":{"shape":"StartADAssessmentResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"ADAssessmentLimitExceededException"} + ], + "documentation":"

Initiates a directory assessment to validate your self-managed AD environment for hybrid domain join. The assessment checks compatibility and connectivity of the self-managed AD environment.

A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments.

The assessment process typically takes 30 minutes or more to complete. The assessment process is asynchronous and you can monitor it with DescribeADAssessment.

The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410].

Note: You must provide exactly one DirectoryId or AssessmentConfiguration.

" + }, "StartSchemaExtension":{ "name":"StartSchemaExtension", "http":{ @@ -1157,7 +1320,25 @@ {"shape":"ClientException"}, {"shape":"ServiceException"} ], - "documentation":"

Updates the directory for a particular update type.

" + "documentation":"

Updates directory configuration for the specified update type.

" + }, + "UpdateHybridAD":{ + "name":"UpdateHybridAD", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateHybridADRequest"}, + "output":{"shape":"UpdateHybridADResult"}, + "errors":[ + {"shape":"ClientException"}, + {"shape":"ServiceException"}, + {"shape":"UnsupportedOperationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"DirectoryDoesNotExistException"}, + {"shape":"ADAssessmentLimitExceededException"} + ], + "documentation":"

Updates the configuration of an existing hybrid directory. You can recover hybrid directory administrator account or modify self-managed instance settings.

Updates are applied asynchronously. Use DescribeHybridADUpdate to monitor the progress of configuration changes.

The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410].

You must provide at least one update to UpdateHybridADRequest$HybridAdministratorAccountUpdate or UpdateHybridADRequest$SelfManagedInstancesSettings.

" }, "UpdateNumberOfDomainControllers":{ "name":"UpdateNumberOfDomainControllers", @@ -1249,6 +1430,15 @@ } }, "shapes":{ + "ADAssessmentLimitExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"}, + "RequestId":{"shape":"RequestId"} + }, + "documentation":"

A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments.

If you attempt to create a hybrid directory; and you already have 100 CUSTOMER directory assessments;, you will encounter an error. Delete assessments to free up capacity before trying again.

You can request an increase to your CUSTOMER directory assessment quota by contacting customer support or delete existing CUSTOMER directory assessments; to free up capacity.

", + "exception":true + }, "AcceptSharedDirectoryRequest":{ "type":"structure", "required":["SharedDirectoryId"], @@ -1305,8 +1495,7 @@ }, "AddIpRoutesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AddRegionRequest":{ "type":"structure", @@ -1329,8 +1518,7 @@ }, "AddRegionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AddTagsToResourceRequest":{ "type":"structure", @@ -1351,8 +1539,7 @@ }, "AddTagsToResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AddedDateTime":{"type":"timestamp"}, "AdditionalRegions":{ @@ -1365,6 +1552,230 @@ "min":1, "pattern":"^(?!D-|d-)([\\da-zA-Z]+)([-]*[\\da-zA-Z])*" }, + "Assessment":{ + "type":"structure", + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the directory assessment.

" + }, + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory associated with this assessment.

" + }, + "DnsName":{ + "shape":"DirectoryName", + "documentation":"

The fully qualified domain name (FQDN) of the Active Directory domain being assessed.

" + }, + "StartTime":{ + "shape":"AssessmentStartTime", + "documentation":"

The date and time when the assessment was initiated.

" + }, + "LastUpdateDateTime":{ + "shape":"LastUpdateDateTime", + "documentation":"

The date and time when the assessment status was last updated.

" + }, + "Status":{ + "shape":"AssessmentStatus", + "documentation":"

The current status of the assessment. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.

" + }, + "StatusCode":{ + "shape":"AssessmentStatusCode", + "documentation":"

A detailed status code providing additional information about the assessment state.

" + }, + "StatusReason":{ + "shape":"AssessmentStatusReason", + "documentation":"

A human-readable description of the current assessment status, including any error details or progress information.

" + }, + "CustomerDnsIps":{ + "shape":"CustomerDnsIps", + "documentation":"

The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.

" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

Contains Amazon VPC information for the StartADAssessment operation.

" + }, + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"

A list of subnet identifiers in the Amazon VPC in which the hybrid directory is created.

" + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

The security groups identifiers attached to the network interfaces.

" + }, + "SelfManagedInstanceIds":{ + "shape":"AssessmentInstanceIds", + "documentation":"

The identifiers of the self-managed AD instances used to perform the assessment.

" + }, + "ReportType":{ + "shape":"AssessmentReportType", + "documentation":"

The type of assessment report generated. Valid values are CUSTOMER and SYSTEM.

" + }, + "Version":{ + "shape":"AssessmentVersion", + "documentation":"

The version of the assessment framework used to evaluate your self-managed AD environment.

" + } + }, + "documentation":"

Contains detailed information about a directory assessment, including configuration parameters, status, and validation results.

" + }, + "AssessmentConfiguration":{ + "type":"structure", + "required":[ + "CustomerDnsIps", + "DnsName", + "VpcSettings", + "InstanceIds" + ], + "members":{ + "CustomerDnsIps":{ + "shape":"CustomerDnsIps", + "documentation":"

A list of IP addresses for the DNS servers or domain controllers in your self-managed AD that are tested during the assessment.

" + }, + "DnsName":{ + "shape":"DirectoryName", + "documentation":"

The fully qualified domain name (FQDN) of the self-managed AD domain to assess.

" + }, + "VpcSettings":{"shape":"DirectoryVpcSettings"}, + "InstanceIds":{ + "shape":"AssessmentInstanceIds", + "documentation":"

The identifiers of the self-managed instances with SSM that are used to perform connectivity and validation tests.

" + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

By default, the service attaches a security group to allow network access to the self-managed nodes in your Amazon VPC. You can optionally supply your own security group that allows network traffic to and from your self-managed domain controllers outside of your Amazon VPC.

" + } + }, + "documentation":"

Contains configuration parameters required to perform a directory assessment.

" + }, + "AssessmentId":{ + "type":"string", + "pattern":"^da-[0-9a-f]{18}$" + }, + "AssessmentInstanceId":{ + "type":"string", + "pattern":"^(i-[0-9a-f]{8}|i-[0-9a-f]{17}|mi-[0-9a-f]{8}|mi-[0-9a-f]{17})$" + }, + "AssessmentInstanceIds":{ + "type":"list", + "member":{"shape":"AssessmentInstanceId"}, + "max":2, + "min":2 + }, + "AssessmentLimit":{ + "type":"integer", + "max":100, + "min":1 + }, + "AssessmentReport":{ + "type":"structure", + "members":{ + "DomainControllerIp":{ + "shape":"IpAddr", + "documentation":"

The IP address of the domain controller that was tested during the assessment.

" + }, + "Validations":{ + "shape":"AssessmentValidations", + "documentation":"

A list of validation results for different test categories performed against this domain controller.

" + } + }, + "documentation":"

Contains the results of validation tests performed against a specific domain controller during a directory assessment.

" + }, + "AssessmentReportType":{"type":"string"}, + "AssessmentReports":{ + "type":"list", + "member":{"shape":"AssessmentReport"} + }, + "AssessmentStartTime":{"type":"timestamp"}, + "AssessmentStatus":{"type":"string"}, + "AssessmentStatusCode":{"type":"string"}, + "AssessmentStatusReason":{"type":"string"}, + "AssessmentSummary":{ + "type":"structure", + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the directory assessment.

" + }, + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory associated with this assessment.

" + }, + "DnsName":{ + "shape":"DirectoryName", + "documentation":"

The fully qualified domain name (FQDN) of the Active Directory domain being assessed.

" + }, + "StartTime":{ + "shape":"AssessmentStartTime", + "documentation":"

The date and time when the assessment was initiated.

" + }, + "LastUpdateDateTime":{ + "shape":"LastUpdateDateTime", + "documentation":"

The date and time when the assessment status was last updated.

" + }, + "Status":{ + "shape":"AssessmentStatus", + "documentation":"

The current status of the assessment. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.

" + }, + "CustomerDnsIps":{ + "shape":"CustomerDnsIps", + "documentation":"

The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.

" + }, + "ReportType":{ + "shape":"AssessmentReportType", + "documentation":"

The type of assessment report generated. Valid values include CUSTOMER and SYSTEM.

" + } + }, + "documentation":"

Contains summary information about a directory assessment, providing a high-level overview without detailed validation results.

" + }, + "AssessmentValidation":{ + "type":"structure", + "members":{ + "Category":{ + "shape":"AssessmentValidationCategory", + "documentation":"

The category of the validation test.

" + }, + "Name":{ + "shape":"AssessmentValidationName", + "documentation":"

The name of the specific validation test performed within the category.

" + }, + "Status":{ + "shape":"AssessmentValidationStatus", + "documentation":"

The result status of the validation test. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.

" + }, + "StatusCode":{ + "shape":"AssessmentValidationStatusCode", + "documentation":"

A detailed status code providing additional information about the validation result.

" + }, + "StatusReason":{ + "shape":"AssessmentValidationStatusReason", + "documentation":"

A human-readable description of the validation result, including any error details or recommendations.

" + }, + "StartTime":{ + "shape":"AssessmentValidationTimeStamp", + "documentation":"

The date and time when the validation test was started.

" + }, + "LastUpdateDateTime":{ + "shape":"AssessmentValidationTimeStamp", + "documentation":"

The date and time when the validation test was completed or last updated.

" + } + }, + "documentation":"

Contains information about a specific validation test performed during a directory assessment.

" + }, + "AssessmentValidationCategory":{"type":"string"}, + "AssessmentValidationName":{"type":"string"}, + "AssessmentValidationStatus":{"type":"string"}, + "AssessmentValidationStatusCode":{"type":"string"}, + "AssessmentValidationStatusReason":{"type":"string"}, + "AssessmentValidationTimeStamp":{"type":"timestamp"}, + "AssessmentValidations":{ + "type":"list", + "member":{"shape":"AssessmentValidation"} + }, + "AssessmentVersion":{"type":"string"}, + "Assessments":{ + "type":"list", + "member":{"shape":"AssessmentSummary"} + }, "Attribute":{ "type":"structure", "members":{ @@ -1408,6 +1819,18 @@ "type":"list", "member":{"shape":"AvailabilityZone"} }, + "CaEnrollmentPolicyStatus":{ + "type":"string", + "enum":[ + "InProgress", + "Success", + "Failed", + "Disabling", + "Disabled", + "Impaired" + ] + }, + "CaEnrollmentPolicyStatusReason":{"type":"string"}, "CancelSchemaExtensionRequest":{ "type":"structure", "required":[ @@ -1427,8 +1850,7 @@ }, "CancelSchemaExtensionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Certificate":{ "type":"structure", @@ -1573,6 +1995,14 @@ "type":"list", "member":{"shape":"CidrIp"} }, + "CidrIpv6":{ + "type":"string", + "pattern":"^((([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4})|(([0-9a-fA-F]{1,4}:){1,7}:)|(([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4})|(([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2})|(([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3})|(([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4})|(([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5})|([0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6}))|(:((:[0-9a-fA-F]{1,4}){1,7}|:)))\\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$" + }, + "CidrIpv6s":{ + "type":"list", + "member":{"shape":"CidrIpv6"} + }, "ClientAuthenticationSettingInfo":{ "type":"structure", "members":{ @@ -1670,6 +2100,10 @@ "shape":"DnsIpAddrs", "documentation":"

The IP addresses of the remote DNS server associated with RemoteDomainName. This is the IP address of the DNS server that your conditional forwarder points to.

" }, + "DnsIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The IPv6 addresses of the remote DNS server associated with RemoteDomainName. This is the IPv6 address of the DNS server that your conditional forwarder points to.

" + }, "ReplicationScope":{ "shape":"ReplicationScope", "documentation":"

The replication scope of the conditional forwarder. The only allowed value is Domain, which will replicate the conditional forwarder to all of the domain controllers for your Amazon Web Services directory.

" @@ -1717,6 +2151,10 @@ "Tags":{ "shape":"Tags", "documentation":"

The tags to be assigned to AD Connector.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The network type for your directory. The default value is IPv4 or IPv6 based on the provided subnet capabilities.

" } }, "documentation":"

Contains the inputs for the ConnectDirectory operation.

" @@ -1815,8 +2253,7 @@ "type":"structure", "required":[ "DirectoryId", - "RemoteDomainName", - "DnsIpAddrs" + "RemoteDomainName" ], "members":{ "DirectoryId":{ @@ -1830,14 +2267,17 @@ "DnsIpAddrs":{ "shape":"DnsIpAddrs", "documentation":"

The IP addresses of the remote DNS server associated with RemoteDomainName.

" + }, + "DnsIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The IPv6 addresses of the remote DNS server associated with RemoteDomainName.

" } }, "documentation":"

Initiates the creation of a conditional forwarder for your Directory Service for Microsoft Active Directory. Conditional forwarders are required in order to set up a trust relationship with another domain.

" }, "CreateConditionalForwarderResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of a CreateConditinalForwarder request.

" }, "CreateDirectoryRequest":{ @@ -1875,6 +2315,10 @@ "Tags":{ "shape":"Tags", "documentation":"

The tags to be assigned to the Simple AD directory.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The network type for your directory. Simple AD supports IPv4 and Dual-stack only.

" } }, "documentation":"

Contains the inputs for the CreateDirectory operation.

" @@ -1889,6 +2333,36 @@ }, "documentation":"

Contains the results of the CreateDirectory operation.

" }, + "CreateHybridADRequest":{ + "type":"structure", + "required":[ + "SecretArn", + "AssessmentId" + ], + "members":{ + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the service account used to join hybrid domain controllers to your self-managed AD domain. This secret is used once and not stored.

The secret must contain key-value pairs with keys matching customerAdAdminDomainUsername and customerAdAdminDomainPassword. For example: {\"customerAdAdminDomainUsername\":\"carlos_salazar\",\"customerAdAdminDomainPassword\":\"ExamplePassword123!\"}.

" + }, + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the successful directory assessment that validates your self-managed AD environment. You must have a successful directory assessment before you create a hybrid directory.

" + }, + "Tags":{ + "shape":"Tags", + "documentation":"

The tags to be assigned to the directory. Each tag consists of a key and value pair. You can specify multiple tags as a list.

" + } + } + }, + "CreateHybridADResult":{ + "type":"structure", + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The unique identifier of the newly created hybrid directory.

" + } + } + }, "CreateLogSubscriptionRequest":{ "type":"structure", "required":[ @@ -1908,8 +2382,7 @@ }, "CreateLogSubscriptionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateMicrosoftADRequest":{ "type":"structure", @@ -1946,6 +2419,10 @@ "Tags":{ "shape":"Tags", "documentation":"

The tags to be assigned to the Managed Microsoft AD directory.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The network type for your domain. The default value is IPv4 or IPv6 based on the provided subnet capabilities.

" } }, "documentation":"

Creates an Managed Microsoft AD directory.

" @@ -2020,6 +2497,10 @@ "shape":"DnsIpAddrs", "documentation":"

The IP addresses of the remote DNS server associated with RemoteDomainName.

" }, + "ConditionalForwarderIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The IPv6 addresses of the remote DNS server associated with RemoteDomainName.

" + }, "SelectiveAuth":{ "shape":"SelectiveAuth", "documentation":"

Optional parameter to enable selective authentication for the trust.

" @@ -2038,6 +2519,12 @@ "documentation":"

The result of a CreateTrust request.

" }, "CreatedDateTime":{"type":"timestamp"}, + "CustomerDnsIps":{ + "type":"list", + "member":{"shape":"IpAddr"}, + "max":2, + "min":2 + }, "CustomerId":{ "type":"string", "pattern":"^(\\d{12})$" @@ -2058,6 +2545,25 @@ "Failed" ] }, + "DeleteADAssessmentRequest":{ + "type":"structure", + "required":["AssessmentId"], + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the directory assessment to delete.

" + } + } + }, + "DeleteADAssessmentResult":{ + "type":"structure", + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the deleted directory assessment.

" + } + } + }, "DeleteAssociatedConditionalForwarder":{"type":"boolean"}, "DeleteConditionalForwarderRequest":{ "type":"structure", @@ -2079,8 +2585,7 @@ }, "DeleteConditionalForwarderResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of a DeleteConditionalForwarder request.

" }, "DeleteDirectoryRequest":{ @@ -2116,8 +2621,7 @@ }, "DeleteLogSubscriptionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSnapshotRequest":{ "type":"structure", @@ -2184,8 +2688,7 @@ }, "DeregisterCertificateResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterEventTopicRequest":{ "type":"structure", @@ -2207,9 +2710,68 @@ }, "DeregisterEventTopicResult":{ "type":"structure", + "members":{}, + "documentation":"

The result of a DeregisterEventTopic request.

" + }, + "DescribeADAssessmentRequest":{ + "type":"structure", + "required":["AssessmentId"], + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The identifier of the directory assessment to describe.

" + } + } + }, + "DescribeADAssessmentResult":{ + "type":"structure", "members":{ + "Assessment":{ + "shape":"Assessment", + "documentation":"

Detailed information about the self-managed instance settings (IDs and DNS IPs).

" + }, + "AssessmentReports":{ + "shape":"AssessmentReports", + "documentation":"

A list of assessment reports containing validation results for each domain controller and test category. Each report includes specific validation details and outcomes.

" + } + } + }, + "DescribeCAEnrollmentPolicyRequest":{ + "type":"structure", + "required":["DirectoryId"], + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory for which to retrieve the CA enrollment policy information.

" + } }, - "documentation":"

The result of a DeregisterEventTopic request.

" + "documentation":"

Contains the inputs for the DescribeCAEnrollmentPolicy operation.

" + }, + "DescribeCAEnrollmentPolicyResult":{ + "type":"structure", + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory associated with this CA enrollment policy.

" + }, + "PcaConnectorArn":{ + "shape":"PcaConnectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate Authority (PCA) connector that is configured for automatic certificate enrollment in this directory.

" + }, + "CaEnrollmentPolicyStatus":{ + "shape":"CaEnrollmentPolicyStatus", + "documentation":"

The current status of the CA enrollment policy. This indicates if automatic certificate enrollment is currently active, inactive, or in a transitional state.

Valid values:

  • IN_PROGRESS - The policy is being activated T

  • SUCCESS - The policy is active and automatic certificate enrollment is operational

  • FAILED - The policy activation or deactivation failed

  • DISABLING - The policy is being deactivated

  • DISABLED - The policy is inactive and automatic certificate enrollment is not available

  • IMPAIRED - Network connectivity is impaired.

" + }, + "LastUpdatedDateTime":{ + "shape":"LastUpdatedDateTime", + "documentation":"

The date and time when the CA enrollment policy was last modified or updated.

" + }, + "CaEnrollmentPolicyStatusReason":{ + "shape":"CaEnrollmentPolicyStatusReason", + "documentation":"

Additional information explaining the current status of the CA enrollment policy, particularly useful when the policy is in an error or transitional state.

" + } + }, + "documentation":"

Contains the results of the DescribeCAEnrollmentPolicy operation.

" }, "DescribeCertificateRequest":{ "type":"structure", @@ -2320,7 +2882,7 @@ "members":{ "DirectoryDescriptions":{ "shape":"DirectoryDescriptions", - "documentation":"

The list of DirectoryDescription objects that were retrieved.

It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.

" + "documentation":"

The list of available DirectoryDescription objects that were retrieved.

It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.

" }, "NextToken":{ "shape":"NextToken", @@ -2407,6 +2969,37 @@ }, "documentation":"

The result of a DescribeEventTopic request.

" }, + "DescribeHybridADUpdateRequest":{ + "type":"structure", + "required":["DirectoryId"], + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the hybrid directory for which to retrieve update information.

" + }, + "UpdateType":{ + "shape":"HybridUpdateType", + "documentation":"

The type of update activities to retrieve. Valid values include SelfManagedInstances and HybridAdministratorAccount.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from a previous request to DescribeHybridADUpdate. Pass null if this is the first request.

" + } + } + }, + "DescribeHybridADUpdateResult":{ + "type":"structure", + "members":{ + "UpdateActivities":{ + "shape":"HybridUpdateActivities", + "documentation":"

Information about update activities for the hybrid directory, organized by update type.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent request to retrieve the next set of items.

" + } + } + }, "DescribeLDAPSSettingsRequest":{ "type":"structure", "required":["DirectoryId"], @@ -2719,7 +3312,6 @@ "required":[ "VpcId", "SubnetIds", - "CustomerDnsIps", "CustomerUserName" ], "members":{ @@ -2733,14 +3325,18 @@ }, "CustomerDnsIps":{ "shape":"DnsIpAddrs", - "documentation":"

A list of one or more IP addresses of DNS servers or domain controllers in your self-managed directory.

" + "documentation":"

The IP addresses of DNS servers or domain controllers in your self-managed directory.

" + }, + "CustomerDnsIpsV6":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The IPv6 addresses of DNS servers or domain controllers in your self-managed directory.

" }, "CustomerUserName":{ "shape":"UserName", "documentation":"

The user name of an account in your self-managed directory that is used to connect to the directory. This account must have the following permissions:

  • Read users and groups

  • Create computer objects

  • Join computers to the domain

" } }, - "documentation":"

Contains information for the ConnectDirectory operation when an AD Connector directory is being created.

" + "documentation":"

Contains connection settings for creating an AD Connector with the ConnectDirectory action.

" }, "DirectoryConnectSettingsDescription":{ "type":"structure", @@ -2763,11 +3359,15 @@ }, "AvailabilityZones":{ "shape":"AvailabilityZones", - "documentation":"

A list of the Availability Zones that the directory is in.

" + "documentation":"

The Availability Zones that the directory is in.

" }, "ConnectIps":{ "shape":"IpAddrs", "documentation":"

The IP addresses of the AD Connector servers.

" + }, + "ConnectIpsV6":{ + "shape":"IpV6Addrs", + "documentation":"

The IPv6 addresses of the AD Connector servers.

" } }, "documentation":"

Contains information about an AD Connector directory.

" @@ -2797,11 +3397,11 @@ }, "Alias":{ "shape":"AliasName", - "documentation":"

The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as d-XXXXXXXXXX.

" + "documentation":"

The alias for the directory. If no alias exists, the alias is the directory identifier, such as d-XXXXXXXXXX.

" }, "AccessUrl":{ "shape":"AccessUrl", - "documentation":"

The access URL for the directory, such as http://<alias>.awsapps.com. If no alias has been created for the directory, <alias> is the directory identifier, such as d-XXXXXXXXXX.

" + "documentation":"

The access URL for the directory, such as http://<alias>.awsapps.com. If no alias exists, <alias> is the directory identifier, such as d-XXXXXXXXXX.

" }, "Description":{ "shape":"Description", @@ -2809,7 +3409,11 @@ }, "DnsIpAddrs":{ "shape":"DnsIpAddrs", - "documentation":"

The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.

" + "documentation":"

The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of self-managed directory to which the AD Connector is connected.

" + }, + "DnsIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The IPv6 addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IPv6 addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IPv6 addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.

" }, "Stage":{ "shape":"DirectoryStage", @@ -2829,11 +3433,11 @@ }, "LaunchTime":{ "shape":"LaunchTime", - "documentation":"

Specifies when the directory was created.

" + "documentation":"

The date and time when the directory was created.

" }, "StageLastUpdatedDateTime":{ "shape":"LastUpdatedDateTime", - "documentation":"

The date and time that the stage was last updated.

" + "documentation":"

The date and time when the stage was last updated.

" }, "Type":{ "shape":"DirectoryType", @@ -2841,15 +3445,15 @@ }, "VpcSettings":{ "shape":"DirectoryVpcSettingsDescription", - "documentation":"

A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory.

" + "documentation":"

A DirectoryVpcSettingsDescription object that contains additional information about a directory. Present only for Simple AD and Managed Microsoft AD directories.

" }, "ConnectSettings":{ "shape":"DirectoryConnectSettingsDescription", - "documentation":"

A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory.

" + "documentation":"

DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. Present only for AD Connector directories.

" }, "RadiusSettings":{ "shape":"RadiusSettings", - "documentation":"

A RadiusSettings object that contains information about the RADIUS server configured for this directory.

" + "documentation":"

Information about the RadiusSettings object configured for this directory.

" }, "RadiusStatus":{ "shape":"RadiusStatus", @@ -2861,7 +3465,7 @@ }, "SsoEnabled":{ "shape":"SsoEnabled", - "documentation":"

Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.

" + "documentation":"

Indicates whether single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.

" }, "DesiredNumberOfDomainControllers":{ "shape":"DesiredNumberOfDomainControllers", @@ -2878,6 +3482,14 @@ "OsVersion":{ "shape":"OSVersion", "documentation":"

The operating system (OS) version of the directory.

" + }, + "HybridSettings":{ + "shape":"HybridSettingsDescription", + "documentation":"

Contains information about the hybrid directory configuration for the directory, including Amazon Web Services System Manager managed node identifiers and DNS IPs.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The network type of the directory.

" } }, "documentation":"

Contains information about an Directory Service directory.

" @@ -2900,7 +3512,8 @@ "type":"string", "enum":[ "Enterprise", - "Standard" + "Standard", + "Hybrid" ] }, "DirectoryId":{ @@ -2996,6 +3609,16 @@ "Large" ] }, + "DirectorySizeUpdateSettings":{ + "type":"structure", + "members":{ + "DirectorySize":{ + "shape":"DirectorySize", + "documentation":"

The target directory size for the update operation.

" + } + }, + "documentation":"

Contains the directory size configuration for update operations.

" + }, "DirectoryStage":{ "type":"string", "enum":[ @@ -3047,7 +3670,7 @@ "documentation":"

The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.

" } }, - "documentation":"

Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.

" + "documentation":"

Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation.

" }, "DirectoryVpcSettingsDescription":{ "type":"structure", @@ -3071,6 +3694,31 @@ }, "documentation":"

Contains information about the directory.

" }, + "DisableAlreadyInProgressException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"}, + "RequestId":{"shape":"RequestId"} + }, + "documentation":"

A disable operation for CA enrollment policy is already in progress for this directory.

", + "exception":true + }, + "DisableCAEnrollmentPolicyRequest":{ + "type":"structure", + "required":["DirectoryId"], + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory for which to disable the CA enrollment policy.

" + } + }, + "documentation":"

Contains the inputs for the DisableCAEnrollmentPolicy operation.

" + }, + "DisableCAEnrollmentPolicyResult":{ + "type":"structure", + "members":{}, + "documentation":"

Contains the results of the DisableCAEnrollmentPolicy operation.

" + }, "DisableClientAuthenticationRequest":{ "type":"structure", "required":[ @@ -3090,8 +3738,7 @@ }, "DisableClientAuthenticationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableDirectoryDataAccessRequest":{ "type":"structure", @@ -3105,8 +3752,7 @@ }, "DisableDirectoryDataAccessResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableLDAPSRequest":{ "type":"structure", @@ -3127,8 +3773,7 @@ }, "DisableLDAPSResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableRadiusRequest":{ "type":"structure", @@ -3143,8 +3788,7 @@ }, "DisableRadiusResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the DisableRadius operation.

" }, "DisableSsoRequest":{ @@ -3168,14 +3812,17 @@ }, "DisableSsoResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the DisableSso operation.

" }, "DnsIpAddrs":{ "type":"list", "member":{"shape":"IpAddr"} }, + "DnsIpv6Addrs":{ + "type":"list", + "member":{"shape":"Ipv6Addr"} + }, "DomainController":{ "type":"structure", "members":{ @@ -3191,6 +3838,10 @@ "shape":"IpAddr", "documentation":"

The IP address of the domain controller.

" }, + "DnsIpv6Addr":{ + "shape":"Ipv6Addr", + "documentation":"

The IPv6 address of the domain controller.

" + }, "VpcId":{ "shape":"VpcId", "documentation":"

The identifier of the VPC that contains the domain controller.

" @@ -3257,6 +3908,38 @@ "type":"list", "member":{"shape":"DomainController"} }, + "EnableAlreadyInProgressException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"}, + "RequestId":{"shape":"RequestId"} + }, + "documentation":"

An enable operation for CA enrollment policy is already in progress for this directory.

", + "exception":true + }, + "EnableCAEnrollmentPolicyRequest":{ + "type":"structure", + "required":[ + "DirectoryId", + "PcaConnectorArn" + ], + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory for which to enable the CA enrollment policy.

" + }, + "PcaConnectorArn":{ + "shape":"PcaConnectorArn", + "documentation":"

The Amazon Resource Name (ARN) of the Private Certificate Authority (PCA) connector to use for automatic certificate enrollment. This connector must be properly configured and accessible from the directory.

The ARN format is: arn:aws:pca-connector-ad:region:account-id:connector/connector-id

" + } + }, + "documentation":"

Contains the inputs for the EnableCAEnrollmentPolicy operation.

" + }, + "EnableCAEnrollmentPolicyResult":{ + "type":"structure", + "members":{}, + "documentation":"

Contains the results of the EnableCAEnrollmentPolicy operation.

" + }, "EnableClientAuthenticationRequest":{ "type":"structure", "required":[ @@ -3276,8 +3959,7 @@ }, "EnableClientAuthenticationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableDirectoryDataAccessRequest":{ "type":"structure", @@ -3291,8 +3973,7 @@ }, "EnableDirectoryDataAccessResult":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableLDAPSRequest":{ "type":"structure", @@ -3313,8 +3994,7 @@ }, "EnableLDAPSResult":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableRadiusRequest":{ "type":"structure", @@ -3336,8 +4016,7 @@ }, "EnableRadiusResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the EnableRadius operation.

" }, "EnableSsoRequest":{ @@ -3361,8 +4040,7 @@ }, "EnableSsoResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the EnableSso operation.

" }, "EndDateTime":{"type":"timestamp"}, @@ -3420,8 +4098,7 @@ }, "GetDirectoryLimitsRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the inputs for the GetDirectoryLimits operation.

" }, "GetDirectoryLimitsResult":{ @@ -3455,6 +4132,126 @@ }, "documentation":"

Contains the results of the GetSnapshotLimits operation.

" }, + "HybridAdministratorAccountUpdate":{ + "type":"structure", + "required":["SecretArn"], + "members":{ + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the AD administrator user, and enables hybrid domain controllers to join the managed AD domain. For example:

{\"customerAdAdminDomainUsername\":\"carlos_salazar\",\"customerAdAdminDomainPassword\":\"ExamplePassword123!\"}.

" + } + }, + "documentation":"

Use to recover to the hybrid directory administrator account credentials.

" + }, + "HybridCustomerInstancesSettings":{ + "type":"structure", + "required":[ + "CustomerDnsIps", + "InstanceIds" + ], + "members":{ + "CustomerDnsIps":{ + "shape":"CustomerDnsIps", + "documentation":"

The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.

" + }, + "InstanceIds":{ + "shape":"AssessmentInstanceIds", + "documentation":"

The identifiers of the self-managed instances with SSM used in hybrid directory.

" + } + }, + "documentation":"

Contains configuration settings for self-managed instances with SSM used in hybrid directory operations.

" + }, + "HybridSettingsDescription":{ + "type":"structure", + "members":{ + "SelfManagedDnsIpAddrs":{ + "shape":"IpAddrs", + "documentation":"

The IP addresses of the DNS servers in your self-managed AD environment.

" + }, + "SelfManagedInstanceIds":{ + "shape":"AssessmentInstanceIds", + "documentation":"

The identifiers of the self-managed instances with SSM used for hybrid directory operations.

" + } + }, + "documentation":"

Describes the current hybrid directory configuration settings for a directory.

" + }, + "HybridUpdateActivities":{ + "type":"structure", + "members":{ + "SelfManagedInstances":{ + "shape":"HybridUpdateInfoEntries", + "documentation":"

A list of update activities related to the self-managed instances with SSM in the self-managed instances with SSM hybrid directory configuration.

" + }, + "HybridAdministratorAccount":{ + "shape":"HybridUpdateInfoEntries", + "documentation":"

A list of update activities related to hybrid directory administrator account changes.

" + } + }, + "documentation":"

Contains information about update activities for different components of a hybrid directory.

" + }, + "HybridUpdateInfoEntries":{ + "type":"list", + "member":{"shape":"HybridUpdateInfoEntry"} + }, + "HybridUpdateInfoEntry":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"UpdateStatus", + "documentation":"

The current status of the update activity. Valid values include UPDATED, UPDATING, and UPDATE_FAILED.

" + }, + "StatusReason":{ + "shape":"UpdateStatusReason", + "documentation":"

A human-readable description of the update status, including any error details or progress information.

" + }, + "InitiatedBy":{ + "shape":"InitiatedBy", + "documentation":"

Specifies if the update was initiated by the customer or Amazon Web Services.

" + }, + "NewValue":{ + "shape":"HybridUpdateValue", + "documentation":"

The new configuration values being applied in this update.

" + }, + "PreviousValue":{ + "shape":"HybridUpdateValue", + "documentation":"

The previous configuration values before this update was applied.

" + }, + "StartTime":{ + "shape":"StartDateTime", + "documentation":"

The date and time when the update activity was initiated.

" + }, + "LastUpdatedDateTime":{ + "shape":"LastUpdatedDateTime", + "documentation":"

The date and time when the update activity status was last updated.

" + }, + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The identifier of the assessment performed to validate this update configuration.

" + } + }, + "documentation":"

Contains detailed information about a specific update activity for a hybrid directory component.

" + }, + "HybridUpdateType":{ + "type":"string", + "enum":[ + "SelfManagedInstances", + "HybridAdministratorAccount" + ] + }, + "HybridUpdateValue":{ + "type":"structure", + "members":{ + "InstanceIds":{ + "shape":"AssessmentInstanceIds", + "documentation":"

The identifiers of the self-managed instances with SSM in the hybrid directory configuration.

" + }, + "DnsIps":{ + "shape":"CustomerDnsIps", + "documentation":"

The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration.

" + } + }, + "documentation":"

Contains the configuration values for a hybrid directory update, including Amazon Web Services System Manager managed node and DNS information.

" + }, "IncompatibleSettingsException":{ "type":"structure", "members":{ @@ -3550,14 +4347,18 @@ "members":{ "CidrIp":{ "shape":"CidrIp", - "documentation":"

IP address block using CIDR format, for example 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address use a CIDR address block with /32. For example 10.0.0.0/32.

" + "documentation":"

IP address block in CIDR format, such as 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address, use a CIDR address block with /32. For example, 10.0.0.0/32.

" + }, + "CidrIpv6":{ + "shape":"CidrIpv6", + "documentation":"

IPv6 address block in CIDR format, such as 2001:db8::/32. This is often the address block of the DNS server used for your self-managed domain. For a single IPv6 address, use a CIDR address block with /128. For example, 2001:db8::1/128.

" }, "Description":{ "shape":"Description", "documentation":"

Description of the address block.

" } }, - "documentation":"

IP address block. This is often the address block of the DNS server used for your self-managed domain.

" + "documentation":"

Contains the IP address block. This is often the address block of the DNS server used for your self-managed domain.

" }, "IpRouteInfo":{ "type":"structure", @@ -3570,6 +4371,10 @@ "shape":"CidrIp", "documentation":"

IP address block in the IpRoute.

" }, + "CidrIpv6":{ + "shape":"CidrIpv6", + "documentation":"

IPv6 address block in the IpRoute.

" + }, "IpRouteStatusMsg":{ "shape":"IpRouteStatusMsg", "documentation":"

The status of the IP address block.

" @@ -3618,6 +4423,14 @@ "type":"list", "member":{"shape":"IpRouteInfo"} }, + "IpV6Addrs":{ + "type":"list", + "member":{"shape":"Ipv6Addr"} + }, + "Ipv6Addr":{ + "type":"string", + "pattern":"^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" + }, "LDAPSSettingInfo":{ "type":"structure", "members":{ @@ -3654,6 +4467,7 @@ "type":"string", "enum":["Client"] }, + "LastUpdateDateTime":{"type":"timestamp"}, "LastUpdatedDateTime":{"type":"timestamp"}, "LaunchTime":{"type":"timestamp"}, "LdifContent":{ @@ -3665,6 +4479,36 @@ "type":"integer", "min":0 }, + "ListADAssessmentsRequest":{ + "type":"structure", + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory for which to list assessments. If not specified, all assessments in your account are returned.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from a previous request to ListADAssessments. Pass null if this is the first request.

" + }, + "Limit":{ + "shape":"AssessmentLimit", + "documentation":"

The maximum number of assessment summaries to return.

" + } + } + }, + "ListADAssessmentsResult":{ + "type":"structure", + "members":{ + "Assessments":{ + "shape":"Assessments", + "documentation":"

A list of assessment summaries containing basic information about each directory assessment.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent request to retrieve the next set of items.

" + } + } + }, "ListCertificatesRequest":{ "type":"structure", "required":["DirectoryId"], @@ -3848,6 +4692,28 @@ "member":{"shape":"LogSubscription"} }, "ManualSnapshotsLimitReached":{"type":"boolean"}, + "NetworkType":{ + "type":"string", + "enum":[ + "Dual-stack", + "IPv4", + "IPv6" + ] + }, + "NetworkUpdateSettings":{ + "type":"structure", + "members":{ + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

The target network type for the directory update.

" + }, + "CustomerDnsIpsV6":{ + "shape":"DnsIpv6Addrs", + "documentation":"

IPv6 addresses of DNS servers or domain controllers in the self-managed directory. Required only when updating an AD Connector directory.

" + } + }, + "documentation":"

Contains the network configuration for directory update operations.

" + }, "NextToken":{"type":"string"}, "NoAvailableCertificateException":{ "type":"structure", @@ -3874,10 +4740,10 @@ "members":{ "OSVersion":{ "shape":"OSVersion", - "documentation":"

OS version that the directory needs to be updated to.

" + "documentation":"

OS version that the directory needs to be updated to.

" } }, - "documentation":"

OS version that the directory needs to be updated to.

" + "documentation":"

OS version that the directory needs to be updated to.

" }, "OSVersion":{ "type":"string", @@ -3915,20 +4781,28 @@ "shape":"DnsIpAddrs", "documentation":"

IP address of the directory’s domain controllers.

" }, + "DnsIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

IPv6 addresses of the directory’s domain controllers.

" + }, "VpcSettings":{ "shape":"DirectoryVpcSettingsDescription", "documentation":"

Information about the VPC settings for the directory.

" }, "RadiusSettings":{ "shape":"RadiusSettings", - "documentation":"

A RadiusSettings object that contains information about the RADIUS server.

" + "documentation":"

Information about the RadiusSettings object server configuration.

" }, "RadiusStatus":{ "shape":"RadiusStatus", - "documentation":"

Information about the status of the RADIUS server.

" + "documentation":"

The status of the RADIUS server.

" + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

Network type of the directory in the directory owner account.

" } }, - "documentation":"

Describes the directory owner account details that have been shared to the directory consumer account.

" + "documentation":"

Contains the directory owner account details shared with the directory consumer account.

" }, "PageLimit":{ "type":"integer", @@ -3940,6 +4814,10 @@ "pattern":"(?=^.{8,64}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9\\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\\s]))^.*", "sensitive":true }, + "PcaConnectorArn":{ + "type":"string", + "pattern":"^arn:[\\w-]+:pca-connector-ad:[\\w-]+:[0-9]+:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$" + }, "PortNumber":{ "type":"integer", "max":65535, @@ -3969,7 +4847,11 @@ "members":{ "RadiusServers":{ "shape":"Servers", - "documentation":"

An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.

" + "documentation":"

The fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.

" + }, + "RadiusServersIpv6":{ + "shape":"Servers", + "documentation":"

The IPv6 addresses of the RADIUS server endpoints or RADIUS server load balancer.

" }, "RadiusPort":{ "shape":"PortNumber", @@ -4154,8 +5036,7 @@ }, "RegisterEventTopicResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of a RegisterEventTopic request.

" }, "RejectSharedDirectoryRequest":{ @@ -4188,10 +5069,7 @@ }, "RemoveIpRoutesRequest":{ "type":"structure", - "required":[ - "DirectoryId", - "CidrIps" - ], + "required":["DirectoryId"], "members":{ "DirectoryId":{ "shape":"DirectoryId", @@ -4200,13 +5078,16 @@ "CidrIps":{ "shape":"CidrIps", "documentation":"

IP address blocks that you want to remove.

" + }, + "CidrIpv6s":{ + "shape":"CidrIpv6s", + "documentation":"

IPv6 address blocks that you want to remove.

" } } }, "RemoveIpRoutesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveRegionRequest":{ "type":"structure", @@ -4220,8 +5101,7 @@ }, "RemoveRegionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveTagsFromResourceRequest":{ "type":"structure", @@ -4242,8 +5122,7 @@ }, "RemoveTagsFromResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ReplicationScope":{ "type":"string", @@ -4278,8 +5157,7 @@ }, "ResetUserPasswordResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceId":{ "type":"string", @@ -4298,8 +5176,7 @@ }, "RestoreFromSnapshotResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the RestoreFromSnapshot operation.

" }, "SID":{ @@ -4365,10 +5242,20 @@ "type":"list", "member":{"shape":"SchemaExtensionInfo"} }, + "SecretArn":{ + "type":"string", + "pattern":"^arn:aws:secretsmanager:[a-z0-9-]+:\\d{12}:secret:[a-zA-Z0-9/_+=.@-]+-[a-zA-Z0-9]{6}$" + }, "SecurityGroupId":{ "type":"string", "pattern":"^(sg-[0-9a-f]{8}|sg-[0-9a-f]{17})$" }, + "SecurityGroupIds":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "max":1, + "min":1 + }, "SelectiveAuth":{ "type":"string", "enum":[ @@ -4694,6 +5581,28 @@ }, "SsoEnabled":{"type":"boolean"}, "StageReason":{"type":"string"}, + "StartADAssessmentRequest":{ + "type":"structure", + "members":{ + "AssessmentConfiguration":{ + "shape":"AssessmentConfiguration", + "documentation":"

Configuration parameters for the directory assessment, including DNS server information, domain name, Amazon VPC subnet, and Amazon Web Services System Manager managed node details.

" + }, + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the directory for which to perform the assessment. This should be an existing directory. If the assessment is not for an existing directory, this parameter should be omitted.

" + } + } + }, + "StartADAssessmentResult":{ + "type":"structure", + "members":{ + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The unique identifier of the newly started directory assessment. Use this identifier to monitor assessment progress and retrieve results.

" + } + } + }, "StartDateTime":{"type":"timestamp"}, "StartSchemaExtensionRequest":{ "type":"structure", @@ -4989,8 +5898,7 @@ "type":"structure", "required":[ "DirectoryId", - "RemoteDomainName", - "DnsIpAddrs" + "RemoteDomainName" ], "members":{ "DirectoryId":{ @@ -5004,14 +5912,17 @@ "DnsIpAddrs":{ "shape":"DnsIpAddrs", "documentation":"

The updated IP addresses of the remote DNS server associated with the conditional forwarder.

" + }, + "DnsIpv6Addrs":{ + "shape":"DnsIpv6Addrs", + "documentation":"

The updated IPv6 addresses of the remote DNS server associated with the conditional forwarder.

" } }, "documentation":"

Updates a conditional forwarder.

" }, "UpdateConditionalForwarderResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The result of an UpdateConditionalForwarder request.

" }, "UpdateDirectorySetupRequest":{ @@ -5023,26 +5934,64 @@ "members":{ "DirectoryId":{ "shape":"DirectoryId", - "documentation":"

The identifier of the directory on which you want to perform the update.

" + "documentation":"

The identifier of the directory to update.

" }, "UpdateType":{ "shape":"UpdateType", - "documentation":"

The type of update that needs to be performed on the directory. For example, OS.

" + "documentation":"

The type of update to perform on the directory.

" }, "OSUpdateSettings":{ "shape":"OSUpdateSettings", - "documentation":"

The settings for the OS update that needs to be performed on the directory.

" + "documentation":"

Operating system configuration to apply during the directory update operation.

" + }, + "DirectorySizeUpdateSettings":{ + "shape":"DirectorySizeUpdateSettings", + "documentation":"

Directory size configuration to apply during the update operation.

" + }, + "NetworkUpdateSettings":{ + "shape":"NetworkUpdateSettings", + "documentation":"

Network configuration to apply during the directory update operation.

" }, "CreateSnapshotBeforeUpdate":{ "shape":"CreateSnapshotBeforeUpdate", - "documentation":"

The boolean that specifies if a snapshot for the directory needs to be taken before updating the directory.

", + "documentation":"

Specifies whether to create a directory snapshot before performing the update.

", "box":true } } }, "UpdateDirectorySetupResult":{ "type":"structure", + "members":{} + }, + "UpdateHybridADRequest":{ + "type":"structure", + "required":["DirectoryId"], + "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the hybrid directory to update.

" + }, + "HybridAdministratorAccountUpdate":{ + "shape":"HybridAdministratorAccountUpdate", + "documentation":"

We create a hybrid directory administrator account when we create a hybrid directory. Use HybridAdministratorAccountUpdate to recover the hybrid directory administrator account if you have deleted it.

To recover your hybrid directory administrator account, we need temporary access to a user in your self-managed AD with administrator permissions in the form of a secret from Amazon Web Services Secrets Manager. We use these credentials once during recovery and don't store them.

If your hybrid directory administrator account exists, then you don’t need to use HybridAdministratorAccountUpdate, even if you have updated your self-managed AD administrator user.

" + }, + "SelfManagedInstancesSettings":{ + "shape":"HybridCustomerInstancesSettings", + "documentation":"

Updates to the self-managed AD configuration, including DNS server IP addresses and Amazon Web Services System Manager managed node identifiers.

" + } + } + }, + "UpdateHybridADResult":{ + "type":"structure", "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

The identifier of the updated hybrid directory.

" + }, + "AssessmentId":{ + "shape":"AssessmentId", + "documentation":"

The identifier of the assessment performed to validate the update configuration. This assessment ensures the updated settings are compatible with your environment.

" + } } }, "UpdateInfoEntry":{ @@ -5081,7 +6030,7 @@ "documentation":"

The last updated date and time of a particular directory setting.

" } }, - "documentation":"

An entry of update information related to a requested update type.

" + "documentation":"

An entry of update information related to a requested update type.

" }, "UpdateNumberOfDomainControllersRequest":{ "type":"structure", @@ -5102,8 +6051,7 @@ }, "UpdateNumberOfDomainControllersResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRadiusRequest":{ "type":"structure", @@ -5125,8 +6073,7 @@ }, "UpdateRadiusResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the results of the UpdateRadius operation.

" }, "UpdateSecurityGroupForDirectoryControllers":{"type":"boolean"}, @@ -5191,7 +6138,11 @@ }, "UpdateType":{ "type":"string", - "enum":["OS"] + "enum":[ + "OS", + "NETWORK", + "SIZE" + ] }, "UpdateValue":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/ds/2015-04-16/waiters-2.json 2.31.35-1/awscli/botocore/data/ds/2015-04-16/waiters-2.json --- 2.23.6-1/awscli/botocore/data/ds/2015-04-16/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds/2015-04-16/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +{ + "version": 2, + "waiters": { + "HybridADUpdated": { + "operation": "DescribeHybridADUpdate", + "delay": 120, + "maxAttempts": 60, + "acceptors": [ + { + "state": "success", + "matcher": "pathAll", + "argument": "UpdateActivities.SelfManagedInstances[].Status", + "expected": "Updated" + }, + { + "state": "failure", + "matcher": "pathAny", + "argument": "UpdateActivities.SelfManagedInstances[].Status", + "expected": "UpdateFailed" + } + ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/ds-data/2023-05-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ds-data/2023-05-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ds-data/2023-05-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds-data/2023-05-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ds-data/2023-05-31/service-2.json 2.31.35-1/awscli/botocore/data/ds-data/2023-05-31/service-2.json --- 2.23.6-1/awscli/botocore/data/ds-data/2023-05-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ds-data/2023-05-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,8 @@ "serviceId":"Directory Service Data", "signatureVersion":"v4", "signingName":"ds-data", - "uid":"directory-service-data-2023-05-31" + "uid":"directory-service-data-2023-05-31", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddGroupMember":{ @@ -643,7 +644,7 @@ }, "OtherAttributes":{ "shape":"LdapDisplayNameList", - "documentation":"

One or more attributes to be returned for the group. For a list of supported attributes, see Directory Service Data Attributes.

" + "documentation":"

One or more attributes to be returned for the group. For a list of supported attributes, see Directory Service Data Attributes.

" }, "Realm":{ "shape":"Realm", @@ -764,7 +765,7 @@ }, "UserPrincipalName":{ "shape":"UserPrincipalName", - "documentation":"

The UPN that is an Internet-style login name for a user and is based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

" + "documentation":"

The UPN that is an Internet-style login name for a user and is based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

" } } }, @@ -1532,7 +1533,7 @@ }, "OtherAttributes":{ "shape":"Attributes", - "documentation":"

An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.

Attribute names are case insensitive.

" + "documentation":"

An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.

Attribute names are case insensitive.

" }, "SAMAccountName":{ "shape":"UserName", @@ -1591,7 +1592,7 @@ }, "UserPrincipalName":{ "shape":"UserPrincipalName", - "documentation":"

The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

" + "documentation":"

The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

" } }, "documentation":"

A user object that contains identifying information and attributes for a specified user.

" diff -pruN 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/completions-1.json 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/completions-1.json --- 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/completions-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/completions-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,58 @@ +{ + "version": "1.0", + "resources": { + "Cluster": { + "operation": "ListClusters", + "resourceIdentifier": { + "identifier": "clusters[].identifier", + "arn": "clusters[].arn" + } + } + }, + "operations": { + "DeleteCluster": { + "identifier": { + "completions": [ + { + "resourceName": "Cluster", + "resourceIdentifier": "identifier", + "parameters": {} + } + ] + } + }, + "GetCluster": { + "identifier": { + "completions": [ + { + "resourceName": "Cluster", + "resourceIdentifier": "identifier", + "parameters": {} + } + ] + } + }, + "GetVpcEndpointServiceName": { + "identifier": { + "completions": [ + { + "resourceName": "Cluster", + "resourceIdentifier": "identifier", + "parameters": {} + } + ] + } + }, + "UpdateCluster": { + "identifier": { + "completions": [ + { + "resourceName": "Cluster", + "resourceIdentifier": "identifier", + "parameters": {} + } + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/dsql/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dsql/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,31 +25,12 @@ "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"ConflictException"} - ], - "documentation":"

Creates a cluster in Amazon Aurora DSQL.

" - }, - "CreateMultiRegionClusters":{ - "name":"CreateMultiRegionClusters", - "http":{ - "method":"POST", - "requestUri":"/multi-region-clusters", - "responseCode":200 - }, - "input":{"shape":"CreateMultiRegionClustersInput"}, - "output":{"shape":"CreateMultiRegionClustersOutput"}, - "errors":[ - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, {"shape":"InternalServerException"}, {"shape":"ConflictException"} ], - "documentation":"

Creates multi-Region clusters in Amazon Aurora DSQL. Multi-Region clusters require a linked Region list, which is an array of the Regions in which you want to create linked clusters. Multi-Region clusters require a witness Region, which participates in quorum in failure scenarios.

" + "documentation":"

The CreateCluster API allows you to create both single-Region clusters and multi-Region clusters. With the addition of the multiRegionProperties parameter, you can create a cluster with witness Region support and establish peer relationships with clusters in other Regions during creation.

Creating multi-Region clusters requires additional IAM permissions beyond those needed for single-Region clusters, as detailed in the Required permissions section below.

Required permissions

dsql:CreateCluster

Required to create a cluster.

Resources: arn:aws:dsql:region:account-id:cluster/*

dsql:TagResource

Permission to add tags to a resource.

Resources: arn:aws:dsql:region:account-id:cluster/*

dsql:PutMultiRegionProperties

Permission to configure multi-Region properties for a cluster.

Resources: arn:aws:dsql:region:account-id:cluster/*

dsql:AddPeerCluster

When specifying multiRegionProperties.clusters, permission to add peer clusters.

Resources:

  • Local cluster: arn:aws:dsql:region:account-id:cluster/*

  • Each peer cluster: exact ARN of each specified peer cluster

dsql:PutWitnessRegion

When specifying multiRegionProperties.witnessRegion, permission to set a witness Region. This permission is checked both in the cluster Region and in the witness Region.

Resources: arn:aws:dsql:region:account-id:cluster/*

Condition Keys: dsql:WitnessRegion (matching the specified witness region)

  • The witness Region specified in multiRegionProperties.witnessRegion cannot be the same as the cluster's Region.

" }, "DeleteCluster":{ "name":"DeleteCluster", @@ -71,23 +52,24 @@ "documentation":"

Deletes a cluster in Amazon Aurora DSQL.

", "idempotent":true }, - "DeleteMultiRegionClusters":{ - "name":"DeleteMultiRegionClusters", + "DeleteClusterPolicy":{ + "name":"DeleteClusterPolicy", "http":{ "method":"DELETE", - "requestUri":"/multi-region-clusters", + "requestUri":"/cluster/{identifier}/policy", "responseCode":200 }, - "input":{"shape":"DeleteMultiRegionClustersInput"}, + "input":{"shape":"DeleteClusterPolicyInput"}, + "output":{"shape":"DeleteClusterPolicyOutput"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], - "documentation":"

Deletes a multi-Region cluster in Amazon Aurora DSQL.

", + "documentation":"

Deletes the resource-based policy attached to a cluster. This removes all access permissions defined by the policy, reverting to default access controls.

", "idempotent":true }, "GetCluster":{ @@ -106,7 +88,46 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Retrieves information about a cluster.

" + "documentation":"

Retrieves information about a cluster.

", + "readonly":true + }, + "GetClusterPolicy":{ + "name":"GetClusterPolicy", + "http":{ + "method":"GET", + "requestUri":"/cluster/{identifier}/policy", + "responseCode":200 + }, + "input":{"shape":"GetClusterPolicyInput"}, + "output":{"shape":"GetClusterPolicyOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves the resource-based policy document attached to a cluster. This policy defines the access permissions and conditions for the cluster.

", + "readonly":true + }, + "GetVpcEndpointServiceName":{ + "name":"GetVpcEndpointServiceName", + "http":{ + "method":"GET", + "requestUri":"/clusters/{identifier}/vpc-endpoint-service-name", + "responseCode":200 + }, + "input":{"shape":"GetVpcEndpointServiceNameInput"}, + "output":{"shape":"GetVpcEndpointServiceNameOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Retrieves the VPC endpoint service name.

", + "readonly":true }, "ListClusters":{ "name":"ListClusters", @@ -124,7 +145,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Retrieves information about a list of clusters.

" + "documentation":"

Retrieves information about a list of clusters.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -142,7 +164,28 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Lists all of the tags for a resource.

" + "documentation":"

Lists all of the tags for a resource.

", + "readonly":true + }, + "PutClusterPolicy":{ + "name":"PutClusterPolicy", + "http":{ + "method":"POST", + "requestUri":"/cluster/{identifier}/policy", + "responseCode":200 + }, + "input":{"shape":"PutClusterPolicyInput"}, + "output":{"shape":"PutClusterPolicyOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

Attaches a resource-based policy to a cluster. This policy defines access permissions and conditions for the cluster, allowing you to control which principals can perform actions on the cluster.

", + "idempotent":true }, "TagResource":{ "name":"TagResource", @@ -192,13 +235,13 @@ "output":{"shape":"UpdateClusterOutput"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], - "documentation":"

Updates a cluster.

" + "documentation":"

The UpdateCluster API allows you to modify both single-Region and multi-Region cluster configurations. With the multiRegionProperties parameter, you can add or modify witness Region support and manage peer relationships with clusters in other Regions.

Note that updating multi-Region clusters requires additional IAM permissions beyond those needed for standard cluster updates, as detailed in the Permissions section.

Required permissions

dsql:UpdateCluster

Permission to update a DSQL cluster.

Resources: arn:aws:dsql:region:account-id:cluster/cluster-id

dsql:PutMultiRegionProperties

Permission to configure multi-Region properties for a cluster.

Resources: arn:aws:dsql:region:account-id:cluster/cluster-id

dsql:GetCluster

Permission to retrieve cluster information.

Resources: arn:aws:dsql:region:account-id:cluster/cluster-id

dsql:AddPeerCluster

Permission to add peer clusters.

Resources:

  • Local cluster: arn:aws:dsql:region:account-id:cluster/cluster-id

  • Each peer cluster: exact ARN of each specified peer cluster

dsql:RemovePeerCluster

Permission to remove peer clusters. The dsql:RemovePeerCluster permission uses a wildcard ARN pattern to simplify permission management during updates.

Resources: arn:aws:dsql:*:account-id:cluster/*

dsql:PutWitnessRegion

Permission to set a witness Region.

Resources: arn:aws:dsql:region:account-id:cluster/cluster-id

Condition Keys: dsql:WitnessRegion (matching the specified witness Region)

This permission is checked both in the cluster Region and in the witness Region.

  • The witness region specified in multiRegionProperties.witnessRegion cannot be the same as the cluster's Region.

  • When updating clusters with peer relationships, permissions are checked for both adding and removing peers.

  • The dsql:RemovePeerCluster permission uses a wildcard ARN pattern to simplify permission management during updates.

" } }, "shapes":{ @@ -217,56 +260,60 @@ }, "Arn":{ "type":"string", - "documentation":"

Amazon Resource Name

", + "documentation":"

Amazon Resource Name.

", "max":1011, "min":1, "pattern":"arn:.+" }, + "BypassPolicyLockoutSafetyCheck":{ + "type":"boolean", + "box":true + }, "ClientToken":{ "type":"string", - "documentation":"

Idempotency Token

", + "documentation":"

Idempotency token so a request is only processed once.

", "max":128, "min":1, "pattern":"[!-~]+" }, "ClusterArn":{ "type":"string", - "documentation":"

Cluster ARN

" + "documentation":"

The Amazon Resource Name of the cluster.

", + "pattern":"arn:aws(-[^:]+)?:dsql:[a-z0-9-]{1,20}:[0-9]{12}:cluster/[a-z0-9]{26}" }, "ClusterArnList":{ "type":"list", "member":{"shape":"ClusterArn"}, - "documentation":"

List of cluster arns

" + "documentation":"

A list of the Amazon Resource Names of the cluster.

" }, "ClusterCreationTime":{ "type":"timestamp", - "documentation":"

Timestamp when the Cluster was created

" + "documentation":"

The timestamp when the cluster was created.

" }, "ClusterId":{ "type":"string", - "documentation":"

The ID of the cluster

" + "documentation":"

The ID of the cluster.

", + "pattern":"[a-z0-9]{26}" }, "ClusterList":{ "type":"list", "member":{"shape":"ClusterSummary"}, - "documentation":"

List of clusters

" - }, - "ClusterPropertyMap":{ - "type":"map", - "key":{"shape":"Region"}, - "value":{"shape":"LinkedClusterProperties"}, - "documentation":"

Properties for each linked cluster

" + "documentation":"

The list of clusters.

" }, "ClusterStatus":{ "type":"string", - "documentation":"

Cluster Status

", + "documentation":"

The current status of a cluster.

", "enum":[ "CREATING", "ACTIVE", + "IDLE", + "INACTIVE", "UPDATING", "DELETING", "DELETED", - "FAILED" + "FAILED", + "PENDING_SETUP", + "PENDING_DELETE" ] }, "ClusterSummary":{ @@ -315,6 +362,10 @@ "shape":"DeletionProtectionEnabled", "documentation":"

If enabled, you can't delete your cluster. You must first disable this property before you can delete your cluster.

" }, + "kmsEncryptionKey":{ + "shape":"KmsEncryptionKey", + "documentation":"

The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.

" + }, "tags":{ "shape":"TagMap", "documentation":"

A map of key and value pairs to use to tag your cluster.

" @@ -323,6 +374,18 @@ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you don't specify a client token, the Amazon Web Services SDK automatically generates one.

", "idempotencyToken":true + }, + "multiRegionProperties":{ + "shape":"MultiRegionProperties", + "documentation":"

The configuration settings when creating a multi-Region cluster, including the witness region and linked cluster properties.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

An optional resource-based policy document in JSON format that defines access permissions for the cluster.

" + }, + "bypassPolicyLockoutSafetyCheck":{ + "shape":"BypassPolicyLockoutSafetyCheck", + "documentation":"

An optional field that controls whether to bypass the lockout prevention check. When set to true, this parameter allows you to apply a policy that might lock you out of the cluster. Use with caution.

" } } }, @@ -352,48 +415,24 @@ "shape":"ClusterCreationTime", "documentation":"

The time of when created the cluster.

" }, + "multiRegionProperties":{ + "shape":"MultiRegionProperties", + "documentation":"

The multi-Region cluster configuration details that were set during cluster creation

" + }, + "encryptionDetails":{ + "shape":"EncryptionDetails", + "documentation":"

The encryption configuration for the cluster that was specified during the creation process, including the KMS key identifier and encryption state.

" + }, "deletionProtectionEnabled":{ "shape":"DeletionProtectionEnabled", "documentation":"

Whether deletion protection is enabled on this cluster.

" - } - }, - "documentation":"

Output Mixin

" - }, - "CreateMultiRegionClustersInput":{ - "type":"structure", - "required":[ - "linkedRegionList", - "witnessRegion" - ], - "members":{ - "linkedRegionList":{ - "shape":"RegionList", - "documentation":"

An array of the Regions in which you want to create additional clusters.

" - }, - "clusterProperties":{ - "shape":"ClusterPropertyMap", - "documentation":"

A mapping of properties to use when creating linked clusters.

" }, - "witnessRegion":{ - "shape":"Region", - "documentation":"

The witness Region of multi-Region clusters.

" - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully. The subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you don't specify a client token, the Amazon Web Services SDK automatically generates one.

", - "idempotencyToken":true - } - } - }, - "CreateMultiRegionClustersOutput":{ - "type":"structure", - "required":["linkedClusterArns"], - "members":{ - "linkedClusterArns":{ - "shape":"ClusterArnList", - "documentation":"

An array that contains the ARNs of all linked clusters.

" + "endpoint":{ + "shape":"Endpoint", + "documentation":"

The connection endpoint for the created cluster.

" } - } + }, + "documentation":"

The output of a created cluster.

" }, "DeleteClusterInput":{ "type":"structure", @@ -420,8 +459,7 @@ "identifier", "arn", "status", - "creationTime", - "deletionProtectionEnabled" + "creationTime" ], "members":{ "identifier":{ @@ -439,38 +477,90 @@ "creationTime":{ "shape":"ClusterCreationTime", "documentation":"

The time of when the cluster was created.

" - }, - "deletionProtectionEnabled":{ - "shape":"DeletionProtectionEnabled", - "documentation":"

Specifies whether deletion protection was enabled on the cluster.

" } }, - "documentation":"

Output Mixin

" + "documentation":"

The output from a deleted cluster.

" }, - "DeleteMultiRegionClustersInput":{ + "DeleteClusterPolicyInput":{ "type":"structure", - "required":["linkedClusterArns"], + "required":["identifier"], "members":{ - "linkedClusterArns":{ - "shape":"ClusterArnList", - "documentation":"

The ARNs of the clusters linked to the cluster you want to delete. also deletes these clusters as part of the operation.

", + "identifier":{ + "shape":"ClusterId", + "location":"uri", + "locationName":"identifier" + }, + "expectedPolicyVersion":{ + "shape":"PolicyVersion", + "documentation":"

The expected version of the policy to delete. This parameter ensures that you're deleting the correct version of the policy and helps prevent accidental deletions.

", "location":"querystring", - "locationName":"linked-cluster-arns" + "locationName":"expected-policy-version" }, "clientToken":{ "shape":"ClientToken", - "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully. The subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you don't specify a client token, the Amazon Web Services SDK automatically generates one.

", "idempotencyToken":true, "location":"querystring", "locationName":"client-token" } } }, + "DeleteClusterPolicyOutput":{ + "type":"structure", + "required":["policyVersion"], + "members":{ + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

The version of the policy that was deleted.

" + } + } + }, "DeletionProtectionEnabled":{ "type":"boolean", - "documentation":"

Deletion Protection

", + "documentation":"

Indicates whether deletion protection is enabled for a cluster.

", "box":true }, + "EncryptionDetails":{ + "type":"structure", + "required":[ + "encryptionType", + "encryptionStatus" + ], + "members":{ + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

The type of encryption that protects the data on your cluster.

" + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The ARN of the KMS key that encrypts data in the cluster.

" + }, + "encryptionStatus":{ + "shape":"EncryptionStatus", + "documentation":"

The status of encryption for the cluster.

" + } + }, + "documentation":"

Configuration details about encryption for the cluster including the KMS key ARN, encryption type, and encryption status.

" + }, + "EncryptionStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "UPDATING", + "KMS_KEY_INACCESSIBLE", + "ENABLING" + ] + }, + "EncryptionType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KMS_KEY", + "CUSTOMER_MANAGED_KMS_KEY" + ] + }, + "Endpoint":{ + "type":"string", + "pattern":"[a-zA-Z0-9.-]+" + }, "GetClusterInput":{ "type":"structure", "required":["identifier"], @@ -513,16 +603,72 @@ "shape":"DeletionProtectionEnabled", "documentation":"

Whether deletion protection is enabled in this cluster.

" }, - "witnessRegion":{ - "shape":"Region", - "documentation":"

The witness Region of the cluster. Applicable only for multi-Region clusters.

" + "multiRegionProperties":{ + "shape":"MultiRegionProperties", + "documentation":"

Returns the current multi-Region cluster configuration, including witness region and linked cluster information.

" }, - "linkedClusterArns":{ - "shape":"ClusterArnList", - "documentation":"

The ARNs of the clusters linked to the retrieved cluster.

" + "tags":{"shape":"TagMap"}, + "encryptionDetails":{ + "shape":"EncryptionDetails", + "documentation":"

The current encryption configuration details for the cluster.

" + }, + "endpoint":{ + "shape":"Endpoint", + "documentation":"

The connection endpoint for the cluster.

" } }, - "documentation":"

Output Mixin

" + "documentation":"

The output of a cluster.

" + }, + "GetClusterPolicyInput":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"ClusterId", + "documentation":"

The ID of the cluster to retrieve the policy from.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetClusterPolicyOutput":{ + "type":"structure", + "required":[ + "policy", + "policyVersion" + ], + "members":{ + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy document attached to the cluster, returned as a JSON string.

" + }, + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

The version of the policy document. This version number is incremented each time the policy is updated.

" + } + } + }, + "GetVpcEndpointServiceNameInput":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"ClusterId", + "documentation":"

The ID of the cluster to retrieve.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetVpcEndpointServiceNameOutput":{ + "type":"structure", + "required":["serviceName"], + "members":{ + "serviceName":{ + "shape":"ServiceName", + "documentation":"

The VPC endpoint service name.

" + } + } }, "Integer":{ "type":"integer", @@ -546,20 +692,13 @@ "fault":true, "retryable":{"throttling":false} }, - "LinkedClusterProperties":{ - "type":"structure", - "members":{ - "deletionProtectionEnabled":{ - "shape":"DeletionProtectionEnabled", - "documentation":"

Whether deletion protection is enabled.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

A map of key and value pairs the linked cluster is tagged with.

" - } - }, - "documentation":"

Properties of linked clusters.

" + "KmsEncryptionKey":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[a-zA-Z0-9:/_-]+" }, + "KmsKeyArn":{"type":"string"}, "ListClustersInput":{ "type":"structure", "members":{ @@ -614,26 +753,82 @@ }, "MaxResults":{ "type":"integer", - "documentation":"

Max results that will be returned per page

", + "documentation":"

Max results that will be returned per page.

", "box":true, "max":100, "min":1 }, + "MultiRegionProperties":{ + "type":"structure", + "members":{ + "witnessRegion":{ + "shape":"Region", + "documentation":"

The Region that serves as the witness region for a multi-Region cluster. The witness Region helps maintain cluster consistency and quorum.

" + }, + "clusters":{ + "shape":"ClusterArnList", + "documentation":"

The set of peered clusters that form the multi-Region cluster configuration. Each peered cluster represents a database instance in a different Region.

" + } + }, + "documentation":"

Defines the structure for multi-Region cluster configurations, containing the witness region and linked cluster settings.

" + }, "NextToken":{ "type":"string", - "documentation":"

Opaque token used to retrieve next page

" + "documentation":"

Token used to retrieve next page.

" + }, + "PolicyDocument":{ + "type":"string", + "documentation":"

A resource-based policy document in JSON format. Length constraints: Minimum length of 1. Maximum length of 20480 characters (approximately 20KB).

", + "max":20480, + "min":1 + }, + "PolicyVersion":{"type":"string"}, + "PutClusterPolicyInput":{ + "type":"structure", + "required":[ + "identifier", + "policy" + ], + "members":{ + "identifier":{ + "shape":"ClusterId", + "location":"uri", + "locationName":"identifier" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy document to attach to the cluster. This should be a valid JSON policy document that defines permissions and conditions.

" + }, + "bypassPolicyLockoutSafetyCheck":{ + "shape":"BypassPolicyLockoutSafetyCheck", + "documentation":"

A flag that allows you to bypass the policy lockout safety check. When set to true, this parameter allows you to apply a policy that might lock you out of the cluster. Use with caution.

" + }, + "expectedPolicyVersion":{ + "shape":"PolicyVersion", + "documentation":"

The expected version of the current policy. This parameter ensures that you're updating the correct version of the policy and helps prevent concurrent modification conflicts.

" + }, + "clientToken":{ + "shape":"ClientToken", + "idempotencyToken":true + } + } + }, + "PutClusterPolicyOutput":{ + "type":"structure", + "required":["policyVersion"], + "members":{ + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

The version of the policy after it has been updated or created.

" + } + } }, "Region":{ "type":"string", - "documentation":"

AWS Region name (e.g.: 'us-east-1')

", - "max":20, + "documentation":"

Region name.

", + "max":50, "min":0 }, - "RegionList":{ - "type":"list", - "member":{"shape":"Region"}, - "documentation":"

List of regions

" - }, "ResourceNotFoundException":{ "type":"structure", "required":[ @@ -645,11 +840,11 @@ "message":{"shape":"String"}, "resourceId":{ "shape":"String", - "documentation":"

Hypothetical identifier of the resource which does not exist

" + "documentation":"

The resource ID could not be found.

" }, "resourceType":{ "shape":"String", - "documentation":"

Hypothetical type of the resource which does not exist

" + "documentation":"

The resource type could not be found.

" } }, "documentation":"

The resource could not be found.

", @@ -659,6 +854,13 @@ }, "exception":true }, + "ServiceName":{ + "type":"string", + "documentation":"

The name of the VPC endpoint service that provides access to your cluster. Use this endpoint to establish a private connection between your VPC and the cluster.

", + "max":128, + "min":1, + "pattern":"com\\.amazonaws\\.[a-z0-9-]+\\.dsql-[a-f0-9]{6}" + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -671,23 +873,23 @@ "members":{ "message":{ "shape":"String", - "documentation":"

Description of the error

" + "documentation":"

The service exception for exceeding a quota.

" }, "resourceId":{ "shape":"String", - "documentation":"

Identifier of the resource affected

" + "documentation":"

The resource ID exceeds a quota.

" }, "resourceType":{ "shape":"String", - "documentation":"

Type of the resource affected

" + "documentation":"

The resource type exceeds a quota.

" }, "serviceCode":{ "shape":"String", - "documentation":"

Service Quotas requirement to identify originating service

" + "documentation":"

The request exceeds a service quota.

" }, "quotaCode":{ "shape":"String", - "documentation":"

Service Quotas requirement to identify originating quota

" + "documentation":"

The service exceeds a quota.

" } }, "documentation":"

The service limit was exceeded.

", @@ -700,7 +902,7 @@ "String":{"type":"string"}, "TagKey":{ "type":"string", - "documentation":"

Unique tag key, maximum 128 Unicode characters in UTF-8

", + "documentation":"

Unique tag key, maximum 128 Unicode characters in UTF-8.

", "max":128, "min":1, "pattern":"[a-zA-Z0-9_.:/=+\\-@ ]*" @@ -708,7 +910,7 @@ "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"}, - "documentation":"

List of tag keys

", + "documentation":"

List of tag keys.

", "max":200, "min":0 }, @@ -716,7 +918,7 @@ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, - "documentation":"

Map of tags

", + "documentation":"

Map of tags.

", "max":200, "min":0 }, @@ -741,7 +943,7 @@ }, "TagValue":{ "type":"string", - "documentation":"

Tag value, maximum 256 Unicode characters in UTF-8

", + "documentation":"

Tag value, maximum 256 Unicode characters in UTF-8.

", "max":256, "min":0, "pattern":"[a-zA-Z0-9_.:/=+\\-@ ]*" @@ -752,19 +954,19 @@ "members":{ "message":{ "shape":"String", - "documentation":"

Description of the error

" + "documentation":"

The message that the request was denied due to request throttling.

" }, "serviceCode":{ "shape":"String", - "documentation":"

Service Quotas requirement to identify originating service

" + "documentation":"

The request exceeds a service quota.

" }, "quotaCode":{ "shape":"String", - "documentation":"

Service Quotas requirement to identify originating quota

" + "documentation":"

The request exceeds a request rate quota.

" }, "retryAfterSeconds":{ "shape":"Integer", - "documentation":"

Advice to clients on when the call can be safely retried

", + "documentation":"

The request exceeds a request rate quota. Retry after seconds.

", "location":"header", "locationName":"Retry-After" } @@ -812,10 +1014,18 @@ "shape":"DeletionProtectionEnabled", "documentation":"

Specifies whether to enable deletion protection in your cluster.

" }, + "kmsEncryptionKey":{ + "shape":"KmsEncryptionKey", + "documentation":"

The KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have Amazon Web Services create a default key for you.

" + }, "clientToken":{ "shape":"ClientToken", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully. The subsequent retries with the same client token return the result from the original successful request and they have no additional effect.

If you don't specify a client token, the Amazon Web Services SDK automatically generates one.

", "idempotencyToken":true + }, + "multiRegionProperties":{ + "shape":"MultiRegionProperties", + "documentation":"

The new multi-Region cluster configuration settings to be applied during an update operation.

" } } }, @@ -825,8 +1035,7 @@ "identifier", "arn", "status", - "creationTime", - "deletionProtectionEnabled" + "creationTime" ], "members":{ "identifier":{ @@ -844,21 +1053,9 @@ "creationTime":{ "shape":"ClusterCreationTime", "documentation":"

The time of when the cluster was created.

" - }, - "deletionProtectionEnabled":{ - "shape":"DeletionProtectionEnabled", - "documentation":"

Whether deletion protection is enabled for the updated cluster.

" - }, - "witnessRegion":{ - "shape":"Region", - "documentation":"

The Region that receives all data you write to linked clusters.

" - }, - "linkedClusterArns":{ - "shape":"ClusterArnList", - "documentation":"

The ARNs of the clusters linked to the updated cluster. Applicable only for multi-Region clusters.

" } }, - "documentation":"

Output Mixin

" + "documentation":"

The details of the cluster after it has been updated.

" }, "ValidationException":{ "type":"structure", @@ -868,8 +1065,14 @@ ], "members":{ "message":{"shape":"String"}, - "reason":{"shape":"ValidationExceptionReason"}, - "fieldList":{"shape":"ValidationExceptionFieldList"} + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

The reason for the validation exception.

" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

A list of fields that didn't validate.

" + } }, "documentation":"

The input failed to satisfy the constraints specified by an Amazon Web Services service.

", "error":{ @@ -899,11 +1102,11 @@ "ValidationExceptionFieldList":{ "type":"list", "member":{"shape":"ValidationExceptionField"}, - "documentation":"

List of fields that caused the error

" + "documentation":"

A list of fields that didn't validate.

" }, "ValidationExceptionReason":{ "type":"string", - "documentation":"

Reason the request failed validation

", + "documentation":"

The reason for the validation exception.

", "enum":[ "unknownOperation", "cannotParse", @@ -913,5 +1116,5 @@ ] } }, - "documentation":"

This is an interface reference for Amazon Aurora DSQL. It contains documentation for one of the programming or command line interfaces you can use to manage Amazon Aurora DSQL.

Amazon Aurora DSQL is a serverless, distributed SQL database suitable for workloads of any size. Aurora DSQL is available in both single-Region and multi-Region configurations, so your clusters and databases are always available even if an Availability Zone or an Amazon Web Services Region are unavailable. Aurora DSQL lets you focus on using your data to acquire new insights for your business and customers.

" + "documentation":"

This is an interface reference for Amazon Aurora DSQL. It contains documentation for one of the programming or command line interfaces you can use to manage Amazon Aurora DSQL.

Amazon Aurora DSQL is a serverless, distributed SQL database suitable for workloads of any size. is available in both single-Region and multi-Region configurations, so your clusters and databases are always available even if an Availability Zone or an Amazon Web Services Region are unavailable. lets you focus on using your data to acquire new insights for your business and customers.

" } diff -pruN 2.23.6-1/awscli/botocore/data/dynamodb/2012-08-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dynamodb/2012-08-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dynamodb/2012-08-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dynamodb/2012-08-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,39 +5,49 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "AccountId": { "builtIn": "AWS::Auth::AccountId", "required": false, "documentation": "The AWS AccountId used for the request.", - "type": "String" + "type": "string" }, "AccountIdEndpointMode": { "builtIn": "AWS::Auth::AccountIdEndpointMode", "required": false, "documentation": "The AccountId Endpoint Mode.", - "type": "String" + "type": "string" + }, + "ResourceArn": { + "required": false, + "documentation": "ResourceArn containing arn of resource", + "type": "string" + }, + "ResourceArnList": { + "required": false, + "documentation": "ResourceArnList containing list of resource arns", + "type": "stringArray" } }, "rules": [ @@ -50,6 +60,92 @@ "ref": "Endpoint" } ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Endpoint" + }, + "https://dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}" + ] + } + ], + "error": "Endpoint override is not supported for dual-stack endpoints. Please enable dual-stack functionality by enabling the configuration. For more details, see: https://docs.aws.amazon.com/sdkref/latest/guide/feature-endpoints.html", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": "{Endpoint}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] } ], "rules": [ @@ -186,113 +282,6 @@ { "conditions": [ { - "fn": "isSet", - "argv": [ - { - "ref": "AccountIdEndpointMode" - } - ] - }, - { - "fn": "stringEquals", - "argv": [ - { - "ref": "AccountIdEndpointMode" - }, - "required" - ] - }, - { - "fn": "not", - "argv": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "AccountId" - } - ] - } - ] - } - ], - "error": "AccountIdEndpointMode is required but no AccountID was provided or able to be loaded.", - "type": "error" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "AccountId" - } - ] - }, - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws" - ] - }, - { - "fn": "not", - "argv": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ] - }, - { - "fn": "not", - "argv": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ] - }, - { - "fn": "not", - "argv": [ - { - "fn": "isValidHostLabel", - "argv": [ - { - "ref": "AccountId" - }, - false - ] - } - ] - } - ], - "error": "Credentials-sourced account ID parameter is invalid", - "type": "error" - }, - { - "conditions": [ - { "fn": "booleanEquals", "argv": [ { @@ -362,16 +351,18 @@ { "ref": "AccountIdEndpointMode" }, - "disabled" + "required" ] } ], - "endpoint": { - "url": "https://dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required and FIPS is enabled, but FIPS account endpoints are not supported", + "type": "error" + } + ], + "type": "tree" }, { "conditions": [], @@ -460,16 +451,18 @@ { "ref": "AccountIdEndpointMode" }, - "disabled" + "required" ] } ], - "endpoint": { - "url": "https://dynamodb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required and FIPS is enabled, but FIPS account endpoints are not supported", + "type": "error" + } + ], + "type": "tree" }, { "conditions": [], @@ -499,16 +492,18 @@ { "ref": "AccountIdEndpointMode" }, - "disabled" + "required" ] } ], - "endpoint": { - "url": "https://dynamodb-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required and FIPS is enabled, but FIPS account endpoints are not supported", + "type": "error" + } + ], + "type": "tree" }, { "conditions": [], @@ -573,23 +568,472 @@ ] }, { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "ResourceArn" + } + ] + }, + { + "fn": "aws.parseArn", + "argv": [ + { + "ref": "ResourceArn" + } + ], + "assign": "ParsedArn" + }, + { "fn": "stringEquals", "argv": [ { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "service" + ] + }, + "dynamodb" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + false + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + "{Region}" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "accountId" + ] + }, + false + ] + } + ], + "endpoint": { + "url": "https://{ParsedArn#accountId}.ddb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "disabled" + "aws" + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "ResourceArnList" + } + ] + }, + { + "fn": "getAttr", + "argv": [ + { + "ref": "ResourceArnList" + }, + "[0]" + ], + "assign": "FirstArn" + }, + { + "fn": "aws.parseArn", + "argv": [ + { + "ref": "FirstArn" + } + ], + "assign": "ParsedArn" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "service" + ] + }, + "dynamodb" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + false + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + "{Region}" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "accountId" + ] + }, + false ] } ], "endpoint": { - "url": "https://dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, + "url": "https://{ParsedArn#accountId}.ddb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, "headers": {} }, "type": "endpoint" }, { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountId" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isValidHostLabel", + "argv": [ + { + "ref": "AccountId" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://{AccountId}.ddb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Credentials-sourced account ID parameter is invalid", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "required" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + } + ], + "rules": [ + { + "conditions": [], + "error": "AccountIdEndpointMode is required but no AccountID was provided or able to be loaded", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required but account endpoints are not supported in this partition", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required and FIPS is enabled, but FIPS account endpoints are not supported", + "type": "error" + } + ], + "type": "tree" + }, + { "conditions": [], "endpoint": { "url": "https://dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", @@ -620,18 +1064,133 @@ ] }, { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] + } + ] + }, + { "fn": "stringEquals", "argv": [ { - "ref": "AccountIdEndpointMode" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "disabled" + "aws" + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "ResourceArn" + } + ] + }, + { + "fn": "aws.parseArn", + "argv": [ + { + "ref": "ResourceArn" + } + ], + "assign": "ParsedArn" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "service" + ] + }, + "dynamodb" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + false + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + "{Region}" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "accountId" + ] + }, + false ] } ], "endpoint": { - "url": "https://dynamodb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, + "url": "https://{ParsedArn#accountId}.ddb.{Region}.{PartitionResult#dnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, "headers": {} }, "type": "endpoint" @@ -642,7 +1201,21 @@ "fn": "isSet", "argv": [ { - "ref": "AccountId" + "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] } ] }, @@ -676,28 +1249,287 @@ ] }, { - "fn": "not", + "fn": "isSet", "argv": [ { - "fn": "booleanEquals", + "ref": "ResourceArnList" + } + ] + }, + { + "fn": "getAttr", + "argv": [ + { + "ref": "ResourceArnList" + }, + "[0]" + ], + "assign": "FirstArn" + }, + { + "fn": "aws.parseArn", + "argv": [ + { + "ref": "FirstArn" + } + ], + "assign": "ParsedArn" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", "argv": [ { - "ref": "UseDualStack" + "ref": "ParsedArn" }, - true + "service" ] - } + }, + "dynamodb" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + false + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "region" + ] + }, + "{Region}" + ] + }, + { + "fn": "isValidHostLabel", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "ParsedArn" + }, + "accountId" + ] + }, + false ] } ], "endpoint": { - "url": "https://{AccountId}.ddb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, + "url": "https://{ParsedArn#accountId}.ddb.{Region}.{PartitionResult#dnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, "headers": {} }, "type": "endpoint" }, { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "disabled" + ] + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountId" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isValidHostLabel", + "argv": [ + { + "ref": "AccountId" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://{AccountId}.ddb.{Region}.{PartitionResult#dnsSuffix}", + "properties": { + "metricValues": [ + "O" + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Credentials-sourced account ID parameter is invalid", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "AccountIdEndpointMode" + } + ] + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "AccountIdEndpointMode" + }, + "required" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "not", + "argv": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + } + ], + "rules": [ + { + "conditions": [], + "error": "AccountIdEndpointMode is required but no AccountID was provided or able to be loaded", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required but account endpoints are not supported in this partition", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: AccountIdEndpointMode is required and FIPS is enabled, but FIPS account endpoints are not supported", + "type": "error" + } + ], + "type": "tree" + }, + { "conditions": [], "endpoint": { "url": "https://dynamodb.{Region}.{PartitionResult#dnsSuffix}", diff -pruN 2.23.6-1/awscli/botocore/data/dynamodb/2012-08-10/service-2.json 2.31.35-1/awscli/botocore/data/dynamodb/2012-08-10/service-2.json --- 2.23.6-1/awscli/botocore/data/dynamodb/2012-08-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dynamodb/2012-08-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -25,7 +25,8 @@ "output":{"shape":"BatchExecuteStatementOutput"}, "errors":[ {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

This operation allows you to perform batch reads or writes on data stored in DynamoDB, using PartiQL. Each read statement in a BatchExecuteStatement must specify an equality condition on all key attributes. This enforces that each SELECT statement in a batch returns at most a single item. For more information, see Running batch operations with PartiQL for DynamoDB .

The entire batch must consist of either read statements or write statements, you cannot mix both in one batch.

A HTTP 200 response does not mean that all statements in the BatchExecuteStatement succeeded. Error details for individual statements can be found under the Error field of the BatchStatementResponse for each statement.

" }, @@ -41,10 +42,13 @@ {"shape":"ProvisionedThroughputExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], - "documentation":"

The BatchGetItem operation returns the attributes of one or more items from one or more tables. You identify requested items by primary key.

A single operation can retrieve up to 16 MB of data, which can contain as many as 100 items. BatchGetItem returns a partial result if the response size limit is exceeded, the table's provisioned throughput is exceeded, more than 1MB per partition is requested, or an internal processing failure occurs. If a partial result is returned, the operation returns a value for UnprocessedKeys. You can use this value to retry the operation starting with the next item to get.

If you request more than 100 items, BatchGetItem returns a ValidationException with the message \"Too many items requested for the BatchGetItem call.\"

For example, if you ask to retrieve 100 items, but each individual item is 300 KB in size, the system returns 52 items (so as not to exceed the 16 MB limit). It also returns an appropriate UnprocessedKeys value so you can get the next page of results. If desired, your application can include its own logic to assemble the pages of results into one dataset.

If none of the items can be processed due to insufficient provisioned throughput on all of the tables in the request, then BatchGetItem returns a ProvisionedThroughputExceededException. If at least one of the items is successfully processed, then BatchGetItem completes successfully, while returning the keys of the unread items in UnprocessedKeys.

If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, we strongly recommend that you use an exponential backoff algorithm. If you retry the batch operation immediately, the underlying read or write requests can still fail due to throttling on the individual tables. If you delay the batch operation using exponential backoff, the individual requests in the batch are much more likely to succeed.

For more information, see Batch Operations and Error Handling in the Amazon DynamoDB Developer Guide.

By default, BatchGetItem performs eventually consistent reads on every table in the request. If you want strongly consistent reads instead, you can set ConsistentRead to true for any or all tables.

In order to minimize response latency, BatchGetItem may retrieve items in parallel.

When designing your application, keep in mind that DynamoDB does not return items in any particular order. To help parse the response by item, include the primary key values for the items in your request in the ProjectionExpression parameter.

If a requested item does not exist, it is not returned in the result. Requests for nonexistent items consume the minimum read capacity units according to the type of read. For more information, see Working with Tables in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ + "documentation":"

The BatchGetItem operation returns the attributes of one or more items from one or more tables. You identify requested items by primary key.

A single operation can retrieve up to 16 MB of data, which can contain as many as 100 items. BatchGetItem returns a partial result if the response size limit is exceeded, the table's provisioned throughput is exceeded, more than 1MB per partition is requested, or an internal processing failure occurs. If a partial result is returned, the operation returns a value for UnprocessedKeys. You can use this value to retry the operation starting with the next item to get.

If you request more than 100 items, BatchGetItem returns a ValidationException with the message \"Too many items requested for the BatchGetItem call.\"

For example, if you ask to retrieve 100 items, but each individual item is 300 KB in size, the system returns 52 items (so as not to exceed the 16 MB limit). It also returns an appropriate UnprocessedKeys value so you can get the next page of results. If desired, your application can include its own logic to assemble the pages of results into one dataset.

If none of the items can be processed due to insufficient provisioned throughput on all of the tables in the request, then BatchGetItem returns a ProvisionedThroughputExceededException. If at least one of the items is successfully processed, then BatchGetItem completes successfully, while returning the keys of the unread items in UnprocessedKeys.

If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, we strongly recommend that you use an exponential backoff algorithm. If you retry the batch operation immediately, the underlying read or write requests can still fail due to throttling on the individual tables. If you delay the batch operation using exponential backoff, the individual requests in the batch are much more likely to succeed.

For more information, see Batch Operations and Error Handling in the Amazon DynamoDB Developer Guide.

By default, BatchGetItem performs eventually consistent reads on every table in the request. If you want strongly consistent reads instead, you can set ConsistentRead to true for any or all tables.

In order to minimize response latency, BatchGetItem may retrieve items in parallel.

When designing your application, keep in mind that DynamoDB does not return items in any particular order. To help parse the response by item, include the primary key values for the items in your request in the ProjectionExpression parameter.

If a requested item does not exist, it is not returned in the result. Requests for nonexistent items consume the minimum read capacity units according to the type of read. For more information, see Working with Tables in the Amazon DynamoDB Developer Guide.

BatchGetItem will result in a ValidationException if the same key is specified multiple times.

", + "endpointdiscovery":{}, + "operationContextParams":{ + "ResourceArnList":{"path":"keys(RequestItems)"} } }, "BatchWriteItem":{ @@ -60,10 +64,14 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ItemCollectionSizeLimitExceededException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ReplicatedWriteConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

The BatchWriteItem operation puts or deletes multiple items in one or more tables. A single call to BatchWriteItem can transmit up to 16MB of data over the network, consisting of up to 25 item put or delete operations. While individual items can be up to 400 KB once stored, it's important to note that an item's representation might be greater than 400KB while being sent in DynamoDB's JSON format for the API call. For more details on this distinction, see Naming Rules and Data Types.

BatchWriteItem cannot update items. If you perform a BatchWriteItem operation on an existing item, that item's values will be overwritten by the operation and it will appear like it was updated. To update items, we recommend you use the UpdateItem action.

The individual PutItem and DeleteItem operations specified in BatchWriteItem are atomic; however BatchWriteItem as a whole is not. If any requested operations fail because the table's provisioned throughput is exceeded or an internal processing failure occurs, the failed operations are returned in the UnprocessedItems response parameter. You can investigate and optionally resend the requests. Typically, you would call BatchWriteItem in a loop. Each iteration would check for unprocessed items and submit a new BatchWriteItem request with those unprocessed items until all items have been processed.

For tables and indexes with provisioned capacity, if none of the items can be processed due to insufficient provisioned throughput on all of the tables in the request, then BatchWriteItem returns a ProvisionedThroughputExceededException. For all tables and indexes, if none of the items can be processed due to other throttling scenarios (such as exceeding partition level limits), then BatchWriteItem returns a ThrottlingException.

If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, we strongly recommend that you use an exponential backoff algorithm. If you retry the batch operation immediately, the underlying read or write requests can still fail due to throttling on the individual tables. If you delay the batch operation using exponential backoff, the individual requests in the batch are much more likely to succeed.

For more information, see Batch Operations and Error Handling in the Amazon DynamoDB Developer Guide.

With BatchWriteItem, you can efficiently write or delete large amounts of data, such as from Amazon EMR, or copy data from another database into DynamoDB. In order to improve performance with these large-scale operations, BatchWriteItem does not behave in the same way as individual PutItem and DeleteItem calls would. For example, you cannot specify conditions on individual put and delete requests, and BatchWriteItem does not return deleted items in the response.

If you use a programming language that supports concurrency, you can use threads to write items in parallel. Your application must include the necessary logic to manage the threads. With languages that don't support threading, you must update or delete the specified items one at a time. In both situations, BatchWriteItem performs the specified put and delete operations in parallel, giving you the power of the thread pool approach without having to introduce complexity into your application.

Parallel processing reduces latency, but each specified put and delete request consumes the same number of write capacity units whether it is processed in parallel or not. Delete operations on nonexistent items consume one write capacity unit.

If one or more of the following is true, DynamoDB rejects the entire batch write operation:

  • One or more tables specified in the BatchWriteItem request does not exist.

  • Primary key attributes specified on an item in the request do not match those in the corresponding table's primary key schema.

  • You try to perform multiple operations on the same item in the same BatchWriteItem request. For example, you cannot put and delete the same item in the same BatchWriteItem request.

  • Your request contains at least two items with identical hash and range keys (which essentially is two put operations).

  • There are more than 25 requests in the batch.

  • Any individual item in a batch exceeds 400 KB.

  • The total request size exceeds 16 MB.

  • Any individual items with keys exceeding the key length limits. For a partition key, the limit is 2048 bytes and for a sort key, the limit is 1024 bytes.

", - "endpointdiscovery":{ + "endpointdiscovery":{}, + "operationContextParams":{ + "ResourceArnList":{"path":"keys(RequestItems)"} } }, "CreateBackup":{ @@ -83,8 +91,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Creates a backup for an existing table.

Each time you create an on-demand backup, the entire table data is backed up. There is no limit to the number of on-demand backups that can be taken.

When you create an on-demand backup, a time marker of the request is cataloged, and the backup is created asynchronously, by applying all changes until the time of the request to the last full table snapshot. Backup requests are processed instantaneously and become available for restore within minutes.

You can call CreateBackup at a maximum rate of 50 times per second.

All backups in DynamoDB work without consuming any provisioned throughput on the table.

If you submit a backup request on 2018-12-14 at 14:25:00, the backup is guaranteed to contain all data committed to the table up to 14:24:00, and data committed after 14:26:00 will not be. The backup might contain data modifications made between 14:24:00 and 14:26:00. On-demand backup does not support causal consistency.

Along with data, the following are also included on the backups:

  • Global secondary indexes (GSIs)

  • Local secondary indexes (LSIs)

  • Streams

  • Provisioned read and write capacity

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "CreateGlobalTable":{ "name":"CreateGlobalTable", @@ -101,8 +108,7 @@ {"shape":"TableNotFoundException"} ], "documentation":"

Creates a global table from an existing table. A global table creates a replication relationship between two or more DynamoDB tables with the same table name in the provided Regions.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

If you want to add a new replica table to a global table, each of the following conditions must be true:

  • The table must have the same primary key as all of the other replicas.

  • The table must have the same name as all of the other replicas.

  • The table must have DynamoDB Streams enabled, with the stream containing both the new and the old images of the item.

  • None of the replica tables in the global table can contain any data.

If global secondary indexes are specified, then the following conditions must also be met:

  • The global secondary indexes must have the same name.

  • The global secondary indexes must have the same hash key and sort key (if present).

If local secondary indexes are specified, then the following conditions must also be met:

  • The local secondary indexes must have the same name.

  • The local secondary indexes must have the same hash key and sort key (if present).

Write capacity settings should be set consistently across your replica tables and secondary indexes. DynamoDB strongly recommends enabling auto scaling to manage the write capacity settings for all of your global tables replicas and indexes.

If you prefer to manage write capacity settings manually, you should provision equal replicated write capacity units to your replica tables. You should also provision equal replicated write capacity units to matching secondary indexes across your global table.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "CreateTable":{ "name":"CreateTable", @@ -118,8 +124,7 @@ {"shape":"InternalServerError"} ], "documentation":"

The CreateTable operation adds a new table to your account. In an Amazon Web Services account, table names must be unique within each Region. That is, you can have two tables with same name if you create the tables in different Regions.

CreateTable is an asynchronous operation. Upon receiving a CreateTable request, DynamoDB immediately returns a response with a TableStatus of CREATING. After the table is created, DynamoDB sets the TableStatus to ACTIVE. You can perform read and write operations only on an ACTIVE table.

You can optionally define secondary indexes on the new table, as part of the CreateTable operation. If you want to create multiple tables with secondary indexes on them, you must create the tables sequentially. Only one table with secondary indexes can be in the CREATING state at any given time.

You can use the DescribeTable action to check the table status.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DeleteBackup":{ "name":"DeleteBackup", @@ -136,8 +141,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Deletes an existing backup of a table.

You can call DeleteBackup at a maximum rate of 10 times per second.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DeleteItem":{ "name":"DeleteItem", @@ -155,11 +159,11 @@ {"shape":"TransactionConflictException"}, {"shape":"RequestLimitExceeded"}, {"shape":"InternalServerError"}, - {"shape":"ReplicatedWriteConflictException"} + {"shape":"ReplicatedWriteConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Deletes a single item in a table by primary key. You can perform a conditional delete operation that deletes the item if it exists, or if it has an expected attribute value.

In addition to deleting an item, you can also return the item's attribute values in the same operation, using the ReturnValues parameter.

Unless you specify conditions, the DeleteItem is an idempotent operation; running it multiple times on the same item or attribute does not result in an error response.

Conditional deletes are useful for deleting items only if specific conditions are met. If those conditions are met, DynamoDB performs the delete. Otherwise, the item is not deleted.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DeleteResourcePolicy":{ "name":"DeleteResourcePolicy", @@ -177,8 +181,7 @@ {"shape":"LimitExceededException"} ], "documentation":"

Deletes the resource-based policy attached to the resource, which can be a table or stream.

DeleteResourcePolicy is an idempotent operation; running it multiple times on the same resource doesn't result in an error response, unless you specify an ExpectedRevisionId, which will then return a PolicyNotFoundException.

To make sure that you don't inadvertently lock yourself out of your own resources, the root principal in your Amazon Web Services account can perform DeleteResourcePolicy requests, even if your resource-based policy explicitly denies the root principal's access.

DeleteResourcePolicy is an asynchronous operation. If you issue a GetResourcePolicy request immediately after running the DeleteResourcePolicy request, DynamoDB might still return the deleted policy. This is because the policy for your resource might not have been deleted yet. Wait for a few seconds, and then try the GetResourcePolicy request again.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DeleteTable":{ "name":"DeleteTable", @@ -194,9 +197,8 @@ {"shape":"LimitExceededException"}, {"shape":"InternalServerError"} ], - "documentation":"

The DeleteTable operation deletes a table and all of its items. After a DeleteTable request, the specified table is in the DELETING state until DynamoDB completes the deletion. If the table is in the ACTIVE state, you can delete it. If a table is in CREATING or UPDATING states, then DynamoDB returns a ResourceInUseException. If the specified table does not exist, DynamoDB returns a ResourceNotFoundException. If table is already in the DELETING state, no error is returned.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).

DynamoDB might continue to accept data read and write operations, such as GetItem and PutItem, on a table in the DELETING state until the table deletion is complete. For the full list of table states, see TableStatus.

When you delete a table, any indexes on that table are also deleted.

If you have DynamoDB Streams enabled on the table, then the corresponding stream on that table goes into the DISABLED state, and the stream is automatically deleted after 24 hours.

Use the DescribeTable action to check the status of the table.

", - "endpointdiscovery":{ - } + "documentation":"

The DeleteTable operation deletes a table and all of its items. After a DeleteTable request, the specified table is in the DELETING state until DynamoDB completes the deletion. If the table is in the ACTIVE state, you can delete it. If a table is in CREATING or UPDATING states, then DynamoDB returns a ResourceInUseException. If the specified table does not exist, DynamoDB returns a ResourceNotFoundException. If table is already in the DELETING state, no error is returned.

DynamoDB might continue to accept data read and write operations, such as GetItem and PutItem, on a table in the DELETING state until the table deletion is complete. For the full list of table states, see TableStatus.

When you delete a table, any indexes on that table are also deleted.

If you have DynamoDB Streams enabled on the table, then the corresponding stream on that table goes into the DISABLED state, and the stream is automatically deleted after 24 hours.

Use the DescribeTable action to check the status of the table.

", + "endpointdiscovery":{} }, "DescribeBackup":{ "name":"DescribeBackup", @@ -211,8 +213,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Describes an existing backup of a table.

You can call DescribeBackup at a maximum rate of 10 times per second.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeContinuousBackups":{ "name":"DescribeContinuousBackups", @@ -227,8 +228,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Checks the status of continuous backups and point in time recovery on the specified table. Continuous backups are ENABLED on all tables at table creation. If point in time recovery is enabled, PointInTimeRecoveryStatus will be set to ENABLED.

After continuous backups and point in time recovery are enabled, you can restore to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime.

LatestRestorableDateTime is typically 5 minutes before the current time. You can restore your table to any point in time in the last 35 days. You can set the recovery period to any value between 1 and 35 days.

You can call DescribeContinuousBackups at a maximum rate of 10 times per second.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeContributorInsights":{ "name":"DescribeContributorInsights", @@ -283,8 +283,7 @@ {"shape":"GlobalTableNotFoundException"} ], "documentation":"

Returns information about the specified global table.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeGlobalTableSettings":{ "name":"DescribeGlobalTableSettings", @@ -299,8 +298,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Describes Region-specific settings for a global table.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeImport":{ "name":"DescribeImport", @@ -328,8 +326,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Returns information about the status of Kinesis streaming.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeLimits":{ "name":"DescribeLimits", @@ -343,8 +340,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Returns the current provisioned-capacity quotas for your Amazon Web Services account in a Region, both for the Region as a whole and for any one DynamoDB table that you create there.

When you establish an Amazon Web Services account, the account has initial quotas on the maximum read capacity units and write capacity units that you can provision across all of your DynamoDB tables in a given Region. Also, there are per-table quotas that apply when you create a table there. For more information, see Service, Account, and Table Quotas page in the Amazon DynamoDB Developer Guide.

Although you can increase these quotas by filing a case at Amazon Web Services Support Center, obtaining the increase is not instantaneous. The DescribeLimits action lets you write code to compare the capacity you are currently using to those quotas imposed by your account so that you have enough time to apply for an increase before you hit a quota.

For example, you could use one of the Amazon Web Services SDKs to do the following:

  1. Call DescribeLimits for a particular Region to obtain your current account quotas on provisioned capacity there.

  2. Create a variable to hold the aggregate read capacity units provisioned for all your tables in that Region, and one to hold the aggregate write capacity units. Zero them both.

  3. Call ListTables to obtain a list of all your DynamoDB tables.

  4. For each table name listed by ListTables, do the following:

    • Call DescribeTable with the table name.

    • Use the data returned by DescribeTable to add the read capacity units and write capacity units provisioned for the table itself to your variables.

    • If the table has one or more global secondary indexes (GSIs), loop over these GSIs and add their provisioned capacity values to your variables as well.

  5. Report the account quotas for that Region returned by DescribeLimits, along with the total current provisioned capacity levels you have calculated.

This will let you see whether you are getting close to your account-level quotas.

The per-table quotas apply only when you are creating a new table. They restrict the sum of the provisioned capacity of the new table itself and all its global secondary indexes.

For existing tables and their GSIs, DynamoDB doesn't let you increase provisioned capacity extremely rapidly, but the only quota that applies is that the aggregate provisioned capacity over all your tables and GSIs cannot exceed either of the per-account quotas.

DescribeLimits should only be called periodically. You can expect throttling errors if you call it more than once in a minute.

The DescribeLimits Request element has no content.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DescribeTable":{ "name":"DescribeTable", @@ -358,9 +354,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerError"} ], - "documentation":"

Returns information about the table, including the current status of the table, when it was created, the primary key schema, and any indexes on the table.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).

If you issue a DescribeTable request immediately after a CreateTable request, DynamoDB might return a ResourceNotFoundException. This is because DescribeTable uses an eventually consistent query, and the metadata for your table might not be available at that moment. Wait for a few seconds, and then try the DescribeTable request again.

", - "endpointdiscovery":{ - } + "documentation":"

Returns information about the table, including the current status of the table, when it was created, the primary key schema, and any indexes on the table.

If you issue a DescribeTable request immediately after a CreateTable request, DynamoDB might return a ResourceNotFoundException. This is because DescribeTable uses an eventually consistent query, and the metadata for your table might not be available at that moment. Wait for a few seconds, and then try the DescribeTable request again.

", + "endpointdiscovery":{} }, "DescribeTableReplicaAutoScaling":{ "name":"DescribeTableReplicaAutoScaling", @@ -374,7 +369,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerError"} ], - "documentation":"

Describes auto scaling settings across replicas of the global table at once.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).

" + "documentation":"

Describes auto scaling settings across replicas of the global table at once.

" }, "DescribeTimeToLive":{ "name":"DescribeTimeToLive", @@ -389,8 +384,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Gives a description of the Time to Live (TTL) status on the specified table.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "DisableKinesisStreamingDestination":{ "name":"DisableKinesisStreamingDestination", @@ -407,8 +401,7 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

Stops replication from the DynamoDB table to the Kinesis data stream. This is done without deleting either of the resources.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "EnableKinesisStreamingDestination":{ "name":"EnableKinesisStreamingDestination", @@ -425,8 +418,7 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

Starts table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow. If this operation doesn't return results immediately, use DescribeKinesisStreamingDestination to check if streaming to the Kinesis data stream is ACTIVE.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "ExecuteStatement":{ "name":"ExecuteStatement", @@ -444,7 +436,8 @@ {"shape":"TransactionConflictException"}, {"shape":"RequestLimitExceeded"}, {"shape":"InternalServerError"}, - {"shape":"DuplicateItemException"} + {"shape":"DuplicateItemException"}, + {"shape":"ThrottlingException"} ], "documentation":"

This operation allows you to perform reads and singleton writes on data stored in DynamoDB, using PartiQL.

For PartiQL reads (SELECT statement), if the total number of processed items exceeds the maximum dataset size limit of 1 MB, the read stops and results are returned to the user as a LastEvaluatedKey value to continue the read in a subsequent operation. If the filter criteria in WHERE clause does not match any data, the read will return an empty result set.

A single SELECT statement response can return up to the maximum number of items (if using the Limit parameter) or a maximum of 1 MB of data (and then apply any filtering to the results using WHERE clause). If LastEvaluatedKey is present in the response, you need to paginate the result set. If NextToken is present, you need to paginate the result set and include NextToken.

" }, @@ -463,7 +456,8 @@ {"shape":"IdempotentParameterMismatchException"}, {"shape":"ProvisionedThroughputExceededException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

This operation allows you to perform transactional reads or writes on data stored in DynamoDB, using PartiQL.

The entire transaction must consist of either read statements or write statements, you cannot mix both in one transaction. The EXISTS function is an exception and can be used to check the condition of specific attributes of the item in a similar manner to ConditionCheck in the TransactWriteItems API.

" }, @@ -497,11 +491,11 @@ {"shape":"ProvisionedThroughputExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

The GetItem operation returns a set of attributes for the item with the given primary key. If there is no matching item, GetItem does not return any data and there will be no Item element in the response.

GetItem provides an eventually consistent read by default. If your application requires a strongly consistent read, set ConsistentRead to true. Although a strongly consistent read might take more time than an eventually consistent read, it always returns the last updated value.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "GetResourcePolicy":{ "name":"GetResourcePolicy", @@ -517,8 +511,7 @@ {"shape":"PolicyNotFoundException"} ], "documentation":"

Returns the resource-based policy document attached to the resource, which can be a table or stream, in JSON format.

GetResourcePolicy follows an eventually consistent model. The following list describes the outcomes when you issue the GetResourcePolicy request immediately after issuing another request:

  • If you issue a GetResourcePolicy request immediately after a PutResourcePolicy request, DynamoDB might return a PolicyNotFoundException.

  • If you issue a GetResourcePolicyrequest immediately after a DeleteResourcePolicy request, DynamoDB might return the policy that was present before the deletion request.

  • If you issue a GetResourcePolicy request immediately after a CreateTable request, which includes a resource-based policy, DynamoDB might return a ResourceNotFoundException or a PolicyNotFoundException.

Because GetResourcePolicy uses an eventually consistent query, the metadata for your policy or table might not be available at that moment. Wait for a few seconds, and then retry the GetResourcePolicy request.

After a GetResourcePolicy request returns a policy created using the PutResourcePolicy request, the policy will be applied in the authorization of requests to the resource. Because this process is eventually consistent, it will take some time to apply the policy to all requests to a resource. Policies that you attach while creating a table using the CreateTable request will always be applied to all requests for that table.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "ImportTable":{ "name":"ImportTable", @@ -533,7 +526,10 @@ {"shape":"LimitExceededException"}, {"shape":"ImportConflictException"} ], - "documentation":"

Imports table data from an S3 bucket.

" + "documentation":"

Imports table data from an S3 bucket.

", + "operationContextParams":{ + "ResourceArn":{"path":"TableCreationParameters.TableName"} + } }, "ListBackups":{ "name":"ListBackups", @@ -547,8 +543,7 @@ {"shape":"InternalServerError"} ], "documentation":"

List DynamoDB backups that are associated with an Amazon Web Services account and weren't made with Amazon Web Services Backup. To list these backups for a given table, specify TableName. ListBackups returns a paginated list of results with at most 1 MB worth of items in a page. You can also specify a maximum number of entries to be returned in a page.

In the request, start time is inclusive, but end time is exclusive. Note that these boundaries are for the time at which the original backup was requested.

You can call ListBackups a maximum of five times per second.

If you want to retrieve the complete list of backups made with Amazon Web Services Backup, use the Amazon Web Services Backup list API.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "ListContributorInsights":{ "name":"ListContributorInsights", @@ -590,8 +585,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Lists all global tables that have a replica in the specified Region.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "ListImports":{ "name":"ListImports", @@ -618,8 +612,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Returns an array of table names associated with the current account and endpoint. The output from ListTables is paginated, with each page returning a maximum of 100 table names.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "ListTagsOfResource":{ "name":"ListTagsOfResource", @@ -634,8 +627,7 @@ {"shape":"InternalServerError"} ], "documentation":"

List all tags on an Amazon DynamoDB resource. You can call ListTagsOfResource up to 10 times per second, per account.

For an overview on tagging DynamoDB resources, see Tagging for DynamoDB in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "PutItem":{ "name":"PutItem", @@ -653,11 +645,11 @@ {"shape":"TransactionConflictException"}, {"shape":"RequestLimitExceeded"}, {"shape":"InternalServerError"}, - {"shape":"ReplicatedWriteConflictException"} + {"shape":"ReplicatedWriteConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Creates a new item, or replaces an old item with a new item. If an item that has the same primary key as the new item already exists in the specified table, the new item completely replaces the existing item. You can perform a conditional put operation (add a new item if one with the specified primary key doesn't exist), or replace an existing item if it has certain attribute values. You can return the item's attribute values in the same operation, using the ReturnValues parameter.

When you add an item, the primary key attributes are the only required attributes.

Empty String and Binary attribute values are allowed. Attribute values of type String and Binary must have a length greater than zero if the attribute is used as a key attribute for a table or index. Set type attributes cannot be empty.

Invalid Requests with empty values will be rejected with a ValidationException exception.

To prevent a new item from replacing an existing item, use a conditional expression that contains the attribute_not_exists function with the name of the attribute being used as the partition key for the table. Since every record must contain that attribute, the attribute_not_exists function will only succeed if no matching item exists.

For more information about PutItem, see Working with Items in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "PutResourcePolicy":{ "name":"PutResourcePolicy", @@ -675,8 +667,7 @@ {"shape":"ResourceInUseException"} ], "documentation":"

Attaches a resource-based policy document to the resource, which can be a table or stream. When you attach a resource-based policy using this API, the policy application is eventually consistent .

PutResourcePolicy is an idempotent operation; running it multiple times on the same resource using the same policy document will return the same revision ID. If you specify an ExpectedRevisionId that doesn't match the current policy's RevisionId, the PolicyNotFoundException will be returned.

PutResourcePolicy is an asynchronous operation. If you issue a GetResourcePolicy request immediately after a PutResourcePolicy request, DynamoDB might return your previous policy, if there was one, or return the PolicyNotFoundException. This is because GetResourcePolicy uses an eventually consistent query, and the metadata for your policy or table might not be available at that moment. Wait for a few seconds, and then try the GetResourcePolicy request again.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "Query":{ "name":"Query", @@ -690,11 +681,11 @@ {"shape":"ProvisionedThroughputExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

You must provide the name of the partition key attribute and a single value for that attribute. Query returns all items with that partition key value. Optionally, you can provide a sort key attribute and use a comparison operator to refine the search results.

Use the KeyConditionExpression parameter to provide a specific value for the partition key. The Query operation will return all of the items from the table or index with that partition key value. You can optionally narrow the scope of the Query operation by specifying a sort key value and a comparison operator in KeyConditionExpression. To further refine the Query results, you can optionally provide a FilterExpression. A FilterExpression determines which items within the results should be returned to you. All of the other results are discarded.

A Query operation always returns a result set. If no matching items are found, the result set will be empty. Queries that do not return results consume the minimum number of read capacity units for that type of read operation.

DynamoDB calculates the number of read capacity units consumed based on item size, not on the amount of data that is returned to an application. The number of capacity units consumed will be the same whether you request all of the attributes (the default behavior) or just some of them (using a projection expression). The number will also be the same whether or not you use a FilterExpression.

Query results are always sorted by the sort key value. If the data type of the sort key is Number, the results are returned in numeric order; otherwise, the results are returned in order of UTF-8 bytes. By default, the sort order is ascending. To reverse the order, set the ScanIndexForward parameter to false.

A single Query operation will read up to the maximum number of items set (if using the Limit parameter) or a maximum of 1 MB of data and then apply any filtering to the results using FilterExpression. If LastEvaluatedKey is present in the response, you will need to paginate the result set. For more information, see Paginating the Results in the Amazon DynamoDB Developer Guide.

FilterExpression is applied after a Query finishes, but before the results are returned. A FilterExpression cannot contain partition key or sort key attributes. You need to specify those attributes in the KeyConditionExpression.

A Query operation can return an empty result set and a LastEvaluatedKey if all the items read for the page of results are filtered out.

You can query a table, a local secondary index, or a global secondary index. For a query on a table or on a local secondary index, you can set the ConsistentRead parameter to true and obtain a strongly consistent result. Global secondary indexes support eventually consistent reads only, so do not specify ConsistentRead when querying a global secondary index.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "RestoreTableFromBackup":{ "name":"RestoreTableFromBackup", @@ -713,8 +704,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Creates a new table from an existing backup. Any number of users can execute up to 50 concurrent restores (any type of restore) in a given account.

You can call RestoreTableFromBackup at a maximum rate of 10 times per second.

You must manually set up the following on the restored table:

  • Auto scaling policies

  • IAM policies

  • Amazon CloudWatch metrics and alarms

  • Tags

  • Stream settings

  • Time to Live (TTL) settings

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "RestoreTableToPointInTime":{ "name":"RestoreTableToPointInTime", @@ -734,8 +724,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Restores the specified table to the specified point in time within EarliestRestorableDateTime and LatestRestorableDateTime. You can restore your table to any point in time in the last 35 days. You can set the recovery period to any value between 1 and 35 days. Any number of users can execute up to 50 concurrent restores (any type of restore) in a given account.

When you restore using point in time recovery, DynamoDB restores your table data to the state based on the selected date and time (day:hour:minute:second) to a new table.

Along with data, the following are also included on the new restored table using point in time recovery:

  • Global secondary indexes (GSIs)

  • Local secondary indexes (LSIs)

  • Provisioned read and write capacity

  • Encryption settings

    All these settings come from the current settings of the source table at the time of restore.

You must manually set up the following on the restored table:

  • Auto scaling policies

  • IAM policies

  • Amazon CloudWatch metrics and alarms

  • Tags

  • Stream settings

  • Time to Live (TTL) settings

  • Point in time recovery settings

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "Scan":{ "name":"Scan", @@ -749,11 +738,11 @@ {"shape":"ProvisionedThroughputExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

The Scan operation returns one or more items and item attributes by accessing every item in a table or a secondary index. To have DynamoDB return fewer items, you can provide a FilterExpression operation.

If the total size of scanned items exceeds the maximum dataset size limit of 1 MB, the scan completes and results are returned to the user. The LastEvaluatedKey value is also returned and the requestor can use the LastEvaluatedKey to continue the scan in a subsequent operation. Each scan response also includes number of items that were scanned (ScannedCount) as part of the request. If using a FilterExpression, a scan result can result in no items meeting the criteria and the Count will result in zero. If you did not use a FilterExpression in the scan request, then Count is the same as ScannedCount.

Count and ScannedCount only return the count of items specific to a single scan request and, unless the table is less than 1MB, do not represent the total number of items in the table.

A single Scan operation first reads up to the maximum number of items set (if using the Limit parameter) or a maximum of 1 MB of data and then applies any filtering to the results if a FilterExpression is provided. If LastEvaluatedKey is present in the response, pagination is required to complete the full table scan. For more information, see Paginating the Results in the Amazon DynamoDB Developer Guide.

Scan operations proceed sequentially; however, for faster performance on a large table or secondary index, applications can request a parallel Scan operation by providing the Segment and TotalSegments parameters. For more information, see Parallel Scan in the Amazon DynamoDB Developer Guide.

By default, a Scan uses eventually consistent reads when accessing the items in a table. Therefore, the results from an eventually consistent Scan may not include the latest item changes at the time the scan iterates through each item in the table. If you require a strongly consistent read of each item as the scan iterates through the items in the table, you can set the ConsistentRead parameter to true. Strong consistency only relates to the consistency of the read at the item level.

DynamoDB does not provide snapshot isolation for a scan operation when the ConsistentRead parameter is set to true. Thus, a DynamoDB scan operation does not guarantee that all reads in a scan see a consistent snapshot of the table when the scan operation was requested.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "TagResource":{ "name":"TagResource", @@ -769,8 +758,7 @@ {"shape":"ResourceInUseException"} ], "documentation":"

Associate a set of tags with an Amazon DynamoDB resource. You can then activate these user-defined tags so that they appear on the Billing and Cost Management console for cost allocation tracking. You can call TagResource up to five times per second, per account.

  • TagResource is an asynchronous operation. If you issue a ListTagsOfResource request immediately after a TagResource request, DynamoDB might return your previous tag set, if there was one, or an empty tag set. This is because ListTagsOfResource uses an eventually consistent query, and the metadata for your tags or table might not be available at that moment. Wait for a few seconds, and then try the ListTagsOfResource request again.

  • The application or removal of tags using TagResource and UntagResource APIs is eventually consistent. ListTagsOfResource API will only reflect the changes after a few seconds.

For an overview on tagging DynamoDB resources, see Tagging for DynamoDB in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "TransactGetItems":{ "name":"TransactGetItems", @@ -785,10 +773,13 @@ {"shape":"TransactionCanceledException"}, {"shape":"ProvisionedThroughputExceededException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

TransactGetItems is a synchronous operation that atomically retrieves multiple items from one or more tables (but not from indexes) in a single account and Region. A TransactGetItems call can contain up to 100 TransactGetItem objects, each of which contains a Get structure that specifies an item to retrieve from a table in the account and Region. A call to TransactGetItems cannot retrieve items from tables in more than one Amazon Web Services account or Region. The aggregate size of the items in the transaction cannot exceed 4 MB.

DynamoDB rejects the entire TransactGetItems request if any of the following is true:

  • A conflicting operation is in the process of updating an item to be read.

  • There is insufficient provisioned capacity for the transaction to be completed.

  • There is a user error, such as an invalid data format.

  • The aggregate size of the items in the transaction exceeded 4 MB.

", - "endpointdiscovery":{ + "endpointdiscovery":{}, + "operationContextParams":{ + "ResourceArnList":{"path":"TransactItems[*].Get.TableName"} } }, "TransactWriteItems":{ @@ -806,10 +797,13 @@ {"shape":"IdempotentParameterMismatchException"}, {"shape":"ProvisionedThroughputExceededException"}, {"shape":"RequestLimitExceeded"}, - {"shape":"InternalServerError"} + {"shape":"InternalServerError"}, + {"shape":"ThrottlingException"} ], "documentation":"

TransactWriteItems is a synchronous write operation that groups up to 100 action requests. These actions can target items in different tables, but not in different Amazon Web Services accounts or Regions, and no two actions can target the same item. For example, you cannot both ConditionCheck and Update the same item. The aggregate size of the items in the transaction cannot exceed 4 MB.

The actions are completed atomically so that either all of them succeed, or all of them fail. They are defined by the following objects:

  • Put  —   Initiates a PutItem operation to write a new item. This structure specifies the primary key of the item to be written, the name of the table to write it in, an optional condition expression that must be satisfied for the write to succeed, a list of the item's attributes, and a field indicating whether to retrieve the item's attributes if the condition is not met.

  • Update  —   Initiates an UpdateItem operation to update an existing item. This structure specifies the primary key of the item to be updated, the name of the table where it resides, an optional condition expression that must be satisfied for the update to succeed, an expression that defines one or more attributes to be updated, and a field indicating whether to retrieve the item's attributes if the condition is not met.

  • Delete  —   Initiates a DeleteItem operation to delete an existing item. This structure specifies the primary key of the item to be deleted, the name of the table where it resides, an optional condition expression that must be satisfied for the deletion to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.

  • ConditionCheck  —   Applies a condition to an item that is not being modified by the transaction. This structure specifies the primary key of the item to be checked, the name of the table where it resides, a condition expression that must be satisfied for the transaction to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.

DynamoDB rejects the entire TransactWriteItems request if any of the following is true:

  • A condition in one of the condition expressions is not met.

  • An ongoing operation is in the process of updating the same item.

  • There is insufficient provisioned capacity for the transaction to be completed.

  • An item size becomes too large (bigger than 400 KB), a local secondary index (LSI) becomes too large, or a similar validation error occurs because of changes made by the transaction.

  • The aggregate size of the items in the transaction exceeds 4 MB.

  • There is a user error, such as an invalid data format.

", - "endpointdiscovery":{ + "endpointdiscovery":{}, + "operationContextParams":{ + "ResourceArnList":{"path":"TransactItems[*].[ConditionCheck.TableName, Put.TableName, Delete.TableName, Update.TableName][]"} } }, "UntagResource":{ @@ -826,8 +820,7 @@ {"shape":"ResourceInUseException"} ], "documentation":"

Removes the association of tags from an Amazon DynamoDB resource. You can call UntagResource up to five times per second, per account.

  • UntagResource is an asynchronous operation. If you issue a ListTagsOfResource request immediately after an UntagResource request, DynamoDB might return your previous tag set, if there was one, or an empty tag set. This is because ListTagsOfResource uses an eventually consistent query, and the metadata for your tags or table might not be available at that moment. Wait for a few seconds, and then try the ListTagsOfResource request again.

  • The application or removal of tags using TagResource and UntagResource APIs is eventually consistent. ListTagsOfResource API will only reflect the changes after a few seconds.

For an overview on tagging DynamoDB resources, see Tagging for DynamoDB in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "UpdateContinuousBackups":{ "name":"UpdateContinuousBackups", @@ -842,9 +835,8 @@ {"shape":"ContinuousBackupsUnavailableException"}, {"shape":"InternalServerError"} ], - "documentation":"

UpdateContinuousBackups enables or disables point in time recovery for the specified table. A successful UpdateContinuousBackups call returns the current ContinuousBackupsDescription. Continuous backups are ENABLED on all tables at table creation. If point in time recovery is enabled, PointInTimeRecoveryStatus will be set to ENABLED.

Once continuous backups and point in time recovery are enabled, you can restore to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime.

LatestRestorableDateTime is typically 5 minutes before the current time. You can restore your table to any point in time in the last 35 days. You can set the recovery period to any value between 1 and 35 days.

", - "endpointdiscovery":{ - } + "documentation":"

UpdateContinuousBackups enables or disables point in time recovery for the specified table. A successful UpdateContinuousBackups call returns the current ContinuousBackupsDescription. Continuous backups are ENABLED on all tables at table creation. If point in time recovery is enabled, PointInTimeRecoveryStatus will be set to ENABLED.

Once continuous backups and point in time recovery are enabled, you can restore to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime.

LatestRestorableDateTime is typically 5 minutes before the current time. You can restore your table to any point in time in the last 35 days. You can set the RecoveryPeriodInDays to any value between 1 and 35 days.

", + "endpointdiscovery":{} }, "UpdateContributorInsights":{ "name":"UpdateContributorInsights", @@ -875,9 +867,8 @@ {"shape":"ReplicaNotFoundException"}, {"shape":"TableNotFoundException"} ], - "documentation":"

Adds or removes replicas in the specified global table. The global table must already exist to be able to use this operation. Any replica to be added must be empty, have the same name as the global table, have the same key schema, have DynamoDB Streams enabled, and have the same provisioned and maximum write capacity units.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version). If you are using global tables Version 2019.11.21 you can use UpdateTable instead.

Although you can use UpdateGlobalTable to add replicas and remove replicas in a single request, for simplicity we recommend that you issue separate requests for adding or removing replicas.

If global secondary indexes are specified, then the following conditions must also be met:

  • The global secondary indexes must have the same name.

  • The global secondary indexes must have the same hash key and sort key (if present).

  • The global secondary indexes must have the same provisioned and maximum write capacity units.

", - "endpointdiscovery":{ - } + "documentation":"

Adds or removes replicas in the specified global table. The global table must already exist to be able to use this operation. Any replica to be added must be empty, have the same name as the global table, have the same key schema, have DynamoDB Streams enabled, and have the same provisioned and maximum write capacity units.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

If you are using global tables Version 2019.11.21 (Current) you can use UpdateTable instead.

Although you can use UpdateGlobalTable to add replicas and remove replicas in a single request, for simplicity we recommend that you issue separate requests for adding or removing replicas.

If global secondary indexes are specified, then the following conditions must also be met:

  • The global secondary indexes must have the same name.

  • The global secondary indexes must have the same hash key and sort key (if present).

  • The global secondary indexes must have the same provisioned and maximum write capacity units.

", + "endpointdiscovery":{} }, "UpdateGlobalTableSettings":{ "name":"UpdateGlobalTableSettings", @@ -896,8 +887,7 @@ {"shape":"InternalServerError"} ], "documentation":"

Updates settings for a global table.

This documentation is for version 2017.11.29 (Legacy) of global tables, which should be avoided for new global tables. Customers should use Global Tables version 2019.11.21 (Current) when possible, because it provides greater flexibility, higher efficiency, and consumes less write capacity than 2017.11.29 (Legacy).

To determine which version you're using, see Determining the global table version you are using. To update existing global tables from version 2017.11.29 (Legacy) to version 2019.11.21 (Current), see Upgrading global tables.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "UpdateItem":{ "name":"UpdateItem", @@ -915,11 +905,11 @@ {"shape":"TransactionConflictException"}, {"shape":"RequestLimitExceeded"}, {"shape":"InternalServerError"}, - {"shape":"ReplicatedWriteConflictException"} + {"shape":"ReplicatedWriteConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Edits an existing item's attributes, or adds a new item to the table if it does not already exist. You can put, delete, or add attribute values. You can also perform a conditional update on an existing item (insert a new attribute name-value pair if it doesn't exist, or replace an existing name-value pair if it has certain expected attribute values).

You can also return the item's attribute values in the same UpdateItem operation using the ReturnValues parameter.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "UpdateKinesisStreamingDestination":{ "name":"UpdateKinesisStreamingDestination", @@ -936,8 +926,7 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

The command to update the Kinesis stream destination.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} }, "UpdateTable":{ "name":"UpdateTable", @@ -953,9 +942,8 @@ {"shape":"LimitExceededException"}, {"shape":"InternalServerError"} ], - "documentation":"

Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).

You can only perform one of the following operations at once:

  • Modify the provisioned throughput settings of the table.

  • Remove a global secondary index from the table.

  • Create a new global secondary index on the table. After the index begins backfilling, you can use UpdateTable to perform other operations.

UpdateTable is an asynchronous operation; while it's executing, the table status changes from ACTIVE to UPDATING. While it's UPDATING, you can't issue another UpdateTable request. When the table returns to the ACTIVE state, the UpdateTable operation is complete.

", - "endpointdiscovery":{ - } + "documentation":"

Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table.

You can only perform one of the following operations at once:

  • Modify the provisioned throughput settings of the table.

  • Remove a global secondary index from the table.

  • Create a new global secondary index on the table. After the index begins backfilling, you can use UpdateTable to perform other operations.

UpdateTable is an asynchronous operation; while it's executing, the table status changes from ACTIVE to UPDATING. While it's UPDATING, you can't issue another UpdateTable request. When the table returns to the ACTIVE state, the UpdateTable operation is complete.

", + "endpointdiscovery":{} }, "UpdateTableReplicaAutoScaling":{ "name":"UpdateTableReplicaAutoScaling", @@ -971,7 +959,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalServerError"} ], - "documentation":"

Updates auto scaling settings on your global tables at once.

For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).

" + "documentation":"

Updates auto scaling settings on your global tables at once.

" }, "UpdateTimeToLive":{ "name":"UpdateTimeToLive", @@ -988,8 +976,7 @@ {"shape":"InternalServerError"} ], "documentation":"

The UpdateTimeToLive method enables or disables Time to Live (TTL) for the specified table. A successful UpdateTimeToLive call returns the current TimeToLiveSpecification. It can take up to one hour for the change to fully process. Any additional UpdateTimeToLive calls for the same table during this one hour duration result in a ValidationException.

TTL compares the current time in epoch time format to the time stored in the TTL attribute of an item. If the epoch time value stored in the attribute is less than the current time, the item is marked as expired and subsequently deleted.

The epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.

DynamoDB deletes expired items on a best-effort basis to ensure availability of throughput for other data operations.

DynamoDB typically deletes expired items within two days of expiration. The exact duration within which an item gets deleted after expiration is specific to the nature of the workload. Items that have expired and not been deleted will still show up in reads, queries, and scans.

As items are deleted, they are removed from any local secondary index and global secondary index immediately in the same eventually consistent way as a standard delete operation.

For more information, see Time To Live in the Amazon DynamoDB Developer Guide.

", - "endpointdiscovery":{ - } + "endpointdiscovery":{} } }, "shapes":{ @@ -1275,6 +1262,7 @@ }, "documentation":"

Represents the settings of a target tracking scaling policy that will be modified.

" }, + "AvailabilityErrorMessage":{"type":"string"}, "Backfilling":{"type":"boolean"}, "BackupArn":{ "type":"string", @@ -1799,7 +1787,7 @@ "documentation":"

Item which caused the ConditionalCheckFailedException.

" } }, - "documentation":"

A condition specified in the operation could not be evaluated.

", + "documentation":"

A condition specified in the operation failed to be evaluated.

", "exception":true }, "ConditionalOperator":{ @@ -1887,6 +1875,13 @@ "DISABLE" ] }, + "ContributorInsightsMode":{ + "type":"string", + "enum":[ + "ACCESSED_AND_THROTTLED_KEYS", + "THROTTLED_KEYS" + ] + }, "ContributorInsightsRule":{ "type":"string", "pattern":"[A-Za-z0-9][A-Za-z0-9\\-\\_\\.]{0,126}[A-Za-z0-9]" @@ -1923,6 +1918,10 @@ "ContributorInsightsStatus":{ "shape":"ContributorInsightsStatus", "documentation":"

Describes the current status for contributor insights for the given table and index, if applicable.

" + }, + "ContributorInsightsMode":{ + "shape":"ContributorInsightsMode", + "documentation":"

Indicates the current mode of CloudWatch Contributor Insights, specifying whether it tracks all access and throttled events or throttled events only for the DynamoDB table or index.

" } }, "documentation":"

Represents a Contributor Insights summary entry.

" @@ -1936,7 +1935,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "BackupName":{ "shape":"BackupName", @@ -1979,7 +1979,7 @@ }, "OnDemandThroughput":{ "shape":"OnDemandThroughput", - "documentation":"

The maximum number of read and write units for the global secondary index being created. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.

" + "documentation":"

The maximum number of read and write units for the global secondary index being created. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both. You must use either OnDemand Throughput or ProvisionedThroughput based on your table's capacity mode.

" }, "WarmThroughput":{ "shape":"WarmThroughput", @@ -1997,7 +1997,8 @@ "members":{ "GlobalTableName":{ "shape":"TableName", - "documentation":"

The global table name.

" + "documentation":"

The global table name.

", + "contextParam":{"name":"ResourceArn"} }, "ReplicationGroup":{ "shape":"ReplicaList", @@ -2014,6 +2015,17 @@ } } }, + "CreateGlobalTableWitnessGroupMemberAction":{ + "type":"structure", + "required":["RegionName"], + "members":{ + "RegionName":{ + "shape":"RegionName", + "documentation":"

The Amazon Web Services Region name to be added as a witness Region for the MRSC global table. The witness must be in a different Region than the replicas and within the same Region set:

  • US Region set: US East (N. Virginia), US East (Ohio), US West (Oregon)

  • EU Region set: Europe (Ireland), Europe (London), Europe (Paris), Europe (Frankfurt)

  • AP Region set: Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka)

" + } + }, + "documentation":"

Specifies the action to add a new witness Region to a MRSC global table. A MRSC global table can be configured with either three replicas, or with two replicas and one witness.

" + }, "CreateReplicaAction":{ "type":"structure", "required":["RegionName"], @@ -2070,7 +2082,8 @@ }, "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to create. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to create. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "KeySchema":{ "shape":"KeySchema", @@ -2078,15 +2091,15 @@ }, "LocalSecondaryIndexes":{ "shape":"LocalSecondaryIndexList", - "documentation":"

One or more local secondary indexes (the maximum is 5) to be created on the table. Each index is scoped to a given partition key value. There is a 10 GB size limit per partition key value; otherwise, the size of a local secondary index is unconstrained.

Each local secondary index in the array includes the following:

  • IndexName - The name of the local secondary index. Must be unique only for this table.

  • KeySchema - Specifies the key schema for the local secondary index. The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.

" + "documentation":"

One or more local secondary indexes (the maximum is 5) to be created on the table. Each index is scoped to a given partition key value. There is a 10 GB size limit per partition key value; otherwise, the size of a local secondary index is unconstrained.

Each local secondary index in the array includes the following:

  • IndexName - The name of the local secondary index. Must be unique only for this table.

  • KeySchema - Specifies the key schema for the local secondary index. The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of INCLUDE. You still can specify the ProjectionType of ALL to project all attributes from the source table, even if the table has more than 100 attributes.

" }, "GlobalSecondaryIndexes":{ "shape":"GlobalSecondaryIndexList", - "documentation":"

One or more global secondary indexes (the maximum is 20) to be created on the table. Each global secondary index in the array includes the following:

  • IndexName - The name of the global secondary index. Must be unique only for this table.

  • KeySchema - Specifies the key schema for the global secondary index.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.

  • ProvisionedThroughput - The provisioned throughput settings for the global secondary index, consisting of read and write capacity units.

" + "documentation":"

One or more global secondary indexes (the maximum is 20) to be created on the table. Each global secondary index in the array includes the following:

  • IndexName - The name of the global secondary index. Must be unique only for this table.

  • KeySchema - Specifies the key schema for the global secondary index.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of INCLUDE. You still can specify the ProjectionType of ALL to project all attributes from the source table, even if the table has more than 100 attributes.

  • ProvisionedThroughput - The provisioned throughput settings for the global secondary index, consisting of read and write capacity units.

" }, "BillingMode":{ "shape":"BillingMode", - "documentation":"

Controls how you are charged for read and write throughput and how you manage capacity. This setting can be changed later.

  • PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned capacity mode.

  • PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-demand capacity mode.

" + "documentation":"

Controls how you are charged for read and write throughput and how you manage capacity. This setting can be changed later.

  • PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for most DynamoDB workloads. PAY_PER_REQUEST sets the billing mode to On-demand capacity mode.

  • PROVISIONED - We recommend using PROVISIONED for steady workloads with predictable growth where capacity requirements can be reliably forecasted. PROVISIONED sets the billing mode to Provisioned capacity mode.

" }, "ProvisionedThroughput":{ "shape":"ProvisionedThroughput", @@ -2210,7 +2223,8 @@ "members":{ "BackupArn":{ "shape":"BackupArn", - "documentation":"

The ARN associated with the backup.

" + "documentation":"

The ARN associated with the backup.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2234,6 +2248,17 @@ }, "documentation":"

Represents a global secondary index to be deleted from an existing table.

" }, + "DeleteGlobalTableWitnessGroupMemberAction":{ + "type":"structure", + "required":["RegionName"], + "members":{ + "RegionName":{ + "shape":"RegionName", + "documentation":"

The witness Region name to be removed from the MRSC global table.

" + } + }, + "documentation":"

Specifies the action to remove a witness Region from a MRSC global table. You cannot delete a single witness from a MRSC global table - you must delete both a replica and the witness together. The deletion of both a witness and replica converts the remaining replica to a single-Region DynamoDB table.

" + }, "DeleteItemInput":{ "type":"structure", "required":[ @@ -2243,7 +2268,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table from which to delete the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table from which to delete the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "Key":{ "shape":"Key", @@ -2342,7 +2368,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource from which the policy will be removed. The resources you can specify include tables and streams. If you remove the policy of a table, it will also remove the permissions for the table's indexes defined in that policy document. This is because index permissions are defined in the table's policy.

" + "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource from which the policy will be removed. The resources you can specify include tables and streams. If you remove the policy of a table, it will also remove the permissions for the table's indexes defined in that policy document. This is because index permissions are defined in the table's policy.

", + "contextParam":{"name":"ResourceArn"} }, "ExpectedRevisionId":{ "shape":"PolicyRevisionId", @@ -2365,7 +2392,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to delete. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to delete. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } }, "documentation":"

Represents the input of a DeleteTable operation.

" @@ -2387,7 +2415,8 @@ "members":{ "BackupArn":{ "shape":"BackupArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the backup.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the backup.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2406,7 +2435,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

Name of the table for which the customer wants to check the continuous backups and point in time recovery settings.

You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

Name of the table for which the customer wants to check the continuous backups and point in time recovery settings.

You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2425,7 +2455,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "IndexName":{ "shape":"IndexName", @@ -2459,13 +2490,16 @@ "FailureException":{ "shape":"FailureException", "documentation":"

Returns information about the last failure that was encountered.

The most common exceptions for a FAILED status are:

  • LimitExceededException - Per-account Amazon CloudWatch Contributor Insights rule limit reached. Please disable Contributor Insights for other tables/indexes OR disable Contributor Insights rules before retrying.

  • AccessDeniedException - Amazon CloudWatch Contributor Insights rules cannot be modified due to insufficient permissions.

  • AccessDeniedException - Failed to create service-linked role for Contributor Insights due to insufficient permissions.

  • InternalServerError - Failed to create Amazon CloudWatch Contributor Insights rules. Please retry request.

" + }, + "ContributorInsightsMode":{ + "shape":"ContributorInsightsMode", + "documentation":"

The mode of CloudWatch Contributor Insights for DynamoDB that determines which events are emitted. Can be set to track all access and throttled events or throttled events only.

" } } }, "DescribeEndpointsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEndpointsResponse":{ "type":"structure", @@ -2483,7 +2517,8 @@ "members":{ "ExportArn":{ "shape":"ExportArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the export.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the export.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2502,7 +2537,8 @@ "members":{ "GlobalTableName":{ "shape":"TableName", - "documentation":"

The name of the global table.

" + "documentation":"

The name of the global table.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2521,7 +2557,8 @@ "members":{ "GlobalTableName":{ "shape":"TableName", - "documentation":"

The name of the global table to describe.

" + "documentation":"

The name of the global table to describe.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2544,7 +2581,8 @@ "members":{ "ImportArn":{ "shape":"ImportArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the table you're importing to.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the table you're importing to.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2564,7 +2602,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table being described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table being described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2583,8 +2622,7 @@ }, "DescribeLimitsInput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Represents the input of a DescribeLimits operation. Has no content.

" }, "DescribeLimitsOutput":{ @@ -2615,7 +2653,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } }, "documentation":"

Represents the input of a DescribeTable operation.

" @@ -2636,7 +2675,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2655,7 +2695,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to be described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to be described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -2997,7 +3038,8 @@ "members":{ "TableArn":{ "shape":"TableArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the table to export.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the table to export.

", + "contextParam":{"name":"ResourceArn"} }, "ExportTime":{ "shape":"ExportTime", @@ -3135,7 +3177,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table containing the requested item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table containing the requested item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "Key":{ "shape":"Key", @@ -3181,7 +3224,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy is attached. The resources you can specify include tables and streams.

" + "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy is attached. The resources you can specify include tables and streams.

", + "contextParam":{"name":"ResourceArn"} } } }, @@ -3220,11 +3264,11 @@ }, "ProvisionedThroughput":{ "shape":"ProvisionedThroughput", - "documentation":"

Represents the provisioned throughput settings for the specified global secondary index.

For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide.

" + "documentation":"

Represents the provisioned throughput settings for the specified global secondary index. You must use either OnDemandThroughput or ProvisionedThroughput based on your table's capacity mode.

For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide.

" }, "OnDemandThroughput":{ "shape":"OnDemandThroughput", - "documentation":"

The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.

" + "documentation":"

The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both. You must use either OnDemandThroughput or ProvisionedThroughput based on your table's capacity mode.

" }, "WarmThroughput":{ "shape":"WarmThroughput", @@ -3469,6 +3513,44 @@ "UPDATING" ] }, + "GlobalTableWitnessDescription":{ + "type":"structure", + "members":{ + "RegionName":{ + "shape":"RegionName", + "documentation":"

The name of the Amazon Web Services Region that serves as a witness for the MRSC global table.

" + }, + "WitnessStatus":{ + "shape":"WitnessStatus", + "documentation":"

The current status of the witness Region in the MRSC global table.

" + } + }, + "documentation":"

Represents the properties of a witness Region in a MRSC global table.

" + }, + "GlobalTableWitnessDescriptionList":{ + "type":"list", + "member":{"shape":"GlobalTableWitnessDescription"} + }, + "GlobalTableWitnessGroupUpdate":{ + "type":"structure", + "members":{ + "Create":{ + "shape":"CreateGlobalTableWitnessGroupMemberAction", + "documentation":"

Specifies a witness Region to be added to a new MRSC global table. The witness must be added when creating the MRSC global table.

" + }, + "Delete":{ + "shape":"DeleteGlobalTableWitnessGroupMemberAction", + "documentation":"

Specifies a witness Region to be removed from an existing global table. Must be done in conjunction with removing a replica. The deletion of both a witness and replica converts the remaining replica to a single-Region DynamoDB table.

" + } + }, + "documentation":"

Represents one of the following:

  • A new witness to be added to a new global table.

  • An existing witness to be removed from an existing global table.

You can configure one witness per MRSC global table.

" + }, + "GlobalTableWitnessGroupUpdateList":{ + "type":"list", + "member":{"shape":"GlobalTableWitnessGroupUpdate"}, + "max":1, + "min":1 + }, "IdempotentParameterMismatchException":{ "type":"structure", "members":{ @@ -3971,7 +4053,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the DynamoDB table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the DynamoDB table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "StreamArn":{ "shape":"StreamArn", @@ -4025,7 +4108,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

Lists the backups from the table specified in TableName. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

Lists the backups from the table specified in TableName. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "Limit":{ "shape":"BackupsInputLimit", @@ -4067,7 +4151,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "NextToken":{ "shape":"NextTokenString", @@ -4101,7 +4186,8 @@ "members":{ "TableArn":{ "shape":"TableArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the exported table.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the exported table.

", + "contextParam":{"name":"ResourceArn"} }, "MaxResults":{ "shape":"ListExportsMaxLimit", @@ -4166,7 +4252,8 @@ "members":{ "TableArn":{ "shape":"TableArn", - "documentation":"

The Amazon Resource Name (ARN) associated with the table that was imported to.

" + "documentation":"

The Amazon Resource Name (ARN) associated with the table that was imported to.

", + "contextParam":{"name":"ResourceArn"} }, "PageSize":{ "shape":"ListImportsMaxLimit", @@ -4235,7 +4322,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

The Amazon DynamoDB resource with tags to be listed. This value is an Amazon Resource Name (ARN).

" + "documentation":"

The Amazon DynamoDB resource with tags to be listed. This value is an Amazon Resource Name (ARN).

", + "contextParam":{"name":"ResourceArn"} }, "NextToken":{ "shape":"NextTokenString", @@ -4453,7 +4541,7 @@ }, "RecoveryPeriodInDays":{ "shape":"RecoveryPeriodInDays", - "documentation":"

The number of preceding days for which continuous backups are taken and maintained. Your table data is only recoverable to any point-in-time from within the configured recovery period. This parameter is optional. If no value is provided, the value will default to 35.

" + "documentation":"

The number of preceding days for which continuous backups are taken and maintained. Your table data is only recoverable to any point-in-time from within the configured recovery period. This parameter is optional.

" }, "EarliestRestorableDateTime":{ "shape":"Date", @@ -4535,7 +4623,7 @@ }, "NonKeyAttributes":{ "shape":"NonKeyAttributeNameList", - "documentation":"

Represents the non-key attribute names which will be projected into the index.

For local secondary indexes, the total count of NonKeyAttributes summed across all of the local secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.

" + "documentation":"

Represents the non-key attribute names which will be projected into the index.

For global and local secondary indexes, the total count of NonKeyAttributes summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of INCLUDE. You still can specify the ProjectionType of ALL to project all attributes from the source table, even if the table has more than 100 attributes.

" } }, "documentation":"

Represents attributes that are copied (projected) from the table into an index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.

" @@ -4565,7 +4653,7 @@ "documentation":"

The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException. For more information, see Specifying Read and Write Requirements in the Amazon DynamoDB Developer Guide.

If read/write capacity mode is PAY_PER_REQUEST the value is set to 0.

" } }, - "documentation":"

Represents the provisioned throughput settings for a specified table or index. The settings can be modified using the UpdateTable operation.

For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide.

" + "documentation":"

Represents the provisioned throughput settings for the specified global secondary index. You must use ProvisionedThroughput or OnDemandThroughput based on your table’s capacity mode.

For current minimum and maximum provisioned throughput values, see Service, Account, and Table Quotas in the Amazon DynamoDB Developer Guide.

" }, "ProvisionedThroughputDescription":{ "type":"structure", @@ -4599,9 +4687,13 @@ "message":{ "shape":"ErrorMessage", "documentation":"

You exceeded your maximum allowed provisioned throughput.

" + }, + "ThrottlingReasons":{ + "shape":"ThrottlingReasonList", + "documentation":"

A list of ThrottlingReason that provide detailed diagnostic information about why the request was throttled.

" } }, - "documentation":"

Your request rate is too high. The Amazon Web Services SDKs for DynamoDB automatically retry requests that receive this exception. Your request is eventually successful, unless your retry queue is too large to finish. Reduce the frequency of requests and use exponential backoff. For more information, go to Error Retries and Exponential Backoff in the Amazon DynamoDB Developer Guide.

", + "documentation":"

The request was denied due to request throttling. For detailed information about why the request was throttled and the ARN of the impacted resource, find the ThrottlingReason field in the returned exception. The Amazon Web Services SDKs for DynamoDB automatically retry requests that receive this exception. Your request is eventually successful, unless your retry queue is too large to finish. Reduce the frequency of requests and use exponential backoff. For more information, go to Error Retries and Exponential Backoff in the Amazon DynamoDB Developer Guide.

", "exception":true }, "ProvisionedThroughputOverride":{ @@ -4657,7 +4749,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to contain the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to contain the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "Item":{ "shape":"PutItemInputAttributeMap", @@ -4742,7 +4835,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy will be attached. The resources you can specify include tables and streams.

You can control index permissions using the base table's policy. To specify the same permission level for your table and its indexes, you can provide both the table and index Amazon Resource Name (ARN)s in the Resource field of a given Statement in your policy document. Alternatively, to specify different permissions for your table, indexes, or both, you can define multiple Statement fields in your policy document.

" + "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy will be attached. The resources you can specify include tables and streams.

You can control index permissions using the base table's policy. To specify the same permission level for your table and its indexes, you can provide both the table and index Amazon Resource Name (ARN)s in the Resource field of a given Statement in your policy document. Alternatively, to specify different permissions for your table, indexes, or both, you can define multiple Statement fields in your policy document.

", + "contextParam":{"name":"ResourceArn"} }, "Policy":{ "shape":"ResourcePolicy", @@ -4773,7 +4867,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table containing the requested items. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table containing the requested items. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "IndexName":{ "shape":"IndexName", @@ -4865,6 +4960,7 @@ }, "documentation":"

Represents the output of a Query operation.

" }, + "Reason":{"type":"string"}, "RecoveryPeriodInDays":{ "type":"integer", "max":35, @@ -5228,7 +5324,10 @@ "DELETING", "ACTIVE", "REGION_DISABLED", - "INACCESSIBLE_ENCRYPTION_CREDENTIALS" + "INACCESSIBLE_ENCRYPTION_CREDENTIALS", + "ARCHIVING", + "ARCHIVED", + "REPLICATION_NOT_AUTHORIZED" ] }, "ReplicaStatusDescription":{"type":"string"}, @@ -5257,7 +5356,8 @@ "message":{"shape":"ErrorMessage"} }, "documentation":"

The request was rejected because one or more items in the request are being modified by a request in another Region.

", - "exception":true + "exception":true, + "retryable":{"throttling":false} }, "ReplicationGroupUpdate":{ "type":"structure", @@ -5285,11 +5385,16 @@ "RequestLimitExceeded":{ "type":"structure", "members":{ - "message":{"shape":"ErrorMessage"} + "message":{"shape":"ErrorMessage"}, + "ThrottlingReasons":{ + "shape":"ThrottlingReasonList", + "documentation":"

A list of ThrottlingReason that provide detailed diagnostic information about why the request was throttled.

" + } }, - "documentation":"

Throughput exceeds the current throughput quota for your account. Please contact Amazon Web Services Support to request a quota increase.

", + "documentation":"

Throughput exceeds the current throughput quota for your account. For detailed information about why the request was throttled and the ARN of the impacted resource, find the ThrottlingReason field in the returned exception. Contact Amazon Web ServicesSupport to request a quota increase.

", "exception":true }, + "Resource":{"type":"string"}, "ResourceArnString":{ "type":"string", "max":1283, @@ -5354,7 +5459,8 @@ "members":{ "TargetTableName":{ "shape":"TableName", - "documentation":"

The name of the new table to which the backup must be restored.

" + "documentation":"

The name of the new table to which the backup must be restored.

", + "contextParam":{"name":"ResourceArn"} }, "BackupArn":{ "shape":"BackupArn", @@ -5406,7 +5512,8 @@ }, "TargetTableName":{ "shape":"TableName", - "documentation":"

The name of the new table to which it must be restored to.

" + "documentation":"

The name of the new table to which it must be restored to.

", + "contextParam":{"name":"ResourceArn"} }, "UseLatestRestorableTime":{ "shape":"BooleanObject", @@ -5597,7 +5704,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table containing the requested items or if you provide IndexName, the name of the table to which that index belongs.

You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table containing the requested items or if you provide IndexName, the name of the table to which that index belongs.

You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "IndexName":{ "shape":"IndexName", @@ -5957,11 +6065,11 @@ }, "LocalSecondaryIndexes":{ "shape":"LocalSecondaryIndexDescriptionList", - "documentation":"

Represents one or more local secondary indexes on the table. Each index is scoped to a given partition key value. Tables with one or more local secondary indexes are subject to an item collection size limit, where the amount of data within a given item collection cannot exceed 10 GB. Each element is composed of:

  • IndexName - The name of the local secondary index.

  • KeySchema - Specifies the complete index key schema. The attribute names in the key schema must be between 1 and 255 characters (inclusive). The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.

  • IndexSizeBytes - Represents the total size of the index, in bytes. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • ItemCount - Represents the number of items in the index. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

If the table is in the DELETING state, no information about indexes will be returned.

" + "documentation":"

Represents one or more local secondary indexes on the table. Each index is scoped to a given partition key value. Tables with one or more local secondary indexes are subject to an item collection size limit, where the amount of data within a given item collection cannot exceed 10 GB. Each element is composed of:

  • IndexName - The name of the local secondary index.

  • KeySchema - Specifies the complete index key schema. The attribute names in the key schema must be between 1 and 255 characters (inclusive). The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - Only the specified table attributes are projected into the index. The list of projected attributes is in NonKeyAttributes.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of INCLUDE. You still can specify the ProjectionType of ALL to project all attributes from the source table, even if the table has more than 100 attributes.

  • IndexSizeBytes - Represents the total size of the index, in bytes. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • ItemCount - Represents the number of items in the index. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

If the table is in the DELETING state, no information about indexes will be returned.

" }, "GlobalSecondaryIndexes":{ "shape":"GlobalSecondaryIndexDescriptionList", - "documentation":"

The global secondary indexes, if any, on the table. Each index is scoped to a given partition key value. Each element is composed of:

  • Backfilling - If true, then the index is currently in the backfilling phase. Backfilling occurs only when a new global secondary index is added to the table. It is the process by which DynamoDB populates the new index with data from the table. (This attribute does not appear for indexes that were created during a CreateTable operation.)

    You can delete an index that is being created during the Backfilling phase when IndexStatus is set to CREATING and Backfilling is true. You can't delete the index that is being created when IndexStatus is set to CREATING and Backfilling is false. (This attribute does not appear for indexes that were created during a CreateTable operation.)

  • IndexName - The name of the global secondary index.

  • IndexSizeBytes - The total size of the global secondary index, in bytes. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • IndexStatus - The current status of the global secondary index:

    • CREATING - The index is being created.

    • UPDATING - The index is being updated.

    • DELETING - The index is being deleted.

    • ACTIVE - The index is ready for use.

  • ItemCount - The number of items in the global secondary index. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • KeySchema - Specifies the complete index key schema. The attribute names in the key schema must be between 1 and 255 characters (inclusive). The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total.

  • ProvisionedThroughput - The provisioned throughput settings for the global secondary index, consisting of read and write capacity units, along with data about increases and decreases.

If the table is in the DELETING state, no information about indexes will be returned.

" + "documentation":"

The global secondary indexes, if any, on the table. Each index is scoped to a given partition key value. Each element is composed of:

  • Backfilling - If true, then the index is currently in the backfilling phase. Backfilling occurs only when a new global secondary index is added to the table. It is the process by which DynamoDB populates the new index with data from the table. (This attribute does not appear for indexes that were created during a CreateTable operation.)

    You can delete an index that is being created during the Backfilling phase when IndexStatus is set to CREATING and Backfilling is true. You can't delete the index that is being created when IndexStatus is set to CREATING and Backfilling is false. (This attribute does not appear for indexes that were created during a CreateTable operation.)

  • IndexName - The name of the global secondary index.

  • IndexSizeBytes - The total size of the global secondary index, in bytes. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • IndexStatus - The current status of the global secondary index:

    • CREATING - The index is being created.

    • UPDATING - The index is being updated.

    • DELETING - The index is being deleted.

    • ACTIVE - The index is ready for use.

  • ItemCount - The number of items in the global secondary index. DynamoDB updates this value approximately every six hours. Recent changes might not be reflected in this value.

  • KeySchema - Specifies the complete index key schema. The attribute names in the key schema must be between 1 and 255 characters (inclusive). The key schema must begin with the same partition key as the table.

  • Projection - Specifies attributes that are copied (projected) from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Each attribute specification is composed of:

    • ProjectionType - One of the following:

      • KEYS_ONLY - Only the index and primary keys are projected into the index.

      • INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify.

      • ALL - All of the table attributes are projected into the index.

    • NonKeyAttributes - A list of one or more non-key attribute names that are projected into the secondary index. The total count of attributes provided in NonKeyAttributes, summed across all of the secondary indexes, must not exceed 100. If you project the same attribute into two different indexes, this counts as two distinct attributes when determining the total. This limit only applies when you specify the ProjectionType of INCLUDE. You still can specify the ProjectionType of ALL to project all attributes from the source table, even if the table has more than 100 attributes.

  • ProvisionedThroughput - The provisioned throughput settings for the global secondary index, consisting of read and write capacity units, along with data about increases and decreases.

If the table is in the DELETING state, no information about indexes will be returned.

" }, "StreamSpecification":{ "shape":"StreamSpecification", @@ -5983,6 +6091,10 @@ "shape":"ReplicaDescriptionList", "documentation":"

Represents replicas of the table.

" }, + "GlobalTableWitnesses":{ + "shape":"GlobalTableWitnessDescriptionList", + "documentation":"

The witness Region and its current status in the MRSC global table. Only one witness Region can be configured per MRSC global table.

" + }, "RestoreSummary":{ "shape":"RestoreSummary", "documentation":"

Contains details for the restore.

" @@ -6013,7 +6125,7 @@ }, "MultiRegionConsistency":{ "shape":"MultiRegionConsistency", - "documentation":"

Indicates one of the following consistency modes for a global table:

  • EVENTUAL: Indicates that the global table is configured for multi-Region eventual consistency.

  • STRONG: Indicates that the global table is configured for multi-Region strong consistency (preview).

    Multi-Region strong consistency (MRSC) is a new DynamoDB global tables capability currently available in preview mode. For more information, see Global tables multi-Region strong consistency.

If you don't specify this field, the global table consistency mode defaults to EVENTUAL.

" + "documentation":"

Indicates one of the following consistency modes for a global table:

  • EVENTUAL: Indicates that the global table is configured for multi-Region eventual consistency (MREC).

  • STRONG: Indicates that the global table is configured for multi-Region strong consistency (MRSC).

If you don't specify this field, the global table consistency mode defaults to EVENTUAL. For more information about global tables consistency modes, see Consistency modes in DynamoDB developer guide.

" } }, "documentation":"

Represents the properties of a table.

" @@ -6057,7 +6169,8 @@ "ACTIVE", "INACCESSIBLE_ENCRYPTION_CREDENTIALS", "ARCHIVING", - "ARCHIVED" + "ARCHIVED", + "REPLICATION_NOT_AUTHORIZED" ] }, "TableWarmThroughputDescription":{ @@ -6073,10 +6186,10 @@ }, "Status":{ "shape":"TableStatus", - "documentation":"

Represents warm throughput value of the base table..

" + "documentation":"

Represents warm throughput value of the base table.

" } }, - "documentation":"

Represents the warm throughput value (in read units per second and write units per second) of the base table.

" + "documentation":"

Represents the warm throughput value (in read units per second and write units per second) of the table. Warm throughput is applicable for DynamoDB Standard-IA tables and specifies the minimum provisioned capacity maintained for immediate data access.

" }, "Tag":{ "type":"structure", @@ -6118,7 +6231,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

Identifies the Amazon DynamoDB resource to which tags should be added. This value is an Amazon Resource Name (ARN).

" + "documentation":"

Identifies the Amazon DynamoDB resource to which tags should be added. This value is an Amazon Resource Name (ARN).

", + "contextParam":{"name":"ResourceArn"} }, "Tags":{ "shape":"TagList", @@ -6131,6 +6245,37 @@ "max":256, "min":0 }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"AvailabilityErrorMessage"}, + "throttlingReasons":{ + "shape":"ThrottlingReasonList", + "documentation":"

A list of ThrottlingReason that provide detailed diagnostic information about why the request was throttled.

" + } + }, + "documentation":"

The request was denied due to request throttling. For detailed information about why the request was throttled and the ARN of the impacted resource, find the ThrottlingReason field in the returned exception.

", + "exception":true, + "synthetic":true + }, + "ThrottlingReason":{ + "type":"structure", + "members":{ + "reason":{ + "shape":"Reason", + "documentation":"

The reason for throttling. The throttling reason follows a specific format: ResourceType+OperationType+LimitType:

  • Resource Type (What is being throttled): Table or Index

  • Operation Type (What kind of operation): Read or Write

  • Limit Type (Why the throttling occurred):

    • ProvisionedThroughputExceeded: The request rate is exceeding the provisioned throughput capacity (read or write capacity units) configured for a table or a global secondary index (GSI) in provisioned capacity mode.

    • AccountLimitExceeded: The request rate has caused a table or global secondary index (GSI) in on-demand mode to exceed the per-table account-level service quotas for read/write throughput in the current Amazon Web Services Region.

    • KeyRangeThroughputExceeded: The request rate directed at a specific partition key value has exceeded the internal partition-level throughput limits, indicating uneven access patterns across the table's or GSI's key space.

    • MaxOnDemandThroughputExceeded: The request rate has exceeded the configured maximum throughput limits set for a table or index in on-demand capacity mode.

Examples of complete throttling reasons:

  • TableReadProvisionedThroughputExceeded

  • IndexWriteAccountLimitExceeded

This helps identify exactly what resource is being throttled, what type of operation caused it, and why the throttling occurred.

" + }, + "resource":{ + "shape":"Resource", + "documentation":"

The Amazon Resource Name (ARN) of the DynamoDB table or index that experienced the throttling event.

" + } + }, + "documentation":"

Represents the specific reason why a DynamoDB request was throttled and the ARN of the impacted resource. This helps identify exactly what resource is being throttled, what type of operation caused it, and why the throttling occurred.

" + }, + "ThrottlingReasonList":{ + "type":"list", + "member":{"shape":"ThrottlingReason"} + }, "TimeRangeLowerBound":{"type":"timestamp"}, "TimeRangeUpperBound":{"type":"timestamp"}, "TimeToLiveAttributeName":{ @@ -6322,7 +6467,8 @@ "members":{ "ResourceArn":{ "shape":"ResourceArnString", - "documentation":"

The DynamoDB resource that the tags will be removed from. This value is an Amazon Resource Name (ARN).

" + "documentation":"

The DynamoDB resource that the tags will be removed from. This value is an Amazon Resource Name (ARN).

", + "contextParam":{"name":"ResourceArn"} }, "TagKeys":{ "shape":"TagKeyList", @@ -6378,7 +6524,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "PointInTimeRecoverySpecification":{ "shape":"PointInTimeRecoverySpecification", @@ -6404,7 +6551,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "IndexName":{ "shape":"IndexName", @@ -6413,6 +6561,10 @@ "ContributorInsightsAction":{ "shape":"ContributorInsightsAction", "documentation":"

Represents the contributor insights action.

" + }, + "ContributorInsightsMode":{ + "shape":"ContributorInsightsMode", + "documentation":"

Specifies whether to track all access and throttled events or throttled events only for the DynamoDB table or index.

" } } }, @@ -6430,6 +6582,10 @@ "ContributorInsightsStatus":{ "shape":"ContributorInsightsStatus", "documentation":"

The status of contributor insights

" + }, + "ContributorInsightsMode":{ + "shape":"ContributorInsightsMode", + "documentation":"

The updated mode of CloudWatch Contributor Insights that determines whether to monitor all access and throttled events or to track throttled events exclusively.

" } } }, @@ -6466,7 +6622,8 @@ "members":{ "GlobalTableName":{ "shape":"TableName", - "documentation":"

The global table name.

" + "documentation":"

The global table name.

", + "contextParam":{"name":"ResourceArn"} }, "ReplicaUpdates":{ "shape":"ReplicaUpdateList", @@ -6489,7 +6646,8 @@ "members":{ "GlobalTableName":{ "shape":"TableName", - "documentation":"

The name of the global table

" + "documentation":"

The name of the global table

", + "contextParam":{"name":"ResourceArn"} }, "GlobalTableBillingMode":{ "shape":"BillingMode", @@ -6535,7 +6693,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table containing the item to update. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table containing the item to update. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "Key":{ "shape":"Key", @@ -6622,7 +6781,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The table name for the Kinesis streaming destination input. You can also provide the ARN of the table in this parameter.

" + "documentation":"

The table name for the Kinesis streaming destination input. You can also provide the ARN of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "StreamArn":{ "shape":"StreamArn", @@ -6696,11 +6856,12 @@ }, "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "BillingMode":{ "shape":"BillingMode", - "documentation":"

Controls how you are charged for read and write throughput and how you manage capacity. When switching from pay-per-request to provisioned capacity, initial provisioned capacity values must be set. The initial provisioned capacity values are estimated based on the consumed read and write capacity of your table and global secondary indexes over the past 30 minutes.

  • PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to Provisioned capacity mode.

  • PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to On-demand capacity mode.

" + "documentation":"

Controls how you are charged for read and write throughput and how you manage capacity. When switching from pay-per-request to provisioned capacity, initial provisioned capacity values must be set. The initial provisioned capacity values are estimated based on the consumed read and write capacity of your table and global secondary indexes over the past 30 minutes.

  • PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for most DynamoDB workloads. PAY_PER_REQUEST sets the billing mode to On-demand capacity mode.

  • PROVISIONED - We recommend using PROVISIONED for steady workloads with predictable growth where capacity requirements can be reliably forecasted. PROVISIONED sets the billing mode to Provisioned capacity mode.

" }, "ProvisionedThroughput":{ "shape":"ProvisionedThroughput", @@ -6720,7 +6881,7 @@ }, "ReplicaUpdates":{ "shape":"ReplicationGroupUpdateList", - "documentation":"

A list of replica update actions (create, delete, or update) for the table.

For global tables, this property only applies to global tables using Version 2019.11.21 (Current version).

" + "documentation":"

A list of replica update actions (create, delete, or update) for the table.

" }, "TableClass":{ "shape":"TableClass", @@ -6732,7 +6893,11 @@ }, "MultiRegionConsistency":{ "shape":"MultiRegionConsistency", - "documentation":"

Specifies the consistency mode for a new global table. This parameter is only valid when you create a global table by specifying one or more Create actions in the ReplicaUpdates action list.

You can specify one of the following consistency modes:

  • EVENTUAL: Configures a new global table for multi-Region eventual consistency. This is the default consistency mode for global tables.

  • STRONG: Configures a new global table for multi-Region strong consistency (preview).

    Multi-Region strong consistency (MRSC) is a new DynamoDB global tables capability currently available in preview mode. For more information, see Global tables multi-Region strong consistency.

If you don't specify this parameter, the global table consistency mode defaults to EVENTUAL.

" + "documentation":"

Specifies the consistency mode for a new global table. This parameter is only valid when you create a global table by specifying one or more Create actions in the ReplicaUpdates action list.

You can specify one of the following consistency modes:

  • EVENTUAL: Configures a new global table for multi-Region eventual consistency (MREC). This is the default consistency mode for global tables.

  • STRONG: Configures a new global table for multi-Region strong consistency (MRSC).

If you don't specify this field, the global table consistency mode defaults to EVENTUAL. For more information about global tables consistency modes, see Consistency modes in DynamoDB developer guide.

" + }, + "GlobalTableWitnessUpdates":{ + "shape":"GlobalTableWitnessGroupUpdateList", + "documentation":"

A list of witness updates for a MRSC global table. A witness provides a cost-effective alternative to a full replica in a MRSC global table by maintaining replicated change data written to global table replicas. You cannot perform read or write operations on a witness. For each witness, you can request one action:

  • Create - add a new witness to the global table.

  • Delete - remove a witness from the global table.

You can create or delete only one witness per UpdateTable operation.

For more information, see Multi-Region strong consistency (MRSC) in the Amazon DynamoDB Developer Guide

" }, "OnDemandThroughput":{ "shape":"OnDemandThroughput", @@ -6765,7 +6930,8 @@ }, "TableName":{ "shape":"TableArn", - "documentation":"

The name of the global table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the global table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "ProvisionedWriteCapacityAutoScalingUpdate":{"shape":"AutoScalingSettingsUpdate"}, "ReplicaUpdates":{ @@ -6792,7 +6958,8 @@ "members":{ "TableName":{ "shape":"TableArn", - "documentation":"

The name of the table to be configured. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

" + "documentation":"

The name of the table to be configured. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.

", + "contextParam":{"name":"ResourceArn"} }, "TimeToLiveSpecification":{ "shape":"TimeToLiveSpecification", @@ -6824,6 +6991,14 @@ }, "documentation":"

Provides visibility into the number of read and write operations your table or secondary index can instantaneously support. The settings can be modified using the UpdateTable operation to meet the throughput requirements of an upcoming peak event.

" }, + "WitnessStatus":{ + "type":"string", + "enum":[ + "CREATING", + "DELETING", + "ACTIVE" + ] + }, "WriteRequest":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/dynamodbstreams/2012-08-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/dynamodbstreams/2012-08-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/dynamodbstreams/2012-08-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dynamodbstreams/2012-08-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,17 +118,31 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { "fn": "booleanEquals", "argv": [ { "ref": "UseFIPS" }, - true + false ] }, { @@ -143,149 +155,270 @@ ] } ], - "type": "tree", - "rules": [ + "endpoint": { + "url": "https://streams-dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [ + "fn": "stringEquals", + "argv": [ { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "PartitionResult" + }, + "name" ] }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://streams-dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "PartitionResult" + }, + "name" ] - } - ], - "type": "tree", - "rules": [ + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ { - "conditions": [], - "type": "tree", - "rules": [ + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://streams-dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ { - "conditions": [], - "endpoint": { - "url": "https://streams.dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "name" ] - } + }, + "aws-cn" ] }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://streams-dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [ { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { "fn": "booleanEquals", "argv": [ { "ref": "UseFIPS" }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], - "type": "tree", - "rules": [ + "endpoint": { + "url": "https://streams-dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [ + "fn": "stringEquals", + "argv": [ { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } + "ref": "PartitionResult" + }, + "name" ] - } - ], - "type": "tree", - "rules": [ + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ { - "conditions": [], - "type": "tree", - "rules": [ + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://streams-dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] - } - ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "ref": "PartitionResult" }, - { - "conditions": [], - "endpoint": { - "url": "https://streams.dynamodb-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "name" ] - } + }, + "aws-us-gov" ] }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://streams.dynamodb.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [ @@ -293,13 +426,21 @@ "fn": "booleanEquals", "argv": [ { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { "ref": "UseDualStack" }, true ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -313,215 +454,192 @@ { "ref": "PartitionResult" }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, "supportsDualStack" ] } ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "endpoint": { + "url": "https://streams.dynamodb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "local" - ] - } - ], - "endpoint": { - "url": "http://localhost:8000", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "dynamodb", - "signingRegion": "us-east-1" - } - ] + "ref": "UseFIPS" }, - "headers": {} - }, - "type": "endpoint" + true + ] }, { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws", { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] - } + }, + true ] } ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ + "rules": [ { - "fn": "stringEquals", - "argv": [ - "aws-cn", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] + "conditions": [], + "endpoint": { + "url": "https://streams.dynamodb-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.amazonaws.com.cn", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" }, { - "conditions": [ + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] - } - ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "ref": "UseFIPS" + }, + false + ] }, { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-iso", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsDualStack" ] } ] } ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.c2s.ic.gov", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ + "rules": [ { - "fn": "stringEquals", - "argv": [ - "aws-iso-b", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] + "conditions": [], + "endpoint": { + "url": "https://streams.dynamodb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.sc2s.sgov.gov", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": "https://streams.dynamodb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://streams.dynamodb.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/dynamodbstreams/2012-08-10/service-2.json 2.31.35-1/awscli/botocore/data/dynamodbstreams/2012-08-10/service-2.json --- 2.23.6-1/awscli/botocore/data/dynamodbstreams/2012-08-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/dynamodbstreams/2012-08-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"streams.dynamodb", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon DynamoDB Streams", "serviceId":"DynamoDB Streams", "signatureVersion":"v4", "signingName":"dynamodb", "targetPrefix":"DynamoDBStreams_20120810", - "uid":"streams-dynamodb-2012-08-10" + "uid":"streams-dynamodb-2012-08-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "DescribeStream":{ @@ -152,6 +154,10 @@ "ExclusiveStartShardId":{ "shape":"ShardId", "documentation":"

The shard ID of the first item that this operation will evaluate. Use the value that was returned for LastEvaluatedShardId in the previous operation.

" + }, + "ShardFilter":{ + "shape":"ShardFilter", + "documentation":"

This optional field contains the filter definition for the DescribeStream API.

" } }, "documentation":"

Represents the input of a DescribeStream operation.

" @@ -470,6 +476,24 @@ "type":"list", "member":{"shape":"Shard"} }, + "ShardFilter":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"ShardFilterType", + "documentation":"

Contains the type of filter to be applied on the DescribeStream API. Currently, the only value this parameter accepts is CHILD_SHARDS.

" + }, + "ShardId":{ + "shape":"ShardId", + "documentation":"

Contains the shardId of the parent shard for which you are requesting child shards.

Sample request:

" + } + }, + "documentation":"

This optional field contains the filter definition for the DescribeStream API.

" + }, + "ShardFilterType":{ + "type":"string", + "enum":["CHILD_SHARDS"] + }, "ShardId":{ "type":"string", "max":65, @@ -563,7 +587,7 @@ "members":{ "ApproximateCreationDateTime":{ "shape":"Date", - "documentation":"

The approximate date and time when the stream record was created, in UNIX epoch time format and rounded down to the closest second.

" + "documentation":"

The approximate date and time when the stream record was created, in ISO 8601 format and rounded down to the closest second.

" }, "Keys":{ "shape":"AttributeMap", diff -pruN 2.23.6-1/awscli/botocore/data/ebs/2019-11-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ebs/2019-11-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ebs/2019-11-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ebs/2019-11-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/ebs/2019-11-02/service-2.json 2.31.35-1/awscli/botocore/data/ebs/2019-11-02/service-2.json --- 2.23.6-1/awscli/botocore/data/ebs/2019-11-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ebs/2019-11-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"ebs", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Amazon EBS", "serviceFullName":"Amazon Elastic Block Store", "serviceId":"EBS", "signatureVersion":"v4", - "uid":"ebs-2019-11-02" + "uid":"ebs-2019-11-02", + "auth":["aws.auth#sigv4"] }, "operations":{ "CompleteSnapshot":{ @@ -103,7 +105,8 @@ {"shape":"InternalServerException"} ], "documentation":"

Writes a block of data to a snapshot. If the specified block contains data, the existing data is overwritten. The target snapshot must be in the pending state.

Data written to a snapshot must be aligned with 512-KiB sectors.

You should always retry requests that receive server (5xx) error responses, and ThrottlingException and RequestThrottledException client error responses. For more information see Error retries in the Amazon Elastic Compute Cloud User Guide.

", - "authtype":"v4-unsigned-body" + "authtype":"v4-unsigned-body", + "unsignedPayload":true }, "StartSnapshot":{ "name":"StartSnapshot", diff -pruN 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/paginators-1.json 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -883,6 +883,108 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "CapacityBlockExtensionOfferings" + }, + "DescribeRouteServerEndpoints": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "RouteServerEndpoints" + }, + "DescribeRouteServerPeers": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "RouteServerPeers" + }, + "DescribeRouteServers": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "RouteServers" + }, + "DescribeMacModificationTasks": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "MacModificationTasks" + }, + "DescribeCapacityBlockStatus": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "CapacityBlockStatuses" + }, + "DescribeCapacityBlocks": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "CapacityBlocks" + }, + "DescribeImageReferences": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ImageReferences" + }, + "DescribeImageUsageReportEntries": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ImageUsageReportEntries" + }, + "DescribeImageUsageReports": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ImageUsageReports" + }, + "DescribeCapacityManagerDataExports": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "CapacityManagerDataExports" + }, + "GetCapacityManagerMetricData": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "MetricDataResults" + }, + "GetCapacityManagerMetricDimensions": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "MetricDimensionResults" + }, + "DescribeIpamPrefixListResolverTargets": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "IpamPrefixListResolverTargets" + }, + "DescribeIpamPrefixListResolvers": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "IpamPrefixListResolvers" + }, + "GetIpamPrefixListResolverRules": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "Rules" + }, + "GetIpamPrefixListResolverVersionEntries": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "Entries" + }, + "GetIpamPrefixListResolverVersions": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "IpamPrefixListResolverVersions" } } } diff -pruN 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/service-2.json 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/service-2.json --- 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -102,7 +102,7 @@ }, "input":{"shape":"AdvertiseByoipCidrRequest"}, "output":{"shape":"AdvertiseByoipCidrResult"}, - "documentation":"

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.

" + "documentation":"

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

" }, "AllocateAddress":{ "name":"AllocateAddress", @@ -112,7 +112,7 @@ }, "input":{"shape":"AllocateAddressRequest"}, "output":{"shape":"AllocateAddressResult"}, - "documentation":"

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon EC2 User Guide.

If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. To attempt to recover an Elastic IP address that you released, specify it in this operation.

For more information, see Elastic IP Addresses in the Amazon EC2 User Guide.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

" + "documentation":"

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from one of the following address pools:

  • Amazon's pool of IPv4 addresses

  • Public IPv4 address range that you own and bring to your Amazon Web Services account using Bring Your Own IP Addresses (BYOIP)

  • An IPv4 IPAM pool with an Amazon-provided or BYOIP public IPv4 address range

  • IPv4 addresses from your on-premises network made available for use with an Outpost using a customer-owned IP address pool (CoIP pool)

For more information, see Elastic IP Addresses in the Amazon EC2 User Guide.

If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. To attempt to recover an Elastic IP address that you released, specify it in this operation.

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

" }, "AllocateHosts":{ "name":"AllocateHosts", @@ -152,7 +152,7 @@ }, "input":{"shape":"AssignIpv6AddressesRequest"}, "output":{"shape":"AssignIpv6AddressesResult"}, - "documentation":"

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.

" + "documentation":"

Assigns the specified IPv6 addresses to the specified network interface. You can specify specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies by instance type.

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.

" }, "AssignPrivateIpAddresses":{ "name":"AssignPrivateIpAddresses", @@ -162,7 +162,7 @@ }, "input":{"shape":"AssignPrivateIpAddressesRequest"}, "output":{"shape":"AssignPrivateIpAddressesResult"}, - "documentation":"

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon EC2 User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.

" + "documentation":"

Assigns the specified secondary private IP addresses to the specified network interface.

You can specify specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned from the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon EC2 User Guide.

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to network interfaces in the Amazon EC2 User Guide.

" }, "AssignPrivateNatGatewayAddress":{ "name":"AssignPrivateNatGatewayAddress", @@ -273,6 +273,16 @@ "output":{"shape":"AssociateNatGatewayAddressResult"}, "documentation":"

Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.

By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon VPC User Guide.

When you associate an EIP or secondary EIPs with a public NAT gateway, the network border group of the EIPs must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. If it's not the same, the EIP will fail to associate. You can see the network border group for the subnet's AZ by viewing the details of the subnet. Similarly, you can view the network border group of an EIP by viewing the details of the EIP address. For more information about network border groups and EIPs, see Allocate an Elastic IP address in the Amazon VPC User Guide.

" }, + "AssociateRouteServer":{ + "name":"AssociateRouteServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateRouteServerRequest"}, + "output":{"shape":"AssociateRouteServerResult"}, + "documentation":"

Associates a route server with a VPC to enable dynamic route updates.

A route server association is the connection established between a route server and a VPC.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "AssociateRouteTable":{ "name":"AssociateRouteTable", "http":{ @@ -291,7 +301,7 @@ }, "input":{"shape":"AssociateSecurityGroupVpcRequest"}, "output":{"shape":"AssociateSecurityGroupVpcResult"}, - "documentation":"

Associates a security group with another VPC in the same Region. This enables you to use the same security group with network interfaces and instances in the specified VPC.

  • The VPC you want to associate the security group with must be in the same Region.

  • You can associate the security group with another VPC if your account owns the VPC or if the VPC was shared with you.

  • You must own the security group and the VPC that it was created in.

  • You cannot use this feature with default security groups.

  • You cannot use this feature with the default VPC.

" + "documentation":"

Associates a security group with another VPC in the same Region. This enables you to use the same security group with network interfaces and instances in the specified VPC.

  • The VPC you want to associate the security group with must be in the same Region.

  • You can associate the security group with another VPC if your account owns the VPC or if the VPC was shared with you.

  • You must own the security group.

  • You cannot use this feature with default security groups.

  • You cannot use this feature with the default VPC.

" }, "AssociateSubnetCidrBlock":{ "name":"AssociateSubnetCidrBlock", @@ -400,7 +410,7 @@ }, "input":{"shape":"AttachVolumeRequest"}, "output":{"shape":"VolumeAttachment"}, - "documentation":"

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

  • The volume can be attached only to a stopped instance.

  • Amazon Web Services Marketplace product codes are copied from the volume to the instance.

  • You must be subscribed to the product.

  • The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon EBS User Guide.

" + "documentation":"

Attaches an Amazon EBS volume to a running or stopped instance, and exposes it to the instance with the specified device name.

The maximum number of Amazon EBS volumes that you can attach to an instance depends on the instance type. If you exceed the volume attachment limit for an instance type, the attachment request fails with the AttachmentLimitExceeded error. For more information, see Instance volume limits.

After you attach an EBS volume, you must make it available for use. For more information, see Make an EBS volume available for use.

If a volume has an Amazon Web Services Marketplace product code:

  • The volume can be attached only to a stopped instance.

  • Amazon Web Services Marketplace product codes are copied from the volume to the instance.

  • You must be subscribed to the product.

  • The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon EBS User Guide.

" }, "AttachVpnGateway":{ "name":"AttachVpnGateway", @@ -470,7 +480,7 @@ }, "input":{"shape":"CancelCapacityReservationRequest"}, "output":{"shape":"CancelCapacityReservationResult"}, - "documentation":"

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled.

You can cancel a Capacity Reservation that is in the following states:

  • assessing

  • active and there is no commitment duration or the commitment duration has elapsed. You can't cancel a future-dated Capacity Reservation during the commitment duration.

If a future-dated Capacity Reservation enters the delayed state, the commitment duration is waived, and you can cancel it as soon as it enters the active state.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

" + "documentation":"

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled.

You can cancel a Capacity Reservation that is in the following states:

  • assessing

  • active and there is no commitment duration or the commitment duration has elapsed. You can't cancel a future-dated Capacity Reservation during the commitment duration.

You can't modify or cancel a Capacity Block. For more information, see Capacity Blocks for ML.

If a future-dated Capacity Reservation enters the delayed state, the commitment duration is waived, and you can cancel it as soon as it enters the active state.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

" }, "CancelCapacityReservationFleets":{ "name":"CancelCapacityReservationFleets", @@ -518,7 +528,7 @@ }, "input":{"shape":"CancelImageLaunchPermissionRequest"}, "output":{"shape":"CancelImageLaunchPermissionResult"}, - "documentation":"

Removes your Amazon Web Services account from the launch permissions for the specified AMI. For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.

" + "documentation":"

Removes your Amazon Web Services account from the launch permissions for the specified AMI. For more information, see Cancel having an AMI shared with your Amazon Web Services account in the Amazon EC2 User Guide.

" }, "CancelImportTask":{ "name":"CancelImportTask", @@ -548,7 +558,7 @@ }, "input":{"shape":"CancelSpotFleetRequestsRequest"}, "output":{"shape":"CancelSpotFleetRequestsResponse"}, - "documentation":"

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new instances.

You must also specify whether a canceled Spot Fleet request should terminate its instances. If you choose to terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

Restrictions

  • You can delete up to 100 fleets in a single request. If you exceed the specified number, no fleets are deleted.

" + "documentation":"

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new instances.

You must also specify whether a canceled Spot Fleet request should terminate its instances. If you choose to terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

Terminating an instance is permanent and irreversible.

After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see How instance termination works.

Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage.

Restrictions

  • You can delete up to 100 fleets in a single request. If you exceed the specified number, no fleets are deleted.

" }, "CancelSpotInstanceRequests":{ "name":"CancelSpotInstanceRequests", @@ -588,7 +598,7 @@ }, "input":{"shape":"CopyImageRequest"}, "output":{"shape":"CopyImageResult"}, - "documentation":"

Initiates an AMI copy operation. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.

When you copy an AMI from one Region to another, the destination Region is the current Region.

When you copy an AMI from a Region to an Outpost, specify the ARN of the Outpost as the destination. Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region or the key that you specify. Outposts do not support unencrypted snapshots.

For information about the prerequisites when copying an AMI, see Copy an AMI in the Amazon EC2 User Guide.

" + "documentation":"

Initiates an AMI copy operation. You must specify the source AMI ID and both the source and destination locations. The copy operation must be initiated in the destination Region.

CopyImage supports the following source to destination copies:

  • Region to Region

  • Region to Outpost

  • Parent Region to Local Zone

  • Local Zone to parent Region

  • Between Local Zones with the same parent Region (only supported for certain Local Zones)

CopyImage does not support the following source to destination copies:

  • Local Zone to non-parent Regions

  • Between Local Zones with different parent Regions

  • Local Zone to Outpost

  • Outpost to Local Zone

  • Outpost to Region

  • Between Outposts

  • Within same Outpost

  • Cross-partition copies (use CreateStoreImageTask instead)

Destination specification

  • Region to Region: The destination Region is the Region in which you initiate the copy operation.

  • Region to Outpost: Specify the destination using the DestinationOutpostArn parameter (the ARN of the Outpost)

  • Region to Local Zone, and Local Zone to Local Zone copies: Specify the destination using the DestinationAvailabilityZone parameter (the name of the destination Local Zone) or DestinationAvailabilityZoneId parameter (the ID of the destination Local Zone).

Snapshot encryption

  • Region to Outpost: Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region or the key that you specify. Outposts do not support unencrypted snapshots.

  • Region to Local Zone, and Local Zone to Local Zone: Not all Local Zones require encrypted snapshots. In Local Zones that require encrypted snapshots, backing snapshots are automatically encrypted during copy. In Local Zones where encryption is not required, snapshots retain their original encryption state (encrypted or unencrypted) by default.

For more information, including the required permissions for copying an AMI, see Copy an Amazon EC2 AMI in the Amazon EC2 User Guide.

" }, "CopySnapshot":{ "name":"CopySnapshot", @@ -598,7 +608,27 @@ }, "input":{"shape":"CopySnapshotRequest"}, "output":{"shape":"CopySnapshotResult"}, - "documentation":"

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId. Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon EBS User Guide.

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon EBS User Guide.

" + "documentation":"

Creates an exact copy of an Amazon EBS snapshot.

The location of the source snapshot determines whether you can copy it or not, and the allowed destinations for the snapshot copy.

  • If the source snapshot is in a Region, you can copy it within that Region, to another Region, to an Outpost associated with that Region, or to a Local Zone in that Region.

  • If the source snapshot is in a Local Zone, you can copy it within that Local Zone, to another Local Zone in the same zone group, or to the parent Region of the Local Zone.

  • If the source snapshot is on an Outpost, you can't copy it.

When copying snapshots to a Region, the encryption outcome for the snapshot copy depends on the Amazon EBS encryption by default setting for the destination Region, the encryption status of the source snapshot, and the encryption parameters you specify in the request. For more information, see Encryption and snapshot copying.

Snapshots copied to an Outpost must be encrypted. Unencrypted snapshots are not supported on Outposts. For more information, Amazon EBS local snapshots on Outposts.

Snapshots copies have an arbitrary source volume ID. Do not use this volume ID for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon EBS User Guide.

" + }, + "CopyVolumes":{ + "name":"CopyVolumes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CopyVolumesRequest"}, + "output":{"shape":"CopyVolumesResult"}, + "documentation":"

Creates a crash-consistent, point-in-time copy of an existing Amazon EBS volume within the same Availability Zone. The volume copy can be attached to an Amazon EC2 instance once it reaches the available state. For more information, see Copy an Amazon EBS volume.

" + }, + "CreateCapacityManagerDataExport":{ + "name":"CreateCapacityManagerDataExport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateCapacityManagerDataExportRequest"}, + "output":{"shape":"CreateCapacityManagerDataExportResult"}, + "documentation":"

Creates a new data export configuration for EC2 Capacity Manager. This allows you to automatically export capacity usage data to an S3 bucket on a scheduled basis. The exported data includes metrics for On-Demand, Spot, and Capacity Reservations usage across your organization.

" }, "CreateCapacityReservation":{ "name":"CreateCapacityReservation", @@ -710,6 +740,16 @@ "output":{"shape":"CreateDefaultVpcResult"}, "documentation":"

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

" }, + "CreateDelegateMacVolumeOwnershipTask":{ + "name":"CreateDelegateMacVolumeOwnershipTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateDelegateMacVolumeOwnershipTaskRequest"}, + "output":{"shape":"CreateDelegateMacVolumeOwnershipTaskResult"}, + "documentation":"

Delegates ownership of the Amazon EBS root volume for an Apple silicon Mac instance to an administrative user.

" + }, "CreateDhcpOptions":{ "name":"CreateDhcpOptions", "http":{ @@ -758,7 +798,7 @@ }, "input":{"shape":"CreateFpgaImageRequest"}, "output":{"shape":"CreateFpgaImageResult"}, - "documentation":"

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

" + "documentation":"

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI was successfully created and is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the Amazon Web Services FPGA Hardware Development Kit.

" }, "CreateImage":{ "name":"CreateImage", @@ -768,7 +808,17 @@ }, "input":{"shape":"CreateImageRequest"}, "output":{"shape":"CreateImageResult"}, - "documentation":"

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Create an Amazon EBS-backed Linux AMI in the Amazon Elastic Compute Cloud User Guide.

" + "documentation":"

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

The location of the source instance determines where you can create the snapshots of the AMI:

  • If the source instance is in a Region, you must create the snapshots in the same Region as the instance.

  • If the source instance is in a Local Zone, you can create the snapshots in the same Local Zone or in its parent Region.

For more information, see Create an Amazon EBS-backed AMI in the Amazon Elastic Compute Cloud User Guide.

" + }, + "CreateImageUsageReport":{ + "name":"CreateImageUsageReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateImageUsageReportRequest"}, + "output":{"shape":"CreateImageUsageReportResult"}, + "documentation":"

Creates a report that shows how your image is used across other Amazon Web Services accounts. The report provides visibility into which accounts are using the specified image, and how many resources (EC2 instances or launch templates) are referencing it.

For more information, see View your AMI usage in the Amazon EC2 User Guide.

" }, "CreateInstanceConnectEndpoint":{ "name":"CreateInstanceConnectEndpoint", @@ -778,7 +828,7 @@ }, "input":{"shape":"CreateInstanceConnectEndpointRequest"}, "output":{"shape":"CreateInstanceConnectEndpointResult"}, - "documentation":"

Creates an EC2 Instance Connect Endpoint.

An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

" + "documentation":"

Creates an EC2 Instance Connect Endpoint.

An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 or public IPv6 address. For more information, see Connect to your instances using EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

" }, "CreateInstanceEventWindow":{ "name":"CreateInstanceEventWindow", @@ -828,7 +878,7 @@ }, "input":{"shape":"CreateIpamExternalResourceVerificationTokenRequest"}, "output":{"shape":"CreateIpamExternalResourceVerificationTokenResult"}, - "documentation":"

Create a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).

" + "documentation":"

Create a verification token.

A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).

" }, "CreateIpamPool":{ "name":"CreateIpamPool", @@ -840,6 +890,26 @@ "output":{"shape":"CreateIpamPoolResult"}, "documentation":"

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

" }, + "CreateIpamPrefixListResolver":{ + "name":"CreateIpamPrefixListResolver", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateIpamPrefixListResolverRequest"}, + "output":{"shape":"CreateIpamPrefixListResolverResult"}, + "documentation":"

Creates an IPAM prefix list resolver.

An IPAM prefix list resolver is a component that manages the synchronization between IPAM's CIDR selection rules and customer-managed prefix lists. It automates connectivity configurations by selecting CIDRs from IPAM's database based on your business logic and synchronizing them with prefix lists used in resources such as VPC route tables and security groups.

For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.

" + }, + "CreateIpamPrefixListResolverTarget":{ + "name":"CreateIpamPrefixListResolverTarget", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateIpamPrefixListResolverTargetRequest"}, + "output":{"shape":"CreateIpamPrefixListResolverTargetResult"}, + "documentation":"

Creates an IPAM prefix list resolver target.

An IPAM prefix list resolver target is an association between a specific customer-managed prefix list and an IPAM prefix list resolver. The target enables the resolver to synchronize CIDRs selected by its rules into the specified prefix list, which can then be referenced in Amazon Web Services resources.

For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.

" + }, "CreateIpamResourceDiscovery":{ "name":"CreateIpamResourceDiscovery", "http":{ @@ -878,7 +948,7 @@ }, "input":{"shape":"CreateLaunchTemplateRequest"}, "output":{"shape":"CreateLaunchTemplateResult"}, - "documentation":"

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launch an instance from a launch template in the Amazon EC2 User Guide.

To clone an existing launch template as the basis for a new launch template, use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon EC2 User Guide.

" + "documentation":"

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Store instance launch parameters in Amazon EC2 launch templates in the Amazon EC2 User Guide.

To clone an existing launch template as the basis for a new launch template, use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon EC2 User Guide.

" }, "CreateLaunchTemplateVersion":{ "name":"CreateLaunchTemplateVersion", @@ -888,7 +958,7 @@ }, "input":{"shape":"CreateLaunchTemplateVersionRequest"}, "output":{"shape":"CreateLaunchTemplateVersionResult"}, - "documentation":"

Creates a new version of a launch template. You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed.

Launch template versions are numbered in the order in which they are created. You can't specify, change, or replace the numbering of launch template versions.

Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes the changes that you require.

For more information, see Modify a launch template (manage launch template versions) in the Amazon EC2 User Guide.

" + "documentation":"

Creates a new version of a launch template. You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed.

Launch template versions are numbered in the order in which they are created. You can't specify, change, or replace the numbering of launch template versions.

Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes the changes that you require.

For more information, see Modify a launch template (manage launch template versions) in the Amazon EC2 User Guide.

" }, "CreateLocalGatewayRoute":{ "name":"CreateLocalGatewayRoute", @@ -930,6 +1000,36 @@ "output":{"shape":"CreateLocalGatewayRouteTableVpcAssociationResult"}, "documentation":"

Associates the specified VPC with the specified local gateway route table.

" }, + "CreateLocalGatewayVirtualInterface":{ + "name":"CreateLocalGatewayVirtualInterface", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateLocalGatewayVirtualInterfaceRequest"}, + "output":{"shape":"CreateLocalGatewayVirtualInterfaceResult"}, + "documentation":"

Create a virtual interface for a local gateway.

" + }, + "CreateLocalGatewayVirtualInterfaceGroup":{ + "name":"CreateLocalGatewayVirtualInterfaceGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateLocalGatewayVirtualInterfaceGroupRequest"}, + "output":{"shape":"CreateLocalGatewayVirtualInterfaceGroupResult"}, + "documentation":"

Create a local gateway virtual interface group.

" + }, + "CreateMacSystemIntegrityProtectionModificationTask":{ + "name":"CreateMacSystemIntegrityProtectionModificationTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateMacSystemIntegrityProtectionModificationTaskRequest"}, + "output":{"shape":"CreateMacSystemIntegrityProtectionModificationTaskResult"}, + "documentation":"

Creates a System Integrity Protection (SIP) modification task to configure the SIP settings for an x86 Mac instance or Apple silicon Mac instance. For more information, see Configure SIP for Amazon EC2 instances in the Amazon EC2 User Guide.

When you configure the SIP settings for your instance, you can either enable or disable all SIP settings, or you can specify a custom SIP configuration that selectively enables or disables specific SIP settings.

If you implement a custom configuration, connect to the instance and verify the settings to ensure that your requirements are properly implemented and functioning as intended.

SIP configurations might change with macOS updates. We recommend that you review custom SIP settings after any macOS version upgrade to ensure continued compatibility and proper functionality of your security configurations.

To enable or disable all SIP settings, use the MacSystemIntegrityProtectionStatus parameter only. For example, to enable all SIP settings, specify the following:

  • MacSystemIntegrityProtectionStatus=enabled

To specify a custom configuration that selectively enables or disables specific SIP settings, use the MacSystemIntegrityProtectionStatus parameter to enable or disable all SIP settings, and then use the MacSystemIntegrityProtectionConfiguration parameter to specify exceptions. In this case, the exceptions you specify for MacSystemIntegrityProtectionConfiguration override the value you specify for MacSystemIntegrityProtectionStatus. For example, to enable all SIP settings, except NvramProtections, specify the following:

  • MacSystemIntegrityProtectionStatus=enabled

  • MacSystemIntegrityProtectionConfigurationRequest \"NvramProtections=disabled\"

" + }, "CreateManagedPrefixList":{ "name":"CreateManagedPrefixList", "http":{ @@ -938,7 +1038,7 @@ }, "input":{"shape":"CreateManagedPrefixListRequest"}, "output":{"shape":"CreateManagedPrefixListResult"}, - "documentation":"

Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description.

" + "documentation":"

Creates a managed prefix list. You can specify entries for the prefix list. Each entry consists of a CIDR block and an optional description.

" }, "CreateNatGateway":{ "name":"CreateNatGateway", @@ -1057,7 +1157,7 @@ }, "input":{"shape":"CreateRestoreImageTaskRequest"}, "output":{"shape":"CreateRestoreImageTaskResult"}, - "documentation":"

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

" + "documentation":"

Starts a task that restores an AMI from an Amazon S3 object that was previously created by using CreateStoreImageTask.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using S3 in the Amazon EC2 User Guide.

" }, "CreateRoute":{ "name":"CreateRoute", @@ -1069,6 +1169,36 @@ "output":{"shape":"CreateRouteResult"}, "documentation":"

Creates a route in a route table within a VPC.

You must specify either a destination CIDR block or a prefix list ID. You must also specify exactly one of the resources from the parameter list.

When determining how to route traffic, we use the route with the most specific match. For example, traffic is destined for the IPv4 address 192.0.2.3, and the route table includes the following two IPv4 routes:

  • 192.0.2.0/24 (goes to some target A)

  • 192.0.2.0/28 (goes to some target B)

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route tables in the Amazon VPC User Guide.

" }, + "CreateRouteServer":{ + "name":"CreateRouteServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateRouteServerRequest"}, + "output":{"shape":"CreateRouteServerResult"}, + "documentation":"

Creates a new route server to manage dynamic routing in a VPC.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "CreateRouteServerEndpoint":{ + "name":"CreateRouteServerEndpoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateRouteServerEndpointRequest"}, + "output":{"shape":"CreateRouteServerEndpointResult"}, + "documentation":"

Creates a new endpoint for a route server in a specified subnet.

A route server endpoint is an Amazon Web Services-managed component inside a subnet that facilitates BGP (Border Gateway Protocol) connections between your route server and your BGP peers.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "CreateRouteServerPeer":{ + "name":"CreateRouteServerPeer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateRouteServerPeerRequest"}, + "output":{"shape":"CreateRouteServerPeerResult"}, + "documentation":"

Creates a new BGP peer for a specified route server endpoint.

A route server peer is a session between a route server endpoint and the device deployed in Amazon Web Services (such as a firewall appliance or other network security function running on an EC2 instance). The device must meet these requirements:

  • Have an elastic network interface in the VPC

  • Support BGP (Border Gateway Protocol)

  • Can initiate BGP sessions

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "CreateRouteTable":{ "name":"CreateRouteTable", "http":{ @@ -1097,7 +1227,7 @@ }, "input":{"shape":"CreateSnapshotRequest"}, "output":{"shape":"Snapshot"}, - "documentation":"

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

The location of the source EBS volume determines where you can create the snapshot.

  • If the source volume is in a Region, you must create the snapshot in the same Region as the volume.

  • If the source volume is in a Local Zone, you can create the snapshot in the same Local Zone or in parent Amazon Web Services Region.

  • If the source volume is on an Outpost, you can create the snapshot on the same Outpost or in its parent Amazon Web Services Region.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

When you create a snapshot for an EBS volume that serves as a root device, we recommend that you stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected. For more information, Amazon EBS encryption in the Amazon EBS User Guide.

" + "documentation":"

Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance.

The location of the source EBS volume determines where you can create the snapshot.

  • If the source volume is in a Region, you must create the snapshot in the same Region as the volume.

  • If the source volume is in a Local Zone, you can create the snapshot in the same Local Zone or in its parent Amazon Web Services Region.

  • If the source volume is on an Outpost, you can create the snapshot on the same Outpost or in its parent Amazon Web Services Region.

When a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the source volume are propagated to the snapshot.

You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued; this might exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if you cannot pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You may remount and use your volume while the snapshot status is pending.

When you create a snapshot for an EBS volume that serves as a root device, we recommend that you stop the instance before taking the snapshot.

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated snapshots always remain protected. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

" }, "CreateSnapshots":{ "name":"CreateSnapshots", @@ -1107,7 +1237,7 @@ }, "input":{"shape":"CreateSnapshotsRequest"}, "output":{"shape":"CreateSnapshotsResult"}, - "documentation":"

Creates crash-consistent snapshots of multiple EBS volumes attached to an Amazon EC2 instance. Volumes are chosen by specifying an instance. Each volume attached to the specified instance will produce one snapshot that is crash-consistent across the instance. You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.

The location of the source instance determines where you can create the snapshots.

  • If the source instance is in a Region, you must create the snapshots in the same Region as the instance.

  • If the source instance is in a Local Zone, you can create the snapshots in the same Local Zone or in parent Amazon Web Services Region.

  • If the source instance is on an Outpost, you can create the snapshots on the same Outpost or in its parent Amazon Web Services Region.

" + "documentation":"

Creates crash-consistent snapshots of multiple EBS volumes attached to an Amazon EC2 instance. Volumes are chosen by specifying an instance. Each volume attached to the specified instance will produce one snapshot that is crash-consistent across the instance. You can include all of the volumes currently attached to the instance, or you can exclude the root volume or specific data (non-root) volumes from the multi-volume snapshot set.

The location of the source instance determines where you can create the snapshots.

  • If the source instance is in a Region, you must create the snapshots in the same Region as the instance.

  • If the source instance is in a Local Zone, you can create the snapshots in the same Local Zone or in its parent Amazon Web Services Region.

  • If the source instance is on an Outpost, you can create the snapshots on the same Outpost or in its parent Amazon Web Services Region.

" }, "CreateSpotDatafeedSubscription":{ "name":"CreateSpotDatafeedSubscription", @@ -1127,7 +1257,7 @@ }, "input":{"shape":"CreateStoreImageTaskRequest"}, "output":{"shape":"CreateStoreImageTaskResult"}, - "documentation":"

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

" + "documentation":"

Stores an AMI as a single object in an Amazon S3 bucket.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using S3 in the Amazon EC2 User Guide.

" }, "CreateSubnet":{ "name":"CreateSubnet", @@ -1366,7 +1496,7 @@ }, "input":{"shape":"CreateVpcRequest"}, "output":{"shape":"CreateVpcResult"}, - "documentation":"

Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.

You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).

By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.

You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon EC2 User Guide.

" + "documentation":"

Creates a VPC with the specified CIDR blocks.

A VPC must have an associated IPv4 CIDR block. You can choose an IPv4 CIDR block or an IPAM-allocated IPv4 CIDR block. You can optionally associate an IPv6 CIDR block with a VPC. You can choose an IPv6 CIDR block, an Amazon-provided IPv6 CIDR block, an IPAM-allocated IPv6 CIDR block, or an IPv6 CIDR block that you brought to Amazon Web Services. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.

By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.

You can specify DNS options and tenancy for a VPC when you create it. You can't change the tenancy of a VPC after you create it. For more information, see VPC configuration options in the Amazon VPC User Guide.

" }, "CreateVpcBlockPublicAccessExclusion":{ "name":"CreateVpcBlockPublicAccessExclusion", @@ -1447,6 +1577,16 @@ "output":{"shape":"CreateVpnGatewayResult"}, "documentation":"

Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.

" }, + "DeleteCapacityManagerDataExport":{ + "name":"DeleteCapacityManagerDataExport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCapacityManagerDataExportRequest"}, + "output":{"shape":"DeleteCapacityManagerDataExportResult"}, + "documentation":"

Deletes an existing Capacity Manager data export configuration. This stops future scheduled exports but does not delete previously exported files from S3.

" + }, "DeleteCarrierGateway":{ "name":"DeleteCarrierGateway", "http":{ @@ -1533,7 +1673,7 @@ }, "input":{"shape":"DeleteFleetsRequest"}, "output":{"shape":"DeleteFleetsResult"}, - "documentation":"

Deletes the specified EC2 Fleets.

After you delete an EC2 Fleet, it launches no new instances.

You must also specify whether a deleted EC2 Fleet should terminate its instances. If you choose to terminate the instances, the EC2 Fleet enters the deleted_terminating state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

For instant fleets, EC2 Fleet must terminate the instances when the fleet is deleted. Up to 1000 instances can be terminated in a single request to delete instant fleets. A deleted instant fleet with running instances is not supported.

Restrictions

  • You can delete up to 25 fleets of type instant in a single request.

  • You can delete up to 100 fleets of type maintain or request in a single request.

  • You can delete up to 125 fleets in a single request, provided you do not exceed the quota for each fleet type, as specified above.

  • If you exceed the specified number of fleets to delete, no fleets are deleted.

For more information, see Delete an EC2 Fleet in the Amazon EC2 User Guide.

" + "documentation":"

Deletes the specified EC2 Fleet request.

After you delete an EC2 Fleet request, it launches no new instances.

You must also specify whether a deleted EC2 Fleet request should terminate its instances. If you choose to terminate the instances, the EC2 Fleet request enters the deleted_terminating state. Otherwise, it enters the deleted_running state, and the instances continue to run until they are interrupted or you terminate them manually.

A deleted instant fleet with running instances is not supported. When you delete an instant fleet, Amazon EC2 automatically terminates all its instances. For fleets with more than 1000 instances, the deletion request might fail. If your fleet has more than 1000 instances, first terminate most of the instances manually, leaving 1000 or fewer. Then delete the fleet, and the remaining instances will be terminated automatically.

Terminating an instance is permanent and irreversible.

After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see How instance termination works.

Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage.

Restrictions

  • You can delete up to 25 fleets of type instant in a single request.

  • You can delete up to 100 fleets of type maintain or request in a single request.

  • You can delete up to 125 fleets in a single request, provided you do not exceed the quota for each fleet type, as specified above.

  • If you exceed the specified number of fleets to delete, no fleets are deleted.

For more information, see Delete an EC2 Fleet request and the instances in the fleet in the Amazon EC2 User Guide.

" }, "DeleteFlowLogs":{ "name":"DeleteFlowLogs", @@ -1555,6 +1695,16 @@ "output":{"shape":"DeleteFpgaImageResult"}, "documentation":"

Deletes the specified Amazon FPGA Image (AFI).

" }, + "DeleteImageUsageReport":{ + "name":"DeleteImageUsageReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteImageUsageReportRequest"}, + "output":{"shape":"DeleteImageUsageReportResult"}, + "documentation":"

Deletes the specified image usage report.

For more information, see View your AMI usage in the Amazon EC2 User Guide.

" + }, "DeleteInstanceConnectEndpoint":{ "name":"DeleteInstanceConnectEndpoint", "http":{ @@ -1602,7 +1752,7 @@ }, "input":{"shape":"DeleteIpamExternalResourceVerificationTokenRequest"}, "output":{"shape":"DeleteIpamExternalResourceVerificationTokenResult"}, - "documentation":"

Delete a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).

" + "documentation":"

Delete a verification token.

A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).

" }, "DeleteIpamPool":{ "name":"DeleteIpamPool", @@ -1614,6 +1764,26 @@ "output":{"shape":"DeleteIpamPoolResult"}, "documentation":"

Delete an IPAM pool.

You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see ReleaseIpamPoolAllocation. To deprovision pool CIDRs, see DeprovisionIpamPoolCidr.

For more information, see Delete a pool in the Amazon VPC IPAM User Guide.

" }, + "DeleteIpamPrefixListResolver":{ + "name":"DeleteIpamPrefixListResolver", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIpamPrefixListResolverRequest"}, + "output":{"shape":"DeleteIpamPrefixListResolverResult"}, + "documentation":"

Deletes an IPAM prefix list resolver. Before deleting a resolver, you must first delete all resolver targets associated with it.

" + }, + "DeleteIpamPrefixListResolverTarget":{ + "name":"DeleteIpamPrefixListResolverTarget", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIpamPrefixListResolverTargetRequest"}, + "output":{"shape":"DeleteIpamPrefixListResolverTargetResult"}, + "documentation":"

Deletes an IPAM prefix list resolver target. This removes the association between the resolver and the managed prefix list, stopping automatic CIDR synchronization.

For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.

" + }, "DeleteIpamResourceDiscovery":{ "name":"DeleteIpamResourceDiscovery", "http":{ @@ -1662,7 +1832,7 @@ }, "input":{"shape":"DeleteLaunchTemplateVersionsRequest"}, "output":{"shape":"DeleteLaunchTemplateVersionsResult"}, - "documentation":"

Deletes one or more versions of a launch template.

You can't delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.

You can delete up to 200 launch template versions in a single request. To delete more than 200 versions in a single request, use DeleteLaunchTemplate, which deletes the launch template and all of its versions.

For more information, see Delete a launch template version in the Amazon EC2 User Guide.

" + "documentation":"

Deletes one or more versions of a launch template.

You can't delete the default version of a launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must delete the entire launch template using DeleteLaunchTemplate.

You can delete up to 200 launch template versions in a single request. To delete more than 200 versions in a single request, use DeleteLaunchTemplate, which deletes the launch template and all of its versions.

For more information, see Delete a launch template version in the Amazon EC2 User Guide.

" }, "DeleteLocalGatewayRoute":{ "name":"DeleteLocalGatewayRoute", @@ -1704,6 +1874,26 @@ "output":{"shape":"DeleteLocalGatewayRouteTableVpcAssociationResult"}, "documentation":"

Deletes the specified association between a VPC and local gateway route table.

" }, + "DeleteLocalGatewayVirtualInterface":{ + "name":"DeleteLocalGatewayVirtualInterface", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteLocalGatewayVirtualInterfaceRequest"}, + "output":{"shape":"DeleteLocalGatewayVirtualInterfaceResult"}, + "documentation":"

Deletes the specified local gateway virtual interface.

" + }, + "DeleteLocalGatewayVirtualInterfaceGroup":{ + "name":"DeleteLocalGatewayVirtualInterfaceGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteLocalGatewayVirtualInterfaceGroupRequest"}, + "output":{"shape":"DeleteLocalGatewayVirtualInterfaceGroupResult"}, + "documentation":"

Delete the specified local gateway interface group.

" + }, "DeleteManagedPrefixList":{ "name":"DeleteManagedPrefixList", "http":{ @@ -1839,6 +2029,36 @@ "input":{"shape":"DeleteRouteRequest"}, "documentation":"

Deletes the specified route from the specified route table.

" }, + "DeleteRouteServer":{ + "name":"DeleteRouteServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteRouteServerRequest"}, + "output":{"shape":"DeleteRouteServerResult"}, + "documentation":"

Deletes the specified route server.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "DeleteRouteServerEndpoint":{ + "name":"DeleteRouteServerEndpoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteRouteServerEndpointRequest"}, + "output":{"shape":"DeleteRouteServerEndpointResult"}, + "documentation":"

Deletes the specified route server endpoint.

A route server endpoint is an Amazon Web Services-managed component inside a subnet that facilitates BGP (Border Gateway Protocol) connections between your route server and your BGP peers.

" + }, + "DeleteRouteServerPeer":{ + "name":"DeleteRouteServerPeer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteRouteServerPeerRequest"}, + "output":{"shape":"DeleteRouteServerPeerResult"}, + "documentation":"

Deletes the specified BGP peer from a route server.

A route server peer is a session between a route server endpoint and the device deployed in Amazon Web Services (such as a firewall appliance or other network security function running on an EC2 instance). The device must meet these requirements:

  • Have an elastic network interface in the VPC

  • Support BGP (Border Gateway Protocol)

  • Can initiate BGP sessions

" + }, "DeleteRouteTable":{ "name":"DeleteRouteTable", "http":{ @@ -1865,7 +2085,7 @@ "requestUri":"/" }, "input":{"shape":"DeleteSnapshotRequest"}, - "documentation":"

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first de-register the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon EBS User Guide.

" + "documentation":"

Deletes the specified snapshot.

When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the volume.

You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.

For more information, see Delete an Amazon EBS snapshot in the Amazon EBS User Guide.

" }, "DeleteSpotDatafeedSubscription":{ "name":"DeleteSpotDatafeedSubscription", @@ -2197,7 +2417,7 @@ }, "input":{"shape":"DeprovisionByoipCidrRequest"}, "output":{"shape":"DeprovisionByoipCidrResult"}, - "documentation":"

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.

" + "documentation":"

Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.

Before you can release an address range, you must stop advertising it and you must not have any IP addresses allocated from its address range.

" }, "DeprovisionIpamByoasn":{ "name":"DeprovisionIpamByoasn", @@ -2236,7 +2456,8 @@ "requestUri":"/" }, "input":{"shape":"DeregisterImageRequest"}, - "documentation":"

Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances.

If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see Recycle Bin in the Amazon EC2 User Guide.

When you deregister an AMI, it doesn't affect any instances that you've already launched from the AMI. You'll continue to incur usage costs for those instances until you terminate them.

When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn't affect the files that you uploaded to Amazon S3 when you created the AMI.

" + "output":{"shape":"DeregisterImageResult"}, + "documentation":"

Deregisters the specified AMI. A deregistered AMI can't be used to launch new instances.

If a deregistered EBS-backed AMI matches a Recycle Bin retention rule, it moves to the Recycle Bin for the specified retention period. It can be restored before its retention period expires, after which it is permanently deleted. If the deregistered AMI doesn't match a retention rule, it is permanently deleted immediately. For more information, see Recover deleted Amazon EBS snapshots and EBS-backed AMIs with Recycle Bin in the Amazon EBS User Guide.

When deregistering an EBS-backed AMI, you can optionally delete its associated snapshots at the same time. However, if a snapshot is associated with multiple AMIs, it won't be deleted even if specified for deletion, although the AMI will still be deregistered.

Deregistering an AMI does not delete the following:

  • Instances already launched from the AMI. You'll continue to incur usage costs for the instances until you terminate them.

  • For EBS-backed AMIs: Snapshots that are associated with multiple AMIs. You'll continue to incur snapshot storage costs.

  • For instance store-backed AMIs: The files uploaded to Amazon S3 during AMI creation. You'll continue to incur S3 storage costs.

For more information, see Deregister an Amazon EC2 AMI in the Amazon EC2 User Guide.

" }, "DeregisterInstanceEventNotificationAttributes":{ "name":"DeregisterInstanceEventNotificationAttributes", @@ -2326,7 +2547,7 @@ }, "input":{"shape":"DescribeAvailabilityZonesRequest"}, "output":{"shape":"DescribeAvailabilityZonesResult"}, - "documentation":"

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon EC2 User Guide.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" + "documentation":"

Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you.

For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon EC2 User Guide.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, "DescribeAwsNetworkPerformanceMetricSubscriptions":{ "name":"DescribeAwsNetworkPerformanceMetricSubscriptions", @@ -2356,7 +2577,7 @@ }, "input":{"shape":"DescribeByoipCidrsRequest"}, "output":{"shape":"DescribeByoipCidrsResult"}, - "documentation":"

Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.

To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.

" + "documentation":"

Describes the IP address ranges that were provisioned for use with Amazon Web Services resources through through bring your own IP addresses (BYOIP).

" }, "DescribeCapacityBlockExtensionHistory":{ "name":"DescribeCapacityBlockExtensionHistory", @@ -2386,7 +2607,37 @@ }, "input":{"shape":"DescribeCapacityBlockOfferingsRequest"}, "output":{"shape":"DescribeCapacityBlockOfferingsResult"}, - "documentation":"

Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you purchase a specific instance type for a period of time.

" + "documentation":"

Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you can purchase a specific GPU instance type or EC2 UltraServer for a period of time.

To search for an available Capacity Block offering, you specify a reservation duration and instance count.

" + }, + "DescribeCapacityBlockStatus":{ + "name":"DescribeCapacityBlockStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCapacityBlockStatusRequest"}, + "output":{"shape":"DescribeCapacityBlockStatusResult"}, + "documentation":"

Describes the availability of capacity for the specified Capacity blocks, or all of your Capacity Blocks.

" + }, + "DescribeCapacityBlocks":{ + "name":"DescribeCapacityBlocks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCapacityBlocksRequest"}, + "output":{"shape":"DescribeCapacityBlocksResult"}, + "documentation":"

Describes details about Capacity Blocks in the Amazon Web Services Region that you're currently using.

" + }, + "DescribeCapacityManagerDataExports":{ + "name":"DescribeCapacityManagerDataExports", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCapacityManagerDataExportsRequest"}, + "output":{"shape":"DescribeCapacityManagerDataExportsResult"}, + "documentation":"

Describes one or more Capacity Manager data export configurations. Returns information about export settings, delivery status, and recent export activity.

" }, "DescribeCapacityReservationBillingRequests":{ "name":"DescribeCapacityReservationBillingRequests", @@ -2408,6 +2659,16 @@ "output":{"shape":"DescribeCapacityReservationFleetsResult"}, "documentation":"

Describes one or more Capacity Reservation Fleets.

" }, + "DescribeCapacityReservationTopology":{ + "name":"DescribeCapacityReservationTopology", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCapacityReservationTopologyRequest"}, + "output":{"shape":"DescribeCapacityReservationTopologyResult"}, + "documentation":"

Describes a tree-based hierarchy that represents the physical host placement of your pending or active Capacity Reservations within an Availability Zone or Local Zone. You can use this information to determine the relative proximity of your capacity within the Amazon Web Services network before it is launched and use this information to allocate capacity together to support your tightly coupled workloads.

Capacity Reservation topology is supported for specific instance types only. For more information, see Prerequisites for Amazon EC2 instance topology in the Amazon EC2 User Guide.

The Amazon EC2 API follows an eventual consistency model due to the distributed nature of the system supporting it. As a result, when you call the DescribeCapacityReservationTopology API command immediately after launching instances, the response might return a null value for capacityBlockId because the data might not have fully propagated across all subsystems. For more information, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.

For more information, see Amazon EC2 topology in the Amazon EC2 User Guide.

" + }, "DescribeCapacityReservations":{ "name":"DescribeCapacityReservations", "http":{ @@ -2728,6 +2989,36 @@ "output":{"shape":"ImageAttribute"}, "documentation":"

Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, + "DescribeImageReferences":{ + "name":"DescribeImageReferences", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImageReferencesRequest"}, + "output":{"shape":"DescribeImageReferencesResult"}, + "documentation":"

Describes your Amazon Web Services resources that are referencing the specified images.

For more information, see Identify your resources referencing specified AMIs in the Amazon EC2 User Guide.

" + }, + "DescribeImageUsageReportEntries":{ + "name":"DescribeImageUsageReportEntries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImageUsageReportEntriesRequest"}, + "output":{"shape":"DescribeImageUsageReportEntriesResult"}, + "documentation":"

Describes the entries in image usage reports, showing how your images are used across other Amazon Web Services accounts.

For more information, see View your AMI usage in the Amazon EC2 User Guide.

" + }, + "DescribeImageUsageReports":{ + "name":"DescribeImageUsageReports", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImageUsageReportsRequest"}, + "output":{"shape":"DescribeImageUsageReportsResult"}, + "documentation":"

Describes the configuration and status of image usage reports, filtered by report IDs or image IDs.

For more information, see View your AMI usage in the Amazon EC2 User Guide.

" + }, "DescribeImages":{ "name":"DescribeImages", "http":{ @@ -2736,7 +3027,7 @@ }, "input":{"shape":"DescribeImagesRequest"}, "output":{"shape":"DescribeImagesResult"}, - "documentation":"

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

When Allowed AMIs is set to enabled, only allowed images are returned in the results, with the imageAllowed field set to true for each image. In audit-mode, the imageAllowed field is set to true for images that meet the account's Allowed AMIs criteria, and false for images that don't meet the criteria. For more information, see EnableAllowedImagesSettings.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" + "documentation":"

Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.

The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.

Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.

When Allowed AMIs is set to enabled, only allowed images are returned in the results, with the imageAllowed field set to true for each image. In audit-mode, the imageAllowed field is set to true for images that meet the account's Allowed AMIs criteria, and false for images that don't meet the criteria. For more information, see Allowed AMIs.

The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, "DescribeImportImageTasks":{ "name":"DescribeImportImageTasks", @@ -2766,7 +3057,7 @@ }, "input":{"shape":"DescribeInstanceAttributeRequest"}, "output":{"shape":"InstanceAttribute"}, - "documentation":"

Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData | disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName | blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport

" + "documentation":"

Describes the specified attribute of the specified instance. You can specify only one attribute at a time.

" }, "DescribeInstanceConnectEndpoints":{ "name":"DescribeInstanceConnectEndpoints", @@ -2826,7 +3117,7 @@ }, "input":{"shape":"DescribeInstanceStatusRequest"}, "output":{"shape":"DescribeInstanceStatusResult"}, - "documentation":"

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

  • Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.

  • Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.

  • Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" + "documentation":"

Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.

Instance status includes the following components:

  • Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.

  • Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.

  • Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.

The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, "DescribeInstanceTopology":{ "name":"DescribeInstanceTopology", @@ -2836,7 +3127,7 @@ }, "input":{"shape":"DescribeInstanceTopologyRequest"}, "output":{"shape":"DescribeInstanceTopologyResult"}, - "documentation":"

Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone. You can use this information to determine the relative proximity of your EC2 instances within the Amazon Web Services network to support your tightly coupled workloads.

Limitations

  • Supported zones

    • Availability Zone

    • Local Zone

  • Supported instance types

    • hpc6a.48xlarge | hpc6id.32xlarge | hpc7a.12xlarge | hpc7a.24xlarge | hpc7a.48xlarge | hpc7a.96xlarge | hpc7g.4xlarge | hpc7g.8xlarge | hpc7g.16xlarge

    • p3dn.24xlarge | p4d.24xlarge | p4de.24xlarge | p5.48xlarge | p5e.48xlarge | p5en.48xlarge

    • trn1.2xlarge | trn1.32xlarge | trn1n.32xlarge

For more information, see Amazon EC2 instance topology in the Amazon EC2 User Guide.

" + "documentation":"

Describes a tree-based hierarchy that represents the physical host placement of your EC2 instances within an Availability Zone or Local Zone. You can use this information to determine the relative proximity of your EC2 instances within the Amazon Web Services network to support your tightly coupled workloads.

Instance topology is supported for specific instance types only. For more information, see Prerequisites for Amazon EC2 instance topology in the Amazon EC2 User Guide.

The Amazon EC2 API follows an eventual consistency model due to the distributed nature of the system supporting it. As a result, when you call the DescribeInstanceTopology API command immediately after launching instances, the response might return a null value for capacityBlockId because the data might not have fully propagated across all subsystems. For more information, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.

For more information, see Amazon EC2 topology in the Amazon EC2 User Guide.

" }, "DescribeInstanceTypeOfferings":{ "name":"DescribeInstanceTypeOfferings", @@ -2866,7 +3157,7 @@ }, "input":{"shape":"DescribeInstancesRequest"}, "output":{"shape":"DescribeInstancesResult"}, - "documentation":"

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" + "documentation":"

Describes the specified instances or all instances.

If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.

If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.

Recently terminated instances might appear in the returned results. This interval is usually less than one hour.

If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.

The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, "DescribeInternetGateways":{ "name":"DescribeInternetGateways", @@ -2908,6 +3199,26 @@ "output":{"shape":"DescribeIpamPoolsResult"}, "documentation":"

Get information about your IPAM pools.

" }, + "DescribeIpamPrefixListResolverTargets":{ + "name":"DescribeIpamPrefixListResolverTargets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeIpamPrefixListResolverTargetsRequest"}, + "output":{"shape":"DescribeIpamPrefixListResolverTargetsResult"}, + "documentation":"

Describes one or more IPAM prefix list resolver Targets. Use this operation to view the configuration and status of resolver targets.

" + }, + "DescribeIpamPrefixListResolvers":{ + "name":"DescribeIpamPrefixListResolvers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeIpamPrefixListResolversRequest"}, + "output":{"shape":"DescribeIpamPrefixListResolversResult"}, + "documentation":"

Describes one or more IPAM prefix list resolvers. Use this operation to view the configuration, status, and properties of your resolvers.

" + }, "DescribeIpamResourceDiscoveries":{ "name":"DescribeIpamResourceDiscoveries", "http":{ @@ -3068,6 +3379,16 @@ "output":{"shape":"DescribeMacHostsResult"}, "documentation":"

Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.

" }, + "DescribeMacModificationTasks":{ + "name":"DescribeMacModificationTasks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMacModificationTasksRequest"}, + "output":{"shape":"DescribeMacModificationTasksResult"}, + "documentation":"

Describes a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance. For more information, see Configure SIP for Amazon EC2 instances in the Amazon EC2 User Guide.

" + }, "DescribeManagedPrefixLists":{ "name":"DescribeManagedPrefixLists", "http":{ @@ -3076,7 +3397,7 @@ }, "input":{"shape":"DescribeManagedPrefixListsRequest"}, "output":{"shape":"DescribeManagedPrefixListsResult"}, - "documentation":"

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

To view the entries for your prefix list, use GetManagedPrefixListEntries.

" + "documentation":"

Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.

" }, "DescribeMovingAddresses":{ "name":"DescribeMovingAddresses", @@ -3176,7 +3497,17 @@ }, "input":{"shape":"DescribeNetworkInterfacesRequest"}, "output":{"shape":"DescribeNetworkInterfacesResult"}, - "documentation":"

Describes one or more of your network interfaces.

If you have a large number of network interfaces, the operation fails unless you use pagination or one of the following filters: group-id, mac-address, private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

" + "documentation":"

Describes the specified network interfaces or all your network interfaces.

If you have a large number of network interfaces, the operation fails unless you use pagination or one of the following filters: group-id, mac-address, private-dns-name, private-ip-address, subnet-id, or vpc-id.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

" + }, + "DescribeOutpostLags":{ + "name":"DescribeOutpostLags", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeOutpostLagsRequest"}, + "output":{"shape":"DescribeOutpostLagsResult"}, + "documentation":"

Describes the Outposts link aggregation groups (LAGs).

LAGs are only available for second-generation Outposts racks at this time.

" }, "DescribePlacementGroups":{ "name":"DescribePlacementGroups", @@ -3196,7 +3527,7 @@ }, "input":{"shape":"DescribePrefixListsRequest"}, "output":{"shape":"DescribePrefixListsResult"}, - "documentation":"

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

We recommend that you use DescribeManagedPrefixLists instead.

" + "documentation":"

Describes available Amazon Web Services services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.

" }, "DescribePrincipalIdFormat":{ "name":"DescribePrincipalIdFormat", @@ -3278,6 +3609,36 @@ "output":{"shape":"DescribeReservedInstancesOfferingsResult"}, "documentation":"

Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.

For more information, see Sell in the Reserved Instance Marketplace in the Amazon EC2 User Guide.

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, + "DescribeRouteServerEndpoints":{ + "name":"DescribeRouteServerEndpoints", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeRouteServerEndpointsRequest"}, + "output":{"shape":"DescribeRouteServerEndpointsResult"}, + "documentation":"

Describes one or more route server endpoints.

A route server endpoint is an Amazon Web Services-managed component inside a subnet that facilitates BGP (Border Gateway Protocol) connections between your route server and your BGP peers.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "DescribeRouteServerPeers":{ + "name":"DescribeRouteServerPeers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeRouteServerPeersRequest"}, + "output":{"shape":"DescribeRouteServerPeersResult"}, + "documentation":"

Describes one or more route server peers.

A route server peer is a session between a route server endpoint and the device deployed in Amazon Web Services (such as a firewall appliance or other network security function running on an EC2 instance). The device must meet these requirements:

  • Have an elastic network interface in the VPC

  • Support BGP (Border Gateway Protocol)

  • Can initiate BGP sessions

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "DescribeRouteServers":{ + "name":"DescribeRouteServers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeRouteServersRequest"}, + "output":{"shape":"DescribeRouteServersResult"}, + "documentation":"

Describes one or more route servers.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "DescribeRouteTables":{ "name":"DescribeRouteTables", "http":{ @@ -3348,6 +3709,16 @@ "output":{"shape":"DescribeSecurityGroupsResult"}, "documentation":"

Describes the specified security groups or all of your security groups.

" }, + "DescribeServiceLinkVirtualInterfaces":{ + "name":"DescribeServiceLinkVirtualInterfaces", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeServiceLinkVirtualInterfacesRequest"}, + "output":{"shape":"DescribeServiceLinkVirtualInterfacesResult"}, + "documentation":"

Describes the Outpost service link virtual interfaces.

" + }, "DescribeSnapshotAttribute":{ "name":"DescribeSnapshotAttribute", "http":{ @@ -3376,7 +3747,7 @@ }, "input":{"shape":"DescribeSnapshotsRequest"}, "output":{"shape":"DescribeSnapshotsResult"}, - "documentation":"

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

  • public: The owner of the snapshot granted create volume permissions for the snapshot to the all group. All Amazon Web Services accounts have create volume permissions for these snapshots.

  • explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.

  • implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

" + "documentation":"

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

  • public: The owner of the snapshot granted create volume permissions for the snapshot to the all group. All Amazon Web Services accounts have create volume permissions for these snapshots.

  • explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account.

  • implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns.

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.

We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.

" }, "DescribeSpotDatafeedSubscription":{ "name":"DescribeSpotDatafeedSubscription", @@ -3456,7 +3827,7 @@ }, "input":{"shape":"DescribeStoreImageTasksRequest"}, "output":{"shape":"DescribeStoreImageTasksResult"}, - "documentation":"

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using Amazon S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using Amazon S3 in the Amazon EC2 User Guide.

" + "documentation":"

Describes the progress of the AMI store tasks. You can describe the store tasks for specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from the last 31 days.

For each AMI task, the response indicates if the task is InProgress, Completed, or Failed. For tasks InProgress, the response shows the estimated progress as a percentage.

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31 days can be viewed.

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using S3 in the Amazon EC2 User Guide.

For more information, see Store and restore an AMI using S3 in the Amazon EC2 User Guide.

" }, "DescribeSubnets":{ "name":"DescribeSubnets", @@ -3696,7 +4067,7 @@ }, "input":{"shape":"DescribeVolumeStatusRequest"}, "output":{"shape":"DescribeVolumeStatusResult"}, - "documentation":"

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon EBS User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" + "documentation":"

Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.

The DescribeVolumeStatus operation provides the following information about the specified volumes:

Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon EBS User Guide.

Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.

Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume and then check the volume for data consistency. For more information, see Work with an impaired EBS volume.

Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)

The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.

" }, "DescribeVolumes":{ "name":"DescribeVolumes", @@ -3816,7 +4187,7 @@ }, "input":{"shape":"DescribeVpcEndpointServicePermissionsRequest"}, "output":{"shape":"DescribeVpcEndpointServicePermissionsResult"}, - "documentation":"

Describes the principals (service consumers) that are permitted to discover your VPC endpoint service.

" + "documentation":"

Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. Principal ARNs with path components aren't supported.

" }, "DescribeVpcEndpointServices":{ "name":"DescribeVpcEndpointServices", @@ -3924,7 +4295,7 @@ }, "input":{"shape":"DetachVolumeRequest"}, "output":{"shape":"VolumeAttachment"}, - "documentation":"

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

You can't detach or force detach volumes that are attached to Amazon ECS or Fargate tasks. Attempting to do this results in the UnsupportedOperationException exception with the Unable to detach volume attached to ECS tasks error message.

For more information, see Detach an Amazon EBS volume in the Amazon EBS User Guide.

" + "documentation":"

Detaches an EBS volume from an instance. Make sure to unmount any file systems on the device within your operating system before detaching the volume. Failure to do so can result in the volume becoming stuck in the busy state while detaching. If this happens, detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot the instance, or all three. If an EBS volume is the root device of an instance, it can't be detached while the instance is running. To detach the root volume, stop the instance first.

When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the product code is no longer associated with the instance.

You can't detach or force detach volumes that are attached to Amazon Web Services-managed resources. Attempting to do this results in the UnsupportedOperationException exception.

For more information, see Detach an Amazon EBS volume in the Amazon EBS User Guide.

" }, "DetachVpnGateway":{ "name":"DetachVpnGateway", @@ -3965,6 +4336,16 @@ "output":{"shape":"DisableAwsNetworkPerformanceMetricSubscriptionResult"}, "documentation":"

Disables Infrastructure Performance metric subscriptions.

" }, + "DisableCapacityManager":{ + "name":"DisableCapacityManager", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableCapacityManagerRequest"}, + "output":{"shape":"DisableCapacityManagerResult"}, + "documentation":"

Disables EC2 Capacity Manager for your account. This stops data ingestion and removes access to capacity analytics and optimization recommendations. Previously collected data is retained but no new data will be processed.

" + }, "DisableEbsEncryptionByDefault":{ "name":"DisableEbsEncryptionByDefault", "http":{ @@ -4013,7 +4394,7 @@ }, "input":{"shape":"DisableImageBlockPublicAccessRequest"}, "output":{"shape":"DisableImageBlockPublicAccessResult"}, - "documentation":"

Disables block public access for AMIs at the account level in the specified Amazon Web Services Region. This removes the block public access restriction from your account. With the restriction removed, you can publicly share your AMIs in the specified Amazon Web Services Region.

The API can take up to 10 minutes to configure this setting. During this time, if you run GetImageBlockPublicAccessState, the response will be block-new-sharing. When the API has completed the configuration, the response will be unblocked.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" + "documentation":"

Disables block public access for AMIs at the account level in the specified Amazon Web Services Region. This removes the block public access restriction from your account. With the restriction removed, you can publicly share your AMIs in the specified Amazon Web Services Region.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" }, "DisableImageDeprecation":{ "name":"DisableImageDeprecation", @@ -4023,7 +4404,7 @@ }, "input":{"shape":"DisableImageDeprecationRequest"}, "output":{"shape":"DisableImageDeprecationResult"}, - "documentation":"

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an AMI in the Amazon EC2 User Guide.

" + "documentation":"

Cancels the deprecation of the specified AMI.

For more information, see Deprecate an Amazon EC2 AMI in the Amazon EC2 User Guide.

" }, "DisableImageDeregistrationProtection":{ "name":"DisableImageDeregistrationProtection", @@ -4033,7 +4414,7 @@ }, "input":{"shape":"DisableImageDeregistrationProtectionRequest"}, "output":{"shape":"DisableImageDeregistrationProtectionResult"}, - "documentation":"

Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered.

If you chose to include a 24-hour cooldown period when you enabled deregistration protection for the AMI, then, when you disable deregistration protection, you won’t immediately be able to deregister the AMI.

For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide.

" + "documentation":"

Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered.

If you chose to include a 24-hour cooldown period when you enabled deregistration protection for the AMI, then, when you disable deregistration protection, you won’t immediately be able to deregister the AMI.

For more information, see Protect an Amazon EC2 AMI from deregistration in the Amazon EC2 User Guide.

" }, "DisableIpamOrganizationAdminAccount":{ "name":"DisableIpamOrganizationAdminAccount", @@ -4045,6 +4426,16 @@ "output":{"shape":"DisableIpamOrganizationAdminAccountResult"}, "documentation":"

Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.

" }, + "DisableRouteServerPropagation":{ + "name":"DisableRouteServerPropagation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableRouteServerPropagationRequest"}, + "output":{"shape":"DisableRouteServerPropagationResult"}, + "documentation":"

Disables route propagation from a route server to a specified route table.

When enabled, route server propagation installs the routes in the FIB on the route table you've specified. Route server supports IPv4 and IPv6 route propagation.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "DisableSerialConsoleAccess":{ "name":"DisableSerialConsoleAccess", "http":{ @@ -4111,7 +4502,7 @@ "requestUri":"/" }, "input":{"shape":"DisassociateAddressRequest"}, - "documentation":"

Disassociates an Elastic IP address from the instance or network interface it's associated with.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.

" + "documentation":"

Disassociates an Elastic IP address from the instance or network interface it's associated with.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.

An address cannot be disassociated if the all of the following conditions are met:

  • Network interface has a publicDualStackDnsName publicDnsName

  • Public IPv4 address is the primary public IPv4 address

  • Network interface only has one remaining public IPv4 address

" }, "DisassociateCapacityReservationBillingOwner":{ "name":"DisassociateCapacityReservationBillingOwner", @@ -4193,6 +4584,16 @@ "output":{"shape":"DisassociateNatGatewayAddressResult"}, "documentation":"

Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.

While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway.

An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated and supports the existing connections but does not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IP addresses mapped to them) are released.

" }, + "DisassociateRouteServer":{ + "name":"DisassociateRouteServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateRouteServerRequest"}, + "output":{"shape":"DisassociateRouteServerResult"}, + "documentation":"

Disassociates a route server from a VPC.

A route server association is the connection established between a route server and a VPC.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "DisassociateRouteTable":{ "name":"DisassociateRouteTable", "http":{ @@ -4302,6 +4703,16 @@ "output":{"shape":"EnableAwsNetworkPerformanceMetricSubscriptionResult"}, "documentation":"

Enables Infrastructure Performance subscriptions.

" }, + "EnableCapacityManager":{ + "name":"EnableCapacityManager", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableCapacityManagerRequest"}, + "output":{"shape":"EnableCapacityManagerResult"}, + "documentation":"

Enables EC2 Capacity Manager for your account. This starts data ingestion for your EC2 capacity usage across On-Demand, Spot, and Capacity Reservations. Initial data processing may take several hours to complete.

" + }, "EnableEbsEncryptionByDefault":{ "name":"EnableEbsEncryptionByDefault", "http":{ @@ -4310,7 +4721,7 @@ }, "input":{"shape":"EnableEbsEncryptionByDefaultRequest"}, "output":{"shape":"EnableEbsEncryptionByDefaultResult"}, - "documentation":"

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

" + "documentation":"

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.

" }, "EnableFastLaunch":{ "name":"EnableFastLaunch", @@ -4330,7 +4741,7 @@ }, "input":{"shape":"EnableFastSnapshotRestoresRequest"}, "output":{"shape":"EnableFastSnapshotRestoresResult"}, - "documentation":"

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.

For more information, see Amazon EBS fast snapshot restore in the Amazon EBS User Guide.

" + "documentation":"

Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.

You get the full benefit of fast snapshot restores after they enter the enabled state.

For more information, see Amazon EBS fast snapshot restore in the Amazon EBS User Guide.

" }, "EnableImage":{ "name":"EnableImage", @@ -4340,7 +4751,7 @@ }, "input":{"shape":"EnableImageRequest"}, "output":{"shape":"EnableImageResult"}, - "documentation":"

Re-enables a disabled AMI. The re-enabled AMI is marked as available and can be used for instance launches, appears in describe operations, and can be shared. Amazon Web Services accounts, organizations, and Organizational Units that lost access to the AMI when it was disabled do not regain access automatically. Once the AMI is available, it can be shared with them again.

Only the AMI owner can re-enable a disabled AMI.

For more information, see Disable an AMI in the Amazon EC2 User Guide.

" + "documentation":"

Re-enables a disabled AMI. The re-enabled AMI is marked as available and can be used for instance launches, appears in describe operations, and can be shared. Amazon Web Services accounts, organizations, and Organizational Units that lost access to the AMI when it was disabled do not regain access automatically. Once the AMI is available, it can be shared with them again.

Only the AMI owner can re-enable a disabled AMI.

For more information, see Disable an Amazon EC2 AMI in the Amazon EC2 User Guide.

" }, "EnableImageBlockPublicAccess":{ "name":"EnableImageBlockPublicAccess", @@ -4350,7 +4761,7 @@ }, "input":{"shape":"EnableImageBlockPublicAccessRequest"}, "output":{"shape":"EnableImageBlockPublicAccessResult"}, - "documentation":"

Enables block public access for AMIs at the account level in the specified Amazon Web Services Region. This prevents the public sharing of your AMIs. However, if you already have public AMIs, they will remain publicly available.

The API can take up to 10 minutes to configure this setting. During this time, if you run GetImageBlockPublicAccessState, the response will be unblocked. When the API has completed the configuration, the response will be block-new-sharing.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" + "documentation":"

Enables block public access for AMIs at the account level in the specified Amazon Web Services Region. This prevents the public sharing of your AMIs. However, if you already have public AMIs, they will remain publicly available.

The API can take up to 10 minutes to configure this setting. During this time, if you run GetImageBlockPublicAccessState, the response will be unblocked. When the API has completed the configuration, the response will be block-new-sharing.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" }, "EnableImageDeprecation":{ "name":"EnableImageDeprecation", @@ -4370,7 +4781,7 @@ }, "input":{"shape":"EnableImageDeregistrationProtectionRequest"}, "output":{"shape":"EnableImageDeregistrationProtectionResult"}, - "documentation":"

Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered.

To allow the AMI to be deregistered, you must first disable deregistration protection using DisableImageDeregistrationProtection.

For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide.

" + "documentation":"

Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered.

To allow the AMI to be deregistered, you must first disable deregistration protection.

For more information, see Protect an Amazon EC2 AMI from deregistration in the Amazon EC2 User Guide.

" }, "EnableIpamOrganizationAdminAccount":{ "name":"EnableIpamOrganizationAdminAccount", @@ -4392,6 +4803,16 @@ "output":{"shape":"EnableReachabilityAnalyzerOrganizationSharingResult"}, "documentation":"

Establishes a trust relationship between Reachability Analyzer and Organizations. This operation must be performed by the management account for the organization.

After you establish a trust relationship, a user in the management account or a delegated administrator account can run a cross-account analysis using resources from the member accounts.

" }, + "EnableRouteServerPropagation":{ + "name":"EnableRouteServerPropagation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableRouteServerPropagationRequest"}, + "output":{"shape":"EnableRouteServerPropagationResult"}, + "documentation":"

Defines which route tables the route server can update with routes.

When enabled, route server propagation installs the routes in the FIB on the route table you've specified. Route server supports IPv4 and IPv6 route propagation.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "EnableSerialConsoleAccess":{ "name":"EnableSerialConsoleAccess", "http":{ @@ -4510,6 +4931,16 @@ "output":{"shape":"ExportVerifiedAccessInstanceClientConfigurationResult"}, "documentation":"

Exports the client configuration for a Verified Access instance.

" }, + "GetActiveVpnTunnelStatus":{ + "name":"GetActiveVpnTunnelStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetActiveVpnTunnelStatusRequest"}, + "output":{"shape":"GetActiveVpnTunnelStatusResult"}, + "documentation":"

Returns the currently negotiated security parameters for an active VPN tunnel, including IKE version, DH groups, encryption algorithms, and integrity algorithms.

" + }, "GetAllowedImagesSettings":{ "name":"GetAllowedImagesSettings", "http":{ @@ -4550,6 +4981,36 @@ "output":{"shape":"GetAwsNetworkPerformanceDataResult"}, "documentation":"

Gets network performance data.

" }, + "GetCapacityManagerAttributes":{ + "name":"GetCapacityManagerAttributes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCapacityManagerAttributesRequest"}, + "output":{"shape":"GetCapacityManagerAttributesResult"}, + "documentation":"

Retrieves the current configuration and status of EC2 Capacity Manager for your account, including enablement status, Organizations access settings, and data ingestion status.

" + }, + "GetCapacityManagerMetricData":{ + "name":"GetCapacityManagerMetricData", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCapacityManagerMetricDataRequest"}, + "output":{"shape":"GetCapacityManagerMetricDataResult"}, + "documentation":"

Retrieves capacity usage metrics for your EC2 resources. Returns time-series data for metrics like unused capacity, utilization rates, and costs across On-Demand, Spot, and Capacity Reservations. Data can be grouped and filtered by various dimensions such as region, account, and instance family.

" + }, + "GetCapacityManagerMetricDimensions":{ + "name":"GetCapacityManagerMetricDimensions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCapacityManagerMetricDimensionsRequest"}, + "output":{"shape":"GetCapacityManagerMetricDimensionsResult"}, + "documentation":"

Retrieves the available dimension values for capacity metrics within a specified time range. This is useful for discovering what accounts, regions, instance families, and other dimensions have data available for filtering and grouping.

" + }, "GetCapacityReservationUsage":{ "name":"GetCapacityReservationUsage", "http":{ @@ -4618,7 +5079,7 @@ }, "input":{"shape":"GetEbsDefaultKmsKeyIdRequest"}, "output":{"shape":"GetEbsDefaultKmsKeyIdResult"}, - "documentation":"

Describes the default KMS key for EBS encryption by default for your account in this Region. You can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

" + "documentation":"

Describes the default KMS key for EBS encryption by default for your account in this Region.

For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

" }, "GetEbsEncryptionByDefault":{ "name":"GetEbsEncryptionByDefault", @@ -4660,6 +5121,16 @@ "output":{"shape":"GetHostReservationPurchasePreviewResult"}, "documentation":"

Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.

This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.

" }, + "GetImageAncestry":{ + "name":"GetImageAncestry", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetImageAncestryRequest"}, + "output":{"shape":"GetImageAncestryResult"}, + "documentation":"

Retrieves the ancestry chain of the specified AMI, tracing its lineage back to the root AMI. For more information, see AMI ancestry in Amazon EC2 User Guide.

" + }, "GetImageBlockPublicAccessState":{ "name":"GetImageBlockPublicAccessState", "http":{ @@ -4668,7 +5139,7 @@ }, "input":{"shape":"GetImageBlockPublicAccessStateRequest"}, "output":{"shape":"GetImageBlockPublicAccessStateResult"}, - "documentation":"

Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" + "documentation":"

Gets the current state of block public access for AMIs at the account level in the specified Amazon Web Services Region.

For more information, see Block public access to your AMIs in the Amazon EC2 User Guide.

" }, "GetInstanceMetadataDefaults":{ "name":"GetInstanceMetadataDefaults", @@ -4770,6 +5241,36 @@ "output":{"shape":"GetIpamPoolCidrsResult"}, "documentation":"

Get the CIDRs provisioned to an IPAM pool.

" }, + "GetIpamPrefixListResolverRules":{ + "name":"GetIpamPrefixListResolverRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIpamPrefixListResolverRulesRequest"}, + "output":{"shape":"GetIpamPrefixListResolverRulesResult"}, + "documentation":"

Retrieves the CIDR selection rules for an IPAM prefix list resolver. Use this operation to view the business logic that determines which CIDRs are selected for synchronization with prefix lists.

" + }, + "GetIpamPrefixListResolverVersionEntries":{ + "name":"GetIpamPrefixListResolverVersionEntries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIpamPrefixListResolverVersionEntriesRequest"}, + "output":{"shape":"GetIpamPrefixListResolverVersionEntriesResult"}, + "documentation":"

Retrieves the CIDR entries for a specific version of an IPAM prefix list resolver. This shows the actual CIDRs that were selected and synchronized at a particular point in time.

" + }, + "GetIpamPrefixListResolverVersions":{ + "name":"GetIpamPrefixListResolverVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIpamPrefixListResolverVersionsRequest"}, + "output":{"shape":"GetIpamPrefixListResolverVersionsResult"}, + "documentation":"

Retrieves version information for an IPAM prefix list resolver.

Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.

Version example:

Initial State (Version 1)

Production environment:

  • vpc-prod-web (10.1.0.0/16) - tagged env=prod

  • vpc-prod-db (10.2.0.0/16) - tagged env=prod

Resolver rule: Include all VPCs tagged env=prod

Version 1 CIDRs: 10.1.0.0/16, 10.2.0.0/16

Infrastructure Change (Version 2)

New VPC added:

  • vpc-prod-api (10.3.0.0/16) - tagged env=prod

IPAM automatically detects the change and creates a new version.

Version 2 CIDRs: 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16

" + }, "GetIpamResourceCidrs":{ "name":"GetIpamResourceCidrs", "http":{ @@ -4850,6 +5351,36 @@ "output":{"shape":"GetReservedInstancesExchangeQuoteResult"}, "documentation":"

Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.

" }, + "GetRouteServerAssociations":{ + "name":"GetRouteServerAssociations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetRouteServerAssociationsRequest"}, + "output":{"shape":"GetRouteServerAssociationsResult"}, + "documentation":"

Gets information about the associations for the specified route server.

A route server association is the connection established between a route server and a VPC.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, + "GetRouteServerPropagations":{ + "name":"GetRouteServerPropagations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetRouteServerPropagationsRequest"}, + "output":{"shape":"GetRouteServerPropagationsResult"}, + "documentation":"

Gets information about the route propagations for the specified route server.

When enabled, route server propagation installs the routes in the FIB on the route table you've specified. Route server supports IPv4 and IPv6 route propagation.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

" + }, + "GetRouteServerRoutingDatabase":{ + "name":"GetRouteServerRoutingDatabase", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetRouteServerRoutingDatabaseRequest"}, + "output":{"shape":"GetRouteServerRoutingDatabaseResult"}, + "documentation":"

Gets the routing database for the specified route server. The Routing Information Base (RIB) serves as a database that stores all the routing information and network topology data collected by a router or routing system, such as routes learned from BGP peers. The RIB is constantly updated as new routing information is received or existing routes change. This ensures that the route server always has the most current view of the network topology and can make optimal routing decisions.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

" + }, "GetSecurityGroupsForVpc":{ "name":"GetSecurityGroupsForVpc", "http":{ @@ -5188,7 +5719,7 @@ }, "input":{"shape":"ModifyEbsDefaultKmsKeyIdRequest"}, "output":{"shape":"ModifyEbsDefaultKmsKeyIdResult"}, - "documentation":"

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

" + "documentation":"

Changes the default KMS key for EBS encryption by default for your account in this Region.

Amazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services managed KMS key. Amazon EBS does not support asymmetric KMS keys.

If you delete or disable the customer managed KMS key that you specified for use with encryption by default, your instances will fail to launch.

For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

" }, "ModifyFleet":{ "name":"ModifyFleet", @@ -5266,6 +5797,16 @@ "output":{"shape":"ModifyInstanceCapacityReservationAttributesResult"}, "documentation":"

Modifies the Capacity Reservation settings for a stopped instance. Use this action to configure an instance to target a specific Capacity Reservation, run in any open Capacity Reservation with matching attributes, run in On-Demand Instance capacity, or only run in a Capacity Reservation.

" }, + "ModifyInstanceConnectEndpoint":{ + "name":"ModifyInstanceConnectEndpoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyInstanceConnectEndpointRequest"}, + "output":{"shape":"ModifyInstanceConnectEndpointResult"}, + "documentation":"

Modifies the specified EC2 Instance Connect Endpoint.

For more information, see Modify an EC2 Instance Connect Endpoint in the Amazon EC2 User Guide.

" + }, "ModifyInstanceCpuOptions":{ "name":"ModifyInstanceCpuOptions", "http":{ @@ -5314,7 +5855,7 @@ }, "input":{"shape":"ModifyInstanceMaintenanceOptionsRequest"}, "output":{"shape":"ModifyInstanceMaintenanceOptionsResult"}, - "documentation":"

Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.

" + "documentation":"

Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.

Modifies the reboot migration behavior during a user-initiated reboot of an instance that has a pending system-reboot event. For more information, see Enable or disable reboot migration.

" }, "ModifyInstanceMetadataDefaults":{ "name":"ModifyInstanceMetadataDefaults", @@ -5376,6 +5917,26 @@ "output":{"shape":"ModifyIpamPoolResult"}, "documentation":"

Modify the configurations of an IPAM pool.

For more information, see Modify a pool in the Amazon VPC IPAM User Guide.

" }, + "ModifyIpamPrefixListResolver":{ + "name":"ModifyIpamPrefixListResolver", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyIpamPrefixListResolverRequest"}, + "output":{"shape":"ModifyIpamPrefixListResolverResult"}, + "documentation":"

Modifies an IPAM prefix list resolver. You can update the description and CIDR selection rules. Changes to rules will trigger re-evaluation and potential updates to associated prefix lists.

" + }, + "ModifyIpamPrefixListResolverTarget":{ + "name":"ModifyIpamPrefixListResolverTarget", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyIpamPrefixListResolverTargetRequest"}, + "output":{"shape":"ModifyIpamPrefixListResolverTargetResult"}, + "documentation":"

Modifies an IPAM prefix list resolver target. You can update version tracking settings and the desired version of the target prefix list.

" + }, "ModifyIpamResourceCidr":{ "name":"ModifyIpamResourceCidr", "http":{ @@ -5455,6 +6016,16 @@ "output":{"shape":"ModifyPrivateDnsNameOptionsResult"}, "documentation":"

Modifies the options for instance hostnames for the specified instance.

" }, + "ModifyPublicIpDnsNameOptions":{ + "name":"ModifyPublicIpDnsNameOptions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyPublicIpDnsNameOptionsRequest"}, + "output":{"shape":"ModifyPublicIpDnsNameOptionsResult"}, + "documentation":"

Modify public hostname options for a network interface. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

" + }, "ModifyReservedInstances":{ "name":"ModifyReservedInstances", "http":{ @@ -5465,6 +6036,16 @@ "output":{"shape":"ModifyReservedInstancesResult"}, "documentation":"

Modifies the configuration of your Reserved Instances, such as the Availability Zone, instance count, or instance type. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modify Reserved Instances in the Amazon EC2 User Guide.

" }, + "ModifyRouteServer":{ + "name":"ModifyRouteServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyRouteServerRequest"}, + "output":{"shape":"ModifyRouteServerResult"}, + "documentation":"

Modifies the configuration of an existing route server.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

For more information see Dynamic routing in your VPC with VPC Route Server in the Amazon VPC User Guide.

" + }, "ModifySecurityGroupRules":{ "name":"ModifySecurityGroupRules", "http":{ @@ -5739,7 +6320,7 @@ }, "input":{"shape":"ModifyVpcEndpointServicePermissionsRequest"}, "output":{"shape":"ModifyVpcEndpointServicePermissionsResult"}, - "documentation":"

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

" + "documentation":"

Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service. Principal ARNs with path components aren't supported.

If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.

" }, "ModifyVpcPeeringConnectionOptions":{ "name":"ModifyVpcPeeringConnectionOptions", @@ -5819,7 +6400,7 @@ }, "input":{"shape":"MoveAddressToVpcRequest"}, "output":{"shape":"MoveAddressToVpcResult"}, - "documentation":"

This action is deprecated.

Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the RestoreAddressToClassic request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform.

" + "documentation":"

This action is deprecated.

Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform.

" }, "MoveByoipCidrToIpam":{ "name":"MoveByoipCidrToIpam", @@ -5849,7 +6430,7 @@ }, "input":{"shape":"ProvisionByoipCidrRequest"}, "output":{"shape":"ProvisionByoipCidrResult"}, - "documentation":"

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

" + "documentation":"

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. For more information, see Onboard your address range.

" }, "ProvisionIpamByoasn":{ "name":"ProvisionIpamByoasn", @@ -5948,7 +6529,7 @@ }, "input":{"shape":"RegisterImageRequest"}, "output":{"shape":"RegisterImageResult"}, - "documentation":"

Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create an AMI from a snapshot and Create an instance-store backed AMI in the Amazon EC2 User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don't have to register the AMI yourself. We recommend that you always use CreateImage unless you have a specific reason to use RegisterImage.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can't set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create an AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon EC2 User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

In most cases, AMIs for Windows, RedHat, SUSE, and SQL Server require correct licensing information to be present on the AMI. For more information, see Understand AMI billing information in the Amazon EC2 User Guide. When creating an AMI from a snapshot, the RegisterImage operation derives the correct billing information from the snapshot's metadata, but this requires the appropriate metadata to be present. To verify if the correct billing information was applied, check the PlatformDetails field on the new AMI. If the field is empty or doesn't match the expected operating system code (for example, Windows, RedHat, SUSE, or SQL), the AMI creation was unsuccessful, and you should discard the AMI and instead create the AMI from an instance using CreateImage. For more information, see Create an AMI from an instance in the Amazon EC2 User Guide.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.

" + "documentation":"

Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create an AMI from a snapshot and Create an instance-store backed AMI in the Amazon EC2 User Guide.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

Register a snapshot of a root device volume

You can use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can't set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.

For more information, see Create an AMI from a snapshot and Use encryption with EBS-backed AMIs in the Amazon EC2 User Guide.

Amazon Web Services Marketplace product codes

If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.

In most cases, AMIs for Windows, RedHat, SUSE, and SQL Server require correct licensing information to be present on the AMI. For more information, see Understand AMI billing information in the Amazon EC2 User Guide. When creating an AMI from a snapshot, the RegisterImage operation derives the correct billing information from the snapshot's metadata, but this requires the appropriate metadata to be present. To verify if the correct billing information was applied, check the PlatformDetails field on the new AMI. If the field is empty or doesn't match the expected operating system code (for example, Windows, RedHat, SUSE, or SQL), the AMI creation was unsuccessful, and you should discard the AMI and instead create the AMI from an instance. For more information, see Create an AMI from an instance in the Amazon EC2 User Guide.

If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance is not applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.

" }, "RegisterInstanceEventNotificationAttributes":{ "name":"RegisterInstanceEventNotificationAttributes", @@ -6047,7 +6628,7 @@ "requestUri":"/" }, "input":{"shape":"ReleaseAddressRequest"}, - "documentation":"

Releases the specified Elastic IP address.

[Default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it's associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you'll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

After you release an Elastic IP address, you might be able to recover it. For more information, see AllocateAddress.

" + "documentation":"

Releases the specified Elastic IP address.

[Default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it's associated with. Alternatively, you can disassociate an Elastic IP address without releasing it.

[Nondefault VPC] You must disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you'll get an AuthFailure error if the address is already allocated to another Amazon Web Services account.

After you release an Elastic IP address, you might be able to recover it. For more information, see Release an Elastic IP address.

" }, "ReleaseHosts":{ "name":"ReleaseHosts", @@ -6260,7 +6841,7 @@ }, "input":{"shape":"RestoreImageFromRecycleBinRequest"}, "output":{"shape":"RestoreImageFromRecycleBinResult"}, - "documentation":"

Restores an AMI from the Recycle Bin. For more information, see Recycle Bin in the Amazon EC2 User Guide.

" + "documentation":"

Restores an AMI from the Recycle Bin. For more information, see Recover deleted Amazon EBS snapshots and EBS-back AMIs with Recycle Bin in the Amazon EC2 User Guide.

" }, "RestoreManagedPrefixListVersion":{ "name":"RestoreManagedPrefixListVersion", @@ -6389,7 +6970,7 @@ }, "input":{"shape":"StartDeclarativePoliciesReportRequest"}, "output":{"shape":"StartDeclarativePoliciesReportResult"}, - "documentation":"

Generates an account status report. The report is generated asynchronously, and can take several hours to complete.

The report provides the current status of all attributes supported by declarative policies for the accounts within the specified scope. The scope is determined by the specified TargetId, which can represent an individual account, or all the accounts that fall under the specified organizational unit (OU) or root (the entire Amazon Web Services Organization).

The report is saved to your specified S3 bucket, using the following path structure (with the italicized placeholders representing your specific values):

s3://amzn-s3-demo-bucket/your-optional-s3-prefix/ec2_targetId_reportId_yyyyMMddThhmmZ.csv

Prerequisites for generating a report

  • The StartDeclarativePoliciesReport API can only be called by the management account or delegated administrators for the organization.

  • An S3 bucket must be available before generating the report (you can create a new one or use an existing one), it must be in the same Region where the report generation request is made, and it must have an appropriate bucket policy. For a sample S3 policy, see Sample Amazon S3 policy under .

  • Trusted access must be enabled for the service for which the declarative policy will enforce a baseline configuration. If you use the Amazon Web Services Organizations console, this is done automatically when you enable declarative policies. The API uses the following service principal to identify the EC2 service: ec2.amazonaws.com. For more information on how to enable trusted access with the Amazon Web Services CLI and Amazon Web Services SDKs, see Using Organizations with other Amazon Web Services services in the Amazon Web Services Organizations User Guide.

  • Only one report per organization can be generated at a time. Attempting to generate a report while another is in progress will result in an error.

For more information, including the required IAM permissions to run this API, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.

" + "documentation":"

Generates an account status report. The report is generated asynchronously, and can take several hours to complete.

The report provides the current status of all attributes supported by declarative policies for the accounts within the specified scope. The scope is determined by the specified TargetId, which can represent an individual account, or all the accounts that fall under the specified organizational unit (OU) or root (the entire Amazon Web Services Organization).

The report is saved to your specified S3 bucket, using the following path structure (with the capitalized placeholders representing your specific values):

s3://AMZN-S3-DEMO-BUCKET/YOUR-OPTIONAL-S3-PREFIX/ec2_TARGETID_REPORTID_YYYYMMDDTHHMMZ.csv

Prerequisites for generating a report

  • The StartDeclarativePoliciesReport API can only be called by the management account or delegated administrators for the organization.

  • An S3 bucket must be available before generating the report (you can create a new one or use an existing one), it must be in the same Region where the report generation request is made, and it must have an appropriate bucket policy. For a sample S3 policy, see Sample Amazon S3 policy under Examples.

  • Trusted access must be enabled for the service for which the declarative policy will enforce a baseline configuration. If you use the Amazon Web Services Organizations console, this is done automatically when you enable declarative policies. The API uses the following service principal to identify the EC2 service: ec2.amazonaws.com. For more information on how to enable trusted access with the Amazon Web Services CLI and Amazon Web Services SDKs, see Using Organizations with other Amazon Web Services services in the Amazon Web Services Organizations User Guide.

  • Only one report per organization can be generated at a time. Attempting to generate a report while another is in progress will result in an error.

For more information, including the required IAM permissions to run this API, see Generating the account status report for declarative policies in the Amazon Web Services Organizations User Guide.

" }, "StartInstances":{ "name":"StartInstances", @@ -6439,7 +7020,7 @@ }, "input":{"shape":"StopInstancesRequest"}, "output":{"shape":"StopInstancesResult"}, - "documentation":"

Stops an Amazon EBS-backed instance. For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.

You can use the Stop action to hibernate an instance if the instance is enabled for hibernation and it meets the hibernation prerequisites. For more information, see Hibernate your Amazon EC2 instance in the Amazon EC2 User Guide.

We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.

You can't stop or hibernate instance store-backed instances. You can't use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see Hibernating interrupted Spot Instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.

Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see Troubleshoot stopping your instance in the Amazon EC2 User Guide.

" + "documentation":"

Stops an Amazon EBS-backed instance. You can restart your instance at any time using the StartInstances API. For more information, see Stop and start Amazon EC2 instances in the Amazon EC2 User Guide.

When you stop or hibernate an instance, we shut it down. By default, this includes a graceful operating system (OS) shutdown. To bypass the graceful shutdown, use the skipOsShutdown parameter; however, this might risk data integrity.

You can use the StopInstances operation together with the Hibernate parameter to hibernate an instance if the instance is enabled for hibernation and meets the hibernation prerequisites. Stopping an instance doesn't preserve data stored in RAM, while hibernation does. If hibernation fails, a normal shutdown occurs. For more information, see Hibernate your Amazon EC2 instance in the Amazon EC2 User Guide.

If your instance appears stuck in the stopping state, there might be an issue with the underlying host computer. You can use the StopInstances operation together with the Force parameter to force stop your instance. For more information, see Troubleshoot Amazon EC2 instance stop issues in the Amazon EC2 User Guide.

Stopping and hibernating an instance differs from rebooting or terminating it. For example, a stopped or hibernated instance retains its root volume and any data volumes, unlike terminated instances where these volumes are automatically deleted. For more information about the differences between stopping, hibernating, rebooting, and terminating instances, see Amazon EC2 instance state changes in the Amazon EC2 User Guide.

We don't charge for instance usage or data transfer fees when an instance is stopped. However, the root volume and any data volumes remain and continue to persist your data, and you're charged for volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, followed by per-second billing.

You can't stop or hibernate instance store-backed instances.

" }, "TerminateClientVpnConnections":{ "name":"TerminateClientVpnConnections", @@ -6459,7 +7040,7 @@ }, "input":{"shape":"TerminateInstancesRequest"}, "output":{"shape":"TerminateInstancesResult"}, - "documentation":"

Shuts down the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

  • The specified instances that are in the same Availability Zone as the protected instance are not terminated.

  • The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.

For example, say you have the following instances:

  • Instance A: us-east-1a; Not protected

  • Instance B: us-east-1a; Not protected

  • Instance C: us-east-1b; Protected

  • Instance D: us-east-1b; not protected

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

  • Instance A and Instance B are successfully terminated because none of the specified instances in us-east-1a are enabled for termination protection.

  • Instance C and Instance D fail to terminate because at least one of the specified instances in us-east-1b (Instance C) is enabled for termination protection.

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Instance lifecycle in the Amazon EC2 User Guide.

For more information about troubleshooting, see Troubleshooting terminating your instance in the Amazon EC2 User Guide.

" + "documentation":"

Terminates (deletes) the specified instances. This operation is idempotent; if you terminate an instance more than once, each call succeeds.

Terminating an instance is permanent and irreversible.

After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see How instance termination works.

Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage.

If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

If you terminate multiple instances across multiple Availability Zones, and one or more of the specified instances are enabled for termination protection, the request fails with the following results:

  • The specified instances that are in the same Availability Zone as the protected instance are not terminated.

  • The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated.

For example, say you have the following instances:

  • Instance A: us-east-1a; Not protected

  • Instance B: us-east-1a; Not protected

  • Instance C: us-east-1b; Protected

  • Instance D: us-east-1b; not protected

If you attempt to terminate all of these instances in the same request, the request reports failure with the following results:

  • Instance A and Instance B are successfully terminated because none of the specified instances in us-east-1a are enabled for termination protection.

  • Instance C and Instance D fail to terminate because at least one of the specified instances in us-east-1b (Instance C) is enabled for termination protection.

Terminated instances remain visible after termination (for approximately one hour).

By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running.

By default, the TerminateInstances operation includes a graceful operating system (OS) shutdown. To bypass the graceful shutdown, use the skipOsShutdown parameter; however, this might risk data integrity.

You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed instances. What happens to an instance differs if you stop or terminate it. For example, when you stop an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, any attached EBS volumes with the DeleteOnTermination block device mapping parameter set to true are automatically deleted. For more information about the differences between stopping and terminating instances, see Amazon EC2 instance state changes in the Amazon EC2 User Guide.

When you terminate an instance, we attempt to terminate it forcibly after a short while. If your instance appears stuck in the shutting-down state after a period of time, there might be an issue with the underlying host computer. For more information about terminating and troubleshooting terminating your instances, see Terminate Amazon EC2 instances and Troubleshooting terminating your instance in the Amazon EC2 User Guide.

" }, "UnassignIpv6Addresses":{ "name":"UnassignIpv6Addresses", @@ -6469,7 +7050,7 @@ }, "input":{"shape":"UnassignIpv6AddressesRequest"}, "output":{"shape":"UnassignIpv6AddressesResult"}, - "documentation":"

Unassigns one or more IPv6 addresses IPv4 Prefix Delegation prefixes from a network interface.

" + "documentation":"

Unassigns the specified IPv6 addresses or Prefix Delegation prefixes from a network interface.

" }, "UnassignPrivateIpAddresses":{ "name":"UnassignPrivateIpAddresses", @@ -6478,7 +7059,7 @@ "requestUri":"/" }, "input":{"shape":"UnassignPrivateIpAddressesRequest"}, - "documentation":"

Unassigns one or more secondary private IP addresses, or IPv4 Prefix Delegation prefixes from a network interface.

" + "documentation":"

Unassigns the specified secondary private IP addresses or IPv4 Prefix Delegation prefixes from a network interface.

" }, "UnassignPrivateNatGatewayAddress":{ "name":"UnassignPrivateNatGatewayAddress", @@ -6510,6 +7091,16 @@ "output":{"shape":"UnmonitorInstancesResult"}, "documentation":"

Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.

" }, + "UpdateCapacityManagerOrganizationsAccess":{ + "name":"UpdateCapacityManagerOrganizationsAccess", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateCapacityManagerOrganizationsAccessRequest"}, + "output":{"shape":"UpdateCapacityManagerOrganizationsAccessResult"}, + "documentation":"

Updates the Organizations access setting for EC2 Capacity Manager. This controls whether Capacity Manager can aggregate data from all accounts in your Amazon Web Services Organization or only from the current account.

" + }, "UpdateSecurityGroupRuleDescriptionsEgress":{ "name":"UpdateSecurityGroupRuleDescriptionsEgress", "http":{ @@ -7061,6 +7652,57 @@ "locationName":"item" } }, + "ActiveVpnTunnelStatus":{ + "type":"structure", + "members":{ + "Phase1EncryptionAlgorithm":{ + "shape":"String", + "documentation":"

The encryption algorithm negotiated in Phase 1 IKE negotiations.

", + "locationName":"phase1EncryptionAlgorithm" + }, + "Phase2EncryptionAlgorithm":{ + "shape":"String", + "documentation":"

The encryption algorithm negotiated in Phase 2 IKE negotiations.

", + "locationName":"phase2EncryptionAlgorithm" + }, + "Phase1IntegrityAlgorithm":{ + "shape":"String", + "documentation":"

The integrity algorithm negotiated in Phase 1 IKE negotiations.

", + "locationName":"phase1IntegrityAlgorithm" + }, + "Phase2IntegrityAlgorithm":{ + "shape":"String", + "documentation":"

The integrity algorithm negotiated in Phase 2 IKE negotiations.

", + "locationName":"phase2IntegrityAlgorithm" + }, + "Phase1DHGroup":{ + "shape":"Integer", + "documentation":"

The Diffie-Hellman group number being used in Phase 1 IKE negotiations.

", + "locationName":"phase1DHGroup" + }, + "Phase2DHGroup":{ + "shape":"Integer", + "documentation":"

The Diffie-Hellman group number being used in Phase 2 IKE negotiations.

", + "locationName":"phase2DHGroup" + }, + "IkeVersion":{ + "shape":"String", + "documentation":"

The version of the Internet Key Exchange (IKE) protocol being used.

", + "locationName":"ikeVersion" + }, + "ProvisioningStatus":{ + "shape":"VpnTunnelProvisioningStatus", + "documentation":"

The current provisioning status of the VPN tunnel.

", + "locationName":"provisioningStatus" + }, + "ProvisioningStatusReason":{ + "shape":"String", + "documentation":"

The reason for the current provisioning status.

", + "locationName":"provisioningStatusReason" + } + }, + "documentation":"

Contains information about the current security configuration of an active VPN tunnel.

" + }, "ActivityStatus":{ "type":"string", "enum":[ @@ -7272,6 +7914,16 @@ "documentation":"

The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance).

", "locationName":"carrierIp" }, + "SubnetId":{ + "shape":"String", + "documentation":"

The ID of the subnet where the IP address is allocated.

", + "locationName":"subnetId" + }, + "ServiceManaged":{ + "shape":"ServiceManaged", + "documentation":"

The service that manages the elastic IP address.

The only option supported today is alb.

", + "locationName":"serviceManaged" + }, "InstanceId":{ "shape":"String", "documentation":"

The ID of the instance that the address is associated with (if any).

", @@ -7480,7 +8132,7 @@ }, "PublicIpv4Pool":{ "shape":"String", - "documentation":"

The ID of an address pool.

", + "documentation":"

The ID of an address pool that you own.

", "locationName":"publicIpv4Pool" }, "NetworkBorderGroup":{ @@ -7505,19 +8157,18 @@ }, "CarrierIp":{ "shape":"String", - "documentation":"

The carrier IP address. This option is only available for network interfaces that reside in a subnet in a Wavelength Zone.

", + "documentation":"

The carrier IP address. Available only for network interfaces that reside in a subnet in a Wavelength Zone.

", "locationName":"carrierIp" }, "PublicIp":{ "shape":"String", - "documentation":"

The Elastic IP address.

", + "documentation":"

The Amazon-owned IP address. Not available when using an address pool that you own.

", "locationName":"publicIp" } } }, "AllocateHostsRequest":{ "type":"structure", - "required":["AvailabilityZone"], "members":{ "InstanceFamily":{ "shape":"String", @@ -7545,6 +8196,10 @@ "documentation":"

The IDs of the Outpost hardware assets on which to allocate the Dedicated Hosts. Targeting specific hardware assets on an Outpost can help to minimize latency between your workloads. This parameter is supported only if you specify OutpostArn. If you are allocating the Dedicated Hosts in a Region, omit this parameter.

  • If you specify this parameter, you can omit Quantity. In this case, Amazon EC2 allocates a Dedicated Host on each specified hardware asset.

  • If you specify both AssetIds and Quantity, then the value for Quantity must be equal to the number of asset IDs specified.

", "locationName":"AssetId" }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone.

" + }, "AutoPlacement":{ "shape":"AutoPlacement", "documentation":"

Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide.

Default: off

", @@ -7875,6 +8530,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "Instance":{ "shape":"AnalysisComponent", "documentation":"

Information about the instance.

", @@ -8126,6 +8786,13 @@ "locationName":"item" } }, + "AsPath":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + } + }, "AsnAssociation":{ "type":"structure", "members":{ @@ -8214,7 +8881,7 @@ }, "Ipv6Prefixes":{ "shape":"IpPrefixList", - "documentation":"

One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.

", + "documentation":"

One or more IPv6 prefixes assigned to the network interface. You can't use this option if you use the Ipv6PrefixCount option.

", "locationName":"Ipv6Prefix" }, "NetworkInterfaceId":{ @@ -8260,12 +8927,12 @@ "members":{ "Ipv4Prefixes":{ "shape":"IpPrefixList", - "documentation":"

One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.

", + "documentation":"

One or more IPv4 prefixes assigned to the network interface. You can't use this option if you use the Ipv4PrefixCount option.

", "locationName":"Ipv4Prefix" }, "Ipv4PrefixCount":{ "shape":"Integer", - "documentation":"

The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.

" + "documentation":"

The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You can't use this option if you use the Ipv4 Prefixes option.

" }, "NetworkInterfaceId":{ "shape":"NetworkInterfaceId", @@ -8720,6 +9387,37 @@ } } }, + "AssociateRouteServerRequest":{ + "type":"structure", + "required":[ + "RouteServerId", + "VpcId" + ], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The unique identifier for the route server to be associated.

" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

The ID of the VPC to associate with the route server.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "AssociateRouteServerResult":{ + "type":"structure", + "members":{ + "RouteServerAssociation":{ + "shape":"RouteServerAssociation", + "documentation":"

Information about the association between the route server and the VPC.

", + "locationName":"routeServerAssociation" + } + } + }, "AssociateRouteTableRequest":{ "type":"structure", "required":["RouteTableId"], @@ -8728,6 +9426,10 @@ "shape":"RouteGatewayId", "documentation":"

The ID of the internet gateway or virtual private gateway.

" }, + "PublicIpv4Pool":{ + "shape":"Ipv4PoolEc2Id", + "documentation":"

The ID of a public IPv4 pool. A public IPv4 pool is a pool of IPv4 addresses that you've brought to Amazon Web Services with BYOIP.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -9082,6 +9784,13 @@ "locationName":"item" } }, + "AssociatedSubnetList":{ + "type":"list", + "member":{ + "shape":"SubnetId", + "locationName":"item" + } + }, "AssociatedTargetNetwork":{ "type":"structure", "members":{ @@ -9253,6 +9962,10 @@ "shape":"EnaSrdSpecification", "documentation":"

Configures ENA Express for the network interface that this action attaches to the instance.

" }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues to be created with the instance.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -9421,6 +10134,13 @@ }, "documentation":"

ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic automatically uses it. However, some UDP-based applications are designed to handle network packets that are out of order, without a need for retransmission, such as live video broadcasting or other near-real-time applications. For UDP traffic, you can specify whether to use ENA Express, based on your application environment needs.

" }, + "AttachmentLimitType":{ + "type":"string", + "enum":[ + "shared", + "dedicated" + ] + }, "AttachmentStatus":{ "type":"string", "enum":[ @@ -9657,7 +10377,7 @@ "members":{ "CidrIp":{ "shape":"String", - "documentation":"

The IPv4 address range, in CIDR format.

To specify an IPv6 address range, use IP permissions instead.

To specify multiple rules and descriptions for the rules, use IP permissions instead.

" + "documentation":"

The IPv4 address range, in CIDR format.

Amazon Web Services canonicalizes IPv4 and IPv6 CIDRs. For example, if you specify 100.68.0.18/18 for the CIDR block, Amazon Web Services canonicalizes the CIDR block to 100.68.0.0/18. Any subsequent DescribeSecurityGroups and DescribeSecurityGroupRules calls will return the canonicalized form of the CIDR block. Additionally, if you attempt to add another rule with the non-canonical form of the CIDR (such as 100.68.0.18/18) and there is already a rule for the canonicalized form of the CIDR block (such as 100.68.0.0/18), the API throws an duplicate rule error.

To specify an IPv6 address range, use IP permissions instead.

To specify multiple rules and descriptions for the rules, use IP permissions instead.

" }, "FromPort":{ "shape":"Integer", @@ -9745,7 +10465,7 @@ "members":{ "OptInStatus":{ "shape":"AvailabilityZoneOptInStatus", - "documentation":"

For Availability Zones, this parameter always has the value of opt-in-not-required.

For Local Zones and Wavelength Zones, this parameter is the opt-in status. The possible values are opted-in, and not-opted-in.

", + "documentation":"

For Availability Zones, this parameter always has the value of opt-in-not-required.

For Local Zones and Wavelength Zones, this parameter is the opt-in status. The possible values are opted-in and not-opted-in.

", "locationName":"optInStatus" }, "Messages":{ @@ -9770,7 +10490,7 @@ }, "GroupName":{ "shape":"String", - "documentation":"

For Availability Zones, this parameter has the same value as the Region name.

For Local Zones, the name of the associated group, for example us-west-2-lax-1.

For Wavelength Zones, the name of the associated group, for example us-east-1-wl1-bos-wlz-1.

", + "documentation":"

The name of the zone group. For example:

  • Availability Zones - us-east-1-zg-1

  • Local Zones - us-west-2-lax-1

  • Wavelength Zones - us-east-1-wl1-bos-wlz-1

", "locationName":"groupName" }, "NetworkBorderGroup":{ @@ -9780,7 +10500,7 @@ }, "ZoneType":{ "shape":"String", - "documentation":"

The type of zone. The valid values are availability-zone, local-zone, and wavelength-zone.

", + "documentation":"

The type of zone.

Valid values: availability-zone | local-zone | wavelength-zone

", "locationName":"zoneType" }, "ParentZoneName":{ @@ -9793,15 +10513,27 @@ "documentation":"

The ID of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.

", "locationName":"parentZoneId" }, + "GroupLongName":{ + "shape":"String", + "documentation":"

The long name of the Availability Zone group, Local Zone group, or Wavelength Zone group.

", + "locationName":"groupLongName" + }, "State":{ "shape":"AvailabilityZoneState", - "documentation":"

The state of the Availability Zone, Local Zone, or Wavelength Zone. This value is always available.

", + "documentation":"

The state of the Availability Zone, Local Zone, or Wavelength Zone. The possible values are available, unavailable, and constrained.

", "locationName":"zoneState" } }, "documentation":"

Describes Availability Zones, Local Zones, and Wavelength Zones.

" }, "AvailabilityZoneId":{"type":"string"}, + "AvailabilityZoneIdStringList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"AvailabilityZoneId" + } + }, "AvailabilityZoneList":{ "type":"list", "member":{ @@ -10006,7 +10738,7 @@ }, "DeviceName":{ "shape":"String", - "documentation":"

The device name (for example, /dev/sdh or xvdh).

", + "documentation":"

The device name. For available device names, see Device names for volumes.

", "locationName":"deviceName" }, "VirtualName":{ @@ -10031,6 +10763,39 @@ "locationName":"BlockDeviceMapping" } }, + "BlockDeviceMappingResponse":{ + "type":"structure", + "members":{ + "DeviceName":{ + "shape":"String", + "documentation":"

The device name (for example, /dev/sdh or xvdh).

", + "locationName":"deviceName" + }, + "VirtualName":{ + "shape":"String", + "documentation":"

The virtual device name.

", + "locationName":"virtualName" + }, + "Ebs":{ + "shape":"EbsBlockDeviceResponse", + "documentation":"

Parameters used to automatically set up EBS volumes when the instance is launched.

", + "locationName":"ebs" + }, + "NoDevice":{ + "shape":"String", + "documentation":"

Suppresses the specified device included in the block device mapping.

", + "locationName":"noDevice" + } + }, + "documentation":"

Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.

" + }, + "BlockDeviceMappingResponseList":{ + "type":"list", + "member":{ + "shape":"BlockDeviceMappingResponse", + "locationName":"item" + } + }, "BlockPublicAccessMode":{ "type":"string", "enum":[ @@ -10073,8 +10838,10 @@ "uefi-preferred" ] }, + "BoxedBoolean":{"type":"boolean"}, "BoxedDouble":{"type":"double"}, "BoxedInteger":{"type":"integer"}, + "BoxedLong":{"type":"long"}, "BundleId":{"type":"string"}, "BundleIdStringList":{ "type":"list", @@ -10743,6 +11510,62 @@ "locationName":"item" } }, + "CapacityBlock":{ + "type":"structure", + "members":{ + "CapacityBlockId":{ + "shape":"CapacityBlockId", + "documentation":"

The ID of the Capacity Block.

", + "locationName":"capacityBlockId" + }, + "UltraserverType":{ + "shape":"String", + "documentation":"

The EC2 UltraServer type of the Capacity Block.

", + "locationName":"ultraserverType" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"

The Availability Zone of the Capacity Block.

", + "locationName":"availabilityZone" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The Availability Zone ID of the Capacity Block.

", + "locationName":"availabilityZoneId" + }, + "CapacityReservationIds":{ + "shape":"CapacityReservationIdSet", + "documentation":"

The ID of the Capacity Reservation.

", + "locationName":"capacityReservationIdSet" + }, + "StartDate":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time at which the Capacity Block was started.

", + "locationName":"startDate" + }, + "EndDate":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time at which the Capacity Block expires. When a Capacity Block expires, all instances in the Capacity Block are terminated.

", + "locationName":"endDate" + }, + "CreateDate":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time at which the Capacity Block was created.

", + "locationName":"createDate" + }, + "State":{ + "shape":"CapacityBlockResourceState", + "documentation":"

The state of the Capacity Block.

", + "locationName":"state" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags assigned to the Capacity Block.

", + "locationName":"tagSet" + } + }, + "documentation":"

Reserve powerful GPU instances on a future date to support your short duration machine learning (ML) workloads. Instances that run inside a Capacity Block are automatically placed close together inside Amazon EC2 UltraClusters, for low-latency, petabit-scale, non-blocking networking.

You can also reserve Amazon EC2 UltraServers. UltraServers connect multiple EC2 instances using a low-latency, high-bandwidth accelerator interconnect (NeuronLink). They are built to tackle very large-scale AI/ML workloads that require significant processing power. For more information, see Amazon EC2 UltraServers.

" + }, "CapacityBlockExtension":{ "type":"structure", "members":{ @@ -10902,6 +11725,22 @@ "payment-succeeded" ] }, + "CapacityBlockId":{"type":"string"}, + "CapacityBlockIds":{ + "type":"list", + "member":{ + "shape":"CapacityBlockId", + "locationName":"item" + } + }, + "CapacityBlockInterconnectStatus":{ + "type":"string", + "enum":[ + "ok", + "impaired", + "insufficient-data" + ] + }, "CapacityBlockOffering":{ "type":"structure", "members":{ @@ -10955,6 +11794,16 @@ "documentation":"

The tenancy of the Capacity Block.

", "locationName":"tenancy" }, + "UltraserverType":{ + "shape":"String", + "documentation":"

The EC2 UltraServer type of the Capacity Block offering.

", + "locationName":"ultraserverType" + }, + "UltraserverCount":{ + "shape":"BoxedInteger", + "documentation":"

The number of EC2 UltraServers in the offering.

", + "locationName":"ultraserverCount" + }, "CapacityBlockDurationMinutes":{ "shape":"Integer", "documentation":"

The number of minutes (in addition to capacityBlockDurationHours) for the duration of the Capacity Block reservation. For example, if a Capacity Block starts at 08:55 and ends at 11:30, the minutes field would be 35.

", @@ -10970,6 +11819,271 @@ "locationName":"item" } }, + "CapacityBlockResourceState":{ + "type":"string", + "enum":[ + "active", + "expired", + "unavailable", + "cancelled", + "failed", + "scheduled", + "payment-pending", + "payment-failed" + ] + }, + "CapacityBlockSet":{ + "type":"list", + "member":{ + "shape":"CapacityBlock", + "locationName":"item" + } + }, + "CapacityBlockStatus":{ + "type":"structure", + "members":{ + "CapacityBlockId":{ + "shape":"CapacityBlockId", + "documentation":"

The ID of the Capacity Block.

", + "locationName":"capacityBlockId" + }, + "InterconnectStatus":{ + "shape":"CapacityBlockInterconnectStatus", + "documentation":"

The status of the high-bandwidth accelerator interconnect. Possible states include:

  • ok the accelerator interconnect is healthy.

  • impaired - accelerator interconnect communication is impaired.

  • insufficient-data - insufficient data to determine accelerator interconnect status.

", + "locationName":"interconnectStatus" + }, + "TotalCapacity":{ + "shape":"Integer", + "documentation":"

The combined amount of Available and Unavailable capacity in the Capacity Block.

", + "locationName":"totalCapacity" + }, + "TotalAvailableCapacity":{ + "shape":"Integer", + "documentation":"

The remaining capacity. Indicates the number of resources that can be launched into the Capacity Block.

", + "locationName":"totalAvailableCapacity" + }, + "TotalUnavailableCapacity":{ + "shape":"Integer", + "documentation":"

The unavailable capacity. Indicates the instance capacity that is unavailable for use due to a system status check failure.

", + "locationName":"totalUnavailableCapacity" + }, + "CapacityReservationStatuses":{ + "shape":"CapacityReservationStatusSet", + "documentation":"

The availability of capacity for the Capacity Block reservations.

", + "locationName":"capacityReservationStatusSet" + } + }, + "documentation":"

Describes the availability of capacity for a Capacity Block.

" + }, + "CapacityBlockStatusSet":{ + "type":"list", + "member":{ + "shape":"CapacityBlockStatus", + "locationName":"item" + } + }, + "CapacityManagerCondition":{ + "type":"structure", + "members":{ + "DimensionCondition":{ + "shape":"DimensionCondition", + "documentation":"

The dimension-based condition that specifies how to filter the data based on dimension values.

" + } + }, + "documentation":"

Represents a filter condition for Capacity Manager queries. Contains dimension-based filtering criteria used to narrow down metric data and dimension results.

" + }, + "CapacityManagerConditionSet":{ + "type":"list", + "member":{ + "shape":"CapacityManagerCondition", + "locationName":"item" + }, + "max":20, + "min":0 + }, + "CapacityManagerDataExportId":{"type":"string"}, + "CapacityManagerDataExportIdSet":{ + "type":"list", + "member":{ + "shape":"CapacityManagerDataExportId", + "locationName":"item" + } + }, + "CapacityManagerDataExportResponse":{ + "type":"structure", + "members":{ + "CapacityManagerDataExportId":{ + "shape":"CapacityManagerDataExportId", + "documentation":"

The unique identifier for the data export configuration.

", + "locationName":"capacityManagerDataExportId" + }, + "S3BucketName":{ + "shape":"String", + "documentation":"

The name of the S3 bucket where export files are delivered.

", + "locationName":"s3BucketName" + }, + "S3BucketPrefix":{ + "shape":"String", + "documentation":"

The S3 key prefix used for organizing export files within the bucket.

", + "locationName":"s3BucketPrefix" + }, + "Schedule":{ + "shape":"Schedule", + "documentation":"

The frequency at which data exports are generated.

", + "locationName":"schedule" + }, + "OutputFormat":{ + "shape":"OutputFormat", + "documentation":"

The file format of the exported data.

", + "locationName":"outputFormat" + }, + "CreateTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp when the data export configuration was created.

", + "locationName":"createTime" + }, + "LatestDeliveryStatus":{ + "shape":"CapacityManagerDataExportStatus", + "documentation":"

The status of the most recent export delivery.

", + "locationName":"latestDeliveryStatus" + }, + "LatestDeliveryStatusMessage":{ + "shape":"String", + "documentation":"

A message describing the status of the most recent export delivery, including any error details if the delivery failed.

", + "locationName":"latestDeliveryStatusMessage" + }, + "LatestDeliveryS3LocationUri":{ + "shape":"String", + "documentation":"

The S3 URI of the most recently delivered export file.

", + "locationName":"latestDeliveryS3LocationUri" + }, + "LatestDeliveryTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp when the most recent export was delivered to S3.

", + "locationName":"latestDeliveryTime" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags associated with the data export configuration.

", + "locationName":"tagSet" + } + }, + "documentation":"

Contains information about a Capacity Manager data export configuration, including export settings, delivery status, and recent export activity.

" + }, + "CapacityManagerDataExportResponseSet":{ + "type":"list", + "member":{ + "shape":"CapacityManagerDataExportResponse", + "locationName":"item" + } + }, + "CapacityManagerDataExportStatus":{ + "type":"string", + "enum":[ + "pending", + "in-progress", + "delivered", + "failed" + ] + }, + "CapacityManagerDimension":{ + "type":"structure", + "members":{ + "ResourceRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the capacity resource is located.

", + "locationName":"resourceRegion" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The unique identifier of the Availability Zone where the capacity resource is located.

", + "locationName":"availabilityZoneId" + }, + "AccountId":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID that owns the capacity resource.

", + "locationName":"accountId" + }, + "InstanceFamily":{ + "shape":"String", + "documentation":"

The EC2 instance family of the capacity resource.

", + "locationName":"instanceFamily" + }, + "InstanceType":{ + "shape":"String", + "documentation":"

The specific EC2 instance type of the capacity resource.

", + "locationName":"instanceType" + }, + "InstancePlatform":{ + "shape":"String", + "documentation":"

The platform or operating system of the instance.

", + "locationName":"instancePlatform" + }, + "ReservationArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the capacity reservation. This provides a unique identifier that can be used across Amazon Web Services services to reference the specific reservation.

", + "locationName":"reservationArn" + }, + "ReservationId":{ + "shape":"String", + "documentation":"

The unique identifier of the capacity reservation.

", + "locationName":"reservationId" + }, + "ReservationType":{ + "shape":"ReservationType", + "documentation":"

The type of capacity reservation.

", + "locationName":"reservationType" + }, + "ReservationCreateTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp when the capacity reservation was originally created, in milliseconds since epoch. This differs from the start timestamp as reservations can be created before they become active.

", + "locationName":"reservationCreateTimestamp" + }, + "ReservationStartTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp when the capacity reservation becomes active and available for use, in milliseconds since epoch. This is when the reservation begins providing capacity.

", + "locationName":"reservationStartTimestamp" + }, + "ReservationEndTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp when the capacity reservation expires and is no longer available, in milliseconds since epoch. After this time, the reservation will not provide any capacity.

", + "locationName":"reservationEndTimestamp" + }, + "ReservationEndDateType":{ + "shape":"ReservationEndDateType", + "documentation":"

The type of end date for the capacity reservation. This indicates whether the reservation has a fixed end date, is open-ended, or follows a specific termination pattern.

", + "locationName":"reservationEndDateType" + }, + "Tenancy":{ + "shape":"CapacityTenancy", + "documentation":"

The tenancy of the EC2 instances associated with this capacity dimension. Valid values are 'default' for shared tenancy, 'dedicated' for dedicated instances, or 'host' for dedicated hosts.

", + "locationName":"tenancy" + }, + "ReservationState":{ + "shape":"ReservationState", + "documentation":"

The current state of the capacity reservation.

", + "locationName":"reservationState" + }, + "ReservationInstanceMatchCriteria":{ + "shape":"String", + "documentation":"

The instance matching criteria for the capacity reservation, determining how instances are matched to the reservation.

", + "locationName":"reservationInstanceMatchCriteria" + }, + "ReservationUnusedFinancialOwner":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID that is financially responsible for unused capacity reservation costs.

", + "locationName":"reservationUnusedFinancialOwner" + } + }, + "documentation":"

Represents dimension values for capacity metrics, including resource identifiers, geographic information, and reservation details used for grouping and filtering capacity data.

" + }, + "CapacityManagerStatus":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, "CapacityReservation":{ "type":"structure", "members":{ @@ -10990,7 +12104,7 @@ }, "AvailabilityZoneId":{ "shape":"String", - "documentation":"

The Availability Zone ID of the Capacity Reservation.

", + "documentation":"

The ID of the Availability Zone in which the capacity is reserved.

", "locationName":"availabilityZoneId" }, "InstanceType":{ @@ -11035,17 +12149,17 @@ }, "State":{ "shape":"CapacityReservationState", - "documentation":"

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The capacity is available for use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was canceled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request can fail due to request parameters that are not valid, capacity constraints, or instance limit constraints. You can view a failed request for 60 minutes.

  • scheduled - (Future-dated Capacity Reservations only) The future-dated Capacity Reservation request was approved and the Capacity Reservation is scheduled for delivery on the requested start date.

  • assessing - (Future-dated Capacity Reservations only) Amazon EC2 is assessing your request for a future-dated Capacity Reservation.

  • delayed - (Future-dated Capacity Reservations only) Amazon EC2 encountered a delay in provisioning the requested future-dated Capacity Reservation. Amazon EC2 is unable to deliver the requested capacity by the requested start date and time.

  • unsupported - (Future-dated Capacity Reservations only) Amazon EC2 can't support the future-dated Capacity Reservation request due to capacity constraints. You can view unsupported requests for 30 days. The Capacity Reservation will not be delivered.

", + "documentation":"

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The capacity is available for use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was canceled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request can fail due to request parameters that are not valid, capacity constraints, or instance limit constraints. You can view a failed request for 60 minutes.

  • scheduled - (Future-dated Capacity Reservations) The future-dated Capacity Reservation request was approved and the Capacity Reservation is scheduled for delivery on the requested start date.

  • payment-pending - (Capacity Blocks) The upfront payment has not been processed yet.

  • payment-failed - (Capacity Blocks) The upfront payment was not processed in the 12-hour time frame. Your Capacity Block was released.

  • assessing - (Future-dated Capacity Reservations) Amazon EC2 is assessing your request for a future-dated Capacity Reservation.

  • delayed - (Future-dated Capacity Reservations) Amazon EC2 encountered a delay in provisioning the requested future-dated Capacity Reservation. Amazon EC2 is unable to deliver the requested capacity by the requested start date and time.

  • unsupported - (Future-dated Capacity Reservations) Amazon EC2 can't support the future-dated Capacity Reservation request due to capacity constraints. You can view unsupported requests for 30 days. The Capacity Reservation will not be delivered.

", "locationName":"state" }, "StartDate":{ "shape":"MillisecondDateTime", - "documentation":"

The date and time at which the Capacity Reservation was started.

", + "documentation":"

The date and time the Capacity Reservation was started.

", "locationName":"startDate" }, "EndDate":{ "shape":"DateTime", - "documentation":"

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.

", + "documentation":"

The date and time the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.

", "locationName":"endDate" }, "EndDateType":{ @@ -11060,7 +12174,7 @@ }, "CreateDate":{ "shape":"DateTime", - "documentation":"

The date and time at which the Capacity Reservation was created.

", + "documentation":"

The date and time the Capacity Reservation was created.

", "locationName":"createDate" }, "Tags":{ @@ -11107,6 +12221,11 @@ "shape":"CapacityReservationDeliveryPreference", "documentation":"

The delivery method for a future-dated Capacity Reservation. incremental indicates that the requested capacity is delivered in addition to any running instances and reserved capacity that you have in your account at the requested date and time.

", "locationName":"deliveryPreference" + }, + "CapacityBlockId":{ + "shape":"CapacityBlockId", + "documentation":"

The ID of the Capacity Block.

", + "locationName":"capacityBlockId" } }, "documentation":"

Describes a Capacity Reservation.

" @@ -11369,6 +12488,11 @@ "shape":"CapacityReservationTenancy", "documentation":"

The tenancy of the Capacity Reservation.

", "locationName":"tenancy" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Information about a Capacity Reservation.

" @@ -11475,9 +12599,43 @@ "payment-failed", "assessing", "delayed", - "unsupported" + "unsupported", + "unavailable" ] }, + "CapacityReservationStatus":{ + "type":"structure", + "members":{ + "CapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"

The ID of the Capacity Reservation.

", + "locationName":"capacityReservationId" + }, + "TotalCapacity":{ + "shape":"Integer", + "documentation":"

The combined amount of Available and Unavailable capacity in the Capacity Reservation.

", + "locationName":"totalCapacity" + }, + "TotalAvailableCapacity":{ + "shape":"Integer", + "documentation":"

The remaining capacity. Indicates the amount of resources that can be launched into the Capacity Reservation.

", + "locationName":"totalAvailableCapacity" + }, + "TotalUnavailableCapacity":{ + "shape":"Integer", + "documentation":"

The used capacity. Indicates that the capacity is in use by resources that are running in the Capacity Reservation.

", + "locationName":"totalUnavailableCapacity" + } + }, + "documentation":"

Describes the availability of capacity for a Capacity Reservation.

" + }, + "CapacityReservationStatusSet":{ + "type":"list", + "member":{ + "shape":"CapacityReservationStatus", + "locationName":"item" + } + }, "CapacityReservationTarget":{ "type":"structure", "members":{ @@ -11515,6 +12673,59 @@ "dedicated" ] }, + "CapacityReservationTopology":{ + "type":"structure", + "members":{ + "CapacityReservationId":{ + "shape":"String", + "documentation":"

The ID of the Capacity Reservation.

", + "locationName":"capacityReservationId" + }, + "CapacityBlockId":{ + "shape":"String", + "documentation":"

The ID of the Capacity Block. This parameter is only supported for UltraServer instances and identifies instances within the UltraServer domain.

", + "locationName":"capacityBlockId" + }, + "State":{ + "shape":"String", + "documentation":"

The current state of the Capacity Reservation. For the list of possible states, see DescribeCapacityReservations.

", + "locationName":"state" + }, + "InstanceType":{ + "shape":"String", + "documentation":"

The instance type.

", + "locationName":"instanceType" + }, + "GroupName":{ + "shape":"String", + "documentation":"

The name of the placement group that the Capacity Reservation is in.

", + "locationName":"groupName" + }, + "NetworkNodes":{ + "shape":"NetworkNodeSet", + "documentation":"

The network nodes. The nodes are hashed based on your account. Capacity Reservations from different accounts running under the same server will return a different hashed list of strings.

The value is null or empty if:

  • The instance type is not supported.

  • The Capacity Reservation is in a state other than active or pending.

", + "locationName":"networkNodeSet" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone or Local Zone that the Capacity Reservation is in.

", + "locationName":"availabilityZoneId" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"

The name of the Availability Zone or Local Zone that the Capacity Reservation is in.

", + "locationName":"availabilityZone" + } + }, + "documentation":"

Information about the Capacity Reservation topology.

" + }, + "CapacityReservationTopologySet":{ + "type":"list", + "member":{ + "shape":"CapacityReservationTopology", + "locationName":"item" + } + }, "CapacityReservationType":{ "type":"string", "enum":[ @@ -11522,6 +12733,13 @@ "capacity-block" ] }, + "CapacityTenancy":{ + "type":"string", + "enum":[ + "default", + "dedicated" + ] + }, "CarrierGateway":{ "type":"structure", "members":{ @@ -11835,6 +13053,27 @@ }, "documentation":"

Current state of options for customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

" }, + "ClientRouteEnforcementOptions":{ + "type":"structure", + "members":{ + "Enforced":{ + "shape":"Boolean", + "documentation":"

Enable or disable Client Route Enforcement. The state can either be true (enabled) or false (disabled). The default is false.

Valid values: true | false

Default value: false

" + } + }, + "documentation":"

Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Client Route Enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

" + }, + "ClientRouteEnforcementResponseOptions":{ + "type":"structure", + "members":{ + "Enforced":{ + "shape":"Boolean", + "documentation":"

Status of the client route enforcement feature, indicating whether Client Route Enforcement is true (enabled) or false (disabled).

Valid values: true | false

Default value: false

", + "locationName":"enforced" + } + }, + "documentation":"

The current status of Client Route Enforcement.

" + }, "ClientSecretType":{ "type":"string", "sensitive":true @@ -11984,6 +13223,11 @@ "documentation":"

The IP address of the client.

", "locationName":"clientIp" }, + "ClientIpv6Address":{ + "shape":"String", + "documentation":"

The IPv6 address assigned to the client connection when using a dual-stack Client VPN endpoint. This field is only populated when the endpoint is configured for dual-stack addressing, and the client is using IPv6 for connectivity.

", + "locationName":"clientIpv6Address" + }, "CommonName":{ "shape":"String", "documentation":"

The common name associated with the client. This is either the name of the client certificate, or the Active Directory user name.

", @@ -12159,10 +13403,25 @@ "documentation":"

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

", "locationName":"clientLoginBannerOptions" }, + "ClientRouteEnforcementOptions":{ + "shape":"ClientRouteEnforcementResponseOptions", + "documentation":"

Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

", + "locationName":"clientRouteEnforcementOptions" + }, "DisconnectOnSessionTimeout":{ "shape":"Boolean", - "documentation":"

Indicates whether the client VPN session is disconnected after the maximum sessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.

", + "documentation":"

Indicates whether the client VPN session is disconnected after the maximum sessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is true.

", "locationName":"disconnectOnSessionTimeout" + }, + "EndpointIpAddressType":{ + "shape":"EndpointIpAddressType", + "documentation":"

The IP address type of the Client VPN endpoint. Possible values are ipv4 for IPv4 addressing only, ipv6 for IPv6 addressing only, or dual-stack for both IPv4 and IPv6 addressing.

", + "locationName":"endpointIpAddressType" + }, + "TrafficIpAddressType":{ + "shape":"TrafficIpAddressType", + "documentation":"

The IP address type of the Client VPN endpoint. Possible values are either ipv4 for IPv4 addressing only, ipv6 for IPv6 addressing only, or dual-stack for both IPv4 and IPv6 addressing.

", + "locationName":"trafficIpAddressType" } }, "documentation":"

Describes a Client VPN endpoint.

" @@ -12448,6 +13707,13 @@ "locationName":"item" } }, + "Comparison":{ + "type":"string", + "enum":[ + "equals", + "in" + ] + }, "ComponentAccount":{ "type":"string", "pattern":"\\d{12}" @@ -12456,6 +13722,15 @@ "type":"string", "pattern":"[a-z]{2}-[a-z]+-[1-9]+" }, + "ConditionValueList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + }, + "max":10, + "min":0 + }, "ConfirmProductInstanceRequest":{ "type":"structure", "required":[ @@ -12810,15 +14085,16 @@ "members":{ "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.

" + "documentation":"

Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in Amazon EC2 API requests in the Amazon EC2 API Reference.

", + "idempotencyToken":true }, "Description":{ "shape":"String", - "documentation":"

A description for the new AMI in the destination Region.

" + "documentation":"

A description for the new AMI.

" }, "Encrypted":{ "shape":"Boolean", - "documentation":"

Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Use encryption with EBS-backed AMIs in the Amazon EC2 User Guide.

", + "documentation":"

Specifies whether to encrypt the snapshots of the copied image.

You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Use encryption with EBS-backed AMIs in the Amazon EC2 User Guide.

", "locationName":"encrypted" }, "KmsKeyId":{ @@ -12828,7 +14104,7 @@ }, "Name":{ "shape":"String", - "documentation":"

The name of the new AMI in the destination Region.

" + "documentation":"

The name of the new AMI.

" }, "SourceImageId":{ "shape":"String", @@ -12840,17 +14116,29 @@ }, "DestinationOutpostArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy AMIs from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide.

" + "documentation":"

The Amazon Resource Name (ARN) of the Outpost for the new AMI.

Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy AMIs from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide.

Only one of DestinationAvailabilityZone, DestinationAvailabilityZoneId, or DestinationOutpostArn can be specified.

" }, "CopyImageTags":{ "shape":"Boolean", - "documentation":"

Indicates whether to include your user-defined AMI tags when copying the AMI.

The following tags will not be copied:

  • System tags (prefixed with aws:)

  • For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts

Default: Your user-defined AMI tags are not copied.

" + "documentation":"

Specifies whether to copy your user-defined AMI tags to the new AMI.

The following tags are not be copied:

  • System tags (prefixed with aws:)

  • For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services accounts

Default: Your user-defined AMI tags are not copied.

" }, "TagSpecifications":{ "shape":"TagSpecificationList", "documentation":"

The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or both.

  • To tag the new AMI, the value for ResourceType must be image.

  • To tag the new snapshots, the value for ResourceType must be snapshot. The same tag is applied to all the new snapshots.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

", "locationName":"TagSpecification" }, + "SnapshotCopyCompletionDurationMinutes":{ + "shape":"Long", + "documentation":"

Specify a completion duration, in 15 minute increments, to initiate a time-based AMI copy. The specified completion duration applies to each of the snapshots associated with the AMI. Each snapshot associated with the AMI will be completed within the specified completion duration, with copy throughput automatically adjusted for each snapshot based on its size to meet the timing target.

If you do not specify a value, the AMI copy operation is completed on a best-effort basis.

This parameter is not supported when copying an AMI to or from a Local Zone, or to an Outpost.

For more information, see Time-based copies for Amazon EBS snapshots and EBS-backed AMIs.

" + }, + "DestinationAvailabilityZone":{ + "shape":"String", + "documentation":"

The Local Zone for the new AMI (for example, cn-north-1-pkx-1a).

Only one of DestinationAvailabilityZone, DestinationAvailabilityZoneId, or DestinationOutpostArn can be specified.

" + }, + "DestinationAvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Local Zone for the new AMI (for example, cnn1-pkx1-az1).

Only one of DestinationAvailabilityZone, DestinationAvailabilityZoneId, or DestinationOutpostArn can be specified.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -12883,7 +14171,7 @@ }, "DestinationOutpostArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide.

" + "documentation":"

The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot.

Only supported when copying a snapshot to an Outpost.

For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon EBS User Guide.

" }, "DestinationRegion":{ "shape":"String", @@ -12892,7 +14180,7 @@ }, "Encrypted":{ "shape":"Boolean", - "documentation":"

To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

", + "documentation":"

To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Copies of encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

", "locationName":"encrypted" }, "KmsKeyId":{ @@ -12920,7 +14208,11 @@ }, "CompletionDurationMinutes":{ "shape":"SnapshotCompletionDurationMinutesRequest", - "documentation":"

Specify a completion duration, in 15 minute increments, to initiate a time-based snapshot copy. Time-based snapshot copy operations complete within the specified duration. For more information, see Time-based copies.

If you do not specify a value, the snapshot copy operation is completed on a best-effort basis.

" + "documentation":"

Not supported when copying snapshots to or from Local Zones or Outposts.

Specify a completion duration, in 15 minute increments, to initiate a time-based snapshot copy. Time-based snapshot copy operations complete within the specified duration. For more information, see Time-based copies.

If you do not specify a value, the snapshot copy operation is completed on a best-effort basis.

" + }, + "DestinationAvailabilityZone":{ + "shape":"String", + "documentation":"

The Local Zone, for example, cn-north-1-pkx-1a to which to copy the snapshot.

Only supported when copying a snapshot to a Local Zone.

" }, "DryRun":{ "shape":"Boolean", @@ -12952,6 +14244,60 @@ "type":"string", "enum":["volume"] }, + "CopyVolumesRequest":{ + "type":"structure", + "required":["SourceVolumeId"], + "members":{ + "SourceVolumeId":{ + "shape":"VolumeId", + "documentation":"

The ID of the source EBS volume to copy.

" + }, + "Iops":{ + "shape":"Integer", + "documentation":"

The number of I/O operations per second (IOPS) to provision for the volume copy. Required for io1 and io2 volumes. Optional for gp3 volumes. Omit for all other volume types. Full provisioned IOPS performance can be achieved only once the volume copy is fully initialized.

Valid ranges:

  • gp3: 3,000 (default) - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

Instances built on the Nitro System can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.

" + }, + "Size":{ + "shape":"Integer", + "documentation":"

The size of the volume copy, in GiBs. The size must be equal to or greater than the size of the source volume. If not specified, the size defaults to the size of the source volume.

Maximum supported sizes:

  • gp2: 16,384 GiB

  • gp3: 65,536 GiB

  • io1: 16,384 GiB

  • io2: 65,536 GiB

  • st1 and sc1: 16,384 GiB

  • standard: 1024 GiB

" + }, + "VolumeType":{ + "shape":"VolumeType", + "documentation":"

The volume type for the volume copy. If not specified, the volume type defaults to gp2.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the volume copy during creation.

", + "locationName":"TagSpecification" + }, + "MultiAttachEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether to enable Amazon EBS Multi-Attach for the volume copy. If you enable Multi-Attach, you can attach the volume to up to 16 Nitro instances in the same Availability Zone simultaneously. Supported with io1 and io2 volumes only. For more information, see Amazon EBS Multi-Attach.

" + }, + "Throughput":{ + "shape":"Integer", + "documentation":"

The throughput to provision for the volume copy, in MiB/s. Supported for gp3 volumes only. Omit for all other volume types. Full provisioned throughput performance can be achieved only once the volume copy is fully initialized.

Valid Range: 125 - 2000 MiB/s

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.

", + "idempotencyToken":true + } + } + }, + "CopyVolumesResult":{ + "type":"structure", + "members":{ + "Volumes":{ + "shape":"VolumeList", + "documentation":"

Information about the volume copy.

", + "locationName":"volumeSet" + } + } + }, "CoreCount":{"type":"integer"}, "CoreCountList":{ "type":"list", @@ -13039,6 +14385,56 @@ }, "documentation":"

The CPU performance to consider, using an instance family as the baseline reference.

" }, + "CreateCapacityManagerDataExportRequest":{ + "type":"structure", + "required":[ + "S3BucketName", + "Schedule", + "OutputFormat" + ], + "members":{ + "S3BucketName":{ + "shape":"String", + "documentation":"

The name of the S3 bucket where the capacity data export files will be delivered. The bucket must exist and you must have write permissions to it.

" + }, + "S3BucketPrefix":{ + "shape":"String", + "documentation":"

The S3 key prefix for the exported data files. This allows you to organize exports in a specific folder structure within your bucket. If not specified, files are placed at the bucket root.

" + }, + "Schedule":{ + "shape":"Schedule", + "documentation":"

The frequency at which data exports are generated.

" + }, + "OutputFormat":{ + "shape":"OutputFormat", + "documentation":"

The file format for the exported data. Parquet format is recommended for large datasets and better compression.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.

", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the data export configuration. You can tag the export for organization and cost tracking purposes.

", + "locationName":"TagSpecification" + } + } + }, + "CreateCapacityManagerDataExportResult":{ + "type":"structure", + "members":{ + "CapacityManagerDataExportId":{ + "shape":"CapacityManagerDataExportId", + "documentation":"

The unique identifier for the created data export configuration. Use this ID to reference the export in other API calls.

", + "locationName":"capacityManagerDataExportId" + } + } + }, "CreateCapacityReservationBySplittingRequest":{ "type":"structure", "required":[ @@ -13212,7 +14608,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"

The instance type for which to reserve capacity.

You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only.

For more information, see Instance types in the Amazon EC2 User Guide.

" + "documentation":"

The instance type for which to reserve capacity.

You can request future-dated Capacity Reservations for instance types in the C, M, R, I, T, and G instance families only.

For more information, see Instance types in the Amazon EC2 User Guide.

" }, "InstancePlatform":{ "shape":"CapacityReservationInstancePlatform", @@ -13232,7 +14628,7 @@ }, "InstanceCount":{ "shape":"Integer", - "documentation":"

The number of instances for which to reserve capacity.

You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for m5.xlarge instances, you must request at least 25 instances (25 * m5.xlarge = 100 vCPUs).

Valid range: 1 - 1000

" + "documentation":"

The number of instances for which to reserve capacity.

You can request future-dated Capacity Reservations for an instance count with a minimum of 64 vCPUs. For example, if you request a future-dated Capacity Reservation for m5.xlarge instances, you must request at least 25 instances (16 * m5.xlarge = 64 vCPUs).

Valid range: 1 - 1000

" }, "EbsOptimized":{ "shape":"Boolean", @@ -13331,7 +14727,6 @@ "CreateClientVpnEndpointRequest":{ "type":"structure", "required":[ - "ClientCidrBlock", "ServerCertificateArn", "AuthenticationOptions", "ConnectionLogOptions" @@ -13413,9 +14808,21 @@ "shape":"ClientLoginBannerOptions", "documentation":"

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

" }, + "ClientRouteEnforcementOptions":{ + "shape":"ClientRouteEnforcementOptions", + "documentation":"

Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

" + }, "DisconnectOnSessionTimeout":{ "shape":"Boolean", - "documentation":"

Indicates whether the client VPN session is disconnected after the maximum timeout specified in SessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.

" + "documentation":"

Indicates whether the client VPN session is disconnected after the maximum timeout specified in SessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is true.

" + }, + "EndpointIpAddressType":{ + "shape":"EndpointIpAddressType", + "documentation":"

The IP address type for the Client VPN endpoint. Valid values are ipv4 (default) for IPv4 addressing only, ipv6 for IPv6 addressing only, or dual-stack for both IPv4 and IPv6 addressing. When set to dual-stack, clients can connect to the endpoint using either IPv4 or IPv6 addresses..

" + }, + "TrafficIpAddressType":{ + "shape":"TrafficIpAddressType", + "documentation":"

The IP address type for traffic within the Client VPN tunnel. Valid values are ipv4 (default) for IPv4 traffic only, ipv6 for IPv6 addressing only, or dual-stack for both IPv4 and IPv6 traffic. When set to dual-stack, clients can access both IPv4 and IPv6 resources through the VPN .

" } } }, @@ -13575,7 +14982,7 @@ }, "IpAddress":{ "shape":"String", - "documentation":"

IPv4 address for the customer gateway device's outside interface. The address must be static. If OutsideIpAddressType in your VPN connection options is set to PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If OutsideIpAddressType is set to PublicIpv4, you can use a public IPv4 address.

" + "documentation":"

The IP address for the customer gateway device's outside interface. The address must be static. If OutsideIpAddressType in your VPN connection options is set to PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If OutsideIpAddressType is set to Ipv6, you can use an IPv6 address.

" }, "BgpAsnExtended":{ "shape":"Long", @@ -13602,11 +15009,10 @@ }, "CreateDefaultSubnetRequest":{ "type":"structure", - "required":["AvailabilityZone"], "members":{ "AvailabilityZone":{ "shape":"AvailabilityZoneName", - "documentation":"

The Availability Zone in which to create the default subnet.

" + "documentation":"

The Availability Zone in which to create the default subnet.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

" }, "DryRun":{ "shape":"Boolean", @@ -13615,6 +15021,10 @@ "Ipv6Native":{ "shape":"Boolean", "documentation":"

Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.

" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

" } } }, @@ -13647,6 +15057,47 @@ } } }, + "CreateDelegateMacVolumeOwnershipTaskRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "MacCredentials" + ], + "members":{ + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The ID of the Amazon EC2 Mac instance.

" + }, + "MacCredentials":{ + "shape":"SensitiveMacCredentials", + "documentation":"

Specifies the following credentials:

  • Internal disk administrative user

    • Username - Only the default administrative user (aws-managed-user) is supported and it is used by default. You can't specify a different administrative user.

    • Password - If you did not change the default password for aws-managed-user, specify the default password, which is blank. Otherwise, specify your password.

  • Amazon EBS root volume administrative user

    • Username - If you did not change the default administrative user, specify ec2-user. Otherwise, specify the username for your administrative user.

    • Password - Specify the password for the administrative user.

The credentials must be specified in the following JSON format:

{ \"internalDiskPassword\":\"internal-disk-admin_password\", \"rootVolumeUsername\":\"root-volume-admin_username\", \"rootVolumepassword\":\"root-volume-admin_password\" }

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to assign to the volume ownership delegation task.

", + "locationName":"TagSpecification" + } + } + }, + "CreateDelegateMacVolumeOwnershipTaskResult":{ + "type":"structure", + "members":{ + "MacModificationTask":{ + "shape":"MacModificationTask", + "documentation":"

Information about the volume ownership delegation task.

", + "locationName":"macModificationTask" + } + } + }, "CreateDhcpOptionsRequest":{ "type":"structure", "required":["DhcpConfigurations"], @@ -13800,7 +15251,8 @@ }, "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

" + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring idempotency.

", + "idempotencyToken":true }, "SpotOptions":{ "shape":"SpotOptionsRequest", @@ -14022,6 +15474,10 @@ "documentation":"

The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

  • To tag the AMI, the value for ResourceType must be image.

  • To tag the snapshots that are created of the root volume and of other Amazon EBS volumes that are attached to the instance, the value for ResourceType must be snapshot. The same tag is applied to all of the snapshots that are created.

If you specify other values for ResourceType, the request fails.

To tag an AMI or snapshot after it has been created, see CreateTags.

", "locationName":"TagSpecification" }, + "SnapshotLocation":{ + "shape":"SnapshotLocationEnum", + "documentation":"

Only supported for instances in Local Zones. If the source instance is not in a Local Zone, omit this parameter.

The Amazon S3 location where the snapshots will be stored.

  • To create local snapshots in the same Local Zone as the source instance, specify local.

  • To create regional snapshots in the parent Region of the Local Zone, specify regional or omit this parameter.

Default: regional

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -14049,7 +15505,7 @@ }, "BlockDeviceMappings":{ "shape":"BlockDeviceMappingRequestList", - "documentation":"

The block device mappings.

When using the CreateImage action:

  • You can't change the volume size using the VolumeSize parameter. If you want a different volume size, you must first change the volume size of the source instance.

  • You can't modify the encryption status of existing volumes or snapshots. To create an AMI with volumes or snapshots that have a different encryption status (for example, where the source volume and snapshots are unencrypted, and you want to create an AMI with encrypted volumes or snapshots), use the CopyImage action.

  • The only option that can be changed for existing mappings or snapshots is DeleteOnTermination.

", + "documentation":"

The block device mappings.

When using the CreateImage action:

  • You can't change the volume size using the VolumeSize parameter. If you want a different volume size, you must first change the volume size of the source instance.

  • You can't modify the encryption status of existing volumes or snapshots. To create an AMI with volumes or snapshots that have a different encryption status (for example, where the source volume and snapshots are unencrypted, and you want to create an AMI with encrypted volumes or snapshots), copy the image instead.

  • The only option that can be changed for existing mappings or snapshots is DeleteOnTermination.

", "locationName":"blockDeviceMapping" } } @@ -14064,6 +15520,53 @@ } } }, + "CreateImageUsageReportRequest":{ + "type":"structure", + "required":[ + "ImageId", + "ResourceTypes" + ], + "members":{ + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the image to report on.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "ResourceTypes":{ + "shape":"ImageUsageResourceTypeRequestList", + "documentation":"

The resource types to include in the report.

", + "locationName":"ResourceType" + }, + "AccountIds":{ + "shape":"ImageUsageReportUserIdStringList", + "documentation":"

The Amazon Web Services account IDs to include in the report. To include all accounts, omit this parameter.

", + "locationName":"AccountId" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure idempotency of the request.

", + "idempotencyToken":true + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the report on creation. The ResourceType must be set to image-usage-report; any other value will cause the report creation to fail.

To tag a report after it has been created, see CreateTags.

", + "locationName":"TagSpecification" + } + } + }, + "CreateImageUsageReportResult":{ + "type":"structure", + "members":{ + "ReportId":{ + "shape":"ImageUsageReportId", + "documentation":"

The ID of the report.

", + "locationName":"reportId" + } + } + }, "CreateInstanceConnectEndpointRequest":{ "type":"structure", "required":["SubnetId"], @@ -14083,7 +15586,7 @@ }, "PreserveClientIp":{ "shape":"Boolean", - "documentation":"

Indicates whether the client IP address is preserved as the source. The following are the possible values.

  • true - Use the client IP address as the source.

  • false - Use the network interface IP address as the source.

Default: false

" + "documentation":"

Indicates whether the client IP address is preserved as the source. The following are the possible values.

  • true - Use the client IP address as the source.

  • false - Use the network interface IP address as the source.

PreserveClientIp is only supported on IPv4 EC2 Instance Connect Endpoints. To use PreserveClientIp, the value for IpAddressType must be ipv4.

Default: false

" }, "ClientToken":{ "shape":"String", @@ -14094,6 +15597,10 @@ "shape":"TagSpecificationList", "documentation":"

The tags to apply to the EC2 Instance Connect Endpoint during creation.

", "locationName":"TagSpecification" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type of the endpoint.

If no value is specified, the default value is determined by the IP address type of the subnet:

  • dualstack - If the subnet has both IPv4 and IPv6 CIDRs

  • ipv4 - If the subnet has only IPv4 CIDRs

  • ipv6 - If the subnet has only IPv6 CIDRs

PreserveClientIp is only supported on IPv4 EC2 Instance Connect Endpoints. To use PreserveClientIp, the value for IpAddressType must be ipv4.

" } } }, @@ -14343,6 +15850,111 @@ } } }, + "CreateIpamPrefixListResolverRequest":{ + "type":"structure", + "required":[ + "IpamId", + "AddressFamily" + ], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamId":{ + "shape":"IpamId", + "documentation":"

The ID of the IPAM that will serve as the source of the IP address database for CIDR selection. The IPAM must be in the Advanced tier to use this feature.

" + }, + "Description":{ + "shape":"String", + "documentation":"

A description for the IPAM prefix list resolver to help you identify its purpose and configuration.

" + }, + "AddressFamily":{ + "shape":"AddressFamily", + "documentation":"

The address family for the IPAM prefix list resolver. Valid values are ipv4 and ipv6. You must create separate resolvers for IPv4 and IPv6 CIDRs as they cannot be mixed in the same resolver.

" + }, + "Rules":{ + "shape":"IpamPrefixListResolverRuleRequestSet", + "documentation":"

The CIDR selection rules for the resolver.

CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.

", + "locationName":"Rule" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the IPAM prefix list resolver during creation. Tags help you organize and manage your Amazon Web Services resources.

", + "locationName":"TagSpecification" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + } + } + }, + "CreateIpamPrefixListResolverResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolver":{ + "shape":"IpamPrefixListResolver", + "documentation":"

Information about the IPAM prefix list resolver that was created.

", + "locationName":"ipamPrefixListResolver" + } + } + }, + "CreateIpamPrefixListResolverTargetRequest":{ + "type":"structure", + "required":[ + "IpamPrefixListResolverId", + "PrefixListId", + "PrefixListRegion", + "TrackLatestVersion" + ], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver that will manage the synchronization of CIDRs to the target prefix list.

" + }, + "PrefixListId":{ + "shape":"String", + "documentation":"

The ID of the managed prefix list that will be synchronized with CIDRs selected by the IPAM prefix list resolver. This prefix list becomes an IPAM managed prefix list.

An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.

" + }, + "PrefixListRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the prefix list is located. This is required when referencing a prefix list in a different Region.

" + }, + "DesiredVersion":{ + "shape":"BoxedLong", + "documentation":"

The specific version of the prefix list to target. If not specified, the resolver will target the latest version.

" + }, + "TrackLatestVersion":{ + "shape":"Boolean", + "documentation":"

Indicates whether the resolver target should automatically track the latest version of the prefix list. When enabled, the target will always synchronize with the most current version of the prefix list.

Choose this for automatic updates when you want your prefix lists to stay current with infrastructure changes without manual intervention.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the IPAM prefix list resolver target during creation. Tags help you organize and manage your Amazon Web Services resources.

", + "locationName":"TagSpecification" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + } + } + }, + "CreateIpamPrefixListResolverTargetResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolverTarget":{ + "shape":"IpamPrefixListResolverTarget", + "documentation":"

Information about the IPAM prefix list resolver target that was created.

", + "locationName":"ipamPrefixListResolverTarget" + } + } + }, "CreateIpamRequest":{ "type":"structure", "members":{ @@ -14376,6 +15988,10 @@ "EnablePrivateGua":{ "shape":"Boolean", "documentation":"

Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.

" + }, + "MeteredAccount":{ + "shape":"IpamMeteredAccount", + "documentation":"

A metered account is an Amazon Web Services account that is charged for active IP addresses managed in IPAM. For more information, see Enable cost distribution in the Amazon VPC IPAM User Guide.

Possible values:

  • ipam-owner (default): The Amazon Web Services account which owns the IPAM is charged for all active IP addresses managed in IPAM.

  • resource-owner: The Amazon Web Services account that owns the IP address is charged for the active IP address.

" } } }, @@ -14452,6 +16068,10 @@ "shape":"String", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

", "idempotencyToken":true + }, + "ExternalAuthorityConfiguration":{ + "shape":"ExternalAuthorityConfiguration", + "documentation":"

The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.

In IPAM, an external authority is a third-party IP address management system that provides CIDR blocks when you provision address space for top-level IPAM pools. This allows you to use your existing IP management system to control which address ranges are allocated to Amazon Web Services while using Amazon VPC IPAM to manage subnets within those ranges.

" } } }, @@ -14506,7 +16126,8 @@ }, "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

" + "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If a client token isn't specified, a randomly generated token is used in the request to ensure idempotency.

For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", + "idempotencyToken":true }, "LaunchTemplateName":{ "shape":"LaunchTemplateName", @@ -14556,7 +16177,8 @@ }, "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

" + "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If a client token isn't specified, a randomly generated token is used in the request to ensure idempotency.

For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", + "idempotencyToken":true }, "LaunchTemplateId":{ "shape":"LaunchTemplateId", @@ -14580,7 +16202,7 @@ }, "ResolveAlias":{ "shape":"Boolean", - "documentation":"

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageID. For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

Default: false

" + "documentation":"

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageID. For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

Default: false

" } } }, @@ -14744,6 +16366,151 @@ } } }, + "CreateLocalGatewayVirtualInterfaceGroupRequest":{ + "type":"structure", + "required":["LocalGatewayId"], + "members":{ + "LocalGatewayId":{ + "shape":"LocalGatewayId", + "documentation":"

The ID of the local gateway.

" + }, + "LocalBgpAsn":{ + "shape":"Integer", + "documentation":"

The Autonomous System Number(ASN) for the local Border Gateway Protocol (BGP).

" + }, + "LocalBgpAsnExtended":{ + "shape":"Long", + "documentation":"

The extended 32-bit ASN for the local BGP configuration.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the local gateway virtual interface group when the resource is being created.

", + "locationName":"TagSpecification" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "CreateLocalGatewayVirtualInterfaceGroupResult":{ + "type":"structure", + "members":{ + "LocalGatewayVirtualInterfaceGroup":{ + "shape":"LocalGatewayVirtualInterfaceGroup", + "documentation":"

Information about the created local gateway virtual interface group.

", + "locationName":"localGatewayVirtualInterfaceGroup" + } + } + }, + "CreateLocalGatewayVirtualInterfaceRequest":{ + "type":"structure", + "required":[ + "LocalGatewayVirtualInterfaceGroupId", + "OutpostLagId", + "Vlan", + "LocalAddress", + "PeerAddress" + ], + "members":{ + "LocalGatewayVirtualInterfaceGroupId":{ + "shape":"LocalGatewayVirtualInterfaceGroupId", + "documentation":"

The ID of the local gateway virtual interface group.

" + }, + "OutpostLagId":{ + "shape":"OutpostLagId", + "documentation":"

References the Link Aggregation Group (LAG) that connects the Outpost to on-premises network devices.

" + }, + "Vlan":{ + "shape":"Integer", + "documentation":"

The virtual local area network (VLAN) used for the local gateway virtual interface.

" + }, + "LocalAddress":{ + "shape":"String", + "documentation":"

The IP address assigned to the local gateway virtual interface on the Outpost side. Only IPv4 is supported.

" + }, + "PeerAddress":{ + "shape":"String", + "documentation":"

The peer IP address for the local gateway virtual interface. Only IPv4 is supported.

" + }, + "PeerBgpAsn":{ + "shape":"Integer", + "documentation":"

The Autonomous System Number (ASN) of the Border Gateway Protocol (BGP) peer.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to a resource when the local gateway virtual interface is being created.

", + "locationName":"TagSpecification" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "PeerBgpAsnExtended":{ + "shape":"Long", + "documentation":"

The extended 32-bit ASN of the BGP peer for use with larger ASN values.

" + } + } + }, + "CreateLocalGatewayVirtualInterfaceResult":{ + "type":"structure", + "members":{ + "LocalGatewayVirtualInterface":{ + "shape":"LocalGatewayVirtualInterface", + "documentation":"

Information about the local gateway virtual interface.

", + "locationName":"localGatewayVirtualInterface" + } + } + }, + "CreateMacSystemIntegrityProtectionModificationTaskRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "MacSystemIntegrityProtectionStatus" + ], + "members":{ + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The ID of the Amazon EC2 Mac instance.

" + }, + "MacCredentials":{ + "shape":"SensitiveMacCredentials", + "documentation":"

[Apple silicon Mac instances only] Specifies the following credentials:

  • Internal disk administrative user

    • Username - Only the default administrative user (aws-managed-user) is supported and it is used by default. You can't specify a different administrative user.

    • Password - If you did not change the default password for aws-managed-user, specify the default password, which is blank. Otherwise, specify your password.

  • Amazon EBS root volume administrative user

    • Username - If you did not change the default administrative user, specify ec2-user. Otherwise, specify the username for your administrative user.

    • Password - Specify the password for the administrative user.

The credentials must be specified in the following JSON format:

{ \"internalDiskPassword\":\"internal-disk-admin_password\", \"rootVolumeUsername\":\"root-volume-admin_username\", \"rootVolumepassword\":\"root-volume-admin_password\" }

" + }, + "MacSystemIntegrityProtectionConfiguration":{ + "shape":"MacSystemIntegrityProtectionConfigurationRequest", + "documentation":"

Specifies the overrides to selectively enable or disable individual SIP settings. The individual settings you specify here override the overall SIP status you specify for MacSystemIntegrityProtectionStatus.

" + }, + "MacSystemIntegrityProtectionStatus":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Specifies the overall SIP status for the instance. To enable all SIP settings, specify enabled. To disable all SIP settings, specify disabled.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

Specifies tags to apply to the SIP modification task.

", + "locationName":"TagSpecification" + } + } + }, + "CreateMacSystemIntegrityProtectionModificationTaskResult":{ + "type":"structure", + "members":{ + "MacModificationTask":{ + "shape":"MacModificationTask", + "documentation":"

Information about the SIP modification task.

", + "locationName":"macModificationTask" + } + } + }, "CreateManagedPrefixListRequest":{ "type":"structure", "required":[ @@ -15180,7 +16947,7 @@ }, "Groups":{ "shape":"SecurityGroupIdStringList", - "documentation":"

The IDs of one or more security groups.

", + "documentation":"

The IDs of the security groups.

", "locationName":"SecurityGroupId" }, "PrivateIpAddresses":{ @@ -15329,6 +17096,10 @@ "DeleteReplacedRootVolume":{ "shape":"Boolean", "documentation":"

Indicates whether to automatically delete the original root volume after the root volume replacement task completes. To delete the original root volume, specify true. If you choose to keep the original root volume after the replacement task completes, you must manually delete it when you no longer need it.

" + }, + "VolumeInitializationRate":{ + "shape":"Long", + "documentation":"

Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the replacement root volume. This is also known as volume initialization. Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.

Omit this parameter if:

  • You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.

    If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.

  • You want to create a volume that is initialized at the default rate.

For more information, see Initialize Amazon EBS volumes in the Amazon EC2 User Guide.

Valid range: 100 - 300 MiB/s

" } } }, @@ -15453,6 +17224,10 @@ "shape":"CoreNetworkArn", "documentation":"

The Amazon Resource Name (ARN) of the core network.

" }, + "OdbNetworkArn":{ + "shape":"OdbNetworkArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -15515,6 +17290,134 @@ } } }, + "CreateRouteServerEndpointRequest":{ + "type":"structure", + "required":[ + "RouteServerId", + "SubnetId" + ], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to create an endpoint.

" + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"

The ID of the subnet in which to create the route server endpoint.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the route server endpoint during creation.

", + "locationName":"TagSpecification" + } + } + }, + "CreateRouteServerEndpointResult":{ + "type":"structure", + "members":{ + "RouteServerEndpoint":{ + "shape":"RouteServerEndpoint", + "documentation":"

Information about the created route server endpoint.

", + "locationName":"routeServerEndpoint" + } + } + }, + "CreateRouteServerPeerRequest":{ + "type":"structure", + "required":[ + "RouteServerEndpointId", + "PeerAddress", + "BgpOptions" + ], + "members":{ + "RouteServerEndpointId":{ + "shape":"RouteServerEndpointId", + "documentation":"

The ID of the route server endpoint for which to create a peer.

" + }, + "PeerAddress":{ + "shape":"String", + "documentation":"

The IPv4 address of the peer device.

" + }, + "BgpOptions":{ + "shape":"RouteServerBgpOptionsRequest", + "documentation":"

The BGP options for the peer, including ASN (Autonomous System Number) and BFD (Bidrectional Forwarding Detection) settings.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the route server peer during creation.

", + "locationName":"TagSpecification" + } + } + }, + "CreateRouteServerPeerResult":{ + "type":"structure", + "members":{ + "RouteServerPeer":{ + "shape":"RouteServerPeer", + "documentation":"

Information about the created route server peer.

", + "locationName":"routeServerPeer" + } + } + }, + "CreateRouteServerRequest":{ + "type":"structure", + "required":["AmazonSideAsn"], + "members":{ + "AmazonSideAsn":{ + "shape":"Long", + "documentation":"

The private Autonomous System Number (ASN) for the Amazon side of the BGP session. Valid values are from 1 to 4294967295. We recommend using a private ASN in the 64512–65534 (16-bit ASN) or 4200000000–4294967294 (32-bit ASN) range.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier to ensure idempotency of the request.

", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "PersistRoutes":{ + "shape":"RouteServerPersistRoutesAction", + "documentation":"

Indicates whether routes should be persisted after all BGP sessions are terminated.

" + }, + "PersistRoutesDuration":{ + "shape":"BoxedLong", + "documentation":"

The number of minutes a route server will wait after BGP is re-established to unpersist the routes in the FIB and RIB. Value must be in the range of 1-5. Required if PersistRoutes is enabled.

If you set the duration to 1 minute, then when your network appliance re-establishes BGP with route server, it has 1 minute to relearn it's adjacent network and advertise those routes to route server before route server resumes normal functionality. In most cases, 1 minute is probably sufficient. If, however, you have concerns that your BGP network may not be capable of fully re-establishing and re-learning everything in 1 minute, you can increase the duration up to 5 minutes.

" + }, + "SnsNotificationsEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether SNS notifications should be enabled for route server events. Enabling SNS notifications persists BGP status changes to an SNS topic provisioned by Amazon Web Services.

" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"

The tags to apply to the route server during creation.

", + "locationName":"TagSpecification" + } + } + }, + "CreateRouteServerResult":{ + "type":"structure", + "members":{ + "RouteServer":{ + "shape":"RouteServer", + "documentation":"

Information about the created route server.

", + "locationName":"routeServer" + } + } + }, "CreateRouteTableRequest":{ "type":"structure", "required":["VpcId"], @@ -15570,7 +17473,7 @@ }, "GroupName":{ "shape":"String", - "documentation":"

The name of the security group.

Constraints: Up to 255 characters in length. Cannot start with sg-.

Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

" + "documentation":"

The name of the security group. Names are case-insensitive and must be unique within the VPC.

Constraints: Up to 255 characters in length. Can't start with sg-.

Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

" }, "VpcId":{ "shape":"VpcId", @@ -15671,7 +17574,7 @@ }, "Location":{ "shape":"SnapshotLocationEnum", - "documentation":"

Only supported for instances in Local Zones. If the source instance is not in a Local Zone, omit this parameter.

  • To create local snapshots in the same Local Zone as the source instance, specify local.

  • To create a regional snapshots in the parent Region of the Local Zone, specify regional or omit this parameter.

Default value: regional

" + "documentation":"

Only supported for instances in Local Zones. If the source instance is not in a Local Zone, omit this parameter.

  • To create local snapshots in the same Local Zone as the source instance, specify local.

  • To create regional snapshots in the parent Region of the Local Zone, specify regional or omit this parameter.

Default value: regional

" } } }, @@ -16670,7 +18573,7 @@ }, "SubnetIds":{ "shape":"CreateVerifiedAccessEndpointSubnetIdList", - "documentation":"

The IDs of the subnets.

", + "documentation":"

The IDs of the subnets. You can specify only one subnet per Availability Zone.

", "locationName":"SubnetId" }, "PortRanges":{ @@ -16731,7 +18634,7 @@ }, "SubnetIds":{ "shape":"CreateVerifiedAccessEndpointSubnetIdList", - "documentation":"

The IDs of the subnets.

", + "documentation":"

The IDs of the subnets. You can specify only one subnet per Availability Zone.

", "locationName":"SubnetId" } }, @@ -17116,11 +19019,14 @@ }, "CreateVolumeRequest":{ "type":"structure", - "required":["AvailabilityZone"], "members":{ "AvailabilityZone":{ "shape":"AvailabilityZoneName", - "documentation":"

The ID of the Availability Zone in which to create the volume. For example, us-east-1a.

" + "documentation":"

The ID of the Availability Zone in which to create the volume. For example, us-east-1a.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone in which to create the volume. For example, use1-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

" }, "Encrypted":{ "shape":"Boolean", @@ -17129,7 +19035,7 @@ }, "Iops":{ "shape":"Integer", - "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 16,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.

" + "documentation":"

The number of I/O operations per second (IOPS) to provision for the volume. Required for io1 and io2 volumes. Optional for gp3 volumes. Omit for all other volume types.

Valid ranges:

  • gp3: 3,000 (default) - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

Instances built on the Nitro System can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.

" }, "KmsKeyId":{ "shape":"KmsKeyId", @@ -17141,7 +19047,7 @@ }, "Size":{ "shape":"Integer", - "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1 - 16,384 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

" + "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size, and you can specify a volume size that is equal to or larger than the snapshot size.

Valid sizes:

  • gp2: 1 - 16,384 GiB

  • gp3: 1 - 65,536 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

" }, "SnapshotId":{ "shape":"SnapshotId", @@ -17162,13 +19068,17 @@ }, "Throughput":{ "shape":"Integer", - "documentation":"

The throughput to provision for a volume, with a maximum of 1,000 MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

" + "documentation":"

The throughput to provision for the volume, in MiB/s. Supported for gp3 volumes only. Omit for all other volume types.

Valid Range: 125 - 2000 MiB/s

" }, "ClientToken":{ "shape":"String", "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency.

", "idempotencyToken":true }, + "VolumeInitializationRate":{ + "shape":"Integer", + "documentation":"

Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as volume initialization. Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.

This parameter is supported only for volumes created from snapshots. Omit this parameter if:

  • You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.

    If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.

  • You want to create a volume that is initialized at the default rate.

For more information, see Initialize Amazon EBS volumes in the Amazon EC2 User Guide.

Valid range: 100 - 300 MiB/s

" + }, "Operator":{ "shape":"OperatorRequest", "documentation":"

Reserved for internal use.

" @@ -17318,7 +19228,7 @@ }, "PrivateDnsEnabled":{ "shape":"Boolean", - "documentation":"

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

Default: true

" + "documentation":"

(Interface endpoint) Indicates whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.

To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to set the VPC attributes.

" }, "TagSpecifications":{ "shape":"TagSpecificationList", @@ -17560,6 +19470,10 @@ "documentation":"

The tags to apply to the VPN connection.

", "locationName":"TagSpecification" }, + "PreSharedKeyStorage":{ + "shape":"String", + "documentation":"

Specifies the storage mode for the pre-shared key (PSK). Valid values are Standard\" (stored in the Site-to-Site VPN service) or SecretsManager (stored in Amazon Web Services Secrets Manager).

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -17642,6 +19556,27 @@ }, "documentation":"

Contains the output of CreateVpnGateway.

" }, + "CreationDateCondition":{ + "type":"structure", + "members":{ + "MaximumDaysSinceCreated":{ + "shape":"MaximumDaysSinceCreatedValue", + "documentation":"

The maximum number of days that have elapsed since the image was created. For example, a value of 300 allows images that were created within the last 300 days.

", + "locationName":"maximumDaysSinceCreated" + } + }, + "documentation":"

The maximum age for allowed images.

" + }, + "CreationDateConditionRequest":{ + "type":"structure", + "members":{ + "MaximumDaysSinceCreated":{ + "shape":"MaximumDaysSinceCreatedValue", + "documentation":"

The maximum number of days that have elapsed since the image was created. For example, a value of 300 allows images that were created within the last 300 days.

" + } + }, + "documentation":"

The maximum age for allowed images.

" + }, "CreditSpecification":{ "type":"structure", "members":{ @@ -17709,7 +19644,7 @@ }, "IpAddress":{ "shape":"String", - "documentation":"

IPv4 address for the customer gateway device's outside interface. The address must be static. If OutsideIpAddressType in your VPN connection options is set to PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If OutsideIpAddressType is set to PublicIpv4, you can use a public IPv4 address.

", + "documentation":"

The IP address for the customer gateway device's outside interface. The address must be static. If OutsideIpAddressType in your VPN connection options is set to PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If OutsideIpAddressType is set to PublicIpv4, you can use a public IPv4 address. If OutsideIpAddressType is set to Ipv6, you can use a public IPv6 address.

", "locationName":"ipAddress" }, "BgpAsn":{ @@ -17903,6 +19838,7 @@ "locationName":"item" } }, + "DefaultEnaQueueCountPerInterface":{"type":"integer"}, "DefaultInstanceMetadataEndpointState":{ "type":"string", "enum":[ @@ -17943,6 +19879,30 @@ ] }, "DefaultingDhcpOptionsId":{"type":"string"}, + "DeleteCapacityManagerDataExportRequest":{ + "type":"structure", + "required":["CapacityManagerDataExportId"], + "members":{ + "CapacityManagerDataExportId":{ + "shape":"CapacityManagerDataExportId", + "documentation":"

The unique identifier of the data export configuration to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteCapacityManagerDataExportResult":{ + "type":"structure", + "members":{ + "CapacityManagerDataExportId":{ + "shape":"CapacityManagerDataExportId", + "documentation":"

The unique identifier of the deleted data export configuration.

", + "locationName":"capacityManagerDataExportId" + } + } + }, "DeleteCarrierGatewayRequest":{ "type":"structure", "required":["CarrierGatewayId"], @@ -18298,6 +20258,30 @@ } } }, + "DeleteImageUsageReportRequest":{ + "type":"structure", + "required":["ReportId"], + "members":{ + "ReportId":{ + "shape":"ImageUsageReportId", + "documentation":"

The ID of the report to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteImageUsageReportResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "documentation":"

Returns true if the request succeeds; otherwise, it returns an error.

", + "locationName":"return" + } + } + }, "DeleteInstanceConnectEndpointRequest":{ "type":"structure", "required":["InstanceConnectEndpointId"], @@ -18418,6 +20402,54 @@ } } }, + "DeleteIpamPrefixListResolverRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver to delete.

" + } + } + }, + "DeleteIpamPrefixListResolverResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolver":{ + "shape":"IpamPrefixListResolver", + "documentation":"

Information about the IPAM prefix list resolver that was deleted.

", + "locationName":"ipamPrefixListResolver" + } + } + }, + "DeleteIpamPrefixListResolverTargetRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverTargetId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverTargetId":{ + "shape":"IpamPrefixListResolverTargetId", + "documentation":"

The ID of the IPAM prefix list resolver target to delete.

" + } + } + }, + "DeleteIpamPrefixListResolverTargetResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolverTarget":{ + "shape":"IpamPrefixListResolverTarget", + "documentation":"

Information about the IPAM prefix list resolver target that was deleted.

", + "locationName":"ipamPrefixListResolverTarget" + } + } + }, "DeleteIpamRequest":{ "type":"structure", "required":["IpamId"], @@ -18757,6 +20789,54 @@ } } }, + "DeleteLocalGatewayVirtualInterfaceGroupRequest":{ + "type":"structure", + "required":["LocalGatewayVirtualInterfaceGroupId"], + "members":{ + "LocalGatewayVirtualInterfaceGroupId":{ + "shape":"LocalGatewayVirtualInterfaceGroupId", + "documentation":"

The ID of the local gateway virtual interface group to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteLocalGatewayVirtualInterfaceGroupResult":{ + "type":"structure", + "members":{ + "LocalGatewayVirtualInterfaceGroup":{ + "shape":"LocalGatewayVirtualInterfaceGroup", + "documentation":"

Information about the deleted local gateway virtual interface group.

", + "locationName":"localGatewayVirtualInterfaceGroup" + } + } + }, + "DeleteLocalGatewayVirtualInterfaceRequest":{ + "type":"structure", + "required":["LocalGatewayVirtualInterfaceId"], + "members":{ + "LocalGatewayVirtualInterfaceId":{ + "shape":"LocalGatewayVirtualInterfaceId", + "documentation":"

The ID of the local virtual interface to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteLocalGatewayVirtualInterfaceResult":{ + "type":"structure", + "members":{ + "LocalGatewayVirtualInterface":{ + "shape":"LocalGatewayVirtualInterface", + "documentation":"

Information about the deleted local gateway virtual interface.

", + "locationName":"localGatewayVirtualInterface" + } + } + }, "DeleteManagedPrefixListRequest":{ "type":"structure", "required":["PrefixListId"], @@ -18971,7 +21051,7 @@ "members":{ "Return":{ "shape":"Boolean", - "documentation":"

Returns true if the request succeeds, otherwise returns an error.

", + "documentation":"

Is true if the request succeeds and an error otherwise.

", "locationName":"return" } }, @@ -19131,6 +21211,78 @@ } } }, + "DeleteRouteServerEndpointRequest":{ + "type":"structure", + "required":["RouteServerEndpointId"], + "members":{ + "RouteServerEndpointId":{ + "shape":"RouteServerEndpointId", + "documentation":"

The ID of the route server endpoint to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteRouteServerEndpointResult":{ + "type":"structure", + "members":{ + "RouteServerEndpoint":{ + "shape":"RouteServerEndpoint", + "documentation":"

Information about the deleted route server endpoint.

", + "locationName":"routeServerEndpoint" + } + } + }, + "DeleteRouteServerPeerRequest":{ + "type":"structure", + "required":["RouteServerPeerId"], + "members":{ + "RouteServerPeerId":{ + "shape":"RouteServerPeerId", + "documentation":"

The ID of the route server peer to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteRouteServerPeerResult":{ + "type":"structure", + "members":{ + "RouteServerPeer":{ + "shape":"RouteServerPeer", + "documentation":"

Information about the deleted route server peer.

", + "locationName":"routeServerPeer" + } + } + }, + "DeleteRouteServerRequest":{ + "type":"structure", + "required":["RouteServerId"], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server to delete.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DeleteRouteServerResult":{ + "type":"structure", + "members":{ + "RouteServer":{ + "shape":"RouteServer", + "documentation":"

Information about the deleted route server.

", + "locationName":"routeServer" + } + } + }, "DeleteRouteTableRequest":{ "type":"structure", "required":["RouteTableId"], @@ -19195,6 +21347,29 @@ } } }, + "DeleteSnapshotResultSet":{ + "type":"list", + "member":{ + "shape":"DeleteSnapshotReturnCode", + "locationName":"item" + } + }, + "DeleteSnapshotReturnCode":{ + "type":"structure", + "members":{ + "SnapshotId":{ + "shape":"SnapshotId", + "documentation":"

The ID of the snapshot.

", + "locationName":"snapshotId" + }, + "ReturnCode":{ + "shape":"SnapshotReturnCodes", + "documentation":"

The result code from the snapshot deletion attempt. Possible values:

  • success - The snapshot was successfully deleted.

  • skipped - The snapshot was not deleted because it's associated with other AMIs.

  • missing-permissions - The snapshot was not deleted because the role lacks DeleteSnapshot permissions. For more information, see How Amazon EBS works with IAM.

  • internal-error - The snapshot was not deleted due to a server error.

  • client-error - The snapshot was not deleted due to a client configuration error.

For details about an error, check the DeleteSnapshot event in the CloudTrail event history. For more information, see View event history in the Amazon Web Services CloudTrail User Guide.

", + "locationName":"returnCode" + } + }, + "documentation":"

The snapshot ID and its deletion result code.

" + }, "DeleteSpotDatafeedSubscriptionRequest":{ "type":"structure", "members":{ @@ -19961,6 +22136,27 @@ }, "documentation":"

Contains the parameters for DeleteVpnGateway.

" }, + "DeprecationTimeCondition":{ + "type":"structure", + "members":{ + "MaximumDaysSinceDeprecated":{ + "shape":"MaximumDaysSinceDeprecatedValue", + "documentation":"

The maximum number of days that have elapsed since the image was deprecated. When set to 0, no deprecated images are allowed.

", + "locationName":"maximumDaysSinceDeprecated" + } + }, + "documentation":"

The maximum period since deprecation for allowed images.

" + }, + "DeprecationTimeConditionRequest":{ + "type":"structure", + "members":{ + "MaximumDaysSinceDeprecated":{ + "shape":"MaximumDaysSinceDeprecatedValue", + "documentation":"

The maximum number of days that have elapsed since the image was deprecated. Set to 0 to exclude all deprecated images.

" + } + }, + "documentation":"

The maximum period since deprecation for allowed images.

" + }, "DeprovisionByoipCidrRequest":{ "type":"structure", "required":["Cidr"], @@ -20061,7 +22257,7 @@ }, "Cidr":{ "shape":"String", - "documentation":"

The CIDR you want to deprovision from the pool. Enter the CIDR you want to deprovision with a netmask of /32. You must rerun this command for each IP address in the CIDR range. If your CIDR is a /24, you will have to run this command to deprovision each of the 256 IP addresses in the /24 CIDR.

" + "documentation":"

The CIDR you want to deprovision from the pool.

" } } }, @@ -20095,6 +22291,10 @@ "shape":"ImageId", "documentation":"

The ID of the AMI.

" }, + "DeleteAssociatedSnapshots":{ + "shape":"Boolean", + "documentation":"

Specifies whether to delete the snapshots associated with the AMI during deregistration.

If a snapshot is associated with multiple AMIs, it is not deleted, regardless of this setting.

Default: The snapshots are not deleted.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -20103,6 +22303,21 @@ }, "documentation":"

Contains the parameters for DeregisterImage.

" }, + "DeregisterImageResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "documentation":"

Returns true if the request succeeds; otherwise, it returns an error.

", + "locationName":"return" + }, + "DeleteSnapshotResults":{ + "shape":"DeleteSnapshotResultSet", + "documentation":"

The deletion result for each snapshot associated with the AMI, including the snapshot ID and its success or error code.

", + "locationName":"deleteSnapshotResultSet" + } + } + }, "DeregisterInstanceEventNotificationAttributesRequest":{ "type":"structure", "required":["InstanceTagAttribute"], @@ -20395,7 +22610,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • group-name - For Availability Zones, use the Region name. For Local Zones, use the name of the group associated with the Local Zone (for example, us-west-2-lax-1) For Wavelength Zones, use the name of the group associated with the Wavelength Zone (for example, us-east-1-wl1).

  • message - The Zone message.

  • opt-in-status - The opt-in status (opted-in | not-opted-in | opt-in-not-required).

  • parent-zone-id - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • parent-zone-name - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • region-name - The name of the Region for the Zone (for example, us-east-1).

  • state - The state of the Availability Zone, the Local Zone, or the Wavelength Zone (available).

  • zone-id - The ID of the Availability Zone (for example, use1-az1), the Local Zone (for example, usw2-lax1-az1), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-name - The name of the Availability Zone (for example, us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone (availability-zone | local-zone | wavelength-zone).

", + "documentation":"

The filters.

  • group-long-name - The long name of the zone group for the Availability Zone (for example, US West (Oregon) 1), the Local Zone (for example, for Zone group us-west-2-lax-1, it is US West (Los Angeles), or the Wavelength Zone (for example, for Zone group us-east-1-wl1, it is US East (Verizon).

  • group-name - The name of the zone group for the Availability Zone (for example, us-east-1-zg-1), the Local Zone (for example, us-west-2-lax-1), or the Wavelength Zone (for example, us-east-1-wl1).

  • message - The Zone message.

  • opt-in-status - The opt-in status (opted-in | not-opted-in | opt-in-not-required).

  • parent-zone-id - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • parent-zone-name - The ID of the zone that handles some of the Local Zone and Wavelength Zone control plane operations, such as API calls.

  • region-name - The name of the Region for the Zone (for example, us-east-1).

  • state - The state of the Availability Zone, the Local Zone, or the Wavelength Zone (available | unavailable | constrained).

  • zone-id - The ID of the Availability Zone (for example, use1-az1), the Local Zone (for example, usw2-lax1-az1), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-name - The name of the Availability Zone (for example, us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).

  • zone-type - The type of zone (availability-zone | local-zone | wavelength-zone).

", "locationName":"Filter" } } @@ -20625,7 +22840,7 @@ }, "InstanceCount":{ "shape":"Integer", - "documentation":"

The number of instances for which to reserve capacity.

" + "documentation":"

The number of instances for which to reserve capacity. Each Capacity Block can have up to 64 instances, and you can have up to 256 instances across Capacity Blocks.

" }, "StartDateRange":{ "shape":"MillisecondDateTime", @@ -20637,7 +22852,7 @@ }, "CapacityDurationHours":{ "shape":"Integer", - "documentation":"

The number of hours for which to reserve Capacity Block.

" + "documentation":"

The reservation duration for the Capacity Block, in hours. You must specify the duration in 1-day increments up 14 days, and in 7-day increments up to 182 days.

" }, "NextToken":{ "shape":"String", @@ -20646,6 +22861,14 @@ "MaxResults":{ "shape":"DescribeCapacityBlockOfferingsMaxResults", "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "UltraserverType":{ + "shape":"String", + "documentation":"

The EC2 UltraServer type of the Capacity Block offerings.

" + }, + "UltraserverCount":{ + "shape":"Integer", + "documentation":"

The number of EC2 UltraServers in the offerings.

" } } }, @@ -20664,6 +22887,147 @@ } } }, + "DescribeCapacityBlockStatusMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "DescribeCapacityBlockStatusRequest":{ + "type":"structure", + "members":{ + "CapacityBlockIds":{ + "shape":"CapacityBlockIds", + "documentation":"

The ID of the Capacity Block.

", + "locationName":"CapacityBlockId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results.

" + }, + "MaxResults":{ + "shape":"DescribeCapacityBlockStatusMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters.

  • interconnect-status - The status of the interconnect for the Capacity Block (ok | impaired | insufficient-data).

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeCapacityBlockStatusResult":{ + "type":"structure", + "members":{ + "CapacityBlockStatuses":{ + "shape":"CapacityBlockStatusSet", + "documentation":"

The availability of capacity for a Capacity Block.

", + "locationName":"capacityBlockStatusSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "DescribeCapacityBlocksMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "DescribeCapacityBlocksRequest":{ + "type":"structure", + "members":{ + "CapacityBlockIds":{ + "shape":"CapacityBlockIds", + "documentation":"

The IDs of the Capacity Blocks.

", + "locationName":"CapacityBlockId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results.

" + }, + "MaxResults":{ + "shape":"DescribeCapacityBlocksMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters.

  • capacity-block-id - The ID of the Capacity Block.

  • ultraserver-type - The Capacity Block type. The type can be instances or ultraservers.

  • availability-zone - The Availability Zone of the Capacity Block.

  • start-date - The date and time at which the Capacity Block was started.

  • end-date - The date and time at which the Capacity Block expires. When a Capacity Block expires, all instances in the Capacity Block are terminated.

  • create-date - The date and time at which the Capacity Block was created.

  • state - The state of the Capacity Block (active | expired | unavailable | cancelled | failed | scheduled | payment-pending | payment-failed).

  • tags - The tags assigned to the Capacity Block.

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeCapacityBlocksResult":{ + "type":"structure", + "members":{ + "CapacityBlocks":{ + "shape":"CapacityBlockSet", + "documentation":"

The Capacity Blocks.

", + "locationName":"capacityBlockSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "DescribeCapacityManagerDataExportsRequest":{ + "type":"structure", + "members":{ + "CapacityManagerDataExportIds":{ + "shape":"CapacityManagerDataExportIdSet", + "documentation":"

The IDs of the data export configurations to describe. If not specified, all export configurations are returned.

", + "locationName":"CapacityManagerDataExportId" + }, + "MaxResults":{ + "shape":"DescribeCapacityManagerDataExportsRequestMaxResults", + "documentation":"

The maximum number of results to return in a single call. If not specified, up to 1000 results are returned.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results. Use this value in a subsequent call to retrieve additional results.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to narrow the results. Supported filters include export status, creation date, and S3 bucket name.

", + "locationName":"Filter" + } + } + }, + "DescribeCapacityManagerDataExportsRequestMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "DescribeCapacityManagerDataExportsResult":{ + "type":"structure", + "members":{ + "CapacityManagerDataExports":{ + "shape":"CapacityManagerDataExportResponseSet", + "documentation":"

Information about the data export configurations, including export settings, delivery status, and recent activity.

", + "locationName":"capacityManagerDataExportSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "DescribeCapacityReservationBillingRequestsRequest":{ "type":"structure", "required":["Role"], @@ -20763,6 +23127,53 @@ } } }, + "DescribeCapacityReservationTopologyMaxResults":{ + "type":"integer", + "max":10, + "min":1 + }, + "DescribeCapacityReservationTopologyRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

" + }, + "MaxResults":{ + "shape":"DescribeCapacityReservationTopologyMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

You can't specify this parameter and the Capacity Reservation IDs parameter in the same request.

Default: 10

" + }, + "CapacityReservationIds":{ + "shape":"CapacityReservationIdSet", + "documentation":"

The Capacity Reservation IDs.

Default: Describes all your Capacity Reservations.

Constraints: Maximum 100 explicitly specified Capacity Reservation IDs.

", + "locationName":"CapacityReservationId" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

The filters.

  • availability-zone - The name of the Availability Zone (for example, us-west-2a) or Local Zone (for example, us-west-2-lax-1b) that the Capacity Reservation is in.

  • instance-type - The instance type (for example, p4d.24xlarge) or instance family (for example, p4d*). You can use the * wildcard to match zero or more characters, or the ? wildcard to match zero or one character.

", + "locationName":"Filter" + } + } + }, + "DescribeCapacityReservationTopologyResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

", + "locationName":"nextToken" + }, + "CapacityReservations":{ + "shape":"CapacityReservationTopologySet", + "documentation":"

Information about the topology of each Capacity Reservation.

", + "locationName":"capacityReservationSet" + } + } + }, "DescribeCapacityReservationsMaxResults":{ "type":"integer", "max":1000, @@ -21621,6 +24032,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "State":{ "shape":"FastSnapshotRestoreStateCode", "documentation":"

The state of fast snapshot restores.

", @@ -21686,7 +24102,7 @@ "members":{ "Filters":{ "shape":"FilterList", - "documentation":"

The filters. The possible values are:

  • availability-zone: The Availability Zone of the snapshot.

  • owner-id: The ID of the Amazon Web Services account that enabled fast snapshot restore on the snapshot.

  • snapshot-id: The ID of the snapshot.

  • state: The state of fast snapshot restores for the snapshot (enabling | optimizing | enabled | disabling | disabled).

", + "documentation":"

The filters. The possible values are:

  • availability-zone: The Availability Zone of the snapshot. For example, us-east-2a.

  • availability-zone-id: The ID of the Availability Zone of the snapshot. For example, use2-az1.

  • owner-id: The ID of the Amazon Web Services account that enabled fast snapshot restore on the snapshot.

  • snapshot-id: The ID of the snapshot.

  • state: The state of fast snapshot restores for the snapshot (enabling | optimizing | enabled | disabling | disabled).

", "locationName":"Filter" }, "MaxResults":{ @@ -22292,7 +24708,7 @@ "members":{ "Attribute":{ "shape":"ImageAttributeName", - "documentation":"

The AMI attribute.

Note: The blockDeviceMapping attribute is deprecated. Using this attribute returns the Client.AuthFailure error. To get information about the block device mappings for an AMI, use the DescribeImages action.

" + "documentation":"

The AMI attribute.

Note: The blockDeviceMapping attribute is deprecated. Using this attribute returns the Client.AuthFailure error. To get information about the block device mappings for an AMI, describe the image instead.

" }, "ImageId":{ "shape":"ImageId", @@ -22306,6 +24722,171 @@ }, "documentation":"

Contains the parameters for DescribeImageAttribute.

" }, + "DescribeImageReferencesImageIdStringList":{ + "type":"list", + "member":{"shape":"ImageId"}, + "max":10, + "min":1 + }, + "DescribeImageReferencesMaxResults":{ + "type":"integer", + "min":5 + }, + "DescribeImageReferencesRequest":{ + "type":"structure", + "required":["ImageIds"], + "members":{ + "ImageIds":{ + "shape":"DescribeImageReferencesImageIdStringList", + "documentation":"

The IDs of the images to check for resource references.

", + "locationName":"ImageId" + }, + "IncludeAllResourceTypes":{ + "shape":"Boolean", + "documentation":"

Specifies whether to check all supported Amazon Web Services resource types for image references. When specified, default values are applied for ResourceTypeOptions. For the default values, see How AMI reference checks work in the Amazon EC2 User Guide. If you also specify ResourceTypes with ResourceTypeOptions, your specified values override the default values.

Supported resource types: ec2:Instance | ec2:LaunchTemplate | ssm:Parameter | imagebuilder:ImageRecipe | imagebuilder:ContainerRecipe

Either IncludeAllResourceTypes or ResourceTypes must be specified.

" + }, + "ResourceTypes":{ + "shape":"ResourceTypeRequestList", + "documentation":"

The Amazon Web Services resource types to check for image references.

Either IncludeAllResourceTypes or ResourceTypes must be specified.

", + "locationName":"ResourceType" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "MaxResults":{ + "shape":"DescribeImageReferencesMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + } + } + }, + "DescribeImageReferencesResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

", + "locationName":"nextToken" + }, + "ImageReferences":{ + "shape":"ImageReferenceList", + "documentation":"

The resources that are referencing the specified images.

", + "locationName":"imageReferenceSet" + } + } + }, + "DescribeImageUsageReportEntriesMaxResults":{ + "type":"integer", + "min":1 + }, + "DescribeImageUsageReportEntriesRequest":{ + "type":"structure", + "members":{ + "ImageIds":{ + "shape":"DescribeImageUsageReportsImageIdStringList", + "documentation":"

The IDs of the images for filtering the report entries. If specified, only report entries containing these images are returned.

", + "locationName":"ImageId" + }, + "ReportIds":{ + "shape":"ImageUsageReportIdStringList", + "documentation":"

The IDs of the usage reports.

", + "locationName":"ReportId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

The filters.

  • account-id - A 12-digit Amazon Web Services account ID.

  • creation-time - The time when the report was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2025-11-29T11:04:43.305Z. You can use a wildcard (*), for example, 2025-11-29T*, which matches an entire day.

  • resource-type - The resource type (ec2:Instance | ec2:LaunchTemplate).

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "MaxResults":{ + "shape":"DescribeImageUsageReportEntriesMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + } + } + }, + "DescribeImageUsageReportEntriesResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

", + "locationName":"nextToken" + }, + "ImageUsageReportEntries":{ + "shape":"ImageUsageReportEntryList", + "documentation":"

The content of the usage reports.

", + "locationName":"imageUsageReportEntrySet" + } + } + }, + "DescribeImageUsageReportsImageIdStringList":{ + "type":"list", + "member":{"shape":"ImageId"}, + "max":200, + "min":0 + }, + "DescribeImageUsageReportsMaxResults":{ + "type":"integer", + "min":1 + }, + "DescribeImageUsageReportsRequest":{ + "type":"structure", + "members":{ + "ImageIds":{ + "shape":"DescribeImageUsageReportsImageIdStringList", + "documentation":"

The IDs of the images for filtering the reports. If specified, only reports containing these images are returned.

", + "locationName":"ImageId" + }, + "ReportIds":{ + "shape":"ImageUsageReportIdStringList", + "documentation":"

The IDs of the image usage reports.

", + "locationName":"ReportId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

The filters.

  • creation-time - The time when the report was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2025-11-29T11:04:43.305Z. You can use a wildcard (*), for example, 2025-11-29T*, which matches an entire day.

  • state - The state of the report (available | pending | error).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "MaxResults":{ + "shape":"DescribeImageUsageReportsMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + } + } + }, + "DescribeImageUsageReportsResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

", + "locationName":"nextToken" + }, + "ImageUsageReports":{ + "shape":"ImageUsageReportList", + "documentation":"

The image usage reports.

", + "locationName":"imageUsageReportSet" + } + } + }, "DescribeImagesRequest":{ "type":"structure", "members":{ @@ -22347,7 +24928,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).

  • block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.

  • block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.

  • block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).

  • block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.

  • creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • description - The description of the image (provided during image creation).

  • ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

  • hypervisor - The hypervisor type (ovm | xen).

  • image-allowed - A Boolean that indicates whether the image meets the criteria specified for Allowed AMIs.

  • image-id - The ID of the image.

  • image-type - The image type (machine | kernel | ramdisk).

  • is-public - A Boolean that indicates whether the image is public.

  • kernel-id - The kernel ID.

  • manifest-location - The location of the image manifest.

  • name - The name of the AMI (provided during image creation).

  • owner-alias - The owner alias (amazon | aws-backup-vault | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

  • owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

  • platform - The platform. The only supported value is windows.

  • product-code - The product code.

  • product-code.type - The type of the product code (marketplace).

  • ramdisk-id - The RAM disk ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-image-id - The ID of the source AMI from which the AMI was created.

  • source-image-region - The Region of the source AMI.

  • source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.

  • state - The state of the image (available | pending | failed).

  • state-reason-code - The reason code for the state change.

  • state-reason-message - The message for the state change.

  • sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • virtualization-type - The virtualization type (paravirtual | hvm).

", + "documentation":"

The filters.

  • architecture - The image architecture (i386 | x86_64 | arm64 | x86_64_mac | arm64_mac).

  • block-device-mapping.delete-on-termination - A Boolean value that indicates whether the Amazon EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.snapshot-id - The ID of the snapshot used for the Amazon EBS volume.

  • block-device-mapping.volume-size - The volume size of the Amazon EBS volume, in GiB.

  • block-device-mapping.volume-type - The volume type of the Amazon EBS volume (io1 | io2 | gp2 | gp3 | sc1 | st1 | standard).

  • block-device-mapping.encrypted - A Boolean that indicates whether the Amazon EBS volume is encrypted.

  • creation-date - The time when the image was created, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • description - The description of the image (provided during image creation).

  • ena-support - A Boolean that indicates whether enhanced networking with ENA is enabled.

  • free-tier-eligible - A Boolean that indicates whether this image can be used under the Amazon Web Services Free Tier (true | false).

  • hypervisor - The hypervisor type (ovm | xen).

  • image-allowed - A Boolean that indicates whether the image meets the criteria specified for Allowed AMIs.

  • image-id - The ID of the image.

  • image-type - The image type (machine | kernel | ramdisk).

  • is-public - A Boolean that indicates whether the image is public.

  • kernel-id - The kernel ID.

  • manifest-location - The location of the image manifest.

  • name - The name of the AMI (provided during image creation).

  • owner-alias - The owner alias (amazon | aws-backup-vault | aws-marketplace). The valid aliases are defined in an Amazon-maintained list. This is not the Amazon Web Services account alias that can be set using the IAM console. We recommend that you use the Owner request parameter instead of this filter.

  • owner-id - The Amazon Web Services account ID of the owner. We recommend that you use the Owner request parameter instead of this filter.

  • platform - The platform. The only supported value is windows.

  • product-code - The product code.

  • product-code.type - The type of the product code (marketplace).

  • ramdisk-id - The RAM disk ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-image-id - The ID of the source AMI from which the AMI was created.

  • source-image-region - The Region of the source AMI.

  • source-instance-id - The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This filter is applicable only if the AMI was created using CreateImage.

  • state - The state of the image (available | pending | failed).

  • state-reason-code - The reason code for the state change.

  • state-reason-message - The message for the state change.

  • sriov-net-support - A value of simple indicates that enhanced networking with the Intel 82599 VF interface is enabled.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • virtualization-type - The virtualization type (paravirtual | hvm).

", "locationName":"Filter" } } @@ -22468,7 +25049,7 @@ }, "Attribute":{ "shape":"InstanceAttributeName", - "documentation":"

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

", + "documentation":"

The instance attribute.

Note that the enaSupport attribute is not supported.

", "locationName":"attribute" } } @@ -22694,7 +25275,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • availability-zone - The Availability Zone of the instance.

  • event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).

  • event.description - A description of the event.

  • event.instance-event-id - The ID of the event whose date and time you are modifying.

  • event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).

  • instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).

  • instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).

  • system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • attached-ebs-status.status - The status of the attached EBS volume for the instance (ok | impaired | initializing | insufficient-data | not-applicable).

", + "documentation":"

The filters.

  • availability-zone - The Availability Zone of the instance.

  • availability-zone-id - The ID of the Availability Zone of the instance.

  • event.code - The code for the scheduled event (instance-reboot | system-reboot | system-maintenance | instance-retirement | instance-stop).

  • event.description - A description of the event.

  • event.instance-event-id - The ID of the event whose date and time you are modifying.

  • event.not-after - The latest end time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before - The earliest start time for the scheduled event (for example, 2014-09-15T17:15:20.000Z).

  • event.not-before-deadline - The deadline for starting the event (for example, 2014-09-15T17:15:20.000Z).

  • instance-state-code - The code for the instance state, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-status.reachability - Filters on instance status where the name is reachability (passed | failed | initializing | insufficient-data).

  • instance-status.status - The status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • system-status.reachability - Filters on system status where the name is reachability (passed | failed | initializing | insufficient-data).

  • system-status.status - The system status of the instance (ok | impaired | initializing | insufficient-data | not-applicable).

  • attached-ebs-status.status - The status of the attached EBS volume for the instance (ok | impaired | initializing | insufficient-data | not-applicable).

", "locationName":"Filter" }, "IncludeAllInstances":{ @@ -22834,7 +25415,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

One or more filters. Filter names and values are case-sensitive.

  • auto-recovery-supported - Indicates whether Amazon CloudWatch action based recovery is supported (true | false).

  • bare-metal - Indicates whether it is a bare metal instance type (true | false).

  • burstable-performance-supported - Indicates whether the instance type is a burstable performance T instance type (true | false).

  • current-generation - Indicates whether this instance type is the latest generation instance type of an instance family (true | false).

  • ebs-info.ebs-optimized-info.baseline-bandwidth-in-mbps - The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.baseline-iops - The baseline input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.baseline-throughput-in-mbps - The baseline throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps - The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.maximum-iops - The maximum input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.maximum-throughput-in-mbps - The maximum throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-support - Indicates whether the instance type is EBS-optimized (supported | unsupported | default).

  • ebs-info.encryption-support - Indicates whether EBS encryption is supported (supported | unsupported).

  • ebs-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for EBS volumes (required | supported | unsupported).

  • free-tier-eligible - Indicates whether the instance type is eligible to use in the free tier (true | false).

  • hibernation-supported - Indicates whether On-Demand hibernation is supported (true | false).

  • hypervisor - The hypervisor (nitro | xen).

  • instance-storage-info.disk.count - The number of local disks.

  • instance-storage-info.disk.size-in-gb - The storage size of each instance storage disk, in GB.

  • instance-storage-info.disk.type - The storage technology for the local instance storage disks (hdd | ssd).

  • instance-storage-info.encryption-support - Indicates whether data is encrypted at rest (required | supported | unsupported).

  • instance-storage-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for instance store (required | supported | unsupported).

  • instance-storage-info.total-size-in-gb - The total amount of storage available from all local instance storage, in GB.

  • instance-storage-supported - Indicates whether the instance type has local instance storage (true | false).

  • instance-type - The instance type (for example c5.2xlarge or c5*).

  • memory-info.size-in-mib - The memory size.

  • network-info.bandwidth-weightings - For instances that support bandwidth weighting to boost performance (default, vpc-1, ebs-1).

  • network-info.efa-info.maximum-efa-interfaces - The maximum number of Elastic Fabric Adapters (EFAs) per instance.

  • network-info.efa-supported - Indicates whether the instance type supports Elastic Fabric Adapter (EFA) (true | false).

  • network-info.ena-support - Indicates whether Elastic Network Adapter (ENA) is supported or required (required | supported | unsupported).

  • network-info.encryption-in-transit-supported - Indicates whether the instance type automatically encrypts in-transit traffic between instances (true | false).

  • network-info.ipv4-addresses-per-interface - The maximum number of private IPv4 addresses per network interface.

  • network-info.ipv6-addresses-per-interface - The maximum number of private IPv6 addresses per network interface.

  • network-info.ipv6-supported - Indicates whether the instance type supports IPv6 (true | false).

  • network-info.maximum-network-cards - The maximum number of network cards per instance.

  • network-info.maximum-network-interfaces - The maximum number of network interfaces per instance.

  • network-info.network-performance - The network performance (for example, \"25 Gigabit\").

  • nitro-enclaves-support - Indicates whether Nitro Enclaves is supported (supported | unsupported).

  • nitro-tpm-support - Indicates whether NitroTPM is supported (supported | unsupported).

  • nitro-tpm-info.supported-versions - The supported NitroTPM version (2.0).

  • processor-info.supported-architecture - The CPU architecture (arm64 | i386 | x86_64).

  • processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in GHz.

  • processor-info.supported-features - The supported CPU features (amd-sev-snp).

  • supported-boot-mode - The boot mode (legacy-bios | uefi).

  • supported-root-device-type - The root device type (ebs | instance-store).

  • supported-usage-class - The usage class (on-demand | spot | capacity-block).

  • supported-virtualization-type - The virtualization type (hvm | paravirtual).

  • vcpu-info.default-cores - The default number of cores for the instance type.

  • vcpu-info.default-threads-per-core - The default number of threads per core for the instance type.

  • vcpu-info.default-vcpus - The default number of vCPUs for the instance type.

  • vcpu-info.valid-cores - The number of cores that can be configured for the instance type.

  • vcpu-info.valid-threads-per-core - The number of threads per core that can be configured for the instance type. For example, \"1\" or \"1,2\".

", + "documentation":"

One or more filters. Filter names and values are case-sensitive.

  • auto-recovery-supported - Indicates whether Amazon CloudWatch action based recovery is supported (true | false).

  • bare-metal - Indicates whether it is a bare metal instance type (true | false).

  • burstable-performance-supported - Indicates whether the instance type is a burstable performance T instance type (true | false).

  • current-generation - Indicates whether this instance type is the latest generation instance type of an instance family (true | false).

  • dedicated-hosts-supported - Indicates whether the instance type supports Dedicated Hosts. (true | false)

  • ebs-info.attachment-limit-type - The type of Amazon EBS volume attachment limit (shared | dedicated).

  • ebs-info.maximum-ebs-attachments - The maximum number of Amazon EBS volumes that can be attached to the instance type.

  • ebs-info.ebs-optimized-info.baseline-bandwidth-in-mbps - The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.baseline-iops - The baseline input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.baseline-throughput-in-mbps - The baseline throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-info.maximum-bandwidth-in-mbps - The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.

  • ebs-info.ebs-optimized-info.maximum-iops - The maximum input/output storage operations per second for an EBS-optimized instance type.

  • ebs-info.ebs-optimized-info.maximum-throughput-in-mbps - The maximum throughput performance for an EBS-optimized instance type, in MB/s.

  • ebs-info.ebs-optimized-support - Indicates whether the instance type is EBS-optimized (supported | unsupported | default).

  • ebs-info.encryption-support - Indicates whether EBS encryption is supported (supported | unsupported).

  • ebs-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for EBS volumes (required | supported | unsupported).

  • free-tier-eligible - A Boolean that indicates whether this instance type can be used under the Amazon Web Services Free Tier (true | false).

  • hibernation-supported - Indicates whether On-Demand hibernation is supported (true | false).

  • hypervisor - The hypervisor (nitro | xen).

  • instance-storage-info.disk.count - The number of local disks.

  • instance-storage-info.disk.size-in-gb - The storage size of each instance storage disk, in GB.

  • instance-storage-info.disk.type - The storage technology for the local instance storage disks (hdd | ssd).

  • instance-storage-info.encryption-support - Indicates whether data is encrypted at rest (required | supported | unsupported).

  • instance-storage-info.nvme-support - Indicates whether non-volatile memory express (NVMe) is supported for instance store (required | supported | unsupported).

  • instance-storage-info.total-size-in-gb - The total amount of storage available from all local instance storage, in GB.

  • instance-storage-supported - Indicates whether the instance type has local instance storage (true | false).

  • instance-type - The instance type (for example c5.2xlarge or c5*).

  • memory-info.size-in-mib - The memory size.

  • network-info.bandwidth-weightings - For instances that support bandwidth weighting to boost performance (default, vpc-1, ebs-1).

  • network-info.efa-info.maximum-efa-interfaces - The maximum number of Elastic Fabric Adapters (EFAs) per instance.

  • network-info.efa-supported - Indicates whether the instance type supports Elastic Fabric Adapter (EFA) (true | false).

  • network-info.ena-support - Indicates whether Elastic Network Adapter (ENA) is supported or required (required | supported | unsupported).

  • network-info.flexible-ena-queues-support - Indicates whether an instance supports flexible ENA queues (supported | unsupported).

  • network-info.encryption-in-transit-supported - Indicates whether the instance type automatically encrypts in-transit traffic between instances (true | false).

  • network-info.ipv4-addresses-per-interface - The maximum number of private IPv4 addresses per network interface.

  • network-info.ipv6-addresses-per-interface - The maximum number of private IPv6 addresses per network interface.

  • network-info.ipv6-supported - Indicates whether the instance type supports IPv6 (true | false).

  • network-info.maximum-network-cards - The maximum number of network cards per instance.

  • network-info.maximum-network-interfaces - The maximum number of network interfaces per instance.

  • network-info.network-performance - The network performance (for example, \"25 Gigabit\").

  • nitro-enclaves-support - Indicates whether Nitro Enclaves is supported (supported | unsupported).

  • nitro-tpm-support - Indicates whether NitroTPM is supported (supported | unsupported).

  • nitro-tpm-info.supported-versions - The supported NitroTPM version (2.0).

  • processor-info.supported-architecture - The CPU architecture (arm64 | i386 | x86_64).

  • processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in GHz.

  • processor-info.supported-features - The supported CPU features (amd-sev-snp).

  • reboot-migration-support - Indicates whether enabling reboot migration is supported (supported | unsupported).

  • supported-boot-mode - The boot mode (legacy-bios | uefi).

  • supported-root-device-type - The root device type (ebs | instance-store).

  • supported-usage-class - The usage class (on-demand | spot | capacity-block).

  • supported-virtualization-type - The virtualization type (hvm | paravirtual).

  • vcpu-info.default-cores - The default number of cores for the instance type.

  • vcpu-info.default-threads-per-core - The default number of threads per core for the instance type.

  • vcpu-info.default-vcpus - The default number of vCPUs for the instance type.

  • vcpu-info.valid-cores - The number of cores that can be configured for the instance type.

  • vcpu-info.valid-threads-per-core - The number of threads per core that can be configured for the instance type. For example, \"1\" or \"1,2\".

", "locationName":"Filter" }, "MaxResults":{ @@ -22877,7 +25458,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.

  • client-token - The idempotency token you provided when you launched the instance.

  • current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).

  • dns-name - The public DNS name of the instance.

  • ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.

  • enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • ipv6-address - The IPv6 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).

  • metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)

  • metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).

  • metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).

  • metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)

  • metadata-options.state - The state of the metadata option changes (pending | applied).

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.association.allocation-id - The allocation ID.

  • network-interface.addresses.association.association-id - The association ID.

  • network-interface.addresses.association.carrier-ip - The carrier IP address.

  • network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.addresses.association.public-dns-name - The public DNS name.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.private-dns-name - The private DNS name.

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.association.carrier-ip - The customer-owned IP address.

  • network-interface.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.public-dns-name - The public DNS name.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.network-card-index - The index of the network card.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.

  • network-interface.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.

  • network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.

  • network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.

  • network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.

  • network-interface.outpost-arn - The ARN of the Outpost.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.private-ip-address - The private IPv4 address.

  • network-interface.public-dns-name - The public DNS name.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.tag-key - The key of a tag assigned to the network interface.

  • network-interface.tag-value - The value of a tag assigned to the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.

  • private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

  • private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).

  • private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).

  • usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).

  • usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

", + "documentation":"

The filters.

  • affinity - The affinity setting for an instance running on a Dedicated Host (default | host).

  • architecture - The instance architecture (i386 | x86_64 | arm64).

  • availability-zone - The Availability Zone of the instance.

  • availability-zone-id - The ID of the Availability Zone of the instance.

  • block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.

  • block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.

  • block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).

  • block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).

  • block-device-mapping.volume-id - The volume ID of the EBS volume.

  • boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).

  • capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.

  • capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.

  • capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.

  • client-token - The idempotency token you provided when you launched the instance.

  • current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).

  • dns-name - The public DNS name of the instance.

  • ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.

  • ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.

  • enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

  • hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.

  • host-id - The ID of the Dedicated Host on which the instance is running, if applicable.

  • hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.

  • iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.

  • iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.

  • image-id - The ID of the image used to launch the instance.

  • instance-id - The ID of the instance.

  • instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).

  • instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).

  • instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).

  • instance-type - The type of instance (for example, t2.micro).

  • instance.group-id - The ID of the security group for the instance.

  • instance.group-name - The name of the security group for the instance.

  • ip-address - The public IPv4 address of the instance.

  • ipv6-address - The IPv6 address of the instance.

  • kernel-id - The kernel ID.

  • key-name - The name of the key pair used when the instance was launched.

  • launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).

  • launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.

  • maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).

  • metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)

  • metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).

  • metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).

  • metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)

  • metadata-options.http-tokens - The metadata request authorization state (optional | required)

  • metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)

  • metadata-options.state - The state of the metadata option changes (pending | applied).

  • monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).

  • network-interface.addresses.association.allocation-id - The allocation ID.

  • network-interface.addresses.association.association-id - The association ID.

  • network-interface.addresses.association.carrier-ip - The carrier IP address.

  • network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.

  • network-interface.addresses.association.public-dns-name - The public DNS name.

  • network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.

  • network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.

  • network-interface.addresses.private-dns-name - The private DNS name.

  • network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.

  • network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • network-interface.association.carrier-ip - The customer-owned IP address.

  • network-interface.association.customer-owned-ip - The customer-owned IP address.

  • network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • network-interface.association.public-dns-name - The public DNS name.

  • network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • network-interface.attachment.attach-time - The time that the network interface was attached to an instance.

  • network-interface.attachment.attachment-id - The ID of the interface attachment.

  • network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.

  • network-interface.attachment.device-index - The device index to which the network interface is attached.

  • network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.

  • network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • network-interface.attachment.network-card-index - The index of the network card.

  • network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • network-interface.availability-zone - The Availability Zone for the network interface.

  • network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.

  • network-interface.description - The description of the network interface.

  • network-interface.group-id - The ID of a security group associated with the network interface.

  • network-interface.group-name - The name of a security group associated with the network interface.

  • network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.

  • network-interface.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.

  • network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.

  • network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.

  • network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.

  • network-interface.mac-address - The MAC address of the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.

  • network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.

  • network-interface.outpost-arn - The ARN of the Outpost.

  • network-interface.owner-id - The ID of the owner of the network interface.

  • network-interface.private-dns-name - The private DNS name of the network interface.

  • network-interface.private-ip-address - The private IPv4 address.

  • network-interface.public-dns-name - The public DNS name.

  • network-interface.requester-id - The requester ID for the network interface.

  • network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.

  • network-interface.status - The status of the network interface (available) | in-use).

  • network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • network-interface.subnet-id - The ID of the subnet for the network interface.

  • network-interface.tag-key - The key of a tag assigned to the network interface.

  • network-interface.tag-value - The value of a tag assigned to the network interface.

  • network-interface.vpc-id - The ID of the VPC for the network interface.

  • network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.

  • operator.managed - A Boolean that indicates whether this is a managed instance.

  • operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.

  • outpost-arn - The Amazon Resource Name (ARN) of the Outpost.

  • owner-id - The Amazon Web Services account ID of the instance owner.

  • placement-group-name - The name of the placement group for the instance.

  • placement-partition-number - The partition in which the instance is located.

  • platform - The platform. To list only Windows instances, use windows.

  • platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with High Availability | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).

  • private-dns-name - The private IPv4 DNS name of the instance.

  • private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.

  • private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

  • private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).

  • private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.

  • product-code - The product code associated with the AMI used to launch the instance.

  • product-code.type - The type of product code (devpay | marketplace).

  • ramdisk-id - The RAM disk ID.

  • reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.

  • requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.

  • root-device-name - The device name of the root device volume (for example, /dev/sda1).

  • root-device-type - The type of the root device volume (ebs | instance-store).

  • source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.

  • spot-instance-request-id - The ID of the Spot Instance request.

  • state-reason-code - The reason code for the state change.

  • state-reason-message - A message that describes the state change.

  • subnet-id - The ID of the subnet for the instance.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.

  • tenancy - The tenancy of an instance (dedicated | default | host).

  • tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).

  • usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).

  • usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.

  • virtualization-type - The virtualization type of the instance (paravirtual | hvm).

  • vpc-id - The ID of the VPC that the instance is running in.

", "locationName":"Filter" }, "NextToken":{ @@ -23076,6 +25657,94 @@ } } }, + "DescribeIpamPrefixListResolverTargetsRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to limit the results.

", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results.

" + }, + "IpamPrefixListResolverTargetIds":{ + "shape":"ValueStringList", + "documentation":"

The IDs of the IPAM prefix list resolver Targets to describe. If not specified, all targets in your account are described.

", + "locationName":"IpamPrefixListResolverTargetId" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver to filter targets by. Only targets associated with this resolver will be returned.

" + } + } + }, + "DescribeIpamPrefixListResolverTargetsResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + }, + "IpamPrefixListResolverTargets":{ + "shape":"IpamPrefixListResolverTargetSet", + "documentation":"

Information about the IPAM prefix list resolver Targets.

", + "locationName":"ipamPrefixListResolverTargetSet" + } + } + }, + "DescribeIpamPrefixListResolversRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to limit the results.

", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results.

" + }, + "IpamPrefixListResolverIds":{ + "shape":"ValueStringList", + "documentation":"

The IDs of the IPAM prefix list resolvers to describe. If not specified, all resolvers in your account are described.

", + "locationName":"IpamPrefixListResolverId" + } + } + }, + "DescribeIpamPrefixListResolversResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + }, + "IpamPrefixListResolvers":{ + "shape":"IpamPrefixListResolverSet", + "documentation":"

Information about the IPAM prefix list resolvers.

", + "locationName":"ipamPrefixListResolverSet" + } + } + }, "DescribeIpamResourceDiscoveriesRequest":{ "type":"structure", "members":{ @@ -23368,7 +26037,7 @@ }, "ResolveAlias":{ "shape":"Boolean", - "documentation":"

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageId.

If false, and if a Systems Manager parameter is specified for ImageId, the parameter is displayed in the response for imageId.

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

Default: false

" + "documentation":"

If true, and if a Systems Manager parameter is specified for ImageId, the AMI ID is displayed in the response for imageId.

If false, and if a Systems Manager parameter is specified for ImageId, the parameter is displayed in the response for imageId.

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

Default: false

" } } }, @@ -23781,6 +26450,53 @@ } } }, + "DescribeMacModificationTasksMaxResults":{ + "type":"integer", + "max":500, + "min":1 + }, + "DescribeMacModificationTasksRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

Specifies one or more filters for the request:

  • instance-id - The ID of the instance for which the task was created.

  • task-state - The state of the task (successful | failed | in-progress | pending).

  • mac-system-integrity-protection-configuration.sip-status - The overall SIP state requested in the task (enabled | disabled).

  • start-time - The date and time the task was created.

  • task-type - The type of task (sip-modification | volume-ownership-delegation).

", + "locationName":"Filter" + }, + "MacModificationTaskIds":{ + "shape":"MacModificationTaskIdList", + "documentation":"

The ID of task.

", + "locationName":"MacModificationTaskId" + }, + "MaxResults":{ + "shape":"DescribeMacModificationTasksMaxResults", + "documentation":"

The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results.

" + } + } + }, + "DescribeMacModificationTasksResult":{ + "type":"structure", + "members":{ + "MacModificationTasks":{ + "shape":"MacModificationTaskList", + "documentation":"

Information about the tasks.

", + "locationName":"macModificationTaskSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "DescribeManagedPrefixListsRequest":{ "type":"structure", "members":{ @@ -24290,7 +27006,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

One or more filters.

  • association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • addresses.association.owner-id - The owner ID of the addresses associated with the network interface.

  • addresses.association.public-ip - The association ID returned when the network interface was associated with the Elastic IP address (IPv4).

  • addresses.primary - Whether the private IPv4 address is the primary IP address associated with the network interface.

  • addresses.private-ip-address - The private IPv4 addresses associated with the network interface.

  • association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • association.public-dns-name - The public DNS name for the network interface (IPv4).

  • attachment.attach-time - The time that the network interface was attached to an instance.

  • attachment.attachment-id - The ID of the interface attachment.

  • attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.

  • attachment.device-index - The device index to which the network interface is attached.

  • attachment.instance-id - The ID of the instance to which the network interface is attached.

  • attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • availability-zone - The Availability Zone of the network interface.

  • description - The description of the network interface.

  • group-id - The ID of a security group associated with the network interface.

  • ipv6-addresses.ipv6-address - An IPv6 address associated with the network interface.

  • interface-type - The type of network interface (api_gateway_managed | aws_codestar_connections_managed | branch | ec2_instance_connect_endpoint | efa | efa-only | efs | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint).

  • mac-address - The MAC address of the network interface.

  • network-interface-id - The ID of the network interface.

  • owner-id - The Amazon Web Services account ID of the network interface owner.

  • private-dns-name - The private DNS name of the network interface (IPv4).

  • private-ip-address - The private IPv4 address or addresses of the network interface.

  • requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.

  • requester-managed - Indicates whether the network interface is being managed by an Amazon Web Services service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • source-dest-check - Indicates whether the network interface performs source/destination checking. A value of true means checking is enabled, and false means checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • status - The status of the network interface. If the network interface is not attached to an instance, the status is available; if a network interface is attached to an instance the status is in-use.

  • subnet-id - The ID of the subnet for the network interface.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network interface.

", + "documentation":"

One or more filters.

  • association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.

  • association.association-id - The association ID returned when the network interface was associated with an IPv4 address.

  • addresses.association.owner-id - The owner ID of the addresses associated with the network interface.

  • addresses.association.public-ip - The association ID returned when the network interface was associated with the Elastic IP address (IPv4).

  • addresses.primary - Whether the private IPv4 address is the primary IP address associated with the network interface.

  • addresses.private-ip-address - The private IPv4 addresses associated with the network interface.

  • association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.

  • association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.

  • association.public-dns-name - The public DNS name for the network interface (IPv4).

  • attachment.attach-time - The time that the network interface was attached to an instance.

  • attachment.attachment-id - The ID of the interface attachment.

  • attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.

  • attachment.device-index - The device index to which the network interface is attached.

  • attachment.instance-id - The ID of the instance to which the network interface is attached.

  • attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.

  • attachment.status - The status of the attachment (attaching | attached | detaching | detached).

  • availability-zone - The Availability Zone of the network interface.

  • availability-zone-id - The ID of the Availability Zone of the network interface.

  • description - The description of the network interface.

  • group-id - The ID of a security group associated with the network interface.

  • ipv6-addresses.ipv6-address - An IPv6 address associated with the network interface.

  • interface-type - The type of network interface (api_gateway_managed | aws_codestar_connections_managed | branch | ec2_instance_connect_endpoint | efa | efa-only | efs | evs | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint).

  • mac-address - The MAC address of the network interface.

  • network-interface-id - The ID of the network interface.

  • operator.managed - A Boolean that indicates whether this is a managed network interface.

  • operator.principal - The principal that manages the network interface. Only valid for managed network interfaces, where managed is true.

  • owner-id - The Amazon Web Services account ID of the network interface owner.

  • private-dns-name - The private DNS name of the network interface (IPv4).

  • private-ip-address - The private IPv4 address or addresses of the network interface.

  • requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.

  • requester-managed - Indicates whether the network interface is being managed by an Amazon Web Services service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).

  • source-dest-check - Indicates whether the network interface performs source/destination checking. A value of true means checking is enabled, and false means checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.

  • status - The status of the network interface. If the network interface is not attached to an instance, the status is available; if a network interface is attached to an instance the status is in-use.

  • subnet-id - The ID of the subnet for the network interface.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network interface.

", "locationName":"filter" } }, @@ -24311,6 +27027,48 @@ } } }, + "DescribeOutpostLagsRequest":{ + "type":"structure", + "members":{ + "OutpostLagIds":{ + "shape":"OutpostLagIdSet", + "documentation":"

The IDs of the Outpost LAGs.

", + "locationName":"OutpostLagId" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

The filters to use for narrowing down the request. The following filters are supported:

  • service-link-virtual-interface-id - The ID of the service link virtual interface.

  • service-link-virtual-interface-arn - The ARN of the service link virtual interface.

  • outpost-id - The Outpost ID.

  • outpost-arn - The Outpost ARN.

  • owner-id - The ID of the Amazon Web Services account that owns the service link virtual interface.

  • vlan - The ID of the address pool.

  • local-address - The local address.

  • peer-address - The peer address.

  • peer-bgp-asn - The peer BGP ASN.

  • outpost-lag-id - The Outpost LAG ID.

  • configuration-state - The configuration state of the service link virtual interface.

", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"OutpostLagMaxResults", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeOutpostLagsResult":{ + "type":"structure", + "members":{ + "OutpostLags":{ + "shape":"OutpostLagSet", + "documentation":"

The Outpost LAGs.

", + "locationName":"outpostLagSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "DescribePlacementGroupsRequest":{ "type":"structure", "members":{ @@ -24596,7 +27354,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

One or more filters.

  • client-token - The idempotency token for the modification request.

  • create-date - The time when the modification request was created.

  • effective-date - The time when the modification becomes effective.

  • modification-result.reserved-instances-id - The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled.

  • modification-result.target-configuration.availability-zone - The Availability Zone for the new Reserved Instances.

  • modification-result.target-configuration.instance-count - The number of new Reserved Instances.

  • modification-result.target-configuration.instance-type - The instance type of the new Reserved Instances.

  • reserved-instances-id - The ID of the Reserved Instances modified.

  • reserved-instances-modification-id - The ID of the modification request.

  • status - The status of the Reserved Instances modification request (processing | fulfilled | failed).

  • status-message - The reason for the status.

  • update-date - The time when the modification request was last updated.

", + "documentation":"

One or more filters.

  • client-token - The idempotency token for the modification request.

  • create-date - The time when the modification request was created.

  • effective-date - The time when the modification becomes effective.

  • modification-result.reserved-instances-id - The ID for the Reserved Instances created as part of the modification request. This ID is only available when the status of the modification is fulfilled.

  • modification-result.target-configuration.availability-zone - The Availability Zone for the new Reserved Instances.

  • modification-result.target-configuration.availability-zone-id - The ID of the Availability Zone for the new Reserved Instances.

  • modification-result.target-configuration.instance-count - The number of new Reserved Instances.

  • modification-result.target-configuration.instance-type - The instance type of the new Reserved Instances.

  • reserved-instances-id - The ID of the Reserved Instances modified.

  • reserved-instances-modification-id - The ID of the modification request.

  • status - The status of the Reserved Instances modification request (processing | fulfilled | failed).

  • status-message - The reason for the status.

  • update-date - The time when the modification request was last updated.

", "locationName":"Filter" } }, @@ -24623,7 +27381,7 @@ "members":{ "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone in which the Reserved Instance can be used.

" + "documentation":"

The Availability Zone in which the Reserved Instance can be used.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both.

" }, "IncludeMarketplace":{ "shape":"Boolean", @@ -24658,6 +27416,10 @@ "documentation":"

One or more Reserved Instances offering IDs.

", "locationName":"ReservedInstancesOfferingId" }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -24665,7 +27427,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (for example, one year or three years), in seconds (31536000 | 94608000).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • marketplace - Set to true to show only Reserved Instance Marketplace offerings. When this filter is not used, which is the default behavior, all offerings from both Amazon Web Services and the Reserved Instance Marketplace are listed.

  • product-description - The Reserved Instance product platform description (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).

  • reserved-instances-offering-id - The Reserved Instances offering ID.

  • scope - The scope of the Reserved Instance (Availability Zone or Region).

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

", + "documentation":"

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • availability-zone-id - The ID of the Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (for example, one year or three years), in seconds (31536000 | 94608000).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • marketplace - Set to true to show only Reserved Instance Marketplace offerings. When this filter is not used, which is the default behavior, all offerings from both Amazon Web Services and the Reserved Instance Marketplace are listed.

  • product-description - The Reserved Instance product platform description (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).

  • reserved-instances-offering-id - The Reserved Instances offering ID.

  • scope - The scope of the Reserved Instance (Availability Zone or Region).

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

", "locationName":"Filter" }, "InstanceTenancy":{ @@ -24726,7 +27488,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (one year or three years), in seconds (31536000 | 94608000).

  • end - The time when the Reserved Instance expires (for example, 2015-08-07T11:54:42.000Z).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • scope - The scope of the Reserved Instance (Region or Availability Zone).

  • product-description - The Reserved Instance product platform description (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).

  • reserved-instances-id - The ID of the Reserved Instance.

  • start - The time at which the Reserved Instance purchase request was placed (for example, 2014-08-07T11:54:42.000Z).

  • state - The state of the Reserved Instance (payment-pending | active | payment-failed | retired).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

", + "documentation":"

One or more filters.

  • availability-zone - The Availability Zone where the Reserved Instance can be used.

  • availability-zone-id - The ID of the Availability Zone where the Reserved Instance can be used.

  • duration - The duration of the Reserved Instance (one year or three years), in seconds (31536000 | 94608000).

  • end - The time when the Reserved Instance expires (for example, 2015-08-07T11:54:42.000Z).

  • fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).

  • instance-type - The instance type that is covered by the reservation.

  • scope - The scope of the Reserved Instance (Region or Availability Zone).

  • product-description - The Reserved Instance product platform description (Linux/UNIX | Linux with SQL Server Standard | Linux with SQL Server Web | Linux with SQL Server Enterprise | SUSE Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Windows | Windows with SQL Server Standard | Windows with SQL Server Web | Windows with SQL Server Enterprise).

  • reserved-instances-id - The ID of the Reserved Instance.

  • start - The time at which the Reserved Instance purchase request was placed (for example, 2014-08-07T11:54:42.000Z).

  • state - The state of the Reserved Instance (payment-pending | active | payment-failed | retired).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • usage-price - The usage price of the Reserved Instance, per hour (for example, 0.84).

", "locationName":"Filter" }, "OfferingType":{ @@ -24748,6 +27510,132 @@ }, "documentation":"

Contains the output for DescribeReservedInstances.

" }, + "DescribeRouteServerEndpointsRequest":{ + "type":"structure", + "members":{ + "RouteServerEndpointIds":{ + "shape":"RouteServerEndpointIdsList", + "documentation":"

The IDs of the route server endpoints to describe.

", + "locationName":"RouteServerEndpointId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "MaxResults":{ + "shape":"RouteServerMaxResults", + "documentation":"

The maximum number of results to return with a single call.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to apply to the describe request.

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeRouteServerEndpointsResult":{ + "type":"structure", + "members":{ + "RouteServerEndpoints":{ + "shape":"RouteServerEndpointsList", + "documentation":"

Information about the described route server endpoints.

", + "locationName":"routeServerEndpointSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "DescribeRouteServerPeersRequest":{ + "type":"structure", + "members":{ + "RouteServerPeerIds":{ + "shape":"RouteServerPeerIdsList", + "documentation":"

The IDs of the route server peers to describe.

", + "locationName":"RouteServerPeerId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "MaxResults":{ + "shape":"RouteServerMaxResults", + "documentation":"

The maximum number of results to return with a single call.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to apply to the describe request.

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeRouteServerPeersResult":{ + "type":"structure", + "members":{ + "RouteServerPeers":{ + "shape":"RouteServerPeersList", + "documentation":"

Information about the described route server peers.

", + "locationName":"routeServerPeerSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "DescribeRouteServersRequest":{ + "type":"structure", + "members":{ + "RouteServerIds":{ + "shape":"RouteServerIdsList", + "documentation":"

The IDs of the route servers to describe.

", + "locationName":"RouteServerId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "MaxResults":{ + "shape":"RouteServerMaxResults", + "documentation":"

The maximum number of results to return with a single call.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to apply to the describe request.

", + "locationName":"Filter" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeRouteServersResult":{ + "type":"structure", + "members":{ + "RouteServers":{ + "shape":"RouteServersList", + "documentation":"

Information about the described route servers.

", + "locationName":"routeServerSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "DescribeRouteTablesMaxResults":{ "type":"integer", "max":100, @@ -24990,7 +27878,7 @@ "members":{ "Filters":{ "shape":"FilterList", - "documentation":"

Security group VPC association filters.

  • group-id: The security group ID.

  • vpc-id: The ID of the associated VPC.

  • vpc-owner-id: The account ID of the VPC owner.

  • state: The state of the association.

  • tag:<key>: The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key: The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

", + "documentation":"

Security group VPC association filters.

  • group-id: The security group ID.

  • group-owner-id: The group owner ID.

  • state: The state of the association.

  • vpc-id: The ID of the associated VPC.

  • vpc-owner-id: The account ID of the VPC owner.

", "locationName":"Filter" }, "NextToken":{ @@ -25075,6 +27963,48 @@ } } }, + "DescribeServiceLinkVirtualInterfacesRequest":{ + "type":"structure", + "members":{ + "ServiceLinkVirtualInterfaceIds":{ + "shape":"ServiceLinkVirtualInterfaceIdSet", + "documentation":"

The IDs of the service link virtual interfaces.

", + "locationName":"ServiceLinkVirtualInterfaceId" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

The filters to use for narrowing down the request. The following filters are supported:

  • outpost-lag-id - The ID of the Outpost LAG.

  • outpost-arn - The Outpost ARN.

  • owner-id - The ID of the Amazon Web Services account that owns the service link virtual interface.

  • state - The state of the Outpost LAG.

  • vlan - The ID of the address pool.

  • service-link-virtual-interface-id - The ID of the service link virtual interface.

  • local-gateway-virtual-interface-id - The ID of the local gateway virtual interface.

", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"ServiceLinkMaxResults", + "documentation":"

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DescribeServiceLinkVirtualInterfacesResult":{ + "type":"structure", + "members":{ + "ServiceLinkVirtualInterfaces":{ + "shape":"ServiceLinkVirtualInterfaceSet", + "documentation":"

Describes the service link virtual interfaces.

", + "locationName":"serviceLinkVirtualInterfaceSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "DescribeSnapshotAttributeRequest":{ "type":"structure", "required":[ @@ -25424,7 +28354,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • availability-zone-group - The Availability Zone group.

  • create-time - The time stamp when the Spot Instance request was created.

  • fault-code - The fault code related to the request.

  • fault-message - The fault message related to the request.

  • instance-id - The ID of the instance that fulfilled the request.

  • launch-group - The Spot Instance launch group.

  • launch.block-device-mapping.delete-on-termination - Indicates whether the EBS volume is deleted on instance termination.

  • launch.block-device-mapping.device-name - The device name for the volume in the block device mapping (for example, /dev/sdh or xvdh).

  • launch.block-device-mapping.snapshot-id - The ID of the snapshot for the EBS volume.

  • launch.block-device-mapping.volume-size - The size of the EBS volume, in GiB.

  • launch.block-device-mapping.volume-type - The type of EBS volume: gp2 or gp3 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic.

  • launch.group-id - The ID of the security group for the instance.

  • launch.group-name - The name of the security group for the instance.

  • launch.image-id - The ID of the AMI.

  • launch.instance-type - The type of instance (for example, m3.medium).

  • launch.kernel-id - The kernel ID.

  • launch.key-name - The name of the key pair the instance launched with.

  • launch.monitoring-enabled - Whether detailed monitoring is enabled for the Spot Instance.

  • launch.ramdisk-id - The RAM disk ID.

  • launched-availability-zone - The Availability Zone in which the request is launched.

  • network-interface.addresses.primary - Indicates whether the IP address is the primary private IP address.

  • network-interface.delete-on-termination - Indicates whether the network interface is deleted when the instance is terminated.

  • network-interface.description - A description of the network interface.

  • network-interface.device-index - The index of the device for the network interface attachment on the instance.

  • network-interface.group-id - The ID of the security group associated with the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.private-ip-address - The primary private IP address of the network interface.

  • network-interface.subnet-id - The ID of the subnet for the instance.

  • product-description - The product description associated with the instance (Linux/UNIX | Windows).

  • spot-instance-request-id - The Spot Instance request ID.

  • spot-price - The maximum hourly price for any Spot Instance launched to fulfill the request.

  • state - The state of the Spot Instance request (open | active | closed | cancelled | failed). Spot request status information can help you track your Amazon EC2 Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide.

  • status-code - The short code describing the most recent evaluation of your Spot Instance request.

  • status-message - The message explaining the status of the Spot Instance request.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of Spot Instance request (one-time | persistent).

  • valid-from - The start date of the request.

  • valid-until - The end date of the request.

", + "documentation":"

The filters.

  • availability-zone-group - The Availability Zone group.

  • create-time - The time stamp when the Spot Instance request was created.

  • fault-code - The fault code related to the request.

  • fault-message - The fault message related to the request.

  • instance-id - The ID of the instance that fulfilled the request.

  • launch-group - The Spot Instance launch group.

  • launch.block-device-mapping.delete-on-termination - Indicates whether the EBS volume is deleted on instance termination.

  • launch.block-device-mapping.device-name - The device name for the volume in the block device mapping (for example, /dev/sdh or xvdh).

  • launch.block-device-mapping.snapshot-id - The ID of the snapshot for the EBS volume.

  • launch.block-device-mapping.volume-size - The size of the EBS volume, in GiB.

  • launch.block-device-mapping.volume-type - The type of EBS volume: gp2 or gp3 for General Purpose SSD, io1 or io2 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic.

  • launch.group-id - The ID of the security group for the instance.

  • launch.group-name - The name of the security group for the instance.

  • launch.image-id - The ID of the AMI.

  • launch.instance-type - The type of instance (for example, m3.medium).

  • launch.kernel-id - The kernel ID.

  • launch.key-name - The name of the key pair the instance launched with.

  • launch.monitoring-enabled - Whether detailed monitoring is enabled for the Spot Instance.

  • launch.ramdisk-id - The RAM disk ID.

  • launched-availability-zone - The Availability Zone in which the request is launched.

  • launched-availability-zone-id - The ID of the Availability Zone in which the request is launched.

  • network-interface.addresses.primary - Indicates whether the IP address is the primary private IP address.

  • network-interface.delete-on-termination - Indicates whether the network interface is deleted when the instance is terminated.

  • network-interface.description - A description of the network interface.

  • network-interface.device-index - The index of the device for the network interface attachment on the instance.

  • network-interface.group-id - The ID of the security group associated with the network interface.

  • network-interface.network-interface-id - The ID of the network interface.

  • network-interface.private-ip-address - The primary private IP address of the network interface.

  • network-interface.subnet-id - The ID of the subnet for the instance.

  • product-description - The product description associated with the instance (Linux/UNIX | Windows).

  • spot-instance-request-id - The Spot Instance request ID.

  • spot-price - The maximum hourly price for any Spot Instance launched to fulfill the request.

  • state - The state of the Spot Instance request (open | active | closed | cancelled | failed). Spot request status information can help you track your Amazon EC2 Spot Instance requests. For more information, see Spot request status in the Amazon EC2 User Guide.

  • status-code - The short code describing the most recent evaluation of your Spot Instance request.

  • status-message - The message explaining the status of the Spot Instance request.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • type - The type of Spot Instance request (one-time | persistent).

  • valid-from - The start date of the request.

  • valid-until - The end date of the request.

", "locationName":"Filter" } }, @@ -25449,6 +28379,10 @@ "DescribeSpotPriceHistoryRequest":{ "type":"structure", "members":{ + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

Filters the results by the specified ID of the Availability Zone.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -25476,12 +28410,12 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • availability-zone - The Availability Zone for which prices should be returned.

  • instance-type - The type of instance (for example, m3.medium).

  • product-description - The product description for the Spot price (Linux/UNIX | Red Hat Enterprise Linux | SUSE Linux | Windows | Linux/UNIX (Amazon VPC) | Red Hat Enterprise Linux (Amazon VPC) | SUSE Linux (Amazon VPC) | Windows (Amazon VPC)).

  • spot-price - The Spot price. The value must match exactly (or use wildcards; greater than or less than comparison is not supported).

  • timestamp - The time stamp of the Spot price history, in UTC format (for example, ddd MMM dd HH:mm:ss UTC YYYY). You can use wildcards (* and ?). Greater than or less than comparison is not supported.

", + "documentation":"

The filters.

  • availability-zone - The Availability Zone for which prices should be returned.

  • availability-zone-id - The ID of the Availability Zone for which prices should be returned.

  • instance-type - The type of instance (for example, m3.medium).

  • product-description - The product description for the Spot price (Linux/UNIX | Red Hat Enterprise Linux | SUSE Linux | Windows | Linux/UNIX (Amazon VPC) | Red Hat Enterprise Linux (Amazon VPC) | SUSE Linux (Amazon VPC) | Windows (Amazon VPC)).

  • spot-price - The Spot price. The value must match exactly (or use wildcards; greater than or less than comparison is not supported).

  • timestamp - The time stamp of the Spot price history, in UTC format (for example, ddd MMM dd HH:mm:ss UTC YYYY). You can use wildcards (* and ?). Greater than or less than comparison is not supported.

", "locationName":"Filter" }, "AvailabilityZone":{ "shape":"String", - "documentation":"

Filters the results by the specified Availability Zone.

", + "documentation":"

Filters the results by the specified Availability Zone.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

", "locationName":"availabilityZone" }, "MaxResults":{ @@ -26713,7 +29647,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • attachment.attach-time - The time stamp when the attachment initiated.

  • attachment.delete-on-termination - Whether the volume is deleted on instance termination.

  • attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).

  • attachment.instance-id - The ID of the instance the volume is attached to.

  • attachment.status - The attachment state (attaching | attached | detaching).

  • availability-zone - The Availability Zone in which the volume was created.

  • create-time - The time stamp when the volume was created.

  • encrypted - Indicates whether the volume is encrypted (true | false)

  • fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).

  • multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)

  • operator.managed - A Boolean that indicates whether this is a managed volume.

  • operator.principal - The principal that manages the volume. Only valid for managed volumes, where managed is true.

  • size - The size of the volume, in GiB.

  • snapshot-id - The snapshot from which the volume was created.

  • status - The state of the volume (creating | available | in-use | deleting | deleted | error).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • volume-id - The volume ID.

  • volume-type - The Amazon EBS volume type (gp2 | gp3 | io1 | io2 | st1 | sc1| standard)

", + "documentation":"

The filters.

  • attachment.attach-time - The time stamp when the attachment initiated.

  • attachment.delete-on-termination - Whether the volume is deleted on instance termination.

  • attachment.device - The device name specified in the block device mapping (for example, /dev/sda1).

  • attachment.instance-id - The ID of the instance the volume is attached to.

  • attachment.status - The attachment state (attaching | attached | detaching).

  • availability-zone - The Availability Zone in which the volume was created.

  • availability-zone-id - The ID of the Availability Zone in which the volume was created.

  • create-time - The time stamp when the volume was created.

  • encrypted - Indicates whether the volume is encrypted (true | false)

  • fast-restored - Indicates whether the volume was created from a snapshot that is enabled for fast snapshot restore (true | false).

  • multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach (true | false)

  • operator.managed - A Boolean that indicates whether this is a managed volume.

  • operator.principal - The principal that manages the volume. Only valid for managed volumes, where managed is true.

  • size - The size of the volume, in GiB.

  • snapshot-id - The snapshot from which the volume was created.

  • status - The state of the volume (creating | available | in-use | deleting | deleted | error).

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • volume-id - The volume ID.

  • volume-type - The Amazon EBS volume type (gp2 | gp3 | io1 | io2 | st1 | sc1| standard)

", "locationName":"Filter" }, "NextToken":{ @@ -26944,7 +29878,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • vpc-endpoint-id - The ID of the VPC endpoint.

  • associated-resource-accessibility - The association state. When the state is accessible, it returns AVAILABLE. When the state is inaccessible, it returns PENDING or FAILED.

  • association-id - The ID of the VPC endpoint association.

  • associated-resource-id - The ID of the associated resource configuration.

  • service-network-arn - The Amazon Resource Name (ARN) of the associated service network. Only VPC endpoints of type service network will be returned.

  • resource-configuration-group-arn - The Amazon Resource Name (ARN) of the resource configuration of type GROUP.

  • service-network-resource-association-id - The ID of the association.

", + "documentation":"

The filters.

  • vpc-endpoint-id - The ID of the VPC endpoint.

  • associated-resource-accessibility - The association state. When the state is accessible, it returns AVAILABLE. When the state is inaccessible, it returns PENDING or FAILED.

  • association-id - The ID of the VPC endpoint association.

  • associated-resource-id - The ID of the associated resource configuration.

  • service-network-arn - The Amazon Resource Name (ARN) of the associated service network. Only VPC endpoints of type service network will be returned.

  • resource-configuration-group-arn - The Amazon Resource Name (ARN) of the resource configuration of type GROUP.

", "locationName":"Filter" }, "MaxResults":{ @@ -27200,7 +30134,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"

The filters.

  • ip-address-type - The IP address type (ipv4 | ipv6).

  • service-name - The name of the service.

  • service-region - The Region of the service.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC in which the endpoint resides.

  • vpc-endpoint-id - The ID of the endpoint.

  • vpc-endpoint-state - The state of the endpoint (pendingAcceptance | pending | available | deleting | deleted | rejected | failed).

  • vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | GatewayLoadBalancer).

", + "documentation":"

The filters.

  • ip-address-type - The IP address type (ipv4 | ipv6).

  • service-name - The name of the service.

  • service-region - The Region of the service.

  • tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC in which the endpoint resides.

  • vpc-endpoint-id - The ID of the endpoint.

  • vpc-endpoint-state - The state of the endpoint (pendingAcceptance | pending | available | deleting | deleted | rejected | failed).

  • vpc-endpoint-type - The type of VPC endpoint (Interface | Gateway | GatewayLoadBalancer | Resource | ServiceNetwork).

", "locationName":"Filter" }, "MaxResults":{ @@ -27714,6 +30648,25 @@ "locationName":"item" } }, + "DimensionCondition":{ + "type":"structure", + "members":{ + "Dimension":{ + "shape":"FilterByDimension", + "documentation":"

The name of the dimension to filter by.

" + }, + "Comparison":{ + "shape":"Comparison", + "documentation":"

The comparison operator to use for the filter.

" + }, + "Values":{ + "shape":"ConditionValueList", + "documentation":"

The list of values to match against the specified dimension. For 'equals' comparison, only the first value is used. For 'in' comparison, any matching value will satisfy the condition.

", + "locationName":"Value" + } + }, + "documentation":"

Specifies a condition for filtering capacity data based on dimension values. Used to create precise filters for metric queries and dimension lookups.

" + }, "DirectoryServiceAuthentication":{ "type":"structure", "members":{ @@ -27813,6 +30766,35 @@ } } }, + "DisableCapacityManagerRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "DisableCapacityManagerResult":{ + "type":"structure", + "members":{ + "CapacityManagerStatus":{ + "shape":"CapacityManagerStatus", + "documentation":"

The current status of Capacity Manager after the disable operation.

", + "locationName":"capacityManagerStatus" + }, + "OrganizationsAccess":{ + "shape":"Boolean", + "documentation":"

Indicates whether Organizations access is enabled. This will be false after disabling Capacity Manager.

", + "locationName":"organizationsAccess" + } + } + }, "DisableEbsEncryptionByDefaultRequest":{ "type":"structure", "members":{ @@ -27947,6 +30929,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "Error":{ "shape":"DisableFastSnapshotRestoreStateError", "documentation":"

The error.

", @@ -27975,6 +30962,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "State":{ "shape":"FastSnapshotRestoreStateCode", "documentation":"

The state of fast snapshot restores for the snapshot.

", @@ -28032,16 +31024,18 @@ }, "DisableFastSnapshotRestoresRequest":{ "type":"structure", - "required":[ - "AvailabilityZones", - "SourceSnapshotIds" - ], + "required":["SourceSnapshotIds"], "members":{ "AvailabilityZones":{ "shape":"AvailabilityZoneStringList", - "documentation":"

One or more Availability Zones. For example, us-east-2a.

", + "documentation":"

One or more Availability Zones. For example, us-east-2a.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", "locationName":"AvailabilityZone" }, + "AvailabilityZoneIds":{ + "shape":"AvailabilityZoneIdStringList", + "documentation":"

One or more Availability Zone IDs. For example, use2-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", + "locationName":"AvailabilityZoneId" + }, "SourceSnapshotIds":{ "shape":"SnapshotIdStringList", "documentation":"

The IDs of one or more snapshots. For example, snap-1234567890abcdef0.

", @@ -28183,6 +31177,37 @@ } } }, + "DisableRouteServerPropagationRequest":{ + "type":"structure", + "required":[ + "RouteServerId", + "RouteTableId" + ], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to disable propagation.

" + }, + "RouteTableId":{ + "shape":"RouteTableId", + "documentation":"

The ID of the route table for which to disable route server propagation.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DisableRouteServerPropagationResult":{ + "type":"structure", + "members":{ + "RouteServerPropagation":{ + "shape":"RouteServerPropagation", + "documentation":"

Information about the disabled route server propagation.

", + "locationName":"routeServerPropagation" + } + } + }, "DisableSerialConsoleAccessRequest":{ "type":"structure", "members":{ @@ -28583,6 +31608,37 @@ } } }, + "DisassociateRouteServerRequest":{ + "type":"structure", + "required":[ + "RouteServerId", + "VpcId" + ], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server to disassociate.

" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

The ID of the VPC to disassociate from the route server.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "DisassociateRouteServerResult":{ + "type":"structure", + "members":{ + "RouteServerAssociation":{ + "shape":"RouteServerAssociation", + "documentation":"

Information about the disassociated route server.

", + "locationName":"routeServerAssociation" + } + } + }, "DisassociateRouteTableRequest":{ "type":"structure", "required":["AssociationId"], @@ -28779,7 +31835,7 @@ "members":{ "Return":{ "shape":"Boolean", - "documentation":"

Returns true if the request succeeds; otherwise, it returns an error.

", + "documentation":"

Is true if the request succeeds and an error otherwise.

", "locationName":"return" }, "ClientToken":{ @@ -28998,6 +32054,16 @@ "shape":"Boolean", "documentation":"

Indicates whether to enable private DNS only for inbound endpoints.

", "locationName":"privateDnsOnlyForInboundResolverEndpoint" + }, + "PrivateDnsPreference":{ + "shape":"String", + "documentation":"

The preference for which private domains have a private hosted zone created for and associated with the specified VPC. Only supported when private DNS is enabled and when the VPC endpoint type is ServiceNetwork or Resource.

  • ALL_DOMAINS - VPC Lattice provisions private hosted zones for all custom domain names.

  • VERIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone only if custom domain name has been verified by the provider.

  • VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS - VPC Lattice provisions private hosted zones for all verified custom domain names and other domain names that the resource consumer specifies. The resource consumer specifies the domain names in the PrivateDnsSpecifiedDomains parameter.

  • SPECIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone for domain names specified by the resource consumer. The resource consumer specifies the domain names in the PrivateDnsSpecifiedDomains parameter.

", + "locationName":"privateDnsPreference" + }, + "PrivateDnsSpecifiedDomains":{ + "shape":"PrivateDnsSpecifiedDomainSet", + "documentation":"

Indicates which of the private domains to create private hosted zones for and associate with the specified VPC. Only supported when private DNS is enabled and the private DNS preference is VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS or SPECIFIED_DOMAINS_ONLY.

", + "locationName":"privateDnsSpecifiedDomainSet" } }, "documentation":"

Describes the DNS options for an endpoint.

" @@ -29012,6 +32078,15 @@ "PrivateDnsOnlyForInboundResolverEndpoint":{ "shape":"Boolean", "documentation":"

Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint.

" + }, + "PrivateDnsPreference":{ + "shape":"String", + "documentation":"

The preference for which private domains have a private hosted zone created for and associated with the specified VPC. Only supported when private DNS is enabled and when the VPC endpoint type is ServiceNetwork or Resource.

  • ALL_DOMAINS - VPC Lattice provisions private hosted zones for all custom domain names.

  • VERIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone only if custom domain name has been verified by the provider.

  • VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS - VPC Lattice provisions private hosted zones for all verified custom domain names and other domain names that the resource consumer specifies. The resource consumer specifies the domain names in the PrivateDnsSpecifiedDomains parameter.

  • SPECIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone for domain names specified by the resource consumer. The resource consumer specifies the domain names in the PrivateDnsSpecifiedDomains parameter.

" + }, + "PrivateDnsSpecifiedDomains":{ + "shape":"PrivateDnsSpecifiedDomainSet", + "documentation":"

Indicates which of the private domains to create private hosted zones for and associate with the specified VPC. Only supported when private DNS is enabled and the private DNS preference is verified-domains-and-specified-domains or specified-domains-only.

", + "locationName":"PrivateDnsSpecifiedDomain" } }, "documentation":"

Describes the DNS options for an endpoint.

" @@ -29081,7 +32156,7 @@ }, "Iops":{ "shape":"Integer", - "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 16,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS.

", + "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS.

", "locationName":"iops" }, "SnapshotId":{ @@ -29091,7 +32166,7 @@ }, "VolumeSize":{ "shape":"Integer", - "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported sizes for each volume type:

  • gp2 and gp3: 1 - 16,384 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

", + "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported sizes for each volume type:

  • gp2: 1 - 16,384 GiB

  • gp3: 1 - 65,536 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

", "locationName":"volumeSize" }, "VolumeType":{ @@ -29106,7 +32181,7 @@ }, "Throughput":{ "shape":"Integer", - "documentation":"

The throughput that the volume supports, in MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 1000.

", + "documentation":"

The throughput that the volume supports, in MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 2,000.

", "locationName":"throughput" }, "OutpostArn":{ @@ -29114,10 +32189,69 @@ "documentation":"

The ARN of the Outpost on which the snapshot is stored.

This parameter is not supported when using CreateImage.

", "locationName":"outpostArn" }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"

The Availability Zone where the EBS volume will be created (for example, us-east-1a).

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both. If neither is specified, Amazon EC2 automatically selects an Availability Zone within the Region.

This parameter is not supported when using CreateFleet, CreateImage, DescribeImages, RequestSpotFleet, RequestSpotInstances, and RunInstances.

", + "locationName":"availabilityZone" + }, "Encrypted":{ "shape":"Boolean", "documentation":"

Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

In no case can you remove encryption from an encrypted volume.

Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

This parameter is not returned by DescribeImageAttribute.

For CreateImage and RegisterImage, whether you can include this parameter, and the allowed values differ depending on the type of block device mapping you are creating.

  • If you are creating a block device mapping for a new (empty) volume, you can include this parameter, and specify either true for an encrypted volume, or false for an unencrypted volume. If you omit this parameter, it defaults to false (unencrypted).

  • If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.

  • If you are creating a block device mapping from an existing unencrypted volume, you can include this parameter, but you must specify false. If you specify true, the request will fail. In this case, we recommend that you omit the parameter.

  • If you are creating a block device mapping from an existing encrypted volume, you can include this parameter, and specify either true or false. However, if you specify false, the parameter is ignored and the block device mapping is always encrypted. In this case, we recommend that you omit the parameter.

", "locationName":"encrypted" + }, + "VolumeInitializationRate":{ + "shape":"Integer", + "documentation":"

Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as volume initialization. Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation. For more information, see Initialize Amazon EBS volumes in the Amazon EC2 User Guide.

This parameter is supported only for volumes created from snapshots. Omit this parameter if:

  • You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.

    If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.

  • You want to create a volume that is initialized at the default rate.

This parameter is not supported when using CreateImage and DescribeImages.

Valid range: 100 - 300 MiB/s

" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone where the EBS volume will be created (for example, use1-az1).

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both. If neither is specified, Amazon EC2 automatically selects an Availability Zone within the Region.

This parameter is not supported when using CreateFleet, CreateImage, DescribeImages, RequestSpotFleet, RequestSpotInstances, and RunInstances.

" + } + }, + "documentation":"

Describes a block device for an EBS volume.

" + }, + "EbsBlockDeviceResponse":{ + "type":"structure", + "members":{ + "Encrypted":{ + "shape":"Boolean", + "documentation":"

Indicates whether the volume is encrypted.

", + "locationName":"encrypted" + }, + "DeleteOnTermination":{ + "shape":"Boolean", + "documentation":"

Indicates whether the volume is deleted on instance termination.

", + "locationName":"deleteOnTermination" + }, + "Iops":{ + "shape":"Integer", + "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

", + "locationName":"iops" + }, + "Throughput":{ + "shape":"Integer", + "documentation":"

The throughput that the volume supports, in MiB/s.

", + "locationName":"throughput" + }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.

", + "locationName":"kmsKeyId" + }, + "SnapshotId":{ + "shape":"SnapshotId", + "documentation":"

The ID of the snapshot.

", + "locationName":"snapshotId" + }, + "VolumeSize":{ + "shape":"Integer", + "documentation":"

The size of the volume, in GiBs.

", + "locationName":"volumeSize" + }, + "VolumeType":{ + "shape":"VolumeType", + "documentation":"

The volume type. For more information, see Amazon EBS volume types in the Amazon EBS User Guide.

", + "locationName":"volumeType" } }, "documentation":"

Describes a block device for an EBS volume.

" @@ -29151,6 +32285,16 @@ "shape":"EbsNvmeSupport", "documentation":"

Indicates whether non-volatile memory express (NVMe) is supported.

", "locationName":"nvmeSupport" + }, + "MaximumEbsAttachments":{ + "shape":"MaximumEbsAttachments", + "documentation":"

Indicates the maximum number of Amazon EBS volumes that can be attached to the instance type. For more information, see Amazon EBS volume limits for Amazon EC2 instances in the Amazon EC2 User Guide.

", + "locationName":"maximumEbsAttachments" + }, + "AttachmentLimitType":{ + "shape":"AttachmentLimitType", + "documentation":"

Indicates whether the instance type features a shared or dedicated Amazon EBS volume attachment limit. For more information, see Amazon EBS volume limits for Amazon EC2 instances in the Amazon EC2 User Guide.

", + "locationName":"attachmentLimitType" } }, "documentation":"

Describes the Amazon EBS features supported by the instance type.

" @@ -29180,12 +32324,12 @@ }, "AssociatedResource":{ "shape":"String", - "documentation":"

The ARN of the Amazon ECS or Fargate task to which the volume is attached.

", + "documentation":"

The ARN of the Amazon Web Services-managed resource to which the volume is attached.

", "locationName":"associatedResource" }, "VolumeOwnerId":{ "shape":"String", - "documentation":"

The ID of the Amazon Web Services account that owns the volume.

This parameter is returned only for volumes that are attached to Fargate tasks.

", + "documentation":"

The ID of the Amazon Web Services account that owns the volume.

This parameter is returned only for volumes that are attached to Amazon Web Services-managed resources.

", "locationName":"volumeOwnerId" }, "Operator":{ @@ -29343,7 +32487,7 @@ }, "FipsDnsName":{ "shape":"String", - "documentation":"

", + "documentation":"

The Federal Information Processing Standards (FIPS) compliant DNS name of the EC2 Instance Connect Endpoint.

", "locationName":"fipsDnsName" }, "NetworkInterfaceIds":{ @@ -29373,7 +32517,7 @@ }, "PreserveClientIp":{ "shape":"Boolean", - "documentation":"

Indicates whether your client's IP address is preserved as the source. The value is true or false.

  • If true, your client's IP address is used when you connect to a resource.

  • If false, the elastic network interface IP address is used when you connect to a resource.

Default: true

", + "documentation":"

Indicates whether your client's IP address is preserved as the source when you connect to a resource. The following are the possible values.

  • true - Use the IP address of the client. Your instance must have an IPv4 address.

  • false - Use the IP address of the network interface.

Default: false

", "locationName":"preserveClientIp" }, "SecurityGroupIds":{ @@ -29385,9 +32529,19 @@ "shape":"TagList", "documentation":"

The tags assigned to the EC2 Instance Connect Endpoint.

", "locationName":"tagSet" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The IP address type of the endpoint.

", + "locationName":"ipAddressType" + }, + "PublicDnsNames":{ + "shape":"InstanceConnectEndpointPublicDnsNames", + "documentation":"

The public DNS names of the endpoint.

", + "locationName":"publicDnsNames" } }, - "documentation":"

The EC2 Instance Connect Endpoint.

" + "documentation":"

Describes an EC2 Instance Connect Endpoint.

" }, "Ec2InstanceConnectEndpointState":{ "type":"string", @@ -29397,7 +32551,10 @@ "create-failed", "delete-in-progress", "delete-complete", - "delete-failed" + "delete-failed", + "update-in-progress", + "update-complete", + "update-failed" ] }, "EfaInfo":{ @@ -29556,11 +32713,11 @@ "members":{ "Type":{ "shape":"String", - "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.

", + "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024.

", "locationName":"type" } }, - "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.

" + "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024.

" }, "ElasticGpuSpecificationResponseList":{ "type":"list", @@ -29707,11 +32864,11 @@ "members":{ "EnaSrdEnabled":{ "shape":"Boolean", - "documentation":"

Specifies whether ENA Express is enabled for the network interface when you launch an instance from your launch template.

" + "documentation":"

Specifies whether ENA Express is enabled for the network interface when you launch an instance.

" }, "EnaSrdUdpSpecification":{ "shape":"EnaSrdUdpSpecificationRequest", - "documentation":"

Contains ENA Express settings for UDP network traffic in your launch template.

" + "documentation":"

Contains ENA Express settings for UDP network traffic for the network interface attached to the instance.

" } }, "documentation":"

Launch instances with ENA Express settings configured from your launch template.

" @@ -29732,7 +32889,7 @@ "members":{ "EnaSrdUdpEnabled":{ "shape":"Boolean", - "documentation":"

Indicates whether UDP traffic uses ENA Express for your instance. To ensure that UDP traffic can use ENA Express when you launch an instance, you must also set EnaSrdEnabled in the EnaSrdSpecificationRequest to true in your launch template.

" + "documentation":"

Indicates whether UDP traffic uses ENA Express for your instance. To ensure that UDP traffic can use ENA Express when you launch an instance, you must also set EnaSrdEnabled in the EnaSrdSpecificationRequest to true.

" } }, "documentation":"

Configures ENA Express for UDP network traffic from your launch template.

" @@ -29835,6 +32992,39 @@ } } }, + "EnableCapacityManagerRequest":{ + "type":"structure", + "members":{ + "OrganizationsAccess":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable cross-account access for Amazon Web Services Organizations. When enabled, Capacity Manager can aggregate data from all accounts in your organization. Default is false.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "EnableCapacityManagerResult":{ + "type":"structure", + "members":{ + "CapacityManagerStatus":{ + "shape":"CapacityManagerStatus", + "documentation":"

The current status of Capacity Manager after the enable operation.

", + "locationName":"capacityManagerStatus" + }, + "OrganizationsAccess":{ + "shape":"Boolean", + "documentation":"

Indicates whether Organizations access is enabled for cross-account data aggregation.

", + "locationName":"organizationsAccess" + } + } + }, "EnableEbsEncryptionByDefaultRequest":{ "type":"structure", "members":{ @@ -29981,6 +33171,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "Error":{ "shape":"EnableFastSnapshotRestoreStateError", "documentation":"

The error.

", @@ -30009,6 +33204,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "State":{ "shape":"FastSnapshotRestoreStateCode", "documentation":"

The state of fast snapshot restores.

", @@ -30066,16 +33266,18 @@ }, "EnableFastSnapshotRestoresRequest":{ "type":"structure", - "required":[ - "AvailabilityZones", - "SourceSnapshotIds" - ], + "required":["SourceSnapshotIds"], "members":{ "AvailabilityZones":{ "shape":"AvailabilityZoneStringList", - "documentation":"

One or more Availability Zones. For example, us-east-2a.

", + "documentation":"

One or more Availability Zones. For example, us-east-2a.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", "locationName":"AvailabilityZone" }, + "AvailabilityZoneIds":{ + "shape":"AvailabilityZoneIdStringList", + "documentation":"

One or more Availability Zone IDs. For example, use2-az1.

Either AvailabilityZone or AvailabilityZoneId must be specified in the request, but not both.

", + "locationName":"AvailabilityZoneId" + }, "SourceSnapshotIds":{ "shape":"SnapshotIdStringList", "documentation":"

The IDs of one or more snapshots. For example, snap-1234567890abcdef0. You can specify a snapshot that was shared with you from another Amazon Web Services account.

", @@ -30252,6 +33454,37 @@ } } }, + "EnableRouteServerPropagationRequest":{ + "type":"structure", + "required":[ + "RouteServerId", + "RouteTableId" + ], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to enable propagation.

" + }, + "RouteTableId":{ + "shape":"RouteTableId", + "documentation":"

The ID of the route table to which route server will propagate routes.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "EnableRouteServerPropagationResult":{ + "type":"structure", + "members":{ + "RouteServerPropagation":{ + "shape":"RouteServerPropagation", + "documentation":"

Information about the enabled route server propagation.

", + "locationName":"routeServerPropagation" + } + } + }, "EnableSerialConsoleAccessRequest":{ "type":"structure", "members":{ @@ -30439,6 +33672,14 @@ "limited" ] }, + "EndpointIpAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6", + "dual-stack" + ] + }, "EndpointSet":{ "type":"list", "member":{ @@ -30481,7 +33722,7 @@ }, "EventSubType":{ "shape":"String", - "documentation":"

The event.

error events:

  • iamFleetRoleInvalid - The EC2 Fleet or Spot Fleet does not have the required permissions either to launch or terminate an instance.

  • allLaunchSpecsTemporarilyBlacklisted - None of the configurations are valid, and several attempts to launch instances have failed. For more information, see the description of the event.

  • spotInstanceCountLimitExceeded - You've reached the limit on the number of Spot Instances that you can launch.

  • spotFleetRequestConfigurationInvalid - The configuration is not valid. For more information, see the description of the event.

fleetRequestChange events:

  • active - The EC2 Fleet or Spot Fleet request has been validated and Amazon EC2 is attempting to maintain the target number of running instances.

  • deleted (EC2 Fleet) / cancelled (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and has no running instances. The EC2 Fleet or Spot Fleet will be deleted two days after its instances are terminated.

  • deleted_running (EC2 Fleet) / cancelled_running (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and does not launch additional instances. Its existing instances continue to run until they are interrupted or terminated. The request remains in this state until all instances are interrupted or terminated.

  • deleted_terminating (EC2 Fleet) / cancelled_terminating (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and its instances are terminating. The request remains in this state until all instances are terminated.

  • expired - The EC2 Fleet or Spot Fleet request has expired. If the request was created with TerminateInstancesWithExpiration set, a subsequent terminated event indicates that the instances are terminated.

  • modify_in_progress - The EC2 Fleet or Spot Fleet request is being modified. The request remains in this state until the modification is fully processed.

  • modify_succeeded - The EC2 Fleet or Spot Fleet request was modified.

  • submitted - The EC2 Fleet or Spot Fleet request is being evaluated and Amazon EC2 is preparing to launch the target number of instances.

  • progress - The EC2 Fleet or Spot Fleet request is in the process of being fulfilled.

instanceChange events:

  • launched - A new instance was launched.

  • terminated - An instance was terminated by the user.

  • termination_notified - An instance termination notification was sent when a Spot Instance was terminated by Amazon EC2 during scale-down, when the target capacity of the fleet was modified down, for example, from a target capacity of 4 to a target capacity of 3.

Information events:

  • fleetProgressHalted - The price in every launch specification is not valid because it is below the Spot price (all the launch specifications have produced launchSpecUnusable events). A launch specification might become valid if the Spot price changes.

  • launchSpecTemporarilyBlacklisted - The configuration is not valid and several attempts to launch instances have failed. For more information, see the description of the event.

  • launchSpecUnusable - The price in a launch specification is not valid because it is below the Spot price.

  • registerWithLoadBalancersFailed - An attempt to register instances with load balancers failed. For more information, see the description of the event.

", + "documentation":"

The event.

error events:

  • iamFleetRoleInvalid - The EC2 Fleet or Spot Fleet does not have the required permissions either to launch or terminate an instance.

  • allLaunchSpecsTemporarilyBlacklisted - None of the configurations are valid, and several attempts to launch instances have failed. For more information, see the description of the event.

  • spotInstanceCountLimitExceeded - You've reached the limit on the number of Spot Instances that you can launch.

  • spotFleetRequestConfigurationInvalid - The configuration is not valid. For more information, see the description of the event.

fleetRequestChange events:

  • active - The EC2 Fleet or Spot Fleet request has been validated and Amazon EC2 is attempting to maintain the target number of running instances.

  • deleted (EC2 Fleet) / cancelled (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and has no running instances. The EC2 Fleet or Spot Fleet will be deleted two days after its instances are terminated.

  • deleted_running (EC2 Fleet) / cancelled_running (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and does not launch additional instances. Its existing instances continue to run until they are interrupted or terminated. The request remains in this state until all instances are interrupted or terminated.

  • deleted_terminating (EC2 Fleet) / cancelled_terminating (Spot Fleet) - The EC2 Fleet is deleted or the Spot Fleet request is canceled and its instances are terminating. The request remains in this state until all instances are terminated.

  • expired - The EC2 Fleet or Spot Fleet request has expired. If the request was created with TerminateInstancesWithExpiration set, a subsequent terminated event indicates that the instances are terminated.

  • modify_in_progress - The EC2 Fleet or Spot Fleet request is being modified. The request remains in this state until the modification is fully processed.

  • modify_succeeded - The EC2 Fleet or Spot Fleet request was modified.

  • submitted - The EC2 Fleet or Spot Fleet request is being evaluated and Amazon EC2 is preparing to launch the target number of instances.

  • progress - The EC2 Fleet or Spot Fleet request is in the process of being fulfilled.

instanceChange events:

  • launched - A new instance was launched.

  • terminated - An instance was terminated by the user.

  • termination_notified - An instance termination notification was sent when a Spot Instance was terminated by Amazon EC2 during scale-down, when the target capacity of the fleet was modified down, for example, from a target capacity of 4 to a target capacity of 3.

Information events:

  • fleetProgressHalted - The price in every launch specification is not valid because it is below the Spot price (all the launch specifications have produced launchSpecUnusable events). A launch specification might become valid if the Spot price changes.

  • launchSpecTemporarilyBlacklisted - The configuration is not valid and several attempts to launch instances have failed. For more information, see the description of the event.

  • launchSpecUnusable - The price specified in a launch specification is not valid because it is below the Spot price for the requested Spot pools.

    Note: Even if a fleet with the maintain request type is in the process of being canceled, it may still publish a launchSpecUnusable event. This does not mean that the canceled fleet is attempting to launch a new instance.

  • registerWithLoadBalancersFailed - An attempt to register instances with load balancers failed. For more information, see the description of the event.

", "locationName":"eventSubType" }, "InstanceId":{ @@ -30563,6 +33804,11 @@ "documentation":"

The Availability Zones.

", "locationName":"availabilityZoneSet" }, + "AvailabilityZoneIds":{ + "shape":"ValueStringList", + "documentation":"

The IDs of the Availability Zones.

", + "locationName":"availabilityZoneIdSet" + }, "Cidrs":{ "shape":"ValueStringList", "documentation":"

The CIDR ranges.

", @@ -31263,6 +34509,20 @@ } }, "ExportVmTaskId":{"type":"string"}, + "ExternalAuthorityConfiguration":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"IpamScopeExternalAuthorityType", + "documentation":"

The type of external authority.

" + }, + "ExternalResourceIdentifier":{ + "shape":"String", + "documentation":"

The identifier for the external resource managing this scope. For Infoblox integrations, this is the Infoblox resource identifier in the format <version>.identity.account.<entity_realm>.<entity_id>.

" + } + }, + "documentation":"

The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.

For more information, see Integrate VPC IPAM with Infoblox infrastructure in the Amazon VPC IPAM User Guide..

" + }, "FailedCapacityReservationFleetCancellationResult":{ "type":"structure", "members":{ @@ -31447,6 +34707,28 @@ }, "documentation":"

A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

" }, + "FilterByDimension":{ + "type":"string", + "enum":[ + "resource-region", + "availability-zone-id", + "account-id", + "instance-family", + "instance-type", + "instance-platform", + "reservation-arn", + "reservation-id", + "reservation-type", + "reservation-create-timestamp", + "reservation-start-timestamp", + "reservation-end-timestamp", + "reservation-end-date-type", + "tenancy", + "reservation-state", + "reservation-instance-match-criteria", + "reservation-unused-financial-owner" + ] + }, "FilterList":{ "type":"list", "member":{ @@ -31579,6 +34861,35 @@ "fulfilled" ] }, + "FleetBlockDeviceMappingRequest":{ + "type":"structure", + "members":{ + "DeviceName":{ + "shape":"String", + "documentation":"

The device name (for example, /dev/sdh or xvdh).

" + }, + "VirtualName":{ + "shape":"String", + "documentation":"

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

NVMe instance store volumes are automatically enumerated and assigned a device name. Including them in your block device mapping has no effect.

Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

" + }, + "Ebs":{ + "shape":"FleetEbsBlockDeviceRequest", + "documentation":"

Parameters used to automatically set up EBS volumes when the instance is launched.

" + }, + "NoDevice":{ + "shape":"String", + "documentation":"

To omit the device from the block device mapping, specify an empty string. When this property is specified, the device is removed from the block device mapping regardless of the assigned value.

" + } + }, + "documentation":"

Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.

To override a block device mapping specified in the launch template:

  • Specify the exact same DeviceName here as specified in the launch template.

  • Only specify the parameters you want to change.

  • Any parameters you don't specify here will keep their original launch template values.

To add a new block device mapping:

  • Specify a DeviceName that doesn't exist in the launch template.

  • Specify all desired parameters here.

" + }, + "FleetBlockDeviceMappingRequestList":{ + "type":"list", + "member":{ + "shape":"FleetBlockDeviceMappingRequest", + "locationName":"BlockDeviceMapping" + } + }, "FleetCapacityReservation":{ "type":"structure", "members":{ @@ -31660,7 +34971,7 @@ "members":{ "ActivityStatus":{ "shape":"FleetActivityStatus", - "documentation":"

The progress of the EC2 Fleet. If there is an error, the status is error. After all requests are placed, the status is pending_fulfillment. If the size of the EC2 Fleet is equal to or greater than its target capacity, the status is fulfilled. If the size of the EC2 Fleet is decreased, the status is pending_termination while instances are terminating.

", + "documentation":"

The progress of the EC2 Fleet.

For fleets of type instant, the status is fulfilled after all requests are placed, regardless of whether target capacity is met (this is the only possible status for instant fleets).

For fleets of type request or maintain, the status is pending_fulfillment after all requests are placed, fulfilled when the fleet size meets or exceeds target capacity, pending_termination while instances are terminating when fleet size is decreased, and error if there's an error.

", "locationName":"activityStatus" }, "CreateTime":{ @@ -31766,6 +35077,44 @@ }, "documentation":"

Describes an EC2 Fleet.

" }, + "FleetEbsBlockDeviceRequest":{ + "type":"structure", + "members":{ + "Encrypted":{ + "shape":"Boolean", + "documentation":"

Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.

In no case can you remove encryption from an encrypted volume.

Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types.

This parameter is not returned by DescribeImageAttribute.

For CreateImage and RegisterImage, whether you can include this parameter, and the allowed values differ depending on the type of block device mapping you are creating.

  • If you are creating a block device mapping for a new (empty) volume, you can include this parameter, and specify either true for an encrypted volume, or false for an unencrypted volume. If you omit this parameter, it defaults to false (unencrypted).

  • If you are creating a block device mapping from an existing encrypted or unencrypted snapshot, you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.

  • If you are creating a block device mapping from an existing unencrypted volume, you can include this parameter, but you must specify false. If you specify true, the request will fail. In this case, we recommend that you omit the parameter.

  • If you are creating a block device mapping from an existing encrypted volume, you can include this parameter, and specify either true or false. However, if you specify false, the parameter is ignored and the block device mapping is always encrypted. In this case, we recommend that you omit the parameter.

" + }, + "DeleteOnTermination":{ + "shape":"Boolean", + "documentation":"

Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserve data when an instance is terminated in the Amazon EC2 User Guide.

" + }, + "Iops":{ + "shape":"Integer", + "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS.

" + }, + "Throughput":{ + "shape":"Integer", + "documentation":"

The throughput that the volume supports, in MiB/s.

This parameter is valid only for gp3 volumes.

Valid Range: Minimum value of 125. Maximum value of 2,000.

" + }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.

This parameter is only supported on BlockDeviceMapping objects called by CreateFleet, RequestSpotInstances, and RunInstances.

" + }, + "SnapshotId":{ + "shape":"SnapshotId", + "documentation":"

The ID of the snapshot.

" + }, + "VolumeSize":{ + "shape":"Integer", + "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

The following are the supported sizes for each volume type:

  • gp2: 1 - 16,384 GiB

  • gp3: 1 - 65,536 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

" + }, + "VolumeType":{ + "shape":"VolumeType", + "documentation":"

The volume type. For more information, see Amazon EBS volume types in the Amazon EBS User Guide.

" + } + }, + "documentation":"

Describes a block device for an EBS volume.

" + }, "FleetEventType":{ "type":"string", "enum":[ @@ -31846,7 +35195,7 @@ }, "MaxPrice":{ "shape":"String", - "documentation":"

The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.

", + "documentation":"

The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.

If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an InvalidParameterValue error message.

", "locationName":"maxPrice" }, "SubnetId":{ @@ -31855,7 +35204,7 @@ "locationName":"subnetId" }, "AvailabilityZone":{ - "shape":"String", + "shape":"AvailabilityZoneName", "documentation":"

The Availability Zone in which to launch the instances.

", "locationName":"availabilityZone" }, @@ -31883,6 +35232,11 @@ "shape":"ImageId", "documentation":"

The ID of the AMI in the format ami-17characters00000.

Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.

To reference a public parameter:

  • resolve:ssm:public-parameter

To reference a parameter stored in the same account:

  • resolve:ssm:parameter-name

  • resolve:ssm:parameter-name:version-number

  • resolve:ssm:parameter-name:label

To reference a parameter shared from another Amazon Web Services account:

  • resolve:ssm:parameter-ARN

  • resolve:ssm:parameter-ARN:version-number

  • resolve:ssm:parameter-ARN:label

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.

", "locationName":"imageId" + }, + "BlockDeviceMappings":{ + "shape":"BlockDeviceMappingResponseList", + "documentation":"

The block device mappings, which define the EBS volumes and instance store volumes to attach to the instance at launch.

Supported only for fleets of type instant.

For more information, see Block device mappings for volumes on Amazon EC2 instances in the Amazon EC2 User Guide.

", + "locationName":"blockDeviceMappingSet" } }, "documentation":"

Describes overrides for a launch template.

" @@ -31910,14 +35264,14 @@ }, "MaxPrice":{ "shape":"String", - "documentation":"

The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.

" + "documentation":"

The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.

If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an InvalidParameterValue error message.

" }, "SubnetId":{ "shape":"SubnetId", "documentation":"

The IDs of the subnets in which to launch the instances. Separate multiple subnet IDs using commas (for example, subnet-1234abcdeexample1, subnet-0987cdef6example2). A request of type instant can have only one subnet ID.

" }, "AvailabilityZone":{ - "shape":"String", + "shape":"AvailabilityZoneName", "documentation":"

The Availability Zone in which to launch the instances.

" }, "WeightedCapacity":{ @@ -31932,12 +35286,17 @@ "shape":"Placement", "documentation":"

The location where the instance launched, if applicable.

" }, + "BlockDeviceMappings":{ + "shape":"FleetBlockDeviceMappingRequestList", + "documentation":"

The block device mappings, which define the EBS volumes and instance store volumes to attach to the instance at launch.

Supported only for fleets of type instant.

For more information, see Block device mappings for volumes on Amazon EC2 instances in the Amazon EC2 User Guide.

", + "locationName":"BlockDeviceMapping" + }, "InstanceRequirements":{ "shape":"InstanceRequirementsRequest", "documentation":"

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes.

If you specify InstanceRequirements, you can't specify InstanceType.

" }, "ImageId":{ - "shape":"ImageId", + "shape":"String", "documentation":"

The ID of the AMI in the format ami-17characters00000.

Alternatively, you can specify a Systems Manager parameter, using one of the following formats. The Systems Manager parameter will resolve to an AMI ID on launch.

To reference a public parameter:

  • resolve:ssm:public-parameter

To reference a parameter stored in the same account:

  • resolve:ssm:parameter-name

  • resolve:ssm:parameter-name:version-number

  • resolve:ssm:parameter-name:label

To reference a parameter shared from another Amazon Web Services account:

  • resolve:ssm:parameter-ARN

  • resolve:ssm:parameter-ARN:version-number

  • resolve:ssm:parameter-ARN:label

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

This parameter is only available for fleets of type instant. For fleets of type maintain and request, you must specify the AMI ID in the launch template.

" } }, @@ -32074,6 +35433,13 @@ "instant" ] }, + "FlexibleEnaQueuesSupport":{ + "type":"string", + "enum":[ + "unsupported", + "supported" + ] + }, "Float":{"type":"float"}, "FlowLog":{ "type":"structure", @@ -32442,6 +35808,37 @@ "type":"string", "enum":["ipsec.1"] }, + "GetActiveVpnTunnelStatusRequest":{ + "type":"structure", + "required":[ + "VpnConnectionId", + "VpnTunnelOutsideIpAddress" + ], + "members":{ + "VpnConnectionId":{ + "shape":"VpnConnectionId", + "documentation":"

The ID of the VPN connection for which to retrieve the active tunnel status.

" + }, + "VpnTunnelOutsideIpAddress":{ + "shape":"String", + "documentation":"

The external IP address of the VPN tunnel for which to retrieve the active status.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request.

" + } + } + }, + "GetActiveVpnTunnelStatusResult":{ + "type":"structure", + "members":{ + "ActiveVpnTunnelStatus":{ + "shape":"ActiveVpnTunnelStatus", + "documentation":"

Information about the current security configuration of the VPN tunnel.

", + "locationName":"activeVpnTunnelStatus" + } + } + }, "GetAllowedImagesSettingsRequest":{ "type":"structure", "members":{ @@ -32577,6 +35974,177 @@ } } }, + "GetCapacityManagerAttributesRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetCapacityManagerAttributesResult":{ + "type":"structure", + "members":{ + "CapacityManagerStatus":{ + "shape":"CapacityManagerStatus", + "documentation":"

The current status of Capacity Manager.

", + "locationName":"capacityManagerStatus" + }, + "OrganizationsAccess":{ + "shape":"Boolean", + "documentation":"

Indicates whether Organizations access is enabled for cross-account data aggregation.

", + "locationName":"organizationsAccess" + }, + "DataExportCount":{ + "shape":"Integer", + "documentation":"

The number of active data export configurations for this account. This count includes all data exports regardless of their current delivery status.

", + "locationName":"dataExportCount" + }, + "IngestionStatus":{ + "shape":"IngestionStatus", + "documentation":"

The current data ingestion status. Initial ingestion may take several hours after enabling Capacity Manager.

", + "locationName":"ingestionStatus" + }, + "IngestionStatusMessage":{ + "shape":"String", + "documentation":"

A descriptive message providing additional details about the current ingestion status. This may include error information if ingestion has failed or progress details during initial setup.

", + "locationName":"ingestionStatusMessage" + }, + "EarliestDatapointTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp of the earliest data point available in Capacity Manager, in milliseconds since epoch. This indicates how far back historical data is available for queries.

", + "locationName":"earliestDatapointTimestamp" + }, + "LatestDatapointTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp of the most recent data point ingested by Capacity Manager, in milliseconds since epoch. This indicates how current your capacity data is.

", + "locationName":"latestDatapointTimestamp" + } + } + }, + "GetCapacityManagerMetricDataRequest":{ + "type":"structure", + "required":[ + "MetricNames", + "StartTime", + "EndTime", + "Period" + ], + "members":{ + "MetricNames":{ + "shape":"MetricSet", + "documentation":"

The names of the metrics to retrieve. Maximum of 10 metrics per request.

", + "locationName":"MetricName" + }, + "StartTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The start time for the metric data query, in ISO 8601 format. The time range (end time - start time) must be a multiple of the specified period.

" + }, + "EndTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The end time for the metric data query, in ISO 8601 format. If the end time is beyond the latest ingested data, it will be automatically adjusted to the latest available data point.

" + }, + "Period":{ + "shape":"Period", + "documentation":"

The granularity, in seconds, of the returned data points.

" + }, + "GroupBy":{ + "shape":"GroupBySet", + "documentation":"

The dimensions by which to group the metric data. This determines how the data is aggregated and returned.

" + }, + "FilterBy":{ + "shape":"CapacityManagerConditionSet", + "documentation":"

Conditions to filter the metric data. Each filter specifies a dimension, comparison operator ('equals', 'in'), and values to match against.

" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of data points to return. Valid range is 1 to 100,000. Use with NextToken for pagination of large result sets.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results. Use this value in a subsequent call to retrieve additional data points.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetCapacityManagerMetricDataResult":{ + "type":"structure", + "members":{ + "MetricDataResults":{ + "shape":"MetricDataResultSet", + "documentation":"

The metric data points returned by the query. Each result contains dimension values, timestamp, and metric values with their associated statistics.

", + "locationName":"metricDataResultSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "GetCapacityManagerMetricDimensionsRequest":{ + "type":"structure", + "required":[ + "GroupBy", + "StartTime", + "EndTime", + "MetricNames" + ], + "members":{ + "GroupBy":{ + "shape":"GroupBySet", + "documentation":"

The dimensions to group by when retrieving available dimension values. This determines which dimension combinations are returned. Required parameter.

" + }, + "FilterBy":{ + "shape":"CapacityManagerConditionSet", + "documentation":"

Conditions to filter which dimension values are returned. Each filter specifies a dimension, comparison operator, and values to match against.

" + }, + "StartTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The start time for the dimension query, in ISO 8601 format. Only dimensions with data in this time range will be returned.

" + }, + "EndTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The end time for the dimension query, in ISO 8601 format. Only dimensions with data in this time range will be returned.

" + }, + "MetricNames":{ + "shape":"MetricSet", + "documentation":"

The metric names to use as an additional filter when retrieving dimensions. Only dimensions that have data for these metrics will be returned. Required parameter with maximum size of 1 for v1.

", + "locationName":"MetricName" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of dimension combinations to return. Valid range is 1 to 1000. Use with NextToken for pagination.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results. Use this value in a subsequent call to retrieve additional dimension values.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetCapacityManagerMetricDimensionsResult":{ + "type":"structure", + "members":{ + "MetricDimensionResults":{ + "shape":"MetricDimensionResultSet", + "documentation":"

The available dimension combinations that have data within the specified time range and filters.

", + "locationName":"metricDimensionResultSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "GetCapacityReservationUsageRequest":{ "type":"structure", "required":["CapacityReservationId"], @@ -32634,7 +36202,7 @@ }, "State":{ "shape":"CapacityReservationState", - "documentation":"

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The capacity is available for use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was canceled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request can fail due to request parameters that are not valid, capacity constraints, or instance limit constraints. You can view a failed request for 60 minutes.

  • scheduled - (Future-dated Capacity Reservations only) The future-dated Capacity Reservation request was approved and the Capacity Reservation is scheduled for delivery on the requested start date.

  • assessing - (Future-dated Capacity Reservations only) Amazon EC2 is assessing your request for a future-dated Capacity Reservation.

  • delayed - (Future-dated Capacity Reservations only) Amazon EC2 encountered a delay in provisioning the requested future-dated Capacity Reservation. Amazon EC2 is unable to deliver the requested capacity by the requested start date and time.

  • unsupported - (Future-dated Capacity Reservations only) Amazon EC2 can't support the future-dated Capacity Reservation request due to capacity constraints. You can view unsupported requests for 30 days. The Capacity Reservation will not be delivered.

", + "documentation":"

The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

  • active - The capacity is available for use.

  • expired - The Capacity Reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use.

  • cancelled - The Capacity Reservation was canceled. The reserved capacity is no longer available for your use.

  • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.

  • failed - The Capacity Reservation request has failed. A request can fail due to request parameters that are not valid, capacity constraints, or instance limit constraints. You can view a failed request for 60 minutes.

  • scheduled - (Future-dated Capacity Reservations) The future-dated Capacity Reservation request was approved and the Capacity Reservation is scheduled for delivery on the requested start date.

  • payment-pending - (Capacity Blocks) The upfront payment has not been processed yet.

  • payment-failed - (Capacity Blocks) The upfront payment was not processed in the 12-hour time frame. Your Capacity Block was released.

  • assessing - (Future-dated Capacity Reservations) Amazon EC2 is assessing your request for a future-dated Capacity Reservation.

  • delayed - (Future-dated Capacity Reservations) Amazon EC2 encountered a delay in provisioning the requested future-dated Capacity Reservation. Amazon EC2 is unable to deliver the requested capacity by the requested start date and time.

  • unsupported - (Future-dated Capacity Reservations) Amazon EC2 can't support the future-dated Capacity Reservation request due to capacity constraints. You can view unsupported requests for 30 days. The Capacity Reservation will not be delivered.

", "locationName":"state" }, "InstanceUsages":{ @@ -33020,6 +36588,30 @@ } } }, + "GetImageAncestryRequest":{ + "type":"structure", + "required":["ImageId"], + "members":{ + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the AMI whose ancestry you want to trace.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetImageAncestryResult":{ + "type":"structure", + "members":{ + "ImageAncestryEntries":{ + "shape":"ImageAncestryEntryList", + "documentation":"

A list of entries in the AMI ancestry chain, from the specified AMI to the root AMI.

", + "locationName":"imageAncestryEntrySet" + } + } + }, "GetImageBlockPublicAccessStateRequest":{ "type":"structure", "members":{ @@ -33147,6 +36739,10 @@ "NextToken":{ "shape":"String", "documentation":"

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

" + }, + "Context":{ + "shape":"String", + "documentation":"

Reserved.

" } } }, @@ -33495,6 +37091,139 @@ } } }, + "GetIpamPrefixListResolverRulesRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver whose rules you want to retrieve.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to limit the results.

", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results.

" + } + } + }, + "GetIpamPrefixListResolverRulesResult":{ + "type":"structure", + "members":{ + "Rules":{ + "shape":"IpamPrefixListResolverRuleSet", + "documentation":"

The CIDR selection rules for the IPAM prefix list resolver.

", + "locationName":"ruleSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "GetIpamPrefixListResolverVersionEntriesRequest":{ + "type":"structure", + "required":[ + "IpamPrefixListResolverId", + "IpamPrefixListResolverVersion" + ], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver whose version entries you want to retrieve.

" + }, + "IpamPrefixListResolverVersion":{ + "shape":"Long", + "documentation":"

The version number of the resolver for which to retrieve CIDR entries. If not specified, the latest version is used.

" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results.

" + } + } + }, + "GetIpamPrefixListResolverVersionEntriesResult":{ + "type":"structure", + "members":{ + "Entries":{ + "shape":"IpamPrefixListResolverVersionEntrySet", + "documentation":"

The CIDR entries for the specified resolver version.

", + "locationName":"entrySet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, + "GetIpamPrefixListResolverVersionsRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver whose versions you want to retrieve.

" + }, + "IpamPrefixListResolverVersions":{ + "shape":"IpamPrefixListResolverVersionNumberSet", + "documentation":"

Specific version numbers to retrieve. If not specified, all versions are returned.

", + "locationName":"IpamPrefixListResolverVersion" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

One or more filters to limit the results.

", + "locationName":"Filter" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token for the next page of results.

" + } + } + }, + "GetIpamPrefixListResolverVersionsResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolverVersions":{ + "shape":"IpamPrefixListResolverVersionSet", + "documentation":"

Information about the IPAM prefix list resolver versions.

", + "locationName":"ipamPrefixListResolverVersionSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "GetIpamResourceCidrsRequest":{ "type":"structure", "required":["IpamScopeId"], @@ -33847,6 +37576,105 @@ }, "documentation":"

Contains the output of GetReservedInstancesExchangeQuote.

" }, + "GetRouteServerAssociationsRequest":{ + "type":"structure", + "required":["RouteServerId"], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to get association information.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetRouteServerAssociationsResult":{ + "type":"structure", + "members":{ + "RouteServerAssociations":{ + "shape":"RouteServerAssociationsList", + "documentation":"

Information about the associations for the specified route server.

", + "locationName":"routeServerAssociationSet" + } + } + }, + "GetRouteServerPropagationsRequest":{ + "type":"structure", + "required":["RouteServerId"], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to get propagation information.

" + }, + "RouteTableId":{ + "shape":"RouteTableId", + "documentation":"

The ID of the route table for which to get propagation information.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "GetRouteServerPropagationsResult":{ + "type":"structure", + "members":{ + "RouteServerPropagations":{ + "shape":"RouteServerPropagationsList", + "documentation":"

Information about the route propagations for the specified route server.

", + "locationName":"routeServerPropagationSet" + } + } + }, + "GetRouteServerRoutingDatabaseRequest":{ + "type":"structure", + "required":["RouteServerId"], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server for which to get the routing database.

" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token for the next page of results.

" + }, + "MaxResults":{ + "shape":"RouteServerMaxResults", + "documentation":"

The maximum number of routing database entries to return in a single response.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

Filters to apply to the routing database query.

", + "locationName":"Filter" + } + } + }, + "GetRouteServerRoutingDatabaseResult":{ + "type":"structure", + "members":{ + "AreRoutesPersisted":{ + "shape":"Boolean", + "documentation":"

Indicates whether routes are being persisted in the routing database.

", + "locationName":"areRoutesPersisted" + }, + "Routes":{ + "shape":"RouteServerRouteList", + "documentation":"

The collection of routes in the route server's routing database.

", + "locationName":"routeSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", + "locationName":"nextToken" + } + } + }, "GetSecurityGroupsForVpcRequest":{ "type":"structure", "required":["VpcId"], @@ -34461,6 +38289,10 @@ "shape":"String", "documentation":"

The IKE version to be used in the sample configuration file for your customer gateway device. You can specify one of the following versions: ikev1 or ikev2.

" }, + "SampleType":{ + "shape":"String", + "documentation":"

The type of sample configuration to generate. Valid values are \"compatibility\" (includes IKEv1) or \"recommended\" (throws UnsupportedOperationException for IKEv1).

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" @@ -34629,6 +38461,37 @@ }, "documentation":"

Describes the GPU accelerators for the instance type.

" }, + "GroupBy":{ + "type":"string", + "enum":[ + "resource-region", + "availability-zone-id", + "account-id", + "instance-family", + "instance-type", + "instance-platform", + "reservation-arn", + "reservation-id", + "reservation-type", + "reservation-create-timestamp", + "reservation-start-timestamp", + "reservation-end-timestamp", + "reservation-end-date-type", + "tenancy", + "reservation-state", + "reservation-instance-match-criteria", + "reservation-unused-financial-owner" + ] + }, + "GroupBySet":{ + "type":"list", + "member":{ + "shape":"GroupBy", + "locationName":"item" + }, + "max":20, + "min":0 + }, "GroupIdStringList":{ "type":"list", "member":{ @@ -35358,7 +39221,7 @@ }, "BootMode":{ "shape":"BootModeValues", - "documentation":"

The boot mode of the image. For more information, see Boot modes in the Amazon EC2 User Guide.

", + "documentation":"

The boot mode of the image. For more information, see Instance launch behavior with Amazon EC2 boot modes in the Amazon EC2 User Guide.

", "locationName":"bootMode" }, "TpmSupport":{ @@ -35398,14 +39261,19 @@ }, "SourceImageId":{ "shape":"String", - "documentation":"

The ID of the source AMI from which the AMI was created.

The ID only appears if the AMI was created using CreateImage, CopyImage, or CreateRestoreImageTask. The ID does not appear if the AMI was created using any other API. For some older AMIs, the ID might not be available. For more information, see Identify the source AMI used to create a new AMI in the Amazon EC2 User Guide.

", + "documentation":"

The ID of the source AMI from which the AMI was created.

", "locationName":"sourceImageId" }, "SourceImageRegion":{ "shape":"String", - "documentation":"

The Region of the source AMI.

The Region only appears if the AMI was created using CreateImage, CopyImage, or CreateRestoreImageTask. The Region does not appear if the AMI was created using any other API. For some older AMIs, the Region might not be available. For more information, see Identify the source AMI used to create a new AMI in the Amazon EC2 User Guide.

", + "documentation":"

The Region of the source AMI.

", "locationName":"sourceImageRegion" }, + "FreeTierEligible":{ + "shape":"Boolean", + "documentation":"

Indicates whether the image is eligible for Amazon Web Services Free Tier.

  • If true, the AMI is eligible for Free Tier and can be used to launch instances under the Free Tier limits.

  • If false, the AMI is not eligible for Free Tier.

", + "locationName":"freeTierEligible" + }, "ImageId":{ "shape":"String", "documentation":"

The ID of the AMI.

", @@ -35469,6 +39337,44 @@ }, "documentation":"

Describes an image.

" }, + "ImageAncestryEntry":{ + "type":"structure", + "members":{ + "CreationDate":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time when this AMI was created.

", + "locationName":"creationDate" + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of this AMI.

", + "locationName":"imageId" + }, + "ImageOwnerAlias":{ + "shape":"String", + "documentation":"

The owner alias (amazon | aws-backup-vault | aws-marketplace ) of this AMI, if one is assigned. Otherwise, the value is null.

", + "locationName":"imageOwnerAlias" + }, + "SourceImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the parent AMI.

", + "locationName":"sourceImageId" + }, + "SourceImageRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region of the parent AMI.

", + "locationName":"sourceImageRegion" + } + }, + "documentation":"

Information about a single AMI in the ancestry chain and its source (parent) AMI.

" + }, + "ImageAncestryEntryList":{ + "type":"list", + "member":{ + "shape":"ImageAncestryEntry", + "locationName":"item" + } + }, "ImageAttribute":{ "type":"structure", "members":{ @@ -35504,7 +39410,7 @@ }, "UefiData":{ "shape":"AttributeValue", - "documentation":"

Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

", + "documentation":"

Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot for Amazon EC2 instances in the Amazon EC2 User Guide.

", "locationName":"uefiData" }, "LastLaunchedTime":{ @@ -35576,11 +39482,31 @@ "members":{ "ImageProviders":{ "shape":"ImageProviderList", - "documentation":"

A list of AMI providers whose AMIs are discoverable and useable in the account. Up to a total of 200 values can be specified.

Possible values:

amazon: Allow AMIs created by Amazon Web Services.

aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.

aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.

12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified.

none: Allow AMIs created by your own account only.

", + "documentation":"

The image providers whose images are allowed.

Possible values:

  • amazon: Allow AMIs created by Amazon or verified providers.

  • aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.

  • aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.

  • 12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified.

  • none: Allow AMIs created by your own account only.

Maximum: 200 values

", "locationName":"imageProviderSet" + }, + "MarketplaceProductCodes":{ + "shape":"MarketplaceProductCodeList", + "documentation":"

The Amazon Web Services Marketplace product codes for allowed images.

Length: 1-25 characters

Valid characters: Letters (A–Z, a–z) and numbers (0–9)

Maximum: 50 values

", + "locationName":"marketplaceProductCodeSet" + }, + "ImageNames":{ + "shape":"ImageNameList", + "documentation":"

The names of allowed images. Names can include wildcards (? and *).

Length: 1–128 characters. With ?, the minimum is 3 characters.

Valid characters:

  • Letters: A–Z, a–z

  • Numbers: 0–9

  • Special characters: ( ) [ ] . / - ' @ _ * ?

  • Spaces

Maximum: 50 values

", + "locationName":"imageNameSet" + }, + "DeprecationTimeCondition":{ + "shape":"DeprecationTimeCondition", + "documentation":"

The maximum period since deprecation for allowed images.

", + "locationName":"deprecationTimeCondition" + }, + "CreationDateCondition":{ + "shape":"CreationDateCondition", + "documentation":"

The maximum age for allowed images.

", + "locationName":"creationDateCondition" } }, - "documentation":"

The list of criteria that are evaluated to determine whch AMIs are discoverable and usable in the account in the specified Amazon Web Services Region. Currently, the only criteria that can be specified are AMI providers.

Up to 10 imageCriteria objects can be specified, and up to a total of 200 values for all imageProviders. For more information, see JSON configuration for the Allowed AMIs criteria in the Amazon EC2 User Guide.

" + "documentation":"

The criteria that are evaluated to determine which AMIs are discoverable and usable in your account for the specified Amazon Web Services Region.

For more information, see How Allowed AMIs works in the Amazon EC2 User Guide.

" }, "ImageCriterionList":{ "type":"list", @@ -35594,11 +39520,29 @@ "members":{ "ImageProviders":{ "shape":"ImageProviderRequestList", - "documentation":"

A list of image providers whose AMIs are discoverable and useable in the account. Up to a total of 200 values can be specified.

Possible values:

amazon: Allow AMIs created by Amazon Web Services.

aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.

aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.

12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified.

none: Allow AMIs created by your own account only. When none is specified, no other values can be specified.

", + "documentation":"

The image providers whose images are allowed.

Possible values:

  • amazon: Allow AMIs created by Amazon or verified providers.

  • aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace.

  • aws-backup-vault: Allow AMIs created by Amazon Web Services Backup.

  • 12-digit account ID: Allow AMIs created by the specified accounts. One or more account IDs can be specified.

  • none: Allow AMIs created by your own account only. When none is specified, no other values can be specified.

Maximum: 200 values

", "locationName":"ImageProvider" + }, + "MarketplaceProductCodes":{ + "shape":"MarketplaceProductCodeRequestList", + "documentation":"

The Amazon Web Services Marketplace product codes for allowed images.

Length: 1-25 characters

Valid characters: Letters (A–Z, a–z) and numbers (0–9)

Maximum: 50 values

", + "locationName":"MarketplaceProductCode" + }, + "ImageNames":{ + "shape":"ImageNameRequestList", + "documentation":"

The names of allowed images. Names can include wildcards (? and *).

Length: 1–128 characters. With ?, the minimum is 3 characters.

Valid characters:

  • Letters: A–Z, a–z

  • Numbers: 0–9

  • Special characters: ( ) [ ] . / - ' @ _ * ?

  • Spaces

Maximum: 50 values

", + "locationName":"ImageName" + }, + "DeprecationTimeCondition":{ + "shape":"DeprecationTimeConditionRequest", + "documentation":"

The maximum period since deprecation for allowed images.

" + }, + "CreationDateCondition":{ + "shape":"CreationDateConditionRequest", + "documentation":"

The maximum age for allowed images.

" } }, - "documentation":"

The list of criteria that are evaluated to determine whch AMIs are discoverable and usable in the account in the specified Amazon Web Services Region. Currently, the only criteria that can be specified are AMI providers.

Up to 10 imageCriteria objects can be specified, and up to a total of 200 values for all imageProviders. For more information, see JSON configuration for the Allowed AMIs criteria in the Amazon EC2 User Guide.

" + "documentation":"

The criteria that are evaluated to determine which AMIs are discoverable and usable in your account for the specified Amazon Web Services Region.

The ImageCriteria can include up to:

  • 10 ImageCriterion

Each ImageCriterion can include up to:

  • 200 values for ImageProviders

  • 50 values for ImageNames

  • 50 values for MarketplaceProductCodes

For more information, see How Allowed AMIs works in the Amazon EC2 User Guide.

" }, "ImageCriterionRequestList":{ "type":"list", @@ -35717,6 +39661,22 @@ }, "documentation":"

Information about the AMI.

" }, + "ImageName":{"type":"string"}, + "ImageNameList":{ + "type":"list", + "member":{ + "shape":"ImageName", + "locationName":"item" + } + }, + "ImageNameRequest":{"type":"string"}, + "ImageNameRequestList":{ + "type":"list", + "member":{ + "shape":"ImageNameRequest", + "locationName":"item" + } + }, "ImageProvider":{"type":"string"}, "ImageProviderList":{ "type":"list", @@ -35771,6 +39731,51 @@ "locationName":"item" } }, + "ImageReference":{ + "type":"structure", + "members":{ + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the referenced image.

", + "locationName":"imageId" + }, + "ResourceType":{ + "shape":"ImageReferenceResourceType", + "documentation":"

The type of resource referencing the image.

", + "locationName":"resourceType" + }, + "Arn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the resource referencing the image.

", + "locationName":"arn" + } + }, + "documentation":"

A resource that is referencing an image.

" + }, + "ImageReferenceList":{ + "type":"list", + "member":{ + "shape":"ImageReference", + "locationName":"item" + } + }, + "ImageReferenceOptionName":{ + "type":"string", + "enum":[ + "state-name", + "version-depth" + ] + }, + "ImageReferenceResourceType":{ + "type":"string", + "enum":[ + "ec2:Instance", + "ec2:LaunchTemplate", + "ssm:Parameter", + "imagebuilder:ImageRecipe", + "imagebuilder:ContainerRecipe" + ] + }, "ImageState":{ "type":"string", "enum":[ @@ -35792,6 +39797,218 @@ "ramdisk" ] }, + "ImageUsageReport":{ + "type":"structure", + "members":{ + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the image that was specified when the report was created.

", + "locationName":"imageId" + }, + "ReportId":{ + "shape":"ImageUsageReportId", + "documentation":"

The ID of the report.

", + "locationName":"reportId" + }, + "ResourceTypes":{ + "shape":"ImageUsageResourceTypeList", + "documentation":"

The resource types that were specified when the report was created.

", + "locationName":"resourceTypeSet" + }, + "AccountIds":{ + "shape":"UserIdList", + "documentation":"

The IDs of the Amazon Web Services accounts that were specified when the report was created.

", + "locationName":"accountIdSet" + }, + "State":{ + "shape":"ImageUsageReportState", + "documentation":"

The current state of the report. Possible values:

  • available - The report is available to view.

  • pending - The report is being created and not available to view.

  • error - The report could not be created.

", + "locationName":"state" + }, + "StateReason":{ + "shape":"ImageUsageReportStateReason", + "documentation":"

Provides additional details when the report is in an error state.

", + "locationName":"stateReason" + }, + "CreationTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time when the report was created.

", + "locationName":"creationTime" + }, + "ExpirationTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time when Amazon EC2 will delete the report (30 days after the report was created).

", + "locationName":"expirationTime" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

Any tags assigned to the report.

", + "locationName":"tagSet" + } + }, + "documentation":"

The configuration and status of an image usage report.

" + }, + "ImageUsageReportEntry":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ImageUsageResourceTypeName", + "documentation":"

The type of resource (ec2:Instance or ec2:LaunchTemplate).

", + "locationName":"resourceType" + }, + "ReportId":{ + "shape":"ImageUsageReportId", + "documentation":"

The ID of the report.

", + "locationName":"reportId" + }, + "UsageCount":{ + "shape":"Long", + "documentation":"

The number of times resources of this type reference this image in the account.

", + "locationName":"usageCount" + }, + "AccountId":{ + "shape":"String", + "documentation":"

The ID of the account that uses the image.

", + "locationName":"accountId" + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"

The ID of the image.

", + "locationName":"imageId" + }, + "ReportCreationTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time the report creation was initiated.

", + "locationName":"reportCreationTime" + } + }, + "documentation":"

A single entry in an image usage report, detailing how an image is being used by a specific Amazon Web Services account and resource type.

" + }, + "ImageUsageReportEntryList":{ + "type":"list", + "member":{ + "shape":"ImageUsageReportEntry", + "locationName":"item" + } + }, + "ImageUsageReportId":{"type":"string"}, + "ImageUsageReportIdStringList":{ + "type":"list", + "member":{"shape":"ImageUsageReportId"}, + "max":200, + "min":0 + }, + "ImageUsageReportList":{ + "type":"list", + "member":{ + "shape":"ImageUsageReport", + "locationName":"item" + } + }, + "ImageUsageReportState":{"type":"string"}, + "ImageUsageReportStateReason":{"type":"string"}, + "ImageUsageReportUserIdStringList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"UserId" + }, + "max":200, + "min":0 + }, + "ImageUsageResourceType":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ImageUsageResourceTypeName", + "documentation":"

The resource type.

Valid values: ec2:Instance | ec2:LaunchTemplate

", + "locationName":"resourceType" + }, + "ResourceTypeOptions":{ + "shape":"ImageUsageResourceTypeOptionList", + "documentation":"

The options that affect the scope of the report. Valid only when ResourceType is ec2:LaunchTemplate.

", + "locationName":"resourceTypeOptionSet" + } + }, + "documentation":"

A resource type to include in the report. Associated options can also be specified if the resource type is a launch template.

" + }, + "ImageUsageResourceTypeList":{ + "type":"list", + "member":{ + "shape":"ImageUsageResourceType", + "locationName":"item" + } + }, + "ImageUsageResourceTypeName":{"type":"string"}, + "ImageUsageResourceTypeOption":{ + "type":"structure", + "members":{ + "OptionName":{ + "shape":"String", + "documentation":"

The name of the option.

", + "locationName":"optionName" + }, + "OptionValues":{ + "shape":"ImageUsageResourceTypeOptionValuesList", + "documentation":"

The number of launch template versions to check.

", + "locationName":"optionValueSet" + } + }, + "documentation":"

The options that affect the scope of the report.

" + }, + "ImageUsageResourceTypeOptionList":{ + "type":"list", + "member":{ + "shape":"ImageUsageResourceTypeOption", + "locationName":"item" + } + }, + "ImageUsageResourceTypeOptionRequest":{ + "type":"structure", + "members":{ + "OptionName":{ + "shape":"String", + "documentation":"

The name of the option.

Valid value: version-depth - The number of launch template versions to check.

" + }, + "OptionValues":{ + "shape":"ImageUsageResourceTypeOptionValuesList", + "documentation":"

A value for the specified option.

Valid values: Integers between 1 and 10000

Default: 20

", + "locationName":"OptionValue" + } + }, + "documentation":"

The options that affect the scope of the report.

" + }, + "ImageUsageResourceTypeOptionRequestList":{ + "type":"list", + "member":{"shape":"ImageUsageResourceTypeOptionRequest"} + }, + "ImageUsageResourceTypeOptionValue":{"type":"string"}, + "ImageUsageResourceTypeOptionValuesList":{ + "type":"list", + "member":{ + "shape":"ImageUsageResourceTypeOptionValue", + "locationName":"item" + } + }, + "ImageUsageResourceTypeRequest":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ImageUsageResourceTypeName", + "documentation":"

The resource type.

Valid values: ec2:Instance | ec2:LaunchTemplate

" + }, + "ResourceTypeOptions":{ + "shape":"ImageUsageResourceTypeOptionRequestList", + "documentation":"

The options that affect the scope of the report. Valid only when ResourceType is ec2:LaunchTemplate.

", + "locationName":"ResourceTypeOption" + } + }, + "documentation":"

A resource type to include in the report. Associated options can also be specified if the resource type is a launch template.

" + }, + "ImageUsageResourceTypeRequestList":{ + "type":"list", + "member":{"shape":"ImageUsageResourceTypeRequest"} + }, "ImdsSupportValues":{ "type":"string", "enum":["v2.0"] @@ -36253,6 +40470,11 @@ "documentation":"

The Availability Zone where the resulting instance will reside.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone where the resulting instance will reside.

", + "locationName":"availabilityZoneId" + }, "BytesConverted":{ "shape":"Long", "documentation":"

The number of bytes converted so far.

", @@ -36470,11 +40692,14 @@ "ImportVolumeRequest":{ "type":"structure", "required":[ - "AvailabilityZone", "Image", "Volume" ], "members":{ + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone for the resulting EBS volume.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -36482,7 +40707,7 @@ }, "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone for the resulting EBS volume.

", + "documentation":"

The Availability Zone for the resulting EBS volume.

Either AvailabilityZone or AvailabilityZoneId must be specified, but not both.

", "locationName":"availabilityZone" }, "Image":{ @@ -36520,6 +40745,11 @@ "documentation":"

The Availability Zone where the resulting volume will reside.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone where the resulting volume will reside.

", + "locationName":"availabilityZoneId" + }, "BytesConverted":{ "shape":"Long", "documentation":"

The number of bytes converted so far.

", @@ -36605,6 +40835,43 @@ }, "InferenceDeviceMemorySize":{"type":"integer"}, "InferenceDeviceName":{"type":"string"}, + "IngestionStatus":{ + "type":"string", + "enum":[ + "initial-ingestion-in-progress", + "ingestion-complete", + "ingestion-failed" + ] + }, + "InitializationStatusDetails":{ + "type":"structure", + "members":{ + "InitializationType":{ + "shape":"InitializationType", + "documentation":"

The method used for volume initialization. Possible values include:

  • default - Volume initialized using the default volume initialization rate or fast snapshot restore.

  • provisioned-rate - Volume initialized using an Amazon EBS Provisioned Rate for Volume Initialization.

  • volume-copy - Volume copy initialized at the rate for volume copies.

", + "locationName":"initializationType" + }, + "Progress":{ + "shape":"Long", + "documentation":"

The current volume initialization progress as a percentage (0-100). Returns 100 when volume initialization has completed.

", + "locationName":"progress" + }, + "EstimatedTimeToCompleteInSeconds":{ + "shape":"Long", + "documentation":"

The estimated remaining time, in seconds, for volume initialization to complete. Returns 0 when volume initialization has completed.

Only available for volumes created with Amazon EBS Provisioned Rate for Volume Initialization.

", + "locationName":"estimatedTimeToCompleteInSeconds" + } + }, + "documentation":"

Information about the volume initialization. For more information, see Initialize Amazon EBS volumes.

" + }, + "InitializationType":{ + "type":"string", + "enum":[ + "default", + "provisioned-rate", + "volume-copy" + ] + }, "InsideCidrBlocksStringList":{ "type":"list", "member":{ @@ -36725,6 +40992,11 @@ "documentation":"

The CPU options for the instance.

", "locationName":"cpuOptions" }, + "CapacityBlockId":{ + "shape":"String", + "documentation":"

The ID of the Capacity Block.

For P5 instances, a Capacity Block ID refers to a group of instances. For Trn2u instances, a capacity block ID refers to an EC2 UltraServer.

", + "locationName":"capacityBlockId" + }, "CapacityReservationId":{ "shape":"String", "documentation":"

The ID of the Capacity Reservation.

", @@ -36832,7 +41104,7 @@ }, "PublicDnsName":{ "shape":"String", - "documentation":"

[IPv4 only] The public DNS name assigned to the instance. This name is not available until the instance enters the running state. This name is only available if you've enabled DNS hostnames for your VPC.

", + "documentation":"

The public DNS name assigned to the instance. This name is not available until the instance enters the running state. This name is only available if you've enabled DNS hostnames for your VPC. The format of this name depends on the public hostname type.

", "locationName":"dnsName" }, "StateTransitionReason":{ @@ -36950,7 +41222,7 @@ }, "DisableApiTermination":{ "shape":"AttributeBooleanValue", - "documentation":"

If the value is true, you can't terminate the instance through the Amazon EC2 console, CLI, or API; otherwise, you can.

", + "documentation":"

Indicates whether termination protection is enabled. If the value is true, you can't terminate the instance using the Amazon EC2 console, command line tools, or API.

", "locationName":"disableApiTermination" }, "EnaSupport":{ @@ -36960,7 +41232,7 @@ }, "EnclaveOptions":{ "shape":"EnclaveOptions", - "documentation":"

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true; otherwise, set it to false.

", + "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

", "locationName":"enclaveOptions" }, "EbsOptimized":{ @@ -36990,7 +41262,7 @@ }, "ProductCodes":{ "shape":"ProductCodeList", - "documentation":"

A list of product codes.

", + "documentation":"

The product codes.

", "locationName":"productCodes" }, "RamdiskId":{ @@ -37005,7 +41277,7 @@ }, "SourceDestCheck":{ "shape":"AttributeBooleanValue", - "documentation":"

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

", + "documentation":"

Indicates whether source/destination checks are enabled.

", "locationName":"sourceDestCheck" }, "SriovNetSupport":{ @@ -37020,7 +41292,7 @@ }, "DisableApiStop":{ "shape":"AttributeBooleanValue", - "documentation":"

To enable the instance for Amazon Web Services Stop Protection, set this parameter to true; otherwise, set it to false.

", + "documentation":"

Indicates whether stop protection is enabled for the instance.

", "locationName":"disableApiStop" }, "Groups":{ @@ -37072,7 +41344,7 @@ "members":{ "DeviceName":{ "shape":"String", - "documentation":"

The device name (for example, /dev/sdh or xvdh).

", + "documentation":"

The device name.

", "locationName":"deviceName" }, "Ebs":{ @@ -37095,7 +41367,7 @@ "members":{ "DeviceName":{ "shape":"String", - "documentation":"

The device name (for example, /dev/sdh or xvdh).

", + "documentation":"

The device name. For available device names, see Device names for volumes.

", "locationName":"deviceName" }, "Ebs":{ @@ -37110,7 +41382,7 @@ }, "NoDevice":{ "shape":"String", - "documentation":"

suppress the specified device included in the block device mapping.

", + "documentation":"

Suppresses the specified device included in the block device mapping.

", "locationName":"noDevice" } }, @@ -37151,12 +41423,44 @@ }, "documentation":"

Information about the number of instances that can be launched onto the Dedicated Host.

" }, + "InstanceConnectEndpointDnsNames":{ + "type":"structure", + "members":{ + "DnsName":{ + "shape":"String", + "documentation":"

The DNS name of the EC2 Instance Connect Endpoint.

", + "locationName":"dnsName" + }, + "FipsDnsName":{ + "shape":"String", + "documentation":"

The Federal Information Processing Standards (FIPS) compliant DNS name of the EC2 Instance Connect Endpoint.

", + "locationName":"fipsDnsName" + } + }, + "documentation":"

The DNS names of the endpoint.

" + }, "InstanceConnectEndpointId":{"type":"string"}, "InstanceConnectEndpointMaxResults":{ "type":"integer", "max":50, "min":1 }, + "InstanceConnectEndpointPublicDnsNames":{ + "type":"structure", + "members":{ + "Ipv4":{ + "shape":"InstanceConnectEndpointDnsNames", + "documentation":"

The IPv4-only DNS name of the EC2 Instance Connect Endpoint.

", + "locationName":"ipv4" + }, + "Dualstack":{ + "shape":"InstanceConnectEndpointDnsNames", + "documentation":"

The dualstack DNS name of the EC2 Instance Connect Endpoint. A dualstack DNS name supports connections from both IPv4 and IPv6 clients.

", + "locationName":"dualstack" + } + }, + "documentation":"

The public DNS names of the endpoint, including IPv4-only and dualstack DNS names.

" + }, "InstanceConnectEndpointSet":{ "type":"list", "member":{ @@ -37284,7 +41588,7 @@ }, "InstanceTags":{ "shape":"TagList", - "documentation":"

The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window.

", + "documentation":"

The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window.

Note that while you can't create tag keys beginning with aws:, you can specify existing Amazon Web Services managed tag keys (with the aws: prefix) when specifying them as targets to associate with the event window.

", "locationName":"InstanceTag" }, "DedicatedHostIds":{ @@ -37305,7 +41609,7 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window.

", + "documentation":"

The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window.

Note that while you can't create tag keys beginning with aws:, you can specify existing Amazon Web Services managed tag keys (with the aws: prefix) when specifying them as targets to associate with the event window.

", "locationName":"tagSet" }, "DedicatedHostIds":{ @@ -37697,6 +42001,11 @@ "shape":"InstanceAutoRecoveryState", "documentation":"

Provides information on the current automatic recovery behavior of your instance.

", "locationName":"autoRecovery" + }, + "RebootMigration":{ + "shape":"InstanceRebootMigrationState", + "documentation":"

Specifies whether to attempt reboot migration during a user-initiated reboot of an instance that has a scheduled system-reboot event:

  • default - Amazon EC2 attempts to migrate the instance to new hardware (reboot migration). If successful, the system-reboot event is cleared. If unsuccessful, an in-place reboot occurs and the event remains scheduled.

  • disabled - Amazon EC2 keeps the instance on the same hardware (in-place reboot). The system-reboot event remains scheduled.

This setting only applies to supported instances that have a scheduled reboot event. For more information, see Enable or disable reboot migration in the Amazon EC2 User Guide.

", + "locationName":"rebootMigration" } }, "documentation":"

The maintenance options for the instance.

" @@ -37961,7 +42270,7 @@ }, "InterfaceType":{ "shape":"String", - "documentation":"

The type of network interface.

Valid values: interface | efa | efa-only | trunk

", + "documentation":"

The type of network interface.

Valid values: interface | efa | efa-only | evs | trunk

", "locationName":"interfaceType" }, "Ipv4Prefixes":{ @@ -38055,6 +42364,11 @@ "shape":"InstanceAttachmentEnaSrdSpecification", "documentation":"

Contains the ENA Express settings for the network interface that's attached to the instance.

", "locationName":"enaSrdSpecification" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues created with the instance.

", + "locationName":"enaQueueCount" } }, "documentation":"

Describes a network interface attachment.

" @@ -38123,7 +42437,7 @@ }, "SecondaryPrivateIpAddressCount":{ "shape":"Integer", - "documentation":"

The number of secondary private IPv4 addresses. You can't specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you're launching more than one instance in a RunInstances request.

", + "documentation":"

The number of secondary private IPv4 addresses. You can’t specify this parameter and also specify a secondary private IP address using the PrivateIpAddress parameter.

", "locationName":"secondaryPrivateIpAddressCount" }, "SubnetId":{ @@ -38172,6 +42486,10 @@ "ConnectionTrackingSpecification":{ "shape":"ConnectionTrackingSpecificationRequest", "documentation":"

A security group connection tracking specification that enables you to set the timeout for connection tracking on an Elastic network interface. For more information, see Connection tracking timeouts in the Amazon EC2 User Guide.

" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues to be created with the instance.

" } }, "documentation":"

Describes a network interface.

" @@ -38237,6 +42555,13 @@ "locationName":"item" } }, + "InstanceRebootMigrationState":{ + "type":"string", + "enum":[ + "disabled", + "default" + ] + }, "InstanceRequirements":{ "type":"structure", "members":{ @@ -38322,7 +42647,7 @@ }, "AcceleratorTypes":{ "shape":"AcceleratorTypeSet", - "documentation":"

The accelerator types that must be on the instance type.

  • For instance types with GPU accelerators, specify gpu.

  • For instance types with FPGA accelerators, specify fpga.

Default: Any accelerator type

", + "documentation":"

The accelerator types that must be on the instance type.

  • For instance types with FPGA accelerators, specify fpga.

  • For instance types with GPU accelerators, specify gpu.

  • For instance types with Inference accelerators, specify inference.

Default: Any accelerator type

", "locationName":"acceleratorTypeSet" }, "AcceleratorCount":{ @@ -38364,6 +42689,11 @@ "shape":"BaselinePerformanceFactors", "documentation":"

The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. Currently, this parameter only supports CPU performance as a baseline performance factor. For more information, see Performance protection in the Amazon EC2 User Guide.

", "locationName":"baselinePerformanceFactors" + }, + "RequireEncryptionInTransit":{ + "shape":"Boolean", + "documentation":"

Specifies whether instance types must support encrypting in-transit traffic between instances. For more information, including the supported instance types, see Encryption in transit in the Amazon EC2 User Guide.

Default: false

", + "locationName":"requireEncryptionInTransit" } }, "documentation":"

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

You must specify VCpuCount and MemoryMiB. All other attributes are optional. Any unspecified optional attribute is set to its default.

When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.

To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:

  • AllowedInstanceTypes - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.

  • ExcludedInstanceTypes - The instance types to exclude from the list, even if they match your specified attributes.

If you specify InstanceRequirements, you can't specify InstanceType.

Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the launch instance wizard or with the RunInstances API, you can't specify InstanceRequirements.

For more information, see Create mixed instances group using attribute-based instance type selection in the Amazon EC2 Auto Scaling User Guide, and also Specify attributes for instance type selection for EC2 Fleet or Spot Fleet and Spot placement score in the Amazon EC2 User Guide.

" @@ -38445,7 +42775,7 @@ }, "AcceleratorTypes":{ "shape":"AcceleratorTypeSet", - "documentation":"

The accelerator types that must be on the instance type.

  • To include instance types with GPU hardware, specify gpu.

  • To include instance types with FPGA hardware, specify fpga.

Default: Any accelerator type

", + "documentation":"

The accelerator types that must be on the instance type.

  • For instance types with FPGA accelerators, specify fpga.

  • For instance types with GPU accelerators, specify gpu.

  • For instance types with Inference accelerators, specify inference.

Default: Any accelerator type

", "locationName":"AcceleratorType" }, "AcceleratorCount":{ @@ -38482,6 +42812,10 @@ "BaselinePerformanceFactors":{ "shape":"BaselinePerformanceFactorsRequest", "documentation":"

The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application. Currently, this parameter only supports CPU performance as a baseline performance factor. For more information, see Performance protection in the Amazon EC2 User Guide.

" + }, + "RequireEncryptionInTransit":{ + "shape":"Boolean", + "documentation":"

Specifies whether instance types must support encrypting in-transit traffic between instances. For more information, including the supported instance types, see Encryption in transit in the Amazon EC2 User Guide.

Default: false

" } }, "documentation":"

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.

You must specify VCpuCount and MemoryMiB. All other attributes are optional. Any unspecified optional attribute is set to its default.

When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.

To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:

  • AllowedInstanceTypes - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.

  • ExcludedInstanceTypes - The instance types to exclude from the list, even if they match your specified attributes.

If you specify InstanceRequirements, you can't specify InstanceType.

Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the launch instance wizard, or with the RunInstances API or AWS::EC2::Instance Amazon Web Services CloudFormation resource, you can't specify InstanceRequirements.

For more information, see Specify attributes for instance type selection for EC2 Fleet or Spot Fleet and Spot placement score in the Amazon EC2 User Guide.

" @@ -38596,6 +42930,11 @@ "documentation":"

The Availability Zone of the instance.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone of the instance.

", + "locationName":"availabilityZoneId" + }, "OutpostArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the Outpost.

", @@ -38810,7 +43149,7 @@ }, "NetworkNodes":{ "shape":"NetworkNodesList", - "documentation":"

The network nodes. The nodes are hashed based on your account. Instances from different accounts running under the same server will return a different hashed list of strings.

", + "documentation":"

The network nodes. The nodes are hashed based on your account. Instances from different accounts running under the same server will return a different hashed list of strings.

The value is null or empty if:

  • The instance type is not supported.

  • The instance is in a state other than running.

", "locationName":"networkNodeSet" }, "AvailabilityZone":{ @@ -38822,6 +43161,11 @@ "shape":"String", "documentation":"

The ID of the Availability Zone or Local Zone that the instance is in.

", "locationName":"zoneId" + }, + "CapacityBlockId":{ + "shape":"String", + "documentation":"

The ID of the Capacity Block. This parameter is only supported for UltraServer instances and identifies instances within the UltraServer domain.

", + "locationName":"capacityBlockId" } }, "documentation":"

Information about the instance topology.

" @@ -39718,7 +44062,202 @@ "p5en.48xlarge", "f2.12xlarge", "f2.48xlarge", - "trn2.48xlarge" + "trn2.48xlarge", + "c7i-flex.12xlarge", + "c7i-flex.16xlarge", + "m7i-flex.12xlarge", + "m7i-flex.16xlarge", + "i7ie.metal-24xl", + "i7ie.metal-48xl", + "i8g.48xlarge", + "c8gd.medium", + "c8gd.large", + "c8gd.xlarge", + "c8gd.2xlarge", + "c8gd.4xlarge", + "c8gd.8xlarge", + "c8gd.12xlarge", + "c8gd.16xlarge", + "c8gd.24xlarge", + "c8gd.48xlarge", + "c8gd.metal-24xl", + "c8gd.metal-48xl", + "i7i.large", + "i7i.xlarge", + "i7i.2xlarge", + "i7i.4xlarge", + "i7i.8xlarge", + "i7i.12xlarge", + "i7i.16xlarge", + "i7i.24xlarge", + "i7i.48xlarge", + "i7i.metal-24xl", + "i7i.metal-48xl", + "p6-b200.48xlarge", + "m8gd.medium", + "m8gd.large", + "m8gd.xlarge", + "m8gd.2xlarge", + "m8gd.4xlarge", + "m8gd.8xlarge", + "m8gd.12xlarge", + "m8gd.16xlarge", + "m8gd.24xlarge", + "m8gd.48xlarge", + "m8gd.metal-24xl", + "m8gd.metal-48xl", + "r8gd.medium", + "r8gd.large", + "r8gd.xlarge", + "r8gd.2xlarge", + "r8gd.4xlarge", + "r8gd.8xlarge", + "r8gd.12xlarge", + "r8gd.16xlarge", + "r8gd.24xlarge", + "r8gd.48xlarge", + "r8gd.metal-24xl", + "r8gd.metal-48xl", + "c8gn.medium", + "c8gn.large", + "c8gn.xlarge", + "c8gn.2xlarge", + "c8gn.4xlarge", + "c8gn.8xlarge", + "c8gn.12xlarge", + "c8gn.16xlarge", + "c8gn.24xlarge", + "c8gn.48xlarge", + "c8gn.metal-24xl", + "c8gn.metal-48xl", + "f2.6xlarge", + "p6e-gb200.36xlarge", + "g6f.large", + "g6f.xlarge", + "g6f.2xlarge", + "g6f.4xlarge", + "gr6f.4xlarge", + "p5.4xlarge", + "r8i.large", + "r8i.xlarge", + "r8i.2xlarge", + "r8i.4xlarge", + "r8i.8xlarge", + "r8i.12xlarge", + "r8i.16xlarge", + "r8i.24xlarge", + "r8i.32xlarge", + "r8i.48xlarge", + "r8i.96xlarge", + "r8i.metal-48xl", + "r8i.metal-96xl", + "r8i-flex.large", + "r8i-flex.xlarge", + "r8i-flex.2xlarge", + "r8i-flex.4xlarge", + "r8i-flex.8xlarge", + "r8i-flex.12xlarge", + "r8i-flex.16xlarge", + "m8i.large", + "m8i.xlarge", + "m8i.2xlarge", + "m8i.4xlarge", + "m8i.8xlarge", + "m8i.12xlarge", + "m8i.16xlarge", + "m8i.24xlarge", + "m8i.32xlarge", + "m8i.48xlarge", + "m8i.96xlarge", + "m8i.metal-48xl", + "m8i.metal-96xl", + "m8i-flex.large", + "m8i-flex.xlarge", + "m8i-flex.2xlarge", + "m8i-flex.4xlarge", + "m8i-flex.8xlarge", + "m8i-flex.12xlarge", + "m8i-flex.16xlarge", + "i8ge.large", + "i8ge.xlarge", + "i8ge.2xlarge", + "i8ge.3xlarge", + "i8ge.6xlarge", + "i8ge.12xlarge", + "i8ge.18xlarge", + "i8ge.24xlarge", + "i8ge.48xlarge", + "i8ge.metal-24xl", + "i8ge.metal-48xl", + "mac-m4.metal", + "mac-m4pro.metal", + "r8gn.medium", + "r8gn.large", + "r8gn.xlarge", + "r8gn.2xlarge", + "r8gn.4xlarge", + "r8gn.8xlarge", + "r8gn.12xlarge", + "r8gn.16xlarge", + "r8gn.24xlarge", + "r8gn.48xlarge", + "r8gn.metal-24xl", + "r8gn.metal-48xl", + "c8i.large", + "c8i.xlarge", + "c8i.2xlarge", + "c8i.4xlarge", + "c8i.8xlarge", + "c8i.12xlarge", + "c8i.16xlarge", + "c8i.24xlarge", + "c8i.32xlarge", + "c8i.48xlarge", + "c8i.96xlarge", + "c8i.metal-48xl", + "c8i.metal-96xl", + "c8i-flex.large", + "c8i-flex.xlarge", + "c8i-flex.2xlarge", + "c8i-flex.4xlarge", + "c8i-flex.8xlarge", + "c8i-flex.12xlarge", + "c8i-flex.16xlarge", + "r8gb.medium", + "r8gb.large", + "r8gb.xlarge", + "r8gb.2xlarge", + "r8gb.4xlarge", + "r8gb.8xlarge", + "r8gb.12xlarge", + "r8gb.16xlarge", + "r8gb.24xlarge", + "r8gb.metal-24xl", + "m8a.medium", + "m8a.large", + "m8a.xlarge", + "m8a.2xlarge", + "m8a.4xlarge", + "m8a.8xlarge", + "m8a.12xlarge", + "m8a.16xlarge", + "m8a.24xlarge", + "m8a.48xlarge", + "m8a.metal-24xl", + "m8a.metal-48xl", + "trn2.3xlarge", + "r8a.medium", + "r8a.large", + "r8a.xlarge", + "r8a.2xlarge", + "r8a.4xlarge", + "r8a.8xlarge", + "r8a.12xlarge", + "r8a.16xlarge", + "r8a.24xlarge", + "r8a.48xlarge", + "r8a.metal-24xl", + "r8a.metal-48xl" ] }, "InstanceTypeHypervisor":{ @@ -39880,6 +44419,11 @@ "shape":"PhcSupport", "documentation":"

Indicates whether a local Precision Time Protocol (PTP) hardware clock (PHC) is supported.

", "locationName":"phcSupport" + }, + "RebootMigrationSupport":{ + "shape":"RebootMigrationSupport", + "documentation":"

Indicates whether reboot migration during a user-initiated reboot is supported for instances that have a scheduled system-reboot event. For more information, see Enable or disable reboot migration in the Amazon EC2 User Guide.

", + "locationName":"rebootMigrationSupport" } }, "documentation":"

Describes the instance type.

" @@ -40179,7 +44723,7 @@ }, "CidrIp":{ "shape":"String", - "documentation":"

The IPv4 address range. You can either specify a CIDR block or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.

", + "documentation":"

The IPv4 address range. You can either specify a CIDR block or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.

Amazon Web Services canonicalizes IPv4 and IPv6 CIDRs. For example, if you specify 100.68.0.18/18 for the CIDR block, Amazon Web Services canonicalizes the CIDR block to 100.68.0.0/18. Any subsequent DescribeSecurityGroups and DescribeSecurityGroupRules calls will return the canonicalized form of the CIDR block. Additionally, if you attempt to add another rule with the non-canonical form of the CIDR (such as 100.68.0.18/18) and there is already a rule for the canonicalized form of the CIDR block (such as 100.68.0.0/18), the API throws an duplicate rule error.

", "locationName":"cidrIp" } }, @@ -40294,6 +44838,11 @@ "shape":"Boolean", "documentation":"

Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.

", "locationName":"enablePrivateGua" + }, + "MeteredAccount":{ + "shape":"IpamMeteredAccount", + "documentation":"

A metered account is an Amazon Web Services account that is charged for active IP addresses managed in IPAM. For more information, see Enable cost distribution in the Amazon VPC IPAM User Guide.

Possible values:

  • ipam-owner (default): The Amazon Web Services account which owns the IPAM is charged for all active IP addresses managed in IPAM.

  • resource-owner: The Amazon Web Services account that owns the IP address is charged for the active IP address.

", + "locationName":"meteredAccount" } }, "documentation":"

IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.

" @@ -40763,6 +45312,13 @@ "max":1000, "min":5 }, + "IpamMeteredAccount":{ + "type":"string", + "enum":[ + "ipam-owner", + "resource-owner" + ] + }, "IpamNetmaskLength":{ "type":"integer", "max":128, @@ -41182,6 +45738,416 @@ "restore-in-progress" ] }, + "IpamPrefixListResolver":{ + "type":"structure", + "members":{ + "OwnerId":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services account that owns the IPAM prefix list resolver.

", + "locationName":"ownerId" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver.

", + "locationName":"ipamPrefixListResolverId" + }, + "IpamPrefixListResolverArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the IPAM prefix list resolver.

", + "locationName":"ipamPrefixListResolverArn" + }, + "IpamArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the IPAM associated with this resolver.

", + "locationName":"ipamArn" + }, + "IpamRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the associated IPAM is located.

", + "locationName":"ipamRegion" + }, + "Description":{ + "shape":"String", + "documentation":"

The description of the IPAM prefix list resolver.

", + "locationName":"description" + }, + "AddressFamily":{ + "shape":"AddressFamily", + "documentation":"

The address family (IPv4 or IPv6) for the IPAM prefix list resolver.

", + "locationName":"addressFamily" + }, + "State":{ + "shape":"IpamPrefixListResolverState", + "documentation":"

The current state of the IPAM prefix list resolver. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.

", + "locationName":"state" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags assigned to the IPAM prefix list resolver.

", + "locationName":"tagSet" + }, + "LastVersionCreationStatus":{ + "shape":"IpamPrefixListResolverVersionCreationStatus", + "documentation":"

The status for the last time a version was created.

Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.

", + "locationName":"lastVersionCreationStatus" + }, + "LastVersionCreationStatusMessage":{ + "shape":"String", + "documentation":"

The status message for the last time a version was created.

Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.

", + "locationName":"lastVersionCreationStatusMessage" + } + }, + "documentation":"

Describes an IPAM prefix list resolver.

An IPAM prefix list resolver is a component that manages the synchronization between IPAM's CIDR selection rules and customer-managed prefix lists. It automates connectivity configurations by selecting CIDRs from IPAM's database based on your business logic and synchronizing them with prefix lists used in resources such as VPC route tables and security groups.

" + }, + "IpamPrefixListResolverId":{"type":"string"}, + "IpamPrefixListResolverRule":{ + "type":"structure", + "members":{ + "RuleType":{ + "shape":"IpamPrefixListResolverRuleType", + "documentation":"

The type of CIDR selection rule. Valid values include include for selecting CIDRs that match the conditions, and exclude for excluding CIDRs that match the conditions.

", + "locationName":"ruleType" + }, + "StaticCidr":{ + "shape":"String", + "documentation":"

A fixed list of CIDRs that do not change (like a manual list replicated across Regions).

", + "locationName":"staticCidr" + }, + "IpamScopeId":{ + "shape":"IpamScopeId", + "documentation":"

The ID of the IPAM scope from which to select CIDRs. This determines whether to select from public or private IP address space.

", + "locationName":"ipamScopeId" + }, + "ResourceType":{ + "shape":"IpamResourceType", + "documentation":"

For rules of type ipam-resource-cidr, this is the resource type.

", + "locationName":"resourceType" + }, + "Conditions":{ + "shape":"IpamPrefixListResolverRuleConditionSet", + "documentation":"

The conditions that determine which CIDRs are selected by this rule. Conditions specify criteria such as resource type, tags, account IDs, and Regions.

", + "locationName":"conditionSet" + } + }, + "documentation":"

Describes a CIDR selection rule.

CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.

" + }, + "IpamPrefixListResolverRuleCondition":{ + "type":"structure", + "members":{ + "Operation":{ + "shape":"IpamPrefixListResolverRuleConditionOperation", + "documentation":"

The operation to perform when evaluating this condition. Valid values include equals, not-equals, contains, and not-contains.

", + "locationName":"operation" + }, + "IpamPoolId":{ + "shape":"String", + "documentation":"

The ID of the IPAM pool to match against. This condition selects CIDRs that belong to the specified IPAM pool.

", + "locationName":"ipamPoolId" + }, + "ResourceId":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services resource to match against. This condition selects CIDRs associated with the specified resource.

", + "locationName":"resourceId" + }, + "ResourceOwner":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID that owns the resources to match against. This condition selects CIDRs from resources owned by the specified account.

", + "locationName":"resourceOwner" + }, + "ResourceRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the resources are located. This condition selects CIDRs from resources in the specified Region.

", + "locationName":"resourceRegion" + }, + "ResourceTag":{ + "shape":"IpamResourceTag", + "documentation":"

A tag key-value pair to match against. This condition selects CIDRs from resources that have the specified tag.

", + "locationName":"resourceTag" + }, + "Cidr":{ + "shape":"String", + "documentation":"

A CIDR block to match against. This condition selects CIDRs that fall within or match the specified CIDR range.

", + "locationName":"cidr" + } + }, + "documentation":"

Describes a condition within a CIDR selection rule. Conditions define the criteria for selecting CIDRs from IPAM's database based on resource attributes.

CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.

There are three rule types. Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.

  • Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions)

  • IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool)

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Conditions:

      • Property

        • IPAM pool ID: Select an IPAM pool that contains the resources

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

  • Scope resource CIDR: CIDRs from Amazon Web Services resources like VPCs, subnets, EIPs within an IPAM scope

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Resource type: Select a resource, like a VPC or subnet.

    • Conditions:

      • Property:

        • Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)

        • Resource owner (like 111122223333)

        • Resource region (like us-east-1)

        • Resource tag (like key: name, value: dev-vpc-1)

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

" + }, + "IpamPrefixListResolverRuleConditionOperation":{ + "type":"string", + "enum":[ + "equals", + "not-equals", + "subnet-of" + ] + }, + "IpamPrefixListResolverRuleConditionRequest":{ + "type":"structure", + "required":["Operation"], + "members":{ + "Operation":{ + "shape":"IpamPrefixListResolverRuleConditionOperation", + "documentation":"

The operation to perform when evaluating this condition.

" + }, + "IpamPoolId":{ + "shape":"String", + "documentation":"

The ID of the IPAM pool to match against. This condition selects CIDRs that belong to the specified IPAM pool.

" + }, + "ResourceId":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services resource to match against. This condition selects CIDRs associated with the specified resource.

" + }, + "ResourceOwner":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID that owns the resources to match against. This condition selects CIDRs from resources owned by the specified account.

" + }, + "ResourceRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the resources are located. This condition selects CIDRs from resources in the specified Region.

" + }, + "ResourceTag":{ + "shape":"RequestIpamResourceTag", + "documentation":"

A tag key-value pair to match against. This condition selects CIDRs from resources that have the specified tag.

" + }, + "Cidr":{ + "shape":"String", + "documentation":"

A CIDR block to match against. This condition selects CIDRs that fall within or match the specified CIDR range.

" + } + }, + "documentation":"

Describes a condition used when creating or modifying resolver rules.

CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.

There are three rule types. Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.

  • Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions)

  • IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool)

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Conditions:

      • Property

        • IPAM pool ID: Select an IPAM pool that contains the resources

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

  • Scope resource CIDR: CIDRs from Amazon Web Services resources like VPCs, subnets, EIPs within an IPAM scope

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Resource type: Select a resource, like a VPC or subnet.

    • Conditions:

      • Property:

        • Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)

        • Resource owner (like 111122223333)

        • Resource region (like us-east-1)

        • Resource tag (like key: name, value: dev-vpc-1)

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

" + }, + "IpamPrefixListResolverRuleConditionRequestSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverRuleConditionRequest", + "locationName":"Condition" + } + }, + "IpamPrefixListResolverRuleConditionSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverRuleCondition", + "locationName":"item" + } + }, + "IpamPrefixListResolverRuleRequest":{ + "type":"structure", + "required":["RuleType"], + "members":{ + "RuleType":{ + "shape":"IpamPrefixListResolverRuleType", + "documentation":"

The type of CIDR selection rule. Valid values include include for selecting CIDRs that match the conditions, and exclude for excluding CIDRs that match the conditions.

" + }, + "StaticCidr":{ + "shape":"String", + "documentation":"

A fixed list of CIDRs that do not change (like a manual list replicated across Regions).

" + }, + "IpamScopeId":{ + "shape":"IpamScopeId", + "documentation":"

The ID of the IPAM scope from which to select CIDRs. This determines whether to select from public or private IP address space.

" + }, + "ResourceType":{ + "shape":"IpamResourceType", + "documentation":"

For rules of type ipam-resource-cidr, this is the resource type.

" + }, + "Conditions":{ + "shape":"IpamPrefixListResolverRuleConditionRequestSet", + "documentation":"

The conditions that determine which CIDRs are selected by this rule. Conditions specify criteria such as resource type, tags, account IDs, and Regions.

", + "locationName":"Condition" + } + }, + "documentation":"

Describes a CIDR selection rule to include in a request. This is used when creating or modifying resolver rules.

CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.

There are three rule types. Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.

  • Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions)

  • IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool)

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Conditions:

      • Property

        • IPAM pool ID: Select an IPAM pool that contains the resources

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

  • Scope resource CIDR: CIDRs from Amazon Web Services resources like VPCs, subnets, EIPs within an IPAM scope

    If you choose this option, choose the following:

    • IPAM scope: Select the IPAM scope to search for resources

    • Resource type: Select a resource, like a VPC or subnet.

    • Conditions:

      • Property:

        • Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)

        • Resource owner (like 111122223333)

        • Resource region (like us-east-1)

        • Resource tag (like key: name, value: dev-vpc-1)

        • CIDR (like 10.24.34.0/23)

      • Operation: Equals/Not equals

      • Value: The value on which to match the condition

" + }, + "IpamPrefixListResolverRuleRequestSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverRuleRequest", + "locationName":"Rule" + } + }, + "IpamPrefixListResolverRuleSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverRule", + "locationName":"item" + } + }, + "IpamPrefixListResolverRuleType":{ + "type":"string", + "enum":[ + "static-cidr", + "ipam-resource-cidr", + "ipam-pool-cidr" + ] + }, + "IpamPrefixListResolverSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolver", + "locationName":"item" + } + }, + "IpamPrefixListResolverState":{ + "type":"string", + "enum":[ + "create-in-progress", + "create-complete", + "create-failed", + "modify-in-progress", + "modify-complete", + "modify-failed", + "delete-in-progress", + "delete-complete", + "delete-failed", + "isolate-in-progress", + "isolate-complete", + "restore-in-progress" + ] + }, + "IpamPrefixListResolverTarget":{ + "type":"structure", + "members":{ + "IpamPrefixListResolverTargetId":{ + "shape":"IpamPrefixListResolverTargetId", + "documentation":"

The ID of the IPAM prefix list resolver target.

", + "locationName":"ipamPrefixListResolverTargetId" + }, + "IpamPrefixListResolverTargetArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Name (ARN) of the IPAM prefix list resolver target.

", + "locationName":"ipamPrefixListResolverTargetArn" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver associated with this target.

", + "locationName":"ipamPrefixListResolverId" + }, + "OwnerId":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services account that owns the IPAM prefix list resolver target.

", + "locationName":"ownerId" + }, + "PrefixListId":{ + "shape":"PrefixListResourceId", + "documentation":"

The ID of the managed prefix list associated with this target.

", + "locationName":"prefixListId" + }, + "PrefixListRegion":{ + "shape":"String", + "documentation":"

The Amazon Web Services Region where the prefix list associated with this target is located.

", + "locationName":"prefixListRegion" + }, + "DesiredVersion":{ + "shape":"BoxedLong", + "documentation":"

The desired version of the prefix list that this target should synchronize with.

", + "locationName":"desiredVersion" + }, + "LastSyncedVersion":{ + "shape":"BoxedLong", + "documentation":"

The version of the prefix list that was last successfully synchronized by this target.

", + "locationName":"lastSyncedVersion" + }, + "TrackLatestVersion":{ + "shape":"Boolean", + "documentation":"

Indicates whether this target automatically tracks the latest version of the prefix list.

", + "locationName":"trackLatestVersion" + }, + "StateMessage":{ + "shape":"String", + "documentation":"

A message describing the current state of the IPAM prefix list resolver target, including any error information.

", + "locationName":"stateMessage" + }, + "State":{ + "shape":"IpamPrefixListResolverTargetState", + "documentation":"

The current state of the IPAM prefix list resolver target. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.

", + "locationName":"state" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags assigned to the IPAM prefix list resolver target.

", + "locationName":"tagSet" + } + }, + "documentation":"

Describes an IPAM prefix list resolver target.

An IPAM prefix list resolver target is an association between a specific customer-managed prefix list and an IPAM prefix list resolver. The target enables the resolver to synchronize CIDRs selected by its rules into the specified prefix list, which can then be referenced in Amazon Web Services resources.

" + }, + "IpamPrefixListResolverTargetId":{"type":"string"}, + "IpamPrefixListResolverTargetSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverTarget", + "locationName":"item" + } + }, + "IpamPrefixListResolverTargetState":{ + "type":"string", + "enum":[ + "create-in-progress", + "create-complete", + "create-failed", + "modify-in-progress", + "modify-complete", + "modify-failed", + "sync-in-progress", + "sync-complete", + "sync-failed", + "delete-in-progress", + "delete-complete", + "delete-failed", + "isolate-in-progress", + "isolate-complete", + "restore-in-progress" + ] + }, + "IpamPrefixListResolverVersion":{ + "type":"structure", + "members":{ + "Version":{ + "shape":"Long", + "documentation":"

The version number of the IPAM prefix list resolver.

Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.

", + "locationName":"version" + } + }, + "documentation":"

Describes a version of an IPAM prefix list resolver.

Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.

Version example:

Initial State (Version 1)

Production environment:

  • vpc-prod-web (10.1.0.0/16) - tagged env=prod

  • vpc-prod-db (10.2.0.0/16) - tagged env=prod

Resolver rule: Include all VPCs tagged env=prod

Version 1 CIDRs: 10.1.0.0/16, 10.2.0.0/16

Infrastructure Change (Version 2)

New VPC added:

  • vpc-prod-api (10.3.0.0/16) - tagged env=prod

IPAM automatically detects the change and creates a new version.

Version 2 CIDRs: 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16

" + }, + "IpamPrefixListResolverVersionCreationStatus":{ + "type":"string", + "enum":[ + "pending", + "success", + "failure" + ] + }, + "IpamPrefixListResolverVersionEntry":{ + "type":"structure", + "members":{ + "Cidr":{ + "shape":"String", + "documentation":"

The CIDR block that was selected and synchronized in this resolver version.

", + "locationName":"cidr" + } + }, + "documentation":"

Describes a CIDR entry in a specific version of an IPAM prefix list resolver. This represents a CIDR that was selected and synchronized at a particular point in time.

" + }, + "IpamPrefixListResolverVersionEntrySet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverVersionEntry", + "locationName":"item" + } + }, + "IpamPrefixListResolverVersionNumberSet":{ + "type":"list", + "member":{ + "shape":"Long", + "locationName":"item" + } + }, + "IpamPrefixListResolverVersionSet":{ + "type":"list", + "member":{ + "shape":"IpamPrefixListResolverVersion", + "locationName":"item" + } + }, "IpamPublicAddressAssociationStatus":{ "type":"string", "enum":[ @@ -41478,7 +46444,7 @@ }, "State":{ "shape":"IpamResourceDiscoveryAssociationState", - "documentation":"

The lifecycle state of the association when you associate or disassociate a resource discovery.

  • associate-in-progress - Resource discovery is being associated.

  • associate-complete - Resource discovery association is complete.

  • associate-failed - Resource discovery association has failed.

  • disassociate-in-progress - Resource discovery is being disassociated.

  • disassociate-complete - Resource discovery disassociation is complete.

  • disassociate-failed - Resource discovery disassociation has failed.

  • isolate-in-progress - Amazon Web Services account that created the resource discovery association has been removed and the resource discovery associatation is being isolated.

  • isolate-complete - Resource discovery isolation is complete..

  • restore-in-progress - Resource discovery is being restored.

", + "documentation":"

The lifecycle state of the association when you associate or disassociate a resource discovery.

  • associate-in-progress - Resource discovery is being associated.

  • associate-complete - Resource discovery association is complete.

  • associate-failed - Resource discovery association has failed.

  • disassociate-in-progress - Resource discovery is being disassociated.

  • disassociate-complete - Resource discovery disassociation is complete.

  • disassociate-failed - Resource discovery disassociation has failed.

  • isolate-in-progress - Amazon Web Services account that created the resource discovery association has been removed and the resource discovery association is being isolated.

  • isolate-complete - Resource discovery isolation is complete.

  • restore-in-progress - Resource discovery is being restored.

", "locationName":"state" }, "Tags":{ @@ -41627,10 +46593,35 @@ "shape":"TagList", "documentation":"

The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

", "locationName":"tagSet" + }, + "ExternalAuthorityConfiguration":{ + "shape":"IpamScopeExternalAuthorityConfiguration", + "documentation":"

The external authority configuration for this IPAM scope, if configured.

The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.

In IPAM, an external authority is a third-party IP address management system that provides CIDR blocks when you provision address space for top-level IPAM pools. This allows you to use your existing IP management system to control which address ranges are allocated to Amazon Web Services while using Amazon VPC IPAM to manage subnets within those ranges.

", + "locationName":"externalAuthorityConfiguration" } }, "documentation":"

In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see How IPAM works in the Amazon VPC IPAM User Guide.

" }, + "IpamScopeExternalAuthorityConfiguration":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"IpamScopeExternalAuthorityType", + "documentation":"

The type of external authority managing this scope. Currently supports Infoblox for integration with Infoblox Universal DDI.

", + "locationName":"type" + }, + "ExternalResourceIdentifier":{ + "shape":"String", + "documentation":"

The identifier for the external resource managing this scope. For Infoblox integrations, this is the Infoblox resource identifier in the format <version>.identity.account.<entity_realm>.<entity_id>.

", + "locationName":"externalResourceIdentifier" + } + }, + "documentation":"

The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.

In IPAM, an external authority is a third-party IP address management system that provides CIDR blocks when you provision address space for top-level IPAM pools. This allows you to use your existing IP management system to control which address ranges are allocated to Amazon Web Services while using Amazon VPC IPAM to manage subnets within those ranges.

" + }, + "IpamScopeExternalAuthorityType":{ + "type":"string", + "enum":["infoblox"] + }, "IpamScopeId":{"type":"string"}, "IpamScopeSet":{ "type":"list", @@ -41885,7 +46876,7 @@ "documentation":"

The IPv6 prefix.

" } }, - "documentation":"

Describes the IPv4 prefix option for a network interface.

" + "documentation":"

Describes the IPv6 prefix option for a network interface.

" }, "Ipv6PrefixSpecificationResponse":{ "type":"structure", @@ -41915,7 +46906,7 @@ }, "CidrIpv6":{ "shape":"String", - "documentation":"

The IPv6 address range. You can either specify a CIDR block or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.

", + "documentation":"

The IPv6 address range. You can either specify a CIDR block or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.

Amazon Web Services canonicalizes IPv4 and IPv6 CIDRs. For example, if you specify 100.68.0.18/18 for the CIDR block, Amazon Web Services canonicalizes the CIDR block to 100.68.0.0/18. Any subsequent DescribeSecurityGroups and DescribeSecurityGroupRules calls will return the canonicalized form of the CIDR block. Additionally, if you attempt to add another rule with the non-canonical form of the CIDR (such as 100.68.0.18/18) and there is already a rule for the canonicalized form of the CIDR block (such as 100.68.0.0/18), the API throws an duplicate rule error.

", "locationName":"cidrIpv6" } }, @@ -42397,7 +47388,7 @@ }, "AmdSevSnp":{ "shape":"AmdSevSnpSpecification", - "documentation":"

Indicates whether the instance is enabled for AMD SEV-SNP. For more information, see AMD SEV-SNP.

", + "documentation":"

Indicates whether the instance is enabled for AMD SEV-SNP. For more information, see AMD SEV-SNP for Amazon EC2 instances.

", "locationName":"amdSevSnp" } }, @@ -42416,7 +47407,7 @@ }, "AmdSevSnp":{ "shape":"AmdSevSnpSpecification", - "documentation":"

Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see AMD SEV-SNP.

" + "documentation":"

Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see AMD SEV-SNP for Amazon EC2 instances.

" } }, "documentation":"

The CPU options for the instance. Both the core count and threads per core must be specified in the request.

" @@ -42463,6 +47454,11 @@ "shape":"Integer", "documentation":"

The throughput that the volume supports, in MiB/s.

", "locationName":"throughput" + }, + "VolumeInitializationRate":{ + "shape":"Integer", + "documentation":"

The Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate) specified for the volume, in MiB/s. If no volume initialization rate was specified, the value is null.

", + "locationName":"volumeInitializationRate" } }, "documentation":"

Describes a block device for an EBS volume.

" @@ -42480,7 +47476,7 @@ }, "Iops":{ "shape":"Integer", - "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 16,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is supported for io1, io2, and gp3 volumes only.

" + "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type:

  • gp3: 3,000 - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

This parameter is supported for io1, io2, and gp3 volumes only.

" }, "KmsKeyId":{ "shape":"KmsKeyId", @@ -42492,7 +47488,7 @@ }, "VolumeSize":{ "shape":"Integer", - "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1 - 16,384 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

" + "documentation":"

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:

  • gp2: 1 - 16,384 GiB

  • gp3: 1 - 65,536 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

" }, "VolumeType":{ "shape":"VolumeType", @@ -42500,7 +47496,11 @@ }, "Throughput":{ "shape":"Integer", - "documentation":"

The throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.

Valid Range: Minimum value of 125. Maximum value of 1000.

" + "documentation":"

The throughput to provision for a gp3 volume, with a maximum of 2,000 MiB/s.

Valid Range: Minimum value of 125. Maximum value of 2,000.

" + }, + "VolumeInitializationRate":{ + "shape":"Integer", + "documentation":"

Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as volume initialization. Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.

This parameter is supported only for volumes created from snapshots. Omit this parameter if:

  • You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.

    If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.

  • You want to create a volume that is initialized at the default rate.

For more information, see Initialize Amazon EBS volumes in the Amazon EC2 User Guide.

Valid range: 100 - 300 MiB/s

" } }, "documentation":"

The parameters for a block device for an EBS volume.

" @@ -42515,7 +47515,7 @@ }, "Count":{ "shape":"LaunchTemplateElasticInferenceAcceleratorCount", - "documentation":"

The number of elastic inference accelerators to attach to the instance.

Default: 1

" + "documentation":"

The number of elastic inference accelerators to attach to the instance.

" } }, "documentation":"

Amazon Elastic Inference is no longer available.

Describes an elastic inference accelerator.

" @@ -42536,12 +47536,12 @@ "members":{ "Type":{ "shape":"String", - "documentation":"

The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge.

", + "documentation":"

The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge.

", "locationName":"type" }, "Count":{ "shape":"Integer", - "documentation":"

The number of elastic inference accelerators to attach to the instance.

Default: 1

", + "documentation":"

The number of elastic inference accelerators to attach to the instance.

", "locationName":"count" } }, @@ -42600,7 +47600,7 @@ "documentation":"

To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter to true.

" } }, - "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

" + "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

" }, "LaunchTemplateErrorCode":{ "type":"string", @@ -42752,7 +47752,7 @@ }, "HttpPutResponseHopLimit":{ "shape":"Integer", - "documentation":"

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Default: 1

Possible values: Integers from 1 to 64

", + "documentation":"

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

Possible values: Integers from 1 to 64

", "locationName":"httpPutResponseHopLimit" }, "HttpEndpoint":{ @@ -42767,11 +47767,11 @@ }, "InstanceMetadataTags":{ "shape":"LaunchTemplateInstanceMetadataTagsState", - "documentation":"

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

", + "documentation":"

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see View tags for your EC2 instances using instance metadata.

Default: disabled

", "locationName":"instanceMetadataTags" } }, - "documentation":"

The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

" + "documentation":"

The metadata options for the instance. For more information, see Use instance metadata to manage your EC2 instance in the Amazon EC2 User Guide.

" }, "LaunchTemplateInstanceMetadataOptionsRequest":{ "type":"structure", @@ -42794,10 +47794,10 @@ }, "InstanceMetadataTags":{ "shape":"LaunchTemplateInstanceMetadataTagsState", - "documentation":"

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

Default: disabled

" + "documentation":"

Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see View tags for your EC2 instances using instance metadata.

Default: disabled

" } }, - "documentation":"

The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

" + "documentation":"

The metadata options for the instance. For more information, see Use instance metadata to manage your EC2 instance in the Amazon EC2 User Guide.

" }, "LaunchTemplateInstanceMetadataOptionsState":{ "type":"string", @@ -42825,7 +47825,7 @@ "members":{ "AssociateCarrierIpAddress":{ "shape":"Boolean", - "documentation":"

Indicates whether to associate a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP addresses in the Wavelength Developer Guide.

", + "documentation":"

Indicates whether to associate a Carrier IP address with eth0 for a new network interface.

Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information about Carrier IP addresses, see Carrier IP address in the Wavelength Developer Guide.

", "locationName":"associateCarrierIpAddress" }, "AssociatePublicIpAddress":{ @@ -42932,6 +47932,11 @@ "shape":"ConnectionTrackingSpecification", "documentation":"

A security group connection tracking specification that enables you to set the timeout for connection tracking on an Elastic network interface. For more information, see Idle connection tracking timeout in the Amazon EC2 User Guide.

", "locationName":"connectionTrackingSpecification" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues created with the instance.

", + "locationName":"enaQueueCount" } }, "documentation":"

Describes a network interface.

" @@ -42964,7 +47969,7 @@ }, "DeviceIndex":{ "shape":"Integer", - "documentation":"

The device index for the network interface attachment. Each network interface requires a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.

" + "documentation":"

The device index for the network interface attachment. The primary network interface has a device index of 0. Each network interface is of type interface, you must specify a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.

" }, "Groups":{ "shape":"SecurityGroupIdStringList", @@ -42973,7 +47978,7 @@ }, "InterfaceType":{ "shape":"String", - "documentation":"

The type of network interface. To create an Elastic Fabric Adapter (EFA), specify efa or efa. For more information, see Elastic Fabric Adapter in the Amazon EC2 User Guide.

If you are not creating an EFA, specify interface or omit this parameter.

If you specify efa-only, do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses.

Valid values: interface | efa | efa-only

" + "documentation":"

The type of network interface. To create an Elastic Fabric Adapter (EFA), specify efa or efa. For more information, see Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2 in the Amazon EC2 User Guide.

If you are not creating an EFA, specify interface or omit this parameter.

If you specify efa-only, do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses.

Valid values: interface | efa | efa-only

" }, "Ipv6AddressCount":{ "shape":"Integer", @@ -43036,6 +48041,10 @@ "ConnectionTrackingSpecification":{ "shape":"ConnectionTrackingSpecificationRequest", "documentation":"

A security group connection tracking specification that enables you to set the timeout for connection tracking on an Elastic network interface. For more information, see Idle connection tracking timeout in the Amazon EC2 User Guide.

" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues to be created with the instance.

" } }, "documentation":"

The parameters for a network interface.

" @@ -43172,6 +48181,11 @@ "documentation":"

The Availability Zone of the instance.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone of the instance.

", + "locationName":"availabilityZoneId" + }, "Affinity":{ "shape":"String", "documentation":"

The affinity setting for the instance on the Dedicated Host.

", @@ -43220,7 +48234,11 @@ "members":{ "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone for the instance.

" + "documentation":"

The Availability Zone for the instance.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone for the instance.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

" }, "Affinity":{ "shape":"String", @@ -43326,7 +48344,7 @@ "members":{ "MaxPrice":{ "shape":"String", - "documentation":"

The maximum hourly price you're willing to pay for the Spot Instances. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.

", + "documentation":"

The maximum hourly price you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. If you do specify this parameter, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an InvalidParameterValue error message when the launch template is used to launch an instance.

", "locationName":"maxPrice" }, "SpotInstanceType":{ @@ -43357,7 +48375,7 @@ "members":{ "MaxPrice":{ "shape":"String", - "documentation":"

The maximum hourly price you're willing to pay for the Spot Instances. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.

" + "documentation":"

The maximum hourly price you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. If you do specify this parameter, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an InvalidParameterValue error message when the launch template is used to launch an instance.

If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.

" }, "SpotInstanceType":{ "shape":"SpotInstanceType", @@ -44058,6 +49076,21 @@ "documentation":"

The ID of the local gateway.

", "locationName":"localGatewayId" }, + "LocalGatewayVirtualInterfaceGroupId":{ + "shape":"LocalGatewayVirtualInterfaceGroupId", + "documentation":"

The ID of the local gateway virtual interface group.

", + "locationName":"localGatewayVirtualInterfaceGroupId" + }, + "LocalGatewayVirtualInterfaceArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Number (ARN) of the local gateway virtual interface.

", + "locationName":"localGatewayVirtualInterfaceArn" + }, + "OutpostLagId":{ + "shape":"String", + "documentation":"

The Outpost LAG ID.

", + "locationName":"outpostLagId" + }, "Vlan":{ "shape":"Integer", "documentation":"

The ID of the VLAN.

", @@ -44083,6 +49116,11 @@ "documentation":"

The peer BGP ASN.

", "locationName":"peerBgpAsn" }, + "PeerBgpAsnExtended":{ + "shape":"Long", + "documentation":"

The extended 32-bit ASN of the BGP peer for use with larger ASN values.

", + "locationName":"peerBgpAsnExtended" + }, "OwnerId":{ "shape":"String", "documentation":"

The ID of the Amazon Web Services account that owns the local gateway virtual interface.

", @@ -44092,10 +49130,24 @@ "shape":"TagList", "documentation":"

The tags assigned to the virtual interface.

", "locationName":"tagSet" + }, + "ConfigurationState":{ + "shape":"LocalGatewayVirtualInterfaceConfigurationState", + "documentation":"

The current state of the local gateway virtual interface.

", + "locationName":"configurationState" } }, "documentation":"

Describes a local gateway virtual interface.

" }, + "LocalGatewayVirtualInterfaceConfigurationState":{ + "type":"string", + "enum":[ + "pending", + "available", + "deleting", + "deleted" + ] + }, "LocalGatewayVirtualInterfaceGroup":{ "type":"structure", "members":{ @@ -44119,14 +49171,44 @@ "documentation":"

The ID of the Amazon Web Services account that owns the local gateway virtual interface group.

", "locationName":"ownerId" }, + "LocalBgpAsn":{ + "shape":"Integer", + "documentation":"

The Autonomous System Number(ASN) for the local Border Gateway Protocol (BGP).

", + "locationName":"localBgpAsn" + }, + "LocalBgpAsnExtended":{ + "shape":"Long", + "documentation":"

The extended 32-bit ASN for the local BGP configuration.

", + "locationName":"localBgpAsnExtended" + }, + "LocalGatewayVirtualInterfaceGroupArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Number (ARN) of the local gateway virtual interface group.

", + "locationName":"localGatewayVirtualInterfaceGroupArn" + }, "Tags":{ "shape":"TagList", "documentation":"

The tags assigned to the virtual interface group.

", "locationName":"tagSet" + }, + "ConfigurationState":{ + "shape":"LocalGatewayVirtualInterfaceGroupConfigurationState", + "documentation":"

The current state of the local gateway virtual interface group.

", + "locationName":"configurationState" } }, "documentation":"

Describes a local gateway virtual interface group.

" }, + "LocalGatewayVirtualInterfaceGroupConfigurationState":{ + "type":"string", + "enum":[ + "pending", + "incomplete", + "available", + "deleting", + "deleted" + ] + }, "LocalGatewayVirtualInterfaceGroupId":{"type":"string"}, "LocalGatewayVirtualInterfaceGroupIdSet":{ "type":"list", @@ -44373,6 +49455,78 @@ "locationName":"item" } }, + "MacModificationTask":{ + "type":"structure", + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"

The ID of the Amazon EC2 Mac instance.

", + "locationName":"instanceId" + }, + "MacModificationTaskId":{ + "shape":"MacModificationTaskId", + "documentation":"

The ID of task.

", + "locationName":"macModificationTaskId" + }, + "MacSystemIntegrityProtectionConfig":{ + "shape":"MacSystemIntegrityProtectionConfiguration", + "documentation":"

[SIP modification tasks only] Information about the SIP configuration.

", + "locationName":"macSystemIntegrityProtectionConfig" + }, + "StartTime":{ + "shape":"MillisecondDateTime", + "documentation":"

The date and time the task was created, in the UTC timezone (YYYY-MM-DDThh:mm:ss.sssZ).

", + "locationName":"startTime" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags assigned to the task.

", + "locationName":"tagSet" + }, + "TaskState":{ + "shape":"MacModificationTaskState", + "documentation":"

The state of the task.

", + "locationName":"taskState" + }, + "TaskType":{ + "shape":"MacModificationTaskType", + "documentation":"

The type of task.

", + "locationName":"taskType" + } + }, + "documentation":"

Information about a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance.

" + }, + "MacModificationTaskId":{"type":"string"}, + "MacModificationTaskIdList":{ + "type":"list", + "member":{ + "shape":"MacModificationTaskId", + "locationName":"item" + } + }, + "MacModificationTaskList":{ + "type":"list", + "member":{ + "shape":"MacModificationTask", + "locationName":"item" + } + }, + "MacModificationTaskState":{ + "type":"string", + "enum":[ + "successful", + "failed", + "in-progress", + "pending" + ] + }, + "MacModificationTaskType":{ + "type":"string", + "enum":[ + "sip-modification", + "volume-ownership-delegation" + ] + }, "MacOSVersionStringList":{ "type":"list", "member":{ @@ -44380,6 +49534,93 @@ "locationName":"item" } }, + "MacSystemIntegrityProtectionConfiguration":{ + "type":"structure", + "members":{ + "AppleInternal":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Apple Internal was enabled or disabled by the task.

", + "locationName":"appleInternal" + }, + "BaseSystem":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Base System was enabled or disabled by the task.

", + "locationName":"baseSystem" + }, + "DebuggingRestrictions":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Debugging Restrictions was enabled or disabled by the task.

", + "locationName":"debuggingRestrictions" + }, + "DTraceRestrictions":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Dtrace Restrictions was enabled or disabled by the task.

", + "locationName":"dTraceRestrictions" + }, + "FilesystemProtections":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Filesystem Protections was enabled or disabled by the task.

", + "locationName":"filesystemProtections" + }, + "KextSigning":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether Kext Signing was enabled or disabled by the task.

", + "locationName":"kextSigning" + }, + "NvramProtections":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates whether NVRAM Protections was enabled or disabled by the task.

", + "locationName":"nvramProtections" + }, + "Status":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Indicates SIP was enabled or disabled by the task.

", + "locationName":"status" + } + }, + "documentation":"

Describes the configuration for a System Integrity Protection (SIP) modification task.

" + }, + "MacSystemIntegrityProtectionConfigurationRequest":{ + "type":"structure", + "members":{ + "AppleInternal":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Apple Internal.

" + }, + "BaseSystem":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Base System.

" + }, + "DebuggingRestrictions":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Debugging Restrictions.

" + }, + "DTraceRestrictions":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Dtrace Restrictions.

" + }, + "FilesystemProtections":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Filesystem Protections.

" + }, + "KextSigning":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Kext Signing.

" + }, + "NvramProtections":{ + "shape":"MacSystemIntegrityProtectionSettingStatus", + "documentation":"

Enables or disables Nvram Protections.

" + } + }, + "documentation":"

Describes a custom configuration for a System Integrity Protection (SIP) modification task.

" + }, + "MacSystemIntegrityProtectionSettingStatus":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, "MaintenanceDetails":{ "type":"structure", "members":{ @@ -44460,6 +49701,16 @@ "shape":"String", "documentation":"

The ID of the owner of the prefix list.

", "locationName":"ownerId" + }, + "IpamPrefixListResolverTargetId":{ + "shape":"String", + "documentation":"

The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.

An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.

", + "locationName":"ipamPrefixListResolverTargetId" + }, + "IpamPrefixListResolverSyncEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.

", + "locationName":"ipamPrefixListResolverSyncEnabled" } }, "documentation":"

Describes a managed prefix list.

" @@ -44478,6 +49729,22 @@ "capacity-block" ] }, + "MarketplaceProductCode":{"type":"string"}, + "MarketplaceProductCodeList":{ + "type":"list", + "member":{ + "shape":"MarketplaceProductCode", + "locationName":"item" + } + }, + "MarketplaceProductCodeRequest":{"type":"string"}, + "MarketplaceProductCodeRequestList":{ + "type":"list", + "member":{ + "shape":"MarketplaceProductCodeRequest", + "locationName":"item" + } + }, "MaxIpv4AddrPerInterface":{"type":"integer"}, "MaxIpv6AddrPerInterface":{"type":"integer"}, "MaxNetworkInterfaces":{"type":"integer"}, @@ -44488,7 +49755,20 @@ "min":0 }, "MaximumBandwidthInMbps":{"type":"integer"}, + "MaximumDaysSinceCreatedValue":{ + "type":"integer", + "max":2147483647, + "min":0 + }, + "MaximumDaysSinceDeprecatedValue":{ + "type":"integer", + "max":2147483647, + "min":0 + }, + "MaximumEbsAttachments":{"type":"integer"}, "MaximumEfaInterfaces":{"type":"integer"}, + "MaximumEnaQueueCount":{"type":"integer"}, + "MaximumEnaQueueCountPerInterface":{"type":"integer"}, "MaximumIops":{"type":"integer"}, "MaximumNetworkCards":{"type":"integer"}, "MaximumThroughputInMBps":{"type":"double"}, @@ -44644,6 +49924,89 @@ "no-preference" ] }, + "Metric":{ + "type":"string", + "enum":[ + "reservation-total-capacity-hrs-vcpu", + "reservation-total-capacity-hrs-inst", + "reservation-max-size-vcpu", + "reservation-max-size-inst", + "reservation-min-size-vcpu", + "reservation-min-size-inst", + "reservation-unused-total-capacity-hrs-vcpu", + "reservation-unused-total-capacity-hrs-inst", + "reservation-unused-total-estimated-cost", + "reservation-max-unused-size-vcpu", + "reservation-max-unused-size-inst", + "reservation-min-unused-size-vcpu", + "reservation-min-unused-size-inst", + "reservation-max-utilization", + "reservation-min-utilization", + "reservation-avg-utilization-vcpu", + "reservation-avg-utilization-inst", + "reservation-total-count", + "reservation-total-estimated-cost", + "reservation-avg-future-size-vcpu", + "reservation-avg-future-size-inst", + "reservation-min-future-size-vcpu", + "reservation-min-future-size-inst", + "reservation-max-future-size-vcpu", + "reservation-max-future-size-inst", + "reservation-avg-committed-size-vcpu", + "reservation-avg-committed-size-inst", + "reservation-max-committed-size-vcpu", + "reservation-max-committed-size-inst", + "reservation-min-committed-size-vcpu", + "reservation-min-committed-size-inst", + "reserved-total-usage-hrs-vcpu", + "reserved-total-usage-hrs-inst", + "reserved-total-estimated-cost", + "unreserved-total-usage-hrs-vcpu", + "unreserved-total-usage-hrs-inst", + "unreserved-total-estimated-cost", + "spot-total-usage-hrs-vcpu", + "spot-total-usage-hrs-inst", + "spot-total-estimated-cost", + "spot-avg-run-time-before-interruption-inst", + "spot-max-run-time-before-interruption-inst", + "spot-min-run-time-before-interruption-inst" + ] + }, + "MetricDataResult":{ + "type":"structure", + "members":{ + "Dimension":{ + "shape":"CapacityManagerDimension", + "documentation":"

The dimension values that identify this specific data point, such as account ID, region, and instance family.

", + "locationName":"dimension" + }, + "Timestamp":{ + "shape":"MillisecondDateTime", + "documentation":"

The timestamp for this data point, indicating when the capacity usage occurred.

", + "locationName":"timestamp" + }, + "MetricValues":{ + "shape":"MetricValueSet", + "documentation":"

The metric values and statistics for this data point, containing the actual capacity usage numbers.

", + "locationName":"metricValueSet" + } + }, + "documentation":"

Contains a single data point from a capacity metrics query, including the dimension values, timestamp, and metric values for that specific combination.

" + }, + "MetricDataResultSet":{ + "type":"list", + "member":{ + "shape":"MetricDataResult", + "locationName":"item" + } + }, + "MetricDimensionResultSet":{ + "type":"list", + "member":{ + "shape":"CapacityManagerDimension", + "locationName":"item" + } + }, "MetricPoint":{ "type":"structure", "members":{ @@ -44676,10 +50039,42 @@ "locationName":"item" } }, + "MetricSet":{ + "type":"list", + "member":{ + "shape":"Metric", + "locationName":"item" + }, + "max":40, + "min":0 + }, "MetricType":{ "type":"string", "enum":["aggregate-latency"] }, + "MetricValue":{ + "type":"structure", + "members":{ + "Metric":{ + "shape":"Metric", + "documentation":"

The name of the metric.

", + "locationName":"metric" + }, + "Value":{ + "shape":"Double", + "documentation":"

The numerical value of the metric for the specified statistic and time period.

", + "locationName":"value" + } + }, + "documentation":"

Represents a single metric value with its associated statistic, such as the sum or average of unused capacity hours.

" + }, + "MetricValueSet":{ + "type":"list", + "member":{ + "shape":"MetricValue", + "locationName":"item" + } + }, "MillisecondDateTime":{"type":"timestamp"}, "ModifyAddressAttributeRequest":{ "type":"structure", @@ -44892,9 +50287,13 @@ "shape":"ClientLoginBannerOptions", "documentation":"

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

" }, + "ClientRouteEnforcementOptions":{ + "shape":"ClientRouteEnforcementOptions", + "documentation":"

Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.

Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.

" + }, "DisconnectOnSessionTimeout":{ "shape":"Boolean", - "documentation":"

Indicates whether the client VPN session is disconnected after the maximum timeout specified in sessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is false.

" + "documentation":"

Indicates whether the client VPN session is disconnected after the maximum timeout specified in sessionTimeoutHours is reached. If true, users are prompted to reconnect client VPN. If false, client VPN attempts to reconnect automatically. The default value is true.

" } } }, @@ -45241,7 +50640,7 @@ }, "Attribute":{ "shape":"InstanceAttributeName", - "documentation":"

The name of the attribute to modify.

You can modify the following attributes only: disableApiTermination | instanceType | kernel | ramdisk | instanceInitiatedShutdownBehavior | blockDeviceMapping | userData | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport | enaSupport | nvmeSupport | disableApiStop | enclaveOptions

", + "documentation":"

The name of the attribute to modify.

When changing the instance type: If the original instance type is configured for configurable bandwidth, and the desired instance type doesn't support configurable bandwidth, first set the existing bandwidth configuration to default using the ModifyInstanceNetworkPerformanceOptions operation.

You can modify the following attributes only: disableApiTermination | instanceType | kernel | ramdisk | instanceInitiatedShutdownBehavior | blockDeviceMapping | userData | sourceDestCheck | groupSet | ebsOptimized | sriovNetSupport | enaSupport | nvmeSupport | disableApiStop | enclaveOptions

", "locationName":"attribute" }, "Value":{ @@ -45251,12 +50650,12 @@ }, "BlockDeviceMappings":{ "shape":"InstanceBlockDeviceMappingSpecificationList", - "documentation":"

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated. You can't modify the DeleteOnTermination attribute for volumes that are attached to Fargate tasks.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

", + "documentation":"

Modifies the DeleteOnTermination attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for DeleteOnTermination, the default is true and the volume is deleted when the instance is terminated. You can't modify the DeleteOnTermination attribute for volumes that are attached to Amazon Web Services-managed resources.

To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide.

", "locationName":"blockDeviceMapping" }, "DisableApiTermination":{ "shape":"AttributeBooleanValue", - "documentation":"

If the value is true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.

", + "documentation":"

Enable or disable termination protection for the instance. If the value is true, you can't terminate the instance using the Amazon EC2 console, command line interface, or API. You can't enable termination protection for Spot Instances.

", "locationName":"disableApiTermination" }, "InstanceType":{ @@ -45337,6 +50736,43 @@ } } }, + "ModifyInstanceConnectEndpointRequest":{ + "type":"structure", + "required":["InstanceConnectEndpointId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "InstanceConnectEndpointId":{ + "shape":"InstanceConnectEndpointId", + "documentation":"

The ID of the EC2 Instance Connect Endpoint to modify.

" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

The new IP address type for the EC2 Instance Connect Endpoint.

PreserveClientIp is only supported on IPv4 EC2 Instance Connect Endpoints. To use PreserveClientIp, the value for IpAddressType must be ipv4.

" + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIdStringListRequest", + "documentation":"

Changes the security groups for the EC2 Instance Connect Endpoint. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.

", + "locationName":"SecurityGroupId" + }, + "PreserveClientIp":{ + "shape":"Boolean", + "documentation":"

Indicates whether the client IP address is preserved as the source when you connect to a resource. The following are the possible values.

  • true - Use the IP address of the client. Your instance must have an IPv4 address.

  • false - Use the IP address of the network interface.

" + } + } + }, + "ModifyInstanceConnectEndpointResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "documentation":"

Is true if the request succeeds and an error otherwise.

", + "locationName":"return" + } + } + }, "ModifyInstanceCpuOptionsRequest":{ "type":"structure", "required":[ @@ -45502,6 +50938,10 @@ "shape":"InstanceAutoRecoveryState", "documentation":"

Disables the automatic recovery behavior of your instance or sets it to default.

" }, + "RebootMigration":{ + "shape":"InstanceRebootMigrationState", + "documentation":"

Specifies whether to attempt reboot migration during a user-initiated reboot of an instance that has a scheduled system-reboot event:

  • default - Amazon EC2 attempts to migrate the instance to new hardware (reboot migration). If successful, the system-reboot event is cleared. If unsuccessful, an in-place reboot occurs and the event remains scheduled.

  • disabled - Amazon EC2 keeps the instance on the same hardware (in-place reboot). The system-reboot event remains scheduled.

This setting only applies to supported instances that have a scheduled reboot event. For more information, see Enable or disable reboot migration in the Amazon EC2 User Guide.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" @@ -45520,6 +50960,11 @@ "shape":"InstanceAutoRecoveryState", "documentation":"

Provides information on the current automatic recovery behavior of your instance.

", "locationName":"autoRecovery" + }, + "RebootMigration":{ + "shape":"InstanceRebootMigrationState", + "documentation":"

Specifies whether to attempt reboot migration during a user-initiated reboot of an instance that has a scheduled system-reboot event:

  • default - Amazon EC2 attempts to migrate the instance to new hardware (reboot migration). If successful, the system-reboot event is cleared. If unsuccessful, an in-place reboot occurs and the event remains scheduled.

  • disabled - Amazon EC2 keeps the instance on the same hardware (in-place reboot). The system-reboot event remains scheduled.

This setting only applies to supported instances that have a scheduled reboot event. For more information, see Enable or disable reboot migration in the Amazon EC2 User Guide.

", + "locationName":"rebootMigration" } } }, @@ -45753,6 +51198,76 @@ } } }, + "ModifyIpamPrefixListResolverRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverId":{ + "shape":"IpamPrefixListResolverId", + "documentation":"

The ID of the IPAM prefix list resolver to modify.

" + }, + "Description":{ + "shape":"String", + "documentation":"

A new description for the IPAM prefix list resolver.

" + }, + "Rules":{ + "shape":"IpamPrefixListResolverRuleRequestSet", + "documentation":"

The updated CIDR selection rules for the resolver. These rules replace the existing rules entirely.

", + "locationName":"Rule" + } + } + }, + "ModifyIpamPrefixListResolverResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolver":{ + "shape":"IpamPrefixListResolver", + "documentation":"

Information about the modified IPAM prefix list resolver.

", + "locationName":"ipamPrefixListResolver" + } + } + }, + "ModifyIpamPrefixListResolverTargetRequest":{ + "type":"structure", + "required":["IpamPrefixListResolverTargetId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "IpamPrefixListResolverTargetId":{ + "shape":"IpamPrefixListResolverTargetId", + "documentation":"

The ID of the IPAM prefix list resolver target to modify.

" + }, + "DesiredVersion":{ + "shape":"BoxedLong", + "documentation":"

The desired version of the prefix list to target. This allows you to pin the target to a specific version.

" + }, + "TrackLatestVersion":{ + "shape":"BoxedBoolean", + "documentation":"

Indicates whether the resolver target should automatically track the latest version of the prefix list. When enabled, the target will always synchronize with the most current version.

Choose this for automatic updates when you want your prefix lists to stay current with infrastructure changes without manual intervention.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

", + "idempotencyToken":true + } + } + }, + "ModifyIpamPrefixListResolverTargetResult":{ + "type":"structure", + "members":{ + "IpamPrefixListResolverTarget":{ + "shape":"IpamPrefixListResolverTarget", + "documentation":"

Information about the modified IPAM prefix list resolver target.

", + "locationName":"ipamPrefixListResolverTarget" + } + } + }, "ModifyIpamRequest":{ "type":"structure", "required":["IpamId"], @@ -45786,6 +51301,10 @@ "EnablePrivateGua":{ "shape":"Boolean", "documentation":"

Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.

" + }, + "MeteredAccount":{ + "shape":"IpamMeteredAccount", + "documentation":"

A metered account is an Amazon Web Services account that is charged for active IP addresses managed in IPAM. For more information, see Enable cost distribution in the Amazon VPC IPAM User Guide.

Possible values:

  • ipam-owner (default): The Amazon Web Services account which owns the IPAM is charged for all active IP addresses managed in IPAM.

  • resource-owner: The Amazon Web Services account that owns the IP address is charged for the active IP address.

" } } }, @@ -45867,12 +51386,12 @@ }, "AddOrganizationalUnitExclusions":{ "shape":"AddIpamOrganizationalUnitExclusionSet", - "documentation":"

Add an Organizational Unit (OU) exclusion to your IPAM. If your IPAM is integrated with Amazon Web Services Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion. There is a limit on the number of exclusions you can create. For more information, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.

", + "documentation":"

Add an Organizational Unit (OU) exclusion to your IPAM. If your IPAM is integrated with Amazon Web Services Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion. There is a limit on the number of exclusions you can create. For more information, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.

The resulting set of exclusions must not result in \"overlap\", meaning two or more OU exclusions must not exclude the same OU. For more information and examples, see the Amazon Web Services CLI request process in Add or remove OU exclusions in the Amazon VPC User Guide.

", "locationName":"AddOrganizationalUnitExclusion" }, "RemoveOrganizationalUnitExclusions":{ "shape":"RemoveIpamOrganizationalUnitExclusionSet", - "documentation":"

Remove an Organizational Unit (OU) exclusion to your IPAM. If your IPAM is integrated with Amazon Web Services Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion. There is a limit on the number of exclusions you can create. For more information, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.

", + "documentation":"

Remove an Organizational Unit (OU) exclusion to your IPAM. If your IPAM is integrated with Amazon Web Services Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion. There is a limit on the number of exclusions you can create. For more information, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.

The resulting set of exclusions must not result in \"overlap\", meaning two or more OU exclusions must not exclude the same OU. For more information and examples, see the Amazon Web Services CLI request process in Add or remove OU exclusions in the Amazon VPC User Guide.

", "locationName":"RemoveOrganizationalUnitExclusion" } } @@ -45912,6 +51431,14 @@ "Description":{ "shape":"String", "documentation":"

The description of the scope you want to modify.

" + }, + "ExternalAuthorityConfiguration":{ + "shape":"ExternalAuthorityConfiguration", + "documentation":"

The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.

In IPAM, an external authority is a third-party IP address management system that provides CIDR blocks when you provision address space for top-level IPAM pools. This allows you to use your existing IP management system to control which address ranges are allocated to Amazon Web Services while using Amazon VPC IPAM to manage subnets within those ranges.

" + }, + "RemoveExternalAuthorityConfiguration":{ + "shape":"Boolean", + "documentation":"

Remove the external authority configuration. true to remove.

" } } }, @@ -45934,7 +51461,8 @@ }, "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

" + "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If a client token isn't specified, a randomly generated token is used in the request to ensure idempotency.

For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", + "idempotencyToken":true }, "LaunchTemplateId":{ "shape":"LaunchTemplateId", @@ -46034,6 +51562,10 @@ "MaxEntries":{ "shape":"Integer", "documentation":"

The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.

If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.

" + }, + "IpamPrefixListResolverSyncEnabled":{ + "shape":"BoxedBoolean", + "documentation":"

Indicates whether synchronization with an IPAM prefix list resolver should be enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the associated resolver's CIDR selection rules.

" } } }, @@ -46067,6 +51599,11 @@ "shape":"Boolean", "documentation":"

Indicates whether to assign a public IPv4 address to a network interface. This option can be enabled for any network interface but will only apply to the primary network interface (eth0).

" }, + "AssociatedSubnetIds":{ + "shape":"SubnetIdList", + "documentation":"

A list of subnet IDs to associate with the network interface.

", + "locationName":"AssociatedSubnetId" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -46136,6 +51673,37 @@ } } }, + "ModifyPublicIpDnsNameOptionsRequest":{ + "type":"structure", + "required":[ + "NetworkInterfaceId", + "HostnameType" + ], + "members":{ + "NetworkInterfaceId":{ + "shape":"NetworkInterfaceId", + "documentation":"

A network interface ID.

" + }, + "HostnameType":{ + "shape":"PublicIpDnsOption", + "documentation":"

The public hostname type. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

  • public-dual-stack-dns-name: A dual-stack public hostname for a network interface. Requests from within the VPC resolve to both the private IPv4 address and the IPv6 Global Unicast Address of the network interface. Requests from the internet resolve to both the public IPv4 and the IPv6 GUA address of the network interface.

  • public-ipv4-dns-name: An IPv4-enabled public hostname for a network interface. Requests from within the VPC resolve to the private primary IPv4 address of the network interface. Requests from the internet resolve to the public IPv4 address of the network interface.

  • public-ipv6-dns-name: An IPv6-enabled public hostname for a network interface. Requests from within the VPC or from the internet resolve to the IPv6 GUA of the network interface.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "ModifyPublicIpDnsNameOptionsResult":{ + "type":"structure", + "members":{ + "Successful":{ + "shape":"Boolean", + "documentation":"

Whether or not the request was successful.

", + "locationName":"successful" + } + } + }, "ModifyReservedInstancesRequest":{ "type":"structure", "required":[ @@ -46172,6 +51740,42 @@ }, "documentation":"

Contains the output of ModifyReservedInstances.

" }, + "ModifyRouteServerRequest":{ + "type":"structure", + "required":["RouteServerId"], + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server to modify.

" + }, + "PersistRoutes":{ + "shape":"RouteServerPersistRoutesAction", + "documentation":"

Specifies whether to persist routes after all BGP sessions are terminated.

  • enable: Routes will be persisted in FIB and RIB after all BGP sessions are terminated.

  • disable: Routes will not be persisted in FIB and RIB after all BGP sessions are terminated.

  • reset: If a route server has persisted routes due to all BGP sessions having ended, reset will withdraw all routes and reset route server to an empty FIB and RIB.

" + }, + "PersistRoutesDuration":{ + "shape":"BoxedLong", + "documentation":"

The number of minutes a route server will wait after BGP is re-established to unpersist the routes in the FIB and RIB. Value must be in the range of 1-5. Required if PersistRoutes is enabled.

If you set the duration to 1 minute, then when your network appliance re-establishes BGP with route server, it has 1 minute to relearn it's adjacent network and advertise those routes to route server before route server resumes normal functionality. In most cases, 1 minute is probably sufficient. If, however, you have concerns that your BGP network may not be capable of fully re-establishing and re-learning everything in 1 minute, you can increase the duration up to 5 minutes.

" + }, + "SnsNotificationsEnabled":{ + "shape":"Boolean", + "documentation":"

Specifies whether to enable SNS notifications for route server events. Enabling SNS notifications persists BGP status changes to an SNS topic provisioned by Amazon Web Services.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + } + } + }, + "ModifyRouteServerResult":{ + "type":"structure", + "members":{ + "RouteServer":{ + "shape":"RouteServer", + "documentation":"

Information about the modified route server.

", + "locationName":"routeServer" + } + } + }, "ModifySecurityGroupRulesRequest":{ "type":"structure", "required":[ @@ -46560,7 +52164,7 @@ }, "DefaultRouteTablePropagation":{ "shape":"DefaultRouteTablePropagationValue", - "documentation":"

Enable or disable automatic propagation of routes to the default propagation route table.

" + "documentation":"

Indicates whether resource attachments automatically propagate routes to the default propagation route table. Enabled by default. If defaultRouteTablePropagation is set to enable, Amazon Web Services Transit Gateway will create the default transit gateway route table.

" }, "PropagationDefaultRouteTableId":{ "shape":"TransitGatewayRouteTableId", @@ -47232,7 +52836,7 @@ }, "Size":{ "shape":"Integer", - "documentation":"

The target size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume.

The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1 - 16,384 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

Default: The existing size is retained.

" + "documentation":"

The target size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume.

The following are the supported volumes sizes for each volume type:

  • gp2: 1 - 16,384 GiB

  • gp3: 1 - 65,536 GiB

  • io1: 4 - 16,384 GiB

  • io2: 4 - 65,536 GiB

  • st1 and sc1: 125 - 16,384 GiB

  • standard: 1 - 1024 GiB

Default: The existing size is retained.

" }, "VolumeType":{ "shape":"VolumeType", @@ -47240,11 +52844,11 @@ }, "Iops":{ "shape":"Integer", - "documentation":"

The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes.

The following are the supported values for each volume type:

  • gp3: 3,000 - 16,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on instances built on the Nitro System. On other instances, you can achieve performance up to 32,000 IOPS.

Default: The existing value is retained if you keep the same volume type. If you change the volume type to io1, io2, or gp3, the default is 3,000.

" + "documentation":"

The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes.

The following are the supported values for each volume type:

  • gp3: 3,000 - 80,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

Instances built on the Nitro System can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.

Default: The existing value is retained if you keep the same volume type. If you change the volume type to io1, io2, or gp3, the default is 3,000.

" }, "Throughput":{ "shape":"Integer", - "documentation":"

The target throughput of the volume, in MiB/s. This parameter is valid only for gp3 volumes. The maximum value is 1,000.

Default: The existing value is retained if the source and target volume type is gp3. Otherwise, the default value is 125.

Valid Range: Minimum value of 125. Maximum value of 1000.

" + "documentation":"

The target throughput of the volume, in MiB/s. This parameter is valid only for gp3 volumes. The maximum value is 2,000.

Default: The existing value is retained if the source and target volume type is gp3. Otherwise, the default value is 125.

Valid Range: Minimum value of 125. Maximum value of 2,000.

" }, "MultiAttachEnabled":{ "shape":"Boolean", @@ -47797,6 +53401,10 @@ "SkipTunnelReplacement":{ "shape":"Boolean", "documentation":"

Choose whether or not to trigger immediate tunnel replacement. This is only applicable when turning on or off EnableTunnelLifecycleControl.

Valid values: True | False

" + }, + "PreSharedKeyStorage":{ + "shape":"String", + "documentation":"

Specifies the storage mode for the pre-shared key (PSK). Valid values are Standard (stored in Site-to-Site VPN service) or SecretsManager (stored in Amazon Web Services Secrets Manager).

" } } }, @@ -48498,6 +54106,21 @@ "shape":"PeakBandwidthInGbps", "documentation":"

The peak (burst) network performance of the network card, in Gbps.

", "locationName":"peakBandwidthInGbps" + }, + "DefaultEnaQueueCountPerInterface":{ + "shape":"DefaultEnaQueueCountPerInterface", + "documentation":"

The default number of the ENA queues for each interface.

", + "locationName":"defaultEnaQueueCountPerInterface" + }, + "MaximumEnaQueueCount":{ + "shape":"MaximumEnaQueueCount", + "documentation":"

The maximum number of the ENA queues.

", + "locationName":"maximumEnaQueueCount" + }, + "MaximumEnaQueueCountPerInterface":{ + "shape":"MaximumEnaQueueCountPerInterface", + "documentation":"

The maximum number of the ENA queues for each interface.

", + "locationName":"maximumEnaQueueCountPerInterface" } }, "documentation":"

Describes the network card support of the instance type.

" @@ -48581,6 +54204,11 @@ "shape":"BandwidthWeightingTypeList", "documentation":"

A list of valid settings for configurable bandwidth weighting for the instance type, if supported.

", "locationName":"bandwidthWeightings" + }, + "FlexibleEnaQueuesSupport":{ + "shape":"FlexibleEnaQueuesSupport", + "documentation":"

Indicates whether changing the number of ENA queues is supported.

", + "locationName":"flexibleEnaQueuesSupport" } }, "documentation":"

Describes the networking features of the instance type.

" @@ -48756,6 +54384,11 @@ "documentation":"

The Amazon Resource Names (ARN) of the resources that the path must traverse.

", "locationName":"filterInArnSet" }, + "FilterOutArns":{ + "shape":"ArnList", + "documentation":"

The Amazon Resource Names (ARN) of the resources that the path must ignore.

", + "locationName":"filterOutArnSet" + }, "StartDate":{ "shape":"MillisecondDateTime", "documentation":"

The time the analysis started.

", @@ -48991,9 +54624,19 @@ }, "PrivateDnsName":{ "shape":"String", - "documentation":"

The private DNS name.

", + "documentation":"

The private hostname. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

", "locationName":"privateDnsName" }, + "PublicDnsName":{ + "shape":"String", + "documentation":"

A public hostname. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

", + "locationName":"publicDnsName" + }, + "PublicIpDnsNameOptions":{ + "shape":"PublicIpDnsNameOptions", + "documentation":"

Public hostname type options. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

", + "locationName":"publicIpDnsNameOptions" + }, "PrivateIpAddress":{ "shape":"String", "documentation":"

The IPv4 address of the network interface within the subnet.

", @@ -49068,6 +54711,16 @@ "shape":"OperatorResponse", "documentation":"

The service provider that manages the network interface.

", "locationName":"operator" + }, + "AssociatedSubnets":{ + "shape":"AssociatedSubnetList", + "documentation":"

The subnets associated with this network interface.

", + "locationName":"associatedSubnetSet" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes a network interface.

" @@ -49160,6 +54813,11 @@ "shape":"AttachmentEnaSrdSpecification", "documentation":"

Configures ENA Express for the network interface that this action attaches to the instance.

", "locationName":"enaSrdSpecification" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues created with the instance.

", + "locationName":"enaQueueCount" } }, "documentation":"

Describes a network interface attachment.

" @@ -49167,6 +54825,14 @@ "NetworkInterfaceAttachmentChanges":{ "type":"structure", "members":{ + "DefaultEnaQueueCount":{ + "shape":"Boolean", + "documentation":"

The default number of the ENA queues.

" + }, + "EnaQueueCount":{ + "shape":"Integer", + "documentation":"

The number of ENA queues to be created with the instance.

" + }, "AttachmentId":{ "shape":"NetworkInterfaceAttachmentId", "documentation":"

The ID of the network interface attachment.

", @@ -49253,6 +54919,11 @@ "documentation":"

The IPv6 address.

", "locationName":"ipv6Address" }, + "PublicIpv6DnsName":{ + "shape":"String", + "documentation":"

An IPv6-enabled public hostname for a network interface. Requests from within the VPC or from the internet resolve to the IPv6 GUA of the network interface. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

", + "locationName":"publicIpv6DnsName" + }, "IsPrimaryIpv6":{ "shape":"Boolean", "documentation":"

Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see ModifyNetworkInterfaceAttribute.

", @@ -49414,6 +55085,13 @@ "aws_codestar_connections_managed" ] }, + "NetworkNodeSet":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + } + }, "NetworkNodesList":{ "type":"list", "member":{ @@ -49573,6 +55251,7 @@ "locationName":"item" } }, + "OdbNetworkArn":{"type":"string"}, "OfferingClassType":{ "type":"string", "enum":[ @@ -49728,7 +55407,7 @@ "members":{ "Managed":{ "shape":"Boolean", - "documentation":"

If true, the resource is managed by an service provider.

", + "documentation":"

If true, the resource is managed by a service provider.

", "locationName":"managed" }, "Principal":{ @@ -49737,7 +55416,7 @@ "locationName":"principal" } }, - "documentation":"

Describes whether the resource is managed by an service provider and, if so, describes the service provider that manages it.

" + "documentation":"

Describes whether the resource is managed by a service provider and, if so, describes the service provider that manages it.

" }, "OrganizationArnStringList":{ "type":"list", @@ -49757,6 +55436,74 @@ "type":"string", "pattern":"^arn:aws([a-z-]+)?:outposts:[a-z\\d-]+:\\d{12}:outpost/op-[a-f0-9]{17}$" }, + "OutpostLag":{ + "type":"structure", + "members":{ + "OutpostArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Number (ARN) of the Outpost LAG.

", + "locationName":"outpostArn" + }, + "OwnerId":{ + "shape":"String", + "documentation":"

The ID of the Outpost LAG owner.

", + "locationName":"ownerId" + }, + "State":{ + "shape":"String", + "documentation":"

The current state of the Outpost LAG.

", + "locationName":"state" + }, + "OutpostLagId":{ + "shape":"OutpostLagId", + "documentation":"

The ID of the Outpost LAG.

", + "locationName":"outpostLagId" + }, + "LocalGatewayVirtualInterfaceIds":{ + "shape":"LocalGatewayVirtualInterfaceIdSet", + "documentation":"

The IDs of the local gateway virtual interfaces associated with the Outpost LAG.

", + "locationName":"localGatewayVirtualInterfaceIdSet" + }, + "ServiceLinkVirtualInterfaceIds":{ + "shape":"ServiceLinkVirtualInterfaceIdSet", + "documentation":"

The service link virtual interface IDs associated with the Outpost LAG.

", + "locationName":"serviceLinkVirtualInterfaceIdSet" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags associated with the Outpost LAG.

", + "locationName":"tagSet" + } + }, + "documentation":"

Describes an Outpost link aggregation group (LAG).

" + }, + "OutpostLagId":{"type":"string"}, + "OutpostLagIdSet":{ + "type":"list", + "member":{ + "shape":"OutpostLagId", + "locationName":"item" + } + }, + "OutpostLagMaxResults":{ + "type":"integer", + "max":1000, + "min":5 + }, + "OutpostLagSet":{ + "type":"list", + "member":{ + "shape":"OutpostLag", + "locationName":"item" + } + }, + "OutputFormat":{ + "type":"string", + "enum":[ + "csv", + "parquet" + ] + }, "OwnerStringList":{ "type":"list", "member":{ @@ -50171,7 +55918,7 @@ "members":{ "InstanceFamily":{ "shape":"String", - "documentation":"

The instance family to use as a baseline reference.

Ensure that you specify the correct value for the instance family. The instance family is everything before the period (.) in the instance type name. For example, in the instance type c6i.large, the instance family is c6i, not c6. For more information, see Amazon EC2 instance type naming conventions in Amazon EC2 Instance Types.

The following instance families are not supported for performance protection:

  • c1

  • g3 | g3s

  • hpc7g

  • m1 | m2

  • mac1 | mac2 | mac2-m1ultra | mac2-m2 | mac2-m2pro

  • p3dn | p4d | p5

  • t1

  • u-12tb1 | u-18tb1 | u-24tb1 | u-3tb1 | u-6tb1 | u-9tb1 | u7i-12tb | u7in-16tb | u7in-24tb | u7in-32tb

If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families.

If you specify an unsupported instance family as a value for baseline performance, the API returns an empty response for and an exception for , , , and .

", + "documentation":"

The instance family to use as a baseline reference.

Ensure that you specify the correct value for the instance family. The instance family is everything before the period (.) in the instance type name. For example, in the instance type c6i.large, the instance family is c6i, not c6. For more information, see Amazon EC2 instance type naming conventions in Amazon EC2 Instance Types.

The following instance families are not supported for performance protection:

  • c1

  • g3 | g3s

  • hpc7g

  • m1 | m2

  • mac1 | mac2 | mac2-m1ultra | mac2-m2 | mac2-m2pro

  • p3dn | p4d | p5

  • t1

  • u-12tb1 | u-18tb1 | u-24tb1 | u-3tb1 | u-6tb1 | u-9tb1 | u7i-12tb | u7in-16tb | u7in-24tb | u7in-32tb

If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families.

If you specify an unsupported instance family as a value for baseline performance, the API returns an empty response for GetInstanceTypesFromInstanceRequirements and an exception for CreateFleet, RequestSpotFleet, ModifyFleet, and ModifySpotFleetRequest.

", "locationName":"instanceFamily" } }, @@ -50182,7 +55929,7 @@ "members":{ "InstanceFamily":{ "shape":"String", - "documentation":"

The instance family to use as a baseline reference.

Ensure that you specify the correct value for the instance family. The instance family is everything before the period (.) in the instance type name. For example, in the instance type c6i.large, the instance family is c6i, not c6. For more information, see Amazon EC2 instance type naming conventions in Amazon EC2 Instance Types.

The following instance families are not supported for performance protection:

  • c1

  • g3 | g3s

  • hpc7g

  • m1 | m2

  • mac1 | mac2 | mac2-m1ultra | mac2-m2 | mac2-m2pro

  • p3dn | p4d | p5

  • t1

  • u-12tb1 | u-18tb1 | u-24tb1 | u-3tb1 | u-6tb1 | u-9tb1 | u7i-12tb | u7in-16tb | u7in-24tb | u7in-32tb

If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families.

If you specify an unsupported instance family as a value for baseline performance, the API returns an empty response for and an exception for , , , and .

" + "documentation":"

The instance family to use as a baseline reference.

Ensure that you specify the correct value for the instance family. The instance family is everything before the period (.) in the instance type name. For example, in the instance type c6i.large, the instance family is c6i, not c6. For more information, see Amazon EC2 instance type naming conventions in Amazon EC2 Instance Types.

The following instance families are not supported for performance protection:

  • c1

  • g3 | g3s

  • hpc7g

  • m1 | m2

  • mac1 | mac2 | mac2-m1ultra | mac2-m2 | mac2-m2pro

  • p3dn | p4d | p5

  • t1

  • u-12tb1 | u-18tb1 | u-24tb1 | u-3tb1 | u-6tb1 | u-9tb1 | u7i-12tb | u7in-16tb | u7in-24tb | u7in-32tb

If you enable performance protection by specifying a supported instance family, the returned instance types will exclude the above unsupported instance families.

If you specify an unsupported instance family as a value for baseline performance, the API returns an empty response for GetInstanceTypesFromInstanceRequirements and an exception for CreateFleet, RequestSpotFleet, ModifyFleet, and ModifySpotFleetRequest.

" } }, "documentation":"

Specify an instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture.

Currently, only one instance family can be specified in the list.

" @@ -50201,6 +55948,11 @@ "locationName":"item" } }, + "Period":{ + "type":"integer", + "max":86400, + "min":3600 + }, "PeriodType":{ "type":"string", "enum":[ @@ -50436,6 +56188,11 @@ "Placement":{ "type":"structure", "members":{ + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone of the instance.

On input, you can specify AvailabilityZone or AvailabilityZoneId, but not both. If you specify neither one, Amazon EC2 automatically selects an Availability Zone for you.

This parameter is not supported for CreateFleet.

", + "locationName":"availabilityZoneId" + }, "Affinity":{ "shape":"String", "documentation":"

The affinity setting for the instance on the Dedicated Host.

This parameter is not supported for CreateFleet or ImportInstance.

", @@ -50443,7 +56200,7 @@ }, "GroupName":{ "shape":"PlacementGroupName", - "documentation":"

The name of the placement group that the instance is in. If you specify GroupName, you can't specify GroupId.

", + "documentation":"

The name of the placement group that the instance is in.

On input, you can specify GroupId or GroupName, but not both.

", "locationName":"groupName" }, "PartitionNumber":{ @@ -50468,17 +56225,17 @@ }, "HostResourceGroupArn":{ "shape":"String", - "documentation":"

The ARN of the host resource group in which to launch the instances.

If you specify this parameter, either omit the Tenancy parameter or set it to host.

This parameter is not supported for CreateFleet.

", + "documentation":"

The ARN of the host resource group in which to launch the instances.

On input, if you specify this parameter, either omit the Tenancy parameter or set it to host.

This parameter is not supported for CreateFleet.

", "locationName":"hostResourceGroupArn" }, "GroupId":{ "shape":"PlacementGroupId", - "documentation":"

The ID of the placement group that the instance is in. If you specify GroupId, you can't specify GroupName.

", + "documentation":"

The ID of the placement group that the instance is in.

On input, you can specify GroupId or GroupName, but not both.

", "locationName":"groupId" }, "AvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported for CreateFleet.

", + "documentation":"

The Availability Zone of the instance.

On input, you can specify AvailabilityZone or AvailabilityZoneId, but not both. If you specify neither one, Amazon EC2 automatically selects an Availability Zone for you.

This parameter is not supported for CreateFleet.

", "locationName":"availabilityZone" } }, @@ -50943,7 +56700,7 @@ "members":{ "State":{ "shape":"DnsNameState", - "documentation":"

The verification state of the VPC endpoint service.

>Consumers of the endpoint service can use the private name only when the state is verified.

", + "documentation":"

The verification state of the VPC endpoint service.

Consumers of the endpoint service can use the private name only when the state is verified.

", "locationName":"state" }, "Type":{ @@ -51024,6 +56781,15 @@ }, "documentation":"

Describes the options for instance hostnames.

" }, + "PrivateDnsSpecifiedDomainSet":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + }, + "max":10, + "min":0 + }, "PrivateIpAddressConfigSet":{ "type":"list", "member":{ @@ -51414,6 +57180,40 @@ "documentation":"

The status of an updated pointer (PTR) record for an Elastic IP address.

" }, "PublicIpAddress":{"type":"string"}, + "PublicIpDnsNameOptions":{ + "type":"structure", + "members":{ + "DnsHostnameType":{ + "shape":"String", + "documentation":"

The public hostname type. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

", + "locationName":"dnsHostnameType" + }, + "PublicIpv4DnsName":{ + "shape":"String", + "documentation":"

An IPv4-enabled public hostname for a network interface. Requests from within the VPC resolve to the private primary IPv4 address of the network interface. Requests from the internet resolve to the public IPv4 address of the network interface.

", + "locationName":"publicIpv4DnsName" + }, + "PublicIpv6DnsName":{ + "shape":"String", + "documentation":"

An IPv6-enabled public hostname for a network interface. Requests from within the VPC or from the internet resolve to the IPv6 GUA of the network interface.

", + "locationName":"publicIpv6DnsName" + }, + "PublicDualStackDnsName":{ + "shape":"String", + "documentation":"

A dual-stack public hostname for a network interface. Requests from within the VPC resolve to both the private IPv4 address and the IPv6 Global Unicast Address of the network interface. Requests from the internet resolve to both the public IPv4 and the IPv6 GUA address of the network interface.

", + "locationName":"publicDualStackDnsName" + } + }, + "documentation":"

Public hostname type options. For more information, see EC2 instance hostnames, DNS names, and domains in the Amazon EC2 User Guide.

" + }, + "PublicIpDnsOption":{ + "type":"string", + "enum":[ + "public-dual-stack-dns-name", + "public-ipv4-dns-name", + "public-ipv6-dns-name" + ] + }, "PublicIpStringList":{ "type":"list", "member":{ @@ -51619,6 +57419,11 @@ "shape":"CapacityReservation", "documentation":"

The Capacity Reservation.

", "locationName":"capacityReservation" + }, + "CapacityBlocks":{ + "shape":"CapacityBlockSet", + "documentation":"

The Capacity Block.

", + "locationName":"capacityBlockSet" } } }, @@ -51837,6 +57642,13 @@ } } }, + "RebootMigrationSupport":{ + "type":"string", + "enum":[ + "unsupported", + "supported" + ] + }, "RecurringCharge":{ "type":"structure", "members":{ @@ -51970,16 +57782,16 @@ "members":{ "ImageLocation":{ "shape":"String", - "documentation":"

The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACLs in the Amazon S3 Service Developer Guide.

" + "documentation":"

The full path to your AMI manifest in Amazon S3 storage. The specified bucket must have the aws-exec-read canned access control list (ACL) to ensure that it can be accessed by Amazon EC2. For more information, see Canned ACL in the Amazon S3 Service Developer Guide.

" }, "BillingProducts":{ "shape":"BillingProductList", - "documentation":"

The billing product codes. Your account must be authorized to specify billing product codes.

If your account is not authorized to specify billing product codes, you can publish AMIs that include billable software and list them on the Amazon Web Services Marketplace. You must first register as a seller on the Amazon Web Services Marketplace. For more information, see Getting started as a seller and AMI-based products in the Amazon Web Services Marketplace Seller Guide.

", + "documentation":"

The billing product codes. Your account must be authorized to specify billing product codes.

If your account is not authorized to specify billing product codes, you can publish AMIs that include billable software and list them on the Amazon Web Services Marketplace. You must first register as a seller on the Amazon Web Services Marketplace. For more information, see Getting started as an Amazon Web Services Marketplace seller and AMI-based products in Amazon Web Services Marketplace in the Amazon Web Services Marketplace Seller Guide.

", "locationName":"BillingProduct" }, "BootMode":{ "shape":"BootModeValues", - "documentation":"

The boot mode of the AMI. A value of uefi-preferred indicates that the AMI supports both UEFI and Legacy BIOS.

The operating system contained in the AMI must be configured to support the specified boot mode.

For more information, see Boot modes in the Amazon EC2 User Guide.

" + "documentation":"

The boot mode of the AMI. A value of uefi-preferred indicates that the AMI supports both UEFI and Legacy BIOS.

The operating system contained in the AMI must be configured to support the specified boot mode.

For more information, see Instance launch behavior with Amazon EC2 boot modes in the Amazon EC2 User Guide.

" }, "TpmSupport":{ "shape":"TpmSupportValues", @@ -51987,7 +57799,7 @@ }, "UefiData":{ "shape":"StringType", - "documentation":"

Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot in the Amazon EC2 User Guide.

" + "documentation":"

Base64 representation of the non-volatile UEFI variable store. To retrieve the UEFI data, use the GetInstanceUefiData command. You can inspect and modify the UEFI data by using the python-uefivars tool on GitHub. For more information, see UEFI Secure Boot for Amazon EC2 instances in the Amazon EC2 User Guide.

" }, "ImdsSupport":{ "shape":"ImdsSupportValues", @@ -52035,7 +57847,7 @@ }, "BlockDeviceMappings":{ "shape":"BlockDeviceMappingRequestList", - "documentation":"

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can't specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Amazon EBS local snapshots on Outposts in the Amazon EBS User Guide.

", + "documentation":"

The block device mapping entries.

If you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can't specify the encryption state of the volume.

If you create an AMI on an Outpost, then all backing snapshots must be on the same Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can be used to launch instances on the same Outpost only. For more information, Create AMIs from local snapshots in the Amazon EBS User Guide.

", "locationName":"BlockDeviceMapping" }, "VirtualizationType":{ @@ -52726,6 +58538,10 @@ "shape":"CoreNetworkArn", "documentation":"

The Amazon Resource Name (ARN) of the core network.

" }, + "OdbNetworkArn":{ + "shape":"OdbNetworkArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network.

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -53040,7 +58856,7 @@ "members":{ "KernelId":{ "shape":"KernelId", - "documentation":"

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon EC2 User Guide.

" + "documentation":"

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon Linux 2 User Guide.

" }, "EbsOptimized":{ "shape":"Boolean", @@ -53086,7 +58902,7 @@ }, "DisableApiTermination":{ "shape":"Boolean", - "documentation":"

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

" + "documentation":"

Indicates whether termination protection is enabled for the instance. The default is false, which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.

" }, "InstanceInitiatedShutdownBehavior":{ "shape":"ShutdownBehavior", @@ -53094,7 +58910,7 @@ }, "UserData":{ "shape":"SensitiveUserData", - "documentation":"

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Run commands on your Amazon EC2 instance at launch in the Amazon EC2 User Guide.

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

" + "documentation":"

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Run commands when you launch an EC2 instance with user data input in the Amazon EC2 User Guide.

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

" }, "TagSpecifications":{ "shape":"LaunchTemplateTagSpecificationRequestList", @@ -53103,12 +58919,18 @@ }, "ElasticGpuSpecifications":{ "shape":"ElasticGpuSpecificationList", - "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.

", + "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024.

", + "deprecated":true, + "deprecatedMessage":"Specifying Elastic Graphics accelerators is no longer supported on the RunInstances API.", + "deprecatedSince":"2024-01-08", "locationName":"ElasticGpuSpecification" }, "ElasticInferenceAccelerators":{ "shape":"LaunchTemplateElasticInferenceAcceleratorList", - "documentation":"

Amazon Elastic Inference is no longer available.

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.

", + "documentation":"

Amazon Elastic Inference is no longer available.

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

", + "deprecated":true, + "deprecatedMessage":"Specifying Elastic Inference accelerators is no longer supported on the RunInstances API.", + "deprecatedSince":"2024-01-08", "locationName":"ElasticInferenceAccelerator" }, "SecurityGroupIds":{ @@ -53131,7 +58953,7 @@ }, "CpuOptions":{ "shape":"LaunchTemplateCpuOptionsRequest", - "documentation":"

The CPU options for the instance. For more information, see Optimize CPU options in the Amazon EC2 User Guide.

" + "documentation":"

The CPU options for the instance. For more information, see CPU options for Amazon EC2 instances in the Amazon EC2 User Guide.

" }, "CapacityReservationSpecification":{ "shape":"LaunchTemplateCapacityReservationSpecificationRequest", @@ -53148,11 +58970,11 @@ }, "MetadataOptions":{ "shape":"LaunchTemplateInstanceMetadataOptionsRequest", - "documentation":"

The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

" + "documentation":"

The metadata options for the instance. For more information, see Configure the Instance Metadata Service options in the Amazon EC2 User Guide.

" }, "EnclaveOptions":{ "shape":"LaunchTemplateEnclaveOptionsRequest", - "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

" + "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

" }, "InstanceRequirements":{ "shape":"InstanceRequirementsRequest", @@ -53168,7 +58990,7 @@ }, "DisableApiStop":{ "shape":"Boolean", - "documentation":"

Indicates whether to enable the instance for stop protection. For more information, see Enable stop protection for your instance in the Amazon EC2 User Guide.

" + "documentation":"

Indicates whether to enable the instance for stop protection. For more information, see Enable stop protection for your EC2 instances in the Amazon EC2 User Guide.

" }, "Operator":{ "shape":"OperatorRequest", @@ -53420,6 +59242,13 @@ }, "documentation":"

Describes a launch request for one or more instances, and includes owner, requester, and security group information that applies to all instances in the launch request.

" }, + "ReservationEndDateType":{ + "type":"string", + "enum":[ + "limited", + "unlimited" + ] + }, "ReservationFleetInstanceSpecification":{ "type":"structure", "members":{ @@ -53469,12 +59298,26 @@ "ReservationState":{ "type":"string", "enum":[ + "active", + "expired", + "cancelled", + "scheduled", + "pending", + "failed", + "delayed", + "unsupported", "payment-pending", "payment-failed", - "active", "retired" ] }, + "ReservationType":{ + "type":"string", + "enum":[ + "capacity-block", + "odcr" + ] + }, "ReservationValue":{ "type":"structure", "members":{ @@ -53591,6 +59434,11 @@ "documentation":"

Any tags assigned to the resource.

", "locationName":"tagSet" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "ReservedInstancesId":{ "shape":"String", "documentation":"

The ID of the Reserved Instance.

", @@ -53676,6 +59524,11 @@ "shape":"scope", "documentation":"

Whether the Reserved Instance is applied to instances in a Region or instances in a specific Availability Zone.

", "locationName":"scope" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes the configuration settings for the modified Reserved Instances.

" @@ -53908,6 +59761,11 @@ "documentation":"

Whether the Reserved Instance is applied to instances in a Region or an Availability Zone.

", "locationName":"scope" }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "ReservedInstancesOfferingId":{ "shape":"String", "documentation":"

The ID of the Reserved Instance offering. This is the offering ID used in GetReservedInstancesExchangeQuote to confirm that an exchange can be made.

", @@ -54211,6 +60069,7 @@ "fpga-image", "host-reservation", "image", + "image-usage-report", "import-image-task", "import-snapshot-task", "instance", @@ -54236,6 +60095,7 @@ "network-insights-path", "network-insights-access-scope", "network-insights-access-scope-analysis", + "outpost-lag", "placement-group", "prefix-list", "replace-root-volume-task", @@ -54243,6 +60103,7 @@ "route-table", "security-group", "security-group-rule", + "service-link-virtual-interface", "snapshot", "spot-fleet-request", "spot-instances-request", @@ -54278,13 +60139,64 @@ "verified-access-trust-provider", "vpn-connection-device-type", "vpc-block-public-access-exclusion", + "route-server", + "route-server-endpoint", + "route-server-peer", "ipam-resource-discovery", "ipam-resource-discovery-association", "instance-connect-endpoint", "verified-access-endpoint-target", - "ipam-external-resource-verification-token" + "ipam-external-resource-verification-token", + "capacity-block", + "mac-modification-task", + "ipam-prefix-list-resolver", + "ipam-prefix-list-resolver-target", + "capacity-manager-data-export" ] }, + "ResourceTypeOption":{ + "type":"structure", + "members":{ + "OptionName":{ + "shape":"ImageReferenceOptionName", + "documentation":"

The name of the option.

  • For ec2:Instance:

    Specify state-name - The current state of the EC2 instance.

  • For ec2:LaunchTemplate:

    Specify version-depth - The number of launch template versions to check, starting from the most recent version.

" + }, + "OptionValues":{ + "shape":"ResourceTypeOptionValuesList", + "documentation":"

A value for the specified option.

  • For state-name:

    • Valid values: pending | running | shutting-down | terminated | stopping | stopped

    • Default: All states

  • For version-depth:

    • Valid values: Integers between 1 and 10000

    • Default: 10

", + "locationName":"OptionValue" + } + }, + "documentation":"

The options that affect the scope of the response.

" + }, + "ResourceTypeOptionList":{ + "type":"list", + "member":{"shape":"ResourceTypeOption"} + }, + "ResourceTypeOptionValue":{"type":"string"}, + "ResourceTypeOptionValuesList":{ + "type":"list", + "member":{"shape":"ResourceTypeOptionValue"} + }, + "ResourceTypeRequest":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ImageReferenceResourceType", + "documentation":"

The resource type.

" + }, + "ResourceTypeOptions":{ + "shape":"ResourceTypeOptionList", + "documentation":"

The options that affect the scope of the response. Valid only when ResourceType is ec2:Instance or ec2:LaunchTemplate.

", + "locationName":"ResourceTypeOption" + } + }, + "documentation":"

A resource type to check for image references. Associated options can also be specified if the resource type is an EC2 instance or launch template.

" + }, + "ResourceTypeRequestList":{ + "type":"list", + "member":{"shape":"ResourceTypeRequest"} + }, "ResponseError":{ "type":"structure", "members":{ @@ -54345,7 +60257,7 @@ }, "ImageId":{ "shape":"String", - "documentation":"

The ID of the AMI or a Systems Manager parameter. The Systems Manager parameter will resolve to the ID of the AMI at instance launch.

The value depends on what you specified in the request. The possible values are:

  • If an AMI ID was specified in the request, then this is the AMI ID.

  • If a Systems Manager parameter was specified in the request, and ResolveAlias was configured as true, then this is the AMI ID that the parameter is mapped to in the Parameter Store.

  • If a Systems Manager parameter was specified in the request, and ResolveAlias was configured as false, then this is the parameter value.

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

", + "documentation":"

The ID of the AMI or a Systems Manager parameter. The Systems Manager parameter will resolve to the ID of the AMI at instance launch.

The value depends on what you specified in the request. The possible values are:

  • If an AMI ID was specified in the request, then this is the AMI ID.

  • If a Systems Manager parameter was specified in the request, and ResolveAlias was configured as true, then this is the AMI ID that the parameter is mapped to in the Parameter Store.

  • If a Systems Manager parameter was specified in the request, and ResolveAlias was configured as false, then this is the parameter value.

For more information, see Use a Systems Manager parameter instead of an AMI ID in the Amazon EC2 User Guide.

", "locationName":"imageId" }, "InstanceType":{ @@ -54395,12 +60307,12 @@ }, "ElasticGpuSpecifications":{ "shape":"ElasticGpuSpecificationResponseList", - "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.

", + "documentation":"

Deprecated.

Amazon Elastic Graphics reached end of life on January 8, 2024.

", "locationName":"elasticGpuSpecificationSet" }, "ElasticInferenceAccelerators":{ "shape":"LaunchTemplateElasticInferenceAcceleratorResponseList", - "documentation":"

Amazon Elastic Inference is no longer available.

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.

", + "documentation":"

Amazon Elastic Inference is no longer available.

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

You cannot specify accelerators from different generations in the same request.

", "locationName":"elasticInferenceAcceleratorSet" }, "SecurityGroupIds":{ @@ -54425,7 +60337,7 @@ }, "CpuOptions":{ "shape":"LaunchTemplateCpuOptions", - "documentation":"

The CPU options for the instance. For more information, see Optimize CPU options in the Amazon EC2 User Guide.

", + "documentation":"

The CPU options for the instance. For more information, see CPU options for Amazon EC2 instances in the Amazon EC2 User Guide.

", "locationName":"cpuOptions" }, "CapacityReservationSpecification":{ @@ -54445,7 +60357,7 @@ }, "MetadataOptions":{ "shape":"LaunchTemplateInstanceMetadataOptions", - "documentation":"

The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

", + "documentation":"

The metadata options for the instance. For more information, see Configure the Instance Metadata Service options in the Amazon EC2 User Guide.

", "locationName":"metadataOptions" }, "EnclaveOptions":{ @@ -54470,7 +60382,7 @@ }, "DisableApiStop":{ "shape":"Boolean", - "documentation":"

Indicates whether the instance is enabled for stop protection. For more information, see Enable stop protection for your instance in the Amazon EC2 User Guide.

", + "documentation":"

Indicates whether the instance is enabled for stop protection. For more information, see Enable stop protection for your EC2 instances in the Amazon EC2 User Guide.

", "locationName":"disableApiStop" }, "Operator":{ @@ -55048,7 +60960,7 @@ }, "Origin":{ "shape":"RouteOrigin", - "documentation":"

Describes how the route was created.

  • CreateRouteTable - The route was automatically created when the route table was created.

  • CreateRoute - The route was manually added to the route table.

  • EnableVgwRoutePropagation - The route was propagated by route propagation.

", + "documentation":"

Describes how the route was created.

  • CreateRouteTable - The route was automatically created when the route table was created.

  • CreateRoute - The route was manually added to the route table.

  • EnableVgwRoutePropagation - The route was propagated by route propagation.

  • Advertisement - The route was created dynamically by Amazon VPC Route Server.

", "locationName":"origin" }, "State":{ @@ -55065,6 +60977,16 @@ "shape":"CoreNetworkArn", "documentation":"

The Amazon Resource Name (ARN) of the core network.

", "locationName":"coreNetworkArn" + }, + "OdbNetworkArn":{ + "shape":"OdbNetworkArn", + "documentation":"

The Amazon Resource Name (ARN) of the ODB network.

", + "locationName":"odbNetworkArn" + }, + "IpAddress":{ + "shape":"String", + "documentation":"

The next hop IP address for routes propagated by VPC Route Server into VPC route tables.

", + "locationName":"ipAddress" } }, "documentation":"

Describes a route in a route table.

" @@ -55082,14 +61004,523 @@ "enum":[ "CreateRouteTable", "CreateRoute", - "EnableVgwRoutePropagation" + "EnableVgwRoutePropagation", + "Advertisement" + ] + }, + "RouteServer":{ + "type":"structure", + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The unique identifier of the route server.

", + "locationName":"routeServerId" + }, + "AmazonSideAsn":{ + "shape":"Long", + "documentation":"

The Border Gateway Protocol (BGP) Autonomous System Number (ASN) for the appliance. Valid values are from 1 to 4294967295. We recommend using a private ASN in the 64512–65534 (16-bit ASN) or 4200000000–4294967294 (32-bit ASN) range.

", + "locationName":"amazonSideAsn" + }, + "State":{ + "shape":"RouteServerState", + "documentation":"

The current state of the route server.

", + "locationName":"state" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

Any tags assigned to the route server.

", + "locationName":"tagSet" + }, + "PersistRoutesState":{ + "shape":"RouteServerPersistRoutesState", + "documentation":"

The current state of route persistence for the route server.

", + "locationName":"persistRoutesState" + }, + "PersistRoutesDuration":{ + "shape":"BoxedLong", + "documentation":"

The number of minutes a route server will wait after BGP is re-established to unpersist the routes in the FIB and RIB. Value must be in the range of 1-5. The default value is 1. Only valid if persistRoutesState is 'enabled'.

If you set the duration to 1 minute, then when your network appliance re-establishes BGP with route server, it has 1 minute to relearn it's adjacent network and advertise those routes to route server before route server resumes normal functionality. In most cases, 1 minute is probably sufficient. If, however, you have concerns that your BGP network may not be capable of fully re-establishing and re-learning everything in 1 minute, you can increase the duration up to 5 minutes.

", + "locationName":"persistRoutesDuration" + }, + "SnsNotificationsEnabled":{ + "shape":"Boolean", + "documentation":"

Indicates whether SNS notifications are enabled for the route server. Enabling SNS notifications persists BGP status changes to an SNS topic provisioned by Amazon Web Services.

", + "locationName":"snsNotificationsEnabled" + }, + "SnsTopicArn":{ + "shape":"String", + "documentation":"

The ARN of the SNS topic where notifications are published.

", + "locationName":"snsTopicArn" + } + }, + "documentation":"

Describes a route server and its configuration.

Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred IPv4 or IPv6 routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.

Route server supports the follow route table types:

  • VPC route tables not associated with subnets

  • Subnet route tables

  • Internet gateway route tables

Route server does not support route tables associated with virtual private gateways. To propagate routes into a transit gateway route table, use Transit Gateway Connect.

" + }, + "RouteServerAssociation":{ + "type":"structure", + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the associated route server.

", + "locationName":"routeServerId" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

The ID of the associated VPC.

", + "locationName":"vpcId" + }, + "State":{ + "shape":"RouteServerAssociationState", + "documentation":"

The current state of the association.

", + "locationName":"state" + } + }, + "documentation":"

Describes the association between a route server and a VPC.

A route server association is the connection established between a route server and a VPC.

" + }, + "RouteServerAssociationState":{ + "type":"string", + "enum":[ + "associating", + "associated", + "disassociating" ] }, + "RouteServerAssociationsList":{ + "type":"list", + "member":{ + "shape":"RouteServerAssociation", + "locationName":"item" + } + }, + "RouteServerBfdState":{ + "type":"string", + "enum":[ + "up", + "down" + ] + }, + "RouteServerBfdStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"RouteServerBfdState", + "documentation":"

The operational status of the BFD session.

", + "locationName":"status" + } + }, + "documentation":"

The current status of Bidirectional Forwarding Detection (BFD) for a BGP session.

" + }, + "RouteServerBgpOptions":{ + "type":"structure", + "members":{ + "PeerAsn":{ + "shape":"Long", + "documentation":"

The Border Gateway Protocol (BGP) Autonomous System Number (ASN) for the appliance. Valid values are from 1 to 4294967295. We recommend using a private ASN in the 64512–65534 (16-bit ASN) or 4200000000–4294967294 (32-bit ASN) range.

", + "locationName":"peerAsn" + }, + "PeerLivenessDetection":{ + "shape":"RouteServerPeerLivenessMode", + "documentation":"

The liveness detection protocol used for the BGP peer.

The requested liveness detection protocol for the BGP peer.

  • bgp-keepalive: The standard BGP keep alive mechanism (RFC4271) that is stable but may take longer to fail-over in cases of network impact or router failure.

  • bfd: An additional Bidirectional Forwarding Detection (BFD) protocol (RFC5880) that enables fast failover by using more sensitive liveness detection.

Defaults to bgp-keepalive.

", + "locationName":"peerLivenessDetection" + } + }, + "documentation":"

The BGP configuration options for a route server peer.

" + }, + "RouteServerBgpOptionsRequest":{ + "type":"structure", + "required":["PeerAsn"], + "members":{ + "PeerAsn":{ + "shape":"Long", + "documentation":"

The Border Gateway Protocol (BGP) Autonomous System Number (ASN) for the appliance. Valid values are from 1 to 4294967295. We recommend using a private ASN in the 64512–65534 (16-bit ASN) or 4200000000–4294967294 (32-bit ASN) range.

" + }, + "PeerLivenessDetection":{ + "shape":"RouteServerPeerLivenessMode", + "documentation":"

The requested liveness detection protocol for the BGP peer.

  • bgp-keepalive: The standard BGP keep alive mechanism (RFC4271) that is stable but may take longer to fail-over in cases of network impact or router failure.

  • bfd: An additional Bidirectional Forwarding Detection (BFD) protocol (RFC5880) that enables fast failover by using more sensitive liveness detection.

Defaults to bgp-keepalive.

" + } + }, + "documentation":"

The BGP configuration options requested for a route server peer.

" + }, + "RouteServerBgpState":{ + "type":"string", + "enum":[ + "up", + "down" + ] + }, + "RouteServerBgpStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"RouteServerBgpState", + "documentation":"

The operational status of the BGP session. The status enables you to monitor session liveness if you lack monitoring on your router/appliance.

", + "locationName":"status" + } + }, + "documentation":"

The current status of a BGP session.

" + }, + "RouteServerEndpoint":{ + "type":"structure", + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server associated with this endpoint.

", + "locationName":"routeServerId" + }, + "RouteServerEndpointId":{ + "shape":"RouteServerEndpointId", + "documentation":"

The unique identifier of the route server endpoint.

", + "locationName":"routeServerEndpointId" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

The ID of the VPC containing the endpoint.

", + "locationName":"vpcId" + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"

The ID of the subnet to place the route server endpoint into.

", + "locationName":"subnetId" + }, + "EniId":{ + "shape":"NetworkInterfaceId", + "documentation":"

The ID of the Elastic network interface for the endpoint.

", + "locationName":"eniId" + }, + "EniAddress":{ + "shape":"String", + "documentation":"

The IP address of the Elastic network interface for the endpoint.

", + "locationName":"eniAddress" + }, + "State":{ + "shape":"RouteServerEndpointState", + "documentation":"

The current state of the route server endpoint.

", + "locationName":"state" + }, + "FailureReason":{ + "shape":"String", + "documentation":"

The reason for any failure in endpoint creation or operation.

", + "locationName":"failureReason" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

Any tags assigned to the route server endpoint.

", + "locationName":"tagSet" + } + }, + "documentation":"

Describes a route server endpoint and its properties.

A route server endpoint is an Amazon Web Services-managed component inside a subnet that facilitates BGP (Border Gateway Protocol) connections between your route server and your BGP peers.

" + }, + "RouteServerEndpointId":{"type":"string"}, + "RouteServerEndpointIdsList":{ + "type":"list", + "member":{"shape":"RouteServerEndpointId"} + }, + "RouteServerEndpointState":{ + "type":"string", + "enum":[ + "pending", + "available", + "deleting", + "deleted", + "failing", + "failed", + "delete-failed" + ] + }, + "RouteServerEndpointsList":{ + "type":"list", + "member":{ + "shape":"RouteServerEndpoint", + "locationName":"item" + } + }, + "RouteServerId":{"type":"string"}, + "RouteServerIdsList":{ + "type":"list", + "member":{"shape":"RouteServerId"} + }, + "RouteServerMaxResults":{ + "type":"integer", + "max":1000, + "min":5 + }, + "RouteServerPeer":{ + "type":"structure", + "members":{ + "RouteServerPeerId":{ + "shape":"RouteServerPeerId", + "documentation":"

The unique identifier of the route server peer.

", + "locationName":"routeServerPeerId" + }, + "RouteServerEndpointId":{ + "shape":"RouteServerEndpointId", + "documentation":"

The ID of the route server endpoint associated with this peer.

", + "locationName":"routeServerEndpointId" + }, + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server associated with this peer.

", + "locationName":"routeServerId" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

The ID of the VPC containing the route server peer.

", + "locationName":"vpcId" + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"

The ID of the subnet containing the route server peer.

", + "locationName":"subnetId" + }, + "State":{ + "shape":"RouteServerPeerState", + "documentation":"

The current state of the route server peer.

", + "locationName":"state" + }, + "FailureReason":{ + "shape":"String", + "documentation":"

The reason for any failure in peer creation or operation.

", + "locationName":"failureReason" + }, + "EndpointEniId":{ + "shape":"NetworkInterfaceId", + "documentation":"

The ID of the Elastic network interface for the route server endpoint.

", + "locationName":"endpointEniId" + }, + "EndpointEniAddress":{ + "shape":"String", + "documentation":"

The IP address of the Elastic network interface for the route server endpoint.

", + "locationName":"endpointEniAddress" + }, + "PeerAddress":{ + "shape":"String", + "documentation":"

The IPv4 address of the peer device.

", + "locationName":"peerAddress" + }, + "BgpOptions":{ + "shape":"RouteServerBgpOptions", + "documentation":"

The BGP configuration options for this peer, including ASN (Autonomous System Number) and BFD (Bidrectional Forwarding Detection) settings.

", + "locationName":"bgpOptions" + }, + "BgpStatus":{ + "shape":"RouteServerBgpStatus", + "documentation":"

The current status of the BGP session with this peer.

", + "locationName":"bgpStatus" + }, + "BfdStatus":{ + "shape":"RouteServerBfdStatus", + "documentation":"

The current status of the BFD session with this peer.

", + "locationName":"bfdStatus" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

Any tags assigned to the route server peer.

", + "locationName":"tagSet" + } + }, + "documentation":"

Describes a BGP peer configuration for a route server endpoint.

A route server peer is a session between a route server endpoint and the device deployed in Amazon Web Services (such as a firewall appliance or other network security function running on an EC2 instance). The device must meet these requirements:

  • Have an elastic network interface in the VPC

  • Support BGP (Border Gateway Protocol)

  • Can initiate BGP sessions

" + }, + "RouteServerPeerId":{"type":"string"}, + "RouteServerPeerIdsList":{ + "type":"list", + "member":{"shape":"RouteServerPeerId"} + }, + "RouteServerPeerLivenessMode":{ + "type":"string", + "enum":[ + "bfd", + "bgp-keepalive" + ] + }, + "RouteServerPeerState":{ + "type":"string", + "enum":[ + "pending", + "available", + "deleting", + "deleted", + "failing", + "failed" + ] + }, + "RouteServerPeersList":{ + "type":"list", + "member":{ + "shape":"RouteServerPeer", + "locationName":"item" + } + }, + "RouteServerPersistRoutesAction":{ + "type":"string", + "enum":[ + "enable", + "disable", + "reset" + ] + }, + "RouteServerPersistRoutesState":{ + "type":"string", + "enum":[ + "enabling", + "enabled", + "resetting", + "disabling", + "disabled", + "modifying" + ] + }, + "RouteServerPropagation":{ + "type":"structure", + "members":{ + "RouteServerId":{ + "shape":"RouteServerId", + "documentation":"

The ID of the route server configured for route propagation.

", + "locationName":"routeServerId" + }, + "RouteTableId":{ + "shape":"RouteTableId", + "documentation":"

The ID of the route table configured for route server propagation.

", + "locationName":"routeTableId" + }, + "State":{ + "shape":"RouteServerPropagationState", + "documentation":"

The current state of route propagation.

", + "locationName":"state" + } + }, + "documentation":"

Describes the route propagation configuration between a route server and a route table.

When enabled, route server propagation installs the routes in the FIB on the route table you've specified. Route server supports IPv4 and IPv6 route propagation.

" + }, + "RouteServerPropagationState":{ + "type":"string", + "enum":[ + "pending", + "available", + "deleting" + ] + }, + "RouteServerPropagationsList":{ + "type":"list", + "member":{ + "shape":"RouteServerPropagation", + "locationName":"item" + } + }, + "RouteServerRoute":{ + "type":"structure", + "members":{ + "RouteServerEndpointId":{ + "shape":"RouteServerEndpointId", + "documentation":"

The ID of the route server endpoint that received this route.

", + "locationName":"routeServerEndpointId" + }, + "RouteServerPeerId":{ + "shape":"RouteServerPeerId", + "documentation":"

The ID of the route server peer that advertised this route.

", + "locationName":"routeServerPeerId" + }, + "RouteInstallationDetails":{ + "shape":"RouteServerRouteInstallationDetails", + "documentation":"

Details about the installation status of this route in route tables.

", + "locationName":"routeInstallationDetailSet" + }, + "RouteStatus":{ + "shape":"RouteServerRouteStatus", + "documentation":"

The current status of the route in the routing database. Values are in-rib or in-fib depending on if the routes are in the RIB or the FIB database.

The Routing Information Base (RIB) serves as a database that stores all the routing information and network topology data collected by a router or routing system, such as routes learned from BGP peers. The RIB is constantly updated as new routing information is received or existing routes change. This ensures that the route server always has the most current view of the network topology and can make optimal routing decisions.

The Forwarding Information Base (FIB) serves as a forwarding table for what route server has determined are the best-path routes in the RIB after evaluating all available routing information and policies. The FIB routes are installed on the route tables. The FIB is recomputed whenever there are changes to the RIB.

", + "locationName":"routeStatus" + }, + "Prefix":{ + "shape":"String", + "documentation":"

The destination CIDR block of the route.

", + "locationName":"prefix" + }, + "AsPaths":{ + "shape":"AsPath", + "documentation":"

The AS path attributes of the BGP route.

", + "locationName":"asPathSet" + }, + "Med":{ + "shape":"Integer", + "documentation":"

The Multi-Exit Discriminator (MED) value of the BGP route.

", + "locationName":"med" + }, + "NextHopIp":{ + "shape":"String", + "documentation":"

The IP address for the next hop.

", + "locationName":"nextHopIp" + } + }, + "documentation":"

Describes a route in the route server's routing database.

" + }, + "RouteServerRouteInstallationDetail":{ + "type":"structure", + "members":{ + "RouteTableId":{ + "shape":"RouteTableId", + "documentation":"

The ID of the route table where the route is being installed.

", + "locationName":"routeTableId" + }, + "RouteInstallationStatus":{ + "shape":"RouteServerRouteInstallationStatus", + "documentation":"

The current installation status of the route in the route table.

", + "locationName":"routeInstallationStatus" + }, + "RouteInstallationStatusReason":{ + "shape":"String", + "documentation":"

The reason for the current installation status of the route.

", + "locationName":"routeInstallationStatusReason" + } + }, + "documentation":"

Describes the installation status of a route in a route table.

" + }, + "RouteServerRouteInstallationDetails":{ + "type":"list", + "member":{ + "shape":"RouteServerRouteInstallationDetail", + "locationName":"item" + } + }, + "RouteServerRouteInstallationStatus":{ + "type":"string", + "enum":[ + "installed", + "rejected" + ] + }, + "RouteServerRouteList":{ + "type":"list", + "member":{ + "shape":"RouteServerRoute", + "locationName":"item" + } + }, + "RouteServerRouteStatus":{ + "type":"string", + "enum":[ + "in-rib", + "in-fib" + ] + }, + "RouteServerState":{ + "type":"string", + "enum":[ + "pending", + "available", + "modifying", + "deleting", + "deleted" + ] + }, + "RouteServersList":{ + "type":"list", + "member":{ + "shape":"RouteServer", + "locationName":"item" + } + }, "RouteState":{ "type":"string", "enum":[ "active", - "blackhole" + "blackhole", + "filtered" ] }, "RouteTable":{ @@ -55161,6 +61592,11 @@ "documentation":"

The ID of the internet gateway or virtual private gateway.

", "locationName":"gatewayId" }, + "PublicIpv4Pool":{ + "shape":"String", + "documentation":"

The ID of a public IPv4 pool. A public IPv4 pool is a pool of IPv4 addresses that you've brought to Amazon Web Services with BYOIP.

", + "locationName":"publicIpv4Pool" + }, "AssociationState":{ "shape":"RouteTableAssociationState", "documentation":"

The state of the association.

", @@ -55324,7 +61760,7 @@ }, "InstanceType":{ "shape":"InstanceType", - "documentation":"

The instance type. For more information, see Amazon EC2 instance types in the Amazon EC2 User Guide.

" + "documentation":"

The instance type. For more information, see Amazon EC2 Instance Types Guide.

" }, "Ipv6AddressCount":{ "shape":"Integer", @@ -55341,7 +61777,7 @@ }, "KeyName":{ "shape":"KeyPairName", - "documentation":"

The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair.

If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

" + "documentation":"

The name of the key pair. For more information, see Create a key pair for your EC2 instance.

If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

" }, "MaxCount":{ "shape":"Integer", @@ -55365,7 +61801,7 @@ }, "SecurityGroupIds":{ "shape":"SecurityGroupIdStringList", - "documentation":"

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.

", + "documentation":"

The IDs of the security groups.

If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.

", "locationName":"SecurityGroupId" }, "SecurityGroups":{ @@ -55379,15 +61815,21 @@ }, "UserData":{ "shape":"RunInstancesUserData", - "documentation":"

The user data to make available to the instance. User data must be base64-encoded. Depending on the tool or SDK that you're using, the base64-encoding might be performed for you. For more information, see Work with instance user data.

" + "documentation":"

The user data to make available to the instance. User data must be base64-encoded. Depending on the tool or SDK that you're using, the base64-encoding might be performed for you. For more information, see Run commands at launch using instance user data.

" }, "ElasticGpuSpecification":{ "shape":"ElasticGpuSpecifications", - "documentation":"

An elastic GPU to associate with the instance.

Amazon Elastic Graphics reached end of life on January 8, 2024.

" + "documentation":"

An elastic GPU to associate with the instance.

Amazon Elastic Graphics reached end of life on January 8, 2024.

", + "deprecated":true, + "deprecatedMessage":"Specifying Elastic Graphics accelerators is no longer supported on the RunInstances API.", + "deprecatedSince":"2024-01-08" }, "ElasticInferenceAccelerators":{ "shape":"ElasticInferenceAccelerators", "documentation":"

An elastic inference accelerator to associate with the instance.

Amazon Elastic Inference is no longer available.

", + "deprecated":true, + "deprecatedMessage":"Specifying Elastic Inference accelerators is no longer supported on the RunInstances API.", + "deprecatedSince":"2024-01-08", "locationName":"ElasticInferenceAccelerator" }, "TagSpecifications":{ @@ -55426,11 +61868,11 @@ }, "MetadataOptions":{ "shape":"InstanceMetadataOptionsRequest", - "documentation":"

The metadata options for the instance. For more information, see Instance metadata and user data.

" + "documentation":"

The metadata options for the instance. For more information, see Configure the Instance Metadata Service options.

" }, "EnclaveOptions":{ "shape":"EnclaveOptionsRequest", - "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

" + "documentation":"

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see Amazon Web Services Nitro Enclaves User Guide.

You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

" }, "PrivateDnsNameOptions":{ "shape":"PrivateDnsNameOptionsRequest", @@ -55442,7 +61884,7 @@ }, "DisableApiStop":{ "shape":"Boolean", - "documentation":"

Indicates whether an instance is enabled for stop protection. For more information, see Stop protection.

" + "documentation":"

Indicates whether an instance is enabled for stop protection. For more information, see Enable stop protection for your EC2 instances.

" }, "EnablePrimaryIpv6":{ "shape":"Boolean", @@ -55463,7 +61905,7 @@ }, "DisableApiTermination":{ "shape":"Boolean", - "documentation":"

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

", + "documentation":"

Indicates whether termination protection is enabled for the instance. The default is false, which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.

", "locationName":"disableApiTermination" }, "InstanceInitiatedShutdownBehavior":{ @@ -55478,7 +61920,7 @@ }, "ClientToken":{ "shape":"String", - "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring Idempotency.

Constraints: Maximum 64 ASCII characters

", + "documentation":"

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

For more information, see Ensuring idempotency in Amazon EC2 API requests.

Constraints: Maximum 64 ASCII characters

", "idempotencyToken":true, "locationName":"clientToken" }, @@ -55617,6 +62059,10 @@ "none" ] }, + "Schedule":{ + "type":"string", + "enum":["hourly"] + }, "ScheduledInstance":{ "type":"structure", "members":{ @@ -56409,7 +62855,7 @@ }, "TransitGatewayId":{ "shape":"String", - "documentation":"

This parameter is in preview and may not be available for your account.

The ID of the transit gateway (if applicable).

", + "documentation":"

The ID of the transit gateway (if applicable).

", "locationName":"transitGatewayId" } }, @@ -56577,7 +63023,7 @@ "documentation":"

The description of the security group rule.

" } }, - "documentation":"

Describes a security group rule.

You must specify exactly one of the following parameters, based on the rule type:

  • CidrIpv4

  • CidrIpv6

  • PrefixListId

  • ReferencedGroupId

When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.

" + "documentation":"

Describes a security group rule.

You must specify exactly one of the following parameters, based on the rule type:

  • CidrIpv4

  • CidrIpv6

  • PrefixListId

  • ReferencedGroupId

Amazon Web Services canonicalizes IPv4 and IPv6 CIDRs. For example, if you specify 100.68.0.18/18 for the CIDR block, Amazon Web Services canonicalizes the CIDR block to 100.68.0.0/18. Any subsequent DescribeSecurityGroups and DescribeSecurityGroupRules calls will return the canonicalized form of the CIDR block. Additionally, if you attempt to add another rule with the non-canonical form of the CIDR (such as 100.68.0.18/18) and there is already a rule for the canonicalized form of the CIDR block (such as 100.68.0.0/18), the API throws an duplicate rule error.

When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.

" }, "SecurityGroupRuleUpdate":{ "type":"structure", @@ -56635,6 +63081,11 @@ "shape":"String", "documentation":"

The association's state reason.

", "locationName":"stateReason" + }, + "GroupOwnerId":{ + "shape":"String", + "documentation":"

The Amazon Web Services account ID of the owner of the security group.

", + "locationName":"groupOwnerId" } }, "documentation":"

A security group association with a VPC that you made with AssociateSecurityGroupVpc.

" @@ -56678,6 +63129,10 @@ } } }, + "SensitiveMacCredentials":{ + "type":"string", + "sensitive":true + }, "SensitiveUrl":{ "type":"string", "sensitive":true @@ -56709,9 +63164,14 @@ "documentation":"

The service state.

", "locationName":"serviceState" }, + "AvailabilityZoneIds":{ + "shape":"ValueStringList", + "documentation":"

The IDs of the Availability Zones in which the service is available.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

", + "locationName":"availabilityZoneIdSet" + }, "AvailabilityZones":{ "shape":"ValueStringList", - "documentation":"

The Availability Zones in which the service is available.

", + "documentation":"

The Availability Zones in which the service is available.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

", "locationName":"availabilityZoneSet" }, "AcceptanceRequired":{ @@ -56814,9 +63274,14 @@ "documentation":"

The Region where the service is hosted.

", "locationName":"serviceRegion" }, + "AvailabilityZoneIds":{ + "shape":"ValueStringList", + "documentation":"

The IDs of the Availability Zones in which the service is available.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

", + "locationName":"availabilityZoneIdSet" + }, "AvailabilityZones":{ "shape":"ValueStringList", - "documentation":"

The Availability Zones in which the service is available.

", + "documentation":"

The Availability Zones in which the service is available.

Either AvailabilityZone or AvailabilityZoneId can be specified, but not both

", "locationName":"availabilityZoneSet" }, "Owner":{ @@ -56884,6 +63349,109 @@ "locationName":"item" } }, + "ServiceLinkMaxResults":{ + "type":"integer", + "max":1000, + "min":5 + }, + "ServiceLinkVirtualInterface":{ + "type":"structure", + "members":{ + "ServiceLinkVirtualInterfaceId":{ + "shape":"ServiceLinkVirtualInterfaceId", + "documentation":"

The ID of the service link virtual interface.

", + "locationName":"serviceLinkVirtualInterfaceId" + }, + "ServiceLinkVirtualInterfaceArn":{ + "shape":"ResourceArn", + "documentation":"

The Amazon Resource Number (ARN) for the service link virtual interface.

", + "locationName":"serviceLinkVirtualInterfaceArn" + }, + "OutpostId":{ + "shape":"String", + "documentation":"

The Outpost ID for the service link virtual interface.

", + "locationName":"outpostId" + }, + "OutpostArn":{ + "shape":"String", + "documentation":"

The Outpost Amazon Resource Number (ARN) for the service link virtual interface.

", + "locationName":"outpostArn" + }, + "OwnerId":{ + "shape":"String", + "documentation":"

The ID of the Amazon Web Services account that owns the service link virtual interface..

", + "locationName":"ownerId" + }, + "LocalAddress":{ + "shape":"String", + "documentation":"

The IPv4 address assigned to the local gateway virtual interface on the Outpost side.

", + "locationName":"localAddress" + }, + "PeerAddress":{ + "shape":"String", + "documentation":"

The IPv4 peer address for the service link virtual interface.

", + "locationName":"peerAddress" + }, + "PeerBgpAsn":{ + "shape":"Long", + "documentation":"

The ASN for the Border Gateway Protocol (BGP) associated with the service link virtual interface.

", + "locationName":"peerBgpAsn" + }, + "Vlan":{ + "shape":"Integer", + "documentation":"

The virtual local area network for the service link virtual interface.

", + "locationName":"vlan" + }, + "OutpostLagId":{ + "shape":"OutpostLagId", + "documentation":"

The link aggregation group (LAG) ID for the service link virtual interface.

", + "locationName":"outpostLagId" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

The tags associated with the service link virtual interface.

", + "locationName":"tagSet" + }, + "ConfigurationState":{ + "shape":"ServiceLinkVirtualInterfaceConfigurationState", + "documentation":"

The current state of the service link virtual interface.

", + "locationName":"configurationState" + } + }, + "documentation":"

Describes the service link virtual interfaces that establish connectivity between Amazon Web Services Outpost and on-premises networks.

" + }, + "ServiceLinkVirtualInterfaceConfigurationState":{ + "type":"string", + "enum":[ + "pending", + "available", + "deleting", + "deleted" + ] + }, + "ServiceLinkVirtualInterfaceId":{"type":"string"}, + "ServiceLinkVirtualInterfaceIdSet":{ + "type":"list", + "member":{ + "shape":"ServiceLinkVirtualInterfaceId", + "locationName":"item" + } + }, + "ServiceLinkVirtualInterfaceSet":{ + "type":"list", + "member":{ + "shape":"ServiceLinkVirtualInterface", + "locationName":"item" + } + }, + "ServiceManaged":{ + "type":"string", + "enum":[ + "alb", + "nlb", + "rnat" + ] + }, "ServiceNetworkArn":{"type":"string"}, "ServiceState":{ "type":"string", @@ -57013,6 +63581,11 @@ "documentation":"

The time stamp when the snapshot was completed.

", "locationName":"completionTime" }, + "FullSnapshotSizeInBytes":{ + "shape":"Long", + "documentation":"

The full size of the snapshot, in bytes.

This is not the incremental size of the snapshot. This is the full snapshot size and represents the size of all the blocks that were written to the source volume at the time the snapshot was created.

", + "locationName":"fullSnapshotSizeInBytes" + }, "SnapshotId":{ "shape":"String", "documentation":"

The ID of the snapshot. Each snapshot receives a unique identifier when it is created.

", @@ -57020,7 +63593,7 @@ }, "VolumeId":{ "shape":"String", - "documentation":"

The ID of the volume that was used to create the snapshot. Snapshots created by the CopySnapshot action have an arbitrary volume ID that should not be used for any purpose.

", + "documentation":"

The ID of the volume that was used to create the snapshot. Snapshots created by a copy snapshot operation have an arbitrary volume ID that you should not use for any purpose.

", "locationName":"volumeId" }, "State":{ @@ -57285,7 +63858,7 @@ }, "RecycleBinEnterTime":{ "shape":"MillisecondDateTime", - "documentation":"

The date and time when the snaphsot entered the Recycle Bin.

", + "documentation":"

The date and time when the snapshot entered the Recycle Bin.

", "locationName":"recycleBinEnterTime" }, "RecycleBinExitTime":{ @@ -57313,6 +63886,16 @@ "locationName":"item" } }, + "SnapshotReturnCodes":{ + "type":"string", + "enum":[ + "success", + "skipped", + "missing-permissions", + "internal-error", + "client-error" + ] + }, "SnapshotSet":{ "type":"list", "member":{ @@ -57893,9 +64476,14 @@ }, "LaunchedAvailabilityZone":{ "shape":"String", - "documentation":"

The Availability Zone in which the request is launched.

", + "documentation":"

The Availability Zone in which the request is launched.

Either launchedAvailabilityZone or launchedAvailabilityZoneId can be specified, but not both

", "locationName":"launchedAvailabilityZone" }, + "LaunchedAvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone in which the request is launched.

Either launchedAvailabilityZone or launchedAvailabilityZoneId can be specified, but not both

", + "locationName":"launchedAvailabilityZoneId" + }, "ProductDescription":{ "shape":"RIProductDescription", "documentation":"

The product description associated with the Spot Instance.

", @@ -58035,7 +64623,7 @@ "members":{ "MaxPrice":{ "shape":"String", - "documentation":"

The maximum hourly price that you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.

" + "documentation":"

The maximum hourly price that you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.

If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.

If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an InvalidParameterValue error message.

" }, "SpotInstanceType":{ "shape":"SpotInstanceType", @@ -58207,6 +64795,11 @@ "documentation":"

The Availability Zone.

", "locationName":"availabilityZone" }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" + }, "InstanceType":{ "shape":"InstanceType", "documentation":"

The instance type.

", @@ -58459,6 +65052,11 @@ "documentation":"

The Amazon Resource Names (ARN) of the resources that the path must traverse.

", "locationName":"FilterInArn" }, + "FilterOutArns":{ + "shape":"ArnList", + "documentation":"

The Amazon Resource Names (ARN) of the resources that the path will ignore.

", + "locationName":"FilterOutArn" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" @@ -58582,7 +65180,11 @@ }, "Hibernate":{ "shape":"Boolean", - "documentation":"

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

" + "documentation":"

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your Amazon EC2 instance in the Amazon EC2 User Guide.

Default: false

" + }, + "SkipOsShutdown":{ + "shape":"Boolean", + "documentation":"

Specifies whether to bypass the graceful OS shutdown process when the instance is stopped.

Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts.

Default: false

" }, "DryRun":{ "shape":"Boolean", @@ -58591,7 +65193,7 @@ }, "Force":{ "shape":"Boolean", - "documentation":"

Forces the instances to stop. The instances do not have an opportunity to flush file system caches or file system metadata. If you use this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances.

Default: false

", + "documentation":"

Forces the instance to stop. The instance will first attempt a graceful shutdown, which includes flushing file system caches and metadata. If the graceful shutdown fails to complete within the timeout period, the instance shuts down forcibly without flushing the file system caches and metadata.

After using this option, you must perform file system check and repair procedures. This option is not recommended for Windows instances. For more information, see Troubleshoot Amazon EC2 instance stop issues in the Amazon EC2 User Guide.

Default: false

", "locationName":"force" } } @@ -58771,6 +65373,11 @@ "documentation":"

The state of VPC Block Public Access (BPA).

", "locationName":"blockPublicAccessStates" }, + "Type":{ + "shape":"String", + "documentation":"

Indicates if this is a subnet used with Amazon Elastic VMware Service (EVS). Possible values are Elastic VMware Service or no value. For more information about Amazon EVS, see Amazon Elastic VMware Service API Reference .

", + "locationName":"type" + }, "SubnetId":{ "shape":"String", "documentation":"

The ID of the subnet.

", @@ -58778,7 +65385,7 @@ }, "State":{ "shape":"SubnetState", - "documentation":"

The current state of the subnet.

", + "documentation":"

The current state of the subnet.

  • failed: The underlying infrastructure to support the subnet failed to provision as expected.

  • failed-insufficient-capacity: The underlying infrastructure to support the subnet failed to provision due to a shortage of EC2 instance capacity.

", "locationName":"state" }, "VpcId":{ @@ -58947,6 +65554,13 @@ } }, "SubnetId":{"type":"string"}, + "SubnetIdList":{ + "type":"list", + "member":{ + "shape":"SubnetId", + "locationName":"AssociatedSubnetId" + } + }, "SubnetIdStringList":{ "type":"list", "member":{ @@ -59027,7 +65641,9 @@ "enum":[ "pending", "available", - "unavailable" + "unavailable", + "failed", + "failed-insufficient-capacity" ] }, "Subscription":{ @@ -59536,6 +66152,14 @@ "documentation":"

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

", "locationName":"InstanceId" }, + "Force":{ + "shape":"Boolean", + "documentation":"

Forces the instances to terminate. The instance will first attempt a graceful shutdown, which includes flushing file system caches and metadata. If the graceful shutdown fails to complete within the timeout period, the instance shuts down forcibly without flushing the file system caches and metadata.

" + }, + "SkipOsShutdown":{ + "shape":"Boolean", + "documentation":"

Specifies whether to bypass the graceful OS shutdown process when the instance is terminated.

Default: false

" + }, "DryRun":{ "shape":"Boolean", "documentation":"

Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -59660,6 +66284,14 @@ "egress" ] }, + "TrafficIpAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6", + "dual-stack" + ] + }, "TrafficMirrorFilter":{ "type":"structure", "members":{ @@ -60272,7 +66904,8 @@ "direct-connect-gateway", "connect", "peering", - "tgw-peering" + "tgw-peering", + "network-function" ] }, "TransitGatewayAttachmentState":{ @@ -60836,7 +67469,7 @@ }, "DefaultRouteTableAssociation":{ "shape":"DefaultRouteTableAssociationValue", - "documentation":"

Indicates whether resource attachments are automatically associated with the default association route table.

", + "documentation":"

Indicates whether resource attachments are automatically associated with the default association route table. Enabled by default. Either defaultRouteTableAssociation or defaultRouteTablePropagation must be set to enable for Amazon Web Services Transit Gateway to create the default transit gateway route table.

", "locationName":"defaultRouteTableAssociation" }, "AssociationDefaultRouteTableId":{ @@ -60846,7 +67479,7 @@ }, "DefaultRouteTablePropagation":{ "shape":"DefaultRouteTablePropagationValue", - "documentation":"

Indicates whether resource attachments automatically propagate routes to the default propagation route table.

", + "documentation":"

Indicates whether resource attachments automatically propagate routes to the default propagation route table. Enabled by default. If defaultRouteTablePropagation is set to enable, Amazon Web Services Transit Gateway creates the default transit gateway route table.

", "locationName":"defaultRouteTablePropagation" }, "PropagationDefaultRouteTableId":{ @@ -61970,7 +68603,7 @@ }, "UnassignedIpv6Prefixes":{ "shape":"IpPrefixList", - "documentation":"

The IPv4 prefixes that have been unassigned from the network interface.

", + "documentation":"

The IPv6 prefixes that have been unassigned from the network interface.

", "locationName":"unassignedIpv6PrefixSet" } } @@ -62191,6 +68824,40 @@ "locationName":"item" } }, + "UpdateCapacityManagerOrganizationsAccessRequest":{ + "type":"structure", + "required":["OrganizationsAccess"], + "members":{ + "OrganizationsAccess":{ + "shape":"BoxedBoolean", + "documentation":"

Specifies whether to enable or disable cross-account access for Amazon Web Services Organizations. When enabled, Capacity Manager aggregates data from all accounts in your organization.

" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

" + }, + "ClientToken":{ + "shape":"String", + "documentation":"

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", + "idempotencyToken":true + } + } + }, + "UpdateCapacityManagerOrganizationsAccessResult":{ + "type":"structure", + "members":{ + "CapacityManagerStatus":{ + "shape":"CapacityManagerStatus", + "documentation":"

The current status of Capacity Manager after the update operation.

", + "locationName":"capacityManagerStatus" + }, + "OrganizationsAccess":{ + "shape":"Boolean", + "documentation":"

The updated Organizations access setting indicating whether cross-account data aggregation is enabled.

", + "locationName":"organizationsAccess" + } + } + }, "UpdateSecurityGroupRuleDescriptionsEgressRequest":{ "type":"structure", "members":{ @@ -62382,6 +69049,13 @@ "locationName":"item" } }, + "UserIdList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + } + }, "UserIdStringList":{ "type":"list", "member":{ @@ -63569,11 +70243,21 @@ "Volume":{ "type":"structure", "members":{ + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone for the volume.

", + "locationName":"availabilityZoneId" + }, "OutpostArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the Outpost.

", "locationName":"outpostArn" }, + "SourceVolumeId":{ + "shape":"String", + "documentation":"

The ID of the source volume from which the volume copy was created. Only for volume copies.

", + "locationName":"sourceVolumeId" + }, "Iops":{ "shape":"Integer", "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

", @@ -63614,6 +70298,11 @@ "documentation":"

The service provider that manages the volume.

", "locationName":"operator" }, + "VolumeInitializationRate":{ + "shape":"Integer", + "documentation":"

The Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate) specified for the volume during creation, in MiB/s. If no volume initialization rate was specified, the value is null.

", + "locationName":"volumeInitializationRate" + }, "VolumeId":{ "shape":"String", "documentation":"

The ID of the volume.

", @@ -63672,12 +70361,12 @@ }, "AssociatedResource":{ "shape":"String", - "documentation":"

The ARN of the Amazon ECS or Fargate task to which the volume is attached.

", + "documentation":"

The ARN of the Amazon Web Services-managed resource to which the volume is attached.

", "locationName":"associatedResource" }, "InstanceOwningService":{ "shape":"String", - "documentation":"

The service principal of Amazon Web Services service that owns the underlying instance to which the volume is attached.

This parameter is returned only for volumes that are attached to Fargate tasks.

", + "documentation":"

The service principal of the Amazon Web Services service that owns the underlying resource to which the volume is attached.

This parameter is returned only for volumes that are attached to Amazon Web Services-managed resources.

", "locationName":"instanceOwningService" }, "VolumeId":{ @@ -63687,12 +70376,12 @@ }, "InstanceId":{ "shape":"String", - "documentation":"

The ID of the instance.

If the volume is attached to a Fargate task, this parameter returns null.

", + "documentation":"

The ID of the instance.

If the volume is attached to an Amazon Web Services-managed resource, this parameter returns null.

", "locationName":"instanceId" }, "Device":{ "shape":"String", - "documentation":"

The device name.

If the volume is attached to a Fargate task, this parameter returns null.

", + "documentation":"

The device name.

If the volume is attached to an Amazon Web Services-managed resource, this parameter returns null.

", "locationName":"device" }, "State":{ @@ -63934,7 +70623,7 @@ "members":{ "Name":{ "shape":"VolumeStatusName", - "documentation":"

The name of the volume status.

", + "documentation":"

The name of the volume status.

", "locationName":"name" }, "Status":{ @@ -64016,7 +70705,8 @@ "enum":[ "ok", "impaired", - "insufficient-data" + "insufficient-data", + "warning" ] }, "VolumeStatusItem":{ @@ -64056,6 +70746,16 @@ "shape":"VolumeStatusAttachmentStatusList", "documentation":"

Information about the instances to which the volume is attached.

", "locationName":"attachmentStatuses" + }, + "InitializationStatusDetails":{ + "shape":"InitializationStatusDetails", + "documentation":"

Information about the volume initialization. It can take up to 5 minutes for the volume initialization information to be updated.

Only available for volumes created from snapshots. Not available for empty volumes created without a snapshot.

For more information, see Initialize Amazon EBS volumes.

", + "locationName":"initializationStatusDetails" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

The ID of the Availability Zone.

", + "locationName":"availabilityZoneId" } }, "documentation":"

Describes the volume status.

" @@ -64071,7 +70771,8 @@ "type":"string", "enum":[ "io-enabled", - "io-performance" + "io-performance", + "initialization-state" ] }, "VolumeType":{ @@ -64114,6 +70815,10 @@ "documentation":"

Indicates whether the VPC is the default VPC.

", "locationName":"isDefault" }, + "EncryptionControl":{ + "shape":"VpcEncryptionControl", + "locationName":"encryptionControl" + }, "Tags":{ "shape":"TagList", "documentation":"

Any tags assigned to the VPC.

", @@ -64411,6 +71116,120 @@ "locationName":"item" } }, + "VpcEncryptionControl":{ + "type":"structure", + "members":{ + "VpcId":{ + "shape":"VpcId", + "locationName":"vpcId" + }, + "VpcEncryptionControlId":{ + "shape":"VpcEncryptionControlId", + "locationName":"vpcEncryptionControlId" + }, + "Mode":{ + "shape":"VpcEncryptionControlMode", + "locationName":"mode" + }, + "State":{ + "shape":"VpcEncryptionControlState", + "locationName":"state" + }, + "StateMessage":{ + "shape":"String", + "locationName":"stateMessage" + }, + "ResourceExclusions":{ + "shape":"VpcEncryptionControlExclusions", + "locationName":"resourceExclusions" + }, + "Tags":{ + "shape":"TagList", + "locationName":"tagSet" + } + } + }, + "VpcEncryptionControlExclusion":{ + "type":"structure", + "members":{ + "State":{ + "shape":"VpcEncryptionControlExclusionState", + "locationName":"state" + }, + "StateMessage":{ + "shape":"String", + "locationName":"stateMessage" + } + } + }, + "VpcEncryptionControlExclusionState":{ + "type":"string", + "enum":[ + "enabling", + "enabled", + "disabling", + "disabled" + ] + }, + "VpcEncryptionControlExclusions":{ + "type":"structure", + "members":{ + "InternetGateway":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"internetGateway" + }, + "EgressOnlyInternetGateway":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"egressOnlyInternetGateway" + }, + "NatGateway":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"natGateway" + }, + "VirtualPrivateGateway":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"virtualPrivateGateway" + }, + "VpcPeering":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"vpcPeering" + }, + "Lambda":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"lambda" + }, + "VpcLattice":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"vpcLattice" + }, + "ElasticFileSystem":{ + "shape":"VpcEncryptionControlExclusion", + "locationName":"elasticFileSystem" + } + } + }, + "VpcEncryptionControlId":{"type":"string"}, + "VpcEncryptionControlMode":{ + "type":"string", + "enum":[ + "monitor", + "enforce" + ] + }, + "VpcEncryptionControlState":{ + "type":"string", + "enum":[ + "enforce-in-progress", + "monitor-in-progress", + "enforce-failed", + "monitor-failed", + "deleting", + "deleted", + "available", + "creating", + "delete-failed" + ] + }, "VpcEndpoint":{ "type":"structure", "members":{ @@ -65009,6 +71828,11 @@ "documentation":"

Information about the VPN tunnel.

", "locationName":"vgwTelemetry" }, + "PreSharedKeyArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the Secrets Manager secret storing the pre-shared key(s) for the VPN connection.

", + "locationName":"preSharedKeyArn" + }, "VpnConnectionId":{ "shape":"String", "documentation":"

The ID of the VPN connection.

", @@ -65130,7 +71954,7 @@ }, "OutsideIpAddressType":{ "shape":"String", - "documentation":"

The type of IPv4 address assigned to the outside interface of the customer gateway.

Valid values: PrivateIpv4 | PublicIpv4

Default: PublicIpv4

", + "documentation":"

The type of IPv4 address assigned to the outside interface of the customer gateway.

Valid values: PrivateIpv4 | PublicIpv4 | Ipv6

Default: PublicIpv4

", "locationName":"outsideIpAddressType" }, "TransportTransitGatewayAttachmentId":{ @@ -65147,6 +71971,11 @@ "shape":"TunnelOptionsList", "documentation":"

Indicates the VPN tunnel options.

", "locationName":"tunnelOptionSet" + }, + "TunnelBandwidth":{ + "shape":"VpnTunnelBandwidth", + "documentation":"

The configured bandwidth for the VPN tunnel. Represents the current throughput capacity setting for the tunnel connection. standard tunnel bandwidth supports up to 1.25 Gbps per tunnel while large supports up to 5 Gbps per tunnel. If no tunnel bandwidth was specified for the connection, standard is used as the default value.

", + "locationName":"tunnelBandwidth" } }, "documentation":"

Describes VPN connection options.

" @@ -65184,12 +72013,16 @@ }, "OutsideIpAddressType":{ "shape":"String", - "documentation":"

The type of IPv4 address assigned to the outside interface of the customer gateway device.

Valid values: PrivateIpv4 | PublicIpv4

Default: PublicIpv4

" + "documentation":"

The type of IP address assigned to the outside interface of the customer gateway device.

Valid values: PrivateIpv4 | PublicIpv4 | Ipv6

Default: PublicIpv4

" }, "TransportTransitGatewayAttachmentId":{ "shape":"TransitGatewayAttachmentId", "documentation":"

The transit gateway attachment ID to use for the VPN tunnel.

Required if OutsideIpAddressType is set to PrivateIpv4.

" }, + "TunnelBandwidth":{ + "shape":"VpnTunnelBandwidth", + "documentation":"

The desired bandwidth specification for the VPN tunnel, used when creating or modifying VPN connection options to set the tunnel's throughput capacity. standard supports up to 1.25 Gbps per tunnel, while large supports up to 5 Gbps per tunnel. The default value is standard. Existing VPN connections without a bandwidth setting will automatically default to standard.

" + }, "StaticRoutesOnly":{ "shape":"Boolean", "documentation":"

Indicate whether the VPN connection uses static routes only. If you are creating a VPN connection for a device that does not support BGP, you must specify true. Use CreateVpnConnectionRoute to create a static route.

Default: false

", @@ -65306,6 +72139,13 @@ "type":"string", "enum":["Static"] }, + "VpnTunnelBandwidth":{ + "type":"string", + "enum":[ + "standard", + "large" + ] + }, "VpnTunnelLogOptions":{ "type":"structure", "members":{ @@ -65424,6 +72264,14 @@ "type":"list", "member":{"shape":"VpnTunnelOptionsSpecification"} }, + "VpnTunnelProvisioningStatus":{ + "type":"string", + "enum":[ + "available", + "pending", + "failed" + ] + }, "WeekDay":{ "type":"string", "enum":[ diff -pruN 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/waiters-2.json 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/waiters-2.json --- 2.23.6-1/awscli/botocore/data/ec2/2016-11-15/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2/2016-11-15/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -177,6 +177,25 @@ } ] }, + "ImageUsageReportAvailable": { + "operation": "DescribeImageUsageReports", + "maxAttempts": 40, + "delay": 15, + "acceptors": [ + { + "state": "success", + "matcher": "pathAll", + "argument": "ImageUsageReports[].State", + "expected": "available" + }, + { + "state": "failure", + "matcher": "pathAny", + "argument": "ImageUsageReports[].State", + "expected": "failed" + } + ] + }, "InstanceRunning": { "delay": 15, "operation": "DescribeInstances", @@ -458,6 +477,62 @@ } ] }, + "SecurityGroupVpcAssociationAssociated": { + "delay": 10, + "maxAttempts": 7, + "operation": "DescribeSecurityGroupVpcAssociations", + "acceptors": [ + { + "expected": "associated", + "matcher": "pathAll", + "state": "success", + "argument": "SecurityGroupVpcAssociations[].State" + }, + { + "expected": "associating", + "matcher": "pathAny", + "state": "retry", + "argument": "SecurityGroupVpcAssociations[].State" + }, + { + "expected": "association-failed", + "matcher": "pathAny", + "state": "failure", + "argument": "SecurityGroupVpcAssociations[].State" + } + ] + }, + "SecurityGroupVpcAssociationDisassociated": { + "delay": 10, + "maxAttempts": 7, + "operation": "DescribeSecurityGroupVpcAssociations", + "acceptors": [ + { + "expected": "disassociated", + "matcher": "pathAll", + "state": "success", + "argument": "SecurityGroupVpcAssociations[].State" + }, + { + "expected": "disassociating", + "matcher": "pathAny", + "state": "retry", + "argument": "SecurityGroupVpcAssociations[].State" + }, + { + "expected": "disassociation-failed", + "matcher": "pathAny", + "state": "failure", + "argument": "SecurityGroupVpcAssociations[].State" + }, + { + "expected": true, + "matcher": "path", + "state": "success", + "argument": "length(SecurityGroupVpcAssociations[]) == `0`" + } + ] + }, "SpotInstanceRequestFulfilled": { "operation": "DescribeSpotInstanceRequests", "maxAttempts": 40, diff -pruN 2.23.6-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/service-2.json 2.31.35-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/service-2.json --- 2.23.6-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ec2-instance-connect/2018-04-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"ec2-instance-connect", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"EC2 Instance Connect", "serviceFullName":"AWS EC2 Instance Connect", "serviceId":"EC2 Instance Connect", "signatureVersion":"v4", "targetPrefix":"AWSEC2InstanceConnectService", - "uid":"ec2-instance-connect-2018-04-02" + "uid":"ec2-instance-connect-2018-04-02", + "auth":["aws.auth#sigv4"] }, "operations":{ "SendSSHPublicKey":{ diff -pruN 2.23.6-1/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -167,6 +167,56 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://api.ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", @@ -321,6 +371,81 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-cn", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.api.amazonwebservices.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://api.ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", diff -pruN 2.23.6-1/awscli/botocore/data/ecr/2015-09-21/service-2.json 2.31.35-1/awscli/botocore/data/ecr/2015-09-21/service-2.json --- 2.23.6-1/awscli/botocore/data/ecr/2015-09-21/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecr/2015-09-21/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -304,7 +304,7 @@ {"shape":"RepositoryNotFoundException"}, {"shape":"ImageNotFoundException"} ], - "documentation":"

Returns metadata about the images in a repository.

Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.

" + "documentation":"

Returns metadata about the images in a repository.

Starting with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size. Therefore, Docker might return a larger image than the image shown in the Amazon Web Services Management Console.

The new version of Amazon ECR Basic Scanning doesn't use the ImageDetail$imageScanFindingsSummary and ImageDetail$imageScanStatus attributes from the API response to return scan results. Use the DescribeImageScanFindings API instead. For more information about Amazon Web Services native basic scanning, see Scan images for software vulnerabilities in Amazon ECR.

" }, "DescribePullThroughCacheRules":{ "name":"DescribePullThroughCacheRules", @@ -703,7 +703,7 @@ {"shape":"ImageNotFoundException"}, {"shape":"ValidationException"} ], - "documentation":"

Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide.

" + "documentation":"

Starts a basic image vulnerability scan.

A basic image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. You can start up to 100,000 basic scans per 24 hours. This limit includes both scans on initial push and scans initiated by the StartImageScan API. For more information, see Basic scanning in the Amazon Elastic Container Registry User Guide.

" }, "StartLifecyclePolicyPreview":{ "name":"StartLifecyclePolicyPreview", @@ -918,6 +918,14 @@ "shape":"Date", "documentation":"

The date and time the Amazon ECR container image was pushed.

" }, + "lastInUseAt":{ + "shape":"Date", + "documentation":"

The most recent date and time a cluster was running the image.

" + }, + "inUseCount":{ + "shape":"InUseCount", + "documentation":"

The number of Amazon ECS or Amazon EKS clusters currently running the image.

" + }, "registry":{ "shape":"RegistryId", "documentation":"

The registry the Amazon ECR container image belongs to.

" @@ -1131,11 +1139,11 @@ "members":{ "ecrRepositoryPrefix":{ "shape":"PullThroughCacheRuleRepositoryPrefix", - "documentation":"

The repository name prefix to use when caching images from the source registry.

" + "documentation":"

The repository name prefix to use when caching images from the source registry.

There is always an assumed / applied to the end of the prefix. If you specify ecr-public as the prefix, Amazon ECR treats that as ecr-public/.

" }, "upstreamRegistryUrl":{ "shape":"Url", - "documentation":"

The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.

  • Amazon ECR Public (ecr-public) - public.ecr.aws

  • Docker Hub (docker-hub) - registry-1.docker.io

  • Quay (quay) - quay.io

  • Kubernetes (k8s) - registry.k8s.io

  • GitHub Container Registry (github-container-registry) - ghcr.io

  • Microsoft Azure Container Registry (azure-container-registry) - <custom>.azurecr.io

" + "documentation":"

The registry URL of the upstream public registry to use as the source for the pull through cache rule. The following is the syntax to use for each supported upstream registry.

  • Amazon ECR (ecr) – <accountId>.dkr.ecr.<region>.amazonaws.com

  • Amazon ECR Public (ecr-public) – public.ecr.aws

  • Docker Hub (docker-hub) – registry-1.docker.io

  • GitHub Container Registry (github-container-registry) – ghcr.io

  • GitLab Container Registry (gitlab-container-registry) – registry.gitlab.com

  • Kubernetes (k8s) – registry.k8s.io

  • Microsoft Azure Container Registry (azure-container-registry) – <custom>.azurecr.io

  • Quay (quay) – quay.io

" }, "registryId":{ "shape":"RegistryId", @@ -1148,6 +1156,14 @@ "credentialArn":{ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

" + }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The repository name prefix of the upstream registry to match with the upstream repository name. When this field isn't specified, Amazon ECR will use the ROOT.

" } } }, @@ -1177,6 +1193,14 @@ "credentialArn":{ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

" + }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

The ARN of the IAM role associated with the pull through cache rule.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The upstream repository prefix associated with the pull through cache rule.

" } } }, @@ -1207,6 +1231,10 @@ "shape":"ImageTagMutability", "documentation":"

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Creates a repository creation template with a list of filters that define which image tags can override the default image tag mutability setting.

" + }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", "documentation":"

The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

" @@ -1258,6 +1286,10 @@ "shape":"ImageTagMutability", "documentation":"

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Creates a repository with a list of filters that define which image tags can override the default image tag mutability setting.

" + }, "imageScanningConfiguration":{ "shape":"ImageScanningConfiguration", "documentation":"

The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.

" @@ -1430,13 +1462,20 @@ "credentialArn":{ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

" + }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

The ARN of the IAM role associated with the pull through cache rule.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The upstream repository prefix associated with the pull through cache rule.

" } } }, "DeleteRegistryPolicyRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRegistryPolicyResponse":{ "type":"structure", @@ -1705,8 +1744,7 @@ }, "DescribeRegistryRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeRegistryResponse":{ "type":"structure", @@ -1989,7 +2027,7 @@ "members":{ "authorizationData":{ "shape":"AuthorizationDataList", - "documentation":"

A list of authorization token data objects that correspond to the registryIds values in the request.

" + "documentation":"

A list of authorization token data objects that correspond to the registryIds values in the request.

The size of the authorization token returned by Amazon ECR is not fixed. We recommend that you don't make assumptions about the maximum size.

" } } }, @@ -2049,7 +2087,7 @@ }, "maxResults":{ "shape":"LifecyclePreviewMaxResults", - "documentation":"

The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a single page along with a nextToken
 response element. The remaining results of the initial request can be seen by sending
 another GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value. This value can be between 1 and 1000. If this
 parameter is not used, then GetLifecyclePolicyPreviewRequest returns up to
 100 results and a nextToken value, if
 applicable. This option cannot be used when you specify images with imageIds.

" + "documentation":"

The maximum number of repository results returned by GetLifecyclePolicyPreviewRequest in
 paginated output. When this parameter is used, GetLifecyclePolicyPreviewRequest only returns
 maxResults results in a single page along with a nextToken
 response element. The remaining results of the initial request can be seen by sending
 another GetLifecyclePolicyPreviewRequest request with the returned nextToken
 value. This value can be between 1 and 100. If this
 parameter is not used, then GetLifecyclePolicyPreviewRequest returns up to
100 results and a nextToken value, if
 applicable. This option cannot be used when you specify images with imageIds.

" }, "filter":{ "shape":"LifecyclePolicyPreviewFilter", @@ -2127,8 +2165,7 @@ }, "GetRegistryPolicyRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetRegistryPolicyResponse":{ "type":"structure", @@ -2145,8 +2182,7 @@ }, "GetRegistryScanningConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetRegistryScanningConfigurationResponse":{ "type":"structure", @@ -2258,7 +2294,7 @@ }, "imageSizeInBytes":{ "shape":"ImageSizeInBytes", - "documentation":"

The size, in bytes, of the image in the repository.

If the image is a manifest list, this will be the max size of all manifests in the list.

Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.

" + "documentation":"

The size, in bytes, of the image in the repository.

If the image is a manifest list, this will be the max size of all manifests in the list.

Starting with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size. Therefore, Docker might return a larger image than the image shown in the Amazon Web Services Management Console.

" }, "imagePushedAt":{ "shape":"PushTimestamp", @@ -2521,13 +2557,53 @@ "type":"string", "enum":[ "MUTABLE", - "IMMUTABLE" + "IMMUTABLE", + "IMMUTABLE_WITH_EXCLUSION", + "MUTABLE_WITH_EXCLUSION" ] }, + "ImageTagMutabilityExclusionFilter":{ + "type":"structure", + "required":[ + "filterType", + "filter" + ], + "members":{ + "filterType":{ + "shape":"ImageTagMutabilityExclusionFilterType", + "documentation":"

Specifies the type of filter to use for excluding image tags from the repository's mutability setting.

" + }, + "filter":{ + "shape":"ImageTagMutabilityExclusionFilterValue", + "documentation":"

The value to use when filtering image tags. Must be either a regular expression pattern or a tag prefix value based on the specified filter type.

" + } + }, + "documentation":"

Overrides the default image tag mutability setting of the repository for image tags that match the specified filters.

" + }, + "ImageTagMutabilityExclusionFilterType":{ + "type":"string", + "enum":["WILDCARD"] + }, + "ImageTagMutabilityExclusionFilterValue":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[0-9a-zA-Z._*-]{1,128}$" + }, + "ImageTagMutabilityExclusionFilters":{ + "type":"list", + "member":{"shape":"ImageTagMutabilityExclusionFilter"}, + "max":5, + "min":1 + }, "ImageTagsList":{ "type":"list", "member":{"shape":"ImageTag"} }, + "InUseCount":{ + "type":"long", + "min":0 + }, "InitiateLayerUploadRequest":{ "type":"structure", "required":["repositoryName"], @@ -3052,6 +3128,14 @@ "shape":"CredentialArn", "documentation":"

The ARN of the Secrets Manager secret associated with the pull through cache rule.

" }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

The ARN of the IAM role associated with the pull through cache rule.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The upstream repository prefix associated with the pull through cache rule.

" + }, "upstreamRegistry":{ "shape":"UpstreamRegistry", "documentation":"

The name of the upstream source registry associated with the pull through cache rule.

" @@ -3087,7 +3171,7 @@ "type":"string", "max":30, "min":2, - "pattern":"(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*" + "pattern":"^((?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*/?|ROOT)$" }, "PullThroughCacheRuleRepositoryPrefixList":{ "type":"list", @@ -3224,6 +3308,10 @@ "imageTagMutability":{ "shape":"ImageTagMutability", "documentation":"

The tag mutability setting for the repository. If MUTABLE is specified, image tags can be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" + }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Creates or updates a repository with filters that define which image tags can override the default image tag mutability setting.

" } } }, @@ -3241,6 +3329,10 @@ "imageTagMutability":{ "shape":"ImageTagMutability", "documentation":"

The image tag mutability setting for the repository.

" + }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Returns a list of filters that were defined for a repository. These filters determine which image tags can override the default image tag mutability setting of the repository.

" } } }, @@ -3555,6 +3647,10 @@ "shape":"ImageTagMutability", "documentation":"

The tag mutability setting for the repository.

" }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

The image tag mutability exclusion filters associated with the repository. These filters specify which image tags can override the repository's default image tag mutability setting.

" + }, "imageScanningConfiguration":{"shape":"ImageScanningConfiguration"}, "encryptionConfiguration":{ "shape":"EncryptionConfiguration", @@ -3595,11 +3691,15 @@ }, "imageTagMutability":{ "shape":"ImageTagMutability", - "documentation":"

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" + "documentation":"

The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" + }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Defines the image tag mutability exclusion filters to apply when creating repositories from this template. These filters specify which image tags can override the repository's default image tag mutability setting.

" }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", - "documentation":"

he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

" + "documentation":"

The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

" }, "lifecyclePolicy":{ "shape":"LifecyclePolicyTextForRepositoryCreationTemplate", @@ -3836,7 +3936,8 @@ "ACTIVE", "PENDING", "SCAN_ELIGIBILITY_EXPIRED", - "FINDINGS_UNAVAILABLE" + "FINDINGS_UNAVAILABLE", + "LIMIT_EXCEEDED" ] }, "ScanStatusDescription":{"type":"string"}, @@ -4096,8 +4197,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagStatus":{ "type":"string", @@ -4206,15 +4306,11 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePullThroughCacheRuleRequest":{ "type":"structure", - "required":[ - "ecrRepositoryPrefix", - "credentialArn" - ], + "required":["ecrRepositoryPrefix"], "members":{ "registryId":{ "shape":"RegistryId", @@ -4227,6 +4323,10 @@ "credentialArn":{ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that identifies the credentials to authenticate to the upstream registry.

" + }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

Amazon Resource Name (ARN) of the IAM role to be assumed by Amazon ECR to authenticate to the ECR upstream registry. This role must be in the same account as the registry that you are configuring.

" } } }, @@ -4248,6 +4348,14 @@ "credentialArn":{ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

" + }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

The ARN of the IAM role associated with the pull through cache rule.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The upstream repository prefix associated with the pull through cache rule.

" } } }, @@ -4272,6 +4380,10 @@ "shape":"ImageTagMutability", "documentation":"

Updates the tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.

" }, + "imageTagMutabilityExclusionFilters":{ + "shape":"ImageTagMutabilityExclusionFilters", + "documentation":"

Updates a repository with filters that define which image tags can override the default image tag mutability setting.

" + }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", "documentation":"

Updates the repository policy created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.

" @@ -4379,6 +4491,7 @@ "UpstreamRegistry":{ "type":"string", "enum":[ + "ecr", "ecr-public", "quay", "k8s", @@ -4422,6 +4535,14 @@ "shape":"CredentialArn", "documentation":"

The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret associated with the pull through cache rule.

" }, + "customRoleArn":{ + "shape":"CustomRoleArn", + "documentation":"

The ARN of the IAM role associated with the pull through cache rule.

" + }, + "upstreamRepositoryPrefix":{ + "shape":"PullThroughCacheRuleRepositoryPrefix", + "documentation":"

The upstream repository prefix associated with the pull through cache rule.

" + }, "isValid":{ "shape":"IsPTCRuleValid", "documentation":"

Whether or not the pull through cache rule was validated. If true, Amazon ECR was able to reach the upstream registry and authentication was successful. If false, there was an issue and validation failed. The failure reason indicates the cause.

" diff -pruN 2.23.6-1/awscli/botocore/data/ecr-public/2020-10-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ecr-public/2020-10-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ecr-public/2020-10-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecr-public/2020-10-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -271,6 +271,31 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://ecr-public.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://api.ecr-public.{Region}.{PartitionResult#dualStackDnsSuffix}", diff -pruN 2.23.6-1/awscli/botocore/data/ecr-public/2020-10-30/service-2.json 2.31.35-1/awscli/botocore/data/ecr-public/2020-10-30/service-2.json --- 2.23.6-1/awscli/botocore/data/ecr-public/2020-10-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecr-public/2020-10-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -811,8 +811,7 @@ "ForceFlag":{"type":"boolean"}, "GetAuthorizationTokenRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAuthorizationTokenResponse":{ "type":"structure", @@ -825,8 +824,7 @@ }, "GetRegistryCatalogDataRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetRegistryCatalogDataResponse":{ "type":"structure", @@ -1820,8 +1818,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1863,8 +1860,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UploadId":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/ecs/2014-11-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ecs/2014-11-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ecs/2014-11-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecs/2014-11-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ecs/2014-11-13/service-2.json 2.31.35-1/awscli/botocore/data/ecs/2014-11-13/service-2.json --- 2.23.6-1/awscli/botocore/data/ecs/2014-11-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ecs/2014-11-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,9 +28,11 @@ {"shape":"ClientException"}, {"shape":"InvalidParameterException"}, {"shape":"LimitExceededException"}, - {"shape":"UpdateInProgressException"} + {"shape":"UpdateInProgressException"}, + {"shape":"UnsupportedFeatureException"}, + {"shape":"ClusterNotFoundException"} ], - "documentation":"

Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.

Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on Fargate use the FARGATE and FARGATE_SPOT capacity providers. These providers are available to all accounts in the Amazon Web Services Regions that Fargate supports.

" + "documentation":"

Creates a capacity provider. Capacity providers are associated with a cluster and are used in capacity provider strategies to facilitate cluster auto scaling. You can create capacity providers for Amazon ECS Managed Instances and EC2 instances. Fargate has the predefined FARGATE and FARGATE_SPOT capacity providers.

" }, "CreateCluster":{ "name":"CreateCluster", @@ -67,7 +69,7 @@ {"shape":"AccessDeniedException"}, {"shape":"NamespaceNotFoundException"} ], - "documentation":"

Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the desiredCount, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, use UpdateService.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. volumeConfigurations is only supported for REPLICA service and not DAEMON service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.

There are two service scheduler strategies available:

  • REPLICA - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.

  • DAEMON - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.

You can optionally specify a deployment configuration for your service. The deployment is initiated by changing properties. For example, the deployment might be initiated by the task definition or by your desired count of a service. You can use UpdateService. The default value for a replica service for minimumHealthyPercent is 100%. The default value for a daemon service for minimumHealthyPercent is 0%.

If a service uses the ECS deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment. Specifically, it represents it as a percentage of your desired number of tasks (rounded up to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can deploy without using additional cluster capacity. For example, if you set your service to have desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. If they're in the RUNNING state, tasks for services that don't use a load balancer are considered healthy . If they're in the RUNNING state and reported as healthy by the load balancer, tasks for services that do use a load balancer are considered healthy . The default value for minimum healthy percent is 100%.

If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment. Specifically, it represents it as a percentage of the desired number of tasks (rounded down to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.

If a service uses either the CODE_DEPLOY or EXTERNAL deployment controller types and tasks that use the EC2 launch type, the minimum healthy percent and maximum percent values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the RUNNING state. This is while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used. This is the case even if they're currently visible when describing your service.

When creating a service that uses the EXTERNAL deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the CreateTaskSet. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.

When the service scheduler launches new tasks, it determines task placement. For information about task placement and task placement strategies, see Amazon ECS task placement in the Amazon Elastic Container Service Developer Guide

" + "documentation":"

Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the desiredCount, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, use UpdateService.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. volumeConfigurations is only supported for REPLICA service and not DAEMON service. For more information, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.

There are two service scheduler strategies available:

  • REPLICA - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.

  • DAEMON - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see Amazon ECS services in the Amazon Elastic Container Service Developer Guide.

The deployment controller is the mechanism that determines how tasks are deployed for your service. The valid options are:

  • ECS

    When you create a service which uses the ECS deployment controller, you can choose between the following deployment strategies (which you can set in the “strategy” field in “deploymentConfiguration”): :

    • ROLLING: When you create a service which uses the rolling update (ROLLING) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration. For more information, see Deploy Amazon ECS services by replacing tasks in the Amazon Elastic Container Service Developer Guide.

      Rolling update deployments are best suited for the following scenarios:

      • Gradual service updates: You need to update your service incrementally without taking the entire service offline at once.

      • Limited resource requirements: You want to avoid the additional resource costs of running two complete environments simultaneously (as required by blue/green deployments).

      • Acceptable deployment time: Your application can tolerate a longer deployment process, as rolling updates replace tasks one by one.

      • No need for instant roll back: Your service can tolerate a rollback process that takes minutes rather than seconds.

      • Simple deployment process: You prefer a straightforward deployment approach without the complexity of managing multiple environments, target groups, and listeners.

      • No load balancer requirement: Your service doesn't use or require a load balancer, Application Load Balancer, Network Load Balancer, or Service Connect (which are required for blue/green deployments).

      • Stateful applications: Your application maintains state that makes it difficult to run two parallel environments.

      • Cost sensitivity: You want to minimize deployment costs by not running duplicate environments during deployment.

      Rolling updates are the default deployment strategy for services and provide a balance between deployment safety and resource efficiency for many common application scenarios.

    • BLUE_GREEN: A blue/green deployment strategy (BLUE_GREEN) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed. For more information, see Amazon ECS blue/green deployments in the Amazon Elastic Container Service Developer Guide.

      Amazon ECS blue/green deployments are best suited for the following scenarios:

      • Service validation: When you need to validate new service revisions before directing production traffic to them

      • Zero downtime: When your service requires zero-downtime deployments

      • Instant roll back: When you need the ability to quickly roll back if issues are detected

      • Load balancer requirement: When your service uses Application Load Balancer, Network Load Balancer, or Service Connect

    • LINEAR: A linear deployment strategy (LINEAR) gradually shifts traffic from the current production environment to a new environment in equal percentage increments. With Amazon ECS linear deployments, you can control the pace of traffic shifting and validate new service revisions with increasing amounts of production traffic.

      Linear deployments are best suited for the following scenarios:

      • Gradual validation: When you want to gradually validate your new service version with increasing traffic

      • Performance monitoring: When you need time to monitor metrics and performance during the deployment

      • Risk minimization: When you want to minimize risk by exposing the new version to production traffic incrementally

      • Load balancer requirement: When your service uses Application Load Balancer or Service Connect

    • CANARY: A canary deployment strategy (CANARY) shifts a small percentage of traffic to the new service revision first, then shifts the remaining traffic all at once after a specified time period. This allows you to test the new version with a subset of users before full deployment.

      Canary deployments are best suited for the following scenarios:

      • Feature testing: When you want to test new features with a small subset of users before full rollout

      • Production validation: When you need to validate performance and functionality with real production traffic

      • Blast radius control: When you want to minimize blast radius if issues are discovered in the new version

      • Load balancer requirement: When your service uses Application Load Balancer or Service Connect

  • External

    Use a third-party deployment controller.

  • Blue/green deployment (powered by CodeDeploy)

    CodeDeploy installs an updated version of the application as a new replacement task set and reroutes production traffic from the original application task set to the replacement task set. The original task set is terminated after a successful deployment. Use this deployment controller to verify a new deployment of a service before sending production traffic to it.

When creating a service that uses the EXTERNAL deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the CreateTaskSet. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.

When the service scheduler launches new tasks, it determines task placement. For information about task placement and task placement strategies, see Amazon ECS task placement in the Amazon Elastic Container Service Developer Guide

" }, "CreateTaskSet":{ "name":"CreateTaskSet", @@ -133,7 +135,9 @@ "errors":[ {"shape":"ServerException"}, {"shape":"ClientException"}, - {"shape":"InvalidParameterException"} + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedFeatureException"}, + {"shape":"ClusterNotFoundException"} ], "documentation":"

Deletes the specified capacity provider.

The FARGATE and FARGATE_SPOT capacity providers are reserved and can't be deleted. You can disassociate them from a cluster using either PutClusterCapacityProviders or by deleting the cluster.

Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The UpdateService API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the forceNewDeployment option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that aren't associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use PutClusterCapacityProviders or delete the cluster.

" }, @@ -150,6 +154,7 @@ {"shape":"ClientException"}, {"shape":"InvalidParameterException"}, {"shape":"ClusterNotFoundException"}, + {"shape":"ClusterContainsCapacityProviderException"}, {"shape":"ClusterContainsContainerInstancesException"}, {"shape":"ClusterContainsServicesException"}, {"shape":"ClusterContainsTasksException"}, @@ -253,7 +258,9 @@ "errors":[ {"shape":"ServerException"}, {"shape":"ClientException"}, - {"shape":"InvalidParameterException"} + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedFeatureException"}, + {"shape":"ClusterNotFoundException"} ], "documentation":"

Describes one or more of your capacity providers.

" }, @@ -305,7 +312,7 @@ {"shape":"ServiceNotFoundException"}, {"shape":"UnsupportedFeatureException"} ], - "documentation":"

Describes one or more of your service deployments.

A service deployment happens when you release a software update for the service. For more information, see Amazon ECS service deployments.

" + "documentation":"

Describes one or more of your service deployments.

A service deployment happens when you release a software update for the service. For more information, see View service history using Amazon ECS service deployments.

" }, "DescribeServiceRevisions":{ "name":"DescribeServiceRevisions", @@ -679,7 +686,7 @@ {"shape":"ResourceInUseException"}, {"shape":"UpdateInProgressException"} ], - "documentation":"

Modifies the available capacity providers and the default capacity provider strategy for a cluster.

You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a PutClusterCapacityProviders API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.

When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array ([]) to bypass defining a default strategy.

" + "documentation":"

Modifies the available capacity providers and the default capacity provider strategy for a cluster.

You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a PutClusterCapacityProviders API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.

When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array ([]) to bypass defining a default strategy.

Amazon ECS Managed Instances doesn't support this, because when you create a capacity provider with Amazon ECS Managed Instances, it becomes available only within the specified cluster.

" }, "RegisterContainerInstance":{ "name":"RegisterContainerInstance", @@ -731,7 +738,7 @@ {"shape":"BlockedException"}, {"shape":"ConflictException"} ], - "documentation":"

Starts a new task using the specified task definition.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.

Alternatively, you can use StartTask to use your own scheduler or place tasks manually on specific container instances.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.

To manage eventual consistency, you can do the following:

  • Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.

  • Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.

" + "documentation":"

Starts a new task using the specified task definition.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.

Alternatively, you can use StartTask to use your own scheduler or place tasks manually on specific container instances.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. For more information, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.

To manage eventual consistency, you can do the following:

  • Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.

  • Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.

If you get a ConflictException error, the RunTask request could not be processed due to conflicts. The provided clientToken is already in use with a different RunTask request. The resourceIds are the existing task ARNs which are already associated with the clientToken.

To fix this issue:

  • Run RunTask with a unique clientToken.

  • Run RunTask with the clientToken and the original set of parameters

If you get a ClientExceptionerror, the RunTask could not be processed because you use managed scaling and there is a capacity error because the quota of tasks in the PROVISIONING per cluster has been reached. For information about the service quotas, see Amazon ECS service quotas.

" }, "StartTask":{ "name":"StartTask", @@ -748,7 +755,26 @@ {"shape":"ClusterNotFoundException"}, {"shape":"UnsupportedFeatureException"} ], - "documentation":"

Starts a new task from the specified task definition on the specified container instance or instances.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

Alternatively, you can useRunTask to place tasks for you. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

Starts a new task from the specified task definition on the specified container instance or instances.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

Amazon Elastic Inference (EI) is no longer available to customers.

Alternatively, you can useRunTask to place tasks for you. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or updating a service. For more information, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

" + }, + "StopServiceDeployment":{ + "name":"StopServiceDeployment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopServiceDeploymentRequest"}, + "output":{"shape":"StopServiceDeploymentResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ClientException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ServerException"}, + {"shape":"ServiceDeploymentNotFoundException"}, + {"shape":"UnsupportedFeatureException"} + ], + "documentation":"

Stops an ongoing service deployment.

The following stop types are avaiable:

  • ROLLBACK - This option rolls back the service deployment to the previous service revision.

    You can use this option even if you didn't configure the service deployment for the rollback option.

For more information, see Stopping Amazon ECS service deployments in the Amazon Elastic Container Service Developer Guide.

" }, "StopTask":{ "name":"StopTask", @@ -858,9 +884,11 @@ "errors":[ {"shape":"ServerException"}, {"shape":"ClientException"}, - {"shape":"InvalidParameterException"} + {"shape":"InvalidParameterException"}, + {"shape":"UnsupportedFeatureException"}, + {"shape":"ClusterNotFoundException"} ], - "documentation":"

Modifies the parameters for a capacity provider.

" + "documentation":"

Modifies the parameters for a capacity provider.

These changes only apply to new Amazon ECS Managed Instances, or EC2 instances, not existing ones.

" }, "UpdateCluster":{ "name":"UpdateCluster", @@ -951,7 +979,7 @@ {"shape":"NamespaceNotFoundException"}, {"shape":"UnsupportedFeatureException"} ], - "documentation":"

Modifies the parameters of a service.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

For services using the rolling update (ECS) you can update the desired count, deployment configuration, network configuration, load balancers, service registries, enable ECS managed tags option, propagate tags option, task placement constraints and strategies, and task definition. When you update any of these parameters, Amazon ECS starts new tasks with the new configuration.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or running a task, or when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide. You can update your volume configurations and trigger a new deployment. volumeConfigurations is only supported for REPLICA service and not DAEMON service. If you leave volumeConfigurations null, it doesn't trigger a new deployment. For more infomation on volumes, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

For services using the blue/green (CODE_DEPLOY) deployment controller, only the desired count, deployment configuration, health check grace period, task placement constraints and strategies, enable ECS managed tags option, and propagate tags can be updated using this API. If the network configuration, platform version, task definition, or load balancer need to be updated, create a new CodeDeploy deployment. For more information, see CreateDeployment in the CodeDeploy API Reference.

For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, health check grace period, enable ECS managed tags option, and propagate tags option, using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, create a new task set For more information, see CreateTaskSet.

You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new desiredCount parameter.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or running a task, or when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

If you have updated the container image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.

If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, my_image:latest), you don't need to create a new revision of your task definition. You can update the service using the forceNewDeployment option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.

You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, minimumHealthyPercent and maximumPercent, to determine the deployment strategy.

  • If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during a deployment. For example, if desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.

  • The maximumPercent parameter represents an upper limit on the number of running tasks during a deployment. You can use it to define the deployment batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).

When UpdateService stops a task during a deployment, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM and a 30-second timeout. After this, SIGKILL is sent and the containers are forcibly stopped. If the container handles the SIGTERM gracefully and exits within 30 seconds from receiving it, no SIGKILL is sent.

When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic.

  • Determine which of the container instances in your cluster can support your service's task definition. For example, they have the required CPU, memory, ports, and container instance attributes.

  • By default, the service scheduler attempts to balance tasks across Availability Zones in this manner even though you can choose a different placement strategy.

    • Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.

    • Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.

When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic:

  • Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.

  • Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.

You must have a service-linked role when you update any of the following service properties:

  • loadBalancers,

  • serviceRegistries

For more information about the role see the CreateService request parameter role .

" + "documentation":"

Modifies the parameters of a service.

On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.

For services using the rolling update (ECS) you can update the desired count, deployment configuration, network configuration, load balancers, service registries, enable ECS managed tags option, propagate tags option, task placement constraints and strategies, and task definition. When you update any of these parameters, Amazon ECS starts new tasks with the new configuration.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or running a task, or when creating or updating a service. For more information, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide. You can update your volume configurations and trigger a new deployment. volumeConfigurations is only supported for REPLICA service and not DAEMON service. If you leave volumeConfigurations null, it doesn't trigger a new deployment. For more information on volumes, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

For services using the blue/green (CODE_DEPLOY) deployment controller, only the desired count, deployment configuration, health check grace period, task placement constraints and strategies, enable ECS managed tags option, and propagate tags can be updated using this API. If the network configuration, platform version, task definition, or load balancer need to be updated, create a new CodeDeploy deployment. For more information, see CreateDeployment in the CodeDeploy API Reference.

For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, health check grace period, enable ECS managed tags option, and propagate tags option, using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, create a new task set For more information, see CreateTaskSet.

You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new desiredCount parameter.

You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or running a task, or when creating or updating a service. For more information, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.

If you have updated the container image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.

If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, my_image:latest), you don't need to create a new revision of your task definition. You can update the service using the forceNewDeployment option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.

You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, minimumHealthyPercent and maximumPercent, to determine the deployment strategy.

  • If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during a deployment. For example, if desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.

  • The maximumPercent parameter represents an upper limit on the number of running tasks during a deployment. You can use it to define the deployment batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).

When UpdateService stops a task during a deployment, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM and a 30-second timeout. After this, SIGKILL is sent and the containers are forcibly stopped. If the container handles the SIGTERM gracefully and exits within 30 seconds from receiving it, no SIGKILL is sent.

When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic.

  • Determine which of the container instances in your cluster can support your service's task definition. For example, they have the required CPU, memory, ports, and container instance attributes.

  • By default, the service scheduler attempts to balance tasks across Availability Zones in this manner even though you can choose a different placement strategy.

    • Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.

    • Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.

When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic:

  • Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.

  • Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.

" }, "UpdateServicePrimaryTaskSet":{ "name":"UpdateServicePrimaryTaskSet", @@ -1016,13 +1044,109 @@ } }, "shapes":{ - "AccessDeniedException":{ + "AcceleratorCountRequest":{ + "type":"structure", + "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum number of accelerators. Instance types with fewer accelerators are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum number of accelerators. Instance types with more accelerators are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum number of accelerators (such as GPUs) for instance type selection. This is used for workloads that require specific numbers of accelerators.

" + }, + "AcceleratorManufacturer":{ + "type":"string", + "enum":[ + "amazon-web-services", + "amd", + "nvidia", + "xilinx", + "habana" + ] + }, + "AcceleratorManufacturerSet":{ + "type":"list", + "member":{"shape":"AcceleratorManufacturer"} + }, + "AcceleratorName":{ + "type":"string", + "enum":[ + "a100", + "inferentia", + "k520", + "k80", + "m60", + "radeon-pro-v520", + "t4", + "vu9p", + "v100", + "a10g", + "h100", + "t4g" + ] + }, + "AcceleratorNameSet":{ + "type":"list", + "member":{"shape":"AcceleratorName"} + }, + "AcceleratorTotalMemoryMiBRequest":{ "type":"structure", "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum total accelerator memory in MiB. Instance types with less accelerator memory are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum total accelerator memory in MiB. Instance types with more accelerator memory are excluded from selection.

" + } }, + "documentation":"

The minimum and maximum total accelerator memory in mebibytes (MiB) for instance type selection. This is important for GPU workloads that require specific amounts of video memory.

" + }, + "AcceleratorType":{ + "type":"string", + "enum":[ + "gpu", + "fpga", + "inference" + ] + }, + "AcceleratorTypeSet":{ + "type":"list", + "member":{"shape":"AcceleratorType"} + }, + "AccessDeniedException":{ + "type":"structure", + "members":{}, "documentation":"

You don't have authorization to perform the requested action.

", "exception":true }, + "AdvancedConfiguration":{ + "type":"structure", + "members":{ + "alternateTargetGroupArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the alternate target group for Amazon ECS blue/green deployments.

" + }, + "productionListenerRule":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) that that identifies the production listener rule (in the case of an Application Load Balancer) or listener (in the case for an Network Load Balancer) for routing production traffic.

" + }, + "testListenerRule":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) that identifies ) that identifies the test listener rule (in the case of an Application Load Balancer) or listener (in the case for an Network Load Balancer) for routing test traffic.

" + }, + "roleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that grants Amazon ECS permission to call the Elastic Load Balancing APIs for you.

" + } + }, + "documentation":"

The advanced settings for a load balancer used in blue/green deployments. Specify the alternate target group, listener rules, and IAM role required for traffic shifting during blue/green deployments. For more information, see Required resources for Amazon ECS blue/green deployments in the Amazon Elastic Container Service Developer Guide.

" + }, "AgentUpdateStatus":{ "type":"string", "enum":[ @@ -1034,6 +1158,17 @@ "FAILED" ] }, + "AllowedInstanceType":{ + "type":"string", + "max":30, + "min":1, + "pattern":"[a-zA-Z0-9\\.\\*\\-]+" + }, + "AllowedInstanceTypeSet":{ + "type":"list", + "member":{"shape":"AllowedInstanceType"}, + "max":400 + }, "ApplicationProtocol":{ "type":"string", "enum":[ @@ -1126,8 +1261,7 @@ }, "AttributeLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You can apply up to 10 custom attributes for each resource. You can view the attributes of a resource with ListAttributes. You can remove existing attributes on a resource with DeleteAttributes.

", "exception":true }, @@ -1197,15 +1331,36 @@ }, "assignPublicIp":{ "shape":"AssignPublicIp", - "documentation":"

Whether the task's elastic network interface receives a public IP address. The default value is ENABLED.

" + "documentation":"

Whether the task's elastic network interface receives a public IP address.

Consider the following when you set this value:

  • When you use create-service or update-service, the default is DISABLED.

  • When the service deploymentController is ECS, the value must be DISABLED.

" } }, "documentation":"

An object representing the networking details for a task or service. For example awsVpcConfiguration={subnets=[\"subnet-12344321\"],securityGroups=[\"sg-12344321\"]}.

" }, - "BlockedException":{ + "BareMetal":{ + "type":"string", + "enum":[ + "included", + "required", + "excluded" + ] + }, + "BaselineEbsBandwidthMbpsRequest":{ "type":"structure", "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum baseline Amazon EBS bandwidth in Mbps. Instance types with lower Amazon EBS bandwidth are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum baseline Amazon EBS bandwidth in Mbps. Instance types with higher Amazon EBS bandwidth are excluded from selection.

" + } }, + "documentation":"

The minimum and maximum baseline Amazon EBS bandwidth in megabits per second (Mbps) for instance type selection. This is important for workloads with high storage I/O requirements.

" + }, + "BlockedException":{ + "type":"structure", + "members":{}, "documentation":"

Your Amazon Web Services account was blocked. For more information, contact Amazon Web Services Support.

", "exception":true }, @@ -1214,10 +1369,22 @@ "type":"boolean", "box":true }, + "BoxedDouble":{ + "type":"double", + "box":true + }, "BoxedInteger":{ "type":"integer", "box":true }, + "BurstablePerformance":{ + "type":"string", + "enum":[ + "included", + "required", + "excluded" + ] + }, "CPUArchitecture":{ "type":"string", "enum":[ @@ -1225,6 +1392,22 @@ "ARM64" ] }, + "CanaryConfiguration":{ + "type":"structure", + "members":{ + "canaryPercent":{ + "shape":"Double", + "documentation":"

The percentage of production traffic to shift to the new service revision during the canary phase. Valid values are multiples of 0.1 from 0.1 to 100.0. The default value is 5.0.

", + "box":true + }, + "canaryBakeTimeInMinutes":{ + "shape":"Integer", + "documentation":"

The amount of time in minutes to wait during the canary phase before shifting the remaining production traffic to the new service revision. Valid values are 0 to 1440 minutes (24 hours). The default value is 10.

", + "box":true + } + }, + "documentation":"

Configuration for a canary deployment strategy that shifts a fixed percentage of traffic to the new service revision, waits for a specified bake time, then shifts the remaining traffic.

This is only valid when you run CreateService or UpdateService with deploymentController set to ECS and a deploymentConfiguration with a strategy set to CANARY.

" + }, "CapacityProvider":{ "type":"structure", "members":{ @@ -1236,6 +1419,10 @@ "shape":"String", "documentation":"

The name of the capacity provider.

" }, + "cluster":{ + "shape":"String", + "documentation":"

The cluster that this capacity provider is associated with. Managed instances capacity providers are cluster-scoped, meaning they can only be used within their associated cluster.

This is required for Managed instances.

" + }, "status":{ "shape":"CapacityProviderStatus", "documentation":"

The current status of the capacity provider. Only capacity providers in an ACTIVE state can be used in a cluster. When a capacity provider is successfully deleted, it has an INACTIVE status.

" @@ -1244,6 +1431,10 @@ "shape":"AutoScalingGroupProvider", "documentation":"

The Auto Scaling group settings for the capacity provider.

" }, + "managedInstancesProvider":{ + "shape":"ManagedInstancesProvider", + "documentation":"

The configuration for the Amazon ECS Managed Instances provider. This includes the infrastructure role, the launch template configuration, and tag propagation settings.

" + }, "updateStatus":{ "shape":"CapacityProviderUpdateStatus", "documentation":"

The update status of the capacity provider. The following are the possible states that is returned.

DELETE_IN_PROGRESS

The capacity provider is in the process of being deleted.

DELETE_COMPLETE

The capacity provider was successfully deleted and has an INACTIVE status.

DELETE_FAILED

The capacity provider can't be deleted. The update status reason provides further details about why the delete failed.

" @@ -1255,6 +1446,10 @@ "tags":{ "shape":"Tags", "documentation":"

The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource - 50

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • Maximum key length - 128 Unicode characters in UTF-8

  • Maximum value length - 256 Unicode characters in UTF-8

  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

  • Tag keys and values are case-sensitive.

  • Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

" + }, + "type":{ + "shape":"CapacityProviderType", + "documentation":"

The type of capacity provider. For Amazon ECS Managed Instances, this value is MANAGED_INSTANCES, indicating that Amazon ECS manages the underlying Amazon EC2 instances on your behalf.

" } }, "documentation":"

The details for a capacity provider.

" @@ -1270,7 +1465,9 @@ "CapacityProviderStatus":{ "type":"string", "enum":[ + "PROVISIONING", "ACTIVE", + "DEPROVISIONING", "INACTIVE" ] }, @@ -1288,11 +1485,11 @@ }, "weight":{ "shape":"CapacityProviderStrategyItemWeight", - "documentation":"

The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.

If no weight value is specified, the default value of 0 is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0 can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0, any RunTask or CreateService actions using the capacity provider strategy will fail.

An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of 1, then when the base is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of 1 for capacityProviderA and a weight of 4 for capacityProviderB, then for every one task that's run using capacityProviderA, four tasks would use capacityProviderB.

" + "documentation":"

The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied.

If no weight value is specified, the default value of 0 is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of 0 can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of 0, any RunTask or CreateService actions using the capacity provider strategy will fail.

Weight value characteristics:

  • Weight is considered after the base value is satisfied

  • The default value is 0 if not specified

  • The valid range is 0 to 1,000

  • At least one capacity provider must have a weight greater than zero

  • Capacity providers with weight of 0 cannot place tasks

Task distribution logic:

  1. Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider

  2. Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios

Examples:

Equal Distribution: Two capacity providers both with weight 1 will split tasks evenly after base requirements are met.

Weighted Distribution: If capacityProviderA has weight 1 and capacityProviderB has weight 4, then for every 1 task on A, 4 tasks will run on B.

" }, "base":{ "shape":"CapacityProviderStrategyItemBase", - "documentation":"

The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used.

" + "documentation":"

The base value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used.

Base value characteristics:

  • Only one capacity provider in a strategy can have a base defined

  • The default value is 0 if not specified

  • The valid range is 0 to 100,000

  • Base requirements are satisfied first before weight distribution

" } }, "documentation":"

The details of a capacity provider strategy. A capacity provider strategy can be set when using the RunTaskor CreateCluster APIs or as the default capacity provider strategy for a cluster with the CreateCluster API.

Only capacity providers that are already associated with a cluster and have an ACTIVE or UPDATING status can be used in a capacity provider strategy. The PutClusterCapacityProviders API is used to associate a capacity provider with a cluster.

If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the CreateClusterCapacityProvider API operation.

To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy.

With FARGATE_SPOT, you can run interruption tolerant tasks at a rate that's discounted compared to the FARGATE price. FARGATE_SPOT runs tasks on spare compute capacity. When Amazon Web Services needs the capacity back, your tasks are interrupted with a two-minute warning. FARGATE_SPOT supports Linux tasks with the X86_64 architecture on platform version 1.3.0 or later. FARGATE_SPOT supports Linux tasks with the ARM64 architecture on platform version 1.4.0 or later.

A capacity provider strategy can contain a maximum of 20 capacity providers.

" @@ -1307,9 +1504,21 @@ "max":1000, "min":0 }, + "CapacityProviderType":{ + "type":"string", + "enum":[ + "EC2_AUTOSCALING", + "MANAGED_INSTANCES", + "FARGATE", + "FARGATE_SPOT" + ] + }, "CapacityProviderUpdateStatus":{ "type":"string", "enum":[ + "CREATE_IN_PROGRESS", + "CREATE_COMPLETE", + "CREATE_FAILED", "DELETE_IN_PROGRESS", "DELETE_COMPLETE", "DELETE_FAILED", @@ -1330,7 +1539,7 @@ "documentation":"

Message that describes the cause of the exception.

" } }, - "documentation":"

These errors are usually caused by a client action. This client action might be using an action or resource on behalf of a user that doesn't have permissions to use the action or resource. Or, it might be specifying an identifier that isn't valid.

The following list includes additional causes for the error:

  • The RunTask could not be processed because you use managed scaling and there is a capacity error because the quota of tasks in the PROVISIONING per cluster has been reached. For information about the service quotas, see Amazon ECS service quotas.

", + "documentation":"

These errors are usually caused by a client action. This client action might be using an action or resource on behalf of a user that doesn't have permissions to use the action or resource. Or, it might be specifying an identifier that isn't valid.

", "exception":true }, "Cluster":{ @@ -1346,7 +1555,7 @@ }, "configuration":{ "shape":"ClusterConfiguration", - "documentation":"

The execute command configuration for the cluster.

" + "documentation":"

The execute command and managed storage configuration for the cluster.

" }, "status":{ "shape":"String", @@ -1366,7 +1575,7 @@ }, "activeServicesCount":{ "shape":"Integer", - "documentation":"

The number of services that are running on the cluster in an ACTIVE state. You can view these services with PListServices.

" + "documentation":"

The number of services that are running on the cluster in an ACTIVE state. You can view these services with ListServices.

" }, "statistics":{ "shape":"Statistics", @@ -1417,24 +1626,27 @@ }, "documentation":"

The execute command and managed storage configuration for the cluster.

" }, + "ClusterContainsCapacityProviderException":{ + "type":"structure", + "members":{}, + "documentation":"

The cluster contains one or more capacity providers that prevent the requested operation. This exception occurs when you try to delete a cluster that still has active capacity providers, including Amazon ECS Managed Instances capacity providers. You must first delete all capacity providers from the cluster before you can delete the cluster itself.

", + "exception":true + }, "ClusterContainsContainerInstancesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You can't delete a cluster that has registered container instances. First, deregister the container instances before you can delete the cluster. For more information, see DeregisterContainerInstance.

", "exception":true }, "ClusterContainsServicesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You can't delete a cluster that contains services. First, update the service to reduce its desired task count to 0, and then delete the service. For more information, see UpdateService and DeleteService.

", "exception":true }, "ClusterContainsTasksException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You can't delete a cluster that has active tasks.

", "exception":true }, @@ -1454,8 +1666,7 @@ }, "ClusterNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified cluster wasn't found. You can view your available clusters with ListClusters. Amazon ECS clusters are Region specific.

", "exception":true }, @@ -1475,7 +1686,7 @@ "members":{ "namespace":{ "shape":"String", - "documentation":"

The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/).

If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this Amazon Web Services Region.

If you enter a new name, a Cloud Map namespace will be created. Amazon ECS creates a Cloud Map namespace with the \"API calls\" method of instance discovery only. This instance discovery method is the \"HTTP\" namespace type in the Command Line Interface. Other types of instance discovery aren't used by Service Connect.

If you update the cluster with an empty string \"\" for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in Cloud Map and must be deleted separately.

For more information about Cloud Map, see Working with Services in the Cloud Map Developer Guide.

" + "documentation":"

The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include greater than (>), less than (<), double quotation marks (\"), or slash (/).

If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this Amazon Web Services Region.

If you enter a new name, a Cloud Map namespace will be created. Amazon ECS creates a Cloud Map namespace with the \"API calls\" method of instance discovery only. This instance discovery method is the \"HTTP\" namespace type in the Command Line Interface. Other types of instance discovery aren't used by Service Connect.

If you update the cluster with an empty string \"\" for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in Cloud Map and must be deleted separately.

For more information about Cloud Map, see Working with Services in the Cloud Map Developer Guide.

" } }, "documentation":"

Use this parameter to set a default Service Connect namespace. After you set a default Service Connect namespace, any new services with Service Connect turned on that are created in the cluster are added as client services in the namespace. This setting only applies to new services that set the enabled parameter to true in the ServiceConnectConfiguration. You can set the namespace of each service individually in the ServiceConnectConfiguration to override this default parameter.

Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

" @@ -1485,7 +1696,7 @@ "members":{ "name":{ "shape":"ClusterSettingName", - "documentation":"

The name of the cluster setting. The value is containerInsights .

" + "documentation":"

The name of the cluster setting. The value is containerInsights.

" }, "value":{ "shape":"String", @@ -1511,7 +1722,8 @@ "enum":[ "EC2", "FARGATE", - "EXTERNAL" + "EXTERNAL", + "MANAGED_INSTANCES" ] }, "CompatibilityList":{ @@ -1526,7 +1738,7 @@ "documentation":"

The existing task ARNs which are already associated with the clientToken.

" } }, - "documentation":"

The RunTask request could not be processed due to conflicts. The provided clientToken is already in use with a different RunTask request. The resourceIds are the existing task ARNs which are already associated with the clientToken.

To fix this issue:

  • Run RunTask with a unique clientToken.

  • Run RunTask with the clientToken and the original set of parameters

", + "documentation":"

The request could not be processed because of conflict in the current state of the resource.

", "exception":true }, "Connectivity":{ @@ -1573,7 +1785,7 @@ }, "reason":{ "shape":"String", - "documentation":"

A short (255 max characters) human-readable string to provide additional details about a running or stopped container.

" + "documentation":"

A short (1024 max characters) human-readable string to provide additional details about a running or stopped container.

" }, "networkBindings":{ "shape":"NetworkBindings", @@ -1628,7 +1840,7 @@ }, "image":{ "shape":"String", - "documentation":"

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker container create command and the IMAGE parameter of docker run.

  • When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.

  • Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest. For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE.

  • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo).

  • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent).

  • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu).

" + "documentation":"

The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . For images using tags (repository-url/image:tag), up to 255 characters total are allowed, including letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs (#). For images using digests (repository-url/image@digest), the 255 character limit applies only to the repository URL and image name (everything before the @ sign). The only supported hash function is sha256, and the hash value after sha256: must be exactly 64 characters (only letters A-F, a-f, and numbers 0-9 are allowed). This parameter maps to Image in the docker container create command and the IMAGE parameter of docker run.

  • When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.

  • Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest. For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE.

  • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo).

  • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent).

  • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu).

" }, "repositoryCredentials":{ "shape":"RepositoryCredentials", @@ -1636,7 +1848,7 @@ }, "cpu":{ "shape":"Integer", - "documentation":"

The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker container create commandand the --cpu-shares option to docker run.

This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

  • Agent versions less than or equal to 1.1.0: Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.

  • Agent versions greater than or equal to 1.2.0: Null, zero, and CPU values of 1 are passed to Docker as 2.

  • Agent versions greater than or equal to 1.84.0: CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.

On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

" + "documentation":"

The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker container create command and the --cpu-shares option to docker run.

This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

  • Agent versions less than or equal to 1.1.0: Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.

  • Agent versions greater than or equal to 1.2.0: Null, zero, and CPU values of 1 are passed to Docker as 2.

  • Agent versions greater than or equal to 1.84.0: CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.

On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

" }, "memory":{ "shape":"BoxedInteger", @@ -1652,7 +1864,7 @@ }, "portMappings":{ "shape":"PortMappingList", - "documentation":"

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

This parameter maps to PortBindings in the the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

" + "documentation":"

The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

This parameter maps to PortBindings in the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

" }, "essential":{ "shape":"BoxedBoolean", @@ -2061,21 +2273,38 @@ "type":"list", "member":{"shape":"Container"} }, + "CpuManufacturer":{ + "type":"string", + "enum":[ + "intel", + "amd", + "amazon-web-services" + ] + }, + "CpuManufacturerSet":{ + "type":"list", + "member":{"shape":"CpuManufacturer"} + }, "CreateCapacityProviderRequest":{ "type":"structure", - "required":[ - "name", - "autoScalingGroupProvider" - ], + "required":["name"], "members":{ "name":{ "shape":"String", "documentation":"

The name of the capacity provider. Up to 255 characters are allowed. They include letters (both upper and lowercase letters), numbers, underscores (_), and hyphens (-). The name can't be prefixed with \"aws\", \"ecs\", or \"fargate\".

" }, + "cluster":{ + "shape":"String", + "documentation":"

The name of the cluster to associate with the capacity provider. When you create a capacity provider with Amazon ECS Managed Instances, it becomes available only within the specified cluster.

" + }, "autoScalingGroupProvider":{ "shape":"AutoScalingGroupProvider", "documentation":"

The details of the Auto Scaling group for the capacity provider.

" }, + "managedInstancesProvider":{ + "shape":"CreateManagedInstancesProviderConfiguration", + "documentation":"

The configuration for the Amazon ECS Managed Instances provider. This configuration specifies how Amazon ECS manages Amazon EC2 instances on your behalf, including the infrastructure role, instance launch template, and tag propagation settings.

" + }, "tags":{ "shape":"Tags", "documentation":"

The metadata that you apply to the capacity provider to categorize and organize them more conveniently. Each tag consists of a key and an optional value. You define both of them.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource - 50

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • Maximum key length - 128 Unicode characters in UTF-8

  • Maximum value length - 256 Unicode characters in UTF-8

  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

  • Tag keys and values are case-sensitive.

  • Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

" @@ -2133,6 +2362,28 @@ } } }, + "CreateManagedInstancesProviderConfiguration":{ + "type":"structure", + "required":[ + "infrastructureRoleArn", + "instanceLaunchTemplate" + ], + "members":{ + "infrastructureRoleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the infrastructure role that Amazon ECS uses to manage instances on your behalf. This role must have permissions to launch, terminate, and manage Amazon EC2 instances, as well as access to other Amazon Web Services services required for Amazon ECS Managed Instances functionality.

For more information, see Amazon ECS infrastructure IAM role in the Amazon ECS Developer Guide.

" + }, + "instanceLaunchTemplate":{ + "shape":"InstanceLaunchTemplate", + "documentation":"

The launch template configuration that specifies how Amazon ECS should launch Amazon EC2 instances. This includes the instance profile, network configuration, storage settings, and instance requirements for attribute-based instance type selection.

For more information, see Store instance launch parameters in Amazon EC2 launch templates in the Amazon EC2 User Guide.

" + }, + "propagateTags":{ + "shape":"PropagateMITags", + "documentation":"

Specifies whether to propagate tags from the capacity provider to the Amazon ECS Managed Instances. When enabled, tags applied to the capacity provider are automatically applied to all instances launched by this provider.

" + } + }, + "documentation":"

The configuration for creating a Amazon ECS Managed Instances provider. This specifies how Amazon ECS should manage Amazon EC2 instances, including the infrastructure role, instance launch template, and whether to propagate tags from the capacity provider to the instances.

" + }, "CreateServiceRequest":{ "type":"structure", "required":["serviceName"], @@ -2151,11 +2402,11 @@ }, "availabilityZoneRebalancing":{ "shape":"AvailabilityZoneRebalancing", - "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide .

The default behavior of AvailabilityZoneRebalancing differs between create and update requests:

  • For create service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults the value to ENABLED.

  • For update service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults to the existing service’s AvailabilityZoneRebalancing value. If the service never had an AvailabilityZoneRebalancing value set, Amazon ECS treats this as DISABLED.

" }, "loadBalancers":{ "shape":"LoadBalancers", - "documentation":"

A load balancer object representing the load balancers to use with your service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.

If the service uses the rolling update (ECS) deployment controller and using either an Application Load Balancer or Network Load Balancer, you must specify one or more target group ARNs to attach to the service. The service-linked role is required for services that use multiple target groups. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.

If the service uses the CODE_DEPLOY deployment controller, the service is required to use either an Application Load Balancer or Network Load Balancer. When creating an CodeDeploy deployment group, you specify two target groups (referred to as a targetGroupPair). During a deployment, CodeDeploy determines which task set in your service has the status PRIMARY, and it associates one target group with it. Then, it also associates the other target group with the replacement task set. The load balancer can also have up to two listeners: a required listener for production traffic and an optional listener that you can use to perform validation tests with Lambda functions before routing production traffic to it.

If you use the CODE_DEPLOY deployment controller, these values can be changed when updating the service.

For Application Load Balancers and Network Load Balancers, this object must contain the load balancer target group ARN, the container name, and the container port to access from the load balancer. The container name must be as it appears in a container definition. The load balancer name parameter must be omitted. When a task from this service is placed on a container instance, the container instance and port combination is registered as a target in the target group that's specified here.

For Classic Load Balancers, this object must contain the load balancer name, the container name , and the container port to access from the load balancer. The container name must be as it appears in a container definition. The target group ARN parameter must be omitted. When a task from this service is placed on a container instance, the container instance is registered with the load balancer that's specified here.

Services with tasks that use the awsvpc network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers aren't supported. Also, when you create any target groups for these services, you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.

" + "documentation":"

A load balancer object representing the load balancers to use with your service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.

If the service uses the ECS deployment controller and using either an Application Load Balancer or Network Load Balancer, you must specify one or more target group ARNs to attach to the service. The service-linked role is required for services that use multiple target groups. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.

If the service uses the CODE_DEPLOY deployment controller, the service is required to use either an Application Load Balancer or Network Load Balancer. When creating an CodeDeploy deployment group, you specify two target groups (referred to as a targetGroupPair). During a deployment, CodeDeploy determines which task set in your service has the status PRIMARY, and it associates one target group with it. Then, it also associates the other target group with the replacement task set. The load balancer can also have up to two listeners: a required listener for production traffic and an optional listener that you can use to perform validation tests with Lambda functions before routing production traffic to it.

If you use the CODE_DEPLOY deployment controller, these values can be changed when updating the service.

For Application Load Balancers and Network Load Balancers, this object must contain the load balancer target group ARN, the container name, and the container port to access from the load balancer. The container name must be as it appears in a container definition. The load balancer name parameter must be omitted. When a task from this service is placed on a container instance, the container instance and port combination is registered as a target in the target group that's specified here.

For Classic Load Balancers, this object must contain the load balancer name, the container name , and the container port to access from the load balancer. The container name must be as it appears in a container definition. The target group ARN parameter must be omitted. When a task from this service is placed on a container instance, the container instance is registered with the load balancer that's specified here.

Services with tasks that use the awsvpc network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers aren't supported. Also, when you create any target groups for these services, you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.

" }, "serviceRegistries":{ "shape":"ServiceRegistries", @@ -2171,11 +2422,11 @@ }, "launchType":{ "shape":"LaunchType", - "documentation":"

The infrastructure that you run your service on. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

The FARGATE launch type runs your tasks on Fargate On-Demand infrastructure.

Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see Fargate capacity providers in the Amazon ECS Developer Guide.

The EC2 launch type runs your tasks on Amazon EC2 instances registered to your cluster.

The EXTERNAL launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.

A service can use either a launch type or a capacity provider strategy. If a launchType is specified, the capacityProviderStrategy parameter must be omitted.

" + "documentation":"

The infrastructure that you run your service on. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

If you want to use Amazon ECS Managed Instances, you must use the capacityProviderStrategy request parameter and omit the launchType request parameter.

The FARGATE launch type runs your tasks on Fargate On-Demand infrastructure.

Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see Fargate capacity providers in the Amazon ECS Developer Guide.

The EC2 launch type runs your tasks on Amazon EC2 instances registered to your cluster.

The EXTERNAL launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.

A service can use either a launch type or a capacity provider strategy. If a launchType is specified, the capacityProviderStrategy parameter must be omitted.

" }, "capacityProviderStrategy":{ "shape":"CapacityProviderStrategy", - "documentation":"

The capacity provider strategy to use for the service.

If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.

A capacity provider strategy can contain a maximum of 20 capacity providers.

" + "documentation":"

The capacity provider strategy to use for the service.

If you want to use Amazon ECS Managed Instances, you must use the capacityProviderStrategy request parameter and omit the launchType request parameter.

If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.

A capacity provider strategy can contain a maximum of 20 capacity providers.

" }, "platformVersion":{ "shape":"String", @@ -2203,7 +2454,7 @@ }, "healthCheckGracePeriodSeconds":{ "shape":"BoxedInteger", - "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of 0 is used. If you don't use any of the health checks, then healthCheckGracePeriodSeconds is unused.

If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.

" + "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you do not specify a health check grace period value, the default value of 0 is used. If you do not use any of the health checks, then healthCheckGracePeriodSeconds is unused.

If your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.

" }, "schedulingStrategy":{ "shape":"SchedulingStrategy", @@ -2219,7 +2470,7 @@ }, "enableECSManagedTags":{ "shape":"Boolean", - "documentation":"

Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see Tagging your Amazon ECS resources in the Amazon Elastic Container Service Developer Guide.

When you use Amazon ECS managed tags, you need to set the propagateTags request parameter.

" + "documentation":"

Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see Tagging your Amazon ECS resources in the Amazon Elastic Container Service Developer Guide.

When you use Amazon ECS managed tags, you must set the propagateTags request parameter.

" }, "propagateTags":{ "shape":"PropagateTags", @@ -2347,7 +2598,7 @@ }, "principalArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the principal. It can be an user, role, or the root user. If you specify the root user, it disables the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

" + "documentation":"

The Amazon Resource Name (ARN) of the principal. It can be a user, role, or the root user. If you specify the root user, it disables the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

In order to use this parameter, you must be the root user, or the principal.

" } } }, @@ -2390,6 +2641,10 @@ "capacityProvider":{ "shape":"String", "documentation":"

The short name or full Amazon Resource Name (ARN) of the capacity provider to delete.

" + }, + "cluster":{ + "shape":"String", + "documentation":"

The name of the cluster that contains the capacity provider to delete. Managed instances capacity providers are cluster-scoped and can only be deleted from their associated cluster.

" } } }, @@ -2617,7 +2872,7 @@ "documentation":"

Determines whether to use the CloudWatch alarm option in the service deployment process.

" } }, - "documentation":"

One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment.

When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure.

You can only use the DeploymentAlarms method to detect failures when the DeploymentController is set to ECS (rolling update).

For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide .

" + "documentation":"

One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment.

When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure.

You can only use the DeploymentAlarms method to detect failures when the DeploymentController is set to ECS.

For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide .

" }, "DeploymentCircuitBreaker":{ "type":"structure", @@ -2650,11 +2905,31 @@ }, "minimumHealthyPercent":{ "shape":"BoxedInteger", - "documentation":"

If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

If any tasks are unhealthy and if maximumPercent doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the minimumHealthyPercent as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see Amazon ECS services .

For services that do not use a load balancer, the following should be noted:

  • A service is considered healthy if all essential containers within the tasks in the service pass their health checks.

  • If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a RUNNING state before the task is counted towards the minimum healthy percent total.

  • If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.

For services that do use a load balancer, the following should be noted:

  • If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

  • If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value. The minimum healthy percent value is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

You can't specify a custom minimumHealthyPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

" + "documentation":"

If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

If any tasks are unhealthy and if maximumPercent doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one — using the minimumHealthyPercent as a constraint — to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see Amazon ECS services.

For services that do not use a load balancer, the following should be noted:

  • A service is considered healthy if all essential containers within the tasks in the service pass their health checks.

  • If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a RUNNING state before the task is counted towards the minimum healthy percent total.

  • If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.

For services that do use a load balancer, the following should be noted:

  • If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

  • If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value. The minimum healthy percent value is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

You can't specify a custom minimumHealthyPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

" }, "alarms":{ "shape":"DeploymentAlarms", "documentation":"

Information about the CloudWatch alarms.

" + }, + "strategy":{ + "shape":"DeploymentStrategy", + "documentation":"

The deployment strategy for the service. Choose from these valid values:

  • ROLLING - When you create a service which uses the rolling update (ROLLING) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.

  • BLUE_GREEN - A blue/green deployment strategy (BLUE_GREEN) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.

  • LINEAR - A linear deployment strategy (LINEAR) gradually shifts traffic from the current production environment to a new environment in equal percentages over time. With Amazon ECS linear deployments, you can control the pace of traffic shifting and validate new service revisions with increasing amounts of production traffic.

  • CANARY - A canary deployment strategy (CANARY) shifts a small percentage of traffic to the new service revision first, then shifts the remaining traffic all at once after a specified time period. This allows you to test the new version with a subset of users before full deployment.

" + }, + "bakeTimeInMinutes":{ + "shape":"BoxedInteger", + "documentation":"

The time period when both blue and green service revisions are running simultaneously after the production traffic has shifted.

You must provide this parameter when you use the BLUE_GREEN deployment strategy.

" + }, + "lifecycleHooks":{ + "shape":"DeploymentLifecycleHookList", + "documentation":"

An array of deployment lifecycle hook objects to run custom logic at specific stages of the deployment lifecycle.

" + }, + "linearConfiguration":{ + "shape":"LinearConfiguration", + "documentation":"

Configuration for linear deployment strategy. Only valid when the deployment strategy is LINEAR. This configuration enables progressive traffic shifting in equal percentage increments with configurable bake times between each step.

" + }, + "canaryConfiguration":{ + "shape":"CanaryConfiguration", + "documentation":"

Configuration for canary deployment strategy. Only valid when the deployment strategy is CANARY. This configuration enables shifting a fixed percentage of traffic for testing, followed by shifting the remaining traffic after a bake period.

" } }, "documentation":"

Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks.

" @@ -2665,7 +2940,7 @@ "members":{ "type":{ "shape":"DeploymentControllerType", - "documentation":"

The deployment controller type to use.

There are three deployment controller types available:

ECS

The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration.

For more information about rolling deployments, see Deploy Amazon ECS services by replacing tasks in the Amazon Elastic Container Service Developer Guide.

CODE_DEPLOY

The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by CodeDeploy, which allows you to verify a new deployment of a service before sending production traffic to it.

For more information about blue/green deployments, see Validate the state of an Amazon ECS service before deployment in the Amazon Elastic Container Service Developer Guide.

EXTERNAL

The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service.

For more information about external deployments, see Deploy Amazon ECS services using a third-party controller in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

The deployment controller type to use.

The deployment controller is the mechanism that determines how tasks are deployed for your service. The valid options are:

  • ECS

    When you create a service which uses the ECS deployment controller, you can choose between the following deployment strategies:

    • ROLLING: When you create a service which uses the rolling update (ROLLING) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.

      Rolling update deployments are best suited for the following scenarios:

      • Gradual service updates: You need to update your service incrementally without taking the entire service offline at once.

      • Limited resource requirements: You want to avoid the additional resource costs of running two complete environments simultaneously (as required by blue/green deployments).

      • Acceptable deployment time: Your application can tolerate a longer deployment process, as rolling updates replace tasks one by one.

      • No need for instant roll back: Your service can tolerate a rollback process that takes minutes rather than seconds.

      • Simple deployment process: You prefer a straightforward deployment approach without the complexity of managing multiple environments, target groups, and listeners.

      • No load balancer requirement: Your service doesn't use or require a load balancer, Application Load Balancer, Network Load Balancer, or Service Connect (which are required for blue/green deployments).

      • Stateful applications: Your application maintains state that makes it difficult to run two parallel environments.

      • Cost sensitivity: You want to minimize deployment costs by not running duplicate environments during deployment.

      Rolling updates are the default deployment strategy for services and provide a balance between deployment safety and resource efficiency for many common application scenarios.

    • BLUE_GREEN: A blue/green deployment strategy (BLUE_GREEN) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.

      Amazon ECS blue/green deployments are best suited for the following scenarios:

      • Service validation: When you need to validate new service revisions before directing production traffic to them

      • Zero downtime: When your service requires zero-downtime deployments

      • Instant roll back: When you need the ability to quickly roll back if issues are detected

      • Load balancer requirement: When your service uses Application Load Balancer, Network Load Balancer, or Service Connect

  • External

    Use a third-party deployment controller.

  • Blue/green deployment (powered by CodeDeploy)

    CodeDeploy installs an updated version of the application as a new replacement task set and reroutes production traffic from the original application task set to the replacement task set. The original task set is terminated after a successful deployment. Use this deployment controller to verify a new deployment of a service before sending production traffic to it.

" } }, "documentation":"

The deployment controller to use for the service.

" @@ -2688,6 +2963,48 @@ }, "documentation":"

The amount of ephemeral storage to allocate for the deployment.

" }, + "DeploymentLifecycleHook":{ + "type":"structure", + "members":{ + "hookTargetArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the hook target. Currently, only Lambda function ARNs are supported.

You must provide this parameter when configuring a deployment lifecycle hook.

" + }, + "roleArn":{ + "shape":"IAMRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role that grants Amazon ECS permission to call Lambda functions on your behalf.

For more information, see Permissions required for Lambda functions in Amazon ECS blue/green deployments in the Amazon Elastic Container Service Developer Guide.

" + }, + "lifecycleStages":{ + "shape":"DeploymentLifecycleHookStageList", + "documentation":"

The lifecycle stages at which to run the hook. Choose from these valid values:

  • RECONCILE_SERVICE

    The reconciliation stage that only happens when you start a new service deployment with more than 1 service revision in an ACTIVE state.

    You can use a lifecycle hook for this stage.

  • PRE_SCALE_UP

    The green service revision has not started. The blue service revision is handling 100% of the production traffic. There is no test traffic.

    You can use a lifecycle hook for this stage.

  • POST_SCALE_UP

    The green service revision has started. The blue service revision is handling 100% of the production traffic. There is no test traffic.

    You can use a lifecycle hook for this stage.

  • TEST_TRAFFIC_SHIFT

    The blue and green service revisions are running. The blue service revision handles 100% of the production traffic. The green service revision is migrating from 0% to 100% of test traffic.

    You can use a lifecycle hook for this stage.

  • POST_TEST_TRAFFIC_SHIFT

    The test traffic shift is complete. The green service revision handles 100% of the test traffic.

    You can use a lifecycle hook for this stage.

  • PRODUCTION_TRAFFIC_SHIFT

    Production traffic is shifting to the green service revision. The green service revision is migrating from 0% to 100% of production traffic.

    You can use a lifecycle hook for this stage.

  • POST_PRODUCTION_TRAFFIC_SHIFT

    The production traffic shift is complete.

    You can use a lifecycle hook for this stage.

You must provide this parameter when configuring a deployment lifecycle hook.

" + }, + "hookDetails":{ + "shape":"HookDetails", + "documentation":"

Use this field to specify custom parameters that Amazon ECS will pass to your hook target invocations (such as a Lambda function).

" + } + }, + "documentation":"

A deployment lifecycle hook runs custom logic at specific stages of the deployment process. Currently, you can use Lambda functions as hook targets.

For more information, see Lifecycle hooks for Amazon ECS service deployments in the Amazon Elastic Container Service Developer Guide.

" + }, + "DeploymentLifecycleHookList":{ + "type":"list", + "member":{"shape":"DeploymentLifecycleHook"} + }, + "DeploymentLifecycleHookStage":{ + "type":"string", + "enum":[ + "RECONCILE_SERVICE", + "PRE_SCALE_UP", + "POST_SCALE_UP", + "TEST_TRAFFIC_SHIFT", + "POST_TEST_TRAFFIC_SHIFT", + "PRODUCTION_TRAFFIC_SHIFT", + "POST_PRODUCTION_TRAFFIC_SHIFT" + ] + }, + "DeploymentLifecycleHookStageList":{ + "type":"list", + "member":{"shape":"DeploymentLifecycleHookStage"} + }, "DeploymentRolloutState":{ "type":"string", "enum":[ @@ -2696,6 +3013,15 @@ "IN_PROGRESS" ] }, + "DeploymentStrategy":{ + "type":"string", + "enum":[ + "ROLLING", + "BLUE_GREEN", + "LINEAR", + "CANARY" + ] + }, "Deployments":{ "type":"list", "member":{"shape":"Deployment"} @@ -2753,6 +3079,10 @@ "shape":"StringList", "documentation":"

The short name or full Amazon Resource Name (ARN) of one or more capacity providers. Up to 100 capacity providers can be described in an action.

" }, + "cluster":{ + "shape":"String", + "documentation":"

The name of the cluster to describe capacity providers for. When specified, only capacity providers associated with this cluster are returned, including Amazon ECS Managed Instances capacity providers.

" + }, "include":{ "shape":"CapacityProviderFieldList", "documentation":"

Specifies whether or not you want to see the resource tags for the capacity provider. If TAGS is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.

" @@ -2989,7 +3319,7 @@ "members":{ "cluster":{ "shape":"String", - "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the task or tasks to describe. If you do not specify a cluster, the default cluster is assumed. This parameter is required. If you do not specify a value, the default cluster is used.

" + "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster that hosts the task or tasks to describe. If you do not specify a cluster, the default cluster is assumed.

" }, "tasks":{ "shape":"StringList", @@ -3251,6 +3581,17 @@ }, "documentation":"

The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see Using data volumes in tasks in the Amazon ECS Developer Guide;.

For tasks using the Fargate launch type, the task requires the following platforms:

  • Linux platform version 1.4.0 or later.

  • Windows platform version 1.0.0 or later.

" }, + "ExcludedInstanceType":{ + "type":"string", + "max":30, + "min":1, + "pattern":"[a-zA-Z0-9\\.\\*\\-]+" + }, + "ExcludedInstanceTypeSet":{ + "type":"list", + "member":{"shape":"ExcludedInstanceType"}, + "max":400 + }, "ExecuteCommandConfiguration":{ "type":"structure", "members":{ @@ -3493,22 +3834,22 @@ }, "interval":{ "shape":"BoxedInteger", - "documentation":"

The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.

" + "documentation":"

The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a command.

" }, "timeout":{ "shape":"BoxedInteger", - "documentation":"

The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.

" + "documentation":"

The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a command.

" }, "retries":{ "shape":"BoxedInteger", - "documentation":"

The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.

" + "documentation":"

The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a command.

" }, "startPeriod":{ "shape":"BoxedInteger", - "documentation":"

The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off.

If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.

" + "documentation":"

The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off. This value applies only when you specify a command.

If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.

" } }, - "documentation":"

An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.

The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.

You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.

The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability.

Amazon ECS performs health checks on containers with the default that launched the container instance or the task.

The following describes the possible healthStatus values for a container:

  • HEALTHY-The container health check has passed successfully.

  • UNHEALTHY-The container health check has failed.

  • UNKNOWN-The container health check is being evaluated, there's no container health check defined, or Amazon ECS doesn't have the health status of the container.

The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

  • UNHEALTHY-One or more essential containers have failed their health check.

  • UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state.

  • HEALTHY-All essential containers within the task have passed their health checks.

Consider the following task health example with 2 containers.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY.

Consider the following task health example with 3 containers.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY.

If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.

The following are notes about container health check support:

  • If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won't cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the \"last heard from\" response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks.

  • Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.

  • Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see Fargate platform versions.

  • Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.

" + "documentation":"

An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.

The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.

You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.

The health check is designed to make sure that your containers survive agent restarts, upgrades, or temporary unavailability.

Amazon ECS performs health checks on containers with the default that launched the container instance or the task.

The following describes the possible healthStatus values for a container:

  • HEALTHY-The container health check has passed successfully.

  • UNHEALTHY-The container health check has failed.

  • UNKNOWN-The container health check is being evaluated, there's no container health check defined, or Amazon ECS doesn't have the health status of the container.

The following describes the possible healthStatus values based on the container health checker status of essential containers in the task with the following priority order (high to low):

  • UNHEALTHY-One or more essential containers have failed their health check.

  • UNKNOWN-Any essential container running within the task is in an UNKNOWN state and no other essential containers have an UNHEALTHY state.

  • HEALTHY-All essential containers within the task have passed their health checks.

Consider the following task health example with 2 containers.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is HEALTHY, the task health is HEALTHY.

Consider the following task health example with 3 containers.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is UNHEALTHY.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is HEALTHY, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3 is UNKNOWN, the task health is UNKNOWN.

  • If Container1 is HEALTHY and Container2 is HEALTHY, and Container3 is HEALTHY, the task health is HEALTHY.

If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.

When a container health check fails for a task that is part of a service, the following process occurs:

  1. The task is marked as UNHEALTHY.

  2. The unhealthy task will be stopped, and during the stopping process, it will go through the following states:

    • DEACTIVATING - In this state, Amazon ECS performs additional steps before stopping the task. For example, for tasks that are part of services configured to use Elastic Load Balancing target groups, target groups will be deregistered in this state.

    • STOPPING - The task is in the process of being stopped.

    • DEPROVISIONING - Resources associated with the task are being cleaned up.

    • STOPPED - The task has been completely stopped.

  3. After the old task stops, a new task will be launched to ensure service operation, and the new task will go through the following lifecycle:

    • PROVISIONING - Resources required for the task are being provisioned.

    • PENDING - The task is waiting to be placed on a container instance.

    • ACTIVATING - In this state, Amazon ECS pulls container images, creates containers, configures task networking, registers load balancer target groups, and configures service discovery status.

    • RUNNING - The task is running and performing its work.

For more detailed information about task lifecycle states, see Task lifecycle in the Amazon Elastic Container Service Developer Guide.

The following are notes about container health check support:

  • If the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won't cause a container to transition to an UNHEALTHY status. This is by design, to ensure that containers remain running during agent restarts or temporary unavailability. The health check status is the \"last heard from\" response from the Amazon ECS agent, so if the container was considered HEALTHY prior to the disconnect, that status will remain until the agent reconnects and another health check occurs. There are no assumptions made about the status of the container health checks.

  • Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see Updating the Amazon ECS container agent.

  • Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see Fargate platform versions.

  • Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.

For an example of how to specify a task definition with multiple containers where container dependency is specified, see Container dependency in the Amazon Elastic Container Service Developer Guide.

" }, "HealthStatus":{ "type":"string", @@ -3518,6 +3859,11 @@ "UNKNOWN" ] }, + "HookDetails":{ + "type":"structure", + "members":{}, + "document":true + }, "HostEntry":{ "type":"structure", "required":[ @@ -3591,6 +3937,17 @@ "type":"list", "member":{"shape":"InferenceAccelerator"} }, + "InstanceGeneration":{ + "type":"string", + "enum":[ + "current", + "previous" + ] + }, + "InstanceGenerationSet":{ + "type":"list", + "member":{"shape":"InstanceGeneration"} + }, "InstanceHealthCheckResult":{ "type":"structure", "members":{ @@ -3630,6 +3987,168 @@ "type":"string", "enum":["CONTAINER_RUNTIME"] }, + "InstanceLaunchTemplate":{ + "type":"structure", + "required":[ + "ec2InstanceProfileArn", + "networkConfiguration" + ], + "members":{ + "ec2InstanceProfileArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the instance profile that Amazon ECS applies to Amazon ECS Managed Instances. This instance profile must include the necessary permissions for your tasks to access Amazon Web Services services and resources.

For more information, see Amazon ECS instance profile for Managed Instances in the Amazon ECS Developer Guide.

" + }, + "networkConfiguration":{ + "shape":"ManagedInstancesNetworkConfiguration", + "documentation":"

The network configuration for Amazon ECS Managed Instances. This specifies the subnets and security groups that instances use for network connectivity.

" + }, + "storageConfiguration":{ + "shape":"ManagedInstancesStorageConfiguration", + "documentation":"

The storage configuration for Amazon ECS Managed Instances. This defines the root volume size and type for the instances.

" + }, + "monitoring":{ + "shape":"ManagedInstancesMonitoringOptions", + "documentation":"

CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see Detailed monitoring for Amazon ECS Managed Instances in the Amazon ECS Developer Guide.

" + }, + "instanceRequirements":{ + "shape":"InstanceRequirementsRequest", + "documentation":"

The instance requirements. You can specify:

  • The instance types

  • Instance requirements such as vCPU count, memory, network performance, and accelerator specifications

Amazon ECS automatically selects the instances that match the specified criteria.

" + } + }, + "documentation":"

The launch template configuration for Amazon ECS Managed Instances. This defines how Amazon ECS launches Amazon EC2 instances, including the instance profile for your tasks, network and storage configuration, capacity options, and instance requirements for flexible instance type selection.

" + }, + "InstanceLaunchTemplateUpdate":{ + "type":"structure", + "members":{ + "ec2InstanceProfileArn":{ + "shape":"String", + "documentation":"

The updated Amazon Resource Name (ARN) of the instance profile. The new instance profile must have the necessary permissions for your tasks.

For more information, see Amazon ECS instance profile for Managed Instances in the Amazon ECS Developer Guide.

" + }, + "networkConfiguration":{ + "shape":"ManagedInstancesNetworkConfiguration", + "documentation":"

The updated network configuration for Amazon ECS Managed Instances. Changes to subnets and security groups affect new instances launched after the update.

" + }, + "storageConfiguration":{ + "shape":"ManagedInstancesStorageConfiguration", + "documentation":"

The updated storage configuration for Amazon ECS Managed Instances. Changes to storage settings apply to new instances launched after the update.

" + }, + "monitoring":{ + "shape":"ManagedInstancesMonitoringOptions", + "documentation":"

CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see Detailed monitoring for Amazon ECS Managed Instances in the Amazon ECS Developer Guide.

" + }, + "instanceRequirements":{ + "shape":"InstanceRequirementsRequest", + "documentation":"

The updated instance requirements for attribute-based instance type selection. Changes to instance requirements affect which instance types Amazon ECS selects for new instances.

" + } + }, + "documentation":"

The updated launch template configuration for Amazon ECS Managed Instances. You can modify the instance profile, network configuration, storage settings, and instance requirements. Changes apply to new instances launched after the update.

For more information, see Store instance launch parameters in Amazon EC2 launch templates in the Amazon EC2 User Guide.

" + }, + "InstanceRequirementsRequest":{ + "type":"structure", + "required":[ + "vCpuCount", + "memoryMiB" + ], + "members":{ + "vCpuCount":{ + "shape":"VCpuCountRangeRequest", + "documentation":"

The minimum and maximum number of vCPUs for the instance types. Amazon ECS selects instance types that have vCPU counts within this range.

" + }, + "memoryMiB":{ + "shape":"MemoryMiBRequest", + "documentation":"

The minimum and maximum amount of memory in mebibytes (MiB) for the instance types. Amazon ECS selects instance types that have memory within this range.

" + }, + "cpuManufacturers":{ + "shape":"CpuManufacturerSet", + "documentation":"

The CPU manufacturers to include or exclude. You can specify intel, amd, or amazon-web-services to control which CPU types are used for your workloads.

" + }, + "memoryGiBPerVCpu":{ + "shape":"MemoryGiBPerVCpuRequest", + "documentation":"

The minimum and maximum amount of memory per vCPU in gibibytes (GiB). This helps ensure that instance types have the appropriate memory-to-CPU ratio for your workloads.

" + }, + "excludedInstanceTypes":{ + "shape":"ExcludedInstanceTypeSet", + "documentation":"

The instance types to exclude from selection. Use this to prevent Amazon ECS from selecting specific instance types that may not be suitable for your workloads.

" + }, + "instanceGenerations":{ + "shape":"InstanceGenerationSet", + "documentation":"

The instance generations to include. You can specify current to use the latest generation instances, or previous to include previous generation instances for cost optimization.

" + }, + "spotMaxPricePercentageOverLowestPrice":{ + "shape":"BoxedInteger", + "documentation":"

The maximum price for Spot instances as a percentage over the lowest priced On-Demand instance. This helps control Spot instance costs while maintaining access to capacity.

" + }, + "onDemandMaxPricePercentageOverLowestPrice":{ + "shape":"BoxedInteger", + "documentation":"

The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation instance types that match your attributes. When Amazon ECS selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold.

" + }, + "bareMetal":{ + "shape":"BareMetal", + "documentation":"

Indicates whether to include bare metal instance types. Set to included to allow bare metal instances, excluded to exclude them, or required to use only bare metal instances.

" + }, + "burstablePerformance":{ + "shape":"BurstablePerformance", + "documentation":"

Indicates whether to include burstable performance instance types (T2, T3, T3a, T4g). Set to included to allow burstable instances, excluded to exclude them, or required to use only burstable instances.

" + }, + "requireHibernateSupport":{ + "shape":"BoxedBoolean", + "documentation":"

Indicates whether the instance types must support hibernation. When set to true, only instance types that support hibernation are selected.

" + }, + "networkInterfaceCount":{ + "shape":"NetworkInterfaceCountRequest", + "documentation":"

The minimum and maximum number of network interfaces for the instance types. This is useful for workloads that require multiple network interfaces.

" + }, + "localStorage":{ + "shape":"LocalStorage", + "documentation":"

Indicates whether to include instance types with local storage. Set to included to allow local storage, excluded to exclude it, or required to use only instances with local storage.

" + }, + "localStorageTypes":{ + "shape":"LocalStorageTypeSet", + "documentation":"

The local storage types to include. You can specify hdd for hard disk drives, ssd for solid state drives, or both.

" + }, + "totalLocalStorageGB":{ + "shape":"TotalLocalStorageGBRequest", + "documentation":"

The minimum and maximum total local storage in gigabytes (GB) for instance types with local storage.

" + }, + "baselineEbsBandwidthMbps":{ + "shape":"BaselineEbsBandwidthMbpsRequest", + "documentation":"

The minimum and maximum baseline Amazon EBS bandwidth in megabits per second (Mbps). This is important for workloads with high storage I/O requirements.

" + }, + "acceleratorTypes":{ + "shape":"AcceleratorTypeSet", + "documentation":"

The accelerator types to include. You can specify gpu for graphics processing units, fpga for field programmable gate arrays, or inference for machine learning inference accelerators.

" + }, + "acceleratorCount":{ + "shape":"AcceleratorCountRequest", + "documentation":"

The minimum and maximum number of accelerators for the instance types. This is used when you need instances with specific numbers of GPUs or other accelerators.

" + }, + "acceleratorManufacturers":{ + "shape":"AcceleratorManufacturerSet", + "documentation":"

The accelerator manufacturers to include. You can specify nvidia, amd, amazon-web-services, or xilinx depending on your accelerator requirements.

" + }, + "acceleratorNames":{ + "shape":"AcceleratorNameSet", + "documentation":"

The specific accelerator names to include. For example, you can specify a100, v100, k80, or other specific accelerator models.

" + }, + "acceleratorTotalMemoryMiB":{ + "shape":"AcceleratorTotalMemoryMiBRequest", + "documentation":"

The minimum and maximum total accelerator memory in mebibytes (MiB). This is important for GPU workloads that require specific amounts of video memory.

" + }, + "networkBandwidthGbps":{ + "shape":"NetworkBandwidthGbpsRequest", + "documentation":"

The minimum and maximum network bandwidth in gigabits per second (Gbps). This is crucial for network-intensive workloads that require high throughput.

" + }, + "allowedInstanceTypes":{ + "shape":"AllowedInstanceTypeSet", + "documentation":"

The instance types to include in the selection. When specified, Amazon ECS only considers these instance types, subject to the other requirements specified.

" + }, + "maxSpotPriceAsPercentageOfOptimalOnDemandPrice":{ + "shape":"BoxedInteger", + "documentation":"

The maximum price for Spot instances as a percentage of the optimal On-Demand price. This provides more precise cost control for Spot instance selection.

" + } + }, + "documentation":"

The instance requirements for attribute-based instance type selection. Instead of specifying exact instance types, you define requirements such as vCPU count, memory size, network performance, and accelerator specifications. Amazon ECS automatically selects Amazon EC2 instance types that match these requirements, providing flexibility and helping to mitigate capacity constraints.

" + }, "Integer":{"type":"integer"}, "IntegerList":{ "type":"list", @@ -3637,9 +4156,8 @@ }, "InvalidParameterException":{ "type":"structure", - "members":{ - }, - "documentation":"

The specified parameter isn't valid. Review the available parameters for the API request.

", + "members":{}, + "documentation":"

The specified parameter isn't valid. Review the available parameters for the API request.

For more information about service event errors, see Amazon ECS service event messages.

", "exception":true }, "IpcMode":{ @@ -3662,7 +4180,7 @@ "documentation":"

The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run.

Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

" } }, - "documentation":"

The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.

" + "documentation":"

The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.

The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.

  • When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the add request parameter, and the drop request parameter are ignored.

  • When the add request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in the drop request parameter.

  • When the drop request parameter is set to ALL, the container capabilities are the capabilities specified in the add request parameter.

  • When the add request parameter and the drop request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.

  • The default is to first drop the capabilities specified in the drop request parameter, and then add the capabilities specified in the add request parameter.

" }, "KeyValuePair":{ "type":"structure", @@ -3683,16 +4201,32 @@ "enum":[ "EC2", "FARGATE", - "EXTERNAL" + "EXTERNAL", + "MANAGED_INSTANCES" ] }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The limit for the resource was exceeded.

", "exception":true }, + "LinearConfiguration":{ + "type":"structure", + "members":{ + "stepPercent":{ + "shape":"Double", + "documentation":"

The percentage of production traffic to shift in each step during a linear deployment. Valid values are multiples of 0.1 from 3.0 to 100.0. The default value is 10.0.

", + "box":true + }, + "stepBakeTimeInMinutes":{ + "shape":"Integer", + "documentation":"

The amount of time in minutes to wait between each traffic shifting step during a linear deployment. Valid values are 0 to 1440 minutes (24 hours). The default value is 6. This bake time is not applied after reaching 100 percent traffic.

", + "box":true + } + }, + "documentation":"

Configuration for linear deployment strategy that shifts production traffic in equal percentage increments with configurable wait times between each step until 100% of traffic is shifted to the new service revision. This is only valid when you run CreateService or UpdateService with deploymentController set to ECS and a deploymentConfiguration with a strategy set to LINEAR.

" + }, "LinuxParameters":{ "type":"structure", "members":{ @@ -3740,7 +4274,7 @@ }, "principalArn":{ "shape":"String", - "documentation":"

The ARN of the principal, which can be a user, role, or the root user. If this field is omitted, the account settings are listed only for the authenticated user.

Federated users assume the account setting of the root user and can't have explicit account settings set for them.

" + "documentation":"

The ARN of the principal, which can be a user, role, or the root user. If this field is omitted, the account settings are listed only for the authenticated user.

In order to use this parameter, you must be the root user, or the principal.

Federated users assume the account setting of the root user and can't have explicit account settings set for them.

" }, "effectiveSettings":{ "shape":"Boolean", @@ -3859,7 +4393,7 @@ }, "status":{ "shape":"ContainerInstanceStatus", - "documentation":"

Filters the container instances by status. For example, if you specify the DRAINING status, the results include only container instances that have been set to DRAINING using UpdateContainerInstancesState. If you don't specify this parameter, the default is to include container instances set to all states other than INACTIVE.

" + "documentation":"

Filters the container instances by status. For example, if you specify the DRAINING status, the results include only container instances that have been set to DRAINING using UpdateContainerInstancesState. If you don't specify this parameter, the The default is to include container instances set to all states other than INACTIVE.

" } } }, @@ -4151,6 +4685,10 @@ "containerPort":{ "shape":"BoxedInteger", "documentation":"

The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort of the port mapping.

" + }, + "advancedConfiguration":{ + "shape":"AdvancedConfiguration", + "documentation":"

The advanced settings for the load balancer used in blue/green deployments. Specify the alternate target group, listener rules, and IAM role required for traffic shifting during blue/green deployments.

" } }, "documentation":"

The load balancer configuration to use with a service or task set.

When you add, update, or remove a load balancer configuration, Amazon ECS starts a new deployment with the updated Elastic Load Balancing configuration. This causes tasks to register to and deregister from load balancers.

We recommend that you verify this on a test environment before you update the Elastic Load Balancing configuration.

A service-linked role is required for services that use multiple target groups. For more information, see Using service-linked roles in the Amazon Elastic Container Service Developer Guide.

" @@ -4159,6 +4697,25 @@ "type":"list", "member":{"shape":"LoadBalancer"} }, + "LocalStorage":{ + "type":"string", + "enum":[ + "included", + "required", + "excluded" + ] + }, + "LocalStorageType":{ + "type":"string", + "enum":[ + "hdd", + "ssd" + ] + }, + "LocalStorageTypeSet":{ + "type":"list", + "member":{"shape":"LocalStorageType"} + }, "LogConfiguration":{ "type":"structure", "required":["logDriver"], @@ -4169,7 +4726,7 @@ }, "options":{ "shape":"LogConfigurationOptionsMap", - "documentation":"

The configuration options to send to the log driver.

The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

awslogs-create-group

Required: No

Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false.

Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group.
awslogs-region

Required: Yes

Specify the Amazon Web Services Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.

awslogs-group

Required: Yes

Make sure to specify a log group that the awslogs log driver sends its log streams to.

awslogs-stream-prefix

Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type.

Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id.

If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.

For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.

You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.

awslogs-datetime-format

Required: No

This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.

One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.

For more information, see awslogs-datetime-format.

You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options.

Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
awslogs-multiline-pattern

Required: No

This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.

For more information, see awslogs-multiline-pattern.

This option is ignored if awslogs-datetime-format is also configured.

You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options.

Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
mode

Required: No

Valid values: non-blocking | blocking

This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted.

If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.

If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver.

max-buffer-size

Required: No

Default value: 1m

When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.

To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url.

When you use the awsfirelens log router to route logs to an Amazon Web Services Service or Amazon Web Services Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.

Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the Amazon Web Services Region with region and a name for the log stream with delivery_stream.

When you export logs to Amazon Kinesis Data Streams, you can specify an Amazon Web Services Region with region and a data stream name with stream.

When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks.

When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options.

This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

" + "documentation":"

The configuration options to send to the log driver.

The options you can specify depend on the log driver. Some of the options you can specify when you use the awslogs log driver to route logs to Amazon CloudWatch include the following:

awslogs-create-group

Required: No

Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false.

Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group.
awslogs-region

Required: Yes

Specify the Amazon Web Services Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option.

awslogs-group

Required: Yes

Make sure to specify a log group that the awslogs log driver sends its log streams to.

awslogs-stream-prefix

Required: Yes, when using Fargate.Optional when using EC2.

Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id.

If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option.

For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to.

You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console.

awslogs-datetime-format

Required: No

This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.

One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.

For more information, see awslogs-datetime-format.

You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options.

Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
awslogs-multiline-pattern

Required: No

This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages.

For more information, see awslogs-multiline-pattern.

This option is ignored if awslogs-datetime-format is also configured.

You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options.

Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.

The following options apply to all supported log drivers.

mode

Required: No

Valid values: non-blocking | blocking

This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted.

If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure.

If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver.

You can set a default mode for all containers in a specific Amazon Web Services Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the non-blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide.

On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

  • Set the mode option in your container definition's logConfiguration as blocking.

  • Set the defaultLogDriverMode account setting to blocking.
max-buffer-size

Required: No

Default value: 10m

When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.

To route logs using the splunk log router, you need to specify a splunk-token and a splunk-url.

When you use the awsfirelens log router to route logs to an Amazon Web Services Service or Amazon Web Services Partner Network destination for log storage and analytics, you can set the log-driver-buffer-limit option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.

Other options you can specify when using awsfirelens to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the Amazon Web Services Region with region and a name for the log stream with delivery_stream.

When you export logs to Amazon Kinesis Data Streams, you can specify an Amazon Web Services Region with region and a data stream name with stream.

When you export logs to Amazon OpenSearch Service, you can specify options like Name, Host (OpenSearch Service endpoint without protocol), Port, Index, Type, Aws_auth, Aws_region, Suppress_Type_Name, and tls. For more information, see Under the hood: FireLens for Amazon ECS Tasks.

When you export logs to Amazon S3, you can specify the bucket using the bucket option. You can also specify region, total_file_size, upload_timeout, and use_put_object as options.

This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

" }, "secretOptions":{ "shape":"SecretList", @@ -4265,6 +4822,55 @@ "DISABLED" ] }, + "ManagedInstancesMonitoringOptions":{ + "type":"string", + "enum":[ + "BASIC", + "DETAILED" + ] + }, + "ManagedInstancesNetworkConfiguration":{ + "type":"structure", + "members":{ + "subnets":{ + "shape":"StringList", + "documentation":"

The list of subnet IDs where Amazon ECS can launch Amazon ECS Managed Instances. Instances are distributed across the specified subnets for high availability. All subnets must be in the same VPC.

" + }, + "securityGroups":{ + "shape":"StringList", + "documentation":"

The list of security group IDs to apply to Amazon ECS Managed Instances. These security groups control the network traffic allowed to and from the instances.

" + } + }, + "documentation":"

The network configuration for Amazon ECS Managed Instances. This specifies the VPC subnets and security groups that instances use for network connectivity. Amazon ECS Managed Instances support multiple network modes including awsvpc (instances receive ENIs for task isolation), host (instances share network namespace with tasks), and none (no external network connectivity), ensuring backward compatibility for migrating workloads from Fargate or Amazon EC2.

" + }, + "ManagedInstancesProvider":{ + "type":"structure", + "members":{ + "infrastructureRoleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the infrastructure role that Amazon ECS assumes to manage instances. This role must include permissions for Amazon EC2 instance lifecycle management, networking, and any additional Amazon Web Services services required for your workloads.

For more information, see Amazon ECS infrastructure IAM role in the Amazon ECS Developer Guide.

" + }, + "instanceLaunchTemplate":{ + "shape":"InstanceLaunchTemplate", + "documentation":"

The launch template that defines how Amazon ECS launches Amazon ECS Managed Instances. This includes the instance profile for your tasks, network and storage configuration, and instance requirements that determine which Amazon EC2 instance types can be used.

For more information, see Store instance launch parameters in Amazon EC2 launch templates in the Amazon EC2 User Guide.

" + }, + "propagateTags":{ + "shape":"PropagateMITags", + "documentation":"

Determines whether tags from the capacity provider are automatically applied to Amazon ECS Managed Instances. This helps with cost allocation and resource management by ensuring consistent tagging across your infrastructure.

" + } + }, + "documentation":"

The configuration for a Amazon ECS Managed Instances provider. Amazon ECS uses this configuration to automatically launch, manage, and terminate Amazon EC2 instances on your behalf. Managed instances provide access to the full range of Amazon EC2 instance types and features while offloading infrastructure management to Amazon Web Services.

" + }, + "ManagedInstancesStorageConfiguration":{ + "type":"structure", + "members":{ + "storageSizeGiB":{ + "shape":"TaskVolumeStorageGiB", + "documentation":"

The size of the tasks volume.

" + } + }, + "documentation":"

The storage configuration for Amazon ECS Managed Instances. This defines the root volume configuration for the instances.

" + }, "ManagedScaling":{ "type":"structure", "members":{ @@ -4278,7 +4884,7 @@ }, "minimumScalingStepSize":{ "shape":"ManagedScalingStepSize", - "documentation":"

The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of 1 is used.

When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size.

If you use a capacity provider with an Auto Scaling group configured with more than one Amazon EC2 instance type or Availability Zone, Amazon ECS will scale up by the exact minimum scaling step size value and will ignore both the maximum scaling step size as well as the capacity demand.

" + "documentation":"

The minimum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in process is not affected by this parameter If this parameter is omitted, the default value of 1 is used.

When additional capacity is required, Amazon ECS will scale up the minimum scaling step size even if the actual demand is less than the minimum scaling step size.

" }, "maximumScalingStepSize":{ "shape":"ManagedScalingStepSize", @@ -4318,11 +4924,11 @@ "members":{ "kmsKeyId":{ "shape":"String", - "documentation":"

Specify a Key Management Service key ID to encrypt the managed storage.

" + "documentation":"

Specify a Key Management Service key ID to encrypt Amazon ECS managed storage.

When you specify a kmsKeyId, Amazon ECS uses the key to encrypt data volumes managed by Amazon ECS that are attached to tasks in the cluster. The following data volumes are managed by Amazon ECS: Amazon EBS. For more information about encryption of Amazon EBS volumes attached to Amazon ECS tasks, see Encrypt data stored in Amazon EBS volumes for Amazon ECS in the Amazon Elastic Container Service Developer Guide.

The key must be a single Region key.

" }, "fargateEphemeralStorageKmsKeyId":{ "shape":"String", - "documentation":"

Specify the Key Management Service key ID for the Fargate ephemeral storage.

" + "documentation":"

Specify the Key Management Service key ID for Fargate ephemeral storage.

When you specify a fargateEphemeralStorageKmsKeyId, Amazon Web Services Fargate uses the key to encrypt data at rest in ephemeral storage. For more information about Fargate ephemeral storage encryption, see Customer managed keys for Amazon Web Services Fargate ephemeral storage for Amazon ECS in the Amazon Elastic Container Service Developer Guide.

The key must be a single Region key.

" } }, "documentation":"

The managed storage configuration for the cluster.

" @@ -4334,10 +4940,38 @@ "DISABLED" ] }, - "MissingVersionException":{ + "MemoryGiBPerVCpuRequest":{ "type":"structure", "members":{ + "min":{ + "shape":"BoxedDouble", + "documentation":"

The minimum amount of memory per vCPU in GiB. Instance types with a lower memory-to-vCPU ratio are excluded from selection.

" + }, + "max":{ + "shape":"BoxedDouble", + "documentation":"

The maximum amount of memory per vCPU in GiB. Instance types with a higher memory-to-vCPU ratio are excluded from selection.

" + } }, + "documentation":"

The minimum and maximum amount of memory per vCPU in gibibytes (GiB). This helps ensure that instance types have the appropriate memory-to-CPU ratio for your workloads.

" + }, + "MemoryMiBRequest":{ + "type":"structure", + "required":["min"], + "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum amount of memory in MiB. Instance types with less memory than this value are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum amount of memory in MiB. Instance types with more memory than this value are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum amount of memory in mebibytes (MiB) for instance type selection. This ensures that selected instance types have adequate memory for your workloads.

" + }, + "MissingVersionException":{ + "type":"structure", + "members":{}, "documentation":"

Amazon ECS can't determine the current version of the Amazon ECS container agent on the container instance and doesn't have enough information to proceed with an update. This could be because the agent running on the container instance is a previous or custom version that doesn't use our version information.

", "exception":true }, @@ -4365,11 +4999,24 @@ }, "NamespaceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified namespace wasn't found.

", "exception":true }, + "NetworkBandwidthGbpsRequest":{ + "type":"structure", + "members":{ + "min":{ + "shape":"BoxedDouble", + "documentation":"

The minimum network bandwidth in Gbps. Instance types with lower network bandwidth are excluded from selection.

" + }, + "max":{ + "shape":"BoxedDouble", + "documentation":"

The maximum network bandwidth in Gbps. Instance types with higher network bandwidth are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum network bandwidth in gigabits per second (Gbps) for instance type selection. This is important for network-intensive workloads.

" + }, "NetworkBinding":{ "type":"structure", "members":{ @@ -4432,6 +5079,20 @@ }, "documentation":"

An object representing the elastic network interface for tasks that use the awsvpc network mode.

" }, + "NetworkInterfaceCountRequest":{ + "type":"structure", + "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum number of network interfaces. Instance types that support fewer network interfaces are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum number of network interfaces. Instance types that support more network interfaces are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum number of network interfaces for instance type selection. This is useful for workloads that require multiple network interfaces.

" + }, "NetworkInterfaces":{ "type":"list", "member":{"shape":"NetworkInterface"} @@ -4447,8 +5108,7 @@ }, "NoUpdateAvailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There's no update available for this Amazon ECS container agent. This might be because the agent is already running the latest version or because it's so old that there's no update path to the current version.

", "exception":true }, @@ -4461,6 +5121,8 @@ "WINDOWS_SERVER_2004_CORE", "WINDOWS_SERVER_2022_CORE", "WINDOWS_SERVER_2022_FULL", + "WINDOWS_SERVER_2025_CORE", + "WINDOWS_SERVER_2025_FULL", "WINDOWS_SERVER_20H2_CORE", "LINUX" ] @@ -4551,15 +5213,13 @@ }, "PlatformTaskDefinitionIncompatibilityException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified platform version doesn't satisfy the required capabilities of the task definition.

", "exception":true }, "PlatformUnknownException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified platform version doesn't exist.

", "exception":true }, @@ -4603,6 +5263,13 @@ "max":65535, "min":0 }, + "PropagateMITags":{ + "type":"string", + "enum":[ + "CAPACITY_PROVIDER", + "NONE" + ] + }, "PropagateTags":{ "type":"string", "enum":[ @@ -4669,7 +5336,7 @@ "members":{ "name":{ "shape":"SettingName", - "documentation":"

The resource name for which to modify the account setting.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" + "documentation":"

The resource name for which to modify the account setting.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode -Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" }, "value":{ "shape":"String", @@ -4695,7 +5362,7 @@ "members":{ "name":{ "shape":"SettingName", - "documentation":"

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • fargateFIPSMode - When turned on, you can run Fargate workloads in a manner that is compliant with Federal Information Processing Standard (FIPS-140). For more information, see Fargate Federal Information Processing Standard (FIPS-140).

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" + "documentation":"

The Amazon ECS account setting name to modify.

The following are the valid values for the account setting name.

  • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

  • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

  • containerInsights - Container Insights with enhanced observability provides all the Container Insights metrics, plus additional task and container metrics. This version supports enhanced observability for Amazon ECS clusters using the Amazon EC2 and Fargate launch types. After you configure Container Insights with enhanced observability on Amazon ECS, Container Insights auto-collects detailed infrastructure telemetry from the cluster level down to the container level in your environment and displays these critical performance data in curated dashboards removing the heavy lifting in observability set-up.

    To use Container Insights with enhanced observability, set the containerInsights account setting to enhanced.

    To use Container Insights, set the containerInsights account setting to enabled.

    For more information, see Monitor Amazon ECS containers using Container Insights with enhanced observability in the Amazon Elastic Container Service Developer Guide.

  • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

  • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

  • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

  • defaultLogDriverMode - Amazon ECS supports setting a default delivery mode of log messages from a container to the logDriver that you specify in the container's logConfiguration. The delivery mode affects application stability when the flow of logs from the container to the log driver is interrupted. The defaultLogDriverMode setting supports two values: blocking and non-blocking. If you don't specify a delivery mode in your container definition's logConfiguration, the mode you specify using this account setting will be used as the default. For more information about log delivery modes, see LogConfiguration.

    On June 25, 2025, Amazon ECS changed the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following:

    • Set the mode option in your container definition's logConfiguration as blocking.

    • Set the defaultLogDriverMode account setting to blocking.

  • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

" }, "value":{ "shape":"String", @@ -4703,7 +5370,7 @@ }, "principalArn":{ "shape":"String", - "documentation":"

The ARN of the principal, which can be a user, role, or the root user. If you specify the root user, it modifies the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

You must use the root user when you set the Fargate wait time (fargateTaskRetirementWaitPeriod).

Federated users assume the account setting of the root user and can't have explicit account settings set for them.

" + "documentation":"

The ARN of the principal, which can be a user, role, or the root user. If you specify the root user, it modifies the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

In order to use this parameter, you must be the root user, or the principal.

You must use the root user when you set the Fargate wait time (fargateTaskRetirementWaitPeriod).

Federated users assume the account setting of the root user and can't have explicit account settings set for them.

" } } }, @@ -4861,7 +5528,7 @@ }, "cpu":{ "shape":"String", - "documentation":"

The number of CPU units used by the task. It can be expressed as an integer using CPU units (for example, 1024) or as a string using vCPUs (for example, 1 vCPU or 1 vcpu) in a task definition. String values are converted to an integer indicating the CPU units when the task definition is registered.

Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.

If you're using the EC2 launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 10240 CPU units (10 vCPUs). If you do not specify a value, the parameter is ignored.

If you're using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the memory parameter:

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

  • 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)

  • 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)

  • 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)

  • 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)

  • 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)

  • 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

    This option requires Linux platform 1.4.0 or later.

  • 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

    This option requires Linux platform 1.4.0 or later.

" + "documentation":"

The number of CPU units used by the task. It can be expressed as an integer using CPU units (for example, 1024) or as a string using vCPUs (for example, 1 vCPU or 1 vcpu) in a task definition. String values are converted to an integer indicating the CPU units when the task definition is registered.

Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.

If you're using the EC2 launch type or external launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 196608 CPU units (192 vCPUs). If you do not specify a value, the parameter is ignored.

This field is required for Fargate. For information about the valid values, see Task size in the Amazon Elastic Container Service Developer Guide.

" }, "memory":{ "shape":"String", @@ -4873,7 +5540,7 @@ }, "pidMode":{ "shape":"PidMode", - "documentation":"

The process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the default is a private namespace for each container.

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

" + "documentation":"

The process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the The default is a private namespace for each container.

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

" }, "ipcMode":{ "shape":"IpcMode", @@ -4893,7 +5560,7 @@ }, "runtimePlatform":{ "shape":"RuntimePlatform", - "documentation":"

The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.

" + "documentation":"

The operating system that your tasks definitions run on.

" }, "enableFaultInjection":{ "shape":"BoxedBoolean", @@ -4929,6 +5596,16 @@ "type":"list", "member":{"shape":"Attribute"} }, + "ResolvedConfiguration":{ + "type":"structure", + "members":{ + "loadBalancers":{ + "shape":"ServiceRevisionLoadBalancers", + "documentation":"

The resolved load balancer configuration for the service revision. This includes information about which target groups serve traffic and which listener rules direct traffic to them.

" + } + }, + "documentation":"

The resolved configuration for a service revision, which contains the actual resources your service revision uses, such as which target groups serve traffic.

" + }, "Resource":{ "type":"structure", "members":{ @@ -4965,15 +5642,13 @@ }, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource is in-use and can't be removed.

", "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource wasn't found.

", "exception":true }, @@ -5023,7 +5698,7 @@ }, "serviceRevisionArn":{ "shape":"String", - "documentation":"

The ARN of the service revision deployed as part of the rollback.

When the type is GPU, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.

When the type is InferenceAccelerator, the value matches the deviceName for an InferenceAccelerator specified in a task definition.

" + "documentation":"

The ARN of the service revision deployed as part of the rollback.

" } }, "documentation":"

Information about the service deployment rollback.

" @@ -5034,11 +5709,11 @@ "members":{ "capacityProviderStrategy":{ "shape":"CapacityProviderStrategy", - "documentation":"

The capacity provider strategy to use for the task.

If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.

When you use cluster auto scaling, you must specify capacityProviderStrategy and not launchType.

A capacity provider strategy can contain a maximum of 20 capacity providers.

" + "documentation":"

The capacity provider strategy to use for the task.

If you want to use Amazon ECS Managed Instances, you must use the capacityProviderStrategy request parameter and omit the launchType request parameter.

If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.

When you use cluster auto scaling, you must specify capacityProviderStrategy and not launchType.

A capacity provider strategy can contain a maximum of 20 capacity providers.

" }, "cluster":{ "shape":"String", - "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster to run your task on. If you do not specify a cluster, the default cluster is assumed.

" + "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster to run your task on. If you do not specify a cluster, the default cluster is assumed.

Each account receives a default cluster the first time you use the service, but you may also create other clusters.

" }, "count":{ "shape":"BoxedInteger", @@ -5058,7 +5733,7 @@ }, "launchType":{ "shape":"LaunchType", - "documentation":"

The infrastructure to run your standalone task on. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

The FARGATE launch type runs your tasks on Fargate On-Demand infrastructure.

Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see Fargate capacity providers in the Amazon ECS Developer Guide.

The EC2 launch type runs your tasks on Amazon EC2 instances registered to your cluster.

The EXTERNAL launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.

A task can use either a launch type or a capacity provider strategy. If a launchType is specified, the capacityProviderStrategy parameter must be omitted.

When you use cluster auto scaling, you must specify capacityProviderStrategy and not launchType.

" + "documentation":"

The infrastructure to run your standalone task on. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

If you want to use Amazon ECS Managed Instances, you must use the capacityProviderStrategy request parameter and omit the launchType request parameter.

The FARGATE launch type runs your tasks on Fargate On-Demand infrastructure.

Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see Fargate capacity providers in the Amazon ECS Developer Guide.

The EC2 launch type runs your tasks on Amazon EC2 instances registered to your cluster.

The EXTERNAL launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.

A task can use either a launch type or a capacity provider strategy. If a launchType is specified, the capacityProviderStrategy parameter must be omitted.

When you use cluster auto scaling, you must specify capacityProviderStrategy and not launchType.

" }, "networkConfiguration":{ "shape":"NetworkConfiguration", @@ -5107,7 +5782,7 @@ }, "volumeConfigurations":{ "shape":"TaskVolumeConfigurations", - "documentation":"

The details of the volume that was configuredAtLaunch. You can configure the size, volumeType, IOPS, throughput, snapshot and encryption in in TaskManagedEBSVolumeConfiguration. The name of the volume must match the name from the task definition.

" + "documentation":"

The details of the volume that was configuredAtLaunch. You can configure the size, volumeType, IOPS, throughput, snapshot and encryption in TaskManagedEBSVolumeConfiguration. The name of the volume must match the name from the task definition.

" } } }, @@ -5129,7 +5804,7 @@ "members":{ "cpuArchitecture":{ "shape":"CPUArchitecture", - "documentation":"

The CPU architecture.

You can run your Linux tasks on an ARM-based platform by setting the value to ARM64. This option is available for tasks that run on Linux Amazon EC2 instance or Linux containers on Fargate.

" + "documentation":"

The CPU architecture.

You can run your Linux tasks on an ARM-based platform by setting the value to ARM64. This option is available for tasks that run on Linux Amazon EC2 instance, Amazon ECS Managed Instances, or Linux containers on Fargate.

" }, "operatingSystemFamily":{ "shape":"OSFamily", @@ -5305,7 +5980,7 @@ }, "healthCheckGracePeriodSeconds":{ "shape":"BoxedInteger", - "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started.

" + "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started.

If your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.

" }, "schedulingStrategy":{ "shape":"SchedulingStrategy", @@ -5337,11 +6012,34 @@ }, "availabilityZoneRebalancing":{ "shape":"AvailabilityZoneRebalancing", - "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide .

The default behavior of AvailabilityZoneRebalancing differs between create and update requests:

  • For create service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults the value to ENABLED.

  • For update service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults to the existing service’s AvailabilityZoneRebalancing value. If the service never had an AvailabilityZoneRebalancing value set, Amazon ECS treats this as DISABLED.

" } }, "documentation":"

Details on a service within a cluster.

" }, + "ServiceConnectAccessLogConfiguration":{ + "type":"structure", + "required":["format"], + "members":{ + "format":{ + "shape":"ServiceConnectAccessLoggingFormat", + "documentation":"

The format for Service Connect access log output. Choose TEXT for human-readable logs or JSON for structured data that integrates well with log analysis tools.

" + }, + "includeQueryParameters":{ + "shape":"ServiceConnectIncludeQueryParameters", + "documentation":"

Specifies whether to include query parameters in Service Connect access logs.

When enabled, query parameters from HTTP requests are included in the access logs. Consider security and privacy implications when enabling this feature, as query parameters may contain sensitive information such as request IDs and tokens. By default, this parameter is DISABLED.

" + } + }, + "documentation":"

Configuration for Service Connect access logging. Access logs provide detailed information about requests made to your service, including request patterns, response codes, and timing data for debugging and monitoring purposes.

To enable access logs, you must also specify a logConfiguration in the serviceConnectConfiguration.

" + }, + "ServiceConnectAccessLoggingFormat":{ + "type":"string", + "documentation":"

The format for Service Connect access log output. Choose TEXT for human-readable logs or JSON for structured data that integrates well with log analysis tools.

", + "enum":[ + "TEXT", + "JSON" + ] + }, "ServiceConnectClientAlias":{ "type":"structure", "required":["port"], @@ -5353,6 +6051,10 @@ "dnsName":{ "shape":"String", "documentation":"

The dnsName is the name that you use in the applications of client tasks to connect to this service. The name must be a valid DNS name but doesn't need to be fully-qualified. The name can include up to 127 characters. The name can include lowercase letters, numbers, underscores (_), hyphens (-), and periods (.). The name can't start with a hyphen.

If this parameter isn't specified, the default value of discoveryName.namespace is used. If the discoveryName isn't specified, the port mapping name from the task definition is used in portName.namespace.

To avoid changing your applications in client Amazon ECS services, set this to the same name that the client application uses by default. For example, a few common names are database, db, or the lowercase name of a database, such as mysql or redis. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

" + }, + "testTrafficRules":{ + "shape":"ServiceConnectTestTrafficRules", + "documentation":"

The configuration for test traffic routing rules used during blue/green deployments with Amazon ECS Service Connect. This allows you to route a portion of traffic to the new service revision of your service for testing before shifting all production traffic.

" } }, "documentation":"

Each alias (\"endpoint\") is a fully-qualified name and port number that other tasks (\"clients\") can use to connect to this service.

Each name and port mapping must be unique within the namespace.

Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

" @@ -5377,10 +6079,22 @@ "shape":"ServiceConnectServiceList", "documentation":"

The list of Service Connect service objects. These are names and aliases (also known as endpoints) that are used by other Amazon ECS services to connect to this service.

This field is not required for a \"client\" Amazon ECS service that's a member of a namespace only to connect to other services within the namespace. An example of this would be a frontend application that accepts incoming requests from either a load balancer that's attached to the service or by other means.

An object selects a port from the task definition, assigns a name for the Cloud Map service, and a list of aliases (endpoints) and ports for client applications to refer to this service.

" }, - "logConfiguration":{"shape":"LogConfiguration"} + "logConfiguration":{"shape":"LogConfiguration"}, + "accessLogConfiguration":{ + "shape":"ServiceConnectAccessLogConfiguration", + "documentation":"

The configuration for Service Connect access logging. Access logs capture detailed information about requests made to your service, including request patterns, response codes, and timing data. They can be useful for debugging connectivity issues, monitoring service performance, and auditing service-to-service communication for security and compliance purposes.

To enable access logs, you must also specify a logConfiguration in the serviceConnectConfiguration.

" + } }, "documentation":"

The Service Connect configuration of your Amazon ECS service. The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.

Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

" }, + "ServiceConnectIncludeQueryParameters":{ + "type":"string", + "documentation":"

Controls whether query parameters are included in Service Connect access logs. Consider security and privacy implications when enabling this feature. By default, this parameter is DISABLED.

", + "enum":[ + "DISABLED", + "ENABLED" + ] + }, "ServiceConnectService":{ "type":"structure", "required":["portName"], @@ -5425,7 +6139,7 @@ }, "discoveryArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) for the namespace in Cloud Map that matches the discovery name for this Service Connect resource. You can use this ARN in other integrations with Cloud Map. However, Service Connect can't ensure connectivity outside of Amazon ECS.

" + "documentation":"

The Amazon Resource Name (ARN) for the service in Cloud Map that matches the discovery name for this Service Connect resource. You can use this ARN in other integrations with Cloud Map. However, Service Connect can't ensure connectivity outside of Amazon ECS.

" } }, "documentation":"

The Service Connect resource. Each configuration maps a discovery name to a Cloud Map service name. The data is stored in Cloud Map as part of the Service Connect configuration for each discovery name of this Amazon ECS service.

A task can resolve the dnsName for each of the clientAliases of a service. However a task can't resolve the discovery names. If you want to connect to a service, refer to the ServiceConnectConfiguration of that service for the list of clientAliases that you can use.

" @@ -5434,6 +6148,43 @@ "type":"list", "member":{"shape":"ServiceConnectServiceResource"} }, + "ServiceConnectTestTrafficHeaderMatchRules":{ + "type":"structure", + "required":["exact"], + "members":{ + "exact":{ + "shape":"String", + "documentation":"

The exact value that the HTTP header must match for the test traffic routing rule to apply. This provides precise control over which requests are routed to the new service revision during blue/green deployments.

" + } + }, + "documentation":"

The header matching rules for test traffic routing in Amazon ECS blue/green deployments. These rules determine how incoming requests are matched based on HTTP headers to route test traffic to the new service revision.

" + }, + "ServiceConnectTestTrafficHeaderRules":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"String", + "documentation":"

The name of the HTTP header to examine for test traffic routing. Common examples include custom headers like X-Test-Version or X-Canary-Request that can be used to identify test traffic.

" + }, + "value":{ + "shape":"ServiceConnectTestTrafficHeaderMatchRules", + "documentation":"

The header value matching configuration that determines how the HTTP header value is evaluated for test traffic routing decisions.

" + } + }, + "documentation":"

The HTTP header rules used to identify and route test traffic during Amazon ECS blue/green deployments. These rules specify which HTTP headers to examine and what values to match for routing decisions.

For more information, see Service Connect for Amazon ECS blue/green deployments in the Amazon Elastic Container Service Developer Guide.

" + }, + "ServiceConnectTestTrafficRules":{ + "type":"structure", + "required":["header"], + "members":{ + "header":{ + "shape":"ServiceConnectTestTrafficHeaderRules", + "documentation":"

The HTTP header-based routing rules that determine which requests should be routed to the new service version during blue/green deployment testing. These rules provide fine-grained control over test traffic routing based on request headers.

" + } + }, + "documentation":"

The test traffic routing configuration for Amazon ECS blue/green deployments. This configuration allows you to define rules for routing specific traffic to the new service revision during the deployment process, allowing for safe testing before full production traffic shift.

For more information, see Service Connect for Amazon ECS blue/green deployments in the Amazon Elastic Container Service Developer Guide.

" + }, "ServiceConnectTlsCertificateAuthority":{ "type":"structure", "members":{ @@ -5514,6 +6265,10 @@ "shape":"String", "documentation":"

Information about why the service deployment is in the current status. For example, the circuit breaker detected a failure.

" }, + "lifecycleStage":{ + "shape":"ServiceDeploymentLifecycleStage", + "documentation":"

The current lifecycle stage of the deployment. Possible values include:

  • RECONCILE_SERVICE

    The reconciliation stage that only happens when you start a new service deployment with more than 1 service revision in an ACTIVE state.

  • PRE_SCALE_UP

    The green service revision has not started. The blue service revision is handling 100% of the production traffic. There is no test traffic.

  • SCALE_UP

    The stage when the green service revision scales up to 100% and launches new tasks. The green service revision is not serving any traffic at this point.

  • POST_SCALE_UP

    The green service revision has started. The blue service revision is handling 100% of the production traffic. There is no test traffic.

  • TEST_TRAFFIC_SHIFT

    The blue and green service revisions are running. The blue service revision handles 100% of the production traffic. The green service revision is migrating from 0% to 100% of test traffic.

  • POST_TEST_TRAFFIC_SHIFT

    The test traffic shift is complete. The green service revision handles 100% of the test traffic.

  • PRODUCTION_TRAFFIC_SHIFT

    Production traffic is shifting to the green service revision. The green service revision is migrating from 0% to 100% of production traffic.

  • POST_PRODUCTION_TRAFFIC_SHIFT

    The production traffic shift is complete.

  • BAKE_TIME

    The stage when both blue and green service revisions are running simultaneously after the production traffic has shifted.

  • CLEAN_UP

    The stage when the blue service revision has completely scaled down to 0 running tasks. The green service revision is now the production service revision after this stage.

" + }, "deploymentConfiguration":{"shape":"DeploymentConfiguration"}, "rollback":{ "shape":"Rollback", @@ -5608,6 +6363,27 @@ }, "documentation":"

Information about the circuit breaker used to determine when a service deployment has failed.

The deployment circuit breaker is the rolling update mechanism that determines if the tasks reach a steady state. The deployment circuit breaker has an option that will automatically roll back a failed deployment to the last cpompleted service revision. For more information, see How the Amazon ECS deployment circuit breaker detects failures in the Amazon ECS Developer Guide.

" }, + "ServiceDeploymentLifecycleStage":{ + "type":"string", + "enum":[ + "RECONCILE_SERVICE", + "PRE_SCALE_UP", + "SCALE_UP", + "POST_SCALE_UP", + "TEST_TRAFFIC_SHIFT", + "POST_TEST_TRAFFIC_SHIFT", + "PRODUCTION_TRAFFIC_SHIFT", + "POST_PRODUCTION_TRAFFIC_SHIFT", + "BAKE_TIME", + "CLEAN_UP" + ] + }, + "ServiceDeploymentNotFoundException":{ + "type":"structure", + "members":{}, + "documentation":"

The service deploy ARN that you specified in the StopServiceDeployment doesn't exist. You can use ListServiceDeployments to retrieve the service deployment ARNs.

", + "exception":true + }, "ServiceDeploymentRollbackMonitorsStatus":{ "type":"string", "enum":[ @@ -5625,6 +6401,7 @@ "STOPPED", "STOP_REQUESTED", "IN_PROGRESS", + "ROLLBACK_REQUESTED", "ROLLBACK_IN_PROGRESS", "ROLLBACK_SUCCESSFUL", "ROLLBACK_FAILED" @@ -5678,11 +6455,11 @@ "members":{ "encrypted":{ "shape":"BoxedBoolean", - "documentation":"

Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the Encrypted parameter of the CreateVolume API in the Amazon EC2 API Reference.

" + "documentation":"

Indicates whether the volume should be encrypted. If you turn on Region-level Amazon EBS encryption by default but set this value as false, the setting is overridden and the volume is encrypted with the KMS key specified for Amazon EBS encryption by default. This parameter maps 1:1 with the Encrypted parameter of the CreateVolume API in the Amazon EC2 API Reference.

" }, "kmsKeyId":{ "shape":"EBSKMSKeyId", - "documentation":"

The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no Amazon Web Services Key Management Service key is specified, the default Amazon Web Services managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the KmsKeyId parameter of the CreateVolume API in the Amazon EC2 API Reference.

Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.

" + "documentation":"

The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When a key is specified using this parameter, it overrides Amazon EBS default encryption or any KMS key that you specified for cluster-level managed storage encryption. This parameter maps 1:1 with the KmsKeyId parameter of the CreateVolume API in the Amazon EC2 API Reference. For more information about encrypting Amazon EBS volumes attached to tasks, see Encrypt data stored in Amazon EBS volumes attached to Amazon ECS tasks.

Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.

" }, "volumeType":{ "shape":"EBSVolumeType", @@ -5694,7 +6471,11 @@ }, "snapshotId":{ "shape":"EBSSnapshotId", - "documentation":"

The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the SnapshotId parameter of the CreateVolume API in the Amazon EC2 API Reference.

" + "documentation":"

The snapshot that Amazon ECS uses to create volumes for attachment to tasks maintained by the service. You must specify either snapshotId or sizeInGiB in your volume configuration. This parameter maps 1:1 with the SnapshotId parameter of the CreateVolume API in the Amazon EC2 API Reference.

" + }, + "volumeInitializationRate":{ + "shape":"BoxedInteger", + "documentation":"

The rate, in MiB/s, at which data is fetched from a snapshot of an existing EBS volume to create new volumes for attachment to the tasks maintained by the service. This property can be specified only if you specify a snapshotId. For more information, see Initialize Amazon EBS volumes in the Amazon EBS User Guide.

" }, "iops":{ "shape":"BoxedInteger", @@ -5714,22 +6495,20 @@ }, "filesystemType":{ "shape":"TaskFilesystemType", - "documentation":"

The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.

The available Linux filesystem types are
 ext3, ext4, and xfs. If no value is specified, the xfs filesystem type is used by default.

The available Windows filesystem types are NTFS.

" + "documentation":"

The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the tasks will fail to start.

The available Linux filesystem types are
 ext3, ext4, and xfs. If no value is specified, the xfs filesystem type is used by default.

The available Windows filesystem types are NTFS.

" } }, "documentation":"

The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. These settings are used to create each Amazon EBS volume, with one volume created for each task in the service. For information about the supported launch types and operating systems, see Supported operating systems and launch types in the Amazon Elastic Container Service Developer Guide.

Many of these parameters map 1:1 with the Amazon EBS CreateVolume API request parameters.

" }, "ServiceNotActiveException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified service isn't active. You can't update a service that's inactive. If you have previously deleted a service, you can re-create it with CreateService.

", "exception":true }, "ServiceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified service wasn't found. You can view your available services with ListServices. Amazon ECS services are cluster specific and Region specific.

", "exception":true }, @@ -5824,10 +6603,32 @@ "vpcLatticeConfigurations":{ "shape":"VpcLatticeConfigurations", "documentation":"

The VPC Lattice configuration for the service revision.

" + }, + "resolvedConfiguration":{ + "shape":"ResolvedConfiguration", + "documentation":"

The resolved configuration for the service revision which contains the actual resources your service revision uses, such as which target groups serve traffic.

" } }, "documentation":"

Information about the service revision.

A service revision contains a record of the workload configuration Amazon ECS is attempting to deploy. Whenever you create or deploy a service, Amazon ECS automatically creates and captures the configuration that you're trying to deploy in the service revision. For information about service revisions, see Amazon ECS service revisions in the Amazon Elastic Container Service Developer Guide .

" }, + "ServiceRevisionLoadBalancer":{ + "type":"structure", + "members":{ + "targetGroupArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the target group associated with the service revision.

" + }, + "productionListenerRule":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the production listener rule or listener that directs traffic to the target group associated with the service revision.

" + } + }, + "documentation":"

The resolved load balancer configuration for a service revision. This includes information about which target groups serve traffic and which listener rules direct traffic to them.

" + }, + "ServiceRevisionLoadBalancers":{ + "type":"list", + "member":{"shape":"ServiceRevisionLoadBalancer"} + }, "ServiceRevisionSummary":{ "type":"structure", "members":{ @@ -5846,6 +6647,16 @@ "pendingTaskCount":{ "shape":"Integer", "documentation":"

The number of pending tasks for the service revision.

" + }, + "requestedTestTrafficWeight":{ + "shape":"Double", + "documentation":"

The percentage of test traffic that is directed to this service revision. This value represents a snapshot of the traffic distribution and may not reflect real-time changes during active deployments. Valid values are 0.0 to 100.0.

", + "box":true + }, + "requestedProductionTrafficWeight":{ + "shape":"Double", + "documentation":"

The percentage of production traffic that is directed to this service revision. This value represents a snapshot of the traffic distribution and may not reflect real-time changes during active deployments. Valid values are 0.0 to 100.0.

", + "box":true } }, "documentation":"

The information about the number of requested, pending, and running tasks for a service revision.

" @@ -5932,7 +6743,8 @@ "fargateFIPSMode", "tagResourceAuthorization", "fargateTaskRetirementWaitPeriod", - "guardDutyActivate" + "guardDutyActivate", + "defaultLogDriverMode" ] }, "SettingType":{ @@ -6038,6 +6850,36 @@ "type":"list", "member":{"shape":"KeyValuePair"} }, + "StopServiceDeploymentRequest":{ + "type":"structure", + "required":["serviceDeploymentArn"], + "members":{ + "serviceDeploymentArn":{ + "shape":"String", + "documentation":"

The ARN of the service deployment that you want to stop.

" + }, + "stopType":{ + "shape":"StopServiceDeploymentStopType", + "documentation":"

How you want Amazon ECS to stop the service.

The valid values are ROLLBACK.

" + } + } + }, + "StopServiceDeploymentResponse":{ + "type":"structure", + "members":{ + "serviceDeploymentArn":{ + "shape":"String", + "documentation":"

The ARN of the stopped service deployment.

" + } + } + }, + "StopServiceDeploymentStopType":{ + "type":"string", + "enum":[ + "ABORT", + "ROLLBACK" + ] + }, "StopTaskRequest":{ "type":"structure", "required":["task"], @@ -6048,7 +6890,7 @@ }, "task":{ "shape":"String", - "documentation":"

The task ID of the task to stop.

" + "documentation":"

Thefull Amazon Resource Name (ARN) of the task.

" }, "reason":{ "shape":"String", @@ -6207,7 +7049,7 @@ }, "value":{ "shape":"String", - "documentation":"

The namespaced kernel parameter to set a value for.

Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\" | \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" | \"kernel.shmmni\" | \"kernel.shm_rmid_forced\", and Sysctls that start with \"fs.mqueue.*\"

Valid network namespace values: Sysctls that start with \"net.*\"

All of these values are supported by Fargate.

" + "documentation":"

The namespaced kernel parameter to set a value for.

Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\" | \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" | \"kernel.shmmni\" | \"kernel.shm_rmid_forced\", and Sysctls that start with \"fs.mqueue.*\"

Valid network namespace values: Sysctls that start with \"net.*\". Only namespaced Sysctls that exist within the container starting with \"net.* are accepted.

All of these values are supported by Fargate.

" } }, "documentation":"

A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

  • For tasks that use the awsvpc network mode including Fargate, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that's started last determines which systemControls take effect.

  • For tasks that use the host network mode, the network namespace systemControls aren't supported.

If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

  • For tasks that use the host IPC mode, IPC namespace systemControls aren't supported.

  • For tasks that use the task IPC mode, IPC namespace systemControls values apply to all containers within a task.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

" @@ -6249,7 +7091,7 @@ "members":{ "resourceArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the resource to add tags to. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.

" + "documentation":"

The Amazon Resource Name (ARN) of the resource to add tags to. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.

In order to tag a service that has the following ARN format, you need to migrate the service to the long ARN. For more information, see Migrate an Amazon ECS short service ARN to a long ARN in the Amazon Elastic Container Service Developer Guide.

arn:aws:ecs:region:aws_account_id:service/service-name

After the migration is complete, the service has the long ARN format, as shown below. Use this ARN to tag the service.

arn:aws:ecs:region:aws_account_id:service/cluster-name/service-name

If you try to tag a service with a short ARN, you receive an InvalidParameterException error.

" }, "tags":{ "shape":"Tags", @@ -6259,8 +7101,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -6276,15 +7117,13 @@ }, "TargetNotConnectedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The execute command cannot run. This error can be caused by any of the following configuration issues:

  • Incorrect IAM permissions

  • The SSM agent is not installed or is not running

  • There is an interface Amazon VPC endpoint for Amazon ECS, but there is not one for Systems Manager Session Manager

For information about how to troubleshoot the issues, see Troubleshooting issues with ECS Exec in the Amazon Elastic Container Service Developer Guide.

", "exception":true }, "TargetNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified target wasn't found. You can view your available container instances with ListContainerInstances. Amazon ECS container instances are cluster-specific and Region-specific.

", "exception":true }, @@ -6333,7 +7172,7 @@ }, "cpu":{ "shape":"String", - "documentation":"

The number of CPU units used by the task as expressed in a task definition. It can be expressed as an integer using CPU units (for example, 1024). It can also be expressed as a string using vCPUs (for example, 1 vCPU or 1 vcpu). String values are converted to an integer that indicates the CPU units when the task definition is registered.

If you use the EC2 launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 10240 CPU units (10 vCPUs).

If you use the Fargate launch type, this field is required. You must use one of the following values. These values determine the range of supported values for the memory parameter:

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

  • 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)

  • 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)

  • 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)

  • 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)

  • 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)

  • 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

    This option requires Linux platform 1.4.0 or later.

  • 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

    This option requires Linux platform 1.4.0 or later.

" + "documentation":"

The number of CPU units used by the task as expressed in a task definition. It can be expressed as an integer using CPU units (for example, 1024). It can also be expressed as a string using vCPUs (for example, 1 vCPU or 1 vcpu). String values are converted to an integer that indicates the CPU units when the task definition is registered.

If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 196608 CPU units (192 vCPUs). If you do not specify a value, the parameter is ignored.

This field is required for Fargate. For information about the valid values, see Task size in the Amazon Elastic Container Service Developer Guide.

" }, "createdAt":{ "shape":"Timestamp", @@ -6503,11 +7342,11 @@ }, "requiresCompatibilities":{ "shape":"CompatibilityList", - "documentation":"

The task launch types the task definition was validated against. The valid values are EC2, FARGATE, and EXTERNAL. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

The task launch types the task definition was validated against. The valid values are MANAGED_INSTANCES, EC2, FARGATE, and EXTERNAL. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

" }, "cpu":{ "shape":"String", - "documentation":"

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

If you use the EC2 launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 10240 CPU units (10 vCPUs).

The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.

  • 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)

  • 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)

  • 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)

  • 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)

  • 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)

  • 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments

    This option requires Linux platform 1.4.0 or later.

  • 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments

    This option requires Linux platform 1.4.0 or later.

" + "documentation":"

The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.

If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between 128 CPU units (0.125 vCPUs) and 196608 CPU units (192 vCPUs).

This field is required for Fargate. For information about the valid values, see Task size in the Amazon Elastic Container Service Developer Guide.

" }, "memory":{ "shape":"String", @@ -6519,7 +7358,7 @@ }, "pidMode":{ "shape":"PidMode", - "documentation":"

The process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the default is a private namespace for each container.

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

" + "documentation":"

The process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.

If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.

If task is specified, all containers within the specified task share the same process namespace.

If no value is specified, the The default is a private namespace for each container.

If the host PID mode is used, there's a heightened risk of undesired process namespace exposure.

This parameter is not supported for Windows containers.

This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

" }, "ipcMode":{ "shape":"IpcMode", @@ -6639,11 +7478,11 @@ "members":{ "encrypted":{ "shape":"BoxedBoolean", - "documentation":"

Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the Encrypted parameter of the CreateVolume API in the Amazon EC2 API Reference.

" + "documentation":"

Indicates whether the volume should be encrypted. If you turn on Region-level Amazon EBS encryption by default but set this value as false, the setting is overridden and the volume is encrypted with the KMS key specified for Amazon EBS encryption by default. This parameter maps 1:1 with the Encrypted parameter of the CreateVolume API in the Amazon EC2 API Reference.

" }, "kmsKeyId":{ "shape":"EBSKMSKeyId", - "documentation":"

The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no Amazon Web Services Key Management Service key is specified, the default Amazon Web Services managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the KmsKeyId parameter of the CreateVolume API in the Amazon EC2 API Reference.

Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.

" + "documentation":"

The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When a key is specified using this parameter, it overrides Amazon EBS default encryption or any KMS key that you specified for cluster-level managed storage encryption. This parameter maps 1:1 with the KmsKeyId parameter of the CreateVolume API in the Amazon EC2 API Reference. For more information about encrypting Amazon EBS volumes attached to a task, see Encrypt data stored in Amazon EBS volumes attached to Amazon ECS tasks.

Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.

" }, "volumeType":{ "shape":"EBSVolumeType", @@ -6657,6 +7496,10 @@ "shape":"EBSSnapshotId", "documentation":"

The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the SnapshotId parameter of the CreateVolume API in the Amazon EC2 API Reference.

" }, + "volumeInitializationRate":{ + "shape":"BoxedInteger", + "documentation":"

The rate, in MiB/s, at which data is fetched from a snapshot of an existing Amazon EBS volume to create a new volume for attachment to the task. This property can be specified only if you specify a snapshotId. For more information, see Initialize Amazon EBS volumes in the Amazon EBS User Guide.

" + }, "iops":{ "shape":"BoxedInteger", "documentation":"

The number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

The following are the supported values for each volume type.

  • gp3: 3,000 - 16,000 IOPS

  • io1: 100 - 64,000 IOPS

  • io2: 100 - 256,000 IOPS

This parameter is required for io1 and io2 volume types. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for st1, sc1, or standard volume types.

This parameter maps 1:1 with the Iops parameter of the CreateVolume API in the Amazon EC2 API Reference.

" @@ -6845,8 +7688,7 @@ }, "TaskSetNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified task set wasn't found. You can view your available task sets with DescribeTaskSets. Task sets are specific to each cluster, service and Region.

", "exception":true }, @@ -6884,6 +7726,10 @@ "type":"list", "member":{"shape":"TaskVolumeConfiguration"} }, + "TaskVolumeStorageGiB":{ + "type":"integer", + "min":1 + }, "Tasks":{ "type":"list", "member":{"shape":"Task"} @@ -6929,6 +7775,20 @@ "type":"list", "member":{"shape":"Tmpfs"} }, + "TotalLocalStorageGBRequest":{ + "type":"structure", + "members":{ + "min":{ + "shape":"BoxedDouble", + "documentation":"

The minimum total local storage in GB. Instance types with less local storage are excluded from selection.

" + }, + "max":{ + "shape":"BoxedDouble", + "documentation":"

The maximum total local storage in GB. Instance types with more local storage are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum total local storage in gigabytes (GB) for instance types with local storage. This is useful for workloads that require local storage for temporary data or caching.

" + }, "TransportProtocol":{ "type":"string", "enum":[ @@ -6985,8 +7845,7 @@ }, "UnsupportedFeatureException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified task isn't supported in this Region.

", "exception":true }, @@ -7009,23 +7868,27 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCapacityProviderRequest":{ "type":"structure", - "required":[ - "name", - "autoScalingGroupProvider" - ], + "required":["name"], "members":{ "name":{ "shape":"String", "documentation":"

The name of the capacity provider to update.

" }, + "cluster":{ + "shape":"String", + "documentation":"

The name of the cluster that contains the capacity provider to update. Managed instances capacity providers are cluster-scoped and can only be updated within their associated cluster.

" + }, "autoScalingGroupProvider":{ "shape":"AutoScalingGroupProviderUpdate", "documentation":"

An object that represent the parameters to update for the Auto Scaling group capacity provider.

" + }, + "managedInstancesProvider":{ + "shape":"UpdateManagedInstancesProviderConfiguration", + "documentation":"

The updated configuration for the Amazon ECS Managed Instances provider. You can modify the infrastructure role, instance launch template, and tag propagation settings. Changes take effect for new instances launched after the update.

" } } }, @@ -7154,11 +8017,32 @@ }, "UpdateInProgressException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There's already a current Amazon ECS container agent update in progress on the container instance that's specified. If the container agent becomes disconnected while it's in a transitional stage, such as PENDING or STAGING, the update process can get stuck in that state. However, when the agent reconnects, it resumes where it stopped previously.

", "exception":true }, + "UpdateManagedInstancesProviderConfiguration":{ + "type":"structure", + "required":[ + "infrastructureRoleArn", + "instanceLaunchTemplate" + ], + "members":{ + "infrastructureRoleArn":{ + "shape":"String", + "documentation":"

The updated Amazon Resource Name (ARN) of the infrastructure role. The new role must have the necessary permissions to manage instances and access required Amazon Web Services services.

For more information, see Amazon ECS infrastructure IAM role in the Amazon ECS Developer Guide.

" + }, + "instanceLaunchTemplate":{ + "shape":"InstanceLaunchTemplateUpdate", + "documentation":"

The updated launch template configuration. Changes to the launch template affect new instances launched after the update, while existing instances continue to use their original configuration.

" + }, + "propagateTags":{ + "shape":"PropagateMITags", + "documentation":"

The updated tag propagation setting. When changed, this affects only new instances launched after the update.

" + } + }, + "documentation":"

The updated configuration for a Amazon ECS Managed Instances provider. You can modify the infrastructure role, instance launch template, and tag propagation settings. Changes apply to new instances launched after the update.

" + }, "UpdateServicePrimaryTaskSetRequest":{ "type":"structure", "required":[ @@ -7196,7 +8080,7 @@ "members":{ "cluster":{ "shape":"String", - "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster that your service runs on. If you do not specify a cluster, the default cluster is assumed.

" + "documentation":"

The short name or full Amazon Resource Name (ARN) of the cluster that your service runs on. If you do not specify a cluster, the default cluster is assumed.

You can't change the cluster name.

" }, "service":{ "shape":"String", @@ -7204,39 +8088,39 @@ }, "desiredCount":{ "shape":"BoxedInteger", - "documentation":"

The number of instantiations of the task to place and keep running in your service.

" + "documentation":"

The number of instantiations of the task to place and keep running in your service.

This parameter doesn't trigger a new service deployment.

" }, "taskDefinition":{ "shape":"String", - "documentation":"

The family and revision (family:revision) or full ARN of the task definition to run in your service. If a revision is not specified, the latest ACTIVE revision is used. If you modify the task definition with UpdateService, Amazon ECS spawns a task with the new version of the task definition and then stops an old task after the new version is running.

" + "documentation":"

The family and revision (family:revision) or full ARN of the task definition to run in your service. If a revision is not specified, the latest ACTIVE revision is used. If you modify the task definition with UpdateService, Amazon ECS spawns a task with the new version of the task definition and then stops an old task after the new version is running.

This parameter triggers a new service deployment.

" }, "capacityProviderStrategy":{ "shape":"CapacityProviderStrategy", - "documentation":"

The capacity provider strategy to update the service to use.

if the service uses the default capacity provider strategy for the cluster, the service can be updated to use one or more capacity providers as opposed to the default capacity provider strategy. However, when a service is using a capacity provider strategy that's not the default capacity provider strategy, the service can't be updated to use the cluster's default capacity provider strategy.

A capacity provider strategy consists of one or more capacity providers along with the base and weight to assign to them. A capacity provider must be associated with the cluster to be used in a capacity provider strategy. The PutClusterCapacityProviders API is used to associate a capacity provider with a cluster. Only capacity providers with an ACTIVE or UPDATING status can be used.

If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New capacity providers can be created with the CreateClusterCapacityProvider API operation.

To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.

The PutClusterCapacityProvidersAPI operation is used to update the list of available capacity providers for a cluster after the cluster is created.

" + "documentation":"

The details of a capacity provider strategy. You can set a capacity provider when you create a cluster, run a task, or update a service.

If you want to use Amazon ECS Managed Instances, you must use the capacityProviderStrategy request parameter.

When you use Fargate, the capacity providers are FARGATE or FARGATE_SPOT.

When you use Amazon EC2, the capacity providers are Auto Scaling groups.

You can change capacity providers for rolling deployments and blue/green deployments.

The following list provides the valid transitions:

  • Update the Fargate launch type to an Auto Scaling group capacity provider.

  • Update the Amazon EC2 launch type to a Fargate capacity provider.

  • Update the Fargate capacity provider to an Auto Scaling group capacity provider.

  • Update the Amazon EC2 capacity provider to a Fargate capacity provider.

  • Update the Auto Scaling group or Fargate capacity provider back to the launch type.

    Pass an empty list in the capacityProviderStrategy parameter.

For information about Amazon Web Services CDK considerations, see Amazon Web Services CDK considerations.

This parameter doesn't trigger a new service deployment.

" }, "deploymentConfiguration":{ "shape":"DeploymentConfiguration", - "documentation":"

Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.

" + "documentation":"

Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.

This parameter doesn't trigger a new service deployment.

" }, "availabilityZoneRebalancing":{ "shape":"AvailabilityZoneRebalancing", - "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

Indicates whether to use Availability Zone rebalancing for the service.

For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide .

The default behavior of AvailabilityZoneRebalancing differs between create and update requests:

  • For create service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults the value to ENABLED.

  • For update service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults to the existing service’s AvailabilityZoneRebalancing value. If the service never had an AvailabilityZoneRebalancing value set, Amazon ECS treats this as DISABLED.

This parameter doesn't trigger a new service deployment.

" }, "networkConfiguration":{ "shape":"NetworkConfiguration", - "documentation":"

An object representing the network configuration for the service.

" + "documentation":"

An object representing the network configuration for the service.

This parameter triggers a new service deployment.

" }, "placementConstraints":{ "shape":"PlacementConstraints", - "documentation":"

An array of task placement constraint objects to update the service to use. If no value is specified, the existing placement constraints for the service will remain unchanged. If this value is specified, it will override any existing placement constraints defined for the service. To remove all existing placement constraints, specify an empty array.

You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.

" + "documentation":"

An array of task placement constraint objects to update the service to use. If no value is specified, the existing placement constraints for the service will remain unchanged. If this value is specified, it will override any existing placement constraints defined for the service. To remove all existing placement constraints, specify an empty array.

You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.

This parameter doesn't trigger a new service deployment.

" }, "placementStrategy":{ "shape":"PlacementStrategies", - "documentation":"

The task placement strategy objects to update the service to use. If no value is specified, the existing placement strategy for the service will remain unchanged. If this value is specified, it will override the existing placement strategy defined for the service. To remove an existing placement strategy, specify an empty object.

You can specify a maximum of five strategy rules for each service.

" + "documentation":"

The task placement strategy objects to update the service to use. If no value is specified, the existing placement strategy for the service will remain unchanged. If this value is specified, it will override the existing placement strategy defined for the service. To remove an existing placement strategy, specify an empty object.

You can specify a maximum of five strategy rules for each service.

This parameter doesn't trigger a new service deployment.

" }, "platformVersion":{ "shape":"String", - "documentation":"

The platform version that your tasks in the service run on. A platform version is only specified for tasks using the Fargate launch type. If a platform version is not specified, the LATEST platform version is used. For more information, see Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

The platform version that your tasks in the service run on. A platform version is only specified for tasks using the Fargate launch type. If a platform version is not specified, the LATEST platform version is used. For more information, see Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.

This parameter triggers a new service deployment.

" }, "forceNewDeployment":{ "shape":"Boolean", @@ -7244,39 +8128,40 @@ }, "healthCheckGracePeriodSeconds":{ "shape":"BoxedInteger", - "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of 0 is used. If you don't use any of the health checks, then healthCheckGracePeriodSeconds is unused.

If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.

" + "documentation":"

The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of 0 is used. If you don't use any of the health checks, then healthCheckGracePeriodSeconds is unused.

If your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.

If your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.

This parameter doesn't trigger a new service deployment.

" }, + "deploymentController":{"shape":"DeploymentController"}, "enableExecuteCommand":{ "shape":"BoxedBoolean", - "documentation":"

If true, this enables execute command functionality on all task containers.

If you do not want to override the value that was set when the service was created, you can set this to null when performing this action.

" + "documentation":"

If true, this enables execute command functionality on all task containers.

If you do not want to override the value that was set when the service was created, you can set this to null when performing this action.

This parameter doesn't trigger a new service deployment.

" }, "enableECSManagedTags":{ "shape":"BoxedBoolean", - "documentation":"

Determines whether to turn on Amazon ECS managed tags for the tasks in the service. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.

Only tasks launched after the update will reflect the update. To update the tags on all tasks, set forceNewDeployment to true, so that Amazon ECS starts new tasks with the updated tags.

" + "documentation":"

Determines whether to turn on Amazon ECS managed tags for the tasks in the service. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.

Only tasks launched after the update will reflect the update. To update the tags on all tasks, set forceNewDeployment to true, so that Amazon ECS starts new tasks with the updated tags.

This parameter doesn't trigger a new service deployment.

" }, "loadBalancers":{ "shape":"LoadBalancers", - "documentation":"

A list of Elastic Load Balancing load balancer objects. It contains the load balancer name, the container name, and the container port to access from the load balancer. The container name is as it appears in a container definition.

When you add, update, or remove a load balancer configuration, Amazon ECS starts new tasks with the updated Elastic Load Balancing configuration, and then stops the old tasks when the new tasks are running.

For services that use rolling updates, you can add, update, or remove Elastic Load Balancing target groups. You can update from a single target group to multiple target groups and from multiple target groups to a single target group.

For services that use blue/green deployments, you can update Elastic Load Balancing target groups by using CreateDeployment through CodeDeploy. Note that multiple target groups are not supported for blue/green deployments. For more information see Register multiple target groups with a service in the Amazon Elastic Container Service Developer Guide.

For services that use the external deployment controller, you can add, update, or remove load balancers by using CreateTaskSet. Note that multiple target groups are not supported for external deployments. For more information see Register multiple target groups with a service in the Amazon Elastic Container Service Developer Guide.

You can remove existing loadBalancers by passing an empty list.

" + "documentation":"

You must have a service-linked role when you update this property

A list of Elastic Load Balancing load balancer objects. It contains the load balancer name, the container name, and the container port to access from the load balancer. The container name is as it appears in a container definition.

When you add, update, or remove a load balancer configuration, Amazon ECS starts new tasks with the updated Elastic Load Balancing configuration, and then stops the old tasks when the new tasks are running.

For services that use rolling updates, you can add, update, or remove Elastic Load Balancing target groups. You can update from a single target group to multiple target groups and from multiple target groups to a single target group.

For services that use blue/green deployments, you can update Elastic Load Balancing target groups by using CreateDeployment through CodeDeploy. Note that multiple target groups are not supported for blue/green deployments. For more information see Register multiple target groups with a service in the Amazon Elastic Container Service Developer Guide.

For services that use the external deployment controller, you can add, update, or remove load balancers by using CreateTaskSet. Note that multiple target groups are not supported for external deployments. For more information see Register multiple target groups with a service in the Amazon Elastic Container Service Developer Guide.

You can remove existing loadBalancers by passing an empty list.

This parameter triggers a new service deployment.

" }, "propagateTags":{ "shape":"PropagateTags", - "documentation":"

Determines whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.

Only tasks launched after the update will reflect the update. To update the tags on all tasks, set forceNewDeployment to true, so that Amazon ECS starts new tasks with the updated tags.

" + "documentation":"

Determines whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.

Only tasks launched after the update will reflect the update. To update the tags on all tasks, set forceNewDeployment to true, so that Amazon ECS starts new tasks with the updated tags.

This parameter doesn't trigger a new service deployment.

" }, "serviceRegistries":{ "shape":"ServiceRegistries", - "documentation":"

The details for the service discovery registries to assign to this service. For more information, see Service Discovery.

When you add, update, or remove the service registries configuration, Amazon ECS starts new tasks with the updated service registries configuration, and then stops the old tasks when the new tasks are running.

You can remove existing serviceRegistries by passing an empty list.

" + "documentation":"

You must have a service-linked role when you update this property.

For more information about the role see the CreateService request parameter role .

The details for the service discovery registries to assign to this service. For more information, see Service Discovery.

When you add, update, or remove the service registries configuration, Amazon ECS starts new tasks with the updated service registries configuration, and then stops the old tasks when the new tasks are running.

You can remove existing serviceRegistries by passing an empty list.

This parameter triggers a new service deployment.

" }, "serviceConnectConfiguration":{ "shape":"ServiceConnectConfiguration", - "documentation":"

The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.

Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

" + "documentation":"

The configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.

Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.

This parameter triggers a new service deployment.

" }, "volumeConfigurations":{ "shape":"ServiceVolumeConfigurations", - "documentation":"

The details of the volume that was configuredAtLaunch. You can configure the size, volumeType, IOPS, throughput, snapshot and encryption in ServiceManagedEBSVolumeConfiguration. The name of the volume must match the name from the task definition. If set to null, no new deployment is triggered. Otherwise, if this configuration differs from the existing one, it triggers a new deployment.

" + "documentation":"

The details of the volume that was configuredAtLaunch. You can configure the size, volumeType, IOPS, throughput, snapshot and encryption in ServiceManagedEBSVolumeConfiguration. The name of the volume must match the name from the task definition. If set to null, no new deployment is triggered. Otherwise, if this configuration differs from the existing one, it triggers a new deployment.

This parameter triggers a new service deployment.

" }, "vpcLatticeConfigurations":{ "shape":"VpcLatticeConfigurations", - "documentation":"

An object representing the VPC Lattice configuration for the service being updated.

" + "documentation":"

An object representing the VPC Lattice configuration for the service being updated.

This parameter triggers a new service deployment.

" } } }, @@ -7364,6 +8249,21 @@ } } }, + "VCpuCountRangeRequest":{ + "type":"structure", + "required":["min"], + "members":{ + "min":{ + "shape":"BoxedInteger", + "documentation":"

The minimum number of vCPUs. Instance types with fewer vCPUs than this value are excluded from selection.

" + }, + "max":{ + "shape":"BoxedInteger", + "documentation":"

The maximum number of vCPUs. Instance types with more vCPUs than this value are excluded from selection.

" + } + }, + "documentation":"

The minimum and maximum number of vCPUs for instance type selection. This allows you to specify a range of vCPU counts that meet your workload requirements.

" + }, "VersionConsistency":{ "type":"string", "enum":[ @@ -7380,7 +8280,7 @@ }, "agentHash":{ "shape":"String", - "documentation":"

The Git commit hash for the Amazon ECS container agent build on the amazon-ecs-agent GitHub repository.

" + "documentation":"

The Git commit hash for the Amazon ECS container agent build on the amazon-ecs-agent GitHub repository.

" }, "dockerVersion":{ "shape":"String", diff -pruN 2.23.6-1/awscli/botocore/data/efs/2015-02-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/efs/2015-02-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/efs/2015-02-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/efs/2015-02-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,258 +57,546 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://efs.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], - "rules": [ + "endpoint": { + "url": "https://efs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [], - "endpoint": { - "url": "https://elasticfilesystem-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://efs.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://efs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { "fn": "booleanEquals", "argv": [ { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://efs.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://efs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticfilesystem-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://elasticfilesystem-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticfilesystem-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticfilesystem.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://elasticfilesystem.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://elasticfilesystem.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://elasticfilesystem.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/efs/2015-02-01/service-2.json 2.31.35-1/awscli/botocore/data/efs/2015-02-01/service-2.json --- 2.23.6-1/awscli/botocore/data/efs/2015-02-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/efs/2015-02-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -31,7 +31,7 @@ {"shape":"AccessPointLimitExceeded"}, {"shape":"ThrottlingException"} ], - "documentation":"

Creates an EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in the application's own directory and any subdirectories. To learn more, see Mounting a file system using EFS access points.

If multiple requests to create access points on the same file system are sent in quick succession, and the file system is near the limit of 1,000 access points, you may experience a throttling response for these requests. This is to ensure that the file system does not exceed the stated access point limit.

This operation requires permissions for the elasticfilesystem:CreateAccessPoint action.

Access points can be tagged on creation. If tags are specified in the creation action, IAM performs additional authorization on the elasticfilesystem:TagResource action to verify if users have permissions to create tags. Therefore, you must grant explicit permissions to use the elasticfilesystem:TagResource action. For more information, see Granting permissions to tag resources during creation.

" + "documentation":"

Creates an EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in the application's own directory and any subdirectories. A file system can have a maximum of 10,000 access points unless you request an increase. To learn more, see Mounting a file system using EFS access points.

If multiple requests to create access points on the same file system are sent in quick succession, and the file system is near the limit of access points, you may experience a throttling response for these requests. This is to ensure that the file system does not exceed the stated access point limit.

This operation requires permissions for the elasticfilesystem:CreateAccessPoint action.

Access points can be tagged on creation. If tags are specified in the creation action, IAM performs additional authorization on the elasticfilesystem:TagResource action to verify if users have permissions to create tags. Therefore, you must grant explicit permissions to use the elasticfilesystem:TagResource action. For more information, see Granting permissions to tag resources during creation.

" }, "CreateFileSystem":{ "name":"CreateFileSystem", @@ -77,7 +77,7 @@ {"shape":"UnsupportedAvailabilityZone"}, {"shape":"AvailabilityZonesMismatch"} ], - "documentation":"

Creates a mount target for a file system. You can then mount the file system on EC2 instances by using the mount target.

You can create one mount target in each Availability Zone in your VPC. All EC2 instances in a VPC within a given Availability Zone share a single mount target for a given file system. If you have multiple subnets in an Availability Zone, you create a mount target in one of the subnets. EC2 instances do not need to be in the same subnet as the mount target in order to access their file system.

You can create only one mount target for a One Zone file system. You must create that mount target in the same Availability Zone in which the file system is located. Use the AvailabilityZoneName and AvailabiltyZoneId properties in the DescribeFileSystems response object to get this information. Use the subnetId associated with the file system's Availability Zone when creating the mount target.

For more information, see Amazon EFS: How it Works.

To create a mount target for a file system, the file system's lifecycle state must be available. For more information, see DescribeFileSystems.

In the request, provide the following:

  • The file system ID for which you are creating the mount target.

  • A subnet ID, which determines the following:

    • The VPC in which Amazon EFS creates the mount target

    • The Availability Zone in which Amazon EFS creates the mount target

    • The IP address range from which Amazon EFS selects the IP address of the mount target (if you don't specify an IP address in the request)

After creating the mount target, Amazon EFS returns a response that includes, a MountTargetId and an IpAddress. You use this IP address when mounting the file system in an EC2 instance. You can also use the mount target's DNS name when mounting the file system. The EC2 instance on which you mount the file system by using the mount target can resolve the mount target's DNS name to its IP address. For more information, see How it Works: Implementation Overview.

Note that you can create mount targets for a file system in only one VPC, and there can be only one mount target per Availability Zone. That is, if the file system already has one or more mount targets created for it, the subnet specified in the request to add another mount target must meet the following requirements:

  • Must belong to the same VPC as the subnets of the existing mount targets

  • Must not be in the same Availability Zone as any of the subnets of the existing mount targets

If the request satisfies the requirements, Amazon EFS does the following:

  • Creates a new mount target in the specified subnet.

  • Also creates a new network interface in the subnet as follows:

    • If the request provides an IpAddress, Amazon EFS assigns that IP address to the network interface. Otherwise, Amazon EFS assigns a free address in the subnet (in the same way that the Amazon EC2 CreateNetworkInterface call does when a request does not specify a primary private IP address).

    • If the request provides SecurityGroups, this network interface is associated with those security groups. Otherwise, it belongs to the default security group for the subnet's VPC.

    • Assigns the description Mount target fsmt-id for file system fs-id where fsmt-id is the mount target ID, and fs-id is the FileSystemId.

    • Sets the requesterManaged property of the network interface to true, and the requesterId value to EFS.

    Each Amazon EFS mount target has one corresponding requester-managed EC2 network interface. After the network interface is created, Amazon EFS sets the NetworkInterfaceId field in the mount target's description to the network interface ID, and the IpAddress field to its address. If network interface creation fails, the entire CreateMountTarget operation fails.

The CreateMountTarget call returns only after creating the network interface, but while the mount target state is still creating, you can check the mount target creation status by calling the DescribeMountTargets operation, which among other things returns the mount target state.

We recommend that you create a mount target in each of the Availability Zones. There are cost considerations for using a file system in an Availability Zone through a mount target created in another Availability Zone. For more information, see Amazon EFS. In addition, by always using a mount target local to the instance's Availability Zone, you eliminate a partial failure scenario. If the Availability Zone in which your mount target is created goes down, then you can't access your file system through that mount target.

This operation requires permissions for the following action on the file system:

  • elasticfilesystem:CreateMountTarget

This operation also requires permissions for the following Amazon EC2 actions:

  • ec2:DescribeSubnets

  • ec2:DescribeNetworkInterfaces

  • ec2:CreateNetworkInterface

" + "documentation":"

Creates a mount target for a file system. You can then mount the file system on EC2 instances by using the mount target.

You can create one mount target in each Availability Zone in your VPC. All EC2 instances in a VPC within a given Availability Zone share a single mount target for a given file system. If you have multiple subnets in an Availability Zone, you create a mount target in one of the subnets. EC2 instances do not need to be in the same subnet as the mount target in order to access their file system.

You can create only one mount target for a One Zone file system. You must create that mount target in the same Availability Zone in which the file system is located. Use the AvailabilityZoneName and AvailabiltyZoneId properties in the DescribeFileSystems response object to get this information. Use the subnetId associated with the file system's Availability Zone when creating the mount target.

For more information, see Amazon EFS: How it Works.

To create a mount target for a file system, the file system's lifecycle state must be available. For more information, see DescribeFileSystems.

In the request, provide the following:

  • The file system ID for which you are creating the mount target.

  • A subnet ID, which determines the following:

    • The VPC in which Amazon EFS creates the mount target

    • The Availability Zone in which Amazon EFS creates the mount target

    • The IP address range from which Amazon EFS selects the IP address of the mount target (if you don't specify an IP address in the request)

After creating the mount target, Amazon EFS returns a response that includes, a MountTargetId and an IpAddress. You use this IP address when mounting the file system in an EC2 instance. You can also use the mount target's DNS name when mounting the file system. The EC2 instance on which you mount the file system by using the mount target can resolve the mount target's DNS name to its IP address. For more information, see How it Works: Implementation Overview.

Note that you can create mount targets for a file system in only one VPC, and there can be only one mount target per Availability Zone. That is, if the file system already has one or more mount targets created for it, the subnet specified in the request to add another mount target must meet the following requirements:

  • Must belong to the same VPC as the subnets of the existing mount targets

  • Must not be in the same Availability Zone as any of the subnets of the existing mount targets

If the request satisfies the requirements, Amazon EFS does the following:

  • Creates a new mount target in the specified subnet.

  • Also creates a new network interface in the subnet as follows:

    • If the request provides an IpAddress, Amazon EFS assigns that IP address to the network interface. Otherwise, Amazon EFS assigns a free address in the subnet (in the same way that the Amazon EC2 CreateNetworkInterface call does when a request does not specify a primary private IP address).

    • If the request provides SecurityGroups, this network interface is associated with those security groups. Otherwise, it belongs to the default security group for the subnet's VPC.

    • Assigns the description Mount target fsmt-id for file system fs-id where fsmt-id is the mount target ID, and fs-id is the FileSystemId.

    • Sets the requesterManaged property of the network interface to true, and the requesterId value to EFS.

    Each Amazon EFS mount target has one corresponding requester-managed EC2 network interface. After the network interface is created, Amazon EFS sets the NetworkInterfaceId field in the mount target's description to the network interface ID, and the IpAddress field to its address. If network interface creation fails, the entire CreateMountTarget operation fails.

The CreateMountTarget call returns only after creating the network interface, but while the mount target state is still creating, you can check the mount target creation status by calling the DescribeMountTargets operation, which among other things returns the mount target state.

We recommend that you create a mount target in each of the Availability Zones. There are cost considerations for using a file system in an Availability Zone through a mount target created in another Availability Zone. For more information, see Amazon EFS pricing. In addition, by always using a mount target local to the instance's Availability Zone, you eliminate a partial failure scenario. If the Availability Zone in which your mount target is created goes down, then you can't access your file system through that mount target.

This operation requires permissions for the following action on the file system:

  • elasticfilesystem:CreateMountTarget

This operation also requires permissions for the following Amazon EC2 actions:

  • ec2:DescribeSubnets

  • ec2:DescribeNetworkInterfaces

  • ec2:CreateNetworkInterface

" }, "CreateReplicationConfiguration":{ "name":"CreateReplicationConfiguration", @@ -312,7 +312,7 @@ {"shape":"BadRequest"}, {"shape":"FileSystemNotFound"} ], - "documentation":"

Returns the current LifecycleConfiguration object for the specified Amazon EFS file system. Lifecycle management uses the LifecycleConfiguration object to identify when to move files between storage classes. For a file system without a LifecycleConfiguration object, the call returns an empty array in the response.

This operation requires permissions for the elasticfilesystem:DescribeLifecycleConfiguration operation.

" + "documentation":"

Returns the current LifecycleConfiguration object for the specified EFS file system. Lifecycle management uses the LifecycleConfiguration object to identify when to move files between storage classes. For a file system without a LifecycleConfiguration object, the call returns an empty array in the response.

This operation requires permissions for the elasticfilesystem:DescribeLifecycleConfiguration operation.

" }, "DescribeMountTargetSecurityGroups":{ "name":"DescribeMountTargetSecurityGroups", @@ -789,7 +789,7 @@ }, "ProvisionedThroughputInMibps":{ "shape":"ProvisionedThroughputInMibps", - "documentation":"

The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact Amazon Web Services Support. For more information, see Amazon EFS quotas that you can increase in the Amazon EFS User Guide.

" + "documentation":"

The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact Amazon Web ServicesSupport. For more information, see Amazon EFS quotas that you can increase in the Amazon EFS User Guide.

" }, "AvailabilityZoneName":{ "shape":"AvailabilityZoneName", @@ -822,11 +822,19 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

Valid IPv4 address within the address range of the specified subnet.

" + "documentation":"

If the IP address type for the mount target is IPv4, then specify the IPv4 address within the address range of the specified subnet.

" + }, + "Ipv6Address":{ + "shape":"Ipv6Address", + "documentation":"

If the IP address type for the mount target is IPv6, then specify the IPv6 address within the address range of the specified subnet.

" + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

Specify the type of IP address of the mount target you are creating. Options are IPv4, dual stack, or IPv6. If you don’t specify an IpAddressType, then IPv4 is used.

  • IPV4_ONLY – Create mount target with IPv4 only subnet or dual-stack subnet.

  • DUAL_STACK – Create mount target with dual-stack subnet.

  • IPV6_ONLY – Create mount target with IPv6 only subnet.

Creating IPv6 mount target only ENI in dual-stack subnet is not supported.

" }, "SecurityGroups":{ "shape":"SecurityGroups", - "documentation":"

Up to five VPC security group IDs, of the form sg-xxxxxxxx. These must be for the same VPC as subnet specified.

" + "documentation":"

VPC security group IDs, of the form sg-xxxxxxxx. These must be for the same VPC as the subnet specified. The maximum number of security groups depends on account quota. For more information, see Amazon VPC Quotas in the Amazon VPC User Guide (see the Security Groups table).

" } }, "documentation":"

" @@ -1369,7 +1377,7 @@ }, "FileSystemId":{ "shape":"FileSystemId", - "documentation":"

The ID or ARN of the file system to use for the destination. For cross-account replication, this must be an ARN. The file system's replication overwrite replication must be disabled. If no ID or ARN is specified, then a new file system is created.

" + "documentation":"

The ID or ARN of the file system to use for the destination. For cross-account replication, this must be an ARN. The file system's replication overwrite replication must be disabled. If no ID or ARN is specified, then a new file system is created.

When you initially configure replication to an existing file system, Amazon EFS writes data to or removes existing data from the destination file system to match data in the source file system. If you don't want to change data in the destination file system, then you should replicate to a new file system instead. For more information, see https://docs.aws.amazon.com/efs/latest/ug/create-replication.html.

" }, "RoleArn":{ "shape":"RoleArn", @@ -1565,7 +1573,7 @@ "members":{ "ReplicationOverwriteProtection":{ "shape":"ReplicationOverwriteProtection", - "documentation":"

The status of the file system's replication overwrite protection.

  • ENABLED – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ENABLED by default.

  • DISABLED – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.

  • REPLICATING – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.

If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.

" + "documentation":"

The status of the file system's replication overwrite protection.

  • ENABLED – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ENABLED by default.

  • DISABLED – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.

  • REPLICATING – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.

If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.

" } }, "documentation":"

Describes the protection on a file system.

" @@ -1677,6 +1685,19 @@ "error":{"httpStatusCode":409}, "exception":true }, + "IpAddressType":{ + "type":"string", + "enum":[ + "IPV4_ONLY", + "IPV6_ONLY", + "DUAL_STACK" + ] + }, + "Ipv6Address":{ + "type":"string", + "max":39, + "min":3 + }, "KmsKeyId":{ "type":"string", "max":2048, @@ -1789,7 +1810,7 @@ }, "SecurityGroups":{ "shape":"SecurityGroups", - "documentation":"

An array of up to five VPC security group IDs.

" + "documentation":"

An array of VPC security group IDs.

" } }, "documentation":"

" @@ -1842,6 +1863,10 @@ "shape":"IpAddress", "documentation":"

Address at which the file system can be mounted by using the mount target.

" }, + "Ipv6Address":{ + "shape":"Ipv6Address", + "documentation":"

The IPv6 address for the mount target.

" + }, "NetworkInterfaceId":{ "shape":"NetworkInterfaceId", "documentation":"

The ID of the network interface that Amazon EFS created when it created the mount target.

" @@ -1891,7 +1916,7 @@ "ErrorCode":{"shape":"ErrorCode"}, "Message":{"shape":"ErrorMessage"} }, - "documentation":"

The calling account has reached the limit for elastic network interfaces for the specific Amazon Web Services Region. Either delete some network interfaces or request that the account quota be raised. For more information, see Amazon VPC Quotas in the Amazon VPC User Guide (see the Network interfaces per Region entry in the Network interfaces table).

", + "documentation":"

The calling account has reached the limit for elastic network interfaces for the specific Amazon Web Services Region. Either delete some network interfaces or request that the account quota be raised. For more information, see Amazon VPC Quotas in the Amazon VPC User Guide (see the Network interfaces per Region entry in the Network interfaces table).

", "error":{"httpStatusCode":409}, "exception":true }, @@ -1947,7 +1972,7 @@ "ErrorCode":{"shape":"ErrorCode"}, "Message":{"shape":"ErrorMessage"} }, - "documentation":"

Returned if the default file system policy is in effect for the EFS file system specified.

", + "documentation":"

Returned if no backup is specified for a One Zone EFS file system.

", "error":{"httpStatusCode":404}, "exception":true }, @@ -2226,7 +2251,7 @@ "ErrorCode":{"shape":"ErrorCode"}, "Message":{"shape":"ErrorMessage"} }, - "documentation":"

Returned if the size of SecurityGroups specified in the request is greater than five.

", + "documentation":"

Returned if the number of SecurityGroups specified in the request is greater than the limit, which is based on account quota. Either delete some security groups or request that the account quota be raised. For more information, see Amazon VPC Quotas in the Amazon VPC User Guide (see the Security Groups table).

", "error":{"httpStatusCode":400}, "exception":true }, @@ -2480,7 +2505,7 @@ }, "ProvisionedThroughputInMibps":{ "shape":"ProvisionedThroughputInMibps", - "documentation":"

(Optional) The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact Amazon Web Services Support. For more information, see Amazon EFS quotas that you can increase in the Amazon EFS User Guide.

" + "documentation":"

(Optional) The throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact Amazon Web ServicesSupport. For more information, see Amazon EFS quotas that you can increase in the Amazon EFS User Guide.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/eks/2017-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/eks/2017-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/eks/2017-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/eks/2017-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/eks/2017-11-01/service-2.json 2.31.35-1/awscli/botocore/data/eks/2017-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/eks/2017-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/eks/2017-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -45,7 +45,8 @@ {"shape":"ServerException"}, {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Associates an encryption configuration to an existing cluster.

Use this API to enable encryption on existing clusters that don't already have encryption enabled. This allows you to implement a defense-in-depth security strategy without migrating applications to new Amazon EKS clusters.

" }, @@ -63,7 +64,8 @@ {"shape":"ServerException"}, {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Associates an identity provider configuration to a cluster.

If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes Role and ClusterRole objects, assign permissions to them, and then bind them to the identities using Kubernetes RoleBinding and ClusterRoleBinding objects. For more information see Using RBAC Authorization in the Kubernetes documentation.

" }, @@ -120,7 +122,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"UnsupportedAvailabilityZoneException"} ], - "documentation":"

Creates an Amazon EKS control plane.

The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.

The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).

Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.

You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .

You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide.

" + "documentation":"

Creates an Amazon EKS control plane.

The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.

The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).

Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.

You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the ipFamily for the cluster. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .

You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide.

" }, "CreateEksAnywhereSubscription":{ "name":"CreateEksAnywhereSubscription", @@ -174,7 +176,7 @@ {"shape":"ServerException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Creates a managed node group for an Amazon EKS cluster.

You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Customizing managed nodes with launch templates.

An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.

Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.

" + "documentation":"

Creates a managed node group for an Amazon EKS cluster.

You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template.

For later updates, you will only be able to update a node group using a launch template only if it was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes. For more information about using launch templates, see Customizing managed nodes with launch templates.

An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.

Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.

" }, "CreatePodIdentityAssociation":{ "name":"CreatePodIdentityAssociation", @@ -192,7 +194,7 @@ {"shape":"ResourceLimitExceededException"}, {"shape":"ResourceInUseException"} ], - "documentation":"

Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to pods and the credentials are rotated automatically.

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

If a pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.

Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for Pod Identity once, and reuse it across clusters.

" + "documentation":"

Creates an EKS Pod Identity association between a service account in an Amazon EKS cluster and an IAM role with EKS Pod Identity. Use EKS Pod Identity to give temporary IAM credentials to Pods and the credentials are rotated automatically.

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

If a Pod uses a service account that has an association, Amazon EKS sets environment variables in the containers of the Pod. The environment variables configure the Amazon Web Services SDKs, including the Command Line Interface, to use the EKS Pod Identity credentials.

EKS Pod Identity is a simpler method than IAM roles for service accounts, as this method doesn't use OIDC identity providers. Additionally, you can configure a role for EKS Pod Identity once, and reuse it across clusters.

Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are eventually consistent, and may take several seconds to be effective after the initial API call returns successfully. You must design your applications to account for these potential delays. We recommend that you don’t include association create/updates in the critical, high-availability code paths of your application. Instead, make changes in a separate initialization or setup routine that you run less frequently.

You can set a target IAM role in the same or a different account for advanced scenarios. With a target role, EKS Pod Identity automatically performs two role assumptions in sequence: first assuming the role in the association that is in this account, then using those credentials to assume the target IAM role. This process provides your Pod with temporary credentials that have the permissions defined in the target role, allowing secure access to resources in another Amazon Web Services account.

" }, "DeleteAccessEntry":{ "name":"DeleteAccessEntry", @@ -239,7 +241,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ClientException"}, {"shape":"ServerException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"InvalidRequestException"} ], "documentation":"

Deletes an Amazon EKS cluster control plane.

If you have active services in your cluster that are associated with a load balancer, you must delete those services before deleting the cluster so that the load balancers are deleted properly. Otherwise, you can have orphaned resources in your VPC that prevent you from being able to delete the VPC. For more information, see Deleting a cluster in the Amazon EKS User Guide.

If you have managed node groups or Fargate profiles attached to the cluster, you must delete them first. For more information, see DeleteNodgroup and DeleteFargateProfile.

" }, @@ -485,6 +488,22 @@ ], "documentation":"

Returns details about an insight that you specify using its ID.

" }, + "DescribeInsightsRefresh":{ + "name":"DescribeInsightsRefresh", + "http":{ + "method":"GET", + "requestUri":"/clusters/{name}/insights-refresh" + }, + "input":{"shape":"DescribeInsightsRefreshRequest"}, + "output":{"shape":"DescribeInsightsRefreshResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"} + ], + "documentation":"

Returns the status of the latest on-demand cluster insights refresh operation.

" + }, "DescribeNodegroup":{ "name":"DescribeNodegroup", "http":{ @@ -532,7 +551,7 @@ {"shape":"ServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Describes an update to an Amazon EKS resource.

When the status of the update is Succeeded, the update is complete. If an update fails, the status is Failed, and an error detail explains the reason for the failure.

" + "documentation":"

Describes an update to an Amazon EKS resource.

When the status of the update is Successful, the update is complete. If an update fails, the status is Failed, and an error detail explains the reason for the failure.

" }, "DisassociateAccessPolicy":{ "name":"DisassociateAccessPolicy", @@ -563,7 +582,8 @@ {"shape":"ServerException"}, {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} ], "documentation":"

Disassociates an identity provider configuration from a cluster.

If you disassociate an identity provider from your cluster, users included in the provider can no longer access the cluster. However, you can still access the cluster with IAM principals.

" }, @@ -707,7 +727,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InvalidParameterException"} ], - "documentation":"

Returns a list of all insights checked for against the specified cluster. You can filter which insights are returned by category, associated Kubernetes version, and status.

" + "documentation":"

Returns a list of all insights checked for against the specified cluster. You can filter which insights are returned by category, associated Kubernetes version, and status. The default filter lists all categories and every status.

The following lists the available categories:

  • UPGRADE_READINESS: Amazon EKS identifies issues that could impact your ability to upgrade to new versions of Kubernetes. These are called upgrade insights.

  • MISCONFIGURATION: Amazon EKS identifies misconfiguration in your EKS Hybrid Nodes setup that could impair functionality of your cluster or workloads. These are called configuration insights.

" }, "ListNodegroups":{ "name":"ListNodegroups", @@ -790,7 +810,23 @@ {"shape":"ResourceInUseException"}, {"shape":"ResourcePropagationDelayException"} ], - "documentation":"

Connects a Kubernetes cluster to the Amazon EKS control plane.

Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.

Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.

Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.

After the manifest is updated and applied, the connected cluster is visible to the Amazon EKS control plane. If the manifest isn't applied within three days, the connected cluster will no longer be visible and must be deregistered using DeregisterCluster.

" + "documentation":"

Connects a Kubernetes cluster to the Amazon EKS control plane.

Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes.

Cluster connection requires two steps. First, send a RegisterClusterRequest to add it to the Amazon EKS control plane.

Second, a Manifest containing the activationID and activationCode must be applied to the Kubernetes cluster through it's native provider to provide visibility.

After the manifest is updated and applied, the connected cluster is visible to the Amazon EKS control plane. If the manifest isn't applied within three days, the connected cluster will no longer be visible and must be deregistered using DeregisterCluster.

" + }, + "StartInsightsRefresh":{ + "name":"StartInsightsRefresh", + "http":{ + "method":"POST", + "requestUri":"/clusters/{name}/insights-refresh" + }, + "input":{"shape":"StartInsightsRefreshRequest"}, + "output":{"shape":"StartInsightsRefreshResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"InvalidParameterException"} + ], + "documentation":"

Initiates an on-demand refresh operation for cluster insights, getting the latest analysis outside of the standard refresh schedule.

" }, "TagResource":{ "name":"TagResource", @@ -868,9 +904,10 @@ {"shape":"ServerException"}, {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with DescribeUpdate\"/>.

You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .

CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .

You can also use this API operation to enable or disable ARC zonal shift. If zonal shift is enabled, Amazon Web Services configures zonal autoshift for the cluster.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

" + "documentation":"

Updates an Amazon EKS cluster configuration. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with DescribeUpdate.

You can use this operation to do the following actions:

  • You can use this API operation to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster control plane logs in the Amazon EKS User Guide .

    CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.

  • You can also use this API operation to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

  • You can also use this API operation to choose different subnets and security groups for the cluster. You must specify at least two subnets that are in different Availability Zones. You can't change which VPC the subnets are from, the subnets must be in the same VPC as the subnets that the cluster was created with. For more information about the VPC requirements, see https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html in the Amazon EKS User Guide .

  • You can also use this API operation to enable or disable ARC zonal shift. If zonal shift is enabled, Amazon Web Services configures zonal autoshift for the cluster.

  • You can also use this API operation to add, change, or remove the configuration in the cluster for EKS Hybrid Nodes. To remove the configuration, use the remoteNetworkConfig key with an object containing both subkeys with empty arrays for each. Here is an inline example: \"remoteNetworkConfig\": { \"remoteNodeNetworks\": [], \"remotePodNetworks\": [] }.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

" }, "UpdateClusterVersion":{ "name":"UpdateClusterVersion", @@ -886,9 +923,11 @@ {"shape":"ServerException"}, {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidStateException"} ], - "documentation":"

Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

If your cluster has managed node groups attached to it, all of your node groups' Kubernetes versions must match the cluster's Kubernetes version in order to update the cluster to a new Kubernetes version.

" + "documentation":"

Updates an Amazon EKS cluster to the specified Kubernetes version. Your cluster continues to function during the update. The response output includes an update ID that you can use to track the status of your cluster update with the DescribeUpdate API operation.

Cluster updates are asynchronous, and they should finish within a few minutes. During an update, the cluster status moves to UPDATING (this status transition is eventually consistent). When the update is complete (either Failed or Successful), the cluster status moves to Active.

If your cluster has managed node groups attached to it, all of your node groups' Kubernetes versions must match the cluster's Kubernetes version in order to update the cluster to a new Kubernetes version.

" }, "UpdateEksAnywhereSubscription":{ "name":"UpdateEksAnywhereSubscription", @@ -923,7 +962,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

Updates an Amazon EKS managed node group configuration. Your node group continues to function during the update. The response output includes an update ID that you can use to track the status of your node group update with the DescribeUpdate API operation. You can update the Kubernetes labels and taints for a node group and the scaling and version update configuration.

" + "documentation":"

Updates an Amazon EKS managed node group configuration. Your node group continues to function during the update. The response output includes an update ID that you can use to track the status of your node group update with the DescribeUpdate API operation. You can update the Kubernetes labels and taints for a node group and the scaling and version update configuration.

" }, "UpdateNodegroupVersion":{ "name":"UpdateNodegroupVersion", @@ -941,7 +980,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.

You can update a node group using a launch template only if the node group was originally deployed with a launch template. If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.

If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.

You cannot roll back a node group to an earlier Kubernetes version or AMI version.

When a node in a managed node group is terminated due to a scaling action or update, every Pod on that node is drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force the update if Amazon EKS is unable to drain the nodes as a result of a Pod disruption budget issue.

" + "documentation":"

Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.

You can update a node group using a launch template only if the node group was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes.

If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.

If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For information about Linux versions, see Amazon EKS optimized Amazon Linux AMI versions in the Amazon EKS User Guide. For information about Windows versions, see Amazon EKS optimized Windows AMI versions in the Amazon EKS User Guide.

You cannot roll back a node group to an earlier Kubernetes version or AMI version.

When a node in a managed node group is terminated due to a scaling action or update, every Pod on that node is drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force the update if Amazon EKS is unable to drain the nodes as a result of a Pod disruption budget issue.

" }, "UpdatePodIdentityAssociation":{ "name":"UpdatePodIdentityAssociation", @@ -957,7 +996,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InvalidParameterException"} ], - "documentation":"

Updates a EKS Pod Identity association. Only the IAM role can be changed; an association can't be moved between clusters, namespaces, or service accounts. If you need to edit the namespace or service account, you need to delete the association and then create a new association with your desired settings.

" + "documentation":"

Updates a EKS Pod Identity association. In an update, you can change the IAM role, the target IAM role, or disableSessionTags. You must change at least one of these in an update. An association can't be moved between clusters, namespaces, or service accounts. If you need to edit the namespace or service account, you need to delete the association and then create a new association with your desired settings.

Similar to Amazon Web Services IAM behavior, EKS Pod Identity associations are eventually consistent, and may take several seconds to be effective after the initial API call returns successfully. You must design your applications to account for these potential delays. We recommend that you don’t include association create/updates in the critical, high-availability code paths of your application. Instead, make changes in a separate initialization or setup routine that you run less frequently.

You can set a target IAM role in the same or a different account for advanced scenarios. With a target role, EKS Pod Identity automatically performs two role assumptions in sequence: first assuming the role in the association that is in this account, then using those credentials to assume the target IAM role. This process provides your Pod with temporary credentials that have the permissions defined in the target role, allowing secure access to resources in another Amazon Web Services account.

" } }, "shapes":{ @@ -970,6 +1009,8 @@ "CUSTOM", "BOTTLEROCKET_ARM_64", "BOTTLEROCKET_x86_64", + "BOTTLEROCKET_ARM_64_FIPS", + "BOTTLEROCKET_x86_64_FIPS", "BOTTLEROCKET_ARM_64_NVIDIA", "BOTTLEROCKET_x86_64_NVIDIA", "WINDOWS_CORE_2019_x86_64", @@ -979,7 +1020,8 @@ "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD", "AL2023_x86_64_NEURON", - "AL2023_x86_64_NVIDIA" + "AL2023_x86_64_NVIDIA", + "AL2023_ARM_64_NVIDIA" ] }, "AccessConfigResponse":{ @@ -1155,7 +1197,11 @@ }, "podIdentityAssociations":{ "shape":"StringList", - "documentation":"

An array of Pod Identity Assocations owned by the Addon. Each EKS Pod Identity association maps a role to a service account in a namespace in the cluster.

For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the Amazon EKS User Guide.

" + "documentation":"

An array of EKS Pod Identity associations owned by the add-on. Each association maps a role to a service account in a namespace in the cluster.

For more information, see Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity in the Amazon EKS User Guide.

" + }, + "namespaceConfig":{ + "shape":"AddonNamespaceConfigResponse", + "documentation":"

The namespace configuration for the addon. This specifies the Kubernetes namespace where the addon is installed.

" } }, "documentation":"

An Amazon EKS add-on. For more information, see Amazon EKS add-ons in the Amazon EKS User Guide.

" @@ -1214,6 +1260,10 @@ "marketplaceInformation":{ "shape":"MarketplaceInformation", "documentation":"

Information about the add-on from the Amazon Web Services Marketplace.

" + }, + "defaultNamespace":{ + "shape":"String", + "documentation":"

The default Kubernetes namespace where this addon is typically installed if no custom namespace is specified.

" } }, "documentation":"

Information about an add-on.

" @@ -1255,6 +1305,26 @@ "type":"list", "member":{"shape":"AddonIssue"} }, + "AddonNamespaceConfigRequest":{ + "type":"structure", + "members":{ + "namespace":{ + "shape":"namespace", + "documentation":"

The name of the Kubernetes namespace to install the addon in. Must be a valid RFC 1123 DNS label.

" + } + }, + "documentation":"

The namespace configuration request object for specifying a custom namespace when creating an addon.

" + }, + "AddonNamespaceConfigResponse":{ + "type":"structure", + "members":{ + "namespace":{ + "shape":"namespace", + "documentation":"

The name of the Kubernetes namespace where the addon is installed.

" + } + }, + "documentation":"

The namespace configuration response object containing information about the namespace where an addon is installed.

" + }, "AddonPodIdentityAssociations":{ "type":"structure", "required":[ @@ -1271,7 +1341,7 @@ "documentation":"

The ARN of an IAM Role.

" } }, - "documentation":"

A type of Pod Identity Association owned by an Amazon EKS Add-on.

Each EKS Pod Identity Association maps a role to a service account in a namespace in the cluster.

For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the Amazon EKS User Guide.

" + "documentation":"

A type of EKS Pod Identity association owned by an Amazon EKS add-on.

Each association maps a role to a service account in a namespace in the cluster.

For more information, see Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity in the Amazon EKS User Guide.

" }, "AddonPodIdentityAssociationsList":{ "type":"list", @@ -1282,14 +1352,14 @@ "members":{ "serviceAccount":{ "shape":"String", - "documentation":"

The Kubernetes Service Account name used by the addon.

" + "documentation":"

The Kubernetes Service Account name used by the add-on.

" }, "recommendedManagedPolicies":{ "shape":"StringList", - "documentation":"

A suggested IAM Policy for the addon.

" + "documentation":"

A suggested IAM Policy for the add-on.

" } }, - "documentation":"

Information about how to configure IAM for an Addon.

" + "documentation":"

Information about how to configure IAM for an add-on.

" }, "AddonPodIdentityConfigurationList":{ "type":"list", @@ -1321,7 +1391,7 @@ }, "computeTypes":{ "shape":"StringList", - "documentation":"

Indicates the compute type of the addon version.

" + "documentation":"

Indicates the compute type of the add-on version.

" }, "compatibilities":{ "shape":"Compatibilities", @@ -1333,7 +1403,7 @@ }, "requiresIamPermissions":{ "shape":"Boolean", - "documentation":"

Indicates if the Addon requires IAM Permissions to operate, such as networking permissions.

" + "documentation":"

Indicates if the add-on requires IAM Permissions to operate, such as networking permissions.

" } }, "documentation":"

Information about an add-on version.

" @@ -1556,7 +1626,10 @@ }, "Category":{ "type":"string", - "enum":["UPGRADE_READINESS"] + "enum":[ + "UPGRADE_READINESS", + "MISCONFIGURATION" + ] }, "CategoryList":{ "type":"list", @@ -1719,7 +1792,7 @@ }, "remoteNetworkConfig":{ "shape":"RemoteNetworkConfigResponse", - "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.

" + "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can add, change, or remove this configuration after the cluster is created.

" }, "computeConfig":{ "shape":"ComputeConfigResponse", @@ -1728,6 +1801,10 @@ "storageConfig":{ "shape":"StorageConfigResponse", "documentation":"

Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. For example, if the capability is enabled or disabled. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account. For more information, see EKS Auto Mode block storage capability in the Amazon EKS User Guide.

" + }, + "deletionProtection":{ + "shape":"BoxedBoolean", + "documentation":"

The current deletion protection setting for the cluster. When true, deletion protection is enabled and the cluster cannot be deleted until protection is disabled. When false, the cluster can be deleted normally. This setting only applies to clusters in an active state.

" } }, "documentation":"

An object representing an Amazon EKS cluster.

" @@ -1838,6 +1915,10 @@ }, "status":{ "shape":"ClusterVersionStatus", + "documentation":"

This field is deprecated. Use versionStatus instead, as that field matches for input and output of this action.

Current status of this cluster version.

" + }, + "versionStatus":{ + "shape":"VersionStatus", "documentation":"

Current status of this cluster version.

" }, "kubernetesPatchVersion":{ @@ -2082,7 +2163,7 @@ }, "resolveConflicts":{ "shape":"ResolveConflicts", - "documentation":"

How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:

  • None – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.

  • Overwrite – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.

  • Preserve – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see UpdateAddon.

If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.

" + "documentation":"

How to resolve field value conflicts for an Amazon EKS add-on. Conflicts are handled based on the value you choose:

  • None – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail.

  • Overwrite – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value.

  • Preserve – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see UpdateAddon .

If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify.

" }, "clientRequestToken":{ "shape":"String", @@ -2099,7 +2180,11 @@ }, "podIdentityAssociations":{ "shape":"AddonPodIdentityAssociationsList", - "documentation":"

An array of Pod Identity Assocations to be created. Each EKS Pod Identity association maps a Kubernetes service account to an IAM Role.

For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the Amazon EKS User Guide.

" + "documentation":"

An array of EKS Pod Identity associations to be created. Each association maps a Kubernetes service account to an IAM role.

For more information, see Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity in the Amazon EKS User Guide.

" + }, + "namespaceConfig":{ + "shape":"AddonNamespaceConfigRequest", + "documentation":"

The namespace configuration for the addon. If specified, this will override the default namespace for the addon.

" } } }, @@ -2164,7 +2249,7 @@ }, "bootstrapSelfManagedAddons":{ "shape":"BoxedBoolean", - "documentation":"

If you set this value to False when creating a cluster, the default networking add-ons will not be installed.

The default networking addons include vpc-cni, coredns, and kube-proxy.

Use this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons.

" + "documentation":"

If you set this value to False when creating a cluster, the default networking add-ons will not be installed.

The default networking add-ons include vpc-cni, coredns, and kube-proxy.

Use this option when you plan to install third-party alternative add-ons or self-manage the default networking add-ons.

" }, "upgradePolicy":{ "shape":"UpgradePolicyRequest", @@ -2176,7 +2261,7 @@ }, "remoteNetworkConfig":{ "shape":"RemoteNetworkConfigRequest", - "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.

" + "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can add, change, or remove this configuration after the cluster is created.

" }, "computeConfig":{ "shape":"ComputeConfigRequest", @@ -2185,6 +2270,10 @@ "storageConfig":{ "shape":"StorageConfigRequest", "documentation":"

Enable or disable the block storage capability of EKS Auto Mode when creating your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete EBS volumes in your Amazon Web Services account.

" + }, + "deletionProtection":{ + "shape":"BoxedBoolean", + "documentation":"

Indicates whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. This helps prevent accidental cluster deletion. Default value is false.

" } } }, @@ -2360,7 +2449,7 @@ }, "launchTemplate":{ "shape":"LaunchTemplateSpecification", - "documentation":"

An object representing a node group's launch template specification. When using this object, don't directly specify instanceTypes, diskSize, or remoteAccess. Make sure that the launch template meets the requirements in launchTemplateSpecification. Also refer to Customizing managed nodes with launch templates in the Amazon EKS User Guide.

" + "documentation":"

An object representing a node group's launch template specification. When using this object, don't directly specify instanceTypes, diskSize, or remoteAccess. You cannot later specify a different launch template ID or name than what was used to create the node group.

Make sure that the launch template meets the requirements in launchTemplateSpecification. Also refer to Customizing managed nodes with launch templates in the Amazon EKS User Guide.

" }, "updateConfig":{ "shape":"NodegroupUpdateConfig", @@ -2404,13 +2493,13 @@ "members":{ "clusterName":{ "shape":"String", - "documentation":"

The name of the cluster to create the association in.

", + "documentation":"

The name of the cluster to create the EKS Pod Identity association in.

", "location":"uri", "locationName":"name" }, "namespace":{ "shape":"String", - "documentation":"

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.

" + "documentation":"

The name of the Kubernetes namespace inside the cluster to create the EKS Pod Identity association in. The service account and the Pods that use the service account must be in this namespace.

" }, "serviceAccount":{ "shape":"String", @@ -2418,7 +2507,7 @@ }, "roleArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account.

" }, "clientRequestToken":{ "shape":"String", @@ -2428,6 +2517,14 @@ "tags":{ "shape":"TagMap", "documentation":"

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

The following basic restrictions apply to tags:

  • Maximum number of tags per resource – 50

  • For each resource, each tag key must be unique, and each tag key can have only one value.

  • Maximum key length – 128 Unicode characters in UTF-8

  • Maximum value length – 256 Unicode characters in UTF-8

  • If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.

  • Tag keys and values are case-sensitive.

  • Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.

" + }, + "disableSessionTags":{ + "shape":"BoxedBoolean", + "documentation":"

Disable the automatic sessions tags that are appended by EKS Pod Identity.

EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see List of session tags added by EKS Pod Identity in the Amazon EKS User Guide.

Amazon Web Services compresses inline session policies, managed policy ARNs, and session tags into a packed binary format that has a separate limit. If you receive a PackedPolicyTooLarge error indicating the packed binary format has exceeded the size limit, you can attempt to reduce the size by disabling the session tags added by EKS Pod Identity.

" + }, + "targetRoleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the target IAM role to associate with the service account. This role is assumed by using the EKS Pod Identity association role, then the credentials for this role are injected into the Pod.

When you run applications on Amazon EKS, your application might need to access Amazon Web Services resources from a different role that exists in the same or different Amazon Web Services account. For example, your application running in “Account A” might need to access resources, such as Amazon S3 buckets in “Account B” or within “Account A” itself. You can create a association to access Amazon Web Services resources in “Account B” by creating two IAM roles: a role in “Account A” and a role in “Account B” (which can be the same or different account), each with the necessary trust and permission policies. After you provide these roles in the IAM role and Target IAM role fields, EKS will perform role chaining to ensure your application gets the required permissions. This means Role A will assume Role B, allowing your Pods to securely access resources like S3 buckets in the target account.

" } } }, @@ -2463,8 +2560,7 @@ }, "DeleteAccessEntryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAddonRequest":{ "type":"structure", @@ -2747,7 +2843,7 @@ }, "podIdentityConfiguration":{ "shape":"AddonPodIdentityConfigurationList", - "documentation":"

The Kubernetes service account name used by the addon, and any suggested IAM policies. Use this information to create an IAM Role for the Addon.

" + "documentation":"

The Kubernetes service account name used by the add-on, and any suggested IAM policies. Use this information to create an IAM Role for the add-on.

" } } }, @@ -2912,9 +3008,18 @@ }, "status":{ "shape":"ClusterVersionStatus", - "documentation":"

Filter versions by their current status.

", + "documentation":"

This field is deprecated. Use versionStatus instead, as that field matches for input and output of this action.

Filter versions by their current status.

", + "deprecated":true, + "deprecatedMessage":"status has been replaced by versionStatus", + "deprecatedSince":"2025-02-15", "location":"querystring", "locationName":"status" + }, + "versionStatus":{ + "shape":"VersionStatus", + "documentation":"

Filter versions by their current status.

", + "location":"querystring", + "locationName":"versionStatus" } } }, @@ -3040,6 +3145,39 @@ } } }, + "DescribeInsightsRefreshRequest":{ + "type":"structure", + "required":["clusterName"], + "members":{ + "clusterName":{ + "shape":"String", + "documentation":"

The name of the cluster associated with the insights refresh operation.

", + "location":"uri", + "locationName":"name" + } + } + }, + "DescribeInsightsRefreshResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

The message associated with the insights refresh operation.

" + }, + "status":{ + "shape":"InsightsRefreshStatus", + "documentation":"

The current status of the insights refresh operation.

" + }, + "startedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the insights refresh operation started.

" + }, + "endedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time when the insights refresh operation ended.

" + } + } + }, "DescribeNodegroupRequest":{ "type":"structure", "required":[ @@ -3173,8 +3311,7 @@ }, "DisassociateAccessPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateIdentityProviderConfigRequest":{ "type":"structure", @@ -3253,6 +3390,10 @@ "shape":"StringList", "documentation":"

Amazon Web Services License Manager ARN associated with the subscription.

" }, + "licenses":{ + "shape":"LicenseList", + "documentation":"

Includes all of the claims in the license token necessary to validate the license for extended support.

" + }, "tags":{ "shape":"TagMap", "documentation":"

The metadata for a subscription to assist with categorization and organization. Each tag consists of a key and an optional value. Subscription tags do not propagate to any other resources associated with the subscription.

" @@ -3716,7 +3857,7 @@ "members":{ "categories":{ "shape":"CategoryList", - "documentation":"

The categories to use to filter insights.

" + "documentation":"

The categories to use to filter insights. The following lists the available categories:

  • UPGRADE_READINESS: Amazon EKS identifies issues that could impact your ability to upgrade to new versions of Kubernetes. These are called upgrade insights.

  • MISCONFIGURATION: Amazon EKS identifies misconfiguration in your EKS Hybrid Nodes setup that could impair functionality of your cluster or workloads. These are called configuration insights.

" }, "kubernetesVersions":{ "shape":"StringList", @@ -3729,6 +3870,14 @@ }, "documentation":"

The criteria to use for the insights.

" }, + "InsightsRefreshStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "FAILED", + "COMPLETED" + ] + }, "Integer":{"type":"integer"}, "InvalidParameterException":{ "type":"structure", @@ -3790,6 +3939,19 @@ "error":{"httpStatusCode":400}, "exception":true }, + "InvalidStateException":{ + "type":"structure", + "members":{ + "clusterName":{ + "shape":"String", + "documentation":"

The Amazon EKS cluster associated with the exception.

" + }, + "message":{"shape":"String"} + }, + "documentation":"

Amazon EKS detected upgrade readiness issues. Call the ListInsights API to view detected upgrade blocking issues. Pass the force flag when updating to override upgrade readiness errors.

", + "error":{"httpStatusCode":400}, + "exception":true + }, "IpFamily":{ "type":"string", "enum":[ @@ -3864,19 +4026,37 @@ "members":{ "name":{ "shape":"String", - "documentation":"

The name of the launch template.

You must specify either the launch template name or the launch template ID in the request, but not both.

" + "documentation":"

The name of the launch template.

You must specify either the launch template name or the launch template ID in the request, but not both. After node group creation, you cannot use a different name.

" }, "version":{ "shape":"String", - "documentation":"

The version number of the launch template to use. If no version is specified, then the template's default version is used.

" + "documentation":"

The version number of the launch template to use. If no version is specified, then the template's default version is used. You can use a different version for node group updates.

" }, "id":{ "shape":"String", - "documentation":"

The ID of the launch template.

You must specify either the launch template ID or the launch template name in the request, but not both.

" + "documentation":"

The ID of the launch template.

You must specify either the launch template ID or the launch template name in the request, but not both. After node group creation, you cannot use a different ID.

" } }, "documentation":"

An object representing a node group launch template specification. The launch template can't include SubnetId , IamInstanceProfile , RequestSpotInstances , HibernationOptions , or TerminateInstances , or the node group deployment or update will fail. For more information about launch templates, see CreateLaunchTemplate in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.

You must specify either the launch template ID or the launch template name in the request, but not both.

" }, + "License":{ + "type":"structure", + "members":{ + "id":{ + "shape":"String", + "documentation":"

An id associated with an EKS Anywhere subscription license.

" + }, + "token":{ + "shape":"String", + "documentation":"

An optional license token that can be used for extended support verification.

" + } + }, + "documentation":"

An EKS Anywhere license associated with a subscription.

" + }, + "LicenseList":{ + "type":"list", + "member":{"shape":"License"} + }, "ListAccessEntriesRequest":{ "type":"structure", "required":["clusterName"], @@ -4362,7 +4542,7 @@ "members":{ "associations":{ "shape":"PodIdentityAssociationSummaries", - "documentation":"

The list of summarized descriptions of the associations that are in the cluster and match any filters that you provided.

Each summary is simplified by removing these fields compared to the full PodIdentityAssociation :

  • The IAM role: roleArn

  • The timestamp that the association was created at: createdAt

  • The most recent timestamp that the association was modified at:. modifiedAt

  • The tags on the association: tags

" + "documentation":"

The list of summarized descriptions of the associations that are in the cluster and match any filters that you provided.

Each summary is simplified by removing these fields compared to the full PodIdentityAssociation :

  • The IAM role: roleArn

  • The timestamp that the association was created at: createdAt

  • The most recent timestamp that the association was modified at:. modifiedAt

  • The tags on the association: tags

" }, "nextToken":{ "shape":"String", @@ -4508,10 +4688,56 @@ "enabled":{ "shape":"BoxedBoolean", "documentation":"

Specifies whether to enable node auto repair for the node group. Node auto repair is disabled by default.

" + }, + "maxUnhealthyNodeThresholdCount":{ + "shape":"NonZeroInteger", + "documentation":"

Specify a count threshold of unhealthy nodes, above which node auto repair actions will stop. When using this, you cannot also set maxUnhealthyNodeThresholdPercentage at the same time.

" + }, + "maxUnhealthyNodeThresholdPercentage":{ + "shape":"PercentCapacity", + "documentation":"

Specify a percentage threshold of unhealthy nodes, above which node auto repair actions will stop. When using this, you cannot also set maxUnhealthyNodeThresholdCount at the same time.

" + }, + "maxParallelNodesRepairedCount":{ + "shape":"NonZeroInteger", + "documentation":"

Specify the maximum number of nodes that can be repaired concurrently or in parallel, expressed as a count of unhealthy nodes. This gives you finer-grained control over the pace of node replacements. When using this, you cannot also set maxParallelNodesRepairedPercentage at the same time.

" + }, + "maxParallelNodesRepairedPercentage":{ + "shape":"PercentCapacity", + "documentation":"

Specify the maximum number of nodes that can be repaired concurrently or in parallel, expressed as a percentage of unhealthy nodes. This gives you finer-grained control over the pace of node replacements. When using this, you cannot also set maxParallelNodesRepairedCount at the same time.

" + }, + "nodeRepairConfigOverrides":{ + "shape":"NodeRepairConfigOverridesList", + "documentation":"

Specify granular overrides for specific repair actions. These overrides control the repair action and the repair delay time before a node is considered eligible for repair. If you use this, you must specify all the values.

" } }, "documentation":"

The node auto repair configuration for the node group.

" }, + "NodeRepairConfigOverrides":{ + "type":"structure", + "members":{ + "nodeMonitoringCondition":{ + "shape":"String", + "documentation":"

Specify an unhealthy condition reported by the node monitoring agent that this override would apply to.

" + }, + "nodeUnhealthyReason":{ + "shape":"String", + "documentation":"

Specify a reason reported by the node monitoring agent that this override would apply to.

" + }, + "minRepairWaitTimeMins":{ + "shape":"NonZeroInteger", + "documentation":"

Specify the minimum time in minutes to wait before attempting to repair a node with this specific nodeMonitoringCondition and nodeUnhealthyReason.

" + }, + "repairAction":{ + "shape":"RepairAction", + "documentation":"

Specify the repair action to take for nodes when all of the specified conditions are met.

" + } + }, + "documentation":"

Specify granular overrides for specific repair actions. These overrides control the repair action and the repair delay time before a node is considered eligible for repair. If you use this, you must specify all the values.

" + }, + "NodeRepairConfigOverridesList":{ + "type":"list", + "member":{"shape":"NodeRepairConfigOverrides"} + }, "Nodegroup":{ "type":"structure", "members":{ @@ -4722,7 +4948,7 @@ }, "updateStrategy":{ "shape":"NodegroupUpdateStrategies", - "documentation":"

The configuration for the behavior to follow during a node group version update of this managed node group. You choose between two possible strategies for replacing nodes during an UpdateNodegroupVersion action.

An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI versions in parallel. The update strategy changes the managed node update behavior of the managed node group for each quantity. The default strategy has guardrails to protect you from misconfiguration and launches the new instances first, before terminating the old instances. The minimal strategy removes the guardrails and terminates the old instances before launching the new instances. This minimal strategy is useful in scenarios where you are constrained to resources or costs (for example, with hardware accelerators such as GPUs).

" + "documentation":"

The configuration for the behavior to follow during a node group version update of this managed node group. You choose between two possible strategies for replacing nodes during an UpdateNodegroupVersion action.

An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI versions in parallel. The update strategy changes the managed node update behavior of the managed node group for each quantity. The default strategy has guardrails to protect you from misconfiguration and launches the new instances first, before terminating the old instances. The minimal strategy removes the guardrails and terminates the old instances before launching the new instances. This minimal strategy is useful in scenarios where you are constrained to resources or costs (for example, with hardware accelerators such as GPUs).

" } }, "documentation":"

The node group update configuration. An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI versions in parallel. You choose the maximum unavailable and the update strategy.

" @@ -4917,7 +5143,7 @@ }, "namespace":{ "shape":"String", - "documentation":"

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.

" + "documentation":"

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the Pods that use the service account must be in this namespace.

" }, "serviceAccount":{ "shape":"String", @@ -4925,7 +5151,7 @@ }, "roleArn":{ "shape":"String", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account.

" }, "associationArn":{ "shape":"String", @@ -4945,11 +5171,23 @@ }, "modifiedAt":{ "shape":"Timestamp", - "documentation":"

The most recent timestamp that the association was modified at

" + "documentation":"

The most recent timestamp that the association was modified at.

" }, "ownerArn":{ "shape":"String", - "documentation":"

If defined, the Pod Identity Association is owned by an Amazon EKS Addon.

" + "documentation":"

If defined, the EKS Pod Identity association is owned by an Amazon EKS add-on.

" + }, + "disableSessionTags":{ + "shape":"BoxedBoolean", + "documentation":"

The state of the automatic sessions tags. The value of true disables these tags.

EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see List of session tags added by EKS Pod Identity in the Amazon EKS User Guide.

" + }, + "targetRoleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the target IAM role to associate with the service account. This role is assumed by using the EKS Pod Identity association role, then the credentials for this role are injected into the Pod.

" + }, + "externalId":{ + "shape":"String", + "documentation":"

The unique identifier for this EKS Pod Identity association for a target IAM role. You put this value in the trust policy of the target role, in a Condition to match the sts.ExternalId. This ensures that the target role can only be assumed by this association. This prevents the confused deputy problem. For more information about the confused deputy problem, see The confused deputy problem in the IAM User Guide.

If you want to use the same target role with multiple associations or other roles, use independent statements in the trust policy to allow sts:AssumeRole access from each role.

" } }, "documentation":"

Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.

" @@ -4967,7 +5205,7 @@ }, "namespace":{ "shape":"String", - "documentation":"

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.

" + "documentation":"

The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the Pods that use the service account must be in this namespace.

" }, "serviceAccount":{ "shape":"String", @@ -4983,10 +5221,10 @@ }, "ownerArn":{ "shape":"String", - "documentation":"

If defined, the Pod Identity Association is owned by an Amazon EKS Addon.

" + "documentation":"

If defined, the association is owned by an Amazon EKS add-on.

" } }, - "documentation":"

The summarized description of the association.

Each summary is simplified by removing these fields compared to the full PodIdentityAssociation :

  • The IAM role: roleArn

  • The timestamp that the association was created at: createdAt

  • The most recent timestamp that the association was modified at:. modifiedAt

  • The tags on the association: tags

" + "documentation":"

The summarized description of the association.

Each summary is simplified by removing these fields compared to the full PodIdentityAssociation :

  • The IAM role: roleArn

  • The timestamp that the association was created at: createdAt

  • The most recent timestamp that the association was modified at:. modifiedAt

  • The tags on the association: tags

" }, "Provider":{ "type":"structure", @@ -5049,14 +5287,14 @@ "members":{ "remoteNodeNetworks":{ "shape":"RemoteNodeNetworkList", - "documentation":"

The list of network CIDRs that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" + "documentation":"

The list of network CIDRs that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" }, "remotePodNetworks":{ "shape":"RemotePodNetworkList", - "documentation":"

The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" + "documentation":"

The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" } }, - "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.

" + "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can add, change, or remove this configuration after the cluster is created.

" }, "RemoteNetworkConfigResponse":{ "type":"structure", @@ -5070,17 +5308,17 @@ "documentation":"

The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.

" } }, - "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can't change or update this configuration after the cluster is created.

" + "documentation":"

The configuration in the cluster for EKS Hybrid Nodes. You can add, change, or remove this configuration after the cluster is created.

" }, "RemoteNodeNetwork":{ "type":"structure", "members":{ "cidrs":{ "shape":"StringList", - "documentation":"

A network CIDR that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" + "documentation":"

A network CIDR that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" } }, - "documentation":"

A network CIDR that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" + "documentation":"

A network CIDR that can contain hybrid nodes.

These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

  • Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including Transit Gateway, Site-to-Site VPN, or Direct Connect.

  • Each host must allow outbound connection to the EKS cluster control plane on TCP ports 443 and 10250.

  • Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations.

  • Each host must allow TCP and UDP network connectivity to and from other hosts that are running CoreDNS on UDP port 53 for service and pod DNS names.

" }, "RemoteNodeNetworkList":{ "type":"list", @@ -5092,16 +5330,24 @@ "members":{ "cidrs":{ "shape":"StringList", - "documentation":"

A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" + "documentation":"

A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" } }, - "documentation":"

A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /24, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" + "documentation":"

A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes.

These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.

Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, 10.2.0.0/16).

It must satisfy the following requirements:

  • Each block must be within an IPv4 RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported.

  • Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range.

" }, "RemotePodNetworkList":{ "type":"list", "member":{"shape":"RemotePodNetwork"}, "max":1 }, + "RepairAction":{ + "type":"string", + "enum":[ + "Replace", + "Reboot", + "NoAction" + ] + }, "ResolveConflicts":{ "type":"string", "enum":[ @@ -5249,6 +5495,31 @@ "exception":true, "fault":true }, + "StartInsightsRefreshRequest":{ + "type":"structure", + "required":["clusterName"], + "members":{ + "clusterName":{ + "shape":"String", + "documentation":"

The name of the cluster for the refresh insights operation.

", + "location":"uri", + "locationName":"name" + } + } + }, + "StartInsightsRefreshResponse":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

The message associated with the insights refresh operation.

" + }, + "status":{ + "shape":"InsightsRefreshStatus", + "documentation":"

The current status of the insights refresh operation.

" + } + } + }, "StorageConfigRequest":{ "type":"structure", "members":{ @@ -5322,8 +5593,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5356,6 +5626,19 @@ "PREFER_NO_SCHEDULE" ] }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "clusterName":{ + "shape":"String", + "documentation":"

The Amazon EKS cluster associated with the exception.

" + }, + "message":{"shape":"String"} + }, + "documentation":"

The request or operation couldn't be performed because a service is throttling requests.

", + "error":{"httpStatusCode":429}, + "exception":true + }, "Timestamp":{"type":"timestamp"}, "UnsupportedAvailabilityZoneException":{ "type":"structure", @@ -5404,8 +5687,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Update":{ "type":"structure", @@ -5532,7 +5814,7 @@ }, "podIdentityAssociations":{ "shape":"AddonPodIdentityAssociationsList", - "documentation":"

An array of Pod Identity Assocations to be updated. Each EKS Pod Identity association maps a Kubernetes service account to an IAM Role. If this value is left blank, no change. If an empty array is provided, existing Pod Identity Assocations owned by the Addon are deleted.

For more information, see Attach an IAM Role to an Amazon EKS add-on using Pod Identity in the Amazon EKS User Guide.

" + "documentation":"

An array of EKS Pod Identity associations to be updated. Each association maps a Kubernetes service account to an IAM role. If this value is left blank, no change. If an empty array is provided, existing associations owned by the add-on are deleted.

For more information, see Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity in the Amazon EKS User Guide.

" } } }, @@ -5582,6 +5864,11 @@ "storageConfig":{ "shape":"StorageConfigRequest", "documentation":"

Update the configuration of the block storage capability of your EKS Auto Mode cluster. For example, enable the capability.

" + }, + "remoteNetworkConfig":{"shape":"RemoteNetworkConfigRequest"}, + "deletionProtection":{ + "shape":"BoxedBoolean", + "documentation":"

Specifies whether to enable or disable deletion protection for the cluster. When enabled (true), the cluster cannot be deleted until deletion protection is explicitly disabled. When disabled (false), the cluster can be deleted normally.

" } } }, @@ -5612,6 +5899,10 @@ "shape":"String", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", "idempotencyToken":true + }, + "force":{ + "shape":"Boolean", + "documentation":"

Set this value to true to override upgrade-blocking readiness checks when updating a cluster.

" } } }, @@ -5752,7 +6043,7 @@ }, "launchTemplate":{ "shape":"LaunchTemplateSpecification", - "documentation":"

An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template.

" + "documentation":"

An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template. When updating, you must specify the same launch template ID or name that was used to create the node group.

" }, "force":{ "shape":"Boolean", @@ -5822,7 +6113,10 @@ "ZonalShiftConfig", "ComputeConfig", "StorageConfig", - "KubernetesNetworkConfig" + "KubernetesNetworkConfig", + "RemoteNetworkConfig", + "DeletionProtection", + "NodeRepairConfig" ] }, "UpdateParams":{ @@ -5850,12 +6144,20 @@ }, "roleArn":{ "shape":"String", - "documentation":"

The new IAM role to change the

" + "documentation":"

The new IAM role to change in the association.

" }, "clientRequestToken":{ "shape":"String", "documentation":"

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

", "idempotencyToken":true + }, + "disableSessionTags":{ + "shape":"BoxedBoolean", + "documentation":"

Disable the automatic sessions tags that are appended by EKS Pod Identity.

EKS Pod Identity adds a pre-defined set of session tags when it assumes the role. You can use these tags to author a single role that can work across resources by allowing access to Amazon Web Services resources based on matching tags. By default, EKS Pod Identity attaches six tags, including tags for cluster name, namespace, and service account name. For the list of tags added by EKS Pod Identity, see List of session tags added by EKS Pod Identity in the Amazon EKS User Guide.

Amazon Web Services compresses inline session policies, managed policy ARNs, and session tags into a packed binary format that has a separate limit. If you receive a PackedPolicyTooLarge error indicating the packed binary format has exceeded the size limit, you can attempt to reduce the size by disabling the session tags added by EKS Pod Identity.

" + }, + "targetRoleArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the target IAM role to associate with the service account. This role is assumed by using the EKS Pod Identity association role, then the credentials for this role are injected into the Pod.

When you run applications on Amazon EKS, your application might need to access Amazon Web Services resources from a different role that exists in the same or different Amazon Web Services account. For example, your application running in “Account A” might need to access resources, such as buckets in “Account B” or within “Account A” itself. You can create a association to access Amazon Web Services resources in “Account B” by creating two IAM roles: a role in “Account A” and a role in “Account B” (which can be the same or different account), each with the necessary trust and permission policies. After you provide these roles in the IAM role and Target IAM role fields, EKS will perform role chaining to ensure your application gets the required permissions. This means Role A will assume Role B, allowing your Pods to securely access resources like S3 buckets in the target account.

" } } }, @@ -5864,7 +6166,7 @@ "members":{ "association":{ "shape":"PodIdentityAssociation", - "documentation":"

The full description of the EKS Pod Identity association that was updated.

" + "documentation":"

The full description of the association that was updated.

" } } }, @@ -5906,7 +6208,9 @@ "AccessConfigUpdate", "UpgradePolicyUpdate", "ZonalShiftConfigUpdate", - "AutoModeUpdate" + "AutoModeUpdate", + "RemoteNetworkConfigUpdate", + "DeletionProtectionUpdate" ] }, "UpgradePolicyRequest":{ @@ -5929,6 +6233,14 @@ }, "documentation":"

This value indicates if extended support is enabled or disabled for the cluster.

Learn more about EKS Extended Support in the Amazon EKS User Guide.

" }, + "VersionStatus":{ + "type":"string", + "enum":[ + "UNSUPPORTED", + "STANDARD_SUPPORT", + "EXTENDED_SUPPORT" + ] + }, "VpcConfigRequest":{ "type":"structure", "members":{ @@ -5942,15 +6254,15 @@ }, "endpointPublicAccess":{ "shape":"BoxedBoolean", - "documentation":"

Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

" + "documentation":"

Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the ipFamily for the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

" }, "endpointPrivateAccess":{ "shape":"BoxedBoolean", - "documentation":"

Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

" + "documentation":"

Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

" }, "publicAccessCidrs":{ "shape":"StringList", - "documentation":"

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

" + "documentation":"

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack `IPv6` clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.

" } }, "documentation":"

An object representing the VPC configuration to use for an Amazon EKS cluster.

" @@ -5980,11 +6292,11 @@ }, "endpointPrivateAccess":{ "shape":"Boolean", - "documentation":"

This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Amazon EKS cluster endpoint access control in the Amazon EKS User Guide .

" + "documentation":"

This parameter indicates whether the Amazon EKS private API server endpoint is enabled. If the Amazon EKS private API server endpoint is enabled, Kubernetes API requests that originate from within your cluster's VPC use the private VPC endpoint instead of traversing the internet. If this value is disabled and you have nodes or Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

" }, "publicAccessCidrs":{ "shape":"StringList", - "documentation":"

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.

" + "documentation":"

The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0 and additionally ::/0 for dual-stack `IPv6` clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and Fargate Pod in the cluster. For more information, see Cluster API server endpoint in the Amazon EKS User Guide .

Note that the public endpoints are dual-stack for only IPv6 clusters that are made after October 2024. You can't add IPv6 CIDR blocks to IPv4 clusters or IPv6 clusters that were made before October 2024.

" } }, "documentation":"

An object representing an Amazon EKS cluster VPC configuration response.

" @@ -6041,6 +6353,11 @@ "key":{"shape":"labelKey"}, "value":{"shape":"labelValue"} }, + "namespace":{ + "type":"string", + "max":63, + "min":1 + }, "requiredClaimsKey":{ "type":"string", "max":63, diff -pruN 2.23.6-1/awscli/botocore/data/eks-auth/2023-11-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/eks-auth/2023-11-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/eks-auth/2023-11-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/eks-auth/2023-11-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.elastic-inference-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.elastic-inference-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.elastic-inference.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://api.elastic-inference.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/paginators-1.json 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/paginators-1.json --- 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -{ - "pagination": { - "DescribeAccelerators": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "acceleratorSet" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/elastic-inference/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elastic-inference/2017-07-25/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,537 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2017-07-25", - "endpointPrefix":"api.elastic-inference", - "jsonVersion":"1.1", - "protocol":"rest-json", - "protocols":["rest-json"], - "serviceAbbreviation":"Amazon Elastic Inference", - "serviceFullName":"Amazon Elastic Inference", - "serviceId":"Elastic Inference", - "signatureVersion":"v4", - "signingName":"elastic-inference", - "uid":"elastic-inference-2017-07-25", - "auth":["aws.auth#sigv4"] - }, - "operations":{ - "DescribeAcceleratorOfferings":{ - "name":"DescribeAcceleratorOfferings", - "http":{ - "method":"POST", - "requestUri":"/describe-accelerator-offerings" - }, - "input":{"shape":"DescribeAcceleratorOfferingsRequest"}, - "output":{"shape":"DescribeAcceleratorOfferingsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Describes the locations in which a given accelerator type or set of types is present in a given region.

" - }, - "DescribeAcceleratorTypes":{ - "name":"DescribeAcceleratorTypes", - "http":{ - "method":"GET", - "requestUri":"/describe-accelerator-types" - }, - "input":{"shape":"DescribeAcceleratorTypesRequest"}, - "output":{"shape":"DescribeAcceleratorTypesResponse"}, - "errors":[ - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Describes the accelerator types available in a given region, as well as their characteristics, such as memory and throughput.

" - }, - "DescribeAccelerators":{ - "name":"DescribeAccelerators", - "http":{ - "method":"POST", - "requestUri":"/describe-accelerators" - }, - "input":{"shape":"DescribeAcceleratorsRequest"}, - "output":{"shape":"DescribeAcceleratorsResponse"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Describes information over a provided set of accelerators belonging to an account.

" - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResult"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Returns all tags of an Elastic Inference Accelerator.

" - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResult"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Adds the specified tags to an Elastic Inference Accelerator.

" - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResult"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

Amazon Elastic Inference is no longer available.

Removes the specified tags from an Elastic Inference Accelerator.

" - } - }, - "shapes":{ - "AcceleratorHealthStatus":{ - "type":"string", - "max":256, - "min":1 - }, - "AcceleratorId":{ - "type":"string", - "max":256, - "min":1, - "pattern":"^eia-[0-9a-f]+$" - }, - "AcceleratorIdList":{ - "type":"list", - "member":{"shape":"AcceleratorId"}, - "max":1000, - "min":0 - }, - "AcceleratorType":{ - "type":"structure", - "members":{ - "acceleratorTypeName":{ - "shape":"AcceleratorTypeName", - "documentation":"

The name of the Elastic Inference Accelerator type.

" - }, - "memoryInfo":{ - "shape":"MemoryInfo", - "documentation":"

The memory information of the Elastic Inference Accelerator type.

" - }, - "throughputInfo":{ - "shape":"ThroughputInfoList", - "documentation":"

The throughput information of the Elastic Inference Accelerator type.

" - } - }, - "documentation":"

The details of an Elastic Inference Accelerator type.

" - }, - "AcceleratorTypeList":{ - "type":"list", - "member":{"shape":"AcceleratorType"}, - "max":100, - "min":0 - }, - "AcceleratorTypeName":{ - "type":"string", - "max":256, - "min":1, - "pattern":"^\\S+$" - }, - "AcceleratorTypeNameList":{ - "type":"list", - "member":{"shape":"AcceleratorTypeName"}, - "max":100, - "min":0 - }, - "AcceleratorTypeOffering":{ - "type":"structure", - "members":{ - "acceleratorType":{ - "shape":"AcceleratorTypeName", - "documentation":"

The name of the Elastic Inference Accelerator type.

" - }, - "locationType":{ - "shape":"LocationType", - "documentation":"

The location type for the offering. It can assume the following values: region: defines that the offering is at the regional level. availability-zone: defines that the offering is at the availability zone level. availability-zone-id: defines that the offering is at the availability zone level, defined by the availability zone id.

" - }, - "location":{ - "shape":"Location", - "documentation":"

The location for the offering. It will return either the region, availability zone or availability zone id for the offering depending on the locationType value.

" - } - }, - "documentation":"

The offering for an Elastic Inference Accelerator type.

" - }, - "AcceleratorTypeOfferingList":{ - "type":"list", - "member":{"shape":"AcceleratorTypeOffering"}, - "max":100, - "min":0 - }, - "AvailabilityZone":{ - "type":"string", - "max":256, - "min":1 - }, - "BadRequestException":{ - "type":"structure", - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

Raised when a malformed input has been provided to the API.

", - "error":{"httpStatusCode":400}, - "exception":true - }, - "DescribeAcceleratorOfferingsRequest":{ - "type":"structure", - "required":["locationType"], - "members":{ - "locationType":{ - "shape":"LocationType", - "documentation":"

The location type that you want to describe accelerator type offerings for. It can assume the following values: region: will return the accelerator type offering at the regional level. availability-zone: will return the accelerator type offering at the availability zone level. availability-zone-id: will return the accelerator type offering at the availability zone level returning the availability zone id.

" - }, - "acceleratorTypes":{ - "shape":"AcceleratorTypeNameList", - "documentation":"

The list of accelerator types to describe.

" - } - } - }, - "DescribeAcceleratorOfferingsResponse":{ - "type":"structure", - "members":{ - "acceleratorTypeOfferings":{ - "shape":"AcceleratorTypeOfferingList", - "documentation":"

The list of accelerator type offerings for a specific location.

" - } - } - }, - "DescribeAcceleratorTypesRequest":{ - "type":"structure", - "members":{ - } - }, - "DescribeAcceleratorTypesResponse":{ - "type":"structure", - "members":{ - "acceleratorTypes":{ - "shape":"AcceleratorTypeList", - "documentation":"

The available accelerator types.

" - } - } - }, - "DescribeAcceleratorsRequest":{ - "type":"structure", - "members":{ - "acceleratorIds":{ - "shape":"AcceleratorIdList", - "documentation":"

The IDs of the accelerators to describe.

" - }, - "filters":{ - "shape":"FilterList", - "documentation":"

One or more filters. Filter names and values are case-sensitive. Valid filter names are: accelerator-types: can provide a list of accelerator type names to filter for. instance-id: can provide a list of EC2 instance ids to filter for.

" - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

The total number of items to return in the command's output. If the total number of items available is more than the value specified, a NextToken is provided in the command's output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. Do not use the NextToken response element directly outside of the AWS CLI.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

A token to specify where to start paginating. This is the NextToken from a previously truncated response.

" - } - } - }, - "DescribeAcceleratorsResponse":{ - "type":"structure", - "members":{ - "acceleratorSet":{ - "shape":"ElasticInferenceAcceleratorSet", - "documentation":"

The details of the Elastic Inference Accelerators.

" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

A token to specify where to start paginating. This is the NextToken from a previously truncated response.

" - } - } - }, - "ElasticInferenceAccelerator":{ - "type":"structure", - "members":{ - "acceleratorHealth":{ - "shape":"ElasticInferenceAcceleratorHealth", - "documentation":"

The health of the Elastic Inference Accelerator.

" - }, - "acceleratorType":{ - "shape":"AcceleratorTypeName", - "documentation":"

The type of the Elastic Inference Accelerator.

" - }, - "acceleratorId":{ - "shape":"AcceleratorId", - "documentation":"

The ID of the Elastic Inference Accelerator.

" - }, - "availabilityZone":{ - "shape":"AvailabilityZone", - "documentation":"

The availability zone where the Elastic Inference Accelerator is present.

" - }, - "attachedResource":{ - "shape":"ResourceArn", - "documentation":"

The ARN of the resource that the Elastic Inference Accelerator is attached to.

" - } - }, - "documentation":"

The details of an Elastic Inference Accelerator.

" - }, - "ElasticInferenceAcceleratorHealth":{ - "type":"structure", - "members":{ - "status":{ - "shape":"AcceleratorHealthStatus", - "documentation":"

The health status of the Elastic Inference Accelerator.

" - } - }, - "documentation":"

The health details of an Elastic Inference Accelerator.

" - }, - "ElasticInferenceAcceleratorSet":{ - "type":"list", - "member":{"shape":"ElasticInferenceAccelerator"} - }, - "Filter":{ - "type":"structure", - "members":{ - "name":{ - "shape":"FilterName", - "documentation":"

The filter name for the Elastic Inference Accelerator list. It can assume the following values: accelerator-type: the type of Elastic Inference Accelerator to filter for. instance-id: an EC2 instance id to filter for.

" - }, - "values":{ - "shape":"ValueStringList", - "documentation":"

The values for the filter of the Elastic Inference Accelerator list.

" - } - }, - "documentation":"

A filter expression for the Elastic Inference Accelerator list.

" - }, - "FilterList":{ - "type":"list", - "member":{"shape":"Filter"}, - "max":100, - "min":0 - }, - "FilterName":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^\\S+$" - }, - "Integer":{"type":"integer"}, - "InternalServerException":{ - "type":"structure", - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

Raised when an unexpected error occurred during request processing.

", - "error":{"httpStatusCode":500}, - "exception":true - }, - "Key":{ - "type":"string", - "max":256, - "min":1, - "pattern":"^\\S+$" - }, - "KeyValuePair":{ - "type":"structure", - "members":{ - "key":{ - "shape":"Key", - "documentation":"

The throughput value of the Elastic Inference Accelerator type. It can assume the following values: TFLOPS16bit: the throughput expressed in 16bit TeraFLOPS. TFLOPS32bit: the throughput expressed in 32bit TeraFLOPS.

" - }, - "value":{ - "shape":"Value", - "documentation":"

The throughput value of the Elastic Inference Accelerator type.

" - } - }, - "documentation":"

A throughput entry for an Elastic Inference Accelerator type.

" - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["resourceArn"], - "members":{ - "resourceArn":{ - "shape":"ResourceARN", - "documentation":"

The ARN of the Elastic Inference Accelerator to list the tags for.

", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResult":{ - "type":"structure", - "members":{ - "tags":{ - "shape":"TagMap", - "documentation":"

The tags of the Elastic Inference Accelerator.

" - } - } - }, - "Location":{ - "type":"string", - "max":256, - "min":1 - }, - "LocationType":{ - "type":"string", - "enum":[ - "region", - "availability-zone", - "availability-zone-id" - ], - "max":256, - "min":1 - }, - "MaxResults":{ - "type":"integer", - "max":100, - "min":0 - }, - "MemoryInfo":{ - "type":"structure", - "members":{ - "sizeInMiB":{ - "shape":"Integer", - "documentation":"

The size in mebibytes of the Elastic Inference Accelerator type.

" - } - }, - "documentation":"

The memory information of an Elastic Inference Accelerator type.

" - }, - "NextToken":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"^[A-Za-z0-9+/]+={0,2}$" - }, - "ResourceARN":{ - "type":"string", - "max":1011, - "min":1, - "pattern":"^arn:aws[^\\s:]*:elastic-inference:[^\\s:]+:\\d{12}:elastic-inference-accelerator/eia-[0-9a-f]+$" - }, - "ResourceArn":{ - "type":"string", - "max":1283, - "min":1 - }, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

Raised when the requested resource cannot be found.

", - "error":{"httpStatusCode":404}, - "exception":true - }, - "String":{ - "type":"string", - "max":500000, - "pattern":"^.*$" - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^\\S$" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":50, - "min":1 - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":50, - "min":1 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tags" - ], - "members":{ - "resourceArn":{ - "shape":"ResourceARN", - "documentation":"

The ARN of the Elastic Inference Accelerator to tag.

", - "location":"uri", - "locationName":"resourceArn" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags to add to the Elastic Inference Accelerator.

" - } - } - }, - "TagResourceResult":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "pattern":".*" - }, - "ThroughputInfoList":{ - "type":"list", - "member":{"shape":"KeyValuePair"}, - "max":100, - "min":0 - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tagKeys" - ], - "members":{ - "resourceArn":{ - "shape":"ResourceARN", - "documentation":"

The ARN of the Elastic Inference Accelerator to untag.

", - "location":"uri", - "locationName":"resourceArn" - }, - "tagKeys":{ - "shape":"TagKeyList", - "documentation":"

The list of tags to remove from the Elastic Inference Accelerator.

", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResult":{ - "type":"structure", - "members":{ - } - }, - "Value":{"type":"integer"}, - "ValueStringList":{ - "type":"list", - "member":{"shape":"String"}, - "max":100, - "min":0 - } - }, - "documentation":"

Amazon Elastic Inference is no longer available.

Elastic Inference public APIs.

" -} diff -pruN 2.23.6-1/awscli/botocore/data/elasticache/2015-02-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elasticache/2015-02-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elasticache/2015-02-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elasticache/2015-02-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elasticache/2015-02-02/service-2.json 2.31.35-1/awscli/botocore/data/elasticache/2015-02-02/service-2.json --- 2.23.6-1/awscli/botocore/data/elasticache/2015-02-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elasticache/2015-02-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -400,7 +400,7 @@ {"shape":"InvalidParameterCombinationException"}, {"shape":"TagQuotaPerResourceExceeded"} ], - "documentation":"

For Valkey engine version 7.2 onwards and Redis OSS 6.0 and onwards: Creates a user. For more information, see Using Role Based Access Control (RBAC).

" + "documentation":"

For Valkey engine version 7.2 onwards and Redis OSS 6.0 to 7.1: Creates a user. For more information, see Using Role Based Access Control (RBAC).

" }, "CreateUserGroup":{ "name":"CreateUserGroup", @@ -423,7 +423,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"TagQuotaPerResourceExceeded"} ], - "documentation":"

For Valkey engine version 7.2 onwards and Redis OSS 6.0 onwards: Creates a user group. For more information, see Using Role Based Access Control (RBAC)

" + "documentation":"

For Valkey engine version 7.2 onwards and Redis OSS 6.0 to 7.1: Creates a user group. For more information, see Using Role Based Access Control (RBAC)

" }, "DecreaseNodeGroupsInGlobalReplicationGroup":{ "name":"DecreaseNodeGroupsInGlobalReplicationGroup", @@ -1559,8 +1559,7 @@ "shapes":{ "APICallRateForCustomerExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The customer has exceeded the allowed rate of API calls.

", "error":{ "code":"APICallRateForCustomerExceeded", @@ -1671,8 +1670,7 @@ }, "AuthorizationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon EC2 security group is already authorized for the specified cache security group.

", "error":{ "code":"AuthorizationAlreadyExists", @@ -1683,8 +1681,7 @@ }, "AuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Amazon EC2 security group is not authorized for the specified cache security group.

", "error":{ "code":"AuthorizationNotFound", @@ -1910,11 +1907,11 @@ }, "NetworkType":{ "shape":"NetworkType", - "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type associated with the cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type associated with the cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "TransitEncryptionMode":{ "shape":"TransitEncryptionMode", @@ -1926,8 +1923,7 @@ }, "CacheClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a cluster with the given identifier.

", "error":{ "code":"CacheClusterAlreadyExists", @@ -1964,8 +1960,7 @@ }, "CacheClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cluster ID does not refer to an existing cluster.

", "error":{ "code":"CacheClusterNotFound", @@ -2217,8 +2212,7 @@ }, "CacheParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A cache parameter group with the requested name already exists.

", "error":{ "code":"CacheParameterGroupAlreadyExists", @@ -2264,8 +2258,7 @@ }, "CacheParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache parameter group name does not refer to an existing cache parameter group.

", "error":{ "code":"CacheParameterGroupNotFound", @@ -2276,8 +2269,7 @@ }, "CacheParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the maximum number of cache security groups.

", "error":{ "code":"CacheParameterGroupQuotaExceeded", @@ -2347,8 +2339,7 @@ }, "CacheSecurityGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A cache security group with the specified name already exists.

", "error":{ "code":"CacheSecurityGroupAlreadyExists", @@ -2401,8 +2392,7 @@ }, "CacheSecurityGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache security group name does not refer to an existing cache security group.

", "error":{ "code":"CacheSecurityGroupNotFound", @@ -2413,8 +2403,7 @@ }, "CacheSecurityGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of cache security groups.

", "error":{ "code":"QuotaExceeded.CacheSecurityGroup", @@ -2455,7 +2444,7 @@ }, "SupportedNetworkTypes":{ "shape":"NetworkTypeList", - "documentation":"

Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" } }, "documentation":"

Represents the output of one of the following operations:

  • CreateCacheSubnetGroup

  • ModifyCacheSubnetGroup

", @@ -2463,8 +2452,7 @@ }, "CacheSubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache subnet group name is already in use by an existing cache subnet group.

", "error":{ "code":"CacheSubnetGroupAlreadyExists", @@ -2475,8 +2463,7 @@ }, "CacheSubnetGroupInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache subnet group is currently in use.

", "error":{ "code":"CacheSubnetGroupInUse", @@ -2501,8 +2488,7 @@ }, "CacheSubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache subnet group name does not refer to an existing cache subnet group.

", "error":{ "code":"CacheSubnetGroupNotFoundFault", @@ -2513,8 +2499,7 @@ }, "CacheSubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of cache subnet groups.

", "error":{ "code":"CacheSubnetGroupQuotaExceeded", @@ -2532,8 +2517,7 @@ }, "CacheSubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of subnets in a cache subnet group.

", "error":{ "code":"CacheSubnetQuotaExceededFault", @@ -2587,8 +2571,7 @@ }, "ClusterQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of clusters per customer.

", "error":{ "code":"ClusterQuotaForCustomerExceeded", @@ -2831,11 +2814,11 @@ }, "NetworkType":{ "shape":"NetworkType", - "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" } }, "documentation":"

Represents the input of a CreateCacheCluster operation.

" @@ -2860,7 +2843,7 @@ }, "CacheParameterGroupFamily":{ "shape":"String", - "documentation":"

The name of the cache parameter group family that the cache parameter group can be used with.

Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7

" + "documentation":"

The name of the cache parameter group family that the cache parameter group can be used with.

Valid values are: valkey8 | valkey7 | memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7

" }, "Description":{ "shape":"String", @@ -3024,7 +3007,7 @@ }, "Engine":{ "shape":"String", - "documentation":"

The name of the cache engine to be used for the clusters in this replication group. The value must be set to Redis.

" + "documentation":"

The name of the cache engine to be used for the clusters in this replication group. The value must be set to valkey or redis.

" }, "EngineVersion":{ "shape":"String", @@ -3092,7 +3075,7 @@ }, "AtRestEncryptionEnabled":{ "shape":"BooleanOptional", - "documentation":"

A flag that enables encryption at rest when set to true.

You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group.

Required: Only available when creating a replication group in an Amazon VPC using Redis OSS version 3.2.6, 4.x or later.

Default: false

" + "documentation":"

A flag that enables encryption at rest when set to true.

You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group.

Required: Only available when creating a replication group in an Amazon VPC using Valkey 7.2 and later, Redis OSS version 3.2.6, or Redis OSS 4.x and later.

Default: true when using Valkey, false when using Redis OSS

" }, "KmsKeyId":{ "shape":"String", @@ -3112,11 +3095,11 @@ }, "NetworkType":{ "shape":"NetworkType", - "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type you choose when creating a replication group, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type you choose when creating a replication group, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "TransitEncryptionMode":{ "shape":"TransitEncryptionMode", @@ -3289,7 +3272,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The current supported value is Redis user.

" + "documentation":"

Sets the engine listed in a user group. The options are valkey or redis.

" }, "UserIds":{ "shape":"UserIdListInput", @@ -3320,7 +3303,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The current supported value is Redis.

" + "documentation":"

The options are valkey or redis.

" }, "Passwords":{ "shape":"PasswordListInput", @@ -3445,7 +3428,7 @@ }, "ReplicaConfiguration":{ "shape":"ReplicaConfigurationList", - "documentation":"

A list of ConfigureShard objects that can be used to configure each shard in a Valkey or Redis OSS (cluster mode enabled) replication group. The ConfigureShard has three members: NewReplicaCount, NodeGroupId, and PreferredAvailabilityZones.

" + "documentation":"

A list of ConfigureShard objects that can be used to configure each shard in a Valkey or Redis OSS replication group. The ConfigureShard has three members: NewReplicaCount, NodeGroupId, and PreferredAvailabilityZones.

" }, "ReplicasToRemove":{ "shape":"RemoveReplicasList", @@ -3465,8 +3448,7 @@ }, "DefaultUserAssociatedToUserGroupFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The default user assigned to the user group.

", "error":{ "code":"DefaultUserAssociatedToUserGroup", @@ -3477,8 +3459,7 @@ }, "DefaultUserRequired":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You must add default user to a user group.

", "error":{ "code":"DefaultUserRequired", @@ -4286,8 +4267,7 @@ "Double":{"type":"double"}, "DuplicateUserNameFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A user with this username already exists.

", "error":{ "code":"DuplicateUserName", @@ -4597,8 +4577,7 @@ }, "GlobalReplicationGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Global datastore name already exists.

", "error":{ "code":"GlobalReplicationGroupAlreadyExistsFault", @@ -4664,8 +4643,7 @@ }, "GlobalReplicationGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Global datastore does not exist

", "error":{ "code":"GlobalReplicationGroupNotFoundFault", @@ -4747,8 +4725,7 @@ }, "InsufficientCacheClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache node type is not available in the specified Availability Zone. For more information, see InsufficientCacheClusterCapacity in the ElastiCache User Guide.

", "error":{ "code":"InsufficientCacheClusterCapacity", @@ -4761,8 +4738,7 @@ "IntegerOptional":{"type":"integer"}, "InvalidARNFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

", "error":{ "code":"InvalidARN", @@ -4773,8 +4749,7 @@ }, "InvalidCacheClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cluster is not in the available state.

", "error":{ "code":"InvalidCacheClusterState", @@ -4785,8 +4760,7 @@ }, "InvalidCacheParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The current state of the cache parameter group does not allow the requested operation to occur.

", "error":{ "code":"InvalidCacheParameterGroupState", @@ -4797,8 +4771,7 @@ }, "InvalidCacheSecurityGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The current state of the cache security group does not allow deletion.

", "error":{ "code":"InvalidCacheSecurityGroupState", @@ -4809,8 +4782,7 @@ }, "InvalidCredentialsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You must enter valid credentials.

", "error":{ "code":"InvalidCredentialsException", @@ -4821,8 +4793,7 @@ }, "InvalidGlobalReplicationGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The Global datastore is not available or in primary-only state.

", "error":{ "code":"InvalidGlobalReplicationGroupState", @@ -4833,8 +4804,7 @@ }, "InvalidKMSKeyFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The KMS key supplied is not valid.

", "error":{ "code":"InvalidKMSKeyFault", @@ -4879,8 +4849,7 @@ }, "InvalidReplicationGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested replication group is not in the available state.

", "error":{ "code":"InvalidReplicationGroupState", @@ -4891,8 +4860,7 @@ }, "InvalidServerlessCacheSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The state of the serverless cache snapshot was not received. Available for Valkey, Redis OSS and Serverless Memcached only.

", "error":{ "code":"InvalidServerlessCacheSnapshotStateFault", @@ -4903,8 +4871,7 @@ }, "InvalidServerlessCacheStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The account for these credentials is not currently active.

", "error":{ "code":"InvalidServerlessCacheStateFault", @@ -4915,8 +4882,7 @@ }, "InvalidSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The current state of the snapshot does not allow the requested operation to occur.

", "error":{ "code":"InvalidSnapshotState", @@ -4927,8 +4893,7 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An invalid subnet identifier was specified.

", "error":{ "code":"InvalidSubnet", @@ -4939,8 +4904,7 @@ }, "InvalidUserGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user group is not in an active state.

", "error":{ "code":"InvalidUserGroupState", @@ -4951,8 +4915,7 @@ }, "InvalidUserStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user is not in active state.

", "error":{ "code":"InvalidUserState", @@ -4963,8 +4926,7 @@ }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The VPC network is in an invalid state.

", "error":{ "code":"InvalidVPCNetworkStateFault", @@ -5167,7 +5129,7 @@ }, "Engine":{ "shape":"String", - "documentation":"

Modifies the engine listed in a cluster message. The options are redis, memcached or valkey.

" + "documentation":"

The engine type used by the cache cluster. The options are valkey, memcached or redis.

" }, "EngineVersion":{ "shape":"String", @@ -5203,7 +5165,11 @@ }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + }, + "ScaleConfig":{ + "shape":"ScaleConfig", + "documentation":"

Configures horizontal or vertical scaling for Memcached clusters, specifying the scaling percentage and interval.

" } }, "documentation":"

Represents the input of a ModifyCacheCluster operation.

" @@ -5415,7 +5381,7 @@ }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 and Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "TransitEncryptionEnabled":{ "shape":"BooleanOptional", @@ -5552,7 +5518,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The engine for a user group.

" + "documentation":"

Modifies the engine listed in a user group. The options are valkey or redis.

" } } }, @@ -5586,7 +5552,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The engine for a specific user.

" + "documentation":"

Modifies the engine listed for a user. The options are valkey or redis.

" } } }, @@ -5611,8 +5577,7 @@ }, "NoOperationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The operation was not performed because no changes were required.

", "error":{ "code":"NoOperationFault", @@ -5787,8 +5752,7 @@ }, "NodeGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The node group specified by the NodeGroupId parameter could not be found. Please verify that the node group exists and that you spelled the NodeGroupId value correctly.

", "error":{ "code":"NodeGroupNotFoundFault", @@ -5820,8 +5784,7 @@ }, "NodeGroupsPerReplicationGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the maximum allowed number of node groups (shards) in a single replication group. The default maximum is 90

", "error":{ "code":"NodeGroupsPerReplicationGroupQuotaExceeded", @@ -5846,8 +5809,7 @@ }, "NodeQuotaForClusterExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of cache nodes in a single cluster.

", "error":{ "code":"NodeQuotaForClusterExceeded", @@ -5858,8 +5820,7 @@ }, "NodeQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the allowed number of cache nodes per customer.

", "error":{ "code":"NodeQuotaForCustomerExceeded", @@ -6103,6 +6064,10 @@ "TransitEncryptionMode":{ "shape":"TransitEncryptionMode", "documentation":"

A setting that allows you to migrate your clients to use in-transit encryption, with no downtime.

" + }, + "ScaleConfig":{ + "shape":"ScaleConfig", + "documentation":"

The scaling configuration changes that are pending for the Memcached cluster.

" } }, "documentation":"

A group of settings that are applied to the cluster in the future, or that are currently being applied.

" @@ -6420,11 +6385,11 @@ }, "NetworkType":{ "shape":"NetworkType", - "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Must be either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "IpDiscovery":{ "shape":"IpDiscovery", - "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

The network type you choose when modifying a cluster, either ipv4 | ipv6. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" }, "TransitEncryptionMode":{ "shape":"TransitEncryptionMode", @@ -6444,8 +6409,7 @@ }, "ReplicationGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified replication group already exists.

", "error":{ "code":"ReplicationGroupAlreadyExists", @@ -6456,8 +6420,7 @@ }, "ReplicationGroupAlreadyUnderMigrationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The targeted replication group is not available.

", "error":{ "code":"ReplicationGroupAlreadyUnderMigrationFault", @@ -6494,8 +6457,7 @@ }, "ReplicationGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified replication group does not exist.

", "error":{ "code":"ReplicationGroupNotFoundFault", @@ -6506,8 +6468,7 @@ }, "ReplicationGroupNotUnderMigrationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The designated replication group is not available for data migration.

", "error":{ "code":"ReplicationGroupNotUnderMigrationFault", @@ -6626,8 +6587,7 @@ }, "ReservedCacheNodeAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a reservation with the given identifier.

", "error":{ "code":"ReservedCacheNodeAlreadyExists", @@ -6659,8 +6619,7 @@ }, "ReservedCacheNodeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested reserved cache node was not found.

", "error":{ "code":"ReservedCacheNodeNotFound", @@ -6671,8 +6630,7 @@ }, "ReservedCacheNodeQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the user's cache node quota.

", "error":{ "code":"ReservedCacheNodeQuotaExceeded", @@ -6743,8 +6701,7 @@ }, "ReservedCacheNodesOfferingNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested cache node offering does not exist.

", "error":{ "code":"ReservedCacheNodesOfferingNotFound", @@ -6832,6 +6789,20 @@ "CacheSecurityGroup":{"shape":"CacheSecurityGroup"} } }, + "ScaleConfig":{ + "type":"structure", + "members":{ + "ScalePercentage":{ + "shape":"IntegerOptional", + "documentation":"

The percentage by which to scale the Memcached cluster, either horizontally by adding nodes or vertically by increasing resources.

" + }, + "ScaleIntervalMinutes":{ + "shape":"IntegerOptional", + "documentation":"

The time interval in seconds between scaling operations when performing gradual scaling for a Memcached cluster.

" + } + }, + "documentation":"

Configuration settings for horizontal or vertical scaling operations on Memcached clusters.

" + }, "SecurityGroupIdsList":{ "type":"list", "member":{ @@ -6927,8 +6898,7 @@ }, "ServerlessCacheAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A serverless cache with this name already exists.

", "error":{ "code":"ServerlessCacheAlreadyExistsFault", @@ -6961,8 +6931,7 @@ }, "ServerlessCacheNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The serverless cache was not found or does not exist.

", "error":{ "code":"ServerlessCacheNotFoundFault", @@ -6973,8 +6942,7 @@ }, "ServerlessCacheQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of serverless caches exceeds the customer quota.

", "error":{ "code":"ServerlessCacheQuotaForCustomerExceededFault", @@ -7027,8 +6995,7 @@ }, "ServerlessCacheSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A serverless cache snapshot with this name already exists. Available for Valkey, Redis OSS and Serverless Memcached only.

", "error":{ "code":"ServerlessCacheSnapshotAlreadyExistsFault", @@ -7046,8 +7013,7 @@ }, "ServerlessCacheSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This serverless cache snapshot could not be found or does not exist. Available for Valkey, Redis OSS and Serverless Memcached only.

", "error":{ "code":"ServerlessCacheSnapshotNotFoundFault", @@ -7058,8 +7024,7 @@ }, "ServerlessCacheSnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of serverless cache snapshots exceeds the customer snapshot quota. Available for Valkey, Redis OSS and Serverless Memcached only.

", "error":{ "code":"ServerlessCacheSnapshotQuotaExceededFault", @@ -7070,8 +7035,7 @@ }, "ServiceLinkedRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified service linked role (SLR) was not found.

", "error":{ "code":"ServiceLinkedRoleNotFoundFault", @@ -7143,8 +7107,7 @@ }, "ServiceUpdateNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The service update doesn't exist

", "error":{ "code":"ServiceUpdateNotFoundFault", @@ -7331,8 +7294,7 @@ }, "SnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You already have a snapshot with the given name.

", "error":{ "code":"SnapshotAlreadyExistsFault", @@ -7350,8 +7312,7 @@ }, "SnapshotFeatureNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You attempted one of the following operations:

  • Creating a snapshot of a Valkey or Redis OSS cluster running on a cache.t1.micro cache node.

  • Creating a snapshot of a cluster that is running Memcached rather than Valkey or Redis OSS.

Neither of these are supported by ElastiCache.

", "error":{ "code":"SnapshotFeatureNotSupportedFault", @@ -7369,8 +7330,7 @@ }, "SnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested snapshot name does not refer to an existing snapshot.

", "error":{ "code":"SnapshotNotFoundFault", @@ -7381,8 +7341,7 @@ }, "SnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would exceed the maximum number of snapshots.

", "error":{ "code":"SnapshotQuotaExceededFault", @@ -7446,7 +7405,7 @@ }, "SupportedNetworkTypes":{ "shape":"NetworkTypeList", - "documentation":"

Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 and above or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" + "documentation":"

Either ipv4 | ipv6 | dual_stack. IPv6 is supported for workloads using Valkey 7.2 and above, Redis OSS engine version 6.2 to 7.1 or Memcached engine version 1.6.6 and above on all instances built on the Nitro system.

" } }, "documentation":"

Represents the subnet associated with a cluster. This parameter refers to subnets defined in Amazon Virtual Private Cloud (Amazon VPC) and used with ElastiCache.

" @@ -7467,8 +7426,7 @@ }, "SubnetInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested subnet is being used by another cache subnet group.

", "error":{ "code":"SubnetInUse", @@ -7486,8 +7444,7 @@ }, "SubnetNotAllowedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

At least one subnet ID does not match the other subnet IDs. This mismatch typically occurs when a user sets one subnet ID to a regional Availability Zone and a different one to an outpost. Or when a user sets the subnet ID to an Outpost when not subscribed on this service.

", "error":{ "code":"SubnetNotAllowedFault", @@ -7540,8 +7497,7 @@ }, "TagNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested tag was not found on this resource.

", "error":{ "code":"TagNotFound", @@ -7552,8 +7508,7 @@ }, "TagQuotaPerResourceExceeded":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request cannot be processed because it would cause the resource to have more than the allowed number of tags. The maximum number of tags permitted on a resource is 50.

", "error":{ "code":"TagQuotaPerResourceExceeded", @@ -7581,8 +7536,7 @@ }, "TestFailoverNotAvailableFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The TestFailover action is not available.

", "error":{ "code":"TestFailoverNotAvailableFault", @@ -7825,7 +7779,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The current supported value is Redis.

" + "documentation":"

The options are valkey or redis.

" }, "MinimumEngineVersion":{ "shape":"String", @@ -7851,8 +7805,7 @@ }, "UserAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A user with this ID already exists.

", "error":{ "code":"UserAlreadyExists", @@ -7874,7 +7827,7 @@ }, "Engine":{ "shape":"EngineType", - "documentation":"

The current supported value is Redis user.

" + "documentation":"

The options are valkey or redis.

" }, "UserIds":{ "shape":"UserIdList", @@ -7904,8 +7857,7 @@ }, "UserGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user group with this ID already exists.

", "error":{ "code":"UserGroupAlreadyExists", @@ -7934,8 +7886,7 @@ }, "UserGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user group was not found or does not exist

", "error":{ "code":"UserGroupNotFound", @@ -7960,8 +7911,7 @@ }, "UserGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of users exceeds the user group limit.

", "error":{ "code":"UserGroupQuotaExceeded", @@ -8008,8 +7958,7 @@ }, "UserNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The user does not exist or could not be found.

", "error":{ "code":"UserNotFound", @@ -8020,8 +7969,7 @@ }, "UserQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The quota of users has been exceeded.

", "error":{ "code":"UserQuotaExceeded", diff -pruN 2.23.6-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/service-2.json 2.31.35-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elasticbeanstalk/2010-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1170,8 +1170,7 @@ "CnameAvailability":{"type":"boolean"}, "CodeBuildNotInServiceRegionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

AWS CodeBuild is not available in the specified region.

", "error":{ "code":"CodeBuildNotInServiceRegionException", @@ -2675,8 +2674,7 @@ }, "InsufficientPrivilegesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account does not have sufficient privileges for one or more AWS services.

", "error":{ "code":"InsufficientPrivilegesException", @@ -2688,8 +2686,7 @@ "Integer":{"type":"integer"}, "InvalidRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more input parameters is not valid. Please correct the input parameters and try the operation again.

", "error":{ "code":"InvalidRequestException", @@ -2982,8 +2979,7 @@ }, "ManagedActionInvalidStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Cannot modify the managed action in its current state.

", "error":{ "code":"ManagedActionInvalidStateException", @@ -3058,8 +3054,7 @@ "OperatingSystemVersion":{"type":"string"}, "OperationInProgressException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Unable to perform the specified operation because another operation that effects an element in this activity is already in progress.

", "error":{ "code":"OperationInProgressFailure", @@ -3383,8 +3378,7 @@ "PlatformVersion":{"type":"string"}, "PlatformVersionStillReferencedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You cannot delete the platform version because there are still environments running on it.

", "error":{ "code":"PlatformVersionStillReferencedException", @@ -3458,8 +3452,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A resource doesn't exist for the specified Amazon Resource Name (ARN).

", "error":{ "code":"ResourceNotFoundException", @@ -3519,8 +3512,7 @@ }, "ResourceTypeNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The type of the specified Amazon Resource Name (ARN) isn't supported for this operation.

", "error":{ "code":"ResourceTypeNotSupportedException", @@ -3596,8 +3588,7 @@ }, "S3LocationNotInServiceRegionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified S3 bucket does not belong to the S3 region in which the service is running. The following regions are supported:

  • IAD/us-east-1

  • PDX/us-west-2

  • DUB/eu-west-1

", "error":{ "code":"S3LocationNotInServiceRegionException", @@ -3608,8 +3599,7 @@ }, "S3SubscriptionRequiredException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account does not have a subscription to Amazon S3.

", "error":{ "code":"S3SubscriptionRequiredException", @@ -3738,8 +3728,7 @@ }, "SourceBundleDeletionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Unable to delete the Amazon S3 source bundle associated with the application version. The application version was deleted successfully.

", "error":{ "code":"SourceBundleDeletionFailure", @@ -3917,15 +3906,13 @@ "Token":{"type":"string"}, "TooManyApplicationVersionsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account has reached its limit of application versions.

", "exception":true }, "TooManyApplicationsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account has reached its limit of applications.

", "error":{ "code":"TooManyApplicationsException", @@ -3936,8 +3923,7 @@ }, "TooManyBucketsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account has reached its limit of Amazon S3 buckets.

", "error":{ "code":"TooManyBucketsException", @@ -3948,8 +3934,7 @@ }, "TooManyConfigurationTemplatesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account has reached its limit of configuration templates.

", "error":{ "code":"TooManyConfigurationTemplatesException", @@ -3960,8 +3945,7 @@ }, "TooManyEnvironmentsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified account has reached its limit of environments.

", "error":{ "code":"TooManyEnvironmentsException", @@ -3972,8 +3956,7 @@ }, "TooManyPlatformsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You have exceeded the maximum number of allowed platforms associated with the account.

", "error":{ "code":"TooManyPlatformsException", @@ -3984,8 +3967,7 @@ }, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The number of tags in the resource would exceed the number of tags that each resource can have.

To calculate this, the operation considers both the number of tags the resource already has and the tags this operation would add if it succeeded.

", "error":{ "code":"TooManyTagsException", diff -pruN 2.23.6-1/awscli/botocore/data/elastictranscoder/2012-09-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elastictranscoder/2012-09-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elastictranscoder/2012-09-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elastictranscoder/2012-09-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elastictranscoder/2012-09-25/service-2.json 2.31.35-1/awscli/botocore/data/elastictranscoder/2012-09-25/service-2.json --- 2.23.6-1/awscli/botocore/data/elastictranscoder/2012-09-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elastictranscoder/2012-09-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -328,8 +328,7 @@ }, "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

General authentication failure. The request was not signed correctly.

", "error":{"httpStatusCode":403}, "exception":true @@ -491,8 +490,7 @@ }, "CancelJobResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The response body contains a JSON object. If the job is successfully canceled, the value of Success is true.

" }, "CaptionFormat":{ @@ -864,8 +862,7 @@ }, "DeletePipelineResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The DeletePipelineResponse structure.

" }, "DeletePresetRequest":{ @@ -883,8 +880,7 @@ }, "DeletePresetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The DeletePresetResponse structure.

" }, "Description":{ @@ -1026,8 +1022,7 @@ }, "IncompatibleVersionException":{ "type":"structure", - "members":{ - }, + "members":{}, "error":{"httpStatusCode":400}, "exception":true }, @@ -1051,8 +1046,7 @@ }, "InternalServiceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Elastic Transcoder encountered an unexpected exception while trying to fulfill the request.

", "exception":true, "fault":true @@ -1333,8 +1327,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Too many operations for a given AWS account. For example, the number of pipelines exceeds the maximum allowed.

", "error":{"httpStatusCode":429}, "exception":true @@ -1912,16 +1905,14 @@ }, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The resource you are attempting to change is in use. For example, you are attempting to delete a pipeline that is currently in use.

", "error":{"httpStatusCode":409}, "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested resource does not exist or is not available. For example, the pipeline to which you're trying to add a job doesn't exist or is still being created.

", "error":{"httpStatusCode":404}, "exception":true @@ -2212,8 +2203,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more required parameter values were not provided in the request.

", "error":{"httpStatusCode":400}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/elb/2012-06-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elb/2012-06-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elb/2012-06-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elb/2012-06-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elb/2012-06-01/service-2.json 2.31.35-1/awscli/botocore/data/elb/2012-06-01/service-2.json --- 2.23.6-1/awscli/botocore/data/elb/2012-06-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elb/2012-06-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -554,8 +554,7 @@ "AccessPointName":{"type":"string"}, "AccessPointNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified load balancer does not exist.

", "error":{ "code":"LoadBalancerNotFound", @@ -613,8 +612,7 @@ }, "AddTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of AddTags.

" }, "AdditionalAttribute":{ @@ -749,8 +747,7 @@ "Cardinality":{"type":"string"}, "CertificateNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ARN does not refer to a valid SSL certificate in AWS Identity and Access Management (IAM) or AWS Certificate Manager (ACM). Note that if you recently uploaded the certificate to IAM, this error might indicate that the certificate is not fully available yet.

", "error":{ "code":"CertificateNotFound", @@ -890,8 +887,7 @@ }, "CreateAppCookieStickinessPolicyOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output for CreateAppCookieStickinessPolicy.

" }, "CreateLBCookieStickinessPolicyInput":{ @@ -918,8 +914,7 @@ }, "CreateLBCookieStickinessPolicyOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output for CreateLBCookieStickinessPolicy.

" }, "CreateLoadBalancerListenerInput":{ @@ -942,8 +937,7 @@ }, "CreateLoadBalancerListenerOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the parameters for CreateLoadBalancerListener.

" }, "CreateLoadBalancerPolicyInput":{ @@ -975,8 +969,7 @@ }, "CreateLoadBalancerPolicyOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of CreateLoadBalancerPolicy.

" }, "CreatedTime":{"type":"timestamp"}, @@ -1007,8 +1000,7 @@ }, "DeleteAccessPointOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of DeleteLoadBalancer.

" }, "DeleteLoadBalancerListenerInput":{ @@ -1031,8 +1023,7 @@ }, "DeleteLoadBalancerListenerOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of DeleteLoadBalancerListeners.

" }, "DeleteLoadBalancerPolicyInput":{ @@ -1055,14 +1046,12 @@ }, "DeleteLoadBalancerPolicyOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of DeleteLoadBalancerPolicy.

" }, "DependencyThrottleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A request made by Elastic Load Balancing to another service exceeds the maximum request rate permitted for your account.

", "error":{ "code":"DependencyThrottle", @@ -1299,8 +1288,7 @@ }, "DuplicateAccessPointNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified load balancer name already exists for this account.

", "error":{ "code":"DuplicateLoadBalancerName", @@ -1311,8 +1299,7 @@ }, "DuplicateListenerException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A listener already exists for the specified load balancer name and port, but with a different instance port, protocol, or SSL certificate.

", "error":{ "code":"DuplicateListener", @@ -1323,8 +1310,7 @@ }, "DuplicatePolicyNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A policy with the specified name already exists for this load balancer.

", "error":{ "code":"DuplicatePolicyName", @@ -1335,8 +1321,7 @@ }, "DuplicateTagKeysException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A tag key was specified more than once.

", "error":{ "code":"DuplicateTagKeys", @@ -1448,8 +1433,7 @@ }, "InvalidConfigurationRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested configuration change is not valid.

", "error":{ "code":"InvalidConfigurationRequest", @@ -1460,8 +1444,7 @@ }, "InvalidEndPointException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified endpoint is not valid.

", "error":{ "code":"InvalidInstance", @@ -1472,8 +1455,7 @@ }, "InvalidSchemeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified value for the schema is not valid. You can only specify a scheme for load balancers in a VPC.

", "error":{ "code":"InvalidScheme", @@ -1484,8 +1466,7 @@ }, "InvalidSecurityGroupException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more of the specified security groups do not exist.

", "error":{ "code":"InvalidSecurityGroup", @@ -1496,8 +1477,7 @@ }, "InvalidSubnetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified VPC has no associated Internet gateway.

", "error":{ "code":"InvalidSubnet", @@ -1593,8 +1573,7 @@ }, "ListenerNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The load balancer does not have a listener configured at the specified port.

", "error":{ "code":"ListenerNotFound", @@ -1609,8 +1588,7 @@ }, "LoadBalancerAttributeNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified load balancer attribute does not exist.

", "error":{ "code":"LoadBalancerAttributeNotFound", @@ -1767,8 +1745,7 @@ "Name":{"type":"string"}, "OperationNotPermittedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This operation is not allowed.

", "error":{ "code":"OperationNotPermitted", @@ -1895,8 +1872,7 @@ }, "PolicyNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more of the specified policies do not exist.

", "error":{ "code":"PolicyNotFound", @@ -1934,8 +1910,7 @@ }, "PolicyTypeNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more of the specified policy types do not exist.

", "error":{ "code":"PolicyTypeNotFound", @@ -2026,8 +2001,7 @@ }, "RemoveTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of RemoveTags.

" }, "S3BucketName":{"type":"string"}, @@ -2064,8 +2038,7 @@ }, "SetLoadBalancerListenerSSLCertificateOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of SetLoadBalancerListenerSSLCertificate.

" }, "SetLoadBalancerPoliciesForBackendServerInput":{ @@ -2093,8 +2066,7 @@ }, "SetLoadBalancerPoliciesForBackendServerOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of SetLoadBalancerPoliciesForBackendServer.

" }, "SetLoadBalancerPoliciesOfListenerInput":{ @@ -2122,8 +2094,7 @@ }, "SetLoadBalancerPoliciesOfListenerOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Contains the output of SetLoadBalancePoliciesOfListener.

" }, "SourceSecurityGroup":{ @@ -2144,8 +2115,7 @@ "SubnetId":{"type":"string"}, "SubnetNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

One or more of the specified subnets do not exist.

", "error":{ "code":"SubnetNotFound", @@ -2225,8 +2195,7 @@ }, "TooManyAccessPointsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The quota for the number of load balancers has been reached.

", "error":{ "code":"TooManyLoadBalancers", @@ -2237,8 +2206,7 @@ }, "TooManyPoliciesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The quota for the number of policies for this load balancer has been reached.

", "error":{ "code":"TooManyPolicies", @@ -2249,8 +2217,7 @@ }, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The quota for the number of tags that can be assigned to a load balancer has been reached.

", "error":{ "code":"TooManyTags", @@ -2266,8 +2233,7 @@ }, "UnsupportedProtocolException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified protocol or signature version is not supported.

", "error":{ "code":"UnsupportedProtocol", diff -pruN 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/paginators-1.json 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -41,6 +41,24 @@ "limit_key": "PageSize", "output_token": "NextMarker", "result_key": "SslPolicies" + }, + "DescribeTrustStoreAssociations": { + "input_token": "Marker", + "limit_key": "PageSize", + "output_token": "NextMarker", + "result_key": "TrustStoreAssociations" + }, + "DescribeTrustStoreRevocations": { + "input_token": "Marker", + "limit_key": "PageSize", + "output_token": "NextMarker", + "result_key": "TrustStoreRevocations" + }, + "DescribeTrustStores": { + "input_token": "Marker", + "limit_key": "PageSize", + "output_token": "NextMarker", + "result_key": "TrustStores" } } } diff -pruN 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/service-2.json 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/elbv2/2015-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/elbv2/2015-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"TooManyCertificatesException"}, {"shape":"CertificateNotFoundException"} ], - "documentation":"

Adds the specified SSL server certificate to the certificate list for the specified HTTPS or TLS listener.

If the certificate in already in the certificate list, the call is successful but the certificate is not added again.

For more information, see HTTPS listeners in the Application Load Balancers Guide or TLS listeners in the Network Load Balancers Guide.

" + "documentation":"

Adds the specified SSL server certificate to the certificate list for the specified HTTPS or TLS listener.

If the certificate in already in the certificate list, the call is successful but the certificate is not added again.

For more information, see SSL certificates in the Application Load Balancers Guide or Server certificates in the Network Load Balancers Guide.

" }, "AddTags":{ "name":"AddTags", @@ -164,7 +164,7 @@ {"shape":"TooManyUniqueTargetGroupsPerLoadBalancerException"}, {"shape":"TooManyTagsException"} ], - "documentation":"

Creates a rule for the specified listener. The listener must be associated with an Application Load Balancer.

Each rule consists of a priority, one or more actions, and one or more conditions. Rules are evaluated in priority order, from the lowest value to the highest value. When the conditions for a rule are met, its actions are performed. If the conditions for no rules are met, the actions for the default rule are performed. For more information, see Listener rules in the Application Load Balancers Guide.

" + "documentation":"

Creates a rule for the specified listener. The listener must be associated with an Application Load Balancer.

Each rule consists of a priority, one or more actions, one or more conditions, and up to two optional transforms. Rules are evaluated in priority order, from the lowest value to the highest value. When the conditions for a rule are met, its actions are performed. If the conditions for no rules are met, the actions for the default rule are performed. For more information, see Listener rules in the Application Load Balancers Guide.

" }, "CreateTargetGroup":{ "name":"CreateTargetGroup", @@ -204,7 +204,7 @@ {"shape":"TooManyTagsException"}, {"shape":"DuplicateTagKeysException"} ], - "documentation":"

Creates a trust store.

" + "documentation":"

Creates a trust store.

For more information, see Mutual TLS for Application Load Balancers.

" }, "DeleteListener":{ "name":"DeleteListener", @@ -324,7 +324,7 @@ {"shape":"TargetGroupNotFoundException"}, {"shape":"InvalidTargetException"} ], - "documentation":"

Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.

The load balancer stops sending requests to targets that are deregistering, but uses connection draining to ensure that in-flight traffic completes on the existing connections. This deregistration delay is configured by default but can be updated for each target group.

For more information, see the following:

Note: If the specified target does not exist, the action returns successfully.

" + "documentation":"

Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.

The load balancer stops sending requests to targets that are deregistering, but uses connection draining to ensure that in-flight traffic completes on the existing connections. This deregistration delay is configured by default but can be updated for each target group.

For more information, see the following:

Note: If the specified target does not exist, the action returns successfully.

" }, "DescribeAccountLimits":{ "name":"DescribeAccountLimits", @@ -385,7 +385,7 @@ "errors":[ {"shape":"ListenerNotFoundException"} ], - "documentation":"

Describes the default certificate and the certificate list for the specified HTTPS or TLS listener.

If the default certificate is also in the certificate list, it appears twice in the results (once with IsDefault set to true and once with IsDefault set to false).

For more information, see SSL certificates in the Application Load Balancers Guide or Server certificates in the Network Load Balancers Guide.

" + "documentation":"

Describes the default certificate and the certificate list for the specified HTTPS or TLS listener.

If the default certificate is also in the certificate list, it appears twice in the results (once with IsDefault set to true and once with IsDefault set to false).

For more information, see SSL certificates in the Application Load Balancers Guide or Server certificates in the Network Load Balancers Guide.

" }, "DescribeListeners":{ "name":"DescribeListeners", @@ -453,7 +453,7 @@ {"shape":"RuleNotFoundException"}, {"shape":"UnsupportedProtocolException"} ], - "documentation":"

Describes the specified rules or the rules for the specified listener. You must specify either a listener or one or more rules.

" + "documentation":"

Describes the specified rules or the rules for the specified listener. You must specify either a listener or rules.

" }, "DescribeSSLPolicies":{ "name":"DescribeSSLPolicies", @@ -469,7 +469,7 @@ "errors":[ {"shape":"SSLPolicyNotFoundException"} ], - "documentation":"

Describes the specified policies or all policies used for SSL negotiation.

For more information, see Security policies in the Application Load Balancers Guide or Security policies in the Network Load Balancers Guide.

" + "documentation":"

Describes the specified policies or all policies used for SSL negotiation.

For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

" }, "DescribeTags":{ "name":"DescribeTags", @@ -663,6 +663,22 @@ ], "documentation":"

Modifies the capacity reservation of the specified load balancer.

When modifying capacity reservation, you must include at least one MinimumLoadBalancerCapacity or ResetCapacityReservation.

" }, + "ModifyIpPools":{ + "name":"ModifyIpPools", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyIpPoolsInput"}, + "output":{ + "shape":"ModifyIpPoolsOutput", + "resultWrapper":"ModifyIpPoolsResult" + }, + "errors":[ + {"shape":"LoadBalancerNotFoundException"} + ], + "documentation":"

[Application Load Balancers] Modify the IP pool associated to a load balancer.

" + }, "ModifyListener":{ "name":"ModifyListener", "http":{ @@ -826,7 +842,7 @@ {"shape":"InvalidTargetException"}, {"shape":"TooManyRegistrationsForTargetIdException"} ], - "documentation":"

Registers the specified targets with the specified target group.

If the target is an EC2 instance, it must be in the running state when you register it.

By default, the load balancer routes requests to registered targets using the protocol and port for the target group. Alternatively, you can override the port for a target when you register it. You can register each EC2 instance or IP address with the same target group multiple times using different ports.

With a Network Load Balancer, you can't register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, CS1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.

" + "documentation":"

Registers the specified targets with the specified target group.

If the target is an EC2 instance, it must be in the running state when you register it.

By default, the load balancer routes requests to registered targets using the protocol and port for the target group. Alternatively, you can override the port for a target when you register it. You can register each EC2 instance or IP address with the same target group multiple times using different ports.

For more information, see the following:

" }, "RemoveListenerCertificates":{ "name":"RemoveListenerCertificates", @@ -957,14 +973,13 @@ {"shape":"AvailabilityZoneNotSupportedException"}, {"shape":"CapacityReservationPendingException"} ], - "documentation":"

Enables the Availability Zones for the specified public subnets for the specified Application Load Balancer, Network Load Balancer or Gateway Load Balancer. The specified subnets replace the previously enabled subnets.

When you specify subnets for a Network Load Balancer, or Gateway Load Balancer you must include all subnets that were enabled previously, with their existing configurations, plus any additional subnets.

" + "documentation":"

Enables the Availability Zones for the specified public subnets for the specified Application Load Balancer, Network Load Balancer or Gateway Load Balancer. The specified subnets replace the previously enabled subnets.

" } }, "shapes":{ "ALPNPolicyNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ALPN policy is not supported.

", "error":{ "code":"ALPNPolicyNotFound", @@ -983,7 +998,7 @@ }, "TargetGroupArn":{ "shape":"TargetGroupArn", - "documentation":"

The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

" + "documentation":"

The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to multiple target groups, you must use ForwardConfig instead.

" }, "AuthenticateOidcConfig":{ "shape":"AuthenticateOidcActionConfig", @@ -1007,10 +1022,14 @@ }, "ForwardConfig":{ "shape":"ForwardActionConfig", - "documentation":"

Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.

" + "documentation":"

Information for creating an action that distributes requests among multiple target groups. Specify only when Type is forward.

If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.

" + }, + "JwtValidationConfig":{ + "shape":"JwtValidationActionConfig", + "documentation":"

[HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when Type is jwt-validation.

" } }, - "documentation":"

Information about an action.

Each rule must include exactly one of the following types of actions: forward, fixed-response, or redirect, and it must be the last action to be performed.

" + "documentation":"

Information about an action.

Each rule must include exactly one of the following routing actions: forward, fixed-response, or redirect, and it must be the last action to be performed.

Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: authenticate-oidc, authenticate-cognito, or jwt-validation.

" }, "ActionOrder":{ "type":"integer", @@ -1024,7 +1043,8 @@ "authenticate-oidc", "authenticate-cognito", "redirect", - "fixed-response" + "fixed-response", + "jwt-validation" ] }, "Actions":{ @@ -1076,8 +1096,7 @@ }, "AddTagsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AddTrustStoreRevocationsInput":{ "type":"structure", @@ -1130,8 +1149,7 @@ "AllocationId":{"type":"string"}, "AllocationIdNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified allocation ID does not exist.

", "error":{ "code":"AllocationIdNotFound", @@ -1344,8 +1362,7 @@ }, "AvailabilityZoneNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified Availability Zone is not supported.

", "error":{ "code":"AvailabilityZoneNotSupported", @@ -1360,8 +1377,7 @@ }, "CaCertificatesBundleNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ca certificate bundle does not exist.

", "error":{ "code":"CaCertificatesBundleNotFound", @@ -1373,8 +1389,7 @@ "CanonicalHostedZoneId":{"type":"string"}, "CapacityDecreaseRequestsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've exceeded the daily capacity decrease limit for this reservation.

", "error":{ "code":"CapacityDecreaseRequestLimitExceeded", @@ -1385,8 +1400,7 @@ }, "CapacityReservationPendingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is a pending capacity reservation.

", "error":{ "code":"CapacityReservationPending", @@ -1422,8 +1436,7 @@ "CapacityUnitsDouble":{"type":"double"}, "CapacityUnitsLimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've exceeded the capacity units limit.

", "error":{ "code":"CapacityUnitsLimitExceeded", @@ -1453,8 +1466,7 @@ }, "CertificateNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified certificate does not exist.

", "error":{ "code":"CertificateNotFound", @@ -1508,7 +1520,7 @@ }, "SslPolicy":{ "shape":"SslPolicyName", - "documentation":"

[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.

For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

" + "documentation":"

[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.

For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

" }, "Certificates":{ "shape":"CertificateList", @@ -1520,7 +1532,7 @@ }, "AlpnPolicy":{ "shape":"AlpnPolicyName", - "documentation":"

[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:

  • HTTP1Only

  • HTTP2Only

  • HTTP2Optional

  • HTTP2Preferred

  • None

For more information, see ALPN policies in the Network Load Balancers Guide.

" + "documentation":"

[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:

  • HTTP1Only

  • HTTP2Only

  • HTTP2Optional

  • HTTP2Preferred

  • None

For more information, see ALPN policies in the Network Load Balancers Guide.

" }, "Tags":{ "shape":"TagList", @@ -1528,7 +1540,7 @@ }, "MutualAuthentication":{ "shape":"MutualAuthenticationAttributes", - "documentation":"

The mutual authentication configuration information.

" + "documentation":"

[HTTPS listeners] The mutual authentication configuration information.

" } } }, @@ -1584,6 +1596,10 @@ "EnablePrefixForIpv6SourceNat":{ "shape":"EnablePrefixForIpv6SourceNatEnum", "documentation":"

[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be dualstack. The default value is off.

" + }, + "IpamPools":{ + "shape":"IpamPools", + "documentation":"

[Application Load Balancers] The IPAM pools to use with the load balancer.

" } } }, @@ -1624,6 +1640,10 @@ "Tags":{ "shape":"TagList", "documentation":"

The tags to assign to the rule.

" + }, + "Transforms":{ + "shape":"RuleTransformList", + "documentation":"

The transforms to apply to requests that match this rule. You can add one host header rewrite transform and one URL rewrite transform.

" } } }, @@ -1769,8 +1789,7 @@ "Default":{"type":"boolean"}, "DeleteAssociationSameAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified association can't be within the same account.

", "error":{ "code":"DeleteAssociationSameAccount", @@ -1791,8 +1810,7 @@ }, "DeleteListenerOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLoadBalancerInput":{ "type":"structure", @@ -1806,8 +1824,7 @@ }, "DeleteLoadBalancerOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleInput":{ "type":"structure", @@ -1821,8 +1838,7 @@ }, "DeleteRuleOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSharedTrustStoreAssociationInput":{ "type":"structure", @@ -1843,8 +1859,7 @@ }, "DeleteSharedTrustStoreAssociationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTargetGroupInput":{ "type":"structure", @@ -1858,8 +1873,7 @@ }, "DeleteTargetGroupOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrustStoreInput":{ "type":"structure", @@ -1873,8 +1887,7 @@ }, "DeleteTrustStoreOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterTargetsInput":{ "type":"structure", @@ -1895,8 +1908,7 @@ }, "DeregisterTargetsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountLimitsInput":{ "type":"structure", @@ -2399,8 +2411,7 @@ "Description":{"type":"string"}, "DuplicateListenerException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A listener with the specified port already exists.

", "error":{ "code":"DuplicateListener", @@ -2411,8 +2422,7 @@ }, "DuplicateLoadBalancerNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A load balancer with the specified name already exists.

", "error":{ "code":"DuplicateLoadBalancerName", @@ -2423,8 +2433,7 @@ }, "DuplicateTagKeysException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A tag key was specified more than once.

", "error":{ "code":"DuplicateTagKeys", @@ -2435,8 +2444,7 @@ }, "DuplicateTargetGroupNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A target group with the specified name already exists.

", "error":{ "code":"DuplicateTargetGroupName", @@ -2447,8 +2455,7 @@ }, "DuplicateTrustStoreNameException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A trust store with the specified name already exists.

", "error":{ "code":"DuplicateTrustStoreName", @@ -2510,7 +2517,7 @@ "members":{ "TargetGroups":{ "shape":"TargetGroupList", - "documentation":"

The target groups. For Network Load Balancers, you can specify a single target group.

" + "documentation":"

The target groups.

" }, "TargetGroupStickinessConfig":{ "shape":"TargetGroupStickinessConfig", @@ -2603,8 +2610,7 @@ }, "HealthUnavailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The health of the specified targets could not be retrieved due to an internal error.

", "error":{ "code":"HealthUnavailable", @@ -2617,22 +2623,40 @@ "members":{ "Values":{ "shape":"ListOfString", - "documentation":"

The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).

If you specify multiple strings, the condition is satisfied if one of the strings matches the host name.

" + "documentation":"

The host names. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.

If you specify multiple strings, the condition is satisfied if one of the strings matches the host name.

" + }, + "RegexValues":{ + "shape":"ListOfString", + "documentation":"

The regular expressions to compare against the host header. The maximum length of each string is 128 characters.

" } }, "documentation":"

Information about a host header condition.

" }, + "HostHeaderRewriteConfig":{ + "type":"structure", + "members":{ + "Rewrites":{ + "shape":"RewriteConfigList", + "documentation":"

The host header rewrite transform. Each transform consists of a regular expression to match and a replacement string.

" + } + }, + "documentation":"

Information about a host header rewrite transform. This transform matches a pattern in the host header in an HTTP request and replaces it with the specified string.

" + }, "HttpCode":{"type":"string"}, "HttpHeaderConditionConfig":{ "type":"structure", "members":{ "HttpHeaderName":{ "shape":"HttpHeaderConditionName", - "documentation":"

The name of the HTTP header field. The maximum size is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported.

You can't use an HTTP header condition to specify the host header. Use HostHeaderConditionConfig to specify a host header condition.

" + "documentation":"

The name of the HTTP header field. The maximum length is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported.

You can't use an HTTP header condition to specify the host header. Instead, use a host condition.

" }, "Values":{ "shape":"ListOfString", - "documentation":"

The strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).

If the same header appears multiple times in the request, we search them in order until a match is found.

If you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.

" + "documentation":"

The strings to compare against the value of the HTTP header. The maximum length of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).

If the same header appears multiple times in the request, we search them in order until a match is found.

If you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.

" + }, + "RegexValues":{ + "shape":"ListOfString", + "documentation":"

The regular expression to compare against the HTTP header. The maximum length of each string is 128 characters.

" } }, "documentation":"

Information about an HTTP header condition.

There is a set of standard HTTP header fields. You can also define custom HTTP header fields.

" @@ -2643,7 +2667,7 @@ "members":{ "Values":{ "shape":"ListOfString", - "documentation":"

The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.

If you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.

" + "documentation":"

The name of the request method. The maximum length is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.

If you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.

" } }, "documentation":"

Information about an HTTP method condition.

HTTP defines a set of request methods, also referred to as HTTP verbs. For more information, see the HTTP Method Registry. You can also define custom HTTP methods.

" @@ -2652,8 +2676,7 @@ "IgnoreClientCertificateExpiry":{"type":"boolean"}, "IncompatibleProtocolsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified configuration is not valid with this protocol.

", "error":{ "code":"IncompatibleProtocols", @@ -2664,8 +2687,7 @@ }, "InsufficientCapacityException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is insufficient capacity to reserve.

", "error":{ "code":"InsufficientCapacity", @@ -2675,8 +2697,7 @@ }, "InvalidCaCertificatesBundleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified ca certificate bundle is in an invalid format, or corrupt.

", "error":{ "code":"InvalidCaCertificatesBundle", @@ -2687,8 +2708,7 @@ }, "InvalidConfigurationRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested configuration is not valid.

", "error":{ "code":"InvalidConfigurationRequest", @@ -2699,8 +2719,7 @@ }, "InvalidLoadBalancerActionException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested action is not valid.

", "error":{ "code":"InvalidLoadBalancerAction", @@ -2711,8 +2730,7 @@ }, "InvalidRevocationContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The provided revocation file is an invalid format, or uses an incorrect algorithm.

", "error":{ "code":"InvalidRevocationContent", @@ -2723,8 +2741,7 @@ }, "InvalidSchemeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The requested scheme is not valid.

", "error":{ "code":"InvalidScheme", @@ -2735,8 +2752,7 @@ }, "InvalidSecurityGroupException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified security group does not exist.

", "error":{ "code":"InvalidSecurityGroup", @@ -2747,8 +2763,7 @@ }, "InvalidSubnetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified subnet is out of available addresses.

", "error":{ "code":"InvalidSubnet", @@ -2759,8 +2774,7 @@ }, "InvalidTargetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified target does not exist, is not in the same VPC as the target group, or has an unsupported instance type.

", "error":{ "code":"InvalidTarget", @@ -2778,14 +2792,94 @@ "dualstack-without-public-ipv4" ] }, + "IpamPoolId":{ + "type":"string", + "max":1000, + "pattern":"^(ipam-pool-)[a-zA-Z0-9]+$" + }, + "IpamPools":{ + "type":"structure", + "members":{ + "Ipv4IpamPoolId":{ + "shape":"IpamPoolId", + "documentation":"

The ID of the IPv4 IPAM pool.

" + } + }, + "documentation":"

An IPAM pool is a collection of IP address CIDRs. IPAM pools enable you to organize your IP addresses according to your routing and security needs.

" + }, "IsDefault":{"type":"boolean"}, + "JwtValidationActionAdditionalClaim":{ + "type":"structure", + "required":[ + "Format", + "Name", + "Values" + ], + "members":{ + "Format":{ + "shape":"JwtValidationActionAdditionalClaimFormatEnum", + "documentation":"

The format of the claim value.

" + }, + "Name":{ + "shape":"JwtValidationActionAdditionalClaimName", + "documentation":"

The name of the claim. You can't specify exp, iss, nbf, or iat because we validate them by default.

" + }, + "Values":{ + "shape":"JwtValidationActionAdditionalClaimValues", + "documentation":"

The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is space-separated-values, the values can't include spaces.

" + } + }, + "documentation":"

Information about an additional claim to validate.

" + }, + "JwtValidationActionAdditionalClaimFormatEnum":{ + "type":"string", + "enum":[ + "single-string", + "string-array", + "space-separated-values" + ] + }, + "JwtValidationActionAdditionalClaimName":{"type":"string"}, + "JwtValidationActionAdditionalClaimValue":{"type":"string"}, + "JwtValidationActionAdditionalClaimValues":{ + "type":"list", + "member":{"shape":"JwtValidationActionAdditionalClaimValue"} + }, + "JwtValidationActionAdditionalClaims":{ + "type":"list", + "member":{"shape":"JwtValidationActionAdditionalClaim"} + }, + "JwtValidationActionConfig":{ + "type":"structure", + "required":[ + "JwksEndpoint", + "Issuer" + ], + "members":{ + "JwksEndpoint":{ + "shape":"JwtValidationActionJwksEndpoint", + "documentation":"

The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider.

This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters.

" + }, + "Issuer":{ + "shape":"JwtValidationActionIssuer", + "documentation":"

The issuer of the JWT. The maximum length is 256 characters.

" + }, + "AdditionalClaims":{ + "shape":"JwtValidationActionAdditionalClaims", + "documentation":"

Additional claims to validate. The maximum size of the list is 10. We validate the exp, iss, nbf, and iat claims by default.

" + } + }, + "documentation":"

Information about a JSON Web Token (JWT) validation action.

" + }, + "JwtValidationActionIssuer":{"type":"string"}, + "JwtValidationActionJwksEndpoint":{"type":"string"}, "LastModifiedTime":{"type":"timestamp"}, "Limit":{ "type":"structure", "members":{ "Name":{ "shape":"Name", - "documentation":"

The name of the limit. The possible values are:

  • application-load-balancers

  • condition-values-per-alb-rule

  • condition-wildcards-per-alb-rule

  • gateway-load-balancers

  • gateway-load-balancers-per-vpc

  • geneve-target-groups

  • listeners-per-application-load-balancer

  • listeners-per-network-load-balancer

  • network-load-balancers

  • rules-per-application-load-balancer

  • target-groups

  • target-groups-per-action-on-application-load-balancer

  • target-groups-per-action-on-network-load-balancer

  • target-groups-per-application-load-balancer

  • targets-per-application-load-balancer

  • targets-per-availability-zone-per-gateway-load-balancer

  • targets-per-availability-zone-per-network-load-balancer

  • targets-per-network-load-balancer

" + "documentation":"

The name of the limit.

" }, "Max":{ "shape":"Max", @@ -2879,8 +2973,7 @@ }, "ListenerNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified listener does not exist.

", "error":{ "code":"ListenerNotFound", @@ -2955,6 +3048,10 @@ "EnablePrefixForIpv6SourceNat":{ "shape":"EnablePrefixForIpv6SourceNatEnum", "documentation":"

[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be dualstack. The default value is off.

" + }, + "IpamPools":{ + "shape":"IpamPools", + "documentation":"

[Application Load Balancers] The IPAM pool in use by the load balancer, if configured.

" } }, "documentation":"

Information about a load balancer.

" @@ -2995,7 +3092,7 @@ "members":{ "Key":{ "shape":"LoadBalancerAttributeKey", - "documentation":"

The name of the attribute.

The following attributes are supported by all load balancers:

  • deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is true or false. The default is false.

  • load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The possible values are true and false. The default for Network Load Balancers and Gateway Load Balancers is false. The default for Application Load Balancers is true, and can't be changed.

The following attributes are supported by both Application Load Balancers and Network Load Balancers:

  • access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true or false. The default is false.

  • access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.

  • access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.

  • ipv6.deny_all_igw_traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.

  • zonal_shift.config.enabled - Indicates whether zonal shift is enabled. The possible values are true and false. The default is false.

The following attributes are supported by only Application Load Balancers:

  • idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.

  • client_keep_alive.seconds - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.

  • connection_logs.s3.enabled - Indicates whether connection logs are enabled. The value is true or false. The default is false.

  • connection_logs.s3.bucket - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.

  • connection_logs.s3.prefix - The prefix for the location in the S3 bucket for the connection logs.

  • routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor, defensive, and strictest. The default is defensive.

  • routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). The default is false.

  • routing.http.preserve_host_header.enabled - Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. The possible values are true and false. The default is false.

  • routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false. The default is false.

  • routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false.

  • routing.http.xff_header_processing.mode - Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are append, preserve, and remove. The default is append.

    • If the value is append, the Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.

    • If the value is preserve the Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.

    • If the value is remove, the Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.

  • routing.http2.enabled - Indicates whether HTTP/2 is enabled. The possible values are true and false. The default is true. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.

  • waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false. The default is false.

The following attributes are supported by only Network Load Balancers:

  • dns_record.client_routing_policy - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are availability_zone_affinity with 100 percent zonal affinity, partial_availability_zone_affinity with 85 percent zonal affinity, and any_availability_zone with 0 percent zonal affinity.

" + "documentation":"

The name of the attribute.

The following attributes are supported by all load balancers:

  • deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is true or false. The default is false.

  • load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The possible values are true and false. The default for Network Load Balancers and Gateway Load Balancers is false. The default for Application Load Balancers is true, and can't be changed.

The following attributes are supported by both Application Load Balancers and Network Load Balancers:

  • access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true or false. The default is false.

  • access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.

  • access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.

  • ipv6.deny_all_igw_traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.

  • zonal_shift.config.enabled - Indicates whether zonal shift is enabled. The possible values are true and false. The default is false.

The following attributes are supported by only Application Load Balancers:

  • idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.

  • client_keep_alive.seconds - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.

  • connection_logs.s3.enabled - Indicates whether connection logs are enabled. The value is true or false. The default is false.

  • connection_logs.s3.bucket - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.

  • connection_logs.s3.prefix - The prefix for the location in the S3 bucket for the connection logs.

  • routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor, defensive, and strictest. The default is defensive.

  • routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). The default is false.

  • routing.http.preserve_host_header.enabled - Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. The possible values are true and false. The default is false.

  • routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false. The default is false.

  • routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false.

  • routing.http.xff_header_processing.mode - Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are append, preserve, and remove. The default is append.

    • If the value is append, the Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.

    • If the value is preserve the Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.

    • If the value is remove, the Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.

  • routing.http2.enabled - Indicates whether clients can connect to the load balancer using HTTP/2. If true, clients can connect using HTTP/2 or HTTP/1.1. However, all client requests are subject to the stricter HTTP/2 header validation rules. For example, message header names must contain only alphanumeric characters and hyphens. If false, clients must connect using HTTP/1.1. The default is true.

  • waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false. The default is false.

The following attributes are supported by only Network Load Balancers:

  • dns_record.client_routing_policy - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are availability_zone_affinity with 100 percent zonal affinity, partial_availability_zone_affinity with 85 percent zonal affinity, and any_availability_zone with 0 percent zonal affinity.

  • secondary_ips.auto_assigned.per_subnet - The number of secondary IP addresses to configure for your load balancer nodes. Use to address port allocation errors if you can't add targets. The valid range is 0 to 7. The default is 0. After you set this value, you can't decrease it.

" }, "Value":{ "shape":"LoadBalancerAttributeValue", @@ -3025,8 +3122,7 @@ }, "LoadBalancerNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified load balancer does not exist.

", "error":{ "code":"LoadBalancerNotFound", @@ -3151,6 +3247,33 @@ } } }, + "ModifyIpPoolsInput":{ + "type":"structure", + "required":["LoadBalancerArn"], + "members":{ + "LoadBalancerArn":{ + "shape":"LoadBalancerArn", + "documentation":"

The Amazon Resource Name (ARN) of the load balancer.

" + }, + "IpamPools":{ + "shape":"IpamPools", + "documentation":"

The IPAM pools to be modified.

" + }, + "RemoveIpamPools":{ + "shape":"RemoveIpamPools", + "documentation":"

Remove the IP pools in use by the load balancer.

" + } + } + }, + "ModifyIpPoolsOutput":{ + "type":"structure", + "members":{ + "IpamPools":{ + "shape":"IpamPools", + "documentation":"

The IPAM pool ID.

" + } + } + }, "ModifyListenerAttributesInput":{ "type":"structure", "required":[ @@ -3195,7 +3318,7 @@ }, "SslPolicy":{ "shape":"SslPolicyName", - "documentation":"

[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.

For more information, see Security policies in the Application Load Balancers Guide or Security policies in the Network Load Balancers Guide.

" + "documentation":"

[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.

For more information, see Security policies in the Application Load Balancers Guide or Security policies in the Network Load Balancers Guide.

" }, "Certificates":{ "shape":"CertificateList", @@ -3207,11 +3330,11 @@ }, "AlpnPolicy":{ "shape":"AlpnPolicyName", - "documentation":"

[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:

  • HTTP1Only

  • HTTP2Only

  • HTTP2Optional

  • HTTP2Preferred

  • None

For more information, see ALPN policies in the Network Load Balancers Guide.

" + "documentation":"

[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:

  • HTTP1Only

  • HTTP2Only

  • HTTP2Optional

  • HTTP2Preferred

  • None

For more information, see ALPN policies in the Network Load Balancers Guide.

" }, "MutualAuthentication":{ "shape":"MutualAuthenticationAttributes", - "documentation":"

The mutual authentication configuration information.

" + "documentation":"

[HTTPS listeners] The mutual authentication configuration information.

" } } }, @@ -3265,6 +3388,14 @@ "Actions":{ "shape":"Actions", "documentation":"

The actions.

" + }, + "Transforms":{ + "shape":"RuleTransformList", + "documentation":"

The transforms to apply to requests that match this rule. You can add one host header rewrite transform and one URL rewrite transform. If you specify Transforms, you can't specify ResetTransforms.

" + }, + "ResetTransforms":{ + "shape":"ResetTransforms", + "documentation":"

Indicates whether to remove all transforms from the rule. If you specify ResetTransforms, you can't specify Transforms.

" } } }, @@ -3325,7 +3456,7 @@ }, "HealthCheckEnabled":{ "shape":"HealthCheckEnabled", - "documentation":"

Indicates whether health checks are enabled.

" + "documentation":"

Indicates whether health checks are enabled. If the target type is lambda, health checks are disabled by default but can be enabled. If the target type is instance, ip, or alb, health checks are always enabled and can't be disabled.

" }, "HealthCheckIntervalSeconds":{ "shape":"HealthCheckIntervalSeconds", @@ -3424,8 +3555,7 @@ "NumberOfRevokedEntries":{"type":"long"}, "OperationNotPermittedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This operation is not allowed.

", "error":{ "code":"OperationNotPermitted", @@ -3450,7 +3580,11 @@ "members":{ "Values":{ "shape":"ListOfString", - "documentation":"

The path patterns to compare against the request URL. The maximum size of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).

If you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use QueryStringConditionConfig.

" + "documentation":"

The path patterns to compare against the request URL. The maximum length of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).

If you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a query string condition.

" + }, + "RegexValues":{ + "shape":"ListOfString", + "documentation":"

The regular expressions to compare against the request URL. The maximum length of each string is 128 characters.

" } }, "documentation":"

Information about a path pattern condition.

" @@ -3466,8 +3600,7 @@ }, "PriorRequestNotCompleteException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This operation is not allowed while a prior request has not been completed.

", "error":{ "code":"PriorRequestNotComplete", @@ -3478,8 +3611,7 @@ }, "PriorityInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified priority is in use.

", "error":{ "code":"PriorityInUse", @@ -3507,7 +3639,7 @@ "members":{ "Values":{ "shape":"QueryStringKeyValuePairList", - "documentation":"

The key/value pairs or values to find in the query string. The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in Values using a '\\' character.

If you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.

" + "documentation":"

The key/value pairs or values to find in the query string. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in Values using a '\\' character.

If you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.

" } }, "documentation":"

Information about a query string condition.

The query string component of a URI starts after the first '?' character and is terminated by either a '#' character or the end of the URI. A typical query string contains key/value pairs separated by '&' characters. The allowed characters are specified by RFC 3986. Any character can be percentage encoded.

" @@ -3607,8 +3739,15 @@ }, "RegisterTargetsOutput":{ "type":"structure", - "members":{ - } + "members":{} + }, + "RemoveIpamPoolEnum":{ + "type":"string", + "enum":["ipv4"] + }, + "RemoveIpamPools":{ + "type":"list", + "member":{"shape":"RemoveIpamPoolEnum"} }, "RemoveListenerCertificatesInput":{ "type":"structure", @@ -3629,8 +3768,7 @@ }, "RemoveListenerCertificatesOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveTagsInput":{ "type":"structure", @@ -3651,8 +3789,7 @@ }, "RemoveTagsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveTrustStoreRevocationsInput":{ "type":"structure", @@ -3673,10 +3810,10 @@ }, "RemoveTrustStoreRevocationsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "ResetCapacityReservation":{"type":"boolean"}, + "ResetTransforms":{"type":"boolean"}, "ResourceArn":{"type":"string"}, "ResourceArns":{ "type":"list", @@ -3684,8 +3821,7 @@ }, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

A specified resource is in use.

", "error":{ "code":"ResourceInUse", @@ -3696,8 +3832,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified resource does not exist.

", "error":{ "code":"ResourceNotFound", @@ -3730,8 +3865,7 @@ }, "RevocationContentNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified revocation file does not exist.

", "error":{ "code":"RevocationContentNotFound", @@ -3747,8 +3881,7 @@ "RevocationId":{"type":"long"}, "RevocationIdNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified revocation ID does not exist.

", "error":{ "code":"RevocationIdNotFound", @@ -3765,6 +3898,28 @@ "type":"string", "enum":["CRL"] }, + "RewriteConfig":{ + "type":"structure", + "required":[ + "Regex", + "Replace" + ], + "members":{ + "Regex":{ + "shape":"StringValue", + "documentation":"

The regular expression to match in the input string. The maximum length of the string is 1,024 characters.

" + }, + "Replace":{ + "shape":"StringValue", + "documentation":"

The replacement string to use when rewriting the matched input. The maximum length of the string is 1,024 characters. You can specify capture groups in the regular expression (for example, $1 and $2).

" + } + }, + "documentation":"

Information about a rewrite transform. This transform matches a pattern and replaces it with the specified string.

" + }, + "RewriteConfigList":{ + "type":"list", + "member":{"shape":"RewriteConfig"} + }, "Rule":{ "type":"structure", "members":{ @@ -3787,6 +3942,10 @@ "IsDefault":{ "shape":"IsDefault", "documentation":"

Indicates whether this is the default rule.

" + }, + "Transforms":{ + "shape":"RuleTransformList", + "documentation":"

The transforms for the rule.

" } }, "documentation":"

Information about a rule.

" @@ -3830,6 +3989,10 @@ "SourceIpConfig":{ "shape":"SourceIpConditionConfig", "documentation":"

Information for a source IP condition. Specify only when Field is source-ip.

" + }, + "RegexValues":{ + "shape":"ListOfString", + "documentation":"

The regular expressions to match against the condition field. The maximum length of each string is 128 characters. Specify only when Field is http-header, host-header, or path-pattern.

" } }, "documentation":"

Information about a condition for a rule.

Each rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string. Note that the value for a condition can't be empty.

For more information, see Quotas for your Application Load Balancers.

" @@ -3840,8 +4003,7 @@ }, "RuleNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified rule does not exist.

", "error":{ "code":"RuleNotFound", @@ -3873,6 +4035,29 @@ }, "documentation":"

Information about the priorities for the rules for a listener.

" }, + "RuleTransform":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"TransformTypeEnum", + "documentation":"

The type of transform.

  • host-header-rewrite - Rewrite the host header.

  • url-rewrite - Rewrite the request URL.

" + }, + "HostHeaderRewriteConfig":{ + "shape":"HostHeaderRewriteConfig", + "documentation":"

Information about a host header rewrite transform. This transform modifies the host header in an HTTP request. Specify only when Type is host-header-rewrite.

" + }, + "UrlRewriteConfig":{ + "shape":"UrlRewriteConfig", + "documentation":"

Information about a URL rewrite transform. This transform modifies the request URL. Specify only when Type is url-rewrite.

" + } + }, + "documentation":"

Information about a transform to apply to requests that match a rule. Transforms are applied to requests before they are sent to targets.

" + }, + "RuleTransformList":{ + "type":"list", + "member":{"shape":"RuleTransform"} + }, "Rules":{ "type":"list", "member":{"shape":"Rule"} @@ -3882,8 +4067,7 @@ "S3ObjectVersion":{"type":"string"}, "SSLPolicyNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified SSL policy does not exist.

", "error":{ "code":"SSLPolicyNotFound", @@ -3959,7 +4143,7 @@ }, "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{ "shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum", - "documentation":"

Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. The default is on.

" + "documentation":"

Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. Applies only if the load balancer has an associated security group. The default is on.

" } } }, @@ -3986,7 +4170,7 @@ }, "Subnets":{ "shape":"Subnets", - "documentation":"

The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.

[Application Load Balancers] You must specify subnets from at least two Availability Zones.

[Application Load Balancers on Outposts] You must specify one Outpost subnet.

[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.

[Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones.

" + "documentation":"

The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.

[Application Load Balancers] You must specify subnets from at least two Availability Zones.

[Application Load Balancers on Outposts] You must specify one Outpost subnet.

[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.

[Network Load Balancers] You can specify subnets from one or more Availability Zones.

[Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You must include all subnets that were enabled previously, with their existing configurations, plus any additional subnets.

" }, "SubnetMappings":{ "shape":"SubnetMappings", @@ -4024,7 +4208,7 @@ "members":{ "Values":{ "shape":"ListOfString", - "documentation":"

The source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported.

If you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header. To search for addresses in the X-Forwarded-For header, use HttpHeaderConditionConfig.

The total number of values must be less than, or equal to five.

" + "documentation":"

The source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported.

If you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header. To search for addresses in the X-Forwarded-For header, use an HTTP header condition.

The total number of values must be less than, or equal to five.

" } }, "documentation":"

Information about a source IP condition.

You can use this condition to route based on the IP address of the source that connects to the load balancer. If a client is behind a proxy, this is the IP address of the proxy not the IP address of the client.

" @@ -4106,8 +4290,7 @@ }, "SubnetNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified subnet does not exist.

", "error":{ "code":"SubnetNotFound", @@ -4300,8 +4483,7 @@ }, "TargetGroupAssociationLimitException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of load balancers per target group.

", "error":{ "code":"TargetGroupAssociationLimit", @@ -4315,7 +4497,7 @@ "members":{ "Key":{ "shape":"TargetGroupAttributeKey", - "documentation":"

The name of the attribute.

The following attributes are supported by all load balancers:

  • deregistration_delay.timeout_seconds - The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.

  • stickiness.enabled - Indicates whether target stickiness is enabled. The value is true or false. The default is false.

  • stickiness.type - Indicates the type of stickiness. The possible values are:

    • lb_cookie and app_cookie for Application Load Balancers.

    • source_ip for Network Load Balancers.

    • source_ip_dest_ip and source_ip_dest_ip_proto for Gateway Load Balancers.

The following attributes are supported by Application Load Balancers and Network Load Balancers:

  • load_balancing.cross_zone.enabled - Indicates whether cross zone load balancing is enabled. The value is true, false or use_load_balancer_configuration. The default is use_load_balancer_configuration.

  • target_group_health.dns_failover.minimum_healthy_targets.count - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are off or an integer from 1 to the maximum number of targets. The default is off.

  • target_group_health.dns_failover.minimum_healthy_targets.percentage - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are off or an integer from 1 to 100. The default is off.

  • target_group_health.unhealthy_state_routing.minimum_healthy_targets.count - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are 1 to the maximum number of targets. The default is 1.

  • target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are off or an integer from 1 to 100. The default is off.

The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:

  • load_balancing.algorithm.type - The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin, least_outstanding_requests, or weighted_random. The default is round_robin.

  • load_balancing.algorithm.anomaly_mitigation - Only available when load_balancing.algorithm.type is weighted_random. Indicates whether anomaly mitigation is enabled. The value is on or off. The default is off.

  • slow_start.duration_seconds - The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).

  • stickiness.app_cookie.cookie_name - Indicates the name of the application-based cookie. Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP, and AWSALBTG; they're reserved for use by the load balancer.

  • stickiness.app_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the application-based cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).

  • stickiness.lb_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).

The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:

  • lambda.multi_value_headers.enabled - Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true or false. The default is false. If the value is false and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.

The following attributes are supported only by Network Load Balancers:

  • deregistration_delay.connection_termination.enabled - Indicates whether the load balancer terminates connections at the end of the deregistration timeout. The value is true or false. For new UDP/TCP_UDP target groups the default is true. Otherwise, the default is false.

  • preserve_client_ip.enabled - Indicates whether client IP preservation is enabled. The value is true or false. The default is disabled if the target group type is IP address and the target group protocol is TCP or TLS. Otherwise, the default is enabled. Client IP preservation can't be disabled for UDP and TCP_UDP target groups.

  • proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version 2 is enabled. The value is true or false. The default is false.

  • target_health_state.unhealthy.connection_termination.enabled - Indicates whether the load balancer terminates connections to unhealthy targets. The value is true or false. The default is true.

  • target_health_state.unhealthy.draining_interval_seconds - The amount of time for Elastic Load Balancing to wait before changing the state of an unhealthy target from unhealthy.draining to unhealthy. The range is 0-360000 seconds. The default value is 0 seconds.

    Note: This attribute can only be configured when target_health_state.unhealthy.connection_termination.enabled is false.

The following attributes are supported only by Gateway Load Balancers:

  • target_failover.on_deregistration - Indicates how the Gateway Load Balancer handles existing flows when a target is deregistered. The possible values are rebalance and no_rebalance. The default is no_rebalance. The two attributes (target_failover.on_deregistration and target_failover.on_unhealthy) can't be set independently. The value you set for both attributes must be the same.

  • target_failover.on_unhealthy - Indicates how the Gateway Load Balancer handles existing flows when a target is unhealthy. The possible values are rebalance and no_rebalance. The default is no_rebalance. The two attributes (target_failover.on_deregistration and target_failover.on_unhealthy) can't be set independently. The value you set for both attributes must be the same.

" + "documentation":"

The name of the attribute.

The following attributes are supported by all load balancers:

  • deregistration_delay.timeout_seconds - The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.

  • stickiness.enabled - Indicates whether target stickiness is enabled. The value is true or false. The default is false.

  • stickiness.type - Indicates the type of stickiness. The possible values are:

    • lb_cookie and app_cookie for Application Load Balancers.

    • source_ip for Network Load Balancers.

    • source_ip_dest_ip and source_ip_dest_ip_proto for Gateway Load Balancers.

The following attributes are supported by Application Load Balancers and Network Load Balancers:

  • load_balancing.cross_zone.enabled - Indicates whether cross zone load balancing is enabled. The value is true, false or use_load_balancer_configuration. The default is use_load_balancer_configuration.

  • target_group_health.dns_failover.minimum_healthy_targets.count - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are off or an integer from 1 to the maximum number of targets. The default is 1.

  • target_group_health.dns_failover.minimum_healthy_targets.percentage - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are off or an integer from 1 to 100. The default is off.

  • target_group_health.unhealthy_state_routing.minimum_healthy_targets.count - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are 1 to the maximum number of targets. The default is 1.

  • target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are off or an integer from 1 to 100. The default is off.

The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:

  • load_balancing.algorithm.type - The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin, least_outstanding_requests, or weighted_random. The default is round_robin.

  • load_balancing.algorithm.anomaly_mitigation - Only available when load_balancing.algorithm.type is weighted_random. Indicates whether anomaly mitigation is enabled. The value is on or off. The default is off.

  • slow_start.duration_seconds - The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).

  • stickiness.app_cookie.cookie_name - Indicates the name of the application-based cookie. Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP, and AWSALBTG; they're reserved for use by the load balancer.

  • stickiness.app_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the application-based cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).

  • stickiness.lb_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).

The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:

  • lambda.multi_value_headers.enabled - Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true or false. The default is false. If the value is false and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.

The following attributes are supported only by Network Load Balancers:

  • deregistration_delay.connection_termination.enabled - Indicates whether the load balancer terminates connections at the end of the deregistration timeout. The value is true or false. For new UDP/TCP_UDP target groups the default is true. Otherwise, the default is false.

  • preserve_client_ip.enabled - Indicates whether client IP preservation is enabled. The value is true or false. The default is disabled if the target group type is IP address and the target group protocol is TCP or TLS. Otherwise, the default is enabled. Client IP preservation can't be disabled for UDP and TCP_UDP target groups.

  • proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version 2 is enabled. The value is true or false. The default is false.

  • target_health_state.unhealthy.connection_termination.enabled - Indicates whether the load balancer terminates connections to unhealthy targets. The value is true or false. The default is true. This attribute can't be enabled for UDP and TCP_UDP target groups.

  • target_health_state.unhealthy.draining_interval_seconds - The amount of time for Elastic Load Balancing to wait before changing the state of an unhealthy target from unhealthy.draining to unhealthy. The range is 0-360000 seconds. The default value is 0 seconds.

    Note: This attribute can only be configured when target_health_state.unhealthy.connection_termination.enabled is false.

The following attributes are supported only by Gateway Load Balancers:

  • target_failover.on_deregistration - Indicates how the Gateway Load Balancer handles existing flows when a target is deregistered. The possible values are rebalance and no_rebalance. The default is no_rebalance. The two attributes (target_failover.on_deregistration and target_failover.on_unhealthy) can't be set independently. The value you set for both attributes must be the same.

  • target_failover.on_unhealthy - Indicates how the Gateway Load Balancer handles existing flows when a target is unhealthy. The possible values are rebalance and no_rebalance. The default is no_rebalance. The two attributes (target_failover.on_deregistration and target_failover.on_unhealthy) can't be set independently. The value you set for both attributes must be the same.

" }, "Value":{ "shape":"TargetGroupAttributeValue", @@ -4352,8 +4534,7 @@ }, "TargetGroupNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified target group does not exist.

", "error":{ "code":"TargetGroupNotFound", @@ -4371,7 +4552,7 @@ }, "DurationSeconds":{ "shape":"TargetGroupStickinessDurationSeconds", - "documentation":"

The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

" + "documentation":"

[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.

" } }, "documentation":"

Information about the target group stickiness for a rule.

" @@ -4406,7 +4587,7 @@ }, "Reason":{ "shape":"TargetHealthReasonEnum", - "documentation":"

The reason code.

If the target state is healthy, a reason code is not provided.

If the target state is initial, the reason code can be one of the following values:

  • Elb.RegistrationInProgress - The target is in the process of being registered with the load balancer.

  • Elb.InitialHealthChecking - The load balancer is still sending the target the minimum number of health checks required to determine its health status.

If the target state is unhealthy, the reason code can be one of the following values:

  • Target.ResponseCodeMismatch - The health checks did not return an expected HTTP code. Applies only to Application Load Balancers and Gateway Load Balancers.

  • Target.Timeout - The health check requests timed out. Applies only to Application Load Balancers and Gateway Load Balancers.

  • Target.FailedHealthChecks - The load balancer received an error while establishing a connection to the target or the target response was malformed.

  • Elb.InternalError - The health checks failed due to an internal error. Applies only to Application Load Balancers.

If the target state is unused, the reason code can be one of the following values:

  • Target.NotRegistered - The target is not registered with the target group.

  • Target.NotInUse - The target group is not used by any load balancer or the target is in an Availability Zone that is not enabled for its load balancer.

  • Target.InvalidState - The target is in the stopped or terminated state.

  • Target.IpUnusable - The target IP address is reserved for use by a load balancer.

If the target state is draining, the reason code can be the following value:

  • Target.DeregistrationInProgress - The target is in the process of being deregistered and the deregistration delay period has not expired.

If the target state is unavailable, the reason code can be the following value:

  • Target.HealthCheckDisabled - Health checks are disabled for the target group. Applies only to Application Load Balancers.

  • Elb.InternalError - Target health is unavailable due to an internal error. Applies only to Network Load Balancers.

" + "documentation":"

The reason code.

If the target state is healthy, a reason code is not provided.

If the target state is initial, the reason code can be one of the following values:

  • Elb.RegistrationInProgress - The target is in the process of being registered with the load balancer.

  • Elb.InitialHealthChecking - The load balancer is still sending the target the minimum number of health checks required to determine its health status.

If the target state is unhealthy, the reason code can be one of the following values:

  • Target.ResponseCodeMismatch - The health checks did not return an expected HTTP code.

  • Target.Timeout - The health check requests timed out.

  • Target.FailedHealthChecks - The load balancer received an error while establishing a connection to the target or the target response was malformed.

  • Elb.InternalError - The health checks failed due to an internal error.

If the target state is unused, the reason code can be one of the following values:

  • Target.NotRegistered - The target is not registered with the target group.

  • Target.NotInUse - The target group is not used by any load balancer or the target is in an Availability Zone that is not enabled for its load balancer.

  • Target.InvalidState - The target is in the stopped or terminated state.

  • Target.IpUnusable - The target IP address is reserved for use by a load balancer.

If the target state is draining, the reason code can be the following value:

  • Target.DeregistrationInProgress - The target is in the process of being deregistered and the deregistration delay period has not expired.

If the target state is unavailable, the reason code can be the following value:

  • Target.HealthCheckDisabled - Health checks are disabled for the target group.

  • Elb.InternalError - Target health is unavailable due to an internal error.

" }, "Description":{ "shape":"Description", @@ -4486,8 +4667,7 @@ }, "TooManyActionsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of actions per rule.

", "error":{ "code":"TooManyActions", @@ -4498,8 +4678,7 @@ }, "TooManyCertificatesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of certificates per load balancer.

", "error":{ "code":"TooManyCertificates", @@ -4510,8 +4689,7 @@ }, "TooManyListenersException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of listeners per load balancer.

", "error":{ "code":"TooManyListeners", @@ -4522,8 +4700,7 @@ }, "TooManyLoadBalancersException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of load balancers for your Amazon Web Services account.

", "error":{ "code":"TooManyLoadBalancers", @@ -4534,8 +4711,7 @@ }, "TooManyRegistrationsForTargetIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of times a target can be registered with a load balancer.

", "error":{ "code":"TooManyRegistrationsForTargetId", @@ -4546,8 +4722,7 @@ }, "TooManyRulesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of rules per load balancer.

", "error":{ "code":"TooManyRules", @@ -4558,8 +4733,7 @@ }, "TooManyTagsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of tags for this resource.

", "error":{ "code":"TooManyTags", @@ -4570,8 +4744,7 @@ }, "TooManyTargetGroupsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of target groups for your Amazon Web Services account.

", "error":{ "code":"TooManyTargetGroups", @@ -4582,8 +4755,7 @@ }, "TooManyTargetsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of targets.

", "error":{ "code":"TooManyTargets", @@ -4594,8 +4766,7 @@ }, "TooManyTrustStoreRevocationEntriesException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified trust store has too many revocation entries.

", "error":{ "code":"TooManyTrustStoreRevocationEntries", @@ -4606,8 +4777,7 @@ }, "TooManyTrustStoresException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of trust stores for your Amazon Web Services account.

", "error":{ "code":"TooManyTrustStores", @@ -4618,8 +4788,7 @@ }, "TooManyUniqueTargetGroupsPerLoadBalancerException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

You've reached the limit on the number of unique target groups per load balancer across all listeners. If a target group is used by multiple actions for a load balancer, it is counted as only one use.

", "error":{ "code":"TooManyUniqueTargetGroupsPerLoadBalancer", @@ -4629,6 +4798,13 @@ "exception":true }, "TotalRevokedEntries":{"type":"long"}, + "TransformTypeEnum":{ + "type":"string", + "enum":[ + "host-header-rewrite", + "url-rewrite" + ] + }, "TrustStore":{ "type":"structure", "members":{ @@ -4672,8 +4848,7 @@ }, "TrustStoreAssociationNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified association does not exist.

", "error":{ "code":"AssociationNotFound", @@ -4696,8 +4871,7 @@ }, "TrustStoreInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified trust store is currently in use.

", "error":{ "code":"TrustStoreInUse", @@ -4718,8 +4892,7 @@ }, "TrustStoreNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified trust store does not exist.

", "error":{ "code":"TrustStoreNotFound", @@ -4730,8 +4903,7 @@ }, "TrustStoreNotReadyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified trust store is not active.

", "error":{ "code":"TrustStoreNotReady", @@ -4779,8 +4951,7 @@ }, "UnsupportedProtocolException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified protocol is not supported.

", "error":{ "code":"UnsupportedProtocol", @@ -4789,6 +4960,16 @@ }, "exception":true }, + "UrlRewriteConfig":{ + "type":"structure", + "members":{ + "Rewrites":{ + "shape":"RewriteConfigList", + "documentation":"

The URL rewrite transform to apply to the request. The transform consists of a regular expression to match and a replacement string.

" + } + }, + "documentation":"

Information about a URL rewrite transform. This transform matches a pattern in the request URL and replaces it with the specified string.

" + }, "VpcId":{"type":"string"}, "ZonalCapacityReservationState":{ "type":"structure", @@ -4799,14 +4980,14 @@ }, "AvailabilityZone":{ "shape":"ZoneName", - "documentation":"

Information about the availability zone.

" + "documentation":"

Information about the Availability Zone.

" }, "EffectiveCapacityUnits":{ "shape":"CapacityUnitsDouble", "documentation":"

The number of effective capacity units.

" } }, - "documentation":"

The capacity reservation status for each availability zone.

" + "documentation":"

The capacity reservation status for each Availability Zone.

" }, "ZonalCapacityReservationStates":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/emr/2009-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/emr/2009-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/emr/2009-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr/2009-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/emr/2009-03-31/service-2.json 2.31.35-1/awscli/botocore/data/emr/2009-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/emr/2009-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr/2009-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -83,6 +83,20 @@ ], "documentation":"

Cancels a pending step or steps in a running cluster. Available only in Amazon EMR versions 4.8.0 and later, excluding version 5.0.0. A maximum of 256 steps are allowed in each CancelSteps request. CancelSteps is idempotent but asynchronous; it does not guarantee that a step will be canceled, even if the request is successfully submitted. When you use Amazon EMR releases 5.28.0 and later, you can cancel steps that are in a PENDING or RUNNING state. In earlier versions of Amazon EMR, you can only cancel steps that are in a PENDING state.

" }, + "CreatePersistentAppUI":{ + "name":"CreatePersistentAppUI", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreatePersistentAppUIInput"}, + "output":{"shape":"CreatePersistentAppUIOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"InvalidRequestException"} + ], + "documentation":"

Creates a persistent application user interface.

" + }, "CreateSecurityConfiguration":{ "name":"CreateSecurityConfiguration", "http":{ @@ -206,6 +220,20 @@ ], "documentation":"

Provides details of a notebook execution.

" }, + "DescribePersistentAppUI":{ + "name":"DescribePersistentAppUI", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribePersistentAppUIInput"}, + "output":{"shape":"DescribePersistentAppUIOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"InvalidRequestException"} + ], + "documentation":"

Describes a persistent application user interface.

" + }, "DescribeReleaseLabel":{ "name":"DescribeReleaseLabel", "http":{ @@ -310,6 +338,34 @@ "output":{"shape":"GetManagedScalingPolicyOutput"}, "documentation":"

Fetches the attached managed scaling policy for an Amazon EMR cluster.

" }, + "GetOnClusterAppUIPresignedURL":{ + "name":"GetOnClusterAppUIPresignedURL", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetOnClusterAppUIPresignedURLInput"}, + "output":{"shape":"GetOnClusterAppUIPresignedURLOutput"}, + "errors":[ + {"shape":"InternalServerError"}, + {"shape":"InvalidRequestException"} + ], + "documentation":"

The presigned URL properties for the cluster's application user interface.

" + }, + "GetPersistentAppUIPresignedURL":{ + "name":"GetPersistentAppUIPresignedURL", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPersistentAppUIPresignedURLInput"}, + "output":{"shape":"GetPersistentAppUIPresignedURLOutput"}, + "errors":[ + {"shape":"InternalServerError"}, + {"shape":"InvalidRequestException"} + ], + "documentation":"

The presigned URL properties for the cluster's application user interface.

" + }, "GetStudioSessionMapping":{ "name":"GetStudioSessionMapping", "http":{ @@ -878,8 +934,7 @@ }, "AddTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This output indicates the result of adding tags to a resource.

" }, "AdjustmentType":{ @@ -1339,6 +1394,10 @@ "EbsRootVolumeThroughput":{ "shape":"Integer", "documentation":"

The throughput, in MiB/s, of the Amazon EBS root device volume of the Linux AMI that is used for each Amazon EC2 instance. Available in Amazon EMR releases 6.15.0 and later.

" + }, + "ExtendedSupport":{ + "shape":"BooleanObject", + "documentation":"

Reserved.

" } }, "documentation":"

The detailed description of the cluster.

" @@ -1553,6 +1612,45 @@ "type":"list", "member":{"shape":"Configuration"} }, + "CreatePersistentAppUIInput":{ + "type":"structure", + "required":["TargetResourceArn"], + "members":{ + "TargetResourceArn":{ + "shape":"ArnType", + "documentation":"

The unique Amazon Resource Name (ARN) of the target resource.

" + }, + "EMRContainersConfig":{ + "shape":"EMRContainersConfig", + "documentation":"

The EMR containers configuration.

" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

Tags for the persistent application user interface.

" + }, + "XReferer":{ + "shape":"String", + "documentation":"

The cross reference for the persistent application user interface.

" + }, + "ProfilerType":{ + "shape":"ProfilerType", + "documentation":"

The profiler type for the persistent application user interface.

" + } + } + }, + "CreatePersistentAppUIOutput":{ + "type":"structure", + "members":{ + "PersistentAppUIId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The persistent application user interface identifier.

" + }, + "RuntimeRoleEnabledCluster":{ + "shape":"Boolean", + "documentation":"

Represents if the EMR on EC2 cluster that the persisent application user interface is created for is a runtime role enabled cluster or not.

" + } + } + }, "CreateSecurityConfigurationInput":{ "type":"structure", "required":[ @@ -1737,8 +1835,7 @@ }, "DeleteSecurityConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStudioInput":{ "type":"structure", @@ -1847,6 +1944,25 @@ } } }, + "DescribePersistentAppUIInput":{ + "type":"structure", + "required":["PersistentAppUIId"], + "members":{ + "PersistentAppUIId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The identifier for the persistent application user interface.

" + } + } + }, + "DescribePersistentAppUIOutput":{ + "type":"structure", + "members":{ + "PersistentAppUI":{ + "shape":"PersistentAppUI", + "documentation":"

The persistent application user interface.

" + } + } + }, "DescribeReleaseLabelInput":{ "type":"structure", "members":{ @@ -1967,6 +2083,16 @@ "type":"list", "member":{"shape":"InstanceId"} }, + "EMRContainersConfig":{ + "type":"structure", + "members":{ + "JobRunId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The Job run ID for the container configuration.

" + } + }, + "documentation":"

The EMR container configuration.

" + }, "EbsBlockDevice":{ "type":"structure", "members":{ @@ -2013,7 +2139,7 @@ }, "EbsOptimized":{ "shape":"BooleanObject", - "documentation":"

Indicates whether an Amazon EBS volume is EBS-optimized.

" + "documentation":"

Indicates whether an Amazon EBS volume is EBS-optimized. The default is false. You should explicitly set this value to true to enable the Amazon EBS-optimized setting for an EC2 instance.

" } }, "documentation":"

The Amazon EBS configuration of a cluster instance.

" @@ -2190,8 +2316,7 @@ }, "GetBlockPublicAccessConfigurationInput":{ "type":"structure", - "members":{ - } + "members":{} }, "GetBlockPublicAccessConfigurationOutput":{ "type":"structure", @@ -2256,6 +2381,84 @@ } } }, + "GetOnClusterAppUIPresignedURLInput":{ + "type":"structure", + "required":["ClusterId"], + "members":{ + "ClusterId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The cluster ID associated with the cluster's application user interface presigned URL.

" + }, + "OnClusterAppUIType":{ + "shape":"OnClusterAppUIType", + "documentation":"

The application UI type associated with the cluster's application user interface presigned URL.

" + }, + "ApplicationId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The application ID associated with the cluster's application user interface presigned URL.

" + }, + "DryRun":{ + "shape":"BooleanObject", + "documentation":"

Determines if the user interface presigned URL is for a dry run.

" + }, + "ExecutionRoleArn":{ + "shape":"ArnType", + "documentation":"

The execution role ARN associated with the cluster's application user interface presigned URL.

" + } + } + }, + "GetOnClusterAppUIPresignedURLOutput":{ + "type":"structure", + "members":{ + "PresignedURLReady":{ + "shape":"Boolean", + "documentation":"

Used to determine if the presigned URL is ready.

" + }, + "PresignedURL":{ + "shape":"XmlString", + "documentation":"

The cluster's generated presigned URL.

" + } + } + }, + "GetPersistentAppUIPresignedURLInput":{ + "type":"structure", + "required":["PersistentAppUIId"], + "members":{ + "PersistentAppUIId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The persistent application user interface ID associated with the presigned URL.

" + }, + "PersistentAppUIType":{ + "shape":"PersistentAppUIType", + "documentation":"

The persistent application user interface type associated with the presigned URL.

" + }, + "ApplicationId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The application ID associated with the presigned URL.

" + }, + "AuthProxyCall":{ + "shape":"BooleanObject", + "documentation":"

A boolean that represents if the caller is an authentication proxy call.

" + }, + "ExecutionRoleArn":{ + "shape":"ArnType", + "documentation":"

The execution role ARN associated with the presigned URL.

" + } + } + }, + "GetPersistentAppUIPresignedURLOutput":{ + "type":"structure", + "members":{ + "PresignedURLReady":{ + "shape":"Boolean", + "documentation":"

Used to determine if the presigned URL is ready.

" + }, + "PresignedURL":{ + "shape":"XmlString", + "documentation":"

The returned presigned URL.

" + } + } + }, "GetStudioSessionMappingInput":{ "type":"structure", "required":[ @@ -2584,6 +2787,7 @@ "BOOTSTRAPPING", "RUNNING", "RESIZING", + "RECONFIGURING", "SUSPENDED", "TERMINATING", "TERMINATED" @@ -3202,8 +3406,7 @@ "Integer":{"type":"integer"}, "InternalServerError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Indicates that an error occurred while processing the request and that the request was not completed.

", "exception":true }, @@ -3996,6 +4199,10 @@ "StepConcurrencyLevel":{ "shape":"Integer", "documentation":"

The number of steps that can be executed concurrently. You can specify a minimum of 1 step and a maximum of 256 steps. We recommend that you do not change this parameter while steps are running or the ActionOnFailure setting may not behave as expected. For more information see Step$ActionOnFailure.

" + }, + "ExtendedSupport":{ + "shape":"BooleanObject", + "documentation":"

Reserved.

" } } }, @@ -4005,6 +4212,10 @@ "StepConcurrencyLevel":{ "shape":"Integer", "documentation":"

The number of steps that can be executed concurrently.

" + }, + "ExtendedSupport":{ + "shape":"BooleanObject", + "documentation":"

Reserved.

" } } }, @@ -4220,6 +4431,17 @@ "type":"list", "member":{"shape":"OSRelease"} }, + "OnClusterAppUIType":{ + "type":"string", + "enum":[ + "SparkHistoryServer", + "YarnTimelineService", + "TezUI", + "ApplicationMaster", + "JobHistoryServer", + "ResourceManager" + ] + }, "OnDemandCapacityReservationOptions":{ "type":"structure", "members":{ @@ -4323,6 +4545,56 @@ }, "documentation":"

The Amazon S3 location that stores the notebook execution output.

" }, + "PersistentAppUI":{ + "type":"structure", + "members":{ + "PersistentAppUIId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The identifier for the persistent application user interface object.

" + }, + "PersistentAppUITypeList":{ + "shape":"PersistentAppUITypeList", + "documentation":"

The type list for the persistent application user interface object. Valid values include SHS, YTS, or TEZ.

" + }, + "PersistentAppUIStatus":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The status for the persistent application user interface object.

" + }, + "AuthorId":{ + "shape":"XmlStringMaxLen256", + "documentation":"

The author ID for the persistent application user interface object.

" + }, + "CreationTime":{ + "shape":"Date", + "documentation":"

The creation date and time for the persistent application user interface object.

" + }, + "LastModifiedTime":{ + "shape":"Date", + "documentation":"

The date and time the persistent application user interface object was last changed.

" + }, + "LastStateChangeReason":{ + "shape":"XmlString", + "documentation":"

The reason the persistent application user interface object was last changed.

" + }, + "Tags":{ + "shape":"TagList", + "documentation":"

A collection of tags for the persistent application user interface object.

" + } + }, + "documentation":"

Holds persistent application user interface information. Applications installed on the Amazon EMR cluster publish user interfaces as web sites to monitor cluster activity.

" + }, + "PersistentAppUIType":{ + "type":"string", + "enum":[ + "SHS", + "TEZ", + "YTS" + ] + }, + "PersistentAppUITypeList":{ + "type":"list", + "member":{"shape":"PersistentAppUIType"} + }, "PlacementGroupConfig":{ "type":"structure", "required":["InstanceRole"], @@ -4389,6 +4661,14 @@ "type":"list", "member":{"shape":"PortRange"} }, + "ProfilerType":{ + "type":"string", + "enum":[ + "SHS", + "TEZUI", + "YTS" + ] + }, "PutAutoScalingPolicyInput":{ "type":"structure", "required":[ @@ -4448,8 +4728,7 @@ }, "PutAutoTerminationPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutBlockPublicAccessConfigurationInput":{ "type":"structure", @@ -4463,8 +4742,7 @@ }, "PutBlockPublicAccessConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutManagedScalingPolicyInput":{ "type":"structure", @@ -4485,8 +4763,7 @@ }, "PutManagedScalingPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "ReconfigurationType":{ "type":"string", @@ -4528,8 +4805,7 @@ }, "RemoveAutoScalingPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveAutoTerminationPolicyInput":{ "type":"structure", @@ -4543,8 +4819,7 @@ }, "RemoveAutoTerminationPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveManagedScalingPolicyInput":{ "type":"structure", @@ -4558,8 +4833,7 @@ }, "RemoveManagedScalingPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveTagsInput":{ "type":"structure", @@ -4581,8 +4855,7 @@ }, "RemoveTagsOutput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This output indicates the result of removing tags from the resource.

" }, "RepoUpgradeOnBoot":{ @@ -4720,6 +4993,10 @@ "EbsRootVolumeThroughput":{ "shape":"Integer", "documentation":"

The throughput, in MiB/s, of the Amazon EBS root device volume of the Linux AMI that is used for each Amazon EC2 instance. Available in Amazon EMR releases 6.15.0 and later.

" + }, + "ExtendedSupport":{ + "shape":"BooleanObject", + "documentation":"

Reserved.

" } }, "documentation":"

Input to the RunJobFlow operation.

" diff -pruN 2.23.6-1/awscli/botocore/data/emr-containers/2020-10-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/emr-containers/2020-10-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/emr-containers/2020-10-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr-containers/2020-10-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/emr-containers/2020-10-01/service-2.json 2.31.35-1/awscli/botocore/data/emr-containers/2020-10-01/service-2.json --- 2.23.6-1/awscli/botocore/data/emr-containers/2020-10-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr-containers/2020-10-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -359,6 +359,13 @@ "min":44, "pattern":"^arn:(aws[a-zA-Z0-9-]*):acm:.+:(\\d{12}):certificate/.+$" }, + "AllowAWSToRetainLogs":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "AuthorizationConfiguration":{ "type":"structure", "members":{ @@ -695,6 +702,10 @@ "shape":"ResourceNameString", "documentation":"

The name of the security configuration.

" }, + "containerProvider":{ + "shape":"ContainerProvider", + "documentation":"

The container provider associated with the security configuration.

" + }, "securityConfigurationData":{ "shape":"SecurityConfigurationData", "documentation":"

Security configuration input for the request.

" @@ -1005,6 +1016,10 @@ "namespace":{ "shape":"KubernetesNamespace", "documentation":"

The namespaces of the Amazon EKS cluster.

" + }, + "nodeLabel":{ + "shape":"ResourceNameString", + "documentation":"

The nodeLabel of the nodes where the resources of this virtual cluster can get scheduled. It requires relevant scaling and policy engine addons.

" } }, "documentation":"

The information about the Amazon EKS cluster.

" @@ -1788,6 +1803,20 @@ "min":1, "pattern":"[\\.\\-_/#A-Za-z0-9]+" }, + "ManagedLogs":{ + "type":"structure", + "members":{ + "allowAWSToRetainLogs":{ + "shape":"AllowAWSToRetainLogs", + "documentation":"

Determines whether Amazon Web Services can retain logs.

" + }, + "encryptionKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

The Amazon resource name (ARN) of the encryption key for logs.

" + } + }, + "documentation":"

The entity that provides configuration control over managed logs.

" + }, "MaxFilesToKeep":{ "type":"integer", "max":50, @@ -1796,6 +1825,10 @@ "MonitoringConfiguration":{ "type":"structure", "members":{ + "managedLogs":{ + "shape":"ManagedLogs", + "documentation":"

The entity that controls configuration for managed logs.

" + }, "persistentAppUI":{ "shape":"PersistentAppUI", "documentation":"

Monitoring configurations for the persistent application UI.

" @@ -2280,8 +2313,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TemplateParameter":{ "type":"string", @@ -2357,8 +2389,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UriString":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/emr-serverless/2021-07-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/emr-serverless/2021-07-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/emr-serverless/2021-07-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr-serverless/2021-07-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json 2.31.35-1/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json --- 2.23.6-1/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/emr-serverless/2021-07-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,8 +24,8 @@ "output":{"shape":"CancelJobRunResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Cancels a job run.

", "idempotent":true @@ -41,8 +41,8 @@ "output":{"shape":"CreateApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], "documentation":"

Creates an application.

", @@ -59,8 +59,8 @@ "output":{"shape":"DeleteApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Deletes an application. An application has to be in a stopped or created state in order to be deleted.

", "idempotent":true @@ -76,10 +76,11 @@ "output":{"shape":"GetApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Displays detailed information about a specified application.

" + "documentation":"

Displays detailed information about a specified application.

", + "readonly":true }, "GetDashboardForJobRun":{ "name":"GetDashboardForJobRun", @@ -108,10 +109,11 @@ "output":{"shape":"GetJobRunResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Displays detailed information about a job run.

" + "documentation":"

Displays detailed information about a job run.

", + "readonly":true }, "ListApplications":{ "name":"ListApplications", @@ -126,7 +128,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists applications based on a set of parameters.

" + "documentation":"

Lists applications based on a set of parameters.

", + "readonly":true }, "ListJobRunAttempts":{ "name":"ListJobRunAttempts", @@ -139,10 +142,11 @@ "output":{"shape":"ListJobRunAttemptsResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Lists all attempt of a job run.

" + "documentation":"

Lists all attempt of a job run.

", + "readonly":true }, "ListJobRuns":{ "name":"ListJobRuns", @@ -157,7 +161,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

Lists job runs based on a set of parameters.

" + "documentation":"

Lists job runs based on a set of parameters.

", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -170,10 +175,11 @@ "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

Lists the tags assigned to the resources.

" + "documentation":"

Lists the tags assigned to the resources.

", + "readonly":true }, "StartApplication":{ "name":"StartApplication", @@ -186,8 +192,8 @@ "output":{"shape":"StartApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

Starts a specified application and initializes initial capacity if configured.

", @@ -222,8 +228,8 @@ "output":{"shape":"StopApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Stops a specified application and releases initial capacity if configured. All scheduled and running jobs must be completed or cancelled before stopping an application.

", "idempotent":true @@ -239,8 +245,8 @@ "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Assigns tags to resources. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your Amazon Web Services resources by attributes such as purpose, owner, or environment. When you have many resources of the same type, you can quickly identify a specific resource based on the tags you've assigned to it.

" }, @@ -255,8 +261,8 @@ "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Removes tags from resources.

", "idempotent":true @@ -272,8 +278,8 @@ "output":{"shape":"UpdateApplicationResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

Updates a specified application. An application has to be in a stopped or created state in order to be updated.

" } @@ -375,6 +381,10 @@ "schedulerConfiguration":{ "shape":"SchedulerConfiguration", "documentation":"

The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above.

" + }, + "identityCenterConfiguration":{ + "shape":"IdentityCenterConfiguration", + "documentation":"

The IAM Identity Center configuration applied to enable trusted identity propagation.

" } }, "documentation":"

Information about an application. Amazon EMR Serverless uses applications to run jobs.

" @@ -481,6 +491,12 @@ "X86_64" ] }, + "Arn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"([ -~… -퟿-�က0-ჿFF]+)" + }, "AttemptNumber":{ "type":"integer", "box":true, @@ -538,6 +554,12 @@ "documentation":"

The ID of the job run to cancel.

", "location":"uri", "locationName":"jobRunId" + }, + "shutdownGracePeriodInSeconds":{ + "shape":"ShutdownGracePeriodInSeconds", + "documentation":"

The duration in seconds to wait before forcefully terminating the job after cancellation is requested.

", + "location":"querystring", + "locationName":"shutdownGracePeriodInSeconds" } } }, @@ -737,6 +759,10 @@ "schedulerConfiguration":{ "shape":"SchedulerConfiguration", "documentation":"

The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above.

" + }, + "identityCenterConfiguration":{ + "shape":"IdentityCenterConfigurationInput", + "documentation":"

The IAM Identity Center Configuration accepts the Identity Center instance parameter required to enable trusted identity propagation. This configuration allows identity propagation between integrated services and the Identity Center instance.

" } } }, @@ -776,8 +802,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DiskSize":{ "type":"string", @@ -811,14 +836,15 @@ }, "EntryPointArgument":{ "type":"string", - "max":10280, "min":1, "pattern":".*\\S.*", "sensitive":true }, "EntryPointArguments":{ "type":"list", - "member":{"shape":"EntryPointArgument"} + "member":{"shape":"EntryPointArgument"}, + "max":1024, + "min":0 }, "EntryPointPath":{ "type":"string", @@ -960,6 +986,48 @@ "min":20, "pattern":"arn:(aws[a-zA-Z0-9-]*):iam::([0-9]{12}):(role((\\u002F)|(\\u002F[\\u0021-\\u007F]+\\u002F))[\\w+=,.@-]+)" }, + "IdentityCenterApplicationArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z0-9-]*):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" + }, + "IdentityCenterConfiguration":{ + "type":"structure", + "members":{ + "identityCenterInstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"

The ARN of the IAM Identity Center instance.

" + }, + "identityCenterApplicationArn":{ + "shape":"IdentityCenterApplicationArn", + "documentation":"

The ARN of the EMR Serverless created IAM Identity Center Application that provides trusted-identity propagation.

" + }, + "userBackgroundSessionsEnabled":{ + "shape":"Boolean", + "documentation":"

Enables user background sessions for this application so Livy sessions can continue running after users log out of their interactive notebook or their Identity Center sessions expire.

" + } + }, + "documentation":"

The IAM Identity Center Configuration accepts the Identity Center instance parameter required to enable trusted identity propagation. This configuration allows identity propagation between integrated services and the Identity Center instance.

" + }, + "IdentityCenterConfigurationInput":{ + "type":"structure", + "members":{ + "identityCenterInstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"

The ARN of the IAM Identity Center instance.

" + }, + "userBackgroundSessionsEnabled":{ + "shape":"Boolean", + "documentation":"

Enables user background sessions for this application so Livy sessions can continue running after users log out of their interactive notebook or their Identity Center sessions expire.

" + } + }, + "documentation":"

The IAM Identity Center Configuration accepts the Identity Center instance parameter required to enable trusted identity propagation. This configuration allows identity propagation between integrated services and the Identity Center instance.

" + }, + "IdentityCenterInstanceArn":{ + "type":"string", + "max":1024, + "min":10, + "pattern":"arn:(aws[a-zA-Z0-9-]*):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" + }, "ImageConfiguration":{ "type":"structure", "required":["imageUri"], @@ -1122,6 +1190,7 @@ "shape":"IAMRoleArn", "documentation":"

The execution role ARN of the job run.

" }, + "executionIamPolicy":{"shape":"JobRunExecutionIamPolicy"}, "state":{ "shape":"JobRunState", "documentation":"

The state of the job run.

" @@ -1282,6 +1351,20 @@ "type":"list", "member":{"shape":"JobRunAttemptSummary"} }, + "JobRunExecutionIamPolicy":{ + "type":"structure", + "members":{ + "policy":{ + "shape":"PolicyDocument", + "documentation":"

An IAM inline policy to use as an execution IAM policy.

" + }, + "policyArns":{ + "shape":"PolicyArnList", + "documentation":"

A list of Amazon Resource Names (ARNs) to use as an execution IAM policy.

" + } + }, + "documentation":"

Optional IAM policy. The resulting job IAM role permissions will be an intersection of the policies passed and the policy associated with your job execution role.

" + }, "JobRunId":{ "type":"string", "max":64, @@ -1707,6 +1790,18 @@ "min":1, "pattern":"[A-Za-z0-9_=-]+" }, + "PolicyArnList":{ + "type":"list", + "member":{"shape":"Arn"}, + "max":10, + "min":0 + }, + "PolicyDocument":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"([ -ÿ]+)" + }, "PrometheusMonitoringConfiguration":{ "type":"structure", "members":{ @@ -1859,6 +1954,10 @@ }, "exception":true }, + "ShutdownGracePeriodInSeconds":{ + "type":"integer", + "box":true + }, "SparkSubmit":{ "type":"structure", "required":["entryPoint"], @@ -1899,8 +1998,7 @@ }, "StartApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartJobRunRequest":{ "type":"structure", @@ -1925,6 +2023,10 @@ "shape":"IAMRoleArn", "documentation":"

The execution role ARN for the job run.

" }, + "executionIamPolicy":{ + "shape":"JobRunExecutionIamPolicy", + "documentation":"

You can pass an optional IAM policy. The resulting job IAM role permissions will be an intersection of this policy and the policy associated with your job execution role.

" + }, "jobDriver":{ "shape":"JobDriver", "documentation":"

The job driver for the job run.

" @@ -1992,8 +2094,7 @@ }, "StopApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String1024":{ "type":"string", @@ -2059,8 +2160,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2109,8 +2209,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", @@ -2178,6 +2277,10 @@ "schedulerConfiguration":{ "shape":"SchedulerConfiguration", "documentation":"

The scheduler configuration for batch and streaming jobs running on this application. Supported with release labels emr-7.0.0 and above.

" + }, + "identityCenterConfiguration":{ + "shape":"IdentityCenterConfigurationInput", + "documentation":"

Specifies the IAM Identity Center configuration used to enable or disable trusted identity propagation. When provided, this configuration determines how the application interacts with IAM Identity Center for user authentication and access control.

" } } }, diff -pruN 2.23.6-1/awscli/botocore/data/endpoints.json 2.31.35-1/awscli/botocore/data/endpoints.json --- 2.23.6-1/awscli/botocore/data/endpoints.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/endpoints.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,9 @@ "ap-east-1" : { "description" : "Asia Pacific (Hong Kong)" }, + "ap-east-2" : { + "description" : "Asia Pacific (Taipei)" + }, "ap-northeast-1" : { "description" : "Asia Pacific (Tokyo)" }, @@ -59,6 +62,9 @@ "ap-southeast-5" : { "description" : "Asia Pacific (Malaysia)" }, + "ap-southeast-6" : { + "description" : "Asia Pacific (New Zealand)" + }, "ap-southeast-7" : { "description" : "Asia Pacific (Thailand)" }, @@ -123,39 +129,158 @@ "services" : { "access-analyzer" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "access-analyzer.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "access-analyzer.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "access-analyzer-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.ca-central-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "ca-west-1" : { "variants" : [ { "hostname" : "access-analyzer-fips.ca-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-west-3.api.aws", + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -198,33 +323,82 @@ "deprecated" : true, "hostname" : "access-analyzer-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "access-analyzer.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "access-analyzer.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "access-analyzer.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "access-analyzer.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "access-analyzer.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "access-analyzer-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "access-analyzer-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "access-analyzer-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "access-analyzer-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "access-analyzer.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -245,6 +419,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -255,6 +430,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -356,6 +532,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -366,6 +543,8 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "acm-pca-fips.ca-central-1.amazonaws.com", @@ -431,6 +610,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -460,7 +640,12 @@ }, "agreement-marketplace" : { "endpoints" : { - "us-east-1" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "agreement-marketplace.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + } } }, "airflow" : { @@ -476,6 +661,7 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -571,19 +757,24 @@ "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -592,17 +783,58 @@ "protocols" : [ "https" ] }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "detective.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "detective.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "detective.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "detective.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "detective.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "detective.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "detective.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "api.detective-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.ca-central-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "ca-central-1-fips" : { @@ -612,19 +844,70 @@ "deprecated" : true, "hostname" : "api.detective-fips.ca-central-1.amazonaws.com" }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "detective.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "detective.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "detective.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "detective.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "detective.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "detective.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "detective.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "detective.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "detective.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "api.detective-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-1-fips" : { @@ -638,6 +921,12 @@ "variants" : [ { "hostname" : "api.detective-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2-fips" : { @@ -651,6 +940,12 @@ "variants" : [ { "hostname" : "api.detective-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1-fips" : { @@ -664,6 +959,12 @@ "variants" : [ { "hostname" : "api.detective-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2-fips" : { @@ -703,6 +1004,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -803,6 +1105,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "credentialScope" : { "region" : "ap-southeast-7" @@ -1145,93 +1448,6 @@ } } }, - "api.elastic-inference" : { - "endpoints" : { - "ap-northeast-1" : { - "hostname" : "api.elastic-inference.ap-northeast-1.amazonaws.com" - }, - "ap-northeast-2" : { - "hostname" : "api.elastic-inference.ap-northeast-2.amazonaws.com" - }, - "eu-west-1" : { - "hostname" : "api.elastic-inference.eu-west-1.amazonaws.com" - }, - "us-east-1" : { - "hostname" : "api.elastic-inference.us-east-1.amazonaws.com" - }, - "us-east-2" : { - "hostname" : "api.elastic-inference.us-east-2.amazonaws.com" - }, - "us-west-2" : { - "hostname" : "api.elastic-inference.us-west-2.amazonaws.com" - } - } - }, - "api.fleethub.iot" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { - "variants" : [ { - "hostname" : "api.fleethub.iot-fips.ca-central-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "fips-ca-central-1" : { - "credentialScope" : { - "region" : "ca-central-1" - }, - "deprecated" : true, - "hostname" : "api.fleethub.iot-fips.ca-central-1.amazonaws.com" - }, - "fips-us-east-1" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "api.fleethub.iot-fips.us-east-1.amazonaws.com" - }, - "fips-us-east-2" : { - "credentialScope" : { - "region" : "us-east-2" - }, - "deprecated" : true, - "hostname" : "api.fleethub.iot-fips.us-east-2.amazonaws.com" - }, - "fips-us-west-2" : { - "credentialScope" : { - "region" : "us-west-2" - }, - "deprecated" : true, - "hostname" : "api.fleethub.iot-fips.us-west-2.amazonaws.com" - }, - "us-east-1" : { - "variants" : [ { - "hostname" : "api.fleethub.iot-fips.us-east-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-east-2" : { - "variants" : [ { - "hostname" : "api.fleethub.iot-fips.us-east-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-west-2" : { - "variants" : [ { - "hostname" : "api.fleethub.iot-fips.us-west-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - } - } - }, "api.iotdeviceadvisor" : { "endpoints" : { "ap-northeast-1" : { @@ -1351,6 +1567,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -1360,8 +1577,34 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, - "ca-central-1" : { }, - "ca-west-1" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "api-fips.sagemaker.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-central-1-fips" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "api-fips.sagemaker.ca-central-1.amazonaws.com" + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "api-fips.sagemaker.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "api-fips.sagemaker.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1373,6 +1616,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -1481,6 +1725,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "api.iot-tunneling-fips.ca-central-1.api.aws", @@ -1505,6 +1750,7 @@ "tags" : [ "dualstack" ] } ] }, + "eu-south-2" : { }, "eu-west-1" : { "variants" : [ { "hostname" : "api.iot-tunneling.eu-west-1.api.aws", @@ -1630,6 +1876,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -1640,6 +1887,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -1752,6 +2000,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -1762,6 +2011,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -1788,6 +2038,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -1798,6 +2049,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -1895,6 +2147,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -1905,6 +2158,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -1929,35 +2183,258 @@ }, "applicationinsights" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ca-central-1" : { }, - "ca-west-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "af-south-1" : { + "variants" : [ { + "hostname" : "applicationinsights.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "applicationinsights.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "applicationinsights.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.ca-west-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-west-2.amazonaws.com" + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "applicationinsights.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "applicationinsights.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "applicationinsights.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "applicationinsights.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-east-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + } } }, "appmesh" : { @@ -2247,6 +2724,7 @@ "eu-central-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, "fips" : { "credentialScope" : { "region" : "us-west-2" @@ -2286,47 +2764,175 @@ }, "appsync" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } - } - }, - "apptest" : { - "endpoints" : { - "ap-southeast-2" : { }, - "eu-central-1" : { }, - "fips-us-east-1" : { - "deprecated" : true + "af-south-1" : { + "variants" : [ { + "hostname" : "appsync.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "appsync.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "appsync.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "appsync.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "appsync.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "appsync.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "appsync.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "appsync.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "appsync.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "appsync.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "appsync.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "appsync.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "appsync.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "appsync.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "appsync.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "appsync.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "appsync.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "appsync.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "appsync.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "appsync.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "appsync.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "appsync.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "appsync.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "appsync.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] }, - "sa-east-1" : { }, "us-east-1" : { "variants" : [ { - "tags" : [ "fips" ] + "hostname" : "appsync.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "appsync.us-east-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "appsync.us-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "appsync.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -2336,6 +2942,9 @@ "protocols" : [ "https" ] }, "endpoints" : { + "af-south-1" : { }, + "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -2346,11 +2955,13 @@ "tags" : [ "dualstack" ] } ] }, + "ap-northeast-3" : { }, "ap-south-1" : { "variants" : [ { "tags" : [ "dualstack" ] } ] }, + "ap-south-2" : { }, "ap-southeast-1" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -2361,16 +2972,25 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, + "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { "variants" : [ { "tags" : [ "dualstack" ] } ] }, + "eu-central-2" : { }, "eu-north-1" : { "variants" : [ { "tags" : [ "dualstack" ] } ] }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -2386,6 +3006,10 @@ "tags" : [ "dualstack" ] } ] }, + "il-central-1" : { }, + "me-central-1" : { }, + "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -2394,17 +3018,39 @@ "us-east-1" : { "variants" : [ { "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { + "tags" : [ "fips" ] } ] }, + "us-east-1-fips" : { + "deprecated" : true + }, "us-east-2" : { "variants" : [ { "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { + "tags" : [ "fips" ] } ] }, + "us-east-2-fips" : { + "deprecated" : true + }, + "us-west-1" : { }, "us-west-2" : { "variants" : [ { "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { + "tags" : [ "fips" ] } ] + }, + "us-west-2-fips" : { + "deprecated" : true } } }, @@ -2412,6 +3058,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -2422,6 +3069,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -2458,6 +3106,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "athena.ap-northeast-1.api.aws", @@ -2518,6 +3167,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "athena-fips.ca-central-1.amazonaws.com", @@ -2650,6 +3300,7 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "athena.sa-east-1.api.aws", @@ -2777,6 +3428,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -2787,6 +3439,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -2914,6 +3567,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -2924,6 +3578,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -2981,6 +3636,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -2991,6 +3647,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -3063,11 +3720,18 @@ }, "bedrock" : { "endpoints" : { + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "bedrock-ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -3080,12 +3744,24 @@ }, "hostname" : "bedrock.ap-northeast-2.amazonaws.com" }, + "bedrock-ap-northeast-3" : { + "credentialScope" : { + "region" : "ap-northeast-3" + }, + "hostname" : "bedrock.ap-northeast-3.amazonaws.com" + }, "bedrock-ap-south-1" : { "credentialScope" : { "region" : "ap-south-1" }, "hostname" : "bedrock.ap-south-1.amazonaws.com" }, + "bedrock-ap-south-2" : { + "credentialScope" : { + "region" : "ap-south-2" + }, + "hostname" : "bedrock.ap-south-2.amazonaws.com" + }, "bedrock-ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -3116,6 +3792,24 @@ }, "hostname" : "bedrock.eu-central-2.amazonaws.com" }, + "bedrock-eu-north-1" : { + "credentialScope" : { + "region" : "eu-north-1" + }, + "hostname" : "bedrock.eu-north-1.amazonaws.com" + }, + "bedrock-eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "bedrock.eu-south-1.amazonaws.com" + }, + "bedrock-eu-south-2" : { + "credentialScope" : { + "region" : "eu-south-2" + }, + "hostname" : "bedrock.eu-south-2.amazonaws.com" + }, "bedrock-eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -3170,12 +3864,24 @@ }, "hostname" : "bedrock-runtime.ap-northeast-2.amazonaws.com" }, + "bedrock-runtime-ap-northeast-3" : { + "credentialScope" : { + "region" : "ap-northeast-3" + }, + "hostname" : "bedrock-runtime.ap-northeast-3.amazonaws.com" + }, "bedrock-runtime-ap-south-1" : { "credentialScope" : { "region" : "ap-south-1" }, "hostname" : "bedrock-runtime.ap-south-1.amazonaws.com" }, + "bedrock-runtime-ap-south-2" : { + "credentialScope" : { + "region" : "ap-south-2" + }, + "hostname" : "bedrock-runtime.ap-south-2.amazonaws.com" + }, "bedrock-runtime-ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -3206,6 +3912,24 @@ }, "hostname" : "bedrock-runtime.eu-central-2.amazonaws.com" }, + "bedrock-runtime-eu-north-1" : { + "credentialScope" : { + "region" : "eu-north-1" + }, + "hostname" : "bedrock-runtime.eu-north-1.amazonaws.com" + }, + "bedrock-runtime-eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "bedrock-runtime.eu-south-1.amazonaws.com" + }, + "bedrock-runtime-eu-south-2" : { + "credentialScope" : { + "region" : "eu-south-2" + }, + "hostname" : "bedrock-runtime.eu-south-2.amazonaws.com" + }, "bedrock-runtime-eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -3299,12 +4023,18 @@ "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -3395,6 +4125,7 @@ }, "cassandra" : { "endpoints" : { + "af-south-1" : { }, "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, @@ -3421,6 +4152,7 @@ "deprecated" : true, "hostname" : "cassandra-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -3474,14 +4206,54 @@ }, "cleanrooms" : { "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "cleanrooms.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "cleanrooms.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "cleanrooms.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "cleanrooms.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "cleanrooms.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "cleanrooms.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "cleanrooms.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "cleanrooms.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -3507,18 +4279,36 @@ "variants" : [ { "hostname" : "cleanrooms-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "cleanrooms-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "cleanrooms.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "cleanrooms-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "cleanrooms-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "cleanrooms.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "cleanrooms-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "cleanrooms-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "cleanrooms.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -3716,6 +4506,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "cloudcontrolapi.ap-northeast-1.api.aws", @@ -3776,6 +4567,13 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "cloudcontrolapi.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com", @@ -3908,6 +4706,12 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "cloudcontrolapi.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "variants" : [ { "hostname" : "cloudcontrolapi.sa-east-1.api.aws", @@ -3981,6 +4785,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -3991,6 +4796,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -4176,6 +4982,7 @@ "tags" : [ "dualstack" ] } ] }, + "eu-south-2" : { }, "eu-west-1" : { "variants" : [ { "hostname" : "cloudhsmv2.eu-west-1.api.aws", @@ -4262,6 +5069,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -4272,6 +5080,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -4575,6 +5384,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -4585,6 +5395,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -4655,6 +5466,20 @@ } } }, + "codeguru-profiler" : { + "endpoints" : { + "ap-northeast-1" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "eu-central-1" : { }, + "eu-north-1" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-2" : { } + } + }, "codeguru-reviewer" : { "endpoints" : { "ap-northeast-1" : { }, @@ -4682,6 +5507,7 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "codepipeline-fips.ca-central-1.amazonaws.com", @@ -4872,6 +5698,13 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "cognito-identity.ap-southeast-5.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "cognito-identity.ca-central-1.amazonaws.com", @@ -4978,6 +5811,7 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "cognito-identity.sa-east-1.amazonaws.com", @@ -5102,6 +5936,13 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "cognito-idp.ap-southeast-5.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "cognito-idp.ca-central-1.amazonaws.com", @@ -5208,6 +6049,7 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "cognito-idp.sa-east-1.amazonaws.com", @@ -5284,15 +6126,73 @@ "protocols" : [ "https" ] }, "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "comprehend.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "comprehend.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "comprehend.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "comprehend.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "comprehend.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "comprehend-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "comprehend-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "comprehend.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "comprehend.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "comprehend.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "comprehend.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "comprehend-fips.ca-central-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -5318,18 +6218,36 @@ "variants" : [ { "hostname" : "comprehend-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "comprehend-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "comprehend.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "comprehend-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "comprehend-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "comprehend.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "comprehend-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "comprehend-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "comprehend.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -5569,6 +6487,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -5579,6 +6498,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -5702,6 +6622,9 @@ "connect-campaigns" : { "endpoints" : { "af-south-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, "eu-central-1" : { }, @@ -5752,6 +6675,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -5762,6 +6686,8 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "controltower-fips.ca-central-1.amazonaws.com", @@ -5799,6 +6725,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -5883,6 +6810,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "data.iot-fips.ca-central-1.amazonaws.com", @@ -5891,6 +6819,7 @@ }, "eu-central-1" : { }, "eu-north-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -6054,6 +6983,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "data.jobs.iot-fips.ca-central-1.amazonaws.com", @@ -6062,6 +6992,7 @@ }, "eu-central-1" : { }, "eu-north-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -6100,6 +7031,7 @@ "deprecated" : true, "hostname" : "data.jobs.iot-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -6250,6 +7182,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "datasync.ap-northeast-1.api.aws", @@ -6310,6 +7243,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "datasync.ap-southeast-7.api.aws", @@ -6520,6 +7454,8 @@ } ] }, "endpoints" : { + "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "datazone.ap-northeast-1.api.aws" }, @@ -6529,6 +7465,9 @@ "ap-northeast-3" : { "hostname" : "datazone.ap-northeast-3.api.aws" }, + "ap-south-1" : { + "hostname" : "datazone.ap-south-1.api.aws" + }, "ap-south-2" : { "hostname" : "datazone.ap-south-2.api.aws" }, @@ -6547,6 +7486,7 @@ "ap-southeast-5" : { "hostname" : "datazone.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "datazone.ap-southeast-7.api.aws" }, @@ -6563,6 +7503,7 @@ "eu-central-1" : { "hostname" : "datazone.eu-central-1.api.aws" }, + "eu-central-2" : { }, "eu-north-1" : { "hostname" : "datazone.eu-north-1.api.aws" }, @@ -6587,6 +7528,9 @@ "me-south-1" : { "hostname" : "datazone.me-south-1.api.aws" }, + "mx-central-1" : { + "hostname" : "datazone.mx-central-1.api.aws" + }, "sa-east-1" : { "hostname" : "datazone.sa-east-1.api.aws" }, @@ -6727,6 +7671,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -6737,6 +7682,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -6856,6 +7802,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "dlm.ap-northeast-1.api.aws", @@ -6916,6 +7863,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "dlm.ap-southeast-7.api.aws", @@ -7060,6 +8008,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7070,6 +8019,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -7339,6 +8289,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "ds-fips.ca-central-1.amazonaws.com", @@ -7404,6 +8355,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -7438,6 +8390,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7448,6 +8401,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -7553,6 +8507,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7563,6 +8518,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -7674,6 +8630,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "ec2.ap-northeast-1.api.aws", @@ -7709,6 +8666,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -7862,6 +8820,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7872,6 +8831,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -7963,6 +8923,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -7973,6 +8934,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -8059,6 +9021,7 @@ "ap-east-1" : { "hostname" : "eks-auth.ap-east-1.api.aws" }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "eks-auth.ap-northeast-1.api.aws" }, @@ -8089,6 +9052,7 @@ "ap-southeast-5" : { "hostname" : "eks-auth.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "eks-auth.ap-southeast-7.api.aws" }, @@ -8155,6 +9119,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -8165,6 +9130,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -8298,6 +9264,8 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "elasticbeanstalk.ca-central-1.api.aws", @@ -8322,6 +9290,7 @@ "tags" : [ "dualstack" ] } ] }, + "eu-south-2" : { }, "eu-west-1" : { "variants" : [ { "hostname" : "elasticbeanstalk.eu-west-1.api.aws", @@ -8374,6 +9343,7 @@ "tags" : [ "dualstack" ] } ] }, + "me-central-1" : { }, "me-south-1" : { "variants" : [ { "hostname" : "elasticbeanstalk.me-south-1.api.aws", @@ -8450,6 +9420,7 @@ "tags" : [ "fips" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "elasticfilesystem-fips.ap-northeast-1.amazonaws.com", @@ -8510,6 +9481,7 @@ "tags" : [ "fips" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "elasticfilesystem-fips.ap-southeast-7.amazonaws.com", @@ -8863,6 +9835,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -8873,6 +9846,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -8951,6 +9925,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -8961,6 +9936,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -9080,6 +10056,7 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, @@ -9090,6 +10067,7 @@ } ] }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, "eu-west-1" : { }, @@ -9131,6 +10109,7 @@ "hostname" : "email-fips.us-west-2.amazonaws.com" }, "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -9261,13 +10240,16 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "emr-serverless-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] } ] }, + "ca-west-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, "eu-south-2" : { }, @@ -9309,6 +10291,7 @@ "deprecated" : true, "hostname" : "emr-serverless-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, @@ -9345,7 +10328,12 @@ } }, "endpoints" : { - "us-east-1" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "entitlement-marketplace.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + } } }, "es" : { @@ -9362,6 +10350,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "aos.ap-northeast-1.api.aws", @@ -9422,6 +10411,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "aos.ap-southeast-7.api.aws", @@ -9593,29 +10583,146 @@ }, "events" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, - "ca-central-1" : { }, - "ca-west-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "events.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "events.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "events.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "events.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "events.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "events.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "events.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "events.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "events.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "events.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "events.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "events.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "events.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "events.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "events.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "events.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "events.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "events.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "events.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "events.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "events.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "events.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "events.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -9644,33 +10751,82 @@ "deprecated" : true, "hostname" : "events-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "events.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "events.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "events.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "events.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "events.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "events-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "events-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "events.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "events-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "events-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "events.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "events-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "events-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "events.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "events-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "events-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "events.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -9743,6 +10899,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "firehose.ap-northeast-1.api.aws", @@ -9798,6 +10955,13 @@ } ] }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "firehose.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "firehose.ca-central-1.api.aws", @@ -9904,6 +11068,12 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "firehose.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "variants" : [ { "hostname" : "firehose.sa-east-1.api.aws", @@ -9977,6 +11147,7 @@ "tags" : [ "fips" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "fms-fips.ap-northeast-1.amazonaws.com", @@ -10012,6 +11183,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "fms-fips.ca-central-1.amazonaws.com", @@ -10205,6 +11377,7 @@ "tags" : [ "fips" ] } ] }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "fms-fips.sa-east-1.amazonaws.com", @@ -10351,6 +11524,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -10361,6 +11535,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "fsx-fips.ca-central-1.amazonaws.com", @@ -10468,6 +11643,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "prod-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -10565,6 +11741,8 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -10580,6 +11758,116 @@ "us-west-2" : { } } }, + "gameliftstreams" : { + "defaults" : { + "dnsSuffix" : "api.aws", + "variants" : [ { + "dnsSuffix" : "api.aws", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "af-south-1" : { + "hostname" : "gameliftstreams.af-south-1.api.aws" + }, + "ap-east-1" : { + "hostname" : "gameliftstreams.ap-east-1.api.aws" + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "hostname" : "gameliftstreams.ap-northeast-1.api.aws" + }, + "ap-northeast-2" : { + "hostname" : "gameliftstreams.ap-northeast-2.api.aws" + }, + "ap-northeast-3" : { + "hostname" : "gameliftstreams.ap-northeast-3.api.aws" + }, + "ap-south-1" : { + "hostname" : "gameliftstreams.ap-south-1.api.aws" + }, + "ap-south-2" : { + "hostname" : "gameliftstreams.ap-south-2.api.aws" + }, + "ap-southeast-1" : { + "hostname" : "gameliftstreams.ap-southeast-1.api.aws" + }, + "ap-southeast-2" : { + "hostname" : "gameliftstreams.ap-southeast-2.api.aws" + }, + "ap-southeast-3" : { + "hostname" : "gameliftstreams.ap-southeast-3.api.aws" + }, + "ap-southeast-4" : { + "hostname" : "gameliftstreams.ap-southeast-4.api.aws" + }, + "ap-southeast-5" : { + "hostname" : "gameliftstreams.ap-southeast-5.api.aws" + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "hostname" : "gameliftstreams.ap-southeast-7.api.aws" + }, + "ca-central-1" : { + "hostname" : "gameliftstreams.ca-central-1.api.aws" + }, + "ca-west-1" : { + "hostname" : "gameliftstreams.ca-west-1.api.aws" + }, + "eu-central-1" : { + "hostname" : "gameliftstreams.eu-central-1.api.aws" + }, + "eu-central-2" : { + "hostname" : "gameliftstreams.eu-central-2.api.aws" + }, + "eu-north-1" : { + "hostname" : "gameliftstreams.eu-north-1.api.aws" + }, + "eu-south-1" : { + "hostname" : "gameliftstreams.eu-south-1.api.aws" + }, + "eu-south-2" : { + "hostname" : "gameliftstreams.eu-south-2.api.aws" + }, + "eu-west-1" : { + "hostname" : "gameliftstreams.eu-west-1.api.aws" + }, + "eu-west-2" : { + "hostname" : "gameliftstreams.eu-west-2.api.aws" + }, + "eu-west-3" : { + "hostname" : "gameliftstreams.eu-west-3.api.aws" + }, + "il-central-1" : { + "hostname" : "gameliftstreams.il-central-1.api.aws" + }, + "me-central-1" : { + "hostname" : "gameliftstreams.me-central-1.api.aws" + }, + "me-south-1" : { + "hostname" : "gameliftstreams.me-south-1.api.aws" + }, + "mx-central-1" : { + "hostname" : "gameliftstreams.mx-central-1.api.aws" + }, + "sa-east-1" : { + "hostname" : "gameliftstreams.sa-east-1.api.aws" + }, + "us-east-1" : { + "hostname" : "gameliftstreams.us-east-1.api.aws" + }, + "us-east-2" : { + "hostname" : "gameliftstreams.us-east-2.api.aws" + }, + "us-west-1" : { + "hostname" : "gameliftstreams.us-west-1.api.aws" + }, + "us-west-2" : { + "hostname" : "gameliftstreams.us-west-2.api.aws" + } + } + }, "geo" : { "endpoints" : { "ap-northeast-1" : { }, @@ -10712,6 +12000,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "glue.ap-northeast-1.api.aws", @@ -10772,6 +12061,12 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "glue.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "glue.ca-central-1.api.aws", @@ -10878,6 +12173,12 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "glue.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "variants" : [ { "hostname" : "glue.sa-east-1.api.aws", @@ -11008,6 +12309,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "greengrass-fips.ca-central-1.amazonaws.com", @@ -11015,6 +12317,7 @@ } ] }, "eu-central-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "fips-ca-central-1" : { @@ -11068,13 +12371,41 @@ }, "groundstation" : { "endpoints" : { - "af-south-1" : { }, - "ap-northeast-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, + "af-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -11096,24 +12427,47 @@ "deprecated" : true, "hostname" : "groundstation-fips.us-west-2.amazonaws.com" }, - "me-south-1" : { }, - "sa-east-1" : { }, + "me-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "groundstation-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "groundstation-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-east-2" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "groundstation-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "groundstation-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-west-2" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "groundstation-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "groundstation-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] } } @@ -11125,6 +12479,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -11135,8 +12490,21 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, - "ca-west-1" : { }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "guardduty-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "guardduty-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -11148,6 +12516,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -11244,6 +12613,8 @@ "endpoints" : { "ap-south-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, + "eu-west-1" : { }, "eu-west-2" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -11260,6 +12631,9 @@ "variants" : [ { "hostname" : "iam-fips.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "iam.global.api.aws", + "tags" : [ "dualstack" ] } ] }, "aws-global-fips" : { @@ -11312,6 +12686,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -11322,6 +12697,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -11335,6 +12711,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -11491,14 +12868,20 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -11530,7 +12913,10 @@ "deprecated" : true, "hostname" : "inspector2-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -11582,6 +12968,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "internetmonitor.ap-northeast-1.api.aws", "variants" : [ { @@ -11648,6 +13035,7 @@ "ap-southeast-5" : { "hostname" : "internetmonitor.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "internetmonitor.ap-southeast-7.api.aws" }, @@ -11812,6 +13200,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "iot-fips.ca-central-1.amazonaws.com", @@ -11820,6 +13209,7 @@ }, "eu-central-1" : { }, "eu-north-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -12493,6 +13883,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -12503,6 +13894,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "kafka-fips.ca-central-1.amazonaws.com", @@ -12568,6 +13960,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -12597,17 +13990,34 @@ }, "kafkaconnect" : { "endpoints" : { + "af-south-1" : { }, + "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, + "me-central-1" : { }, + "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -12693,6 +14103,7 @@ "ap-east-1" : { "hostname" : "kendra-ranking.ap-east-1.api.aws" }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "kendra-ranking.ap-northeast-1.api.aws" }, @@ -12723,6 +14134,7 @@ "ap-southeast-5" : { "hostname" : "kendra-ranking.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "kendra-ranking.ap-southeast-7.api.aws" }, @@ -12799,6 +14211,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -12809,6 +14222,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -12883,6 +14297,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -12893,6 +14308,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "kinesisanalytics-fips.ca-central-1.amazonaws.com", @@ -12958,6 +14374,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -12994,11 +14411,14 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -13040,6 +14460,7 @@ "deprecated" : true, "hostname" : "kms-fips.ap-east-1.amazonaws.com" }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "kms-fips.ap-northeast-1.amazonaws.com", @@ -13170,6 +14591,7 @@ "deprecated" : true, "hostname" : "kms-fips.ap-southeast-5.amazonaws.com" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "kms-fips.ap-southeast-7.amazonaws.com", @@ -13446,6 +14868,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "lakeformation.ap-northeast-1.api.aws", @@ -13506,6 +14929,12 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "lakeformation.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "lakeformation.ca-central-1.api.aws", @@ -13612,6 +15041,12 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "lakeformation.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "variants" : [ { "hostname" : "lakeformation.sa-east-1.api.aws", @@ -13682,6 +15117,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "lambda.ap-northeast-1.api.aws", @@ -13742,6 +15178,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "lambda.ap-southeast-7.api.aws", @@ -13908,6 +15345,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -13918,6 +15356,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -13959,6 +15398,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -13990,6 +15430,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -14000,6 +15441,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -14041,6 +15483,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -14072,6 +15515,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -14081,6 +15525,8 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -14122,6 +15568,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -14156,6 +15603,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -14181,6 +15629,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "logs.ap-northeast-1.api.aws", @@ -14235,18 +15684,9 @@ "tags" : [ "dualstack" ] } ] }, - "ap-southeast-5" : { - "variants" : [ { - "hostname" : "logs.ap-southeast-5.api.aws", - "tags" : [ "dualstack" ] - } ] - }, - "ap-southeast-7" : { - "variants" : [ { - "hostname" : "logs.ap-southeast-7.api.aws", - "tags" : [ "dualstack" ] - } ] - }, + "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "logs-fips.ca-central-1.amazonaws.com", @@ -14373,12 +15813,7 @@ "tags" : [ "dualstack" ] } ] }, - "mx-central-1" : { - "variants" : [ { - "hostname" : "logs.mx-central-1.api.aws", - "tags" : [ "dualstack" ] - } ] - }, + "mx-central-1" : { }, "sa-east-1" : { "variants" : [ { "hostname" : "logs.sa-east-1.api.aws", @@ -14430,30 +15865,6 @@ "us-east-1" : { } } }, - "lookoutmetrics" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-2" : { } - } - }, - "lookoutvision" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-2" : { } - } - }, "m2" : { "endpoints" : { "af-south-1" : { }, @@ -15096,18 +16507,78 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-4" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "mediapackagev2-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "mediapackagev2-fips.ca-central-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "mediapackagev2-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "mediapackagev2-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "mediapackagev2-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "mediapackagev2-fips.us-west-2.amazonaws.com" + }, "me-central-1" : { }, "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "mediapackagev2-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "mediapackagev2-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "mediapackagev2-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "mediapackagev2-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "mediastore" : { @@ -15229,40 +16700,181 @@ } }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "af-south-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "metering-marketplace.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "metering-marketplace.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-east-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + } } }, "metrics.sagemaker" : { "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -15273,6 +16885,8 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "metrics-fips.sagemaker.ca-central-1.amazonaws.com", @@ -15310,6 +16924,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -15389,6 +17004,8 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, @@ -15550,6 +17167,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -15560,6 +17178,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -15634,6 +17253,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -15644,6 +17264,8 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -15685,6 +17307,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -15837,6 +17460,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -15847,6 +17471,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "network-firewall-fips.ca-central-1.amazonaws.com", @@ -15900,6 +17525,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -15937,6 +17563,12 @@ "variants" : [ { "hostname" : "networkmanager-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "networkmanager-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "networkmanager.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "fips-aws-global" : { @@ -15966,6 +17598,7 @@ "ap-east-1" : { "hostname" : "notifications.ap-east-1.api.aws" }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "notifications.ap-northeast-1.api.aws" }, @@ -15996,6 +17629,7 @@ "ap-southeast-5" : { "hostname" : "notifications.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "notifications.ap-southeast-7.api.aws" }, @@ -16074,6 +17708,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -16084,6 +17719,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -16174,6 +17810,13 @@ }, "hostname" : "oidc.ap-southeast-4.amazonaws.com" }, + "ap-southeast-5" : { + "credentialScope" : { + "region" : "ap-southeast-5" + }, + "hostname" : "oidc.ap-southeast-5.amazonaws.com" + }, + "ap-southeast-7" : { }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -16252,6 +17895,7 @@ }, "hostname" : "oidc.me-south-1.amazonaws.com" }, + "mx-central-1" : { }, "sa-east-1" : { "credentialScope" : { "region" : "sa-east-1" @@ -16286,6 +17930,7 @@ }, "omics" : { "endpoints" : { + "ap-northeast-2" : { }, "ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -16352,32 +17997,6 @@ } } }, - "opsworks" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } - } - }, - "opsworks-cm" : { - "endpoints" : { - "ap-southeast-2" : { }, - "eu-west-1" : { }, - "us-east-1" : { } - } - }, "organizations" : { "endpoints" : { "aws-global" : { @@ -16411,6 +18030,7 @@ "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "sa-east-1" : { }, @@ -16482,6 +18102,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -16578,6 +18199,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "protocols" : [ "https" ], "variants" : [ { @@ -16648,6 +18270,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "protocols" : [ "https" ], "variants" : [ { @@ -17033,8 +18656,20 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "polly.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { + "hostname" : "polly-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "polly-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "polly.ca-central-1.api.aws", "tags" : [ "dualstack" ] } ] @@ -17045,12 +18680,19 @@ "tags" : [ "dualstack" ] } ] }, + "eu-central-2" : { }, "eu-north-1" : { "variants" : [ { "hostname" : "polly.eu-north-1.api.aws", "tags" : [ "dualstack" ] } ] }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "polly.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "eu-west-1" : { "variants" : [ { "hostname" : "polly.eu-west-1.api.aws", @@ -17069,6 +18711,13 @@ "tags" : [ "dualstack" ] } ] }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "polly-fips.ca-central-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -17227,6 +18876,13 @@ }, "hostname" : "portal.sso.ap-southeast-4.amazonaws.com" }, + "ap-southeast-5" : { + "credentialScope" : { + "region" : "ap-southeast-5" + }, + "hostname" : "portal.sso.ap-southeast-5.amazonaws.com" + }, + "ap-southeast-7" : { }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -17305,6 +18961,7 @@ }, "hostname" : "portal.sso.me-south-1.amazonaws.com" }, + "mx-central-1" : { }, "sa-east-1" : { "credentialScope" : { "region" : "sa-east-1" @@ -17337,13 +18994,6 @@ } } }, - "private-networks" : { - "endpoints" : { - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-2" : { } - } - }, "profile" : { "endpoints" : { "af-south-1" : { }, @@ -17425,6 +19075,7 @@ "ap-east-1" : { "hostname" : "qbusiness.ap-east-1.api.aws" }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "qbusiness.ap-northeast-1.api.aws" }, @@ -17455,6 +19106,7 @@ "ap-southeast-5" : { "hostname" : "qbusiness.ap-southeast-5.api.aws" }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "hostname" : "qbusiness.ap-southeast-7.api.aws" }, @@ -17517,67 +19169,16 @@ } } }, - "qldb" : { + "query.timestream" : { "endpoints" : { "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-southeast-1" : { }, + "ap-south-1" : { }, "ap-southeast-2" : { }, - "ca-central-1" : { - "variants" : [ { - "hostname" : "qldb-fips.ca-central-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, "eu-central-1" : { }, "eu-west-1" : { }, - "eu-west-2" : { }, - "fips-ca-central-1" : { - "credentialScope" : { - "region" : "ca-central-1" - }, - "deprecated" : true, - "hostname" : "qldb-fips.ca-central-1.amazonaws.com" - }, - "fips-us-east-1" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "qldb-fips.us-east-1.amazonaws.com" - }, - "fips-us-east-2" : { - "credentialScope" : { - "region" : "us-east-2" - }, - "deprecated" : true, - "hostname" : "qldb-fips.us-east-2.amazonaws.com" - }, - "fips-us-west-2" : { - "credentialScope" : { - "region" : "us-west-2" - }, - "deprecated" : true, - "hostname" : "qldb-fips.us-west-2.amazonaws.com" - }, - "us-east-1" : { - "variants" : [ { - "hostname" : "qldb-fips.us-east-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-east-2" : { - "variants" : [ { - "hostname" : "qldb-fips.us-east-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-west-2" : { - "variants" : [ { - "hostname" : "qldb-fips.us-west-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - } + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-2" : { } } }, "quicksight" : { @@ -17589,15 +19190,17 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, - "api" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -17606,39 +19209,135 @@ }, "ram" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, + "af-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "ca-west-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.ca-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -17681,33 +19380,73 @@ "deprecated" : true, "hostname" : "ram-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-east-2" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-west-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-west-2" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ram-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] } } @@ -17726,6 +19465,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "rbin.ap-northeast-1.api.aws", @@ -17786,6 +19526,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -17980,6 +19721,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -17990,6 +19732,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -18257,6 +20000,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -18267,6 +20011,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -18363,13 +20108,19 @@ }, "redshift-serverless" : { "endpoints" : { + "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "redshift-serverless-fips.ca-central-1.amazonaws.com", @@ -18379,6 +20130,7 @@ "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, @@ -18420,6 +20172,7 @@ }, "il-central-1" : { }, "me-central-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -18449,15 +20202,46 @@ }, "rekognition" : { "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "rekognition.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "rekognition.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "rekognition.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "rekognition.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "rekognition.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "rekognition-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.ca-central-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "ca-central-1-fips" : { @@ -18467,11 +20251,36 @@ "deprecated" : true, "hostname" : "rekognition-fips.ca-central-1.amazonaws.com" }, - "eu-central-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "il-central-1" : { }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "rekognition.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "rekognition.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "rekognition.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "rekognition.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "rekognition.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "rekognition-fips.ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -18561,6 +20370,12 @@ "variants" : [ { "hostname" : "rekognition-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-1-fips" : { @@ -18574,6 +20389,12 @@ "variants" : [ { "hostname" : "rekognition-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2-fips" : { @@ -18587,6 +20408,12 @@ "variants" : [ { "hostname" : "rekognition-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1-fips" : { @@ -18600,6 +20427,12 @@ "variants" : [ { "hostname" : "rekognition-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2-fips" : { @@ -18739,6 +20572,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -18748,6 +20582,8 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "resource-explorer-2-fips.ca-central-1.amazonaws.com", @@ -18819,6 +20655,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -18862,6 +20699,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -18872,6 +20710,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -18942,21 +20781,11 @@ } } }, - "robomaker" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-southeast-1" : { }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-2" : { } - } - }, "rolesanywhere" : { "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -18967,6 +20796,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -19075,28 +20905,300 @@ "us-east-1" : { } } }, + "route53profiles" : { + "endpoints" : { + "af-south-1" : { + "variants" : [ { + "hostname" : "route53profiles.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "route53profiles.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "route53profiles.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "route53profiles.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "route53profiles.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "route53profiles.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "route53profiles.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "route53profiles.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "route53profiles.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "route53profiles.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "route53profiles.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "route53profiles.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "route53profiles.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "route53profiles.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "route53profiles.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "route53profiles.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "route53profiles.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "route53profiles.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "route53profiles.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "route53profiles.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "route53profiles.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "route53profiles.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "route53profiles.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-east-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + } + } + }, "route53resolver" : { "defaults" : { "protocols" : [ "https" ] }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "route53resolver.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "route53resolver.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "route53resolver.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "route53resolver.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "route53resolver.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "route53resolver.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "route53resolver.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "route53resolver.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "route53resolver-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.ca-central-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "ca-central-1-fips" : { @@ -19110,6 +21212,12 @@ "variants" : [ { "hostname" : "route53resolver-fips.ca-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.ca-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "ca-west-1-fips" : { @@ -19119,23 +21227,94 @@ "deprecated" : true, "hostname" : "route53resolver-fips.ca-west-1.amazonaws.com" }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "route53resolver.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "route53resolver.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "route53resolver.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "route53resolver.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "route53resolver.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "route53resolver.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "route53resolver.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "route53resolver.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "hostname" : "route53resolver.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "route53resolver.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "route53resolver.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "route53resolver.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "route53resolver.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "route53resolver-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-1-fips" : { @@ -19149,6 +21328,12 @@ "variants" : [ { "hostname" : "route53resolver-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2-fips" : { @@ -19162,6 +21347,12 @@ "variants" : [ { "hostname" : "route53resolver-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1-fips" : { @@ -19175,6 +21366,12 @@ "variants" : [ { "hostname" : "route53resolver-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53resolver.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2-fips" : { @@ -19189,6 +21386,7 @@ "rum" : { "endpoints" : { "af-south-1" : { }, + "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -19198,7 +21396,10 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -19207,8 +21408,10 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -19286,6 +21489,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -19295,6 +21499,8 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -19308,6 +21514,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -19390,6 +21597,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "hostname" : "s3.ap-northeast-1.amazonaws.com", "signatureVersions" : [ "s3", "s3v4" ], @@ -19456,6 +21664,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "s3.dualstack.ap-southeast-7.amazonaws.com", @@ -20277,6 +22486,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -20286,7 +22496,11 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -20295,8 +22509,10 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -20363,6 +22579,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -20413,6 +22630,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "tags" : [ "dualstack" ] @@ -20571,6 +22789,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "securityhub.ap-northeast-1.api.aws", @@ -20631,6 +22850,13 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "securityhub.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "securityhub.ca-central-1.api.aws", @@ -20737,6 +22963,12 @@ "tags" : [ "dualstack" ] } ] }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "securityhub.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "variants" : [ { "hostname" : "securityhub.sa-east-1.api.aws", @@ -20828,24 +23060,36 @@ "variants" : [ { "hostname" : "securitylake-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "securitylake-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "securitylake-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "securitylake-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] } ] } } @@ -21153,6 +23397,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "servicediscovery.ap-northeast-1.api.aws", @@ -21213,6 +23458,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "servicediscovery.ap-southeast-7.api.aws", @@ -21420,6 +23666,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -21430,6 +23677,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -21452,57 +23700,6 @@ "us-west-2" : { } } }, - "session.qldb" : { - "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "fips-us-east-1" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "session.qldb-fips.us-east-1.amazonaws.com" - }, - "fips-us-east-2" : { - "credentialScope" : { - "region" : "us-east-2" - }, - "deprecated" : true, - "hostname" : "session.qldb-fips.us-east-2.amazonaws.com" - }, - "fips-us-west-2" : { - "credentialScope" : { - "region" : "us-west-2" - }, - "deprecated" : true, - "hostname" : "session.qldb-fips.us-west-2.amazonaws.com" - }, - "us-east-1" : { - "variants" : [ { - "hostname" : "session.qldb-fips.us-east-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-east-2" : { - "variants" : [ { - "hostname" : "session.qldb-fips.us-east-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - }, - "us-west-2" : { - "variants" : [ { - "hostname" : "session.qldb-fips.us-west-2.amazonaws.com", - "tags" : [ "fips" ] - } ] - } - } - }, "shield" : { "defaults" : { "protocols" : [ "https" ], @@ -21758,50 +23955,140 @@ "us-west-2" : { } } }, - "sms" : { + "sms-voice" : { "endpoints" : { - "fips-us-west-2" : { - "credentialScope" : { - "region" : "us-west-2" - }, - "deprecated" : true, - "hostname" : "sms-fips.us-west-2.amazonaws.com" + "af-south-1" : { + "variants" : [ { + "hostname" : "sms-voice.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] }, - "us-west-2" : { + "ap-northeast-1" : { "variants" : [ { - "hostname" : "sms-fips.us-west-2.amazonaws.com", - "tags" : [ "fips" ] + "hostname" : "sms-voice.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] } ] - } - } - }, - "sms-voice" : { - "endpoints" : { - "af-south-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "sms-voice.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "sms-voice.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "sms-voice.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "sms-voice.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "sms-voice.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "sms-voice.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "sms-voice.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "sms-voice.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "sms-voice-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "sms-voice-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "sms-voice.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "sms-voice.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "sms-voice.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "sms-voice.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "sms-voice.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "sms-voice.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "sms-voice.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "sms-voice.eu-west-3.api.aws", + "tags" : [ "dualstack" ] } ] }, - "ca-west-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -21809,6 +24096,13 @@ "deprecated" : true, "hostname" : "sms-voice-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "sms-voice-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -21837,32 +24131,77 @@ "deprecated" : true, "hostname" : "sms-voice-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "sms-voice.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "sms-voice.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "sms-voice.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "sms-voice.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "sms-voice-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "sms-voice-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "sms-voice-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "sms-voice-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -22313,34 +24652,149 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, - "ca-central-1" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "sns.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "sns.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "sns.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "sns.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "sns.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "sns.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "sns.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "sns.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "sns.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-west-1" : { "variants" : [ { "hostname" : "sns-fips.ca-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sns.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "sns.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "sns.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "sns.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "sns.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "sns.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "sns.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "sns.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "sns.eu-west-3.api.aws", + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-west-1" : { "credentialScope" : { "region" : "ca-west-1" @@ -22376,33 +24830,70 @@ "deprecated" : true, "hostname" : "sns-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "sns.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "sns.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "sns.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "sns.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "sns.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "sns-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sns.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "sns-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sns.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "sns-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sns.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "sns-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sns.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -22413,29 +24904,166 @@ "sslCommonName" : "{region}.queue.{dnsSuffix}" }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ap-southeast-5" : { }, - "ap-southeast-7" : { }, - "ca-central-1" : { }, - "ca-west-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "sqs.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "sqs.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "sqs.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "sqs.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "sqs.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "sqs.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "sqs.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-5" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-5.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { + "variants" : [ { + "hostname" : "sqs.ap-southeast-7.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "sqs-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "sqs.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "sqs-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "sqs.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "sqs.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "sqs.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "sqs.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "sqs.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "sqs.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "sqs.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "sqs.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "sqs.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "sqs-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "sqs-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -22464,34 +25092,71 @@ "deprecated" : true, "hostname" : "sqs-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "mx-central-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "sqs.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "sqs.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "sqs.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "mx-central-1" : { + "variants" : [ { + "hostname" : "sqs.mx-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "sqs.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "sslCommonName" : "queue.{dnsSuffix}", "variants" : [ { "hostname" : "sqs-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sqs.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "sqs-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sqs.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "sqs-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sqs.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "sqs-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sqs.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -22500,6 +25165,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -22510,6 +25176,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -22674,22 +25341,78 @@ }, "ssm-incidents" : { "endpoints" : { - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "ssm-incidents.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "ssm-incidents.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "ssm-incidents-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ssm-incidents-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "ssm-incidents.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "ssm-incidents.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "ssm-incidents.eu-west-3.api.aws", + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -22725,29 +25448,58 @@ "deprecated" : true, "hostname" : "ssm-incidents-fips.us-west-2.amazonaws.com" }, - "sa-east-1" : { }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "ssm-incidents.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "ssm-incidents-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ssm-incidents-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "ssm-incidents.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "ssm-incidents-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ssm-incidents-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "ssm-incidents.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "ssm-incidents-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ssm-incidents-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "ssm-incidents.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "ssm-incidents-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ssm-incidents-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "ssm-incidents.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -23082,6 +25834,8 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, "eu-central-1" : { }, @@ -23095,6 +25849,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -23106,6 +25861,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23116,9 +25872,20 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, - "ca-central-1" : { }, - "ca-west-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "states-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "states-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -23127,6 +25894,20 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "states-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "states-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -23190,6 +25971,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23200,6 +25982,8 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "storagegateway-fips.ca-central-1.amazonaws.com", @@ -23237,6 +26021,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -23302,6 +26087,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23312,6 +26098,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -23345,6 +26132,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23355,6 +26143,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "aws-global" : { "credentialScope" : { @@ -23454,6 +26243,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23464,6 +26254,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -23572,6 +26363,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "variants" : [ { "hostname" : "synthetics.ap-northeast-1.api.aws", @@ -23632,6 +26424,7 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-6" : { }, "ap-southeast-7" : { "variants" : [ { "hostname" : "synthetics.ap-southeast-7.api.aws", @@ -23643,6 +26436,9 @@ "hostname" : "synthetics-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.ca-central-1.api.aws", "tags" : [ "dualstack" ] } ] @@ -23652,6 +26448,9 @@ "hostname" : "synthetics-fips.ca-west-1.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.ca-west-1.api.aws", "tags" : [ "dualstack" ] } ] @@ -23781,6 +26580,9 @@ "hostname" : "synthetics-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.us-east-1.api.aws", "tags" : [ "dualstack" ] } ] @@ -23790,6 +26592,9 @@ "hostname" : "synthetics-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.us-east-2.api.aws", "tags" : [ "dualstack" ] } ] @@ -23799,6 +26604,9 @@ "hostname" : "synthetics-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.us-west-1.api.aws", "tags" : [ "dualstack" ] } ] @@ -23808,6 +26616,9 @@ "hostname" : "synthetics-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] }, { + "hostname" : "synthetics-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "synthetics.us-west-2.api.aws", "tags" : [ "dualstack" ] } ] @@ -23818,6 +26629,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -23828,6 +26640,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -24049,24 +26862,90 @@ } ] }, "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "transcribe.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "transcribe.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "transcribe.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "transcribe.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "transcribe.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "transcribe.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "transcribe.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "fips.transcribe.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "transcribe.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "transcribe.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "transcribe.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "transcribe.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "transcribe.eu-west-3.api.aws", + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -24102,51 +26981,136 @@ "deprecated" : true, "hostname" : "fips.transcribe.us-west-2.amazonaws.com" }, - "me-south-1" : { }, - "sa-east-1" : { }, + "me-south-1" : { + "variants" : [ { + "hostname" : "transcribe.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "transcribe.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "fips.transcribe.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "fips.transcribe.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "fips.transcribe.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "fips.transcribe.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } }, "transcribestreaming" : { "endpoints" : { - "af-south-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, + "af-south-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "transcribestreaming.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "transcribestreaming.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { "hostname" : "transcribestreaming-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.ca-central-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "transcribestreaming.eu-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -24175,23 +27139,46 @@ "deprecated" : true, "hostname" : "transcribestreaming-fips.us-west-2.amazonaws.com" }, - "sa-east-1" : { }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "transcribestreaming-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "transcribestreaming-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "transcribestreaming-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -24200,6 +27187,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -24210,6 +27198,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "transfer-fips.ca-central-1.amazonaws.com", @@ -24275,6 +27264,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -24307,22 +27297,88 @@ "protocols" : [ "https" ] }, "endpoints" : { - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "translate.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "translate.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "translate.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "translate.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "translate.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "translate.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "translate.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "translate.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "translate.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "translate.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "translate.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "translate.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "translate-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "translate-fips.us-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "translate.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-1-fips" : { @@ -24336,6 +27392,12 @@ "variants" : [ { "hostname" : "translate-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "translate-fips.us-east-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "translate.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2-fips" : { @@ -24349,6 +27411,12 @@ "variants" : [ { "hostname" : "translate-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "translate-fips.us-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "translate.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1-fips" : { @@ -24362,6 +27430,12 @@ "variants" : [ { "hostname" : "translate-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "translate-fips.us-west-2.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "translate.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2-fips" : { @@ -24375,6 +27449,9 @@ }, "trustedadvisor" : { "endpoints" : { + "ap-northeast-2" : { }, + "ap-southeast-2" : { }, + "eu-west-1" : { }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -24392,13 +27469,17 @@ "region" : "us-west-2" }, "hostname" : "trustedadvisor-fips.us-west-2.api.aws" - } + }, + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-2" : { } } }, "verifiedpermissions" : { "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -24408,6 +27489,9 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, + "ap-southeast-5" : { }, + "ap-southeast-6" : { }, + "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "verifiedpermissions-fips.ca-central-1.amazonaws.com", @@ -24473,6 +27557,7 @@ "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -25172,6 +28257,7 @@ "tags" : [ "fips" ] } ] }, + "ap-east-2" : { }, "ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -25272,6 +28358,16 @@ "tags" : [ "fips" ] } ] }, + "ap-southeast-7" : { + "credentialScope" : { + "region" : "ap-southeast-7" + }, + "hostname" : "wafv2.ap-southeast-7.amazonaws.com", + "variants" : [ { + "hostname" : "wafv2-fips.ap-southeast-7.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -25456,6 +28552,13 @@ "deprecated" : true, "hostname" : "wafv2-fips.ap-southeast-5.amazonaws.com" }, + "fips-ap-southeast-7" : { + "credentialScope" : { + "region" : "ap-southeast-7" + }, + "deprecated" : true, + "hostname" : "wafv2-fips.ap-southeast-7.amazonaws.com" + }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -25547,6 +28650,13 @@ "deprecated" : true, "hostname" : "wafv2-fips.me-south-1.amazonaws.com" }, + "fips-mx-central-1" : { + "credentialScope" : { + "region" : "mx-central-1" + }, + "deprecated" : true, + "hostname" : "wafv2-fips.mx-central-1.amazonaws.com" + }, "fips-sa-east-1" : { "credentialScope" : { "region" : "sa-east-1" @@ -25612,6 +28722,16 @@ "tags" : [ "fips" ] } ] }, + "mx-central-1" : { + "credentialScope" : { + "region" : "mx-central-1" + }, + "hostname" : "wafv2.mx-central-1.amazonaws.com", + "variants" : [ { + "hostname" : "wafv2-fips.mx-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "sa-east-1" : { "credentialScope" : { "region" : "sa-east-1" @@ -25785,6 +28905,7 @@ "eu-central-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -25857,6 +28978,7 @@ "endpoints" : { "af-south-1" : { }, "ap-east-1" : { }, + "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, @@ -25867,6 +28989,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -25972,8 +29095,18 @@ "services" : { "access-analyzer" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "access-analyzer.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "access-analyzer.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "account" : { @@ -26109,8 +29242,18 @@ }, "applicationinsights" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "applicationinsights.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "applicationinsights.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "appmesh" : { @@ -26131,8 +29274,18 @@ }, "appsync" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "appsync.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "appsync.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "arc-zonal-shift" : { @@ -26598,7 +29751,11 @@ "region" : "cn-northwest-1" }, "hostname" : "entitlement-marketplace.cn-northwest-1.amazonaws.com.cn", - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "entitlement-marketplace.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] } } }, @@ -26620,8 +29777,18 @@ }, "events" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "events.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "events.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "firehose" : { @@ -26661,6 +29828,24 @@ "cn-northwest-1" : { } } }, + "gameliftstreams" : { + "defaults" : { + "dnsSuffix" : "api.amazonwebservices.com.cn", + "variants" : [ { + "dnsSuffix" : "api.amazonwebservices.com.cn", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "cn-north-1" : { + "hostname" : "gameliftstreams.cn-north-1.api.amazonwebservices.com.cn" + }, + "cn-northwest-1" : { + "hostname" : "gameliftstreams.cn-northwest-1.api.amazonwebservices.com.cn" + } + } + }, "glacier" : { "defaults" : { "protocols" : [ "http", "https" ] @@ -26823,6 +30008,12 @@ "cn-northwest-1" : { } } }, + "kafkaconnect" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "kendra-ranking" : { "defaults" : { "dnsSuffix" : "api.amazonwebservices.com.cn", @@ -26910,8 +30101,18 @@ }, "logs" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "logs.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "logs.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "mediaconvert" : { @@ -26930,6 +30131,16 @@ "cn-northwest-1" : { } } }, + "metering.marketplace" : { + "defaults" : { + "credentialScope" : { + "service" : "aws-marketplace" + } + }, + "endpoints" : { + "cn-northwest-1" : { } + } + }, "metrics.sagemaker" : { "endpoints" : { "cn-north-1" : { }, @@ -27105,8 +30316,16 @@ }, "ram" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + } } }, "rbin" : { @@ -27167,13 +30386,29 @@ "isRegionalized" : false, "partitionEndpoint" : "aws-cn-global" }, + "route53profiles" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "route53resolver" : { "defaults" : { "protocols" : [ "https" ] }, "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "route53resolver.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "route53resolver.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "runtime.sagemaker" : { @@ -27259,6 +30494,12 @@ }, "isRegionalized" : true }, + "scheduler" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "schemas" : { "endpoints" : { "cn-north-1" : { }, @@ -27347,11 +30588,6 @@ } } }, - "sms" : { - "endpoints" : { - "cn-north-1" : { } - } - }, "snowball" : { "endpoints" : { "cn-north-1" : { @@ -27387,8 +30623,18 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "sns.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "sns.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "sqs" : { @@ -27397,8 +30643,18 @@ "sslCommonName" : "{region}.queue.{dnsSuffix}" }, "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "hostname" : "sqs.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "sqs.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } } }, "ssm" : { @@ -27501,23 +30757,47 @@ "credentialScope" : { "region" : "cn-north-1" }, - "hostname" : "cn.transcribe.cn-north-1.amazonaws.com.cn" + "hostname" : "cn.transcribe.cn-north-1.amazonaws.com.cn", + "variants" : [ { + "hostname" : "transcribe.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] }, "cn-northwest-1" : { "credentialScope" : { "region" : "cn-northwest-1" }, - "hostname" : "cn.transcribe.cn-northwest-1.amazonaws.com.cn" + "hostname" : "cn.transcribe.cn-northwest-1.amazonaws.com.cn", + "variants" : [ { + "hostname" : "transcribe.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] } } }, "transcribestreaming" : { "endpoints" : { + "cn-north-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.cn-north-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "hostname" : "transcribestreaming.cn-northwest-1.api.amazonwebservices.com.cn", + "tags" : [ "dualstack" ] + } ] + } + } + }, + "transfer" : { + "endpoints" : { "cn-north-1" : { }, "cn-northwest-1" : { } } }, - "transfer" : { + "verifiedpermissions" : { "endpoints" : { "cn-north-1" : { }, "cn-northwest-1" : { } @@ -27653,6 +30933,12 @@ "variants" : [ { "hostname" : "access-analyzer.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] + }, { + "hostname" : "access-analyzer.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-east-1-fips" : { @@ -27670,6 +30956,12 @@ "variants" : [ { "hostname" : "access-analyzer.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "access-analyzer.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + }, { + "hostname" : "access-analyzer.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-west-1-fips" : { @@ -27755,6 +31047,12 @@ "variants" : [ { "hostname" : "api.detective-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-east-1-fips" : { @@ -27768,6 +31066,12 @@ "variants" : [ { "hostname" : "api.detective-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "detective-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "detective.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1-fips" : { @@ -27877,7 +31181,19 @@ } ] }, "endpoints" : { - "us-gov-east-1" : { }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "api-fips.sagemaker.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "api-fips.sagemaker.us-gov-east-1.amazonaws.com" + }, "us-gov-west-1" : { "variants" : [ { "hostname" : "api-fips.sagemaker.us-gov-west-1.amazonaws.com", @@ -28068,17 +31384,43 @@ }, "applicationinsights" : { "endpoints" : { - "us-gov-east-1" : { + "fips-us-gov-east-1" : { "credentialScope" : { "region" : "us-gov-east-1" }, - "hostname" : "applicationinsights.us-gov-east-1.amazonaws.com" + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-gov-east-1.amazonaws.com" }, - "us-gov-west-1" : { + "fips-us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" }, - "hostname" : "applicationinsights.us-gov-west-1.amazonaws.com" + "deprecated" : true, + "hostname" : "applicationinsights-fips.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "applicationinsights-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "applicationinsights-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "applicationinsights.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] } } }, @@ -28125,6 +31467,12 @@ } } }, + "aps" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "arc-zonal-shift" : { "endpoints" : { "us-gov-east-1" : { }, @@ -28658,6 +32006,12 @@ "deprecated" : true, "hostname" : "cognito-identity-fips.us-gov-west-1.amazonaws.com" }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "cognito-identity.us-gov-east-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "us-gov-west-1" : { "variants" : [ { "hostname" : "cognito-identity-fips.us-gov-west-1.amazonaws.com", @@ -28681,6 +32035,12 @@ "deprecated" : true, "hostname" : "cognito-idp-fips.us-gov-west-1.amazonaws.com" }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "cognito-idp.us-gov-east-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "us-gov-west-1" : { "variants" : [ { "hostname" : "cognito-idp-fips.us-gov-west-1.amazonaws.com", @@ -28711,6 +32071,12 @@ "variants" : [ { "hostname" : "comprehend-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "comprehend-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "comprehend.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -29044,8 +32410,14 @@ "endpoints" : { "us-gov-east-1" : { "variants" : [ { + "hostname" : "dlm-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "dlm.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "dlm.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-east-1-fips" : { @@ -29057,8 +32429,14 @@ }, "us-gov-west-1" : { "variants" : [ { + "hostname" : "dlm-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { "hostname" : "dlm.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "dlm.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1-fips" : { @@ -29203,7 +32581,7 @@ "endpoints" : { "us-gov-east-1" : { "variants" : [ { - "hostname" : "dynamodb.us-gov-east-1.amazonaws.com", + "hostname" : "dynamodb-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] } ] }, @@ -29212,11 +32590,11 @@ "region" : "us-gov-east-1" }, "deprecated" : true, - "hostname" : "dynamodb.us-gov-east-1.amazonaws.com" + "hostname" : "dynamodb-fips.us-gov-east-1.amazonaws.com" }, "us-gov-west-1" : { "variants" : [ { - "hostname" : "dynamodb.us-gov-west-1.amazonaws.com", + "hostname" : "dynamodb-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] } ] }, @@ -29225,7 +32603,7 @@ "region" : "us-gov-west-1" }, "deprecated" : true, - "hostname" : "dynamodb.us-gov-west-1.amazonaws.com" + "hostname" : "dynamodb-fips.us-gov-west-1.amazonaws.com" } } }, @@ -29825,6 +33203,24 @@ } } }, + "gameliftstreams" : { + "defaults" : { + "dnsSuffix" : "api.aws", + "variants" : [ { + "dnsSuffix" : "api.aws", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "us-gov-east-1" : { + "hostname" : "gameliftstreams.us-gov-east-1.api.aws" + }, + "us-gov-west-1" : { + "hostname" : "gameliftstreams.us-gov-west-1.api.aws" + } + } + }, "geo" : { "endpoints" : { "fips-us-gov-west-1" : { @@ -30713,12 +34109,18 @@ "variants" : [ { "hostname" : "logs.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "logs.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -30814,8 +34216,18 @@ } }, "endpoints" : { - "us-gov-east-1" : { }, - "us-gov-west-1" : { } + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "metering-marketplace.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + } } }, "metrics.sagemaker" : { @@ -31007,6 +34419,12 @@ "variants" : [ { "hostname" : "networkmanager.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "networkmanager.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + }, { + "hostname" : "networkmanager.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "fips-aws-us-gov-global" : { @@ -31257,9 +34675,14 @@ } } }, + "query.timestream" : { + "endpoints" : { + "us-gov-west-1" : { } + } + }, "quicksight" : { "endpoints" : { - "api" : { }, + "us-gov-east-1" : { }, "us-gov-west-1" : { } } }, @@ -31271,8 +34694,13 @@ }, "hostname" : "ram.us-gov-east-1.amazonaws.com", "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ramus-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-east-1-fips" : { @@ -31288,8 +34716,13 @@ }, "hostname" : "ram.us-gov-west-1.amazonaws.com", "variants" : [ { + "tags" : [ "dualstack" ] + }, { "hostname" : "ram.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "ramus-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-west-1-fips" : { @@ -31462,6 +34895,12 @@ "variants" : [ { "hostname" : "rekognition-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "rekognition-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "rekognition.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1-fips" : { @@ -31551,11 +34990,6 @@ } } }, - "robomaker" : { - "endpoints" : { - "us-gov-west-1" : { } - } - }, "rolesanywhere" : { "endpoints" : { "fips-us-gov-east-1" : { @@ -31609,12 +35043,40 @@ "isRegionalized" : false, "partitionEndpoint" : "aws-us-gov-global" }, + "route53profiles" : { + "endpoints" : { + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "route53profiles-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "route53profiles.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + } + } + }, "route53resolver" : { "endpoints" : { "us-gov-east-1" : { "variants" : [ { "hostname" : "route53resolver.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] + }, { + "hostname" : "route53resolver.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-east-1-fips" : { @@ -31625,6 +35087,12 @@ "variants" : [ { "hostname" : "route53resolver.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "route53resolver.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] + }, { + "hostname" : "route53resolver.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-west-1-fips" : { @@ -31633,6 +35101,12 @@ } } }, + "rum" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "runtime-v2-lex" : { "endpoints" : { "us-gov-west-1" : { } @@ -31835,6 +35309,12 @@ } } }, + "scheduler" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "schemas" : { "endpoints" : { "us-gov-east-1" : { }, @@ -31911,6 +35391,9 @@ "variants" : [ { "hostname" : "securitylake.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-east-1-fips" : { @@ -31924,6 +35407,9 @@ "variants" : [ { "hostname" : "securitylake.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "securitylake.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] } ] }, "us-gov-west-1-fips" : { @@ -32192,23 +35678,6 @@ } } }, - "sms" : { - "endpoints" : { - "fips-us-gov-west-1" : { - "credentialScope" : { - "region" : "us-gov-west-1" - }, - "deprecated" : true, - "hostname" : "sms-fips.us-gov-west-1.amazonaws.com" - }, - "us-gov-west-1" : { - "variants" : [ { - "hostname" : "sms-fips.us-gov-west-1.amazonaws.com", - "tags" : [ "fips" ] - } ] - } - } - }, "sms-voice" : { "endpoints" : { "fips-us-gov-east-1" : { @@ -32229,12 +35698,24 @@ "variants" : [ { "hostname" : "sms-voice-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "sms-voice-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "sms-voice-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "sms-voice.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -32259,12 +35740,24 @@ "variants" : [ { "hostname" : "snowball-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "snowball-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "snowball.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "snowball-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "snowball-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "snowball.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -32308,19 +35801,33 @@ } ] }, "endpoints" : { - "us-gov-east-1" : { + "fips-us-gov-east-1" : { "credentialScope" : { "region" : "us-gov-east-1" }, + "deprecated" : true, "hostname" : "sqs.us-gov-east-1.amazonaws.com" }, - "us-gov-west-1" : { + "fips-us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" }, - "hostname" : "sqs.us-gov-west-1.amazonaws.com", + "deprecated" : true, + "hostname" : "sqs.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "sqs.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { "protocols" : [ "http", "https" ], - "sslCommonName" : "{region}.queue.{dnsSuffix}" + "sslCommonName" : "{region}.queue.{dnsSuffix}", + "variants" : [ { + "hostname" : "sqs.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] } } }, @@ -32602,12 +36109,24 @@ "variants" : [ { "hostname" : "synthetics-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "synthetics-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "synthetics.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "synthetics-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "synthetics-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "synthetics.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -32687,12 +36206,24 @@ "variants" : [ { "hostname" : "fips.transcribe.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "fips.transcribe.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribe-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribe.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -32717,12 +36248,24 @@ "variants" : [ { "hostname" : "transcribestreaming-fips.us-gov-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.us-gov-east-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.us-gov-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1" : { "variants" : [ { "hostname" : "transcribestreaming-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "transcribestreaming-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "transcribestreaming.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -32766,6 +36309,12 @@ "variants" : [ { "hostname" : "translate-fips.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "translate-fips.us-gov-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "translate.us-gov-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-gov-west-1-fips" : { @@ -32974,6 +36523,12 @@ } }, "services" : { + "acm" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, "agreement-marketplace" : { "endpoints" : { "fips-us-iso-east-1" : { @@ -33068,6 +36623,18 @@ "us-iso-west-1" : { } } }, + "backup" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, + "batch" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, "bedrock" : { "endpoints" : { "bedrock-runtime-us-iso-east-1" : { @@ -33103,6 +36670,18 @@ "isRegionalized" : false, "partitionEndpoint" : "aws-iso-global" }, + "ce" : { + "endpoints" : { + "aws-iso-global" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "hostname" : "ce.us-iso-east-1.c2s.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-global" + }, "cloudcontrolapi" : { "endpoints" : { "us-iso-east-1" : { }, @@ -33179,8 +36758,32 @@ }, "config" : { "endpoints" : { - "us-iso-east-1" : { }, - "us-iso-west-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "config-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "config-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "config-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "config-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "datapipeline" : { @@ -33472,15 +37075,39 @@ "hostname" : "fsx-fips.us-iso-east-1.c2s.ic.gov", "tags" : [ "fips" ] } ] - } + }, + "us-iso-west-1" : { } } }, "glacier" : { "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "glacier-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "glacier-fips.us-iso-west-1.c2s.ic.gov" + }, "us-iso-east-1" : { - "protocols" : [ "http", "https" ] + "protocols" : [ "http", "https" ], + "variants" : [ { + "hostname" : "glacier-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] }, - "us-iso-west-1" : { } + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "glacier-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "glue" : { @@ -33520,6 +37147,16 @@ "us-iso-west-1" : { } } }, + "kinesisanalytics" : { + "endpoints" : { + "us-iso-east-1" : { } + } + }, + "kinesisvideo" : { + "endpoints" : { + "us-iso-east-1" : { } + } + }, "kms" : { "endpoints" : { "ProdFips" : { @@ -33557,6 +37194,11 @@ } } }, + "lakeformation" : { + "endpoints" : { + "us-iso-east-1" : { } + } + }, "lambda" : { "endpoints" : { "us-iso-east-1" : { }, @@ -33577,7 +37219,19 @@ }, "medialive" : { "endpoints" : { - "us-iso-east-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "medialive-fips.us-iso-east-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "medialive-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "mediapackage" : { @@ -33596,11 +37250,17 @@ "us-iso-west-1" : { } } }, - "oam" : { + "network-firewall" : { "endpoints" : { "us-iso-east-1" : { } } }, + "oam" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, "organizations" : { "endpoints" : { "aws-iso-global" : { @@ -33618,6 +37278,16 @@ "us-iso-east-1" : { } } }, + "pi" : { + "endpoints" : { + "us-iso-east-1" : { + "protocols" : [ "https" ] + }, + "us-iso-west-1" : { + "protocols" : [ "https" ] + } + } + }, "ram" : { "endpoints" : { "us-iso-east-1" : { }, @@ -33862,6 +37532,38 @@ }, "secretsmanager" : { "endpoints" : { + "us-iso-east-1" : { + "variants" : [ { + "tags" : [ "fips" ] + } ] + }, + "us-iso-east-1-fips" : { + "deprecated" : true + }, + "us-iso-west-1" : { + "variants" : [ { + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1-fips" : { + "deprecated" : true + } + } + }, + "securityhub" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, + "servicediscovery" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, + "servicequotas" : { + "endpoints" : { "us-iso-east-1" : { }, "us-iso-west-1" : { } } @@ -33882,10 +37584,33 @@ }, "sqs" : { "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "sqs.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "sqs.us-iso-west-1.c2s.ic.gov" + }, "us-iso-east-1" : { - "protocols" : [ "http", "https" ] + "protocols" : [ "http", "https" ], + "variants" : [ { + "hostname" : "sqs.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] }, - "us-iso-west-1" : { } + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "sqs.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "ssm" : { @@ -33896,6 +37621,36 @@ }, "states" : { "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "states-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "states-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "states-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "states-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "storagegateway" : { + "endpoints" : { "us-iso-east-1" : { }, "us-iso-west-1" : { } } @@ -33980,7 +37735,19 @@ "protocols" : [ "https" ] }, "endpoints" : { - "us-iso-east-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "fips.transcribe.us-iso-east-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "fips.transcribe.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "transcribestreaming" : { @@ -33993,11 +37760,58 @@ "protocols" : [ "https" ] }, "endpoints" : { + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "translate-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-east-1-fips" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "translate-fips.us-iso-east-1.c2s.ic.gov" + } + } + }, + "wafv2" : { + "endpoints" : { "us-iso-east-1" : { } } }, "workspaces" : { "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "workspaces-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "workspaces-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "workspaces-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "workspaces-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "xray" : { + "endpoints" : { "us-iso-east-1" : { }, "us-iso-west-1" : { } } @@ -34021,6 +37835,9 @@ "regions" : { "us-isob-east-1" : { "description" : "US ISOB East (Ohio)" + }, + "us-isob-west-1" : { + "description" : "US ISOB West" } }, "services" : { @@ -34031,7 +37848,8 @@ "region" : "us-isob-east-1" }, "hostname" : "api.ecr.us-isob-east-1.sc2s.sgov.gov" - } + }, + "us-isob-west-1" : { } } }, "api.pricing" : { @@ -34056,12 +37874,14 @@ }, "appconfig" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "appconfigdata" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "application-autoscaling" : { @@ -34069,11 +37889,18 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "arc-zonal-shift" : { "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "athena" : { + "endpoints" : { "us-isob-east-1" : { } } }, @@ -34082,9 +37909,21 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "backup" : { + "endpoints" : { "us-isob-east-1" : { } } }, + "batch" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, "budgets" : { "endpoints" : { "aws-iso-b-global" : { @@ -34103,14 +37942,28 @@ "isRegionalized" : false, "partitionEndpoint" : "aws-iso-b-global" }, + "ce" : { + "endpoints" : { + "aws-iso-b-global" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "hostname" : "ce.us-isob-east-1.sc2s.sgov.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-b-global" + }, "cloudcontrolapi" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "cloudformation" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "cloudtrail" : { @@ -34127,27 +37980,54 @@ "hostname" : "cloudtrail-fips.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] - } + }, + "us-isob-west-1" : { } } }, - "codedeploy" : { + "codebuild" : { "endpoints" : { "us-isob-east-1" : { } } }, + "codedeploy" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, "config" : { "endpoints" : { + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "config-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "config-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isob-west-1" : { } + } + }, + "datasync" : { + "endpoints" : { "us-isob-east-1" : { } } }, "directconnect" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "dlm" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "dms" : { @@ -34187,7 +38067,8 @@ }, "deprecated" : true, "hostname" : "dms.us-isob-east-1.sc2s.sgov.gov" - } + }, + "us-isob-west-1" : { } } }, "ds" : { @@ -34212,12 +38093,14 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "ebs" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "ec2" : { @@ -34225,12 +38108,14 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "ecs" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "eks" : { @@ -34238,12 +38123,14 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "elasticache" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "elasticfilesystem" : { @@ -34267,7 +38154,8 @@ "endpoints" : { "us-isob-east-1" : { "protocols" : [ "https" ] - } + }, + "us-isob-west-1" : { } } }, "elasticmapreduce" : { @@ -34284,17 +38172,20 @@ "hostname" : "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] - } + }, + "us-isob-west-1" : { } } }, "es" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "events" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "firehose" : { @@ -34302,8 +38193,35 @@ "us-isob-east-1" : { } } }, + "fsx" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "glacier" : { "endpoints" : { + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "glacier-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "glacier-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "glue" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, + "guardduty" : { + "endpoints" : { "us-isob-east-1" : { } } }, @@ -34326,6 +38244,12 @@ }, "kinesis" : { "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "kinesisanalytics" : { + "endpoints" : { "us-isob-east-1" : { } } }, @@ -34350,14 +38274,21 @@ }, "deprecated" : true, "hostname" : "kms-fips.us-isob-east-1.sc2s.sgov.gov" - } + }, + "us-isob-west-1" : { } } }, - "lambda" : { + "lakeformation" : { "endpoints" : { "us-isob-east-1" : { } } }, + "lambda" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, "license-manager" : { "endpoints" : { "us-isob-east-1" : { } @@ -34365,12 +38296,25 @@ }, "logs" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "medialive" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "medialive-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "medialive-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } } }, "mediapackage" : { @@ -34395,12 +38339,19 @@ }, "monitoring" : { "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "network-firewall" : { + "endpoints" : { "us-isob-east-1" : { } } }, "oam" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "organizations" : { @@ -34420,9 +38371,16 @@ "us-isob-east-1" : { } } }, + "pi" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, "ram" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "rbin" : { @@ -34439,7 +38397,8 @@ "hostname" : "rbin-fips.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] - } + }, + "us-isob-west-1" : { } } }, "rds" : { @@ -34463,7 +38422,8 @@ }, "deprecated" : true, "hostname" : "rds.us-isob-east-1.sc2s.sgov.gov" - } + }, + "us-isob-west-1" : { } } }, "redshift" : { @@ -34473,12 +38433,14 @@ "region" : "us-isob-east-1" }, "hostname" : "redshift.us-isob-east-1.sc2s.sgov.gov" - } + }, + "us-isob-west-1" : { } } }, "resource-groups" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "route53" : { @@ -34524,7 +38486,8 @@ "hostname" : "s3-fips.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] - } + }, + "us-isob-west-1" : { } } }, "s3-control" : { @@ -34574,14 +38537,40 @@ }, "scheduler" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "secretsmanager" : { "endpoints" : { + "us-isob-east-1" : { + "variants" : [ { + "tags" : [ "fips" ] + } ] + }, + "us-isob-east-1-fips" : { + "deprecated" : true + }, + "us-isob-west-1" : { } + } + }, + "securityhub" : { + "endpoints" : { "us-isob-east-1" : { } } }, + "servicediscovery" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "servicequotas" : { + "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, "snowball" : { "endpoints" : { "us-isob-east-1" : { } @@ -34592,7 +38581,8 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "sqs" : { @@ -34601,17 +38591,44 @@ "sslCommonName" : "{region}.queue.{dnsSuffix}" }, "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "sqs.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "sqs.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isob-west-1" : { } } }, "ssm" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "states" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "states-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "states-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isob-west-1" : { } } }, "storagegateway" : { @@ -34646,12 +38663,14 @@ "protocols" : [ "http", "https" ] }, "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "sts" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "support" : { @@ -34679,27 +38698,48 @@ "hostname" : "swf-fips.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] - } + }, + "us-isob-west-1" : { } } }, "synthetics" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } }, "tagging" : { "endpoints" : { + "us-isob-east-1" : { }, + "us-isob-west-1" : { } + } + }, + "wafv2" : { + "endpoints" : { "us-isob-east-1" : { } } }, "workspaces" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "workspaces-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "workspaces-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } } }, "xray" : { "endpoints" : { - "us-isob-east-1" : { } + "us-isob-east-1" : { }, + "us-isob-west-1" : { } } } } @@ -34723,7 +38763,541 @@ "description" : "EU ISOE West" } }, - "services" : { } + "services" : { + "access-analyzer" : { + "endpoints" : { + "eu-isoe-west-1" : { + "variants" : [ { + "hostname" : "access-analyzer.eu-isoe-west-1.api.cloud-aws.adc-e.uk", + "tags" : [ "dualstack" ] + } ] + } + } + }, + "acm" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "acm-pca" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "api.ecr" : { + "endpoints" : { + "eu-isoe-west-1" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "api.ecr.eu-isoe-west-1.cloud.adc-e.uk" + } + } + }, + "api.pricing" : { + "defaults" : { + "credentialScope" : { + "service" : "pricing" + } + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "apigateway" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "appconfig" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "appconfigdata" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "application-autoscaling" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "arc-zonal-shift" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "athena" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "autoscaling" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "batch" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "budgets" : { + "endpoints" : { + "aws-iso-e-global" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "budgets.global.cloud.adc-e.uk" + }, + "eu-isoe-west-1" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "budgets.global.cloud.adc-e.uk" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-e-global" + }, + "cloudcontrolapi" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "cloudformation" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "cloudtrail" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "cloudtrail-data" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "codedeploy" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "compute-optimizer" : { + "endpoints" : { + "eu-isoe-west-1" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "compute-optimizer.eu-isoe-west-1.cloud.adc-e.uk" + } + } + }, + "config" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "cost-optimization-hub" : { + "endpoints" : { + "eu-isoe-west-1" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "cost-optimization-hub.eu-isoe-west-1.cloud.adc-e.uk" + } + } + }, + "directconnect" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "dlm" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "dms" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ds" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "dynamodb" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ebs" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ec2" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ecs" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "eks" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "elasticache" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "elasticfilesystem" : { + "endpoints" : { + "eu-isoe-west-1" : { + "variants" : [ { + "hostname" : "elasticfilesystem-fips.eu-isoe-west-1.cloud.adc-e.uk", + "tags" : [ "fips" ] + } ] + }, + "fips-eu-isoe-west-1" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "deprecated" : true, + "hostname" : "elasticfilesystem-fips.eu-isoe-west-1.cloud.adc-e.uk" + } + } + }, + "elasticloadbalancing" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "elasticmapreduce" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "emr-serverless" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "es" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "events" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "firehose" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "glue" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "kinesis" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "kms" : { + "endpoints" : { + "ProdFips" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.eu-isoe-west-1.cloud.adc-e.uk" + }, + "eu-isoe-west-1" : { + "variants" : [ { + "hostname" : "kms-fips.eu-isoe-west-1.cloud.adc-e.uk", + "tags" : [ "fips" ] + } ] + }, + "eu-isoe-west-1-fips" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.eu-isoe-west-1.cloud.adc-e.uk" + } + } + }, + "lakeformation" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "lambda" : { + "endpoints" : { + "eu-isoe-west-1" : { + "variants" : [ { + "hostname" : "lambda.eu-isoe-west-1.api.cloud-aws.adc-e.uk", + "tags" : [ "dualstack" ] + } ] + } + } + }, + "license-manager" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "logs" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "monitoring" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "oam" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "organizations" : { + "endpoints" : { + "aws-iso-e-global" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "organizations.eu-isoe-west-1.cloud.adc-e.uk" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-e-global" + }, + "pi" : { + "endpoints" : { + "eu-isoe-west-1" : { + "protocols" : [ "https" ] + } + } + }, + "pipes" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ram" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "rbin" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "rds" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "redshift" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "redshift-serverless" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "resource-groups" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "route53" : { + "endpoints" : { + "aws-iso-e-global" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "route53.cloud.adc-e.uk" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-e-global" + }, + "route53profiles" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "route53resolver" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "s3" : { + "defaults" : { + "protocols" : [ "http", "https" ], + "signatureVersions" : [ "s3v4" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "savingsplans" : { + "endpoints" : { + "aws-iso-e-global" : { + "credentialScope" : { + "region" : "eu-isoe-west-1" + }, + "hostname" : "savingsplans.cloud.adc-e.uk" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-e-global" + }, + "scheduler" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "schemas" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "secretsmanager" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "servicecatalog" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "servicediscovery" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "servicequotas" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "sns" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "sqs" : { + "defaults" : { + "protocols" : [ "http", "https" ], + "sslCommonName" : "{region}.queue.{dnsSuffix}" + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "ssm" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "states" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "streams.dynamodb" : { + "defaults" : { + "credentialScope" : { + "service" : "dynamodb" + }, + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "sts" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "swf" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "synthetics" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "tagging" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "trustedadvisor" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + }, + "xray" : { + "endpoints" : { + "eu-isoe-west-1" : { } + } + } + } }, { "defaults" : { "hostname" : "{service}.{region}.{dnsSuffix}", @@ -34739,7 +39313,856 @@ "partition" : "aws-iso-f", "partitionName" : "AWS ISOF", "regionRegex" : "^us\\-isof\\-\\w+\\-\\d+$", - "regions" : { }, + "regions" : { + "us-isof-east-1" : { + "description" : "US ISOF EAST" + }, + "us-isof-south-1" : { + "description" : "US ISOF SOUTH" + } + }, + "services" : { + "access-analyzer" : { + "endpoints" : { + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "access-analyzer.us-isof-east-1.api.aws.hci.ic.gov", + "tags" : [ "dualstack" ] + } ] + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "access-analyzer.us-isof-south-1.api.aws.hci.ic.gov", + "tags" : [ "dualstack" ] + } ] + } + } + }, + "acm" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "acm-pca" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "api.ecr" : { + "endpoints" : { + "us-isof-east-1" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "hostname" : "api.ecr.us-isof-east-1.csp.hci.ic.gov" + }, + "us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "api.ecr.us-isof-south-1.csp.hci.ic.gov" + } + } + }, + "api.pricing" : { + "defaults" : { + "credentialScope" : { + "service" : "pricing" + } + }, + "endpoints" : { + "us-isof-south-1" : { } + } + }, + "api.sagemaker" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "appconfig" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "appconfigdata" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "application-autoscaling" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "arc-zonal-shift" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "athena" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "autoscaling" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "backup" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "batch" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "budgets" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "budgets.global.csp.hci.ic.gov" + }, + "us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "budgets.global.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "ce" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "ce.us-isof-south-1.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "cloudcontrolapi" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "cloudformation" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "cloudtrail" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "cloudtrail-data" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "codebuild" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "codedeploy" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "codepipeline" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "comprehend" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "compute-optimizer" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "compute-optimizer.us-isof-south-1.csp.hci.ic.gov" + } + } + }, + "config" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "cost-optimization-hub" : { + "endpoints" : { + "us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "cost-optimization-hub.us-isof-south-1.csp.hci.ic.gov" + } + } + }, + "directconnect" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "dlm" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "dms" : { + "endpoints" : { + "dms" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "variants" : [ { + "hostname" : "dms.us-isof-east-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "dms-fips" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "dms.us-isof-east-1.csp.hci.ic.gov" + }, + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "dms.us-isof-east-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-east-1-fips" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "dms.us-isof-east-1.csp.hci.ic.gov" + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "dms.us-isof-south-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-south-1-fips" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "deprecated" : true, + "hostname" : "dms.us-isof-south-1.csp.hci.ic.gov" + } + } + }, + "ds" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "dynamodb" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "ebs" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "ec2" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "ecs" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "eks" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "elasticache" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "elasticfilesystem" : { + "endpoints" : { + "fips-us-isof-east-1" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "elasticfilesystem-fips.us-isof-east-1.csp.hci.ic.gov" + }, + "fips-us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "deprecated" : true, + "hostname" : "elasticfilesystem-fips.us-isof-south-1.csp.hci.ic.gov" + }, + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "elasticfilesystem-fips.us-isof-east-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "elasticfilesystem-fips.us-isof-south-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "elasticloadbalancing" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "elasticmapreduce" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "es" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "events" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "firehose" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "fsx" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "glue" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "guardduty" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + }, + "isRegionalized" : true + }, + "iam" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "iam.us-isof-south-1.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "kinesis" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "kms" : { + "endpoints" : { + "ProdFips" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.us-isof-east-1.csp.hci.ic.gov" + }, + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "kms-fips.us-isof-east-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-east-1-fips" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.us-isof-east-1.csp.hci.ic.gov" + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "kms-fips.us-isof-south-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-south-1-fips" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.us-isof-south-1.csp.hci.ic.gov" + } + } + }, + "lakeformation" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "lambda" : { + "endpoints" : { + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "lambda.us-isof-east-1.api.aws.hci.ic.gov", + "tags" : [ "dualstack" ] + } ] + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "lambda.us-isof-south-1.api.aws.hci.ic.gov", + "tags" : [ "dualstack" ] + } ] + } + } + }, + "license-manager" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "logs" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "metrics.sagemaker" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "monitoring" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "oam" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "organizations" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "organizations.us-isof-south-1.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "pi" : { + "endpoints" : { + "us-isof-east-1" : { + "protocols" : [ "https" ] + }, + "us-isof-south-1" : { + "protocols" : [ "https" ] + } + } + }, + "pipes" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "quicksight" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "ram" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "rbin" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "rds" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "redshift" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "redshift-serverless" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "rekognition" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "resource-groups" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "route53" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "route53.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "route53profiles" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "route53resolver" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "runtime.sagemaker" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "s3" : { + "defaults" : { + "protocols" : [ "http", "https" ], + "signatureVersions" : [ "s3v4" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "savingsplans" : { + "endpoints" : { + "aws-iso-f-global" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "hostname" : "savingsplans.csp.hci.ic.gov" + } + }, + "isRegionalized" : false, + "partitionEndpoint" : "aws-iso-f-global" + }, + "scheduler" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "schemas" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "secretsmanager" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "servicediscovery" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "servicequotas" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "sns" : { + "defaults" : { + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "sqs" : { + "defaults" : { + "protocols" : [ "http", "https" ], + "sslCommonName" : "{region}.queue.{dnsSuffix}" + }, + "endpoints" : { + "fips-us-isof-east-1" : { + "credentialScope" : { + "region" : "us-isof-east-1" + }, + "deprecated" : true, + "hostname" : "sqs.us-isof-east-1.csp.hci.ic.gov" + }, + "fips-us-isof-south-1" : { + "credentialScope" : { + "region" : "us-isof-south-1" + }, + "deprecated" : true, + "hostname" : "sqs.us-isof-south-1.csp.hci.ic.gov" + }, + "us-isof-east-1" : { + "variants" : [ { + "hostname" : "sqs.us-isof-east-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isof-south-1" : { + "variants" : [ { + "hostname" : "sqs.us-isof-south-1.csp.hci.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "ssm" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "states" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "streams.dynamodb" : { + "defaults" : { + "credentialScope" : { + "service" : "dynamodb" + }, + "protocols" : [ "http", "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "sts" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "swf" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "synthetics" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "tagging" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "textract" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "transcribe" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "transcribestreaming" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "translate" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + }, + "trustedadvisor" : { + "endpoints" : { + "us-isof-south-1" : { } + } + }, + "xray" : { + "endpoints" : { + "us-isof-east-1" : { }, + "us-isof-south-1" : { } + } + } + } + }, { + "defaults" : { + "hostname" : "{service}.{region}.{dnsSuffix}", + "protocols" : [ "https" ], + "signatureVersions" : [ "v4" ], + "variants" : [ { + "dnsSuffix" : "amazonaws.eu", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "dnsSuffix" : "amazonaws.eu", + "partition" : "aws-eusc", + "partitionName" : "AWS EUSC", + "regionRegex" : "^eusc\\-(de)\\-\\w+\\-\\d+$", + "regions" : { + "eusc-de-east-1" : { + "description" : "EU (Germany)" + } + }, "services" : { } } ], "version" : 3 diff -pruN 2.23.6-1/awscli/botocore/data/entityresolution/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/entityresolution/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/entityresolution/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/entityresolution/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/entityresolution/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/entityresolution/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/entityresolution/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/entityresolution/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], "endpointPrefix":"entityresolution", "jsonVersion":"1.1", "protocol":"rest-json", @@ -11,8 +12,7 @@ "serviceId":"EntityResolution", "signatureVersion":"v4", "signingName":"entityresolution", - "uid":"entityresolution-2018-05-10", - "auth":["aws.auth#sigv4"] + "uid":"entityresolution-2018-05-10" }, "operations":{ "AddPolicyStatement":{ @@ -68,7 +68,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates an IdMappingWorkflow object which stores the configuration of the data processing job to be run. Each IdMappingWorkflow must have a unique workflow name. To modify an existing workflow, use the UpdateIdMappingWorkflow API.

" + "documentation":"

Creates an IdMappingWorkflow object which stores the configuration of the data processing job to be run. Each IdMappingWorkflow must have a unique workflow name. To modify an existing workflow, use the UpdateIdMappingWorkflow API.

Incremental processing is not supported for ID mapping workflows.

" }, "CreateIdNamespace":{ "name":"CreateIdNamespace", @@ -87,7 +87,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates an ID namespace object which will help customers provide metadata explaining their dataset and how to use it. Each ID namespace must have a unique name. To modify an existing ID namespace, use the UpdateIdNamespace API.

" + "documentation":"

Creates an ID namespace object which will help customers provide metadata explaining their dataset and how to use it. Each ID namespace must have a unique name. To modify an existing ID namespace, use the UpdateIdNamespace API.

" }, "CreateMatchingWorkflow":{ "name":"CreateMatchingWorkflow", @@ -106,7 +106,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"} ], - "documentation":"

Creates a MatchingWorkflow object which stores the configuration of the data processing job to be run. It is important to note that there should not be a pre-existing MatchingWorkflow with the same name. To modify an existing workflow, utilize the UpdateMatchingWorkflow API.

" + "documentation":"

Creates a matching workflow that defines the configuration for a data processing job. The workflow name must be unique. To modify an existing workflow, use UpdateMatchingWorkflow.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

" }, "CreateSchemaMapping":{ "name":"CreateSchemaMapping", @@ -222,6 +222,24 @@ "documentation":"

Deletes the SchemaMapping with a given name. This operation will succeed even if a schema with the given name does not exist. This operation will fail if there is a MatchingWorkflow object that references the SchemaMapping in the workflow's InputSourceConfig.

", "idempotent":true }, + "GenerateMatchId":{ + "name":"GenerateMatchId", + "http":{ + "method":"POST", + "requestUri":"/matchingworkflows/{workflowName}/generateMatches", + "responseCode":200 + }, + "input":{"shape":"GenerateMatchIdInput"}, + "output":{"shape":"GenerateMatchIdOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Generates or retrieves Match IDs for records using a rule-based matching workflow. When you call this operation, it processes your records against the workflow's matching rules to identify potential matches. For existing records, it retrieves their Match IDs and associated rules. For records without matches, it generates new Match IDs. The operation saves results to Amazon S3.

The processing type (processingType) you choose affects both the accuracy and response time of the operation. Additional charges apply for each API call, whether made through the Entity Resolution console or directly via the API. The rule-based matching workflow must exist and be active before calling this operation.

" + }, "GetIdMappingJob":{ "name":"GetIdMappingJob", "http":{ @@ -238,7 +256,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the status, metrics, and errors (if there are any) that are associated with a job.

" + "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

" }, "GetIdMappingWorkflow":{ "name":"GetIdMappingWorkflow", @@ -292,7 +310,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Returns the corresponding Match ID of a customer record if the record has been processed.

" + "documentation":"

Returns the corresponding Match ID of a customer record if the record has been processed in a rule-based matching workflow.

You can call this API as a dry run of an incremental load on the rule-based matching workflow.

" }, "GetMatchingJob":{ "name":"GetMatchingJob", @@ -310,7 +328,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Gets the status, metrics, and errors (if there are any) that are associated with a job.

" + "documentation":"

Returns the status, metrics, and errors (if there are any) that are associated with a job.

" }, "GetMatchingWorkflow":{ "name":"GetMatchingWorkflow", @@ -629,7 +647,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Updates an existing IdMappingWorkflow. This method is identical to CreateIdMappingWorkflow, except it uses an HTTP PUT request instead of a POST request, and the IdMappingWorkflow must already exist for the method to succeed.

", + "documentation":"

Updates an existing IdMappingWorkflow. This method is identical to CreateIdMappingWorkflow, except it uses an HTTP PUT request instead of a POST request, and the IdMappingWorkflow must already exist for the method to succeed.

Incremental processing is not supported for ID mapping workflows.

", "idempotent":true }, "UpdateIdNamespace":{ @@ -667,7 +685,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

Updates an existing MatchingWorkflow. This method is identical to CreateMatchingWorkflow, except it uses an HTTP PUT request instead of a POST request, and the MatchingWorkflow must already exist for the method to succeed.

", + "documentation":"

Updates an existing matching workflow. The workflow must already exist for this operation to succeed.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

", "idempotent":true }, "UpdateSchemaMapping":{ @@ -707,40 +725,40 @@ "AddPolicyStatementInput":{ "type":"structure", "required":[ - "action", "arn", + "statementId", "effect", - "principal", - "statementId" + "action", + "principal" ], "members":{ - "action":{ - "shape":"StatementActionList", - "documentation":"

The action that the principal can use on the resource.

For example, entityresolution:GetIdMappingJob, entityresolution:GetMatchingJob.

" - }, "arn":{ "shape":"VeniceGlobalArn", "documentation":"

The Amazon Resource Name (ARN) of the resource that will be accessed by the principal.

", "location":"uri", "locationName":"arn" }, - "condition":{ - "shape":"StatementCondition", - "documentation":"

A set of condition keys that you can use in key policies.

" + "statementId":{ + "shape":"StatementId", + "documentation":"

A statement identifier that differentiates the statement from others in the same policy.

", + "location":"uri", + "locationName":"statementId" }, "effect":{ "shape":"StatementEffect", "documentation":"

Determines whether the permissions specified in the policy are to be allowed (Allow) or denied (Deny).

If you set the value of the effect parameter to Deny for the AddPolicyStatement operation, you must also set the value of the effect parameter in the policy to Deny for the PutPolicy operation.

" }, + "action":{ + "shape":"StatementActionList", + "documentation":"

The action that the principal can use on the resource.

For example, entityresolution:GetIdMappingJob, entityresolution:GetMatchingJob.

" + }, "principal":{ "shape":"StatementPrincipalList", "documentation":"

The Amazon Web Services service or Amazon Web Services account that can access the resource defined as ARN.

" }, - "statementId":{ - "shape":"StatementId", - "documentation":"

A statement identifier that differentiates the statement from others in the same policy.

", - "location":"uri", - "locationName":"statementId" + "condition":{ + "shape":"StatementCondition", + "documentation":"

A set of condition keys that you can use in key policies.

" } } }, @@ -755,13 +773,13 @@ "shape":"VeniceGlobalArn", "documentation":"

The Amazon Resource Name (ARN) of the resource that will be accessed by the principal.

" }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

The resource-based policy.

" - }, "token":{ "shape":"PolicyToken", "documentation":"

A unique identifier for the current revision of the policy.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy.

" } } }, @@ -776,11 +794,11 @@ "type":"string", "max":255, "min":0, - "pattern":"^[a-zA-Z_0-9- \\t]*$" + "pattern":"[a-zA-Z_0-9- ]*" }, "AwsAccountId":{ "type":"string", - "pattern":"^\\d{12}$" + "pattern":"\\d{12}" }, "AwsAccountIdList":{ "type":"list", @@ -789,10 +807,16 @@ "BatchDeleteUniqueIdInput":{ "type":"structure", "required":[ - "uniqueIds", - "workflowName" + "workflowName", + "uniqueIds" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

", + "location":"uri", + "locationName":"workflowName" + }, "inputSource":{ "shape":"BatchDeleteUniqueIdInputInputSourceString", "documentation":"

The input source for the batch delete unique ID operation.

", @@ -804,28 +828,30 @@ "documentation":"

The unique IDs to delete.

", "location":"header", "locationName":"uniqueIds" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

", - "location":"uri", - "locationName":"workflowName" } } }, "BatchDeleteUniqueIdInputInputSourceString":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})" }, "BatchDeleteUniqueIdOutput":{ "type":"structure", "required":[ - "deleted", - "disconnectedUniqueIds", + "status", "errors", - "status" + "deleted", + "disconnectedUniqueIds" ], "members":{ + "status":{ + "shape":"DeleteUniqueIdStatus", + "documentation":"

The status of the batch delete unique ID operation.

" + }, + "errors":{ + "shape":"DeleteUniqueIdErrorsList", + "documentation":"

The errors from deleting multiple unique IDs.

" + }, "deleted":{ "shape":"DeletedUniqueIdList", "documentation":"

The unique IDs that were deleted.

" @@ -833,14 +859,6 @@ "disconnectedUniqueIds":{ "shape":"DisconnectedUniqueIdsList", "documentation":"

The unique IDs that were disconnected.

" - }, - "errors":{ - "shape":"DeleteUniqueIdErrorsList", - "documentation":"

The errors from deleting multiple unique IDs.

" - }, - "status":{ - "shape":"DeleteUniqueIdStatus", - "documentation":"

The status of the batch delete unique ID operation.

" } } }, @@ -853,7 +871,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

The request could not be processed because of conflict in the current state of the resource. Example: Workflow already exists, Schema already exists, Workflow is currently running, etc.

", + "documentation":"

The request couldn't be processed because of conflict in the current state of the resource. Example: Workflow already exists, Schema already exists, Workflow is currently running, etc.

", "error":{ "httpStatusCode":400, "senderFault":true @@ -863,26 +881,34 @@ "CreateIdMappingWorkflowInput":{ "type":"structure", "required":[ - "idMappingTechniques", + "workflowName", "inputSourceConfig", - "workflowName" + "idMappingTechniques" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow. There can't be multiple IdMappingWorkflows with the same name.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "idMappingTechniques":{ - "shape":"IdMappingTechniques", - "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" - }, "inputSourceConfig":{ "shape":"IdMappingWorkflowInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"IdMappingWorkflowOutputSourceConfig", - "documentation":"

A list of IdMappingWorkflowOutputSource objects, each of which contains fields OutputS3Path and Output.

" + "documentation":"

A list of IdMappingWorkflowOutputSource objects, each of which contains fields outputS3Path and KMSArn.

" + }, + "idMappingTechniques":{ + "shape":"IdMappingTechniques", + "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" + }, + "incrementalRunConfig":{ + "shape":"IdMappingIncrementalRunConfig", + "documentation":"

The incremental run configuration for the ID mapping workflow.

" }, "roleArn":{ "shape":"IdMappingRoleArn", @@ -891,49 +917,49 @@ "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow. There can't be multiple IdMappingWorkflows with the same name.

" } } }, "CreateIdMappingWorkflowOutput":{ "type":"structure", "required":[ - "idMappingTechniques", - "inputSourceConfig", + "workflowName", "workflowArn", - "workflowName" + "inputSourceConfig", + "idMappingTechniques" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"IdMappingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IDMappingWorkflow.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "idMappingTechniques":{ - "shape":"IdMappingTechniques", - "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" - }, "inputSourceConfig":{ "shape":"IdMappingWorkflowInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"IdMappingWorkflowOutputSourceConfig", - "documentation":"

A list of IdMappingWorkflowOutputSource objects, each of which contains fields OutputS3Path and Output.

" + "documentation":"

A list of IdMappingWorkflowOutputSource objects, each of which contains fields outputS3Path and KMSArn.

" + }, + "idMappingTechniques":{ + "shape":"IdMappingTechniques", + "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" + }, + "incrementalRunConfig":{ + "shape":"IdMappingIncrementalRunConfig", + "documentation":"

The incremental run configuration for the ID mapping workflow.

" }, "roleArn":{ "shape":"IdMappingRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to create resources on your behalf as part of workflow execution.

" - }, - "workflowArn":{ - "shape":"IdMappingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IDMappingWorkflow.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } } }, @@ -944,21 +970,25 @@ "type" ], "members":{ + "idNamespaceName":{ + "shape":"EntityName", + "documentation":"

The name of the ID namespace.

" + }, "description":{ "shape":"Description", "documentation":"

The description of the ID namespace.

" }, + "inputSourceConfig":{ + "shape":"IdNamespaceInputSourceConfig", + "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" + }, "idMappingWorkflowProperties":{ "shape":"IdNamespaceIdMappingWorkflowPropertiesList", "documentation":"

Determines the properties of IdMappingWorflow where this IdNamespace can be used as a Source or a Target.

" }, - "idNamespaceName":{ - "shape":"EntityName", - "documentation":"

The name of the ID namespace.

" - }, - "inputSourceConfig":{ - "shape":"IdNamespaceInputSourceConfig", - "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" + "type":{ + "shape":"IdNamespaceType", + "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId to which all sourceIds will resolve to.

" }, "roleArn":{ "shape":"RoleArn", @@ -967,95 +997,95 @@ "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" - }, - "type":{ - "shape":"IdNamespaceType", - "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId to which all sourceIds will resolve to.

" } } }, "CreateIdNamespaceOutput":{ "type":"structure", "required":[ - "createdAt", - "idNamespaceArn", "idNamespaceName", + "idNamespaceArn", "type", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the ID namespace was created.

" - }, - "description":{ - "shape":"Description", - "documentation":"

The description of the ID namespace.

" - }, - "idMappingWorkflowProperties":{ - "shape":"IdNamespaceIdMappingWorkflowPropertiesList", - "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" + "idNamespaceName":{ + "shape":"EntityName", + "documentation":"

The name of the ID namespace.

" }, "idNamespaceArn":{ "shape":"IdNamespaceArn", "documentation":"

The Amazon Resource Name (ARN) of the ID namespace.

" }, - "idNamespaceName":{ - "shape":"EntityName", - "documentation":"

The name of the ID namespace.

" + "description":{ + "shape":"Description", + "documentation":"

The description of the ID namespace.

" }, "inputSourceConfig":{ "shape":"IdNamespaceInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in inputSourceConfig on your behalf as part of the workflow run.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags used to organize, track, or control access for this resource.

" + "idMappingWorkflowProperties":{ + "shape":"IdNamespaceIdMappingWorkflowPropertiesList", + "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" }, "type":{ "shape":"IdNamespaceType", "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId to which all sourceIds will resolve to.

" }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in inputSourceConfig on your behalf as part of the workflow run.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the ID namespace was created.

" + }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the ID namespace was last updated.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" } } }, "CreateMatchingWorkflowInput":{ "type":"structure", "required":[ + "workflowName", "inputSourceConfig", "outputSourceConfig", "resolutionTechniques", - "roleArn", - "workflowName" + "roleArn" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow. There can't be multiple MatchingWorkflows with the same name.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "incrementalRunConfig":{ - "shape":"IncrementalRunConfig", - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" - }, "inputSourceConfig":{ "shape":"InputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"OutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path, ApplyNormalization, and Output.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path, applyNormalization, KMSArn, and output.

" }, "resolutionTechniques":{ "shape":"ResolutionTechniques", "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" }, + "incrementalRunConfig":{ + "shape":"IncrementalRunConfig", + "documentation":"

Optional. An object that defines the incremental run type. This object contains only the incrementalRunType field, which appears as \"Automatic\" in the console.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

" + }, "roleArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to create resources on your behalf as part of workflow execution.

" @@ -1063,65 +1093,65 @@ "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow. There can't be multiple MatchingWorkflows with the same name.

" } } }, "CreateMatchingWorkflowOutput":{ "type":"structure", "required":[ + "workflowName", + "workflowArn", "inputSourceConfig", "outputSourceConfig", "resolutionTechniques", - "roleArn", - "workflowArn", - "workflowName" + "roleArn" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"MatchingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "incrementalRunConfig":{ - "shape":"IncrementalRunConfig", - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" - }, "inputSourceConfig":{ "shape":"InputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"OutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path, ApplyNormalization, and Output.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path, applyNormalization, KMSArn, and output.

" }, "resolutionTechniques":{ "shape":"ResolutionTechniques", "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" }, + "incrementalRunConfig":{ + "shape":"IncrementalRunConfig", + "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" + }, "roleArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to create resources on your behalf as part of workflow execution.

" - }, - "workflowArn":{ - "shape":"MatchingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } } }, "CreateSchemaMappingInput":{ "type":"structure", "required":[ - "mappedInputFields", - "schemaName" + "schemaName", + "mappedInputFields" ], "members":{ + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema. There can't be multiple SchemaMappings with the same name.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the schema.

" @@ -1130,10 +1160,6 @@ "shape":"SchemaInputAttributes", "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information that Entity Resolution uses for matching.

" }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema. There can't be multiple SchemaMappings with the same name.

" - }, "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" @@ -1143,12 +1169,20 @@ "CreateSchemaMappingOutput":{ "type":"structure", "required":[ - "description", - "mappedInputFields", + "schemaName", "schemaArn", - "schemaName" + "description", + "mappedInputFields" ], "members":{ + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema.

" + }, + "schemaArn":{ + "shape":"SchemaMappingArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the schema.

" @@ -1156,14 +1190,6 @@ "mappedInputFields":{ "shape":"SchemaInputAttributes", "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information that Entity Resolution uses for matching.

" - }, - "schemaArn":{ - "shape":"SchemaMappingArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" - }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema.

" } } }, @@ -1265,13 +1291,13 @@ "shape":"VeniceGlobalArn", "documentation":"

The ARN of the resource for which the policy need to be deleted.

" }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

The resource-based policy.

" - }, "token":{ "shape":"PolicyToken", "documentation":"

A unique identifier for the deleted policy.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy.

" } } }, @@ -1300,20 +1326,20 @@ "DeleteUniqueIdError":{ "type":"structure", "required":[ - "errorType", - "uniqueId" + "uniqueId", + "errorType" ], "members":{ + "uniqueId":{ + "shape":"HeaderSafeUniqueId", + "documentation":"

The unique ID that couldn't be deleted.

" + }, "errorType":{ "shape":"DeleteUniqueIdErrorType", - "documentation":"

The error type for the batch delete unique ID operation.

" - }, - "uniqueId":{ - "shape":"UniqueId", - "documentation":"

The unique ID that could not be deleted.

" + "documentation":"

The error type for the delete unique ID operation.

The SERVICE_ERROR value indicates that an internal service-side problem occurred during the deletion operation.

The VALIDATION_ERROR value indicates that the deletion operation couldn't complete because of invalid input parameters or data.

" } }, - "documentation":"

The Delete Unique Id error.

" + "documentation":"

The error information provided when the delete unique ID operation doesn't complete.

" }, "DeleteUniqueIdErrorType":{ "type":"string", @@ -1338,7 +1364,7 @@ "required":["uniqueId"], "members":{ "uniqueId":{ - "shape":"UniqueId", + "shape":"HeaderSafeUniqueId", "documentation":"

The unique ID of the deleted item.

" } }, @@ -1355,27 +1381,26 @@ }, "DisconnectedUniqueIdsList":{ "type":"list", - "member":{"shape":"UniqueId"} + "member":{"shape":"HeaderSafeUniqueId"} }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "EntityName":{ "type":"string", "max":255, "min":1, - "pattern":"^[a-zA-Z_0-9-]*$" + "pattern":"[a-zA-Z_0-9-]*" }, "EntityNameOrIdMappingWorkflowArn":{ "type":"string", - "pattern":"^[a-zA-Z_0-9-=+/]*$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idmappingworkflow/[a-zA-Z_0-9-]{1,255})$" + "pattern":"[a-zA-Z_0-9-=+/]*$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idmappingworkflow/[a-zA-Z_0-9-]{1,255})" }, "EntityNameOrIdNamespaceArn":{ "type":"string", - "pattern":"^[a-zA-Z_0-9-=+/]*$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$" + "pattern":"[a-zA-Z_0-9-=+/]*$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})" }, "ErrorDetails":{ "type":"structure", @@ -1412,24 +1437,97 @@ }, "exception":true }, - "GetIdMappingJobInput":{ + "FailedRecord":{ "type":"structure", "required":[ - "jobId", - "workflowName" + "inputSourceARN", + "uniqueId", + "errorMessage" ], "members":{ - "jobId":{ - "shape":"JobId", - "documentation":"

The ID of the job.

", + "inputSourceARN":{ + "shape":"InputSourceARN", + "documentation":"

The input source ARN of the record that didn't generate a Match ID.

" + }, + "uniqueId":{ + "shape":"String", + "documentation":"

The unique ID of the record that didn't generate a Match ID.

" + }, + "errorMessage":{ + "shape":"ErrorMessage", + "documentation":"

The error message for the record that didn't generate a Match ID.

" + } + }, + "documentation":"

The record that didn't generate a Match ID.

" + }, + "FailedRecordsList":{ + "type":"list", + "member":{"shape":"FailedRecord"} + }, + "GenerateMatchIdInput":{ + "type":"structure", + "required":[ + "workflowName", + "records" + ], + "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the rule-based matching workflow.

", "location":"uri", - "locationName":"jobId" + "locationName":"workflowName" + }, + "records":{ + "shape":"GenerateMatchIdInputRecordsList", + "documentation":"

The records to match.

" }, + "processingType":{ + "shape":"ProcessingType", + "documentation":"

The processing mode that determines how Match IDs are generated and results are saved. Each mode provides different levels of accuracy, response time, and completeness of results.

If not specified, defaults to CONSISTENT.

CONSISTENT: Performs immediate lookup and matching against all existing records, with results saved synchronously. Provides highest accuracy but slower response time.

EVENTUAL (shown as Background in the console): Performs initial match ID lookup or generation immediately, with record updates processed asynchronously in the background. Offers faster initial response time, with complete matching results available later in S3.

EVENTUAL_NO_LOOKUP (shown as Quick ID generation in the console): Generates new match IDs without checking existing matches, with updates processed asynchronously. Provides fastest response time but should only be used for records known to be unique.

" + } + } + }, + "GenerateMatchIdInputRecordsList":{ + "type":"list", + "member":{"shape":"Record"}, + "max":1, + "min":1 + }, + "GenerateMatchIdOutput":{ + "type":"structure", + "required":[ + "matchGroups", + "failedRecords" + ], + "members":{ + "matchGroups":{ + "shape":"MatchGroupsList", + "documentation":"

The match groups from the generated match ID.

" + }, + "failedRecords":{ + "shape":"FailedRecordsList", + "documentation":"

The records that didn't receive a generated Match ID.

" + } + } + }, + "GetIdMappingJobInput":{ + "type":"structure", + "required":[ + "workflowName", + "jobId" + ], + "members":{ "workflowName":{ "shape":"EntityNameOrIdMappingWorkflowArn", "documentation":"

The name of the workflow.

", "location":"uri", "locationName":"workflowName" + }, + "jobId":{ + "shape":"JobId", + "documentation":"

The ID of the job.

", + "location":"uri", + "locationName":"jobId" } } }, @@ -1437,34 +1535,38 @@ "type":"structure", "required":[ "jobId", - "startTime", - "status" + "status", + "startTime" ], "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

The time at which the job has finished.

" - }, - "errorDetails":{"shape":"ErrorDetails"}, "jobId":{ "shape":"JobId", "documentation":"

The ID of the job.

" }, + "status":{ + "shape":"JobStatus", + "documentation":"

The current status of the job.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The time at which the job was started.

" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

The time at which the job has finished.

" + }, "metrics":{ "shape":"IdMappingJobMetrics", "documentation":"

Metrics associated with the execution, specifically total records processed, unique IDs generated, and records the execution skipped.

" }, + "errorDetails":{"shape":"ErrorDetails"}, "outputSourceConfig":{ "shape":"IdMappingJobOutputSourceConfig", "documentation":"

A list of OutputSource objects.

" }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

The time at which the job was started.

" - }, - "status":{ - "shape":"JobStatus", - "documentation":"

The current status of the job.

" + "jobType":{ + "shape":"JobType", + "documentation":"

The job type of the ID mapping job.

A value of INCREMENTAL indicates that only new or changed data was processed since the last job run. This is the default job type if the workflow was created with an incrementalRunConfig.

A value of BATCH indicates that all data was processed from the input source, regardless of previous job runs. This is the default job type if the workflow wasn't created with an incrementalRunConfig.

A value of DELETE_ONLY indicates that only deletion requests from BatchDeleteUniqueIds were processed.

" } } }, @@ -1483,53 +1585,57 @@ "GetIdMappingWorkflowOutput":{ "type":"structure", "required":[ - "createdAt", - "idMappingTechniques", - "inputSourceConfig", - "updatedAt", + "workflowName", "workflowArn", - "workflowName" + "inputSourceConfig", + "idMappingTechniques", + "createdAt", + "updatedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the workflow was created.

" + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"IdMappingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IdMappingWorkflow .

" }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "idMappingTechniques":{ - "shape":"IdMappingTechniques", - "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" - }, "inputSourceConfig":{ "shape":"IdMappingWorkflowInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"IdMappingWorkflowOutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path and KMSArn.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path and KMSArn.

" }, - "roleArn":{ - "shape":"IdMappingRoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" + "idMappingTechniques":{ + "shape":"IdMappingTechniques", + "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags used to organize, track, or control access for this resource.

" + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the workflow was created.

" }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the workflow was last updated.

" }, - "workflowArn":{ - "shape":"IdMappingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IdMappingWorkflow .

" + "incrementalRunConfig":{ + "shape":"IdMappingIncrementalRunConfig", + "documentation":"

The incremental run configuration for the ID mapping workflow.

" }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" + "roleArn":{ + "shape":"IdMappingRoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" } } }, @@ -1548,75 +1654,75 @@ "GetIdNamespaceOutput":{ "type":"structure", "required":[ - "createdAt", - "idNamespaceArn", "idNamespaceName", + "idNamespaceArn", "type", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the ID namespace was created.

" - }, - "description":{ - "shape":"Description", - "documentation":"

The description of the ID namespace.

" - }, - "idMappingWorkflowProperties":{ - "shape":"IdNamespaceIdMappingWorkflowPropertiesList", - "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" + "idNamespaceName":{ + "shape":"EntityName", + "documentation":"

The name of the ID namespace.

" }, "idNamespaceArn":{ "shape":"IdNamespaceArn", "documentation":"

The Amazon Resource Name (ARN) of the ID namespace.

" }, - "idNamespaceName":{ - "shape":"EntityName", - "documentation":"

The name of the ID namespace.

" + "description":{ + "shape":"Description", + "documentation":"

The description of the ID namespace.

" }, "inputSourceConfig":{ "shape":"IdNamespaceInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in this IdNamespace on your behalf as part of a workflow run.

" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

The tags used to organize, track, or control access for this resource.

" + "idMappingWorkflowProperties":{ + "shape":"IdNamespaceIdMappingWorkflowPropertiesList", + "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" }, "type":{ "shape":"IdNamespaceType", "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId to which all sourceIds will resolve to.

" }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in this IdNamespace on your behalf as part of a workflow run.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the ID namespace was created.

" + }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the ID namespace was last updated.

" + }, + "tags":{ + "shape":"TagMap", + "documentation":"

The tags used to organize, track, or control access for this resource.

" } } }, "GetMatchIdInput":{ "type":"structure", "required":[ - "record", - "workflowName" + "workflowName", + "record" ], "members":{ - "applyNormalization":{ - "shape":"Boolean", - "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" - }, - "record":{ - "shape":"RecordAttributeMap", - "documentation":"

The record to fetch the Match ID for.

" - }, "workflowName":{ "shape":"EntityName", "documentation":"

The name of the workflow.

", "location":"uri", "locationName":"workflowName" + }, + "record":{ + "shape":"RecordAttributeMap", + "documentation":"

The record to fetch the Match ID for.

" + }, + "applyNormalization":{ + "shape":"Boolean", + "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" } } }, @@ -1636,21 +1742,21 @@ "GetMatchingJobInput":{ "type":"structure", "required":[ - "jobId", - "workflowName" + "workflowName", + "jobId" ], "members":{ - "jobId":{ - "shape":"JobId", - "documentation":"

The ID of the job.

", - "location":"uri", - "locationName":"jobId" - }, "workflowName":{ "shape":"EntityName", "documentation":"

The name of the workflow.

", "location":"uri", "locationName":"workflowName" + }, + "jobId":{ + "shape":"JobId", + "documentation":"

The ID of the job.

", + "location":"uri", + "locationName":"jobId" } } }, @@ -1658,37 +1764,37 @@ "type":"structure", "required":[ "jobId", - "startTime", - "status" + "status", + "startTime" ], "members":{ + "jobId":{ + "shape":"JobId", + "documentation":"

The unique identifier of the matching job.

" + }, + "status":{ + "shape":"JobStatus", + "documentation":"

The current status of the job.

" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

The time at which the job was started.

" + }, "endTime":{ "shape":"Timestamp", "documentation":"

The time at which the job has finished.

" }, - "errorDetails":{ - "shape":"ErrorDetails", - "documentation":"

An object containing an error message, if there was an error.

" - }, - "jobId":{ - "shape":"JobId", - "documentation":"

The ID of the job.

" - }, "metrics":{ "shape":"JobMetrics", "documentation":"

Metrics associated with the execution, specifically total records processed, unique IDs generated, and records the execution skipped.

" }, + "errorDetails":{ + "shape":"ErrorDetails", + "documentation":"

An object containing an error message, if there was an error.

" + }, "outputSourceConfig":{ "shape":"JobOutputSourceConfig", "documentation":"

A list of OutputSource objects.

" - }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

The time at which the job was started.

" - }, - "status":{ - "shape":"JobStatus", - "documentation":"

The current status of the job.

" } } }, @@ -1707,40 +1813,52 @@ "GetMatchingWorkflowOutput":{ "type":"structure", "required":[ - "createdAt", + "workflowName", + "workflowArn", "inputSourceConfig", "outputSourceConfig", "resolutionTechniques", - "roleArn", + "createdAt", "updatedAt", - "workflowArn", - "workflowName" + "roleArn" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the workflow was created.

" + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"MatchingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "incrementalRunConfig":{ - "shape":"IncrementalRunConfig", - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" - }, "inputSourceConfig":{ "shape":"InputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"OutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path, ApplyNormalization, and Output.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path, applyNormalization, KMSArn, and output.

" }, "resolutionTechniques":{ "shape":"ResolutionTechniques", "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the workflow was created.

" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the workflow was last updated.

" + }, + "incrementalRunConfig":{ + "shape":"IncrementalRunConfig", + "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" + }, "roleArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" @@ -1748,18 +1866,6 @@ "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" - }, - "updatedAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the workflow was last updated.

" - }, - "workflowArn":{ - "shape":"MatchingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } } }, @@ -1786,13 +1892,13 @@ "shape":"VeniceGlobalArn", "documentation":"

The Entity Resolution resource ARN.

" }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

The resource-based policy.

" - }, "token":{ "shape":"PolicyToken", "documentation":"

A unique identifier for the current revision of the policy.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy.

" } } }, @@ -1820,67 +1926,67 @@ "GetProviderServiceOutput":{ "type":"structure", "required":[ - "anonymizedOutput", - "providerEndpointConfiguration", - "providerEntityOutputDefinition", "providerName", - "providerServiceArn", - "providerServiceDisplayName", "providerServiceName", - "providerServiceType" + "providerServiceDisplayName", + "providerServiceType", + "providerServiceArn", + "providerEndpointConfiguration", + "anonymizedOutput", + "providerEntityOutputDefinition" ], "members":{ - "anonymizedOutput":{ - "shape":"Boolean", - "documentation":"

Specifies whether output data from the provider is anonymized. A value of TRUE means the output will be anonymized and you can't relate the data that comes back from the provider to the identifying input. A value of FALSE means the output won't be anonymized and you can relate the data that comes back from the provider to your source data.

" + "providerName":{ + "shape":"EntityName", + "documentation":"

The name of the provider. This name is typically the company name.

" }, - "providerComponentSchema":{ - "shape":"ProviderComponentSchema", - "documentation":"

Input schema for the provider service.

" + "providerServiceName":{ + "shape":"EntityName", + "documentation":"

The name of the product that the provider service provides.

" }, - "providerConfigurationDefinition":{ - "shape":"Document", - "documentation":"

The definition of the provider configuration.

" + "providerServiceDisplayName":{ + "shape":"ProviderServiceDisplayName", + "documentation":"

The display name of the provider service.

" }, - "providerEndpointConfiguration":{ - "shape":"ProviderEndpointConfiguration", - "documentation":"

The required configuration fields to use with the provider service.

" + "providerServiceType":{ + "shape":"ServiceType", + "documentation":"

The type of provider service.

" }, - "providerEntityOutputDefinition":{ + "providerServiceArn":{ + "shape":"ProviderServiceArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the provider service.

" + }, + "providerConfigurationDefinition":{ "shape":"Document", - "documentation":"

The definition of the provider entity output.

" + "documentation":"

The definition of the provider configuration.

" }, "providerIdNameSpaceConfiguration":{ "shape":"ProviderIdNameSpaceConfiguration", "documentation":"

The provider configuration required for different ID namespace types.

" }, - "providerIntermediateDataAccessConfiguration":{ - "shape":"ProviderIntermediateDataAccessConfiguration", - "documentation":"

The Amazon Web Services accounts and the S3 permissions that are required by some providers to create an S3 bucket for intermediate data storage.

" - }, "providerJobConfiguration":{ "shape":"Document", "documentation":"

Provider service job configurations.

" }, - "providerName":{ - "shape":"EntityName", - "documentation":"

The name of the provider. This name is typically the company name.

" + "providerEndpointConfiguration":{ + "shape":"ProviderEndpointConfiguration", + "documentation":"

The required configuration fields to use with the provider service.

" }, - "providerServiceArn":{ - "shape":"ProviderServiceArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the provider service.

" + "anonymizedOutput":{ + "shape":"Boolean", + "documentation":"

Specifies whether output data from the provider is anonymized. A value of TRUE means the output will be anonymized and you can't relate the data that comes back from the provider to the identifying input. A value of FALSE means the output won't be anonymized and you can relate the data that comes back from the provider to your source data.

" }, - "providerServiceDisplayName":{ - "shape":"ProviderServiceDisplayName", - "documentation":"

The display name of the provider service.

" + "providerEntityOutputDefinition":{ + "shape":"Document", + "documentation":"

The definition of the provider entity output.

" }, - "providerServiceName":{ - "shape":"EntityName", - "documentation":"

The name of the product that the provider service provides.

" + "providerIntermediateDataAccessConfiguration":{ + "shape":"ProviderIntermediateDataAccessConfiguration", + "documentation":"

The Amazon Web Services accounts and the S3 permissions that are required by some providers to create an S3 bucket for intermediate data storage.

" }, - "providerServiceType":{ - "shape":"ServiceType", - "documentation":"

The type of provider service.

" + "providerComponentSchema":{ + "shape":"ProviderComponentSchema", + "documentation":"

Input schema for the provider service.

" } } }, @@ -1899,48 +2005,68 @@ "GetSchemaMappingOutput":{ "type":"structure", "required":[ - "createdAt", - "hasWorkflows", - "mappedInputFields", - "schemaArn", "schemaName", - "updatedAt" + "schemaArn", + "mappedInputFields", + "createdAt", + "updatedAt", + "hasWorkflows" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the SchemaMapping was created.

" + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema.

" + }, + "schemaArn":{ + "shape":"SchemaMappingArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" }, "description":{ "shape":"Description", "documentation":"

A description of the schema.

" }, - "hasWorkflows":{ - "shape":"Boolean", - "documentation":"

Specifies whether the schema mapping has been applied to a workflow.

" - }, "mappedInputFields":{ "shape":"SchemaInputAttributes", - "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information Venice uses for matching.

" + "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information Entity Resolution uses for matching.

" }, - "schemaArn":{ - "shape":"SchemaMappingArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the SchemaMapping was created.

" }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema.

" + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the SchemaMapping was last updated.

" }, "tags":{ "shape":"TagMap", "documentation":"

The tags used to organize, track, or control access for this resource.

" }, - "updatedAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the SchemaMapping was last updated.

" + "hasWorkflows":{ + "shape":"Boolean", + "documentation":"

Specifies whether the schema mapping has been applied to a workflow.

" } } }, + "HeaderSafeUniqueId":{ + "type":"string", + "max":780, + "min":1, + "pattern":"[a-zA-Z_0-9-+=/,]*" + }, + "IdMappingIncrementalRunConfig":{ + "type":"structure", + "members":{ + "incrementalRunType":{ + "shape":"IdMappingIncrementalRunType", + "documentation":"

The incremental run type for an ID mapping workflow.

It takes only one value: ON_DEMAND. This setting runs the ID mapping workflow when it's manually triggered through the StartIdMappingJob API.

" + } + }, + "documentation":"

Incremental run configuration for an ID mapping workflow.

" + }, + "IdMappingIncrementalRunType":{ + "type":"string", + "enum":["ON_DEMAND"] + }, "IdMappingJobMetrics":{ "type":"structure", "members":{ @@ -1948,10 +2074,18 @@ "shape":"Integer", "documentation":"

The total number of records that were input for processing.

" }, + "totalRecordsProcessed":{ + "shape":"Integer", + "documentation":"

The total number of records that were processed.

" + }, "recordsNotProcessed":{ "shape":"Integer", "documentation":"

The total number of records that did not get processed.

" }, + "deleteRecordsProcessed":{ + "shape":"Integer", + "documentation":"

The number of records processed that were marked for deletion in the input file using the DELETE schema mapping field. These are the records to be removed from the ID mapping table.

" + }, "totalMappedRecords":{ "shape":"Integer", "documentation":"

The total number of records that were mapped.

" @@ -1964,34 +2098,62 @@ "shape":"Integer", "documentation":"

The total number of distinct mapped target records.

" }, - "totalRecordsProcessed":{ + "uniqueRecordsLoaded":{ "shape":"Integer", - "documentation":"

The total number of records that were processed.

" + "documentation":"

The number of de-duplicated processed records across all runs, excluding deletion-related records. Duplicates are determined by the field marked as UNIQUE_ID in your schema mapping. Records sharing the same value in this field are considered duplicates. For example, if you specified \"customer_id\" as a UNIQUE_ID field and had three records with the same customer_id value, they would count as one unique record in this metric.

" + }, + "newMappedRecords":{ + "shape":"Integer", + "documentation":"

The number of new mapped records.

" + }, + "newMappedSourceRecords":{ + "shape":"Integer", + "documentation":"

The number of new source records mapped.

" + }, + "newMappedTargetRecords":{ + "shape":"Integer", + "documentation":"

The number of new mapped target records.

" + }, + "newUniqueRecordsLoaded":{ + "shape":"Integer", + "documentation":"

The number of new unique records processed in the current job run, after removing duplicates. This metric excludes deletion-related records. Duplicates are determined by the field marked as UNIQUE_ID in your schema mapping. Records sharing the same value in this field are considered duplicates. For example, if your current run processes five new records with the same UNIQUE_ID value, they would count as one new unique record in this metric.

" + }, + "mappedRecordsRemoved":{ + "shape":"Integer", + "documentation":"

The number of mapped records removed.

" + }, + "mappedSourceRecordsRemoved":{ + "shape":"Integer", + "documentation":"

The number of source records removed due to ID mapping.

" + }, + "mappedTargetRecordsRemoved":{ + "shape":"Integer", + "documentation":"

The number of mapped target records removed.

" } }, - "documentation":"

An object containing InputRecords, RecordsNotProcessed, TotalRecordsProcessed, TotalMappedRecords, TotalMappedSourceRecords, and TotalMappedTargetRecords.

" + "documentation":"

An object that contains metrics about an ID mapping job, including counts of input records, processed records, and mapped records between source and target identifiers.

" }, "IdMappingJobOutputSource":{ "type":"structure", "required":[ - "outputS3Path", - "roleArn" + "roleArn", + "outputS3Path" ], "members":{ - "KMSArn":{ - "shape":"KMSArn", - "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf as part of workflow execution.

" }, "outputS3Path":{ "shape":"S3Path", "documentation":"

The S3 path to which Entity Resolution will write the output table.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf as part of workflow execution.

" + "KMSArn":{ + "shape":"KMSArn", + "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" } }, - "documentation":"

An object containing KMSArn, OutputS3Path, and RoleARN.

" + "documentation":"

An object containing KMSArn, outputS3Path, and roleARN.

" }, "IdMappingJobOutputSourceConfig":{ "type":"list", @@ -2003,31 +2165,31 @@ "type":"string", "max":512, "min":0, - "pattern":"^$|^arn:aws:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"$|^arn:aws:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "IdMappingRuleBasedProperties":{ "type":"structure", "required":[ + "ruleDefinitionType", "attributeMatchingModel", - "recordMatchingModel", - "ruleDefinitionType" + "recordMatchingModel" ], "members":{ + "rules":{ + "shape":"IdMappingRuleBasedPropertiesRulesList", + "documentation":"

The rules that can be used for ID mapping.

" + }, + "ruleDefinitionType":{ + "shape":"IdMappingWorkflowRuleDefinitionType", + "documentation":"

The set of rules you can use in an ID mapping workflow. The limitations specified for the source or target to define the match rules must be compatible.

" + }, "attributeMatchingModel":{ "shape":"AttributeMatchingModel", - "documentation":"

The comparison type. You can either choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A matches the value of the BusinessEmail field of Profile B, the two profiles are matched on the Email attribute type.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

" + "documentation":"

The comparison type. You can either choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A matches the value of the BusinessEmail field of Profile B, the two profiles are matched on the Email attribute type.

" }, "recordMatchingModel":{ "shape":"RecordMatchingModel", "documentation":"

The type of matching record that is allowed to be used in an ID mapping workflow.

If the value is set to ONE_SOURCE_TO_ONE_TARGET, only one record in the source can be matched to the same record in the target.

If the value is set to MANY_SOURCE_TO_ONE_TARGET, multiple records in the source can be matched to one record in the target.

" - }, - "ruleDefinitionType":{ - "shape":"IdMappingWorkflowRuleDefinitionType", - "documentation":"

The set of rules you can use in an ID mapping workflow. The limitations specified for the source or target to define the match rules must be compatible.

" - }, - "rules":{ - "shape":"IdMappingRuleBasedPropertiesRulesList", - "documentation":"

The rules that can be used for ID mapping.

" } }, "documentation":"

An object that defines the list of matching rules to run in an ID mapping workflow.

" @@ -2046,13 +2208,13 @@ "shape":"IdMappingType", "documentation":"

The type of ID mapping.

" }, - "providerProperties":{ - "shape":"ProviderProperties", - "documentation":"

An object which defines any additional configurations required by the provider service.

" - }, "ruleBasedProperties":{ "shape":"IdMappingRuleBasedProperties", "documentation":"

An object which defines any additional configurations required by rule-based matching.

" + }, + "providerProperties":{ + "shape":"ProviderProperties", + "documentation":"

An object which defines any additional configurations required by the provider service.

" } }, "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" @@ -2066,14 +2228,14 @@ }, "IdMappingWorkflowArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idmappingworkflow/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idmappingworkflow/[a-zA-Z_0-9-]{1,255})" }, "IdMappingWorkflowInputSource":{ "type":"structure", "required":["inputSourceARN"], "members":{ "inputSourceARN":{ - "shape":"IdMappingWorkflowInputSourceInputSourceARNString", + "shape":"InputSourceARN", "documentation":"

An Glue table Amazon Resource Name (ARN) or a matching workflow ARN for the input source table.

" }, "schemaName":{ @@ -2085,7 +2247,7 @@ "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId which all sourceIds will resolve to.

" } }, - "documentation":"

An object containing InputSourceARN, SchemaName, and Type.

" + "documentation":"

An object containing inputSourceARN, schemaName, and type.

" }, "IdMappingWorkflowInputSourceConfig":{ "type":"list", @@ -2093,10 +2255,6 @@ "max":20, "min":1 }, - "IdMappingWorkflowInputSourceInputSourceARNString":{ - "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$" - }, "IdMappingWorkflowList":{ "type":"list", "member":{"shape":"IdMappingWorkflowSummary"} @@ -2105,13 +2263,13 @@ "type":"structure", "required":["outputS3Path"], "members":{ - "KMSArn":{ - "shape":"KMSArn", - "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" - }, "outputS3Path":{ "shape":"S3Path", "documentation":"

The S3 path to which Entity Resolution will write the output table.

" + }, + "KMSArn":{ + "shape":"KMSArn", + "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" } }, "documentation":"

The output source for the ID mapping workflow.

" @@ -2136,12 +2294,20 @@ "IdMappingWorkflowSummary":{ "type":"structure", "required":[ - "createdAt", - "updatedAt", + "workflowName", "workflowArn", - "workflowName" + "createdAt", + "updatedAt" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"IdMappingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IdMappingWorkflow.

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the workflow was created.

" @@ -2149,21 +2315,13 @@ "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the workflow was last updated.

" - }, - "workflowArn":{ - "shape":"IdMappingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the IdMappingWorkflow.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } }, "documentation":"

A list of IdMappingWorkflowSummary objects, each of which contain the fields WorkflowName, WorkflowArn, CreatedAt, and UpdatedAt.

" }, "IdNamespaceArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})" }, "IdNamespaceIdMappingWorkflowMetadata":{ "type":"structure", @@ -2190,16 +2348,16 @@ "shape":"IdMappingType", "documentation":"

The type of ID mapping.

" }, - "providerProperties":{ - "shape":"NamespaceProviderProperties", - "documentation":"

An object which defines any additional configurations required by the provider service.

" - }, "ruleBasedProperties":{ "shape":"NamespaceRuleBasedProperties", "documentation":"

An object which defines any additional configurations required by rule-based matching.

" + }, + "providerProperties":{ + "shape":"NamespaceProviderProperties", + "documentation":"

An object which defines any additional configurations required by the provider service.

" } }, - "documentation":"

An object containing IdMappingType, ProviderProperties, and RuleBasedProperties.

" + "documentation":"

An object containing idMappingType, providerProperties, and ruleBasedProperties.

" }, "IdNamespaceIdMappingWorkflowPropertiesList":{ "type":"list", @@ -2212,7 +2370,7 @@ "required":["inputSourceARN"], "members":{ "inputSourceARN":{ - "shape":"IdNamespaceInputSourceInputSourceARNString", + "shape":"InputSourceARN", "documentation":"

An Glue table Amazon Resource Name (ARN) or a matching workflow ARN for the input source table.

" }, "schemaName":{ @@ -2220,7 +2378,7 @@ "documentation":"

The name of the schema.

" } }, - "documentation":"

An object containing InputSourceARN and SchemaName.

" + "documentation":"

An object containing inputSourceARN and schemaName.

" }, "IdNamespaceInputSourceConfig":{ "type":"list", @@ -2228,10 +2386,6 @@ "max":20, "min":0 }, - "IdNamespaceInputSourceInputSourceARNString":{ - "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$" - }, "IdNamespaceList":{ "type":"list", "member":{"shape":"IdNamespaceSummary"} @@ -2239,16 +2393,20 @@ "IdNamespaceSummary":{ "type":"structure", "required":[ - "createdAt", - "idNamespaceArn", "idNamespaceName", + "idNamespaceArn", "type", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the ID namespace was created.

" + "idNamespaceName":{ + "shape":"EntityName", + "documentation":"

The name of the ID namespace.

" + }, + "idNamespaceArn":{ + "shape":"IdNamespaceArn", + "documentation":"

The Amazon Resource Name (ARN) of the ID namespace.

" }, "description":{ "shape":"Description", @@ -2258,18 +2416,14 @@ "shape":"IdNamespaceIdMappingWorkflowMetadataList", "documentation":"

An object which defines any additional configurations required by the ID mapping workflow.

" }, - "idNamespaceArn":{ - "shape":"IdNamespaceArn", - "documentation":"

The Amazon Resource Name (ARN) of the ID namespace.

" - }, - "idNamespaceName":{ - "shape":"EntityName", - "documentation":"

The name of the ID namespace.

" - }, "type":{ "shape":"IdNamespaceType", "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId which all sourceIds will resolve to.

" }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the ID namespace was created.

" + }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the ID namespace was last updated.

" @@ -2289,10 +2443,10 @@ "members":{ "incrementalRunType":{ "shape":"IncrementalRunType", - "documentation":"

The type of incremental run. It takes only one value: IMMEDIATE.

" + "documentation":"

The type of incremental run. The only valid value is IMMEDIATE. This appears as \"Automatic\" in the console.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

" } }, - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" + "documentation":"

Optional. An object that defines the incremental run type. This object contains only the incrementalRunType field, which appears as \"Automatic\" in the console.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

" }, "IncrementalRunType":{ "type":"string", @@ -2305,20 +2459,24 @@ "schemaName" ], "members":{ - "applyNormalization":{ - "shape":"Boolean", - "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" - }, "inputSourceARN":{ - "shape":"InputSourceInputSourceARNString", + "shape":"InputSourceARN", "documentation":"

An Glue table Amazon Resource Name (ARN) for the input source table.

" }, "schemaName":{ "shape":"EntityName", "documentation":"

The name of the schema to be retrieved.

" + }, + "applyNormalization":{ + "shape":"Boolean", + "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" } }, - "documentation":"

An object containing InputSourceARN, SchemaName, and ApplyNormalization.

" + "documentation":"

An object containing inputSourceARN, schemaName, and applyNormalization.

" + }, + "InputSourceARN":{ + "type":"string", + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})" }, "InputSourceConfig":{ "type":"list", @@ -2326,10 +2484,6 @@ "max":20, "min":1 }, - "InputSourceInputSourceARNString":{ - "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(idnamespace/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$|^arn:(aws|aws-us-gov|aws-cn):glue:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(table/[a-zA-Z_0-9-]{1,255}/[a-zA-Z_0-9-]{1,255})$" - }, "Integer":{ "type":"integer", "box":true @@ -2358,7 +2512,7 @@ }, "JobId":{ "type":"string", - "pattern":"^[a-f0-9]{32}$" + "pattern":"[a-f0-9]{32}" }, "JobList":{ "type":"list", @@ -2371,42 +2525,46 @@ "shape":"Integer", "documentation":"

The total number of input records.

" }, - "matchIDs":{ + "totalRecordsProcessed":{ "shape":"Integer", - "documentation":"

The total number of matchIDs generated.

" + "documentation":"

The total number of records processed.

" }, "recordsNotProcessed":{ "shape":"Integer", "documentation":"

The total number of records that did not get processed.

" }, - "totalRecordsProcessed":{ + "deleteRecordsProcessed":{ "shape":"Integer", - "documentation":"

The total number of records processed.

" + "documentation":"

The number of records processed that were marked for deletion (DELETE = True) in the input file. This metric tracks records flagged for removal during the job execution.

" + }, + "matchIDs":{ + "shape":"Integer", + "documentation":"

The total number of matchIDs generated.

" } }, - "documentation":"

An object containing InputRecords, TotalRecordsProcessed, MatchIDs, and RecordsNotProcessed.

" + "documentation":"

An object containing inputRecords, totalRecordsProcessed, matchIDs, and recordsNotProcessed.

" }, "JobOutputSource":{ "type":"structure", "required":[ - "outputS3Path", - "roleArn" + "roleArn", + "outputS3Path" ], "members":{ - "KMSArn":{ - "shape":"KMSArn", - "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf as part of workflow execution.

" }, "outputS3Path":{ "shape":"S3Path", "documentation":"

The S3 path to which Entity Resolution will write the output table.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf as part of workflow execution.

" + "KMSArn":{ + "shape":"KMSArn", + "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" } }, - "documentation":"

An object containing KMSArn, OutputS3Path, and RoleArn.

" + "documentation":"

An object containing KMSArn, outputS3Path, and roleArn.

" }, "JobOutputSourceConfig":{ "type":"list", @@ -2427,42 +2585,50 @@ "type":"structure", "required":[ "jobId", - "startTime", - "status" + "status", + "startTime" ], "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

The time at which the job has finished.

" - }, "jobId":{ "shape":"JobId", "documentation":"

The ID of the job.

" }, + "status":{ + "shape":"JobStatus", + "documentation":"

The current status of the job.

" + }, "startTime":{ "shape":"Timestamp", "documentation":"

The time at which the job was started.

" }, - "status":{ - "shape":"JobStatus", - "documentation":"

The current status of the job.

" + "endTime":{ + "shape":"Timestamp", + "documentation":"

The time at which the job has finished.

" } }, - "documentation":"

An object containing the JobId, Status, StartTime, and EndTime of a job.

" + "documentation":"

An object containing the jobId, status, startTime, and endTime of a job.

" + }, + "JobType":{ + "type":"string", + "enum":[ + "BATCH", + "INCREMENTAL", + "DELETE_ONLY" + ] }, "KMSArn":{ "type":"string", - "pattern":"^arn:aws:kms:.*:[0-9]+:.*$" + "pattern":"arn:aws:kms:.*:[0-9]+:.*" }, "ListIdMappingJobsInput":{ "type":"structure", "required":["workflowName"], "members":{ - "maxResults":{ - "shape":"ListIdMappingJobsInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" + "workflowName":{ + "shape":"EntityNameOrIdMappingWorkflowArn", + "documentation":"

The name of the workflow to be retrieved.

", + "location":"uri", + "locationName":"workflowName" }, "nextToken":{ "shape":"NextToken", @@ -2470,11 +2636,11 @@ "location":"querystring", "locationName":"nextToken" }, - "workflowName":{ - "shape":"EntityNameOrIdMappingWorkflowArn", - "documentation":"

The name of the workflow to be retrieved.

", - "location":"uri", - "locationName":"workflowName" + "maxResults":{ + "shape":"ListIdMappingJobsInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2500,17 +2666,17 @@ "ListIdMappingWorkflowsInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListIdMappingWorkflowsInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListIdMappingWorkflowsInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2522,30 +2688,30 @@ "ListIdMappingWorkflowsOutput":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

The pagination token from the previous API call.

" - }, "workflowSummaries":{ "shape":"IdMappingWorkflowList", "documentation":"

A list of IdMappingWorkflowSummary objects.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from the previous API call.

" } } }, "ListIdNamespacesInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListIdNamespacesInputMaxResultsInteger", - "documentation":"

The maximum number of IdNamespace objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListIdNamespacesInputMaxResultsInteger", + "documentation":"

The maximum number of IdNamespace objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2571,11 +2737,11 @@ "type":"structure", "required":["workflowName"], "members":{ - "maxResults":{ - "shape":"ListMatchingJobsInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow to be retrieved.

", + "location":"uri", + "locationName":"workflowName" }, "nextToken":{ "shape":"NextToken", @@ -2583,11 +2749,11 @@ "location":"querystring", "locationName":"nextToken" }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow to be retrieved.

", - "location":"uri", - "locationName":"workflowName" + "maxResults":{ + "shape":"ListMatchingJobsInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2613,17 +2779,17 @@ "ListMatchingWorkflowsInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListMatchingWorkflowsInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListMatchingWorkflowsInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2635,31 +2801,31 @@ "ListMatchingWorkflowsOutput":{ "type":"structure", "members":{ + "workflowSummaries":{ + "shape":"MatchingWorkflowList", + "documentation":"

A list of MatchingWorkflowSummary objects, each of which contain the fields workflowName, workflowArn, resolutionType, createdAt, and updatedAt.

" + }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

" - }, - "workflowSummaries":{ - "shape":"MatchingWorkflowList", - "documentation":"

A list of MatchingWorkflowSummary objects, each of which contain the fields WorkflowName, WorkflowArn, CreatedAt, and UpdatedAt.

" } } }, "ListProviderServicesInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListProviderServicesInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

", "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"ListProviderServicesInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" + }, "providerName":{ "shape":"EntityName", "documentation":"

The name of the provider. This name is typically the company name.

", @@ -2677,30 +2843,30 @@ "ListProviderServicesOutput":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

The pagination token from the previous API call.

" - }, "providerServiceSummaries":{ "shape":"ProviderServiceList", "documentation":"

A list of ProviderServices objects.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from the previous API call.

" } } }, "ListSchemaMappingsInput":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListSchemaMappingsInputMaxResultsInteger", - "documentation":"

The maximum number of objects returned per page.

", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

The pagination token from the previous API call.

", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListSchemaMappingsInputMaxResultsInteger", + "documentation":"

The maximum number of objects returned per page.

", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -2712,13 +2878,13 @@ "ListSchemaMappingsOutput":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

The pagination token from the previous API call.

" - }, "schemaList":{ "shape":"SchemaMappingList", "documentation":"

A list of SchemaMappingSummary objects, each of which contain the fields SchemaName, SchemaArn, CreatedAt, UpdatedAt.

" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token from the previous API call.

" } } }, @@ -2744,6 +2910,33 @@ } } }, + "MatchGroup":{ + "type":"structure", + "required":[ + "records", + "matchId", + "matchRule" + ], + "members":{ + "records":{ + "shape":"MatchedRecordsList", + "documentation":"

The matched records.

" + }, + "matchId":{ + "shape":"String", + "documentation":"

The match ID.

" + }, + "matchRule":{ + "shape":"String", + "documentation":"

The match rule of the match group.

" + } + }, + "documentation":"

The match group.

" + }, + "MatchGroupsList":{ + "type":"list", + "member":{"shape":"MatchGroup"} + }, "MatchPurpose":{ "type":"string", "enum":[ @@ -2751,9 +2944,31 @@ "INDEXING" ] }, + "MatchedRecord":{ + "type":"structure", + "required":[ + "inputSourceARN", + "recordId" + ], + "members":{ + "inputSourceARN":{ + "shape":"InputSourceARN", + "documentation":"

The input source ARN of the matched record.

" + }, + "recordId":{ + "shape":"String", + "documentation":"

The record ID of the matched record.

" + } + }, + "documentation":"

The matched record.

" + }, + "MatchedRecordsList":{ + "type":"list", + "member":{"shape":"MatchedRecord"} + }, "MatchingWorkflowArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(matchingworkflow/[a-zA-Z_0-9-]{1,255})" }, "MatchingWorkflowList":{ "type":"list", @@ -2762,69 +2977,69 @@ "MatchingWorkflowSummary":{ "type":"structure", "required":[ + "workflowName", + "workflowArn", "createdAt", - "resolutionType", "updatedAt", - "workflowArn", - "workflowName" + "resolutionType" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"MatchingWorkflowArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" + }, "createdAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the workflow was created.

" }, - "resolutionType":{ - "shape":"ResolutionType", - "documentation":"

The method that has been specified for data matching, either using matching provided by Entity Resolution or through a provider service.

" - }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the workflow was last updated.

" }, - "workflowArn":{ - "shape":"MatchingWorkflowArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the MatchingWorkflow.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" + "resolutionType":{ + "shape":"ResolutionType", + "documentation":"

The method that has been specified for data matching, either using matching provided by Entity Resolution or through a provider service.

" } }, - "documentation":"

A list of MatchingWorkflowSummary objects, each of which contain the fields WorkflowName, WorkflowArn, CreatedAt, UpdatedAt.

" + "documentation":"

A list of MatchingWorkflowSummary objects, each of which contain the fields workflowName, workflowArn, resolutionType, createdAt, updatedAt.

" }, "NamespaceProviderProperties":{ "type":"structure", "required":["providerServiceArn"], "members":{ - "providerConfiguration":{ - "shape":"Document", - "documentation":"

An object which defines any additional configurations required by the provider service.

" - }, "providerServiceArn":{ "shape":"ProviderServiceArn", "documentation":"

The Amazon Resource Name (ARN) of the provider service.

" + }, + "providerConfiguration":{ + "shape":"Document", + "documentation":"

An object which defines any additional configurations required by the provider service.

" } }, - "documentation":"

An object containing ProviderConfiguration and ProviderServiceArn.

" + "documentation":"

An object containing providerConfiguration and providerServiceArn.

" }, "NamespaceRuleBasedProperties":{ "type":"structure", "members":{ + "rules":{ + "shape":"NamespaceRuleBasedPropertiesRulesList", + "documentation":"

The rules for the ID namespace.

" + }, + "ruleDefinitionTypes":{ + "shape":"IdMappingWorkflowRuleDefinitionTypeList", + "documentation":"

The sets of rules you can use in an ID mapping workflow. The limitations specified for the source and target must be compatible.

" + }, "attributeMatchingModel":{ "shape":"AttributeMatchingModel", - "documentation":"

The comparison type. You can either choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A matches the value of BusinessEmail field of Profile B, the two profiles are matched on the Email attribute type.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

" + "documentation":"

The comparison type. You can either choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A matches the value of BusinessEmail field of Profile B, the two profiles are matched on the Email attribute type.

" }, "recordMatchingModels":{ "shape":"RecordMatchingModelList", "documentation":"

The type of matching record that is allowed to be used in an ID mapping workflow.

If the value is set to ONE_SOURCE_TO_ONE_TARGET, only one record in the source is matched to one record in the target.

If the value is set to MANY_SOURCE_TO_ONE_TARGET, all matching records in the source are matched to one record in the target.

" - }, - "ruleDefinitionTypes":{ - "shape":"IdMappingWorkflowRuleDefinitionTypeList", - "documentation":"

The sets of rules you can use in an ID mapping workflow. The limitations specified for the source and target must be compatible.

" - }, - "rules":{ - "shape":"NamespaceRuleBasedPropertiesRulesList", - "documentation":"

The rules for the ID namespace.

" } }, "documentation":"

The rule-based properties of an ID namespace. These properties define how the ID namespace can be used in an ID mapping workflow.

" @@ -2839,19 +3054,19 @@ "type":"string", "max":1024, "min":1, - "pattern":"^[a-zA-Z_0-9-=+/]*$" + "pattern":"[a-zA-Z_0-9-=+/]*" }, "OutputAttribute":{ "type":"structure", "required":["name"], "members":{ - "hashed":{ - "shape":"Boolean", - "documentation":"

Enables the ability to hash the column values in the output.

" - }, "name":{ "shape":"AttributeName", "documentation":"

A name of a column to be written to the output. This must be an InputField name in the schema mapping.

" + }, + "hashed":{ + "shape":"Boolean", + "documentation":"

Enables the ability to hash the column values in the output.

" } }, "documentation":"

A list of OutputAttribute objects, each of which have the fields Name and Hashed. Each of these objects selects a column to be included in the output table, and whether the values of the column should be hashed.

" @@ -2859,25 +3074,25 @@ "OutputSource":{ "type":"structure", "required":[ - "output", - "outputS3Path" + "outputS3Path", + "output" ], "members":{ + "outputS3Path":{ + "shape":"S3Path", + "documentation":"

The S3 path to which Entity Resolution will write the output table.

" + }, "KMSArn":{ "shape":"KMSArn", "documentation":"

Customer KMS ARN for encryption at rest. If not provided, system will use an Entity Resolution managed KMS key.

" }, - "applyNormalization":{ - "shape":"Boolean", - "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" - }, "output":{ "shape":"OutputSourceOutputList", "documentation":"

A list of OutputAttribute objects, each of which have the fields Name and Hashed. Each of these objects selects a column to be included in the output table, and whether the values of the column should be hashed.

" }, - "outputS3Path":{ - "shape":"S3Path", - "documentation":"

The S3 path to which Entity Resolution will write the output table.

" + "applyNormalization":{ + "shape":"Boolean", + "documentation":"

Normalizes the attributes defined in the schema in the input data. For example, if an attribute has an AttributeType of PHONE_NUMBER, and the data in the input table is in a format of 1234567890, Entity Resolution will normalize this field in the output to (123)-456-7890.

" } }, "documentation":"

A list of OutputAttribute objects, each of which have the fields Name and Hashed. Each of these objects selects a column to be included in the output table, and whether the values of the column should be hashed.

" @@ -2903,18 +3118,26 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" + "pattern":"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" + }, + "ProcessingType":{ + "type":"string", + "enum":[ + "CONSISTENT", + "EVENTUAL", + "EVENTUAL_NO_LOOKUP" + ] }, "ProviderComponentSchema":{ "type":"structure", "members":{ - "providerSchemaAttributes":{ - "shape":"ProviderSchemaAttributes", - "documentation":"

The provider schema attributes.

" - }, "schemas":{ "shape":"Schemas", "documentation":"

Input schema for the provider service.

" + }, + "providerSchemaAttributes":{ + "shape":"ProviderSchemaAttributes", + "documentation":"

The provider schema attributes.

" } }, "documentation":"

The input schema supported by provider service.

" @@ -2937,13 +3160,13 @@ "shape":"String", "documentation":"

The description of the ID namespace.

" }, - "providerSourceConfigurationDefinition":{ - "shape":"Document", - "documentation":"

Configurations required for the source ID namespace.

" - }, "providerTargetConfigurationDefinition":{ "shape":"Document", "documentation":"

Configurations required for the target ID namespace.

" + }, + "providerSourceConfigurationDefinition":{ + "shape":"Document", + "documentation":"

Configurations required for the source ID namespace.

" } }, "documentation":"

The provider configuration required for different ID namespace types.

" @@ -2965,27 +3188,27 @@ "ProviderMarketplaceConfiguration":{ "type":"structure", "required":[ - "assetId", "dataSetId", - "listingId", - "revisionId" + "revisionId", + "assetId", + "listingId" ], "members":{ - "assetId":{ - "shape":"String", - "documentation":"

The asset ID on Data Exchange.

" - }, "dataSetId":{ "shape":"String", "documentation":"

The dataset ID on Data Exchange.

" }, - "listingId":{ - "shape":"String", - "documentation":"

The listing ID on Data Exchange.

" - }, "revisionId":{ "shape":"String", "documentation":"

The revision ID on Data Exchange.

" + }, + "assetId":{ + "shape":"String", + "documentation":"

The asset ID on Data Exchange.

" + }, + "listingId":{ + "shape":"String", + "documentation":"

The listing ID on Data Exchange.

" } }, "documentation":"

The identifiers of the provider service, from Data Exchange.

" @@ -2994,17 +3217,17 @@ "type":"structure", "required":["providerServiceArn"], "members":{ - "intermediateSourceConfiguration":{ - "shape":"IntermediateSourceConfiguration", - "documentation":"

The Amazon S3 location that temporarily stores your data while it processes. Your information won't be saved permanently.

" + "providerServiceArn":{ + "shape":"ProviderServiceArn", + "documentation":"

The ARN of the provider service.

" }, "providerConfiguration":{ "shape":"Document", "documentation":"

The required configuration fields to use with the provider service.

" }, - "providerServiceArn":{ - "shape":"ProviderServiceArn", - "documentation":"

The ARN of the provider service.

" + "intermediateSourceConfiguration":{ + "shape":"IntermediateSourceConfiguration", + "documentation":"

The Amazon S3 location that temporarily stores your data while it processes. Your information won't be saved permanently.

" } }, "documentation":"

An object containing the providerServiceARN, intermediateSourceConfiguration, and providerConfiguration.

" @@ -3020,17 +3243,17 @@ "shape":"AttributeName", "documentation":"

The field name.

" }, - "hashing":{ - "shape":"Boolean", - "documentation":"

The hashing attribute of the provider schema.

" + "type":{ + "shape":"SchemaAttributeType", + "documentation":"

The type of the provider schema attribute.

LiveRamp supports: NAME | NAME_FIRST | NAME_MIDDLE | NAME_LAST | ADDRESS | ADDRESS_STREET1 | ADDRESS_STREET2 | ADDRESS_STREET3 | ADDRESS_CITY | ADDRESS_STATE | ADDRESS_COUNTRY | ADDRESS_POSTALCODE | PHONE | PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID | PROVIDER_ID

TransUnion supports: NAME | NAME_FIRST | NAME_LAST | ADDRESS | ADDRESS_CITY | ADDRESS_STATE | ADDRESS_COUNTRY | ADDRESS_POSTALCODE | PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID | DATE | IPV4 | IPV6 | MAID

Unified ID 2.0 supports: PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID

" }, "subType":{ "shape":"AttributeName", "documentation":"

The sub type of the provider schema attribute.

" }, - "type":{ - "shape":"SchemaAttributeType", - "documentation":"

The type of the provider schema attribute.

" + "hashing":{ + "shape":"Boolean", + "documentation":"

The hashing attribute of the provider schema.

" } }, "documentation":"

The provider schema attribute.

" @@ -3043,7 +3266,7 @@ "type":"string", "max":255, "min":20, - "pattern":"^arn:(aws|aws-us-gov|aws-cn):(entityresolution):([a-z]{2}-[a-z]{1,10}-[0-9])::providerservice/([a-zA-Z0-9_-]{1,255})/([a-zA-Z0-9_-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):(entityresolution):([a-z]{2}-[a-z]{1,10}-[0-9])::providerservice/([a-zA-Z0-9_-]{1,255})/([a-zA-Z0-9_-]{1,255})" }, "ProviderServiceDisplayName":{ "type":"string", @@ -3057,21 +3280,21 @@ "ProviderServiceSummary":{ "type":"structure", "required":[ - "providerName", "providerServiceArn", + "providerName", "providerServiceDisplayName", "providerServiceName", "providerServiceType" ], "members":{ - "providerName":{ - "shape":"EntityName", - "documentation":"

The name of the provider. This name is typically the company name.

" - }, "providerServiceArn":{ "shape":"ProviderServiceArn", "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the providerService.

" }, + "providerName":{ + "shape":"EntityName", + "documentation":"

The name of the provider. This name is typically the company name.

" + }, "providerServiceDisplayName":{ "shape":"ProviderServiceDisplayName", "documentation":"

The display name of the provider service.

" @@ -3100,13 +3323,13 @@ "location":"uri", "locationName":"arn" }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

The resource-based policy.

If you set the value of the effect parameter in the policy to Deny for the PutPolicy operation, you must also set the value of the effect parameter to Deny for the AddPolicyStatement operation.

" - }, "token":{ "shape":"PolicyToken", "documentation":"

A unique identifier for the current revision of the policy.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy.

If you set the value of the effect parameter in the policy to Deny for the PutPolicy operation, you must also set the value of the effect parameter to Deny for the AddPolicyStatement operation.

" } } }, @@ -3121,16 +3344,39 @@ "shape":"VeniceGlobalArn", "documentation":"

The Entity Resolution resource ARN.

" }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

The resource-based policy.

" - }, "token":{ "shape":"PolicyToken", "documentation":"

A unique identifier for the current revision of the policy.

" + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

The resource-based policy.

" } } }, + "Record":{ + "type":"structure", + "required":[ + "inputSourceARN", + "uniqueId", + "recordAttributeMap" + ], + "members":{ + "inputSourceARN":{ + "shape":"InputSourceARN", + "documentation":"

The input source ARN of the record.

" + }, + "uniqueId":{ + "shape":"UniqueId", + "documentation":"

The unique ID of the record.

" + }, + "recordAttributeMap":{ + "shape":"RecordAttributeMapString255", + "documentation":"

The record's attribute map.

" + } + }, + "documentation":"

The record.

" + }, "RecordAttributeMap":{ "type":"map", "key":{"shape":"RecordAttributeMapKeyString"}, @@ -3141,13 +3387,29 @@ "type":"string", "max":255, "min":0, - "pattern":"^[a-zA-Z_0-9- \\t]*$" + "pattern":"[a-zA-Z_0-9- \\t]*" + }, + "RecordAttributeMapString255":{ + "type":"map", + "key":{"shape":"RecordAttributeMapString255KeyString"}, + "value":{"shape":"RecordAttributeMapString255ValueString"}, + "sensitive":true + }, + "RecordAttributeMapString255KeyString":{ + "type":"string", + "max":255, + "min":0 + }, + "RecordAttributeMapString255ValueString":{ + "type":"string", + "max":255, + "min":0 }, "RecordAttributeMapValueString":{ "type":"string", "max":255, "min":0, - "pattern":"^[a-zA-Z_0-9-./@ ()+\\t]*$" + "pattern":"[a-zA-Z_0-9-./@ ()+\\t]*" }, "RecordMatchingModel":{ "type":"string", @@ -3168,17 +3430,21 @@ "type":"structure", "required":["resolutionType"], "members":{ - "providerProperties":{ - "shape":"ProviderProperties", - "documentation":"

The properties of the provider service.

" - }, "resolutionType":{ "shape":"ResolutionType", - "documentation":"

The type of matching. There are three types of matching: RULE_MATCHING, ML_MATCHING, and PROVIDER.

" + "documentation":"

The type of matching workflow to create. Specify one of the following types:

  • RULE_MATCHING: Match records using configurable rule-based criteria

  • ML_MATCHING: Match records using machine learning models

  • PROVIDER: Match records using a third-party matching provider

" }, "ruleBasedProperties":{ "shape":"RuleBasedProperties", - "documentation":"

An object which defines the list of matching rules to run and has a field Rules, which is a list of rule objects.

" + "documentation":"

An object which defines the list of matching rules to run and has a field rules, which is a list of rule objects.

" + }, + "ruleConditionProperties":{ + "shape":"RuleConditionProperties", + "documentation":"

An object containing the rules for a matching workflow.

" + }, + "providerProperties":{ + "shape":"ProviderProperties", + "documentation":"

The properties of the provider service.

" } }, "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" @@ -3196,7 +3462,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

The resource could not be found.

", + "documentation":"

The resource couldn't be found.

", "error":{ "httpStatusCode":404, "senderFault":true @@ -3207,47 +3473,47 @@ "type":"string", "max":512, "min":32, - "pattern":"^arn:aws:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "Rule":{ "type":"structure", "required":[ - "matchingKeys", - "ruleName" + "ruleName", + "matchingKeys" ], "members":{ - "matchingKeys":{ - "shape":"RuleMatchingKeysList", - "documentation":"

A list of MatchingKeys. The MatchingKeys must have been defined in the SchemaMapping. Two records are considered to match according to this rule if all of the MatchingKeys match.

" - }, "ruleName":{ "shape":"RuleRuleNameString", "documentation":"

A name for the matching rule.

" + }, + "matchingKeys":{ + "shape":"RuleMatchingKeysList", + "documentation":"

A list of MatchingKeys. The MatchingKeys must have been defined in the SchemaMapping. Two records are considered to match according to this rule if all of the MatchingKeys match.

" } }, - "documentation":"

An object containing RuleName, and MatchingKeys.

" + "documentation":"

An object containing the ruleName and matchingKeys.

" }, "RuleBasedProperties":{ "type":"structure", "required":[ - "attributeMatchingModel", - "rules" + "rules", + "attributeMatchingModel" ], "members":{ + "rules":{ + "shape":"RuleBasedPropertiesRulesList", + "documentation":"

A list of Rule objects, each of which have fields RuleName and MatchingKeys.

" + }, "attributeMatchingModel":{ "shape":"AttributeMatchingModel", - "documentation":"

The comparison type. You can either choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A and the value of BusinessEmail field of Profile B matches, the two profiles are matched on the Email attribute type.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

" + "documentation":"

The comparison type. You can choose ONE_TO_ONE or MANY_TO_MANY as the attributeMatchingModel.

If you choose ONE_TO_ONE, the system can only match attributes if the sub-types are an exact match. For example, for the Email attribute type, the system will only consider it a match if the value of the Email field of Profile A matches the value of the Email field of Profile B.

If you choose MANY_TO_MANY, the system can match attributes across the sub-types of an attribute type. For example, if the value of the Email field of Profile A and the value of BusinessEmail field of Profile B matches, the two profiles are matched on the Email attribute type.

" }, "matchPurpose":{ "shape":"MatchPurpose", "documentation":"

An indicator of whether to generate IDs and index the data or not.

If you choose IDENTIFIER_GENERATION, the process generates IDs and indexes the data.

If you choose INDEXING, the process indexes the data without generating IDs.

" - }, - "rules":{ - "shape":"RuleBasedPropertiesRulesList", - "documentation":"

A list of Rule objects, each of which have fields RuleName and MatchingKeys.

" } }, - "documentation":"

An object which defines the list of matching rules to run in a matching workflow. RuleBasedProperties contain a Rules field, which is a list of rule objects.

" + "documentation":"

An object which defines the list of matching rules to run in a matching workflow.

" }, "RuleBasedPropertiesRulesList":{ "type":"list", @@ -3255,23 +3521,69 @@ "max":25, "min":1 }, + "RuleCondition":{ + "type":"structure", + "required":[ + "ruleName", + "condition" + ], + "members":{ + "ruleName":{ + "shape":"RuleConditionRuleNameString", + "documentation":"

A name for the matching rule.

For example: Rule1

" + }, + "condition":{ + "shape":"RuleConditionConditionString", + "documentation":"

A statement that specifies the conditions for a matching rule.

If your data is accurate, use an Exact matching function: Exact or ExactManyToMany.

If your data has variations in spelling or pronunciation, use a Fuzzy matching function: Cosine, Levenshtein, or Soundex.

Use operators if you want to combine (AND), separate (OR), or group matching functions (...).

For example: (Cosine(a, 10) AND Exact(b, true)) OR ExactManyToMany(c, d)

" + } + }, + "documentation":"

An object that defines the ruleCondition and the ruleName to use in a matching workflow.

" + }, + "RuleConditionConditionString":{ + "type":"string", + "max":2048, + "min":0 + }, + "RuleConditionProperties":{ + "type":"structure", + "required":["rules"], + "members":{ + "rules":{ + "shape":"RuleConditionPropertiesRulesList", + "documentation":"

A list of rule objects, each of which have fields ruleName and condition.

" + } + }, + "documentation":"

The properties of a rule condition that provides the ability to use more complex syntax.

" + }, + "RuleConditionPropertiesRulesList":{ + "type":"list", + "member":{"shape":"RuleCondition"}, + "max":25, + "min":1 + }, + "RuleConditionRuleNameString":{ + "type":"string", + "max":255, + "min":0, + "pattern":"[a-zA-Z_0-9- ]*" + }, "RuleMatchingKeysList":{ "type":"list", "member":{"shape":"AttributeName"}, "max":15, - "min":1 + "min":0 }, "RuleRuleNameString":{ "type":"string", "max":255, "min":0, - "pattern":"^[a-zA-Z_0-9- \\t]*$" + "pattern":"[a-zA-Z_0-9- ]*" }, "S3Path":{ "type":"string", "max":1024, "min":1, - "pattern":"^s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?$" + "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?" }, "SchemaAttributeType":{ "type":"string", @@ -3295,7 +3607,10 @@ "UNIQUE_ID", "DATE", "STRING", - "PROVIDER_ID" + "PROVIDER_ID", + "IPV4", + "IPV6", + "MAID" ] }, "SchemaInputAttribute":{ @@ -3309,13 +3624,13 @@ "shape":"AttributeName", "documentation":"

A string containing the field name.

" }, + "type":{ + "shape":"SchemaAttributeType", + "documentation":"

The type of the attribute, selected from a list of values.

LiveRamp supports: NAME | NAME_FIRST | NAME_MIDDLE | NAME_LAST | ADDRESS | ADDRESS_STREET1 | ADDRESS_STREET2 | ADDRESS_STREET3 | ADDRESS_CITY | ADDRESS_STATE | ADDRESS_COUNTRY | ADDRESS_POSTALCODE | PHONE | PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID | PROVIDER_ID

TransUnion supports: NAME | NAME_FIRST | NAME_LAST | ADDRESS | ADDRESS_CITY | ADDRESS_STATE | ADDRESS_COUNTRY | ADDRESS_POSTALCODE | PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID | IPV4 | IPV6 | MAID

Unified ID 2.0 supports: PHONE_NUMBER | EMAIL_ADDRESS | UNIQUE_ID

Normalization is only supported for NAME, ADDRESS, PHONE, and EMAIL_ADDRESS.

If you want to normalize NAME_FIRST, NAME_MIDDLE, and NAME_LAST, you must group them by assigning them to the NAME groupName.

If you want to normalize ADDRESS_STREET1, ADDRESS_STREET2, ADDRESS_STREET3, ADDRESS_CITY, ADDRESS_STATE, ADDRESS_COUNTRY, and ADDRESS_POSTALCODE, you must group them by assigning them to the ADDRESS groupName.

If you want to normalize PHONE_NUMBER and PHONE_COUNTRYCODE, you must group them by assigning them to the PHONE groupName.

" + }, "groupName":{ "shape":"AttributeName", - "documentation":"

A string that instructs Entity Resolution to combine several columns into a unified column with the identical attribute type.

For example, when working with columns such as first_name, middle_name, and last_name, assigning them a common groupName will prompt Entity Resolution to concatenate them into a single value.

" - }, - "hashed":{ - "shape":"Boolean", - "documentation":"

Indicates if the column values are hashed in the schema input. If the value is set to TRUE, the column values are hashed. If the value is set to FALSE, the column values are cleartext.

" + "documentation":"

A string that instructs Entity Resolution to combine several columns into a unified column with the identical attribute type.

For example, when working with columns such as NAME_FIRST, NAME_MIDDLE, and NAME_LAST, assigning them a common groupName will prompt Entity Resolution to concatenate them into a single value.

" }, "matchKey":{ "shape":"AttributeName", @@ -3325,12 +3640,12 @@ "shape":"AttributeName", "documentation":"

The subtype of the attribute, selected from a list of values.

" }, - "type":{ - "shape":"SchemaAttributeType", - "documentation":"

The type of the attribute, selected from a list of values.

" + "hashed":{ + "shape":"Boolean", + "documentation":"

Indicates if the column values are hashed in the schema input.

If the value is set to TRUE, the column values are hashed.

If the value is set to FALSE, the column values are cleartext.

" } }, - "documentation":"

An object containing FieldName, Type, GroupName, MatchKey, Hashing, and SubType.

" + "documentation":"

A configuration object for defining input data fields in Entity Resolution. The SchemaInputAttribute specifies how individual fields in your input data should be processed and matched.

" }, "SchemaInputAttributes":{ "type":"list", @@ -3344,7 +3659,7 @@ }, "SchemaMappingArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(schemamapping/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:(schemamapping/[a-zA-Z_0-9-]{1,255})" }, "SchemaMappingList":{ "type":"list", @@ -3353,35 +3668,35 @@ "SchemaMappingSummary":{ "type":"structure", "required":[ - "createdAt", - "hasWorkflows", - "schemaArn", "schemaName", - "updatedAt" + "schemaArn", + "createdAt", + "updatedAt", + "hasWorkflows" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the SchemaMapping was created.

" - }, - "hasWorkflows":{ - "shape":"Boolean", - "documentation":"

Specifies whether the schema mapping has been applied to a workflow.

" + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema.

" }, "schemaArn":{ "shape":"SchemaMappingArn", "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema.

" + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the SchemaMapping was created.

" }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the SchemaMapping was last updated.

" + }, + "hasWorkflows":{ + "shape":"Boolean", + "documentation":"

Specifies whether the schema mapping has been applied to a workflow.

" } }, - "documentation":"

An object containing SchemaName, SchemaArn, CreatedAt, andUpdatedAt.

" + "documentation":"

An object containing schemaName, schemaArn, createdAt, updatedAt, and hasWorkflows.

" }, "Schemas":{ "type":"list", @@ -3398,15 +3713,19 @@ "type":"structure", "required":["workflowName"], "members":{ - "outputSourceConfig":{ - "shape":"IdMappingJobOutputSourceConfig", - "documentation":"

A list of OutputSource objects.

" - }, "workflowName":{ "shape":"EntityNameOrIdMappingWorkflowArn", "documentation":"

The name of the ID mapping job to be retrieved.

", "location":"uri", "locationName":"workflowName" + }, + "outputSourceConfig":{ + "shape":"IdMappingJobOutputSourceConfig", + "documentation":"

A list of OutputSource objects.

" + }, + "jobType":{ + "shape":"JobType", + "documentation":"

The job type for the ID mapping job.

If the jobType value is set to INCREMENTAL, only new or changed data is processed since the last job run. This is the default value if the CreateIdMappingWorkflow API is configured with an incrementalRunConfig.

If the jobType value is set to BATCH, all data is processed from the input source, regardless of previous job runs. This is the default value if the CreateIdMappingWorkflow API isn't configured with an incrementalRunConfig.

If the jobType value is set to DELETE_ONLY, only deletion requests from BatchDeleteUniqueIds are processed.

" } } }, @@ -3421,6 +3740,10 @@ "outputSourceConfig":{ "shape":"IdMappingJobOutputSourceConfig", "documentation":"

A list of OutputSource objects.

" + }, + "jobType":{ + "shape":"JobType", + "documentation":"

The job type for the started ID mapping job.

A value of INCREMENTAL indicates that only new or changed data was processed since the last job run. This is the default job type if the workflow was created with an incrementalRunConfig.

A value of BATCH indicates that all data was processed from the input source, regardless of previous job runs. This is the default job type if the workflow wasn't created with an incrementalRunConfig.

A value of DELETE_ONLY indicates that only deletion requests from BatchDeleteUniqueIds were processed.

" } } }, @@ -3450,7 +3773,7 @@ "type":"string", "max":64, "min":3, - "pattern":"^(entityresolution:[a-zA-Z0-9]+)$" + "pattern":"(entityresolution:[a-zA-Z0-9]+)" }, "StatementActionList":{ "type":"list", @@ -3473,13 +3796,13 @@ "type":"string", "max":64, "min":1, - "pattern":"^[0-9A-Za-z]+$" + "pattern":"[0-9A-Za-z]+" }, "StatementPrincipal":{ "type":"string", "max":64, "min":12, - "pattern":"^(\\d{12})|([a-z0-9\\.]+)$" + "pattern":"(\\d{12})|([a-z0-9\\.]+)" }, "StatementPrincipalList":{ "type":"list", @@ -3526,8 +3849,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3550,13 +3872,13 @@ "Timestamp":{"type":"timestamp"}, "UniqueId":{ "type":"string", - "max":760, + "max":38, "min":1, - "pattern":"^[a-zA-Z_0-9-+=/,]*$" + "pattern":"[a-zA-Z0-9_-]*" }, "UniqueIdList":{ "type":"list", - "member":{"shape":"UniqueId"} + "member":{"shape":"HeaderSafeUniqueId"} }, "UntagResourceInput":{ "type":"structure", @@ -3581,81 +3903,88 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIdMappingWorkflowInput":{ "type":"structure", "required":[ - "idMappingTechniques", + "workflowName", "inputSourceConfig", - "workflowName" + "idMappingTechniques" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

", + "location":"uri", + "locationName":"workflowName" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "idMappingTechniques":{ - "shape":"IdMappingTechniques", - "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" - }, "inputSourceConfig":{ "shape":"IdMappingWorkflowInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"IdMappingWorkflowOutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path and KMSArn.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path and KMSArn.

" + }, + "idMappingTechniques":{ + "shape":"IdMappingTechniques", + "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" + }, + "incrementalRunConfig":{ + "shape":"IdMappingIncrementalRunConfig", + "documentation":"

The incremental run configuration for the update ID mapping workflow.

" }, "roleArn":{ "shape":"IdMappingRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

", - "location":"uri", - "locationName":"workflowName" } } }, "UpdateIdMappingWorkflowOutput":{ "type":"structure", "required":[ - "idMappingTechniques", - "inputSourceConfig", + "workflowName", "workflowArn", - "workflowName" + "inputSourceConfig", + "idMappingTechniques" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, + "workflowArn":{ + "shape":"IdMappingWorkflowArn", + "documentation":"

The Amazon Resource Name (ARN) of the workflow role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "idMappingTechniques":{ - "shape":"IdMappingTechniques", - "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" - }, "inputSourceConfig":{ "shape":"IdMappingWorkflowInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"IdMappingWorkflowOutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path and KMSArn.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path and KMSArn.

" + }, + "idMappingTechniques":{ + "shape":"IdMappingTechniques", + "documentation":"

An object which defines the ID mapping technique and any additional configurations.

" + }, + "incrementalRunConfig":{ + "shape":"IdMappingIncrementalRunConfig", + "documentation":"

The incremental run configuration for the update ID mapping workflow output.

" }, "roleArn":{ "shape":"IdMappingRoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" - }, - "workflowArn":{ - "shape":"IdMappingWorkflowArn", - "documentation":"

The Amazon Resource Name (ARN) of the workflow role. Entity Resolution assumes this role to access Amazon Web Services resources on your behalf.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } } }, @@ -3663,24 +3992,24 @@ "type":"structure", "required":["idNamespaceName"], "members":{ - "description":{ - "shape":"Description", - "documentation":"

The description of the ID namespace.

" - }, - "idMappingWorkflowProperties":{ - "shape":"IdNamespaceIdMappingWorkflowPropertiesList", - "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" - }, "idNamespaceName":{ "shape":"EntityName", "documentation":"

The name of the ID namespace.

", "location":"uri", "locationName":"idNamespaceName" }, + "description":{ + "shape":"Description", + "documentation":"

The description of the ID namespace.

" + }, "inputSourceConfig":{ "shape":"IdNamespaceInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, + "idMappingWorkflowProperties":{ + "shape":"IdNamespaceIdMappingWorkflowPropertiesList", + "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" + }, "roleArn":{ "shape":"RoleArn", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in this IdNamespace on your behalf as part of a workflow run.

" @@ -3690,45 +4019,45 @@ "UpdateIdNamespaceOutput":{ "type":"structure", "required":[ - "createdAt", - "idNamespaceArn", "idNamespaceName", + "idNamespaceArn", "type", + "createdAt", "updatedAt" ], "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

The timestamp of when the ID namespace was created.

" - }, - "description":{ - "shape":"Description", - "documentation":"

The description of the ID namespace.

" - }, - "idMappingWorkflowProperties":{ - "shape":"IdNamespaceIdMappingWorkflowPropertiesList", - "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" + "idNamespaceName":{ + "shape":"EntityName", + "documentation":"

The name of the ID namespace.

" }, "idNamespaceArn":{ "shape":"IdNamespaceArn", "documentation":"

The Amazon Resource Name (ARN) of the ID namespace.

" }, - "idNamespaceName":{ - "shape":"EntityName", - "documentation":"

The name of the ID namespace.

" + "description":{ + "shape":"Description", + "documentation":"

The description of the ID namespace.

" }, "inputSourceConfig":{ "shape":"IdNamespaceInputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, - "roleArn":{ - "shape":"RoleArn", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in this IdNamespace on your behalf as part of a workflow run.

" + "idMappingWorkflowProperties":{ + "shape":"IdNamespaceIdMappingWorkflowPropertiesList", + "documentation":"

Determines the properties of IdMappingWorkflow where this IdNamespace can be used as a Source or a Target.

" }, "type":{ "shape":"IdNamespaceType", "documentation":"

The type of ID namespace. There are two types: SOURCE and TARGET.

The SOURCE contains configurations for sourceId data that will be processed in an ID mapping workflow.

The TARGET contains a configuration of targetId to which all sourceIds will resolve to.

" }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to access the resources defined in this IdNamespace on your behalf as part of a workflow run.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the ID namespace was created.

" + }, "updatedAt":{ "shape":"Timestamp", "documentation":"

The timestamp of when the ID namespace was last updated.

" @@ -3738,92 +4067,98 @@ "UpdateMatchingWorkflowInput":{ "type":"structure", "required":[ + "workflowName", "inputSourceConfig", "outputSourceConfig", "resolutionTechniques", - "roleArn", - "workflowName" + "roleArn" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow to be retrieved.

", + "location":"uri", + "locationName":"workflowName" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "incrementalRunConfig":{ - "shape":"IncrementalRunConfig", - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" - }, "inputSourceConfig":{ "shape":"InputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"OutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path, ApplyNormalization, and Output.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path, applyNormalization, KMSArn, and output.

" }, "resolutionTechniques":{ "shape":"ResolutionTechniques", "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" }, + "incrementalRunConfig":{ + "shape":"IncrementalRunConfig", + "documentation":"

Optional. An object that defines the incremental run type. This object contains only the incrementalRunType field, which appears as \"Automatic\" in the console.

For workflows where resolutionType is ML_MATCHING or PROVIDER, incremental processing is not supported.

" + }, "roleArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to create resources on your behalf as part of workflow execution.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow to be retrieved.

", - "location":"uri", - "locationName":"workflowName" } } }, "UpdateMatchingWorkflowOutput":{ "type":"structure", "required":[ + "workflowName", "inputSourceConfig", "outputSourceConfig", "resolutionTechniques", - "roleArn", - "workflowName" + "roleArn" ], "members":{ + "workflowName":{ + "shape":"EntityName", + "documentation":"

The name of the workflow.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the workflow.

" }, - "incrementalRunConfig":{ - "shape":"IncrementalRunConfig", - "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" - }, "inputSourceConfig":{ "shape":"InputSourceConfig", "documentation":"

A list of InputSource objects, which have the fields InputSourceARN and SchemaName.

" }, "outputSourceConfig":{ "shape":"OutputSourceConfig", - "documentation":"

A list of OutputSource objects, each of which contains fields OutputS3Path, ApplyNormalization, and Output.

" + "documentation":"

A list of OutputSource objects, each of which contains fields outputS3Path, applyNormalization, KMSArn, and output.

" }, "resolutionTechniques":{ "shape":"ResolutionTechniques", - "documentation":"

An object which defines the resolutionType and the ruleBasedProperties

" + "documentation":"

An object which defines the resolutionType and the ruleBasedProperties.

" + }, + "incrementalRunConfig":{ + "shape":"IncrementalRunConfig", + "documentation":"

An object which defines an incremental run type and has only incrementalRunType as a field.

" }, "roleArn":{ "shape":"String", "documentation":"

The Amazon Resource Name (ARN) of the IAM role. Entity Resolution assumes this role to create resources on your behalf as part of workflow execution.

" - }, - "workflowName":{ - "shape":"EntityName", - "documentation":"

The name of the workflow.

" } } }, "UpdateSchemaMappingInput":{ "type":"structure", "required":[ - "mappedInputFields", - "schemaName" + "schemaName", + "mappedInputFields" ], "members":{ + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema. There can't be multiple SchemaMappings with the same name.

", + "location":"uri", + "locationName":"schemaName" + }, "description":{ "shape":"Description", "documentation":"

A description of the schema.

" @@ -3831,23 +4166,25 @@ "mappedInputFields":{ "shape":"SchemaInputAttributes", "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information that Entity Resolution uses for matching.

" - }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema. There can't be multiple SchemaMappings with the same name.

", - "location":"uri", - "locationName":"schemaName" } } }, "UpdateSchemaMappingOutput":{ "type":"structure", "required":[ - "mappedInputFields", + "schemaName", "schemaArn", - "schemaName" + "mappedInputFields" ], "members":{ + "schemaName":{ + "shape":"EntityName", + "documentation":"

The name of the schema.

" + }, + "schemaArn":{ + "shape":"SchemaMappingArn", + "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" + }, "description":{ "shape":"Description", "documentation":"

A description of the schema.

" @@ -3855,14 +4192,6 @@ "mappedInputFields":{ "shape":"SchemaInputAttributes", "documentation":"

A list of MappedInputFields. Each MappedInputField corresponds to a column the source data table, and contains column name plus additional information that Entity Resolution uses for matching.

" - }, - "schemaArn":{ - "shape":"SchemaMappingArn", - "documentation":"

The ARN (Amazon Resource Name) that Entity Resolution generated for the SchemaMapping.

" - }, - "schemaName":{ - "shape":"EntityName", - "documentation":"

The name of the schema.

" } } }, @@ -3880,7 +4209,7 @@ }, "VeniceGlobalArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:((schemamapping|matchingworkflow|idmappingworkflow|idnamespace)/[a-zA-Z_0-9-]{1,255})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn):entityresolution:[a-z]{2}-[a-z]{1,10}-[0-9]:[0-9]{12}:((schemamapping|matchingworkflow|idmappingworkflow|idnamespace)/[a-zA-Z_0-9-]{1,255})" } }, "documentation":"

Welcome to the Entity Resolution API Reference.

Entity Resolution is an Amazon Web Services service that provides pre-configured entity resolution capabilities that enable developers and analysts at advertising and marketing companies to build an accurate and complete view of their consumers.

With Entity Resolution, you can match source records containing consumer identifiers, such as name, email address, and phone number. This is true even when these records have incomplete or conflicting identifiers. For example, Entity Resolution can effectively match a source record from a customer relationship management (CRM) system with a source record from a marketing system containing campaign information.

To learn more about Entity Resolution concepts, procedures, and best practices, see the Entity Resolution User Guide.

" diff -pruN 2.23.6-1/awscli/botocore/data/es/2015-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/es/2015-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/es/2015-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/es/2015-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/es/2015-01-01/service-2.json 2.31.35-1/awscli/botocore/data/es/2015-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/es/2015-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/es/2015-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -879,8 +879,7 @@ }, "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An error occurred because user does not have permissions to access the resource. Returns HTTP status code 403.

", "error":{"httpStatusCode":403}, "exception":true @@ -1591,8 +1590,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An error occurred because the client attempts to remove a resource that is currently in use. Returns HTTP status code 409.

", "error":{"httpStatusCode":409}, "exception":true @@ -2342,8 +2340,7 @@ "DisableTimestamp":{"type":"timestamp"}, "DisabledOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An error occured because the client wanted to access a not supported operation. Gives http status code of 409.

", "error":{"httpStatusCode":409}, "exception":true @@ -3283,24 +3280,21 @@ "IntegerClass":{"type":"integer"}, "InternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request processing has failed because of an unknown error, exception or failure (the failure is internal to the service) . Gives http status code of 500.

", "error":{"httpStatusCode":500}, "exception":true }, "InvalidPaginationTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request processing has failed because of invalid pagination token provided by customer. Returns an HTTP status code of 400.

", "error":{"httpStatusCode":400}, "exception":true }, "InvalidTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An exception for trying to create or access sub-resource that is either invalid or not supported. Gives http status code of 409.

", "error":{"httpStatusCode":409}, "exception":true @@ -3318,8 +3312,7 @@ "LastUpdated":{"type":"timestamp"}, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An exception for trying to create more than allowed resources or sub-resources. Gives http status code of 409.

", "error":{"httpStatusCode":409}, "exception":true @@ -4240,16 +4233,14 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An exception for creating a resource that already exists. Gives http status code of 400.

", "error":{"httpStatusCode":409}, "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An exception for accessing or deleting a resource that does not exist. Gives http status code of 400.

", "error":{"httpStatusCode":409}, "exception":true @@ -4276,8 +4267,7 @@ }, "RevokeVpcEndpointAccessResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

Container for response parameters to the RevokeVpcEndpointAccess operation. The response body for this operation is empty.

" }, "RoleArn":{ @@ -4942,8 +4932,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An exception for missing / invalid input fields. Gives http status code of 400.

", "error":{"httpStatusCode":400}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/events/2015-10-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/events/2015-10-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/events/2015-10-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/events/2015-10-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,38 +5,111 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "EndpointId": { "required": false, "documentation": "Operation parameter for EndpointId", - "type": "String" + "type": "string" } }, "rules": [ { "conditions": [ { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://events.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { "fn": "isSet", "argv": [ { diff -pruN 2.23.6-1/awscli/botocore/data/events/2015-10-07/service-2.json 2.31.35-1/awscli/botocore/data/events/2015-10-07/service-2.json --- 2.23.6-1/awscli/botocore/data/events/2015-10-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/events/2015-10-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -78,7 +78,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidEventPatternException"} ], - "documentation":"

Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.

Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:

  • You call CreateArchive on an event bus set to use a customer managed key for encryption.

  • You call CreateDiscoverer on an event bus set to use a customer managed key for encryption.

  • You call UpdatedEventBus to set a customer managed key on an event bus with an archives or schema discovery enabled.

To enable archives or schema discovery on an event bus, choose to use an Amazon Web Services owned key. For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

" + "documentation":"

Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.

If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" }, "CreateConnection":{ "name":"CreateConnection", @@ -630,7 +630,7 @@ "errors":[ {"shape":"InternalException"} ], - "documentation":"

Sends custom events to Amazon EventBridge so that they can be matched to rules.

The maximum size for a PutEvents event entry is 256 KB. Entry size is calculated including the event and any necessary characters and keys of the JSON representation of the event. To learn more, see Calculating PutEvents event entry size in the Amazon EventBridge User Guide

PutEvents accepts the data in JSON format. For the JSON number (integer) data type, the constraints are: a minimum value of -9,223,372,036,854,775,808 and a maximum value of 9,223,372,036,854,775,807.

PutEvents will only process nested JSON up to 1000 levels deep.

" + "documentation":"

Sends custom events to Amazon EventBridge so that they can be matched to rules.

You can batch multiple event entries into one request for efficiency. However, the total entry size must be less than 256KB. You can calculate the entry size before you send the events. For more information, see Calculating PutEvents event entry size in the Amazon EventBridge User Guide .

PutEvents accepts the data in JSON format. For the JSON number (integer) data type, the constraints are: a minimum value of -9,223,372,036,854,775,808 and a maximum value of 9,223,372,036,854,775,807.

PutEvents will only process nested JSON up to 1000 levels deep.

" }, "PutPartnerEvents":{ "name":"PutPartnerEvents", @@ -877,9 +877,8 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, - "documentation":"

You do not have the necessary permissons for this action.

", + "members":{}, + "documentation":"

You do not have the necessary permissions for this action.

", "exception":true }, "AccountId":{ @@ -1008,7 +1007,7 @@ "documentation":"

The name of the archive.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"EventBusArn", "documentation":"

The ARN of the event bus associated with the archive. Only events from this event bus are sent to the archive.

" }, "State":{ @@ -1234,8 +1233,7 @@ }, "ConcurrentModificationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

There is concurrent modification on a rule, target, archive, or replay.

", "exception":true }, @@ -1530,10 +1528,10 @@ "members":{ "ResourceConfigurationArn":{ "shape":"ResourceConfigurationArn", - "documentation":"

The Amazon Resource Name (ARN) of the resource configuration for the resource endpoint.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon VPC Lattice resource configuration for the resource endpoint.

" } }, - "documentation":"

The Amazon Resource Name (ARN) of the resource configuration for the resource endpoint.

" + "documentation":"

The Amazon Resource Name (ARN) of the Amazon VPC Lattice resource configuration for the resource endpoint.

" }, "ConnectivityResourceParameters":{ "type":"structure", @@ -1614,7 +1612,7 @@ "documentation":"

The name for the archive to create.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"EventBusArn", "documentation":"

The ARN of the event bus that sends events to the archive.

" }, "Description":{ @@ -1628,6 +1626,10 @@ "RetentionDays":{ "shape":"RetentionDays", "documentation":"

The number of days to retain events for. Default value is 0. If set to 0, events are retained indefinitely

" + }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt this archive. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt the archive.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" } } }, @@ -1785,7 +1787,11 @@ }, "InvocationConnectivityParameters":{ "shape":"ConnectivityResourceParameters", - "documentation":"

For connections to private resource endpoints, the parameters to use for invoking the resource endpoint.

For more information, see Connecting to private resources in the Amazon EventBridge User Guide .

" + "documentation":"

For connections to private APIs, the parameters to use for invoking the API.

For more information, see Connecting to private APIs in the Amazon EventBridge User Guide .

" + }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt this connection. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt the connection.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

" } } }, @@ -1895,9 +1901,13 @@ }, "KmsKeyIdentifier":{ "shape":"KmsKeyIdentifier", - "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt events on the event bus.

For more information, see Managing keys in the Key Management Service Developer Guide.

Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:

  • You call CreateArchive on an event bus set to use a customer managed key for encryption.

  • You call CreateDiscoverer on an event bus set to use a customer managed key for encryption.

  • You call UpdatedEventBus to set a customer managed key on an event bus with an archives or schema discovery enabled.

To enable archives or schema discovery on an event bus, choose to use an Amazon Web Services owned key. For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

" + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt events on the event bus.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

Schema discovery is not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:

  • You call CreateDiscoverer on an event bus set to use a customer managed key for encryption.

  • You call UpdatedEventBus to set a customer managed key on an event bus with schema discovery enabled.

To enable schema discovery on an event bus, choose to use an Amazon Web Services owned key. For more information, see Encrypting events in the Amazon EventBridge User Guide.

If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" }, "DeadLetterConfig":{"shape":"DeadLetterConfig"}, + "LogConfig":{ + "shape":"LogConfig", + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + }, "Tags":{ "shape":"TagList", "documentation":"

Tags to associate with the event bus.

" @@ -1919,7 +1929,11 @@ "shape":"KmsKeyIdentifier", "documentation":"

The identifier of the KMS customer managed key for EventBridge to use to encrypt events on this event bus, if one has been specified.

For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

" }, - "DeadLetterConfig":{"shape":"DeadLetterConfig"} + "DeadLetterConfig":{"shape":"DeadLetterConfig"}, + "LogConfig":{ + "shape":"LogConfig", + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + } } }, "CreatePartnerEventSourceRequest":{ @@ -2032,8 +2046,7 @@ }, "DeleteApiDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteArchiveRequest":{ "type":"structure", @@ -2047,8 +2060,7 @@ }, "DeleteArchiveResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConnectionRequest":{ "type":"structure", @@ -2097,8 +2109,7 @@ }, "DeleteEndpointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventBusRequest":{ "type":"structure", @@ -2222,7 +2233,7 @@ "documentation":"

The name of the archive.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"EventBusArn", "documentation":"

The ARN of the event source associated with the archive.

" }, "Description":{ @@ -2241,6 +2252,10 @@ "shape":"ArchiveStateReason", "documentation":"

The reason that the archive is in the state.

" }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use to encrypt this archive, if one has been specified.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" + }, "RetentionDays":{ "shape":"RetentionDays", "documentation":"

The number of days to retain events for in the archive.

" @@ -2293,7 +2308,7 @@ }, "ResourceAssociationArn":{ "shape":"ResourceAssociationArn", - "documentation":"

For connections to private APIs, the Amazon Resource Name (ARN) of the resource association EventBridge created between the connection and the private API's resource configuration.

" + "documentation":"

For connections to private APIs, the Amazon Resource Name (ARN) of the resource association EventBridge created between the connection and the private API's resource configuration.

For more information, see Managing service network resource associations for connections in the Amazon EventBridge User Guide .

" } }, "documentation":"

The parameters for EventBridge to use when invoking the resource endpoint.

" @@ -2315,7 +2330,7 @@ }, "InvocationConnectivityParameters":{ "shape":"DescribeConnectionConnectivityParameters", - "documentation":"

For connections to private resource endpoints. The parameters EventBridge uses to invoke the resource endpoint.

For more information, see Connecting to private resources in the Amazon EventBridge User Guide .

" + "documentation":"

For connections to private APIs The parameters EventBridge uses to invoke the resource endpoint.

For more information, see Connecting to private APIs in the Amazon EventBridge User Guide .

" }, "ConnectionState":{ "shape":"ConnectionState", @@ -2333,6 +2348,10 @@ "shape":"SecretsManagerSecretArn", "documentation":"

The ARN of the secret created from the authorization parameters specified for the connection.

" }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use to encrypt the connection, if one has been specified.

For more information, see Encrypting connections in the Amazon EventBridge User Guide.

" + }, "AuthParameters":{ "shape":"ConnectionAuthResponseParameters", "documentation":"

The parameters to use for authorization for the connection.

" @@ -2455,6 +2474,10 @@ "shape":"String", "documentation":"

The policy that enables the external account to send events to your account.

" }, + "LogConfig":{ + "shape":"LogConfig", + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + }, "CreationTime":{ "shape":"Timestamp", "documentation":"

The time the event bus was created.

" @@ -2561,7 +2584,7 @@ "documentation":"

The reason that the replay is in the current state.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"ArchiveArn", "documentation":"

The ARN of the archive events were replayed from.

" }, "Destination":{ @@ -2898,6 +2921,12 @@ }, "documentation":"

An event bus receives events from a source, uses rules to evaluate them, applies any configured input transformation, and routes them to the appropriate target(s). Your account's default event bus receives events from Amazon Web Services services. A custom event bus can receive events from your custom applications and services. A partner event bus receives events from an event source created by an SaaS partner. These events come from the partners services or applications.

" }, + "EventBusArn":{ + "type":"string", + "max":1600, + "min":1, + "pattern":"^arn:aws([a-z]|\\-)*:events:([a-z]|\\d|\\-)*:([0-9]{12})?:.+\\/.+$" + }, "EventBusDescription":{ "type":"string", "max":512 @@ -2916,7 +2945,7 @@ "type":"string", "max":1600, "min":1, - "pattern":"(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+" + "pattern":"(arn:aws[\\w-]*:events:[a-z]+-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[/\\.\\-_A-Za-z0-9]+" }, "EventId":{ "type":"string", @@ -3078,11 +3107,17 @@ }, "IllegalStatusException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An error occurred because a replay can be canceled only when the state is Running or Starting.

", "exception":true }, + "IncludeDetail":{ + "type":"string", + "enum":[ + "NONE", + "FULL" + ] + }, "InputTransformer":{ "type":"structure", "required":["InputTemplate"], @@ -3107,23 +3142,20 @@ "Integer":{"type":"integer"}, "InternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This exception occurs due to unexpected causes.

", "exception":true, "fault":true }, "InvalidEventPatternException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The event pattern is not valid.

", "exception":true }, "InvalidStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The specified state is not a valid state for an event source.

", "exception":true }, @@ -3140,7 +3172,8 @@ }, "KmsKeyIdentifier":{ "type":"string", - "max":2048 + "max":2048, + "pattern":"^[a-zA-Z0-9_\\-/:]*$" }, "LaunchType":{ "type":"string", @@ -3150,10 +3183,18 @@ "EXTERNAL" ] }, + "Level":{ + "type":"string", + "enum":[ + "OFF", + "ERROR", + "INFO", + "TRACE" + ] + }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request failed because it attempted to create resource beyond the allowed service quota.

", "exception":true }, @@ -3208,7 +3249,7 @@ "documentation":"

A name prefix to filter the archives returned. Only archives with name that match the prefix are returned.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"EventBusArn", "documentation":"

The ARN of the event source associated with the archive.

" }, "State":{ @@ -3440,7 +3481,7 @@ "documentation":"

The state of the replay.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"ArchiveArn", "documentation":"

The ARN of the archive from which the events are replayed.

" }, "NextToken":{ @@ -3589,6 +3630,20 @@ } } }, + "LogConfig":{ + "type":"structure", + "members":{ + "IncludeDetail":{ + "shape":"IncludeDetail", + "documentation":"

Whether EventBridge include detailed event information in the records it generates. Detailed data can be useful for troubleshooting and debugging. This information includes details of the event itself, as well as target details.

For more information, see Including detail data in event bus logs in the EventBridge User Guide.

" + }, + "Level":{ + "shape":"Level", + "documentation":"

The level of logging detail to include. This applies to all log destinations for the event bus.

For more information, see Specifying event bus log level in the EventBridge User Guide.

" + } + }, + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + }, "Long":{"type":"long"}, "ManagedBy":{ "type":"string", @@ -3597,8 +3652,7 @@ }, "ManagedRuleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This rule was created by an Amazon Web Services service on behalf of your account. It is managed by that service. If you see this error in response to DeleteRule or RemoveTargets, you can use the Force parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.

", "exception":true }, @@ -3635,7 +3689,7 @@ "type":"string", "max":512, "min":1, - "pattern":"^arn:aws[a-z-]*:events:[a-z]{2}-[a-z-]+-\\d+:\\d{12}:event-bus/[\\w.-]+$" + "pattern":"^arn:aws[a-z-]*:events:[a-z]+-[a-z-]+-\\d+:\\d{12}:event-bus/[\\w.-]+$" }, "NonPartnerEventBusName":{ "type":"string", @@ -3647,12 +3701,11 @@ "type":"string", "max":1600, "min":1, - "pattern":"(arn:aws[\\w-]*:events:[a-z]{2}-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[\\.\\-_A-Za-z0-9]+" + "pattern":"(arn:aws[\\w-]*:events:[a-z]+-[a-z]+-[\\w-]+:[0-9]{12}:event-bus\\/)?[\\.\\-_A-Za-z0-9]+" }, "OperationDisabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The operation you are attempting is not available in this region.

", "exception":true }, @@ -3777,8 +3830,7 @@ }, "PolicyLengthExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The event bus policy is too long. For more information, see the limits.

", "exception":true }, @@ -4254,7 +4306,7 @@ "documentation":"

The name of the replay.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"ArchiveArn", "documentation":"

The ARN of the archive to replay event from.

" }, "State":{ @@ -4363,8 +4415,7 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The resource you are trying to create already exists.

", "exception":true }, @@ -4387,8 +4438,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

An entity that you specified does not exist.

", "exception":true }, @@ -4566,14 +4616,14 @@ "members":{ "Name":{ "shape":"SageMakerPipelineParameterName", - "documentation":"

Name of parameter to start execution of a SageMaker Model Building Pipeline.

" + "documentation":"

Name of parameter to start execution of a SageMaker AI Model Building Pipeline.

" }, "Value":{ "shape":"SageMakerPipelineParameterValue", - "documentation":"

Value of parameter to start execution of a SageMaker Model Building Pipeline.

" + "documentation":"

Value of parameter to start execution of a SageMaker AI Model Building Pipeline.

" } }, - "documentation":"

Name/Value pair of a parameter to start execution of a SageMaker Model Building Pipeline.

" + "documentation":"

Name/Value pair of a parameter to start execution of a SageMaker AI Model Building Pipeline.

" }, "SageMakerPipelineParameterList":{ "type":"list", @@ -4596,10 +4646,10 @@ "members":{ "PipelineParameterList":{ "shape":"SageMakerPipelineParameterList", - "documentation":"

List of Parameter names and values for SageMaker Model Building Pipeline execution.

" + "documentation":"

List of Parameter names and values for SageMaker AI Model Building Pipeline execution.

" } }, - "documentation":"

These are custom parameters to use when the target is a SageMaker Model Building Pipeline that starts based on EventBridge events.

" + "documentation":"

These are custom parameters to use when the target is a SageMaker AI Model Building Pipeline that starts based on EventBridge events.

" }, "ScheduleExpression":{ "type":"string", @@ -4670,7 +4720,7 @@ "documentation":"

A description for the replay to start.

" }, "EventSourceArn":{ - "shape":"Arn", + "shape":"ArchiveArn", "documentation":"

The ARN of the archive to replay events from.

" }, "EventStartTime":{ @@ -4775,8 +4825,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4844,7 +4893,7 @@ }, "SageMakerPipelineParameters":{ "shape":"SageMakerPipelineParameters", - "documentation":"

Contains the SageMaker Model Building Pipeline parameters to start execution of a SageMaker Model Building Pipeline.

If you specify a SageMaker Model Building Pipeline as a target, you can use this to specify parameters to start a pipeline execution based on EventBridge events.

" + "documentation":"

Contains the SageMaker AI Model Building Pipeline parameters to start execution of a SageMaker AI Model Building Pipeline.

If you specify a SageMaker AI Model Building Pipeline as a target, you can use this to specify parameters to start a pipeline execution based on EventBridge events.

" }, "DeadLetterConfig":{ "shape":"DeadLetterConfig", @@ -4924,8 +4973,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

This request cannot be completed due to throttling issues.

", "exception":true }, @@ -4965,8 +5013,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApiDestinationRequest":{ "type":"structure", @@ -5038,6 +5085,10 @@ "RetentionDays":{ "shape":"RetentionDays", "documentation":"

The number of days to retain events in the archive.

" + }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt this archive. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt the archive.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" } } }, @@ -5174,7 +5225,11 @@ }, "InvocationConnectivityParameters":{ "shape":"ConnectivityResourceParameters", - "documentation":"

For connections to private resource endpoints, the parameters to use for invoking the resource endpoint.

For more information, see Connecting to private resources in the Amazon EventBridge User Guide .

" + "documentation":"

For connections to private APIs, the parameters to use for invoking the API.

For more information, see Connecting to private APIs in the Amazon EventBridge User Guide .

" + }, + "KmsKeyIdentifier":{ + "shape":"KmsKeyIdentifier", + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt this connection. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt the connection.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

" } } }, @@ -5283,13 +5338,17 @@ }, "KmsKeyIdentifier":{ "shape":"KmsKeyIdentifier", - "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt events on the event bus.

For more information, see Managing keys in the Key Management Service Developer Guide.

Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:

  • You call CreateArchive on an event bus set to use a customer managed key for encryption.

  • You call CreateDiscoverer on an event bus set to use a customer managed key for encryption.

  • You call UpdatedEventBus to set a customer managed key on an event bus with an archives or schema discovery enabled.

To enable archives or schema discovery on an event bus, choose to use an Amazon Web Services owned key. For more information, see Data encryption in EventBridge in the Amazon EventBridge User Guide.

" + "documentation":"

The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.

If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt events on the event bus.

For more information, see Identify and view keys in the Key Management Service Developer Guide.

Schema discovery is not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:

  • You call CreateDiscoverer on an event bus set to use a customer managed key for encryption.

  • You call UpdatedEventBus to set a customer managed key on an event bus with schema discovery enabled.

To enable schema discovery on an event bus, choose to use an Amazon Web Services owned key. For more information, see Encrypting events in the Amazon EventBridge User Guide.

If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.

For more information, see Encrypting archives in the Amazon EventBridge User Guide.

" }, "Description":{ "shape":"EventBusDescription", "documentation":"

The event bus description.

" }, - "DeadLetterConfig":{"shape":"DeadLetterConfig"} + "DeadLetterConfig":{"shape":"DeadLetterConfig"}, + "LogConfig":{ + "shape":"LogConfig", + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + } } }, "UpdateEventBusResponse":{ @@ -5311,7 +5370,11 @@ "shape":"EventBusDescription", "documentation":"

The event bus description.

" }, - "DeadLetterConfig":{"shape":"DeadLetterConfig"} + "DeadLetterConfig":{"shape":"DeadLetterConfig"}, + "LogConfig":{ + "shape":"LogConfig", + "documentation":"

The logging configuration settings for the event bus.

For more information, see Configuring logs for event buses in the EventBridge User Guide.

" + } } } }, diff -pruN 2.23.6-1/awscli/botocore/data/evidently/2021-02-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/evidently/2021-02-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/evidently/2021-02-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/evidently/2021-02-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/evs/2023-07-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/evs/2023-07-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/evs/2023-07-27/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/evs/2023-07-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://evs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://evs-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://evs.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://evs.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/evs/2023-07-27/paginators-1.json 2.31.35-1/awscli/botocore/data/evs/2023-07-27/paginators-1.json --- 2.23.6-1/awscli/botocore/data/evs/2023-07-27/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/evs/2023-07-27/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListEnvironmentHosts": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "environmentHosts" + }, + "ListEnvironmentVlans": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "environmentVlans" + }, + "ListEnvironments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "environmentSummaries" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/evs/2023-07-27/service-2.json 2.31.35-1/awscli/botocore/data/evs/2023-07-27/service-2.json --- 2.23.6-1/awscli/botocore/data/evs/2023-07-27/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/evs/2023-07-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,1535 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2023-07-27", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"evs", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceAbbreviation":"EVS", + "serviceFullName":"Amazon Elastic VMware Service", + "serviceId":"evs", + "signatureVersion":"v4", + "signingName":"evs", + "targetPrefix":"AmazonElasticVMwareService", + "uid":"evs-2023-07-27" + }, + "operations":{ + "AssociateEipToVlan":{ + "name":"AssociateEipToVlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateEipToVlanRequest"}, + "output":{"shape":"AssociateEipToVlanResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Associates an Elastic IP address with a public HCX VLAN. This operation is only allowed for public HCX VLANs at this time.

", + "idempotent":true + }, + "CreateEnvironment":{ + "name":"CreateEnvironment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateEnvironmentRequest"}, + "output":{"shape":"CreateEnvironmentResponse"}, + "errors":[ + {"shape":"ValidationException"} + ], + "documentation":"

Creates an Amazon EVS environment that runs VCF software, such as SDDC Manager, NSX Manager, and vCenter Server.

During environment creation, Amazon EVS performs validations on DNS settings, provisions VLAN subnets and hosts, and deploys the supplied version of VCF.

It can take several hours to create an environment. After the deployment completes, you can configure VCF in the vSphere user interface according to your needs.

You cannot use the dedicatedHostId and placementGroupId parameters together in the same CreateEnvironment action. This results in a ValidationException response.

", + "idempotent":true + }, + "CreateEnvironmentHost":{ + "name":"CreateEnvironmentHost", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateEnvironmentHostRequest"}, + "output":{"shape":"CreateEnvironmentHostResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

Creates an ESXi host and adds it to an Amazon EVS environment. Amazon EVS supports 4-16 hosts per environment.

This action can only be used after the Amazon EVS environment is deployed.

You can use the dedicatedHostId parameter to specify an Amazon EC2 Dedicated Host for ESXi host creation.

You can use the placementGroupId parameter to specify a cluster or partition placement group to launch EC2 instances into.

You cannot use the dedicatedHostId and placementGroupId parameters together in the same CreateEnvironmentHost action. This results in a ValidationException response.

", + "idempotent":true + }, + "DeleteEnvironment":{ + "name":"DeleteEnvironment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteEnvironmentRequest"}, + "output":{"shape":"DeleteEnvironmentResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Deletes an Amazon EVS environment.

Amazon EVS environments will only be enabled for deletion once the hosts are deleted. You can delete hosts using the DeleteEnvironmentHost action.

Environment deletion also deletes the associated Amazon EVS VLAN subnets and Amazon Web Services Secrets Manager secrets that Amazon EVS created. Amazon Web Services resources that you create are not deleted. These resources may continue to incur costs.

", + "idempotent":true + }, + "DeleteEnvironmentHost":{ + "name":"DeleteEnvironmentHost", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteEnvironmentHostRequest"}, + "output":{"shape":"DeleteEnvironmentHostResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Deletes a host from an Amazon EVS environment.

Before deleting a host, you must unassign and decommission the host from within the SDDC Manager user interface. Not doing so could impact the availability of your virtual machines or result in data loss.

", + "idempotent":true + }, + "DisassociateEipFromVlan":{ + "name":"DisassociateEipFromVlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateEipFromVlanRequest"}, + "output":{"shape":"DisassociateEipFromVlanResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Disassociates an Elastic IP address from a public HCX VLAN. This operation is only allowed for public HCX VLANs at this time.

", + "idempotent":true + }, + "GetEnvironment":{ + "name":"GetEnvironment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetEnvironmentRequest"}, + "output":{"shape":"GetEnvironmentResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Returns a description of the specified environment.

" + }, + "ListEnvironmentHosts":{ + "name":"ListEnvironmentHosts", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListEnvironmentHostsRequest"}, + "output":{"shape":"ListEnvironmentHostsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

List the hosts within an environment.

" + }, + "ListEnvironmentVlans":{ + "name":"ListEnvironmentVlans", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListEnvironmentVlansRequest"}, + "output":{"shape":"ListEnvironmentVlansResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Lists environment VLANs that are associated with the specified environment.

" + }, + "ListEnvironments":{ + "name":"ListEnvironments", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListEnvironmentsRequest"}, + "output":{"shape":"ListEnvironmentsResponse"}, + "errors":[ + {"shape":"ValidationException"} + ], + "documentation":"

Lists the Amazon EVS environments in your Amazon Web Services account in the specified Amazon Web Services Region.

" + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

Lists the tags for an Amazon EVS resource.

" + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"TooManyTagsException"}, + {"shape":"TagPolicyException"} + ], + "documentation":"

Associates the specified tags to an Amazon EVS resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they aren't changed. When a resource is deleted, the tags associated with that resource are also deleted. Tags that you create for Amazon EVS resources don't propagate to any other resources associated with the environment. For example, if you tag an environment with this operation, that tag doesn't automatically propagate to the VLAN subnets and hosts associated with the environment.

", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"TagPolicyException"} + ], + "documentation":"

Deletes specified tags from an Amazon EVS resource.

", + "idempotent":true + } + }, + "shapes":{ + "AllocationId":{ + "type":"string", + "max":26, + "min":9, + "pattern":"eipalloc-[a-zA-Z0-9_-]+" + }, + "Arn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"arn:aws:evs:[a-z]{2}-[a-z]+-[0-9]:[0-9]{12}:environment/[a-zA-Z0-9_-]+" + }, + "AssociateEipToVlanRequest":{ + "type":"structure", + "required":[ + "environmentId", + "vlanName", + "allocationId" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the environment creation request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment containing the VLAN that the Elastic IP address associates with.

" + }, + "vlanName":{ + "shape":"AssociateEipToVlanRequestVlanNameString", + "documentation":"

The name of the VLAN. hcx is the only accepted VLAN name at this time.

" + }, + "allocationId":{ + "shape":"AllocationId", + "documentation":"

The Elastic IP address allocation ID.

" + } + } + }, + "AssociateEipToVlanRequestVlanNameString":{ + "type":"string", + "max":200, + "min":1 + }, + "AssociateEipToVlanResponse":{ + "type":"structure", + "members":{ + "vlan":{"shape":"Vlan"} + } + }, + "AssociationId":{ + "type":"string", + "max":26, + "min":9, + "pattern":"eipassoc-[a-zA-Z0-9_-]+" + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Check":{ + "type":"structure", + "members":{ + "type":{ + "shape":"CheckType", + "documentation":"

The check type. Amazon EVS performs the following checks.

  • KEY_REUSE: checks that the VCF license key is not used by another Amazon EVS environment. This check fails if a used license is added to the environment.

  • KEY_COVERAGE: checks that your VCF license key allocates sufficient vCPU cores for all deployed hosts. The check fails when any assigned hosts in the EVS environment are not covered by license keys, or when any unassigned hosts cannot be covered by available vCPU cores in keys.

  • REACHABILITY: checks that the Amazon EVS control plane has a persistent connection to SDDC Manager. If Amazon EVS cannot reach the environment, this check fails.

  • HOST_COUNT: Checks that your environment has a minimum of 4 hosts, which is a requirement for VCF 5.2.1.

    If this check fails, you will need to add hosts so that your environment meets this minimum requirement. Amazon EVS only supports environments with 4-16 hosts.

" + }, + "result":{ + "shape":"CheckResult", + "documentation":"

The check result.

" + }, + "impairedSince":{ + "shape":"Timestamp", + "documentation":"

The time when environment health began to be impaired.

" + } + }, + "documentation":"

A check on the environment to identify environment health and validate VMware VCF licensing compliance.

" + }, + "CheckResult":{ + "type":"string", + "enum":[ + "PASSED", + "FAILED", + "UNKNOWN" + ] + }, + "CheckType":{ + "type":"string", + "enum":[ + "KEY_REUSE", + "KEY_COVERAGE", + "REACHABILITY", + "HOST_COUNT" + ] + }, + "ChecksList":{ + "type":"list", + "member":{"shape":"Check"} + }, + "Cidr":{ + "type":"string", + "pattern":"((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/(3[0-2]|[1-2][0-9]|[0-9])" + }, + "ClientToken":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[!-~]+" + }, + "ConnectivityInfo":{ + "type":"structure", + "required":["privateRouteServerPeerings"], + "members":{ + "privateRouteServerPeerings":{ + "shape":"RouteServerPeeringList", + "documentation":"

The unique IDs for private route server peers.

" + } + }, + "documentation":"

The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX uplink VLAN for connectivity to the NSX overlay network.

" + }, + "CreateEnvironmentHostRequest":{ + "type":"structure", + "required":[ + "environmentId", + "host" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the host creation request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment that the host is added to.

" + }, + "host":{ + "shape":"HostInfoForCreate", + "documentation":"

The host that is created and added to the environment.

" + } + } + }, + "CreateEnvironmentHostResponse":{ + "type":"structure", + "members":{ + "environmentSummary":{ + "shape":"EnvironmentSummary", + "documentation":"

A summary of the environment that the host is created in.

" + }, + "host":{ + "shape":"Host", + "documentation":"

A description of the created host.

" + } + } + }, + "CreateEnvironmentRequest":{ + "type":"structure", + "required":[ + "vpcId", + "serviceAccessSubnetId", + "vcfVersion", + "termsAccepted", + "licenseInfo", + "initialVlans", + "hosts", + "connectivityInfo", + "vcfHostnames", + "siteId" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the environment creation request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentName":{ + "shape":"EnvironmentName", + "documentation":"

The name to give to your environment. The name can contain only alphanumeric characters (case-sensitive), hyphens, and underscores. It must start with an alphanumeric character, and can't be longer than 100 characters. The name must be unique within the Amazon Web Services Region and Amazon Web Services account that you're creating the environment in.

" + }, + "kmsKeyId":{ + "shape":"String", + "documentation":"

A unique ID for the customer-managed KMS key that is used to encrypt the VCF credential pairs for SDDC Manager, NSX Manager, and vCenter appliances. These credentials are stored in Amazon Web Services Secrets Manager.

" + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.

" + }, + "serviceAccessSecurityGroups":{ + "shape":"ServiceAccessSecurityGroups", + "documentation":"

The security group that controls communication between the Amazon EVS control plane and VPC. The default security group is used if a custom security group isn't specified.

The security group should allow access to the following.

  • TCP/UDP access to the DNS servers

  • HTTPS/SSH access to the host management VLAN subnet

  • HTTPS/SSH access to the Management VM VLAN subnet

You should avoid modifying the security group rules after deployment, as this can break the persistent connection between the Amazon EVS control plane and VPC. This can cause future environment actions like adding or removing hosts to fail.

" + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

A unique ID for the VPC that the environment is deployed inside.

Amazon EVS requires that all VPC subnets exist in a single Availability Zone in a Region where the service is available.

The VPC that you specify must have a valid DHCP option set with domain name, at least two DNS servers, and an NTP server. These settings are used to configure your VCF appliances and hosts. The VPC cannot be used with any other deployed Amazon EVS environment. Amazon EVS does not provide multi-VPC support for environments at this time.

Amazon EVS does not support the following Amazon Web Services networking options for NSX overlay connectivity: cross-Region VPC peering, Amazon S3 gateway endpoints, or Amazon Web Services Direct Connect virtual private gateway associations.

Ensure that you specify a VPC that is adequately sized to accommodate the {evws} subnets.

" + }, + "serviceAccessSubnetId":{ + "shape":"SubnetId", + "documentation":"

The subnet that is used to establish connectivity between the Amazon EVS control plane and VPC. Amazon EVS uses this subnet to validate mandatory DNS records for your VCF appliances and hosts and create the environment.

" + }, + "vcfVersion":{ + "shape":"VcfVersion", + "documentation":"

The VCF version to use for the environment. Amazon EVS only supports VCF version 5.2.1 at this time.

" + }, + "termsAccepted":{ + "shape":"Boolean", + "documentation":"

Customer confirmation that the customer has purchased and will continue to maintain the required number of VCF software licenses to cover all physical processor cores in the Amazon EVS environment. Information about your VCF software in Amazon EVS will be shared with Broadcom to verify license compliance. Amazon EVS does not validate license keys. To validate license keys, visit the Broadcom support portal.

" + }, + "licenseInfo":{ + "shape":"LicenseInfoList", + "documentation":"

The license information that Amazon EVS requires to create an environment. Amazon EVS requires two license keys: a VCF solution key and a vSAN license key. The VCF solution key must cover a minimum of 256 cores. The vSAN license key must provide at least 110 TiB of vSAN capacity.

VCF licenses can be used for only one Amazon EVS environment. Amazon EVS does not support reuse of VCF licenses for multiple environments.

VCF license information can be retrieved from the Broadcom portal.

" + }, + "initialVlans":{ + "shape":"InitialVlans", + "documentation":"

The initial VLAN subnets for the Amazon EVS environment.

For each Amazon EVS VLAN subnet, you must specify a non-overlapping CIDR block. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24.

" + }, + "hosts":{ + "shape":"HostInfoForCreateList", + "documentation":"

The ESXi hosts to add to the environment. Amazon EVS requires that you provide details for a minimum of 4 hosts during environment creation.

For each host, you must provide the desired hostname, EC2 SSH keypair name, and EC2 instance type. Optionally, you can also provide a partition or cluster placement group to use, or use Amazon EC2 Dedicated Hosts.

" + }, + "connectivityInfo":{ + "shape":"ConnectivityInfo", + "documentation":"

The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX edges over the NSX uplink subnet, providing BGP-based dynamic routing for overlay networks.

" + }, + "vcfHostnames":{ + "shape":"VcfHostnames", + "documentation":"

The DNS hostnames for the virtual machines that host the VCF management appliances. Amazon EVS requires that you provide DNS hostnames for the following appliances: vCenter, NSX Manager, SDDC Manager, and Cloud Builder.

" + }, + "siteId":{ + "shape":"String", + "documentation":"

The Broadcom Site ID that is allocated to you as part of your electronic software delivery. This ID allows customer access to the Broadcom portal, and is provided to you by Broadcom at the close of your software contract or contract renewal. Amazon EVS uses the Broadcom Site ID that you provide to meet Broadcom VCF license usage reporting requirements for Amazon EVS.

" + } + } + }, + "CreateEnvironmentResponse":{ + "type":"structure", + "members":{ + "environment":{ + "shape":"Environment", + "documentation":"

A description of the created environment.

" + } + } + }, + "DedicatedHostId":{ + "type":"string", + "max":25, + "min":1, + "pattern":"h-[a-f0-9]{8}([a-f0-9]{9})?" + }, + "DeleteEnvironmentHostRequest":{ + "type":"structure", + "required":[ + "environmentId", + "hostName" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the host deletion request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the host's environment.

" + }, + "hostName":{ + "shape":"HostName", + "documentation":"

The DNS hostname associated with the host to be deleted.

" + } + } + }, + "DeleteEnvironmentHostResponse":{ + "type":"structure", + "members":{ + "environmentSummary":{ + "shape":"EnvironmentSummary", + "documentation":"

A summary of the environment that the host was deleted from.

" + }, + "host":{ + "shape":"Host", + "documentation":"

A description of the deleted host.

" + } + } + }, + "DeleteEnvironmentRequest":{ + "type":"structure", + "required":["environmentId"], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the environment deletion request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID associated with the environment to be deleted.

" + } + } + }, + "DeleteEnvironmentResponse":{ + "type":"structure", + "members":{ + "environment":{ + "shape":"Environment", + "documentation":"

A description of the deleted environment.

" + } + } + }, + "DisassociateEipFromVlanRequest":{ + "type":"structure", + "required":[ + "environmentId", + "vlanName", + "associationId" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

This parameter is not used in Amazon EVS currently. If you supply input for this parameter, it will have no effect.

A unique, case-sensitive identifier that you provide to ensure the idempotency of the environment creation request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.

", + "idempotencyToken":true + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment containing the VLAN that the Elastic IP address disassociates from.

" + }, + "vlanName":{ + "shape":"DisassociateEipFromVlanRequestVlanNameString", + "documentation":"

The name of the VLAN. hcx is the only accepted VLAN name at this time.

" + }, + "associationId":{ + "shape":"AssociationId", + "documentation":"

A unique ID for the Elastic IP address association.

" + } + } + }, + "DisassociateEipFromVlanRequestVlanNameString":{ + "type":"string", + "max":200, + "min":1 + }, + "DisassociateEipFromVlanResponse":{ + "type":"structure", + "members":{ + "vlan":{"shape":"Vlan"} + } + }, + "EipAssociation":{ + "type":"structure", + "members":{ + "associationId":{ + "shape":"AssociationId", + "documentation":"

A unique ID for the elastic IP address association with the VLAN subnet.

" + }, + "allocationId":{ + "shape":"AllocationId", + "documentation":"

The Elastic IP address allocation ID.

" + }, + "ipAddress":{ + "shape":"IpAddress", + "documentation":"

The Elastic IP address.

" + } + }, + "documentation":"

An Elastic IP address association with the elastic network interface in the VLAN subnet.

" + }, + "EipAssociationList":{ + "type":"list", + "member":{"shape":"EipAssociation"} + }, + "Environment":{ + "type":"structure", + "members":{ + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

The unique ID for the environment.

" + }, + "environmentState":{ + "shape":"EnvironmentState", + "documentation":"

The state of an environment.

" + }, + "stateDetails":{ + "shape":"StateDetails", + "documentation":"

A detailed description of the environmentState of an environment.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the environment was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the environment was modified.

" + }, + "environmentArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) that is associated with the environment.

" + }, + "environmentName":{ + "shape":"EnvironmentName", + "documentation":"

The name of the environment.

" + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

The VPC associated with the environment.

" + }, + "serviceAccessSubnetId":{ + "shape":"SubnetId", + "documentation":"

The subnet that is used to establish connectivity between the Amazon EVS control plane and VPC. Amazon EVS uses this subnet to perform validations and create the environment.

" + }, + "vcfVersion":{ + "shape":"VcfVersion", + "documentation":"

The VCF version of the environment.

" + }, + "termsAccepted":{ + "shape":"Boolean", + "documentation":"

Customer confirmation that the customer has purchased and will continue to maintain the required number of VCF software licenses to cover all physical processor cores in the Amazon EVS environment. Information about your VCF software in Amazon EVS will be shared with Broadcom to verify license compliance. Amazon EVS does not validate license keys. To validate license keys, visit the Broadcom support portal.

" + }, + "licenseInfo":{ + "shape":"LicenseInfoList", + "documentation":"

The license information that Amazon EVS requires to create an environment. Amazon EVS requires two license keys: a VCF solution key and a vSAN license key. The VCF solution key must cover a minimum of 256 cores. The vSAN license key must provide at least 110 TiB of vSAN capacity.

" + }, + "siteId":{ + "shape":"String", + "documentation":"

The Broadcom Site ID that is associated with your Amazon EVS environment. Amazon EVS uses the Broadcom Site ID that you provide to meet Broadcom VCF license usage reporting requirements for Amazon EVS.

" + }, + "environmentStatus":{ + "shape":"CheckResult", + "documentation":"

Reports impaired functionality that stems from issues internal to the environment, such as impaired reachability.

" + }, + "checks":{ + "shape":"ChecksList", + "documentation":"

A check on the environment to identify instance health and VMware VCF licensing issues.

" + }, + "connectivityInfo":{ + "shape":"ConnectivityInfo", + "documentation":"

The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX uplink VLAN for connectivity to the NSX overlay network.

" + }, + "vcfHostnames":{ + "shape":"VcfHostnames", + "documentation":"

The DNS hostnames to be used by the VCF management appliances in your environment.

For environment creation to be successful, each hostname entry must resolve to a domain name that you've registered in your DNS service of choice and configured in the DHCP option set of your VPC. DNS hostnames cannot be changed after environment creation has started.

" + }, + "kmsKeyId":{ + "shape":"String", + "documentation":"

The Amazon Web Services KMS key ID that Amazon Web Services Secrets Manager uses to encrypt secrets that are associated with the environment. These secrets contain the VCF credentials that are needed to install vCenter Server, NSX, and SDDC Manager.

By default, Amazon EVS use the Amazon Web Services Secrets Manager managed key aws/secretsmanager. You can also specify a customer managed key.

" + }, + "serviceAccessSecurityGroups":{ + "shape":"ServiceAccessSecurityGroups", + "documentation":"

The security groups that allow traffic between the Amazon EVS control plane and your VPC for service access. If a security group is not specified, Amazon EVS uses the default security group in your account for service access.

" + }, + "credentials":{ + "shape":"SecretList", + "documentation":"

The VCF credentials that are stored as Amazon EVS managed secrets in Amazon Web Services Secrets Manager.

Amazon EVS stores credentials that are needed to install vCenter Server, NSX, and SDDC Manager.

" + } + }, + "documentation":"

An object that represents an Amazon EVS environment.

" + }, + "EnvironmentId":{ + "type":"string", + "pattern":"(env-[a-zA-Z0-9]{10})" + }, + "EnvironmentName":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9_-]+" + }, + "EnvironmentState":{ + "type":"string", + "enum":[ + "CREATING", + "CREATED", + "DELETING", + "DELETED", + "CREATE_FAILED" + ] + }, + "EnvironmentStateList":{ + "type":"list", + "member":{"shape":"EnvironmentState"} + }, + "EnvironmentSummary":{ + "type":"structure", + "members":{ + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment.

" + }, + "environmentName":{ + "shape":"EnvironmentName", + "documentation":"

The name of the environment.

" + }, + "vcfVersion":{ + "shape":"VcfVersion", + "documentation":"

The VCF version of the environment.

" + }, + "environmentStatus":{ + "shape":"CheckResult", + "documentation":"

Reports impaired functionality that stems from issues internal to the environment, such as impaired reachability.

" + }, + "environmentState":{ + "shape":"EnvironmentState", + "documentation":"

The state of an environment.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the environment was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the environment was modified.

" + }, + "environmentArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) that is associated with the environment.

" + } + }, + "documentation":"

A list of environments with summarized environment details.

" + }, + "EnvironmentSummaryList":{ + "type":"list", + "member":{"shape":"EnvironmentSummary"} + }, + "GetEnvironmentRequest":{ + "type":"structure", + "required":["environmentId"], + "members":{ + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment.

" + } + } + }, + "GetEnvironmentResponse":{ + "type":"structure", + "members":{ + "environment":{ + "shape":"Environment", + "documentation":"

A description of the requested environment.

" + } + } + }, + "Host":{ + "type":"structure", + "members":{ + "hostName":{ + "shape":"HostName", + "documentation":"

The DNS hostname of the host. DNS hostnames for hosts must be unique across Amazon EVS environments and within VCF.

" + }, + "ipAddress":{ + "shape":"IpAddress", + "documentation":"

The IP address of the host.

" + }, + "keyName":{ + "shape":"KeyName", + "documentation":"

The name of the SSH key that is used to access the host.

" + }, + "instanceType":{ + "shape":"InstanceType", + "documentation":"

The EC2 instance type of the host.

EC2 instances created through Amazon EVS do not support associating an IAM instance profile.

" + }, + "placementGroupId":{ + "shape":"PlacementGroupId", + "documentation":"

The unique ID of the placement group where the host is placed.

" + }, + "dedicatedHostId":{ + "shape":"DedicatedHostId", + "documentation":"

The unique ID of the Amazon EC2 Dedicated Host.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the host was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the host was modified.

" + }, + "hostState":{ + "shape":"HostState", + "documentation":"

The state of the host.

" + }, + "stateDetails":{ + "shape":"StateDetails", + "documentation":"

A detailed description of the hostState of a host.

" + }, + "ec2InstanceId":{ + "shape":"String", + "documentation":"

The unique ID of the EC2 instance that represents the host.

" + }, + "networkInterfaces":{ + "shape":"NetworkInterfaceList", + "documentation":"

The elastic network interfaces that are attached to the host.

" + } + }, + "documentation":"

An ESXi host that runs on an Amazon EC2 bare metal instance. Four hosts are created in an Amazon EVS environment during environment creation. You can add hosts to an environment using the CreateEnvironmentHost operation. Amazon EVS supports 4-16 hosts per environment.

" + }, + "HostInfoForCreate":{ + "type":"structure", + "required":[ + "hostName", + "keyName", + "instanceType" + ], + "members":{ + "hostName":{ + "shape":"HostName", + "documentation":"

The DNS hostname of the host. DNS hostnames for hosts must be unique across Amazon EVS environments and within VCF.

" + }, + "keyName":{ + "shape":"KeyName", + "documentation":"

The name of the SSH key that is used to access the host.

" + }, + "instanceType":{ + "shape":"InstanceType", + "documentation":"

The EC2 instance type that represents the host.

" + }, + "placementGroupId":{ + "shape":"PlacementGroupId", + "documentation":"

The unique ID of the placement group where the host is placed.

" + }, + "dedicatedHostId":{ + "shape":"DedicatedHostId", + "documentation":"

The unique ID of the Amazon EC2 Dedicated Host.

" + } + }, + "documentation":"

An object that represents a host.

You cannot use dedicatedHostId and placementGroupId together in the same HostInfoForCreateobject. This results in a ValidationException response.

" + }, + "HostInfoForCreateList":{ + "type":"list", + "member":{"shape":"HostInfoForCreate"}, + "max":4, + "min":4 + }, + "HostList":{ + "type":"list", + "member":{"shape":"Host"} + }, + "HostName":{ + "type":"string", + "pattern":"([a-zA-Z0-9\\-]*)" + }, + "HostState":{ + "type":"string", + "enum":[ + "CREATING", + "CREATED", + "UPDATING", + "DELETING", + "DELETED", + "CREATE_FAILED", + "UPDATE_FAILED" + ] + }, + "InitialVlanInfo":{ + "type":"structure", + "required":["cidr"], + "members":{ + "cidr":{ + "shape":"Cidr", + "documentation":"

The CIDR block that you provide to create an Amazon EVS VLAN subnet. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.

" + } + }, + "documentation":"

An object that represents an initial VLAN subnet for the Amazon EVS environment. Amazon EVS creates initial VLAN subnets when you first create the environment. Amazon EVS creates the following 10 VLAN subnets: host management VLAN, vMotion VLAN, vSAN VLAN, VTEP VLAN, Edge VTEP VLAN, Management VM VLAN, HCX uplink VLAN, NSX uplink VLAN, expansion VLAN 1, expansion VLAN 2.

For each Amazon EVS VLAN subnet, you must specify a non-overlapping CIDR block. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24.

" + }, + "InitialVlans":{ + "type":"structure", + "required":[ + "vmkManagement", + "vmManagement", + "vMotion", + "vSan", + "vTep", + "edgeVTep", + "nsxUplink", + "hcx", + "expansionVlan1", + "expansionVlan2" + ], + "members":{ + "vmkManagement":{ + "shape":"InitialVlanInfo", + "documentation":"

The host VMkernel management VLAN subnet. This VLAN subnet carries traffic for managing ESXi hosts and communicating with VMware vCenter Server.

" + }, + "vmManagement":{ + "shape":"InitialVlanInfo", + "documentation":"

The VM management VLAN subnet. This VLAN subnet carries traffic for vSphere virtual machines.

" + }, + "vMotion":{ + "shape":"InitialVlanInfo", + "documentation":"

The vMotion VLAN subnet. This VLAN subnet carries traffic for vSphere vMotion.

" + }, + "vSan":{ + "shape":"InitialVlanInfo", + "documentation":"

The vSAN VLAN subnet. This VLAN subnet carries the communication between ESXi hosts to implement a vSAN shared storage pool.

" + }, + "vTep":{ + "shape":"InitialVlanInfo", + "documentation":"

The VTEP VLAN subnet. This VLAN subnet handles internal network traffic between virtual machines within a VCF instance.

" + }, + "edgeVTep":{ + "shape":"InitialVlanInfo", + "documentation":"

The edge VTEP VLAN subnet. This VLAN subnet manages traffic flowing between the internal network and external networks, including internet access and other site connections.

" + }, + "nsxUplink":{ + "shape":"InitialVlanInfo", + "documentation":"

The NSX uplink VLAN subnet. This VLAN subnet allows connectivity to the NSX overlay network.

" + }, + "hcx":{ + "shape":"InitialVlanInfo", + "documentation":"

The HCX VLAN subnet. This VLAN subnet allows the HCX Interconnnect (IX) and HCX Network Extension (NE) to reach their peers and enable HCX Service Mesh creation.

If you plan to use a public HCX VLAN subnet, the following requirements must be met:

  • Must have a /28 netmask and be allocated from the IPAM public pool. Required for HCX internet access configuration.

  • The HCX public VLAN CIDR block must be added to the VPC as a secondary CIDR block.

  • Must have at least three Elastic IP addresses to be allocated from the public IPAM pool for HCX components.

" + }, + "expansionVlan1":{ + "shape":"InitialVlanInfo", + "documentation":"

An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.

" + }, + "expansionVlan2":{ + "shape":"InitialVlanInfo", + "documentation":"

An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.

" + }, + "isHcxPublic":{ + "shape":"Boolean", + "documentation":"

Determines if the HCX VLAN that Amazon EVS provisions is public or private.

" + }, + "hcxNetworkAclId":{ + "shape":"NetworkAclId", + "documentation":"

A unique ID for a network access control list that the HCX VLAN uses. Required when isHcxPublic is set to true.

" + } + }, + "documentation":"

The initial VLAN subnets for the environment. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.

" + }, + "InstanceType":{ + "type":"string", + "enum":["i4i.metal"] + }, + "Integer":{ + "type":"integer", + "box":true + }, + "IpAddress":{ + "type":"string", + "pattern":"(\\d{1,3}\\.){3}\\d{1,3}" + }, + "KeyName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_-]+" + }, + "LicenseInfo":{ + "type":"structure", + "required":[ + "solutionKey", + "vsanKey" + ], + "members":{ + "solutionKey":{ + "shape":"SolutionKey", + "documentation":"

The VCF solution key. This license unlocks VMware VCF product features, including vSphere, NSX, SDDC Manager, and vCenter Server. The VCF solution key must cover a minimum of 256 cores.

" + }, + "vsanKey":{ + "shape":"VSanLicenseKey", + "documentation":"

The VSAN license key. This license unlocks vSAN features. The vSAN license key must provide at least 110 TiB of vSAN capacity.

" + } + }, + "documentation":"

The license information that Amazon EVS requires to create an environment. Amazon EVS requires two license keys: a VCF solution key and a vSAN license key.

" + }, + "LicenseInfoList":{ + "type":"list", + "member":{"shape":"LicenseInfo"}, + "max":1, + "min":1 + }, + "ListEnvironmentHostsRequest":{ + "type":"structure", + "required":["environmentId"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for each page. If nextToken is returned, there are more results available. Make the call again using the returned token with all other arguments unchanged to retrieve the next page. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return. If you specify MaxResults in the request, the response includes information up to the limit specified.

" + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment.

" + } + } + }, + "ListEnvironmentHostsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for next page results. Make the call again using this token to retrieve the next page.

" + }, + "environmentHosts":{ + "shape":"HostList", + "documentation":"

A list of hosts in the environment.

" + } + } + }, + "ListEnvironmentVlansRequest":{ + "type":"structure", + "required":["environmentId"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for each page. If nextToken is returned, there are more results available. Make the call again using the returned token with all other arguments unchanged to retrieve the next page. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return. If you specify MaxResults in the request, the response includes information up to the limit specified.

" + }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"

A unique ID for the environment.

" + } + } + }, + "ListEnvironmentVlansResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for next page results. Make the call again using this token to retrieve the next page.

" + }, + "environmentVlans":{ + "shape":"VlanList", + "documentation":"

A list of VLANs that are associated with the specified environment.

" + } + } + }, + "ListEnvironmentsRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for each page. If nextToken is returned, there are more results available. Make the call again using the returned token with all other arguments unchanged to retrieve the next page. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of results to return. If you specify MaxResults in the request, the response includes information up to the limit specified.

" + }, + "state":{ + "shape":"EnvironmentStateList", + "documentation":"

The state of an environment. Used to filter response results to return only environments with the specified environmentState.

" + } + } + }, + "ListEnvironmentsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

A unique pagination token for next page results. Make the call again using this token to retrieve the next page.

" + }, + "environmentSummaries":{ + "shape":"EnvironmentSummaryList", + "documentation":"

A list of environments with summarized environment details.

" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) that identifies the resource to list tags for.

" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"ResponseTagMap", + "documentation":"

The tags for the resource.

" + } + } + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "NetworkAclId":{ + "type":"string", + "max":21, + "min":4, + "pattern":"acl-[a-zA-Z0-9_-]+" + }, + "NetworkInterface":{ + "type":"structure", + "members":{ + "networkInterfaceId":{ + "shape":"NetworkInterfaceId", + "documentation":"

The unique ID of the elastic network interface.

" + } + }, + "documentation":"

An elastic network interface (ENI) that connects hosts to the VLAN subnets. Amazon EVS provisions two identically configured ENIs in the VMkernel management subnet during host creation. One ENI is active, and the other is in standby mode for automatic switchover during a failure scenario.

" + }, + "NetworkInterfaceId":{ + "type":"string", + "max":100, + "min":1 + }, + "NetworkInterfaceList":{ + "type":"list", + "member":{"shape":"NetworkInterface"}, + "max":2, + "min":0 + }, + "PaginationToken":{"type":"string"}, + "PlacementGroupId":{ + "type":"string", + "max":25, + "min":1, + "pattern":"pg-[a-f0-9]{8}([a-f0-9]{9})?" + }, + "RequestTagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":1 + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered.

" + }, + "resourceId":{ + "shape":"String", + "documentation":"

The ID of the resource that could not be found.

" + }, + "resourceType":{ + "shape":"String", + "documentation":"

The type of the resource that is associated with the error.

" + } + }, + "documentation":"

A service resource associated with the request could not be found. The resource might not be specified correctly, or it may have a state of DELETED.

", + "exception":true + }, + "ResponseTagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, + "RouteServerPeering":{ + "type":"string", + "max":21, + "min":3 + }, + "RouteServerPeeringList":{ + "type":"list", + "member":{"shape":"RouteServerPeering"}, + "max":2, + "min":2 + }, + "Secret":{ + "type":"structure", + "members":{ + "secretArn":{ + "shape":"String", + "documentation":"

The Amazon Resource Name (ARN) of the secret.

" + } + }, + "documentation":"

A managed secret that contains the credentials for installing vCenter Server, NSX, and SDDC Manager. During environment creation, the Amazon EVS control plane uses Amazon Web Services Secrets Manager to create, encrypt, validate, and store secrets. If you choose to delete your environment, Amazon EVS also deletes the secrets that are associated with your environment. Amazon EVS does not provide managed rotation of secrets. We recommend that you rotate secrets regularly to ensure that secrets are not long-lived.

" + }, + "SecretList":{ + "type":"list", + "member":{"shape":"Secret"} + }, + "SecurityGroupId":{ + "type":"string", + "max":25, + "min":3, + "pattern":"sg-[0-9a-zA-Z]*" + }, + "SecurityGroups":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "max":2, + "min":0 + }, + "ServiceAccessSecurityGroups":{ + "type":"structure", + "members":{ + "securityGroups":{ + "shape":"SecurityGroups", + "documentation":"

The security groups that allow service access.

" + } + }, + "documentation":"

The security groups that allow traffic between the Amazon EVS control plane and your VPC for Amazon EVS service access. If a security group is not specified, Amazon EVS uses the default security group in your account for service access.

" + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered.

" + } + }, + "documentation":"

The number of one or more Amazon EVS resources exceeds the maximum allowed. For a list of Amazon EVS quotas, see Amazon EVS endpoints and quotas in the Amazon EVS User Guide. Delete some resources or request an increase in your service quota. To request an increase, see Amazon Web Services Service Quotas in the Amazon Web Services General Reference Guide.

", + "exception":true + }, + "SolutionKey":{ + "type":"string", + "pattern":"[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}" + }, + "StateDetails":{"type":"string"}, + "String":{"type":"string"}, + "SubnetId":{ + "type":"string", + "max":24, + "min":15, + "pattern":"subnet-[a-f0-9]{8}([a-f0-9]{9})?" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\w.:/=+-@]+" + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":1 + }, + "TagPolicyException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered

" + } + }, + "documentation":"

TagPolicyException is deprecated. See ValidationException instead.

The request doesn't comply with IAM tag policy. Correct your request and then retry it.

", + "exception":true + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the resource to add tags to.

" + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other environment or Amazon Web Services resources.

" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[\\w.:/=+-@]+|" + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered.

" + }, + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"

The seconds to wait to retry.

" + } + }, + "documentation":"

The operation couldn't be performed because the service is throttling requests. This exception is thrown when there are too many requests accepted concurrently from the service endpoint.

", + "exception":true, + "retryable":{"throttling":false} + }, + "Timestamp":{"type":"timestamp"}, + "TooManyTagsException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered.

" + } + }, + "documentation":"

TooManyTagsException is deprecated. See ServiceQuotaExceededException instead.

A service resource associated with the request has more than 200 tags.

", + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"Arn", + "documentation":"

The Amazon Resource Name (ARN) of the resource to delete tags from.

" + }, + "tagKeys":{ + "shape":"TagKeys", + "documentation":"

The keys of the tags to delete.

" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "VSanLicenseKey":{ + "type":"string", + "pattern":"[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}-[a-zA-Z0-9]{5}" + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"

Describes the error encountered.

" + }, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

The reason for the exception.

" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

A list of fields that didn't validate.

" + } + }, + "documentation":"

The input fails to satisfy the specified constraints. You will see this exception if invalid inputs are provided for any of the Amazon EVS environment operations, or if a list operation is performed on an environment resource that is still initializing.

", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

The field name.

" + }, + "message":{ + "shape":"String", + "documentation":"

A message describing why the field failed validation.

" + } + }, + "documentation":"

Stores information about a field passed inside a request that resulted in an exception.

" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "unknownOperation", + "cannotParse", + "fieldValidationFailed", + "other" + ] + }, + "VcfHostnames":{ + "type":"structure", + "required":[ + "vCenter", + "nsx", + "nsxManager1", + "nsxManager2", + "nsxManager3", + "nsxEdge1", + "nsxEdge2", + "sddcManager", + "cloudBuilder" + ], + "members":{ + "vCenter":{ + "shape":"HostName", + "documentation":"

The VMware vCenter hostname.

" + }, + "nsx":{ + "shape":"HostName", + "documentation":"

The VMware NSX hostname.

" + }, + "nsxManager1":{ + "shape":"HostName", + "documentation":"

The hostname for the first VMware NSX Manager virtual machine (VM).

" + }, + "nsxManager2":{ + "shape":"HostName", + "documentation":"

The hostname for the second VMware NSX Manager virtual machine (VM).

" + }, + "nsxManager3":{ + "shape":"HostName", + "documentation":"

The hostname for the third VMware NSX Manager virtual machine (VM).

" + }, + "nsxEdge1":{ + "shape":"HostName", + "documentation":"

The hostname for the first NSX Edge node.

" + }, + "nsxEdge2":{ + "shape":"HostName", + "documentation":"

The hostname for the second NSX Edge node.

" + }, + "sddcManager":{ + "shape":"HostName", + "documentation":"

The hostname for SDDC Manager.

" + }, + "cloudBuilder":{ + "shape":"HostName", + "documentation":"

The hostname for VMware Cloud Builder.

" + } + }, + "documentation":"

The DNS hostnames that Amazon EVS uses to install VMware vCenter Server, NSX, SDDC Manager, and Cloud Builder. Each hostname must be unique, and resolve to a domain name that you've registered in your DNS service of choice. Hostnames cannot be changed.

VMware VCF requires the deployment of two NSX Edge nodes, and three NSX Manager virtual machines.

" + }, + "VcfVersion":{ + "type":"string", + "enum":["VCF-5.2.1"] + }, + "Vlan":{ + "type":"structure", + "members":{ + "vlanId":{ + "shape":"VlanId", + "documentation":"

The unique ID of the VLAN.

" + }, + "cidr":{ + "shape":"Cidr", + "documentation":"

The CIDR block of the VLAN. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24.

" + }, + "availabilityZone":{ + "shape":"String", + "documentation":"

The availability zone of the VLAN.

" + }, + "functionName":{ + "shape":"String", + "documentation":"

The VMware VCF traffic type that is carried over the VLAN. For example, a VLAN with a functionName of hcx is being used to carry VMware HCX traffic.

" + }, + "subnetId":{ + "shape":"SubnetId", + "documentation":"

The unique ID of the VLAN subnet.

" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the VLAN was created.

" + }, + "modifiedAt":{ + "shape":"Timestamp", + "documentation":"

The date and time that the VLAN was modified.

" + }, + "vlanState":{ + "shape":"VlanState", + "documentation":"

The state of the VLAN.

" + }, + "stateDetails":{ + "shape":"StateDetails", + "documentation":"

The state details of the VLAN.

" + }, + "eipAssociations":{ + "shape":"EipAssociationList", + "documentation":"

An array of Elastic IP address associations.

" + }, + "isPublic":{ + "shape":"Boolean", + "documentation":"

Determines if the VLAN that Amazon EVS provisions is public or private.

" + }, + "networkAclId":{ + "shape":"NetworkAclId", + "documentation":"

A unique ID for a network access control list.

" + } + }, + "documentation":"

The VLANs that Amazon EVS creates during environment creation.

" + }, + "VlanId":{ + "type":"integer", + "box":true + }, + "VlanList":{ + "type":"list", + "member":{"shape":"Vlan"} + }, + "VlanState":{ + "type":"string", + "enum":[ + "CREATING", + "CREATED", + "DELETING", + "DELETED", + "CREATE_FAILED" + ] + }, + "VpcId":{ + "type":"string", + "max":21, + "min":12, + "pattern":"vpc-[a-f0-9]{8}([a-f0-9]{9})?" + } + }, + "documentation":"

Amazon Elastic VMware Service (Amazon EVS) is a service that you can use to deploy a VMware Cloud Foundation (VCF) software environment directly on EC2 bare metal instances within an Amazon Virtual Private Cloud (VPC).

Workloads running on Amazon EVS are fully compatible with workloads running on any standard VMware vSphere environment. This means that you can migrate any VMware-based workload to Amazon EVS without workload modification.

" +} diff -pruN 2.23.6-1/awscli/botocore/data/evs/2023-07-27/waiters-2.json 2.31.35-1/awscli/botocore/data/evs/2023-07-27/waiters-2.json --- 2.23.6-1/awscli/botocore/data/evs/2023-07-27/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/evs/2023-07-27/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/finspace/2021-03-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/finspace/2021-03-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/finspace/2021-03-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/finspace/2021-03-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/finspace/2021-03-12/service-2.json 2.31.35-1/awscli/botocore/data/finspace/2021-03-12/service-2.json --- 2.23.6-1/awscli/botocore/data/finspace/2021-03-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/finspace/2021-03-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1976,8 +1976,7 @@ }, "DeleteEnvironmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxClusterNodeRequest":{ "type":"structure", @@ -2009,8 +2008,7 @@ }, "DeleteKxClusterNodeResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxClusterRequest":{ "type":"structure", @@ -2042,8 +2040,7 @@ }, "DeleteKxClusterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxDatabaseRequest":{ "type":"structure", @@ -2076,8 +2073,7 @@ }, "DeleteKxDatabaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxDataviewRequest":{ "type":"structure", @@ -2117,8 +2113,7 @@ }, "DeleteKxDataviewResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxEnvironmentRequest":{ "type":"structure", @@ -2141,8 +2136,7 @@ }, "DeleteKxEnvironmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxScalingGroupRequest":{ "type":"structure", @@ -2174,8 +2168,7 @@ }, "DeleteKxScalingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxUserRequest":{ "type":"structure", @@ -2207,8 +2200,7 @@ }, "DeleteKxUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKxVolumeRequest":{ "type":"structure", @@ -2240,8 +2232,7 @@ }, "DeleteKxVolumeResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -4808,8 +4799,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4891,8 +4881,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEnvironmentRequest":{ "type":"structure", @@ -4970,8 +4959,7 @@ }, "UpdateKxClusterCodeConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateKxClusterDatabasesRequest":{ "type":"structure", @@ -5010,8 +4998,7 @@ }, "UpdateKxClusterDatabasesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateKxDatabaseRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/finspace-data/2020-07-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/finspace-data/2020-07-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/finspace-data/2020-07-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/finspace-data/2020-07-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/finspace-data/2020-07-13/service-2.json 2.31.35-1/awscli/botocore/data/finspace-data/2020-07-13/service-2.json --- 2.23.6-1/awscli/botocore/data/finspace-data/2020-07-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/finspace-data/2020-07-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"finspace-api", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"FinSpace Data", "serviceFullName":"FinSpace Public API", "serviceId":"finspace data", "signatureVersion":"v4", "signingName":"finspace-api", - "uid":"finspace-2020-07-13" + "uid":"finspace-2020-07-13", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateUserToPermissionGroup":{ @@ -2594,8 +2596,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

The request was denied due to request throttling.

", "error":{"httpStatusCode":429}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/firehose/2015-08-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/firehose/2015-08-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/firehose/2015-08-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/firehose/2015-08-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/firehose/2015-08-04/service-2.json 2.31.35-1/awscli/botocore/data/firehose/2015-08-04/service-2.json --- 2.23.6-1/awscli/botocore/data/firehose/2015-08-04/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/firehose/2015-08-04/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,7 +29,7 @@ {"shape":"ResourceInUseException"}, {"shape":"InvalidKMSResourceException"} ], - "documentation":"

Creates a Firehose stream.

By default, you can create up to 50 Firehose streams per Amazon Web Services Region.

This is an asynchronous operation that immediately returns. The initial status of the Firehose stream is CREATING. After the Firehose stream is created, its status is ACTIVE and it now accepts data. If the Firehose stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a Firehose stream, use DescribeDeliveryStream.

If the status of a Firehose stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.

A Firehose stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.

To create a Firehose stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing Firehose stream that doesn't have SSE enabled.

A Firehose stream is configured with a single destination, such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by or supported by third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.

When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.

A few notes about Amazon Redshift as a destination:

  • An Amazon Redshift destination requires an S3 bucket as intermediate location. Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.

  • The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.

  • We strongly recommend that you use the user name and password you provide exclusively with Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.

Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Firehose Access to an Amazon S3 Destination in the Amazon Firehose Developer Guide.

" + "documentation":"

Creates a Firehose stream.

By default, you can create up to 5,000 Firehose streams per Amazon Web Services Region.

This is an asynchronous operation that immediately returns. The initial status of the Firehose stream is CREATING. After the Firehose stream is created, its status is ACTIVE and it now accepts data. If the Firehose stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a Firehose stream, use DescribeDeliveryStream.

If the status of a Firehose stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.

A Firehose stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.

To create a Firehose stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing Firehose stream that doesn't have SSE enabled.

A Firehose stream is configured with a single destination, such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by or supported by third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.

When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.

A few notes about Amazon Redshift as a destination:

  • An Amazon Redshift destination requires an S3 bucket as intermediate location. Firehose first delivers data to Amazon S3 and then uses COPY syntax to load data into an Amazon Redshift table. This is specified in the RedshiftDestinationConfiguration.S3Configuration parameter.

  • The compression formats SNAPPY or ZIP cannot be specified in RedshiftDestinationConfiguration.S3Configuration because the Amazon Redshift COPY operation that reads from the S3 bucket doesn't support these compression formats.

  • We strongly recommend that you use the user name and password you provide exclusively with Firehose, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.

Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Firehose Access to an Amazon S3 Destination in the Amazon Firehose Developer Guide.

" }, "DeleteDeliveryStream":{ "name":"DeleteDeliveryStream", @@ -648,7 +648,7 @@ }, "WarehouseLocation":{ "shape":"WarehouseLocation", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The warehouse location for Apache Iceberg tables. You must configure this when schema evolution and table creation is enabled.

Amazon Data Firehose is in preview release and is subject to change.

" } }, "documentation":"

Describes the containers where the destination Apache Iceberg Tables are persisted.

" @@ -754,6 +754,10 @@ "shape":"DeliveryStreamType", "documentation":"

The Firehose stream type. This parameter can be one of the following values:

  • DirectPut: Provider applications access the Firehose stream directly.

  • KinesisStreamAsSource: The Firehose stream uses a Kinesis data stream as a source.

" }, + "DirectPutSourceConfiguration":{ + "shape":"DirectPutSourceConfiguration", + "documentation":"

The structure that configures parameters such as ThroughputHintInMBs for a stream configured with Direct PUT as a source.

" + }, "KinesisStreamSourceConfiguration":{ "shape":"KinesisStreamSourceConfiguration", "documentation":"

When a Kinesis data stream is used as the source for the Firehose stream, a KinesisStreamSourceConfiguration containing the Kinesis data stream Amazon Resource Name (ARN) and the role ARN for the source stream.

" @@ -777,7 +781,7 @@ }, "ElasticsearchDestinationConfiguration":{ "shape":"ElasticsearchDestinationConfiguration", - "documentation":"

The destination in Amazon ES. You can specify only one destination.

" + "documentation":"

The destination in Amazon OpenSearch Service. You can specify only one destination.

" }, "AmazonopensearchserviceDestinationConfiguration":{ "shape":"AmazonopensearchserviceDestinationConfiguration", @@ -793,7 +797,7 @@ }, "Tags":{ "shape":"TagDeliveryStreamInputTagList", - "documentation":"

A set of tags to assign to the Firehose stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the Firehose stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a Firehose stream.

If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose performs an additional authorization on the firehose:TagDeliveryStream action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose Firehose streams with IAM resource tags will fail with an AccessDeniedException such as following.

AccessDeniedException

User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.

For an example IAM policy, see Tag example.

" + "documentation":"

A set of tags to assign to the Firehose stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the Firehose stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a Firehose stream.

If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose performs an additional authorization on the firehose:TagDeliveryStream action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose streams with IAM resource tags will fail with an AccessDeniedException such as following.

AccessDeniedException

User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.

For an example IAM policy, see Tag example.

" }, "AmazonOpenSearchServerlessDestinationConfiguration":{ "shape":"AmazonOpenSearchServerlessDestinationConfiguration", @@ -810,7 +814,7 @@ }, "DatabaseSourceConfiguration":{ "shape":"DatabaseSourceConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The top level object for configuring streams with database as a source.

Amazon Data Firehose is in preview release and is subject to change.

" } } }, @@ -877,14 +881,14 @@ "members":{ "Include":{ "shape":"DatabaseColumnIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of column patterns in source database to be included for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Exclude":{ "shape":"DatabaseColumnIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of column patterns in source database to be excluded for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure used to configure the list of column patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseColumnName":{ "type":"string", @@ -907,14 +911,14 @@ "members":{ "Include":{ "shape":"DatabaseIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of database patterns in source database endpoint to be included for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Exclude":{ "shape":"DatabaseIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of database patterns in source database endpoint to be excluded for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure used to configure the list of database patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseName":{ "type":"string", @@ -939,27 +943,27 @@ "members":{ "Id":{ "shape":"NonEmptyStringWithoutWhitespace", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The identifier of the current snapshot of the table in source database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Table":{ "shape":"DatabaseTableName", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The fully qualified name of the table in source database endpoint that Firehose reads.

Amazon Data Firehose is in preview release and is subject to change.

" }, "RequestTimestamp":{ "shape":"Timestamp", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The timestamp when the current snapshot is taken on the table.

Amazon Data Firehose is in preview release and is subject to change.

" }, "RequestedBy":{ "shape":"SnapshotRequestedBy", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The principal that sent the request to take the current snapshot on the table.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Status":{ "shape":"SnapshotStatus", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The status of the current snapshot of the table.

Amazon Data Firehose is in preview release and is subject to change.

" }, "FailureDescription":{"shape":"FailureDescription"} }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure that describes the snapshot information of a table in source database endpoint that Firehose reads.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSnapshotInfoList":{ "type":"list", @@ -971,7 +975,7 @@ "members":{ "SecretsManagerConfiguration":{"shape":"SecretsManagerConfiguration"} }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure to configure the authentication methods for Firehose to connect to source database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceConfiguration":{ "type":"structure", @@ -988,104 +992,104 @@ "members":{ "Type":{ "shape":"DatabaseType", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The type of database engine. This can be one of the following values.

  • MySQL

  • PostgreSQL

Amazon Data Firehose is in preview release and is subject to change.

" }, "Endpoint":{ "shape":"DatabaseEndpoint", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The endpoint of the database server.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Port":{ "shape":"DatabasePort", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The port of the database. This can be one of the following values.

  • 3306 for MySQL database type

  • 5432 for PostgreSQL database type

Amazon Data Firehose is in preview release and is subject to change.

" }, "SSLMode":{ "shape":"SSLMode", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The mode to enable or disable SSL when Firehose connects to the database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Databases":{ "shape":"DatabaseList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of database patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Tables":{ "shape":"DatabaseTableList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of table patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Columns":{ "shape":"DatabaseColumnList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of column patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SurrogateKeys":{ "shape":"DatabaseSurrogateKeyList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The optional list of table and column names used as unique key columns when taking snapshot if the tables don’t have primary keys configured.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SnapshotWatermarkTable":{ "shape":"DatabaseTableName", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The fully qualified name of the table in source database endpoint that Firehose uses to track snapshot progress.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceAuthenticationConfiguration":{ "shape":"DatabaseSourceAuthenticationConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure to configure the authentication methods for Firehose to connect to source database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceVPCConfiguration":{ "shape":"DatabaseSourceVPCConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The details of the VPC Endpoint Service which Firehose uses to create a PrivateLink to the database.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The top level object for configuring streams with database as a source.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceDescription":{ "type":"structure", "members":{ "Type":{ "shape":"DatabaseType", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The type of database engine. This can be one of the following values.

  • MySQL

  • PostgreSQL

Amazon Data Firehose is in preview release and is subject to change.

" }, "Endpoint":{ "shape":"DatabaseEndpoint", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The endpoint of the database server.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Port":{ "shape":"DatabasePort", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The port of the database. This can be one of the following values.

  • 3306 for MySQL database type

  • 5432 for PostgreSQL database type

Amazon Data Firehose is in preview release and is subject to change.

" }, "SSLMode":{ "shape":"SSLMode", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The mode to enable or disable SSL when Firehose connects to the database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Databases":{ "shape":"DatabaseList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of database patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Tables":{ "shape":"DatabaseTableList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of table patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Columns":{ "shape":"DatabaseColumnList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of column patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SurrogateKeys":{ "shape":"DatabaseColumnIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The optional list of table and column names used as unique key columns when taking snapshot if the tables don’t have primary keys configured.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SnapshotWatermarkTable":{ "shape":"DatabaseTableName", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The fully qualified name of the table in source database endpoint that Firehose uses to track snapshot progress.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SnapshotInfo":{ "shape":"DatabaseSnapshotInfoList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure that describes the snapshot information of a table in source database endpoint that Firehose reads.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceAuthenticationConfiguration":{ "shape":"DatabaseSourceAuthenticationConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure to configure the authentication methods for Firehose to connect to source database endpoint.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceVPCConfiguration":{ "shape":"DatabaseSourceVPCConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The details of the VPC Endpoint Service which Firehose uses to create a PrivateLink to the database.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The top level object for database source description.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSourceVPCConfiguration":{ "type":"structure", @@ -1093,10 +1097,10 @@ "members":{ "VpcEndpointServiceName":{ "shape":"VpcEndpointServiceName", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The VPC endpoint service name which Firehose uses to create a PrivateLink to the database. The endpoint service must have the Firehose service principle firehose.amazonaws.com as an allowed principal on the VPC endpoint service. The VPC endpoint service name is a string that looks like com.amazonaws.vpce.<region>.<vpc-endpoint-service-id>.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure for details of the VPC Endpoint Service which Firehose uses to create a PrivateLink to the database.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseSurrogateKeyList":{ "type":"list", @@ -1111,14 +1115,14 @@ "members":{ "Include":{ "shape":"DatabaseTableIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of table patterns in source database endpoint to be included for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Exclude":{ "shape":"DatabaseTableIncludeOrExcludeList", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The list of table patterns in source database endpoint to be excluded for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The structure used to configure the list of table patterns in source database endpoint for Firehose to read from.

Amazon Data Firehose is in preview release and is subject to change.

" }, "DatabaseTableName":{ "type":"string", @@ -1156,8 +1160,7 @@ }, "DeleteDeliveryStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeliveryStartTimestamp":{"type":"timestamp"}, "DeliveryStreamARN":{ @@ -1403,7 +1406,7 @@ }, "ElasticsearchDestinationDescription":{ "shape":"ElasticsearchDestinationDescription", - "documentation":"

The destination in Amazon ES.

" + "documentation":"

The destination in Amazon OpenSearch Service.

" }, "AmazonopensearchserviceDestinationDescription":{ "shape":"AmazonopensearchserviceDestinationDescription", @@ -1463,7 +1466,7 @@ }, "PartitionSpec":{ "shape":"PartitionSpec", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The partition spec configuration for a table that is used by automatic table creation.

Amazon Data Firehose is in preview release and is subject to change.

" }, "S3ErrorOutputPrefix":{ "shape":"ErrorOutputPrefix", @@ -1476,6 +1479,27 @@ "type":"list", "member":{"shape":"DestinationTableConfiguration"} }, + "DirectPutSourceConfiguration":{ + "type":"structure", + "required":["ThroughputHintInMBs"], + "members":{ + "ThroughputHintInMBs":{ + "shape":"ThroughputHintInMBs", + "documentation":"

The value that you configure for this parameter is for information purpose only and does not affect Firehose delivery throughput limit. You can use the Firehose Limits form to request a throughput limit increase.

" + } + }, + "documentation":"

The structure that configures parameters such as ThroughputHintInMBs for a stream configured with Direct PUT as a source.

" + }, + "DirectPutSourceDescription":{ + "type":"structure", + "members":{ + "ThroughputHintInMBs":{ + "shape":"ThroughputHintInMBs", + "documentation":"

The value that you configure for this parameter is for information purpose only and does not affect Firehose delivery throughput limit. You can use the Firehose Limits form to request a throughput limit increase.

" + } + }, + "documentation":"

The structure that configures parameters such as ThroughputHintInMBs for a stream configured with Direct PUT as a source.

" + }, "DocumentIdOptions":{ "type":"structure", "required":["DefaultDocumentIdFormat"], @@ -1496,7 +1520,7 @@ }, "Enabled":{ "shape":"BooleanObject", - "documentation":"

Specifies that the dynamic partitioning is enabled for this Firehose Firehose stream.

" + "documentation":"

Specifies that the dynamic partitioning is enabled for this Firehose stream.

" } }, "documentation":"

The configuration of the dynamic partitioning mechanism that creates smaller data sets from the streaming data by partitioning it based on partition keys. Currently, dynamic partitioning is only supported for Amazon S3 destinations.

" @@ -1513,7 +1537,7 @@ "documentation":"

Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.

We recommend setting this parameter to a value greater than the amount of data you typically ingest into the Firehose stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher.

" } }, - "documentation":"

Describes the buffering to perform before delivering data to the Amazon ES destination.

" + "documentation":"

Describes the buffering to perform before delivering data to the Amazon OpenSearch Service destination.

" }, "ElasticsearchBufferingIntervalInSeconds":{ "type":"integer", @@ -1541,11 +1565,11 @@ "members":{ "RoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling the Amazon OpenSearch Service Configuration API and for indexing documents. For more information, see Grant Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

" }, "DomainARN":{ "shape":"ElasticsearchDomainARN", - "documentation":"

The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Specify either ClusterEndpoint or DomainARN.

" + "documentation":"

The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Specify either ClusterEndpoint or DomainARN.

" }, "ClusterEndpoint":{ "shape":"ElasticsearchClusterEndpoint", @@ -1561,7 +1585,7 @@ }, "IndexRotationPeriod":{ "shape":"ElasticsearchIndexRotationPeriod", - "documentation":"

The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate the expiration of old data. For more information, see Index Rotation for the Amazon ES Destination. The default value is OneDay.

" + "documentation":"

The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate the expiration of old data. For more information, see Index Rotation for the Amazon OpenSearch Service Destination. The default value is OneDay.

" }, "BufferingHints":{ "shape":"ElasticsearchBufferingHints", @@ -1569,11 +1593,11 @@ }, "RetryOptions":{ "shape":"ElasticsearchRetryOptions", - "documentation":"

The retry behavior in case Firehose is unable to deliver documents to Amazon ES. The default value is 300 (5 minutes).

" + "documentation":"

The retry behavior in case Firehose is unable to deliver documents to Amazon OpenSearch Service. The default value is 300 (5 minutes).

" }, "S3BackupMode":{ "shape":"ElasticsearchS3BackupMode", - "documentation":"

Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/ appended to the key prefix. When set to AllDocuments, Firehose delivers all incoming records to Amazon S3, and also writes failed documents with AmazonOpenSearchService-failed/ appended to the prefix. For more information, see Amazon S3 Backup for the Amazon ES Destination. Default value is FailedDocumentsOnly.

You can't change this backup mode after you create the Firehose stream.

" + "documentation":"

Defines how documents should be delivered to Amazon S3. When it is set to FailedDocumentsOnly, Firehose writes any documents that could not be indexed to the configured Amazon S3 destination, with AmazonOpenSearchService-failed/ appended to the key prefix. When set to AllDocuments, Firehose delivers all incoming records to Amazon S3, and also writes failed documents with AmazonOpenSearchService-failed/ appended to the prefix. For more information, see Amazon S3 Backup for the Amazon OpenSearch Service Destination. Default value is FailedDocumentsOnly.

You can't change this backup mode after you create the Firehose stream.

" }, "S3Configuration":{ "shape":"S3DestinationConfiguration", @@ -1596,7 +1620,7 @@ "documentation":"

Indicates the method for setting up document ID. The supported methods are Firehose generated document ID and OpenSearch Service generated document ID.

" } }, - "documentation":"

Describes the configuration of a destination in Amazon ES.

" + "documentation":"

Describes the configuration of a destination in Amazon OpenSearch Service.

" }, "ElasticsearchDestinationDescription":{ "type":"structure", @@ -1607,11 +1631,11 @@ }, "DomainARN":{ "shape":"ElasticsearchDomainARN", - "documentation":"

The ARN of the Amazon ES domain. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Firehose uses either ClusterEndpoint or DomainARN to send data to Amazon ES.

" + "documentation":"

The ARN of the Amazon OpenSearch Service domain. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Firehose uses either ClusterEndpoint or DomainARN to send data to Amazon OpenSearch Service.

" }, "ClusterEndpoint":{ "shape":"ElasticsearchClusterEndpoint", - "documentation":"

The endpoint to use when communicating with the cluster. Firehose uses either this ClusterEndpoint or the DomainARN field to send data to Amazon ES.

" + "documentation":"

The endpoint to use when communicating with the cluster. Firehose uses either this ClusterEndpoint or the DomainARN field to send data to Amazon OpenSearch Service.

" }, "IndexName":{ "shape":"ElasticsearchIndexName", @@ -1631,7 +1655,7 @@ }, "RetryOptions":{ "shape":"ElasticsearchRetryOptions", - "documentation":"

The Amazon ES retry options.

" + "documentation":"

The Amazon OpenSearch Service retry options.

" }, "S3BackupMode":{ "shape":"ElasticsearchS3BackupMode", @@ -1658,18 +1682,18 @@ "documentation":"

Indicates the method for setting up document ID. The supported methods are Firehose generated document ID and OpenSearch Service generated document ID.

" } }, - "documentation":"

The destination description in Amazon ES.

" + "documentation":"

The destination description in Amazon OpenSearch Service.

" }, "ElasticsearchDestinationUpdate":{ "type":"structure", "members":{ "RoleARN":{ "shape":"RoleARN", - "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. For more information, see Grant Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

" + "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling the Amazon OpenSearch Service Configuration API and for indexing documents. For more information, see Grant Firehose Access to an Amazon S3 Destination and Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

" }, "DomainARN":{ "shape":"ElasticsearchDomainARN", - "documentation":"

The ARN of the Amazon ES domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the IAM role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Specify either ClusterEndpoint or DomainARN.

" + "documentation":"

The ARN of the Amazon OpenSearch Service domain. The IAM role must have permissions for DescribeDomain, DescribeDomains, and DescribeDomainConfig after assuming the IAM role specified in RoleARN. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.

Specify either ClusterEndpoint or DomainARN.

" }, "ClusterEndpoint":{ "shape":"ElasticsearchClusterEndpoint", @@ -1685,7 +1709,7 @@ }, "IndexRotationPeriod":{ "shape":"ElasticsearchIndexRotationPeriod", - "documentation":"

The Elasticsearch index rotation period. Index rotation appends a timestamp to IndexName to facilitate the expiration of old data. For more information, see Index Rotation for the Amazon ES Destination. Default value is OneDay.

" + "documentation":"

The Elasticsearch index rotation period. Index rotation appends a timestamp to IndexName to facilitate the expiration of old data. For more information, see Index Rotation for the Amazon OpenSearch Service Destination. Default value is OneDay.

" }, "BufferingHints":{ "shape":"ElasticsearchBufferingHints", @@ -1693,7 +1717,7 @@ }, "RetryOptions":{ "shape":"ElasticsearchRetryOptions", - "documentation":"

The retry behavior in case Firehose is unable to deliver documents to Amazon ES. The default value is 300 (5 minutes).

" + "documentation":"

The retry behavior in case Firehose is unable to deliver documents to Amazon OpenSearch Service. The default value is 300 (5 minutes).

" }, "S3Update":{ "shape":"S3DestinationUpdate", @@ -1712,7 +1736,7 @@ "documentation":"

Indicates the method for setting up document ID. The supported methods are Firehose generated document ID and OpenSearch Service generated document ID.

" } }, - "documentation":"

Describes an update for a destination in Amazon ES.

" + "documentation":"

Describes an update for a destination in Amazon OpenSearch Service.

" }, "ElasticsearchDomainARN":{ "type":"string", @@ -1746,10 +1770,10 @@ "members":{ "DurationInSeconds":{ "shape":"ElasticsearchRetryDurationInSeconds", - "documentation":"

After an initial failure to deliver to Amazon ES, the total amount of time during which Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 minutes). A value of 0 (zero) results in no retries.

" + "documentation":"

After an initial failure to deliver to Amazon OpenSearch Service, the total amount of time during which Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. Default value is 300 seconds (5 minutes). A value of 0 (zero) results in no retries.

" } }, - "documentation":"

Configures retry behavior in case Firehose is unable to deliver documents to Amazon ES.

" + "documentation":"

Configures retry behavior in case Firehose is unable to deliver documents to Amazon OpenSearch Service.

" }, "ElasticsearchS3BackupMode":{ "type":"string", @@ -2023,7 +2047,7 @@ "type":"string", "max":512, "min":1, - "pattern":"arn:.*:glue:.*:\\d{12}:catalog" + "pattern":"arn:.*:glue:.*:\\d{12}:catalog(?:(/[a-z0-9_-]+){1,2})?" }, "HECAcknowledgmentTimeoutInSeconds":{ "type":"integer", @@ -2339,11 +2363,11 @@ }, "SchemaEvolutionConfiguration":{ "shape":"SchemaEvolutionConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable automatic schema evolution.

Amazon Data Firehose is in preview release and is subject to change.

" }, "TableCreationConfiguration":{ "shape":"TableCreationConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable automatic table creation.

Amazon Data Firehose is in preview release and is subject to change.

" }, "BufferingHints":{"shape":"BufferingHints"}, "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"}, @@ -2357,6 +2381,10 @@ "shape":"RoleARN", "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling Apache Iceberg Tables.

" }, + "AppendOnly":{ + "shape":"BooleanObject", + "documentation":"

Describes whether all incoming data for this delivery stream will be append only (inserts only and not for updates and deletes) for Iceberg delivery. This feature is only applicable for Apache Iceberg Tables.

The default value is false. If you set this value to true, Firehose automatically increases the throughput limit of a stream based on the throttling levels of the stream. If you set this parameter to true for a stream with updates and deletes, you will see out of order delivery.

" + }, "CatalogConfiguration":{ "shape":"CatalogConfiguration", "documentation":"

Configuration describing where the destination Apache Iceberg Tables are persisted.

" @@ -2374,11 +2402,11 @@ }, "SchemaEvolutionConfiguration":{ "shape":"SchemaEvolutionConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The description of automatic schema evolution configuration.

Amazon Data Firehose is in preview release and is subject to change.

" }, "TableCreationConfiguration":{ "shape":"TableCreationConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The description of table creation configuration.

Amazon Data Firehose is in preview release and is subject to change.

" }, "BufferingHints":{"shape":"BufferingHints"}, "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"}, @@ -2392,6 +2420,10 @@ "shape":"RoleARN", "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling Apache Iceberg Tables.

" }, + "AppendOnly":{ + "shape":"BooleanObject", + "documentation":"

Describes whether all incoming data for this delivery stream will be append only (inserts only and not for updates and deletes) for Iceberg delivery. This feature is only applicable for Apache Iceberg Tables.

The default value is false. If you set this value to true, Firehose automatically increases the throughput limit of a stream based on the throttling levels of the stream. If you set this parameter to true for a stream with updates and deletes, you will see out of order delivery.

" + }, "CatalogConfiguration":{ "shape":"CatalogConfiguration", "documentation":"

Configuration describing where the destination Iceberg tables are persisted.

" @@ -2409,11 +2441,11 @@ }, "SchemaEvolutionConfiguration":{ "shape":"SchemaEvolutionConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable automatic schema evolution.

Amazon Data Firehose is in preview release and is subject to change.

" }, "TableCreationConfiguration":{ "shape":"TableCreationConfiguration", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable automatic table creation.

Amazon Data Firehose is in preview release and is subject to change.

" }, "BufferingHints":{"shape":"BufferingHints"}, "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"}, @@ -2427,6 +2459,10 @@ "shape":"RoleARN", "documentation":"

The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling Apache Iceberg Tables.

" }, + "AppendOnly":{ + "shape":"BooleanObject", + "documentation":"

Describes whether all incoming data for this delivery stream will be append only (inserts only and not for updates and deletes) for Iceberg delivery. This feature is only applicable for Apache Iceberg Tables.

The default value is false. If you set this value to true, Firehose automatically increases the throughput limit of a stream based on the throttling levels of the stream. If you set this parameter to true for a stream with updates and deletes, you will see out of order delivery.

" + }, "CatalogConfiguration":{ "shape":"CatalogConfiguration", "documentation":"

Configuration describing where the destination Iceberg tables are persisted.

" @@ -2544,7 +2580,7 @@ "documentation":"

Firehose starts retrieving records from the Kinesis data stream starting with this timestamp.

" } }, - "documentation":"

Details about a Kinesis data stream used as the source for a Firehose Firehose stream.

" + "documentation":"

Details about a Kinesis data stream used as the source for a Firehose stream.

" }, "LimitExceededException":{ "type":"structure", @@ -2719,7 +2755,7 @@ "documentation":"

The start date and time in UTC for the offset position within your MSK topic from where Firehose begins to read. By default, this is set to timestamp when Firehose becomes Active.

If you want to create a Firehose stream with Earliest start position from SDK or CLI, you need to set the ReadFromTimestampUTC parameter to Epoch (1970-01-01T00:00:00Z).

" } }, - "documentation":"

Details about the Amazon MSK cluster used as the source for a Firehose Firehose stream.

" + "documentation":"

Details about the Amazon MSK cluster used as the source for a Firehose stream.

" }, "NoEncryptionConfig":{ "type":"string", @@ -2893,10 +2929,10 @@ "members":{ "SourceName":{ "shape":"NonEmptyStringWithoutWhitespace", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The column name to be configured in partition spec.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

Represents a single field in a PartitionSpec.

Amazon Data Firehose is in preview release and is subject to change.

" }, "PartitionFields":{ "type":"list", @@ -2907,10 +2943,10 @@ "members":{ "Identity":{ "shape":"PartitionFields", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

List of identity transforms that performs an identity transformation. The transform takes the source value, and does not modify it. Result type is the source type.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

Represents how to produce partition data for a table. Partition data is produced by transforming columns in a table. Each column transform is represented by a named PartitionField.

Here is an example of the schema in JSON.

\"partitionSpec\": { \"identity\": [ {\"sourceName\": \"column1\"}, {\"sourceName\": \"column2\"}, {\"sourceName\": \"column3\"} ] }

Amazon Data Firehose is in preview release and is subject to change.

" }, "Password":{ "type":"string", @@ -3543,16 +3579,16 @@ "members":{ "Enabled":{ "shape":"BooleanObject", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

Specify whether you want to enable schema evolution.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable schema evolution.

Amazon Data Firehose is in preview release and is subject to change.

" }, "SecretARN":{ "type":"string", "max":2048, "min":1, - "pattern":"arn:.*:secretsmanager:[a-zA-Z0-9\\-]+:\\d{12}:secret:[a-zA-Z0-9\\-/_+=.@]+" + "pattern":"arn:.*:secretsmanager:[a-zA-Z0-9\\-]+:\\d{12}:secret:[a-zA-Z0-9\\-/_+=.@!]+" }, "SecretsManagerConfiguration":{ "type":"structure", @@ -3584,14 +3620,14 @@ "members":{ "ParquetSerDe":{ "shape":"ParquetSerDe", - "documentation":"

A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see Apache Parquet.

" + "documentation":"

A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see Apache Parquet.

" }, "OrcSerDe":{ "shape":"OrcSerDe", "documentation":"

A serializer to use for converting data to the ORC format before storing it in Amazon S3. For more information, see Apache ORC.

" } }, - "documentation":"

The serializer that you want Firehose to use to convert data to the target format before writing it to Amazon S3. Firehose supports two types of serializers: the ORC SerDe and the Parquet SerDe.

" + "documentation":"

The serializer that you want Firehose to use to convert data to the target format before writing it to Amazon S3. Firehose supports two types of serializers: the ORC SerDe and the Parquet SerDe.

" }, "ServiceUnavailableException":{ "type":"structure", @@ -3725,11 +3761,11 @@ }, "MetaDataColumnName":{ "shape":"SnowflakeMetaDataColumnName", - "documentation":"

The name of the record metadata column

" + "documentation":"

Specify a column name in the table, where the metadata information has to be loaded. When you enable this field, you will see the following column in the snowflake table, which differs based on the source type.

For Direct PUT as source

{ \"firehoseDeliveryStreamName\" : \"streamname\", \"IngestionTime\" : \"timestamp\" }

For Kinesis Data Stream as source

\"kinesisStreamName\" : \"streamname\", \"kinesisShardId\" : \"Id\", \"kinesisPartitionKey\" : \"key\", \"kinesisSequenceNumber\" : \"1234\", \"subsequenceNumber\" : \"2334\", \"IngestionTime\" : \"timestamp\" }

" }, "ContentColumnName":{ "shape":"SnowflakeContentColumnName", - "documentation":"

The name of the record content column

" + "documentation":"

The name of the record content column.

" }, "SnowflakeVpcConfiguration":{ "shape":"SnowflakeVpcConfiguration", @@ -4003,6 +4039,10 @@ "SourceDescription":{ "type":"structure", "members":{ + "DirectPutSourceDescription":{ + "shape":"DirectPutSourceDescription", + "documentation":"

Details about Direct PUT used as the source for a Firehose stream.

" + }, "KinesisStreamSourceDescription":{ "shape":"KinesisStreamSourceDescription", "documentation":"

The KinesisStreamSourceDescription value for the source Kinesis data stream.

" @@ -4013,10 +4053,10 @@ }, "DatabaseSourceDescription":{ "shape":"DatabaseSourceDescription", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

Details about a database used as the source for a Firehose stream.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Details about a Kinesis data stream used as the source for a Firehose Firehose stream.

" + "documentation":"

Details about a Kinesis data stream used as the source for a Firehose stream.

" }, "SplunkBufferingHints":{ "type":"structure", @@ -4235,8 +4275,7 @@ }, "StartDeliveryStreamEncryptionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StopDeliveryStreamEncryptionInput":{ "type":"structure", @@ -4250,8 +4289,7 @@ }, "StopDeliveryStreamEncryptionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StringWithLettersDigitsUnderscoresDots":{ "type":"string", @@ -4271,10 +4309,10 @@ "members":{ "Enabled":{ "shape":"BooleanObject", - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

Specify whether you want to enable automatic table creation.

Amazon Data Firehose is in preview release and is subject to change.

" } }, - "documentation":"

Amazon Data Firehose is in preview release and is subject to change.

" + "documentation":"

The configuration to enable automatic table creation.

Amazon Data Firehose is in preview release and is subject to change.

" }, "Tag":{ "type":"structure", @@ -4316,8 +4354,7 @@ }, "TagDeliveryStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagKey":{ "type":"string", @@ -4337,6 +4374,11 @@ "min":0, "pattern":"^[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@%]*$" }, + "ThroughputHintInMBs":{ + "type":"integer", + "max":100, + "min":1 + }, "Timestamp":{"type":"timestamp"}, "TopicName":{ "type":"string", @@ -4363,8 +4405,7 @@ }, "UntagDeliveryStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDestinationInput":{ "type":"structure", @@ -4401,7 +4442,7 @@ }, "ElasticsearchDestinationUpdate":{ "shape":"ElasticsearchDestinationUpdate", - "documentation":"

Describes an update for a destination in Amazon ES.

" + "documentation":"

Describes an update for a destination in Amazon OpenSearch Service.

" }, "AmazonopensearchserviceDestinationUpdate":{ "shape":"AmazonopensearchserviceDestinationUpdate", @@ -4431,8 +4472,7 @@ }, "UpdateDestinationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Username":{ "type":"string", @@ -4451,7 +4491,7 @@ "members":{ "SubnetIds":{ "shape":"SubnetIdList", - "documentation":"

The IDs of the subnets that you want Firehose to use to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Firehose can create up to three ENIs for this Firehose stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

" + "documentation":"

The IDs of the subnets that you want Firehose to use to create ENIs in the VPC of the Amazon OpenSearch Service destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon OpenSearch Service endpoints. Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Firehose can create up to three ENIs for this Firehose stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

" }, "RoleARN":{ "shape":"RoleARN", @@ -4459,7 +4499,7 @@ }, "SecurityGroupIds":{ "shape":"SecurityGroupIdList", - "documentation":"

The IDs of the security groups that you want Firehose to use when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups here, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your delivery stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

" + "documentation":"

The IDs of the security groups that you want Firehose to use when it creates ENIs in the VPC of the Amazon OpenSearch Service destination. You can use the same security group that the Amazon OpenSearch Service domain uses or different ones. If you specify different security groups here, ensure that they allow outbound HTTPS traffic to the Amazon OpenSearch Service domain's security group. Also ensure that the Amazon OpenSearch Service domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your delivery stream and the Amazon OpenSearch Service domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

" } }, "documentation":"

The details of the VPC of the Amazon OpenSearch or Amazon OpenSearch Serverless destination.

" @@ -4475,7 +4515,7 @@ "members":{ "SubnetIds":{ "shape":"SubnetIdList", - "documentation":"

The IDs of the subnets that Firehose uses to create ENIs in the VPC of the Amazon ES destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon ES endpoints. Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Firehose can create up to three ENIs for this Firehose stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

" + "documentation":"

The IDs of the subnets that Firehose uses to create ENIs in the VPC of the Amazon OpenSearch Service destination. Make sure that the routing tables and inbound and outbound rules allow traffic to flow from the subnets whose IDs are specified here to the subnets that have the destination Amazon OpenSearch Service endpoints. Firehose creates at least one ENI in each of the subnets that are specified here. Do not delete or modify these ENIs.

The number of ENIs that Firehose creates in the subnets specified here scales up and down automatically based on throughput. To enable Firehose to scale up the number of ENIs to match throughput, ensure that you have sufficient quota. To help you calculate the quota you need, assume that Firehose can create up to three ENIs for this Firehose stream for each of the subnets specified here. For more information about ENI quota, see Network Interfaces in the Amazon VPC Quotas topic.

" }, "RoleARN":{ "shape":"RoleARN", @@ -4483,14 +4523,14 @@ }, "SecurityGroupIds":{ "shape":"SecurityGroupIdList", - "documentation":"

The IDs of the security groups that Firehose uses when it creates ENIs in the VPC of the Amazon ES destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon ES domain's security group. Also ensure that the Amazon ES domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your Firehose stream and the Amazon ES domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

" + "documentation":"

The IDs of the security groups that Firehose uses when it creates ENIs in the VPC of the Amazon OpenSearch Service destination. You can use the same security group that the Amazon ES domain uses or different ones. If you specify different security groups, ensure that they allow outbound HTTPS traffic to the Amazon OpenSearch Service domain's security group. Also ensure that the Amazon OpenSearch Service domain's security group allows HTTPS traffic from the security groups specified here. If you use the same security group for both your Firehose stream and the Amazon OpenSearch Service domain, make sure the security group inbound rule allows HTTPS traffic. For more information about security group rules, see Security group rules in the Amazon VPC documentation.

" }, "VpcId":{ "shape":"NonEmptyStringWithoutWhitespace", - "documentation":"

The ID of the Amazon ES destination's VPC.

" + "documentation":"

The ID of the Amazon OpenSearch Service destination's VPC.

" } }, - "documentation":"

The details of the VPC of the Amazon ES destination.

" + "documentation":"

The details of the VPC of the Amazon OpenSearch Service destination.

" }, "VpcEndpointServiceName":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/fis/2020-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/fis/2020-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/fis/2020-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fis/2020-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/fis/2020-12-01/paginators-1.json 2.31.35-1/awscli/botocore/data/fis/2020-12-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/fis/2020-12-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fis/2020-12-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,40 @@ { - "pagination": {} + "pagination": { + "ListActions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "actions" + }, + "ListExperimentResolvedTargets": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "resolvedTargets" + }, + "ListExperimentTemplates": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "experimentTemplates" + }, + "ListExperiments": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "experiments" + }, + "ListTargetAccountConfigurations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "targetAccountConfigurations" + }, + "ListTargetResourceTypes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "targetResourceTypes" + } + } } diff -pruN 2.23.6-1/awscli/botocore/data/fis/2020-12-01/service-2.json 2.31.35-1/awscli/botocore/data/fis/2020-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/fis/2020-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fis/2020-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1220,7 +1220,7 @@ "documentation":"

The name of the S3 bucket where the experiment report will be stored.

" }, "prefix":{ - "shape":"S3ObjectKey", + "shape":"ReportConfigurationS3OutputPrefix", "documentation":"

The prefix of the S3 bucket where the experiment report will be stored.

" } }, @@ -2510,7 +2510,7 @@ "documentation":"

The name of the S3 bucket where the experiment report will be stored.

" }, "prefix":{ - "shape":"S3ObjectKey", + "shape":"ReportConfigurationS3OutputPrefix", "documentation":"

The prefix of the S3 bucket where the experiment report will be stored.

" } }, @@ -2524,12 +2524,17 @@ "documentation":"

The name of the S3 bucket where the experiment report will be stored.

" }, "prefix":{ - "shape":"S3ObjectKey", + "shape":"ReportConfigurationS3OutputPrefix", "documentation":"

The prefix of the S3 bucket where the experiment report will be stored.

" } }, "documentation":"

Specifies the S3 destination for the experiment report.

" }, + "ReportConfigurationS3OutputPrefix":{ + "type":"string", + "max":256, + "pattern":"[\\S]+" + }, "ResolvedTarget":{ "type":"structure", "members":{ @@ -2586,7 +2591,7 @@ }, "S3ObjectKey":{ "type":"string", - "max":1024, + "max":700, "min":1, "pattern":"[\\s\\S]+" }, @@ -2765,8 +2770,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2945,8 +2949,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateExperimentTemplateActionInputItem":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/fms/2018-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/fms/2018-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/fms/2018-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fms/2018-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/fms/2018-01-01/service-2.json 2.31.35-1/awscli/botocore/data/fms/2018-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/fms/2018-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fms/2018-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1177,8 +1177,7 @@ }, "DeleteNotificationChannelRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePolicyRequest":{ "type":"structure", @@ -1244,8 +1243,7 @@ }, "DisassociateAdminAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateThirdPartyFirewallRequest":{ "type":"structure", @@ -1783,8 +1781,7 @@ }, "GetAdminAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAdminAccountResponse":{ "type":"structure", @@ -1877,8 +1874,7 @@ }, "GetNotificationChannelRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetNotificationChannelResponse":{ "type":"structure", @@ -4391,8 +4387,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4560,8 +4555,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateToken":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/forecast/2018-06-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/forecast/2018-06-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/forecast/2018-06-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/forecast/2018-06-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/forecast/2018-06-26/service-2.json 2.31.35-1/awscli/botocore/data/forecast/2018-06-26/service-2.json --- 2.23.6-1/awscli/botocore/data/forecast/2018-06-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/forecast/2018-06-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"forecast", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Forecast Service", "serviceId":"forecast", "signatureVersion":"v4", "signingName":"forecast", "targetPrefix":"AmazonForecast", - "uid":"forecast-2018-06-26" + "uid":"forecast-2018-06-26", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateAutoPredictor":{ @@ -4678,8 +4680,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4895,8 +4896,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatasetGroupRequest":{ "type":"structure", @@ -4917,8 +4917,7 @@ }, "UpdateDatasetGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UseGeolocationForTimeZone":{"type":"boolean"}, "Value":{ diff -pruN 2.23.6-1/awscli/botocore/data/forecastquery/2018-06-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/forecastquery/2018-06-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/forecastquery/2018-06-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/forecastquery/2018-06-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/forecastquery/2018-06-26/service-2.json 2.31.35-1/awscli/botocore/data/forecastquery/2018-06-26/service-2.json --- 2.23.6-1/awscli/botocore/data/forecastquery/2018-06-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/forecastquery/2018-06-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"forecastquery", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Forecast Query Service", "serviceId":"forecastquery", "signatureVersion":"v4", "signingName":"forecast", "targetPrefix":"AmazonForecastRuntime", - "uid":"forecastquery-2018-06-26" + "uid":"forecastquery-2018-06-26", + "auth":["aws.auth#sigv4"] }, "operations":{ "QueryForecast":{ diff -pruN 2.23.6-1/awscli/botocore/data/frauddetector/2019-11-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/frauddetector/2019-11-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/frauddetector/2019-11-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/frauddetector/2019-11-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/frauddetector/2019-11-15/service-2.json 2.31.35-1/awscli/botocore/data/frauddetector/2019-11-15/service-2.json --- 2.23.6-1/awscli/botocore/data/frauddetector/2019-11-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/frauddetector/2019-11-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"frauddetector", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Fraud Detector", "serviceId":"FraudDetector", "signatureVersion":"v4", "targetPrefix":"AWSHawksNestServiceFacade", - "uid":"frauddetector-2019-11-15" + "uid":"frauddetector-2019-11-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchCreateVariable":{ @@ -1641,8 +1643,7 @@ }, "CancelBatchImportJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelBatchPredictionJobRequest":{ "type":"structure", @@ -1656,8 +1657,7 @@ }, "CancelBatchPredictionJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ConflictException":{ "type":"structure", @@ -1706,8 +1706,7 @@ }, "CreateBatchImportJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateBatchPredictionJobRequest":{ "type":"structure", @@ -1756,8 +1755,7 @@ }, "CreateBatchPredictionJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateDetectorVersionRequest":{ "type":"structure", @@ -1841,8 +1839,7 @@ }, "CreateListResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateModelRequest":{ "type":"structure", @@ -1876,8 +1873,7 @@ }, "CreateModelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateModelVersionRequest":{ "type":"structure", @@ -2029,8 +2025,7 @@ }, "CreateVariableResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CsvIndexToVariableMap":{ "type":"map", @@ -2082,8 +2077,7 @@ }, "DeleteBatchImportJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteBatchPredictionJobRequest":{ "type":"structure", @@ -2097,8 +2091,7 @@ }, "DeleteBatchPredictionJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDetectorRequest":{ "type":"structure", @@ -2112,8 +2105,7 @@ }, "DeleteDetectorResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDetectorVersionRequest":{ "type":"structure", @@ -2134,8 +2126,7 @@ }, "DeleteDetectorVersionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEntityTypeRequest":{ "type":"structure", @@ -2149,8 +2140,7 @@ }, "DeleteEntityTypeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventRequest":{ "type":"structure", @@ -2175,8 +2165,7 @@ }, "DeleteEventResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventTypeRequest":{ "type":"structure", @@ -2190,8 +2179,7 @@ }, "DeleteEventTypeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventsByEventTypeRequest":{ "type":"structure", @@ -2228,8 +2216,7 @@ }, "DeleteExternalModelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLabelRequest":{ "type":"structure", @@ -2243,8 +2230,7 @@ }, "DeleteLabelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteListRequest":{ "type":"structure", @@ -2258,8 +2244,7 @@ }, "DeleteListResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteModelRequest":{ "type":"structure", @@ -2280,8 +2265,7 @@ }, "DeleteModelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteModelVersionRequest":{ "type":"structure", @@ -2307,8 +2291,7 @@ }, "DeleteModelVersionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOutcomeRequest":{ "type":"structure", @@ -2322,8 +2305,7 @@ }, "DeleteOutcomeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleRequest":{ "type":"structure", @@ -2334,8 +2316,7 @@ }, "DeleteRuleResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVariableRequest":{ "type":"structure", @@ -2349,8 +2330,7 @@ }, "DeleteVariableResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDetectorRequest":{ "type":"structure", @@ -4479,8 +4459,7 @@ }, "PutDetectorResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutEntityTypeRequest":{ "type":"structure", @@ -4502,8 +4481,7 @@ }, "PutEntityTypeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutEventTypeRequest":{ "type":"structure", @@ -4549,8 +4527,7 @@ }, "PutEventTypeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutExternalModelRequest":{ "type":"structure", @@ -4595,8 +4572,7 @@ }, "PutExternalModelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutKMSEncryptionKeyRequest":{ "type":"structure", @@ -4610,8 +4586,7 @@ }, "PutKMSEncryptionKeyResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutLabelRequest":{ "type":"structure", @@ -4633,8 +4608,7 @@ }, "PutLabelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutOutcomeRequest":{ "type":"structure", @@ -4656,8 +4630,7 @@ }, "PutOutcomeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceNotFoundException":{ "type":"structure", @@ -4822,8 +4795,7 @@ }, "SendEventResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TFIMetricDataPoint":{ "type":"structure", @@ -4916,8 +4888,7 @@ }, "TagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TagsMaxResults":{ "type":"integer", @@ -5065,8 +5036,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDetectorVersionMetadataRequest":{ "type":"structure", @@ -5092,8 +5062,7 @@ }, "UpdateDetectorVersionMetadataResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDetectorVersionRequest":{ "type":"structure", @@ -5136,8 +5105,7 @@ }, "UpdateDetectorVersionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDetectorVersionStatusRequest":{ "type":"structure", @@ -5163,8 +5131,7 @@ }, "UpdateDetectorVersionStatusResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEventLabelRequest":{ "type":"structure", @@ -5195,8 +5162,7 @@ }, "UpdateEventLabelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateListRequest":{ "type":"structure", @@ -5226,8 +5192,7 @@ }, "UpdateListResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateModelRequest":{ "type":"structure", @@ -5252,8 +5217,7 @@ }, "UpdateModelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateModelVersionRequest":{ "type":"structure", @@ -5339,8 +5303,7 @@ }, "UpdateModelVersionStatusResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRuleMetadataRequest":{ "type":"structure", @@ -5361,8 +5324,7 @@ }, "UpdateRuleMetadataResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRuleVersionRequest":{ "type":"structure", @@ -5432,8 +5394,7 @@ }, "UpdateVariableResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UseEventVariables":{"type":"boolean"}, "ValidationException":{ diff -pruN 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/paginators-1.json 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/paginators-1.json --- 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "freeTierUsages" + }, + "ListAccountActivities": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "activities" } } } diff -pruN 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/service-2.json 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/service-2.json --- 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,11 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-09-07", + "auth":["aws.auth#sigv4"], "endpointPrefix":"freetier", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Free Tier", "serviceId":"FreeTier", "signatureVersion":"v4", @@ -13,6 +15,39 @@ "uid":"freetier-2023-09-07" }, "operations":{ + "GetAccountActivity":{ + "name":"GetAccountActivity", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAccountActivityRequest"}, + "output":{"shape":"GetAccountActivityResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Returns a specific activity record that is available to the customer.

" + }, + "GetAccountPlanState":{ + "name":"GetAccountPlanState", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAccountPlanStateRequest"}, + "output":{"shape":"GetAccountPlanStateResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

This returns all of the information related to the state of the account plan related to Free Tier.

" + }, "GetFreeTierUsage":{ "name":"GetFreeTierUsage", "http":{ @@ -27,9 +62,131 @@ {"shape":"ThrottlingException"} ], "documentation":"

Returns a list of all Free Tier usage objects that match your filters.

" + }, + "ListAccountActivities":{ + "name":"ListAccountActivities", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAccountActivitiesRequest"}, + "output":{"shape":"ListAccountActivitiesResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

Returns a list of activities that are available. This operation supports pagination and filtering by status.

" + }, + "UpgradeAccountPlan":{ + "name":"UpgradeAccountPlan", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpgradeAccountPlanRequest"}, + "output":{"shape":"UpgradeAccountPlanResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

The account plan type for the Amazon Web Services account.

" } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

You don't have sufficient access to perform this action.

", + "exception":true + }, + "AccountId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "AccountPlanStatus":{ + "type":"string", + "enum":[ + "NOT_STARTED", + "ACTIVE", + "EXPIRED" + ] + }, + "AccountPlanType":{ + "type":"string", + "enum":[ + "FREE", + "PAID" + ] + }, + "Activities":{ + "type":"list", + "member":{"shape":"ActivitySummary"} + }, + "ActivityId":{ + "type":"string", + "max":32, + "min":32, + "pattern":"[a-zA-Z0-9]+" + }, + "ActivityReward":{ + "type":"structure", + "members":{ + "credit":{ + "shape":"MonetaryAmount", + "documentation":"

The credits gained by activity rewards.

" + } + }, + "documentation":"

The summary of the rewards granted as a result of activities completed.

", + "union":true + }, + "ActivityStatus":{ + "type":"string", + "enum":[ + "NOT_STARTED", + "IN_PROGRESS", + "COMPLETED", + "EXPIRING" + ] + }, + "ActivitySummary":{ + "type":"structure", + "required":[ + "activityId", + "title", + "reward", + "status" + ], + "members":{ + "activityId":{ + "shape":"ActivityId", + "documentation":"

A unique identifier that identifies the activity.

" + }, + "title":{ + "shape":"GenericString", + "documentation":"

The title of the activity.

" + }, + "reward":{ + "shape":"ActivityReward", + "documentation":"

The reward for the activity.

" + }, + "status":{ + "shape":"ActivityStatus", + "documentation":"

The current status of the activity.

" + } + }, + "documentation":"

The summary of activities.

" + }, + "CurrencyCode":{ + "type":"string", + "enum":["USD"] + }, "Dimension":{ "type":"string", "enum":[ @@ -46,21 +203,21 @@ "type":"structure", "required":[ "Key", - "MatchOptions", - "Values" + "Values", + "MatchOptions" ], "members":{ "Key":{ "shape":"Dimension", "documentation":"

The name of the dimension that you want to filter on.

" }, - "MatchOptions":{ - "shape":"MatchOptions", - "documentation":"

The match options that you can use to filter your results. You can specify only one of these values in the array.

" - }, "Values":{ "shape":"Values", "documentation":"

The metadata values you can specify to filter upon, so that the results all match at least one of the specified values.

" + }, + "MatchOptions":{ + "shape":"MatchOptions", + "documentation":"

The match options that you can use to filter your results. You can specify only one of these values in the array.

" } }, "documentation":"

Contains the specifications for the filters to use for your request.

" @@ -68,21 +225,21 @@ "Expression":{ "type":"structure", "members":{ + "Or":{ + "shape":"Expressions", + "documentation":"

Return results that match any of the Expressions that you specified. in the array.

" + }, "And":{ "shape":"Expressions", "documentation":"

Return results that match all Expressions that you specified in the array.

" }, - "Dimensions":{ - "shape":"DimensionValues", - "documentation":"

The specific dimension, values, and match type to filter objects with.

" - }, "Not":{ "shape":"Expression", "documentation":"

Return results that don’t match the Expression that you specified.

" }, - "Or":{ - "shape":"Expressions", - "documentation":"

Return results that match any of the Expressions that you specified. in the array.

" + "Dimensions":{ + "shape":"DimensionValues", + "documentation":"

The specific dimension, values, and match type to filter objects with.

" } }, "documentation":"

Use Expression to filter in the GetFreeTierUsage API operation.

You can use the following patterns:

  • Simple dimension values (Dimensions root operator)

  • Complex expressions with logical operators (AND, NOT, and OR root operators).

For simple dimension values, you can set the dimension name, values, and match type for the filters that you plan to use.

Example for simple dimension values

You can filter to match exactly for REGION==us-east-1 OR REGION==us-west-1.

The corresponding Expression appears like the following: { \"Dimensions\": { \"Key\": \"REGION\", \"Values\": [ \"us-east-1\", \"us-west-1\" ], \"MatchOptions\": [\"EQUALS\"] } }

As shown in the previous example, lists of dimension values are combined with OR when you apply the filter.

For complex expressions with logical operators, you can have nested expressions to use the logical operators and specify advanced filtering.

Example for complex expressions with logical operators

You can filter by ((REGION == us-east-1 OR REGION == us-west-1) OR (SERVICE CONTAINS AWSLambda)) AND (USAGE_TYPE !CONTAINS DataTransfer).

The corresponding Expression appears like the following: { \"And\": [ {\"Or\": [ {\"Dimensions\": { \"Key\": \"REGION\", \"Values\": [ \"us-east-1\", \"us-west-1\" ], \"MatchOptions\": [\"EQUALS\"] }}, {\"Dimensions\": { \"Key\": \"SERVICE\", \"Values\": [\"AWSLambda\"], \"MatchOptions\": [\"CONTAINS\"] } } ]}, {\"Not\": {\"Dimensions\": { \"Key\": \"USAGE_TYPE\", \"Values\": [\"DataTransfer\"], \"MatchOptions\": [\"CONTAINS\"] }}} ] }

In the following Contents, you must specify exactly one of the following root operators.

" @@ -91,48 +248,52 @@ "type":"list", "member":{"shape":"Expression"} }, + "FilterActivityStatuses":{ + "type":"list", + "member":{"shape":"ActivityStatus"} + }, "FreeTierUsage":{ "type":"structure", "members":{ + "service":{ + "shape":"GenericString", + "documentation":"

The name of the Amazon Web Services service providing the Free Tier offer. For example, this can be Amazon Elastic Compute Cloud.

" + }, + "operation":{ + "shape":"GenericString", + "documentation":"

Describes usageType more granularly with the specific Amazon Web Services service API operation. For example, this can be the RunInstances API operation for Amazon Elastic Compute Cloud.

" + }, + "usageType":{ + "shape":"GenericString", + "documentation":"

Describes the usage details of the offer. For example, this might be Global-BoxUsage:freetrial.

" + }, + "region":{ + "shape":"GenericString", + "documentation":"

Describes the Amazon Web Services Region for which this offer is applicable

" + }, "actualUsageAmount":{ "shape":"GenericDouble", "documentation":"

Describes the actual usage accrued month-to-day (MTD) that you've used so far.

" }, - "description":{ - "shape":"GenericString", - "documentation":"

The description of the Free Tier offer.

" - }, "forecastedUsageAmount":{ "shape":"GenericDouble", "documentation":"

Describes the forecasted usage by the month that you're expected to use.

" }, - "freeTierType":{ - "shape":"GenericString", - "documentation":"

Describes the type of the Free Tier offer. For example, the offer can be \"12 Months Free\", \"Always Free\", and \"Free Trial\".

" - }, "limit":{ "shape":"GenericDouble", "documentation":"

Describes the maximum usage allowed in Free Tier.

" }, - "operation":{ - "shape":"GenericString", - "documentation":"

Describes usageType more granularly with the specific Amazon Web Service API operation. For example, this can be the RunInstances API operation for Amazon Elastic Compute Cloud.

" - }, - "region":{ - "shape":"GenericString", - "documentation":"

Describes the Amazon Web Services Region for which this offer is applicable

" - }, - "service":{ - "shape":"GenericString", - "documentation":"

The name of the Amazon Web Service providing the Free Tier offer. For example, this can be Amazon Elastic Compute Cloud.

" - }, "unit":{ "shape":"GenericString", "documentation":"

Describes the unit of the usageType, such as Hrs.

" }, - "usageType":{ + "description":{ "shape":"GenericString", - "documentation":"

Describes the usage details of the offer. For example, this might be Global-BoxUsage:freetrial.

" + "documentation":"

The description of the Free Tier offer.

" + }, + "freeTierType":{ + "shape":"GenericString", + "documentation":"

Describes the type of the Free Tier offer. For example, the offer can be \"12 Months Free\", \"Always Free\", and \"Free Trial\".

" } }, "documentation":"

Consists of a Amazon Web Services Free Tier offer’s metadata and your data usage for the offer.

" @@ -146,7 +307,109 @@ "type":"string", "max":1024, "min":0, - "pattern":"^[\\S\\s]*$" + "pattern":"[\\S\\s]*" + }, + "GetAccountActivityRequest":{ + "type":"structure", + "required":["activityId"], + "members":{ + "activityId":{ + "shape":"ActivityId", + "documentation":"

A unique identifier that identifies the activity.

" + }, + "languageCode":{ + "shape":"LanguageCode", + "documentation":"

The language code used to return translated title and description fields.

" + } + } + }, + "GetAccountActivityResponse":{ + "type":"structure", + "required":[ + "activityId", + "title", + "description", + "status", + "instructionsUrl", + "reward" + ], + "members":{ + "activityId":{ + "shape":"ActivityId", + "documentation":"

A unique identifier that identifies the activity.

" + }, + "title":{ + "shape":"GenericString", + "documentation":"

A short activity title.

" + }, + "description":{ + "shape":"GenericString", + "documentation":"

Provides detailed information about the activity and its expected outcomes.

" + }, + "status":{ + "shape":"ActivityStatus", + "documentation":"

The current activity status.

" + }, + "instructionsUrl":{ + "shape":"GenericString", + "documentation":"

The URL resource that provides guidance on activity requirements and completion.

" + }, + "reward":{ + "shape":"ActivityReward", + "documentation":"

A reward granted upon activity completion.

" + }, + "estimatedTimeToCompleteInMinutes":{ + "shape":"Integer", + "documentation":"

The estimated time to complete the activity. This is the duration in minutes.

" + }, + "expiresAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The time by which the activity must be completed to receive a reward.

" + }, + "startedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp when the activity started. This field appears only for activities in the IN_PROGRESS or COMPLETED states.

" + }, + "completedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp when the activity is completed. This field appears only for activities in the COMPLETED state.

" + } + } + }, + "GetAccountPlanStateRequest":{ + "type":"structure", + "members":{ + } + }, + "GetAccountPlanStateResponse":{ + "type":"structure", + "required":[ + "accountId", + "accountPlanType", + "accountPlanStatus" + ], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

A unique identifier that identifies the account.

" + }, + "accountPlanType":{ + "shape":"AccountPlanType", + "documentation":"

The plan type for the account.

" + }, + "accountPlanStatus":{ + "shape":"AccountPlanStatus", + "documentation":"

The current status for the account plan.

" + }, + "accountPlanRemainingCredits":{ + "shape":"MonetaryAmount", + "documentation":"

The amount of credits remaining for the account.

" + }, + "accountPlanExpirationDate":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

The timestamp for when the current account plan expires.

" + } + } }, "GetFreeTierUsageRequest":{ "type":"structure", @@ -179,6 +442,10 @@ } } }, + "Integer":{ + "type":"integer", + "box":true + }, "InternalServerException":{ "type":"structure", "required":["message"], @@ -189,6 +456,59 @@ "exception":true, "fault":true }, + "LanguageCode":{ + "type":"string", + "enum":[ + "en-US", + "en-GB", + "id-ID", + "de-DE", + "es-ES", + "fr-FR", + "ja-JP", + "it-IT", + "pt-PT", + "ko-KR", + "zh-CN", + "zh-TW", + "tr-TR" + ] + }, + "ListAccountActivitiesRequest":{ + "type":"structure", + "members":{ + "filterActivityStatuses":{ + "shape":"FilterActivityStatuses", + "documentation":"

The activity status filter. This field can be used to filter the response by activities status.

" + }, + "nextToken":{ + "shape":"NextPageToken", + "documentation":"

A token from a previous paginated response. If this is specified, the response includes records beginning from this token (inclusive), up to the number specified by maxResults.

" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

" + }, + "languageCode":{ + "shape":"LanguageCode", + "documentation":"

The language code used to return translated titles.

" + } + } + }, + "ListAccountActivitiesResponse":{ + "type":"structure", + "required":["activities"], + "members":{ + "activities":{ + "shape":"Activities", + "documentation":"

A brief information about the activities.

" + }, + "nextToken":{ + "shape":"NextPageToken", + "documentation":"

The token to include in another request to get the next page of items. This value is null when there are no more items to return.

" + } + } + }, "MatchOption":{ "type":"string", "enum":[ @@ -209,11 +529,42 @@ "max":1000, "min":1 }, + "MonetaryAmount":{ + "type":"structure", + "required":[ + "amount", + "unit" + ], + "members":{ + "amount":{ + "shape":"GenericDouble", + "documentation":"

The aggregated monetary amount of credits earned.

" + }, + "unit":{ + "shape":"CurrencyCode", + "documentation":"

The unit that the monetary amount is given in.

" + } + }, + "documentation":"

The monetary amount of the credit.

" + }, "NextPageToken":{ "type":"string", "max":8192, "min":1, - "pattern":"^[\\S\\s]*$" + "pattern":"[\\S\\s]*" + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"GenericString"} + }, + "documentation":"

This exception is thrown when the requested resource cannot be found.

", + "exception":true + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" }, "ThrottlingException":{ "type":"structure", @@ -224,20 +575,52 @@ "documentation":"

The request was denied due to request throttling.

", "exception":true }, + "UpgradeAccountPlanRequest":{ + "type":"structure", + "required":["accountPlanType"], + "members":{ + "accountPlanType":{ + "shape":"AccountPlanType", + "documentation":"

The target account plan type. This makes it explicit about the change and latest value of the accountPlanType.

" + } + } + }, + "UpgradeAccountPlanResponse":{ + "type":"structure", + "required":[ + "accountId", + "accountPlanType", + "accountPlanStatus" + ], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"

A unique identifier that identifies the account.

" + }, + "accountPlanType":{ + "shape":"AccountPlanType", + "documentation":"

The type of plan for the account.

" + }, + "accountPlanStatus":{ + "shape":"AccountPlanStatus", + "documentation":"

This indicates the latest state of the account plan within its lifecycle.

" + } + } + }, "ValidationException":{ "type":"structure", "required":["message"], "members":{ "message":{"shape":"GenericString"} }, - "documentation":"

The input fails to satisfy the constraints specified by an Amazon Web Service.

", + "documentation":"

The input fails to satisfy the constraints specified by an Amazon Web Services service.

", "exception":true }, "Value":{ "type":"string", "max":20, "min":1, - "pattern":"^[ a-zA-Z0-9\\-\\:\\.\\_\\/\\,\\$\\(\\)]*$" + "pattern":"[ a-zA-Z0-9\\-\\:\\.\\_\\/\\,\\$\\(\\)]*" }, "Values":{ "type":"list", @@ -245,5 +628,5 @@ "min":1 } }, - "documentation":"

You can use the Amazon Web Services Free Tier API to query programmatically your Free Tier usage data.

Free Tier tracks your monthly usage data for all free tier offers that are associated with your Amazon Web Services account. You can use the Free Tier API to filter and show only the data that you want.

Service endpoint

The Free Tier API provides the following endpoint:

  • https://freetier.us-east-1.api.aws

For more information, see Using the Amazon Web Services Free Tier in the Billing User Guide.

" + "documentation":"

You can use the Amazon Web Services Free Tier API to query programmatically your Free Tier usage data.

Free Tier tracks your monthly usage data for all free tier offers that are associated with your Amazon Web Services account. You can use the Free Tier API to filter and show only the data that you want.

Service endpoint

The Free Tier API provides the following endpoint:

    For more information, see Using the Amazon Web Services Free Tier in the Billing User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/waiters-2.json 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/waiters-2.json --- 2.23.6-1/awscli/botocore/data/freetier/2023-09-07/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/freetier/2023-09-07/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/paginators-1.json 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Volumes" + }, + "DescribeS3AccessPointAttachments": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "S3AccessPointAttachments" + }, + "DescribeSnapshots": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Snapshots" } } } diff -pruN 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/service-2.json 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/service-2.json --- 2.23.6-1/awscli/botocore/data/fsx/2018-03-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/fsx/2018-03-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -45,7 +45,7 @@ {"shape":"DataRepositoryTaskEnded"}, {"shape":"InternalServerError"} ], - "documentation":"

    Cancels an existing Amazon FSx for Lustre data repository task if that task is in either the PENDING or EXECUTING state. When you cancel am export task, Amazon FSx does the following.

    • Any files that FSx has already exported are not reverted.

    • FSx continues to export any files that are in-flight when the cancel operation is received.

    • FSx does not export any files that have not yet been exported.

    For a release task, Amazon FSx will stop releasing files upon cancellation. Any files that have already been released will remain in the released state.

    ", + "documentation":"

    Cancels an existing Amazon FSx for Lustre data repository task if that task is in either the PENDING or EXECUTING state. When you cancel an export task, Amazon FSx does the following.

    • Any files that FSx has already exported are not reverted.

    • FSx continues to export any files that are in-flight when the cancel operation is received.

    • FSx does not export any files that have not yet been exported.

    For a release task, Amazon FSx will stop releasing files upon cancellation. Any files that have already been released will remain in the released state.

    ", "idempotent":true }, "CopyBackup":{ @@ -89,6 +89,27 @@ "documentation":"

    Updates an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system. For more information, see on-demand data replication in the Amazon FSx for OpenZFS User Guide.

    ", "idempotent":true }, + "CreateAndAttachS3AccessPoint":{ + "name":"CreateAndAttachS3AccessPoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateAndAttachS3AccessPointRequest"}, + "output":{"shape":"CreateAndAttachS3AccessPointResponse"}, + "errors":[ + {"shape":"BadRequest"}, + {"shape":"IncompatibleParameterError"}, + {"shape":"InternalServerError"}, + {"shape":"UnsupportedOperation"}, + {"shape":"VolumeNotFound"}, + {"shape":"InvalidAccessPoint"}, + {"shape":"InvalidRequest"}, + {"shape":"AccessPointAlreadyOwnedByYou"}, + {"shape":"TooManyAccessPoints"} + ], + "documentation":"

    Creates an S3 access point and attaches it to an Amazon FSx volume. For FSx for OpenZFS file systems, the volume must be hosted on a high-availability file system, either Single-AZ or Multi-AZ. For more information, see Accessing your data using Amazon S3 access points. in the Amazon FSx for OpenZFS User Guide.

    The requester requires the following permissions to perform these actions:

    • fsx:CreateAndAttachS3AccessPoint

    • s3:CreateAccessPoint

    • s3:GetAccessPoint

    • s3:PutAccessPointPolicy

    • s3:DeleteAccessPoint

    The following actions are related to CreateAndAttachS3AccessPoint:

    " + }, "CreateBackup":{ "name":"CreateBackup", "http":{ @@ -166,7 +187,7 @@ {"shape":"InternalServerError"}, {"shape":"MissingFileCacheConfiguration"} ], - "documentation":"

    Creates a new Amazon File Cache resource.

    You can use this operation with a client request token in the request that Amazon File Cache uses to ensure idempotent creation. If a cache with the specified client request token exists and the parameters match, CreateFileCache returns the description of the existing cache. If a cache with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file cache with the specified client request token doesn't exist, CreateFileCache does the following:

    • Creates a new, empty Amazon File Cache resourcewith an assigned ID, and an initial lifecycle state of CREATING.

    • Returns the description of the cache in JSON format.

    The CreateFileCache call returns while the cache's lifecycle state is still CREATING. You can check the cache creation status by calling the DescribeFileCaches operation, which returns the cache state along with other information.

    ", + "documentation":"

    Creates a new Amazon File Cache resource.

    You can use this operation with a client request token in the request that Amazon File Cache uses to ensure idempotent creation. If a cache with the specified client request token exists and the parameters match, CreateFileCache returns the description of the existing cache. If a cache with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file cache with the specified client request token doesn't exist, CreateFileCache does the following:

    • Creates a new, empty Amazon File Cache resource with an assigned ID, and an initial lifecycle state of CREATING.

    • Returns the description of the cache in JSON format.

    The CreateFileCache call returns while the cache's lifecycle state is still CREATING. You can check the cache creation status by calling the DescribeFileCaches operation, which returns the cache state along with other information.

    ", "idempotent":true }, "CreateFileSystem":{ @@ -359,7 +380,7 @@ {"shape":"ServiceLimitExceeded"}, {"shape":"InternalServerError"} ], - "documentation":"

    Deletes a file system. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups and snapshots are also deleted.

    To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and storage virtual machines (SVMs) on the file system. Then provide a FileSystemId value to the DeleteFileSystem operation.

    By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup isn't subject to the file system's retention policy, and must be manually deleted.

    To delete an Amazon FSx for Lustre file system, first unmount it from every connected Amazon EC2 instance, then provide a FileSystemId value to the DeleteFileSystem operation. By default, Amazon FSx will not take a final backup when the DeleteFileSystem operation is invoked. On file systems not linked to an Amazon S3 bucket, set SkipFinalBackup to false to take a final backup of the file system you are deleting. Backups cannot be enabled on S3-linked file systems. To ensure all of your data is written back to S3 before deleting your file system, you can either monitor for the AgeOfOldestQueuedMessage metric to be zero (if using automatic export) or you can run an export data repository task. If you have automatic export enabled and want to use an export data repository task, you have to disable automatic export before executing the export data repository task.

    The DeleteFileSystem operation returns while the file system has the DELETING status. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the DescribeFileSystems operation returns a FileSystemNotFound error.

    If a data repository task is in a PENDING or EXECUTING state, deleting an Amazon FSx for Lustre file system will fail with an HTTP status code 400 (Bad Request).

    The data in a deleted file system is also deleted and can't be recovered by any means.

    ", + "documentation":"

    Deletes a file system. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups and snapshots are also deleted.

    To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and storage virtual machines (SVMs) on the file system. Then provide a FileSystemId value to the DeleteFileSystem operation.

    Before deleting an Amazon FSx for OpenZFS file system, make sure that there aren't any Amazon S3 access points attached to any volume. For more information on how to list S3 access points that are attached to volumes, see Listing S3 access point attachments. For more information on how to delete S3 access points, see Deleting an S3 access point attachment.

    By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup isn't subject to the file system's retention policy, and must be manually deleted.

    To delete an Amazon FSx for Lustre file system, first unmount it from every connected Amazon EC2 instance, then provide a FileSystemId value to the DeleteFileSystem operation. By default, Amazon FSx will not take a final backup when the DeleteFileSystem operation is invoked. On file systems not linked to an Amazon S3 bucket, set SkipFinalBackup to false to take a final backup of the file system you are deleting. Backups cannot be enabled on S3-linked file systems. To ensure all of your data is written back to S3 before deleting your file system, you can either monitor for the AgeOfOldestQueuedMessage metric to be zero (if using automatic export) or you can run an export data repository task. If you have automatic export enabled and want to use an export data repository task, you have to disable automatic export before executing the export data repository task.

    The DeleteFileSystem operation returns while the file system has the DELETING status. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the DescribeFileSystems operation returns a FileSystemNotFound error.

    If a data repository task is in a PENDING or EXECUTING state, deleting an Amazon FSx for Lustre file system will fail with an HTTP status code 400 (Bad Request).

    The data in a deleted file system is also deleted and can't be recovered by any means.

    ", "idempotent":true }, "DeleteSnapshot":{ @@ -508,6 +529,22 @@ ], "documentation":"

    Returns the description of specific Amazon FSx file systems, if a FileSystemIds value is provided for that file system. Otherwise, it returns descriptions of all file systems owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.

    When retrieving all file system descriptions, you can optionally specify the MaxResults parameter to limit the number of descriptions in a response. If more file system descriptions remain, Amazon FSx returns a NextToken value in the response. In this case, send a later request with the NextToken request parameter set to the value of NextToken from the last response.

    This operation is used in an iterative process to retrieve a list of your file system descriptions. DescribeFileSystems is called first without a NextTokenvalue. Then the operation continues to be called with the NextToken parameter set to the value of the last NextToken value until a response has no NextToken.

    When using this operation, keep the following in mind:

    • The implementation might return fewer than MaxResults file system descriptions while still including a NextToken value.

    • The order of file systems returned in the response of one DescribeFileSystems call and the order of file systems returned across the responses of a multicall iteration is unspecified.

    " }, + "DescribeS3AccessPointAttachments":{ + "name":"DescribeS3AccessPointAttachments", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeS3AccessPointAttachmentsRequest"}, + "output":{"shape":"DescribeS3AccessPointAttachmentsResponse"}, + "errors":[ + {"shape":"S3AccessPointAttachmentNotFound"}, + {"shape":"BadRequest"}, + {"shape":"InternalServerError"}, + {"shape":"UnsupportedOperation"} + ], + "documentation":"

    Describes one or more S3 access points attached to Amazon FSx volumes.

    The requester requires the following permission to perform this action:

    • fsx:DescribeS3AccessPointAttachments

    " + }, "DescribeSharedVpcConfiguration":{ "name":"DescribeSharedVpcConfiguration", "http":{ @@ -567,6 +604,23 @@ ], "documentation":"

    Describes one or more Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volumes.

    " }, + "DetachAndDeleteS3AccessPoint":{ + "name":"DetachAndDeleteS3AccessPoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DetachAndDeleteS3AccessPointRequest"}, + "output":{"shape":"DetachAndDeleteS3AccessPointResponse"}, + "errors":[ + {"shape":"BadRequest"}, + {"shape":"IncompatibleParameterError"}, + {"shape":"InternalServerError"}, + {"shape":"UnsupportedOperation"}, + {"shape":"S3AccessPointAttachmentNotFound"} + ], + "documentation":"

    Detaches an S3 access point from an Amazon FSx volume and deletes the S3 access point.

    The requester requires the following permission to perform this action:

    • fsx:DetachAndDeleteS3AccessPoint

    • s3:DeleteAccessPoint

    " + }, "DisassociateFileSystemAliases":{ "name":"DisassociateFileSystemAliases", "http":{ @@ -740,7 +794,7 @@ {"shape":"MissingFileSystemConfiguration"}, {"shape":"ServiceLimitExceeded"} ], - "documentation":"

    Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

    For FSx for Windows File Server file systems, you can update the following properties:

    • AuditLogConfiguration

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • SelfManagedActiveDirectoryConfiguration

    • StorageCapacity

    • StorageType

    • ThroughputCapacity

    • DiskIopsConfiguration

    • WeeklyMaintenanceStartTime

    For FSx for Lustre file systems, you can update the following properties:

    • AutoImportPolicy

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • DataCompressionType

    • LogConfiguration

    • LustreRootSquashConfiguration

    • MetadataConfiguration

    • PerUnitStorageThroughput

    • StorageCapacity

    • WeeklyMaintenanceStartTime

    For FSx for ONTAP file systems, you can update the following properties:

    • AddRouteTableIds

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • DiskIopsConfiguration

    • FsxAdminPassword

    • HAPairs

    • RemoveRouteTableIds

    • StorageCapacity

    • ThroughputCapacity

    • ThroughputCapacityPerHAPair

    • WeeklyMaintenanceStartTime

    For FSx for OpenZFS file systems, you can update the following properties:

    • AddRouteTableIds

    • AutomaticBackupRetentionDays

    • CopyTagsToBackups

    • CopyTagsToVolumes

    • DailyAutomaticBackupStartTime

    • DiskIopsConfiguration

    • ReadCacheConfiguration

    • RemoveRouteTableIds

    • StorageCapacity

    • ThroughputCapacity

    • WeeklyMaintenanceStartTime

    " + "documentation":"

    Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

    For FSx for Windows File Server file systems, you can update the following properties:

    • AuditLogConfiguration

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • DiskIopsConfiguration

    • SelfManagedActiveDirectoryConfiguration

    • StorageCapacity

    • StorageType

    • ThroughputCapacity

    • WeeklyMaintenanceStartTime

    For FSx for Lustre file systems, you can update the following properties:

    • AutoImportPolicy

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • DataCompressionType

    • FileSystemTypeVersion

    • LogConfiguration

    • LustreReadCacheConfiguration

    • LustreRootSquashConfiguration

    • MetadataConfiguration

    • PerUnitStorageThroughput

    • StorageCapacity

    • ThroughputCapacity

    • WeeklyMaintenanceStartTime

    For FSx for ONTAP file systems, you can update the following properties:

    • AddRouteTableIds

    • AutomaticBackupRetentionDays

    • DailyAutomaticBackupStartTime

    • DiskIopsConfiguration

    • EndpointIpv6AddressRange

    • FsxAdminPassword

    • HAPairs

    • RemoveRouteTableIds

    • StorageCapacity

    • ThroughputCapacity

    • ThroughputCapacityPerHAPair

    • WeeklyMaintenanceStartTime

    For FSx for OpenZFS file systems, you can update the following properties:

    • AddRouteTableIds

    • AutomaticBackupRetentionDays

    • CopyTagsToBackups

    • CopyTagsToVolumes

    • DailyAutomaticBackupStartTime

    • DiskIopsConfiguration

    • EndpointIpv6AddressRange

    • ReadCacheConfiguration

    • RemoveRouteTableIds

    • StorageCapacity

    • ThroughputCapacity

    • WeeklyMaintenanceStartTime

    " }, "UpdateSharedVpcConfiguration":{ "name":"UpdateSharedVpcConfiguration", @@ -816,6 +870,23 @@ "min":12, "pattern":"^\\d{12}$" }, + "AccessPointAlreadyOwnedByYou":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    An error code indicating that an access point with that name already exists in the Amazon Web Services Region in your Amazon Web Services account.

    " + }, + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    An access point with that name already exists in the Amazon Web Services Region in your Amazon Web Services account.

    ", + "exception":true + }, + "AccessPointPolicy":{ + "type":"string", + "max":200000, + "min":1 + }, "ActiveDirectoryBackupAttributes":{ "type":"structure", "members":{ @@ -855,6 +926,7 @@ "DOMAIN_NOT_FOUND", "INCOMPATIBLE_DOMAIN_MODE", "WRONG_VPC", + "INVALID_NETWORK_TYPE", "INVALID_DOMAIN_STAGE" ] }, @@ -901,7 +973,8 @@ "RemainingTransferBytes":{ "shape":"RemainingTransferBytes", "documentation":"

    The remaining bytes to transfer for the FSx for OpenZFS snapshot that you're copying.

    " - } + }, + "Message":{"shape":"ErrorMessage"} }, "documentation":"

    Describes a specific Amazon FSx administrative action for the current Windows, Lustre, OpenZFS, or ONTAP file system or volume.

    " }, @@ -998,7 +1071,7 @@ "Aliases":{ "type":"list", "member":{"shape":"Alias"}, - "documentation":"

    An array of one or more DNS aliases that are currently associated with the Amazon FSx file system. Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. You can associate up to 50 aliases with a file system at any time. You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation. You only need to specify the alias name in the request payload. For more information, see DNS aliases.

    ", + "documentation":"

    An array of one or more DNS aliases that are currently associated with the Amazon FSx file system. Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. You can associate up to 50 aliases with a file system at any time. You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation. You only need to specify the alias name in the request payload. For more information, see Managing DNS aliases.

    ", "max":50 }, "AlternateDNSName":{ @@ -1434,6 +1507,76 @@ }, "documentation":"

    Used to specify the configuration options for an FSx for ONTAP volume's storage aggregate or aggregates.

    " }, + "CreateAndAttachS3AccessPointOpenZFSConfiguration":{ + "type":"structure", + "required":[ + "VolumeId", + "FileSystemIdentity" + ], + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The ID of the FSx for OpenZFS volume to which you want the S3 access point attached.

    " + }, + "FileSystemIdentity":{ + "shape":"OpenZFSFileSystemIdentity", + "documentation":"

    Specifies the file system user identity to use for authorizing file read and write requests that are made using this S3 access point.

    " + } + }, + "documentation":"

    Specifies the FSx for OpenZFS volume that the S3 access point will be attached to, and the file system user identity.

    " + }, + "CreateAndAttachS3AccessPointRequest":{ + "type":"structure", + "required":[ + "Name", + "Type" + ], + "members":{ + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "idempotencyToken":true + }, + "Name":{ + "shape":"S3AccessPointAttachmentName", + "documentation":"

    The name you want to assign to this S3 access point.

    " + }, + "Type":{ + "shape":"S3AccessPointAttachmentType", + "documentation":"

    The type of S3 access point you want to create. Only OpenZFS is supported.

    " + }, + "OpenZFSConfiguration":{ + "shape":"CreateAndAttachS3AccessPointOpenZFSConfiguration", + "documentation":"

    Specifies the configuration to use when creating and attaching an S3 access point to an FSx for OpenZFS volume.

    " + }, + "S3AccessPoint":{ + "shape":"CreateAndAttachS3AccessPointS3Configuration", + "documentation":"

    Specifies the virtual private cloud (VPC) configuration if you're creating an access point that is restricted to a VPC. For more information, see Creating access points restricted to a virtual private cloud.

    " + } + } + }, + "CreateAndAttachS3AccessPointResponse":{ + "type":"structure", + "members":{ + "S3AccessPointAttachment":{ + "shape":"S3AccessPointAttachment", + "documentation":"

    Describes the configuration of the S3 access point created.

    " + } + } + }, + "CreateAndAttachS3AccessPointS3Configuration":{ + "type":"structure", + "members":{ + "VpcConfiguration":{ + "shape":"S3AccessPointVpcConfiguration", + "documentation":"

    If included, Amazon S3 restricts access to this S3 access point to requests made from the specified virtual private cloud (VPC).

    " + }, + "Policy":{ + "shape":"AccessPointPolicy", + "documentation":"

    Specifies an access policy to associate with the S3 access point configuration. For more information, see Configuring IAM policies for using access points in the Amazon Simple Storage Service User Guide.

    " + } + }, + "documentation":"

    Used to create an S3 access point that accepts requests only from a virtual private cloud (VPC) to restrict data access to a private network.

    " + }, "CreateBackupRequest":{ "type":"structure", "members":{ @@ -1676,12 +1819,12 @@ "LustreConfiguration":{"shape":"CreateFileSystemLustreConfiguration"}, "StorageType":{ "shape":"StorageType", - "documentation":"

    Sets the storage type for the Windows or OpenZFS file system that you're creating from a backup. Valid values are SSD and HDD.

    • Set to SSD to use solid state drive storage. SSD is supported on all Windows and OpenZFS deployment types.

    • Set to HDD to use hard disk drive storage. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 FSx for Windows File Server file system deployment types.

    The default value is SSD.

    HDD and SSD storage types have different minimum storage capacity requirements. A restored file system's storage capacity is tied to the file system that was backed up. You can create a file system that uses HDD storage from a backup of a file system that used SSD storage if the original SSD file system had a storage capacity of at least 2000 GiB.

    " + "documentation":"

    Sets the storage type for the Windows, OpenZFS, or Lustre file system that you're creating from a backup. Valid values are SSD, HDD, and INTELLIGENT_TIERING.

    • Set to SSD to use solid state drive storage. SSD is supported on all Windows and OpenZFS deployment types.

    • Set to HDD to use hard disk drive storage. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 FSx for Windows File Server file system deployment types.

    • Set to INTELLIGENT_TIERING to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type and for Lustre file systems with the Persistent_2 deployment type.

    The default value is SSD.

    HDD and SSD storage types have different minimum storage capacity requirements. A restored file system's storage capacity is tied to the file system that was backed up. You can create a file system that uses HDD storage from a backup of a file system that used SSD storage if the original SSD file system had a storage capacity of at least 2000 GiB.

    " }, "KmsKeyId":{"shape":"KmsKeyId"}, "FileSystemTypeVersion":{ "shape":"FileSystemTypeVersion", - "documentation":"

    Sets the version for the Amazon FSx for Lustre file system that you're creating from a backup. Valid values are 2.10, 2.12, and 2.15.

    You don't need to specify FileSystemTypeVersion because it will be applied using the backup's FileSystemTypeVersion setting. If you choose to specify FileSystemTypeVersion when creating from backup, the value must match the backup's FileSystemTypeVersion setting.

    " + "documentation":"

    Sets the version for the Amazon FSx for Lustre file system that you're creating from a backup. Valid values are 2.10, 2.12, and 2.15.

    You can enter a Lustre version that is newer than the backup's FileSystemTypeVersion setting. If you don't enter a newer Lustre version, it defaults to the backup's setting.

    " }, "OpenZFSConfiguration":{ "shape":"CreateFileSystemOpenZFSConfiguration", @@ -1689,7 +1832,11 @@ }, "StorageCapacity":{ "shape":"StorageCapacity", - "documentation":"

    Sets the storage capacity of the OpenZFS file system that you're creating from a backup, in gibibytes (GiB). Valid values are from 64 GiB up to 524,288 GiB (512 TiB). However, the value that you specify must be equal to or greater than the backup's storage capacity value. If you don't use the StorageCapacity parameter, the default is the backup's StorageCapacity value.

    If used to create a file system other than OpenZFS, you must provide a value that matches the backup's StorageCapacity value. If you provide any other value, Amazon FSx responds with with an HTTP status code 400 Bad Request.

    " + "documentation":"

    Sets the storage capacity of the OpenZFS file system that you're creating from a backup, in gibibytes (GiB). Valid values are from 64 GiB up to 524,288 GiB (512 TiB). However, the value that you specify must be equal to or greater than the backup's storage capacity value. If you don't use the StorageCapacity parameter, the default is the backup's StorageCapacity value.

    If used to create a file system other than OpenZFS, you must provide a value that matches the backup's StorageCapacity value. If you provide any other value, Amazon FSx responds with an HTTP status code 400 Bad Request.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    Sets the network type for the Amazon FSx for OpenZFS file system that you're creating from a backup.

    " } }, "documentation":"

    The request object for the CreateFileSystemFromBackup operation.

    " @@ -1725,7 +1872,7 @@ }, "DeploymentType":{ "shape":"LustreDeploymentType", - "documentation":"

    (Optional) Choose SCRATCH_1 and SCRATCH_2 deployment types when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

    Choose PERSISTENT_1 for longer-term storage and for throughput-focused workloads that aren’t latency-sensitive. PERSISTENT_1 supports encryption of data in transit, and is available in all Amazon Web Services Regions in which FSx for Lustre is available.

    Choose PERSISTENT_2 for longer-term storage and for latency-sensitive workloads that require the highest levels of IOPS/throughput. PERSISTENT_2 supports SSD storage, and offers higher PerUnitStorageThroughput (up to 1000 MB/s/TiB). You can optionally specify a metadata configuration mode for PERSISTENT_2 which supports increasing metadata performance. PERSISTENT_2 is available in a limited number of Amazon Web Services Regions. For more information, and an up-to-date list of Amazon Web Services Regions in which PERSISTENT_2 is available, see File system deployment options for FSx for Lustre in the Amazon FSx for Lustre User Guide.

    If you choose PERSISTENT_2, and you set FileSystemTypeVersion to 2.10, the CreateFileSystem operation fails.

    Encryption of data in transit is automatically turned on when you access SCRATCH_2, PERSISTENT_1, and PERSISTENT_2 file systems from Amazon EC2 instances that support automatic encryption in the Amazon Web Services Regions where they are available. For more information about encryption in transit for FSx for Lustre file systems, see Encrypting data in transit in the Amazon FSx for Lustre User Guide.

    (Default = SCRATCH_1)

    " + "documentation":"

    (Optional) Choose SCRATCH_1 and SCRATCH_2 deployment types when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

    Choose PERSISTENT_1 for longer-term storage and for throughput-focused workloads that aren’t latency-sensitive. PERSISTENT_1 supports encryption of data in transit, and is available in all Amazon Web Services Regions in which FSx for Lustre is available.

    Choose PERSISTENT_2 for longer-term storage and for latency-sensitive workloads that require the highest levels of IOPS/throughput. PERSISTENT_2 supports the SSD and Intelligent-Tiering storage classes. You can optionally specify a metadata configuration mode for PERSISTENT_2 which supports increasing metadata performance. PERSISTENT_2 is available in a limited number of Amazon Web Services Regions. For more information, and an up-to-date list of Amazon Web Services Regions in which PERSISTENT_2 is available, see Deployment and storage class options for FSx for Lustre file systems in the Amazon FSx for Lustre User Guide.

    If you choose PERSISTENT_2, and you set FileSystemTypeVersion to 2.10, the CreateFileSystem operation fails.

    Encryption of data in transit is automatically turned on when you access SCRATCH_2, PERSISTENT_1, and PERSISTENT_2 file systems from Amazon EC2 instances that support automatic encryption in the Amazon Web Services Regions where they are available. For more information about encryption in transit for FSx for Lustre file systems, see Encrypting data in transit in the Amazon FSx for Lustre User Guide.

    (Default = SCRATCH_1)

    " }, "AutoImportPolicy":{ "shape":"AutoImportPolicyType", @@ -1733,7 +1880,7 @@ }, "PerUnitStorageThroughput":{ "shape":"PerUnitStorageThroughput", - "documentation":"

    Required with PERSISTENT_1 and PERSISTENT_2 deployment types, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the PerUnitStorageThroughput (MB/s/TiB). For a 2.4-TiB file system, provisioning 50 MB/s/TiB of PerUnitStorageThroughput yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision.

    Valid values:

    • For PERSISTENT_1 SSD storage: 50, 100, 200 MB/s/TiB.

    • For PERSISTENT_1 HDD storage: 12, 40 MB/s/TiB.

    • For PERSISTENT_2 SSD storage: 125, 250, 500, 1000 MB/s/TiB.

    " + "documentation":"

    Required with PERSISTENT_1 and PERSISTENT_2 deployment types using an SSD or HDD storage class, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the PerUnitStorageThroughput (MB/s/TiB). For a 2.4-TiB file system, provisioning 50 MB/s/TiB of PerUnitStorageThroughput yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision.

    Valid values:

    • For PERSISTENT_1 SSD storage: 50, 100, 200 MB/s/TiB.

    • For PERSISTENT_1 HDD storage: 12, 40 MB/s/TiB.

    • For PERSISTENT_2 SSD storage: 125, 250, 500, 1000 MB/s/TiB.

    " }, "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "AutomaticBackupRetentionDays":{ @@ -1767,6 +1914,14 @@ "MetadataConfiguration":{ "shape":"CreateFileSystemLustreMetadataConfiguration", "documentation":"

    The Lustre metadata performance configuration for the creation of an FSx for Lustre file system using a PERSISTENT_2 deployment type.

    " + }, + "ThroughputCapacity":{ + "shape":"ThroughputCapacityMbps", + "documentation":"

    Specifies the throughput of an FSx for Lustre file system using the Intelligent-Tiering storage class, measured in megabytes per second (MBps). Valid values are 4000 MBps or multiples of 4000 MBps. You pay for the amount of throughput that you provision.

    " + }, + "DataReadCacheConfiguration":{ + "shape":"LustreReadCacheConfiguration", + "documentation":"

    Specifies the optional provisioned SSD read cache on FSx for Lustre file systems that use the Intelligent-Tiering storage class. Required when StorageType is set to INTELLIGENT_TIERING.

    " } }, "documentation":"

    The Lustre configuration for the file system being created.

    The following parameters are not supported for file systems with a data repository association created with .

    • AutoImportPolicy

    • ExportPath

    • ImportedFileChunkSize

    • ImportPath

    " @@ -1777,11 +1932,11 @@ "members":{ "Iops":{ "shape":"MetadataIops", - "documentation":"

    (USER_PROVISIONED mode only) Specifies the number of Metadata IOPS to provision for the file system. This parameter sets the maximum rate of metadata disk IOPS supported by the file system. Valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    Iops doesn’t have a default value. If you're using USER_PROVISIONED mode, you can choose to specify a valid value. If you're using AUTOMATIC mode, you cannot specify a value because FSx for Lustre automatically sets the value based on your file system storage capacity.

    " + "documentation":"

    (USER_PROVISIONED mode only) Specifies the number of Metadata IOPS to provision for the file system. This parameter sets the maximum rate of metadata disk IOPS supported by the file system.

    • For SSD file systems, valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    • For Intelligent-Tiering file systems, valid values are 6000 and 12000.

    Iops doesn’t have a default value. If you're using USER_PROVISIONED mode, you can choose to specify a valid value. If you're using AUTOMATIC mode, you cannot specify a value because FSx for Lustre automatically sets the value based on your file system storage capacity.

    " }, "Mode":{ "shape":"MetadataConfigurationMode", - "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for an FSx for Lustre file system using a PERSISTENT_2 deployment type.

    • In AUTOMATIC mode, FSx for Lustre automatically provisions and scales the number of Metadata IOPS for your file system based on your file system storage capacity.

    • In USER_PROVISIONED mode, you specify the number of Metadata IOPS to provision for your file system.

    " + "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for an FSx for Lustre file system using a PERSISTENT_2 deployment type.

    • In AUTOMATIC mode (supported only on SSD file systems), FSx for Lustre automatically provisions and scales the number of Metadata IOPS for your file system based on your file system storage capacity.

    • In USER_PROVISIONED mode, you specify the number of Metadata IOPS to provision for your file system.

    " } }, "documentation":"

    The Lustre metadata performance configuration for the creation of an Amazon FSx for Lustre file system using a PERSISTENT_2 deployment type. The configuration uses a Metadata IOPS value to set the maximum rate of metadata disk IOPS supported by the file system.

    After creation, the file system supports increasing metadata performance. For more information on Metadata IOPS, see Lustre metadata performance configuration in the Amazon FSx for Lustre User Guide.

    " @@ -1798,7 +1953,7 @@ }, "EndpointIpAddressRange":{ "shape":"IpAddressRange", - "documentation":"

    (Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " + "documentation":"

    (Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " }, "FsxAdminPassword":{ "shape":"AdminPassword", @@ -1828,6 +1983,10 @@ "ThroughputCapacityPerHAPair":{ "shape":"ThroughputCapacityPerHAPair", "documentation":"

    Use to choose the throughput capacity per HA pair, rather than the total throughput for the file system.

    You can define either the ThroughputCapacityPerHAPair or the ThroughputCapacity when creating a file system, but not both.

    This field and ThroughputCapacity are the same for file systems powered by one HA pair.

    • For SINGLE_AZ_1 and MULTI_AZ_1 file systems, valid values are 128, 256, 512, 1024, 2048, or 4096 MBps.

    • For SINGLE_AZ_2, valid values are 1536, 3072, or 6144 MBps.

    • For MULTI_AZ_2, valid values are 384, 768, 1536, 3072, or 6144 MBps.

    Amazon FSx responds with an HTTP status code 400 (Bad Request) for the following conditions:

    • The value of ThroughputCapacity and ThroughputCapacityPerHAPair are not the same value for file systems with one HA pair.

    • The value of deployment type is SINGLE_AZ_2 and ThroughputCapacity / ThroughputCapacityPerHAPair is not a valid HA pair (a value between 1 and 12).

    • The value of ThroughputCapacityPerHAPair is not a valid value.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " } }, "documentation":"

    The ONTAP configuration properties of the FSx for ONTAP file system that you are creating.

    " @@ -1855,7 +2014,7 @@ }, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", - "documentation":"

    Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MBps). Valid values depend on the DeploymentType you choose, as follows:

    • For MULTI_AZ_1 and SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps.

    • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MBps.

    You pay for additional throughput capacity that you provision.

    " + "documentation":"

    Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MBps). Valid values depend on the DeploymentType that you choose, as follows:

    • For MULTI_AZ_1 and SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps.

    • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MBps.

    You pay for additional throughput capacity that you provision.

    " }, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}, @@ -1869,7 +2028,11 @@ }, "EndpointIpAddressRange":{ "shape":"IpAddressRange", - "documentation":"

    (Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables.

    " + "documentation":"

    (Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " }, "RouteTableIds":{ "shape":"RouteTableIds", @@ -1904,7 +2067,7 @@ }, "StorageType":{ "shape":"StorageType", - "documentation":"

    Sets the storage class for the file system that you're creating. Valid values are SSD, HDD, and INTELLIGENT_TIERING.

    • Set to SSD to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.

    • Set to HDD to use hard disk drive storage. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 Windows file system deployment types, and on PERSISTENT_1 Lustre file system deployment types.

    • Set to INTELLIGENT_TIERING to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type.

    Default value is SSD. For more information, see Storage type options in the FSx for Windows File Server User Guide, Multiple storage options in the FSx for Lustre User Guide, and Working with Intelligent-Tiering in the Amazon FSx for OpenZFS User Guide.

    " + "documentation":"

    Sets the storage class for the file system that you're creating. Valid values are SSD, HDD, and INTELLIGENT_TIERING.

    • Set to SSD to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.

    • Set to HDD to use hard disk drive storage, which is supported on SINGLE_AZ_2 and MULTI_AZ_1 Windows file system deployment types, and on PERSISTENT_1 Lustre file system deployment types.

    • Set to INTELLIGENT_TIERING to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type and for Lustre file systems with the Persistent_2 deployment type.

    Default value is SSD. For more information, see Storage type options in the FSx for Windows File Server User Guide, FSx for Lustre storage classes in the FSx for Lustre User Guide, and Working with Intelligent-Tiering in the Amazon FSx for OpenZFS User Guide.

    " }, "SubnetIds":{ "shape":"SubnetIds", @@ -1932,6 +2095,10 @@ "OpenZFSConfiguration":{ "shape":"CreateFileSystemOpenZFSConfiguration", "documentation":"

    The OpenZFS configuration for the file system that's being created.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    The network type of the Amazon FSx file system that you are creating. Valid values are IPV4 (which supports IPv4 only) and DUAL (for dual-stack mode, which supports both IPv4 and IPv6). The default is IPV4. Supported for FSx for OpenZFS, FSx for ONTAP, and FSx for Windows File Server file systems.

    " } }, "documentation":"

    The request object used to create a new Amazon FSx file system.

    " @@ -1985,7 +2152,7 @@ }, "Aliases":{ "shape":"AlternateDNSNames", - "documentation":"

    An array of one or more DNS alias names that you want to associate with the Amazon FSx file system. Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. You can associate up to 50 aliases with a file system at any time. You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation. You only need to specify the alias name in the request payload.

    For more information, see Working with DNS Aliases and Walkthrough 5: Using DNS aliases to access your file system, including additional steps you must take to be able to access your file system using a DNS alias.

    An alias name has to meet the following requirements:

    • Formatted as a fully-qualified domain name (FQDN), hostname.domain, for example, accounting.example.com.

    • Can contain alphanumeric characters, the underscore (_), and the hyphen (-).

    • Cannot start or end with a hyphen.

    • Can start with a numeric.

    For DNS alias names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

    " + "documentation":"

    An array of one or more DNS alias names that you want to associate with the Amazon FSx file system. Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. You can associate up to 50 aliases with a file system at any time. You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation. You only need to specify the alias name in the request payload. For more information, see Managing DNS aliases and Accessing data using DNS aliases.

    An alias name has to meet the following requirements:

    • Formatted as a fully-qualified domain name (FQDN), hostname.domain, for example, accounting.example.com.

    • Can contain alphanumeric characters, the underscore (_), and the hyphen (-).

    • Cannot start or end with a hyphen.

    • Can start with a numeric.

    For DNS alias names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

    " }, "AuditLogConfiguration":{ "shape":"WindowsAuditLogCreateConfiguration", @@ -2089,7 +2256,7 @@ }, "RecordSizeKiB":{ "shape":"IntegerRecordSizeKiB", - "documentation":"

    Specifies the suggested block size for a volume in a ZFS dataset, in kibibytes (KiB). For file systems using the Intelligent-Tiering storage class, valid values are 128, 256, 512, 1024, 2048, or 4096 KiB, with a default of 2048 KiB. For all other file systems, valid values are 4, 8, 16, 32, 64, 128, 256, 512, or 1024 KiB, with a default of 128 KiB. We recommend using the default setting for the majority of use cases. Generally, workloads that write in fixed small or large record sizes may benefit from setting a custom record size, like database workloads (small record size) or media streaming workloads (large record size). For additional guidance on when to set a custom record size, see ZFS Record size in the Amazon FSx for OpenZFS User Guide.

    " + "documentation":"

    Specifies the suggested block size for a volume in a ZFS dataset, in kibibytes (KiB). For file systems using the Intelligent-Tiering storage class, valid values are 128, 256, 512, 1024, 2048, or 4096 KiB, with a default of 1024 KiB. For all other file systems, valid values are 4, 8, 16, 32, 64, 128, 256, 512, or 1024 KiB, with a default of 128 KiB. We recommend using the default setting for the majority of use cases. Generally, workloads that write in fixed small or large record sizes may benefit from setting a custom record size, like database workloads (small record size) or media streaming workloads (large record size). For additional guidance on when to set a custom record size, see ZFS Record size in the Amazon FSx for OpenZFS User Guide.

    " }, "DataCompressionType":{ "shape":"OpenZFSDataCompressionType", @@ -2097,7 +2264,7 @@ }, "CopyTagsToSnapshots":{ "shape":"Flag", - "documentation":"

    A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to false. If it's set to true, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is true, and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value.

    " + "documentation":"

    A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to false. If this value is set to true, and you do not specify any tags, all tags for the original volume are copied over to snapshots. If this value is set to true, and you do specify one or more tags, only the specified tags for the original volume are copied over to snapshots. If you specify one or more tags when creating a new snapshot, no tags are copied over from the original volume, regardless of this value.

    " }, "OriginSnapshot":{ "shape":"CreateOpenZFSOriginSnapshotConfiguration", @@ -2307,6 +2474,12 @@ "type":"timestamp", "documentation":"

    The time that the resource was created, in seconds (since 1970-01-01T00:00:00Z), also known as Unix time.

    " }, + "CustomerSecretsManagerARN":{ + "type":"string", + "max":1024, + "min":64, + "pattern":"^arn:[^:]{1,63}:secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+-[a-zA-Z0-9]{6}$" + }, "DNSName":{ "type":"string", "documentation":"

    The file system's DNS name. You can mount your file system using its DNS name.

    ", @@ -2381,7 +2554,7 @@ "documentation":"

    The configuration for an NFS data repository linked to an Amazon File Cache resource with a data repository association.

    " } }, - "documentation":"

    The configuration of a data repository association that links an Amazon FSx for Lustre file system to an Amazon S3 bucket or an Amazon File Cache resource to an Amazon S3 bucket or an NFS file system. The data repository association configuration object is returned in the response of the following operations:

    • CreateDataRepositoryAssociation

    • UpdateDataRepositoryAssociation

    • DescribeDataRepositoryAssociations

    Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and 2.15 file systems, excluding scratch_1 deployment type.

    " + "documentation":"

    The configuration of a data repository association that links an Amazon FSx for Lustre file system to an Amazon S3 bucket or an Amazon File Cache resource to an Amazon S3 bucket or an NFS file system. The data repository association configuration object is returned in the response of the following operations:

    • CreateDataRepositoryAssociation

    • UpdateDataRepositoryAssociation

    • DescribeDataRepositoryAssociations

    Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and 2.15 file systems, excluding Intelligent-Tiering and scratch_1 file systems.

    " }, "DataRepositoryAssociationId":{ "type":"string", @@ -2551,7 +2724,7 @@ "documentation":"

    Use Values to include the specific file system IDs and task lifecycle states for the filters you are using.

    " } }, - "documentation":"

    (Optional) An array of filter objects you can use to filter the response of data repository tasks you will see in the the response. You can filter the tasks returned in the response by one or more file system IDs, task lifecycles, and by task type. A filter object consists of a filter Name, and one or more Values for the filter.

    " + "documentation":"

    (Optional) An array of filter objects you can use to filter the response of data repository tasks you will see in the response. You can filter the tasks returned in the response by one or more file system IDs, task lifecycles, and by task type. A filter object consists of a filter Name, and one or more Values for the filter.

    " }, "DataRepositoryTaskFilterName":{ "type":"string", @@ -3185,11 +3358,35 @@ }, "documentation":"

    The response object for DescribeFileSystems operation.

    " }, - "DescribeSharedVpcConfigurationRequest":{ + "DescribeS3AccessPointAttachmentsRequest":{ + "type":"structure", + "members":{ + "Names":{ + "shape":"S3AccessPointAttachmentNames", + "documentation":"

    The names of the S3 access point attachments whose descriptions you want to retrieve.

    " + }, + "Filters":{ + "shape":"S3AccessPointAttachmentsFilters", + "documentation":"

    Enter a filter Name and Values pair to view a select set of S3 access point attachments.

    " + }, + "MaxResults":{"shape":"MaxResults"}, + "NextToken":{"shape":"NextToken"} + } + }, + "DescribeS3AccessPointAttachmentsResponse":{ "type":"structure", "members":{ + "S3AccessPointAttachments":{ + "shape":"S3AccessPointAttachments", + "documentation":"

    Array of S3 access point attachments returned after a successful DescribeS3AccessPointAttachments operation.

    " + }, + "NextToken":{"shape":"NextToken"} } }, + "DescribeSharedVpcConfigurationRequest":{ + "type":"structure", + "members":{} + }, "DescribeSharedVpcConfigurationResponse":{ "type":"structure", "members":{ @@ -3278,6 +3475,33 @@ "NextToken":{"shape":"NextToken"} } }, + "DetachAndDeleteS3AccessPointRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "idempotencyToken":true + }, + "Name":{ + "shape":"S3AccessPointAttachmentName", + "documentation":"

    The name of the S3 access point attachment that you want to delete.

    " + } + } + }, + "DetachAndDeleteS3AccessPointResponse":{ + "type":"structure", + "members":{ + "Lifecycle":{ + "shape":"S3AccessPointAttachmentLifecycle", + "documentation":"

    The lifecycle status of the S3 access point attachment.

    " + }, + "Name":{ + "shape":"S3AccessPointAttachmentName", + "documentation":"

    The name of the S3 access point attachment being deleted.

    " + } + } + }, "DirectoryId":{ "type":"string", "max":12, @@ -3378,6 +3602,11 @@ "documentation":"

    Defines the minimum amount of time since last access for a file to be eligible for release. Only files that have been exported to S3 and that were last accessed or modified before this point-in-time are eligible to be released from the Amazon FSx for Lustre file system.

    " }, "EndTime":{"type":"timestamp"}, + "ErrorCode":{ + "type":"string", + "max":128, + "min":1 + }, "ErrorMessage":{ "type":"string", "documentation":"

    A detailed error message.

    ", @@ -3668,7 +3897,7 @@ }, "StorageType":{ "shape":"StorageType", - "documentation":"

    The type of storage the file system is using. If set to SSD, the file system uses solid state drive storage. If set to HDD, the file system uses hard disk drive storage.

    " + "documentation":"

    The type of storage the file system is using.

    • If set to SSD, the file system uses solid state drive storage.

    • If set to HDD, the file system uses hard disk drive storage.

    • If set to INTELLIGENT_TIERING, the file system uses fully elastic, intelligently-tiered storage.

    " }, "VpcId":{ "shape":"VpcId", @@ -3718,6 +3947,10 @@ "OpenZFSConfiguration":{ "shape":"OpenZFSFileSystemConfiguration", "documentation":"

    The configuration for this Amazon FSx for OpenZFS file system.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    The network type of the file system.

    " } }, "documentation":"

    A description of a specific Amazon FSx file system.

    " @@ -3734,7 +3967,11 @@ "DNSName":{"shape":"DNSName"}, "IpAddresses":{ "shape":"OntapEndpointIpAddresses", - "documentation":"

    IP addresses of the file system endpoint.

    " + "documentation":"

    The IPv4 addresses of the file system endpoint.

    " + }, + "Ipv6Addresses":{ + "shape":"OntapEndpointIpAddresses", + "documentation":"

    The IPv6 addresses of the file system endpoint.

    " } }, "documentation":"

    An Amazon FSx for NetApp ONTAP file system has two endpoints that are used to access data or to manage the file system using the NetApp ONTAP CLI, REST API, or NetApp SnapMirror. They are the Management and Intercluster endpoints.

    " @@ -3763,6 +4000,11 @@ }, "documentation":"

    A structure providing details of any failures that occurred.

    " }, + "FileSystemGID":{ + "type":"long", + "max":4294967295, + "min":0 + }, "FileSystemId":{ "type":"string", "documentation":"

    The globally unique ID of the file system, assigned by Amazon FSx.

    ", @@ -3795,11 +4037,11 @@ "members":{ "Iops":{ "shape":"MetadataIops", - "documentation":"

    The number of Metadata IOPS provisioned for the file system. Valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    " + "documentation":"

    The number of Metadata IOPS provisioned for the file system.

    • For SSD file systems, valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    • For Intelligent-Tiering file systems, valid values are 6000 and 12000.

    " }, "Mode":{ "shape":"MetadataConfigurationMode", - "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for the file system.

    • In AUTOMATIC mode, FSx for Lustre automatically provisions and scales the number of Metadata IOPS on your file system based on your file system storage capacity.

    • In USER_PROVISIONED mode, you can choose to specify the number of Metadata IOPS to provision for your file system.

    " + "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for the file system.

    • In AUTOMATIC mode (supported only on SSD file systems), FSx for Lustre automatically provisions and scales the number of Metadata IOPS on your file system based on your file system storage capacity.

    • In USER_PROVISIONED mode, you can choose to specify the number of Metadata IOPS to provision for your file system.

    " } }, "documentation":"

    The Lustre metadata performance configuration of an Amazon FSx for Lustre file system using a PERSISTENT_2 deployment type. The configuration enables the file system to support increasing metadata performance.

    " @@ -3826,9 +4068,14 @@ "documentation":"

    No Amazon FSx file systems were found based upon supplied parameters.

    ", "exception":true }, + "FileSystemSecondaryGIDs":{ + "type":"list", + "member":{"shape":"FileSystemGID"}, + "max":15 + }, "FileSystemType":{ "type":"string", - "documentation":"

    The type of file system.

    ", + "documentation":"

    The type of Amazon FSx file system.

    ", "enum":[ "WINDOWS", "LUSTRE", @@ -3842,6 +4089,11 @@ "min":1, "pattern":"^[0-9](.[0-9]*)*$" }, + "FileSystemUID":{ + "type":"long", + "max":4294967295, + "min":0 + }, "FileSystems":{ "type":"list", "member":{"shape":"FileSystem"}, @@ -3967,6 +4219,18 @@ "exception":true, "fault":true }, + "InvalidAccessPoint":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    An error code indicating that the access point specified doesn't exist.

    " + }, + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The access point specified doesn't exist.

    ", + "exception":true + }, "InvalidDataRepositoryType":{ "type":"structure", "members":{ @@ -4038,6 +4302,18 @@ "documentation":"

    The Region provided for SourceRegion is not valid or is in a different Amazon Web Services partition.

    ", "exception":true }, + "InvalidRequest":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    An error code indicating that the action or operation requested is invalid.

    " + }, + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The action or operation requested is invalid. Verify that the action is typed correctly.

    ", + "exception":true + }, "InvalidSourceKmsKey":{ "type":"structure", "members":{ @@ -4053,9 +4329,9 @@ }, "IpAddress":{ "type":"string", - "max":15, - "min":7, - "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + "max":45, + "min":1, + "pattern":"(^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$)" }, "IpAddressRange":{ "type":"string", @@ -4063,6 +4339,12 @@ "min":9, "pattern":"^[^\\u0000\\u0085\\u2028\\u2029\\r\\n]{9,17}$" }, + "Ipv6AddressRange":{ + "type":"string", + "max":43, + "min":4, + "pattern":"^[^\\u0000\\u0085\\u2028\\u2029\\r\\n]{4,43}$" + }, "JunctionPath":{ "type":"string", "max":255, @@ -4150,7 +4432,7 @@ "DataRepositoryConfiguration":{"shape":"DataRepositoryConfiguration"}, "DeploymentType":{ "shape":"LustreDeploymentType", - "documentation":"

    The deployment type of the FSx for Lustre file system. Scratch deployment type is designed for temporary storage and shorter-term processing of data.

    SCRATCH_1 and SCRATCH_2 deployment types are best suited for when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

    The PERSISTENT_1 and PERSISTENT_2 deployment type is used for longer-term storage and workloads and encryption of data in transit. PERSISTENT_2 offers higher PerUnitStorageThroughput (up to 1000 MB/s/TiB) along with a lower minimum storage capacity requirement (600 GiB). To learn more about FSx for Lustre deployment types, see FSx for Lustre deployment options.

    The default is SCRATCH_1.

    " + "documentation":"

    The deployment type of the FSx for Lustre file system. Scratch deployment type is designed for temporary storage and shorter-term processing of data.

    SCRATCH_1 and SCRATCH_2 deployment types are best suited for when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

    The PERSISTENT_1 and PERSISTENT_2 deployment type is used for longer-term storage and workloads and encryption of data in transit. PERSISTENT_2 offers higher PerUnitStorageThroughput (up to 1000 MB/s/TiB) along with a lower minimum storage capacity requirement (600 GiB). To learn more about FSx for Lustre deployment types, see Deployment and storage class options for FSx for Lustre file systems.

    The default is SCRATCH_1.

    " }, "PerUnitStorageThroughput":{ "shape":"PerUnitStorageThroughput", @@ -4189,6 +4471,14 @@ "EfaEnabled":{ "shape":"Flag", "documentation":"

    Specifies whether Elastic Fabric Adapter (EFA) and GPUDirect Storage (GDS) support is enabled for the Amazon FSx for Lustre file system.

    " + }, + "ThroughputCapacity":{ + "shape":"ThroughputCapacityMbps", + "documentation":"

    The throughput of an Amazon FSx for Lustre file system using the Intelligent-Tiering storage class, measured in megabytes per second (MBps).

    " + }, + "DataReadCacheConfiguration":{ + "shape":"LustreReadCacheConfiguration", + "documentation":"

    Required when StorageType is set to INTELLIGENT_TIERING. Specifies the optional provisioned SSD read cache.

    " } }, "documentation":"

    The configuration for the Amazon FSx for Lustre file system.

    " @@ -4240,6 +4530,28 @@ "member":{"shape":"LustreNoSquashNid"}, "max":64 }, + "LustreReadCacheConfiguration":{ + "type":"structure", + "members":{ + "SizingMode":{ + "shape":"LustreReadCacheSizingMode", + "documentation":"

    Specifies how the provisioned SSD read cache is sized, as follows:

    • Set to NO_CACHE if you do not want to use an SSD read cache with your Intelligent-Tiering file system.

    • Set to USER_PROVISIONED to specify the exact size of your SSD read cache.

    • Set to PROPORTIONAL_TO_THROUGHPUT_CAPACITY to have your SSD read cache automatically sized based on your throughput capacity.

    " + }, + "SizeGiB":{ + "shape":"StorageCapacity", + "documentation":"

    Required if SizingMode is set to USER_PROVISIONED. Specifies the size of the file system's SSD read cache, in gibibytes (GiB).

    The SSD read cache size is distributed across provisioned file servers in your file system. Intelligent-Tiering file systems support a minimum of 32 GiB and maximum of 131072 GiB for SSD read cache size for every 4,000 MB/s of throughput capacity provisioned.

    " + } + }, + "documentation":"

    The configuration for the optional provisioned SSD read cache on Amazon FSx for Lustre file systems that use the Intelligent-Tiering storage class.

    " + }, + "LustreReadCacheSizingMode":{ + "type":"string", + "enum":[ + "NO_CACHE", + "USER_PROVISIONED", + "PROPORTIONAL_TO_THROUGHPUT_CAPACITY" + ] + }, "LustreRootSquash":{ "type":"string", "max":21, @@ -4362,6 +4674,13 @@ "documentation":"

    A list of network interface IDs.

    ", "max":50 }, + "NetworkType":{ + "type":"string", + "enum":[ + "IPV4", + "DUAL" + ] + }, "NextToken":{ "type":"string", "documentation":"

    (Optional) Opaque pagination token returned from a previous operation (String). If present, this token indicates from what point you can continue processing the request, where the previous NextToken value left off.

    ", @@ -4412,7 +4731,7 @@ }, "EndpointIpAddressRange":{ "shape":"IpAddressRange", - "documentation":"

    (Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables.

    " + "documentation":"

    (Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables.

    " }, "Endpoints":{ "shape":"FileSystemEndpoints", @@ -4440,6 +4759,10 @@ "ThroughputCapacityPerHAPair":{ "shape":"ThroughputCapacityPerHAPair", "documentation":"

    Use to choose the throughput capacity per HA pair. When the value of HAPairs is equal to 1, the value of ThroughputCapacityPerHAPair is the total throughput for the file system.

    This field and ThroughputCapacity cannot be defined in the same API call, but one is required.

    This field and ThroughputCapacity are the same for file systems with one HA pair.

    • For SINGLE_AZ_1 and MULTI_AZ_1 file systems, valid values are 128, 256, 512, 1024, 2048, or 4096 MBps.

    • For SINGLE_AZ_2, valid values are 1536, 3072, or 6144 MBps.

    • For MULTI_AZ_2, valid values are 384, 768, 1536, 3072, or 6144 MBps.

    Amazon FSx responds with an HTTP status code 400 (Bad Request) for the following conditions:

    • The value of ThroughputCapacity and ThroughputCapacityPerHAPair are not the same value.

    • The value of deployment type is SINGLE_AZ_2 and ThroughputCapacity / ThroughputCapacityPerHAPair is not a valid HA pair (a value between 1 and 12).

    • The value of ThroughputCapacityPerHAPair is not a valid value.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " } }, "documentation":"

    Configuration for the FSx for NetApp ONTAP file system.

    " @@ -4640,7 +4963,11 @@ }, "EndpointIpAddressRange":{ "shape":"IpAddressRange", - "documentation":"

    (Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables.

    " + "documentation":"

    (Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " }, "RouteTableIds":{ "shape":"RouteTableIds", @@ -4648,7 +4975,11 @@ }, "EndpointIpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the endpoint that is used to access data or to manage the file system.

    " + "documentation":"

    The IPv4 address of the endpoint that is used to access data or to manage the file system.

    " + }, + "EndpointIpv6Address":{ + "shape":"IpAddress", + "documentation":"

    The IPv6 address of the endpoint that is used to access data or to manage the file system.

    " }, "ReadCacheConfiguration":{ "shape":"OpenZFSReadCacheConfiguration", @@ -4657,6 +4988,25 @@ }, "documentation":"

    The configuration for the Amazon FSx for OpenZFS file system.

    " }, + "OpenZFSFileSystemIdentity":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"OpenZFSFileSystemUserType", + "documentation":"

    Specifies the FSx for OpenZFS user identity type, accepts only POSIX.

    " + }, + "PosixUser":{ + "shape":"OpenZFSPosixFileSystemUser", + "documentation":"

    Specifies the UID and GIDs of the file system POSIX user.

    " + } + }, + "documentation":"

    Specifies the file system user identity that will be used for authorizing all file access requests that are made using the S3 access point.

    " + }, + "OpenZFSFileSystemUserType":{ + "type":"string", + "enum":["POSIX"] + }, "OpenZFSNfsExport":{ "type":"structure", "required":["ClientConfigurations"], @@ -4696,6 +5046,28 @@ }, "documentation":"

    The snapshot configuration used when creating an Amazon FSx for OpenZFS volume from a snapshot.

    " }, + "OpenZFSPosixFileSystemUser":{ + "type":"structure", + "required":[ + "Uid", + "Gid" + ], + "members":{ + "Uid":{ + "shape":"FileSystemUID", + "documentation":"

    The UID of the file system user.

    " + }, + "Gid":{ + "shape":"FileSystemGID", + "documentation":"

    The GID of the file system user.

    " + }, + "SecondaryGids":{ + "shape":"FileSystemSecondaryGIDs", + "documentation":"

    The list of secondary GIDs for the file system user.

    " + } + }, + "documentation":"

    The FSx for OpenZFS file system user that is used for authorizing all file access requests that are made using the S3 access point.

    " + }, "OpenZFSQuotaType":{ "type":"string", "enum":[ @@ -4715,7 +5087,7 @@ "documentation":"

    Required if SizingMode is set to USER_PROVISIONED. Specifies the size of the file system's SSD read cache, in gibibytes (GiB).

    " } }, - "documentation":"

    The configuration for the optional provisioned SSD read cache on file systems that use the Intelligent-Tiering storage class.

    " + "documentation":"

    The configuration for the optional provisioned SSD read cache on Amazon FSx for OpenZFS file systems that use the Intelligent-Tiering storage class.

    " }, "OpenZFSReadCacheSizingMode":{ "type":"string", @@ -4770,7 +5142,7 @@ }, "StorageCapacityQuotaGiB":{ "shape":"IntegerNoMax", - "documentation":"

    The maximum amount of storage in gibibtyes (GiB) that the volume can use from its parent. You can specify a quota larger than the storage on the parent volume.

    " + "documentation":"

    The maximum amount of storage in gibibytes (GiB) that the volume can use from its parent. You can specify a quota larger than the storage on the parent volume.

    " }, "RecordSizeKiB":{ "shape":"IntegerRecordSizeKiB", @@ -5049,6 +5421,158 @@ "member":{"shape":"RouteTableId"}, "max":50 }, + "S3AccessPoint":{ + "type":"structure", + "members":{ + "ResourceARN":{ + "shape":"GeneralARN", + "documentation":"

    he S3 access point's ARN.

    " + }, + "Alias":{ + "shape":"S3AccessPointAlias", + "documentation":"

    The S3 access point's alias.

    " + }, + "VpcConfiguration":{ + "shape":"S3AccessPointVpcConfiguration", + "documentation":"

    The S3 access point's virtual private cloud (VPC) configuration.

    " + } + }, + "documentation":"

    Describes the S3 access point configuration of the S3 access point attachment.

    " + }, + "S3AccessPointAlias":{ + "type":"string", + "max":63, + "min":1, + "pattern":"^[0-9a-z\\\\-]{1,63}" + }, + "S3AccessPointAttachment":{ + "type":"structure", + "members":{ + "Lifecycle":{ + "shape":"S3AccessPointAttachmentLifecycle", + "documentation":"

    The lifecycle status of the S3 access point attachment. The lifecycle can have the following values:

    • AVAILABLE - the S3 access point attachment is available for use

    • CREATING - Amazon FSx is creating the S3 access point and attachment

    • DELETING - Amazon FSx is deleting the S3 access point and attachment

    • FAILED - The S3 access point attachment is in a failed state. Delete and detach the S3 access point attachment, and create a new one.

    • UPDATING - Amazon FSx is updating the S3 access point attachment

    " + }, + "LifecycleTransitionReason":{"shape":"LifecycleTransitionReason"}, + "CreationTime":{"shape":"CreationTime"}, + "Name":{ + "shape":"S3AccessPointAttachmentName", + "documentation":"

    The name of the S3 access point attachment; also used for the name of the S3 access point.

    " + }, + "Type":{ + "shape":"S3AccessPointAttachmentType", + "documentation":"

    The type of Amazon FSx volume that the S3 access point is attached to.

    " + }, + "OpenZFSConfiguration":{ + "shape":"S3AccessPointOpenZFSConfiguration", + "documentation":"

    The OpenZFSConfiguration of the S3 access point attachment.

    " + }, + "S3AccessPoint":{ + "shape":"S3AccessPoint", + "documentation":"

    The S3 access point configuration of the S3 access point attachment.

    " + } + }, + "documentation":"

    An S3 access point attached to an Amazon FSx volume.

    " + }, + "S3AccessPointAttachmentLifecycle":{ + "type":"string", + "enum":[ + "AVAILABLE", + "CREATING", + "DELETING", + "UPDATING", + "FAILED" + ] + }, + "S3AccessPointAttachmentName":{ + "type":"string", + "max":50, + "min":3, + "pattern":"^(?=[a-z0-9])[a-z0-9-]{1,48}[a-z0-9]$" + }, + "S3AccessPointAttachmentNames":{ + "type":"list", + "member":{"shape":"S3AccessPointAttachmentName"}, + "max":50 + }, + "S3AccessPointAttachmentNotFound":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The access point specified was not found.

    ", + "exception":true + }, + "S3AccessPointAttachmentType":{ + "type":"string", + "enum":["OPENZFS"] + }, + "S3AccessPointAttachments":{ + "type":"list", + "member":{"shape":"S3AccessPointAttachment"}, + "max":1000 + }, + "S3AccessPointAttachmentsFilter":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"S3AccessPointAttachmentsFilterName", + "documentation":"

    The name of the filter.

    " + }, + "Values":{ + "shape":"S3AccessPointAttachmentsFilterValues", + "documentation":"

    The values of the filter.

    " + } + }, + "documentation":"

    A set of Name and Values pairs used to view a select set of S3 access point attachments.

    " + }, + "S3AccessPointAttachmentsFilterName":{ + "type":"string", + "enum":[ + "file-system-id", + "volume-id", + "type" + ] + }, + "S3AccessPointAttachmentsFilterValue":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[0-9a-zA-Z\\*\\.\\\\/\\?\\-\\_]*$" + }, + "S3AccessPointAttachmentsFilterValues":{ + "type":"list", + "member":{"shape":"S3AccessPointAttachmentsFilterValue"}, + "max":20 + }, + "S3AccessPointAttachmentsFilters":{ + "type":"list", + "member":{"shape":"S3AccessPointAttachmentsFilter"}, + "max":2 + }, + "S3AccessPointOpenZFSConfiguration":{ + "type":"structure", + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The ID of the FSx for OpenZFS volume that the S3 access point is attached to.

    " + }, + "FileSystemIdentity":{ + "shape":"OpenZFSFileSystemIdentity", + "documentation":"

    The file system identity used to authorize file access requests made using the S3 access point.

    " + } + }, + "documentation":"

    Describes the FSx for OpenZFS attachment configuration of an S3 access point attachment.

    " + }, + "S3AccessPointVpcConfiguration":{ + "type":"structure", + "members":{ + "VpcId":{ + "shape":"VpcId", + "documentation":"

    Specifies the virtual private cloud (VPC) for the S3 access point VPC configuration, if one exists.

    " + } + }, + "documentation":"

    If included, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC).

    " + }, "S3DataRepositoryConfiguration":{ "type":"structure", "members":{ @@ -5106,6 +5630,10 @@ "DnsIps":{ "shape":"DnsIps", "documentation":"

    A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory.

    " + }, + "DomainJoinServiceAccountSecret":{ + "shape":"CustomerSecretsManagerARN", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the service account credentials used to join the file system to your self-managed Active Directory domain.

    " } }, "documentation":"

    The configuration of the self-managed Microsoft Active Directory (AD) directory to which the Windows File Server or ONTAP storage virtual machine (SVM) instance is joined.

    " @@ -5114,8 +5642,6 @@ "type":"structure", "required":[ "DomainName", - "UserName", - "Password", "DnsIps" ], "members":{ @@ -5142,6 +5668,10 @@ "DnsIps":{ "shape":"DnsIps", "documentation":"

    A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory.

    " + }, + "DomainJoinServiceAccountSecret":{ + "shape":"CustomerSecretsManagerARN", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the self-managed Active Directory domain join service account credentials. When provided, Amazon FSx uses the credentials stored in this secret to join the file system to your self-managed Active Directory domain.

    The secret must contain two key-value pairs:

    • CUSTOMER_MANAGED_ACTIVE_DIRECTORY_USERNAME - The username for the service account

    • CUSTOMER_MANAGED_ACTIVE_DIRECTORY_PASSWORD - The password for the service account

    For more information, see Using Amazon FSx for Windows with your self-managed Microsoft Active Directory or Using Amazon FSx for ONTAP with your self-managed Microsoft Active Directory.

    " } }, "documentation":"

    The configuration that Amazon FSx uses to join a FSx for Windows File Server file system or an FSx for ONTAP storage virtual machine (SVM) to a self-managed (including on-premises) Microsoft Active Directory (AD) directory. For more information, see Using Amazon FSx for Windows with your self-managed Microsoft Active Directory or Managing FSx for ONTAP SVMs.

    " @@ -5172,6 +5702,10 @@ "FileSystemAdministratorsGroup":{ "shape":"FileSystemAdministratorsGroupName", "documentation":"

    For FSx for ONTAP file systems only - Specifies the updated name of the self-managed Active Directory domain group whose members are granted administrative privileges for the Amazon FSx resource.

    " + }, + "DomainJoinServiceAccountSecret":{ + "shape":"CustomerSecretsManagerARN", + "documentation":"

    Specifies the updated Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the self-managed Active Directory domain join service account credentials. Amazon FSx uses this account to join to your self-managed Active Directory domain.

    " } }, "documentation":"

    Specifies changes you are making to the self-managed Microsoft Active Directory configuration to which an FSx for Windows File Server file system or an FSx for ONTAP SVM is joined.

    " @@ -5421,7 +5955,9 @@ "PENDING", "COMPLETED", "UPDATED_OPTIMIZING", - "OPTIMIZING" + "OPTIMIZING", + "PAUSED", + "CANCELLED" ] }, "StorageCapacity":{ @@ -5613,7 +6149,11 @@ "DNSName":{"shape":"DNSName"}, "IpAddresses":{ "shape":"OntapEndpointIpAddresses", - "documentation":"

    The SVM endpoint's IP addresses.

    " + "documentation":"

    The SVM endpoint's IPv4 addresses.

    " + }, + "Ipv6Addresses":{ + "shape":"OntapEndpointIpAddresses", + "documentation":"

    The SVM endpoint's IPv6 addresses.

    " } }, "documentation":"

    An Amazon FSx for NetApp ONTAP storage virtual machine (SVM) has four endpoints that are used to access data or to manage the SVM using the NetApp ONTAP CLI, REST API, or NetApp CloudManager. They are the Iscsi, Management, Nfs, and Smb endpoints.

    " @@ -5692,8 +6232,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response object for the TagResource operation.

    " }, "TagValue":{ @@ -5721,6 +6260,11 @@ "member":{"shape":"TaskId"}, "max":50 }, + "ThroughputCapacityMbps":{ + "type":"integer", + "max":2000000, + "min":4000 + }, "ThroughputCapacityPerHAPair":{ "type":"integer", "max":6144, @@ -5749,6 +6293,18 @@ "NONE" ] }, + "TooManyAccessPoints":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    An error code indicating that you have reached the maximum number of S3 access points attachments allowed for your account in this Amazon Web Services Region, or for the file system.

    " + }, + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    You have reached the maximum number of S3 access points attachments allowed for your account in this Amazon Web Services Region, or for the file system. For more information, or to request an increase, see Service quotas on FSx resources in the FSx for OpenZFS User Guide.

    ", + "exception":true + }, "TotalConstituents":{ "type":"integer", "max":200, @@ -5796,8 +6352,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response object for UntagResource action.

    " }, "UpdateDataRepositoryAssociationRequest":{ @@ -5900,6 +6455,14 @@ "MetadataConfiguration":{ "shape":"UpdateFileSystemLustreMetadataConfiguration", "documentation":"

    The Lustre metadata performance configuration for an Amazon FSx for Lustre file system using a PERSISTENT_2 deployment type. When this configuration is enabled, the file system supports increasing metadata performance.

    " + }, + "ThroughputCapacity":{ + "shape":"ThroughputCapacityMbps", + "documentation":"

    The throughput of an Amazon FSx for Lustre file system using an Intelligent-Tiering storage class, measured in megabytes per second (MBps). You can only increase your file system's throughput. Valid values are 4000 MBps or multiples of 4000 MBps.

    " + }, + "DataReadCacheConfiguration":{ + "shape":"LustreReadCacheConfiguration", + "documentation":"

    Specifies the optional provisioned SSD read cache on Amazon FSx for Lustre file systems that use the Intelligent-Tiering storage class.

    " } }, "documentation":"

    The configuration object for Amazon FSx for Lustre file systems used in the UpdateFileSystem operation.

    " @@ -5909,11 +6472,11 @@ "members":{ "Iops":{ "shape":"MetadataIops", - "documentation":"

    (USER_PROVISIONED mode only) Specifies the number of Metadata IOPS to provision for your file system. Valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    The value you provide must be greater than or equal to the current number of Metadata IOPS provisioned for the file system.

    " + "documentation":"

    (USER_PROVISIONED mode only) Specifies the number of Metadata IOPS to provision for your file system.

    • For SSD file systems, valid values are 1500, 3000, 6000, 12000, and multiples of 12000 up to a maximum of 192000.

    • For Intelligent-Tiering file systems, valid values are 6000 and 12000.

    The value you provide must be greater than or equal to the current number of Metadata IOPS provisioned for the file system.

    " }, "Mode":{ "shape":"MetadataConfigurationMode", - "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for an FSx for Lustre file system using a PERSISTENT_2 deployment type.

    • To increase the Metadata IOPS or to switch from AUTOMATIC mode, specify USER_PROVISIONED as the value for this parameter. Then use the Iops parameter to provide a Metadata IOPS value that is greater than or equal to the current number of Metadata IOPS provisioned for the file system.

    • To switch from USER_PROVISIONED mode, specify AUTOMATIC as the value for this parameter, but do not input a value for Iops.

      If you request to switch from USER_PROVISIONED to AUTOMATIC mode and the current Metadata IOPS value is greater than the automated default, FSx for Lustre rejects the request because downscaling Metadata IOPS is not supported.
    " + "documentation":"

    The metadata configuration mode for provisioning Metadata IOPS for an FSx for Lustre file system using a PERSISTENT_2 deployment type.

    • To increase the Metadata IOPS or to switch an SSD file system from AUTOMATIC, specify USER_PROVISIONED as the value for this parameter. Then use the Iops parameter to provide a Metadata IOPS value that is greater than or equal to the current number of Metadata IOPS provisioned for the file system.

    • To switch from USER_PROVISIONED mode on an SSD file system, specify AUTOMATIC as the value for this parameter, but do not input a value for Iops.

      • If you request to switch from USER_PROVISIONED to AUTOMATIC mode and the current Metadata IOPS value is greater than the automated default, FSx for Lustre rejects the request because downscaling Metadata IOPS is not supported.

      • AUTOMATIC mode is not supported on Intelligent-Tiering file systems. For Intelligent-Tiering file systems, use USER_PROVISIONED mode.
    " } }, "documentation":"

    The Lustre metadata performance configuration update for an Amazon FSx for Lustre file system using a PERSISTENT_2 deployment type. You can request an increase in your file system's Metadata IOPS and/or switch your file system's metadata configuration mode. For more information, see Managing metadata performance in the Amazon FSx for Lustre User Guide.

    " @@ -5925,12 +6488,12 @@ "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "FsxAdminPassword":{ "shape":"AdminPassword", - "documentation":"

    Update the password for the fsxadmin user by entering a new password. You use the fsxadmin user to access the NetApp ONTAP CLI and REST API to manage your file system resources. For more information, see Managing resources using NetApp Applicaton.

    " + "documentation":"

    Update the password for the fsxadmin user by entering a new password. You use the fsxadmin user to access the NetApp ONTAP CLI and REST API to manage your file system resources. For more information, see Managing resources using NetApp Application.

    " }, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, "DiskIopsConfiguration":{ "shape":"DiskIopsConfiguration", - "documentation":"

    The SSD IOPS (input output operations per second) configuration for an Amazon FSx for NetApp ONTAP file system. The default is 3 IOPS per GB of storage capacity, but you can provision additional IOPS per GB of storage. The configuration consists of an IOPS mode (AUTOMATIC or USER_PROVISIONED), and in the case of USER_PROVISIONED IOPS, the total number of SSD IOPS provisioned. For more information, see Updating SSD storage capacity and IOPS.

    " + "documentation":"

    The SSD IOPS (input output operations per second) configuration for an Amazon FSx for NetApp ONTAP file system. The default is 3 IOPS per GB of storage capacity, but you can provision additional IOPS per GB of storage. The configuration consists of an IOPS mode (AUTOMATIC or USER_PROVISIONED), and in the case of USER_PROVISIONED IOPS, the total number of SSD IOPS provisioned. For more information, see File system storage capacity and IOPS.

    " }, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", @@ -5951,6 +6514,10 @@ "HAPairs":{ "shape":"HAPairs", "documentation":"

    Use to update the number of high-availability (HA) pairs for a second-generation single-AZ file system. If you increase the number of HA pairs for your file system, you must specify proportional increases for StorageCapacity, Iops, and ThroughputCapacity. For more information, see High-availability (HA) pairs in the FSx for ONTAP user guide. Block storage protocol support (iSCSI and NVMe over TCP) is disabled on file systems with more than 6 HA pairs. For more information, see Using block storage protocols.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " } }, "documentation":"

    The configuration updates for an Amazon FSx for NetApp ONTAP file system.

    " @@ -5985,6 +6552,10 @@ "ReadCacheConfiguration":{ "shape":"OpenZFSReadCacheConfiguration", "documentation":"

    The configuration for the optional provisioned SSD read cache on file systems that use the Intelligent-Tiering storage class.

    " + }, + "EndpointIpv6AddressRange":{ + "shape":"Ipv6AddressRange", + "documentation":"

    (Multi-AZ only) Specifies the IPv6 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.

    " } }, "documentation":"

    The configuration updates for an Amazon FSx for OpenZFS file system.

    " @@ -6004,7 +6575,7 @@ }, "StorageCapacity":{ "shape":"StorageCapacity", - "documentation":"

    Use this parameter to increase the storage capacity of an FSx for Windows File Server, FSx for Lustre, FSx for OpenZFS, or FSx for ONTAP file system. Specifies the storage capacity target value, in GiB, to increase the storage capacity for the file system that you're updating.

    You can't make a storage capacity increase request if there is an existing storage capacity increase request in progress.

    For Lustre file systems, the storage capacity target value can be the following:

    • For SCRATCH_2, PERSISTENT_1, and PERSISTENT_2 SSD deployment types, valid values are in multiples of 2400 GiB. The value must be greater than the current storage capacity.

    • For PERSISTENT HDD file systems, valid values are multiples of 6000 GiB for 12-MBps throughput per TiB file systems and multiples of 1800 GiB for 40-MBps throughput per TiB file systems. The values must be greater than the current storage capacity.

    • For SCRATCH_1 file systems, you can't increase the storage capacity.

    For more information, see Managing storage and throughput capacity in the FSx for Lustre User Guide.

    For FSx for OpenZFS file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. For more information, see Managing storage capacity in the FSx for OpenZFS User Guide.

    For Windows file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. To increase storage capacity, the file system must have at least 16 MBps of throughput capacity. For more information, see Managing storage capacity in the Amazon FSxfor Windows File Server User Guide.

    For ONTAP file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. For more information, see Managing storage capacity and provisioned IOPS in the Amazon FSx for NetApp ONTAP User Guide.

    " + "documentation":"

    Use this parameter to increase the storage capacity of an FSx for Windows File Server, FSx for Lustre, FSx for OpenZFS, or FSx for ONTAP file system. For second-generation FSx for ONTAP file systems, you can also decrease the storage capacity. Specifies the storage capacity target value, in GiB, for the file system that you're updating.

    You can't make a storage capacity increase request if there is an existing storage capacity increase request in progress.

    For Lustre file systems, the storage capacity target value can be the following:

    • For SCRATCH_2, PERSISTENT_1, and PERSISTENT_2 SSD deployment types, valid values are in multiples of 2400 GiB. The value must be greater than the current storage capacity.

    • For PERSISTENT HDD file systems, valid values are multiples of 6000 GiB for 12-MBps throughput per TiB file systems and multiples of 1800 GiB for 40-MBps throughput per TiB file systems. The values must be greater than the current storage capacity.

    • For SCRATCH_1 file systems, you can't increase the storage capacity.

    For more information, see Managing storage and throughput capacity in the FSx for Lustre User Guide.

    For FSx for OpenZFS file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. For more information, see Managing storage capacity in the FSx for OpenZFS User Guide.

    For Windows file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. To increase storage capacity, the file system must have at least 16 MBps of throughput capacity. For more information, see Managing storage capacity in the Amazon FSxfor Windows File Server User Guide.

    For ONTAP file systems, when increasing storage capacity, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. When decreasing storage capacity on second-generation file systems, the target value must be at least 9 percent smaller than the current SSD storage capacity. For more information, see File system storage capacity and IOPS in the Amazon FSx for NetApp ONTAP User Guide.

    " }, "WindowsConfiguration":{ "shape":"UpdateFileSystemWindowsConfiguration", @@ -6016,7 +6587,15 @@ "shape":"UpdateFileSystemOpenZFSConfiguration", "documentation":"

    The configuration updates for an FSx for OpenZFS file system.

    " }, - "StorageType":{"shape":"StorageType"} + "StorageType":{"shape":"StorageType"}, + "FileSystemTypeVersion":{ + "shape":"FileSystemTypeVersion", + "documentation":"

    The Lustre version you are updating an FSx for Lustre file system to. Valid values are 2.12 and 2.15. The value you choose must be newer than the file system's current Lustre version.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    Changes the network type of an FSx for OpenZFS file system.

    " + } }, "documentation":"

    The request object for the UpdateFileSystem operation.

    " }, @@ -6471,7 +7050,7 @@ }, "WeeklyTime":{ "type":"string", - "documentation":"

    A recurring weekly time, in the format D:HH:MM.

    D is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see the ISO-8601 spec as described on Wikipedia.

    HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour.

    For example, 1:05:00 specifies maintenance at 5 AM Monday.

    ", + "documentation":"

    The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.

    For example, 1:05:00 specifies maintenance at 5 AM Monday.

    ", "max":7, "min":7, "pattern":"^[1-7]:([01]\\d|2[0-3]):?([0-5]\\d)$" @@ -6559,7 +7138,7 @@ }, "PreferredFileServerIp":{ "shape":"IpAddress", - "documentation":"

    For MULTI_AZ_1 deployment types, the IP address of the primary, or preferred, file server.

    Use this IP address when mounting the file system on Linux SMB clients or Windows SMB clients that are not joined to a Microsoft Active Directory. Applicable for all Windows file system deployment types. This IP address is temporarily unavailable when the file system is undergoing maintenance. For Linux and Windows SMB clients that are joined to an Active Directory, use the file system's DNSName instead. For more information on mapping and mounting file shares, see Accessing File Shares.

    " + "documentation":"

    For MULTI_AZ_1 deployment types, the IPv4 address of the primary, or preferred, file server.

    Use this IP address when mounting the file system on Linux SMB clients or Windows SMB clients that are not joined to a Microsoft Active Directory. Applicable for all Windows file system deployment types. This IPv4 address is temporarily unavailable when the file system is undergoing maintenance. For Linux and Windows SMB clients that are joined to an Active Directory, use the file system's DNSName instead. For more information on mapping and mounting file shares, see Accessing data using file shares.

    " }, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", @@ -6593,6 +7172,10 @@ "DiskIopsConfiguration":{ "shape":"DiskIopsConfiguration", "documentation":"

    The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for Windows file system. By default, Amazon FSx automatically provisions 3 IOPS per GiB of storage capacity. You can provision additional IOPS per GiB of storage, up to the maximum limit associated with your chosen throughput capacity.

    " + }, + "PreferredFileServerIpv6":{ + "shape":"IpAddress", + "documentation":"

    For MULTI_AZ_1 deployment types, the IPv6 address of the primary, or preferred, file server. Use this IP address when mounting the file system on Linux SMB clients or Windows SMB clients that are not joined to a Microsoft Active Directory. Applicable for all Windows file system deployment types. This IPv6 address is temporarily unavailable when the file system is undergoing maintenance. For Linux and Windows SMB clients that are joined to an Active Directory, use the file system's DNSName instead.

    " } }, "documentation":"

    The configuration for this Microsoft Windows file system.

    " diff -pruN 2.23.6-1/awscli/botocore/data/gamelift/2015-10-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/gamelift/2015-10-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/gamelift/2015-10-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gamelift/2015-10-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/gamelift/2015-10-01/service-2.json 2.31.35-1/awscli/botocore/data/gamelift/2015-10-01/service-2.json --- 2.23.6-1/awscli/botocore/data/gamelift/2015-10-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gamelift/2015-10-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,7 +28,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Registers a player's acceptance or rejection of a proposed FlexMatch match. A matchmaking configuration may require player acceptance; if so, then matches built with that configuration cannot be completed unless all players accept the proposed match within a specified time limit.

    When FlexMatch builds a match, all the matchmaking tickets involved in the proposed match are placed into status REQUIRES_ACCEPTANCE. This is a trigger for your game to get acceptance from all players in each ticket. Calls to this action are only valid for tickets that are in this status; calls for tickets not in this status result in an error.

    To register acceptance, specify the ticket ID, one or more players, and an acceptance response. When all players have accepted, Amazon GameLift advances the matchmaking tickets to status PLACING, and attempts to create a new game session for the match.

    If any player rejects the match, or if acceptances are not received before a specified timeout, the proposed match is dropped. Each matchmaking ticket in the failed match is handled as follows:

    • If the ticket has one or more players who rejected the match or failed to respond, the ticket status is set CANCELLED and processing is terminated.

    • If all players in the ticket accepted the match, the ticket status is returned to SEARCHING to find a new match.

    Learn more

    Add FlexMatch to a game client

    FlexMatch events (reference)

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Registers a player's acceptance or rejection of a proposed FlexMatch match. A matchmaking configuration may require player acceptance; if so, then matches built with that configuration cannot be completed unless all players accept the proposed match within a specified time limit.

    When FlexMatch builds a match, all the matchmaking tickets involved in the proposed match are placed into status REQUIRES_ACCEPTANCE. This is a trigger for your game to get acceptance from all players in each ticket. Calls to this action are only valid for tickets that are in this status; calls for tickets not in this status result in an error.

    To register acceptance, specify the ticket ID, one or more players, and an acceptance response. When all players have accepted, Amazon GameLift Servers advances the matchmaking tickets to status PLACING, and attempts to create a new game session for the match.

    If any player rejects the match, or if acceptances are not received before a specified timeout, the proposed match is dropped. Each matchmaking ticket in the failed match is handled as follows:

    • If the ticket has one or more players who rejected the match or failed to respond, the ticket status is set CANCELLED and processing is terminated.

    • If all players in the ticket accepted the match, the ticket status is returned to SEARCHING to find a new match.

    Learn more

    Add FlexMatch to a game client

    FlexMatch events (reference)

    " }, "ClaimGameServer":{ "name":"ClaimGameServer", @@ -46,7 +46,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Locates an available game server and temporarily reserves it to host gameplay and players. This operation is called from a game client or client service (such as a matchmaker) to request hosting resources for a new game session. In response, Amazon GameLift FleetIQ locates an available game server, places it in CLAIMED status for 60 seconds, and returns connection information that players can use to connect to the game server.

    To claim a game server, identify a game server group. You can also specify a game server ID, although this approach bypasses Amazon GameLift FleetIQ placement optimization. Optionally, include game data to pass to the game server at the start of a game session, such as a game map or player information. Add filter options to further restrict how a game server is chosen, such as only allowing game servers on ACTIVE instances to be claimed.

    When a game server is successfully claimed, connection information is returned. A claimed game server's utilization status remains AVAILABLE while the claim status is set to CLAIMED for up to 60 seconds. This time period gives the game server time to update its status to UTILIZED after players join. If the game server's status is not updated within 60 seconds, the game server reverts to unclaimed status and is available to be claimed by another request. The claim time period is a fixed value and is not configurable.

    If you try to claim a specific game server, this request will fail in the following cases:

    • If the game server utilization status is UTILIZED.

    • If the game server claim status is CLAIMED.

    • If the game server is running on an instance in DRAINING status and the provided filter option does not allow placing on DRAINING instances.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Locates an available game server and temporarily reserves it to host gameplay and players. This operation is called from a game client or client service (such as a matchmaker) to request hosting resources for a new game session. In response, Amazon GameLift Servers FleetIQ locates an available game server, places it in CLAIMED status for 60 seconds, and returns connection information that players can use to connect to the game server.

    To claim a game server, identify a game server group. You can also specify a game server ID, although this approach bypasses Amazon GameLift Servers FleetIQ placement optimization. Optionally, include game data to pass to the game server at the start of a game session, such as a game map or player information. Add filter options to further restrict how a game server is chosen, such as only allowing game servers on ACTIVE instances to be claimed.

    When a game server is successfully claimed, connection information is returned. A claimed game server's utilization status remains AVAILABLE while the claim status is set to CLAIMED for up to 60 seconds. This time period gives the game server time to update its status to UTILIZED after players join. If the game server's status is not updated within 60 seconds, the game server reverts to unclaimed status and is available to be claimed by another request. The claim time period is a fixed value and is not configurable.

    If you try to claim a specific game server, this request will fail in the following cases:

    • If the game server utilization status is UTILIZED.

    • If the game server claim status is CLAIMED.

    • If the game server is running on an instance in DRAINING status and the provided filter option does not allow placing on DRAINING instances.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "CreateAlias":{ "name":"CreateAlias", @@ -64,7 +64,7 @@ {"shape":"LimitExceededException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Creates an alias for a fleet. In most situations, you can use an alias ID in place of a fleet ID. An alias provides a level of abstraction for a fleet that is useful when redirecting player traffic from one fleet to another, such as when updating your game build.

    Amazon GameLift supports two types of routing strategies for aliases: simple and terminal. A simple alias points to an active fleet. A terminal alias is used to display messaging or link to a URL instead of routing players to an active fleet. For example, you might use a terminal alias when a game version is no longer supported and you want to direct players to an upgrade site.

    To create a fleet alias, specify an alias name, routing strategy, and optional description. Each simple alias can point to only one fleet, but a fleet can have multiple aliases. If successful, a new alias record is returned, including an alias ID and an ARN. You can reassign an alias to another fleet by calling UpdateAlias.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Creates an alias for a fleet. In most situations, you can use an alias ID in place of a fleet ID. An alias provides a level of abstraction for a fleet that is useful when redirecting player traffic from one fleet to another, such as when updating your game build.

    Amazon GameLift Servers supports two types of routing strategies for aliases: simple and terminal. A simple alias points to an active fleet. A terminal alias is used to display messaging or link to a URL instead of routing players to an active fleet. For example, you might use a terminal alias when a game version is no longer supported and you want to direct players to an upgrade site.

    To create a fleet alias, specify an alias name, routing strategy, and optional description. Each simple alias can point to only one fleet, but a fleet can have multiple aliases. If successful, a new alias record is returned, including an alias ID and an ARN. You can reassign an alias to another fleet by calling UpdateAlias.

    Related actions

    All APIs by task

    " }, "CreateBuild":{ "name":"CreateBuild", @@ -81,7 +81,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Creates a new Amazon GameLift build resource for your game server binary files. Combine game server binaries into a zip file for use with Amazon GameLift.

    When setting up a new game build for Amazon GameLift, we recommend using the CLI command upload-build . This helper command combines two tasks: (1) it uploads your build files from a file directory to an Amazon GameLift Amazon S3 location, and (2) it creates a new build resource.

    You can use the CreateBuild operation in the following scenarios:

    • Create a new game build with build files that are in an Amazon S3 location under an Amazon Web Services account that you control. To use this option, you give Amazon GameLift access to the Amazon S3 bucket. With permissions in place, specify a build name, operating system, and the Amazon S3 storage location of your game build.

    • Upload your build files to a Amazon GameLift Amazon S3 location. To use this option, specify a build name and operating system. This operation creates a new build resource and also returns an Amazon S3 location with temporary access credentials. Use the credentials to manually upload your build files to the specified Amazon S3 location. For more information, see Uploading Objects in the Amazon S3 Developer Guide. After you upload build files to the Amazon GameLift Amazon S3 location, you can't update them.

    If successful, this operation creates a new build resource with a unique build ID and places it in INITIALIZED status. A build must be in READY status before you can create fleets with it.

    Learn more

    Uploading Your Game

    Create a Build with Files in Amazon S3

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere

    Creates a new Amazon GameLift Servers build resource for your game server binary files. Combine game server binaries into a zip file for use with Amazon GameLift Servers.

    When setting up a new game build for Amazon GameLift Servers, we recommend using the CLI command upload-build . This helper command combines two tasks: (1) it uploads your build files from a file directory to an Amazon GameLift Servers Amazon S3 location, and (2) it creates a new build resource.

    You can use the CreateBuild operation in the following scenarios:

    • Create a new game build with build files that are in an Amazon S3 location under an Amazon Web Services account that you control. To use this option, you give Amazon GameLift Servers access to the Amazon S3 bucket. With permissions in place, specify a build name, operating system, and the Amazon S3 storage location of your game build.

    • Upload your build files to a Amazon GameLift Servers Amazon S3 location. To use this option, specify a build name and operating system. This operation creates a new build resource and also returns an Amazon S3 location with temporary access credentials. Use the credentials to manually upload your build files to the specified Amazon S3 location. For more information, see Uploading Objects in the Amazon S3 Developer Guide. After you upload build files to the Amazon GameLift Servers Amazon S3 location, you can't update them.

    If successful, this operation creates a new build resource with a unique build ID and places it in INITIALIZED status. A build must be in READY status before you can create fleets with it.

    Learn more

    Uploading Your Game

    Create a Build with Files in Amazon S3

    All APIs by task

    " }, "CreateContainerFleet":{ "name":"CreateContainerFleet", @@ -100,7 +100,7 @@ {"shape":"TaggingFailedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Creates a managed fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances to host your containerized game servers. Use this operation to define how to deploy a container architecture onto each fleet instance and configure fleet settings. You can create a container fleet in any Amazon Web Services Regions that Amazon GameLift supports for multi-location fleets. A container fleet can be deployed to a single location or multiple locations. Container fleets are deployed with Amazon Linux 2023 as the instance operating system.

    Define the fleet's container architecture using container group definitions. Each fleet can have one of the following container group types:

    • The game server container group runs your game server build and dependent software. Amazon GameLift deploys one or more replicas of this container group to each fleet instance. The number of replicas depends on the computing capabilities of the fleet instance in use.

    • An optional per-instance container group might be used to run other software that only needs to run once per instance, such as background services, logging, or test processes. One per-instance container group is deployed to each fleet instance.

    Each container group can include the definition for one or more containers. A container definition specifies a container image that is stored in an Amazon Elastic Container Registry (Amazon ECR) public or private repository.

    Request options

    Use this operation to make the following types of requests. Most fleet settings have default values, so you can create a working fleet with a minimal configuration and default values, which you can customize later.

    • Create a fleet with no container groups. You can configure a container fleet and then add container group definitions later. In this scenario, no fleet instances are deployed, and the fleet can't host game sessions until you add a game server container group definition. Provide the following required parameter values:

      • FleetRoleArn

    • Create a fleet with a game server container group. Provide the following required parameter values:

      • FleetRoleArn

      • GameServerContainerGroupDefinitionName

    • Create a fleet with a game server container group and a per-instance container group. Provide the following required parameter values:

      • FleetRoleArn

      • GameServerContainerGroupDefinitionName

      • PerInstanceContainerGroupDefinitionName

    Results

    If successful, this operation creates a new container fleet resource, places it in PENDING status, and initiates the fleet creation workflow. For fleets with container groups, this workflow starts a fleet deployment and transitions the status to ACTIVE. Fleets without a container group are placed in CREATED status.

    You can update most of the properties of a fleet, including container group definitions, and deploy the update across all fleet instances. Use a fleet update to deploy a new game server version update across the container fleet.

    " + "documentation":"

    This API works with the following fleet types: Container

    Creates a managed fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances to host your containerized game servers. Use this operation to define how to deploy a container architecture onto each fleet instance and configure fleet settings. You can create a container fleet in any Amazon Web Services Regions that Amazon GameLift Servers supports for multi-location fleets. A container fleet can be deployed to a single location or multiple locations. Container fleets are deployed with Amazon Linux 2023 as the instance operating system.

    Define the fleet's container architecture using container group definitions. Each fleet can have one of the following container group types:

    • The game server container group runs your game server build and dependent software. Amazon GameLift Servers deploys one or more replicas of this container group to each fleet instance. The number of replicas depends on the computing capabilities of the fleet instance in use.

    • An optional per-instance container group might be used to run other software that only needs to run once per instance, such as background services, logging, or test processes. One per-instance container group is deployed to each fleet instance.

    Each container group can include the definition for one or more containers. A container definition specifies a container image that is stored in an Amazon Elastic Container Registry (Amazon ECR) public or private repository.

    Request options

    Use this operation to make the following types of requests. Most fleet settings have default values, so you can create a working fleet with a minimal configuration and default values, which you can customize later.

    • Create a fleet with no container groups. You can configure a container fleet and then add container group definitions later. In this scenario, no fleet instances are deployed, and the fleet can't host game sessions until you add a game server container group definition. Provide the following required parameter values:

      • FleetRoleArn

    • Create a fleet with a game server container group. Provide the following required parameter values:

      • FleetRoleArn

      • GameServerContainerGroupDefinitionName

    • Create a fleet with a game server container group and a per-instance container group. Provide the following required parameter values:

      • FleetRoleArn

      • GameServerContainerGroupDefinitionName

      • PerInstanceContainerGroupDefinitionName

    Results

    If successful, this operation creates a new container fleet resource, places it in PENDING status, and initiates the fleet creation workflow. For fleets with container groups, this workflow starts a fleet deployment and transitions the status to ACTIVE. Fleets without a container group are placed in CREATED status.

    You can update most of the properties of a fleet, including container group definitions, and deploy the update across all fleet instances. Use UpdateContainerFleet to deploy a new game server version update across the container fleet.

    A managed fleet's runtime environment depends on the Amazon Machine Image (AMI) version it uses. When a new fleet is created, Amazon GameLift Servers assigns the latest available AMI version to the fleet, and all compute instances in that fleet are deployed with that version. To update the AMI version, you must create a new fleet. As a best practice, we recommend replacing your managed fleets every 30 days to maintain a secure and up-to-date runtime environment for your hosted game servers. For guidance, see Security best practices for Amazon GameLift Servers.

    " }, "CreateContainerGroupDefinition":{ "name":"CreateContainerGroupDefinition", @@ -119,7 +119,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Creates a ContainerGroupDefinition that describes a set of containers for hosting your game server with Amazon GameLift managed containers hosting. An Amazon GameLift container group is similar to a container task or pod. Use container group definitions when you create a container fleet with CreateContainerFleet.

    A container group definition determines how Amazon GameLift deploys your containers to each instance in a container fleet. You can maintain multiple versions of a container group definition.

    There are two types of container groups:

    • A game server container group has the containers that run your game server application and supporting software. A game server container group can have these container types:

      • Game server container. This container runs your game server. You can define one game server container in a game server container group.

      • Support container. This container runs software in parallel with your game server. You can define up to 8 support containers in a game server group.

      When building a game server container group definition, you can choose to bundle your game server executable and all dependent software into a single game server container. Alternatively, you can separate the software into one game server container and one or more support containers.

      On a container fleet instance, a game server container group can be deployed multiple times (depending on the compute resources of the instance). This means that all containers in the container group are replicated together.

    • A per-instance container group has containers for processes that aren't replicated on a container fleet instance. This might include background services, logging, test processes, or processes that need to persist independently of the game server container group. When building a per-instance container group, you can define up to 10 support containers.

    This operation requires Identity and Access Management (IAM) permissions to access container images in Amazon ECR repositories. See IAM permissions for Amazon GameLift for help setting the appropriate permissions.

    Request options

    Use this operation to make the following types of requests. You can specify values for the minimum required parameters and customize optional values later.

    • Create a game server container group definition. Provide the following required parameter values:

      • Name

      • ContainerGroupType (GAME_SERVER)

      • OperatingSystem (omit to use default value)

      • TotalMemoryLimitMebibytes (omit to use default value)

      • TotalVcpuLimit (omit to use default value)

      • At least one GameServerContainerDefinition

        • ContainerName

        • ImageUrl

        • PortConfiguration

        • ServerSdkVersion (omit to use default value)

    • Create a per-instance container group definition. Provide the following required parameter values:

      • Name

      • ContainerGroupType (PER_INSTANCE)

      • OperatingSystem (omit to use default value)

      • TotalMemoryLimitMebibytes (omit to use default value)

      • TotalVcpuLimit (omit to use default value)

      • At least one SupportContainerDefinition

        • ContainerName

        • ImageUrl

    Results

    If successful, this request creates a ContainerGroupDefinition resource and assigns a unique ARN value. You can update most properties of a container group definition by calling UpdateContainerGroupDefinition, and optionally save the update as a new version.

    " + "documentation":"

    This API works with the following fleet types: Container

    Creates a ContainerGroupDefinition that describes a set of containers for hosting your game server with Amazon GameLift Servers managed containers hosting. An Amazon GameLift Servers container group is similar to a container task or pod. Use container group definitions when you create a container fleet with CreateContainerFleet.

    A container group definition determines how Amazon GameLift Servers deploys your containers to each instance in a container fleet. You can maintain multiple versions of a container group definition.

    There are two types of container groups:

    • A game server container group has the containers that run your game server application and supporting software. A game server container group can have these container types:

      • Game server container. This container runs your game server. You can define one game server container in a game server container group.

      • Support container. This container runs software in parallel with your game server. You can define up to 8 support containers in a game server group.

      When building a game server container group definition, you can choose to bundle your game server executable and all dependent software into a single game server container. Alternatively, you can separate the software into one game server container and one or more support containers.

      On a container fleet instance, a game server container group can be deployed multiple times (depending on the compute resources of the instance). This means that all containers in the container group are replicated together.

    • A per-instance container group has containers for processes that aren't replicated on a container fleet instance. This might include background services, logging, test processes, or processes that need to persist independently of the game server container group. When building a per-instance container group, you can define up to 10 support containers.

    This operation requires Identity and Access Management (IAM) permissions to access container images in Amazon ECR repositories. See IAM permissions for Amazon GameLift Servers for help setting the appropriate permissions.

    Request options

    Use this operation to make the following types of requests. You can specify values for the minimum required parameters and customize optional values later.

    • Create a game server container group definition. Provide the following required parameter values:

      • Name

      • ContainerGroupType (GAME_SERVER)

      • OperatingSystem (omit to use default value)

      • TotalMemoryLimitMebibytes (omit to use default value)

      • TotalVcpuLimit (omit to use default value)

      • At least one GameServerContainerDefinition

        • ContainerName

        • ImageUrl

        • PortConfiguration

        • ServerSdkVersion (omit to use default value)

    • Create a per-instance container group definition. Provide the following required parameter values:

      • Name

      • ContainerGroupType (PER_INSTANCE)

      • OperatingSystem (omit to use default value)

      • TotalMemoryLimitMebibytes (omit to use default value)

      • TotalVcpuLimit (omit to use default value)

      • At least one SupportContainerDefinition

        • ContainerName

        • ImageUrl

    Results

    If successful, this request creates a ContainerGroupDefinition resource and assigns a unique ARN value. You can update most properties of a container group definition by calling UpdateContainerGroupDefinition, and optionally save the update as a new version.

    " }, "CreateFleet":{ "name":"CreateFleet", @@ -140,7 +140,7 @@ {"shape":"TaggingFailedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Creates a fleet of compute resources to host your game servers. Use this operation to set up the following types of fleets based on compute type:

    Managed EC2 fleet

    An EC2 fleet is a set of Amazon Elastic Compute Cloud (Amazon EC2) instances. Your game server build is deployed to each fleet instance. Amazon GameLift manages the fleet's instances and controls the lifecycle of game server processes, which host game sessions for players. EC2 fleets can have instances in multiple locations. Each instance in the fleet is designated a Compute.

    To create an EC2 fleet, provide these required parameters:

    • Either BuildId or ScriptId

    • ComputeType set to EC2 (the default value)

    • EC2InboundPermissions

    • EC2InstanceType

    • FleetType

    • Name

    • RuntimeConfiguration with at least one ServerProcesses configuration

    If successful, this operation creates a new fleet resource and places it in NEW status while Amazon GameLift initiates the fleet creation workflow. To debug your fleet, fetch logs, view performance metrics or other actions on the fleet, create a development fleet with port 22/3389 open. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished.

    When the fleet status is ACTIVE, you can adjust capacity settings and turn autoscaling on/off for each location.

    Anywhere fleet

    An Anywhere fleet represents compute resources that are not owned or managed by Amazon GameLift. You might create an Anywhere fleet with your local machine for testing, or use one to host game servers with on-premises hardware or other game hosting solutions.

    To create an Anywhere fleet, provide these required parameters:

    • ComputeType set to ANYWHERE

    • Locations specifying a custom location

    • Name

    If successful, this operation creates a new fleet resource and places it in ACTIVE status. You can register computes with a fleet in ACTIVE status.

    Learn more

    Setting up fleets

    Debug fleet creation issues

    Multi-location fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Creates a fleet of compute resources to host your game servers. Use this operation to set up a fleet for the following compute types:

    Managed EC2 fleet

    An EC2 fleet is a set of Amazon Elastic Compute Cloud (Amazon EC2) instances. Your game server build is deployed to each fleet instance. Amazon GameLift Servers manages the fleet's instances and controls the lifecycle of game server processes, which host game sessions for players. EC2 fleets can have instances in multiple locations. Each instance in the fleet is designated a Compute.

    To create an EC2 fleet, provide these required parameters:

    • Either BuildId or ScriptId

    • ComputeType set to EC2 (the default value)

    • EC2InboundPermissions

    • EC2InstanceType

    • FleetType

    • Name

    • RuntimeConfiguration with at least one ServerProcesses configuration

    If successful, this operation creates a new fleet resource and places it in NEW status while Amazon GameLift Servers initiates the fleet creation workflow. To debug your fleet, fetch logs, view performance metrics or other actions on the fleet, create a development fleet with port 22/3389 open. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished.

    When the fleet status is ACTIVE, you can adjust capacity settings and turn autoscaling on/off for each location.

    A managed fleet's runtime environment depends on the Amazon Machine Image (AMI) version it uses. When a new fleet is created, Amazon GameLift Servers assigns the latest available AMI version to the fleet, and all compute instances in that fleet are deployed with that version. To update the AMI version, you must create a new fleet. As a best practice, we recommend replacing your managed fleets every 30 days to maintain a secure and up-to-date runtime environment for your hosted game servers. For guidance, see Security best practices for Amazon GameLift Servers.

    Anywhere fleet

    An Anywhere fleet represents compute resources that are not owned or managed by Amazon GameLift Servers. You might create an Anywhere fleet with your local machine for testing, or use one to host game servers with on-premises hardware or other game hosting solutions.

    To create an Anywhere fleet, provide these required parameters:

    • ComputeType set to ANYWHERE

    • Locations specifying a custom location

    • Name

    If successful, this operation creates a new fleet resource and places it in ACTIVE status. You can register computes with a fleet in ACTIVE status.

    Learn more

    Setting up fleets

    Debug fleet creation issues

    Multi-location fleets

    " }, "CreateFleetLocations":{ "name":"CreateFleetLocations", @@ -161,7 +161,7 @@ {"shape":"ConflictException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Adds remote locations to an EC2 and begins populating the new locations with instances. The new instances conform to the fleet's instance type, auto-scaling, and other configuration settings.

    You can't add remote locations to a fleet that resides in an Amazon Web Services Region that doesn't support multiple locations. Fleets created prior to March 2021 can't support multiple locations.

    To add fleet locations, specify the fleet to be updated and provide a list of one or more locations.

    If successful, this operation returns the list of added locations with their status set to NEW. Amazon GameLift initiates the process of starting an instance in each added location. You can track the status of each new location by monitoring location creation events using DescribeFleetEvents.

    Learn more

    Setting up fleets

    Update fleet locations

    Amazon GameLift service locations for managed hosting.

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Adds remote locations to an EC2 and begins populating the new locations with instances. The new instances conform to the fleet's instance type, auto-scaling, and other configuration settings.

    You can't add remote locations to a fleet that resides in an Amazon Web Services Region that doesn't support multiple locations. Fleets created prior to March 2021 can't support multiple locations.

    To add fleet locations, specify the fleet to be updated and provide a list of one or more locations.

    If successful, this operation returns the list of added locations with their status set to NEW. Amazon GameLift Servers initiates the process of starting an instance in each added location. You can track the status of each new location by monitoring location creation events using DescribeFleetEvents.

    Learn more

    Setting up fleets

    Update fleet locations

    Amazon GameLift Servers service locations for managed hosting.

    " }, "CreateGameServerGroup":{ "name":"CreateGameServerGroup", @@ -178,7 +178,7 @@ {"shape":"InternalServiceException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Creates a Amazon GameLift FleetIQ game server group for managing game hosting on a collection of Amazon Elastic Compute Cloud instances for game hosting. This operation creates the game server group, creates an Auto Scaling group in your Amazon Web Services account, and establishes a link between the two groups. You can view the status of your game server groups in the Amazon GameLift console. Game server group metrics and events are emitted to Amazon CloudWatch.

    Before creating a new game server group, you must have the following:

    • An Amazon Elastic Compute Cloud launch template that specifies how to launch Amazon Elastic Compute Cloud instances with your game server build. For more information, see Launching an Instance from a Launch Template in the Amazon Elastic Compute Cloud User Guide.

    • An IAM role that extends limited access to your Amazon Web Services account to allow Amazon GameLift FleetIQ to create and interact with the Auto Scaling group. For more information, see Create IAM roles for cross-service interaction in the Amazon GameLift FleetIQ Developer Guide.

    To create a new game server group, specify a unique group name, IAM role and Amazon Elastic Compute Cloud launch template, and provide a list of instance types that can be used in the group. You must also set initial maximum and minimum limits on the group's instance count. You can optionally set an Auto Scaling policy with target tracking based on a Amazon GameLift FleetIQ metric.

    Once the game server group and corresponding Auto Scaling group are created, you have full access to change the Auto Scaling group's configuration as needed. Several properties that are set when creating a game server group, including maximum/minimum size and auto-scaling policy settings, must be updated directly in the Auto Scaling group. Keep in mind that some Auto Scaling group properties are periodically updated by Amazon GameLift FleetIQ as part of its balancing activities to optimize for availability and cost.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Creates a Amazon GameLift Servers FleetIQ game server group for managing game hosting on a collection of Amazon Elastic Compute Cloud instances for game hosting. This operation creates the game server group, creates an Auto Scaling group in your Amazon Web Services account, and establishes a link between the two groups. You can view the status of your game server groups in the Amazon GameLift Servers console. Game server group metrics and events are emitted to Amazon CloudWatch.

    Before creating a new game server group, you must have the following:

    • An Amazon Elastic Compute Cloud launch template that specifies how to launch Amazon Elastic Compute Cloud instances with your game server build. For more information, see Launching an Instance from a Launch Template in the Amazon Elastic Compute Cloud User Guide.

    • An IAM role that extends limited access to your Amazon Web Services account to allow Amazon GameLift Servers FleetIQ to create and interact with the Auto Scaling group. For more information, see Create IAM roles for cross-service interaction in the Amazon GameLift Servers FleetIQ Developer Guide.

    To create a new game server group, specify a unique group name, IAM role and Amazon Elastic Compute Cloud launch template, and provide a list of instance types that can be used in the group. You must also set initial maximum and minimum limits on the group's instance count. You can optionally set an Auto Scaling policy with target tracking based on a Amazon GameLift Servers FleetIQ metric.

    Once the game server group and corresponding Auto Scaling group are created, you have full access to change the Auto Scaling group's configuration as needed. Several properties that are set when creating a game server group, including maximum/minimum size and auto-scaling policy settings, must be updated directly in the Auto Scaling group. Keep in mind that some Auto Scaling group properties are periodically updated by Amazon GameLift Servers FleetIQ as part of its balancing activities to optimize for availability and cost.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "CreateGameSession":{ "name":"CreateGameSession", @@ -201,7 +201,7 @@ {"shape":"IdempotentParameterMismatchException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Creates a multiplayer game session for players in a specific fleet location. This operation prompts an available server process to start a game session and retrieves connection information for the new game session. As an alternative, consider using the Amazon GameLift game session placement feature with StartGameSessionPlacement, which uses the FleetIQ algorithm and queues to optimize the placement process.

    When creating a game session, you specify exactly where you want to place it and provide a set of game session configuration settings. The target fleet must be in ACTIVE status.

    You can use this operation in the following ways:

    • To create a game session on an instance in a fleet's home Region, provide a fleet or alias ID along with your game session configuration.

    • To create a game session on an instance in a fleet's remote location, provide a fleet or alias ID and a location name, along with your game session configuration.

    • To create a game session on an instance in an Anywhere fleet, specify the fleet's custom location.

    If successful, Amazon GameLift initiates a workflow to start a new game session and returns a GameSession object containing the game session configuration and status. When the game session status is ACTIVE, it is updated with connection information and you can create player sessions for the game session. By default, newly created game sessions are open to new players. You can restrict new player access by using UpdateGameSession to change the game session's player session creation policy.

    Amazon GameLift retains logs for active for 14 days. To access the logs, call GetGameSessionLogUrl to download the log files.

    Available in Amazon GameLift Local.

    Learn more

    Start a game session

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Creates a multiplayer game session for players in a specific fleet location. This operation prompts an available server process to start a game session and retrieves connection information for the new game session. As an alternative, consider using the Amazon GameLift Servers game session placement feature with StartGameSessionPlacement, which uses the FleetIQ algorithm and queues to optimize the placement process.

    When creating a game session, you specify exactly where you want to place it and provide a set of game session configuration settings. The target fleet must be in ACTIVE status.

    You can use this operation in the following ways:

    • To create a game session on an instance in a fleet's home Region, provide a fleet or alias ID along with your game session configuration.

    • To create a game session on an instance in a fleet's remote location, provide a fleet or alias ID and a location name, along with your game session configuration.

    • To create a game session on an instance in an Anywhere fleet, specify the fleet's custom location.

    If successful, Amazon GameLift Servers initiates a workflow to start a new game session and returns a GameSession object containing the game session configuration and status. When the game session status is ACTIVE, it is updated with connection information and you can create player sessions for the game session. By default, newly created game sessions are open to new players. You can restrict new player access by using UpdateGameSession to change the game session's player session creation policy.

    Amazon GameLift Servers retains logs for active for 14 days. To access the logs, call GetGameSessionLogUrl to download the log files.

    Available in Amazon GameLift Servers Local.

    Learn more

    Start a game session

    All APIs by task

    " }, "CreateGameSessionQueue":{ "name":"CreateGameSessionQueue", @@ -219,7 +219,7 @@ {"shape":"NotFoundException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Creates a placement queue that processes requests for new game sessions. A queue uses FleetIQ algorithms to determine the best placement locations and find an available game server there, then prompts the game server process to start a new game session.

    A game session queue is configured with a set of destinations (Amazon GameLift fleets or aliases), which determine the locations where the queue can place new game sessions. These destinations can span multiple fleet types (Spot and On-Demand), instance types, and Amazon Web Services Regions. If the queue includes multi-location fleets, the queue is able to place game sessions in all of a fleet's remote locations. You can opt to filter out individual locations if needed.

    The queue configuration also determines how FleetIQ selects the best available placement for a new game session. Before searching for an available game server, FleetIQ first prioritizes the queue's destinations and locations, with the best placement locations on top. You can set up the queue to use the FleetIQ default prioritization or provide an alternate set of priorities.

    To create a new queue, provide a name, timeout value, and a list of destinations. Optionally, specify a sort configuration and/or a filter, and define a set of latency cap policies. You can also include the ARN for an Amazon Simple Notification Service (SNS) topic to receive notifications of game session placement activity. Notifications using SNS or CloudWatch events is the preferred way to track placement activity.

    If successful, a new GameSessionQueue object is returned with an assigned queue ARN. New game session requests, which are submitted to queue with StartGameSessionPlacement or StartMatchmaking, reference a queue's name or ARN.

    Learn more

    Design a game session queue

    Create a game session queue

    Related actions

    CreateGameSessionQueue | DescribeGameSessionQueues | UpdateGameSessionQueue | DeleteGameSessionQueue | All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Creates a placement queue that processes requests for new game sessions. A queue uses FleetIQ algorithms to locate the best available placement locations for a new game session, and then prompts the game server process to start a new game session.

    A game session queue is configured with a set of destinations (Amazon GameLift Servers fleets or aliases) that determine where the queue can place new game sessions. These destinations can span multiple Amazon Web Services Regions, can use different instance types, and can include both Spot and On-Demand fleets. If the queue includes multi-location fleets, the queue can place game sessions in any of a fleet's remote locations.

    You can configure a queue to determine how it selects the best available placement for a new game session. Queues can prioritize placement decisions based on a combination of location, hosting cost, and player latency. You can set up the queue to use the default prioritization or provide alternate instructions using PriorityConfiguration.

    Request options

    Use this operation to make these common types of requests.

    • Create a queue with the minimum required parameters.

      • Name

      • Destinations (This parameter isn't required, but a queue can't make placements without at least one destination.)

    • Create a queue with placement notification. Queues that have high placement activity must use a notification system, such as with Amazon Simple Notification Service (Amazon SNS) or Amazon CloudWatch.

      • Required parameters Name and Destinations

      • NotificationTarget

    • Create a queue with custom prioritization settings. These custom settings replace the default prioritization configuration for a queue.

      • Required parameters Name and Destinations

      • PriorityConfiguration

    • Create a queue with special rules for processing player latency data.

      • Required parameters Name and Destinations

      • PlayerLatencyPolicies

    Results

    If successful, this operation returns a new GameSessionQueue object with an assigned queue ARN. Use the queue's name or ARN when submitting new game session requests with StartGameSessionPlacement or StartMatchmaking.

    Learn more

    Design a game session queue

    Create a game session queue

    Related actions

    CreateGameSessionQueue | DescribeGameSessionQueues | UpdateGameSessionQueue | DeleteGameSessionQueue | All APIs by task

    " }, "CreateLocation":{ "name":"CreateLocation", @@ -237,7 +237,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Creates a custom location for use in an Anywhere fleet.

    " + "documentation":"

    This API works with the following fleet types: Anywhere

    Creates a custom location for use in an Anywhere fleet.

    " }, "CreateMatchmakingConfiguration":{ "name":"CreateMatchmakingConfiguration", @@ -255,7 +255,7 @@ {"shape":"UnsupportedRegionException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Defines a new matchmaking configuration for use with FlexMatch. Whether your are using FlexMatch with Amazon GameLift hosting or as a standalone matchmaking service, the matchmaking configuration sets out rules for matching players and forming teams. If you're also using Amazon GameLift hosting, it defines how to start game sessions for each match. Your matchmaking system can use multiple configurations to handle different game scenarios. All matchmaking requests identify the matchmaking configuration to use and provide player attributes consistent with that configuration.

    To create a matchmaking configuration, you must provide the following: configuration name and FlexMatch mode (with or without Amazon GameLift hosting); a rule set that specifies how to evaluate players and find acceptable matches; whether player acceptance is required; and the maximum time allowed for a matchmaking attempt. When using FlexMatch with Amazon GameLift hosting, you also need to identify the game session queue to use when starting a game session for the match.

    In addition, you must set up an Amazon Simple Notification Service topic to receive matchmaking notifications. Provide the topic ARN in the matchmaking configuration.

    Learn more

    Design a FlexMatch matchmaker

    Set up FlexMatch event notification

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Defines a new matchmaking configuration for use with FlexMatch. Whether your are using FlexMatch with Amazon GameLift Servers hosting or as a standalone matchmaking service, the matchmaking configuration sets out rules for matching players and forming teams. If you're also using Amazon GameLift Servers hosting, it defines how to start game sessions for each match. Your matchmaking system can use multiple configurations to handle different game scenarios. All matchmaking requests identify the matchmaking configuration to use and provide player attributes consistent with that configuration.

    To create a matchmaking configuration, you must provide the following: configuration name and FlexMatch mode (with or without Amazon GameLift Servers hosting); a rule set that specifies how to evaluate players and find acceptable matches; whether player acceptance is required; and the maximum time allowed for a matchmaking attempt. When using FlexMatch with Amazon GameLift Servers hosting, you also need to identify the game session queue to use when starting a game session for the match.

    In addition, you must set up an Amazon Simple Notification Service topic to receive matchmaking notifications. Provide the topic ARN in the matchmaking configuration.

    Learn more

    Design a FlexMatch matchmaker

    Set up FlexMatch event notification

    " }, "CreateMatchmakingRuleSet":{ "name":"CreateMatchmakingRuleSet", @@ -272,7 +272,7 @@ {"shape":"UnsupportedRegionException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Creates a new rule set for FlexMatch matchmaking. A rule set describes the type of match to create, such as the number and size of teams. It also sets the parameters for acceptable player matches, such as minimum skill level or character type.

    To create a matchmaking rule set, provide unique rule set name and the rule set body in JSON format. Rule sets must be defined in the same Region as the matchmaking configuration they are used with.

    Since matchmaking rule sets cannot be edited, it is a good idea to check the rule set syntax using ValidateMatchmakingRuleSet before creating a new rule set.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Creates a new rule set for FlexMatch matchmaking. A rule set describes the type of match to create, such as the number and size of teams. It also sets the parameters for acceptable player matches, such as minimum skill level or character type.

    To create a matchmaking rule set, provide unique rule set name and the rule set body in JSON format. Rule sets must be defined in the same Region as the matchmaking configuration they are used with.

    Since matchmaking rule sets cannot be edited, it is a good idea to check the rule set syntax using ValidateMatchmakingRuleSet before creating a new rule set.

    Learn more

    " }, "CreatePlayerSession":{ "name":"CreatePlayerSession", @@ -291,7 +291,7 @@ {"shape":"InvalidRequestException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Reserves an open player slot in a game session for a player. New player sessions can be created in any game session with an open slot that is in ACTIVE status and has a player creation policy of ACCEPT_ALL. You can add a group of players to a game session with CreatePlayerSessions .

    To create a player session, specify a game session ID, player ID, and optionally a set of player data.

    If successful, a slot is reserved in the game session for the player and a new PlayerSessions object is returned with a player session ID. The player references the player session ID when sending a connection request to the game session, and the game server can use it to validate the player reservation with the Amazon GameLift service. Player sessions cannot be updated.

    The maximum number of players per game session is 200. It is not adjustable.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Reserves an open player slot in a game session for a player. New player sessions can be created in any game session with an open slot that is in ACTIVE status and has a player creation policy of ACCEPT_ALL. You can add a group of players to a game session with CreatePlayerSessions .

    To create a player session, specify a game session ID, player ID, and optionally a set of player data.

    If successful, a slot is reserved in the game session for the player and a new PlayerSessions object is returned with a player session ID. The player references the player session ID when sending a connection request to the game session, and the game server can use it to validate the player reservation with the Amazon GameLift Servers service. Player sessions cannot be updated.

    The maximum number of players per game session is 200. It is not adjustable.

    Related actions

    All APIs by task

    " }, "CreatePlayerSessions":{ "name":"CreatePlayerSessions", @@ -310,7 +310,7 @@ {"shape":"InvalidRequestException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Reserves open slots in a game session for a group of players. New player sessions can be created in any game session with an open slot that is in ACTIVE status and has a player creation policy of ACCEPT_ALL. To add a single player to a game session, use CreatePlayerSession

    To create player sessions, specify a game session ID and a list of player IDs. Optionally, provide a set of player data for each player ID.

    If successful, a slot is reserved in the game session for each player, and new PlayerSession objects are returned with player session IDs. Each player references their player session ID when sending a connection request to the game session, and the game server can use it to validate the player reservation with the Amazon GameLift service. Player sessions cannot be updated.

    The maximum number of players per game session is 200. It is not adjustable.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Reserves open slots in a game session for a group of players. New player sessions can be created in any game session with an open slot that is in ACTIVE status and has a player creation policy of ACCEPT_ALL. To add a single player to a game session, use CreatePlayerSession

    To create player sessions, specify a game session ID and a list of player IDs. Optionally, provide a set of player data for each player ID.

    If successful, a slot is reserved in the game session for each player, and new PlayerSession objects are returned with player session IDs. Each player references their player session ID when sending a connection request to the game session, and the game server can use it to validate the player reservation with the Amazon GameLift Servers service. Player sessions cannot be updated.

    The maximum number of players per game session is 200. It is not adjustable.

    Related actions

    All APIs by task

    " }, "CreateScript":{ "name":"CreateScript", @@ -327,7 +327,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Creates a new script record for your Realtime Servers script. Realtime scripts are JavaScript that provide configuration settings and optional custom game logic for your game. The script is deployed when you create a Realtime Servers fleet to host your game sessions. Script logic is executed during an active game session.

    To create a new script record, specify a script name and provide the script file(s). The script files and all dependencies must be zipped into a single file. You can pull the zip file from either of these locations:

    • A locally available directory. Use the ZipFile parameter for this option.

    • An Amazon Simple Storage Service (Amazon S3) bucket under your Amazon Web Services account. Use the StorageLocation parameter for this option. You'll need to have an Identity Access Management (IAM) role that allows the Amazon GameLift service to access your S3 bucket.

    If the call is successful, a new script record is created with a unique script ID. If the script file is provided as a local file, the file is uploaded to an Amazon GameLift-owned S3 bucket and the script record's storage location reflects this location. If the script file is provided as an S3 bucket, Amazon GameLift accesses the file at this storage location as needed for deployment.

    Learn more

    Amazon GameLift Realtime Servers

    Set Up a Role for Amazon GameLift Access

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere

    Creates a new script record for your Amazon GameLift Servers Realtime script. Realtime scripts are JavaScript that provide configuration settings and optional custom game logic for your game. The script is deployed when you create a Amazon GameLift Servers Realtime fleet to host your game sessions. Script logic is executed during an active game session.

    To create a new script record, specify a script name and provide the script file(s). The script files and all dependencies must be zipped into a single file. You can pull the zip file from either of these locations:

    • A locally available directory. Use the ZipFile parameter for this option.

    • An Amazon Simple Storage Service (Amazon S3) bucket under your Amazon Web Services account. Use the StorageLocation parameter for this option. You'll need to have an Identity Access Management (IAM) role that allows the Amazon GameLift Servers service to access your S3 bucket.

    If the call is successful, a new script record is created with a unique script ID. If the script file is provided as a local file, the file is uploaded to an Amazon GameLift Servers-owned S3 bucket and the script record's storage location reflects this location. If the script file is provided as an S3 bucket, Amazon GameLift Servers accesses the file at this storage location as needed for deployment.

    Learn more

    Amazon GameLift Servers Amazon GameLift Servers Realtime

    Set Up a Role for Amazon GameLift Servers Access

    Related actions

    All APIs by task

    " }, "CreateVpcPeeringAuthorization":{ "name":"CreateVpcPeeringAuthorization", @@ -343,7 +343,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Requests authorization to create or delete a peer connection between the VPC for your Amazon GameLift fleet and a virtual private cloud (VPC) in your Amazon Web Services account. VPC peering enables the game servers on your fleet to communicate directly with other Amazon Web Services resources. After you've received authorization, use CreateVpcPeeringConnection to establish the peering connection. For more information, see VPC Peering with Amazon GameLift Fleets.

    You can peer with VPCs that are owned by any Amazon Web Services account you have access to, including the account that you use to manage your Amazon GameLift fleets. You cannot peer with VPCs that are in different Regions.

    To request authorization to create a connection, call this operation from the Amazon Web Services account with the VPC that you want to peer to your Amazon GameLift fleet. For example, to enable your game servers to retrieve data from a DynamoDB table, use the account that manages that DynamoDB resource. Identify the following values: (1) The ID of the VPC that you want to peer with, and (2) the ID of the Amazon Web Services account that you use to manage Amazon GameLift. If successful, VPC peering is authorized for the specified VPC.

    To request authorization to delete a connection, call this operation from the Amazon Web Services account with the VPC that is peered with your Amazon GameLift fleet. Identify the following values: (1) VPC ID that you want to delete the peering connection for, and (2) ID of the Amazon Web Services account that you use to manage Amazon GameLift.

    The authorization remains valid for 24 hours unless it is canceled. You must create or delete the peering connection while the authorization is valid.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Requests authorization to create or delete a peer connection between the VPC for your Amazon GameLift Servers fleet and a virtual private cloud (VPC) in your Amazon Web Services account. VPC peering enables the game servers on your fleet to communicate directly with other Amazon Web Services resources. After you've received authorization, use CreateVpcPeeringConnection to establish the peering connection. For more information, see VPC Peering with Amazon GameLift Servers Fleets.

    You can peer with VPCs that are owned by any Amazon Web Services account you have access to, including the account that you use to manage your Amazon GameLift Servers fleets. You cannot peer with VPCs that are in different Regions.

    To request authorization to create a connection, call this operation from the Amazon Web Services account with the VPC that you want to peer to your Amazon GameLift Servers fleet. For example, to enable your game servers to retrieve data from a DynamoDB table, use the account that manages that DynamoDB resource. Identify the following values: (1) The ID of the VPC that you want to peer with, and (2) the ID of the Amazon Web Services account that you use to manage Amazon GameLift Servers. If successful, VPC peering is authorized for the specified VPC.

    To request authorization to delete a connection, call this operation from the Amazon Web Services account with the VPC that is peered with your Amazon GameLift Servers fleet. Identify the following values: (1) VPC ID that you want to delete the peering connection for, and (2) ID of the Amazon Web Services account that you use to manage Amazon GameLift Servers.

    The authorization remains valid for 24 hours unless it is canceled. You must create or delete the peering connection while the authorization is valid.

    Related actions

    All APIs by task

    " }, "CreateVpcPeeringConnection":{ "name":"CreateVpcPeeringConnection", @@ -359,7 +359,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Establishes a VPC peering connection between a virtual private cloud (VPC) in an Amazon Web Services account with the VPC for your Amazon GameLift fleet. VPC peering enables the game servers on your fleet to communicate directly with other Amazon Web Services resources. You can peer with VPCs in any Amazon Web Services account that you have access to, including the account that you use to manage your Amazon GameLift fleets. You cannot peer with VPCs that are in different Regions. For more information, see VPC Peering with Amazon GameLift Fleets.

    Before calling this operation to establish the peering connection, you first need to use CreateVpcPeeringAuthorization and identify the VPC you want to peer with. Once the authorization for the specified VPC is issued, you have 24 hours to establish the connection. These two operations handle all tasks necessary to peer the two VPCs, including acceptance, updating routing tables, etc.

    To establish the connection, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift fleets. Identify the following values: (1) The ID of the fleet you want to be enable a VPC peering connection for; (2) The Amazon Web Services account with the VPC that you want to peer with; and (3) The ID of the VPC you want to peer with. This operation is asynchronous. If successful, a connection request is created. You can use continuous polling to track the request's status using DescribeVpcPeeringConnections , or by monitoring fleet events for success or failure using DescribeFleetEvents .

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Establishes a VPC peering connection between a virtual private cloud (VPC) in an Amazon Web Services account with the VPC for your Amazon GameLift Servers fleet. VPC peering enables the game servers on your fleet to communicate directly with other Amazon Web Services resources. You can peer with VPCs in any Amazon Web Services account that you have access to, including the account that you use to manage your Amazon GameLift Servers fleets. You cannot peer with VPCs that are in different Regions. For more information, see VPC Peering with Amazon GameLift Servers Fleets.

    Before calling this operation to establish the peering connection, you first need to use CreateVpcPeeringAuthorization and identify the VPC you want to peer with. Once the authorization for the specified VPC is issued, you have 24 hours to establish the connection. These two operations handle all tasks necessary to peer the two VPCs, including acceptance, updating routing tables, etc.

    To establish the connection, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift Servers fleets. Identify the following values: (1) The ID of the fleet you want to be enable a VPC peering connection for; (2) The Amazon Web Services account with the VPC that you want to peer with; and (3) The ID of the VPC you want to peer with. This operation is asynchronous. If successful, a connection request is created. You can use continuous polling to track the request's status using DescribeVpcPeeringConnections , or by monitoring fleet events for success or failure using DescribeFleetEvents .

    Related actions

    All APIs by task

    " }, "DeleteAlias":{ "name":"DeleteAlias", @@ -375,7 +375,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Deletes an alias. This operation removes all record of the alias. Game clients attempting to access a server process using the deleted alias receive an error. To delete an alias, specify the alias ID to be deleted.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Deletes an alias. This operation removes all record of the alias. Game clients attempting to access a server process using the deleted alias receive an error. To delete an alias, specify the alias ID to be deleted.

    Related actions

    All APIs by task

    " }, "DeleteBuild":{ "name":"DeleteBuild", @@ -391,7 +391,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

    Deletes a build. This operation permanently deletes the build resource and any uploaded build files. Deleting a build does not affect the status of any active fleets using the build, but you can no longer create new fleets with the deleted build.

    To delete a build, specify the build ID.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Deletes a build. This operation permanently deletes the build resource and any uploaded build files. Deleting a build does not affect the status of any active fleets using the build, but you can no longer create new fleets with the deleted build.

    To delete a build, specify the build ID.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " }, "DeleteContainerFleet":{ "name":"DeleteContainerFleet", @@ -409,7 +409,7 @@ {"shape":"TaggingFailedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Deletes all resources and information related to a container fleet and shuts down currently running fleet instances, including those in remote locations. The container fleet must be in ACTIVE status to be deleted.

    To delete a fleet, specify the fleet ID to be terminated. During the deletion process, the fleet status is changed to DELETING.

    Learn more

    Setting up Amazon GameLift Fleets

    " + "documentation":"

    This API works with the following fleet types: Container

    Deletes all resources and information related to a container fleet and shuts down currently running fleet instances, including those in remote locations. The container fleet must be in ACTIVE status to be deleted.

    To delete a fleet, specify the fleet ID to be terminated. During the deletion process, the fleet status is changed to DELETING.

    Learn more

    Setting up Amazon GameLift Servers Fleets

    " }, "DeleteContainerGroupDefinition":{ "name":"DeleteContainerGroupDefinition", @@ -427,7 +427,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Deletes a container group definition.

    Request options:

    • Delete an entire container group definition, including all versions. Specify the container group definition name, or use an ARN value without the version number.

    • Delete a particular version. Specify the container group definition name and a version number, or use an ARN value that includes the version number.

    • Keep the newest versions and delete all older versions. Specify the container group definition name and the number of versions to retain. For example, set VersionCountToRetain to 5 to delete all but the five most recent versions.

    Result

    If successful, Amazon GameLift removes the container group definition versions that you request deletion for. This request will fail for any requested versions if the following is true:

    • If the version is being used in an active fleet

    • If the version is being deployed to a fleet in a deployment that's currently in progress.

    • If the version is designated as a rollback definition in a fleet deployment that's currently in progress.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: Container

    Request options:

    Deletes a container group definition.

    • Delete an entire container group definition, including all versions. Specify the container group definition name, or use an ARN value without the version number.

    • Delete a particular version. Specify the container group definition name and a version number, or use an ARN value that includes the version number.

    • Keep the newest versions and delete all older versions. Specify the container group definition name and the number of versions to retain. For example, set VersionCountToRetain to 5 to delete all but the five most recent versions.

    Result

    If successful, Amazon GameLift Servers removes the container group definition versions that you request deletion for. This request will fail for any requested versions if the following is true:

    • If the version is being used in an active fleet

    • If the version is being deployed to a fleet in a deployment that's currently in progress.

    • If the version is designated as a rollback definition in a fleet deployment that's currently in progress.

    Learn more

    " }, "DeleteFleet":{ "name":"DeleteFleet", @@ -444,7 +444,7 @@ {"shape":"InvalidRequestException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Deletes all resources and information related to a fleet and shuts down any currently running fleet instances, including those in remote locations.

    If the fleet being deleted has a VPC peering connection, you first need to get a valid authorization (good for 24 hours) by calling CreateVpcPeeringAuthorization. You don't need to explicitly delete the VPC peering connection.

    To delete a fleet, specify the fleet ID to be terminated. During the deletion process, the fleet status is changed to DELETING. When completed, the status switches to TERMINATED and the fleet event FLEET_DELETED is emitted.

    Learn more

    Setting up Amazon GameLift Fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Deletes all resources and information related to a fleet and shuts down any currently running fleet instances, including those in remote locations.

    If the fleet being deleted has a VPC peering connection, you first need to get a valid authorization (good for 24 hours) by calling CreateVpcPeeringAuthorization. You don't need to explicitly delete the VPC peering connection.

    To delete a fleet, specify the fleet ID to be terminated. During the deletion process, the fleet status is changed to DELETING. When completed, the status switches to TERMINATED and the fleet event FLEET_DELETED is emitted.

    Learn more

    Setting up Amazon GameLift Servers Fleets

    " }, "DeleteFleetLocations":{ "name":"DeleteFleetLocations", @@ -461,7 +461,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Removes locations from a multi-location fleet. When deleting a location, all game server process and all instances that are still active in the location are shut down.

    To delete fleet locations, identify the fleet ID and provide a list of the locations to be deleted.

    If successful, GameLift sets the location status to DELETING, and begins to shut down existing server processes and terminate instances in each location being deleted. When completed, the location status changes to TERMINATED.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Removes locations from a multi-location fleet. When deleting a location, all game server process and all instances that are still active in the location are shut down.

    To delete fleet locations, identify the fleet ID and provide a list of the locations to be deleted.

    If successful, GameLift sets the location status to DELETING, and begins to shut down existing server processes and terminate instances in each location being deleted. When completed, the location status changes to TERMINATED.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "DeleteGameServerGroup":{ "name":"DeleteGameServerGroup", @@ -477,7 +477,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Terminates a game server group and permanently deletes the game server group record. You have several options for how these resources are impacted when deleting the game server group. Depending on the type of delete operation selected, this operation might affect these resources:

    • The game server group

    • The corresponding Auto Scaling group

    • All game servers that are currently running in the group

    To delete a game server group, identify the game server group to delete and specify the type of delete operation to initiate. Game server groups can only be deleted if they are in ACTIVE or ERROR status.

    If the delete request is successful, a series of operations are kicked off. The game server group status is changed to DELETE_SCHEDULED, which prevents new game servers from being registered and stops automatic scaling activity. Once all game servers in the game server group are deregistered, Amazon GameLift FleetIQ can begin deleting resources. If any of the delete operations fail, the game server group is placed in ERROR status.

    Amazon GameLift FleetIQ emits delete events to Amazon CloudWatch.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Terminates a game server group and permanently deletes the game server group record. You have several options for how these resources are impacted when deleting the game server group. Depending on the type of delete operation selected, this operation might affect these resources:

    • The game server group

    • The corresponding Auto Scaling group

    • All game servers that are currently running in the group

    To delete a game server group, identify the game server group to delete and specify the type of delete operation to initiate. Game server groups can only be deleted if they are in ACTIVE or ERROR status.

    If the delete request is successful, a series of operations are kicked off. The game server group status is changed to DELETE_SCHEDULED, which prevents new game servers from being registered and stops automatic scaling activity. Once all game servers in the game server group are deregistered, Amazon GameLift Servers FleetIQ can begin deleting resources. If any of the delete operations fail, the game server group is placed in ERROR status.

    Amazon GameLift Servers FleetIQ emits delete events to Amazon CloudWatch.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "DeleteGameSessionQueue":{ "name":"DeleteGameSessionQueue", @@ -494,7 +494,7 @@ {"shape":"UnauthorizedException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Deletes a game session queue. Once a queue is successfully deleted, unfulfilled StartGameSessionPlacement requests that reference the queue will fail. To delete a queue, specify the queue name.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Deletes a game session queue. Once a queue is successfully deleted, unfulfilled StartGameSessionPlacement requests that reference the queue will fail. To delete a queue, specify the queue name.

    " }, "DeleteLocation":{ "name":"DeleteLocation", @@ -510,7 +510,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Deletes a custom location.

    Before deleting a custom location, review any fleets currently using the custom location and deregister the location if it is in use. For more information, see DeregisterCompute.

    " + "documentation":"

    This API works with the following fleet types: Anywhere

    Deletes a custom location.

    Before deleting a custom location, review any fleets currently using the custom location and deregister the location if it is in use. For more information, see DeregisterCompute.

    " }, "DeleteMatchmakingConfiguration":{ "name":"DeleteMatchmakingConfiguration", @@ -527,7 +527,7 @@ {"shape":"UnsupportedRegionException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Permanently removes a FlexMatch matchmaking configuration. To delete, specify the configuration name. A matchmaking configuration cannot be deleted if it is being used in any active matchmaking tickets.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Permanently removes a FlexMatch matchmaking configuration. To delete, specify the configuration name. A matchmaking configuration cannot be deleted if it is being used in any active matchmaking tickets.

    " }, "DeleteMatchmakingRuleSet":{ "name":"DeleteMatchmakingRuleSet", @@ -544,7 +544,7 @@ {"shape":"NotFoundException"}, {"shape":"TaggingFailedException"} ], - "documentation":"

    Deletes an existing matchmaking rule set. To delete the rule set, provide the rule set name. Rule sets cannot be deleted if they are currently being used by a matchmaking configuration.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Deletes an existing matchmaking rule set. To delete the rule set, provide the rule set name. Rule sets cannot be deleted if they are currently being used by a matchmaking configuration.

    Learn more

    " }, "DeleteScalingPolicy":{ "name":"DeleteScalingPolicy", @@ -560,7 +560,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Deletes a fleet scaling policy. Once deleted, the policy is no longer in force and Amazon GameLift removes all record of it. To delete a scaling policy, specify both the scaling policy name and the fleet ID it is associated with.

    To temporarily suspend scaling policies, use StopFleetActions. This operation suspends all policies for the fleet.

    " + "documentation":"

    This API works with the following fleet types: EC2

    Deletes a fleet scaling policy. Once deleted, the policy is no longer in force and Amazon GameLift Servers removes all record of it. To delete a scaling policy, specify both the scaling policy name and the fleet ID it is associated with.

    To temporarily suspend scaling policies, use StopFleetActions. This operation suspends all policies for the fleet.

    " }, "DeleteScript":{ "name":"DeleteScript", @@ -576,7 +576,7 @@ {"shape":"TaggingFailedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Deletes a Realtime script. This operation permanently deletes the script record. If script files were uploaded, they are also deleted (files stored in an S3 bucket are not deleted).

    To delete a script, specify the script ID. Before deleting a script, be sure to terminate all fleets that are deployed with the script being deleted. Fleet instances periodically check for script updates, and if the script record no longer exists, the instance will go into an error state and be unable to host game sessions.

    Learn more

    Amazon GameLift Realtime Servers

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Deletes a Realtime script. This operation permanently deletes the script record. If script files were uploaded, they are also deleted (files stored in an S3 bucket are not deleted).

    To delete a script, specify the script ID. Before deleting a script, be sure to terminate all fleets that are deployed with the script being deleted. Fleet instances periodically check for script updates, and if the script record no longer exists, the instance will go into an error state and be unable to host game sessions.

    Learn more

    Amazon GameLift Servers Amazon GameLift Servers Realtime

    Related actions

    All APIs by task

    " }, "DeleteVpcPeeringAuthorization":{ "name":"DeleteVpcPeeringAuthorization", @@ -592,7 +592,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Cancels a pending VPC peering authorization for the specified VPC. If you need to delete an existing VPC peering connection, use DeleteVpcPeeringConnection.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Cancels a pending VPC peering authorization for the specified VPC. If you need to delete an existing VPC peering connection, use DeleteVpcPeeringConnection.

    Related actions

    All APIs by task

    " }, "DeleteVpcPeeringConnection":{ "name":"DeleteVpcPeeringConnection", @@ -608,7 +608,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Removes a VPC peering connection. To delete the connection, you must have a valid authorization for the VPC peering connection that you want to delete..

    Once a valid authorization exists, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift fleets. Identify the connection to delete by the connection ID and fleet ID. If successful, the connection is removed.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Removes a VPC peering connection. To delete the connection, you must have a valid authorization for the VPC peering connection that you want to delete..

    Once a valid authorization exists, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift Servers fleets. Identify the connection to delete by the connection ID and fleet ID. If successful, the connection is removed.

    Related actions

    All APIs by task

    " }, "DeregisterCompute":{ "name":"DeregisterCompute", @@ -624,7 +624,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Removes a compute resource from an Amazon GameLift Anywhere fleet. Deregistered computes can no longer host game sessions through Amazon GameLift.

    For an Anywhere fleet that's running the Amazon GameLift Agent, the Agent handles all compute registry tasks for you. For an Anywhere fleet that doesn't use the Agent, call this operation to deregister fleet computes.

    To deregister a compute, call this operation from the compute that's being deregistered and specify the compute name and the fleet ID.

    " + "documentation":"

    This API works with the following fleet types: Anywhere

    Removes a compute resource from an Anywhere fleet. Deregistered computes can no longer host game sessions through Amazon GameLift Servers. Use this operation with an Anywhere fleet that doesn't use the Amazon GameLift Servers Agent For Anywhere fleets with the Agent, the Agent handles all compute registry tasks for you.

    To deregister a compute, call this operation from the compute that's being deregistered and specify the compute name and the fleet ID.

    " }, "DeregisterGameServer":{ "name":"DeregisterGameServer", @@ -639,7 +639,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Removes the game server from a game server group. As a result of this operation, the deregistered game server can no longer be claimed and will not be returned in a list of active game servers.

    To deregister a game server, specify the game server group and game server ID. If successful, this operation emits a CloudWatch event with termination timestamp and reason.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Removes the game server from a game server group. As a result of this operation, the deregistered game server can no longer be claimed and will not be returned in a list of active game servers.

    To deregister a game server, specify the game server group and game server ID. If successful, this operation emits a CloudWatch event with termination timestamp and reason.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "DescribeAlias":{ "name":"DescribeAlias", @@ -655,7 +655,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves properties for an alias. This operation returns all alias metadata and settings. To get an alias's target fleet ID only, use ResolveAlias.

    To get alias properties, specify the alias ID. If successful, the requested alias record is returned.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves properties for an alias. This operation returns all alias metadata and settings. To get an alias's target fleet ID only, use ResolveAlias.

    To get alias properties, specify the alias ID. If successful, the requested alias record is returned.

    Related actions

    All APIs by task

    " }, "DescribeBuild":{ "name":"DescribeBuild", @@ -671,7 +671,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves properties for a custom game build. To request a build resource, specify a build ID. If successful, an object containing the build properties is returned.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves properties for a custom game build. To request a build resource, specify a build ID. If successful, an object containing the build properties is returned.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " }, "DescribeCompute":{ "name":"DescribeCompute", @@ -688,7 +688,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves properties for a compute resource in an Amazon GameLift fleet. To get a list of all computes in a fleet, call https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListCompute.html.

    To request information on a specific compute, provide the fleet ID and compute name.

    If successful, this operation returns details for the requested compute resource. Depending on the fleet's compute type, the result includes the following information:

    • For managed EC2 fleets, this operation returns information about the EC2 instance.

    • For Anywhere fleets, this operation returns information about the registered compute.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves properties for a specific compute resource in an Amazon GameLift Servers fleet. You can list all computes in a fleet by calling ListCompute.

    Request options

    Provide the fleet ID and compute name. The compute name varies depending on the type of fleet.

    • For a compute in a managed EC2 fleet, provide an instance ID. Each instance in the fleet is a compute.

    • For a compute in a managed container fleet, provide a compute name. In a container fleet, each game server container group on a fleet instance is assigned a compute name.

    • For a compute in an Anywhere fleet, provide a registered compute name. Anywhere fleet computes are created when you register a hosting resource with the fleet.

    Results

    If successful, this operation returns details for the requested compute resource. Depending on the fleet's compute type, the result includes the following information:

    • For a managed EC2 fleet, this operation returns information about the EC2 instance.

    • For an Anywhere fleet, this operation returns information about the registered compute.

    " }, "DescribeContainerFleet":{ "name":"DescribeContainerFleet", @@ -705,7 +705,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the properties for a container fleet. When requesting attributes for multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    Request options

    • Get container fleet properties for a single fleet. Provide either the fleet ID or ARN value.

    Results

    If successful, a ContainerFleet object is returned. This object includes the fleet properties, including information about the most recent deployment.

    Some API operations limit the number of fleet IDs that allowed in one request. If a request exceeds this limit, the request fails and the error message contains the maximum allowed number.

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves the properties for a container fleet. When requesting attributes for multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    Request options

    • Get container fleet properties for a single fleet. Provide either the fleet ID or ARN value.

    Results

    If successful, a ContainerFleet object is returned. This object includes the fleet properties, including information about the most recent deployment.

    Some API operations limit the number of fleet IDs that allowed in one request. If a request exceeds this limit, the request fails and the error message contains the maximum allowed number.

    " }, "DescribeContainerGroupDefinition":{ "name":"DescribeContainerGroupDefinition", @@ -722,7 +722,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the properties of a container group definition, including all container definitions in the group.

    Request options:

    • Retrieve the latest version of a container group definition. Specify the container group definition name only, or use an ARN value without a version number.

    • Retrieve a particular version. Specify the container group definition name and a version number, or use an ARN value that includes the version number.

    Results:

    If successful, this operation returns the complete properties of a container group definition version.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves the properties of a container group definition, including all container definitions in the group.

    Request options:

    • Retrieve the latest version of a container group definition. Specify the container group definition name only, or use an ARN value without a version number.

    • Retrieve a particular version. Specify the container group definition name and a version number, or use an ARN value that includes the version number.

    Results:

    If successful, this operation returns the complete properties of a container group definition version.

    Learn more

    " }, "DescribeEC2InstanceLimits":{ "name":"DescribeEC2InstanceLimits", @@ -738,7 +738,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the instance limits and current utilization for an Amazon Web Services Region or location. Instance limits control the number of instances, per instance type, per location, that your Amazon Web Services account can use. Learn more at Amazon EC2 Instance Types. The information returned includes the maximum number of instances allowed and your account's current usage across all fleets. This information can affect your ability to scale your Amazon GameLift fleets. You can request a limit increase for your account by using the Service limits page in the Amazon GameLift console.

    Instance limits differ based on whether the instances are deployed in a fleet's home Region or in a remote location. For remote locations, limits also differ based on the combination of home Region and remote location. All requests must specify an Amazon Web Services Region (either explicitly or as your default settings). To get the limit for a remote location, you must also specify the location. For example, the following requests all return different results:

    • Request specifies the Region ap-northeast-1 with no location. The result is limits and usage data on all instance types that are deployed in us-east-2, by all of the fleets that reside in ap-northeast-1.

    • Request specifies the Region us-east-1 with location ca-central-1. The result is limits and usage data on all instance types that are deployed in ca-central-1, by all of the fleets that reside in us-east-2. These limits do not affect fleets in any other Regions that deploy instances to ca-central-1.

    • Request specifies the Region eu-west-1 with location ca-central-1. The result is limits and usage data on all instance types that are deployed in ca-central-1, by all of the fleets that reside in eu-west-1.

    This operation can be used in the following ways:

    • To get limit and usage data for all instance types that are deployed in an Amazon Web Services Region by fleets that reside in the same Region: Specify the Region only. Optionally, specify a single instance type to retrieve information for.

    • To get limit and usage data for all instance types that are deployed to a remote location by fleets that reside in different Amazon Web Services Region: Provide both the Amazon Web Services Region and the remote location. Optionally, specify a single instance type to retrieve information for.

    If successful, an EC2InstanceLimits object is returned with limits and usage data for each requested instance type.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves the instance limits and current utilization for an Amazon Web Services Region or location. Instance limits control the number of instances, per instance type, per location, that your Amazon Web Services account can use. Learn more at Amazon EC2 Instance Types. The information returned includes the maximum number of instances allowed and your account's current usage across all fleets. This information can affect your ability to scale your Amazon GameLift Servers fleets. You can request a limit increase for your account by using the Service limits page in the Amazon GameLift Servers console.

    Instance limits differ based on whether the instances are deployed in a fleet's home Region or in a remote location. For remote locations, limits also differ based on the combination of home Region and remote location. All requests must specify an Amazon Web Services Region (either explicitly or as your default settings). To get the limit for a remote location, you must also specify the location. For example, the following requests all return different results:

    • Request specifies the Region ap-northeast-1 with no location. The result is limits and usage data on all instance types that are deployed in us-east-2, by all of the fleets that reside in ap-northeast-1.

    • Request specifies the Region us-east-1 with location ca-central-1. The result is limits and usage data on all instance types that are deployed in ca-central-1, by all of the fleets that reside in us-east-2. These limits do not affect fleets in any other Regions that deploy instances to ca-central-1.

    • Request specifies the Region eu-west-1 with location ca-central-1. The result is limits and usage data on all instance types that are deployed in ca-central-1, by all of the fleets that reside in eu-west-1.

    This operation can be used in the following ways:

    • To get limit and usage data for all instance types that are deployed in an Amazon Web Services Region by fleets that reside in the same Region: Specify the Region only. Optionally, specify a single instance type to retrieve information for.

    • To get limit and usage data for all instance types that are deployed to a remote location by fleets that reside in different Amazon Web Services Region: Provide both the Amazon Web Services Region and the remote location. Optionally, specify a single instance type to retrieve information for.

    If successful, an EC2InstanceLimits object is returned with limits and usage data for each requested instance type.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "DescribeFleetAttributes":{ "name":"DescribeFleetAttributes", @@ -754,7 +754,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves core fleet-wide properties for fleets in an Amazon Web Services Region. Properties include the computing hardware and deployment configuration for instances in the fleet.

    You can use this operation in the following ways:

    • To get attributes for specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get attributes for all fleets, do not provide a fleet identifier.

    When requesting attributes for multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetAttributes object is returned for each fleet requested, unless the fleet identifier is not found.

    Some API operations limit the number of fleet IDs that allowed in one request. If a request exceeds this limit, the request fails and the error message contains the maximum allowed number.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves core fleet-wide properties for fleets in an Amazon Web Services Region. Properties include the computing hardware and deployment configuration for instances in the fleet.

    You can use this operation in the following ways:

    • To get attributes for specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get attributes for all fleets, do not provide a fleet identifier.

    When requesting attributes for multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetAttributes object is returned for each fleet requested, unless the fleet identifier is not found.

    Some API operations limit the number of fleet IDs that allowed in one request. If a request exceeds this limit, the request fails and the error message contains the maximum allowed number.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "DescribeFleetCapacity":{ "name":"DescribeFleetCapacity", @@ -771,7 +771,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the resource capacity settings for one or more fleets. For a container fleet, this operation also returns counts for game server container groups.

    With multi-location fleets, this operation retrieves data for the fleet's home Region only. To retrieve capacity for remote locations, see https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html.

    This operation can be used in the following ways:

    • To get capacity data for one or more specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get capacity data for all fleets, do not provide a fleet identifier.

    When requesting multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetCapacity object is returned for each requested fleet ID. Each FleetCapacity object includes a Location property, which is set to the fleet's home Region. Capacity values are returned only for fleets that currently exist.

    Some API operations may limit the number of fleet IDs that are allowed in one request. If a request exceeds this limit, the request fails and the error message includes the maximum allowed.

    Learn more

    Setting up Amazon GameLift fleets

    GameLift metrics for fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Retrieves the resource capacity settings for one or more fleets. For a container fleet, this operation also returns counts for game server container groups.

    With multi-location fleets, this operation retrieves data for the fleet's home Region only. To retrieve capacity for remote locations, see https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html.

    This operation can be used in the following ways:

    • To get capacity data for one or more specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get capacity data for all fleets, do not provide a fleet identifier.

    When requesting multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetCapacity object is returned for each requested fleet ID. Each FleetCapacity object includes a Location property, which is set to the fleet's home Region. Capacity values are returned only for fleets that currently exist.

    Some API operations may limit the number of fleet IDs that are allowed in one request. If a request exceeds this limit, the request fails and the error message includes the maximum allowed.

    Learn more

    Setting up Amazon GameLift Servers fleets

    GameLift metrics for fleets

    " }, "DescribeFleetDeployment":{ "name":"DescribeFleetDeployment", @@ -788,7 +788,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves information about a managed container fleet deployment.

    Request options

    • Get information about the latest deployment for a specific fleet. Provide the fleet ID or ARN.

    • Get information about a specific deployment. Provide the fleet ID or ARN and the deployment ID.

    Results

    If successful, a FleetDeployment object is returned.

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves information about a managed container fleet deployment.

    Request options

    • Get information about the latest deployment for a specific fleet. Provide the fleet ID or ARN.

    • Get information about a specific deployment. Provide the fleet ID or ARN and the deployment ID.

    Results

    If successful, a FleetDeployment object is returned.

    " }, "DescribeFleetEvents":{ "name":"DescribeFleetEvents", @@ -805,7 +805,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves entries from a fleet's event log. Fleet events are initiated by changes in status, such as during fleet creation and termination, changes in capacity, etc. If a fleet has multiple locations, events are also initiated by changes to status and capacity in remote locations.

    You can specify a time range to limit the result set. Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a collection of event log entries matching the request are returned.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves entries from a fleet's event log. Fleet events are initiated by changes in status, such as during fleet creation and termination, changes in capacity, etc. If a fleet has multiple locations, events are also initiated by changes to status and capacity in remote locations.

    You can specify a time range to limit the result set. Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a collection of event log entries matching the request are returned.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "DescribeFleetLocationAttributes":{ "name":"DescribeFleetLocationAttributes", @@ -822,7 +822,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves information on a fleet's remote locations, including life-cycle status and any suspended fleet activity.

    This operation can be used in the following ways:

    • To get data for specific locations, provide a fleet identifier and a list of locations. Location data is returned in the order that it is requested.

    • To get data for all locations, provide a fleet identifier only. Location data is returned in no particular order.

    When requesting attributes for multiple locations, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a LocationAttributes object is returned for each requested location. If the fleet does not have a requested location, no information is returned. This operation does not return the home Region. To get information on a fleet's home Region, call DescribeFleetAttributes.

    Learn more

    Setting up Amazon GameLift fleets

    Amazon GameLift service locations for managed hosting

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Retrieves information on a fleet's remote locations, including life-cycle status and any suspended fleet activity.

    This operation can be used in the following ways:

    • To get data for specific locations, provide a fleet identifier and a list of locations. Location data is returned in the order that it is requested.

    • To get data for all locations, provide a fleet identifier only. Location data is returned in no particular order.

    When requesting attributes for multiple locations, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a LocationAttributes object is returned for each requested location. If the fleet does not have a requested location, no information is returned. This operation does not return the home Region. To get information on a fleet's home Region, call DescribeFleetAttributes.

    Learn more

    Setting up Amazon GameLift Servers fleets

    Amazon GameLift Servers service locations for managed hosting

    " }, "DescribeFleetLocationCapacity":{ "name":"DescribeFleetLocationCapacity", @@ -839,7 +839,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the resource capacity settings for a fleet location. The data returned includes the current capacity (number of EC2 instances) and some scaling settings for the requested fleet location. For a managed container fleet, this operation also returns counts for game server container groups.

    Use this operation to retrieve capacity information for a fleet's remote location or home Region (you can also retrieve home Region capacity by calling DescribeFleetCapacity).

    To retrieve capacity data, identify a fleet and location.

    If successful, a FleetCapacity object is returned for the requested fleet location.

    Learn more

    Setting up Amazon GameLift fleets

    Amazon GameLift service locations for managed hosting

    GameLift metrics for fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Retrieves the resource capacity settings for a fleet location. The data returned includes the current capacity (number of EC2 instances) and some scaling settings for the requested fleet location. For a managed container fleet, this operation also returns counts for game server container groups.

    Use this operation to retrieve capacity information for a fleet's remote location or home Region (you can also retrieve home Region capacity by calling DescribeFleetCapacity).

    To retrieve capacity data, identify a fleet and location.

    If successful, a FleetCapacity object is returned for the requested fleet location.

    Learn more

    Setting up Amazon GameLift Servers fleets

    Amazon GameLift Servers service locations for managed hosting

    GameLift metrics for fleets

    " }, "DescribeFleetLocationUtilization":{ "name":"DescribeFleetLocationUtilization", @@ -856,7 +856,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves current usage data for a fleet location. Utilization data provides a snapshot of current game hosting activity at the requested location. Use this operation to retrieve utilization information for a fleet's remote location or home Region (you can also retrieve home Region utilization by calling DescribeFleetUtilization).

    To retrieve utilization data, identify a fleet and location.

    If successful, a FleetUtilization object is returned for the requested fleet location.

    Learn more

    Setting up Amazon GameLift fleets

    Amazon GameLift service locations for managed hosting

    GameLift metrics for fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves current usage data for a fleet location. Utilization data provides a snapshot of current game hosting activity at the requested location. Use this operation to retrieve utilization information for a fleet's remote location or home Region (you can also retrieve home Region utilization by calling DescribeFleetUtilization).

    To retrieve utilization data, identify a fleet and location.

    If successful, a FleetUtilization object is returned for the requested fleet location.

    Learn more

    Setting up Amazon GameLift Servers fleets

    Amazon GameLift Servers service locations for managed hosting

    GameLift metrics for fleets

    " }, "DescribeFleetPortSettings":{ "name":"DescribeFleetPortSettings", @@ -873,7 +873,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves a fleet's inbound connection permissions. Connection permissions specify IP addresses and port settings that incoming traffic can use to access server processes in the fleet. Game server processes that are running in the fleet must use a port that falls within this range.

    Use this operation in the following ways:

    • To retrieve the port settings for a fleet, identify the fleet's unique identifier.

    • To check the status of recent updates to a fleet remote location, specify the fleet ID and a location. Port setting updates can take time to propagate across all locations.

    If successful, a set of IpPermission objects is returned for the requested fleet ID. When specifying a location, this operation returns a pending status. If the requested fleet has been deleted, the result set is empty.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Retrieves a fleet's inbound connection permissions. Connection permissions specify IP addresses and port settings that incoming traffic can use to access server processes in the fleet. Game server processes that are running in the fleet must use a port that falls within this range.

    Use this operation in the following ways:

    • To retrieve the port settings for a fleet, identify the fleet's unique identifier.

    • To check the status of recent updates to a fleet remote location, specify the fleet ID and a location. Port setting updates can take time to propagate across all locations.

    If successful, a set of IpPermission objects is returned for the requested fleet ID. When specifying a location, this operation returns a pending status. If the requested fleet has been deleted, the result set is empty.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "DescribeFleetUtilization":{ "name":"DescribeFleetUtilization", @@ -889,7 +889,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves utilization statistics for one or more fleets. Utilization data provides a snapshot of how the fleet's hosting resources are currently being used. For fleets with remote locations, this operation retrieves data for the fleet's home Region only. See DescribeFleetLocationUtilization to get utilization statistics for a fleet's remote locations.

    This operation can be used in the following ways:

    • To get utilization data for one or more specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get utilization data for all fleets, do not provide a fleet identifier.

    When requesting multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetUtilization object is returned for each requested fleet ID, unless the fleet identifier is not found. Each fleet utilization object includes a Location property, which is set to the fleet's home Region.

    Some API operations may limit the number of fleet IDs allowed in one request. If a request exceeds this limit, the request fails and the error message includes the maximum allowed.

    Learn more

    Setting up Amazon GameLift Fleets

    GameLift Metrics for Fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Retrieves utilization statistics for one or more fleets. Utilization data provides a snapshot of how the fleet's hosting resources are currently being used. For fleets with remote locations, this operation retrieves data for the fleet's home Region only. See DescribeFleetLocationUtilization to get utilization statistics for a fleet's remote locations.

    This operation can be used in the following ways:

    • To get utilization data for one or more specific fleets, provide a list of fleet IDs or fleet ARNs.

    • To get utilization data for all fleets, do not provide a fleet identifier.

    When requesting multiple fleets, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a FleetUtilization object is returned for each requested fleet ID, unless the fleet identifier is not found. Each fleet utilization object includes a Location property, which is set to the fleet's home Region.

    Some API operations may limit the number of fleet IDs allowed in one request. If a request exceeds this limit, the request fails and the error message includes the maximum allowed.

    Learn more

    Setting up Amazon GameLift Servers Fleets

    GameLift Metrics for Fleets

    " }, "DescribeGameServer":{ "name":"DescribeGameServer", @@ -905,7 +905,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Retrieves information for a registered game server. Information includes game server status, health check info, and the instance that the game server is running on.

    To retrieve game server information, specify the game server ID. If successful, the requested game server object is returned.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Retrieves information for a registered game server. Information includes game server status, health check info, and the instance that the game server is running on.

    To retrieve game server information, specify the game server ID. If successful, the requested game server object is returned.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "DescribeGameServerGroup":{ "name":"DescribeGameServerGroup", @@ -921,7 +921,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Retrieves information on a game server group. This operation returns only properties related to Amazon GameLift FleetIQ. To view or update properties for the corresponding Auto Scaling group, such as launch template, auto scaling policies, and maximum/minimum group size, access the Auto Scaling group directly.

    To get attributes for a game server group, provide a group name or ARN value. If successful, a GameServerGroup object is returned.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Retrieves information on a game server group. This operation returns only properties related to Amazon GameLift Servers FleetIQ. To view or update properties for the corresponding Auto Scaling group, such as launch template, auto scaling policies, and maximum/minimum group size, access the Auto Scaling group directly.

    To get attributes for a game server group, provide a group name or ARN value. If successful, a GameServerGroup object is returned.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "DescribeGameServerInstances":{ "name":"DescribeGameServerInstances", @@ -937,7 +937,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Retrieves status information about the Amazon EC2 instances associated with a Amazon GameLift FleetIQ game server group. Use this operation to detect when instances are active or not available to host new game servers.

    To request status for all instances in the game server group, provide a game server group ID only. To request status for specific instances, provide the game server group ID and one or more instance IDs. Use the pagination parameters to retrieve results in sequential segments. If successful, a collection of GameServerInstance objects is returned.

    This operation is not designed to be called with every game server claim request; this practice can cause you to exceed your API limit, which results in errors. Instead, as a best practice, cache the results and refresh your cache no more than once every 10 seconds.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Retrieves status information about the Amazon EC2 instances associated with a Amazon GameLift Servers FleetIQ game server group. Use this operation to detect when instances are active or not available to host new game servers.

    To request status for all instances in the game server group, provide a game server group ID only. To request status for specific instances, provide the game server group ID and one or more instance IDs. Use the pagination parameters to retrieve results in sequential segments. If successful, a collection of GameServerInstance objects is returned.

    This operation is not designed to be called with every game server claim request; this practice can cause you to exceed your API limit, which results in errors. Instead, as a best practice, cache the results and refresh your cache no more than once every 10 seconds.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "DescribeGameSessionDetails":{ "name":"DescribeGameSessionDetails", @@ -955,7 +955,7 @@ {"shape":"TerminalRoutingStrategyException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves additional game session properties, including the game session protection policy in force, a set of one or more game sessions in a specific fleet location. You can optionally filter the results by current game session status.

    This operation can be used in the following ways:

    • To retrieve details for all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID, with an optional status filter. This approach returns details from the fleet's home Region and all remote locations.

    • To retrieve details for all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name, with optional status filter. The location can be the fleet's home Region or any remote location.

    • To retrieve details for a specific game session, provide the game session ID. This approach looks for the game session ID in all fleets that reside in the Amazon Web Services Region defined in the request.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSessionDetail object is returned for each game session that matches the request.

    Learn more

    Find a game session

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves additional game session properties, including the game session protection policy in force, a set of one or more game sessions in a specific fleet location. You can optionally filter the results by current game session status.

    This operation can be used in the following ways:

    • To retrieve details for all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID, with an optional status filter. This approach returns details from the fleet's home Region and all remote locations.

    • To retrieve details for all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name, with optional status filter. The location can be the fleet's home Region or any remote location.

    • To retrieve details for a specific game session, provide the game session ID. This approach looks for the game session ID in all fleets that reside in the Amazon Web Services Region defined in the request.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSessionDetail object is returned for each game session that matches the request.

    Learn more

    Find a game session

    All APIs by task

    " }, "DescribeGameSessionPlacement":{ "name":"DescribeGameSessionPlacement", @@ -971,7 +971,7 @@ {"shape":"NotFoundException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves information, including current status, about a game session placement request.

    To get game session placement details, specify the placement ID.

    This operation is not designed to be continually called to track game session status. This practice can cause you to exceed your API limit, which results in errors. Instead, you must configure an Amazon Simple Notification Service (SNS) topic to receive notifications from FlexMatch or queues. Continuously polling with DescribeGameSessionPlacement should only be used for games in development with low game session usage.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves information, including current status, about a game session placement request.

    To get game session placement details, specify the placement ID.

    This operation is not designed to be continually called to track game session status. This practice can cause you to exceed your API limit, which results in errors. Instead, you must configure an Amazon Simple Notification Service (SNS) topic to receive notifications from FlexMatch or queues. Continuously polling with DescribeGameSessionPlacement should only be used for games in development with low game session usage.

    " }, "DescribeGameSessionQueues":{ "name":"DescribeGameSessionQueues", @@ -987,7 +987,7 @@ {"shape":"NotFoundException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves the properties for one or more game session queues. When requesting multiple queues, use the pagination parameters to retrieve results as a set of sequential pages. When specifying a list of queues, objects are returned only for queues that currently exist in the Region.

    Learn more

    View Your Queues

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves the properties for one or more game session queues. When requesting multiple queues, use the pagination parameters to retrieve results as a set of sequential pages. When specifying a list of queues, objects are returned only for queues that currently exist in the Region.

    Learn more

    View Your Queues

    " }, "DescribeGameSessions":{ "name":"DescribeGameSessions", @@ -1005,7 +1005,7 @@ {"shape":"TerminalRoutingStrategyException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves a set of one or more game sessions in a specific fleet location. You can optionally filter the results by current game session status.

    This operation can be used in the following ways:

    • To retrieve all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID, with an optional status filter. This approach returns all game sessions in the fleet's home Region and all remote locations.

    • To retrieve all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name, with optional status filter. The location can be the fleet's home Region or any remote location.

    • To retrieve a specific game session, provide the game session ID. This approach looks for the game session ID in all fleets that reside in the Amazon Web Services Region defined in the request.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSession object is returned for each game session that matches the request.

    This operation is not designed to be continually called to track game session status. This practice can cause you to exceed your API limit, which results in errors. Instead, you must configure an Amazon Simple Notification Service (SNS) topic to receive notifications from FlexMatch or queues. Continuously polling with DescribeGameSessions should only be used for games in development with low game session usage.

    Available in Amazon GameLift Local.

    Learn more

    Find a game session

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves a set of one or more game sessions in a specific fleet location. You can optionally filter the results by current game session status.

    This operation can be used in the following ways:

    • To retrieve all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID, with an optional status filter. This approach returns all game sessions in the fleet's home Region and all remote locations.

    • To retrieve all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name, with optional status filter. The location can be the fleet's home Region or any remote location.

    • To retrieve a specific game session, provide the game session ID. This approach looks for the game session ID in all fleets that reside in the Amazon Web Services Region defined in the request.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSession object is returned for each game session that matches the request.

    This operation is not designed to be continually called to track game session status. This practice can cause you to exceed your API limit, which results in errors. Instead, you must configure an Amazon Simple Notification Service (SNS) topic to receive notifications from FlexMatch or queues. Continuously polling with DescribeGameSessions should only be used for games in development with low game session usage.

    Available in Amazon GameLift Servers Local.

    Learn more

    Find a game session

    All APIs by task

    " }, "DescribeInstances":{ "name":"DescribeInstances", @@ -1022,7 +1022,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves information about the EC2 instances in an Amazon GameLift managed fleet, including instance ID, connection data, and status. You can use this operation with a multi-location fleet to get location-specific instance information. As an alternative, use the operations https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListCompute and https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeCompute to retrieve information for compute resources, including EC2 and Anywhere fleets.

    You can call this operation in the following ways:

    • To get information on all instances in a fleet's home Region, specify the fleet ID.

    • To get information on all instances in a fleet's remote location, specify the fleet ID and location name.

    • To get information on a specific instance in a fleet, specify the fleet ID and instance ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns Instance objects for each requested instance, listed in no particular order. If you call this operation for an Anywhere fleet, you receive an InvalidRequestException.

    Learn more

    Remotely connect to fleet instances

    Debug fleet issues

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves information about the EC2 instances in an Amazon GameLift Servers managed fleet, including instance ID, connection data, and status. You can use this operation with a multi-location fleet to get location-specific instance information. As an alternative, use the operations https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListCompute and https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeCompute to retrieve information for compute resources, including EC2 and Anywhere fleets.

    You can call this operation in the following ways:

    • To get information on all instances in a fleet's home Region, specify the fleet ID.

    • To get information on all instances in a fleet's remote location, specify the fleet ID and location name.

    • To get information on a specific instance in a fleet, specify the fleet ID and instance ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns Instance objects for each requested instance, listed in no particular order. If you call this operation for an Anywhere fleet, you receive an InvalidRequestException.

    Learn more

    Remotely connect to fleet instances

    Debug fleet issues

    Related actions

    All APIs by task

    " }, "DescribeMatchmaking":{ "name":"DescribeMatchmaking", @@ -1037,7 +1037,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves one or more matchmaking tickets. Use this operation to retrieve ticket information, including--after a successful match is made--connection information for the resulting new game session.

    To request matchmaking tickets, provide a list of up to 10 ticket IDs. If the request is successful, a ticket object is returned for each requested ID that currently exists.

    This operation is not designed to be continually called to track matchmaking ticket status. This practice can cause you to exceed your API limit, which results in errors. Instead, as a best practice, set up an Amazon Simple Notification Service to receive notifications, and provide the topic ARN in the matchmaking configuration.

    Learn more

    Add FlexMatch to a game client

    Set Up FlexMatch event notification

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves one or more matchmaking tickets. Use this operation to retrieve ticket information, including--after a successful match is made--connection information for the resulting new game session.

    To request matchmaking tickets, provide a list of up to 10 ticket IDs. If the request is successful, a ticket object is returned for each requested ID that currently exists.

    This operation is not designed to be continually called to track matchmaking ticket status. This practice can cause you to exceed your API limit, which results in errors. Instead, as a best practice, set up an Amazon Simple Notification Service to receive notifications, and provide the topic ARN in the matchmaking configuration.

    Learn more

    Add FlexMatch to a game client

    Set Up FlexMatch event notification

    " }, "DescribeMatchmakingConfigurations":{ "name":"DescribeMatchmakingConfigurations", @@ -1052,7 +1052,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the details of FlexMatch matchmaking configurations.

    This operation offers the following options: (1) retrieve all matchmaking configurations, (2) retrieve configurations for a specified list, or (3) retrieve all configurations that use a specified rule set name. When requesting multiple items, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a configuration is returned for each requested name. When specifying a list of names, only configurations that currently exist are returned.

    Learn more

    Setting up FlexMatch matchmakers

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves the details of FlexMatch matchmaking configurations.

    This operation offers the following options: (1) retrieve all matchmaking configurations, (2) retrieve configurations for a specified list, or (3) retrieve all configurations that use a specified rule set name. When requesting multiple items, use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a configuration is returned for each requested name. When specifying a list of names, only configurations that currently exist are returned.

    Learn more

    Setting up FlexMatch matchmakers

    " }, "DescribeMatchmakingRuleSets":{ "name":"DescribeMatchmakingRuleSets", @@ -1068,7 +1068,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves the details for FlexMatch matchmaking rule sets. You can request all existing rule sets for the Region, or provide a list of one or more rule set names. When requesting multiple items, use the pagination parameters to retrieve results as a set of sequential pages. If successful, a rule set is returned for each requested name.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves the details for FlexMatch matchmaking rule sets. You can request all existing rule sets for the Region, or provide a list of one or more rule set names. When requesting multiple items, use the pagination parameters to retrieve results as a set of sequential pages. If successful, a rule set is returned for each requested name.

    Learn more

    " }, "DescribePlayerSessions":{ "name":"DescribePlayerSessions", @@ -1084,7 +1084,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves properties for one or more player sessions.

    This action can be used in the following ways:

    • To retrieve a specific player session, provide the player session ID only.

    • To retrieve all player sessions in a game session, provide the game session ID only.

    • To retrieve all player sessions for a specific player, provide a player ID only.

    To request player sessions, specify either a player session ID, game session ID, or player ID. You can filter this request by player session status. If you provide a specific PlayerSessionId or PlayerId, Amazon GameLift ignores the filter criteria. Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a PlayerSession object is returned for each session that matches the request.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves properties for one or more player sessions.

    This action can be used in the following ways:

    • To retrieve a specific player session, provide the player session ID only.

    • To retrieve all player sessions in a game session, provide the game session ID only.

    • To retrieve all player sessions for a specific player, provide a player ID only.

    To request player sessions, specify either a player session ID, game session ID, or player ID. You can filter this request by player session status. If you provide a specific PlayerSessionId or PlayerId, Amazon GameLift Servers ignores the filter criteria. Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a PlayerSession object is returned for each session that matches the request.

    Related actions

    All APIs by task

    " }, "DescribeRuntimeConfiguration":{ "name":"DescribeRuntimeConfiguration", @@ -1100,7 +1100,7 @@ {"shape":"InternalServiceException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

    Retrieves a fleet's runtime configuration settings. The runtime configuration determines which server processes run, and how, on computes in the fleet. For managed EC2 fleets, the runtime configuration describes server processes that run on each fleet instance. can update a fleet's runtime configuration at any time using UpdateRuntimeConfiguration.

    To get the current runtime configuration for a fleet, provide the fleet ID.

    If successful, a RuntimeConfiguration object is returned for the requested fleet. If the requested fleet has been deleted, the result set is empty.

    Learn more

    Setting up Amazon GameLift fleets

    Running multiple processes on a fleet

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves a fleet's runtime configuration settings. The runtime configuration determines which server processes run, and how, on computes in the fleet. For managed EC2 fleets, the runtime configuration describes server processes that run on each fleet instance. You can update a fleet's runtime configuration at any time using UpdateRuntimeConfiguration.

    To get the current runtime configuration for a fleet, provide the fleet ID.

    If successful, a RuntimeConfiguration object is returned for the requested fleet. If the requested fleet has been deleted, the result set is empty.

    Learn more

    Setting up Amazon GameLift Servers fleets

    Running multiple processes on a fleet

    " }, "DescribeScalingPolicies":{ "name":"DescribeScalingPolicies", @@ -1117,7 +1117,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves all scaling policies applied to a fleet.

    To get a fleet's scaling policies, specify the fleet ID. You can filter this request by policy status, such as to retrieve only active scaling policies. Use the pagination parameters to retrieve results as a set of sequential pages. If successful, set of ScalingPolicy objects is returned for the fleet.

    A fleet may have all of its scaling policies suspended. This operation does not affect the status of the scaling policies, which remains ACTIVE.

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves all scaling policies applied to a fleet.

    To get a fleet's scaling policies, specify the fleet ID. You can filter this request by policy status, such as to retrieve only active scaling policies. Use the pagination parameters to retrieve results as a set of sequential pages. If successful, set of ScalingPolicy objects is returned for the fleet.

    A fleet may have all of its scaling policies suspended. This operation does not affect the status of the scaling policies, which remains ACTIVE.

    " }, "DescribeScript":{ "name":"DescribeScript", @@ -1133,7 +1133,7 @@ {"shape":"InternalServiceException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Retrieves properties for a Realtime script.

    To request a script record, specify the script ID. If successful, an object containing the script properties is returned.

    Learn more

    Amazon GameLift Realtime Servers

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves properties for a Realtime script.

    To request a script record, specify the script ID. If successful, an object containing the script properties is returned.

    Learn more

    Amazon GameLift Servers Amazon GameLift Servers Realtime

    Related actions

    All APIs by task

    " }, "DescribeVpcPeeringAuthorizations":{ "name":"DescribeVpcPeeringAuthorizations", @@ -1148,7 +1148,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves valid VPC peering authorizations that are pending for the Amazon Web Services account. This operation returns all VPC peering authorizations and requests for peering. This includes those initiated and received by this account.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves valid VPC peering authorizations that are pending for the Amazon Web Services account. This operation returns all VPC peering authorizations and requests for peering. This includes those initiated and received by this account.

    Related actions

    All APIs by task

    " }, "DescribeVpcPeeringConnections":{ "name":"DescribeVpcPeeringConnections", @@ -1164,7 +1164,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves information on VPC peering connections. Use this operation to get peering information for all fleets or for one specific fleet ID.

    To retrieve connection information, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift fleets. Specify a fleet ID or leave the parameter empty to retrieve all connection records. If successful, the retrieved information includes both active and pending connections. Active connections identify the IpV4 CIDR block that the VPC uses to connect.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves information on VPC peering connections. Use this operation to get peering information for all fleets or for one specific fleet ID.

    To retrieve connection information, call this operation from the Amazon Web Services account that is used to manage the Amazon GameLift Servers fleets. Specify a fleet ID or leave the parameter empty to retrieve all connection records. If successful, the retrieved information includes both active and pending connections. Active connections identify the IpV4 CIDR block that the VPC uses to connect.

    Related actions

    All APIs by task

    " }, "GetComputeAccess":{ "name":"GetComputeAccess", @@ -1181,7 +1181,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Requests authorization to remotely connect to a hosting resource in a Amazon GameLift managed fleet. This operation is not used with Amazon GameLift Anywhere fleets.

    Request options

    To request access to a compute, specify the compute name and the fleet ID.

    Results

    If successful, this operation returns a set of temporary Amazon Web Services credentials, including a two-part access key and a session token.

    • With a managed EC2 fleet (where compute type is EC2), use these credentials with Amazon EC2 Systems Manager (SSM) to start a session with the compute. For more details, see Starting a session (CLI) in the Amazon EC2 Systems Manager User Guide.

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Requests authorization to remotely connect to a hosting resource in a Amazon GameLift Servers managed fleet. This operation is not used with Amazon GameLift Servers Anywhere fleets.

    Request options

    Provide the fleet ID and compute name. The compute name varies depending on the type of fleet.

    • For a compute in a managed EC2 fleet, provide an instance ID. Each instance in the fleet is a compute.

    • For a compute in a managed container fleet, provide a compute name. In a container fleet, each game server container group on a fleet instance is assigned a compute name.

    Results

    If successful, this operation returns a set of temporary Amazon Web Services credentials, including a two-part access key and a session token.

    • With a managed EC2 fleet (where compute type is EC2), use these credentials with Amazon EC2 Systems Manager (SSM) to start a session with the compute. For more details, see Starting a session (CLI) in the Amazon EC2 Systems Manager User Guide.

    " }, "GetComputeAuthToken":{ "name":"GetComputeAuthToken", @@ -1198,7 +1198,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Requests an authentication token from Amazon GameLift for a compute resource in an Amazon GameLift fleet. Game servers that are running on the compute use this token to communicate with the Amazon GameLift service, such as when calling the Amazon GameLift server SDK action InitSDK(). Authentication tokens are valid for a limited time span, so you need to request a fresh token before the current token expires.

    Request options

    • For managed EC2 fleets (compute type EC2), auth token retrieval and refresh is handled automatically. All game servers that are running on all fleet instances have access to a valid auth token.

    • For Anywhere fleets (compute type ANYWHERE), if you're using the Amazon GameLift Agent, auth token retrieval and refresh is handled automatically for any compute where the Agent is running. If you're not using the Agent, create a mechanism to retrieve and refresh auth tokens for computes that are running game server processes.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Requests an authentication token from Amazon GameLift Servers for a compute resource in an Amazon GameLift Servers fleet. Game servers that are running on the compute use this token to communicate with the Amazon GameLift Servers service, such as when calling the Amazon GameLift Servers server SDK action InitSDK(). Authentication tokens are valid for a limited time span, so you need to request a fresh token before the current token expires.

    Request options

    • For managed EC2 fleets (compute type EC2), auth token retrieval and refresh is handled automatically. All game servers that are running on all fleet instances have access to a valid auth token.

    • For Anywhere fleets (compute type ANYWHERE), if you're using the Amazon GameLift Servers Agent, auth token retrieval and refresh is handled automatically for any compute where the Agent is running. If you're not using the Agent, create a mechanism to retrieve and refresh auth tokens for computes that are running game server processes.

    Learn more

    " }, "GetGameSessionLogUrl":{ "name":"GetGameSessionLogUrl", @@ -1214,7 +1214,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

    Retrieves the location of stored game session logs for a specified game session on Amazon GameLift managed fleets. When a game session is terminated, Amazon GameLift automatically stores the logs in Amazon S3 and retains them for 14 days. Use this URL to download the logs.

    See the Amazon Web Services Service Limits page for maximum log file sizes. Log files that exceed this limit are not saved.

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves the location of stored game session logs for a specified game session on Amazon GameLift Servers managed fleets. When a game session is terminated, Amazon GameLift Servers automatically stores the logs in Amazon S3 and retains them for 14 days. Use this URL to download the logs.

    See the Amazon Web Services Service Limits page for maximum log file sizes. Log files that exceed this limit are not saved.

    All APIs by task

    " }, "GetInstanceAccess":{ "name":"GetInstanceAccess", @@ -1230,7 +1230,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Requests authorization to remotely connect to an instance in an Amazon GameLift managed fleet. Use this operation to connect to instances with game servers that use Amazon GameLift server SDK 4.x or earlier. To connect to instances with game servers that use server SDK 5.x or later, call https://docs.aws.amazon.com/gamelift/latest/apireference/API_GetComputeAccess.

    To request access to an instance, specify IDs for the instance and the fleet it belongs to. You can retrieve instance IDs for a fleet by calling DescribeInstances with the fleet ID.

    If successful, this operation returns an IP address and credentials. The returned credentials match the operating system of the instance, as follows:

    • For a Windows instance: returns a user name and secret (password) for use with a Windows Remote Desktop client.

    • For a Linux instance: returns a user name and secret (RSA private key) for use with an SSH client. You must save the secret to a .pem file. If you're using the CLI, see the example Get credentials for a Linux instance for tips on automatically saving the secret to a .pem file.

    Learn more

    Remotely connect to fleet instances

    Debug fleet issues

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Requests authorization to remotely connect to an instance in an Amazon GameLift Servers managed fleet. Use this operation to connect to instances with game servers that use Amazon GameLift Servers server SDK 4.x or earlier. To connect to instances with game servers that use server SDK 5.x or later, call https://docs.aws.amazon.com/gamelift/latest/apireference/API_GetComputeAccess.

    To request access to an instance, specify IDs for the instance and the fleet it belongs to. You can retrieve instance IDs for a fleet by calling DescribeInstances with the fleet ID.

    If successful, this operation returns an IP address and credentials. The returned credentials match the operating system of the instance, as follows:

    • For a Windows instance: returns a user name and secret (password) for use with a Windows Remote Desktop client.

    • For a Linux instance: returns a user name and secret (RSA private key) for use with an SSH client. You must save the secret to a .pem file. If you're using the CLI, see the example Get credentials for a Linux instance for tips on automatically saving the secret to a .pem file.

    Learn more

    Remotely connect to fleet instances

    Debug fleet issues

    Related actions

    All APIs by task

    " }, "ListAliases":{ "name":"ListAliases", @@ -1245,7 +1245,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves all aliases for this Amazon Web Services account. You can filter the result set by alias name and/or routing strategy type. Use the pagination parameters to retrieve results in sequential pages.

    Returned aliases are not listed in any particular order.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves all aliases for this Amazon Web Services account. You can filter the result set by alias name and/or routing strategy type. Use the pagination parameters to retrieve results in sequential pages.

    Returned aliases are not listed in any particular order.

    Related actions

    All APIs by task

    " }, "ListBuilds":{ "name":"ListBuilds", @@ -1260,7 +1260,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves build resources for all builds associated with the Amazon Web Services account in use. You can limit results to builds that are in a specific status by using the Status parameter. Use the pagination parameters to retrieve results in a set of sequential pages.

    Build resources are not listed in any particular order.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves build resources for all builds associated with the Amazon Web Services account in use. You can limit results to builds that are in a specific status by using the Status parameter. Use the pagination parameters to retrieve results in

    Build resources are not listed in any particular order.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " }, "ListCompute":{ "name":"ListCompute", @@ -1276,7 +1276,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves information on the compute resources in an Amazon GameLift fleet. Use the pagination parameters to retrieve results in a set of sequential pages.

    Request options:

    • Retrieve a list of all computes in a fleet. Specify a fleet ID.

    • Retrieve a list of all computes in a specific fleet location. Specify a fleet ID and location.

    Results:

    If successful, this operation returns information on a set of computes. Depending on the type of fleet, the result includes the following information:

    • For managed EC2 fleets (compute type EC2), this operation returns information about the EC2 instance. Compute names are EC2 instance IDs.

    • For Anywhere fleets (compute type ANYWHERE), this operation returns compute names and details as provided when the compute was registered with RegisterCompute. This includes GameLiftServiceSdkEndpoint or GameLiftAgentEndpoint.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves information on the compute resources in an Amazon GameLift Servers fleet. Use the pagination parameters to retrieve results in a set of sequential pages.

    Request options

    • Retrieve a list of all computes in a fleet. Specify a fleet ID.

    • Retrieve a list of all computes in a specific fleet location. Specify a fleet ID and location.

    Results

    If successful, this operation returns information on a set of computes. Depending on the type of fleet, the result includes the following information:

    • For a managed EC2 fleet (compute type EC2), this operation returns information about the EC2 instance. Compute names are EC2 instance IDs.

    • For an Anywhere fleet (compute type ANYWHERE), this operation returns compute names and details from when the compute was registered with RegisterCompute. This includes GameLiftServiceSdkEndpoint or GameLiftAgentEndpoint.

    " }, "ListContainerFleets":{ "name":"ListContainerFleets", @@ -1292,7 +1292,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves a collection of container fleet resources in an Amazon Web Services Region. For fleets that have multiple locations, this operation retrieves fleets based on their home Region only.

    Request options

    • Get a list of all fleets. Call this operation without specifying a container group definition.

    • Get a list of fleets filtered by container group definition. Provide the container group definition name or ARN value.

    • To get a list of all Realtime Servers fleets with a specific configuration script, provide the script ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns a collection of container fleets that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Fleet IDs are returned in no particular order.

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves a collection of container fleet resources in an Amazon Web Services Region. For fleets that have multiple locations, this operation retrieves fleets based on their home Region only.

    Request options

    • Get a list of all fleets. Call this operation without specifying a container group definition.

    • Get a list of fleets filtered by container group definition. Provide the container group definition name or ARN value.

    • To get a list of all Amazon GameLift Servers Realtime fleets with a specific configuration script, provide the script ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns a collection of container fleets that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Fleet IDs are returned in no particular order.

    " }, "ListContainerGroupDefinitionVersions":{ "name":"ListContainerGroupDefinitionVersions", @@ -1309,7 +1309,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves all versions of a container group definition. Use the pagination parameters to retrieve results in a set of sequential pages.

    Request options:

    • Get all versions of a specified container group definition. Specify the container group definition name or ARN value. (If the ARN value has a version number, it's ignored.)

    Results:

    If successful, this operation returns the complete properties of a set of container group definition versions that match the request.

    This operation returns the list of container group definitions in descending version order (latest first).

    Learn more

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves all versions of a container group definition. Use the pagination parameters to retrieve results in a set of sequential pages.

    Request options:

    • Get all versions of a specified container group definition. Specify the container group definition name or ARN value. (If the ARN value has a version number, it's ignored.)

    Results:

    If successful, this operation returns the complete properties of a set of container group definition versions that match the request.

    This operation returns the list of container group definitions in descending version order (latest first).

    Learn more

    " }, "ListContainerGroupDefinitions":{ "name":"ListContainerGroupDefinitions", @@ -1325,7 +1325,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves container group definitions for the Amazon Web Services account and Amazon Web Services Region. Use the pagination parameters to retrieve results in a set of sequential pages.

    This operation returns only the latest version of each definition. To retrieve all versions of a container group definition, use ListContainerGroupDefinitionVersions.

    Request options:

    • Retrieve the most recent versions of all container group definitions.

    • Retrieve the most recent versions of all container group definitions, filtered by type. Specify the container group type to filter on.

    Results:

    If successful, this operation returns the complete properties of a set of container group definition versions that match the request.

    This operation returns the list of container group definitions in no particular order.

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves container group definitions for the Amazon Web Services account and Amazon Web Services Region. Use the pagination parameters to retrieve results in a set of sequential pages.

    This operation returns only the latest version of each definition. To retrieve all versions of a container group definition, use ListContainerGroupDefinitionVersions.

    Request options:

    • Retrieve the most recent versions of all container group definitions.

    • Retrieve the most recent versions of all container group definitions, filtered by type. Specify the container group type to filter on.

    Results:

    If successful, this operation returns the complete properties of a set of container group definition versions that match the request.

    This operation returns the list of container group definitions in no particular order.

    " }, "ListFleetDeployments":{ "name":"ListFleetDeployments", @@ -1342,7 +1342,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves a collection of container fleet deployments in an Amazon Web Services Region. Use the pagination parameters to retrieve results as a set of sequential pages.

    Request options

    • Get a list of all deployments. Call this operation without specifying a fleet ID.

    • Get a list of all deployments for a fleet. Specify the container fleet ID or ARN value.

    Results

    If successful, this operation returns a list of deployments that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Deployments are returned starting with the latest.

    " + "documentation":"

    This API works with the following fleet types: Container

    Retrieves a collection of container fleet deployments in an Amazon Web Services Region. Use the pagination parameters to retrieve results as a set of sequential pages.

    Request options

    • Get a list of all deployments. Call this operation without specifying a fleet ID.

    • Get a list of all deployments for a fleet. Specify the container fleet ID or ARN value.

    Results

    If successful, this operation returns a list of deployments that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Deployments are returned starting with the latest.

    " }, "ListFleets":{ "name":"ListFleets", @@ -1358,7 +1358,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Retrieves a collection of fleet resources in an Amazon Web Services Region. You can filter the result set to find only those fleets that are deployed with a specific build or script. For fleets that have multiple locations, this operation retrieves fleets based on their home Region only.

    You can use operation in the following ways:

    • To get a list of all fleets in a Region, don't provide a build or script identifier.

    • To get a list of all fleets where a specific game build is deployed, provide the build ID.

    • To get a list of all Realtime Servers fleets with a specific configuration script, provide the script ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns a list of fleet IDs that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Fleet IDs are returned in no particular order.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves a collection of fleet resources in an Amazon Web Services Region. You can filter the result set to find only those fleets that are deployed with a specific build or script. For fleets that have multiple locations, this operation retrieves fleets based on their home Region only.

    You can use operation in the following ways:

    • To get a list of all fleets in a Region, don't provide a build or script identifier.

    • To get a list of all fleets where a specific game build is deployed, provide the build ID.

    • To get a list of all Amazon GameLift Servers Realtime fleets with a specific configuration script, provide the script ID.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, this operation returns a list of fleet IDs that match the request parameters. A NextToken value is also returned if there are more result pages to retrieve.

    Fleet IDs are returned in no particular order.

    " }, "ListGameServerGroups":{ "name":"ListGameServerGroups", @@ -1373,7 +1373,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Lists a game server groups.

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Lists a game server groups.

    " }, "ListGameServers":{ "name":"ListGameServers", @@ -1388,7 +1388,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Retrieves information on all game servers that are currently active in a specified game server group. You can opt to sort the list by game server age. Use the pagination parameters to retrieve results in a set of sequential segments.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Retrieves information on all game servers that are currently active in a specified game server group. You can opt to sort the list by game server age. Use the pagination parameters to retrieve results in a set of sequential segments.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "ListLocations":{ "name":"ListLocations", @@ -1403,7 +1403,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Lists all custom and Amazon Web Services locations.

    " + "documentation":"

    This API works with the following fleet types: Anywhere

    Lists all custom and Amazon Web Services locations where Amazon GameLift Servers can host game servers.

    Note that if you call this API using a location that doesn't have a service endpoint, such as one that can only be a remote location in a multi-location fleet, the API returns an error.

    Consult the table of supported locations in Amazon GameLift Servers service locations to identify home Regions that support single and multi-location fleets.

    Learn more

    Service locations

    " }, "ListScripts":{ "name":"ListScripts", @@ -1418,7 +1418,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves script records for all Realtime scripts that are associated with the Amazon Web Services account in use.

    Learn more

    Amazon GameLift Realtime Servers

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves script records for all Realtime scripts that are associated with the Amazon Web Services account in use.

    Learn more

    Amazon GameLift Servers Amazon GameLift Servers Realtime

    Related actions

    All APIs by task

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1435,7 +1435,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves all tags assigned to a Amazon GameLift resource. Use resource tags to organize Amazon Web Services resources for a range of purposes. This operation handles the permissions necessary to manage tags for Amazon GameLift resources that support tagging.

    To list tags for a resource, specify the unique ARN value for the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves all tags assigned to a Amazon GameLift Servers resource. Use resource tags to organize Amazon Web Services resources for a range of purposes. This operation handles the permissions necessary to manage tags for Amazon GameLift Servers resources that support tagging.

    To list tags for a resource, specify the unique ARN value for the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " }, "PutScalingPolicy":{ "name":"PutScalingPolicy", @@ -1452,7 +1452,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Creates or updates a scaling policy for a fleet. Scaling policies are used to automatically scale a fleet's hosting capacity to meet player demand. An active scaling policy instructs Amazon GameLift to track a fleet metric and automatically change the fleet's capacity when a certain threshold is reached. There are two types of scaling policies: target-based and rule-based. Use a target-based policy to quickly and efficiently manage fleet scaling; this option is the most commonly used. Use rule-based policies when you need to exert fine-grained control over auto-scaling.

    Fleets can have multiple scaling policies of each type in force at the same time; you can have one target-based policy, one or multiple rule-based scaling policies, or both. We recommend caution, however, because multiple auto-scaling policies can have unintended consequences.

    Learn more about how to work with auto-scaling in Set Up Fleet Automatic Scaling.

    Target-based policy

    A target-based policy tracks a single metric: PercentAvailableGameSessions. This metric tells us how much of a fleet's hosting capacity is ready to host game sessions but is not currently in use. This is the fleet's buffer; it measures the additional player demand that the fleet could handle at current capacity. With a target-based policy, you set your ideal buffer size and leave it to Amazon GameLift to take whatever action is needed to maintain that target.

    For example, you might choose to maintain a 10% buffer for a fleet that has the capacity to host 100 simultaneous game sessions. This policy tells Amazon GameLift to take action whenever the fleet's available capacity falls below or rises above 10 game sessions. Amazon GameLift will start new instances or stop unused instances in order to return to the 10% buffer.

    To create or update a target-based policy, specify a fleet ID and name, and set the policy type to \"TargetBased\". Specify the metric to track (PercentAvailableGameSessions) and reference a TargetConfiguration object with your desired buffer value. Exclude all other parameters. On a successful request, the policy name is returned. The scaling policy is automatically in force as soon as it's successfully created. If the fleet's auto-scaling actions are temporarily suspended, the new policy will be in force once the fleet actions are restarted.

    Rule-based policy

    A rule-based policy tracks specified fleet metric, sets a threshold value, and specifies the type of action to initiate when triggered. With a rule-based policy, you can select from several available fleet metrics. Each policy specifies whether to scale up or scale down (and by how much), so you need one policy for each type of action.

    For example, a policy may make the following statement: \"If the percentage of idle instances is greater than 20% for more than 15 minutes, then reduce the fleet capacity by 10%.\"

    A policy's rule statement has the following structure:

    If [MetricName] is [ComparisonOperator] [Threshold] for [EvaluationPeriods] minutes, then [ScalingAdjustmentType] to/by [ScalingAdjustment].

    To implement the example, the rule statement would look like this:

    If [PercentIdleInstances] is [GreaterThanThreshold] [20] for [15] minutes, then [PercentChangeInCapacity] to/by [10].

    To create or update a scaling policy, specify a unique combination of name and fleet ID, and set the policy type to \"RuleBased\". Specify the parameter values for a policy rule statement. On a successful request, the policy name is returned. Scaling policies are automatically in force as soon as they're successfully created. If the fleet's auto-scaling actions are temporarily suspended, the new policy will be in force once the fleet actions are restarted.

    " + "documentation":"

    This API works with the following fleet types: EC2

    Creates or updates a scaling policy for a fleet. Scaling policies are used to automatically scale a fleet's hosting capacity to meet player demand. An active scaling policy instructs Amazon GameLift Servers to track a fleet metric and automatically change the fleet's capacity when a certain threshold is reached. There are two types of scaling policies: target-based and rule-based. Use a target-based policy to quickly and efficiently manage fleet scaling; this option is the most commonly used. Use rule-based policies when you need to exert fine-grained control over auto-scaling.

    Fleets can have multiple scaling policies of each type in force at the same time; you can have one target-based policy, one or multiple rule-based scaling policies, or both. We recommend caution, however, because multiple auto-scaling policies can have unintended consequences.

    Learn more about how to work with auto-scaling in Set Up Fleet Automatic Scaling.

    Target-based policy

    A target-based policy tracks a single metric: PercentAvailableGameSessions. This metric tells us how much of a fleet's hosting capacity is ready to host game sessions but is not currently in use. This is the fleet's buffer; it measures the additional player demand that the fleet could handle at current capacity. With a target-based policy, you set your ideal buffer size and leave it to Amazon GameLift Servers to take whatever action is needed to maintain that target.

    For example, you might choose to maintain a 10% buffer for a fleet that has the capacity to host 100 simultaneous game sessions. This policy tells Amazon GameLift Servers to take action whenever the fleet's available capacity falls below or rises above 10 game sessions. Amazon GameLift Servers will start new instances or stop unused instances in order to return to the 10% buffer.

    To create or update a target-based policy, specify a fleet ID and name, and set the policy type to \"TargetBased\". Specify the metric to track (PercentAvailableGameSessions) and reference a TargetConfiguration object with your desired buffer value. Exclude all other parameters. On a successful request, the policy name is returned. The scaling policy is automatically in force as soon as it's successfully created. If the fleet's auto-scaling actions are temporarily suspended, the new policy will be in force once the fleet actions are restarted.

    Rule-based policy

    A rule-based policy tracks specified fleet metric, sets a threshold value, and specifies the type of action to initiate when triggered. With a rule-based policy, you can select from several available fleet metrics. Each policy specifies whether to scale up or scale down (and by how much), so you need one policy for each type of action.

    For example, a policy may make the following statement: \"If the percentage of idle instances is greater than 20% for more than 15 minutes, then reduce the fleet capacity by 10%.\"

    A policy's rule statement has the following structure:

    If [MetricName] is [ComparisonOperator] [Threshold] for [EvaluationPeriods] minutes, then [ScalingAdjustmentType] to/by [ScalingAdjustment].

    To implement the example, the rule statement would look like this:

    If [PercentIdleInstances] is [GreaterThanThreshold] [20] for [15] minutes, then [PercentChangeInCapacity] to/by [10].

    To create or update a scaling policy, specify a unique combination of name and fleet ID, and set the policy type to \"RuleBased\". Specify the parameter values for a policy rule statement. On a successful request, the policy name is returned. Scaling policies are automatically in force as soon as they're successfully created. If the fleet's auto-scaling actions are temporarily suspended, the new policy will be in force once the fleet actions are restarted.

    " }, "RegisterCompute":{ "name":"RegisterCompute", @@ -1470,7 +1470,7 @@ {"shape":"NotReadyException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Registers a compute resource in an Amazon GameLift Anywhere fleet.

    For an Anywhere fleet that's running the Amazon GameLift Agent, the Agent handles all compute registry tasks for you. For an Anywhere fleet that doesn't use the Agent, call this operation to register fleet computes.

    To register a compute, give the compute a name (must be unique within the fleet) and specify the compute resource's DNS name or IP address. Provide a fleet ID and a fleet location to associate with the compute being registered. You can optionally include the path to a TLS certificate on the compute resource.

    If successful, this operation returns compute details, including an Amazon GameLift SDK endpoint or Agent endpoint. Game server processes running on the compute can use this endpoint to communicate with the Amazon GameLift service. Each server process includes the SDK endpoint in its call to the Amazon GameLift server SDK action InitSDK().

    To view compute details, call DescribeCompute with the compute name.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: Anywhere, Container

    Registers a compute resource in an Amazon GameLift Servers Anywhere fleet.

    For an Anywhere fleet that's running the Amazon GameLift Servers Agent, the Agent handles all compute registry tasks for you. For an Anywhere fleet that doesn't use the Agent, call this operation to register fleet computes.

    To register a compute, give the compute a name (must be unique within the fleet) and specify the compute resource's DNS name or IP address. Provide a fleet ID and a fleet location to associate with the compute being registered. You can optionally include the path to a TLS certificate on the compute resource.

    If successful, this operation returns compute details, including an Amazon GameLift Servers SDK endpoint or Agent endpoint. Game server processes running on the compute can use this endpoint to communicate with the Amazon GameLift Servers service. Each server process includes the SDK endpoint in its call to the Amazon GameLift Servers server SDK action InitSDK().

    To view compute details, call DescribeCompute with the compute name.

    Learn more

    " }, "RegisterGameServer":{ "name":"RegisterGameServer", @@ -1487,7 +1487,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Creates a new game server resource and notifies Amazon GameLift FleetIQ that the game server is ready to host gameplay and players. This operation is called by a game server process that is running on an instance in a game server group. Registering game servers enables Amazon GameLift FleetIQ to track available game servers and enables game clients and services to claim a game server for a new game session.

    To register a game server, identify the game server group and instance where the game server is running, and provide a unique identifier for the game server. You can also include connection and game server data.

    Once a game server is successfully registered, it is put in status AVAILABLE. A request to register a game server may fail if the instance it is running on is in the process of shutting down as part of instance balancing or scale-down activity.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Creates a new game server resource and notifies Amazon GameLift Servers FleetIQ that the game server is ready to host gameplay and players. This operation is called by a game server process that is running on an instance in a game server group. Registering game servers enables Amazon GameLift Servers FleetIQ to track available game servers and enables game clients and services to claim a game server for a new game session.

    To register a game server, identify the game server group and instance where the game server is running, and provide a unique identifier for the game server. You can also include connection and game server data.

    Once a game server is successfully registered, it is put in status AVAILABLE. A request to register a game server may fail if the instance it is running on is in the process of shutting down as part of instance balancing or scale-down activity.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "RequestUploadCredentials":{ "name":"RequestUploadCredentials", @@ -1503,7 +1503,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves a fresh set of credentials for use when uploading a new set of game build files to Amazon GameLift's Amazon S3. This is done as part of the build creation process; see CreateBuild.

    To request new credentials, specify the build ID as returned with an initial CreateBuild request. If successful, a new set of credentials are returned, along with the S3 storage location associated with the build ID.

    Learn more

    Create a Build with Files in S3

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Retrieves a fresh set of credentials for use when uploading a new set of game build files to Amazon GameLift Servers's Amazon S3. This is done as part of the build creation process; see CreateBuild.

    To request new credentials, specify the build ID as returned with an initial CreateBuild request. If successful, a new set of credentials are returned, along with the S3 storage location associated with the build ID.

    Learn more

    Create a Build with Files in S3

    All APIs by task

    " }, "ResolveAlias":{ "name":"ResolveAlias", @@ -1520,7 +1520,7 @@ {"shape":"TerminalRoutingStrategyException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Attempts to retrieve a fleet ID that is associated with an alias. Specify a unique alias identifier.

    If the alias has a SIMPLE routing strategy, Amazon GameLift returns a fleet ID. If the alias has a TERMINAL routing strategy, the result is a TerminalRoutingStrategyException.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Attempts to retrieve a fleet ID that is associated with an alias. Specify a unique alias identifier.

    If the alias has a SIMPLE routing strategy, Amazon GameLift Servers returns a fleet ID. If the alias has a TERMINAL routing strategy, the result is a TerminalRoutingStrategyException.

    Related actions

    All APIs by task

    " }, "ResumeGameServerGroup":{ "name":"ResumeGameServerGroup", @@ -1536,7 +1536,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Reinstates activity on a game server group after it has been suspended. A game server group might be suspended by the SuspendGameServerGroup operation, or it might be suspended involuntarily due to a configuration problem. In the second case, you can manually resume activity on the group once the configuration problem has been resolved. Refer to the game server group status and status reason for more information on why group activity is suspended.

    To resume activity, specify a game server group ARN and the type of activity to be resumed. If successful, a GameServerGroup object is returned showing that the resumed activity is no longer listed in SuspendedActions.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Reinstates activity on a game server group after it has been suspended. A game server group might be suspended by the SuspendGameServerGroup operation, or it might be suspended involuntarily due to a configuration problem. In the second case, you can manually resume activity on the group once the configuration problem has been resolved. Refer to the game server group status and status reason for more information on why group activity is suspended.

    To resume activity, specify a game server group ARN and the type of activity to be resumed. If successful, a GameServerGroup object is returned showing that the resumed activity is no longer listed in SuspendedActions.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "SearchGameSessions":{ "name":"SearchGameSessions", @@ -1554,7 +1554,7 @@ {"shape":"TerminalRoutingStrategyException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Retrieves all active game sessions that match a set of search criteria and sorts them into a specified order.

    This operation is not designed to continually track game session status because that practice can cause you to exceed your API limit and generate errors. Instead, configure an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications from a matchmaker or a game session placement queue.

    When searching for game sessions, you specify exactly where you want to search and provide a search filter expression, a sort expression, or both. A search request can search only one fleet, but it can search all of a fleet's locations.

    This operation can be used in the following ways:

    • To search all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID. This approach returns game sessions in the fleet's home Region and all remote locations that fit the search criteria.

    • To search all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name. For location, you can specify a fleet's home Region or any remote location.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSession object is returned for each game session that matches the request. Search finds game sessions that are in ACTIVE status only. To retrieve information on game sessions in other statuses, use DescribeGameSessions.

    To set search and sort criteria, create a filter expression using the following game session attributes. For game session search examples, see the Examples section of this topic.

    • gameSessionId -- A unique identifier for the game session. You can use either a GameSessionId or GameSessionArn value.

    • gameSessionName -- Name assigned to a game session. Game session names do not need to be unique to a game session.

    • gameSessionProperties -- A set of key-value pairs that can store custom data in a game session. For example: {\"Key\": \"difficulty\", \"Value\": \"novice\"}. The filter expression must specify the https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameProperty -- a Key and a string Value to search for the game sessions.

      For example, to search for the above key-value pair, specify the following search filter: gameSessionProperties.difficulty = \"novice\". All game property values are searched as strings.

      For examples of searching game sessions, see the ones below, and also see Search game sessions by game property.

    • maximumSessions -- Maximum number of player sessions allowed for a game session.

    • creationTimeMillis -- Value indicating when a game session was created. It is expressed in Unix time as milliseconds.

    • playerSessionCount -- Number of players currently connected to a game session. This value changes rapidly as players join the session or drop out.

    • hasAvailablePlayerSessions -- Boolean value indicating whether a game session has reached its maximum number of players. It is highly recommended that all search requests include this filter attribute to optimize search performance and return only sessions that players can join.

    Returned values for playerSessionCount and hasAvailablePlayerSessions change quickly as players join sessions and others drop out. Results should be considered a snapshot in time. Be sure to refresh search results often, and handle sessions that fill up before a player can join.

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Retrieves all active game sessions that match a set of search criteria and sorts them into a specified order.

    This operation is not designed to continually track game session status because that practice can cause you to exceed your API limit and generate errors. Instead, configure an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications from a matchmaker or a game session placement queue.

    When searching for game sessions, you specify exactly where you want to search and provide a search filter expression, a sort expression, or both. A search request can search only one fleet, but it can search all of a fleet's locations.

    This operation can be used in the following ways:

    • To search all game sessions that are currently running on all locations in a fleet, provide a fleet or alias ID. This approach returns game sessions in the fleet's home Region and all remote locations that fit the search criteria.

    • To search all game sessions that are currently running on a specific fleet location, provide a fleet or alias ID and a location name. For location, you can specify a fleet's home Region or any remote location.

    Use the pagination parameters to retrieve results as a set of sequential pages.

    If successful, a GameSession object is returned for each game session that matches the request. Search finds game sessions that are in ACTIVE status only. To retrieve information on game sessions in other statuses, use DescribeGameSessions.

    To set search and sort criteria, create a filter expression using the following game session attributes. For game session search examples, see the Examples section of this topic.

    • gameSessionId -- A unique identifier for the game session. You can use either a GameSessionId or GameSessionArn value.

    • gameSessionName -- Name assigned to a game session. Game session names do not need to be unique to a game session.

    • gameSessionProperties -- A set of key-value pairs that can store custom data in a game session. For example: {\"Key\": \"difficulty\", \"Value\": \"novice\"}. The filter expression must specify the https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameProperty -- a Key and a string Value to search for the game sessions.

      For example, to search for the above key-value pair, specify the following search filter: gameSessionProperties.difficulty = \"novice\". All game property values are searched as strings.

      For examples of searching game sessions, see the ones below, and also see Search game sessions by game property.

    • maximumSessions -- Maximum number of player sessions allowed for a game session.

    • creationTimeMillis -- Value indicating when a game session was created. It is expressed in Unix time as milliseconds.

    • playerSessionCount -- Number of players currently connected to a game session. This value changes rapidly as players join the session or drop out.

    • hasAvailablePlayerSessions -- Boolean value indicating whether a game session has reached its maximum number of players. It is highly recommended that all search requests include this filter attribute to optimize search performance and return only sessions that players can join.

    Returned values for playerSessionCount and hasAvailablePlayerSessions change quickly as players join sessions and others drop out. Results should be considered a snapshot in time. Be sure to refresh search results often, and handle sessions that fill up before a player can join.

    All APIs by task

    " }, "StartFleetActions":{ "name":"StartFleetActions", @@ -1571,7 +1571,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Resumes certain types of activity on fleet instances that were suspended with StopFleetActions. For multi-location fleets, fleet actions are managed separately for each location. Currently, this operation is used to restart a fleet's auto-scaling activity.

    This operation can be used in the following ways:

    • To restart actions on instances in the fleet's home Region, provide a fleet ID and the type of actions to resume.

    • To restart actions on instances in one of the fleet's remote locations, provide a fleet ID, a location name, and the type of actions to resume.

    If successful, Amazon GameLift once again initiates scaling events as triggered by the fleet's scaling policies. If actions on the fleet location were never stopped, this operation will have no effect.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Resumes certain types of activity on fleet instances that were suspended with StopFleetActions. For multi-location fleets, fleet actions are managed separately for each location. Currently, this operation is used to restart a fleet's auto-scaling activity.

    This operation can be used in the following ways:

    • To restart actions on instances in the fleet's home Region, provide a fleet ID and the type of actions to resume.

    • To restart actions on instances in one of the fleet's remote locations, provide a fleet ID, a location name, and the type of actions to resume.

    If successful, Amazon GameLift Servers once again initiates scaling events as triggered by the fleet's scaling policies. If actions on the fleet location were never stopped, this operation will have no effect.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "StartGameSessionPlacement":{ "name":"StartGameSessionPlacement", @@ -1588,7 +1588,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Makes a request to start a new game session using a game session queue. When processing a placement request in a queue, Amazon GameLift finds the best possible available resource to host the game session and prompts the resource to start the game session.

    Request options

    Call this API with the following minimum parameters: GameSessionQueueName, MaximumPlayerSessionCount, and PlacementID. You can also include game session data (data formatted as strings) or game properties (data formatted as key-value pairs) to pass to the new game session.

    • You can change how Amazon GameLift chooses a hosting resource for the new game session. Prioritizing resources for game session placements is defined when you configure a game session queue. You can use the default prioritization process or specify a custom process by providing a PriorityConfiguration when you create or update a queue.

      • Prioritize based on resource cost and location, using the queue's configured priority settings. Call this API with the minimum parameters.

      • Prioritize based on latency. Include a set of values for PlayerLatencies. You can provide latency data with or without player session data. This option instructs Amazon GameLift to reorder the queue's prioritized locations list based on the latency data. If latency data is provided for multiple players, Amazon GameLift calculates each location's average latency for all players and reorders to find the lowest latency across all players. Don't include latency data if you're providing a custom list of locations.

      • Prioritize based on a custom list of locations. If you're using a queue that's configured to prioritize location first (see PriorityConfiguration for game session queues), use the PriorityConfigurationOverride parameter to substitute a different location list for this placement request. When prioritizing placements by location, Amazon GameLift searches each location in prioritized order to find an available hosting resource for the new game session. You can choose whether to use the override list for the first placement attempt only or for all attempts.

    • You can request new player sessions for a group of players. Include the DesiredPlayerSessions parameter and include at minimum a unique player ID for each. You can also include player-specific data to pass to the new game session.

    Result

    If successful, this request generates a new game session placement request and adds it to the game session queue for Amazon GameLift to process in turn. You can track the status of individual placement requests by calling DescribeGameSessionPlacement. A new game session is running if the status is FULFILLED and the request returns the game session connection information (IP address and port). If you include player session data, Amazon GameLift creates a player session for each player ID in the request.

    The request results in a BadRequestException in the following situations:

    • If the request includes both PlayerLatencies and PriorityConfigurationOverride parameters.

    • If the request includes the PriorityConfigurationOverride parameter and designates a queue doesn't prioritize locations.

    Amazon GameLift continues to retry each placement request until it reaches the queue's timeout setting. If a request times out, you can resubmit the request to the same queue or try a different queue.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Makes a request to start a new game session using a game session queue. When processing a placement request, Amazon GameLift Servers looks for the best possible available resource to host the game session, based on how the queue is configured to prioritize factors such as resource cost, latency, and location. After selecting an available resource, Amazon GameLift Servers prompts the resource to start a game session. A placement request can include a list of players to create a set of player sessions. The request can also include information to pass to the new game session, such as to specify a game map or other options.

    Request options

    Use this operation to make the following types of requests.

    • Request a placement using the queue's default prioritization process (see the default prioritization described in PriorityConfiguration). Include these required parameters:

      • GameSessionQueueName

      • MaximumPlayerSessionCount

      • PlacementID

    • Request a placement and prioritize based on latency. Include these parameters:

      • Required parameters GameSessionQueueName, MaximumPlayerSessionCount, PlacementID.

      • PlayerLatencies. Include a set of latency values for destinations in the queue. When a request includes latency data, Amazon GameLift Servers automatically reorder the queue's locations priority list based on lowest available latency values. If a request includes latency data for multiple players, Amazon GameLift Servers calculates each location's average latency for all players and reorders to find the lowest latency across all players.

      • Don't include PriorityConfigurationOverride.

      • Prioritize based on a custom list of locations. If you're using a queue that's configured to prioritize location first (see PriorityConfiguration for game session queues), you can optionally use the PriorityConfigurationOverride parameter to substitute a different location priority list for this placement request. Amazon GameLift Servers searches each location on the priority override list to find an available hosting resource for the new game session. Specify a fallback strategy to use in the event that Amazon GameLift Servers fails to place the game session in any of the locations on the override list.

    • Request a placement and prioritized based on a custom list of locations.

    • You can request new player sessions for a group of players. Include the DesiredPlayerSessions parameter and include at minimum a unique player ID for each. You can also include player-specific data to pass to the new game session.

    Result

    If successful, this operation generates a new game session placement request and adds it to the game session queue for processing. You can track the status of individual placement requests by calling DescribeGameSessionPlacement or by monitoring queue notifications. When the request status is FULFILLED, a new game session has started and the placement request is updated with connection information for the game session (IP address and port). If the request included player session data, Amazon GameLift Servers creates a player session for each player ID in the request.

    The request results in a InvalidRequestException in the following situations:

    • If the request includes both PlayerLatencies and PriorityConfigurationOverride parameters.

    • If the request includes the PriorityConfigurationOverride parameter and specifies a queue that doesn't prioritize locations.

    Amazon GameLift Servers continues to retry each placement request until it reaches the queue's timeout setting. If a request times out, you can resubmit the request to the same queue or try a different queue.

    " }, "StartMatchBackfill":{ "name":"StartMatchBackfill", @@ -1604,7 +1604,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Finds new players to fill open slots in currently running game sessions. The backfill match process is essentially identical to the process of forming new matches. Backfill requests use the same matchmaker that was used to make the original match, and they provide matchmaking data for all players currently in the game session. FlexMatch uses this information to select new players so that backfilled match continues to meet the original match requirements.

    When using FlexMatch with Amazon GameLift managed hosting, you can request a backfill match from a client service by calling this operation with a GameSessions ID. You also have the option of making backfill requests directly from your game server. In response to a request, FlexMatch creates player sessions for the new players, updates the GameSession resource, and sends updated matchmaking data to the game server. You can request a backfill match at any point after a game session is started. Each game session can have only one active backfill request at a time; a subsequent request automatically replaces the earlier request.

    When using FlexMatch as a standalone component, request a backfill match by calling this operation without a game session identifier. As with newly formed matches, matchmaking results are returned in a matchmaking event so that your game can update the game session that is being backfilled.

    To request a backfill match, specify a unique ticket ID, the original matchmaking configuration, and matchmaking data for all current players in the game session being backfilled. Optionally, specify the GameSession ARN. If successful, a match backfill ticket is created and returned with status set to QUEUED. Track the status of backfill tickets using the same method for tracking tickets for new matches.

    Only game sessions created by FlexMatch are supported for match backfill.

    Learn more

    Backfill existing games with FlexMatch

    Matchmaking events (reference)

    How Amazon GameLift FlexMatch works

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Finds new players to fill open slots in currently running game sessions. The backfill match process is essentially identical to the process of forming new matches. Backfill requests use the same matchmaker that was used to make the original match, and they provide matchmaking data for all players currently in the game session. FlexMatch uses this information to select new players so that backfilled match continues to meet the original match requirements.

    When using FlexMatch with Amazon GameLift Servers managed hosting, you can request a backfill match from a client service by calling this operation with a GameSessions ID. You also have the option of making backfill requests directly from your game server. In response to a request, FlexMatch creates player sessions for the new players, updates the GameSession resource, and sends updated matchmaking data to the game server. You can request a backfill match at any point after a game session is started. Each game session can have only one active backfill request at a time; a subsequent request automatically replaces the earlier request.

    When using FlexMatch as a standalone component, request a backfill match by calling this operation without a game session identifier. As with newly formed matches, matchmaking results are returned in a matchmaking event so that your game can update the game session that is being backfilled.

    To request a backfill match, specify a unique ticket ID, the original matchmaking configuration, and matchmaking data for all current players in the game session being backfilled. Optionally, specify the GameSession ARN. If successful, a match backfill ticket is created and returned with status set to QUEUED. Track the status of backfill tickets using the same method for tracking tickets for new matches.

    Only game sessions created by FlexMatch are supported for match backfill.

    Learn more

    Backfill existing games with FlexMatch

    Matchmaking events (reference)

    How Amazon GameLift Servers FlexMatch works

    " }, "StartMatchmaking":{ "name":"StartMatchmaking", @@ -1620,7 +1620,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Uses FlexMatch to create a game match for a group of players based on custom matchmaking rules. With games that use Amazon GameLift managed hosting, this operation also triggers Amazon GameLift to find hosting resources and start a new game session for the new match. Each matchmaking request includes information on one or more players and specifies the FlexMatch matchmaker to use. When a request is for multiple players, FlexMatch attempts to build a match that includes all players in the request, placing them in the same team and finding additional players as needed to fill the match.

    To start matchmaking, provide a unique ticket ID, specify a matchmaking configuration, and include the players to be matched. You must also include any player attributes that are required by the matchmaking configuration's rule set. If successful, a matchmaking ticket is returned with status set to QUEUED.

    Track matchmaking events to respond as needed and acquire game session connection information for successfully completed matches. Ticket status updates are tracked using event notification through Amazon Simple Notification Service, which is defined in the matchmaking configuration.

    Learn more

    Add FlexMatch to a game client

    Set Up FlexMatch event notification

    How Amazon GameLift FlexMatch works

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Uses FlexMatch to create a game match for a group of players based on custom matchmaking rules. With games that use Amazon GameLift Servers managed hosting, this operation also triggers Amazon GameLift Servers to find hosting resources and start a new game session for the new match. Each matchmaking request includes information on one or more players and specifies the FlexMatch matchmaker to use. When a request is for multiple players, FlexMatch attempts to build a match that includes all players in the request, placing them in the same team and finding additional players as needed to fill the match.

    To start matchmaking, provide a unique ticket ID, specify a matchmaking configuration, and include the players to be matched. You must also include any player attributes that are required by the matchmaking configuration's rule set. If successful, a matchmaking ticket is returned with status set to QUEUED.

    Track matchmaking events to respond as needed and acquire game session connection information for successfully completed matches. Ticket status updates are tracked using event notification through Amazon Simple Notification Service, which is defined in the matchmaking configuration.

    Learn more

    Add FlexMatch to a game client

    Set Up FlexMatch event notification

    How Amazon GameLift Servers FlexMatch works

    " }, "StopFleetActions":{ "name":"StopFleetActions", @@ -1637,7 +1637,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Suspends certain types of activity in a fleet location. Currently, this operation is used to stop auto-scaling activity. For multi-location fleets, fleet actions are managed separately for each location.

    Stopping fleet actions has several potential purposes. It allows you to temporarily stop auto-scaling activity but retain your scaling policies for use in the future. For multi-location fleets, you can set up fleet-wide auto-scaling, and then opt out of it for certain locations.

    This operation can be used in the following ways:

    • To stop actions on instances in the fleet's home Region, provide a fleet ID and the type of actions to suspend.

    • To stop actions on instances in one of the fleet's remote locations, provide a fleet ID, a location name, and the type of actions to suspend.

    If successful, Amazon GameLift no longer initiates scaling events except in response to manual changes using UpdateFleetCapacity. To restart fleet actions again, call StartFleetActions.

    Learn more

    Setting up Amazon GameLift Fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Suspends certain types of activity in a fleet location. Currently, this operation is used to stop auto-scaling activity. For multi-location fleets, fleet actions are managed separately for each location.

    Stopping fleet actions has several potential purposes. It allows you to temporarily stop auto-scaling activity but retain your scaling policies for use in the future. For multi-location fleets, you can set up fleet-wide auto-scaling, and then opt out of it for certain locations.

    This operation can be used in the following ways:

    • To stop actions on instances in the fleet's home Region, provide a fleet ID and the type of actions to suspend.

    • To stop actions on instances in one of the fleet's remote locations, provide a fleet ID, a location name, and the type of actions to suspend.

    If successful, Amazon GameLift Servers no longer initiates scaling events except in response to manual changes using UpdateFleetCapacity. To restart fleet actions again, call StartFleetActions.

    Learn more

    Setting up Amazon GameLift Servers Fleets

    " }, "StopGameSessionPlacement":{ "name":"StopGameSessionPlacement", @@ -1653,7 +1653,7 @@ {"shape":"NotFoundException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Cancels a game session placement that is in PENDING status. To stop a placement, provide the placement ID values. If successful, the placement is moved to CANCELLED status.

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Cancels a game session placement that's in PENDING status. To stop a placement, provide the placement ID value.

    Results

    If successful, this operation removes the placement request from the queue and moves the GameSessionPlacement to CANCELLED status.

    This operation results in an InvalidRequestExecption (400) error if a game session has already been created for this placement. You can clean up an unneeded game session by calling TerminateGameSession.

    " }, "StopMatchmaking":{ "name":"StopMatchmaking", @@ -1669,7 +1669,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Cancels a matchmaking ticket or match backfill ticket that is currently being processed. To stop the matchmaking operation, specify the ticket ID. If successful, work on the ticket is stopped, and the ticket status is changed to CANCELLED.

    This call is also used to turn off automatic backfill for an individual game session. This is for game sessions that are created with a matchmaking configuration that has automatic backfill enabled. The ticket ID is included in the MatchmakerData of an updated game session object, which is provided to the game server.

    If the operation is successful, the service sends back an empty JSON struct with the HTTP 200 response (not an empty HTTP body).

    Learn more

    Add FlexMatch to a game client

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Cancels a matchmaking ticket or match backfill ticket that is currently being processed. To stop the matchmaking operation, specify the ticket ID. If successful, work on the ticket is stopped, and the ticket status is changed to CANCELLED.

    This call is also used to turn off automatic backfill for an individual game session. This is for game sessions that are created with a matchmaking configuration that has automatic backfill enabled. The ticket ID is included in the MatchmakerData of an updated game session object, which is provided to the game server.

    If the operation is successful, the service sends back an empty JSON struct with the HTTP 200 response (not an empty HTTP body).

    Learn more

    Add FlexMatch to a game client

    " }, "SuspendGameServerGroup":{ "name":"SuspendGameServerGroup", @@ -1685,7 +1685,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Temporarily stops activity on a game server group without terminating instances or the game server group. You can restart activity by calling ResumeGameServerGroup. You can suspend the following activity:

    • Instance type replacement - This activity evaluates the current game hosting viability of all Spot instance types that are defined for the game server group. It updates the Auto Scaling group to remove nonviable Spot Instance types, which have a higher chance of game server interruptions. It then balances capacity across the remaining viable Spot Instance types. When this activity is suspended, the Auto Scaling group continues with its current balance, regardless of viability. Instance protection, utilization metrics, and capacity scaling activities continue to be active.

    To suspend activity, specify a game server group ARN and the type of activity to be suspended. If successful, a GameServerGroup object is returned showing that the activity is listed in SuspendedActions.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Temporarily stops activity on a game server group without terminating instances or the game server group. You can restart activity by calling ResumeGameServerGroup. You can suspend the following activity:

    • Instance type replacement - This activity evaluates the current game hosting viability of all Spot instance types that are defined for the game server group. It updates the Auto Scaling group to remove nonviable Spot Instance types, which have a higher chance of game server interruptions. It then balances capacity across the remaining viable Spot Instance types. When this activity is suspended, the Auto Scaling group continues with its current balance, regardless of viability. Instance protection, utilization metrics, and capacity scaling activities continue to be active.

    To suspend activity, specify a game server group ARN and the type of activity to be suspended. If successful, a GameServerGroup object is returned showing that the activity is listed in SuspendedActions.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "TagResource":{ "name":"TagResource", @@ -1702,7 +1702,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Assigns a tag to an Amazon GameLift resource. You can use tags to organize resources, create IAM permissions policies to manage access to groups of resources, customize Amazon Web Services cost breakdowns, and more. This operation handles the permissions necessary to manage tags for Amazon GameLift resources that support tagging.

    To add a tag to a resource, specify the unique ARN value for the resource and provide a tag list containing one or more tags. The operation succeeds even if the list includes tags that are already assigned to the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Assigns a tag to an Amazon GameLift Servers resource. You can use tags to organize resources, create IAM permissions policies to manage access to groups of resources, customize Amazon Web Services cost breakdowns, and more. This operation handles the permissions necessary to manage tags for Amazon GameLift Servers resources that support tagging.

    To add a tag to a resource, specify the unique ARN value for the resource and provide a tag list containing one or more tags. The operation succeeds even if the list includes tags that are already assigned to the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " }, "TerminateGameSession":{ "name":"TerminateGameSession", @@ -1720,7 +1720,7 @@ {"shape":"InvalidGameSessionStatusException"}, {"shape":"NotReadyException"} ], - "documentation":"

    Ends a game session that's currently in progress. Use this action to terminate any game session that isn't in ERROR status. Terminating a game session is the most efficient way to free up a server process when it's hosting a game session that's in a bad state or not ending properly. You can use this action to terminate a game session that's being hosted on any type of Amazon GameLift fleet compute, including computes for managed EC2, managed container, and Anywhere fleets. The game server must be integrated with Amazon GameLift server SDK 5.x or greater.

    Request options

    Request termination for a single game session. Provide the game session ID and the termination mode. There are two potential methods for terminating a game session:

    • Initiate a graceful termination using the normal game session shutdown sequence. With this mode, the Amazon GameLift service prompts the server process that's hosting the game session by calling the server SDK callback method OnProcessTerminate(). The callback implementation is part of the custom game server code. It might involve a variety of actions to gracefully end a game session, such as notifying players, before stopping the server process.

    • Force an immediate game session termination. With this mode, the Amazon GameLift service takes action to stop the server process, which ends the game session without the normal game session shutdown sequence.

    Results

    If successful, game session termination is initiated. During this activity, the game session status is changed to TERMINATING. When completed, the server process that was hosting the game session has been stopped and replaced with a new server process that's ready to host a new game session. The old game session's status is changed to TERMINATED with a status reason that indicates the termination method used.

    Learn more

    Add Amazon GameLift to your game server

    Amazon GameLift server SDK 5 reference guide for OnProcessTerminate() (C++) (C#) (Unreal) (Go)

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Ends a game session that's currently in progress. Use this action to terminate any game session that isn't in ERROR status. Terminating a game session is the most efficient way to free up a server process when it's hosting a game session that's in a bad state or not ending properly. You can use this action to terminate a game session that's being hosted on any type of Amazon GameLift Servers fleet compute, including computes for managed EC2, managed container, and Anywhere fleets. The game server must be integrated with Amazon GameLift Servers server SDK 5.x or greater.

    Request options

    Request termination for a single game session. Provide the game session ID and the termination mode. There are two potential methods for terminating a game session:

    • Initiate a graceful termination using the normal game session shutdown sequence. With this mode, the Amazon GameLift Servers service prompts the server process that's hosting the game session by calling the server SDK callback method OnProcessTerminate(). The callback implementation is part of the custom game server code. It might involve a variety of actions to gracefully end a game session, such as notifying players, before stopping the server process.

    • Force an immediate game session termination. With this mode, the Amazon GameLift Servers service takes action to stop the server process, which ends the game session without the normal game session shutdown sequence.

    Results

    If successful, game session termination is initiated. During this activity, the game session status is changed to TERMINATING. When completed, the server process that was hosting the game session has been stopped and replaced with a new server process that's ready to host a new game session. The old game session's status is changed to TERMINATED with a status reason that indicates the termination method used.

    Learn more

    Add Amazon GameLift Servers to your game server

    Amazon GameLift Servers server SDK 5 reference guide for OnProcessTerminate() (C++) (C#) (Unreal) (Go)

    " }, "UntagResource":{ "name":"UntagResource", @@ -1737,7 +1737,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Removes a tag assigned to a Amazon GameLift resource. You can use resource tags to organize Amazon Web Services resources for a range of purposes. This operation handles the permissions necessary to manage tags for Amazon GameLift resources that support tagging.

    To remove a tag from a resource, specify the unique ARN value for the resource and provide a string list containing one or more tags to remove. This operation succeeds even if the list includes tags that aren't assigned to the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Removes a tag assigned to a Amazon GameLift Servers resource. You can use resource tags to organize Amazon Web Services resources for a range of purposes. This operation handles the permissions necessary to manage tags for Amazon GameLift Servers resources that support tagging.

    To remove a tag from a resource, specify the unique ARN value for the resource and provide a string list containing one or more tags to remove. This operation succeeds even if the list includes tags that aren't assigned to the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " }, "UpdateAlias":{ "name":"UpdateAlias", @@ -1753,7 +1753,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Updates properties for an alias. Specify the unique identifier of the alias to be updated and the new property values. When reassigning an alias to a new fleet, provide an updated routing strategy. If successful, the updated alias record is returned.

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Updates properties for an alias. Specify the unique identifier of the alias to be updated and the new property values.

    When reassigning an alias to a new fleet, provide an updated routing strategy. If successful, the updated alias record is returned.

    Related actions

    All APIs by task

    " }, "UpdateBuild":{ "name":"UpdateBuild", @@ -1769,7 +1769,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Updates metadata in a build resource, including the build name and version. To update the metadata, specify the build ID to update and provide the new values. If successful, a build object containing the updated metadata is returned.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Updates metadata in a build resource, including the build name and version. To update the metadata, specify the build ID to update and provide the new values. If successful, a build object containing the updated metadata is returned.

    Learn more

    Upload a Custom Server Build

    All APIs by task

    " }, "UpdateContainerFleet":{ "name":"UpdateContainerFleet", @@ -1788,7 +1788,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Updates the properties of a managed container fleet. Depending on the properties being updated, this operation might initiate a fleet deployment. You can track deployments for a fleet using https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetDeployment.html.

    Request options

    As with CreateContainerFleet, many fleet properties use common defaults or are calculated based on the fleet's container group definitions.

    • Update fleet properties that result in a fleet deployment. Include only those properties that you want to change. Specify deployment configuration settings.

    • Update fleet properties that don't result in a fleet deployment. Include only those properties that you want to change.

    Changes to the following properties initiate a fleet deployment:

    • GameServerContainerGroupDefinition

    • PerInstanceContainerGroupDefinition

    • GameServerContainerGroupsPerInstance

    • InstanceInboundPermissions

    • InstanceConnectionPortRange

    • LogConfiguration

    Results

    If successful, this operation updates the container fleet resource, and might initiate a new deployment of fleet resources using the deployment configuration provided. A deployment replaces existing fleet instances with new instances that are deployed with the updated fleet properties. The fleet is placed in UPDATING status until the deployment is complete, then return to ACTIVE.

    You can have only one update deployment active at a time for a fleet. If a second update request initiates a deployment while another deployment is in progress, the first deployment is cancelled.

    " + "documentation":"

    This API works with the following fleet types: Container

    Updates the properties of a managed container fleet. Depending on the properties being updated, this operation might initiate a fleet deployment. You can track deployments for a fleet using https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetDeployment.html.

    A managed fleet's runtime environment, which depends on the fleet's Amazon Machine Image {AMI} version, can't be updated. You must create a new fleet. As a best practice, we recommend replacing your managed fleets every 30 days to maintain a secure and up-to-date runtime environment for your hosted game servers. For guidance, see Security best practices for Amazon GameLift Servers.

    Request options

    As with CreateContainerFleet, many fleet properties use common defaults or are calculated based on the fleet's container group definitions.

    • Update fleet properties that result in a fleet deployment. Include only those properties that you want to change. Specify deployment configuration settings.

    • Update fleet properties that don't result in a fleet deployment. Include only those properties that you want to change.

    Changes to the following properties initiate a fleet deployment:

    • GameServerContainerGroupDefinition

    • PerInstanceContainerGroupDefinition

    • GameServerContainerGroupsPerInstance

    • InstanceInboundPermissions

    • InstanceConnectionPortRange

    • LogConfiguration

    Results

    If successful, this operation updates the container fleet resource, and might initiate a new deployment of fleet resources using the deployment configuration provided. A deployment replaces existing fleet instances with new instances that are deployed with the updated fleet properties. The fleet is placed in UPDATING status until the deployment is complete, then return to ACTIVE.

    You can have only one update deployment active at a time for a fleet. If a second update request initiates a deployment while another deployment is in progress, the first deployment is cancelled.

    " }, "UpdateContainerGroupDefinition":{ "name":"UpdateContainerGroupDefinition", @@ -1806,7 +1806,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Updates properties in an existing container group definition. This operation doesn't replace the definition. Instead, it creates a new version of the definition and saves it separately. You can access all versions that you choose to retain.

    The only property you can't update is the container group type.

    Request options:

    • Update based on the latest version of the container group definition. Specify the container group definition name only, or use an ARN value without a version number. Provide updated values for the properties that you want to change only. All other values remain the same as the latest version.

    • Update based on a specific version of the container group definition. Specify the container group definition name and a source version number, or use an ARN value with a version number. Provide updated values for the properties that you want to change only. All other values remain the same as the source version.

    • Change a game server container definition. Provide the updated container definition.

    • Add or change a support container definition. Provide a complete set of container definitions, including the updated definition.

    • Remove a support container definition. Provide a complete set of container definitions, excluding the definition to remove. If the container group has only one support container definition, provide an empty set.

    Results:

    If successful, this operation returns the complete properties of the new container group definition version.

    If the container group definition version is used in an active fleets, the update automatically initiates a new fleet deployment of the new version. You can track a fleet's deployments using ListFleetDeployments.

    " + "documentation":"

    This API works with the following fleet types: Container

    Updates properties in an existing container group definition. This operation doesn't replace the definition. Instead, it creates a new version of the definition and saves it separately. You can access all versions that you choose to retain.

    The only property you can't update is the container group type.

    Request options:

    • Update based on the latest version of the container group definition. Specify the container group definition name only, or use an ARN value without a version number. Provide updated values for the properties that you want to change only. All other values remain the same as the latest version.

    • Update based on a specific version of the container group definition. Specify the container group definition name and a source version number, or use an ARN value with a version number. Provide updated values for the properties that you want to change only. All other values remain the same as the source version.

    • Change a game server container definition. Provide the updated container definition.

    • Add or change a support container definition. Provide a complete set of container definitions, including the updated definition.

    • Remove a support container definition. Provide a complete set of container definitions, excluding the definition to remove. If the container group has only one support container definition, provide an empty set.

    Results:

    If successful, this operation returns the complete properties of the new container group definition version.

    If the container group definition version is used in an active fleets, the update automatically initiates a new fleet deployment of the new version. You can track a fleet's deployments using ListFleetDeployments.

    " }, "UpdateFleetAttributes":{ "name":"UpdateFleetAttributes", @@ -1825,7 +1825,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Updates a fleet's mutable attributes, such as game session protection and resource creation limits.

    To update fleet attributes, specify the fleet ID and the property values that you want to change. If successful, Amazon GameLift returns the identifiers for the updated fleet.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Updates a fleet's mutable attributes, such as game session protection and resource creation limits.

    To update fleet attributes, specify the fleet ID and the property values that you want to change. If successful, Amazon GameLift Servers returns the identifiers for the updated fleet.

    A managed fleet's runtime environment, which depends on the fleet's Amazon Machine Image {AMI} version, can't be updated. You must create a new fleet. As a best practice, we recommend replacing your managed fleets every 30 days to maintain a secure and up-to-date runtime environment for your hosted game servers. For guidance, see Security best practices for Amazon GameLift Servers.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "UpdateFleetCapacity":{ "name":"UpdateFleetCapacity", @@ -1845,7 +1845,7 @@ {"shape":"UnauthorizedException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Updates capacity settings for a managed EC2 fleet or managed container fleet. For these fleets, you adjust capacity by changing the number of instances in the fleet. Fleet capacity determines the number of game sessions and players that the fleet can host based on its configuration. For fleets with multiple locations, use this operation to manage capacity settings in each location individually.

    Use this operation to set these fleet capacity properties:

    • Minimum/maximum size: Set hard limits on the number of Amazon EC2 instances allowed. If Amazon GameLift receives a request--either through manual update or automatic scaling--it won't change the capacity to a value outside of this range.

    • Desired capacity: As an alternative to automatic scaling, manually set the number of Amazon EC2 instances to be maintained. Before changing a fleet's desired capacity, check the maximum capacity of the fleet's Amazon EC2 instance type by calling DescribeEC2InstanceLimits.

    To update capacity for a fleet's home Region, or if the fleet has no remote locations, omit the Location parameter. The fleet must be in ACTIVE status.

    To update capacity for a fleet's remote location, set the Location parameter to the location to update. The location must be in ACTIVE status.

    If successful, Amazon GameLift updates the capacity settings and returns the identifiers for the updated fleet and/or location. If a requested change to desired capacity exceeds the instance type's limit, the LimitExceeded exception occurs.

    Updates often prompt an immediate change in fleet capacity, such as when current capacity is different than the new desired capacity or outside the new limits. In this scenario, Amazon GameLift automatically initiates steps to add or remove instances in the fleet location. You can track a fleet's current capacity by calling DescribeFleetCapacity or DescribeFleetLocationCapacity.

    Learn more

    Scaling fleet capacity

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Updates capacity settings for a managed EC2 fleet or managed container fleet. For these fleets, you adjust capacity by changing the number of instances in the fleet. Fleet capacity determines the number of game sessions and players that the fleet can host based on its configuration. For fleets with multiple locations, use this operation to manage capacity settings in each location individually.

    Use this operation to set these fleet capacity properties:

    • Minimum/maximum size: Set hard limits on the number of Amazon EC2 instances allowed. If Amazon GameLift Servers receives a request--either through manual update or automatic scaling--it won't change the capacity to a value outside of this range.

    • Desired capacity: As an alternative to automatic scaling, manually set the number of Amazon EC2 instances to be maintained. Before changing a fleet's desired capacity, check the maximum capacity of the fleet's Amazon EC2 instance type by calling DescribeEC2InstanceLimits.

    To update capacity for a fleet's home Region, or if the fleet has no remote locations, omit the Location parameter. The fleet must be in ACTIVE status.

    To update capacity for a fleet's remote location, set the Location parameter to the location to update. The location must be in ACTIVE status.

    If successful, Amazon GameLift Servers updates the capacity settings and returns the identifiers for the updated fleet and/or location. If a requested change to desired capacity exceeds the instance type's limit, the LimitExceeded exception occurs.

    Updates often prompt an immediate change in fleet capacity, such as when current capacity is different than the new desired capacity or outside the new limits. In this scenario, Amazon GameLift Servers automatically initiates steps to add or remove instances in the fleet location. You can track a fleet's current capacity by calling DescribeFleetCapacity or DescribeFleetLocationCapacity.

    Learn more

    Scaling fleet capacity

    " }, "UpdateFleetPortSettings":{ "name":"UpdateFleetPortSettings", @@ -1864,7 +1864,7 @@ {"shape":"InvalidRequestException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Updates permissions that allow inbound traffic to connect to game sessions in the fleet.

    To update settings, specify the fleet ID to be updated and specify the changes to be made. List the permissions you want to add in InboundPermissionAuthorizations, and permissions you want to remove in InboundPermissionRevocations. Permissions to be removed must match existing fleet permissions.

    If successful, the fleet ID for the updated fleet is returned. For fleets with remote locations, port setting updates can take time to propagate across all locations. You can check the status of updates in each location by calling DescribeFleetPortSettings with a location name.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2, Container

    Updates permissions that allow inbound traffic to connect to game sessions in the fleet.

    To update settings, specify the fleet ID to be updated and specify the changes to be made. List the permissions you want to add in InboundPermissionAuthorizations, and permissions you want to remove in InboundPermissionRevocations. Permissions to be removed must match existing fleet permissions.

    If successful, the fleet ID for the updated fleet is returned. For fleets with remote locations, port setting updates can take time to propagate across all locations. You can check the status of updates in each location by calling DescribeFleetPortSettings with a location name.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "UpdateGameServer":{ "name":"UpdateGameServer", @@ -1880,7 +1880,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Updates information about a registered game server to help Amazon GameLift FleetIQ track game server availability. This operation is called by a game server process that is running on an instance in a game server group.

    Use this operation to update the following types of game server information. You can make all three types of updates in the same request:

    • To update the game server's utilization status from AVAILABLE (when the game server is available to be claimed) to UTILIZED (when the game server is currently hosting games). Identify the game server and game server group and specify the new utilization status. You can't change the status from to UTILIZED to AVAILABLE .

    • To report health status, identify the game server and game server group and set health check to HEALTHY. If a game server does not report health status for a certain length of time, the game server is no longer considered healthy. As a result, it will be eventually deregistered from the game server group to avoid affecting utilization metrics. The best practice is to report health every 60 seconds.

    • To change game server metadata, provide updated game server data.

    Once a game server is successfully updated, the relevant statuses and timestamps are updated.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Updates information about a registered game server to help Amazon GameLift Servers FleetIQ track game server availability. This operation is called by a game server process that is running on an instance in a game server group.

    Use this operation to update the following types of game server information. You can make all three types of updates in the same request:

    • To update the game server's utilization status from AVAILABLE (when the game server is available to be claimed) to UTILIZED (when the game server is currently hosting games). Identify the game server and game server group and specify the new utilization status. You can't change the status from to UTILIZED to AVAILABLE .

    • To report health status, identify the game server and game server group and set health check to HEALTHY. If a game server does not report health status for a certain length of time, the game server is no longer considered healthy. As a result, it will be eventually deregistered from the game server group to avoid affecting utilization metrics. The best practice is to report health every 60 seconds.

    • To change game server metadata, provide updated game server data.

    Once a game server is successfully updated, the relevant statuses and timestamps are updated.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "UpdateGameServerGroup":{ "name":"UpdateGameServerGroup", @@ -1896,7 +1896,7 @@ {"shape":"UnauthorizedException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation is used with the Amazon GameLift FleetIQ solution and game server groups.

    Updates Amazon GameLift FleetIQ-specific properties for a game server group. Many Auto Scaling group properties are updated on the Auto Scaling group directly, including the launch template, Auto Scaling policies, and maximum/minimum/desired instance counts.

    To update the game server group, specify the game server group ID and provide the updated values. Before applying the updates, the new values are validated to ensure that Amazon GameLift FleetIQ can continue to perform instance balancing activity. If successful, a GameServerGroup object is returned.

    Learn more

    Amazon GameLift FleetIQ Guide

    " + "documentation":"

    This API works with the following fleet types: EC2 (FleetIQ)

    Updates Amazon GameLift Servers FleetIQ-specific properties for a game server group. Many Auto Scaling group properties are updated on the Auto Scaling group directly, including the launch template, Auto Scaling policies, and maximum/minimum/desired instance counts.

    To update the game server group, specify the game server group ID and provide the updated values. Before applying the updates, the new values are validated to ensure that Amazon GameLift Servers FleetIQ can continue to perform instance balancing activity. If successful, a GameServerGroup object is returned.

    Learn more

    Amazon GameLift Servers FleetIQ Guide

    " }, "UpdateGameSession":{ "name":"UpdateGameSession", @@ -1912,9 +1912,10 @@ {"shape":"InternalServiceException"}, {"shape":"UnauthorizedException"}, {"shape":"InvalidGameSessionStatusException"}, - {"shape":"InvalidRequestException"} + {"shape":"InvalidRequestException"}, + {"shape":"NotReadyException"} ], - "documentation":"

    Updates the mutable properties of a game session.

    To update a game session, specify the game session ID and the values you want to change.

    If successful, the updated GameSession object is returned.

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Updates the mutable properties of a game session.

    To update a game session, specify the game session ID and the values you want to change.

    If successful, the updated GameSession object is returned.

    All APIs by task

    " }, "UpdateGameSessionQueue":{ "name":"UpdateGameSessionQueue", @@ -1930,7 +1931,7 @@ {"shape":"NotFoundException"}, {"shape":"UnauthorizedException"} ], - "documentation":"

    Updates the configuration of a game session queue, which determines how the queue processes new game session requests. To update settings, specify the queue name to be updated and provide the new settings. When updating destinations, provide a complete list of destinations.

    Learn more

    Using Multi-Region Queues

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Updates the configuration of a game session queue, which determines how the queue processes new game session requests. To update settings, specify the queue name to be updated and provide the new settings. When updating destinations, provide a complete list of destinations.

    Learn more

    Using Multi-Region Queues

    " }, "UpdateMatchmakingConfiguration":{ "name":"UpdateMatchmakingConfiguration", @@ -1946,7 +1947,7 @@ {"shape":"InternalServiceException"}, {"shape":"UnsupportedRegionException"} ], - "documentation":"

    Updates settings for a FlexMatch matchmaking configuration. These changes affect all matches and game sessions that are created after the update. To update settings, specify the configuration name to be updated and provide the new settings.

    Learn more

    Design a FlexMatch matchmaker

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Updates settings for a FlexMatch matchmaking configuration. These changes affect all matches and game sessions that are created after the update. To update settings, specify the configuration name to be updated and provide the new settings.

    Learn more

    Design a FlexMatch matchmaker

    " }, "UpdateRuntimeConfiguration":{ "name":"UpdateRuntimeConfiguration", @@ -1964,7 +1965,7 @@ {"shape":"InvalidFleetStatusException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Updates the runtime configuration for the specified fleet. The runtime configuration tells Amazon GameLift how to launch server processes on computes in managed EC2 and Anywhere fleets. You can update a fleet's runtime configuration at any time after the fleet is created; it does not need to be in ACTIVE status.

    To update runtime configuration, specify the fleet ID and provide a RuntimeConfiguration with an updated set of server process configurations.

    If successful, the fleet's runtime configuration settings are updated. Fleet computes that run game server processes regularly check for and receive updated runtime configurations. The computes immediately take action to comply with the new configuration by launching new server processes or by not replacing existing processes when they shut down. Updating a fleet's runtime configuration never affects existing server processes.

    Learn more

    Setting up Amazon GameLift fleets

    " + "documentation":"

    This API works with the following fleet types: EC2

    Updates the runtime configuration for the specified fleet. The runtime configuration tells Amazon GameLift Servers how to launch server processes on computes in managed EC2 and Anywhere fleets. You can update a fleet's runtime configuration at any time after the fleet is created; it does not need to be in ACTIVE status.

    To update runtime configuration, specify the fleet ID and provide a RuntimeConfiguration with an updated set of server process configurations.

    If successful, the fleet's runtime configuration settings are updated. Fleet computes that run game server processes regularly check for and receive updated runtime configurations. The computes immediately take action to comply with the new configuration by launching new server processes or by not replacing existing processes when they shut down. Updating a fleet's runtime configuration never affects existing server processes.

    Learn more

    Setting up Amazon GameLift Servers fleets

    " }, "UpdateScript":{ "name":"UpdateScript", @@ -1980,7 +1981,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Updates Realtime script metadata and content.

    To update script metadata, specify the script ID and provide updated name and/or version values.

    To update script content, provide an updated zip file by pointing to either a local file or an Amazon S3 bucket location. You can use either method regardless of how the original script was uploaded. Use the Version parameter to track updates to the script.

    If the call is successful, the updated metadata is stored in the script record and a revised script is uploaded to the Amazon GameLift service. Once the script is updated and acquired by a fleet instance, the new version is used for all new game sessions.

    Learn more

    Amazon GameLift Realtime Servers

    Related actions

    All APIs by task

    " + "documentation":"

    This API works with the following fleet types: EC2

    Updates Realtime script metadata and content.

    To update script metadata, specify the script ID and provide updated name and/or version values.

    To update script content, provide an updated zip file by pointing to either a local file or an Amazon S3 bucket location. You can use either method regardless of how the original script was uploaded. Use the Version parameter to track updates to the script.

    If the call is successful, the updated metadata is stored in the script record and a revised script is uploaded to the Amazon GameLift Servers service. Once the script is updated and acquired by a fleet instance, the new version is used for all new game sessions.

    Learn more

    Amazon GameLift Servers Amazon GameLift Servers Realtime

    Related actions

    All APIs by task

    " }, "ValidateMatchmakingRuleSet":{ "name":"ValidateMatchmakingRuleSet", @@ -1995,7 +1996,7 @@ {"shape":"UnsupportedRegionException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

    Validates the syntax of a matchmaking rule or rule set. This operation checks that the rule set is using syntactically correct JSON and that it conforms to allowed property expressions. To validate syntax, provide a rule set JSON string.

    Learn more

    " + "documentation":"

    This API works with the following fleet types: EC2, Anywhere, Container

    Validates the syntax of a matchmaking rule or rule set. This operation checks that the rule set is using syntactically correct JSON and that it conforms to allowed property expressions. To validate syntax, provide a rule set JSON string.

    Learn more

    " } }, "shapes":{ @@ -2023,8 +2024,7 @@ }, "AcceptMatchOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AcceptanceType":{ "type":"string", @@ -2046,7 +2046,7 @@ }, "AliasArn":{ "shape":"AliasArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift alias resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::alias/alias-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift alias ARN, the resource ID matches the alias ID value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers alias resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::alias/alias-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift alias ARN, the resource ID matches the alias ID value.

    " }, "Description":{ "shape":"FreeText", @@ -2094,10 +2094,10 @@ "members":{ "Cost":{ "shape":"NonNegativeLimitedLengthDouble", - "documentation":"

    The cost to run your fleet per hour. Amazon GameLift uses the provided cost of your fleet to balance usage in queues. For more information about queues, see Setting up queues in the Amazon GameLift Developer Guide.

    " + "documentation":"

    The cost to run your fleet per hour. Amazon GameLift Servers uses the provided cost of your fleet to balance usage in queues. For more information about queues, see Setting up queues in the Amazon GameLift Servers Developer Guide.

    " } }, - "documentation":"

    Amazon GameLift configuration options for your Anywhere fleets.

    " + "documentation":"

    Amazon GameLift Servers configuration options for your Anywhere fleets.

    " }, "ArnStringModel":{ "type":"string", @@ -2149,7 +2149,7 @@ "documentation":"

    The token that users must pass to the service API to use the temporary credentials.

    " } }, - "documentation":"

    Amazon Web Services account security credentials that allow interactions with Amazon GameLift resources. The credentials are temporary and valid for a limited time span. You can request fresh credentials at any time.

    Amazon Web Services security credentials consist of three parts: an access key ID, a secret access key, and a session token. You must use all three parts together to authenticate your access requests.

    You need Amazon Web Services credentials for the following tasks:

    ", + "documentation":"

    Amazon Web Services account security credentials that allow interactions with Amazon GameLift Servers resources. The credentials are temporary and valid for a limited time span. You can request fresh credentials at any time.

    Amazon Web Services security credentials consist of three parts: an access key ID, a secret access key, and a session token. You must use all three parts together to authenticate your access requests.

    You need Amazon Web Services credentials for the following tasks:

    ", "sensitive":true }, "BackfillMode":{ @@ -2177,7 +2177,7 @@ }, "BuildArn":{ "shape":"BuildArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift build resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::build/build-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift build ARN, the resource ID matches the BuildId value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers build resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::build/build-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift build ARN, the resource ID matches the BuildId value.

    " }, "Name":{ "shape":"FreeText", @@ -2197,7 +2197,7 @@ }, "OperatingSystem":{ "shape":"OperatingSystem", - "documentation":"

    Operating system that the game server binaries are built to run on. This value determines the type of fleet resources that you can use for this build.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x., first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    Operating system that the game server binaries are built to run on. This value determines the type of fleet resources that you can use for this build.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "CreationTime":{ "shape":"Timestamp", @@ -2205,7 +2205,7 @@ }, "ServerSdkVersion":{ "shape":"ServerSdkVersion", - "documentation":"

    The Amazon GameLift Server SDK version used to develop your game server.

    " + "documentation":"

    The Amazon GameLift Servers Server SDK version used to develop your game server.

    " } }, "documentation":"

    Properties describing a custom game build.

    All APIs by task

    " @@ -2243,7 +2243,7 @@ "documentation":"

    Indicates whether a TLS/SSL certificate is generated for a fleet.

    Valid values include:

    • GENERATED - Generate a TLS/SSL certificate for this fleet.

    • DISABLED - (default) Do not generate a TLS/SSL certificate for this fleet.

    " } }, - "documentation":"

    Determines whether a TLS/SSL certificate is generated for a fleet. This feature must be enabled when creating the fleet. All instances in a fleet share the same certificate. The certificate can be retrieved by calling the Amazon GameLift Server SDK operation GetInstanceCertificate.

    " + "documentation":"

    Determines whether a TLS/SSL certificate is generated for a fleet. This feature must be enabled when creating the fleet. All instances in a fleet share the same certificate. The certificate can be retrieved by calling the Amazon GameLift Servers Server SDK operation GetInstanceCertificate.

    " }, "CertificateType":{ "type":"string", @@ -2260,7 +2260,7 @@ "documentation":"

    List of instance statuses that game servers may be claimed on. If provided, the list must contain the ACTIVE status.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Filters which game servers may be claimed when calling ClaimGameServer.

    " + "documentation":"

    Filters which game servers may be claimed when calling ClaimGameServer.

    " }, "ClaimGameServerInput":{ "type":"structure", @@ -2268,11 +2268,11 @@ "members":{ "GameServerGroupName":{ "shape":"GameServerGroupNameOrArn", - "documentation":"

    A unique identifier for the game server group where the game server is running. If you are not specifying a game server to claim, this value identifies where you want Amazon GameLift FleetIQ to look for an available game server to claim.

    " + "documentation":"

    A unique identifier for the game server group where the game server is running. If you are not specifying a game server to claim, this value identifies where you want Amazon GameLift Servers FleetIQ to look for an available game server to claim.

    " }, "GameServerId":{ "shape":"GameServerId", - "documentation":"

    A custom string that uniquely identifies the game server to claim. If this parameter is left empty, Amazon GameLift FleetIQ searches for an available game server in the specified game server group.

    " + "documentation":"

    A custom string that uniquely identifies the game server to claim. If this parameter is left empty, Amazon GameLift Servers FleetIQ searches for an available game server in the specified game server group.

    " }, "GameServerData":{ "shape":"GameServerData", @@ -2323,15 +2323,15 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of a compute resource. Amazon GameLift requires a DNS name or IP address for a compute.

    " + "documentation":"

    The IP address of a compute resource. Amazon GameLift Servers requires a DNS name or IP address for a compute.

    " }, "DnsName":{ "shape":"DnsName", - "documentation":"

    The DNS name of a compute resource. Amazon GameLift requires a DNS name or IP address for a compute.

    " + "documentation":"

    The DNS name of a compute resource. Amazon GameLift Servers requires a DNS name or IP address for a compute.

    " }, "ComputeStatus":{ "shape":"ComputeStatus", - "documentation":"

    Current status of the compute. A compute must have an ACTIVE status to host game sessions.

    " + "documentation":"

    Current status of the compute. A compute must have an ACTIVE status to host game sessions. Valid values include PENDING, ACTIVE, TERMINATING, and IMPAIRED.

    While the ComputeStatus enum type is valid for Container based servers, the result may also include other non-enumerated string values such as \"Active\" for fleets which are not Container-based.

    " }, "Location":{ "shape":"LocationStringModel", @@ -2343,19 +2343,19 @@ }, "OperatingSystem":{ "shape":"OperatingSystem", - "documentation":"

    The type of operating system on the compute resource.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x., first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The type of operating system on the compute resource.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "Type":{ "shape":"EC2InstanceType", - "documentation":"

    The Amazon EC2 instance type that the fleet uses. For registered computes in an Amazon GameLift Anywhere fleet, this property is empty.

    " + "documentation":"

    The Amazon EC2 instance type that the fleet uses. For registered computes in an Amazon GameLift Servers Anywhere fleet, this property is empty.

    " }, "GameLiftServiceSdkEndpoint":{ "shape":"GameLiftServiceSdkEndpointOutput", - "documentation":"

    The Amazon GameLift SDK endpoint connection for a registered compute resource in an Anywhere fleet. The game servers on the compute use this endpoint to connect to the Amazon GameLift service.

    " + "documentation":"

    The Amazon GameLift Servers SDK endpoint connection for a registered compute resource in an Anywhere fleet. The game servers on the compute use this endpoint to connect to the Amazon GameLift Servers service.

    " }, "GameLiftAgentEndpoint":{ "shape":"GameLiftAgentEndpointOutput", - "documentation":"

    The endpoint of the Amazon GameLift Agent.

    " + "documentation":"

    The endpoint of the Amazon GameLift Servers Agent.

    " }, "InstanceId":{ "shape":"InstanceId", @@ -2370,7 +2370,7 @@ "documentation":"

    The game server container group definition for the compute.

    " } }, - "documentation":"

    An Amazon GameLift compute resource for hosting your game servers. Computes in an Amazon GameLift fleet differs depending on the fleet's compute type property as follows:

    • For managed EC2 fleets, a compute is an EC2 instance.

    • For Anywhere fleets, a compute is a computing resource that you provide and is registered to the fleet.

    " + "documentation":"

    An Amazon GameLift Servers compute resource for hosting your game servers. Computes in an Amazon GameLift Servers fleet differs depending on the fleet's compute type property as follows:

    • For managed EC2 fleets, a compute is an EC2 instance.

    • For Anywhere fleets, a compute is a computing resource that you provide and is registered to the fleet.

    " }, "ComputeArn":{ "type":"string", @@ -2532,11 +2532,11 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift fleet ARN, the resource ID matches the FleetId value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift fleet ARN, the resource ID matches the FleetId value.

    " }, "FleetRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The unique identifier for an Identity and Access Management (IAM) role with permissions to run your containers on resources that are managed by Amazon GameLift. See Set up an IAM service role. This fleet property can't be changed.

    " + "documentation":"

    The unique identifier for an Identity and Access Management (IAM) role with permissions to run your containers on resources that are managed by Amazon GameLift Servers. See Set up an IAM service role. This fleet property can't be changed.

    " }, "GameServerContainerGroupDefinitionName":{ "shape":"ContainerGroupDefinitionName", @@ -2589,7 +2589,7 @@ }, "NewGameSessionProtectionPolicy":{ "shape":"ProtectionPolicy", - "documentation":"

    Determines whether Amazon GameLift can shut down game sessions on the fleet that are actively running and hosting players. Amazon GameLift might prompt an instance shutdown when scaling down fleet capacity or when retiring unhealthy instances. You can also set game session protection for individual game sessions using UpdateGameSession.

    • NoProtection -- Game sessions can be shut down during active gameplay.

    • FullProtection -- Game sessions in ACTIVE status can't be shut down.

    " + "documentation":"

    Determines whether Amazon GameLift Servers can shut down game sessions on the fleet that are actively running and hosting players. Amazon GameLift Servers might prompt an instance shutdown when scaling down fleet capacity or when retiring unhealthy instances. You can also set game session protection for individual game sessions using UpdateGameSession.

    • NoProtection -- Game sessions can be shut down during active gameplay.

    • FullProtection -- Game sessions in ACTIVE status can't be shut down.

    " }, "GameSessionCreationLimitPolicy":{ "shape":"GameSessionCreationLimitPolicy", @@ -2605,14 +2605,14 @@ }, "LogConfiguration":{ "shape":"LogConfiguration", - "documentation":"

    The method that is used to collect container logs for the fleet. Amazon GameLift saves all standard output for each container in logs, including game session logs.

    • CLOUDWATCH -- Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define.

    • NONE -- Don't collect container logs.

    " + "documentation":"

    The method that is used to collect container logs for the fleet. Amazon GameLift Servers saves all standard output for each container in logs, including game session logs.

    • CLOUDWATCH -- Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define.

    • NONE -- Don't collect container logs.

    " }, "LocationAttributes":{ "shape":"ContainerFleetLocationAttributesList", "documentation":"

    Information about the container fleet's remote locations where fleet instances are deployed.

    " } }, - "documentation":"

    Describes an Amazon GameLift managed container fleet.

    " + "documentation":"

    Describes an Amazon GameLift Servers managed container fleet.

    " }, "ContainerFleetBillingType":{ "type":"string", @@ -2684,7 +2684,7 @@ "members":{ "ContainerGroupDefinitionArn":{ "shape":"ContainerGroupDefinitionArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift ContainerGroupDefinition resource. It uniquely identifies the resource across all Amazon Web Services Regions. Format is arn:aws:gamelift:[region]::containergroupdefinition/[container group definition name]:[version].

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift Servers ContainerGroupDefinition resource. It uniquely identifies the resource across all Amazon Web Services Regions. Format is arn:aws:gamelift:[region]::containergroupdefinition/[container group definition name]:[version].

    " }, "CreationTime":{ "shape":"Timestamp", @@ -2692,7 +2692,7 @@ }, "OperatingSystem":{ "shape":"ContainerOperatingSystem", - "documentation":"

    The platform that all containers in the container group definition run on.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The platform that all containers in the container group definition run on.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "Name":{ "shape":"ContainerGroupDefinitionName", @@ -2700,7 +2700,7 @@ }, "ContainerGroupType":{ "shape":"ContainerGroupType", - "documentation":"

    The type of container group. Container group type determines how Amazon GameLift deploys the container group on each fleet instance.

    " + "documentation":"

    The type of container group. Container group type determines how Amazon GameLift Servers deploys the container group on each fleet instance.

    " }, "TotalMemoryLimitMebibytes":{ "shape":"ContainerTotalMemoryLimit", @@ -2728,11 +2728,11 @@ }, "Status":{ "shape":"ContainerGroupDefinitionStatus", - "documentation":"

    Current status of the container group definition resource. Values include:

    • COPYING -- Amazon GameLift is in the process of making copies of all container images that are defined in the group. While in this state, the resource can't be used to create a container fleet.

    • READY -- Amazon GameLift has copied the registry images for all containers that are defined in the group. You can use a container group definition in this status to create a container fleet.

    • FAILED -- Amazon GameLift failed to create a valid container group definition resource. For more details on the cause of the failure, see StatusReason. A container group definition resource in failed status will be deleted within a few minutes.

    " + "documentation":"

    Current status of the container group definition resource. Values include:

    • COPYING -- Amazon GameLift Servers is in the process of making copies of all container images that are defined in the group. While in this state, the resource can't be used to create a container fleet.

    • READY -- Amazon GameLift Servers has copied the registry images for all containers that are defined in the group. You can use a container group definition in this status to create a container fleet.

    • FAILED -- Amazon GameLift Servers failed to create a valid container group definition resource. For more details on the cause of the failure, see StatusReason. A container group definition resource in failed status will be deleted within a few minutes.

    " }, "StatusReason":{ "shape":"NonZeroAndMaxString", - "documentation":"

    Additional information about a container group definition that's in FAILED status. Possible reasons include:

    • An internal issue prevented Amazon GameLift from creating the container group definition resource. Delete the failed resource and call CreateContainerGroupDefinitionagain.

    • An access-denied message means that you don't have permissions to access the container image on ECR. See IAM permission examples for help setting up required IAM permissions for Amazon GameLift.

    • The ImageUri value for at least one of the containers in the container group definition was invalid or not found in the current Amazon Web Services account.

    • At least one of the container images referenced in the container group definition exceeds the allowed size. For size limits, see Amazon GameLift endpoints and quotas.

    • At least one of the container images referenced in the container group definition uses a different operating system than the one defined for the container group.

    " + "documentation":"

    Additional information about a container group definition that's in FAILED status. Possible reasons include:

    • An internal issue prevented Amazon GameLift Servers from creating the container group definition resource. Delete the failed resource and call CreateContainerGroupDefinitionagain.

    • An access-denied message means that you don't have permissions to access the container image on ECR. See IAM permission examples for help setting up required IAM permissions for Amazon GameLift Servers.

    • The ImageUri value for at least one of the containers in the container group definition was invalid or not found in the current Amazon Web Services account.

    • At least one of the container images referenced in the container group definition exceeds the allowed size. For size limits, see Amazon GameLift Servers endpoints and quotas.

    • At least one of the container images referenced in the container group definition uses a different operating system than the one defined for the container group.

    " } }, "documentation":"

    The properties that describe a container group resource. You can update all properties of a container group definition properties. Updates to a container group definition are saved as new versions.

    Used with: CreateContainerGroupDefinition

    Returned by: DescribeContainerGroupDefinition, ListContainerGroupDefinitions, UpdateContainerGroupDefinition

    " @@ -2799,7 +2799,7 @@ "documentation":"

    The time period (in seconds) to wait for a health check to succeed before counting a failed health check.

    " } }, - "documentation":"

    Instructions on when and how to check the health of a support container in a container fleet. These properties override any Docker health checks that are set in the container image. For more information on container health checks, see HealthCheck command in the Amazon Elastic Container Service API. Game server containers don't have a health check parameter; Amazon GameLift automatically handles health checks for these containers.

    The following example instructs the container to initiate a health check command every 60 seconds and wait 10 seconds for it to succeed. If it fails, retry the command 3 times before flagging the container as unhealthy. It also tells the container to wait 100 seconds after launch before counting failed health checks.

    {\"Command\": [ \"CMD-SHELL\", \"ps cax | grep \"processmanager\" || exit 1\" ], \"Interval\": 60, \"Timeout\": 10, \"Retries\": 3, \"StartPeriod\": 100 }

    Part of: SupportContainerDefinition, SupportContainerDefinitionInput

    " + "documentation":"

    Instructions on when and how to check the health of a support container in a container fleet. These properties override any Docker health checks that are set in the container image. For more information on container health checks, see HealthCheck command in the Amazon Elastic Container Service API. Game server containers don't have a health check parameter; Amazon GameLift Servers automatically handles health checks for these containers.

    The following example instructs the container to initiate a health check command every 60 seconds and wait 10 seconds for it to succeed. If it fails, retry the command 3 times before flagging the container as unhealthy. It also tells the container to wait 100 seconds after launch before counting failed health checks.

    {\"Command\": [ \"CMD-SHELL\", \"ps cax | grep \"processmanager\" || exit 1\" ], \"Interval\": 60, \"Timeout\": 10, \"Retries\": 3, \"StartPeriod\": 100 }

    Part of: SupportContainerDefinition, SupportContainerDefinitionInput

    " }, "ContainerHealthCheckInterval":{ "type":"integer", @@ -2894,10 +2894,10 @@ "members":{ "ContainerPortRanges":{ "shape":"ContainerPortRangeList", - "documentation":"

    A set of one or more container port number ranges. The ranges can't overlap.

    " + "documentation":"

    A set of one or more container port number ranges. The ranges can't overlap if the ranges' network protocols are the same. Overlapping ranges with different protocols is allowed but not recommended.

    " } }, - "documentation":"

    A set of port ranges that can be opened on the container. A process that's running in the container can bind to a port number, making it accessible to inbound traffic. Container ports map to a container fleet's connection ports.

    Part of: GameServerContainerDefinition, GameServerContainerDefinitionInput, SupportContainerDefinition, SupportContainerDefinitionInput

    " + "documentation":"

    A set of port ranges that can be opened on the container. A process that's running in the container can bind to a port number, making it accessible to inbound traffic when it's mapped to a container fleet's connection port.

    Each container port range specifies a network protocol. When the configuration supports more than one protocol, we recommend that you use a different range for each protocol. If your ranges have overlapping port numbers, Amazon GameLift Servers maps a duplicated container port number to different connection ports. For example, if you include 1935 in port ranges for both TCP and UDP, it might result in the following mappings:

    • container port 1935 (tcp) => connection port 2001

    • container port 1935 (udp) => connection port 2002

    Part of: GameServerContainerDefinition, GameServerContainerDefinitionInput, SupportContainerDefinition, SupportContainerDefinitionInput

    " }, "ContainerPortRange":{ "type":"structure", @@ -2920,7 +2920,7 @@ "documentation":"

    The network protocol that these ports support.

    " } }, - "documentation":"

    A set of one or more port numbers that can be opened on the container.

    Part of: ContainerPortConfiguration

    " + "documentation":"

    A set of one or more port numbers that can be opened on the container, and the supported network protocol.

    Part of: ContainerPortConfiguration

    " }, "ContainerPortRangeList":{ "type":"list", @@ -2990,11 +2990,11 @@ }, "StorageLocation":{ "shape":"S3Location", - "documentation":"

    Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.

    If a StorageLocation is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift will report a SizeOnDisk of 0.

    " + "documentation":"

    Information indicating where your game build files are stored. Use this parameter only when creating a build with files stored in an Amazon S3 bucket that you own. The storage location must specify an Amazon S3 bucket name and key. The location must also specify a role ARN that you set up to allow Amazon GameLift Servers to access your Amazon S3 bucket. The S3 bucket and your new build must be in the same Region.

    If a StorageLocation is specified, the size of your file can be found in your Amazon S3 bucket. Amazon GameLift Servers will report a SizeOnDisk of 0.

    " }, "OperatingSystem":{ "shape":"OperatingSystem", - "documentation":"

    The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x., first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The operating system that your game server binaries run on. This value determines the type of fleet resources that you use for this build. If your game build contains multiple executables, they all must run on the same operating system. You must specify a valid operating system in this request. There is no default value. You can't change a build's operating system later.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "Tags":{ "shape":"TagList", @@ -3002,7 +3002,7 @@ }, "ServerSdkVersion":{ "shape":"ServerSdkVersion", - "documentation":"

    A server SDK version you used when integrating your game server build with Amazon GameLift. For more information see Integrate games with custom game servers. By default Amazon GameLift sets this value to 4.0.2.

    " + "documentation":"

    A server SDK version you used when integrating your game server build with Amazon GameLift Servers. For more information see Integrate games with custom game servers. By default Amazon GameLift Servers sets this value to 4.0.2.

    " } } }, @@ -3015,7 +3015,7 @@ }, "UploadCredentials":{ "shape":"AwsCredentials", - "documentation":"

    This element is returned only when the operation is called without a storage location. It contains credentials to use when you are uploading a build file to an Amazon S3 bucket that is owned by Amazon GameLift. Credentials have a limited life span. To refresh these credentials, call RequestUploadCredentials.

    " + "documentation":"

    This element is returned only when the operation is called without a storage location. It contains credentials to use when you are uploading a build file to an Amazon S3 bucket that is owned by Amazon GameLift Servers. Credentials have a limited life span. To refresh these credentials, call RequestUploadCredentials.

    " }, "StorageLocation":{ "shape":"S3Location", @@ -3029,7 +3029,7 @@ "members":{ "FleetRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The unique identifier for an Identity and Access Management (IAM) role with permissions to run your containers on resources that are managed by Amazon GameLift. Use an IAM service role with the GameLiftContainerFleetPolicy managed policy attached. For more information, see Set up an IAM service role. You can't change this fleet property after the fleet is created.

    IAM role ARN values use the following pattern: arn:aws:iam::[Amazon Web Services account]:role/[role name].

    " + "documentation":"

    The unique identifier for an Identity and Access Management (IAM) role with permissions to run your containers on resources that are managed by Amazon GameLift Servers. Use an IAM service role with the GameLiftContainerFleetPolicy managed policy attached. For more information, see Set up an IAM service role. You can't change this fleet property after the fleet is created.

    IAM role ARN values use the following pattern: arn:aws:iam::[Amazon Web Services account]:role/[role name].

    " }, "Description":{ "shape":"NonZeroAndMaxString", @@ -3045,19 +3045,19 @@ }, "InstanceConnectionPortRange":{ "shape":"ConnectionPortRange", - "documentation":"

    The set of port numbers to open on each fleet instance. A fleet's connection ports map to container ports that are configured in the fleet's container group definitions.

    By default, Amazon GameLift calculates an optimal port range based on your fleet configuration. To use the calculated range, don't set this parameter. The values are:

    • Port range: 4192 to a number calculated based on your fleet configuration. Amazon GameLift uses the following formula: 4192 + [# of game server container groups per fleet instance] * [# of container ports in the game server container group definition] + [# of container ports in the game server container group definition]

    You can also choose to manually set this parameter. When manually setting this parameter, you must use port numbers that match the fleet's inbound permissions port range.

    If you set values manually, Amazon GameLift no longer calculates a port range for you, even if you later remove the manual settings.

    " + "documentation":"

    The set of port numbers to open on each fleet instance. A fleet's connection ports map to container ports that are configured in the fleet's container group definitions.

    By default, Amazon GameLift Servers calculates an optimal port range based on your fleet configuration. To use the calculated range, don't set this parameter. The values are:

    • Port range: 4192 to a number calculated based on your fleet configuration. Amazon GameLift Servers uses the following formula: 4192 + [# of game server container groups per fleet instance] * [# of container ports in the game server container group definition] + [# of container ports in the game server container group definition]

    You can also choose to manually set this parameter. When manually setting this parameter, you must use port numbers that match the fleet's inbound permissions port range.

    If you set values manually, Amazon GameLift Servers no longer calculates a port range for you, even if you later remove the manual settings.

    " }, "InstanceInboundPermissions":{ "shape":"IpPermissionsList", - "documentation":"

    The IP address ranges and port settings that allow inbound traffic to access game server processes and other processes on this fleet. As a best practice, when remotely accessing a fleet instance, we recommend opening ports only when you need them and closing them when you're finished.

    By default, Amazon GameLift calculates an optimal port range based on your fleet configuration. To use the calculated range, don't set this parameter. The values are:

    • Protocol: UDP

    • Port range: 4192 to a number calculated based on your fleet configuration. Amazon GameLift uses the following formula: 4192 + [# of game server container groups per fleet instance] * [# of container ports in the game server container group definition] + [# of container ports in the game server container group definition]

    You can also choose to manually set this parameter. When manually setting this parameter, you must use port numbers that match the fleet's connection port range.

    If you set values manually, Amazon GameLift no longer calculates a port range for you, even if you later remove the manual settings.

    " + "documentation":"

    The IP address ranges and port settings that allow inbound traffic to access game server processes and other processes on this fleet. As a best practice, when remotely accessing a fleet instance, we recommend opening ports only when you need them and closing them when you're finished.

    By default, Amazon GameLift Servers calculates an optimal port range based on your fleet configuration. To use the calculated range, don't set this parameter. The values are:

    • Protocol: UDP

    • Port range: 4192 to a number calculated based on your fleet configuration. Amazon GameLift Servers uses the following formula: 4192 + [# of game server container groups per fleet instance] * [# of container ports in the game server container group definition] + [# of container ports in the game server container group definition]

    You can also choose to manually set this parameter. When manually setting this parameter, you must use port numbers that match the fleet's connection port range.

    If you set values manually, Amazon GameLift Servers no longer calculates a port range for you, even if you later remove the manual settings.

    " }, "GameServerContainerGroupsPerInstance":{ "shape":"GameServerContainerGroupsPerInstance", - "documentation":"

    The number of times to replicate the game server container group on each fleet instance.

    By default, Amazon GameLift calculates the maximum number of game server container groups that can fit on each instance. This calculation is based on the CPU and memory resources of the fleet's instance type). To use the calculated maximum, don't set this parameter. If you set this number manually, Amazon GameLift uses your value as long as it's less than the calculated maximum.

    " + "documentation":"

    The number of times to replicate the game server container group on each fleet instance.

    By default, Amazon GameLift Servers calculates the maximum number of game server container groups that can fit on each instance. This calculation is based on the CPU and memory resources of the fleet's instance type). To use the calculated maximum, don't set this parameter. If you set this number manually, Amazon GameLift Servers uses your value as long as it's less than the calculated maximum.

    " }, "InstanceType":{ "shape":"NonZeroAndMaxString", - "documentation":"

    The Amazon EC2 instance type to use for all instances in the fleet. For multi-location fleets, the instance type must be available in the home region and all remote locations. Instance type determines the computing resources and processing power that's available to host your game servers. This includes including CPU, memory, storage, and networking capacity.

    By default, Amazon GameLift selects an instance type that fits the needs of your container groups and is available in all selected fleet locations. You can also choose to manually set this parameter. See Amazon Elastic Compute Cloud Instance Types for detailed descriptions of Amazon EC2 instance types.

    You can't update this fleet property later.

    " + "documentation":"

    The Amazon EC2 instance type to use for all instances in the fleet. For multi-location fleets, the instance type must be available in the home region and all remote locations. Instance type determines the computing resources and processing power that's available to host your game servers. This includes including CPU, memory, storage, and networking capacity.

    By default, Amazon GameLift Servers selects an instance type that fits the needs of your container groups and is available in all selected fleet locations. You can also choose to manually set this parameter. See Amazon Elastic Compute Cloud Instance Types for detailed descriptions of Amazon EC2 instance types.

    You can't update this fleet property later.

    " }, "BillingType":{ "shape":"ContainerFleetBillingType", @@ -3065,7 +3065,7 @@ }, "Locations":{ "shape":"LocationConfigurationList", - "documentation":"

    A set of locations to deploy container fleet instances to. You can add any Amazon Web Services Region or Local Zone that's supported by Amazon GameLift. Provide a list of one or more Amazon Web Services Region codes, such as us-west-2, or Local Zone names. Also include the fleet's home Region, which is the Amazon Web Services Region where the fleet is created. For a list of supported Regions and Local Zones, see Amazon GameLift service locations for managed hosting.

    " + "documentation":"

    A set of locations to deploy container fleet instances to. You can add any Amazon Web Services Region or Local Zone that's supported by Amazon GameLift Servers. Provide a list of one or more Amazon Web Services Region codes, such as us-west-2, or Local Zone names. Also include the fleet's home Region, which is the Amazon Web Services Region where the fleet is created. For a list of supported Regions and Local Zones, see Amazon GameLift Servers service locations for managed hosting.

    " }, "MetricGroups":{ "shape":"MetricGroupList", @@ -3073,7 +3073,7 @@ }, "NewGameSessionProtectionPolicy":{ "shape":"ProtectionPolicy", - "documentation":"

    Determines whether Amazon GameLift can shut down game sessions on the fleet that are actively running and hosting players. Amazon GameLift might prompt an instance shutdown when scaling down fleet capacity or when retiring unhealthy instances. You can also set game session protection for individual game sessions using UpdateGameSession.

    • NoProtection -- Game sessions can be shut down during active gameplay.

    • FullProtection -- Game sessions in ACTIVE status can't be shut down.

    By default, this property is set to NoProtection.

    " + "documentation":"

    Determines whether Amazon GameLift Servers can shut down game sessions on the fleet that are actively running and hosting players. Amazon GameLift Servers might prompt an instance shutdown when scaling down fleet capacity or when retiring unhealthy instances. You can also set game session protection for individual game sessions using UpdateGameSession.

    • NoProtection -- Game sessions can be shut down during active gameplay.

    • FullProtection -- Game sessions in ACTIVE status can't be shut down.

    By default, this property is set to NoProtection.

    " }, "GameSessionCreationLimitPolicy":{ "shape":"GameSessionCreationLimitPolicy", @@ -3081,7 +3081,7 @@ }, "LogConfiguration":{ "shape":"LogConfiguration", - "documentation":"

    A method for collecting container logs for the fleet. Amazon GameLift saves all standard output for each container in logs, including game session logs. You can select from the following methods:

    • CLOUDWATCH -- Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define.

    • NONE -- Don't collect container logs.

    By default, this property is set to CLOUDWATCH.

    Amazon GameLift requires permissions to send logs other Amazon Web Services services in your account. These permissions are included in the IAM fleet role for this container fleet (see FleetRoleArn).

    " + "documentation":"

    A method for collecting container logs for the fleet. Amazon GameLift Servers saves all standard output for each container in logs, including game session logs. You can select from the following methods:

    • CLOUDWATCH -- Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define.

    • NONE -- Don't collect container logs.

    By default, this property is set to CLOUDWATCH.

    Amazon GameLift Servers requires permissions to send logs other Amazon Web Services services in your account. These permissions are included in the IAM fleet role for this container fleet (see FleetRoleArn).

    " }, "Tags":{ "shape":"TagList", @@ -3113,7 +3113,7 @@ }, "ContainerGroupType":{ "shape":"ContainerGroupType", - "documentation":"

    The type of container group being defined. Container group type determines how Amazon GameLift deploys the container group on each fleet instance.

    Default value: GAME_SERVER

    " + "documentation":"

    The type of container group being defined. Container group type determines how Amazon GameLift Servers deploys the container group on each fleet instance.

    Default value: GAME_SERVER

    " }, "TotalMemoryLimitMebibytes":{ "shape":"ContainerTotalMemoryLimit", @@ -3133,7 +3133,7 @@ }, "OperatingSystem":{ "shape":"ContainerOperatingSystem", - "documentation":"

    The platform that all containers in the group use. Containers in a group must run on the same operating system.

    Default value: AMAZON_LINUX_2023

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The platform that all containers in the group use. Containers in a group must run on the same operating system.

    Default value: AMAZON_LINUX_2023

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "VersionDescription":{ "shape":"NonZeroAndMaxString", @@ -3168,11 +3168,11 @@ }, "BuildId":{ "shape":"BuildIdOrArn", - "documentation":"

    The unique identifier for a custom game server build to be deployed to a fleet with compute type EC2. You can use either the build ID or ARN. The build must be uploaded to Amazon GameLift and in READY status. This fleet property can't be changed after the fleet is created.

    " + "documentation":"

    The unique identifier for a custom game server build to be deployed to a fleet with compute type EC2. You can use either the build ID or ARN. The build must be uploaded to Amazon GameLift Servers and in READY status. This fleet property can't be changed after the fleet is created.

    " }, "ScriptId":{ "shape":"ScriptIdOrArn", - "documentation":"

    The unique identifier for a Realtime configuration script to be deployed to a fleet with compute type EC2. You can use either the script ID or ARN. Scripts must be uploaded to Amazon GameLift prior to creating the fleet. This fleet property can't be changed after the fleet is created.

    " + "documentation":"

    The unique identifier for a Realtime configuration script to be deployed to a fleet with compute type EC2. You can use either the script ID or ARN. Scripts must be uploaded to Amazon GameLift Servers prior to creating the fleet. This fleet property can't be changed after the fleet is created.

    " }, "ServerLaunchPath":{ "shape":"LaunchPathStringModel", @@ -3184,15 +3184,15 @@ }, "LogPaths":{ "shape":"StringList", - "documentation":"

    This parameter is no longer used. To specify where Amazon GameLift should store log files once a server process shuts down, use the Amazon GameLift server API ProcessReady() and specify one or more directory paths in logParameters. For more information, see Initialize the server process in the Amazon GameLift Developer Guide.

    " + "documentation":"

    This parameter is no longer used. To specify where Amazon GameLift Servers should store log files once a server process shuts down, use the Amazon GameLift Servers server API ProcessReady() and specify one or more directory paths in logParameters. For more information, see Initialize the server process in the Amazon GameLift Servers Developer Guide.

    " }, "EC2InstanceType":{ "shape":"EC2InstanceType", - "documentation":"

    The Amazon GameLift-supported Amazon EC2 instance type to use with managed EC2 fleets. Instance type determines the computing resources that will be used to host your game servers, including CPU, memory, storage, and networking capacity. See Amazon Elastic Compute Cloud Instance Types for detailed descriptions of Amazon EC2 instance types.

    " + "documentation":"

    The Amazon GameLift Servers-supported Amazon EC2 instance type to use with managed EC2 fleets. Instance type determines the computing resources that will be used to host your game servers, including CPU, memory, storage, and networking capacity. See Amazon Elastic Compute Cloud Instance Types for detailed descriptions of Amazon EC2 instance types.

    " }, "EC2InboundPermissions":{ "shape":"IpPermissionsList", - "documentation":"

    The IP address ranges and port settings that allow inbound traffic to access game server processes and other processes on this fleet. Set this parameter for managed EC2 fleets. You can leave this parameter empty when creating the fleet, but you must call https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetPortSettings to set it before players can connect to game sessions. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished. For Realtime Servers fleets, Amazon GameLift automatically sets TCP and UDP ranges.

    " + "documentation":"

    The IP address ranges and port settings that allow inbound traffic to access game server processes and other processes on this fleet. Set this parameter for managed EC2 fleets. You can leave this parameter empty when creating the fleet, but you must call https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetPortSettings to set it before players can connect to game sessions. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished. For Amazon GameLift Servers Realtime fleets, Amazon GameLift Servers automatically sets TCP and UDP ranges.

    " }, "NewGameSessionProtectionPolicy":{ "shape":"ProtectionPolicy", @@ -3200,7 +3200,7 @@ }, "RuntimeConfiguration":{ "shape":"RuntimeConfiguration", - "documentation":"

    Instructions for how to launch and run server processes on the fleet. Set runtime configuration for managed EC2 fleets. For an Anywhere fleets, set this parameter only if the fleet is running the Amazon GameLift Agent. The runtime configuration defines one or more server process configurations. Each server process identifies a game executable or Realtime script file and the number of processes to run concurrently.

    This parameter replaces the parameters ServerLaunchPath and ServerLaunchParameters, which are still supported for backward compatibility.

    " + "documentation":"

    Instructions for how to launch and run server processes on the fleet. Set runtime configuration for managed EC2 fleets. For an Anywhere fleets, set this parameter only if the fleet is running the Amazon GameLift Servers Agent. The runtime configuration defines one or more server process configurations. Each server process identifies a game executable or Realtime script file and the number of processes to run concurrently.

    This parameter replaces the parameters ServerLaunchPath and ServerLaunchParameters, which are still supported for backward compatibility.

    " }, "ResourceCreationLimitPolicy":{ "shape":"ResourceCreationLimitPolicy", @@ -3212,11 +3212,11 @@ }, "PeerVpcAwsAccountId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    Used when peering your Amazon GameLift fleet with a VPC, the unique identifier for the Amazon Web Services account that owns the VPC. You can find your account ID in the Amazon Web Services Management Console under account settings.

    " + "documentation":"

    Used when peering your Amazon GameLift Servers fleet with a VPC, the unique identifier for the Amazon Web Services account that owns the VPC. You can find your account ID in the Amazon Web Services Management Console under account settings.

    " }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " }, "FleetType":{ "shape":"FleetType", @@ -3228,11 +3228,11 @@ }, "CertificateConfiguration":{ "shape":"CertificateConfiguration", - "documentation":"

    Prompts Amazon GameLift to generate a TLS/SSL certificate for the fleet. Amazon GameLift uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift. By default, the CertificateConfiguration is DISABLED. You can't change this property after you create the fleet.

    Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.

    ACM isn't available in all Amazon Web Services regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see Supported Regions in the Certificate Manager User Guide.

    " + "documentation":"

    Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the CertificateConfiguration is DISABLED. You can't change this property after you create the fleet.

    Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.

    ACM isn't available in all Amazon Web Services regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see Supported Regions in the Certificate Manager User Guide.

    " }, "Locations":{ "shape":"LocationConfigurationList", - "documentation":"

    A set of remote locations to deploy additional instances to and manage as a multi-location fleet. Use this parameter when creating a fleet in Amazon Web Services Regions that support multiple locations. You can add any Amazon Web Services Region or Local Zone that's supported by Amazon GameLift. Provide a list of one or more Amazon Web Services Region codes, such as us-west-2, or Local Zone names. When using this parameter, Amazon GameLift requires you to include your home location in the request. For a list of supported Regions and Local Zones, see Amazon GameLift service locations for managed hosting.

    " + "documentation":"

    A set of remote locations to deploy additional instances to and manage as a multi-location fleet. Use this parameter when creating a fleet in Amazon Web Services Regions that support multiple locations. You can add any Amazon Web Services Region or Local Zone that's supported by Amazon GameLift Servers. Provide a list of one or more Amazon Web Services Region codes, such as us-west-2, or Local Zone names. When using this parameter, Amazon GameLift Servers requires you to include your home location in the request. For a list of supported Regions and Local Zones, see Amazon GameLift Servers service locations for managed hosting.

    " }, "Tags":{ "shape":"TagList", @@ -3244,11 +3244,11 @@ }, "AnywhereConfiguration":{ "shape":"AnywhereConfiguration", - "documentation":"

    Amazon GameLift Anywhere configuration options.

    " + "documentation":"

    Amazon GameLift Servers Anywhere configuration options.

    " }, "InstanceRoleCredentialsProvider":{ "shape":"InstanceRoleCredentialsProvider", - "documentation":"

    Prompts Amazon GameLift to generate a shared credentials file for the IAM role that's defined in InstanceRoleArn. The shared credentials file is stored on each fleet instance and refreshed as needed. Use shared credentials for applications that are deployed along with the game server executable, if the game server is integrated with server SDK version 5.x. For more information about using shared credentials, see Communicate with other Amazon Web Services resources from your fleets.

    " + "documentation":"

    Prompts Amazon GameLift Servers to generate a shared credentials file for the IAM role that's defined in InstanceRoleArn. The shared credentials file is stored on each fleet instance and refreshed as needed. Use shared credentials for applications that are deployed along with the game server executable, if the game server is integrated with server SDK version 5.x. For more information about using shared credentials, see Communicate with other Amazon Web Services resources from your fleets.

    " } } }, @@ -3265,7 +3265,7 @@ }, "Locations":{ "shape":"LocationConfigurationList", - "documentation":"

    A list of locations to deploy additional instances to and manage as part of the fleet. You can add any Amazon GameLift-supported Amazon Web Services Region as a remote location, in the form of an Amazon Web Services Region code such as us-west-2.

    " + "documentation":"

    A list of locations to deploy additional instances to and manage as part of the fleet. You can add any Amazon GameLift Servers-supported Amazon Web Services Region as a remote location, in the form of an Amazon Web Services Region code such as us-west-2.

    " } } }, @@ -3278,11 +3278,11 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "LocationStates":{ "shape":"LocationStateList", - "documentation":"

    The remote locations that are being added to the fleet, and the life-cycle status of each location. For new locations, the status is set to NEW. During location creation, Amazon GameLift updates each location's status as instances are deployed there and prepared for game hosting. This list does not include the fleet home Region or any remote locations that were already added to the fleet.

    " + "documentation":"

    The remote locations that are being added to the fleet, and the life-cycle status of each location. For new locations, the status is set to NEW. During location creation, Amazon GameLift Servers updates each location's status as instances are deployed there and prepared for game hosting. This list does not include the fleet home Region or any remote locations that were already added to the fleet.

    " } } }, @@ -3295,7 +3295,7 @@ }, "LocationStates":{ "shape":"LocationStateList", - "documentation":"

    The fleet's locations and life-cycle status of each location. For new fleets, the status of all locations is set to NEW. During fleet creation, Amazon GameLift updates each location status as instances are deployed there and prepared for game hosting. This list includes an entry for the fleet's home Region. For fleets with no remote locations, only one entry, representing the home Region, is returned.

    " + "documentation":"

    The fleet's locations and life-cycle status of each location. For new fleets, the status of all locations is set to NEW. During fleet creation, Amazon GameLift Servers updates each location status as instances are deployed there and prepared for game hosting. This list includes an entry for the fleet's home Region. For fleets with no remote locations, only one entry, representing the home Region, is returned.

    " } } }, @@ -3312,27 +3312,27 @@ "members":{ "GameServerGroupName":{ "shape":"GameServerGroupName", - "documentation":"

    An identifier for the new game server group. This value is used to generate unique ARN identifiers for the Amazon EC2 Auto Scaling group and the Amazon GameLift FleetIQ game server group. The name must be unique per Region per Amazon Web Services account.

    " + "documentation":"

    An identifier for the new game server group. This value is used to generate unique ARN identifiers for the Amazon EC2 Auto Scaling group and the Amazon GameLift Servers FleetIQ game server group. The name must be unique per Region per Amazon Web Services account.

    " }, "RoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access your Amazon EC2 Auto Scaling groups.

    " + "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift Servers to access your Amazon EC2 Auto Scaling groups.

    " }, "MinSize":{ "shape":"WholeNumber", - "documentation":"

    The minimum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, Amazon GameLift FleetIQ and Amazon EC2 do not scale down the group below this minimum. In production, this value should be set to at least 1. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    " + "documentation":"

    The minimum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, Amazon GameLift Servers FleetIQ and Amazon EC2 do not scale down the group below this minimum. In production, this value should be set to at least 1. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    " }, "MaxSize":{ "shape":"PositiveInteger", - "documentation":"

    The maximum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, Amazon GameLift FleetIQ and EC2 do not scale up the group above this maximum. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    " + "documentation":"

    The maximum number of instances allowed in the Amazon EC2 Auto Scaling group. During automatic scaling events, Amazon GameLift Servers FleetIQ and EC2 do not scale up the group above this maximum. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    " }, "LaunchTemplate":{ "shape":"LaunchTemplateSpecification", - "documentation":"

    The Amazon EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. You can specify the template using either the template name or ID. For help with creating a launch template, see Creating a Launch Template for an Auto Scaling Group in the Amazon Elastic Compute Cloud Auto Scaling User Guide. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    If you specify network interfaces in your launch template, you must explicitly set the property AssociatePublicIpAddress to \"true\". If no network interface is specified in the launch template, Amazon GameLift FleetIQ uses your account's default VPC.

    " + "documentation":"

    The Amazon EC2 launch template that contains configuration settings and game server code to be deployed to all instances in the game server group. You can specify the template using either the template name or ID. For help with creating a launch template, see Creating a Launch Template for an Auto Scaling Group in the Amazon Elastic Compute Cloud Auto Scaling User Guide. After the Auto Scaling group is created, update this value directly in the Auto Scaling group using the Amazon Web Services console or APIs.

    If you specify network interfaces in your launch template, you must explicitly set the property AssociatePublicIpAddress to \"true\". If no network interface is specified in the launch template, Amazon GameLift Servers FleetIQ uses your account's default VPC.

    " }, "InstanceDefinitions":{ "shape":"InstanceDefinitions", - "documentation":"

    The Amazon EC2 instance types and sizes to use in the Auto Scaling group. The instance definitions must specify at least two different instance types that are supported by Amazon GameLift FleetIQ. For more information on instance types, see EC2 Instance Types in the Amazon Elastic Compute Cloud User Guide. You can optionally specify capacity weighting for each instance type. If no weight value is specified for an instance type, it is set to the default value \"1\". For more information about capacity weighting, see Instance Weighting for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

    " + "documentation":"

    The Amazon EC2 instance types and sizes to use in the Auto Scaling group. The instance definitions must specify at least two different instance types that are supported by Amazon GameLift Servers FleetIQ. For more information on instance types, see EC2 Instance Types in the Amazon Elastic Compute Cloud User Guide. You can optionally specify capacity weighting for each instance type. If no weight value is specified for an instance type, it is set to the default value \"1\". For more information about capacity weighting, see Instance Weighting for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

    " }, "AutoScalingPolicy":{ "shape":"GameServerGroupAutoScalingPolicy", @@ -3340,7 +3340,7 @@ }, "BalancingStrategy":{ "shape":"BalancingStrategy", - "documentation":"

    Indicates how Amazon GameLift FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " + "documentation":"

    Indicates how Amazon GameLift Servers FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " }, "GameServerProtectionPolicy":{ "shape":"GameServerProtectionPolicy", @@ -3348,7 +3348,7 @@ }, "VpcSubnets":{ "shape":"VpcSubnets", - "documentation":"

    A list of virtual private cloud (VPC) subnets to use with instances in the game server group. By default, all Amazon GameLift FleetIQ-supported Availability Zones are used. You can use this parameter to specify VPCs that you've set up. This property cannot be updated after the game server group is created, and the corresponding Auto Scaling group will always use the property value that is set with this request, even if the Auto Scaling group is updated directly.

    " + "documentation":"

    A list of virtual private cloud (VPC) subnets to use with instances in the game server group. By default, all Amazon GameLift Servers FleetIQ-supported Availability Zones are used. You can use this parameter to specify VPCs that you've set up. This property cannot be updated after the game server group is created, and the corresponding Auto Scaling group will always use the property value that is set with this request, even if the Auto Scaling group is updated directly.

    " }, "Tags":{ "shape":"TagList", @@ -3361,7 +3361,7 @@ "members":{ "GameServerGroup":{ "shape":"GameServerGroup", - "documentation":"

    The newly created game server group object, including the new ARN value for the Amazon GameLift FleetIQ game server group and the object's status. The Amazon EC2 Auto Scaling group ARN is initially null, since the group has not yet been created. This value is added once the game server group status reaches ACTIVE.

    " + "documentation":"

    The newly created game server group object, including the new ARN value for the Amazon GameLift Servers FleetIQ game server group and the object's status. The Amazon EC2 Auto Scaling group ARN is initially null, since the group has not yet been created. This value is added once the game server group status reaches ACTIVE.

    " } } }, @@ -3391,7 +3391,7 @@ }, "CreatorId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a player or entity creating the game session.

    If you add a resource creation limit policy to a fleet, the CreateGameSession operation requires a CreatorId. Amazon GameLift limits the number of game session creation requests with the same CreatorId in a specified time period.

    If you your fleet doesn't have a resource creation limit policy and you provide a CreatorId in your CreateGameSession requests, Amazon GameLift limits requests to one request per CreatorId per second.

    To not limit CreateGameSession requests with the same CreatorId, don't provide a CreatorId in your CreateGameSession request.

    " + "documentation":"

    A unique identifier for a player or entity creating the game session.

    If you add a resource creation limit policy to a fleet, the CreateGameSession operation requires a CreatorId. Amazon GameLift Servers limits the number of game session creation requests with the same CreatorId in a specified time period.

    If you your fleet doesn't have a resource creation limit policy and you provide a CreatorId in your CreateGameSession requests, Amazon GameLift Servers limits requests to one request per CreatorId per second.

    To not limit CreateGameSession requests with the same CreatorId, don't provide a CreatorId in your CreateGameSession request.

    " }, "GameSessionId":{ "shape":"IdStringModel", @@ -3399,7 +3399,7 @@ }, "IdempotencyToken":{ "shape":"IdStringModel", - "documentation":"

    Custom string that uniquely identifies the new game session request. This is useful for ensuring that game session requests with the same idempotency token are processed only once. Subsequent requests with the same string return the original GameSession object, with an updated status. Maximum token length is 48 characters. If provided, this string is included in the new game session's ID. A game session ARN has the following format: arn:aws:gamelift:<region>::gamesession/<fleet ID>/<custom ID string or idempotency token>. Idempotency tokens remain in use for 30 days after a game session has ended; game session objects are retained for this time period and then deleted.

    " + "documentation":"

    Custom string that uniquely identifies the new game session request. This is useful for ensuring that game session requests with the same idempotency token are processed only once. Subsequent requests with the same string return the original GameSession object, with an updated status. Maximum token length is 48 characters. If provided, this string is included in the new game session's ID. A game session ARN has the following format: arn:aws:gamelift:<location>::gamesession/<fleet ID>/<custom ID string or idempotency token>. Idempotency tokens remain in use for 30 days after a game session has ended; game session objects are retained for this time period and then deleted.

    " }, "GameSessionData":{ "shape":"LargeGameSessionData", @@ -3430,11 +3430,11 @@ }, "TimeoutInSeconds":{ "shape":"WholeNumber", - "documentation":"

    The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a TIMED_OUT status.

    " + "documentation":"

    The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a TIMED_OUT status. If you don't specify a request timeout, the queue uses a default value.

    " }, "PlayerLatencyPolicies":{ "shape":"PlayerLatencyPolicyList", - "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.

    " + "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift Servers can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.

    " }, "Destinations":{ "shape":"GameSessionQueueDestinationList", @@ -3513,7 +3513,7 @@ }, "GameSessionQueueArns":{ "shape":"QueueArnsList", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift-hosted game sessions for matches that are created with this matchmaking configuration. If FlexMatchMode is set to STANDALONE, do not set this parameter.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift Servers-hosted game sessions for matches that are created with this matchmaking configuration. If FlexMatchMode is set to STANDALONE, do not set this parameter.

    " }, "RequestTimeoutSeconds":{ "shape":"MatchmakingRequestTimeoutInteger", @@ -3553,11 +3553,11 @@ }, "BackfillMode":{ "shape":"BackfillMode", - "documentation":"

    The method used to backfill game sessions that are created with this matchmaking configuration. Specify MANUAL when your game manages backfill requests manually or does not use the match backfill feature. Specify AUTOMATIC to have Amazon GameLift create a backfill request whenever a game session has one or more open slots. Learn more about manual and automatic backfill in Backfill Existing Games with FlexMatch. Automatic backfill is not available when FlexMatchMode is set to STANDALONE.

    " + "documentation":"

    The method used to backfill game sessions that are created with this matchmaking configuration. Specify MANUAL when your game manages backfill requests manually or does not use the match backfill feature. Specify AUTOMATIC to have Amazon GameLift Servers create a backfill request whenever a game session has one or more open slots. Learn more about manual and automatic backfill in Backfill Existing Games with FlexMatch. Automatic backfill is not available when FlexMatchMode is set to STANDALONE.

    " }, "FlexMatchMode":{ "shape":"FlexMatchMode", - "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift queue to start a game session for the match.

    " + "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift Servers hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift Servers queue to start a game session for the match.

    " }, "Tags":{ "shape":"TagList", @@ -3622,7 +3622,7 @@ }, "PlayerData":{ "shape":"PlayerData", - "documentation":"

    Developer-defined information related to a player. Amazon GameLift does not use this data, so it can be formatted as needed for use in the game.

    " + "documentation":"

    Developer-defined information related to a player. Amazon GameLift Servers does not use this data, so it can be formatted as needed for use in the game.

    " } } }, @@ -3652,7 +3652,7 @@ }, "PlayerDataMap":{ "shape":"PlayerDataMap", - "documentation":"

    Map of string pairs, each specifying a player ID and a set of developer-defined information related to the player. Amazon GameLift does not use this data, so it can be formatted as needed for use in the game. Any player data strings for player IDs that are not included in the PlayerIds parameter are ignored.

    " + "documentation":"

    Map of string pairs, each specifying a player ID and a set of developer-defined information related to the player. Amazon GameLift Servers does not use this data, so it can be formatted as needed for use in the game. Any player data strings for player IDs that are not included in the PlayerIds parameter are ignored.

    " } } }, @@ -3678,7 +3678,7 @@ }, "StorageLocation":{ "shape":"S3Location", - "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " + "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift Servers to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift Servers uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " }, "ZipFile":{ "shape":"ZipBlob", @@ -3695,7 +3695,7 @@ "members":{ "Script":{ "shape":"Script", - "documentation":"

    The newly created script record with a unique script ID and ARN. The new script's storage location reflects an Amazon S3 location: (1) If the script was uploaded from an S3 bucket under your account, the storage location reflects the information that was provided in the CreateScript request; (2) If the script file was uploaded from a local zip file, the storage location reflects an S3 location controls by the Amazon GameLift service.

    " + "documentation":"

    The newly created script record with a unique script ID and ARN. The new script's storage location reflects an Amazon S3 location: (1) If the script was uploaded from an S3 bucket under your account, the storage location reflects the information that was provided in the CreateScript request; (2) If the script file was uploaded from a local zip file, the storage location reflects an S3 location controls by the Amazon GameLift Servers service.

    " } } }, @@ -3708,11 +3708,11 @@ "members":{ "GameLiftAwsAccountId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " + "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift Servers fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " } } }, @@ -3735,22 +3735,21 @@ "members":{ "FleetId":{ "shape":"FleetId", - "documentation":"

    A unique identifier for the fleet. You can use either the fleet ID or ARN value. This tells Amazon GameLift which GameLift VPC to peer with.

    " + "documentation":"

    A unique identifier for the fleet. You can use either the fleet ID or ARN value. This tells Amazon GameLift Servers which GameLift VPC to peer with.

    " }, "PeerVpcAwsAccountId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the Amazon Web Services account with the VPC that you want to peer your Amazon GameLift fleet with. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " + "documentation":"

    A unique identifier for the Amazon Web Services account with the VPC that you want to peer your Amazon GameLift Servers fleet with. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " } } }, "CreateVpcPeeringConnectionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomEventData":{ "type":"string", @@ -3801,8 +3800,7 @@ }, "DeleteContainerFleetOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContainerGroupDefinitionInput":{ "type":"structure", @@ -3824,8 +3822,7 @@ }, "DeleteContainerGroupDefinitionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFleetInput":{ "type":"structure", @@ -3863,7 +3860,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "LocationStates":{ "shape":"LocationStateList", @@ -3906,8 +3903,7 @@ }, "DeleteGameSessionQueueOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLocationInput":{ "type":"structure", @@ -3921,8 +3917,7 @@ }, "DeleteLocationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMatchmakingConfigurationInput":{ "type":"structure", @@ -3936,8 +3931,7 @@ }, "DeleteMatchmakingConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMatchmakingRuleSetInput":{ "type":"structure", @@ -3951,8 +3945,7 @@ }, "DeleteMatchmakingRuleSetOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScalingPolicyInput":{ "type":"structure", @@ -3990,18 +3983,17 @@ "members":{ "GameLiftAwsAccountId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " + "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift Servers fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " } } }, "DeleteVpcPeeringAuthorizationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVpcPeeringConnectionInput":{ "type":"structure", @@ -4022,8 +4014,7 @@ }, "DeleteVpcPeeringConnectionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeploymentConfiguration":{ "type":"structure", @@ -4104,8 +4095,7 @@ }, "DeregisterComputeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterGameServerInput":{ "type":"structure", @@ -4175,7 +4165,7 @@ }, "ComputeName":{ "shape":"ComputeNameOrArn", - "documentation":"

    The unique identifier of the compute resource to retrieve properties for. For an Anywhere fleet compute, use the registered compute name. For an EC2 fleet instance, use the instance ID.

    " + "documentation":"

    The unique identifier of the compute resource to retrieve properties for. For a managed container fleet or Anywhere fleet, use a compute name. For an EC2 fleet, use an instance ID. To retrieve a fleet's compute identifiers, call ListCompute.

    " } } }, @@ -4235,7 +4225,7 @@ "members":{ "EC2InstanceType":{ "shape":"EC2InstanceType", - "documentation":"

    Name of an Amazon EC2 instance type that is supported in Amazon GameLift. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Do not specify a value for this parameter to retrieve limits for all instance types.

    " + "documentation":"

    Name of an Amazon EC2 instance type that is supported in Amazon GameLift Servers. A fleet instance type determines the computing resources of each instance in the fleet, including CPU, memory, storage, and networking capacity. Do not specify a value for this parameter to retrieve limits for all instance types.

    " }, "Location":{ "shape":"LocationStringModel", @@ -4409,7 +4399,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "LocationAttributes":{ "shape":"LocationAttributesList", @@ -4496,7 +4486,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "InboundPermissions":{ "shape":"IpPermissionsList", @@ -5007,8 +4997,7 @@ }, "DescribeVpcPeeringAuthorizationsInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeVpcPeeringAuthorizationsOutput":{ "type":"structure", @@ -5046,7 +5035,7 @@ }, "PlayerData":{ "shape":"PlayerData", - "documentation":"

    Developer-defined information related to a player. Amazon GameLift does not use this data, so it can be formatted as needed for use in the game.

    " + "documentation":"

    Developer-defined information related to a player. Amazon GameLift Servers does not use this data, so it can be formatted as needed for use in the game.

    " } }, "documentation":"

    Player information for use when creating player sessions using a game session placement request.

    " @@ -5069,7 +5058,7 @@ "members":{ "DESIRED":{ "shape":"WholeNumber", - "documentation":"

    Requested number of active instances. Amazon GameLift takes action as needed to maintain the desired number of instances. Capacity is scaled up or down by changing the desired instances. A change in the desired instances value can take up to 1 minute to be reflected when viewing a fleet's capacity settings.

    " + "documentation":"

    Requested number of active instances. Amazon GameLift Servers takes action as needed to maintain the desired number of instances. Capacity is scaled up or down by changing the desired instances. A change in the desired instances value can take up to 1 minute to be reflected when viewing a fleet's capacity settings.

    " }, "MINIMUM":{ "shape":"WholeNumber", @@ -5118,7 +5107,7 @@ "documentation":"

    An Amazon Web Services Region code, such as us-west-2.

    " } }, - "documentation":"

    The Amazon GameLift service limits for an Amazon EC2 instance type and current utilization. Amazon GameLift allows Amazon Web Services accounts a maximum number of instances, per instance type, per Amazon Web Services Region or location, for use with Amazon GameLift. You can request an limit increase for your account by using the Service limits page in the Amazon GameLift console.

    " + "documentation":"

    The Amazon GameLift Servers service limits for an Amazon EC2 instance type and current utilization. Amazon GameLift Servers allows Amazon Web Services accounts a maximum number of instances, per instance type, per Amazon Web Services Region or location, for use with Amazon GameLift Servers. You can request an limit increase for your account by using the Service limits page in the Amazon GameLift Servers console.

    " }, "EC2InstanceLimitList":{ "type":"list", @@ -5301,7 +5290,337 @@ "g5g.2xlarge", "g5g.4xlarge", "g5g.8xlarge", - "g5g.16xlarge" + "g5g.16xlarge", + "r6i.large", + "r6i.xlarge", + "r6i.2xlarge", + "r6i.4xlarge", + "r6i.8xlarge", + "r6i.12xlarge", + "r6i.16xlarge", + "c6gd.medium", + "c6gd.large", + "c6gd.xlarge", + "c6gd.2xlarge", + "c6gd.4xlarge", + "c6gd.8xlarge", + "c6gd.12xlarge", + "c6gd.16xlarge", + "c6in.large", + "c6in.xlarge", + "c6in.2xlarge", + "c6in.4xlarge", + "c6in.8xlarge", + "c6in.12xlarge", + "c6in.16xlarge", + "c7a.medium", + "c7a.large", + "c7a.xlarge", + "c7a.2xlarge", + "c7a.4xlarge", + "c7a.8xlarge", + "c7a.12xlarge", + "c7a.16xlarge", + "c7gd.medium", + "c7gd.large", + "c7gd.xlarge", + "c7gd.2xlarge", + "c7gd.4xlarge", + "c7gd.8xlarge", + "c7gd.12xlarge", + "c7gd.16xlarge", + "c7gn.medium", + "c7gn.large", + "c7gn.xlarge", + "c7gn.2xlarge", + "c7gn.4xlarge", + "c7gn.8xlarge", + "c7gn.12xlarge", + "c7gn.16xlarge", + "c7i.large", + "c7i.xlarge", + "c7i.2xlarge", + "c7i.4xlarge", + "c7i.8xlarge", + "c7i.12xlarge", + "c7i.16xlarge", + "m6a.large", + "m6a.xlarge", + "m6a.2xlarge", + "m6a.4xlarge", + "m6a.8xlarge", + "m6a.12xlarge", + "m6a.16xlarge", + "m6gd.medium", + "m6gd.large", + "m6gd.xlarge", + "m6gd.2xlarge", + "m6gd.4xlarge", + "m6gd.8xlarge", + "m6gd.12xlarge", + "m6gd.16xlarge", + "m6i.large", + "m6i.xlarge", + "m6i.2xlarge", + "m6i.4xlarge", + "m6i.8xlarge", + "m6i.12xlarge", + "m6i.16xlarge", + "m7a.medium", + "m7a.large", + "m7a.xlarge", + "m7a.2xlarge", + "m7a.4xlarge", + "m7a.8xlarge", + "m7a.12xlarge", + "m7a.16xlarge", + "m7gd.medium", + "m7gd.large", + "m7gd.xlarge", + "m7gd.2xlarge", + "m7gd.4xlarge", + "m7gd.8xlarge", + "m7gd.12xlarge", + "m7gd.16xlarge", + "m7i.large", + "m7i.xlarge", + "m7i.2xlarge", + "m7i.4xlarge", + "m7i.8xlarge", + "m7i.12xlarge", + "m7i.16xlarge", + "r6gd.medium", + "r6gd.large", + "r6gd.xlarge", + "r6gd.2xlarge", + "r6gd.4xlarge", + "r6gd.8xlarge", + "r6gd.12xlarge", + "r6gd.16xlarge", + "r7a.medium", + "r7a.large", + "r7a.xlarge", + "r7a.2xlarge", + "r7a.4xlarge", + "r7a.8xlarge", + "r7a.12xlarge", + "r7a.16xlarge", + "r7gd.medium", + "r7gd.large", + "r7gd.xlarge", + "r7gd.2xlarge", + "r7gd.4xlarge", + "r7gd.8xlarge", + "r7gd.12xlarge", + "r7gd.16xlarge", + "r7i.large", + "r7i.xlarge", + "r7i.2xlarge", + "r7i.4xlarge", + "r7i.8xlarge", + "r7i.12xlarge", + "r7i.16xlarge", + "r7i.24xlarge", + "r7i.48xlarge", + "c5ad.large", + "c5ad.xlarge", + "c5ad.2xlarge", + "c5ad.4xlarge", + "c5ad.8xlarge", + "c5ad.12xlarge", + "c5ad.16xlarge", + "c5ad.24xlarge", + "c5n.large", + "c5n.xlarge", + "c5n.2xlarge", + "c5n.4xlarge", + "c5n.9xlarge", + "c5n.18xlarge", + "r5ad.large", + "r5ad.xlarge", + "r5ad.2xlarge", + "r5ad.4xlarge", + "r5ad.8xlarge", + "r5ad.12xlarge", + "r5ad.16xlarge", + "r5ad.24xlarge", + "c6id.large", + "c6id.xlarge", + "c6id.2xlarge", + "c6id.4xlarge", + "c6id.8xlarge", + "c6id.12xlarge", + "c6id.16xlarge", + "c6id.24xlarge", + "c6id.32xlarge", + "c8g.medium", + "c8g.large", + "c8g.xlarge", + "c8g.2xlarge", + "c8g.4xlarge", + "c8g.8xlarge", + "c8g.12xlarge", + "c8g.16xlarge", + "c8g.24xlarge", + "c8g.48xlarge", + "m5ad.large", + "m5ad.xlarge", + "m5ad.2xlarge", + "m5ad.4xlarge", + "m5ad.8xlarge", + "m5ad.12xlarge", + "m5ad.16xlarge", + "m5ad.24xlarge", + "m5d.large", + "m5d.xlarge", + "m5d.2xlarge", + "m5d.4xlarge", + "m5d.8xlarge", + "m5d.12xlarge", + "m5d.16xlarge", + "m5d.24xlarge", + "m5dn.large", + "m5dn.xlarge", + "m5dn.2xlarge", + "m5dn.4xlarge", + "m5dn.8xlarge", + "m5dn.12xlarge", + "m5dn.16xlarge", + "m5dn.24xlarge", + "m5n.large", + "m5n.xlarge", + "m5n.2xlarge", + "m5n.4xlarge", + "m5n.8xlarge", + "m5n.12xlarge", + "m5n.16xlarge", + "m5n.24xlarge", + "m6id.large", + "m6id.xlarge", + "m6id.2xlarge", + "m6id.4xlarge", + "m6id.8xlarge", + "m6id.12xlarge", + "m6id.16xlarge", + "m6id.24xlarge", + "m6id.32xlarge", + "m6idn.large", + "m6idn.xlarge", + "m6idn.2xlarge", + "m6idn.4xlarge", + "m6idn.8xlarge", + "m6idn.12xlarge", + "m6idn.16xlarge", + "m6idn.24xlarge", + "m6idn.32xlarge", + "m6in.large", + "m6in.xlarge", + "m6in.2xlarge", + "m6in.4xlarge", + "m6in.8xlarge", + "m6in.12xlarge", + "m6in.16xlarge", + "m6in.24xlarge", + "m6in.32xlarge", + "m8g.medium", + "m8g.large", + "m8g.xlarge", + "m8g.2xlarge", + "m8g.4xlarge", + "m8g.8xlarge", + "m8g.12xlarge", + "m8g.16xlarge", + "m8g.24xlarge", + "m8g.48xlarge", + "r5dn.large", + "r5dn.xlarge", + "r5dn.2xlarge", + "r5dn.4xlarge", + "r5dn.8xlarge", + "r5dn.12xlarge", + "r5dn.16xlarge", + "r5dn.24xlarge", + "r5n.large", + "r5n.xlarge", + "r5n.2xlarge", + "r5n.4xlarge", + "r5n.8xlarge", + "r5n.12xlarge", + "r5n.16xlarge", + "r5n.24xlarge", + "r6a.large", + "r6a.xlarge", + "r6a.2xlarge", + "r6a.4xlarge", + "r6a.8xlarge", + "r6a.12xlarge", + "r6a.16xlarge", + "r6a.24xlarge", + "r6a.32xlarge", + "r6a.48xlarge", + "r6id.large", + "r6id.xlarge", + "r6id.2xlarge", + "r6id.4xlarge", + "r6id.8xlarge", + "r6id.12xlarge", + "r6id.16xlarge", + "r6id.24xlarge", + "r6id.32xlarge", + "r6idn.large", + "r6idn.xlarge", + "r6idn.2xlarge", + "r6idn.4xlarge", + "r6idn.8xlarge", + "r6idn.12xlarge", + "r6idn.16xlarge", + "r6idn.24xlarge", + "r6idn.32xlarge", + "r6in.large", + "r6in.xlarge", + "r6in.2xlarge", + "r6in.4xlarge", + "r6in.8xlarge", + "r6in.12xlarge", + "r6in.16xlarge", + "r6in.24xlarge", + "r6in.32xlarge", + "r8g.medium", + "r8g.large", + "r8g.xlarge", + "r8g.2xlarge", + "r8g.4xlarge", + "r8g.8xlarge", + "r8g.12xlarge", + "r8g.16xlarge", + "r8g.24xlarge", + "r8g.48xlarge", + "m4.16xlarge", + "c6a.32xlarge", + "c6a.48xlarge", + "c6i.32xlarge", + "r6i.24xlarge", + "r6i.32xlarge", + "c6in.24xlarge", + "c6in.32xlarge", + "c7a.24xlarge", + "c7a.32xlarge", + "c7a.48xlarge", + "c7i.24xlarge", + "c7i.48xlarge", + "m6a.24xlarge", + "m6a.32xlarge", + "m6a.48xlarge", + "m6i.24xlarge", + "m6i.32xlarge", + "m7a.24xlarge", + "m7a.32xlarge", + "m7a.48xlarge", + "m7i.24xlarge", + "m7i.48xlarge", + "r7a.24xlarge", + "r7a.32xlarge", + "r7a.48xlarge" ] }, "Event":{ @@ -5317,7 +5636,7 @@ }, "EventCode":{ "shape":"EventCode", - "documentation":"

    The type of event being logged.

    Fleet state transition events:

    • FLEET_CREATED -- A fleet resource was successfully created with a status of NEW. Event messaging includes the fleet ID.

    • FLEET_STATE_DOWNLOADING -- Fleet status changed from NEW to DOWNLOADING. Amazon GameLift is downloading the compressed build and running install scripts.

    • FLEET_STATE_VALIDATING -- Fleet status changed from DOWNLOADING to VALIDATING. Amazon GameLift has successfully installed build and is now validating the build files.

    • FLEET_STATE_BUILDING -- Fleet status changed from VALIDATING to BUILDING. Amazon GameLift has successfully verified the build files and is now launching a fleet instance.

    • FLEET_STATE_ACTIVATING -- Fleet status changed from BUILDING to ACTIVATING. Amazon GameLift is launching a game server process on the fleet instance and is testing its connectivity with the Amazon GameLift service.

    • FLEET_STATE_ACTIVE -- The fleet's status changed from ACTIVATING to ACTIVE. The fleet is now ready to host game sessions.

    • FLEET_STATE_ERROR -- The Fleet's status changed to ERROR. Describe the fleet event message for more details.

    Fleet creation events (ordered by fleet creation activity):

    • FLEET_BINARY_DOWNLOAD_FAILED -- The build failed to download to the fleet instance.

    • FLEET_CREATION_EXTRACTING_BUILD -- The game server build was successfully downloaded to an instance, and Amazon GameLiftis now extracting the build files from the uploaded build. Failure at this stage prevents a fleet from moving to ACTIVE status. Logs for this stage display a list of the files that are extracted and saved on the instance. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_CREATION_RUNNING_INSTALLER -- The game server build files were successfully extracted, and Amazon GameLift is now running the build's install script (if one is included). Failure in this stage prevents a fleet from moving to ACTIVE status. Logs for this stage list the installation steps and whether or not the install completed successfully. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_CREATION_COMPLETED_INSTALLER -- The game server build files were successfully installed and validation of the installation will begin soon.

    • FLEET_CREATION_FAILED_INSTALLER -- The installed failed while attempting to install the build files. This event indicates that the failure occurred before Amazon GameLift could start validation.

    • FLEET_CREATION_VALIDATING_RUNTIME_CONFIG -- The build process was successful, and the GameLift is now verifying that the game server launch paths, which are specified in the fleet's runtime configuration, exist. If any listed launch path exists, Amazon GameLift tries to launch a game server process and waits for the process to report ready. Failures in this stage prevent a fleet from moving to ACTIVE status. Logs for this stage list the launch paths in the runtime configuration and indicate whether each is found. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_VALIDATION_LAUNCH_PATH_NOT_FOUND -- Validation of the runtime configuration failed because the executable specified in a launch path does not exist on the instance.

    • FLEET_VALIDATION_EXECUTABLE_RUNTIME_FAILURE -- Validation of the runtime configuration failed because the executable specified in a launch path failed to run on the fleet instance.

    • FLEET_VALIDATION_TIMED_OUT -- Validation of the fleet at the end of creation timed out. Try fleet creation again.

    • FLEET_ACTIVATION_FAILED -- The fleet failed to successfully complete one of the steps in the fleet activation process. This event code indicates that the game build was successfully downloaded to a fleet instance, built, and validated, but was not able to start a server process. For more information, see Debug Fleet Creation Issues.

    • FLEET_ACTIVATION_FAILED_NO_INSTANCES -- Fleet creation was not able to obtain any instances based on the input fleet attributes. Try again at a different time or choose a different combination of fleet attributes such as fleet type, instance type, etc.

    • FLEET_INITIALIZATION_FAILED -- A generic exception occurred during fleet creation. Describe the fleet event message for more details.

    VPC peering events:

    • FLEET_VPC_PEERING_SUCCEEDED -- A VPC peering connection has been established between the VPC for an Amazon GameLift fleet and a VPC in your Amazon Web Services account.

    • FLEET_VPC_PEERING_FAILED -- A requested VPC peering connection has failed. Event details and status information provide additional detail. A common reason for peering failure is that the two VPCs have overlapping CIDR blocks of IPv4 addresses. To resolve this, change the CIDR block for the VPC in your Amazon Web Services account. For more information on VPC peering failures, see https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html

    • FLEET_VPC_PEERING_DELETED -- A VPC peering connection has been successfully deleted.

    Spot instance events:

    • INSTANCE_INTERRUPTED -- A spot instance was interrupted by EC2 with a two-minute notification.

    • INSTANCE_RECYCLED -- A spot instance was determined to have a high risk of interruption and is scheduled to be recycled once it has no active game sessions.

    Server process events:

    • SERVER_PROCESS_INVALID_PATH -- The game server executable or script could not be found based on the Fleet runtime configuration. Check that the launch path is correct based on the operating system of the Fleet.

    • SERVER_PROCESS_SDK_INITIALIZATION_TIMEOUT -- The server process did not call InitSDK() within the time expected (5 minutes). Check your game session log to see why InitSDK() was not called in time.

    • SERVER_PROCESS_PROCESS_READY_TIMEOUT -- The server process did not call ProcessReady() within the time expected (5 minutes) after calling InitSDK(). Check your game session log to see why ProcessReady() was not called in time.

    • SERVER_PROCESS_CRASHED -- The server process exited without calling ProcessEnding(). Check your game session log to see why ProcessEnding() was not called.

    • SERVER_PROCESS_TERMINATED_UNHEALTHY -- The server process did not report a valid health check for too long and was therefore terminated by GameLift. Check your game session log to see if the thread became stuck processing a synchronous task for too long.

    • SERVER_PROCESS_FORCE_TERMINATED -- The server process did not exit cleanly within the time expected after OnProcessTerminate() was sent. Check your game session log to see why termination took longer than expected.

    • SERVER_PROCESS_PROCESS_EXIT_TIMEOUT -- The server process did not exit cleanly within the time expected (30 seconds) after calling ProcessEnding(). Check your game session log to see why termination took longer than expected.

    Game session events:

    • GAME_SESSION_ACTIVATION_TIMEOUT -- GameSession failed to activate within the expected time. Check your game session log to see why ActivateGameSession() took longer to complete than expected.

    Other fleet events:

    • FLEET_SCALING_EVENT -- A change was made to the fleet's capacity settings (desired instances, minimum/maximum scaling limits). Event messaging includes the new capacity settings.

    • FLEET_NEW_GAME_SESSION_PROTECTION_POLICY_UPDATED -- A change was made to the fleet's game session protection policy setting. Event messaging includes both the old and new policy setting.

    • FLEET_DELETED -- A request to delete a fleet was initiated.

    • GENERIC_EVENT -- An unspecified event has occurred.

    " + "documentation":"

    The type of event being logged.

    Fleet state transition events:

    • FLEET_CREATED -- A fleet resource was successfully created with a status of NEW. Event messaging includes the fleet ID.

    • FLEET_STATE_DOWNLOADING -- Fleet status changed from NEW to DOWNLOADING. Amazon GameLift Servers is downloading the compressed build and running install scripts.

    • FLEET_STATE_VALIDATING -- Fleet status changed from DOWNLOADING to VALIDATING. Amazon GameLift Servers has successfully installed build and is now validating the build files.

    • FLEET_STATE_BUILDING -- Fleet status changed from VALIDATING to BUILDING. Amazon GameLift Servers has successfully verified the build files and is now launching a fleet instance.

    • FLEET_STATE_ACTIVATING -- Fleet status changed from BUILDING to ACTIVATING. Amazon GameLift Servers is launching a game server process on the fleet instance and is testing its connectivity with the Amazon GameLift Servers service.

    • FLEET_STATE_ACTIVE -- The fleet's status changed from ACTIVATING to ACTIVE. The fleet is now ready to host game sessions.

    • FLEET_STATE_ERROR -- The Fleet's status changed to ERROR. Describe the fleet event message for more details.

    Fleet creation events (ordered by fleet creation activity):

    • FLEET_BINARY_DOWNLOAD_FAILED -- The build failed to download to the fleet instance.

    • FLEET_CREATION_EXTRACTING_BUILD -- The game server build was successfully downloaded to an instance, and Amazon GameLift Serversis now extracting the build files from the uploaded build. Failure at this stage prevents a fleet from moving to ACTIVE status. Logs for this stage display a list of the files that are extracted and saved on the instance. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_CREATION_RUNNING_INSTALLER -- The game server build files were successfully extracted, and Amazon GameLift Servers is now running the build's install script (if one is included). Failure in this stage prevents a fleet from moving to ACTIVE status. Logs for this stage list the installation steps and whether or not the install completed successfully. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_CREATION_COMPLETED_INSTALLER -- The game server build files were successfully installed and validation of the installation will begin soon.

    • FLEET_CREATION_FAILED_INSTALLER -- The installed failed while attempting to install the build files. This event indicates that the failure occurred before Amazon GameLift Servers could start validation.

    • FLEET_CREATION_VALIDATING_RUNTIME_CONFIG -- The build process was successful, and the GameLift is now verifying that the game server launch paths, which are specified in the fleet's runtime configuration, exist. If any listed launch path exists, Amazon GameLift Servers tries to launch a game server process and waits for the process to report ready. Failures in this stage prevent a fleet from moving to ACTIVE status. Logs for this stage list the launch paths in the runtime configuration and indicate whether each is found. Access the logs by using the URL in PreSignedLogUrl.

    • FLEET_VALIDATION_LAUNCH_PATH_NOT_FOUND -- Validation of the runtime configuration failed because the executable specified in a launch path does not exist on the instance.

    • FLEET_VALIDATION_EXECUTABLE_RUNTIME_FAILURE -- Validation of the runtime configuration failed because the executable specified in a launch path failed to run on the fleet instance.

    • FLEET_VALIDATION_TIMED_OUT -- Validation of the fleet at the end of creation timed out. Try fleet creation again.

    • FLEET_ACTIVATION_FAILED -- The fleet failed to successfully complete one of the steps in the fleet activation process. This event code indicates that the game build was successfully downloaded to a fleet instance, built, and validated, but was not able to start a server process. For more information, see Debug Fleet Creation Issues.

    • FLEET_ACTIVATION_FAILED_NO_INSTANCES -- Fleet creation was not able to obtain any instances based on the input fleet attributes. Try again at a different time or choose a different combination of fleet attributes such as fleet type, instance type, etc.

    • FLEET_INITIALIZATION_FAILED -- A generic exception occurred during fleet creation. Describe the fleet event message for more details.

    VPC peering events:

    • FLEET_VPC_PEERING_SUCCEEDED -- A VPC peering connection has been established between the VPC for an Amazon GameLift Servers fleet and a VPC in your Amazon Web Services account.

    • FLEET_VPC_PEERING_FAILED -- A requested VPC peering connection has failed. Event details and status information provide additional detail. A common reason for peering failure is that the two VPCs have overlapping CIDR blocks of IPv4 addresses. To resolve this, change the CIDR block for the VPC in your Amazon Web Services account. For more information on VPC peering failures, see https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html

    • FLEET_VPC_PEERING_DELETED -- A VPC peering connection has been successfully deleted.

    Spot instance events:

    • INSTANCE_INTERRUPTED -- A spot instance was interrupted by EC2 with a two-minute notification.

    • INSTANCE_RECYCLED -- A spot instance was determined to have a high risk of interruption and is scheduled to be recycled once it has no active game sessions.

    Server process events:

    • SERVER_PROCESS_INVALID_PATH -- The game server executable or script could not be found based on the Fleet runtime configuration. Check that the launch path is correct based on the operating system of the Fleet.

    • SERVER_PROCESS_SDK_INITIALIZATION_TIMEOUT -- The server process did not call InitSDK() within the time expected (5 minutes). Check your game session log to see why InitSDK() was not called in time. This event is not emitted for managed container fleets and Anywhere fleets unless they're deployed with the Amazon GameLift Servers Agent.

    • SERVER_PROCESS_PROCESS_READY_TIMEOUT -- The server process did not call ProcessReady() within the time expected (5 minutes) after calling InitSDK(). Check your game session log to see why ProcessReady() was not called in time.

    • SERVER_PROCESS_CRASHED -- The server process exited without calling ProcessEnding(). Check your game session log to see why ProcessEnding() was not called.

    • SERVER_PROCESS_TERMINATED_UNHEALTHY -- The server process did not report a valid health check for too long and was therefore terminated by GameLift. Check your game session log to see if the thread became stuck processing a synchronous task for too long.

    • SERVER_PROCESS_FORCE_TERMINATED -- The server process did not exit cleanly within the time expected after OnProcessTerminate() was sent. Check your game session log to see why termination took longer than expected.

    • SERVER_PROCESS_PROCESS_EXIT_TIMEOUT -- The server process did not exit cleanly within the time expected (30 seconds) after calling ProcessEnding(). Check your game session log to see why termination took longer than expected.

    Game session events:

    • GAME_SESSION_ACTIVATION_TIMEOUT -- GameSession failed to activate within the expected time. Check your game session log to see why ActivateGameSession() took longer to complete than expected.

    Other fleet events:

    • FLEET_SCALING_EVENT -- A change was made to the fleet's capacity settings (desired instances, minimum/maximum scaling limits). Event messaging includes the new capacity settings.

    • FLEET_NEW_GAME_SESSION_PROTECTION_POLICY_UPDATED -- A change was made to the fleet's game session protection policy setting. Event messaging includes both the old and new policy setting.

    • FLEET_DELETED -- A request to delete a fleet was initiated.

    • GENERIC_EVENT -- An unspecified event has occurred.

    " }, "Message":{ "shape":"NonEmptyString", @@ -5329,14 +5648,14 @@ }, "PreSignedLogUrl":{ "shape":"NonZeroAndMaxString", - "documentation":"

    Location of stored logs with additional detail that is related to the event. This is useful for debugging issues. The URL is valid for 15 minutes. You can also access fleet creation logs through the Amazon GameLift console.

    " + "documentation":"

    Location of stored logs with additional detail that is related to the event. This is useful for debugging issues. The URL is valid for 15 minutes. You can also access fleet creation logs through the Amazon GameLift Servers console.

    " }, "Count":{ "shape":"EventCount", "documentation":"

    The number of times that this event occurred.

    " } }, - "documentation":"

    Log entry describing an event that involves Amazon GameLift resources (such as a fleet). In addition to tracking activity, event codes and messages can provide additional information for troubleshooting and debugging problems.

    " + "documentation":"

    Log entry describing an event that involves Amazon GameLift Servers resources (such as a fleet). In addition to tracking activity, event codes and messages can provide additional information for troubleshooting and debugging problems.

    " }, "EventCode":{ "type":"string", @@ -5454,7 +5773,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift fleet ARN, the resource ID matches the FleetId value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912. In a GameLift fleet ARN, the resource ID matches the FleetId value.

    " }, "FleetType":{ "shape":"FleetType", @@ -5482,7 +5801,7 @@ }, "Status":{ "shape":"FleetStatus", - "documentation":"

    Current status of the fleet. Possible fleet statuses include the following:

    • NEW -- A new fleet resource has been defined and Amazon GameLift has started creating the fleet. Desired instances is set to 1.

    • DOWNLOADING/VALIDATING/BUILDING -- Amazon GameLift is download the game server build, running install scripts, and then validating the build files. When complete, Amazon GameLift launches a fleet instance.

    • ACTIVATING -- Amazon GameLift is launching a game server process and testing its connectivity with the Amazon GameLift service.

    • ACTIVE -- The fleet is now ready to host game sessions.

    • ERROR -- An error occurred when downloading, validating, building, or activating the fleet.

    • DELETING -- Hosts are responding to a delete fleet request.

    • TERMINATED -- The fleet no longer exists.

    " + "documentation":"

    Current status of the fleet. Possible fleet statuses include the following:

    • NEW -- A new fleet resource has been defined and Amazon GameLift Servers has started creating the fleet. Desired instances is set to 1.

    • DOWNLOADING/VALIDATING/BUILDING -- Amazon GameLift Servers is download the game server build, running install scripts, and then validating the build files. When complete, Amazon GameLift Servers launches a fleet instance.

    • ACTIVATING -- Amazon GameLift Servers is launching a game server process and testing its connectivity with the Amazon GameLift Servers service.

    • ACTIVE -- The fleet is now ready to host game sessions.

    • ERROR -- An error occurred when downloading, validating, building, or activating the fleet.

    • DELETING -- Hosts are responding to a delete fleet request.

    • TERMINATED -- The fleet no longer exists.

    " }, "BuildId":{ "shape":"BuildId", @@ -5490,7 +5809,7 @@ }, "BuildArn":{ "shape":"BuildArn", - "documentation":"

    The Amazon Resource Name (ARN) associated with the Amazon GameLift build resource that is deployed on instances in this fleet. In a GameLift build ARN, the resource ID matches the BuildId value. This attribute is used with fleets where ComputeType is \"EC2\".

    " + "documentation":"

    The Amazon Resource Name (ARN) associated with the Amazon GameLift Servers build resource that is deployed on instances in this fleet. In a GameLift build ARN, the resource ID matches the BuildId value. This attribute is used with fleets where ComputeType is \"EC2\".

    " }, "ScriptId":{ "shape":"ScriptId", @@ -5510,7 +5829,7 @@ }, "LogPaths":{ "shape":"StringList", - "documentation":"

    This parameter is no longer used. Game session log paths are now defined using the Amazon GameLift server API ProcessReady() logParameters. See more information in the Server API Reference.

    " + "documentation":"

    This parameter is no longer used. Game session log paths are now defined using the Amazon GameLift Servers server API ProcessReady() logParameters. See more information in the Server API Reference.

    " }, "NewGameSessionProtectionPolicy":{ "shape":"ProtectionPolicy", @@ -5518,7 +5837,7 @@ }, "OperatingSystem":{ "shape":"OperatingSystem", - "documentation":"

    The operating system of the fleet's computing resources. A fleet's operating system is determined by the OS of the build or script that is deployed on this fleet. This attribute is used with fleets where ComputeType is EC2.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x., first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The operating system of the fleet's computing resources. A fleet's operating system is determined by the OS of the build or script that is deployed on this fleet. This attribute is used with fleets where ComputeType is EC2.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "ResourceCreationLimitPolicy":{"shape":"ResourceCreationLimitPolicy"}, "MetricGroups":{ @@ -5539,7 +5858,7 @@ }, "ComputeType":{ "shape":"ComputeType", - "documentation":"

    The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Anywhere or use Amazon EC2 instances with managed Amazon GameLift.

    " + "documentation":"

    The type of compute resource used to host your game servers. You can use your own compute resources with Amazon GameLift Servers Anywhere or use Amazon EC2 instances with managed Amazon GameLift Servers.

    " }, "AnywhereConfiguration":{ "shape":"AnywhereConfiguration", @@ -5550,7 +5869,7 @@ "documentation":"

    Indicates that fleet instances maintain a shared credentials file for the IAM role defined in InstanceRoleArn. Shared credentials allow applications that are deployed with the game server executable to communicate with other Amazon Web Services resources. This property is used only when the game server is integrated with the server SDK version 5.x. For more information about using shared credentials, see Communicate with other Amazon Web Services resources from your fleets. This attribute is used with fleets where ComputeType is EC2.

    " } }, - "documentation":"

    Describes an Amazon GameLift fleet of game hosting resources. Attributes differ based on the fleet's compute type, as follows:

    • EC2 fleet attributes identify a Build resource (for fleets with customer game server builds) or a Script resource (for Realtime Servers fleets).

    • Amazon GameLift Anywhere fleets have an abbreviated set of attributes, because most fleet configurations are set directly on the fleet's computes. Attributes include fleet identifiers and descriptive properties, creation/termination time, and fleet status.

    Returned by: https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetAttributes

    " + "documentation":"

    Describes an Amazon GameLift Servers fleet of game hosting resources. Attributes differ based on the fleet's compute type, as follows:

    • EC2 fleet attributes identify a Build resource (for fleets with customer game server builds) or a Script resource (for Amazon GameLift Servers Realtime fleets).

    • Amazon GameLift Servers Anywhere fleets have an abbreviated set of attributes, because most fleet configurations are set directly on the fleet's computes. Attributes include fleet identifiers and descriptive properties, creation/termination time, and fleet status.

    Returned by: https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetAttributes

    " }, "FleetAttributesList":{ "type":"list", @@ -5571,7 +5890,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "InstanceType":{ "shape":"EC2InstanceType", @@ -5621,7 +5940,7 @@ }, "RollbackGameServerBinaryArn":{ "shape":"FleetBinaryArn", - "documentation":"

    The unique identifier for the version of the game server container group definition to roll back to if deployment fails. Amazon GameLift sets this property to the container group definition version that the fleet used when it was last active.

    " + "documentation":"

    The unique identifier for the version of the game server container group definition to roll back to if deployment fails. Amazon GameLift Servers sets this property to the container group definition version that the fleet used when it was last active.

    " }, "PerInstanceBinaryArn":{ "shape":"FleetBinaryArn", @@ -5629,7 +5948,7 @@ }, "RollbackPerInstanceBinaryArn":{ "shape":"FleetBinaryArn", - "documentation":"

    The unique identifier for the version of the per-instance container group definition to roll back to if deployment fails. Amazon GameLift sets this property to the container group definition version that the fleet used when it was last active.

    " + "documentation":"

    The unique identifier for the version of the per-instance container group definition to roll back to if deployment fails. Amazon GameLift Servers sets this property to the container group definition version that the fleet used when it was last active.

    " }, "DeploymentStatus":{ "shape":"DeploymentStatus", @@ -5703,7 +6022,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "ActiveServerProcessCount":{ "shape":"WholeNumber", @@ -5830,7 +6149,7 @@ "documentation":"

    Timestamp that indicates the last time the game server was updated with health status. The format is a number expressed in Unix time as milliseconds (for example \"1469498468.057\"). After game server registration, this property is only changed when a game server update specifies a health check value.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Properties describing a game server that is running on an instance in a game server group.

    A game server is created by a successful call to RegisterGameServer and deleted by calling DeregisterGameServer. A game server is claimed to host a game session by calling ClaimGameServer.

    " + "documentation":"

    Properties describing a game server that is running on an instance in a game server group.

    A game server is created by a successful call to RegisterGameServer and deleted by calling DeregisterGameServer. A game server is claimed to host a game session by calling ClaimGameServer.

    " }, "GameServerClaimStatus":{ "type":"string", @@ -5863,11 +6182,11 @@ }, "ImageUri":{ "shape":"ImageUriString", - "documentation":"

    The URI to the image that Amazon GameLift uses when deploying this container to a container fleet. For a more specific identifier, see ResolvedImageDigest.

    " + "documentation":"

    The URI to the image that Amazon GameLift Servers uses when deploying this container to a container fleet. For a more specific identifier, see ResolvedImageDigest.

    " }, "PortConfiguration":{ "shape":"ContainerPortConfiguration", - "documentation":"

    The set of ports that are available to bind to processes in the container. For example, a game server process requires a container port to allow game clients to connect to it. Container ports aren't directly accessed by inbound traffic. Amazon GameLift maps these container ports to externally accessible connection ports, which are assigned as needed from the container fleet's ConnectionPortRange.

    " + "documentation":"

    The set of ports that are available to bind to processes in the container. For example, a game server process requires a container port to allow game clients to connect to it. Container ports aren't directly accessed by inbound traffic. Amazon GameLift Servers maps these container ports to externally accessible connection ports, which are assigned as needed from the container fleet's ConnectionPortRange.

    " }, "ResolvedImageDigest":{ "shape":"Sha256", @@ -5875,7 +6194,7 @@ }, "ServerSdkVersion":{ "shape":"ServerSdkVersion", - "documentation":"

    The Amazon GameLift server SDK version that the game server is integrated with. Only game servers using 5.2.0 or higher are compatible with container fleets.

    " + "documentation":"

    The Amazon GameLift Servers server SDK version that the game server is integrated with. Only game servers using 5.2.0 or higher are compatible with container fleets.

    " } }, "documentation":"

    Describes the game server container in an existing game server container group. A game server container identifies a container image with your game server build. A game server container is automatically considered essential; if an essential container fails, the entire container group restarts.

    You can update a container definition and deploy the updates to an existing fleet. When creating or updating a game server container group definition, use the property https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameServerContainerDefinitionInput.

    Part of: ContainerGroupDefinition

    Returned by: DescribeContainerGroupDefinition, ListContainerGroupDefinitions, UpdateContainerGroupDefinition

    " @@ -5907,15 +6226,15 @@ }, "ImageUri":{ "shape":"ImageUriString", - "documentation":"

    The location of the container image to deploy to a container fleet. Provide an image in an Amazon Elastic Container Registry public or private repository. The repository must be in the same Amazon Web Services account and Amazon Web Services Region where you're creating the container group definition. For limits on image size, see Amazon GameLift endpoints and quotas. You can use any of the following image URI formats:

    • Image ID only: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]

    • Image ID and digest: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]@[digest]

    • Image ID and tag: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]:[tag]

    " + "documentation":"

    The location of the container image to deploy to a container fleet. Provide an image in an Amazon Elastic Container Registry public or private repository. The repository must be in the same Amazon Web Services account and Amazon Web Services Region where you're creating the container group definition. For limits on image size, see Amazon GameLift Servers endpoints and quotas. You can use any of the following image URI formats:

    • Image ID only: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]

    • Image ID and digest: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]@[digest]

    • Image ID and tag: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]:[tag]

    " }, "PortConfiguration":{ "shape":"ContainerPortConfiguration", - "documentation":"

    A set of ports that Amazon GameLift can assign to processes in the container. Processes, must be assigned a container port to accept inbound traffic connections. For example, a game server process requires a container port to allow game clients to connect to it. Container ports aren't directly accessed by inbound traffic. Instead, Amazon GameLift maps container ports to externally accessible connection ports (see the container fleet property ConnectionPortRange).

    " + "documentation":"

    A set of ports that Amazon GameLift Servers can assign to processes in a container. The container port configuration must have enough ports for each container process that accepts inbound traffic connections. For example, a game server process requires a container port to allow game clients to connect to it. A container port configuration can have can have one or more container port ranges. Each range specifies starting and ending values as well as the supported network protocol.

    Container ports aren't directly accessed by inbound traffic. Amazon GameLift Servers maps each container port to an externally accessible connection port (see the container fleet property ConnectionPortRange).

    " }, "ServerSdkVersion":{ "shape":"ServerSdkVersion", - "documentation":"

    The Amazon GameLift server SDK version that the game server is integrated with. Only game servers using 5.2.0 or higher are compatible with container fleets.

    " + "documentation":"

    The Amazon GameLift Servers server SDK version that the game server is integrated with. Only game servers using 5.2.0 or higher are compatible with container fleets.

    " } }, "documentation":"

    Describes the configuration for a container that runs your game server executable. This definition includes container configuration, resources, and start instructions. Use this data type when creating or updating a game server container group definition. For properties of a deployed container, see GameServerContainerDefinition. A game server container is automatically considered essential; if an essential container fails, the entire container group restarts.

    Use with: CreateContainerGroupDefinition, UpdateContainerGroupDefinition

    " @@ -5966,15 +6285,15 @@ }, "RoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access your Amazon EC2 Auto Scaling groups.

    " + "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift Servers to access your Amazon EC2 Auto Scaling groups.

    " }, "InstanceDefinitions":{ "shape":"InstanceDefinitions", - "documentation":"

    The set of Amazon EC2 instance types that Amazon GameLift FleetIQ can use when balancing and automatically scaling instances in the corresponding Auto Scaling group.

    " + "documentation":"

    The set of Amazon EC2 instance types that Amazon GameLift Servers FleetIQ can use when balancing and automatically scaling instances in the corresponding Auto Scaling group.

    " }, "BalancingStrategy":{ "shape":"BalancingStrategy", - "documentation":"

    Indicates how Amazon GameLift FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " + "documentation":"

    Indicates how Amazon GameLift Servers FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " }, "GameServerProtectionPolicy":{ "shape":"GameServerProtectionPolicy", @@ -5986,7 +6305,7 @@ }, "Status":{ "shape":"GameServerGroupStatus", - "documentation":"

    The current status of the game server group. Possible statuses include:

    • NEW - Amazon GameLift FleetIQ has validated the CreateGameServerGroup() request.

    • ACTIVATING - Amazon GameLift FleetIQ is setting up a game server group, which includes creating an Auto Scaling group in your Amazon Web Services account.

    • ACTIVE - The game server group has been successfully created.

    • DELETE_SCHEDULED - A request to delete the game server group has been received.

    • DELETING - Amazon GameLift FleetIQ has received a valid DeleteGameServerGroup() request and is processing it. Amazon GameLift FleetIQ must first complete and release hosts before it deletes the Auto Scaling group and the game server group.

    • DELETED - The game server group has been successfully deleted.

    • ERROR - The asynchronous processes of activating or deleting a game server group has failed, resulting in an error state.

    " + "documentation":"

    The current status of the game server group. Possible statuses include:

    • NEW - Amazon GameLift Servers FleetIQ has validated the CreateGameServerGroup() request.

    • ACTIVATING - Amazon GameLift Servers FleetIQ is setting up a game server group, which includes creating an Auto Scaling group in your Amazon Web Services account.

    • ACTIVE - The game server group has been successfully created.

    • DELETE_SCHEDULED - A request to delete the game server group has been received.

    • DELETING - Amazon GameLift Servers FleetIQ has received a valid DeleteGameServerGroup() request and is processing it. Amazon GameLift Servers FleetIQ must first complete and release hosts before it deletes the Auto Scaling group and the game server group.

    • DELETED - The game server group has been successfully deleted.

    • ERROR - The asynchronous processes of activating or deleting a game server group has failed, resulting in an error state.

    " }, "StatusReason":{ "shape":"NonZeroAndMaxString", @@ -6005,7 +6324,7 @@ "documentation":"

    A timestamp that indicates when this game server group was last updated.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Properties that describe a game server group resource. A game server group manages certain properties related to a corresponding Amazon EC2 Auto Scaling group.

    A game server group is created by a successful call to CreateGameServerGroup and deleted by calling DeleteGameServerGroup. Game server group activity can be temporarily suspended and resumed by calling SuspendGameServerGroup and ResumeGameServerGroup, respectively.

    " + "documentation":"

    Properties that describe a game server group resource. A game server group manages certain properties related to a corresponding Amazon EC2 Auto Scaling group.

    A game server group is created by a successful call to CreateGameServerGroup and deleted by calling DeleteGameServerGroup. Game server group activity can be temporarily suspended and resumed by calling SuspendGameServerGroup and ResumeGameServerGroup, respectively.

    " }, "GameServerGroupAction":{ "type":"string", @@ -6029,14 +6348,14 @@ "members":{ "EstimatedInstanceWarmup":{ "shape":"PositiveInteger", - "documentation":"

    Length of time, in seconds, it takes for a new instance to start new game server processes and register with Amazon GameLift FleetIQ. Specifying a warm-up time can be useful, particularly with game servers that take a long time to start up, because it avoids prematurely starting new instances.

    " + "documentation":"

    Length of time, in seconds, it takes for a new instance to start new game server processes and register with Amazon GameLift Servers FleetIQ. Specifying a warm-up time can be useful, particularly with game servers that take a long time to start up, because it avoids prematurely starting new instances.

    " }, "TargetTrackingConfiguration":{ "shape":"TargetTrackingConfiguration", - "documentation":"

    Settings for a target-based scaling policy applied to Auto Scaling group. These settings are used to create a target-based policy that tracks the Amazon GameLift FleetIQ metric \"PercentUtilizedGameServers\" and specifies a target value for the metric. As player usage changes, the policy triggers to adjust the game server group capacity so that the metric returns to the target value.

    " + "documentation":"

    Settings for a target-based scaling policy applied to Auto Scaling group. These settings are used to create a target-based policy that tracks the Amazon GameLift Servers FleetIQ metric \"PercentUtilizedGameServers\" and specifies a target value for the metric. As player usage changes, the policy triggers to adjust the game server group capacity so that the metric returns to the target value.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Configuration settings for intelligent automatic scaling that uses target tracking. These settings are used to add an Auto Scaling policy when creating the corresponding Auto Scaling group. After the Auto Scaling group is created, all updates to Auto Scaling policies, including changing this policy and adding or removing other policies, is done directly on the Auto Scaling group.

    " + "documentation":"

    Configuration settings for intelligent automatic scaling that uses target tracking. These settings are used to add an Auto Scaling policy when creating the corresponding Auto Scaling group. After the Auto Scaling group is created, all updates to Auto Scaling policies, including changing this policy and adding or removing other policies, is done directly on the Auto Scaling group.

    " }, "GameServerGroupDeleteOption":{ "type":"string", @@ -6197,7 +6516,7 @@ "documentation":"

    Current status of the game server instance

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Additional properties, including status, that describe an EC2 instance in a game server group. Instance configurations are set with game server group properties (see DescribeGameServerGroup and with the EC2 launch template that was used when creating the game server group.

    Retrieve game server instances for a game server group by calling DescribeGameServerInstances.

    " + "documentation":"

    Additional properties, including status, that describe an EC2 instance in a game server group. Instance configurations are set with game server group properties (see DescribeGameServerGroup and with the EC2 launch template that was used when creating the game server group.

    Retrieve game server instances for a game server group by calling DescribeGameServerInstances.

    " }, "GameServerInstanceId":{ "type":"string", @@ -6246,7 +6565,7 @@ "members":{ "GameSessionId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the game session. A game session ARN has the following format: arn:aws:gamelift:<region>::gamesession/<fleet ID>/<custom ID string or idempotency token>.

    " + "documentation":"

    A unique identifier for the game session. A game session ARN has the following format: arn:aws:gamelift:<location>::gamesession/<fleet ID>/<custom ID string or idempotency token>.

    " }, "Name":{ "shape":"NonZeroAndMaxString", @@ -6290,7 +6609,7 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number.

    " + "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number.

    " }, "DnsName":{ "shape":"DnsName", @@ -6298,7 +6617,7 @@ }, "Port":{ "shape":"PortNumber", - "documentation":"

    The port number for the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number.

    " + "documentation":"

    The port number for the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number.

    " }, "PlayerSessionCreationPolicy":{ "shape":"PlayerSessionCreationPolicy", @@ -6321,7 +6640,7 @@ "documentation":"

    The fleet location where the game session is running. This value might specify the fleet's home Region or a remote location. Location is expressed as an Amazon Web Services Region code such as us-west-2.

    " } }, - "documentation":"

    Properties describing a game session.

    A game session in ACTIVE status can host players. When a game session ends, its status is set to TERMINATED.

    Amazon GameLift retains a game session resource for 30 days after the game session ends. You can reuse idempotency token values after this time. Game session logs are retained for 14 days.

    All APIs by task

    " + "documentation":"

    Properties describing a game session.

    A game session in ACTIVE status can host players. When a game session ends, its status is set to TERMINATED.

    Amazon GameLift Servers retains a game session resource for 30 days after the game session ends. You can reuse idempotency token values after this time. Game session logs are retained for 14 days.

    All APIs by task

    " }, "GameSessionActivationTimeoutSeconds":{ "type":"integer", @@ -6337,7 +6656,7 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number.

    " + "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number.

    " }, "DnsName":{ "shape":"DnsName", @@ -6345,7 +6664,7 @@ }, "Port":{ "shape":"PositiveInteger", - "documentation":"

    The port number for the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number.

    " + "documentation":"

    The port number for the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number.

    " }, "MatchedPlayerSessions":{ "shape":"MatchedPlayerSessionList", @@ -6359,14 +6678,14 @@ "members":{ "NewGameSessionsPerCreator":{ "shape":"WholeNumber", - "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy evaluates when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " + "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy evaluates when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift Servers checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " }, "PolicyPeriodInMinutes":{ "shape":"WholeNumber", "documentation":"

    The time span used in evaluating the resource creation limit policy.

    " } }, - "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " + "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift Servers checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " }, "GameSessionData":{ "type":"string", @@ -6416,7 +6735,7 @@ }, "Status":{ "shape":"GameSessionPlacementState", - "documentation":"

    Current status of the game session placement request.

    • PENDING -- The placement request is in the queue waiting to be processed. Game session properties are not yet final.

    • FULFILLED -- A new game session has been successfully placed. Game session properties are now final.

    • CANCELLED -- The placement request was canceled.

    • TIMED_OUT -- A new game session was not successfully created before the time limit expired. You can resubmit the placement request as needed.

    • FAILED -- Amazon GameLift is not able to complete the process of placing the game session. Common reasons are the game session terminated before the placement process was completed, or an unexpected internal error.

    " + "documentation":"

    Current status of the game session placement request.

    • PENDING -- The placement request is in the queue waiting to be processed. Game session properties are not yet final.

    • FULFILLED -- A new game session has been successfully placed. Game session properties are now final.

    • CANCELLED -- The placement request was canceled.

    • TIMED_OUT -- A new game session was not successfully created before the time limit expired. You can resubmit the placement request as needed.

    • FAILED -- Amazon GameLift Servers is not able to complete the process of placing the game session. Common reasons are the game session terminated before the placement process was completed, or an unexpected internal error.

    " }, "GameProperties":{ "shape":"GamePropertyList", @@ -6456,7 +6775,7 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number. This value isn't final until placement status is FULFILLED.

    " + "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number. This value isn't final until placement status is FULFILLED.

    " }, "DnsName":{ "shape":"DnsName", @@ -6464,7 +6783,7 @@ }, "Port":{ "shape":"PortNumber", - "documentation":"

    The port number for the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number. This value isn't final until placement status is FULFILLED.

    " + "documentation":"

    The port number for the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number. This value isn't final until placement status is FULFILLED.

    " }, "PlacedPlayerSessions":{ "shape":"PlacedPlayerSessionList", @@ -6480,10 +6799,10 @@ }, "PriorityConfigurationOverride":{ "shape":"PriorityConfigurationOverride", - "documentation":"

    A prioritized list of locations to use with a game session placement request and instructions on how to use it. This list overrides a queue's prioritized location list for a single game session placement request only. The list can include Amazon Web Services Regions, local zones, and custom locations (for Anywhere fleets). The fallback strategy instructs Amazon GameLift to use the override list for the first placement attempt only or for all placement attempts.

    " + "documentation":"

    An alternative priority list of locations that's included with a game session placement request. When provided, the list overrides a queue's location order list for this game session placement request only. The list might include Amazon Web Services Regions, local zones, and custom locations (for Anywhere fleets). The fallback strategy tells Amazon GameLift Servers what action to take (if any) in the event that it failed to place a new game session.

    " } }, - "documentation":"

    Represents a potential game session placement, including the full details of the original placement request and the current status.

    If the game session placement status is PENDING, the properties for game session ID/ARN, region, IP address/DNS, and port aren't final. A game session is not active and ready to accept players until placement status reaches FULFILLED. When the placement is in PENDING status, Amazon GameLift may attempt to place a game session multiple times before succeeding. With each attempt it creates a https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameSession object and updates this placement object with the new game session properties.

    " + "documentation":"

    Represents a potential game session placement, including the full details of the original placement request and the current status.

    If the game session placement status is PENDING, the properties for game session ID/ARN, region, IP address/DNS, and port aren't final. A game session is not active and ready to accept players until placement status reaches FULFILLED. When the placement is in PENDING status, Amazon GameLift Servers may attempt to place a game session multiple times before succeeding. With each attempt it creates a https://docs.aws.amazon.com/gamelift/latest/apireference/API_GameSession object and updates this placement object with the new game session properties.

    " }, "GameSessionPlacementState":{ "type":"string", @@ -6504,7 +6823,7 @@ }, "GameSessionQueueArn":{ "shape":"GameSessionQueueArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. In a Amazon GameLift game session queue ARN, the resource ID matches the Name value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. In a Amazon GameLift Servers game session queue ARN, the resource ID matches the Name value.

    " }, "TimeoutInSeconds":{ "shape":"WholeNumber", @@ -6512,7 +6831,7 @@ }, "PlayerLatencyPolicies":{ "shape":"PlayerLatencyPolicyList", - "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.

    " + "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift Servers can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.

    " }, "Destinations":{ "shape":"GameSessionQueueDestinationList", @@ -6608,7 +6927,7 @@ }, "ComputeName":{ "shape":"ComputeNameOrArn", - "documentation":"

    A unique identifier for the compute resource that you want to connect to. For an EC2 fleet compute, use the instance ID. Use https://docs.aws.amazon.com/gamelift/latest/apireference/API_ListCompute.html to retrieve compute identifiers.

    " + "documentation":"

    A unique identifier for the compute resource that you want to connect to. For an EC2 fleet, use an instance ID. For a managed container fleet, use a compute name. You can retrieve a fleet's compute names by calling ListCompute.

    " } } }, @@ -6621,7 +6940,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "ComputeName":{ "shape":"ComputeNameOrArn", @@ -6629,7 +6948,7 @@ }, "ComputeArn":{ "shape":"ComputeArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift compute resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::compute/compute-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift Servers compute resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::compute/compute-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "Credentials":{ "shape":"AwsCredentials", @@ -6671,7 +6990,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "ComputeName":{ "shape":"ComputeNameOrArn", @@ -6679,7 +6998,7 @@ }, "ComputeArn":{ "shape":"ComputeArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift compute resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::compute/compute-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to an Amazon GameLift Servers compute resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::compute/compute-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "AuthToken":{ "shape":"ComputeAuthToken", @@ -6719,7 +7038,7 @@ "members":{ "FleetId":{ "shape":"FleetIdOrArn", - "documentation":"

    A unique identifier for the fleet that contains the instance you want to access. You can request access to instances in EC2 fleets with the following statuses: ACTIVATING, ACTIVE, or ERROR. Use either a fleet ID or an ARN value.

    You can access fleets in ERROR status for a short period of time before Amazon GameLift deletes them.

    " + "documentation":"

    A unique identifier for the fleet that contains the instance you want to access. You can request access to instances in EC2 fleets with the following statuses: ACTIVATING, ACTIVE, or ERROR. Use either a fleet ID or an ARN value.

    You can access fleets in ERROR status for a short period of time before Amazon GameLift Servers deletes them.

    " }, "InstanceId":{ "shape":"InstanceId", @@ -6771,7 +7090,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "InstanceId":{ "shape":"InstanceId", @@ -6787,7 +7106,7 @@ }, "OperatingSystem":{ "shape":"OperatingSystem", - "documentation":"

    Operating system that is running on this EC2 instance.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x., first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    Operating system that is running on this EC2 instance.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " }, "Type":{ "shape":"EC2InstanceType", @@ -6795,7 +7114,7 @@ }, "Status":{ "shape":"InstanceStatus", - "documentation":"

    Current status of the instance. Possible statuses include the following:

    • PENDING -- The instance is in the process of being created and launching server processes as defined in the fleet's run-time configuration.

    • ACTIVE -- The instance has been successfully created and at least one server process has successfully launched and reported back to Amazon GameLift that it is ready to host a game session. The instance is now considered ready to host game sessions.

    • TERMINATING -- The instance is in the process of shutting down. This may happen to reduce capacity during a scaling down event or to recycle resources in the event of a problem.

    " + "documentation":"

    Current status of the instance. Possible statuses include the following:

    • PENDING -- The instance is in the process of being created and launching server processes as defined in the fleet's run-time configuration.

    • ACTIVE -- The instance has been successfully created and at least one server process has successfully launched and reported back to Amazon GameLift Servers that it is ready to host a game session. The instance is now considered ready to host game sessions.

    • TERMINATING -- The instance is in the process of shutting down. This may happen to reduce capacity during a scaling down event or to recycle resources in the event of a problem.

    " }, "CreationTime":{ "shape":"Timestamp", @@ -6806,7 +7125,7 @@ "documentation":"

    The fleet location of the instance, expressed as an Amazon Web Services Region code, such as us-west-2.

    " } }, - "documentation":"

    Represents a virtual computing instance that runs game server processes and hosts game sessions. In Amazon GameLift, one or more instances make up a managed EC2 fleet.

    " + "documentation":"

    Represents a virtual computing instance that runs game server processes and hosts game sessions. In Amazon GameLift Servers, one or more instances make up a managed EC2 fleet.

    " }, "InstanceAccess":{ "type":"structure", @@ -6846,7 +7165,7 @@ "documentation":"

    Secret string. For Windows instances, the secret is a password for use with Windows Remote Desktop. For Linux instances, it's a private key for use with SSH.

    " } }, - "documentation":"

    A set of credentials that allow remote access to an instance in an EC2 managed fleet. These credentials are returned in response to a call to https://docs.aws.amazon.com/gamelift/latest/apireference/API_GetInstanceAccess, which requests access for instances that are running game servers with the Amazon GameLift server SDK version 4.x or earlier.

    ", + "documentation":"

    A set of credentials that allow remote access to an instance in an EC2 managed fleet. These credentials are returned in response to a call to https://docs.aws.amazon.com/gamelift/latest/apireference/API_GetInstanceAccess, which requests access for instances that are running game servers with the Amazon GameLift Servers server SDK version 4.x or earlier.

    ", "sensitive":true }, "InstanceDefinition":{ @@ -6859,10 +7178,10 @@ }, "WeightedCapacity":{ "shape":"WeightedCapacity", - "documentation":"

    Instance weighting that indicates how much this instance type contributes to the total capacity of a game server group. Instance weights are used by Amazon GameLift FleetIQ to calculate the instance type's cost per unit hour and better identify the most cost-effective options. For detailed information on weighting instance capacity, see Instance Weighting in the Amazon Elastic Compute Cloud Auto Scaling User Guide. Default value is \"1\".

    " + "documentation":"

    Instance weighting that indicates how much this instance type contributes to the total capacity of a game server group. Instance weights are used by Amazon GameLift Servers FleetIQ to calculate the instance type's cost per unit hour and better identify the most cost-effective options. For detailed information on weighting instance capacity, see Instance Weighting in the Amazon Elastic Compute Cloud Auto Scaling User Guide. Default value is \"1\".

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    An allowed instance type for a game server group. All game server groups must have at least two instance types defined for it. Amazon GameLift FleetIQ periodically evaluates each defined instance type for viability. It then updates the Auto Scaling group with the list of viable instance types.

    " + "documentation":"

    An allowed instance type for a game server group. All game server groups must have at least two instance types defined for it. Amazon GameLift Servers FleetIQ periodically evaluates each defined instance type for viability. It then updates the Auto Scaling group with the list of viable instance types.

    " }, "InstanceDefinitions":{ "type":"list", @@ -6963,7 +7282,7 @@ "documentation":"

    The network communication protocol used by the fleet.

    " } }, - "documentation":"

    A range of IP addresses and port settings that allow inbound traffic to connect to processes on an instance in a fleet. Processes are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges.

    For Realtime Servers fleets, Amazon GameLift automatically opens two port ranges, one for TCP messaging and one for UDP.

    " + "documentation":"

    A range of IP addresses and port settings that allow inbound traffic to connect to processes on an instance in a fleet. Processes are assigned an IP address/port number combination, which must fall into the fleet's allowed ranges.

    For Amazon GameLift Servers Realtime fleets, Amazon GameLift Servers automatically opens two port ranges, one for TCP messaging and one for UDP.

    " }, "IpPermissionsList":{ "type":"list", @@ -7032,7 +7351,7 @@ "documentation":"

    The version of the Amazon EC2 launch template to use. If no version is specified, the default version will be used. With Amazon EC2, you can specify a default version for a launch template. If none is set, the default is the first version created.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    An Amazon Elastic Compute Cloud launch template that contains configuration settings and game server code to be deployed to all instances in a game server group. The launch template is specified when creating a new game server group.

    " + "documentation":"

    An Amazon Elastic Compute Cloud launch template that contains configuration settings and game server code to be deployed to all instances in a game server group. The launch template is specified when creating a new game server group.

    " }, "LaunchTemplateVersion":{ "type":"string", @@ -7122,7 +7441,7 @@ }, "Location":{ "shape":"LocationStringModel", - "documentation":"

    The name of a location to retrieve compute resources for. For an Amazon GameLift Anywhere fleet, use a custom location. For a managed fleet, provide a Amazon Web Services Region or Local Zone code (for example: us-west-2 or us-west-2-lax-1).

    " + "documentation":"

    The name of a location to retrieve compute resources for. For an Amazon GameLift Servers Anywhere fleet, use a custom location. For a managed fleet, provide a Amazon Web Services Region or Local Zone code (for example: us-west-2 or us-west-2-lax-1).

    " }, "ContainerGroupDefinitionName":{ "shape":"ContainerGroupDefinitionNameOrArn", @@ -7233,7 +7552,7 @@ "members":{ "ContainerGroupType":{ "shape":"ContainerGroupType", - "documentation":"

    The type of container group to retrieve. Container group type determines how Amazon GameLift deploys the container group on each fleet instance.

    " + "documentation":"

    The type of container group to retrieve. Container group type determines how Amazon GameLift Servers deploys the container group on each fleet instance.

    " }, "Limit":{ "shape":"ListContainerGroupDefinitionsLimit", @@ -7393,7 +7712,7 @@ "members":{ "Filters":{ "shape":"LocationFilterList", - "documentation":"

    Filters the list for AWS or CUSTOM locations.

    " + "documentation":"

    Filters the list for AWS or CUSTOM locations. Use this parameter to narrow down results to only Amazon Web Services-managed locations (Amazon EC2 or container) or only your custom locations (such as an Amazon GameLift Servers Anywhere fleet).

    " }, "Limit":{ "shape":"ListLocationsLimit", @@ -7415,7 +7734,7 @@ "members":{ "Locations":{ "shape":"LocationModelList", - "documentation":"

    A collection of locations.

    " + "documentation":"

    A collection of locations, including both Amazon Web Services and custom locations. Each location includes a name and ping beacon information that can be used to measure network latency between player devices and the location.

    " }, "NextToken":{ "shape":"NonZeroAndMaxString", @@ -7455,7 +7774,7 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift resource that you want to retrieve tags for. Amazon GameLift includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift Servers resource that you want to retrieve tags for. Amazon GameLift Servers includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " } } }, @@ -7502,7 +7821,7 @@ "members":{ "Location":{ "shape":"LocationStringModel", - "documentation":"

    An Amazon Web Services Region code, such as us-west-2. For a list of supported Regions and Local Zones, see Amazon GameLift service locations for managed hosting.

    " + "documentation":"

    An Amazon Web Services Region code, such as us-west-2. For a list of supported Regions and Local Zones, see Amazon GameLift Servers service locations for managed hosting.

    " } }, "documentation":"

    A remote location where a multi-location fleet can deploy game servers for game hosting.

    " @@ -7541,10 +7860,14 @@ }, "LocationArn":{ "shape":"LocationArnModel", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift location resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::location/location-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a custom location resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::location/location-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + }, + "PingBeacon":{ + "shape":"PingBeacon", + "documentation":"

    Information about the UDP ping beacon for this location.

    " } }, - "documentation":"

    Properties of a custom location for use in an Amazon GameLift Anywhere fleet. This data type is returned in response to a call to https://docs.aws.amazon.com/gamelift/latest/apireference/API_CreateLocation.

    " + "documentation":"

    Properties of a location, which can include its name, ARN (for custom locations), and ping beacon information.

    " }, "LocationModelList":{ "type":"list", @@ -7568,7 +7891,7 @@ "documentation":"

    The life-cycle status of a fleet location.

    " } }, - "documentation":"

    A fleet location and its life-cycle state. A location state object might be used to describe a fleet's remote location or home Region. Life-cycle state tracks the progress of launching the first instance in a new location and preparing it for game hosting, and then removing all instances and deleting the location from the fleet.

    • NEW -- A new fleet location has been defined and desired instances is set to 1.

    • DOWNLOADING/VALIDATING/BUILDING/ACTIVATING -- Amazon GameLift is setting up the new fleet location, creating new instances with the game build or Realtime script and starting server processes.

    • ACTIVE -- Hosts can now accept game sessions.

    • ERROR -- An error occurred when downloading, validating, building, or activating the fleet location.

    • DELETING -- Hosts are responding to a delete fleet location request.

    • TERMINATED -- The fleet location no longer exists.

    • NOT_FOUND -- The fleet location was not found. This could be because the custom location was removed or not created.

    " + "documentation":"

    A fleet location and its life-cycle state. A location state object might be used to describe a fleet's remote location or home Region. Life-cycle state tracks the progress of launching the first instance in a new location and preparing it for game hosting, and then removing all instances and deleting the location from the fleet.

    • NEW -- A new fleet location has been defined and desired instances is set to 1.

    • DOWNLOADING/VALIDATING/BUILDING/ACTIVATING -- Amazon GameLift Servers is setting up the new fleet location, creating new instances with the game build or Realtime script and starting server processes.

    • ACTIVE -- Hosts can now accept game sessions.

    • ERROR -- An error occurred when downloading, validating, building, or activating the fleet location.

    • DELETING -- Hosts are responding to a delete fleet location request.

    • TERMINATED -- The fleet location no longer exists.

    • NOT_FOUND -- The fleet location was not found. This could be because the custom location was removed or not created.

    " }, "LocationStateList":{ "type":"list", @@ -7604,7 +7927,7 @@ "members":{ "LogDestination":{ "shape":"LogDestination", - "documentation":"

    The type of log collection to use for a fleet.

    • CLOUDWATCH -- (default value) Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define.

    • NONE -- Don't collect container logs.

    " + "documentation":"

    The type of log collection to use for a fleet.

    • CLOUDWATCH -- (default value) Send logs to an Amazon CloudWatch log group that you define. Each container emits a log stream, which is organized in the log group.

    • S3 -- Store logs in an Amazon S3 bucket that you define. This bucket must reside in the fleet's home Amazon Web Services Region.

    • NONE -- Don't collect container logs.

    " }, "S3BucketName":{ "shape":"NonEmptyString", @@ -7615,7 +7938,7 @@ "documentation":"

    If log destination is CLOUDWATCH, logs are sent to the specified log group in Amazon CloudWatch.

    " } }, - "documentation":"

    A method for collecting container logs for the fleet. Amazon GameLift saves all standard output for each container in logs, including game session logs. You can select from the following methods:

    " + "documentation":"

    A method for collecting container logs for the fleet. Amazon GameLift Servers saves all standard output for each container in logs, including game session logs. You can select from the following methods:

    " }, "LogDestination":{ "type":"string", @@ -7668,7 +7991,7 @@ }, "ConfigurationArn":{ "shape":"MatchmakingConfigurationArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift matchmaking configuration resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::matchmakingconfiguration/<matchmaking configuration name>. In a Amazon GameLift configuration ARN, the resource ID matches the Name value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers matchmaking configuration resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::matchmakingconfiguration/<matchmaking configuration name>. In a Amazon GameLift Servers configuration ARN, the resource ID matches the Name value.

    " }, "Description":{ "shape":"NonZeroAndMaxString", @@ -7676,7 +7999,7 @@ }, "GameSessionQueueArns":{ "shape":"QueueArnsList", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift-hosted game sessions for matches that are created with this matchmaking configuration. This property is not set when FlexMatchMode is set to STANDALONE.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift Servers-hosted game sessions for matches that are created with this matchmaking configuration. This property is not set when FlexMatchMode is set to STANDALONE.

    " }, "RequestTimeoutSeconds":{ "shape":"MatchmakingRequestTimeoutInteger", @@ -7728,7 +8051,7 @@ }, "FlexMatchMode":{ "shape":"FlexMatchMode", - "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift queue to start a game session for the match.

    " + "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift Servers hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift Servers queue to start a game session for the match.

    " } }, "documentation":"

    Guidelines for use with FlexMatch to match players into games. All matchmaking requests must specify a matchmaking configuration.

    " @@ -7789,7 +8112,7 @@ }, "RuleSetArn":{ "shape":"MatchmakingRuleSetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift matchmaking rule set resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::matchmakingruleset/<ruleset name>. In a GameLift rule set ARN, the resource ID matches the RuleSetName value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers matchmaking rule set resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::matchmakingruleset/<ruleset name>. In a GameLift rule set ARN, the resource ID matches the RuleSetName value.

    " }, "RuleSetBody":{ "shape":"RuleSetBody", @@ -7968,7 +8291,7 @@ "members":{ "Message":{"shape":"NonEmptyString"} }, - "documentation":"

    The operation failed because Amazon GameLift has not yet finished validating this compute. We recommend attempting 8 to 10 retries over 3 to 5 minutes with exponential backoffs and jitter.

    ", + "documentation":"

    The operation failed because Amazon GameLift Servers has not yet finished validating this compute. We recommend attempting 8 to 10 retries over 3 to 5 minutes with exponential backoffs and jitter.

    ", "exception":true }, "OperatingSystem":{ @@ -7978,7 +8301,8 @@ "AMAZON_LINUX", "AMAZON_LINUX_2", "WINDOWS_2016", - "AMAZON_LINUX_2023" + "AMAZON_LINUX_2023", + "WINDOWS_2022" ] }, "OutOfCapacityException":{ @@ -7989,6 +8313,16 @@ "documentation":"

    The specified game server group has no available game servers to fulfill a ClaimGameServer request. Clients can retry such requests immediately or after a waiting period.

    ", "exception":true }, + "PingBeacon":{ + "type":"structure", + "members":{ + "UDPEndpoint":{ + "shape":"UDPEndpoint", + "documentation":"

    The domain name and port of the UDP ping beacon.

    " + } + }, + "documentation":"

    Information about a UDP ping beacon that can be used to measure network latency between a player device and an Amazon GameLift Servers hosting location.

    " + }, "PlacedPlayerSession":{ "type":"structure", "members":{ @@ -8164,7 +8498,7 @@ }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift game server, an app needs both the IP address and port number.

    " + "documentation":"

    The IP address of the game session. To connect to a Amazon GameLift Servers game server, an app needs both the IP address and port number.

    " }, "DnsName":{ "shape":"DnsName", @@ -8172,11 +8506,11 @@ }, "Port":{ "shape":"PortNumber", - "documentation":"

    Port number for the game session. To connect to a Amazon GameLift server process, an app needs both the IP address and port number.

    " + "documentation":"

    Port number for the game session. To connect to a Amazon GameLift Servers server process, an app needs both the IP address and port number.

    " }, "PlayerData":{ "shape":"PlayerData", - "documentation":"

    Developer-defined information related to a player. Amazon GameLift does not use this data, so it can be formatted as needed for use in the game.

    " + "documentation":"

    Developer-defined information related to a player. Amazon GameLift Servers does not use this data, so it can be formatted as needed for use in the game.

    " } }, "documentation":"

    Represents a player session. Player sessions are created either for a specific game session, or as part of a game session placement or matchmaking request. A player session can represents a reserved player slot in a game session (when status is RESERVED) or actual player activity in a game session (when status is ACTIVE). A player session object, including player data, is automatically passed to a game session when the player connects to the game session and is validated. After the game session ends, player sessions information is retained for 30 days and then removed.

    Related actions

    All APIs by task

    " @@ -8231,14 +8565,14 @@ "members":{ "PriorityOrder":{ "shape":"PriorityTypeList", - "documentation":"

    A custom sequence to use when prioritizing where to place new game sessions. Each priority type is listed once.

    • LATENCY -- Amazon GameLift prioritizes locations where the average player latency is lowest. Player latency data is provided in each game session placement request.

    • COST -- Amazon GameLift prioritizes destinations with the lowest current hosting costs. Cost is evaluated based on the location, instance type, and fleet type (Spot or On-Demand) of each destination in the queue.

    • DESTINATION -- Amazon GameLift prioritizes based on the list order of destinations in the queue configuration.

    • LOCATION -- Amazon GameLift prioritizes based on the provided order of locations, as defined in LocationOrder.

    " + "documentation":"

    A custom sequence to use when prioritizing where to place new game sessions. Each priority type is listed once.

    • LATENCY -- Amazon GameLift Servers prioritizes locations where the average player latency is lowest. Player latency data is provided in each game session placement request.

    • COST -- Amazon GameLift Servers prioritizes queue destinations with the lowest current hosting costs. Cost is evaluated based on the destination's location, instance type, and fleet type (Spot or On-Demand).

    • DESTINATION -- Amazon GameLift Servers prioritizes based on the list order of destinations in the queue configuration.

    • LOCATION -- Amazon GameLift Servers prioritizes based on the provided order of locations, as defined in LocationOrder.

    " }, "LocationOrder":{ "shape":"LocationList", - "documentation":"

    The prioritization order to use for fleet locations, when the PriorityOrder property includes LOCATION. Locations can include Amazon Web Services Region codes (such as us-west-2), local zones, and custom locations (for Anywhere fleets). Each location must be listed only once. For details, see Amazon GameLift service locations.

    " + "documentation":"

    The prioritization order to use for fleet locations, when the PriorityOrder property includes LOCATION. Locations can include Amazon Web Services Region codes (such as us-west-2), local zones, and custom locations (for Anywhere fleets). Each location must be listed only once. For details, see Amazon GameLift Servers service locations.

    " } }, - "documentation":"

    Custom prioritization settings for a game session queue to use when searching for available game servers to place new game sessions. This configuration replaces the default FleetIQ prioritization process.

    By default, a queue makes placements based on the following default prioritizations:

    • If player latency data is included in a game session request, Amazon GameLift prioritizes placing game sessions where the average player latency is lowest. Amazon GameLift re-orders the queue's destinations and locations (for multi-location fleets) based on the following priorities: (1) the lowest average latency across all players, (2) the lowest hosting cost, (3) the queue's default destination order, and then (4), an alphabetic list of locations.

    • If player latency data is not included, Amazon GameLift prioritizes placing game sessions in the queue's first destination. If that fleet has multiple locations, the game session is placed on the first location (when listed alphabetically). Amazon GameLift re-orders the queue's destinations and locations (for multi-location fleets) based on the following priorities: (1) the queue's default destination order, and then (2) an alphabetic list of locations.

    " + "documentation":"

    Custom prioritization settings to use with a game session queue. Prioritization settings determine how the queue selects a game hosting resource to start a new game session. This configuration replaces the default prioritization process for queues.

    By default, a queue makes game session placements based on the following criteria:

    • When a game session request does not include player latency data, Amazon GameLift Servers places game sessions based on the following priorities: (1) the queue's default destination order, and (2) for multi-location fleets, an alphabetic list of locations.

    • When a game session request includes player latency data, Amazon GameLift Servers re-orders the queue's destinations to make placements where the average player latency is lowest. It reorders based the following priorities: (1) the lowest average latency across all players, (2) the lowest hosting cost, (3) the queue's default destination order, and (4) for multi-location fleets, an alphabetic list of locations.

    " }, "PriorityConfigurationOverride":{ "type":"structure", @@ -8246,14 +8580,14 @@ "members":{ "PlacementFallbackStrategy":{ "shape":"PlacementFallbackStrategy", - "documentation":"

    Instructions for how to use the override list if the first round of placement attempts fails. The first round is a failure if Amazon GameLift searches all listed locations, in all of the queue's destinations, without finding an available hosting resource for a new game session. Valid strategies include:

    • DEFAULT_AFTER_SINGLE_PASS -- After the first round of placement attempts, discard the override list and use the queue's default location priority list. Continue to use the queue's default list until the placement request times out.

    • NONE -- Continue to use the override list for all rounds of placement attempts until the placement request times out.

    " + "documentation":"

    Instructions for how to proceed if placement fails in every location on the priority override list. Valid strategies include:

    • DEFAULT_AFTER_SINGLE_PASS -- After attempting to place a new game session in every location on the priority override list, try to place a game session in queue's other locations. This is the default behavior.

    • NONE -- Limit placements to locations on the priority override list only.

    " }, "LocationOrder":{ "shape":"LocationOrderOverrideList", - "documentation":"

    A prioritized list of hosting locations. The list can include Amazon Web Services Regions (such as us-west-2), local zones, and custom locations (for Anywhere fleets). Each location must be listed only once. For details, see Amazon GameLift service locations.

    " + "documentation":"

    A prioritized list of hosting locations. The list can include Amazon Web Services Regions (such as us-west-2), local zones, and custom locations (for Anywhere fleets). Each location must be listed only once. For details, see Amazon GameLift Servers service locations.

    " } }, - "documentation":"

    An alternate list of prioritized locations for use with a game session queue. When this property is included in a StartGameSessionPlacement request, this list overrides the queue's default location prioritization, as defined in the queue's PriorityConfiguration setting (LocationOrder). This property overrides the queue's default priority list for individual placement requests only. Use this property only with queues that have a PriorityConfiguration setting that prioritizes first.

    A priority configuration override list does not override a queue's FilterConfiguration setting, if the queue has one. Filter configurations are used to limit placements to a subset of the locations in a queue's destinations. If the override list includes a location that's not included in the FilterConfiguration allowed list, Amazon GameLift won't attempt to place a game session there.

    " + "documentation":"

    An alternate list of prioritized locations for use with a game session queue. When this property is included in a StartGameSessionPlacement request, the alternate list overrides the queue's default location priorities, as defined in the queue's PriorityConfiguration setting (LocationOrder). The override is valid for an individual placement request only. Use this property only with queues that have a PriorityConfiguration setting that prioritizes LOCATION first.

    A priority configuration override list does not override a queue's FilterConfiguration setting, if the queue has one. Filter configurations are used to limit placements to a subset of the locations in a queue's destinations. If the override list includes a location that's not on in the FilterConfiguration allowed list, Amazon GameLift Servers won't attempt to place a game session there.

    " }, "PriorityType":{ "type":"string", @@ -8315,7 +8649,7 @@ }, "MetricName":{ "shape":"MetricName", - "documentation":"

    Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment. For detailed descriptions of fleet metrics, see Monitor Amazon GameLift with Amazon CloudWatch.

    • ActivatingGameSessions -- Game sessions in the process of being created.

    • ActiveGameSessions -- Game sessions that are currently running.

    • ActiveInstances -- Fleet instances that are currently running at least one game session.

    • AvailableGameSessions -- Additional game sessions that fleet could host simultaneously, given current capacity.

    • AvailablePlayerSessions -- Empty player slots in currently active game sessions. This includes game sessions that are not currently accepting players. Reserved player slots are not included.

    • CurrentPlayerSessions -- Player slots in active game sessions that are being used by a player or are reserved for a player.

    • IdleInstances -- Active instances that are currently hosting zero game sessions.

    • PercentAvailableGameSessions -- Unused percentage of the total number of game sessions that a fleet could host simultaneously, given current capacity. Use this metric for a target-based scaling policy.

    • PercentIdleInstances -- Percentage of the total number of active instances that are hosting zero game sessions.

    • QueueDepth -- Pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    • WaitTime -- Current wait time for pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    " + "documentation":"

    Name of the Amazon GameLift Servers-defined metric that is used to trigger a scaling adjustment. For detailed descriptions of fleet metrics, see Monitor Amazon GameLift Servers with Amazon CloudWatch.

    • ActivatingGameSessions -- Game sessions in the process of being created.

    • ActiveGameSessions -- Game sessions that are currently running.

    • ActiveInstances -- Fleet instances that are currently running at least one game session.

    • AvailableGameSessions -- Additional game sessions that fleet could host simultaneously, given current capacity.

    • AvailablePlayerSessions -- Empty player slots in currently active game sessions. This includes game sessions that are not currently accepting players. Reserved player slots are not included.

    • CurrentPlayerSessions -- Player slots in active game sessions that are being used by a player or are reserved for a player.

    • IdleInstances -- Active instances that are currently hosting zero game sessions.

    • PercentAvailableGameSessions -- Unused percentage of the total number of game sessions that a fleet could host simultaneously, given current capacity. Use this metric for a target-based scaling policy.

    • PercentIdleInstances -- Percentage of the total number of active instances that are hosting zero game sessions.

    • QueueDepth -- Pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    • WaitTime -- Current wait time for pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    " }, "PolicyType":{ "shape":"PolicyType", @@ -8369,15 +8703,15 @@ }, "CertificatePath":{ "shape":"NonZeroAndMaxString", - "documentation":"

    The path to a TLS certificate on your compute resource. Amazon GameLift doesn't validate the path and certificate.

    " + "documentation":"

    The path to a TLS certificate on your compute resource. Amazon GameLift Servers doesn't validate the path and certificate.

    " }, "DnsName":{ "shape":"DnsNameInput", - "documentation":"

    The DNS name of the compute resource. Amazon GameLift requires either a DNS name or IP address.

    " + "documentation":"

    The DNS name of the compute resource. Amazon GameLift Servers requires either a DNS name or IP address.

    " }, "IpAddress":{ "shape":"IpAddress", - "documentation":"

    The IP address of the compute resource. Amazon GameLift requires either a DNS name or IP address. When registering an Anywhere fleet, an IP address is required.

    " + "documentation":"

    The IP address of the compute resource. Amazon GameLift Servers requires either a DNS name or IP address. When registering an Anywhere fleet, an IP address is required.

    " }, "Location":{ "shape":"LocationStringModel", @@ -8484,14 +8818,14 @@ "members":{ "NewGameSessionsPerCreator":{ "shape":"WholeNumber", - "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " + "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift Servers checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " }, "PolicyPeriodInMinutes":{ "shape":"WholeNumber", "documentation":"

    The time span used in evaluating the resource creation limit policy.

    " } }, - "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " + "documentation":"

    A policy that puts limits on the number of game sessions that a player can create within a specified span of time. With this policy, you can control players' ability to consume available resources.

    The policy is evaluated when a player tries to create a new game session. On receiving a CreateGameSession request, Amazon GameLift Servers checks that the player (identified by CreatorId) has created fewer than game session limit in the specified time period.

    " }, "ResumeGameServerGroupInput":{ "type":"structure", @@ -8570,14 +8904,14 @@ "documentation":"

    The maximum amount of time (in seconds) allowed to launch a new game session and have it report ready to host players. During this time, the game session is in status ACTIVATING. If the game session does not become active before the timeout, it is ended and the game session status is changed to TERMINATED.

    " } }, - "documentation":"

    A set of instructions that define the set of server processes to run on computes in a fleet. Server processes run either an executable in a custom game build or a Realtime Servers script. Amazon GameLift launches the processes, manages their life cycle, and replaces them as needed. Computes check regularly for an updated runtime configuration.

    An Amazon GameLift instance is limited to 50 processes running concurrently. To calculate the total number of processes defined in a runtime configuration, add the values of the ConcurrentExecutions parameter for each server process. Learn more about Running Multiple Processes on a Fleet.

    " + "documentation":"

    A set of instructions that define the set of server processes to run on computes in a fleet. Server processes run either an executable in a custom game build or a Amazon GameLift Servers Realtime script. Amazon GameLift Servers launches the processes, manages their life cycle, and replaces them as needed. Computes check regularly for an updated runtime configuration.

    An Amazon GameLift Servers instance is limited to 50 processes running concurrently. To calculate the total number of processes defined in a runtime configuration, add the values of the ConcurrentExecutions parameter for each server process. Learn more about Running Multiple Processes on a Fleet.

    " }, "S3Location":{ "type":"structure", "members":{ "Bucket":{ "shape":"NonEmptyString", - "documentation":"

    An Amazon S3 bucket identifier. Thename of the S3 bucket.

    Amazon GameLift doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).

    " + "documentation":"

    An Amazon S3 bucket identifier. Thename of the S3 bucket.

    Amazon GameLift Servers doesn't support uploading from Amazon S3 buckets with names that contain a dot (.).

    " }, "Key":{ "shape":"NonEmptyString", @@ -8585,14 +8919,14 @@ }, "RoleArn":{ "shape":"NonEmptyString", - "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access the S3 bucket.

    " + "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift Servers to access the S3 bucket.

    " }, "ObjectVersion":{ "shape":"NonEmptyString", - "documentation":"

    The version of the file, if object versioning is turned on for the bucket. Amazon GameLift uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.

    " + "documentation":"

    The version of the file, if object versioning is turned on for the bucket. Amazon GameLift Servers uses this information when retrieving files from an S3 bucket that you own. Use this parameter to specify a specific version of the file. If not set, the latest version of the file is retrieved.

    " } }, - "documentation":"

    The location in Amazon S3 where build or script files are stored for access by Amazon GameLift.

    " + "documentation":"

    The location in Amazon S3 where build or script files are stored for access by Amazon GameLift Servers.

    " }, "ScalingAdjustmentType":{ "type":"string", @@ -8611,7 +8945,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "Name":{ "shape":"NonZeroAndMaxString", @@ -8643,7 +8977,7 @@ }, "MetricName":{ "shape":"MetricName", - "documentation":"

    Name of the Amazon GameLift-defined metric that is used to trigger a scaling adjustment. For detailed descriptions of fleet metrics, see Monitor Amazon GameLift with Amazon CloudWatch.

    • ActivatingGameSessions -- Game sessions in the process of being created.

    • ActiveGameSessions -- Game sessions that are currently running.

    • ActiveInstances -- Fleet instances that are currently running at least one game session.

    • AvailableGameSessions -- Additional game sessions that fleet could host simultaneously, given current capacity.

    • AvailablePlayerSessions -- Empty player slots in currently active game sessions. This includes game sessions that are not currently accepting players. Reserved player slots are not included.

    • CurrentPlayerSessions -- Player slots in active game sessions that are being used by a player or are reserved for a player.

    • IdleInstances -- Active instances that are currently hosting zero game sessions.

    • PercentAvailableGameSessions -- Unused percentage of the total number of game sessions that a fleet could host simultaneously, given current capacity. Use this metric for a target-based scaling policy.

    • PercentIdleInstances -- Percentage of the total number of active instances that are hosting zero game sessions.

    • QueueDepth -- Pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    • WaitTime -- Current wait time for pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    " + "documentation":"

    Name of the Amazon GameLift Servers-defined metric that is used to trigger a scaling adjustment. For detailed descriptions of fleet metrics, see Monitor Amazon GameLift Servers with Amazon CloudWatch.

    • ActivatingGameSessions -- Game sessions in the process of being created.

    • ActiveGameSessions -- Game sessions that are currently running.

    • ActiveInstances -- Fleet instances that are currently running at least one game session.

    • AvailableGameSessions -- Additional game sessions that fleet could host simultaneously, given current capacity.

    • AvailablePlayerSessions -- Empty player slots in currently active game sessions. This includes game sessions that are not currently accepting players. Reserved player slots are not included.

    • CurrentPlayerSessions -- Player slots in active game sessions that are being used by a player or are reserved for a player.

    • IdleInstances -- Active instances that are currently hosting zero game sessions.

    • PercentAvailableGameSessions -- Unused percentage of the total number of game sessions that a fleet could host simultaneously, given current capacity. Use this metric for a target-based scaling policy.

    • PercentIdleInstances -- Percentage of the total number of active instances that are hosting zero game sessions.

    • QueueDepth -- Pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    • WaitTime -- Current wait time for pending game session placement requests, in any queue, where the current fleet is the top-priority destination.

    " }, "PolicyType":{ "shape":"PolicyType", @@ -8689,7 +9023,7 @@ }, "ScriptArn":{ "shape":"ScriptArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift script resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift script ARN, the resource ID matches the ScriptId value.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers script resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift script ARN, the resource ID matches the ScriptId value.

    " }, "Name":{ "shape":"NonZeroAndMaxString", @@ -8709,7 +9043,7 @@ }, "StorageLocation":{ "shape":"S3Location", - "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " + "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift Servers to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift Servers uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " } }, "documentation":"

    Properties describing a Realtime script.

    Related actions

    All APIs by task

    " @@ -8785,7 +9119,7 @@ "members":{ "LaunchPath":{ "shape":"LaunchPathStringModel", - "documentation":"

    The location of a game build executable or Realtime script. Game builds and Realtime scripts are installed on instances at the root:

    • Windows (custom game builds only): C:\\game. Example: \"C:\\game\\MyGame\\server.exe\"

    • Linux: /local/game. Examples: \"/local/game/MyGame/server.exe\" or \"/local/game/MyRealtimeScript.js\"

    Amazon GameLift doesn't support the use of setup scripts that launch the game executable. For custom game builds, this parameter must indicate the executable that calls the server SDK operations initSDK() and ProcessReady().

    " + "documentation":"

    The location of a game build executable or Realtime script. Game builds and Realtime scripts are installed on instances at the root:

    • Windows (custom game builds only): C:\\game. Example: \"C:\\game\\MyGame\\server.exe\"

    • Linux: /local/game. Examples: \"/local/game/MyGame/server.exe\" or \"/local/game/MyRealtimeScript.js\"

    Amazon GameLift Servers doesn't support the use of setup scripts that launch the game executable. For custom game builds, this parameter must indicate the executable that calls the server SDK operations initSDK() and ProcessReady().

    " }, "Parameters":{ "shape":"LaunchParametersStringModel", @@ -8796,7 +9130,7 @@ "documentation":"

    The number of server processes using this configuration that run concurrently on each instance or compute.

    " } }, - "documentation":"

    A set of instructions for launching server processes on fleet computes. Server processes run either an executable in a custom game build or a Realtime Servers script. Server process configurations are part of a fleet's runtime configuration.

    " + "documentation":"

    A set of instructions for launching server processes on fleet computes. Server processes run either an executable in a custom game build or a Amazon GameLift Servers Realtime script. Server process configurations are part of a fleet's runtime configuration.

    " }, "ServerProcessList":{ "type":"list", @@ -8862,7 +9196,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " } } }, @@ -8908,7 +9242,7 @@ }, "PriorityConfigurationOverride":{ "shape":"PriorityConfigurationOverride", - "documentation":"

    A prioritized list of locations to use for the game session placement and instructions on how to use it. This list overrides a queue's prioritized location list for this game session placement request only. You can include Amazon Web Services Regions, local zones, and custom locations (for Anywhere fleets). Choose a fallback strategy to instruct Amazon GameLift to use the override list for the first placement attempt only or for all placement attempts.

    " + "documentation":"

    A prioritized list of locations to use for the game session placement and instructions on how to use it. This list overrides a queue's prioritized location list for this game session placement request only. You can include Amazon Web Services Regions, local zones, and custom locations (for Anywhere fleets). You can choose to limit placements to locations on the override list only, or you can prioritize locations on the override list first and then fall back to the queue's other locations if needed. Choose a fallback strategy to use in the event that Amazon GameLift Servers fails to place a game session in any of the locations on the priority override list.

    " } } }, @@ -8930,7 +9264,7 @@ "members":{ "TicketId":{ "shape":"MatchmakingIdStringModel", - "documentation":"

    A unique identifier for a matchmaking ticket. If no ticket ID is specified here, Amazon GameLift will generate one in the form of a UUID. Use this identifier to track the match backfill ticket status and retrieve match results.

    " + "documentation":"

    A unique identifier for a matchmaking ticket. If no ticket ID is specified here, Amazon GameLift Servers will generate one in the form of a UUID. Use this identifier to track the match backfill ticket status and retrieve match results.

    " }, "ConfigurationName":{ "shape":"MatchmakingConfigurationName", @@ -8964,7 +9298,7 @@ "members":{ "TicketId":{ "shape":"MatchmakingIdStringModel", - "documentation":"

    A unique identifier for a matchmaking ticket. If no ticket ID is specified here, Amazon GameLift will generate one in the form of a UUID. Use this identifier to track the matchmaking ticket status and retrieve match results.

    " + "documentation":"

    A unique identifier for a matchmaking ticket. If no ticket ID is specified here, Amazon GameLift Servers will generate one in the form of a UUID. Use this identifier to track the matchmaking ticket status and retrieve match results.

    " }, "ConfigurationName":{ "shape":"MatchmakingConfigurationName", @@ -9015,7 +9349,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " } } }, @@ -9050,8 +9384,7 @@ }, "StopMatchmakingOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StringList":{ "type":"list", @@ -9087,15 +9420,15 @@ }, "ImageUri":{ "shape":"ImageUriString", - "documentation":"

    The URI to the image that Amazon GameLift deploys to a container fleet. For a more specific identifier, see ResolvedImageDigest.

    " + "documentation":"

    The URI to the image that Amazon GameLift Servers deploys to a container fleet. For a more specific identifier, see ResolvedImageDigest.

    " }, "MemoryHardLimitMebibytes":{ "shape":"ContainerMemoryLimit", - "documentation":"

    The amount of memory that Amazon GameLift makes available to the container. If memory limits aren't set for an individual container, the container shares the container group's total memory allocation.

    Related data type: ContainerGroupDefinition TotalMemoryLimitMebibytes

    " + "documentation":"

    The amount of memory that Amazon GameLift Servers makes available to the container. If memory limits aren't set for an individual container, the container shares the container group's total memory allocation.

    Related data type: ContainerGroupDefinition TotalMemoryLimitMebibytes

    " }, "PortConfiguration":{ "shape":"ContainerPortConfiguration", - "documentation":"

    A set of ports that allow access to the container from external users. Processes running in the container can bind to a one of these ports. Container ports aren't directly accessed by inbound traffic. Amazon GameLift maps these container ports to externally accessible connection ports, which are assigned as needed from the container fleet's ConnectionPortRange.

    " + "documentation":"

    A set of ports that allow access to the container from external users. Processes running in the container can bind to a one of these ports. Container ports aren't directly accessed by inbound traffic. Amazon GameLift Servers maps these container ports to externally accessible connection ports, which are assigned as needed from the container fleet's ConnectionPortRange.

    " }, "ResolvedImageDigest":{ "shape":"Sha256", @@ -9141,7 +9474,7 @@ }, "ImageUri":{ "shape":"ImageUriString", - "documentation":"

    The location of the container image to deploy to a container fleet. Provide an image in an Amazon Elastic Container Registry public or private repository. The repository must be in the same Amazon Web Services account and Amazon Web Services Region where you're creating the container group definition. For limits on image size, see Amazon GameLift endpoints and quotas. You can use any of the following image URI formats:

    • Image ID only: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]

    • Image ID and digest: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]@[digest]

    • Image ID and tag: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]:[tag]

    " + "documentation":"

    The location of the container image to deploy to a container fleet. Provide an image in an Amazon Elastic Container Registry public or private repository. The repository must be in the same Amazon Web Services account and Amazon Web Services Region where you're creating the container group definition. For limits on image size, see Amazon GameLift Servers endpoints and quotas. You can use any of the following image URI formats:

    • Image ID only: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]

    • Image ID and digest: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]@[digest]

    • Image ID and tag: [AWS account].dkr.ecr.[AWS region].amazonaws.com/[repository ID]:[tag]

    " }, "MemoryHardLimitMebibytes":{ "shape":"ContainerMemoryLimit", @@ -9149,7 +9482,7 @@ }, "PortConfiguration":{ "shape":"ContainerPortConfiguration", - "documentation":"

    A set of ports that Amazon GameLift can assign to processes in the container. Any processes that accept inbound traffic connections must be assigned a port from this set. The container port range must be large enough to assign one to each process in the container that needs one.

    Container ports aren't directly accessed by inbound traffic. Amazon GameLift maps these container ports to externally accessible connection ports, which are assigned as needed from the container fleet's ConnectionPortRange.

    " + "documentation":"

    A set of ports that Amazon GameLift Servers can assign to processes in a container. The container port configuration must have enough ports for each container process that accepts inbound traffic connections. A container port configuration can have can have one or more container port ranges. Each range specifies starting and ending values as well as the supported network protocol.

    Container ports aren't directly accessed by inbound traffic. Amazon GameLift Servers maps each container port to an externally accessible connection port (see the container fleet property ConnectionPortRange).

    " }, "Vcpu":{ "shape":"ContainerVcpu", @@ -9212,7 +9545,7 @@ "documentation":"

    The value for a developer-defined key value pair for tagging an Amazon Web Services resource.

    " } }, - "documentation":"

    A label that you can assign to a Amazon GameLift resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " + "documentation":"

    A label that you can assign to a Amazon GameLift Servers resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    Related actions

    All APIs by task

    " }, "TagKey":{ "type":"string", @@ -9240,18 +9573,17 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift resource that you want to assign tags to. Amazon GameLift includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift Servers resource that you want to assign tags to. Amazon GameLift Servers includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " }, "Tags":{ "shape":"TagList", - "documentation":"

    A list of one or more tags to assign to the specified Amazon GameLift resource. Tags are developer-defined and structured as key-value pairs. The maximum tag limit may be lower than stated. See Tagging Amazon Web Services Resources for tagging limits.

    " + "documentation":"

    A list of one or more tags to assign to the specified Amazon GameLift Servers resource. Tags are developer-defined and structured as key-value pairs. The maximum tag limit may be lower than stated. See Tagging Amazon Web Services Resources for tagging limits.

    " } } }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -9275,7 +9607,7 @@ "documentation":"

    Desired value to use with a target-based scaling policy. The value must be relevant for whatever metric the scaling policy is using. For example, in a policy using the metric PercentAvailableGameSessions, the target value should be the preferred size of the fleet's buffer (the percent of capacity that should be idle and ready for new game sessions).

    " } }, - "documentation":"

    Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value.

    " + "documentation":"

    Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift Servers to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value.

    " }, "TargetTrackingConfiguration":{ "type":"structure", @@ -9286,7 +9618,7 @@ "documentation":"

    Desired value to use with a game server group target-based scaling policy.

    " } }, - "documentation":"

    This data type is used with the Amazon GameLift FleetIQ and game server groups.

    Settings for a target-based scaling policy as part of a GameServerGroupAutoScalingPolicy . These settings are used to create a target-based policy that tracks the Amazon GameLift FleetIQ metric \"PercentUtilizedGameServers\" and specifies a target value for the metric. As player usage changes, the policy triggers to adjust the game server group capacity so that the metric returns to the target value.

    " + "documentation":"

    Settings for a target-based scaling policy as part of a GameServerGroupAutoScalingPolicy . These settings are used to create a target-based policy that tracks the Amazon GameLift Servers FleetIQ metric \"PercentUtilizedGameServers\" and specifies a target value for the metric. As player usage changes, the policy triggers to adjust the game server group capacity so that the metric returns to the target value.

    " }, "TerminalRoutingStrategyException":{ "type":"structure", @@ -9305,11 +9637,11 @@ "members":{ "GameSessionId":{ "shape":"ArnStringModel", - "documentation":"

    A unique identifier for the game session to be terminated. A game session ARN has the following format: arn:aws:gamelift:<region>::gamesession/<fleet ID>/<custom ID string or idempotency token>.

    " + "documentation":"

    A unique identifier for the game session to be terminated. A game session ARN has the following format: arn:aws:gamelift:<location>::gamesession/<fleet ID>/<custom ID string or idempotency token>.

    " }, "TerminationMode":{ "shape":"TerminationMode", - "documentation":"

    The method to use to terminate the game session. Available methods include:

    • TRIGGER_ON_PROCESS_TERMINATE – Prompts the Amazon GameLift service to send an OnProcessTerminate() callback to the server process and initiate the normal game session shutdown sequence. The OnProcessTerminate method, which is implemented in the game server code, must include a call to the server SDK action ProcessEnding(), which is how the server process signals to Amazon GameLift that a game session is ending. If the server process doesn't call ProcessEnding(), the game session termination won't conclude successfully.

    • FORCE_TERMINATE – Prompts the Amazon GameLift service to stop the server process immediately. Amazon GameLift takes action (depending on the type of fleet) to shut down the server process without the normal game session shutdown sequence.

      This method is not available for game sessions that are running on Anywhere fleets unless the fleet is deployed with the Amazon GameLift Agent. In this scenario, a force terminate request results in an invalid or bad request exception.
    " + "documentation":"

    The method to use to terminate the game session. Available methods include:

    • TRIGGER_ON_PROCESS_TERMINATE – Prompts the Amazon GameLift Servers service to send an OnProcessTerminate() callback to the server process and initiate the normal game session shutdown sequence. The OnProcessTerminate method, which is implemented in the game server code, must include a call to the server SDK action ProcessEnding(), which is how the server process signals to Amazon GameLift Servers that a game session is ending. If the server process doesn't call ProcessEnding(), the game session termination won't conclude successfully.

    • FORCE_TERMINATE – Prompts the Amazon GameLift Servers service to stop the server process immediately. Amazon GameLift Servers takes action (depending on the type of fleet) to shut down the server process without the normal game session shutdown sequence.

      This method is not available for game sessions that are running on Anywhere fleets unless the fleet is deployed with the Amazon GameLift Servers Agent. In this scenario, a force terminate request results in an invalid or bad request exception.
    " } } }, @@ -9327,6 +9659,20 @@ ] }, "Timestamp":{"type":"timestamp"}, + "UDPEndpoint":{ + "type":"structure", + "members":{ + "Domain":{ + "shape":"NonZeroAndMaxString", + "documentation":"

    The domain name of the UDP endpoint.

    " + }, + "Port":{ + "shape":"PositiveInteger", + "documentation":"

    The port number of the UDP endpoint.

    " + } + }, + "documentation":"

    The domain name and port information for a UDP endpoint.

    " + }, "UnauthorizedException":{ "type":"structure", "members":{ @@ -9352,18 +9698,17 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift resource that you want to remove tags from. Amazon GameLift includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon GameLift Servers resource that you want to remove tags from. Amazon GameLift Servers includes resource ARNs in the data object for the resource. You can retrieve the ARN by calling a List or Describe operation for the resource type.

    " }, "TagKeys":{ "shape":"TagKeyList", - "documentation":"

    A list of one or more tag keys to remove from the specified Amazon GameLift resource.

    " + "documentation":"

    A list of one or more tag keys to remove from the specified Amazon GameLift Servers resource.

    " } } }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAliasInput":{ "type":"structure", @@ -9441,11 +9786,11 @@ }, "GameServerContainerGroupsPerInstance":{ "shape":"GameServerContainerGroupsPerInstance", - "documentation":"

    The number of times to replicate the game server container group on each fleet instance. By default, Amazon GameLift calculates the maximum number of game server container groups that can fit on each instance. You can remove this property value to use the calculated value, or set it manually. If you set this number manually, Amazon GameLift uses your value as long as it's less than the calculated maximum.

    " + "documentation":"

    The number of times to replicate the game server container group on each fleet instance. By default, Amazon GameLift Servers calculates the maximum number of game server container groups that can fit on each instance. You can remove this property value to use the calculated value, or set it manually. If you set this number manually, Amazon GameLift Servers uses your value as long as it's less than the calculated maximum.

    " }, "InstanceConnectionPortRange":{ "shape":"ConnectionPortRange", - "documentation":"

    A revised set of port numbers to open on each fleet instance. By default, Amazon GameLift calculates an optimal port range based on your fleet configuration. If you previously set this parameter manually, you can't reset this to use the calculated settings.

    " + "documentation":"

    A revised set of port numbers to open on each fleet instance. By default, Amazon GameLift Servers calculates an optimal port range based on your fleet configuration. If you previously set this parameter manually, you can't reset this to use the calculated settings.

    " }, "InstanceInboundPermissionAuthorizations":{ "shape":"IpPermissionsList", @@ -9528,7 +9873,7 @@ }, "OperatingSystem":{ "shape":"ContainerOperatingSystem", - "documentation":"

    The platform that all containers in the group use. Containers in a group must run on the same operating system.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use Amazon GameLift server SDK 4.x, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to Amazon GameLift server SDK version 5.

    " + "documentation":"

    The platform that all containers in the group use. Containers in a group must run on the same operating system.

    Amazon Linux 2 (AL2) will reach end of support on 6/30/2025. See more details in the Amazon Linux 2 FAQs. For game servers that are hosted on AL2 and use server SDK version 4.x for Amazon GameLift Servers, first update the game server build to server SDK 5.x, and then deploy to AL2023 instances. See Migrate to server SDK version 5.

    " } } }, @@ -9571,7 +9916,7 @@ }, "AnywhereConfiguration":{ "shape":"AnywhereConfiguration", - "documentation":"

    Amazon GameLift Anywhere configuration options.

    " + "documentation":"

    Amazon GameLift Servers Anywhere configuration options.

    " } } }, @@ -9584,7 +9929,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " } } }, @@ -9623,7 +9968,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " }, "Location":{ "shape":"LocationStringModel", @@ -9658,7 +10003,7 @@ }, "FleetArn":{ "shape":"FleetArn", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers fleet resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::fleet/fleet-a1234567-b8c9-0d1e-2fa3-b45c6d7e8912.

    " } } }, @@ -9672,11 +10017,11 @@ }, "RoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift to access your Amazon EC2 Auto Scaling groups.

    " + "documentation":"

    The Amazon Resource Name (ARN) for an IAM role that allows Amazon GameLift Servers to access your Amazon EC2 Auto Scaling groups.

    " }, "InstanceDefinitions":{ "shape":"InstanceDefinitions", - "documentation":"

    An updated list of Amazon EC2 instance types to use in the Auto Scaling group. The instance definitions must specify at least two different instance types that are supported by Amazon GameLift FleetIQ. This updated list replaces the entire current list of instance definitions for the game server group. For more information on instance types, see EC2 Instance Types in the Amazon EC2 User Guide. You can optionally specify capacity weighting for each instance type. If no weight value is specified for an instance type, it is set to the default value \"1\". For more information about capacity weighting, see Instance Weighting for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

    " + "documentation":"

    An updated list of Amazon EC2 instance types to use in the Auto Scaling group. The instance definitions must specify at least two different instance types that are supported by Amazon GameLift Servers FleetIQ. This updated list replaces the entire current list of instance definitions for the game server group. For more information on instance types, see EC2 Instance Types in the Amazon EC2 User Guide. You can optionally specify capacity weighting for each instance type. If no weight value is specified for an instance type, it is set to the default value \"1\". For more information about capacity weighting, see Instance Weighting for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

    " }, "GameServerProtectionPolicy":{ "shape":"GameServerProtectionPolicy", @@ -9684,7 +10029,7 @@ }, "BalancingStrategy":{ "shape":"BalancingStrategy", - "documentation":"

    Indicates how Amazon GameLift FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " + "documentation":"

    Indicates how Amazon GameLift Servers FleetIQ balances the use of Spot Instances and On-Demand Instances in the game server group. Method options include the following:

    • SPOT_ONLY - Only Spot Instances are used in the game server group. If Spot Instances are unavailable or not viable for game hosting, the game server group provides no hosting capacity until Spot Instances can again be used. Until then, no new instances are started, and the existing nonviable Spot Instances are terminated (after current gameplay ends) and are not replaced.

    • SPOT_PREFERRED - (default value) Spot Instances are used whenever available in the game server group. If Spot Instances are unavailable, the game server group continues to provide hosting capacity by falling back to On-Demand Instances. Existing nonviable Spot Instances are terminated (after current gameplay ends) and are replaced with new On-Demand Instances.

    • ON_DEMAND_ONLY - Only On-Demand Instances are used in the game server group. No Spot Instances are used, even when available, while this balancing strategy is in force.

    " } } }, @@ -9788,7 +10133,7 @@ }, "PlayerLatencyPolicies":{ "shape":"PlayerLatencyPolicyList", - "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value. When updating policies, provide a complete collection of policies.

    " + "documentation":"

    A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift Servers can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value. When updating policies, provide a complete collection of policies.

    " }, "Destinations":{ "shape":"GameSessionQueueDestinationList", @@ -9835,7 +10180,7 @@ }, "GameSessionQueueArns":{ "shape":"QueueArnsList", - "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift-hosted game sessions for matches that are created with this matchmaking configuration. If FlexMatchMode is set to STANDALONE, do not set this parameter.

    " + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers game session queue resource and uniquely identifies it. ARNs are unique across all Regions. Format is arn:aws:gamelift:<region>::gamesessionqueue/<queue name>. Queues can be located in any Region. Queues are used to start new Amazon GameLift Servers-hosted game sessions for matches that are created with this matchmaking configuration. If FlexMatchMode is set to STANDALONE, do not set this parameter.

    " }, "RequestTimeoutSeconds":{ "shape":"MatchmakingRequestTimeoutInteger", @@ -9879,7 +10224,7 @@ }, "FlexMatchMode":{ "shape":"FlexMatchMode", - "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift queue to start a game session for the match.

    " + "documentation":"

    Indicates whether this matchmaking configuration is being used with Amazon GameLift Servers hosting or as a standalone matchmaking solution.

    • STANDALONE - FlexMatch forms matches and returns match information, including players and team assignments, in a MatchmakingSucceeded event.

    • WITH_QUEUE - FlexMatch forms matches and uses the specified Amazon GameLift Servers queue to start a game session for the match.

    " } } }, @@ -9905,7 +10250,7 @@ }, "RuntimeConfiguration":{ "shape":"RuntimeConfiguration", - "documentation":"

    Instructions for launching server processes on fleet computes. Server processes run either a custom game build executable or a Realtime Servers script. The runtime configuration lists the types of server processes to run, how to launch them, and the number of processes to run concurrently.

    " + "documentation":"

    Instructions for launching server processes on fleet computes. Server processes run either a custom game build executable or a Amazon GameLift Servers Realtime script. The runtime configuration lists the types of server processes to run, how to launch them, and the number of processes to run concurrently.

    " } } }, @@ -9936,7 +10281,7 @@ }, "StorageLocation":{ "shape":"S3Location", - "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " + "documentation":"

    The location of the Amazon S3 bucket where a zipped file containing your Realtime scripts is stored. The storage location must specify the Amazon S3 bucket name, the zip file name (the \"key\"), and a role ARN that allows Amazon GameLift Servers to access the Amazon S3 storage location. The S3 bucket must be in the same Region where you want to create a new script. By default, Amazon GameLift Servers uploads the latest version of the zip file; if you have S3 object versioning turned on, you can use the ObjectVersion parameter to specify an earlier version.

    " }, "ZipFile":{ "shape":"ZipBlob", @@ -9949,7 +10294,7 @@ "members":{ "Script":{ "shape":"Script", - "documentation":"

    The newly created script record with a unique script ID. The new script's storage location reflects an Amazon S3 location: (1) If the script was uploaded from an S3 bucket under your account, the storage location reflects the information that was provided in the CreateScript request; (2) If the script file was uploaded from a local zip file, the storage location reflects an S3 location controls by the Amazon GameLift service.

    " + "documentation":"

    The newly created script record with a unique script ID. The new script's storage location reflects an Amazon S3 location: (1) If the script was uploaded from an S3 bucket under your account, the storage location reflects the information that was provided in the CreateScript request; (2) If the script file was uploaded from a local zip file, the storage location reflects an S3 location controls by the Amazon GameLift Servers service.

    " } } }, @@ -9977,7 +10322,7 @@ "members":{ "GameLiftAwsAccountId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " + "documentation":"

    A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift Servers fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.

    " }, "PeerVpcAwsAccountId":{ "shape":"NonZeroAndMaxString", @@ -9985,7 +10330,7 @@ }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " }, "CreationTime":{ "shape":"Timestamp", @@ -9996,7 +10341,7 @@ "documentation":"

    Time stamp indicating when this authorization expires (24 hours after issuance). Format is a number expressed in Unix time as milliseconds (for example \"1469498468.057\").

    " } }, - "documentation":"

    Represents an authorization for a VPC peering connection between the VPC for an Amazon GameLift fleet and another VPC on an account you have access to. This authorization must exist and be valid for the peering connection to be established. Authorizations are valid for 24 hours after they are issued.

    Related actions

    All APIs by task

    " + "documentation":"

    Represents an authorization for a VPC peering connection between the VPC for an Amazon GameLift Servers fleet and another VPC on an account you have access to. This authorization must exist and be valid for the peering connection to be established. Authorizations are valid for 24 hours after they are issued.

    Related actions

    All APIs by task

    " }, "VpcPeeringAuthorizationList":{ "type":"list", @@ -10007,7 +10352,7 @@ "members":{ "FleetId":{ "shape":"FleetId", - "documentation":"

    A unique identifier for the fleet. This ID determines the ID of the Amazon GameLift VPC for your fleet.

    " + "documentation":"

    A unique identifier for the fleet. This ID determines the ID of the Amazon GameLift Servers VPC for your fleet.

    " }, "FleetArn":{ "shape":"FleetArn", @@ -10027,14 +10372,14 @@ }, "PeerVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Fleets.

    " + "documentation":"

    A unique identifier for a VPC with resources to be accessed by your Amazon GameLift Servers fleet. The VPC must be in the same Region as your fleet. To look up a VPC ID, use the VPC Dashboard in the Amazon Web Services Management Console. Learn more about VPC peering in VPC Peering with Amazon GameLift Servers Fleets.

    " }, "GameLiftVpcId":{ "shape":"NonZeroAndMaxString", - "documentation":"

    A unique identifier for the VPC that contains the Amazon GameLift fleet for this connection. This VPC is managed by Amazon GameLift and does not appear in your Amazon Web Services account.

    " + "documentation":"

    A unique identifier for the VPC that contains the Amazon GameLift Servers fleet for this connection. This VPC is managed by Amazon GameLift Servers and does not appear in your Amazon Web Services account.

    " } }, - "documentation":"

    Represents a peering connection between a VPC on one of your Amazon Web Services accounts and the VPC for your Amazon GameLift fleets. This record may be for an active peering connection or a pending connection that has not yet been established.

    Related actions

    All APIs by task

    " + "documentation":"

    Represents a peering connection between a VPC on one of your Amazon Web Services accounts and the VPC for your Amazon GameLift Servers fleets. This record may be for an active peering connection or a pending connection that has not yet been established.

    Related actions

    All APIs by task

    " }, "VpcPeeringConnectionList":{ "type":"list", @@ -10081,5 +10426,5 @@ "max":5000000 } }, - "documentation":"

    Amazon GameLift provides solutions for hosting session-based multiplayer game servers in the cloud, including tools for deploying, operating, and scaling game servers. Built on Amazon Web Services global computing infrastructure, GameLift helps you deliver high-performance, high-reliability, low-cost game servers while dynamically scaling your resource usage to meet player demand.

    About Amazon GameLift solutions

    Get more information on these Amazon GameLift solutions in the Amazon GameLift Developer Guide.

    • Amazon GameLift managed hosting -- Amazon GameLift offers a fully managed service to set up and maintain computing machines for hosting, manage game session and player session life cycle, and handle security, storage, and performance tracking. You can use automatic scaling tools to balance player demand and hosting costs, configure your game session management to minimize player latency, and add FlexMatch for matchmaking.

    • Managed hosting with Realtime Servers -- With Amazon GameLift Realtime Servers, you can quickly configure and set up ready-to-go game servers for your game. Realtime Servers provides a game server framework with core Amazon GameLift infrastructure already built in. Then use the full range of Amazon GameLift managed hosting features, including FlexMatch, for your game.

    • Amazon GameLift FleetIQ -- Use Amazon GameLift FleetIQ as a standalone service while hosting your games using EC2 instances and Auto Scaling groups. Amazon GameLift FleetIQ provides optimizations for game hosting, including boosting the viability of low-cost Spot Instances gaming. For a complete solution, pair the Amazon GameLift FleetIQ and FlexMatch standalone services.

    • Amazon GameLift FlexMatch -- Add matchmaking to your game hosting solution. FlexMatch is a customizable matchmaking service for multiplayer games. Use FlexMatch as integrated with Amazon GameLift managed hosting or incorporate FlexMatch as a standalone service into your own hosting solution.

    About this API Reference

    This reference guide describes the low-level service API for Amazon GameLift. With each topic in this guide, you can find links to language-specific SDK guides and the Amazon Web Services CLI reference. Useful links:

    " + "documentation":"

    Amazon GameLift Servers provides solutions for hosting session-based multiplayer game servers in the cloud, including tools for deploying, operating, and scaling game servers. Built on Amazon Web Services global computing infrastructure, GameLift helps you deliver high-performance, high-reliability, low-cost game servers while dynamically scaling your resource usage to meet player demand.

    About Amazon GameLift Servers solutions

    Get more information on these Amazon GameLift Servers solutions in the Amazon GameLift Servers Developer Guide.

    • Amazon GameLift Servers managed hosting -- Amazon GameLift Servers offers a fully managed service to set up and maintain computing machines for hosting, manage game session and player session life cycle, and handle security, storage, and performance tracking. You can use automatic scaling tools to balance player demand and hosting costs, configure your game session management to minimize player latency, and add FlexMatch for matchmaking.

    • Managed hosting with Amazon GameLift Servers Realtime -- With Amazon GameLift Servers Amazon GameLift Servers Realtime, you can quickly configure and set up ready-to-go game servers for your game. Amazon GameLift Servers Realtime provides a game server framework with core Amazon GameLift Servers infrastructure already built in. Then use the full range of Amazon GameLift Servers managed hosting features, including FlexMatch, for your game.

    • Amazon GameLift Servers FleetIQ -- Use Amazon GameLift Servers FleetIQ as a standalone service while hosting your games using EC2 instances and Auto Scaling groups. Amazon GameLift Servers FleetIQ provides optimizations for game hosting, including boosting the viability of low-cost Spot Instances gaming. For a complete solution, pair the Amazon GameLift Servers FleetIQ and FlexMatch standalone services.

    • Amazon GameLift Servers FlexMatch -- Add matchmaking to your game hosting solution. FlexMatch is a customizable matchmaking service for multiplayer games. Use FlexMatch as integrated with Amazon GameLift Servers managed hosting or incorporate FlexMatch as a standalone service into your own hosting solution.

    About this API Reference

    This reference guide describes the low-level service API for Amazon GameLift Servers. With each topic in this guide, you can find links to language-specific SDK guides and the Amazon Web Services CLI reference. Useful links:

    " } diff -pruN 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://gameliftstreams-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://gameliftstreams.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +{ + "pagination": { + "ListApplications": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListStreamGroups": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListStreamSessions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListStreamSessionsByAccount": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,2364 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"gameliftstreams", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"Amazon GameLift Streams", + "serviceId":"GameLiftStreams", + "signatureVersion":"v4", + "signingName":"gameliftstreams", + "uid":"gameliftstreams-2018-05-10" + }, + "operations":{ + "AddStreamGroupLocations":{ + "name":"AddStreamGroupLocations", + "http":{ + "method":"POST", + "requestUri":"/streamgroups/{Identifier}/locations", + "responseCode":200 + }, + "input":{"shape":"AddStreamGroupLocationsInput"}, + "output":{"shape":"AddStreamGroupLocationsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Add locations that can host stream sessions. To add a location, the stream group must be in ACTIVE status. You configure locations and their corresponding capacity for each stream group. Creating a stream group in a location that's nearest to your end users can help minimize latency and improve quality.

    This operation provisions stream capacity at the specified locations. By default, all locations have 1 or 2 capacity, depending on the stream class option: 2 for 'High' and 1 for 'Ultra' and 'Win2022'. This operation also copies the content files of all associated applications to an internal S3 bucket at each location. This allows Amazon GameLift Streams to host performant stream sessions.

    " + }, + "AssociateApplications":{ + "name":"AssociateApplications", + "http":{ + "method":"POST", + "requestUri":"/streamgroups/{Identifier}/associations", + "responseCode":200 + }, + "input":{"shape":"AssociateApplicationsInput"}, + "output":{"shape":"AssociateApplicationsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    When you associate, or link, an application with a stream group, then Amazon GameLift Streams can launch the application using the stream group's allocated compute resources. The stream group must be in ACTIVE status. You can reverse this action by using DisassociateApplications.

    If a stream group does not already have a linked application, Amazon GameLift Streams will automatically assign the first application provided in ApplicationIdentifiers as the default.

    ", + "idempotent":true + }, + "CreateApplication":{ + "name":"CreateApplication", + "http":{ + "method":"POST", + "requestUri":"/applications", + "responseCode":201 + }, + "input":{"shape":"CreateApplicationInput"}, + "output":{"shape":"CreateApplicationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Creates an application resource in Amazon GameLift Streams, which specifies the application content you want to stream, such as a game build or other software, and configures the settings to run it.

    Before you create an application, upload your application content files to an Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Getting Started in the Amazon GameLift Streams Developer Guide.

    Make sure that your files in the Amazon S3 bucket are the correct version you want to use. If you change the files at a later time, you will need to create a new Amazon GameLift Streams application.

    If the request is successful, Amazon GameLift Streams begins to create an application and sets the status to INITIALIZED. When an application reaches READY status, you can use the application to set up stream groups and start streams. To track application status, call GetApplication.

    " + }, + "CreateStreamGroup":{ + "name":"CreateStreamGroup", + "http":{ + "method":"POST", + "requestUri":"/streamgroups", + "responseCode":201 + }, + "input":{"shape":"CreateStreamGroupInput"}, + "output":{"shape":"CreateStreamGroupOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Stream groups manage how Amazon GameLift Streams allocates resources and handles concurrent streams, allowing you to effectively manage capacity and costs. Within a stream group, you specify an application to stream, streaming locations and their capacity, and the stream class you want to use when streaming applications to your end-users. A stream class defines the hardware configuration of the compute resources that Amazon GameLift Streams will use when streaming, such as the CPU, GPU, and memory.

    Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. There are two types of capacity, always-on and on-demand:

    • Always-on: The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

    • On-demand: The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

    Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

    To adjust the capacity of any ACTIVE stream group, call UpdateStreamGroup.

    If the CreateStreamGroup request is successful, Amazon GameLift Streams assigns a unique ID to the stream group resource and sets the status to ACTIVATING. It can take a few minutes for Amazon GameLift Streams to finish creating the stream group while it searches for unallocated compute resources and provisions them. When complete, the stream group status will be ACTIVE and you can start stream sessions by using StartStreamSession. To check the stream group's status, call GetStreamGroup.

    Stream groups should be recreated every 3-4 weeks to pick up important service updates and fixes. Stream groups that are older than 180 days can no longer be updated with new application associations. Stream groups expire when they are 365 days old, at which point they can no longer stream sessions. The exact expiration date is indicated by the date value in the ExpiresAt field.

    ", + "idempotent":true + }, + "CreateStreamSessionConnection":{ + "name":"CreateStreamSessionConnection", + "http":{ + "method":"POST", + "requestUri":"/streamgroups/{Identifier}/streamsessions/{StreamSessionIdentifier}/connections", + "responseCode":200 + }, + "input":{"shape":"CreateStreamSessionConnectionInput"}, + "output":{"shape":"CreateStreamSessionConnectionOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Enables clients to reconnect to a stream session while preserving all session state and data in the disconnected session. This reconnection process can be initiated when a stream session is in either PENDING_CLIENT_RECONNECTION or ACTIVE status. The process works as follows:

    1. Initial disconnect:

      • When a client disconnects or loses connection, the stream session transitions from CONNECTED to PENDING_CLIENT_RECONNECTION

    2. Reconnection time window:

      • Clients have ConnectionTimeoutSeconds (defined in StartStreamSession) to reconnect before session termination

      • Your backend server must call CreateStreamSessionConnection to initiate reconnection

      • Session transitions to RECONNECTING status

    3. Reconnection completion:

      • On successful CreateStreamSessionConnection, session status changes to ACTIVE

      • Provide the new connection information to the requesting client

      • Client must establish connection within ConnectionTimeoutSeconds

      • Session terminates automatically if client fails to connect in time

    For more information about the stream session lifecycle, see Stream sessions in the Amazon GameLift Streams Developer Guide.

    To begin re-connecting to an existing stream session, specify the stream group ID and stream session ID that you want to reconnect to, and the signal request to use with the stream.

    " + }, + "DeleteApplication":{ + "name":"DeleteApplication", + "http":{ + "method":"DELETE", + "requestUri":"/applications/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteApplicationInput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Permanently deletes an Amazon GameLift Streams application resource. This also deletes the application content files stored with Amazon GameLift Streams. However, this does not delete the original files that you uploaded to your Amazon S3 bucket; you can delete these any time after Amazon GameLift Streams creates an application, which is the only time Amazon GameLift Streams accesses your Amazon S3 bucket.

    You can only delete an application that meets the following conditions:

    • The application is in READY or ERROR status. You cannot delete an application that's in PROCESSING or INITIALIZED status.

    • The application is not the default application of any stream groups. You must first delete the stream group by using DeleteStreamGroup.

    • The application is not linked to any stream groups. You must first unlink the stream group by using DisassociateApplications.

    • An application is not streaming in any ongoing stream session. You must wait until the client ends the stream session or call TerminateStreamSession to end the stream.

    If any active stream groups exist for this application, this request returns a ValidationException.

    ", + "idempotent":true + }, + "DeleteStreamGroup":{ + "name":"DeleteStreamGroup", + "http":{ + "method":"DELETE", + "requestUri":"/streamgroups/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteStreamGroupInput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Permanently deletes all compute resources and information related to a stream group. To delete a stream group, specify the unique stream group identifier. During the deletion process, the stream group's status is DELETING. This operation stops streams in progress and prevents new streams from starting. As a best practice, before deleting the stream group, call ListStreamSessions to check for streams in progress and take action to stop them. When you delete a stream group, any application associations referring to that stream group are automatically removed.

    ", + "idempotent":true + }, + "DisassociateApplications":{ + "name":"DisassociateApplications", + "http":{ + "method":"POST", + "requestUri":"/streamgroups/{Identifier}/disassociations", + "responseCode":200 + }, + "input":{"shape":"DisassociateApplicationsInput"}, + "output":{"shape":"DisassociateApplicationsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    When you disassociate, or unlink, an application from a stream group, you can no longer stream this application by using that stream group's allocated compute resources. Any streams in process will continue until they terminate, which helps avoid interrupting an end-user's stream. Amazon GameLift Streams will not initiate new streams in the stream group using the disassociated application. The disassociate action does not affect the stream capacity of a stream group. To disassociate an application, the stream group must be in ACTIVE status.

    If you disassociate the default application, Amazon GameLift Streams will automatically choose a new default application from the remaining associated applications. To change which application is the default application, call UpdateStreamGroup and specify a new DefaultApplicationIdentifier.

    ", + "idempotent":true + }, + "ExportStreamSessionFiles":{ + "name":"ExportStreamSessionFiles", + "http":{ + "method":"PUT", + "requestUri":"/streamgroups/{Identifier}/streamsessions/{StreamSessionIdentifier}/exportfiles", + "responseCode":200 + }, + "input":{"shape":"ExportStreamSessionFilesInput"}, + "output":{"shape":"ExportStreamSessionFilesOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Export the files that your application modifies or generates in a stream session, which can help you debug or verify your application. When your application runs, it generates output files such as logs, diagnostic information, crash dumps, save files, user data, screenshots, and so on. The files can be defined by the engine or frameworks that your application uses, or information that you've programmed your application to output.

    You can only call this action on a stream session that is in progress, specifically in one of the following statuses ACTIVE, CONNECTED, PENDING_CLIENT_RECONNECTION, and RECONNECTING. You must provide an Amazon Simple Storage Service (Amazon S3) bucket to store the files in. When the session ends, Amazon GameLift Streams produces a compressed folder that contains all of the files and directories that were modified or created by the application during the stream session. AWS uses your security credentials to authenticate and authorize access to your Amazon S3 bucket.

    Amazon GameLift Streams collects the following generated and modified files. Find them in the corresponding folders in the .zip archive.

    • application/: The folder where your application or game is stored.

    • profile/: The user profile folder.

    • temp/: The system temp folder.

    To verify the status of the exported files, use GetStreamSession.

    To delete the files, delete the object in the S3 bucket.

    ", + "idempotent":true + }, + "GetApplication":{ + "name":"GetApplication", + "http":{ + "method":"GET", + "requestUri":"/applications/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetApplicationInput"}, + "output":{"shape":"GetApplicationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves properties for an Amazon GameLift Streams application resource. Specify the ID of the application that you want to retrieve. If the operation is successful, it returns properties for the requested application.

    ", + "readonly":true + }, + "GetStreamGroup":{ + "name":"GetStreamGroup", + "http":{ + "method":"GET", + "requestUri":"/streamgroups/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetStreamGroupInput"}, + "output":{"shape":"GetStreamGroupOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves properties for a Amazon GameLift Streams stream group resource. Specify the ID of the stream group that you want to retrieve. If the operation is successful, it returns properties for the requested stream group.

    ", + "readonly":true + }, + "GetStreamSession":{ + "name":"GetStreamSession", + "http":{ + "method":"GET", + "requestUri":"/streamgroups/{Identifier}/streamsessions/{StreamSessionIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetStreamSessionInput"}, + "output":{"shape":"GetStreamSessionOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves properties for a Amazon GameLift Streams stream session resource. Specify the Amazon Resource Name (ARN) of the stream session that you want to retrieve and its stream group ARN. If the operation is successful, it returns properties for the requested resource.

    ", + "readonly":true + }, + "ListApplications":{ + "name":"ListApplications", + "http":{ + "method":"GET", + "requestUri":"/applications", + "responseCode":200 + }, + "input":{"shape":"ListApplicationsInput"}, + "output":{"shape":"ListApplicationsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves a list of all Amazon GameLift Streams applications that are associated with the Amazon Web Services account in use. This operation returns applications in all statuses, in no particular order. You can paginate the results as needed.

    ", + "readonly":true + }, + "ListStreamGroups":{ + "name":"ListStreamGroups", + "http":{ + "method":"GET", + "requestUri":"/streamgroups", + "responseCode":200 + }, + "input":{"shape":"ListStreamGroupsInput"}, + "output":{"shape":"ListStreamGroupsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves a list of all Amazon GameLift Streams stream groups that are associated with the Amazon Web Services account in use. This operation returns stream groups in all statuses, in no particular order. You can paginate the results as needed.

    ", + "readonly":true + }, + "ListStreamSessions":{ + "name":"ListStreamSessions", + "http":{ + "method":"GET", + "requestUri":"/streamgroups/{Identifier}/streamsessions", + "responseCode":200 + }, + "input":{"shape":"ListStreamSessionsInput"}, + "output":{"shape":"ListStreamSessionsOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves a list of Amazon GameLift Streams stream sessions that a stream group is hosting.

    To retrieve stream sessions, specify the stream group, and optionally filter by stream session status. You can paginate the results as needed.

    This operation returns the requested stream sessions in no particular order.

    ", + "readonly":true + }, + "ListStreamSessionsByAccount":{ + "name":"ListStreamSessionsByAccount", + "http":{ + "method":"GET", + "requestUri":"/streamsessions", + "responseCode":200 + }, + "input":{"shape":"ListStreamSessionsByAccountInput"}, + "output":{"shape":"ListStreamSessionsByAccountOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves a list of Amazon GameLift Streams stream sessions that this user account has access to.

    In the returned list of stream sessions, the ExportFilesMetadata property only shows the Status value. To get the OutpurUri and StatusReason values, use GetStreamSession.

    We don't recommend using this operation to regularly check stream session statuses because it's costly. Instead, to check status updates for a specific stream session, use GetStreamSession.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves all tags assigned to a Amazon GameLift Streams resource. To list tags for a resource, specify the ARN value for the resource.

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    ", + "readonly":true + }, + "RemoveStreamGroupLocations":{ + "name":"RemoveStreamGroupLocations", + "http":{ + "method":"DELETE", + "requestUri":"/streamgroups/{Identifier}/locations", + "responseCode":204 + }, + "input":{"shape":"RemoveStreamGroupLocationsInput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Removes a set of remote locations from this stream group. To remove a location, the stream group must be in ACTIVE status. When you remove a location, Amazon GameLift Streams releases allocated compute resources in that location. Stream sessions can no longer start from removed locations in a stream group. Amazon GameLift Streams also deletes the content files of all associated applications that were in Amazon GameLift Streams's internal Amazon S3 bucket at this location.

    You cannot remove the Amazon Web Services Region location where you initially created this stream group, known as the primary location. However, you can set the stream capacity to zero to avoid incurring costs for allocated compute resources in that location.

    ", + "idempotent":true + }, + "StartStreamSession":{ + "name":"StartStreamSession", + "http":{ + "method":"POST", + "requestUri":"/streamgroups/{Identifier}/streamsessions", + "responseCode":201 + }, + "input":{"shape":"StartStreamSessionInput"}, + "output":{"shape":"StartStreamSessionOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    This action initiates a new stream session and outputs connection information that clients can use to access the stream. A stream session refers to an instance of a stream that Amazon GameLift Streams transmits from the server to the end-user. A stream session runs on a compute resource that a stream group has allocated. The start stream session process works as follows:

    1. Prerequisites:

      • You must have a stream group in ACTIVE status

      • You must have idle or on-demand capacity in a stream group in the location you want to stream from

      • You must have at least one application associated to the stream group (use AssociateApplications if needed)

    2. Start stream request:

      • Your backend server calls StartStreamSession to initiate connection

      • Amazon GameLift Streams creates the stream session resource, assigns an Amazon Resource Name (ARN) value, and begins searching for available stream capacity to run the stream

      • Session transitions to ACTIVATING status

    3. Placement completion:

      • If Amazon GameLift Streams is successful in finding capacity for the stream, the stream session status changes to ACTIVE status and StartStreamSession returns stream connection information

      • If Amazon GameLift Streams was not successful in finding capacity within the placement timeout period (defined according to the capacity type and platform type), the stream session status changes to ERROR status and StartStreamSession returns a StatusReason of placementTimeout

    4. Connection completion:

      • Provide the new connection information to the requesting client

      • Client must establish connection within ConnectionTimeoutSeconds (specified in StartStreamSession parameters)

      • Session terminates automatically if client fails to connect in time

    For more information about the stream session lifecycle, see Stream sessions in the Amazon GameLift Streams Developer Guide.

    Timeouts to be aware of that affect a stream session:

    • Placement timeout: The amount of time that Amazon GameLift Streams has to find capacity for a stream request. Placement timeout varies based on the capacity type used to fulfill your stream request:

      • Always-on capacity: 75 seconds

      • On-demand capacity:

        • Linux/Proton runtimes: 90 seconds

        • Windows runtime: 10 minutes

    • Connection timeout: The amount of time that Amazon GameLift Streams waits for a client to connect to a stream session in ACTIVE status, or reconnect to a stream session in PENDING_CLIENT_RECONNECTION status, the latter of which occurs when a client disconnects or loses connection from a stream session. If no client connects before the timeout, Amazon GameLift Streams terminates the stream session. This value is specified by ConnectionTimeoutSeconds in the StartStreamSession parameters.

    • Idle timeout: A stream session will be terminated if no user input has been received for 60 minutes.

    • Maximum session length: A stream session will be terminated after this amount of time has elapsed since it started, regardless of any existing client connections. This value is specified by SessionLengthSeconds in the StartStreamSession parameters.

    To start a new stream session, specify a stream group ID and application ID, along with the transport protocol and signal request to use with the stream session.

    For stream groups that have multiple locations, provide a set of locations ordered by priority using a Locations parameter. Amazon GameLift Streams will start a single stream session in the next available location. An application must be finished replicating to a remote location before the remote location can host a stream.

    To reconnect to a stream session after a client disconnects or loses connection, use CreateStreamSessionConnection.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Assigns one or more tags to a Amazon GameLift Streams resource. Use tags to organize Amazon Web Services resources for a range of purposes. You can assign tags to the following Amazon GameLift Streams resource types:

    • Application

    • StreamGroup

    Learn more

    Tagging Amazon Web Services Resources in the Amazon Web Services General Reference

    Amazon Web Services Tagging Strategies

    ", + "idempotent":true + }, + "TerminateStreamSession":{ + "name":"TerminateStreamSession", + "http":{ + "method":"DELETE", + "requestUri":"/streamgroups/{Identifier}/streamsessions/{StreamSessionIdentifier}", + "responseCode":204 + }, + "input":{"shape":"TerminateStreamSessionInput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Permanently terminates an active stream session. When called, the stream session status changes to TERMINATING. You can terminate a stream session in any status except ACTIVATING. If the stream session is in ACTIVATING status, an exception is thrown.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Removes one or more tags from a Amazon GameLift Streams resource. To remove tags, specify the Amazon GameLift Streams resource and a list of one or more tags to remove.

    ", + "idempotent":true + }, + "UpdateApplication":{ + "name":"UpdateApplication", + "http":{ + "method":"PATCH", + "requestUri":"/applications/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateApplicationInput"}, + "output":{"shape":"UpdateApplicationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates the mutable configuration settings for a Amazon GameLift Streams application resource. You can change the Description, ApplicationLogOutputUri, and ApplicationLogPaths.

    To update application settings, specify the application ID and provide the new values. If the operation is successful, it returns the complete updated set of settings for the application.

    " + }, + "UpdateStreamGroup":{ + "name":"UpdateStreamGroup", + "http":{ + "method":"PATCH", + "requestUri":"/streamgroups/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateStreamGroupInput"}, + "output":{"shape":"UpdateStreamGroupOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Updates the configuration settings for an Amazon GameLift Streams stream group resource. To update a stream group, it must be in ACTIVE status. You can change the description, the set of locations, and the requested capacity of a stream group per location. If you want to change the stream class, create a new stream group.

    Stream capacity represents the number of concurrent streams that can be active at a time. You set stream capacity per location, per stream group. There are two types of capacity, always-on and on-demand:

    • Always-on: The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

    • On-demand: The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

    Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.

    To update a stream group, specify the stream group's Amazon Resource Name (ARN) and provide the new values. If the request is successful, Amazon GameLift Streams returns the complete updated metadata for the stream group. Expired stream groups cannot be updated.

    " + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    You don't have the required permissions to access this Amazon GameLift Streams resource. Correct the permissions before you try again.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AddStreamGroupLocationsInput":{ + "type":"structure", + "required":[ + "Identifier", + "LocationConfigurations" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    A stream group to add the specified locations to.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "LocationConfigurations":{ + "shape":"LocationConfigurations", + "documentation":"

    A set of one or more locations and the streaming capacity for each location.

    " + } + } + }, + "AddStreamGroupLocationsOutput":{ + "type":"structure", + "required":[ + "Identifier", + "Locations" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    " + }, + "Locations":{ + "shape":"LocationStates", + "documentation":"

    This value is set of locations, including their name, current status, and capacities.

    A location can be in one of the following states:

    • ACTIVATING: Amazon GameLift Streams is preparing the location. You cannot stream from, scale the capacity of, or remove this location yet.

    • ACTIVE: The location is provisioned with initial capacity. You can now stream from, scale the capacity of, or remove this location.

    • ERROR: Amazon GameLift Streams failed to set up this location. The StatusReason field describes the error. You can remove this location and try to add it again.

    • REMOVING: Amazon GameLift Streams is working to remove this location. This will release all provisioned capacity for this location in this stream group.

    " + } + } + }, + "AlwaysOnCapacity":{ + "type":"integer", + "box":true, + "min":0 + }, + "ApplicationLogOutputUri":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"$|^s3://([a-zA-Z0-9][a-zA-Z0-9._-]{1,61}[a-zA-Z0-9])(/[a-zA-Z0-9._-]+)*/?" + }, + "ApplicationSourceUri":{ + "type":"string", + "max":1024, + "min":1 + }, + "ApplicationStatus":{ + "type":"string", + "enum":[ + "INITIALIZED", + "PROCESSING", + "READY", + "DELETING", + "ERROR" + ] + }, + "ApplicationStatusReason":{ + "type":"string", + "enum":[ + "internalError", + "accessDenied" + ] + }, + "ApplicationSummary":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) that's assigned to an application resource and uniquely identifies the application across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:application/[resource ID].

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    An ID that uniquely identifies the application resource. Example ID: a-9ZY8X7Wv6.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application. You can edit this value.

    " + }, + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    The current status of the application resource. Possible statuses include the following:

    • INITIALIZED: Amazon GameLift Streams has received the request and is initiating the work flow to create an application.

    • PROCESSING: The create application work flow is in process. Amazon GameLift Streams is copying the content and caching for future deployment in a stream group.

    • READY: The application is ready to deploy in a stream group.

    • ERROR: An error occurred when setting up the application. For more information about the error, call GetApplication and refer to StatusReason.

    • DELETING: Amazon GameLift Streams is in the process of deleting the application.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "RuntimeEnvironment":{ + "shape":"RuntimeEnvironment", + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + } + }, + "documentation":"

    Describes an application resource that represents a collection of content for streaming with Amazon GameLift Streams. To retrieve additional application details, call GetApplication.

    " + }, + "ApplicationSummaryList":{ + "type":"list", + "member":{"shape":"ApplicationSummary"} + }, + "Arn":{ + "type":"string", + "max":128, + "min":1, + "pattern":"arn:aws:gameliftstreams:([^: ]*):([0-9]{12}):([^: ]*)" + }, + "ArnList":{ + "type":"list", + "member":{"shape":"Arn"} + }, + "AssociateApplicationsInput":{ + "type":"structure", + "required":[ + "Identifier", + "ApplicationIdentifiers" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    A stream group to associate to the applications.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "ApplicationIdentifiers":{ + "shape":"Identifiers", + "documentation":"

    A set of applications to associate with the stream group.

    This value is a set of either Amazon Resource Names (ARN) or IDs that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    " + } + } + }, + "AssociateApplicationsOutput":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    A stream group that is associated to the applications.

    This value is an Amazon Resource Name (ARN) that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4.

    " + }, + "ApplicationArns":{ + "shape":"ArnList", + "documentation":"

    A set of applications that are associated to the stream group.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + } + }, + "CapacityValue":{ + "type":"integer", + "box":true, + "min":0 + }, + "ClientToken":{ + "type":"string", + "max":128, + "min":32, + "pattern":"[\\x21-\\x7E]+" + }, + "ConflictException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ConnectionTimeoutSeconds":{ + "type":"integer", + "box":true, + "max":3600, + "min":1 + }, + "CreateApplicationInput":{ + "type":"structure", + "required":[ + "Description", + "RuntimeEnvironment", + "ExecutablePath", + "ApplicationSourceUri" + ], + "members":{ + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application. You can update this value later.

    " + }, + "RuntimeEnvironment":{ + "shape":"RuntimeEnvironment", + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + }, + "ExecutablePath":{ + "shape":"ExecutablePath", + "documentation":"

    The relative path and file name of the executable file that Amazon GameLift Streams will stream. Specify a path relative to the location set in ApplicationSourceUri. The file must be contained within the application's root folder. For Windows applications, the file must be a valid Windows executable or batch file with a filename ending in .exe, .cmd, or .bat. For Linux applications, the file must be a valid Linux binary executable or a script that contains an initial interpreter line starting with a shebang ('#!').

    " + }, + "ApplicationSourceUri":{ + "shape":"ApplicationSourceUri", + "documentation":"

    The location of the content that you want to stream. Enter an Amazon S3 URI to a bucket that contains your game or other application. The location can have a multi-level prefix structure, but it must include all the files needed to run the content. Amazon GameLift Streams copies everything under the specified location.

    This value is immutable. To designate a different content location, create a new application.

    The Amazon S3 bucket and the Amazon GameLift Streams application must be in the same Amazon Web Services Region.

    " + }, + "ApplicationLogPaths":{ + "shape":"FilePaths", + "documentation":"

    Locations of log files that your content generates during a stream session. Enter path values that are relative to the ApplicationSourceUri location. You can specify up to 10 log paths. Amazon GameLift Streams uploads designated log files to the Amazon S3 bucket that you specify in ApplicationLogOutputUri at the end of a stream session. To retrieve stored log files, call GetStreamSession and get the LogFileLocationUri.

    " + }, + "ApplicationLogOutputUri":{ + "shape":"ApplicationLogOutputUri", + "documentation":"

    An Amazon S3 URI to a bucket where you would like Amazon GameLift Streams to save application logs. Required if you specify one or more ApplicationLogPaths.

    The log bucket must have permissions that give Amazon GameLift Streams access to write the log files. For more information, see Application log bucket permission policy in the Amazon GameLift Streams Developer Guide.

    " + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    A list of labels to assign to the new application resource. Tags are developer-defined key-value pairs. Tagging Amazon Web Services resources is useful for resource management, access management and cost allocation. See Tagging Amazon Web Services Resources in the Amazon Web Services General Reference. You can use TagResource to add tags, UntagResource to remove tags, and ListTagsForResource to view tags on existing resources.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier that represents a client request. The request is idempotent, which ensures that an API request completes only once. When users send a request, Amazon GameLift Streams automatically populates this field.

    ", + "idempotencyToken":true + } + } + }, + "CreateApplicationOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that's assigned to an application resource and uniquely identifies it across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:application/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application. You can edit this value.

    " + }, + "RuntimeEnvironment":{ + "shape":"RuntimeEnvironment", + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + }, + "ExecutablePath":{ + "shape":"ExecutablePath", + "documentation":"

    The relative path and file name of the executable file that launches the content for streaming.

    " + }, + "ApplicationLogPaths":{ + "shape":"FilePaths", + "documentation":"

    Locations of log files that your content generates during a stream session. Amazon GameLift Streams uploads log files to the Amazon S3 bucket that you specify in ApplicationLogOutputUri at the end of a stream session. To retrieve stored log files, call GetStreamSession and get the LogFileLocationUri.

    " + }, + "ApplicationLogOutputUri":{ + "shape":"ApplicationLogOutputUri", + "documentation":"

    An Amazon S3 URI to a bucket where you would like Amazon GameLift Streams to save application logs. Required if you specify one or more ApplicationLogPaths.

    " + }, + "ApplicationSourceUri":{ + "shape":"ApplicationSourceUri", + "documentation":"

    The original Amazon S3 location of uploaded stream content for the application.

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: a-9ZY8X7Wv6.

    " + }, + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    The current status of the application resource. Possible statuses include the following:

    • INITIALIZED: Amazon GameLift Streams has received the request and is initiating the work flow to create an application.

    • PROCESSING: The create application work flow is in process. Amazon GameLift Streams is copying the content and caching for future deployment in a stream group.

    • READY: The application is ready to deploy in a stream group.

    • ERROR: An error occurred when setting up the application. See StatusReason for more information.

    • DELETING: Amazon GameLift Streams is in the process of deleting the application.

    " + }, + "StatusReason":{ + "shape":"ApplicationStatusReason", + "documentation":"

    A short description of the status reason when the application is in ERROR status.

    " + }, + "ReplicationStatuses":{ + "shape":"ReplicationStatuses", + "documentation":"

    A set of replication statuses for each location.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "AssociatedStreamGroups":{ + "shape":"ArnList", + "documentation":"

    A newly created application is not associated to any stream groups. This value is empty.

    " + } + } + }, + "CreateStreamGroupInput":{ + "type":"structure", + "required":[ + "Description", + "StreamClass" + ], + "members":{ + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "StreamClass":{ + "shape":"StreamClass", + "documentation":"

    The target stream quality for sessions that are hosted in this stream group. Set a stream class that is appropriate to the type of content that you're streaming. Stream class determines the type of computing resources Amazon GameLift Streams uses and impacts the cost of streaming. The following options are available:

    A stream class can be one of the following:

    • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    " + }, + "DefaultApplicationIdentifier":{ + "shape":"Identifier", + "documentation":"

    The unique identifier of the Amazon GameLift Streams application that you want to set as the default application in a stream group. The application that you specify must be in READY status. The default application is pre-cached on always-on compute resources, reducing stream startup times. Other applications are automatically cached as needed.

    If you do not link an application when you create a stream group, you will need to link one later, before you can start streaming, using AssociateApplications.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    " + }, + "LocationConfigurations":{ + "shape":"LocationConfigurations", + "documentation":"

    A set of one or more locations and the streaming capacity for each location.

    " + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    A list of labels to assign to the new stream group resource. Tags are developer-defined key-value pairs. Tagging Amazon Web Services resources is useful for resource management, access management and cost allocation. See Tagging Amazon Web Services Resources in the Amazon Web Services General Reference. You can use TagResource to add tags, UntagResource to remove tags, and ListTagsForResource to view tags on existing resources.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier that represents a client request. The request is idempotent, which ensures that an API request completes only once. When users send a request, Amazon GameLift Streams automatically populates this field.

    ", + "idempotencyToken":true + } + } + }, + "CreateStreamGroupOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to the stream group resource and that uniquely identifies the group across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:streamgroup/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "DefaultApplication":{ + "shape":"DefaultApplication", + "documentation":"

    The default Amazon GameLift Streams application that is associated with this stream group.

    " + }, + "LocationStates":{ + "shape":"LocationStates", + "documentation":"

    This value is the set of locations, including their name, current status, and capacities.

    A location can be in one of the following states:

    • ACTIVATING: Amazon GameLift Streams is preparing the location. You cannot stream from, scale the capacity of, or remove this location yet.

    • ACTIVE: The location is provisioned with initial capacity. You can now stream from, scale the capacity of, or remove this location.

    • ERROR: Amazon GameLift Streams failed to set up this location. The StatusReason field describes the error. You can remove this location and try to add it again.

    • REMOVING: Amazon GameLift Streams is working to remove this location. This will release all provisioned capacity for this location in this stream group.

    " + }, + "StreamClass":{ + "shape":"StreamClass", + "documentation":"

    The target stream quality for the stream group.

    A stream class can be one of the following:

    • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: sg-1AB2C3De4.

    " + }, + "Status":{ + "shape":"StreamGroupStatus", + "documentation":"

    The current status of the stream group resource. Possible statuses include the following:

    • ACTIVATING: The stream group is deploying and isn't ready to host streams.

    • ACTIVE: The stream group is ready to host streams.

    • ACTIVE_WITH_ERRORS: One or more locations in the stream group are in an error state. Verify the details of individual locations and remove any locations which are in error.

    • DELETING: Amazon GameLift Streams is in the process of deleting the stream group.

    • ERROR: An error occurred when the stream group deployed. See StatusReason (returned by CreateStreamGroup, GetStreamGroup, and UpdateStreamGroup) for more information.

    • EXPIRED: The stream group is expired and can no longer host streams. This typically occurs when a stream group is 365 days old, as indicated by the value of ExpiresAt. Create a new stream group to resume streaming capabilities.

    • UPDATING_LOCATIONS: One or more locations in the stream group are in the process of updating (either activating or deleting).

    " + }, + "StatusReason":{ + "shape":"StreamGroupStatusReason", + "documentation":"

    A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

    • internalError: The request can't process right now because of an issue with the server. Try again later.

    • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ExpiresAt":{ + "shape":"Timestamp", + "documentation":"

    The time at which this stream group expires. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC). After this time, you will no longer be able to update this stream group or use it to start stream sessions. Only Get and Delete operations will work on an expired stream group.

    " + }, + "AssociatedApplications":{ + "shape":"ArnList", + "documentation":"

    A set of applications that this stream group is associated to. You can stream any of these applications by using this stream group.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + } + }, + "CreateStreamSessionConnectionInput":{ + "type":"structure", + "required":[ + "Identifier", + "StreamSessionIdentifier", + "SignalRequest" + ], + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier that represents a client request. The request is idempotent, which ensures that an API request completes only once. When users send a request, Amazon GameLift Streams automatically populates this field.

    ", + "idempotencyToken":true + }, + "Identifier":{ + "shape":"Identifier", + "documentation":"

    Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    The stream group that you want to run this stream session with. The stream group must be in ACTIVE status.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "StreamSessionIdentifier":{ + "shape":"Identifier", + "documentation":"

    Amazon Resource Name (ARN) or ID that uniquely identifies the stream session resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamsession/sg-1AB2C3De4/ABC123def4567. Example ID: ABC123def4567.

    The stream session must be in PENDING_CLIENT_RECONNECTION or ACTIVE status.

    ", + "location":"uri", + "locationName":"StreamSessionIdentifier" + }, + "SignalRequest":{ + "shape":"SignalRequest", + "documentation":"

    A WebRTC ICE offer string to use when initializing a WebRTC connection. The offer is a very long JSON string. Provide the string as a text value in quotes. The offer must be newly generated, not the same offer provided to StartStreamSession.

    " + } + } + }, + "CreateStreamSessionConnectionOutput":{ + "type":"structure", + "members":{ + "SignalResponse":{ + "shape":"SignalResponse", + "documentation":"

    The WebRTC answer string that the stream server generates in response to the SignalRequest.

    " + } + } + }, + "DefaultApplication":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"Id", + "documentation":"

    An ID that uniquely identifies the application resource. Example ID: a-9ZY8X7Wv6.

    " + }, + "Arn":{ + "shape":"Arn", + "documentation":"

    An Amazon Resource Name (ARN) that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + }, + "documentation":"

    Represents the default Amazon GameLift Streams application that a stream group hosts.

    " + }, + "DeleteApplicationInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteStreamGroupInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "Description":{ + "type":"string", + "max":80, + "min":1, + "pattern":"[a-zA-Z0-9-_.!+@/][a-zA-Z0-9-_.!+@/ ]*" + }, + "DisassociateApplicationsInput":{ + "type":"structure", + "required":[ + "Identifier", + "ApplicationIdentifiers" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    A stream group to disassociate these applications from.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "ApplicationIdentifiers":{ + "shape":"Identifiers", + "documentation":"

    A set of applications that you want to disassociate from the stream group.

    This value is a set of either Amazon Resource Names (ARN) or IDs that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    " + } + } + }, + "DisassociateApplicationsOutput":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    An Amazon Resource Name (ARN) that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4.

    " + }, + "ApplicationArns":{ + "shape":"ArnList", + "documentation":"

    A set of applications that are disassociated from this stream group.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + } + }, + "EnvironmentVariables":{ + "type":"map", + "key":{"shape":"EnvironmentVariablesKeyString"}, + "value":{"shape":"EnvironmentVariablesValueString"}, + "max":50, + "min":0 + }, + "EnvironmentVariablesKeyString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[_a-zA-Z][_a-zA-Z0-9]*" + }, + "EnvironmentVariablesValueString":{ + "type":"string", + "max":1024, + "min":0 + }, + "ExecutablePath":{ + "type":"string", + "max":1024, + "min":1 + }, + "ExportFilesMetadata":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"ExportFilesStatus", + "documentation":"

    The result of the ExportStreamSessionFiles operation.

    " + }, + "StatusReason":{ + "shape":"ExportFilesReason", + "documentation":"

    A short description of the reason the export is in FAILED status.

    " + }, + "OutputUri":{ + "shape":"OutputUri", + "documentation":"

    The S3 bucket URI where Amazon GameLift Streams uploaded the set of compressed exported files for a stream session. Amazon GameLift Streams generates a ZIP file name based on the stream session metadata. Alternatively, you can provide a custom file name with a .zip file extension.

    Example 1: If you provide an S3 URI called s3://amzn-s3-demo-destination-bucket/MyGame_Session1.zip, then Amazon GameLift Streams will save the files at that location.

    Example 2: If you provide an S3 URI called s3://amzn-s3-demo-destination-bucket/MyGameSessions_ExportedFiles/, then Amazon GameLift Streams will save the files at s3://amzn-s3-demo-destination-bucket/MyGameSessions_ExportedFiles/YYYYMMDD-HHMMSS-appId-sg-Id-sessionId.zip or another similar name.

    " + } + }, + "documentation":"

    Provides details about the stream session's exported files.

    " + }, + "ExportFilesReason":{ + "type":"string", + "max":1024, + "min":0 + }, + "ExportFilesStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "FAILED", + "PENDING" + ] + }, + "ExportStreamSessionFilesInput":{ + "type":"structure", + "required":[ + "Identifier", + "StreamSessionIdentifier", + "OutputUri" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "StreamSessionIdentifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream session resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamsession/sg-1AB2C3De4/ABC123def4567. Example ID: ABC123def4567.

    ", + "location":"uri", + "locationName":"StreamSessionIdentifier" + }, + "OutputUri":{ + "shape":"OutputUri", + "documentation":"

    The S3 bucket URI where Amazon GameLift Streams uploads the set of compressed exported files for this stream session. Amazon GameLift Streams generates a ZIP file name based on the stream session metadata. Alternatively, you can provide a custom file name with a .zip file extension.

    Example 1: If you provide an S3 URI called s3://amzn-s3-demo-destination-bucket/MyGame_Session1.zip, then Amazon GameLift Streams will save the files at that location.

    Example 2: If you provide an S3 URI called s3://amzn-s3-demo-destination-bucket/MyGameSessions_ExportedFiles/, then Amazon GameLift Streams will save the files at s3://amzn-s3-demo-destination-bucket/MyGameSessions_ExportedFiles/YYYYMMDD-HHMMSS-appId-sg-Id-sessionId.zip or another similar name.

    " + } + } + }, + "ExportStreamSessionFilesOutput":{ + "type":"structure", + "members":{} + }, + "FileLocationUri":{"type":"string"}, + "FilePath":{ + "type":"string", + "max":1024, + "min":0 + }, + "FilePaths":{ + "type":"list", + "member":{"shape":"FilePath"}, + "max":10, + "min":0 + }, + "GameLaunchArgList":{ + "type":"list", + "member":{"shape":"String"}, + "max":100, + "min":0 + }, + "GetApplicationInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetApplicationOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that's assigned to an application resource and uniquely identifies it across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:application/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application. You can edit this value.

    " + }, + "RuntimeEnvironment":{ + "shape":"RuntimeEnvironment", + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + }, + "ExecutablePath":{ + "shape":"ExecutablePath", + "documentation":"

    The relative path and file name of the executable file that launches the content for streaming.

    " + }, + "ApplicationLogPaths":{ + "shape":"FilePaths", + "documentation":"

    Locations of log files that your content generates during a stream session. Amazon GameLift Streams uploads log files to the Amazon S3 bucket that you specify in ApplicationLogOutputUri at the end of a stream session. To retrieve stored log files, call GetStreamSession and get the LogFileLocationUri.

    " + }, + "ApplicationLogOutputUri":{ + "shape":"ApplicationLogOutputUri", + "documentation":"

    An Amazon S3 URI to a bucket where you would like Amazon GameLift Streams to save application logs. Required if you specify one or more ApplicationLogPaths.

    " + }, + "ApplicationSourceUri":{ + "shape":"ApplicationSourceUri", + "documentation":"

    The original Amazon S3 location of uploaded stream content for the application.

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: a-9ZY8X7Wv6.

    " + }, + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    The current status of the application resource. Possible statuses include the following:

    • INITIALIZED: Amazon GameLift Streams has received the request and is initiating the work flow to create an application.

    • PROCESSING: The create application work flow is in process. Amazon GameLift Streams is copying the content and caching for future deployment in a stream group.

    • READY: The application is ready to deploy in a stream group.

    • ERROR: An error occurred when setting up the application. See StatusReason for more information.

    • DELETING: Amazon GameLift Streams is in the process of deleting the application.

    " + }, + "StatusReason":{ + "shape":"ApplicationStatusReason", + "documentation":"

    A short description of the status reason when the application is in ERROR status.

    " + }, + "ReplicationStatuses":{ + "shape":"ReplicationStatuses", + "documentation":"

    A set of replication statuses for each location.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "AssociatedStreamGroups":{ + "shape":"ArnList", + "documentation":"

    A set of stream groups that this application is associated with. You can use any of these stream groups to stream your application.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify stream group resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4.

    " + } + } + }, + "GetStreamGroupInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetStreamGroupOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to the stream group resource and that uniquely identifies the group across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:streamgroup/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "DefaultApplication":{ + "shape":"DefaultApplication", + "documentation":"

    The default Amazon GameLift Streams application that is associated with this stream group.

    " + }, + "LocationStates":{ + "shape":"LocationStates", + "documentation":"

    This value is the set of locations, including their name, current status, and capacities.

    A location can be in one of the following states:

    • ACTIVATING: Amazon GameLift Streams is preparing the location. You cannot stream from, scale the capacity of, or remove this location yet.

    • ACTIVE: The location is provisioned with initial capacity. You can now stream from, scale the capacity of, or remove this location.

    • ERROR: Amazon GameLift Streams failed to set up this location. The StatusReason field describes the error. You can remove this location and try to add it again.

    • REMOVING: Amazon GameLift Streams is working to remove this location. This will release all provisioned capacity for this location in this stream group.

    " + }, + "StreamClass":{ + "shape":"StreamClass", + "documentation":"

    The target stream quality for the stream group.

    A stream class can be one of the following:

    • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: sg-1AB2C3De4.

    " + }, + "Status":{ + "shape":"StreamGroupStatus", + "documentation":"

    The current status of the stream group resource. Possible statuses include the following:

    • ACTIVATING: The stream group is deploying and isn't ready to host streams.

    • ACTIVE: The stream group is ready to host streams.

    • ACTIVE_WITH_ERRORS: One or more locations in the stream group are in an error state. Verify the details of individual locations and remove any locations which are in error.

    • DELETING: Amazon GameLift Streams is in the process of deleting the stream group.

    • ERROR: An error occurred when the stream group deployed. See StatusReason (returned by CreateStreamGroup, GetStreamGroup, and UpdateStreamGroup) for more information.

    • EXPIRED: The stream group is expired and can no longer host streams. This typically occurs when a stream group is 365 days old, as indicated by the value of ExpiresAt. Create a new stream group to resume streaming capabilities.

    • UPDATING_LOCATIONS: One or more locations in the stream group are in the process of updating (either activating or deleting).

    " + }, + "StatusReason":{ + "shape":"StreamGroupStatusReason", + "documentation":"

    A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

    • internalError: The request can't process right now because of an issue with the server. Try again later.

    • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ExpiresAt":{ + "shape":"Timestamp", + "documentation":"

    The time at which this stream group expires. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC). After this time, you will no longer be able to update this stream group or use it to start stream sessions. Only Get and Delete operations will work on an expired stream group.

    " + }, + "AssociatedApplications":{ + "shape":"ArnList", + "documentation":"

    A set of applications that this stream group is associated to. You can stream any of these applications by using this stream group.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + } + }, + "GetStreamSessionInput":{ + "type":"structure", + "required":[ + "Identifier", + "StreamSessionIdentifier" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    The stream group that runs this stream session.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "StreamSessionIdentifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream session resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamsession/sg-1AB2C3De4/ABC123def4567. Example ID: ABC123def4567.

    ", + "location":"uri", + "locationName":"StreamSessionIdentifier" + } + } + }, + "GetStreamSessionOutput":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) that's assigned to a stream session resource. When combined with the stream group resource ID, this value uniquely identifies the stream session across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:streamsession/[stream group resource ID]/[stream session resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the stream session. You can update this value at any time.

    " + }, + "StreamGroupId":{ + "shape":"Id", + "documentation":"

    The unique identifier for the Amazon GameLift Streams stream group that is hosting the stream session. Format example: sg-1AB2C3De4.

    " + }, + "UserId":{ + "shape":"UserId", + "documentation":"

    An opaque, unique identifier for an end-user, defined by the developer.

    " + }, + "Status":{ + "shape":"StreamSessionStatus", + "documentation":"

    The current status of the stream session. A stream session is ready for a client to connect when in ACTIVE status.

    • ACTIVATING: The stream session is starting and preparing to stream.

    • ACTIVE: The stream session is ready and waiting for a client connection. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches ACTIVE state to establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • CONNECTED: The stream session has a connected client. A session will automatically terminate if there is no user input for 60 minutes, or if the maximum length of a session specified by SessionLengthSeconds in StartStreamSession is exceeded.

    • ERROR: The stream session failed to activate. See StatusReason (returned by GetStreamSession and StartStreamSession) for more information.

    • PENDING_CLIENT_RECONNECTION: A client has recently disconnected and the stream session is waiting for the client to reconnect. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches PENDING_CLIENT_RECONNECTION state to re-establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • RECONNECTING: A client has initiated a reconnect to a session that was in PENDING_CLIENT_RECONNECTION state.

    • TERMINATING: The stream session is ending.

    • TERMINATED: The stream session has ended.

    " + }, + "StatusReason":{ + "shape":"StreamSessionStatusReason", + "documentation":"

    A short description of the reason the stream session is in ERROR status or TERMINATED status.

    ERROR status reasons:

    • applicationLogS3DestinationError: Could not write the application log to the Amazon S3 bucket that is configured for the streaming application. Make sure the bucket still exists.

    • internalError: An internal service error occurred. Start a new stream session to continue streaming.

    • invalidSignalRequest: The WebRTC signal request that was sent is not valid. When starting or reconnecting to a stream session, use generateSignalRequest in the Amazon GameLift Streams Web SDK to generate a new signal request.

    • placementTimeout: Amazon GameLift Streams could not find available stream capacity to start a stream session. Increase the stream capacity in the stream group or wait until capacity becomes available.

    TERMINATED status reasons:

    • apiTerminated: The stream session was terminated by an API call to TerminateStreamSession.

    • applicationExit: The streaming application exited or crashed. The stream session was terminated because the application is no longer running.

    • connectionTimeout: The stream session was terminated because the client failed to connect within the connection timeout period specified by ConnectionTimeoutSeconds.

    • idleTimeout: The stream session was terminated because it exceeded the idle timeout period of 60 minutes with no user input activity.

    • maxSessionLengthTimeout: The stream session was terminated because it exceeded the maximum session length timeout period specified by SessionLengthSeconds.

    • reconnectionTimeout: The stream session was terminated because the client failed to reconnect within the reconnection timeout period specified by ConnectionTimeoutSeconds after losing connection.

    " + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The data transfer protocol in use with the stream session.

    " + }, + "Location":{ + "shape":"LocationName", + "documentation":"

    The location where Amazon GameLift Streams hosts and streams your application. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "SignalRequest":{ + "shape":"SignalRequest", + "documentation":"

    The WebRTC ICE offer string that a client generates to initiate a connection to the stream session.

    " + }, + "SignalResponse":{ + "shape":"SignalResponse", + "documentation":"

    The WebRTC answer string that the stream server generates in response to the SignalRequest.

    " + }, + "ConnectionTimeoutSeconds":{ + "shape":"ConnectionTimeoutSeconds", + "documentation":"

    The length of time that Amazon GameLift Streams should wait for a client to connect or reconnect to the stream session. This time span starts when the stream session reaches ACTIVE or PENDING_CLIENT_RECONNECTION state. If no client connects (or reconnects) before the timeout, Amazon GameLift Streams terminates the stream session.

    " + }, + "SessionLengthSeconds":{ + "shape":"SessionLengthSeconds", + "documentation":"

    The maximum duration of a session. Amazon GameLift Streams will automatically terminate a session after this amount of time has elapsed, regardless of any existing client connections.

    " + }, + "AdditionalLaunchArgs":{ + "shape":"GameLaunchArgList", + "documentation":"

    A list of CLI arguments that are sent to the streaming server when a stream session launches. You can use this to configure the application or stream session details. You can also provide custom arguments that Amazon GameLift Streams passes to your game client.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + }, + "AdditionalEnvironmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"

    A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

    If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + }, + "LogFileLocationUri":{ + "shape":"FileLocationUri", + "documentation":"

    Access location for log files that your content generates during a stream session. These log files are uploaded to cloud storage location at the end of a stream session. The Amazon GameLift Streams application resource defines which log files to upload.

    " + }, + "WebSdkProtocolUrl":{ + "shape":"WebSdkProtocolUrl", + "documentation":"

    The URL of an S3 bucket that stores Amazon GameLift Streams WebSDK files. The URL is used to establish connection with the client.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ApplicationArn":{ + "shape":"Arn", + "documentation":"

    The application streaming in this session.

    This value is an Amazon Resource Name (ARN) that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + }, + "ExportFilesMetadata":{ + "shape":"ExportFilesMetadata", + "documentation":"

    Provides details about the stream session's exported files.

    " + } + } + }, + "Id":{ + "type":"string", + "max":32, + "min":1, + "pattern":"[a-zA-Z0-9-]+" + }, + "Identifier":{ + "type":"string", + "max":128, + "min":1, + "pattern":"(^[a-zA-Z0-9-]+$)|(^arn:aws:gameliftstreams:([^: ]*):([0-9]{12}):([^: ]*)$)" + }, + "Identifiers":{ + "type":"list", + "member":{"shape":"Identifier"}, + "max":50, + "min":1 + }, + "InternalServerException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    The service encountered an internal error and is unable to complete the request.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "ListApplicationsInput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token that marks the start of the next set of results. Use this token when you retrieve results as sequential pages. To get the first page of results, omit a token value. To get the remaining pages, provide the token returned with the previous result set.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The number of results to return. Use this parameter with NextToken to return results in sequential pages. Default value is 25.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListApplicationsOutput":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ApplicationSummaryList", + "documentation":"

    A collection of Amazon GameLift Streams applications that are associated with the Amazon Web Services account in use. Each item includes application metadata and status.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that marks the start of the next sequential page of results. If an operation doesn't return a token, you've reached the end of the list.

    " + } + } + }, + "ListStreamGroupsInput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that marks the start of the next set of results. Use this token when you retrieve results as sequential pages. To get the first page of results, omit a token value. To get the remaining pages, provide the token returned with the previous result set.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The number of results to return. Use this parameter with NextToken to return results in sequential pages. Default value is 25.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListStreamGroupsOutput":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"StreamGroupSummaryList", + "documentation":"

    A collection of Amazon GameLift Streams stream groups that are associated with the Amazon Web Services account in use. Each item includes stream group metadata and status, but doesn't include capacity information.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that marks the start of the next sequential page of results. If an operation doesn't return a token, you've reached the end of the list.

    " + } + } + }, + "ListStreamSessionsByAccountInput":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"StreamSessionStatus", + "documentation":"

    Filter by the stream session status. You can specify one status in each request to retrieve only sessions that are currently in that status.

    ", + "location":"querystring", + "locationName":"Status" + }, + "ExportFilesStatus":{ + "shape":"ExportFilesStatus", + "documentation":"

    Filter by the exported files status. You can specify one status in each request to retrieve only sessions that currently have that exported files status.

    ", + "location":"querystring", + "locationName":"ExportFilesStatus" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token that marks the start of the next set of results. Use this token when you retrieve results as sequential pages. To get the first page of results, omit a token value. To get the remaining pages, provide the token returned with the previous result set.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The number of results to return. Use this parameter with NextToken to return results in sequential pages. Default value is 25.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListStreamSessionsByAccountOutput":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"StreamSessionSummaryList", + "documentation":"

    A collection of Amazon GameLift Streams stream sessions that are associated with a stream group and returned in response to a list request. Each item includes stream session metadata and status.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that marks the start of the next sequential page of results. If an operation doesn't return a token, you've reached the end of the list.

    " + } + } + }, + "ListStreamSessionsInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Status":{ + "shape":"StreamSessionStatus", + "documentation":"

    Filter by the stream session status. You can specify one status in each request to retrieve only sessions that are currently in that status.

    ", + "location":"querystring", + "locationName":"Status" + }, + "ExportFilesStatus":{ + "shape":"ExportFilesStatus", + "documentation":"

    Filter by the exported files status. You can specify one status in each request to retrieve only sessions that currently have that exported files status.

    Exported files can be in one of the following states:

    • SUCCEEDED: The exported files are successfully stored in an S3 bucket.

    • FAILED: The session ended but Amazon GameLift Streams couldn't collect and upload the files to S3.

    • PENDING: Either the stream session is still in progress, or uploading the exported files to the S3 bucket is in progress.

    ", + "location":"querystring", + "locationName":"ExportFilesStatus" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token that marks the start of the next set of results. Use this token when you retrieve results as sequential pages. To get the first page of results, omit a token value. To get the remaining pages, provide the token returned with the previous result set.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The number of results to return. Use this parameter with NextToken to return results in sequential pages. Default value is 25.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "Identifier":{ + "shape":"Identifier", + "documentation":"

    The unique identifier of a Amazon GameLift Streams stream group to retrieve the stream session for. You can use either the stream group ID or the Amazon Resource Name (ARN).

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "ListStreamSessionsOutput":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"StreamSessionSummaryList", + "documentation":"

    A collection of Amazon GameLift Streams stream sessions that are associated with a stream group and returned in response to a list request. Each item includes stream session metadata and status.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that marks the start of the next sequential page of results. If an operation doesn't return a token, you've reached the end of the list.

    " + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) that you want to retrieve tags for. To get an Amazon GameLift Streams resource ARN, call a List or Get operation for the resource.

    ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"Tags", + "documentation":"

    A collection of tags that have been assigned to the specified resource.

    " + } + } + }, + "LocationConfiguration":{ + "type":"structure", + "required":["LocationName"], + "members":{ + "LocationName":{ + "shape":"LocationName", + "documentation":"

    A location's name. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "AlwaysOnCapacity":{ + "shape":"AlwaysOnCapacity", + "documentation":"

    The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

    " + }, + "OnDemandCapacity":{ + "shape":"OnDemandCapacity", + "documentation":"

    The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

    " + } + }, + "documentation":"

    Configuration settings that define a stream group's stream capacity for a location. When configuring a location for the first time, you must specify a numeric value for at least one of the two capacity types. To update the capacity for an existing stream group, call UpdateStreamGroup. To add a new location and specify its capacity, call AddStreamGroupLocations.

    " + }, + "LocationConfigurations":{ + "type":"list", + "member":{"shape":"LocationConfiguration"}, + "max":100, + "min":1 + }, + "LocationList":{ + "type":"list", + "member":{"shape":"LocationName"}, + "min":1 + }, + "LocationName":{ + "type":"string", + "max":20, + "min":1, + "pattern":"[a-zA-Z0-9-]+" + }, + "LocationState":{ + "type":"structure", + "members":{ + "LocationName":{ + "shape":"LocationName", + "documentation":"

    A location's name. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "Status":{ + "shape":"StreamGroupLocationStatus", + "documentation":"

    This value is set of locations, including their name, current status, and capacities.

    A location can be in one of the following states:

    • ACTIVATING: Amazon GameLift Streams is preparing the location. You cannot stream from, scale the capacity of, or remove this location yet.

    • ACTIVE: The location is provisioned with initial capacity. You can now stream from, scale the capacity of, or remove this location.

    • ERROR: Amazon GameLift Streams failed to set up this location. The StatusReason field describes the error. You can remove this location and try to add it again.

    • REMOVING: Amazon GameLift Streams is working to remove this location. This will release all provisioned capacity for this location in this stream group.

    " + }, + "AlwaysOnCapacity":{ + "shape":"AlwaysOnCapacity", + "documentation":"

    The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.

    " + }, + "OnDemandCapacity":{ + "shape":"OnDemandCapacity", + "documentation":"

    The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.

    " + }, + "RequestedCapacity":{ + "shape":"CapacityValue", + "documentation":"

    This value is the always-on capacity that you most recently requested for a stream group. You request capacity separately for each location in a stream group. In response to an increase in requested capacity, Amazon GameLift Streams attempts to provision compute resources to make the stream group's allocated capacity meet requested capacity. When always-on capacity is decreased, it can take a few minutes to deprovision allocated capacity to match the requested capacity.

    " + }, + "AllocatedCapacity":{ + "shape":"CapacityValue", + "documentation":"

    This value is the stream capacity that Amazon GameLift Streams has provisioned in a stream group that can respond immediately to stream requests. It includes resources that are currently streaming and resources that are idle and ready to respond to stream requests. You pay for this capacity whether it's in use or not. After making changes to capacity, it can take a few minutes for the allocated capacity count to reflect the change while compute resources are allocated or deallocated. Similarly, when allocated on-demand capacity is no longer needed, it can take a few minutes for Amazon GameLift Streams to spin down the allocated capacity.

    " + }, + "IdleCapacity":{ + "shape":"CapacityValue", + "documentation":"

    This value is the amount of allocated capacity that is not currently streaming. It represents the stream group's ability to respond immediately to new stream requests with near-instant startup time.

    " + } + }, + "documentation":"

    Represents a location and its corresponding stream capacity and status.

    " + }, + "LocationStates":{ + "type":"list", + "member":{"shape":"LocationState"} + }, + "LocationsList":{ + "type":"list", + "member":{"shape":"String"}, + "max":100, + "min":1 + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "NextToken":{"type":"string"}, + "OnDemandCapacity":{ + "type":"integer", + "box":true, + "min":0 + }, + "OutputUri":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"s3://.*(/|\\.zip|\\.ZIP)" + }, + "Protocol":{ + "type":"string", + "enum":["WebRTC"] + }, + "RemoveStreamGroupLocationsInput":{ + "type":"structure", + "required":[ + "Identifier", + "Locations" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    A stream group to remove the specified locations from.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Locations":{ + "shape":"LocationsList", + "documentation":"

    A set of locations to remove this stream group. For example, us-east-1.

    For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    ", + "location":"querystring", + "locationName":"locations" + } + } + }, + "ReplicationStatus":{ + "type":"structure", + "members":{ + "Location":{ + "shape":"LocationName", + "documentation":"

    A location's name. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "Status":{ + "shape":"ReplicationStatusType", + "documentation":"

    The current status of the replication process.

    " + } + }, + "documentation":"

    Represents the status of the replication of an application to a location. An application cannot be streamed from a location until it has finished replicating there.

    " + }, + "ReplicationStatusType":{ + "type":"string", + "enum":[ + "REPLICATING", + "COMPLETED" + ] + }, + "ReplicationStatuses":{ + "type":"list", + "member":{"shape":"ReplicationStatus"} + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    The resource specified in the request was not found. Correct the request before you try again.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "RuntimeEnvironment":{ + "type":"structure", + "required":[ + "Type", + "Version" + ], + "members":{ + "Type":{ + "shape":"RuntimeEnvironmentType", + "documentation":"

    The operating system and other drivers. For Proton, this also includes the Proton compatibility layer.

    " + }, + "Version":{ + "shape":"RuntimeEnvironmentVersion", + "documentation":"

    Versioned container environment for the application operating system.

    " + } + }, + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + }, + "RuntimeEnvironmentType":{ + "type":"string", + "enum":[ + "PROTON", + "WINDOWS", + "UBUNTU" + ] + }, + "RuntimeEnvironmentVersion":{ + "type":"string", + "max":256, + "min":1 + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    The request would cause the resource to exceed an allowed service quota. Resolve the issue before you try again.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "SessionLengthSeconds":{ + "type":"integer", + "box":true, + "max":86400, + "min":1 + }, + "SignalRequest":{ + "type":"string", + "min":1, + "sensitive":true + }, + "SignalResponse":{ + "type":"string", + "sensitive":true + }, + "StartStreamSessionInput":{ + "type":"structure", + "required":[ + "Identifier", + "Protocol", + "SignalRequest", + "ApplicationIdentifier" + ], + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier that represents a client request. The request is idempotent, which ensures that an API request completes only once. When users send a request, Amazon GameLift Streams automatically populates this field.

    ", + "idempotencyToken":true + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the stream session. You can update this value later.

    " + }, + "Identifier":{ + "shape":"Identifier", + "documentation":"

    The stream group to run this stream session with.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The data transport protocol to use for the stream session.

    " + }, + "SignalRequest":{ + "shape":"SignalRequest", + "documentation":"

    A WebRTC ICE offer string to use when initializing a WebRTC connection. Typically, the offer is a very long JSON string. Provide the string as a text value in quotes.

    Amazon GameLift Streams also supports setting the field to \"NO_CLIENT_CONNECTION\". This will create a session without needing any browser request or Web SDK integration. The session starts up as usual and waits for a reconnection from a browser, which is accomplished using CreateStreamSessionConnection.

    " + }, + "ApplicationIdentifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    " + }, + "UserId":{ + "shape":"UserId", + "documentation":"

    An opaque, unique identifier for an end-user, defined by the developer.

    " + }, + "Locations":{ + "shape":"LocationList", + "documentation":"

    A list of locations, in order of priority, where you want Amazon GameLift Streams to start a stream from. For example, us-east-1. Amazon GameLift Streams selects the location with the next available capacity to start a single stream session in. If this value is empty, Amazon GameLift Streams attempts to start a stream session in the primary location.

    For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "ConnectionTimeoutSeconds":{ + "shape":"ConnectionTimeoutSeconds", + "documentation":"

    Length of time (in seconds) that Amazon GameLift Streams should wait for a client to connect or reconnect to the stream session. Applies to both connection and reconnection scenarios. This time span starts when the stream session reaches ACTIVE state. If no client connects before the timeout, Amazon GameLift Streams terminates the stream session. Default value is 120.

    " + }, + "SessionLengthSeconds":{ + "shape":"SessionLengthSeconds", + "documentation":"

    The maximum duration of a session. Amazon GameLift Streams will automatically terminate a session after this amount of time has elapsed, regardless of any existing client connections. Default value is 43200 (12 hours).

    " + }, + "AdditionalLaunchArgs":{ + "shape":"GameLaunchArgList", + "documentation":"

    A list of CLI arguments that are sent to the streaming server when a stream session launches. You can use this to configure the application or stream session details. You can also provide custom arguments that Amazon GameLift Streams passes to your game client.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + }, + "AdditionalEnvironmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"

    A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

    If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + } + } + }, + "StartStreamSessionOutput":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) that's assigned to a stream session resource. When combined with the stream group resource ID, this value uniquely identifies the stream session across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:streamsession/[stream group resource ID]/[stream session resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the stream session. You can update this value at any time.

    " + }, + "StreamGroupId":{ + "shape":"Id", + "documentation":"

    The unique identifier for the Amazon GameLift Streams stream group that is hosting the stream session. Format example: sg-1AB2C3De4.

    " + }, + "UserId":{ + "shape":"UserId", + "documentation":"

    An opaque, unique identifier for an end-user, defined by the developer.

    " + }, + "Status":{ + "shape":"StreamSessionStatus", + "documentation":"

    The current status of the stream session. A stream session is ready for a client to connect when in ACTIVE status.

    • ACTIVATING: The stream session is starting and preparing to stream.

    • ACTIVE: The stream session is ready and waiting for a client connection. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches ACTIVE state to establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • CONNECTED: The stream session has a connected client. A session will automatically terminate if there is no user input for 60 minutes, or if the maximum length of a session specified by SessionLengthSeconds in StartStreamSession is exceeded.

    • ERROR: The stream session failed to activate. See StatusReason (returned by GetStreamSession and StartStreamSession) for more information.

    • PENDING_CLIENT_RECONNECTION: A client has recently disconnected and the stream session is waiting for the client to reconnect. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches PENDING_CLIENT_RECONNECTION state to re-establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • RECONNECTING: A client has initiated a reconnect to a session that was in PENDING_CLIENT_RECONNECTION state.

    • TERMINATING: The stream session is ending.

    • TERMINATED: The stream session has ended.

    " + }, + "StatusReason":{ + "shape":"StreamSessionStatusReason", + "documentation":"

    A short description of the reason the stream session is in ERROR status or TERMINATED status.

    ERROR status reasons:

    • applicationLogS3DestinationError: Could not write the application log to the Amazon S3 bucket that is configured for the streaming application. Make sure the bucket still exists.

    • internalError: An internal service error occurred. Start a new stream session to continue streaming.

    • invalidSignalRequest: The WebRTC signal request that was sent is not valid. When starting or reconnecting to a stream session, use generateSignalRequest in the Amazon GameLift Streams Web SDK to generate a new signal request.

    • placementTimeout: Amazon GameLift Streams could not find available stream capacity to start a stream session. Increase the stream capacity in the stream group or wait until capacity becomes available.

    TERMINATED status reasons:

    • apiTerminated: The stream session was terminated by an API call to TerminateStreamSession.

    • applicationExit: The streaming application exited or crashed. The stream session was terminated because the application is no longer running.

    • connectionTimeout: The stream session was terminated because the client failed to connect within the connection timeout period specified by ConnectionTimeoutSeconds.

    • idleTimeout: The stream session was terminated because it exceeded the idle timeout period of 60 minutes with no user input activity.

    • maxSessionLengthTimeout: The stream session was terminated because it exceeded the maximum session length timeout period specified by SessionLengthSeconds.

    • reconnectionTimeout: The stream session was terminated because the client failed to reconnect within the reconnection timeout period specified by ConnectionTimeoutSeconds after losing connection.

    " + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The data transfer protocol in use with the stream session.

    " + }, + "Location":{ + "shape":"LocationName", + "documentation":"

    The location where Amazon GameLift Streams hosts and streams your application. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + }, + "SignalRequest":{ + "shape":"SignalRequest", + "documentation":"

    The WebRTC ICE offer string that a client generates to initiate a connection to the stream session.

    " + }, + "SignalResponse":{ + "shape":"SignalResponse", + "documentation":"

    The WebRTC answer string that the stream server generates in response to the SignalRequest.

    " + }, + "ConnectionTimeoutSeconds":{ + "shape":"ConnectionTimeoutSeconds", + "documentation":"

    The length of time that Amazon GameLift Streams should wait for a client to connect or reconnect to the stream session. This time span starts when the stream session reaches ACTIVE or PENDING_CLIENT_RECONNECTION state. If no client connects (or reconnects) before the timeout, Amazon GameLift Streams terminates the stream session.

    " + }, + "SessionLengthSeconds":{ + "shape":"SessionLengthSeconds", + "documentation":"

    The maximum duration of a session. Amazon GameLift Streams will automatically terminate a session after this amount of time has elapsed, regardless of any existing client connections.

    " + }, + "AdditionalLaunchArgs":{ + "shape":"GameLaunchArgList", + "documentation":"

    A list of CLI arguments that are sent to the streaming server when a stream session launches. You can use this to configure the application or stream session details. You can also provide custom arguments that Amazon GameLift Streams passes to your game client.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + }, + "AdditionalEnvironmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"

    A set of options that you can use to control the stream session runtime environment, expressed as a set of key-value pairs. You can use this to configure the application or stream session details. You can also provide custom environment variables that Amazon GameLift Streams passes to your game client.

    If you want to debug your application with environment variables, we recommend that you do so in a local environment outside of Amazon GameLift Streams. For more information, refer to the Compatibility Guidance in the troubleshooting section of the Developer Guide.

    AdditionalEnvironmentVariables and AdditionalLaunchArgs have similar purposes. AdditionalEnvironmentVariables passes data using environment variables; while AdditionalLaunchArgs passes data using command-line arguments.

    " + }, + "LogFileLocationUri":{ + "shape":"FileLocationUri", + "documentation":"

    Access location for log files that your content generates during a stream session. These log files are uploaded to cloud storage location at the end of a stream session. The Amazon GameLift Streams application resource defines which log files to upload.

    " + }, + "WebSdkProtocolUrl":{ + "shape":"WebSdkProtocolUrl", + "documentation":"

    The URL of an S3 bucket that stores Amazon GameLift Streams WebSDK files. The URL is used to establish connection with the client.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ApplicationArn":{ + "shape":"Arn", + "documentation":"

    The application streaming in this session.

    This value is an Amazon Resource Name (ARN) that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + }, + "ExportFilesMetadata":{ + "shape":"ExportFilesMetadata", + "documentation":"

    Provides details about the stream session's exported files.

    " + } + } + }, + "StreamClass":{ + "type":"string", + "enum":[ + "gen4n_high", + "gen4n_ultra", + "gen4n_win2022", + "gen5n_high", + "gen5n_ultra", + "gen5n_win2022" + ] + }, + "StreamGroupLocationStatus":{ + "type":"string", + "enum":[ + "ACTIVATING", + "ACTIVE", + "ERROR", + "REMOVING" + ] + }, + "StreamGroupStatus":{ + "type":"string", + "enum":[ + "ACTIVATING", + "UPDATING_LOCATIONS", + "ACTIVE", + "ACTIVE_WITH_ERRORS", + "ERROR", + "DELETING", + "EXPIRED" + ] + }, + "StreamGroupStatusReason":{ + "type":"string", + "enum":[ + "internalError", + "noAvailableInstances" + ] + }, + "StreamGroupSummary":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4.

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    An ID that uniquely identifies the stream group resource. Example ID: sg-1AB2C3De4.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "DefaultApplication":{ + "shape":"DefaultApplication", + "documentation":"

    Object that identifies the Amazon GameLift Streams application to stream with this stream group.

    " + }, + "StreamClass":{ + "shape":"StreamClass", + "documentation":"

    The target stream quality for the stream group.

    A stream class can be one of the following:

    • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    " + }, + "Status":{ + "shape":"StreamGroupStatus", + "documentation":"

    The current status of the stream group resource. Possible statuses include the following:

    • ACTIVATING: The stream group is deploying and isn't ready to host streams.

    • ACTIVE: The stream group is ready to host streams.

    • ACTIVE_WITH_ERRORS: One or more locations in the stream group are in an error state. Verify the details of individual locations and remove any locations which are in error.

    • DELETING: Amazon GameLift Streams is in the process of deleting the stream group.

    • ERROR: An error occurred when the stream group deployed. See StatusReason (returned by CreateStreamGroup, GetStreamGroup, and UpdateStreamGroup) for more information.

    • EXPIRED: The stream group is expired and can no longer host streams. This typically occurs when a stream group is 365 days old, as indicated by the value of ExpiresAt. Create a new stream group to resume streaming capabilities.

    • UPDATING_LOCATIONS: One or more locations in the stream group are in the process of updating (either activating or deleting).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ExpiresAt":{ + "shape":"Timestamp", + "documentation":"

    The time at which this stream group expires. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC). After this time, you will no longer be able to update this stream group or use it to start stream sessions. Only Get and Delete operations will work on an expired stream group.

    " + } + }, + "documentation":"

    Describes a Amazon GameLift Streams stream group resource for hosting content streams. To retrieve additional stream group details, call GetStreamGroup.

    " + }, + "StreamGroupSummaryList":{ + "type":"list", + "member":{"shape":"StreamGroupSummary"} + }, + "StreamSessionStatus":{ + "type":"string", + "enum":[ + "ACTIVATING", + "ACTIVE", + "CONNECTED", + "PENDING_CLIENT_RECONNECTION", + "RECONNECTING", + "TERMINATING", + "TERMINATED", + "ERROR" + ] + }, + "StreamSessionStatusReason":{ + "type":"string", + "enum":[ + "internalError", + "invalidSignalRequest", + "placementTimeout", + "applicationLogS3DestinationError", + "applicationExit", + "connectionTimeout", + "reconnectionTimeout", + "maxSessionLengthTimeout", + "idleTimeout", + "apiTerminated" + ] + }, + "StreamSessionSummary":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    An Amazon Resource Name (ARN) that uniquely identifies the stream session resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamsession/sg-1AB2C3De4/ABC123def4567.

    " + }, + "UserId":{ + "shape":"UserId", + "documentation":"

    An opaque, unique identifier for an end-user, defined by the developer.

    " + }, + "Status":{ + "shape":"StreamSessionStatus", + "documentation":"

    The current status of the stream session resource.

    • ACTIVATING: The stream session is starting and preparing to stream.

    • ACTIVE: The stream session is ready and waiting for a client connection. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches ACTIVE state to establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • CONNECTED: The stream session has a connected client. A session will automatically terminate if there is no user input for 60 minutes, or if the maximum length of a session specified by SessionLengthSeconds in StartStreamSession is exceeded.

    • ERROR: The stream session failed to activate. See StatusReason (returned by GetStreamSession and StartStreamSession) for more information.

    • PENDING_CLIENT_RECONNECTION: A client has recently disconnected and the stream session is waiting for the client to reconnect. A client has ConnectionTimeoutSeconds (specified in StartStreamSession) from when the session reaches PENDING_CLIENT_RECONNECTION state to re-establish a connection. If no client connects within this timeframe, the session automatically terminates.

    • RECONNECTING: A client has initiated a reconnect to a session that was in PENDING_CLIENT_RECONNECTION state.

    • TERMINATING: The stream session is ending.

    • TERMINATED: The stream session has ended.

    " + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The data transfer protocol in use with the stream session.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ApplicationArn":{ + "shape":"Arn", + "documentation":"

    An Amazon Resource Name (ARN) that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + }, + "ExportFilesMetadata":{ + "shape":"ExportFilesMetadata", + "documentation":"

    Provides details about the stream session's exported files.

    " + }, + "Location":{ + "shape":"LocationName", + "documentation":"

    The location where Amazon GameLift Streams hosts and streams your application. For example, us-east-1. For a complete list of locations that Amazon GameLift Streams supports, refer to Regions, quotas, and limitations in the Amazon GameLift Streams Developer Guide.

    " + } + }, + "documentation":"

    Describes an Amazon GameLift Streams stream session. To retrieve additional details for the stream session, call GetStreamSession.

    " + }, + "StreamSessionSummaryList":{ + "type":"list", + "member":{"shape":"StreamSessionSummary"} + }, + "String":{"type":"string"}, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon GameLift Streams resource that you want to apply tags to.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    A list of tags, in the form of key-value pairs, to assign to the specified Amazon GameLift Streams resource.

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":50, + "min":1 + }, + "TerminateStreamSessionInput":{ + "type":"structure", + "required":[ + "Identifier", + "StreamSessionIdentifier" + ], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    The stream group that runs this stream session.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "StreamSessionIdentifier":{ + "shape":"Identifier", + "documentation":"

    Amazon Resource Name (ARN) or ID that uniquely identifies the stream session resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamsession/sg-1AB2C3De4/ABC123def4567. Example ID: ABC123def4567.

    ", + "location":"uri", + "locationName":"StreamSessionIdentifier" + } + } + }, + "ThrottlingException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    The request was denied due to request throttling. Retry the request after the suggested wait time.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":true} + }, + "Timestamp":{"type":"timestamp"}, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon GameLift Streams resource that you want to remove tags from.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    A list of tag keys to remove from the specified Amazon GameLift Streams resource.

    ", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateApplicationInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application.

    " + }, + "ApplicationLogPaths":{ + "shape":"FilePaths", + "documentation":"

    Locations of log files that your content generates during a stream session. Enter path values that are relative to the ApplicationSourceUri location. You can specify up to 10 log paths. Amazon GameLift Streams uploads designated log files to the Amazon S3 bucket that you specify in ApplicationLogOutputUri at the end of a stream session. To retrieve stored log files, call GetStreamSession and get the LogFileLocationUri.

    " + }, + "ApplicationLogOutputUri":{ + "shape":"ApplicationLogOutputUri", + "documentation":"

    An Amazon S3 URI to a bucket where you would like Amazon GameLift Streams to save application logs. Required if you specify one or more ApplicationLogPaths.

    The log bucket must have permissions that give Amazon GameLift Streams access to write the log files. For more information, see Application log bucket permission policy in the Amazon GameLift Streams Developer Guide.

    " + } + } + }, + "UpdateApplicationOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that's assigned to an application resource and uniquely identifies it across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:application/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A human-readable label for the application. You can edit this value.

    " + }, + "RuntimeEnvironment":{ + "shape":"RuntimeEnvironment", + "documentation":"

    Configuration settings that identify the operating system for an application resource. This can also include a compatibility layer and other drivers.

    A runtime environment can be one of the following:

    • For Linux applications

      • Ubuntu 22.04 LTS (Type=UBUNTU, Version=22_04_LTS)

    • For Windows applications

      • Microsoft Windows Server 2022 Base (Type=WINDOWS, Version=2022)

      • Proton 9.0-2 (Type=PROTON, Version=20250516)

      • Proton 8.0-5 (Type=PROTON, Version=20241007)

      • Proton 8.0-2c (Type=PROTON, Version=20230704)

    " + }, + "ExecutablePath":{ + "shape":"ExecutablePath", + "documentation":"

    The relative path and file name of the executable file that launches the content for streaming.

    " + }, + "ApplicationLogPaths":{ + "shape":"FilePaths", + "documentation":"

    Locations of log files that your content generates during a stream session. Amazon GameLift Streams uploads log files to the Amazon S3 bucket that you specify in ApplicationLogOutputUri at the end of a stream session. To retrieve stored log files, call GetStreamSession and get the LogFileLocationUri.

    " + }, + "ApplicationLogOutputUri":{ + "shape":"ApplicationLogOutputUri", + "documentation":"

    An Amazon S3 URI to a bucket where you would like Amazon GameLift Streams to save application logs. Required if you specify one or more ApplicationLogPaths.

    " + }, + "ApplicationSourceUri":{ + "shape":"ApplicationSourceUri", + "documentation":"

    The original Amazon S3 location of uploaded stream content for the application.

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: a-9ZY8X7Wv6.

    " + }, + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    The current status of the application resource. Possible statuses include the following:

    • INITIALIZED: Amazon GameLift Streams has received the request and is initiating the work flow to create an application.

    • PROCESSING: The create application work flow is in process. Amazon GameLift Streams is copying the content and caching for future deployment in a stream group.

    • READY: The application is ready to deploy in a stream group.

    • ERROR: An error occurred when setting up the application. See StatusReason for more information.

    • DELETING: Amazon GameLift Streams is in the process of deleting the application.

    " + }, + "StatusReason":{ + "shape":"ApplicationStatusReason", + "documentation":"

    A short description of the status reason when the application is in ERROR status.

    " + }, + "ReplicationStatuses":{ + "shape":"ReplicationStatuses", + "documentation":"

    A set of replication statuses for each location.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "AssociatedStreamGroups":{ + "shape":"ArnList", + "documentation":"

    A set of stream groups that this application is associated with. You can use any of these stream groups to stream your application.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify stream group resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4.

    " + } + } + }, + "UpdateStreamGroupInput":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"Identifier", + "documentation":"

    An Amazon Resource Name (ARN) or ID that uniquely identifies the stream group resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:streamgroup/sg-1AB2C3De4. Example ID: sg-1AB2C3De4.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "LocationConfigurations":{ + "shape":"LocationConfigurations", + "documentation":"

    A set of one or more locations and the streaming capacity for each location.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "DefaultApplicationIdentifier":{ + "shape":"Identifier", + "documentation":"

    The unique identifier of the Amazon GameLift Streams application that you want to set as the default application in a stream group. The application that you specify must be in READY status. The default application is pre-cached on always-on compute resources, reducing stream startup times. Other applications are automatically cached as needed.

    Note that this parameter only sets the default application in a stream group. To associate a new application to an existing stream group, you must use AssociateApplications.

    When you switch default applications in a stream group, it can take up to a few hours for the new default application to be pre-cached.

    This value is an Amazon Resource Name (ARN) or ID that uniquely identifies the application resource. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6. Example ID: a-9ZY8X7Wv6.

    " + } + } + }, + "UpdateStreamGroupOutput":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Identifier", + "documentation":"

    The Amazon Resource Name (ARN) that is assigned to the stream group resource and that uniquely identifies the group across all Amazon Web Services Regions. Format is arn:aws:gameliftstreams:[AWS Region]:[AWS account]:streamgroup/[resource ID].

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A descriptive label for the stream group.

    " + }, + "DefaultApplication":{ + "shape":"DefaultApplication", + "documentation":"

    The default Amazon GameLift Streams application that is associated with this stream group.

    " + }, + "LocationStates":{ + "shape":"LocationStates", + "documentation":"

    This value is set of locations, including their name, current status, and capacities.

    A location can be in one of the following states:

    • ACTIVATING: Amazon GameLift Streams is preparing the location. You cannot stream from, scale the capacity of, or remove this location yet.

    • ACTIVE: The location is provisioned with initial capacity. You can now stream from, scale the capacity of, or remove this location.

    • ERROR: Amazon GameLift Streams failed to set up this location. The StatusReason field describes the error. You can remove this location and try to add it again.

    • REMOVING: Amazon GameLift Streams is working to remove this location. This will release all provisioned capacity for this location in this stream group.

    " + }, + "StreamClass":{ + "shape":"StreamClass", + "documentation":"

    The target stream quality for the stream group.

    A stream class can be one of the following:

    • gen5n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen5n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 12 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen5n_ultra (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Uses dedicated NVIDIA A10G Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 24 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_win2022 (NVIDIA, ultra) Supports applications with extremely high 3D scene complexity. Runs applications on Microsoft Windows Server 2022 Base and supports DirectX 12. Compatible with Unreal Engine versions up through 5.4, 32 and 64-bit applications, and anti-cheat technology. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    • gen4n_high (NVIDIA, high) Supports applications with moderate to high 3D scene complexity. Uses NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 4 vCPUs, 16 GB RAM, 8 GB VRAM

      • Tenancy: Supports up to 2 concurrent stream sessions

    • gen4n_ultra (NVIDIA, ultra) Supports applications with high 3D scene complexity. Uses dedicated NVIDIA T4 Tensor GPU.

      • Reference resolution: 1080p

      • Reference frame rate: 60 fps

      • Workload specifications: 8 vCPUs, 32 GB RAM, 16 GB VRAM

      • Tenancy: Supports 1 concurrent stream session

    " + }, + "Id":{ + "shape":"Id", + "documentation":"

    A unique ID value that is assigned to the resource when it's created. Format example: sg-1AB2C3De4.

    " + }, + "Status":{ + "shape":"StreamGroupStatus", + "documentation":"

    The current status of the stream group resource. Possible statuses include the following:

    • ACTIVATING: The stream group is deploying and isn't ready to host streams.

    • ACTIVE: The stream group is ready to host streams.

    • ACTIVE_WITH_ERRORS: One or more locations in the stream group are in an error state. Verify the details of individual locations and remove any locations which are in error.

    • DELETING: Amazon GameLift Streams is in the process of deleting the stream group.

    • ERROR: An error occurred when the stream group deployed. See StatusReason (returned by CreateStreamGroup, GetStreamGroup, and UpdateStreamGroup) for more information.

    • EXPIRED: The stream group is expired and can no longer host streams. This typically occurs when a stream group is 365 days old, as indicated by the value of ExpiresAt. Create a new stream group to resume streaming capabilities.

    • UPDATING_LOCATIONS: One or more locations in the stream group are in the process of updating (either activating or deleting).

    " + }, + "StatusReason":{ + "shape":"StreamGroupStatusReason", + "documentation":"

    A short description of the reason that the stream group is in ERROR status. The possible reasons can be one of the following:

    • internalError: The request can't process right now because of an issue with the server. Try again later.

    • noAvailableInstances: Amazon GameLift Streams does not currently have enough available on-demand capacity to fulfill your request. Wait a few minutes and retry the request as capacity can shift frequently. You can also try to make the request using a different stream class or in another region.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was last updated. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    A timestamp that indicates when this resource was created. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC).

    " + }, + "ExpiresAt":{ + "shape":"Timestamp", + "documentation":"

    The time at which this stream group expires. Timestamps are expressed using in ISO8601 format, such as: 2022-12-27T22:29:40+00:00 (UTC). After this time, you will no longer be able to update this stream group or use it to start stream sessions. Only Get and Delete operations will work on an expired stream group.

    " + }, + "AssociatedApplications":{ + "shape":"ArnList", + "documentation":"

    A set of applications that this stream group is associated with. You can stream any of these applications with the stream group.

    This value is a set of Amazon Resource Names (ARNs) that uniquely identify application resources. Example ARN: arn:aws:gameliftstreams:us-west-2:111122223333:application/a-9ZY8X7Wv6.

    " + } + } + }, + "UserId":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[-_a-zA-Z0-9/=+]*" + }, + "ValidationException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the error.

    " + } + }, + "documentation":"

    One or more parameter values in the request fail to satisfy the specified constraints. Correct the invalid parameter values before retrying the request.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "WebSdkProtocolUrl":{"type":"string"} + }, + "documentation":"

    Amazon GameLift Streams

    Amazon GameLift Streams provides a global cloud solution for content streaming experiences. Use Amazon GameLift Streams tools to upload and configure content for streaming, deploy and scale computing resources to host streams, and manage stream session placement to meet customer demand.

    This Reference Guide describes the Amazon GameLift Streams service API. You can use the API through the Amazon Web Services SDK, the Command Line Interface (CLI), or by making direct REST calls through HTTPS.

    See the Amazon GameLift Streams Developer Guide for more information on how Amazon GameLift Streams works and how to work with it.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/waiters-2.json 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/waiters-2.json --- 2.23.6-1/awscli/botocore/data/gameliftstreams/2018-05-10/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/gameliftstreams/2018-05-10/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,88 @@ +{ + "version" : 2, + "waiters" : { + "ApplicationDeleted" : { + "description" : "Waits until an application is deleted", + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetApplication", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + } ] + }, + "ApplicationReady" : { + "description" : "Waits until an application is ready", + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetApplication", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Status", + "state" : "success", + "expected" : "READY" + }, { + "matcher" : "path", + "argument" : "Status", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "StreamGroupActive" : { + "description" : "Waits until a stream group is active", + "delay" : 30, + "maxAttempts" : 120, + "operation" : "GetStreamGroup", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "Status", + "state" : "failure", + "expected" : "ERROR" + }, { + "matcher" : "path", + "argument" : "Status", + "state" : "failure", + "expected" : "ACTIVE_WITH_ERRORS" + }, { + "matcher" : "path", + "argument" : "Status", + "state" : "failure", + "expected" : "DELETING" + } ] + }, + "StreamGroupDeleted" : { + "description" : "Waits until a stream group is deleted", + "delay" : 30, + "maxAttempts" : 60, + "operation" : "GetStreamGroup", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + } ] + }, + "StreamSessionActive" : { + "description" : "Waits until a stream session is active", + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetStreamSession", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "Status", + "state" : "failure", + "expected" : "ERROR" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/geo-maps/2020-11-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/geo-maps/2020-11-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/geo-maps/2020-11-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-maps/2020-11-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ @@ -328,7 +328,7 @@ } ], "endpoint": { - "url": "https://maps.geo.{Region}.us-gov.{PartitionResult#dnsSuffix}/v2", + "url": "https://maps.geo.{Region}.{PartitionResult#dnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -371,7 +371,7 @@ } ], "endpoint": { - "url": "https://maps.geo-fips.{Region}.us-gov.{PartitionResult#dualStackDnsSuffix}/v2", + "url": "https://maps.geo-fips.{Region}.{PartitionResult#dualStackDnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -414,7 +414,7 @@ } ], "endpoint": { - "url": "https://maps.geo-fips.{Region}.us-gov.{PartitionResult#dnsSuffix}/v2", + "url": "https://maps.geo-fips.{Region}.{PartitionResult#dnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -457,7 +457,7 @@ } ], "endpoint": { - "url": "https://maps.geo.{Region}.us-gov.{PartitionResult#dualStackDnsSuffix}/v2", + "url": "https://maps.geo.{Region}.{PartitionResult#dualStackDnsSuffix}/v2", "properties": {}, "headers": {} }, diff -pruN 2.23.6-1/awscli/botocore/data/geo-maps/2020-11-19/service-2.json 2.31.35-1/awscli/botocore/data/geo-maps/2020-11-19/service-2.json --- 2.23.6-1/awscli/botocore/data/geo-maps/2020-11-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-maps/2020-11-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -22,7 +22,8 @@ }, "input":{"shape":"GetGlyphsRequest"}, "output":{"shape":"GetGlyphsResponse"}, - "documentation":"

    Returns the map's glyphs.

    " + "documentation":"

    GetGlyphs returns the map's glyphs.

    For more information, see Style labels with glyphs in the Amazon Location Service Developer Guide.

    ", + "readonly":true }, "GetSprites":{ "name":"GetSprites", @@ -33,7 +34,8 @@ }, "input":{"shape":"GetSpritesRequest"}, "output":{"shape":"GetSpritesResponse"}, - "documentation":"

    Returns the map's sprites.

    " + "documentation":"

    GetSprites returns the map's sprites.

    For more information, see Style iconography with sprites in the Amazon Location Service Developer Guide.

    ", + "readonly":true }, "GetStaticMap":{ "name":"GetStaticMap", @@ -50,7 +52,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Provides high-quality static map images with customizable options. You can modify the map's appearance and overlay additional information. It's an ideal solution for applications requiring tailored static map snapshots.

    " + "documentation":"

    GetStaticMap provides high-quality static map images with customizable options. You can modify the map's appearance and overlay additional information. It's an ideal solution for applications requiring tailored static map snapshots.

    For more information, see the following topics in the Amazon Location Service Developer Guide:

    ", + "readonly":true }, "GetStyleDescriptor":{ "name":"GetStyleDescriptor", @@ -61,7 +64,8 @@ }, "input":{"shape":"GetStyleDescriptorRequest"}, "output":{"shape":"GetStyleDescriptorResponse"}, - "documentation":"

    Returns information about the style.

    " + "documentation":"

    GetStyleDescriptor returns information about the style.

    For more information, see Style dynamic maps in the Amazon Location Service Developer Guide.

    ", + "readonly":true }, "GetTile":{ "name":"GetTile", @@ -74,11 +78,13 @@ "output":{"shape":"GetTileResponse"}, "errors":[ {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Returns a tile. Map tiles are used by clients to render a map. they're addressed using a grid arrangement with an X coordinate, Y coordinate, and Z (zoom) level.

    " + "documentation":"

    GetTile returns a tile. Map tiles are used by clients to render a map. they're addressed using a grid arrangement with an X coordinate, Y coordinate, and Z (zoom) level.

    For more information, see Tiles in the Amazon Location Service Developer Guide.

    ", + "readonly":true } }, "shapes":{ @@ -105,6 +111,10 @@ "sensitive":true }, "Blob":{"type":"blob"}, + "Boolean":{ + "type":"boolean", + "box":true + }, "ColorScheme":{ "type":"string", "enum":[ @@ -115,23 +125,31 @@ "CompactOverlay":{ "type":"string", "max":7000, - "min":1 + "min":1, + "sensitive":true + }, + "ContourDensity":{ + "type":"string", + "enum":["Medium"] }, "CountryCode":{ "type":"string", "max":3, "min":2, - "pattern":"([A-Z]{2}|[A-Z]{3})" + "pattern":"([A-Z]{2}|[A-Z]{3})", + "sensitive":true }, "DistanceMeters":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "GeoJsonOverlay":{ "type":"string", "max":7000, - "min":1 + "min":1, + "sensitive":true }, "GetGlyphsRequest":{ "type":"structure", @@ -148,7 +166,7 @@ }, "FontUnicodeRange":{ "shape":"GetGlyphsRequestFontUnicodeRangeString", - "documentation":"

    A Unicode range of characters to download glyphs for. This must be aligned to multiples of 256.

    Example: 0-255.pdf

    ", + "documentation":"

    A Unicode range of characters to download glyphs for. This must be aligned to multiples of 256.

    Example: 0-255.pbf

    ", "location":"uri", "locationName":"FontUnicodeRange" } @@ -161,6 +179,8 @@ }, "GetGlyphsRequestFontUnicodeRangeString":{ "type":"string", + "max":50, + "min":0, "pattern":"[0-9]+-[0-9]+\\.pbf" }, "GetGlyphsResponse":{ @@ -267,29 +287,41 @@ ], "members":{ "BoundingBox":{ - "shape":"PositionListString", - "documentation":"

    Takes in two pairs of coordinates, [Lon, Lat], denoting south-westerly and north-easterly edges of the image. The underlying area becomes the view of the image.

    Example: -123.17075,49.26959,-123.08125,49.31429

    ", + "shape":"GetStaticMapRequestBoundingBoxString", + "documentation":"

    Takes in two pairs of coordinates in World Geodetic System (WGS 84) format: [longitude, latitude], denoting south-westerly and north-easterly edges of the image. The underlying area becomes the view of the image.

    Example: -123.17075,49.26959,-123.08125,49.31429

    ", "location":"querystring", "locationName":"bounding-box" }, "BoundedPositions":{ - "shape":"PositionListString", - "documentation":"

    Takes in two or more pair of coordinates, [Lon, Lat], with each coordinate separated by a comma. The API will generate an image to encompass all of the provided coordinates.

    Cannot be used with Zoom and or Radius

    Example: 97.170451,78.039098,99.045536,27.176178

    ", + "shape":"GetStaticMapRequestBoundedPositionsString", + "documentation":"

    Takes in two or more pair of coordinates in World Geodetic System (WGS 84) format: [longitude, latitude], with each coordinate separated by a comma. The API will generate an image to encompass all of the provided coordinates.

    Cannot be used with Zoom and or Radius

    Example: 97.170451,78.039098,99.045536,27.176178

    ", "location":"querystring", "locationName":"bounded-positions" }, "Center":{ "shape":"PositionString", - "documentation":"

    Takes in a pair of coordinates, [Lon, Lat], which becomes the center point of the image. This parameter requires that either zoom or radius is set.

    Cannot be used with Zoom and or Radius

    Example: 49.295,-123.108

    ", + "documentation":"

    Takes in a pair of coordinates in World Geodetic System (WGS 84) format: [longitude, latitude], which becomes the center point of the image. This parameter requires that either zoom or radius is set.

    Cannot be used with Zoom and or Radius

    Example: 49.295,-123.108

    ", "location":"querystring", "locationName":"center" }, + "ColorScheme":{ + "shape":"ColorScheme", + "documentation":"

    Sets color tone for map, such as dark and light for specific map styles. It only applies to vector map styles, such as Standard.

    Example: Light

    Default value: Light

    Valid values for ColorScheme are case sensitive.

    ", + "location":"querystring", + "locationName":"color-scheme" + }, "CompactOverlay":{ "shape":"CompactOverlay", "documentation":"

    Takes in a string to draw geometries on the image. The input is a comma separated format as follows format: [Lon, Lat]

    Example: line:-122.407653,37.798557,-122.413291,37.802443;color=%23DD0000;width=7;outline-color=#00DD00;outline-width=5yd|point:-122.40572,37.80004;label=Fog Hill Market;size=large;text-color=%23DD0000;color=#EE4B2B

    Currently it supports the following geometry types: point, line and polygon. It does not support multiPoint , multiLine and multiPolgyon.

    ", "location":"querystring", "locationName":"compact-overlay" }, + "CropLabels":{ + "shape":"Boolean", + "documentation":"

    It is a flag that takes in true or false. It prevents the labels that are on the edge of the image from being cut or obscured.

    ", + "location":"querystring", + "locationName":"crop-labels" + }, "GeoJsonOverlay":{ "shape":"GeoJsonOverlay", "documentation":"

    Takes in a string to draw geometries on the image. The input is a valid GeoJSON collection object.

    Example: {\"type\":\"FeatureCollection\",\"features\": [{\"type\":\"Feature\",\"geometry\":{\"type\":\"MultiPoint\",\"coordinates\": [[-90.076345,51.504107],[-0.074451,51.506892]]},\"properties\": {\"color\":\"#00DD00\"}}]}

    ", @@ -308,12 +340,36 @@ "location":"querystring", "locationName":"key" }, + "LabelSize":{ + "shape":"LabelSize", + "documentation":"

    Overrides the label size auto-calculated by FileName. Takes in one of the values - Small or Large.

    ", + "location":"querystring", + "locationName":"label-size" + }, + "Language":{ + "shape":"LanguageTag", + "documentation":"

    Specifies the language on the map labels using the BCP 47 language tag, limited to ISO 639-1 two-letter language codes. If the specified language data isn't available for the map image, the labels will default to the regional primary language.

    Supported codes:

    • ar

    • as

    • az

    • be

    • bg

    • bn

    • bs

    • ca

    • cs

    • cy

    • da

    • de

    • el

    • en

    • es

    • et

    • eu

    • fi

    • fo

    • fr

    • ga

    • gl

    • gn

    • gu

    • he

    • hi

    • hr

    • hu

    • hy

    • id

    • is

    • it

    • ja

    • ka

    • kk

    • km

    • kn

    • ko

    • ky

    • lt

    • lv

    • mk

    • ml

    • mr

    • ms

    • mt

    • my

    • nl

    • no

    • or

    • pa

    • pl

    • pt

    • ro

    • ru

    • sk

    • sl

    • sq

    • sr

    • sv

    • ta

    • te

    • th

    • tr

    • uk

    • uz

    • vi

    • zh

    ", + "location":"querystring", + "locationName":"lang" + }, "Padding":{ - "shape":"Integer", + "shape":"GetStaticMapRequestPaddingInteger", "documentation":"

    Applies additional space (in pixels) around overlay feature to prevent them from being cut or obscured.

    Value for max and min is determined by:

    Min: 1

    Max: min(height, width)/4

    Example: 100

    ", "location":"querystring", "locationName":"padding" }, + "PoliticalView":{ + "shape":"CountryCode", + "documentation":"

    Specifies the political view, using ISO 3166-2 or ISO 3166-3 country code format.

    The following political views are currently supported:

    • ARG: Argentina's view on the Southern Patagonian Ice Field and Tierra Del Fuego, including the Falkland Islands, South Georgia, and South Sandwich Islands

    • EGY: Egypt's view on Bir Tawil

    • IND: India's view on Gilgit-Baltistan

    • KEN: Kenya's view on the Ilemi Triangle

    • MAR: Morocco's view on Western Sahara

    • RUS: Russia's view on Crimea

    • SDN: Sudan's view on the Halaib Triangle

    • SRB: Serbia's view on Kosovo, Vukovar, and Sarengrad Islands

    • SUR: Suriname's view on the Courantyne Headwaters and Lawa Headwaters

    • SYR: Syria's view on the Golan Heights

    • TUR: Turkey's view on Cyprus and Northern Cyprus

    • TZA: Tanzania's view on Lake Malawi

    • URY: Uruguay's view on Rincon de Artigas

    • VNM: Vietnam's view on the Paracel Islands and Spratly Islands

    ", + "location":"querystring", + "locationName":"political-view" + }, + "PointsOfInterests":{ + "shape":"MapFeatureMode", + "documentation":"

    Determines if the result image will display icons representing points of interest on the map.

    ", + "location":"querystring", + "locationName":"pois" + }, "Radius":{ "shape":"DistanceMeters", "documentation":"

    Used with center parameter, it specifies the zoom of the image where you can control it on a granular level. Takes in any value >= 1.

    Example: 1500

    Cannot be used with Zoom.

    Unit: Meters

    ", @@ -335,7 +391,7 @@ }, "Style":{ "shape":"StaticMapStyle", - "documentation":"

    Style specifies the desired map style for the Style APIs.

    ", + "documentation":"

    Style specifies the desired map style.

    ", "location":"querystring", "locationName":"style" }, @@ -353,6 +409,20 @@ } } }, + "GetStaticMapRequestBoundedPositionsString":{ + "type":"string", + "max":2000, + "min":0, + "pattern":"(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?)(,(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?))*", + "sensitive":true + }, + "GetStaticMapRequestBoundingBoxString":{ + "type":"string", + "max":100, + "min":0, + "pattern":"(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?)(,(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?))*", + "sensitive":true + }, "GetStaticMapRequestFileNameString":{ "type":"string", "pattern":"map(@2x)?" @@ -361,19 +431,29 @@ "type":"integer", "box":true, "max":1400, - "min":64 + "min":64, + "sensitive":true + }, + "GetStaticMapRequestPaddingInteger":{ + "type":"integer", + "box":true, + "max":350, + "min":0, + "sensitive":true }, "GetStaticMapRequestWidthInteger":{ "type":"integer", "box":true, "max":1400, - "min":64 + "min":64, + "sensitive":true }, "GetStaticMapRequestZoomFloat":{ "type":"float", "box":true, "max":20, - "min":0 + "min":0, + "sensitive":true }, "GetStaticMapResponse":{ "type":"structure", @@ -428,10 +508,34 @@ }, "PoliticalView":{ "shape":"CountryCode", - "documentation":"

    Specifies the political view using ISO 3166-2 or ISO 3166-3 country code format.

    The following political views are currently supported:

    • ARG: Argentina's view on the Southern Patagonian Ice Field and Tierra Del Fuego, including the Falkland Islands, South Georgia, and South Sandwich Islands

    • EGY: Egypt's view on Bir Tawil

    • IND: India's view on Gilgit-Baltistan

    • KEN: Kenya's view on the Ilemi Triangle

    • MAR: Morocco's view on Western Sahara

    • PAK: Pakistan's view on Jammu and Kashmir and the Junagadh Area

    • RUS: Russia's view on Crimea

    • SDN: Sudan's view on the Halaib Triangle

    • SRB: Serbia's view on Kosovo, Vukovar, and Sarengrad Islands

    • SUR: Suriname's view on the Courantyne Headwaters and Lawa Headwaters

    • SYR: Syria's view on the Golan Heights

    • TUR: Turkey's view on Cyprus and Northern Cyprus

    • TZA: Tanzania's view on Lake Malawi

    • URY: Uruguay's view on Rincon de Artigas

    • VNM: Vietnam's view on the Paracel Islands and Spratly Islands

    ", + "documentation":"

    Specifies the political view using ISO 3166-2 or ISO 3166-3 country code format.

    The following political views are currently supported:

    • ARG: Argentina's view on the Southern Patagonian Ice Field and Tierra Del Fuego, including the Falkland Islands, South Georgia, and South Sandwich Islands

    • EGY: Egypt's view on Bir Tawil

    • IND: India's view on Gilgit-Baltistan

    • KEN: Kenya's view on the Ilemi Triangle

    • MAR: Morocco's view on Western Sahara

    • RUS: Russia's view on Crimea

    • SDN: Sudan's view on the Halaib Triangle

    • SRB: Serbia's view on Kosovo, Vukovar, and Sarengrad Islands

    • SUR: Suriname's view on the Courantyne Headwaters and Lawa Headwaters

    • SYR: Syria's view on the Golan Heights

    • TUR: Turkey's view on Cyprus and Northern Cyprus

    • TZA: Tanzania's view on Lake Malawi

    • URY: Uruguay's view on Rincon de Artigas

    • VNM: Vietnam's view on the Paracel Islands and Spratly Islands

    ", "location":"querystring", "locationName":"political-view" }, + "Terrain":{ + "shape":"Terrain", + "documentation":"

    Adjusts how physical terrain details are rendered on the map.

    The following terrain styles are currently supported:

    • Hillshade: Displays the physical terrain details through shading and highlighting of elevation change and geographic features.

    This parameter is valid only for the Standard map style.

    ", + "location":"querystring", + "locationName":"terrain" + }, + "ContourDensity":{ + "shape":"ContourDensity", + "documentation":"

    Displays the shape and steepness of terrain features using elevation lines. The density value controls how densely the available contour line information is rendered on the map.

    This parameter is valid only for the Standard map style.

    ", + "location":"querystring", + "locationName":"contour-density" + }, + "Traffic":{ + "shape":"Traffic", + "documentation":"

    Displays real-time traffic information overlay on map, such as incident events and flow events.

    This parameter is valid only for the Standard map style.

    ", + "location":"querystring", + "locationName":"traffic" + }, + "TravelModes":{ + "shape":"TravelModeList", + "documentation":"

    Renders additional map information relevant to selected travel modes. Information for multiple travel modes can be displayed simultaneously, although this increases the overall information density rendered on the map.

    This parameter is valid only for the Standard map style.

    ", + "location":"querystring", + "locationName":"travel-modes" + }, "Key":{ "shape":"ApiKey", "documentation":"

    Optional: The API key to be used for authorization. Either an API key or valid SigV4 signature must be provided when making a request.

    ", @@ -477,6 +581,12 @@ "Y" ], "members":{ + "AdditionalFeatures":{ + "shape":"TileAdditionalFeatureList", + "documentation":"

    A list of optional additional parameters such as map styles that can be requested for each result.

    ", + "location":"querystring", + "locationName":"additional-features" + }, "Tileset":{ "shape":"Tileset", "documentation":"

    Specifies the desired tile set.

    Valid Values: raster.satellite | vector.basemap

    ", @@ -511,15 +621,24 @@ }, "GetTileRequestXString":{ "type":"string", - "pattern":".*\\d+.*" + "max":7, + "min":0, + "pattern":".*\\d+.*", + "sensitive":true }, "GetTileRequestYString":{ "type":"string", - "pattern":".*\\d+.*" + "max":7, + "min":0, + "pattern":".*\\d+.*", + "sensitive":true }, "GetTileRequestZString":{ "type":"string", - "pattern":".*\\d+.*" + "max":2, + "min":0, + "pattern":".*\\d+.*", + "sensitive":true }, "GetTileResponse":{ "type":"structure", @@ -527,7 +646,7 @@ "members":{ "Blob":{ "shape":"Blob", - "documentation":"

    The blob represents a vector tile in mvt format for the GetTile API.

    " + "documentation":"

    The blob represents a vector tile in mvt or a raster tile in an image format.

    " }, "ContentType":{ "shape":"String", @@ -556,10 +675,6 @@ }, "payload":"Blob" }, - "Integer":{ - "type":"integer", - "box":true - }, "InternalServerException":{ "type":"structure", "required":["Message"], @@ -575,6 +690,25 @@ "fault":true, "retryable":{"throttling":false} }, + "LabelSize":{ + "type":"string", + "enum":[ + "Small", + "Large" + ] + }, + "LanguageTag":{ + "type":"string", + "max":35, + "min":2 + }, + "MapFeatureMode":{ + "type":"string", + "enum":[ + "Enabled", + "Disabled" + ] + }, "MapStyle":{ "type":"string", "enum":[ @@ -584,16 +718,28 @@ "Satellite" ] }, - "PositionListString":{ - "type":"string", - "min":7, - "pattern":"(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?)(,(-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?))*" - }, "PositionString":{ "type":"string", "max":36, "min":3, - "pattern":"-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?" + "pattern":"-?\\d{1,3}(\\.\\d{1,14})?,-?\\d{1,2}(\\.\\d{1,14})?", + "sensitive":true + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception thrown when the associated resource could not be found.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true }, "ScaleBarUnit":{ "type":"string", @@ -606,9 +752,16 @@ }, "StaticMapStyle":{ "type":"string", - "enum":["Satellite"] + "enum":[ + "Satellite", + "Standard" + ] }, "String":{"type":"string"}, + "Terrain":{ + "type":"string", + "enum":["Hillshade"] + }, "ThrottlingException":{ "type":"structure", "required":["Message"], @@ -626,12 +779,44 @@ "exception":true, "retryable":{"throttling":false} }, + "TileAdditionalFeature":{ + "type":"string", + "enum":[ + "ContourLines", + "Hillshade", + "Logistics", + "Transit" + ] + }, + "TileAdditionalFeatureList":{ + "type":"list", + "member":{"shape":"TileAdditionalFeature"}, + "max":4, + "min":0 + }, "Tileset":{ "type":"string", "max":100, "min":1, "pattern":"[-.\\w]+" }, + "Traffic":{ + "type":"string", + "enum":["All"] + }, + "TravelMode":{ + "type":"string", + "enum":[ + "Transit", + "Truck" + ] + }, + "TravelModeList":{ + "type":"list", + "member":{"shape":"TravelMode"}, + "max":2, + "min":0 + }, "ValidationException":{ "type":"structure", "required":[ @@ -646,7 +831,7 @@ }, "Reason":{ "shape":"ValidationExceptionReason", - "documentation":"

    The field where thebb invalid entry was detected.

    ", + "documentation":"

    The field where the invalid entry was detected.

    ", "locationName":"reason" }, "FieldList":{ diff -pruN 2.23.6-1/awscli/botocore/data/geo-places/2020-11-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/geo-places/2020-11-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/geo-places/2020-11-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-places/2020-11-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ @@ -328,7 +328,7 @@ } ], "endpoint": { - "url": "https://places.geo.{Region}.us-gov.{PartitionResult#dnsSuffix}/v2", + "url": "https://places.geo.{Region}.{PartitionResult#dnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -371,7 +371,7 @@ } ], "endpoint": { - "url": "https://places.geo-fips.{Region}.us-gov.{PartitionResult#dualStackDnsSuffix}/v2", + "url": "https://places.geo-fips.{Region}.{PartitionResult#dualStackDnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -414,7 +414,7 @@ } ], "endpoint": { - "url": "https://places.geo-fips.{Region}.us-gov.{PartitionResult#dnsSuffix}/v2", + "url": "https://places.geo-fips.{Region}.{PartitionResult#dnsSuffix}/v2", "properties": {}, "headers": {} }, @@ -457,7 +457,7 @@ } ], "endpoint": { - "url": "https://places.geo.{Region}.us-gov.{PartitionResult#dualStackDnsSuffix}/v2", + "url": "https://places.geo.{Region}.{PartitionResult#dualStackDnsSuffix}/v2", "properties": {}, "headers": {} }, diff -pruN 2.23.6-1/awscli/botocore/data/geo-places/2020-11-19/service-2.json 2.31.35-1/awscli/botocore/data/geo-places/2020-11-19/service-2.json --- 2.23.6-1/awscli/botocore/data/geo-places/2020-11-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-places/2020-11-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,7 +28,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    The autocomplete operation speeds up and increases the accuracy of entering addresses by providing a list of address candidates matching a partially entered address. Results are sorted from most to least matching. Filtering and biasing can be used to increase the relevance of the results if additional search context is known

    " + "documentation":"

    Autocomplete completes potential places and addresses as the user types, based on the partial input. The API enhances the efficiency and accuracy of address by completing query based on a few entered keystrokes. It helps you by completing partial queries with valid address completion. Also, the API supports the filtering of results based on geographic location, country, or specific place types, and can be tailored using optional parameters like language and political views.

    " }, "Geocode":{ "name":"Geocode", @@ -45,7 +45,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    The Geocode action allows you to obtain coordinates, addresses, and other information about places.

    " + "documentation":"

    Geocode converts a textual address or place into geographic coordinates. You can obtain geographic coordinates, address component, and other related information. It supports flexible queries, including free-form text or structured queries with components like street names, postal codes, and regions. The Geocode API can also provide additional features such as time zone information and the inclusion of political views.

    " }, "GetPlace":{ "name":"GetPlace", @@ -62,7 +62,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Finds a place by its unique ID. A PlaceId is returned by other place operations.

    " + "documentation":"

    GetPlace finds a place by its unique ID. A PlaceId is returned by other place operations.

    " }, "ReverseGeocode":{ "name":"ReverseGeocode", @@ -79,7 +79,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    The ReverseGeocode operation allows you to retrieve addresses and place information from coordinates.

    " + "documentation":"

    ReverseGeocode converts geographic coordinates into a human-readable address or place. You can obtain address component, and other related information such as place type, category, street information. The Reverse Geocode API supports filtering to on place type so that you can refine result based on your need. Also, The Reverse Geocode API can also provide additional features such as time zone information and the inclusion of political views.

    " }, "SearchNearby":{ "name":"SearchNearby", @@ -96,7 +96,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Search nearby a specified location.

    " + "documentation":"

    SearchNearby queries for points of interest within a radius from a central coordinates, returning place results with optional filters such as categories, business chains, food types and more. The API returns details such as a place name, address, phone, category, food type, contact, opening hours. Also, the API can return phonemes, time zones and more based on requested parameters.

    " }, "SearchText":{ "name":"SearchText", @@ -113,7 +113,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Use the SearchText operation to search for geocode and place information. You can then complete a follow-up query suggested from the Suggest API via a query id.

    " + "documentation":"

    SearchText searches for geocode and place information. You can then complete a follow-up query suggested from the Suggest API via a query id.

    " }, "Suggest":{ "name":"Suggest", @@ -130,7 +130,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    The Suggest operation finds addresses or place candidates based on incomplete or misspelled queries. You then select the best query to submit based on the returned results.

    " + "documentation":"

    Suggest provides intelligent predictions or recommendations based on the user's input or context, such as relevant places, points of interest, query terms or search category. It is designed to help users find places or point of interests candidates or identify a follow on query based on incomplete or misspelled queries. It returns a list of possible matches or refinements that can be used to formulate a more accurate query. Users can select the most appropriate suggestion and use it for further searching. The API provides options for filtering results by location and other attributes, and allows for additional features like phonemes and timezones. The response includes refined query terms and detailed place information.

    " } }, "shapes":{ @@ -170,7 +170,7 @@ "type":"structure", "members":{ "Restricted":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    The restriction.

    " }, "Categories":{ @@ -207,7 +207,7 @@ }, "Locality":{ "shape":"AddressLocalityString", - "documentation":"

    The locality or city of the address.

    Example: Vancouver.

    " + "documentation":"

    The city or locality of the address.

    Example: Vancouver.

    " }, "District":{ "shape":"AddressDistrictString", @@ -219,7 +219,7 @@ }, "PostalCode":{ "shape":"AddressPostalCodeString", - "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code, for which the result should posses.

    " + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code, for which the result should possess.

    " }, "Block":{ "shape":"AddressBlockString", @@ -230,7 +230,7 @@ "documentation":"

    Name of sub-block.

    Example: Sunny Mansion 203 sub-block: 4

    " }, "Intersection":{ - "shape":"IntersectionList", + "shape":"IntersectionStreetList", "documentation":"

    Name of the streets in the intersection.

    Example: [\"Friedrichstraße\",\"Unter den Linden\"]

    " }, "Street":{ @@ -248,6 +248,10 @@ "Building":{ "shape":"AddressBuildingString", "documentation":"

    The name of the building at the address.

    " + }, + "SecondaryAddressComponents":{ + "shape":"SecondaryAddressComponentList", + "documentation":"

    Components that correspond to secondary identifiers on an Address. Secondary address components include information such as Suite or Unit Number, Building, or Floor.

    " } }, "documentation":"

    The place address.

    " @@ -255,17 +259,20 @@ "AddressAddressNumberString":{ "type":"string", "max":10, - "min":0 + "min":0, + "sensitive":true }, "AddressBlockString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressBuildingString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressComponentMatchScores":{ "type":"structure", @@ -296,7 +303,7 @@ }, "PostalCode":{ "shape":"MatchScore", - "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code, for which the result should posses.

    " + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code, for which the result should possess.

    " }, "Block":{ "shape":"MatchScore", @@ -317,6 +324,10 @@ "Building":{ "shape":"MatchScore", "documentation":"

    The name of the building at the address.

    " + }, + "SecondaryAddressComponents":{ + "shape":"SecondaryAddressComponentMatchScoreList", + "documentation":"

    Match scores for the secondary address components in the result.

    " } }, "documentation":"

    Indicates how well the entire input matches the returned. It is equal to 1 if all input tokens are recognized and matched.

    " @@ -372,37 +383,44 @@ "AddressDistrictString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressLabelString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressLocalityString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressPostalCodeString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "AddressStreetString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressSubBlockString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "AddressSubDistrictString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "ApiKey":{ "type":"string", @@ -457,11 +475,11 @@ }, "Block":{ "shape":"HighlightList", - "documentation":"

    Name of the block. Example: Sunny Mansion 203 block: 2 Chome

    " + "documentation":"

    Name of the block.

    Example: Sunny Mansion 203 block: 2 Chome

    " }, "SubBlock":{ "shape":"HighlightList", - "documentation":"

    Name of sub-block. Example Sunny Mansion 203 sub-block: 4

    " + "documentation":"

    Name of sub-block.

    Example: Sunny Mansion 203 sub-block: 4

    " }, "Intersection":{ "shape":"IntersectionHighlightsList", @@ -469,7 +487,7 @@ }, "PostalCode":{ "shape":"HighlightList", - "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should posses.

    " + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should possess.

    " }, "AddressNumber":{ "shape":"HighlightList", @@ -499,7 +517,7 @@ "documentation":"

    The included place types.

    " } }, - "documentation":"

    Autocomplete structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    Autocomplete structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AutocompleteFilterPlaceType":{ "type":"string", @@ -538,7 +556,7 @@ "members":{ "QueryText":{ "shape":"AutocompleteRequestQueryTextString", - "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    " + "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "MaxResults":{ "shape":"AutocompleteRequestMaxResultsInteger", @@ -550,11 +568,11 @@ }, "Filter":{ "shape":"AutocompleteFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "PostalCodeMode":{ "shape":"PostalCodeMode", - "documentation":"

    The PostalCodeMode affects how postal code results are returned. If a postal code spans multiple localities and this value is empty, partial district or locality information may be returned under a single postal code result entry. If it's populated with the value cityLookup, all cities in that postal code are returned.

    " + "documentation":"

    The PostalCodeMode affects how postal code results are returned. If a postal code spans multiple localities and this value is empty, partial district or locality information may be returned under a single postal code result entry. If it's populated with the value EnumerateSpannedLocalities, all cities in that postal code are returned.

    " }, "AdditionalFeatures":{ "shape":"AutocompleteAdditionalFeatureList", @@ -566,7 +584,7 @@ }, "PoliticalView":{ "shape":"CountryCode", - "documentation":"

    The alpha-2 or alpha-3 character code for the political view of a country. The political view applies to the results of the request to represent unresolved territorial claims through the point of view of the specified country.

    " + "documentation":"

    The alpha-2 or alpha-3 character code for the political view of a country. The political view applies to the results of the request to represent unresolved territorial claims through the point of view of the specified country.

    The following political views are currently supported:

    • ARG: Argentina's view on the Southern Patagonian Ice Field and Tierra Del Fuego, including the Falkland Islands, South Georgia, and South Sandwich Islands

    • EGY: Egypt's view on Bir Tawil

    • IND: India's view on Gilgit-Baltistan

    • KEN: Kenya's view on the Ilemi Triangle

    • MAR: Morocco's view on Western Sahara

    • RUS: Russia's view on Crimea

    • SDN: Sudan's view on the Halaib Triangle

    • SRB: Serbia's view on Kosovo, Vukovar, and Sarengrad Islands

    • SUR: Suriname's view on the Courantyne Headwaters and Lawa Headwaters

    • SYR: Syria's view on the Golan Heights

    • TUR: Turkey's view on Cyprus and Northern Cyprus

    • TZA: Tanzania's view on Lake Malawi

    • URY: Uruguay's view on Rincon de Artigas

    • VNM: Vietnam's view on the Paracel Islands and Spratly Islands

    " }, "IntendedUse":{ "shape":"AutocompleteIntendedUse", @@ -598,7 +616,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -659,17 +677,15 @@ }, "AutocompleteResultItemPlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "AutocompleteResultItemTitleString":{ "type":"string", "max":200, - "min":0 - }, - "Boolean":{ - "type":"boolean", - "box":true + "min":0, + "sensitive":true }, "BoundingBox":{ "type":"list", @@ -695,7 +711,8 @@ "BusinessChainIdString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "BusinessChainList":{ "type":"list", @@ -706,7 +723,8 @@ "BusinessChainNameString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "Category":{ "type":"structure", @@ -728,7 +746,7 @@ "documentation":"

    Localized name of the category type.

    " }, "Primary":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean which indicates if this category is the primary offered by the place.

    " } }, @@ -737,7 +755,8 @@ "CategoryIdString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "CategoryList":{ "type":"list", @@ -748,26 +767,28 @@ "CategoryLocalizedNameString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "CategoryNameString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "ComponentMatchScores":{ "type":"structure", "members":{ "Title":{ "shape":"MatchScore", - "documentation":"

    Indicates the starting and ending index of the title in the text query that match the found title.

    " + "documentation":"

    Indicates the match score of the title in the text query that match the found title.

    " }, "Address":{ "shape":"AddressComponentMatchScores", "documentation":"

    The place's address.

    " } }, - "documentation":"

    Indicates how well the input matches the returned element. It is equal to 1 if all input tokens are recognized and matched to the title in the result.

    " + "documentation":"

    Indicates how well the returned title and address components matches the input TextQuery. For each component a score is provied with 1 indicating all tokens were matched and 0 indicating no tokens were matched.

    " }, "ContactDetails":{ "type":"structure", @@ -790,7 +811,8 @@ "ContactDetailsLabelString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "ContactDetailsList":{ "type":"list", @@ -801,7 +823,8 @@ "ContactDetailsValueString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "Contacts":{ "type":"structure", @@ -847,19 +870,22 @@ "type":"string", "max":3, "min":2, - "pattern":"([A-Z]{2}|[A-Z]{3})" + "pattern":"([A-Z]{2}|[A-Z]{3})", + "sensitive":true }, "CountryCode2":{ "type":"string", "max":2, "min":2, - "pattern":"[A-Z]{2}" + "pattern":"[A-Z]{2}", + "sensitive":true }, "CountryCode3":{ "type":"string", "max":3, "min":3, - "pattern":"[A-Z]{3}" + "pattern":"[A-Z]{3}", + "sensitive":true }, "CountryCodeList":{ "type":"list", @@ -884,12 +910,14 @@ "CountryNameString":{ "type":"string", "max":100, - "min":0 + "min":0, + "sensitive":true }, "DistanceMeters":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "Double":{ "type":"double", @@ -904,7 +932,8 @@ "FilterBusinessChainListMemberString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "FilterCategoryList":{ "type":"list", @@ -915,7 +944,8 @@ "FilterCategoryListMemberString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "FilterCircle":{ "type":"structure", @@ -940,7 +970,8 @@ "FilterCircleRadiusLong":{ "type":"long", "max":21000000, - "min":1 + "min":1, + "sensitive":true }, "FilterFoodTypeList":{ "type":"list", @@ -951,7 +982,8 @@ "FilterFoodTypeListMemberString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "FoodType":{ "type":"structure", @@ -966,7 +998,7 @@ "documentation":"

    The Food Type Id.

    " }, "Primary":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean which indicates if this food type is the primary offered by the place. For example, if a location serves fast food, but also dessert, he primary would likely be fast food.

    " } }, @@ -975,7 +1007,8 @@ "FoodTypeIdString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "FoodTypeList":{ "type":"list", @@ -986,13 +1019,16 @@ "FoodTypeLocalizedNameString":{ "type":"string", "max":100, - "min":1 + "min":1, + "sensitive":true }, "GeocodeAdditionalFeature":{ "type":"string", "enum":[ "TimeZone", - "Access" + "Access", + "SecondaryAddresses", + "Intersections" ] }, "GeocodeAdditionalFeatureList":{ @@ -1013,7 +1049,7 @@ "documentation":"

    The included place types.

    " } }, - "documentation":"

    Geocode structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    Geocode structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "GeocodeFilterPlaceType":{ "type":"string", @@ -1024,7 +1060,8 @@ "Street", "PointAddress", "InterpolatedAddress" - ] + ], + "sensitive":true }, "GeocodeFilterPlaceTypeList":{ "type":"list", @@ -1039,6 +1076,78 @@ "Storage" ] }, + "GeocodeParsedQuery":{ + "type":"structure", + "members":{ + "Title":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The localized display name of this result item based on request parameter language.

    " + }, + "Address":{ + "shape":"GeocodeParsedQueryAddressComponents", + "documentation":"

    The place address.

    " + } + }, + "documentation":"

    Parsed components in the provided QueryText.

    " + }, + "GeocodeParsedQueryAddressComponents":{ + "type":"structure", + "members":{ + "Country":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The alpha-2 or alpha-3 character code for the country that the results will be present in.

    " + }, + "Region":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The region or state results should be present in.

    Example: North Rhine-Westphalia.

    " + }, + "SubRegion":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The sub-region or county for which results should be present in.

    " + }, + "Locality":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The city or locality of the address.

    Example: Vancouver.

    " + }, + "District":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The district or division of a city the results should be present in.

    " + }, + "SubDistrict":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    A subdivision of a district.

    Example: Minden-Lübbecke.

    " + }, + "PostalCode":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code, for which the result should possess.

    " + }, + "Block":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    Name of the block.

    Example: Sunny Mansion 203 block: 2 Chome

    " + }, + "SubBlock":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    Name of sub-block.

    Example: Sunny Mansion 203 sub-block: 4

    " + }, + "Street":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The name of the street results should be present in.

    " + }, + "AddressNumber":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The number that identifies an address within a street.

    " + }, + "Building":{ + "shape":"ParsedQueryComponentList", + "documentation":"

    The name of the building at the address.

    " + }, + "SecondaryAddressComponents":{ + "shape":"ParsedQuerySecondaryAddressComponentList", + "documentation":"

    Parsed secondary address components from the provided query text.

    " + } + }, + "documentation":"

    Parsed address components in the provided QueryText.

    " + }, "GeocodeQueryComponents":{ "type":"structure", "members":{ @@ -1056,7 +1165,7 @@ }, "Locality":{ "shape":"GeocodeQueryComponentsLocalityString", - "documentation":"

    City or locality results should be present in.

    Example: Vancouver.

    " + "documentation":"

    The city or locality results should be present in.

    Example: Vancouver.

    " }, "District":{ "shape":"GeocodeQueryComponentsDistrictString", @@ -1072,7 +1181,7 @@ }, "PostalCode":{ "shape":"GeocodeQueryComponentsPostalCodeString", - "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should posses.

    " + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should possess.

    " } }, "documentation":"

    A structured free text query allows you to search for places by the name or text representation of specific properties of the place.

    " @@ -1138,7 +1247,7 @@ "members":{ "QueryText":{ "shape":"GeocodeRequestQueryTextString", - "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    " + "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "QueryComponents":{"shape":"GeocodeQueryComponents"}, "MaxResults":{ @@ -1151,7 +1260,7 @@ }, "Filter":{ "shape":"GeocodeFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AdditionalFeatures":{ "shape":"GeocodeAdditionalFeatureList", @@ -1167,7 +1276,7 @@ }, "IntendedUse":{ "shape":"GeocodeIntendedUse", - "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    " + "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    Storing the response of an Geocode query is required to comply with service terms, but charged at a higher cost per request. Please review the user agreement and service pricing structure to determine the correct setting for your use case.

    " }, "Key":{ "shape":"ApiKey", @@ -1195,7 +1304,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -1215,7 +1324,7 @@ "members":{ "PlaceId":{ "shape":"GeocodeResultItemPlaceIdString", - "documentation":"

    The PlaceId of the place you wish to receive the information for.

    " + "documentation":"

    The PlaceId of the place result.

    " }, "PlaceType":{ "shape":"PlaceType", @@ -1230,7 +1339,7 @@ "documentation":"

    The place's address.

    " }, "AddressNumberCorrected":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean indicating if the address provided has been corrected.

    " }, "PostalCodeDetails":{ @@ -1259,7 +1368,7 @@ }, "AccessPoints":{ "shape":"AccessPointList", - "documentation":"

    Position of the access point represent by longitude and latitude.

    " + "documentation":"

    Position of the access point represented by longitude and latitude.

    " }, "TimeZone":{ "shape":"TimeZone", @@ -1272,6 +1381,22 @@ "MatchScores":{ "shape":"MatchScoreDetails", "documentation":"

    Indicates how well the entire input matches the returned. It is equal to 1 if all input tokens are recognized and matched.

    " + }, + "ParsedQuery":{ + "shape":"GeocodeParsedQuery", + "documentation":"

    Free-form text query.

    " + }, + "Intersections":{ + "shape":"IntersectionList", + "documentation":"

    All Intersections that are near the provided address.

    " + }, + "MainAddress":{ + "shape":"RelatedPlace", + "documentation":"

    The main address corresponding to a place of type Secondary Address.

    " + }, + "SecondaryAddresses":{ + "shape":"RelatedPlaceList", + "documentation":"

    All secondary addresses that are associated with a main address. A secondary address is one that includes secondary designators, such as a Suite or Unit Number, Building, or Floor information.

    " } }, "documentation":"

    The Geocoded result.

    " @@ -1284,13 +1409,15 @@ }, "GeocodeResultItemPlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "GeocodeResultItemTitleString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "GetPlaceAdditionalFeature":{ "type":"string", @@ -1298,7 +1425,8 @@ "TimeZone", "Phonemes", "Access", - "Contact" + "Contact", + "SecondaryAddresses" ] }, "GetPlaceAdditionalFeatureList":{ @@ -1344,7 +1472,7 @@ }, "IntendedUse":{ "shape":"GetPlaceIntendedUse", - "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    ", + "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    Storing the response of an GetPlace query is required to comply with service terms, but charged at a higher cost per request. Please review the user agreement and service pricing structure to determine the correct setting for your use case.

    ", "location":"querystring", "locationName":"intended-use" }, @@ -1358,7 +1486,7 @@ }, "GetPlaceRequestPlaceIdString":{ "type":"string", - "max":200, + "max":500, "min":0, "sensitive":true }, @@ -1381,11 +1509,11 @@ }, "Title":{ "shape":"GetPlaceResponseTitleString", - "documentation":"

    The localized display name of this result item based on request parameter language.

    " + "documentation":"

    The localized display name of this result item based on request parameter language.

    " }, "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -1394,7 +1522,7 @@ "documentation":"

    The place's address.

    " }, "AddressNumberCorrected":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean indicating if the address provided has been corrected.

    " }, "PostalCodeDetails":{ @@ -1448,18 +1576,28 @@ "Phonemes":{ "shape":"PhonemeDetails", "documentation":"

    How the various components of the result's address are pronounced in various languages.

    " + }, + "MainAddress":{ + "shape":"RelatedPlace", + "documentation":"

    The main address corresponding to a place of type Secondary Address.

    " + }, + "SecondaryAddresses":{ + "shape":"RelatedPlaceList", + "documentation":"

    All secondary addresses that are associated with a main address. A secondary address is one that includes secondary designators, such as a Suite or Unit Number, Building, or Floor information.

    " } } }, "GetPlaceResponsePlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "GetPlaceResponseTitleString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "Highlight":{ "type":"structure", @@ -1477,7 +1615,7 @@ "documentation":"

    The highlight's value.

    " } }, - "documentation":"

    Describes how parts of the result response match the input query.

    " + "documentation":"

    Indicates the starting and ending index of the text query that match the found title.

    " }, "HighlightEndIndexInteger":{ "type":"integer", @@ -1498,7 +1636,8 @@ "HighlightValueString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "InternalServerException":{ "type":"structure", @@ -1515,6 +1654,47 @@ "fault":true, "retryable":{"throttling":false} }, + "Intersection":{ + "type":"structure", + "required":[ + "PlaceId", + "Title" + ], + "members":{ + "PlaceId":{ + "shape":"IntersectionPlaceIdString", + "documentation":"

    The PlaceId of the place result.

    " + }, + "Title":{ + "shape":"IntersectionTitleString", + "documentation":"

    The localized display name of this result item based on request parameter language.

    " + }, + "Address":{"shape":"Address"}, + "Position":{ + "shape":"Position", + "documentation":"

    The position, in longitude and latitude.

    " + }, + "Distance":{ + "shape":"DistanceMeters", + "documentation":"

    The distance in meters from the QueryPosition.

    ", + "box":true + }, + "RouteDistance":{ + "shape":"DistanceMeters", + "documentation":"

    The distance from the routing position of the nearby address to the street result.

    ", + "box":true + }, + "MapView":{ + "shape":"BoundingBox", + "documentation":"

    The bounding box enclosing the geometric shape (area or line) that an individual result covers.

    The bounding box formed is defined as a set of four coordinates: [{westward lng}, {southern lat}, {eastward lng}, {northern lat}]

    " + }, + "AccessPoints":{ + "shape":"AccessPointList", + "documentation":"

    Position of the access point represented by longitude and latitude.

    " + } + }, + "documentation":"

    All Intersections that are near the provided address.

    " + }, "IntersectionHighlightsList":{ "type":"list", "member":{"shape":"HighlightList"}, @@ -1523,15 +1703,32 @@ }, "IntersectionList":{ "type":"list", - "member":{"shape":"IntersectionStreet"}, - "max":100, + "member":{"shape":"Intersection"}, "min":1 }, + "IntersectionPlaceIdString":{ + "type":"string", + "max":500, + "min":0, + "sensitive":true + }, "IntersectionStreet":{ "type":"string", "max":200, "min":0 }, + "IntersectionStreetList":{ + "type":"list", + "member":{"shape":"IntersectionStreet"}, + "max":100, + "min":1 + }, + "IntersectionTitleString":{ + "type":"string", + "max":200, + "min":0, + "sensitive":true + }, "LanguageTag":{ "type":"string", "max":35, @@ -1564,7 +1761,7 @@ "documentation":"

    List of opening hours in the format they are displayed in. This can vary by result and in most cases represents how the result uniquely formats their opening hours.

    " }, "OpenNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean which indicates if the result/place is currently open.

    " }, "Components":{ @@ -1605,22 +1802,26 @@ "OpeningHoursComponentsOpenDurationString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "OpeningHoursComponentsOpenTimeString":{ "type":"string", "max":21, - "min":0 + "min":0, + "sensitive":true }, "OpeningHoursComponentsRecurrenceString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "OpeningHoursDisplay":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "OpeningHoursDisplayList":{ "type":"list", @@ -1634,6 +1835,123 @@ "max":100, "min":1 }, + "ParsedQueryComponent":{ + "type":"structure", + "members":{ + "StartIndex":{ + "shape":"ParsedQueryComponentStartIndexInteger", + "documentation":"

    Start index of the parsed query component.

    " + }, + "EndIndex":{ + "shape":"ParsedQueryComponentEndIndexInteger", + "documentation":"

    End index of the parsed query component.

    " + }, + "Value":{ + "shape":"ParsedQueryComponentValueString", + "documentation":"

    Value of the parsed query component.

    " + }, + "QueryComponent":{ + "shape":"ParsedQueryComponentQueryComponentString", + "documentation":"

    The address component that the parsed query component corresponds to.

    " + } + }, + "documentation":"

    Parsed components in the provided QueryText.

    " + }, + "ParsedQueryComponentEndIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "ParsedQueryComponentList":{ + "type":"list", + "member":{"shape":"ParsedQueryComponent"}, + "max":200, + "min":0 + }, + "ParsedQueryComponentQueryComponentString":{ + "type":"string", + "max":11, + "min":0, + "sensitive":true + }, + "ParsedQueryComponentStartIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "ParsedQueryComponentValueString":{ + "type":"string", + "max":200, + "min":0, + "sensitive":true + }, + "ParsedQuerySecondaryAddressComponent":{ + "type":"structure", + "required":[ + "StartIndex", + "EndIndex", + "Value", + "Number", + "Designator" + ], + "members":{ + "StartIndex":{ + "shape":"ParsedQuerySecondaryAddressComponentStartIndexInteger", + "documentation":"

    Start index of the parsed secondary address component in the query text.

    " + }, + "EndIndex":{ + "shape":"ParsedQuerySecondaryAddressComponentEndIndexInteger", + "documentation":"

    End index of the parsed secondary address component in the query text.

    " + }, + "Value":{ + "shape":"ParsedQuerySecondaryAddressComponentValueString", + "documentation":"

    Value of the parsed secondary address component.

    " + }, + "Number":{ + "shape":"ParsedQuerySecondaryAddressComponentNumberString", + "documentation":"

    Secondary address number provided in the query.

    " + }, + "Designator":{ + "shape":"ParsedQuerySecondaryAddressComponentDesignatorString", + "documentation":"

    Secondary address designator provided in the query.

    " + } + }, + "documentation":"

    Information about a secondary address component parsed from the query text.

    " + }, + "ParsedQuerySecondaryAddressComponentDesignatorString":{ + "type":"string", + "max":4, + "min":0, + "sensitive":true + }, + "ParsedQuerySecondaryAddressComponentEndIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "ParsedQuerySecondaryAddressComponentList":{ + "type":"list", + "member":{"shape":"ParsedQuerySecondaryAddressComponent"}, + "max":200, + "min":0 + }, + "ParsedQuerySecondaryAddressComponentNumberString":{ + "type":"string", + "max":10, + "min":0, + "sensitive":true + }, + "ParsedQuerySecondaryAddressComponentStartIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "ParsedQuerySecondaryAddressComponentValueString":{ + "type":"string", + "max":200, + "min":0, + "sensitive":true + }, "PhonemeDetails":{ "type":"structure", "members":{ @@ -1660,7 +1978,7 @@ "documentation":"

    A list of BCP 47 compliant language codes for the results to be rendered in. If there is no data for the result in the requested language, data will be returned in the default language for the entry.

    " }, "Preferred":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean which indicates if it the preferred pronunciation.

    " } }, @@ -1675,7 +1993,8 @@ "PhonemeTranscriptionValueString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "PlaceType":{ "type":"string", @@ -1693,8 +2012,10 @@ "Street", "PointOfInterest", "PointAddress", - "InterpolatedAddress" - ] + "InterpolatedAddress", + "SecondaryAddress" + ], + "sensitive":true }, "Position":{ "type":"list", @@ -1705,14 +2026,15 @@ }, "PostalAuthority":{ "type":"string", - "enum":["Usps"] + "enum":["Usps"], + "sensitive":true }, "PostalCodeDetails":{ "type":"structure", "members":{ "PostalCode":{ "shape":"PostalCodeDetailsPostalCodeString", - "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should posses.

    " + "documentation":"

    An alphanumeric string included in a postal address to facilitate mail sorting, such as post code, postcode, or ZIP code for which the result should possess.

    " }, "PostalAuthority":{ "shape":"PostalAuthority", @@ -1742,7 +2064,8 @@ "PostalCodeDetailsPostalCodeString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "PostalCodeMode":{ "type":"string", @@ -1756,7 +2079,8 @@ "enum":[ "UspsZip", "UspsZipPlus4" - ] + ], + "sensitive":true }, "QueryRefinement":{ "type":"structure", @@ -1800,12 +2124,14 @@ "QueryRefinementOriginalTermString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "QueryRefinementRefinedTermString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "QueryRefinementStartIndexInteger":{ "type":"integer", @@ -1828,7 +2154,8 @@ "PostOfficeBox", "Rural", "Street" - ] + ], + "sensitive":true }, "Region":{ "type":"structure", @@ -1847,7 +2174,8 @@ "RegionCodeString":{ "type":"string", "max":3, - "min":0 + "min":0, + "sensitive":true }, "RegionHighlights":{ "type":"structure", @@ -1866,13 +2194,64 @@ "RegionNameString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true + }, + "RelatedPlace":{ + "type":"structure", + "required":[ + "PlaceId", + "PlaceType", + "Title" + ], + "members":{ + "PlaceId":{ + "shape":"RelatedPlacePlaceIdString", + "documentation":"

    The PlaceId of the place result.

    " + }, + "PlaceType":{ + "shape":"PlaceType", + "documentation":"

    A PlaceType is a category that the result place must belong to.

    " + }, + "Title":{ + "shape":"RelatedPlaceTitleString", + "documentation":"

    The localized display name of this result item based on request parameter language.

    " + }, + "Address":{"shape":"Address"}, + "Position":{ + "shape":"Position", + "documentation":"

    The position, in longitude and latitude.

    " + }, + "AccessPoints":{ + "shape":"AccessPointList", + "documentation":"

    Position of the access point represented by longitude and latitude.

    " + } + }, + "documentation":"

    Place that is related to the result item.

    " + }, + "RelatedPlaceList":{ + "type":"list", + "member":{"shape":"RelatedPlace"}, + "min":1 + }, + "RelatedPlacePlaceIdString":{ + "type":"string", + "max":500, + "min":0, + "sensitive":true + }, + "RelatedPlaceTitleString":{ + "type":"string", + "max":200, + "min":0, + "sensitive":true }, "ReverseGeocodeAdditionalFeature":{ "type":"string", "enum":[ "TimeZone", - "Access" + "Access", + "Intersections" ] }, "ReverseGeocodeAdditionalFeatureList":{ @@ -1920,7 +2299,7 @@ "members":{ "QueryPosition":{ "shape":"Position", - "documentation":"

    The position, in [lng, lat] for which you are querying nearby resultsfor. Results closer to the position will be ranked higher then results further away from the position

    " + "documentation":"

    The position, in [lng, lat] for which you are querying nearby results for. Results closer to the position will be ranked higher then results further away from the position

    " }, "QueryRadius":{ "shape":"ReverseGeocodeRequestQueryRadiusLong", @@ -1933,7 +2312,7 @@ }, "Filter":{ "shape":"ReverseGeocodeFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AdditionalFeatures":{ "shape":"ReverseGeocodeAdditionalFeatureList", @@ -1949,7 +2328,7 @@ }, "IntendedUse":{ "shape":"ReverseGeocodeIntendedUse", - "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    " + "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    Storing the response of an ReverseGeocode query is required to comply with service terms, but charged at a higher cost per request. Please review the user agreement and service pricing structure to determine the correct setting for your use case.

    " }, "Key":{ "shape":"ApiKey", @@ -1968,7 +2347,8 @@ "ReverseGeocodeRequestQueryRadiusLong":{ "type":"long", "max":21000000, - "min":1 + "min":1, + "sensitive":true }, "ReverseGeocodeResponse":{ "type":"structure", @@ -1976,7 +2356,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -2011,7 +2391,7 @@ "documentation":"

    The place's address.

    " }, "AddressNumberCorrected":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean indicating if the address provided has been corrected.

    " }, "PostalCodeDetails":{ @@ -2040,7 +2420,7 @@ }, "AccessPoints":{ "shape":"AccessPointList", - "documentation":"

    Position of the access point represent by longitude and latitude.

    " + "documentation":"

    Position of the access point represented by longitude and latitude.

    " }, "TimeZone":{ "shape":"TimeZone", @@ -2049,6 +2429,10 @@ "PoliticalView":{ "shape":"CountryCode3", "documentation":"

    The alpha-2 or alpha-3 character code for the political view of a country. The political view applies to the results of the request to represent unresolved territorial claims through the point of view of the specified country.

    " + }, + "Intersections":{ + "shape":"IntersectionList", + "documentation":"

    All Intersections that are near the provided address.

    " } }, "documentation":"

    The returned location from the Reverse Geocode action.

    " @@ -2061,13 +2445,15 @@ }, "ReverseGeocodeResultItemPlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "ReverseGeocodeResultItemTitleString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "SearchNearbyAdditionalFeature":{ "type":"string", @@ -2120,7 +2506,7 @@ "documentation":"

    Food types that results are excluded from.

    " } }, - "documentation":"

    SearchNearby structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    SearchNearby structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "SearchNearbyIntendedUse":{ "type":"string", @@ -2135,11 +2521,11 @@ "members":{ "QueryPosition":{ "shape":"Position", - "documentation":"

    The position, in [lng, lat] for which you are querying nearby resultsfor. Results closer to the position will be ranked higher then results further away from the position

    " + "documentation":"

    The position, in [lng, lat] for which you are querying nearby results for. Results closer to the position will be ranked higher then results further away from the position

    " }, "QueryRadius":{ "shape":"SearchNearbyRequestQueryRadiusLong", - "documentation":"

    The maximum distance in meters from the QueryPosition from which a result will be returned.

    ", + "documentation":"

    The maximum distance in meters from the QueryPosition from which a result will be returned.

    The fields QueryText, and QueryID are mutually exclusive.

    ", "box":true }, "MaxResults":{ @@ -2148,7 +2534,7 @@ }, "Filter":{ "shape":"SearchNearbyFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AdditionalFeatures":{ "shape":"SearchNearbyAdditionalFeatureList", @@ -2164,7 +2550,7 @@ }, "IntendedUse":{ "shape":"SearchNearbyIntendedUse", - "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    " + "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    Storing the response of an SearchNearby query is required to comply with service terms, but charged at a higher cost per request. Please review the user agreement and service pricing structure to determine the correct setting for your use case.

    " }, "NextToken":{ "shape":"Token", @@ -2187,7 +2573,8 @@ "SearchNearbyRequestQueryRadiusLong":{ "type":"long", "max":21000000, - "min":1 + "min":1, + "sensitive":true }, "SearchNearbyResponse":{ "type":"structure", @@ -2195,7 +2582,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -2234,7 +2621,7 @@ "documentation":"

    The place's address.

    " }, "AddressNumberCorrected":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean indicating if the address provided has been corrected.

    " }, "Position":{ @@ -2300,13 +2687,15 @@ }, "SearchNearbyResultItemPlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "SearchNearbyResultItemTitleString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "SearchTextAdditionalFeature":{ "type":"string", @@ -2336,7 +2725,7 @@ "documentation":"

    A list of countries that all results must be in. Countries are represented by either their alpha-2 or alpha-3 character codes.

    " } }, - "documentation":"

    SearchText structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    SearchText structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "SearchTextIntendedUse":{ "type":"string", @@ -2350,11 +2739,11 @@ "members":{ "QueryText":{ "shape":"SearchTextRequestQueryTextString", - "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    " + "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "QueryId":{ "shape":"SearchTextRequestQueryIdString", - "documentation":"

    The query Id.

    " + "documentation":"

    The query Id returned by the suggest API. If passed in the request, the SearchText API will preform a SearchText query with the improved query terms for the original query made to the suggest API.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "MaxResults":{ "shape":"SearchTextRequestMaxResultsInteger", @@ -2366,7 +2755,7 @@ }, "Filter":{ "shape":"SearchTextFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AdditionalFeatures":{ "shape":"SearchTextAdditionalFeatureList", @@ -2382,7 +2771,7 @@ }, "IntendedUse":{ "shape":"SearchTextIntendedUse", - "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    " + "documentation":"

    Indicates if the results will be stored. Defaults to SingleUse, if left empty.

    Storing the response of an SearchText query is required to comply with service terms, but charged at a higher cost per request. Please review the user agreement and service pricing structure to determine the correct setting for your use case.

    " }, "NextToken":{ "shape":"Token", @@ -2404,7 +2793,7 @@ }, "SearchTextRequestQueryIdString":{ "type":"string", - "max":400, + "max":500, "min":1, "sensitive":true }, @@ -2420,7 +2809,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -2459,7 +2848,7 @@ "documentation":"

    The place's address.

    " }, "AddressNumberCorrected":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Boolean indicating if the address provided has been corrected.

    " }, "Position":{ @@ -2525,24 +2914,68 @@ }, "SearchTextResultItemPlaceIdString":{ "type":"string", - "max":200, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "SearchTextResultItemTitleString":{ "type":"string", "max":200, + "min":0, + "sensitive":true + }, + "SecondaryAddressComponent":{ + "type":"structure", + "required":["Number"], + "members":{ + "Number":{ + "shape":"SecondaryAddressComponentNumberString", + "documentation":"

    Number that uniquely identifies a secondary address.

    " + } + }, + "documentation":"

    Components that correspond to secondary identifiers on an address. The only component type supported currently is Unit.

    " + }, + "SecondaryAddressComponentList":{ + "type":"list", + "member":{"shape":"SecondaryAddressComponent"}, + "max":1, "min":0 }, + "SecondaryAddressComponentMatchScore":{ + "type":"structure", + "members":{ + "Number":{ + "shape":"MatchScore", + "documentation":"

    Match score for the secondary address number.

    " + } + }, + "documentation":"

    Match score for a secondary address component in the result.

    " + }, + "SecondaryAddressComponentMatchScoreList":{ + "type":"list", + "member":{"shape":"SecondaryAddressComponentMatchScore"} + }, + "SecondaryAddressComponentNumberString":{ + "type":"string", + "max":10, + "min":0, + "sensitive":true + }, + "SensitiveBoolean":{ + "type":"boolean", + "box":true, + "sensitive":true + }, "StreetComponents":{ "type":"structure", "members":{ "BaseName":{ "shape":"StreetComponentsBaseNameString", - "documentation":"

    Base name part of the street name.

    Example: Younge from the “Younge street\".

    " + "documentation":"

    Base name part of the street name.

    Example: Younge from the \"Younge street\".

    " }, "Type":{ "shape":"StreetComponentsTypeString", - "documentation":"

    Street type part of the street name.

    Example: “avenue\".

    " + "documentation":"

    Street type part of the street name.

    Example: \"avenue\".

    " }, "TypePlacement":{ "shape":"TypePlacement", @@ -2550,7 +2983,7 @@ }, "TypeSeparator":{ "shape":"TypeSeparator", - "documentation":"

    What character(s) separates the string from its type.

    " + "documentation":"

    Defines a separator character such as \"\" or \" \" between the base name and type.

    " }, "Prefix":{ "shape":"StreetComponentsPrefixString", @@ -2574,12 +3007,14 @@ "StreetComponentsBaseNameString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "StreetComponentsDirectionString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "StreetComponentsList":{ "type":"list", @@ -2590,17 +3025,20 @@ "StreetComponentsPrefixString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "StreetComponentsSuffixString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "StreetComponentsTypeString":{ "type":"string", "max":50, - "min":0 + "min":0, + "sensitive":true }, "String":{"type":"string"}, "SubRegion":{ @@ -2620,7 +3058,8 @@ "SubRegionCodeString":{ "type":"string", "max":3, - "min":0 + "min":0, + "sensitive":true }, "SubRegionHighlights":{ "type":"structure", @@ -2639,7 +3078,8 @@ "SubRegionNameString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "SuggestAdditionalFeature":{ "type":"string", @@ -2679,7 +3119,7 @@ "documentation":"

    A list of countries that all results must be in. Countries are represented by either their alpha-2 or alpha-3 character codes.

    " } }, - "documentation":"

    SuggestFilter structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    SuggestFilter structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "SuggestHighlights":{ "type":"structure", @@ -2763,27 +3203,29 @@ }, "SuggestPlaceResultPlaceIdString":{ "type":"string", - "max":200, - "min":1 + "max":500, + "min":1, + "sensitive":true }, "SuggestQueryResult":{ "type":"structure", "members":{ "QueryId":{ "shape":"SuggestQueryResultQueryIdString", - "documentation":"

    QueryId can be used to complete a follow up query through the SearchText API. The QueryId retains context from the original Suggest request such as filters, political view and language. See the SearchText API documentation for more details SearchText API docs.

    " + "documentation":"

    QueryId can be used to complete a follow up query through the SearchText API. The QueryId retains context from the original Suggest request such as filters, political view and language. See the SearchText API documentation for more details SearchText API docs.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "QueryType":{ "shape":"QueryType", - "documentation":"

    The query type. Category qeuries will search for places which have an entry matching the given category, for example \"doctor office\". BusinessChain queries will search for instances of a given business.

    " + "documentation":"

    The query type. Category queries will search for places which have an entry matching the given category, for example \"doctor office\". BusinessChain queries will search for instances of a given business.

    " } }, "documentation":"

    The suggested query results.

    " }, "SuggestQueryResultQueryIdString":{ "type":"string", - "max":400, - "min":0 + "max":500, + "min":0, + "sensitive":true }, "SuggestRequest":{ "type":"structure", @@ -2791,7 +3233,7 @@ "members":{ "QueryText":{ "shape":"SuggestRequestQueryTextString", - "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    " + "documentation":"

    The free-form text query to match addresses against. This is usually a partially typed address from an end user in an address box or form.

    The fields QueryText, and QueryID are mutually exclusive.

    " }, "MaxResults":{ "shape":"SuggestRequestMaxResultsInteger", @@ -2807,7 +3249,7 @@ }, "Filter":{ "shape":"SuggestFilter", - "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must posses in order to be returned as a result.

    " + "documentation":"

    A structure which contains a set of inclusion/exclusion properties that results must possess in order to be returned as a result.

    " }, "AdditionalFeatures":{ "shape":"SuggestAdditionalFeatureList", @@ -2857,7 +3299,7 @@ "members":{ "PricingBucket":{ "shape":"String", - "documentation":"

    The pricing bucket for which the query is charged at.

    For more inforamtion on pricing, please visit Amazon Location Service Pricing.

    ", + "documentation":"

    The pricing bucket for which the query is charged at.

    For more information on pricing, please visit Amazon Location Service Pricing.

    ", "location":"header", "locationName":"x-amz-geo-pricing-bucket" }, @@ -2907,7 +3349,8 @@ "SuggestResultItemTitleString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "SuggestResultItemType":{ "type":"string", @@ -2955,16 +3398,19 @@ "TimeZoneNameString":{ "type":"string", "max":200, - "min":0 + "min":0, + "sensitive":true }, "TimeZoneOffsetSecondsLong":{ "type":"long", - "min":0 + "min":0, + "sensitive":true }, "TimeZoneOffsetString":{ "type":"string", "max":6, - "min":0 + "min":0, + "sensitive":true }, "Token":{ "type":"string", @@ -3075,7 +3521,8 @@ "Military", "PostOfficeBoxes", "Unique" - ] + ], + "sensitive":true } }, "documentation":"

    The Places API enables powerful location search and geocoding capabilities for your applications, offering global coverage with rich, detailed information. Key features include:

    • Forward and reverse geocoding for addresses and coordinates

    • Comprehensive place searches with detailed information, including:

      • Business names and addresses

      • Contact information

      • Hours of operation

      • POI (Points of Interest) categories

      • Food types for restaurants

      • Chain affiliation for relevant businesses

    • Global data coverage with a wide range of POI categories

    • Regular data updates to ensure accuracy and relevance

    " diff -pruN 2.23.6-1/awscli/botocore/data/geo-routes/2020-11-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/geo-routes/2020-11-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/geo-routes/2020-11-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-routes/2020-11-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/geo-routes/2020-11-19/service-2.json 2.31.35-1/awscli/botocore/data/geo-routes/2020-11-19/service-2.json --- 2.23.6-1/awscli/botocore/data/geo-routes/2020-11-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/geo-routes/2020-11-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -45,7 +45,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Calculates route matrix containing the results for all pairs of Origins to Destinations. Each row corresponds to one entry in Origins. Each entry in the row corresponds to the route from that entry in Origins to an entry in Destinations positions.

    " + "documentation":"

    Use CalculateRouteMatrix to compute results for all pairs of Origins to Destinations. Each row corresponds to one entry in Origins. Each entry in the row corresponds to the route from that entry in Origins to an entry in Destinations positions.

    " }, "CalculateRoutes":{ "name":"CalculateRoutes", @@ -62,7 +62,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Calculates a route given the following required parameters: Origin and Destination.

    " + "documentation":"

    CalculateRoutes computes routes given the following required parameters: Origin and Destination.

    " }, "OptimizeWaypoints":{ "name":"OptimizeWaypoints", @@ -79,7 +79,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Calculates the optimal order to travel between a set of waypoints to minimize either the travel time or the distance travelled during the journey, based on road network restrictions and the traffic pattern data.

    " + "documentation":"

    OptimizeWaypoints calculates the optimal order to travel between a set of waypoints to minimize either the travel time or the distance travelled during the journey, based on road network restrictions and the traffic pattern data.

    " }, "SnapToRoads":{ "name":"SnapToRoads", @@ -96,7 +96,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    The SnapToRoads action matches GPS trace to roads most likely traveled on.

    " + "documentation":"

    SnapToRoads matches GPS trace to roads most likely traveled on.

    " } }, "shapes":{ @@ -126,10 +126,6 @@ "type":"list", "member":{"shape":"WaypointIndex"} }, - "Boolean":{ - "type":"boolean", - "box":true - }, "BoundingBox":{ "type":"list", "member":{"shape":"Double"}, @@ -143,7 +139,7 @@ "members":{ "Allow":{ "shape":"IsolineAllowOptions", - "documentation":"

    Features that are allowed while calculating. a route

    " + "documentation":"

    Features that are allowed while calculating an isoline.

    " }, "ArrivalTime":{ "shape":"TimestampWithTimezoneOffset", @@ -154,7 +150,7 @@ "documentation":"

    Features that are avoided while calculating a route. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, it violates the avoidance and the returned response produces a notice for the violation.

    " }, "DepartNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Uses the current time as the time of departure.

    " }, "DepartureTime":{ @@ -175,7 +171,7 @@ }, "IsolineGranularity":{ "shape":"IsolineGranularityOptions", - "documentation":"

    Defines the granularity of the returned Isoline

    " + "documentation":"

    Defines the granularity of the returned Isoline.

    " }, "Key":{ "shape":"ApiKey", @@ -201,7 +197,7 @@ }, "Thresholds":{ "shape":"IsolineThresholds", - "documentation":"

    Threshold to be used for the isoline calculation. Up to 3 thresholds per provided type can be requested.

    " + "documentation":"

    Threshold to be used for the isoline calculation. Up to 3 thresholds per provided type can be requested.

    You incur a calculation charge for each threshold. Using a large amount of thresholds in a request can lead you to incur unexpected charges. See Amazon Location's pricing page for more information.

    " }, "Traffic":{ "shape":"IsolineTrafficOptions", @@ -267,14 +263,14 @@ "members":{ "Allow":{ "shape":"RouteMatrixAllowOptions", - "documentation":"

    Features that are allowed while calculating. a route

    " + "documentation":"

    Features that are allowed while calculating a route.

    " }, "Avoid":{ "shape":"RouteMatrixAvoidanceOptions", "documentation":"

    Features that are avoided while calculating a route. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, it violates the avoidance and the returned response produces a notice for the violation.

    " }, "DepartNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Uses the current time as the time of departure.

    " }, "DepartureTime":{ @@ -283,7 +279,7 @@ }, "Destinations":{ "shape":"CalculateRouteMatrixRequestDestinationsList", - "documentation":"

    List of destinations for the route.

    " + "documentation":"

    List of destinations for the route.

    Route calculations are billed for each origin and destination pair. If you use a large matrix of origins and destinations, your costs will increase accordingly. See Amazon Location's pricing page for more information.

    " }, "Exclude":{ "shape":"RouteMatrixExclusionOptions", @@ -301,7 +297,7 @@ }, "Origins":{ "shape":"CalculateRouteMatrixRequestOriginsList", - "documentation":"

    The position in longitude and latitude for the origin.

    " + "documentation":"

    The position in longitude and latitude for the origin.

    Route calculations are billed for each origin and destination pair. Using a large amount of Origins in a request can lead you to incur unexpected charges. See Amazon Location's pricing page for more information.

    " }, "RoutingBoundary":{ "shape":"RouteMatrixBoundary", @@ -374,7 +370,7 @@ "members":{ "Allow":{ "shape":"RouteAllowOptions", - "documentation":"

    Features that are allowed while calculating. a route

    " + "documentation":"

    Features that are allowed while calculating a route.

    " }, "ArrivalTime":{ "shape":"TimestampWithTimezoneOffset", @@ -385,7 +381,7 @@ "documentation":"

    Features that are avoided while calculating a route. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, it violates the avoidance and the returned response produces a notice for the violation.

    " }, "DepartNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Uses the current time as the time of departure.

    " }, "DepartureTime":{ @@ -468,7 +464,7 @@ }, "TravelStepType":{ "shape":"RouteTravelStepType", - "documentation":"

    Type of step returned by the response. Default provides basic steps intended for web based applications. TurnByTurn provides detailed instructions with more granularity intended for a turn based naviagtion system.

    " + "documentation":"

    Type of step returned by the response. Default provides basic steps intended for web based applications. TurnByTurn provides detailed instructions with more granularity intended for a turn based navigation system.

    " }, "Waypoints":{ "shape":"RouteWaypointList", @@ -529,13 +525,18 @@ "documentation":"

    Center of the Circle defined in longitude and latitude coordinates.

    Example: [-123.1174, 49.2847] represents the position with longitude -123.1174 and latitude 49.2847.

    " }, "Radius":{ - "shape":"Double", + "shape":"SensitiveDouble", "documentation":"

    Radius of the Circle.

    Unit: meters

    " } }, "documentation":"

    Geometry defined as a circle. When request routing boundary was set as AutoCircle, the response routing boundary will return Circle derived from the AutoCircle settings.

    ", "sensitive":true }, + "ClusterIndex":{ + "type":"integer", + "box":true, + "min":0 + }, "Corridor":{ "type":"structure", "required":[ @@ -559,13 +560,15 @@ "type":"string", "max":3, "min":2, - "pattern":"([A-Z]{2}|[A-Z]{3})" + "pattern":"([A-Z]{2}|[A-Z]{3})", + "sensitive":true }, "CountryCode3":{ "type":"string", "max":3, "min":3, - "pattern":"[A-Z]{3}" + "pattern":"[A-Z]{3}", + "sensitive":true }, "CountryCodeList":{ "type":"list", @@ -589,17 +592,20 @@ "Friday", "Saturday", "Sunday" - ] + ], + "sensitive":true }, "DimensionCentimeters":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "DistanceMeters":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "DistanceThresholdList":{ "type":"list", @@ -610,7 +616,8 @@ "DistanceThresholdListMemberLong":{ "type":"long", "max":300000, - "min":0 + "min":0, + "sensitive":true }, "Double":{ "type":"double", @@ -619,7 +626,8 @@ "DurationSeconds":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "GeometryFormat":{ "type":"string", @@ -631,7 +639,8 @@ "Heading":{ "type":"double", "max":360.0, - "min":0.0 + "min":0.0, + "sensitive":true }, "IndexList":{ "type":"list", @@ -686,15 +695,15 @@ "type":"structure", "members":{ "Hot":{ - "shape":"Boolean", - "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating an isoline.

    Default value: false

    " }, "Hov":{ - "shape":"Boolean", - "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating an isoline.

    Default value: false

    " } }, - "documentation":"

    Features that are allowed while calculating. a route

    " + "documentation":"

    Features that are allowed while calculating an isoline.

    " }, "IsolineAvoidanceArea":{ "type":"structure", @@ -702,7 +711,7 @@ "members":{ "Except":{ "shape":"IsolineAvoidanceAreaGeometryList", - "documentation":"

    Exceptions to the provided avoidance geometry, to be included while calculating the route.

    " + "documentation":"

    Exceptions to the provided avoidance geometry, to be included while calculating an isoline.

    " }, "Geometry":{ "shape":"IsolineAvoidanceAreaGeometry", @@ -735,7 +744,7 @@ "documentation":"

    A list of PolylinePolygon's that are excluded for calculating isolines, the list can only contain 1 polygon. For more information on polyline encoding, see https://github.com/heremaps/flexiblepolyline/blob/master/README.md.

    " } }, - "documentation":"

    The avoidance geometry, to be included while calculating the route.

    " + "documentation":"

    The avoidance geometry, to be included while calculating an isoline.

    " }, "IsolineAvoidanceAreaGeometryList":{ "type":"list", @@ -765,31 +774,31 @@ "documentation":"

    Areas to be avoided.

    " }, "CarShuttleTrains":{ - "shape":"Boolean", - "documentation":"

    Avoid car-shuttle-trains while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid car-shuttle-trains while calculating an isoline.

    " }, "ControlledAccessHighways":{ - "shape":"Boolean", - "documentation":"

    Avoid controlled access highways while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid controlled access highways while calculating an isoline.

    " }, "DirtRoads":{ - "shape":"Boolean", - "documentation":"

    Avoid dirt roads while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid dirt roads while calculating an isoline.

    " }, "Ferries":{ - "shape":"Boolean", - "documentation":"

    Avoid ferries while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid ferries while calculating an isoline.

    " }, "SeasonalClosure":{ - "shape":"Boolean", - "documentation":"

    Avoid roads that have seasonal closure while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid roads that have seasonal closure while calculating an isoline.

    " }, "TollRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TollTransponders":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TruckRoadTypes":{ @@ -797,11 +806,11 @@ "documentation":"

    Truck road type identifiers. BK1 through BK4 apply only to Sweden. A2,A4,B2,B4,C,D,ET2,ET4 apply only to Mexico.

    There are currently no other supported values as of 26th April 2024.

    " }, "Tunnels":{ - "shape":"Boolean", - "documentation":"

    Avoid tunnels while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Avoid tunnels while calculating an isoline.

    " }, "UTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "ZoneCategories":{ @@ -809,7 +818,7 @@ "documentation":"

    Zone categories to be avoided.

    " } }, - "documentation":"

    Features that are avoided while calculating a route. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, it violates the avoidance and the returned response produces a notice for the violation.

    " + "documentation":"

    Features that are avoided while calculating isolines. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, it violates the avoidance and the returned response produces a notice for the violation.

    " }, "IsolineAvoidanceZoneCategory":{ "type":"structure", @@ -848,17 +857,19 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Options for vehicles.

    " + "documentation":"

    Travel mode options when the provided travel mode is Car.

    " }, "IsolineCarOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "IsolineCarOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "IsolineConnection":{ "type":"structure", @@ -900,7 +911,7 @@ "documentation":"

    An ordered list of positions used to plot a route on a map in a lossy compression format.

    LineString and Polyline are mutually exclusive properties.

    " } }, - "documentation":"

    Geometry of the connection between different Isoline components.

    " + "documentation":"

    Geometry of the connection between different isoline components.

    " }, "IsolineConnectionList":{ "type":"list", @@ -939,7 +950,8 @@ "Electric", "InternalCombustion", "PluginHybrid" - ] + ], + "sensitive":true }, "IsolineGranularityOptions":{ "type":"structure", @@ -950,7 +962,7 @@ }, "MaxResolution":{ "shape":"DistanceMeters", - "documentation":"

    Maximum resolution of the returned isoline.

    Unit: centimeters

    " + "documentation":"

    Maximum resolution of the returned isoline.

    Unit: meters

    " } }, "documentation":"

    Isoline granularity related options.

    " @@ -974,7 +986,8 @@ "Poison", "PoisonousInhalation", "Radioactive" - ] + ], + "sensitive":true }, "IsolineHazardousCargoTypeList":{ "type":"list", @@ -1038,7 +1051,7 @@ "documentation":"

    Options to configure matching the provided position to a side of the street.

    " } }, - "documentation":"

    Options for the property.

    " + "documentation":"

    Origin related options.

    " }, "IsolineScooterOptions":{ "type":"structure", @@ -1061,17 +1074,19 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Options for the property.

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    " }, "IsolineScooterOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "IsolineScooterOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "IsolineShapeGeometry":{ "type":"structure", @@ -1118,7 +1133,7 @@ "documentation":"

    Time to be used for the isoline calculation.

    " } }, - "documentation":"

    Threshold to be used for the isoline calculation. Up to 3 thresholds per provided type can be requested.

    " + "documentation":"

    Threshold to be used for the isoline calculation. Up to 5 thresholds per provided type can be requested.

    " }, "IsolineTrafficOptions":{ "type":"structure", @@ -1151,13 +1166,15 @@ "IsolineTrailerOptionsAxleCountInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "IsolineTrailerOptionsTrailerCountInteger":{ "type":"integer", "box":true, "max":255, - "min":1 + "min":1, + "sensitive":true }, "IsolineTravelMode":{ "type":"string", @@ -1177,7 +1194,7 @@ }, "Scooter":{ "shape":"IsolineScooterOptions", - "documentation":"

    Travel mode options when the provided travel mode is \"Scooter\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    When travel mode is set to Scooter, then the avoidance option ControlledAccessHighways defaults to true.

    " }, "Truck":{ "shape":"IsolineTruckOptions", @@ -1273,43 +1290,51 @@ "type":"integer", "box":true, "max":255, - "min":2 + "min":2, + "sensitive":true }, "IsolineTruckOptionsHeightAboveFirstAxleLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "IsolineTruckOptionsHeightLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "IsolineTruckOptionsLengthLong":{ "type":"long", "max":30000, - "min":0 + "min":0, + "sensitive":true }, "IsolineTruckOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "IsolineTruckOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "IsolineTruckOptionsTireCountInteger":{ "type":"integer", "box":true, "max":255, - "min":1 + "min":1, + "sensitive":true }, "IsolineTruckOptionsWidthLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "IsolineTruckType":{ "type":"string", @@ -1327,7 +1352,8 @@ "documentation":"

    The last character of the License Plate.

    " } }, - "documentation":"

    The vehicle license plate.

    " + "documentation":"

    The vehicle license plate.

    ", + "sensitive":true }, "IsolineVehicleLicensePlateLastCharacterString":{ "type":"string", @@ -1371,7 +1397,7 @@ "documentation":"

    A list of BCP 47 compliant language codes for the results to be rendered in. The request uses the regional default as the fallback if the requested language can't be provided.

    " }, "Value":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The value of the localized string.

    " } }, @@ -1401,7 +1427,11 @@ "members":{ "Avoid":{ "shape":"WaypointOptimizationAvoidanceOptions", - "documentation":"

    Features that are avoided while calculating a route. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, this setting is ignored.

    " + "documentation":"

    Features that are avoided. Avoidance is on a best-case basis. If an avoidance can't be satisfied for a particular case, this setting is ignored.

    " + }, + "Clustering":{ + "shape":"WaypointOptimizationClusteringOptions", + "documentation":"

    Clustering allows you to specify how nearby waypoints can be clustered to improve the optimized sequence.

    " }, "DepartureTime":{ "shape":"TimestampWithTimezoneOffset", @@ -1565,7 +1595,8 @@ "Poison", "PoisonousInhalation", "Radioactive" - ] + ], + "sensitive":true }, "RoadSnapHazardousCargoTypeList":{ "type":"list", @@ -1586,7 +1617,7 @@ "documentation":"

    Code corresponding to the issue.

    " }, "Title":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The notice title.

    " }, "TracePointIndexes":{ @@ -1606,7 +1637,8 @@ "TracePointsOutOfSequence", "TracePointsSpeedEstimated", "TracePointsSpeedIgnored" - ] + ], + "sensitive":true }, "RoadSnapNoticeList":{ "type":"list", @@ -1653,7 +1685,8 @@ "type":"double", "box":true, "max":1, - "min":0 + "min":0, + "sensitive":true }, "RoadSnapSnappedTracePointList":{ "type":"list", @@ -1686,7 +1719,8 @@ "type":"list", "member":{"shape":"Integer"}, "max":1000, - "min":1 + "min":1, + "sensitive":true }, "RoadSnapTrailerOptions":{ "type":"structure", @@ -1702,7 +1736,8 @@ "type":"integer", "box":true, "max":255, - "min":0 + "min":0, + "sensitive":true }, "RoadSnapTravelMode":{ "type":"string", @@ -1760,17 +1795,20 @@ "RoadSnapTruckOptionsHeightLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RoadSnapTruckOptionsLengthLong":{ "type":"long", "max":30000, - "min":0 + "min":0, + "sensitive":true }, "RoadSnapTruckOptionsWidthLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RoundaboutAngle":{ "type":"double", @@ -1803,15 +1841,15 @@ "type":"structure", "members":{ "Hot":{ - "shape":"Boolean", - "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating the route.

    Default value: false

    " }, "Hov":{ - "shape":"Boolean", - "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating the route.

    Default value: false

    " } }, - "documentation":"

    Features that are allowed while calculating. a route

    " + "documentation":"

    Features that are allowed while calculating a route.

    " }, "RouteAvoidanceArea":{ "type":"structure", @@ -1879,31 +1917,31 @@ "documentation":"

    Areas to be avoided.

    " }, "CarShuttleTrains":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid car-shuttle-trains while calculating the route.

    " }, "ControlledAccessHighways":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid controlled access highways while calculating the route.

    " }, "DirtRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid dirt roads while calculating the route.

    " }, "Ferries":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid ferries while calculating the route.

    " }, "SeasonalClosure":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid roads that have seasonal closure while calculating the route.

    " }, "TollRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TollTransponders":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TruckRoadTypes":{ @@ -1911,11 +1949,11 @@ "documentation":"

    Truck road type identifiers. BK1 through BK4 apply only to Sweden. A2,A4,B2,B4,C,D,ET2,ET4 apply only to Mexico.

    There are currently no other supported values as of 26th April 2024.

    " }, "Tunnels":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid tunnels while calculating the route.

    " }, "UTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "ZoneCategories":{ @@ -1923,7 +1961,7 @@ "documentation":"

    Zone categories to be avoided.

    " } }, - "documentation":"

    Options related to areas to be avoided.

    " + "documentation":"

    Specifies options for areas to avoid when calculating the route. This is a best-effort avoidance setting, meaning the router will try to honor the avoidance preferences but may still include restricted areas if no feasible alternative route exists. If avoidance options are not followed, the response will indicate that the avoidance criteria were violated.

    " }, "RouteAvoidanceZoneCategory":{ "type":"structure", @@ -1963,17 +2001,19 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Travel mode options when the provided travel mode is \"Car\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Car.

    " }, "RouteCarOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteCarOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteContinueHighwayStepDetails":{ "type":"structure", @@ -2017,7 +2057,7 @@ "documentation":"

    Avoids actions for the provided distance. This is typically to consider for users in moving vehicles who may not have sufficient time to make an action at an origin or a destination.

    " }, "AvoidUTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "Heading":{ @@ -2041,7 +2081,8 @@ }, "RouteDestinationOptionsAvoidActionsForDistanceLong":{ "type":"long", - "max":2000 + "max":2000, + "sensitive":true }, "RouteDirection":{ "type":"string", @@ -2050,7 +2091,8 @@ "North", "South", "West" - ] + ], + "sensitive":true }, "RouteDriverOptions":{ "type":"structure", @@ -2089,11 +2131,11 @@ "required":["Type"], "members":{ "Co2EmissionClass":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The CO 2 emission classes.

    " }, "Type":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Type of the emission.

    Valid values: Euro1, Euro2, Euro3, Euro4, Euro5, Euro6, EuroEev

    " } }, @@ -2105,7 +2147,8 @@ "Electric", "InternalCombustion", "PluginHybrid" - ] + ], + "sensitive":true }, "RouteEnterHighwayStepDetails":{ "type":"structure", @@ -2139,7 +2182,7 @@ "documentation":"

    List of countries to be avoided defined by two-letter or three-letter country codes.

    " } }, - "documentation":"

    Exclusion options for the route.

    " + "documentation":"

    Specifies strict exclusion options for the route calculation. This setting mandates that the router will avoid any routes that include the specified options, rather than merely attempting to minimize them.

    " }, "RouteExitStepDetails":{ "type":"structure", @@ -2172,7 +2215,8 @@ "type":"integer", "box":true, "max":12, - "min":1 + "min":1, + "sensitive":true }, "RouteFerryAfterTravelStep":{ "type":"structure", @@ -2186,7 +2230,7 @@ "documentation":"

    Duration of the step.

    Unit: seconds

    " }, "Instruction":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief description of the step in the requested language.

    Only available when the TravelStepType is Default.

    " }, "Type":{ @@ -2202,7 +2246,8 @@ }, "RouteFerryAfterTravelStepType":{ "type":"string", - "enum":["Deboard"] + "enum":["Deboard"], + "sensitive":true }, "RouteFerryArrival":{ "type":"structure", @@ -2231,7 +2276,7 @@ "documentation":"

    Duration of the step.

    Unit: seconds

    " }, "Instruction":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief description of the step in the requested language.

    Only available when the TravelStepType is Default.

    " }, "Type":{ @@ -2247,7 +2292,8 @@ }, "RouteFerryBeforeTravelStepType":{ "type":"string", - "enum":["Board"] + "enum":["Board"], + "sensitive":true }, "RouteFerryDeparture":{ "type":"structure", @@ -2302,7 +2348,7 @@ "documentation":"

    Waypoints that were passed through during the leg. This includes the waypoints that were configured with the PassThrough option.

    " }, "RouteName":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Route name of the ferry line.

    " }, "Spans":{ @@ -2342,7 +2388,9 @@ "NoSchedule", "Other", "ViolatedAvoidFerry", - "ViolatedAvoidRailFerry" + "ViolatedAvoidRailFerry", + "SeasonalClosure", + "PotentialViolatedVehicleRestrictionUsage" ] }, "RouteFerryNoticeList":{ @@ -2372,7 +2420,7 @@ "required":["Position"], "members":{ "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the place.

    " }, "OriginalPosition":{ @@ -2393,7 +2441,8 @@ "RouteFerryPlaceWaypointIndexInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteFerrySpan":{ "type":"structure", @@ -2404,7 +2453,7 @@ }, "Distance":{ "shape":"DistanceMeters", - "documentation":"

    Distance of the computed span. This feature doesn't split a span, but is always computed on a span split by other properties.

    " + "documentation":"

    Distance of the computed span. This feature doesn't split a span, but is always computed on a span split by other properties.

    Unit: meters

    " }, "Duration":{ "shape":"DurationSeconds", @@ -2437,7 +2486,8 @@ "RouteFerrySpanRegionString":{ "type":"string", "max":3, - "min":0 + "min":0, + "sensitive":true }, "RouteFerrySummary":{ "type":"structure", @@ -2484,7 +2534,7 @@ "documentation":"

    Offset in the leg geometry corresponding to the start of this step.

    " }, "Instruction":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief description of the step in the requested language.

    Only available when the TravelStepType is Default.

    " }, "Type":{ @@ -2509,7 +2559,8 @@ "Depart", "Continue", "Arrive" - ] + ], + "sensitive":true }, "RouteHazardousCargoType":{ "type":"string", @@ -2525,7 +2576,8 @@ "Poison", "PoisonousInhalation", "Radioactive" - ] + ], + "sensitive":true }, "RouteHazardousCargoTypeList":{ "type":"list", @@ -2607,7 +2659,8 @@ "TruckRoadTypes", "TypicalDuration", "Zones" - ] + ], + "sensitive":true }, "RouteLegAdditionalFeatureList":{ "type":"list", @@ -2640,8 +2693,10 @@ "Ferry", "Pedestrian", "Scooter", - "Truck" - ] + "Truck", + "CarShuttleTrain" + ], + "sensitive":true }, "RouteLegType":{ "type":"string", @@ -2649,7 +2704,8 @@ "Ferry", "Pedestrian", "Vehicle" - ] + ], + "sensitive":true }, "RouteList":{ "type":"list", @@ -2711,15 +2767,16 @@ "type":"structure", "members":{ "Hot":{ - "shape":"Boolean", - "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hot (High Occupancy Toll) lanes while calculating the route.

    Default value: false

    " }, "Hov":{ - "shape":"Boolean", - "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating the route.

    " + "shape":"SensitiveBoolean", + "documentation":"

    Allow Hov (High Occupancy vehicle) lanes while calculating the route.

    Default value: false

    " } }, - "documentation":"

    Allow Options related to the route matrix.

    " + "documentation":"

    Allow Options related to the route matrix.

    ", + "sensitive":true }, "RouteMatrixAutoCircle":{ "type":"structure", @@ -2738,12 +2795,14 @@ "RouteMatrixAutoCircleMarginLong":{ "type":"long", "max":200000, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixAutoCircleMaxRadiusLong":{ "type":"long", "max":200000, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixAvoidanceArea":{ "type":"structure", @@ -2794,27 +2853,27 @@ "documentation":"

    Areas to be avoided.

    " }, "CarShuttleTrains":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid car-shuttle-trains while calculating the route.

    " }, "ControlledAccessHighways":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid controlled access highways while calculating the route.

    " }, "DirtRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid dirt roads while calculating the route.

    " }, "Ferries":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid ferries while calculating the route.

    " }, "TollRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TollTransponders":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "TruckRoadTypes":{ @@ -2822,11 +2881,11 @@ "documentation":"

    Truck road type identifiers. BK1 through BK4 apply only to Sweden. A2,A4,B2,B4,C,D,ET2,ET4 apply only to Mexico.

    There are currently no other supported values as of 26th April 2024.

    " }, "Tunnels":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid tunnels while calculating the route.

    " }, "UTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "ZoneCategories":{ @@ -2834,7 +2893,7 @@ "documentation":"

    Zone categories to be avoided.

    " } }, - "documentation":"

    Options related to the route matrix.

    " + "documentation":"

    Specifies options for areas to avoid when calculating the route. This is a best-effort avoidance setting, meaning the router will try to honor the avoidance preferences but may still include restricted areas if no feasible alternative route exists. If avoidance options are not followed, the response will indicate that the avoidance criteria were violated.

    " }, "RouteMatrixAvoidanceOptionsAreasList":{ "type":"list", @@ -2866,7 +2925,7 @@ "documentation":"

    Geometry of the area to be avoided.

    " }, "Unbounded":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    No restrictions in terms of a routing boundary, and is typically used for longer routes.

    " } }, @@ -2917,17 +2976,19 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Options related to the car.

    " + "documentation":"

    Travel mode options when the provided travel mode is Car.

    " }, "RouteMatrixCarOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteMatrixCarOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteMatrixDestination":{ "type":"structure", @@ -2968,7 +3029,8 @@ }, "RouteMatrixDestinationOptionsAvoidActionsForDistanceLong":{ "type":"long", - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixEntry":{ "type":"structure", @@ -3015,7 +3077,7 @@ "documentation":"

    List of countries to be avoided defined by two-letter or three-letter country codes.

    " } }, - "documentation":"

    Exclusion options.

    " + "documentation":"

    Specifies strict exclusion options for the route calculation. This setting mandates that the router will avoid any routes that include the specified options, rather than merely attempting to minimize them.

    " }, "RouteMatrixHazardousCargoType":{ "type":"string", @@ -3031,7 +3093,8 @@ "Poison", "PoisonousInhalation", "Radioactive" - ] + ], + "sensitive":true }, "RouteMatrixHazardousCargoTypeList":{ "type":"list", @@ -3063,7 +3126,8 @@ }, "RouteMatrixMatchingOptionsOnRoadThresholdLong":{ "type":"long", - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixOrigin":{ "type":"structure", @@ -3104,7 +3168,8 @@ }, "RouteMatrixOriginOptionsAvoidActionsForDistanceLong":{ "type":"long", - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixRow":{ "type":"list", @@ -3127,17 +3192,19 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Travel mode options when the provided travel mode is \"Scooter\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    " }, "RouteMatrixScooterOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteMatrixScooterOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteMatrixSideOfStreetOptions":{ "type":"structure", @@ -3182,7 +3249,8 @@ "type":"integer", "box":true, "max":255, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixTravelMode":{ "type":"string", @@ -3202,7 +3270,7 @@ }, "Scooter":{ "shape":"RouteMatrixScooterOptions", - "documentation":"

    Travel mode options when the provided travel mode is \"Scooter\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    When travel mode is set to Scooter, then the avoidance option ControlledAccessHighways defaults to true.

    " }, "Truck":{ "shape":"RouteMatrixTruckOptions", @@ -3286,32 +3354,38 @@ "type":"integer", "box":true, "max":255, - "min":2 + "min":2, + "sensitive":true }, "RouteMatrixTruckOptionsHeightLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixTruckOptionsLengthLong":{ "type":"long", "max":30000, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixTruckOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteMatrixTruckOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteMatrixTruckOptionsWidthLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixTruckType":{ "type":"string", @@ -3319,7 +3393,8 @@ "LightTruck", "StraightTruck", "Tractor" - ] + ], + "sensitive":true }, "RouteMatrixVehicleLicensePlate":{ "type":"structure", @@ -3329,7 +3404,8 @@ "documentation":"

    The last character of the License Plate.

    " } }, - "documentation":"

    The vehicle License Plate.

    " + "documentation":"

    The vehicle License Plate.

    ", + "sensitive":true }, "RouteMatrixVehicleLicensePlateLastCharacterString":{ "type":"string", @@ -3342,7 +3418,8 @@ "CongestionPricing", "Environmental", "Vignette" - ] + ], + "sensitive":true }, "RouteNoticeDetailRange":{ "type":"structure", @@ -3388,7 +3465,7 @@ "documentation":"

    List of languages for instructions corresponding to the route number.

    " }, "Value":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The route number.

    " } }, @@ -3406,7 +3483,7 @@ "documentation":"

    Avoids actions for the provided distance. This is typically to consider for users in moving vehicles who may not have sufficient time to make an action at an origin or a destination.

    " }, "AvoidUTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "Heading":{ @@ -3426,7 +3503,8 @@ }, "RouteOriginOptionsAvoidActionsForDistanceLong":{ "type":"long", - "max":2000 + "max":2000, + "sensitive":true }, "RoutePassThroughPlace":{ "type":"structure", @@ -3450,7 +3528,8 @@ "RoutePassThroughPlaceWaypointIndexInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RoutePassThroughWaypoint":{ "type":"structure", @@ -3591,7 +3670,8 @@ "RoutePedestrianOptionsSpeedDouble":{ "type":"double", "max":7.2, - "min":1.8 + "min":1.8, + "sensitive":true }, "RoutePedestrianOverviewSummary":{ "type":"structure", @@ -3616,7 +3696,7 @@ "required":["Position"], "members":{ "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the place.

    " }, "OriginalPosition":{ @@ -3641,7 +3721,8 @@ "RoutePedestrianPlaceWaypointIndexInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RoutePedestrianSpan":{ "type":"structure", @@ -3713,7 +3794,8 @@ "type":"integer", "box":true, "max":5, - "min":1 + "min":1, + "sensitive":true }, "RoutePedestrianSpanGeometryOffsetInteger":{ "type":"integer", @@ -3727,7 +3809,8 @@ "RoutePedestrianSpanRegionString":{ "type":"string", "max":3, - "min":0 + "min":0, + "sensitive":true }, "RoutePedestrianSummary":{ "type":"structure", @@ -3786,7 +3869,7 @@ "documentation":"

    Offset in the leg geometry corresponding to the start of this step.

    " }, "Instruction":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief description of the step in the requested language.

    Only available when the TravelStepType is Default.

    " }, "KeepStepDetails":{ @@ -3847,7 +3930,8 @@ "Exit", "Ramp", "UTurn" - ] + ], + "sensitive":true }, "RouteRampStepDetails":{ "type":"structure", @@ -3932,7 +4016,8 @@ "Highway", "Rural", "Urban" - ] + ], + "sensitive":true }, "RouteRoundaboutEnterStepDetails":{ "type":"structure", @@ -3984,7 +4069,8 @@ "type":"integer", "box":true, "max":12, - "min":1 + "min":1, + "sensitive":true }, "RouteRoundaboutPassStepDetails":{ "type":"structure", @@ -4030,24 +4116,27 @@ "documentation":"

    The number of occupants in the vehicle.

    Default Value: 1

    " } }, - "documentation":"

    Travel mode options when the provided travel mode is \"Scooter\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    " }, "RouteScooterOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteScooterOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteSideOfStreet":{ "type":"string", "enum":[ "Left", "Right" - ] + ], + "sensitive":true }, "RouteSideOfStreetOptions":{ "type":"structure", @@ -4134,7 +4223,8 @@ "Allowed", "NoThroughTraffic", "TollRoad" - ] + ], + "sensitive":true }, "RouteSpanCarAccessAttributeList":{ "type":"list", @@ -4166,7 +4256,8 @@ "Emergency", "KeyAccess", "PermissionRequired" - ] + ], + "sensitive":true }, "RouteSpanPedestrianAccessAttribute":{ "type":"string", @@ -4177,7 +4268,8 @@ "Park", "Stairs", "TollRoad" - ] + ], + "sensitive":true }, "RouteSpanPedestrianAccessAttributeList":{ "type":"list", @@ -4190,7 +4282,8 @@ "enum":[ "Protected", "Unprotected" - ] + ], + "sensitive":true }, "RouteSpanRoadAttribute":{ "type":"string", @@ -4207,7 +4300,8 @@ "Roundabout", "Tunnel", "UnderConstruction" - ] + ], + "sensitive":true }, "RouteSpanRoadAttributeList":{ "type":"list", @@ -4221,7 +4315,8 @@ "Allowed", "NoThroughTraffic", "TollRoad" - ] + ], + "sensitive":true }, "RouteSpanScooterAccessAttributeList":{ "type":"list", @@ -4237,7 +4332,7 @@ "documentation":"

    Maximum speed.

    Unit: KilometersPerHour

    " }, "Unlimited":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the span doesn't have a speed limit like the Autobahn.

    " } }, @@ -4249,7 +4344,8 @@ "Allowed", "NoThroughTraffic", "TollRoad" - ] + ], + "sensitive":true }, "RouteSpanTruckAccessAttributeList":{ "type":"list", @@ -4263,7 +4359,8 @@ "Left", "Right", "Straight" - ] + ], + "sensitive":true }, "RouteSummary":{ "type":"structure", @@ -4318,11 +4415,11 @@ "type":"structure", "members":{ "AllTransponders":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Specifies if the user has valid transponder with access to all toll systems. This impacts toll calculation, and if true the price with transponders is used.

    " }, "AllVignettes":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Specifies if the user has valid vignettes with access for all toll roads. If a user has a vignette for a toll road, then toll cost for that road is omitted since no further payment is necessary.

    " }, "Currency":{ @@ -4344,11 +4441,11 @@ "type":"structure", "members":{ "IncludesReturnTrip":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the pass includes the rate for the return leg of the trip.

    " }, "SeniorPass":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the pass is only valid for senior persons.

    " }, "TransferCount":{ @@ -4369,12 +4466,14 @@ "RouteTollPassTransferCountInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteTollPassTripCountInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteTollPassValidityPeriod":{ "type":"structure", @@ -4394,7 +4493,8 @@ "RouteTollPassValidityPeriodPeriodCountInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteTollPassValidityPeriodType":{ "type":"string", @@ -4404,7 +4504,8 @@ "ExtendedAnnual", "Minutes", "Months" - ] + ], + "sensitive":true }, "RouteTollPaymentMethod":{ "type":"string", @@ -4417,7 +4518,8 @@ "TravelCard", "Transponder", "VideoToll" - ] + ], + "sensitive":true }, "RouteTollPaymentMethodList":{ "type":"list", @@ -4458,7 +4560,7 @@ "documentation":"

    Currency code corresponding to the price. This is the same as Currency specified in the request.

    " }, "Estimate":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the price is an estimate or an exact value.

    " }, "PerDuration":{ @@ -4466,7 +4568,7 @@ "documentation":"

    Duration for which the price corresponds to.

    Unit: seconds

    " }, "Range":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the price is a range or an exact value. If any of the toll fares making up the route is a range, the overall price is also a range.

    " }, "RangeValue":{ @@ -4494,11 +4596,11 @@ "documentation":"

    Currency code corresponding to the price. This is the same as Currency specified in the request.

    " }, "Estimate":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the price is an estimate or an exact value.

    " }, "Range":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the price is a range or an exact value. If any of the toll fares making up the route is a range, the overall price is also a range.

    " }, "RangeValue":{ @@ -4515,12 +4617,14 @@ "RouteTollPriceSummaryValueDouble":{ "type":"double", "box":true, - "min":0.0 + "min":0.0, + "sensitive":true }, "RouteTollPriceValueDouble":{ "type":"double", "box":true, - "min":0.0 + "min":0.0, + "sensitive":true }, "RouteTollPriceValueRange":{ "type":"structure", @@ -4543,12 +4647,14 @@ "RouteTollPriceValueRangeMaxDouble":{ "type":"double", "box":true, - "min":0.0 + "min":0.0, + "sensitive":true }, "RouteTollPriceValueRangeMinDouble":{ "type":"double", "box":true, - "min":0.0 + "min":0.0, + "sensitive":true }, "RouteTollRate":{ "type":"structure", @@ -4561,7 +4667,7 @@ ], "members":{ "ApplicableTimes":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Time when the rate is valid.

    " }, "ConvertedPrice":{ @@ -4569,7 +4675,7 @@ "documentation":"

    Price in the converted currency as specified in the request.

    " }, "Id":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The Toll rate Id.

    " }, "LocalPrice":{ @@ -4577,7 +4683,7 @@ "documentation":"

    Price in the local regional currency.

    " }, "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the toll.

    " }, "Pass":{ @@ -4613,7 +4719,7 @@ "type":"structure", "members":{ "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The toll system name.

    " } }, @@ -4625,7 +4731,8 @@ }, "RouteTollVehicleCategory":{ "type":"string", - "enum":["Minibus"] + "enum":["Minibus"], + "sensitive":true }, "RouteTrafficOptions":{ "type":"structure", @@ -4658,19 +4765,21 @@ "RouteTrailerOptionsAxleCountInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteTrailerOptionsTrailerCountInteger":{ "type":"integer", "box":true, "max":255, - "min":1 + "min":1, + "sensitive":true }, "RouteTransponder":{ "type":"structure", "members":{ "SystemName":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Names of the toll system collecting the toll.

    " } }, @@ -4702,7 +4811,7 @@ }, "Scooter":{ "shape":"RouteScooterOptions", - "documentation":"

    Travel mode options when the provided travel mode is \"Scooter\"

    " + "documentation":"

    Travel mode options when the provided travel mode is Scooter

    When travel mode is set to Scooter, then the avoidance option ControlledAccessHighways defaults to true.

    " }, "Truck":{ "shape":"RouteTruckOptions", @@ -4805,48 +4914,57 @@ "type":"integer", "box":true, "max":255, - "min":2 + "min":2, + "sensitive":true }, "RouteTruckOptionsHeightAboveFirstAxleLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RouteTruckOptionsHeightLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RouteTruckOptionsLengthLong":{ "type":"long", "max":30000, - "min":0 + "min":0, + "sensitive":true }, "RouteTruckOptionsMaxSpeedDouble":{ "type":"double", "max":252.0, - "min":3.6 + "min":3.6, + "sensitive":true }, "RouteTruckOptionsOccupancyInteger":{ "type":"integer", "box":true, - "min":1 + "min":1, + "sensitive":true }, "RouteTruckOptionsTireCountInteger":{ "type":"integer", "box":true, "max":255, - "min":1 + "min":1, + "sensitive":true }, "RouteTruckOptionsTunnelRestrictionCodeString":{ "type":"string", "max":20, - "min":0 + "min":0, + "sensitive":true }, "RouteTruckOptionsWidthLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "RouteTruckType":{ "type":"string", @@ -4854,7 +4972,8 @@ "LightTruck", "StraightTruck", "Tractor" - ] + ], + "sensitive":true }, "RouteTurnIntensity":{ "type":"string", @@ -4862,7 +4981,8 @@ "Sharp", "Slight", "Typical" - ] + ], + "sensitive":true }, "RouteTurnStepDetails":{ "type":"structure", @@ -4944,7 +5064,7 @@ "type":"structure", "members":{ "Description":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief readable description of the incident.

    " }, "EndTime":{ @@ -4977,7 +5097,8 @@ "High", "Medium", "Low" - ] + ], + "sensitive":true }, "RouteVehicleIncidentType":{ "type":"string", @@ -4993,7 +5114,8 @@ "RoadClosure", "RoadHazard", "Weather" - ] + ], + "sensitive":true }, "RouteVehicleLegDetails":{ "type":"structure", @@ -5075,7 +5197,8 @@ "RouteVehicleLicensePlateLastCharacterString":{ "type":"string", "max":1, - "min":1 + "min":1, + "sensitive":true }, "RouteVehicleNotice":{ "type":"structure", @@ -5135,7 +5258,7 @@ "type":"structure", "members":{ "Title":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The notice title.

    " }, "ViolatedConstraints":{ @@ -5184,7 +5307,7 @@ "required":["Position"], "members":{ "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the place.

    " }, "OriginalPosition":{ @@ -5209,7 +5332,8 @@ "RouteVehiclePlaceWaypointIndexInteger":{ "type":"integer", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteVehicleSpan":{ "type":"structure", @@ -5313,7 +5437,8 @@ "type":"integer", "box":true, "max":5, - "min":1 + "min":1, + "sensitive":true }, "RouteVehicleSpanGeometryOffsetInteger":{ "type":"integer", @@ -5327,7 +5452,8 @@ "RouteVehicleSpanRegionString":{ "type":"string", "max":3, - "min":0 + "min":0, + "sensitive":true }, "RouteVehicleSummary":{ "type":"structure", @@ -5406,7 +5532,7 @@ "documentation":"

    Offset in the leg geometry corresponding to the start of this step.

    " }, "Instruction":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Brief description of the step in the requested language.

    Only available when the TravelStepType is Default.

    " }, "KeepStepDetails":{ @@ -5477,14 +5603,15 @@ "RoundaboutPass", "Turn", "UTurn" - ] + ], + "sensitive":true }, "RouteViolatedConstraints":{ "type":"structure", "required":["HazardousCargos"], "members":{ "AllHazardsRestricted":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    This restriction applies to truck cargo, where the resulting route excludes roads on which hazardous materials are prohibited from being transported.

    " }, "AxleCount":{ @@ -5536,7 +5663,7 @@ "documentation":"

    Access radius restrictions based on time.

    " }, "TimeDependent":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    The time dependent constraint.

    " }, "TrailerCount":{ @@ -5544,7 +5671,7 @@ "documentation":"

    Number of trailers attached to the vehicle.

    Default Value: 0

    " }, "TravelMode":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Travel mode corresponding to the leg.

    " }, "TruckRoadType":{ @@ -5571,7 +5698,7 @@ "documentation":"

    Avoids actions for the provided distance. This is typically to consider for users in moving vehicles who may not have sufficient time to make an action at an origin or a destination.

    " }, "AvoidUTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " }, "Heading":{ @@ -5583,7 +5710,7 @@ "documentation":"

    Options to configure matching the provided position to the road network.

    " }, "PassThrough":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    If the waypoint should not be treated as a stop. If yes, the waypoint is passed through and doesn't split the route into different legs.

    " }, "Position":{ @@ -5603,7 +5730,8 @@ }, "RouteWaypointAvoidActionsForDistanceLong":{ "type":"long", - "max":2000 + "max":2000, + "sensitive":true }, "RouteWaypointList":{ "type":"list", @@ -5643,7 +5771,7 @@ "documentation":"

    The zone category.

    " }, "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the zone.

    " } }, @@ -5655,7 +5783,8 @@ "CongestionPricing", "Environmental", "Vignette" - ] + ], + "sensitive":true }, "RouteZoneList":{ "type":"list", @@ -5668,6 +5797,16 @@ "ShortestRoute" ] }, + "SensitiveBoolean":{ + "type":"boolean", + "box":true, + "sensitive":true + }, + "SensitiveDouble":{ + "type":"double", + "box":true, + "sensitive":true + }, "SensitiveString":{ "type":"string", "sensitive":true @@ -5714,7 +5853,8 @@ "SnapToRoadsRequestSnapRadiusLong":{ "type":"long", "max":10000, - "min":0 + "min":0, + "sensitive":true }, "SnapToRoadsRequestTracePointsList":{ "type":"list", @@ -5757,7 +5897,8 @@ }, "SpeedKilometersPerHour":{ "type":"double", - "min":0.0 + "min":0.0, + "sensitive":true }, "String":{"type":"string"}, "ThrottlingException":{ @@ -5779,7 +5920,8 @@ }, "TimeOfDay":{ "type":"string", - "pattern":"([0-1]?[0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](Z|[+-]([0-1]?[0-9]|2[0-3]):[0-5][0-9])" + "pattern":"([0-1]?[0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](Z|[+-]([0-1]?[0-9]|2[0-3]):[0-5][0-9])", + "sensitive":true }, "TimeThresholdList":{ "type":"list", @@ -5790,11 +5932,13 @@ "TimeThresholdListMemberLong":{ "type":"long", "max":10800, - "min":0 + "min":0, + "sensitive":true }, "TimestampWithTimezoneOffset":{ "type":"string", - "pattern":"([1-2][0-9]{3})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]{0,9})?(Z|[+-]([01][0-9]|2[0-3]):[0-5][0-9])" + "pattern":"([1-2][0-9]{3})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\\.[0-9]{0,9})?(Z|[+-]([01][0-9]|2[0-3]):[0-5][0-9])", + "sensitive":true }, "TrafficUsage":{ "type":"string", @@ -5806,7 +5950,8 @@ "TruckRoadType":{ "type":"string", "max":3, - "min":1 + "min":1, + "sensitive":true }, "TruckRoadTypeList":{ "type":"list", @@ -5817,7 +5962,8 @@ "TunnelRestrictionCode":{ "type":"string", "max":1, - "min":1 + "min":1, + "sensitive":true }, "TurnAngle":{ "type":"double", @@ -5960,35 +6106,35 @@ "documentation":"

    Areas to be avoided.

    " }, "CarShuttleTrains":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoidance options for cars-shuttles-trains.

    " }, "ControlledAccessHighways":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid controlled access highways while calculating the route.

    " }, "DirtRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid dirt roads while calculating the route.

    " }, "Ferries":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoidance options for ferries.

    " }, "TollRoads":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids roads where the specified toll transponders are the only mode of payment.

    " }, "Tunnels":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid tunnels while calculating the route.

    " }, "UTurns":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoid U-turns for calculation on highways and motorways.

    " } }, - "documentation":"

    Options for WaypointOptimizationAvoidance.

    " + "documentation":"

    Specifies options for areas to avoid. This is a best-effort avoidance setting, meaning the router will try to honor the avoidance preferences but may still include restricted areas if no feasible alternative route exists. If avoidance options are not followed, the response will indicate that the avoidance criteria were violated.

    " }, "WaypointOptimizationAvoidanceOptionsAreasList":{ "type":"list", @@ -5996,6 +6142,29 @@ "max":20, "min":0 }, + "WaypointOptimizationClusteringAlgorithm":{ + "type":"string", + "enum":[ + "DrivingDistance", + "TopologySegment" + ], + "sensitive":true + }, + "WaypointOptimizationClusteringOptions":{ + "type":"structure", + "required":["Algorithm"], + "members":{ + "Algorithm":{ + "shape":"WaypointOptimizationClusteringAlgorithm", + "documentation":"

    The algorithm to be used. DrivingDistance assigns all the waypoints that are within driving distance of each other into a single cluster. TopologySegment assigns all the waypoints that are within the same topology segment into a single cluster. A Topology segment is a linear stretch of road between two junctions.

    " + }, + "DrivingDistanceOptions":{ + "shape":"WaypointOptimizationDrivingDistanceOptions", + "documentation":"

    Driving distance options to be used when the clustering algorithm is DrivingDistance.

    " + } + }, + "documentation":"

    Options for WaypointOptimizationClustering.

    " + }, "WaypointOptimizationConnection":{ "type":"structure", "required":[ @@ -6047,7 +6216,8 @@ "Heading", "ServiceDuration", "SideOfStreet" - ] + ], + "sensitive":true }, "WaypointOptimizationDestinationOptions":{ "type":"structure", @@ -6097,6 +6267,17 @@ }, "documentation":"

    Driver related options.

    " }, + "WaypointOptimizationDrivingDistanceOptions":{ + "type":"structure", + "required":["DrivingDistance"], + "members":{ + "DrivingDistance":{ + "shape":"DistanceMeters", + "documentation":"

    DrivingDistance assigns all the waypoints that are within driving distance of each other into a single cluster.

    " + } + }, + "documentation":"

    Driving distance related options.

    " + }, "WaypointOptimizationExclusionOptions":{ "type":"structure", "required":["Countries"], @@ -6106,7 +6287,7 @@ "documentation":"

    List of countries to be avoided defined by two-letter or three-letter country codes.

    " } }, - "documentation":"

    Exclusion options.

    " + "documentation":"

    Specifies strict exclusion options for the route calculation. This setting mandates that the router will avoid any routes that include the specified options, rather than merely attempting to minimize them.

    " }, "WaypointOptimizationFailedConstraint":{ "type":"structure", @@ -6116,7 +6297,7 @@ "documentation":"

    The failed constraint.

    " }, "Reason":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Reason for the failed constraint.

    " } }, @@ -6140,7 +6321,8 @@ "Poison", "PoisonousInhalation", "Radioactive" - ] + ], + "sensitive":true }, "WaypointOptimizationHazardousCargoTypeList":{ "type":"list", @@ -6185,6 +6367,10 @@ "shape":"TimestampWithTimezoneOffset", "documentation":"

    Estimated time of arrival at the destination.

    Time format:YYYY-MM-DDThh:mm:ss.sssZ | YYYY-MM-DDThh:mm:ss.sss+hh:mm

    Examples:

    2020-04-22T17:57:24Z

    2020-04-22T17:57:24+02:00

    " }, + "ClusterIndex":{ + "shape":"ClusterIndex", + "documentation":"

    Index of the cluster the waypoint is associated with. The index is included in the response only if clustering was performed while processing the request.

    " + }, "DepartureTime":{ "shape":"TimestampWithTimezoneOffset", "documentation":"

    Estimated time of departure from thr origin.

    Time format:YYYY-MM-DDThh:mm:ss.sssZ | YYYY-MM-DDThh:mm:ss.sss+hh:mm

    Examples:

    2020-04-22T17:57:24Z

    2020-04-22T17:57:24+02:00

    " @@ -6212,7 +6398,7 @@ "documentation":"

    The Origin Id.

    " } }, - "documentation":"

    Options related to the origin.

    " + "documentation":"

    Origin related options.

    " }, "WaypointOptimizationPedestrianOptions":{ "type":"structure", @@ -6228,7 +6414,8 @@ "WaypointOptimizationPedestrianOptionsSpeedDouble":{ "type":"double", "max":7.2, - "min":1.8 + "min":1.8, + "sensitive":true }, "WaypointOptimizationRestCycleDurations":{ "type":"structure", @@ -6280,7 +6467,8 @@ "WaypointOptimizationRestProfileProfileString":{ "type":"string", "max":2, - "min":2 + "min":2, + "sensitive":true }, "WaypointOptimizationSequencingObjective":{ "type":"string", @@ -6294,7 +6482,8 @@ "enum":[ "Rest", "Work" - ] + ], + "sensitive":true }, "WaypointOptimizationSideOfStreetOptions":{ "type":"structure", @@ -6363,7 +6552,8 @@ "type":"integer", "box":true, "max":255, - "min":0 + "min":0, + "sensitive":true }, "WaypointOptimizationTravelMode":{ "type":"string", @@ -6433,24 +6623,28 @@ "WaypointOptimizationTruckOptionsHeightLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "WaypointOptimizationTruckOptionsLengthLong":{ "type":"long", "max":30000, - "min":0 + "min":0, + "sensitive":true }, "WaypointOptimizationTruckOptionsWidthLong":{ "type":"long", "max":5000, - "min":0 + "min":0, + "sensitive":true }, "WaypointOptimizationTruckType":{ "type":"string", "enum":[ "StraightTruck", "Tractor" - ] + ], + "sensitive":true }, "WaypointOptimizationWaypoint":{ "type":"structure", @@ -6498,7 +6692,8 @@ "WeightKilograms":{ "type":"long", "max":4294967295, - "min":0 + "min":0, + "sensitive":true }, "WeightPerAxleGroup":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/glacier/2012-06-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/glacier/2012-06-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/glacier/2012-06-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/glacier/2012-06-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -58,318 +57,283 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { - "conditions": [], - "type": "tree", + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://glacier-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://glacier-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { "conditions": [ { "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, true ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] - } - ], - "endpoint": { - "url": "https://glacier.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" }, - { - "conditions": [], - "endpoint": { - "url": "https://glacier-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "aws-us-gov" ] } - ] + ], + "endpoint": { + "url": "https://glacier.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://glacier-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://glacier.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], - "type": "tree", + ], "rules": [ { "conditions": [], "endpoint": { - "url": "https://glacier.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://glacier.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://glacier.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" + ], + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/glacier/2012-06-01/service-2.json 2.31.35-1/awscli/botocore/data/glacier/2012-06-01/service-2.json --- 2.23.6-1/awscli/botocore/data/glacier/2012-06-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/glacier/2012-06-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,10 +5,12 @@ "checksumFormat":"sha256", "endpointPrefix":"glacier", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Glacier", "serviceId":"Glacier", "signatureVersion":"v4", - "uid":"glacier-2012-06-01" + "uid":"glacier-2012-06-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "AbortMultipartUpload":{ diff -pruN 2.23.6-1/awscli/botocore/data/globalaccelerator/2018-08-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/globalaccelerator/2018-08-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/globalaccelerator/2018-08-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/globalaccelerator/2018-08-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/globalaccelerator/2018-08-08/service-2.json 2.31.35-1/awscli/botocore/data/globalaccelerator/2018-08-08/service-2.json --- 2.23.6-1/awscli/botocore/data/globalaccelerator/2018-08-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/globalaccelerator/2018-08-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2595,8 +2595,7 @@ }, "ListCrossAccountResourceAccountsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ListCrossAccountResourceAccountsResponse":{ "type":"structure", @@ -3180,8 +3179,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3230,8 +3228,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAcceleratorAttributesRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/glue/2017-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/glue/2017-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/glue/2017-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/glue/2017-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/glue/2017-03-31/service-2.json 2.31.35-1/awscli/botocore/data/glue/2017-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/glue/2017-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/glue/2017-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -268,7 +268,7 @@ {"shape":"InternalServiceException"}, {"shape":"ResourceNumberLimitExceededException"} ], - "documentation":"

    Annotate datapoints over time for a specific data quality statistic.

    " + "documentation":"

    Annotate datapoints over time for a specific data quality statistic. The API requires both profileID and statisticID as part of the InclusionAnnotation input. The API only works for a single statisticId across multiple profiles.

    " }, "BatchStopJobRun":{ "name":"BatchStopJobRun", @@ -569,6 +569,24 @@ ], "documentation":"

    Creates a new development endpoint.

    " }, + "CreateGlueIdentityCenterConfiguration":{ + "name":"CreateGlueIdentityCenterConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateGlueIdentityCenterConfigurationRequest"}, + "output":{"shape":"CreateGlueIdentityCenterConfigurationResponse"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"AlreadyExistsException"}, + {"shape":"InternalServiceException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

    Creates a new Glue Identity Center configuration to enable integration between Glue and Amazon Web Services IAM Identity Center for authentication and authorization.

    " + }, "CreateIntegration":{ "name":"CreateIntegration", "http":{ @@ -1110,6 +1128,24 @@ ], "documentation":"

    Deletes a specified development endpoint.

    " }, + "DeleteGlueIdentityCenterConfiguration":{ + "name":"DeleteGlueIdentityCenterConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteGlueIdentityCenterConfigurationRequest"}, + "output":{"shape":"DeleteGlueIdentityCenterConfigurationResponse"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"EntityNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

    Deletes the existing Glue Identity Center configuration, removing the integration between Glue and Amazon Web Services IAM Identity Center.

    " + }, "DeleteIntegration":{ "name":"DeleteIntegration", "http":{ @@ -2018,6 +2054,24 @@ ], "documentation":"

    This API is used to query preview data from a given connection type or from a native Amazon S3 based Glue Data Catalog.

    Returns records as an array of JSON blobs. Each record is formatted using Jackson JsonNode based on the field type defined by the DescribeEntity API.

    Spark connectors generate schemas according to the same data type mapping as in the DescribeEntity API. Spark connectors convert data to the appropriate data types matching the schema when returning rows.

    " }, + "GetGlueIdentityCenterConfiguration":{ + "name":"GetGlueIdentityCenterConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetGlueIdentityCenterConfigurationRequest"}, + "output":{"shape":"GetGlueIdentityCenterConfigurationResponse"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"EntityNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

    Retrieves the current Glue Identity Center configuration details, including the associated Identity Center instance and application information.

    " + }, "GetIntegrationResourceProperty":{ "name":"GetIntegrationResourceProperty", "http":{ @@ -3609,7 +3663,7 @@ {"shape":"InternalServiceException"}, {"shape":"ConcurrentRunsExceededException"} ], - "documentation":"

    Starts the active learning workflow for your machine learning transform to improve the transform's quality by generating label sets and adding labels.

    When the StartMLLabelingSetGenerationTaskRun finishes, Glue will have generated a \"labeling set\" or a set of questions for humans to answer.

    In the case of the FindMatches transform, these questions are of the form, “What is the correct way to group these rows together into groups composed entirely of matching records?”

    After the labeling process is finished, you can upload your labels with a call to StartImportLabelsTaskRun. After StartImportLabelsTaskRun finishes, all future runs of the machine learning transform will use the new and improved labels and perform a higher-quality transformation.

    " + "documentation":"

    Starts the active learning workflow for your machine learning transform to improve the transform's quality by generating label sets and adding labels.

    When the StartMLLabelingSetGenerationTaskRun finishes, Glue will have generated a \"labeling set\" or a set of questions for humans to answer.

    In the case of the FindMatches transform, these questions are of the form, “What is the correct way to group these rows together into groups composed entirely of matching records?”

    After the labeling process is finished, you can upload your labels with a call to StartImportLabelsTaskRun. After StartImportLabelsTaskRun finishes, all future runs of the machine learning transform will use the new and improved labels and perform a higher-quality transformation.

    Note: The role used to write the generated labeling set to the OutputS3Path is the role associated with the Machine Learning Transform, specified in the CreateMLTransform API.

    " }, "StartTrigger":{ "name":"StartTrigger", @@ -4028,6 +4082,24 @@ ], "documentation":"

    Updates a specified development endpoint.

    " }, + "UpdateGlueIdentityCenterConfiguration":{ + "name":"UpdateGlueIdentityCenterConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateGlueIdentityCenterConfigurationRequest"}, + "output":{"shape":"UpdateGlueIdentityCenterConfigurationResponse"}, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"EntityNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

    Updates the existing Glue Identity Center configuration, allowing modification of scopes and permissions for the integration.

    " + }, "UpdateIntegrationResourceProperty":{ "name":"UpdateIntegrationResourceProperty", "http":{ @@ -4372,7 +4444,8 @@ "type":"string", "enum":[ "performanceTuning.caching", - "observations.scope" + "observations.scope", + "compositeRuleEvaluation.method" ] }, "AdditionalOptions":{ @@ -4457,6 +4530,13 @@ "max":30, "min":1 }, + "AllowFullTableExternalDataAccessEnum":{ + "type":"string", + "enum":[ + "True", + "False" + ] + }, "AllowedValue":{ "type":"structure", "required":["Value"], @@ -4693,6 +4773,11 @@ "min":1, "pattern":"[a-zA-Z0-9.-]*" }, + "ApplicationArn":{ + "type":"string", + "max":1224, + "min":10 + }, "ApplyMapping":{ "type":"structure", "required":[ @@ -4834,6 +4919,10 @@ "shape":"SecretArn", "documentation":"

    The secret manager ARN to store credentials.

    " }, + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Amazon Resource Name (ARN) of the KMS key used to encrypt sensitive authentication information. This key is used to protect credentials and other sensitive data stored within the authentication configuration.

    " + }, "OAuth2Properties":{ "shape":"OAuth2Properties", "documentation":"

    The properties for OAuth2 authentication.

    " @@ -4905,6 +4994,20 @@ }, "documentation":"

    The set of properties required for the the OAuth2 AUTHORIZATION_CODE grant type workflow.

    " }, + "AutoDataQuality":{ + "type":"structure", + "members":{ + "IsEnabled":{ + "shape":"BooleanValue", + "documentation":"

    Specifies whether automatic data quality evaluation is enabled. When set to true, data quality checks are performed automatically.

    " + }, + "EvaluationContext":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The evaluation context for the automatic data quality checks. This defines the scope and parameters for the data quality evaluation.

    " + } + }, + "documentation":"

    Specifies configuration options for automatic data quality evaluation in Glue jobs. This structure enables automated data quality checks and monitoring during ETL operations, helping to ensure data integrity and reliability without manual intervention.

    " + }, "BackfillError":{ "type":"structure", "members":{ @@ -5500,7 +5603,7 @@ "members":{ "InclusionAnnotations":{ "shape":"InclusionAnnotationList", - "documentation":"

    A list of DatapointInclusionAnnotation's.

    " + "documentation":"

    A list of DatapointInclusionAnnotation's. The InclusionAnnotations must contain a profileId and statisticId. If there are multiple InclusionAnnotations, the list must refer to a single statisticId across multiple profileIds.

    " }, "ClientToken":{ "shape":"HashString", @@ -5954,8 +6057,7 @@ }, "CancelDataQualityRuleRecommendationRunResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelDataQualityRulesetEvaluationRunRequest":{ "type":"structure", @@ -5969,8 +6071,7 @@ }, "CancelDataQualityRulesetEvaluationRunResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelMLTaskRunRequest":{ "type":"structure", @@ -6029,8 +6130,7 @@ }, "CancelStatementResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Capabilities":{ "type":"structure", @@ -6106,6 +6206,10 @@ "CreateDatabaseDefaultPermissions":{ "shape":"PrincipalPermissionsList", "documentation":"

    An array of PrincipalPermissions objects. Creates a set of default permissions on the database(s) for principals. Used by Amazon Web Services Lake Formation. Not used in the normal course of Glue operations.

    " + }, + "AllowFullTableExternalDataAccess":{ + "shape":"AllowFullTableExternalDataAccessEnum", + "documentation":"

    Allows third-party engines to access data in Amazon S3 locations that are registered with Lake Formation.

    " } }, "documentation":"

    The catalog object represents a logical grouping of databases in the Glue Data Catalog or a federated source. You can now create a Redshift-federated catalog or a catalog containing resource links to Redshift databases in another account or region.

    " @@ -6208,6 +6312,37 @@ }, "documentation":"

    Specifies a Hudi data source that is registered in the Glue Data Catalog.

    " }, + "CatalogIcebergSource":{ + "type":"structure", + "required":[ + "Name", + "Database", + "Table" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the Iceberg data source.

    " + }, + "Database":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the database to read from.

    " + }, + "Table":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the table in the database to read from.

    " + }, + "AdditionalIcebergOptions":{ + "shape":"AdditionalOptions", + "documentation":"

    Specifies additional connection options for the Iceberg data source.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the Iceberg source.

    " + } + }, + "documentation":"

    Specifies an Apache Iceberg data source that is registered in the Glue Data Catalog.

    " + }, "CatalogIdString":{ "type":"string", "max":255, @@ -6262,6 +6397,10 @@ "CreateDatabaseDefaultPermissions":{ "shape":"PrincipalPermissionsList", "documentation":"

    An array of PrincipalPermissions objects. Creates a set of default permissions on the database(s) for principals. Used by Amazon Web Services Lake Formation. Typically should be explicitly set as an empty list.

    " + }, + "AllowFullTableExternalDataAccess":{ + "shape":"AllowFullTableExternalDataAccessEnum", + "documentation":"

    Allows third-party engines to access data in Amazon S3 locations that are registered with Lake Formation.

    " } }, "documentation":"

    A structure that describes catalog properties.

    " @@ -6364,6 +6503,10 @@ "shape":"DataLakeAccessProperties", "documentation":"

    A DataLakeAccessProperties object that specifies properties to configure data lake access for your catalog resource in the Glue Data Catalog.

    " }, + "IcebergOptimizationProperties":{ + "shape":"IcebergOptimizationProperties", + "documentation":"

    A structure that specifies Iceberg table optimization properties for the catalog. This includes configuration for compaction, retention, and orphan file deletion operations that can be applied to Iceberg tables in this catalog.

    " + }, "CustomProperties":{ "shape":"ParametersMap", "documentation":"

    Additional key-value properties for the catalog, such as column statistics optimizations.

    " @@ -6378,6 +6521,10 @@ "shape":"DataLakeAccessPropertiesOutput", "documentation":"

    A DataLakeAccessProperties object with input properties to configure data lake access for your catalog resource in the Glue Data Catalog.

    " }, + "IcebergOptimizationProperties":{ + "shape":"IcebergOptimizationPropertiesOutput", + "documentation":"

    An IcebergOptimizationPropertiesOutput object that specifies Iceberg table optimization settings for the catalog, including configurations for compaction, retention, and orphan file deletion operations.

    " + }, "CustomProperties":{ "shape":"ParametersMap", "documentation":"

    Additional key-value properties for the catalog, such as column statistics optimizations.

    " @@ -6418,6 +6565,14 @@ "Table":{ "shape":"EnclosedInStringProperty", "documentation":"

    The name of the table in the database to read from.

    " + }, + "PartitionPredicate":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Partitions satisfying this predicate are deleted. Files within the retention period in these partitions are not deleted.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the catalog source.

    " } }, "documentation":"

    Specifies a data store in the Glue Data Catalog.

    " @@ -6749,6 +6904,10 @@ "shape":"PostgreSQLCatalogTarget", "documentation":"

    Specifies a target that uses Postgres SQL.

    " }, + "Route":{ + "shape":"Route", + "documentation":"

    Specifies a route node that directs data to different output paths based on defined filtering conditions.

    " + }, "DynamicTransform":{ "shape":"DynamicTransform", "documentation":"

    Specifies a custom visual transform created by a user.

    " @@ -6829,6 +6988,34 @@ "ConnectorDataTarget":{ "shape":"ConnectorDataTarget", "documentation":"

    Specifies a target generated with standard connection options.

    " + }, + "S3CatalogIcebergSource":{ + "shape":"S3CatalogIcebergSource", + "documentation":"

    Specifies an Apache Iceberg data source that is registered in the Glue Data Catalog. The Iceberg data source must be stored in Amazon S3.

    " + }, + "CatalogIcebergSource":{ + "shape":"CatalogIcebergSource", + "documentation":"

    Specifies an Apache Iceberg data source that is registered in the Glue Data Catalog.

    " + }, + "S3IcebergCatalogTarget":{ + "shape":"S3IcebergCatalogTarget", + "documentation":"

    Specifies an Apache Iceberg catalog target that writes data to Amazon S3 and registers the table in the Glue Data Catalog.

    " + }, + "S3IcebergDirectTarget":{ + "shape":"S3IcebergDirectTarget", + "documentation":"

    Defines configuration parameters for writing data to Amazon S3 as an Apache Iceberg table.

    " + }, + "S3ExcelSource":{ + "shape":"S3ExcelSource", + "documentation":"

    Defines configuration parameters for reading Excel files from Amazon S3.

    " + }, + "S3HyperDirectTarget":{ + "shape":"S3HyperDirectTarget", + "documentation":"

    Defines configuration parameters for writing data to Amazon S3 using HyperDirect optimization.

    " + }, + "DynamoDBELTConnectorSource":{ + "shape":"DynamoDBELTConnectorSource", + "documentation":"

    Specifies a DynamoDB ELT connector source for extracting data from DynamoDB tables.

    " } }, "documentation":"

    CodeGenConfigurationNode enumerates all valid Node types. One and only one of its member variables can be populated.

    " @@ -7325,6 +7512,16 @@ "min":1, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*" }, + "CompactionConfiguration":{ + "type":"structure", + "members":{ + "icebergConfiguration":{ + "shape":"IcebergCompactionConfiguration", + "documentation":"

    The configuration for an Iceberg compaction optimizer.

    " + } + }, + "documentation":"

    The configuration for a compaction optimizer. This configuration defines how data files in your table will be compacted to improve query performance and reduce storage costs.

    " + }, "CompactionMetrics":{ "type":"structure", "members":{ @@ -7335,6 +7532,14 @@ }, "documentation":"

    A structure that contains compaction metrics for the optimizer run.

    " }, + "CompactionStrategy":{ + "type":"string", + "enum":[ + "binpack", + "sort", + "z-order" + ] + }, "Comparator":{ "type":"string", "enum":[ @@ -7542,7 +7747,8 @@ }, "ConditionList":{ "type":"list", - "member":{"shape":"Condition"} + "member":{"shape":"Condition"}, + "max":500 }, "ConfigValueString":{ "type":"string", @@ -7577,6 +7783,13 @@ }, "documentation":"

    Specifies the values that an admin sets for each job or session parameter configured in a Glue usage profile.

    " }, + "ConfigurationSource":{ + "type":"string", + "enum":[ + "catalog", + "table" + ] + }, "ConflictException":{ "type":"structure", "members":{ @@ -7631,7 +7844,7 @@ }, "ConnectionProperties":{ "shape":"ConnectionProperties", - "documentation":"

    These key-value pairs define parameters for the connection when using the version 1 Connection schema:

    • HOST - The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.

    • PORT - The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.

    • USER_NAME - The name under which to log in to the database. The value string for USER_NAME is \"USERNAME\".

    • PASSWORD - A password, if one is used, for the user name.

    • ENCRYPTED_PASSWORD - When you enable connection password protection by setting ConnectionPasswordEncryption in the Data Catalog encryption settings, this field stores the encrypted password.

    • JDBC_DRIVER_JAR_URI - The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.

    • JDBC_DRIVER_CLASS_NAME - The class name of the JDBC driver to use.

    • JDBC_ENGINE - The name of the JDBC engine to use.

    • JDBC_ENGINE_VERSION - The version of the JDBC engine to use.

    • CONFIG_FILES - (Reserved for future use.)

    • INSTANCE_ID - The instance ID to use.

    • JDBC_CONNECTION_URL - The URL for connecting to a JDBC data source.

    • JDBC_ENFORCE_SSL - A Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.

    • CUSTOM_JDBC_CERT - An Amazon S3 location specifying the customer's root certificate. Glue uses this root certificate to validate the customer’s certificate when connecting to the customer database. Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.

    • SKIP_CUSTOM_JDBC_CERT_VALIDATION - By default, this is false. Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to true to skip Glue’s validation of the customer certificate.

    • CUSTOM_JDBC_CERT_STRING - A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the SSL_SERVER_CERT_DN; in Microsoft SQL Server, this is used as the hostNameInCertificate.

    • CONNECTION_URL - The URL for connecting to a general (non-JDBC) data source.

    • SECRET_ID - The secret ID used for the secret manager of credentials.

    • CONNECTOR_URL - The connector URL for a MARKETPLACE or CUSTOM connection.

    • CONNECTOR_TYPE - The connector type for a MARKETPLACE or CUSTOM connection.

    • CONNECTOR_CLASS_NAME - The connector class name for a MARKETPLACE or CUSTOM connection.

    • KAFKA_BOOTSTRAP_SERVERS - A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.

    • KAFKA_SSL_ENABLED - Whether to enable or disable SSL on an Apache Kafka connection. Default value is \"true\".

    • KAFKA_CUSTOM_CERT - The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.

    • KAFKA_SKIP_CUSTOM_CERT_VALIDATION - Whether to skip the validation of the CA cert file or not. Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is \"false\".

    • KAFKA_CLIENT_KEYSTORE - The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).

    • KAFKA_CLIENT_KEYSTORE_PASSWORD - The password to access the provided keystore (Optional).

    • KAFKA_CLIENT_KEY_PASSWORD - A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).

    • ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD - The encrypted version of the Kafka client keystore password (if the user has the Glue encrypt passwords setting selected).

    • ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD - The encrypted version of the Kafka client key password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_MECHANISM - \"SCRAM-SHA-512\", \"GSSAPI\", \"AWS_MSK_IAM\", or \"PLAIN\". These are the supported SASL Mechanisms.

    • KAFKA_SASL_PLAIN_USERNAME - A plaintext username used to authenticate with the \"PLAIN\" mechanism.

    • KAFKA_SASL_PLAIN_PASSWORD - A plaintext password used to authenticate with the \"PLAIN\" mechanism.

    • ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD - The encrypted version of the Kafka SASL PLAIN password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_SCRAM_USERNAME - A plaintext username used to authenticate with the \"SCRAM-SHA-512\" mechanism.

    • KAFKA_SASL_SCRAM_PASSWORD - A plaintext password used to authenticate with the \"SCRAM-SHA-512\" mechanism.

    • ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD - The encrypted version of the Kafka SASL SCRAM password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_SCRAM_SECRETS_ARN - The Amazon Resource Name of a secret in Amazon Web Services Secrets Manager.

    • KAFKA_SASL_GSSAPI_KEYTAB - The S3 location of a Kerberos keytab file. A keytab stores long-term keys for one or more principals. For more information, see MIT Kerberos Documentation: Keytab.

    • KAFKA_SASL_GSSAPI_KRB5_CONF - The S3 location of a Kerberos krb5.conf file. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see MIT Kerberos Documentation: krb5.conf.

    • KAFKA_SASL_GSSAPI_SERVICE - The Kerberos service name, as set with sasl.kerberos.service.name in your Kafka Configuration.

    • KAFKA_SASL_GSSAPI_PRINCIPAL - The name of the Kerberos princial used by Glue. For more information, see Kafka Documentation: Configuring Kafka Brokers.

    • ROLE_ARN - The role to be used for running queries.

    • REGION - The Amazon Web Services Region where queries will be run.

    • WORKGROUP_NAME - The name of an Amazon Redshift serverless workgroup or Amazon Athena workgroup in which queries will run.

    • CLUSTER_IDENTIFIER - The cluster identifier of an Amazon Redshift cluster in which queries will run.

    • DATABASE - The Amazon Redshift database that you are connecting to.

    " + "documentation":"

    These key-value pairs define parameters for the connection when using the version 1 Connection schema:

    • HOST - The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.

    • PORT - The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.

    • USER_NAME - The name under which to log in to the database. The value string for USER_NAME is \"USERNAME\".

    • PASSWORD - A password, if one is used, for the user name.

    • ENCRYPTED_PASSWORD - When you enable connection password protection by setting ConnectionPasswordEncryption in the Data Catalog encryption settings, this field stores the encrypted password.

    • JDBC_DRIVER_JAR_URI - The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.

    • JDBC_DRIVER_CLASS_NAME - The class name of the JDBC driver to use.

    • JDBC_ENGINE - The name of the JDBC engine to use.

    • JDBC_ENGINE_VERSION - The version of the JDBC engine to use.

    • CONFIG_FILES - (Reserved for future use.)

    • INSTANCE_ID - The instance ID to use.

    • JDBC_CONNECTION_URL - The URL for connecting to a JDBC data source.

    • JDBC_ENFORCE_SSL - A case-insensitive Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.

    • CUSTOM_JDBC_CERT - An Amazon S3 location specifying the customer's root certificate. Glue uses this root certificate to validate the customer’s certificate when connecting to the customer database. Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.

    • SKIP_CUSTOM_JDBC_CERT_VALIDATION - By default, this is false. Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to true to skip Glue’s validation of the customer certificate.

    • CUSTOM_JDBC_CERT_STRING - A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the SSL_SERVER_CERT_DN; in Microsoft SQL Server, this is used as the hostNameInCertificate.

    • CONNECTION_URL - The URL for connecting to a general (non-JDBC) data source.

    • SECRET_ID - The secret ID used for the secret manager of credentials.

    • CONNECTOR_URL - The connector URL for a MARKETPLACE or CUSTOM connection.

    • CONNECTOR_TYPE - The connector type for a MARKETPLACE or CUSTOM connection.

    • CONNECTOR_CLASS_NAME - The connector class name for a MARKETPLACE or CUSTOM connection.

    • KAFKA_BOOTSTRAP_SERVERS - A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.

    • KAFKA_SSL_ENABLED - Whether to enable or disable SSL on an Apache Kafka connection. Default value is \"true\".

    • KAFKA_CUSTOM_CERT - The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.

    • KAFKA_SKIP_CUSTOM_CERT_VALIDATION - Whether to skip the validation of the CA cert file or not. Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is \"false\".

    • KAFKA_CLIENT_KEYSTORE - The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).

    • KAFKA_CLIENT_KEYSTORE_PASSWORD - The password to access the provided keystore (Optional).

    • KAFKA_CLIENT_KEY_PASSWORD - A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).

    • ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD - The encrypted version of the Kafka client keystore password (if the user has the Glue encrypt passwords setting selected).

    • ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD - The encrypted version of the Kafka client key password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_MECHANISM - \"SCRAM-SHA-512\", \"GSSAPI\", \"AWS_MSK_IAM\", or \"PLAIN\". These are the supported SASL Mechanisms.

    • KAFKA_SASL_PLAIN_USERNAME - A plaintext username used to authenticate with the \"PLAIN\" mechanism.

    • KAFKA_SASL_PLAIN_PASSWORD - A plaintext password used to authenticate with the \"PLAIN\" mechanism.

    • ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD - The encrypted version of the Kafka SASL PLAIN password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_SCRAM_USERNAME - A plaintext username used to authenticate with the \"SCRAM-SHA-512\" mechanism.

    • KAFKA_SASL_SCRAM_PASSWORD - A plaintext password used to authenticate with the \"SCRAM-SHA-512\" mechanism.

    • ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD - The encrypted version of the Kafka SASL SCRAM password (if the user has the Glue encrypt passwords setting selected).

    • KAFKA_SASL_SCRAM_SECRETS_ARN - The Amazon Resource Name of a secret in Amazon Web Services Secrets Manager.

    • KAFKA_SASL_GSSAPI_KEYTAB - The S3 location of a Kerberos keytab file. A keytab stores long-term keys for one or more principals. For more information, see MIT Kerberos Documentation: Keytab.

    • KAFKA_SASL_GSSAPI_KRB5_CONF - The S3 location of a Kerberos krb5.conf file. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see MIT Kerberos Documentation: krb5.conf.

    • KAFKA_SASL_GSSAPI_SERVICE - The Kerberos service name, as set with sasl.kerberos.service.name in your Kafka Configuration.

    • KAFKA_SASL_GSSAPI_PRINCIPAL - The name of the Kerberos princial used by Glue. For more information, see Kafka Documentation: Configuring Kafka Brokers.

    • ROLE_ARN - The role to be used for running queries.

    • REGION - The Amazon Web Services Region where queries will be run.

    • WORKGROUP_NAME - The name of an Amazon Redshift serverless workgroup or Amazon Athena workgroup in which queries will run.

    • CLUSTER_IDENTIFIER - The cluster identifier of an Amazon Redshift cluster in which queries will run.

    • DATABASE - The Amazon Redshift database that you are connecting to.

    " }, "SparkProperties":{ "shape":"PropertyMap", @@ -7849,6 +8062,15 @@ "FAILED" ] }, + "ConnectionString":{ + "type":"string", + "max":255 + }, + "ConnectionStringList":{ + "type":"list", + "member":{"shape":"ConnectionString"}, + "max":1000 + }, "ConnectionType":{ "type":"string", "enum":[ @@ -7877,10 +8099,73 @@ "ZOHOCRM", "SALESFORCEPARDOT", "SALESFORCEMARKETINGCLOUD", + "ADOBEANALYTICS", "SLACK", + "LINKEDIN", + "MIXPANEL", + "ASANA", "STRIPE", + "SMARTSHEET", + "DATADOG", + "WOOCOMMERCE", "INTERCOM", - "SNAPCHATADS" + "SNAPCHATADS", + "PAYPAL", + "QUICKBOOKS", + "FACEBOOKPAGEINSIGHTS", + "FRESHDESK", + "TWILIO", + "DOCUSIGNMONITOR", + "FRESHSALES", + "ZOOM", + "GOOGLESEARCHCONSOLE", + "SALESFORCECOMMERCECLOUD", + "SAPCONCUR", + "DYNATRACE", + "MICROSOFTDYNAMIC365FINANCEANDOPS", + "MICROSOFTTEAMS", + "BLACKBAUDRAISEREDGENXT", + "MAILCHIMP", + "GITLAB", + "PENDO", + "PRODUCTBOARD", + "CIRCLECI", + "PIPEDIVE", + "SENDGRID", + "AZURECOSMOS", + "AZURESQL", + "BIGQUERY", + "BLACKBAUD", + "CLOUDERAHIVE", + "CLOUDERAIMPALA", + "CLOUDWATCH", + "CLOUDWATCHMETRICS", + "CMDB", + "DATALAKEGEN2", + "DB2", + "DB2AS400", + "DOCUMENTDB", + "DOMO", + "DYNAMODB", + "GOOGLECLOUDSTORAGE", + "HBASE", + "KUSTOMER", + "MICROSOFTDYNAMICS365CRM", + "MONDAY", + "MYSQL", + "OKTA", + "OPENSEARCH", + "ORACLE", + "PIPEDRIVE", + "POSTGRESQL", + "SAPHANA", + "SQLSERVER", + "SYNAPSE", + "TERADATA", + "TERADATANOS", + "TIMESTREAM", + "TPCDS", + "VERTICA" ] }, "ConnectionTypeBrief":{ @@ -7890,13 +8175,33 @@ "shape":"ConnectionType", "documentation":"

    The name of the connection type.

    " }, + "DisplayName":{ + "shape":"DisplayName", + "documentation":"

    The human-readable name for the connection type that is displayed in the Glue console.

    " + }, + "Vendor":{ + "shape":"Vendor", + "documentation":"

    The name of the vendor or provider that created or maintains this connection type.

    " + }, "Description":{ "shape":"Description", "documentation":"

    A description of the connection type.

    " }, + "Categories":{ + "shape":"ListOfString", + "documentation":"

    A list of categories that this connection type belongs to. Categories help users filter and find appropriate connection types based on their use cases.

    " + }, "Capabilities":{ "shape":"Capabilities", "documentation":"

    The supported authentication types, data interface types (compute environments), and data operations of the connector.

    " + }, + "LogoUrl":{ + "shape":"UrlString", + "documentation":"

    The URL of the logo associated with a connection type.

    " + }, + "ConnectionTypeVariants":{ + "shape":"ConnectionTypeVariantList", + "documentation":"

    A list of variants available for this connection type. Different variants may provide specialized configurations for specific use cases or implementations of the same general connection type.

    " } }, "documentation":"

    Brief information about a supported connection type returned by the ListConnectionTypes API.

    " @@ -7905,11 +8210,37 @@ "type":"list", "member":{"shape":"ConnectionTypeBrief"} }, + "ConnectionTypeVariant":{ + "type":"structure", + "members":{ + "ConnectionTypeVariantName":{ + "shape":"DisplayName", + "documentation":"

    The unique identifier for the connection type variant. This name is used internally to identify the specific variant of a connection type.

    " + }, + "DisplayName":{ + "shape":"DisplayName", + "documentation":"

    The human-readable name for the connection type variant that is displayed in the Glue console.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A detailed description of the connection type variant, including its purpose, use cases, and any specific configuration requirements.

    " + }, + "LogoUrl":{ + "shape":"UrlString", + "documentation":"

    The URL of the logo associated with a connection type variant.

    " + } + }, + "documentation":"

    Represents a variant of a connection type in Glue Data Catalog. Connection type variants provide specific configurations and behaviors for different implementations of the same general connection type.

    " + }, + "ConnectionTypeVariantList":{ + "type":"list", + "member":{"shape":"ConnectionTypeVariant"} + }, "ConnectionsList":{ "type":"structure", "members":{ "Connections":{ - "shape":"OrchestrationStringList", + "shape":"ConnectionStringList", "documentation":"

    A list of connections used by the job.

    " } }, @@ -7990,6 +8321,7 @@ "max":20, "min":1 }, + "ContinuousSync":{"type":"boolean"}, "Crawl":{ "type":"structure", "members":{ @@ -8414,8 +8746,7 @@ }, "CreateCatalogResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateClassifierRequest":{ "type":"structure", @@ -8440,8 +8771,7 @@ }, "CreateClassifierResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateColumnStatisticsTaskSettingsRequest":{ "type":"structure", @@ -8491,8 +8821,7 @@ }, "CreateColumnStatisticsTaskSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateConnectionRequest":{ "type":"structure", @@ -8593,8 +8922,7 @@ }, "CreateCrawlerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateCsvClassifierRequest":{ "type":"structure", @@ -8712,7 +9040,8 @@ "shape":"HashString", "documentation":"

    Used for idempotency and is recommended to be set to a random ID (such as a UUID) to avoid creating or starting multiple instances of the same resource.

    " } - } + }, + "documentation":"

    A request to create a data quality ruleset.

    " }, "CreateDataQualityRulesetResponse":{ "type":"structure", @@ -8743,8 +9072,7 @@ }, "CreateDatabaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateDevEndpointRequest":{ "type":"structure", @@ -8896,6 +9224,35 @@ } } }, + "CreateGlueIdentityCenterConfigurationRequest":{ + "type":"structure", + "required":["InstanceArn"], + "members":{ + "InstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Identity Center instance to be associated with the Glue configuration.

    " + }, + "Scopes":{ + "shape":"IdentityCenterScopesList", + "documentation":"

    A list of Identity Center scopes that define the permissions and access levels for the Glue configuration.

    " + }, + "UserBackgroundSessionsEnabled":{ + "shape":"NullableBoolean", + "documentation":"

    Specifies whether users can run background sessions when using Identity Center authentication with Glue services.

    " + } + }, + "documentation":"

    Request to create a new Glue Identity Center configuration.

    " + }, + "CreateGlueIdentityCenterConfigurationResponse":{ + "type":"structure", + "members":{ + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Identity Center application that was created for the Glue configuration.

    " + } + }, + "documentation":"

    Response from creating a new Glue Identity Center configuration.

    " + }, "CreateGrokClassifierRequest":{ "type":"structure", "required":[ @@ -8923,6 +9280,36 @@ }, "documentation":"

    Specifies a grok classifier for CreateClassifier to create.

    " }, + "CreateIcebergTableInput":{ + "type":"structure", + "required":[ + "Location", + "Schema" + ], + "members":{ + "Location":{ + "shape":"LocationString", + "documentation":"

    The S3 location where the Iceberg table data will be stored.

    " + }, + "Schema":{ + "shape":"IcebergSchema", + "documentation":"

    The schema definition that specifies the structure, field types, and metadata for the Iceberg table.

    " + }, + "PartitionSpec":{ + "shape":"IcebergPartitionSpec", + "documentation":"

    The partitioning specification that defines how the Iceberg table data will be organized and partitioned for optimal query performance.

    " + }, + "WriteOrder":{ + "shape":"IcebergSortOrder", + "documentation":"

    The sort order specification that defines how data should be ordered within each partition to optimize query performance.

    " + }, + "Properties":{ + "shape":"StringToStringMap", + "documentation":"

    Key-value pairs of additional table properties and configuration settings for the Iceberg table.

    " + } + }, + "documentation":"

    The configuration parameters required to create a new Iceberg table in the Glue Data Catalog, including table properties and metadata specifications.

    " + }, "CreateIntegrationRequest":{ "type":"structure", "required":[ @@ -8962,6 +9349,10 @@ "Tags":{ "shape":"IntegrationTagsList", "documentation":"

    Metadata assigned to the resource consisting of a list of key-value pairs.

    " + }, + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"

    The configuration settings.

    " } } }, @@ -9059,6 +9450,10 @@ "DataFilter":{ "shape":"String2048", "documentation":"

    Selects source tables for the integration using Maxwell filter syntax.

    " + }, + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"

    The configuration settings.

    " } } }, @@ -9071,7 +9466,7 @@ "members":{ "ResourceArn":{ "shape":"String128", - "documentation":"

    The connection ARN of the source, or the database ARN of the target.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the target table for which to create integration table properties. Currently, this API only supports creating integration table properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for creating integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.

    " }, "TableName":{ "shape":"String128", @@ -9079,7 +9474,7 @@ }, "SourceTableConfig":{ "shape":"SourceTableConfig", - "documentation":"

    A structure for the source table configuration.

    " + "documentation":"

    A structure for the source table configuration. See the SourceTableConfig structure to see list of supported source properties.

    " }, "TargetTableConfig":{ "shape":"TargetTableConfig", @@ -9089,8 +9484,7 @@ }, "CreateIntegrationTablePropertiesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateJobRequest":{ "type":"structure", @@ -9184,7 +9578,7 @@ }, "WorkerType":{ "shape":"WorkerType", - "documentation":"

    The type of predefined worker that is allocated when a job runs. Accepts a value of G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs.

    • For the G.1X worker type, each worker maps to 1 DPU (4 vCPUs, 16 GB of memory) with 94GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.2X worker type, each worker maps to 2 DPU (8 vCPUs, 32 GB of memory) with 138GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.4X worker type, each worker maps to 4 DPU (16 vCPUs, 64 GB of memory) with 256GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs in the following Amazon Web Services Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm).

    • For the G.8X worker type, each worker maps to 8 DPU (32 vCPUs, 128 GB of memory) with 512GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs, in the same Amazon Web Services Regions as supported for the G.4X worker type.

    • For the G.025X worker type, each worker maps to 0.25 DPU (2 vCPUs, 4 GB of memory) with 84GB disk, and provides 1 executor per worker. We recommend this worker type for low volume streaming jobs. This worker type is only available for Glue version 3.0 or later streaming jobs.

    • For the Z.2X worker type, each worker maps to 2 M-DPU (8vCPUs, 64 GB of memory) with 128 GB disk, and provides up to 8 Ray workers based on the autoscaler.

    " + "documentation":"

    The type of predefined worker that is allocated when a job runs. Accepts a value of G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs.

    • For the G.1X worker type, each worker maps to 1 DPU (4 vCPUs, 16 GB of memory) with 94GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.2X worker type, each worker maps to 2 DPU (8 vCPUs, 32 GB of memory) with 138GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.4X worker type, each worker maps to 4 DPU (16 vCPUs, 64 GB of memory) with 256GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs in the following Amazon Web Services Regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Spain), Europe (Stockholm), and South America (São Paulo).

    • For the G.8X worker type, each worker maps to 8 DPU (32 vCPUs, 128 GB of memory) with 512GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs, in the same Amazon Web Services Regions as supported for the G.4X worker type.

    • For the G.025X worker type, each worker maps to 0.25 DPU (2 vCPUs, 4 GB of memory) with 84GB disk, and provides 1 executor per worker. We recommend this worker type for low volume streaming jobs. This worker type is only available for Glue version 3.0 or later streaming jobs.

    • For the Z.2X worker type, each worker maps to 2 M-DPU (8vCPUs, 64 GB of memory) with 128 GB disk, and provides up to 8 Ray workers based on the autoscaler.

    " }, "CodeGenConfigurationNodes":{ "shape":"CodeGenConfigurationNodes", @@ -9331,8 +9725,7 @@ }, "CreatePartitionIndexResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreatePartitionRequest":{ "type":"structure", @@ -9362,8 +9755,7 @@ }, "CreatePartitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateRegistryInput":{ "type":"structure", @@ -9676,15 +10068,11 @@ }, "CreateTableOptimizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateTableRequest":{ "type":"structure", - "required":[ - "DatabaseName", - "TableInput" - ], + "required":["DatabaseName"], "members":{ "CatalogId":{ "shape":"CatalogIdString", @@ -9694,6 +10082,10 @@ "shape":"NameString", "documentation":"

    The catalog database in which to create the new table. For Hive compatibility, this name is entirely lowercase.

    " }, + "Name":{ + "shape":"NameString", + "documentation":"

    The unique identifier for the table within the specified database that will be created in the Glue Data Catalog.

    " + }, "TableInput":{ "shape":"TableInput", "documentation":"

    The TableInput object that defines the metadata table to create in the catalog.

    " @@ -9714,8 +10106,7 @@ }, "CreateTableResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateTriggerRequest":{ "type":"structure", @@ -9833,8 +10224,7 @@ }, "CreateUserDefinedFunctionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateWorkflowRequest":{ "type":"structure", @@ -9845,7 +10235,7 @@ "documentation":"

    The name to be assigned to the workflow. It should be unique within your account.

    " }, "Description":{ - "shape":"GenericString", + "shape":"WorkflowDescriptionString", "documentation":"

    A description of the workflow.

    " }, "DefaultRunProperties":{ @@ -10081,6 +10471,55 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "DDBELTCatalogAdditionalOptions":{ + "type":"structure", + "members":{ + "DynamodbExport":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Specifies the DynamoDB export configuration for the ELT operation.

    " + }, + "DynamodbUnnestDDBJson":{ + "shape":"BooleanValue", + "documentation":"

    Specifies whether to unnest DynamoDB JSON format. When set to true, nested JSON structures in DynamoDB items are flattened.

    " + } + }, + "documentation":"

    Specifies additional options for DynamoDB ELT catalog operations.

    " + }, + "DDBELTConnectionOptions":{ + "type":"structure", + "required":["DynamodbTableArn"], + "members":{ + "DynamodbExport":{ + "shape":"DdbExportType", + "documentation":"

    Specifies the export type for DynamoDB data extraction. This parameter determines how data is exported from the DynamoDB table during the ELT process.

    " + }, + "DynamodbUnnestDDBJson":{ + "shape":"BooleanValue", + "documentation":"

    A boolean value that specifies whether to unnest DynamoDB JSON format during data extraction. When set to true, the connector will flatten nested JSON structures from DynamoDB items. When set to false, the original DynamoDB JSON structure is preserved.

    " + }, + "DynamodbTableArn":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The Amazon Resource Name (ARN) of the DynamoDB table to extract data from. This parameter specifies the source table for the ELT operation.

    " + }, + "DynamodbS3Bucket":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the Amazon S3 bucket used for intermediate storage during the DynamoDB ELT process. This bucket is used to temporarily store exported DynamoDB data before it is processed by the ELT job.

    " + }, + "DynamodbS3Prefix":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The S3 object key prefix for files stored in the intermediate S3 bucket during the DynamoDB ELT process. This prefix helps organize and identify the temporary files created during data extraction.

    " + }, + "DynamodbS3BucketOwner":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The Amazon Web Services account ID of the owner of the S3 bucket specified in DynamodbS3Bucket. This parameter is required when the S3 bucket is owned by a different Amazon Web Services account than the one running the ELT job, enabling cross-account access to the intermediate storage bucket.

    " + }, + "DynamodbStsRoleArn":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Security Token Service (STS) role to assume for accessing DynamoDB and S3 resources during the ELT operation. This role must have the necessary permissions to read from the DynamoDB table and write to the intermediate S3 bucket.

    " + } + }, + "documentation":"

    Specifies connection options for DynamoDB ELT (Extract, Load, Transform) operations. This structure contains configuration parameters for connecting to and extracting data from DynamoDB tables using the ELT connector.

    " + }, "DQAdditionalOptions":{ "type":"map", "key":{"shape":"AdditionalOptionKeys"}, @@ -10266,6 +10705,36 @@ "type":"list", "member":{"shape":"DataOperation"} }, + "DataQualityAggregatedMetrics":{ + "type":"structure", + "members":{ + "TotalRowsProcessed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of rows that were processed during the data quality evaluation.

    " + }, + "TotalRowsPassed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of rows that passed all applicable data quality rules.

    " + }, + "TotalRowsFailed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of rows that failed one or more data quality rules.

    " + }, + "TotalRulesProcessed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of data quality rules that were evaluated.

    " + }, + "TotalRulesPassed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of data quality rules that passed their evaluation criteria.

    " + }, + "TotalRulesFailed":{ + "shape":"NullableDouble", + "documentation":"

    The total number of data quality rules that failed their evaluation criteria.

    " + } + }, + "documentation":"

    A summary of metrics showing the total counts of processed rows and rules, including their pass/fail statistics based on row-level results.

    " + }, "DataQualityAnalyzerResult":{ "type":"structure", "members":{ @@ -10333,6 +10802,40 @@ }, "documentation":"

    Additional run options you can specify for an evaluation run.

    " }, + "DataQualityGlueTable":{ + "type":"structure", + "required":[ + "DatabaseName", + "TableName" + ], + "members":{ + "DatabaseName":{ + "shape":"NameString", + "documentation":"

    A database name in the Glue Data Catalog.

    " + }, + "TableName":{ + "shape":"NameString", + "documentation":"

    A table name in the Glue Data Catalog.

    " + }, + "CatalogId":{ + "shape":"NameString", + "documentation":"

    A unique identifier for the Glue Data Catalog.

    " + }, + "ConnectionName":{ + "shape":"NameString", + "documentation":"

    The name of the connection to the Glue Data Catalog.

    " + }, + "AdditionalOptions":{ + "shape":"GlueTableAdditionalOptions", + "documentation":"

    Additional options for the table. Currently there are two keys supported:

    • pushDownPredicate: to filter on partitions without having to list and read all the files in your dataset.

    • catalogPartitionPredicate: to use server-side partition pruning using partition indexes in the Glue Data Catalog.

    " + }, + "PreProcessingQuery":{ + "shape":"PreProcessingQueryString", + "documentation":"

    SQL Query of SparkSQL format that can be used to pre-process the data for the table in Glue Data Catalog, before running the Data Quality Operation.

    " + } + }, + "documentation":"

    The database and table in the Glue Data Catalog that is used for input or output data for Data Quality Operations.

    " + }, "DataQualityMetricValues":{ "type":"structure", "members":{ @@ -10448,6 +10951,10 @@ "Observations":{ "shape":"DataQualityObservations", "documentation":"

    A list of DataQualityObservation objects representing the observations generated after evaluating the rules and analyzers.

    " + }, + "AggregatedMetrics":{ + "shape":"DataQualityAggregatedMetrics", + "documentation":"

    A summary of DataQualityAggregatedMetrics objects showing the total counts of processed rows and rules, including their pass/fail statistics based on row-level results.

    " } }, "documentation":"

    Describes a data quality result.

    " @@ -10595,6 +11102,14 @@ "EvaluatedRule":{ "shape":"DataQualityRuleResultDescription", "documentation":"

    The evaluated rule.

    " + }, + "RuleMetrics":{ + "shape":"RuleMetricsMap", + "documentation":"

    A map containing metrics associated with the evaluation of the rule based on row-level results.

    " + }, + "Labels":{ + "shape":"Labels", + "documentation":"

    A map containing labels assigned to the data quality rule.

    " } }, "documentation":"

    Describes the result of the evaluation of a data quality rule.

    " @@ -10766,11 +11281,14 @@ }, "DataSource":{ "type":"structure", - "required":["GlueTable"], "members":{ "GlueTable":{ "shape":"GlueTable", "documentation":"

    An Glue table.

    " + }, + "DataQualityGlueTable":{ + "shape":"DataQualityGlueTable", + "documentation":"

    An Glue table for Data Quality Operations.

    " } }, "documentation":"

    A data source (an Glue table) for which you want data quality results.

    " @@ -10825,7 +11343,10 @@ }, "DatabaseAttributes":{ "type":"string", - "enum":["NAME"] + "enum":[ + "NAME", + "TARGET_DATABASE" + ] }, "DatabaseAttributesList":{ "type":"list", @@ -10961,6 +11482,13 @@ }, "documentation":"

    Defines column statistics supported for timestamp data columns.

    " }, + "DdbExportType":{ + "type":"string", + "enum":[ + "ddb", + "s3" + ] + }, "DecimalColumnStatisticsData":{ "type":"structure", "required":[ @@ -11044,8 +11572,7 @@ }, "DeleteCatalogResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteClassifierRequest":{ "type":"structure", @@ -11059,8 +11586,7 @@ }, "DeleteClassifierResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteColumnStatisticsForPartitionRequest":{ "type":"structure", @@ -11095,8 +11621,7 @@ }, "DeleteColumnStatisticsForPartitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteColumnStatisticsForTableRequest":{ "type":"structure", @@ -11126,8 +11651,7 @@ }, "DeleteColumnStatisticsForTableResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteColumnStatisticsTaskSettingsRequest":{ "type":"structure", @@ -11148,8 +11672,7 @@ }, "DeleteColumnStatisticsTaskSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConnectionNameList":{ "type":"list", @@ -11173,8 +11696,7 @@ }, "DeleteConnectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCrawlerRequest":{ "type":"structure", @@ -11188,8 +11710,7 @@ }, "DeleteCrawlerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCustomEntityTypeRequest":{ "type":"structure", @@ -11222,8 +11743,7 @@ }, "DeleteDataQualityRulesetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDatabaseRequest":{ "type":"structure", @@ -11241,8 +11761,7 @@ }, "DeleteDatabaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDevEndpointRequest":{ "type":"structure", @@ -11256,8 +11775,17 @@ }, "DeleteDevEndpointResponse":{ "type":"structure", - "members":{ - } + "members":{} + }, + "DeleteGlueIdentityCenterConfigurationRequest":{ + "type":"structure", + "members":{}, + "documentation":"

    Request to delete the existing Glue Identity Center configuration.

    " + }, + "DeleteGlueIdentityCenterConfigurationResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    Response from deleting the Glue Identity Center configuration.

    " }, "DeleteIntegrationRequest":{ "type":"structure", @@ -11349,8 +11877,7 @@ }, "DeleteIntegrationTablePropertiesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteJobRequest":{ "type":"structure", @@ -11418,8 +11945,7 @@ }, "DeletePartitionIndexResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePartitionRequest":{ "type":"structure", @@ -11449,8 +11975,7 @@ }, "DeletePartitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRegistryInput":{ "type":"structure", @@ -11494,8 +12019,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSchemaInput":{ "type":"structure", @@ -11562,8 +12086,7 @@ }, "DeleteSecurityConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSessionRequest":{ "type":"structure", @@ -11617,8 +12140,7 @@ }, "DeleteTableOptimizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTableRequest":{ "type":"structure", @@ -11647,8 +12169,7 @@ }, "DeleteTableResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTableVersionRequest":{ "type":"structure", @@ -11678,8 +12199,7 @@ }, "DeleteTableVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTriggerRequest":{ "type":"structure", @@ -11712,8 +12232,7 @@ }, "DeleteUsageProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserDefinedFunctionRequest":{ "type":"structure", @@ -11738,8 +12257,7 @@ }, "DeleteUserDefinedFunctionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkflowRequest":{ "type":"structure", @@ -12146,6 +12664,10 @@ "RedshiftTmpDir":{ "shape":"EnclosedInStringProperty", "documentation":"

    The temp directory of the JDBC Redshift source.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the direct JDBC source.

    " } }, "documentation":"

    Specifies the direct JDBC source connection.

    " @@ -12230,6 +12752,11 @@ }, "documentation":"

    A policy that specifies update behavior for the crawler.

    " }, + "DisplayName":{ + "type":"string", + "max":128, + "min":1 + }, "Double":{"type":"double"}, "DoubleColumnStatisticsData":{ "type":"structure", @@ -12393,10 +12920,37 @@ "Table":{ "shape":"EnclosedInStringProperty", "documentation":"

    The name of the table in the database to read from.

    " + }, + "PitrEnabled":{ + "shape":"BoxedBoolean", + "documentation":"

    Specifies whether Point-in-Time Recovery (PITR) is enabled for the DynamoDB table. When set to true, allows reading from a specific point in time. The default value is false.

    " + }, + "AdditionalOptions":{ + "shape":"DDBELTCatalogAdditionalOptions", + "documentation":"

    Specifies additional connection options for the DynamoDB data source.

    " } }, "documentation":"

    Specifies a DynamoDB data source in the Glue Data Catalog.

    " }, + "DynamoDBELTConnectorSource":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the DynamoDB ELT connector source.

    " + }, + "ConnectionOptions":{ + "shape":"DDBELTConnectionOptions", + "documentation":"

    The connection options for the DynamoDB ELT connector source.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the DynamoDB ELT connector source.

    " + } + }, + "documentation":"

    Specifies a DynamoDB ELT connector source for extracting data from DynamoDB tables.

    " + }, "DynamoDBTarget":{ "type":"structure", "members":{ @@ -12785,6 +13339,10 @@ "ConnectionName":{ "shape":"NameString", "documentation":"

    The name of the connection to an external data source, for example a Redshift-federated catalog.

    " + }, + "ConnectionType":{ + "shape":"NameString", + "documentation":"

    The type of connection used to access the federated catalog, specifying the protocol or method for connection to the external data source.

    " } }, "documentation":"

    A catalog that points to an entity outside the Glue Data Catalog.

    " @@ -12799,6 +13357,10 @@ "ConnectionName":{ "shape":"NameString", "documentation":"

    The name of the connection to the external metastore.

    " + }, + "ConnectionType":{ + "shape":"NameString", + "documentation":"

    The type of connection used to access the federated database, such as JDBC, ODBC, or other supported connection protocols.

    " } }, "documentation":"

    A database that points to an entity outside the Glue Data Catalog.

    " @@ -12832,6 +13394,10 @@ "ConnectionName":{ "shape":"NameString", "documentation":"

    The name of the connection to the external metastore.

    " + }, + "ConnectionType":{ + "shape":"NameString", + "documentation":"

    The type of connection used to access the federated table, specifying the protocol or method for connecting to the external data source.

    " } }, "documentation":"

    A table that points to an entity outside the Glue Data Catalog.

    " @@ -13981,8 +14547,13 @@ "Observations":{ "shape":"DataQualityObservations", "documentation":"

    A list of DataQualityObservation objects representing the observations generated after evaluating the rules and analyzers.

    " + }, + "AggregatedMetrics":{ + "shape":"DataQualityAggregatedMetrics", + "documentation":"

    A summary of DataQualityAggregatedMetrics objects showing the total counts of processed rows and rules, including their pass/fail statistics based on row-level results.

    " } - } + }, + "documentation":"

    The response for the data quality result.

    " }, "GetDataQualityRuleRecommendationRunRequest":{ "type":"structure", @@ -14053,7 +14624,8 @@ "shape":"NameString", "documentation":"

    The name of the security configuration created with the data quality encryption option.

    " } - } + }, + "documentation":"

    The response for the Data Quality rule recommendation run.

    " }, "GetDataQualityRulesetEvaluationRunRequest":{ "type":"structure", @@ -14175,7 +14747,8 @@ "shape":"NameString", "documentation":"

    The name of the security configuration created with the data quality encryption option.

    " } - } + }, + "documentation":"

    Returns the data quality ruleset response.

    " }, "GetDatabaseRequest":{ "type":"structure", @@ -14368,6 +14941,33 @@ } } }, + "GetGlueIdentityCenterConfigurationRequest":{ + "type":"structure", + "members":{}, + "documentation":"

    Request to retrieve the Glue Identity Center configuration.

    " + }, + "GetGlueIdentityCenterConfigurationResponse":{ + "type":"structure", + "members":{ + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Identity Center application associated with the Glue configuration.

    " + }, + "InstanceArn":{ + "shape":"IdentityCenterInstanceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Identity Center instance associated with the Glue configuration.

    " + }, + "Scopes":{ + "shape":"OrchestrationStringList", + "documentation":"

    A list of Identity Center scopes that define the permissions and access levels for the Glue configuration.

    " + }, + "UserBackgroundSessionsEnabled":{ + "shape":"NullableBoolean", + "documentation":"

    Indicates whether users can run background sessions when using Identity Center authentication with Glue services.

    " + } + }, + "documentation":"

    Response containing the Glue Identity Center configuration details.

    " + }, "GetIntegrationResourcePropertyRequest":{ "type":"structure", "required":["ResourceArn"], @@ -14404,7 +15004,7 @@ "members":{ "ResourceArn":{ "shape":"String128", - "documentation":"

    The connection ARN of the source, or the database ARN of the target.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the target table for which to retrieve integration table properties. Currently, this API only supports retrieving properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for retrieving integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.

    " }, "TableName":{ "shape":"String128", @@ -14417,7 +15017,7 @@ "members":{ "ResourceArn":{ "shape":"String128", - "documentation":"

    The connection ARN of the source, or the database ARN of the target.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the target table for which to retrieve integration table properties. Currently, this API only supports retrieving properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for retrieving integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.

    " }, "TableName":{ "shape":"String128", @@ -15465,6 +16065,10 @@ "shape":"Timestamp", "documentation":"

    The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with TransactionId.

    " }, + "AuditContext":{ + "shape":"AuditContext", + "documentation":"

    A structure containing the Lake Formation audit context.

    " + }, "IncludeStatusDetails":{ "shape":"BooleanNullable", "documentation":"

    Specifies whether to include status details related to a request to create or update an Glue Data Catalog view.

    " @@ -15592,6 +16196,10 @@ "shape":"Timestamp", "documentation":"

    The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with TransactionId.

    " }, + "AuditContext":{ + "shape":"AuditContext", + "documentation":"

    A structure containing the Lake Formation audit context.

    " + }, "IncludeStatusDetails":{ "shape":"BooleanNullable", "documentation":"

    Specifies whether to include status details related to a request to create or update an Glue Data Catalog view.

    " @@ -16219,6 +16827,10 @@ "Type":{ "shape":"ColumnTypeString", "documentation":"

    The hive type for this column in the Glue Studio schema.

    " + }, + "GlueStudioType":{ + "shape":"ColumnTypeString", + "documentation":"

    The data type of the column as defined in Glue Studio.

    " } }, "documentation":"

    Specifies a single column in a Glue schema definition.

    " @@ -16388,6 +17000,33 @@ "min":1, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\t]*" }, + "GroupFilters":{ + "type":"structure", + "required":[ + "GroupName", + "Filters", + "LogicalOperator" + ], + "members":{ + "GroupName":{ + "shape":"GenericLimitedString", + "documentation":"

    The name of the filter group.

    " + }, + "Filters":{ + "shape":"FilterExpressions", + "documentation":"

    A list of filter expressions that define the conditions for this group.

    " + }, + "LogicalOperator":{ + "shape":"FilterLogicalOperator", + "documentation":"

    The logical operator used to combine the filters in this group. Determines whether all filters must match (AND) or any filter can match (OR).

    " + } + }, + "documentation":"

    Specifies a group of filters with a logical operator that determines how the filters are combined to evaluate routing conditions.

    " + }, + "GroupFiltersList":{ + "type":"list", + "member":{"shape":"GroupFilters"} + }, "HashString":{ "type":"string", "max":255, @@ -16429,10 +17068,32 @@ "type":"list", "member":{"shape":"HudiTarget"} }, + "HyperTargetCompressionType":{ + "type":"string", + "enum":["uncompressed"] + }, "IAMRoleArn":{ "type":"string", "pattern":"^arn:aws(-(cn|us-gov|iso(-[bef])?))?:iam::[0-9]{12}:role/.+" }, + "IcebergCompactionConfiguration":{ + "type":"structure", + "members":{ + "strategy":{ + "shape":"CompactionStrategy", + "documentation":"

    The strategy to use for compaction. Valid values are:

    • binpack: Combines small files into larger files, typically targeting sizes over 100MB, while applying any pending deletes. This is the recommended compaction strategy for most use cases.

    • sort: Organizes data based on specified columns which are sorted hierarchically during compaction, improving query performance for filtered operations. This strategy is recommended when your queries frequently filter on specific columns. To use this strategy, you must first define a sort order in your Iceberg table properties using the sort_order table property.

    • z-order: Optimizes data organization by blending multiple attributes into a single scalar value that can be used for sorting, allowing efficient querying across multiple dimensions. This strategy is recommended when you need to query data across multiple dimensions simultaneously. To use this strategy, you must first define a sort order in your Iceberg table properties using the sort_order table property.

    If an input is not provided, the default value 'binpack' will be used.

    " + }, + "minInputFiles":{ + "shape":"NullableInteger", + "documentation":"

    The minimum number of data files that must be present in a partition before compaction will actually compact files. This parameter helps control when compaction is triggered, preventing unnecessary compaction operations on partitions with few files. If an input is not provided, the default value 100 will be used.

    " + }, + "deleteFileThreshold":{ + "shape":"NullableInteger", + "documentation":"

    The minimum number of deletes that must be present in a data file to make it eligible for compaction. This parameter helps optimize compaction by focusing on files that contain a significant number of delete operations, which can improve query performance by removing deleted records. If an input is not provided, the default value 1 will be used.

    " + } + }, + "documentation":"

    The configuration for an Iceberg compaction optimizer. This configuration defines parameters for optimizing the layout of data files in Iceberg tables.

    " + }, "IcebergCompactionMetrics":{ "type":"structure", "members":{ @@ -16444,9 +17105,13 @@ "shape":"metricCounts", "documentation":"

    The number of files removed by the compaction job run.

    " }, + "DpuHours":{ + "shape":"dpuHours", + "documentation":"

    The number of DPU hours consumed by the job.

    " + }, "NumberOfDpus":{ "shape":"dpuCounts", - "documentation":"

    The number of DPU hours consumed by the job.

    " + "documentation":"

    The number of DPUs consumed by the job, rounded up to the nearest whole number.

    " }, "JobDurationInHour":{ "shape":"dpuDurationInHour", @@ -16455,6 +17120,11 @@ }, "documentation":"

    Compaction metrics for Iceberg for the optimizer run.

    " }, + "IcebergDocument":{ + "type":"structure", + "members":{}, + "document":true + }, "IcebergInput":{ "type":"structure", "required":["MetadataOperation"], @@ -16466,10 +17136,69 @@ "Version":{ "shape":"VersionString", "documentation":"

    The table version for the Iceberg table. Defaults to 2.

    " + }, + "CreateIcebergTableInput":{ + "shape":"CreateIcebergTableInput", + "documentation":"

    The configuration parameters required to create a new Iceberg table in the Glue Data Catalog, including table properties and metadata specifications.

    " } }, "documentation":"

    A structure that defines an Apache Iceberg metadata table to create in the catalog.

    " }, + "IcebergNullOrder":{ + "type":"string", + "enum":[ + "nulls-first", + "nulls-last" + ] + }, + "IcebergOptimizationProperties":{ + "type":"structure", + "members":{ + "RoleArn":{ + "shape":"IAMRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that will be assumed to perform Iceberg table optimization operations.

    " + }, + "Compaction":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg table compaction operations, which optimize the layout of data files to improve query performance.

    " + }, + "Retention":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg table retention operations, which manage the lifecycle of table snapshots to control storage costs.

    " + }, + "OrphanFileDeletion":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg orphan file deletion operations, which identify and remove files that are no longer referenced by the table metadata.

    " + } + }, + "documentation":"

    A structure that specifies Iceberg table optimization properties for the catalog, including configurations for compaction, retention, and orphan file deletion operations.

    " + }, + "IcebergOptimizationPropertiesOutput":{ + "type":"structure", + "members":{ + "RoleArn":{ + "shape":"IAMRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that is used to perform Iceberg table optimization operations.

    " + }, + "Compaction":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg table compaction operations, which optimize the layout of data files to improve query performance.

    " + }, + "Retention":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg table retention operations, which manage the lifecycle of table snapshots to control storage costs.

    " + }, + "OrphanFileDeletion":{ + "shape":"ParametersMap", + "documentation":"

    A map of key-value pairs that specify configuration parameters for Iceberg orphan file deletion operations, which identify and remove files that are no longer referenced by the table metadata.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the Iceberg optimization properties were last updated.

    " + } + }, + "documentation":"

    A structure that contains the output properties of Iceberg table optimization configuration for your catalog resource in the Glue Data Catalog.

    " + }, "IcebergOrphanFileDeletionConfiguration":{ "type":"structure", "members":{ @@ -16480,6 +17209,10 @@ "location":{ "shape":"MessageString", "documentation":"

    Specifies a directory in which to look for files (defaults to the table's location). You may choose a sub-directory rather than the top-level table location.

    " + }, + "runRateInHours":{ + "shape":"NullableInteger", + "documentation":"

    The interval in hours between orphan file deletion job runs. This parameter controls how frequently the orphan file deletion optimizer will run to clean up orphan files. The value must be between 3 and 168 hours (7 days). If an input is not provided, the default value 24 will be used.

    " } }, "documentation":"

    The configuration for an Iceberg orphan file deletion optimizer.

    " @@ -16491,9 +17224,13 @@ "shape":"metricCounts", "documentation":"

    The number of orphan files deleted by the orphan file deletion job run.

    " }, + "DpuHours":{ + "shape":"dpuHours", + "documentation":"

    The number of DPU hours consumed by the job.

    " + }, "NumberOfDpus":{ "shape":"dpuCounts", - "documentation":"

    The number of DPU hours consumed by the job.

    " + "documentation":"

    The number of DPUs consumed by the job, rounded up to the nearest whole number.

    " }, "JobDurationInHour":{ "shape":"dpuDurationInHour", @@ -16502,6 +17239,52 @@ }, "documentation":"

    Orphan file deletion metrics for Iceberg for the optimizer run.

    " }, + "IcebergPartitionField":{ + "type":"structure", + "required":[ + "SourceId", + "Transform", + "Name" + ], + "members":{ + "SourceId":{ + "shape":"Integer", + "documentation":"

    The identifier of the source field from the table schema that this partition field is based on.

    " + }, + "Transform":{ + "shape":"IcebergTransformString", + "documentation":"

    The transformation function applied to the source field to create the partition, such as identity, bucket, truncate, year, month, day, or hour.

    " + }, + "Name":{ + "shape":"ColumnNameString", + "documentation":"

    The name of the partition field as it will appear in the partitioned table structure.

    " + }, + "FieldId":{ + "shape":"Integer", + "documentation":"

    The unique identifier assigned to this partition field within the Iceberg table's partition specification.

    " + } + }, + "documentation":"

    Defines a single partition field within an Iceberg partition specification, including the source field, transformation function, partition name, and unique identifier.

    " + }, + "IcebergPartitionSpec":{ + "type":"structure", + "required":["Fields"], + "members":{ + "Fields":{ + "shape":"IcebergPartitionSpecFieldList", + "documentation":"

    The list of partition fields that define how the table data should be partitioned, including source fields and their transformations.

    " + }, + "SpecId":{ + "shape":"Integer", + "documentation":"

    The unique identifier for this partition specification within the Iceberg table's metadata history.

    " + } + }, + "documentation":"

    Defines the partitioning specification for an Iceberg table, determining how table data will be organized and partitioned for optimal query performance.

    " + }, + "IcebergPartitionSpecFieldList":{ + "type":"list", + "member":{"shape":"IcebergPartitionField"} + }, "IcebergRetentionConfiguration":{ "type":"structure", "members":{ @@ -16516,6 +17299,10 @@ "cleanExpiredFiles":{ "shape":"NullableBoolean", "documentation":"

    If set to false, snapshots are only deleted from table metadata, and the underlying data and metadata files are not deleted.

    " + }, + "runRateInHours":{ + "shape":"NullableInteger", + "documentation":"

    The interval in hours between retention job runs. This parameter controls how frequently the retention optimizer will run to clean up expired snapshots. The value must be between 3 and 168 hours (7 days). If an input is not provided, the default value 24 will be used.

    " } }, "documentation":"

    The configuration for an Iceberg snapshot retention optimizer.

    " @@ -16535,9 +17322,13 @@ "shape":"metricCounts", "documentation":"

    The number of manifest lists deleted by the retention job run.

    " }, + "DpuHours":{ + "shape":"dpuHours", + "documentation":"

    The number of DPU hours consumed by the job.

    " + }, "NumberOfDpus":{ "shape":"dpuCounts", - "documentation":"

    The number of DPU hours consumed by the job.

    " + "documentation":"

    The number of DPUs consumed by the job, rounded up to the nearest whole number.

    " }, "JobDurationInHour":{ "shape":"dpuDurationInHour", @@ -16546,6 +17337,160 @@ }, "documentation":"

    Snapshot retention metrics for Iceberg for the optimizer run.

    " }, + "IcebergSchema":{ + "type":"structure", + "required":["Fields"], + "members":{ + "SchemaId":{ + "shape":"Integer", + "documentation":"

    The unique identifier for this schema version within the Iceberg table's schema evolution history.

    " + }, + "IdentifierFieldIds":{ + "shape":"IntegerList", + "documentation":"

    The list of field identifiers that uniquely identify records in the table, used for row-level operations and deduplication.

    " + }, + "Type":{ + "shape":"IcebergStructTypeEnum", + "documentation":"

    The root type of the schema structure, typically \"struct\" for Iceberg table schemas.

    " + }, + "Fields":{ + "shape":"IcebergStructFieldList", + "documentation":"

    The list of field definitions that make up the table schema, including field names, types, and metadata.

    " + } + }, + "documentation":"

    Defines the schema structure for an Iceberg table, including field definitions, data types, and schema metadata.

    " + }, + "IcebergSortDirection":{ + "type":"string", + "enum":[ + "asc", + "desc" + ] + }, + "IcebergSortField":{ + "type":"structure", + "required":[ + "SourceId", + "Transform", + "Direction", + "NullOrder" + ], + "members":{ + "SourceId":{ + "shape":"Integer", + "documentation":"

    The identifier of the source field from the table schema that this sort field is based on.

    " + }, + "Transform":{ + "shape":"IcebergTransformString", + "documentation":"

    The transformation function applied to the source field before sorting, such as identity, bucket, or truncate.

    " + }, + "Direction":{ + "shape":"IcebergSortDirection", + "documentation":"

    The sort direction for this field, either ascending or descending.

    " + }, + "NullOrder":{ + "shape":"IcebergNullOrder", + "documentation":"

    The ordering behavior for null values in this field, specifying whether nulls should appear first or last in the sort order.

    " + } + }, + "documentation":"

    Defines a single field within an Iceberg sort order specification, including the source field, transformation, sort direction, and null value ordering.

    " + }, + "IcebergSortOrder":{ + "type":"structure", + "required":[ + "OrderId", + "Fields" + ], + "members":{ + "OrderId":{ + "shape":"Integer", + "documentation":"

    The unique identifier for this sort order specification within the Iceberg table's metadata.

    " + }, + "Fields":{ + "shape":"IcebergSortOrderFieldList", + "documentation":"

    The list of fields and their sort directions that define the ordering criteria for the Iceberg table data.

    " + } + }, + "documentation":"

    Defines the sort order specification for an Iceberg table, determining how data should be ordered within partitions to optimize query performance.

    " + }, + "IcebergSortOrderFieldList":{ + "type":"list", + "member":{"shape":"IcebergSortField"} + }, + "IcebergStructField":{ + "type":"structure", + "required":[ + "Id", + "Name", + "Type", + "Required" + ], + "members":{ + "Id":{ + "shape":"Integer", + "documentation":"

    The unique identifier assigned to this field within the Iceberg table schema, used for schema evolution and field tracking.

    " + }, + "Name":{ + "shape":"ColumnNameString", + "documentation":"

    The name of the field as it appears in the table schema and query operations.

    " + }, + "Type":{ + "shape":"IcebergDocument", + "documentation":"

    The data type definition for this field, specifying the structure and format of the data it contains.

    " + }, + "Required":{ + "shape":"Boolean", + "documentation":"

    Indicates whether this field is required (non-nullable) or optional (nullable) in the table schema.

    " + }, + "Doc":{ + "shape":"CommentString", + "documentation":"

    Optional documentation or description text that provides additional context about the purpose and usage of this field.

    " + } + }, + "documentation":"

    Defines a single field within an Iceberg table schema, including its identifier, name, data type, nullability, and documentation.

    " + }, + "IcebergStructFieldList":{ + "type":"list", + "member":{"shape":"IcebergStructField"} + }, + "IcebergStructTypeEnum":{ + "type":"string", + "enum":["struct"] + }, + "IcebergTableUpdate":{ + "type":"structure", + "required":[ + "Schema", + "Location" + ], + "members":{ + "Schema":{ + "shape":"IcebergSchema", + "documentation":"

    The updated schema definition for the Iceberg table, specifying any changes to field structure, data types, or schema metadata.

    " + }, + "PartitionSpec":{ + "shape":"IcebergPartitionSpec", + "documentation":"

    The updated partitioning specification that defines how the table data should be reorganized and partitioned.

    " + }, + "SortOrder":{ + "shape":"IcebergSortOrder", + "documentation":"

    The updated sort order specification that defines how data should be ordered within partitions for optimal query performance.

    " + }, + "Location":{ + "shape":"LocationString", + "documentation":"

    The updated S3 location where the Iceberg table data will be stored.

    " + }, + "Properties":{ + "shape":"StringToStringMap", + "documentation":"

    Updated key-value pairs of table properties and configuration settings for the Iceberg table.

    " + } + }, + "documentation":"

    Defines a complete set of updates to be applied to an Iceberg table, including schema changes, partitioning modifications, sort order adjustments, location updates, and property changes.

    " + }, + "IcebergTableUpdateList":{ + "type":"list", + "member":{"shape":"IcebergTableUpdate"} + }, "IcebergTarget":{ "type":"structure", "members":{ @@ -16568,10 +17513,20 @@ }, "documentation":"

    Specifies an Apache Iceberg data source where Iceberg tables are stored in Amazon S3.

    " }, + "IcebergTargetCompressionType":{ + "type":"string", + "enum":[ + "gzip", + "lzo", + "uncompressed", + "snappy" + ] + }, "IcebergTargetList":{ "type":"list", "member":{"shape":"IcebergTarget"} }, + "IcebergTransformString":{"type":"string"}, "IdString":{ "type":"string", "max":255, @@ -16589,6 +17544,21 @@ "documentation":"

    The same unique identifier was associated with two different records.

    ", "exception":true }, + "IdentityCenterInstanceArn":{ + "type":"string", + "max":1224, + "min":10 + }, + "IdentityCenterScope":{ + "type":"string", + "max":50 + }, + "IdentityCenterScopesList":{ + "type":"list", + "member":{"shape":"IdentityCenterScope"}, + "max":50, + "min":1 + }, "IdleTimeout":{ "type":"integer", "box":true @@ -16637,8 +17607,7 @@ }, "ImportCatalogToGlueResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ImportLabelsTaskRunProperties":{ "type":"structure", @@ -16684,6 +17653,10 @@ "shape":"IntegrationTimestamp", "documentation":"

    The time that the integration was created, in UTC.

    " }, + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"

    Properties associated with the integration.

    " + }, "Errors":{ "shape":"IntegrationErrorList", "documentation":"

    A list of errors associated with the integration.

    " @@ -16712,6 +17685,10 @@ "max":1, "min":0 }, + "IntegerList":{ + "type":"list", + "member":{"shape":"Integer"} + }, "IntegerValue":{"type":"integer"}, "Integration":{ "type":"structure", @@ -16764,6 +17741,10 @@ "shape":"IntegrationTimestamp", "documentation":"

    The time that the integration was created, in UTC.

    " }, + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"

    Properties associated with the integration.

    " + }, "Errors":{ "shape":"IntegrationErrorList", "documentation":"

    A list of errors associated with the integration.

    " @@ -16780,6 +17761,24 @@ "key":{"shape":"IntegrationString"}, "value":{"shape":"IntegrationString"} }, + "IntegrationConfig":{ + "type":"structure", + "members":{ + "RefreshInterval":{ + "shape":"String128", + "documentation":"

    Specifies the frequency at which CDC (Change Data Capture) pulls or incremental loads should occur. This parameter provides flexibility to align the refresh rate with your specific data update patterns, system load considerations, and performance optimization goals. Time increment can be set from 15 minutes to 8640 minutes (six days). Currently supports creation of RefreshInterval only.

    " + }, + "SourceProperties":{ + "shape":"IntegrationSourcePropertiesMap", + "documentation":"

    A collection of key-value pairs that specify additional properties for the integration source. These properties provide configuration options that can be used to customize the behavior of the ODB source during data integration operations.

    " + }, + "ContinuousSync":{ + "shape":"ContinuousSync", + "documentation":"

    Enables continuous synchronization for on-demand data extractions from SaaS applications to Amazon Web Services data services like Amazon Redshift and Amazon S3.

    " + } + }, + "documentation":"

    Properties associated with the integration.

    " + }, "IntegrationConflictOperationFault":{ "type":"structure", "members":{ @@ -16854,11 +17853,15 @@ "members":{ "FieldName":{ "shape":"String128", - "documentation":"

    The field name used to partition data on the target.

    " + "documentation":"

    The field name used to partition data on the target. Avoid using columns that have unique values for each row (for example, `LastModifiedTimestamp`, `SystemModTimeStamp`) as the partition column. These columns are not suitable for partitioning because they create a large number of small partitions, which can lead to performance issues.

    " }, "FunctionSpec":{ "shape":"String128", - "documentation":"

    Specifies a function used to partition data on the target.

    " + "documentation":"

    Specifies the function used to partition data on the target. The accepted values for this parameter are:

    • identity - Uses source values directly without transformation

    • year - Extracts the year from timestamp values (e.g., 2023)

    • month - Extracts the month from timestamp values (e.g., 2023-01)

    • day - Extracts the day from timestamp values (e.g., 2023-01-15)

    • hour - Extracts the hour from timestamp values (e.g., 2023-01-15-14)

    " + }, + "ConversionSpec":{ + "shape":"String128", + "documentation":"

    Specifies the timestamp format of the source data. Valid values are:

    • epoch_sec - Unix epoch timestamp in seconds

    • epoch_milli - Unix epoch timestamp in milliseconds

    • iso - ISO 8601 formatted timestamp

    Only specify ConversionSpec when using timestamp-based partition functions (year, month, day, or hour). Glue Zero-ETL uses this parameter to correctly transform source data into timestamp format before partitioning.

    Do not use high-cardinality columns with the identity partition function. High-cardinality columns include:

    • Primary keys

    • Timestamp fields (such as LastModifiedTimestamp, CreatedDate)

    • System-generated timestamps

    Using high-cardinality columns with identity partitioning creates many small partitions, which can significantly degrade ingestion performance.

    " } }, "documentation":"

    A structure that describes how data is partitioned on the target.

    " @@ -16878,6 +17881,11 @@ "documentation":"

    The data processed through your integration exceeded your quota.

    ", "exception":true }, + "IntegrationSourcePropertiesMap":{ + "type":"map", + "key":{"shape":"IntegrationString"}, + "value":{"shape":"IntegrationString"} + }, "IntegrationStatus":{ "type":"string", "enum":[ @@ -17264,7 +18272,7 @@ }, "WorkerType":{ "shape":"WorkerType", - "documentation":"

    The type of predefined worker that is allocated when a job runs. Accepts a value of G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs.

    • For the G.1X worker type, each worker maps to 1 DPU (4 vCPUs, 16 GB of memory) with 94GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.2X worker type, each worker maps to 2 DPU (8 vCPUs, 32 GB of memory) with 138GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.4X worker type, each worker maps to 4 DPU (16 vCPUs, 64 GB of memory) with 256GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs in the following Amazon Web Services Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm).

    • For the G.8X worker type, each worker maps to 8 DPU (32 vCPUs, 128 GB of memory) with 512GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs, in the same Amazon Web Services Regions as supported for the G.4X worker type.

    • For the G.025X worker type, each worker maps to 0.25 DPU (2 vCPUs, 4 GB of memory) with 84GB disk, and provides 1 executor per worker. We recommend this worker type for low volume streaming jobs. This worker type is only available for Glue version 3.0 or later streaming jobs.

    • For the Z.2X worker type, each worker maps to 2 M-DPU (8vCPUs, 64 GB of memory) with 128 GB disk, and provides up to 8 Ray workers based on the autoscaler.

    " + "documentation":"

    The type of predefined worker that is allocated when a job runs.

    Glue provides multiple worker types to accommodate different workload requirements:

    G Worker Types (General-purpose compute workers):

    • G.1X: 1 DPU (4 vCPUs, 16 GB memory, 94GB disk)

    • G.2X: 2 DPU (8 vCPUs, 32 GB memory, 138GB disk)

    • G.4X: 4 DPU (16 vCPUs, 64 GB memory, 256GB disk)

    • G.8X: 8 DPU (32 vCPUs, 128 GB memory, 512GB disk)

    • G.12X: 12 DPU (48 vCPUs, 192 GB memory, 768GB disk)

    • G.16X: 16 DPU (64 vCPUs, 256 GB memory, 1024GB disk)

    R Worker Types (Memory-optimized workers):

    • R.1X: 1 M-DPU (4 vCPUs, 32 GB memory)

    • R.2X: 2 M-DPU (8 vCPUs, 64 GB memory)

    • R.4X: 4 M-DPU (16 vCPUs, 128 GB memory)

    • R.8X: 8 M-DPU (32 vCPUs, 256 GB memory)

    " }, "NumberOfWorkers":{ "shape":"NullableInteger", @@ -17529,6 +18537,10 @@ "StateDetail":{ "shape":"OrchestrationMessageString", "documentation":"

    This field holds details that pertain to the state of a job run. The field is nullable.

    For example, when a job run is in a WAITING state as a result of job run queuing, the field has the reason why the job run is in that state.

    " + }, + "ExecutionRoleSessionPolicy":{ + "shape":"OrchestrationPolicyJsonString", + "documentation":"

    This inline session policy to the StartJobRun API allows you to dynamically restrict the permissions of the specified execution role for the scope of the job, without requiring the creation of additional IAM roles.

    " } }, "documentation":"

    Contains information about a job run.

    " @@ -17615,7 +18627,7 @@ }, "WorkerType":{ "shape":"WorkerType", - "documentation":"

    The type of predefined worker that is allocated when a job runs. Accepts a value of G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs.

    • For the G.1X worker type, each worker maps to 1 DPU (4 vCPUs, 16 GB of memory) with 94GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.2X worker type, each worker maps to 2 DPU (8 vCPUs, 32 GB of memory) with 138GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.

    • For the G.4X worker type, each worker maps to 4 DPU (16 vCPUs, 64 GB of memory) with 256GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs in the following Amazon Web Services Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm).

    • For the G.8X worker type, each worker maps to 8 DPU (32 vCPUs, 128 GB of memory) with 512GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs, in the same Amazon Web Services Regions as supported for the G.4X worker type.

    • For the G.025X worker type, each worker maps to 0.25 DPU (2 vCPUs, 4 GB of memory) with 84GB disk, and provides 1 executor per worker. We recommend this worker type for low volume streaming jobs. This worker type is only available for Glue version 3.0 or later streaming jobs.

    • For the Z.2X worker type, each worker maps to 2 M-DPU (8vCPUs, 64 GB of memory) with 128 GB disk, and provides up to 8 Ray workers based on the autoscaler.

    " + "documentation":"

    The type of predefined worker that is allocated when a job runs. Accepts a value of G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs. For more information, see Defining job properties for Spark jobs

    " }, "NumberOfWorkers":{ "shape":"NullableInteger", @@ -17966,6 +18978,10 @@ "StartingTimestamp":{ "shape":"Iso8601DateTime", "documentation":"

    The timestamp of the record in the Kinesis data stream to start reading data from. The possible values are a timestamp string in UTC format of the pattern yyyy-mm-ddTHH:MM:SSZ (where Z represents a UTC timezone offset with a +/-. For example: \"2023-04-04T08:00:00+08:00\").

    " + }, + "FanoutConsumerARN":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The Amazon Resource Name (ARN) of the Kinesis Data Streams enhanced fan-out consumer. When specified, enables enhanced fan-out for dedicated throughput and lower latency data consumption.

    " } }, "documentation":"

    Additional options for the Amazon Kinesis streaming data source.

    " @@ -17985,6 +19001,11 @@ }, "documentation":"

    Specifies configuration properties for a labeling set generation task run.

    " }, + "Labels":{ + "type":"map", + "key":{"shape":"NameString"}, + "value":{"shape":"NameString"} + }, "LakeFormationConfiguration":{ "type":"structure", "members":{ @@ -19413,6 +20434,7 @@ "shape":"String2048", "documentation":"

    Selects source tables for the integration using Maxwell filter syntax.

    " }, + "IntegrationConfig":{"shape":"IntegrationConfig"}, "IntegrationName":{ "shape":"String128", "documentation":"

    A unique name for an integration in Glue.

    " @@ -19477,7 +20499,8 @@ "DataFilter":{ "shape":"String2048", "documentation":"

    Selects source tables for the integration using Maxwell filter syntax.

    " - } + }, + "IntegrationConfig":{"shape":"IntegrationConfig"} } }, "MongoDBTarget":{ @@ -19727,6 +20750,7 @@ "type":"string", "box":true }, + "NumberTargetPartitionsString":{"type":"string"}, "OAuth2ClientApplication":{ "type":"structure", "members":{ @@ -19993,6 +21017,11 @@ "max":25, "min":1 }, + "OrchestrationPolicyJsonString":{ + "type":"string", + "max":2048, + "min":2 + }, "OrchestrationRoleArn":{ "type":"string", "max":2048, @@ -20117,6 +21146,34 @@ "MaskValue":{ "shape":"MaskValue", "documentation":"

    Indicates the value that will replace the detected entity.

    " + }, + "RedactText":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Specifies whether to redact the detected PII text. When set to true, PII content is replaced with redaction characters.

    " + }, + "RedactChar":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The character used to replace detected PII content when redaction is enabled. The default redaction character is *.

    " + }, + "MatchPattern":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    A regular expression pattern used to identify additional PII content beyond the standard detection algorithms.

    " + }, + "NumLeftCharsToExclude":{ + "shape":"BoxedPositiveInt", + "documentation":"

    The number of characters to exclude from redaction on the left side of detected PII content. This allows preserving context around the sensitive data.

    " + }, + "NumRightCharsToExclude":{ + "shape":"BoxedPositiveInt", + "documentation":"

    The number of characters to exclude from redaction on the right side of detected PII content. This allows preserving context around the sensitive data.

    " + }, + "DetectionParameters":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Additional parameters for configuring PII detection behavior and sensitivity settings.

    " + }, + "DetectionSensitivity":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The sensitivity level for PII detection. Higher sensitivity levels detect more potential PII but may result in more false positives.

    " } }, "documentation":"

    Specifies a transform that identifies, removes or masks PII data.

    " @@ -20171,6 +21228,8 @@ "snappy", "lzo", "gzip", + "brotli", + "lz4", "uncompressed", "none" ] @@ -20422,8 +21481,11 @@ "type":"string", "enum":[ "RowAudit", + "RowHashing", "RowMasking", + "RowPartialMasking", "ColumnAudit", + "ColumnHashing", "ColumnMasking" ] }, @@ -20496,6 +21558,13 @@ }, "documentation":"

    Specifies a target that uses Postgres SQL.

    " }, + "PreProcessingQueryString":{ + "type":"string", + "documentation":"

    SQL Query of SparkSQL format that can be used to pre-process data before running Data Quality Operations.

    ", + "max":51200, + "min":0, + "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*" + }, "Predecessor":{ "type":"structure", "members":{ @@ -20712,8 +21781,7 @@ }, "PutDataCatalogEncryptionSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutDataQualityProfileAnnotationRequest":{ "type":"structure", @@ -20734,8 +21802,7 @@ }, "PutDataQualityProfileAnnotationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Left blank.

    " }, "PutResourcePolicyRequest":{ @@ -20856,8 +21923,7 @@ }, "PutWorkflowRunPropertiesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PythonScript":{"type":"string"}, "PythonVersionString":{ @@ -21035,8 +22101,7 @@ }, "Record":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true, "sensitive":true }, @@ -21524,7 +22589,36 @@ "pattern":"arn:aws:iam::\\d{12}:role/.*" }, "RoleString":{"type":"string"}, + "Route":{ + "type":"structure", + "required":[ + "Name", + "Inputs", + "GroupFiltersList" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the route node.

    " + }, + "Inputs":{ + "shape":"OneInput", + "documentation":"

    The input connection for the route node.

    " + }, + "GroupFiltersList":{ + "shape":"GroupFiltersList", + "documentation":"

    A list of group filters that define the routing conditions and criteria for directing data to different output paths.

    " + } + }, + "documentation":"

    Specifies a route node that directs data to different output paths based on defined filtering conditions.

    " + }, "RowTag":{"type":"string"}, + "RuleMetricsMap":{ + "type":"map", + "key":{"shape":"NameString"}, + "value":{"shape":"NullableDouble"}, + "sensitive":true + }, "RulesetNames":{ "type":"list", "member":{"shape":"NameString"}, @@ -21559,7 +22653,7 @@ }, "NumberOfDpus":{ "shape":"MessageString", - "documentation":"

    The number of DPU hours consumed by the job.

    " + "documentation":"

    The number of DPUs consumed by the job, rounded up to the nearest whole number.

    " }, "JobDurationInHour":{ "shape":"MessageString", @@ -21665,6 +22759,37 @@ }, "documentation":"

    Specifies a Hudi data source that is registered in the Glue Data Catalog. The Hudi data source must be stored in Amazon S3.

    " }, + "S3CatalogIcebergSource":{ + "type":"structure", + "required":[ + "Name", + "Database", + "Table" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the Iceberg data source.

    " + }, + "Database":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the database to read from.

    " + }, + "Table":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the table in the database to read from.

    " + }, + "AdditionalIcebergOptions":{ + "shape":"AdditionalOptions", + "documentation":"

    Specifies additional connection options for the Iceberg data source.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the Iceberg source.

    " + } + }, + "documentation":"

    Specifies an Apache Iceberg data source that is registered in the Glue Data Catalog. The Iceberg data source must be stored in Amazon S3.

    " + }, "S3CatalogSource":{ "type":"structure", "required":[ @@ -21728,6 +22853,10 @@ "SchemaChangePolicy":{ "shape":"CatalogSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 catalog target. When set to true, data quality checks are performed automatically during the write operation.

    " } }, "documentation":"

    Specifies a data target that writes to Amazon S3 using the Glue Data Catalog.

    " @@ -21856,6 +22985,14 @@ "SchemaChangePolicy":{ "shape":"CatalogSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Delta catalog target. When set to true, data quality checks are performed automatically during the write operation.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the S3 Delta catalog target.

    " } }, "documentation":"

    Specifies a target that writes to a Delta Lake data source in the Glue Data Catalog.

    " @@ -21890,6 +23027,10 @@ "shape":"DeltaTargetCompressionType", "documentation":"

    Specifies how the data is compressed. This is generally not necessary if the data has a standard file extension. Possible values are \"gzip\" and \"bzip\").

    " }, + "NumberTargetPartitions":{ + "shape":"NumberTargetPartitionsString", + "documentation":"

    Specifies the number of target partitions for distributing Delta Lake dataset files across Amazon S3.

    " + }, "Format":{ "shape":"TargetFormat", "documentation":"

    Specifies the data output format for the target.

    " @@ -21901,6 +23042,10 @@ "SchemaChangePolicy":{ "shape":"DirectSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Delta direct target. When set to true, data quality checks are performed automatically during the write operation.

    " } }, "documentation":"

    Specifies a target that writes to a Delta Lake data source in Amazon S3.

    " @@ -21986,6 +23131,10 @@ "shape":"EnclosedInStringProperty", "documentation":"

    Specifies how the data is compressed. This is generally not necessary if the data has a standard file extension. Possible values are \"gzip\" and \"bzip\").

    " }, + "NumberTargetPartitions":{ + "shape":"NumberTargetPartitionsString", + "documentation":"

    Specifies the number of target partitions when writing data directly to Amazon S3.

    " + }, "Format":{ "shape":"TargetFormat", "documentation":"

    Specifies the data output format for the target.

    " @@ -21993,6 +23142,14 @@ "SchemaChangePolicy":{ "shape":"DirectSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 direct target. When set to true, data quality checks are performed automatically during the write operation.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the S3 direct target.

    " } }, "documentation":"

    Specifies a data target that writes to Amazon S3.

    " @@ -22023,6 +23180,68 @@ "SSE-S3" ] }, + "S3ExcelSource":{ + "type":"structure", + "required":[ + "Name", + "Paths" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the S3 Excel data source.

    " + }, + "Paths":{ + "shape":"EnclosedInStringProperties", + "documentation":"

    The S3 paths where the Excel files are located.

    " + }, + "CompressionType":{ + "shape":"ParquetCompressionType", + "documentation":"

    The compression format used for the Excel files.

    " + }, + "Exclusions":{ + "shape":"EnclosedInStringProperties", + "documentation":"

    Patterns to exclude specific files or paths from processing.

    " + }, + "GroupSize":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Defines the size of file groups for batch processing.

    " + }, + "GroupFiles":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Specifies how files should be grouped for processing.

    " + }, + "Recurse":{ + "shape":"BoxedBoolean", + "documentation":"

    Indicates whether to recursively process subdirectories.

    " + }, + "MaxBand":{ + "shape":"BoxedNonNegativeInt", + "documentation":"

    The maximum number of processing bands to use.

    " + }, + "MaxFilesInBand":{ + "shape":"BoxedNonNegativeInt", + "documentation":"

    The maximum number of files to process in each band.

    " + }, + "AdditionalOptions":{ + "shape":"S3DirectSourceAdditionalOptions", + "documentation":"

    Additional configuration options for S3 direct source processing.

    " + }, + "NumberRows":{ + "shape":"BoxedLong", + "documentation":"

    The number of rows to process from each Excel file.

    " + }, + "SkipFooter":{ + "shape":"BoxedNonNegativeInt", + "documentation":"

    The number of rows to skip at the end of each Excel file.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    The Glue schemas to apply to the processed data.

    " + } + }, + "documentation":"

    Specifies an S3 Excel data source.

    " + }, "S3GlueParquetTarget":{ "type":"structure", "required":[ @@ -22051,9 +23270,17 @@ "shape":"ParquetCompressionType", "documentation":"

    Specifies how the data is compressed. This is generally not necessary if the data has a standard file extension. Possible values are \"gzip\" and \"bzip\").

    " }, + "NumberTargetPartitions":{ + "shape":"NumberTargetPartitionsString", + "documentation":"

    Specifies the number of target partitions for Parquet files when writing to Amazon S3 using Glue.

    " + }, "SchemaChangePolicy":{ "shape":"DirectSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Glue Parquet target. When set to true, data quality checks are performed automatically during the write operation.

    " } }, "documentation":"

    Specifies a data target that writes to Amazon S3 in Apache Parquet columnar storage.

    " @@ -22095,6 +23322,14 @@ "SchemaChangePolicy":{ "shape":"CatalogSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Hudi catalog target. When set to true, data quality checks are performed automatically during the write operation.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the S3 Hudi catalog target.

    " } }, "documentation":"

    Specifies a target that writes to a Hudi data source in the Glue Data Catalog.

    " @@ -22126,6 +23361,10 @@ "shape":"HudiTargetCompressionType", "documentation":"

    Specifies how the data is compressed. This is generally not necessary if the data has a standard file extension. Possible values are \"gzip\" and \"bzip\").

    " }, + "NumberTargetPartitions":{ + "shape":"NumberTargetPartitionsString", + "documentation":"

    Specifies the number of target partitions for distributing Hudi dataset files across Amazon S3.

    " + }, "PartitionKeys":{ "shape":"GlueStudioPathList", "documentation":"

    Specifies native partitioning using a sequence of keys.

    " @@ -22141,6 +23380,10 @@ "SchemaChangePolicy":{ "shape":"DirectSchemaChangePolicy", "documentation":"

    A policy that specifies update behavior for the crawler.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Hudi direct target. When set to true, data quality checks are performed automatically during the write operation.

    " } }, "documentation":"

    Specifies a target that writes to a Hudi data source in Amazon S3.

    " @@ -22175,6 +23418,151 @@ }, "documentation":"

    Specifies a Hudi data source stored in Amazon S3.

    " }, + "S3HyperDirectTarget":{ + "type":"structure", + "required":[ + "Name", + "Inputs", + "Path" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The unique identifier for the HyperDirect target node.

    " + }, + "Inputs":{ + "shape":"OneInput", + "documentation":"

    Specifies the input source for the HyperDirect target.

    " + }, + "Format":{ + "shape":"TargetFormat", + "documentation":"

    Specifies the data output format for the HyperDirect target.

    " + }, + "PartitionKeys":{ + "shape":"GlueStudioPathList", + "documentation":"

    Defines the partitioning strategy for the output data.

    " + }, + "Path":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The S3 location where the output data will be written.

    " + }, + "Compression":{ + "shape":"HyperTargetCompressionType", + "documentation":"

    The compression type to apply to the output data.

    " + }, + "SchemaChangePolicy":{ + "shape":"DirectSchemaChangePolicy", + "documentation":"

    Defines how schema changes are handled during write operations.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Hyper direct target. When set to true, data quality checks are performed automatically during the write operation.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the S3 Hyper direct target.

    " + } + }, + "documentation":"

    Specifies a HyperDirect data target that writes to Amazon S3.

    " + }, + "S3IcebergCatalogTarget":{ + "type":"structure", + "required":[ + "Name", + "Inputs", + "Table", + "Database" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    The name of the Iceberg catalog target.

    " + }, + "Inputs":{ + "shape":"OneInput", + "documentation":"

    The input connection for the Iceberg catalog target.

    " + }, + "PartitionKeys":{ + "shape":"GlueStudioPathList", + "documentation":"

    A list of partition keys for the Iceberg table.

    " + }, + "Table":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the table to write to in the catalog.

    " + }, + "Database":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    The name of the database to write to.

    " + }, + "AdditionalOptions":{ + "shape":"AdditionalOptions", + "documentation":"

    Specifies additional connection options for the Iceberg catalog target.

    " + }, + "SchemaChangePolicy":{ + "shape":"CatalogSchemaChangePolicy", + "documentation":"

    The policy for handling schema changes in the catalog target.

    " + }, + "AutoDataQuality":{ + "shape":"AutoDataQuality", + "documentation":"

    Specifies whether to automatically enable data quality evaluation for the S3 Iceberg catalog target. When set to true, data quality checks are performed automatically during the write operation.

    " + } + }, + "documentation":"

    Specifies an Apache Iceberg catalog target that writes data to Amazon S3 and registers the table in the Glue Data Catalog.

    " + }, + "S3IcebergDirectTarget":{ + "type":"structure", + "required":[ + "Name", + "Inputs", + "Path", + "Format", + "Compression" + ], + "members":{ + "Name":{ + "shape":"NodeName", + "documentation":"

    Specifies the unique identifier for the Iceberg target node in your data pipeline.

    " + }, + "Inputs":{ + "shape":"OneInput", + "documentation":"

    Defines the single input source that provides data to this Iceberg target.

    " + }, + "PartitionKeys":{ + "shape":"GlueStudioPathList", + "documentation":"

    Specifies the columns used to partition the Iceberg table data in S3.

    " + }, + "Path":{ + "shape":"EnclosedInStringProperty", + "documentation":"

    Defines the S3 location where the Iceberg table data will be stored.

    " + }, + "Format":{ + "shape":"TargetFormat", + "documentation":"

    Specifies the file format used for storing Iceberg table data (e.g., Parquet, ORC).

    " + }, + "AdditionalOptions":{ + "shape":"AdditionalOptions", + "documentation":"

    Provides additional configuration options for customizing the Iceberg table behavior.

    " + }, + "SchemaChangePolicy":{ + "shape":"DirectSchemaChangePolicy", + "documentation":"

    Defines how schema changes are handled when writing data to the Iceberg table.

    " + }, + "AutoDataQuality":{"shape":"AutoDataQuality"}, + "Compression":{ + "shape":"IcebergTargetCompressionType", + "documentation":"

    Specifies the compression codec used for Iceberg table files in S3.

    " + }, + "NumberTargetPartitions":{ + "shape":"NumberTargetPartitionsString", + "documentation":"

    Sets the number of target partitions for distributing Iceberg table files across S3.

    " + }, + "OutputSchemas":{ + "shape":"GlueSchemas", + "documentation":"

    Specifies the data schema for the S3 Iceberg direct target.

    " + } + }, + "documentation":"

    Specifies a target that writes to an Iceberg data source in Amazon S3.

    " + }, "S3JsonSource":{ "type":"structure", "required":[ @@ -23198,19 +24586,19 @@ "members":{ "Fields":{ "shape":"SourceTableFieldsList", - "documentation":"

    A list of fields used for column-level filtering.

    " + "documentation":"

    A list of fields used for column-level filtering. Currently unsupported.

    " }, "FilterPredicate":{ "shape":"String128", - "documentation":"

    A condition clause used for row-level filtering.

    " + "documentation":"

    A condition clause used for row-level filtering. Currently unsupported.

    " }, "PrimaryKey":{ "shape":"PrimaryKeyList", - "documentation":"

    Unique identifier of a record.

    " + "documentation":"

    Provide the primary key set for this table. Currently supported specifically for SAP EntityOf entities upon request. Contact Amazon Web Services Support to make this feature available.

    " }, "RecordUpdateField":{ "shape":"String128", - "documentation":"

    Incremental pull timestamp-based field.

    " + "documentation":"

    Incremental pull timestamp-based field. Currently unsupported.

    " } }, "documentation":"

    Properties used by the source leg to process data from the source.

    " @@ -23504,8 +24892,7 @@ }, "StartColumnStatisticsTaskRunScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartCrawlerRequest":{ "type":"structure", @@ -23519,8 +24906,7 @@ }, "StartCrawlerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartCrawlerScheduleRequest":{ "type":"structure", @@ -23534,8 +24920,7 @@ }, "StartCrawlerScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartDataQualityRuleRecommendationRunRequest":{ "type":"structure", @@ -23572,7 +24957,8 @@ "shape":"HashString", "documentation":"

    Used for idempotency and is recommended to be set to a random ID (such as a UUID) to avoid creating or starting multiple instances of the same resource.

    " } - } + }, + "documentation":"

    The request of the Data Quality rule recommendation request.

    " }, "StartDataQualityRuleRecommendationRunResponse":{ "type":"structure", @@ -23743,6 +25129,10 @@ "ExecutionClass":{ "shape":"ExecutionClass", "documentation":"

    Indicates whether the job is run with a standard or flexible execution class. The standard execution-class is ideal for time-sensitive workloads that require fast job startup and dedicated resources.

    The flexible execution class is appropriate for time-insensitive jobs whose start and completion times may vary.

    Only jobs with Glue version 3.0 and above and command type glueetl will be allowed to set ExecutionClass to FLEX. The flexible execution class is available for Spark jobs.

    " + }, + "ExecutionRoleSessionPolicy":{ + "shape":"OrchestrationPolicyJsonString", + "documentation":"

    This inline session policy to the StartJobRun API allows you to dynamically restrict the permissions of the specified execution role for the scope of the job, without requiring the creation of additional IAM roles.

    " } } }, @@ -24118,8 +25508,7 @@ }, "StopColumnStatisticsTaskRunResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopColumnStatisticsTaskRunScheduleRequest":{ "type":"structure", @@ -24140,8 +25529,7 @@ }, "StopColumnStatisticsTaskRunScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopCrawlerRequest":{ "type":"structure", @@ -24155,8 +25543,7 @@ }, "StopCrawlerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopCrawlerScheduleRequest":{ "type":"structure", @@ -24170,8 +25557,7 @@ }, "StopCrawlerScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopSessionRequest":{ "type":"structure", @@ -24234,8 +25620,7 @@ }, "StopWorkflowRunResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StorageDescriptor":{ "type":"structure", @@ -24356,6 +25741,11 @@ "type":"list", "member":{"shape":"GenericString"} }, + "StringToStringMap":{ + "type":"map", + "key":{"shape":"NullableString"}, + "value":{"shape":"NullableString"} + }, "SupportedDialect":{ "type":"structure", "members":{ @@ -24603,6 +25993,10 @@ "lastRun":{ "shape":"TableOptimizerRun", "documentation":"

    A TableOptimizerRun object representing the last run of the table optimizer.

    " + }, + "configurationSource":{ + "shape":"ConfigurationSource", + "documentation":"

    Specifies the source of the optimizer configuration. This indicates how the table optimizer was configured and which entity or service initiated the configuration.

    " } }, "documentation":"

    Contains details about an optimizer associated with a table.

    " @@ -24622,6 +26016,10 @@ "shape":"TableOptimizerVpcConfiguration", "documentation":"

    A TableOptimizerVpcConfiguration object representing the VPC configuration for a table optimizer.

    This configuration is necessary to perform optimization on tables that are in a customer VPC.

    " }, + "compactionConfiguration":{ + "shape":"CompactionConfiguration", + "documentation":"

    The configuration for a compaction optimizer. This configuration defines how data files in your table will be compacted to improve query performance and reduce storage costs.

    " + }, "retentionConfiguration":{ "shape":"RetentionConfiguration", "documentation":"

    The configuration for a snapshot retention optimizer.

    " @@ -24671,6 +26069,10 @@ "shape":"CompactionMetrics", "documentation":"

    A CompactionMetrics object containing metrics for the optimizer run.

    " }, + "compactionStrategy":{ + "shape":"CompactionStrategy", + "documentation":"

    The strategy used for the compaction run. Indicates which algorithm was applied to determine how files were selected and combined during the compaction process. Valid values are:

    • binpack: Combines small files into larger files, typically targeting sizes over 100MB, while applying any pending deletes. This is the recommended compaction strategy for most use cases.

    • sort: Organizes data based on specified columns which are sorted hierarchically during compaction, improving query performance for filtered operations. This strategy is recommended when your queries frequently filter on specific columns. To use this strategy, you must first define a sort order in your Iceberg table properties using the sort_order table property.

    • z-order: Optimizes data organization by blending multiple attributes into a single scalar value that can be used for sorting, allowing efficient querying across multiple dimensions. This strategy is recommended when you need to query data across multiple dimensions simultaneously. To use this strategy, you must first define a sort order in your Iceberg table properties using the sort_order table property.

    " + }, "retentionMetrics":{ "shape":"RetentionMetrics", "documentation":"

    A RetentionMetrics object containing metrics for the optimizer run.

    " @@ -24833,8 +26235,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -24862,7 +26263,10 @@ "orc", "parquet", "hudi", - "delta" + "delta", + "iceberg", + "hyper", + "xml" ] }, "TargetProcessingProperties":{ @@ -25114,8 +26518,7 @@ }, "TestConnectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ThrottlingException":{ "type":"structure", @@ -25580,8 +26983,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBehavior":{ "type":"string", @@ -25646,8 +27048,7 @@ }, "UpdateCatalogResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateClassifierRequest":{ "type":"structure", @@ -25672,8 +27073,7 @@ }, "UpdateClassifierResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateColumnStatisticsForPartitionRequest":{ "type":"structure", @@ -25799,8 +27199,7 @@ }, "UpdateColumnStatisticsTaskSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectionRequest":{ "type":"structure", @@ -25825,8 +27224,7 @@ }, "UpdateConnectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCrawlerRequest":{ "type":"structure", @@ -25892,8 +27290,7 @@ }, "UpdateCrawlerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCrawlerScheduleRequest":{ "type":"structure", @@ -25911,8 +27308,7 @@ }, "UpdateCrawlerScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCsvClassifierRequest":{ "type":"structure", @@ -26019,8 +27415,7 @@ }, "UpdateDatabaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDevEndpointRequest":{ "type":"structure", @@ -26062,8 +27457,26 @@ }, "UpdateDevEndpointResponse":{ "type":"structure", + "members":{} + }, + "UpdateGlueIdentityCenterConfigurationRequest":{ + "type":"structure", "members":{ - } + "Scopes":{ + "shape":"IdentityCenterScopesList", + "documentation":"

    A list of Identity Center scopes that define the updated permissions and access levels for the Glue configuration.

    " + }, + "UserBackgroundSessionsEnabled":{ + "shape":"NullableBoolean", + "documentation":"

    Specifies whether users can run background sessions when using Identity Center authentication with Glue services.

    " + } + }, + "documentation":"

    Request to update an existing Glue Identity Center configuration.

    " + }, + "UpdateGlueIdentityCenterConfigurationResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    Response from updating an existing Glue Identity Center configuration.

    " }, "UpdateGrokClassifierRequest":{ "type":"structure", @@ -26088,6 +27501,28 @@ }, "documentation":"

    Specifies a grok classifier to update when passed to UpdateClassifier.

    " }, + "UpdateIcebergInput":{ + "type":"structure", + "required":["UpdateIcebergTableInput"], + "members":{ + "UpdateIcebergTableInput":{ + "shape":"UpdateIcebergTableInput", + "documentation":"

    The specific update operations to be applied to the Iceberg table, containing a list of updates that define the new state of the table including schema, partitions, and properties.

    " + } + }, + "documentation":"

    Input parameters specific to updating Apache Iceberg tables in Glue Data Catalog, containing the update operations to be applied to an existing Iceberg table.

    " + }, + "UpdateIcebergTableInput":{ + "type":"structure", + "required":["Updates"], + "members":{ + "Updates":{ + "shape":"IcebergTableUpdateList", + "documentation":"

    The list of table update operations that specify the changes to be made to the Iceberg table, including schema modifications, partition specifications, and table properties.

    " + } + }, + "documentation":"

    Contains the update operations to be applied to an existing Iceberg table inGlue Data Catalog, defining the new state of the table metadata.

    " + }, "UpdateIntegrationResourcePropertyRequest":{ "type":"structure", "required":["ResourceArn"], @@ -26150,8 +27585,7 @@ }, "UpdateIntegrationTablePropertiesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateJobFromSourceControlRequest":{ "type":"structure", @@ -26303,6 +27737,16 @@ } } }, + "UpdateOpenTableFormatInput":{ + "type":"structure", + "members":{ + "UpdateIcebergInput":{ + "shape":"UpdateIcebergInput", + "documentation":"

    Apache Iceberg-specific update parameters that define the table modifications to be applied, including schema changes, partition specifications, and table properties.

    " + } + }, + "documentation":"

    Input parameters for updating open table format tables in GlueData Catalog, serving as a wrapper for format-specific update operations such as Apache Iceberg.

    " + }, "UpdatePartitionRequest":{ "type":"structure", "required":[ @@ -26336,8 +27780,7 @@ }, "UpdatePartitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRegistryInput":{ "type":"structure", @@ -26492,15 +27935,11 @@ }, "UpdateTableOptimizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTableRequest":{ "type":"structure", - "required":[ - "DatabaseName", - "TableInput" - ], + "required":["DatabaseName"], "members":{ "CatalogId":{ "shape":"CatalogIdString", @@ -26510,6 +27949,10 @@ "shape":"NameString", "documentation":"

    The name of the catalog database in which the table resides. For Hive compatibility, this name is entirely lowercase.

    " }, + "Name":{ + "shape":"NameString", + "documentation":"

    The unique identifier for the table within the specified database that will be created in the Glue Data Catalog.

    " + }, "TableInput":{ "shape":"TableInput", "documentation":"

    An updated TableInput object to define the metadata table in the catalog.

    " @@ -26533,13 +27976,16 @@ "Force":{ "shape":"Boolean", "documentation":"

    A flag that can be set to true to ignore matching storage descriptor and subobject matching requirements.

    " + }, + "UpdateOpenTableFormatInput":{ + "shape":"UpdateOpenTableFormatInput", + "documentation":"

    Input parameters for updating open table format tables in GlueData Catalog, serving as a wrapper for format-specific update operations such as Apache Iceberg.

    " } } }, "UpdateTableResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTriggerRequest":{ "type":"structure", @@ -26625,8 +28071,7 @@ }, "UpdateUserDefinedFunctionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWorkflowRequest":{ "type":"structure", @@ -26637,7 +28082,7 @@ "documentation":"

    Name of the workflow to be updated.

    " }, "Description":{ - "shape":"GenericString", + "shape":"WorkflowDescriptionString", "documentation":"

    The description of the workflow.

    " }, "DefaultRunProperties":{ @@ -26698,6 +28143,7 @@ "documentation":"

    The options to configure an upsert operation when writing to a Redshift target .

    " }, "UriString":{"type":"string"}, + "UrlString":{"type":"string"}, "UsageProfileDefinition":{ "type":"structure", "members":{ @@ -26828,6 +28274,11 @@ "type":"list", "member":{"shape":"ValueString"} }, + "Vendor":{ + "type":"string", + "max":128, + "min":1 + }, "VersionId":{"type":"long"}, "VersionLongNumber":{ "type":"long", @@ -27089,6 +28540,10 @@ }, "documentation":"

    A workflow is a collection of multiple dependent Glue jobs and crawlers that are run to complete a complex ETL task. A workflow manages the execution and monitoring of all its jobs and crawlers.

    " }, + "WorkflowDescriptionString":{ + "type":"string", + "max":120000 + }, "WorkflowGraph":{ "type":"structure", "members":{ @@ -27265,6 +28720,7 @@ "double":{"type":"double"}, "dpuCounts":{"type":"integer"}, "dpuDurationInHour":{"type":"double"}, + "dpuHours":{"type":"double"}, "glueConnectionNameString":{ "type":"string", "min":1 diff -pruN 2.23.6-1/awscli/botocore/data/grafana/2020-08-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/grafana/2020-08-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/grafana/2020-08-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/grafana/2020-08-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/greengrass/2017-06-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/greengrass/2017-06-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/greengrass/2017-06-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/greengrass/2017-06-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -269,14 +265,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -290,7 +288,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -310,7 +307,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -321,14 +317,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -393,9 +391,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/greengrass/2017-06-07/service-2.json 2.31.35-1/awscli/botocore/data/greengrass/2017-06-07/service-2.json --- 2.23.6-1/awscli/botocore/data/greengrass/2017-06-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/greengrass/2017-06-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,6188 +1,6636 @@ { - "metadata" : { - "apiVersion" : "2017-06-07", - "endpointPrefix" : "greengrass", - "signingName" : "greengrass", - "serviceFullName" : "AWS Greengrass", - "serviceId" : "Greengrass", - "protocol" : "rest-json", - "jsonVersion" : "1.1", - "uid" : "greengrass-2017-06-07", - "signatureVersion" : "v4" + "metadata": { + "apiVersion": "2017-06-07", + "endpointPrefix": "greengrass", + "signingName": "greengrass", + "serviceFullName": "AWS Greengrass", + "serviceId": "Greengrass", + "protocol": "rest-json", + "jsonVersion": "1.1", + "uid": "greengrass-2017-06-07", + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, - "operations" : { - "AssociateRoleToGroup" : { - "name" : "AssociateRoleToGroup", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/groups/{GroupId}/role", - "responseCode" : 200 - }, - "input" : { - "shape" : "AssociateRoleToGroupRequest" - }, - "output" : { - "shape" : "AssociateRoleToGroupResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Associates a role with a group. Your Greengrass core will use the role to access AWS cloud services. The role's permissions should allow Greengrass core Lambda functions to perform actions against the cloud." - }, - "AssociateServiceRoleToAccount" : { - "name" : "AssociateServiceRoleToAccount", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/servicerole", - "responseCode" : 200 - }, - "input" : { - "shape" : "AssociateServiceRoleToAccountRequest" - }, - "output" : { - "shape" : "AssociateServiceRoleToAccountResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Associates a role with your account. AWS IoT Greengrass will use the role to access your Lambda functions and AWS IoT resources. This is necessary for deployments to succeed. The role must have at least minimum permissions in the policy ''AWSGreengrassResourceAccessRolePolicy''." - }, - "CreateConnectorDefinition" : { - "name" : "CreateConnectorDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/connectors", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateConnectorDefinitionRequest" - }, - "output" : { - "shape" : "CreateConnectorDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a connector definition. You may provide the initial version of the connector definition now or use ''CreateConnectorDefinitionVersion'' at a later time." - }, - "CreateConnectorDefinitionVersion" : { - "name" : "CreateConnectorDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateConnectorDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateConnectorDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a connector definition which has already been defined." - }, - "CreateCoreDefinition" : { - "name" : "CreateCoreDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/cores", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateCoreDefinitionRequest" - }, - "output" : { - "shape" : "CreateCoreDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a core definition. You may provide the initial version of the core definition now or use ''CreateCoreDefinitionVersion'' at a later time. Greengrass groups must each contain exactly one Greengrass core." - }, - "CreateCoreDefinitionVersion" : { - "name" : "CreateCoreDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateCoreDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateCoreDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a core definition that has already been defined. Greengrass groups must each contain exactly one Greengrass core." - }, - "CreateDeployment" : { - "name" : "CreateDeployment", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/groups/{GroupId}/deployments", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateDeploymentRequest" - }, - "output" : { - "shape" : "CreateDeploymentResponse", - "documentation" : "Success. The group was deployed." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a deployment. ''CreateDeployment'' requests are idempotent with respect to the ''X-Amzn-Client-Token'' token and the request parameters." - }, - "CreateDeviceDefinition" : { - "name" : "CreateDeviceDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/devices", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateDeviceDefinitionRequest" - }, - "output" : { - "shape" : "CreateDeviceDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a device definition. You may provide the initial version of the device definition now or use ''CreateDeviceDefinitionVersion'' at a later time." - }, - "CreateDeviceDefinitionVersion" : { - "name" : "CreateDeviceDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateDeviceDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateDeviceDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a device definition that has already been defined." - }, - "CreateFunctionDefinition" : { - "name" : "CreateFunctionDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/functions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateFunctionDefinitionRequest" - }, - "output" : { - "shape" : "CreateFunctionDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a Lambda function definition which contains a list of Lambda functions and their configurations to be used in a group. You can create an initial version of the definition by providing a list of Lambda functions and their configurations now, or use ''CreateFunctionDefinitionVersion'' later." - }, - "CreateFunctionDefinitionVersion" : { - "name" : "CreateFunctionDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateFunctionDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateFunctionDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a Lambda function definition that has already been defined." - }, - "CreateGroup" : { - "name" : "CreateGroup", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/groups", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateGroupRequest" - }, - "output" : { - "shape" : "CreateGroupResponse", - "documentation" : "Success. The group was created." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a group. You may provide the initial version of the group or use ''CreateGroupVersion'' at a later time. Tip: You can use the ''gg_group_setup'' package (https://github.com/awslabs/aws-greengrass-group-setup) as a library or command-line application to create and deploy Greengrass groups." - }, - "CreateGroupCertificateAuthority" : { - "name" : "CreateGroupCertificateAuthority", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/groups/{GroupId}/certificateauthorities", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateGroupCertificateAuthorityRequest" - }, - "output" : { - "shape" : "CreateGroupCertificateAuthorityResponse", - "documentation" : "Success. The response body contains the new active CA ARN." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Creates a CA for the group. If a CA already exists, it will rotate the existing CA." - }, - "CreateGroupVersion" : { - "name" : "CreateGroupVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/groups/{GroupId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateGroupVersionRequest" - }, - "output" : { - "shape" : "CreateGroupVersionResponse", - "documentation" : "Success. The response contains information about the group version." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a group which has already been defined." - }, - "CreateLoggerDefinition" : { - "name" : "CreateLoggerDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/loggers", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateLoggerDefinitionRequest" - }, - "output" : { - "shape" : "CreateLoggerDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a logger definition. You may provide the initial version of the logger definition now or use ''CreateLoggerDefinitionVersion'' at a later time." - }, - "CreateLoggerDefinitionVersion" : { - "name" : "CreateLoggerDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateLoggerDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateLoggerDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a logger definition that has already been defined." - }, - "CreateResourceDefinition" : { - "name" : "CreateResourceDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/resources", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateResourceDefinitionRequest" - }, - "output" : { - "shape" : "CreateResourceDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a resource definition which contains a list of resources to be used in a group. You can create an initial version of the definition by providing a list of resources now, or use ''CreateResourceDefinitionVersion'' later." - }, - "CreateResourceDefinitionVersion" : { - "name" : "CreateResourceDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateResourceDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateResourceDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a resource definition that has already been defined." - }, - "CreateSoftwareUpdateJob" : { - "name" : "CreateSoftwareUpdateJob", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/updates", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateSoftwareUpdateJobRequest" - }, - "output" : { - "shape" : "CreateSoftwareUpdateJobResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Creates a software update for a core or group of cores (specified as an IoT thing group.) Use this to update the OTA Agent as well as the Greengrass core software. It makes use of the IoT Jobs feature which provides additional commands to manage a Greengrass core software update job." - }, - "CreateSubscriptionDefinition" : { - "name" : "CreateSubscriptionDefinition", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/subscriptions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateSubscriptionDefinitionRequest" - }, - "output" : { - "shape" : "CreateSubscriptionDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a subscription definition. You may provide the initial version of the subscription definition now or use ''CreateSubscriptionDefinitionVersion'' at a later time." - }, - "CreateSubscriptionDefinitionVersion" : { - "name" : "CreateSubscriptionDefinitionVersion", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateSubscriptionDefinitionVersionRequest" - }, - "output" : { - "shape" : "CreateSubscriptionDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Creates a version of a subscription definition which has already been defined." - }, - "DeleteConnectorDefinition" : { - "name" : "DeleteConnectorDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteConnectorDefinitionRequest" - }, - "output" : { - "shape" : "DeleteConnectorDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a connector definition." - }, - "DeleteCoreDefinition" : { - "name" : "DeleteCoreDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteCoreDefinitionRequest" - }, - "output" : { - "shape" : "DeleteCoreDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a core definition." - }, - "DeleteDeviceDefinition" : { - "name" : "DeleteDeviceDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteDeviceDefinitionRequest" - }, - "output" : { - "shape" : "DeleteDeviceDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a device definition." - }, - "DeleteFunctionDefinition" : { - "name" : "DeleteFunctionDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteFunctionDefinitionRequest" - }, - "output" : { - "shape" : "DeleteFunctionDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a Lambda function definition." - }, - "DeleteGroup" : { - "name" : "DeleteGroup", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/groups/{GroupId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteGroupRequest" - }, - "output" : { - "shape" : "DeleteGroupResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a group." - }, - "DeleteLoggerDefinition" : { - "name" : "DeleteLoggerDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteLoggerDefinitionRequest" - }, - "output" : { - "shape" : "DeleteLoggerDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a logger definition." - }, - "DeleteResourceDefinition" : { - "name" : "DeleteResourceDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteResourceDefinitionRequest" - }, - "output" : { - "shape" : "DeleteResourceDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a resource definition." - }, - "DeleteSubscriptionDefinition" : { - "name" : "DeleteSubscriptionDefinition", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteSubscriptionDefinitionRequest" - }, - "output" : { - "shape" : "DeleteSubscriptionDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deletes a subscription definition." - }, - "DisassociateRoleFromGroup" : { - "name" : "DisassociateRoleFromGroup", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/groups/{GroupId}/role", - "responseCode" : 200 - }, - "input" : { - "shape" : "DisassociateRoleFromGroupRequest" - }, - "output" : { - "shape" : "DisassociateRoleFromGroupResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Disassociates the role from a group." - }, - "DisassociateServiceRoleFromAccount" : { - "name" : "DisassociateServiceRoleFromAccount", - "http" : { - "method" : "DELETE", - "requestUri" : "/greengrass/servicerole", - "responseCode" : 200 - }, - "input" : { - "shape" : "DisassociateServiceRoleFromAccountRequest" - }, - "output" : { - "shape" : "DisassociateServiceRoleFromAccountResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Disassociates the service role from your account. Without a service role, deployments will not work." - }, - "GetAssociatedRole" : { - "name" : "GetAssociatedRole", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/role", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetAssociatedRoleRequest" - }, - "output" : { - "shape" : "GetAssociatedRoleResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retrieves the role associated with a particular group." - }, - "GetBulkDeploymentStatus" : { - "name" : "GetBulkDeploymentStatus", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/bulk/deployments/{BulkDeploymentId}/status", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetBulkDeploymentStatusRequest" - }, - "output" : { - "shape" : "GetBulkDeploymentStatusResponse", - "documentation" : "Success. The response body contains the status of the bulk deployment." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Returns the status of a bulk deployment." - }, - "GetConnectivityInfo" : { - "name" : "GetConnectivityInfo", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/things/{ThingName}/connectivityInfo", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetConnectivityInfoRequest" - }, - "output" : { - "shape" : "GetConnectivityInfoResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retrieves the connectivity information for a core." - }, - "GetConnectorDefinition" : { - "name" : "GetConnectorDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetConnectorDefinitionRequest" - }, - "output" : { - "shape" : "GetConnectorDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a connector definition." - }, - "GetConnectorDefinitionVersion" : { - "name" : "GetConnectorDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions/{ConnectorDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetConnectorDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetConnectorDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a connector definition version, including the connectors that the version contains. Connectors are prebuilt modules that interact with local infrastructure, device protocols, AWS, and other cloud services." - }, - "GetCoreDefinition" : { - "name" : "GetCoreDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetCoreDefinitionRequest" - }, - "output" : { - "shape" : "GetCoreDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a core definition version." - }, - "GetCoreDefinitionVersion" : { - "name" : "GetCoreDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}/versions/{CoreDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetCoreDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetCoreDefinitionVersionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a core definition version." - }, - "GetDeploymentStatus" : { - "name" : "GetDeploymentStatus", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/deployments/{DeploymentId}/status", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDeploymentStatusRequest" - }, - "output" : { - "shape" : "GetDeploymentStatusResponse", - "documentation" : "Success. The response body contains the status of the deployment for the group." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Returns the status of a deployment." - }, - "GetDeviceDefinition" : { - "name" : "GetDeviceDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDeviceDefinitionRequest" - }, - "output" : { - "shape" : "GetDeviceDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a device definition." - }, - "GetDeviceDefinitionVersion" : { - "name" : "GetDeviceDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}/versions/{DeviceDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetDeviceDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetDeviceDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a device definition version." - }, - "GetFunctionDefinition" : { - "name" : "GetFunctionDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetFunctionDefinitionRequest" - }, - "output" : { - "shape" : "GetFunctionDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a Lambda function definition, including its creation time and latest version." - }, - "GetFunctionDefinitionVersion" : { - "name" : "GetFunctionDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}/versions/{FunctionDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetFunctionDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetFunctionDefinitionVersionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a Lambda function definition version, including which Lambda functions are included in the version and their configurations." - }, - "GetGroup" : { - "name" : "GetGroup", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetGroupRequest" - }, - "output" : { - "shape" : "GetGroupResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a group." - }, - "GetGroupCertificateAuthority" : { - "name" : "GetGroupCertificateAuthority", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/certificateauthorities/{CertificateAuthorityId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetGroupCertificateAuthorityRequest" - }, - "output" : { - "shape" : "GetGroupCertificateAuthorityResponse", - "documentation" : "Success. The response body contains the PKI Configuration." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retreives the CA associated with a group. Returns the public key of the CA." - }, - "GetGroupCertificateConfiguration" : { - "name" : "GetGroupCertificateConfiguration", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/certificateauthorities/configuration/expiry", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetGroupCertificateConfigurationRequest" - }, - "output" : { - "shape" : "GetGroupCertificateConfigurationResponse", - "documentation" : "Success. The response body contains the PKI Configuration." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retrieves the current configuration for the CA used by the group." - }, - "GetGroupVersion" : { - "name" : "GetGroupVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/versions/{GroupVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetGroupVersionRequest" - }, - "output" : { - "shape" : "GetGroupVersionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a group version." - }, - "GetLoggerDefinition" : { - "name" : "GetLoggerDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetLoggerDefinitionRequest" - }, - "output" : { - "shape" : "GetLoggerDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a logger definition." - }, - "GetLoggerDefinitionVersion" : { - "name" : "GetLoggerDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}/versions/{LoggerDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetLoggerDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetLoggerDefinitionVersionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a logger definition version." - }, - "GetResourceDefinition" : { - "name" : "GetResourceDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetResourceDefinitionRequest" - }, - "output" : { - "shape" : "GetResourceDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a resource definition, including its creation time and latest version." - }, - "GetResourceDefinitionVersion" : { - "name" : "GetResourceDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}/versions/{ResourceDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetResourceDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetResourceDefinitionVersionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a resource definition version, including which resources are included in the version." - }, - "GetServiceRoleForAccount" : { - "name" : "GetServiceRoleForAccount", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/servicerole", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetServiceRoleForAccountRequest" - }, - "output" : { - "shape" : "GetServiceRoleForAccountResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retrieves the service role that is attached to your account." - }, - "GetSubscriptionDefinition" : { - "name" : "GetSubscriptionDefinition", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetSubscriptionDefinitionRequest" - }, - "output" : { - "shape" : "GetSubscriptionDefinitionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a subscription definition." - }, - "GetSubscriptionDefinitionVersion" : { - "name" : "GetSubscriptionDefinitionVersion", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions/{SubscriptionDefinitionVersionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetSubscriptionDefinitionVersionRequest" - }, - "output" : { - "shape" : "GetSubscriptionDefinitionVersionResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves information about a subscription definition version." - }, - "GetThingRuntimeConfiguration" : { - "name" : "GetThingRuntimeConfiguration", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/things/{ThingName}/runtimeconfig", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetThingRuntimeConfigurationRequest" - }, - "output" : { - "shape" : "GetThingRuntimeConfigurationResponse", - "documentation" : "Success. The response contains the runtime configuration for the given thing." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Get the runtime configuration of a thing." - }, - "ListBulkDeploymentDetailedReports" : { - "name" : "ListBulkDeploymentDetailedReports", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/bulk/deployments/{BulkDeploymentId}/detailed-reports", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListBulkDeploymentDetailedReportsRequest" - }, - "output" : { - "shape" : "ListBulkDeploymentDetailedReportsResponse", - "documentation" : "Success. The response body contains the list of deployments for the given group." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Gets a paginated list of the deployments that have been started in a bulk deployment operation, and their current deployment status." - }, - "ListBulkDeployments" : { - "name" : "ListBulkDeployments", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/bulk/deployments", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListBulkDeploymentsRequest" - }, - "output" : { - "shape" : "ListBulkDeploymentsResponse", - "documentation" : "Success. The response body contains the list of bulk deployments." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Returns a list of bulk deployments." - }, - "ListConnectorDefinitionVersions" : { - "name" : "ListConnectorDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListConnectorDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListConnectorDefinitionVersionsResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a connector definition, which are containers for connectors. Connectors run on the Greengrass core and contain built-in integration with local infrastructure, device protocols, AWS, and other cloud services." - }, - "ListConnectorDefinitions" : { - "name" : "ListConnectorDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/connectors", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListConnectorDefinitionsRequest" - }, - "output" : { - "shape" : "ListConnectorDefinitionsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of connector definitions." - }, - "ListCoreDefinitionVersions" : { - "name" : "ListCoreDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListCoreDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListCoreDefinitionVersionsResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a core definition." - }, - "ListCoreDefinitions" : { - "name" : "ListCoreDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/cores", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListCoreDefinitionsRequest" - }, - "output" : { - "shape" : "ListCoreDefinitionsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of core definitions." - }, - "ListDeployments" : { - "name" : "ListDeployments", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/deployments", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListDeploymentsRequest" - }, - "output" : { - "shape" : "ListDeploymentsResponse", - "documentation" : "Success. The response body contains the list of deployments for the given group." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Returns a history of deployments for the group." - }, - "ListDeviceDefinitionVersions" : { - "name" : "ListDeviceDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListDeviceDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListDeviceDefinitionVersionsResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a device definition." - }, - "ListDeviceDefinitions" : { - "name" : "ListDeviceDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/devices", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListDeviceDefinitionsRequest" - }, - "output" : { - "shape" : "ListDeviceDefinitionsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of device definitions." - }, - "ListFunctionDefinitionVersions" : { - "name" : "ListFunctionDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListFunctionDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListFunctionDefinitionVersionsResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a Lambda function definition." - }, - "ListFunctionDefinitions" : { - "name" : "ListFunctionDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/functions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListFunctionDefinitionsRequest" - }, - "output" : { - "shape" : "ListFunctionDefinitionsResponse", - "documentation" : "Success. The response contains the IDs of all the Greengrass Lambda function definitions in this account." - }, - "errors" : [ ], - "documentation" : "Retrieves a list of Lambda function definitions." - }, - "ListGroupCertificateAuthorities" : { - "name" : "ListGroupCertificateAuthorities", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/certificateauthorities", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListGroupCertificateAuthoritiesRequest" - }, - "output" : { - "shape" : "ListGroupCertificateAuthoritiesResponse", - "documentation" : "Success. The response body contains the PKI Configuration." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Retrieves the current CAs for a group." - }, - "ListGroupVersions" : { - "name" : "ListGroupVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups/{GroupId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListGroupVersionsRequest" - }, - "output" : { - "shape" : "ListGroupVersionsResponse", - "documentation" : "Success. The response contains the list of versions and metadata for the given group." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a group." - }, - "ListGroups" : { - "name" : "ListGroups", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/groups", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListGroupsRequest" - }, - "output" : { - "shape" : "ListGroupsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of groups." - }, - "ListLoggerDefinitionVersions" : { - "name" : "ListLoggerDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListLoggerDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListLoggerDefinitionVersionsResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a logger definition." - }, - "ListLoggerDefinitions" : { - "name" : "ListLoggerDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/loggers", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListLoggerDefinitionsRequest" - }, - "output" : { - "shape" : "ListLoggerDefinitionsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of logger definitions." - }, - "ListResourceDefinitionVersions" : { - "name" : "ListResourceDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListResourceDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListResourceDefinitionVersionsResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a resource definition." - }, - "ListResourceDefinitions" : { - "name" : "ListResourceDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/resources", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListResourceDefinitionsRequest" - }, - "output" : { - "shape" : "ListResourceDefinitionsResponse", - "documentation" : "The IDs of all the Greengrass resource definitions in this account." - }, - "errors" : [ ], - "documentation" : "Retrieves a list of resource definitions." - }, - "ListSubscriptionDefinitionVersions" : { - "name" : "ListSubscriptionDefinitionVersions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListSubscriptionDefinitionVersionsRequest" - }, - "output" : { - "shape" : "ListSubscriptionDefinitionVersionsResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Lists the versions of a subscription definition." - }, - "ListSubscriptionDefinitions" : { - "name" : "ListSubscriptionDefinitions", - "http" : { - "method" : "GET", - "requestUri" : "/greengrass/definition/subscriptions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListSubscriptionDefinitionsRequest" - }, - "output" : { - "shape" : "ListSubscriptionDefinitionsResponse" - }, - "errors" : [ ], - "documentation" : "Retrieves a list of subscription definitions." - }, - "ListTagsForResource" : { - "name" : "ListTagsForResource", - "http" : { - "method" : "GET", - "requestUri" : "/tags/{resource-arn}", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListTagsForResourceRequest" - }, - "output" : { - "shape" : "ListTagsForResourceResponse", - "documentation" : "HTTP Status Code 200: OK." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Retrieves a list of resource tags for a resource arn." - }, - "ResetDeployments" : { - "name" : "ResetDeployments", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/groups/{GroupId}/deployments/$reset", - "responseCode" : 200 - }, - "input" : { - "shape" : "ResetDeploymentsRequest" - }, - "output" : { - "shape" : "ResetDeploymentsResponse", - "documentation" : "Success. The group's deployments were reset." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Resets a group's deployments." - }, - "StartBulkDeployment" : { - "name" : "StartBulkDeployment", - "http" : { - "method" : "POST", - "requestUri" : "/greengrass/bulk/deployments", - "responseCode" : 200 - }, - "input" : { - "shape" : "StartBulkDeploymentRequest" - }, - "output" : { - "shape" : "StartBulkDeploymentResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Deploys multiple groups in one operation. This action starts the bulk deployment of a specified set of group versions. Each group version deployment will be triggered with an adaptive rate that has a fixed upper limit. We recommend that you include an ''X-Amzn-Client-Token'' token in every ''StartBulkDeployment'' request. These requests are idempotent with respect to the token and the request parameters." - }, - "StopBulkDeployment" : { - "name" : "StopBulkDeployment", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/bulk/deployments/{BulkDeploymentId}/$stop", - "responseCode" : 200 - }, - "input" : { - "shape" : "StopBulkDeploymentRequest" - }, - "output" : { - "shape" : "StopBulkDeploymentResponse", - "documentation" : "Success. The bulk deployment is being stopped." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Stops the execution of a bulk deployment. This action returns a status of ''Stopping'' until the deployment is stopped. You cannot start a new bulk deployment while a previous deployment is in the ''Stopping'' state. This action doesn't rollback completed deployments or cancel pending deployments." - }, - "TagResource" : { - "name" : "TagResource", - "http" : { - "method" : "POST", - "requestUri" : "/tags/{resource-arn}", - "responseCode" : 204 - }, - "input" : { - "shape" : "TagResourceRequest" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Adds tags to a Greengrass resource. Valid resources are 'Group', 'ConnectorDefinition', 'CoreDefinition', 'DeviceDefinition', 'FunctionDefinition', 'LoggerDefinition', 'SubscriptionDefinition', 'ResourceDefinition', and 'BulkDeployment'." - }, - "UntagResource" : { - "name" : "UntagResource", - "http" : { - "method" : "DELETE", - "requestUri" : "/tags/{resource-arn}", - "responseCode" : 204 - }, - "input" : { - "shape" : "UntagResourceRequest" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Remove resource tags from a Greengrass Resource." - }, - "UpdateConnectivityInfo" : { - "name" : "UpdateConnectivityInfo", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/things/{ThingName}/connectivityInfo", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateConnectivityInfoRequest" - }, - "output" : { - "shape" : "UpdateConnectivityInfoResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Updates the connectivity information for the core. Any devices that belong to the group which has this core will receive this information in order to find the location of the core and connect to it." - }, - "UpdateConnectorDefinition" : { - "name" : "UpdateConnectorDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/connectors/{ConnectorDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateConnectorDefinitionRequest" - }, - "output" : { - "shape" : "UpdateConnectorDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a connector definition." - }, - "UpdateCoreDefinition" : { - "name" : "UpdateCoreDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/cores/{CoreDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateCoreDefinitionRequest" - }, - "output" : { - "shape" : "UpdateCoreDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a core definition." - }, - "UpdateDeviceDefinition" : { - "name" : "UpdateDeviceDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/devices/{DeviceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateDeviceDefinitionRequest" - }, - "output" : { - "shape" : "UpdateDeviceDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a device definition." - }, - "UpdateFunctionDefinition" : { - "name" : "UpdateFunctionDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/functions/{FunctionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateFunctionDefinitionRequest" - }, - "output" : { - "shape" : "UpdateFunctionDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a Lambda function definition." - }, - "UpdateGroup" : { - "name" : "UpdateGroup", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/groups/{GroupId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateGroupRequest" - }, - "output" : { - "shape" : "UpdateGroupResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a group." - }, - "UpdateGroupCertificateConfiguration" : { - "name" : "UpdateGroupCertificateConfiguration", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/groups/{GroupId}/certificateauthorities/configuration/expiry", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateGroupCertificateConfigurationRequest" - }, - "output" : { - "shape" : "UpdateGroupCertificateConfigurationResponse", - "documentation" : "Success. The response body contains the PKI Configuration." - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Updates the Certificate expiry time for a group." - }, - "UpdateLoggerDefinition" : { - "name" : "UpdateLoggerDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/loggers/{LoggerDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateLoggerDefinitionRequest" - }, - "output" : { - "shape" : "UpdateLoggerDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a logger definition." - }, - "UpdateResourceDefinition" : { - "name" : "UpdateResourceDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/resources/{ResourceDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateResourceDefinitionRequest" - }, - "output" : { - "shape" : "UpdateResourceDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a resource definition." - }, - "UpdateSubscriptionDefinition" : { - "name" : "UpdateSubscriptionDefinition", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateSubscriptionDefinitionRequest" - }, - "output" : { - "shape" : "UpdateSubscriptionDefinitionResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - } ], - "documentation" : "Updates a subscription definition." - }, - "UpdateThingRuntimeConfiguration" : { - "name" : "UpdateThingRuntimeConfiguration", - "http" : { - "method" : "PUT", - "requestUri" : "/greengrass/things/{ThingName}/runtimeconfig", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateThingRuntimeConfigurationRequest" - }, - "output" : { - "shape" : "UpdateThingRuntimeConfigurationResponse", - "documentation" : "success" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "invalid request" - }, { - "shape" : "InternalServerErrorException", - "documentation" : "server error" - } ], - "documentation" : "Updates the runtime configuration of a thing." + "operations": { + "AssociateRoleToGroup": { + "name": "AssociateRoleToGroup", + "http": { + "method": "PUT", + "requestUri": "/greengrass/groups/{GroupId}/role", + "responseCode": 200 + }, + "input": { + "shape": "AssociateRoleToGroupRequest" + }, + "output": { + "shape": "AssociateRoleToGroupResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Associates a role with a group. Your Greengrass core will use the role to access AWS cloud services. The role's permissions should allow Greengrass core Lambda functions to perform actions against the cloud." + }, + "AssociateServiceRoleToAccount": { + "name": "AssociateServiceRoleToAccount", + "http": { + "method": "PUT", + "requestUri": "/greengrass/servicerole", + "responseCode": 200 + }, + "input": { + "shape": "AssociateServiceRoleToAccountRequest" + }, + "output": { + "shape": "AssociateServiceRoleToAccountResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Associates a role with your account. AWS IoT Greengrass will use the role to access your Lambda functions and AWS IoT resources. This is necessary for deployments to succeed. The role must have at least minimum permissions in the policy ''AWSGreengrassResourceAccessRolePolicy''." + }, + "CreateConnectorDefinition": { + "name": "CreateConnectorDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/connectors", + "responseCode": 200 + }, + "input": { + "shape": "CreateConnectorDefinitionRequest" + }, + "output": { + "shape": "CreateConnectorDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a connector definition. You may provide the initial version of the connector definition now or use ''CreateConnectorDefinitionVersion'' at a later time." + }, + "CreateConnectorDefinitionVersion": { + "name": "CreateConnectorDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateConnectorDefinitionVersionRequest" + }, + "output": { + "shape": "CreateConnectorDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a connector definition which has already been defined." + }, + "CreateCoreDefinition": { + "name": "CreateCoreDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/cores", + "responseCode": 200 + }, + "input": { + "shape": "CreateCoreDefinitionRequest" + }, + "output": { + "shape": "CreateCoreDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a core definition. You may provide the initial version of the core definition now or use ''CreateCoreDefinitionVersion'' at a later time. Greengrass groups must each contain exactly one Greengrass core." + }, + "CreateCoreDefinitionVersion": { + "name": "CreateCoreDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateCoreDefinitionVersionRequest" + }, + "output": { + "shape": "CreateCoreDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a core definition that has already been defined. Greengrass groups must each contain exactly one Greengrass core." + }, + "CreateDeployment": { + "name": "CreateDeployment", + "http": { + "method": "POST", + "requestUri": "/greengrass/groups/{GroupId}/deployments", + "responseCode": 200 + }, + "input": { + "shape": "CreateDeploymentRequest" + }, + "output": { + "shape": "CreateDeploymentResponse", + "documentation": "Success. The group was deployed." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a deployment. ''CreateDeployment'' requests are idempotent with respect to the ''X-Amzn-Client-Token'' token and the request parameters." + }, + "CreateDeviceDefinition": { + "name": "CreateDeviceDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/devices", + "responseCode": 200 + }, + "input": { + "shape": "CreateDeviceDefinitionRequest" + }, + "output": { + "shape": "CreateDeviceDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a device definition. You may provide the initial version of the device definition now or use ''CreateDeviceDefinitionVersion'' at a later time." + }, + "CreateDeviceDefinitionVersion": { + "name": "CreateDeviceDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateDeviceDefinitionVersionRequest" + }, + "output": { + "shape": "CreateDeviceDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a device definition that has already been defined." + }, + "CreateFunctionDefinition": { + "name": "CreateFunctionDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/functions", + "responseCode": 200 + }, + "input": { + "shape": "CreateFunctionDefinitionRequest" + }, + "output": { + "shape": "CreateFunctionDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a Lambda function definition which contains a list of Lambda functions and their configurations to be used in a group. You can create an initial version of the definition by providing a list of Lambda functions and their configurations now, or use ''CreateFunctionDefinitionVersion'' later." + }, + "CreateFunctionDefinitionVersion": { + "name": "CreateFunctionDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateFunctionDefinitionVersionRequest" + }, + "output": { + "shape": "CreateFunctionDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a Lambda function definition that has already been defined." + }, + "CreateGroup": { + "name": "CreateGroup", + "http": { + "method": "POST", + "requestUri": "/greengrass/groups", + "responseCode": 200 + }, + "input": { + "shape": "CreateGroupRequest" + }, + "output": { + "shape": "CreateGroupResponse", + "documentation": "Success. The group was created." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a group. You may provide the initial version of the group or use ''CreateGroupVersion'' at a later time. Tip: You can use the ''gg_group_setup'' package (https://github.com/awslabs/aws-greengrass-group-setup) as a library or command-line application to create and deploy Greengrass groups." + }, + "CreateGroupCertificateAuthority": { + "name": "CreateGroupCertificateAuthority", + "http": { + "method": "POST", + "requestUri": "/greengrass/groups/{GroupId}/certificateauthorities", + "responseCode": 200 + }, + "input": { + "shape": "CreateGroupCertificateAuthorityRequest" + }, + "output": { + "shape": "CreateGroupCertificateAuthorityResponse", + "documentation": "Success. The response body contains the new active CA ARN." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Creates a CA for the group. If a CA already exists, it will rotate the existing CA." + }, + "CreateGroupVersion": { + "name": "CreateGroupVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/groups/{GroupId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateGroupVersionRequest" + }, + "output": { + "shape": "CreateGroupVersionResponse", + "documentation": "Success. The response contains information about the group version." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a group which has already been defined." + }, + "CreateLoggerDefinition": { + "name": "CreateLoggerDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/loggers", + "responseCode": 200 + }, + "input": { + "shape": "CreateLoggerDefinitionRequest" + }, + "output": { + "shape": "CreateLoggerDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a logger definition. You may provide the initial version of the logger definition now or use ''CreateLoggerDefinitionVersion'' at a later time." + }, + "CreateLoggerDefinitionVersion": { + "name": "CreateLoggerDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateLoggerDefinitionVersionRequest" + }, + "output": { + "shape": "CreateLoggerDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a logger definition that has already been defined." + }, + "CreateResourceDefinition": { + "name": "CreateResourceDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/resources", + "responseCode": 200 + }, + "input": { + "shape": "CreateResourceDefinitionRequest" + }, + "output": { + "shape": "CreateResourceDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a resource definition which contains a list of resources to be used in a group. You can create an initial version of the definition by providing a list of resources now, or use ''CreateResourceDefinitionVersion'' later." + }, + "CreateResourceDefinitionVersion": { + "name": "CreateResourceDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateResourceDefinitionVersionRequest" + }, + "output": { + "shape": "CreateResourceDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a resource definition that has already been defined." + }, + "CreateSoftwareUpdateJob": { + "name": "CreateSoftwareUpdateJob", + "http": { + "method": "POST", + "requestUri": "/greengrass/updates", + "responseCode": 200 + }, + "input": { + "shape": "CreateSoftwareUpdateJobRequest" + }, + "output": { + "shape": "CreateSoftwareUpdateJobResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Creates a software update for a core or group of cores (specified as an IoT thing group.) Use this to update the OTA Agent as well as the Greengrass core software. It makes use of the IoT Jobs feature which provides additional commands to manage a Greengrass core software update job." + }, + "CreateSubscriptionDefinition": { + "name": "CreateSubscriptionDefinition", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/subscriptions", + "responseCode": 200 + }, + "input": { + "shape": "CreateSubscriptionDefinitionRequest" + }, + "output": { + "shape": "CreateSubscriptionDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a subscription definition. You may provide the initial version of the subscription definition now or use ''CreateSubscriptionDefinitionVersion'' at a later time." + }, + "CreateSubscriptionDefinitionVersion": { + "name": "CreateSubscriptionDefinitionVersion", + "http": { + "method": "POST", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "CreateSubscriptionDefinitionVersionRequest" + }, + "output": { + "shape": "CreateSubscriptionDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Creates a version of a subscription definition which has already been defined." + }, + "DeleteConnectorDefinition": { + "name": "DeleteConnectorDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteConnectorDefinitionRequest" + }, + "output": { + "shape": "DeleteConnectorDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a connector definition." + }, + "DeleteCoreDefinition": { + "name": "DeleteCoreDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteCoreDefinitionRequest" + }, + "output": { + "shape": "DeleteCoreDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a core definition." + }, + "DeleteDeviceDefinition": { + "name": "DeleteDeviceDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteDeviceDefinitionRequest" + }, + "output": { + "shape": "DeleteDeviceDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a device definition." + }, + "DeleteFunctionDefinition": { + "name": "DeleteFunctionDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteFunctionDefinitionRequest" + }, + "output": { + "shape": "DeleteFunctionDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a Lambda function definition." + }, + "DeleteGroup": { + "name": "DeleteGroup", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/groups/{GroupId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteGroupRequest" + }, + "output": { + "shape": "DeleteGroupResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a group." + }, + "DeleteLoggerDefinition": { + "name": "DeleteLoggerDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteLoggerDefinitionRequest" + }, + "output": { + "shape": "DeleteLoggerDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a logger definition." + }, + "DeleteResourceDefinition": { + "name": "DeleteResourceDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteResourceDefinitionRequest" + }, + "output": { + "shape": "DeleteResourceDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a resource definition." + }, + "DeleteSubscriptionDefinition": { + "name": "DeleteSubscriptionDefinition", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteSubscriptionDefinitionRequest" + }, + "output": { + "shape": "DeleteSubscriptionDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deletes a subscription definition." + }, + "DisassociateRoleFromGroup": { + "name": "DisassociateRoleFromGroup", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/groups/{GroupId}/role", + "responseCode": 200 + }, + "input": { + "shape": "DisassociateRoleFromGroupRequest" + }, + "output": { + "shape": "DisassociateRoleFromGroupResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Disassociates the role from a group." + }, + "DisassociateServiceRoleFromAccount": { + "name": "DisassociateServiceRoleFromAccount", + "http": { + "method": "DELETE", + "requestUri": "/greengrass/servicerole", + "responseCode": 200 + }, + "input": { + "shape": "DisassociateServiceRoleFromAccountRequest" + }, + "output": { + "shape": "DisassociateServiceRoleFromAccountResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Disassociates the service role from your account. Without a service role, deployments will not work." + }, + "GetAssociatedRole": { + "name": "GetAssociatedRole", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/role", + "responseCode": 200 + }, + "input": { + "shape": "GetAssociatedRoleRequest" + }, + "output": { + "shape": "GetAssociatedRoleResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retrieves the role associated with a particular group." + }, + "GetBulkDeploymentStatus": { + "name": "GetBulkDeploymentStatus", + "http": { + "method": "GET", + "requestUri": "/greengrass/bulk/deployments/{BulkDeploymentId}/status", + "responseCode": 200 + }, + "input": { + "shape": "GetBulkDeploymentStatusRequest" + }, + "output": { + "shape": "GetBulkDeploymentStatusResponse", + "documentation": "Success. The response body contains the status of the bulk deployment." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Returns the status of a bulk deployment." + }, + "GetConnectivityInfo": { + "name": "GetConnectivityInfo", + "http": { + "method": "GET", + "requestUri": "/greengrass/things/{ThingName}/connectivityInfo", + "responseCode": 200 + }, + "input": { + "shape": "GetConnectivityInfoRequest" + }, + "output": { + "shape": "GetConnectivityInfoResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retrieves the connectivity information for a core." + }, + "GetConnectorDefinition": { + "name": "GetConnectorDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetConnectorDefinitionRequest" + }, + "output": { + "shape": "GetConnectorDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a connector definition." + }, + "GetConnectorDefinitionVersion": { + "name": "GetConnectorDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions/{ConnectorDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetConnectorDefinitionVersionRequest" + }, + "output": { + "shape": "GetConnectorDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a connector definition version, including the connectors that the version contains. Connectors are prebuilt modules that interact with local infrastructure, device protocols, AWS, and other cloud services." + }, + "GetCoreDefinition": { + "name": "GetCoreDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetCoreDefinitionRequest" + }, + "output": { + "shape": "GetCoreDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a core definition version." + }, + "GetCoreDefinitionVersion": { + "name": "GetCoreDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}/versions/{CoreDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetCoreDefinitionVersionRequest" + }, + "output": { + "shape": "GetCoreDefinitionVersionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a core definition version." + }, + "GetDeploymentStatus": { + "name": "GetDeploymentStatus", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/deployments/{DeploymentId}/status", + "responseCode": 200 + }, + "input": { + "shape": "GetDeploymentStatusRequest" + }, + "output": { + "shape": "GetDeploymentStatusResponse", + "documentation": "Success. The response body contains the status of the deployment for the group." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Returns the status of a deployment." + }, + "GetDeviceDefinition": { + "name": "GetDeviceDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetDeviceDefinitionRequest" + }, + "output": { + "shape": "GetDeviceDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a device definition." + }, + "GetDeviceDefinitionVersion": { + "name": "GetDeviceDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}/versions/{DeviceDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetDeviceDefinitionVersionRequest" + }, + "output": { + "shape": "GetDeviceDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a device definition version." + }, + "GetFunctionDefinition": { + "name": "GetFunctionDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetFunctionDefinitionRequest" + }, + "output": { + "shape": "GetFunctionDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a Lambda function definition, including its creation time and latest version." + }, + "GetFunctionDefinitionVersion": { + "name": "GetFunctionDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}/versions/{FunctionDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetFunctionDefinitionVersionRequest" + }, + "output": { + "shape": "GetFunctionDefinitionVersionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a Lambda function definition version, including which Lambda functions are included in the version and their configurations." + }, + "GetGroup": { + "name": "GetGroup", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}", + "responseCode": 200 + }, + "input": { + "shape": "GetGroupRequest" + }, + "output": { + "shape": "GetGroupResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a group." + }, + "GetGroupCertificateAuthority": { + "name": "GetGroupCertificateAuthority", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/certificateauthorities/{CertificateAuthorityId}", + "responseCode": 200 + }, + "input": { + "shape": "GetGroupCertificateAuthorityRequest" + }, + "output": { + "shape": "GetGroupCertificateAuthorityResponse", + "documentation": "Success. The response body contains the PKI Configuration." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retreives the CA associated with a group. Returns the public key of the CA." + }, + "GetGroupCertificateConfiguration": { + "name": "GetGroupCertificateConfiguration", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/certificateauthorities/configuration/expiry", + "responseCode": 200 + }, + "input": { + "shape": "GetGroupCertificateConfigurationRequest" + }, + "output": { + "shape": "GetGroupCertificateConfigurationResponse", + "documentation": "Success. The response body contains the PKI Configuration." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retrieves the current configuration for the CA used by the group." + }, + "GetGroupVersion": { + "name": "GetGroupVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/versions/{GroupVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetGroupVersionRequest" + }, + "output": { + "shape": "GetGroupVersionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a group version." + }, + "GetLoggerDefinition": { + "name": "GetLoggerDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetLoggerDefinitionRequest" + }, + "output": { + "shape": "GetLoggerDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a logger definition." + }, + "GetLoggerDefinitionVersion": { + "name": "GetLoggerDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}/versions/{LoggerDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetLoggerDefinitionVersionRequest" + }, + "output": { + "shape": "GetLoggerDefinitionVersionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a logger definition version." + }, + "GetResourceDefinition": { + "name": "GetResourceDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetResourceDefinitionRequest" + }, + "output": { + "shape": "GetResourceDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a resource definition, including its creation time and latest version." + }, + "GetResourceDefinitionVersion": { + "name": "GetResourceDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}/versions/{ResourceDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetResourceDefinitionVersionRequest" + }, + "output": { + "shape": "GetResourceDefinitionVersionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a resource definition version, including which resources are included in the version." + }, + "GetServiceRoleForAccount": { + "name": "GetServiceRoleForAccount", + "http": { + "method": "GET", + "requestUri": "/greengrass/servicerole", + "responseCode": 200 + }, + "input": { + "shape": "GetServiceRoleForAccountRequest" + }, + "output": { + "shape": "GetServiceRoleForAccountResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retrieves the service role that is attached to your account." + }, + "GetSubscriptionDefinition": { + "name": "GetSubscriptionDefinition", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetSubscriptionDefinitionRequest" + }, + "output": { + "shape": "GetSubscriptionDefinitionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a subscription definition." + }, + "GetSubscriptionDefinitionVersion": { + "name": "GetSubscriptionDefinitionVersion", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions/{SubscriptionDefinitionVersionId}", + "responseCode": 200 + }, + "input": { + "shape": "GetSubscriptionDefinitionVersionRequest" + }, + "output": { + "shape": "GetSubscriptionDefinitionVersionResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves information about a subscription definition version." + }, + "GetThingRuntimeConfiguration": { + "name": "GetThingRuntimeConfiguration", + "http": { + "method": "GET", + "requestUri": "/greengrass/things/{ThingName}/runtimeconfig", + "responseCode": 200 + }, + "input": { + "shape": "GetThingRuntimeConfigurationRequest" + }, + "output": { + "shape": "GetThingRuntimeConfigurationResponse", + "documentation": "Success. The response contains the runtime configuration for the given thing." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Get the runtime configuration of a thing." + }, + "ListBulkDeploymentDetailedReports": { + "name": "ListBulkDeploymentDetailedReports", + "http": { + "method": "GET", + "requestUri": "/greengrass/bulk/deployments/{BulkDeploymentId}/detailed-reports", + "responseCode": 200 + }, + "input": { + "shape": "ListBulkDeploymentDetailedReportsRequest" + }, + "output": { + "shape": "ListBulkDeploymentDetailedReportsResponse", + "documentation": "Success. The response body contains the list of deployments for the given group." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Gets a paginated list of the deployments that have been started in a bulk deployment operation, and their current deployment status." + }, + "ListBulkDeployments": { + "name": "ListBulkDeployments", + "http": { + "method": "GET", + "requestUri": "/greengrass/bulk/deployments", + "responseCode": 200 + }, + "input": { + "shape": "ListBulkDeploymentsRequest" + }, + "output": { + "shape": "ListBulkDeploymentsResponse", + "documentation": "Success. The response body contains the list of bulk deployments." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Returns a list of bulk deployments." + }, + "ListConnectorDefinitionVersions": { + "name": "ListConnectorDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListConnectorDefinitionVersionsRequest" + }, + "output": { + "shape": "ListConnectorDefinitionVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a connector definition, which are containers for connectors. Connectors run on the Greengrass core and contain built-in integration with local infrastructure, device protocols, AWS, and other cloud services." + }, + "ListConnectorDefinitions": { + "name": "ListConnectorDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/connectors", + "responseCode": 200 + }, + "input": { + "shape": "ListConnectorDefinitionsRequest" + }, + "output": { + "shape": "ListConnectorDefinitionsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of connector definitions." + }, + "ListCoreDefinitionVersions": { + "name": "ListCoreDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListCoreDefinitionVersionsRequest" + }, + "output": { + "shape": "ListCoreDefinitionVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a core definition." + }, + "ListCoreDefinitions": { + "name": "ListCoreDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/cores", + "responseCode": 200 + }, + "input": { + "shape": "ListCoreDefinitionsRequest" + }, + "output": { + "shape": "ListCoreDefinitionsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of core definitions." + }, + "ListDeployments": { + "name": "ListDeployments", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/deployments", + "responseCode": 200 + }, + "input": { + "shape": "ListDeploymentsRequest" + }, + "output": { + "shape": "ListDeploymentsResponse", + "documentation": "Success. The response body contains the list of deployments for the given group." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Returns a history of deployments for the group." + }, + "ListDeviceDefinitionVersions": { + "name": "ListDeviceDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListDeviceDefinitionVersionsRequest" + }, + "output": { + "shape": "ListDeviceDefinitionVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a device definition." + }, + "ListDeviceDefinitions": { + "name": "ListDeviceDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/devices", + "responseCode": 200 + }, + "input": { + "shape": "ListDeviceDefinitionsRequest" + }, + "output": { + "shape": "ListDeviceDefinitionsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of device definitions." + }, + "ListFunctionDefinitionVersions": { + "name": "ListFunctionDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListFunctionDefinitionVersionsRequest" + }, + "output": { + "shape": "ListFunctionDefinitionVersionsResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a Lambda function definition." + }, + "ListFunctionDefinitions": { + "name": "ListFunctionDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/functions", + "responseCode": 200 + }, + "input": { + "shape": "ListFunctionDefinitionsRequest" + }, + "output": { + "shape": "ListFunctionDefinitionsResponse", + "documentation": "Success. The response contains the IDs of all the Greengrass Lambda function definitions in this account." + }, + "errors": [], + "documentation": "Retrieves a list of Lambda function definitions." + }, + "ListGroupCertificateAuthorities": { + "name": "ListGroupCertificateAuthorities", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/certificateauthorities", + "responseCode": 200 + }, + "input": { + "shape": "ListGroupCertificateAuthoritiesRequest" + }, + "output": { + "shape": "ListGroupCertificateAuthoritiesResponse", + "documentation": "Success. The response body contains the PKI Configuration." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Retrieves the current CAs for a group." + }, + "ListGroupVersions": { + "name": "ListGroupVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups/{GroupId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListGroupVersionsRequest" + }, + "output": { + "shape": "ListGroupVersionsResponse", + "documentation": "Success. The response contains the list of versions and metadata for the given group." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a group." + }, + "ListGroups": { + "name": "ListGroups", + "http": { + "method": "GET", + "requestUri": "/greengrass/groups", + "responseCode": 200 + }, + "input": { + "shape": "ListGroupsRequest" + }, + "output": { + "shape": "ListGroupsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of groups." + }, + "ListLoggerDefinitionVersions": { + "name": "ListLoggerDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListLoggerDefinitionVersionsRequest" + }, + "output": { + "shape": "ListLoggerDefinitionVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a logger definition." + }, + "ListLoggerDefinitions": { + "name": "ListLoggerDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/loggers", + "responseCode": 200 + }, + "input": { + "shape": "ListLoggerDefinitionsRequest" + }, + "output": { + "shape": "ListLoggerDefinitionsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of logger definitions." + }, + "ListResourceDefinitionVersions": { + "name": "ListResourceDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListResourceDefinitionVersionsRequest" + }, + "output": { + "shape": "ListResourceDefinitionVersionsResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a resource definition." + }, + "ListResourceDefinitions": { + "name": "ListResourceDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/resources", + "responseCode": 200 + }, + "input": { + "shape": "ListResourceDefinitionsRequest" + }, + "output": { + "shape": "ListResourceDefinitionsResponse", + "documentation": "The IDs of all the Greengrass resource definitions in this account." + }, + "errors": [], + "documentation": "Retrieves a list of resource definitions." + }, + "ListSubscriptionDefinitionVersions": { + "name": "ListSubscriptionDefinitionVersions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListSubscriptionDefinitionVersionsRequest" + }, + "output": { + "shape": "ListSubscriptionDefinitionVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Lists the versions of a subscription definition." + }, + "ListSubscriptionDefinitions": { + "name": "ListSubscriptionDefinitions", + "http": { + "method": "GET", + "requestUri": "/greengrass/definition/subscriptions", + "responseCode": 200 + }, + "input": { + "shape": "ListSubscriptionDefinitionsRequest" + }, + "output": { + "shape": "ListSubscriptionDefinitionsResponse" + }, + "errors": [], + "documentation": "Retrieves a list of subscription definitions." + }, + "ListTagsForResource": { + "name": "ListTagsForResource", + "http": { + "method": "GET", + "requestUri": "/tags/{resource-arn}", + "responseCode": 200 + }, + "input": { + "shape": "ListTagsForResourceRequest" + }, + "output": { + "shape": "ListTagsForResourceResponse", + "documentation": "HTTP Status Code 200: OK." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Retrieves a list of resource tags for a resource arn." + }, + "ResetDeployments": { + "name": "ResetDeployments", + "http": { + "method": "POST", + "requestUri": "/greengrass/groups/{GroupId}/deployments/$reset", + "responseCode": 200 + }, + "input": { + "shape": "ResetDeploymentsRequest" + }, + "output": { + "shape": "ResetDeploymentsResponse", + "documentation": "Success. The group's deployments were reset." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Resets a group's deployments." + }, + "StartBulkDeployment": { + "name": "StartBulkDeployment", + "http": { + "method": "POST", + "requestUri": "/greengrass/bulk/deployments", + "responseCode": 200 + }, + "input": { + "shape": "StartBulkDeploymentRequest" + }, + "output": { + "shape": "StartBulkDeploymentResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Deploys multiple groups in one operation. This action starts the bulk deployment of a specified set of group versions. Each group version deployment will be triggered with an adaptive rate that has a fixed upper limit. We recommend that you include an ''X-Amzn-Client-Token'' token in every ''StartBulkDeployment'' request. These requests are idempotent with respect to the token and the request parameters." + }, + "StopBulkDeployment": { + "name": "StopBulkDeployment", + "http": { + "method": "PUT", + "requestUri": "/greengrass/bulk/deployments/{BulkDeploymentId}/$stop", + "responseCode": 200 + }, + "input": { + "shape": "StopBulkDeploymentRequest" + }, + "output": { + "shape": "StopBulkDeploymentResponse", + "documentation": "Success. The bulk deployment is being stopped." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Stops the execution of a bulk deployment. This action returns a status of ''Stopping'' until the deployment is stopped. You cannot start a new bulk deployment while a previous deployment is in the ''Stopping'' state. This action doesn't rollback completed deployments or cancel pending deployments." + }, + "TagResource": { + "name": "TagResource", + "http": { + "method": "POST", + "requestUri": "/tags/{resource-arn}", + "responseCode": 204 + }, + "input": { + "shape": "TagResourceRequest" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Adds tags to a Greengrass resource. Valid resources are 'Group', 'ConnectorDefinition', 'CoreDefinition', 'DeviceDefinition', 'FunctionDefinition', 'LoggerDefinition', 'SubscriptionDefinition', 'ResourceDefinition', and 'BulkDeployment'." + }, + "UntagResource": { + "name": "UntagResource", + "http": { + "method": "DELETE", + "requestUri": "/tags/{resource-arn}", + "responseCode": 204 + }, + "input": { + "shape": "UntagResourceRequest" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Remove resource tags from a Greengrass Resource." + }, + "UpdateConnectivityInfo": { + "name": "UpdateConnectivityInfo", + "http": { + "method": "PUT", + "requestUri": "/greengrass/things/{ThingName}/connectivityInfo", + "responseCode": 200 + }, + "input": { + "shape": "UpdateConnectivityInfoRequest" + }, + "output": { + "shape": "UpdateConnectivityInfoResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Updates the connectivity information for the core. Any devices that belong to the group which has this core will receive this information in order to find the location of the core and connect to it." + }, + "UpdateConnectorDefinition": { + "name": "UpdateConnectorDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/connectors/{ConnectorDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateConnectorDefinitionRequest" + }, + "output": { + "shape": "UpdateConnectorDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a connector definition." + }, + "UpdateCoreDefinition": { + "name": "UpdateCoreDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/cores/{CoreDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateCoreDefinitionRequest" + }, + "output": { + "shape": "UpdateCoreDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a core definition." + }, + "UpdateDeviceDefinition": { + "name": "UpdateDeviceDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/devices/{DeviceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateDeviceDefinitionRequest" + }, + "output": { + "shape": "UpdateDeviceDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a device definition." + }, + "UpdateFunctionDefinition": { + "name": "UpdateFunctionDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/functions/{FunctionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateFunctionDefinitionRequest" + }, + "output": { + "shape": "UpdateFunctionDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a Lambda function definition." + }, + "UpdateGroup": { + "name": "UpdateGroup", + "http": { + "method": "PUT", + "requestUri": "/greengrass/groups/{GroupId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateGroupRequest" + }, + "output": { + "shape": "UpdateGroupResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a group." + }, + "UpdateGroupCertificateConfiguration": { + "name": "UpdateGroupCertificateConfiguration", + "http": { + "method": "PUT", + "requestUri": "/greengrass/groups/{GroupId}/certificateauthorities/configuration/expiry", + "responseCode": 200 + }, + "input": { + "shape": "UpdateGroupCertificateConfigurationRequest" + }, + "output": { + "shape": "UpdateGroupCertificateConfigurationResponse", + "documentation": "Success. The response body contains the PKI Configuration." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Updates the Certificate expiry time for a group." + }, + "UpdateLoggerDefinition": { + "name": "UpdateLoggerDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/loggers/{LoggerDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateLoggerDefinitionRequest" + }, + "output": { + "shape": "UpdateLoggerDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a logger definition." + }, + "UpdateResourceDefinition": { + "name": "UpdateResourceDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/resources/{ResourceDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateResourceDefinitionRequest" + }, + "output": { + "shape": "UpdateResourceDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a resource definition." + }, + "UpdateSubscriptionDefinition": { + "name": "UpdateSubscriptionDefinition", + "http": { + "method": "PUT", + "requestUri": "/greengrass/definition/subscriptions/{SubscriptionDefinitionId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateSubscriptionDefinitionRequest" + }, + "output": { + "shape": "UpdateSubscriptionDefinitionResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + } + ], + "documentation": "Updates a subscription definition." + }, + "UpdateThingRuntimeConfiguration": { + "name": "UpdateThingRuntimeConfiguration", + "http": { + "method": "PUT", + "requestUri": "/greengrass/things/{ThingName}/runtimeconfig", + "responseCode": 200 + }, + "input": { + "shape": "UpdateThingRuntimeConfigurationRequest" + }, + "output": { + "shape": "UpdateThingRuntimeConfigurationResponse", + "documentation": "success" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "invalid request" + }, + { + "shape": "InternalServerErrorException", + "documentation": "server error" + } + ], + "documentation": "Updates the runtime configuration of a thing." } }, - "shapes" : { - "AssociateRoleToGroupRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "RoleArn" : { - "shape" : "__string", - "documentation" : "The ARN of the role you wish to associate with this group. The existence of the role is not validated." - } - }, - "required" : [ "GroupId", "RoleArn" ] - }, - "AssociateRoleToGroupResponse" : { - "type" : "structure", - "members" : { - "AssociatedAt" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the role ARN was associated with the group." - } - } - }, - "AssociateServiceRoleToAccountRequest" : { - "type" : "structure", - "members" : { - "RoleArn" : { - "shape" : "__string", - "documentation" : "The ARN of the service role you wish to associate with your account." - } - }, - "required" : [ "RoleArn" ] - }, - "AssociateServiceRoleToAccountResponse" : { - "type" : "structure", - "members" : { - "AssociatedAt" : { - "shape" : "__string", - "documentation" : "The time when the service role was associated with the account." - } - } - }, - "BadRequestException" : { - "type" : "structure", - "members" : { - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Details about the error." - }, - "Message" : { - "shape" : "__string", - "documentation" : "A message containing information about the error." - } - }, - "documentation" : "General error information.", - "exception" : true, - "error" : { - "httpStatusCode" : 400 - } - }, - "BulkDeployment" : { - "type" : "structure", - "members" : { - "BulkDeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the bulk deployment." - }, - "BulkDeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the bulk deployment." - }, - "CreatedAt" : { - "shape" : "__string", - "documentation" : "The time, in ISO format, when the deployment was created." - } - }, - "documentation" : "Information about a bulk deployment. You cannot start a new bulk deployment while another one is still running or in a non-terminal state." - }, - "BulkDeploymentMetrics" : { - "type" : "structure", - "members" : { - "InvalidInputRecords" : { - "shape" : "__integer", - "documentation" : "The total number of records that returned a non-retryable error. For example, this can occur if a group record from the input file uses an invalid format or specifies a nonexistent group version, or if the execution role doesn't grant permission to deploy a group or group version." - }, - "RecordsProcessed" : { - "shape" : "__integer", - "documentation" : "The total number of group records from the input file that have been processed so far, or attempted." - }, - "RetryAttempts" : { - "shape" : "__integer", - "documentation" : "The total number of deployment attempts that returned a retryable error. For example, a retry is triggered if the attempt to deploy a group returns a throttling error. ''StartBulkDeployment'' retries a group deployment up to five times." - } - }, - "documentation" : "Relevant metrics on input records processed during bulk deployment." - }, - "BulkDeploymentResult" : { - "type" : "structure", - "members" : { - "CreatedAt" : { - "shape" : "__string", - "documentation" : "The time, in ISO format, when the deployment was created." - }, - "DeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the group deployment." - }, - "DeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the group deployment." - }, - "DeploymentStatus" : { - "shape" : "__string", - "documentation" : "The current status of the group deployment: ''InProgress'', ''Building'', ''Success'', or ''Failure''." - }, - "DeploymentType" : { - "shape" : "DeploymentType", - "documentation" : "The type of the deployment." - }, - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Details about the error." - }, - "ErrorMessage" : { - "shape" : "__string", - "documentation" : "The error message for a failed deployment" - }, - "GroupArn" : { - "shape" : "__string", - "documentation" : "The ARN of the Greengrass group." - } - }, - "documentation" : "Information about an individual group deployment in a bulk deployment operation." - }, - "BulkDeploymentResults" : { - "type" : "list", - "member" : { - "shape" : "BulkDeploymentResult" - } - }, - "BulkDeploymentStatus" : { - "type" : "string", - "documentation" : "The current status of the bulk deployment.", - "enum" : [ "Initializing", "Running", "Completed", "Stopping", "Stopped", "Failed" ] - }, - "BulkDeployments" : { - "type" : "list", - "member" : { - "shape" : "BulkDeployment" - } - }, - "ConfigurationSyncStatus" : { - "type" : "string", - "enum" : [ "InSync", "OutOfSync" ] - }, - "ConnectivityInfo" : { - "type" : "structure", - "members" : { - "HostAddress" : { - "shape" : "__string", - "documentation" : "The endpoint for the Greengrass core. Can be an IP address or DNS." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the connectivity information." - }, - "Metadata" : { - "shape" : "__string", - "documentation" : "Metadata for this endpoint." - }, - "PortNumber" : { - "shape" : "__integer", - "documentation" : "The port of the Greengrass core. Usually 8883." - } - }, - "documentation" : "Information about a Greengrass core's connectivity." - }, - "Connector" : { - "type" : "structure", - "members" : { - "ConnectorArn" : { - "shape" : "__string", - "documentation" : "The ARN of the connector." - }, - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the connector. This value must be unique within the connector definition version. Max length is 128 characters with pattern [a-zA-Z0-9:_-]+." - }, - "Parameters" : { - "shape" : "__mapOf__string", - "documentation" : "The parameters or configuration that the connector uses." - } - }, - "documentation" : "Information about a connector. Connectors run on the Greengrass core and contain built-in integration with local infrastructure, device protocols, AWS, and other cloud services.", - "required" : [ "ConnectorArn", "Id" ] - }, - "ConnectorDefinitionVersion" : { - "type" : "structure", - "members" : { - "Connectors" : { - "shape" : "__listOfConnector", - "documentation" : "A list of references to connectors in this version, with their corresponding configuration settings." - } - }, - "documentation" : "Information about the connector definition version, which is a container for connectors." - }, - "Core" : { - "type" : "structure", - "members" : { - "CertificateArn" : { - "shape" : "__string", - "documentation" : "The ARN of the certificate associated with the core." - }, - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the core. This value must be unique within the core definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." - }, - "SyncShadow" : { - "shape" : "__boolean", - "documentation" : "If true, the core's local shadow is automatically synced with the cloud." - }, - "ThingArn" : { - "shape" : "__string", - "documentation" : "The ARN of the thing which is the core." - } - }, - "documentation" : "Information about a core.", - "required" : [ "ThingArn", "Id", "CertificateArn" ] - }, - "CoreDefinitionVersion" : { - "type" : "structure", - "members" : { - "Cores" : { - "shape" : "__listOfCore", - "documentation" : "A list of cores in the core definition version." - } - }, - "documentation" : "Information about a core definition version." - }, - "CreateConnectorDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "ConnectorDefinitionVersion", - "documentation" : "Information about the initial version of the connector definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the connector definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateConnectorDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateConnectorDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - }, - "Connectors" : { - "shape" : "__listOfConnector", - "documentation" : "A list of references to connectors in this version, with their corresponding configuration settings." - } - }, - "required" : [ "ConnectorDefinitionId" ] - }, - "CreateConnectorDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateCoreDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "CoreDefinitionVersion", - "documentation" : "Information about the initial version of the core definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the core definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - }, - "documentation" : "Information needed to create a core definition." - }, - "CreateCoreDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateCoreDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - }, - "Cores" : { - "shape" : "__listOfCore", - "documentation" : "A list of cores in the core definition version." - } - }, - "required" : [ "CoreDefinitionId" ] - }, - "CreateCoreDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateDeploymentRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "DeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the deployment if you wish to redeploy a previous deployment." - }, - "DeploymentType" : { - "shape" : "DeploymentType", - "documentation" : "The type of deployment. When used for ''CreateDeployment'', only ''NewDeployment'' and ''Redeployment'' are valid." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "GroupVersionId" : { - "shape" : "__string", - "documentation" : "The ID of the group version to be deployed." - } - }, - "required" : [ "GroupId", "DeploymentType" ] - }, - "CreateDeploymentResponse" : { - "type" : "structure", - "members" : { - "DeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the deployment." - }, - "DeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the deployment." - } - } - }, - "CreateDeviceDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "DeviceDefinitionVersion", - "documentation" : "Information about the initial version of the device definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the device definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateDeviceDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateDeviceDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - }, - "Devices" : { - "shape" : "__listOfDevice", - "documentation" : "A list of devices in the definition version." - } - }, - "required" : [ "DeviceDefinitionId" ] - }, - "CreateDeviceDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateFunctionDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "FunctionDefinitionVersion", - "documentation" : "Information about the initial version of the function definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the function definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateFunctionDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateFunctionDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "DefaultConfig" : { - "shape" : "FunctionDefaultConfig", - "documentation" : "The default configuration that applies to all Lambda functions in this function definition version. Individual Lambda functions can override these settings." - }, - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - }, - "Functions" : { - "shape" : "__listOfFunction", - "documentation" : "A list of Lambda functions in this function definition version." - } - }, - "documentation" : "Information needed to create a function definition version.", - "required" : [ "FunctionDefinitionId" ] - }, - "CreateFunctionDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateGroupCertificateAuthorityRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "CreateGroupCertificateAuthorityResponse" : { - "type" : "structure", - "members" : { - "GroupCertificateAuthorityArn" : { - "shape" : "__string", - "documentation" : "The ARN of the group certificate authority." - } - } - }, - "CreateGroupRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "GroupVersion", - "documentation" : "Information about the initial version of the group." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the group." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - }, - "required" : [ "Name" ] - }, - "CreateGroupResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateGroupVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "ConnectorDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the connector definition version for this group." - }, - "CoreDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the core definition version for this group." - }, - "DeviceDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the device definition version for this group." - }, - "FunctionDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the function definition version for this group." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "LoggerDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the logger definition version for this group." - }, - "ResourceDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the resource definition version for this group." - }, - "SubscriptionDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the subscription definition version for this group." - } - }, - "required" : [ "GroupId" ] - }, - "CreateGroupVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateLoggerDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "LoggerDefinitionVersion", - "documentation" : "Information about the initial version of the logger definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the logger definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateLoggerDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateLoggerDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - }, - "Loggers" : { - "shape" : "__listOfLogger", - "documentation" : "A list of loggers." - } - }, - "required" : [ "LoggerDefinitionId" ] - }, - "CreateLoggerDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateResourceDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "ResourceDefinitionVersion", - "documentation" : "Information about the initial version of the resource definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the resource definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateResourceDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateResourceDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - }, - "Resources" : { - "shape" : "__listOfResource", - "documentation" : "A list of resources." - } - }, - "required" : [ "ResourceDefinitionId" ] - }, - "CreateResourceDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "CreateSoftwareUpdateJobRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "S3UrlSignerRole" : { - "shape" : "S3UrlSignerRole" - }, - "SoftwareToUpdate" : { - "shape" : "SoftwareToUpdate" - }, - "UpdateAgentLogLevel" : { - "shape" : "UpdateAgentLogLevel" - }, - "UpdateTargets" : { - "shape" : "UpdateTargets" - }, - "UpdateTargetsArchitecture" : { - "shape" : "UpdateTargetsArchitecture" - }, - "UpdateTargetsOperatingSystem" : { - "shape" : "UpdateTargetsOperatingSystem" - } - }, - "required" : [ "S3UrlSignerRole", "UpdateTargetsArchitecture", "SoftwareToUpdate", "UpdateTargets", "UpdateTargetsOperatingSystem" ] - }, - "CreateSoftwareUpdateJobResponse" : { - "type" : "structure", - "members" : { - "IotJobArn" : { - "shape" : "__string", - "documentation" : "The IoT Job ARN corresponding to this update." - }, - "IotJobId" : { - "shape" : "__string", - "documentation" : "The IoT Job Id corresponding to this update." - }, - "PlatformSoftwareVersion" : { - "shape" : "__string", - "documentation" : "The software version installed on the device or devices after the update." - } - } - }, - "CreateSubscriptionDefinitionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "InitialVersion" : { - "shape" : "SubscriptionDefinitionVersion", - "documentation" : "Information about the initial version of the subscription definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the subscription definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - } - }, - "CreateSubscriptionDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - } - }, - "CreateSubscriptionDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - }, - "Subscriptions" : { - "shape" : "__listOfSubscription", - "documentation" : "A list of subscriptions." - } - }, - "required" : [ "SubscriptionDefinitionId" ] - }, - "CreateSubscriptionDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - } - }, - "DefinitionInformation" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "Tags" : { - "shape" : "Tags", - "locationName" : "tags", - "documentation" : "Tag(s) attached to the resource arn." - } - }, - "documentation" : "Information about a definition." - }, - "DeleteConnectorDefinitionRequest" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - } - }, - "required" : [ "ConnectorDefinitionId" ] - }, - "DeleteConnectorDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteCoreDefinitionRequest" : { - "type" : "structure", - "members" : { - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - } - }, - "required" : [ "CoreDefinitionId" ] - }, - "DeleteCoreDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteDeviceDefinitionRequest" : { - "type" : "structure", - "members" : { - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - } - }, - "required" : [ "DeviceDefinitionId" ] - }, - "DeleteDeviceDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteFunctionDefinitionRequest" : { - "type" : "structure", - "members" : { - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - } - }, - "required" : [ "FunctionDefinitionId" ] - }, - "DeleteFunctionDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteGroupRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "DeleteGroupResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteLoggerDefinitionRequest" : { - "type" : "structure", - "members" : { - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - } - }, - "required" : [ "LoggerDefinitionId" ] - }, - "DeleteLoggerDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteResourceDefinitionRequest" : { - "type" : "structure", - "members" : { - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - } - }, - "required" : [ "ResourceDefinitionId" ] - }, - "DeleteResourceDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "DeleteSubscriptionDefinitionRequest" : { - "type" : "structure", - "members" : { - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - } - }, - "required" : [ "SubscriptionDefinitionId" ] - }, - "DeleteSubscriptionDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "Deployment" : { - "type" : "structure", - "members" : { - "CreatedAt" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the deployment was created." - }, - "DeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the deployment." - }, - "DeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the deployment." - }, - "DeploymentType" : { - "shape" : "DeploymentType", - "documentation" : "The type of the deployment." - }, - "GroupArn" : { - "shape" : "__string", - "documentation" : "The ARN of the group for this deployment." - } - }, - "documentation" : "Information about a deployment." - }, - "DeploymentType" : { - "type" : "string", - "documentation" : "The type of deployment. When used for ''CreateDeployment'', only ''NewDeployment'' and ''Redeployment'' are valid.", - "enum" : [ "NewDeployment", "Redeployment", "ResetDeployment", "ForceResetDeployment" ] - }, - "Deployments" : { - "type" : "list", - "member" : { - "shape" : "Deployment" - } - }, - "Device" : { - "type" : "structure", - "members" : { - "CertificateArn" : { - "shape" : "__string", - "documentation" : "The ARN of the certificate associated with the device." - }, - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the device. This value must be unique within the device definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." - }, - "SyncShadow" : { - "shape" : "__boolean", - "documentation" : "If true, the device's local shadow will be automatically synced with the cloud." - }, - "ThingArn" : { - "shape" : "__string", - "documentation" : "The thing ARN of the device." - } - }, - "documentation" : "Information about a device.", - "required" : [ "ThingArn", "Id", "CertificateArn" ] - }, - "DeviceDefinitionVersion" : { - "type" : "structure", - "members" : { - "Devices" : { - "shape" : "__listOfDevice", - "documentation" : "A list of devices in the definition version." - } - }, - "documentation" : "Information about a device definition version." - }, - "DisassociateRoleFromGroupRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "DisassociateRoleFromGroupResponse" : { - "type" : "structure", - "members" : { - "DisassociatedAt" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the role was disassociated from the group." - } - } - }, - "DisassociateServiceRoleFromAccountRequest" : { - "type" : "structure", - "members" : { } - }, - "DisassociateServiceRoleFromAccountResponse" : { - "type" : "structure", - "members" : { - "DisassociatedAt" : { - "shape" : "__string", - "documentation" : "The time when the service role was disassociated from the account." - } - } - }, - "Empty" : { - "type" : "structure", - "members" : { }, - "documentation" : "Empty" - }, - "EncodingType" : { - "type" : "string", - "enum" : [ "binary", "json" ] - }, - "ErrorDetail" : { - "type" : "structure", - "members" : { - "DetailedErrorCode" : { - "shape" : "__string", - "documentation" : "A detailed error code." - }, - "DetailedErrorMessage" : { - "shape" : "__string", - "documentation" : "A detailed error message." - } - }, - "documentation" : "Details about the error." - }, - "ErrorDetails" : { - "type" : "list", - "documentation" : "A list of error details.", - "member" : { - "shape" : "ErrorDetail" - } - }, - "Function" : { - "type" : "structure", - "members" : { - "FunctionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the Lambda function." - }, - "FunctionConfiguration" : { - "shape" : "FunctionConfiguration", - "documentation" : "The configuration of the Lambda function." - }, - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the function. This value must be unique within the function definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." - } - }, - "documentation" : "Information about a Lambda function.", - "required" : [ "Id" ] - }, - "FunctionConfiguration" : { - "type" : "structure", - "members" : { - "EncodingType" : { - "shape" : "EncodingType", - "documentation" : "The expected encoding type of the input payload for the function. The default is ''json''." - }, - "Environment" : { - "shape" : "FunctionConfigurationEnvironment", - "documentation" : "The environment configuration of the function." - }, - "ExecArgs" : { - "shape" : "__string", - "documentation" : "The execution arguments." - }, - "Executable" : { - "shape" : "__string", - "documentation" : "The name of the function executable." - }, - "MemorySize" : { - "shape" : "__integer", - "documentation" : "The memory size, in KB, which the function requires. This setting is not applicable and should be cleared when you run the Lambda function without containerization." - }, - "Pinned" : { - "shape" : "__boolean", - "documentation" : "True if the function is pinned. Pinned means the function is long-lived and starts when the core starts." - }, - "Timeout" : { - "shape" : "__integer", - "documentation" : "The allowed function execution time, after which Lambda should terminate the function. This timeout still applies to pinned Lambda functions for each request." - }, - "FunctionRuntimeOverride" : { - "shape" : "__string", - "documentation" : "The Lambda runtime supported by Greengrass which is to be used instead of the one specified in the Lambda function." - } - }, - "documentation" : "The configuration of the Lambda function." - }, - "FunctionConfigurationEnvironment" : { - "type" : "structure", - "members" : { - "AccessSysfs" : { - "shape" : "__boolean", - "documentation" : "If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container." - }, - "Execution" : { - "shape" : "FunctionExecutionConfig", - "documentation" : "Configuration related to executing the Lambda function" - }, - "ResourceAccessPolicies" : { - "shape" : "__listOfResourceAccessPolicy", - "documentation" : "A list of the resources, with their permissions, to which the Lambda function will be granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies apply only when you run the Lambda function in a Greengrass container." - }, - "Variables" : { - "shape" : "__mapOf__string", - "documentation" : "Environment variables for the Lambda function's configuration." - } - }, - "documentation" : "The environment configuration of the function." - }, - "FunctionDefaultConfig" : { - "type" : "structure", - "members" : { - "Execution" : { - "shape" : "FunctionDefaultExecutionConfig" - } - }, - "documentation" : "The default configuration that applies to all Lambda functions in the group. Individual Lambda functions can override these settings." - }, - "FunctionDefaultExecutionConfig" : { - "type" : "structure", - "members" : { - "IsolationMode" : { - "shape" : "FunctionIsolationMode" - }, - "RunAs" : { - "shape" : "FunctionRunAsConfig" - } - }, - "documentation" : "Configuration information that specifies how a Lambda function runs. " - }, - "FunctionDefinitionVersion" : { - "type" : "structure", - "members" : { - "DefaultConfig" : { - "shape" : "FunctionDefaultConfig", - "documentation" : "The default configuration that applies to all Lambda functions in this function definition version. Individual Lambda functions can override these settings." - }, - "Functions" : { - "shape" : "__listOfFunction", - "documentation" : "A list of Lambda functions in this function definition version." - } - }, - "documentation" : "Information about a function definition version." - }, - "FunctionExecutionConfig" : { - "type" : "structure", - "members" : { - "IsolationMode" : { - "shape" : "FunctionIsolationMode" - }, - "RunAs" : { - "shape" : "FunctionRunAsConfig" - } - }, - "documentation" : "Configuration information that specifies how a Lambda function runs. " - }, - "FunctionIsolationMode" : { - "type" : "string", - "documentation" : "Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.", - "enum" : [ "GreengrassContainer", "NoContainer" ] - }, - "FunctionRunAsConfig" : { - "type" : "structure", - "members" : { - "Gid" : { - "shape" : "__integer", - "documentation" : "The group ID whose permissions are used to run a Lambda function." - }, - "Uid" : { - "shape" : "__integer", - "documentation" : "The user ID whose permissions are used to run a Lambda function." - } - }, - "documentation" : "Specifies the user and group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values. We recommend that you avoid running as root unless absolutely necessary to minimize the risk of unintended changes or malicious attacks. To run as root, you must set ''IsolationMode'' to ''NoContainer'' and update config.json in ''greengrass-root/config'' to set ''allowFunctionsToRunAsRoot'' to ''yes''." - }, - "GeneralError" : { - "type" : "structure", - "members" : { - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Details about the error." - }, - "Message" : { - "shape" : "__string", - "documentation" : "A message containing information about the error." - } - }, - "documentation" : "General error information." - }, - "GetAssociatedRoleRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "GetAssociatedRoleResponse" : { - "type" : "structure", - "members" : { - "AssociatedAt" : { - "shape" : "__string", - "documentation" : "The time when the role was associated with the group." - }, - "RoleArn" : { - "shape" : "__string", - "documentation" : "The ARN of the role that is associated with the group." - } - } - }, - "GetBulkDeploymentStatusRequest" : { - "type" : "structure", - "members" : { - "BulkDeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "BulkDeploymentId", - "documentation" : "The ID of the bulk deployment." - } - }, - "required" : [ "BulkDeploymentId" ] - }, - "GetBulkDeploymentStatusResponse" : { - "type" : "structure", - "members" : { - "BulkDeploymentMetrics" : { - "shape" : "BulkDeploymentMetrics", - "documentation" : "Relevant metrics on input records processed during bulk deployment." - }, - "BulkDeploymentStatus" : { - "shape" : "BulkDeploymentStatus", - "documentation" : "The status of the bulk deployment." - }, - "CreatedAt" : { - "shape" : "__string", - "documentation" : "The time, in ISO format, when the deployment was created." - }, - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Error details" - }, - "ErrorMessage" : { - "shape" : "__string", - "documentation" : "Error message" - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetConnectivityInfoRequest" : { - "type" : "structure", - "members" : { - "ThingName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ThingName", - "documentation" : "The thing name." - } - }, - "required" : [ "ThingName" ] - }, - "GetConnectivityInfoResponse" : { - "type" : "structure", - "members" : { - "ConnectivityInfo" : { - "shape" : "__listOfConnectivityInfo", - "documentation" : "Connectivity info list." - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "A message about the connectivity info request." - } - } - }, - "GetConnectorDefinitionRequest" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - } - }, - "required" : [ "ConnectorDefinitionId" ] - }, - "GetConnectorDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetConnectorDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - }, - "ConnectorDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionVersionId", - "documentation" : "The ID of the connector definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListConnectorDefinitionVersions'' requests. If the version is the last one that was associated with a connector definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "ConnectorDefinitionId", "ConnectorDefinitionVersionId" ] - }, - "GetConnectorDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the connector definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the connector definition version was created." - }, - "Definition" : { - "shape" : "ConnectorDefinitionVersion", - "documentation" : "Information about the connector definition version." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the connector definition version." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the connector definition version." - } - } - }, - "GetCoreDefinitionRequest" : { - "type" : "structure", - "members" : { - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - } - }, - "required" : [ "CoreDefinitionId" ] - }, - "GetCoreDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetCoreDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - }, - "CoreDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionVersionId", - "documentation" : "The ID of the core definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListCoreDefinitionVersions'' requests. If the version is the last one that was associated with a core definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - } - }, - "required" : [ "CoreDefinitionId", "CoreDefinitionVersionId" ] - }, - "GetCoreDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the core definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the core definition version was created." - }, - "Definition" : { - "shape" : "CoreDefinitionVersion", - "documentation" : "Information about the core definition version." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the core definition version." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the core definition version." - } - } - }, - "GetDeploymentStatusRequest" : { - "type" : "structure", - "members" : { - "DeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeploymentId", - "documentation" : "The ID of the deployment." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId", "DeploymentId" ] - }, - "GetDeploymentStatusResponse" : { - "type" : "structure", - "members" : { - "DeploymentStatus" : { - "shape" : "__string", - "documentation" : "The status of the deployment: ''InProgress'', ''Building'', ''Success'', or ''Failure''." - }, - "DeploymentType" : { - "shape" : "DeploymentType", - "documentation" : "The type of the deployment." - }, - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Error details" - }, - "ErrorMessage" : { - "shape" : "__string", - "documentation" : "Error message" - }, - "UpdatedAt" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the deployment status was updated." - } - } - }, - "GetDeviceDefinitionRequest" : { - "type" : "structure", - "members" : { - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - } - }, - "required" : [ "DeviceDefinitionId" ] - }, - "GetDeviceDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetDeviceDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - }, - "DeviceDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionVersionId", - "documentation" : "The ID of the device definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListDeviceDefinitionVersions'' requests. If the version is the last one that was associated with a device definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "DeviceDefinitionVersionId", "DeviceDefinitionId" ] - }, - "GetDeviceDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the device definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the device definition version was created." - }, - "Definition" : { - "shape" : "DeviceDefinitionVersion", - "documentation" : "Information about the device definition version." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the device definition version." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the device definition version." - } - } - }, - "GetFunctionDefinitionRequest" : { - "type" : "structure", - "members" : { - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - } - }, - "required" : [ "FunctionDefinitionId" ] - }, - "GetFunctionDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetFunctionDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - }, - "FunctionDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionVersionId", - "documentation" : "The ID of the function definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListFunctionDefinitionVersions'' requests. If the version is the last one that was associated with a function definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "FunctionDefinitionId", "FunctionDefinitionVersionId" ] - }, - "GetFunctionDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the function definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the function definition version was created." - }, - "Definition" : { - "shape" : "FunctionDefinitionVersion", - "documentation" : "Information on the definition." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the function definition version." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the function definition version." - } - } - }, - "GetGroupCertificateAuthorityRequest" : { - "type" : "structure", - "members" : { - "CertificateAuthorityId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CertificateAuthorityId", - "documentation" : "The ID of the certificate authority." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "CertificateAuthorityId", "GroupId" ] - }, - "GetGroupCertificateAuthorityResponse" : { - "type" : "structure", - "members" : { - "GroupCertificateAuthorityArn" : { - "shape" : "__string", - "documentation" : "The ARN of the certificate authority for the group." - }, - "GroupCertificateAuthorityId" : { - "shape" : "__string", - "documentation" : "The ID of the certificate authority for the group." - }, - "PemEncodedCertificate" : { - "shape" : "__string", - "documentation" : "The PEM encoded certificate for the group." - } - } - }, - "GetGroupCertificateConfigurationRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "GetGroupCertificateConfigurationResponse" : { - "type" : "structure", - "members" : { - "CertificateAuthorityExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate authority expires, in milliseconds." - }, - "CertificateExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate expires, in milliseconds." - }, - "GroupId" : { - "shape" : "__string", - "documentation" : "The ID of the group certificate configuration." - } - } - }, - "GetGroupRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "GetGroupResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetGroupVersionRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "GroupVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupVersionId", - "documentation" : "The ID of the group version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListGroupVersions'' requests. If the version is the last one that was associated with a group, the value also maps to the ''LatestVersion'' property of the corresponding ''GroupInformation'' object." - } - }, - "required" : [ "GroupVersionId", "GroupId" ] - }, - "GetGroupVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the group version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the group version was created." - }, - "Definition" : { - "shape" : "GroupVersion", - "documentation" : "Information about the group version definition." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the group that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the group version." - } - } - }, - "GetLoggerDefinitionRequest" : { - "type" : "structure", - "members" : { - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - } - }, - "required" : [ "LoggerDefinitionId" ] - }, - "GetLoggerDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetLoggerDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - }, - "LoggerDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionVersionId", - "documentation" : "The ID of the logger definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListLoggerDefinitionVersions'' requests. If the version is the last one that was associated with a logger definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "LoggerDefinitionVersionId", "LoggerDefinitionId" ] - }, - "GetLoggerDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the logger definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the logger definition version was created." - }, - "Definition" : { - "shape" : "LoggerDefinitionVersion", - "documentation" : "Information about the logger definition version." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the logger definition version." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the logger definition version." - } - } - }, - "GetResourceDefinitionRequest" : { - "type" : "structure", - "members" : { - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - } - }, - "required" : [ "ResourceDefinitionId" ] - }, - "GetResourceDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetResourceDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - }, - "ResourceDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionVersionId", - "documentation" : "The ID of the resource definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListResourceDefinitionVersions'' requests. If the version is the last one that was associated with a resource definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - } - }, - "required" : [ "ResourceDefinitionVersionId", "ResourceDefinitionId" ] - }, - "GetResourceDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "Arn of the resource definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the resource definition version was created." - }, - "Definition" : { - "shape" : "ResourceDefinitionVersion", - "documentation" : "Information about the definition." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the resource definition version." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the resource definition version." - } - } - }, - "GetServiceRoleForAccountRequest" : { - "type" : "structure", - "members" : { } - }, - "GetServiceRoleForAccountResponse" : { - "type" : "structure", - "members" : { - "AssociatedAt" : { - "shape" : "__string", - "documentation" : "The time when the service role was associated with the account." - }, - "RoleArn" : { - "shape" : "__string", - "documentation" : "The ARN of the role which is associated with the account." - } - } - }, - "GetSubscriptionDefinitionRequest" : { - "type" : "structure", - "members" : { - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - } - }, - "required" : [ "SubscriptionDefinitionId" ] - }, - "GetSubscriptionDefinitionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the definition." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the definition." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the definition was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the definition." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) attached to the resource arn." - } - } - }, - "GetSubscriptionDefinitionVersionRequest" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - }, - "SubscriptionDefinitionVersionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionVersionId", - "documentation" : "The ID of the subscription definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListSubscriptionDefinitionVersions'' requests. If the version is the last one that was associated with a subscription definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." - } - }, - "required" : [ "SubscriptionDefinitionId", "SubscriptionDefinitionVersionId" ] - }, - "GetSubscriptionDefinitionVersionResponse" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the subscription definition version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the subscription definition version was created." - }, - "Definition" : { - "shape" : "SubscriptionDefinitionVersion", - "documentation" : "Information about the subscription definition version." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the subscription definition version." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The version of the subscription definition version." - } - } - }, - "GetThingRuntimeConfigurationRequest" : { - "type" : "structure", - "members" : { - "ThingName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ThingName", - "documentation" : "The thing name." - } - }, - "required" : [ "ThingName" ] - }, - "GetThingRuntimeConfigurationResponse" : { - "type" : "structure", - "members" : { - "RuntimeConfiguration" : { - "shape" : "RuntimeConfiguration", - "documentation" : "Runtime configuration for a thing." - } - } - }, - "GroupCertificateAuthorityProperties" : { - "type" : "structure", - "members" : { - "GroupCertificateAuthorityArn" : { - "shape" : "__string", - "documentation" : "The ARN of the certificate authority for the group." - }, - "GroupCertificateAuthorityId" : { - "shape" : "__string", - "documentation" : "The ID of the certificate authority for the group." - } - }, - "documentation" : "Information about a certificate authority for a group." - }, - "GroupCertificateConfiguration" : { - "type" : "structure", - "members" : { - "CertificateAuthorityExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate authority expires, in milliseconds." - }, - "CertificateExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate expires, in milliseconds." - }, - "GroupId" : { - "shape" : "__string", - "documentation" : "The ID of the group certificate configuration." - } - }, - "documentation" : "Information about a group certificate configuration." - }, - "GroupInformation" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the group." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the group was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the group." - }, - "LastUpdatedTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the group was last updated." - }, - "LatestVersion" : { - "shape" : "__string", - "documentation" : "The ID of the latest version associated with the group." - }, - "LatestVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the latest version associated with the group." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the group." - } - }, - "documentation" : "Information about a group." - }, - "GroupOwnerSetting" : { - "type" : "structure", - "members" : { - "AutoAddGroupOwner" : { - "shape" : "__boolean", - "documentation" : "If true, AWS IoT Greengrass automatically adds the specified Linux OS group owner of the resource to the Lambda process privileges. Thus the Lambda process will have the file access permissions of the added Linux group." - }, - "GroupOwner" : { - "shape" : "__string", - "documentation" : "The name of the Linux OS group whose privileges will be added to the Lambda process. This field is optional." - } - }, - "documentation" : "Group owner related settings for local resources." - }, - "GroupVersion" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the connector definition version for this group." - }, - "CoreDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the core definition version for this group." - }, - "DeviceDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the device definition version for this group." - }, - "FunctionDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the function definition version for this group." - }, - "LoggerDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the logger definition version for this group." - }, - "ResourceDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the resource definition version for this group." - }, - "SubscriptionDefinitionVersionArn" : { - "shape" : "__string", - "documentation" : "The ARN of the subscription definition version for this group." - } - }, - "documentation" : "Information about a group version." - }, - "InternalServerErrorException" : { - "type" : "structure", - "members" : { - "ErrorDetails" : { - "shape" : "ErrorDetails", - "documentation" : "Details about the error." - }, - "Message" : { - "shape" : "__string", - "documentation" : "A message containing information about the error." - } - }, - "documentation" : "General error information.", - "exception" : true, - "error" : { - "httpStatusCode" : 500 - } - }, - "ListBulkDeploymentDetailedReportsRequest" : { - "type" : "structure", - "members" : { - "BulkDeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "BulkDeploymentId", - "documentation" : "The ID of the bulk deployment." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "BulkDeploymentId" ] - }, - "ListBulkDeploymentDetailedReportsResponse" : { - "type" : "structure", - "members" : { - "Deployments" : { - "shape" : "BulkDeploymentResults", - "documentation" : "A list of the individual group deployments in the bulk deployment operation." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListBulkDeploymentsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListBulkDeploymentsResponse" : { - "type" : "structure", - "members" : { - "BulkDeployments" : { - "shape" : "BulkDeployments", - "documentation" : "A list of bulk deployments." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListConnectorDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "ConnectorDefinitionId" ] - }, - "ListConnectorDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListConnectorDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListConnectorDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListCoreDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "CoreDefinitionId" ] - }, - "ListCoreDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListCoreDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListCoreDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "documentation" : "A list of definitions." - }, - "ListDeploymentsRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "GroupId" ] - }, - "ListDeploymentsResponse" : { - "type" : "structure", - "members" : { - "Deployments" : { - "shape" : "Deployments", - "documentation" : "A list of deployments for the requested groups." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListDeviceDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "DeviceDefinitionId" ] - }, - "ListDeviceDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListDeviceDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListDeviceDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListFunctionDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "FunctionDefinitionId" ] - }, - "ListFunctionDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListFunctionDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListFunctionDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListGroupCertificateAuthoritiesRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "ListGroupCertificateAuthoritiesResponse" : { - "type" : "structure", - "members" : { - "GroupCertificateAuthorities" : { - "shape" : "__listOfGroupCertificateAuthorityProperties", - "documentation" : "A list of certificate authorities associated with the group." - } - } - }, - "ListGroupVersionsRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "GroupId" ] - }, - "ListGroupVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListGroupsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListGroupsResponse" : { - "type" : "structure", - "members" : { - "Groups" : { - "shape" : "__listOfGroupInformation", - "documentation" : "Information about a group." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListLoggerDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - }, - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - }, - "required" : [ "LoggerDefinitionId" ] - }, - "ListLoggerDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListLoggerDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListLoggerDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListResourceDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - } - }, - "required" : [ "ResourceDefinitionId" ] - }, - "ListResourceDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListResourceDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListResourceDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListSubscriptionDefinitionVersionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - } - }, - "required" : [ "SubscriptionDefinitionId" ] - }, - "ListSubscriptionDefinitionVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - } - }, - "ListSubscriptionDefinitionsRequest" : { - "type" : "structure", - "members" : { - "MaxResults" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "MaxResults", - "documentation" : "The maximum number of results to be returned per request." - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "NextToken", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListSubscriptionDefinitionsResponse" : { - "type" : "structure", - "members" : { - "Definitions" : { - "shape" : "__listOfDefinitionInformation", - "documentation" : "Information about a definition." - }, - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - } - } - }, - "ListTagsForResourceRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "The Amazon Resource Name (ARN) of the resource." - } - }, - "required" : [ "ResourceArn" ] - }, - "ListTagsForResourceResponse" : { - "type" : "structure", - "members" : { - "tags" : { - "shape" : "Tags" - } - } - }, - "ListVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "documentation" : "The token for the next set of results, or ''null'' if there are no additional results." - }, - "Versions" : { - "shape" : "__listOfVersionInformation", - "documentation" : "Information about a version." - } - }, - "documentation" : "A list of versions." - }, - "LocalDeviceResourceData" : { - "type" : "structure", - "members" : { - "GroupOwnerSetting" : { - "shape" : "GroupOwnerSetting", - "documentation" : "Group/owner related settings for local resources." - }, - "SourcePath" : { - "shape" : "__string", - "documentation" : "The local absolute path of the device resource. The source path for a device resource can refer only to a character device or block device under ''/dev''." - } - }, - "documentation" : "Attributes that define a local device resource." - }, - "LocalVolumeResourceData" : { - "type" : "structure", - "members" : { - "DestinationPath" : { - "shape" : "__string", - "documentation" : "The absolute local path of the resource inside the Lambda environment." - }, - "GroupOwnerSetting" : { - "shape" : "GroupOwnerSetting", - "documentation" : "Allows you to configure additional group privileges for the Lambda process. This field is optional." - }, - "SourcePath" : { - "shape" : "__string", - "documentation" : "The local absolute path of the volume resource on the host. The source path for a volume resource type cannot start with ''/sys''." - } - }, - "documentation" : "Attributes that define a local volume resource." - }, - "Logger" : { - "type" : "structure", - "members" : { - "Component" : { - "shape" : "LoggerComponent", - "documentation" : "The component that will be subject to logging." - }, - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the logger. This value must be unique within the logger definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." - }, - "Level" : { - "shape" : "LoggerLevel", - "documentation" : "The level of the logs." - }, - "Space" : { - "shape" : "__integer", - "documentation" : "The amount of file space, in KB, to use if the local file system is used for logging purposes." - }, - "Type" : { - "shape" : "LoggerType", - "documentation" : "The type of log output which will be used." - } - }, - "documentation" : "Information about a logger", - "required" : [ "Type", "Level", "Id", "Component" ] - }, - "LoggerComponent" : { - "type" : "string", - "enum" : [ "GreengrassSystem", "Lambda" ] - }, - "LoggerDefinitionVersion" : { - "type" : "structure", - "members" : { - "Loggers" : { - "shape" : "__listOfLogger", - "documentation" : "A list of loggers." - } - }, - "documentation" : "Information about a logger definition version." - }, - "LoggerLevel" : { - "type" : "string", - "enum" : [ "DEBUG", "INFO", "WARN", "ERROR", "FATAL" ] - }, - "LoggerType" : { - "type" : "string", - "enum" : [ "FileSystem", "AWSCloudWatch" ] - }, - "Permission" : { - "type" : "string", - "documentation" : "The type of permission a function has to access a resource.", - "enum" : [ "ro", "rw" ] - }, - "ResetDeploymentsRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "Force" : { - "shape" : "__boolean", - "documentation" : "If true, performs a best-effort only core reset." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "documentation" : "Information needed to reset deployments.", - "required" : [ "GroupId" ] - }, - "ResetDeploymentsResponse" : { - "type" : "structure", - "members" : { - "DeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the deployment." - }, - "DeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the deployment." - } - } - }, - "Resource" : { - "type" : "structure", - "members" : { - "Id" : { - "shape" : "__string", - "documentation" : "The resource ID, used to refer to a resource in the Lambda function configuration. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''. This must be unique within a Greengrass group." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The descriptive resource name, which is displayed on the AWS IoT Greengrass console. Max length 128 characters with pattern ''[a-zA-Z0-9:_-]+''. This must be unique within a Greengrass group." - }, - "ResourceDataContainer" : { - "shape" : "ResourceDataContainer", - "documentation" : "A container of data for all resource types." - } - }, - "documentation" : "Information about a resource.", - "required" : [ "ResourceDataContainer", "Id", "Name" ] - }, - "ResourceAccessPolicy" : { - "type" : "structure", - "members" : { - "Permission" : { - "shape" : "Permission", - "documentation" : "The permissions that the Lambda function has to the resource. Can be one of ''rw'' (read/write) or ''ro'' (read-only)." - }, - "ResourceId" : { - "shape" : "__string", - "documentation" : "The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)" - } - }, - "documentation" : "A policy used by the function to access a resource.", - "required" : [ "ResourceId" ] - }, - "ResourceDataContainer" : { - "type" : "structure", - "members" : { - "LocalDeviceResourceData" : { - "shape" : "LocalDeviceResourceData", - "documentation" : "Attributes that define the local device resource." - }, - "LocalVolumeResourceData" : { - "shape" : "LocalVolumeResourceData", - "documentation" : "Attributes that define the local volume resource." - }, - "S3MachineLearningModelResourceData" : { - "shape" : "S3MachineLearningModelResourceData", - "documentation" : "Attributes that define an Amazon S3 machine learning resource." - }, - "SageMakerMachineLearningModelResourceData" : { - "shape" : "SageMakerMachineLearningModelResourceData", - "documentation" : "Attributes that define an Amazon SageMaker machine learning resource." - }, - "SecretsManagerSecretResourceData" : { - "shape" : "SecretsManagerSecretResourceData", - "documentation" : "Attributes that define a secret resource, which references a secret from AWS Secrets Manager." - } - }, - "documentation" : "A container for resource data. The container takes only one of the following supported resource data types: ''LocalDeviceResourceData'', ''LocalVolumeResourceData'', ''SageMakerMachineLearningModelResourceData'', ''S3MachineLearningModelResourceData'', ''SecretsManagerSecretResourceData''." - }, - "ResourceDefinitionVersion" : { - "type" : "structure", - "members" : { - "Resources" : { - "shape" : "__listOfResource", - "documentation" : "A list of resources." - } - }, - "documentation" : "Information about a resource definition version." - }, - "ResourceDownloadOwnerSetting" : { - "type" : "structure", - "members" : { - "GroupOwner" : { - "shape" : "__string", - "documentation" : "The group owner of the resource. This is the name of an existing Linux OS group on the system or a GID. The group's permissions are added to the Lambda process." - }, - "GroupPermission" : { - "shape" : "Permission", - "documentation" : "The permissions that the group owner has to the resource. Valid values are ''rw'' (read/write) or ''ro'' (read-only)." - } - }, - "documentation" : "The owner setting for downloaded machine learning resources.", - "required" : [ "GroupOwner", "GroupPermission" ] - }, - "RuntimeConfiguration" : { - "type" : "structure", - "members" : { - "TelemetryConfiguration" : { - "shape" : "TelemetryConfiguration", - "documentation" : "Configuration for telemetry service." - } - }, - "documentation" : "Runtime configuration for a thing." - }, - "RuntimeConfigurationUpdate" : { - "type" : "structure", - "members" : { - "TelemetryConfiguration" : { - "shape" : "TelemetryConfigurationUpdate", - "documentation" : "Configuration for telemetry service." - } - }, - "documentation" : "Runtime configuration for a thing." - }, - "S3MachineLearningModelResourceData" : { - "type" : "structure", - "members" : { - "DestinationPath" : { - "shape" : "__string", - "documentation" : "The absolute local path of the resource inside the Lambda environment." - }, - "OwnerSetting" : { - "shape" : "ResourceDownloadOwnerSetting" - }, - "S3Uri" : { - "shape" : "__string", - "documentation" : "The URI of the source model in an S3 bucket. The model package must be in tar.gz or .zip format." - } - }, - "documentation" : "Attributes that define an Amazon S3 machine learning resource." - }, - "S3UrlSignerRole" : { - "type" : "string", - "documentation" : "The IAM Role that Greengrass will use to create pre-signed URLs pointing towards the update artifact." - }, - "SageMakerMachineLearningModelResourceData" : { - "type" : "structure", - "members" : { - "DestinationPath" : { - "shape" : "__string", - "documentation" : "The absolute local path of the resource inside the Lambda environment." - }, - "OwnerSetting" : { - "shape" : "ResourceDownloadOwnerSetting" - }, - "SageMakerJobArn" : { - "shape" : "__string", - "documentation" : "The ARN of the Amazon SageMaker training job that represents the source model." - } - }, - "documentation" : "Attributes that define an Amazon SageMaker machine learning resource." - }, - "SecretsManagerSecretResourceData" : { - "type" : "structure", - "members" : { - "ARN" : { - "shape" : "__string", - "documentation" : "The ARN of the Secrets Manager secret to make available on the core. The value of the secret's latest version (represented by the ''AWSCURRENT'' staging label) is included by default." - }, - "AdditionalStagingLabelsToDownload" : { - "shape" : "__listOf__string", - "documentation" : "Optional. The staging labels whose values you want to make available on the core, in addition to ''AWSCURRENT''." - } - }, - "documentation" : "Attributes that define a secret resource, which references a secret from AWS Secrets Manager. AWS IoT Greengrass stores a local, encrypted copy of the secret on the Greengrass core, where it can be securely accessed by connectors and Lambda functions." - }, - "SoftwareToUpdate" : { - "type" : "string", - "documentation" : "The piece of software on the Greengrass core that will be updated.", - "enum" : [ "core", "ota_agent" ] - }, - "StartBulkDeploymentRequest" : { - "type" : "structure", - "members" : { - "AmznClientToken" : { - "shape" : "__string", - "location" : "header", - "locationName" : "X-Amzn-Client-Token", - "documentation" : "A client token used to correlate requests and responses." - }, - "ExecutionRoleArn" : { - "shape" : "__string", - "documentation" : "The ARN of the execution role to associate with the bulk deployment operation. This IAM role must allow the ''greengrass:CreateDeployment'' action for all group versions that are listed in the input file. This IAM role must have access to the S3 bucket containing the input file." - }, - "InputFileUri" : { - "shape" : "__string", - "documentation" : "The URI of the input file contained in the S3 bucket. The execution role must have ''getObject'' permissions on this bucket to access the input file. The input file is a JSON-serialized, line delimited file with UTF-8 encoding that provides a list of group and version IDs and the deployment type. This file must be less than 100 MB. Currently, AWS IoT Greengrass supports only ''NewDeployment'' deployment types." - }, - "tags" : { - "shape" : "Tags", - "documentation" : "Tag(s) to add to the new resource." - } - }, - "required" : [ "ExecutionRoleArn", "InputFileUri" ] - }, - "StartBulkDeploymentResponse" : { - "type" : "structure", - "members" : { - "BulkDeploymentArn" : { - "shape" : "__string", - "documentation" : "The ARN of the bulk deployment." - }, - "BulkDeploymentId" : { - "shape" : "__string", - "documentation" : "The ID of the bulk deployment." - } - } - }, - "StopBulkDeploymentRequest" : { - "type" : "structure", - "members" : { - "BulkDeploymentId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "BulkDeploymentId", - "documentation" : "The ID of the bulk deployment." - } - }, - "required" : [ "BulkDeploymentId" ] - }, - "StopBulkDeploymentResponse" : { - "type" : "structure", - "members" : { } - }, - "Subscription" : { - "type" : "structure", - "members" : { - "Id" : { - "shape" : "__string", - "documentation" : "A descriptive or arbitrary ID for the subscription. This value must be unique within the subscription definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." - }, - "Source" : { - "shape" : "__string", - "documentation" : "The source of the subscription. Can be a thing ARN, a Lambda function ARN, a connector ARN, 'cloud' (which represents the AWS IoT cloud), or 'GGShadowService'." - }, - "Subject" : { - "shape" : "__string", - "documentation" : "The MQTT topic used to route the message." - }, - "Target" : { - "shape" : "__string", - "documentation" : "Where the message is sent to. Can be a thing ARN, a Lambda function ARN, a connector ARN, 'cloud' (which represents the AWS IoT cloud), or 'GGShadowService'." - } - }, - "documentation" : "Information about a subscription.", - "required" : [ "Target", "Id", "Subject", "Source" ] - }, - "SubscriptionDefinitionVersion" : { - "type" : "structure", - "members" : { - "Subscriptions" : { - "shape" : "__listOfSubscription", - "documentation" : "A list of subscriptions." - } - }, - "documentation" : "Information about a subscription definition version." - }, - "TagResourceRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "The Amazon Resource Name (ARN) of the resource." - }, - "tags" : { - "shape" : "Tags" - } - }, - "documentation" : "A map of the key-value pairs for the resource tag.", - "required" : [ "ResourceArn" ] - }, - "Tags" : { - "type" : "map", - "documentation" : "The key-value pair for the resource tag.", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "__string" - } - }, - "Telemetry" : { - "type" : "string", - "enum" : [ "On", "Off" ] - }, - "TelemetryConfiguration" : { - "type" : "structure", - "members" : { - "ConfigurationSyncStatus" : { - "shape" : "ConfigurationSyncStatus", - "documentation" : "Synchronization status of the device reported configuration with the desired configuration." - }, - "Telemetry" : { - "shape" : "Telemetry", - "documentation" : "Configure telemetry to be on or off." - } - }, - "documentation" : "Configuration settings for running telemetry.", - "required" : [ "Telemetry" ] - }, - "TelemetryConfigurationUpdate" : { - "type" : "structure", - "members" : { - "Telemetry" : { - "shape" : "Telemetry", - "documentation" : "Configure telemetry to be on or off." - } - }, - "documentation" : "Configuration settings for running telemetry.", - "required" : [ "Telemetry" ] - }, - "UntagResourceRequest" : { - "type" : "structure", - "members" : { - "ResourceArn" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "resource-arn", - "documentation" : "The Amazon Resource Name (ARN) of the resource." - }, - "TagKeys" : { - "shape" : "__listOf__string", - "location" : "querystring", - "locationName" : "tagKeys", - "documentation" : "An array of tag keys to delete" - } - }, - "required" : [ "TagKeys", "ResourceArn" ] - }, - "UpdateAgentLogLevel" : { - "type" : "string", - "documentation" : "The minimum level of log statements that should be logged by the OTA Agent during an update.", - "enum" : [ "NONE", "TRACE", "DEBUG", "VERBOSE", "INFO", "WARN", "ERROR", "FATAL" ] - }, - "UpdateConnectivityInfoRequest" : { - "type" : "structure", - "members" : { - "ConnectivityInfo" : { - "shape" : "__listOfConnectivityInfo", - "documentation" : "A list of connectivity info." - }, - "ThingName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ThingName", - "documentation" : "The thing name." - } - }, - "documentation" : "Connectivity information.", - "required" : [ "ThingName" ] - }, - "UpdateConnectivityInfoResponse" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "A message about the connectivity info update request." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The new version of the connectivity info." - } - } - }, - "UpdateConnectorDefinitionRequest" : { - "type" : "structure", - "members" : { - "ConnectorDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConnectorDefinitionId", - "documentation" : "The ID of the connector definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "ConnectorDefinitionId" ] - }, - "UpdateConnectorDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateCoreDefinitionRequest" : { - "type" : "structure", - "members" : { - "CoreDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "CoreDefinitionId", - "documentation" : "The ID of the core definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "CoreDefinitionId" ] - }, - "UpdateCoreDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateDeviceDefinitionRequest" : { - "type" : "structure", - "members" : { - "DeviceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "DeviceDefinitionId", - "documentation" : "The ID of the device definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "DeviceDefinitionId" ] - }, - "UpdateDeviceDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateFunctionDefinitionRequest" : { - "type" : "structure", - "members" : { - "FunctionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "FunctionDefinitionId", - "documentation" : "The ID of the Lambda function definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "FunctionDefinitionId" ] - }, - "UpdateFunctionDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateGroupCertificateConfigurationRequest" : { - "type" : "structure", - "members" : { - "CertificateExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate expires, in milliseconds." - }, - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - } - }, - "required" : [ "GroupId" ] - }, - "UpdateGroupCertificateConfigurationResponse" : { - "type" : "structure", - "members" : { - "CertificateAuthorityExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate authority expires, in milliseconds." - }, - "CertificateExpiryInMilliseconds" : { - "shape" : "__string", - "documentation" : "The amount of time remaining before the certificate expires, in milliseconds." - }, - "GroupId" : { - "shape" : "__string", - "documentation" : "The ID of the group certificate configuration." - } - } - }, - "UpdateGroupRequest" : { - "type" : "structure", - "members" : { - "GroupId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "GroupId", - "documentation" : "The ID of the Greengrass group." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "GroupId" ] - }, - "UpdateGroupResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateLoggerDefinitionRequest" : { - "type" : "structure", - "members" : { - "LoggerDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "LoggerDefinitionId", - "documentation" : "The ID of the logger definition." - }, - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - } - }, - "required" : [ "LoggerDefinitionId" ] - }, - "UpdateLoggerDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateResourceDefinitionRequest" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "ResourceDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ResourceDefinitionId", - "documentation" : "The ID of the resource definition." - } - }, - "required" : [ "ResourceDefinitionId" ] - }, - "UpdateResourceDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateSubscriptionDefinitionRequest" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "__string", - "documentation" : "The name of the definition." - }, - "SubscriptionDefinitionId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "SubscriptionDefinitionId", - "documentation" : "The ID of the subscription definition." - } - }, - "required" : [ "SubscriptionDefinitionId" ] - }, - "UpdateSubscriptionDefinitionResponse" : { - "type" : "structure", - "members" : { } - }, - "UpdateTargets" : { - "type" : "list", - "documentation" : "The ARNs of the targets (IoT things or IoT thing groups) that this update will be applied to.", - "member" : { - "shape" : "__string" - } - }, - "UpdateTargetsArchitecture" : { - "type" : "string", - "documentation" : "The architecture of the cores which are the targets of an update.", - "enum" : [ "armv6l", "armv7l", "x86_64", "aarch64" ] - }, - "UpdateTargetsOperatingSystem" : { - "type" : "string", - "documentation" : "The operating system of the cores which are the targets of an update.", - "enum" : [ "ubuntu", "raspbian", "amazon_linux", "openwrt" ] - }, - "UpdateThingRuntimeConfigurationRequest" : { - "type" : "structure", - "members" : { - "TelemetryConfiguration" : { - "shape" : "TelemetryConfigurationUpdate", - "documentation" : "Configuration for telemetry service." - }, - "ThingName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ThingName", - "documentation" : "The thing name." - } - }, - "required" : [ "ThingName" ] - }, - "UpdateThingRuntimeConfigurationResponse" : { - "type" : "structure", - "members" : { } - }, - "VersionInformation" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "documentation" : "The ARN of the version." - }, - "CreationTimestamp" : { - "shape" : "__string", - "documentation" : "The time, in milliseconds since the epoch, when the version was created." - }, - "Id" : { - "shape" : "__string", - "documentation" : "The ID of the parent definition that the version is associated with." - }, - "Version" : { - "shape" : "__string", - "documentation" : "The ID of the version." - } - }, - "documentation" : "Information about a version." - }, - "__boolean" : { - "type" : "boolean" - }, - "__double" : { - "type" : "double" - }, - "__integer" : { - "type" : "integer" - }, - "__listOfConnectivityInfo" : { - "type" : "list", - "member" : { - "shape" : "ConnectivityInfo" - } - }, - "__listOfConnector" : { - "type" : "list", - "member" : { - "shape" : "Connector" - } - }, - "__listOfCore" : { - "type" : "list", - "member" : { - "shape" : "Core" - } - }, - "__listOfDefinitionInformation" : { - "type" : "list", - "member" : { - "shape" : "DefinitionInformation" - } - }, - "__listOfDevice" : { - "type" : "list", - "member" : { - "shape" : "Device" - } - }, - "__listOfFunction" : { - "type" : "list", - "member" : { - "shape" : "Function" - } - }, - "__listOfGroupCertificateAuthorityProperties" : { - "type" : "list", - "member" : { - "shape" : "GroupCertificateAuthorityProperties" - } - }, - "__listOfGroupInformation" : { - "type" : "list", - "member" : { - "shape" : "GroupInformation" - } - }, - "__listOfLogger" : { - "type" : "list", - "member" : { - "shape" : "Logger" - } - }, - "__listOfResource" : { - "type" : "list", - "member" : { - "shape" : "Resource" - } - }, - "__listOfResourceAccessPolicy" : { - "type" : "list", - "member" : { - "shape" : "ResourceAccessPolicy" - } - }, - "__listOfSubscription" : { - "type" : "list", - "member" : { - "shape" : "Subscription" - } - }, - "__listOfVersionInformation" : { - "type" : "list", - "member" : { - "shape" : "VersionInformation" - } - }, - "__listOf__string" : { - "type" : "list", - "member" : { - "shape" : "__string" - } - }, - "__long" : { - "type" : "long" - }, - "__mapOf__string" : { - "type" : "map", - "key" : { - "shape" : "__string" - }, - "value" : { - "shape" : "__string" - } - }, - "__string" : { - "type" : "string" - }, - "__timestampIso8601" : { - "type" : "timestamp", - "timestampFormat" : "iso8601" - }, - "__timestampUnix" : { - "type" : "timestamp", - "timestampFormat" : "unixTimestamp" + "shapes": { + "AssociateRoleToGroupRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "RoleArn": { + "shape": "__string", + "documentation": "The ARN of the role you wish to associate with this group. The existence of the role is not validated." + } + }, + "required": [ + "GroupId", + "RoleArn" + ] + }, + "AssociateRoleToGroupResponse": { + "type": "structure", + "members": { + "AssociatedAt": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the role ARN was associated with the group." + } + } + }, + "AssociateServiceRoleToAccountRequest": { + "type": "structure", + "members": { + "RoleArn": { + "shape": "__string", + "documentation": "The ARN of the service role you wish to associate with your account." + } + }, + "required": [ + "RoleArn" + ] + }, + "AssociateServiceRoleToAccountResponse": { + "type": "structure", + "members": { + "AssociatedAt": { + "shape": "__string", + "documentation": "The time when the service role was associated with the account." + } + } + }, + "BadRequestException": { + "type": "structure", + "members": { + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Details about the error." + }, + "Message": { + "shape": "__string", + "documentation": "A message containing information about the error." + } + }, + "documentation": "General error information.", + "exception": true, + "error": { + "httpStatusCode": 400 + } + }, + "BulkDeployment": { + "type": "structure", + "members": { + "BulkDeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the bulk deployment." + }, + "BulkDeploymentId": { + "shape": "__string", + "documentation": "The ID of the bulk deployment." + }, + "CreatedAt": { + "shape": "__string", + "documentation": "The time, in ISO format, when the deployment was created." + } + }, + "documentation": "Information about a bulk deployment. You cannot start a new bulk deployment while another one is still running or in a non-terminal state." + }, + "BulkDeploymentMetrics": { + "type": "structure", + "members": { + "InvalidInputRecords": { + "shape": "__integer", + "documentation": "The total number of records that returned a non-retryable error. For example, this can occur if a group record from the input file uses an invalid format or specifies a nonexistent group version, or if the execution role doesn't grant permission to deploy a group or group version." + }, + "RecordsProcessed": { + "shape": "__integer", + "documentation": "The total number of group records from the input file that have been processed so far, or attempted." + }, + "RetryAttempts": { + "shape": "__integer", + "documentation": "The total number of deployment attempts that returned a retryable error. For example, a retry is triggered if the attempt to deploy a group returns a throttling error. ''StartBulkDeployment'' retries a group deployment up to five times." + } + }, + "documentation": "Relevant metrics on input records processed during bulk deployment." + }, + "BulkDeploymentResult": { + "type": "structure", + "members": { + "CreatedAt": { + "shape": "__string", + "documentation": "The time, in ISO format, when the deployment was created." + }, + "DeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the group deployment." + }, + "DeploymentId": { + "shape": "__string", + "documentation": "The ID of the group deployment." + }, + "DeploymentStatus": { + "shape": "__string", + "documentation": "The current status of the group deployment: ''InProgress'', ''Building'', ''Success'', or ''Failure''." + }, + "DeploymentType": { + "shape": "DeploymentType", + "documentation": "The type of the deployment." + }, + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Details about the error." + }, + "ErrorMessage": { + "shape": "__string", + "documentation": "The error message for a failed deployment" + }, + "GroupArn": { + "shape": "__string", + "documentation": "The ARN of the Greengrass group." + } + }, + "documentation": "Information about an individual group deployment in a bulk deployment operation." + }, + "BulkDeploymentResults": { + "type": "list", + "member": { + "shape": "BulkDeploymentResult" + } + }, + "BulkDeploymentStatus": { + "type": "string", + "documentation": "The current status of the bulk deployment.", + "enum": [ + "Initializing", + "Running", + "Completed", + "Stopping", + "Stopped", + "Failed" + ] + }, + "BulkDeployments": { + "type": "list", + "member": { + "shape": "BulkDeployment" + } + }, + "ConfigurationSyncStatus": { + "type": "string", + "enum": [ + "InSync", + "OutOfSync" + ] + }, + "ConnectivityInfo": { + "type": "structure", + "members": { + "HostAddress": { + "shape": "__string", + "documentation": "The endpoint for the Greengrass core. Can be an IP address or DNS." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the connectivity information." + }, + "Metadata": { + "shape": "__string", + "documentation": "Metadata for this endpoint." + }, + "PortNumber": { + "shape": "__integer", + "documentation": "The port of the Greengrass core. Usually 8883." + } + }, + "documentation": "Information about a Greengrass core's connectivity." + }, + "Connector": { + "type": "structure", + "members": { + "ConnectorArn": { + "shape": "__string", + "documentation": "The ARN of the connector." + }, + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the connector. This value must be unique within the connector definition version. Max length is 128 characters with pattern [a-zA-Z0-9:_-]+." + }, + "Parameters": { + "shape": "__mapOf__string", + "documentation": "The parameters or configuration that the connector uses." + } + }, + "documentation": "Information about a connector. Connectors run on the Greengrass core and contain built-in integration with local infrastructure, device protocols, AWS, and other cloud services.", + "required": [ + "ConnectorArn", + "Id" + ] + }, + "ConnectorDefinitionVersion": { + "type": "structure", + "members": { + "Connectors": { + "shape": "__listOfConnector", + "documentation": "A list of references to connectors in this version, with their corresponding configuration settings." + } + }, + "documentation": "Information about the connector definition version, which is a container for connectors." + }, + "Core": { + "type": "structure", + "members": { + "CertificateArn": { + "shape": "__string", + "documentation": "The ARN of the certificate associated with the core." + }, + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the core. This value must be unique within the core definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." + }, + "SyncShadow": { + "shape": "__boolean", + "documentation": "If true, the core's local shadow is automatically synced with the cloud." + }, + "ThingArn": { + "shape": "__string", + "documentation": "The ARN of the thing which is the core." + } + }, + "documentation": "Information about a core.", + "required": [ + "ThingArn", + "Id", + "CertificateArn" + ] + }, + "CoreDefinitionVersion": { + "type": "structure", + "members": { + "Cores": { + "shape": "__listOfCore", + "documentation": "A list of cores in the core definition version." + } + }, + "documentation": "Information about a core definition version." + }, + "CreateConnectorDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "ConnectorDefinitionVersion", + "documentation": "Information about the initial version of the connector definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the connector definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateConnectorDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateConnectorDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + }, + "Connectors": { + "shape": "__listOfConnector", + "documentation": "A list of references to connectors in this version, with their corresponding configuration settings." + } + }, + "required": [ + "ConnectorDefinitionId" + ] + }, + "CreateConnectorDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateCoreDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "CoreDefinitionVersion", + "documentation": "Information about the initial version of the core definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the core definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + }, + "documentation": "Information needed to create a core definition." + }, + "CreateCoreDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateCoreDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + }, + "Cores": { + "shape": "__listOfCore", + "documentation": "A list of cores in the core definition version." + } + }, + "required": [ + "CoreDefinitionId" + ] + }, + "CreateCoreDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateDeploymentRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "DeploymentId": { + "shape": "__string", + "documentation": "The ID of the deployment if you wish to redeploy a previous deployment." + }, + "DeploymentType": { + "shape": "DeploymentType", + "documentation": "The type of deployment. When used for ''CreateDeployment'', only ''NewDeployment'' and ''Redeployment'' are valid." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "GroupVersionId": { + "shape": "__string", + "documentation": "The ID of the group version to be deployed." + } + }, + "required": [ + "GroupId", + "DeploymentType" + ] + }, + "CreateDeploymentResponse": { + "type": "structure", + "members": { + "DeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the deployment." + }, + "DeploymentId": { + "shape": "__string", + "documentation": "The ID of the deployment." + } + } + }, + "CreateDeviceDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "DeviceDefinitionVersion", + "documentation": "Information about the initial version of the device definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the device definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateDeviceDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateDeviceDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + }, + "Devices": { + "shape": "__listOfDevice", + "documentation": "A list of devices in the definition version." + } + }, + "required": [ + "DeviceDefinitionId" + ] + }, + "CreateDeviceDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateFunctionDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "FunctionDefinitionVersion", + "documentation": "Information about the initial version of the function definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the function definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateFunctionDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateFunctionDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "DefaultConfig": { + "shape": "FunctionDefaultConfig", + "documentation": "The default configuration that applies to all Lambda functions in this function definition version. Individual Lambda functions can override these settings." + }, + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + }, + "Functions": { + "shape": "__listOfFunction", + "documentation": "A list of Lambda functions in this function definition version." + } + }, + "documentation": "Information needed to create a function definition version.", + "required": [ + "FunctionDefinitionId" + ] + }, + "CreateFunctionDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateGroupCertificateAuthorityRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "CreateGroupCertificateAuthorityResponse": { + "type": "structure", + "members": { + "GroupCertificateAuthorityArn": { + "shape": "__string", + "documentation": "The ARN of the group certificate authority." + } + } + }, + "CreateGroupRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "GroupVersion", + "documentation": "Information about the initial version of the group." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the group." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + }, + "required": [ + "Name" + ] + }, + "CreateGroupResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateGroupVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "ConnectorDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the connector definition version for this group." + }, + "CoreDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the core definition version for this group." + }, + "DeviceDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the device definition version for this group." + }, + "FunctionDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the function definition version for this group." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "LoggerDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the logger definition version for this group." + }, + "ResourceDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the resource definition version for this group." + }, + "SubscriptionDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the subscription definition version for this group." + } + }, + "required": [ + "GroupId" + ] + }, + "CreateGroupVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateLoggerDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "LoggerDefinitionVersion", + "documentation": "Information about the initial version of the logger definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the logger definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateLoggerDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateLoggerDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + }, + "Loggers": { + "shape": "__listOfLogger", + "documentation": "A list of loggers." + } + }, + "required": [ + "LoggerDefinitionId" + ] + }, + "CreateLoggerDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateResourceDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "ResourceDefinitionVersion", + "documentation": "Information about the initial version of the resource definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the resource definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateResourceDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateResourceDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + }, + "Resources": { + "shape": "__listOfResource", + "documentation": "A list of resources." + } + }, + "required": [ + "ResourceDefinitionId" + ] + }, + "CreateResourceDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "CreateSoftwareUpdateJobRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "S3UrlSignerRole": { + "shape": "S3UrlSignerRole" + }, + "SoftwareToUpdate": { + "shape": "SoftwareToUpdate" + }, + "UpdateAgentLogLevel": { + "shape": "UpdateAgentLogLevel" + }, + "UpdateTargets": { + "shape": "UpdateTargets" + }, + "UpdateTargetsArchitecture": { + "shape": "UpdateTargetsArchitecture" + }, + "UpdateTargetsOperatingSystem": { + "shape": "UpdateTargetsOperatingSystem" + } + }, + "required": [ + "S3UrlSignerRole", + "UpdateTargetsArchitecture", + "SoftwareToUpdate", + "UpdateTargets", + "UpdateTargetsOperatingSystem" + ] + }, + "CreateSoftwareUpdateJobResponse": { + "type": "structure", + "members": { + "IotJobArn": { + "shape": "__string", + "documentation": "The IoT Job ARN corresponding to this update." + }, + "IotJobId": { + "shape": "__string", + "documentation": "The IoT Job Id corresponding to this update." + }, + "PlatformSoftwareVersion": { + "shape": "__string", + "documentation": "The software version installed on the device or devices after the update." + } + } + }, + "CreateSubscriptionDefinitionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "InitialVersion": { + "shape": "SubscriptionDefinitionVersion", + "documentation": "Information about the initial version of the subscription definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the subscription definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + } + }, + "CreateSubscriptionDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + } + }, + "CreateSubscriptionDefinitionVersionRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + }, + "Subscriptions": { + "shape": "__listOfSubscription", + "documentation": "A list of subscriptions." + } + }, + "required": [ + "SubscriptionDefinitionId" + ] + }, + "CreateSubscriptionDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + } + }, + "DefinitionInformation": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "Tag(s) attached to the resource arn." + } + }, + "documentation": "Information about a definition." + }, + "DeleteConnectorDefinitionRequest": { + "type": "structure", + "members": { + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + } + }, + "required": [ + "ConnectorDefinitionId" + ] + }, + "DeleteConnectorDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteCoreDefinitionRequest": { + "type": "structure", + "members": { + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + } + }, + "required": [ + "CoreDefinitionId" + ] + }, + "DeleteCoreDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteDeviceDefinitionRequest": { + "type": "structure", + "members": { + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + } + }, + "required": [ + "DeviceDefinitionId" + ] + }, + "DeleteDeviceDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteFunctionDefinitionRequest": { + "type": "structure", + "members": { + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + } + }, + "required": [ + "FunctionDefinitionId" + ] + }, + "DeleteFunctionDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteGroupRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "DeleteGroupResponse": { + "type": "structure", + "members": {} + }, + "DeleteLoggerDefinitionRequest": { + "type": "structure", + "members": { + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + } + }, + "required": [ + "LoggerDefinitionId" + ] + }, + "DeleteLoggerDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteResourceDefinitionRequest": { + "type": "structure", + "members": { + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + } + }, + "required": [ + "ResourceDefinitionId" + ] + }, + "DeleteResourceDefinitionResponse": { + "type": "structure", + "members": {} + }, + "DeleteSubscriptionDefinitionRequest": { + "type": "structure", + "members": { + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + } + }, + "required": [ + "SubscriptionDefinitionId" + ] + }, + "DeleteSubscriptionDefinitionResponse": { + "type": "structure", + "members": {} + }, + "Deployment": { + "type": "structure", + "members": { + "CreatedAt": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the deployment was created." + }, + "DeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the deployment." + }, + "DeploymentId": { + "shape": "__string", + "documentation": "The ID of the deployment." + }, + "DeploymentType": { + "shape": "DeploymentType", + "documentation": "The type of the deployment." + }, + "GroupArn": { + "shape": "__string", + "documentation": "The ARN of the group for this deployment." + } + }, + "documentation": "Information about a deployment." + }, + "DeploymentType": { + "type": "string", + "documentation": "The type of deployment. When used for ''CreateDeployment'', only ''NewDeployment'' and ''Redeployment'' are valid.", + "enum": [ + "NewDeployment", + "Redeployment", + "ResetDeployment", + "ForceResetDeployment" + ] + }, + "Deployments": { + "type": "list", + "member": { + "shape": "Deployment" + } + }, + "Device": { + "type": "structure", + "members": { + "CertificateArn": { + "shape": "__string", + "documentation": "The ARN of the certificate associated with the device." + }, + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the device. This value must be unique within the device definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." + }, + "SyncShadow": { + "shape": "__boolean", + "documentation": "If true, the device's local shadow will be automatically synced with the cloud." + }, + "ThingArn": { + "shape": "__string", + "documentation": "The thing ARN of the device." + } + }, + "documentation": "Information about a device.", + "required": [ + "ThingArn", + "Id", + "CertificateArn" + ] + }, + "DeviceDefinitionVersion": { + "type": "structure", + "members": { + "Devices": { + "shape": "__listOfDevice", + "documentation": "A list of devices in the definition version." + } + }, + "documentation": "Information about a device definition version." + }, + "DisassociateRoleFromGroupRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "DisassociateRoleFromGroupResponse": { + "type": "structure", + "members": { + "DisassociatedAt": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the role was disassociated from the group." + } + } + }, + "DisassociateServiceRoleFromAccountRequest": { + "type": "structure", + "members": {} + }, + "DisassociateServiceRoleFromAccountResponse": { + "type": "structure", + "members": { + "DisassociatedAt": { + "shape": "__string", + "documentation": "The time when the service role was disassociated from the account." + } + } + }, + "Empty": { + "type": "structure", + "members": {}, + "documentation": "Empty" + }, + "EncodingType": { + "type": "string", + "enum": [ + "binary", + "json" + ] + }, + "ErrorDetail": { + "type": "structure", + "members": { + "DetailedErrorCode": { + "shape": "__string", + "documentation": "A detailed error code." + }, + "DetailedErrorMessage": { + "shape": "__string", + "documentation": "A detailed error message." + } + }, + "documentation": "Details about the error." + }, + "ErrorDetails": { + "type": "list", + "documentation": "A list of error details.", + "member": { + "shape": "ErrorDetail" + } + }, + "Function": { + "type": "structure", + "members": { + "FunctionArn": { + "shape": "__string", + "documentation": "The ARN of the Lambda function." + }, + "FunctionConfiguration": { + "shape": "FunctionConfiguration", + "documentation": "The configuration of the Lambda function." + }, + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the function. This value must be unique within the function definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." + } + }, + "documentation": "Information about a Lambda function.", + "required": [ + "Id" + ] + }, + "FunctionConfiguration": { + "type": "structure", + "members": { + "EncodingType": { + "shape": "EncodingType", + "documentation": "The expected encoding type of the input payload for the function. The default is ''json''." + }, + "Environment": { + "shape": "FunctionConfigurationEnvironment", + "documentation": "The environment configuration of the function." + }, + "ExecArgs": { + "shape": "__string", + "documentation": "The execution arguments." + }, + "Executable": { + "shape": "__string", + "documentation": "The name of the function executable." + }, + "MemorySize": { + "shape": "__integer", + "documentation": "The memory size, in KB, which the function requires. This setting is not applicable and should be cleared when you run the Lambda function without containerization." + }, + "Pinned": { + "shape": "__boolean", + "documentation": "True if the function is pinned. Pinned means the function is long-lived and starts when the core starts." + }, + "Timeout": { + "shape": "__integer", + "documentation": "The allowed function execution time, after which Lambda should terminate the function. This timeout still applies to pinned Lambda functions for each request." + }, + "FunctionRuntimeOverride": { + "shape": "__string", + "documentation": "The Lambda runtime supported by Greengrass which is to be used instead of the one specified in the Lambda function." + } + }, + "documentation": "The configuration of the Lambda function." + }, + "FunctionConfigurationEnvironment": { + "type": "structure", + "members": { + "AccessSysfs": { + "shape": "__boolean", + "documentation": "If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container." + }, + "Execution": { + "shape": "FunctionExecutionConfig", + "documentation": "Configuration related to executing the Lambda function" + }, + "ResourceAccessPolicies": { + "shape": "__listOfResourceAccessPolicy", + "documentation": "A list of the resources, with their permissions, to which the Lambda function will be granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies apply only when you run the Lambda function in a Greengrass container." + }, + "Variables": { + "shape": "__mapOf__string", + "documentation": "Environment variables for the Lambda function's configuration." + } + }, + "documentation": "The environment configuration of the function." + }, + "FunctionDefaultConfig": { + "type": "structure", + "members": { + "Execution": { + "shape": "FunctionDefaultExecutionConfig" + } + }, + "documentation": "The default configuration that applies to all Lambda functions in the group. Individual Lambda functions can override these settings." + }, + "FunctionDefaultExecutionConfig": { + "type": "structure", + "members": { + "IsolationMode": { + "shape": "FunctionIsolationMode" + }, + "RunAs": { + "shape": "FunctionRunAsConfig" + } + }, + "documentation": "Configuration information that specifies how a Lambda function runs. " + }, + "FunctionDefinitionVersion": { + "type": "structure", + "members": { + "DefaultConfig": { + "shape": "FunctionDefaultConfig", + "documentation": "The default configuration that applies to all Lambda functions in this function definition version. Individual Lambda functions can override these settings." + }, + "Functions": { + "shape": "__listOfFunction", + "documentation": "A list of Lambda functions in this function definition version." + } + }, + "documentation": "Information about a function definition version." + }, + "FunctionExecutionConfig": { + "type": "structure", + "members": { + "IsolationMode": { + "shape": "FunctionIsolationMode" + }, + "RunAs": { + "shape": "FunctionRunAsConfig" + } + }, + "documentation": "Configuration information that specifies how a Lambda function runs. " + }, + "FunctionIsolationMode": { + "type": "string", + "documentation": "Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.", + "enum": [ + "GreengrassContainer", + "NoContainer" + ] + }, + "FunctionRunAsConfig": { + "type": "structure", + "members": { + "Gid": { + "shape": "__integer", + "documentation": "The group ID whose permissions are used to run a Lambda function." + }, + "Uid": { + "shape": "__integer", + "documentation": "The user ID whose permissions are used to run a Lambda function." + } + }, + "documentation": "Specifies the user and group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values. We recommend that you avoid running as root unless absolutely necessary to minimize the risk of unintended changes or malicious attacks. To run as root, you must set ''IsolationMode'' to ''NoContainer'' and update config.json in ''greengrass-root/config'' to set ''allowFunctionsToRunAsRoot'' to ''yes''." + }, + "GeneralError": { + "type": "structure", + "members": { + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Details about the error." + }, + "Message": { + "shape": "__string", + "documentation": "A message containing information about the error." + } + }, + "documentation": "General error information." + }, + "GetAssociatedRoleRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "GetAssociatedRoleResponse": { + "type": "structure", + "members": { + "AssociatedAt": { + "shape": "__string", + "documentation": "The time when the role was associated with the group." + }, + "RoleArn": { + "shape": "__string", + "documentation": "The ARN of the role that is associated with the group." + } + } + }, + "GetBulkDeploymentStatusRequest": { + "type": "structure", + "members": { + "BulkDeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "BulkDeploymentId", + "documentation": "The ID of the bulk deployment." + } + }, + "required": [ + "BulkDeploymentId" + ] + }, + "GetBulkDeploymentStatusResponse": { + "type": "structure", + "members": { + "BulkDeploymentMetrics": { + "shape": "BulkDeploymentMetrics", + "documentation": "Relevant metrics on input records processed during bulk deployment." + }, + "BulkDeploymentStatus": { + "shape": "BulkDeploymentStatus", + "documentation": "The status of the bulk deployment." + }, + "CreatedAt": { + "shape": "__string", + "documentation": "The time, in ISO format, when the deployment was created." + }, + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Error details" + }, + "ErrorMessage": { + "shape": "__string", + "documentation": "Error message" + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetConnectivityInfoRequest": { + "type": "structure", + "members": { + "ThingName": { + "shape": "__string", + "location": "uri", + "locationName": "ThingName", + "documentation": "The thing name." + } + }, + "required": [ + "ThingName" + ] + }, + "GetConnectivityInfoResponse": { + "type": "structure", + "members": { + "ConnectivityInfo": { + "shape": "__listOfConnectivityInfo", + "documentation": "Connectivity info list." + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "A message about the connectivity info request." + } + } + }, + "GetConnectorDefinitionRequest": { + "type": "structure", + "members": { + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + } + }, + "required": [ + "ConnectorDefinitionId" + ] + }, + "GetConnectorDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetConnectorDefinitionVersionRequest": { + "type": "structure", + "members": { + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + }, + "ConnectorDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionVersionId", + "documentation": "The ID of the connector definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListConnectorDefinitionVersions'' requests. If the version is the last one that was associated with a connector definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "ConnectorDefinitionId", + "ConnectorDefinitionVersionId" + ] + }, + "GetConnectorDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the connector definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the connector definition version was created." + }, + "Definition": { + "shape": "ConnectorDefinitionVersion", + "documentation": "Information about the connector definition version." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the connector definition version." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the connector definition version." + } + } + }, + "GetCoreDefinitionRequest": { + "type": "structure", + "members": { + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + } + }, + "required": [ + "CoreDefinitionId" + ] + }, + "GetCoreDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetCoreDefinitionVersionRequest": { + "type": "structure", + "members": { + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + }, + "CoreDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionVersionId", + "documentation": "The ID of the core definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListCoreDefinitionVersions'' requests. If the version is the last one that was associated with a core definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + } + }, + "required": [ + "CoreDefinitionId", + "CoreDefinitionVersionId" + ] + }, + "GetCoreDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the core definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the core definition version was created." + }, + "Definition": { + "shape": "CoreDefinitionVersion", + "documentation": "Information about the core definition version." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the core definition version." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the core definition version." + } + } + }, + "GetDeploymentStatusRequest": { + "type": "structure", + "members": { + "DeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "DeploymentId", + "documentation": "The ID of the deployment." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId", + "DeploymentId" + ] + }, + "GetDeploymentStatusResponse": { + "type": "structure", + "members": { + "DeploymentStatus": { + "shape": "__string", + "documentation": "The status of the deployment: ''InProgress'', ''Building'', ''Success'', or ''Failure''." + }, + "DeploymentType": { + "shape": "DeploymentType", + "documentation": "The type of the deployment." + }, + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Error details" + }, + "ErrorMessage": { + "shape": "__string", + "documentation": "Error message" + }, + "UpdatedAt": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the deployment status was updated." + } + } + }, + "GetDeviceDefinitionRequest": { + "type": "structure", + "members": { + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + } + }, + "required": [ + "DeviceDefinitionId" + ] + }, + "GetDeviceDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetDeviceDefinitionVersionRequest": { + "type": "structure", + "members": { + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + }, + "DeviceDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionVersionId", + "documentation": "The ID of the device definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListDeviceDefinitionVersions'' requests. If the version is the last one that was associated with a device definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "DeviceDefinitionVersionId", + "DeviceDefinitionId" + ] + }, + "GetDeviceDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the device definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the device definition version was created." + }, + "Definition": { + "shape": "DeviceDefinitionVersion", + "documentation": "Information about the device definition version." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the device definition version." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the device definition version." + } + } + }, + "GetFunctionDefinitionRequest": { + "type": "structure", + "members": { + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + } + }, + "required": [ + "FunctionDefinitionId" + ] + }, + "GetFunctionDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetFunctionDefinitionVersionRequest": { + "type": "structure", + "members": { + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + }, + "FunctionDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionVersionId", + "documentation": "The ID of the function definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListFunctionDefinitionVersions'' requests. If the version is the last one that was associated with a function definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "FunctionDefinitionId", + "FunctionDefinitionVersionId" + ] + }, + "GetFunctionDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the function definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the function definition version was created." + }, + "Definition": { + "shape": "FunctionDefinitionVersion", + "documentation": "Information on the definition." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the function definition version." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the function definition version." + } + } + }, + "GetGroupCertificateAuthorityRequest": { + "type": "structure", + "members": { + "CertificateAuthorityId": { + "shape": "__string", + "location": "uri", + "locationName": "CertificateAuthorityId", + "documentation": "The ID of the certificate authority." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "CertificateAuthorityId", + "GroupId" + ] + }, + "GetGroupCertificateAuthorityResponse": { + "type": "structure", + "members": { + "GroupCertificateAuthorityArn": { + "shape": "__string", + "documentation": "The ARN of the certificate authority for the group." + }, + "GroupCertificateAuthorityId": { + "shape": "__string", + "documentation": "The ID of the certificate authority for the group." + }, + "PemEncodedCertificate": { + "shape": "__string", + "documentation": "The PEM encoded certificate for the group." + } + } + }, + "GetGroupCertificateConfigurationRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "GetGroupCertificateConfigurationResponse": { + "type": "structure", + "members": { + "CertificateAuthorityExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate authority expires, in milliseconds." + }, + "CertificateExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate expires, in milliseconds." + }, + "GroupId": { + "shape": "__string", + "documentation": "The ID of the group certificate configuration." + } + } + }, + "GetGroupRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "GetGroupResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetGroupVersionRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "GroupVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupVersionId", + "documentation": "The ID of the group version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListGroupVersions'' requests. If the version is the last one that was associated with a group, the value also maps to the ''LatestVersion'' property of the corresponding ''GroupInformation'' object." + } + }, + "required": [ + "GroupVersionId", + "GroupId" + ] + }, + "GetGroupVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the group version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the group version was created." + }, + "Definition": { + "shape": "GroupVersion", + "documentation": "Information about the group version definition." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the group that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the group version." + } + } + }, + "GetLoggerDefinitionRequest": { + "type": "structure", + "members": { + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + } + }, + "required": [ + "LoggerDefinitionId" + ] + }, + "GetLoggerDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetLoggerDefinitionVersionRequest": { + "type": "structure", + "members": { + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + }, + "LoggerDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionVersionId", + "documentation": "The ID of the logger definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListLoggerDefinitionVersions'' requests. If the version is the last one that was associated with a logger definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "LoggerDefinitionVersionId", + "LoggerDefinitionId" + ] + }, + "GetLoggerDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the logger definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the logger definition version was created." + }, + "Definition": { + "shape": "LoggerDefinitionVersion", + "documentation": "Information about the logger definition version." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the logger definition version." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the logger definition version." + } + } + }, + "GetResourceDefinitionRequest": { + "type": "structure", + "members": { + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + } + }, + "required": [ + "ResourceDefinitionId" + ] + }, + "GetResourceDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetResourceDefinitionVersionRequest": { + "type": "structure", + "members": { + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + }, + "ResourceDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionVersionId", + "documentation": "The ID of the resource definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListResourceDefinitionVersions'' requests. If the version is the last one that was associated with a resource definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + } + }, + "required": [ + "ResourceDefinitionVersionId", + "ResourceDefinitionId" + ] + }, + "GetResourceDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "Arn of the resource definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the resource definition version was created." + }, + "Definition": { + "shape": "ResourceDefinitionVersion", + "documentation": "Information about the definition." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the resource definition version." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the resource definition version." + } + } + }, + "GetServiceRoleForAccountRequest": { + "type": "structure", + "members": {} + }, + "GetServiceRoleForAccountResponse": { + "type": "structure", + "members": { + "AssociatedAt": { + "shape": "__string", + "documentation": "The time when the service role was associated with the account." + }, + "RoleArn": { + "shape": "__string", + "documentation": "The ARN of the role which is associated with the account." + } + } + }, + "GetSubscriptionDefinitionRequest": { + "type": "structure", + "members": { + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + } + }, + "required": [ + "SubscriptionDefinitionId" + ] + }, + "GetSubscriptionDefinitionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the definition." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the definition." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the definition was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the definition." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) attached to the resource arn." + } + } + }, + "GetSubscriptionDefinitionVersionRequest": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + }, + "SubscriptionDefinitionVersionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionVersionId", + "documentation": "The ID of the subscription definition version. This value maps to the ''Version'' property of the corresponding ''VersionInformation'' object, which is returned by ''ListSubscriptionDefinitionVersions'' requests. If the version is the last one that was associated with a subscription definition, the value also maps to the ''LatestVersion'' property of the corresponding ''DefinitionInformation'' object." + } + }, + "required": [ + "SubscriptionDefinitionId", + "SubscriptionDefinitionVersionId" + ] + }, + "GetSubscriptionDefinitionVersionResponse": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the subscription definition version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the subscription definition version was created." + }, + "Definition": { + "shape": "SubscriptionDefinitionVersion", + "documentation": "Information about the subscription definition version." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the subscription definition version." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Version": { + "shape": "__string", + "documentation": "The version of the subscription definition version." + } + } + }, + "GetThingRuntimeConfigurationRequest": { + "type": "structure", + "members": { + "ThingName": { + "shape": "__string", + "location": "uri", + "locationName": "ThingName", + "documentation": "The thing name." + } + }, + "required": [ + "ThingName" + ] + }, + "GetThingRuntimeConfigurationResponse": { + "type": "structure", + "members": { + "RuntimeConfiguration": { + "shape": "RuntimeConfiguration", + "documentation": "Runtime configuration for a thing." + } + } + }, + "GroupCertificateAuthorityProperties": { + "type": "structure", + "members": { + "GroupCertificateAuthorityArn": { + "shape": "__string", + "documentation": "The ARN of the certificate authority for the group." + }, + "GroupCertificateAuthorityId": { + "shape": "__string", + "documentation": "The ID of the certificate authority for the group." + } + }, + "documentation": "Information about a certificate authority for a group." + }, + "GroupCertificateConfiguration": { + "type": "structure", + "members": { + "CertificateAuthorityExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate authority expires, in milliseconds." + }, + "CertificateExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate expires, in milliseconds." + }, + "GroupId": { + "shape": "__string", + "documentation": "The ID of the group certificate configuration." + } + }, + "documentation": "Information about a group certificate configuration." + }, + "GroupInformation": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the group." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the group was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the group." + }, + "LastUpdatedTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the group was last updated." + }, + "LatestVersion": { + "shape": "__string", + "documentation": "The ID of the latest version associated with the group." + }, + "LatestVersionArn": { + "shape": "__string", + "documentation": "The ARN of the latest version associated with the group." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the group." + } + }, + "documentation": "Information about a group." + }, + "GroupOwnerSetting": { + "type": "structure", + "members": { + "AutoAddGroupOwner": { + "shape": "__boolean", + "documentation": "If true, AWS IoT Greengrass automatically adds the specified Linux OS group owner of the resource to the Lambda process privileges. Thus the Lambda process will have the file access permissions of the added Linux group." + }, + "GroupOwner": { + "shape": "__string", + "documentation": "The name of the Linux OS group whose privileges will be added to the Lambda process. This field is optional." + } + }, + "documentation": "Group owner related settings for local resources." + }, + "GroupVersion": { + "type": "structure", + "members": { + "ConnectorDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the connector definition version for this group." + }, + "CoreDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the core definition version for this group." + }, + "DeviceDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the device definition version for this group." + }, + "FunctionDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the function definition version for this group." + }, + "LoggerDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the logger definition version for this group." + }, + "ResourceDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the resource definition version for this group." + }, + "SubscriptionDefinitionVersionArn": { + "shape": "__string", + "documentation": "The ARN of the subscription definition version for this group." + } + }, + "documentation": "Information about a group version." + }, + "InternalServerErrorException": { + "type": "structure", + "members": { + "ErrorDetails": { + "shape": "ErrorDetails", + "documentation": "Details about the error." + }, + "Message": { + "shape": "__string", + "documentation": "A message containing information about the error." + } + }, + "documentation": "General error information.", + "exception": true, + "error": { + "httpStatusCode": 500 + } + }, + "ListBulkDeploymentDetailedReportsRequest": { + "type": "structure", + "members": { + "BulkDeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "BulkDeploymentId", + "documentation": "The ID of the bulk deployment." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "BulkDeploymentId" + ] + }, + "ListBulkDeploymentDetailedReportsResponse": { + "type": "structure", + "members": { + "Deployments": { + "shape": "BulkDeploymentResults", + "documentation": "A list of the individual group deployments in the bulk deployment operation." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListBulkDeploymentsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListBulkDeploymentsResponse": { + "type": "structure", + "members": { + "BulkDeployments": { + "shape": "BulkDeployments", + "documentation": "A list of bulk deployments." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListConnectorDefinitionVersionsRequest": { + "type": "structure", + "members": { + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "ConnectorDefinitionId" + ] + }, + "ListConnectorDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListConnectorDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListConnectorDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListCoreDefinitionVersionsRequest": { + "type": "structure", + "members": { + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "CoreDefinitionId" + ] + }, + "ListCoreDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListCoreDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListCoreDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "documentation": "A list of definitions." + }, + "ListDeploymentsRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "GroupId" + ] + }, + "ListDeploymentsResponse": { + "type": "structure", + "members": { + "Deployments": { + "shape": "Deployments", + "documentation": "A list of deployments for the requested groups." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListDeviceDefinitionVersionsRequest": { + "type": "structure", + "members": { + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "DeviceDefinitionId" + ] + }, + "ListDeviceDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListDeviceDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListDeviceDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListFunctionDefinitionVersionsRequest": { + "type": "structure", + "members": { + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "FunctionDefinitionId" + ] + }, + "ListFunctionDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListFunctionDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListFunctionDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListGroupCertificateAuthoritiesRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "ListGroupCertificateAuthoritiesResponse": { + "type": "structure", + "members": { + "GroupCertificateAuthorities": { + "shape": "__listOfGroupCertificateAuthorityProperties", + "documentation": "A list of certificate authorities associated with the group." + } + } + }, + "ListGroupVersionsRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "GroupId" + ] + }, + "ListGroupVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListGroupsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListGroupsResponse": { + "type": "structure", + "members": { + "Groups": { + "shape": "__listOfGroupInformation", + "documentation": "Information about a group." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListLoggerDefinitionVersionsRequest": { + "type": "structure", + "members": { + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + }, + "required": [ + "LoggerDefinitionId" + ] + }, + "ListLoggerDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListLoggerDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListLoggerDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListResourceDefinitionVersionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + } + }, + "required": [ + "ResourceDefinitionId" + ] + }, + "ListResourceDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListResourceDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListResourceDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListSubscriptionDefinitionVersionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + } + }, + "required": [ + "SubscriptionDefinitionId" + ] + }, + "ListSubscriptionDefinitionVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + } + }, + "ListSubscriptionDefinitionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "MaxResults", + "documentation": "The maximum number of results to be returned per request." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListSubscriptionDefinitionsResponse": { + "type": "structure", + "members": { + "Definitions": { + "shape": "__listOfDefinitionInformation", + "documentation": "Information about a definition." + }, + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + } + } + }, + "ListTagsForResourceRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "The Amazon Resource Name (ARN) of the resource." + } + }, + "required": [ + "ResourceArn" + ] + }, + "ListTagsForResourceResponse": { + "type": "structure", + "members": { + "tags": { + "shape": "Tags" + } + } + }, + "ListVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "documentation": "The token for the next set of results, or ''null'' if there are no additional results." + }, + "Versions": { + "shape": "__listOfVersionInformation", + "documentation": "Information about a version." + } + }, + "documentation": "A list of versions." + }, + "LocalDeviceResourceData": { + "type": "structure", + "members": { + "GroupOwnerSetting": { + "shape": "GroupOwnerSetting", + "documentation": "Group/owner related settings for local resources." + }, + "SourcePath": { + "shape": "__string", + "documentation": "The local absolute path of the device resource. The source path for a device resource can refer only to a character device or block device under ''/dev''." + } + }, + "documentation": "Attributes that define a local device resource." + }, + "LocalVolumeResourceData": { + "type": "structure", + "members": { + "DestinationPath": { + "shape": "__string", + "documentation": "The absolute local path of the resource inside the Lambda environment." + }, + "GroupOwnerSetting": { + "shape": "GroupOwnerSetting", + "documentation": "Allows you to configure additional group privileges for the Lambda process. This field is optional." + }, + "SourcePath": { + "shape": "__string", + "documentation": "The local absolute path of the volume resource on the host. The source path for a volume resource type cannot start with ''/sys''." + } + }, + "documentation": "Attributes that define a local volume resource." + }, + "Logger": { + "type": "structure", + "members": { + "Component": { + "shape": "LoggerComponent", + "documentation": "The component that will be subject to logging." + }, + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the logger. This value must be unique within the logger definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." + }, + "Level": { + "shape": "LoggerLevel", + "documentation": "The level of the logs." + }, + "Space": { + "shape": "__integer", + "documentation": "The amount of file space, in KB, to use if the local file system is used for logging purposes." + }, + "Type": { + "shape": "LoggerType", + "documentation": "The type of log output which will be used." + } + }, + "documentation": "Information about a logger", + "required": [ + "Type", + "Level", + "Id", + "Component" + ] + }, + "LoggerComponent": { + "type": "string", + "enum": [ + "GreengrassSystem", + "Lambda" + ] + }, + "LoggerDefinitionVersion": { + "type": "structure", + "members": { + "Loggers": { + "shape": "__listOfLogger", + "documentation": "A list of loggers." + } + }, + "documentation": "Information about a logger definition version." + }, + "LoggerLevel": { + "type": "string", + "enum": [ + "DEBUG", + "INFO", + "WARN", + "ERROR", + "FATAL" + ] + }, + "LoggerType": { + "type": "string", + "enum": [ + "FileSystem", + "AWSCloudWatch" + ] + }, + "Permission": { + "type": "string", + "documentation": "The type of permission a function has to access a resource.", + "enum": [ + "ro", + "rw" + ] + }, + "ResetDeploymentsRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "Force": { + "shape": "__boolean", + "documentation": "If true, performs a best-effort only core reset." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "documentation": "Information needed to reset deployments.", + "required": [ + "GroupId" + ] + }, + "ResetDeploymentsResponse": { + "type": "structure", + "members": { + "DeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the deployment." + }, + "DeploymentId": { + "shape": "__string", + "documentation": "The ID of the deployment." + } + } + }, + "Resource": { + "type": "structure", + "members": { + "Id": { + "shape": "__string", + "documentation": "The resource ID, used to refer to a resource in the Lambda function configuration. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''. This must be unique within a Greengrass group." + }, + "Name": { + "shape": "__string", + "documentation": "The descriptive resource name, which is displayed on the AWS IoT Greengrass console. Max length 128 characters with pattern ''[a-zA-Z0-9:_-]+''. This must be unique within a Greengrass group." + }, + "ResourceDataContainer": { + "shape": "ResourceDataContainer", + "documentation": "A container of data for all resource types." + } + }, + "documentation": "Information about a resource.", + "required": [ + "ResourceDataContainer", + "Id", + "Name" + ] + }, + "ResourceAccessPolicy": { + "type": "structure", + "members": { + "Permission": { + "shape": "Permission", + "documentation": "The permissions that the Lambda function has to the resource. Can be one of ''rw'' (read/write) or ''ro'' (read-only)." + }, + "ResourceId": { + "shape": "__string", + "documentation": "The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)" + } + }, + "documentation": "A policy used by the function to access a resource.", + "required": [ + "ResourceId" + ] + }, + "ResourceDataContainer": { + "type": "structure", + "members": { + "LocalDeviceResourceData": { + "shape": "LocalDeviceResourceData", + "documentation": "Attributes that define the local device resource." + }, + "LocalVolumeResourceData": { + "shape": "LocalVolumeResourceData", + "documentation": "Attributes that define the local volume resource." + }, + "S3MachineLearningModelResourceData": { + "shape": "S3MachineLearningModelResourceData", + "documentation": "Attributes that define an Amazon S3 machine learning resource." + }, + "SageMakerMachineLearningModelResourceData": { + "shape": "SageMakerMachineLearningModelResourceData", + "documentation": "Attributes that define an Amazon SageMaker machine learning resource." + }, + "SecretsManagerSecretResourceData": { + "shape": "SecretsManagerSecretResourceData", + "documentation": "Attributes that define a secret resource, which references a secret from AWS Secrets Manager." + } + }, + "documentation": "A container for resource data. The container takes only one of the following supported resource data types: ''LocalDeviceResourceData'', ''LocalVolumeResourceData'', ''SageMakerMachineLearningModelResourceData'', ''S3MachineLearningModelResourceData'', ''SecretsManagerSecretResourceData''." + }, + "ResourceDefinitionVersion": { + "type": "structure", + "members": { + "Resources": { + "shape": "__listOfResource", + "documentation": "A list of resources." + } + }, + "documentation": "Information about a resource definition version." + }, + "ResourceDownloadOwnerSetting": { + "type": "structure", + "members": { + "GroupOwner": { + "shape": "__string", + "documentation": "The group owner of the resource. This is the name of an existing Linux OS group on the system or a GID. The group's permissions are added to the Lambda process." + }, + "GroupPermission": { + "shape": "Permission", + "documentation": "The permissions that the group owner has to the resource. Valid values are ''rw'' (read/write) or ''ro'' (read-only)." + } + }, + "documentation": "The owner setting for downloaded machine learning resources.", + "required": [ + "GroupOwner", + "GroupPermission" + ] + }, + "RuntimeConfiguration": { + "type": "structure", + "members": { + "TelemetryConfiguration": { + "shape": "TelemetryConfiguration", + "documentation": "Configuration for telemetry service." + } + }, + "documentation": "Runtime configuration for a thing." + }, + "RuntimeConfigurationUpdate": { + "type": "structure", + "members": { + "TelemetryConfiguration": { + "shape": "TelemetryConfigurationUpdate", + "documentation": "Configuration for telemetry service." + } + }, + "documentation": "Runtime configuration for a thing." + }, + "S3MachineLearningModelResourceData": { + "type": "structure", + "members": { + "DestinationPath": { + "shape": "__string", + "documentation": "The absolute local path of the resource inside the Lambda environment." + }, + "OwnerSetting": { + "shape": "ResourceDownloadOwnerSetting" + }, + "S3Uri": { + "shape": "__string", + "documentation": "The URI of the source model in an S3 bucket. The model package must be in tar.gz or .zip format." + } + }, + "documentation": "Attributes that define an Amazon S3 machine learning resource." + }, + "S3UrlSignerRole": { + "type": "string", + "documentation": "The IAM Role that Greengrass will use to create pre-signed URLs pointing towards the update artifact." + }, + "SageMakerMachineLearningModelResourceData": { + "type": "structure", + "members": { + "DestinationPath": { + "shape": "__string", + "documentation": "The absolute local path of the resource inside the Lambda environment." + }, + "OwnerSetting": { + "shape": "ResourceDownloadOwnerSetting" + }, + "SageMakerJobArn": { + "shape": "__string", + "documentation": "The ARN of the Amazon SageMaker training job that represents the source model." + } + }, + "documentation": "Attributes that define an Amazon SageMaker machine learning resource." + }, + "SecretsManagerSecretResourceData": { + "type": "structure", + "members": { + "ARN": { + "shape": "__string", + "documentation": "The ARN of the Secrets Manager secret to make available on the core. The value of the secret's latest version (represented by the ''AWSCURRENT'' staging label) is included by default." + }, + "AdditionalStagingLabelsToDownload": { + "shape": "__listOf__string", + "documentation": "Optional. The staging labels whose values you want to make available on the core, in addition to ''AWSCURRENT''." + } + }, + "documentation": "Attributes that define a secret resource, which references a secret from AWS Secrets Manager. AWS IoT Greengrass stores a local, encrypted copy of the secret on the Greengrass core, where it can be securely accessed by connectors and Lambda functions." + }, + "SoftwareToUpdate": { + "type": "string", + "documentation": "The piece of software on the Greengrass core that will be updated.", + "enum": [ + "core", + "ota_agent" + ] + }, + "StartBulkDeploymentRequest": { + "type": "structure", + "members": { + "AmznClientToken": { + "shape": "__string", + "location": "header", + "locationName": "X-Amzn-Client-Token", + "documentation": "A client token used to correlate requests and responses." + }, + "ExecutionRoleArn": { + "shape": "__string", + "documentation": "The ARN of the execution role to associate with the bulk deployment operation. This IAM role must allow the ''greengrass:CreateDeployment'' action for all group versions that are listed in the input file. This IAM role must have access to the S3 bucket containing the input file." + }, + "InputFileUri": { + "shape": "__string", + "documentation": "The URI of the input file contained in the S3 bucket. The execution role must have ''getObject'' permissions on this bucket to access the input file. The input file is a JSON-serialized, line delimited file with UTF-8 encoding that provides a list of group and version IDs and the deployment type. This file must be less than 100 MB. Currently, AWS IoT Greengrass supports only ''NewDeployment'' deployment types." + }, + "tags": { + "shape": "Tags", + "documentation": "Tag(s) to add to the new resource." + } + }, + "required": [ + "ExecutionRoleArn", + "InputFileUri" + ] + }, + "StartBulkDeploymentResponse": { + "type": "structure", + "members": { + "BulkDeploymentArn": { + "shape": "__string", + "documentation": "The ARN of the bulk deployment." + }, + "BulkDeploymentId": { + "shape": "__string", + "documentation": "The ID of the bulk deployment." + } + } + }, + "StopBulkDeploymentRequest": { + "type": "structure", + "members": { + "BulkDeploymentId": { + "shape": "__string", + "location": "uri", + "locationName": "BulkDeploymentId", + "documentation": "The ID of the bulk deployment." + } + }, + "required": [ + "BulkDeploymentId" + ] + }, + "StopBulkDeploymentResponse": { + "type": "structure", + "members": {} + }, + "Subscription": { + "type": "structure", + "members": { + "Id": { + "shape": "__string", + "documentation": "A descriptive or arbitrary ID for the subscription. This value must be unique within the subscription definition version. Max length is 128 characters with pattern ''[a-zA-Z0-9:_-]+''." + }, + "Source": { + "shape": "__string", + "documentation": "The source of the subscription. Can be a thing ARN, a Lambda function ARN, a connector ARN, 'cloud' (which represents the AWS IoT cloud), or 'GGShadowService'." + }, + "Subject": { + "shape": "__string", + "documentation": "The MQTT topic used to route the message." + }, + "Target": { + "shape": "__string", + "documentation": "Where the message is sent to. Can be a thing ARN, a Lambda function ARN, a connector ARN, 'cloud' (which represents the AWS IoT cloud), or 'GGShadowService'." + } + }, + "documentation": "Information about a subscription.", + "required": [ + "Target", + "Id", + "Subject", + "Source" + ] + }, + "SubscriptionDefinitionVersion": { + "type": "structure", + "members": { + "Subscriptions": { + "shape": "__listOfSubscription", + "documentation": "A list of subscriptions." + } + }, + "documentation": "Information about a subscription definition version." + }, + "TagResourceRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "The Amazon Resource Name (ARN) of the resource." + }, + "tags": { + "shape": "Tags" + } + }, + "documentation": "A map of the key-value pairs for the resource tag.", + "required": [ + "ResourceArn" + ] + }, + "Tags": { + "type": "map", + "documentation": "The key-value pair for the resource tag.", + "key": { + "shape": "__string" + }, + "value": { + "shape": "__string" + } + }, + "Telemetry": { + "type": "string", + "enum": [ + "On", + "Off" + ] + }, + "TelemetryConfiguration": { + "type": "structure", + "members": { + "ConfigurationSyncStatus": { + "shape": "ConfigurationSyncStatus", + "documentation": "Synchronization status of the device reported configuration with the desired configuration." + }, + "Telemetry": { + "shape": "Telemetry", + "documentation": "Configure telemetry to be on or off." + } + }, + "documentation": "Configuration settings for running telemetry.", + "required": [ + "Telemetry" + ] + }, + "TelemetryConfigurationUpdate": { + "type": "structure", + "members": { + "Telemetry": { + "shape": "Telemetry", + "documentation": "Configure telemetry to be on or off." + } + }, + "documentation": "Configuration settings for running telemetry.", + "required": [ + "Telemetry" + ] + }, + "UntagResourceRequest": { + "type": "structure", + "members": { + "ResourceArn": { + "shape": "__string", + "location": "uri", + "locationName": "resource-arn", + "documentation": "The Amazon Resource Name (ARN) of the resource." + }, + "TagKeys": { + "shape": "__listOf__string", + "location": "querystring", + "locationName": "tagKeys", + "documentation": "An array of tag keys to delete" + } + }, + "required": [ + "TagKeys", + "ResourceArn" + ] + }, + "UpdateAgentLogLevel": { + "type": "string", + "documentation": "The minimum level of log statements that should be logged by the OTA Agent during an update.", + "enum": [ + "NONE", + "TRACE", + "DEBUG", + "VERBOSE", + "INFO", + "WARN", + "ERROR", + "FATAL" + ] + }, + "UpdateConnectivityInfoRequest": { + "type": "structure", + "members": { + "ConnectivityInfo": { + "shape": "__listOfConnectivityInfo", + "documentation": "A list of connectivity info." + }, + "ThingName": { + "shape": "__string", + "location": "uri", + "locationName": "ThingName", + "documentation": "The thing name." + } + }, + "documentation": "Connectivity information.", + "required": [ + "ThingName" + ] + }, + "UpdateConnectivityInfoResponse": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "A message about the connectivity info update request." + }, + "Version": { + "shape": "__string", + "documentation": "The new version of the connectivity info." + } + } + }, + "UpdateConnectorDefinitionRequest": { + "type": "structure", + "members": { + "ConnectorDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ConnectorDefinitionId", + "documentation": "The ID of the connector definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "ConnectorDefinitionId" + ] + }, + "UpdateConnectorDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateCoreDefinitionRequest": { + "type": "structure", + "members": { + "CoreDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "CoreDefinitionId", + "documentation": "The ID of the core definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "CoreDefinitionId" + ] + }, + "UpdateCoreDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateDeviceDefinitionRequest": { + "type": "structure", + "members": { + "DeviceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "DeviceDefinitionId", + "documentation": "The ID of the device definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "DeviceDefinitionId" + ] + }, + "UpdateDeviceDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateFunctionDefinitionRequest": { + "type": "structure", + "members": { + "FunctionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "FunctionDefinitionId", + "documentation": "The ID of the Lambda function definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "FunctionDefinitionId" + ] + }, + "UpdateFunctionDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateGroupCertificateConfigurationRequest": { + "type": "structure", + "members": { + "CertificateExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate expires, in milliseconds." + }, + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + } + }, + "required": [ + "GroupId" + ] + }, + "UpdateGroupCertificateConfigurationResponse": { + "type": "structure", + "members": { + "CertificateAuthorityExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate authority expires, in milliseconds." + }, + "CertificateExpiryInMilliseconds": { + "shape": "__string", + "documentation": "The amount of time remaining before the certificate expires, in milliseconds." + }, + "GroupId": { + "shape": "__string", + "documentation": "The ID of the group certificate configuration." + } + } + }, + "UpdateGroupRequest": { + "type": "structure", + "members": { + "GroupId": { + "shape": "__string", + "location": "uri", + "locationName": "GroupId", + "documentation": "The ID of the Greengrass group." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "GroupId" + ] + }, + "UpdateGroupResponse": { + "type": "structure", + "members": {} + }, + "UpdateLoggerDefinitionRequest": { + "type": "structure", + "members": { + "LoggerDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "LoggerDefinitionId", + "documentation": "The ID of the logger definition." + }, + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + } + }, + "required": [ + "LoggerDefinitionId" + ] + }, + "UpdateLoggerDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateResourceDefinitionRequest": { + "type": "structure", + "members": { + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "ResourceDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "ResourceDefinitionId", + "documentation": "The ID of the resource definition." + } + }, + "required": [ + "ResourceDefinitionId" + ] + }, + "UpdateResourceDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateSubscriptionDefinitionRequest": { + "type": "structure", + "members": { + "Name": { + "shape": "__string", + "documentation": "The name of the definition." + }, + "SubscriptionDefinitionId": { + "shape": "__string", + "location": "uri", + "locationName": "SubscriptionDefinitionId", + "documentation": "The ID of the subscription definition." + } + }, + "required": [ + "SubscriptionDefinitionId" + ] + }, + "UpdateSubscriptionDefinitionResponse": { + "type": "structure", + "members": {} + }, + "UpdateTargets": { + "type": "list", + "documentation": "The ARNs of the targets (IoT things or IoT thing groups) that this update will be applied to.", + "member": { + "shape": "__string" + } + }, + "UpdateTargetsArchitecture": { + "type": "string", + "documentation": "The architecture of the cores which are the targets of an update.", + "enum": [ + "armv6l", + "armv7l", + "x86_64", + "aarch64" + ] + }, + "UpdateTargetsOperatingSystem": { + "type": "string", + "documentation": "The operating system of the cores which are the targets of an update.", + "enum": [ + "ubuntu", + "raspbian", + "amazon_linux", + "openwrt" + ] + }, + "UpdateThingRuntimeConfigurationRequest": { + "type": "structure", + "members": { + "TelemetryConfiguration": { + "shape": "TelemetryConfigurationUpdate", + "documentation": "Configuration for telemetry service." + }, + "ThingName": { + "shape": "__string", + "location": "uri", + "locationName": "ThingName", + "documentation": "The thing name." + } + }, + "required": [ + "ThingName" + ] + }, + "UpdateThingRuntimeConfigurationResponse": { + "type": "structure", + "members": {} + }, + "VersionInformation": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "documentation": "The ARN of the version." + }, + "CreationTimestamp": { + "shape": "__string", + "documentation": "The time, in milliseconds since the epoch, when the version was created." + }, + "Id": { + "shape": "__string", + "documentation": "The ID of the parent definition that the version is associated with." + }, + "Version": { + "shape": "__string", + "documentation": "The ID of the version." + } + }, + "documentation": "Information about a version." + }, + "__boolean": { + "type": "boolean" + }, + "__double": { + "type": "double" + }, + "__integer": { + "type": "integer" + }, + "__listOfConnectivityInfo": { + "type": "list", + "member": { + "shape": "ConnectivityInfo" + } + }, + "__listOfConnector": { + "type": "list", + "member": { + "shape": "Connector" + } + }, + "__listOfCore": { + "type": "list", + "member": { + "shape": "Core" + } + }, + "__listOfDefinitionInformation": { + "type": "list", + "member": { + "shape": "DefinitionInformation" + } + }, + "__listOfDevice": { + "type": "list", + "member": { + "shape": "Device" + } + }, + "__listOfFunction": { + "type": "list", + "member": { + "shape": "Function" + } + }, + "__listOfGroupCertificateAuthorityProperties": { + "type": "list", + "member": { + "shape": "GroupCertificateAuthorityProperties" + } + }, + "__listOfGroupInformation": { + "type": "list", + "member": { + "shape": "GroupInformation" + } + }, + "__listOfLogger": { + "type": "list", + "member": { + "shape": "Logger" + } + }, + "__listOfResource": { + "type": "list", + "member": { + "shape": "Resource" + } + }, + "__listOfResourceAccessPolicy": { + "type": "list", + "member": { + "shape": "ResourceAccessPolicy" + } + }, + "__listOfSubscription": { + "type": "list", + "member": { + "shape": "Subscription" + } + }, + "__listOfVersionInformation": { + "type": "list", + "member": { + "shape": "VersionInformation" + } + }, + "__listOf__string": { + "type": "list", + "member": { + "shape": "__string" + } + }, + "__long": { + "type": "long" + }, + "__mapOf__string": { + "type": "map", + "key": { + "shape": "__string" + }, + "value": { + "shape": "__string" + } + }, + "__string": { + "type": "string" + }, + "__timestampIso8601": { + "type": "timestamp", + "timestampFormat": "iso8601" + }, + "__timestampUnix": { + "type": "timestamp", + "timestampFormat": "unixTimestamp" } }, - "documentation" : "AWS IoT Greengrass seamlessly extends AWS onto physical devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. AWS IoT Greengrass ensures your devices can respond quickly to local events and operate with intermittent connectivity. AWS IoT Greengrass minimizes the cost of transmitting data to the cloud by allowing you to author AWS Lambda functions that execute locally." -} + "documentation": "AWS IoT Greengrass seamlessly extends AWS onto physical devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. AWS IoT Greengrass ensures your devices can respond quickly to local events and operate with intermittent connectivity. AWS IoT Greengrass minimizes the cost of transmitting data to the cloud by allowing you to author AWS Lambda functions that execute locally." +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/greengrassv2/2020-11-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/greengrassv2/2020-11-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/greengrassv2/2020-11-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/greengrassv2/2020-11-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/greengrassv2/2020-11-30/service-2.json 2.31.35-1/awscli/botocore/data/greengrassv2/2020-11-30/service-2.json --- 2.23.6-1/awscli/botocore/data/greengrassv2/2020-11-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/greengrassv2/2020-11-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1452,8 +1452,7 @@ }, "DisassociateServiceRoleFromAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateServiceRoleFromAccountResponse":{ "type":"structure", @@ -1815,8 +1814,7 @@ }, "GetServiceRoleForAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetServiceRoleForAccountResponse":{ "type":"structure", @@ -2884,8 +2882,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2948,8 +2945,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectivityInfoRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/groundstation/2019-05-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/groundstation/2019-05-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/groundstation/2019-05-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/groundstation/2019-05-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/groundstation/2019-05-23/service-2.json 2.31.35-1/awscli/botocore/data/groundstation/2019-05-23/service-2.json --- 2.23.6-1/awscli/botocore/data/groundstation/2019-05-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/groundstation/2019-05-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2019-05-23", + "auth":["aws.auth#sigv4"], "endpointPrefix":"groundstation", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS Ground Station", "serviceId":"GroundStation", "signatureVersion":"v4", "signingName":"groundstation", - "uid":"groundstation-2019-05-23", - "auth":["aws.auth#sigv4"] + "uid":"groundstation-2019-05-23" }, "operations":{ "CancelContact":{ @@ -64,6 +63,23 @@ ], "documentation":"

    Creates a DataflowEndpoint group containing the specified list of DataflowEndpoint objects.

    The name field in each endpoint is used in your mission profile DataflowEndpointConfig to specify which endpoints to use during a contact.

    When a contact uses multiple DataflowEndpointConfig objects, each Config must match a DataflowEndpoint in the same group.

    " }, + "CreateDataflowEndpointGroupV2":{ + "name":"CreateDataflowEndpointGroupV2", + "http":{ + "method":"POST", + "requestUri":"/dataflowEndpointGroupV2", + "responseCode":200 + }, + "input":{"shape":"CreateDataflowEndpointGroupV2Request"}, + "output":{"shape":"CreateDataflowEndpointGroupV2Response"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"DependencyException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a DataflowEndpointGroupV2 containing the specified list of DataflowEndpoint objects.

    The name field in each endpoint is used in your mission profile DataflowEndpointConfig to specify which endpoints to use during a contact.

    When a contact uses multiple DataflowEndpointConfig objects, each Config must match a DataflowEndpoint in the same group.

    " + }, "CreateEphemeris":{ "name":"CreateEphemeris", "http":{ @@ -78,7 +94,7 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Creates an Ephemeris with the specified EphemerisData.

    " + "documentation":"

    Create an ephemeris with your specified EphemerisData.

    " }, "CreateMissionProfile":{ "name":"CreateMissionProfile", @@ -142,9 +158,10 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"DependencyException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceInUseException"} ], - "documentation":"

    Deletes an ephemeris

    ", + "documentation":"

    Delete an ephemeris.

    ", "idempotent":true }, "DeleteMissionProfile":{ @@ -178,7 +195,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Describes an existing contact.

    " + "documentation":"

    Describes an existing contact.

    ", + "readonly":true }, "DescribeEphemeris":{ "name":"DescribeEphemeris", @@ -194,7 +212,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Describes an existing ephemeris.

    " + "documentation":"

    Retrieve information about an existing ephemeris.

    ", + "readonly":true }, "GetAgentConfiguration":{ "name":"GetAgentConfiguration", @@ -210,7 +229,25 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Gets the latest configuration information for a registered agent.

    " + "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Gets the latest configuration information for a registered agent.

    ", + "readonly":true + }, + "GetAgentTaskResponseUrl":{ + "name":"GetAgentTaskResponseUrl", + "http":{ + "method":"GET", + "requestUri":"/agentResponseUrl/{agentId}/{taskId}", + "responseCode":200 + }, + "input":{"shape":"GetAgentTaskResponseUrlRequest"}, + "output":{"shape":"GetAgentTaskResponseUrlResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"DependencyException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Gets a presigned URL for uploading agent task response logs.

    ", + "readonly":true }, "GetConfig":{ "name":"GetConfig", @@ -226,7 +263,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns Config information.

    Only one Config response can be returned.

    " + "documentation":"

    Returns Config information.

    Only one Config response can be returned.

    ", + "readonly":true }, "GetDataflowEndpointGroup":{ "name":"GetDataflowEndpointGroup", @@ -242,7 +280,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the dataflow endpoint group.

    " + "documentation":"

    Returns the dataflow endpoint group.

    ", + "readonly":true }, "GetMinuteUsage":{ "name":"GetMinuteUsage", @@ -258,7 +297,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the number of reserved minutes used by account.

    " + "documentation":"

    Returns the number of reserved minutes used by account.

    ", + "readonly":true }, "GetMissionProfile":{ "name":"GetMissionProfile", @@ -274,7 +314,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a mission profile.

    " + "documentation":"

    Returns a mission profile.

    ", + "readonly":true }, "GetSatellite":{ "name":"GetSatellite", @@ -290,7 +331,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a satellite.

    " + "documentation":"

    Returns a satellite.

    ", + "readonly":true }, "ListConfigs":{ "name":"ListConfigs", @@ -306,7 +348,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of Config objects.

    " + "documentation":"

    Returns a list of Config objects.

    ", + "readonly":true }, "ListContacts":{ "name":"ListContacts", @@ -322,7 +365,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of contacts.

    If statusList contains AVAILABLE, the request must include groundStation, missionprofileArn, and satelliteArn.

    " + "documentation":"

    Returns a list of contacts.

    If statusList contains AVAILABLE, the request must include groundStation, missionprofileArn, and satelliteArn.

    ", + "readonly":true }, "ListDataflowEndpointGroups":{ "name":"ListDataflowEndpointGroups", @@ -338,7 +382,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of DataflowEndpoint groups.

    " + "documentation":"

    Returns a list of DataflowEndpoint groups.

    ", + "readonly":true }, "ListEphemerides":{ "name":"ListEphemerides", @@ -354,7 +399,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    List existing ephemerides.

    " + "documentation":"

    List your existing ephemerides.

    ", + "readonly":true }, "ListGroundStations":{ "name":"ListGroundStations", @@ -370,7 +416,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of ground stations.

    " + "documentation":"

    Returns a list of ground stations.

    ", + "readonly":true }, "ListMissionProfiles":{ "name":"ListMissionProfiles", @@ -386,7 +433,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of mission profiles.

    " + "documentation":"

    Returns a list of mission profiles.

    ", + "readonly":true }, "ListSatellites":{ "name":"ListSatellites", @@ -402,7 +450,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of satellites.

    " + "documentation":"

    Returns a list of satellites.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -418,7 +467,8 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of tags for a specified resource.

    " + "documentation":"

    Returns a list of tags for a specified resource.

    ", + "readonly":true }, "RegisterAgent":{ "name":"RegisterAgent", @@ -434,7 +484,7 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Registers a new agent with AWS Ground Station.

    " + "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Registers a new agent with AWS Ground Station.

    " }, "ReserveContact":{ "name":"ReserveContact", @@ -448,6 +498,7 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"DependencyException"}, + {"shape":"ResourceLimitExceededException"}, {"shape":"ResourceNotFoundException"} ], "documentation":"

    Reserves a contact using specified parameters.

    " @@ -499,7 +550,7 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Update the status of the agent.

    ", + "documentation":"

    For use by AWS Ground Station Agent and shouldn't be called directly.

    Update the status of the agent.

    ", "idempotent":true }, "UpdateConfig":{ @@ -533,7 +584,7 @@ {"shape":"DependencyException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Updates an existing ephemeris

    ", + "documentation":"

    Update an existing ephemeris.

    ", "idempotent":true }, "UpdateMissionProfile":{ @@ -559,7 +610,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[\\w-]+$" + "pattern":"[\\w-]+" }, "AgentCpuCoresList":{ "type":"list", @@ -571,23 +622,15 @@ "type":"structure", "required":[ "agentVersion", - "componentVersions", "instanceId", - "instanceType" + "instanceType", + "componentVersions" ], "members":{ - "agentCpuCores":{ - "shape":"AgentCpuCoresList", - "documentation":"

    List of CPU cores reserved for the agent.

    " - }, "agentVersion":{ "shape":"VersionString", "documentation":"

    Current agent version.

    " }, - "componentVersions":{ - "shape":"ComponentVersionList", - "documentation":"

    List of versions being used by agent components.

    " - }, "instanceId":{ "shape":"InstanceId", "documentation":"

    ID of EC2 instance agent is running on.

    " @@ -598,7 +641,15 @@ }, "reservedCpuCores":{ "shape":"AgentCpuCoresList", - "documentation":"

    This field should not be used. Use agentCpuCores instead.

    List of CPU cores reserved for processes other than the agent running on the EC2 instance.

    " + "documentation":"

    This field should not be used. Use agentCpuCores instead.

    List of CPU cores reserved for processes other than the agent running on the EC2 instance.

    " + }, + "agentCpuCores":{ + "shape":"AgentCpuCoresList", + "documentation":"

    List of CPU cores reserved for the agent.

    " + }, + "componentVersions":{ + "shape":"ComponentVersionList", + "documentation":"

    List of versions being used by agent components.

    " } }, "documentation":"

    Detailed information about the agent.

    " @@ -616,13 +667,13 @@ "type":"structure", "required":["status"], "members":{ - "signatureMap":{ - "shape":"SignatureMap", - "documentation":"

    Sparse map of failure signatures.

    " - }, "status":{ "shape":"AgentStatus", "documentation":"

    Aggregate status.

    " + }, + "signatureMap":{ + "shape":"SignatureMap", + "documentation":"

    Sparse map of failure signatures.

    " } }, "documentation":"

    Aggregate status of Agent components.

    " @@ -658,22 +709,22 @@ "AntennaDownlinkDemodDecodeConfig":{ "type":"structure", "required":[ - "decodeConfig", + "spectrumConfig", "demodulationConfig", - "spectrumConfig" + "decodeConfig" ], "members":{ - "decodeConfig":{ - "shape":"DecodeConfig", - "documentation":"

    Information about the decode Config.

    " + "spectrumConfig":{ + "shape":"SpectrumConfig", + "documentation":"

    Information about the spectral Config.

    " }, "demodulationConfig":{ "shape":"DemodulationConfig", "documentation":"

    Information about the demodulation Config.

    " }, - "spectrumConfig":{ - "shape":"SpectrumConfig", - "documentation":"

    Information about the spectral Config.

    " + "decodeConfig":{ + "shape":"DecodeConfig", + "documentation":"

    Information about the decode Config.

    " } }, "documentation":"

    Information about how AWS Ground Station should configure an antenna for downlink demod decode during a contact.

    " @@ -685,6 +736,10 @@ "targetEirp" ], "members":{ + "transmitDisabled":{ + "shape":"Boolean", + "documentation":"

    Whether or not uplink transmit is disabled.

    " + }, "spectrumConfig":{ "shape":"UplinkSpectrumConfig", "documentation":"

    Information about the uplink spectral Config.

    " @@ -692,10 +747,6 @@ "targetEirp":{ "shape":"Eirp", "documentation":"

    EIRP of the target.

    " - }, - "transmitDisabled":{ - "shape":"Boolean", - "documentation":"

    Whether or not uplink transmit is disabled.

    " } }, "documentation":"

    Information about the uplink Config of an antenna.

    " @@ -704,7 +755,7 @@ "type":"string", "max":1024, "min":5, - "pattern":"^(arn:aws:)[\\s\\S]{0,1024}$" + "pattern":"(arn:aws:)[\\s\\S]{0,1024}" }, "AuditResults":{ "type":"string", @@ -716,18 +767,14 @@ "AwsGroundStationAgentEndpoint":{ "type":"structure", "required":[ + "name", "egressAddress", - "ingressAddress", - "name" + "ingressAddress" ], "members":{ - "agentStatus":{ - "shape":"AgentStatus", - "documentation":"

    The status of AgentEndpoint.

    " - }, - "auditResults":{ - "shape":"AuditResults", - "documentation":"

    The results of the audit.

    " + "name":{ + "shape":"SafeName", + "documentation":"

    Name string associated with AgentEndpoint. Used as a human-readable identifier for AgentEndpoint.

    " }, "egressAddress":{ "shape":"ConnectionDetails", @@ -737,13 +784,119 @@ "shape":"RangedConnectionDetails", "documentation":"

    The ingress address of AgentEndpoint.

    " }, - "name":{ - "shape":"SafeName", - "documentation":"

    Name string associated with AgentEndpoint. Used as a human-readable identifier for AgentEndpoint.

    " + "agentStatus":{ + "shape":"AgentStatus", + "documentation":"

    The status of AgentEndpoint.

    " + }, + "auditResults":{ + "shape":"AuditResults", + "documentation":"

    The results of the audit.

    " } }, "documentation":"

    Information about AwsGroundStationAgentEndpoint.

    " }, + "AzElEphemeris":{ + "type":"structure", + "required":[ + "groundStation", + "data" + ], + "members":{ + "groundStation":{ + "shape":"GroundStationName", + "documentation":"

    The ground station name for which you're providing azimuth elevation data.

    This ephemeris is specific to this ground station and can't be used at other locations.

    " + }, + "data":{ + "shape":"AzElSegmentsData", + "documentation":"

    Azimuth elevation segment data.

    You can provide data inline in the request or through an Amazon S3 object reference.

    " + } + }, + "documentation":"

    Azimuth elevation ephemeris data.

    Use this ephemeris type to provide pointing angles directly, rather than satellite orbital elements. Use this when you need precise antenna pointing but have imprecise or unknown satellite trajectory information.

    The azimuth elevation data specifies the antenna pointing direction at specific times relative to a ground station location. AWS Ground Station uses 4th order Lagrange interpolation to compute pointing angles between the provided data points.

    AWS Ground Station automatically filters interpolated pointing angles, including only those that are above the site mask elevation of the specified ground station.

    For more detail about providing azimuth elevation ephemerides to AWS Ground Station, see the azimuth elevation ephemeris section of the AWS Ground Station User Guide.

    " + }, + "AzElEphemerisFilter":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"Uuid", + "documentation":"

    Unique identifier of the azimuth elevation ephemeris.

    " + } + }, + "documentation":"

    Filter for selecting contacts that use a specific AzElEphemeris.

    " + }, + "AzElProgramTrackSettings":{ + "type":"structure", + "required":["ephemerisId"], + "members":{ + "ephemerisId":{ + "shape":"Uuid", + "documentation":"

    Unique identifier of the azimuth elevation ephemeris.

    " + } + }, + "documentation":"

    Program track settings for AzElEphemeris.

    " + }, + "AzElSegment":{ + "type":"structure", + "required":[ + "referenceEpoch", + "validTimeRange", + "azElList" + ], + "members":{ + "referenceEpoch":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The reference time for this segment in ISO 8601 format in Coordinated Universal Time (UTC).

    All time values within the segment's AzElSegment$azElList are specified as offsets in atomic seconds from this reference epoch.

    Example: 2024-01-15T12:00:00.000Z

    " + }, + "validTimeRange":{ + "shape":"ISO8601TimeRange", + "documentation":"

    The valid time range for this segment.

    Specifies the start and end timestamps in ISO 8601 format in Coordinated Universal Time (UTC). The segment's pointing data must cover this entire time range.

    " + }, + "azElList":{ + "shape":"TimeAzElList", + "documentation":"

    List of time-tagged azimuth elevation data points.

    Must contain at least five points to support 4th order Lagrange interpolation. Points must be in chronological order with no duplicates.

    " + } + }, + "documentation":"

    A time segment containing azimuth elevation pointing data.

    Each segment defines a continuous time period with pointing angle data points. AWS Ground Station uses 4th order Lagrange interpolation between the provided points, so each segment must contain at least five data points.

    " + }, + "AzElSegmentList":{ + "type":"list", + "member":{"shape":"AzElSegment"}, + "max":100, + "min":1 + }, + "AzElSegments":{ + "type":"structure", + "required":[ + "angleUnit", + "azElSegmentList" + ], + "members":{ + "angleUnit":{ + "shape":"AngleUnits", + "documentation":"

    The unit of measure for azimuth and elevation angles. All angles in all segments must use the same unit.

    " + }, + "azElSegmentList":{ + "shape":"AzElSegmentList", + "documentation":"

    List of azimuth elevation segments.

    Must contain between 1 and 100 segments. Segments must be in chronological order with no overlaps.

    " + } + }, + "documentation":"

    Azimuth elevation segment collection.

    Contains five or more time-ordered segments that define antenna pointing angles over the ephemeris validity period.

    " + }, + "AzElSegmentsData":{ + "type":"structure", + "members":{ + "s3Object":{ + "shape":"S3Object", + "documentation":"

    The Amazon S3 object containing azimuth elevation segment data.

    The Amazon S3 object must contain JSON-formatted azimuth elevation data matching the AzElSegments structure.

    " + }, + "azElData":{ + "shape":"AzElSegments", + "documentation":"

    Azimuth elevation segment data provided directly in the request.

    Use this option for smaller datasets or when Amazon S3 access is not available.

    " + } + }, + "documentation":"

    Container for azimuth elevation segment data.

    Specify either AzElSegmentsData$s3Object to reference data in Amazon S3, or AzElSegmentsData$azElData to provide data inline.

    ", + "union":true + }, "BandwidthUnits":{ "type":"string", "enum":[ @@ -780,8 +933,8 @@ "CapabilityHealth":{ "type":"string", "enum":[ - "UNHEALTHY", - "HEALTHY" + "HEALTHY", + "UNHEALTHY" ] }, "CapabilityHealthReason":{ @@ -805,39 +958,39 @@ "ComponentStatusData":{ "type":"structure", "required":[ - "capabilityArn", "componentType", - "dataflowId", - "status" + "capabilityArn", + "status", + "dataflowId" ], "members":{ - "bytesReceived":{ - "shape":"Long", - "documentation":"

    Bytes received by the component.

    " - }, - "bytesSent":{ - "shape":"Long", - "documentation":"

    Bytes sent by the component.

    " + "componentType":{ + "shape":"ComponentTypeString", + "documentation":"

    The Component type.

    " }, "capabilityArn":{ "shape":"CapabilityArn", "documentation":"

    Capability ARN of the component.

    " }, - "componentType":{ - "shape":"ComponentTypeString", - "documentation":"

    The Component type.

    " + "status":{ + "shape":"AgentStatus", + "documentation":"

    Component status.

    " }, - "dataflowId":{ - "shape":"Uuid", - "documentation":"

    Dataflow UUID associated with the component.

    " + "bytesSent":{ + "shape":"Long", + "documentation":"

    Bytes sent by the component.

    " + }, + "bytesReceived":{ + "shape":"Long", + "documentation":"

    Bytes received by the component.

    " }, "packetsDropped":{ "shape":"Long", "documentation":"

    Packets dropped by component.

    " }, - "status":{ - "shape":"AgentStatus", - "documentation":"

    Component status.

    " + "dataflowId":{ + "shape":"Uuid", + "documentation":"

    Dataflow UUID associated with the component.

    " } }, "documentation":"

    Data on the status of agent components.

    " @@ -850,7 +1003,7 @@ }, "ComponentTypeString":{ "type":"string", - "pattern":"^[a-zA-Z0-9_]{1,64}$" + "pattern":"[a-zA-Z0-9_]{1,64}" }, "ComponentVersion":{ "type":"structure", @@ -876,15 +1029,20 @@ "max":20, "min":1 }, - "ConfigArn":{"type":"string"}, + "ConfigArn":{ + "type":"string", + "max":424, + "min":82, + "pattern":"arn:aws:groundstation:[-a-z0-9]{1,50}:[0-9]{12}:config/[a-z0-9]+(-[a-z0-9]+){0,4}/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(/.{1,256})?" + }, "ConfigCapabilityType":{ "type":"string", "enum":[ "antenna-downlink", "antenna-downlink-demod-decode", - "antenna-uplink", - "dataflow-endpoint", "tracking", + "dataflow-endpoint", + "antenna-uplink", "uplink-echo", "s3-recording" ] @@ -892,11 +1050,11 @@ "ConfigDetails":{ "type":"structure", "members":{ + "endpointDetails":{"shape":"EndpointDetails"}, "antennaDemodDecodeDetails":{ "shape":"AntennaDemodDecodeDetails", "documentation":"

    Details for antenna demod decode Config in a contact.

    " }, - "endpointDetails":{"shape":"EndpointDetails"}, "s3RecordingDetails":{ "shape":"S3RecordingDetails", "documentation":"

    Details for an S3 recording Config in a contact.

    " @@ -908,10 +1066,6 @@ "ConfigIdResponse":{ "type":"structure", "members":{ - "configArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of a Config.

    " - }, "configId":{ "shape":"String", "documentation":"

    UUID of a Config.

    " @@ -919,6 +1073,10 @@ "configType":{ "shape":"ConfigCapabilityType", "documentation":"

    Type of a Config.

    " + }, + "configArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of a Config.

    " } }, "documentation":"

    " @@ -930,10 +1088,6 @@ "ConfigListItem":{ "type":"structure", "members":{ - "configArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of a Config.

    " - }, "configId":{ "shape":"String", "documentation":"

    UUID of a Config.

    " @@ -942,6 +1096,10 @@ "shape":"ConfigCapabilityType", "documentation":"

    Type of a Config.

    " }, + "configArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of a Config.

    " + }, "name":{ "shape":"String", "documentation":"

    Name of a Config.

    " @@ -956,6 +1114,14 @@ "shape":"AntennaDownlinkConfig", "documentation":"

    Information about how AWS Ground Station should configure an antenna for downlink during a contact.

    " }, + "trackingConfig":{ + "shape":"TrackingConfig", + "documentation":"

    Object that determines whether tracking should be used during a contact executed with this Config in the mission profile.

    " + }, + "dataflowEndpointConfig":{ + "shape":"DataflowEndpointConfig", + "documentation":"

    Information about the dataflow endpoint Config.

    " + }, "antennaDownlinkDemodDecodeConfig":{ "shape":"AntennaDownlinkDemodDecodeConfig", "documentation":"

    Information about how AWS Ground Station should configure an antenna for downlink demod decode during a contact.

    " @@ -964,21 +1130,13 @@ "shape":"AntennaUplinkConfig", "documentation":"

    Information about how AWS Ground Station should configure an antenna for uplink during a contact.

    " }, - "dataflowEndpointConfig":{ - "shape":"DataflowEndpointConfig", - "documentation":"

    Information about the dataflow endpoint Config.

    " + "uplinkEchoConfig":{ + "shape":"UplinkEchoConfig", + "documentation":"

    Information about an uplink echo Config.

    Parameters from the AntennaUplinkConfig, corresponding to the specified AntennaUplinkConfigArn, are used when this UplinkEchoConfig is used in a contact.

    " }, "s3RecordingConfig":{ "shape":"S3RecordingConfig", "documentation":"

    Information about an S3 recording Config.

    " - }, - "trackingConfig":{ - "shape":"TrackingConfig", - "documentation":"

    Object that determines whether tracking should be used during a contact executed with this Config in the mission profile.

    " - }, - "uplinkEchoConfig":{ - "shape":"UplinkEchoConfig", - "documentation":"

    Information about an uplink echo Config.

    Parameters from the AntennaUplinkConfig, corresponding to the specified AntennaUplinkConfigArn, are used when this UplinkEchoConfig is used in a contact.

    " } }, "documentation":"

    Object containing the parameters of a Config.

    See the subtype definitions for what each type of Config contains.

    ", @@ -988,13 +1146,13 @@ "type":"structure", "required":["socketAddress"], "members":{ - "mtu":{ - "shape":"Integer", - "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " - }, "socketAddress":{ "shape":"SocketAddress", "documentation":"

    A socket address.

    " + }, + "mtu":{ + "shape":"Integer", + "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " } }, "documentation":"

    Egress address of AgentEndpoint with an optional mtu.

    " @@ -1006,61 +1164,65 @@ "shape":"Uuid", "documentation":"

    UUID of a contact.

    " }, - "contactStatus":{ - "shape":"ContactStatus", - "documentation":"

    Status of a contact.

    " + "missionProfileArn":{ + "shape":"MissionProfileArn", + "documentation":"

    ARN of a mission profile.

    " + }, + "satelliteArn":{ + "shape":"satelliteArn", + "documentation":"

    ARN of a satellite.

    " + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

    Start time of a contact in UTC.

    " }, "endTime":{ "shape":"Timestamp", "documentation":"

    End time of a contact in UTC.

    " }, - "errorMessage":{ - "shape":"String", - "documentation":"

    Error message of a contact.

    " + "prePassStartTime":{ + "shape":"Timestamp", + "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " + }, + "postPassEndTime":{ + "shape":"Timestamp", + "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " }, "groundStation":{ "shape":"String", "documentation":"

    Name of a ground station.

    " }, + "contactStatus":{ + "shape":"ContactStatus", + "documentation":"

    Status of a contact.

    " + }, + "errorMessage":{ + "shape":"String", + "documentation":"

    Error message of a contact.

    " + }, "maximumElevation":{ "shape":"Elevation", "documentation":"

    Maximum elevation angle of a contact.

    " }, - "missionProfileArn":{ - "shape":"MissionProfileArn", - "documentation":"

    ARN of a mission profile.

    " - }, - "postPassEndTime":{ - "shape":"Timestamp", - "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " - }, - "prePassStartTime":{ - "shape":"Timestamp", - "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " - }, "region":{ "shape":"String", "documentation":"

    Region of a contact.

    " }, - "satelliteArn":{ - "shape":"satelliteArn", - "documentation":"

    ARN of a satellite.

    " - }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

    Start time of a contact in UTC.

    " - }, "tags":{ "shape":"TagsMap", "documentation":"

    Tags assigned to a contact.

    " }, + "visibilityStartTime":{ + "shape":"Timestamp", + "documentation":"

    Projected time in UTC your satellite will rise above the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts. This field is not present for contacts with a SCHEDULING or SCHEDULED status.

    " + }, "visibilityEndTime":{ "shape":"Timestamp", "documentation":"

    Projected time in UTC your satellite will set below the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts. This field is not present for contacts with a SCHEDULING or SCHEDULED status.

    " }, - "visibilityStartTime":{ - "shape":"Timestamp", - "documentation":"

    Projected time in UTC your satellite will rise above the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts. This field is not present for contacts with a SCHEDULING or SCHEDULED status.

    " + "ephemeris":{ + "shape":"EphemerisResponseData", + "documentation":"

    The ephemeris that determines antenna pointing for the contact.

    " } }, "documentation":"

    Data describing a contact.

    " @@ -1082,36 +1244,36 @@ "ContactStatus":{ "type":"string", "enum":[ - "AVAILABLE", - "AWS_CANCELLED", - "AWS_FAILED", - "CANCELLED", - "CANCELLING", - "COMPLETED", - "FAILED", + "SCHEDULING", "FAILED_TO_SCHEDULE", + "SCHEDULED", + "CANCELLED", + "AWS_CANCELLED", + "PREPASS", "PASS", "POSTPASS", - "PREPASS", - "SCHEDULED", - "SCHEDULING" + "COMPLETED", + "FAILED", + "AVAILABLE", + "CANCELLING", + "AWS_FAILED" ] }, "CreateConfigRequest":{ "type":"structure", "required":[ - "configData", - "name" + "name", + "configData" ], "members":{ - "configData":{ - "shape":"ConfigTypeData", - "documentation":"

    Parameters of a Config.

    " - }, "name":{ "shape":"SafeName", "documentation":"

    Name of a Config.

    " }, + "configData":{ + "shape":"ConfigTypeData", + "documentation":"

    Parameters of a Config.

    " + }, "tags":{ "shape":"TagsMap", "documentation":"

    Tags assigned to a Config.

    " @@ -1123,59 +1285,108 @@ "type":"structure", "required":["endpointDetails"], "members":{ + "endpointDetails":{ + "shape":"EndpointDetailsList", + "documentation":"

    Endpoint details of each endpoint in the dataflow endpoint group. All dataflow endpoints within a single dataflow endpoint group must be of the same type. You cannot mix AWS Ground Station Agent endpoints with Dataflow endpoints in the same group. If your use case requires both types of endpoints, you must create separate dataflow endpoint groups for each type.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    Tags of a dataflow endpoint group.

    " + }, + "contactPrePassDurationSeconds":{ + "shape":"DataflowEndpointGroupDurationInSeconds", + "documentation":"

    Amount of time, in seconds, before a contact starts that the Ground Station Dataflow Endpoint Group will be in a PREPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the PREPASS state.

    " + }, "contactPostPassDurationSeconds":{ "shape":"DataflowEndpointGroupDurationInSeconds", "documentation":"

    Amount of time, in seconds, after a contact ends that the Ground Station Dataflow Endpoint Group will be in a POSTPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the POSTPASS state.

    " + } + }, + "documentation":"

    " + }, + "CreateDataflowEndpointGroupV2Request":{ + "type":"structure", + "required":["endpoints"], + "members":{ + "endpoints":{ + "shape":"CreateEndpointDetailsList", + "documentation":"

    Dataflow endpoint group's endpoint definitions

    " }, "contactPrePassDurationSeconds":{ "shape":"DataflowEndpointGroupDurationInSeconds", "documentation":"

    Amount of time, in seconds, before a contact starts that the Ground Station Dataflow Endpoint Group will be in a PREPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the PREPASS state.

    " }, - "endpointDetails":{ - "shape":"EndpointDetailsList", - "documentation":"

    Endpoint details of each endpoint in the dataflow endpoint group.

    " + "contactPostPassDurationSeconds":{ + "shape":"DataflowEndpointGroupDurationInSeconds", + "documentation":"

    Amount of time, in seconds, after a contact ends that the Ground Station Dataflow Endpoint Group will be in a POSTPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the POSTPASS state.

    " }, "tags":{ "shape":"TagsMap", - "documentation":"

    Tags of a dataflow endpoint group.

    " + "documentation":"

    Tags of a V2 dataflow endpoint group.

    " + } + } + }, + "CreateDataflowEndpointGroupV2Response":{ + "type":"structure", + "members":{ + "dataflowEndpointGroupId":{ + "shape":"Uuid", + "documentation":"

    Dataflow endpoint group ID

    " + } + } + }, + "CreateEndpointDetails":{ + "type":"structure", + "members":{ + "uplinkAwsGroundStationAgentEndpoint":{ + "shape":"UplinkAwsGroundStationAgentEndpoint", + "documentation":"

    Definition for an uplink agent endpoint

    " + }, + "downlinkAwsGroundStationAgentEndpoint":{ + "shape":"DownlinkAwsGroundStationAgentEndpoint", + "documentation":"

    Definition for a downlink agent endpoint

    " } }, - "documentation":"

    " + "documentation":"

    Endpoint definition used for creating a dataflow endpoint

    ", + "union":true + }, + "CreateEndpointDetailsList":{ + "type":"list", + "member":{"shape":"CreateEndpointDetails"}, + "max":12, + "min":1 }, "CreateEphemerisRequest":{ "type":"structure", - "required":[ - "name", - "satelliteId" - ], + "required":["name"], "members":{ + "satelliteId":{ + "shape":"Uuid", + "documentation":"

    The satellite ID that associates this ephemeris with a satellite in AWS Ground Station.

    " + }, "enabled":{ "shape":"Boolean", - "documentation":"

    Whether to set the ephemeris status to ENABLED after validation.

    Setting this to false will set the ephemeris status to DISABLED after validation.

    " + "documentation":"

    Set to true to enable the ephemeris after validation. Set to false to keep it disabled.

    " }, - "ephemeris":{ - "shape":"EphemerisData", - "documentation":"

    Ephemeris data.

    " + "priority":{ + "shape":"CustomerEphemerisPriority", + "documentation":"

    A priority score that determines which ephemeris to use when multiple ephemerides overlap.

    Higher numbers take precedence. The default is 1. Must be 1 or greater.

    " }, "expirationTime":{ "shape":"Timestamp", "documentation":"

    An overall expiration time for the ephemeris in UTC, after which it will become EXPIRED.

    " }, - "kmsKeyArn":{ - "shape":"KeyArn", - "documentation":"

    The ARN of a KMS key used to encrypt the ephemeris in Ground Station.

    " - }, "name":{ "shape":"SafeName", - "documentation":"

    A name string associated with the ephemeris. Used as a human-readable identifier for the ephemeris.

    " + "documentation":"

    A name that you can use to identify the ephemeris.

    " }, - "priority":{ - "shape":"CustomerEphemerisPriority", - "documentation":"

    Customer-provided priority score to establish the order in which overlapping ephemerides should be used.

    The default for customer-provided ephemeris priority is 1, and higher numbers take precedence.

    Priority must be 1 or greater

    " + "kmsKeyArn":{ + "shape":"KeyArn", + "documentation":"

    The ARN of the KMS key to use for encrypting the ephemeris.

    " }, - "satelliteId":{ - "shape":"Uuid", - "documentation":"

    AWS Ground Station satellite ID for this ephemeris.

    " + "ephemeris":{ + "shape":"EphemerisData", + "documentation":"

    Ephemeris data.

    " }, "tags":{ "shape":"TagsMap", @@ -1186,31 +1397,39 @@ "CreateMissionProfileRequest":{ "type":"structure", "required":[ - "dataflowEdges", - "minimumViableContactDurationSeconds", "name", + "minimumViableContactDurationSeconds", + "dataflowEdges", "trackingConfigArn" ], "members":{ - "contactPostPassDurationSeconds":{ - "shape":"DurationInSeconds", - "documentation":"

    Amount of time after a contact ends that you’d like to receive a Ground Station Contact State Change event indicating the pass has finished.

    " + "name":{ + "shape":"SafeName", + "documentation":"

    Name of a mission profile.

    " }, "contactPrePassDurationSeconds":{ "shape":"DurationInSeconds", "documentation":"

    Amount of time prior to contact start you’d like to receive a Ground Station Contact State Change event indicating an upcoming pass.

    " }, - "dataflowEdges":{ - "shape":"DataflowEdgeList", - "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " + "contactPostPassDurationSeconds":{ + "shape":"DurationInSeconds", + "documentation":"

    Amount of time after a contact ends that you’d like to receive a Ground Station Contact State Change event indicating the pass has finished.

    " }, "minimumViableContactDurationSeconds":{ "shape":"PositiveDurationInSeconds", "documentation":"

    Smallest amount of time in seconds that you’d like to see for an available contact. AWS Ground Station will not present you with contacts shorter than this duration.

    " }, - "name":{ - "shape":"SafeName", - "documentation":"

    Name of a mission profile.

    " + "dataflowEdges":{ + "shape":"DataflowEdgeList", + "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " + }, + "trackingConfigArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of a tracking Config.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    Tags assigned to a mission profile.

    " }, "streamsKmsKey":{ "shape":"KmsKey", @@ -1219,14 +1438,6 @@ "streamsKmsRole":{ "shape":"RoleArn", "documentation":"

    Role to use for encrypting streams with KMS key.

    " - }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    Tags assigned to a mission profile.

    " - }, - "trackingConfigArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of a tracking Config.

    " } }, "documentation":"

    " @@ -1234,9 +1445,9 @@ "Criticality":{ "type":"string", "enum":[ + "REQUIRED", "PREFERRED", - "REMOVED", - "REQUIRED" + "REMOVED" ] }, "CustomerEphemerisPriority":{ @@ -1248,12 +1459,12 @@ "DataflowDetail":{ "type":"structure", "members":{ + "source":{"shape":"Source"}, "destination":{"shape":"Destination"}, "errorMessage":{ "shape":"String", "documentation":"

    Error message for a dataflow.

    " - }, - "source":{"shape":"Source"} + } }, "documentation":"

    Information about a dataflow edge used in a contact.

    " }, @@ -1272,21 +1483,21 @@ "DataflowEndpoint":{ "type":"structure", "members":{ - "address":{ - "shape":"SocketAddress", - "documentation":"

    Socket address of a dataflow endpoint.

    " - }, - "mtu":{ - "shape":"DataflowEndpointMtuInteger", - "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " - }, "name":{ "shape":"SafeName", "documentation":"

    Name of a dataflow endpoint.

    " }, + "address":{ + "shape":"SocketAddress", + "documentation":"

    Socket address of a dataflow endpoint.

    " + }, "status":{ "shape":"EndpointStatus", "documentation":"

    Status of a dataflow endpoint.

    " + }, + "mtu":{ + "shape":"DataflowEndpointMtuInteger", + "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " } }, "documentation":"

    Information about a dataflow endpoint.

    " @@ -1306,12 +1517,17 @@ }, "documentation":"

    Information about the dataflow endpoint Config.

    " }, - "DataflowEndpointGroupArn":{"type":"string"}, + "DataflowEndpointGroupArn":{ + "type":"string", + "max":146, + "min":97, + "pattern":"arn:aws:groundstation:[-a-z0-9]{1,50}:[0-9]{12}:dataflow-endpoint-group/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "DataflowEndpointGroupDurationInSeconds":{ "type":"integer", "box":true, "max":480, - "min":120 + "min":30 }, "DataflowEndpointGroupIdResponse":{ "type":"structure", @@ -1330,13 +1546,13 @@ "DataflowEndpointListItem":{ "type":"structure", "members":{ - "dataflowEndpointGroupArn":{ - "shape":"DataflowEndpointGroupArn", - "documentation":"

    ARN of a dataflow endpoint group.

    " - }, "dataflowEndpointGroupId":{ "shape":"Uuid", "documentation":"

    UUID of a dataflow endpoint group.

    " + }, + "dataflowEndpointGroupArn":{ + "shape":"DataflowEndpointGroupArn", + "documentation":"

    ARN of a dataflow endpoint group.

    " } }, "documentation":"

    Item in a list of DataflowEndpoint groups.

    " @@ -1467,65 +1683,73 @@ "shape":"Uuid", "documentation":"

    UUID of a contact.

    " }, - "contactStatus":{ - "shape":"ContactStatus", - "documentation":"

    Status of a contact.

    " + "missionProfileArn":{ + "shape":"MissionProfileArn", + "documentation":"

    ARN of a mission profile.

    " }, - "dataflowList":{ - "shape":"DataflowList", - "documentation":"

    List describing source and destination details for each dataflow edge.

    " + "satelliteArn":{ + "shape":"satelliteArn", + "documentation":"

    ARN of a satellite.

    " + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

    Start time of a contact in UTC.

    " }, "endTime":{ "shape":"Timestamp", "documentation":"

    End time of a contact in UTC.

    " }, - "errorMessage":{ - "shape":"String", - "documentation":"

    Error message for a contact.

    " + "prePassStartTime":{ + "shape":"Timestamp", + "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " + }, + "postPassEndTime":{ + "shape":"Timestamp", + "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " }, "groundStation":{ "shape":"String", "documentation":"

    Ground station for a contact.

    " }, + "contactStatus":{ + "shape":"ContactStatus", + "documentation":"

    Status of a contact.

    " + }, + "errorMessage":{ + "shape":"String", + "documentation":"

    Error message for a contact.

    " + }, "maximumElevation":{ "shape":"Elevation", "documentation":"

    Maximum elevation angle of a contact.

    " }, - "missionProfileArn":{ - "shape":"MissionProfileArn", - "documentation":"

    ARN of a mission profile.

    " - }, - "postPassEndTime":{ - "shape":"Timestamp", - "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " - }, - "prePassStartTime":{ - "shape":"Timestamp", - "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " + "tags":{ + "shape":"TagsMap", + "documentation":"

    Tags assigned to a contact.

    " }, "region":{ "shape":"String", "documentation":"

    Region of a contact.

    " }, - "satelliteArn":{ - "shape":"satelliteArn", - "documentation":"

    ARN of a satellite.

    " + "dataflowList":{ + "shape":"DataflowList", + "documentation":"

    List describing source and destination details for each dataflow edge.

    " }, - "startTime":{ + "visibilityStartTime":{ "shape":"Timestamp", - "documentation":"

    Start time of a contact in UTC.

    " - }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    Tags assigned to a contact.

    " + "documentation":"

    Projected time in UTC your satellite will rise above the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts.

    " }, "visibilityEndTime":{ "shape":"Timestamp", "documentation":"

    Projected time in UTC your satellite will set below the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts.

    " }, - "visibilityStartTime":{ - "shape":"Timestamp", - "documentation":"

    Projected time in UTC your satellite will rise above the receive mask. This time is based on the satellite's current active ephemeris for future contacts and the ephemeris that was active during contact execution for completed contacts.

    " + "trackingOverrides":{ + "shape":"TrackingOverrides", + "documentation":"

    Tracking configuration overrides specified when the contact was reserved.

    " + }, + "ephemeris":{ + "shape":"EphemerisResponseData", + "documentation":"

    The ephemeris that determines antenna pointing directions for the contact.

    " } }, "documentation":"

    " @@ -1545,30 +1769,10 @@ "DescribeEphemerisResponse":{ "type":"structure", "members":{ - "creationTime":{ - "shape":"Timestamp", - "documentation":"

    The time the ephemeris was uploaded in UTC.

    " - }, - "enabled":{ - "shape":"Boolean", - "documentation":"

    Whether or not the ephemeris is enabled.

    " - }, "ephemerisId":{ "shape":"Uuid", "documentation":"

    The AWS Ground Station ephemeris ID.

    " }, - "invalidReason":{ - "shape":"EphemerisInvalidReason", - "documentation":"

    Reason that an ephemeris failed validation. Only provided for ephemerides with INVALID status.

    " - }, - "name":{ - "shape":"SafeName", - "documentation":"

    A name string associated with the ephemeris. Used as a human-readable identifier for the ephemeris.

    " - }, - "priority":{ - "shape":"EphemerisPriority", - "documentation":"

    Customer-provided priority score to establish the order in which overlapping ephemerides should be used.

    The default for customer-provided ephemeris priority is 1, and higher numbers take precedence.

    Priority must be 1 or greater

    " - }, "satelliteId":{ "shape":"Uuid", "documentation":"

    The AWS Ground Station satellite ID associated with ephemeris.

    " @@ -1577,30 +1781,54 @@ "shape":"EphemerisStatus", "documentation":"

    The status of the ephemeris.

    " }, - "suppliedData":{ - "shape":"EphemerisTypeDescription", - "documentation":"

    Supplied ephemeris data.

    " + "priority":{ + "shape":"EphemerisPriority", + "documentation":"

    A priority score that determines which ephemeris to use when multiple ephemerides overlap.

    Higher numbers take precedence. The default is 1. Must be 1 or greater.

    " + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    The time the ephemeris was uploaded in UTC.

    " + }, + "enabled":{ + "shape":"Boolean", + "documentation":"

    Whether or not the ephemeris is enabled.

    " + }, + "name":{ + "shape":"SafeName", + "documentation":"

    A name that you can use to identify the ephemeris.

    " }, "tags":{ "shape":"TagsMap", "documentation":"

    Tags assigned to an ephemeris.

    " + }, + "suppliedData":{ + "shape":"EphemerisTypeDescription", + "documentation":"

    Supplied ephemeris data.

    " + }, + "invalidReason":{ + "shape":"EphemerisInvalidReason", + "documentation":"

    Reason that an ephemeris failed validation. Appears only when the status is INVALID.

    " + }, + "errorReasons":{ + "shape":"EphemerisErrorReasonList", + "documentation":"

    Detailed error information for ephemerides with INVALID status.

    Provides specific error codes and messages to help diagnose validation failures.

    " } } }, "Destination":{ "type":"structure", "members":{ - "configDetails":{ - "shape":"ConfigDetails", - "documentation":"

    Additional details for a Config, if type is dataflow endpoint or antenna demod decode.

    " + "configType":{ + "shape":"ConfigCapabilityType", + "documentation":"

    Type of a Config.

    " }, "configId":{ "shape":"Uuid", "documentation":"

    UUID of a Config.

    " }, - "configType":{ - "shape":"ConfigCapabilityType", - "documentation":"

    Type of a Config.

    " + "configDetails":{ + "shape":"ConfigDetails", + "documentation":"

    Additional details for a Config, if type is dataflow endpoint or antenna demod decode.

    " }, "dataflowDestinationRegion":{ "shape":"String", @@ -1612,22 +1840,22 @@ "DiscoveryData":{ "type":"structure", "required":[ - "capabilityArns", + "publicIpAddresses", "privateIpAddresses", - "publicIpAddresses" + "capabilityArns" ], "members":{ - "capabilityArns":{ - "shape":"CapabilityArnList", - "documentation":"

    List of capabilities to associate with agent.

    " + "publicIpAddresses":{ + "shape":"IpAddressList", + "documentation":"

    List of public IP addresses to associate with agent.

    " }, "privateIpAddresses":{ "shape":"IpAddressList", "documentation":"

    List of private IP addresses to associate with agent.

    " }, - "publicIpAddresses":{ - "shape":"IpAddressList", - "documentation":"

    List of public IP addresses to associate with agent.

    " + "capabilityArns":{ + "shape":"CapabilityArnList", + "documentation":"

    List of capabilities to associate with agent.

    " } }, "documentation":"

    Data for agent discovery.

    " @@ -1636,6 +1864,73 @@ "type":"double", "box":true }, + "DownlinkAwsGroundStationAgentEndpoint":{ + "type":"structure", + "required":[ + "name", + "dataflowDetails" + ], + "members":{ + "name":{ + "shape":"SafeName", + "documentation":"

    Downlink dataflow endpoint name

    " + }, + "dataflowDetails":{ + "shape":"DownlinkDataflowDetails", + "documentation":"

    Dataflow details for the downlink endpoint

    " + } + }, + "documentation":"

    Definition for a downlink agent endpoint

    " + }, + "DownlinkAwsGroundStationAgentEndpointDetails":{ + "type":"structure", + "required":[ + "name", + "dataflowDetails" + ], + "members":{ + "name":{ + "shape":"SafeName", + "documentation":"

    Downlink dataflow endpoint name

    " + }, + "dataflowDetails":{ + "shape":"DownlinkDataflowDetails", + "documentation":"

    Dataflow details for the downlink endpoint

    " + }, + "agentStatus":{ + "shape":"AgentStatus", + "documentation":"

    Status of the agent associated with the downlink dataflow endpoint

    " + }, + "auditResults":{ + "shape":"AuditResults", + "documentation":"

    Health audit results for the downlink dataflow endpoint

    " + } + }, + "documentation":"

    Details for a downlink agent endpoint

    " + }, + "DownlinkConnectionDetails":{ + "type":"structure", + "required":[ + "agentIpAndPortAddress", + "egressAddressAndPort" + ], + "members":{ + "agentIpAndPortAddress":{"shape":"RangedConnectionDetails"}, + "egressAddressAndPort":{"shape":"ConnectionDetails"} + }, + "documentation":"

    Connection details for Ground Station to Agent and Agent to customer

    " + }, + "DownlinkDataflowDetails":{ + "type":"structure", + "members":{ + "agentConnectionDetails":{ + "shape":"DownlinkConnectionDetails", + "documentation":"

    Downlink connection details for customer to Agent and Agent to Ground Station

    " + } + }, + "documentation":"

    Dataflow details for a downlink endpoint

    ", + "union":true + }, "DurationInSeconds":{ "type":"integer", "box":true, @@ -1645,17 +1940,17 @@ "Eirp":{ "type":"structure", "required":[ - "units", - "value" + "value", + "units" ], "members":{ - "units":{ - "shape":"EirpUnits", - "documentation":"

    Units of an EIRP.

    " - }, "value":{ "shape":"Double", "documentation":"

    Value of an EIRP. Valid values are between 20.0 to 50.0 dBW.

    " + }, + "units":{ + "shape":"EirpUnits", + "documentation":"

    Units of an EIRP.

    " } }, "documentation":"

    Object that represents EIRP.

    " @@ -1667,17 +1962,17 @@ "Elevation":{ "type":"structure", "required":[ - "unit", - "value" + "value", + "unit" ], "members":{ - "unit":{ - "shape":"AngleUnits", - "documentation":"

    Elevation angle units.

    " - }, "value":{ "shape":"Double", "documentation":"

    Elevation angle value.

    " + }, + "unit":{ + "shape":"AngleUnits", + "documentation":"

    Elevation angle units.

    " } }, "documentation":"

    Elevation angle of the satellite in the sky during a contact.

    " @@ -1685,25 +1980,33 @@ "EndpointDetails":{ "type":"structure", "members":{ - "awsGroundStationAgentEndpoint":{ - "shape":"AwsGroundStationAgentEndpoint", - "documentation":"

    An agent endpoint.

    " + "securityDetails":{ + "shape":"SecurityDetails", + "documentation":"

    Endpoint security details including a list of subnets, a list of security groups and a role to connect streams to instances.

    " }, "endpoint":{ "shape":"DataflowEndpoint", "documentation":"

    A dataflow endpoint.

    " }, - "healthReasons":{ - "shape":"CapabilityHealthReasonList", - "documentation":"

    Health reasons for a dataflow endpoint. This field is ignored when calling CreateDataflowEndpointGroup.

    " + "awsGroundStationAgentEndpoint":{ + "shape":"AwsGroundStationAgentEndpoint", + "documentation":"

    An agent endpoint.

    " + }, + "uplinkAwsGroundStationAgentEndpoint":{ + "shape":"UplinkAwsGroundStationAgentEndpointDetails", + "documentation":"

    Definition for an uplink agent endpoint

    " + }, + "downlinkAwsGroundStationAgentEndpoint":{ + "shape":"DownlinkAwsGroundStationAgentEndpointDetails", + "documentation":"

    Definition for a downlink agent endpoint

    " }, "healthStatus":{ "shape":"CapabilityHealth", "documentation":"

    A dataflow endpoint health status. This field is ignored when calling CreateDataflowEndpointGroup.

    " }, - "securityDetails":{ - "shape":"SecurityDetails", - "documentation":"

    Endpoint security details including a list of subnets, a list of security groups and a role to connect streams to instances.

    " + "healthReasons":{ + "shape":"CapabilityHealthReasonList", + "documentation":"

    Health reasons for a dataflow endpoint. This field is ignored when calling CreateDataflowEndpointGroup.

    " } }, "documentation":"

    Information about the endpoint details.

    " @@ -1733,8 +2036,9 @@ "EphemerisData":{ "type":"structure", "members":{ + "tle":{"shape":"TLEEphemeris"}, "oem":{"shape":"OEMEphemeris"}, - "tle":{"shape":"TLEEphemeris"} + "azEl":{"shape":"AzElEphemeris"} }, "documentation":"

    Ephemeris data.

    ", "union":true @@ -1742,17 +2046,95 @@ "EphemerisDescription":{ "type":"structure", "members":{ + "sourceS3Object":{ + "shape":"S3Object", + "documentation":"

    Source Amazon S3 object used for the ephemeris.

    " + }, "ephemerisData":{ "shape":"UnboundedString", "documentation":"

    Supplied ephemeris data.

    " - }, - "sourceS3Object":{ - "shape":"S3Object", - "documentation":"

    Source S3 object used for the ephemeris.

    " } }, "documentation":"

    Description of ephemeris.

    " }, + "EphemerisErrorCode":{ + "type":"string", + "enum":[ + "INTERNAL_ERROR", + "MISMATCHED_SATCAT_ID", + "OEM_VERSION_UNSUPPORTED", + "ORIGINATOR_MISSING", + "CREATION_DATE_MISSING", + "OBJECT_NAME_MISSING", + "OBJECT_ID_MISSING", + "REF_FRAME_UNSUPPORTED", + "REF_FRAME_EPOCH_UNSUPPORTED", + "TIME_SYSTEM_UNSUPPORTED", + "CENTER_BODY_UNSUPPORTED", + "INTERPOLATION_MISSING", + "INTERPOLATION_DEGREE_INVALID", + "AZ_EL_SEGMENT_LIST_MISSING", + "INSUFFICIENT_TIME_AZ_EL", + "START_TIME_IN_FUTURE", + "END_TIME_IN_PAST", + "EXPIRATION_TIME_TOO_EARLY", + "START_TIME_METADATA_TOO_EARLY", + "STOP_TIME_METADATA_TOO_LATE", + "AZ_EL_SEGMENT_END_TIME_BEFORE_START_TIME", + "AZ_EL_SEGMENT_TIMES_OVERLAP", + "AZ_EL_SEGMENTS_OUT_OF_ORDER", + "TIME_AZ_EL_ITEMS_OUT_OF_ORDER", + "MEAN_MOTION_INVALID", + "TIME_AZ_EL_AZ_RADIAN_RANGE_INVALID", + "TIME_AZ_EL_EL_RADIAN_RANGE_INVALID", + "TIME_AZ_EL_AZ_DEGREE_RANGE_INVALID", + "TIME_AZ_EL_EL_DEGREE_RANGE_INVALID", + "TIME_AZ_EL_ANGLE_UNITS_INVALID", + "INSUFFICIENT_KMS_PERMISSIONS", + "FILE_FORMAT_INVALID", + "AZ_EL_SEGMENT_REFERENCE_EPOCH_INVALID", + "AZ_EL_SEGMENT_START_TIME_INVALID", + "AZ_EL_SEGMENT_END_TIME_INVALID", + "AZ_EL_SEGMENT_VALID_TIME_RANGE_INVALID", + "AZ_EL_SEGMENT_END_TIME_TOO_LATE", + "AZ_EL_TOTAL_DURATION_EXCEEDED" + ] + }, + "EphemerisErrorReason":{ + "type":"structure", + "required":[ + "errorCode", + "errorMessage" + ], + "members":{ + "errorCode":{ + "shape":"EphemerisErrorCode", + "documentation":"

    The error code identifying the type of validation failure.

    See the Troubleshooting Invalid Ephemerides guide for error code details.

    " + }, + "errorMessage":{ + "shape":"ErrorString", + "documentation":"

    A human-readable message describing the validation failure.

    Provides specific details about what failed and may include suggestions for remediation.

    " + } + }, + "documentation":"

    Detailed error information for ephemeris validation failures.

    Provides an error code and descriptive message to help diagnose and resolve validation issues.

    " + }, + "EphemerisErrorReasonList":{ + "type":"list", + "member":{"shape":"EphemerisErrorReason"}, + "max":50, + "min":1 + }, + "EphemerisFilter":{ + "type":"structure", + "members":{ + "azEl":{ + "shape":"AzElEphemerisFilter", + "documentation":"

    Filter for AzElEphemeris.

    " + } + }, + "documentation":"

    Filter for selecting contacts that use a specific ephemeris\".

    ", + "union":true + }, "EphemerisIdResponse":{ "type":"structure", "members":{ @@ -1775,33 +2157,37 @@ "EphemerisItem":{ "type":"structure", "members":{ - "creationTime":{ - "shape":"Timestamp", - "documentation":"

    The time the ephemeris was uploaded in UTC.

    " + "ephemerisId":{ + "shape":"Uuid", + "documentation":"

    The AWS Ground Station ephemeris ID.

    " + }, + "ephemerisType":{ + "shape":"EphemerisType", + "documentation":"

    The type of ephemeris.

    " + }, + "status":{ + "shape":"EphemerisStatus", + "documentation":"

    The status of the ephemeris.

    " + }, + "priority":{ + "shape":"EphemerisPriority", + "documentation":"

    A priority score that determines which ephemeris to use when multiple ephemerides overlap.

    Higher numbers take precedence. The default is 1. Must be 1 or greater.

    " }, "enabled":{ "shape":"Boolean", "documentation":"

    Whether or not the ephemeris is enabled.

    " }, - "ephemerisId":{ - "shape":"Uuid", - "documentation":"

    The AWS Ground Station ephemeris ID.

    " + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    The time the ephemeris was uploaded in UTC.

    " }, "name":{ "shape":"SafeName", - "documentation":"

    A name string associated with the ephemeris. Used as a human-readable identifier for the ephemeris.

    " - }, - "priority":{ - "shape":"EphemerisPriority", - "documentation":"

    Customer-provided priority score to establish the order in which overlapping ephemerides should be used.

    The default for customer-provided ephemeris priority is 1, and higher numbers take precedence.

    Priority must be 1 or greater

    " + "documentation":"

    A name that you can use to identify the ephemeris.

    " }, "sourceS3Object":{ "shape":"S3Object", - "documentation":"

    Source S3 object used for the ephemeris.

    " - }, - "status":{ - "shape":"EphemerisStatus", - "documentation":"

    The status of the ephemeris.

    " + "documentation":"

    Source Amazon S3 object used for the ephemeris.

    " } }, "documentation":"

    Ephemeris item.

    " @@ -1810,6 +2196,10 @@ "type":"structure", "required":["source"], "members":{ + "source":{ + "shape":"EphemerisSource", + "documentation":"

    The EphemerisSource that generated a given ephemeris.

    " + }, "ephemerisId":{ "shape":"Uuid", "documentation":"

    UUID of a customer-provided ephemeris.

    This field is not populated for default ephemerides from Space Track.

    " @@ -1821,10 +2211,6 @@ "name":{ "shape":"SafeName", "documentation":"

    A name string associated with the ephemeris. Used as a human-readable identifier for the ephemeris.

    A name is only returned for customer-provider ephemerides that have a name associated.

    " - }, - "source":{ - "shape":"EphemerisSource", - "documentation":"

    The EphemerisSource that generated a given ephemeris.

    " } }, "documentation":"

    Metadata describing a particular ephemeris.

    " @@ -1835,6 +2221,21 @@ "max":99999, "min":0 }, + "EphemerisResponseData":{ + "type":"structure", + "required":["ephemerisType"], + "members":{ + "ephemerisId":{ + "shape":"Uuid", + "documentation":"

    Unique identifier of the ephemeris. Appears only for custom ephemerides.

    " + }, + "ephemerisType":{ + "shape":"EphemerisType", + "documentation":"

    Type of ephemeris.

    " + } + }, + "documentation":"

    Ephemeris data for a contact.

    " + }, "EphemerisSource":{ "type":"string", "enum":[ @@ -1859,29 +2260,44 @@ "max":500, "min":0 }, + "EphemerisType":{ + "type":"string", + "enum":[ + "TLE", + "OEM", + "AZ_EL", + "SERVICE_MANAGED" + ] + }, "EphemerisTypeDescription":{ "type":"structure", "members":{ + "tle":{"shape":"EphemerisDescription"}, "oem":{"shape":"EphemerisDescription"}, - "tle":{"shape":"EphemerisDescription"} + "azEl":{"shape":"EphemerisDescription"} }, "documentation":"

    ", "union":true }, + "ErrorString":{ + "type":"string", + "max":1000, + "min":0 + }, "Frequency":{ "type":"structure", "required":[ - "units", - "value" + "value", + "units" ], "members":{ - "units":{ - "shape":"FrequencyUnits", - "documentation":"

    Frequency units.

    " - }, "value":{ "shape":"Double", "documentation":"

    Frequency value. Valid values are between 2200 to 2300 MHz and 7750 to 8400 MHz for downlink and 2025 to 2120 MHz for uplink.

    " + }, + "units":{ + "shape":"FrequencyUnits", + "documentation":"

    Frequency units.

    " } }, "documentation":"

    Object that describes the frequency.

    " @@ -1889,17 +2305,17 @@ "FrequencyBandwidth":{ "type":"structure", "required":[ - "units", - "value" + "value", + "units" ], "members":{ - "units":{ - "shape":"BandwidthUnits", - "documentation":"

    Frequency bandwidth units.

    " - }, "value":{ "shape":"Double", "documentation":"

    Frequency bandwidth value. AWS Ground Station currently has the following bandwidth limitations:

    • For AntennaDownlinkDemodDecodeconfig, valid values are between 125 kHz to 650 MHz.

    • For AntennaDownlinkconfig, valid values are between 10 kHz to 54 MHz.

    • For AntennaUplinkConfig, valid values are between 10 kHz to 54 MHz.

    " + }, + "units":{ + "shape":"BandwidthUnits", + "documentation":"

    Frequency bandwidth units.

    " } }, "documentation":"

    Object that describes the frequency bandwidth.

    " @@ -1937,6 +2353,49 @@ } } }, + "GetAgentTaskResponseUrlRequest":{ + "type":"structure", + "required":[ + "agentId", + "taskId" + ], + "members":{ + "agentId":{ + "shape":"Uuid", + "documentation":"

    UUID of agent requesting the response URL.

    ", + "location":"uri", + "locationName":"agentId" + }, + "taskId":{ + "shape":"Uuid", + "documentation":"

    GUID of the agent task for which the response URL is being requested.

    ", + "location":"uri", + "locationName":"taskId" + } + } + }, + "GetAgentTaskResponseUrlResponse":{ + "type":"structure", + "required":[ + "agentId", + "taskId", + "presignedLogUrl" + ], + "members":{ + "agentId":{ + "shape":"Uuid", + "documentation":"

    UUID of the agent.

    " + }, + "taskId":{ + "shape":"Uuid", + "documentation":"

    GUID of the agent task.

    " + }, + "presignedLogUrl":{ + "shape":"String", + "documentation":"

    Presigned URL for uploading agent task response logs.

    " + } + } + }, "GetConfigRequest":{ "type":"structure", "required":[ @@ -1962,31 +2421,31 @@ "GetConfigResponse":{ "type":"structure", "required":[ - "configArn", - "configData", "configId", - "name" + "configArn", + "name", + "configData" ], "members":{ + "configId":{ + "shape":"String", + "documentation":"

    UUID of a Config.

    " + }, "configArn":{ "shape":"ConfigArn", "documentation":"

    ARN of a Config

    " }, - "configData":{ - "shape":"ConfigTypeData", - "documentation":"

    Data elements in a Config.

    " - }, - "configId":{ + "name":{ "shape":"String", - "documentation":"

    UUID of a Config.

    " + "documentation":"

    Name of a Config.

    " }, "configType":{ "shape":"ConfigCapabilityType", "documentation":"

    Type of a Config.

    " }, - "name":{ - "shape":"String", - "documentation":"

    Name of a Config.

    " + "configData":{ + "shape":"ConfigTypeData", + "documentation":"

    Data elements in a Config.

    " }, "tags":{ "shape":"TagsMap", @@ -2011,22 +2470,14 @@ "GetDataflowEndpointGroupResponse":{ "type":"structure", "members":{ - "contactPostPassDurationSeconds":{ - "shape":"DataflowEndpointGroupDurationInSeconds", - "documentation":"

    Amount of time, in seconds, after a contact ends that the Ground Station Dataflow Endpoint Group will be in a POSTPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the POSTPASS state.

    " - }, - "contactPrePassDurationSeconds":{ - "shape":"DataflowEndpointGroupDurationInSeconds", - "documentation":"

    Amount of time, in seconds, before a contact starts that the Ground Station Dataflow Endpoint Group will be in a PREPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the PREPASS state.

    " + "dataflowEndpointGroupId":{ + "shape":"Uuid", + "documentation":"

    UUID of a dataflow endpoint group.

    " }, "dataflowEndpointGroupArn":{ "shape":"DataflowEndpointGroupArn", "documentation":"

    ARN of a dataflow endpoint group.

    " }, - "dataflowEndpointGroupId":{ - "shape":"Uuid", - "documentation":"

    UUID of a dataflow endpoint group.

    " - }, "endpointsDetails":{ "shape":"EndpointDetailsList", "documentation":"

    Details of a dataflow endpoint.

    " @@ -2034,6 +2485,14 @@ "tags":{ "shape":"TagsMap", "documentation":"

    Tags assigned to a dataflow endpoint group.

    " + }, + "contactPrePassDurationSeconds":{ + "shape":"DataflowEndpointGroupDurationInSeconds", + "documentation":"

    Amount of time, in seconds, before a contact starts that the Ground Station Dataflow Endpoint Group will be in a PREPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the PREPASS state.

    " + }, + "contactPostPassDurationSeconds":{ + "shape":"DataflowEndpointGroupDurationInSeconds", + "documentation":"

    Amount of time, in seconds, after a contact ends that the Ground Station Dataflow Endpoint Group will be in a POSTPASS state. A Ground Station Dataflow Endpoint Group State Change event will be emitted when the Dataflow Endpoint Group enters and exits the POSTPASS state.

    " } }, "documentation":"

    " @@ -2059,10 +2518,6 @@ "GetMinuteUsageResponse":{ "type":"structure", "members":{ - "estimatedMinutesRemaining":{ - "shape":"Integer", - "documentation":"

    Estimated number of minutes remaining for an account, specific to the month being requested.

    " - }, "isReservedMinutesCustomer":{ "shape":"Boolean", "documentation":"

    Returns whether or not an account has signed up for the reserved minutes pricing plan, specific to the month being requested.

    " @@ -2071,13 +2526,17 @@ "shape":"Integer", "documentation":"

    Total number of reserved minutes allocated, specific to the month being requested.

    " }, + "upcomingMinutesScheduled":{ + "shape":"Integer", + "documentation":"

    Upcoming minutes scheduled for an account, specific to the month being requested.

    " + }, "totalScheduledMinutes":{ "shape":"Integer", "documentation":"

    Total scheduled minutes for an account, specific to the month being requested.

    " }, - "upcomingMinutesScheduled":{ + "estimatedMinutesRemaining":{ "shape":"Integer", - "documentation":"

    Upcoming minutes scheduled for an account, specific to the month being requested.

    " + "documentation":"

    Estimated number of minutes remaining for an account, specific to the month being requested.

    " } }, "documentation":"

    " @@ -2098,30 +2557,14 @@ "GetMissionProfileResponse":{ "type":"structure", "members":{ - "contactPostPassDurationSeconds":{ - "shape":"DurationInSeconds", - "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " - }, - "contactPrePassDurationSeconds":{ - "shape":"DurationInSeconds", - "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " - }, - "dataflowEdges":{ - "shape":"DataflowEdgeList", - "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " - }, - "minimumViableContactDurationSeconds":{ - "shape":"PositiveDurationInSeconds", - "documentation":"

    Smallest amount of time in seconds that you’d like to see for an available contact. AWS Ground Station will not present you with contacts shorter than this duration.

    " + "missionProfileId":{ + "shape":"Uuid", + "documentation":"

    UUID of a mission profile.

    " }, "missionProfileArn":{ "shape":"MissionProfileArn", "documentation":"

    ARN of a mission profile.

    " }, - "missionProfileId":{ - "shape":"Uuid", - "documentation":"

    UUID of a mission profile.

    " - }, "name":{ "shape":"SafeName", "documentation":"

    Name of a mission profile.

    " @@ -2130,6 +2573,30 @@ "shape":"AWSRegion", "documentation":"

    Region of a mission profile.

    " }, + "contactPrePassDurationSeconds":{ + "shape":"DurationInSeconds", + "documentation":"

    Amount of time prior to contact start you’d like to receive a CloudWatch event indicating an upcoming pass.

    " + }, + "contactPostPassDurationSeconds":{ + "shape":"DurationInSeconds", + "documentation":"

    Amount of time after a contact ends that you’d like to receive a CloudWatch event indicating the pass has finished.

    " + }, + "minimumViableContactDurationSeconds":{ + "shape":"PositiveDurationInSeconds", + "documentation":"

    Smallest amount of time in seconds that you’d like to see for an available contact. AWS Ground Station will not present you with contacts shorter than this duration.

    " + }, + "dataflowEdges":{ + "shape":"DataflowEdgeList", + "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " + }, + "trackingConfigArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of a tracking Config.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    Tags assigned to a mission profile.

    " + }, "streamsKmsKey":{ "shape":"KmsKey", "documentation":"

    KMS key to use for encrypting streams.

    " @@ -2137,14 +2604,6 @@ "streamsKmsRole":{ "shape":"RoleArn", "documentation":"

    Role to use for encrypting streams with KMS key.

    " - }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    Tags assigned to a mission profile.

    " - }, - "trackingConfigArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of a tracking Config.

    " } }, "documentation":"

    " @@ -2165,25 +2624,25 @@ "GetSatelliteResponse":{ "type":"structure", "members":{ - "currentEphemeris":{ - "shape":"EphemerisMetaData", - "documentation":"

    The current ephemeris being used to compute the trajectory of the satellite.

    " + "satelliteId":{ + "shape":"Uuid", + "documentation":"

    UUID of a satellite.

    " }, - "groundStations":{ - "shape":"GroundStationIdList", - "documentation":"

    A list of ground stations to which the satellite is on-boarded.

    " + "satelliteArn":{ + "shape":"satelliteArn", + "documentation":"

    ARN of a satellite.

    " }, "noradSatelliteID":{ "shape":"noradSatelliteID", "documentation":"

    NORAD satellite ID number.

    " }, - "satelliteArn":{ - "shape":"satelliteArn", - "documentation":"

    ARN of a satellite.

    " + "groundStations":{ + "shape":"GroundStationIdList", + "documentation":"

    A list of ground stations to which the satellite is on-boarded.

    " }, - "satelliteId":{ - "shape":"Uuid", - "documentation":"

    UUID of a satellite.

    " + "currentEphemeris":{ + "shape":"EphemerisMetaData", + "documentation":"

    The current ephemeris being used to compute the trajectory of the satellite.

    " } }, "documentation":"

    " @@ -2220,19 +2679,37 @@ "type":"string", "max":500, "min":4, - "pattern":"^[ a-zA-Z0-9-._:=]{4,256}$" + "pattern":"[ a-zA-Z0-9-._:=]{4,256}" + }, + "ISO8601TimeRange":{ + "type":"structure", + "required":[ + "startTime", + "endTime" + ], + "members":{ + "startTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    Start time in ISO 8601 format in Coordinated Universal Time (UTC).

    Example: 2026-11-15T10:28:48.000Z

    " + }, + "endTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    End time in ISO 8601 format in Coordinated Universal Time (UTC).

    Example: 2024-01-15T12:00:00.000Z

    " + } + }, + "documentation":"

    Time range specified using ISO 8601 format timestamps.

    " }, "InstanceId":{ "type":"string", "max":64, "min":10, - "pattern":"^[a-z0-9-]{10,64}$" + "pattern":"[a-z0-9-]{10,64}" }, "InstanceType":{ "type":"string", "max":64, "min":1, - "pattern":"^[a-z0-9.-]{1,64}$" + "pattern":"[a-z0-9.-]{1,64}" }, "Integer":{ "type":"integer", @@ -2241,17 +2718,17 @@ "IntegerRange":{ "type":"structure", "required":[ - "maximum", - "minimum" + "minimum", + "maximum" ], "members":{ - "maximum":{ - "shape":"Integer", - "documentation":"

    A maximum value.

    " - }, "minimum":{ "shape":"Integer", "documentation":"

    A minimum value.

    " + }, + "maximum":{ + "shape":"Integer", + "documentation":"

    A maximum value.

    " } }, "documentation":"

    An integer range that has a minimum and maximum value.

    " @@ -2282,30 +2759,34 @@ "type":"string", "max":16, "min":7, - "pattern":"^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$" + "pattern":"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}" }, "JsonString":{ "type":"string", "max":8192, "min":2, - "pattern":"^[{}\\[\\]:.,\"0-9A-z\\-_\\s]{2,8192}$" + "pattern":"[{}\\[\\]:.,\"0-9A-Za-z\\-_\\s]{2,8192}" }, "KeyAliasArn":{ "type":"string", "max":512, "min":1, - "pattern":"^arn:aws[a-zA-Z-]{0,16}:kms:[a-z]{2}(-[a-z]{1,16}){1,3}-\\d{1}:\\d{12}:((alias/[a-zA-Z0-9:/_-]{1,256}))$" + "pattern":"arn:aws[a-zA-Z-]{0,16}:kms:[-a-z0-9]{1,50}:[0-9]{12}:((alias/[a-zA-Z0-9:/_-]{1,256}))" }, "KeyAliasName":{ "type":"string", "max":256, "min":1, - "pattern":"^alias/[a-zA-Z0-9:/_-]+$" + "pattern":"alias/[a-zA-Z0-9:/_-]+" }, "KeyArn":{"type":"string"}, "KmsKey":{ "type":"structure", "members":{ + "kmsKeyArn":{ + "shape":"KeyArn", + "documentation":"

    KMS Key Arn.

    " + }, "kmsAliasArn":{ "shape":"KeyAliasArn", "documentation":"

    KMS Alias Arn.

    " @@ -2313,13 +2794,9 @@ "kmsAliasName":{ "shape":"KeyAliasName", "documentation":"

    KMS Alias Name.

    " - }, - "kmsKeyArn":{ - "shape":"KeyArn", - "documentation":"

    KMS Key Arn.

    " } }, - "documentation":"

    AWS Key Management Service (KMS) Key.

    ", + "documentation":"

    KMS key info.

    ", "union":true }, "ListConfigsRequest":{ @@ -2343,13 +2820,13 @@ "ListConfigsResponse":{ "type":"structure", "members":{ - "configList":{ - "shape":"ConfigList", - "documentation":"

    List of Config items.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token returned in the response of a previous ListConfigs call. Used to get the next page of results.

    " + }, + "configList":{ + "shape":"ConfigList", + "documentation":"

    List of Config items.

    " } }, "documentation":"

    " @@ -2357,42 +2834,46 @@ "ListContactsRequest":{ "type":"structure", "required":[ - "endTime", + "statusList", "startTime", - "statusList" + "endTime" ], "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

    End time of a contact in UTC.

    " - }, - "groundStation":{ - "shape":"GroundStationName", - "documentation":"

    Name of a ground station.

    " - }, "maxResults":{ "shape":"PaginationMaxResults", "documentation":"

    Maximum number of contacts returned.

    " }, - "missionProfileArn":{ - "shape":"MissionProfileArn", - "documentation":"

    ARN of a mission profile.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token returned in the request of a previous ListContacts call. Used to get the next page of results.

    " }, - "satelliteArn":{ - "shape":"satelliteArn", - "documentation":"

    ARN of a satellite.

    " + "statusList":{ + "shape":"StatusList", + "documentation":"

    Status of a contact reservation.

    " }, "startTime":{ "shape":"Timestamp", "documentation":"

    Start time of a contact in UTC.

    " }, - "statusList":{ - "shape":"StatusList", - "documentation":"

    Status of a contact reservation.

    " + "endTime":{ + "shape":"Timestamp", + "documentation":"

    End time of a contact in UTC.

    " + }, + "groundStation":{ + "shape":"GroundStationName", + "documentation":"

    Name of a ground station.

    " + }, + "satelliteArn":{ + "shape":"satelliteArn", + "documentation":"

    ARN of a satellite.

    " + }, + "missionProfileArn":{ + "shape":"MissionProfileArn", + "documentation":"

    ARN of a mission profile.

    " + }, + "ephemeris":{ + "shape":"EphemerisFilter", + "documentation":"

    Filter for selecting contacts that use a specific ephemeris\".

    " } }, "documentation":"

    " @@ -2400,13 +2881,13 @@ "ListContactsResponse":{ "type":"structure", "members":{ - "contactList":{ - "shape":"ContactList", - "documentation":"

    List of contacts.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token returned in the response of a previous ListContacts call. Used to get the next page of results.

    " + }, + "contactList":{ + "shape":"ContactList", + "documentation":"

    List of contacts.

    " } }, "documentation":"

    " @@ -2432,13 +2913,13 @@ "ListDataflowEndpointGroupsResponse":{ "type":"structure", "members":{ - "dataflowEndpointGroupList":{ - "shape":"DataflowEndpointGroupList", - "documentation":"

    A list of dataflow endpoint groups.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token returned in the response of a previous ListDataflowEndpointGroups call. Used to get the next page of results.

    " + }, + "dataflowEndpointGroupList":{ + "shape":"DataflowEndpointGroupList", + "documentation":"

    A list of dataflow endpoint groups.

    " } }, "documentation":"

    " @@ -2446,14 +2927,29 @@ "ListEphemeridesRequest":{ "type":"structure", "required":[ - "endTime", - "satelliteId", - "startTime" + "startTime", + "endTime" ], "members":{ + "satelliteId":{ + "shape":"Uuid", + "documentation":"

    The AWS Ground Station satellite ID to list ephemeris for.

    " + }, + "ephemerisType":{ + "shape":"EphemerisType", + "documentation":"

    Filter ephemerides by type. If not specified, all ephemeris types will be returned.

    " + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

    The start time for the list operation in UTC. Returns ephemerides with expiration times within your specified time range.

    " + }, "endTime":{ "shape":"Timestamp", - "documentation":"

    The end time to list in UTC. The operation will return an ephemeris if its expiration time is within the time range defined by the startTime and endTime.

    " + "documentation":"

    The end time for the list operation in UTC. Returns ephemerides with expiration times within your specified time range.

    " + }, + "statusList":{ + "shape":"EphemerisStatusList", + "documentation":"

    The list of ephemeris status to return.

    " }, "maxResults":{ "shape":"PaginationMaxResults", @@ -2466,37 +2962,31 @@ "documentation":"

    Pagination token.

    ", "location":"querystring", "locationName":"nextToken" - }, - "satelliteId":{ - "shape":"Uuid", - "documentation":"

    The AWS Ground Station satellite ID to list ephemeris for.

    " - }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

    The start time to list in UTC. The operation will return an ephemeris if its expiration time is within the time range defined by the startTime and endTime.

    " - }, - "statusList":{ - "shape":"EphemerisStatusList", - "documentation":"

    The list of ephemeris status to return.

    " } } }, "ListEphemeridesResponse":{ "type":"structure", "members":{ - "ephemerides":{ - "shape":"EphemeridesList", - "documentation":"

    List of ephemerides.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Pagination token.

    " + }, + "ephemerides":{ + "shape":"EphemeridesList", + "documentation":"

    List of ephemerides.

    " } } }, "ListGroundStationsRequest":{ "type":"structure", "members":{ + "satelliteId":{ + "shape":"Uuid", + "documentation":"

    Satellite ID to retrieve on-boarded ground stations.

    ", + "location":"querystring", + "locationName":"satelliteId" + }, "maxResults":{ "shape":"PaginationMaxResults", "documentation":"

    Maximum number of ground stations returned.

    ", @@ -2508,12 +2998,6 @@ "documentation":"

    Next token that can be supplied in the next call to get the next page of ground stations.

    ", "location":"querystring", "locationName":"nextToken" - }, - "satelliteId":{ - "shape":"Uuid", - "documentation":"

    Satellite ID to retrieve on-boarded ground stations.

    ", - "location":"querystring", - "locationName":"satelliteId" } }, "documentation":"

    " @@ -2521,13 +3005,13 @@ "ListGroundStationsResponse":{ "type":"structure", "members":{ - "groundStationList":{ - "shape":"GroundStationList", - "documentation":"

    List of ground stations.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token that can be supplied in the next call to get the next page of ground stations.

    " + }, + "groundStationList":{ + "shape":"GroundStationList", + "documentation":"

    List of ground stations.

    " } }, "documentation":"

    " @@ -2553,13 +3037,13 @@ "ListMissionProfilesResponse":{ "type":"structure", "members":{ - "missionProfileList":{ - "shape":"MissionProfileList", - "documentation":"

    List of mission profiles.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Next token returned in the response of a previous ListMissionProfiles call. Used to get the next page of results.

    " + }, + "missionProfileList":{ + "shape":"MissionProfileList", + "documentation":"

    List of mission profiles.

    " } }, "documentation":"

    " @@ -2623,7 +3107,12 @@ "type":"long", "box":true }, - "MissionProfileArn":{"type":"string"}, + "MissionProfileArn":{ + "type":"string", + "max":138, + "min":89, + "pattern":"arn:aws:groundstation:[-a-z0-9]{1,50}:[0-9]{12}:mission-profile/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "MissionProfileIdResponse":{ "type":"structure", "members":{ @@ -2641,21 +3130,21 @@ "MissionProfileListItem":{ "type":"structure", "members":{ - "missionProfileArn":{ - "shape":"MissionProfileArn", - "documentation":"

    ARN of a mission profile.

    " - }, "missionProfileId":{ "shape":"Uuid", "documentation":"

    UUID of a mission profile.

    " }, - "name":{ - "shape":"SafeName", - "documentation":"

    Name of a mission profile.

    " + "missionProfileArn":{ + "shape":"MissionProfileArn", + "documentation":"

    ARN of a mission profile.

    " }, "region":{ "shape":"AWSRegion", "documentation":"

    Region of a mission profile.

    " + }, + "name":{ + "shape":"SafeName", + "documentation":"

    Name of a mission profile.

    " } }, "documentation":"

    Item in a list of mission profiles.

    " @@ -2669,35 +3158,35 @@ "OEMEphemeris":{ "type":"structure", "members":{ - "oemData":{ - "shape":"UnboundedString", - "documentation":"

    The data for an OEM ephemeris, supplied directly in the request rather than through an S3 object.

    " - }, "s3Object":{ "shape":"S3Object", - "documentation":"

    Identifies the S3 object to be used as the ephemeris.

    " + "documentation":"

    The Amazon S3 object that contains the ephemeris data.

    " + }, + "oemData":{ + "shape":"UnboundedString", + "documentation":"

    OEM data that you provide directly instead of using an Amazon S3 object.

    " } }, - "documentation":"

    Ephemeris data in Orbit Ephemeris Message (OEM) format.

    AWS Ground Station processes OEM Customer Provided Ephemerides according to the CCSDS standard with some extra restrictions. OEM files should be in KVN format. For more detail about the OEM format that AWS Ground Station supports, see OEM ephemeris format in the AWS Ground Station user guide.

    " + "documentation":"

    Ephemeris data in Orbit Ephemeris Message (OEM) format.

    AWS Ground Station processes OEM ephemerides according to the CCSDS standard with some extra restrictions. OEM files should be in KVN format. For more detail about the OEM format that AWS Ground Station supports, see OEM ephemeris format in the AWS Ground Station user guide.

    " }, "PaginationMaxResults":{ "type":"integer", "box":true, "max":100, - "min":0 + "min":1 }, "PaginationToken":{ "type":"string", "max":1000, "min":3, - "pattern":"^[A-Za-z0-9-/+_.=]+$" + "pattern":"[A-Za-z0-9-/+_.=]+" }, "Polarization":{ "type":"string", "enum":[ + "RIGHT_HAND", "LEFT_HAND", - "NONE", - "RIGHT_HAND" + "NONE" ] }, "PositiveDurationInSeconds":{ @@ -2706,17 +3195,28 @@ "max":21600, "min":1 }, + "ProgramTrackSettings":{ + "type":"structure", + "members":{ + "azEl":{ + "shape":"AzElProgramTrackSettings", + "documentation":"

    Program track settings for AzElEphemeris.

    " + } + }, + "documentation":"

    Program track settings for an antenna during a contact.

    ", + "union":true + }, "RangedConnectionDetails":{ "type":"structure", "required":["socketAddress"], "members":{ - "mtu":{ - "shape":"RangedConnectionDetailsMtuInteger", - "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " - }, "socketAddress":{ "shape":"RangedSocketAddress", "documentation":"

    A ranged socket address.

    " + }, + "mtu":{ + "shape":"RangedConnectionDetailsMtuInteger", + "documentation":"

    Maximum transmission unit (MTU) size in bytes of a dataflow endpoint.

    " } }, "documentation":"

    Ingress address of AgentEndpoint with a port range and an optional mtu.

    " @@ -2748,17 +3248,21 @@ "RegisterAgentRequest":{ "type":"structure", "required":[ - "agentDetails", - "discoveryData" + "discoveryData", + "agentDetails" ], "members":{ + "discoveryData":{ + "shape":"DiscoveryData", + "documentation":"

    Data for associating an agent with the capabilities it is managing.

    " + }, "agentDetails":{ "shape":"AgentDetails", "documentation":"

    Detailed information about the agent being registered.

    " }, - "discoveryData":{ - "shape":"DiscoveryData", - "documentation":"

    Data for associating an agent with the capabilities it is managing.

    " + "tags":{ + "shape":"TagsMap", + "documentation":"

    Tags assigned to an Agent.

    " } } }, @@ -2774,21 +3278,12 @@ "ReserveContactRequest":{ "type":"structure", "required":[ - "endTime", - "groundStation", "missionProfileArn", - "satelliteArn", - "startTime" + "startTime", + "endTime", + "groundStation" ], "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

    End time of a contact in UTC.

    " - }, - "groundStation":{ - "shape":"GroundStationName", - "documentation":"

    Name of a ground station.

    " - }, "missionProfileArn":{ "shape":"MissionProfileArn", "documentation":"

    ARN of a mission profile.

    " @@ -2801,13 +3296,37 @@ "shape":"Timestamp", "documentation":"

    Start time of a contact in UTC.

    " }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

    End time of a contact in UTC.

    " + }, + "groundStation":{ + "shape":"GroundStationName", + "documentation":"

    Name of a ground station.

    " + }, "tags":{ "shape":"TagsMap", "documentation":"

    Tags assigned to a contact.

    " + }, + "trackingOverrides":{ + "shape":"TrackingOverrides", + "documentation":"

    Tracking configuration overrides for the contact.

    " } }, "documentation":"

    " }, + "ResourceInUseException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The specified resource is in use by non-terminal state contacts and cannot be modified or deleted.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, "ResourceLimitExceededException":{ "type":"structure", "members":{ @@ -2841,13 +3360,13 @@ "type":"string", "max":63, "min":3, - "pattern":"^[a-z0-9.-]{3,63}$" + "pattern":"[a-z0-9.-]{3,63}" }, "S3KeyPrefix":{ "type":"string", "max":900, "min":1, - "pattern":"^([a-zA-Z0-9_\\-=/]|\\{satellite_id\\}|\\{config\\-name}|\\{s3\\-config-id}|\\{year\\}|\\{month\\}|\\{day\\}){1,900}$" + "pattern":"([a-zA-Z0-9_\\-=/]|\\{satellite_id\\}|\\{config\\-name}|\\{s3\\-config-id}|\\{year\\}|\\{month\\}|\\{day\\}){1,900}" }, "S3Object":{ "type":"structure", @@ -2862,16 +3381,16 @@ }, "version":{ "shape":"S3VersionId", - "documentation":"

    For versioned S3 objects, the version to use for the ephemeris.

    " + "documentation":"

    For versioned Amazon S3 objects, the version to use for the ephemeris.

    " } }, - "documentation":"

    Object stored in S3 containing ephemeris data.

    " + "documentation":"

    Object stored in Amazon S3 containing ephemeris data.

    " }, "S3ObjectKey":{ "type":"string", "max":1024, "min":1, - "pattern":"^[a-zA-Z0-9!*'\\)\\(./_-]{1,1024}$" + "pattern":"[a-zA-Z0-9!*'\\)\\(./_-]{1,1024}" }, "S3RecordingConfig":{ "type":"structure", @@ -2884,13 +3403,13 @@ "shape":"BucketArn", "documentation":"

    ARN of the bucket to record to.

    " }, - "prefix":{ - "shape":"S3KeyPrefix", - "documentation":"

    S3 Key prefix to prefice data files.

    " - }, "roleArn":{ "shape":"RoleArn", "documentation":"

    ARN of the role Ground Station assumes to write data to the bucket.

    " + }, + "prefix":{ + "shape":"S3KeyPrefix", + "documentation":"

    S3 Key prefix to prefice data files.

    " } }, "documentation":"

    Information about an S3 recording Config.

    " @@ -2913,13 +3432,13 @@ "type":"string", "max":1024, "min":1, - "pattern":"^[\\s\\S]{1,1024}$" + "pattern":"[\\s\\S]{1,1024}" }, "SafeName":{ "type":"string", "max":256, "min":1, - "pattern":"^[ a-zA-Z0-9_:-]{1,256}$" + "pattern":"[ a-zA-Z0-9_:-]{1,256}" }, "SatelliteList":{ "type":"list", @@ -2928,25 +3447,25 @@ "SatelliteListItem":{ "type":"structure", "members":{ - "currentEphemeris":{ - "shape":"EphemerisMetaData", - "documentation":"

    The current ephemeris being used to compute the trajectory of the satellite.

    " + "satelliteId":{ + "shape":"Uuid", + "documentation":"

    UUID of a satellite.

    " }, - "groundStations":{ - "shape":"GroundStationIdList", - "documentation":"

    A list of ground stations to which the satellite is on-boarded.

    " + "satelliteArn":{ + "shape":"satelliteArn", + "documentation":"

    ARN of a satellite.

    " }, "noradSatelliteID":{ "shape":"noradSatelliteID", "documentation":"

    NORAD satellite ID number.

    " }, - "satelliteArn":{ - "shape":"satelliteArn", - "documentation":"

    ARN of a satellite.

    " + "groundStations":{ + "shape":"GroundStationIdList", + "documentation":"

    A list of ground stations to which the satellite is on-boarded.

    " }, - "satelliteId":{ - "shape":"Uuid", - "documentation":"

    UUID of a satellite.

    " + "currentEphemeris":{ + "shape":"EphemerisMetaData", + "documentation":"

    The current ephemeris being used to compute the trajectory of the satellite.

    " } }, "documentation":"

    Item in a list of satellites.

    " @@ -2954,22 +3473,22 @@ "SecurityDetails":{ "type":"structure", "required":[ - "roleArn", + "subnetIds", "securityGroupIds", - "subnetIds" + "roleArn" ], "members":{ - "roleArn":{ - "shape":"RoleArn", - "documentation":"

    ARN to a role needed for connecting streams to your instances.

    " + "subnetIds":{ + "shape":"SubnetList", + "documentation":"

    A list of subnets where AWS Ground Station places elastic network interfaces to send streams to your instances.

    " }, "securityGroupIds":{ "shape":"SecurityGroupIdList", "documentation":"

    The security groups to attach to the elastic network interfaces.

    " }, - "subnetIds":{ - "shape":"SubnetList", - "documentation":"

    A list of subnets where AWS Ground Station places elastic network interfaces to send streams to your instances.

    " + "roleArn":{ + "shape":"RoleArn", + "documentation":"

    ARN to a role needed for connecting streams to your instances.

    " } }, "documentation":"

    Information about endpoints.

    " @@ -2978,6 +3497,22 @@ "type":"list", "member":{"shape":"String"} }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"}, + "parameterName":{ + "shape":"String", + "documentation":"

    Parameter name that caused the exception

    " + } + }, + "documentation":"

    Request would cause a service quota to be exceeded.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, "SignatureMap":{ "type":"map", "key":{"shape":"String"}, @@ -3004,17 +3539,17 @@ "Source":{ "type":"structure", "members":{ - "configDetails":{ - "shape":"ConfigDetails", - "documentation":"

    Additional details for a Config, if type is dataflow-endpoint or antenna-downlink-demod-decode

    " + "configType":{ + "shape":"ConfigCapabilityType", + "documentation":"

    Type of a Config.

    " }, "configId":{ "shape":"String", "documentation":"

    UUID of a Config.

    " }, - "configType":{ - "shape":"ConfigCapabilityType", - "documentation":"

    Type of a Config.

    " + "configDetails":{ + "shape":"ConfigDetails", + "documentation":"

    Additional details for a Config, if type is dataflow-endpoint or antenna-downlink-demod-decode

    " }, "dataflowSourceRegion":{ "shape":"String", @@ -3026,18 +3561,18 @@ "SpectrumConfig":{ "type":"structure", "required":[ - "bandwidth", - "centerFrequency" + "centerFrequency", + "bandwidth" ], "members":{ - "bandwidth":{ - "shape":"FrequencyBandwidth", - "documentation":"

    Bandwidth of a spectral Config. AWS Ground Station currently has the following bandwidth limitations:

    • For AntennaDownlinkDemodDecodeconfig, valid values are between 125 kHz to 650 MHz.

    • For AntennaDownlinkconfig valid values are between 10 kHz to 54 MHz.

    • For AntennaUplinkConfig, valid values are between 10 kHz to 54 MHz.

    " - }, "centerFrequency":{ "shape":"Frequency", "documentation":"

    Center frequency of a spectral Config. Valid values are between 2200 to 2300 MHz and 7750 to 8400 MHz for downlink and 2025 to 2120 MHz for uplink.

    " }, + "bandwidth":{ + "shape":"FrequencyBandwidth", + "documentation":"

    Bandwidth of a spectral Config. AWS Ground Station currently has the following bandwidth limitations:

    • For AntennaDownlinkDemodDecodeconfig, valid values are between 125 kHz to 650 MHz.

    • For AntennaDownlinkconfig valid values are between 10 kHz to 54 MHz.

    • For AntennaUplinkConfig, valid values are between 10 kHz to 54 MHz.

    " + }, "polarization":{ "shape":"Polarization", "documentation":"

    Polarization of a spectral Config. Capturing both \"RIGHT_HAND\" and \"LEFT_HAND\" polarization requires two separate configs.

    " @@ -3056,6 +3591,10 @@ "type":"list", "member":{"shape":"String"} }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, "TLEData":{ "type":"structure", "required":[ @@ -3074,7 +3613,7 @@ }, "validTimeRange":{ "shape":"TimeRange", - "documentation":"

    The valid time range for the TLE. Gaps or overlap are not permitted.

    " + "documentation":"

    The valid time range for the TLE. Time ranges must be continuous without gaps or overlaps.

    " } }, "documentation":"

    Two-line element set (TLE) data.

    " @@ -3090,14 +3629,14 @@ "members":{ "s3Object":{ "shape":"S3Object", - "documentation":"

    Identifies the S3 object to be used as the ephemeris.

    " + "documentation":"

    The Amazon S3 object that contains the ephemeris data.

    " }, "tleData":{ "shape":"TLEDataList", - "documentation":"

    The data for a TLE ephemeris, supplied directly in the request rather than through an S3 object.

    " + "documentation":"

    TLE data that you provide directly instead of using an Amazon S3 object.

    " } }, - "documentation":"

    Two-line element set (TLE) ephemeris.

    " + "documentation":"

    Two-line element set (TLE) ephemeris.

    For more detail about providing Two-line element sets to AWS Ground Station, see the TLE section of the AWS Ground Station user guide.

    " }, "TagKeys":{ "type":"list", @@ -3127,8 +3666,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "TagsMap":{ @@ -3136,20 +3674,48 @@ "key":{"shape":"String"}, "value":{"shape":"String"} }, + "TimeAzEl":{ + "type":"structure", + "required":[ + "dt", + "az", + "el" + ], + "members":{ + "dt":{ + "shape":"Double", + "documentation":"

    Time offset in atomic seconds from the segment's reference epoch.

    All dt values within a segment must be in ascending order with no duplicates.

    dt values may be:

    • negative

    • expressed as fractions of a second

    • expressed in scientific notation

    " + }, + "az":{ + "shape":"Double", + "documentation":"

    Azimuth angle at the specified time.

    Valid ranges by unit:

    • DEGREE_ANGLE: -180 to 360 degrees, measured clockwise from true north

    • RADIAN: -π to 2π radians, measured clockwise from true north

    " + }, + "el":{ + "shape":"Double", + "documentation":"

    Elevation angle at the specified time.

    Valid ranges by unit:

    • DEGREE_ANGLE: -90 to 90 degrees, where 0 is the horizon, 90 is zenith, and negative values are below the horizon

    • RADIAN: -π/2 to π/2 radians, where 0 is the horizon, π/2 is zenith, and negative values are below the horizon

    " + } + }, + "documentation":"

    Time-tagged azimuth elevation pointing data.

    Specifies the antenna pointing direction at a specific time offset from the segment's reference epoch.

    " + }, + "TimeAzElList":{ + "type":"list", + "member":{"shape":"TimeAzEl"}, + "min":5 + }, "TimeRange":{ "type":"structure", "required":[ - "endTime", - "startTime" + "startTime", + "endTime" ], "members":{ - "endTime":{ + "startTime":{ "shape":"Timestamp", - "documentation":"

    Time in UTC at which the time range ends.

    " + "documentation":"

    Unix epoch timestamp in UTC at which the time range starts.

    " }, - "startTime":{ + "endTime":{ "shape":"Timestamp", - "documentation":"

    Time in UTC at which the time range starts.

    " + "documentation":"

    Unix epoch timestamp in UTC at which the time range ends.

    " } }, "documentation":"

    A time range with a start and end time.

    " @@ -3159,13 +3725,13 @@ "type":"string", "max":69, "min":69, - "pattern":"^1 [ 0-9]{5}[A-Z] [ 0-9]{5}[ A-Z]{3} [ 0-9]{5}[.][ 0-9]{8} (?:(?:[ 0+-][.][ 0-9]{8})|(?: [ +-][.][ 0-9]{7})) [ +-][ 0-9]{5}[+-][ 0-9] [ +-][ 0-9]{5}[+-][ 0-9] [ 0-9] [ 0-9]{4}[ 0-9]$" + "pattern":"1 [ 0-9]{5}[A-Z] [ 0-9]{5}[ A-Z]{3} [ 0-9]{5}[.][ 0-9]{8} (?:(?:[ 0+-][.][ 0-9]{8})|(?: [ +-][.][ 0-9]{7})) [ +-][ 0-9]{5}[+-][ 0-9] [ +-][ 0-9]{5}[+-][ 0-9] [ 0-9] [ 0-9]{4}[ 0-9]" }, "TleLineTwo":{ "type":"string", "max":69, "min":69, - "pattern":"^2 [ 0-9]{5} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{7} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{2}[.][ 0-9]{13}[ 0-9]$" + "pattern":"2 [ 0-9]{5} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{7} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{3}[.][ 0-9]{4} [ 0-9]{2}[.][ 0-9]{13}[ 0-9]" }, "TrackingConfig":{ "type":"structure", @@ -3178,10 +3744,21 @@ }, "documentation":"

    Object that determines whether tracking should be used during a contact executed with this Config in the mission profile.

    " }, + "TrackingOverrides":{ + "type":"structure", + "required":["programTrackSettings"], + "members":{ + "programTrackSettings":{ + "shape":"ProgramTrackSettings", + "documentation":"

    Program track settings to override for antenna tracking during the contact.

    " + } + }, + "documentation":"

    Overrides the default tracking configuration on an antenna during a contact.

    " + }, "UnboundedString":{ "type":"string", "min":1, - "pattern":"^[\\s\\S]+$" + "pattern":"[\\s\\S]+" }, "UntagResourceRequest":{ "type":"structure", @@ -3207,17 +3784,16 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "UpdateAgentStatusRequest":{ "type":"structure", "required":[ "agentId", + "taskId", "aggregateStatus", - "componentStatuses", - "taskId" + "componentStatuses" ], "members":{ "agentId":{ @@ -3226,6 +3802,10 @@ "location":"uri", "locationName":"agentId" }, + "taskId":{ + "shape":"Uuid", + "documentation":"

    GUID of agent task.

    " + }, "aggregateStatus":{ "shape":"AggregateStatus", "documentation":"

    Aggregate status for agent.

    " @@ -3233,10 +3813,6 @@ "componentStatuses":{ "shape":"ComponentStatusList", "documentation":"

    List of component statuses for agent.

    " - }, - "taskId":{ - "shape":"Uuid", - "documentation":"

    GUID of agent task.

    " } } }, @@ -3253,31 +3829,31 @@ "UpdateConfigRequest":{ "type":"structure", "required":[ - "configData", "configId", + "name", "configType", - "name" + "configData" ], "members":{ - "configData":{ - "shape":"ConfigTypeData", - "documentation":"

    Parameters of a Config.

    " - }, "configId":{ "shape":"Uuid", "documentation":"

    UUID of a Config.

    ", "location":"uri", "locationName":"configId" }, + "name":{ + "shape":"SafeName", + "documentation":"

    Name of a Config.

    " + }, "configType":{ "shape":"ConfigCapabilityType", "documentation":"

    Type of a Config.

    ", "location":"uri", "locationName":"configType" }, - "name":{ - "shape":"SafeName", - "documentation":"

    Name of a Config.

    " + "configData":{ + "shape":"ConfigTypeData", + "documentation":"

    Parameters of a Config.

    " } }, "documentation":"

    " @@ -3285,27 +3861,27 @@ "UpdateEphemerisRequest":{ "type":"structure", "required":[ - "enabled", - "ephemerisId" + "ephemerisId", + "enabled" ], "members":{ - "enabled":{ - "shape":"Boolean", - "documentation":"

    Whether the ephemeris is enabled or not. Changing this value will not require the ephemeris to be re-validated.

    " - }, "ephemerisId":{ "shape":"Uuid", "documentation":"

    The AWS Ground Station ephemeris ID.

    ", "location":"uri", "locationName":"ephemerisId" }, + "enabled":{ + "shape":"Boolean", + "documentation":"

    Enable or disable the ephemeris. Changing this value doesn't require re-validation.

    " + }, "name":{ "shape":"SafeName", - "documentation":"

    A name string associated with the ephemeris. Used as a human-readable identifier for the ephemeris.

    " + "documentation":"

    A name that you can use to identify the ephemeris.

    " }, "priority":{ "shape":"EphemerisPriority", - "documentation":"

    Customer-provided priority score to establish the order in which overlapping ephemerides should be used.

    The default for customer-provided ephemeris priority is 1, and higher numbers take precedence.

    Priority must be 1 or greater

    " + "documentation":"

    A priority score that determines which ephemeris to use when multiple ephemerides overlap.

    Higher numbers take precedence. The default is 1. Must be 1 or greater.

    " } } }, @@ -3313,31 +3889,35 @@ "type":"structure", "required":["missionProfileId"], "members":{ - "contactPostPassDurationSeconds":{ - "shape":"DurationInSeconds", - "documentation":"

    Amount of time after a contact ends that you’d like to receive a Ground Station Contact State Change event indicating the pass has finished.

    " + "missionProfileId":{ + "shape":"Uuid", + "documentation":"

    UUID of a mission profile.

    ", + "location":"uri", + "locationName":"missionProfileId" + }, + "name":{ + "shape":"SafeName", + "documentation":"

    Name of a mission profile.

    " }, "contactPrePassDurationSeconds":{ "shape":"DurationInSeconds", "documentation":"

    Amount of time after a contact ends that you’d like to receive a Ground Station Contact State Change event indicating the pass has finished.

    " }, - "dataflowEdges":{ - "shape":"DataflowEdgeList", - "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " + "contactPostPassDurationSeconds":{ + "shape":"DurationInSeconds", + "documentation":"

    Amount of time after a contact ends that you’d like to receive a Ground Station Contact State Change event indicating the pass has finished.

    " }, "minimumViableContactDurationSeconds":{ "shape":"PositiveDurationInSeconds", "documentation":"

    Smallest amount of time in seconds that you’d like to see for an available contact. AWS Ground Station will not present you with contacts shorter than this duration.

    " }, - "missionProfileId":{ - "shape":"Uuid", - "documentation":"

    UUID of a mission profile.

    ", - "location":"uri", - "locationName":"missionProfileId" + "dataflowEdges":{ + "shape":"DataflowEdgeList", + "documentation":"

    A list of lists of ARNs. Each list of ARNs is an edge, with a from Config and a to Config.

    " }, - "name":{ - "shape":"SafeName", - "documentation":"

    Name of a mission profile.

    " + "trackingConfigArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of a tracking Config.

    " }, "streamsKmsKey":{ "shape":"KmsKey", @@ -3346,28 +3926,91 @@ "streamsKmsRole":{ "shape":"RoleArn", "documentation":"

    Role to use for encrypting streams with KMS key.

    " - }, - "trackingConfigArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of a tracking Config.

    " } }, "documentation":"

    " }, - "UplinkEchoConfig":{ + "UplinkAwsGroundStationAgentEndpoint":{ "type":"structure", "required":[ - "antennaUplinkConfigArn", - "enabled" + "name", + "dataflowDetails" ], "members":{ - "antennaUplinkConfigArn":{ - "shape":"ConfigArn", - "documentation":"

    ARN of an uplink Config.

    " + "name":{ + "shape":"SafeName", + "documentation":"

    Uplink dataflow endpoint name

    " + }, + "dataflowDetails":{ + "shape":"UplinkDataflowDetails", + "documentation":"

    Dataflow details for the uplink endpoint

    " + } + }, + "documentation":"

    Definition for an uplink agent endpoint

    " + }, + "UplinkAwsGroundStationAgentEndpointDetails":{ + "type":"structure", + "required":[ + "name", + "dataflowDetails" + ], + "members":{ + "name":{ + "shape":"SafeName", + "documentation":"

    Uplink dataflow endpoint name

    " + }, + "dataflowDetails":{ + "shape":"UplinkDataflowDetails", + "documentation":"

    Dataflow details for the uplink endpoint

    " + }, + "agentStatus":{ + "shape":"AgentStatus", + "documentation":"

    Status of the agent associated with the uplink dataflow endpoint

    " }, + "auditResults":{ + "shape":"AuditResults", + "documentation":"

    Health audit results for the uplink dataflow endpoint

    " + } + }, + "documentation":"

    Details for an uplink agent endpoint

    " + }, + "UplinkConnectionDetails":{ + "type":"structure", + "required":[ + "ingressAddressAndPort", + "agentIpAndPortAddress" + ], + "members":{ + "ingressAddressAndPort":{"shape":"ConnectionDetails"}, + "agentIpAndPortAddress":{"shape":"RangedConnectionDetails"} + }, + "documentation":"

    Connection details for customer to Agent and Agent to Ground Station

    " + }, + "UplinkDataflowDetails":{ + "type":"structure", + "members":{ + "agentConnectionDetails":{ + "shape":"UplinkConnectionDetails", + "documentation":"

    Uplink connection details for customer to Agent and Agent to Ground Station

    " + } + }, + "documentation":"

    Dataflow details for an uplink endpoint

    ", + "union":true + }, + "UplinkEchoConfig":{ + "type":"structure", + "required":[ + "enabled", + "antennaUplinkConfigArn" + ], + "members":{ "enabled":{ "shape":"Boolean", "documentation":"

    Whether or not an uplink Config is enabled.

    " + }, + "antennaUplinkConfigArn":{ + "shape":"ConfigArn", + "documentation":"

    ARN of an uplink Config.

    " } }, "documentation":"

    Information about an uplink echo Config.

    Parameters from the AntennaUplinkConfig, corresponding to the specified AntennaUplinkConfigArn, are used when this UplinkEchoConfig is used in a contact.

    " @@ -3389,15 +4032,15 @@ }, "Uuid":{ "type":"string", - "max":128, - "min":1, - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "max":36, + "min":36, + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "VersionString":{ "type":"string", "max":64, "min":1, - "pattern":"^(0|[1-9]\\d*)(\\.(0|[1-9]\\d*))*$" + "pattern":"(0|[1-9]\\d*)(\\.(0|[1-9]\\d*))*" }, "VersionStringList":{ "type":"list", @@ -3416,7 +4059,12 @@ "max":99999, "min":0 }, - "satelliteArn":{"type":"string"} + "satelliteArn":{ + "type":"string", + "max":132, + "min":82, + "pattern":"arn:aws:groundstation:([-a-z0-9]{1,50})?:[0-9]{12}:satellite/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + } }, "documentation":"

    Welcome to the AWS Ground Station API Reference. AWS Ground Station is a fully managed service that enables you to control satellite communications, downlink and process satellite data, and scale your satellite operations efficiently and cost-effectively without having to build or manage your own ground station infrastructure.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -59,6 +59,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Resources" + }, + "ListThreatEntitySets": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ThreatEntitySetIds" + }, + "ListTrustedEntitySets": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TrustedEntitySetIds" } } } diff -pruN 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/service-2.json 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/guardduty/2017-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/guardduty/2017-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -102,7 +102,8 @@ "output":{"shape":"CreateIPSetResponse"}, "errors":[ {"shape":"BadRequestException"}, - {"shape":"InternalServerErrorException"} + {"shape":"InternalServerErrorException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

    " }, @@ -168,6 +169,21 @@ ], "documentation":"

    Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.

    " }, + "CreateThreatEntitySet":{ + "name":"CreateThreatEntitySet", + "http":{ + "method":"POST", + "requestUri":"/detector/{detectorId}/threatentityset", + "responseCode":200 + }, + "input":{"shape":"CreateThreatEntitySetRequest"}, + "output":{"shape":"CreateThreatEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your Amazon Web Services environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

    " + }, "CreateThreatIntelSet":{ "name":"CreateThreatIntelSet", "http":{ @@ -179,10 +195,26 @@ "output":{"shape":"CreateThreatIntelSetResponse"}, "errors":[ {"shape":"BadRequestException"}, - {"shape":"InternalServerErrorException"} + {"shape":"InternalServerErrorException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

    " }, + "CreateTrustedEntitySet":{ + "name":"CreateTrustedEntitySet", + "http":{ + "method":"POST", + "requestUri":"/detector/{detectorId}/trustedentityset", + "responseCode":200 + }, + "input":{"shape":"CreateTrustedEntitySetRequest"}, + "output":{"shape":"CreateTrustedEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your Amazon Web Services environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set.

    Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.

    " + }, "DeclineInvitations":{ "name":"DeclineInvitations", "http":{ @@ -304,6 +336,21 @@ ], "documentation":"

    Deletes the publishing definition with the specified destinationId.

    " }, + "DeleteThreatEntitySet":{ + "name":"DeleteThreatEntitySet", + "http":{ + "method":"DELETE", + "requestUri":"/detector/{detectorId}/threatentityset/{threatEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"DeleteThreatEntitySetRequest"}, + "output":{"shape":"DeleteThreatEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Deletes the threat entity set that is associated with the specified threatEntitySetId.

    " + }, "DeleteThreatIntelSet":{ "name":"DeleteThreatIntelSet", "http":{ @@ -319,6 +366,21 @@ ], "documentation":"

    Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

    " }, + "DeleteTrustedEntitySet":{ + "name":"DeleteTrustedEntitySet", + "http":{ + "method":"DELETE", + "requestUri":"/detector/{detectorId}/trustedentityset/{trustedEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"DeleteTrustedEntitySetRequest"}, + "output":{"shape":"DeleteTrustedEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Deletes the trusted entity set that is associated with the specified trustedEntitySetId.

    " + }, "DescribeMalwareScans":{ "name":"DescribeMalwareScans", "http":{ @@ -454,7 +516,7 @@ {"shape":"BadRequestException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

    Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account.

    If the organization's management account or a delegated administrator runs this API, it will return success (HTTP 200) but no content.

    " + "documentation":"

    Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account.

    Based on the type of account that runs this API, the following list shows how the API behavior varies:

    • When the GuardDuty administrator account runs this API, it will return success (HTTP 200) but no content.

    • When a member account runs this API, it will return the details of the GuardDuty administrator account that is associated with this calling member account.

    • When an individual account (not associated with an organization) runs this API, it will return success (HTTP 200) but no content.

    " }, "GetCoverageStatistics":{ "name":"GetCoverageStatistics", @@ -669,6 +731,21 @@ ], "documentation":"

    Provides the number of days left for each data source used in the free trial period.

    " }, + "GetThreatEntitySet":{ + "name":"GetThreatEntitySet", + "http":{ + "method":"GET", + "requestUri":"/detector/{detectorId}/threatentityset/{threatEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"GetThreatEntitySetRequest"}, + "output":{"shape":"GetThreatEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Retrieves the threat entity set associated with the specified threatEntitySetId.

    " + }, "GetThreatIntelSet":{ "name":"GetThreatIntelSet", "http":{ @@ -684,6 +761,21 @@ ], "documentation":"

    Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

    " }, + "GetTrustedEntitySet":{ + "name":"GetTrustedEntitySet", + "http":{ + "method":"GET", + "requestUri":"/detector/{detectorId}/trustedentityset/{trustedEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"GetTrustedEntitySetRequest"}, + "output":{"shape":"GetTrustedEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Retrieves the trusted entity set associated with the specified trustedEntitySetId.

    " + }, "GetUsageStatistics":{ "name":"GetUsageStatistics", "http":{ @@ -881,6 +973,21 @@ ], "documentation":"

    Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

    " }, + "ListThreatEntitySets":{ + "name":"ListThreatEntitySets", + "http":{ + "method":"GET", + "requestUri":"/detector/{detectorId}/threatentityset", + "responseCode":200 + }, + "input":{"shape":"ListThreatEntitySetsRequest"}, + "output":{"shape":"ListThreatEntitySetsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Lists the threat entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the threat entity sets that are returned as a response, belong to the administrator account.

    " + }, "ListThreatIntelSets":{ "name":"ListThreatIntelSets", "http":{ @@ -896,6 +1003,21 @@ ], "documentation":"

    Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

    " }, + "ListTrustedEntitySets":{ + "name":"ListTrustedEntitySets", + "http":{ + "method":"GET", + "requestUri":"/detector/{detectorId}/trustedentityset", + "responseCode":200 + }, + "input":{"shape":"ListTrustedEntitySetsRequest"}, + "output":{"shape":"ListTrustedEntitySetsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.

    " + }, "StartMalwareScan":{ "name":"StartMalwareScan", "http":{ @@ -1045,7 +1167,8 @@ "output":{"shape":"UpdateIPSetResponse"}, "errors":[ {"shape":"BadRequestException"}, - {"shape":"InternalServerErrorException"} + {"shape":"InternalServerErrorException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Updates the IPSet specified by the IPSet ID.

    " }, @@ -1125,6 +1248,21 @@ ], "documentation":"

    Updates information about the publishing destination specified by the destinationId.

    " }, + "UpdateThreatEntitySet":{ + "name":"UpdateThreatEntitySet", + "http":{ + "method":"POST", + "requestUri":"/detector/{detectorId}/threatentityset/{threatEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"UpdateThreatEntitySetRequest"}, + "output":{"shape":"UpdateThreatEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Updates the threat entity set associated with the specified threatEntitySetId.

    " + }, "UpdateThreatIntelSet":{ "name":"UpdateThreatIntelSet", "http":{ @@ -1136,9 +1274,25 @@ "output":{"shape":"UpdateThreatIntelSetResponse"}, "errors":[ {"shape":"BadRequestException"}, - {"shape":"InternalServerErrorException"} + {"shape":"InternalServerErrorException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

    " + }, + "UpdateTrustedEntitySet":{ + "name":"UpdateTrustedEntitySet", + "http":{ + "method":"POST", + "requestUri":"/detector/{detectorId}/trustedentityset/{trustedEntitySetId}", + "responseCode":200 + }, + "input":{"shape":"UpdateTrustedEntitySetRequest"}, + "output":{"shape":"UpdateTrustedEntitySetResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"

    Updates the trusted entity set associated with the specified trustedEntitySetId.

    " } }, "shapes":{ @@ -1170,8 +1324,7 @@ }, "AcceptAdministratorInvitationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AcceptInvitationRequest":{ "type":"structure", @@ -1203,8 +1356,7 @@ }, "AcceptInvitationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true, "deprecatedMessage":"This output is deprecated, use AcceptAdministratorInvitationResponse instead" }, @@ -1320,7 +1472,7 @@ }, "Email":{ "shape":"Email", - "documentation":"

    The email address of the member account.

    ", + "documentation":"

    The email address of the member account. The following list includes the rules for a valid email address:

    • The email address must be a minimum of 6 and a maximum of 64 characters long.

    • All characters must be 7-bit ASCII characters.

    • There must be one and only one @ symbol, which separates the local name from the domain name.

    • The local name can't contain any of the following characters:

      whitespace, \" ' ( ) < > [ ] : ' , \\ | % &

    • The local name can't begin with a dot (.).

    • The domain name can consist of only the characters [a-z], [A-Z], [0-9], hyphen (-), or dot (.).

    • The domain name can't begin or end with a dot (.) or hyphen (-).

    • The domain name must contain at least one dot.

    ", "locationName":"email" } }, @@ -1476,6 +1628,11 @@ "shape":"Session", "documentation":"

    Contains information about the user session where the activity initiated.

    ", "locationName":"session" + }, + "Process":{ + "shape":"ActorProcess", + "documentation":"

    Contains information about the process associated with the threat actor. This includes details such as process name, path, execution time, and unique identifiers that help track the actor's activities within the system.

    ", + "locationName":"process" } }, "documentation":"

    Information about the actors involved in an attack sequence.

    " @@ -1485,11 +1642,40 @@ "member":{"shape":"String"}, "max":400 }, + "ActorProcess":{ + "type":"structure", + "required":[ + "Name", + "Path" + ], + "members":{ + "Name":{ + "shape":"ProcessName", + "documentation":"

    The name of the process as it appears in the system.

    ", + "locationName":"name" + }, + "Path":{ + "shape":"ProcessPath", + "documentation":"

    The full file path to the process executable on the system.

    ", + "locationName":"path" + }, + "Sha256":{ + "shape":"ProcessSha256", + "documentation":"

    The SHA256 hash of the process executable file, which can be used for identification and verification purposes.

    ", + "locationName":"sha256" + } + }, + "documentation":"

    Contains information about a process involved in a GuardDuty finding, including process identification, execution details, and file information.

    " + }, "Actors":{ "type":"list", "member":{"shape":"Actor"}, "max":400 }, + "AdditionalSequenceTypes":{ + "type":"list", + "member":{"shape":"FindingType"} + }, "AddonDetails":{ "type":"structure", "members":{ @@ -1668,8 +1854,7 @@ }, "ArchiveFindingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AutoEnableMembers":{ "type":"string", @@ -1865,6 +2050,17 @@ }, "documentation":"

    Contains information on the status of CloudTrail as a data source for the detector.

    " }, + "ClusterStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "DELETING", + "FAILED", + "UPDATING", + "PENDING" + ] + }, "Condition":{ "type":"structure", "members":{ @@ -1996,6 +2192,28 @@ }, "documentation":"

    Details of a container.

    " }, + "ContainerFindingResource":{ + "type":"structure", + "required":["Image"], + "members":{ + "Image":{ + "shape":"String", + "documentation":"

    The container image information, including the image name and tag used to run the container that was involved in the finding.

    ", + "locationName":"image" + }, + "ImageUid":{ + "shape":"ContainerImageUid", + "documentation":"

    The unique ID associated with the container image.

    ", + "locationName":"imageUid" + } + }, + "documentation":"

    Contains information about container resources involved in a GuardDuty finding. This structure provides details about containers that were identified as part of suspicious or malicious activity.

    " + }, + "ContainerImageUid":{ + "type":"string", + "max":1024, + "min":1 + }, "ContainerInstanceDetails":{ "type":"structure", "members":{ @@ -2012,6 +2230,15 @@ }, "documentation":"

    Contains information about the Amazon EC2 instance that is running the Amazon ECS container.

    " }, + "ContainerUid":{ + "type":"string", + "max":256, + "min":0 + }, + "ContainerUids":{ + "type":"list", + "member":{"shape":"ContainerUid"} + }, "Containers":{ "type":"list", "member":{"shape":"Container"} @@ -2420,7 +2647,7 @@ }, "FindingCriteria":{ "shape":"FindingCriteria", - "documentation":"

    Represents the criteria to be used in the filter for querying findings.

    You can only use the following attributes to query findings:

    • accountId

    • id

    • region

    • severity

      To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

      • Low: [\"1\", \"2\", \"3\"]

      • Medium: [\"4\", \"5\", \"6\"]

      • High: [\"7\", \"8\"]

      • Critical: [\"9\", \"10\"]

      For more information, see Findings severity levels in the Amazon GuardDuty User Guide.

    • type

    • updatedAt

      Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

    • resource.accessKeyDetails.accessKeyId

    • resource.accessKeyDetails.principalId

    • resource.accessKeyDetails.userName

    • resource.accessKeyDetails.userType

    • resource.instanceDetails.iamInstanceProfile.id

    • resource.instanceDetails.imageId

    • resource.instanceDetails.instanceId

    • resource.instanceDetails.tags.key

    • resource.instanceDetails.tags.value

    • resource.instanceDetails.networkInterfaces.ipv6Addresses

    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

    • resource.instanceDetails.networkInterfaces.publicDnsName

    • resource.instanceDetails.networkInterfaces.publicIp

    • resource.instanceDetails.networkInterfaces.securityGroups.groupId

    • resource.instanceDetails.networkInterfaces.securityGroups.groupName

    • resource.instanceDetails.networkInterfaces.subnetId

    • resource.instanceDetails.networkInterfaces.vpcId

    • resource.instanceDetails.outpostArn

    • resource.resourceType

    • resource.s3BucketDetails.publicAccess.effectivePermissions

    • resource.s3BucketDetails.name

    • resource.s3BucketDetails.tags.key

    • resource.s3BucketDetails.tags.value

    • resource.s3BucketDetails.type

    • service.action.actionType

    • service.action.awsApiCallAction.api

    • service.action.awsApiCallAction.callerType

    • service.action.awsApiCallAction.errorCode

    • service.action.awsApiCallAction.remoteIpDetails.city.cityName

    • service.action.awsApiCallAction.remoteIpDetails.country.countryName

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV6

    • service.action.awsApiCallAction.remoteIpDetails.organization.asn

    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

    • service.action.awsApiCallAction.serviceName

    • service.action.dnsRequestAction.domain

    • service.action.dnsRequestAction.domainWithSuffix

    • service.action.networkConnectionAction.blocked

    • service.action.networkConnectionAction.connectionDirection

    • service.action.networkConnectionAction.localPortDetails.port

    • service.action.networkConnectionAction.protocol

    • service.action.networkConnectionAction.remoteIpDetails.city.cityName

    • service.action.networkConnectionAction.remoteIpDetails.country.countryName

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV6

    • service.action.networkConnectionAction.remoteIpDetails.organization.asn

    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

    • service.action.networkConnectionAction.remotePortDetails.port

    • service.action.awsApiCallAction.remoteAccountDetails.affiliated

    • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6

    • service.action.kubernetesApiCallAction.namespace

    • service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

    • service.action.kubernetesApiCallAction.requestUri

    • service.action.kubernetesApiCallAction.statusCode

    • service.action.networkConnectionAction.localIpDetails.ipAddressV4

    • service.action.networkConnectionAction.localIpDetails.ipAddressV6

    • service.action.networkConnectionAction.protocol

    • service.action.awsApiCallAction.serviceName

    • service.action.awsApiCallAction.remoteAccountDetails.accountId

    • service.additionalInfo.threatListName

    • service.resourceRole

    • resource.eksClusterDetails.name

    • resource.kubernetesDetails.kubernetesWorkloadDetails.name

    • resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

    • resource.kubernetesDetails.kubernetesUserDetails.username

    • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

    • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

    • service.ebsVolumeScanDetails.scanId

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

    • resource.ecsClusterDetails.name

    • resource.ecsClusterDetails.taskDetails.containers.image

    • resource.ecsClusterDetails.taskDetails.definitionArn

    • resource.containerDetails.image

    • resource.rdsDbInstanceDetails.dbInstanceIdentifier

    • resource.rdsDbInstanceDetails.dbClusterIdentifier

    • resource.rdsDbInstanceDetails.engine

    • resource.rdsDbUserDetails.user

    • resource.rdsDbInstanceDetails.tags.key

    • resource.rdsDbInstanceDetails.tags.value

    • service.runtimeDetails.process.executableSha256

    • service.runtimeDetails.process.name

    • service.runtimeDetails.process.name

    • resource.lambdaDetails.functionName

    • resource.lambdaDetails.functionArn

    • resource.lambdaDetails.tags.key

    • resource.lambdaDetails.tags.value

    ", + "documentation":"

    Represents the criteria to be used in the filter for querying findings.

    You can only use the following attributes to query findings:

    • accountId

    • id

    • region

    • severity

      To filter on the basis of severity, the API and CLI use the following input list for the FindingCriteria condition:

      • Low: [\"1\", \"2\", \"3\"]

      • Medium: [\"4\", \"5\", \"6\"]

      • High: [\"7\", \"8\"]

      • Critical: [\"9\", \"10\"]

      For more information, see Findings severity levels in the Amazon GuardDuty User Guide.

    • type

    • updatedAt

      Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

    • resource.accessKeyDetails.accessKeyId

    • resource.accessKeyDetails.principalId

    • resource.accessKeyDetails.userName

    • resource.accessKeyDetails.userType

    • resource.instanceDetails.iamInstanceProfile.id

    • resource.instanceDetails.imageId

    • resource.instanceDetails.instanceId

    • resource.instanceDetails.tags.key

    • resource.instanceDetails.tags.value

    • resource.instanceDetails.networkInterfaces.ipv6Addresses

    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

    • resource.instanceDetails.networkInterfaces.publicDnsName

    • resource.instanceDetails.networkInterfaces.publicIp

    • resource.instanceDetails.networkInterfaces.securityGroups.groupId

    • resource.instanceDetails.networkInterfaces.securityGroups.groupName

    • resource.instanceDetails.networkInterfaces.subnetId

    • resource.instanceDetails.networkInterfaces.vpcId

    • resource.instanceDetails.outpostArn

    • resource.resourceType

    • resource.s3BucketDetails.publicAccess.effectivePermissions

    • resource.s3BucketDetails.name

    • resource.s3BucketDetails.tags.key

    • resource.s3BucketDetails.tags.value

    • resource.s3BucketDetails.type

    • service.action.actionType

    • service.action.awsApiCallAction.api

    • service.action.awsApiCallAction.callerType

    • service.action.awsApiCallAction.errorCode

    • service.action.awsApiCallAction.remoteIpDetails.city.cityName

    • service.action.awsApiCallAction.remoteIpDetails.country.countryName

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV6

    • service.action.awsApiCallAction.remoteIpDetails.organization.asn

    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

    • service.action.awsApiCallAction.serviceName

    • service.action.dnsRequestAction.domain

    • service.action.dnsRequestAction.domainWithSuffix

    • service.action.dnsRequestAction.vpcOwnerAccountId

    • service.action.networkConnectionAction.blocked

    • service.action.networkConnectionAction.connectionDirection

    • service.action.networkConnectionAction.localPortDetails.port

    • service.action.networkConnectionAction.protocol

    • service.action.networkConnectionAction.remoteIpDetails.city.cityName

    • service.action.networkConnectionAction.remoteIpDetails.country.countryName

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV6

    • service.action.networkConnectionAction.remoteIpDetails.organization.asn

    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

    • service.action.networkConnectionAction.remotePortDetails.port

    • service.action.awsApiCallAction.remoteAccountDetails.affiliated

    • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6

    • service.action.kubernetesApiCallAction.namespace

    • service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn

    • service.action.kubernetesApiCallAction.requestUri

    • service.action.kubernetesApiCallAction.statusCode

    • service.action.networkConnectionAction.localIpDetails.ipAddressV4

    • service.action.networkConnectionAction.localIpDetails.ipAddressV6

    • service.action.networkConnectionAction.protocol

    • service.action.awsApiCallAction.serviceName

    • service.action.awsApiCallAction.remoteAccountDetails.accountId

    • service.additionalInfo.threatListName

    • service.resourceRole

    • resource.eksClusterDetails.name

    • resource.kubernetesDetails.kubernetesWorkloadDetails.name

    • resource.kubernetesDetails.kubernetesWorkloadDetails.namespace

    • resource.kubernetesDetails.kubernetesUserDetails.username

    • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image

    • resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix

    • service.ebsVolumeScanDetails.scanId

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity

    • service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash

    • resource.ecsClusterDetails.name

    • resource.ecsClusterDetails.taskDetails.containers.image

    • resource.ecsClusterDetails.taskDetails.definitionArn

    • resource.containerDetails.image

    • resource.rdsDbInstanceDetails.dbInstanceIdentifier

    • resource.rdsDbInstanceDetails.dbClusterIdentifier

    • resource.rdsDbInstanceDetails.engine

    • resource.rdsDbUserDetails.user

    • resource.rdsDbInstanceDetails.tags.key

    • resource.rdsDbInstanceDetails.tags.value

    • service.runtimeDetails.process.executableSha256

    • service.runtimeDetails.process.name

    • service.runtimeDetails.process.executablePath

    • resource.lambdaDetails.functionName

    • resource.lambdaDetails.functionArn

    • resource.lambdaDetails.tags.key

    • resource.lambdaDetails.tags.value

    ", "locationName":"findingCriteria" }, "ClientToken":{ @@ -2493,6 +2720,11 @@ "shape":"TagMap", "documentation":"

    The tags to be added to a new IP set resource.

    ", "locationName":"tags" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" } } }, @@ -2623,6 +2855,11 @@ "documentation":"

    The idempotency token for the request.

    ", "idempotencyToken":true, "locationName":"clientToken" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags to be added to a new publishing destination resource.

    ", + "locationName":"tags" } } }, @@ -2672,7 +2909,71 @@ }, "CreateSampleFindingsResponse":{ "type":"structure", + "members":{} + }, + "CreateThreatEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "Name", + "Format", + "Location", + "Activate" + ], "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the detector of the GuardDuty account for which you want to create a threat entity set.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "Name":{ + "shape":"Name", + "documentation":"

    A user-friendly name to identify the threat entity set.

    The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

    ", + "locationName":"name" + }, + "Format":{ + "shape":"ThreatEntitySetFormat", + "documentation":"

    The format of the file that contains the threat entity set.

    ", + "locationName":"format" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the threat entity set. The format of the Location URL must be a valid Amazon S3 URL format. Invalid URL formats will result in an error, regardless of whether you activate the entity set or not. For more information about format of the location URLs, see Format of location URL under Step 2: Adding trusted or threat intelligence data in the Amazon GuardDuty User Guide.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Activate":{ + "shape":"Boolean", + "documentation":"

    A boolean value that indicates whether GuardDuty should start using the uploaded threat entity set to generate findings.

    ", + "locationName":"activate" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    The idempotency token for the create request.

    ", + "idempotencyToken":true, + "locationName":"clientToken" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags to be added to a new threat entity set resource.

    ", + "locationName":"tags" + } + } + }, + "CreateThreatEntitySetResponse":{ + "type":"structure", + "required":["ThreatEntitySetId"], + "members":{ + "ThreatEntitySetId":{ + "shape":"String", + "documentation":"

    The ID returned by GuardDuty after creation of the threat entity set resource.

    ", + "locationName":"threatEntitySetId" + } } }, "CreateThreatIntelSetRequest":{ @@ -2687,7 +2988,7 @@ "members":{ "DetectorId":{ "shape":"DetectorId", - "documentation":"

    The unique ID of the detector of the GuardDuty account for which you want to create a ThreatIntelSet.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "documentation":"

    The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", "location":"uri", "locationName":"detectorId" }, @@ -2721,6 +3022,11 @@ "shape":"TagMap", "documentation":"

    The tags to be added to a new threat list resource.

    ", "locationName":"tags" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" } } }, @@ -2735,6 +3041,71 @@ } } }, + "CreateTrustedEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "Name", + "Format", + "Location", + "Activate" + ], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the detector of the GuardDuty account for which you want to create a trusted entity set.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "Name":{ + "shape":"Name", + "documentation":"

    A user-friendly name to identify the trusted entity set.

    The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

    ", + "locationName":"name" + }, + "Format":{ + "shape":"TrustedEntitySetFormat", + "documentation":"

    The format of the file that contains the trusted entity set.

    ", + "locationName":"format" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the threat entity set. The format of the Location URL must be a valid Amazon S3 URL format. Invalid URL formats will result in an error, regardless of whether you activate the entity set or not. For more information about format of the location URLs, see Format of location URL under Step 2: Adding trusted or threat intelligence data in the Amazon GuardDuty User Guide.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Activate":{ + "shape":"Boolean", + "documentation":"

    A boolean value that indicates whether GuardDuty is to start using the uploaded trusted entity set.

    ", + "locationName":"activate" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    The idempotency token for the create request.

    ", + "idempotencyToken":true, + "locationName":"clientToken" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags to be added to a new trusted entity set resource.

    ", + "locationName":"tags" + } + } + }, + "CreateTrustedEntitySetResponse":{ + "type":"structure", + "required":["TrustedEntitySetId"], + "members":{ + "TrustedEntitySetId":{ + "shape":"String", + "documentation":"

    The ID returned by GuardDuty after creation of the trusted entity set resource.

    ", + "locationName":"trustedEntitySetId" + } + } + }, "Criterion":{ "type":"map", "key":{"shape":"String"}, @@ -2976,8 +3347,7 @@ }, "DeleteDetectorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFilterRequest":{ "type":"structure", @@ -3002,8 +3372,7 @@ }, "DeleteFilterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIPSetRequest":{ "type":"structure", @@ -3028,8 +3397,7 @@ }, "DeleteIPSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInvitationsRequest":{ "type":"structure", @@ -3119,9 +3487,33 @@ }, "DeletePublishingDestinationResponse":{ "type":"structure", + "members":{} + }, + "DeleteThreatEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "ThreatEntitySetId" + ], "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the detector associated with the threat entity set resource.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "ThreatEntitySetId":{ + "shape":"String", + "documentation":"

    The unique ID that helps GuardDuty identify which threat entity set needs to be deleted.

    ", + "location":"uri", + "locationName":"threatEntitySetId" + } } }, + "DeleteThreatEntitySetResponse":{ + "type":"structure", + "members":{} + }, "DeleteThreatIntelSetRequest":{ "type":"structure", "required":[ @@ -3145,9 +3537,33 @@ }, "DeleteThreatIntelSetResponse":{ "type":"structure", + "members":{} + }, + "DeleteTrustedEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "TrustedEntitySetId" + ], "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the detector associated with the trusted entity set resource.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "TrustedEntitySetId":{ + "shape":"String", + "documentation":"

    The unique ID that helps GuardDuty identify which trusted entity set needs to be deleted.

    ", + "location":"uri", + "locationName":"trustedEntitySetId" + } } }, + "DeleteTrustedEntitySetResponse":{ + "type":"structure", + "members":{} + }, "DescribeMalwareScansRequest":{ "type":"structure", "required":["DetectorId"], @@ -3315,6 +3731,11 @@ "shape":"DestinationProperties", "documentation":"

    A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

    ", "locationName":"destinationProperties" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags of the publishing destination resource.

    ", + "locationName":"tags" } } }, @@ -3546,8 +3967,7 @@ }, "DisableOrganizationAdminAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFromAdministratorAccountRequest":{ "type":"structure", @@ -3563,8 +3983,7 @@ }, "DisassociateFromAdministratorAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFromMasterAccountRequest":{ "type":"structure", @@ -3582,8 +4001,7 @@ }, "DisassociateFromMasterAccountResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true, "deprecatedMessage":"This output is deprecated, use DisassociateFromAdministratorAccountResponse instead" }, @@ -3640,6 +4058,11 @@ "shape":"String", "documentation":"

    The second and top level domain involved in the activity that potentially prompted GuardDuty to generate this finding. For a list of top-level and second-level domains, see public suffix list.

    ", "locationName":"domainWithSuffix" + }, + "VpcOwnerAccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the VPC through which the DNS request was made.

    ", + "locationName":"vpcOwnerAccountId" } }, "documentation":"

    Contains information about the DNS_REQUEST action described in this finding.

    " @@ -3783,6 +4206,17 @@ }, "documentation":"

    Details about the potentially impacted Amazon EC2 instance resource.

    " }, + "Ec2InstanceUid":{ + "type":"string", + "max":256, + "min":0 + }, + "Ec2InstanceUids":{ + "type":"list", + "member":{"shape":"Ec2InstanceUid"}, + "max":25, + "min":0 + }, "Ec2NetworkInterface":{ "type":"structure", "members":{ @@ -3930,6 +4364,37 @@ }, "documentation":"

    Contains information about the task in an ECS cluster.

    " }, + "EksCluster":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the Amazon EKS cluster involved in the finding.

    ", + "locationName":"arn" + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp indicating when the Amazon EKS cluster was created, in UTC format.

    ", + "locationName":"createdAt" + }, + "Status":{ + "shape":"ClusterStatus", + "documentation":"

    The current status of the Amazon EKS cluster.

    ", + "locationName":"status" + }, + "VpcId":{ + "shape":"String", + "documentation":"

    The ID of the Amazon Virtual Private Cloud (Amazon VPC) associated with the Amazon EKS cluster.

    ", + "locationName":"vpcId" + }, + "Ec2InstanceUids":{ + "shape":"Ec2InstanceUids", + "documentation":"

    A list of unique identifiers for the Amazon EC2 instances that serve as worker nodes in the Amazon EKS cluster.

    ", + "locationName":"ec2InstanceUids" + } + }, + "documentation":"

    Contains information about the Amazon EKS cluster involved in a GuardDuty finding, including cluster identification, status, and network configuration.

    " + }, "EksClusterDetails":{ "type":"structure", "members":{ @@ -3969,7 +4434,7 @@ "Email":{ "type":"string", "max":64, - "min":1, + "min":6, "sensitive":true }, "EnableOrganizationAdminAccountRequest":{ @@ -3985,8 +4450,7 @@ }, "EnableOrganizationAdminAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EndpointIds":{ "type":"list", @@ -4012,6 +4476,12 @@ }, "documentation":"

    Contains information about the reason that the finding was generated.

    " }, + "ExpectedBucketOwner":{ + "type":"string", + "max":12, + "min":12, + "pattern":"^[0-9]+$" + }, "FargateDetails":{ "type":"structure", "members":{ @@ -4100,7 +4570,7 @@ "members":{ "CriterionKey":{ "shape":"CriterionKey", - "documentation":"

    An enum value representing possible scan properties to match with given scan entries.

    Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME. CLUSTER_NAME has been deprecated.

    ", + "documentation":"

    An enum value representing possible scan properties to match with given scan entries.

    ", "locationName":"criterionKey" }, "FilterCondition":{ @@ -4190,7 +4660,7 @@ }, "Region":{ "shape":"String", - "documentation":"

    The Region where the finding was generated.

    ", + "documentation":"

    The Region where the finding was generated. For findings generated from Global Service Events, the Region value in the finding might differ from the Region where GuardDuty identifies the potential threat. For more information, see How GuardDuty handles Amazon Web Services CloudTrail global events in the Amazon GuardDuty User Guide.

    ", "locationName":"region" }, "Resource":{ @@ -4271,7 +4741,10 @@ "EC2_NETWORK_INTERFACE", "S3_BUCKET", "S3_OBJECT", - "ACCESS_KEY" + "ACCESS_KEY", + "EKS_CLUSTER", + "KUBERNETES_WORKLOAD", + "CONTAINER" ] }, "FindingStatisticType":{ @@ -4426,7 +4899,7 @@ "locationName":"lon" } }, - "documentation":"

    Contains information about the location of the remote IP address.

    " + "documentation":"

    Contains information about the location of the remote IP address. By default, GuardDuty returns Geolocation with Lat and Lon as 0.0.

    " }, "GetAdministratorAccountRequest":{ "type":"structure", @@ -4755,13 +5228,17 @@ "shape":"TagMap", "documentation":"

    The tags of the IPSet resource.

    ", "locationName":"tags" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter. This field appears in the response only if it was provided during IPSet creation or update.

    ", + "locationName":"expectedBucketOwner" } } }, "GetInvitationsCountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetInvitationsCountResponse":{ "type":"structure", @@ -5004,6 +5481,83 @@ } } }, + "GetThreatEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "ThreatEntitySetId" + ], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the detector associated with the threat entity set resource.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "ThreatEntitySetId":{ + "shape":"String", + "documentation":"

    The unique ID that helps GuardDuty identify the threat entity set.

    ", + "location":"uri", + "locationName":"threatEntitySetId" + } + } + }, + "GetThreatEntitySetResponse":{ + "type":"structure", + "required":[ + "Name", + "Format", + "Location", + "Status" + ], + "members":{ + "Name":{ + "shape":"Name", + "documentation":"

    The name of the threat entity set associated with the specified threatEntitySetId.

    ", + "locationName":"name" + }, + "Format":{ + "shape":"ThreatEntitySetFormat", + "documentation":"

    The format of the file that contains the threat entity set.

    ", + "locationName":"format" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the threat entity set.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Status":{ + "shape":"ThreatEntitySetStatus", + "documentation":"

    The status of the associated threat entity set.

    ", + "locationName":"status" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the threat entity set resource.

    ", + "locationName":"tags" + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the associated threat entity set was created.

    ", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the associated threat entity set was updated.

    ", + "locationName":"updatedAt" + }, + "ErrorDetails":{ + "shape":"String", + "documentation":"

    The error details when the status is shown as ERROR.

    ", + "locationName":"errorDetails" + } + } + }, "GetThreatIntelSetRequest":{ "type":"structure", "required":[ @@ -5058,6 +5612,88 @@ "shape":"TagMap", "documentation":"

    The tags of the threat list resource.

    ", "locationName":"tags" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter. This field appears in the response only if it was provided during ThreatIntelSet creation or update.

    ", + "locationName":"expectedBucketOwner" + } + } + }, + "GetTrustedEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "TrustedEntitySetId" + ], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the GuardDuty detector associated with this trusted entity set.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "TrustedEntitySetId":{ + "shape":"String", + "documentation":"

    The unique ID that helps GuardDuty identify the trusted entity set.

    ", + "location":"uri", + "locationName":"trustedEntitySetId" + } + } + }, + "GetTrustedEntitySetResponse":{ + "type":"structure", + "required":[ + "Name", + "Format", + "Location", + "Status" + ], + "members":{ + "Name":{ + "shape":"Name", + "documentation":"

    The name of the threat entity set associated with the specified trustedEntitySetId.

    ", + "locationName":"name" + }, + "Format":{ + "shape":"TrustedEntitySetFormat", + "documentation":"

    The format of the file that contains the trusted entity set.

    ", + "locationName":"format" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the trusted entity set.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Status":{ + "shape":"TrustedEntitySetStatus", + "documentation":"

    The status of the associated trusted entity set.

    ", + "locationName":"status" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with trusted entity set resource.

    ", + "locationName":"tags" + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the associated trusted entity set was created.

    ", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the associated trusted entity set was updated.

    ", + "locationName":"updatedAt" + }, + "ErrorDetails":{ + "shape":"String", + "documentation":"

    The error details when the status is shown as ERROR.

    ", + "locationName":"errorDetails" } } }, @@ -5225,12 +5861,12 @@ "members":{ "Key":{ "shape":"IndicatorType", - "documentation":"

    Specific indicator keys observed in the attack sequence.

    ", + "documentation":"

    Specific indicator keys observed in the attack sequence. For description of the valid values for key, see Attack sequence finding details in the Amazon GuardDuty User Guide.

    ", "locationName":"key" }, "Values":{ "shape":"IndicatorValues", - "documentation":"

    Values associated with each indicator key. For example, if the indicator key is SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.

    For more information about the values associated with the key, see GuardDuty Extended Threat Detection in the GuardDuty User Guide.

    ", + "documentation":"

    Values associated with each indicator key. For example, if the indicator key is SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.

    ", "locationName":"values" }, "Title":{ @@ -5258,7 +5894,13 @@ "ATTACK_TECHNIQUE", "UNUSUAL_API_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_ACCOUNT", - "UNUSUAL_ASN_FOR_USER" + "UNUSUAL_ASN_FOR_USER", + "SUSPICIOUS_PROCESS", + "MALICIOUS_DOMAIN", + "MALICIOUS_PROCESS", + "CRYPTOMINING_IP", + "CRYPTOMINING_DOMAIN", + "CRYPTOMINING_PROCESS" ] }, "IndicatorValueString":{ @@ -5673,6 +6315,19 @@ }, "documentation":"

    Information about the Kubernetes API for which you check if you have permission to call.

    " }, + "KubernetesResourcesTypes":{ + "type":"string", + "enum":[ + "PODS", + "JOBS", + "CRONJOBS", + "DEPLOYMENTS", + "DAEMONSETS", + "STATEFULSETS", + "REPLICASETS", + "REPLICATIONCONTROLLERS" + ] + }, "KubernetesRoleBindingDetails":{ "type":"structure", "members":{ @@ -5756,6 +6411,27 @@ }, "documentation":"

    Details about the Kubernetes user involved in a Kubernetes finding.

    " }, + "KubernetesWorkload":{ + "type":"structure", + "members":{ + "ContainerUids":{ + "shape":"ContainerUids", + "documentation":"

    A list of unique identifiers for the containers that are part of the Kubernetes workload.

    ", + "locationName":"containerUids" + }, + "Namespace":{ + "shape":"String", + "documentation":"

    The Kubernetes namespace in which the workload is running, providing logical isolation within the cluster.

    ", + "locationName":"namespace" + }, + "KubernetesResourcesTypes":{ + "shape":"KubernetesResourcesTypes", + "documentation":"

    The types of Kubernetes resources involved in the workload.

    ", + "locationName":"type" + } + }, + "documentation":"

    Contains information about Kubernetes workloads involved in a GuardDuty finding, including pods, deployments, and other Kubernetes resources.

    " + }, "KubernetesWorkloadDetails":{ "type":"structure", "members":{ @@ -6164,7 +6840,7 @@ "members":{ "NextToken":{ "shape":"String", - "documentation":"

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

    ", + "documentation":"

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. The default page size is 100 plans.

    ", "location":"querystring", "locationName":"nextToken" } @@ -6324,6 +7000,46 @@ } } }, + "ListThreatEntitySetsRequest":{ + "type":"structure", + "required":["DetectorId"], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the GuardDuty detector that is associated with this threat entity set.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListThreatEntitySetsResponse":{ + "type":"structure", + "required":["ThreatEntitySetIds"], + "members":{ + "ThreatEntitySetIds":{ + "shape":"ThreatEntitySetIds", + "documentation":"

    The IDs of the threat entity set resources.

    ", + "locationName":"threatEntitySetIds" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The pagination parameter to be used on the next list operation to retrieve more items.

    ", + "locationName":"nextToken" + } + } + }, "ListThreatIntelSetsRequest":{ "type":"structure", "required":["DetectorId"], @@ -6364,6 +7080,46 @@ } } }, + "ListTrustedEntitySetsRequest":{ + "type":"structure", + "required":["DetectorId"], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the GuardDuty detector that is associated with this threat entity set.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListTrustedEntitySetsResponse":{ + "type":"structure", + "required":["TrustedEntitySetIds"], + "members":{ + "TrustedEntitySetIds":{ + "shape":"TrustedEntitySetIds", + "documentation":"

    The IDs of the trusted entity set resources.

    ", + "locationName":"trustedEntitySetIds" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The pagination parameter to be used on the next list operation to retrieve more items.

    ", + "locationName":"nextToken" + } + } + }, "LocalIpDetails":{ "type":"structure", "members":{ @@ -6506,7 +7262,7 @@ }, "Message":{ "shape":"String", - "documentation":"

    Issue message that specifies the reason. For information about potential troubleshooting steps, see Troubleshooting Malware Protection for S3 status issues in the GuardDuty User Guide.

    ", + "documentation":"

    Issue message that specifies the reason. For information about potential troubleshooting steps, see Troubleshooting Malware Protection for S3 status issues in the Amazon GuardDuty User Guide.

    ", "locationName":"message" } }, @@ -7634,6 +8390,21 @@ }, "documentation":"

    Information about the observed process.

    " }, + "ProcessName":{ + "type":"string", + "max":4096, + "min":0 + }, + "ProcessPath":{ + "type":"string", + "max":4096, + "min":0 + }, + "ProcessSha256":{ + "type":"string", + "max":1024, + "min":0 + }, "ProductCode":{ "type":"structure", "members":{ @@ -8032,6 +8803,21 @@ "shape":"S3Object", "documentation":"

    Contains information about the Amazon S3 object.

    ", "locationName":"s3Object" + }, + "EksCluster":{ + "shape":"EksCluster", + "documentation":"

    Contains detailed information about the Amazon EKS cluster associated with the activity that prompted GuardDuty to generate a finding.

    ", + "locationName":"eksCluster" + }, + "KubernetesWorkload":{ + "shape":"KubernetesWorkload", + "documentation":"

    Contains detailed information about the Kubernetes workload associated with the activity that prompted GuardDuty to generate a finding.

    ", + "locationName":"kubernetesWorkload" + }, + "Container":{ + "shape":"ContainerFindingResource", + "documentation":"

    Contains detailed information about the container associated with the activity that prompted GuardDuty to generate a finding.

    ", + "locationName":"container" } }, "documentation":"

    Contains information about the Amazon Web Services resource that is associated with the activity that prompted GuardDuty to generate a finding.

    " @@ -8897,6 +9683,11 @@ "shape":"Indicators", "documentation":"

    Contains information about the indicators observed in the attack sequence.

    ", "locationName":"sequenceIndicators" + }, + "AdditionalSequenceTypes":{ + "shape":"AdditionalSequenceTypes", + "documentation":"

    Additional types of sequences that may be associated with the attack sequence finding, providing further context about the nature of the detected threat.

    ", + "locationName":"additionalSequenceTypes" } }, "documentation":"

    Contains information about the GuardDuty attack sequence finding.

    " @@ -9078,7 +9869,7 @@ }, "Type":{ "shape":"SignalType", - "documentation":"

    The type of the signal used to identify an attack sequence.

    Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see Foundational data sources in the GuardDuty User Guide.

    A signal type can be one of the valid values listed in this API. Here are the related descriptions:

    • FINDING - Individually generated GuardDuty finding.

    • CLOUD_TRAIL - Activity observed from CloudTrail logs

    • S3_DATA_EVENTS - Activity observed from CloudTrail data events for S3. Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and steps to enable it, see S3 Protection in the GuardDuty User Guide.

    ", + "documentation":"

    The type of the signal used to identify an attack sequence.

    Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see Foundational data sources in the Amazon GuardDuty User Guide.

    A signal type can be one of the valid values listed in this API. Here are the related descriptions:

    • FINDING - Individually generated GuardDuty finding.

    • CLOUD_TRAIL - Activity observed from CloudTrail logs

    • S3_DATA_EVENTS - Activity observed from CloudTrail data events for S3. Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and steps to enable it, see S3 Protection in the Amazon GuardDuty User Guide.

    ", "locationName":"type" }, "Description":{ @@ -9113,7 +9904,7 @@ }, "Severity":{ "shape":"Double", - "documentation":"

    The severity associated with the signal. For more information about severity, see Findings severity levels in the GuardDuty User Guide.

    ", + "documentation":"

    The severity associated with the signal. For more information about severity, see Findings severity levels in the Amazon GuardDuty User Guide.

    ", "locationName":"severity" }, "Count":{ @@ -9153,14 +9944,18 @@ "enum":[ "FINDING", "CLOUD_TRAIL", - "S3_DATA_EVENTS" + "S3_DATA_EVENTS", + "EKS_AUDIT_LOGS", + "FLOW_LOGS", + "DNS_LOGS", + "RUNTIME_MONITORING" ] }, "Signals":{ "type":"list", "member":{"shape":"Signal"}, "max":100, - "min":2 + "min":1 }, "SortCriteria":{ "type":"structure", @@ -9331,8 +10126,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -9389,6 +10183,39 @@ }, "documentation":"

    Contains details about identified threats organized by threat name.

    " }, + "ThreatEntitySetFormat":{ + "type":"string", + "enum":[ + "TXT", + "STIX", + "OTX_CSV", + "ALIEN_VAULT", + "PROOF_POINT", + "FIRE_EYE" + ], + "max":300, + "min":1 + }, + "ThreatEntitySetIds":{ + "type":"list", + "member":{"shape":"String"}, + "max":50, + "min":0 + }, + "ThreatEntitySetStatus":{ + "type":"string", + "enum":[ + "INACTIVE", + "ACTIVATING", + "ACTIVE", + "DEACTIVATING", + "ERROR", + "DELETE_PENDING", + "DELETED" + ], + "max":300, + "min":1 + }, "ThreatIntelSetFormat":{ "type":"string", "enum":[ @@ -9499,6 +10326,39 @@ }, "documentation":"

    Represents the reason the scan was triggered.

    " }, + "TrustedEntitySetFormat":{ + "type":"string", + "enum":[ + "TXT", + "STIX", + "OTX_CSV", + "ALIEN_VAULT", + "PROOF_POINT", + "FIRE_EYE" + ], + "max":300, + "min":1 + }, + "TrustedEntitySetIds":{ + "type":"list", + "member":{"shape":"String"}, + "max":50, + "min":0 + }, + "TrustedEntitySetStatus":{ + "type":"string", + "enum":[ + "INACTIVE", + "ACTIVATING", + "ACTIVE", + "DEACTIVATING", + "ERROR", + "DELETE_PENDING", + "DELETED" + ], + "max":300, + "min":1 + }, "UnarchiveFindingsRequest":{ "type":"structure", "required":[ @@ -9521,8 +10381,7 @@ }, "UnarchiveFindingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UnprocessedAccount":{ "type":"structure", @@ -9583,8 +10442,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDetectorRequest":{ "type":"structure", @@ -9622,8 +10480,7 @@ }, "UpdateDetectorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFilterRequest":{ "type":"structure", @@ -9702,7 +10559,7 @@ "locationName":"feedback" }, "Comments":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Additional feedback about the GuardDuty findings.

    ", "locationName":"comments" } @@ -9710,8 +10567,7 @@ }, "UpdateFindingsFeedbackResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIPSetRequest":{ "type":"structure", @@ -9746,13 +10602,17 @@ "shape":"Boolean", "documentation":"

    The updated Boolean value that specifies whether the IPSet is active or not.

    ", "locationName":"activate" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" } } }, "UpdateIPSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMalwareProtectionPlanRequest":{ "type":"structure", @@ -9805,8 +10665,7 @@ }, "UpdateMalwareScanSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMemberDetectorsRequest":{ "type":"structure", @@ -9889,8 +10748,7 @@ }, "UpdateOrganizationConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateProtectedResource":{ "type":"structure", @@ -9931,8 +10789,7 @@ }, "UpdatePublishingDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateS3BucketResource":{ "type":"structure", @@ -9945,6 +10802,51 @@ }, "documentation":"

    Information about the protected S3 bucket resource.

    " }, + "UpdateThreatEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "ThreatEntitySetId" + ], + "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "ThreatEntitySetId":{ + "shape":"String", + "documentation":"

    The ID returned by GuardDuty after updating the threat entity set resource.

    ", + "location":"uri", + "locationName":"threatEntitySetId" + }, + "Name":{ + "shape":"Name", + "documentation":"

    A user-friendly name to identify the trusted entity set.

    The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

    ", + "locationName":"name" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the trusted entity set.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Activate":{ + "shape":"Boolean", + "documentation":"

    A boolean value that indicates whether GuardDuty is to start using this updated threat entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.

    ", + "locationName":"activate" + } + } + }, + "UpdateThreatEntitySetResponse":{ + "type":"structure", + "members":{} + }, "UpdateThreatIntelSetRequest":{ "type":"structure", "required":[ @@ -9978,14 +10880,63 @@ "shape":"Boolean", "documentation":"

    The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

    ", "locationName":"activate" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" } } }, "UpdateThreatIntelSetResponse":{ "type":"structure", + "members":{} + }, + "UpdateTrustedEntitySetRequest":{ + "type":"structure", + "required":[ + "DetectorId", + "TrustedEntitySetId" + ], "members":{ + "DetectorId":{ + "shape":"DetectorId", + "documentation":"

    The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

    ", + "location":"uri", + "locationName":"detectorId" + }, + "TrustedEntitySetId":{ + "shape":"String", + "documentation":"

    The ID returned by GuardDuty after updating the trusted entity set resource.

    ", + "location":"uri", + "locationName":"trustedEntitySetId" + }, + "Name":{ + "shape":"Name", + "documentation":"

    A user-friendly name to identify the trusted entity set.

    The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

    ", + "locationName":"name" + }, + "Location":{ + "shape":"Location", + "documentation":"

    The URI of the file that contains the trusted entity set.

    ", + "locationName":"location" + }, + "ExpectedBucketOwner":{ + "shape":"ExpectedBucketOwner", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

    ", + "locationName":"expectedBucketOwner" + }, + "Activate":{ + "shape":"Boolean", + "documentation":"

    A boolean value that indicates whether GuardDuty is to start using this updated trusted entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.

    ", + "locationName":"activate" + } } }, + "UpdateTrustedEntitySetResponse":{ + "type":"structure", + "members":{} + }, "UsageAccountResult":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/health/2016-08-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/service-2.json 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/service-2.json --- 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates a data store that can ingest and export FHIR formatted data.

    " + "documentation":"

    Create a FHIR-enabled data store.

    " }, "DeleteFHIRDatastore":{ "name":"DeleteFHIRDatastore", @@ -48,7 +48,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes a data store.

    " + "documentation":"

    Delete a FHIR-enabled data store.

    " }, "DescribeFHIRDatastore":{ "name":"DescribeFHIRDatastore", @@ -64,7 +64,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the properties associated with the FHIR data store, including the data store ID, data store ARN, data store name, data store status, when the data store was created, data store type version, and the data store's endpoint.

    " + "documentation":"

    Get properties for a FHIR-enabled data store.

    " }, "DescribeFHIRExportJob":{ "name":"DescribeFHIRExportJob", @@ -80,7 +80,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Displays the properties of a FHIR export job, including the ID, ARN, name, and the status of the job.

    " + "documentation":"

    Get FHIR export job properties.

    " }, "DescribeFHIRImportJob":{ "name":"DescribeFHIRImportJob", @@ -96,7 +96,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Displays the properties of a FHIR import job, including the ID, ARN, name, and the status of the job.

    " + "documentation":"

    Get the import job properties to learn more about the job or job progress.

    " }, "ListFHIRDatastores":{ "name":"ListFHIRDatastores", @@ -111,7 +111,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists all FHIR data stores that are in the user’s account, regardless of data store status.

    " + "documentation":"

    List all FHIR-enabled data stores in a user’s account, regardless of data store status.

    " }, "ListFHIRExportJobs":{ "name":"ListFHIRExportJobs", @@ -128,7 +128,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists all FHIR export jobs associated with an account and their statuses.

    " + "documentation":"

    Lists all FHIR export jobs associated with an account and their statuses.

    " }, "ListFHIRImportJobs":{ "name":"ListFHIRImportJobs", @@ -145,7 +145,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists all FHIR import jobs associated with an account and their statuses.

    " + "documentation":"

    List all FHIR import jobs associated with an account and their statuses.

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -159,7 +159,7 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of all existing tags associated with a data store.

    " + "documentation":"

    Returns a list of all existing tags associated with a data store.

    " }, "StartFHIRExportJob":{ "name":"StartFHIRExportJob", @@ -176,7 +176,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Begins a FHIR export job.

    " + "documentation":"

    Start a FHIR export job.

    " }, "StartFHIRImportJob":{ "name":"StartFHIRImportJob", @@ -193,7 +193,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Begins a FHIR Import job.

    " + "documentation":"

    Start importing bulk FHIR data into an ACTIVE data store. The import job imports FHIR data found in the InputDataConfig object and stores processing results in the JobOutputDataConfig object.

    " }, "TagResource":{ "name":"TagResource", @@ -207,7 +207,7 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Adds a user specified key and value tag to a data store.

    " + "documentation":"

    Add a user-specifed key and value tag to a data store.

    " }, "UntagResource":{ "name":"UntagResource", @@ -221,7 +221,7 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Removes tags from a data store.

    " + "documentation":"

    Remove a user-specifed key and value tag from a data store.

    " } }, "shapes":{ @@ -273,7 +273,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The data store is in a transition state and the user requested action can not be performed.

    ", + "documentation":"

    The data store is in a transition state and the user requested action cannot be performed.

    ", "exception":true }, "CreateFHIRDatastoreRequest":{ @@ -282,32 +282,32 @@ "members":{ "DatastoreName":{ "shape":"DatastoreName", - "documentation":"

    The user generated name for the data store.

    " + "documentation":"

    The data store name (user-generated).

    " }, "DatastoreTypeVersion":{ "shape":"FHIRVersion", - "documentation":"

    The FHIR version of the data store. The only supported version is R4.

    " + "documentation":"

    The FHIR release version supported by the data store. Current support is for version R4.

    " }, "SseConfiguration":{ "shape":"SseConfiguration", - "documentation":"

    The server-side encryption key configuration for a customer provided encryption key specified for creating a data store.

    " + "documentation":"

    The server-side encryption key configuration for a customer-provided encryption key specified for creating a data store.

    " }, "PreloadDataConfig":{ "shape":"PreloadDataConfig", - "documentation":"

    Optional parameter to preload data upon creation of the data store. Currently, the only supported preloaded data is synthetic data generated from Synthea.

    " + "documentation":"

    An optional parameter to preload (import) open source Synthea FHIR data upon creation of the data store.

    " }, "ClientToken":{ "shape":"ClientTokenString", - "documentation":"

    Optional user provided token used for ensuring idempotency.

    ", + "documentation":"

    An optional user-provided token to ensure API idempotency.

    ", "idempotencyToken":true }, "Tags":{ "shape":"TagList", - "documentation":"

    Resource tags that are applied to a data store when it is created.

    " + "documentation":"

    The resource tags applied to a data store when it is created.

    " }, "IdentityProviderConfiguration":{ "shape":"IdentityProviderConfiguration", - "documentation":"

    The configuration of the identity provider that you want to use for your data store.

    " + "documentation":"

    The identity provider configuration to use for the data store.

    " } } }, @@ -322,19 +322,19 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated data store id. This id is in the output from the initial data store creation call.

    " + "documentation":"

    The data store identifier.

    " }, "DatastoreArn":{ "shape":"DatastoreArn", - "documentation":"

    The data store ARN is generated during the creation of the data store and can be found in the output from the initial data store creation call.

    " + "documentation":"

    The Amazon Resource Name (ARN) for the data store.

    " }, "DatastoreStatus":{ "shape":"DatastoreStatus", - "documentation":"

    The status of the FHIR data store.

    " + "documentation":"

    The data store status.

    " }, "DatastoreEndpoint":{ "shape":"BoundedLengthString", - "documentation":"

    The AWS endpoint for the created data store.

    " + "documentation":"

    The AWS endpoint created for the data store.

    " } } }, @@ -347,22 +347,22 @@ "members":{ "DatastoreName":{ "shape":"DatastoreName", - "documentation":"

    Allows the user to filter data store results by name.

    " + "documentation":"

    Filter data store results by name.

    " }, "DatastoreStatus":{ "shape":"DatastoreStatus", - "documentation":"

    Allows the user to filter data store results by status.

    " + "documentation":"

    Filter data store results by status.

    " }, "CreatedBefore":{ "shape":"Timestamp", - "documentation":"

    A filter that allows the user to set cutoff dates for records. All data stores created before the specified date will be included in the results.

    " + "documentation":"

    Filter to set cutoff dates for records. All data stores created before the specified date are included in the results.

    " }, "CreatedAfter":{ "shape":"Timestamp", - "documentation":"

    A filter that allows the user to set cutoff dates for records. All data stores created after the specified date will be included in the results.

    " + "documentation":"

    Filter to set cutoff dates for records. All data stores created after the specified date are included in the results.

    " } }, - "documentation":"

    The filters applied to data store query.

    " + "documentation":"

    The filters applied to a data store query.

    " }, "DatastoreId":{ "type":"string", @@ -388,50 +388,50 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated ID number for the data store.

    " + "documentation":"

    The data store identifier.

    " }, "DatastoreArn":{ "shape":"DatastoreArn", - "documentation":"

    The Amazon Resource Name used in the creation of the data store.

    " + "documentation":"

    The Amazon Resource Name (ARN) used in the creation of the data store.

    " }, "DatastoreName":{ "shape":"DatastoreName", - "documentation":"

    The user-generated name for the data store.

    " + "documentation":"

    The data store name.

    " }, "DatastoreStatus":{ "shape":"DatastoreStatus", - "documentation":"

    The status of the data store.

    " + "documentation":"

    The data store status.

    " }, "CreatedAt":{ "shape":"Timestamp", - "documentation":"

    The time that a data store was created.

    " + "documentation":"

    The time the data store was created.

    " }, "DatastoreTypeVersion":{ "shape":"FHIRVersion", - "documentation":"

    The FHIR version. Only R4 version data is supported.

    " + "documentation":"

    The FHIR release version supported by the data store. Current support is for version R4.

    " }, "DatastoreEndpoint":{ "shape":"String", - "documentation":"

    The AWS endpoint for the data store. Each data store will have it's own endpoint with data store ID in the endpoint URL.

    " + "documentation":"

    The AWS endpoint for the data store.

    " }, "SseConfiguration":{ "shape":"SseConfiguration", - "documentation":"

    The server-side encryption key configuration for a customer provided encryption key (CMK).

    " + "documentation":"

    The server-side encryption key configuration for a customer provided encryption key.

    " }, "PreloadDataConfig":{ "shape":"PreloadDataConfig", - "documentation":"

    The preloaded data configuration for the data store. Only data preloaded from Synthea is supported.

    " + "documentation":"

    The preloaded Synthea data configuration for the data store.

    " }, "IdentityProviderConfiguration":{ "shape":"IdentityProviderConfiguration", - "documentation":"

    The identity provider that you selected when you created the data store.

    " + "documentation":"

    The identity provider selected during data store creation.

    " }, "ErrorCause":{ "shape":"ErrorCause", "documentation":"

    The error cause for the current data store operation.

    " } }, - "documentation":"

    Displays the properties of the data store, including the ID, ARN, name, and the status of the data store.

    " + "documentation":"

    The data store properties.

    " }, "DatastorePropertiesList":{ "type":"list", @@ -453,7 +453,7 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated ID for the data store to be deleted.

    " + "documentation":"

    The AWS-generated identifier for the data store to be deleted.

    " } } }, @@ -468,19 +468,19 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated ID for the data store to be deleted.

    " + "documentation":"

    The AWS-generated ID for the deleted data store.

    " }, "DatastoreArn":{ "shape":"DatastoreArn", - "documentation":"

    The Amazon Resource Name (ARN) that gives AWS HealthLake access permission.

    " + "documentation":"

    The Amazon Resource Name (ARN) that grants access permission to AWS HealthLake.

    " }, "DatastoreStatus":{ "shape":"DatastoreStatus", - "documentation":"

    The status of the data store that the user has requested to be deleted.

    " + "documentation":"

    The data store status.

    " }, "DatastoreEndpoint":{ "shape":"BoundedLengthString", - "documentation":"

    The AWS endpoint for the data store the user has requested to be deleted.

    " + "documentation":"

    The AWS endpoint of the data store to be deleted.

    " } } }, @@ -490,7 +490,7 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated data store ID.

    " + "documentation":"

    The data store identifier.

    " } } }, @@ -500,7 +500,7 @@ "members":{ "DatastoreProperties":{ "shape":"DatastoreProperties", - "documentation":"

    All properties associated with a data store, including the data store ID, data store ARN, data store name, data store status, when the data store was created, data store type version, and the data store's endpoint.

    " + "documentation":"

    The data store properties.

    " } } }, @@ -513,11 +513,11 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS generated ID for the data store from which files are being exported from for an export job.

    " + "documentation":"

    The data store identifier from which FHIR data is being exported from.

    " }, "JobId":{ "shape":"JobId", - "documentation":"

    The AWS generated ID for an export job.

    " + "documentation":"

    The export job identifier.

    " } } }, @@ -527,7 +527,7 @@ "members":{ "ExportJobProperties":{ "shape":"ExportJobProperties", - "documentation":"

    Displays the properties of the export job, including the ID, Arn, Name, and the status of the job.

    " + "documentation":"

    The export job properties.

    " } } }, @@ -540,11 +540,11 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated ID of the data store.

    " + "documentation":"

    The data store identifier.

    " }, "JobId":{ "shape":"JobId", - "documentation":"

    The AWS-generated job ID.

    " + "documentation":"

    The import job identifier.

    " } } }, @@ -554,7 +554,7 @@ "members":{ "ImportJobProperties":{ "shape":"ImportJobProperties", - "documentation":"

    The properties of the Import job request, including the ID, ARN, name, status of the job, and the progress report of the job.

    " + "documentation":"

    The import job properties.

    " } } }, @@ -576,14 +576,14 @@ "members":{ "ErrorMessage":{ "shape":"ErrorMessage", - "documentation":"

    The text of the error message.

    " + "documentation":"

    The error message text for ErrorCause.

    " }, "ErrorCategory":{ "shape":"ErrorCategory", - "documentation":"

    The error category of the create/delete data store operation. Possible statuses are RETRYABLE_ERROR or NON_RETRYABLE_ERROR.

    " + "documentation":"

    The error category for ErrorCause.

    " } }, - "documentation":"

    The error info of the create/delete data store operation.

    " + "documentation":"

    The error information for CreateFHIRDatastore and DeleteFHIRDatastore actions.

    " }, "ErrorMessage":{ "type":"string", @@ -602,42 +602,42 @@ "members":{ "JobId":{ "shape":"JobId", - "documentation":"

    The AWS generated ID for an export job.

    " + "documentation":"

    The export job identifier.

    " }, "JobName":{ "shape":"JobName", - "documentation":"

    The user generated name for an export job.

    " + "documentation":"

    The export job name.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    The status of a FHIR export job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, or FAILED.

    " + "documentation":"

    The export job status.

    " }, "SubmitTime":{ "shape":"Timestamp", - "documentation":"

    The time an export job was initiated.

    " + "documentation":"

    The time the export job was initiated.

    " }, "EndTime":{ "shape":"Timestamp", - "documentation":"

    The time an export job completed.

    " + "documentation":"

    The time the export job completed.

    " }, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS generated ID for the data store from which files are being exported for an export job.

    " + "documentation":"

    The data store identifier from which files are being exported.

    " }, "OutputDataConfig":{ "shape":"OutputDataConfig", - "documentation":"

    The output data configuration that was supplied when the export job was created.

    " + "documentation":"

    The output data configuration supplied when the export job was created.

    " }, "DataAccessRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name used during the initiation of the job.

    " + "documentation":"

    The Amazon Resource Name (ARN) used during the initiation of the export job.

    " }, "Message":{ "shape":"Message", - "documentation":"

    An explanation of any errors that may have occurred during the export job.

    " + "documentation":"

    An explanation of any errors that might have occurred during the export job.

    " } }, - "documentation":"

    The properties of a FHIR export job, including the ID, ARN, name, and the status of the job.

    " + "documentation":"

    The properties of a FHIR export job.

    " }, "ExportJobPropertiesList":{ "type":"list", @@ -661,22 +661,22 @@ "members":{ "AuthorizationStrategy":{ "shape":"AuthorizationStrategy", - "documentation":"

    The authorization strategy that you selected when you created the data store.

    " + "documentation":"

    The authorization strategy selected when the HealthLake data store is created.

    HealthLake provides support for both SMART on FHIR V1 and V2 as described below.

    • SMART_ON_FHIR_V1 – Support for only SMART on FHIR V1, which includes read (read/search) and write (create/update/delete) permissions.

    • SMART_ON_FHIR – Support for both SMART on FHIR V1 and V2, which includes create, read, update, delete, and search permissions.

    • AWS_AUTH – The default HealthLake authorization strategy; not affiliated with SMART on FHIR.

    " }, "FineGrainedAuthorizationEnabled":{ "shape":"Boolean", - "documentation":"

    If you enabled fine-grained authorization when you created the data store.

    " + "documentation":"

    The parameter to enable SMART on FHIR fine-grained authorization for the data store.

    " }, "Metadata":{ "shape":"ConfigurationMetadata", - "documentation":"

    The JSON metadata elements that you want to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

    authorization_endpoint: The URL to the OAuth2 authorization endpoint.

    grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.

    token_endpoint: The URL to the OAuth2 token endpoint.

    capabilities: An array of strings of the SMART capabilities that the authorization server supports.

    code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.

    " + "documentation":"

    The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

    authorization_endpoint: The URL to the OAuth2 authorization endpoint.

    grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.

    token_endpoint: The URL to the OAuth2 token endpoint.

    capabilities: An array of strings of the SMART capabilities that the authorization server supports.

    code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.

    " }, "IdpLambdaArn":{ "shape":"LambdaArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Lambda function that you want to use to decode the access token created by the authorization server.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.

    " } }, - "documentation":"

    The identity provider configuration that you gave when the data store was created.

    " + "documentation":"

    The identity provider configuration selected when the data store was created.

    " }, "ImportJobProperties":{ "type":"structure", @@ -690,47 +690,51 @@ "members":{ "JobId":{ "shape":"JobId", - "documentation":"

    The AWS-generated id number for the Import job.

    " + "documentation":"

    The import job identifier.

    " }, "JobName":{ "shape":"JobName", - "documentation":"

    The user-generated name for an Import job.

    " + "documentation":"

    The import job name.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED_WITH_ERRORS, COMPLETED, FAILED.

    " + "documentation":"

    The import job status.

    " }, "SubmitTime":{ "shape":"Timestamp", - "documentation":"

    The time that the Import job was submitted for processing.

    " + "documentation":"

    The time the import job was submitted for processing.

    " }, "EndTime":{ "shape":"Timestamp", - "documentation":"

    The time that the Import job was completed.

    " + "documentation":"

    The time the import job was completed.

    " }, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The datastore id used when the Import job was created.

    " + "documentation":"

    The data store identifier.

    " }, "InputDataConfig":{ "shape":"InputDataConfig", - "documentation":"

    The input data configuration that was supplied when the Import job was created.

    " + "documentation":"

    The input data configuration supplied when the import job was created.

    " }, "JobOutputDataConfig":{"shape":"OutputDataConfig"}, "JobProgressReport":{ "shape":"JobProgressReport", - "documentation":"

    Displays the progress of the import job, including total resources scanned, total resources ingested, and total size of data ingested.

    " + "documentation":"

    Displays the progress of the import job, including total resources scanned, total resources imported, and total size of data imported.

    " }, "DataAccessRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) that gives AWS HealthLake access to your input data.

    " + "documentation":"

    The Amazon Resource Name (ARN) that grants AWS HealthLake access to the input data.

    " }, "Message":{ "shape":"Message", - "documentation":"

    An explanation of any errors that may have occurred during the FHIR import job.

    " + "documentation":"

    An explanation of any errors that might have occurred during the FHIR import job.

    " + }, + "ValidationLevel":{ + "shape":"ValidationLevel", + "documentation":"

    The validation level of the import job.

    " } }, - "documentation":"

    Displays the properties of the import job, including the ID, Arn, Name, the status of the job, and the progress report of the job.

    " + "documentation":"

    The import job properties.

    " }, "ImportJobPropertiesList":{ "type":"list", @@ -741,10 +745,10 @@ "members":{ "S3Uri":{ "shape":"S3Uri", - "documentation":"

    The S3Uri is the user specified S3 location of the FHIR data to be imported into AWS HealthLake.

    " + "documentation":"

    The S3Uri is the user-specified S3 location of the FHIR data to be imported into AWS HealthLake.

    " } }, - "documentation":"

    The input properties for an import job.

    ", + "documentation":"

    The import job input properties.

    ", "union":true }, "InternalServerException":{ @@ -752,7 +756,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    Unknown error occurs in the service.

    ", + "documentation":"

    An unknown internal error occurred in the service.

    ", "exception":true, "fault":true }, @@ -773,23 +777,23 @@ "members":{ "TotalNumberOfScannedFiles":{ "shape":"GenericLong", - "documentation":"

    The number of files scanned from input S3 bucket.

    " + "documentation":"

    The number of files scanned from the S3 input bucket.

    " }, "TotalSizeOfScannedFilesInMB":{ "shape":"GenericDouble", - "documentation":"

    The size (in MB) of the files scanned from the input S3 bucket.

    " + "documentation":"

    The size (in MB) of files scanned from the S3 input bucket.

    " }, "TotalNumberOfImportedFiles":{ "shape":"GenericLong", - "documentation":"

    The number of files imported so far.

    " + "documentation":"

    The number of files imported.

    " }, "TotalNumberOfResourcesScanned":{ "shape":"GenericLong", - "documentation":"

    The number of resources scanned from the input S3 bucket.

    " + "documentation":"

    The number of resources scanned from the S3 input bucket.

    " }, "TotalNumberOfResourcesImported":{ "shape":"GenericLong", - "documentation":"

    The number of resources imported so far.

    " + "documentation":"

    The number of resources imported.

    " }, "TotalNumberOfResourcesWithCustomerError":{ "shape":"GenericLong", @@ -797,14 +801,14 @@ }, "TotalNumberOfFilesReadWithCustomerError":{ "shape":"GenericLong", - "documentation":"

    The number of files that failed to be read from the input S3 bucket due to customer error.

    " + "documentation":"

    The number of files that failed to be read from the S3 input bucket due to customer error.

    " }, "Throughput":{ "shape":"GenericDouble", - "documentation":"

    The throughput (in MB/sec) of the import job.

    " + "documentation":"

    The transaction rate the import job is processed at.

    " } }, - "documentation":"

    The progress report of an import job.

    " + "documentation":"

    The progress report for the import job.

    " }, "JobStatus":{ "type":"string", @@ -827,14 +831,14 @@ "members":{ "CmkType":{ "shape":"CmkType", - "documentation":"

    The type of customer-managed-key(CMK) used for encryption. The two types of supported CMKs are customer owned CMKs and AWS owned CMKs.

    " + "documentation":"

    The type of customer-managed-key (CMK) used for encryption.

    " }, "KmsKeyId":{ "shape":"EncryptionKeyID", - "documentation":"

    The KMS encryption key id/alias used to encrypt the data store contents at rest.

    " + "documentation":"

    The Key Management Service (KMS) encryption key id/alias used to encrypt the data store contents at rest.

    " } }, - "documentation":"

    The customer-managed-key(CMK) used when creating a data store. If a customer owned key is not specified, an AWS owned key will be used for encryption.

    " + "documentation":"

    The customer-managed-key (CMK) used when creating a data store. If a customer-owned key is not specified, an AWS-owned key is used for encryption.

    " }, "LambdaArn":{ "type":"string", @@ -847,15 +851,15 @@ "members":{ "Filter":{ "shape":"DatastoreFilter", - "documentation":"

    Lists all filters associated with a FHIR data store request.

    " + "documentation":"

    List all filters associated with a FHIR data store request.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    Fetches the next page of data stores when results are paginated.

    " + "documentation":"

    The token used to retrieve the next page of data stores when results are paginated.

    " }, "MaxResults":{ "shape":"MaxResultsInteger", - "documentation":"

    The maximum number of data stores returned in a single page of a ListFHIRDatastoresRequest call.

    " + "documentation":"

    The maximum number of data stores returned on a page.

    " } } }, @@ -865,11 +869,11 @@ "members":{ "DatastorePropertiesList":{ "shape":"DatastorePropertiesList", - "documentation":"

    All properties associated with the listed data stores.

    " + "documentation":"

    The properties associated with all listed data stores.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    Pagination token that can be used to retrieve the next page of results.

    " + "documentation":"

    The pagination token used to retrieve the next page of results.

    " } } }, @@ -879,31 +883,31 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    This parameter limits the response to the export job with the specified data store ID.

    " + "documentation":"

    Limits the response to the export job with the specified data store ID.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    A pagination token used to identify the next page of results to return for a ListFHIRExportJobs query.

    " + "documentation":"

    A pagination token used to identify the next page of results to return.

    " }, "MaxResults":{ "shape":"MaxResultsInteger", - "documentation":"

    This parameter limits the number of results returned for a ListFHIRExportJobs to a maximum quantity specified by the user.

    " + "documentation":"

    Limits the number of results returned for a ListFHIRExportJobs to a maximum quantity specified by the user.

    " }, "JobName":{ "shape":"JobName", - "documentation":"

    This parameter limits the response to the export job with the specified job name.

    " + "documentation":"

    Limits the response to the export job with the specified job name.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    This parameter limits the response to the export jobs with the specified job status.

    " + "documentation":"

    Limits the response to export jobs with the specified job status.

    " }, "SubmittedBefore":{ "shape":"Timestamp", - "documentation":"

    This parameter limits the response to FHIR export jobs submitted before a user specified date.

    " + "documentation":"

    Limits the response to FHIR export jobs submitted before a user- specified date.

    " }, "SubmittedAfter":{ "shape":"Timestamp", - "documentation":"

    This parameter limits the response to FHIR export jobs submitted after a user specified date.

    " + "documentation":"

    Limits the response to FHIR export jobs submitted after a user-specified date.

    " } } }, @@ -913,11 +917,11 @@ "members":{ "ExportJobPropertiesList":{ "shape":"ExportJobPropertiesList", - "documentation":"

    The properties of listed FHIR export jobs, including the ID, ARN, name, and the status of the job.

    " + "documentation":"

    The properties of listed FHIR export jobs.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    A pagination token used to identify the next page of results to return for a ListFHIRExportJobs query.

    " + "documentation":"

    The pagination token used to identify the next page of results to return.

    " } } }, @@ -927,31 +931,31 @@ "members":{ "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    This parameter limits the response to the import job with the specified data store ID.

    " + "documentation":"

    Limits the response to the import job with the specified data store ID.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    A pagination token used to identify the next page of results to return for a ListFHIRImportJobs query.

    " + "documentation":"

    The pagination token used to identify the next page of results to return.

    " }, "MaxResults":{ "shape":"MaxResultsInteger", - "documentation":"

    This parameter limits the number of results returned for a ListFHIRImportJobs to a maximum quantity specified by the user.

    " + "documentation":"

    Limits the number of results returned for ListFHIRImportJobs to a maximum quantity specified by the user.

    " }, "JobName":{ "shape":"JobName", - "documentation":"

    This parameter limits the response to the import job with the specified job name.

    " + "documentation":"

    Limits the response to the import job with the specified job name.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    This parameter limits the response to the import job with the specified job status.

    " + "documentation":"

    Limits the response to the import job with the specified job status.

    " }, "SubmittedBefore":{ "shape":"Timestamp", - "documentation":"

    This parameter limits the response to FHIR import jobs submitted before a user specified date.

    " + "documentation":"

    Limits the response to FHIR import jobs submitted before a user- specified date.

    " }, "SubmittedAfter":{ "shape":"Timestamp", - "documentation":"

    This parameter limits the response to FHIR import jobs submitted after a user specified date.

    " + "documentation":"

    Limits the response to FHIR import jobs submitted after a user-specified date.

    " } } }, @@ -961,11 +965,11 @@ "members":{ "ImportJobPropertiesList":{ "shape":"ImportJobPropertiesList", - "documentation":"

    The properties of a listed FHIR import jobs, including the ID, ARN, name, the status of the job, and the progress report of the job.

    " + "documentation":"

    The properties for listed import jobs.

    " }, "NextToken":{ "shape":"NextToken", - "documentation":"

    A pagination token used to identify the next page of results to return for a ListFHIRImportJobs query.

    " + "documentation":"

    The pagination token used to identify the next page of results to return.

    " } } }, @@ -975,7 +979,7 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name(ARN) of the data store for which tags are being added.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the data store to which tags are being added.

    " } } }, @@ -984,7 +988,7 @@ "members":{ "Tags":{ "shape":"TagList", - "documentation":"

    Returns a list of tags associated with a data store.

    " + "documentation":"

    Returns a list of tags associated with a data store.

    " } } }, @@ -1009,10 +1013,10 @@ "members":{ "S3Configuration":{ "shape":"S3Configuration", - "documentation":"

    The output data configuration that was supplied when the export job was created.

    " + "documentation":"

    The output data configuration supplied when the export job was created.

    " } }, - "documentation":"

    The output data configuration that was supplied when the export job was created.

    ", + "documentation":"

    The output data configuration supplied when the export job was created.

    ", "union":true }, "PreloadDataConfig":{ @@ -1024,7 +1028,7 @@ "documentation":"

    The type of preloaded data. Only Synthea preloaded data is supported.

    " } }, - "documentation":"

    The input properties for the preloaded data store. Only data preloaded from Synthea is supported.

    " + "documentation":"

    The input properties for the preloaded (Synthea) data store.

    " }, "PreloadDataType":{ "type":"string", @@ -1035,7 +1039,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The requested data store was not found.

    ", + "documentation":"

    The requested data store was not found.

    ", "exception":true }, "S3Configuration":{ @@ -1047,14 +1051,14 @@ "members":{ "S3Uri":{ "shape":"S3Uri", - "documentation":"

    The S3Uri is the user specified S3 location of the FHIR data to be imported into AWS HealthLake.

    " + "documentation":"

    The S3Uri is the user-specified S3 location of the FHIR data to be imported into AWS HealthLake.

    " }, "KmsKeyId":{ "shape":"EncryptionKeyID", - "documentation":"

    The KMS key ID used to access the S3 bucket.

    " + "documentation":"

    The Key Management Service (KMS) key ID used to access the S3 bucket.

    " } }, - "documentation":"

    The configuration of the S3 bucket for either an import or export job. This includes assigning permissions for access.

    " + "documentation":"

    The configuration of the S3 bucket for either an import or export job. This includes assigning access permissions.

    " }, "S3Uri":{ "type":"string", @@ -1067,10 +1071,10 @@ "members":{ "KmsEncryptionConfig":{ "shape":"KmsEncryptionConfig", - "documentation":"

    The KMS encryption configuration used to provide details for data encryption.

    " + "documentation":"

    The Key Management Service (KMS) encryption configuration used to provide details for data encryption.

    " } }, - "documentation":"

    The server-side encryption key configuration for a customer provided encryption key.

    " + "documentation":"

    The server-side encryption key configuration for a customer-provided encryption key.

    " }, "StartFHIRExportJobRequest":{ "type":"structure", @@ -1082,23 +1086,23 @@ "members":{ "JobName":{ "shape":"JobName", - "documentation":"

    The user generated name for an export job.

    " + "documentation":"

    The export job name.

    " }, "OutputDataConfig":{ "shape":"OutputDataConfig", - "documentation":"

    The output data configuration that was supplied when the export job was created.

    " + "documentation":"

    The output data configuration supplied when the export job was started.

    " }, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS generated ID for the data store from which files are being exported for an export job.

    " + "documentation":"

    The data store identifier from which files are being exported.

    " }, "DataAccessRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name used during the initiation of the job.

    " + "documentation":"

    The Amazon Resource Name (ARN) used during initiation of the export job.

    " }, "ClientToken":{ "shape":"ClientTokenString", - "documentation":"

    An optional user provided token used for ensuring idempotency.

    ", + "documentation":"

    An optional user provided token used for ensuring API idempotency.

    ", "idempotencyToken":true } } @@ -1112,15 +1116,15 @@ "members":{ "JobId":{ "shape":"JobId", - "documentation":"

    The AWS generated ID for an export job.

    " + "documentation":"

    The export job identifier.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    The status of a FHIR export job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, or FAILED.

    " + "documentation":"

    The export job status.

    " }, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS generated ID for the data store from which files are being exported for an export job.

    " + "documentation":"

    The data store identifier from which files are being exported.

    " } } }, @@ -1135,25 +1139,29 @@ "members":{ "JobName":{ "shape":"JobName", - "documentation":"

    The name of the FHIR Import job in the StartFHIRImport job request.

    " + "documentation":"

    The import job name.

    " }, "InputDataConfig":{ "shape":"InputDataConfig", - "documentation":"

    The input properties of the FHIR Import job in the StartFHIRImport job request.

    " + "documentation":"

    The input properties for the import job request.

    " }, "JobOutputDataConfig":{"shape":"OutputDataConfig"}, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated data store ID.

    " + "documentation":"

    The data store identifier.

    " }, "DataAccessRoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) that gives AWS HealthLake access permission.

    " + "documentation":"

    The Amazon Resource Name (ARN) that grants access permission to AWS HealthLake.

    " }, "ClientToken":{ "shape":"ClientTokenString", - "documentation":"

    Optional user provided token used for ensuring idempotency.

    ", + "documentation":"

    The optional user-provided token used for ensuring API idempotency.

    ", "idempotencyToken":true + }, + "ValidationLevel":{ + "shape":"ValidationLevel", + "documentation":"

    The validation level of the import job.

    " } } }, @@ -1166,15 +1174,15 @@ "members":{ "JobId":{ "shape":"JobId", - "documentation":"

    The AWS-generated job ID.

    " + "documentation":"

    The import job identifier.

    " }, "JobStatus":{ "shape":"JobStatus", - "documentation":"

    The status of an import job.

    " + "documentation":"

    The import job status.

    " }, "DatastoreId":{ "shape":"DatastoreId", - "documentation":"

    The AWS-generated data store ID.

    " + "documentation":"

    The data store identifier.

    " } } }, @@ -1192,14 +1200,14 @@ "members":{ "Key":{ "shape":"TagKey", - "documentation":"

    The key portion of a tag. Tag keys are case sensitive.

    " + "documentation":"

    The key portion of a tag. Tag keys are case sensitive.

    " }, "Value":{ "shape":"TagValue", - "documentation":"

    The value portion of a tag. Tag values are case sensitive.

    " + "documentation":"

    The value portion of a tag. Tag values are case-sensitive.

    " } }, - "documentation":"

    A tag is a label consisting of a user-defined key and value. The form for tags is {\"Key\", \"Value\"}

    " + "documentation":"

    A label consisting of a user-defined key and value. The form for tags is {\"Key\", \"Value\"}

    " }, "TagKey":{ "type":"string", @@ -1228,18 +1236,17 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name(ARN)that gives AWS HealthLake access to the data store which tags are being added to.

    " + "documentation":"

    The Amazon Resource Name (ARN) that grants access to the data store tags are being added to.

    " }, "Tags":{ "shape":"TagList", - "documentation":"

    The user specified key and value pair tags being added to a data store.

    " + "documentation":"

    The user-specified key and value pair tags being added to a data store.

    " } } }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1265,18 +1272,17 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name(ARN) of the data store for which tags are being removed.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the data store from which tags are being removed.

    " }, "TagKeys":{ "shape":"TagKeyList", - "documentation":"

    The keys for the tags to be removed from the HealthLake data store.

    " + "documentation":"

    The keys for the tags to be removed from the data store.

    " } } }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -1285,7 +1291,15 @@ }, "documentation":"

    The user input parameter was invalid.

    ", "exception":true + }, + "ValidationLevel":{ + "type":"string", + "enum":[ + "strict", + "structure-only", + "minimal" + ] } }, - "documentation":"

    AWS HealthLake is a HIPAA eligibile service that allows customers to store, transform, query, and analyze their FHIR-formatted data in a consistent fashion in the cloud.

    " + "documentation":"

    This is the AWS HealthLake API Reference. For an introduction to the service, see What is AWS HealthLake? in the AWS HealthLake Developer Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/waiters-2.json 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/waiters-2.json --- 2.23.6-1/awscli/botocore/data/healthlake/2017-07-01/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/healthlake/2017-07-01/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,105 @@ +{ + "version": 2, + "waiters": { + "FHIRDatastoreActive": { + "operation": "DescribeFHIRDatastore", + "delay": 60, + "maxAttempts": 360, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "DatastoreProperties.DatastoreStatus", + "expected": "ACTIVE" + }, + { + "state": "failure", + "matcher": "path", + "argument": "DatastoreProperties.DatastoreStatus", + "expected": "CREATE_FAILED" + }, + { + "state": "failure", + "matcher": "path", + "argument": "DatastoreProperties.DatastoreStatus", + "expected": "DELETED" + } + ] + }, + "FHIRDatastoreDeleted": { + "operation": "DescribeFHIRDatastore", + "delay": 120, + "maxAttempts": 360, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "DatastoreProperties.DatastoreStatus", + "expected": "DELETED" + } + ] + }, + "FHIRExportJobCompleted": { + "operation": "DescribeFHIRExportJob", + "delay": 120, + "maxAttempts": 360, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "ExportJobProperties.JobStatus", + "expected": "COMPLETED" + }, + { + "state": "success", + "matcher": "path", + "argument": "ExportJobProperties.JobStatus", + "expected": "COMPLETED_WITH_ERRORS" + }, + { + "state": "failure", + "matcher": "path", + "argument": "ExportJobProperties.JobStatus", + "expected": "CANCEL_COMPLETED" + }, + { + "state": "failure", + "matcher": "path", + "argument": "ExportJobProperties.JobStatus", + "expected": "FAILED" + }, + { + "state": "failure", + "matcher": "path", + "argument": "ExportJobProperties.JobStatus", + "expected": "CANCEL_FAILED" + } + ] + }, + "FHIRImportJobCompleted": { + "operation": "DescribeFHIRImportJob", + "delay": 120, + "maxAttempts": 720, + "acceptors": [ + { + "state": "success", + "matcher": "path", + "argument": "ImportJobProperties.JobStatus", + "expected": "COMPLETED" + }, + { + "state": "success", + "matcher": "path", + "argument": "ImportJobProperties.JobStatus", + "expected": "COMPLETED_WITH_ERRORS" + }, + { + "state": "failure", + "matcher": "path", + "argument": "ImportJobProperties.JobStatus", + "expected": "FAILED" + } + ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/iam/2010-05-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iam/2010-05-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iam/2010-05-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iam/2010-05-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,611 +57,772 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://iam.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam-fips.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://iam-fips.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-cn" ] }, - "aws-cn" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.cn-north-1.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "cn-north-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://iam.global.api.amazonwebservices.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-north-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-cn" ] }, - "aws-us-gov" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-gov-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://iam.cn-north-1.amazonaws.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-north-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-us-gov" ] }, - "aws-us-gov" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-gov-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://iam.us-gov.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-us-gov" ] }, - "aws-iso" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.us-iso-east-1.c2s.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-iso-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://iam.us-gov.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-us-gov" ] }, - "aws-iso-b" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-isob-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://iam.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "name" + true ] }, - "aws-iso-e" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] }, - false - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.eu-isoe-west-1.cloud.adc-e.uk", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "eu-isoe-west-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "name" + false ] }, - "aws-iso-f" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam.us-iso-east-1.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] }, - false - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://iam.us-isof-south-1.csp.hci.ic.gov", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "iam", - "signingRegion": "us-isof-south-1" + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://iam-fips.us-iso-east-1.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-iso-b" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam-fips.us-isob-east-1.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-iso-e" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://iam.eu-isoe-west-1.cloud.adc-e.uk", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + }, { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam.us-isof-south-1.csp.hci.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -669,105 +830,293 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://iam.eusc-de-east-1.amazonaws.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://iam-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam-fips.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://iam.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://iam.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://iam.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://iam.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/iam/2010-05-08/service-2.json 2.31.35-1/awscli/botocore/data/iam/2010-05-08/service-2.json --- 2.23.6-1/awscli/botocore/data/iam/2010-05-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iam/2010-05-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -23,6 +23,7 @@ }, "input":{"shape":"AddClientIDToOpenIDConnectProviderRequest"}, "errors":[ + {"shape":"ConcurrentModificationException"}, {"shape":"InvalidInputException"}, {"shape":"NoSuchEntityException"}, {"shape":"LimitExceededException"}, @@ -44,7 +45,7 @@ {"shape":"UnmodifiableEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.

    The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.

    For more information about roles, see IAM roles in the IAM User Guide. For more information about instance profiles, see Using instance profiles in the IAM User Guide.

    " + "documentation":"

    Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.

    The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.

    When using the iam:AssociatedResourceArn condition in a policy to restrict the PassRole IAM action, special considerations apply if the policy is intended to define access for the AddRoleToInstanceProfile action. In this case, you cannot specify a Region or instance ID in the EC2 instance ARN. The ARN value must be arn:aws:ec2:*:CallerAccountId:instance/*. Using any other ARN value may lead to unexpected evaluation results.

    For more information about roles, see IAM roles in the IAM User Guide. For more information about instance profiles, see Using instance profiles in the IAM User Guide.

    " }, "AddUserToGroup":{ "name":"AddUserToGroup", @@ -124,7 +125,7 @@ {"shape":"PasswordPolicyViolationException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Changes the password of the IAM user who is calling this operation. This operation can be performed using the CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services Management Console. The Amazon Web Services account root user password is not affected by this operation.

    Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.

    " + "documentation":"

    Changes the password of the IAM user who is calling this operation. This operation can be performed using the CLI, the Amazon Web Services API, or the My Security Credentials page in the Amazon Web Services Management Console. The Amazon Web Services account root user password is not affected by this operation.

    Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.

    " }, "CreateAccessKey":{ "name":"CreateAccessKey", @@ -159,6 +160,26 @@ ], "documentation":"

    Creates an alias for your Amazon Web Services account. For information about using an Amazon Web Services account alias, see Creating, deleting, and listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide.

    " }, + "CreateDelegationRequest":{ + "name":"CreateDelegationRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateDelegationRequestRequest"}, + "output":{ + "shape":"CreateDelegationRequestResponse", + "resultWrapper":"CreateDelegationRequestResult" + }, + "errors":[ + {"shape":"EntityAlreadyExistsException"}, + {"shape":"ServiceFailureException"}, + {"shape":"InvalidInputException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"

    This API is currently unavailable for general use.

    " + }, "CreateGroup":{ "name":"CreateGroup", "http":{ @@ -216,7 +237,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Amazon Web Services Management Console.

    You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Amazon Web Services Management Console.

    For more information about managing passwords, see Managing passwords in the IAM User Guide.

    " + "documentation":"

    Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Amazon Web Services Management Console.

    You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Amazon Web Services Management Console.

    For more information about managing passwords, see Managing passwords in the IAM User Guide.

    " }, "CreateOpenIDConnectProvider":{ "name":"CreateOpenIDConnectProvider", @@ -237,7 +258,7 @@ {"shape":"ServiceFailureException"}, {"shape":"OpenIdIdpCommunicationErrorException"} ], - "documentation":"

    Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

    The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.

    If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.

    When you create the IAM OIDC provider, you specify the following:

    • The URL of the OIDC identity provider (IdP) to trust

    • A list of client IDs (also known as audiences) that identify the application or applications allowed to authenticate using the OIDC provider

    • A list of tags that are attached to the specified IAM OIDC provider

    • A list of thumbprints of one or more server certificates that the IdP uses

    You get all of this information from the OIDC IdP you want to use to access Amazon Web Services.

    Amazon Web Services secures communication with OIDC identity providers (IdPs) using our library of trusted root certificate authorities (CAs) to verify the JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a certificate that is not signed by one of these trusted CAs, only then we secure communication using the thumbprints set in the IdP's configuration.

    The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.

    " + "documentation":"

    Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

    The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.

    If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.

    When you create the IAM OIDC provider, you specify the following:

    • The URL of the OIDC identity provider (IdP) to trust

    • A list of client IDs (also known as audiences) that identify the application or applications allowed to authenticate using the OIDC provider

    • A list of tags that are attached to the specified IAM OIDC provider

    • A list of thumbprints of one or more server certificates that the IdP uses

    You get all of this information from the OIDC IdP you want to use to access Amazon Web Services.

    Amazon Web Services secures communication with OIDC identity providers (IdPs) using our library of trusted root certificate authorities (CAs) to verify the JSON Web Key Set (JWKS) endpoint's TLS certificate. If your OIDC IdP relies on a certificate that is not signed by one of these trusted CAs, only then we secure communication using the thumbprints set in the IdP's configuration.

    The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.

    " }, "CreatePolicy":{ "name":"CreatePolicy", @@ -278,7 +299,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

    Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.

    For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

    " + "documentation":"

    Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

    Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.

    For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

    " }, "CreateRole":{ "name":"CreateRole", @@ -356,7 +377,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceNotSupportedException"} ], - "documentation":"

    Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

    You can have a maximum of two sets of service-specific credentials for each supported service per user.

    You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

    You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

    For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.

    " + "documentation":"

    Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

    You can have a maximum of two sets of service-specific credentials for each supported service per user.

    You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).

    You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

    For more information about service-specific credentials, see Service-specific credentials for IAM users in the IAM User Guide.

    " }, "CreateUser":{ "name":"CreateUser", @@ -397,7 +418,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

    For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.

    The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your Amazon Web Services access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

    " + "documentation":"

    Creates a new virtual MFA device for the Amazon Web Services account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

    For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.

    The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your Amazon Web Services access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

    " }, "DeactivateMFADevice":{ "name":"DeactivateMFADevice", @@ -484,7 +505,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM group.

    A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM group.

    A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "DeleteInstanceProfile":{ "name":"DeleteInstanceProfile", @@ -514,7 +535,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the password for the specified IAM user, For more information, see Managing passwords for IAM users.

    You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Amazon Web Services Management Console.

    Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

    " + "documentation":"

    Deletes the password for the specified IAM user or root user, For more information, see Managing passwords for IAM users.

    You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Amazon Web Services Management Console.

    Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

    " }, "DeleteOpenIDConnectProvider":{ "name":"DeleteOpenIDConnectProvider", @@ -544,7 +565,7 @@ {"shape":"DeleteConflictException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified managed policy.

    Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition, you must delete all the policy's versions. The following steps describe the process for deleting a managed policy:

    • Detach the policy from all users, groups, and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy.

    • Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process.

    • Delete the policy (this automatically deletes the policy's default version) using this operation.

    For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Deletes the specified managed policy.

    Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition, you must delete all the policy's versions. The following steps describe the process for deleting a managed policy:

    • Detach the policy from all users, groups, and roles that the policy is attached to, using DetachUserPolicy, DetachGroupPolicy, or DetachRolePolicy. To list all the users, groups, and roles that a policy is attached to, use ListEntitiesForPolicy.

    • Delete all versions of the policy using DeletePolicyVersion. To list the policy's versions, use ListPolicyVersions. You cannot use DeletePolicyVersion to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process.

    • Delete the policy (this automatically deletes the policy's default version) using this operation.

    For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "DeletePolicyVersion":{ "name":"DeletePolicyVersion", @@ -560,7 +581,7 @@ {"shape":"DeleteConflictException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified version from the specified managed policy.

    You cannot delete the default version from a policy using this operation. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

    For information about versions for managed policies, see Versioning for managed policies in the IAM User Guide.

    " + "documentation":"

    Deletes the specified version from the specified managed policy.

    You cannot delete the default version from a policy using this operation. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

    For information about versions for managed policies, see Versioning for managed policies in the IAM User Guide.

    " }, "DeleteRole":{ "name":"DeleteRole", @@ -577,7 +598,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role programmatically, you must delete the items attached to the role manually, or the deletion fails. For more information, see Deleting an IAM role. Before attempting to delete a role, remove the following attached items:

    Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.

    " + "documentation":"

    Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role programmatically, you must delete the items attached to the role manually, or the deletion fails. For more information, see Deleting an IAM role. Before attempting to delete a role, remove the following attached items:

    Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.

    " }, "DeleteRolePermissionsBoundary":{ "name":"DeleteRolePermissionsBoundary", @@ -606,7 +627,7 @@ {"shape":"UnmodifiableEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM role.

    A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM role.

    A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "DeleteSAMLProvider":{ "name":"DeleteSAMLProvider", @@ -666,7 +687,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.

    If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.

    For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.

    " + "documentation":"

    Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.

    If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.

    For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.

    " }, "DeleteServiceSpecificCredential":{ "name":"DeleteServiceSpecificCredential", @@ -709,7 +730,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:

    " + "documentation":"

    Deletes the specified IAM user. Unlike the Amazon Web Services Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:

    " }, "DeleteUserPermissionsBoundary":{ "name":"DeleteUserPermissionsBoundary", @@ -736,7 +757,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM user.

    A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Deletes the specified inline policy that is embedded in the specified IAM user.

    A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "DeleteVirtualMFADevice":{ "name":"DeleteVirtualMFADevice", @@ -752,7 +773,7 @@ {"shape":"ServiceFailureException"}, {"shape":"ConcurrentModificationException"} ], - "documentation":"

    Deletes a virtual MFA device.

    You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.

    " + "documentation":"

    Deletes a virtual MFA device.

    You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.

    " }, "DetachGroupPolicy":{ "name":"DetachGroupPolicy", @@ -767,7 +788,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Removes the specified managed policy from the specified IAM group.

    A group can also have inline policies embedded with it. To delete an inline policy, use DeleteGroupPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Removes the specified managed policy from the specified IAM group.

    A group can also have inline policies embedded with it. To delete an inline policy, use DeleteGroupPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "DetachRolePolicy":{ "name":"DetachRolePolicy", @@ -783,7 +804,7 @@ {"shape":"UnmodifiableEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Removes the specified managed policy from the specified role.

    A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Removes the specified managed policy from the specified role.

    A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "DetachUserPolicy":{ "name":"DetachUserPolicy", @@ -798,7 +819,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Removes the specified managed policy from the specified user.

    A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Removes the specified managed policy from the specified user.

    A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "DisableOrganizationsRootCredentialsManagement":{ "name":"DisableOrganizationsRootCredentialsManagement", @@ -817,7 +838,7 @@ {"shape":"OrganizationNotFoundException"}, {"shape":"OrganizationNotInAllFeaturesModeException"} ], - "documentation":"

    Disables the management of privileged root user credentials across member accounts in your organization. When you disable this feature, the management account and the delegated admininstrator for IAM can no longer manage root user credentials for member accounts in your organization.

    " + "documentation":"

    Disables the management of privileged root user credentials across member accounts in your organization. When you disable this feature, the management account and the delegated administrator for IAM can no longer manage root user credentials for member accounts in your organization.

    " }, "DisableOrganizationsRootSessions":{ "name":"DisableOrganizationsRootSessions", @@ -836,7 +857,7 @@ {"shape":"OrganizationNotFoundException"}, {"shape":"OrganizationNotInAllFeaturesModeException"} ], - "documentation":"

    Disables root user sessions for privileged tasks across member accounts in your organization. When you disable this feature, the management account and the delegated admininstrator for IAM can no longer perform privileged tasks on member accounts in your organization.

    " + "documentation":"

    Disables root user sessions for privileged tasks across member accounts in your organization. When you disable this feature, the management account and the delegated administrator for IAM can no longer perform privileged tasks on member accounts in your organization.

    " }, "EnableMFADevice":{ "name":"EnableMFADevice", @@ -874,7 +895,7 @@ {"shape":"OrganizationNotInAllFeaturesModeException"}, {"shape":"CallerIsNotManagementAccountException"} ], - "documentation":"

    Enables the management of privileged root user credentials across member accounts in your organization. When you enable root credentials management for centralized root access, the management account and the delegated admininstrator for IAM can manage root user credentials for member accounts in your organization.

    Before you enable centralized root access, you must have an account configured with the following settings:

    • You must manage your Amazon Web Services accounts in Organizations.

    • Enable trusted access for Identity and Access Management in Organizations. For details, see IAM and Organizations in the Organizations User Guide.

    " + "documentation":"

    Enables the management of privileged root user credentials across member accounts in your organization. When you enable root credentials management for centralized root access, the management account and the delegated administrator for IAM can manage root user credentials for member accounts in your organization.

    Before you enable centralized root access, you must have an account configured with the following settings:

    • You must manage your Amazon Web Services accounts in Organizations.

    • Enable trusted access for Identity and Access Management in Organizations. For details, see IAM and Organizations in the Organizations User Guide.

    " }, "EnableOrganizationsRootSessions":{ "name":"EnableOrganizationsRootSessions", @@ -926,7 +947,7 @@ "errors":[ {"shape":"ReportGenerationLimitExceededException"} ], - "documentation":"

    Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.

    To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

    You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.

    You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.

    For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.

    The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

    This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.

    To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.

    • Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.

    • OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.

    • management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.

    • Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.

    To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.

    • Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.

    • OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.

    • management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.

    • Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.

    Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

    " + "documentation":"

    Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.

    To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

    You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.

    You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.

    For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.

    The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

    This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.

    To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.

    • Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.

    • OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.

    • management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.

    • Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.

    To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.

    • Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.

    • OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.

    • management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.

    • Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.

    Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

    " }, "GenerateServiceLastAccessedDetails":{ "name":"GenerateServiceLastAccessedDetails", @@ -943,7 +964,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for at least the last 400 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last accessed information is displayed, see IAM action last accessed information services and actions.

    The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

    The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:

    • GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.

      The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    • GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.

    To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.

    For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.

    Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

    " + "documentation":"

    Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for at least the last 400 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last accessed information is displayed, see IAM action last accessed information services and actions.

    The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

    The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:

    • GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.

      The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    • GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.

    To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.

    For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.

    Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

    " }, "GetAccessKeyLastUsed":{ "name":"GetAccessKeyLastUsed", @@ -972,7 +993,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

    " + "documentation":"

    Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

    " }, "GetAccountPasswordPolicy":{ "name":"GetAccountPasswordPolicy", @@ -1019,7 +1040,7 @@ "errors":[ {"shape":"InvalidInputException"} ], - "documentation":"

    Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

    " + "documentation":"

    Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

    " }, "GetContextKeysForPrincipalPolicy":{ "name":"GetContextKeysForPrincipalPolicy", @@ -1036,7 +1057,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

    You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.

    Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

    " + "documentation":"

    Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

    You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.

    Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

    " }, "GetCredentialReport":{ "name":"GetCredentialReport", @@ -1088,7 +1109,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves the specified inline policy document that is embedded in the specified IAM group.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Retrieves the specified inline policy document that is embedded in the specified IAM group.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "GetInstanceProfile":{ "name":"GetInstanceProfile", @@ -1173,7 +1194,7 @@ "errors":[ {"shape":"NoSuchEntityException"} ], - "documentation":"

    Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.

    Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.

    To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

    For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.

    By default, the list is sorted by service namespace.

    " + "documentation":"

    Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.

    Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.

    To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

    For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.

    By default, the list is sorted by service namespace.

    " }, "GetPolicy":{ "name":"GetPolicy", @@ -1191,7 +1212,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion.

    This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion.

    This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "GetPolicyVersion":{ "name":"GetPolicyVersion", @@ -1209,7 +1230,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves information about the specified version of the specified managed policy, including the policy document.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    To list the available versions for a policy, use ListPolicyVersions.

    This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

    For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.

    For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

    " + "documentation":"

    Retrieves information about the specified version of the specified managed policy, including the policy document.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    To list the available versions for a policy, use ListPolicyVersions.

    This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

    For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.

    For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

    " }, "GetRole":{ "name":"GetRole", @@ -1226,7 +1247,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see IAM roles in the IAM User Guide.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    " + "documentation":"

    Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see IAM roles in the IAM User Guide.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    " }, "GetRolePolicy":{ "name":"GetRolePolicy", @@ -1243,7 +1264,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves the specified inline policy document that is embedded with the specified IAM role.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    For more information about roles, see IAM roles in the IAM User Guide.

    " + "documentation":"

    Retrieves the specified inline policy document that is embedded with the specified IAM role.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    For more information about roles, see IAM roles in the IAM User Guide.

    " }, "GetSAMLProvider":{ "name":"GetSAMLProvider", @@ -1347,7 +1368,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service.

    " + "documentation":"

    Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service.

    " }, "GetUser":{ "name":"GetUser", @@ -1381,7 +1402,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Retrieves the specified inline policy document that is embedded in the specified IAM user.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version. Then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Retrieves the specified inline policy document that is embedded in the specified IAM user.

    Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.

    An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version. Then use GetPolicyVersion to retrieve the policy document.

    For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "ListAccessKeys":{ "name":"ListAccessKeys", @@ -1414,7 +1435,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For information about using an Amazon Web Services account alias, see Creating, deleting, and listing an Amazon Web Services account alias in the Amazon Web Services Sign-In User Guide.

    " + "documentation":"

    Lists the account alias associated with the Amazon Web Services account (Note: you can have only one). For information about using an Amazon Web Services account alias, see Creating, deleting, and listing an Amazon Web Services account alias in the IAM User Guide.

    " }, "ListAttachedGroupPolicies":{ "name":"ListAttachedGroupPolicies", @@ -1432,7 +1453,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists all managed policies that are attached to the specified IAM group.

    An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

    " + "documentation":"

    Lists all managed policies that are attached to the specified IAM group.

    An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

    " }, "ListAttachedRolePolicies":{ "name":"ListAttachedRolePolicies", @@ -1450,7 +1471,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists all managed policies that are attached to the specified IAM role.

    An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

    " + "documentation":"

    Lists all managed policies that are attached to the specified IAM role.

    An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

    " }, "ListAttachedUserPolicies":{ "name":"ListAttachedUserPolicies", @@ -1468,7 +1489,7 @@ {"shape":"InvalidInputException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists all managed policies that are attached to the specified IAM user.

    An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

    " + "documentation":"

    Lists all managed policies that are attached to the specified IAM user.

    An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

    " }, "ListEntitiesForPolicy":{ "name":"ListEntitiesForPolicy", @@ -1503,7 +1524,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the names of the inline policies that are embedded in the specified IAM group.

    An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified group, the operation returns an empty list.

    " + "documentation":"

    Lists the names of the inline policies that are embedded in the specified IAM group.

    An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a group, use ListAttachedGroupPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified group, the operation returns an empty list.

    " }, "ListGroups":{ "name":"ListGroups", @@ -1569,7 +1590,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the instance profiles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about instance profiles, see Using instance profiles in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an instance profile, see GetInstanceProfile.

    You can paginate the results using the MaxItems and Marker parameters.

    " + "documentation":"

    Lists the instance profiles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about instance profiles, see Using instance profiles in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an instance profile, see GetInstanceProfile.

    You can paginate the results using the MaxItems and Marker parameters.

    " }, "ListInstanceProfilesForRole":{ "name":"ListInstanceProfilesForRole", @@ -1655,7 +1676,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the Amazon Web Services account.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.

    " + "documentation":"

    Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the Amazon Web Services account.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.

    " }, "ListOrganizationsFeatures":{ "name":"ListOrganizationsFeatures", @@ -1690,7 +1711,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

    You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your Amazon Web Services account, set Scope to Local. To list only Amazon Web Services managed policies, set Scope to AWS.

    You can paginate the results using the MaxItems and Marker parameters.

    For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.

    " + "documentation":"

    Lists all the managed policies that are available in your Amazon Web Services account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

    You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your Amazon Web Services account, set Scope to Local. To list only Amazon Web Services managed policies, set Scope to AWS.

    You can paginate the results using the MaxItems and Marker parameters.

    For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.

    " }, "ListPoliciesGrantingServiceAccess":{ "name":"ListPoliciesGrantingServiceAccess", @@ -1707,7 +1728,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.

    This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    The list of policies returned by the operation depends on the ARN of the identity that you provide.

    • User – The list of policies includes the managed and inline policies that are attached to the user directly. The list also includes any additional managed and inline policies that are attached to the group to which the user belongs.

    • Group – The list of policies includes only the managed and inline policies that are attached to the group directly. Policies that are attached to the group’s user are not included.

    • Role – The list of policies includes only the managed and inline policies that are attached to the role.

    For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

    Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.

    " + "documentation":"

    Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.

    This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

    The list of policies returned by the operation depends on the ARN of the identity that you provide.

    • User – The list of policies includes the managed and inline policies that are attached to the user directly. The list also includes any additional managed and inline policies that are attached to the group to which the user belongs.

    • Group – The list of policies includes only the managed and inline policies that are attached to the group directly. Policies that are attached to the group’s user are not included.

    • Role – The list of policies includes only the managed and inline policies that are attached to the role.

    For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

    Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.

    " }, "ListPolicyTags":{ "name":"ListPolicyTags", @@ -1760,7 +1781,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the names of the inline policies that are embedded in the specified IAM role.

    An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the operation returns an empty list.

    " + "documentation":"

    Lists the names of the inline policies that are embedded in the specified IAM role.

    An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the operation returns an empty list.

    " }, "ListRoleTags":{ "name":"ListRoleTags", @@ -1793,7 +1814,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about roles, see IAM roles in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. This operation does not return the following attributes, even though they are an attribute of the returned object:

    • PermissionsBoundary

    • RoleLastUsed

    • Tags

    To view all of the information for a role, see GetRole.

    You can paginate the results using the MaxItems and Marker parameters.

    " + "documentation":"

    Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about roles, see IAM roles in the IAM User Guide.

    IAM resource-listing operations return a subset of the available attributes for the resource. This operation does not return the following attributes, even though they are an attribute of the returned object:

    • PermissionsBoundary

    • RoleLastUsed

    • Tags

    To view all of the information for a role, see GetRole.

    You can paginate the results using the MaxItems and Marker parameters.

    " }, "ListSAMLProviderTags":{ "name":"ListSAMLProviderTags", @@ -1827,7 +1848,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the SAML provider resource objects defined in IAM in the account. IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a SAML provider, see GetSAMLProvider.

    This operation requires Signature Version 4.

    " + "documentation":"

    Lists the SAML provider resource objects defined in IAM in the account. IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a SAML provider, see GetSAMLProvider.

    This operation requires Signature Version 4.

    " }, "ListSSHPublicKeys":{ "name":"ListSSHPublicKeys", @@ -1876,7 +1897,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.

    You can paginate the results using the MaxItems and Marker parameters.

    For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.

    " + "documentation":"

    Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.

    You can paginate the results using the MaxItems and Marker parameters.

    For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.

    " }, "ListServiceSpecificCredentials":{ "name":"ListServiceSpecificCredentials", @@ -1927,7 +1948,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the names of the inline policies embedded in the specified IAM user.

    An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.

    " + "documentation":"

    Lists the names of the inline policies embedded in the specified IAM user.

    An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

    You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.

    " }, "ListUserTags":{ "name":"ListUserTags", @@ -1960,7 +1981,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the Amazon Web Services account. If there are none, the operation returns an empty list.

    IAM resource-listing operations return a subset of the available attributes for the resource. This operation does not return the following attributes, even though they are an attribute of the returned object:

    • PermissionsBoundary

    • Tags

    To view all of the information for a user, see GetUser.

    You can paginate the results using the MaxItems and Marker parameters.

    " + "documentation":"

    Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the Amazon Web Services account. If there are none, the operation returns an empty list.

    IAM resource-listing operations return a subset of the available attributes for the resource. This operation does not return the following attributes, even though they are an attribute of the returned object:

    • PermissionsBoundary

    • Tags

    To view all of the information for a user, see GetUser.

    You can paginate the results using the MaxItems and Marker parameters.

    " }, "ListVirtualMFADevices":{ "name":"ListVirtualMFADevices", @@ -1973,7 +1994,7 @@ "shape":"ListVirtualMFADevicesResponse", "resultWrapper":"ListVirtualMFADevicesResult" }, - "documentation":"

    Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view tag information for a virtual MFA device, see ListMFADeviceTags.

    You can paginate the results using the MaxItems and Marker parameters.

    " + "documentation":"

    Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

    IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view tag information for a virtual MFA device, see ListMFADeviceTags.

    You can paginate the results using the MaxItems and Marker parameters.

    " }, "PutGroupPolicy":{ "name":"PutGroupPolicy", @@ -2060,6 +2081,7 @@ }, "input":{"shape":"RemoveClientIDFromOpenIDConnectProviderRequest"}, "errors":[ + {"shape":"ConcurrentModificationException"}, {"shape":"InvalidInputException"}, {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} @@ -2140,7 +2162,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Sets the specified version of the specified policy as the policy's default (operative) version.

    This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy.

    For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Sets the specified version of the specified policy as the policy's default (operative) version.

    This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy.

    For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "SetSecurityTokenServicePreferences":{ "name":"SetSecurityTokenServicePreferences", @@ -2152,7 +2174,7 @@ "errors":[ {"shape":"ServiceFailureException"} ], - "documentation":"

    Sets the specified version of the global endpoint token as the token version used for the Amazon Web Services account.

    By default, Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see Security Token Service endpoints and quotas in the Amazon Web Services General Reference.

    If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in Amazon Web Services Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an Amazon Web Services Region in the IAM User Guide.

    To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.

    " + "documentation":"

    Sets the specified version of the global endpoint token as the token version used for the Amazon Web Services account.

    By default, Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see Security Token Service endpoints and quotas in the Amazon Web Services General Reference.

    If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in Amazon Web Services Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an Amazon Web Services Region in the IAM User Guide.

    To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.

    " }, "SimulateCustomPolicy":{ "name":"SimulateCustomPolicy", @@ -2169,7 +2191,7 @@ {"shape":"InvalidInputException"}, {"shape":"PolicyEvaluationException"} ], - "documentation":"

    Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The policies are provided as strings.

    The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.

    If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

    Context keys are variables that are maintained by Amazon Web Services and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.

    If the output is long, you can use MaxItems and Marker parameters to paginate the results.

    The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend that you check your policies against your live Amazon Web Services environment after testing using the policy simulator to confirm that you have the desired results. For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

    " + "documentation":"

    Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The policies are provided as strings.

    The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.

    If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

    Context keys are variables that are maintained by Amazon Web Services and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.

    If the output is long, you can use MaxItems and Marker parameters to paginate the results.

    The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend that you check your policies against your live Amazon Web Services environment after testing using the policy simulator to confirm that you have the desired results. For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

    " }, "SimulatePrincipalPolicy":{ "name":"SimulatePrincipalPolicy", @@ -2187,7 +2209,7 @@ {"shape":"InvalidInputException"}, {"shape":"PolicyEvaluationException"} ], - "documentation":"

    Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.

    You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.

    You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation for IAM users only.

    The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.

    Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.

    If the output is long, you can use the MaxItems and Marker parameters to paginate the results.

    The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend that you check your policies against your live Amazon Web Services environment after testing using the policy simulator to confirm that you have the desired results. For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

    " + "documentation":"

    Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.

    You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.

    You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation for IAM users only.

    The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.

    Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.

    Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.

    If the output is long, you can use the MaxItems and Marker parameters to paginate the results.

    The IAM policy simulator evaluates statements in the identity-based policy and the inputs that you provide during simulation. The policy simulator results can differ from your live Amazon Web Services environment. We recommend that you check your policies against your live Amazon Web Services environment after testing using the policy simulator to confirm that you have the desired results. For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

    " }, "TagInstanceProfile":{ "name":"TagInstanceProfile", @@ -2445,7 +2467,8 @@ "errors":[ {"shape":"NoSuchEntityException"}, {"shape":"LimitExceededException"}, - {"shape":"ServiceFailureException"} + {"shape":"ServiceFailureException"}, + {"shape":"InvalidInputException"} ], "documentation":"

    Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

    If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

    For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

    " }, @@ -2509,7 +2532,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Amazon Web Services Management Console.

    For more information about modifying passwords, see Managing passwords in the IAM User Guide.

    " + "documentation":"

    Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Amazon Web Services Management Console.

    For more information about modifying passwords, see Managing passwords in the IAM User Guide.

    " }, "UpdateOpenIDConnectProviderThumbprint":{ "name":"UpdateOpenIDConnectProviderThumbprint", @@ -2519,6 +2542,7 @@ }, "input":{"shape":"UpdateOpenIDConnectProviderThumbprintRequest"}, "errors":[ + {"shape":"ConcurrentModificationException"}, {"shape":"InvalidInputException"}, {"shape":"NoSuchEntityException"}, {"shape":"ServiceFailureException"} @@ -2559,7 +2583,7 @@ {"shape":"UnmodifiableEntityException"}, {"shape":"ServiceFailureException"} ], - "documentation":"

    Use UpdateRole instead.

    Modifies only the description of a role. This operation performs the same function as the Description parameter in the UpdateRole operation.

    " + "documentation":"

    Use UpdateRole instead.

    Modifies only the description of a role. This operation performs the same function as the Description parameter in the UpdateRole operation.

    " }, "UpdateSAMLProvider":{ "name":"UpdateSAMLProvider", @@ -2576,9 +2600,10 @@ {"shape":"NoSuchEntityException"}, {"shape":"InvalidInputException"}, {"shape":"LimitExceededException"}, - {"shape":"ServiceFailureException"} + {"shape":"ServiceFailureException"}, + {"shape":"ConcurrentModificationException"} ], - "documentation":"

    Updates the metadata document for an existing SAML provider resource object.

    This operation requires Signature Version 4.

    " + "documentation":"

    Updates the metadata document, SAML encryption settings, and private keys for an existing SAML provider. To rotate private keys, add your new private key and then remove the old key in a separate request.

    " }, "UpdateSSHPublicKey":{ "name":"UpdateSSHPublicKey", @@ -2588,7 +2613,8 @@ }, "input":{"shape":"UpdateSSHPublicKeyRequest"}, "errors":[ - {"shape":"NoSuchEntityException"} + {"shape":"NoSuchEntityException"}, + {"shape":"InvalidInputException"} ], "documentation":"

    Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.

    The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

    " }, @@ -2629,7 +2655,8 @@ "errors":[ {"shape":"NoSuchEntityException"}, {"shape":"LimitExceededException"}, - {"shape":"ServiceFailureException"} + {"shape":"ServiceFailureException"}, + {"shape":"InvalidInputException"} ], "documentation":"

    Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.

    If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.

    " }, @@ -2756,7 +2783,7 @@ "documentation":"

    The number of accounts with authenticated principals (root user, IAM users, and IAM roles) that attempted to access the service in the tracking period.

    " } }, - "documentation":"

    An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.

    This data type is a response element in the GetOrganizationsAccessReport operation.

    " + "documentation":"

    An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.

    This data type is a response element in the GetOrganizationsAccessReport operation.

    " }, "AccessDetails":{ "type":"list", @@ -2792,7 +2819,7 @@ "documentation":"

    The date when the access key was created.

    " } }, - "documentation":"

    Contains information about an Amazon Web Services access key.

    This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

    The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

    " + "documentation":"

    Contains information about an Amazon Web Services access key.

    This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

    The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

    " }, "AccessKeyLastUsed":{ "type":"structure", @@ -2814,7 +2841,7 @@ "documentation":"

    The Amazon Web Services Region where this access key was most recently used. The value for this field is \"N/A\" in the following situations:

    • The user does not have an access key.

    • An access key exists but has not been used since IAM began tracking this information.

    • There is no sign-in data associated with the user.

    For more information about Amazon Web Services Regions, see Regions and endpoints in the Amazon Web Services General Reference.

    " } }, - "documentation":"

    Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

    This data type is used as a response element in the GetAccessKeyLastUsed operation.

    " + "documentation":"

    Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

    This data type is used as a response element in the GetAccessKeyLastUsed operation.

    " }, "AccessKeyMetadata":{ "type":"structure", @@ -2836,12 +2863,11 @@ "documentation":"

    The date when the access key was created.

    " } }, - "documentation":"

    Contains information about an Amazon Web Services access key, without its secret key.

    This data type is used as a response element in the ListAccessKeys operation.

    " + "documentation":"

    Contains information about an Amazon Web Services access key, without its secret key.

    This data type is used as a response element in the ListAccessKeys operation.

    " }, "AccountNotManagementOrDelegatedAdministratorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was rejected because the account making the request is not the management account or delegated administrator account for centralized root access.

    ", "exception":true }, @@ -2863,7 +2889,7 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    " }, "ClientID":{ "shape":"clientIDType", @@ -2983,7 +3009,7 @@ }, "PolicyArn":{"shape":"arnType"} }, - "documentation":"

    Contains information about an attached policy.

    An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about an attached policy.

    An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the ListAttachedGroupPolicies, ListAttachedRolePolicies, ListAttachedUserPolicies, and GetAccountAuthorizationDetails operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "BootstrapDatum":{ "type":"blob", @@ -2991,8 +3017,7 @@ }, "CallerIsNotManagementAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was rejected because the account making the request is not the management account for the organization.

    ", "exception":true }, @@ -3061,7 +3086,7 @@ "documentation":"

    The data type of the value (or values) specified in the ContextKeyValues parameter.

    " } }, - "documentation":"

    Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.

    This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.

    " + "documentation":"

    Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the Condition elements of the input policies.

    This data type is used as an input parameter to SimulateCustomPolicy and SimulatePrincipalPolicy.

    " }, "ContextEntryListType":{ "type":"list", @@ -3116,7 +3141,7 @@ "documentation":"

    A structure with details about the access key.

    " } }, - "documentation":"

    Contains the response to a successful CreateAccessKey request.

    " + "documentation":"

    Contains the response to a successful CreateAccessKey request.

    " }, "CreateAccountAliasRequest":{ "type":"structure", @@ -3128,6 +3153,67 @@ } } }, + "CreateDelegationRequestRequest":{ + "type":"structure", + "required":[ + "Description", + "Permissions", + "RequestorWorkflowId", + "NotificationChannel", + "SessionDuration" + ], + "members":{ + "OwnerAccountId":{ + "shape":"accountIdType", + "documentation":"

    " + }, + "Description":{ + "shape":"delegationRequestDescriptionType", + "documentation":"

    " + }, + "Permissions":{ + "shape":"DelegationPermission", + "documentation":"

    " + }, + "RequestMessage":{ + "shape":"requestMessageType", + "documentation":"

    " + }, + "RequestorWorkflowId":{ + "shape":"requestorWorkflowIdType", + "documentation":"

    " + }, + "RedirectUrl":{ + "shape":"redirectUrlType", + "documentation":"

    " + }, + "NotificationChannel":{ + "shape":"notificationChannelType", + "documentation":"

    " + }, + "SessionDuration":{ + "shape":"sessionDurationType", + "documentation":"

    " + }, + "OnlySendByOwner":{ + "shape":"booleanType", + "documentation":"

    " + } + } + }, + "CreateDelegationRequestResponse":{ + "type":"structure", + "members":{ + "ConsoleDeepLink":{ + "shape":"consoleDeepLinkType", + "documentation":"

    " + }, + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"

    " + } + } + }, "CreateGroupRequest":{ "type":"structure", "required":["GroupName"], @@ -3151,7 +3237,7 @@ "documentation":"

    A structure containing details about the new group.

    " } }, - "documentation":"

    Contains the response to a successful CreateGroup request.

    " + "documentation":"

    Contains the response to a successful CreateGroup request.

    " }, "CreateInstanceProfileRequest":{ "type":"structure", @@ -3180,7 +3266,7 @@ "documentation":"

    A structure containing details about the new instance profile.

    " } }, - "documentation":"

    Contains the response to a successful CreateInstanceProfile request.

    " + "documentation":"

    Contains the response to a successful CreateInstanceProfile request.

    " }, "CreateLoginProfileRequest":{ "type":"structure", @@ -3208,7 +3294,7 @@ "documentation":"

    A structure containing the user name and password create date.

    " } }, - "documentation":"

    Contains the response to a successful CreateLoginProfile request.

    " + "documentation":"

    Contains the response to a successful CreateLoginProfile request.

    " }, "CreateOpenIDConnectProviderRequest":{ "type":"structure", @@ -3237,14 +3323,14 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.

    " }, "Tags":{ "shape":"tagListType", "documentation":"

    A list of tags that are attached to the new IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains the response to a successful CreateOpenIDConnectProvider request.

    " + "documentation":"

    Contains the response to a successful CreateOpenIDConnectProvider request.

    " }, "CreatePolicyRequest":{ "type":"structure", @@ -3283,7 +3369,7 @@ "documentation":"

    A structure containing details about the new policy.

    " } }, - "documentation":"

    Contains the response to a successful CreatePolicy request.

    " + "documentation":"

    Contains the response to a successful CreatePolicy request.

    " }, "CreatePolicyVersionRequest":{ "type":"structure", @@ -3314,7 +3400,7 @@ "documentation":"

    A structure containing details about the new policy version.

    " } }, - "documentation":"

    Contains the response to a successful CreatePolicyVersion request.

    " + "documentation":"

    Contains the response to a successful CreatePolicyVersion request.

    " }, "CreateRoleRequest":{ "type":"structure", @@ -3362,7 +3448,7 @@ "documentation":"

    A structure containing details about the new role.

    " } }, - "documentation":"

    Contains the response to a successful CreateRole request.

    " + "documentation":"

    Contains the response to a successful CreateRole request.

    " }, "CreateSAMLProviderRequest":{ "type":"structure", @@ -3382,6 +3468,14 @@ "Tags":{ "shape":"tagListType", "documentation":"

    A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

    " + }, + "AssertionEncryptionMode":{ + "shape":"assertionEncryptionModeType", + "documentation":"

    Specifies the encryption setting for the SAML provider.

    " + }, + "AddPrivateKey":{ + "shape":"privateKeyType", + "documentation":"

    The private key generated from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.

    " } } }, @@ -3397,7 +3491,7 @@ "documentation":"

    A list of tags that are attached to the new IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains the response to a successful CreateSAMLProvider request.

    " + "documentation":"

    Contains the response to a successful CreateSAMLProvider request.

    " }, "CreateServiceLinkedRoleRequest":{ "type":"structure", @@ -3422,7 +3516,7 @@ "members":{ "Role":{ "shape":"Role", - "documentation":"

    A Role object that contains details about the newly created role.

    " + "documentation":"

    A Role object that contains details about the newly created role.

    " } } }, @@ -3440,6 +3534,10 @@ "ServiceName":{ "shape":"serviceName", "documentation":"

    The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

    " + }, + "CredentialAgeDays":{ + "shape":"credentialAgeDays", + "documentation":"

    The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.

    " } } }, @@ -3448,7 +3546,7 @@ "members":{ "ServiceSpecificCredential":{ "shape":"ServiceSpecificCredential", - "documentation":"

    A structure that contains information about the newly created service-specific credential.

    This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.

    " + "documentation":"

    A structure that contains information about the newly created service-specific credential.

    This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.

    " } } }, @@ -3482,7 +3580,7 @@ "documentation":"

    A structure with details about the new IAM user.

    " } }, - "documentation":"

    Contains the response to a successful CreateUser request.

    " + "documentation":"

    Contains the response to a successful CreateUser request.

    " }, "CreateVirtualMFADeviceRequest":{ "type":"structure", @@ -3511,14 +3609,14 @@ "documentation":"

    A structure containing details about the new virtual MFA device.

    " } }, - "documentation":"

    Contains the response to a successful CreateVirtualMFADevice request.

    " + "documentation":"

    Contains the response to a successful CreateVirtualMFADevice request.

    " }, "CredentialReportExpiredException":{ "type":"structure", "members":{ "message":{"shape":"credentialReportExpiredExceptionMessage"} }, - "documentation":"

    The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reports in the IAM User Guide.

    ", + "documentation":"

    The request was rejected because the most recent credential report has expired. To generate a new credential report, use GenerateCredentialReport. For more information about credential report expiration, see Getting credential reports in the IAM User Guide.

    ", "error":{ "code":"ReportExpired", "httpStatusCode":410, @@ -3531,7 +3629,7 @@ "members":{ "message":{"shape":"credentialReportNotPresentExceptionMessage"} }, - "documentation":"

    The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.

    ", + "documentation":"

    The request was rejected because the credential report does not exist. To generate a credential report, use GenerateCredentialReport.

    ", "error":{ "code":"ReportNotPresent", "httpStatusCode":410, @@ -3566,6 +3664,17 @@ } } }, + "DelegationPermission":{ + "type":"structure", + "members":{ + "PolicyTemplateArn":{"shape":"arnType"}, + "Parameters":{ + "shape":"policyParameterListType", + "documentation":"

    " + } + }, + "documentation":"

    " + }, "DeleteAccessKeyRequest":{ "type":"structure", "required":["AccessKeyId"], @@ -3655,7 +3764,7 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders operation.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders operation.

    " } } }, @@ -3790,7 +3899,7 @@ }, "ServiceSpecificCredentialId":{ "shape":"serviceSpecificCredentialId", - "documentation":"

    The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.

    This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

    " + "documentation":"

    The unique identifier of the service-specific credential. You can get this value by calling ListServiceSpecificCredentials.

    This parameter allows (through its regex pattern) a string of characters that can consist of any upper or lowercased letter or digit.

    " } } }, @@ -3867,7 +3976,7 @@ "documentation":"

    A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the Region in which the resources are being used.

    " } }, - "documentation":"

    The reason that the service-linked role deletion failed.

    This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

    " + "documentation":"

    The reason that the service-linked role deletion failed.

    This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

    " }, "DeletionTaskIdType":{ "type":"string", @@ -3936,8 +4045,7 @@ }, "DisableOrganizationsRootCredentialsManagementRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableOrganizationsRootCredentialsManagementResponse":{ "type":"structure", @@ -3954,8 +4062,7 @@ }, "DisableOrganizationsRootSessionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableOrganizationsRootSessionsResponse":{ "type":"structure", @@ -4025,8 +4132,7 @@ }, "EnableOrganizationsRootCredentialsManagementRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableOrganizationsRootCredentialsManagementResponse":{ "type":"structure", @@ -4043,8 +4149,7 @@ }, "EnableOrganizationsRootSessionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableOrganizationsRootSessionsResponse":{ "type":"structure", @@ -4085,7 +4190,7 @@ "documentation":"

    The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.

    This field is null if no IAM entities attempted to access the service within the tracking period.

    " } }, - "documentation":"

    An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

    This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

    " + "documentation":"

    An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

    This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

    " }, "EntityInfo":{ "type":"structure", @@ -4114,7 +4219,7 @@ "documentation":"

    The path to the entity (user or role). For more information about paths, see IAM identifiers in the IAM User Guide.

    " } }, - "documentation":"

    Contains details about the specified entity (user or role).

    This data type is an element of the EntityDetails object.

    " + "documentation":"

    Contains details about the specified entity (user or role).

    This data type is an element of the EntityDetails object.

    " }, "EntityTemporarilyUnmodifiableException":{ "type":"structure", @@ -4155,7 +4260,7 @@ "documentation":"

    The error code associated with the operation failure.

    " } }, - "documentation":"

    Contains information about the reason that the operation failed.

    This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.

    " + "documentation":"

    Contains information about the reason that the operation failed.

    This data type is used as a response element in the GetOrganizationsAccessReport, GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities operations.

    " }, "EvalDecisionDetailsType":{ "type":"map", @@ -4192,7 +4297,7 @@ }, "MissingContextValues":{ "shape":"ContextKeyNamesResultListType", - "documentation":"

    A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is \"*\", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

    " + "documentation":"

    A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is \"*\", either explicitly, or when the ResourceArns parameter blank. If you include a list of resources, then any missing context values are instead included under the ResourceSpecificResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

    " }, "OrganizationsDecisionDetail":{ "shape":"OrganizationsDecisionDetail", @@ -4211,7 +4316,7 @@ "documentation":"

    The individual results of the simulation of the API operation specified in EvalActionName on each resource.

    " } }, - "documentation":"

    Contains the results of a simulation.

    This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy .

    " + "documentation":"

    Contains the results of a simulation.

    This data type is used by the return parameter of SimulateCustomPolicy and SimulatePrincipalPolicy .

    " }, "EvaluationResultsListType":{ "type":"list", @@ -4240,7 +4345,7 @@ "documentation":"

    Information about the credential report.

    " } }, - "documentation":"

    Contains the response to a successful GenerateCredentialReport request.

    " + "documentation":"

    Contains the response to a successful GenerateCredentialReport request.

    " }, "GenerateOrganizationsAccessReportRequest":{ "type":"structure", @@ -4261,7 +4366,7 @@ "members":{ "JobId":{ "shape":"jobIDType", - "documentation":"

    The job identifier that you can use in the GetOrganizationsAccessReport operation.

    " + "documentation":"

    The job identifier that you can use in the GetOrganizationsAccessReport operation.

    " } } }, @@ -4284,7 +4389,7 @@ "members":{ "JobId":{ "shape":"jobIDType", - "documentation":"

    The JobId that you can use in the GetServiceLastAccessedDetails or GetServiceLastAccessedDetailsWithEntities operations. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    " + "documentation":"

    The JobId that you can use in the GetServiceLastAccessedDetails or GetServiceLastAccessedDetailsWithEntities operations. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    " } } }, @@ -4310,7 +4415,7 @@ "documentation":"

    Contains information about the last time the access key was used.

    " } }, - "documentation":"

    Contains the response to a successful GetAccessKeyLastUsed request. It is also returned as a member of the AccessKeyMetaData structure returned by the ListAccessKeys action.

    " + "documentation":"

    Contains the response to a successful GetAccessKeyLastUsed request. It is also returned as a member of the AccessKeyMetaData structure returned by the ListAccessKeys action.

    " }, "GetAccountAuthorizationDetailsRequest":{ "type":"structure", @@ -4357,7 +4462,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful GetAccountAuthorizationDetails request.

    " + "documentation":"

    Contains the response to a successful GetAccountAuthorizationDetails request.

    " }, "GetAccountPasswordPolicyResponse":{ "type":"structure", @@ -4368,7 +4473,7 @@ "documentation":"

    A structure that contains details about the account's password policy.

    " } }, - "documentation":"

    Contains the response to a successful GetAccountPasswordPolicy request.

    " + "documentation":"

    Contains the response to a successful GetAccountPasswordPolicy request.

    " }, "GetAccountSummaryResponse":{ "type":"structure", @@ -4378,7 +4483,7 @@ "documentation":"

    A set of key–value pairs containing information about IAM entity usage and IAM quotas.

    " } }, - "documentation":"

    Contains the response to a successful GetAccountSummary request.

    " + "documentation":"

    Contains the response to a successful GetAccountSummary request.

    " }, "GetContextKeysForCustomPolicyRequest":{ "type":"structure", @@ -4398,7 +4503,7 @@ "documentation":"

    The list of context keys that are referenced in the input policies.

    " } }, - "documentation":"

    Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request.

    " + "documentation":"

    Contains the response to a successful GetContextKeysForPrincipalPolicy or GetContextKeysForCustomPolicy request.

    " }, "GetContextKeysForPrincipalPolicyRequest":{ "type":"structure", @@ -4430,7 +4535,7 @@ "documentation":"

    The date and time when the credential report was created, in ISO 8601 date-time format.

    " } }, - "documentation":"

    Contains the response to a successful GetCredentialReport request.

    " + "documentation":"

    Contains the response to a successful GetCredentialReport request.

    " }, "GetGroupPolicyRequest":{ "type":"structure", @@ -4470,7 +4575,7 @@ "documentation":"

    The policy document.

    IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

    " } }, - "documentation":"

    Contains the response to a successful GetGroupPolicy request.

    " + "documentation":"

    Contains the response to a successful GetGroupPolicy request.

    " }, "GetGroupRequest":{ "type":"structure", @@ -4514,7 +4619,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful GetGroup request.

    " + "documentation":"

    Contains the response to a successful GetGroup request.

    " }, "GetInstanceProfileRequest":{ "type":"structure", @@ -4535,7 +4640,7 @@ "documentation":"

    A structure containing details about the instance profile.

    " } }, - "documentation":"

    Contains the response to a successful GetInstanceProfile request.

    " + "documentation":"

    Contains the response to a successful GetInstanceProfile request.

    " }, "GetLoginProfileRequest":{ "type":"structure", @@ -4555,7 +4660,7 @@ "documentation":"

    A structure containing the user name and the profile creation date for the user.

    " } }, - "documentation":"

    Contains the response to a successful GetLoginProfile request.

    " + "documentation":"

    Contains the response to a successful GetLoginProfile request.

    " }, "GetMFADeviceRequest":{ "type":"structure", @@ -4599,7 +4704,7 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " } } }, @@ -4608,15 +4713,15 @@ "members":{ "Url":{ "shape":"OpenIDConnectProviderUrlType", - "documentation":"

    The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.

    " + "documentation":"

    The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.

    " }, "ClientIDList":{ "shape":"clientIDListType", - "documentation":"

    A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.

    " + "documentation":"

    A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.

    " }, "ThumbprintList":{ "shape":"thumbprintListType", - "documentation":"

    A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.

    " + "documentation":"

    A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see CreateOpenIDConnectProvider.

    " }, "CreateDate":{ "shape":"dateType", @@ -4627,7 +4732,7 @@ "documentation":"

    A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains the response to a successful GetOpenIDConnectProvider request.

    " + "documentation":"

    Contains the response to a successful GetOpenIDConnectProvider request.

    " }, "GetOrganizationsAccessReportRequest":{ "type":"structure", @@ -4635,7 +4740,7 @@ "members":{ "JobId":{ "shape":"jobIDType", - "documentation":"

    The identifier of the request generated by the GenerateOrganizationsAccessReport operation.

    " + "documentation":"

    The identifier of the request generated by the GenerateOrganizationsAccessReport operation.

    " }, "MaxItems":{ "shape":"maxItemsType", @@ -4711,7 +4816,7 @@ "documentation":"

    A structure containing details about the policy.

    " } }, - "documentation":"

    Contains the response to a successful GetPolicy request.

    " + "documentation":"

    Contains the response to a successful GetPolicy request.

    " }, "GetPolicyVersionRequest":{ "type":"structure", @@ -4738,7 +4843,7 @@ "documentation":"

    A structure containing details about the policy version.

    " } }, - "documentation":"

    Contains the response to a successful GetPolicyVersion request.

    " + "documentation":"

    Contains the response to a successful GetPolicyVersion request.

    " }, "GetRolePolicyRequest":{ "type":"structure", @@ -4778,7 +4883,7 @@ "documentation":"

    The policy document.

    IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

    " } }, - "documentation":"

    Contains the response to a successful GetRolePolicy request.

    " + "documentation":"

    Contains the response to a successful GetRolePolicy request.

    " }, "GetRoleRequest":{ "type":"structure", @@ -4799,7 +4904,7 @@ "documentation":"

    A structure containing details about the IAM role.

    " } }, - "documentation":"

    Contains the response to a successful GetRole request.

    " + "documentation":"

    Contains the response to a successful GetRole request.

    " }, "GetSAMLProviderRequest":{ "type":"structure", @@ -4814,6 +4919,10 @@ "GetSAMLProviderResponse":{ "type":"structure", "members":{ + "SAMLProviderUUID":{ + "shape":"privateKeyIdType", + "documentation":"

    The unique identifier assigned to the SAML provider.

    " + }, "SAMLMetadataDocument":{ "shape":"SAMLMetadataDocumentType", "documentation":"

    The XML metadata document that includes information about an identity provider.

    " @@ -4829,9 +4938,17 @@ "Tags":{ "shape":"tagListType", "documentation":"

    A list of tags that are attached to the specified IAM SAML provider. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " + }, + "AssertionEncryptionMode":{ + "shape":"assertionEncryptionModeType", + "documentation":"

    Specifies the encryption setting for the SAML provider.

    " + }, + "PrivateKeyList":{ + "shape":"privateKeyList", + "documentation":"

    The private key metadata for the SAML provider.

    " } }, - "documentation":"

    Contains the response to a successful GetSAMLProvider request.

    " + "documentation":"

    Contains the response to a successful GetSAMLProvider request.

    " }, "GetSSHPublicKeyRequest":{ "type":"structure", @@ -4863,7 +4980,7 @@ "documentation":"

    A structure containing details about the SSH public key.

    " } }, - "documentation":"

    Contains the response to a successful GetSSHPublicKey request.

    " + "documentation":"

    Contains the response to a successful GetSSHPublicKey request.

    " }, "GetServerCertificateRequest":{ "type":"structure", @@ -4884,7 +5001,7 @@ "documentation":"

    A structure containing details about the server certificate.

    " } }, - "documentation":"

    Contains the response to a successful GetServerCertificate request.

    " + "documentation":"

    Contains the response to a successful GetServerCertificate request.

    " }, "GetServiceLastAccessedDetailsRequest":{ "type":"structure", @@ -4892,7 +5009,7 @@ "members":{ "JobId":{ "shape":"jobIDType", - "documentation":"

    The ID of the request generated by the GenerateServiceLastAccessedDetails operation. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    " + "documentation":"

    The ID of the request generated by the GenerateServiceLastAccessedDetails operation. The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.

    " }, "MaxItems":{ "shape":"maxItemsType", @@ -5017,7 +5134,7 @@ "members":{ "DeletionTaskId":{ "shape":"DeletionTaskIdType", - "documentation":"

    The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.

    " + "documentation":"

    The deletion task identifier. This identifier is returned by the DeleteServiceLinkedRole operation in the format task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>.

    " } } }, @@ -5073,7 +5190,7 @@ "documentation":"

    The policy document.

    IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

    " } }, - "documentation":"

    Contains the response to a successful GetUserPolicy request.

    " + "documentation":"

    Contains the response to a successful GetUserPolicy request.

    " }, "GetUserRequest":{ "type":"structure", @@ -5093,7 +5210,7 @@ "documentation":"

    A structure containing details about the IAM user.

    Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.

    You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to Amazon Web Services in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access Amazon Web Services programmatically you can refer to access key last used information because it is accurate for all dates.

    " } }, - "documentation":"

    Contains the response to a successful GetUser request.

    " + "documentation":"

    Contains the response to a successful GetUser request.

    " }, "Group":{ "type":"structure", @@ -5126,7 +5243,7 @@ "documentation":"

    The date and time, in ISO 8601 date-time format, when the group was created.

    " } }, - "documentation":"

    Contains information about an IAM group entity.

    This data type is used as a response element in the following operations:

    " + "documentation":"

    Contains information about an IAM group entity.

    This data type is used as a response element in the following operations:

    " }, "GroupDetail":{ "type":"structure", @@ -5157,7 +5274,7 @@ "documentation":"

    A list of the managed policies attached to the group.

    " } }, - "documentation":"

    Contains information about an IAM group, including all of the group's policies.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " + "documentation":"

    Contains information about an IAM group, including all of the group's policies.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " }, "InstanceProfile":{ "type":"structure", @@ -5199,7 +5316,7 @@ "documentation":"

    A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about an instance profile.

    This data type is used as a response element in the following operations:

    " + "documentation":"

    Contains information about an instance profile.

    This data type is used as a response element in the following operations:

    " }, "InvalidAuthenticationCodeException":{ "type":"structure", @@ -5327,7 +5444,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListAccessKeys request.

    " + "documentation":"

    Contains the response to a successful ListAccessKeys request.

    " }, "ListAccountAliasesRequest":{ "type":"structure", @@ -5359,7 +5476,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListAccountAliases request.

    " + "documentation":"

    Contains the response to a successful ListAccountAliases request.

    " }, "ListAttachedGroupPoliciesRequest":{ "type":"structure", @@ -5399,7 +5516,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListAttachedGroupPolicies request.

    " + "documentation":"

    Contains the response to a successful ListAttachedGroupPolicies request.

    " }, "ListAttachedRolePoliciesRequest":{ "type":"structure", @@ -5439,7 +5556,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListAttachedRolePolicies request.

    " + "documentation":"

    Contains the response to a successful ListAttachedRolePolicies request.

    " }, "ListAttachedUserPoliciesRequest":{ "type":"structure", @@ -5479,7 +5596,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListAttachedUserPolicies request.

    " + "documentation":"

    Contains the response to a successful ListAttachedUserPolicies request.

    " }, "ListEntitiesForPolicyRequest":{ "type":"structure", @@ -5535,7 +5652,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListEntitiesForPolicy request.

    " + "documentation":"

    Contains the response to a successful ListEntitiesForPolicy request.

    " }, "ListGroupPoliciesRequest":{ "type":"structure", @@ -5572,7 +5689,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListGroupPolicies request.

    " + "documentation":"

    Contains the response to a successful ListGroupPolicies request.

    " }, "ListGroupsForUserRequest":{ "type":"structure", @@ -5609,7 +5726,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListGroupsForUser request.

    " + "documentation":"

    Contains the response to a successful ListGroupsForUser request.

    " }, "ListGroupsRequest":{ "type":"structure", @@ -5645,7 +5762,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListGroups request.

    " + "documentation":"

    Contains the response to a successful ListGroups request.

    " }, "ListInstanceProfileTagsRequest":{ "type":"structure", @@ -5718,7 +5835,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListInstanceProfilesForRole request.

    " + "documentation":"

    Contains the response to a successful ListInstanceProfilesForRole request.

    " }, "ListInstanceProfilesRequest":{ "type":"structure", @@ -5754,7 +5871,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListInstanceProfiles request.

    " + "documentation":"

    Contains the response to a successful ListInstanceProfiles request.

    " }, "ListMFADeviceTagsRequest":{ "type":"structure", @@ -5826,7 +5943,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListMFADevices request.

    " + "documentation":"

    Contains the response to a successful ListMFADevices request.

    " }, "ListOpenIDConnectProviderTagsRequest":{ "type":"structure", @@ -5866,8 +5983,7 @@ }, "ListOpenIDConnectProvidersRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ListOpenIDConnectProvidersResponse":{ "type":"structure", @@ -5877,12 +5993,11 @@ "documentation":"

    The list of IAM OIDC provider resource objects defined in the Amazon Web Services account.

    " } }, - "documentation":"

    Contains the response to a successful ListOpenIDConnectProviders request.

    " + "documentation":"

    Contains the response to a successful ListOpenIDConnectProviders request.

    " }, "ListOrganizationsFeaturesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ListOrganizationsFeaturesResponse":{ "type":"structure", @@ -5909,7 +6024,7 @@ "documentation":"

    The PoliciesGrantingServiceAccess object that contains details about the policy.

    " } }, - "documentation":"

    Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

    This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.

    " + "documentation":"

    Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

    This data type is used as a response element in the ListPoliciesGrantingServiceAccess operation.

    " }, "ListPoliciesGrantingServiceAccessRequest":{ "type":"structure", @@ -5995,7 +6110,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListPolicies request.

    " + "documentation":"

    Contains the response to a successful ListPolicies request.

    " }, "ListPolicyTagsRequest":{ "type":"structure", @@ -6067,7 +6182,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListPolicyVersions request.

    " + "documentation":"

    Contains the response to a successful ListPolicyVersions request.

    " }, "ListRolePoliciesRequest":{ "type":"structure", @@ -6104,7 +6219,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListRolePolicies request.

    " + "documentation":"

    Contains the response to a successful ListRolePolicies request.

    " }, "ListRoleTagsRequest":{ "type":"structure", @@ -6176,7 +6291,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListRoles request.

    " + "documentation":"

    Contains the response to a successful ListRoles request.

    " }, "ListSAMLProviderTagsRequest":{ "type":"structure", @@ -6216,8 +6331,7 @@ }, "ListSAMLProvidersRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ListSAMLProvidersResponse":{ "type":"structure", @@ -6227,7 +6341,7 @@ "documentation":"

    The list of SAML provider resource objects defined in IAM for this Amazon Web Services account.

    " } }, - "documentation":"

    Contains the response to a successful ListSAMLProviders request.

    " + "documentation":"

    Contains the response to a successful ListSAMLProviders request.

    " }, "ListSSHPublicKeysRequest":{ "type":"structure", @@ -6262,7 +6376,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListSSHPublicKeys request.

    " + "documentation":"

    Contains the response to a successful ListSSHPublicKeys request.

    " }, "ListServerCertificateTagsRequest":{ "type":"structure", @@ -6334,7 +6448,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListServerCertificates request.

    " + "documentation":"

    Contains the response to a successful ListServerCertificates request.

    " }, "ListServiceSpecificCredentialsRequest":{ "type":"structure", @@ -6346,6 +6460,18 @@ "ServiceName":{ "shape":"serviceName", "documentation":"

    Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services.

    " + }, + "AllUsers":{ + "shape":"allUsers", + "documentation":"

    A flag indicating whether to list service specific credentials for all users. This parameter cannot be specified together with UserName. When true, returns all credentials associated with the specified service.

    " + }, + "Marker":{ + "shape":"markerType", + "documentation":"

    Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker from the response that you received to indicate where the next call should start.

    " + }, + "MaxItems":{ + "shape":"maxItemsType", + "documentation":"

    Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

    " } } }, @@ -6355,6 +6481,14 @@ "ServiceSpecificCredentials":{ "shape":"ServiceSpecificCredentialsListType", "documentation":"

    A list of structures that each contain details about a service-specific credential.

    " + }, + "Marker":{ + "shape":"responseMarkerType", + "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " + }, + "IsTruncated":{ + "shape":"booleanType", + "documentation":"

    A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.

    " } } }, @@ -6392,7 +6526,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListSigningCertificates request.

    " + "documentation":"

    Contains the response to a successful ListSigningCertificates request.

    " }, "ListUserPoliciesRequest":{ "type":"structure", @@ -6429,7 +6563,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListUserPolicies request.

    " + "documentation":"

    Contains the response to a successful ListUserPolicies request.

    " }, "ListUserTagsRequest":{ "type":"structure", @@ -6501,7 +6635,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListUsers request.

    " + "documentation":"

    Contains the response to a successful ListUsers request.

    " }, "ListVirtualMFADevicesRequest":{ "type":"structure", @@ -6537,7 +6671,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful ListVirtualMFADevices request.

    " + "documentation":"

    Contains the response to a successful ListVirtualMFADevices request.

    " }, "LoginProfile":{ "type":"structure", @@ -6559,7 +6693,7 @@ "documentation":"

    Specifies whether the user is required to set a new password on next sign-in.

    " } }, - "documentation":"

    Contains the user name and password create date for a user.

    This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.

    " + "documentation":"

    Contains the user name and password create date for a user.

    This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.

    " }, "MFADevice":{ "type":"structure", @@ -6582,7 +6716,7 @@ "documentation":"

    The date when the MFA device was enabled for the user.

    " } }, - "documentation":"

    Contains information about an MFA device.

    This data type is used as a response element in the ListMFADevices operation.

    " + "documentation":"

    Contains information about an MFA device.

    This data type is used as a response element in the ListMFADevices operation.

    " }, "MalformedCertificateException":{ "type":"structure", @@ -6659,7 +6793,7 @@ "documentation":"

    A list containing information about the versions of the policy.

    " } }, - "documentation":"

    Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

    " }, "ManagedPolicyDetailListType":{ "type":"list", @@ -6716,15 +6850,13 @@ }, "OrganizationNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was rejected because no organization is associated with your account.

    ", "exception":true }, "OrganizationNotInAllFeaturesModeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was rejected because your organization does not have All features enabled. For more information, see Available feature sets in the Organizations User Guide.

    ", "exception":true }, @@ -6782,7 +6914,7 @@ "documentation":"

    Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired. The IAM user cannot access the console until an administrator resets the password. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.

    " } }, - "documentation":"

    Contains information about the account password policy.

    This data type is used as a response element in the GetAccountPasswordPolicy operation.

    " + "documentation":"

    Contains information about the account password policy.

    This data type is used as a response element in the GetAccountPasswordPolicy operation.

    " }, "PasswordPolicyViolationException":{ "type":"structure", @@ -6845,7 +6977,7 @@ }, "Description":{ "shape":"policyDescriptionType", - "documentation":"

    A friendly description of the policy.

    This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

    " + "documentation":"

    A friendly description of the policy.

    This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

    " }, "CreateDate":{ "shape":"dateType", @@ -6860,7 +6992,7 @@ "documentation":"

    A list of tags that are attached to the instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about a managed policy.

    This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a managed policy.

    This data type is used as a response element in the CreatePolicy, GetPolicy, and ListPolicies operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "PolicyDetail":{ "type":"structure", @@ -6874,7 +7006,7 @@ "documentation":"

    The policy document.

    " } }, - "documentation":"

    Contains information about an IAM policy, including the policy document.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " + "documentation":"

    Contains information about an IAM policy, including the policy document.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " }, "PolicyEvaluationDecisionType":{ "type":"string", @@ -6921,7 +7053,7 @@ "documentation":"

    The name of the entity (user or role) to which the inline policy is attached.

    This field is null for managed policies. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

    " } }, - "documentation":"

    Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

    This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.

    " + "documentation":"

    Contains details about the permissions policies that are attached to the specified identity (user, group, or role).

    This data type is an element of the ListPoliciesGrantingServiceAccessEntry object.

    " }, "PolicyGroup":{ "type":"structure", @@ -6935,7 +7067,7 @@ "documentation":"

    The stable and unique string identifying the group. For more information about IDs, see IAM identifiers in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about a group that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a group that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "PolicyGroupListType":{ "type":"list", @@ -6955,6 +7087,31 @@ }, "exception":true }, + "PolicyParameter":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"policyParameterNameType", + "documentation":"

    " + }, + "Values":{ + "shape":"policyParameterValuesListType", + "documentation":"

    " + }, + "Type":{ + "shape":"PolicyParameterTypeEnum", + "documentation":"

    " + } + }, + "documentation":"

    " + }, + "PolicyParameterTypeEnum":{ + "type":"string", + "enum":[ + "string", + "stringList" + ] + }, "PolicyRole":{ "type":"structure", "members":{ @@ -6967,7 +7124,7 @@ "documentation":"

    The stable and unique string identifying the role. For more information about IDs, see IAM identifiers in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about a role that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a role that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "PolicyRoleListType":{ "type":"list", @@ -7005,7 +7162,7 @@ "documentation":"

    The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about a user that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a user that a managed policy is attached to.

    This data type is used as a response element in the ListEntitiesForPolicy operation.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "PolicyUserListType":{ "type":"list", @@ -7016,7 +7173,7 @@ "members":{ "Document":{ "shape":"policyDocumentType", - "documentation":"

    The policy document.

    The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.

    The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    " + "documentation":"

    The policy document.

    The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.

    The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

    " }, "VersionId":{ "shape":"policyVersionIdType", @@ -7031,7 +7188,7 @@ "documentation":"

    The date and time, in ISO 8601 date-time format, when the policy version was created.

    " } }, - "documentation":"

    Contains information about a version of a managed policy.

    This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " + "documentation":"

    Contains information about a version of a managed policy.

    This data type is used as a response element in the CreatePolicyVersion, GetPolicyVersion, ListPolicyVersions, and GetAccountAuthorizationDetails operations.

    For more information about managed policies, refer to Managed policies and inline policies in the IAM User Guide.

    " }, "Position":{ "type":"structure", @@ -7045,7 +7202,7 @@ "documentation":"

    The column in the line containing the specified position in the document.

    " } }, - "documentation":"

    Contains the row and column of a location of a Statement element in a policy document.

    This data type is used as a member of the Statement type.

    " + "documentation":"

    Contains the row and column of a location of a Statement element in a policy document.

    This data type is used as a member of the Statement type.

    " }, "PutGroupPolicyRequest":{ "type":"structure", @@ -7165,11 +7322,11 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " }, "ClientID":{ "shape":"clientIDType", - "documentation":"

    The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.

    " + "documentation":"

    The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see CreateOpenIDConnectProvider.

    " } } }, @@ -7292,7 +7449,7 @@ }, "MissingContextValues":{ "shape":"ContextKeyNamesResultListType", - "documentation":"

    A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of \"*\". If you do not specify individual resources, by setting ResourceArns to \"*\" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

    " + "documentation":"

    A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of \"*\". If you do not specify individual resources, by setting ResourceArns to \"*\" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

    " }, "EvalDecisionDetails":{ "shape":"EvalDecisionDetailsType", @@ -7303,7 +7460,7 @@ "documentation":"

    Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.

    " } }, - "documentation":"

    Contains the result of the simulation of a single API operation call on a single resource.

    This data type is used by a member of the EvaluationResult data type.

    " + "documentation":"

    Contains the result of the simulation of a single API operation call on a single resource.

    This data type is used by a member of the EvaluationResult data type.

    " }, "ResourceSpecificResultListType":{ "type":"list", @@ -7442,7 +7599,7 @@ "documentation":"

    Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about an IAM role, including all of the role's policies.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " + "documentation":"

    Contains information about an IAM role, including all of the role's policies.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " }, "RoleLastUsed":{ "type":"structure", @@ -7456,7 +7613,7 @@ "documentation":"

    The name of the Amazon Web Services Region in which the role was last used.

    " } }, - "documentation":"

    Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.

    This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.

    " + "documentation":"

    Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked in the IAM user Guide.

    This data type is returned as a response element in the GetRole and GetAccountAuthorizationDetails operations.

    " }, "RoleUsageListType":{ "type":"list", @@ -7474,13 +7631,27 @@ "documentation":"

    The name of the resource that is using the service-linked role.

    " } }, - "documentation":"

    An object that contains details about how a service-linked role is used, if that information is returned by the service.

    This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

    " + "documentation":"

    An object that contains details about how a service-linked role is used, if that information is returned by the service.

    This data type is used as a response element in the GetServiceLinkedRoleDeletionStatus operation.

    " }, "SAMLMetadataDocumentType":{ "type":"string", "max":10000000, "min":1000 }, + "SAMLPrivateKey":{ + "type":"structure", + "members":{ + "KeyId":{ + "shape":"privateKeyIdType", + "documentation":"

    The unique identifier for the SAML private key.

    " + }, + "Timestamp":{ + "shape":"dateType", + "documentation":"

    The date and time, in ISO 8601 date-time format, when the private key was uploaded.

    " + } + }, + "documentation":"

    Contains the private keys for the SAML provider.

    This data type is used as a response element in the GetSAMLProvider operation.

    " + }, "SAMLProviderListEntry":{ "type":"structure", "members":{ @@ -7544,7 +7715,7 @@ "documentation":"

    The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.

    " } }, - "documentation":"

    Contains information about an SSH public key.

    This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.

    " + "documentation":"

    Contains information about an SSH public key.

    This data type is used as a response element in the GetSSHPublicKey and UploadSSHPublicKey operations.

    " }, "SSHPublicKeyListType":{ "type":"list", @@ -7576,7 +7747,7 @@ "documentation":"

    The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.

    " } }, - "documentation":"

    Contains information about an SSH public key, without the key's body or fingerprint.

    This data type is used as a response element in the ListSSHPublicKeys operation.

    " + "documentation":"

    Contains information about an SSH public key, without the key's body or fingerprint.

    This data type is used as a response element in the ListSSHPublicKeys operation.

    " }, "ServerCertificate":{ "type":"structure", @@ -7602,7 +7773,7 @@ "documentation":"

    A list of tags that are attached to the server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about a server certificate.

    This data type is used as a response element in the GetServerCertificate operation.

    " + "documentation":"

    Contains information about a server certificate.

    This data type is used as a response element in the GetServerCertificate operation.

    " }, "ServerCertificateMetadata":{ "type":"structure", @@ -7638,12 +7809,11 @@ "documentation":"

    The date on which the certificate is set to expire.

    " } }, - "documentation":"

    Contains information about a server certificate without its certificate body, certificate chain, and private key.

    This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.

    " + "documentation":"

    Contains information about a server certificate without its certificate body, certificate chain, and private key.

    This data type is used as a response element in the UploadServerCertificate and ListServerCertificates operations.

    " }, "ServiceAccessNotEnabledException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the Organizations User Guide.

    ", "exception":true }, @@ -7692,10 +7862,10 @@ }, "TrackedActionsLastAccessed":{ "shape":"TrackedActionsLastAccessed", - "documentation":"

    An object that contains details about the most recent attempt to access a tracked action within the service.

    This field is null if there no tracked actions or if the principal did not use the tracked actions within the tracking period. This field is also null if the report was generated at the service level and not the action level. For more information, see the Granularity field in GenerateServiceLastAccessedDetails.

    " + "documentation":"

    An object that contains details about the most recent attempt to access a tracked action within the service.

    This field is null if there no tracked actions or if the principal did not use the tracked actions within the tracking period. This field is also null if the report was generated at the service level and not the action level. For more information, see the Granularity field in GenerateServiceLastAccessedDetails.

    " } }, - "documentation":"

    Contains details about the most recent attempt to access the service.

    This data type is used as a response element in the GetServiceLastAccessedDetails operation.

    " + "documentation":"

    Contains details about the most recent attempt to access the service.

    This data type is used as a response element in the GetServiceLastAccessedDetails operation.

    " }, "ServiceNotSupportedException":{ "type":"structure", @@ -7715,8 +7885,6 @@ "required":[ "CreateDate", "ServiceName", - "ServiceUserName", - "ServicePassword", "ServiceSpecificCredentialId", "UserName", "Status" @@ -7726,6 +7894,10 @@ "shape":"dateType", "documentation":"

    The date and time, in ISO 8601 date-time format, when the service-specific credential were created.

    " }, + "ExpirationDate":{ + "shape":"dateType", + "documentation":"

    The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.

    " + }, "ServiceName":{ "shape":"serviceName", "documentation":"

    The name of the service associated with the service-specific credential.

    " @@ -7738,6 +7910,14 @@ "shape":"servicePassword", "documentation":"

    The generated password for the service-specific credential.

    " }, + "ServiceCredentialAlias":{ + "shape":"serviceCredentialAlias", + "documentation":"

    For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.

    " + }, + "ServiceCredentialSecret":{ + "shape":"serviceCredentialSecret", + "documentation":"

    For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.

    " + }, "ServiceSpecificCredentialId":{ "shape":"serviceSpecificCredentialId", "documentation":"

    The unique identifier for the service-specific credential.

    " @@ -7758,7 +7938,6 @@ "required":[ "UserName", "Status", - "ServiceUserName", "CreateDate", "ServiceSpecificCredentialId", "ServiceName" @@ -7776,10 +7955,18 @@ "shape":"serviceUserName", "documentation":"

    The generated user name for the service-specific credential.

    " }, + "ServiceCredentialAlias":{ + "shape":"serviceCredentialAlias", + "documentation":"

    For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.

    " + }, "CreateDate":{ "shape":"dateType", "documentation":"

    The date and time, in ISO 8601 date-time format, when the service-specific credential were created.

    " }, + "ExpirationDate":{ + "shape":"dateType", + "documentation":"

    The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.

    " + }, "ServiceSpecificCredentialId":{ "shape":"serviceSpecificCredentialId", "documentation":"

    The unique identifier for the service-specific credential.

    " @@ -7856,7 +8043,7 @@ "documentation":"

    The date when the signing certificate was uploaded.

    " } }, - "documentation":"

    Contains information about an X.509 signing certificate.

    This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.

    " + "documentation":"

    Contains information about an X.509 signing certificate.

    This data type is used as a response element in the UploadSigningCertificate and ListSigningCertificates operations.

    " }, "SimulateCustomPolicyRequest":{ "type":"structure", @@ -7927,7 +8114,7 @@ "documentation":"

    When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

    " } }, - "documentation":"

    Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy request.

    " + "documentation":"

    Contains the response to a successful SimulatePrincipalPolicy or SimulateCustomPolicy request.

    " }, "SimulatePrincipalPolicyRequest":{ "type":"structure", @@ -8010,7 +8197,7 @@ "documentation":"

    The row and column of the end of a Statement in an IAM policy.

    " } }, - "documentation":"

    Contains a reference to a Statement element in a policy document that determines the result of the simulation.

    This data type is used by the MatchedStatements member of the EvaluationResult type.

    " + "documentation":"

    Contains a reference to a Statement element in a policy document that determines the result of the simulation.

    This data type is used by the MatchedStatements member of the EvaluationResult type.

    " }, "StatementListType":{ "type":"list", @@ -8029,7 +8216,7 @@ }, "Value":{ "shape":"tagValueType", - "documentation":"

    The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.

    Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

    " + "documentation":"

    The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.

    " } }, "documentation":"

    A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " @@ -8187,7 +8374,7 @@ "documentation":"

    The Region from which the authenticated entity (user or role) last attempted to access the tracked action. Amazon Web Services does not report unauthenticated requests.

    This field is null if no IAM entities attempted to access the service within the tracking period.

    " } }, - "documentation":"

    Contains details about the most recent attempt to access an action within the service.

    This data type is used as a response element in the GetServiceLastAccessedDetails operation.

    " + "documentation":"

    Contains details about the most recent attempt to access an action within the service.

    This data type is used as a response element in the GetServiceLastAccessedDetails operation.

    " }, "TrackedActionsLastAccessed":{ "type":"list", @@ -8462,7 +8649,7 @@ }, "Password":{ "shape":"passwordType", - "documentation":"

    The new password for the specified IAM user.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)

    • The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)

    However, the format can be further restricted by the account administrator by setting a password policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

    " + "documentation":"

    The new password for the specified IAM user.

    The regex pattern used to validate this parameter is a string of characters consisting of the following:

    • Any printable ASCII character ranging from the space character (\\u0020) through the end of the ASCII character range

    • The printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF)

    • The special characters tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D)

    However, the format can be further restricted by the account administrator by setting a password policy on the Amazon Web Services account. For more information, see UpdateAccountPasswordPolicy.

    " }, "PasswordResetRequired":{ "shape":"booleanObjectType", @@ -8479,11 +8666,11 @@ "members":{ "OpenIDConnectProviderArn":{ "shape":"arnType", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " }, "ThumbprintList":{ "shape":"thumbprintListType", - "documentation":"

    A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.

    " + "documentation":"

    A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see CreateOpenIDConnectProvider.

    " } } }, @@ -8533,23 +8720,31 @@ }, "UpdateRoleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSAMLProviderRequest":{ "type":"structure", - "required":[ - "SAMLMetadataDocument", - "SAMLProviderArn" - ], + "required":["SAMLProviderArn"], "members":{ "SAMLMetadataDocument":{ "shape":"SAMLMetadataDocumentType", - "documentation":"

    An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.

    " + "documentation":"

    An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your IdP.

    " }, "SAMLProviderArn":{ "shape":"arnType", "documentation":"

    The Amazon Resource Name (ARN) of the SAML provider to update.

    For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    " + }, + "AssertionEncryptionMode":{ + "shape":"assertionEncryptionModeType", + "documentation":"

    Specifies the encryption setting for the SAML provider.

    " + }, + "AddPrivateKey":{ + "shape":"privateKeyType", + "documentation":"

    Specifies the new private key from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.

    " + }, + "RemovePrivateKey":{ + "shape":"privateKeyIdType", + "documentation":"

    The Key ID of the private key to remove.

    " } } }, @@ -8561,7 +8756,7 @@ "documentation":"

    The Amazon Resource Name (ARN) of the SAML provider that was updated.

    " } }, - "documentation":"

    Contains the response to a successful UpdateSAMLProvider request.

    " + "documentation":"

    Contains the response to a successful UpdateSAMLProvider request.

    " }, "UpdateSSHPublicKeyRequest":{ "type":"structure", @@ -8688,7 +8883,7 @@ "documentation":"

    Contains information about the SSH public key.

    " } }, - "documentation":"

    Contains the response to a successful UploadSSHPublicKey request.

    " + "documentation":"

    Contains the response to a successful UploadSSHPublicKey request.

    " }, "UploadServerCertificateRequest":{ "type":"structure", @@ -8736,7 +8931,7 @@ "documentation":"

    A list of tags that are attached to the new IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains the response to a successful UploadServerCertificate request.

    " + "documentation":"

    Contains the response to a successful UploadServerCertificate request.

    " }, "UploadSigningCertificateRequest":{ "type":"structure", @@ -8761,7 +8956,7 @@ "documentation":"

    Information about the certificate.

    " } }, - "documentation":"

    Contains the response to a successful UploadSigningCertificate request.

    " + "documentation":"

    Contains the response to a successful UploadSigningCertificate request.

    " }, "User":{ "type":"structure", @@ -8795,7 +8990,7 @@ }, "PasswordLastUsed":{ "shape":"dateType", - "documentation":"

    The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:

    • The user never had a password.

    • A password exists but has not been used since IAM started tracking this information on October 20, 2014.

    A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.

    This value is returned only in the GetUser and ListUsers operations.

    " + "documentation":"

    The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:

    • The user never had a password.

    • A password exists but has not been used since IAM started tracking this information on October 20, 2014.

    A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.

    This value is returned only in the GetUser and ListUsers operations.

    " }, "PermissionsBoundary":{ "shape":"AttachedPermissionsBoundary", @@ -8806,7 +9001,7 @@ "documentation":"

    A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about an IAM user entity.

    This data type is used as a response element in the following operations:

    " + "documentation":"

    Contains information about an IAM user entity.

    This data type is used as a response element in the following operations:

    " }, "UserDetail":{ "type":"structure", @@ -8849,7 +9044,7 @@ "documentation":"

    A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

    " } }, - "documentation":"

    Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " + "documentation":"

    Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.

    This data type is used as a response element in the GetAccountAuthorizationDetails operation.

    " }, "VirtualMFADevice":{ "type":"structure", @@ -8891,7 +9086,7 @@ "accessKeyMetadataListType":{ "type":"list", "member":{"shape":"AccessKeyMetadata"}, - "documentation":"

    Contains a list of access key metadata.

    This data type is used as a response element in the ListAccessKeys operation.

    " + "documentation":"

    Contains a list of access key metadata.

    This data type is used as a response element in the ListAccessKeys operation.

    " }, "accessKeySecretType":{ "type":"string", @@ -8907,12 +9102,27 @@ "min":3, "pattern":"^[a-z0-9]([a-z0-9]|-(?!-)){1,61}[a-z0-9]$" }, + "accountIdType":{ + "type":"string", + "pattern":"\\d{12}" + }, + "allUsers":{ + "type":"boolean", + "box":true + }, "arnType":{ "type":"string", "documentation":"

    The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

    For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

    ", "max":2048, "min":20 }, + "assertionEncryptionModeType":{ + "type":"string", + "enum":[ + "Required", + "Allowed" + ] + }, "assignmentStatusType":{ "type":"string", "enum":[ @@ -8958,7 +9168,7 @@ "certificateListType":{ "type":"list", "member":{"shape":"SigningCertificate"}, - "documentation":"

    Contains a list of signing certificates.

    This data type is used as a response element in the ListSigningCertificates operation.

    " + "documentation":"

    Contains a list of signing certificates.

    This data type is used as a response element in the ListSigningCertificates operation.

    " }, "clientIDListType":{ "type":"list", @@ -8969,6 +9179,16 @@ "max":255, "min":1 }, + "consoleDeepLinkType":{ + "type":"string", + "max":255, + "min":1 + }, + "credentialAgeDays":{ + "type":"integer", + "max":36600, + "min":1 + }, "credentialReportExpiredExceptionMessage":{"type":"string"}, "credentialReportNotPresentExceptionMessage":{"type":"string"}, "credentialReportNotReadyExceptionMessage":{"type":"string"}, @@ -8979,6 +9199,17 @@ "pattern":"[\\w+=,.@-]+" }, "dateType":{"type":"timestamp"}, + "delegationRequestDescriptionType":{ + "type":"string", + "max":1000, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" + }, + "delegationRequestIdType":{ + "type":"string", + "max":128, + "min":16, + "pattern":"[\\w-]+" + }, "deleteConflictMessage":{"type":"string"}, "duplicateCertificateMessage":{"type":"string"}, "duplicateSSHPublicKeyMessage":{"type":"string"}, @@ -9025,7 +9256,7 @@ "groupListType":{ "type":"list", "member":{"shape":"Group"}, - "documentation":"

    Contains a list of IAM groups.

    This data type is used as a response element in the ListGroups operation.

    " + "documentation":"

    Contains a list of IAM groups.

    This data type is used as a response element in the ListGroups operation.

    " }, "groupNameListType":{ "type":"list", @@ -9101,7 +9332,7 @@ "mfaDeviceListType":{ "type":"list", "member":{"shape":"MFADevice"}, - "documentation":"

    Contains a list of MFA devices.

    This data type is used as a response element in the ListMFADevices and ListVirtualMFADevices operations.

    " + "documentation":"

    Contains a list of MFA devices.

    This data type is used as a response element in the ListMFADevices and ListVirtualMFADevices operations.

    " }, "minimumPasswordLengthType":{ "type":"integer", @@ -9109,6 +9340,11 @@ "min":6 }, "noSuchEntityMessage":{"type":"string"}, + "notificationChannelType":{ + "type":"string", + "max":400, + "min":2 + }, "openIdIdpCommunicationErrorExceptionMessage":{"type":"string"}, "organizationsEntityPathType":{ "type":"string", @@ -9176,7 +9412,7 @@ "policyNameListType":{ "type":"list", "member":{"shape":"policyNameType"}, - "documentation":"

    Contains a list of policy names.

    This data type is used as a response element in the ListPolicies operation.

    " + "documentation":"

    Contains a list of policy names.

    This data type is used as a response element in the ListPolicies operation.

    " }, "policyNameType":{ "type":"string", @@ -9193,6 +9429,21 @@ "GROUP" ] }, + "policyParameterListType":{ + "type":"list", + "member":{"shape":"PolicyParameter"}, + "max":50 + }, + "policyParameterNameType":{ + "type":"string", + "max":256, + "min":5 + }, + "policyParameterValueType":{"type":"string"}, + "policyParameterValuesListType":{ + "type":"list", + "member":{"shape":"policyParameterValueType"} + }, "policyPathType":{ "type":"string", "max":512, @@ -9218,6 +9469,17 @@ "type":"string", "pattern":"v[1-9][0-9]*(\\.[A-Za-z0-9-]*)?" }, + "privateKeyIdType":{ + "type":"string", + "max":64, + "min":22, + "pattern":"[A-Z0-9]+" + }, + "privateKeyList":{ + "type":"list", + "member":{"shape":"SAMLPrivateKey"}, + "max":2 + }, "privateKeyType":{ "type":"string", "max":16384, @@ -9243,7 +9505,23 @@ "min":1, "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" }, + "redirectUrlType":{ + "type":"string", + "max":255, + "min":1, + "pattern":"^http(s?)://[a-zA-Z0-9._/-]*(\\?[a-zA-Z0-9._=&-]*)?(#[a-zA-Z0-9._/-]*)?$" + }, "reportGenerationLimitExceededMessage":{"type":"string"}, + "requestMessageType":{ + "type":"string", + "max":200, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" + }, + "requestorWorkflowIdType":{ + "type":"string", + "max":400, + "min":5 + }, "responseMarkerType":{"type":"string"}, "roleDescriptionType":{ "type":"string", @@ -9257,7 +9535,7 @@ "roleListType":{ "type":"list", "member":{"shape":"Role"}, - "documentation":"

    Contains a list of IAM roles.

    This data type is used as a response element in the ListRoles operation.

    " + "documentation":"

    Contains a list of IAM roles.

    This data type is used as a response element in the ListRoles operation.

    " }, "roleMaxSessionDurationType":{ "type":"integer", @@ -9286,6 +9564,16 @@ "min":1, "pattern":"[\\w+=,.@-]+" }, + "serviceCredentialAlias":{ + "type":"string", + "max":200, + "min":0, + "pattern":"[\\w+=,.@-]+" + }, + "serviceCredentialSecret":{ + "type":"string", + "sensitive":true + }, "serviceFailureExceptionMessage":{"type":"string"}, "serviceName":{"type":"string"}, "serviceNameType":{"type":"string"}, @@ -9315,8 +9603,13 @@ "serviceUserName":{ "type":"string", "max":200, - "min":17, - "pattern":"[\\w+=,.@-]+" + "min":0, + "pattern":"[\\w+=,.@-]*" + }, + "sessionDurationType":{ + "type":"integer", + "max":43200, + "min":3600 }, "sortKeyType":{ "type":"string", @@ -9331,7 +9624,8 @@ "type":"string", "enum":[ "Active", - "Inactive" + "Inactive", + "Expired" ] }, "stringType":{"type":"string"}, @@ -9364,7 +9658,14 @@ "PolicyVersionsInUse", "PolicyVersionsInUseQuota", "VersionsPerPolicyQuota", - "GlobalEndpointTokenVersion" + "GlobalEndpointTokenVersion", + "AssumeRolePolicySizeQuota", + "InstanceProfiles", + "InstanceProfilesQuota", + "Providers", + "RolePolicySizeQuota", + "Roles", + "RolesQuota" ] }, "summaryMapType":{ @@ -9415,7 +9716,7 @@ "userListType":{ "type":"list", "member":{"shape":"User"}, - "documentation":"

    Contains a list of users.

    This data type is used as a response element in the GetGroup and ListUsers operations.

    " + "documentation":"

    Contains a list of users.

    This data type is used as a response element in the GetGroup and ListUsers operations.

    " }, "userNameType":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/identitystore/2020-06-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/identitystore/2020-06-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/identitystore/2020-06-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/identitystore/2020-06-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/identitystore/2020-06-15/service-2.json 2.31.35-1/awscli/botocore/data/identitystore/2020-06-15/service-2.json --- 2.23.6-1/awscli/botocore/data/identitystore/2020-06-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/identitystore/2020-06-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,11 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-06-15", + "auth":["aws.auth#sigv4"], "endpointPrefix":"identitystore", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"IdentityStore", "serviceFullName":"AWS SSO Identity Store", "serviceId":"identitystore", @@ -143,7 +145,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves the group metadata and attributes from GroupId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves the group metadata and attributes from GroupId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "DescribeGroupMembership":{ "name":"DescribeGroupMembership", @@ -160,7 +163,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves membership metadata and attributes from MembershipId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves membership metadata and attributes from MembershipId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "DescribeUser":{ "name":"DescribeUser", @@ -177,7 +181,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves the user metadata and attributes from the UserId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves the user metadata and attributes from the UserId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "GetGroupId":{ "name":"GetGroupId", @@ -194,7 +199,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves GroupId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves GroupId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "GetGroupMembershipId":{ "name":"GetGroupMembershipId", @@ -211,7 +217,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves the MembershipId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves the MembershipId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "GetUserId":{ "name":"GetUserId", @@ -228,7 +235,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves the UserId in an identity store.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Retrieves the UserId in an identity store.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "IsMemberInGroups":{ "name":"IsMemberInGroups", @@ -245,7 +253,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "ListGroupMemberships":{ "name":"ListGroupMemberships", @@ -262,7 +271,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "ListGroupMembershipsForMember":{ "name":"ListGroupMembershipsForMember", @@ -279,7 +289,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "ListGroups":{ "name":"ListGroups", @@ -296,7 +307,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "ListUsers":{ "name":"ListUsers", @@ -313,7 +325,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.

    If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

    " + "documentation":"

    Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.

    If you have access to a member account, you can use this API operation from the member account. For more information, see Limiting access to the identity store from member accounts in the IAM Identity Center User Guide.

    ", + "readonly":true }, "UpdateGroup":{ "name":"UpdateGroup", @@ -332,7 +345,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    For the specified group in the specified identity store, updates the group metadata and attributes.

    " + "documentation":"

    Updates the specified group metadata and attributes in the specified identity store.

    " }, "UpdateUser":{ "name":"UpdateUser", @@ -351,7 +364,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    For the specified user in the specified identity store, updates the user metadata and attributes.

    " + "documentation":"

    Updates the specified user metadata and attributes in the specified identity store.

    " } }, "shapes":{ @@ -362,11 +375,19 @@ "RequestId":{ "shape":"RequestId", "documentation":"

    The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    " + }, + "Reason":{ + "shape":"AccessDeniedExceptionReason", + "documentation":"

    Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.

    " } }, "documentation":"

    You do not have sufficient access to perform this action.

    ", "exception":true }, + "AccessDeniedExceptionReason":{ + "type":"string", + "enum":["KMS_ACCESS_DENIED"] + }, "Address":{ "type":"structure", "members":{ @@ -451,12 +472,11 @@ "type":"string", "max":255, "min":1, - "pattern":"\\p{L}+(?:\\.\\p{L}+){0,2}" + "pattern":"(?:\\p{L}+:\\p{L}+:\\p{L}+(?:\\.\\p{L}+){0,3}|\\p{L}+(?:\\.\\p{L}+){0,2})" }, "AttributeValue":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the CLI.

    ", "document":true }, @@ -571,11 +591,11 @@ }, "Name":{ "shape":"Name", - "documentation":"

    An object containing the name of the user.

    " + "documentation":"

    An object containing the name of the user. When used in IAM Identity Center, this parameter is required.

    " }, "DisplayName":{ "shape":"SensitiveStringType", - "documentation":"

    A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, \"John Doe.\"

    " + "documentation":"

    A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, \"John Doe.\" When used in IAM Identity Center, this parameter is required.

    " }, "NickName":{ "shape":"SensitiveStringType", @@ -616,26 +636,39 @@ "Timezone":{ "shape":"SensitiveStringType", "documentation":"

    A string containing the time zone of the user.

    " + }, + "Photos":{ + "shape":"Photos", + "documentation":"

    A list of photos associated with the user. You can add up to 3 photos per user. Each photo can include a value, type, display name, and primary designation.

    " + }, + "Website":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's personal website or blog URL. This field allows users to provide a link to their personal or professional website.

    " + }, + "Birthdate":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's birthdate in YYYY-MM-DD format. This field supports standard date format for storing personal information.

    " } } }, "CreateUserResponse":{ "type":"structure", "required":[ - "UserId", - "IdentityStoreId" + "IdentityStoreId", + "UserId" ], "members":{ - "UserId":{ - "shape":"ResourceId", - "documentation":"

    The identifier of the newly created user in the identity store.

    " - }, "IdentityStoreId":{ "shape":"IdentityStoreId", "documentation":"

    The globally unique identifier for the identity store.

    " + }, + "UserId":{ + "shape":"ResourceId", + "documentation":"

    The identifier of the newly created user in the identity store.

    " } } }, + "DateType":{"type":"timestamp"}, "DeleteGroupMembershipRequest":{ "type":"structure", "required":[ @@ -655,8 +688,7 @@ }, "DeleteGroupMembershipResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGroupRequest":{ "type":"structure", @@ -677,8 +709,7 @@ }, "DeleteGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserRequest":{ "type":"structure", @@ -699,8 +730,7 @@ }, "DeleteUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeGroupMembershipRequest":{ "type":"structure", @@ -740,7 +770,23 @@ "shape":"ResourceId", "documentation":"

    The identifier for a group in the identity store.

    " }, - "MemberId":{"shape":"MemberId"} + "MemberId":{"shape":"MemberId"}, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group membership was created.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group membership was last updated.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the group membership.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the group membership.

    " + } } }, "DescribeGroupRequest":{ @@ -783,6 +829,22 @@ "shape":"SensitiveStringType", "documentation":"

    A string containing a description of the group.

    " }, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group was created.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group was last updated.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the group.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the group.

    " + }, "IdentityStoreId":{ "shape":"IdentityStoreId", "documentation":"

    The globally unique identifier for the identity store.

    " @@ -809,18 +871,22 @@ "DescribeUserResponse":{ "type":"structure", "required":[ - "UserId", - "IdentityStoreId" + "IdentityStoreId", + "UserId" ], "members":{ - "UserName":{ - "shape":"UserName", - "documentation":"

    A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    " + "IdentityStoreId":{ + "shape":"IdentityStoreId", + "documentation":"

    The globally unique identifier for the identity store.

    " }, "UserId":{ "shape":"ResourceId", "documentation":"

    The identifier for a user in the identity store.

    " }, + "UserName":{ + "shape":"UserName", + "documentation":"

    A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    " + }, "ExternalIds":{ "shape":"ExternalIds", "documentation":"

    A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

    " @@ -873,9 +939,37 @@ "shape":"SensitiveStringType", "documentation":"

    The time zone for a user.

    " }, - "IdentityStoreId":{ - "shape":"IdentityStoreId", - "documentation":"

    The globally unique identifier for the identity store.

    " + "UserStatus":{ + "shape":"UserStatus", + "documentation":"

    The current status of the user account.

    " + }, + "Photos":{ + "shape":"Photos", + "documentation":"

    A list of photos associated with the user. Returns up to 3 photos with their associated metadata including type, display name, and primary designation.

    " + }, + "Website":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's personal website or blog URL. Returns the stored website information for the user.

    " + }, + "Birthdate":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's birthdate in YYYY-MM-DD format. This field returns the stored birthdate information for the user.

    " + }, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the user was created.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the user.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the user was last updated.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the user.

    " } } }, @@ -931,9 +1025,9 @@ }, "ExternalIdIssuer":{ "type":"string", - "max":100, + "max":256, "min":1, - "pattern":"(?!(?i)(arn|aws):)[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+", + "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+", "sensitive":true }, "ExternalIds":{ @@ -951,7 +1045,7 @@ "members":{ "AttributePath":{ "shape":"AttributePath", - "documentation":"

    The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    " + "documentation":"

    The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

    " }, "AttributeValue":{ "shape":"SensitiveStringType", @@ -979,7 +1073,7 @@ }, "AlternateIdentifier":{ "shape":"AlternateIdentifier", - "documentation":"

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is displayName.

    " + "documentation":"

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is displayName.

    " } } }, @@ -1052,24 +1146,24 @@ }, "AlternateIdentifier":{ "shape":"AlternateIdentifier", - "documentation":"

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are userName and emails.value.

    " + "documentation":"

    A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are userName and emails.value.

    " } } }, "GetUserIdResponse":{ "type":"structure", "required":[ - "UserId", - "IdentityStoreId" + "IdentityStoreId", + "UserId" ], "members":{ - "UserId":{ - "shape":"ResourceId", - "documentation":"

    The identifier for a user in the identity store.

    " - }, "IdentityStoreId":{ "shape":"IdentityStoreId", "documentation":"

    The globally unique identifier for the identity store.

    " + }, + "UserId":{ + "shape":"ResourceId", + "documentation":"

    The identifier for a user in the identity store.

    " } } }, @@ -1086,7 +1180,7 @@ }, "DisplayName":{ "shape":"GroupDisplayName", - "documentation":"

    The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

    " + "documentation":"

    The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

    Prefix search supports a maximum of 1,000 characters for the string.

    " }, "ExternalIds":{ "shape":"ExternalIds", @@ -1096,6 +1190,22 @@ "shape":"SensitiveStringType", "documentation":"

    A string containing a description of the specified group.

    " }, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group was created.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group was last updated.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the group.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the group.

    " + }, "IdentityStoreId":{ "shape":"IdentityStoreId", "documentation":"

    The globally unique identifier for the identity store.

    " @@ -1135,6 +1245,22 @@ "MemberId":{ "shape":"MemberId", "documentation":"

    An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

    " + }, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group membership was created.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the group membership was last updated.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the group membership.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the group membership.

    " } }, "documentation":"

    Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

    " @@ -1242,11 +1368,12 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    " + "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    ", + "box":true }, "NextToken":{ "shape":"NextToken", - "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " + "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " } } }, @@ -1260,7 +1387,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " + "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " } } }, @@ -1281,11 +1408,12 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to be returned per request. This parameter is used in all List requests to specify how many results to return in one page.

    " + "documentation":"

    The maximum number of results to be returned per request. This parameter is used in all List requests to specify how many results to return in one page.

    ", + "box":true }, "NextToken":{ "shape":"NextToken", - "documentation":"

    The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " + "documentation":"

    The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " } } }, @@ -1299,7 +1427,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " + "documentation":"

    The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " } } }, @@ -1313,7 +1441,8 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    " + "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    ", + "box":true }, "NextToken":{ "shape":"NextToken", @@ -1321,7 +1450,7 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    ", + "documentation":"

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    ", "deprecated":true, "deprecatedMessage":"Using filters with ListGroups API is deprecated, please use GetGroupId API instead." } @@ -1337,7 +1466,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"

    The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page.

    " + "documentation":"

    The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

    " } } }, @@ -1351,7 +1480,8 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    " + "documentation":"

    The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

    ", + "box":true }, "NextToken":{ "shape":"NextToken", @@ -1359,7 +1489,7 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    ", + "documentation":"

    A list of Filter objects, which is used in the ListUsers and ListGroups requests.

    ", "deprecated":true, "deprecatedMessage":"Using filters with ListUsers API is deprecated, please use GetGroupId API instead." } @@ -1437,7 +1567,7 @@ "members":{ "Value":{ "shape":"SensitiveStringType", - "documentation":"

    A string containing a phone number. For example, \"8675309\" or \"+1 (800) 123-4567\".

    " + "documentation":"

    A string containing a phone number. For example, \"8675309\" or \"+1 (800) 123-4567\".

    " }, "Type":{ "shape":"SensitiveStringType", @@ -1456,6 +1586,35 @@ "max":1, "min":1 }, + "Photo":{ + "type":"structure", + "required":["Value"], + "members":{ + "Value":{ + "shape":"SensitiveStringType", + "documentation":"

    The photo data or URL. Supported formats include jpg, jpeg, png, and gif. This field is required for all photo entries.

    " + }, + "Type":{ + "shape":"SensitiveStringType", + "documentation":"

    The type of photo. This field is optional and can be used to categorize different types of photos.

    " + }, + "Display":{ + "shape":"SensitiveStringType", + "documentation":"

    A human-readable description of the photo for display purposes. This optional field provides context about the photo.

    " + }, + "Primary":{ + "shape":"SensitiveBooleanType", + "documentation":"

    Specifies whether this is the user's primary photo. Default value is false. Only one photo can be designated as primary per user.

    " + } + }, + "documentation":"

    Contains information about a user's photo. Users can have up to 3 photos, with one designated as primary. Supports common image formats, including jpg, jpeg, png, and gif.

    " + }, + "Photos":{ + "type":"list", + "member":{"shape":"Photo"}, + "max":3, + "min":1 + }, "RequestId":{ "type":"string", "max":36, @@ -1477,7 +1636,11 @@ }, "ResourceId":{ "shape":"ResourceId", - "documentation":"

    The identifier for a resource in the identity store that can be used as UserId or GroupId. The format for ResourceId is either UUID or 1234567890-UUID, where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID. Otherwise, it will be in the 1234567890-UUID format.

    " + "documentation":"

    The identifier for a resource in the identity store that can be used as UserId or GroupId. The format for ResourceId is either UUID or 1234567890-UUID, where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID. Otherwise, it will be in the 1234567890-UUID format.

    " + }, + "Reason":{ + "shape":"ResourceNotFoundExceptionReason", + "documentation":"

    Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

    " }, "Message":{"shape":"ExceptionMessage"}, "RequestId":{ @@ -1488,6 +1651,10 @@ "documentation":"

    Indicates that a requested resource is not found.

    ", "exception":true }, + "ResourceNotFoundExceptionReason":{ + "type":"string", + "enum":["KMS_KEY_NOT_FOUND"] + }, "ResourceType":{ "type":"string", "enum":[ @@ -1521,6 +1688,7 @@ "documentation":"

    The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

    ", "exception":true }, + "StringType":{"type":"string"}, "ThrottlingException":{ "type":"structure", "members":{ @@ -1532,12 +1700,20 @@ "RetryAfterSeconds":{ "shape":"RetryAfterSeconds", "documentation":"

    The number of seconds to wait before retrying the next request.

    " + }, + "Reason":{ + "shape":"ThrottlingExceptionReason", + "documentation":"

    Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

    " } }, "documentation":"

    Indicates that the principal has crossed the throttling limits of the API operations.

    ", "exception":true, "retryable":{"throttling":true} }, + "ThrottlingExceptionReason":{ + "type":"string", + "enum":["KMS_THROTTLING"] + }, "UniqueAttribute":{ "type":"structure", "required":[ @@ -1574,14 +1750,13 @@ }, "Operations":{ "shape":"AttributeOperations", - "documentation":"

    A list of AttributeOperation objects to apply to the requested group. These operations might add, replace, or remove an attribute.

    " + "documentation":"

    A list of AttributeOperation objects to apply to the requested group. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see Group.

    " } } }, "UpdateGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateUserRequest":{ "type":"structure", @@ -1601,30 +1776,33 @@ }, "Operations":{ "shape":"AttributeOperations", - "documentation":"

    A list of AttributeOperation objects to apply to the requested user. These operations might add, replace, or remove an attribute.

    " + "documentation":"

    A list of AttributeOperation objects to apply to the requested user. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see User.

    " } } }, "UpdateUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "User":{ "type":"structure", "required":[ - "UserId", - "IdentityStoreId" + "IdentityStoreId", + "UserId" ], "members":{ - "UserName":{ - "shape":"UserName", - "documentation":"

    A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    " + "IdentityStoreId":{ + "shape":"IdentityStoreId", + "documentation":"

    The globally unique identifier for the identity store.

    " }, "UserId":{ "shape":"ResourceId", "documentation":"

    The identifier for a user in the identity store.

    " }, + "UserName":{ + "shape":"UserName", + "documentation":"

    A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

    " + }, "ExternalIds":{ "shape":"ExternalIds", "documentation":"

    A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

    " @@ -1635,7 +1813,7 @@ }, "DisplayName":{ "shape":"SensitiveStringType", - "documentation":"

    A string containing the name of the user that is formatted for display when the user is referenced. For example, \"John Doe.\"

    " + "documentation":"

    A string containing the name of the user that is formatted for display when the user is referenced. For example, \"John Doe.\"

    Prefix search supports a maximum of 1,000 characters for the string.

    " }, "NickName":{ "shape":"SensitiveStringType", @@ -1677,9 +1855,37 @@ "shape":"SensitiveStringType", "documentation":"

    A string containing the time zone of the user.

    " }, - "IdentityStoreId":{ - "shape":"IdentityStoreId", - "documentation":"

    The globally unique identifier for the identity store.

    " + "UserStatus":{ + "shape":"UserStatus", + "documentation":"

    The current status of the user account.

    " + }, + "Photos":{ + "shape":"Photos", + "documentation":"

    A list of photos associated with the user. Users can have up to 3 photos with metadata including type, display name, and primary designation.

    " + }, + "Website":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's personal website or blog URL. This field stores website information for personal or professional use.

    " + }, + "Birthdate":{ + "shape":"SensitiveStringType", + "documentation":"

    The user's birthdate in YYYY-MM-DD format. This field stores personal birthdate information for the user.

    " + }, + "CreatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the user was created.

    " + }, + "CreatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that created the user.

    " + }, + "UpdatedAt":{ + "shape":"DateType", + "documentation":"

    The date and time the user was last updated.

    " + }, + "UpdatedBy":{ + "shape":"StringType", + "documentation":"

    The identifier of the user or system that last updated the user.

    " } }, "documentation":"

    A user object that contains the metadata and attributes for a specified user.

    " @@ -1691,6 +1897,13 @@ "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+", "sensitive":true }, + "UserStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Users":{ "type":"list", "member":{"shape":"User"} @@ -1702,11 +1915,24 @@ "RequestId":{ "shape":"RequestId", "documentation":"

    The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

    " + }, + "Reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

    Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.

    " } }, "documentation":"

    The request failed because it contains a syntax error.

    ", "exception":true + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "KMS_INVALID_ARN", + "KMS_INVALID_KEY_USAGE", + "KMS_INVALID_STATE", + "KMS_DISABLED" + ] } }, - "documentation":"

    The Identity Store service used by IAM Identity Center provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide.

    This reference guide describes the identity store operations that you can call programmatically and includes detailed information about data types and errors.

    IAM Identity Center uses the sso and identitystore API namespaces.

    " + "documentation":"

    The Identity Store service used by IAM Identity Center provides a single place to retrieve all of your identities (users and groups). For more information, see the IAM Identity Center User Guide.

    This reference guide describes the identity store operations that you can call programmatically and includes detailed information about data types and errors.

    IAM Identity Center uses the sso, sso-directory, and identitystore API namespaces. The sso-directory and identitystore namespaces authorize access to data in the Identity Store. Make sure your policies with IAM actions from these two namespaces are consistent to avoid conflicting authorization to the same data.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.json 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.json --- 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,129 @@ { - "pagination": {} + "pagination": { + "ListComponentBuildVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "componentSummaryList" + }, + "ListComponents": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "componentVersionList" + }, + "ListContainerRecipes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "containerRecipeSummaryList" + }, + "ListDistributionConfigurations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "distributionConfigurationSummaryList" + }, + "ListImageBuildVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imageSummaryList" + }, + "ListImagePackages": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imagePackageList" + }, + "ListImagePipelineImages": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imageSummaryList" + }, + "ListImagePipelines": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imagePipelineList" + }, + "ListImageRecipes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imageRecipeSummaryList" + }, + "ListImageScanFindingAggregations": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "responses" + }, + "ListImageScanFindings": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "findings" + }, + "ListImages": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "imageVersionList" + }, + "ListInfrastructureConfigurations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "infrastructureConfigurationSummaryList" + }, + "ListLifecycleExecutionResources": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "resources" + }, + "ListLifecycleExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "lifecycleExecutions" + }, + "ListLifecyclePolicies": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "lifecyclePolicySummaryList" + }, + "ListWaitingWorkflowSteps": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "steps" + }, + "ListWorkflowBuildVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "workflowSummaryList" + }, + "ListWorkflowExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "workflowExecutions" + }, + "ListWorkflowStepExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "steps" + }, + "ListWorkflows": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "workflowVersionList" + } + } } diff -pruN 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,95 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "ListComponentBuildVersions": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListComponents": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListContainerRecipes": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListDistributionConfigurations": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImageBuildVersions": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImagePackages": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImagePipelineImages": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImagePipelines": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImageRecipes": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImageScanFindingAggregations": { + "non_aggregate_keys": [ + "requestId", + "aggregationType" + ] + }, + "ListImageScanFindings": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListImages": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListInfrastructureConfigurations": { + "non_aggregate_keys": [ + "requestId" + ] + }, + "ListLifecycleExecutionResources": { + "non_aggregate_keys": [ + "lifecycleExecutionId", + "lifecycleExecutionState" + ] + }, + "ListWorkflowExecutions": { + "non_aggregate_keys": [ + "requestId", + "imageBuildVersionArn", + "message" + ] + }, + "ListWorkflowStepExecutions": { + "non_aggregate_keys": [ + "requestId", + "workflowBuildVersionArn", + "workflowExecutionId", + "imageBuildVersionArn", + "message" + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1546,7 +1546,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The KMS key identifier used to encrypt the distributed image.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the KMS key used to encrypt the distributed image. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "launchPermission":{ "shape":"LaunchPermissionConfiguration", @@ -1566,6 +1566,22 @@ "pattern":"^[-_A-Za-z0-9{][-_A-Za-z0-9\\s:{}\\.]+[-_A-Za-z0-9}]$" }, "Arn":{"type":"string"}, + "AutoDisableFailureCount":{ + "type":"integer", + "max":10, + "min":1 + }, + "AutoDisablePolicy":{ + "type":"structure", + "required":["failureCount"], + "members":{ + "failureCount":{ + "shape":"AutoDisableFailureCount", + "documentation":"

    The number of consecutive scheduled image pipeline executions that must fail before Image Builder automatically disables the pipeline.

    " + } + }, + "documentation":"

    Defines the rules by which an image pipeline is automatically disabled when it fails.

    " + }, "Boolean":{"type":"boolean"}, "BuildType":{ "type":"string", @@ -1714,7 +1730,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The KMS key identifier used to encrypt the component.

    " + "documentation":"

    The KMS key identifier used to encrypt the component. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "encrypted":{ "shape":"NullableBoolean", @@ -2009,6 +2025,10 @@ "type":"list", "member":{"shape":"ComponentVersion"} }, + "ConsecutiveFailures":{ + "type":"integer", + "min":0 + }, "Container":{ "type":"structure", "members":{ @@ -2091,7 +2111,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    Identifies which KMS key is used to encrypt the container image for distribution to the target Region.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies which KMS key is used to encrypt the container image for distribution to the target Region. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "encrypted":{ "shape":"NullableBoolean", @@ -2099,7 +2119,7 @@ }, "parentImage":{ "shape":"NonEmptyString", - "documentation":"

    The base image for the container recipe.

    " + "documentation":"

    The base image for customizations specified in the container recipe. This can contain an Image Builder image resource ARN or a container image URI, for example amazonlinux:latest.

    " }, "dateCreated":{ "shape":"DateTime", @@ -2155,6 +2175,10 @@ "shape":"DateTime", "documentation":"

    The date when this container recipe was created.

    " }, + "instanceImage":{ + "shape":"NonEmptyString", + "documentation":"

    The base image for a container build and test instance. This can contain an AMI ID or it can specify an Amazon Web Services Systems Manager (SSM) Parameter Store Parameter, prefixed by ssm:, followed by the parameter name or ARN.

    If not specified, Image Builder uses the appropriate ECS-optimized AMI as a base image.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    Tags that are attached to the container recipe.

    " @@ -2217,7 +2241,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The ID of the KMS key that is used to encrypt this component.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the KMS key used to encrypt this component. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "tags":{ "shape":"TagMap", @@ -2317,7 +2341,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    Identifies which KMS key is used to encrypt the Dockerfile template.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies which KMS key is used to encrypt the Dockerfile template. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "clientToken":{ "shape":"ClientToken", @@ -2459,6 +2483,10 @@ "executionRole":{ "shape":"RoleNameOrArn", "documentation":"

    The name or Amazon Resource Name (ARN) for the IAM role you create that grants Image Builder access to perform workflow actions.

    " + }, + "loggingConfiguration":{ + "shape":"PipelineLoggingConfiguration", + "documentation":"

    Define logging configuration for the image build process.

    " } } }, @@ -2507,7 +2535,7 @@ }, "parentImage":{ "shape":"NonEmptyString", - "documentation":"

    The base image of the image recipe. The value of the string can be the ARN of the base image or an AMI ID. The format for the ARN follows this example: arn:aws:imagebuilder:us-west-2:aws:image/windows-server-2016-english-full-base-x86/x.x.x. You can provide the specific version that you want to use, or you can use a wildcard in all of the fields. If you enter an AMI ID for the string value, you must have access to the AMI, and the AMI must be in the same Region in which you are using Image Builder.

    " + "documentation":"

    The base image for customizations specified in the image recipe. You can specify the parent image using one of the following options:

    • AMI ID

    • Image Builder image Amazon Resource Name (ARN)

    • Amazon Web Services Systems Manager (SSM) Parameter Store Parameter, prefixed by ssm:, followed by the parameter name or ARN.

    • Amazon Web Services Marketplace product ID

    If you enter an AMI ID or an SSM parameter that contains the AMI ID, you must have access to the AMI, and the AMI must be in the source Region.

    " }, "blockDeviceMappings":{ "shape":"InstanceBlockDeviceMappings", @@ -2525,6 +2553,10 @@ "shape":"AdditionalInstanceConfiguration", "documentation":"

    Specify additional settings and launch scripts for your build instances.

    " }, + "amiTags":{ + "shape":"TagMap", + "documentation":"

    Tags that are applied to the AMI that Image Builder creates during the Build phase prior to image distribution.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.

    ", @@ -2600,6 +2632,10 @@ "executionRole":{ "shape":"RoleNameOrArn", "documentation":"

    The name or Amazon Resource Name (ARN) for the IAM role you create that grants Image Builder access to perform workflow actions.

    " + }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"

    Define logging configuration for the image build process.

    " } } }, @@ -2806,7 +2842,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The ID of the KMS key that is used to encrypt this workflow resource.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the KMS key used to encrypt this workflow resource. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "tags":{ "shape":"TagMap", @@ -3168,6 +3204,10 @@ "fastLaunchConfigurations":{ "shape":"FastLaunchConfigurationList", "documentation":"

    The Windows faster-launching configurations to use for AMI distribution.

    " + }, + "ssmParameterConfigurations":{ + "shape":"SsmParameterConfigurationList", + "documentation":"

    Contains settings to update Amazon Web Services Systems Manager (SSM) Parameter Store Parameters with output AMI IDs from the build by target Region.

    " } }, "documentation":"

    Defines the settings for a specific Region.

    " @@ -3280,7 +3320,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    Use to configure the KMS key to use when encrypting the device.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the KMS key to use when encrypting the device. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "snapshotId":{ "shape":"NonEmptyString", @@ -4112,9 +4152,13 @@ "workflows":{ "shape":"WorkflowConfigurationList", "documentation":"

    Contains the build and test workflows that are associated with the image.

    " + }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"

    The logging configuration that's defined for the image. Image Builder uses the defined settings to direct execution log output during image creation.

    " } }, - "documentation":"

    An Image Builder image. You must specify exactly one recipe for the image – either a container recipe (containerRecipe), which creates a container image, or an image recipe (imageRecipe), which creates an AMI.

    " + "documentation":"

    An Image Builder image resource that keeps track of all of the settings used to create, configure, and distribute output for that image. You must specify exactly one recipe for the image – either a container recipe (containerRecipe), which creates a container image, or an image recipe (imageRecipe), which creates an AMI.

    " }, "ImageAggregation":{ "type":"structure", @@ -4143,6 +4187,16 @@ "type":"string", "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws(?:-[a-z-]+)?):(?:image-recipe|container-recipe|infrastructure-configuration|distribution-configuration|component|image|image-pipeline|lifecycle-policy|workflow\\/(?:build|test|distribution))/[a-z0-9-_]+(?:/(?:(?:x|[0-9]+)\\.(?:x|[0-9]+)\\.(?:x|[0-9]+))(?:/[0-9]+)?)?$" }, + "ImageLoggingConfiguration":{ + "type":"structure", + "members":{ + "logGroupName":{ + "shape":"LogGroupName", + "documentation":"

    The log group name that Image Builder uses for image creation. If not specified, the log group name defaults to /aws/imagebuilder/image-name.

    " + } + }, + "documentation":"

    The logging configuration that's defined for the image. Image Builder uses the defined settings to direct execution log output during image creation.

    " + }, "ImagePackage":{ "type":"structure", "members":{ @@ -4224,6 +4278,10 @@ "shape":"DateTime", "documentation":"

    This is no longer supported, and does not return a value.

    " }, + "lastRunStatus":{ + "shape":"ImageStatus", + "documentation":"

    The status of the last image that this pipeline built, such as BUILDING, TESTING, FAILED, or AVAILABLE.

    " + }, "dateNextRun":{ "shape":"DateTime", "documentation":"

    The next date when the pipeline is scheduled to run.

    " @@ -4243,6 +4301,14 @@ "workflows":{ "shape":"WorkflowConfigurationList", "documentation":"

    Contains the workflows that run for the image pipeline.

    " + }, + "loggingConfiguration":{ + "shape":"PipelineLoggingConfiguration", + "documentation":"

    Defines logging configuration for the output image.

    " + }, + "consecutiveFailures":{ + "shape":"ConsecutiveFailures", + "documentation":"

    Image Builder tracks the number of consecutive failures for scheduled pipeline executions and takes one of the following actions each time it runs on a schedule:

    • If the pipeline execution is successful, the number of consecutive failures resets to zero.

    • If the pipeline execution fails, Image Builder increments the number of consecutive failures. If the failure count exceeds the limit defined in the AutoDisablePolicy, Image Builder disables the pipeline.

    The consecutive failure count is also reset to zero under the following conditions:

    • The pipeline runs manually and succeeds.

    • The pipeline configuration is updated.

    If the pipeline runs manually and fails, the count remains the same. The next scheduled run continues to increment where it left off before.

    " } }, "documentation":"

    Details of an image pipeline.

    " @@ -4306,7 +4372,7 @@ }, "parentImage":{ "shape":"NonEmptyString", - "documentation":"

    The base image of the image recipe.

    " + "documentation":"

    The base image for customizations specified in the image recipe. You can specify the parent image using one of the following options:

    • AMI ID

    • Image Builder image Amazon Resource Name (ARN)

    • Amazon Web Services Systems Manager (SSM) Parameter Store Parameter, prefixed by ssm:, followed by the parameter name or ARN.

    • Amazon Web Services Marketplace product ID

    " }, "blockDeviceMappings":{ "shape":"InstanceBlockDeviceMappings", @@ -4327,6 +4393,10 @@ "additionalInstanceConfiguration":{ "shape":"AdditionalInstanceConfiguration", "documentation":"

    Before you create a new AMI, Image Builder launches temporary Amazon EC2 instances to build and test your image configuration. Instance configuration adds a layer of control over those instances. You can define settings and add scripts to run when an instance is launched from your AMI.

    " + }, + "amiTags":{ + "shape":"TagMap", + "documentation":"

    Tags that are applied to the AMI that Image Builder creates during the Build phase prior to image distribution.

    " } }, "documentation":"

    An image recipe.

    " @@ -4634,6 +4704,10 @@ "lifecycleExecutionId":{ "shape":"LifecycleExecutionId", "documentation":"

    Identifies the last runtime instance of the lifecycle policy to take action on the image.

    " + }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"

    The logging configuration that's defined for the image.

    " } }, "documentation":"

    An image summary.

    " @@ -4775,7 +4849,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The ID of the KMS key that should be used to encrypt this component.

    " + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the KMS key used to encrypt this component. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "tags":{ "shape":"TagMap", @@ -4849,6 +4923,10 @@ "shape":"Uri", "documentation":"

    The uri of the ISO disk file that's stored in Amazon S3.

    " }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"

    Define logging configuration for the image build process.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    Tags that are attached to image resources created from the import.

    " @@ -4907,6 +4985,10 @@ "shape":"NonEmptyString", "documentation":"

    The importTaskId (API) or ImportTaskId (CLI) from the Amazon EC2 VM import process. Image Builder retrieves information from the import process to pull in the AMI that is created from the VM source as the base image for your recipe.

    " }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"

    Define logging configuration for the image build process.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    Tags that are attached to the import resources.

    " @@ -5122,7 +5204,7 @@ "members":{ "image":{ "shape":"NonEmptyString", - "documentation":"

    The AMI ID to use as the base image for a container build and test instance. If not specified, Image Builder will use the appropriate ECS-optimized AMI as a base image.

    " + "documentation":"

    The base image for a container build and test instance. This can contain an AMI ID or it can specify an Amazon Web Services Systems Manager (SSM) Parameter Store Parameter, prefixed by ssm:, followed by the parameter name or ARN.

    If not specified, Image Builder uses the appropriate ECS-optimized AMI as a base image.

    " }, "blockDeviceMappings":{ "shape":"InstanceBlockDeviceMappings", @@ -5801,7 +5883,6 @@ }, "ListComponentBuildVersionsRequest":{ "type":"structure", - "required":["componentVersionArn"], "members":{ "componentVersionArn":{ "shape":"ComponentVersionArn", @@ -5809,7 +5890,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -5852,7 +5933,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -5891,7 +5972,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -5926,7 +6007,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -5954,7 +6035,6 @@ }, "ListImageBuildVersionsRequest":{ "type":"structure", - "required":["imageVersionArn"], "members":{ "imageVersionArn":{ "shape":"ImageVersionArn", @@ -5966,7 +6046,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6002,7 +6082,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6042,7 +6122,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6077,7 +6157,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6108,7 +6188,7 @@ "members":{ "owner":{ "shape":"Ownership", - "documentation":"

    The owner defines which image recipes you want to list. By default, this request will only show image recipes owned by your account. You can use this field to specify if you want to view image recipes owned by yourself, by Amazon, or those image recipes that have been shared with you by other customers.

    " + "documentation":"

    You can specify the recipe owner to filter results by that owner. By default, this request will only show image recipes owned by your account. To filter by a different owner, specify one of the Valid Values that are listed for this parameter.

    " }, "filters":{ "shape":"FilterList", @@ -6116,7 +6196,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6134,7 +6214,7 @@ }, "imageRecipeSummaryList":{ "shape":"ImageRecipeSummaryList", - "documentation":"

    The list of image pipelines.

    " + "documentation":"

    A list of ImageRecipeSummary objects that contain identifying characteristics for the image recipe, such as the name, the Amazon Resource Name (ARN), and the date created, along with other key details.

    " }, "nextToken":{ "shape":"PaginationToken", @@ -6182,7 +6262,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6225,7 +6305,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6264,7 +6344,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6304,7 +6384,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6340,7 +6420,7 @@ "members":{ "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6375,7 +6455,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6423,7 +6503,7 @@ "members":{ "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6447,7 +6527,6 @@ }, "ListWorkflowBuildVersionsRequest":{ "type":"structure", - "required":["workflowVersionArn"], "members":{ "workflowVersionArn":{ "shape":"WorkflowWildcardVersionArn", @@ -6455,7 +6534,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6483,7 +6562,7 @@ "members":{ "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6527,7 +6606,7 @@ "members":{ "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6590,7 +6669,7 @@ }, "maxResults":{ "shape":"RestrictedInteger", - "documentation":"

    The maximum items to return in a request.

    ", + "documentation":"

    Specify the maximum number of items to return in a request.

    ", "box":true }, "nextToken":{ @@ -6612,6 +6691,12 @@ } } }, + "LogGroupName":{ + "type":"string", + "max":512, + "min":1, + "pattern":"^[a-zA-Z0-9\\-_/\\.]{1,512}$" + }, "Logging":{ "type":"structure", "members":{ @@ -6781,6 +6866,20 @@ "EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE" ] }, + "PipelineLoggingConfiguration":{ + "type":"structure", + "members":{ + "imageLogGroupName":{ + "shape":"LogGroupName", + "documentation":"

    The log group name that Image Builder uses for image creation. If not specified, the log group name defaults to /aws/imagebuilder/image-name.

    " + }, + "pipelineLogGroupName":{ + "shape":"LogGroupName", + "documentation":"

    The log group name that Image Builder uses for the log output during creation of a new pipeline. If not specified, the pipeline log group name defaults to /aws/imagebuilder/pipeline/pipeline-name.

    " + } + }, + "documentation":"

    The logging configuration that's defined for pipeline execution.

    " + }, "PipelineStatus":{ "type":"string", "enum":[ @@ -7158,6 +7257,10 @@ "pipelineExecutionStartCondition":{ "shape":"PipelineExecutionStartCondition", "documentation":"

    The start condition configures when the pipeline should trigger a new image build, as follows. If no value is set Image Builder defaults to EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE.

    • EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE (default) – When you use semantic version filters on the base image or components in your image recipe, EC2 Image Builder builds a new image only when there are new versions of the base image or components in your recipe that match the filter.

      For semantic version syntax, see CreateComponent.

    • EXPRESSION_MATCH_ONLY – This condition builds a new image every time the CRON expression matches the current time.

    " + }, + "autoDisablePolicy":{ + "shape":"AutoDisablePolicy", + "documentation":"

    The policy that configures when Image Builder should automatically disable a pipeline that is failing.

    " } }, "documentation":"

    A schedule configures when and how often a pipeline will automatically create a new image.

    " @@ -7270,6 +7373,42 @@ "pattern":"^arn:aws[^:]*:sns:[^:]+:[0-9]{12}:[a-zA-Z0-9-_]{1,256}$" }, "SourceLayerHash":{"type":"string"}, + "SsmParameterConfiguration":{ + "type":"structure", + "required":["parameterName"], + "members":{ + "amiAccountId":{ + "shape":"AccountId", + "documentation":"

    Specify the account that will own the Parameter in a given Region. During distribution, this account must be specified in distribution settings as a target account for the Region.

    " + }, + "parameterName":{ + "shape":"SsmParameterName", + "documentation":"

    This is the name of the Parameter in the target Region or account. The image distribution creates the Parameter if it doesn't already exist. Otherwise, it updates the parameter.

    " + }, + "dataType":{ + "shape":"SsmParameterDataType", + "documentation":"

    The data type specifies what type of value the Parameter contains. We recommend that you use data type aws:ec2:image.

    " + } + }, + "documentation":"

    Configuration for a single Parameter in the Amazon Web Services Systems Manager (SSM) Parameter Store in a given Region.

    " + }, + "SsmParameterConfigurationList":{ + "type":"list", + "member":{"shape":"SsmParameterConfiguration"} + }, + "SsmParameterDataType":{ + "type":"string", + "enum":[ + "text", + "aws:ec2:image" + ] + }, + "SsmParameterName":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"^[a-zA-Z0-9_.\\-\\/]+$" + }, "StartImagePipelineExecutionRequest":{ "type":"structure", "required":[ @@ -7285,6 +7424,10 @@ "shape":"ClientToken", "documentation":"

    Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.

    ", "idempotencyToken":true + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    Specify tags for Image Builder to apply to the image resource that's created When it starts pipeline execution.

    " } } }, @@ -7366,7 +7509,7 @@ "members":{ "uninstallAfterBuild":{ "shape":"NullableBoolean", - "documentation":"

    Controls whether the Systems Manager agent is removed from your final build image, prior to creating the new AMI. If this is set to true, then the agent is removed from the final image. If it's set to false, then the agent is left in, so that it is included in the new AMI. The default value is false.

    " + "documentation":"

    Controls whether the Systems Manager agent is removed from your final build image, prior to creating the new AMI. If this is set to true, then the agent is removed from the final image. If it's set to false, then the agent is left in, so that it is included in the new AMI. default value is false.

    The default behavior of uninstallAfterBuild is to remove the SSM Agent if it was installed by EC2 Image Builder

    " } }, "documentation":"

    Contains settings for the Systems Manager agent on your build instance.

    " @@ -7411,8 +7554,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7453,7 +7595,7 @@ "type":"string", "max":100, "min":3, - "pattern":"[a-zA-Z0-9]{2,}(?:\\/[a-zA-z0-9-_+]+)*" + "pattern":"[a-zA-Z0-9]{2,}(?:\\/[a-zA-Z0-9-_+]+)*" }, "UntagResourceRequest":{ "type":"structure", @@ -7478,8 +7620,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDistributionConfigurationRequest":{ "type":"structure", @@ -7586,6 +7727,10 @@ "shape":"WorkflowConfigurationList", "documentation":"

    Contains the workflows to run for the pipeline.

    " }, + "loggingConfiguration":{ + "shape":"PipelineLoggingConfiguration", + "documentation":"

    Update logging configuration for the output image that's created when the pipeline runs.

    " + }, "executionRole":{ "shape":"RoleNameOrArn", "documentation":"

    The name or Amazon Resource Name (ARN) for the IAM role you create that grants Image Builder access to perform workflow actions.

    " @@ -7869,7 +8014,7 @@ }, "kmsKeyId":{ "shape":"NonEmptyString", - "documentation":"

    The KMS key identifier used to encrypt the workflow resource.

    " + "documentation":"

    The KMS key identifier used to encrypt the workflow resource. This can be either the Key ARN or the Alias ARN. For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " }, "dateCreated":{ "shape":"DateTime", diff -pruN 2.23.6-1/awscli/botocore/data/inspector/2016-02-16/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/inspector/2016-02-16/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/inspector/2016-02-16/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector/2016-02-16/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/inspector/2016-02-16/service-2.json 2.31.35-1/awscli/botocore/data/inspector/2016-02-16/service-2.json --- 2.23.6-1/awscli/botocore/data/inspector/2016-02-16/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector/2016-02-16/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"inspector", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Inspector", "serviceId":"Inspector", "signatureVersion":"v4", "targetPrefix":"InspectorService", - "uid":"inspector-2016-02-16" + "uid":"inspector-2016-02-16", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddAttributesToFindings":{ diff -pruN 2.23.6-1/awscli/botocore/data/inspector-scan/2023-08-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/inspector-scan/2023-08-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/inspector-scan/2023-08-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector-scan/2023-08-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/paginators-1.json 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/paginators-1.json --- 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -87,6 +87,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "scans" + }, + "GetClustersForImage": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "cluster" } } } diff -pruN 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/service-2.json 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/service-2.json --- 2.23.6-1/awscli/botocore/data/inspector2/2020-06-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/inspector2/2020-06-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,8 +2,8 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-06-08", + "auth":["aws.auth#sigv4"], "endpointPrefix":"inspector2", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceAbbreviation":"Inspector2", @@ -11,8 +11,7 @@ "serviceId":"Inspector2", "signatureVersion":"v4", "signingName":"inspector2", - "uid":"inspector2-2020-06-08", - "auth":["aws.auth#sigv4"] + "uid":"inspector2-2020-06-08" }, "operations":{ "AssociateMember":{ @@ -31,7 +30,45 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was started but doesn’t indicate whether it completed. You can check if the association completed using ListMembers for multiple accounts or GetMembers for a single account. An HTTP 402 response indicates the association failed because the organization size exceeded its limit. For information on limits, see Amazon Inspector quotas.

    " + "documentation":"

    Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate whether it was completed. You can check if the association completed by using ListMembers for multiple accounts or GetMembers for a single account.

    " + }, + "BatchAssociateCodeSecurityScanConfiguration":{ + "name":"BatchAssociateCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/batch/associate", + "responseCode":200 + }, + "input":{"shape":"BatchAssociateCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"BatchAssociateCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Associates multiple code repositories with an Amazon Inspector code security scan configuration.

    " + }, + "BatchDisassociateCodeSecurityScanConfiguration":{ + "name":"BatchDisassociateCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/batch/disassociate", + "responseCode":200 + }, + "input":{"shape":"BatchDisassociateCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"BatchDisassociateCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Disassociates multiple code repositories from an Amazon Inspector code security scan configuration.

    " }, "BatchGetAccountStatus":{ "name":"BatchGetAccountStatus", @@ -190,6 +227,44 @@ ], "documentation":"

    Creates a CIS scan configuration.

    " }, + "CreateCodeSecurityIntegration":{ + "name":"CreateCodeSecurityIntegration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/integration/create", + "responseCode":200 + }, + "input":{"shape":"CreateCodeSecurityIntegrationRequest"}, + "output":{"shape":"CreateCodeSecurityIntegrationResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates a code security integration with a source code repository provider.

    After calling the CreateCodeSecurityIntegration operation, you complete authentication and authorization with your provider. Next you call the UpdateCodeSecurityIntegration operation to provide the details to complete the integration setup

    " + }, + "CreateCodeSecurityScanConfiguration":{ + "name":"CreateCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/create", + "responseCode":200 + }, + "input":{"shape":"CreateCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"CreateCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates a scan configuration for code security scanning.

    " + }, "CreateFilter":{ "name":"CreateFilter", "http":{ @@ -264,6 +339,42 @@ ], "documentation":"

    Deletes a CIS scan configuration.

    " }, + "DeleteCodeSecurityIntegration":{ + "name":"DeleteCodeSecurityIntegration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/integration/delete", + "responseCode":200 + }, + "input":{"shape":"DeleteCodeSecurityIntegrationRequest"}, + "output":{"shape":"DeleteCodeSecurityIntegrationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Deletes a code security integration.

    " + }, + "DeleteCodeSecurityScanConfiguration":{ + "name":"DeleteCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/delete", + "responseCode":200 + }, + "input":{"shape":"DeleteCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"DeleteCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Deletes a code security scan configuration.

    " + }, "DeleteFilter":{ "name":"DeleteFilter", "http":{ @@ -425,6 +536,78 @@ ], "documentation":"

    Retrieves CIS scan result details.

    " }, + "GetClustersForImage":{ + "name":"GetClustersForImage", + "http":{ + "method":"POST", + "requestUri":"/cluster/get", + "responseCode":200 + }, + "input":{"shape":"GetClustersForImageRequest"}, + "output":{"shape":"GetClustersForImageResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of clusters and metadata associated with an image.

    " + }, + "GetCodeSecurityIntegration":{ + "name":"GetCodeSecurityIntegration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/integration/get", + "responseCode":200 + }, + "input":{"shape":"GetCodeSecurityIntegrationRequest"}, + "output":{"shape":"GetCodeSecurityIntegrationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves information about a code security integration.

    " + }, + "GetCodeSecurityScan":{ + "name":"GetCodeSecurityScan", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan/get", + "responseCode":200 + }, + "input":{"shape":"GetCodeSecurityScanRequest"}, + "output":{"shape":"GetCodeSecurityScanResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves information about a specific code security scan.

    " + }, + "GetCodeSecurityScanConfiguration":{ + "name":"GetCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/get", + "responseCode":200 + }, + "input":{"shape":"GetCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"GetCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves information about a code security scan configuration.

    " + }, "GetConfiguration":{ "name":"GetConfiguration", "http":{ @@ -634,6 +817,59 @@ ], "documentation":"

    Returns a CIS scan list.

    " }, + "ListCodeSecurityIntegrations":{ + "name":"ListCodeSecurityIntegrations", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/integration/list", + "responseCode":200 + }, + "input":{"shape":"ListCodeSecurityIntegrationsRequest"}, + "output":{"shape":"ListCodeSecurityIntegrationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists all code security integrations in your account.

    " + }, + "ListCodeSecurityScanConfigurationAssociations":{ + "name":"ListCodeSecurityScanConfigurationAssociations", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/associations/list", + "responseCode":200 + }, + "input":{"shape":"ListCodeSecurityScanConfigurationAssociationsRequest"}, + "output":{"shape":"ListCodeSecurityScanConfigurationAssociationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the associations between code repositories and Amazon Inspector code security scan configurations.

    " + }, + "ListCodeSecurityScanConfigurations":{ + "name":"ListCodeSecurityScanConfigurations", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/list", + "responseCode":200 + }, + "input":{"shape":"ListCodeSecurityScanConfigurationsRequest"}, + "output":{"shape":"ListCodeSecurityScanConfigurationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists all code security scan configurations in your account.

    " + }, "ListCoverage":{ "name":"ListCoverage", "http":{ @@ -876,6 +1112,25 @@ "documentation":"

    Starts a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.

    ", "idempotent":true }, + "StartCodeSecurityScan":{ + "name":"StartCodeSecurityScan", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan/start", + "responseCode":200 + }, + "input":{"shape":"StartCodeSecurityScanRequest"}, + "output":{"shape":"StartCodeSecurityScanResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Initiates a code security scan on a specified repository.

    " + }, "StopCisSession":{ "name":"StopCisSession", "http":{ @@ -949,6 +1204,44 @@ ], "documentation":"

    Updates a CIS scan configuration.

    " }, + "UpdateCodeSecurityIntegration":{ + "name":"UpdateCodeSecurityIntegration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/integration/update", + "responseCode":200 + }, + "input":{"shape":"UpdateCodeSecurityIntegrationRequest"}, + "output":{"shape":"UpdateCodeSecurityIntegrationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Updates an existing code security integration.

    After calling the CreateCodeSecurityIntegration operation, you complete authentication and authorization with your provider. Next you call the UpdateCodeSecurityIntegration operation to provide the details to complete the integration setup

    " + }, + "UpdateCodeSecurityScanConfiguration":{ + "name":"UpdateCodeSecurityScanConfiguration", + "http":{ + "method":"POST", + "requestUri":"/codesecurity/scan-configuration/update", + "responseCode":200 + }, + "input":{"shape":"UpdateCodeSecurityScanConfigurationRequest"}, + "output":{"shape":"UpdateCodeSecurityScanConfigurationResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Updates an existing code security scan configuration.

    " + }, "UpdateConfiguration":{ "name":"UpdateConfiguration", "http":{ @@ -1062,7 +1355,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

    You do not have sufficient access to perform this action.

    ", + "documentation":"

    You do not have sufficient access to perform this action.

    For Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.

    ", "error":{ "httpStatusCode":403, "senderFault":true @@ -1073,21 +1366,21 @@ "type":"structure", "required":[ "accountId", - "resourceStatus", - "status" + "status", + "resourceStatus" ], "members":{ "accountId":{ "shape":"AccountId", "documentation":"

    The ID of the Amazon Web Services account.

    " }, - "resourceStatus":{ - "shape":"ResourceStatus", - "documentation":"

    Details of the status of Amazon Inspector scans by resource type.

    " - }, "status":{ "shape":"Status", "documentation":"

    The status of Amazon Inspector for the account.

    " + }, + "resourceStatus":{ + "shape":"ResourceStatus", + "documentation":"

    Details of the status of Amazon Inspector scans by resource type.

    " } }, "documentation":"

    An Amazon Web Services account within your environment that Amazon Inspector has been enabled for.

    " @@ -1103,13 +1396,13 @@ "shape":"AggregationResourceType", "documentation":"

    The type of resource.

    " }, - "sortBy":{ - "shape":"AccountSortBy", - "documentation":"

    The value to sort by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The sort order (ascending or descending).

    " + }, + "sortBy":{ + "shape":"AccountSortBy", + "documentation":"

    The value to sort by.

    " } }, "documentation":"

    An object that contains details about an aggregation response based on Amazon Web Services accounts.

    " @@ -1121,6 +1414,10 @@ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID.

    " }, + "severityCounts":{ + "shape":"SeverityCounts", + "documentation":"

    The number of findings by severity.

    " + }, "exploitAvailableCount":{ "shape":"Long", "documentation":"

    The number of findings that have an exploit available.

    " @@ -1128,10 +1425,6 @@ "fixAvailableCount":{ "shape":"Long", "documentation":"

    Details about the number of fixes.

    " - }, - "severityCounts":{ - "shape":"SeverityCounts", - "documentation":"

    The number of findings by severity.

    " } }, "documentation":"

    An aggregation of findings by Amazon Web Services account ID.

    " @@ -1140,7 +1433,7 @@ "type":"string", "max":12, "min":12, - "pattern":"^\\d{12}$" + "pattern":"\\d{12}" }, "AccountIdFilterList":{ "type":"list", @@ -1170,21 +1463,21 @@ "type":"structure", "required":[ "accountId", - "resourceState", - "state" + "state", + "resourceState" ], "members":{ "accountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID.

    " }, - "resourceState":{ - "shape":"ResourceState", - "documentation":"

    An object detailing which resources Amazon Inspector is enabled to scan for the account.

    " - }, "state":{ "shape":"State", "documentation":"

    An object detailing the status of Amazon Inspector for the account.

    " + }, + "resourceState":{ + "shape":"ResourceState", + "documentation":"

    An object detailing which resources Amazon Inspector is enabled to scan for the account.

    " } }, "documentation":"

    An object with details the status of an Amazon Web Services account within your Amazon Inspector environment.

    " @@ -1231,14 +1524,6 @@ "shape":"ImageLayerAggregation", "documentation":"

    An object that contains details about an aggregation request based on container image layers.

    " }, - "lambdaFunctionAggregation":{ - "shape":"LambdaFunctionAggregation", - "documentation":"

    Returns an object with findings aggregated by Amazon Web Services Lambda function.

    " - }, - "lambdaLayerAggregation":{ - "shape":"LambdaLayerAggregation", - "documentation":"

    Returns an object with findings aggregated by Amazon Web Services Lambda layer.

    " - }, "packageAggregation":{ "shape":"PackageAggregation", "documentation":"

    An object that contains details about an aggregation request based on operating system package type.

    " @@ -1250,6 +1535,18 @@ "titleAggregation":{ "shape":"TitleAggregation", "documentation":"

    An object that contains details about an aggregation request based on finding title.

    " + }, + "lambdaLayerAggregation":{ + "shape":"LambdaLayerAggregation", + "documentation":"

    Returns an object with findings aggregated by Amazon Web Services Lambda layer.

    " + }, + "lambdaFunctionAggregation":{ + "shape":"LambdaFunctionAggregation", + "documentation":"

    Returns an object with findings aggregated by Amazon Web Services Lambda function.

    " + }, + "codeRepositoryAggregation":{ + "shape":"CodeRepositoryAggregation", + "documentation":"

    An object that contains details about an aggregation request based on code repositories.

    " } }, "documentation":"

    Contains details about an aggregation request.

    ", @@ -1260,7 +1557,8 @@ "enum":[ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", - "AWS_LAMBDA_FUNCTION" + "AWS_LAMBDA_FUNCTION", + "CODE_REPOSITORY" ] }, "AggregationResponse":{ @@ -1290,14 +1588,6 @@ "shape":"ImageLayerAggregationResponse", "documentation":"

    An object that contains details about an aggregation response based on container image layers.

    " }, - "lambdaFunctionAggregation":{ - "shape":"LambdaFunctionAggregationResponse", - "documentation":"

    An aggregation of findings by Amazon Web Services Lambda function.

    " - }, - "lambdaLayerAggregation":{ - "shape":"LambdaLayerAggregationResponse", - "documentation":"

    An aggregation of findings by Amazon Web Services Lambda layer.

    " - }, "packageAggregation":{ "shape":"PackageAggregationResponse", "documentation":"

    An object that contains details about an aggregation response based on operating system package type.

    " @@ -1309,6 +1599,18 @@ "titleAggregation":{ "shape":"TitleAggregationResponse", "documentation":"

    An object that contains details about an aggregation response based on finding title.

    " + }, + "lambdaLayerAggregation":{ + "shape":"LambdaLayerAggregationResponse", + "documentation":"

    An aggregation of findings by Amazon Web Services Lambda layer.

    " + }, + "lambdaFunctionAggregation":{ + "shape":"LambdaFunctionAggregationResponse", + "documentation":"

    An aggregation of findings by Amazon Web Services Lambda function.

    " + }, + "codeRepositoryAggregation":{ + "shape":"CodeRepositoryAggregationResponse", + "documentation":"

    An object that contains details about an aggregation response based on code repositories.

    " } }, "documentation":"

    A structure that contains details about the results of an aggregation type.

    ", @@ -1331,7 +1633,8 @@ "IMAGE_LAYER", "ACCOUNT", "AWS_LAMBDA_FUNCTION", - "LAMBDA_LAYER" + "LAMBDA_LAYER", + "CODE_REPOSITORY" ] }, "AmiAggregation":{ @@ -1341,13 +1644,13 @@ "shape":"StringFilterList", "documentation":"

    The IDs of AMIs to aggregate findings for.

    " }, - "sortBy":{ - "shape":"AmiSortBy", - "documentation":"

    The value to sort results by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " + }, + "sortBy":{ + "shape":"AmiSortBy", + "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on Amazon machine images (AMIs).

    " @@ -1356,28 +1659,28 @@ "type":"structure", "required":["ami"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID for the AMI.

    " - }, - "affectedInstances":{ - "shape":"Long", - "documentation":"

    The IDs of Amazon EC2 instances using this AMI.

    " - }, "ami":{ "shape":"AmiId", "documentation":"

    The ID of the AMI that findings were aggregated for.

    " }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID for the AMI.

    " + }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that contains the count of matched findings per severity.

    " + }, + "affectedInstances":{ + "shape":"Long", + "documentation":"

    The IDs of Amazon EC2 instances using this AMI.

    " } }, "documentation":"

    A response that contains the results of a finding aggregation by AMI.

    " }, "AmiId":{ "type":"string", - "pattern":"^ami-([a-z0-9]{8}|[a-z0-9]{17}|\\*)$" + "pattern":"ami-([a-z0-9]{8}|[a-z0-9]{17}|\\*)" }, "AmiSortBy":{ "type":"string", @@ -1406,6 +1709,27 @@ "max":1011, "min":1 }, + "AssociateConfigurationRequest":{ + "type":"structure", + "required":[ + "scanConfigurationArn", + "resource" + ], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration.

    " + }, + "resource":{"shape":"CodeSecurityResource"} + }, + "documentation":"

    Contains details about a request to associate a code repository with a scan configuration.

    " + }, + "AssociateConfigurationRequestList":{ + "type":"list", + "member":{"shape":"AssociateConfigurationRequest"}, + "max":25, + "min":1 + }, "AssociateMemberRequest":{ "type":"structure", "required":["accountId"], @@ -1426,6 +1750,21 @@ } } }, + "AssociationResultStatusCode":{ + "type":"string", + "enum":[ + "INTERNAL_ERROR", + "ACCESS_DENIED", + "SCAN_CONFIGURATION_NOT_FOUND", + "INVALID_INPUT", + "RESOURCE_NOT_FOUND", + "QUOTA_EXCEEDED" + ] + }, + "AssociationResultStatusMessage":{ + "type":"string", + "min":1 + }, "AtigData":{ "type":"structure", "members":{ @@ -1448,6 +1787,10 @@ }, "documentation":"

    The Amazon Web Services Threat Intel Group (ATIG) details for a specific vulnerability.

    " }, + "AuthorizationUrl":{ + "type":"string", + "sensitive":true + }, "AutoEnable":{ "type":"structure", "required":[ @@ -1469,7 +1812,11 @@ }, "lambdaCode":{ "shape":"Boolean", - "documentation":"

    Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. 

     </p>
    " + "documentation":"

    Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization.

    " + }, + "codeRepository":{ + "shape":"Boolean", + "documentation":"

    Represents whether code repository scans are automatically enabled for new members of your Amazon Inspector organization.

    " } }, "documentation":"

    Represents which scan types are automatically enabled for new members of your Amazon Inspector organization.

    " @@ -1477,9 +1824,9 @@ "AwsEc2InstanceDetails":{ "type":"structure", "members":{ - "iamInstanceProfileArn":{ + "type":{ "shape":"NonEmptyString", - "documentation":"

    The IAM instance profile ARN of the Amazon EC2 instance.

    " + "documentation":"

    The type of the Amazon EC2 instance.

    " }, "imageId":{ "shape":"NonEmptyString", @@ -1497,25 +1844,25 @@ "shape":"NonEmptyString", "documentation":"

    The name of the key pair used to launch the Amazon EC2 instance.

    " }, - "launchedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the Amazon EC2 instance was launched at.

    " + "iamInstanceProfileArn":{ + "shape":"NonEmptyString", + "documentation":"

    The IAM instance profile ARN of the Amazon EC2 instance.

    " }, - "platform":{ - "shape":"Platform", - "documentation":"

    The platform of the Amazon EC2 instance.

    " + "vpcId":{ + "shape":"NonEmptyString", + "documentation":"

    The VPC ID of the Amazon EC2 instance.

    " }, "subnetId":{ "shape":"NonEmptyString", "documentation":"

    The subnet ID of the Amazon EC2 instance.

    " }, - "type":{ - "shape":"NonEmptyString", - "documentation":"

    The type of the Amazon EC2 instance.

    " + "launchedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the Amazon EC2 instance was launched at.

    " }, - "vpcId":{ - "shape":"NonEmptyString", - "documentation":"

    The VPC ID of the Amazon EC2 instance.

    " + "platform":{ + "shape":"Platform", + "documentation":"

    The platform of the Amazon EC2 instance.

    " } }, "documentation":"

    Details of the Amazon EC2 instance involved in a finding.

    " @@ -1523,33 +1870,41 @@ "AwsEcrContainerAggregation":{ "type":"structure", "members":{ - "architectures":{ + "resourceIds":{ "shape":"StringFilterList", - "documentation":"

    The architecture of the containers.

    " + "documentation":"

    The container resource IDs.

    " }, "imageShas":{ "shape":"StringFilterList", "documentation":"

    The image SHA values.

    " }, - "imageTags":{ - "shape":"StringFilterList", - "documentation":"

    The image tags.

    " - }, "repositories":{ "shape":"StringFilterList", "documentation":"

    The container repositories.

    " }, - "resourceIds":{ + "architectures":{ "shape":"StringFilterList", - "documentation":"

    The container resource IDs.

    " + "documentation":"

    The architecture of the containers.

    " }, - "sortBy":{ - "shape":"AwsEcrContainerSortBy", - "documentation":"

    The value to sort by.

    " + "imageTags":{ + "shape":"StringFilterList", + "documentation":"

    The image tags.

    " }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The sort order (ascending or descending).

    " + }, + "sortBy":{ + "shape":"AwsEcrContainerSortBy", + "documentation":"

    The value to sort by.

    " + }, + "lastInUseAt":{ + "shape":"DateFilterList", + "documentation":"

    The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.

    " + }, + "inUseCount":{ + "shape":"NumberFilterList", + "documentation":"

    The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.

    " } }, "documentation":"

    An aggregation of information about Amazon ECR containers.

    " @@ -1558,33 +1913,41 @@ "type":"structure", "required":["resourceId"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID of the account that owns the container.

    " - }, - "architecture":{ - "shape":"String", - "documentation":"

    The architecture of the container.

    " + "resourceId":{ + "shape":"NonEmptyString", + "documentation":"

    The resource ID of the container.

    " }, "imageSha":{ "shape":"String", "documentation":"

    The SHA value of the container image.

    " }, - "imageTags":{ - "shape":"StringList", - "documentation":"

    The container image stags.

    " - }, "repository":{ "shape":"String", "documentation":"

    The container repository.

    " }, - "resourceId":{ - "shape":"NonEmptyString", - "documentation":"

    The resource ID of the container.

    " + "architecture":{ + "shape":"String", + "documentation":"

    The architecture of the container.

    " + }, + "imageTags":{ + "shape":"StringList", + "documentation":"

    The container image stags.

    " + }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID of the account that owns the container.

    " }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    The number of finding by severity.

    " + }, + "lastInUseAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.

    " + }, + "inUseCount":{ + "shape":"Long", + "documentation":"

    The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.

    " } }, "documentation":"

    An aggregation of information about Amazon ECR containers.

    " @@ -1592,42 +1955,50 @@ "AwsEcrContainerImageDetails":{ "type":"structure", "required":[ + "repositoryName", "imageHash", - "registry", - "repositoryName" + "registry" ], "members":{ - "architecture":{ + "repositoryName":{ "shape":"NonEmptyString", - "documentation":"

    The architecture of the Amazon ECR container image.

    " + "documentation":"

    The name of the repository the Amazon ECR container image resides in.

    " + }, + "imageTags":{ + "shape":"ImageTagList", + "documentation":"

    The image tags attached to the Amazon ECR container image.

    " + }, + "pushedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the Amazon ECR container image was pushed.

    " }, "author":{ "shape":"String", "documentation":"

    The image author of the Amazon ECR container image.

    " }, + "architecture":{ + "shape":"NonEmptyString", + "documentation":"

    The architecture of the Amazon ECR container image.

    " + }, "imageHash":{ "shape":"ImageHash", "documentation":"

    The image hash of the Amazon ECR container image.

    " }, - "imageTags":{ - "shape":"ImageTagList", - "documentation":"

    The image tags attached to the Amazon ECR container image.

    " + "registry":{ + "shape":"NonEmptyString", + "documentation":"

    The registry for the Amazon ECR container image.

    " }, "platform":{ "shape":"Platform", "documentation":"

    The platform of the Amazon ECR container image.

    " }, - "pushedAt":{ + "lastInUseAt":{ "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the Amazon ECR container image was pushed.

    " + "documentation":"

    The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.

    " }, - "registry":{ - "shape":"NonEmptyString", - "documentation":"

    The registry for the Amazon ECR container image.

    " - }, - "repositoryName":{ - "shape":"NonEmptyString", - "documentation":"

    The name of the repository the Amazon ECR container image resides in.

    " + "inUseCount":{ + "shape":"Long", + "documentation":"

    The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.

    " } }, "documentation":"

    The image details of the Amazon ECR container image.

    " @@ -1640,55 +2011,136 @@ "ALL" ] }, + "AwsEcsMetadataDetails":{ + "type":"structure", + "required":[ + "detailsGroup", + "taskDefinitionArn" + ], + "members":{ + "detailsGroup":{ + "shape":"AwsEcsMetadataDetailsDetailsGroupString", + "documentation":"

    The details group information for a task in a cluster.

    " + }, + "taskDefinitionArn":{ + "shape":"AwsEcsMetadataDetailsTaskDefinitionArnString", + "documentation":"

    The task definition ARN.

    " + } + }, + "documentation":"

    Metadata about tasks where an image was in use.

    " + }, + "AwsEcsMetadataDetailsDetailsGroupString":{ + "type":"string", + "max":256, + "min":1 + }, + "AwsEcsMetadataDetailsTaskDefinitionArnString":{ + "type":"string", + "max":2048, + "min":1 + }, + "AwsEksMetadataDetails":{ + "type":"structure", + "members":{ + "namespace":{ + "shape":"AwsEksMetadataDetailsNamespaceString", + "documentation":"

    The namespace for an Amazon EKS cluster.

    " + }, + "workloadInfoList":{ + "shape":"AwsEksWorkloadInfoList", + "documentation":"

    The list of workloads.

    " + } + }, + "documentation":"

    The metadata for an Amazon EKS pod where an Amazon ECR image is in use.

    " + }, + "AwsEksMetadataDetailsNamespaceString":{ + "type":"string", + "max":256, + "min":1 + }, + "AwsEksWorkloadInfo":{ + "type":"structure", + "required":[ + "name", + "type" + ], + "members":{ + "name":{ + "shape":"AwsEksWorkloadInfoNameString", + "documentation":"

    The name of the workload.

    " + }, + "type":{ + "shape":"AwsEksWorkloadInfoTypeString", + "documentation":"

    The workload type.

    " + } + }, + "documentation":"

    Information about the workload.

    " + }, + "AwsEksWorkloadInfoList":{ + "type":"list", + "member":{"shape":"AwsEksWorkloadInfo"}, + "max":100, + "min":0 + }, + "AwsEksWorkloadInfoNameString":{ + "type":"string", + "max":256, + "min":1 + }, + "AwsEksWorkloadInfoTypeString":{ + "type":"string", + "max":256, + "min":1 + }, "AwsLambdaFunctionDetails":{ "type":"structure", "required":[ - "codeSha256", - "executionRoleArn", "functionName", "runtime", - "version" + "codeSha256", + "version", + "executionRoleArn" ], "members":{ - "architectures":{ - "shape":"ArchitectureList", - "documentation":"

    The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is x86_64.

    " + "functionName":{ + "shape":"FunctionName", + "documentation":"

    The name of the Amazon Web Services Lambda function.

    " + }, + "runtime":{ + "shape":"Runtime", + "documentation":"

    The runtime environment for the Amazon Web Services Lambda function.

    " }, "codeSha256":{ "shape":"NonEmptyString", "documentation":"

    The SHA256 hash of the Amazon Web Services Lambda function's deployment package.

    " }, + "version":{ + "shape":"Version", + "documentation":"

    The version of the Amazon Web Services Lambda function.

    " + }, "executionRoleArn":{ "shape":"ExecutionRoleArn", "documentation":"

    The Amazon Web Services Lambda function's execution role.

    " }, - "functionName":{ - "shape":"FunctionName", - "documentation":"

    The name of the Amazon Web Services Lambda function.

    " - }, - "lastModifiedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that a user last updated the configuration, in ISO 8601 format

    " - }, "layers":{ "shape":"LayerList", "documentation":"

    The Amazon Web Services Lambda function's layers. A Lambda function can have up to five layers.

    " }, + "vpcConfig":{ + "shape":"LambdaVpcConfig", + "documentation":"

    The Amazon Web Services Lambda function's networking configuration.

    " + }, "packageType":{ "shape":"PackageType", "documentation":"

    The type of deployment package. Set to Image for container image and set Zip for .zip file archive.

    " }, - "runtime":{ - "shape":"Runtime", - "documentation":"

    The runtime environment for the Amazon Web Services Lambda function.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the Amazon Web Services Lambda function.

    " + "architectures":{ + "shape":"ArchitectureList", + "documentation":"

    The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is x86_64.

    " }, - "vpcConfig":{ - "shape":"LambdaVpcConfig", - "documentation":"

    The Amazon Web Services Lambda function's networking configuration.

    " + "lastModifiedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that a user last updated the configuration, in ISO 8601 format

    " } }, "documentation":"

    A summary of information about the Amazon Web Services Lambda function.

    " @@ -1706,6 +2158,52 @@ }, "exception":true }, + "BatchAssociateCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":["associateConfigurationRequests"], + "members":{ + "associateConfigurationRequests":{ + "shape":"AssociateConfigurationRequestList", + "documentation":"

    A list of code repositories to associate with the specified scan configuration.

    " + } + } + }, + "BatchAssociateCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "members":{ + "failedAssociations":{ + "shape":"FailedAssociationResultList", + "documentation":"

    Details of any code repositories that failed to be associated with the scan configuration.

    " + }, + "successfulAssociations":{ + "shape":"SuccessfulAssociationResultList", + "documentation":"

    Details of code repositories that were successfully associated with the scan configuration.

    " + } + } + }, + "BatchDisassociateCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":["disassociateConfigurationRequests"], + "members":{ + "disassociateConfigurationRequests":{ + "shape":"DisassociateConfigurationRequestList", + "documentation":"

    A list of code repositories to disassociate from the specified scan configuration.

    " + } + } + }, + "BatchDisassociateCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "members":{ + "failedAssociations":{ + "shape":"FailedAssociationResultList", + "documentation":"

    Details of any code repositories that failed to be disassociated from the scan configuration.

    " + }, + "successfulAssociations":{ + "shape":"SuccessfulAssociationResultList", + "documentation":"

    Details of code repositories that were successfully disassociated from the scan configuration.

    " + } + } + }, "BatchGetAccountStatusRequest":{ "type":"structure", "members":{ @@ -1771,13 +2269,13 @@ "BatchGetFindingDetailsResponse":{ "type":"structure", "members":{ - "errors":{ - "shape":"FindingDetailsErrorList", - "documentation":"

    Error information for findings that details could not be returned for.

    " - }, "findingDetails":{ "shape":"FindingDetails", "documentation":"

    A finding's vulnerability details.

    " + }, + "errors":{ + "shape":"FindingDetailsErrorList", + "documentation":"

    Error information for findings that details could not be returned for.

    " } } }, @@ -1819,7 +2317,7 @@ "members":{ "accountIds":{ "shape":"AccountIdSet", - "documentation":"

    The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for. 

     </p>
    " + "documentation":"

    The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for.

    " } } }, @@ -1828,11 +2326,11 @@ "members":{ "accountIds":{ "shape":"MemberAccountEc2DeepInspectionStatusStateList", - "documentation":"

    An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts. 

     </p>
    " + "documentation":"

    An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts.

    " }, "failedAccountIds":{ "shape":"FailedMemberAccountEc2DeepInspectionStatusStateList", - "documentation":"

    An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why. 

     </p>
    " + "documentation":"

    An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why.

    " } } }, @@ -1933,37 +2431,37 @@ "type":"structure", "required":["scanArn"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The account ID for the CIS check.

    " - }, - "checkDescription":{ - "shape":"String", - "documentation":"

    The description for the CIS check.

    " + "scanArn":{ + "shape":"CisScanArn", + "documentation":"

    The scan ARN for the CIS check scan ARN.

    " }, "checkId":{ "shape":"String", "documentation":"

    The check ID for the CIS check.

    " }, + "title":{ + "shape":"String", + "documentation":"

    The CIS check title.

    " + }, + "checkDescription":{ + "shape":"String", + "documentation":"

    The description for the CIS check.

    " + }, "level":{ "shape":"CisSecurityLevel", "documentation":"

    The CIS check level.

    " }, - "platform":{ - "shape":"String", - "documentation":"

    The CIS check platform.

    " - }, - "scanArn":{ - "shape":"CisScanArn", - "documentation":"

    The scan ARN for the CIS check scan ARN.

    " + "accountId":{ + "shape":"AccountId", + "documentation":"

    The account ID for the CIS check.

    " }, "statusCounts":{ "shape":"StatusCounts", "documentation":"

    The CIS check status counts.

    " }, - "title":{ + "platform":{ "shape":"String", - "documentation":"

    The CIS check title.

    " + "documentation":"

    The CIS check platform.

    " } }, "documentation":"

    A CIS check.

    " @@ -1990,7 +2488,7 @@ }, "CisFindingArn":{ "type":"string", - "pattern":"^arn:aws(-gov|-cn)?:inspector2:[-.a-z0-9]{0,20}:\\d{12}:owner/\\d{12}/cis-finding/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$" + "pattern":"arn:aws(-gov|-cn)?:inspector2:[-.a-z0-9]{0,20}:\\d{12}:owner/\\d{12}/cis-finding/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}" }, "CisFindingArnFilterList":{ "type":"list", @@ -2037,13 +2535,13 @@ "CisNumberFilter":{ "type":"structure", "members":{ - "lowerInclusive":{ - "shape":"Integer", - "documentation":"

    The CIS number filter's lower inclusive.

    " - }, "upperInclusive":{ "shape":"Integer", "documentation":"

    The CIS number filter's upper inclusive.

    " + }, + "lowerInclusive":{ + "shape":"Integer", + "documentation":"

    The CIS number filter's lower inclusive.

    " } }, "documentation":"

    The CIS number filter.

    " @@ -2056,7 +2554,7 @@ }, "CisOwnerId":{ "type":"string", - "pattern":"^\\d{12}|o-[a-z0-9]{10,32}$" + "pattern":"\\d{12}|o-[a-z0-9]{10,32}" }, "CisReportFormat":{ "type":"string", @@ -2133,10 +2631,6 @@ "scanConfigurationArn" ], "members":{ - "failedChecks":{ - "shape":"Integer", - "documentation":"

    The CIS scan's failed checks.

    " - }, "scanArn":{ "shape":"CisScanArn", "documentation":"

    The CIS scan's ARN.

    " @@ -2145,40 +2639,44 @@ "shape":"CisScanConfigurationArn", "documentation":"

    The CIS scan's configuration ARN.

    " }, - "scanDate":{ - "shape":"Timestamp", - "documentation":"

    The CIS scan's date.

    " + "status":{ + "shape":"CisScanStatus", + "documentation":"

    The CIS scan's status.

    " }, "scanName":{ "shape":"CisScanName", "documentation":"

    The the name of the scan configuration that's associated with this scan.

    " }, - "scheduledBy":{ - "shape":"String", - "documentation":"

    The account or organization that schedules the CIS scan.

    " + "scanDate":{ + "shape":"Timestamp", + "documentation":"

    The CIS scan's date.

    " }, - "securityLevel":{ - "shape":"CisSecurityLevel", - "documentation":"

    The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile.

    " + "failedChecks":{ + "shape":"Integer", + "documentation":"

    The CIS scan's failed checks.

    " }, - "status":{ - "shape":"CisScanStatus", - "documentation":"

    The CIS scan's status.

    " + "totalChecks":{ + "shape":"Integer", + "documentation":"

    The CIS scan's total checks.

    " }, "targets":{ "shape":"CisTargets", "documentation":"

    The CIS scan's targets.

    " }, - "totalChecks":{ - "shape":"Integer", - "documentation":"

    The CIS scan's total checks.

    " + "scheduledBy":{ + "shape":"String", + "documentation":"

    The account or organization that schedules the CIS scan.

    " + }, + "securityLevel":{ + "shape":"CisSecurityLevel", + "documentation":"

    The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile.

    " } }, "documentation":"

    The CIS scan.

    " }, "CisScanArn":{ "type":"string", - "pattern":"^arn:aws(-us-gov|-cn)?:inspector2:[-.a-z0-9]{0,20}:\\d{12}:owner/(\\d{12}|o-[a-z0-9]{10,32})/cis-scan/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$" + "pattern":"arn:aws(-us-gov|-cn)?:inspector2:[-.a-z0-9]{0,20}:\\d{12}:owner/(\\d{12}|o-[a-z0-9]{10,32})/cis-scan/[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}" }, "CisScanArnFilterList":{ "type":"list", @@ -2190,40 +2688,40 @@ "type":"structure", "required":["scanConfigurationArn"], "members":{ - "ownerId":{ - "shape":"CisOwnerId", - "documentation":"

    The CIS scan configuration's owner ID.

    " - }, "scanConfigurationArn":{ "shape":"CisScanConfigurationArn", "documentation":"

    The CIS scan configuration's scan configuration ARN.

    " }, + "ownerId":{ + "shape":"CisOwnerId", + "documentation":"

    The CIS scan configuration's owner ID.

    " + }, "scanName":{ "shape":"CisScanName", "documentation":"

    The name of the CIS scan configuration.

    " }, - "schedule":{ - "shape":"Schedule", - "documentation":"

    The CIS scan configuration's schedule.

    " - }, "securityLevel":{ "shape":"CisSecurityLevel", "documentation":"

    The CIS scan configuration's security level.

    " }, - "tags":{ - "shape":"CisTagMap", - "documentation":"

    The CIS scan configuration's tags.

    " + "schedule":{ + "shape":"Schedule", + "documentation":"

    The CIS scan configuration's schedule.

    " }, "targets":{ "shape":"CisTargets", "documentation":"

    The CIS scan configuration's targets.

    " + }, + "tags":{ + "shape":"CisTagMap", + "documentation":"

    The CIS scan configuration's tags.

    " } }, "documentation":"

    The CIS scan configuration.

    " }, "CisScanConfigurationArn":{ "type":"string", - "pattern":"^arn:aws(-us-gov|-cn)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-[0-9]{1}:[0-9]{12}:owner/(o-[a-z0-9]+|[0-9]{12})/cis-configuration/[0-9a-fA-F-]+$" + "pattern":"arn:aws(-us-gov|-cn)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-[0-9]{1}:[0-9]{12}:owner/(o-[a-z0-9]+|[0-9]{12})/cis-configuration/[0-9a-fA-F-]+" }, "CisScanConfigurationArnFilterList":{ "type":"list", @@ -2271,38 +2769,22 @@ "type":"structure", "required":["scanArn"], "members":{ + "scanArn":{ + "shape":"CisScanArn", + "documentation":"

    The CIS scan result details' scan ARN.

    " + }, "accountId":{ "shape":"AccountId", "documentation":"

    The CIS scan result details' account ID.

    " }, - "checkDescription":{ - "shape":"String", - "documentation":"

    The account ID that's associated with the CIS scan result details.

    " - }, - "checkId":{ - "shape":"String", - "documentation":"

    The CIS scan result details' check ID.

    " - }, - "findingArn":{ - "shape":"CisFindingArn", - "documentation":"

    The CIS scan result details' finding ARN.

    " - }, - "level":{ - "shape":"CisSecurityLevel", - "documentation":"

    The CIS scan result details' level.

    " + "targetResourceId":{ + "shape":"ResourceId", + "documentation":"

    The CIS scan result details' target resource ID.

    " }, "platform":{ "shape":"String", "documentation":"

    The CIS scan result details' platform.

    " }, - "remediation":{ - "shape":"String", - "documentation":"

    The CIS scan result details' remediation.

    " - }, - "scanArn":{ - "shape":"CisScanArn", - "documentation":"

    The CIS scan result details' scan ARN.

    " - }, "status":{ "shape":"CisFindingStatus", "documentation":"

    The CIS scan result details' status.

    " @@ -2311,13 +2793,29 @@ "shape":"String", "documentation":"

    The CIS scan result details' status reason.

    " }, - "targetResourceId":{ - "shape":"ResourceId", - "documentation":"

    The CIS scan result details' target resource ID.

    " + "checkId":{ + "shape":"String", + "documentation":"

    The CIS scan result details' check ID.

    " }, "title":{ "shape":"String", "documentation":"

    The CIS scan result details' title.

    " + }, + "checkDescription":{ + "shape":"String", + "documentation":"

    The account ID that's associated with the CIS scan result details.

    " + }, + "remediation":{ + "shape":"String", + "documentation":"

    The CIS scan result details' remediation.

    " + }, + "level":{ + "shape":"CisSecurityLevel", + "documentation":"

    The CIS scan result details' level.

    " + }, + "findingArn":{ + "shape":"CisFindingArn", + "documentation":"

    The CIS scan result details' finding ARN.

    " } }, "documentation":"

    The CIS scan result details.

    " @@ -2325,25 +2823,25 @@ "CisScanResultDetailsFilterCriteria":{ "type":"structure", "members":{ + "findingStatusFilters":{ + "shape":"CisFindingStatusFilterList", + "documentation":"

    The criteria's finding status filters.

    " + }, "checkIdFilters":{ "shape":"CheckIdFilterList", "documentation":"

    The criteria's check ID filters.

    " }, - "findingArnFilters":{ - "shape":"CisFindingArnFilterList", - "documentation":"

    The criteria's finding ARN filters.

    " - }, - "findingStatusFilters":{ - "shape":"CisFindingStatusFilterList", - "documentation":"

    The criteria's finding status filters.

    " + "titleFilters":{ + "shape":"TitleFilterList", + "documentation":"

    The criteria's title filters.

    " }, "securityLevelFilters":{ "shape":"CisSecurityLevelFilterList", "documentation":"

    The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile.

    " }, - "titleFilters":{ - "shape":"TitleFilterList", - "documentation":"

    The criteria's title filters.

    " + "findingArnFilters":{ + "shape":"CisFindingArnFilterList", + "documentation":"

    The criteria's finding ARN filters.

    " } }, "documentation":"

    The CIS scan result details filter criteria.

    " @@ -2372,21 +2870,21 @@ "shape":"CheckIdFilterList", "documentation":"

    The criteria's check ID filters.

    " }, - "failedResourcesFilters":{ - "shape":"CisNumberFilterList", - "documentation":"

    The criteria's failed resources filters.

    " + "titleFilters":{ + "shape":"TitleFilterList", + "documentation":"

    The criteria's title filters.

    " }, "platformFilters":{ "shape":"PlatformFilterList", "documentation":"

    The criteria's platform filters.

    " }, + "failedResourcesFilters":{ + "shape":"CisNumberFilterList", + "documentation":"

    The criteria's failed resources filters.

    " + }, "securityLevelFilters":{ "shape":"CisSecurityLevelFilterList", "documentation":"

    The criteria's security level filters.

    " - }, - "titleFilters":{ - "shape":"TitleFilterList", - "documentation":"

    The criteria's title filters.

    " } }, "documentation":"

    The scan results aggregated by checks filter criteria.

    " @@ -2408,22 +2906,14 @@ "shape":"AccountIdFilterList", "documentation":"

    The criteria's account ID filters.

    " }, - "checkIdFilters":{ - "shape":"CheckIdFilterList", - "documentation":"

    The criteria's check ID filters.

    " - }, - "failedChecksFilters":{ - "shape":"CisNumberFilterList", - "documentation":"

    The criteria's failed checks filters.

    " - }, - "platformFilters":{ - "shape":"PlatformFilterList", - "documentation":"

    The criteria's platform filters.

    " - }, "statusFilters":{ "shape":"CisResultStatusFilterList", "documentation":"

    The criteria's status filter.

    " }, + "checkIdFilters":{ + "shape":"CheckIdFilterList", + "documentation":"

    The criteria's check ID filters.

    " + }, "targetResourceIdFilters":{ "shape":"ResourceIdFilterList", "documentation":"

    The criteria's target resource ID filters.

    " @@ -2432,6 +2922,10 @@ "shape":"ResourceTagFilterList", "documentation":"

    The criteria's target resource tag filters.

    " }, + "platformFilters":{ + "shape":"PlatformFilterList", + "documentation":"

    The criteria's platform filters.

    " + }, "targetStatusFilters":{ "shape":"TargetStatusFilterList", "documentation":"

    The criteria's target status filters.

    " @@ -2439,6 +2933,10 @@ "targetStatusReasonFilters":{ "shape":"TargetStatusReasonFilterList", "documentation":"

    The criteria's target status reason filters.

    " + }, + "failedChecksFilters":{ + "shape":"CisNumberFilterList", + "documentation":"

    The criteria's failed checks filters.

    " } }, "documentation":"

    The scan results aggregated by target resource filter criteria.

    " @@ -2541,15 +3039,11 @@ "CisSessionMessage":{ "type":"structure", "required":[ - "cisRuleDetails", "ruleId", - "status" + "status", + "cisRuleDetails" ], "members":{ - "cisRuleDetails":{ - "shape":"CisRuleDetails", - "documentation":"

    The CIS rule details for the CIS session message.

    " - }, "ruleId":{ "shape":"RuleId", "documentation":"

    The rule ID for the CIS session message.

    " @@ -2557,6 +3051,10 @@ "status":{ "shape":"CisRuleStatus", "documentation":"

    The status of the CIS session message.

    " + }, + "cisRuleDetails":{ + "shape":"CisRuleDetails", + "documentation":"

    The CIS rule details for the CIS session message.

    " } }, "documentation":"

    The CIS session message.

    " @@ -2609,30 +3107,30 @@ "type":"structure", "required":["scanArn"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The account ID for the CIS target resource.

    " - }, - "platform":{ - "shape":"String", - "documentation":"

    The platform for the CIS target resource.

    " - }, "scanArn":{ "shape":"CisScanArn", "documentation":"

    The scan ARN for the CIS target resource.

    " }, - "statusCounts":{ - "shape":"StatusCounts", - "documentation":"

    The target resource status counts.

    " - }, "targetResourceId":{ "shape":"ResourceId", "documentation":"

    The ID of the target resource.

    " }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The account ID for the CIS target resource.

    " + }, "targetResourceTags":{ "shape":"TargetResourceTags", "documentation":"

    The tag for the target resource.

    " }, + "statusCounts":{ + "shape":"StatusCounts", + "documentation":"

    The target resource status counts.

    " + }, + "platform":{ + "shape":"String", + "documentation":"

    The platform for the CIS target resource.

    " + }, "targetStatus":{ "shape":"CisTargetStatus", "documentation":"

    The status of the target resource.

    " @@ -2727,10 +3225,6 @@ "CisaData":{ "type":"structure", "members":{ - "action":{ - "shape":"CisaAction", - "documentation":"

    The remediation action recommended by CISA for this vulnerability.

    " - }, "dateAdded":{ "shape":"CisaDateAdded", "documentation":"

    The date and time CISA added this vulnerability to their catalogue.

    " @@ -2738,6 +3232,10 @@ "dateDue":{ "shape":"CisaDateDue", "documentation":"

    The date and time CISA expects a fix to have been provided vulnerability.

    " + }, + "action":{ + "shape":"CisaAction", + "documentation":"

    The remediation action recommended by CISA for this vulnerability.

    " } }, "documentation":"

    The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.

    " @@ -2749,19 +3247,101 @@ "max":64, "min":1 }, + "ClusterDetails":{ + "type":"structure", + "required":[ + "lastInUse", + "clusterMetadata" + ], + "members":{ + "lastInUse":{ + "shape":"Timestamp", + "documentation":"

    The last timestamp when Amazon Inspector recorded the image in use in the task or pod in the cluster.

    " + }, + "runningUnitCount":{ + "shape":"Long", + "documentation":"

    The number of tasks or pods where an image was running on the cluster.

    " + }, + "stoppedUnitCount":{ + "shape":"Long", + "documentation":"

    The number of tasks or pods where an image was stopped on the cluster in the last 24 hours.

    " + }, + "clusterMetadata":{"shape":"ClusterMetadata"} + }, + "documentation":"

    Details about the task or pod in the cluster.

    " + }, + "ClusterForImageFilterCriteria":{ + "type":"structure", + "required":["resourceId"], + "members":{ + "resourceId":{ + "shape":"ClusterForImageFilterCriteriaResourceIdString", + "documentation":"

    The resource Id to be used in the filter criteria.

    " + } + }, + "documentation":"

    The filter criteria to be used.

    " + }, + "ClusterForImageFilterCriteriaResourceIdString":{ + "type":"string", + "pattern":"arn:.*:ecr:.*:\\d{12}:repository\\/(?:[a-z0-9]+(?:[._-][a-z0-9]+)*\\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*(\\/sha256:[a-z0-9]{64})?" + }, + "ClusterInformation":{ + "type":"structure", + "required":["clusterArn"], + "members":{ + "clusterArn":{ + "shape":"ClusterInformationClusterArnString", + "documentation":"

    The cluster ARN.

    " + }, + "clusterDetails":{ + "shape":"ClusterInformationClusterDetailsList", + "documentation":"

    Details about the cluster.

    " + } + }, + "documentation":"

    Information about the cluster.

    " + }, + "ClusterInformationClusterArnString":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(?:-[a-z0-9-]+)?:(?:ecs|eks):[a-z0-9-]+:[0-9]{12}:cluster/[a-zA-Z0-9_-]+" + }, + "ClusterInformationClusterDetailsList":{ + "type":"list", + "member":{"shape":"ClusterDetails"}, + "max":100, + "min":1 + }, + "ClusterInformationList":{ + "type":"list", + "member":{"shape":"ClusterInformation"}, + "max":100, + "min":1 + }, + "ClusterMetadata":{ + "type":"structure", + "members":{ + "awsEcsMetadataDetails":{ + "shape":"AwsEcsMetadataDetails", + "documentation":"

    The details for an Amazon ECS cluster in the cluster metadata.

    " + }, + "awsEksMetadataDetails":{ + "shape":"AwsEksMetadataDetails", + "documentation":"

    The details for an Amazon EKS cluster in the cluster metadata.

    " + } + }, + "documentation":"

    The metadata for a cluster.

    ", + "union":true + }, "CodeFilePath":{ "type":"structure", "required":[ - "endLine", "fileName", "filePath", - "startLine" + "startLine", + "endLine" ], "members":{ - "endLine":{ - "shape":"Integer", - "documentation":"

    The line number of the last line of code that a vulnerability was found in.

    " - }, "fileName":{ "shape":"NonEmptyString", "documentation":"

    The name of the file the code vulnerability was found in.

    " @@ -2773,6 +3353,10 @@ "startLine":{ "shape":"Integer", "documentation":"

    The line number of the first line of code that a vulnerability was found in.

    " + }, + "endLine":{ + "shape":"Integer", + "documentation":"

    The line number of the last line of code that a vulnerability was found in.

    " } }, "documentation":"

    Contains information on where a code vulnerability is located in your Lambda function.

    " @@ -2806,14 +3390,351 @@ "max":20, "min":1 }, + "CodeRepositoryAggregation":{ + "type":"structure", + "members":{ + "projectNames":{ + "shape":"StringFilterList", + "documentation":"

    The project names to include in the aggregation results.

    " + }, + "providerTypes":{ + "shape":"StringFilterList", + "documentation":"

    The repository provider types to include in the aggregation results.

    " + }, + "sortOrder":{ + "shape":"SortOrder", + "documentation":"

    The order to sort results by (ascending or descending) in the code repository aggregation.

    " + }, + "sortBy":{ + "shape":"CodeRepositorySortBy", + "documentation":"

    The value to sort results by in the code repository aggregation.

    " + }, + "resourceIds":{ + "shape":"StringFilterList", + "documentation":"

    The resource IDs to include in the aggregation results.

    " + } + }, + "documentation":"

    The details that define an aggregation based on code repositories.

    " + }, + "CodeRepositoryAggregationResponse":{ + "type":"structure", + "required":["projectNames"], + "members":{ + "projectNames":{ + "shape":"String", + "documentation":"

    The names of the projects associated with the code repository.

    " + }, + "providerType":{ + "shape":"String", + "documentation":"

    The type of repository provider for the code repository.

    " + }, + "severityCounts":{"shape":"SeverityCounts"}, + "exploitAvailableActiveFindingsCount":{ + "shape":"Long", + "documentation":"

    The number of active findings that have an exploit available for the code repository.

    " + }, + "fixAvailableActiveFindingsCount":{ + "shape":"Long", + "documentation":"

    The number of active findings that have a fix available for the code repository.

    " + }, + "accountId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services account ID associated with the code repository.

    " + }, + "resourceId":{ + "shape":"String", + "documentation":"

    The resource ID of the code repository.

    " + } + }, + "documentation":"

    A response that contains the results of a finding aggregation by code repository.

    " + }, + "CodeRepositoryDetails":{ + "type":"structure", + "members":{ + "projectName":{ + "shape":"CodeRepositoryProjectName", + "documentation":"

    The name of the project in the code repository.

    " + }, + "integrationArn":{ + "shape":"CodeRepositoryIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration associated with the repository.

    " + }, + "providerType":{ + "shape":"CodeRepositoryProviderType", + "documentation":"

    The type of repository provider (such as GitHub, GitLab, etc.).

    " + } + }, + "documentation":"

    Contains details about a code repository associated with a finding.

    " + }, + "CodeRepositoryIntegrationArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:codesecurity-integration\\/[a-f0-9-]{36}" + }, + "CodeRepositoryMetadata":{ + "type":"structure", + "required":[ + "projectName", + "providerType", + "providerTypeVisibility" + ], + "members":{ + "projectName":{ + "shape":"CodeRepositoryMetadataProjectNameString", + "documentation":"

    The name of the project in the code repository.

    " + }, + "integrationArn":{ + "shape":"CodeRepositoryIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration associated with the repository.

    " + }, + "providerType":{ + "shape":"CodeRepositoryMetadataProviderTypeString", + "documentation":"

    The type of repository provider (such as GitHub, GitLab, etc.).

    " + }, + "providerTypeVisibility":{ + "shape":"CodeRepositoryMetadataProviderTypeVisibilityString", + "documentation":"

    The visibility setting of the repository (public or private).

    " + }, + "lastScannedCommitId":{ + "shape":"CommitId", + "documentation":"

    The ID of the last commit that was scanned in the repository.

    " + }, + "scanConfiguration":{ + "shape":"ProjectCodeSecurityScanConfiguration", + "documentation":"

    The scan configuration settings applied to the code repository.

    " + }, + "onDemandScan":{ + "shape":"CodeRepositoryOnDemandScan", + "documentation":"

    Information about on-demand scans performed on the repository.

    " + } + }, + "documentation":"

    Contains metadata information about a code repository that is being scanned by Amazon Inspector.

    " + }, + "CodeRepositoryMetadataProjectNameString":{ + "type":"string", + "max":300, + "min":1 + }, + "CodeRepositoryMetadataProviderTypeString":{ + "type":"string", + "max":300, + "min":1 + }, + "CodeRepositoryMetadataProviderTypeVisibilityString":{ + "type":"string", + "max":300, + "min":1 + }, + "CodeRepositoryOnDemandScan":{ + "type":"structure", + "members":{ + "lastScannedCommitId":{ + "shape":"CommitId", + "documentation":"

    The ID of the last commit that was scanned during an on-demand scan.

    " + }, + "lastScanAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The timestamp when the last on-demand scan was performed.

    " + }, + "scanStatus":{"shape":"ScanStatus"} + }, + "documentation":"

    Contains information about on-demand scans performed on a code repository.

    " + }, + "CodeRepositoryProjectName":{ + "type":"string", + "max":512, + "min":1 + }, + "CodeRepositoryProviderType":{ + "type":"string", + "enum":[ + "GITHUB", + "GITLAB_SELF_MANAGED" + ] + }, + "CodeRepositorySortBy":{ + "type":"string", + "enum":[ + "CRITICAL", + "HIGH", + "ALL" + ] + }, + "CodeScanStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "SUCCESSFUL", + "FAILED", + "SKIPPED" + ] + }, + "CodeSecurityClientToken":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[\\S]+" + }, + "CodeSecurityIntegrationArn":{ + "type":"string", + "documentation":"

    arn:aws:inspector2:::codesecurity-integration/

    ", + "pattern":"arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:codesecurity-integration/[a-f0-9-]{36}" + }, + "CodeSecurityIntegrationSummary":{ + "type":"structure", + "required":[ + "integrationArn", + "name", + "type", + "status", + "statusReason", + "createdOn", + "lastUpdateOn" + ], + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration.

    " + }, + "name":{ + "shape":"IntegrationName", + "documentation":"

    The name of the code security integration.

    " + }, + "type":{ + "shape":"IntegrationType", + "documentation":"

    The type of repository provider for the integration.

    " + }, + "status":{ + "shape":"IntegrationStatus", + "documentation":"

    The current status of the code security integration.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the code security integration.

    " + }, + "createdOn":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the code security integration was created.

    " + }, + "lastUpdateOn":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the code security integration was last updated.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the code security integration.

    " + } + }, + "documentation":"

    A summary of information about a code security integration.

    " + }, + "CodeSecurityResource":{ + "type":"structure", + "members":{ + "projectId":{ + "shape":"ProjectId", + "documentation":"

    The unique identifier of the project in the code repository.

    " + } + }, + "documentation":"

    Identifies a specific resource in a code repository that will be scanned.

    ", + "union":true + }, + "CodeSecurityScanConfiguration":{ + "type":"structure", + "required":["ruleSetCategories"], + "members":{ + "periodicScanConfiguration":{ + "shape":"PeriodicScanConfiguration", + "documentation":"

    Configuration settings for periodic scans that run on a scheduled basis.

    " + }, + "continuousIntegrationScanConfiguration":{ + "shape":"ContinuousIntegrationScanConfiguration", + "documentation":"

    Configuration settings for continuous integration scans that run automatically when code changes are made.

    " + }, + "ruleSetCategories":{ + "shape":"RuleSetCategories", + "documentation":"

    The categories of security rules to be applied during the scan.

    " + } + }, + "documentation":"

    Contains the configuration settings for code security scans.

    " + }, + "CodeSecurityScanConfigurationAssociationSummaries":{ + "type":"list", + "member":{"shape":"CodeSecurityScanConfigurationAssociationSummary"} + }, + "CodeSecurityScanConfigurationAssociationSummary":{ + "type":"structure", + "members":{ + "resource":{"shape":"CodeSecurityResource"} + }, + "documentation":"

    A summary of an association between a code repository and a scan configuration.

    " + }, + "CodeSecurityScanConfigurationSummaries":{ + "type":"list", + "member":{"shape":"CodeSecurityScanConfigurationSummary"} + }, + "CodeSecurityScanConfigurationSummary":{ + "type":"structure", + "required":[ + "scanConfigurationArn", + "name", + "ownerAccountId", + "ruleSetCategories" + ], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration.

    " + }, + "name":{ + "shape":"ScanConfigurationName", + "documentation":"

    The name of the scan configuration.

    " + }, + "ownerAccountId":{ + "shape":"OwnerId", + "documentation":"

    The Amazon Web Services account ID that owns the scan configuration.

    " + }, + "periodicScanFrequency":{ + "shape":"PeriodicScanFrequency", + "documentation":"

    The frequency at which periodic scans are performed.

    " + }, + "frequencyExpression":{ + "shape":"FrequencyExpression", + "documentation":"

    The schedule expression for periodic scans, in cron format.

    " + }, + "continuousIntegrationScanSupportedEvents":{ + "shape":"ContinuousIntegrationScanSupportedEvents", + "documentation":"

    The repository events that trigger continuous integration scans.

    " + }, + "ruleSetCategories":{ + "shape":"RuleSetCategories", + "documentation":"

    The categories of security rules applied during the scan.

    " + }, + "scopeSettings":{ + "shape":"ScopeSettings", + "documentation":"

    The scope settings that define which repositories will be scanned. If the ScopeSetting parameter is ALL the scan configuration applies to all existing and future projects imported into Amazon Inspector.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the scan configuration.

    " + } + }, + "documentation":"

    A summary of information about a code security scan configuration.

    " + }, + "CodeSecurityUuid":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "CodeSnippetError":{ "type":"structure", "required":[ + "findingArn", "errorCode", - "errorMessage", - "findingArn" + "errorMessage" ], "members":{ + "findingArn":{ + "shape":"FindingArn", + "documentation":"

    The ARN of the finding that a code snippet couldn't be retrieved for.

    " + }, "errorCode":{ "shape":"CodeSnippetErrorCode", "documentation":"

    The error code for the error that prevented a code snippet from being retrieved.

    " @@ -2821,10 +3742,6 @@ "errorMessage":{ "shape":"NonEmptyString", "documentation":"

    The error message received when Amazon Inspector failed to retrieve a code snippet.

    " - }, - "findingArn":{ - "shape":"FindingArn", - "documentation":"

    The ARN of the finding that a code snippet couldn't be retrieved for.

    " } }, "documentation":"

    Contains information about any errors encountered while trying to retrieve a code snippet.

    " @@ -2845,14 +3762,6 @@ "CodeSnippetResult":{ "type":"structure", "members":{ - "codeSnippet":{ - "shape":"CodeLineList", - "documentation":"

    Contains information on the retrieved code snippet.

    " - }, - "endLine":{ - "shape":"Integer", - "documentation":"

    The line number of the last line of a code snippet.

    " - }, "findingArn":{ "shape":"FindingArn", "documentation":"

    The ARN of a finding that the code snippet is associated with.

    " @@ -2861,6 +3770,14 @@ "shape":"Integer", "documentation":"

    The line number of the first line of a code snippet.

    " }, + "endLine":{ + "shape":"Integer", + "documentation":"

    The line number of the last line of a code snippet.

    " + }, + "codeSnippet":{ + "shape":"CodeLineList", + "documentation":"

    Contains information on the retrieved code snippet.

    " + }, "suggestedFixes":{ "shape":"SuggestedFixes", "documentation":"

    Details of a suggested code fix.

    " @@ -2875,32 +3792,20 @@ "CodeVulnerabilityDetails":{ "type":"structure", "required":[ - "cwes", + "filePath", "detectorId", "detectorName", - "filePath" + "cwes" ], "members":{ - "cwes":{ - "shape":"CweList", - "documentation":"

    The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.

    " - }, - "detectorId":{ - "shape":"NonEmptyString", - "documentation":"

    The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library.

    " - }, - "detectorName":{ - "shape":"NonEmptyString", - "documentation":"

    The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.

    " + "filePath":{ + "shape":"CodeFilePath", + "documentation":"

    Contains information on where the code vulnerability is located in your code.

    " }, "detectorTags":{ "shape":"DetectorTagList", "documentation":"

    The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.

    " }, - "filePath":{ - "shape":"CodeFilePath", - "documentation":"

    Contains information on where the code vulnerability is located in your code.

    " - }, "referenceUrls":{ "shape":"ReferenceUrls", "documentation":"

    A URL containing supporting documentation about the code vulnerability detected.

    " @@ -2912,23 +3817,42 @@ "sourceLambdaLayerArn":{ "shape":"LambdaLayerArn", "documentation":"

    The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.

    " + }, + "detectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library.

    " + }, + "detectorName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.

    " + }, + "cwes":{ + "shape":"CweList", + "documentation":"

    The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.

    " } }, "documentation":"

    Contains information on the code vulnerability identified in your Lambda function.

    " }, + "CommitId":{ + "type":"string", + "max":40, + "min":0, + "pattern":"([a-f0-9]{40})" + }, "Component":{"type":"string"}, + "ComponentArn":{"type":"string"}, "ComponentType":{"type":"string"}, "ComputePlatform":{ "type":"structure", "members":{ - "product":{ - "shape":"Product", - "documentation":"

    The compute platform product.

    " - }, "vendor":{ "shape":"Vendor", "documentation":"

    The compute platform vendor.

    " }, + "product":{ + "shape":"Product", + "documentation":"

    The compute platform product.

    " + }, "version":{ "shape":"PlatformVersion", "documentation":"

    The compute platform version.

    " @@ -2936,6 +3860,13 @@ }, "documentation":"

    A compute platform.

    " }, + "ConfigurationLevel":{ + "type":"string", + "enum":[ + "ORGANIZATION", + "ACCOUNT" + ] + }, "ConflictException":{ "type":"structure", "required":[ @@ -2954,13 +3885,37 @@ "documentation":"

    The type of the conflicting resource.

    " } }, - "documentation":"

    A conflict occurred.

    ", + "documentation":"

    A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.

    ", "error":{ "httpStatusCode":409, "senderFault":true }, "exception":true }, + "ContinuousIntegrationScanConfiguration":{ + "type":"structure", + "required":["supportedEvents"], + "members":{ + "supportedEvents":{ + "shape":"ContinuousIntegrationScanSupportedEvents", + "documentation":"

    The repository events that trigger continuous integration scans, such as pull requests or commits.

    " + } + }, + "documentation":"

    Configuration settings for continuous integration scans that run automatically when code changes are made.

    " + }, + "ContinuousIntegrationScanEvent":{ + "type":"string", + "enum":[ + "PULL_REQUEST", + "PUSH" + ] + }, + "ContinuousIntegrationScanSupportedEvents":{ + "type":"list", + "member":{"shape":"ContinuousIntegrationScanEvent"}, + "max":2, + "min":1 + }, "Counts":{ "type":"structure", "members":{ @@ -2984,13 +3939,13 @@ "CoverageDateFilter":{ "type":"structure", "members":{ - "endInclusive":{ - "shape":"DateTimeTimestamp", - "documentation":"

    A timestamp representing the end of the time period to filter results by.

    " - }, "startInclusive":{ "shape":"DateTimeTimestamp", "documentation":"

    A timestamp representing the start of the time period to filter results by.

    " + }, + "endInclusive":{ + "shape":"DateTimeTimestamp", + "documentation":"

    A timestamp representing the end of the time period to filter results by.

    " } }, "documentation":"

    Contains details of a coverage date filter.

    " @@ -3004,65 +3959,89 @@ "CoverageFilterCriteria":{ "type":"structure", "members":{ + "scanStatusCode":{ + "shape":"CoverageStringFilterList", + "documentation":"

    The scan status code to filter on. Valid values are: ValidationException, InternalServerException, ResourceNotFoundException, BadRequestException, and ThrottlingException.

    " + }, + "scanStatusReason":{ + "shape":"CoverageStringFilterList", + "documentation":"

    The scan status reason to filter on.

    " + }, "accountId":{ "shape":"CoverageStringFilterList", "documentation":"

    An array of Amazon Web Services account IDs to return coverage statistics for.

    " }, - "ec2InstanceTags":{ - "shape":"CoverageMapFilterList", - "documentation":"

    The Amazon EC2 instance tags to filter on.

    " + "resourceId":{ + "shape":"CoverageStringFilterList", + "documentation":"

    An array of Amazon Web Services resource IDs to return coverage statistics for.

    " }, - "ecrImageTags":{ + "resourceType":{ "shape":"CoverageStringFilterList", - "documentation":"

    The Amazon ECR image tags to filter on.

    " + "documentation":"

    An array of Amazon Web Services resource types to return coverage statistics for. The values can be AWS_EC2_INSTANCE, AWS_LAMBDA_FUNCTION, AWS_ECR_CONTAINER_IMAGE, AWS_ECR_REPOSITORY or AWS_ACCOUNT.

    " + }, + "scanType":{ + "shape":"CoverageStringFilterList", + "documentation":"

    An array of Amazon Inspector scan types to return coverage statistics for.

    " }, "ecrRepositoryName":{ "shape":"CoverageStringFilterList", "documentation":"

    The Amazon ECR repository name to filter on.

    " }, - "imagePulledAt":{ - "shape":"CoverageDateFilterList", - "documentation":"

    The date an image was last pulled at.

    " + "ecrImageTags":{ + "shape":"CoverageStringFilterList", + "documentation":"

    The Amazon ECR image tags to filter on.

    " + }, + "ec2InstanceTags":{ + "shape":"CoverageMapFilterList", + "documentation":"

    The Amazon EC2 instance tags to filter on.

    " }, "lambdaFunctionName":{ "shape":"CoverageStringFilterList", "documentation":"

    Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names.

    " }, - "lambdaFunctionRuntime":{ - "shape":"CoverageStringFilterList", - "documentation":"

    Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime.

    " - }, "lambdaFunctionTags":{ "shape":"CoverageMapFilterList", "documentation":"

    Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag.

    " }, + "lambdaFunctionRuntime":{ + "shape":"CoverageStringFilterList", + "documentation":"

    Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime.

    " + }, "lastScannedAt":{ "shape":"CoverageDateFilterList", "documentation":"

    Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range.

    " }, - "resourceId":{ + "scanMode":{ "shape":"CoverageStringFilterList", - "documentation":"

    An array of Amazon Web Services resource IDs to return coverage statistics for.

    " + "documentation":"

    The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are EC2_SSM_AGENT_BASED and EC2_AGENTLESS.

    " }, - "resourceType":{ - "shape":"CoverageStringFilterList", - "documentation":"

    An array of Amazon Web Services resource types to return coverage statistics for. The values can be AWS_EC2_INSTANCE, AWS_LAMBDA_FUNCTION, AWS_ECR_CONTAINER_IMAGE, AWS_ECR_REPOSITORY or AWS_ACCOUNT.

    " + "imagePulledAt":{ + "shape":"CoverageDateFilterList", + "documentation":"

    The date an image was last pulled at.

    " }, - "scanMode":{ + "ecrImageLastInUseAt":{ + "shape":"CoverageDateFilterList", + "documentation":"

    The Amazon ECR image that was last in use.

    " + }, + "ecrImageInUseCount":{ + "shape":"CoverageNumberFilterList", + "documentation":"

    The number of Amazon ECR images in use.

    " + }, + "codeRepositoryProjectName":{ "shape":"CoverageStringFilterList", - "documentation":"

    The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are EC2_SSM_AGENT_BASED and EC2_AGENTLESS.

    " + "documentation":"

    Filter criteria for code repositories based on project name.

    " }, - "scanStatusCode":{ + "codeRepositoryProviderType":{ "shape":"CoverageStringFilterList", - "documentation":"

    The scan status code to filter on. Valid values are: ValidationException, InternalServerException, ResourceNotFoundException, BadRequestException, and ThrottlingException.

    " + "documentation":"

    Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.).

    " }, - "scanStatusReason":{ + "codeRepositoryProviderTypeVisibility":{ "shape":"CoverageStringFilterList", - "documentation":"

    The scan status reason to filter on.

    " + "documentation":"

    Filter criteria for code repositories based on visibility setting (public or private).

    " }, - "scanType":{ + "lastScannedCommitId":{ "shape":"CoverageStringFilterList", - "documentation":"

    An array of Amazon Inspector scan types to return coverage statistics for.

    " + "documentation":"

    Filter criteria for code repositories based on the ID of the last scanned commit.

    " } }, "documentation":"

    A structure that identifies filter criteria for GetCoverageStatistics.

    " @@ -3099,13 +4078,34 @@ "max":10, "min":1 }, + "CoverageNumberFilter":{ + "type":"structure", + "members":{ + "upperInclusive":{ + "shape":"Long", + "documentation":"

    The upper inclusive for the coverage number.>

    " + }, + "lowerInclusive":{ + "shape":"Long", + "documentation":"

    The lower inclusive for the coverage number.

    " + } + }, + "documentation":"

    The coverage number to be used in the filter.

    " + }, + "CoverageNumberFilterList":{ + "type":"list", + "member":{"shape":"CoverageNumberFilter"}, + "max":10, + "min":1 + }, "CoverageResourceType":{ "type":"string", "enum":[ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", - "AWS_LAMBDA_FUNCTION" + "AWS_LAMBDA_FUNCTION", + "CODE_REPOSITORY" ] }, "CoverageStringComparison":{ @@ -3147,43 +4147,43 @@ "CoveredResource":{ "type":"structure", "required":[ - "accountId", - "resourceId", "resourceType", + "resourceId", + "accountId", "scanType" ], "members":{ + "resourceType":{ + "shape":"CoverageResourceType", + "documentation":"

    The type of the covered resource.

    " + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"

    The ID of the covered resource.

    " + }, "accountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID of the covered resource.

    " }, - "lastScannedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the resource was last checked for vulnerabilities.

    " + "scanType":{ + "shape":"ScanType", + "documentation":"

    The Amazon Inspector scan type covering the resource.

    " }, - "resourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the covered resource.

    " + "scanStatus":{ + "shape":"ScanStatus", + "documentation":"

    The status of the scan covering the resource.

    " }, "resourceMetadata":{ "shape":"ResourceScanMetadata", "documentation":"

    An object that contains details about the metadata.

    " }, - "resourceType":{ - "shape":"CoverageResourceType", - "documentation":"

    The type of the covered resource.

    " + "lastScannedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the resource was last checked for vulnerabilities.

    " }, "scanMode":{ "shape":"ScanMode", "documentation":"

    The scan method that is applied to the instance.

    " - }, - "scanStatus":{ - "shape":"ScanStatus", - "documentation":"

    The status of the scan covering the resource.

    " - }, - "scanType":{ - "shape":"ScanType", - "documentation":"

    The Amazon Inspector scan type covering the resource.

    " } }, "documentation":"

    An object that contains details about a resource covered by Amazon Inspector.

    " @@ -3196,8 +4196,8 @@ "type":"structure", "required":[ "scanName", - "schedule", "securityLevel", + "schedule", "targets" ], "members":{ @@ -3205,21 +4205,21 @@ "shape":"CisScanName", "documentation":"

    The scan name for the CIS scan configuration.

    " }, - "schedule":{ - "shape":"Schedule", - "documentation":"

    The schedule for the CIS scan configuration.

    " - }, "securityLevel":{ "shape":"CisSecurityLevel", "documentation":"

    The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.

    " }, - "tags":{ - "shape":"CisTagMap", - "documentation":"

    The tags for the CIS scan configuration.

    " + "schedule":{ + "shape":"Schedule", + "documentation":"

    The schedule for the CIS scan configuration.

    " }, "targets":{ "shape":"CreateCisTargets", "documentation":"

    The targets for the CIS scan configuration.

    " + }, + "tags":{ + "shape":"CisTagMap", + "documentation":"

    The tags for the CIS scan configuration.

    " } } }, @@ -3250,6 +4250,92 @@ }, "documentation":"

    Creates CIS targets.

    " }, + "CreateCodeSecurityIntegrationRequest":{ + "type":"structure", + "required":[ + "name", + "type" + ], + "members":{ + "name":{ + "shape":"IntegrationName", + "documentation":"

    The name of the code security integration.

    " + }, + "type":{ + "shape":"IntegrationType", + "documentation":"

    The type of repository provider for the integration.

    " + }, + "details":{ + "shape":"CreateIntegrationDetail", + "documentation":"

    The integration details specific to the repository provider type.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags to apply to the code security integration.

    " + } + } + }, + "CreateCodeSecurityIntegrationResponse":{ + "type":"structure", + "required":[ + "integrationArn", + "status" + ], + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created code security integration.

    " + }, + "status":{ + "shape":"IntegrationStatus", + "documentation":"

    The current status of the code security integration.

    " + }, + "authorizationUrl":{ + "shape":"AuthorizationUrl", + "documentation":"

    The URL used to authorize the integration with the repository provider.

    " + } + } + }, + "CreateCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":[ + "name", + "level", + "configuration" + ], + "members":{ + "name":{ + "shape":"ScanConfigurationName", + "documentation":"

    The name of the scan configuration.

    " + }, + "level":{ + "shape":"ConfigurationLevel", + "documentation":"

    The security level for the scan configuration.

    " + }, + "configuration":{ + "shape":"CodeSecurityScanConfiguration", + "documentation":"

    The configuration settings for the code security scan.

    " + }, + "scopeSettings":{ + "shape":"ScopeSettings", + "documentation":"

    The scope settings that define which repositories will be scanned. Include this parameter to create a default scan configuration. Otherwise Amazon Inspector creates a general scan configuration.

    A default scan configuration automatically applies to all existing and future projects imported into Amazon Inspector. Use the BatchAssociateCodeSecurityScanConfiguration operation to associate a general scan configuration with projects.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags to apply to the scan configuration.

    " + } + } + }, + "CreateCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "required":["scanConfigurationArn"], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created scan configuration.

    " + } + } + }, "CreateFilterRequest":{ "type":"structure", "required":[ @@ -3274,13 +4360,13 @@ "shape":"FilterName", "documentation":"

    The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

    " }, - "reason":{ - "shape":"FilterReason", - "documentation":"

    The reason for creating the filter.

    " - }, "tags":{ "shape":"TagMap", "documentation":"

    A list of tags for the filter.

    " + }, + "reason":{ + "shape":"FilterReason", + "documentation":"

    The reason for creating the filter.

    " } } }, @@ -3324,6 +4410,35 @@ } } }, + "CreateGitLabSelfManagedIntegrationDetail":{ + "type":"structure", + "required":[ + "instanceUrl", + "accessToken" + ], + "members":{ + "instanceUrl":{ + "shape":"InstanceUrl", + "documentation":"

    The URL of the self-managed GitLab instance.

    " + }, + "accessToken":{ + "shape":"GitLabAccessToken", + "documentation":"

    The personal access token used to authenticate with the self-managed GitLab instance.

    " + } + }, + "documentation":"

    Contains details required to create an integration with a self-managed GitLab instance.

    " + }, + "CreateIntegrationDetail":{ + "type":"structure", + "members":{ + "gitlabSelfManaged":{ + "shape":"CreateGitLabSelfManagedIntegrationDetail", + "documentation":"

    Details specific to creating an integration with a self-managed GitLab instance.

    " + } + }, + "documentation":"

    Contains details required to create a code security integration with a specific repository provider.

    ", + "union":true + }, "CreateSbomExportRequest":{ "type":"structure", "required":[ @@ -3331,14 +4446,14 @@ "s3Destination" ], "members":{ - "reportFormat":{ - "shape":"SbomReportFormat", - "documentation":"

    The output format for the software bill of materials (SBOM) report.

    " - }, "resourceFilterCriteria":{ "shape":"ResourceFilterCriteria", "documentation":"

    The resource filter criteria for the software bill of materials (SBOM) report.

    " }, + "reportFormat":{ + "shape":"SbomReportFormat", + "documentation":"

    The output format for the software bill of materials (SBOM) report.

    " + }, "s3Destination":{ "shape":"Destination", "documentation":"

    Contains details of the Amazon S3 bucket and KMS key used to export findings.

    " @@ -3362,47 +4477,52 @@ "type":"structure", "members":{ "baseScore":{ - "shape":"Cvss2BaseScore", + "shape":"CvssBaseScore", "documentation":"

    The CVSS v2 base score for the vulnerability.

    " }, "scoringVector":{ - "shape":"Cvss2ScoringVector", + "shape":"CvssScoringVector", "documentation":"

    The scoring vector associated with the CVSS v2 score.

    " } }, "documentation":"

    The Common Vulnerability Scoring System (CVSS) version 2 details for the vulnerability.

    " }, - "Cvss2BaseScore":{"type":"double"}, - "Cvss2ScoringVector":{ - "type":"string", - "min":0 - }, "Cvss3":{ "type":"structure", "members":{ "baseScore":{ - "shape":"Cvss3BaseScore", + "shape":"CvssBaseScore", "documentation":"

    The CVSS v3 base score for the vulnerability.

    " }, "scoringVector":{ - "shape":"Cvss3ScoringVector", + "shape":"CvssScoringVector", "documentation":"

    The scoring vector associated with the CVSS v3 score.

    " } }, "documentation":"

    The Common Vulnerability Scoring System (CVSS) version 3 details for the vulnerability.

    " }, - "Cvss3BaseScore":{"type":"double"}, - "Cvss3ScoringVector":{ - "type":"string", - "min":0 + "Cvss4":{ + "type":"structure", + "members":{ + "baseScore":{ + "shape":"CvssBaseScore", + "documentation":"

    The base CVSS v4 score for the vulnerability finding, which rates the severity of the vulnerability on a scale from 0 to 10.

    " + }, + "scoringVector":{ + "shape":"CvssScoringVector", + "documentation":"

    The CVSS v4 scoring vector, which contains the metrics and measurements that were used to calculate the base score.

    " + } + }, + "documentation":"

    The Common Vulnerability Scoring System (CVSS) version 4 details for the vulnerability.

    " }, + "CvssBaseScore":{"type":"double"}, "CvssScore":{ "type":"structure", "required":[ "baseScore", "scoringVector", - "source", - "version" + "version", + "source" ], "members":{ "baseScore":{ @@ -3413,13 +4533,13 @@ "shape":"NonEmptyString", "documentation":"

    The vector string of the CVSS score.

    " }, - "source":{ - "shape":"NonEmptyString", - "documentation":"

    The source of the CVSS score.

    " - }, "version":{ "shape":"NonEmptyString", "documentation":"

    The version of CVSS used for the score.

    " + }, + "source":{ + "shape":"NonEmptyString", + "documentation":"

    The source of the CVSS score.

    " } }, "documentation":"

    The CVSS score for a finding.

    " @@ -3449,35 +4569,35 @@ "CvssScoreDetails":{ "type":"structure", "required":[ - "score", "scoreSource", - "scoringVector", - "version" + "version", + "score", + "scoringVector" ], "members":{ - "adjustments":{ - "shape":"CvssScoreAdjustmentList", - "documentation":"

    An object that contains details about adjustment Amazon Inspector made to the CVSS score.

    " + "scoreSource":{ + "shape":"NonEmptyString", + "documentation":"

    The source for the CVSS score.

    " }, "cvssSource":{ "shape":"NonEmptyString", "documentation":"

    The source of the CVSS data.

    " }, + "version":{ + "shape":"NonEmptyString", + "documentation":"

    The CVSS version used in scoring.

    " + }, "score":{ "shape":"Double", "documentation":"

    The CVSS score.

    " }, - "scoreSource":{ - "shape":"NonEmptyString", - "documentation":"

    The source for the CVSS score.

    " - }, "scoringVector":{ "shape":"NonEmptyString", "documentation":"

    The vector for the CVSS score.

    " }, - "version":{ - "shape":"NonEmptyString", - "documentation":"

    The CVSS version used in scoring.

    " + "adjustments":{ + "shape":"CvssScoreAdjustmentList", + "documentation":"

    An object that contains details about adjustment Amazon Inspector made to the CVSS score.

    " } }, "documentation":"

    Information about the CVSS score.

    " @@ -3486,6 +4606,10 @@ "type":"list", "member":{"shape":"CvssScore"} }, + "CvssScoringVector":{ + "type":"string", + "min":0 + }, "Cwe":{ "type":"string", "min":0 @@ -3515,13 +4639,13 @@ "DateFilter":{ "type":"structure", "members":{ - "endInclusive":{ - "shape":"Timestamp", - "documentation":"

    A timestamp representing the end of the time period filtered on.

    " - }, "startInclusive":{ "shape":"Timestamp", "documentation":"

    A timestamp representing the start of the time period filtered on.

    " + }, + "endInclusive":{ + "shape":"Timestamp", + "documentation":"

    A timestamp representing the end of the time period filtered on.

    " } }, "documentation":"

    Contains details on the time range used to filter findings.

    " @@ -3612,6 +4736,44 @@ } } }, + "DeleteCodeSecurityIntegrationRequest":{ + "type":"structure", + "required":["integrationArn"], + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration to delete.

    " + } + } + }, + "DeleteCodeSecurityIntegrationResponse":{ + "type":"structure", + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the deleted code security integration.

    " + } + } + }, + "DeleteCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":["scanConfigurationArn"], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration to delete.

    " + } + } + }, + "DeleteCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the deleted scan configuration.

    " + } + } + }, "DeleteFilterRequest":{ "type":"structure", "required":["arn"], @@ -3634,8 +4796,7 @@ }, "DescribeOrganizationConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeOrganizationConfigurationResponse":{ "type":"structure", @@ -3720,7 +4881,7 @@ "DisableResourceTypeList":{ "type":"list", "member":{"shape":"ResourceScanType"}, - "max":3, + "max":5, "min":0 }, "DisableResponse":{ @@ -3737,6 +4898,27 @@ } } }, + "DisassociateConfigurationRequest":{ + "type":"structure", + "required":[ + "scanConfigurationArn", + "resource" + ], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration to disassociate from a code repository.

    " + }, + "resource":{"shape":"CodeSecurityResource"} + }, + "documentation":"

    Contains details about a request to disassociate a code repository from a scan configuration.

    " + }, + "DisassociateConfigurationRequestList":{ + "type":"list", + "member":{"shape":"DisassociateConfigurationRequest"}, + "max":25, + "min":1 + }, "DisassociateMemberRequest":{ "type":"structure", "required":["accountId"], @@ -3798,6 +4980,10 @@ "shape":"StringFilterList", "documentation":"

    The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.

    " }, + "operatingSystems":{ + "shape":"StringFilterList", + "documentation":"

    The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are ORACLE_LINUX_7 and ALPINE_LINUX_3_8.

    " + }, "instanceIds":{ "shape":"StringFilterList", "documentation":"

    The Amazon EC2 instance IDs to aggregate findings for.

    " @@ -3806,17 +4992,13 @@ "shape":"MapFilterList", "documentation":"

    The Amazon EC2 instance tags to aggregate findings for.

    " }, - "operatingSystems":{ - "shape":"StringFilterList", - "documentation":"

    The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are ORACLE_LINUX_7 and ALPINE_LINUX_3_8.

    " + "sortOrder":{ + "shape":"SortOrder", + "documentation":"

    The order to sort results by.

    " }, "sortBy":{ "shape":"Ec2InstanceSortBy", "documentation":"

    The value to sort results by.

    " - }, - "sortOrder":{ - "shape":"SortOrder", - "documentation":"

    The order to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on Amazon EC2 instances.

    " @@ -3825,33 +5007,33 @@ "type":"structure", "required":["instanceId"], "members":{ - "accountId":{ - "shape":"String", - "documentation":"

    The Amazon Web Services account for the Amazon EC2 instance.

    " + "instanceId":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon EC2 instance ID.

    " }, "ami":{ "shape":"AmiId", "documentation":"

    The Amazon Machine Image (AMI) of the Amazon EC2 instance.

    " }, - "instanceId":{ - "shape":"NonEmptyString", - "documentation":"

    The Amazon EC2 instance ID.

    " + "operatingSystem":{ + "shape":"String", + "documentation":"

    The operating system of the Amazon EC2 instance.

    " }, "instanceTags":{ "shape":"TagMap", "documentation":"

    The tags attached to the instance.

    " }, - "networkFindings":{ - "shape":"Long", - "documentation":"

    The number of network findings for the Amazon EC2 instance.

    " - }, - "operatingSystem":{ + "accountId":{ "shape":"String", - "documentation":"

    The operating system of the Amazon EC2 instance.

    " + "documentation":"

    The Amazon Web Services account for the Amazon EC2 instance.

    " }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that contains the count of matched findings per severity.

    " + }, + "networkFindings":{ + "shape":"Long", + "documentation":"

    The number of network findings for the Amazon EC2 instance.

    " } }, "documentation":"

    A response that contains the results of a finding aggregation by Amazon EC2 instance.

    " @@ -3868,6 +5050,10 @@ "Ec2Metadata":{ "type":"structure", "members":{ + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags attached to the instance.

    " + }, "amiId":{ "shape":"AmiId", "documentation":"

    The ID of the Amazon Machine Image (AMI) used to launch the instance.

    " @@ -3875,10 +5061,6 @@ "platform":{ "shape":"Ec2Platform", "documentation":"

    The platform of the instance.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The tags attached to the instance.

    " } }, "documentation":"

    Meta data details of an Amazon EC2 instance.

    " @@ -3924,13 +5106,17 @@ "type":"structure", "required":["rescanDuration"], "members":{ + "rescanDuration":{ + "shape":"EcrRescanDuration", + "documentation":"

    The rescan duration configured for image push date.

    " + }, "pullDateRescanDuration":{ "shape":"EcrPullDateRescanDuration", "documentation":"

    The rescan duration configured for image pull date.

    " }, - "rescanDuration":{ - "shape":"EcrRescanDuration", - "documentation":"

    The rescan duration configured for image push date.

    " + "pullDateRescanMode":{ + "shape":"EcrPullDateRescanMode", + "documentation":"

    The pull date for the re-scan mode.

    " } }, "documentation":"

    Details about the ECR automated re-scan duration setting for your environment.

    " @@ -3948,13 +5134,21 @@ "EcrContainerImageMetadata":{ "type":"structure", "members":{ + "tags":{ + "shape":"TagList", + "documentation":"

    Tags associated with the Amazon ECR image metadata.

    " + }, "imagePulledAt":{ "shape":"DateTimeTimestamp", "documentation":"

    The date an image was last pulled at.

    " }, - "tags":{ - "shape":"TagList", - "documentation":"

    Tags associated with the Amazon ECR image metadata.

    " + "lastInUseAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.

    " + }, + "inUseCount":{ + "shape":"Long", + "documentation":"

    The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.

    " } }, "documentation":"

    Information on the Amazon ECR image metadata associated with a finding.

    " @@ -3969,6 +5163,13 @@ "DAYS_180" ] }, + "EcrPullDateRescanMode":{ + "type":"string", + "enum":[ + "LAST_PULL_DATE", + "LAST_IN_USE_AT" + ] + }, "EcrRepositoryMetadata":{ "type":"structure", "members":{ @@ -3997,13 +5198,9 @@ "EcrRescanDurationState":{ "type":"structure", "members":{ - "pullDateRescanDuration":{ - "shape":"EcrPullDateRescanDuration", - "documentation":"

    The rescan duration configured for image pull date.

    " - }, "rescanDuration":{ "shape":"EcrRescanDuration", - "documentation":"

    The rescan duration configured for image push date. 

     </p>
    " + "documentation":"

    The rescan duration configured for image push date.

    " }, "status":{ "shape":"EcrRescanDurationStatus", @@ -4012,6 +5209,14 @@ "updatedAt":{ "shape":"DateTimeTimestamp", "documentation":"

    A timestamp representing when the last time the ECR scan duration setting was changed.

    " + }, + "pullDateRescanDuration":{ + "shape":"EcrPullDateRescanDuration", + "documentation":"

    The rescan duration configured for image pull date.

    " + }, + "pullDateRescanMode":{ + "shape":"EcrPullDateRescanMode", + "documentation":"

    The pull date for the re-scan mode.

    " } }, "documentation":"

    Details about the state of your ECR re-scan duration settings. The ECR re-scan duration defines how long an ECR image will be actively scanned by Amazon Inspector. When the number of days since an image was last pushed exceeds the duration configured for image pull date, and the duration configured for image pull date, the monitoring state of that image becomes inactive and all associated findings are scheduled for closure.

    " @@ -4036,14 +5241,14 @@ "type":"structure", "required":["delegatedAdminAccountId"], "members":{ + "delegatedAdminAccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID of the Amazon Inspector delegated administrator.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    The idempotency token for the request.

    ", "idempotencyToken":true - }, - "delegatedAdminAccountId":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID of the Amazon Inspector delegated administrator.

    " } } }, @@ -4065,21 +5270,21 @@ "shape":"AccountIdSet", "documentation":"

    A list of account IDs you want to enable Amazon Inspector scans for.

    " }, + "resourceTypes":{ + "shape":"EnableResourceTypeList", + "documentation":"

    The resource scan types you want to enable.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    The idempotency token for the request.

    ", "idempotencyToken":true - }, - "resourceTypes":{ - "shape":"EnableResourceTypeList", - "documentation":"

    The resource scan types you want to enable.

    " } } }, "EnableResourceTypeList":{ "type":"list", "member":{"shape":"ResourceScanType"}, - "max":3, + "max":5, "min":1 }, "EnableResponse":{ @@ -4147,14 +5352,14 @@ "Evidence":{ "type":"structure", "members":{ - "evidenceDetail":{ - "shape":"EvidenceDetail", - "documentation":"

    The evidence details.

    " - }, "evidenceRule":{ "shape":"EvidenceRule", "documentation":"

    The evidence rule.

    " }, + "evidenceDetail":{ + "shape":"EvidenceDetail", + "documentation":"

    The evidence details.

    " + }, "severity":{ "shape":"EvidenceSeverity", "documentation":"

    The evidence severity.

    " @@ -4180,7 +5385,7 @@ }, "ExecutionRoleArn":{ "type":"string", - "pattern":"^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "ExploitAvailable":{ "type":"string", @@ -4192,13 +5397,13 @@ "ExploitObserved":{ "type":"structure", "members":{ - "firstSeen":{ - "shape":"FirstSeen", - "documentation":"

    The date an time when the exploit was first seen.

    " - }, "lastSeen":{ "shape":"LastSeen", "documentation":"

    The date an time when the exploit was last seen.

    " + }, + "firstSeen":{ + "shape":"FirstSeen", + "documentation":"

    The date an time when the exploit was first seen.

    " } }, "documentation":"

    Contains information on when this exploit was observed.

    " @@ -4234,6 +5439,14 @@ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID.

    " }, + "status":{ + "shape":"Status", + "documentation":"

    The status of Amazon Inspector for the account.

    " + }, + "resourceStatus":{ + "shape":"ResourceStatus", + "documentation":"

    An object detailing which resources Amazon Inspector is enabled to scan for the account.

    " + }, "errorCode":{ "shape":"ErrorCode", "documentation":"

    The error code explaining why the account failed to enable Amazon Inspector.

    " @@ -4241,14 +5454,6 @@ "errorMessage":{ "shape":"NonEmptyString", "documentation":"

    The error message received when the account failed to enable Amazon Inspector.

    " - }, - "resourceStatus":{ - "shape":"ResourceStatus", - "documentation":"

    An object detailing which resources Amazon Inspector is enabled to scan for the account.

    " - }, - "status":{ - "shape":"Status", - "documentation":"

    The status of Amazon Inspector for the account.

    " } }, "documentation":"

    An object with details on why an account failed to enable Amazon Inspector.

    " @@ -4259,6 +5464,29 @@ "max":100, "min":0 }, + "FailedAssociationResult":{ + "type":"structure", + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration that failed to be associated or disassociated.

    " + }, + "resource":{"shape":"CodeSecurityResource"}, + "statusCode":{ + "shape":"AssociationResultStatusCode", + "documentation":"

    The status code indicating why the association or disassociation failed.

    " + }, + "statusMessage":{ + "shape":"AssociationResultStatusMessage", + "documentation":"

    A message explaining why the association or disassociation failed.

    " + } + }, + "documentation":"

    Details about a failed attempt to associate or disassociate a code repository with a scan configuration.

    " + }, + "FailedAssociationResultList":{ + "type":"list", + "member":{"shape":"FailedAssociationResult"} + }, "FailedMemberAccountEc2DeepInspectionStatusState":{ "type":"structure", "required":["accountId"], @@ -4292,43 +5520,47 @@ "Filter":{ "type":"structure", "required":[ - "action", "arn", - "createdAt", - "criteria", - "name", "ownerId", + "name", + "criteria", + "action", + "createdAt", "updatedAt" ], "members":{ - "action":{ - "shape":"FilterAction", - "documentation":"

    The action that is to be applied to the findings that match the filter.

    " - }, "arn":{ "shape":"FilterArn", "documentation":"

    The Amazon Resource Number (ARN) associated with this filter.

    " }, - "createdAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time this filter was created at.

    " + "ownerId":{ + "shape":"OwnerId", + "documentation":"

    The Amazon Web Services account ID of the account that created the filter.

    " + }, + "name":{ + "shape":"FilterName", + "documentation":"

    The name of the filter.

    " }, "criteria":{ "shape":"FilterCriteria", "documentation":"

    Details on the filter criteria associated with this filter.

    " }, + "action":{ + "shape":"FilterAction", + "documentation":"

    The action that is to be applied to the findings that match the filter.

    " + }, + "createdAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time this filter was created at.

    " + }, + "updatedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the filter was last updated at.

    " + }, "description":{ "shape":"FilterDescription", "documentation":"

    A description of the filter.

    " }, - "name":{ - "shape":"FilterName", - "documentation":"

    The name of the filter.

    " - }, - "ownerId":{ - "shape":"OwnerId", - "documentation":"

    The Amazon Web Services account ID of the account that created the filter.

    " - }, "reason":{ "shape":"FilterReason", "documentation":"

    The reason for the filter.

    " @@ -4336,10 +5568,6 @@ "tags":{ "shape":"TagMap", "documentation":"

    The tags attached to the filter.

    " - }, - "updatedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the filter was last updated at.

    " } }, "documentation":"

    Details about a filter.

    " @@ -4363,54 +5591,78 @@ "FilterCriteria":{ "type":"structure", "members":{ + "findingArn":{ + "shape":"StringFilterList", + "documentation":"

    Details on the finding ARNs used to filter findings.

    " + }, "awsAccountId":{ "shape":"StringFilterList", "documentation":"

    Details of the Amazon Web Services account IDs used to filter findings.

    " }, - "codeVulnerabilityDetectorName":{ + "findingType":{ "shape":"StringFilterList", - "documentation":"

    The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.

    " + "documentation":"

    Details on the finding types used to filter findings.

    " }, - "codeVulnerabilityDetectorTags":{ + "severity":{ "shape":"StringFilterList", - "documentation":"

    The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.

    " + "documentation":"

    Details on the severity used to filter findings.

    " }, - "codeVulnerabilityFilePath":{ + "firstObservedAt":{ + "shape":"DateFilterList", + "documentation":"

    Details on the date and time a finding was first seen used to filter findings.

    " + }, + "lastObservedAt":{ + "shape":"DateFilterList", + "documentation":"

    Details on the date and time a finding was last seen used to filter findings.

    " + }, + "updatedAt":{ + "shape":"DateFilterList", + "documentation":"

    Details on the date and time a finding was last updated at used to filter findings.

    " + }, + "findingStatus":{ "shape":"StringFilterList", - "documentation":"

    The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.

    " + "documentation":"

    Details on the finding status types used to filter findings.

    " }, - "componentId":{ + "title":{ "shape":"StringFilterList", - "documentation":"

    Details of the component IDs used to filter findings.

    " + "documentation":"

    Details on the finding title used to filter findings.

    " }, - "componentType":{ + "inspectorScore":{ + "shape":"NumberFilterList", + "documentation":"

    The Amazon Inspector score to filter on.

    " + }, + "resourceType":{ "shape":"StringFilterList", - "documentation":"

    Details of the component types used to filter findings.

    " + "documentation":"

    Details on the resource types used to filter findings.

    " }, - "ec2InstanceImageId":{ + "resourceId":{ "shape":"StringFilterList", - "documentation":"

    Details of the Amazon EC2 instance image IDs used to filter findings.

    " + "documentation":"

    Details on the resource IDs used to filter findings.

    " }, - "ec2InstanceSubnetId":{ + "resourceTags":{ + "shape":"MapFilterList", + "documentation":"

    Details on the resource tags used to filter findings.

    " + }, + "ec2InstanceImageId":{ "shape":"StringFilterList", - "documentation":"

    Details of the Amazon EC2 instance subnet IDs used to filter findings.

    " + "documentation":"

    Details of the Amazon EC2 instance image IDs used to filter findings.

    " }, "ec2InstanceVpcId":{ "shape":"StringFilterList", "documentation":"

    Details of the Amazon EC2 instance VPC IDs used to filter findings.

    " }, - "ecrImageArchitecture":{ - "shape":"StringFilterList", - "documentation":"

    Details of the Amazon ECR image architecture types used to filter findings.

    " - }, - "ecrImageHash":{ + "ec2InstanceSubnetId":{ "shape":"StringFilterList", - "documentation":"

    Details of the Amazon ECR image hashes used to filter findings.

    " + "documentation":"

    Details of the Amazon EC2 instance subnet IDs used to filter findings.

    " }, "ecrImagePushedAt":{ "shape":"DateFilterList", "documentation":"

    Details on the Amazon ECR image push date and time used to filter findings.

    " }, + "ecrImageArchitecture":{ + "shape":"StringFilterList", + "documentation":"

    Details of the Amazon ECR image architecture types used to filter findings.

    " + }, "ecrImageRegistry":{ "shape":"StringFilterList", "documentation":"

    Details on the Amazon ECR registry used to filter findings.

    " @@ -4423,113 +5675,105 @@ "shape":"StringFilterList", "documentation":"

    The tags attached to the Amazon ECR container image.

    " }, - "epssScore":{ + "ecrImageHash":{ + "shape":"StringFilterList", + "documentation":"

    Details of the Amazon ECR image hashes used to filter findings.

    " + }, + "ecrImageLastInUseAt":{ + "shape":"DateFilterList", + "documentation":"

    Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod.

    " + }, + "ecrImageInUseCount":{ "shape":"NumberFilterList", - "documentation":"

    The EPSS score used to filter findings.

    " + "documentation":"

    Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use.

    " }, - "exploitAvailable":{ + "portRange":{ + "shape":"PortRangeFilterList", + "documentation":"

    Details on the port ranges used to filter findings.

    " + }, + "networkProtocol":{ "shape":"StringFilterList", - "documentation":"

    Filters the list of Amazon Web Services Lambda findings by the availability of exploits.

    " + "documentation":"

    Details on network protocol used to filter findings.

    " }, - "findingArn":{ + "componentId":{ "shape":"StringFilterList", - "documentation":"

    Details on the finding ARNs used to filter findings.

    " + "documentation":"

    Details of the component IDs used to filter findings.

    " }, - "findingStatus":{ + "componentType":{ "shape":"StringFilterList", - "documentation":"

    Details on the finding status types used to filter findings.

    " + "documentation":"

    Details of the component types used to filter findings.

    " }, - "findingType":{ + "vulnerabilityId":{ "shape":"StringFilterList", - "documentation":"

    Details on the finding types used to filter findings.

    " + "documentation":"

    Details on the vulnerability ID used to filter findings.

    " }, - "firstObservedAt":{ - "shape":"DateFilterList", - "documentation":"

    Details on the date and time a finding was first seen used to filter findings.

    " + "vulnerabilitySource":{ + "shape":"StringFilterList", + "documentation":"

    Details on the vulnerability type used to filter findings.

    " }, - "fixAvailable":{ + "vendorSeverity":{ "shape":"StringFilterList", - "documentation":"

    Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

    " + "documentation":"

    Details on the vendor severity used to filter findings.

    " }, - "inspectorScore":{ - "shape":"NumberFilterList", - "documentation":"

    The Amazon Inspector score to filter on.

    " + "vulnerablePackages":{ + "shape":"PackageFilterList", + "documentation":"

    Details on the vulnerable packages used to filter findings.

    " }, - "lambdaFunctionExecutionRoleArn":{ + "relatedVulnerabilities":{ "shape":"StringFilterList", - "documentation":"

    Filters the list of Amazon Web Services Lambda functions by execution role.

    " - }, - "lambdaFunctionLastModifiedAt":{ - "shape":"DateFilterList", - "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format

    " + "documentation":"

    Details on the related vulnerabilities used to filter findings.

    " }, - "lambdaFunctionLayers":{ + "fixAvailable":{ "shape":"StringFilterList", - "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers.

    " + "documentation":"

    Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

    " }, "lambdaFunctionName":{ "shape":"StringFilterList", "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the name of the function.

    " }, + "lambdaFunctionLayers":{ + "shape":"StringFilterList", + "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers.

    " + }, "lambdaFunctionRuntime":{ "shape":"StringFilterList", "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function.

    " }, - "lastObservedAt":{ + "lambdaFunctionLastModifiedAt":{ "shape":"DateFilterList", - "documentation":"

    Details on the date and time a finding was last seen used to filter findings.

    " - }, - "networkProtocol":{ - "shape":"StringFilterList", - "documentation":"

    Details on network protocol used to filter findings.

    " - }, - "portRange":{ - "shape":"PortRangeFilterList", - "documentation":"

    Details on the port ranges used to filter findings.

    " + "documentation":"

    Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format

    " }, - "relatedVulnerabilities":{ + "lambdaFunctionExecutionRoleArn":{ "shape":"StringFilterList", - "documentation":"

    Details on the related vulnerabilities used to filter findings.

    " + "documentation":"

    Filters the list of Amazon Web Services Lambda functions by execution role.

    " }, - "resourceId":{ + "exploitAvailable":{ "shape":"StringFilterList", - "documentation":"

    Details on the resource IDs used to filter findings.

    " - }, - "resourceTags":{ - "shape":"MapFilterList", - "documentation":"

    Details on the resource tags used to filter findings.

    " + "documentation":"

    Filters the list of Amazon Web Services Lambda findings by the availability of exploits.

    " }, - "resourceType":{ + "codeVulnerabilityDetectorName":{ "shape":"StringFilterList", - "documentation":"

    Details on the resource types used to filter findings.

    " + "documentation":"

    The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.

    " }, - "severity":{ + "codeVulnerabilityDetectorTags":{ "shape":"StringFilterList", - "documentation":"

    Details on the severity used to filter findings.

    " + "documentation":"

    The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.

    " }, - "title":{ + "codeVulnerabilityFilePath":{ "shape":"StringFilterList", - "documentation":"

    Details on the finding title used to filter findings.

    " - }, - "updatedAt":{ - "shape":"DateFilterList", - "documentation":"

    Details on the date and time a finding was last updated at used to filter findings.

    " + "documentation":"

    The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.

    " }, - "vendorSeverity":{ - "shape":"StringFilterList", - "documentation":"

    Details on the vendor severity used to filter findings.

    " + "epssScore":{ + "shape":"NumberFilterList", + "documentation":"

    The EPSS score used to filter findings.

    " }, - "vulnerabilityId":{ + "codeRepositoryProjectName":{ "shape":"StringFilterList", - "documentation":"

    Details on the vulnerability ID used to filter findings.

    " + "documentation":"

    Filter criteria for findings based on the project name in a code repository.

    " }, - "vulnerabilitySource":{ + "codeRepositoryProviderType":{ "shape":"StringFilterList", - "documentation":"

    Details on the vulnerability type used to filter findings.

    " - }, - "vulnerablePackages":{ - "shape":"PackageFilterList", - "documentation":"

    Details on the vulnerable packages used to filter findings.

    " + "documentation":"

    Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.).

    " } }, "documentation":"

    Details on the criteria used to define the filter.

    " @@ -4556,53 +5800,65 @@ "Finding":{ "type":"structure", "required":[ + "findingArn", "awsAccountId", + "type", "description", - "findingArn", - "firstObservedAt", - "lastObservedAt", "remediation", - "resources", "severity", + "firstObservedAt", + "lastObservedAt", "status", - "type" + "resources" ], "members":{ + "findingArn":{ + "shape":"FindingArn", + "documentation":"

    The Amazon Resource Number (ARN) of the finding.

    " + }, "awsAccountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID associated with the finding.

    " }, - "codeVulnerabilityDetails":{ - "shape":"CodeVulnerabilityDetails", - "documentation":"

    Details about the code vulnerability identified in a Lambda function used to filter findings.

    " + "type":{ + "shape":"FindingType", + "documentation":"

    The type of the finding. The type value determines the valid values for resource in your request. For more information, see Finding types in the Amazon Inspector user guide.

    " }, "description":{ "shape":"FindingDescription", "documentation":"

    The description of the finding.

    " }, - "epss":{ - "shape":"EpssDetails", - "documentation":"

    The finding's EPSS score.

    " - }, - "exploitAvailable":{ - "shape":"ExploitAvailable", - "documentation":"

    If a finding discovered in your environment has an exploit available.

    " + "title":{ + "shape":"FindingTitle", + "documentation":"

    The title of the finding.

    " }, - "exploitabilityDetails":{ - "shape":"ExploitabilityDetails", - "documentation":"

    The details of an exploit available for a finding discovered in your environment.

    " + "remediation":{ + "shape":"Remediation", + "documentation":"

    An object that contains the details about how to remediate a finding.

    " }, - "findingArn":{ - "shape":"FindingArn", - "documentation":"

    The Amazon Resource Number (ARN) of the finding.

    " + "severity":{ + "shape":"Severity", + "documentation":"

    The severity of the finding. UNTRIAGED applies to PACKAGE_VULNERABILITY type findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide.

    " }, "firstObservedAt":{ "shape":"DateTimeTimestamp", "documentation":"

    The date and time that the finding was first observed.

    " }, - "fixAvailable":{ - "shape":"FixAvailable", - "documentation":"

    Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

    " + "lastObservedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated.

    " + }, + "updatedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time the finding was last updated at.

    " + }, + "status":{ + "shape":"FindingStatus", + "documentation":"

    The status of the finding.

    " + }, + "resources":{ + "shape":"ResourceList", + "documentation":"

    Contains information on the resources involved in a finding. The resource value determines the valid values for type in your request. For more information, see Finding types in the Amazon Inspector user guide.

    " }, "inspectorScore":{ "shape":"Double", @@ -4612,10 +5868,6 @@ "shape":"InspectorScoreDetails", "documentation":"

    An object that contains details of the Amazon Inspector score.

    " }, - "lastObservedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated.

    " - }, "networkReachabilityDetails":{ "shape":"NetworkReachabilityDetails", "documentation":"

    An object that contains the details of a network reachability finding.

    " @@ -4624,33 +5876,25 @@ "shape":"PackageVulnerabilityDetails", "documentation":"

    An object that contains the details of a package vulnerability finding.

    " }, - "remediation":{ - "shape":"Remediation", - "documentation":"

    An object that contains the details about how to remediate a finding.

    " - }, - "resources":{ - "shape":"ResourceList", - "documentation":"

    Contains information on the resources involved in a finding. The resource value determines the valid values for type in your request. For more information, see Finding types in the Amazon Inspector user guide.

    " - }, - "severity":{ - "shape":"Severity", - "documentation":"

    The severity of the finding. UNTRIAGED applies to PACKAGE_VULNERABILITY type findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide.

    " + "fixAvailable":{ + "shape":"FixAvailable", + "documentation":"

    Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

    " }, - "status":{ - "shape":"FindingStatus", - "documentation":"

    The status of the finding.

    " + "exploitAvailable":{ + "shape":"ExploitAvailable", + "documentation":"

    If a finding discovered in your environment has an exploit available.

    " }, - "title":{ - "shape":"FindingTitle", - "documentation":"

    The title of the finding.

    " + "exploitabilityDetails":{ + "shape":"ExploitabilityDetails", + "documentation":"

    The details of an exploit available for a finding discovered in your environment.

    " }, - "type":{ - "shape":"FindingType", - "documentation":"

    The type of the finding. The type value determines the valid values for resource in your request. For more information, see Finding types in the Amazon Inspector user guide.

    " + "codeVulnerabilityDetails":{ + "shape":"CodeVulnerabilityDetails", + "documentation":"

    Details about the code vulnerability identified in a Lambda function used to filter findings.

    " }, - "updatedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time the finding was last updated at.

    " + "epss":{ + "shape":"EpssDetails", + "documentation":"

    The finding's EPSS score.

    " } }, "documentation":"

    Details about an Amazon Inspector finding.

    " @@ -4659,7 +5903,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:finding/[a-f0-9]{32}$" + "pattern":"arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:finding/[a-f0-9]{32}" }, "FindingArnList":{ "type":"list", @@ -4675,45 +5919,45 @@ "FindingDetail":{ "type":"structure", "members":{ + "findingArn":{ + "shape":"FindingArn", + "documentation":"

    The finding ARN that the vulnerability details are associated with.

    " + }, "cisaData":{ "shape":"CisaData", "documentation":"

    The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.

    " }, - "cwes":{ - "shape":"Cwes", - "documentation":"

    The Common Weakness Enumerations (CWEs) associated with the vulnerability.

    " - }, - "epssScore":{ - "shape":"Double", - "documentation":"

    The Exploit Prediction Scoring System (EPSS) score of the vulnerability.

    " + "riskScore":{ + "shape":"RiskScore", + "documentation":"

    The risk score of the vulnerability.

    " }, "evidences":{ "shape":"EvidenceList", "documentation":"

    Information on the evidence of the vulnerability.

    " }, + "ttps":{ + "shape":"Ttps", + "documentation":"

    The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.

    " + }, + "tools":{ + "shape":"Tools", + "documentation":"

    The known malware tools or kits that can exploit the vulnerability.

    " + }, "exploitObserved":{ "shape":"ExploitObserved", "documentation":"

    Contains information on when this exploit was observed.

    " }, - "findingArn":{ - "shape":"FindingArn", - "documentation":"

    The finding ARN that the vulnerability details are associated with.

    " - }, "referenceUrls":{ "shape":"VulnerabilityReferenceUrls", "documentation":"

    The reference URLs for the vulnerability data.

    " }, - "riskScore":{ - "shape":"RiskScore", - "documentation":"

    The risk score of the vulnerability.

    " - }, - "tools":{ - "shape":"Tools", - "documentation":"

    The known malware tools or kits that can exploit the vulnerability.

    " + "cwes":{ + "shape":"Cwes", + "documentation":"

    The Common Weakness Enumerations (CWEs) associated with the vulnerability.

    " }, - "ttps":{ - "shape":"Ttps", - "documentation":"

    The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.

    " + "epssScore":{ + "shape":"Double", + "documentation":"

    The Exploit Prediction Scoring System (EPSS) score of the vulnerability.

    " } }, "documentation":"

    Details of the vulnerability identified in a finding.

    " @@ -4726,11 +5970,15 @@ "FindingDetailsError":{ "type":"structure", "required":[ + "findingArn", "errorCode", - "errorMessage", - "findingArn" + "errorMessage" ], "members":{ + "findingArn":{ + "shape":"FindingArn", + "documentation":"

    The finding ARN that returned an error.

    " + }, "errorCode":{ "shape":"FindingDetailsErrorCode", "documentation":"

    The error code.

    " @@ -4738,10 +5986,6 @@ "errorMessage":{ "shape":"NonEmptyString", "documentation":"

    The error message.

    " - }, - "findingArn":{ - "shape":"FindingArn", - "documentation":"

    The finding ARN that returned an error.

    " } }, "documentation":"

    Details about an error encountered when trying to return vulnerability data for a finding.

    " @@ -4797,13 +6041,13 @@ "shape":"AggregationResourceType", "documentation":"

    The resource type to aggregate.

    " }, - "sortBy":{ - "shape":"FindingTypeSortBy", - "documentation":"

    The value to sort results by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " + }, + "sortBy":{ + "shape":"FindingTypeSortBy", + "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on finding type.

    " @@ -4815,6 +6059,10 @@ "shape":"AccountId", "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " }, + "severityCounts":{ + "shape":"SeverityCounts", + "documentation":"

    The value to sort results by.

    " + }, "exploitAvailableCount":{ "shape":"Long", "documentation":"

    The number of findings that have an exploit available.

    " @@ -4822,10 +6070,6 @@ "fixAvailableCount":{ "shape":"Long", "documentation":"

    Details about the number of fixes.

    " - }, - "severityCounts":{ - "shape":"SeverityCounts", - "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    A response that contains the results of a finding type aggregation.

    " @@ -4872,27 +6116,27 @@ "FreeTrialInfo":{ "type":"structure", "required":[ - "end", + "type", "start", - "status", - "type" + "end", + "status" ], "members":{ - "end":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the Amazon Inspector free trail ends for a given account.

    " + "type":{ + "shape":"FreeTrialType", + "documentation":"

    The type of scan covered by the Amazon Inspector free trail.

    " }, "start":{ "shape":"Timestamp", "documentation":"

    The date and time that the Amazon Inspector free trail started for a given account.

    " }, + "end":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the Amazon Inspector free trail ends for a given account.

    " + }, "status":{ "shape":"FreeTrialStatus", "documentation":"

    The order to sort results by.

    " - }, - "type":{ - "shape":"FreeTrialType", - "documentation":"

    The type of scan covered by the Amazon Inspector free trail.

    " } }, "documentation":"

    An object that contains information about the Amazon Inspector free trial for an account.

    " @@ -4948,21 +6192,23 @@ "EC2", "ECR", "LAMBDA", - "LAMBDA_CODE" + "LAMBDA_CODE", + "CODE_REPOSITORY" ] }, + "FrequencyExpression":{ + "type":"string", + "max":256, + "min":1 + }, "FunctionName":{ "type":"string", - "pattern":"^[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$" + "pattern":"[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?" }, "GetCisScanReportRequest":{ "type":"structure", "required":["scanArn"], "members":{ - "reportFormat":{ - "shape":"CisReportFormat", - "documentation":"

    The format of the report. Valid values are PDF and CSV. If no value is specified, the report format defaults to PDF.

    " - }, "scanArn":{ "shape":"CisScanArn", "documentation":"

    The scan ARN.

    " @@ -4970,19 +6216,23 @@ "targetAccounts":{ "shape":"ReportTargetAccounts", "documentation":"

    The target accounts.

    " + }, + "reportFormat":{ + "shape":"CisReportFormat", + "documentation":"

    The format of the report. Valid values are PDF and CSV. If no value is specified, the report format defaults to PDF.

    " } } }, "GetCisScanReportResponse":{ "type":"structure", "members":{ - "status":{ - "shape":"CisReportStatus", - "documentation":"

    The status.

    " - }, "url":{ "shape":"String", "documentation":"

    The URL where a PDF or CSV of the CIS scan report can be downloaded.

    " + }, + "status":{ + "shape":"CisReportStatus", + "documentation":"

    The status.

    " } } }, @@ -4995,11 +6245,19 @@ "GetCisScanResultDetailsRequest":{ "type":"structure", "required":[ - "accountId", "scanArn", - "targetResourceId" + "targetResourceId", + "accountId" ], "members":{ + "scanArn":{ + "shape":"CisScanArn", + "documentation":"

    The scan ARN.

    " + }, + "targetResourceId":{ + "shape":"ResourceId", + "documentation":"

    The target resource ID.

    " + }, "accountId":{ "shape":"AccountId", "documentation":"

    The account ID.

    " @@ -5008,18 +6266,6 @@ "shape":"CisScanResultDetailsFilterCriteria", "documentation":"

    The filter criteria.

    " }, - "maxResults":{ - "shape":"GetCisScanResultDetailsMaxResults", - "documentation":"

    The maximum number of CIS scan result details to be returned in a single page of results.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, - "scanArn":{ - "shape":"CisScanArn", - "documentation":"

    The scan ARN.

    " - }, "sortBy":{ "shape":"CisScanResultDetailsSortBy", "documentation":"

    The sort by order.

    " @@ -5028,47 +6274,257 @@ "shape":"CisSortOrder", "documentation":"

    The sort order.

    " }, - "targetResourceId":{ - "shape":"ResourceId", - "documentation":"

    The target resource ID.

    " + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + }, + "maxResults":{ + "shape":"GetCisScanResultDetailsMaxResults", + "documentation":"

    The maximum number of CIS scan result details to be returned in a single page of results.

    " } } }, "GetCisScanResultDetailsResponse":{ "type":"structure", "members":{ + "scanResultDetails":{ + "shape":"CisScanResultDetailsList", + "documentation":"

    The scan result details.

    " + }, "nextToken":{ "shape":"NextToken", "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + } + } + }, + "GetClustersForImageNextToken":{ + "type":"string", + "max":3000, + "min":1 + }, + "GetClustersForImageRequest":{ + "type":"structure", + "required":["filter"], + "members":{ + "filter":{ + "shape":"ClusterForImageFilterCriteria", + "documentation":"

    The resource Id for the Amazon ECR image.

    " }, - "scanResultDetails":{ - "shape":"CisScanResultDetailsList", - "documentation":"

    The scan result details.

    " + "maxResults":{ + "shape":"GetClustersForImageRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to be returned in a single page of results.

    " + }, + "nextToken":{ + "shape":"GetClustersForImageNextToken", + "documentation":"

    The pagination token from a previous request used to retrieve the next page of results.

    " } } }, - "GetConfigurationRequest":{ + "GetClustersForImageRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "GetClustersForImageResponse":{ "type":"structure", + "required":["cluster"], "members":{ + "cluster":{ + "shape":"ClusterInformationList", + "documentation":"

    A unit of work inside of a cluster, which can include metadata about the cluster.

    " + }, + "nextToken":{ + "shape":"GetClustersForImageNextToken", + "documentation":"

    The pagination token from a previous request used to retrieve the next page of results.

    " + } } }, - "GetConfigurationResponse":{ + "GetCodeSecurityIntegrationRequest":{ "type":"structure", + "required":["integrationArn"], "members":{ - "ec2Configuration":{ - "shape":"Ec2ConfigurationState", - "documentation":"

    Specifies how the Amazon EC2 automated scan mode is currently configured for your environment.

    " + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration to retrieve.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the code security integration.

    " + } + } + }, + "GetCodeSecurityIntegrationResponse":{ + "type":"structure", + "required":[ + "integrationArn", + "name", + "type", + "status", + "statusReason", + "createdOn", + "lastUpdateOn" + ], + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration.

    " + }, + "name":{ + "shape":"IntegrationName", + "documentation":"

    The name of the code security integration.

    " + }, + "type":{ + "shape":"IntegrationType", + "documentation":"

    The type of repository provider for the integration.

    " + }, + "status":{ + "shape":"IntegrationStatus", + "documentation":"

    The current status of the code security integration.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the code security integration.

    " + }, + "createdOn":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the code security integration was created.

    " + }, + "lastUpdateOn":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the code security integration was last updated.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the code security integration.

    " + }, + "authorizationUrl":{ + "shape":"AuthorizationUrl", + "documentation":"

    The URL used to authorize the integration with the repository provider. This is only returned if reauthorization is required to fix a connection issue. Otherwise, it is null.

    " + } + } + }, + "GetCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":["scanConfigurationArn"], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration to retrieve.

    " + } + } + }, + "GetCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration.

    " + }, + "name":{ + "shape":"ScanConfigurationName", + "documentation":"

    The name of the scan configuration.

    " + }, + "configuration":{ + "shape":"CodeSecurityScanConfiguration", + "documentation":"

    The configuration settings for the code security scan.

    " + }, + "level":{ + "shape":"ConfigurationLevel", + "documentation":"

    The security level for the scan configuration.

    " + }, + "scopeSettings":{ + "shape":"ScopeSettings", + "documentation":"

    The scope settings that define which repositories will be scanned. If the ScopeSetting parameter is ALL the scan configuration applies to all existing and future projects imported into Amazon Inspector.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the scan configuration was created.

    " }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the scan configuration was last updated.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the scan configuration.

    " + } + } + }, + "GetCodeSecurityScanRequest":{ + "type":"structure", + "required":[ + "resource", + "scanId" + ], + "members":{ + "resource":{ + "shape":"CodeSecurityResource", + "documentation":"

    The resource identifier for the code repository that was scanned.

    " + }, + "scanId":{ + "shape":"CodeSecurityUuid", + "documentation":"

    The unique identifier of the scan to retrieve.

    " + } + } + }, + "GetCodeSecurityScanResponse":{ + "type":"structure", + "members":{ + "scanId":{ + "shape":"CodeSecurityUuid", + "documentation":"

    The unique identifier of the scan.

    " + }, + "resource":{ + "shape":"CodeSecurityResource", + "documentation":"

    The resource identifier for the code repository that was scanned.

    " + }, + "accountId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services account ID associated with the scan.

    " + }, + "status":{ + "shape":"CodeScanStatus", + "documentation":"

    The current status of the scan.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the scan.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the scan was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the scan was last updated.

    " + }, + "lastCommitId":{ + "shape":"String", + "documentation":"

    The identifier of the last commit that was scanned. This is only returned if the scan was successful or skipped.

    " + } + } + }, + "GetConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "GetConfigurationResponse":{ + "type":"structure", + "members":{ "ecrConfiguration":{ "shape":"EcrConfigurationState", "documentation":"

    Specifies how the ECR automated re-scan duration is currently configured for your environment.

    " + }, + "ec2Configuration":{ + "shape":"Ec2ConfigurationState", + "documentation":"

    Specifies how the Amazon EC2 automated scan mode is currently configured for your environment.

    " } } }, "GetDelegatedAdminAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetDelegatedAdminAccountResponse":{ "type":"structure", @@ -5081,48 +6537,47 @@ }, "GetEc2DeepInspectionConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetEc2DeepInspectionConfigurationResponse":{ "type":"structure", "members":{ - "errorMessage":{ - "shape":"NonEmptyString", - "documentation":"

    An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account.

    " + "packagePaths":{ + "shape":"PathList", + "documentation":"

    The Amazon Inspector deep inspection custom paths for your account.

    " }, "orgPackagePaths":{ "shape":"PathList", "documentation":"

    The Amazon Inspector deep inspection custom paths for your organization.

    " }, - "packagePaths":{ - "shape":"PathList", - "documentation":"

    The Amazon Inspector deep inspection custom paths for your account.

    " - }, "status":{ "shape":"Ec2DeepInspectionStatus", "documentation":"

    The activation status of Amazon Inspector deep inspection in your account.

    " + }, + "errorMessage":{ + "shape":"NonEmptyString", + "documentation":"

    An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account.

    " } } }, "GetEncryptionKeyRequest":{ "type":"structure", "required":[ - "resourceType", - "scanType" + "scanType", + "resourceType" ], "members":{ - "resourceType":{ - "shape":"ResourceType", - "documentation":"

    The resource type the key encrypts.

    ", - "location":"querystring", - "locationName":"resourceType" - }, "scanType":{ "shape":"ScanType", "documentation":"

    The scan type the key encrypts.

    ", "location":"querystring", "locationName":"scanType" + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"

    The resource type the key encrypts.

    ", + "location":"querystring", + "locationName":"resourceType" } } }, @@ -5148,9 +6603,13 @@ "GetFindingsReportStatusResponse":{ "type":"structure", "members":{ - "destination":{ - "shape":"Destination", - "documentation":"

    The destination of the report.

    " + "reportId":{ + "shape":"ReportId", + "documentation":"

    The ID of the report.

    " + }, + "status":{ + "shape":"ExternalReportStatus", + "documentation":"

    The status of the report.

    " }, "errorCode":{ "shape":"ReportingErrorCode", @@ -5160,17 +6619,13 @@ "shape":"ErrorMessage", "documentation":"

    The error message of the report.

    " }, + "destination":{ + "shape":"Destination", + "documentation":"

    The destination of the report.

    " + }, "filterCriteria":{ "shape":"FilterCriteria", "documentation":"

    The filter criteria associated with the report.

    " - }, - "reportId":{ - "shape":"ReportId", - "documentation":"

    The ID of the report.

    " - }, - "status":{ - "shape":"ExternalReportStatus", - "documentation":"

    The status of the report.

    " } } }, @@ -5206,6 +6661,18 @@ "GetSbomExportResponse":{ "type":"structure", "members":{ + "reportId":{ + "shape":"ReportId", + "documentation":"

    The report ID of the software bill of materials (SBOM) report.

    " + }, + "format":{ + "shape":"SbomReportFormat", + "documentation":"

    The format of the software bill of materials (SBOM) report.

    " + }, + "status":{ + "shape":"ExternalReportStatus", + "documentation":"

    The status of the software bill of materials (SBOM) report.

    " + }, "errorCode":{ "shape":"ReportingErrorCode", "documentation":"

    An error code.

    " @@ -5214,28 +6681,37 @@ "shape":"NonEmptyString", "documentation":"

    An error message.

    " }, - "filterCriteria":{ - "shape":"ResourceFilterCriteria", - "documentation":"

    Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.

    " - }, - "format":{ - "shape":"SbomReportFormat", - "documentation":"

    The format of the software bill of materials (SBOM) report.

    " - }, - "reportId":{ - "shape":"ReportId", - "documentation":"

    The report ID of the software bill of materials (SBOM) report.

    " - }, "s3Destination":{ "shape":"Destination", "documentation":"

    Contains details of the Amazon S3 bucket and KMS key used to export findings

    " }, - "status":{ - "shape":"ExternalReportStatus", - "documentation":"

    The status of the software bill of materials (SBOM) report.

    " + "filterCriteria":{ + "shape":"ResourceFilterCriteria", + "documentation":"

    Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.

    " } } }, + "GitHubAuthCode":{ + "type":"string", + "max":1024, + "min":1, + "sensitive":true + }, + "GitHubInstallationId":{ + "type":"string", + "max":1024, + "min":1 + }, + "GitLabAccessToken":{ + "type":"string", + "sensitive":true + }, + "GitLabAuthCode":{ + "type":"string", + "max":1024, + "min":1, + "sensitive":true + }, "GroupKey":{ "type":"string", "enum":[ @@ -5250,15 +6726,11 @@ "type":"string", "max":71, "min":71, - "pattern":"^sha256:[a-z0-9]{64}$" + "pattern":"sha256:[a-z0-9]{64}" }, "ImageLayerAggregation":{ "type":"structure", "members":{ - "layerHashes":{ - "shape":"StringFilterList", - "documentation":"

    The hashes associated with the layers.

    " - }, "repositories":{ "shape":"StringFilterList", "documentation":"

    The repository associated with the container image hosting the layers.

    " @@ -5267,13 +6739,17 @@ "shape":"StringFilterList", "documentation":"

    The ID of the container image layer.

    " }, - "sortBy":{ - "shape":"ImageLayerSortBy", - "documentation":"

    The value to sort results by.

    " + "layerHashes":{ + "shape":"StringFilterList", + "documentation":"

    The hashes associated with the layers.

    " }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " + }, + "sortBy":{ + "shape":"ImageLayerSortBy", + "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on container image layers.

    " @@ -5281,20 +6757,12 @@ "ImageLayerAggregationResponse":{ "type":"structure", "required":[ - "accountId", - "layerHash", "repository", - "resourceId" + "resourceId", + "layerHash", + "accountId" ], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The ID of the Amazon Web Services account that owns the container image hosting the layer image.

    " - }, - "layerHash":{ - "shape":"NonEmptyString", - "documentation":"

    The layer hash.

    " - }, "repository":{ "shape":"NonEmptyString", "documentation":"

    The repository the layer resides in.

    " @@ -5303,6 +6771,14 @@ "shape":"NonEmptyString", "documentation":"

    The resource ID of the container image layer.

    " }, + "layerHash":{ + "shape":"NonEmptyString", + "documentation":"

    The layer hash.

    " + }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the container image hosting the layer image.

    " + }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that represents the count of matched findings per severity.

    " @@ -5332,10 +6808,44 @@ }, "documentation":"

    Information about the Amazon Inspector score given to a finding.

    " }, + "InstanceUrl":{ + "type":"string", + "pattern":"https://[-a-zA-Z0-9()@:%_+.~#?&//=]{1,1024}", + "sensitive":true + }, "Integer":{ "type":"integer", "box":true }, + "IntegrationName":{ + "type":"string", + "max":60, + "min":1, + "pattern":"[a-zA-Z0-9-_$:.]*" + }, + "IntegrationStatus":{ + "type":"string", + "enum":[ + "PENDING", + "IN_PROGRESS", + "ACTIVE", + "INACTIVE", + "DISABLING" + ] + }, + "IntegrationSummaries":{ + "type":"list", + "member":{"shape":"CodeSecurityIntegrationSummary"}, + "max":100, + "min":0 + }, + "IntegrationType":{ + "type":"string", + "enum":[ + "GITLAB_SELF_MANAGED", + "GITHUB" + ] + }, "InternalServerException":{ "type":"structure", "required":["message"], @@ -5358,7 +6868,7 @@ "type":"string", "max":15, "min":7, - "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + "pattern":"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" }, "IpV4AddressList":{ "type":"list", @@ -5375,34 +6885,34 @@ }, "KmsKeyArn":{ "type":"string", - "pattern":"^arn:aws(-(us-gov|cn))?:kms:([a-z0-9][-.a-z0-9]{0,62})?:[0-9]{12}?:key/(([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(mrk-[0-9a-zA-Z]{32}))$" + "pattern":"arn:aws(-(us-gov|cn))?:kms:([a-z0-9][-.a-z0-9]{0,62})?:[0-9]{12}?:key/(([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(mrk-[0-9a-zA-Z]{32}))" }, "LambdaFunctionAggregation":{ "type":"structure", "members":{ - "functionNames":{ - "shape":"StringFilterList", - "documentation":"

    The Amazon Web Services Lambda function names to include in the aggregation results.

    " - }, - "functionTags":{ - "shape":"MapFilterList", - "documentation":"

    The tags to include in the aggregation results.

    " - }, "resourceIds":{ "shape":"StringFilterList", "documentation":"

    The resource IDs to include in the aggregation results.

    " }, + "functionNames":{ + "shape":"StringFilterList", + "documentation":"

    The Amazon Web Services Lambda function names to include in the aggregation results.

    " + }, "runtimes":{ "shape":"StringFilterList", "documentation":"

    Returns findings aggregated by Amazon Web Services Lambda function runtime environments.

    " }, - "sortBy":{ - "shape":"LambdaFunctionSortBy", - "documentation":"

    The finding severity to use for sorting the results.

    " + "functionTags":{ + "shape":"MapFilterList", + "documentation":"

    The tags to include in the aggregation results.

    " }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to use for sorting the results.

    " + }, + "sortBy":{ + "shape":"LambdaFunctionSortBy", + "documentation":"

    The finding severity to use for sorting the results.

    " } }, "documentation":"

    The details that define a findings aggregation based on Amazon Web Services Lambda functions.

    " @@ -5411,33 +6921,33 @@ "type":"structure", "required":["resourceId"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function.

    " + "resourceId":{ + "shape":"NonEmptyString", + "documentation":"

    The resource IDs included in the aggregation results.

    " }, "functionName":{ "shape":"String", "documentation":"

    The Amazon Web Services Lambda function names included in the aggregation results.

    " }, + "runtime":{ + "shape":"String", + "documentation":"

    The runtimes included in the aggregation results.

    " + }, "lambdaTags":{ "shape":"TagMap", "documentation":"

    The tags included in the aggregation results.

    " }, - "lastModifiedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date that the Amazon Web Services Lambda function included in the aggregation results was last changed.

    " - }, - "resourceId":{ - "shape":"NonEmptyString", - "documentation":"

    The resource IDs included in the aggregation results.

    " - }, - "runtime":{ - "shape":"String", - "documentation":"

    The runtimes included in the aggregation results.

    " + "accountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function.

    " }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that contains the counts of aggregated finding per severity.

    " + }, + "lastModifiedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date that the Amazon Web Services Lambda function included in the aggregation results was last changed.

    " } }, "documentation":"

    A response that contains the results of an Amazon Web Services Lambda function finding aggregation.

    " @@ -5445,10 +6955,6 @@ "LambdaFunctionMetadata":{ "type":"structure", "members":{ - "functionName":{ - "shape":"String", - "documentation":"

    The name of a function.

    " - }, "functionTags":{ "shape":"TagMap", "documentation":"

    The resource tags on an Amazon Web Services Lambda function.

    " @@ -5457,6 +6963,10 @@ "shape":"LambdaLayerList", "documentation":"

    The layers for an Amazon Web Services Lambda function. A Lambda function can have up to five layers.

    " }, + "functionName":{ + "shape":"String", + "documentation":"

    The name of a function.

    " + }, "runtime":{ "shape":"Runtime", "documentation":"

    An Amazon Web Services Lambda function's runtime.

    " @@ -5479,21 +6989,21 @@ "shape":"StringFilterList", "documentation":"

    The names of the Amazon Web Services Lambda functions associated with the layers.

    " }, - "layerArns":{ - "shape":"StringFilterList", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.

    " - }, "resourceIds":{ "shape":"StringFilterList", "documentation":"

    The resource IDs for the Amazon Web Services Lambda function layers.

    " }, - "sortBy":{ - "shape":"LambdaLayerSortBy", - "documentation":"

    The finding severity to use for sorting the results.

    " + "layerArns":{ + "shape":"StringFilterList", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.

    " }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to use for sorting the results.

    " + }, + "sortBy":{ + "shape":"LambdaLayerSortBy", + "documentation":"

    The finding severity to use for sorting the results.

    " } }, "documentation":"

    The details that define a findings aggregation based on an Amazon Web Services Lambda function's layers.

    " @@ -5501,27 +7011,27 @@ "LambdaLayerAggregationResponse":{ "type":"structure", "required":[ - "accountId", "functionName", + "resourceId", "layerArn", - "resourceId" + "accountId" ], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The account ID of the Amazon Web Services Lambda function layer.

    " - }, "functionName":{ "shape":"NonEmptyString", "documentation":"

    The names of the Amazon Web Services Lambda functions associated with the layers.

    " }, + "resourceId":{ + "shape":"NonEmptyString", + "documentation":"

    The Resource ID of the Amazon Web Services Lambda function layer.

    " + }, "layerArn":{ "shape":"NonEmptyString", "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.

    " }, - "resourceId":{ - "shape":"NonEmptyString", - "documentation":"

    The Resource ID of the Amazon Web Services Lambda function layer.

    " + "accountId":{ + "shape":"AccountId", + "documentation":"

    The account ID of the Amazon Web Services Lambda function layer.

    " }, "severityCounts":{ "shape":"SeverityCounts", @@ -5532,7 +7042,7 @@ }, "LambdaLayerArn":{ "type":"string", - "pattern":"^arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\\d{12}:layer:[a-zA-Z0-9-_]+:[0-9]+$" + "pattern":"arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\\d{12}:layer:[a-zA-Z0-9-_]+:[0-9]+" }, "LambdaLayerList":{ "type":"list", @@ -5551,14 +7061,14 @@ "LambdaVpcConfig":{ "type":"structure", "members":{ - "securityGroupIds":{ - "shape":"SecurityGroupIdList", - "documentation":"

    The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.

    " - }, "subnetIds":{ "shape":"SubnetIdList", "documentation":"

    A list of VPC subnet IDs.

    " }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

    The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.

    " + }, "vpcId":{ "shape":"VpcId", "documentation":"

    The ID of the VPC.

    " @@ -5582,6 +7092,10 @@ "ListAccountPermissionsRequest":{ "type":"structure", "members":{ + "service":{ + "shape":"Service", + "documentation":"

    The service scan type to check permissions for.

    " + }, "maxResults":{ "shape":"ListAccountPermissionsMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " @@ -5589,10 +7103,6 @@ "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " - }, - "service":{ - "shape":"Service", - "documentation":"

    The service scan type to check permissions for.

    " } } }, @@ -5600,23 +7110,19 @@ "type":"structure", "required":["permissions"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " - }, "permissions":{ "shape":"Permissions", "documentation":"

    Contains details on the permissions an account has to configure Amazon Inspector.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " } } }, "ListCisScanConfigurationsFilterCriteria":{ "type":"structure", "members":{ - "scanConfigurationArnFilters":{ - "shape":"CisScanConfigurationArnFilterList", - "documentation":"

    The list of scan configuration ARN filters.

    " - }, "scanNameFilters":{ "shape":"CisScanNameFilterList", "documentation":"

    The list of scan name filters.

    " @@ -5624,6 +7130,10 @@ "targetResourceTagFilters":{ "shape":"ResourceTagFilterList", "documentation":"

    The list of target resource tag filters.

    " + }, + "scanConfigurationArnFilters":{ + "shape":"CisScanConfigurationArnFilterList", + "documentation":"

    The list of scan configuration ARN filters.

    " } }, "documentation":"

    A list of CIS scan configurations filter criteria.

    " @@ -5641,14 +7151,6 @@ "shape":"ListCisScanConfigurationsFilterCriteria", "documentation":"

    The CIS scan configuration filter criteria.

    " }, - "maxResults":{ - "shape":"ListCisScanConfigurationsMaxResults", - "documentation":"

    The maximum number of CIS scan configurations to be returned in a single page of results.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "sortBy":{ "shape":"CisScanConfigurationsSortBy", "documentation":"

    The CIS scan configuration sort by order.

    " @@ -5656,19 +7158,27 @@ "sortOrder":{ "shape":"CisSortOrder", "documentation":"

    The CIS scan configuration sort order order.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + }, + "maxResults":{ + "shape":"ListCisScanConfigurationsMaxResults", + "documentation":"

    The maximum number of CIS scan configurations to be returned in a single page of results.

    " } } }, "ListCisScanConfigurationsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "scanConfigurations":{ "shape":"CisScanConfigurationList", "documentation":"

    The CIS scan configuration scan configurations.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " } } }, @@ -5676,22 +7186,14 @@ "type":"structure", "required":["scanArn"], "members":{ - "filterCriteria":{ - "shape":"CisScanResultsAggregatedByChecksFilterCriteria", - "documentation":"

    The filter criteria.

    " - }, - "maxResults":{ - "shape":"CisScanResultsMaxResults", - "documentation":"

    The maximum number of scan results aggregated by checks to be returned in a single page of results.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "scanArn":{ "shape":"CisScanArn", "documentation":"

    The scan ARN.

    " }, + "filterCriteria":{ + "shape":"CisScanResultsAggregatedByChecksFilterCriteria", + "documentation":"

    The filter criteria.

    " + }, "sortBy":{ "shape":"CisScanResultsAggregatedByChecksSortBy", "documentation":"

    The sort by order.

    " @@ -5699,6 +7201,14 @@ "sortOrder":{ "shape":"CisSortOrder", "documentation":"

    The sort order.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + }, + "maxResults":{ + "shape":"CisScanResultsMaxResults", + "documentation":"

    The maximum number of scan results aggregated by checks to be returned in a single page of results.

    " } } }, @@ -5719,22 +7229,14 @@ "type":"structure", "required":["scanArn"], "members":{ - "filterCriteria":{ - "shape":"CisScanResultsAggregatedByTargetResourceFilterCriteria", - "documentation":"

    The filter criteria.

    " - }, - "maxResults":{ - "shape":"CisScanResultsMaxResults", - "documentation":"

    The maximum number of scan results aggregated by a target resource to be returned in a single page of results.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "scanArn":{ "shape":"CisScanArn", "documentation":"

    The scan ARN.

    " }, + "filterCriteria":{ + "shape":"CisScanResultsAggregatedByTargetResourceFilterCriteria", + "documentation":"

    The filter criteria.

    " + }, "sortBy":{ "shape":"CisScanResultsAggregatedByTargetResourceSortBy", "documentation":"

    The sort by order.

    " @@ -5742,19 +7244,27 @@ "sortOrder":{ "shape":"CisSortOrder", "documentation":"

    The sort order.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + }, + "maxResults":{ + "shape":"CisScanResultsMaxResults", + "documentation":"

    The maximum number of scan results aggregated by a target resource to be returned in a single page of results.

    " } } }, "ListCisScanResultsAggregatedByTargetResourceResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "targetResourceAggregations":{ "shape":"CisTargetResourceAggregationList", "documentation":"

    The resource aggregations.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " } } }, @@ -5768,13 +7278,21 @@ "ListCisScansFilterCriteria":{ "type":"structure", "members":{ - "failedChecksFilters":{ - "shape":"CisNumberFilterList", - "documentation":"

    The list of failed checks filters.

    " + "scanNameFilters":{ + "shape":"CisScanNameFilterList", + "documentation":"

    The list of scan name filters.

    " }, - "scanArnFilters":{ - "shape":"CisScanArnFilterList", - "documentation":"

    The list of scan ARN filters.

    " + "targetResourceTagFilters":{ + "shape":"ResourceTagFilterList", + "documentation":"

    The list of target resource tag filters.

    " + }, + "targetResourceIdFilters":{ + "shape":"ResourceIdFilterList", + "documentation":"

    The list of target resource ID filters.

    " + }, + "scanStatusFilters":{ + "shape":"CisScanStatusFilterList", + "documentation":"

    The list of scan status filters.

    " }, "scanAtFilters":{ "shape":"CisScanDateFilterList", @@ -5784,29 +7302,21 @@ "shape":"CisScanConfigurationArnFilterList", "documentation":"

    The list of scan configuration ARN filters.

    " }, - "scanNameFilters":{ - "shape":"CisScanNameFilterList", - "documentation":"

    The list of scan name filters.

    " - }, - "scanStatusFilters":{ - "shape":"CisScanStatusFilterList", - "documentation":"

    The list of scan status filters.

    " + "scanArnFilters":{ + "shape":"CisScanArnFilterList", + "documentation":"

    The list of scan ARN filters.

    " }, "scheduledByFilters":{ "shape":"CisScheduledByFilterList", "documentation":"

    The list of scheduled by filters.

    " }, + "failedChecksFilters":{ + "shape":"CisNumberFilterList", + "documentation":"

    The list of failed checks filters.

    " + }, "targetAccountIdFilters":{ "shape":"AccountIdFilterList", "documentation":"

    The list of target account ID filters.

    " - }, - "targetResourceIdFilters":{ - "shape":"ResourceIdFilterList", - "documentation":"

    The list of target resource ID filters.

    " - }, - "targetResourceTagFilters":{ - "shape":"ResourceTagFilterList", - "documentation":"

    The list of target resource tag filters.

    " } }, "documentation":"

    A list of CIS scans filter criteria.

    " @@ -5820,21 +7330,13 @@ "ListCisScansRequest":{ "type":"structure", "members":{ - "detailLevel":{ - "shape":"ListCisScansDetailLevel", - "documentation":"

    The detail applied to the CIS scan.

    " - }, "filterCriteria":{ "shape":"ListCisScansFilterCriteria", "documentation":"

    The CIS scan filter criteria.

    " }, - "maxResults":{ - "shape":"ListCisScansMaxResults", - "documentation":"

    The maximum number of results to be returned.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + "detailLevel":{ + "shape":"ListCisScansDetailLevel", + "documentation":"

    The detail applied to the CIS scan.

    " }, "sortBy":{ "shape":"ListCisScansSortBy", @@ -5843,19 +7345,27 @@ "sortOrder":{ "shape":"CisSortOrder", "documentation":"

    The CIS scans sort order.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " + }, + "maxResults":{ + "shape":"ListCisScansMaxResults", + "documentation":"

    The maximum number of results to be returned.

    " } } }, "ListCisScansResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " - }, "scans":{ "shape":"CisScanList", "documentation":"

    The CIS scans.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token from a previous request that's used to retrieve the next page of results.

    " } } }, @@ -5868,6 +7378,119 @@ "FAILED_CHECKS" ] }, + "ListCodeSecurityIntegrationsRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListCodeSecurityIntegrationsRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to return in a single call.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListCodeSecurityIntegrationsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListCodeSecurityIntegrationsResponse":{ + "type":"structure", + "members":{ + "integrations":{ + "shape":"IntegrationSummaries", + "documentation":"

    A list of code security integration summaries.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " + } + } + }, + "ListCodeSecurityScanConfigurationAssociationsRequest":{ + "type":"structure", + "required":["scanConfigurationArn"], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration to list associations for.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListCodeSecurityScanConfigurationAssociationsRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to return in the response. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListCodeSecurityScanConfigurationAssociationsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListCodeSecurityScanConfigurationAssociationsResponse":{ + "type":"structure", + "members":{ + "associations":{ + "shape":"CodeSecurityScanConfigurationAssociationSummaries", + "documentation":"

    A list of associations between code repositories and scan configurations.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " + } + } + }, + "ListCodeSecurityScanConfigurationsRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListCodeSecurityScanConfigurationsRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to return in a single call.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListCodeSecurityScanConfigurationsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListCodeSecurityScanConfigurationsResponse":{ + "type":"structure", + "members":{ + "configurations":{ + "shape":"CodeSecurityScanConfigurationSummaries", + "documentation":"

    A list of code security scan configuration summaries.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " + } + } + }, "ListCoverageMaxResults":{ "type":"integer", "box":true, @@ -5877,10 +7500,6 @@ "ListCoverageRequest":{ "type":"structure", "members":{ - "filterCriteria":{ - "shape":"CoverageFilterCriteria", - "documentation":"

    An object that contains details on the filters to apply to the coverage data for your environment.

    " - }, "maxResults":{ "shape":"ListCoverageMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " @@ -5888,19 +7507,23 @@ "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " + }, + "filterCriteria":{ + "shape":"CoverageFilterCriteria", + "documentation":"

    An object that contains details on the filters to apply to the coverage data for your environment.

    " } } }, "ListCoverageResponse":{ "type":"structure", "members":{ - "coveredResources":{ - "shape":"CoveredResources", - "documentation":"

    An object that contains details on the covered resources in your environment.

    " - }, "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " + }, + "coveredResources":{ + "shape":"CoveredResources", + "documentation":"

    An object that contains details on the covered resources in your environment.

    " } } }, @@ -5929,13 +7552,13 @@ "shape":"CountsList", "documentation":"

    An array with the number for each group.

    " }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " - }, "totalCounts":{ "shape":"Long", "documentation":"

    The total number for all groups.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " } } }, @@ -5980,21 +7603,21 @@ "ListFiltersRequest":{ "type":"structure", "members":{ - "action":{ - "shape":"FilterAction", - "documentation":"

    The action the filter applies to matched findings.

    " - }, "arns":{ "shape":"FilterArnList", "documentation":"

    The Amazon resource number (ARN) of the filter.

    " }, - "maxResults":{ - "shape":"ListFilterMaxResults", - "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " + "action":{ + "shape":"FilterAction", + "documentation":"

    The action the filter applies to matched findings.

    " }, "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " + }, + "maxResults":{ + "shape":"ListFilterMaxResults", + "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " } } }, @@ -6022,25 +7645,25 @@ "type":"structure", "required":["aggregationType"], "members":{ - "accountIds":{ - "shape":"StringFilterList", - "documentation":"

    The Amazon Web Services account IDs to retrieve finding aggregation data for.

    " - }, - "aggregationRequest":{ - "shape":"AggregationRequest", - "documentation":"

    Details of the aggregation request that is used to filter your aggregation results.

    " - }, "aggregationType":{ "shape":"AggregationType", "documentation":"

    The type of the aggregation request.

    " }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " + }, "maxResults":{ "shape":"ListFindingAggregationsMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " + "accountIds":{ + "shape":"StringFilterList", + "documentation":"

    The Amazon Web Services account IDs to retrieve finding aggregation data for.

    " + }, + "aggregationRequest":{ + "shape":"AggregationRequest", + "documentation":"

    Details of the aggregation request that is used to filter your aggregation results.

    " } } }, @@ -6052,13 +7675,13 @@ "shape":"AggregationType", "documentation":"

    The type of aggregation to perform.

    " }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " - }, "responses":{ "shape":"AggregationResponseList", "documentation":"

    Objects that contain the results of an aggregation operation.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " } } }, @@ -6071,10 +7694,6 @@ "ListFindingsRequest":{ "type":"structure", "members":{ - "filterCriteria":{ - "shape":"FilterCriteria", - "documentation":"

    Details on the filters to apply to your finding results.

    " - }, "maxResults":{ "shape":"ListFindingsMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " @@ -6083,6 +7702,10 @@ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " }, + "filterCriteria":{ + "shape":"FilterCriteria", + "documentation":"

    Details on the filters to apply to your finding results.

    " + }, "sortCriteria":{ "shape":"SortCriteria", "documentation":"

    Details on the sort criteria to apply to your finding results.

    " @@ -6092,13 +7715,13 @@ "ListFindingsResponse":{ "type":"structure", "members":{ - "findings":{ - "shape":"FindingList", - "documentation":"

    Contains details on the findings in your environment.

    " - }, "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

    " + }, + "findings":{ + "shape":"FindingList", + "documentation":"

    Contains details on the findings in your environment.

    " } } }, @@ -6111,6 +7734,10 @@ "ListMembersRequest":{ "type":"structure", "members":{ + "onlyAssociated":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to list only currently associated members if True or to list all members within the organization if False.

    " + }, "maxResults":{ "shape":"ListMembersMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " @@ -6118,10 +7745,6 @@ "nextToken":{ "shape":"NextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " - }, - "onlyAssociated":{ - "shape":"Boolean", - "documentation":"

    Specifies whether to list only currently associated members if True or to list all members within the organization if False.

    " } } }, @@ -6172,10 +7795,6 @@ "ListUsageTotalsRequest":{ "type":"structure", "members":{ - "accountIds":{ - "shape":"UsageAccountIdList", - "documentation":"

    The Amazon Web Services account IDs to retrieve usage totals for.

    " - }, "maxResults":{ "shape":"ListUsageTotalsMaxResults", "documentation":"

    The maximum number of results the response can return. If your request would return more than the maximum the response will return a nextToken value, use this value when you call the action again to get the remaining results.

    " @@ -6183,6 +7802,10 @@ "nextToken":{ "shape":"ListUsageTotalsNextToken", "documentation":"

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the maxResults maximum value it will also return a nextToken value. For subsequent calls, use the nextToken value returned from the previous request to continue listing results after the first page.

    " + }, + "accountIds":{ + "shape":"UsageAccountIdList", + "documentation":"

    The Amazon Web Services account IDs to retrieve usage totals for.

    " } } }, @@ -6252,14 +7875,14 @@ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID of the member account.

    " }, - "delegatedAdminAccountId":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.

    " - }, "relationshipStatus":{ "shape":"RelationshipStatus", "documentation":"

    The status of the member account.

    " }, + "delegatedAdminAccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.

    " + }, "updatedAt":{ "shape":"DateTimeTimestamp", "documentation":"

    A timestamp showing when the status of this member was last updated.

    " @@ -6299,13 +7922,13 @@ "shape":"AccountId", "documentation":"

    The unique identifier for the Amazon Web Services account of the organization member

    " }, - "errorMessage":{ - "shape":"NonEmptyString", - "documentation":"

    The error message explaining why the account failed to activate Amazon Inspector deep inspection.

    " - }, "status":{ "shape":"Ec2DeepInspectionStatus", "documentation":"

    The state of Amazon Inspector deep inspection in the member account.

    " + }, + "errorMessage":{ + "shape":"NonEmptyString", + "documentation":"

    The error message explaining why the account failed to activate Amazon Inspector deep inspection.

    " } }, "documentation":"

    An object that contains details about the state of Amazon Inspector deep inspection for a member account.

    " @@ -6324,7 +7947,7 @@ }, "MeteringAccountId":{ "type":"string", - "pattern":"[0-9]{12}" + "pattern":".*[0-9]{12}.*" }, "MonthlyCostEstimate":{ "type":"double", @@ -6333,17 +7956,17 @@ "MonthlySchedule":{ "type":"structure", "required":[ - "day", - "startTime" + "startTime", + "day" ], "members":{ - "day":{ - "shape":"Day", - "documentation":"

    The monthly schedule's day.

    " - }, "startTime":{ "shape":"Time", "documentation":"

    The monthly schedule's start time.

    " + }, + "day":{ + "shape":"Day", + "documentation":"

    The monthly schedule's day.

    " } }, "documentation":"

    A monthly schedule.

    " @@ -6368,15 +7991,11 @@ "NetworkReachabilityDetails":{ "type":"structure", "required":[ - "networkPath", "openPortRange", - "protocol" + "protocol", + "networkPath" ], "members":{ - "networkPath":{ - "shape":"NetworkPath", - "documentation":"

    An object that contains details about a network path associated with a finding.

    " - }, "openPortRange":{ "shape":"PortRange", "documentation":"

    An object that contains details about the open port range associated with a finding.

    " @@ -6384,6 +8003,10 @@ "protocol":{ "shape":"NetworkProtocol", "documentation":"

    The protocol associated with a finding.

    " + }, + "networkPath":{ + "shape":"NetworkPath", + "documentation":"

    An object that contains details about a network path associated with a finding.

    " } }, "documentation":"

    Contains the details of a network reachability finding.

    " @@ -6404,13 +8027,13 @@ "NumberFilter":{ "type":"structure", "members":{ - "lowerInclusive":{ - "shape":"Double", - "documentation":"

    The lowest number to be included in the filter.

    " - }, "upperInclusive":{ "shape":"Double", "documentation":"

    The highest number to be included in the filter.

    " + }, + "lowerInclusive":{ + "shape":"Double", + "documentation":"

    The lowest number to be included in the filter.

    " } }, "documentation":"

    An object that describes the details of a number filter.

    " @@ -6429,8 +8052,7 @@ }, "OneTimeSchedule":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A one time schedule.

    " }, "Operation":{ @@ -6446,7 +8068,7 @@ "type":"string", "max":34, "min":12, - "pattern":"(^\\d{12}$)|(^o-[a-z0-9]{10,32}$)" + "pattern":".*(^\\d{12}$)|(^o-[a-z0-9]{10,32}$).*" }, "PackageAggregation":{ "type":"structure", @@ -6455,13 +8077,13 @@ "shape":"StringFilterList", "documentation":"

    The names of packages to aggregate findings on.

    " }, - "sortBy":{ - "shape":"PackageSortBy", - "documentation":"

    The value to sort results by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " + }, + "sortBy":{ + "shape":"PackageSortBy", + "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on operating system package type.

    " @@ -6470,14 +8092,14 @@ "type":"structure", "required":["packageName"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " - }, "packageName":{ "shape":"NonEmptyString", "documentation":"

    The name of the operating system package.

    " }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " + }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that contains the count of matched findings per severity.

    " @@ -6494,37 +8116,37 @@ "PackageFilter":{ "type":"structure", "members":{ - "architecture":{ + "name":{ "shape":"StringFilter", - "documentation":"

    An object that contains details on the package architecture type to filter on.

    " + "documentation":"

    An object that contains details on the name of the package to filter on.

    " + }, + "version":{ + "shape":"StringFilter", + "documentation":"

    The package version to filter on.

    " }, "epoch":{ "shape":"NumberFilter", "documentation":"

    An object that contains details on the package epoch to filter on.

    " }, - "filePath":{ - "shape":"StringFilter", - "documentation":"

    An object that contains details on the package file path to filter on.

    " - }, - "name":{ - "shape":"StringFilter", - "documentation":"

    An object that contains details on the name of the package to filter on.

    " - }, "release":{ "shape":"StringFilter", "documentation":"

    An object that contains details on the package release to filter on.

    " }, - "sourceLambdaLayerArn":{ + "architecture":{ "shape":"StringFilter", - "documentation":"

    An object that describes the details of a string filter.

    " + "documentation":"

    An object that contains details on the package architecture type to filter on.

    " }, "sourceLayerHash":{ "shape":"StringFilter", "documentation":"

    An object that contains details on the source layer hash to filter on.

    " }, - "version":{ + "sourceLambdaLayerArn":{ "shape":"StringFilter", - "documentation":"

    The package version to filter on.

    " + "documentation":"

    An object that describes the details of a string filter.

    " + }, + "filePath":{ + "shape":"StringFilter", + "documentation":"

    An object that contains details on the package file path to filter on.

    " } }, "documentation":"

    Contains information on the details of a package filter.

    " @@ -6591,49 +8213,49 @@ "PackageVulnerabilityDetails":{ "type":"structure", "required":[ - "source", - "vulnerabilityId" + "vulnerabilityId", + "source" ], "members":{ + "vulnerabilityId":{ + "shape":"VulnerabilityId", + "documentation":"

    The ID given to this vulnerability.

    " + }, + "vulnerablePackages":{ + "shape":"VulnerablePackageList", + "documentation":"

    The packages impacted by this vulnerability.

    " + }, + "source":{ + "shape":"NonEmptyString", + "documentation":"

    The source of the vulnerability information.

    " + }, "cvss":{ "shape":"CvssScoreList", "documentation":"

    An object that contains details about the CVSS score of a finding.

    " }, - "referenceUrls":{ - "shape":"NonEmptyStringList", - "documentation":"

    One or more URLs that contain details about this vulnerability type.

    " - }, "relatedVulnerabilities":{ "shape":"VulnerabilityIdList", "documentation":"

    One or more vulnerabilities related to the one identified in this finding.

    " }, - "source":{ - "shape":"NonEmptyString", - "documentation":"

    The source of the vulnerability information.

    " - }, "sourceUrl":{ "shape":"NonEmptyString", "documentation":"

    A URL to the source of the vulnerability information.

    " }, - "vendorCreatedAt":{ - "shape":"DateTimeTimestamp", - "documentation":"

    The date and time that this vulnerability was first added to the vendor's database.

    " - }, "vendorSeverity":{ "shape":"NonEmptyString", "documentation":"

    The severity the vendor has given to this vulnerability type.

    " }, + "vendorCreatedAt":{ + "shape":"DateTimeTimestamp", + "documentation":"

    The date and time that this vulnerability was first added to the vendor's database.

    " + }, "vendorUpdatedAt":{ "shape":"DateTimeTimestamp", "documentation":"

    The date and time the vendor last updated this vulnerability in their database.

    " }, - "vulnerabilityId":{ - "shape":"VulnerabilityId", - "documentation":"

    The ID given to this vulnerability.

    " - }, - "vulnerablePackages":{ - "shape":"VulnerablePackageList", - "documentation":"

    The packages impacted by this vulnerability.

    " + "referenceUrls":{ + "shape":"NonEmptyStringList", + "documentation":"

    One or more URLs that contain details about this vulnerability type.

    " } }, "documentation":"

    Information about a package vulnerability finding.

    " @@ -6642,7 +8264,7 @@ "type":"string", "max":512, "min":1, - "pattern":"^(?:/(?:\\.[-\\w]+|[-\\w]+(?:\\.[-\\w]+)?))+/?$" + "pattern":"(?:/(?:\\.[-\\w]+|[-\\w]+(?:\\.[-\\w]+)?))+/?" }, "PathList":{ "type":"list", @@ -6650,20 +8272,42 @@ "max":5, "min":0 }, + "PeriodicScanConfiguration":{ + "type":"structure", + "members":{ + "frequency":{ + "shape":"PeriodicScanFrequency", + "documentation":"

    The frequency at which periodic scans are performed (such as weekly or monthly).

    If you don't provide the frequencyExpression Amazon Inspector chooses day for the scan to run. If you provide the frequencyExpression, the schedule must match the specified frequency.

    " + }, + "frequencyExpression":{ + "shape":"FrequencyExpression", + "documentation":"

    The schedule expression for periodic scans, in cron format.

    " + } + }, + "documentation":"

    Configuration settings for periodic scans that run on a scheduled basis.

    " + }, + "PeriodicScanFrequency":{ + "type":"string", + "enum":[ + "WEEKLY", + "MONTHLY", + "NEVER" + ] + }, "Permission":{ "type":"structure", "required":[ - "operation", - "service" + "service", + "operation" ], "members":{ - "operation":{ - "shape":"Operation", - "documentation":"

    The operations that can be performed with the given permissions.

    " - }, "service":{ "shape":"Service", "documentation":"

    The services that the permissions allow an account to perform the given operations for.

    " + }, + "operation":{ + "shape":"Operation", + "documentation":"

    The operations that can be performed with the given permissions.

    " } }, "documentation":"

    Contains information on the permissions an account has within Amazon Inspector.

    " @@ -6739,6 +8383,64 @@ "max":32, "min":0 }, + "ProjectCodeSecurityScanConfiguration":{ + "type":"structure", + "members":{ + "periodicScanConfigurations":{ + "shape":"ProjectPeriodicScanConfigurationList", + "documentation":"

    The periodic scan configurations applied to the project.

    " + }, + "continuousIntegrationScanConfigurations":{ + "shape":"ProjectContinuousIntegrationScanConfigurationList", + "documentation":"

    The continuous integration scan configurations applied to the project.

    " + } + }, + "documentation":"

    Contains the scan configuration settings applied to a specific project in a code repository.

    " + }, + "ProjectContinuousIntegrationScanConfiguration":{ + "type":"structure", + "members":{ + "supportedEvent":{ + "shape":"ContinuousIntegrationScanEvent", + "documentation":"

    The repository event that triggers continuous integration scans for the project.

    " + }, + "ruleSetCategories":{ + "shape":"RuleSetCategories", + "documentation":"

    The categories of security rules applied during continuous integration scans for the project.

    " + } + }, + "documentation":"

    Contains the continuous integration scan configuration settings applied to a specific project.

    " + }, + "ProjectContinuousIntegrationScanConfigurationList":{ + "type":"list", + "member":{"shape":"ProjectContinuousIntegrationScanConfiguration"} + }, + "ProjectId":{ + "type":"string", + "pattern":"project-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, + "ProjectPeriodicScanConfiguration":{ + "type":"structure", + "members":{ + "frequencyExpression":{ + "shape":"FrequencyExpression", + "documentation":"

    The schedule expression for periodic scans, in cron format, applied to the project.

    " + }, + "ruleSetCategories":{ + "shape":"RuleSetCategories", + "documentation":"

    The categories of security rules applied during periodic scans for the project.

    " + } + }, + "documentation":"

    Contains the periodic scan configuration settings applied to a specific project.

    " + }, + "ProjectPeriodicScanConfigurationList":{ + "type":"list", + "member":{"shape":"ProjectPeriodicScanConfiguration"} + }, + "ProjectSelectionScope":{ + "type":"string", + "enum":["ALL"] + }, "Reason":{ "type":"string", "max":1024, @@ -6747,13 +8449,13 @@ "Recommendation":{ "type":"structure", "members":{ - "Url":{ - "shape":"NonEmptyString", - "documentation":"

    The URL address to the CVE remediation recommendations.

    " - }, "text":{ "shape":"NonEmptyString", "documentation":"

    The recommended course of action to remediate the finding.

    " + }, + "Url":{ + "shape":"NonEmptyString", + "documentation":"

    The URL address to the CVE remediation recommendations.

    " } }, "documentation":"

    Details about the recommended course of action to remediate the finding.

    " @@ -6810,7 +8512,7 @@ }, "ReportId":{ "type":"string", - "pattern":"\\b[a-f0-9]{8}\\b-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-\\b[a-f0-9]{12}\\b" + "pattern":".*\\b[a-f0-9]{8}\\b-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-\\b[a-f0-9]{12}\\b.*" }, "ReportTargetAccounts":{ "type":"list", @@ -6836,13 +8538,13 @@ "shape":"StringFilterList", "documentation":"

    The names of repositories to aggregate findings on.

    " }, - "sortBy":{ - "shape":"RepositorySortBy", - "documentation":"

    The value to sort results by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " + }, + "sortBy":{ + "shape":"RepositorySortBy", + "documentation":"

    The value to sort results by.

    " } }, "documentation":"

    The details that define an aggregation based on repository.

    " @@ -6851,21 +8553,21 @@ "type":"structure", "required":["repository"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " - }, - "affectedImages":{ - "shape":"Long", - "documentation":"

    The number of container images impacted by the findings.

    " - }, "repository":{ "shape":"NonEmptyString", "documentation":"

    The name of the repository associated with the findings.

    " }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " + }, "severityCounts":{ "shape":"SeverityCounts", "documentation":"

    An object that represent the count of matched findings per severity.

    " + }, + "affectedImages":{ + "shape":"Long", + "documentation":"

    The number of container images impacted by the findings.

    " } }, "documentation":"

    A response that contains details on the results of a finding aggregation by repository.

    " @@ -6882,35 +8584,34 @@ "ResetEncryptionKeyRequest":{ "type":"structure", "required":[ - "resourceType", - "scanType" + "scanType", + "resourceType" ], "members":{ - "resourceType":{ - "shape":"ResourceType", - "documentation":"

    The resource type the key encrypts.

    " - }, "scanType":{ "shape":"ScanType", "documentation":"

    The scan type the key encrypts.

    " + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"

    The resource type the key encrypts.

    " } } }, "ResetEncryptionKeyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Resource":{ "type":"structure", "required":[ - "id", - "type" + "type", + "id" ], "members":{ - "details":{ - "shape":"ResourceDetails", - "documentation":"

    An object that contains details about the resource involved in a finding.

    " + "type":{ + "shape":"ResourceType", + "documentation":"

    The type of resource.

    " }, "id":{ "shape":"NonEmptyString", @@ -6928,9 +8629,9 @@ "shape":"TagMap", "documentation":"

    The tags attached to the resource.

    " }, - "type":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " + "details":{ + "shape":"ResourceDetails", + "documentation":"

    An object that contains details about the resource involved in a finding.

    " } }, "documentation":"

    Details about the resource involved in a finding.

    " @@ -6949,6 +8650,10 @@ "awsLambdaFunction":{ "shape":"AwsLambdaFunctionDetails", "documentation":"

    A summary of the information about an Amazon Web Services Lambda function affected by a finding.

    " + }, + "codeRepository":{ + "shape":"CodeRepositoryDetails", + "documentation":"

    Contains details about a code repository resource associated with a finding.

    " } }, "documentation":"

    Contains details about the resource involved in the finding.

    " @@ -6960,13 +8665,13 @@ "shape":"ResourceStringFilterList", "documentation":"

    The account IDs used as resource filter criteria.

    " }, - "ec2InstanceTags":{ - "shape":"ResourceMapFilterList", - "documentation":"

    The EC2 instance tags used as resource filter criteria.

    " + "resourceId":{ + "shape":"ResourceStringFilterList", + "documentation":"

    The resource IDs used as resource filter criteria.

    " }, - "ecrImageTags":{ + "resourceType":{ "shape":"ResourceStringFilterList", - "documentation":"

    The ECR image tags used as resource filter criteria.

    " + "documentation":"

    The resource types used as resource filter criteria.

    " }, "ecrRepositoryName":{ "shape":"ResourceStringFilterList", @@ -6976,17 +8681,17 @@ "shape":"ResourceStringFilterList", "documentation":"

    The Amazon Web Services Lambda function name used as resource filter criteria.

    " }, + "ecrImageTags":{ + "shape":"ResourceStringFilterList", + "documentation":"

    The ECR image tags used as resource filter criteria.

    " + }, + "ec2InstanceTags":{ + "shape":"ResourceMapFilterList", + "documentation":"

    The EC2 instance tags used as resource filter criteria.

    " + }, "lambdaFunctionTags":{ "shape":"ResourceMapFilterList", "documentation":"

    The Amazon Web Services Lambda function tags used as resource filter criteria.

    " - }, - "resourceId":{ - "shape":"ResourceStringFilterList", - "documentation":"

    The resource IDs used as resource filter criteria.

    " - }, - "resourceType":{ - "shape":"ResourceStringFilterList", - "documentation":"

    The resource types used as resource filter criteria.

    " } }, "documentation":"

    The resource filter criteria for a Software bill of materials (SBOM) report.

    " @@ -6995,7 +8700,7 @@ "type":"string", "max":341, "min":10, - "pattern":"(^arn:.*:ecr:.*:\\d{12}:repository\\/(?:[a-z0-9]+(?:[._-][a-z0-9]+)*\\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*(\\/sha256:[a-z0-9]{64})?$)|(^i-([a-z0-9]{8}|[a-z0-9]{17}|\\\\*)$|(^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$))" + "pattern":".*(^arn:.*:ecr:.*:\\d{12}:repository\\/(?:[a-z0-9]+(?:[._-][a-z0-9]+)*\\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*(\\/sha256:[a-z0-9]{64})?$)|(^i-([a-z0-9]{8}|[a-z0-9]{17}|\\\\*)$|(^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_\\.]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?$)|(^arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:codesecurity-integration\\/[a-f0-9-]{36}\\/project-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$)).*" }, "ResourceIdFilterList":{ "type":"list", @@ -7057,21 +8762,25 @@ "ResourceScanMetadata":{ "type":"structure", "members":{ - "ec2":{ - "shape":"Ec2Metadata", - "documentation":"

    An object that contains metadata details for an Amazon EC2 instance.

    " + "ecrRepository":{ + "shape":"EcrRepositoryMetadata", + "documentation":"

    An object that contains details about the repository an Amazon ECR image resides in.

    " }, "ecrImage":{ "shape":"EcrContainerImageMetadata", "documentation":"

    An object that contains details about the container metadata for an Amazon ECR image.

    " }, - "ecrRepository":{ - "shape":"EcrRepositoryMetadata", - "documentation":"

    An object that contains details about the repository an Amazon ECR image resides in.

    " + "ec2":{ + "shape":"Ec2Metadata", + "documentation":"

    An object that contains metadata details for an Amazon EC2 instance.

    " }, "lambdaFunction":{ "shape":"LambdaFunctionMetadata", "documentation":"

    An object that contains metadata details for an Amazon Web Services Lambda function.

    " + }, + "codeRepository":{ + "shape":"CodeRepositoryMetadata", + "documentation":"

    Contains metadata about scan coverage for a code repository resource.

    " } }, "documentation":"

    An object that contains details about the metadata for an Amazon ECR resource.

    " @@ -7082,7 +8791,8 @@ "EC2", "ECR", "LAMBDA", - "LAMBDA_CODE" + "LAMBDA_CODE", + "CODE_REPOSITORY" ] }, "ResourceState":{ @@ -7107,7 +8817,8 @@ "lambdaCode":{ "shape":"State", "documentation":"

    An object that described the state of Amazon Inspector scans for an account.

    " - } + }, + "codeRepository":{"shape":"State"} }, "documentation":"

    Details the state of Amazon Inspector for each resource type Amazon Inspector scans.

    " }, @@ -7133,6 +8844,10 @@ "lambdaCode":{ "shape":"Status", "documentation":"

    The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions.

    " + }, + "codeRepository":{ + "shape":"Status", + "documentation":"

    The status of Amazon Inspector scanning for code repositories.

    " } }, "documentation":"

    Details the status of Amazon Inspector for each resource type Amazon Inspector scans.

    " @@ -7185,7 +8900,8 @@ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", - "AWS_LAMBDA_FUNCTION" + "AWS_LAMBDA_FUNCTION", + "CODE_REPOSITORY" ] }, "RiskScore":{ @@ -7197,6 +8913,20 @@ "max":500, "min":1 }, + "RuleSetCategories":{ + "type":"list", + "member":{"shape":"RuleSetCategory"}, + "max":3, + "min":1 + }, + "RuleSetCategory":{ + "type":"string", + "enum":[ + "SAST", + "IAC", + "SCA" + ] + }, "Runtime":{ "type":"string", "enum":[ @@ -7230,6 +8960,17 @@ "SPDX_2_3" ] }, + "ScanConfigurationArn":{ + "type":"string", + "documentation":"

    arn:aws:inspector2:::owner//codesecurity-configuration/

    ", + "pattern":"arn:(aws[a-zA-Z-]*)?:inspector2:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:owner/(\\d{12}|o-[a-z0-9]{10,32})/codesecurity-configuration/[a-f0-9-]{36}" + }, + "ScanConfigurationName":{ + "type":"string", + "max":60, + "min":1, + "pattern":"[a-zA-Z0-9-_$:.]*" + }, "ScanMode":{ "type":"string", "enum":[ @@ -7240,17 +8981,17 @@ "ScanStatus":{ "type":"structure", "required":[ - "reason", - "statusCode" + "statusCode", + "reason" ], "members":{ - "reason":{ - "shape":"ScanStatusReason", - "documentation":"

    The scan status. Possible return values and descriptions are:

    PENDING_INITIAL_SCAN - This resource has been identified for scanning, results will be available soon.

    ACCESS_DENIED - Resource access policy restricting Amazon Inspector access. Please update the IAM policy.

    INTERNAL_ERROR - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.

    UNMANAGED_EC2_INSTANCE - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.

    UNSUPPORTED_OS - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.

    SCAN_ELIGIBILITY_EXPIRED - The configured scan duration has lapsed for this image.

    RESOURCE_TERMINATED - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.

    SUCCESSFUL - The scan was successful.

    NO_RESOURCES_FOUND - Reserved for future use.

    IMAGE_SIZE_EXCEEDED - Reserved for future use.

    SCAN_FREQUENCY_MANUAL - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.

    SCAN_FREQUENCY_SCAN_ON_PUSH - This image will be scanned one time and will not new findings because of the scan frequency configuration.

    EC2_INSTANCE_STOPPED - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it’s in a stopped state.

    PENDING_DISABLE - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.

    NO INVENTORY - Amazon Inspector couldn’t find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of InspectorInventoryCollection-do-not-delete association in the SSM console for the resource. Additionally, you can verify the instance’s inventory in the SSM Fleet Manager console.

    STALE_INVENTORY - Amazon Inspector wasn’t able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.

    EXCLUDED_BY_TAG - This resource was not scanned because it has been excluded by a tag.

    UNSUPPORTED_RUNTIME - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.

    UNSUPPORTED_MEDIA_TYPE - The ECR image has an unsupported media type.

    UNSUPPORTED_CONFIG_FILE - Reserved for future use.

    DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.

    DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.

    DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.

    DEEP_INSPECTION_NO_INVENTORY The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance.

    " - }, "statusCode":{ "shape":"ScanStatusCode", "documentation":"

    The status code of the scan.

    " + }, + "reason":{ + "shape":"ScanStatusReason", + "documentation":"

    The scan status. Possible return values and descriptions are:

    ACCESS_DENIED - Resource access policy restricting Amazon Inspector access. Please update the IAM policy.

    ACCESS_DENIED_TO_ENCRYPTION_KEY - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy.

    DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.

    DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.

    DEEP_INSPECTION_NO_INVENTORY - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance.

    DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.

    EC2_INSTANCE_STOPPED - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state.

    EXCLUDED_BY_TAG - This resource was not scanned because it has been excluded by a tag.

    IMAGE_SIZE_EXCEEDED - Reserved for future use.

    INTEGRATION_CONNNECTION_LOST - Amazon Inspector couldn't communicate with the source code management platform.

    INTERNAL_ERROR - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.

    NO_INVENTORY - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of InspectorInventoryCollection-do-not-delete association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console.

    NO_RESOURCES_FOUND - Reserved for future use.

    NO_SCAN_CONFIGURATION_ASSOCIATED - The code repository resource doesn't have an associated scan configuration.

    PENDING_DISABLE - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.

    PENDING_INITIAL_SCAN - This resource has been identified for scanning, results will be available soon.

    RESOURCE_TERMINATED - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.

    SCAN_ELIGIBILITY_EXPIRED - The configured scan duration has lapsed for this image.

    SCAN_FREQUENCY_MANUAL - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.

    SCAN_FREQUENCY_SCAN_ON_PUSH - This image will be scanned one time and will not new findings because of the scan frequency configuration.

    SCAN_IN_PROGRESS - The resource is currently being scanned.

    STALE_INVENTORY - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.

    SUCCESSFUL - The scan was successful.

    UNMANAGED_EC2_INSTANCE - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.

    UNSUPPORTED_CONFIG_FILE - Reserved for future use.

    UNSUPPORTED_LANGUAGE - The scan was unsuccessful because the repository contains files in an unsupported programming language.

    UNSUPPORTED_MEDIA_TYPE - The ECR image has an unsupported media type.

    UNSUPPORTED_OS - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.

    UNSUPPORTED_RUNTIME - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.

    " } }, "documentation":"

    The status of the scan.

    " @@ -7290,7 +9031,13 @@ "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED", "DEEP_INSPECTION_NO_INVENTORY", "AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED", - "AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED" + "AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED", + "PENDING_REVIVAL_SCAN", + "INTEGRATION_CONNECTION_LOST", + "ACCESS_DENIED_TO_ENCRYPTION_KEY", + "UNSUPPORTED_LANGUAGE", + "NO_SCAN_CONFIGURATION_ASSOCIATED", + "SCAN_IN_PROGRESS" ] }, "ScanType":{ @@ -7304,26 +9051,36 @@ "Schedule":{ "type":"structure", "members":{ - "daily":{ - "shape":"DailySchedule", - "documentation":"

    The schedule's daily.

    " - }, - "monthly":{ - "shape":"MonthlySchedule", - "documentation":"

    The schedule's monthly.

    " - }, "oneTime":{ "shape":"OneTimeSchedule", "documentation":"

    The schedule's one time.

    " }, + "daily":{ + "shape":"DailySchedule", + "documentation":"

    The schedule's daily.

    " + }, "weekly":{ "shape":"WeeklySchedule", "documentation":"

    The schedule's weekly.

    " + }, + "monthly":{ + "shape":"MonthlySchedule", + "documentation":"

    The schedule's monthly.

    " } }, "documentation":"

    A schedule.

    ", "union":true }, + "ScopeSettings":{ + "type":"structure", + "members":{ + "projectSelectionScope":{ + "shape":"ProjectSelectionScope", + "documentation":"

    The scope of projects to be selected for scanning within the integrated repositories. Setting the value to ALL applies the scope settings to all existing and future projects imported into Amazon Inspector.

    " + } + }, + "documentation":"

    Defines the scope of repositories to be included in code security scans.

    " + }, "SearchVulnerabilitiesFilterCriteria":{ "type":"structure", "required":["vulnerabilityIds"], @@ -7353,19 +9110,19 @@ "type":"structure", "required":["vulnerabilities"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination parameter to be used on the next list operation to retrieve more items.

    " - }, "vulnerabilities":{ "shape":"Vulnerabilities", "documentation":"

    Details about the listed vulnerability.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination parameter to be used on the next list operation to retrieve more items.

    " } } }, "SecurityGroupId":{ "type":"string", - "pattern":"^sg-([a-z0-9]{8}|[a-z0-9]{17}|\\*)$" + "pattern":"sg-([a-z0-9]{8}|[a-z0-9]{17}|\\*)" }, "SecurityGroupIdList":{ "type":"list", @@ -7392,21 +9149,16 @@ }, "SendCisSessionHealthResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "SendCisSessionTelemetryRequest":{ "type":"structure", "required":[ - "messages", "scanJobId", - "sessionToken" + "sessionToken", + "messages" ], "members":{ - "messages":{ - "shape":"CisSessionMessages", - "documentation":"

    The CIS session telemetry messages.

    " - }, "scanJobId":{ "shape":"UUID", "documentation":"

    A unique identifier for the scan job.

    " @@ -7414,13 +9166,16 @@ "sessionToken":{ "shape":"UUID", "documentation":"

    The unique token that identifies the CIS session.

    " + }, + "messages":{ + "shape":"CisSessionMessages", + "documentation":"

    The CIS session telemetry messages.

    " } } }, "SendCisSessionTelemetryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Service":{ "type":"string", @@ -7468,17 +9223,17 @@ "shape":"Long", "documentation":"

    The total count of findings from all severities.

    " }, - "critical":{ + "medium":{ "shape":"Long", - "documentation":"

    The total count of critical severity findings.

    " + "documentation":"

    The total count of medium severity findings.

    " }, "high":{ "shape":"Long", "documentation":"

    The total count of high severity findings.

    " }, - "medium":{ + "critical":{ "shape":"Long", - "documentation":"

    The total count of medium severity findings.

    " + "documentation":"

    The total count of critical severity findings.

    " } }, "documentation":"

    An object that contains the counts of aggregated finding per severity.

    " @@ -7534,7 +9289,7 @@ "type":"string", "max":71, "min":71, - "pattern":"^sha256:[a-z0-9]{64}$" + "pattern":"sha256:[a-z0-9]{64}" }, "StartCisSessionMessage":{ "type":"structure", @@ -7550,33 +9305,64 @@ "StartCisSessionRequest":{ "type":"structure", "required":[ - "message", - "scanJobId" + "scanJobId", + "message" ], "members":{ - "message":{ - "shape":"StartCisSessionMessage", - "documentation":"

    The start CIS session message.

    " - }, "scanJobId":{ "shape":"UUID", "documentation":"

    A unique identifier for the scan job.

    " + }, + "message":{ + "shape":"StartCisSessionMessage", + "documentation":"

    The start CIS session message.

    " } } }, "StartCisSessionResponse":{ "type":"structure", + "members":{} + }, + "StartCodeSecurityScanRequest":{ + "type":"structure", + "required":["resource"], "members":{ + "clientToken":{ + "shape":"CodeSecurityClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", + "idempotencyToken":true + }, + "resource":{ + "shape":"CodeSecurityResource", + "documentation":"

    The resource identifier for the code repository to scan.

    " + } + } + }, + "StartCodeSecurityScanResponse":{ + "type":"structure", + "members":{ + "scanId":{ + "shape":"CodeSecurityUuid", + "documentation":"

    The unique identifier of the initiated scan.

    " + }, + "status":{ + "shape":"CodeScanStatus", + "documentation":"

    The current status of the initiated scan.

    " + } } }, "State":{ "type":"structure", "required":[ + "status", "errorCode", - "errorMessage", - "status" + "errorMessage" ], "members":{ + "status":{ + "shape":"Status", + "documentation":"

    The status of Amazon Inspector for the account.

    " + }, "errorCode":{ "shape":"ErrorCode", "documentation":"

    The error code explaining why the account failed to enable Amazon Inspector.

    " @@ -7584,10 +9370,6 @@ "errorMessage":{ "shape":"NonEmptyString", "documentation":"

    The error message received when the account failed to enable Amazon Inspector.

    " - }, - "status":{ - "shape":"Status", - "documentation":"

    The status of Amazon Inspector for the account.

    " } }, "documentation":"

    An object that described the state of Amazon Inspector scans for an account.

    " @@ -7610,13 +9392,13 @@ "shape":"Integer", "documentation":"

    The number of checks that failed.

    " }, - "passed":{ - "shape":"Integer", - "documentation":"

    The number of checks that passed.

    " - }, "skipped":{ "shape":"Integer", "documentation":"

    The number of checks that were skipped.

    " + }, + "passed":{ + "shape":"Integer", + "documentation":"

    The number of checks that passed.

    " } }, "documentation":"

    The status counts.

    " @@ -7635,6 +9417,10 @@ "componentType":{ "shape":"ComponentType", "documentation":"

    The component type.

    " + }, + "componentArn":{ + "shape":"ComponentArn", + "documentation":"

    The component ARN. The ARN can be null and is not displayed in the Amazon Web Services console.

    " } }, "documentation":"

    Details about the step associated with a finding.

    " @@ -7648,37 +9434,37 @@ "StopCisMessageProgress":{ "type":"structure", "members":{ - "errorChecks":{ - "shape":"CheckCount", - "documentation":"

    The progress' error checks.

    " - }, - "failedChecks":{ + "totalChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' failed checks.

    " + "documentation":"

    The progress' total checks.

    " }, - "informationalChecks":{ + "successfulChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' informational checks.

    " + "documentation":"

    The progress' successful checks.

    " }, - "notApplicableChecks":{ + "failedChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' not applicable checks.

    " + "documentation":"

    The progress' failed checks.

    " }, "notEvaluatedChecks":{ "shape":"CheckCount", "documentation":"

    The progress' not evaluated checks.

    " }, - "successfulChecks":{ + "unknownChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' successful checks.

    " + "documentation":"

    The progress' unknown checks.

    " }, - "totalChecks":{ + "notApplicableChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' total checks.

    " + "documentation":"

    The progress' not applicable checks.

    " }, - "unknownChecks":{ + "informationalChecks":{ "shape":"CheckCount", - "documentation":"

    The progress' unknown checks.

    " + "documentation":"

    The progress' informational checks.

    " + }, + "errorChecks":{ + "shape":"CheckCount", + "documentation":"

    The progress' error checks.

    " } }, "documentation":"

    The stop CIS message progress.

    " @@ -7686,33 +9472,33 @@ "StopCisSessionMessage":{ "type":"structure", "required":[ - "progress", - "status" + "status", + "progress" ], "members":{ - "benchmarkProfile":{ - "shape":"BenchmarkProfile", - "documentation":"

    The message benchmark profile.

    " - }, - "benchmarkVersion":{ - "shape":"BenchmarkVersion", - "documentation":"

    The message benchmark version.

    " + "status":{ + "shape":"StopCisSessionStatus", + "documentation":"

    The status of the message.

    " }, - "computePlatform":{ - "shape":"ComputePlatform", - "documentation":"

    The message compute platform.

    " + "reason":{ + "shape":"Reason", + "documentation":"

    The reason for the message.

    " }, "progress":{ "shape":"StopCisMessageProgress", "documentation":"

    The progress of the message.

    " }, - "reason":{ - "shape":"Reason", - "documentation":"

    The reason for the message.

    " + "computePlatform":{ + "shape":"ComputePlatform", + "documentation":"

    The message compute platform.

    " }, - "status":{ - "shape":"StopCisSessionStatus", - "documentation":"

    The status of the message.

    " + "benchmarkVersion":{ + "shape":"BenchmarkVersion", + "documentation":"

    The message benchmark version.

    " + }, + "benchmarkProfile":{ + "shape":"BenchmarkProfile", + "documentation":"

    The message benchmark profile.

    " } }, "documentation":"

    The stop CIS session message.

    " @@ -7720,15 +9506,11 @@ "StopCisSessionRequest":{ "type":"structure", "required":[ - "message", "scanJobId", - "sessionToken" + "sessionToken", + "message" ], "members":{ - "message":{ - "shape":"StopCisSessionMessage", - "documentation":"

    The stop CIS session message.

    " - }, "scanJobId":{ "shape":"UUID", "documentation":"

    A unique identifier for the scan job.

    " @@ -7736,13 +9518,16 @@ "sessionToken":{ "shape":"UUID", "documentation":"

    The unique token that identifies the CIS session.

    " + }, + "message":{ + "shape":"StopCisSessionMessage", + "documentation":"

    The stop CIS session message.

    " } } }, "StopCisSessionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopCisSessionStatus":{ "type":"string", @@ -7797,7 +9582,7 @@ }, "SubnetId":{ "type":"string", - "pattern":"^subnet-([a-z0-9]{8}|[a-z0-9]{17}|\\*)$" + "pattern":"subnet-([a-z0-9]{8}|[a-z0-9]{17}|\\*)" }, "SubnetIdList":{ "type":"list", @@ -7805,16 +9590,31 @@ "max":16, "min":0 }, - "SuggestedFix":{ + "SuccessfulAssociationResult":{ "type":"structure", "members":{ - "code":{ - "shape":"SuggestedFixCodeString", - "documentation":"

    The fix's code.

    " + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration that was successfully associated or disassociated.

    " }, + "resource":{"shape":"CodeSecurityResource"} + }, + "documentation":"

    Details about a successful association or disassociation between a code repository and a scan configuration.

    " + }, + "SuccessfulAssociationResultList":{ + "type":"list", + "member":{"shape":"SuccessfulAssociationResult"} + }, + "SuggestedFix":{ + "type":"structure", + "members":{ "description":{ "shape":"SuggestedFixDescriptionString", "documentation":"

    The fix's description.

    " + }, + "code":{ + "shape":"SuggestedFixCodeString", + "documentation":"

    The fix's code.

    " } }, "documentation":"

    A suggested fix for a vulnerability in your Lambda function code.

    " @@ -7866,7 +9666,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" + "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" }, "TagKeyList":{ "type":"list", @@ -7904,8 +9704,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValueList":{ "type":"list", @@ -7920,7 +9719,7 @@ }, "TargetAccount":{ "type":"string", - "pattern":"^\\d{12}|ALL_ACCOUNTS|SELF$" + "pattern":"\\d{12}|ALL_ACCOUNTS|SELF" }, "TargetAccountList":{ "type":"list", @@ -7939,7 +9738,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[\\p{L}\\p{Z}\\p{N}_.:/=\\-@]*$" + "pattern":"[\\p{L}\\p{Z}\\p{N}_.:/=\\-@]*" }, "TargetResourceTagsValue":{ "type":"string", @@ -8003,7 +9802,7 @@ }, "TimeOfDay":{ "type":"string", - "pattern":"^([0-1]?[0-9]|2[0-3]):[0-5][0-9]$" + "pattern":"([0-1]?[0-9]|2[0-3]):[0-5][0-9]" }, "Timestamp":{"type":"timestamp"}, "Timezone":{ @@ -8014,29 +9813,29 @@ "TitleAggregation":{ "type":"structure", "members":{ - "findingType":{ - "shape":"AggregationFindingType", - "documentation":"

    The type of finding to aggregate on.

    " + "titles":{ + "shape":"StringFilterList", + "documentation":"

    The finding titles to aggregate on.

    " + }, + "vulnerabilityIds":{ + "shape":"StringFilterList", + "documentation":"

    The vulnerability IDs of the findings.

    " }, "resourceType":{ "shape":"AggregationResourceType", "documentation":"

    The resource type to aggregate on.

    " }, - "sortBy":{ - "shape":"TitleSortBy", - "documentation":"

    The value to sort results by.

    " - }, "sortOrder":{ "shape":"SortOrder", "documentation":"

    The order to sort results by.

    " }, - "titles":{ - "shape":"StringFilterList", - "documentation":"

    The finding titles to aggregate on.

    " + "sortBy":{ + "shape":"TitleSortBy", + "documentation":"

    The value to sort results by.

    " }, - "vulnerabilityIds":{ - "shape":"StringFilterList", - "documentation":"

    The vulnerability IDs of the findings.

    " + "findingType":{ + "shape":"AggregationFindingType", + "documentation":"

    The type of finding to aggregate on.

    " } }, "documentation":"

    The details that define an aggregation based on finding title.

    " @@ -8045,14 +9844,6 @@ "type":"structure", "required":["title"], "members":{ - "accountId":{ - "shape":"AccountId", - "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " - }, - "severityCounts":{ - "shape":"SeverityCounts", - "documentation":"

    An object that represent the count of matched findings per severity.

    " - }, "title":{ "shape":"NonEmptyString", "documentation":"

    The title that the findings were aggregated on.

    " @@ -8060,6 +9851,14 @@ "vulnerabilityId":{ "shape":"String", "documentation":"

    The vulnerability ID of the finding.

    " + }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account associated with the findings.

    " + }, + "severityCounts":{ + "shape":"SeverityCounts", + "documentation":"

    An object that represent the count of matched findings per severity.

    " } }, "documentation":"

    A response that contains details on the results of a finding aggregation by title.

    " @@ -8098,7 +9897,7 @@ }, "UUID":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "UntagResourceRequest":{ "type":"structure", @@ -8123,8 +9922,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCisScanConfigurationRequest":{ "type":"structure", @@ -8138,14 +9936,14 @@ "shape":"CisScanName", "documentation":"

    The scan name for the CIS scan configuration.

    " }, - "schedule":{ - "shape":"Schedule", - "documentation":"

    The schedule for the CIS scan configuration.

    " - }, "securityLevel":{ "shape":"CisSecurityLevel", "documentation":"

    The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.

    " }, + "schedule":{ + "shape":"Schedule", + "documentation":"

    The schedule for the CIS scan configuration.

    " + }, "targets":{ "shape":"UpdateCisTargets", "documentation":"

    The targets for the CIS scan configuration.

    " @@ -8176,23 +9974,82 @@ }, "documentation":"

    Updates CIS targets.

    " }, - "UpdateConfigurationRequest":{ + "UpdateCodeSecurityIntegrationRequest":{ "type":"structure", + "required":[ + "integrationArn", + "details" + ], "members":{ - "ec2Configuration":{ - "shape":"Ec2Configuration", - "documentation":"

    Specifies how the Amazon EC2 automated scan will be updated for your environment.

    " + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration to update.

    " + }, + "details":{ + "shape":"UpdateIntegrationDetails", + "documentation":"

    The updated integration details specific to the repository provider type.

    " + } + } + }, + "UpdateCodeSecurityIntegrationResponse":{ + "type":"structure", + "required":[ + "integrationArn", + "status" + ], + "members":{ + "integrationArn":{ + "shape":"CodeSecurityIntegrationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated code security integration.

    " }, + "status":{ + "shape":"IntegrationStatus", + "documentation":"

    The current status of the updated code security integration.

    " + } + } + }, + "UpdateCodeSecurityScanConfigurationRequest":{ + "type":"structure", + "required":[ + "scanConfigurationArn", + "configuration" + ], + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the scan configuration to update.

    " + }, + "configuration":{ + "shape":"CodeSecurityScanConfiguration", + "documentation":"

    The updated configuration settings for the code security scan.

    " + } + } + }, + "UpdateCodeSecurityScanConfigurationResponse":{ + "type":"structure", + "members":{ + "scanConfigurationArn":{ + "shape":"ScanConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated scan configuration.

    " + } + } + }, + "UpdateConfigurationRequest":{ + "type":"structure", + "members":{ "ecrConfiguration":{ "shape":"EcrConfiguration", "documentation":"

    Specifies how the ECR automated re-scan will be updated for your environment.

    " + }, + "ec2Configuration":{ + "shape":"Ec2Configuration", + "documentation":"

    Specifies how the Amazon EC2 automated scan will be updated for your environment.

    " } } }, "UpdateConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEc2DeepInspectionConfigurationRequest":{ "type":"structure", @@ -8210,21 +10067,21 @@ "UpdateEc2DeepInspectionConfigurationResponse":{ "type":"structure", "members":{ - "errorMessage":{ - "shape":"NonEmptyString", - "documentation":"

    An error message explaining why new Amazon Inspector deep inspection custom paths could not be added.

    " + "packagePaths":{ + "shape":"PathList", + "documentation":"

    The current Amazon Inspector deep inspection custom paths for your account.

    " }, "orgPackagePaths":{ "shape":"PathList", "documentation":"

    The current Amazon Inspector deep inspection custom paths for the organization.

    " }, - "packagePaths":{ - "shape":"PathList", - "documentation":"

    The current Amazon Inspector deep inspection custom paths for your account.

    " - }, "status":{ "shape":"Ec2DeepInspectionStatus", "documentation":"

    The status of Amazon Inspector deep inspection in your account.

    " + }, + "errorMessage":{ + "shape":"NonEmptyString", + "documentation":"

    An error message explaining why new Amazon Inspector deep inspection custom paths could not be added.

    " } } }, @@ -8232,28 +10089,27 @@ "type":"structure", "required":[ "kmsKeyId", - "resourceType", - "scanType" + "scanType", + "resourceType" ], "members":{ "kmsKeyId":{ "shape":"KmsKeyArn", "documentation":"

    A KMS key ID for the encryption key.

    " }, - "resourceType":{ - "shape":"ResourceType", - "documentation":"

    The resource type for the encryption key.

    " - }, "scanType":{ "shape":"ScanType", "documentation":"

    The scan type for the encryption key.

    " + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"

    The resource type for the encryption key.

    " } } }, "UpdateEncryptionKeyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFilterRequest":{ "type":"structure", @@ -8267,10 +10123,6 @@ "shape":"FilterDescription", "documentation":"

    A description of the filter.

    " }, - "filterArn":{ - "shape":"FilterArn", - "documentation":"

    The Amazon Resource Number (ARN) of the filter to update.

    " - }, "filterCriteria":{ "shape":"FilterCriteria", "documentation":"

    Defines the criteria to be update in the filter.

    " @@ -8279,6 +10131,10 @@ "shape":"FilterName", "documentation":"

    The name of the filter.

    " }, + "filterArn":{ + "shape":"FilterArn", + "documentation":"

    The Amazon Resource Number (ARN) of the filter to update.

    " + }, "reason":{ "shape":"FilterReason", "documentation":"

    The reason the filter was updated.

    " @@ -8295,6 +10151,50 @@ } } }, + "UpdateGitHubIntegrationDetail":{ + "type":"structure", + "required":[ + "code", + "installationId" + ], + "members":{ + "code":{ + "shape":"GitHubAuthCode", + "documentation":"

    The authorization code received from GitHub to update the integration.

    " + }, + "installationId":{ + "shape":"GitHubInstallationId", + "documentation":"

    The installation ID of the GitHub App associated with the integration.

    " + } + }, + "documentation":"

    Contains details required to update an integration with GitHub.

    " + }, + "UpdateGitLabSelfManagedIntegrationDetail":{ + "type":"structure", + "required":["authCode"], + "members":{ + "authCode":{ + "shape":"GitLabAuthCode", + "documentation":"

    The authorization code received from the self-managed GitLab instance to update the integration.

    " + } + }, + "documentation":"

    Contains details required to update an integration with a self-managed GitLab instance.

    " + }, + "UpdateIntegrationDetails":{ + "type":"structure", + "members":{ + "gitlabSelfManaged":{ + "shape":"UpdateGitLabSelfManagedIntegrationDetail", + "documentation":"

    Details specific to updating an integration with a self-managed GitLab instance.

    " + }, + "github":{ + "shape":"UpdateGitHubIntegrationDetail", + "documentation":"

    Details specific to updating an integration with GitHub.

    " + } + }, + "documentation":"

    Contains details required to update a code security integration with a specific repository provider.

    ", + "union":true + }, "UpdateOrgEc2DeepInspectionConfigurationRequest":{ "type":"structure", "required":["orgPackagePaths"], @@ -8307,8 +10207,7 @@ }, "UpdateOrgEc2DeepInspectionConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOrganizationConfigurationRequest":{ "type":"structure", @@ -8333,28 +10232,28 @@ "Usage":{ "type":"structure", "members":{ - "currency":{ - "shape":"Currency", - "documentation":"

    The currency type used when calculating usage data.

    " - }, - "estimatedMonthlyCost":{ - "shape":"MonthlyCostEstimate", - "documentation":"

    The estimated monthly cost of Amazon Inspector.

    " + "type":{ + "shape":"UsageType", + "documentation":"

    The type scan.

    " }, "total":{ "shape":"UsageValue", "documentation":"

    The total of usage.

    " }, - "type":{ - "shape":"UsageType", - "documentation":"

    The type scan.

    " + "estimatedMonthlyCost":{ + "shape":"MonthlyCostEstimate", + "documentation":"

    The estimated monthly cost of Amazon Inspector.

    " + }, + "currency":{ + "shape":"Currency", + "documentation":"

    The currency type used when calculating usage data.

    " } }, "documentation":"

    Contains usage information about the cost of Amazon Inspector operation.

    " }, "UsageAccountId":{ "type":"string", - "pattern":"[0-9]{12}" + "pattern":".*[0-9]{12}.*" }, "UsageAccountIdList":{ "type":"list", @@ -8391,7 +10290,11 @@ "ECR_INITIAL_SCAN", "ECR_RESCAN", "LAMBDA_FUNCTION_HOURS", - "LAMBDA_FUNCTION_CODE_HOURS" + "LAMBDA_FUNCTION_CODE_HOURS", + "CODE_REPOSITORY_SAST", + "CODE_REPOSITORY_IAC", + "CODE_REPOSITORY_SCA", + "EC2_AGENTLESS_INSTANCE_HOURS" ] }, "UsageValue":{ @@ -8405,14 +10308,14 @@ "reason" ], "members":{ - "fields":{ - "shape":"ValidationExceptionFields", - "documentation":"

    The fields that failed validation.

    " - }, "message":{"shape":"String"}, "reason":{ "shape":"ValidationExceptionReason", "documentation":"

    The reason for the validation failure.

    " + }, + "fields":{ + "shape":"ValidationExceptionFields", + "documentation":"

    The fields that failed validation.

    " } }, "documentation":"

    The request has failed validation due to missing required fields or having invalid inputs.

    ", @@ -8425,17 +10328,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

    The validation exception message.

    " - }, "name":{ "shape":"String", "documentation":"

    The name of the validation exception.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    The validation exception message.

    " } }, "documentation":"

    An object that describes a validation exception.

    " @@ -8466,15 +10369,15 @@ "VendorUpdatedAt":{"type":"timestamp"}, "Version":{ "type":"string", - "pattern":"^\\$LATEST|[0-9]+$" + "pattern":"\\$LATEST|[0-9]+" }, "VpcId":{ "type":"string", - "pattern":"^vpc-([a-z0-9]{8}|[a-z0-9]{17}|\\*)$" + "pattern":"vpc-([a-z0-9]{8}|[a-z0-9]{17}|\\*)" }, "VulnId":{ "type":"string", - "pattern":"^CVE-[12][0-9]{3}-[0-9]{1,10}$" + "pattern":"CVE-[12][0-9]{3}-[0-9]{1,10}" }, "VulnIdList":{ "type":"list", @@ -8492,73 +10395,77 @@ "type":"structure", "required":["id"], "members":{ - "atigData":{ - "shape":"AtigData", - "documentation":"

    An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.

    " + "id":{ + "shape":"NonEmptyString", + "documentation":"

    The ID for the specific vulnerability.

    " + }, + "cwes":{ + "shape":"Cwes", + "documentation":"

    The Common Weakness Enumeration (CWE) associated with the vulnerability.

    " }, "cisaData":{ "shape":"CisaData", "documentation":"

    An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.

    " }, - "cvss2":{ - "shape":"Cvss2", - "documentation":"

    An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.

    " - }, - "cvss3":{ - "shape":"Cvss3", - "documentation":"

    An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.

    " - }, - "cwes":{ - "shape":"Cwes", - "documentation":"

    The Common Weakness Enumeration (CWE) associated with the vulnerability.

    " + "source":{ + "shape":"VulnerabilitySource", + "documentation":"

    The source of the vulnerability information. Possible results are RHEL, AMAZON_CVE, DEBIAN or NVD.

    " }, "description":{ "shape":"VulnerabilityDescription", "documentation":"

    A description of the vulnerability.

    " }, - "detectionPlatforms":{ - "shape":"DetectionPlatforms", - "documentation":"

    Platforms that the vulnerability can be detected on.

    " - }, - "epss":{ - "shape":"Epss", - "documentation":"

    An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.

    " + "atigData":{ + "shape":"AtigData", + "documentation":"

    An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.

    " }, - "exploitObserved":{ - "shape":"ExploitObserved", - "documentation":"

    An object that contains details on when the exploit was observed.

    " + "vendorSeverity":{ + "shape":"VendorSeverity", + "documentation":"

    The severity assigned by the vendor.

    " }, - "id":{ - "shape":"NonEmptyString", - "documentation":"

    The ID for the specific vulnerability.

    " + "cvss4":{ + "shape":"Cvss4", + "documentation":"

    An object that contains the Common Vulnerability Scoring System (CVSS) Version 4 details for the vulnerability.

    " }, - "referenceUrls":{ - "shape":"VulnerabilityReferenceUrls", - "documentation":"

    Links to various resources with more information on this vulnerability.

    " + "cvss3":{ + "shape":"Cvss3", + "documentation":"

    An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.

    " }, "relatedVulnerabilities":{ "shape":"RelatedVulnerabilities", "documentation":"

    A list of related vulnerabilities.

    " }, - "source":{ - "shape":"VulnerabilitySource", - "documentation":"

    The source of the vulnerability information. Possible results are RHEL, AMAZON_CVE, DEBIAN or NVD.

    " - }, - "sourceUrl":{ - "shape":"VulnerabilitySourceUrl", - "documentation":"

    A link to the official source material for this vulnerability.

    " + "cvss2":{ + "shape":"Cvss2", + "documentation":"

    An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.

    " }, "vendorCreatedAt":{ "shape":"VendorCreatedAt", "documentation":"

    The date and time when the vendor created this vulnerability.

    " }, - "vendorSeverity":{ - "shape":"VendorSeverity", - "documentation":"

    The severity assigned by the vendor.

    " - }, "vendorUpdatedAt":{ "shape":"VendorUpdatedAt", "documentation":"

    The date and time when the vendor last updated this vulnerability.

    " + }, + "sourceUrl":{ + "shape":"VulnerabilitySourceUrl", + "documentation":"

    A link to the official source material for this vulnerability.

    " + }, + "referenceUrls":{ + "shape":"VulnerabilityReferenceUrls", + "documentation":"

    Links to various resources with more information on this vulnerability.

    " + }, + "exploitObserved":{ + "shape":"ExploitObserved", + "documentation":"

    An object that contains details on when the exploit was observed.

    " + }, + "detectionPlatforms":{ + "shape":"DetectionPlatforms", + "documentation":"

    Platforms that the vulnerability can be detected on.

    " + }, + "epss":{ + "shape":"Epss", + "documentation":"

    An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.

    " } }, "documentation":"

    Contains details about a specific vulnerability Amazon Inspector can detect.

    " @@ -8598,14 +10505,34 @@ "version" ], "members":{ - "arch":{ - "shape":"PackageArchitecture", - "documentation":"

    The architecture of the vulnerable package.

    " + "name":{ + "shape":"PackageName", + "documentation":"

    The name of the vulnerable package.

    " + }, + "version":{ + "shape":"PackageVersion", + "documentation":"

    The version of the vulnerable package.

    " + }, + "sourceLayerHash":{ + "shape":"SourceLayerHash", + "documentation":"

    The source layer hash of the vulnerable package.

    " }, "epoch":{ "shape":"PackageEpoch", "documentation":"

    The epoch of the vulnerable package.

    " }, + "release":{ + "shape":"PackageRelease", + "documentation":"

    The release of the vulnerable package.

    " + }, + "arch":{ + "shape":"PackageArchitecture", + "documentation":"

    The architecture of the vulnerable package.

    " + }, + "packageManager":{ + "shape":"PackageManager", + "documentation":"

    The package manager of the vulnerable package.

    " + }, "filePath":{ "shape":"FilePath", "documentation":"

    The file path of the vulnerable package.

    " @@ -8614,18 +10541,6 @@ "shape":"PackageVersion", "documentation":"

    The version of the package that contains the vulnerability fix.

    " }, - "name":{ - "shape":"PackageName", - "documentation":"

    The name of the vulnerable package.

    " - }, - "packageManager":{ - "shape":"PackageManager", - "documentation":"

    The package manager of the vulnerable package.

    " - }, - "release":{ - "shape":"PackageRelease", - "documentation":"

    The release of the vulnerable package.

    " - }, "remediation":{ "shape":"VulnerablePackageRemediation", "documentation":"

    The code to run in your environment to update packages with a fix available.

    " @@ -8633,14 +10548,6 @@ "sourceLambdaLayerArn":{ "shape":"LambdaLayerArn", "documentation":"

    The Amazon Resource Number (ARN) of the Amazon Web Services Lambda function affected by a finding.

    " - }, - "sourceLayerHash":{ - "shape":"SourceLayerHash", - "documentation":"

    The source layer hash of the vulnerable package.

    " - }, - "version":{ - "shape":"PackageVersion", - "documentation":"

    The version of the vulnerable package.

    " } }, "documentation":"

    Information on the vulnerable package identified by a finding.

    " @@ -8657,17 +10564,17 @@ "WeeklySchedule":{ "type":"structure", "required":[ - "days", - "startTime" + "startTime", + "days" ], "members":{ - "days":{ - "shape":"DaysList", - "documentation":"

    The weekly schedule's days.

    " - }, "startTime":{ "shape":"Time", "documentation":"

    The weekly schedule's start time.

    " + }, + "days":{ + "shape":"DaysList", + "documentation":"

    The weekly schedule's days.

    " } }, "documentation":"

    A weekly schedule.

    " diff -pruN 2.23.6-1/awscli/botocore/data/internetmonitor/2021-06-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/internetmonitor/2021-06-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/internetmonitor/2021-06-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/internetmonitor/2021-06-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "InvoiceUnits" + }, + "ListInvoiceSummaries": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "InvoiceSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/service-2.json 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/invoicing/2024-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/invoicing/2024-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,13 +24,14 @@ "input":{"shape":"BatchGetInvoiceProfileRequest"}, "output":{"shape":"BatchGetInvoiceProfileResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], - "documentation":"

    This gets the invoice profile associated with a set of accounts. The accounts must be linked accounts under the requester management account organization.

    " + "documentation":"

    This gets the invoice profile associated with a set of accounts. The accounts must be linked accounts under the requester management account organization.

    ", + "readonly":true }, "CreateInvoiceUnit":{ "name":"CreateInvoiceUnit", @@ -41,10 +42,10 @@ "input":{"shape":"CreateInvoiceUnitRequest"}, "output":{"shape":"CreateInvoiceUnitResponse"}, "errors":[ - {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"} + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    This creates a new invoice unit with the provided definition.

    " }, @@ -57,14 +58,32 @@ "input":{"shape":"DeleteInvoiceUnitRequest"}, "output":{"shape":"DeleteInvoiceUnitResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    This deletes an invoice unit with the provided invoice unit ARN.

    " }, + "GetInvoicePDF":{ + "name":"GetInvoicePDF", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetInvoicePDFRequest"}, + "output":{"shape":"GetInvoicePDFResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Returns a URL to download the invoice document and supplemental documents associated with an invoice. The URLs are pre-signed and have expiration time. For special cases like Brazil, where Amazon Web Services generated invoice identifiers and government provided identifiers do not match, use the Amazon Web Services generated invoice identifier when making API requests. To grant IAM permission to use this operation, the caller needs the invoicing:GetInvoicePDF policy action.

    ", + "readonly":true + }, "GetInvoiceUnit":{ "name":"GetInvoiceUnit", "http":{ @@ -74,13 +93,31 @@ "input":{"shape":"GetInvoiceUnitRequest"}, "output":{"shape":"GetInvoiceUnitResponse"}, "errors":[ - {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    This retrieves the invoice unit definition.

    ", + "readonly":true + }, + "ListInvoiceSummaries":{ + "name":"ListInvoiceSummaries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListInvoiceSummariesRequest"}, + "output":{"shape":"ListInvoiceSummariesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], - "documentation":"

    This retrieves the invoice unit definition.

    " + "documentation":"

    Retrieves your invoice details programmatically, without line item details.

    " }, "ListInvoiceUnits":{ "name":"ListInvoiceUnits", @@ -91,12 +128,13 @@ "input":{"shape":"ListInvoiceUnitsRequest"}, "output":{"shape":"ListInvoiceUnitsResponse"}, "errors":[ - {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"} + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], - "documentation":"

    This fetches a list of all invoice unit definitions for a given account, as of the provided AsOf date.

    " + "documentation":"

    This fetches a list of all invoice unit definitions for a given account, as of the provided AsOf date.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -107,13 +145,14 @@ "input":{"shape":"ListTagsForResourceRequest"}, "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], - "documentation":"

    Lists the tags for a resource.

    " + "documentation":"

    Lists the tags for a resource.

    ", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -124,12 +163,12 @@ "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Adds a tag to a resource.

    " }, @@ -142,11 +181,11 @@ "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    Removes a tag from a resource.

    " }, @@ -159,11 +198,11 @@ "input":{"shape":"UpdateInvoiceUnitRequest"}, "output":{"shape":"UpdateInvoiceUnitResponse"}, "errors":[ - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} ], "documentation":"

    You can update the invoice unit configuration at any time, and Amazon Web Services will use the latest configuration at the end of the month.

    " } @@ -191,11 +230,39 @@ "type":"string", "pattern":"\\d{12}" }, + "AmountBreakdown":{ + "type":"structure", + "members":{ + "SubTotalAmount":{ + "shape":"BasicString", + "documentation":"

    The total of a set of the breakdown.

    " + }, + "Discounts":{ + "shape":"DiscountsBreakdown", + "documentation":"

    The discounted amount.

    " + }, + "Taxes":{ + "shape":"TaxesBreakdown", + "documentation":"

    The tax amount.

    " + }, + "Fees":{ + "shape":"FeesBreakdown", + "documentation":"

    The fee amount.

    " + } + }, + "documentation":"

    Details about how the total amount was calculated and categorized.

    " + }, "AsOfTimestamp":{"type":"timestamp"}, "BasicString":{ "type":"string", "max":1024, "min":0, + "pattern":"[\\s\\S]*" + }, + "BasicStringWithoutSpace":{ + "type":"string", + "max":1024, + "min":0, "pattern":"\\S+" }, "BatchGetInvoiceProfileRequest":{ @@ -217,6 +284,24 @@ } } }, + "BillingPeriod":{ + "type":"structure", + "required":[ + "Month", + "Year" + ], + "members":{ + "Month":{ + "shape":"Month", + "documentation":"

    The billing period month.

    " + }, + "Year":{ + "shape":"Year", + "documentation":"

    The billing period year.

    " + } + }, + "documentation":"

    The billing period for which you want to retrieve invoice-related documents.

    " + }, "CreateInvoiceUnitRequest":{ "type":"structure", "required":[ @@ -260,6 +345,47 @@ } } }, + "CurrencyCode":{ + "type":"string", + "max":3, + "min":3 + }, + "CurrencyExchangeDetails":{ + "type":"structure", + "members":{ + "SourceCurrencyCode":{ + "shape":"BasicString", + "documentation":"

    The exchange source currency.

    " + }, + "TargetCurrencyCode":{ + "shape":"BasicString", + "documentation":"

    The exchange target currency.

    " + }, + "Rate":{ + "shape":"BasicString", + "documentation":"

    The currency exchange rate.

    " + } + }, + "documentation":"

    The details of currency exchange.

    " + }, + "DateInterval":{ + "type":"structure", + "required":[ + "StartDate", + "EndDate" + ], + "members":{ + "StartDate":{ + "shape":"Timestamp", + "documentation":"

    The beginning of the time period that you want invoice-related documents for. The start date is inclusive. For example, if start is 2019-01-01, AWS retrieves invoices starting at 2019-01-01 up to the end date.

    " + }, + "EndDate":{ + "shape":"Timestamp", + "documentation":"

    The end of the time period that you want invoice-related documents for. The end date is exclusive. For example, if end is 2019-01-10, Amazon Web Services retrieves invoice-related documents from the start date up to, but not including, 2018-01-10.

    " + } + }, + "documentation":"

    The time period that you want invoice-related documents for.

    " + }, "DeleteInvoiceUnitRequest":{ "type":"structure", "required":["InvoiceUnitArn"], @@ -285,6 +411,88 @@ "min":0, "pattern":"[\\S\\s]*" }, + "DiscountsBreakdown":{ + "type":"structure", + "members":{ + "Breakdown":{ + "shape":"DiscountsBreakdownAmountList", + "documentation":"

    The list of discounts information.

    " + }, + "TotalAmount":{ + "shape":"BasicString", + "documentation":"

    The discount's total amount.

    " + } + }, + "documentation":"

    The discounts details.

    " + }, + "DiscountsBreakdownAmount":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"BasicString", + "documentation":"

    The list of discounts information.

    " + }, + "Amount":{ + "shape":"BasicString", + "documentation":"

    The discounted amount.

    " + }, + "Rate":{ + "shape":"BasicString", + "documentation":"

    The details for the discount rate..

    " + } + }, + "documentation":"

    The discounted amount.

    " + }, + "DiscountsBreakdownAmountList":{ + "type":"list", + "member":{"shape":"DiscountsBreakdownAmount"} + }, + "Entity":{ + "type":"structure", + "members":{ + "InvoicingEntity":{ + "shape":"BasicString", + "documentation":"

    The name of the entity that issues the Amazon Web Services invoice.

    " + } + }, + "documentation":"

    The organization name providing Amazon Web Services services.

    " + }, + "FeesBreakdown":{ + "type":"structure", + "members":{ + "Breakdown":{ + "shape":"FeesBreakdownAmountList", + "documentation":"

    The list of fees information.

    " + }, + "TotalAmount":{ + "shape":"BasicString", + "documentation":"

    The total amount of fees.

    " + } + }, + "documentation":"

    The details of fees.

    " + }, + "FeesBreakdownAmount":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"BasicString", + "documentation":"

    The list of fees information.

    " + }, + "Amount":{ + "shape":"BasicString", + "documentation":"

    The fee amount.

    " + }, + "Rate":{ + "shape":"BasicString", + "documentation":"

    Details about the rate amount.

    " + } + }, + "documentation":"

    The fee amount.

    " + }, + "FeesBreakdownAmountList":{ + "type":"list", + "member":{"shape":"FeesBreakdownAmount"} + }, "Filters":{ "type":"structure", "members":{ @@ -303,6 +511,25 @@ }, "documentation":"

    An optional input to the list API. If multiple filters are specified, the returned list will be a configuration that match all of the provided filters. Supported filter types are InvoiceReceivers, Names, and Accounts.

    " }, + "GetInvoicePDFRequest":{ + "type":"structure", + "required":["InvoiceId"], + "members":{ + "InvoiceId":{ + "shape":"StringWithoutNewLine", + "documentation":"

    Your unique invoice ID.

    " + } + } + }, + "GetInvoicePDFResponse":{ + "type":"structure", + "members":{ + "InvoicePDF":{ + "shape":"InvoicePDF", + "documentation":"

    The invoice document and supplemental documents associated with the invoice.

    " + } + } + }, "GetInvoiceUnitRequest":{ "type":"structure", "required":["InvoiceUnitArn"], @@ -365,6 +592,54 @@ "exception":true, "fault":true }, + "InvoiceCurrencyAmount":{ + "type":"structure", + "members":{ + "TotalAmount":{ + "shape":"BasicString", + "documentation":"

    The invoice currency amount.

    " + }, + "TotalAmountBeforeTax":{ + "shape":"BasicString", + "documentation":"

    Details about the invoice total amount before tax.

    " + }, + "CurrencyCode":{ + "shape":"CurrencyCode", + "documentation":"

    The currency dominion of the invoice document.

    " + }, + "AmountBreakdown":{ + "shape":"AmountBreakdown", + "documentation":"

    Details about the invoice currency amount.

    " + }, + "CurrencyExchangeDetails":{ + "shape":"CurrencyExchangeDetails", + "documentation":"

    The details of currency exchange.

    " + } + }, + "documentation":"

    The amount charged after taxes, in the preferred currency.

    " + }, + "InvoicePDF":{ + "type":"structure", + "members":{ + "InvoiceId":{ + "shape":"StringWithoutNewLine", + "documentation":"

    Your unique invoice ID.

    " + }, + "DocumentUrl":{ + "shape":"StringWithoutNewLine", + "documentation":"

    The pre-signed URL to download the invoice document.

    " + }, + "DocumentUrlExpirationDate":{ + "shape":"Timestamp", + "documentation":"

    The pre-signed URL expiration date of the invoice document.

    " + }, + "SupplementalDocuments":{ + "shape":"SupplementalDocuments", + "documentation":"

    List of supplemental documents associated with the invoice.

    " + } + }, + "documentation":"

    Invoice document data.

    " + }, "InvoiceProfile":{ "type":"structure", "members":{ @@ -373,7 +648,7 @@ "documentation":"

    The account ID the invoice profile is generated for.

    " }, "ReceiverName":{ - "shape":"BasicString", + "shape":"BasicStringWithoutSpace", "documentation":"

    The name of the person receiving the invoice profile.

    " }, "ReceiverAddress":{ @@ -381,20 +656,127 @@ "documentation":"

    The address of the receiver that will be printed on the invoice.

    " }, "ReceiverEmail":{ - "shape":"SensitiveBasicString", + "shape":"SensitiveBasicStringWithoutSpace", "documentation":"

    The email address for the invoice profile receiver.

    " }, "Issuer":{ - "shape":"BasicString", + "shape":"BasicStringWithoutSpace", "documentation":"

    This specifies the issuing entity of the invoice.

    " }, "TaxRegistrationNumber":{ - "shape":"SensitiveBasicString", + "shape":"SensitiveBasicStringWithoutSpace", "documentation":"

    Your Tax Registration Number (TRN) information.

    " } }, "documentation":"

    Contains high-level information about the invoice receiver.

    " }, + "InvoiceSummaries":{ + "type":"list", + "member":{"shape":"InvoiceSummary"} + }, + "InvoiceSummariesFilter":{ + "type":"structure", + "members":{ + "TimeInterval":{ + "shape":"DateInterval", + "documentation":"

    The date range for invoice summary retrieval.

    " + }, + "BillingPeriod":{ + "shape":"BillingPeriod", + "documentation":"

    The billing period associated with the invoice documents.

    " + }, + "InvoicingEntity":{ + "shape":"BasicString", + "documentation":"

    The name of the entity that issues the Amazon Web Services invoice.

    " + } + }, + "documentation":"

    Filters for your invoice summaries.

    " + }, + "InvoiceSummariesMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "InvoiceSummariesSelector":{ + "type":"structure", + "required":[ + "ResourceType", + "Value" + ], + "members":{ + "ResourceType":{ + "shape":"ListInvoiceSummariesResourceType", + "documentation":"

    The query identifier type (INVOICE_ID or ACCOUNT_ID).

    " + }, + "Value":{ + "shape":"StringWithoutNewLine", + "documentation":"

    The value of the query identifier.

    " + } + }, + "documentation":"

    Specifies the invoice summary.

    " + }, + "InvoiceSummary":{ + "type":"structure", + "members":{ + "AccountId":{ + "shape":"AccountIdString", + "documentation":"

    The Amazon Web Services account ID.

    " + }, + "InvoiceId":{ + "shape":"BasicString", + "documentation":"

    The invoice ID.

    " + }, + "IssuedDate":{ + "shape":"Timestamp", + "documentation":"

    The issued date of the invoice.

    " + }, + "DueDate":{ + "shape":"Timestamp", + "documentation":"

    The invoice due date.

    " + }, + "Entity":{ + "shape":"Entity", + "documentation":"

    The organization name providing Amazon Web Services services.

    " + }, + "BillingPeriod":{ + "shape":"BillingPeriod", + "documentation":"

    The billing period of the invoice-related document.

    " + }, + "InvoiceType":{ + "shape":"InvoiceType", + "documentation":"

    The type of invoice.

    " + }, + "OriginalInvoiceId":{ + "shape":"BasicString", + "documentation":"

    The initial or original invoice ID.

    " + }, + "PurchaseOrderNumber":{ + "shape":"BasicString", + "documentation":"

    The purchase order number associated to the invoice.

    " + }, + "BaseCurrencyAmount":{ + "shape":"InvoiceCurrencyAmount", + "documentation":"

    The summary with the product and service currency.

    " + }, + "TaxCurrencyAmount":{ + "shape":"InvoiceCurrencyAmount", + "documentation":"

    The summary with the tax currency.

    " + }, + "PaymentCurrencyAmount":{ + "shape":"InvoiceCurrencyAmount", + "documentation":"

    The summary with the customer configured currency.

    " + } + }, + "documentation":"

    The invoice that the API retrieved.

    " + }, + "InvoiceType":{ + "type":"string", + "enum":[ + "INVOICE", + "CREDIT_MEMO" + ] + }, "InvoiceUnit":{ "type":"structure", "members":{ @@ -461,6 +843,49 @@ "member":{"shape":"InvoiceUnit"} }, "LastModifiedTimestamp":{"type":"timestamp"}, + "ListInvoiceSummariesRequest":{ + "type":"structure", + "required":["Selector"], + "members":{ + "Selector":{ + "shape":"InvoiceSummariesSelector", + "documentation":"

    The option to retrieve details for a specific invoice by providing its unique ID. Alternatively, access information for all invoices linked to the account by providing an account ID.

    " + }, + "Filter":{ + "shape":"InvoiceSummariesFilter", + "documentation":"

    Filters you can use to customize your invoice summary.

    " + }, + "NextToken":{ + "shape":"NextTokenString", + "documentation":"

    The token to retrieve the next set of results. Amazon Web Services provides the token when the response from a previous call has more results than the maximum page size.

    " + }, + "MaxResults":{ + "shape":"InvoiceSummariesMaxResults", + "documentation":"

    The maximum number of invoice summaries a paginated response can contain.

    " + } + } + }, + "ListInvoiceSummariesResourceType":{ + "type":"string", + "enum":[ + "ACCOUNT_ID", + "INVOICE_ID" + ] + }, + "ListInvoiceSummariesResponse":{ + "type":"structure", + "required":["InvoiceSummaries"], + "members":{ + "InvoiceSummaries":{ + "shape":"InvoiceSummaries", + "documentation":"

    List of key (summary level) invoice details without line item details.

    " + }, + "NextToken":{ + "shape":"NextTokenString", + "documentation":"

    The token to retrieve the next set of results. Amazon Web Services provides the token when the response from a previous call has more results than the maximum page size.

    " + } + } + }, "ListInvoiceUnitsRequest":{ "type":"structure", "members":{ @@ -520,9 +945,14 @@ "max":500, "min":1 }, + "Month":{ + "type":"integer", + "box":true, + "max":12, + "min":1 + }, "NextTokenString":{ "type":"string", - "max":2048, "min":1, "pattern":"[\\S\\s]*" }, @@ -625,7 +1055,7 @@ "max":256, "min":0 }, - "SensitiveBasicString":{ + "SensitiveBasicStringWithoutSpace":{ "type":"string", "max":1024, "min":0, @@ -641,6 +1071,30 @@ "documentation":"

    The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.

    ", "exception":true }, + "StringWithoutNewLine":{ + "type":"string", + "max":1024, + "min":0, + "pattern":".*" + }, + "SupplementalDocument":{ + "type":"structure", + "members":{ + "DocumentUrl":{ + "shape":"StringWithoutNewLine", + "documentation":"

    The pre-signed URL to download invoice supplemental document.

    " + }, + "DocumentUrlExpirationDate":{ + "shape":"Timestamp", + "documentation":"

    The pre-signed URL expiration date of invoice supplemental document.

    " + } + }, + "documentation":"

    Supplemental document associated with the invoice.

    " + }, + "SupplementalDocuments":{ + "type":"list", + "member":{"shape":"SupplementalDocument"} + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -660,16 +1114,51 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagrisArn":{ "type":"string", "max":2048, "min":20, - "pattern":"arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+" + "pattern":"arn:aws[-a-z0-9]*:(invoicing)::[0-9]{12}:[-a-zA-Z0-9/:_]+" }, "TaxInheritanceDisabledFlag":{"type":"boolean"}, + "TaxesBreakdown":{ + "type":"structure", + "members":{ + "Breakdown":{ + "shape":"TaxesBreakdownAmountList", + "documentation":"

    A list of tax information.

    " + }, + "TotalAmount":{ + "shape":"BasicString", + "documentation":"

    The total amount for your taxes.

    " + } + }, + "documentation":"

    The details of the taxes.

    " + }, + "TaxesBreakdownAmount":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"BasicString", + "documentation":"

    The details of the taxes.

    " + }, + "Amount":{ + "shape":"BasicString", + "documentation":"

    The tax amount.

    " + }, + "Rate":{ + "shape":"BasicString", + "documentation":"

    The details of the tax rate.

    " + } + }, + "documentation":"

    The tax amount.

    " + }, + "TaxesBreakdownAmountList":{ + "type":"list", + "member":{"shape":"TaxesBreakdownAmount"} + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -678,6 +1167,7 @@ "documentation":"

    The request was denied due to request throttling.

    ", "exception":true }, + "Timestamp":{"type":"timestamp"}, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -697,8 +1187,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateInvoiceUnitRequest":{ "type":"structure", @@ -792,6 +1281,12 @@ "unknownOperation", "other" ] + }, + "Year":{ + "type":"integer", + "box":true, + "max":2050, + "min":2005 } }, "documentation":"

    Amazon Web Services Invoice Configuration

    You can use Amazon Web Services Invoice Configuration APIs to programmatically create, update, delete, get, and list invoice units. You can also programmatically fetch the information of the invoice receiver. For example, business legal name, address, and invoicing contacts.

    You can use Amazon Web Services Invoice Configuration to receive separate Amazon Web Services invoices based your organizational needs. By using Amazon Web Services Invoice Configuration, you can configure invoice units that are groups of Amazon Web Services accounts that represent your business entities, and receive separate invoices for each business entity. You can also assign a unique member or payer account as the invoice receiver for each invoice unit. As you create new accounts within your Organizations using Amazon Web Services Invoice Configuration APIs, you can automate the creation of new invoice units and subsequently automate the addition of new accounts to your invoice units.

    Service endpoint

    You can use the following endpoints for Amazon Web Services Invoice Configuration:

    • https://invoicing.us-east-1.api.aws

    " diff -pruN 2.23.6-1/awscli/botocore/data/iot/2015-05-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iot/2015-05-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iot/2015-05-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot/2015-05-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iot/2015-05-28/service-2.json 2.31.35-1/awscli/botocore/data/iot/2015-05-28/service-2.json --- 2.23.6-1/awscli/botocore/data/iot/2015-05-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot/2015-05-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -869,7 +869,8 @@ {"shape":"InvalidRequestException"}, {"shape":"ResourceAlreadyExistsException"}, {"shape":"ServiceUnavailableException"}, - {"shape":"ConflictingResourceUpdateException"} + {"shape":"ConflictingResourceUpdateException"}, + {"shape":"UnauthorizedException"} ], "documentation":"

    Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.

    Requires permission to access the CreateTopicRule action.

    " }, @@ -886,7 +887,8 @@ {"shape":"InvalidRequestException"}, {"shape":"ResourceAlreadyExistsException"}, {"shape":"ServiceUnavailableException"}, - {"shape":"ConflictingResourceUpdateException"} + {"shape":"ConflictingResourceUpdateException"}, + {"shape":"UnauthorizedException"} ], "documentation":"

    Creates a topic rule destination. The destination must be confirmed prior to use.

    Requires permission to access the CreateTopicRuleDestination action.

    " }, @@ -1771,6 +1773,23 @@ ], "documentation":"

    Gets summary information about a domain configuration.

    Requires permission to access the DescribeDomainConfiguration action.

    " }, + "DescribeEncryptionConfiguration":{ + "name":"DescribeEncryptionConfiguration", + "http":{ + "method":"GET", + "requestUri":"/encryption-configuration" + }, + "input":{"shape":"DescribeEncryptionConfigurationRequest"}, + "output":{"shape":"DescribeEncryptionConfigurationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see Key management in IoT from the Amazon Web Services IoT Core Developer Guide.

    " + }, "DescribeEndpoint":{ "name":"DescribeEndpoint", "http":{ @@ -3622,7 +3641,8 @@ "errors":[ {"shape":"InternalException"}, {"shape":"InvalidRequestException"}, - {"shape":"ServiceUnavailableException"} + {"shape":"ServiceUnavailableException"}, + {"shape":"UnauthorizedException"} ], "documentation":"

    Lists the rules for the specific topic.

    Requires permission to access the ListTopicRules action.

    " }, @@ -4077,7 +4097,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Transfers the specified certificate to the specified Amazon Web Services account.

    Requires permission to access the TransferCertificate action.

    You can cancel the transfer until it is acknowledged by the recipient.

    No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target.

    The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate action to deactivate it.

    The certificate must not have any policies attached to it. You can use the DetachPolicy action to detach them.

    " + "documentation":"

    Transfers the specified certificate to the specified Amazon Web Services account.

    Requires permission to access the TransferCertificate action.

    You can cancel the transfer until it is acknowledged by the recipient.

    No notification is sent to the transfer destination's account. It's up to the caller to notify the transfer target.

    The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate action to deactivate it.

    The certificate must not have any policies attached to it. You can use the DetachPolicy action to detach them.

    Customer managed key behavior: When you use a customer managed key to secure your data and then transfer the key to a customer in a different account using the TransferCertificate operation, the certificates will no longer be protected by their customer managed key configuration. During the transfer process, certificates are encrypted using IoT owned keys.

    While a certificate is in the PENDING_TRANSFER state, it's always protected by IoT owned keys, regardless of the customer managed key configuration of either the source or destination account.

    Once the transfer is completed through AcceptCertificateTransfer, RejectCertificateTransfer, or CancelCertificateTransfer, the certificate will be protected by the customer managed key configuration of the account that owns the certificate after the transfer operation:

    • If the transfer is accepted: The certificate is protected by the destination account's customer managed key configuration.

    • If the transfer is rejected or cancelled: The certificate is protected by the source account's customer managed key configuration.

    " }, "UntagResource":{ "name":"UntagResource", @@ -4301,6 +4321,23 @@ ], "documentation":"

    Updates a dynamic thing group.

    Requires permission to access the UpdateDynamicThingGroup action.

    " }, + "UpdateEncryptionConfiguration":{ + "name":"UpdateEncryptionConfiguration", + "http":{ + "method":"PATCH", + "requestUri":"/encryption-configuration" + }, + "input":{"shape":"UpdateEncryptionConfigurationRequest"}, + "output":{"shape":"UpdateEncryptionConfigurationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Updates the encryption configuration. By default, all Amazon Web Services IoT Core data at rest is encrypted using Amazon Web Services owned keys. Amazon Web Services IoT Core also supports symmetric customer managed keys from Amazon Web Services Key Management Service (KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon Web Services account. For more information, see Data encryption in the Amazon Web Services IoT Core Developer Guide.

    " + }, "UpdateEventConfigurations":{ "name":"UpdateEventConfigurations", "http":{ @@ -4895,8 +4932,7 @@ }, "AddThingToBillingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AddThingToThingGroupRequest":{ "type":"structure", @@ -4925,8 +4961,7 @@ }, "AddThingToThingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AddThingsToThingGroupParams":{ "type":"structure", @@ -5286,8 +5321,7 @@ }, "AttachSecurityProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachThingPrincipalRequest":{ "type":"structure", @@ -5319,8 +5353,7 @@ }, "AttachThingPrincipalResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output from the AttachThingPrincipal operation.

    " }, "AttributeKey":{"type":"string"}, @@ -5364,6 +5397,10 @@ "enabled":{ "shape":"Enabled", "documentation":"

    True if this audit check is enabled for this account.

    " + }, + "configuration":{ + "shape":"CheckCustomConfiguration", + "documentation":"

    A structure containing the configName and corresponding configValue for configuring audit checks.

    " } }, "documentation":"

    Which audit checks are enabled and disabled for this account.

    " @@ -6370,8 +6407,7 @@ }, "CancelAuditMitigationActionsTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelAuditTaskRequest":{ "type":"structure", @@ -6387,8 +6423,7 @@ }, "CancelAuditTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelCertificateTransferRequest":{ "type":"structure", @@ -6417,8 +6452,7 @@ }, "CancelDetectMitigationActionsTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelJobExecutionRequest":{ "type":"structure", @@ -6741,6 +6775,11 @@ }, "ChannelName":{"type":"string"}, "CheckCompliant":{"type":"boolean"}, + "CheckCustomConfiguration":{ + "type":"map", + "key":{"shape":"ConfigName"}, + "value":{"shape":"ConfigValue"} + }, "Cidr":{ "type":"string", "max":43, @@ -6753,13 +6792,11 @@ }, "ClearDefaultAuthorizerRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ClearDefaultAuthorizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ClientCertificateCallbackArn":{ "type":"string", @@ -7199,6 +7236,18 @@ "HIGH" ] }, + "ConfigName":{ + "type":"string", + "enum":[ + "CERT_AGE_THRESHOLD_IN_DAYS", + "CERT_EXPIRATION_THRESHOLD_IN_DAYS" + ] + }, + "ConfigValue":{ + "type":"string", + "max":64, + "min":1 + }, "Configuration":{ "type":"structure", "members":{ @@ -7209,6 +7258,31 @@ }, "documentation":"

    Configuration.

    " }, + "ConfigurationDetails":{ + "type":"structure", + "members":{ + "configurationStatus":{ + "shape":"ConfigurationStatus", + "documentation":"

    The health status of KMS key and KMS access role. If either KMS key or KMS access role is UNHEALTHY, the return value will be UNHEALTHY. To use a customer-managed KMS key, the value of configurationStatus must be HEALTHY.

    " + }, + "errorCode":{ + "shape":"ErrorCode", + "documentation":"

    The error code that indicates either the KMS key or the KMS access role is UNHEALTHY. Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR.

    " + }, + "errorMessage":{ + "shape":"ErrorMessage", + "documentation":"

    The detailed error message that corresponds to the errorCode.

    " + } + }, + "documentation":"

    The encryption configuration details that include the status information of the Amazon Web Services Key Management Service (KMS) key and the KMS access role.

    " + }, + "ConfigurationStatus":{ + "type":"string", + "enum":[ + "HEALTHY", + "UNHEALTHY" + ] + }, "ConfirmTopicRuleDestinationRequest":{ "type":"structure", "required":["confirmationToken"], @@ -7223,8 +7297,7 @@ }, "ConfirmTopicRuleDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ConfirmationToken":{ "type":"string", @@ -7321,8 +7394,7 @@ }, "CreateAuditSuppressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateAuthorizerRequest":{ "type":"structure", @@ -8976,8 +9048,7 @@ }, "DeleteAccountAuditConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAdditionalMetricsToRetain":{"type":"boolean"}, "DeleteAlertTargets":{"type":"boolean"}, @@ -8994,8 +9065,7 @@ }, "DeleteAuditSuppressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAuthorizerRequest":{ "type":"structure", @@ -9011,8 +9081,7 @@ }, "DeleteAuthorizerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteBehaviors":{"type":"boolean"}, "DeleteBillingGroupRequest":{ @@ -9035,8 +9104,7 @@ }, "DeleteBillingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCACertificateRequest":{ "type":"structure", @@ -9053,8 +9121,7 @@ }, "DeleteCACertificateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output for the DeleteCACertificate operation.

    " }, "DeleteCertificateProviderRequest":{ @@ -9071,8 +9138,7 @@ }, "DeleteCertificateProviderResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCertificateRequest":{ "type":"structure", @@ -9116,8 +9182,7 @@ }, "DeleteCommandExecutionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCommandRequest":{ "type":"structure", @@ -9167,8 +9232,7 @@ }, "DeleteCustomMetricResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDimensionRequest":{ "type":"structure", @@ -9184,8 +9248,7 @@ }, "DeleteDimensionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDomainConfigurationRequest":{ "type":"structure", @@ -9201,8 +9264,7 @@ }, "DeleteDomainConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDynamicThingGroupRequest":{ "type":"structure", @@ -9224,8 +9286,7 @@ }, "DeleteDynamicThingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFleetMetricRequest":{ "type":"structure", @@ -9336,8 +9397,7 @@ }, "DeleteMitigationActionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOTAUpdateRequest":{ "type":"structure", @@ -9365,8 +9425,7 @@ }, "DeleteOTAUpdateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePackageRequest":{ "type":"structure", @@ -9389,8 +9448,7 @@ }, "DeletePackageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePackageVersionRequest":{ "type":"structure", @@ -9422,8 +9480,7 @@ }, "DeletePackageVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePolicyRequest":{ "type":"structure", @@ -9474,8 +9531,7 @@ }, "DeleteProvisioningTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProvisioningTemplateVersionRequest":{ "type":"structure", @@ -9500,19 +9556,16 @@ }, "DeleteProvisioningTemplateVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRegistrationCodeRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The input for the DeleteRegistrationCode operation.

    " }, "DeleteRegistrationCodeResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output for the DeleteRegistrationCode operation.

    " }, "DeleteRoleAliasRequest":{ @@ -9529,8 +9582,7 @@ }, "DeleteRoleAliasResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScheduledAuditRequest":{ "type":"structure", @@ -9546,8 +9598,7 @@ }, "DeleteScheduledAuditResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScheduledAudits":{"type":"boolean"}, "DeleteSecurityProfileRequest":{ @@ -9570,8 +9621,7 @@ }, "DeleteSecurityProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStream":{"type":"boolean"}, "DeleteStreamRequest":{ @@ -9588,8 +9638,7 @@ }, "DeleteStreamResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteThingGroupRequest":{ "type":"structure", @@ -9611,8 +9660,7 @@ }, "DeleteThingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteThingRequest":{ "type":"structure", @@ -9635,8 +9683,7 @@ }, "DeleteThingResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output of the DeleteThing operation.

    " }, "DeleteThingTypeRequest":{ @@ -9654,8 +9701,7 @@ }, "DeleteThingTypeResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output for the DeleteThingType operation.

    " }, "DeleteTopicRuleDestinationRequest":{ @@ -9672,8 +9718,7 @@ }, "DeleteTopicRuleDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTopicRuleRequest":{ "type":"structure", @@ -9743,16 +9788,14 @@ }, "DeprecateThingTypeResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output for the DeprecateThingType operation.

    " }, "DeprecationDate":{"type":"timestamp"}, "DeprecationFlag":{"type":"boolean"}, "DescribeAccountAuditConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountAuditConfigurationResponse":{ "type":"structure", @@ -10101,8 +10144,7 @@ }, "DescribeDefaultAuthorizerRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDefaultAuthorizerResponse":{ "type":"structure", @@ -10248,6 +10290,35 @@ } } }, + "DescribeEncryptionConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "DescribeEncryptionConfigurationResponse":{ + "type":"structure", + "members":{ + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

    The type of the Amazon Web Services Key Management Service (KMS) key.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

    " + }, + "kmsAccessRoleArn":{ + "shape":"KmsAccessRoleArn", + "documentation":"

    The ARN of the customer-managed KMS key.

    " + }, + "configurationDetails":{ + "shape":"ConfigurationDetails", + "documentation":"

    The encryption configuration details that include the status information of the KMS key and the KMS access role.

    " + }, + "lastModifiedDate":{ + "shape":"DateType", + "documentation":"

    The date when encryption configuration is last updated.

    " + } + } + }, "DescribeEndpointRequest":{ "type":"structure", "members":{ @@ -10272,8 +10343,7 @@ }, "DescribeEventConfigurationsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEventConfigurationsResponse":{ "type":"structure", @@ -11154,8 +11224,7 @@ }, "DetachSecurityProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachThingPrincipalRequest":{ "type":"structure", @@ -11181,8 +11250,7 @@ }, "DetachThingPrincipalResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output from the DetachThingPrincipal operation.

    " }, "DetailsKey":{ @@ -11451,8 +11519,7 @@ }, "DisassociateSbomFromPackageVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisconnectReason":{"type":"string"}, "DisconnectReasonValue":{ @@ -11752,6 +11819,13 @@ "type":"boolean", "box":true }, + "EncryptionType":{ + "type":"string", + "enum":[ + "CUSTOMER_MANAGED_KMS_KEY", + "AWS_OWNED_KMS_KEY" + ] + }, "EndpointAddress":{"type":"string"}, "EndpointType":{ "type":"string", @@ -12336,8 +12410,7 @@ }, "GetIndexingConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetIndexingConfigurationResponse":{ "type":"structure", @@ -12381,8 +12454,7 @@ }, "GetLoggingOptionsRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The input for the GetLoggingOptions operation.

    " }, "GetLoggingOptionsResponse":{ @@ -12422,8 +12494,7 @@ }, "GetPackageConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetPackageConfigurationResponse":{ "type":"structure", @@ -12697,8 +12768,7 @@ }, "GetRegistrationCodeRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The input to the GetRegistrationCode operation.

    " }, "GetRegistrationCodeResponse":{ @@ -12825,8 +12895,7 @@ }, "GetV2LoggingOptionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetV2LoggingOptionsResponse":{ "type":"structure", @@ -13826,6 +13895,14 @@ }, "documentation":"

    Describes an action to write data to an Amazon Kinesis stream.

    " }, + "KmsAccessRoleArn":{ + "type":"string", + "max":2048 + }, + "KmsKeyArn":{ + "type":"string", + "max":2048 + }, "LambdaAction":{ "type":"structure", "required":["functionArn"], @@ -17582,7 +17659,7 @@ }, "ParameterValue":{ "type":"string", - "max":512, + "max":30720, "min":1, "pattern":"[^\\p{C}]+" }, @@ -17990,8 +18067,7 @@ }, "PutVerificationStateOnViolationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Qos":{ "type":"integer", @@ -18308,8 +18384,7 @@ }, "RemoveThingFromBillingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveThingFromThingGroupRequest":{ "type":"structure", @@ -18334,8 +18409,7 @@ }, "RemoveThingFromThingGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveThingType":{"type":"boolean"}, "RemovedThings":{"type":"integer"}, @@ -19624,8 +19698,7 @@ }, "StopThingRegistrationTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Stream":{ "type":"structure", @@ -19834,8 +19907,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -20972,8 +21044,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccountAuditConfigurationRequest":{ "type":"structure", @@ -20994,8 +21065,7 @@ }, "UpdateAccountAuditConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAuditSuppressionRequest":{ "type":"structure", @@ -21022,8 +21092,7 @@ }, "UpdateAuditSuppressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAuthorizerRequest":{ "type":"structure", @@ -21458,6 +21527,28 @@ } } }, + "UpdateEncryptionConfigurationRequest":{ + "type":"structure", + "required":["encryptionType"], + "members":{ + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

    The type of the Amazon Web Services Key Management Service (KMS) key.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The ARN of the customer-managed KMS key.

    " + }, + "kmsAccessRoleArn":{ + "shape":"KmsAccessRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

    " + } + } + }, + "UpdateEncryptionConfigurationResponse":{ + "type":"structure", + "members":{} + }, "UpdateEventConfigurationsRequest":{ "type":"structure", "members":{ @@ -21469,8 +21560,7 @@ }, "UpdateEventConfigurationsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFleetMetricRequest":{ "type":"structure", @@ -21538,8 +21628,7 @@ }, "UpdateIndexingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateJobRequest":{ "type":"structure", @@ -21634,8 +21723,7 @@ }, "UpdatePackageConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePackageRequest":{ "type":"structure", @@ -21670,8 +21758,7 @@ }, "UpdatePackageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePackageVersionRequest":{ "type":"structure", @@ -21723,8 +21810,7 @@ }, "UpdatePackageVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateProvisioningTemplateRequest":{ "type":"structure", @@ -21764,8 +21850,7 @@ }, "UpdateProvisioningTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRoleAliasRequest":{ "type":"structure", @@ -22048,8 +22133,7 @@ }, "UpdateThingGroupsForThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateThingRequest":{ "type":"structure", @@ -22082,8 +22166,7 @@ }, "UpdateThingResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output from the UpdateThing operation.

    " }, "UpdateThingTypeRequest":{ @@ -22101,8 +22184,7 @@ }, "UpdateThingTypeResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTopicRuleDestinationRequest":{ "type":"structure", @@ -22123,8 +22205,7 @@ }, "UpdateTopicRuleDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/iot-data/2015-05-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iot-data/2015-05-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iot-data/2015-05-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-data/2015-05-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iot-data/2015-05-28/service-2.json 2.31.35-1/awscli/botocore/data/iot-data/2015-05-28/service-2.json --- 2.23.6-1/awscli/botocore/data/iot-data/2015-05-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-data/2015-05-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,22 @@ "auth":["aws.auth#sigv4"] }, "operations":{ + "DeleteConnection":{ + "name":"DeleteConnection", + "http":{ + "method":"DELETE", + "requestUri":"/connections/{clientId}" + }, + "input":{"shape":"DeleteConnectionRequest"}, + "errors":[ + {"shape":"ForbiddenException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Disconnects a connected MQTT client from Amazon Web Services IoT Core. When you disconnect a client, Amazon Web Services IoT Core closes the client's network connection and optionally cleans the session state.

    " + }, "DeleteThingShadow":{ "name":"DeleteThingShadow", "http":{ @@ -50,7 +66,7 @@ {"shape":"InternalFailureException"}, {"shape":"MethodNotAllowedException"} ], - "documentation":"

    Gets the details of a single retained message for the specified topic.

    This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

    Requires permission to access the GetRetainedMessage action.

    For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

    " + "documentation":"

    Gets the details of a single retained message for the specified topic.

    This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

    Requires permission to access the GetRetainedMessage action.

    For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

    " }, "GetThingShadow":{ "name":"GetThingShadow", @@ -107,7 +123,7 @@ {"shape":"InternalFailureException"}, {"shape":"MethodNotAllowedException"} ], - "documentation":"

    Lists summary information about the retained messages stored for the account.

    This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

    To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

    Requires permission to access the ListRetainedMessages action.

    For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

    " + "documentation":"

    Lists summary information about the retained messages stored for the account.

    This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

    To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

    Requires permission to access the ListRetainedMessages action.

    For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

    " }, "Publish":{ "name":"Publish", @@ -148,6 +164,13 @@ } }, "shapes":{ + "CleanSession":{"type":"boolean"}, + "ClientId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[^$].*" + }, "ConflictException":{ "type":"structure", "members":{ @@ -162,6 +185,30 @@ }, "ContentType":{"type":"string"}, "CorrelationData":{"type":"string"}, + "DeleteConnectionRequest":{ + "type":"structure", + "required":["clientId"], + "members":{ + "clientId":{ + "shape":"ClientId", + "documentation":"

    The unique identifier of the MQTT client to disconnect. The client ID can't start with a dollar sign ($).

    ", + "location":"uri", + "locationName":"clientId" + }, + "cleanSession":{ + "shape":"CleanSession", + "documentation":"

    Specifies whether to remove the client's session state when disconnecting. Set to TRUE to delete all session information, including subscriptions and queued messages. Set to FALSE to preserve the session state. By default, this is set to FALSE (preserves the session state).

    ", + "location":"querystring", + "locationName":"cleanSession" + }, + "preventWillMessage":{ + "shape":"PreventWillMessage", + "documentation":"

    Controls if Amazon Web Services IoT Core publishes the client's Last Will and Testament (LWT) message upon disconnection. Set to TRUE to prevent publishing the LWT message. Set to FALSE to allow publishing. By default, this is set to FALSE (allows publishing the LWT message).

    ", + "location":"querystring", + "locationName":"preventWillMessage" + } + } + }, "DeleteThingShadowRequest":{ "type":"structure", "required":["thingName"], @@ -193,6 +240,15 @@ "documentation":"

    The output from the DeleteThingShadow operation.

    ", "payload":"payload" }, + "ForbiddenException":{ + "type":"structure", + "members":{ + "message":{"shape":"errorMessage"} + }, + "documentation":"

    The caller isn't authorized to make the request.

    ", + "error":{"httpStatusCode":403}, + "exception":true + }, "GetRetainedMessageRequest":{ "type":"structure", "required":["topic"], @@ -396,6 +452,7 @@ ] }, "PayloadSize":{"type":"long"}, + "PreventWillMessage":{"type":"boolean"}, "PublishRequest":{ "type":"structure", "required":["topic"], diff -pruN 2.23.6-1/awscli/botocore/data/iot-jobs-data/2017-09-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iot-jobs-data/2017-09-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iot-jobs-data/2017-09-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-jobs-data/2017-09-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://api.iotmanagedintegrations-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://api.iotmanagedintegrations.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/paginators-1.json 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/paginators-1.json --- 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,106 @@ +{ + "pagination": { + "ListCredentialLockers": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListDestinations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "DestinationList" + }, + "ListEventLogConfigurations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "EventLogConfigurationList" + }, + "ListManagedThingSchemas": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListManagedThings": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListNotificationConfigurations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "NotificationConfigurationList" + }, + "ListOtaTaskConfigurations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListOtaTaskExecutions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ExecutionSummaries" + }, + "ListOtaTasks": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Tasks" + }, + "ListProvisioningProfiles": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListSchemaVersions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListAccountAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListCloudConnectors": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListConnectorDestinations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ConnectorDestinationList" + }, + "ListDeviceDiscoveries": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListDiscoveredDevices": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListManagedThingAccountAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/service-2.json 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/service-2.json --- 2.23.6-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iot-managed-integrations/2025-03-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,7386 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2025-03-03", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"api.iotmanagedintegrations", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"Managed integrations for AWS IoT Device Management", + "serviceId":"IoT Managed Integrations", + "signatureVersion":"v4", + "signingName":"iotmanagedintegrations", + "uid":"iot-managed-integrations-2025-03-03" + }, + "operations":{ + "CreateAccountAssociation":{ + "name":"CreateAccountAssociation", + "http":{ + "method":"POST", + "requestUri":"/account-associations", + "responseCode":201 + }, + "input":{"shape":"CreateAccountAssociationRequest"}, + "output":{"shape":"CreateAccountAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a new account association via the destination id.

    " + }, + "CreateCloudConnector":{ + "name":"CreateCloudConnector", + "http":{ + "method":"POST", + "requestUri":"/cloud-connectors", + "responseCode":201 + }, + "input":{"shape":"CreateCloudConnectorRequest"}, + "output":{"shape":"CreateCloudConnectorResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates a C2C (cloud-to-cloud) connector.

    " + }, + "CreateConnectorDestination":{ + "name":"CreateConnectorDestination", + "http":{ + "method":"POST", + "requestUri":"/connector-destinations", + "responseCode":201 + }, + "input":{"shape":"CreateConnectorDestinationRequest"}, + "output":{"shape":"CreateConnectorDestinationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Create a connector destination for connecting a cloud-to-cloud (C2C) connector to the customer's Amazon Web Services account.

    " + }, + "CreateCredentialLocker":{ + "name":"CreateCredentialLocker", + "http":{ + "method":"POST", + "requestUri":"/credential-lockers", + "responseCode":201 + }, + "input":{"shape":"CreateCredentialLockerRequest"}, + "output":{"shape":"CreateCredentialLockerResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Create a credential locker.

    This operation will not trigger the creation of all the manufacturing resources.

    " + }, + "CreateDestination":{ + "name":"CreateDestination", + "http":{ + "method":"POST", + "requestUri":"/destinations", + "responseCode":201 + }, + "input":{"shape":"CreateDestinationRequest"}, + "output":{"shape":"CreateDestinationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Create a notification destination such as Kinesis Data Streams that receive events and notifications from Managed integrations. Managed integrations uses the destination to determine where to deliver notifications.

    " + }, + "CreateEventLogConfiguration":{ + "name":"CreateEventLogConfiguration", + "http":{ + "method":"POST", + "requestUri":"/event-log-configurations", + "responseCode":201 + }, + "input":{"shape":"CreateEventLogConfigurationRequest"}, + "output":{"shape":"CreateEventLogConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Set the event log configuration for the account, resource type, or specific resource.

    " + }, + "CreateManagedThing":{ + "name":"CreateManagedThing", + "http":{ + "method":"POST", + "requestUri":"/managed-things", + "responseCode":201 + }, + "input":{"shape":"CreateManagedThingRequest"}, + "output":{"shape":"CreateManagedThingResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates a managed thing. A managed thing contains the device identifier, protocol supported, and capabilities of the device in a data model format defined by Managed integrations.

    " + }, + "CreateNotificationConfiguration":{ + "name":"CreateNotificationConfiguration", + "http":{ + "method":"POST", + "requestUri":"/notification-configurations", + "responseCode":201 + }, + "input":{"shape":"CreateNotificationConfigurationRequest"}, + "output":{"shape":"CreateNotificationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates a notification configuration. A configuration is a connection between an event type and a destination that you have already created.

    " + }, + "CreateOtaTask":{ + "name":"CreateOtaTask", + "http":{ + "method":"POST", + "requestUri":"/ota-tasks", + "responseCode":201 + }, + "input":{"shape":"CreateOtaTaskRequest"}, + "output":{"shape":"CreateOtaTaskResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Create an over-the-air (OTA) task to target a device.

    " + }, + "CreateOtaTaskConfiguration":{ + "name":"CreateOtaTaskConfiguration", + "http":{ + "method":"POST", + "requestUri":"/ota-task-configurations", + "responseCode":201 + }, + "input":{"shape":"CreateOtaTaskConfigurationRequest"}, + "output":{"shape":"CreateOtaTaskConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Create a configuraiton for the over-the-air (OTA) task.

    " + }, + "CreateProvisioningProfile":{ + "name":"CreateProvisioningProfile", + "http":{ + "method":"POST", + "requestUri":"/provisioning-profiles", + "responseCode":201 + }, + "input":{"shape":"CreateProvisioningProfileRequest"}, + "output":{"shape":"CreateProvisioningProfileResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Create a provisioning profile for a device to execute the provisioning flows using a provisioning template. The provisioning template is a document that defines the set of resources and policies applied to a device during the provisioning process.

    " + }, + "DeleteAccountAssociation":{ + "name":"DeleteAccountAssociation", + "http":{ + "method":"DELETE", + "requestUri":"/account-associations/{AccountAssociationId}", + "responseCode":200 + }, + "input":{"shape":"DeleteAccountAssociationRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Remove a third-party account association for an end user.

    You must first call the DeregisterAccountAssociation to remove the connection between the managed thing and the third-party account before calling the DeleteAccountAssociation API.

    ", + "idempotent":true + }, + "DeleteCloudConnector":{ + "name":"DeleteCloudConnector", + "http":{ + "method":"DELETE", + "requestUri":"/cloud-connectors/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteCloudConnectorRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete a cloud connector.

    ", + "idempotent":true + }, + "DeleteConnectorDestination":{ + "name":"DeleteConnectorDestination", + "http":{ + "method":"DELETE", + "requestUri":"/connector-destinations/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteConnectorDestinationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete a connector destination linked to a cloud-to-cloud (C2C) connector.

    Deletion can't be done if the account association has used this connector destination.

    ", + "idempotent":true + }, + "DeleteCredentialLocker":{ + "name":"DeleteCredentialLocker", + "http":{ + "method":"DELETE", + "requestUri":"/credential-lockers/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteCredentialLockerRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete a credential locker.

    This operation can't be undone and any existing device won't be able to use IoT managed integrations.

    ", + "idempotent":true + }, + "DeleteDestination":{ + "name":"DeleteDestination", + "http":{ + "method":"DELETE", + "requestUri":"/destinations/{Name}", + "responseCode":200 + }, + "input":{"shape":"DeleteDestinationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Deletes a notification destination specified by name.

    ", + "idempotent":true + }, + "DeleteEventLogConfiguration":{ + "name":"DeleteEventLogConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/event-log-configurations/{Id}", + "responseCode":200 + }, + "input":{"shape":"DeleteEventLogConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete an event log configuration.

    ", + "idempotent":true + }, + "DeleteManagedThing":{ + "name":"DeleteManagedThing", + "http":{ + "method":"DELETE", + "requestUri":"/managed-things/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteManagedThingRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete a managed thing. For direct-connected and hub-connected devices connecting with Managed integrations via a controller, all of the devices connected to it will have their status changed to PENDING. It is not possible to remove a cloud-to-cloud device.

    ", + "idempotent":true + }, + "DeleteNotificationConfiguration":{ + "name":"DeleteNotificationConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/notification-configurations/{EventType}", + "responseCode":200 + }, + "input":{"shape":"DeleteNotificationConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Deletes a notification configuration.

    ", + "idempotent":true + }, + "DeleteOtaTask":{ + "name":"DeleteOtaTask", + "http":{ + "method":"DELETE", + "requestUri":"/ota-tasks/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteOtaTaskRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"} + ], + "documentation":"

    Delete the over-the-air (OTA) task.

    ", + "idempotent":true + }, + "DeleteOtaTaskConfiguration":{ + "name":"DeleteOtaTaskConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/ota-task-configurations/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteOtaTaskConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete the over-the-air (OTA) task configuration.

    ", + "idempotent":true + }, + "DeleteProvisioningProfile":{ + "name":"DeleteProvisioningProfile", + "http":{ + "method":"DELETE", + "requestUri":"/provisioning-profiles/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteProvisioningProfileRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Delete a provisioning profile.

    ", + "idempotent":true + }, + "DeregisterAccountAssociation":{ + "name":"DeregisterAccountAssociation", + "http":{ + "method":"PUT", + "requestUri":"/managed-thing-associations/deregister", + "responseCode":200 + }, + "input":{"shape":"DeregisterAccountAssociationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deregister an account association from a managed thing.

    ", + "idempotent":true + }, + "GetAccountAssociation":{ + "name":"GetAccountAssociation", + "http":{ + "method":"GET", + "requestUri":"/account-associations/{AccountAssociationId}", + "responseCode":200 + }, + "input":{"shape":"GetAccountAssociationRequest"}, + "output":{"shape":"GetAccountAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get an account association for an Amazon Web Services account linked to a customer-managed destination.

    " + }, + "GetCloudConnector":{ + "name":"GetCloudConnector", + "http":{ + "method":"GET", + "requestUri":"/cloud-connectors/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetCloudConnectorRequest"}, + "output":{"shape":"GetCloudConnectorResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get configuration details for a cloud connector.

    " + }, + "GetConnectorDestination":{ + "name":"GetConnectorDestination", + "http":{ + "method":"GET", + "requestUri":"/connector-destinations/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetConnectorDestinationRequest"}, + "output":{"shape":"GetConnectorDestinationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get connector destination details linked to a cloud-to-cloud (C2C) connector.

    " + }, + "GetCredentialLocker":{ + "name":"GetCredentialLocker", + "http":{ + "method":"GET", + "requestUri":"/credential-lockers/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetCredentialLockerRequest"}, + "output":{"shape":"GetCredentialLockerResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get information on an existing credential locker

    " + }, + "GetCustomEndpoint":{ + "name":"GetCustomEndpoint", + "http":{ + "method":"GET", + "requestUri":"/custom-endpoint", + "responseCode":200 + }, + "input":{"shape":"GetCustomEndpointRequest"}, + "output":{"shape":"GetCustomEndpointResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the IoT managed integrations custom endpoint.

    " + }, + "GetDefaultEncryptionConfiguration":{ + "name":"GetDefaultEncryptionConfiguration", + "http":{ + "method":"GET", + "requestUri":"/configuration/account/encryption", + "responseCode":200 + }, + "input":{"shape":"GetDefaultEncryptionConfigurationRequest"}, + "output":{"shape":"GetDefaultEncryptionConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about the default encryption configuration for the Amazon Web Services account in the default or specified region. For more information, see Key management in the AWS IoT SiteWise User Guide.

    " + }, + "GetDestination":{ + "name":"GetDestination", + "http":{ + "method":"GET", + "requestUri":"/destinations/{Name}", + "responseCode":200 + }, + "input":{"shape":"GetDestinationRequest"}, + "output":{"shape":"GetDestinationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Gets a destination by name.

    " + }, + "GetDeviceDiscovery":{ + "name":"GetDeviceDiscovery", + "http":{ + "method":"GET", + "requestUri":"/device-discoveries/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetDeviceDiscoveryRequest"}, + "output":{"shape":"GetDeviceDiscoveryResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the current state of a device discovery.

    " + }, + "GetEventLogConfiguration":{ + "name":"GetEventLogConfiguration", + "http":{ + "method":"GET", + "requestUri":"/event-log-configurations/{Id}", + "responseCode":200 + }, + "input":{"shape":"GetEventLogConfigurationRequest"}, + "output":{"shape":"GetEventLogConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get an event log configuration.

    " + }, + "GetHubConfiguration":{ + "name":"GetHubConfiguration", + "http":{ + "method":"GET", + "requestUri":"/hub-configuration", + "responseCode":200 + }, + "input":{"shape":"GetHubConfigurationRequest"}, + "output":{"shape":"GetHubConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get a hub configuration.

    " + }, + "GetManagedThing":{ + "name":"GetManagedThing", + "http":{ + "method":"GET", + "requestUri":"/managed-things/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingRequest"}, + "output":{"shape":"GetManagedThingResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get details of a managed thing including its attributes and capabilities.

    " + }, + "GetManagedThingCapabilities":{ + "name":"GetManagedThingCapabilities", + "http":{ + "method":"GET", + "requestUri":"/managed-things-capabilities/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingCapabilitiesRequest"}, + "output":{"shape":"GetManagedThingCapabilitiesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the capabilities for a managed thing using the device ID.

    " + }, + "GetManagedThingCertificate":{ + "name":"GetManagedThingCertificate", + "http":{ + "method":"GET", + "requestUri":"/managed-things-certificate/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingCertificateRequest"}, + "output":{"shape":"GetManagedThingCertificateResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves the certificate PEM for a managed IoT thing.

    " + }, + "GetManagedThingConnectivityData":{ + "name":"GetManagedThingConnectivityData", + "http":{ + "method":"POST", + "requestUri":"/managed-things-connectivity-data/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingConnectivityDataRequest"}, + "output":{"shape":"GetManagedThingConnectivityDataResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the connectivity status of a managed thing.

    " + }, + "GetManagedThingMetaData":{ + "name":"GetManagedThingMetaData", + "http":{ + "method":"GET", + "requestUri":"/managed-things-metadata/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingMetaDataRequest"}, + "output":{"shape":"GetManagedThingMetaDataResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the metadata information for a managed thing.

    The managedThing metadata parameter is used for associating attributes with a managedThing that can be used for grouping over-the-air (OTA) tasks. Name value pairs in metadata can be used in the OtaTargetQueryString parameter for the CreateOtaTask API operation.

    " + }, + "GetManagedThingState":{ + "name":"GetManagedThingState", + "http":{ + "method":"GET", + "requestUri":"/managed-thing-states/{ManagedThingId}", + "responseCode":200 + }, + "input":{"shape":"GetManagedThingStateRequest"}, + "output":{"shape":"GetManagedThingStateResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the managed thing state for the given device Id.

    " + }, + "GetNotificationConfiguration":{ + "name":"GetNotificationConfiguration", + "http":{ + "method":"GET", + "requestUri":"/notification-configurations/{EventType}", + "responseCode":200 + }, + "input":{"shape":"GetNotificationConfigurationRequest"}, + "output":{"shape":"GetNotificationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get a notification configuration for a specified event type.

    " + }, + "GetOtaTask":{ + "name":"GetOtaTask", + "http":{ + "method":"GET", + "requestUri":"/ota-tasks/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetOtaTaskRequest"}, + "output":{"shape":"GetOtaTaskResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get details of the over-the-air (OTA) task by its task id.

    " + }, + "GetOtaTaskConfiguration":{ + "name":"GetOtaTaskConfiguration", + "http":{ + "method":"GET", + "requestUri":"/ota-task-configurations/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetOtaTaskConfigurationRequest"}, + "output":{"shape":"GetOtaTaskConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get a configuraiton for the over-the-air (OTA) task.

    " + }, + "GetProvisioningProfile":{ + "name":"GetProvisioningProfile", + "http":{ + "method":"GET", + "requestUri":"/provisioning-profiles/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"GetProvisioningProfileRequest"}, + "output":{"shape":"GetProvisioningProfileResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get a provisioning profile by template name.

    " + }, + "GetRuntimeLogConfiguration":{ + "name":"GetRuntimeLogConfiguration", + "http":{ + "method":"GET", + "requestUri":"/runtime-log-configurations/{ManagedThingId}", + "responseCode":200 + }, + "input":{"shape":"GetRuntimeLogConfigurationRequest"}, + "output":{"shape":"GetRuntimeLogConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the runtime log configuration for a specific managed thing.

    " + }, + "GetSchemaVersion":{ + "name":"GetSchemaVersion", + "http":{ + "method":"GET", + "requestUri":"/schema-versions/{Type}/{SchemaVersionedId}", + "responseCode":200 + }, + "input":{"shape":"GetSchemaVersionRequest"}, + "output":{"shape":"GetSchemaVersionResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Gets a schema version with the provided information.

    " + }, + "ListAccountAssociations":{ + "name":"ListAccountAssociations", + "http":{ + "method":"GET", + "requestUri":"/account-associations", + "responseCode":200 + }, + "input":{"shape":"ListAccountAssociationsRequest"}, + "output":{"shape":"ListAccountAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all account associations, with optional filtering by connector destination ID.

    " + }, + "ListCloudConnectors":{ + "name":"ListCloudConnectors", + "http":{ + "method":"GET", + "requestUri":"/cloud-connectors", + "responseCode":200 + }, + "input":{"shape":"ListCloudConnectorsRequest"}, + "output":{"shape":"ListCloudConnectorsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of connectors filtered by its Lambda Amazon Resource Name (ARN) and type.

    " + }, + "ListConnectorDestinations":{ + "name":"ListConnectorDestinations", + "http":{ + "method":"GET", + "requestUri":"/connector-destinations", + "responseCode":200 + }, + "input":{"shape":"ListConnectorDestinationsRequest"}, + "output":{"shape":"ListConnectorDestinationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all connector destinations, with optional filtering by cloud connector ID.

    " + }, + "ListCredentialLockers":{ + "name":"ListCredentialLockers", + "http":{ + "method":"GET", + "requestUri":"/credential-lockers", + "responseCode":200 + }, + "input":{"shape":"ListCredentialLockersRequest"}, + "output":{"shape":"ListCredentialLockersResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List information on an existing credential locker.

    " + }, + "ListDestinations":{ + "name":"ListDestinations", + "http":{ + "method":"GET", + "requestUri":"/destinations", + "responseCode":200 + }, + "input":{"shape":"ListDestinationsRequest"}, + "output":{"shape":"ListDestinationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List all notification destinations.

    " + }, + "ListDeviceDiscoveries":{ + "name":"ListDeviceDiscoveries", + "http":{ + "method":"GET", + "requestUri":"/device-discoveries", + "responseCode":200 + }, + "input":{"shape":"ListDeviceDiscoveriesRequest"}, + "output":{"shape":"ListDeviceDiscoveriesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all device discovery tasks, with optional filtering by type and status.

    " + }, + "ListDiscoveredDevices":{ + "name":"ListDiscoveredDevices", + "http":{ + "method":"GET", + "requestUri":"/device-discoveries/{Identifier}/devices", + "responseCode":200 + }, + "input":{"shape":"ListDiscoveredDevicesRequest"}, + "output":{"shape":"ListDiscoveredDevicesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all devices discovered during a specific device discovery task.

    " + }, + "ListEventLogConfigurations":{ + "name":"ListEventLogConfigurations", + "http":{ + "method":"GET", + "requestUri":"/event-log-configurations", + "responseCode":200 + }, + "input":{"shape":"ListEventLogConfigurationsRequest"}, + "output":{"shape":"ListEventLogConfigurationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List all event log configurations for an account.

    " + }, + "ListManagedThingAccountAssociations":{ + "name":"ListManagedThingAccountAssociations", + "http":{ + "method":"GET", + "requestUri":"/managed-thing-associations", + "responseCode":200 + }, + "input":{"shape":"ListManagedThingAccountAssociationsRequest"}, + "output":{"shape":"ListManagedThingAccountAssociationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all account associations for a specific managed thing.

    " + }, + "ListManagedThingSchemas":{ + "name":"ListManagedThingSchemas", + "http":{ + "method":"GET", + "requestUri":"/managed-thing-schemas/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"ListManagedThingSchemasRequest"}, + "output":{"shape":"ListManagedThingSchemasResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List schemas associated with a managed thing.

    " + }, + "ListManagedThings":{ + "name":"ListManagedThings", + "http":{ + "method":"GET", + "requestUri":"/managed-things", + "responseCode":200 + }, + "input":{"shape":"ListManagedThingsRequest"}, + "output":{"shape":"ListManagedThingsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Listing all managed things with provision for filters.

    " + }, + "ListNotificationConfigurations":{ + "name":"ListNotificationConfigurations", + "http":{ + "method":"GET", + "requestUri":"/notification-configurations", + "responseCode":200 + }, + "input":{"shape":"ListNotificationConfigurationsRequest"}, + "output":{"shape":"ListNotificationConfigurationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List all notification configurations.

    " + }, + "ListOtaTaskConfigurations":{ + "name":"ListOtaTaskConfigurations", + "http":{ + "method":"GET", + "requestUri":"/ota-task-configurations", + "responseCode":200 + }, + "input":{"shape":"ListOtaTaskConfigurationsRequest"}, + "output":{"shape":"ListOtaTaskConfigurationsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List all of the over-the-air (OTA) task configurations.

    " + }, + "ListOtaTaskExecutions":{ + "name":"ListOtaTaskExecutions", + "http":{ + "method":"GET", + "requestUri":"/ota-tasks/{Identifier}/devices", + "responseCode":200 + }, + "input":{"shape":"ListOtaTaskExecutionsRequest"}, + "output":{"shape":"ListOtaTaskExecutionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    List all of the over-the-air (OTA) task executions.

    " + }, + "ListOtaTasks":{ + "name":"ListOtaTasks", + "http":{ + "method":"GET", + "requestUri":"/ota-tasks", + "responseCode":200 + }, + "input":{"shape":"ListOtaTasksRequest"}, + "output":{"shape":"ListOtaTasksResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    List all of the over-the-air (OTA) tasks.

    " + }, + "ListProvisioningProfiles":{ + "name":"ListProvisioningProfiles", + "http":{ + "method":"GET", + "requestUri":"/provisioning-profiles", + "responseCode":200 + }, + "input":{"shape":"ListProvisioningProfilesRequest"}, + "output":{"shape":"ListProvisioningProfilesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List the provisioning profiles within the Amazon Web Services account.

    " + }, + "ListSchemaVersions":{ + "name":"ListSchemaVersions", + "http":{ + "method":"GET", + "requestUri":"/schema-versions/{Type}", + "responseCode":200 + }, + "input":{"shape":"ListSchemaVersionsRequest"}, + "output":{"shape":"ListSchemaVersionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists schema versions with the provided information.

    " + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List tags for the specified resource.

    " + }, + "PutDefaultEncryptionConfiguration":{ + "name":"PutDefaultEncryptionConfiguration", + "http":{ + "method":"POST", + "requestUri":"/configuration/account/encryption", + "responseCode":201 + }, + "input":{"shape":"PutDefaultEncryptionConfigurationRequest"}, + "output":{"shape":"PutDefaultEncryptionConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Sets the default encryption configuration for the Amazon Web Services account. For more information, see Key management in the AWS IoT SiteWise User Guide.

    " + }, + "PutHubConfiguration":{ + "name":"PutHubConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/hub-configuration", + "responseCode":201 + }, + "input":{"shape":"PutHubConfigurationRequest"}, + "output":{"shape":"PutHubConfigurationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update a hub configuration.

    ", + "idempotent":true + }, + "PutRuntimeLogConfiguration":{ + "name":"PutRuntimeLogConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/runtime-log-configurations/{ManagedThingId}", + "responseCode":200 + }, + "input":{"shape":"PutRuntimeLogConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Set the runtime log configuration for a specific managed thing or for all managed things as a group.

    ", + "idempotent":true + }, + "RegisterAccountAssociation":{ + "name":"RegisterAccountAssociation", + "http":{ + "method":"PUT", + "requestUri":"/managed-thing-associations/register", + "responseCode":201 + }, + "input":{"shape":"RegisterAccountAssociationRequest"}, + "output":{"shape":"RegisterAccountAssociationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Registers an account association with a managed thing, establishing a connection between a device and a third-party account.

    ", + "idempotent":true + }, + "RegisterCustomEndpoint":{ + "name":"RegisterCustomEndpoint", + "http":{ + "method":"POST", + "requestUri":"/custom-endpoint", + "responseCode":201 + }, + "input":{"shape":"RegisterCustomEndpointRequest"}, + "output":{"shape":"RegisterCustomEndpointResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Customers can request IoT managed integrations to manage the server trust for them or bring their own external server trusts for the custom domain. Returns an IoT managed integrations endpoint.

    " + }, + "ResetRuntimeLogConfiguration":{ + "name":"ResetRuntimeLogConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/runtime-log-configurations/{ManagedThingId}", + "responseCode":200 + }, + "input":{"shape":"ResetRuntimeLogConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Reset a runtime log configuration for a specific managed thing.

    ", + "idempotent":true + }, + "SendConnectorEvent":{ + "name":"SendConnectorEvent", + "http":{ + "method":"POST", + "requestUri":"/connector-event/{ConnectorId}", + "responseCode":202 + }, + "input":{"shape":"SendConnectorEventRequest"}, + "output":{"shape":"SendConnectorEventResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Relays third-party device events for a connector such as a new device or a device state change event.

    ", + "idempotent":true + }, + "SendManagedThingCommand":{ + "name":"SendManagedThingCommand", + "http":{ + "method":"POST", + "requestUri":"/managed-things-command/{ManagedThingId}", + "responseCode":202 + }, + "input":{"shape":"SendManagedThingCommandRequest"}, + "output":{"shape":"SendManagedThingCommandResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Send the command to the device represented by the managed thing.

    " + }, + "StartAccountAssociationRefresh":{ + "name":"StartAccountAssociationRefresh", + "http":{ + "method":"POST", + "requestUri":"/account-associations/{AccountAssociationId}/refresh", + "responseCode":200 + }, + "input":{"shape":"StartAccountAssociationRefreshRequest"}, + "output":{"shape":"StartAccountAssociationRefreshResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Initiates a refresh of an existing account association to update its authorization and connection status.

    " + }, + "StartDeviceDiscovery":{ + "name":"StartDeviceDiscovery", + "http":{ + "method":"POST", + "requestUri":"/device-discoveries", + "responseCode":201 + }, + "input":{"shape":"StartDeviceDiscoveryRequest"}, + "output":{"shape":"StartDeviceDiscoveryResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    This API is used to start device discovery for hub-connected and third-party-connected devices. The authentication material (install code) is delivered as a message to the controller instructing it to start the discovery.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Add tags for the specified resource.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Remove tags for the specified resource.

    ", + "idempotent":true + }, + "UpdateAccountAssociation":{ + "name":"UpdateAccountAssociation", + "http":{ + "method":"PUT", + "requestUri":"/account-associations/{AccountAssociationId}", + "responseCode":204 + }, + "input":{"shape":"UpdateAccountAssociationRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Updates the properties of an existing account association.

    ", + "idempotent":true + }, + "UpdateCloudConnector":{ + "name":"UpdateCloudConnector", + "http":{ + "method":"PUT", + "requestUri":"/cloud-connectors/{Identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateCloudConnectorRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update an existing cloud connector.

    ", + "idempotent":true + }, + "UpdateConnectorDestination":{ + "name":"UpdateConnectorDestination", + "http":{ + "method":"PUT", + "requestUri":"/connector-destinations/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"UpdateConnectorDestinationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Updates the properties of an existing connector destination.

    ", + "idempotent":true + }, + "UpdateDestination":{ + "name":"UpdateDestination", + "http":{ + "method":"PUT", + "requestUri":"/destinations/{Name}", + "responseCode":201 + }, + "input":{"shape":"UpdateDestinationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update a destination specified by name.

    ", + "idempotent":true + }, + "UpdateEventLogConfiguration":{ + "name":"UpdateEventLogConfiguration", + "http":{ + "method":"PATCH", + "requestUri":"/event-log-configurations/{Id}", + "responseCode":200 + }, + "input":{"shape":"UpdateEventLogConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update an event log configuration by log configuration ID.

    ", + "idempotent":true + }, + "UpdateManagedThing":{ + "name":"UpdateManagedThing", + "http":{ + "method":"PUT", + "requestUri":"/managed-things/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"UpdateManagedThingRequest"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"UnauthorizedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update the attributes and capabilities associated with a managed thing.

    ", + "idempotent":true + }, + "UpdateNotificationConfiguration":{ + "name":"UpdateNotificationConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/notification-configurations/{EventType}", + "responseCode":201 + }, + "input":{"shape":"UpdateNotificationConfigurationRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update a notification configuration.

    ", + "idempotent":true + }, + "UpdateOtaTask":{ + "name":"UpdateOtaTask", + "http":{ + "method":"PUT", + "requestUri":"/ota-tasks/{Identifier}", + "responseCode":204 + }, + "input":{"shape":"UpdateOtaTaskRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Update an over-the-air (OTA) task.

    ", + "idempotent":true + } + }, + "shapes":{ + "AbortConfigCriteria":{ + "type":"structure", + "members":{ + "Action":{ + "shape":"AbortCriteriaAction", + "documentation":"

    The action taken by the abort configuration.

    " + }, + "FailureType":{ + "shape":"AbortCriteriaFailureType", + "documentation":"

    Over-the-air (OTA) task abort criteria failure type.

    " + }, + "MinNumberOfExecutedThings":{ + "shape":"MinNumberOfExecutedThings", + "documentation":"

    The minimum number of things that must receive task execution notifications before the task can be aborted.

    " + }, + "ThresholdPercentage":{ + "shape":"ThresholdPercentage", + "documentation":"

    The minimum percentage of over-the-air (OTA) task execution failures that must occur to initiate the last abort.

    " + } + }, + "documentation":"

    Structure representing one abort config criteria.

    " + }, + "AbortConfigCriteriaList":{ + "type":"list", + "member":{"shape":"AbortConfigCriteria"} + }, + "AbortCriteriaAction":{ + "type":"string", + "enum":["CANCEL"] + }, + "AbortCriteriaFailureType":{ + "type":"string", + "enum":[ + "FAILED", + "REJECTED", + "TIMED_OUT", + "ALL" + ] + }, + "AccessDeniedException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    User is not authorized.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccountAssociationArn":{ + "type":"string", + "max":1011, + "min":67, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:account-association/[0-9a-zA-Z]+" + }, + "AccountAssociationDescription":{ + "type":"string", + "max":4096, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+" + }, + "AccountAssociationErrorMessage":{ + "type":"string", + "max":4096, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+" + }, + "AccountAssociationId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[0-9a-zA-Z]+" + }, + "AccountAssociationItem":{ + "type":"structure", + "required":[ + "AccountAssociationId", + "AssociationState" + ], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association.

    " + }, + "AssociationState":{ + "shape":"AssociationState", + "documentation":"

    The current state of the account association, indicating its status in the association lifecycle.

    " + }, + "ErrorMessage":{ + "shape":"AccountAssociationErrorMessage", + "documentation":"

    The error message explaining any issues with the account association, if applicable.

    " + }, + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination associated with this account association.

    " + }, + "Name":{ + "shape":"AccountAssociationName", + "documentation":"

    The name of the account association.

    " + }, + "Description":{ + "shape":"AccountAssociationDescription", + "documentation":"

    A description of the account association.

    " + }, + "Arn":{ + "shape":"AccountAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the account association.

    " + } + }, + "documentation":"

    Structure containing information about an account association, including its identifier, state, and related metadata.

    " + }, + "AccountAssociationListDefinition":{ + "type":"list", + "member":{"shape":"AccountAssociationItem"} + }, + "AccountAssociationName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+" + }, + "ActionName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[/a-zA-Z0-9\\._ -]+" + }, + "ActionReference":{ + "type":"string", + "pattern":"[a-zA-Z.]+" + }, + "ActionTraceId":{ + "type":"string", + "max":20, + "min":16, + "pattern":"[a-zA-Z0-9]+=(?:_[0-9]+)?" + }, + "AdvertisedProductId":{ + "type":"string", + "max":5, + "min":5, + "pattern":"([A-Za-z0-9!#$%&()*\\+\\-;<=>?@^_`{|}~])+" + }, + "AssociationState":{ + "type":"string", + "enum":[ + "ASSOCIATION_IN_PROGRESS", + "ASSOCIATION_FAILED", + "ASSOCIATION_SUCCEEDED", + "ASSOCIATION_DELETING", + "REFRESH_TOKEN_EXPIRED" + ] + }, + "AttributeName":{ + "type":"string", + "max":128, + "min":0, + "pattern":".*[a-zA-Z0-9_.,@/:#-]+.*" + }, + "AttributeValue":{ + "type":"string", + "max":800, + "min":0, + "pattern":".*[a-zA-Z0-9_.,@/:#-]*.*" + }, + "AuthConfig":{ + "type":"structure", + "members":{ + "oAuth":{ + "shape":"OAuthConfig", + "documentation":"

    The OAuth configuration settings used for authentication with the third-party service.

    " + } + }, + "documentation":"

    The authentication configuration details for a connector destination, including OAuth settings and other authentication parameters.

    " + }, + "AuthConfigUpdate":{ + "type":"structure", + "members":{ + "oAuthUpdate":{ + "shape":"OAuthUpdate", + "documentation":"

    The updated OAuth configuration settings for the authentication configuration.

    " + } + }, + "documentation":"

    The updated authentication configuration details for a connector destination.

    " + }, + "AuthMaterialString":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[0-9A-Za-z!#$%&()*\\+\\-;<=>?@^_`{|}~\\/: {},\\\\\"]+", + "sensitive":true + }, + "AuthMaterialType":{ + "type":"string", + "enum":[ + "CUSTOM_PROTOCOL_QR_BAR_CODE", + "WIFI_SETUP_QR_BAR_CODE", + "ZWAVE_QR_BAR_CODE", + "ZIGBEE_QR_BAR_CODE", + "DISCOVERED_DEVICE" + ] + }, + "AuthType":{ + "type":"string", + "enum":["OAUTH"] + }, + "AuthUrl":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"https?:\\/\\/(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}([-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)" + }, + "BaseRatePerMinute":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Brand":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+", + "sensitive":true + }, + "CaCertificate":{ + "type":"string", + "pattern":"-----BEGIN CERTIFICATE-----.*(.|\\n)*-----END CERTIFICATE-----\\n?", + "sensitive":true + }, + "Capabilities":{ + "type":"string", + "max":65535, + "min":1, + "pattern":"[a-zA-Z0-9\\s'\\x{0022},.:\\\\\\/{$}\\[\\]=_\\-\\+]+" + }, + "CapabilityAction":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"CapabilityActionName", + "documentation":"

    Describe a capability action with a name.

    " + }, + "ref":{ + "shape":"ActionReference", + "documentation":"

    Describe a capability action with an reference.

    " + }, + "actionTraceId":{ + "shape":"ActionTraceId", + "documentation":"

    Describe a capability action with an actionTraceId for a response command.

    " + }, + "parameters":{ + "shape":"CapabilityProperties", + "documentation":"

    Describe a capability action with a capability property.

    " + } + }, + "documentation":"

    Action for an Amazon Web Services capability, containing the action parameters for control.

    " + }, + "CapabilityActionName":{ + "type":"string", + "pattern":"[/a-zA-Z]+" + }, + "CapabilityActions":{ + "type":"list", + "member":{"shape":"CapabilityAction"}, + "max":5, + "min":1 + }, + "CapabilityId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9./]+(@\\d+\\.\\d+)?" + }, + "CapabilityName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[/a-zA-Z0-9\\._ -]+" + }, + "CapabilityProperties":{ + "type":"structure", + "members":{ + }, + "document":true, + "sensitive":true + }, + "CapabilityReport":{ + "type":"structure", + "required":[ + "version", + "endpoints" + ], + "members":{ + "version":{ + "shape":"CapabilityReportVersion", + "documentation":"

    The version of the capability report.

    " + }, + "nodeId":{ + "shape":"NodeId", + "documentation":"

    The numeric identifier of the node.

    " + }, + "endpoints":{ + "shape":"CapabilityReportEndpoints", + "documentation":"

    The endpoints used in the capability report.

    " + } + }, + "documentation":"

    Report of all capabilities supported by the device.

    " + }, + "CapabilityReportActions":{ + "type":"list", + "member":{"shape":"ActionName"}, + "max":100, + "min":0 + }, + "CapabilityReportCapabilities":{ + "type":"list", + "member":{"shape":"CapabilityReportCapability"}, + "max":40, + "min":0 + }, + "CapabilityReportCapability":{ + "type":"structure", + "required":[ + "id", + "name", + "version", + "properties", + "actions", + "events" + ], + "members":{ + "id":{ + "shape":"SchemaVersionedId", + "documentation":"

    The id of the schema version.

    " + }, + "name":{ + "shape":"CapabilityName", + "documentation":"

    The name of the capability.

    " + }, + "version":{ + "shape":"CapabilityVersion", + "documentation":"

    The version of the capability.

    " + }, + "properties":{ + "shape":"CapabilityReportProperties", + "documentation":"

    The capability properties used in the capability report.

    " + }, + "actions":{ + "shape":"CapabilityReportActions", + "documentation":"

    The capability actions used in the capability report.

    " + }, + "events":{ + "shape":"CapabilityReportEvents", + "documentation":"

    The capability events used in the capability report.

    " + } + }, + "documentation":"

    The capability used in capability report.

    " + }, + "CapabilityReportEndpoint":{ + "type":"structure", + "required":[ + "id", + "deviceTypes", + "capabilities" + ], + "members":{ + "id":{ + "shape":"EndpointId", + "documentation":"

    The id of the endpoint used in the capability report.

    " + }, + "deviceTypes":{ + "shape":"DeviceTypes", + "documentation":"

    The type of device.

    " + }, + "capabilities":{ + "shape":"CapabilityReportCapabilities", + "documentation":"

    The capabilities used in the capability report.

    " + } + }, + "documentation":"

    The endpoint used in the capability report.

    " + }, + "CapabilityReportEndpoints":{ + "type":"list", + "member":{"shape":"CapabilityReportEndpoint"}, + "max":40, + "min":0 + }, + "CapabilityReportEvents":{ + "type":"list", + "member":{"shape":"EventName"}, + "max":100, + "min":0 + }, + "CapabilityReportProperties":{ + "type":"list", + "member":{"shape":"PropertyName"}, + "max":100, + "min":0 + }, + "CapabilityReportVersion":{ + "type":"string", + "max":10, + "min":1, + "pattern":"1\\.0\\.0" + }, + "CapabilitySchemaItem":{ + "type":"structure", + "required":[ + "Format", + "CapabilityId", + "ExtrinsicId", + "ExtrinsicVersion", + "Schema" + ], + "members":{ + "Format":{ + "shape":"SchemaVersionFormat", + "documentation":"

    The format of the capability schema, which defines how the schema is structured and interpreted.

    " + }, + "CapabilityId":{ + "shape":"SchemaVersionedId", + "documentation":"

    The unique identifier of the capability defined in the schema.

    " + }, + "ExtrinsicId":{ + "shape":"ExtrinsicSchemaId", + "documentation":"

    The external identifier for the capability, used when referencing the capability outside of the AWS ecosystem.

    " + }, + "ExtrinsicVersion":{ + "shape":"MatterCapabilityReportClusterRevisionId", + "documentation":"

    The version of the external capability definition, used to track compatibility with external systems.

    " + }, + "Schema":{ + "shape":"ValidationSchema", + "documentation":"

    The actual schema definition that describes the capability's properties, actions, and events.

    " + } + }, + "documentation":"

    Structure representing a capability schema item that defines the functionality and features supported by a managed thing.

    " + }, + "CapabilitySchemas":{ + "type":"list", + "member":{"shape":"CapabilitySchemaItem"}, + "max":40, + "min":0 + }, + "CapabilityVersion":{ + "type":"string", + "max":64, + "min":1, + "pattern":"(0|[1-9][0-9]*)" + }, + "CertificatePem":{ + "type":"string", + "max":65536, + "min":1, + "pattern":"[\\s\\S]*" + }, + "ClaimCertificate":{ + "type":"string", + "sensitive":true + }, + "ClaimCertificatePrivateKey":{ + "type":"string", + "sensitive":true + }, + "Classification":{ + "type":"string", + "max":64, + "min":1, + "sensitive":true + }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9=_-]+" + }, + "CloudConnectorDescription":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[0-9A-Za-z_\\- ]+" + }, + "CloudConnectorId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9-_]+" + }, + "CloudConnectorType":{ + "type":"string", + "enum":[ + "LISTED", + "UNLISTED" + ] + }, + "ClusterId":{ + "type":"string", + "max":24, + "min":1, + "pattern":"0[xX][0-9a-fA-F]+$|^[0-9]+" + }, + "CommandCapabilities":{ + "type":"list", + "member":{"shape":"CommandCapability"}, + "max":5, + "min":1 + }, + "CommandCapability":{ + "type":"structure", + "required":[ + "id", + "name", + "version", + "actions" + ], + "members":{ + "id":{ + "shape":"SchemaVersionedId", + "documentation":"

    Describe the capability with an id.

    " + }, + "name":{ + "shape":"CapabilityName", + "documentation":"

    Describe the capability with an name.

    " + }, + "version":{ + "shape":"CapabilityVersion", + "documentation":"

    Describe the capability with a version.

    " + }, + "actions":{ + "shape":"CapabilityActions", + "documentation":"

    Describe the command capability with the actions it supports.

    " + } + }, + "documentation":"

    The command capabilities added for the managed thing

    " + }, + "CommandEndpoint":{ + "type":"structure", + "required":[ + "endpointId", + "capabilities" + ], + "members":{ + "endpointId":{ + "shape":"EndpointId", + "documentation":"

    The id of the endpoint for a managed thing.

    " + }, + "capabilities":{ + "shape":"CommandCapabilities", + "documentation":"

    Describe the endpoint with an id, a name, and the relevant capabilities for sending commands.

    " + } + }, + "documentation":"

    The endpoint for a managed thing when sending a command.

    " + }, + "CommandEndpoints":{ + "type":"list", + "member":{"shape":"CommandEndpoint"}, + "max":5, + "min":1 + }, + "ConfigurationError":{ + "type":"structure", + "members":{ + "code":{ + "shape":"ConfigurationErrorCode", + "documentation":"

    The error code returned when the default encryption configuration update fails.

    " + }, + "message":{ + "shape":"ConfigurationErrorMessage", + "documentation":"

    The error message returned when the default encryption configuration update fails.

    " + } + }, + "documentation":"

    Provides the default encryption configuration error update details.

    " + }, + "ConfigurationErrorCode":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9_-]+" + }, + "ConfigurationErrorMessage":{ + "type":"string", + "max":65535, + "min":1, + "pattern":"[a-zA-Z0-9\\-._,]+" + }, + "ConfigurationState":{ + "type":"string", + "enum":[ + "ENABLED", + "UPDATE_IN_PROGRESS", + "UPDATE_FAILED" + ] + }, + "ConfigurationStatus":{ + "type":"structure", + "required":["state"], + "members":{ + "error":{ + "shape":"ConfigurationError", + "documentation":"

    The error details describing a failed default encryption configuration update.

    " + }, + "state":{ + "shape":"ConfigurationState", + "documentation":"

    The status state describing the default encryption configuration update.

    " + } + }, + "documentation":"

    Provides the status of the default encryption configuration for an Amazon Web Services account.

    " + }, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    There is a conflict with the request.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ConnectivityStatus":{ + "type":"boolean", + "box":true + }, + "ConnectivityTimestamp":{"type":"timestamp"}, + "ConnectorAssociationId":{ + "type":"string", + "deprecated":true, + "deprecatedMessage":"ConnectorAssociationId is deprecated", + "deprecatedSince":"2025-06-25", + "max":64, + "min":1, + "pattern":"[0-9a-zA-Z]+" + }, + "ConnectorDestinationDescription":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[0-9A-Za-z_\\- ]+" + }, + "ConnectorDestinationId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9-_]+" + }, + "ConnectorDestinationListDefinition":{ + "type":"list", + "member":{"shape":"ConnectorDestinationSummary"} + }, + "ConnectorDestinationName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+" + }, + "ConnectorDestinationSummary":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"ConnectorDestinationName", + "documentation":"

    The display name of the connector destination.

    " + }, + "Description":{ + "shape":"ConnectorDestinationDescription", + "documentation":"

    A description of the connector destination.

    " + }, + "CloudConnectorId":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the cloud connector associated with this connector destination.

    " + }, + "Id":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The unique identifier of the connector destination.

    " + } + }, + "documentation":"

    Structure containing summary information about a connector destination, which defines how a cloud-to-cloud connector connects to a customer's AWS account.

    " + }, + "ConnectorDeviceId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9_.,@-]+", + "sensitive":true + }, + "ConnectorDeviceName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}\\p{N} ._-]+", + "sensitive":true + }, + "ConnectorEventMessage":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\sa-zA-Z0-9_.,@-]+", + "sensitive":true + }, + "ConnectorEventOperation":{ + "type":"string", + "enum":[ + "DEVICE_COMMAND_RESPONSE", + "DEVICE_DISCOVERY", + "DEVICE_EVENT", + "DEVICE_COMMAND_REQUEST" + ] + }, + "ConnectorEventOperationVersion":{ + "type":"string", + "max":6, + "min":1, + "pattern":"[0-9.]+", + "sensitive":true + }, + "ConnectorEventStatusCode":{ + "type":"integer", + "box":true, + "max":550, + "min":100, + "sensitive":true + }, + "ConnectorId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9-_]+" + }, + "ConnectorItem":{ + "type":"structure", + "required":[ + "Name", + "EndpointConfig" + ], + "members":{ + "Name":{ + "shape":"DisplayName", + "documentation":"

    The display name of the C2C connector.

    " + }, + "EndpointConfig":{ + "shape":"EndpointConfig", + "documentation":"

    The configuration details for the cloud connector endpoint, including connection parameters and authentication requirements.

    " + }, + "Description":{ + "shape":"CloudConnectorDescription", + "documentation":"

    A description of the C2C connector.

    " + }, + "EndpointType":{ + "shape":"EndpointType", + "documentation":"

    The type of endpoint used for the C2C connector.

    " + }, + "Id":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the C2C connector.

    " + }, + "Type":{ + "shape":"CloudConnectorType", + "documentation":"

    The type of cloud connector created.

    " + } + }, + "documentation":"

    Structure describing a connector.

    " + }, + "ConnectorList":{ + "type":"list", + "member":{"shape":"ConnectorItem"} + }, + "ConnectorPolicyId":{ + "type":"string", + "deprecated":true, + "deprecatedMessage":"ConnectorPolicyId is deprecated", + "deprecatedSince":"2025-06-25", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9-_]+" + }, + "CreateAccountAssociationRequest":{ + "type":"structure", + "required":["ConnectorDestinationId"], + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination.

    " + }, + "Name":{ + "shape":"AccountAssociationName", + "documentation":"

    The name of the destination for the new account association.

    " + }, + "Description":{ + "shape":"AccountAssociationDescription", + "documentation":"

    A description of the account association request.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the account association.

    " + } + } + }, + "CreateAccountAssociationResponse":{ + "type":"structure", + "required":[ + "OAuthAuthorizationUrl", + "AccountAssociationId", + "AssociationState" + ], + "members":{ + "OAuthAuthorizationUrl":{ + "shape":"OAuthAuthorizationUrl", + "documentation":"

    Third-party IoT platform OAuth authorization server URL backed with all the required parameters to perform end-user authentication.

    " + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier for the account association request.

    " + }, + "AssociationState":{ + "shape":"AssociationState", + "documentation":"

    The current state of the account association request.

    " + }, + "Arn":{ + "shape":"AccountAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the account association.

    " + } + } + }, + "CreateCloudConnectorRequest":{ + "type":"structure", + "required":[ + "Name", + "EndpointConfig" + ], + "members":{ + "Name":{ + "shape":"DisplayName", + "documentation":"

    The display name of the C2C connector.

    " + }, + "EndpointConfig":{ + "shape":"EndpointConfig", + "documentation":"

    The configuration details for the cloud connector endpoint, including connection parameters and authentication requirements.

    " + }, + "Description":{ + "shape":"CloudConnectorDescription", + "documentation":"

    A description of the C2C connector.

    " + }, + "EndpointType":{ + "shape":"EndpointType", + "documentation":"

    The type of endpoint used for the cloud connector, which defines how the connector communicates with external services.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + } + } + }, + "CreateCloudConnectorResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"CloudConnectorId", + "documentation":"

    The unique identifier assigned to the newly created cloud connector.

    " + } + } + }, + "CreateConnectorDestinationRequest":{ + "type":"structure", + "required":[ + "CloudConnectorId", + "AuthType", + "AuthConfig", + "SecretsManager" + ], + "members":{ + "Name":{ + "shape":"ConnectorDestinationName", + "documentation":"

    The display name of the connector destination.

    " + }, + "Description":{ + "shape":"ConnectorDestinationDescription", + "documentation":"

    A description of the connector destination.

    " + }, + "CloudConnectorId":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the C2C connector.

    " + }, + "AuthType":{ + "shape":"AuthType", + "documentation":"

    The authentication type used for the connector destination, which determines how credentials and access are managed.

    " + }, + "AuthConfig":{ + "shape":"AuthConfig", + "documentation":"

    The authentication configuration details for the connector destination, including OAuth settings and other authentication parameters.

    " + }, + "SecretsManager":{ + "shape":"SecretsManager", + "documentation":"

    The AWS Secrets Manager configuration used to securely store and manage sensitive information for the connector destination.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + } + } + }, + "CreateConnectorDestinationResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the C2C connector destination creation request.

    " + } + } + }, + "CreateCredentialLockerRequest":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"CredentialLockerName", + "documentation":"

    The name of the credential locker.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the credential locker.

    " + } + } + }, + "CreateCredentialLockerResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker creation request.

    " + }, + "Arn":{ + "shape":"CredentialLockerArn", + "documentation":"

    The Amazon Resource Name (ARN) of the credential locker.

    " + }, + "CreatedAt":{ + "shape":"CredentialLockerCreatedAt", + "documentation":"

    The timestamp value of when the credential locker request occurred.

    " + } + } + }, + "CreateDestinationRequest":{ + "type":"structure", + "required":[ + "DeliveryDestinationArn", + "DeliveryDestinationType", + "Name", + "RoleArn" + ], + "members":{ + "DeliveryDestinationArn":{ + "shape":"DeliveryDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the customer-managed destination.

    " + }, + "DeliveryDestinationType":{ + "shape":"DeliveryDestinationType", + "documentation":"

    The destination type for the customer-managed destination.

    " + }, + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    " + }, + "RoleArn":{ + "shape":"DeliveryDestinationRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the delivery destination role.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "Description":{ + "shape":"DestinationDescription", + "documentation":"

    The description of the customer-managed destination.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the destination.

    ", + "deprecated":true, + "deprecatedMessage":"Tags have been deprecated from this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "CreateDestinationResponse":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    " + } + } + }, + "CreateEventLogConfigurationRequest":{ + "type":"structure", + "required":[ + "ResourceType", + "EventLogLevel" + ], + "members":{ + "ResourceType":{ + "shape":"SmartHomeResourceType", + "documentation":"

    The type of resource for the event log configuration.

    " + }, + "ResourceId":{ + "shape":"SmartHomeResourceId", + "documentation":"

    The identifier of the resource for the event log configuration.

    " + }, + "EventLogLevel":{ + "shape":"LogLevel", + "documentation":"

    The logging level for the event log configuration.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + } + } + }, + "CreateEventLogConfigurationResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The identifier of the event log configuration request.

    " + } + } + }, + "CreateManagedThingRequest":{ + "type":"structure", + "required":[ + "Role", + "AuthenticationMaterial", + "AuthenticationMaterialType" + ], + "members":{ + "Role":{ + "shape":"Role", + "documentation":"

    The type of device used. This will be the hub controller, cloud device, or AWS IoT device.

    " + }, + "Owner":{ + "shape":"Owner", + "documentation":"

    Owner of the device, usually an indication of whom the device belongs to. This value should not contain personal identifiable information.

    " + }, + "CredentialLockerId":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential for the managed thing.

    " + }, + "AuthenticationMaterial":{ + "shape":"AuthMaterialString", + "documentation":"

    The authentication material defining the device connectivity setup requests. The authentication materials used are the device bar code.

    " + }, + "AuthenticationMaterialType":{ + "shape":"AuthMaterialType", + "documentation":"

    The type of authentication material used for device connectivity setup requests.

    " + }, + "SerialNumber":{ + "shape":"SerialNumber", + "documentation":"

    The serial number of the device.

    " + }, + "Brand":{ + "shape":"Brand", + "documentation":"

    The brand of the device.

    " + }, + "Model":{ + "shape":"Model", + "documentation":"

    The model of the device.

    " + }, + "Name":{ + "shape":"Name", + "documentation":"

    The name of the managed thing representing the physical device.

    " + }, + "CapabilityReport":{ + "shape":"CapabilityReport", + "documentation":"

    A report of the capabilities for the managed thing.

    " + }, + "CapabilitySchemas":{ + "shape":"CapabilitySchemas", + "documentation":"

    The capability schemas that define the functionality and features supported by the managed thing, including device capabilities and their associated properties.

    " + }, + "Capabilities":{ + "shape":"Capabilities", + "documentation":"

    The capabilities of the device such as light bulb.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "Classification":{ + "shape":"Classification", + "documentation":"

    The classification of the managed thing such as light bulb or thermostat.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the managed thing.

    " + }, + "MetaData":{ + "shape":"MetaData", + "documentation":"

    The metadata for the managed thing.

    The managedThing metadata parameter is used for associating attributes with a managedThing that can be used for grouping over-the-air (OTA) tasks. Name value pairs in metadata can be used in the OtaTargetQueryString parameter for the CreateOtaTask API operation.

    " + } + } + }, + "CreateManagedThingResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the managed thing.

    " + }, + "Arn":{ + "shape":"ManagedThingArn", + "documentation":"

    The Amazon Resource Name (ARN) of the managed thing.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the device creation request occurred.

    " + } + } + }, + "CreateNotificationConfigurationRequest":{ + "type":"structure", + "required":[ + "EventType", + "DestinationName" + ], + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    " + }, + "DestinationName":{ + "shape":"DestinationName", + "documentation":"

    The name of the destination for the notification configuration.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the notification configuration.

    ", + "deprecated":true, + "deprecatedMessage":"Tags has been deprecated from this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "CreateNotificationConfigurationResponse":{ + "type":"structure", + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    " + } + } + }, + "CreateOtaTaskConfigurationRequest":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"OtaDescription", + "documentation":"

    A description of the over-the-air (OTA) task configuration.

    " + }, + "Name":{ + "shape":"OtaTaskConfigurationName", + "documentation":"

    The name of the over-the-air (OTA) task.

    " + }, + "PushConfig":{ + "shape":"PushConfig", + "documentation":"

    Describes the type of configuration used for the over-the-air (OTA) task.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + } + } + }, + "CreateOtaTaskConfigurationResponse":{ + "type":"structure", + "members":{ + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier of the over-the-air (OTA) task configuration.

    " + } + } + }, + "CreateOtaTaskRequest":{ + "type":"structure", + "required":[ + "S3Url", + "OtaType" + ], + "members":{ + "Description":{ + "shape":"OtaDescription", + "documentation":"

    The description of the over-the-air (OTA) task.

    " + }, + "S3Url":{ + "shape":"S3Url", + "documentation":"

    The URL to the Amazon S3 bucket where the over-the-air (OTA) task is stored.

    " + }, + "Protocol":{ + "shape":"OtaProtocol", + "documentation":"

    The connection protocol the over-the-air (OTA) task uses to update the device.

    " + }, + "Target":{ + "shape":"Target", + "documentation":"

    The device targeted for the over-the-air (OTA) task.

    " + }, + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier for the over-the-air (OTA) task configuration.

    " + }, + "OtaMechanism":{ + "shape":"OtaMechanism", + "documentation":"

    The deployment mechanism for the over-the-air (OTA) task.

    " + }, + "OtaType":{ + "shape":"OtaType", + "documentation":"

    The frequency type for the over-the-air (OTA) task.

    " + }, + "OtaTargetQueryString":{ + "shape":"OtaTargetQueryString", + "documentation":"

    The query string to add things to the thing group.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "OtaSchedulingConfig":{"shape":"OtaTaskSchedulingConfig"}, + "OtaTaskExecutionRetryConfig":{"shape":"OtaTaskExecutionRetryConfig"}, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the over-the-air (OTA) task.

    " + } + } + }, + "CreateOtaTaskResponse":{ + "type":"structure", + "members":{ + "TaskId":{ + "shape":"OtaTaskId", + "documentation":"

    The identifier of the over-the-air (OTA) task.

    " + }, + "TaskArn":{ + "shape":"OtaTaskArn", + "documentation":"

    The Amazon Resource Name (ARN) of the over-the-air (OTA) task.

    " + }, + "Description":{ + "shape":"OtaDescription", + "documentation":"

    A description of the over-the-air (OTA) task.

    " + } + } + }, + "CreateProvisioningProfileRequest":{ + "type":"structure", + "required":["ProvisioningType"], + "members":{ + "ProvisioningType":{ + "shape":"ProvisioningType", + "documentation":"

    The type of provisioning workflow the device uses for onboarding to IoT managed integrations.

    " + }, + "CaCertificate":{ + "shape":"CaCertificate", + "documentation":"

    The id of the certificate authority (CA) certificate.

    " + }, + "Name":{ + "shape":"ProvisioningProfileName", + "documentation":"

    The name of the provisioning template.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the provisioning profile.

    " + } + } + }, + "CreateProvisioningProfileResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ProvisioningProfileArn", + "documentation":"

    The Amazon Resource Name (ARN) of the provisioning template used in the provisioning profile.

    " + }, + "Name":{ + "shape":"ProvisioningProfileName", + "documentation":"

    The name of the provisioning template.

    " + }, + "ProvisioningType":{ + "shape":"ProvisioningType", + "documentation":"

    The type of provisioning workflow the device uses for onboarding to IoT managed integrations.

    " + }, + "Id":{ + "shape":"ProvisioningProfileId", + "documentation":"

    The identifier of the provisioning profile.

    " + }, + "ClaimCertificate":{ + "shape":"ClaimCertificate", + "documentation":"

    The id of the claim certificate.

    " + }, + "ClaimCertificatePrivateKey":{ + "shape":"ClaimCertificatePrivateKey", + "documentation":"

    The private key of the claim certificate. This is stored securely on the device for validating the connection endpoint with IoT managed integrations using the public key.

    " + } + } + }, + "CreatedAt":{"type":"timestamp"}, + "CredentialLockerArn":{ + "type":"string", + "max":1011, + "min":32, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:credential-locker/[0-9a-zA-Z]+" + }, + "CredentialLockerCreatedAt":{"type":"timestamp"}, + "CredentialLockerId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9]*" + }, + "CredentialLockerListDefinition":{ + "type":"list", + "member":{"shape":"CredentialLockerSummary"} + }, + "CredentialLockerName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+", + "sensitive":true + }, + "CredentialLockerSummary":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"CredentialLockerId", + "documentation":"

    The id of the credential locker.

    " + }, + "Arn":{ + "shape":"CredentialLockerArn", + "documentation":"

    The Amazon Resource Name (ARN) of the credential locker.

    " + }, + "Name":{ + "shape":"CredentialLockerName", + "documentation":"

    The name of the credential locker.

    " + }, + "CreatedAt":{ + "shape":"CredentialLockerCreatedAt", + "documentation":"

    The timestampe value of when the credential locker was created at.

    " + } + }, + "documentation":"

    Structure describing one Credential Locker.

    " + }, + "CustomProtocolDetail":{ + "type":"map", + "key":{"shape":"CustomProtocolDetailKey"}, + "value":{"shape":"CustomProtocolDetailValue"}, + "max":50, + "min":0 + }, + "CustomProtocolDetailKey":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9 _.-]+" + }, + "CustomProtocolDetailValue":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[a-zA-Z0-9 _.{}:\"-]+" + }, + "DeleteAccountAssociationRequest":{ + "type":"structure", + "required":["AccountAssociationId"], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association to be deleted.

    ", + "location":"uri", + "locationName":"AccountAssociationId" + } + } + }, + "DeleteCloudConnectorRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the cloud connector.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteConnectorDestinationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteCredentialLockerRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteDestinationRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"DestinationName", + "documentation":"

    The id of the customer-managed destination.

    ", + "location":"uri", + "locationName":"Name" + } + } + }, + "DeleteEventLogConfigurationRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The identifier of the event log configuration.

    ", + "location":"uri", + "locationName":"Id" + } + } + }, + "DeleteLocalStoreAfterUpload":{ + "type":"boolean", + "box":true + }, + "DeleteManagedThingRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the managed thing.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Force":{ + "shape":"Boolean", + "documentation":"

    When set to TRUE, a forceful deteletion of the managed thing will occur. When set to FALSE, a non-forceful deletion of the managed thing will occur.

    ", + "location":"querystring", + "locationName":"Force" + } + } + }, + "DeleteNotificationConfigurationRequest":{ + "type":"structure", + "required":["EventType"], + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    ", + "location":"uri", + "locationName":"EventType" + } + } + }, + "DeleteOtaTaskConfigurationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier of the over-the-air (OTA) task configuration.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteOtaTaskRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskId", + "documentation":"

    The identifier of the over-the-air (OTA) task.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteProvisioningProfileRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ProvisioningProfileId", + "documentation":"

    The name of the provisioning template.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeliveryDestinationArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws:[0-9a-zA-Z]+:[0-9a-zA-Z-]+:[0-9]+:[0-9a-zA-Z]+/[0-9a-zA-Z._-]+" + }, + "DeliveryDestinationRoleArn":{"type":"string"}, + "DeliveryDestinationType":{ + "type":"string", + "enum":["KINESIS"] + }, + "DeregisterAccountAssociationRequest":{ + "type":"structure", + "required":[ + "ManagedThingId", + "AccountAssociationId" + ], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing to be deregistered from the account association.

    " + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association to be deregistered.

    " + } + }, + "documentation":"

    Request for deregister a managed thing from account association

    " + }, + "DestinationCreatedAt":{"type":"timestamp"}, + "DestinationDescription":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[0-9A-Za-z_\\- ]+" + }, + "DestinationListDefinition":{ + "type":"list", + "member":{"shape":"DestinationSummary"} + }, + "DestinationName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\p{L}\\p{N} ._-]+" + }, + "DestinationSummary":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"DestinationDescription", + "documentation":"

    The description of the customer-managed destination.

    " + }, + "DeliveryDestinationArn":{ + "shape":"DeliveryDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the customer-managed destination.

    " + }, + "DeliveryDestinationType":{ + "shape":"DeliveryDestinationType", + "documentation":"

    The destination type for the customer-managed destination.

    " + }, + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    " + }, + "RoleArn":{ + "shape":"DeliveryDestinationRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the delivery destination.

    " + } + }, + "documentation":"

    Structure describing a destination for IoT managed integrations to deliver notifications for a device.

    " + }, + "DestinationUpdatedAt":{"type":"timestamp"}, + "Device":{ + "type":"structure", + "required":[ + "ConnectorDeviceId", + "CapabilityReport" + ], + "members":{ + "ConnectorDeviceId":{ + "shape":"ConnectorDeviceId", + "documentation":"

    The device id as defined by the connector.

    This parameter is used for cloud-to-cloud devices only.

    " + }, + "ConnectorDeviceName":{ + "shape":"ConnectorDeviceName", + "documentation":"

    The name of the device as defined by the connector.

    " + }, + "CapabilityReport":{ + "shape":"MatterCapabilityReport", + "documentation":"

    The capability report for the device.

    " + }, + "CapabilitySchemas":{ + "shape":"CapabilitySchemas", + "documentation":"

    Report of all capabilities supported by the device.

    " + }, + "DeviceMetadata":{ + "shape":"DeviceMetadata", + "documentation":"

    The metadata attributes for a device.

    " + } + }, + "documentation":"

    Describe the device using the relevant metadata and supported clusters for device discovery.

    " + }, + "DeviceDiscoveryArn":{ + "type":"string", + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:device-discovery/[0-9a-zA-Z]+" + }, + "DeviceDiscoveryId":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[A-Za-z0-9]+" + }, + "DeviceDiscoveryListDefinition":{ + "type":"list", + "member":{"shape":"DeviceDiscoverySummary"} + }, + "DeviceDiscoveryStatus":{ + "type":"string", + "enum":[ + "RUNNING", + "SUCCEEDED", + "FAILED", + "TIMED_OUT" + ] + }, + "DeviceDiscoverySummary":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The unique identifier of the device discovery job.

    " + }, + "DiscoveryType":{ + "shape":"DiscoveryType", + "documentation":"

    The type of discovery process used to find devices.

    " + }, + "Status":{ + "shape":"DeviceDiscoveryStatus", + "documentation":"

    The current status of the device discovery job.

    " + } + }, + "documentation":"

    Structure containing summary information about a device discovery job, including its identifier, type, and status.

    " + }, + "DeviceMetadata":{ + "type":"structure", + "members":{ + }, + "document":true + }, + "DeviceSpecificKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9=_.,@\\+\\-]+", + "sensitive":true + }, + "DeviceType":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[a-zA-Z0-9=_. ,@\\+\\-/]+" + }, + "DeviceTypeList":{ + "type":"list", + "member":{"shape":"DeviceType"} + }, + "DeviceTypes":{ + "type":"list", + "member":{"shape":"DeviceType"}, + "max":50, + "min":0 + }, + "Devices":{ + "type":"list", + "member":{"shape":"Device"} + }, + "DisconnectReasonValue":{ + "type":"string", + "enum":[ + "AUTH_ERROR", + "CLIENT_INITIATED_DISCONNECT", + "CLIENT_ERROR", + "CONNECTION_LOST", + "DUPLICATE_CLIENTID", + "FORBIDDEN_ACCESS", + "MQTT_KEEP_ALIVE_TIMEOUT", + "SERVER_ERROR", + "SERVER_INITIATED_DISCONNECT", + "THROTTLED", + "WEBSOCKET_TTL_EXPIRATION", + "CUSTOMAUTH_TTL_EXPIRATION", + "UNKNOWN", + "NONE" + ] + }, + "DiscoveredAt":{"type":"timestamp"}, + "DiscoveredDeviceListDefinition":{ + "type":"list", + "member":{"shape":"DiscoveredDeviceSummary"} + }, + "DiscoveredDeviceSummary":{ + "type":"structure", + "members":{ + "ConnectorDeviceId":{ + "shape":"ConnectorDeviceId", + "documentation":"

    The third-party device identifier as defined by the connector. This identifier must not contain personal identifiable information (PII).

    " + }, + "ConnectorDeviceName":{ + "shape":"ConnectorDeviceName", + "documentation":"

    The name of the device as defined by the connector or third-party system.

    " + }, + "DeviceTypes":{ + "shape":"DeviceTypeList", + "documentation":"

    The list of device types or categories that the discovered device belongs to.

    " + }, + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing created for this discovered device, if one exists.

    " + }, + "Modification":{ + "shape":"DiscoveryModification", + "documentation":"

    The status of the discovered device, indicating whether it has been added, removed, or modified since the last discovery.

    " + }, + "DiscoveredAt":{ + "shape":"DiscoveredAt", + "documentation":"

    The timestamp indicating when the device was discovered.

    " + }, + "Brand":{ + "shape":"Brand", + "documentation":"

    The brand of the discovered device.

    " + }, + "Model":{ + "shape":"Model", + "documentation":"

    The model of the discovered device.

    " + }, + "AuthenticationMaterial":{ + "shape":"AuthMaterialString", + "documentation":"

    The authentication material required for connecting to the discovered device, such as credentials or tokens.

    " + } + }, + "documentation":"

    Structure containing summary information about a device discovered during a device discovery job.

    " + }, + "DiscoveryAuthMaterialString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[0-9A-Za-z_\\-\\+=\\/:; ]+", + "sensitive":true + }, + "DiscoveryAuthMaterialType":{ + "type":"string", + "enum":["ZWAVE_INSTALL_CODE"] + }, + "DiscoveryFinishedAt":{"type":"timestamp"}, + "DiscoveryModification":{ + "type":"string", + "enum":[ + "DISCOVERED", + "UPDATED", + "NO_CHANGE" + ] + }, + "DiscoveryStartedAt":{"type":"timestamp"}, + "DiscoveryType":{ + "type":"string", + "enum":[ + "ZWAVE", + "ZIGBEE", + "CLOUD", + "CUSTOM" + ] + }, + "DisplayName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+" + }, + "DurationInMinutes":{ + "type":"integer", + "box":true, + "max":1430, + "min":1 + }, + "EncryptionType":{ + "type":"string", + "enum":[ + "MANAGED_INTEGRATIONS_DEFAULT_ENCRYPTION", + "CUSTOMER_KEY_ENCRYPTION" + ] + }, + "EndTime":{"type":"string"}, + "EndpointAddress":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[A-Za-z0-9._@-]+" + }, + "EndpointConfig":{ + "type":"structure", + "members":{ + "lambda":{ + "shape":"LambdaConfig", + "documentation":"

    The Lambda function configuration for the endpoint, used when the endpoint communicates through an AWS Lambda function.

    " + } + }, + "documentation":"

    The configuration details for an endpoint, which defines how to connect to and communicate with external services.

    " + }, + "EndpointId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[0-9a-zA-Z]+" + }, + "EndpointSemanticTag":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[0-9a-zA-Z._-]+" + }, + "EndpointType":{ + "type":"string", + "enum":["LAMBDA"] + }, + "ErrorMessage":{"type":"string"}, + "ErrorResourceId":{"type":"string"}, + "ErrorResourceType":{"type":"string"}, + "EventLogConfigurationListDefinition":{ + "type":"list", + "member":{"shape":"EventLogConfigurationSummary"} + }, + "EventLogConfigurationSummary":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The identifier of the event log configuration.

    " + }, + "ResourceType":{ + "shape":"SmartHomeResourceType", + "documentation":"

    The type of resource for the event log configuration.

    " + }, + "ResourceId":{ + "shape":"SmartHomeResourceId", + "documentation":"

    The identifier of the resource for the event log configuration.

    " + }, + "EventLogLevel":{ + "shape":"LogLevel", + "documentation":"

    The logging level for the event log configuration.

    " + } + }, + "documentation":"

    List of event log configurations.

    " + }, + "EventName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[/a-zA-Z0-9\\._ -]+" + }, + "EventType":{ + "type":"string", + "enum":[ + "DEVICE_COMMAND", + "DEVICE_COMMAND_REQUEST", + "DEVICE_DISCOVERY_STATUS", + "DEVICE_EVENT", + "DEVICE_LIFE_CYCLE", + "DEVICE_STATE", + "DEVICE_OTA", + "CONNECTOR_ASSOCIATION", + "ACCOUNT_ASSOCIATION", + "CONNECTOR_ERROR_REPORT" + ] + }, + "ExecutionNumber":{ + "type":"long", + "box":true + }, + "ExponentialRolloutRate":{ + "type":"structure", + "members":{ + "BaseRatePerMinute":{ + "shape":"BaseRatePerMinute", + "documentation":"

    The base rate per minute for the rollout of an over-the-air (OTA) task.

    " + }, + "IncrementFactor":{ + "shape":"IncrementFactor", + "documentation":"

    The incremental factor for increasing the rollout rate of an over-the-air (OTA) task.

    " + }, + "RateIncreaseCriteria":{ + "shape":"RolloutRateIncreaseCriteria", + "documentation":"

    The criteria for increasing the rollout rate of an over-the-air (OTA) task.

    " + } + }, + "documentation":"

    Structure representing exponential rate of rollout for an over-the-air (OTA) task.

    " + }, + "ExtrinsicSchemaId":{ + "type":"string", + "max":10, + "min":1, + "pattern":"0[xX][0-9a-fA-F]+$|^[0-9]+" + }, + "GetAccountAssociationRequest":{ + "type":"structure", + "required":["AccountAssociationId"], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association to retrieve.

    ", + "location":"uri", + "locationName":"AccountAssociationId" + } + } + }, + "GetAccountAssociationResponse":{ + "type":"structure", + "required":[ + "AccountAssociationId", + "AssociationState", + "OAuthAuthorizationUrl" + ], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the retrieved account association.

    " + }, + "AssociationState":{ + "shape":"AssociationState", + "documentation":"

    The current status state for the account association.

    " + }, + "ErrorMessage":{ + "shape":"AccountAssociationErrorMessage", + "documentation":"

    The error message explaining the current account association error.

    " + }, + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination associated with this account association.

    " + }, + "Name":{ + "shape":"AccountAssociationName", + "documentation":"

    The name of the account association.

    " + }, + "Description":{ + "shape":"AccountAssociationDescription", + "documentation":"

    The description of the account association.

    " + }, + "Arn":{ + "shape":"AccountAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the account association.

    " + }, + "OAuthAuthorizationUrl":{ + "shape":"OAuthAuthorizationUrl", + "documentation":"

    Third party IoT platform OAuth authorization server URL backed with all the required parameters to perform end-user authentication.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the account association.

    " + } + } + }, + "GetCloudConnectorRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the C2C connector.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetCloudConnectorResponse":{ + "type":"structure", + "required":[ + "Name", + "EndpointConfig" + ], + "members":{ + "Name":{ + "shape":"DisplayName", + "documentation":"

    The display name of the C2C connector.

    " + }, + "EndpointConfig":{ + "shape":"EndpointConfig", + "documentation":"

    The configuration details for the cloud connector endpoint, including connection parameters and authentication requirements.

    " + }, + "Description":{ + "shape":"CloudConnectorDescription", + "documentation":"

    A description of the C2C connector.

    " + }, + "EndpointType":{ + "shape":"EndpointType", + "documentation":"

    The type of endpoint used for the cloud connector, which defines how the connector communicates with external services.

    " + }, + "Id":{ + "shape":"CloudConnectorId", + "documentation":"

    The unique identifier of the cloud connector.

    " + }, + "Type":{ + "shape":"CloudConnectorType", + "documentation":"

    The type of cloud connector created.

    " + } + } + }, + "GetConnectorDestinationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the C2C connector destination.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetConnectorDestinationResponse":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"ConnectorDestinationName", + "documentation":"

    The display name of the connector destination.

    " + }, + "Description":{ + "shape":"ConnectorDestinationDescription", + "documentation":"

    A description of the connector destination.

    " + }, + "CloudConnectorId":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the C2C connector.

    " + }, + "Id":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The unique identifier of the connector destination.

    " + }, + "AuthType":{ + "shape":"AuthType", + "documentation":"

    The authentication type used for the connector destination, which determines how credentials and access are managed.

    " + }, + "AuthConfig":{ + "shape":"AuthConfig", + "documentation":"

    The authentication configuration details for the connector destination, including OAuth settings and other authentication parameters.

    " + }, + "SecretsManager":{ + "shape":"SecretsManager", + "documentation":"

    The AWS Secrets Manager configuration used to securely store and manage sensitive information for the connector destination.

    " + }, + "OAuthCompleteRedirectUrl":{ + "shape":"OAuthCompleteRedirectUrl", + "documentation":"

    The URL where users are redirected after completing the OAuth authorization process for the connector destination.

    " + } + } + }, + "GetCredentialLockerRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetCredentialLockerResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker.

    " + }, + "Arn":{ + "shape":"CredentialLockerArn", + "documentation":"

    The Amazon Resource Name (ARN) of the credential locker.

    " + }, + "Name":{ + "shape":"CredentialLockerName", + "documentation":"

    The name of the credential locker.

    " + }, + "CreatedAt":{ + "shape":"CredentialLockerCreatedAt", + "documentation":"

    The timestamp value of when the credential locker requset occurred.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the credential locker.

    " + } + } + }, + "GetCustomEndpointRequest":{ + "type":"structure", + "members":{ + } + }, + "GetCustomEndpointResponse":{ + "type":"structure", + "required":["EndpointAddress"], + "members":{ + "EndpointAddress":{ + "shape":"EndpointAddress", + "documentation":"

    The IoT managed integrations dedicated, custom endpoint for the device to route traffic through.

    " + } + } + }, + "GetDefaultEncryptionConfigurationRequest":{ + "type":"structure", + "members":{ + } + }, + "GetDefaultEncryptionConfigurationResponse":{ + "type":"structure", + "required":[ + "configurationStatus", + "encryptionType" + ], + "members":{ + "configurationStatus":{ + "shape":"ConfigurationStatus", + "documentation":"

    Provides the status of the default encryption configuration for an Amazon Web Services account.

    " + }, + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

    The type of encryption used for the encryption configuration.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Key Amazon Resource Name (ARN) of the AWS KMS key used for KMS encryption if you use KMS_BASED_ENCRYPTION.

    " + } + } + }, + "GetDestinationRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    ", + "location":"uri", + "locationName":"Name" + } + } + }, + "GetDestinationResponse":{ + "type":"structure", + "members":{ + "Description":{ + "shape":"DestinationDescription", + "documentation":"

    The description of the customer-managed destination.

    " + }, + "DeliveryDestinationArn":{ + "shape":"DeliveryDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the customer-managed destination.

    " + }, + "DeliveryDestinationType":{ + "shape":"DeliveryDestinationType", + "documentation":"

    The destination type for the customer-managed destination.

    " + }, + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    " + }, + "RoleArn":{ + "shape":"DeliveryDestinationRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the delivery destination role.

    " + }, + "CreatedAt":{ + "shape":"DestinationCreatedAt", + "documentation":"

    The timestamp value of when the destination creation requset occurred.

    " + }, + "UpdatedAt":{ + "shape":"DestinationUpdatedAt", + "documentation":"

    The timestamp value of when the destination update requset occurred.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the customer-managed destination.

    ", + "deprecated":true, + "deprecatedMessage":"Tags has been deprecated from this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "GetDeviceDiscoveryRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The id of the device discovery job request.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetDeviceDiscoveryResponse":{ + "type":"structure", + "required":[ + "Id", + "Arn", + "DiscoveryType", + "Status", + "StartedAt" + ], + "members":{ + "Id":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The id of the device discovery job request.

    " + }, + "Arn":{ + "shape":"DeviceDiscoveryArn", + "documentation":"

    The Amazon Resource Name (ARN) of the device discovery job request.

    " + }, + "DiscoveryType":{ + "shape":"DiscoveryType", + "documentation":"

    The discovery type supporting the type of device to be discovered in the device discovery job request.

    " + }, + "Status":{ + "shape":"DeviceDiscoveryStatus", + "documentation":"

    The status of the device discovery job request.

    " + }, + "StartedAt":{ + "shape":"DiscoveryStartedAt", + "documentation":"

    The timestamp value for the start time of the device discovery.

    " + }, + "ControllerId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the end-user's IoT hub.

    " + }, + "ConnectorAssociationId":{ + "shape":"ConnectorAssociationId", + "documentation":"

    The ID tracking the current discovery process for one connector association.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorAssociationId has been deprecated", + "deprecatedSince":"2025-06-25" + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association used for the device discovery.

    " + }, + "FinishedAt":{ + "shape":"DiscoveryFinishedAt", + "documentation":"

    The timestamp value for the completion time of the device discovery.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the device discovery request.

    ", + "deprecated":true, + "deprecatedMessage":"Tags have been deprecated from this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "GetEventLogConfigurationRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The identifier of the event log configuration.

    ", + "location":"uri", + "locationName":"Id" + } + } + }, + "GetEventLogConfigurationResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The identifier of the event log configuration.

    " + }, + "ResourceType":{ + "shape":"SmartHomeResourceType", + "documentation":"

    The type of resource for the event log configuration.

    " + }, + "ResourceId":{ + "shape":"SmartHomeResourceId", + "documentation":"

    The identifier of the resource for the event log configuration.

    " + }, + "EventLogLevel":{ + "shape":"LogLevel", + "documentation":"

    The logging level for the event log configuration.

    " + } + } + }, + "GetHubConfigurationRequest":{ + "type":"structure", + "members":{ + } + }, + "GetHubConfigurationResponse":{ + "type":"structure", + "members":{ + "HubTokenTimerExpirySettingInSeconds":{ + "shape":"HubTokenTimerExpirySettingInSeconds", + "documentation":"

    A user-defined integer value that represents the hub token timer expiry setting in seconds.

    " + }, + "UpdatedAt":{ + "shape":"HubConfigurationUpdatedAt", + "documentation":"

    The timestamp value of when the hub configuration was updated.

    " + } + } + }, + "GetManagedThingCapabilitiesRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the device.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedThingCapabilitiesResponse":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the device.

    " + }, + "Capabilities":{ + "shape":"Capabilities", + "documentation":"

    The capabilities of the device such as light bulb.

    " + }, + "CapabilityReport":{ + "shape":"CapabilityReport", + "documentation":"

    A report of the capabilities for the managed thing.

    " + } + } + }, + "GetManagedThingCertificateRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedThingCertificateResponse":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing.

    " + }, + "CertificatePem":{ + "shape":"CertificatePem", + "documentation":"

    The PEM-encoded certificate for the managed thing.

    " + } + } + }, + "GetManagedThingConnectivityDataRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of a managed thing.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedThingConnectivityDataResponse":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of a managed thing.

    " + }, + "Connected":{ + "shape":"ConnectivityStatus", + "documentation":"

    The connectivity status for a managed thing.

    " + }, + "Timestamp":{ + "shape":"ConnectivityTimestamp", + "documentation":"

    The timestamp value of when the connectivity status for a managed thing was last taken.

    " + }, + "DisconnectReason":{ + "shape":"DisconnectReasonValue", + "documentation":"

    The reason for the connectivity disconnect with the managed thing.

    " + } + } + }, + "GetManagedThingMetaDataRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The managed thing id.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedThingMetaDataResponse":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The managed thing id.

    " + }, + "MetaData":{ + "shape":"MetaData", + "documentation":"

    The metadata for the managed thing.

    " + } + } + }, + "GetManagedThingRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the managed thing.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetManagedThingResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the managed thing.

    " + }, + "Arn":{ + "shape":"ManagedThingArn", + "documentation":"

    The Amazon Resource Name (ARN) of the managed thing.

    " + }, + "Owner":{ + "shape":"Owner", + "documentation":"

    Owner of the device, usually an indication of whom the device belongs to. This value should not contain personal identifiable information.

    " + }, + "CredentialLockerId":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker for the managed thing.

    " + }, + "AdvertisedProductId":{ + "shape":"AdvertisedProductId", + "documentation":"

    The id of the advertised product.

    " + }, + "Role":{ + "shape":"Role", + "documentation":"

    The type of device used. This will be the Amazon Web Services hub controller, cloud device, or IoT device.

    " + }, + "ProvisioningStatus":{ + "shape":"ProvisioningStatus", + "documentation":"

    The provisioning status of the device in the provisioning workflow for onboarding to IoT managed integrations.

    " + }, + "Name":{ + "shape":"Name", + "documentation":"

    The name of the managed thing representing the physical device.

    " + }, + "Model":{ + "shape":"Model", + "documentation":"

    The model of the device.

    " + }, + "Brand":{ + "shape":"Brand", + "documentation":"

    The brand of the device.

    " + }, + "SerialNumber":{ + "shape":"SerialNumber", + "documentation":"

    The serial number of the device.

    " + }, + "UniversalProductCode":{ + "shape":"UniversalProductCode", + "documentation":"

    The universal product code (UPC) of the device model. The UPC is typically used in the United States of America and Canada.

    " + }, + "InternationalArticleNumber":{ + "shape":"InternationalArticleNumber", + "documentation":"

    The unique 13 digit number that identifies the managed thing.

    " + }, + "ConnectorPolicyId":{ + "shape":"ConnectorPolicyId", + "documentation":"

    The id of the connector policy.

    This parameter is used for cloud-to-cloud devices only.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorPolicyId is deprecated", + "deprecatedSince":"2025-06-25" + }, + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination associated with this managed thing.

    " + }, + "ConnectorDeviceId":{ + "shape":"ConnectorDeviceId", + "documentation":"

    The third-party device id as defined by the connector. This device id must not contain personal identifiable information (PII).

    This parameter is used for cloud-to-cloud devices only.

    " + }, + "DeviceSpecificKey":{ + "shape":"DeviceSpecificKey", + "documentation":"

    A Zwave device-specific key used during device activation.

    This parameter is used for Zwave devices only.

    " + }, + "MacAddress":{ + "shape":"MacAddress", + "documentation":"

    The media access control (MAC) address for the device represented by the managed thing.

    This parameter is used for Zigbee devices only.

    " + }, + "ParentControllerId":{ + "shape":"ParentControllerId", + "documentation":"

    Id of the controller device used for the discovery job.

    " + }, + "Classification":{ + "shape":"Classification", + "documentation":"

    The classification of the managed thing such as light bulb or thermostat.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the device creation request occurred.

    " + }, + "UpdatedAt":{ + "shape":"UpdatedAt", + "documentation":"

    The timestamp value of when the managed thing was last updated at.

    " + }, + "ActivatedAt":{ + "shape":"SetupAt", + "documentation":"

    The timestampe value of when the device was activated.

    " + }, + "HubNetworkMode":{ + "shape":"HubNetworkMode", + "documentation":"

    The network mode for the hub-connected device.

    " + }, + "MetaData":{ + "shape":"MetaData", + "documentation":"

    The metadata for the managed thing.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the managed thing.

    " + } + } + }, + "GetManagedThingStateRequest":{ + "type":"structure", + "required":["ManagedThingId"], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the device.

    ", + "location":"uri", + "locationName":"ManagedThingId" + } + } + }, + "GetManagedThingStateResponse":{ + "type":"structure", + "required":["Endpoints"], + "members":{ + "Endpoints":{ + "shape":"StateEndpoints", + "documentation":"

    The device endpoint.

    " + } + } + }, + "GetNotificationConfigurationRequest":{ + "type":"structure", + "required":["EventType"], + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    ", + "location":"uri", + "locationName":"EventType" + } + } + }, + "GetNotificationConfigurationResponse":{ + "type":"structure", + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    " + }, + "DestinationName":{ + "shape":"DestinationName", + "documentation":"

    The name of the destination for the notification configuration.

    " + }, + "CreatedAt":{ + "shape":"NotificationConfigurationCreatedAt", + "documentation":"

    The timestamp value of when the notification configuration was created.

    " + }, + "UpdatedAt":{ + "shape":"NotificationConfigurationUpdatedAt", + "documentation":"

    The timestamp value of when the notification configuration was last updated.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the notification configuration.

    ", + "deprecated":true, + "deprecatedMessage":"Tags has been deprecated for this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "GetOtaTaskConfigurationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The over-the-air (OTA) task configuration id.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetOtaTaskConfigurationResponse":{ + "type":"structure", + "members":{ + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The over-the-air (OTA) task configuration id.

    " + }, + "Name":{ + "shape":"OtaTaskConfigurationName", + "documentation":"

    The name of the over-the-air (OTA) task configuration.

    " + }, + "PushConfig":{ + "shape":"PushConfig", + "documentation":"

    Describes the type of configuration used for the over-the-air (OTA) task.

    " + }, + "Description":{ + "shape":"OtaDescription", + "documentation":"

    A description of the over-the-air (OTA) task configuration.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task configuration was created at.

    " + } + } + }, + "GetOtaTaskRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskId", + "documentation":"

    The over-the-air (OTA) task id.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetOtaTaskResponse":{ + "type":"structure", + "members":{ + "TaskId":{ + "shape":"OtaTaskId", + "documentation":"

    The id of the over-the-air (OTA) task.

    " + }, + "TaskArn":{ + "shape":"OtaTaskArn", + "documentation":"

    The Amazon Resource Name (ARN) of the over-the-air (OTA) task

    " + }, + "Description":{ + "shape":"OtaDescription", + "documentation":"

    The description of the over-the-air (OTA) task.

    " + }, + "S3Url":{ + "shape":"S3Url", + "documentation":"

    The URL to the Amazon S3 bucket where the over-the-air (OTA) task is stored.

    " + }, + "Protocol":{ + "shape":"OtaProtocol", + "documentation":"

    The connection protocol the over-the-air (OTA) task uses to update the device.

    " + }, + "OtaType":{ + "shape":"OtaType", + "documentation":"

    The frequency type for the over-the-air (OTA) task.

    " + }, + "OtaTargetQueryString":{ + "shape":"OtaTargetQueryString", + "documentation":"

    The query string to add things to the thing group.

    " + }, + "OtaMechanism":{ + "shape":"OtaMechanism", + "documentation":"

    The deployment mechanism for the over-the-air (OTA) task.

    " + }, + "Target":{ + "shape":"Target", + "documentation":"

    The device targeted for the over-the-air (OTA) task.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task was created.

    " + }, + "LastUpdatedAt":{ + "shape":"LastUpdatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task was last updated at.

    " + }, + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier for the over-the-air (OTA) task configuration.

    " + }, + "TaskProcessingDetails":{ + "shape":"TaskProcessingDetails", + "documentation":"

    The processing details of all over-the-air (OTA) tasks.

    " + }, + "OtaSchedulingConfig":{"shape":"OtaTaskSchedulingConfig"}, + "OtaTaskExecutionRetryConfig":{"shape":"OtaTaskExecutionRetryConfig"}, + "Status":{ + "shape":"OtaStatus", + "documentation":"

    The status of the over-the-air (OTA) task.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the over-the-air (OTA) task.

    " + } + } + }, + "GetProvisioningProfileRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ProvisioningProfileId", + "documentation":"

    The provisioning template the device uses for the provisioning process.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetProvisioningProfileResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ProvisioningProfileArn", + "documentation":"

    The Amazon Resource Name (ARN) of the provisioning template used in the provisioning profile.

    " + }, + "Name":{ + "shape":"ProvisioningProfileName", + "documentation":"

    The name of the provisioning template.

    " + }, + "ProvisioningType":{ + "shape":"ProvisioningType", + "documentation":"

    The type of provisioning workflow the device uses for onboarding to IoT managed integrations.

    " + }, + "Id":{ + "shape":"ProvisioningProfileId", + "documentation":"

    The provisioning profile id.

    " + }, + "ClaimCertificate":{ + "shape":"ClaimCertificate", + "documentation":"

    The id of the claim certificate.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the provisioning profile.

    " + } + } + }, + "GetRuntimeLogConfigurationRequest":{ + "type":"structure", + "required":["ManagedThingId"], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id for a managed thing.

    ", + "location":"uri", + "locationName":"ManagedThingId" + } + } + }, + "GetRuntimeLogConfigurationResponse":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id for a managed thing.

    " + }, + "RuntimeLogConfigurations":{ + "shape":"RuntimeLogConfigurations", + "documentation":"

    The runtime log configuration for a managed thing.

    " + } + } + }, + "GetSchemaVersionRequest":{ + "type":"structure", + "required":[ + "Type", + "SchemaVersionedId" + ], + "members":{ + "Type":{ + "shape":"SchemaVersionType", + "documentation":"

    The type of schema version.

    ", + "location":"uri", + "locationName":"Type" + }, + "SchemaVersionedId":{ + "shape":"SchemaVersionedId", + "documentation":"

    Schema id with a version specified. If the version is missing, it defaults to latest version.

    ", + "location":"uri", + "locationName":"SchemaVersionedId" + }, + "Format":{ + "shape":"SchemaVersionFormat", + "documentation":"

    The format of the schema version.

    ", + "location":"querystring", + "locationName":"Format" + } + } + }, + "GetSchemaVersionResponse":{ + "type":"structure", + "members":{ + "SchemaId":{ + "shape":"SchemaId", + "documentation":"

    The id of the schema version.

    " + }, + "Type":{ + "shape":"SchemaVersionType", + "documentation":"

    The type of schema version.

    " + }, + "Description":{ + "shape":"SchemaVersionDescription", + "documentation":"

    The description of the schema version.

    " + }, + "Namespace":{ + "shape":"SchemaVersionNamespaceName", + "documentation":"

    The name of the schema version.

    " + }, + "SemanticVersion":{ + "shape":"SchemaVersionVersion", + "documentation":"

    The schema version. If this is left blank, it defaults to the latest version.

    " + }, + "Visibility":{ + "shape":"SchemaVersionVisibility", + "documentation":"

    The visibility of the schema version.

    " + }, + "Schema":{ + "shape":"SchemaVersionSchema", + "documentation":"

    The schema of the schema version.

    " + } + } + }, + "HubConfigurationUpdatedAt":{"type":"timestamp"}, + "HubNetworkMode":{ + "type":"string", + "enum":[ + "STANDARD", + "NETWORK_WIDE_EXCLUSION" + ] + }, + "HubTokenTimerExpirySettingInSeconds":{ + "type":"long", + "box":true, + "min":1 + }, + "InProgressTimeoutInMinutes":{ + "type":"long", + "box":true, + "max":10080, + "min":1 + }, + "IncrementFactor":{ + "type":"double", + "box":true, + "max":5, + "min":1.1 + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalFailureException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    An unexpected error has occurred.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    Internal error from the service that indicates an unexpected error or that the service is unavailable.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "InternationalArticleNumber":{ + "type":"string", + "max":13, + "min":8, + "pattern":"[0-9]+", + "sensitive":true + }, + "InvalidRequestException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The request is not valid.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "IoTManagedIntegrationsResourceARN":{ + "type":"string", + "max":200, + "min":1, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:(managed-thing|provisioning-profile|ota-task|credential-locker|account-association)/[0-9a-zA-Z]+" + }, + "KmsKeyArn":{ + "type":"string", + "max":200, + "min":1, + "pattern":"arn:aws:kms:[0-9a-zA-Z-]+:[0-9]+:key/[0-9a-zA-Z-]+" + }, + "LambdaArn":{ + "type":"string", + "pattern":"(arn:aws:lambda:[0-9a-zA-Z-]+:[0-9]+:function:)?([a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?)" + }, + "LambdaConfig":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"LambdaArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Lambda function used as an endpoint.

    " + } + }, + "documentation":"

    Configuration details for an AWS Lambda function used as an endpoint for a cloud connector.

    " + }, + "LastUpdatedAt":{"type":"timestamp"}, + "LimitExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The request exceeds a service limit or quota. Adjust your request parameters and try again.

    ", + "error":{ + "httpStatusCode":410, + "senderFault":true + }, + "exception":true + }, + "ListAccountAssociationsRequest":{ + "type":"structure", + "members":{ + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination to filter account associations by.

    ", + "location":"querystring", + "locationName":"ConnectorDestinationId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of account associations to return in a single response.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListAccountAssociationsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"AccountAssociationListDefinition", + "documentation":"

    The list of account associations that match the specified criteria.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results when there are more account associations than can be returned in a single response.

    " + } + } + }, + "ListCloudConnectorsRequest":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"CloudConnectorType", + "documentation":"

    The type of cloud connectors to filter by when listing available connectors.

    ", + "location":"querystring", + "locationName":"Type" + }, + "LambdaArn":{ + "shape":"LambdaArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Lambda function to filter cloud connectors by.

    ", + "location":"querystring", + "locationName":"LambdaArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListCloudConnectorsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ConnectorList", + "documentation":"

    The list of connectors.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListConnectorDestinationsRequest":{ + "type":"structure", + "members":{ + "CloudConnectorId":{ + "shape":"CloudConnectorId", + "documentation":"

    The identifier of the cloud connector to filter connector destinations by.

    ", + "location":"querystring", + "locationName":"CloudConnectorId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of connector destinations to return in a single response.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListConnectorDestinationsResponse":{ + "type":"structure", + "members":{ + "ConnectorDestinationList":{ + "shape":"ConnectorDestinationListDefinition", + "documentation":"

    The list of connector destinations that match the specified criteria.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results when there are more connector destinations than can be returned in a single response.

    " + } + } + }, + "ListCredentialLockersRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListCredentialLockersResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"CredentialLockerListDefinition", + "documentation":"

    The list of credential lockers.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListDestinationsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListDestinationsResponse":{ + "type":"structure", + "members":{ + "DestinationList":{ + "shape":"DestinationListDefinition", + "documentation":"

    The list of destinations.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListDeviceDiscoveriesRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of device discovery jobs to return in a single response.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "TypeFilter":{ + "shape":"DiscoveryType", + "documentation":"

    The discovery type to filter device discovery jobs by.

    ", + "location":"querystring", + "locationName":"TypeFilter" + }, + "StatusFilter":{ + "shape":"DeviceDiscoveryStatus", + "documentation":"

    The status to filter device discovery jobs by.

    ", + "location":"querystring", + "locationName":"StatusFilter" + } + } + }, + "ListDeviceDiscoveriesResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"DeviceDiscoveryListDefinition", + "documentation":"

    The list of device discovery jobs that match the specified criteria.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results when there are more device discovery jobs than can be returned in a single response.

    " + } + } + }, + "ListDiscoveredDevicesRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The identifier of the device discovery job to list discovered devices for.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of discovered devices to return in a single response.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListDiscoveredDevicesResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"DiscoveredDeviceListDefinition", + "documentation":"

    The list of discovered devices that match the specified criteria.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results when there are more discovered devices than can be returned in a single response.

    " + } + } + }, + "ListEventLogConfigurationsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListEventLogConfigurationsResponse":{ + "type":"structure", + "members":{ + "EventLogConfigurationList":{ + "shape":"EventLogConfigurationListDefinition", + "documentation":"

    A list of each event log configuration and pertinent information.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListManagedThingAccountAssociationsRequest":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing to list account associations for.

    ", + "location":"querystring", + "locationName":"ManagedThingId" + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association to filter results by. When specified, only associations with this account association ID will be returned.

    ", + "location":"querystring", + "locationName":"AccountAssociationId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of account associations to return in a single response.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token used for pagination of results.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListManagedThingAccountAssociationsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ManagedThingAssociationList", + "documentation":"

    The list of managed thing associations that match the specified criteria, including the managed thing ID and account association ID for each association.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A token used for pagination of results when there are more account associations than can be returned in a single response.

    " + } + } + }, + "ListManagedThingSchemasRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The managed thing id.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "EndpointIdFilter":{ + "shape":"EndpointId", + "documentation":"

    Filter on an endpoint id.

    ", + "location":"querystring", + "locationName":"EndpointIdFilter" + }, + "CapabilityIdFilter":{ + "shape":"CapabilityId", + "documentation":"

    Filter on a capability id.

    ", + "location":"querystring", + "locationName":"CapabilityIdFilter" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListManagedThingSchemasResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ManagedThingSchemaListDefinition", + "documentation":"

    The list of managed thing schemas.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListManagedThingsRequest":{ + "type":"structure", + "members":{ + "OwnerFilter":{ + "shape":"Owner", + "documentation":"

    Filter on device owners when listing managed things.

    ", + "location":"querystring", + "locationName":"OwnerFilter" + }, + "CredentialLockerFilter":{ + "shape":"CredentialLockerId", + "documentation":"

    Filter on a credential locker for a managed thing.

    ", + "location":"querystring", + "locationName":"CredentialLockerFilter" + }, + "RoleFilter":{ + "shape":"Role", + "documentation":"

    Filter on the type of device used. This will be the Amazon Web Services hub controller, cloud device, or IoT device.

    ", + "location":"querystring", + "locationName":"RoleFilter" + }, + "ParentControllerIdentifierFilter":{ + "shape":"ParentControllerId", + "documentation":"

    Filter on a parent controller id for a managed thing.

    ", + "location":"querystring", + "locationName":"ParentControllerIdentifierFilter" + }, + "ConnectorPolicyIdFilter":{ + "shape":"ConnectorPolicyId", + "documentation":"

    Filter on a connector policy id for a managed thing.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorPolicyIdFilter is deprecated", + "deprecatedSince":"06-25-2025", + "location":"querystring", + "locationName":"ConnectorPolicyIdFilter" + }, + "ConnectorDestinationIdFilter":{ + "shape":"ConnectorDestinationId", + "documentation":"

    Filter managed things by the connector destination ID they are associated with.

    ", + "location":"querystring", + "locationName":"ConnectorDestinationIdFilter" + }, + "ConnectorDeviceIdFilter":{ + "shape":"ConnectorDeviceId", + "documentation":"

    Filter managed things by the connector device ID they are associated with. When specified, only managed things with this connector device ID will be returned.

    ", + "location":"querystring", + "locationName":"ConnectorDeviceIdFilter" + }, + "SerialNumberFilter":{ + "shape":"SerialNumber", + "documentation":"

    Filter on the serial number of the device.

    ", + "location":"querystring", + "locationName":"SerialNumberFilter" + }, + "ProvisioningStatusFilter":{ + "shape":"ProvisioningStatus", + "documentation":"

    Filter on the status of the device.

    ", + "location":"querystring", + "locationName":"ProvisioningStatusFilter" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListManagedThingsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ManagedThingListDefinition", + "documentation":"

    The list of managed things.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListNotificationConfigurationsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListNotificationConfigurationsResponse":{ + "type":"structure", + "members":{ + "NotificationConfigurationList":{ + "shape":"NotificationConfigurationListDefinition", + "documentation":"

    The list of notification configurations.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListOtaTaskConfigurationsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListOtaTaskConfigurationsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"OtaTaskConfigurationListDefinition", + "documentation":"

    The list of the over-the-air (OTA) task configurations.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListOtaTaskExecutionsRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskId", + "documentation":"

    The over-the-air (OTA) task id.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "NextToken":{ + "shape":"OtaNextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListOtaTaskExecutionsResponse":{ + "type":"structure", + "members":{ + "ExecutionSummaries":{ + "shape":"OtaTaskExecutionSummariesListDefinition", + "documentation":"

    A list of all of the over-the-air (OTA) task executions.

    " + }, + "NextToken":{ + "shape":"OtaNextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListOtaTasksRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"OtaNextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListOtaTasksResponse":{ + "type":"structure", + "members":{ + "Tasks":{ + "shape":"OtaTaskListDefinition", + "documentation":"

    A list of all of the over-the-air (OTA) tasks.

    " + }, + "NextToken":{ + "shape":"OtaNextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListProvisioningProfilesRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListProvisioningProfilesResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"ProvisioningProfileListDefinition", + "documentation":"

    The list of provisioning profiles.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListSchemaVersionsRequest":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"SchemaVersionType", + "documentation":"

    Filter on the type of schema version.

    ", + "location":"uri", + "locationName":"Type" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return at one time.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "SchemaId":{ + "shape":"SchemaId", + "documentation":"

    Filter on the id of the schema version.

    ", + "location":"querystring", + "locationName":"SchemaIdFilter" + }, + "Namespace":{ + "shape":"SchemaVersionNamespaceName", + "documentation":"

    Filter on the name of the schema version.

    ", + "location":"querystring", + "locationName":"NamespaceFilter" + }, + "Visibility":{ + "shape":"SchemaVersionVisibility", + "documentation":"

    The visibility of the schema version.

    ", + "location":"querystring", + "locationName":"VisibilityFilter" + }, + "SemanticVersion":{ + "shape":"SchemaVersionVersion", + "documentation":"

    The schema version. If this is left blank, it defaults to the latest version.

    ", + "location":"querystring", + "locationName":"SemanticVersionFilter" + } + } + }, + "ListSchemaVersionsResponse":{ + "type":"structure", + "members":{ + "Items":{ + "shape":"SchemaVersionList", + "documentation":"

    The list of schema versions.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that can be used to retrieve the next set of results.

    " + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"IoTManagedIntegrationsResourceARN", + "documentation":"

    The ARN of the resource for which to list tags.

    ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the resource.

    " + } + } + }, + "LocalStoreFileRotationMaxBytes":{ + "type":"integer", + "box":true + }, + "LocalStoreFileRotationMaxFiles":{ + "type":"integer", + "box":true + }, + "LocalStoreLocation":{"type":"string"}, + "LogConfigurationId":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[A-Za-z0-9]+" + }, + "LogLevel":{ + "type":"string", + "enum":[ + "DEBUG", + "ERROR", + "INFO", + "WARN" + ] + }, + "MacAddress":{ + "type":"string", + "max":128, + "min":1, + "sensitive":true + }, + "ManagedThingArn":{ + "type":"string", + "max":1011, + "min":32, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:managed-thing/([0-9a-zA-Z:_-])+" + }, + "ManagedThingAssociation":{ + "type":"structure", + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing in the association.

    " + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association in the association.

    " + } + }, + "documentation":"

    Structure representing an association between a managed thing and an account association, which connects a device to a third-party account.

    " + }, + "ManagedThingAssociationList":{ + "type":"list", + "member":{"shape":"ManagedThingAssociation"} + }, + "ManagedThingId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9:_-]*" + }, + "ManagedThingListDefinition":{ + "type":"list", + "member":{"shape":"ManagedThingSummary"} + }, + "ManagedThingSchemaListDefinition":{ + "type":"list", + "member":{"shape":"ManagedThingSchemaListItem"} + }, + "ManagedThingSchemaListItem":{ + "type":"structure", + "members":{ + "EndpointId":{ + "shape":"EndpointId", + "documentation":"

    The id of the endpoint for a managed thing.

    " + }, + "CapabilityId":{ + "shape":"CapabilityId", + "documentation":"

    The id of the capability for a managed thing.

    " + }, + "Schema":{ + "shape":"ValidationSchema", + "documentation":"

    The validation schema for one schema item associated with a managed thing.

    " + } + }, + "documentation":"

    Structure representing one schema item associated with a managed thing.

    " + }, + "ManagedThingSummary":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the device.

    " + }, + "Arn":{ + "shape":"ManagedThingArn", + "documentation":"

    The Amazon Resource Name (ARN) of the managed thing.

    " + }, + "AdvertisedProductId":{ + "shape":"AdvertisedProductId", + "documentation":"

    The id of the advertised product.

    " + }, + "Brand":{ + "shape":"Brand", + "documentation":"

    The brand of the device.

    " + }, + "Classification":{ + "shape":"Classification", + "documentation":"

    The classification of the managed thing such as light bulb or thermostat.

    " + }, + "ConnectorDeviceId":{ + "shape":"ConnectorDeviceId", + "documentation":"

    The third-party device id as defined by the connector. This device id must not contain personal identifiable information (PII).

    This parameter is used for cloud-to-cloud devices only.

    " + }, + "ConnectorPolicyId":{ + "shape":"ConnectorPolicyId", + "documentation":"

    The id of the connector policy.

    This parameter is used for cloud-to-cloud devices only.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorPolicyId has been deprecated", + "deprecatedSince":"06-25-2025" + }, + "ConnectorDestinationId":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The identifier of the connector destination associated with this managed thing, if applicable.

    " + }, + "Model":{ + "shape":"Model", + "documentation":"

    The model of the device.

    " + }, + "Name":{ + "shape":"Name", + "documentation":"

    The name of the managed thing representing the physical device.

    " + }, + "Owner":{ + "shape":"Owner", + "documentation":"

    Owner of the device, usually an indication of whom the device belongs to. This value should not contain personal identifiable information.

    " + }, + "CredentialLockerId":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential locker for the managed thing.

    " + }, + "ParentControllerId":{ + "shape":"ParentControllerId", + "documentation":"

    Id of the controller device used for the discovery job.

    " + }, + "ProvisioningStatus":{ + "shape":"ProvisioningStatus", + "documentation":"

    The provisioning status of the device in the provisioning workflow for onboarding to IoT managed integrations.

    " + }, + "Role":{ + "shape":"Role", + "documentation":"

    The type of device used. This will be the Amazon Web Services hub controller, cloud device, or IoT device.

    " + }, + "SerialNumber":{ + "shape":"SerialNumber", + "documentation":"

    The serial number of the device.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the device creation request occurred.

    " + }, + "UpdatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the managed thing was last updated at.

    " + }, + "ActivatedAt":{ + "shape":"SetupAt", + "documentation":"

    The timestampe value of when the managed thing was activated at.

    " + } + }, + "documentation":"

    Structure representing one managed thing.

    " + }, + "MatterAttributeId":{ + "type":"string", + "max":24, + "min":1, + "pattern":"0[xX][0-9a-fA-F]+$|^[0-9]+" + }, + "MatterAttributes":{ + "type":"structure", + "members":{ + }, + "document":true, + "sensitive":true + }, + "MatterCapabilityReport":{ + "type":"structure", + "required":[ + "version", + "endpoints" + ], + "members":{ + "version":{ + "shape":"CapabilityReportVersion", + "documentation":"

    The version of the capability report.

    " + }, + "nodeId":{ + "shape":"NodeId", + "documentation":"

    The numeric identifier of the node.

    " + }, + "endpoints":{ + "shape":"MatterCapabilityReportEndpoints", + "documentation":"

    The endpoints used in the capability report.

    " + } + }, + "documentation":"

    Matter based capability report.

    " + }, + "MatterCapabilityReportAttribute":{ + "type":"structure", + "members":{ + "id":{ + "shape":"MatterAttributeId", + "documentation":"

    The id of the Matter attribute.

    " + }, + "name":{ + "shape":"ActionName", + "documentation":"

    Name for the Amazon Web Services Matter capability report attribute.

    " + }, + "value":{ + "shape":"MatterCapabilityReportAttributeValue", + "documentation":"

    Value for the Amazon Web Services Matter capability report attribute.

    " + } + }, + "documentation":"

    Matter attribute used in capability report.

    " + }, + "MatterCapabilityReportAttributeValue":{ + "type":"structure", + "members":{ + }, + "document":true + }, + "MatterCapabilityReportAttributes":{ + "type":"list", + "member":{"shape":"MatterCapabilityReportAttribute"}, + "max":100, + "min":0 + }, + "MatterCapabilityReportCluster":{ + "type":"structure", + "required":[ + "id", + "revision" + ], + "members":{ + "id":{ + "shape":"ClusterId", + "documentation":"

    The id of the Amazon Web Services Matter capability report cluster.

    " + }, + "revision":{ + "shape":"MatterCapabilityReportClusterRevisionId", + "documentation":"

    The id of the revision for the Amazon Web Services Matter capability report.

    " + }, + "publicId":{ + "shape":"SchemaVersionedId", + "documentation":"

    The id of the schema version.

    " + }, + "name":{ + "shape":"CapabilityName", + "documentation":"

    The capability name used in the Amazon Web Services Matter capability report.

    " + }, + "specVersion":{ + "shape":"SpecVersion", + "documentation":"

    The spec version used in the Amazon Web Services Matter capability report.

    " + }, + "attributes":{ + "shape":"MatterCapabilityReportAttributes", + "documentation":"

    The attributes of the Amazon Web Services Matter capability report.

    " + }, + "commands":{ + "shape":"MatterCapabilityReportCommands", + "documentation":"

    The commands used with the Amazon Web Services Matter capability report.

    " + }, + "events":{ + "shape":"MatterCapabilityReportEvents", + "documentation":"

    The events used with the Amazon Web Services Matter capability report.

    " + }, + "featureMap":{ + "shape":"MatterCapabilityReportFeatureMap", + "documentation":"

    32 bit-map used to indicate which features a cluster supports.

    " + }, + "generatedCommands":{ + "shape":"MatterCapabilityReportGeneratedCommands", + "documentation":"

    Matter clusters used in capability report.

    " + }, + "fabricIndex":{ + "shape":"MatterCapabilityReportFabricIndex", + "documentation":"

    The fabric index for the Amazon Web Services Matter capability report.

    " + } + }, + "documentation":"

    Capability used in Matter capability report.

    " + }, + "MatterCapabilityReportClusterRevisionId":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "MatterCapabilityReportClusters":{ + "type":"list", + "member":{"shape":"MatterCapabilityReportCluster"}, + "max":50, + "min":0 + }, + "MatterCapabilityReportCommands":{ + "type":"list", + "member":{"shape":"MatterCommandId"}, + "max":100, + "min":0 + }, + "MatterCapabilityReportEndpoint":{ + "type":"structure", + "required":[ + "id", + "deviceTypes", + "clusters" + ], + "members":{ + "id":{ + "shape":"EndpointId", + "documentation":"

    The id of the Amazon Web Services Matter capability report endpoint.

    " + }, + "deviceTypes":{ + "shape":"DeviceTypes", + "documentation":"

    The type of device.

    " + }, + "clusters":{ + "shape":"MatterCapabilityReportClusters", + "documentation":"

    Matter clusters used in capability report.

    " + }, + "parts":{ + "shape":"MatterCapabilityReportEndpointParts", + "documentation":"

    Heirachy of child endpoints contained in the given endpoint.

    " + }, + "semanticTags":{ + "shape":"MatterCapabilityReportEndpointSemanticTags", + "documentation":"

    Semantic information related to endpoint.

    " + }, + "clientClusters":{ + "shape":"MatterCapabilityReportEndpointClientClusters", + "documentation":"

    Semantic information related to endpoint.

    " + } + }, + "documentation":"

    Matter endpoint used in capability report.

    " + }, + "MatterCapabilityReportEndpointClientClusters":{ + "type":"list", + "member":{"shape":"ClusterId"}, + "max":32, + "min":0 + }, + "MatterCapabilityReportEndpointParts":{ + "type":"list", + "member":{"shape":"EndpointId"}, + "max":32, + "min":0 + }, + "MatterCapabilityReportEndpointSemanticTags":{ + "type":"list", + "member":{"shape":"EndpointSemanticTag"}, + "max":32, + "min":0 + }, + "MatterCapabilityReportEndpoints":{ + "type":"list", + "member":{"shape":"MatterCapabilityReportEndpoint"}, + "max":50, + "min":0 + }, + "MatterCapabilityReportEvents":{ + "type":"list", + "member":{"shape":"MatterEventId"}, + "max":100, + "min":0 + }, + "MatterCapabilityReportFabricIndex":{ + "type":"integer", + "box":true, + "max":4096, + "min":0 + }, + "MatterCapabilityReportFeatureMap":{ + "type":"long", + "box":true, + "max":4294967295, + "min":0 + }, + "MatterCapabilityReportGeneratedCommands":{ + "type":"list", + "member":{"shape":"MatterCommandId"}, + "max":50, + "min":0 + }, + "MatterCluster":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ClusterId", + "documentation":"

    The cluster id.

    " + }, + "attributes":{ + "shape":"MatterAttributes", + "documentation":"

    The Matter attributes.

    " + }, + "commands":{ + "shape":"MatterCommands", + "documentation":"

    Describe the Matter commands with the Matter command identifier mapped to the command fields.

    " + }, + "events":{ + "shape":"MatterEvents", + "documentation":"

    Describe the Matter events with the Matter event identifier mapped to the event fields.

    " + } + }, + "documentation":"

    Describe a Matter cluster with an id, and the relevant attributes, commands, and events.

    " + }, + "MatterClusters":{ + "type":"list", + "member":{"shape":"MatterCluster"}, + "max":5, + "min":1 + }, + "MatterCommandId":{ + "type":"string", + "max":24, + "min":1, + "pattern":"0[xX][0-9a-fA-F]+$|^[0-9]+" + }, + "MatterCommands":{ + "type":"map", + "key":{"shape":"MatterCommandId"}, + "value":{"shape":"MatterFields"}, + "max":5, + "min":1 + }, + "MatterEndpoint":{ + "type":"structure", + "members":{ + "id":{ + "shape":"EndpointId", + "documentation":"

    The Matter endpoint id.

    " + }, + "clusters":{ + "shape":"MatterClusters", + "documentation":"

    A list of Matter clusters for a managed thing.

    " + } + }, + "documentation":"

    Structure describing a managed thing.

    " + }, + "MatterEventId":{ + "type":"string", + "max":24, + "min":1, + "pattern":"0[xX][0-9a-fA-F]+$|^[0-9]+" + }, + "MatterEvents":{ + "type":"map", + "key":{"shape":"MatterEventId"}, + "value":{"shape":"MatterFields"}, + "max":5, + "min":1 + }, + "MatterFields":{ + "type":"structure", + "members":{ + }, + "document":true, + "sensitive":true + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "MaximumPerMinute":{ + "type":"integer", + "box":true, + "min":1 + }, + "MetaData":{ + "type":"map", + "key":{"shape":"AttributeName"}, + "value":{"shape":"AttributeValue"}, + "max":50, + "min":1 + }, + "MinNumberOfExecutedThings":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "MinNumberOfRetries":{ + "type":"integer", + "box":true, + "max":10, + "min":0 + }, + "Model":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+", + "sensitive":true + }, + "Name":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\p{L}\\p{N} ._-]+" + }, + "NextToken":{ + "type":"string", + "max":65535, + "min":1, + "pattern":"[a-zA-Z0-9=_-]+" + }, + "NodeId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9=_.,@\\+\\-/]+" + }, + "NotificationConfigurationCreatedAt":{"type":"timestamp"}, + "NotificationConfigurationListDefinition":{ + "type":"list", + "member":{"shape":"NotificationConfigurationSummary"} + }, + "NotificationConfigurationSummary":{ + "type":"structure", + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    " + }, + "DestinationName":{ + "shape":"DestinationName", + "documentation":"

    The name of the destination for the notification configuration.

    " + } + }, + "documentation":"

    Structure describing a notification configuration.

    " + }, + "NotificationConfigurationUpdatedAt":{"type":"timestamp"}, + "NumberOfNotifiedThings":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "NumberOfSucceededThings":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "OAuthAuthorizationUrl":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"(https)://.*", + "sensitive":true + }, + "OAuthCompleteRedirectUrl":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"(http|https)://.*" + }, + "OAuthConfig":{ + "type":"structure", + "required":[ + "authUrl", + "tokenUrl", + "tokenEndpointAuthenticationScheme" + ], + "members":{ + "authUrl":{ + "shape":"AuthUrl", + "documentation":"

    The authorization URL for the OAuth service, where users are directed to authenticate and authorize access.

    " + }, + "tokenUrl":{ + "shape":"TokenUrl", + "documentation":"

    The token URL for the OAuth service, where authorization codes are exchanged for access tokens.

    " + }, + "scope":{ + "shape":"String", + "documentation":"

    The OAuth scopes requested during authorization, which define the permissions granted to the application.

    " + }, + "tokenEndpointAuthenticationScheme":{ + "shape":"TokenEndpointAuthenticationScheme", + "documentation":"

    The authentication scheme used when requesting tokens from the token endpoint.

    " + }, + "oAuthCompleteRedirectUrl":{ + "shape":"String", + "documentation":"

    The URL where users are redirected after completing the OAuth authorization process.

    " + }, + "proactiveRefreshTokenRenewal":{ + "shape":"ProactiveRefreshTokenRenewal", + "documentation":"

    Configuration for proactively refreshing OAuth tokens before they expire.

    " + } + }, + "documentation":"

    Configuration details for OAuth authentication with a third-party service.

    " + }, + "OAuthUpdate":{ + "type":"structure", + "members":{ + "oAuthCompleteRedirectUrl":{ + "shape":"String", + "documentation":"

    The updated URL where users are redirected after completing the OAuth authorization process.

    " + }, + "proactiveRefreshTokenRenewal":{ + "shape":"ProactiveRefreshTokenRenewal", + "documentation":"

    Updated configuration for proactively refreshing OAuth tokens before they expire.

    " + } + }, + "documentation":"

    Structure containing updated OAuth configuration settings.

    " + }, + "OtaDescription":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[0-9A-Za-z_\\- ]+" + }, + "OtaMechanism":{ + "type":"string", + "enum":["PUSH"] + }, + "OtaNextToken":{ + "type":"string", + "max":65535, + "min":1, + "pattern":"[a-zA-Z0-9=_+/-]+" + }, + "OtaProtocol":{ + "type":"string", + "enum":["HTTP"] + }, + "OtaStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "CANCELED", + "COMPLETED", + "DELETION_IN_PROGRESS", + "SCHEDULED" + ] + }, + "OtaTargetQueryString":{"type":"string"}, + "OtaTaskAbortConfig":{ + "type":"structure", + "members":{ + "AbortConfigCriteriaList":{ + "shape":"AbortConfigCriteriaList", + "documentation":"

    The list of criteria for the abort config.

    " + } + }, + "documentation":"

    Over-the-air (OTA) task abort config.

    " + }, + "OtaTaskArn":{ + "type":"string", + "max":1011, + "min":32, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:ota-task/[0-9a-zA-Z]+" + }, + "OtaTaskConfigurationId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9]*" + }, + "OtaTaskConfigurationListDefinition":{ + "type":"list", + "member":{"shape":"OtaTaskConfigurationSummary"} + }, + "OtaTaskConfigurationName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+", + "sensitive":true + }, + "OtaTaskConfigurationSummary":{ + "type":"structure", + "members":{ + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The id of the over-the-air (OTA) task configuration

    " + }, + "Name":{ + "shape":"OtaTaskConfigurationName", + "documentation":"

    The name of the over-the-air (OTA) task configuration.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task configuration was created at.

    " + } + }, + "documentation":"

    Structure representing one over-the-air (OTA) task configuration.

    " + }, + "OtaTaskExecutionRetryConfig":{ + "type":"structure", + "members":{ + "RetryConfigCriteria":{ + "shape":"RetryConfigCriteriaList", + "documentation":"

    The list of retry config criteria.

    " + } + }, + "documentation":"

    Over-the-air (OTA) task retry config.

    " + }, + "OtaTaskExecutionRolloutConfig":{ + "type":"structure", + "members":{ + "ExponentialRolloutRate":{ + "shape":"ExponentialRolloutRate", + "documentation":"

    Structure representing exponential rate of rollout for an over-the-air (OTA) task.

    " + }, + "MaximumPerMinute":{ + "shape":"MaximumPerMinute", + "documentation":"

    The maximum number of things that will be notified of a pending task, per minute.

    " + } + }, + "documentation":"

    Over-the-air (OTA) task rollout config.

    " + }, + "OtaTaskExecutionStatus":{ + "type":"string", + "enum":[ + "QUEUED", + "IN_PROGRESS", + "SUCCEEDED", + "FAILED", + "TIMED_OUT", + "REJECTED", + "REMOVED", + "CANCELED" + ] + }, + "OtaTaskExecutionSummaries":{ + "type":"structure", + "members":{ + "TaskExecutionSummary":{ + "shape":"OtaTaskExecutionSummary", + "documentation":"

    Structure representing one over-the-air (OTA) task execution summary

    " + }, + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of a managed thing.

    " + } + }, + "documentation":"

    Structure representing one execution summary.

    " + }, + "OtaTaskExecutionSummariesListDefinition":{ + "type":"list", + "member":{"shape":"OtaTaskExecutionSummaries"} + }, + "OtaTaskExecutionSummary":{ + "type":"structure", + "members":{ + "ExecutionNumber":{ + "shape":"ExecutionNumber", + "documentation":"

    The execution number of the over-the-air (OTA) task execution summary.

    " + }, + "LastUpdatedAt":{ + "shape":"LastUpdatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task execution summary was last updated.

    " + }, + "QueuedAt":{ + "shape":"QueuedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task execution summary is targeted to start.

    " + }, + "RetryAttempt":{ + "shape":"RetryAttempt", + "documentation":"

    The number of retry attempts for starting the over-the-air (OTA) task execution summary after a failed attempt.

    " + }, + "StartedAt":{ + "shape":"StartedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task execution summary started.

    " + }, + "Status":{ + "shape":"OtaTaskExecutionStatus", + "documentation":"

    The status of the over-the-air (OTA) task execution summary.

    " + } + }, + "documentation":"

    Structure representing one over-the-air (OTA) task execution summary.

    " + }, + "OtaTaskId":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[A-Za-z0-9]+" + }, + "OtaTaskListDefinition":{ + "type":"list", + "member":{"shape":"OtaTaskSummary"} + }, + "OtaTaskSchedulingConfig":{ + "type":"structure", + "members":{ + "EndBehavior":{ + "shape":"SchedulingConfigEndBehavior", + "documentation":"

    Specifies the end behavior for all task executions after a task reaches the selected endTime. If endTime is not selected when creating the task, then endBehavior does not apply.

    " + }, + "EndTime":{ + "shape":"EndTime", + "documentation":"

    The time an over-the-air (OTA) task will stop.

    " + }, + "MaintenanceWindows":{ + "shape":"ScheduleMaintenanceWindowList", + "documentation":"

    Maintenance window list for over-the-air (OTA) task scheduling config.

    " + }, + "StartTime":{ + "shape":"ScheduleStartTime", + "documentation":"

    The time an over-the-air (OTA) task will start.

    " + } + }, + "documentation":"

    Over-the-air (OTA) task scheduling config.

    " + }, + "OtaTaskSummary":{ + "type":"structure", + "members":{ + "TaskId":{ + "shape":"OtaTaskId", + "documentation":"

    The id of the over-the-air (OTA) task.

    " + }, + "TaskArn":{ + "shape":"OtaTaskArn", + "documentation":"

    The Amazon Resource Name (ARN) of the over-the-air (OTA) task.

    " + }, + "CreatedAt":{ + "shape":"CreatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task was created at.

    " + }, + "LastUpdatedAt":{ + "shape":"LastUpdatedAt", + "documentation":"

    The timestamp value of when the over-the-air (OTA) task was last updated at.

    " + }, + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier for the over-the-air (OTA) task configuration.

    " + }, + "Status":{ + "shape":"OtaStatus", + "documentation":"

    The status of the over-the-air (OTA) task summary.

    " + } + }, + "documentation":"

    Structure representing one over-the-air (OTA) task.

    " + }, + "OtaTaskTimeoutConfig":{ + "type":"structure", + "members":{ + "InProgressTimeoutInMinutes":{ + "shape":"InProgressTimeoutInMinutes", + "documentation":"

    Specifies the amount of time the device has to finish execution of this task. The timeout interval can be anywhere between 1 minute and 7 days.

    " + } + }, + "documentation":"

    Over-the-air (OTA) task timeout config.

    " + }, + "OtaType":{ + "type":"string", + "enum":[ + "ONE_TIME", + "CONTINUOUS" + ] + }, + "Owner":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9_.,@-]+", + "sensitive":true + }, + "ParentControllerId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9]+" + }, + "ProactiveRefreshTokenRenewal":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether proactive refresh token renewal is enabled.

    " + }, + "DaysBeforeRenewal":{ + "shape":"ProactiveRefreshTokenRenewalDaysBeforeRenewalInteger", + "documentation":"

    The days before token expiration when the system should attempt to renew the token, specified in days.

    " + } + }, + "documentation":"

    Configuration settings for proactively refreshing OAuth tokens before they expire.

    " + }, + "ProactiveRefreshTokenRenewalDaysBeforeRenewalInteger":{ + "type":"integer", + "box":true, + "min":30 + }, + "PropertyName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[/a-zA-Z0-9\\._ -]+" + }, + "ProvisioningProfileArn":{ + "type":"string", + "max":64, + "min":32, + "pattern":"arn:aws:iotmanagedintegrations:[0-9a-zA-Z-]+:[0-9]+:provisioning-profile/[0-9a-zA-Z]+" + }, + "ProvisioningProfileId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9-_]+" + }, + "ProvisioningProfileListDefinition":{ + "type":"list", + "member":{"shape":"ProvisioningProfileSummary"} + }, + "ProvisioningProfileName":{ + "type":"string", + "max":36, + "min":1, + "pattern":"[0-9A-Za-z_-]+" + }, + "ProvisioningProfileSummary":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"ProvisioningProfileName", + "documentation":"

    The name of the provisioning template.

    " + }, + "Id":{ + "shape":"ProvisioningProfileId", + "documentation":"

    The identifier of the provisioning profile.

    " + }, + "Arn":{ + "shape":"ProvisioningProfileArn", + "documentation":"

    The Amazon Resource Name (ARN) of the provisioning template used in the provisioning profile.

    " + }, + "ProvisioningType":{ + "shape":"ProvisioningType", + "documentation":"

    The type of provisioning workflow the device uses for onboarding to IoT managed integrations.

    " + } + }, + "documentation":"

    Structure describing a provisioning profile.

    " + }, + "ProvisioningStatus":{ + "type":"string", + "enum":[ + "UNASSOCIATED", + "PRE_ASSOCIATED", + "DISCOVERED", + "ACTIVATED", + "DELETION_FAILED", + "DELETE_IN_PROGRESS", + "ISOLATED", + "DELETED" + ] + }, + "ProvisioningType":{ + "type":"string", + "enum":[ + "FLEET_PROVISIONING", + "JITR" + ] + }, + "PushConfig":{ + "type":"structure", + "members":{ + "AbortConfig":{ + "shape":"OtaTaskAbortConfig", + "documentation":"

    Structure representing one abort config.

    " + }, + "RolloutConfig":{ + "shape":"OtaTaskExecutionRolloutConfig", + "documentation":"

    Structure representing one rollout config.

    " + }, + "TimeoutConfig":{ + "shape":"OtaTaskTimeoutConfig", + "documentation":"

    Structure representing one timeout config.

    " + } + }, + "documentation":"

    Structure representing a push config.

    " + }, + "PutDefaultEncryptionConfigurationRequest":{ + "type":"structure", + "required":["encryptionType"], + "members":{ + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

    The type of encryption used for the encryption configuration.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Key Amazon Resource Name (ARN) of the AWS KMS key used for KMS encryption if you use KMS_BASED_ENCRYPTION.

    " + } + } + }, + "PutDefaultEncryptionConfigurationResponse":{ + "type":"structure", + "required":[ + "configurationStatus", + "encryptionType" + ], + "members":{ + "configurationStatus":{ + "shape":"ConfigurationStatus", + "documentation":"

    Provides the status of the default encryption configuration for an Amazon Web Services account.

    " + }, + "encryptionType":{ + "shape":"EncryptionType", + "documentation":"

    The type of encryption used for the encryption configuration.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Key Amazon Resource Name (ARN) of the AWS KMS key used for KMS encryption if you use KMS_BASED_ENCRYPTION.

    " + } + } + }, + "PutHubConfigurationRequest":{ + "type":"structure", + "required":["HubTokenTimerExpirySettingInSeconds"], + "members":{ + "HubTokenTimerExpirySettingInSeconds":{ + "shape":"HubTokenTimerExpirySettingInSeconds", + "documentation":"

    A user-defined integer value that represents the hub token timer expiry setting in seconds.

    " + } + } + }, + "PutHubConfigurationResponse":{ + "type":"structure", + "members":{ + "HubTokenTimerExpirySettingInSeconds":{ + "shape":"HubTokenTimerExpirySettingInSeconds", + "documentation":"

    A user-defined integer value that represents the hub token timer expiry setting in seconds.

    " + } + } + }, + "PutRuntimeLogConfigurationRequest":{ + "type":"structure", + "required":[ + "ManagedThingId", + "RuntimeLogConfigurations" + ], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id for a managed thing.

    ", + "location":"uri", + "locationName":"ManagedThingId" + }, + "RuntimeLogConfigurations":{ + "shape":"RuntimeLogConfigurations", + "documentation":"

    The runtime log configuration for a managed thing.

    " + } + } + }, + "QueuedAt":{"type":"timestamp"}, + "RegisterAccountAssociationRequest":{ + "type":"structure", + "required":[ + "ManagedThingId", + "AccountAssociationId", + "DeviceDiscoveryId" + ], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing to register with the account association.

    " + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association to register with the managed thing.

    " + }, + "DeviceDiscoveryId":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The identifier of the device discovery job associated with this registration.

    " + } + } + }, + "RegisterAccountAssociationResponse":{ + "type":"structure", + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association that was registered.

    " + }, + "DeviceDiscoveryId":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The identifier of the device discovery job associated with this registration.

    " + }, + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The identifier of the managed thing that was registered with the account association.

    " + } + } + }, + "RegisterCustomEndpointRequest":{ + "type":"structure", + "members":{ + } + }, + "RegisterCustomEndpointResponse":{ + "type":"structure", + "required":["EndpointAddress"], + "members":{ + "EndpointAddress":{ + "shape":"EndpointAddress", + "documentation":"

    The IoT managed integrations dedicated, custom endpoint for the device to route traffic through.

    " + } + } + }, + "ResetRuntimeLogConfigurationRequest":{ + "type":"structure", + "required":["ManagedThingId"], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of a managed thing.

    ", + "location":"uri", + "locationName":"ManagedThingId" + } + } + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"}, + "ResourceId":{ + "shape":"ErrorResourceId", + "documentation":"

    Id of the affected resource

    " + }, + "ResourceType":{ + "shape":"ErrorResourceType", + "documentation":"

    Type of the affected resource

    " + } + }, + "documentation":"

    The specified resource does not exist.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "RetryAttempt":{ + "type":"integer", + "box":true + }, + "RetryConfigCriteria":{ + "type":"structure", + "members":{ + "FailureType":{ + "shape":"RetryCriteriaFailureType", + "documentation":"

    Over-the-air (OTA) retry criteria failure type.

    " + }, + "MinNumberOfRetries":{ + "shape":"MinNumberOfRetries", + "documentation":"

    The number of retries allowed for a failure type for the over-the-air (OTA) task.

    " + } + }, + "documentation":"

    Structure representing one retry config criteria.

    " + }, + "RetryConfigCriteriaList":{ + "type":"list", + "member":{"shape":"RetryConfigCriteria"} + }, + "RetryCriteriaFailureType":{ + "type":"string", + "enum":[ + "FAILED", + "TIMED_OUT", + "ALL" + ] + }, + "Role":{ + "type":"string", + "enum":[ + "CONTROLLER", + "DEVICE" + ] + }, + "RolloutRateIncreaseCriteria":{ + "type":"structure", + "members":{ + "numberOfNotifiedThings":{ + "shape":"NumberOfNotifiedThings", + "documentation":"

    The threshold for number of notified things that will initiate the increase in rate of rollout.

    " + }, + "numberOfSucceededThings":{ + "shape":"NumberOfSucceededThings", + "documentation":"

    The threshold for number of succeeded things that will initiate the increase in rate of rollout.

    " + } + }, + "documentation":"

    Structure representing rollout config criteria.

    " + }, + "RuntimeLogConfigurations":{ + "type":"structure", + "members":{ + "LogLevel":{ + "shape":"LogLevel", + "documentation":"

    The different log levels available for configuration.

    " + }, + "LogFlushLevel":{ + "shape":"LogLevel", + "documentation":"

    The different log levels available for configuration.

    " + }, + "LocalStoreLocation":{ + "shape":"LocalStoreLocation", + "documentation":"

    Configuration of where to store runtime logs in the device.

    " + }, + "LocalStoreFileRotationMaxFiles":{ + "shape":"LocalStoreFileRotationMaxFiles", + "documentation":"

    Configuration to set the maximum number of runtime log files that can be stored on the device before the oldest files are deleted or overwritten.

    " + }, + "LocalStoreFileRotationMaxBytes":{ + "shape":"LocalStoreFileRotationMaxBytes", + "documentation":"

    Configuration to set the maximum bytes of runtime logs that can be stored on the device before the oldest logs are deleted or overwritten.

    " + }, + "UploadLog":{ + "shape":"UploadLog", + "documentation":"

    Configuration to enable or disable uploading of runtime logs to the cloud.

    " + }, + "UploadPeriodMinutes":{ + "shape":"UploadPeriodMinutes", + "documentation":"

    Configuration to set the time interval in minutes between each batch of runtime logs that the device uploads to the cloud.

    " + }, + "DeleteLocalStoreAfterUpload":{ + "shape":"DeleteLocalStoreAfterUpload", + "documentation":"

    Configuration to enable or disable deleting of runtime logs in the device once uploaded to the cloud.

    " + } + }, + "documentation":"

    The different configurations for runtime logs.

    " + }, + "S3Url":{ + "type":"string", + "max":1000, + "min":1 + }, + "ScheduleMaintenanceWindow":{ + "type":"structure", + "members":{ + "DurationInMinutes":{ + "shape":"DurationInMinutes", + "documentation":"

    Displays the duration of the next maintenance window.

    " + }, + "StartTime":{ + "shape":"StartTime", + "documentation":"

    Displays the start time of the next maintenance window.

    " + } + }, + "documentation":"

    Structure representing scheduling maintenance window.

    " + }, + "ScheduleMaintenanceWindowList":{ + "type":"list", + "member":{"shape":"ScheduleMaintenanceWindow"} + }, + "ScheduleStartTime":{"type":"string"}, + "SchedulingConfigEndBehavior":{ + "type":"string", + "enum":[ + "STOP_ROLLOUT", + "CANCEL", + "FORCE_CANCEL" + ] + }, + "SchemaId":{ + "type":"string", + "max":128, + "min":3, + "pattern":"[a-zA-Z0-9.]+" + }, + "SchemaVersionDescription":{ + "type":"string", + "max":2048, + "min":10, + "pattern":"[a-zA-Z0-9.,/ -]+" + }, + "SchemaVersionFormat":{ + "type":"string", + "enum":[ + "AWS", + "ZCL", + "CONNECTOR" + ] + }, + "SchemaVersionList":{ + "type":"list", + "member":{"shape":"SchemaVersionListItem"} + }, + "SchemaVersionListItem":{ + "type":"structure", + "members":{ + "SchemaId":{ + "shape":"SchemaId", + "documentation":"

    The identifier of the schema version.

    " + }, + "Type":{ + "shape":"SchemaVersionType", + "documentation":"

    The type of schema version.

    " + }, + "Description":{ + "shape":"SchemaVersionDescription", + "documentation":"

    A description of the schema version.

    " + }, + "Namespace":{ + "shape":"SchemaVersionNamespaceName", + "documentation":"

    The name of the schema version.

    " + }, + "SemanticVersion":{ + "shape":"SchemaVersionVersion", + "documentation":"

    The schema version. If this is left blank, it defaults to the latest version.

    " + }, + "Visibility":{ + "shape":"SchemaVersionVisibility", + "documentation":"

    The visibility of the schema version.

    " + } + }, + "documentation":"

    List item describing a schema version.

    " + }, + "SchemaVersionNamespaceName":{ + "type":"string", + "max":12, + "min":3, + "pattern":"[a-z0-9]+" + }, + "SchemaVersionSchema":{ + "type":"structure", + "members":{ + }, + "document":true + }, + "SchemaVersionType":{ + "type":"string", + "enum":[ + "capability", + "definition" + ] + }, + "SchemaVersionVersion":{ + "type":"string", + "max":12, + "min":3, + "pattern":"(\\d+\\.\\d+(\\.\\d+)?|\\$latest)" + }, + "SchemaVersionVisibility":{ + "type":"string", + "enum":[ + "PUBLIC", + "PRIVATE" + ] + }, + "SchemaVersionedId":{ + "type":"string", + "max":128, + "min":7, + "pattern":"[a-zA-Z0-9.]+@(\\d+\\.\\d+(\\.\\d+)?|\\$latest)" + }, + "SecretsManager":{ + "type":"structure", + "required":[ + "arn", + "versionId" + ], + "members":{ + "arn":{ + "shape":"SecretsManagerArn", + "documentation":"

    The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.

    " + }, + "versionId":{ + "shape":"SecretsManagerVersionId", + "documentation":"

    The version ID of the AWS Secrets Manager secret.

    " + } + }, + "documentation":"

    Configuration for AWS Secrets Manager, used to securely store and manage sensitive information for connector destinations.

    " + }, + "SecretsManagerArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws:secretsmanager:[0-9a-zA-Z-]{1,32}:\\d{12}:secret:[A-Za-z0-9/_+=.@-]{8,520}" + }, + "SecretsManagerVersionId":{ + "type":"string", + "max":64, + "min":32, + "pattern":"[a-zA-Z0-9-_]+" + }, + "SendConnectorEventRequest":{ + "type":"structure", + "required":[ + "ConnectorId", + "Operation" + ], + "members":{ + "ConnectorId":{ + "shape":"ConnectorId", + "documentation":"

    The id of the connector between the third-party cloud provider and IoT managed integrations.

    ", + "location":"uri", + "locationName":"ConnectorId" + }, + "UserId":{ + "shape":"ThirdPartyUserId", + "documentation":"

    The id of the third-party cloud provider.

    " + }, + "Operation":{ + "shape":"ConnectorEventOperation", + "documentation":"

    The Open Connectivity Foundation (OCF) operation requested to be performed on the managed thing.

    The field op can have a value of \"I\" or \"U\". The field \"cn\" will contain the capability types.

    " + }, + "OperationVersion":{ + "shape":"ConnectorEventOperationVersion", + "documentation":"

    The Open Connectivity Foundation (OCF) security specification version for the operation being requested on the managed thing. For more information, see OCF Security Specification.

    " + }, + "StatusCode":{ + "shape":"ConnectorEventStatusCode", + "documentation":"

    The status code of the Open Connectivity Foundation (OCF) operation being performed on the managed thing.

    " + }, + "Message":{ + "shape":"ConnectorEventMessage", + "documentation":"

    The device state change event payload.

    This parameter will include the following three fields:

    • uri: schema auc://<PARTNER-DEVICE-ID>/ResourcePath (The Resourcepath corresponds to an OCF resource.)

    • op: For device state changes, this field must populate as n+d.

    • cn: The content depends on the OCF resource referenced in ResourcePath.

    " + }, + "DeviceDiscoveryId":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The id for the device discovery job.

    " + }, + "ConnectorDeviceId":{ + "shape":"ConnectorDeviceId", + "documentation":"

    The third-party device id as defined by the connector. This device id must not contain personal identifiable information (PII).

    This parameter is used for cloud-to-cloud devices only.

    " + }, + "TraceId":{ + "shape":"TraceId", + "documentation":"

    The trace request identifier. This is generated by IoT managed integrations and can be used to trace this command and its related operations in CloudWatch.

    " + }, + "Devices":{ + "shape":"Devices", + "documentation":"

    The list of devices.

    " + }, + "MatterEndpoint":{ + "shape":"MatterEndpoint", + "documentation":"

    The device endpoint.

    " + } + } + }, + "SendConnectorEventResponse":{ + "type":"structure", + "required":["ConnectorId"], + "members":{ + "ConnectorId":{ + "shape":"ConnectorId", + "documentation":"

    The id of the connector between the third-party cloud provider and IoT managed integrations.

    " + } + } + }, + "SendManagedThingCommandRequest":{ + "type":"structure", + "required":[ + "ManagedThingId", + "Endpoints" + ], + "members":{ + "ManagedThingId":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the device.

    ", + "location":"uri", + "locationName":"ManagedThingId" + }, + "Endpoints":{ + "shape":"CommandEndpoints", + "documentation":"

    The device endpoint.

    " + }, + "ConnectorAssociationId":{ + "shape":"ConnectorAssociationId", + "documentation":"

    The ID tracking the current discovery process for one connector association.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorAssociationId has been deprecated", + "deprecatedSince":"06-25-2025" + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the account association to use when sending a command to a managed thing.

    " + } + } + }, + "SendManagedThingCommandResponse":{ + "type":"structure", + "members":{ + "TraceId":{ + "shape":"TraceId", + "documentation":"

    The trace request identifier. This is generated by IoT managed integrations and can be used to trace this command and its related operations in CloudWatch.

    " + } + } + }, + "SerialNumber":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ ]+", + "sensitive":true + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The service quota has been exceeded for this request.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "ServiceUnavailableException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The service is temporarily unavailable.

    ", + "error":{"httpStatusCode":503}, + "exception":true, + "fault":true + }, + "SetupAt":{"type":"timestamp"}, + "SmartHomeResourceId":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[a-zA-Z0-9+*]*" + }, + "SmartHomeResourceType":{ + "type":"string", + "pattern":"[*]$|^(managed-thing|credential-locker|provisioning-profile|ota-task|account-association)" + }, + "SpecVersion":{ + "type":"string", + "max":64, + "min":1, + "pattern":"\\d+\\.\\d+" + }, + "StartAccountAssociationRefreshRequest":{ + "type":"structure", + "required":["AccountAssociationId"], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association to refresh.

    ", + "location":"uri", + "locationName":"AccountAssociationId" + } + } + }, + "StartAccountAssociationRefreshResponse":{ + "type":"structure", + "required":["OAuthAuthorizationUrl"], + "members":{ + "OAuthAuthorizationUrl":{ + "shape":"OAuthAuthorizationUrl", + "documentation":"

    Third-party IoT platform OAuth authorization server URL with all required parameters to perform end-user authentication during the refresh process.

    " + } + } + }, + "StartDeviceDiscoveryRequest":{ + "type":"structure", + "required":["DiscoveryType"], + "members":{ + "DiscoveryType":{ + "shape":"DiscoveryType", + "documentation":"

    The discovery type supporting the type of device to be discovered in the device discovery task request.

    " + }, + "CustomProtocolDetail":{ + "shape":"CustomProtocolDetail", + "documentation":"

    Additional protocol-specific details required for device discovery, which vary based on the discovery type.

    For a DiscoveryType of CUSTOM, the string-to-string map must have a key value of Name set to a non-empty-string.

    " + }, + "ControllerIdentifier":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the end-user's IoT hub.

    " + }, + "ConnectorAssociationIdentifier":{ + "shape":"ConnectorAssociationId", + "documentation":"

    The id of the connector association.

    ", + "deprecated":true, + "deprecatedMessage":"ConnectorAssociationIdentifier is deprecated", + "deprecatedSince":"06-25-2025" + }, + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The identifier of the cloud-to-cloud account association to use for discovery of third-party devices.

    " + }, + "AuthenticationMaterial":{ + "shape":"DiscoveryAuthMaterialString", + "documentation":"

    The authentication material required to start the local device discovery job request.

    " + }, + "AuthenticationMaterialType":{ + "shape":"DiscoveryAuthMaterialType", + "documentation":"

    The type of authentication material used for device discovery jobs.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.

    " + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the device discovery request.

    ", + "deprecated":true, + "deprecatedMessage":"Tags have been deprecated from this api", + "deprecatedSince":"06-25-2025" + } + } + }, + "StartDeviceDiscoveryResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"DeviceDiscoveryId", + "documentation":"

    The id of the device discovery job request.

    " + }, + "StartedAt":{ + "shape":"DiscoveryStartedAt", + "documentation":"

    The timestamp value for the start time of the device discovery.

    " + } + } + }, + "StartTime":{"type":"string"}, + "StartedAt":{"type":"timestamp"}, + "StateCapabilities":{ + "type":"list", + "member":{"shape":"StateCapability"}, + "max":5, + "min":1 + }, + "StateCapability":{ + "type":"structure", + "required":[ + "id", + "name", + "version" + ], + "members":{ + "id":{ + "shape":"SchemaVersionedId", + "documentation":"

    The id of the managed thing in the capability report.

    " + }, + "name":{ + "shape":"CapabilityName", + "documentation":"

    Name for the Amazon Web Services capability.

    " + }, + "version":{ + "shape":"CapabilityVersion", + "documentation":"

    Version for the Amazon Web Services capability.

    " + }, + "properties":{ + "shape":"CapabilityProperties", + "documentation":"

    Describe the command capability with the properties it supports.

    " + } + }, + "documentation":"

    State capabilities added for the managed thing.

    " + }, + "StateEndpoint":{ + "type":"structure", + "required":[ + "endpointId", + "capabilities" + ], + "members":{ + "endpointId":{ + "shape":"EndpointId", + "documentation":"

    Numeric identifier of the endpoint

    " + }, + "capabilities":{ + "shape":"StateCapabilities", + "documentation":"

    Describe the endpoint with an id, a name, and the relevant capabilities for the reporting state.

    " + } + }, + "documentation":"

    Describe the endpoint with an Id, a name, and the relevant capabilities for reporting state

    " + }, + "StateEndpoints":{ + "type":"list", + "member":{"shape":"StateEndpoint"}, + "max":5, + "min":0 + }, + "String":{"type":"string"}, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{ + "shape":"IoTManagedIntegrationsResourceARN", + "documentation":"

    The ARN of the resource to which to add tags.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Tags":{ + "shape":"TagsMap", + "documentation":"

    A set of key/value pairs that are used to manage the resource

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "TagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":50, + "min":1, + "sensitive":true + }, + "Target":{ + "type":"list", + "member":{"shape":"String"} + }, + "TaskProcessingDetails":{ + "type":"structure", + "members":{ + "NumberOfCanceledThings":{ + "shape":"Integer", + "documentation":"

    The number of canceled things in an over-the-air (OTA) task.

    " + }, + "NumberOfFailedThings":{ + "shape":"Integer", + "documentation":"

    The number of failed things in an over-the-air (OTA) task.

    " + }, + "NumberOfInProgressThings":{ + "shape":"Integer", + "documentation":"

    The number of in progress things in an over-the-air (OTA) task.

    " + }, + "numberOfQueuedThings":{ + "shape":"Integer", + "documentation":"

    The number of queued things in an over-the-air (OTA) task.

    " + }, + "numberOfRejectedThings":{ + "shape":"Integer", + "documentation":"

    The number of rejected things in an over-the-air (OTA) task.

    " + }, + "numberOfRemovedThings":{ + "shape":"Integer", + "documentation":"

    The number of removed things in an over-the-air (OTA) task.

    " + }, + "numberOfSucceededThings":{ + "shape":"Integer", + "documentation":"

    The number of succeeded things in an over-the-air (OTA) task.

    " + }, + "numberOfTimedOutThings":{ + "shape":"Integer", + "documentation":"

    The number of timed out things in an over-the-air (OTA) task.

    " + }, + "processingTargets":{ + "shape":"Target", + "documentation":"

    The targets of the over-the-air (OTA) task.

    " + } + }, + "documentation":"

    Details about the over-the-air (OTA) task process.

    " + }, + "ThirdPartyUserId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z0-9_.,@-]+", + "sensitive":true + }, + "ThresholdPercentage":{ + "type":"double", + "box":true, + "max":100 + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The rate exceeds the limit.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "TokenEndpointAuthenticationScheme":{ + "type":"string", + "enum":[ + "HTTP_BASIC", + "REQUEST_BODY_CREDENTIALS" + ] + }, + "TokenUrl":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"https?:\\/\\/(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}([-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)" + }, + "TraceId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9:=_-]+" + }, + "UnauthorizedException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    You are not authorized to perform this operation.

    ", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, + "UniversalProductCode":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]+", + "sensitive":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"IoTManagedIntegrationsResourceARN", + "documentation":"

    The ARN of the resource to which to add tags.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    A list of tag keys to remove from the resource.

    ", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateAccountAssociationRequest":{ + "type":"structure", + "required":["AccountAssociationId"], + "members":{ + "AccountAssociationId":{ + "shape":"AccountAssociationId", + "documentation":"

    The unique identifier of the account association to update.

    ", + "location":"uri", + "locationName":"AccountAssociationId" + }, + "Name":{ + "shape":"AccountAssociationName", + "documentation":"

    The new name to assign to the account association.

    " + }, + "Description":{ + "shape":"AccountAssociationDescription", + "documentation":"

    The new description to assign to the account association.

    " + } + } + }, + "UpdateCloudConnectorRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"CloudConnectorId", + "documentation":"

    The unique identifier of the cloud connector to update.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Name":{ + "shape":"DisplayName", + "documentation":"

    The new display name to assign to the cloud connector.

    " + }, + "Description":{ + "shape":"CloudConnectorDescription", + "documentation":"

    The new description to assign to the cloud connector.

    " + } + } + }, + "UpdateConnectorDestinationRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ConnectorDestinationId", + "documentation":"

    The unique identifier of the connector destination to update.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Description":{ + "shape":"ConnectorDestinationDescription", + "documentation":"

    The new description to assign to the connector destination.

    " + }, + "Name":{ + "shape":"ConnectorDestinationName", + "documentation":"

    The new display name to assign to the connector destination.

    " + }, + "AuthType":{ + "shape":"AuthType", + "documentation":"

    The new authentication type to use for the connector destination.

    " + }, + "AuthConfig":{ + "shape":"AuthConfigUpdate", + "documentation":"

    The updated authentication configuration details for the connector destination.

    " + }, + "SecretsManager":{ + "shape":"SecretsManager", + "documentation":"

    The updated AWS Secrets Manager configuration for the connector destination.

    " + } + } + }, + "UpdateDestinationRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"DestinationName", + "documentation":"

    The name of the customer-managed destination.

    ", + "location":"uri", + "locationName":"Name" + }, + "DeliveryDestinationArn":{ + "shape":"DeliveryDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the customer-managed destination.

    " + }, + "DeliveryDestinationType":{ + "shape":"DeliveryDestinationType", + "documentation":"

    The destination type for the customer-managed destination.

    " + }, + "RoleArn":{ + "shape":"DeliveryDestinationRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the delivery destination role.

    " + }, + "Description":{ + "shape":"DestinationDescription", + "documentation":"

    The description of the customer-managed destination.

    " + } + } + }, + "UpdateEventLogConfigurationRequest":{ + "type":"structure", + "required":[ + "Id", + "EventLogLevel" + ], + "members":{ + "Id":{ + "shape":"LogConfigurationId", + "documentation":"

    The log configuration id.

    ", + "location":"uri", + "locationName":"Id" + }, + "EventLogLevel":{ + "shape":"LogLevel", + "documentation":"

    The log level for the event in terms of severity.

    " + } + } + }, + "UpdateManagedThingRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"ManagedThingId", + "documentation":"

    The id of the managed thing.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Owner":{ + "shape":"Owner", + "documentation":"

    Owner of the device, usually an indication of whom the device belongs to. This value should not contain personal identifiable information.

    " + }, + "CredentialLockerId":{ + "shape":"CredentialLockerId", + "documentation":"

    The identifier of the credential for the managed thing.

    " + }, + "SerialNumber":{ + "shape":"SerialNumber", + "documentation":"

    The serial number of the device.

    " + }, + "Brand":{ + "shape":"Brand", + "documentation":"

    The brand of the device.

    " + }, + "Model":{ + "shape":"Model", + "documentation":"

    The model of the device.

    " + }, + "Name":{ + "shape":"Name", + "documentation":"

    The name of the managed thing representing the physical device.

    " + }, + "CapabilityReport":{ + "shape":"CapabilityReport", + "documentation":"

    A report of the capabilities for the managed thing.

    " + }, + "CapabilitySchemas":{ + "shape":"CapabilitySchemas", + "documentation":"

    The updated capability schemas that define the functionality and features supported by the managed thing.

    " + }, + "Capabilities":{ + "shape":"Capabilities", + "documentation":"

    The capabilities of the device such as light bulb.

    " + }, + "Classification":{ + "shape":"Classification", + "documentation":"

    The classification of the managed thing such as light bulb or thermostat.

    " + }, + "HubNetworkMode":{ + "shape":"HubNetworkMode", + "documentation":"

    The network mode for the hub-connected device.

    " + }, + "MetaData":{ + "shape":"MetaData", + "documentation":"

    The metadata for the managed thing.

    " + } + } + }, + "UpdateNotificationConfigurationRequest":{ + "type":"structure", + "required":[ + "EventType", + "DestinationName" + ], + "members":{ + "EventType":{ + "shape":"EventType", + "documentation":"

    The type of event triggering a device notification to the customer-managed destination.

    ", + "location":"uri", + "locationName":"EventType" + }, + "DestinationName":{ + "shape":"DestinationName", + "documentation":"

    The name of the destination for the notification configuration.

    " + } + } + }, + "UpdateOtaTaskRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"OtaTaskId", + "documentation":"

    The over-the-air (OTA) task id.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "Description":{ + "shape":"OtaDescription", + "documentation":"

    The description of the over-the-air (OTA) task.

    " + }, + "TaskConfigurationId":{ + "shape":"OtaTaskConfigurationId", + "documentation":"

    The identifier for the over-the-air (OTA) task configuration.

    " + } + } + }, + "UpdatedAt":{"type":"timestamp"}, + "UploadLog":{ + "type":"boolean", + "box":true + }, + "UploadPeriodMinutes":{ + "type":"integer", + "box":true + }, + "ValidationException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    A validation error occurred when performing the API request.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ValidationSchema":{ + "type":"structure", + "members":{ + }, + "document":true + } + }, + "documentation":"

    Managed integrations is a feature of AWS IoT Device Management that enables developers to quickly build innovative IoT solutions. Customers can use managed integrations to automate device setup workflows and support interoperability across many devices, regardless of device vendor or connectivity protocol. This allows developers to use a single user-interface to control, manage, and operate a range of devices.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/iotanalytics/2017-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotanalytics/2017-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotanalytics/2017-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotanalytics/2017-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/iotanalytics/2017-11-27/service-2.json 2.31.35-1/awscli/botocore/data/iotanalytics/2017-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/iotanalytics/2017-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotanalytics/2017-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2017-11-27", "endpointPrefix":"iotanalytics", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS IoT Analytics", "serviceId":"IoTAnalytics", "signatureVersion":"v4", "signingName":"iotanalytics", - "uid":"iotanalytics-2017-11-27" + "uid":"iotanalytics-2017-11-27", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchPutMessage":{ @@ -729,8 +731,7 @@ }, "CancelPipelineReprocessingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Channel":{ "type":"structure", @@ -1929,8 +1930,7 @@ }, "DescribeLoggingOptionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeLoggingOptionsResponse":{ "type":"structure", @@ -2237,8 +2237,7 @@ }, "JsonConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Contains the configuration information of the JSON format.

    " }, "LambdaActivity":{ @@ -3099,26 +3098,22 @@ }, "ServiceManagedChannelS3Storage":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Used to store channel data in an S3 bucket managed by IoT Analytics. You can't change the choice of S3 storage after the data store is created.

    " }, "ServiceManagedChannelS3StorageSummary":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Used to store channel data in an S3 bucket managed by IoT Analytics.

    " }, "ServiceManagedDatastoreS3Storage":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Used to store data in an Amazon S3 bucket managed by IoT Analytics. You can't change the choice of Amazon S3 storage after your data store is created.

    " }, "ServiceManagedDatastoreS3StorageSummary":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Contains information about the data store that is managed by IoT Analytics.

    " }, "ServiceUnavailableException":{ @@ -3248,8 +3243,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3324,8 +3318,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateChannelRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json 2.31.35-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json --- 2.23.6-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -306,8 +306,7 @@ }, "DeleteSuiteDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeviceUnderTest":{ "type":"structure", @@ -795,8 +794,7 @@ }, "StopSuiteRunResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String128":{ "type":"string", @@ -1018,8 +1016,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TestCaseDefinitionName":{"type":"string"}, "TestCaseRun":{ @@ -1168,8 +1165,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSuiteDefinitionRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/iotevents/2018-07-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotevents/2018-07-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotevents/2018-07-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotevents/2018-07-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotevents/2018-07-27/service-2.json 2.31.35-1/awscli/botocore/data/iotevents/2018-07-27/service-2.json --- 2.23.6-1/awscli/botocore/data/iotevents/2018-07-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotevents/2018-07-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2018-07-27", "endpointPrefix":"iotevents", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS IoT Events", "serviceId":"IoT Events", "signatureVersion":"v4", "signingName":"iotevents", - "uid":"iotevents-2018-07-27" + "uid":"iotevents-2018-07-27", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateAlarmModel":{ @@ -1051,8 +1053,7 @@ }, "DeleteAlarmModelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDetectorModelRequest":{ "type":"structure", @@ -1068,8 +1069,7 @@ }, "DeleteDetectorModelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInputRequest":{ "type":"structure", @@ -1085,8 +1085,7 @@ }, "DeleteInputResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeliveryStreamName":{"type":"string"}, "DescribeAlarmModelRequest":{ @@ -1243,8 +1242,7 @@ }, "DescribeLoggingOptionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeLoggingOptionsResponse":{ "type":"structure", @@ -2675,8 +2673,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2777,8 +2774,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAlarmModelRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/iotevents-data/2018-10-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotevents-data/2018-10-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotevents-data/2018-10-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotevents-data/2018-10-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/iotevents-data/2018-10-23/service-2.json 2.31.35-1/awscli/botocore/data/iotevents-data/2018-10-23/service-2.json --- 2.23.6-1/awscli/botocore/data/iotevents-data/2018-10-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotevents-data/2018-10-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2018-10-23", "endpointPrefix":"data.iotevents", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS IoT Events Data", "serviceId":"IoT Events Data", "signatureVersion":"v4", "signingName":"ioteventsdata", - "uid":"iotevents-data-2018-10-23" + "uid":"iotevents-data-2018-10-23", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchAcknowledgeAlarm":{ diff -pruN 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.fleethub.iot-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.fleethub.iot-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://api.fleethub.iot.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://api.fleethub.iot.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/paginators-1.json 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/paginators-1.json --- 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -{ - "pagination": { - "ListApplications": { - "input_token": "nextToken", - "output_token": "nextToken", - "result_key": "applicationSummaries" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/service-2.json 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/service-2.json --- 2.23.6-1/awscli/botocore/data/iotfleethub/2020-11-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotfleethub/2020-11-03/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,597 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2020-11-03", - "endpointPrefix":"api.fleethub.iot", - "jsonVersion":"1.1", - "protocol":"rest-json", - "serviceFullName":"AWS IoT Fleet Hub", - "serviceId":"IoTFleetHub", - "signatureVersion":"v4", - "signingName":"iotfleethub", - "uid":"iotfleethub-2020-11-03" - }, - "operations":{ - "CreateApplication":{ - "name":"CreateApplication", - "http":{ - "method":"POST", - "requestUri":"/applications", - "responseCode":201 - }, - "input":{"shape":"CreateApplicationRequest"}, - "output":{"shape":"CreateApplicationResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalFailureException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"} - ], - "documentation":"

    Creates a Fleet Hub for IoT Device Management web application.

    When creating a Fleet Hub application, you must create an organization instance of IAM Identity Center if you don't already have one. The Fleet Hub application you create must also be in the same Amazon Web Services Region of the organization instance of IAM Identity Center. For more information see Enabling IAM Identity Center and Organization instances of IAM Identity Center.

    " - }, - "DeleteApplication":{ - "name":"DeleteApplication", - "http":{ - "method":"DELETE", - "requestUri":"/applications/{applicationId}", - "responseCode":204 - }, - "input":{"shape":"DeleteApplicationRequest"}, - "output":{"shape":"DeleteApplicationResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalFailureException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Deletes a Fleet Hub for IoT Device Management web application.

    " - }, - "DescribeApplication":{ - "name":"DescribeApplication", - "http":{ - "method":"GET", - "requestUri":"/applications/{applicationId}", - "responseCode":200 - }, - "input":{"shape":"DescribeApplicationRequest"}, - "output":{"shape":"DescribeApplicationResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalFailureException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Gets information about a Fleet Hub for IoT Device Management web application.

    " - }, - "ListApplications":{ - "name":"ListApplications", - "http":{ - "method":"GET", - "requestUri":"/applications", - "responseCode":200 - }, - "input":{"shape":"ListApplicationsRequest"}, - "output":{"shape":"ListApplicationsResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"InternalFailureException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Gets a list of Fleet Hub for IoT Device Management web applications for the current account.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"InternalFailureException"}, - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Lists the tags for the specified resource.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"InternalFailureException"}, - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Adds to or modifies the tags of the specified resource. Tags are metadata which can be used to manage a resource.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"InternalFailureException"}, - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Removes the specified tags (metadata) from the resource.

    " - }, - "UpdateApplication":{ - "name":"UpdateApplication", - "http":{ - "method":"PATCH", - "requestUri":"/applications/{applicationId}", - "responseCode":202 - }, - "input":{"shape":"UpdateApplicationRequest"}, - "output":{"shape":"UpdateApplicationResponse"}, - "errors":[ - {"shape":"InvalidRequestException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalFailureException"}, - {"shape":"ConflictException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Updates information about a Fleet Hub for IoT Device Management web application.

    " - } - }, - "shapes":{ - "ApplicationState":{ - "type":"string", - "enum":[ - "CREATING", - "DELETING", - "ACTIVE", - "CREATE_FAILED", - "DELETE_FAILED" - ] - }, - "ApplicationSummaries":{ - "type":"list", - "member":{"shape":"ApplicationSummary"} - }, - "ApplicationSummary":{ - "type":"structure", - "required":[ - "applicationId", - "applicationName", - "applicationUrl" - ], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    " - }, - "applicationName":{ - "shape":"Name", - "documentation":"

    The name of the web application.

    " - }, - "applicationDescription":{ - "shape":"Description", - "documentation":"

    An optional description of the web application.

    " - }, - "applicationUrl":{ - "shape":"Url", - "documentation":"

    The URL of the web application.

    " - }, - "applicationCreationDate":{ - "shape":"Timestamp", - "documentation":"

    The date (in Unix epoch time) when the web application was created.

    " - }, - "applicationLastUpdateDate":{ - "shape":"Timestamp", - "documentation":"

    The date (in Unix epoch time) when the web application was last updated.

    " - }, - "applicationState":{ - "shape":"ApplicationState", - "documentation":"

    The current state of the web application.

    " - } - }, - "documentation":"

    A summary of information about a Fleet Hub for IoT Device Management web application.

    " - }, - "Arn":{ - "type":"string", - "max":1600, - "min":1, - "pattern":"^arn:[!-~]+$" - }, - "ClientRequestToken":{ - "type":"string", - "max":64, - "min":1, - "pattern":"^[a-zA-Z0-9-_]+$" - }, - "ConflictException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The request conflicts with the current state of the resource.

    ", - "error":{"httpStatusCode":409}, - "exception":true - }, - "CreateApplicationRequest":{ - "type":"structure", - "required":[ - "applicationName", - "roleArn" - ], - "members":{ - "applicationName":{ - "shape":"Name", - "documentation":"

    The name of the web application.

    " - }, - "applicationDescription":{ - "shape":"Description", - "documentation":"

    An optional description of the web application.

    " - }, - "clientToken":{ - "shape":"ClientRequestToken", - "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", - "idempotencyToken":true - }, - "roleArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the role that the web application assumes when it interacts with Amazon Web Services IoT Core.

    The name of the role must be in the form AWSIotFleetHub_random_string .

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A set of key/value pairs that you can use to manage the web application resource.

    " - } - } - }, - "CreateApplicationResponse":{ - "type":"structure", - "required":[ - "applicationId", - "applicationArn" - ], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    " - }, - "applicationArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the web application.

    " - } - } - }, - "DeleteApplicationRequest":{ - "type":"structure", - "required":["applicationId"], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    ", - "location":"uri", - "locationName":"applicationId" - }, - "clientToken":{ - "shape":"ClientRequestToken", - "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", - "idempotencyToken":true, - "location":"querystring", - "locationName":"clientToken" - } - } - }, - "DeleteApplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "DescribeApplicationRequest":{ - "type":"structure", - "required":["applicationId"], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    ", - "location":"uri", - "locationName":"applicationId" - } - } - }, - "DescribeApplicationResponse":{ - "type":"structure", - "required":[ - "applicationId", - "applicationArn", - "applicationName", - "applicationUrl", - "applicationState", - "applicationCreationDate", - "applicationLastUpdateDate", - "roleArn" - ], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    " - }, - "applicationArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the web application.

    " - }, - "applicationName":{ - "shape":"Name", - "documentation":"

    The name of the web application.

    " - }, - "applicationDescription":{ - "shape":"Description", - "documentation":"

    An optional description of the web application.

    " - }, - "applicationUrl":{ - "shape":"Url", - "documentation":"

    The URL of the web application.

    " - }, - "applicationState":{ - "shape":"ApplicationState", - "documentation":"

    The current state of the web application.

    " - }, - "applicationCreationDate":{ - "shape":"Timestamp", - "documentation":"

    The date (in Unix epoch time) when the application was created.

    " - }, - "applicationLastUpdateDate":{ - "shape":"Timestamp", - "documentation":"

    The date (in Unix epoch time) when the application was last updated.

    " - }, - "roleArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the role that the web application assumes when it interacts with Amazon Web Services IoT Core.

    " - }, - "ssoClientId":{ - "shape":"SsoClientId", - "documentation":"

    The Id of the single sign-on client that you use to authenticate and authorize users on the web application.

    " - }, - "errorMessage":{ - "shape":"ErrorMessage", - "documentation":"

    A message that explains any failures included in the applicationState response field. This message explains failures in the CreateApplication and DeleteApplication actions.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A set of key/value pairs that you can use to manage the web application resource.

    " - } - } - }, - "Description":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"^[ -~]*$" - }, - "ErrorMessage":{"type":"string"}, - "Id":{ - "type":"string", - "max":36, - "min":36, - "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" - }, - "InternalFailureException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    An unexpected error has occurred.

    ", - "error":{"httpStatusCode":500}, - "exception":true, - "fault":true - }, - "InvalidRequestException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The request is not valid.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "LimitExceededException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    A limit has been exceeded.

    ", - "error":{"httpStatusCode":410}, - "exception":true - }, - "ListApplicationsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token used to get the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" - } - } - }, - "ListApplicationsResponse":{ - "type":"structure", - "members":{ - "applicationSummaries":{ - "shape":"ApplicationSummaries", - "documentation":"

    An array of objects that provide summaries of information about the web applications in the list.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A token used to get the next set of results.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["resourceArn"], - "members":{ - "resourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The ARN of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of tags assigned to the resource.

    " - } - } - }, - "Name":{ - "type":"string", - "max":100, - "min":1, - "pattern":"^[ -~]*$" - }, - "NextToken":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"^[A-Za-z0-9+/=]+$" - }, - "ResourceArn":{"type":"string"}, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The specified resource does not exist.

    ", - "error":{"httpStatusCode":404}, - "exception":true - }, - "SsoClientId":{"type":"string"}, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"} - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":50, - "min":1 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tags" - ], - "members":{ - "resourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The ARN of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The new or modified tags for the resource.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":1 - }, - "ThrottlingException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The rate exceeds the limit.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "Timestamp":{"type":"long"}, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tagKeys" - ], - "members":{ - "resourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The ARN of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tagKeys":{ - "shape":"TagKeyList", - "documentation":"

    A list of the keys of the tags to be removed from the resource.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateApplicationRequest":{ - "type":"structure", - "required":["applicationId"], - "members":{ - "applicationId":{ - "shape":"Id", - "documentation":"

    The unique Id of the web application.

    ", - "location":"uri", - "locationName":"applicationId" - }, - "applicationName":{ - "shape":"Name", - "documentation":"

    The name of the web application.

    " - }, - "applicationDescription":{ - "shape":"Description", - "documentation":"

    An optional description of the web application.

    " - }, - "clientToken":{ - "shape":"ClientRequestToken", - "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", - "idempotencyToken":true - } - } - }, - "UpdateApplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "Url":{ - "type":"string", - "max":256, - "min":1, - "pattern":"^https\\://\\S+$" - }, - "errorMessage":{"type":"string"} - }, - "documentation":"

    With Fleet Hub for IoT Device Management you can build stand-alone web applications for monitoring the health of your device fleets.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/iotfleetwise/2021-06-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotfleetwise/2021-06-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotfleetwise/2021-06-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotfleetwise/2021-06-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotfleetwise/2021-06-17/service-2.json 2.31.35-1/awscli/botocore/data/iotfleetwise/2021-06-17/service-2.json --- 2.23.6-1/awscli/botocore/data/iotfleetwise/2021-06-17/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotfleetwise/2021-06-17/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1038,7 +1038,7 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Updates a vehicle.

    " + "documentation":"

    Updates a vehicle.

    Access to certain Amazon Web Services IoT FleetWise features is currently gated. For more information, see Amazon Web Services Region and feature availability in the Amazon Web Services IoT FleetWise Developer Guide.

    " } }, "shapes":{ @@ -1059,7 +1059,7 @@ ], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"ActuatorFullyQualifiedNameString", "documentation":"

    The fully qualified name of the actuator. For example, the fully qualified name of an actuator might be Vehicle.Front.Left.Door.Lock.

    " }, "dataType":{ @@ -1107,6 +1107,12 @@ }, "documentation":"

    A signal that represents a vehicle device such as the engine, heater, and door locks. Data from an actuator reports the state of a certain vehicle device.

    Updating actuator data can change the state of a device. For example, you can turn on or off the heater by updating its actuator data.

    " }, + "ActuatorFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "AmazonResourceName":{ "type":"string", "max":1011, @@ -1143,7 +1149,7 @@ ], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"AttributeFullyQualifiedNameString", "documentation":"

    The fully qualified name of the attribute. For example, the fully qualified name of an attribute might be Vehicle.Body.Engine.Type.

    " }, "dataType":{ @@ -1191,6 +1197,12 @@ }, "documentation":"

    A signal that represents static information about the vehicle, such as engine type or manufacturing date.

    " }, + "AttributeFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "BatchCreateVehicleRequest":{ "type":"structure", "required":["vehicles"], @@ -1242,7 +1254,7 @@ "required":["fullyQualifiedName"], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"BranchFullyQualifiedNameString", "documentation":"

    The fully qualified name of the branch. For example, the fully qualified name of a branch might be Vehicle.Body.Engine.

    " }, "description":{ @@ -1260,6 +1272,12 @@ }, "documentation":"

    A group of signals that are defined in a hierarchical structure.

    " }, + "BranchFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "CampaignStatus":{ "type":"string", "enum":[ @@ -1355,7 +1373,8 @@ "CanInterfaceName":{ "type":"string", "max":100, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "CanSignal":{ "type":"structure", @@ -1379,7 +1398,7 @@ }, "isSigned":{ "shape":"PrimitiveBoolean", - "documentation":"

    Whether the message data is specified as a signed value.

    " + "documentation":"

    Determines whether the message is signed (true) or not (false). If it's signed, the message can represent both positive and negative numbers. The isSigned parameter only applies to the INTEGER raw signal type, and it doesn't affect the FLOATING_POINT raw signal type.

    " }, "startBit":{ "shape":"nonNegativeInteger", @@ -1400,6 +1419,10 @@ "name":{ "shape":"CanSignalName", "documentation":"

    The name of the signal.

    " + }, + "signalValueType":{ + "shape":"SignalValueType", + "documentation":"

    The value type of the signal. The default value is INTEGER.

    " } }, "documentation":"

    Information about a single controller area network (CAN) signal and the messages it receives and transmits.

    " @@ -1407,7 +1430,8 @@ "CanSignalName":{ "type":"string", "max":100, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "CloudWatchLogDeliveryOptions":{ "type":"structure", @@ -1628,7 +1652,7 @@ "documentation":"

    A brief description of the decoder manifest.

    " }, "modelManifestArn":{ - "shape":"arn", + "shape":"CreateDecoderManifestRequestModelManifestArnString", "documentation":"

    The Amazon Resource Name (ARN) of the vehicle model (model manifest).

    " }, "signalDecoders":{ @@ -1649,6 +1673,10 @@ } } }, + "CreateDecoderManifestRequestModelManifestArnString":{ + "type":"string", + "pattern":"arn:aws:iotfleetwise:[a-z0-9-]+:[0-9]{12}:model-manifest/[a-zA-Z\\d\\-_:]{1,100}" + }, "CreateDecoderManifestResponse":{ "type":"structure", "required":[ @@ -1725,7 +1753,7 @@ "documentation":"

    A brief description of the vehicle model.

    " }, "nodes":{ - "shape":"listOfStrings", + "shape":"CreateModelManifestRequestNodesList", "documentation":"

    A list of nodes, which are a general abstraction of signals.

    " }, "signalCatalogArn":{ @@ -1738,6 +1766,12 @@ } } }, + "CreateModelManifestRequestNodesList":{ + "type":"list", + "member":{"shape":"string"}, + "max":500, + "min":0 + }, "CreateModelManifestResponse":{ "type":"structure", "required":[ @@ -2021,7 +2055,7 @@ ], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"CustomPropertyFullyQualifiedNameString", "documentation":"

    The fully qualified name of the custom property. For example, the fully qualified name of a custom property might be ComplexDataTypes.VehicleDataTypes.SVMCamera.FPS.

    " }, "dataType":{ @@ -2051,12 +2085,18 @@ }, "documentation":"

    Represents a member of the complex data structure. The data type of the property can be either primitive or another struct.

    " }, + "CustomPropertyFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "CustomStruct":{ "type":"structure", "required":["fullyQualifiedName"], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"CustomStructFullyQualifiedNameString", "documentation":"

    The fully qualified name of the custom structure. For example, the fully qualified name of a custom structure might be ComplexDataTypes.VehicleDataTypes.SVMCamera.

    " }, "description":{ @@ -2074,6 +2114,12 @@ }, "documentation":"

    The custom structure represents a complex or higher-order data structure.

    " }, + "CustomStructFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "DataDestinationConfig":{ "type":"structure", "members":{ @@ -2096,7 +2142,7 @@ "DataDestinationConfigs":{ "type":"list", "member":{"shape":"DataDestinationConfig"}, - "max":1, + "max":3, "min":1 }, "DataExtraDimensionNodePathList":{ @@ -2380,7 +2426,7 @@ "members":{ "identifier":{ "shape":"ResourceIdentifier", - "documentation":"

    A unique, service-generated identifier.

    " + "documentation":"

    The unique ID of the state template.

    " } } }, @@ -2534,7 +2580,8 @@ "FullyQualifiedName":{ "type":"string", "max":150, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "GetCampaignRequest":{ "type":"structure", @@ -2928,7 +2975,7 @@ "members":{ "identifier":{ "shape":"ResourceIdentifier", - "documentation":"

    A unique, service-generated identifier.

    " + "documentation":"

    The unique ID of the state template.

    " } } }, @@ -3170,7 +3217,8 @@ "InterfaceId":{ "type":"string", "max":50, - "min":1 + "min":1, + "pattern":"[-a-zA-Z0-9_.]+" }, "InterfaceIds":{ "type":"list", @@ -3313,6 +3361,10 @@ "status":{ "shape":"statusStr", "documentation":"

    An optional parameter to filter the results by the status of each created campaign in your account. The status can be one of: CREATING, WAITING_FOR_APPROVAL, RUNNING, or SUSPENDED.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: campaign name, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -3405,6 +3457,10 @@ "maxResults":{ "shape":"maxResults", "documentation":"

    The maximum number of items to return, between 1 and 100, inclusive.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: decoder manifest name, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -3462,6 +3518,10 @@ "maxResults":{ "shape":"maxResults", "documentation":"

    The maximum number of items to return, between 1 and 100, inclusive.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: fleet ID, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -3523,6 +3583,10 @@ "maxResults":{ "shape":"maxResults", "documentation":"

    The maximum number of items to return, between 1 and 100, inclusive.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: model manifest name, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -3539,6 +3603,10 @@ } } }, + "ListResponseScope":{ + "type":"string", + "enum":["METADATA_ONLY"] + }, "ListSignalCatalogNodesRequest":{ "type":"structure", "required":["name"], @@ -3610,6 +3678,10 @@ "maxResults":{ "shape":"maxResults", "documentation":"

    The maximum number of items to return, between 1 and 100, inclusive.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: state template ID, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -3698,6 +3770,10 @@ "maxResults":{ "shape":"listVehiclesMaxResults", "documentation":"

    The maximum number of items to return, between 1 and 100, inclusive.

    " + }, + "listResponseScope":{ + "shape":"ListResponseScope", + "documentation":"

    When you set the listResponseScope parameter to METADATA_ONLY, the list response includes: vehicle name, Amazon Resource Name (ARN), creation time, and last modification time.

    " } } }, @@ -4077,7 +4153,8 @@ "ObdInterfaceName":{ "type":"string", "max":100, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "ObdSignal":{ "type":"structure", @@ -4126,6 +4203,15 @@ "bitMaskLength":{ "shape":"ObdBitmaskLength", "documentation":"

    The number of bits to mask in a message.

    " + }, + "isSigned":{ + "shape":"PrimitiveBoolean", + "documentation":"

    Determines whether the message is signed (true) or not (false). If it's signed, the message can represent both positive and negative numbers. The isSigned parameter only applies to the INTEGER raw signal type, and it doesn't affect the FLOATING_POINT raw signal type. The default value is false.

    ", + "box":true + }, + "signalValueType":{ + "shape":"SignalValueType", + "documentation":"

    The value type of the signal. The default value is INTEGER.

    " } }, "documentation":"

    Information about signal messages using the on-board diagnostics (OBD) II protocol in a vehicle.

    " @@ -4170,12 +4256,14 @@ "ProtocolName":{ "type":"string", "max":50, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "ProtocolVersion":{ "type":"string", "max":50, - "min":1 + "min":1, + "pattern":"[a-zA-Z0-9_.]+" }, "PutEncryptionConfigurationRequest":{ "type":"structure", @@ -4404,7 +4492,7 @@ ], "members":{ "fullyQualifiedName":{ - "shape":"string", + "shape":"SensorFullyQualifiedNameString", "documentation":"

    The fully qualified name of the sensor. For example, the fully qualified name of a sensor might be Vehicle.Body.Engine.Battery.

    " }, "dataType":{ @@ -4446,6 +4534,12 @@ }, "documentation":"

    An input component that reports the environmental condition of a vehicle.

    You can collect data about fluid levels, temperatures, vibrations, or battery voltage from sensors.

    " }, + "SensorFullyQualifiedNameString":{ + "type":"string", + "max":150, + "min":1, + "pattern":"[a-zA-Z0-9_.]+" + }, "SignalCatalogSummary":{ "type":"structure", "members":{ @@ -4589,7 +4683,8 @@ "type":"list", "member":{"shape":"SignalFetchInformation"}, "max":2, - "min":1 + "min":1, + "sensitive":true }, "SignalInformation":{ "type":"structure", @@ -4632,6 +4727,13 @@ "CUSTOM_PROPERTY" ] }, + "SignalValueType":{ + "type":"string", + "enum":[ + "INTEGER", + "FLOATING_POINT" + ] + }, "SpoolingMode":{ "type":"string", "enum":[ @@ -4648,7 +4750,7 @@ "members":{ "identifier":{ "shape":"ResourceIdentifier", - "documentation":"

    A unique, service-generated identifier.

    " + "documentation":"

    The unique ID of the state template.

    " }, "stateTemplateUpdateStrategy":{"shape":"StateTemplateUpdateStrategy"} }, @@ -5195,7 +5297,7 @@ }, "status":{ "shape":"CampaignStatus", - "documentation":"

    The state of a campaign. The status can be one of:

    • CREATING - Amazon Web Services IoT FleetWise is processing your request to create the campaign.

    • WAITING_FOR_APPROVAL - After a campaign is created, it enters the WAITING_FOR_APPROVAL state. To allow Amazon Web Services IoT FleetWise to deploy the campaign to the target vehicle or fleet, use the API operation to approve the campaign.

    • RUNNING - The campaign is active.

    • SUSPENDED - The campaign is suspended. To resume the campaign, use the API operation.

    " + "documentation":"

    The state of a campaign. The status can be one of:

    • CREATING - Amazon Web Services IoT FleetWise is processing your request to create the campaign.

    • WAITING_FOR_APPROVAL - After you create a campaign, it enters this state. Use the API operation to approve the campaign for deployment to the target vehicle or fleet.

    • RUNNING - The campaign is active.

    • SUSPENDED - The campaign is suspended. To resume the campaign, use the API operation.

    " } } }, @@ -5388,7 +5490,7 @@ "members":{ "identifier":{ "shape":"ResourceIdentifier", - "documentation":"

    A unique, service-generated identifier.

    " + "documentation":"

    The unique ID of the state template.

    " }, "description":{ "shape":"description", @@ -5478,6 +5580,10 @@ "stateTemplatesToRemove":{ "shape":"StateTemplateAssociationIdentifiers", "documentation":"

    Remove state templates from the vehicle.

    " + }, + "stateTemplatesToUpdate":{ + "shape":"StateTemplateAssociations", + "documentation":"

    Change the stateTemplateUpdateStrategy of state templates already associated with the vehicle.

    " } } }, @@ -5512,9 +5618,13 @@ "stateTemplatesToRemove":{ "shape":"StateTemplateAssociationIdentifiers", "documentation":"

    Remove existing state template associations from the vehicle.

    " + }, + "stateTemplatesToUpdate":{ + "shape":"StateTemplateAssociations", + "documentation":"

    Change the stateTemplateUpdateStrategy of state templates already associated with the vehicle.

    " } }, - "documentation":"

    Information about the vehicle to update.

    " + "documentation":"

    Information about the vehicle to update.

    Access to certain Amazon Web Services IoT FleetWise features is currently gated. For more information, see Amazon Web Services Region and feature availability in the Amazon Web Services IoT FleetWise Developer Guide.

    " }, "UpdateVehicleResponse":{ "type":"structure", @@ -5632,7 +5742,8 @@ "READY", "HEALTHY", "SUSPENDED", - "DELETING" + "DELETING", + "READY_FOR_CHECKIN" ] }, "VehicleStatus":{ @@ -5648,7 +5759,7 @@ }, "status":{ "shape":"VehicleState", - "documentation":"

    The status of a campaign, which can be one of the following:

    • CREATED - The campaign has been created successfully but has not been approved.

    • READY - The campaign has been approved but has not been deployed to the vehicle.

    • HEALTHY - The campaign has been deployed to the vehicle.

    • SUSPENDED - The campaign has been suspended and data collection is paused.

    • DELETING - The campaign is being removed from the vehicle.

    " + "documentation":"

    The status of a campaign, which can be one of the following:

    • CREATED - The campaign exists but is not yet approved.

    • READY - The campaign is approved but has not been deployed to the vehicle. Data has not arrived at the vehicle yet.

    • HEALTHY - The campaign is deployed to the vehicle.

    • SUSPENDED - The campaign is suspended and data collection is paused.

    • DELETING - The campaign is being removed from the vehicle.

    • READY_FOR_CHECKIN - The campaign is approved and waiting for vehicle check-in before deployment.

    " } }, "documentation":"

    Information about a campaign associated with a vehicle.

    " @@ -5851,17 +5962,20 @@ }, "nonNegativeInteger":{ "type":"integer", + "max":2147483647, "min":0 }, "number":{"type":"integer"}, "positiveInteger":{ "type":"integer", "box":true, + "max":2147483647, "min":1 }, "positiveLong":{ "type":"long", "box":true, + "max":9223372036854775807, "min":1 }, "priority":{ @@ -5882,7 +5996,7 @@ "statusStr":{ "type":"string", "max":20, - "min":7, + "min":1, "pattern":"[A-Z_]*" }, "string":{"type":"string"}, diff -pruN 2.23.6-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/service-2.json 2.31.35-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/service-2.json --- 2.23.6-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotsecuretunneling/2018-10-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -152,8 +152,7 @@ }, "CloseTunnelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ConnectionState":{ "type":"structure", @@ -435,8 +434,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -585,8 +583,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} } }, "documentation":"IoT Secure Tunneling

    IoT Secure Tunneling creates remote connections to devices deployed in the field.

    For more information about how IoT Secure Tunneling works, see IoT Secure Tunneling.

    " diff -pruN 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/paginators-1.json 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/paginators-1.json --- 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -131,6 +131,36 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "datasetSummaries" + }, + "ListComputationModelDataBindingUsages": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dataBindingUsageSummaries" + }, + "ListComputationModelResolveToResources": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "computationModelResolveToResourceSummaries" + }, + "ListComputationModels": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "computationModelSummaries" + }, + "ListExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "executionSummaries" + }, + "ListInterfaceRelationships": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "interfaceRelationshipSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/service-2.json 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/iotsitewise/2019-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotsitewise/2019-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -174,7 +174,7 @@ {"shape":"ThrottlingException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.

    ", + "documentation":"

    Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.

    Support for access policies that use an SSO Group as the identity is not supported at this time.

    ", "endpoint":{"hostPrefix":"monitor."} }, "CreateAsset":{ @@ -216,7 +216,7 @@ {"shape":"LimitExceededException"}, {"shape":"ConflictingOperationException"} ], - "documentation":"

    Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the IoT SiteWise User Guide.

    You can create two types of asset models, ASSET_MODEL or COMPONENT_MODEL.

    • ASSET_MODEL – (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.

    • COMPONENT_MODEL – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.

    ", + "documentation":"

    Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the IoT SiteWise User Guide.

    You can create three types of asset models, ASSET_MODEL, COMPONENT_MODEL, or an INTERFACE.

    • ASSET_MODEL – (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.

    • COMPONENT_MODEL – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.

    • INTERFACE – An interface is a type of model that defines a standard structure that can be applied to different asset models.

    ", "endpoint":{"hostPrefix":"api."} }, "CreateAssetModelCompositeModel":{ @@ -259,9 +259,30 @@ {"shape":"LimitExceededException"}, {"shape":"ConflictingOperationException"} ], - "documentation":"

    Defines a job to ingest data to IoT SiteWise from Amazon S3. For more information, see Create a bulk import job (CLI) in the Amazon Simple Storage Service User Guide.

    Before you create a bulk import job, you must enable IoT SiteWise warm tier or IoT SiteWise cold tier. For more information about how to configure storage settings, see PutStorageConfiguration.

    Bulk import is designed to store historical data to IoT SiteWise. It does not trigger computations or notifications on IoT SiteWise warm or cold tier storage.

    ", + "documentation":"

    Defines a job to ingest data to IoT SiteWise from Amazon S3. For more information, see Create a bulk import job (CLI) in the Amazon Simple Storage Service User Guide.

    Before you create a bulk import job, you must enable IoT SiteWise warm tier or IoT SiteWise cold tier. For more information about how to configure storage settings, see PutStorageConfiguration.

    Bulk import is designed to store historical data to IoT SiteWise.

    • Newly ingested data in the hot tier triggers notifications and computations.

    • After data moves from the hot tier to the warm or cold tier based on retention settings, it does not trigger computations or notifications.

    • Data older than 7 days does not trigger computations or notifications.

    ", "endpoint":{"hostPrefix":"data."} }, + "CreateComputationModel":{ + "name":"CreateComputationModel", + "http":{ + "method":"POST", + "requestUri":"/computation-models", + "responseCode":202 + }, + "input":{"shape":"CreateComputationModelRequest"}, + "output":{"shape":"CreateComputationModelResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictingOperationException"} + ], + "documentation":"

    Create a computation model with a configuration and data binding.

    ", + "endpoint":{"hostPrefix":"api."} + }, "CreateDashboard":{ "name":"CreateDashboard", "http":{ @@ -436,6 +457,44 @@ "documentation":"

    Deletes a composite model. This action can't be undone. You must delete all assets created from a composite model before you can delete the model. Also, you can't delete a composite model if a parent asset model exists that contains a property formula expression that depends on the asset model that you want to delete. For more information, see Deleting assets and models in the IoT SiteWise User Guide.

    ", "endpoint":{"hostPrefix":"api."} }, + "DeleteAssetModelInterfaceRelationship":{ + "name":"DeleteAssetModelInterfaceRelationship", + "http":{ + "method":"DELETE", + "requestUri":"/asset-models/{assetModelId}/interface/{interfaceAssetModelId}/asset-model-interface-relationship", + "responseCode":202 + }, + "input":{"shape":"DeleteAssetModelInterfaceRelationshipRequest"}, + "output":{"shape":"DeleteAssetModelInterfaceRelationshipResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictingOperationException"} + ], + "documentation":"

    Deletes an interface relationship between an asset model and an interface asset model.

    ", + "endpoint":{"hostPrefix":"api."} + }, + "DeleteComputationModel":{ + "name":"DeleteComputationModel", + "http":{ + "method":"DELETE", + "requestUri":"/computation-models/{computationModelId}", + "responseCode":202 + }, + "input":{"shape":"DeleteComputationModelRequest"}, + "output":{"shape":"DeleteComputationModelResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictingOperationException"} + ], + "documentation":"

    Deletes a computation model. This action can't be undone.

    ", + "endpoint":{"hostPrefix":"api."} + }, "DeleteDashboard":{ "name":"DeleteDashboard", "http":{ @@ -627,7 +686,7 @@ {"shape":"InternalFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves information about an asset model.

    ", + "documentation":"

    Retrieves information about an asset model. This includes details about the asset model's properties, hierarchies, composite models, and any interface relationships if the asset model implements interfaces.

    ", "endpoint":{"hostPrefix":"api."} }, "DescribeAssetModelCompositeModel":{ @@ -647,6 +706,23 @@ "documentation":"

    Retrieves information about an asset model composite model (also known as an asset model component). For more information, see Custom composite models (Components) in the IoT SiteWise User Guide.

    ", "endpoint":{"hostPrefix":"api."} }, + "DescribeAssetModelInterfaceRelationship":{ + "name":"DescribeAssetModelInterfaceRelationship", + "http":{ + "method":"GET", + "requestUri":"/asset-models/{assetModelId}/interface/{interfaceAssetModelId}/asset-model-interface-relationship" + }, + "input":{"shape":"DescribeAssetModelInterfaceRelationshipRequest"}, + "output":{"shape":"DescribeAssetModelInterfaceRelationshipResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about an interface relationship between an asset model and an interface asset model.

    ", + "endpoint":{"hostPrefix":"api."} + }, "DescribeAssetProperty":{ "name":"DescribeAssetProperty", "http":{ @@ -681,6 +757,40 @@ "documentation":"

    Retrieves information about a bulk import job request. For more information, see Describe a bulk import job (CLI) in the Amazon Simple Storage Service User Guide.

    ", "endpoint":{"hostPrefix":"data."} }, + "DescribeComputationModel":{ + "name":"DescribeComputationModel", + "http":{ + "method":"GET", + "requestUri":"/computation-models/{computationModelId}" + }, + "input":{"shape":"DescribeComputationModelRequest"}, + "output":{"shape":"DescribeComputationModelResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about a computation model.

    ", + "endpoint":{"hostPrefix":"api."} + }, + "DescribeComputationModelExecutionSummary":{ + "name":"DescribeComputationModelExecutionSummary", + "http":{ + "method":"GET", + "requestUri":"/computation-models/{computationModelId}/execution-summary" + }, + "input":{"shape":"DescribeComputationModelExecutionSummaryRequest"}, + "output":{"shape":"DescribeComputationModelExecutionSummaryResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about the execution summary of a computation model.

    ", + "endpoint":{"hostPrefix":"api."} + }, "DescribeDashboard":{ "name":"DescribeDashboard", "http":{ @@ -732,6 +842,23 @@ "documentation":"

    Retrieves information about the default encryption configuration for the Amazon Web Services account in the default or specified Region. For more information, see Key management in the IoT SiteWise User Guide.

    ", "endpoint":{"hostPrefix":"api."} }, + "DescribeExecution":{ + "name":"DescribeExecution", + "http":{ + "method":"GET", + "requestUri":"/executions/{executionId}" + }, + "input":{"shape":"DescribeExecutionRequest"}, + "output":{"shape":"DescribeExecutionResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about the execution.

    ", + "endpoint":{"hostPrefix":"api."} + }, "DescribeGateway":{ "name":"DescribeGateway", "http":{ @@ -763,7 +890,7 @@ {"shape":"InternalFailureException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves information about a gateway capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

    ", + "documentation":"

    Each gateway capability defines data sources for a gateway. This is the namespace of the gateway capability.

    . The namespace follows the format service:capability:version, where:

    • service - The service providing the capability, or iotsitewise.

    • capability - The specific capability type. Options include: opcuacollector for the OPC UA data source collector, or publisher for data publisher capability.

    • version - The version number of the capability. Option include 2 for Classic streams, V2 gateways, and 3 for MQTT-enabled, V3 gateways.

    After updating a capability configuration, the sync status becomes OUT_OF_SYNC until the gateway processes the configuration.Use DescribeGatewayCapabilityConfiguration to check the sync status and verify the configuration was applied.

    A gateway can have multiple capability configurations with different namespaces.

    ", "endpoint":{"hostPrefix":"api."} }, "DescribeLoggingOptions":{ @@ -1013,10 +1140,10 @@ "errors":[ {"shape":"InternalFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidRequestException"}, {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictingOperationException"} ], "documentation":"

    Invokes SiteWise Assistant to start or continue a conversation.

    ", @@ -1208,6 +1335,55 @@ "documentation":"

    Retrieves a paginated list of composition relationships for an asset model of type COMPONENT_MODEL.

    ", "endpoint":{"hostPrefix":"api."} }, + "ListComputationModelDataBindingUsages":{ + "name":"ListComputationModelDataBindingUsages", + "http":{ + "method":"POST", + "requestUri":"/computation-models/data-binding-usages" + }, + "input":{"shape":"ListComputationModelDataBindingUsagesRequest"}, + "output":{"shape":"ListComputationModelDataBindingUsagesResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all data binding usages for computation models. This allows to identify where specific data bindings are being utilized across the computation models. This track dependencies between data sources and computation models.

    ", + "endpoint":{"hostPrefix":"api."} + }, + "ListComputationModelResolveToResources":{ + "name":"ListComputationModelResolveToResources", + "http":{ + "method":"GET", + "requestUri":"/computation-models/{computationModelId}/resolve-to-resources" + }, + "input":{"shape":"ListComputationModelResolveToResourcesRequest"}, + "output":{"shape":"ListComputationModelResolveToResourcesResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists all distinct resources that are resolved from the executed actions of the computation model.

    ", + "endpoint":{"hostPrefix":"api."} + }, + "ListComputationModels":{ + "name":"ListComputationModels", + "http":{ + "method":"GET", + "requestUri":"/computation-models" + }, + "input":{"shape":"ListComputationModelsRequest"}, + "output":{"shape":"ListComputationModelsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves a paginated list of summaries of all computation models.

    ", + "endpoint":{"hostPrefix":"api."} + }, "ListDashboards":{ "name":"ListDashboards", "http":{ @@ -1241,6 +1417,23 @@ "documentation":"

    Retrieves a paginated list of datasets for a specific target resource.

    ", "endpoint":{"hostPrefix":"api."} }, + "ListExecutions":{ + "name":"ListExecutions", + "http":{ + "method":"GET", + "requestUri":"/executions" + }, + "input":{"shape":"ListExecutionsRequest"}, + "output":{"shape":"ListExecutionsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves a paginated list of summaries of all executions.

    ", + "endpoint":{"hostPrefix":"api."} + }, "ListGateways":{ "name":"ListGateways", "http":{ @@ -1257,6 +1450,23 @@ "documentation":"

    Retrieves a paginated list of gateways.

    ", "endpoint":{"hostPrefix":"api."} }, + "ListInterfaceRelationships":{ + "name":"ListInterfaceRelationships", + "http":{ + "method":"GET", + "requestUri":"/interface/{interfaceAssetModelId}/asset-models" + }, + "input":{"shape":"ListInterfaceRelationshipsRequest"}, + "output":{"shape":"ListInterfaceRelationshipsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves a paginated list of asset models that have a specific interface asset model applied to them.

    ", + "endpoint":{"hostPrefix":"api."} + }, "ListPortals":{ "name":"ListPortals", "http":{ @@ -1345,6 +1555,26 @@ "documentation":"

    Retrieves a paginated list of time series (data streams).

    ", "endpoint":{"hostPrefix":"api."} }, + "PutAssetModelInterfaceRelationship":{ + "name":"PutAssetModelInterfaceRelationship", + "http":{ + "method":"PUT", + "requestUri":"/asset-models/{assetModelId}/interface/{interfaceAssetModelId}/asset-model-interface-relationship", + "responseCode":202 + }, + "input":{"shape":"PutAssetModelInterfaceRelationshipRequest"}, + "output":{"shape":"PutAssetModelInterfaceRelationshipResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictingOperationException"} + ], + "documentation":"

    Creates or updates an interface relationship between an asset model and an interface asset model. This operation applies an interface to an asset model.

    ", + "endpoint":{"hostPrefix":"api."} + }, "PutDefaultEncryptionConfiguration":{ "name":"PutDefaultEncryptionConfiguration", "http":{ @@ -1541,6 +1771,27 @@ "documentation":"

    Updates an asset property's alias and notification state.

    This operation overwrites the property's existing alias and notification state. To keep your existing property's alias or notification state, you must include the existing values in the UpdateAssetProperty request. For more information, see DescribeAssetProperty.

    ", "endpoint":{"hostPrefix":"api."} }, + "UpdateComputationModel":{ + "name":"UpdateComputationModel", + "http":{ + "method":"POST", + "requestUri":"/computation-models/{computationModelId}", + "responseCode":202 + }, + "input":{"shape":"UpdateComputationModelRequest"}, + "output":{"shape":"UpdateComputationModelResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictingOperationException"} + ], + "documentation":"

    Updates the computation model.

    ", + "endpoint":{"hostPrefix":"api."} + }, "UpdateDashboard":{ "name":"UpdateDashboard", "http":{ @@ -1613,7 +1864,7 @@ {"shape":"ThrottlingException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

    ", + "documentation":"

    Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway.

    Important workflow notes:

    Each gateway capability defines data sources for a gateway. This is the namespace of the gateway capability.

    . The namespace follows the format service:capability:version, where:

    • service - The service providing the capability, or iotsitewise.

    • capability - The specific capability type. Options include: opcuacollector for the OPC UA data source collector, or publisher for data publisher capability.

    • version - The version number of the capability. Option include 2 for Classic streams, V2 gateways, and 3 for MQTT-enabled, V3 gateways.

    After updating a capability configuration, the sync status becomes OUT_OF_SYNC until the gateway processes the configuration.Use DescribeGatewayCapabilityConfiguration to check the sync status and verify the configuration was applied.

    A gateway can have multiple capability configurations with different namespaces.

    ", "endpoint":{"hostPrefix":"api."} }, "UpdatePortal":{ @@ -1770,9 +2021,13 @@ "targetResource":{ "shape":"TargetResource", "documentation":"

    The resource the action will be taken on.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this action resolves to.

    " } }, - "documentation":"

    Contains the summary of the actions.

    " + "documentation":"

    Contains the summary of the actions, including information about where the action resolves to.

    " }, "AdaptiveIngestion":{"type":"boolean"}, "AggregateType":{ @@ -1868,6 +2123,17 @@ "max":1011, "min":1 }, + "AssetBindingValueFilter":{ + "type":"structure", + "required":["assetId"], + "members":{ + "assetId":{ + "shape":"ID", + "documentation":"

    The ID of the asset to filter data bindings by. Only data bindings referencing this specific asset are matched.

    " + } + }, + "documentation":"

    A filter used to match data bindings based on a specific asset. This filter identifies all computation models referencing a particular asset in their data bindings.

    " + }, "AssetCompositeModel":{ "type":"structure", "required":[ @@ -2006,13 +2272,13 @@ "shape":"ID", "documentation":"

    The ID of the hierarchy. This ID is a hierarchyId.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The hierarchy name provided in the CreateAssetModel or UpdateAssetModel API operation.

    " - }, "externalId":{ "shape":"ExternalId", "documentation":"

    The external ID of the hierarchy, if it has one. When you update an asset hierarchy, you may assign an external ID if it doesn't already have one. You can't change the external ID of an asset hierarchy that already has one. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, + "name":{ + "shape":"Name", + "documentation":"

    The hierarchy name provided in the CreateAssetModel or UpdateAssetModel API operation.

    " } }, "documentation":"

    Describes an asset hierarchy that contains a hierarchy's name and ID.

    " @@ -2035,6 +2301,17 @@ "type":"list", "member":{"shape":"ID"} }, + "AssetModelBindingValueFilter":{ + "type":"structure", + "required":["assetModelId"], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model to filter data bindings by. Only data bindings referemncing this specific asset model are matched.

    " + } + }, + "documentation":"

    A filter used to match data bindings based on a specific asset model. This filter identifies all computation models referencing a particular asset model in their data bindings.

    " + }, "AssetModelCompositeModel":{ "type":"structure", "required":[ @@ -2275,6 +2552,42 @@ }, "documentation":"

    Contains information about an asset model property.

    " }, + "AssetModelPropertyBindingValue":{ + "type":"structure", + "required":[ + "assetModelId", + "propertyId" + ], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model, in UUID format.

    " + }, + "propertyId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model property used in data binding value.

    " + } + }, + "documentation":"

    Contains information about an assetModelProperty binding value.

    " + }, + "AssetModelPropertyBindingValueFilter":{ + "type":"structure", + "required":[ + "assetModelId", + "propertyId" + ], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model containing the filter property. This identifies the specific asset model that contains the property of interest.

    " + }, + "propertyId":{ + "shape":"ID", + "documentation":"

    The ID of the property within the asset model to filter by. Only data bindings referencing this specific property of the specified asset model are matched.

    " + } + }, + "documentation":"

    A filter used to match data bindings based on a specific asset model property. This filter identifies all computation models that reference a particular property of an asset model in their data bindings.

    " + }, "AssetModelPropertyDefinition":{ "type":"structure", "required":[ @@ -2380,9 +2693,13 @@ "path":{ "shape":"AssetModelPropertyPath", "documentation":"

    The structured path to the property from the root of the asset model.

    " + }, + "interfaceSummaries":{ + "shape":"InterfaceSummaries", + "documentation":"

    A list of interface summaries that describe which interfaces this property belongs to, including the interface asset model ID and the corresponding property ID in the interface.

    " } }, - "documentation":"

    Contains a summary of a property associated with a model.

    " + "documentation":"

    Contains a summary of a property associated with a model. This includes information about which interfaces the property belongs to, if any.

    " }, "AssetModelState":{ "type":"string", @@ -2473,7 +2790,8 @@ "type":"string", "enum":[ "ASSET_MODEL", - "COMPONENT_MODEL" + "COMPONENT_MODEL", + "INTERFACE" ] }, "AssetModelVersionFilter":{ @@ -2503,6 +2821,10 @@ "shape":"ID", "documentation":"

    The ID of the asset property.

    " }, + "externalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "name":{ "shape":"Name", "documentation":"

    The name of the property.

    " @@ -2530,10 +2852,6 @@ "path":{ "shape":"AssetPropertyPath", "documentation":"

    The structured path to the property from the root of the asset.

    " - }, - "externalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } }, "documentation":"

    Contains asset property information.

    " @@ -2544,6 +2862,42 @@ "min":1, "pattern":"[^\\u0000-\\u001F\\u007F]+" }, + "AssetPropertyBindingValue":{ + "type":"structure", + "required":[ + "assetId", + "propertyId" + ], + "members":{ + "assetId":{ + "shape":"ID", + "documentation":"

    The ID of the asset containing the property. This identifies the specific asset instance's property value used in the computation model.

    " + }, + "propertyId":{ + "shape":"ID", + "documentation":"

    The ID of the property within the asset. This identifies the specific property's value used in the computation model.

    " + } + }, + "documentation":"

    Represents a data binding value referencing a specific asset property. It's used to bind computation model variables to actual asset property values for processing.

    " + }, + "AssetPropertyBindingValueFilter":{ + "type":"structure", + "required":[ + "assetId", + "propertyId" + ], + "members":{ + "assetId":{ + "shape":"ID", + "documentation":"

    The ID of the asset containing the property to filter by. This identifies the specific asset instance containing the property of interest.

    " + }, + "propertyId":{ + "shape":"ID", + "documentation":"

    The ID of the property within the asset to filter by. Only data bindings referencing this specific property of the specified asset are matched.

    " + } + }, + "documentation":"

    A filter used to match data bindings based on a specific asset property. This filter helps identify all computation models referencing a particular property of an asset in their data bindings.

    " + }, "AssetPropertyPath":{ "type":"list", "member":{"shape":"AssetPropertyPathSegment"} @@ -2574,6 +2928,10 @@ "shape":"ID", "documentation":"

    The ID of the property.

    " }, + "externalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "alias":{ "shape":"PropertyAlias", "documentation":"

    The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

    " @@ -2590,10 +2948,6 @@ "path":{ "shape":"AssetPropertyPath", "documentation":"

    The structured path to the property from the root of the asset.

    " - }, - "externalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } }, "documentation":"

    Contains a summary of a property associated with an asset.

    " @@ -2697,6 +3051,10 @@ "shape":"ID", "documentation":"

    The ID of the asset, in UUID format.

    " }, + "externalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "arn":{ "shape":"ARN", "documentation":"

    The ARN of the asset, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

    " @@ -2728,10 +3086,6 @@ "description":{ "shape":"Description", "documentation":"

    A description for the asset.

    " - }, - "externalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } }, "documentation":"

    Contains a summary of an asset.

    " @@ -2819,6 +3173,10 @@ "shape":"ID", "documentation":"

    The ID of the asset, in UUID format.

    " }, + "externalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "arn":{ "shape":"ARN", "documentation":"

    The ARN of the asset, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

    " @@ -2850,10 +3208,6 @@ "description":{ "shape":"Description", "documentation":"

    A description for the asset.

    " - }, - "externalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } }, "documentation":"

    Contains a summary of an associated asset.

    " @@ -3603,6 +3957,10 @@ } } }, + "BindingValueList":{ + "type":"list", + "member":{"shape":"ComputationModelDataBindingValue"} + }, "BooleanValue":{"type":"boolean"}, "Bucket":{ "type":"string", @@ -3778,6 +4136,199 @@ }, "documentation":"

    Contains a summary of the components of the composite model.

    " }, + "ComputationModelAnomalyDetectionConfiguration":{ + "type":"structure", + "required":[ + "inputProperties", + "resultProperty" + ], + "members":{ + "inputProperties":{ + "shape":"InputProperties", + "documentation":"

    Define the variable name associated with input properties, with the following format ${VariableName}.

    " + }, + "resultProperty":{ + "shape":"ResultProperty", + "documentation":"

    Define the variable name associated with the result property, and the following format ${VariableName}.

    " + } + }, + "documentation":"

    Contains the configuration of the type of anomaly detection computation model.

    " + }, + "ComputationModelConfiguration":{ + "type":"structure", + "members":{ + "anomalyDetection":{ + "shape":"ComputationModelAnomalyDetectionConfiguration", + "documentation":"

    The configuration for the anomaly detection type of computation model.

    " + } + }, + "documentation":"

    The configuration for the computation model.

    " + }, + "ComputationModelDataBinding":{ + "type":"map", + "key":{"shape":"ComputationModelDataBindingVariable"}, + "value":{"shape":"ComputationModelDataBindingValue"} + }, + "ComputationModelDataBindingUsageSummaries":{ + "type":"list", + "member":{"shape":"ComputationModelDataBindingUsageSummary"} + }, + "ComputationModelDataBindingUsageSummary":{ + "type":"structure", + "required":[ + "computationModelIds", + "matchedDataBinding" + ], + "members":{ + "computationModelIds":{ + "shape":"ComputationModelIdList", + "documentation":"

    The list of computation model IDs that use this data binding. This allows identification of all computation models affected by changes to the referenced data source.

    " + }, + "matchedDataBinding":{ + "shape":"MatchedDataBinding", + "documentation":"

    The data binding matched by the filter criteria. Contains details about specific data binding values used by the computation models.

    " + } + }, + "documentation":"

    A summary of how a specific data binding is used across computation models. This tracks dependencies between data sources and computation models, allowing you to understand the impact of changes to data sources.

    " + }, + "ComputationModelDataBindingValue":{ + "type":"structure", + "members":{ + "assetModelProperty":{ + "shape":"AssetModelPropertyBindingValue", + "documentation":"

    Specifies an asset model property data binding value.

    " + }, + "assetProperty":{ + "shape":"AssetPropertyBindingValue", + "documentation":"

    The asset property value used for computation model data binding.

    " + }, + "list":{ + "shape":"BindingValueList", + "documentation":"

    Specifies a list of data binding value.

    " + } + }, + "documentation":"

    Contains computation model data binding value information, which can be one of assetModelProperty, list.

    " + }, + "ComputationModelDataBindingVariable":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[a-z][a-z0-9_]*$" + }, + "ComputationModelExecutionSummary":{ + "type":"map", + "key":{"shape":"ComputationModelExecutionSummaryKey"}, + "value":{"shape":"ComputationModelExecutionSummaryValue"} + }, + "ComputationModelExecutionSummaryKey":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ComputationModelExecutionSummaryValue":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ComputationModelIdList":{ + "type":"list", + "member":{"shape":"ID"} + }, + "ComputationModelResolveToResourceSummaries":{ + "type":"list", + "member":{"shape":"ComputationModelResolveToResourceSummary"} + }, + "ComputationModelResolveToResourceSummary":{ + "type":"structure", + "members":{ + "resolveTo":{"shape":"ResolveTo"} + }, + "documentation":"

    A summary of the resource that a computation model resolves to.

    " + }, + "ComputationModelState":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "FAILED" + ] + }, + "ComputationModelStatus":{ + "type":"structure", + "required":["state"], + "members":{ + "state":{ + "shape":"ComputationModelState", + "documentation":"

    The current state of the computation model.

    " + }, + "error":{"shape":"ErrorDetails"} + }, + "documentation":"

    Contains current status information for a computation model.

    " + }, + "ComputationModelSummaries":{ + "type":"list", + "member":{"shape":"ComputationModelSummary"} + }, + "ComputationModelSummary":{ + "type":"structure", + "required":[ + "id", + "arn", + "name", + "type", + "creationDate", + "lastUpdateDate", + "status", + "version" + ], + "members":{ + "id":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    " + }, + "arn":{ + "shape":"ARN", + "documentation":"

    The ARN of the computation model, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:computation-model/${ComputationModelId}

    " + }, + "name":{ + "shape":"RestrictedName", + "documentation":"

    The name of the computation model.

    " + }, + "description":{ + "shape":"RestrictedDescription", + "documentation":"

    The description of the computation model.

    " + }, + "type":{ + "shape":"ComputationModelType", + "documentation":"

    The type of the computation model.

    " + }, + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The model creation date, in Unix epoch time.

    " + }, + "lastUpdateDate":{ + "shape":"Timestamp", + "documentation":"

    The time the model was last updated, in Unix epoch time.

    " + }, + "status":{ + "shape":"ComputationModelStatus", + "documentation":"

    The current status of the computation model.

    " + }, + "version":{ + "shape":"Version", + "documentation":"

    The version of the computation model.

    " + } + }, + "documentation":"

    Contains a summary of a computation model.

    " + }, + "ComputationModelType":{ + "type":"string", + "enum":["ANOMALY_DETECTION"] + }, + "ComputationModelVersionFilter":{ + "type":"string", + "pattern":"^(LATEST|ACTIVE|[1-9]{1}\\d{0,9})$" + }, "ComputeLocation":{ "type":"string", "enum":[ @@ -3864,6 +4415,14 @@ "min":36, "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, + "CoreDeviceOperatingSystem":{ + "type":"string", + "enum":[ + "LINUX_AARCH64", + "LINUX_AMD64", + "WINDOWS_AMD64" + ] + }, "CoreDeviceThingName":{ "type":"string", "max":128, @@ -4092,6 +4651,14 @@ "shape":"CustomID", "documentation":"

    The ID of the asset model from which to create the asset. This can be either the actual ID in UUID format, or else externalId: followed by the external ID, if it has one. For more information, see Referencing objects with external IDs in the IoT SiteWise User Guide.

    " }, + "assetId":{ + "shape":"ID", + "documentation":"

    The ID to assign to the asset, if desired. IoT SiteWise automatically generates a unique ID for you, so this parameter is never required. However, if you prefer to supply your own ID instead, you can specify it here in UUID format. If you specify your own ID, it must be globally unique.

    " + }, + "assetExternalId":{ + "shape":"ExternalId", + "documentation":"

    An external ID to assign to the asset. The external ID must be unique within your Amazon Web Services account. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", @@ -4104,14 +4671,6 @@ "assetDescription":{ "shape":"Description", "documentation":"

    A description for the asset.

    " - }, - "assetId":{ - "shape":"ID", - "documentation":"

    The ID to assign to the asset, if desired. IoT SiteWise automatically generates a unique ID for you, so this parameter is never required. However, if you prefer to supply your own ID instead, you can specify it here in UUID format. If you specify your own ID, it must be globally unique.

    " - }, - "assetExternalId":{ - "shape":"ExternalId", - "documentation":"

    An external ID to assign to the asset. The external ID must be unique within your Amazon Web Services account. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } } }, @@ -4199,6 +4758,63 @@ } } }, + "CreateComputationModelRequest":{ + "type":"structure", + "required":[ + "computationModelName", + "computationModelConfiguration", + "computationModelDataBinding" + ], + "members":{ + "computationModelName":{ + "shape":"RestrictedName", + "documentation":"

    The name of the computation model.

    " + }, + "computationModelDescription":{ + "shape":"RestrictedDescription", + "documentation":"

    The description of the computation model.

    " + }, + "computationModelConfiguration":{ + "shape":"ComputationModelConfiguration", + "documentation":"

    The configuration for the computation model.

    " + }, + "computationModelDataBinding":{ + "shape":"ComputationModelDataBinding", + "documentation":"

    The data binding for the computation model. Key is a variable name defined in configuration. Value is a ComputationModelDataBindingValue referenced by the variable.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    A list of key-value pairs that contain metadata for the asset. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

    " + } + } + }, + "CreateComputationModelResponse":{ + "type":"structure", + "required":[ + "computationModelId", + "computationModelArn", + "computationModelStatus" + ], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    " + }, + "computationModelArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the computation model, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:computation-model/${ComputationModelId}

    " + }, + "computationModelStatus":{ + "shape":"ComputationModelStatus", + "documentation":"

    The status of the computation model, containing a state (CREATING after successfully calling this operation) and any error messages.

    " + } + } + }, "CreateDashboardRequest":{ "type":"structure", "required":[ @@ -4322,6 +4938,10 @@ "shape":"GatewayPlatform", "documentation":"

    The gateway's platform. You can only specify one platform in a gateway.

    " }, + "gatewayVersion":{ + "shape":"GatewayVersion", + "documentation":"

    The version of the gateway to create. Specify 3 to create an MQTT-enabled, V3 gateway and 2 to create a Classic streams, V2 gateway. If not specified, the default is 2 (Classic streams, V2 gateway).

    When creating a V3 gateway (gatewayVersion=3) with the GreengrassV2 platform, you must also specify the coreDeviceOperatingSystem parameter.

    We recommend creating an MQTT-enabled gateway for self-hosted gateways and Siemens Industrial Edge gateways. For more information on gateway versions, see Use Amazon Web Services IoT SiteWise Edge Edge gateways.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    A list of key-value pairs that contain metadata for the gateway. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

    " @@ -4345,6 +4965,7 @@ } } }, + "CreateMissingProperty":{"type":"boolean"}, "CreatePortalRequest":{ "type":"structure", "required":[ @@ -4498,7 +5119,7 @@ "type":"string", "max":139, "min":13, - "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^externalId:[a-zA-Z0-9][a-zA-Z_\\-0-9.:]*[a-zA-Z0-9]+" + "pattern":"^(?!00000000-0000-0000-0000-000000000000)[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^externalId:[a-zA-Z0-9_][a-zA-Z_\\-0-9.:]*[a-zA-Z0-9_]+" }, "CustomerManagedS3Storage":{ "type":"structure", @@ -4558,6 +5179,39 @@ }, "documentation":"

    Contains a dashboard summary.

    " }, + "DataBindingValue":{ + "type":"structure", + "members":{ + "assetModelProperty":{"shape":"AssetModelPropertyBindingValue"}, + "assetProperty":{ + "shape":"AssetPropertyBindingValue", + "documentation":"

    The asset property value used in the data binding.

    " + } + }, + "documentation":"

    Represents a value used in a data binding. It can be an asset property or an asset model property.

    " + }, + "DataBindingValueFilter":{ + "type":"structure", + "members":{ + "asset":{ + "shape":"AssetBindingValueFilter", + "documentation":"

    Filter criteria for matching data bindings based on a specific asset. Used to list all data bindings referencing a particular asset or its properties.

    " + }, + "assetModel":{ + "shape":"AssetModelBindingValueFilter", + "documentation":"

    Filter criteria for matching data bindings based on a specific asset model. Used to list all data bindings referencing a particular asset model or its properties.

    " + }, + "assetProperty":{ + "shape":"AssetPropertyBindingValueFilter", + "documentation":"

    Filter criteria for matching data bindings based on a specific asset property. Used to list all data bindings referencing a particular property of an asset.

    " + }, + "assetModelProperty":{ + "shape":"AssetModelPropertyBindingValueFilter", + "documentation":"

    Filter criteria for matching data bindings based on a specific asset model property. Used to list all data bindings referencing a particular property of an asset model.

    " + } + }, + "documentation":"

    A filter used to match specific data binding values based on criteria. This filter allows searching for data bindings by asset, asset model, asset property, or asset model property.

    " + }, "DataSetReference":{ "type":"structure", "members":{ @@ -4722,8 +5376,7 @@ }, "DeleteAccessPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssetModelCompositeModelRequest":{ "type":"structure", @@ -4778,6 +5431,58 @@ "assetModelStatus":{"shape":"AssetModelStatus"} } }, + "DeleteAssetModelInterfaceRelationshipRequest":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId" + ], + "members":{ + "assetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"assetModelId" + }, + "interfaceAssetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the interface asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"interfaceAssetModelId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteAssetModelInterfaceRelationshipResponse":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId", + "assetModelArn", + "assetModelStatus" + ], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model.

    " + }, + "interfaceAssetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the interface asset model.

    " + }, + "assetModelArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the asset model, which has the following format. arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}

    " + }, + "assetModelStatus":{"shape":"AssetModelStatus"} + } + }, "DeleteAssetModelRequest":{ "type":"structure", "required":["assetModelId"], @@ -4854,6 +5559,35 @@ } } }, + "DeleteComputationModelRequest":{ + "type":"structure", + "required":["computationModelId"], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    ", + "location":"uri", + "locationName":"computationModelId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", + "idempotencyToken":true, + "location":"querystring", + "locationName":"clientToken" + } + } + }, + "DeleteComputationModelResponse":{ + "type":"structure", + "required":["computationModelStatus"], + "members":{ + "computationModelStatus":{ + "shape":"ComputationModelStatus", + "documentation":"

    The status of the computation model. It contains a state (DELETING after successfully calling this operation) and any error messages.

    " + } + } + }, "DeleteDashboardRequest":{ "type":"structure", "required":["dashboardId"], @@ -4875,15 +5609,14 @@ }, "DeleteDashboardResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDatasetRequest":{ "type":"structure", "required":["datasetId"], "members":{ "datasetId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the dataset.

    ", "location":"uri", "locationName":"datasetId" @@ -4970,8 +5703,7 @@ }, "DeleteProjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTimeSeriesRequest":{ "type":"structure", @@ -5096,6 +5828,10 @@ "executionTime":{ "shape":"Timestamp", "documentation":"

    The time the action was executed.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this action resolves to.

    " } } }, @@ -5261,6 +5997,54 @@ } } }, + "DescribeAssetModelInterfaceRelationshipRequest":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId" + ], + "members":{ + "assetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"assetModelId" + }, + "interfaceAssetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the interface asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"interfaceAssetModelId" + } + } + }, + "DescribeAssetModelInterfaceRelationshipResponse":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId", + "propertyMappings", + "hierarchyMappings" + ], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model.

    " + }, + "interfaceAssetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the interface asset model.

    " + }, + "propertyMappings":{ + "shape":"PropertyMappings", + "documentation":"

    A list of property mappings between the interface asset model and the asset model where the interface is applied.

    " + }, + "hierarchyMappings":{ + "shape":"HierarchyMappings", + "documentation":"

    A list of hierarchy mappings between the interface asset model and the asset model where the interface is applied.

    " + } + } + }, "DescribeAssetModelRequest":{ "type":"structure", "required":["assetModelId"], @@ -5355,6 +6139,10 @@ "shape":"Version", "documentation":"

    The version of the asset model. See Asset model versions in the IoT SiteWise User Guide.

    " }, + "interfaceDetails":{ + "shape":"InterfaceDetails", + "documentation":"

    A list of interface details that describe the interfaces implemented by this asset model, including interface asset model IDs and property mappings.

    " + }, "eTag":{ "shape":"ETag", "documentation":"

    The entity tag (ETag) is a hash of the retrieved version of the asset model. It's used to make concurrent updates safely to the resource. See Optimistic locking for asset model writes in the IoT SiteWise User Guide.

    See Optimistic locking for asset model writes in the IoT SiteWise User Guide.

    ", @@ -5396,6 +6184,10 @@ "shape":"ID", "documentation":"

    The ID of the asset, in UUID format.

    " }, + "assetExternalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "assetName":{ "shape":"Name", "documentation":"

    The name of the asset.

    " @@ -5411,10 +6203,6 @@ "compositeModel":{ "shape":"CompositeModelProperty", "documentation":"

    The composite model that declares this asset property, if this asset property exists in a composite model.

    " - }, - "assetExternalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } } }, @@ -5454,6 +6242,10 @@ "shape":"ID", "documentation":"

    The ID of the asset, in UUID format.

    " }, + "assetExternalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset, if any.

    " + }, "assetArn":{ "shape":"ARN", "documentation":"

    The ARN of the asset, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

    " @@ -5497,10 +6289,6 @@ "assetCompositeModelSummaries":{ "shape":"AssetCompositeModelSummaries", "documentation":"

    The list of the immediate child custom composite model summaries for the asset.

    " - }, - "assetExternalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset, if any.

    " } } }, @@ -5576,6 +6364,130 @@ } } }, + "DescribeComputationModelExecutionSummaryRequest":{ + "type":"structure", + "required":["computationModelId"], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    ", + "location":"uri", + "locationName":"computationModelId" + }, + "resolveToResourceType":{ + "shape":"ResolveToResourceType", + "documentation":"

    The type of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceType" + }, + "resolveToResourceId":{ + "shape":"ID", + "documentation":"

    The ID of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceId" + } + } + }, + "DescribeComputationModelExecutionSummaryResponse":{ + "type":"structure", + "required":[ + "computationModelId", + "computationModelExecutionSummary" + ], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this execution summary resolves to.

    " + }, + "computationModelExecutionSummary":{ + "shape":"ComputationModelExecutionSummary", + "documentation":"

    Contains the execution summary of the computation model.

    " + } + } + }, + "DescribeComputationModelRequest":{ + "type":"structure", + "required":["computationModelId"], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    ", + "location":"uri", + "locationName":"computationModelId" + }, + "computationModelVersion":{ + "shape":"ComputationModelVersionFilter", + "documentation":"

    The version of the computation model.

    ", + "location":"querystring", + "locationName":"computationModelVersion" + } + } + }, + "DescribeComputationModelResponse":{ + "type":"structure", + "required":[ + "computationModelId", + "computationModelArn", + "computationModelName", + "computationModelConfiguration", + "computationModelDataBinding", + "computationModelCreationDate", + "computationModelLastUpdateDate", + "computationModelStatus", + "computationModelVersion", + "actionDefinitions" + ], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    " + }, + "computationModelArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the computation model, which has the following format.

    arn:${Partition}:iotsitewise:${Region}:${Account}:computation-model/${ComputationModelId}

    " + }, + "computationModelName":{ + "shape":"RestrictedName", + "documentation":"

    The name of the computation model.

    " + }, + "computationModelDescription":{ + "shape":"RestrictedDescription", + "documentation":"

    The description of the computation model.

    " + }, + "computationModelConfiguration":{ + "shape":"ComputationModelConfiguration", + "documentation":"

    The configuration for the computation model.

    " + }, + "computationModelDataBinding":{ + "shape":"ComputationModelDataBinding", + "documentation":"

    The data binding for the computation model. Key is a variable name defined in configuration. Value is a ComputationModelDataBindingValue referenced by the variable.

    " + }, + "computationModelCreationDate":{ + "shape":"Timestamp", + "documentation":"

    The model creation date, in Unix epoch time.

    " + }, + "computationModelLastUpdateDate":{ + "shape":"Timestamp", + "documentation":"

    The date the model was last updated, in Unix epoch time.

    " + }, + "computationModelStatus":{ + "shape":"ComputationModelStatus", + "documentation":"

    The current status of the asset model, which contains a state and an error message if any.

    " + }, + "computationModelVersion":{ + "shape":"Version", + "documentation":"

    The version of the computation model.

    " + }, + "actionDefinitions":{ + "shape":"ActionDefinitions", + "documentation":"

    The available actions for this computation model.

    " + } + } + }, "DescribeDashboardRequest":{ "type":"structure", "required":["dashboardId"], @@ -5639,7 +6551,7 @@ "required":["datasetId"], "members":{ "datasetId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the dataset.

    ", "location":"uri", "locationName":"datasetId" @@ -5699,8 +6611,7 @@ }, "DescribeDefaultEncryptionConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDefaultEncryptionConfigurationResponse":{ "type":"structure", @@ -5723,6 +6634,71 @@ } } }, + "DescribeExecutionRequest":{ + "type":"structure", + "required":["executionId"], + "members":{ + "executionId":{ + "shape":"ID", + "documentation":"

    The ID of the execution.

    ", + "location":"uri", + "locationName":"executionId" + } + } + }, + "DescribeExecutionResponse":{ + "type":"structure", + "required":[ + "executionId", + "targetResource", + "targetResourceVersion", + "executionStartTime", + "executionStatus" + ], + "members":{ + "executionId":{ + "shape":"ID", + "documentation":"

    The ID of the execution.

    " + }, + "actionType":{ + "shape":"Name", + "documentation":"

    The type of action exectued.

    " + }, + "targetResource":{"shape":"TargetResource"}, + "targetResourceVersion":{ + "shape":"Version", + "documentation":"

    The version of the target resource.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this execution resolves to.

    " + }, + "executionStartTime":{ + "shape":"Timestamp", + "documentation":"

    The time the process started.

    " + }, + "executionEndTime":{ + "shape":"Timestamp", + "documentation":"

    The time the process ended.

    " + }, + "executionStatus":{ + "shape":"ExecutionStatus", + "documentation":"

    The status of the execution process.

    " + }, + "executionResult":{ + "shape":"ExecutionResult", + "documentation":"

    The result of the execution.

    " + }, + "executionDetails":{ + "shape":"ExecutionDetails", + "documentation":"

    Provides detailed information about the execution of your anomaly detection models. This includes model metrics and training timestamps for both training and inference actions.

    • The training action (Amazon Web Services/ANOMALY_DETECTION_TRAINING), includes performance metrics that help you compare different versions of your anomaly detection models. These metrics provide insights into the model's performance during the training process.

    • The inference action (Amazon Web Services/ANOMALY_DETECTION_INFERENCE), includes information about the results of executing your anomaly detection models. This helps you understand the output of your models and assess their performance.

    " + }, + "executionEntityVersion":{ + "shape":"Version", + "documentation":"

    Entity version used for the execution.

    " + } + } + }, "DescribeGatewayCapabilityConfigurationRequest":{ "type":"structure", "required":[ @@ -5738,7 +6714,7 @@ }, "capabilityNamespace":{ "shape":"CapabilityNamespace", - "documentation":"

    The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

    ", + "documentation":"

    The namespace of the capability configuration. For example, if you configure OPC UA sources for an MQTT-enabled gateway, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:3.

    ", "location":"uri", "locationName":"capabilityNamespace" } @@ -5767,7 +6743,7 @@ }, "capabilitySyncStatus":{ "shape":"CapabilitySyncStatus", - "documentation":"

    The synchronization status of the capability configuration. The sync status can be one of the following:

    • IN_SYNC – The gateway is running the capability configuration.

    • NOT_APPLICABLE – Synchronization is not required for this capability configuration. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    • OUT_OF_SYNC – The gateway hasn't received the capability configuration.

    • SYNC_FAILED – The gateway rejected the capability configuration.

    • UNKNOWN – The synchronization status is currently unknown due to an undetermined or temporary error.

    " + "documentation":"

    The synchronization status of the gateway capability configuration. The sync status can be one of the following:

    • IN_SYNC - The gateway is running with the latest configuration.

    • OUT_OF_SYNC - The gateway hasn't received the latest configuration.

    • SYNC_FAILED - The gateway rejected the latest configuration.

    • UNKNOWN - The gateway hasn't reported its sync status.

    • NOT_APPLICABLE - The gateway doesn't support this capability. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    " } } }, @@ -5810,6 +6786,10 @@ "shape":"GatewayPlatform", "documentation":"

    The gateway's platform.

    " }, + "gatewayVersion":{ + "shape":"GatewayVersion", + "documentation":"

    The version of the gateway. A value of 3 indicates an MQTT-enabled, V3 gateway, while 2 indicates a Classic streams, V2 gateway.

    " + }, "gatewayCapabilitySummaries":{ "shape":"GatewayCapabilitySummaries", "documentation":"

    A list of gateway capability summaries that each contain a namespace and status. Each gateway capability defines data sources for the gateway. To retrieve a capability configuration's definition, use DescribeGatewayCapabilityConfiguration.

    " @@ -5826,8 +6806,7 @@ }, "DescribeLoggingOptionsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeLoggingOptionsResponse":{ "type":"structure", @@ -5990,8 +6969,7 @@ }, "DescribeStorageConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeStorageConfigurationResponse":{ "type":"structure", @@ -6309,6 +7287,10 @@ "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this action resolves to.

    " } } }, @@ -6345,7 +7327,7 @@ }, "maxResults":{ "shape":"ExecuteQueryMaxResults", - "documentation":"

    The maximum number of results to return at one time. The default is 25.

    " + "documentation":"

    The maximum number of results to return at one time.

    • Minimum is 1

    • Maximum is 20000

    • Default is 20000

    " }, "clientToken":{ "shape":"ClientToken", @@ -6371,10 +7353,105 @@ } } }, + "ExecutionDetails":{ + "type":"map", + "key":{"shape":"ExecutionDetailsKey"}, + "value":{"shape":"ExecutionDetailsValue"} + }, + "ExecutionDetailsKey":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ExecutionDetailsValue":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ExecutionResult":{ + "type":"map", + "key":{"shape":"ExecutionResultKey"}, + "value":{"shape":"ExecutionResultValue"} + }, + "ExecutionResultKey":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ExecutionResultValue":{ + "type":"string", + "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" + }, + "ExecutionState":{ + "type":"string", + "enum":[ + "RUNNING", + "COMPLETED", + "FAILED" + ] + }, + "ExecutionStatus":{ + "type":"structure", + "required":["state"], + "members":{ + "state":{ + "shape":"ExecutionState", + "documentation":"

    The current state of the computation model.

    " + } + }, + "documentation":"

    The status of the execution.

    " + }, + "ExecutionSummaries":{ + "type":"list", + "member":{"shape":"ExecutionSummary"} + }, + "ExecutionSummary":{ + "type":"structure", + "required":[ + "executionId", + "targetResource", + "targetResourceVersion", + "executionStartTime", + "executionStatus" + ], + "members":{ + "executionId":{ + "shape":"ID", + "documentation":"

    The ID of the execution.

    " + }, + "actionType":{ + "shape":"Name", + "documentation":"

    The type of action exectued.

    " + }, + "targetResource":{"shape":"TargetResource"}, + "targetResourceVersion":{ + "shape":"Version", + "documentation":"

    The version of the target resource.

    " + }, + "resolveTo":{ + "shape":"ResolveTo", + "documentation":"

    The detailed resource this execution resolves to.

    " + }, + "executionStartTime":{ + "shape":"Timestamp", + "documentation":"

    The time the process started.

    " + }, + "executionEndTime":{ + "shape":"Timestamp", + "documentation":"

    The time the process ended.

    " + }, + "executionStatus":{ + "shape":"ExecutionStatus", + "documentation":"

    The status of the execution process.

    " + }, + "executionEntityVersion":{ + "shape":"Version", + "documentation":"

    The execution entity version associated with the summary.

    " + } + }, + "documentation":"

    Contains the execution summary of the computation model.

    " + }, "Expression":{ "type":"string", "max":1024, - "min":1 + "min":0 }, "ExpressionVariable":{ "type":"structure", @@ -6475,11 +7552,11 @@ "members":{ "capabilityNamespace":{ "shape":"CapabilityNamespace", - "documentation":"

    The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

    " + "documentation":"

    The namespace of the capability configuration. For example, if you configure OPC UA sources for an MQTT-enabled gateway, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:3.

    " }, "capabilitySyncStatus":{ "shape":"CapabilitySyncStatus", - "documentation":"

    The synchronization status of the capability configuration. The sync status can be one of the following:

    • IN_SYNC – The gateway is running the capability configuration.

    • NOT_APPLICABLE – Synchronization is not required for this capability configuration. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    • OUT_OF_SYNC – The gateway hasn't received the capability configuration.

    • SYNC_FAILED – The gateway rejected the capability configuration.

    • UNKNOWN – The synchronization status is currently unknown due to an undetermined or temporary error.

    " + "documentation":"

    The synchronization status of the gateway capability configuration. The sync status can be one of the following:

    • IN_SYNC - The gateway is running with the latest configuration.

    • OUT_OF_SYNC - The gateway hasn't received the latest configuration.

    • SYNC_FAILED - The gateway rejected the latest configuration.

    • UNKNOWN - The gateway hasn't reported its sync status.

    • NOT_APPLICABLE - The gateway doesn't support this capability. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    " } }, "documentation":"

    Contains a summary of a gateway capability configuration.

    " @@ -6506,7 +7583,7 @@ "documentation":"

    A SiteWise Edge gateway that runs on a Siemens Industrial Edge Device.

    " } }, - "documentation":"

    Contains a gateway's platform information.

    " + "documentation":"

    The gateway's platform configuration. You can only specify one platform type in a gateway.

    (Legacy only) For Greengrass V1 gateways, specify the greengrass parameter with a valid Greengrass group ARN.

    For Greengrass V2 gateways, specify the greengrassV2 parameter with a valid core device thing name. If creating a V3 gateway (gatewayVersion=3), you must also specify the coreDeviceOperatingSystem.

    For Siemens Industrial Edge gateways, specify the siemensIE parameter with a valid IoT Core thing name.

    " }, "GatewaySummaries":{ "type":"list", @@ -6530,6 +7607,10 @@ "documentation":"

    The name of the gateway.

    " }, "gatewayPlatform":{"shape":"GatewayPlatform"}, + "gatewayVersion":{ + "shape":"GatewayVersion", + "documentation":"

    The version of the gateway. A value of 3 indicates an MQTT-enabled, V3 gateway, while 2 indicates a Classic streams, V2 gateway.

    " + }, "gatewayCapabilitySummaries":{ "shape":"GatewayCapabilitySummaries", "documentation":"

    A list of gateway capability summaries that each contain a namespace and status. Each gateway capability defines data sources for the gateway. To retrieve a capability configuration's definition, use DescribeGatewayCapabilityConfiguration.

    " @@ -6545,6 +7626,13 @@ }, "documentation":"

    Contains a summary of a gateway.

    " }, + "GatewayVersion":{ + "type":"string", + "documentation":"

    The version of the gateway. Options include:

    • 2 - Classic streams, V2 gateway.

    • 3 - MQTT-enabled, V3 gateway.

    ", + "max":1024, + "min":1, + "pattern":"^[0-9]+$" + }, "GetAssetPropertyAggregatesRequest":{ "type":"structure", "required":[ @@ -6871,6 +7959,10 @@ "coreDeviceThingName":{ "shape":"CoreDeviceThingName", "documentation":"

    The name of the IoT thing for your IoT Greengrass V2 core device.

    " + }, + "coreDeviceOperatingSystem":{ + "shape":"CoreDeviceOperatingSystem", + "documentation":"

    The operating system of the core device in IoT Greengrass V2. Specifying the operating system is required for MQTT-enabled, V3 gateways (gatewayVersion 3) and not applicable for Classic stream, V2 gateways (gatewayVersion 2).

    " } }, "documentation":"

    Contains details for a gateway that runs on IoT Greengrass V2. To create a gateway that runs on IoT Greengrass V2, you must deploy the IoT SiteWise Edge component to your gateway device. Your Greengrass device role must use the AWSIoTSiteWiseEdgeAccess policy. For more information, see Using IoT SiteWise at the edge in the IoT SiteWise User Guide.

    " @@ -6886,6 +7978,28 @@ }, "documentation":"

    Contains information for a group identity in an access policy.

    " }, + "HierarchyMapping":{ + "type":"structure", + "required":[ + "assetModelHierarchyId", + "interfaceAssetModelHierarchyId" + ], + "members":{ + "assetModelHierarchyId":{ + "shape":"ID", + "documentation":"

    The ID of the hierarchy in the asset model where the interface is applied.

    " + }, + "interfaceAssetModelHierarchyId":{ + "shape":"ID", + "documentation":"

    The ID of the hierarchy in the interface asset model.

    " + } + }, + "documentation":"

    Maps a hierarchy from an interface asset model to a hierarchy in the asset model where the interface is applied.

    " + }, + "HierarchyMappings":{ + "type":"list", + "member":{"shape":"HierarchyMapping"} + }, "IAMRoleIdentity":{ "type":"structure", "required":["arn"], @@ -6912,7 +8026,7 @@ "type":"string", "max":36, "min":36, - "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" + "pattern":"^(?!00000000-0000-0000-0000-000000000000)[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, "IDs":{ "type":"list", @@ -7018,6 +8132,64 @@ }, "documentation":"

    Contains an image that is uploaded to IoT SiteWise and available at a URL.

    " }, + "InputProperties":{ + "type":"string", + "max":67, + "min":4, + "pattern":"^\\$\\{[a-z][a-z0-9_]*\\}" + }, + "InterfaceDetails":{ + "type":"list", + "member":{"shape":"InterfaceRelationship"} + }, + "InterfaceRelationship":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"ID", + "documentation":"

    The ID of the asset model that has the interface applied to it.

    " + } + }, + "documentation":"

    Contains information about the relationship between an asset model and an interface asset model that is applied to it.

    " + }, + "InterfaceRelationshipSummaries":{ + "type":"list", + "member":{"shape":"InterfaceRelationshipSummary"} + }, + "InterfaceRelationshipSummary":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"ID", + "documentation":"

    The ID of the asset model that has the interface applied to it.

    " + } + }, + "documentation":"

    Contains summary information about an interface relationship, which defines how an interface is applied to an asset model. This summary provides the essential identifiers needed to retrieve detailed information about the relationship.

    " + }, + "InterfaceSummaries":{ + "type":"list", + "member":{"shape":"InterfaceSummary"} + }, + "InterfaceSummary":{ + "type":"structure", + "required":[ + "interfaceAssetModelId", + "interfaceAssetModelPropertyId" + ], + "members":{ + "interfaceAssetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the interface asset model that contains this property.

    " + }, + "interfaceAssetModelPropertyId":{ + "shape":"ID", + "documentation":"

    The ID of the property in the interface asset model that corresponds to this property.

    " + } + }, + "documentation":"

    Contains summary information about an interface that a property belongs to.

    " + }, "InternalFailureException":{ "type":"structure", "required":["message"], @@ -7209,7 +8381,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

    You've reached the limit for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.

    For more information, see Quotas in the IoT SiteWise User Guide.

    ", + "documentation":"

    You've reached the quota for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.

    For more information, see Quotas in the IoT SiteWise User Guide.

    ", "error":{"httpStatusCode":410}, "exception":true }, @@ -7288,7 +8460,7 @@ "locationName":"targetResourceType" }, "targetResourceId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the target resource.

    ", "location":"querystring", "locationName":"targetResourceId" @@ -7304,6 +8476,18 @@ "documentation":"

    The maximum number of results to return for each paginated request.

    ", "location":"querystring", "locationName":"maxResults" + }, + "resolveToResourceType":{ + "shape":"ResolveToResourceType", + "documentation":"

    The type of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceType" + }, + "resolveToResourceId":{ + "shape":"ID", + "documentation":"

    The ID of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceId" } } }, @@ -7430,7 +8614,7 @@ "members":{ "assetModelTypes":{ "shape":"ListAssetModelsTypeFilter", - "documentation":"

    The type of asset model. If you don't provide an assetModelTypes, all types of asset models are returned.

    • ASSET_MODEL – An asset model that you can use to create assets. Can't be included as a component in another asset model.

    • COMPONENT_MODEL – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.

    ", + "documentation":"

    The type of asset model. If you don't provide an assetModelTypes, all types of asset models are returned.

    • ASSET_MODEL – An asset model that you can use to create assets. Can't be included as a component in another asset model.

    • COMPONENT_MODEL – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.

    • INTERFACE – An interface is a type of model that defines a standard structure that can be applied to different asset models.

    ", "location":"querystring", "locationName":"assetModelTypes" }, @@ -7757,6 +8941,113 @@ } } }, + "ListComputationModelDataBindingUsagesRequest":{ + "type":"structure", + "required":["dataBindingValueFilter"], + "members":{ + "dataBindingValueFilter":{ + "shape":"DataBindingValueFilter", + "documentation":"

    A filter used to limit the returned data binding usages based on specific data binding values. You can filter by asset, asset model, asset property, or asset model property to find all computation models using these specific data sources.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token used for the next set of paginated results.

    " + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results returned for each paginated request.

    " + } + } + }, + "ListComputationModelDataBindingUsagesResponse":{ + "type":"structure", + "required":["dataBindingUsageSummaries"], + "members":{ + "dataBindingUsageSummaries":{ + "shape":"ComputationModelDataBindingUsageSummaries", + "documentation":"

    A list of summaries describing the data binding usages across computation models. Each summary includes the computation model IDs and the matched data binding details.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of paginated results, or null if there are no additional results.

    " + } + } + }, + "ListComputationModelResolveToResourcesRequest":{ + "type":"structure", + "required":["computationModelId"], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model for which to list resolved resources.

    ", + "location":"uri", + "locationName":"computationModelId" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token used for the next set of paginated results.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results returned for each paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListComputationModelResolveToResourcesResponse":{ + "type":"structure", + "required":["computationModelResolveToResourceSummaries"], + "members":{ + "computationModelResolveToResourceSummaries":{ + "shape":"ComputationModelResolveToResourceSummaries", + "documentation":"

    A list of summaries describing the distinct resources that this computation model resolves to when actions were executed.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of paginated results, or null if there are no additional results.

    " + } + } + }, + "ListComputationModelsRequest":{ + "type":"structure", + "members":{ + "computationModelType":{ + "shape":"ComputationModelType", + "documentation":"

    The type of computation model. If a computationModelType is not provided, all types of computation models are returned.

    ", + "location":"querystring", + "locationName":"computationModelType" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to be used for the next set of paginated results.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return for each paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListComputationModelsResponse":{ + "type":"structure", + "required":["computationModelSummaries"], + "members":{ + "computationModelSummaries":{ + "shape":"ComputationModelSummaries", + "documentation":"

    A list summarizing each computation model.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results, or null if there are no additional results.

    " + } + } + }, "ListDashboardsRequest":{ "type":"structure", "required":["projectId"], @@ -7833,6 +9124,71 @@ } } }, + "ListExecutionsRequest":{ + "type":"structure", + "required":[ + "targetResourceType", + "targetResourceId" + ], + "members":{ + "targetResourceType":{ + "shape":"TargetResourceType", + "documentation":"

    The type of the target resource.

    ", + "location":"querystring", + "locationName":"targetResourceType" + }, + "targetResourceId":{ + "shape":"ID", + "documentation":"

    The ID of the target resource.

    ", + "location":"querystring", + "locationName":"targetResourceId" + }, + "resolveToResourceType":{ + "shape":"ResolveToResourceType", + "documentation":"

    The type of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceType" + }, + "resolveToResourceId":{ + "shape":"ID", + "documentation":"

    The ID of the resolved resource.

    ", + "location":"querystring", + "locationName":"resolveToResourceId" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token used for the next set of paginated results.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results returned for each paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "actionType":{ + "shape":"Name", + "documentation":"

    The type of action exectued.

    ", + "location":"querystring", + "locationName":"actionType" + } + } + }, + "ListExecutionsResponse":{ + "type":"structure", + "required":["executionSummaries"], + "members":{ + "executionSummaries":{ + "shape":"ExecutionSummaries", + "documentation":"

    Contains the list of execution summaries of the computation models.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results, or null if there are no additional results.

    " + } + } + }, "ListGatewaysRequest":{ "type":"structure", "members":{ @@ -7864,6 +9220,44 @@ } } }, + "ListInterfaceRelationshipsRequest":{ + "type":"structure", + "required":["interfaceAssetModelId"], + "members":{ + "interfaceAssetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the interface asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"interfaceAssetModelId" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to be used for the next set of paginated results.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return for each paginated request. Default: 50

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListInterfaceRelationshipsResponse":{ + "type":"structure", + "required":["interfaceRelationshipSummaries"], + "members":{ + "interfaceRelationshipSummaries":{ + "shape":"InterfaceRelationshipSummaries", + "documentation":"

    A list that summarizes each interface relationship.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results, or null if there are no additional results.

    " + } + } + }, "ListPortalsRequest":{ "type":"structure", "members":{ @@ -8082,6 +9476,18 @@ "min":1, "pattern":"[^\\u0000-\\u001F\\u007F]+" }, + "MatchByPropertyName":{"type":"boolean"}, + "MatchedDataBinding":{ + "type":"structure", + "required":["value"], + "members":{ + "value":{ + "shape":"DataBindingValue", + "documentation":"

    The value of the matched data binding.

    " + } + }, + "documentation":"

    Represents a data binding that matches the specified filter criteria.

    " + }, "MaxInterpolatedResults":{ "type":"integer", "min":1 @@ -8120,11 +9526,7 @@ }, "Metric":{ "type":"structure", - "required":[ - "expression", - "variables", - "window" - ], + "required":["window"], "members":{ "expression":{ "shape":"Expression", @@ -8229,8 +9631,7 @@ }, "Parquet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A parquet file.

    " }, "Permission":{ @@ -8443,6 +9844,10 @@ "shape":"ID", "documentation":"

    The ID of the asset property.

    " }, + "externalId":{ + "shape":"ExternalId", + "documentation":"

    The external ID of the asset property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "name":{ "shape":"Name", "documentation":"

    The name of the property.

    " @@ -8470,10 +9875,6 @@ "path":{ "shape":"AssetPropertyPath", "documentation":"

    The structured path to the property from the root of the asset.

    " - }, - "externalId":{ - "shape":"ExternalId", - "documentation":"

    The external ID of the asset property. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } }, "documentation":"

    Contains asset property information.

    " @@ -8493,6 +9894,46 @@ "STRUCT" ] }, + "PropertyMapping":{ + "type":"structure", + "required":[ + "assetModelPropertyId", + "interfaceAssetModelPropertyId" + ], + "members":{ + "assetModelPropertyId":{ + "shape":"CustomID", + "documentation":"

    The ID of the property in the asset model where the interface is applied.

    " + }, + "interfaceAssetModelPropertyId":{ + "shape":"CustomID", + "documentation":"

    The ID of the property in the interface asset model.

    " + } + }, + "documentation":"

    Maps a property from an interface asset model to a property in the asset model where the interface is applied.

    " + }, + "PropertyMappingConfiguration":{ + "type":"structure", + "members":{ + "matchByPropertyName":{ + "shape":"MatchByPropertyName", + "documentation":"

    If true, properties are matched by name between the interface asset model and the asset model where the interface is applied.

    " + }, + "createMissingProperty":{ + "shape":"CreateMissingProperty", + "documentation":"

    If true, missing properties from the interface asset model are automatically created in the asset model where the interface is applied.

    " + }, + "overrides":{ + "shape":"PropertyMappings", + "documentation":"

    A list of specific property mappings that override the automatic mapping by name when an interface is applied to an asset model.

    " + } + }, + "documentation":"

    Contains configuration options for mapping properties from an interface asset model to an asset model where the interface is applied.

    " + }, + "PropertyMappings":{ + "type":"list", + "member":{"shape":"PropertyMapping"} + }, "PropertyNotification":{ "type":"structure", "required":[ @@ -8562,6 +10003,61 @@ "documentation":"

    The value type of null asset property data with BAD and UNCERTAIN qualities.

    " }, "PropertyValueStringValue":{"type":"string"}, + "PutAssetModelInterfaceRelationshipRequest":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId", + "propertyMappingConfiguration" + ], + "members":{ + "assetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"assetModelId" + }, + "interfaceAssetModelId":{ + "shape":"CustomID", + "documentation":"

    The ID of the interface asset model. This can be either the actual ID in UUID format, or else externalId: followed by the external ID.

    ", + "location":"uri", + "locationName":"interfaceAssetModelId" + }, + "propertyMappingConfiguration":{ + "shape":"PropertyMappingConfiguration", + "documentation":"

    The configuration for mapping properties from the interface asset model to the asset model where the interface is applied. This configuration controls how properties are matched and created during the interface application process.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", + "idempotencyToken":true + } + } + }, + "PutAssetModelInterfaceRelationshipResponse":{ + "type":"structure", + "required":[ + "assetModelId", + "interfaceAssetModelId", + "assetModelArn", + "assetModelStatus" + ], + "members":{ + "assetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the asset model.

    " + }, + "interfaceAssetModelId":{ + "shape":"ID", + "documentation":"

    The ID of the interface asset model.

    " + }, + "assetModelArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the asset model, which has the following format. arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}

    " + }, + "assetModelStatus":{"shape":"AssetModelStatus"} + } + }, "PutAssetPropertyValueEntries":{ "type":"list", "member":{"shape":"PutAssetPropertyValueEntry"} @@ -8643,8 +10139,7 @@ }, "PutLoggingOptionsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutStorageConfigurationRequest":{ "type":"structure", @@ -8766,6 +10261,21 @@ "min":2, "pattern":"1m|15m|1h|1d" }, + "ResolveTo":{ + "type":"structure", + "required":["assetId"], + "members":{ + "assetId":{ + "shape":"ID", + "documentation":"

    The ID of the asset that the resource resolves to.

    " + } + }, + "documentation":"

    The detailed resource this execution summary resolves to.

    " + }, + "ResolveToResourceType":{ + "type":"string", + "enum":["ASSET"] + }, "Resource":{ "type":"structure", "members":{ @@ -8855,6 +10365,12 @@ "min":1, "pattern":"^[a-zA-Z0-9 _\\-#$*!@]+$" }, + "ResultProperty":{ + "type":"string", + "max":67, + "min":4, + "pattern":"^\\$\\{[a-z][a-z0-9_]*\\}" + }, "RetentionPeriod":{ "type":"structure", "members":{ @@ -8998,8 +10514,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -9008,18 +10523,24 @@ }, "TargetResource":{ "type":"structure", - "required":["assetId"], "members":{ "assetId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the asset, in UUID format.

    " + }, + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    " } }, - "documentation":"

    The resource the action will be taken on.

    " + "documentation":"

    The resource the action will be taken on. This can include asset-based resources and computation model resources.

    " }, "TargetResourceType":{ "type":"string", - "enum":["ASSET"] + "enum":[ + "ASSET", + "COMPUTATION_MODEL" + ] }, "ThrottlingException":{ "type":"structure", @@ -9130,7 +10651,7 @@ "documentation":"

    The name of the resource with too many tags.

    " } }, - "documentation":"

    You've reached the limit for the number of tags allowed for a resource. For more information, see Tag naming limits and requirements in the Amazon Web Services General Reference.

    ", + "documentation":"

    You've reached the quota for the number of tags allowed for a resource. For more information, see Tag naming limits and requirements in the Amazon Web Services General Reference.

    ", "error":{"httpStatusCode":400}, "exception":true }, @@ -9239,8 +10760,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccessPolicyRequest":{ "type":"structure", @@ -9278,8 +10798,7 @@ }, "UpdateAccessPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAssetModelCompositeModelRequest":{ "type":"structure", @@ -9479,6 +10998,10 @@ "location":"uri", "locationName":"assetId" }, + "assetExternalId":{ + "shape":"ExternalId", + "documentation":"

    An external ID to assign to the asset. The asset must not already have an external ID. The external ID must be unique within your Amazon Web Services account. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " + }, "assetName":{ "shape":"Name", "documentation":"

    A friendly name for the asset.

    " @@ -9491,10 +11014,6 @@ "assetDescription":{ "shape":"Description", "documentation":"

    A description for the asset.

    " - }, - "assetExternalId":{ - "shape":"ExternalId", - "documentation":"

    An external ID to assign to the asset. The asset must not already have an external ID. The external ID must be unique within your Amazon Web Services account. For more information, see Using external IDs in the IoT SiteWise User Guide.

    " } } }, @@ -9508,6 +11027,54 @@ } } }, + "UpdateComputationModelRequest":{ + "type":"structure", + "required":[ + "computationModelId", + "computationModelName", + "computationModelConfiguration", + "computationModelDataBinding" + ], + "members":{ + "computationModelId":{ + "shape":"ID", + "documentation":"

    The ID of the computation model.

    ", + "location":"uri", + "locationName":"computationModelId" + }, + "computationModelName":{ + "shape":"RestrictedName", + "documentation":"

    The name of the computation model.

    " + }, + "computationModelDescription":{ + "shape":"RestrictedDescription", + "documentation":"

    The description of the computation model.

    " + }, + "computationModelConfiguration":{ + "shape":"ComputationModelConfiguration", + "documentation":"

    The configuration for the computation model.

    " + }, + "computationModelDataBinding":{ + "shape":"ComputationModelDataBinding", + "documentation":"

    The data binding for the computation model. Key is a variable name defined in configuration. Value is a ComputationModelDataBindingValue referenced by the variable.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    ", + "idempotencyToken":true + } + } + }, + "UpdateComputationModelResponse":{ + "type":"structure", + "required":["computationModelStatus"], + "members":{ + "computationModelStatus":{ + "shape":"ComputationModelStatus", + "documentation":"

    The status of the computation model. It contains a state (UPDATING after successfully calling this operation) and an error message if any.

    " + } + } + }, "UpdateDashboardRequest":{ "type":"structure", "required":[ @@ -9543,8 +11110,7 @@ }, "UpdateDashboardResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatasetRequest":{ "type":"structure", @@ -9555,7 +11121,7 @@ ], "members":{ "datasetId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the dataset.

    ", "location":"uri", "locationName":"datasetId" @@ -9583,7 +11149,7 @@ "type":"structure", "members":{ "datasetId":{ - "shape":"CustomID", + "shape":"ID", "documentation":"

    The ID of the dataset.

    " }, "datasetArn":{ @@ -9612,7 +11178,7 @@ }, "capabilityNamespace":{ "shape":"CapabilityNamespace", - "documentation":"

    The namespace of the gateway capability configuration to be updated. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

    " + "documentation":"

    The namespace of the gateway capability configuration to be updated. For example, if you configure OPC UA sources for an MQTT-enabled gateway, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:3.

    " }, "capabilityConfiguration":{ "shape":"CapabilityConfiguration", @@ -9633,7 +11199,7 @@ }, "capabilitySyncStatus":{ "shape":"CapabilitySyncStatus", - "documentation":"

    The synchronization status of the capability configuration. The sync status can be one of the following:

    • IN_SYNC – The gateway is running the capability configuration.

    • NOT_APPLICABLE – Synchronization is not required for this capability configuration. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    • OUT_OF_SYNC – The gateway hasn't received the capability configuration.

    • SYNC_FAILED – The gateway rejected the capability configuration.

    • UNKNOWN – The synchronization status is currently unknown due to an undetermined or temporary error.

    After you update a capability configuration, its sync status is OUT_OF_SYNC until the gateway receives and applies or rejects the updated configuration.

    " + "documentation":"

    The synchronization status of the gateway capability configuration. The sync status can be one of the following:

    • IN_SYNC - The gateway is running with the latest configuration.

    • OUT_OF_SYNC - The gateway hasn't received the latest configuration.

    • SYNC_FAILED - The gateway rejected the latest configuration.

    • UNKNOWN - The gateway hasn't reported its sync status.

    • NOT_APPLICABLE - The gateway doesn't support this capability. This is most common when integrating partner data sources, because the data integration is handled externally by the partner.

    After you update a capability configuration, its sync status is OUT_OF_SYNC until the gateway receives and applies or rejects the updated configuration.

    " } } }, @@ -9751,8 +11317,7 @@ }, "UpdateProjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/iotthingsgraph/2018-09-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotthingsgraph/2018-09-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotthingsgraph/2018-09-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotthingsgraph/2018-09-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/iotthingsgraph/2018-09-06/service-2.json 2.31.35-1/awscli/botocore/data/iotthingsgraph/2018-09-06/service-2.json --- 2.23.6-1/awscli/botocore/data/iotthingsgraph/2018-09-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotthingsgraph/2018-09-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"iotthingsgraph", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS IoT Things Graph", "serviceId":"IoTThingsGraph", "signatureVersion":"v4", "signingName":"iotthingsgraph", "targetPrefix":"IotThingsGraphFrontEndService", - "uid":"iotthingsgraph-2018-09-06" + "uid":"iotthingsgraph-2018-09-06", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateEntityToThing":{ @@ -665,8 +667,7 @@ }, "AssociateEntityToThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateFlowTemplateRequest":{ "type":"structure", @@ -792,13 +793,11 @@ }, "DeleteFlowTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNamespaceRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNamespaceResponse":{ "type":"structure", @@ -824,8 +823,7 @@ }, "DeleteSystemInstanceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSystemTemplateRequest":{ "type":"structure", @@ -839,8 +837,7 @@ }, "DeleteSystemTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DependencyRevision":{ "type":"structure", @@ -903,8 +900,7 @@ }, "DeprecateFlowTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeprecateSystemTemplateRequest":{ "type":"structure", @@ -918,8 +914,7 @@ }, "DeprecateSystemTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeNamespaceRequest":{ "type":"structure", @@ -974,8 +969,7 @@ }, "DissociateEntityFromThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Enabled":{"type":"boolean"}, "EntityDescription":{ @@ -1314,8 +1308,7 @@ }, "GetNamespaceDeletionStatusRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetNamespaceDeletionStatusResponse":{ "type":"structure", @@ -2089,8 +2082,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2168,8 +2160,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFlowTemplateRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/iottwinmaker/2021-11-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iottwinmaker/2021-11-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iottwinmaker/2021-11-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iottwinmaker/2021-11-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotwireless/2020-11-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/iotwireless/2020-11-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/iotwireless/2020-11-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotwireless/2020-11-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/iotwireless/2020-11-22/service-2.json 2.31.35-1/awscli/botocore/data/iotwireless/2020-11-22/service-2.json --- 2.23.6-1/awscli/botocore/data/iotwireless/2020-11-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/iotwireless/2020-11-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -423,7 +423,7 @@ {"shape":"InternalServerException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Deletes a multicast group if it is not in use by a fuota task.

    " + "documentation":"

    Deletes a multicast group if it is not in use by a FUOTA task.

    " }, "DeleteNetworkAnalyzerConfiguration":{ "name":"DeleteNetworkAnalyzerConfiguration", @@ -621,7 +621,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Disassociates a multicast group from a fuota task.

    " + "documentation":"

    Disassociates a multicast group from a FUOTA task.

    " }, "DisassociateWirelessDeviceFromFuotaTask":{ "name":"DisassociateWirelessDeviceFromFuotaTask", @@ -798,7 +798,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Returns current default log levels or log levels by resource types. Based on resource types, log levels can be for wireless device log options or wireless gateway log options.

    " + "documentation":"

    Returns current default log levels or log levels by resource types. Based on the resource type, log levels can be returned for wireless device, wireless gateway, or FUOTA task log options.

    " }, "GetMetricConfiguration":{ "name":"GetMetricConfiguration", @@ -994,7 +994,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Fetches the log-level override, if any, for a given resource-ID and resource-type. It can be used for a wireless device, wireless gateway or fuota task.

    " + "documentation":"

    Fetches the log-level override, if any, for a given resource ID and resource type..

    " }, "GetResourcePosition":{ "name":"GetResourcePosition", @@ -1315,7 +1315,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    List all multicast groups associated with a fuota task.

    " + "documentation":"

    List all multicast groups associated with a FUOTA task.

    " }, "ListNetworkAnalyzerConfigurations":{ "name":"ListNetworkAnalyzerConfigurations", @@ -1520,7 +1520,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Sets the log-level override for a resource-ID and resource-type. This option can be specified for a wireless gateway or a wireless device. A limit of 200 log level override can be set per account.

    " + "documentation":"

    Sets the log-level override for a resource ID and resource type. A limit of 200 log level override can be set per account.

    " }, "ResetAllResourceLogLevels":{ "name":"ResetAllResourceLogLevels", @@ -1538,7 +1538,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Removes the log-level overrides for all resources; wireless devices, wireless gateways, and fuota tasks.

    " + "documentation":"

    Removes the log-level overrides for all resources; wireless devices, wireless gateways, and FUOTA tasks.

    " }, "ResetResourceLogLevel":{ "name":"ResetResourceLogLevel", @@ -1556,7 +1556,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Removes the log-level override, if any, for a specific resource-ID and resource-type. It can be used for a wireless device, a wireless gateway, or a fuota task.

    " + "documentation":"

    Removes the log-level override, if any, for a specific resource ID and resource type. It can be used for a wireless device, a wireless gateway, or a FUOTA task.

    " }, "SendDataToMulticastGroup":{ "name":"SendDataToMulticastGroup", @@ -1831,7 +1831,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    Set default log level, or log levels by resource types. This can be for wireless device log options or wireless gateways log options and is used to control the log messages that'll be displayed in CloudWatch.

    " + "documentation":"

    Set default log level, or log levels by resource types. This can be for wireless device, wireless gateway, or FUOTA task log options, and is used to control the log messages that'll be displayed in CloudWatch.

    " }, "UpdateMetricConfiguration":{ "name":"UpdateMetricConfiguration", @@ -2213,8 +2213,7 @@ }, "AssociateMulticastGroupWithFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateWirelessDeviceWithFuotaTaskRequest":{ "type":"structure", @@ -2233,8 +2232,7 @@ }, "AssociateWirelessDeviceWithFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateWirelessDeviceWithMulticastGroupRequest":{ "type":"structure", @@ -2253,8 +2251,7 @@ }, "AssociateWirelessDeviceWithMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateWirelessDeviceWithThingRequest":{ "type":"structure", @@ -2277,8 +2274,7 @@ }, "AssociateWirelessDeviceWithThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateWirelessGatewayWithCertificateRequest":{ "type":"structure", @@ -2329,8 +2325,7 @@ }, "AssociateWirelessGatewayWithThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AutoCreateTasks":{"type":"boolean"}, "Avg":{"type":"double"}, @@ -2411,8 +2406,7 @@ }, "CancelMulticastGroupSessionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CaptureTimeAccuracy":{"type":"float"}, "CdmaChannel":{ @@ -2717,7 +2711,7 @@ "members":{ "Name":{ "shape":"DeviceProfileName", - "documentation":"

    The name of the new resource.

    " + "documentation":"

    The name of the new resource.

    The following special characters aren't accepted: <>^#~$

    " }, "LoRaWAN":{ "shape":"LoRaWANDeviceProfile", @@ -2847,7 +2841,7 @@ "members":{ "Name":{ "shape":"ServiceProfileName", - "documentation":"

    The name of the new resource.

    " + "documentation":"

    The name of the new resource.

    The following special characters aren't accepted: <>^#~$

    " }, "LoRaWAN":{ "shape":"LoRaWANServiceProfile", @@ -2890,7 +2884,7 @@ }, "Name":{ "shape":"WirelessDeviceName", - "documentation":"

    The name of the new resource.

    " + "documentation":"

    The name of the new resource.

    The following special characters aren't accepted: <>^#~$

    " }, "Description":{ "shape":"Description", @@ -2942,7 +2936,7 @@ "members":{ "Name":{ "shape":"WirelessGatewayName", - "documentation":"

    The name of the new resource.

    " + "documentation":"

    The name of the new resource.

    The following special characters aren't accepted: <>^#~$

    " }, "Description":{ "shape":"Description", @@ -3106,8 +3100,7 @@ }, "DeleteDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDeviceProfileRequest":{ "type":"structure", @@ -3123,8 +3116,7 @@ }, "DeleteDeviceProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFuotaTaskRequest":{ "type":"structure", @@ -3139,8 +3131,7 @@ }, "DeleteFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMulticastGroupRequest":{ "type":"structure", @@ -3155,8 +3146,7 @@ }, "DeleteMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNetworkAnalyzerConfigurationRequest":{ "type":"structure", @@ -3171,8 +3161,7 @@ }, "DeleteNetworkAnalyzerConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteQueuedMessagesRequest":{ "type":"structure", @@ -3203,8 +3192,7 @@ }, "DeleteQueuedMessagesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteServiceProfileRequest":{ "type":"structure", @@ -3220,8 +3208,7 @@ }, "DeleteServiceProfileResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWirelessDeviceImportTaskRequest":{ "type":"structure", @@ -3237,8 +3224,7 @@ }, "DeleteWirelessDeviceImportTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWirelessDeviceRequest":{ "type":"structure", @@ -3254,8 +3240,7 @@ }, "DeleteWirelessDeviceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWirelessGatewayRequest":{ "type":"structure", @@ -3271,8 +3256,7 @@ }, "DeleteWirelessGatewayResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWirelessGatewayTaskDefinitionRequest":{ "type":"structure", @@ -3288,8 +3272,7 @@ }, "DeleteWirelessGatewayTaskDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWirelessGatewayTaskRequest":{ "type":"structure", @@ -3305,8 +3288,7 @@ }, "DeleteWirelessGatewayTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterWirelessDeviceRequest":{ "type":"structure", @@ -3328,8 +3310,7 @@ }, "DeregisterWirelessDeviceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -3532,8 +3513,7 @@ }, "DisassociateAwsAccountFromPartnerAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateMulticastGroupFromFuotaTaskRequest":{ "type":"structure", @@ -3556,8 +3536,7 @@ }, "DisassociateMulticastGroupFromFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWirelessDeviceFromFuotaTaskRequest":{ "type":"structure", @@ -3580,8 +3559,7 @@ }, "DisassociateWirelessDeviceFromFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWirelessDeviceFromMulticastGroupRequest":{ "type":"structure", @@ -3604,8 +3582,7 @@ }, "DisassociateWirelessDeviceFromMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWirelessDeviceFromThingRequest":{ "type":"structure", @@ -3621,8 +3598,7 @@ }, "DisassociateWirelessDeviceFromThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWirelessGatewayFromCertificateRequest":{ "type":"structure", @@ -3638,8 +3614,7 @@ }, "DisassociateWirelessGatewayFromCertificateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWirelessGatewayFromThingRequest":{ "type":"structure", @@ -3655,8 +3630,7 @@ }, "DisassociateWirelessGatewayFromThingResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DlAllowed":{"type":"boolean"}, "DlBucketSize":{ @@ -3833,7 +3807,6 @@ "EventNotificationResourceType":{ "type":"string", "enum":[ - "FuotaTask", "SidewalkAccount", "WirelessDevice", "WirelessGateway" @@ -3899,7 +3872,7 @@ "FactorySupport":{"type":"boolean"}, "FileDescriptor":{ "type":"string", - "documentation":"

    The Descriptor specifies some metadata about the File being transferred using FUOTA e.g. the software version. It is sent transparently to the device. It is a binary field encoded in base64

    ", + "documentation":"

    The descriptor is the metadata about the file that is transferred to the device using FUOTA, such as the software version. It is a binary field encoded in base64.

    ", "max":332, "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" }, @@ -3966,7 +3939,7 @@ }, "FuotaTaskEvent":{ "type":"string", - "documentation":"

    The event for a log message, if the log message is tied to a fuota task.

    ", + "documentation":"

    The event for a log message, if the log message is tied to a FUOTA task.

    ", "enum":["Fuota"] }, "FuotaTaskEventLogOption":{ @@ -3979,7 +3952,7 @@ "Event":{"shape":"FuotaTaskEvent"}, "LogLevel":{"shape":"LogLevel"} }, - "documentation":"

    The log options for a FUOTA task event and can be used to set log levels for a specific fuota task event.

    For a LoRaWAN FuotaTask type, possible event for a log message is Fuota.

    " + "documentation":"

    The log options for a FUOTA task event and can be used to set log levels for a specific FUOTA task event.

    For a LoRaWAN FUOTA task, the only possible event for a log message is Fuota.

    " }, "FuotaTaskEventLogOptionList":{ "type":"list", @@ -4005,17 +3978,17 @@ "members":{ "Type":{ "shape":"FuotaTaskType", - "documentation":"

    The fuota task type.

    " + "documentation":"

    The FUOTA task type.

    " }, "LogLevel":{"shape":"LogLevel"}, "Events":{"shape":"FuotaTaskEventLogOptionList"} }, - "documentation":"

    The log options for fuota tasks and can be used to set log levels for a specific type of fuota task.

    " + "documentation":"

    The log options for FUOTA tasks and can be used to set log levels for a specific type of FUOTA task.

    " }, "FuotaTaskLogOptionList":{ "type":"list", "member":{"shape":"FuotaTaskLogOption"}, - "documentation":"

    The list of fuota task log options.

    " + "documentation":"

    The list of FUOTA task log options.

    " }, "FuotaTaskName":{ "type":"string", @@ -4035,7 +4008,7 @@ }, "FuotaTaskType":{ "type":"string", - "documentation":"

    The fuota task type.

    ", + "documentation":"

    The FUOTA task type.

    ", "enum":["LoRaWAN"] }, "GPST":{"type":"float"}, @@ -4165,8 +4138,7 @@ }, "GetEventConfigurationByResourceTypesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetEventConfigurationByResourceTypesResponse":{ "type":"structure", @@ -4224,8 +4196,7 @@ }, "GetLogLevelsByResourceTypesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetLogLevelsByResourceTypesResponse":{ "type":"structure", @@ -4238,8 +4209,7 @@ }, "GetMetricConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetMetricConfigurationResponse":{ "type":"structure", @@ -4570,7 +4540,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

    The type of the resource, which can be WirelessDevice, WirelessGateway or FuotaTask.

    ", + "documentation":"

    The type of resource, which can be WirelessDevice, WirelessGateway, or FuotaTask.

    ", "location":"querystring", "locationName":"resourceType" } @@ -4618,7 +4588,7 @@ "members":{ "ServiceType":{ "shape":"WirelessGatewayServiceType", - "documentation":"

    The service type for which to get endpoint information about. Can be CUPS for the Configuration and Update Server endpoint, or LNS for the LoRaWAN Network Server endpoint or CLAIM for the global endpoint.

    ", + "documentation":"

    The service type for which to get endpoint information about. Can be CUPS for the Configuration and Update Server endpoint, or LNS for the LoRaWAN Network Server endpoint.

    ", "location":"querystring", "locationName":"serviceType" } @@ -5218,7 +5188,6 @@ "enum":[ "PartnerAccountId", "DevEui", - "FuotaTaskId", "GatewayEui", "WirelessDeviceId", "WirelessGatewayId" @@ -6279,6 +6248,22 @@ "MinGwDiversity":{ "shape":"MinGwDiversity", "documentation":"

    The MinGwDiversity value.

    " + }, + "TxPowerIndexMin":{ + "shape":"TxPowerIndexMin", + "documentation":"

    The Transmit Power Index minimum value.

    Default: 0

    " + }, + "TxPowerIndexMax":{ + "shape":"TxPowerIndexMax", + "documentation":"

    The Transmit Power Index maximum value.

    Default: 15

    " + }, + "NbTransMin":{ + "shape":"NbTransMin", + "documentation":"

    The minimum number of transmissions.

    Default: 0

    " + }, + "NbTransMax":{ + "shape":"NbTransMax", + "documentation":"

    The maximum number of transmissions.

    Default: 3

    " } }, "documentation":"

    LoRaWANGetServiceProfileInfo object.

    " @@ -6418,6 +6403,22 @@ "RaAllowed":{ "shape":"RaAllowed", "documentation":"

    The RAAllowed value that describes whether roaming activation is allowed.

    " + }, + "TxPowerIndexMin":{ + "shape":"TxPowerIndexMin", + "documentation":"

    The Transmit Power Index minimum.

    Default: 0

    " + }, + "TxPowerIndexMax":{ + "shape":"TxPowerIndexMax", + "documentation":"

    The Transmit Power Index maximum.

    Default: 15

    " + }, + "NbTransMin":{ + "shape":"NbTransMin", + "documentation":"

    The minimum number of transmissions.

    Default: 0

    " + }, + "NbTransMax":{ + "shape":"NbTransMax", + "documentation":"

    The maximum number of transmissions.

    Default: 3

    " } }, "documentation":"

    LoRaWANServiceProfile object.

    " @@ -6534,8 +6535,7 @@ "type":"structure", "required":[ "Pci", - "Earfcn", - "EutranCid" + "Earfcn" ], "members":{ "Pci":{ @@ -6874,6 +6874,16 @@ "documentation":"

    Wireless metadata that is to be sent to multicast group.

    " }, "NRCapable":{"type":"boolean"}, + "NbTransMax":{ + "type":"integer", + "max":15, + "min":0 + }, + "NbTransMin":{ + "type":"integer", + "max":15, + "min":0 + }, "NetId":{ "type":"string", "documentation":"

    LoRaWAN network ID.

    ", @@ -7042,14 +7052,14 @@ "members":{ "GatewayList":{ "shape":"GatewayListMulticast", - "documentation":"

    The list of gateways that you want to use for sending the multicast downlink. Each downlink will be sent to all the gateways in the list with transmission interval between them. If list is empty the gateway list will be dynamically selected similar to the case of no ParticipatingGateways

    " + "documentation":"

    The list of gateways that you want to use for sending the multicast downlink message. Each downlink message will be sent to all the gateways in the list in the order that you provided. If the gateway list is empty, then AWS IoT Core for LoRaWAN chooses the gateways that were most recently used by the devices to send an uplink message.

    " }, "TransmissionInterval":{ "shape":"TransmissionIntervalMulticast", - "documentation":"

    The duration of time for which AWS IoT Core for LoRaWAN will wait before transmitting the multicast payload to the next gateway in the list.

    " + "documentation":"

    The duration of time in milliseconds for which AWS IoT Core for LoRaWAN will wait before transmitting the multicast payload to the next gateway in the list.

    " } }, - "documentation":"

    Specify the list of gateways to which you want to send the multicast downlink messages. The multicast message will be sent to each gateway in the sequence provided in the list.

    " + "documentation":"

    Specify the list of gateways to which you want to send the multicast downlink messages. The multicast message will be sent to each gateway in the list, with the transmission interval as the time interval between each message.

    " }, "PartnerAccountArn":{"type":"string"}, "PartnerAccountId":{ @@ -7272,8 +7282,7 @@ }, "PutPositionConfigurationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true, "deprecatedMessage":"This operation is no longer supported." }, @@ -7292,7 +7301,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

    The type of the resource, which can be WirelessDevice, WirelessGateway, or FuotaTask.

    ", + "documentation":"

    The type of resource, which can be WirelessDevice, WirelessGateway, or FuotaTask.

    ", "location":"querystring", "locationName":"resourceType" }, @@ -7301,8 +7310,7 @@ }, "PutResourceLogLevelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "QualificationStatus":{"type":"boolean"}, "QueryString":{ @@ -7350,13 +7358,11 @@ "ReportDevStatusMargin":{"type":"boolean"}, "ResetAllResourceLogLevelsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ResetAllResourceLogLevelsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResetResourceLogLevelRequest":{ "type":"structure", @@ -7372,7 +7378,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

    The type of the resource, which can be WirelessDevice, WirelessGateway, or FuotaTask.

    ", + "documentation":"

    The type of resource, which can be WirelessDevice, WirelessGateway, or FuotaTask.

    ", "location":"querystring", "locationName":"resourceType" } @@ -7380,13 +7386,12 @@ }, "ResetResourceLogLevelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceId":{"type":"string"}, "ResourceIdentifier":{ "type":"string", - "documentation":"

    The identifier of the resource. For a Wireless Device, it is the wireless device ID. For a wireless gateway, it is the wireless gateway ID.

    ", + "documentation":"

    The unique identifier of the resource, which can be the wireless gateway ID, the wireless device ID, or the FUOTA task ID.

    ", "max":256 }, "ResourceNotFoundException":{ @@ -7630,7 +7635,7 @@ }, "SessionTimeout":{ "type":"integer", - "documentation":"

    How long before a multicast group session is to timeout.

    ", + "documentation":"

    How long before a multicast group session is to timeout.

    We recommend that you provide a timeout value that is a power-of-two (such as 64, 128, 256). If a non-power-of-two value is provided, it will automatically be rounded up to the next supported power-of-two within the allowed range.

    ", "max":172800, "min":60 }, @@ -7672,8 +7677,7 @@ }, "SidewalkCreateDeviceProfile":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Sidewalk object for creating a device profile.

    " }, "SidewalkCreateWirelessDevice":{ @@ -7916,8 +7920,7 @@ }, "StartBulkAssociateWirelessDeviceWithMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartBulkDisassociateWirelessDeviceFromMulticastGroupRequest":{ "type":"structure", @@ -7934,8 +7937,7 @@ }, "StartBulkDisassociateWirelessDeviceFromMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartFuotaTaskRequest":{ "type":"structure", @@ -7951,8 +7953,7 @@ }, "StartFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartMulticastGroupSessionRequest":{ "type":"structure", @@ -7971,8 +7972,7 @@ }, "StartMulticastGroupSessionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StartSingleWirelessDeviceImportTaskRequest":{ "type":"structure", @@ -8269,8 +8269,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -8463,6 +8462,16 @@ "max":1, "min":0 }, + "TxPowerIndexMax":{ + "type":"integer", + "max":15, + "min":0 + }, + "TxPowerIndexMin":{ + "type":"integer", + "max":15, + "min":0 + }, "UARFCN":{ "type":"integer", "max":16383, @@ -8510,8 +8519,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAbpV1_0_x":{ "type":"structure", @@ -8568,8 +8576,7 @@ }, "UpdateDestinationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEventConfigurationByResourceTypesRequest":{ "type":"structure", @@ -8598,8 +8605,7 @@ }, "UpdateEventConfigurationByResourceTypesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFPorts":{ "type":"structure", @@ -8637,8 +8643,7 @@ }, "UpdateFuotaTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLogLevelsByResourceTypesRequest":{ "type":"structure", @@ -8651,8 +8656,7 @@ }, "UpdateLogLevelsByResourceTypesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMetricConfigurationRequest":{ "type":"structure", @@ -8665,8 +8669,7 @@ }, "UpdateMetricConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMulticastGroupRequest":{ "type":"structure", @@ -8684,8 +8687,7 @@ }, "UpdateMulticastGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNetworkAnalyzerConfigurationRequest":{ "type":"structure", @@ -8726,8 +8728,7 @@ }, "UpdateNetworkAnalyzerConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePartnerAccountRequest":{ "type":"structure", @@ -8757,8 +8758,7 @@ }, "UpdatePartnerAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePositionRequest":{ "type":"structure", @@ -8790,8 +8790,7 @@ }, "UpdatePositionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true, "deprecatedMessage":"This operation is no longer supported." }, @@ -8844,8 +8843,7 @@ }, "UpdateResourceEventConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResourcePositionRequest":{ "type":"structure", @@ -8875,8 +8873,7 @@ }, "UpdateResourcePositionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSignature":{ "type":"string", @@ -8904,8 +8901,7 @@ }, "UpdateWirelessDeviceImportTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWirelessDeviceRequest":{ "type":"structure", @@ -8923,7 +8919,7 @@ }, "Name":{ "shape":"WirelessDeviceName", - "documentation":"

    The new name of the resource.

    " + "documentation":"

    The new name of the resource.

    The following special characters aren't accepted: <>^#~$

    " }, "Description":{ "shape":"Description", @@ -8941,8 +8937,7 @@ }, "UpdateWirelessDeviceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWirelessGatewayRequest":{ "type":"structure", @@ -8956,7 +8951,7 @@ }, "Name":{ "shape":"WirelessGatewayName", - "documentation":"

    The new name of the resource.

    " + "documentation":"

    The new name of the resource.

    The following special characters aren't accepted: <>^#~$

    " }, "Description":{ "shape":"Description", @@ -8972,8 +8967,7 @@ }, "UpdateWirelessGatewayResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWirelessGatewayTaskCreate":{ "type":"structure", @@ -9511,5 +9505,5 @@ "documentation":"

    WirelessMetadata object.

    " } }, - "documentation":"

    AWS IoT Wireless provides bi-directional communication between internet-connected wireless devices and the AWS Cloud. To onboard both LoRaWAN and Sidewalk devices to AWS IoT, use the IoT Wireless API. These wireless devices use the Low Power Wide Area Networking (LPWAN) communication protocol to communicate with AWS IoT.

    Using the API, you can perform create, read, update, and delete operations for your wireless devices, gateways, destinations, and profiles. After onboarding your devices, you can use the API operations to set log levels and monitor your devices with CloudWatch.

    You can also use the API operations to create multicast groups and schedule a multicast session for sending a downlink message to devices in the group. By using Firmware Updates Over-The-Air (FUOTA) API operations, you can create a FUOTA task and schedule a session to update the firmware of individual devices or an entire group of devices in a multicast group.

    To connect to the AWS IoT Wireless Service, use the Service endpoints as described in IoT Wireless Service endpoints in the AWS General Reference.

    " + "documentation":"

    AWS IoT Wireless provides bi-directional communication between internet-connected wireless devices and the AWS Cloud. To onboard both LoRaWAN and Sidewalk devices to AWS IoT, use the IoT Wireless API. These wireless devices use the Low Power Wide Area Networking (LPWAN) communication protocol to communicate with AWS IoT.

    Using the API, you can perform create, read, update, and delete operations for your wireless devices, gateways, destinations, and profiles. After onboarding your devices, you can use the API operations to set log levels and monitor your devices with CloudWatch.

    You can also use the API operations to create multicast groups and schedule a multicast session for sending a downlink message to devices in the group. By using Firmware Updates Over-The-Air (FUOTA) API operations, you can create a FUOTA task and schedule a session to update the firmware of individual devices or an entire group of devices in a multicast group.

    To connect to the AWS IoT Wireless Service, use the Service endpoints as described in IoT Wireless Service endpoints. You can use both IPv4 and IPv6 protocols to connect to the endpoints and send requests to the AWS IoT Wireless service. For more information, see Using IPv6 with AWS IoT Wireless.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/ivs/2020-07-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ivs/2020-07-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ivs/2020-07-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ivs/2020-07-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/paginators-1.json 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "ingestConfigurations" + }, + "ListParticipantReplicas": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "replicas" } } } diff -pruN 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/service-2.json 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/service-2.json --- 2.23.6-1/awscli/botocore/data/ivs-realtime/2020-07-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ivs-realtime/2020-07-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -436,6 +436,21 @@ ], "documentation":"

    Lists events for a specified participant that occurred during a specified stage session.

    " }, + "ListParticipantReplicas":{ + "name":"ListParticipantReplicas", + "http":{ + "method":"POST", + "requestUri":"/ListParticipantReplicas", + "responseCode":200 + }, + "input":{"shape":"ListParticipantReplicasRequest"}, + "output":{"shape":"ListParticipantReplicasResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all the replicas for a participant from a source stage.

    " + }, "ListParticipants":{ "name":"ListParticipants", "http":{ @@ -551,6 +566,26 @@ ], "documentation":"

    Starts a Composition from a stage based on the configuration provided in the request.

    A Composition is an ephemeral resource that exists after this operation returns successfully. Composition stops and the resource is deleted:

    • When StopComposition is called.

    • After a 1-minute timeout, when all participants are disconnected from the stage.

    • After a 1-minute timeout, if there are no participants in the stage when StartComposition is called.

    • When broadcasting to the IVS channel fails and all retries are exhausted.

    • When broadcasting is disconnected and all attempts to reconnect are exhausted.

    " }, + "StartParticipantReplication":{ + "name":"StartParticipantReplication", + "http":{ + "method":"POST", + "requestUri":"/StartParticipantReplication", + "responseCode":200 + }, + "input":{"shape":"StartParticipantReplicationRequest"}, + "output":{"shape":"StartParticipantReplicationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"PendingVerification"} + ], + "documentation":"

    Starts replicating a publishing participant from a source stage to a destination stage.

    " + }, "StopComposition":{ "name":"StopComposition", "http":{ @@ -570,6 +605,23 @@ ], "documentation":"

    Stops and deletes a Composition resource. Any broadcast from the Composition resource is stopped.

    " }, + "StopParticipantReplication":{ + "name":"StopParticipantReplication", + "http":{ + "method":"POST", + "requestUri":"/StopParticipantReplication", + "responseCode":200 + }, + "input":{"shape":"StopParticipantReplicationRequest"}, + "output":{"shape":"StopParticipantReplicationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Stops a replicated participant session.

    " + }, "TagResource":{ "name":"TagResource", "http":{ @@ -645,6 +697,54 @@ "AccessDeniedException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    User does not have sufficient access to perform this action.

    " @@ -669,7 +769,7 @@ "members":{ "storageConfigurationArn":{ "shape":"AutoParticipantRecordingStorageConfigurationArn", - "documentation":"

    ARN of the StorageConfiguration resource to use for individual participant recording. Default: \"\" (empty string, no storage configuration is specified). Individual participant recording cannot be started unless a storage configuration is specified, when a Stage is created or updated.

    " + "documentation":"

    ARN of the StorageConfiguration resource to use for individual participant recording. Default: \"\" (empty string, no storage configuration is specified). Individual participant recording cannot be started unless a storage configuration is specified, when a Stage is created or updated. To disable individual participant recording, set this to \"\"; other fields in this object will get reset to their defaults when sending \"\".

    " }, "mediaTypes":{ "shape":"ParticipantRecordingMediaTypeList", @@ -678,6 +778,18 @@ "thumbnailConfiguration":{ "shape":"ParticipantThumbnailConfiguration", "documentation":"

    A complex type that allows you to enable/disable the recording of thumbnails for individual participant recording and modify the interval at which thumbnails are generated for the live session.

    " + }, + "recordingReconnectWindowSeconds":{ + "shape":"ParticipantRecordingReconnectWindowSeconds", + "documentation":"

    If a stage publisher disconnects and then reconnects within the specified interval, the multiple recordings will be considered a single recording and merged together.

    The default value is 0, which disables merging.

    " + }, + "hlsConfiguration":{ + "shape":"ParticipantRecordingHlsConfiguration", + "documentation":"

    HLS configuration object for individual participant recording.

    " + }, + "recordParticipantReplicas":{ + "shape":"RecordParticipantReplicas", + "documentation":"

    Optional field to disable replica participant recording. If this is set to false when a participant is a replica, replica participants are not recorded. Default: true.

    " } }, "documentation":"

    Object specifying a configuration for individual participant recording.

    " @@ -773,6 +885,22 @@ "min":1, "pattern":"[a-zA-Z0-9-_]*" }, + "CompositionRecordingHlsConfiguration":{ + "type":"structure", + "members":{ + "targetSegmentDurationSeconds":{ + "shape":"CompositionRecordingTargetSegmentDurationSeconds", + "documentation":"

    Defines the target duration for recorded segments generated when using composite recording. Default: 2.

    " + } + }, + "documentation":"

    An object representing a configuration of HLS recordings for server-side composition.

    " + }, + "CompositionRecordingTargetSegmentDurationSeconds":{ + "type":"integer", + "box":true, + "max":10, + "min":2 + }, "CompositionState":{ "type":"string", "enum":[ @@ -850,6 +978,54 @@ "ConflictException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    Updating or deleting a resource can cause an inconsistent state.

    " @@ -1347,6 +1523,18 @@ "errorCode":{ "shape":"EventErrorCode", "documentation":"

    If the event is an error event, the error code is provided to give insight into the specific error that occurred. If the event is not an error event, this field is null.

    • B_FRAME_PRESENT — The participant's stream includes B-frames. For details, see IVS RTMP Publishing.

    • BITRATE_EXCEEDED — The participant exceeded the maximum supported bitrate. For details, see Service Quotas.

    • INSUFFICIENT_CAPABILITIES — The participant tried to take an action that the participant’s token is not allowed to do. For details on participant capabilities, see the capabilities field in CreateParticipantToken.

    • INTERNAL_SERVER_EXCEPTION — The participant failed to publish to the stage due to an internal server error.

    • INVALID_AUDIO_CODEC — The participant is using an invalid audio codec. For details, see Stream Ingest.

    • INVALID_INPUT — The participant is using an invalid input stream.

    • INVALID_PROTOCOL — The participant's IngestConfiguration resource is configured for RTMPS but they tried streaming with RTMP. For details, see IVS RTMP Publishing.

    • INVALID_STREAM_KEY — The participant is using an invalid stream key. For details, see IVS RTMP Publishing.

    • INVALID_VIDEO_CODEC — The participant is using an invalid video codec. For details, see Stream Ingest.

    • PUBLISHER_NOT_FOUND — The participant tried to subscribe to a publisher that doesn’t exist.

    • QUOTA_EXCEEDED — The number of participants who want to publish/subscribe to a stage exceeds the quota. For details, see Service Quotas.

    • RESOLUTION_EXCEEDED — The participant exceeded the maximum supported resolution. For details, see Service Quotas.

    • REUSE_OF_STREAM_KEY — The participant tried to use a stream key that is associated with another active stage session.

    • STREAM_DURATION_EXCEEDED — The participant exceeded the maximum allowed stream duration. For details, see Service Quotas.

    " + }, + "destinationStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant is replicated. Applicable only if the event name is REPLICATION_STARTED or REPLICATION_STOPPED.

    " + }, + "destinationSessionId":{ + "shape":"StageSessionId", + "documentation":"

    ID of the session within the destination stage. Applicable only if the event name is REPLICATION_STARTED or REPLICATION_STOPPED.

    " + }, + "replica":{ + "shape":"Replica", + "documentation":"

    If true, this indicates the participantId is a replicated participant. If this is a subscribe event, then this flag refers to remoteParticipantId. Default: false.

    " } }, "documentation":"

    An occurrence during a stage session.

    " @@ -1385,7 +1573,9 @@ "SUBSCRIBE_STOPPED", "PUBLISH_ERROR", "SUBSCRIBE_ERROR", - "JOIN_ERROR" + "JOIN_ERROR", + "REPLICATION_STARTED", + "REPLICATION_STOPPED" ] }, "Framerate":{ @@ -1587,6 +1777,10 @@ "gridGap":{ "shape":"GridGap", "documentation":"

    Specifies the spacing between participant tiles in pixels. Default: 2.

    " + }, + "participantOrderAttribute":{ + "shape":"AttributeKey", + "documentation":"

    Attribute name in ParticipantTokenConfiguration identifying the participant ordering key. Participants with participantOrderAttribute set to \"\" or not specified are ordered based on their arrival time into the stage.

    " } }, "documentation":"

    Configuration information specific to Grid layout, for server-side composition. See \"Layouts\" in Server-Side Composition.

    " @@ -1763,6 +1957,54 @@ "InternalServerException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    Unexpected error during processing of request.

    " @@ -1928,6 +2170,45 @@ } } }, + "ListParticipantReplicasRequest":{ + "type":"structure", + "required":[ + "sourceStageArn", + "participantId" + ], + "members":{ + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant is publishing.

    " + }, + "participantId":{ + "shape":"ParticipantId", + "documentation":"

    Participant ID of the publisher that has been replicated. This is assigned by IVS and returned by CreateParticipantToken or the jti (JWT ID) used to create a self signed token.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The first participant to retrieve. This is used for pagination; see the nextToken response field.

    " + }, + "maxResults":{ + "shape":"MaxParticipantReplicaResults", + "documentation":"

    Maximum number of results to return. Default: 50.

    " + } + } + }, + "ListParticipantReplicasResponse":{ + "type":"structure", + "required":["replicas"], + "members":{ + "replicas":{ + "shape":"ParticipantReplicaList", + "documentation":"

    List of all participant replicas.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    If there are more participants than maxResults, use nextToken in the request to get the next set.

    " + } + } + }, "ListParticipantsRequest":{ "type":"structure", "required":[ @@ -2142,6 +2423,12 @@ "max":100, "min":1 }, + "MaxParticipantReplicaResults":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, "MaxParticipantResults":{ "type":"integer", "box":true, @@ -2236,7 +2523,7 @@ }, "recordingS3Prefix":{ "shape":"ParticipantRecordingS3Prefix", - "documentation":"

    S3 prefix of the S3 bucket where the participant is being recorded, if individual participant recording is enabled, or \"\" (empty string), if recording is not enabled.

    " + "documentation":"

    S3 prefix of the S3 bucket where the participant is being recorded, if individual participant recording is enabled, or \"\" (empty string), if recording is not enabled. If individual participant recording merge is enabled, and if a stage publisher disconnects from a stage and then reconnects, IVS tries to record to the same S3 prefix as the previous session. See Merge Fragmented Individual Participant Recordings.

    " }, "recordingState":{ "shape":"ParticipantRecordingState", @@ -2245,6 +2532,22 @@ "protocol":{ "shape":"ParticipantProtocol", "documentation":"

    Type of ingest protocol that the participant employs for broadcasting.

    " + }, + "replicationType":{ + "shape":"ReplicationType", + "documentation":"

    Indicates if the participant has been replicated to another stage or is a replica from another stage. Default: NONE.

    " + }, + "replicationState":{ + "shape":"ReplicationState", + "documentation":"

    The participant's replication state.

    " + }, + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    Source stage ARN from which this participant is replicated, if replicationType is REPLICA.

    " + }, + "sourceSessionId":{ + "shape":"StageSessionId", + "documentation":"

    ID of the session within the source stage, if replicationType is REPLICA.

    " } }, "documentation":"

    Object describing a participant that has joined a stage.

    " @@ -2289,6 +2592,16 @@ "FAILED" ] }, + "ParticipantRecordingHlsConfiguration":{ + "type":"structure", + "members":{ + "targetSegmentDurationSeconds":{ + "shape":"ParticipantRecordingTargetSegmentDurationSeconds", + "documentation":"

    Defines the target duration for recorded segments generated when recording a stage participant. Segments may have durations longer than the specified value when needed to ensure each segment begins with a keyframe. Default: 6.

    " + } + }, + "documentation":"

    An object representing a configuration of participant HLS recordings for individual participant recording.

    " + }, "ParticipantRecordingMediaType":{ "type":"string", "enum":[ @@ -2303,6 +2616,11 @@ "max":1, "min":0 }, + "ParticipantRecordingReconnectWindowSeconds":{ + "type":"integer", + "max":300, + "min":0 + }, "ParticipantRecordingS3BucketName":{ "type":"string", "max":63, @@ -2326,6 +2644,54 @@ "DISABLED" ] }, + "ParticipantRecordingTargetSegmentDurationSeconds":{ + "type":"integer", + "box":true, + "max":10, + "min":2 + }, + "ParticipantReplica":{ + "type":"structure", + "required":[ + "sourceStageArn", + "participantId", + "sourceSessionId", + "destinationStageArn", + "destinationSessionId", + "replicationState" + ], + "members":{ + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage from which this participant is replicated.

    " + }, + "participantId":{ + "shape":"ParticipantId", + "documentation":"

    Participant ID of the publisher that will be replicated. This is assigned by IVS and returned by CreateParticipantToken or the jti (JWT ID) used to create a self signed token.

    " + }, + "sourceSessionId":{ + "shape":"StageSessionId", + "documentation":"

    ID of the session within the source stage.

    " + }, + "destinationStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant is replicated.

    " + }, + "destinationSessionId":{ + "shape":"StageSessionId", + "documentation":"

    ID of the session within the destination stage.

    " + }, + "replicationState":{ + "shape":"ReplicationState", + "documentation":"

    Replica’s current replication state.

    " + } + }, + "documentation":"

    Information about the replicated destination stage for a participant.

    " + }, + "ParticipantReplicaList":{ + "type":"list", + "member":{"shape":"ParticipantReplica"} + }, "ParticipantState":{ "type":"string", "enum":[ @@ -2359,6 +2725,22 @@ "recordingState":{ "shape":"ParticipantRecordingState", "documentation":"

    The participant’s recording state.

    " + }, + "replicationType":{ + "shape":"ReplicationType", + "documentation":"

    Indicates if the participant has been replicated to another stage or is a replica from another stage. Default: NONE.

    " + }, + "replicationState":{ + "shape":"ReplicationState", + "documentation":"

    The participant's replication state.

    " + }, + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    Source stage ARN from which this participant is replicated, if replicationType is REPLICA.

    " + }, + "sourceSessionId":{ + "shape":"StageSessionId", + "documentation":"

    ID of the session within the source stage, if replicationType is REPLICA.

    " } }, "documentation":"

    Summary object describing a participant that has joined a stage.

    " @@ -2471,7 +2853,12 @@ "type":"timestamp", "timestampFormat":"iso8601" }, - "ParticipantTokenId":{"type":"string"}, + "ParticipantTokenId":{ + "type":"string", + "max":64, + "min":0, + "pattern":"[a-zA-Z0-9-_]*" + }, "ParticipantTokenList":{ "type":"list", "member":{"shape":"ParticipantToken"} @@ -2488,6 +2875,54 @@ "PendingVerification":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    Your account is pending verification.

    " @@ -2549,6 +2984,10 @@ "pipHeight":{ "shape":"PipHeight", "documentation":"

    Specifies the height of the PiP window in pixels. When this is not set explicitly, pipHeight’s value will be based on the size of the composition and the aspect ratio of the participant’s video.

    " + }, + "participantOrderAttribute":{ + "shape":"AttributeKey", + "documentation":"

    Attribute name in ParticipantTokenConfiguration identifying the participant ordering key. Participants with participantOrderAttribute set to \"\" or not specified are ordered based on their arrival time into the stage.

    " } }, "documentation":"

    Configuration information specific to Picture-in-Picture (PiP) layout, for server-side composition.

    " @@ -2642,9 +3081,20 @@ "documentation":"

    Summary information about a public key.

    " }, "Published":{"type":"boolean"}, + "ReconnectWindowSeconds":{ + "type":"integer", + "box":true, + "max":60, + "min":0 + }, + "RecordParticipantReplicas":{"type":"boolean"}, "RecordingConfiguration":{ "type":"structure", "members":{ + "hlsConfiguration":{ + "shape":"CompositionRecordingHlsConfiguration", + "documentation":"

    An HLS configuration object to return information about how the recording will be configured.

    " + }, "format":{ "shape":"RecordingConfigurationFormat", "documentation":"

    The recording format for storing a recording in Amazon S3.

    " @@ -2656,6 +3106,22 @@ "type":"string", "enum":["HLS"] }, + "Replica":{"type":"boolean"}, + "ReplicationState":{ + "type":"string", + "enum":[ + "ACTIVE", + "STOPPED" + ] + }, + "ReplicationType":{ + "type":"string", + "enum":[ + "SOURCE", + "REPLICA", + "NONE" + ] + }, "ResourceArn":{ "type":"string", "max":128, @@ -2665,6 +3131,54 @@ "ResourceNotFoundException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    Request references a resource which does not exist.

    " @@ -2734,6 +3248,54 @@ "ServiceQuotaExceededException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    Request would cause a service quota to be exceeded.

    " @@ -2928,6 +3490,83 @@ } } }, + "StartParticipantReplicationRequest":{ + "type":"structure", + "required":[ + "sourceStageArn", + "destinationStageArn", + "participantId" + ], + "members":{ + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant is publishing.

    " + }, + "destinationStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage to which the participant will be replicated.

    " + }, + "participantId":{ + "shape":"ParticipantId", + "documentation":"

    Participant ID of the publisher that will be replicated. This is assigned by IVS and returned by CreateParticipantToken or the jti (JWT ID) used to create a self signed token.

    " + }, + "reconnectWindowSeconds":{ + "shape":"ReconnectWindowSeconds", + "documentation":"

    If the participant disconnects and then reconnects within the specified interval, replication will continue to be ACTIVE. Default: 0.

    " + }, + "attributes":{ + "shape":"ParticipantAttributes", + "documentation":"

    Application-provided attributes to set on the replicated participant in the destination stage. Map keys and values can contain UTF-8 encoded text. The maximum length of this field is 1 KB total. This field is exposed to all stage participants and should not be used for personally identifying, confidential, or sensitive information.

    These attributes are merged with any attributes set for this participant when creating the token. If there is overlap in keys, the values in these attributes are replaced.

    " + } + } + }, + "StartParticipantReplicationResponse":{ + "type":"structure", + "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + } + } + }, "StopCompositionRequest":{ "type":"structure", "required":["arn"], @@ -2943,6 +3582,75 @@ "members":{ } }, + "StopParticipantReplicationRequest":{ + "type":"structure", + "required":[ + "sourceStageArn", + "destinationStageArn", + "participantId" + ], + "members":{ + "sourceStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant is publishing.

    " + }, + "destinationStageArn":{ + "shape":"StageArn", + "documentation":"

    ARN of the stage where the participant has been replicated.

    " + }, + "participantId":{ + "shape":"ParticipantId", + "documentation":"

    Participant ID of the publisher that has been replicated. This is assigned by IVS and returned by CreateParticipantToken or the jti (JWT ID) used to create a self signed token.

    " + } + } + }, + "StopParticipantReplicationResponse":{ + "type":"structure", + "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + } + } + }, "StorageConfiguration":{ "type":"structure", "required":["arn"], @@ -3103,7 +3811,7 @@ }, "tagKeys":{ "shape":"TagKeyList", - "documentation":"

    Array of tags to be removed. Array of maps, each of the form string:string (key:value). See Best practices and strategies in Tagging AWS Resources and Tag Editor for details, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS has no constraints on tags beyond what is documented there.

    ", + "documentation":"

    Array of tag keys (strings) for the tags to be removed. See Best practices and strategies in Tagging AWS Resources and Tag Editor for details, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS has no constraints on tags beyond what is documented there.

    ", "location":"querystring", "locationName":"tagKeys" } @@ -3172,6 +3880,54 @@ "ValidationException":{ "type":"structure", "members":{ + "accessControlAllowOrigin":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Allow-Origin" + }, + "accessControlExposeHeaders":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Access-Control-Expose-Headers" + }, + "cacheControl":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Cache-Control" + }, + "contentSecurityPolicy":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Content-Security-Policy" + }, + "strictTransportSecurity":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"Strict-Transport-Security" + }, + "xContentTypeOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Content-Type-Options" + }, + "xFrameOptions":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"X-Frame-Options" + }, + "xAmznErrorType":{ + "shape":"String", + "documentation":"

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + }, "exceptionMessage":{ "shape":"errorMessage", "documentation":"

    The input fails to satisfy the constraints specified by an Amazon Web Services service.

    " @@ -3231,5 +3987,5 @@ }, "errorMessage":{"type":"string"} }, - "documentation":"

    The Amazon Interactive Video Service (IVS) real-time API is REST compatible, using a standard HTTP API and an AWS EventBridge event stream for responses. JSON is used for both requests and responses, including errors.

    Key Concepts

    • Stage — A virtual space where participants can exchange video in real time.

    • Participant token — A token that authenticates a participant when they join a stage.

    • Participant object — Represents participants (people) in the stage and contains information about them. When a token is created, it includes a participant ID; when a participant uses that token to join a stage, the participant is associated with that participant ID. There is a 1:1 mapping between participant tokens and participants.

    For server-side composition:

    • Composition process — Composites participants of a stage into a single video and forwards it to a set of outputs (e.g., IVS channels). Composition operations support this process.

    • Composition — Controls the look of the outputs, including how participants are positioned in the video.

    For more information about your IVS live stream, also see Getting Started with Amazon IVS Real-Time Streaming.

    Tagging

    A tag is a metadata label that you assign to an AWS resource. A tag comprises a key and a value, both set by you. For example, you might set a tag as topic:nature to label a particular video category. See Best practices and strategies in Tagging AWS Resources and Tag Editor for details, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS stages has no service-specific constraints beyond what is documented there.

    Tags can help you identify and organize your AWS resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see Access Tags).

    The Amazon IVS real-time API has these tag-related operations: TagResource, UntagResource, and ListTagsForResource. The following resource supports tagging: Stage.

    At most 50 tags can be applied to a resource.

    " + "documentation":"

    The Amazon Interactive Video Service (IVS) real-time API is REST compatible, using a standard HTTP API and an AWS EventBridge event stream for responses. JSON is used for both requests and responses, including errors.

    Key Concepts

    • Stage — A virtual space where participants can exchange video in real time.

    • Participant token — A token that authenticates a participant when they join a stage.

    • Participant object — Represents participants (people) in the stage and contains information about them. When a token is created, it includes a participant ID; when a participant uses that token to join a stage, the participant is associated with that participant ID. There is a 1:1 mapping between participant tokens and participants.

    For server-side composition:

    • Composition process — Composites participants of a stage into a single video and forwards it to a set of outputs (e.g., IVS channels). Composition operations support this process.

    • Composition — Controls the look of the outputs, including how participants are positioned in the video.

    For participant replication:

    • Source stage — The stage where the participant originally joined, which is used as the source for replication.

    • Destination stage — The stage to which the participant is replicated.

    • Replicated participant — A participant in a stage that is replicated to one or more destination stages.

    • Replica participant — A participant in a destination stage that is replicated from another stage (the source stage).

    For more information about your IVS live stream, also see Getting Started with Amazon IVS Real-Time Streaming.

    Tagging

    A tag is a metadata label that you assign to an AWS resource. A tag comprises a key and a value, both set by you. For example, you might set a tag as topic:nature to label a particular video category. See Best practices and strategies in Tagging AWS Resources and Tag Editor for details, including restrictions that apply to tags and \"Tag naming limits and requirements\"; Amazon IVS stages has no service-specific constraints beyond what is documented there.

    Tags can help you identify and organize your AWS resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see Access Tags).

    The Amazon IVS real-time API has these tag-related operations: TagResource, UntagResource, and ListTagsForResource. The following resource supports tagging: Stage.

    At most 50 tags can be applied to a resource.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/ivschat/2020-07-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ivschat/2020-07-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ivschat/2020-07-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ivschat/2020-07-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kafka/2018-11-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kafka/2018-11-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kafka/2018-11-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kafka/2018-11-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kafka/2018-11-14/service-2.json 2.31.35-1/awscli/botocore/data/kafka/2018-11-14/service-2.json --- 2.23.6-1/awscli/botocore/data/kafka/2018-11-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kafka/2018-11-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1958,6 +1958,52 @@ ], "documentation": "\n

    Updates the monitoring settings for the cluster. You can use this operation to specify which Apache Kafka metrics you want Amazon MSK to send to Amazon CloudWatch. You can also specify settings for open monitoring with Prometheus.

    \n " }, + "UpdateRebalancing": { + "name": "UpdateRebalancing", + "http": { + "method": "PUT", + "requestUri": "/v1/clusters/{clusterArn}/rebalancing", + "responseCode": 200 + }, + "input": { + "shape": "UpdateRebalancingRequest" + }, + "output": { + "shape": "UpdateRebalancingResponse", + "documentation": "\n

    HTTP Status Code 200: OK.

    \n " + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "\n

    The request isn't valid because the input is incorrect. Correct your input and then submit it again.

    \n " + }, + { + "shape": "UnauthorizedException", + "documentation": "\n

    The request is not authorized. The provided credentials couldn't be validated.

    \n " + }, + { + "shape": "InternalServerErrorException", + "documentation": "\n

    There was an unexpected internal server error. Retrying your request might resolve the issue.

    \n " + }, + { + "shape": "ForbiddenException", + "documentation": "\n

    Access forbidden. Check your credentials and then retry your request.

    \n " + }, + { + "shape": "NotFoundException", + "documentation": "\n

    The resource could not be found due to incorrect input. Correct the input, then retry the request.

    \n " + }, + { + "shape": "ServiceUnavailableException", + "documentation": "\n

    The service cannot complete the request.

    \n " + }, + { + "shape": "TooManyRequestsException", + "documentation": "\n

    The request throughput limit was exceeded.

    \n " + } + ], + "documentation": "\n

    Use this resource to update the intelligent rebalancing status of an Amazon MSK Provisioned cluster with Express brokers.

    \n " + }, "UpdateReplicationInfo": { "name": "UpdateReplicationInfo", "http": { @@ -2231,6 +2277,25 @@ } } }, + "Rebalancing": { + "type": "structure", + "documentation": "\n

    Specifies whether or not intelligent rebalancing is turned on for a newly created MSK Provisioned cluster with Express brokers. Intelligent rebalancing performs automatic partition balancing operations when you scale your clusters up or down. By default, intelligent rebalancing is ACTIVE for all new Express-based clusters.

    \n ", + "members": { + "Status": { + "shape": "RebalancingStatus", + "locationName": "status", + "documentation": "\n

    Intelligent rebalancing status. The default intelligent rebalancing status is ACTIVE for all new Express-based clusters.

    \n " + } + } + }, + "RebalancingStatus": { + "type": "string", + "documentation": "\n

    Intelligent rebalancing status. The default intelligent rebalancing status is ACTIVE for all new Express-based clusters.

    \n ", + "enum": [ + "PAUSED", + "ACTIVE" + ] + }, "BrokerNodeGroupInfo": { "type": "structure", "members": { @@ -2419,6 +2484,11 @@ "locationName": "brokerNodeGroupInfo", "documentation": "\n

    Information about the broker nodes.

    \n " }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Contains information about intelligent rebalancing for new MSK Provisioned clusters with Express brokers. By default, intelligent rebalancing status is ACTIVE.

    \n " + }, "ClientAuthentication": { "shape": "ClientAuthentication", "locationName": "clientAuthentication", @@ -2695,6 +2765,11 @@ "locationName": "brokerNodeGroupInfo", "documentation": "\n

    Information about the brokers.

    \n " }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Specifies if intelligent rebalancing is turned on for your MSK Provisioned cluster with Express brokers. For all new Express-based clusters that you create, intelligent rebalancing is turned on by default.

    \n " + }, "ClientAuthentication": { "shape": "ClientAuthentication", "locationName": "clientAuthentication", @@ -2756,6 +2831,11 @@ "locationName": "brokerNodeGroupInfo", "documentation": "\n

    Information about the brokers.

    \n " }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Specifies whether or not intelligent rebalancing is turned on for a newly created MSK Provisioned cluster with Express brokers. Intelligent rebalancing performs automatic partition balancing operations when you scale your clusters up or down. By default, intelligent rebalancing is ACTIVE for all new Express-based clusters.

    \n " + }, "CurrentBrokerSoftwareInfo": { "shape": "BrokerSoftwareInfo", "locationName": "currentBrokerSoftwareInfo", @@ -3201,6 +3281,11 @@ "locationName": "brokerNodeGroupInfo", "documentation": "\n

    Information about the broker nodes in the cluster.

    \n " }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Specifies if intelligent rebalancing should be turned on for the new MSK Provisioned cluster with Express brokers. By default, intelligent rebalancing status is ACTIVE for all new clusters.

    \n " + }, "ClientAuthentication": { "shape": "ClientAuthentication", "locationName": "clientAuthentication", @@ -3721,8 +3806,7 @@ }, "DeleteClusterPolicyResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeleteConfigurationRequest": { "type": "structure", @@ -5083,8 +5167,7 @@ }, "RejectClientVpcConnectionResponse": { "type": "structure", - "members": { - } + "members": {} }, "MaxResults": { "type": "integer", @@ -5170,6 +5253,11 @@ "shape": "BrokerCountUpdateInfo", "locationName": "brokerCountUpdateInfo", "documentation": "\n

    Describes brokers being changed during a broker count update.

    \n " + }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Describes the intelligent rebalancing configuration of an MSK Provisioned cluster with Express brokers.

    \n " } }, "documentation": "\n

    Information about cluster attributes that can be updated via update APIs.

    \n " @@ -6303,6 +6391,47 @@ }, "ClusterOperationArn": { "shape": "__string", + "locationName": "clusterOperationArn", + "documentation": "\n

    The Amazon Resource Name (ARN) of the cluster operation.

    \n " + } + } + }, + "UpdateRebalancingRequest": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__string", + "location": "uri", + "locationName": "clusterArn", + "documentation": "\n

    The Amazon Resource Name (ARN) of the cluster.

    \n " + }, + "CurrentVersion": { + "shape": "__string", + "locationName": "currentVersion", + "documentation": "\n

    The current version of the cluster.

    \n " + }, + "Rebalancing": { + "shape": "Rebalancing", + "locationName": "rebalancing", + "documentation": "\n

    Specifies if intelligent rebalancing should be turned on for your cluster. The default intelligent rebalancing status is ACTIVE for all new MSK Provisioned clusters that you create with Express brokers.

    \n " + } + }, + "required": [ + "ClusterArn", + "CurrentVersion", + "Rebalancing" + ] + }, + "UpdateRebalancingResponse": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__string", + "locationName": "clusterArn", + "documentation": "\n

    The Amazon Resource Name (ARN) of the cluster whose intelligent rebalancing status you've updated.

    \n " + }, + "ClusterOperationArn": { + "shape": "__string", "locationName": "clusterOperationArn", "documentation": "\n

    The Amazon Resource Name (ARN) of the cluster operation.

    \n " } diff -pruN 2.23.6-1/awscli/botocore/data/kafkaconnect/2021-09-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kafkaconnect/2021-09-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kafkaconnect/2021-09-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kafkaconnect/2021-09-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kendra/2019-02-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kendra/2019-02-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kendra/2019-02-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kendra/2019-02-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kendra/2019-02-03/service-2.json 2.31.35-1/awscli/botocore/data/kendra/2019-02-03/service-2.json --- 2.23.6-1/awscli/botocore/data/kendra/2019-02-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kendra/2019-02-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -3326,8 +3326,7 @@ }, "DeleteAccessControlConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataSourceRequest":{ "type":"structure", @@ -3365,8 +3364,7 @@ }, "DeleteExperienceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFaqRequest":{ "type":"structure", @@ -6397,7 +6395,7 @@ "MaxContentSizePerPageInMegaBytes":{ "type":"float", "max":50, - "min":1.0e-06 + "min":0.000001 }, "MaxLinksPerPage":{ "type":"integer", @@ -8563,8 +8561,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -8579,8 +8576,7 @@ }, "Template":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The template schema used for the data source, where templates schemas are supported.

    See Data source template schemas.

    ", "document":true }, @@ -8746,8 +8742,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccessControlConfigurationRequest":{ "type":"structure", @@ -8784,8 +8779,7 @@ }, "UpdateAccessControlConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataSourceRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/kendra-ranking/2022-10-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kendra-ranking/2022-10-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kendra-ranking/2022-10-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kendra-ranking/2022-10-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -33,7 +33,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -61,7 +60,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -74,7 +74,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -88,7 +87,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -108,7 +106,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -122,14 +119,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -138,11 +133,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -153,14 +148,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -171,7 +168,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -185,14 +183,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -201,11 +197,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -216,14 +212,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -234,9 +232,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/kendra-ranking/2022-10-19/service-2.json 2.31.35-1/awscli/botocore/data/kendra-ranking/2022-10-19/service-2.json --- 2.23.6-1/awscli/botocore/data/kendra-ranking/2022-10-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kendra-ranking/2022-10-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,13 +5,15 @@ "endpointPrefix":"kendra-ranking", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Kendra Ranking", "serviceFullName":"Amazon Kendra Intelligent Ranking", "serviceId":"Kendra Ranking", "signatureVersion":"v4", "signingName":"kendra-ranking", "targetPrefix":"AWSKendraRerankingFrontendService", - "uid":"kendra-ranking-2022-10-19" + "uid":"kendra-ranking-2022-10-19", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateRescoreExecutionPlan":{ @@ -673,8 +675,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "TagValue":{ @@ -721,8 +722,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "UpdateRescoreExecutionPlanRequest":{ diff -pruN 2.23.6-1/awscli/botocore/data/keyspaces/2022-02-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/keyspaces/2022-02-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/keyspaces/2022-02-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspaces/2022-02-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/keyspaces/2022-02-10/service-2.json 2.31.35-1/awscli/botocore/data/keyspaces/2022-02-10/service-2.json --- 2.23.6-1/awscli/botocore/data/keyspaces/2022-02-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspaces/2022-02-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -461,6 +461,60 @@ "box":true, "min":1 }, + "CdcPropagateTags":{ + "type":"string", + "enum":[ + "TABLE", + "NONE" + ] + }, + "CdcSpecification":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"CdcStatus", + "documentation":"

    The status of the CDC stream. You can enable or disable a stream for a table.

    " + }, + "viewType":{ + "shape":"ViewType", + "documentation":"

    The view type specifies the changes Amazon Keyspaces records for each changed row in the stream. After you create the stream, you can't make changes to this selection.

    The options are:

    • NEW_AND_OLD_IMAGES - both versions of the row, before and after the change. This is the default.

    • NEW_IMAGE - the version of the row after the change.

    • OLD_IMAGE - the version of the row before the change.

    • KEYS_ONLY - the partition and clustering keys of the row that was changed.

    " + }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags (key-value pairs) that you want to apply to the stream.

    " + }, + "propagateTags":{ + "shape":"CdcPropagateTags", + "documentation":"

    Specifies that the stream inherits the tags from the table.

    " + } + }, + "documentation":"

    The settings for the CDC stream of a table. For more information about CDC streams, see Working with change data capture (CDC) streams in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.

    " + }, + "CdcSpecificationSummary":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"CdcStatus", + "documentation":"

    The status of the CDC stream. Specifies if the table has a CDC stream.

    " + }, + "viewType":{ + "shape":"ViewType", + "documentation":"

    The view type specifies the changes Amazon Keyspaces records for each changed row in the stream. This setting can't be changed, after the stream has been created.

    The options are:

    • NEW_AND_OLD_IMAGES - both versions of the row, before and after the change. This is the default.

    • NEW_IMAGE - the version of the row after the change.

    • OLD_IMAGE - the version of the row before the change.

    • KEYS_ONLY - the partition and clustering keys of the row that was changed.

    " + } + }, + "documentation":"

    The settings of the CDC stream of the table. For more information about CDC streams, see Working with change data capture (CDC) streams in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.

    " + }, + "CdcStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "ENABLING", + "DISABLED", + "DISABLING" + ] + }, "ClientSideTimestamps":{ "type":"structure", "required":["status"], @@ -557,7 +611,7 @@ }, "replicationSpecification":{ "shape":"ReplicationSpecification", - "documentation":"

    The replication specification of the keyspace includes:

    • replicationStrategy - the required value is SINGLE_REGION or MULTI_REGION.

    • regionList - if the replicationStrategy is MULTI_REGION, the regionList requires the current Region and at least one additional Amazon Web Services Region where the keyspace is going to be replicated in. The maximum number of supported replication Regions including the current Region is six.

    " + "documentation":"

    The replication specification of the keyspace includes:

    • replicationStrategy - the required value is SINGLE_REGION or MULTI_REGION.

    • regionList - if the replicationStrategy is MULTI_REGION, the regionList requires the current Region and at least one additional Amazon Web Services Region where the keyspace is going to be replicated in.

    " } } }, @@ -630,6 +684,10 @@ "replicaSpecifications":{ "shape":"ReplicaSpecificationList", "documentation":"

    The optional Amazon Web Services Region specific settings of a multi-Region table. These settings overwrite the general settings of the table for the specified Region.

    For a multi-Region table in provisioned capacity mode, you can configure the table's read capacity differently for each Region's replica. The write capacity, however, remains synchronized between all replicas to ensure that there's enough capacity to replicate writes across all Regions. To define the read capacity for a table replica in a specific Region, you can do so by configuring the following parameters.

    • region: The Region where these settings are applied. (Required)

    • readCapacityUnits: The provisioned read capacity units. (Optional)

    • readCapacityAutoScaling: The read capacity auto scaling settings for the table. (Optional)

    " + }, + "cdcSpecification":{ + "shape":"CdcSpecification", + "documentation":"

    The CDC stream settings of the table.

    " } } }, @@ -979,6 +1037,14 @@ "replicaSpecifications":{ "shape":"ReplicaSpecificationSummaryList", "documentation":"

    Returns the Amazon Web Services Region specific settings of all Regions a multi-Region table is replicated in.

    " + }, + "latestStreamArn":{ + "shape":"StreamArn", + "documentation":"

    The Amazon Resource Name (ARN) of the stream.

    " + }, + "cdcSpecification":{ + "shape":"CdcSpecificationSummary", + "documentation":"

    The CDC stream settings of the table.

    " } } }, @@ -1288,7 +1354,6 @@ "RegionList":{ "type":"list", "member":{"shape":"region"}, - "max":6, "min":2 }, "ReplicaAutoScalingSpecification":{ @@ -1379,7 +1444,6 @@ "ReplicationGroupStatusList":{ "type":"list", "member":{"shape":"ReplicationGroupStatus"}, - "max":6, "min":2 }, "ReplicationSpecification":{ @@ -1392,10 +1456,10 @@ }, "regionList":{ "shape":"RegionList", - "documentation":"

    The regionList can contain up to six Amazon Web Services Regions where the keyspace is replicated in.

    " + "documentation":"

    The regionList contains the Amazon Web Services Regions where the keyspace is replicated in.

    " } }, - "documentation":"

    The replication specification of the keyspace includes:

    • regionList - up to six Amazon Web Services Regions where the keyspace is replicated in.

    • replicationStrategy - the required value is SINGLE_REGION or MULTI_REGION.

    " + "documentation":"

    The replication specification of the keyspace includes:

    • regionList - the Amazon Web Services Regions where the keyspace is replicated in.

    • replicationStrategy - the required value is SINGLE_REGION or MULTI_REGION.

    " }, "ResourceNotFoundException":{ "type":"structure", @@ -1536,6 +1600,12 @@ "type":"list", "member":{"shape":"StaticColumn"} }, + "StreamArn":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"arn:(aws[a-zA-Z0-9-]*):cassandra:.+.*" + }, "String":{"type":"string"}, "TableName":{ "type":"string", @@ -1809,6 +1879,10 @@ "replicaSpecifications":{ "shape":"ReplicaSpecificationList", "documentation":"

    The Region specific settings of a multi-Regional table.

    " + }, + "cdcSpecification":{ + "shape":"CdcSpecification", + "documentation":"

    The CDC stream settings of the table.

    " } } }, @@ -1833,6 +1907,15 @@ "documentation":"

    The operation failed due to an invalid or malformed request.

    ", "exception":true }, + "ViewType":{ + "type":"string", + "enum":[ + "NEW_IMAGE", + "OLD_IMAGE", + "KEYS_ONLY", + "NEW_AND_OLD_IMAGES" + ] + }, "kmsKeyARN":{ "type":"string", "max":5096, diff -pruN 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://cassandra-streams-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://cassandra-streams.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.json 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.json --- 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,16 @@ +{ + "pagination": { + "GetStream": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "shards" + }, + "ListStreams": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "streams" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "GetStream": { + "non_aggregate_keys": [ + "streamStatus", + "streamLabel", + "creationRequestDateTime", + "keyspaceName", + "tableName", + "streamArn", + "streamViewType" + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/service-2.json 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/service-2.json --- 2.23.6-1/awscli/botocore/data/keyspacesstreams/2024-09-09/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/keyspacesstreams/2024-09-09/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,755 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-09-09", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"cassandra-streams", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"Amazon Keyspaces Streams", + "serviceId":"KeyspacesStreams", + "signatureVersion":"v4", + "signingName":"cassandra", + "targetPrefix":"KeyspacesStreams", + "uid":"keyspacesstreams-2024-09-09" + }, + "operations":{ + "GetRecords":{ + "name":"GetRecords", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetRecordsInput"}, + "output":{"shape":"GetRecordsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Retrieves data records from a specified shard in an Amazon Keyspaces data stream. This operation returns a collection of data records from the shard, including the primary key columns and information about modifications made to the captured table data. Each record represents a single data modification in the Amazon Keyspaces table and includes metadata about when the change occurred.

    " + }, + "GetShardIterator":{ + "name":"GetShardIterator", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetShardIteratorInput"}, + "output":{"shape":"GetShardIteratorOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns a shard iterator that serves as a bookmark for reading data from a specific position in an Amazon Keyspaces data stream's shard. The shard iterator specifies the shard position from which to start reading data records sequentially. You can specify whether to begin reading at the latest record, the oldest record, or at a particular sequence number within the shard.

    " + }, + "GetStream":{ + "name":"GetStream", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetStreamInput"}, + "output":{"shape":"GetStreamOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns detailed information about a specific data capture stream for an Amazon Keyspaces table. The information includes the stream's Amazon Resource Name (ARN), creation time, current status, retention period, shard composition, and associated table details. This operation helps you monitor and manage the configuration of your Amazon Keyspaces data streams.

    " + }, + "ListStreams":{ + "name":"ListStreams", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListStreamsInput"}, + "output":{"shape":"ListStreamsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns a list of all data capture streams associated with your Amazon Keyspaces account or for a specific keyspace or table. The response includes information such as stream ARNs, table associations, creation timestamps, and current status. This operation helps you discover and manage all active data streams in your Amazon Keyspaces environment.

    " + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

    You don't have sufficient permissions to perform this action.

    " + } + }, + "documentation":"

    You don't have sufficient access permissions to perform this operation.

    This exception occurs when your IAM user or role lacks the required permissions to access the Amazon Keyspaces resource or perform the requested action. Check your IAM policies and ensure they grant the necessary permissions.

    ", + "exception":true + }, + "Blob":{"type":"blob"}, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Date":{"type":"timestamp"}, + "GetRecordsInput":{ + "type":"structure", + "required":["shardIterator"], + "members":{ + "shardIterator":{ + "shape":"ShardIterator", + "documentation":"

    The unique identifier of the shard iterator. A shard iterator specifies the position in the shard from which you want to start reading data records sequentially. You obtain this value by calling the GetShardIterator operation. Each shard iterator is valid for 15 minutes after creation.

    " + }, + "maxResults":{ + "shape":"GetRecordsInputMaxResultsInteger", + "documentation":"

    The maximum number of records to return in a single GetRecords request. Default value is 1000. You can specify a limit between 1 and 1000, but the actual number returned might be less than the specified maximum if the size of the data for the returned records exceeds the internal size limit.

    " + } + } + }, + "GetRecordsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "GetRecordsOutput":{ + "type":"structure", + "members":{ + "changeRecords":{ + "shape":"RecordList", + "documentation":"

    An array of change data records retrieved from the specified shard. Each record represents a single data modification (insert, update, or delete) to a row in the Amazon Keyspaces table. Records include the primary key columns and information about what data was modified.

    " + }, + "nextShardIterator":{ + "shape":"ShardIterator", + "documentation":"

    The next position in the shard from which to start sequentially reading data records. If null, the shard has been closed and the requested iterator doesn't return any more data.

    " + } + } + }, + "GetShardIteratorInput":{ + "type":"structure", + "required":[ + "streamArn", + "shardId", + "shardIteratorType" + ], + "members":{ + "streamArn":{ + "shape":"StreamArn", + "documentation":"

    The Amazon Resource Name (ARN) of the stream for which to get the shard iterator. The ARN uniquely identifies the stream within Amazon Keyspaces.

    " + }, + "shardId":{ + "shape":"ShardId", + "documentation":"

    The identifier of the shard within the stream. The shard ID uniquely identifies a subset of the stream's data records that you want to access.

    " + }, + "shardIteratorType":{ + "shape":"ShardIteratorType", + "documentation":"

    Determines how the shard iterator is positioned. Must be one of the following:

    • TRIM_HORIZON - Start reading at the last untrimmed record in the shard, which is the oldest data record in the shard.

    • AT_SEQUENCE_NUMBER - Start reading exactly from the specified sequence number.

    • AFTER_SEQUENCE_NUMBER - Start reading right after the specified sequence number.

    • LATEST - Start reading just after the most recent record in the shard, so that you always read the most recent data.

    " + }, + "sequenceNumber":{ + "shape":"SequenceNumber", + "documentation":"

    The sequence number of the data record in the shard from which to start reading. Required if ShardIteratorType is AT_SEQUENCE_NUMBER or AFTER_SEQUENCE_NUMBER. This parameter is ignored for other iterator types.

    " + } + } + }, + "GetShardIteratorOutput":{ + "type":"structure", + "members":{ + "shardIterator":{ + "shape":"ShardIterator", + "documentation":"

    The unique identifier for the shard iterator. This value is used in the GetRecords operation to retrieve data records from the specified shard. Each shard iterator expires 15 minutes after it is returned to the requester.

    " + } + } + }, + "GetStreamInput":{ + "type":"structure", + "required":["streamArn"], + "members":{ + "streamArn":{ + "shape":"StreamArn", + "documentation":"

    The Amazon Resource Name (ARN) of the stream for which detailed information is requested. This uniquely identifies the specific stream you want to get information about.

    " + }, + "maxResults":{ + "shape":"GetStreamInputMaxResultsInteger", + "documentation":"

    The maximum number of shard objects to return in a single GetStream request. Default value is 100. The minimum value is 1 and the maximum value is 100.

    " + }, + "shardFilter":{ + "shape":"ShardFilter", + "documentation":"

    Optional filter criteria to apply when retrieving shards. You can filter shards based on their state or other attributes to narrow down the results returned by the GetStream operation.

    " + }, + "nextToken":{ + "shape":"ShardIdToken", + "documentation":"

    An optional pagination token provided by a previous GetStream operation. If this parameter is specified, the response includes only records beyond the token, up to the value specified by maxResults.

    " + } + } + }, + "GetStreamInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "GetStreamOutput":{ + "type":"structure", + "required":[ + "streamArn", + "streamLabel", + "streamStatus", + "streamViewType", + "creationRequestDateTime", + "keyspaceName", + "tableName" + ], + "members":{ + "streamArn":{ + "shape":"StreamArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the stream within Amazon Keyspaces. This ARN can be used in other API operations to reference this specific stream.

    " + }, + "streamLabel":{ + "shape":"String", + "documentation":"

    A timestamp that serves as a unique identifier for this stream, used for debugging and monitoring purposes. The stream label represents the point in time when the stream was created.

    " + }, + "streamStatus":{ + "shape":"StreamStatus", + "documentation":"

    The current status of the stream. Values can be ENABLING, ENABLED, DISABLING, or DISABLED. Operations on the stream depend on its current status.

    " + }, + "streamViewType":{ + "shape":"StreamViewType", + "documentation":"

    The format of the data records in this stream. Currently, this can be one of the following options:

    • NEW_AND_OLD_IMAGES - both versions of the row, before and after the change. This is the default.

    • NEW_IMAGE - the version of the row after the change.

    • OLD_IMAGE - the version of the row before the change.

    • KEYS_ONLY - the partition and clustering keys of the row that was changed.

    " + }, + "creationRequestDateTime":{ + "shape":"Date", + "documentation":"

    The date and time when the request to create this stream was issued. The value is represented in ISO 8601 format.

    " + }, + "keyspaceName":{ + "shape":"KeyspaceName", + "documentation":"

    The name of the keyspace containing the table associated with this stream. The keyspace name is part of the table's hierarchical identifier in Amazon Keyspaces.

    " + }, + "tableName":{ + "shape":"TableName", + "documentation":"

    The name of the table associated with this stream. The stream captures changes to rows in this Amazon Keyspaces table.

    " + }, + "shards":{ + "shape":"ShardDescriptionList", + "documentation":"

    An array of shard objects associated with this stream. Each shard contains a subset of the stream's data records and has its own unique identifier. The collection of shards represents the complete stream data.

    " + }, + "nextToken":{ + "shape":"ShardIdToken", + "documentation":"

    A pagination token that can be used in a subsequent GetStream request. This token is returned if the response contains more shards than can be returned in a single response.

    " + } + } + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

    The service encountered an internal error. Try your request again.

    " + } + }, + "documentation":"

    The Amazon Keyspaces service encountered an unexpected error while processing the request.

    This internal server error is not related to your request parameters. Retry your request after a brief delay. If the issue persists, contact Amazon Web Services Support with details of your request to help identify and resolve the problem.

    ", + "exception":true, + "fault":true + }, + "KeyspaceName":{ + "type":"string", + "max":48, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_]{0,47}" + }, + "KeyspacesCell":{ + "type":"structure", + "members":{ + "value":{ + "shape":"KeyspacesCellValue", + "documentation":"

    The value stored in this cell, which can be of various data types supported by Amazon Keyspaces.

    " + }, + "metadata":{ + "shape":"KeyspacesMetadata", + "documentation":"

    Metadata associated with this cell, such as time-to-live (TTL) expiration time and write timestamp.

    " + } + }, + "documentation":"

    Represents a cell in an Amazon Keyspaces table, containing both the value and metadata about the cell.

    " + }, + "KeyspacesCellList":{ + "type":"list", + "member":{"shape":"KeyspacesCell"} + }, + "KeyspacesCellMap":{ + "type":"list", + "member":{"shape":"KeyspacesCellMapDefinition"} + }, + "KeyspacesCellMapDefinition":{ + "type":"structure", + "members":{ + "key":{ + "shape":"KeyspacesCellValue", + "documentation":"

    The key of this map entry in the Amazon Keyspaces cell.

    " + }, + "value":{ + "shape":"KeyspacesCellValue", + "documentation":"

    The value associated with the key in this map entry.

    " + }, + "metadata":{ + "shape":"KeyspacesMetadata", + "documentation":"

    Metadata for this specific key-value pair within the map, such as timestamps and TTL information.

    " + } + }, + "documentation":"

    Represents a key-value pair within a map data type in Amazon Keyspaces, including the associated metadata.

    " + }, + "KeyspacesCellValue":{ + "type":"structure", + "members":{ + "asciiT":{ + "shape":"String", + "documentation":"

    A value of ASCII text type, containing US-ASCII characters.

    " + }, + "bigintT":{ + "shape":"String", + "documentation":"

    A 64-bit signed integer value.

    " + }, + "blobT":{ + "shape":"Blob", + "documentation":"

    A binary large object (BLOB) value stored as a Base64-encoded string.

    " + }, + "boolT":{ + "shape":"Boolean", + "documentation":"

    A Boolean value, either true or false.

    " + }, + "counterT":{ + "shape":"String", + "documentation":"

    A distributed counter value that can be incremented and decremented.

    " + }, + "dateT":{ + "shape":"String", + "documentation":"

    A date value without a time component, represented as days since epoch (January 1, 1970).

    " + }, + "decimalT":{ + "shape":"String", + "documentation":"

    A variable-precision decimal number value.

    " + }, + "doubleT":{ + "shape":"String", + "documentation":"

    A 64-bit double-precision floating point value.

    " + }, + "floatT":{ + "shape":"String", + "documentation":"

    A 32-bit single-precision floating point value.

    " + }, + "inetT":{ + "shape":"String", + "documentation":"

    An IP address value, either IPv4 or IPv6 format.

    " + }, + "intT":{ + "shape":"String", + "documentation":"

    A 32-bit signed integer value.

    " + }, + "listT":{ + "shape":"KeyspacesCellList", + "documentation":"

    An ordered collection of elements that can contain duplicate values.

    " + }, + "mapT":{ + "shape":"KeyspacesCellMap", + "documentation":"

    A collection of key-value pairs where each key is unique.

    " + }, + "setT":{ + "shape":"KeyspacesCellList", + "documentation":"

    An unordered collection of unique elements.

    " + }, + "smallintT":{ + "shape":"String", + "documentation":"

    A 16-bit signed integer value.

    " + }, + "textT":{ + "shape":"String", + "documentation":"

    A UTF-8 encoded string value.

    " + }, + "timeT":{ + "shape":"String", + "documentation":"

    A time value without a date component, with nanosecond precision.

    " + }, + "timestampT":{ + "shape":"String", + "documentation":"

    A timestamp value representing date and time with millisecond precision.

    " + }, + "timeuuidT":{ + "shape":"String", + "documentation":"

    A universally unique identifier (UUID) that includes a timestamp component, ensuring both uniqueness and time ordering.

    " + }, + "tinyintT":{ + "shape":"String", + "documentation":"

    An 8-bit signed integer value.

    " + }, + "tupleT":{ + "shape":"KeyspacesCellList", + "documentation":"

    A fixed-length ordered list of elements, where each element can be of a different data type.

    " + }, + "uuidT":{ + "shape":"String", + "documentation":"

    A universally unique identifier (UUID) value.

    " + }, + "varcharT":{ + "shape":"String", + "documentation":"

    A UTF-8 encoded string value, functionally equivalent to text type.

    " + }, + "varintT":{ + "shape":"String", + "documentation":"

    A variable precision integer value with arbitrary length.

    " + }, + "udtT":{ + "shape":"KeyspacesUdtMap", + "documentation":"

    A user-defined type (UDT) value consisting of named fields, each with its own data type.

    " + } + }, + "documentation":"

    Represents the value of a cell in an Amazon Keyspaces table, supporting various data types with type-specific fields.

    ", + "union":true + }, + "KeyspacesCells":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"KeyspacesCell"} + }, + "KeyspacesKeysMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"KeyspacesCellValue"} + }, + "KeyspacesMetadata":{ + "type":"structure", + "members":{ + "expirationTime":{ + "shape":"String", + "documentation":"

    The time at which the associated data will expire, based on the time-to-live (TTL) setting.

    " + }, + "writeTime":{ + "shape":"String", + "documentation":"

    The timestamp at which the associated data was written to the database.

    " + } + }, + "documentation":"

    Contains metadata information associated with Amazon Keyspaces cells and rows.

    " + }, + "KeyspacesRow":{ + "type":"structure", + "members":{ + "valueCells":{ + "shape":"KeyspacesCells", + "documentation":"

    A map of regular (non-static) column cells in the row, where keys are column names and values are the corresponding cells.

    " + }, + "staticCells":{ + "shape":"KeyspacesCells", + "documentation":"

    A map of static column cells shared by all rows with the same partition key, where keys are column names and values are the corresponding cells.

    " + }, + "rowMetadata":{ + "shape":"KeyspacesMetadata", + "documentation":"

    Metadata that applies to the entire row, such as timestamps and TTL information.

    " + } + }, + "documentation":"

    Represents a row in an Amazon Keyspaces table, containing regular column values, static column values, and row-level metadata.

    " + }, + "KeyspacesUdtMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"KeyspacesCell"} + }, + "ListStreamsInput":{ + "type":"structure", + "members":{ + "keyspaceName":{ + "shape":"KeyspaceName", + "documentation":"

    The name of the keyspace for which to list streams. If specified, only streams associated with tables in this keyspace are returned. If omitted, streams from all keyspaces are included in the results.

    " + }, + "tableName":{ + "shape":"TableName", + "documentation":"

    The name of the table for which to list streams. Must be used together with keyspaceName. If specified, only streams associated with this specific table are returned.

    " + }, + "maxResults":{ + "shape":"ListStreamsInputMaxResultsInteger", + "documentation":"

    The maximum number of streams to return in a single ListStreams request. Default value is 100. The minimum value is 1 and the maximum value is 100.

    " + }, + "nextToken":{ + "shape":"StreamArnToken", + "documentation":"

    An optional pagination token provided by a previous ListStreams operation. If this parameter is specified, the response includes only records beyond the token, up to the value specified by maxResults.

    " + } + } + }, + "ListStreamsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListStreamsOutput":{ + "type":"structure", + "members":{ + "streams":{ + "shape":"StreamList", + "documentation":"

    An array of stream objects, each containing summary information about a stream including its ARN, status, and associated table information. This list includes all streams that match the request criteria.

    " + }, + "nextToken":{ + "shape":"StreamArnToken", + "documentation":"

    A pagination token that can be used in a subsequent ListStreams request. This token is returned if the response contains more streams than can be returned in a single response based on the MaxResults parameter.

    " + } + } + }, + "OriginType":{ + "type":"string", + "enum":[ + "USER", + "REPLICATION", + "TTL" + ] + }, + "Record":{ + "type":"structure", + "members":{ + "eventVersion":{ + "shape":"String", + "documentation":"

    The version of the record format, used to track the evolution of the record structure over time.

    " + }, + "createdAt":{ + "shape":"Date", + "documentation":"

    The timestamp indicating when this change data capture record was created.

    " + }, + "origin":{ + "shape":"OriginType", + "documentation":"

    The origin or source of this change data capture record.

    " + }, + "partitionKeys":{ + "shape":"KeyspacesKeysMap", + "documentation":"

    The partition key columns and their values for the affected row.

    " + }, + "clusteringKeys":{ + "shape":"KeyspacesKeysMap", + "documentation":"

    The clustering key columns and their values for the affected row, which determine the order of rows within a partition.

    " + }, + "newImage":{ + "shape":"KeyspacesRow", + "documentation":"

    The state of the row after the change operation that generated this record.

    " + }, + "oldImage":{ + "shape":"KeyspacesRow", + "documentation":"

    The state of the row before the change operation that generated this record.

    " + }, + "sequenceNumber":{ + "shape":"SequenceNumber", + "documentation":"

    A unique identifier assigned to this record within the shard, used for ordering and tracking purposes.

    " + } + }, + "documentation":"

    Represents a change data capture record for a row in an Amazon Keyspaces table, containing both the new and old states of the row.

    " + }, + "RecordList":{ + "type":"list", + "member":{"shape":"Record"} + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

    The requested resource wasn't found. Verify that the resource exists and try again.

    " + } + }, + "documentation":"

    The requested resource doesn't exist or could not be found.

    This exception occurs when you attempt to access a keyspace, table, stream, or other Amazon Keyspaces resource that doesn't exist or that has been deleted. Verify that the resource identifier is correct and that the resource exists in your account.

    ", + "exception":true + }, + "SequenceNumber":{ + "type":"string", + "max":48, + "min":21 + }, + "SequenceNumberRange":{ + "type":"structure", + "members":{ + "startingSequenceNumber":{ + "shape":"SequenceNumber", + "documentation":"

    The starting sequence number of the range.

    " + }, + "endingSequenceNumber":{ + "shape":"SequenceNumber", + "documentation":"

    The ending sequence number of the range, which may be null for open-ended ranges.

    " + } + }, + "documentation":"

    Defines a range of sequence numbers within a change data capture stream's shard for Amazon Keyspaces.

    " + }, + "Shard":{ + "type":"structure", + "members":{ + "shardId":{ + "shape":"ShardId", + "documentation":"

    A unique identifier for this shard within the stream.

    " + }, + "sequenceNumberRange":{ + "shape":"SequenceNumberRange", + "documentation":"

    The range of sequence numbers contained within this shard.

    " + }, + "parentShardIds":{ + "shape":"ShardIdList", + "documentation":"

    The identifiers of parent shards that this shard evolved from, if this shard was created through resharding.

    " + } + }, + "documentation":"

    Represents a uniquely identified group of change records within a change data capture stream for Amazon Keyspaces.

    " + }, + "ShardDescriptionList":{ + "type":"list", + "member":{"shape":"Shard"} + }, + "ShardFilter":{ + "type":"structure", + "members":{ + "type":{ + "shape":"ShardFilterType", + "documentation":"

    The type of shard filter to use, which determines how the shardId parameter is interpreted.

    " + }, + "shardId":{ + "shape":"ShardId", + "documentation":"

    The identifier of a specific shard used to filter results based on the specified filter type.

    " + } + }, + "documentation":"

    A filter used to limit the shards returned by a GetStream operation.

    " + }, + "ShardFilterType":{ + "type":"string", + "enum":["CHILD_SHARDS"] + }, + "ShardId":{ + "type":"string", + "max":65, + "min":28 + }, + "ShardIdList":{ + "type":"list", + "member":{"shape":"ShardId"} + }, + "ShardIdToken":{ + "type":"string", + "max":3000, + "min":80 + }, + "ShardIterator":{ + "type":"string", + "max":4096, + "min":1 + }, + "ShardIteratorType":{ + "type":"string", + "enum":[ + "TRIM_HORIZON", + "LATEST", + "AT_SEQUENCE_NUMBER", + "AFTER_SEQUENCE_NUMBER" + ] + }, + "Stream":{ + "type":"structure", + "required":[ + "streamArn", + "keyspaceName", + "tableName", + "streamLabel" + ], + "members":{ + "streamArn":{ + "shape":"StreamArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies this stream.

    " + }, + "keyspaceName":{ + "shape":"KeyspaceName", + "documentation":"

    The name of the keyspace containing the table associated with this stream.

    " + }, + "tableName":{ + "shape":"TableName", + "documentation":"

    The name of the table associated with this stream.

    " + }, + "streamLabel":{ + "shape":"String", + "documentation":"

    A unique identifier for this stream that can be used in stream operations.

    " + } + }, + "documentation":"

    Represents a change data capture stream for an Amazon Keyspaces table, which enables tracking and processing of data changes.

    " + }, + "StreamArn":{ + "type":"string", + "max":1024, + "min":37 + }, + "StreamArnToken":{ + "type":"string", + "max":3000, + "min":80 + }, + "StreamList":{ + "type":"list", + "member":{"shape":"Stream"} + }, + "StreamStatus":{ + "type":"string", + "enum":[ + "ENABLING", + "ENABLED", + "DISABLING", + "DISABLED" + ] + }, + "StreamViewType":{ + "type":"string", + "enum":[ + "NEW_IMAGE", + "OLD_IMAGE", + "NEW_AND_OLD_IMAGES", + "KEYS_ONLY" + ] + }, + "String":{"type":"string"}, + "TableName":{ + "type":"string", + "max":48, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_]{0,47}" + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

    The request was denied due to request throttling. Reduce the frequency of requests and try again.

    " + } + }, + "documentation":"

    The request rate is too high and exceeds the service's throughput limits.

    This exception occurs when you send too many requests in a short period of time. Implement exponential backoff in your retry strategy to handle this exception. Reducing your request frequency or distributing requests more evenly can help avoid throughput exceptions.

    ", + "exception":true + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"String", + "documentation":"

    The input fails to satisfy the constraints specified by the service. Check the error details and modify your request.

    " + }, + "errorCode":{ + "shape":"ValidationExceptionType", + "documentation":"

    An error occurred validating your request. See the error message for details.

    " + } + }, + "documentation":"

    The request validation failed because one or more input parameters failed validation.

    This exception occurs when there are syntax errors in the request, field constraints are violated, or required parameters are missing. To help you fix the issue, the exception message provides details about which parameter failed and why.

    ", + "exception":true + }, + "ValidationExceptionType":{ + "type":"string", + "enum":[ + "InvalidFormat", + "TrimmedDataAccess", + "ExpiredIterator", + "ExpiredNextToken" + ] + } + }, + "documentation":"

    Amazon Keyspaces (for Apache Cassandra) change data capture (CDC) records change events for Amazon Keyspaces tables. The change events captured in a stream are time-ordered and de-duplicated write operations. Using stream data you can build event driven applications that incorporate near-real time change events from Amazon Keyspaces tables.

    Amazon Keyspaces CDC is serverless and scales the infrastructure for change events automatically based on the volume of changes on your table.

    This API reference describes the Amazon Keyspaces CDC stream API in detail.

    For more information about Amazon Keyspaces CDC, see Working with change data capture (CDC) streams in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.

    To learn how Amazon Keyspaces CDC API actions are recorded with CloudTrail, see Amazon Keyspaces information in CloudTrail in the Amazon Keyspaces Developer Guide.

    To see the metrics Amazon Keyspaces CDC sends to Amazon CloudWatch, see Amazon Keyspaces change data capture (CDC) CloudWatch metrics in the Amazon Keyspaces Developer Guide.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/kinesis/2013-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesis/2013-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesis/2013-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis/2013-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,47 +5,47 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "StreamARN": { "required": false, "documentation": "The ARN of the Kinesis stream", - "type": "String" + "type": "string" }, "OperationType": { "required": false, "documentation": "Internal parameter to distinguish between Control/Data plane API and accordingly generate control/data plane endpoint", - "type": "String" + "type": "string" }, "ConsumerARN": { "required": false, "documentation": "The ARN of the Kinesis consumer", - "type": "String" + "type": "string" }, "ResourceARN": { "required": false, "documentation": "The ARN of the Kinesis resource", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kinesis/2013-12-02/service-2.json 2.31.35-1/awscli/botocore/data/kinesis/2013-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesis/2013-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis/2013-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -45,9 +45,10 @@ "errors":[ {"shape":"ResourceInUseException"}, {"shape":"LimitExceededException"}, - {"shape":"InvalidArgumentException"} + {"shape":"InvalidArgumentException"}, + {"shape":"ValidationException"} ], - "documentation":"

    Creates a Kinesis data stream. A stream captures and transports data records that are continuously emitted from different data sources or producers. Scale-out within a stream is explicitly supported by means of shards, which are uniquely identified groups of data records in a stream.

    You can create your data stream using either on-demand or provisioned capacity mode. Data streams with an on-demand mode require no capacity planning and automatically scale to handle gigabytes of write and read throughput per minute. With the on-demand mode, Kinesis Data Streams automatically manages the shards in order to provide the necessary throughput. For the data streams with a provisioned mode, you must specify the number of shards for the data stream. Each shard can support reads up to five transactions per second, up to a maximum data read total of 2 MiB per second. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second. If the amount of data input increases or decreases, you can add or remove shards.

    The stream name identifies the stream. The name is scoped to the Amazon Web Services account used by the application. It is also scoped by Amazon Web Services Region. That is, two streams in two different accounts can have the same name, and two streams in the same account, but in two different Regions, can have the same name.

    CreateStream is an asynchronous operation. Upon receiving a CreateStream request, Kinesis Data Streams immediately returns and sets the stream status to CREATING. After the stream is created, Kinesis Data Streams sets the stream status to ACTIVE. You should perform read and write operations only on an ACTIVE stream.

    You receive a LimitExceededException when making a CreateStream request when you try to do one of the following:

    • Have more than five streams in the CREATING state at any point in time.

    • Create more shards than are authorized for your account.

    For the default shard limit for an Amazon Web Services account, see Amazon Kinesis Data Streams Limits in the Amazon Kinesis Data Streams Developer Guide. To increase this limit, contact Amazon Web Services Support.

    You can use DescribeStreamSummary to check the stream status, which is returned in StreamStatus.

    CreateStream has a limit of five transactions per second per account.

    You can add tags to the stream when making a CreateStream request by setting the Tags parameter. If you pass Tags parameter, in addition to having kinesis:createStream permission, you must also have kinesis:addTagsToStream permission for the stream that will be created. Tags will take effect from the CREATING status of the stream.

    " + "documentation":"

    Creates a Kinesis data stream. A stream captures and transports data records that are continuously emitted from different data sources or producers. Scale-out within a stream is explicitly supported by means of shards, which are uniquely identified groups of data records in a stream.

    You can create your data stream using either on-demand or provisioned capacity mode. Data streams with an on-demand mode require no capacity planning and automatically scale to handle gigabytes of write and read throughput per minute. With the on-demand mode, Kinesis Data Streams automatically manages the shards in order to provide the necessary throughput.

    If you'd still like to proactively scale your on-demand data stream’s capacity, you can unlock the warm throughput feature for on-demand data streams by enabling MinimumThroughputBillingCommitment for your account. Once your account has MinimumThroughputBillingCommitment enabled, you can specify the warm throughput in MiB per second that your stream can support in writes.

    For the data streams with a provisioned mode, you must specify the number of shards for the data stream. Each shard can support reads up to five transactions per second, up to a maximum data read total of 2 MiB per second. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second. If the amount of data input increases or decreases, you can add or remove shards.

    The stream name identifies the stream. The name is scoped to the Amazon Web Services account used by the application. It is also scoped by Amazon Web Services Region. That is, two streams in two different accounts can have the same name, and two streams in the same account, but in two different Regions, can have the same name.

    CreateStream is an asynchronous operation. Upon receiving a CreateStream request, Kinesis Data Streams immediately returns and sets the stream status to CREATING. After the stream is created, Kinesis Data Streams sets the stream status to ACTIVE. You should perform read and write operations only on an ACTIVE stream.

    You receive a LimitExceededException when making a CreateStream request when you try to do one of the following:

    • Have more than five streams in the CREATING state at any point in time.

    • Create more shards than are authorized for your account.

    For the default shard or on-demand throughput limits for an Amazon Web Services account, see Amazon Kinesis Data Streams Limits in the Amazon Kinesis Data Streams Developer Guide. To increase this limit, contact Amazon Web Services Support.

    You can use DescribeStreamSummary to check the stream status, which is returned in StreamStatus.

    CreateStream has a limit of five transactions per second per account.

    You can add tags to the stream when making a CreateStream request by setting the Tags parameter. If you pass the Tags parameter, in addition to having the kinesis:CreateStream permission, you must also have the kinesis:AddTagsToStream permission for the stream that will be created. The kinesis:TagResource permission won’t work to tag streams on creation. Tags will take effect from the CREATING status of the stream, but you can't make any updates to the tags until the stream is in ACTIVE state.

    " }, "DecreaseStreamRetentionPeriod":{ "name":"DecreaseStreamRetentionPeriod", @@ -123,6 +124,19 @@ "OperationType":{"value":"control"} } }, + "DescribeAccountSettings":{ + "name":"DescribeAccountSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeAccountSettingsInput"}, + "output":{"shape":"DescribeAccountSettingsOutput"}, + "errors":[ + {"shape":"LimitExceededException"} + ], + "documentation":"

    Describes the account-level settings for Amazon Kinesis Data Streams. This operation returns information about the minimum throughput billing commitments and other account-level configurations.

    This API has a call limit of 5 transactions per second (TPS) for each Amazon Web Services account. TPS over 5 will initiate the LimitExceededException.

    " + }, "DescribeLimits":{ "name":"DescribeLimits", "http":{ @@ -251,7 +265,8 @@ {"shape":"KMSNotFoundException"}, {"shape":"KMSOptInRequired"}, {"shape":"KMSThrottlingException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"} ], "documentation":"

    Gets data records from a Kinesis data stream's shard.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    Specify a shard iterator using the ShardIterator parameter. The shard iterator specifies the position in the shard from which you want to start reading data records sequentially. If there are no records available in the portion of the shard that the iterator points to, GetRecords returns an empty list. It might take multiple calls to get to a portion of the shard that contains records.

    You can scale by provisioning multiple shards per stream while considering service limits (for more information, see Amazon Kinesis Data Streams Limits in the Amazon Kinesis Data Streams Developer Guide). Your application should have one thread per shard, each reading continuously from its stream. To read from a stream continually, call GetRecords in a loop. Use GetShardIterator to get the shard iterator to specify in the first GetRecords call. GetRecords returns a new shard iterator in NextShardIterator. Specify the shard iterator returned in NextShardIterator in subsequent calls to GetRecords. If the shard has been closed, the shard iterator can't return more data and GetRecords returns null in NextShardIterator. You can terminate the loop when the shard is closed, or when the shard iterator reaches the record with the sequence number or other attribute that marks it as the last record to process.

    Each data record can be up to 1 MiB in size, and each shard can read up to 2 MiB per second. You can ensure that your calls don't exceed the maximum supported size or throughput by using the Limit parameter to specify the maximum number of records that GetRecords can return. Consider your average record size when determining this limit. The maximum number of records that can be returned per call is 10,000.

    The size of the data returned by GetRecords varies depending on the utilization of the shard. It is recommended that consumer applications retrieve records via the GetRecords command using the 5 TPS limit to remain caught up. Retrieving records less frequently can lead to consumer applications falling behind. The maximum size of data that GetRecords can return is 10 MiB. If a call returns this amount of data, subsequent calls made within the next 5 seconds throw ProvisionedThroughputExceededException. If there is insufficient provisioned throughput on the stream, subsequent calls made within the next 1 second throw ProvisionedThroughputExceededException. GetRecords doesn't return any data when it throws an exception. For this reason, we recommend that you wait 1 second between calls to GetRecords. However, it's possible that the application will get exceptions for longer than 1 second.

    To detect whether the application is falling behind in processing, you can use the MillisBehindLatest response attribute. You can also monitor the stream using CloudWatch metrics and other mechanisms (see Monitoring in the Amazon Kinesis Data Streams Developer Guide).

    Each Amazon Kinesis record includes a value, ApproximateArrivalTimestamp, that is set when a stream successfully receives and stores a record. This is commonly referred to as a server-side time stamp, whereas a client-side time stamp is set when a data producer creates or sends the record to a stream (a data producer is any data source putting data records into a stream, for example with PutRecords). The time stamp has millisecond precision. There are no guarantees about the time stamp accuracy, or that the time stamp is always increasing. For example, records in a shard or across a stream might have time stamps that are out of order.

    This operation has a limit of five transactions per second per shard.

    ", "staticContextParams":{ @@ -290,7 +305,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidArgumentException"}, {"shape":"ProvisionedThroughputExceededException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"} ], "documentation":"

    Gets an Amazon Kinesis shard iterator. A shard iterator expires 5 minutes after it is returned to the requester.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    A shard iterator specifies the shard position from which to start reading data records sequentially. The position is specified using the sequence number of a data record in a shard. A sequence number is the identifier associated with every record ingested in the stream, and is assigned when a record is put into the stream. Each stream has one or more shards.

    You must specify the shard iterator type. For example, you can set the ShardIteratorType parameter to read exactly from the position denoted by a specific sequence number by using the AT_SEQUENCE_NUMBER shard iterator type. Alternatively, the parameter can read right after the sequence number by using the AFTER_SEQUENCE_NUMBER shard iterator type, using sequence numbers returned by earlier calls to PutRecord, PutRecords, GetRecords, or DescribeStream. In the request, you can specify the shard iterator type AT_TIMESTAMP to read records from an arbitrary point in time, TRIM_HORIZON to cause ShardIterator to point to the last untrimmed record in the shard in the system (the oldest data record in the shard), or LATEST so that you always read the most recent data in the shard.

    When you read repeatedly from a stream, use a GetShardIterator request to get the first shard iterator for use in your first GetRecords request and for subsequent reads use the shard iterator returned by the GetRecords request in NextShardIterator. A new shard iterator is returned by every GetRecords request in NextShardIterator, which you use in the ShardIterator parameter of the next GetRecords request.

    If a GetShardIterator request is made too often, you receive a ProvisionedThroughputExceededException. For more information about throughput limits, see GetRecords, and Streams Limits in the Amazon Kinesis Data Streams Developer Guide.

    If the shard is closed, GetShardIterator returns a valid iterator for the last sequence number of the shard. A shard can be closed as a result of using SplitShard or MergeShards.

    GetShardIterator has a limit of five transactions per second per account per open shard.

    ", "staticContextParams":{ @@ -372,6 +388,26 @@ ], "documentation":"

    Lists your Kinesis data streams.

    The number of streams may be too large to return from a single call to ListStreams. You can limit the number of returned streams using the Limit parameter. If you do not specify a value for the Limit parameter, Kinesis Data Streams uses the default limit, which is currently 100.

    You can detect if there are more streams available to list by using the HasMoreStreams flag from the returned output. If there are more streams available, you can request more streams by using the name of the last stream returned by the ListStreams request in the ExclusiveStartStreamName parameter in a subsequent request to ListStreams. The group of stream names returned by the subsequent request is then added to the list. You can continue this process until all the stream names have been collected in the list.

    ListStreams has a limit of five transactions per second per account.

    " }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceInUseException"}, + {"shape":"InvalidArgumentException"}, + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    List all tags added to the specified Kinesis resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

    For more information about tagging Kinesis resources, see Tag your Amazon Kinesis Data Streams resources.

    ", + "staticContextParams":{ + "OperationType":{"value":"control"} + } + }, "ListTagsForStream":{ "name":"ListTagsForStream", "http":{ @@ -429,9 +465,10 @@ {"shape":"KMSNotFoundException"}, {"shape":"KMSOptInRequired"}, {"shape":"KMSThrottlingException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"} ], - "documentation":"

    Writes a single data record into an Amazon Kinesis data stream. Call PutRecord to send data into the stream for real-time ingestion and subsequent processing, one record at a time. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    You must specify the name of the stream that captures, stores, and transports the data; a partition key; and the data blob itself.

    The data blob can be any type of data; for example, a segment from a log file, geographic/location data, website clickstream data, and so on.

    The partition key is used by Kinesis Data Streams to distribute data across shards. Kinesis Data Streams segregates the data records that belong to a stream into multiple shards, using the partition key associated with each data record to determine the shard to which a given data record belongs.

    Partition keys are Unicode strings, with a maximum length limit of 256 characters for each key. An MD5 hash function is used to map partition keys to 128-bit integer values and to map associated data records to shards using the hash key ranges of the shards. You can override hashing the partition key to determine the shard by explicitly specifying a hash value using the ExplicitHashKey parameter. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    PutRecord returns the shard ID of where the data record was placed and the sequence number that was assigned to the data record.

    Sequence numbers increase over time and are specific to a shard within a stream, not across all shards within a stream. To guarantee strictly increasing ordering, write serially to a shard and use the SequenceNumberForOrdering parameter. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    After you write a record to a stream, you cannot modify that record or its order within the stream.

    If a PutRecord request cannot be processed because of insufficient provisioned throughput on the shard involved in the request, PutRecord throws ProvisionedThroughputExceededException.

    By default, data records are accessible for 24 hours from the time that they are added to a stream. You can use IncreaseStreamRetentionPeriod or DecreaseStreamRetentionPeriod to modify this retention period.

    ", + "documentation":"

    Writes a single data record into an Amazon Kinesis data stream. Call PutRecord to send data into the stream for real-time ingestion and subsequent processing, one record at a time. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 10 MiB per second.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    You must specify the name of the stream that captures, stores, and transports the data; a partition key; and the data blob itself.

    The data blob can be any type of data; for example, a segment from a log file, geographic/location data, website clickstream data, and so on.

    The partition key is used by Kinesis Data Streams to distribute data across shards. Kinesis Data Streams segregates the data records that belong to a stream into multiple shards, using the partition key associated with each data record to determine the shard to which a given data record belongs.

    Partition keys are Unicode strings, with a maximum length limit of 256 characters for each key. An MD5 hash function is used to map partition keys to 128-bit integer values and to map associated data records to shards using the hash key ranges of the shards. You can override hashing the partition key to determine the shard by explicitly specifying a hash value using the ExplicitHashKey parameter. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    PutRecord returns the shard ID of where the data record was placed and the sequence number that was assigned to the data record.

    Sequence numbers increase over time and are specific to a shard within a stream, not across all shards within a stream. To guarantee strictly increasing ordering, write serially to a shard and use the SequenceNumberForOrdering parameter. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    After you write a record to a stream, you cannot modify that record or its order within the stream.

    If a PutRecord request cannot be processed because of insufficient provisioned throughput on the shard involved in the request, PutRecord throws ProvisionedThroughputExceededException.

    By default, data records are accessible for 24 hours from the time that they are added to a stream. You can use IncreaseStreamRetentionPeriod or DecreaseStreamRetentionPeriod to modify this retention period.

    ", "staticContextParams":{ "OperationType":{"value":"data"} } @@ -454,9 +491,10 @@ {"shape":"KMSNotFoundException"}, {"shape":"KMSOptInRequired"}, {"shape":"KMSThrottlingException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"InternalFailureException"} ], - "documentation":"

    Writes multiple data records into a Kinesis data stream in a single call (also referred to as a PutRecords request). Use this operation to send data into the stream for data ingestion and processing.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    Each PutRecords request can support up to 500 records. Each record in the request can be as large as 1 MiB, up to a limit of 5 MiB for the entire request, including partition keys. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second.

    You must specify the name of the stream that captures, stores, and transports the data; and an array of request Records, with each record in the array requiring a partition key and data blob. The record size limit applies to the total size of the partition key and data blob.

    The data blob can be any type of data; for example, a segment from a log file, geographic/location data, website clickstream data, and so on.

    The partition key is used by Kinesis Data Streams as input to a hash function that maps the partition key and associated data to a specific shard. An MD5 hash function is used to map partition keys to 128-bit integer values and to map associated data records to shards. As a result of this hashing mechanism, all data records with the same partition key map to the same shard within the stream. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    Each record in the Records array may include an optional parameter, ExplicitHashKey, which overrides the partition key to shard mapping. This parameter allows a data producer to determine explicitly the shard where the record is stored. For more information, see Adding Multiple Records with PutRecords in the Amazon Kinesis Data Streams Developer Guide.

    The PutRecords response includes an array of response Records. Each record in the response array directly correlates with a record in the request array using natural ordering, from the top to the bottom of the request and response. The response Records array always includes the same number of records as the request array.

    The response Records array includes both successfully and unsuccessfully processed records. Kinesis Data Streams attempts to process all records in each PutRecords request. A single record failure does not stop the processing of subsequent records. As a result, PutRecords doesn't guarantee the ordering of records. If you need to read records in the same order they are written to the stream, use PutRecord instead of PutRecords, and write to the same shard.

    A successfully processed record includes ShardId and SequenceNumber values. The ShardId parameter identifies the shard in the stream where the record is stored. The SequenceNumber parameter is an identifier assigned to the put record, unique to all records in the stream.

    An unsuccessfully processed record includes ErrorCode and ErrorMessage values. ErrorCode reflects the type of error and can be one of the following values: ProvisionedThroughputExceededException or InternalFailure. ErrorMessage provides more detailed information about the ProvisionedThroughputExceededException exception including the account ID, stream name, and shard ID of the record that was throttled. For more information about partially successful responses, see Adding Multiple Records with PutRecords in the Amazon Kinesis Data Streams Developer Guide.

    After you write a record to a stream, you cannot modify that record or its order within the stream.

    By default, data records are accessible for 24 hours from the time that they are added to a stream. You can use IncreaseStreamRetentionPeriod or DecreaseStreamRetentionPeriod to modify this retention period.

    ", + "documentation":"

    Writes multiple data records into a Kinesis data stream in a single call (also referred to as a PutRecords request). Use this operation to send data into the stream for data ingestion and processing.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    Each PutRecords request can support up to 500 records. Each record in the request can be as large as 10 MiB, up to a limit of 10 MiB for the entire request, including partition keys. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MB per second.

    You must specify the name of the stream that captures, stores, and transports the data; and an array of request Records, with each record in the array requiring a partition key and data blob. The record size limit applies to the total size of the partition key and data blob.

    The data blob can be any type of data; for example, a segment from a log file, geographic/location data, website clickstream data, and so on.

    The partition key is used by Kinesis Data Streams as input to a hash function that maps the partition key and associated data to a specific shard. An MD5 hash function is used to map partition keys to 128-bit integer values and to map associated data records to shards. As a result of this hashing mechanism, all data records with the same partition key map to the same shard within the stream. For more information, see Adding Data to a Stream in the Amazon Kinesis Data Streams Developer Guide.

    Each record in the Records array may include an optional parameter, ExplicitHashKey, which overrides the partition key to shard mapping. This parameter allows a data producer to determine explicitly the shard where the record is stored. For more information, see Adding Multiple Records with PutRecords in the Amazon Kinesis Data Streams Developer Guide.

    The PutRecords response includes an array of response Records. Each record in the response array directly correlates with a record in the request array using natural ordering, from the top to the bottom of the request and response. The response Records array always includes the same number of records as the request array.

    The response Records array includes both successfully and unsuccessfully processed records. Kinesis Data Streams attempts to process all records in each PutRecords request. A single record failure does not stop the processing of subsequent records. As a result, PutRecords doesn't guarantee the ordering of records. If you need to read records in the same order they are written to the stream, use PutRecord instead of PutRecords, and write to the same shard.

    A successfully processed record includes ShardId and SequenceNumber values. The ShardId parameter identifies the shard in the stream where the record is stored. The SequenceNumber parameter is an identifier assigned to the put record, unique to all records in the stream.

    An unsuccessfully processed record includes ErrorCode and ErrorMessage values. ErrorCode reflects the type of error and can be one of the following values: ProvisionedThroughputExceededException or InternalFailure. ErrorMessage provides more detailed information about the ProvisionedThroughputExceededException exception including the account ID, stream name, and shard ID of the record that was throttled. For more information about partially successful responses, see Adding Multiple Records with PutRecords in the Amazon Kinesis Data Streams Developer Guide.

    After you write a record to a stream, you cannot modify that record or its order within the stream.

    By default, data records are accessible for 24 hours from the time that they are added to a stream. You can use IncreaseStreamRetentionPeriod or DecreaseStreamRetentionPeriod to modify this retention period.

    ", "staticContextParams":{ "OperationType":{"value":"data"} } @@ -494,7 +532,7 @@ {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Registers a consumer with a Kinesis data stream. When you use this operation, the consumer you register can then call SubscribeToShard to receive data from the stream using enhanced fan-out, at a rate of up to 2 MiB per second for every shard you subscribe to. This rate is unaffected by the total number of consumers that read from the same stream.

    You can register up to 20 consumers per stream. A given consumer can only be registered with one stream at a time.

    For an example of how to use this operation, see Enhanced Fan-Out Using the Kinesis Data Streams API.

    The use of this operation has a limit of five transactions per second per account. Also, only 5 consumers can be created simultaneously. In other words, you cannot have more than 5 consumers in a CREATING status at the same time. Registering a 6th consumer while there are 5 in a CREATING status results in a LimitExceededException.

    ", + "documentation":"

    Registers a consumer with a Kinesis data stream. When you use this operation, the consumer you register can then call SubscribeToShard to receive data from the stream using enhanced fan-out, at a rate of up to 2 MiB per second for every shard you subscribe to. This rate is unaffected by the total number of consumers that read from the same stream.

    You can add tags to the registered consumer when making a RegisterStreamConsumer request by setting the Tags parameter. If you pass the Tags parameter, in addition to having the kinesis:RegisterStreamConsumer permission, you must also have the kinesis:TagResource permission for the consumer that will be registered. Tags will take effect from the CREATING status of the consumer.

    You can register up to 20 consumers per stream. A given consumer can only be registered with one stream at a time.

    For an example of how to use this operation, see Enhanced Fan-Out Using the Kinesis Data Streams API.

    The use of this operation has a limit of five transactions per second per account. Also, only 5 consumers can be created simultaneously. In other words, you cannot have more than 5 consumers in a CREATING status at the same time. Registering a 6th consumer while there are 5 in a CREATING status results in a LimitExceededException.

    ", "staticContextParams":{ "OperationType":{"value":"control"} } @@ -602,6 +640,79 @@ "OperationType":{"value":"data"} } }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceInUseException"}, + {"shape":"InvalidArgumentException"}, + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Adds or updates tags for the specified Kinesis resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can assign up to 50 tags to a Kinesis resource.

    ", + "staticContextParams":{ + "OperationType":{"value":"control"} + } + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceInUseException"}, + {"shape":"InvalidArgumentException"}, + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Removes tags from the specified Kinesis resource. Removed tags are deleted and can't be recovered after this operation completes successfully.

    ", + "staticContextParams":{ + "OperationType":{"value":"control"} + } + }, + "UpdateAccountSettings":{ + "name":"UpdateAccountSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateAccountSettingsInput"}, + "output":{"shape":"UpdateAccountSettingsOutput"}, + "errors":[ + {"shape":"InvalidArgumentException"}, + {"shape":"ValidationException"}, + {"shape":"LimitExceededException"} + ], + "documentation":"

    Updates the account-level settings for Amazon Kinesis Data Streams.

    Updating account settings is a synchronous operation. Upon receiving the request, Kinesis Data Streams will return immediately with your account’s updated settings.

    API limits

    • Certain account configurations have minimum commitment windows. Attempting to update your settings prior to the end of the minimum commitment window might have certain restrictions.

    • This API has a call limit of 5 transactions per second (TPS) for each Amazon Web Services account. TPS over 5 will initiate the LimitExceededException.

    " + }, + "UpdateMaxRecordSize":{ + "name":"UpdateMaxRecordSize", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateMaxRecordSizeInput"}, + "errors":[ + {"shape":"ResourceInUseException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidArgumentException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    This allows you to update the MaxRecordSize of a single record that you can write to, and read from a stream. You can ingest and digest single records up to 10240 KiB.

    ", + "staticContextParams":{ + "OperationType":{"value":"control"} + } + }, "UpdateShardCount":{ "name":"UpdateShardCount", "http":{ @@ -634,9 +745,31 @@ {"shape":"InvalidArgumentException"}, {"shape":"LimitExceededException"}, {"shape":"ResourceInUseException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} ], - "documentation":"

    Updates the capacity mode of the data stream. Currently, in Kinesis Data Streams, you can choose between an on-demand capacity mode and a provisioned capacity mode for your data stream.

    ", + "documentation":"

    Updates the capacity mode of the data stream. Currently, in Kinesis Data Streams, you can choose between an on-demand capacity mode and a provisioned capacity mode for your data stream.

    If you'd still like to proactively scale your on-demand data stream’s capacity, you can unlock the warm throughput feature for on-demand data streams by enabling MinimumThroughputBillingCommitment for your account. Once your account has MinimumThroughputBillingCommitment enabled, you can specify the warm throughput in MiB per second that your stream can support in writes.

    ", + "staticContextParams":{ + "OperationType":{"value":"control"} + } + }, + "UpdateStreamWarmThroughput":{ + "name":"UpdateStreamWarmThroughput", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateStreamWarmThroughputInput"}, + "output":{"shape":"UpdateStreamWarmThroughputOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidArgumentException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates the warm throughput configuration for the specified Amazon Kinesis Data Streams on-demand data stream. This operation allows you to proactively scale your on-demand data stream to a specified throughput level, enabling better performance for sudden traffic spikes.

    When invoking this API, you must use either the StreamARN or the StreamName parameter, or both. It is recommended that you use the StreamARN input parameter when you invoke this API.

    Updating the warm throughput is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to UPDATING. After the update is complete, Kinesis Data Streams sets the status of the stream back to ACTIVE. Depending on the size of the stream, the scaling action could take a few minutes to complete. You can continue to read and write data to your stream while its status is UPDATING.

    This operation is only supported for data streams with the on-demand capacity mode in accounts that have MinimumThroughputBillingCommitment enabled. Provisioned capacity mode streams do not support warm throughput configuration.

    This operation has the following default limits. By default, you cannot do the following:

    • Scale to more than 10 GiBps for an on-demand stream.

    • This API has a call limit of 5 transactions per second (TPS) for each Amazon Web Services account. TPS over 5 will initiate the LimitExceededException.

    For the default limits for an Amazon Web Services account, see Streams Limits in the Amazon Kinesis Data Streams Developer Guide. To request an increase in the call rate limit, the shard limit for this API, or your overall shard limit, use the limits form.

    ", "staticContextParams":{ "OperationType":{"value":"control"} } @@ -661,7 +794,7 @@ }, "Tags":{ "shape":"TagMap", - "documentation":"

    A set of up to 10 key-value pairs to use to create the tags.

    " + "documentation":"

    A set of up to 50 key-value pairs to use to create the tags. A tag consists of a required key and an optional value. You can add up to 50 tags per resource.

    " }, "StreamARN":{ "shape":"StreamARN", @@ -804,14 +937,22 @@ }, "Tags":{ "shape":"TagMap", - "documentation":"

    A set of up to 10 key-value pairs to use to create the tags.

    " + "documentation":"

    A set of up to 50 key-value pairs to use to create the tags. A tag consists of a required key and an optional value.

    " + }, + "WarmThroughputMiBps":{ + "shape":"NaturalIntegerObject", + "documentation":"

    The target warm throughput in MB/s that the stream should be scaled to handle. This represents the throughput capacity that will be immediately available for write operations.

    " + }, + "MaxRecordSizeInKiB":{ + "shape":"MaxRecordSizeInKiB", + "documentation":"

    The maximum record size of a single record in kibibyte (KiB) that you can write to, and read from a stream.

    " } }, "documentation":"

    Represents the input for CreateStream.

    " }, "Data":{ "type":"blob", - "max":1048576, + "max":10485760, "min":0 }, "DecreaseStreamRetentionPeriodInput":{ @@ -883,11 +1024,23 @@ } } }, - "DescribeLimitsInput":{ + "DescribeAccountSettingsInput":{ + "type":"structure", + "members":{} + }, + "DescribeAccountSettingsOutput":{ "type":"structure", "members":{ + "MinimumThroughputBillingCommitment":{ + "shape":"MinimumThroughputBillingCommitmentOutput", + "documentation":"

    The current configuration of the minimum throughput billing commitment for your Amazon Web Services account.

    " + } } }, + "DescribeLimitsInput":{ + "type":"structure", + "members":{} + }, "DescribeLimitsOutput":{ "type":"structure", "required":[ @@ -1511,6 +1664,26 @@ }, "documentation":"

    Represents the output for ListStreams.

    " }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["ResourceARN"], + "members":{ + "ResourceARN":{ + "shape":"ResourceARN", + "documentation":"

    The Amazon Resource Name (ARN) of the Kinesis resource for which to list tags.

    ", + "contextParam":{"name":"ResourceARN"} + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of tags associated with the specified Kinesis resource.

    " + } + } + }, "ListTagsForStreamInput":{ "type":"structure", "members":{ @@ -1557,6 +1730,11 @@ }, "documentation":"

    Represents the output for ListTagsForStream.

    " }, + "MaxRecordSizeInKiB":{ + "type":"integer", + "max":10240, + "min":1024 + }, "MergeShardsInput":{ "type":"structure", "required":[ @@ -1607,6 +1785,59 @@ "type":"long", "min":0 }, + "MinimumThroughputBillingCommitmentInput":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"MinimumThroughputBillingCommitmentInputStatus", + "documentation":"

    The desired status of the minimum throughput billing commitment.

    " + } + }, + "documentation":"

    Represents the request parameters for configuring minimum throughput billing commitment.

    • Minimum throughput billing commitments provide cost savings on on-demand data streams in exchange for committing to a minimum level of throughput usage.

    • Commitments have a minimum duration of 24 hours that must be honored before they can be disabled.

    • If you attempt to disable a commitment before the minimum commitment period ends, the commitment will be scheduled for automatic disable at the earliest allowed end time.

    • You can cancel a pending disable by enabling the commitment again before the earliest allowed end time.

    " + }, + "MinimumThroughputBillingCommitmentInputStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "MinimumThroughputBillingCommitmentOutput":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"MinimumThroughputBillingCommitmentOutputStatus", + "documentation":"

    The current status of the minimum throughput billing commitment.

    " + }, + "StartedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the commitment was started.

    " + }, + "EndedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the commitment was ended.

    " + }, + "EarliestAllowedEndAt":{ + "shape":"Timestamp", + "documentation":"

    The earliest timestamp when the commitment can be ended.

    " + } + }, + "documentation":"

    Represents the current status of minimum throughput billing commitment for an account.

    " + }, + "MinimumThroughputBillingCommitmentOutputStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED", + "ENABLED_UNTIL_EARLIEST_ALLOWED_END" + ] + }, + "NaturalIntegerObject":{ + "type":"integer", + "min":0 + }, "NextToken":{ "type":"string", "max":1048576, @@ -1863,6 +2094,10 @@ "ConsumerName":{ "shape":"ConsumerName", "documentation":"

    For a given Kinesis data stream, each consumer must have a unique name. However, consumer names don't have to be unique across data streams.

    " + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    A set of up to 50 key-value pairs. A tag consists of a required key and an optional value.

    " } } }, @@ -2262,6 +2497,14 @@ "ConsumerCount":{ "shape":"ConsumerCountObject", "documentation":"

    The number of enhanced fan-out consumers registered with the stream.

    " + }, + "WarmThroughput":{ + "shape":"WarmThroughputObject", + "documentation":"

    The warm throughput in MB/s for the stream. This represents the throughput capacity that will be immediately available for write operations.

    " + }, + "MaxRecordSizeInKiB":{ + "shape":"MaxRecordSizeInKiB", + "documentation":"

    The maximum record size of a single record in kibibyte (KiB) that you can write to, and read from a stream.

    " } }, "documentation":"

    Represents the output for DescribeStreamSummary

    " @@ -2433,7 +2676,7 @@ "documentation":"

    An optional string, typically used to describe or define the tag. Maximum length: 256 characters. Valid characters: Unicode letters, digits, white space, _ . / = + - % @

    " } }, - "documentation":"

    Metadata assigned to the stream, consisting of a key-value pair.

    " + "documentation":"

    Metadata assigned to the stream or consumer, consisting of a key-value pair.

    " }, "TagKey":{ "type":"string", @@ -2459,12 +2702,82 @@ "max":200, "min":1 }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "Tags", + "ResourceARN" + ], + "members":{ + "Tags":{ + "shape":"TagMap", + "documentation":"

    An array of tags to be added to the Kinesis resource. A tag consists of a required key and an optional value. You can add up to 50 tags per resource.

    Tags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @.

    " + }, + "ResourceARN":{ + "shape":"ResourceARN", + "documentation":"

    The Amazon Resource Name (ARN) of the Kinesis resource to which to add tags.

    ", + "contextParam":{"name":"ResourceARN"} + } + } + }, "TagValue":{ "type":"string", "max":256, "min":0 }, "Timestamp":{"type":"timestamp"}, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "TagKeys", + "ResourceARN" + ], + "members":{ + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    A list of tag key-value pairs. Existing tags of the resource whose keys are members of this list will be removed from the Kinesis resource.

    " + }, + "ResourceARN":{ + "shape":"ResourceARN", + "documentation":"

    The Amazon Resource Name (ARN) of the Kinesis resource from which to remove tags.

    ", + "contextParam":{"name":"ResourceARN"} + } + } + }, + "UpdateAccountSettingsInput":{ + "type":"structure", + "required":["MinimumThroughputBillingCommitment"], + "members":{ + "MinimumThroughputBillingCommitment":{ + "shape":"MinimumThroughputBillingCommitmentInput", + "documentation":"

    Specifies the minimum throughput billing commitment configuration for your account.

    " + } + } + }, + "UpdateAccountSettingsOutput":{ + "type":"structure", + "members":{ + "MinimumThroughputBillingCommitment":{ + "shape":"MinimumThroughputBillingCommitmentOutput", + "documentation":"

    The updated configuration of the minimum throughput billing commitment for your account.

    " + } + } + }, + "UpdateMaxRecordSizeInput":{ + "type":"structure", + "required":["MaxRecordSizeInKiB"], + "members":{ + "StreamARN":{ + "shape":"StreamARN", + "documentation":"

    The Amazon Resource Name (ARN) of the stream for the MaxRecordSize update.

    ", + "contextParam":{"name":"StreamARN"} + }, + "MaxRecordSizeInKiB":{ + "shape":"MaxRecordSizeInKiB", + "documentation":"

    The maximum record size of a single record in KiB that you can write to, and read from a stream. Specify a value between 1024 and 10240 KiB (1 to 10 MiB). If you specify a value that is out of this range, UpdateMaxRecordSize sends back an ValidationException message.

    " + } + } + }, "UpdateShardCountInput":{ "type":"structure", "required":[ @@ -2527,6 +2840,46 @@ "StreamModeDetails":{ "shape":"StreamModeDetails", "documentation":"

    Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an on-demand capacity mode and a provisioned capacity mode for your data streams.

    " + }, + "WarmThroughputMiBps":{ + "shape":"NaturalIntegerObject", + "documentation":"

    The target warm throughput in MB/s that the stream should be scaled to handle. This represents the throughput capacity that will be immediately available for write operations. This field is only valid when the stream mode is being updated to on-demand.

    " + } + } + }, + "UpdateStreamWarmThroughputInput":{ + "type":"structure", + "required":["WarmThroughputMiBps"], + "members":{ + "StreamARN":{ + "shape":"StreamARN", + "documentation":"

    The ARN of the stream to be updated.

    ", + "contextParam":{"name":"StreamARN"} + }, + "StreamName":{ + "shape":"StreamName", + "documentation":"

    The name of the stream to be updated.

    " + }, + "WarmThroughputMiBps":{ + "shape":"NaturalIntegerObject", + "documentation":"

    The target warm throughput in MB/s that the stream should be scaled to handle. This represents the throughput capacity that will be immediately available for write operations.

    " + } + } + }, + "UpdateStreamWarmThroughputOutput":{ + "type":"structure", + "members":{ + "StreamARN":{ + "shape":"StreamARN", + "documentation":"

    The ARN of the stream that was updated.

    " + }, + "StreamName":{ + "shape":"StreamName", + "documentation":"

    The name of the stream that was updated.

    " + }, + "WarmThroughput":{ + "shape":"WarmThroughputObject", + "documentation":"

    Specifies the updated warm throughput configuration for your data stream.

    " } } }, @@ -2537,6 +2890,20 @@ }, "documentation":"

    Specifies that you tried to invoke this API for a data stream with the on-demand capacity mode. This API is only supported for data streams with the provisioned capacity mode.

    ", "exception":true + }, + "WarmThroughputObject":{ + "type":"structure", + "members":{ + "TargetMiBps":{ + "shape":"NaturalIntegerObject", + "documentation":"

    The target warm throughput value on the stream. This indicates that the stream is currently scaling towards this target value.

    " + }, + "CurrentMiBps":{ + "shape":"NaturalIntegerObject", + "documentation":"

    The current warm throughput value on the stream. This is the write throughput in MiBps that the stream is currently scaled to handle.

    " + } + }, + "documentation":"

    Represents the warm throughput configuration on the stream. This is only present for On-Demand Kinesis Data Streams in accounts that have MinimumThroughputBillingCommitment enabled.

    " } }, "documentation":"Amazon Kinesis Data Streams Service API Reference

    Amazon Kinesis Data Streams is a managed service that scales elastically for real-time processing of streaming big data.

    " diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/service-2.json 2.31.35-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-archived-media/2017-09-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2017-09-30", "endpointPrefix":"kinesisvideo", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Kinesis Video Archived Media", "serviceFullName":"Amazon Kinesis Video Streams Archived Media", "serviceId":"Kinesis Video Archived Media", "signatureVersion":"v4", - "uid":"kinesis-video-archived-media-2017-09-30" + "uid":"kinesis-video-archived-media-2017-09-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetClip":{ diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-media/2017-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesis-video-media/2017-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-media/2017-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-media/2017-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-media/2017-09-30/service-2.json 2.31.35-1/awscli/botocore/data/kinesis-video-media/2017-09-30/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-media/2017-09-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-media/2017-09-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2017-09-30", "endpointPrefix":"kinesisvideo", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Kinesis Video Media", "serviceFullName":"Amazon Kinesis Video Streams Media", "serviceId":"Kinesis Video Media", "signatureVersion":"v4", - "uid":"kinesis-video-media-2017-09-30" + "uid":"kinesis-video-media-2017-09-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetMedia":{ diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/service-2.json 2.31.35-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-signaling/2019-12-04/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2019-12-04", "endpointPrefix":"kinesisvideo", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Amazon Kinesis Video Signaling Channels", "serviceFullName":"Amazon Kinesis Video Signaling Channels", "serviceId":"Kinesis Video Signaling", "signatureVersion":"v4", - "uid":"kinesis-video-signaling-2019-12-04" + "uid":"kinesis-video-signaling-2019-12-04", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetIceServerConfig":{ diff -pruN 2.23.6-1/awscli/botocore/data/kinesis-video-webrtc-storage/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesis-video-webrtc-storage/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesis-video-webrtc-storage/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesis-video-webrtc-storage/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kinesisanalytics/2015-08-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesisanalytics/2015-08-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesisanalytics/2015-08-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisanalytics/2015-08-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/kinesisanalytics/2015-08-14/service-2.json 2.31.35-1/awscli/botocore/data/kinesisanalytics/2015-08-14/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesisanalytics/2015-08-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisanalytics/2015-08-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"kinesisanalytics", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Kinesis Analytics", "serviceFullName":"Amazon Kinesis Analytics", "serviceId":"Kinesis Analytics", "signatureVersion":"v4", "targetPrefix":"KinesisAnalytics_20150814", - "uid":"kinesisanalytics-2015-08-14" + "uid":"kinesisanalytics-2015-08-14", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddApplicationCloudWatchLoggingOption":{ @@ -366,8 +368,7 @@ }, "AddApplicationCloudWatchLoggingOptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AddApplicationInputProcessingConfigurationRequest":{ "type":"structure", @@ -398,8 +399,7 @@ }, "AddApplicationInputProcessingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AddApplicationInputRequest":{ "type":"structure", @@ -426,8 +426,7 @@ }, "AddApplicationInputResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "AddApplicationOutputRequest":{ @@ -455,8 +454,7 @@ }, "AddApplicationOutputResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "AddApplicationReferenceDataSourceRequest":{ @@ -484,8 +482,7 @@ }, "AddApplicationReferenceDataSourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "ApplicationCode":{ @@ -821,8 +818,7 @@ }, "DeleteApplicationCloudWatchLoggingOptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationInputProcessingConfigurationRequest":{ "type":"structure", @@ -848,8 +844,7 @@ }, "DeleteApplicationInputProcessingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationOutputRequest":{ "type":"structure", @@ -876,8 +871,7 @@ }, "DeleteApplicationOutputResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "DeleteApplicationReferenceDataSourceRequest":{ @@ -904,8 +898,7 @@ }, "DeleteApplicationReferenceDataSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationRequest":{ "type":"structure", @@ -927,8 +920,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "DescribeApplicationRequest":{ @@ -2131,8 +2123,7 @@ }, "StartApplicationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "StopApplicationRequest":{ @@ -2148,8 +2139,7 @@ }, "StopApplicationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "Tag":{ @@ -2197,8 +2187,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2257,8 +2246,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", @@ -2284,8 +2272,7 @@ }, "UpdateApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} } }, "documentation":"Amazon Kinesis Analytics

    Overview

    This documentation is for version 1 of the Amazon Kinesis Data Analytics API, which only supports SQL applications. Version 2 of the API supports SQL and Java applications. For more information about version 2, see Amazon Kinesis Data Analytics API V2 Documentation.

    This is the Amazon Kinesis Analytics v1 API Reference. The Amazon Kinesis Analytics Developer Guide provides additional information.

    " diff -pruN 2.23.6-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/service-2.json 2.31.35-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisanalyticsv2/2018-05-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -324,7 +324,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"Returns information about a specific operation performed on a Managed Service for Apache Flink application" + "documentation":"

    Provides a detailed description of a specified application operation. To see a list of all the operations of an application, invoke the ListApplicationOperations operation.

    This operation is supported only for Managed Service for Apache Flink.

    " }, "DescribeApplicationSnapshot":{ "name":"DescribeApplicationSnapshot", @@ -387,7 +387,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"Lists information about operations performed on a Managed Service for Apache Flink application" + "documentation":"

    Lists all the operations performed for the specified application such as UpdateApplication, StartApplication etc. The response also includes a summary of the operation.

    To get the complete description of a specific operation, invoke the DescribeApplicationOperation operation.

    This operation is supported only for Managed Service for Apache Flink.

    " }, "ListApplicationSnapshots":{ "name":"ListApplicationSnapshots", @@ -614,7 +614,7 @@ }, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking AddApplicationCloudWatchLoggingOption request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -825,7 +825,7 @@ }, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking AddApplicationVpcConfiguration request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -896,7 +896,10 @@ "shape":"ApplicationSnapshotConfiguration", "documentation":"

    Describes whether snapshots are enabled for a Managed Service for Apache Flink application.

    " }, - "ApplicationSystemRollbackConfiguration":{"shape":"ApplicationSystemRollbackConfiguration"}, + "ApplicationSystemRollbackConfiguration":{ + "shape":"ApplicationSystemRollbackConfiguration", + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " + }, "VpcConfigurations":{ "shape":"VpcConfigurations", "documentation":"

    The array of descriptions of VPC configurations available to the application.

    " @@ -904,6 +907,10 @@ "ZeppelinApplicationConfiguration":{ "shape":"ZeppelinApplicationConfiguration", "documentation":"

    The configuration parameters for a Managed Service for Apache Flink Studio notebook.

    " + }, + "ApplicationEncryptionConfiguration":{ + "shape":"ApplicationEncryptionConfiguration", + "documentation":"

    The configuration to manage encryption at rest.

    " } }, "documentation":"

    Specifies the creation parameters for a Managed Service for Apache Flink application.

    " @@ -935,7 +942,10 @@ "shape":"ApplicationSnapshotConfigurationDescription", "documentation":"

    Describes whether snapshots are enabled for a Managed Service for Apache Flink application.

    " }, - "ApplicationSystemRollbackConfigurationDescription":{"shape":"ApplicationSystemRollbackConfigurationDescription"}, + "ApplicationSystemRollbackConfigurationDescription":{ + "shape":"ApplicationSystemRollbackConfigurationDescription", + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " + }, "VpcConfigurationDescriptions":{ "shape":"VpcConfigurationDescriptions", "documentation":"

    The array of descriptions of VPC configurations available to the application.

    " @@ -943,6 +953,10 @@ "ZeppelinApplicationConfigurationDescription":{ "shape":"ZeppelinApplicationConfigurationDescription", "documentation":"

    The configuration parameters for a Managed Service for Apache Flink Studio notebook.

    " + }, + "ApplicationEncryptionConfigurationDescription":{ + "shape":"ApplicationEncryptionConfigurationDescription", + "documentation":"

    Describes the encryption at rest configuration.

    " } }, "documentation":"

    Describes details about the application code and starting parameters for a Managed Service for Apache Flink application.

    " @@ -970,7 +984,10 @@ "shape":"ApplicationSnapshotConfigurationUpdate", "documentation":"

    Describes whether snapshots are enabled for a Managed Service for Apache Flink application.

    " }, - "ApplicationSystemRollbackConfigurationUpdate":{"shape":"ApplicationSystemRollbackConfigurationUpdate"}, + "ApplicationSystemRollbackConfigurationUpdate":{ + "shape":"ApplicationSystemRollbackConfigurationUpdate", + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " + }, "VpcConfigurationUpdates":{ "shape":"VpcConfigurationUpdates", "documentation":"

    Updates to the array of descriptions of VPC configurations available to the application.

    " @@ -978,6 +995,10 @@ "ZeppelinApplicationConfigurationUpdate":{ "shape":"ZeppelinApplicationConfigurationUpdate", "documentation":"

    Updates to the configuration of a Managed Service for Apache Flink Studio notebook.

    " + }, + "ApplicationEncryptionConfigurationUpdate":{ + "shape":"ApplicationEncryptionConfigurationUpdate", + "documentation":"

    Represents an update for encryption at rest configuration.

    " } }, "documentation":"

    Describes updates to an application's configuration.

    " @@ -1055,7 +1076,7 @@ }, "ApplicationVersionCreateTimestamp":{ "shape":"Timestamp", - "documentation":"The current timestamp when the application version was created." + "documentation":"

    The timestamp that indicates when the application version was created.

    " }, "ConditionalToken":{ "shape":"ConditionalToken", @@ -1072,6 +1093,51 @@ }, "documentation":"

    Describes the application, including the application Amazon Resource Name (ARN), status, latest version, and input and output configurations.

    " }, + "ApplicationEncryptionConfiguration":{ + "type":"structure", + "required":["KeyType"], + "members":{ + "KeyId":{ + "shape":"KeyId", + "documentation":"

    The key ARN, key ID, alias ARN, or alias name of the KMS key used for encryption at rest.

    " + }, + "KeyType":{ + "shape":"KeyType", + "documentation":"

    Specifies the type of key used for encryption at rest.

    " + } + }, + "documentation":"

    Specifies the configuration to manage encryption at rest.

    " + }, + "ApplicationEncryptionConfigurationDescription":{ + "type":"structure", + "required":["KeyType"], + "members":{ + "KeyId":{ + "shape":"KeyId", + "documentation":"

    The key ARN, key ID, alias ARN, or alias name of the KMS key used for encryption at rest.

    " + }, + "KeyType":{ + "shape":"KeyType", + "documentation":"

    Specifies the type of key used for encryption at rest.

    " + } + }, + "documentation":"

    Describes the encryption at rest configuration.

    " + }, + "ApplicationEncryptionConfigurationUpdate":{ + "type":"structure", + "required":["KeyTypeUpdate"], + "members":{ + "KeyIdUpdate":{ + "shape":"KeyId", + "documentation":"

    The key ARN, key ID, alias ARN, or alias name of the KMS key to be used for encryption at rest.

    " + }, + "KeyTypeUpdate":{ + "shape":"KeyType", + "documentation":"

    Specifies the type of key to be used for encryption at rest.

    " + } + }, + "documentation":"

    Describes configuration updates to encryption at rest.

    " + }, "ApplicationMaintenanceConfigurationDescription":{ "type":"structure", "required":[ @@ -1122,7 +1188,7 @@ }, "ApplicationName":{ "type":"string", - "documentation":"The name of the application", + "documentation":"

    The name of the application.

    ", "max":128, "min":1, "pattern":"[a-zA-Z0-9_.-]+" @@ -1134,15 +1200,15 @@ "OperationId":{"shape":"OperationId"}, "StartTime":{ "shape":"Timestamp", - "documentation":"The timestamp at which the operation was created" + "documentation":"

    The timestamp that indicates when the operation was created.

    " }, "EndTime":{ "shape":"Timestamp", - "documentation":"The timestamp at which the operation finished for the application" + "documentation":"

    The timestamp that indicates when the operation finished.

    " }, "OperationStatus":{"shape":"OperationStatus"} }, - "documentation":"Provides a description of the operation, such as the type and status of operation" + "documentation":"

    A description of the aplication operation that provides information about the updates that were made to the application.

    " }, "ApplicationOperationInfoDetails":{ "type":"structure", @@ -1156,22 +1222,22 @@ "Operation":{"shape":"Operation"}, "StartTime":{ "shape":"Timestamp", - "documentation":"The timestamp at which the operation was created" + "documentation":"

    The timestamp that indicates when the operation was created.

    " }, "EndTime":{ "shape":"Timestamp", - "documentation":"The timestamp at which the operation finished for the application" + "documentation":"

    The timestamp that indicates when the operation finished.

    " }, "OperationStatus":{"shape":"OperationStatus"}, "ApplicationVersionChangeDetails":{"shape":"ApplicationVersionChangeDetails"}, "OperationFailureDetails":{"shape":"OperationFailureDetails"} }, - "documentation":"Provides a description of the operation, such as the operation-type and status" + "documentation":"

    A description of the application operation that provides information about the updates that were made to the application.

    " }, "ApplicationOperationInfoList":{ "type":"list", "member":{"shape":"ApplicationOperationInfo"}, - "documentation":"List of ApplicationOperationInfo for an application" + "documentation":"

    A list of ApplicationOperationInfo objects that are associated with an application.

    " }, "ApplicationRestoreConfiguration":{ "type":"structure", @@ -1292,10 +1358,10 @@ "members":{ "RollbackEnabled":{ "shape":"BooleanObject", - "documentation":"Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application" + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " } }, - "documentation":"Describes system rollback configuration for a Managed Service for Apache Flink application" + "documentation":"

    Describes the system rollback configuration for a Managed Service for Apache Flink application.

    " }, "ApplicationSystemRollbackConfigurationDescription":{ "type":"structure", @@ -1303,10 +1369,10 @@ "members":{ "RollbackEnabled":{ "shape":"BooleanObject", - "documentation":"Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application" + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " } }, - "documentation":"Describes system rollback configuration for a Managed Service for Apache Flink application" + "documentation":"

    Describes the system rollback configuration for a Managed Service for Apache Flink application.

    " }, "ApplicationSystemRollbackConfigurationUpdate":{ "type":"structure", @@ -1314,10 +1380,10 @@ "members":{ "RollbackEnabledUpdate":{ "shape":"BooleanObject", - "documentation":"Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application" + "documentation":"

    Describes whether system rollbacks are enabled for a Managed Service for Apache Flink application.

    " } }, - "documentation":"Describes system rollback configuration for a Managed Service for Apache Flink application" + "documentation":"

    Describes the system rollback configuration for a Managed Service for Apache Flink application.

    " }, "ApplicationVersionChangeDetails":{ "type":"structure", @@ -1328,14 +1394,14 @@ "members":{ "ApplicationVersionUpdatedFrom":{ "shape":"ApplicationVersionId", - "documentation":"The operation was performed on this version of the application" + "documentation":"

    The new version that the application was updated to.

    " }, "ApplicationVersionUpdatedTo":{ "shape":"ApplicationVersionId", - "documentation":"The operation execution resulted in the transition to the following version of the application" + "documentation":"

    The version that the operation execution applied to the applicartion.

    " } }, - "documentation":"Contains information about the application version changes due to an operation" + "documentation":"

    Contains information about the version changes that the operation applied to the application.

    " }, "ApplicationVersionId":{ "type":"long", @@ -1458,10 +1524,10 @@ }, "MinPauseBetweenCheckpoints":{ "shape":"MinPauseBetweenCheckpoints", - "documentation":"

    Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start. If a checkpoint operation takes longer than the CheckpointInterval, the application otherwise performs continual checkpoint operations. For more information, see Tuning Checkpointing in the Apache Flink Documentation.

    If CheckpointConfiguration.ConfigurationType is DEFAULT, the application will use a MinPauseBetweenCheckpoints value of 5000, even if this value is set using this API or in application code.

    " + "documentation":"

    Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start. If a checkpoint operation takes longer than the CheckpointInterval, the application otherwise performs continual checkpoint operations. For more information, see Tuning Checkpointing in the Apache Flink Documentation.

    If CheckpointConfiguration.ConfigurationType is DEFAULT, the application will use a MinPauseBetweenCheckpoints value of 5000, even if this value is set using this API or in application code.

    " } }, - "documentation":"

    Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation.

    " + "documentation":"

    Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation.

    " }, "CheckpointConfigurationDescription":{ "type":"structure", @@ -1773,8 +1839,7 @@ }, "CreateApplicationSnapshotResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomArtifactConfiguration":{ "type":"structure", @@ -1865,7 +1930,7 @@ }, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking DeleteApplicationCloudWatchLoggingOption request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -1993,8 +2058,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationSnapshotRequest":{ "type":"structure", @@ -2020,8 +2084,7 @@ }, "DeleteApplicationSnapshotResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationVpcConfigurationRequest":{ "type":"structure", @@ -2061,7 +2124,7 @@ }, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking DeleteApplicationVpcConfiguration request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -2107,14 +2170,14 @@ "ApplicationName":{"shape":"ApplicationName"}, "OperationId":{"shape":"OperationId"} }, - "documentation":"Request for information about a specific operation performed on a Managed Service for Apache Flink application" + "documentation":"

    A request for information about a specific operation that was performed on a Managed Service for Apache Flink application.

    " }, "DescribeApplicationOperationResponse":{ "type":"structure", "members":{ "ApplicationOperationInfoDetails":{"shape":"ApplicationOperationInfoDetails"} }, - "documentation":"Provides details of the operation corresponding to the operation-ID on a Managed Service for Apache Flink application" + "documentation":"

    Provides details of the operation that corresponds to the operation ID on a Managed Service for Apache Flink application.

    " }, "DescribeApplicationRequest":{ "type":"structure", @@ -2285,12 +2348,12 @@ "members":{ "ErrorString":{"shape":"ErrorString"} }, - "documentation":"Provides a description of the operation failure error" + "documentation":"

    A description of the error that caused an operation to fail.

    " }, "ErrorMessage":{"type":"string"}, "ErrorString":{ "type":"string", - "documentation":"Error message resulting in failure of the operation", + "documentation":"

    An error message that is returned when an operation fails.

    ", "max":512, "min":1 }, @@ -2304,7 +2367,7 @@ "members":{ "CheckpointConfiguration":{ "shape":"CheckpointConfiguration", - "documentation":"

    Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation.

    " + "documentation":"

    Describes an application's checkpointing configuration. Checkpointing is the process of persisting application state for fault tolerance. For more information, see Checkpoints for Fault Tolerance in the Apache Flink Documentation.

    " }, "MonitoringConfiguration":{ "shape":"MonitoringConfiguration", @@ -2334,7 +2397,7 @@ }, "JobPlanDescription":{ "shape":"JobPlanDescription", - "documentation":"

    The job plan for an application. For more information about the job plan, see Jobs and Scheduling in the Apache Flink Documentation. To retrieve the job plan for the application, use the DescribeApplicationRequest$IncludeAdditionalDetails parameter of the DescribeApplication operation.

    " + "documentation":"

    The job plan for an application. For more information about the job plan, see Jobs and Scheduling in the Apache Flink Documentation. To retrieve the job plan for the application, use the DescribeApplicationRequest$IncludeAdditionalDetails parameter of the DescribeApplication operation.

    " } }, "documentation":"

    Describes configuration parameters for a Managed Service for Apache Flink application.

    " @@ -2362,7 +2425,7 @@ "members":{ "AllowNonRestoredState":{ "shape":"BooleanObject", - "documentation":"

    When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. This will happen if the program is updated between snapshots to remove stateful parameters, and state data in the snapshot no longer corresponds to valid application data. For more information, see Allowing Non-Restored State in the Apache Flink documentation.

    This value defaults to false. If you update your application without specifying this parameter, AllowNonRestoredState will be set to false, even if it was previously set to true.

    " + "documentation":"

    When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. This will happen if the program is updated between snapshots to remove stateful parameters, and state data in the snapshot no longer corresponds to valid application data. For more information, see Allowing Non-Restored State in the Apache Flink documentation.

    This value defaults to false. If you update your application without specifying this parameter, AllowNonRestoredState will be set to false, even if it was previously set to true.

    " } }, "documentation":"

    Describes the starting parameters for a Managed Service for Apache Flink application.

    " @@ -2711,6 +2774,18 @@ "documentation":"

    For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.

    " }, "JobPlanDescription":{"type":"string"}, + "KeyId":{ + "type":"string", + "max":2048, + "min":1 + }, + "KeyType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KEY", + "CUSTOMER_MANAGED_KEY" + ] + }, "KinesisAnalyticsARN":{ "type":"string", "max":2048, @@ -2912,7 +2987,7 @@ }, "ListApplicationOperationsInputLimit":{ "type":"integer", - "documentation":"Limit on the number of records returned in the response", + "documentation":"

    The limit on the number of records to be returned in the response.

    ", "max":50, "min":1 }, @@ -2926,7 +3001,7 @@ "Operation":{"shape":"Operation"}, "OperationStatus":{"shape":"OperationStatus"} }, - "documentation":"Request to list operations performed on an application" + "documentation":"

    A request for a list of operations performed on an application.

    " }, "ListApplicationOperationsResponse":{ "type":"structure", @@ -2934,7 +3009,7 @@ "ApplicationOperationInfoList":{"shape":"ApplicationOperationInfoList"}, "NextToken":{"shape":"NextToken"} }, - "documentation":"Response with the list of operations for an application" + "documentation":"

    A response that returns a list of operations for an application.

    " }, "ListApplicationSnapshotsRequest":{ "type":"structure", @@ -3199,7 +3274,7 @@ }, "NextToken":{ "type":"string", - "documentation":"If a previous command returned a pagination token, pass it into this value to retrieve the next set of results", + "documentation":"

    A pagination token that can be used in a subsequent request.

    ", "max":512, "min":1 }, @@ -3210,7 +3285,7 @@ }, "Operation":{ "type":"string", - "documentation":"Type of operation performed on an application", + "documentation":"

    The type of operation that is performed on an application.

    ", "max":64, "min":1 }, @@ -3219,21 +3294,21 @@ "members":{ "RollbackOperationId":{ "shape":"OperationId", - "documentation":"Provides the operation ID of a system-rollback operation executed due to failure in the current operation" + "documentation":"

    The rollback operation ID of the system-rollback operation that executed due to failure in the current operation.

    " }, "ErrorInfo":{"shape":"ErrorInfo"} }, - "documentation":"Provides a description of the operation failure" + "documentation":"

    Provides a description of the operation failure.

    " }, "OperationId":{ "type":"string", - "documentation":"Identifier of the Operation", + "documentation":"

    The operation ID of the request.

    ", "max":64, "min":1 }, "OperationStatus":{ "type":"string", - "documentation":"Status of the operation performed on an application", + "documentation":"

    The status of the operation.

    ", "enum":[ "IN_PROGRESS", "CANCELLED", @@ -3358,7 +3433,7 @@ }, "Parallelism":{ "shape":"Parallelism", - "documentation":"

    Describes the initial number of parallel tasks that a Managed Service for Apache Flink application can perform. If AutoScalingEnabled is set to True, Managed Service for Apache Flink increases the CurrentParallelism value in response to application load. The service can increase the CurrentParallelism value up to the maximum parallelism, which is ParalellismPerKPU times the maximum KPUs for the application. The maximum KPUs for an application is 32 by default, and can be increased by requesting a limit increase. If application load is reduced, the service can reduce the CurrentParallelism value down to the Parallelism setting.

    " + "documentation":"

    Describes the initial number of parallel tasks that a Managed Service for Apache Flink application can perform. If AutoScalingEnabled is set to True, Managed Service for Apache Flink increases the CurrentParallelism value in response to application load. The service can increase the CurrentParallelism value up to the maximum parallelism, which is ParalellismPerKPU times the maximum KPUs for the application. The maximum KPUs for an application is 64 by default, and can be increased by requesting a limit increase. If application load is reduced, the service can reduce the CurrentParallelism value down to the Parallelism setting.

    " }, "ParallelismPerKPU":{ "shape":"ParallelismPerKPU", @@ -3369,7 +3444,7 @@ "documentation":"

    Describes whether the Managed Service for Apache Flink service can increase the parallelism of the application in response to increased throughput.

    " } }, - "documentation":"

    Describes parameters for how a Managed Service for Apache Flink application executes multiple tasks simultaneously. For more information about parallelism, see Parallel Execution in the Apache Flink Documentation.

    " + "documentation":"

    Describes parameters for how a Managed Service for Apache Flink application executes multiple tasks simultaneously. For more information about parallelism, see Parallel Execution in the Apache Flink Documentation.

    " }, "ParallelismConfigurationDescription":{ "type":"structure", @@ -3380,7 +3455,7 @@ }, "Parallelism":{ "shape":"Parallelism", - "documentation":"

    Describes the initial number of parallel tasks that a Managed Service for Apache Flink application can perform. If AutoScalingEnabled is set to True, then Managed Service for Apache Flink can increase the CurrentParallelism value in response to application load. The service can increase CurrentParallelism up to the maximum parallelism, which is ParalellismPerKPU times the maximum KPUs for the application. The maximum KPUs for an application is 32 by default, and can be increased by requesting a limit increase. If application load is reduced, the service can reduce the CurrentParallelism value down to the Parallelism setting.

    " + "documentation":"

    Describes the initial number of parallel tasks that a Managed Service for Apache Flink application can perform. If AutoScalingEnabled is set to True, then Managed Service for Apache Flink can increase the CurrentParallelism value in response to application load. The service can increase CurrentParallelism up to the maximum parallelism, which is ParalellismPerKPU times the maximum KPUs for the application. The maximum KPUs for an application is 64 by default, and can be increased by requesting a limit increase. If application load is reduced, the service can reduce the CurrentParallelism value down to the Parallelism setting.

    " }, "ParallelismPerKPU":{ "shape":"ParallelismPerKPU", @@ -3714,7 +3789,7 @@ "ApplicationDetail":{"shape":"ApplicationDetail"}, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking RollbackApplication request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -4000,6 +4075,10 @@ "RuntimeEnvironment":{ "shape":"RuntimeEnvironment", "documentation":"

    The Flink Runtime for the application snapshot.

    " + }, + "ApplicationEncryptionConfigurationDescription":{ + "shape":"ApplicationEncryptionConfigurationDescription", + "documentation":"

    Specifies the encryption settings of data at rest for the application snapshot.

    " } }, "documentation":"

    Provides details about a snapshot of application state.

    " @@ -4140,7 +4219,7 @@ "members":{ "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking StartApplication request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -4163,7 +4242,7 @@ "members":{ "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking StopApplication request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, @@ -4219,8 +4298,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4290,8 +4368,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationMaintenanceConfigurationRequest":{ "type":"structure", @@ -4371,7 +4448,7 @@ }, "OperationId":{ "shape":"OperationId", - "documentation":"Operation ID for tracking UpdateApplication request" + "documentation":"

    The operation ID that can be used to track the request.

    " } } }, diff -pruN 2.23.6-1/awscli/botocore/data/kinesisvideo/2017-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kinesisvideo/2017-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kinesisvideo/2017-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisvideo/2017-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kinesisvideo/2017-09-30/service-2.json 2.31.35-1/awscli/botocore/data/kinesisvideo/2017-09-30/service-2.json --- 2.23.6-1/awscli/botocore/data/kinesisvideo/2017-09-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kinesisvideo/2017-09-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2017-09-30", "endpointPrefix":"kinesisvideo", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Kinesis Video", "serviceFullName":"Amazon Kinesis Video Streams", "serviceId":"Kinesis Video", "signatureVersion":"v4", - "uid":"kinesisvideo-2017-09-30" + "uid":"kinesisvideo-2017-09-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateSignalingChannel":{ @@ -755,8 +757,7 @@ }, "DeleteEdgeConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSignalingChannelInput":{ "type":"structure", @@ -774,8 +775,7 @@ }, "DeleteSignalingChannelOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStreamInput":{ "type":"structure", @@ -793,8 +793,7 @@ }, "DeleteStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletionConfig":{ "type":"structure", @@ -2018,8 +2017,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagStreamInput":{ "type":"structure", @@ -2041,8 +2039,7 @@ }, "TagStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2080,8 +2077,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UntagStreamInput":{ "type":"structure", @@ -2103,8 +2099,7 @@ }, "UntagStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDataRetentionInput":{ "type":"structure", @@ -2145,8 +2140,7 @@ }, "UpdateDataRetentionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateImageGenerationConfigurationInput":{ "type":"structure", @@ -2167,8 +2161,7 @@ }, "UpdateImageGenerationConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMediaStorageConfigurationInput":{ "type":"structure", @@ -2189,8 +2182,7 @@ }, "UpdateMediaStorageConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotificationConfigurationInput":{ "type":"structure", @@ -2211,8 +2203,7 @@ }, "UpdateNotificationConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSignalingChannelInput":{ "type":"structure", @@ -2237,8 +2228,7 @@ }, "UpdateSignalingChannelOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStreamInput":{ "type":"structure", @@ -2268,8 +2258,7 @@ }, "UpdateStreamOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UploaderConfig":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/kms/2014-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/kms/2014-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/kms/2014-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kms/2014-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/kms/2014-11-01/service-2.json 2.31.35-1/awscli/botocore/data/kms/2014-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/kms/2014-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/kms/2014-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is Disabled. To enable the KMS key, use EnableKey.

    For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:CancelKeyDeletion (key policy)

    Related operations: ScheduleKeyDeletion

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is Disabled. To enable the KMS key, use EnableKey.

    For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:CancelKeyDeletion (key policy)

    Related operations: ScheduleKeyDeletion

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ConnectCustomKeyStore":{ "name":"ConnectCustomKeyStore", @@ -47,7 +47,7 @@ {"shape":"KMSInternalException"}, {"shape":"CloudHsmClusterInvalidConfigurationException"} ], - "documentation":"

    Connects or reconnects a custom key store to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore connects the key store to its associated CloudHSM cluster. For an external key store, ConnectCustomKeyStore connects the key store to the external key store proxy that communicates with your external key manager.

    The custom key store must be connected before you can create KMS keys in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key store at any time.

    The connection process for a custom key store can take an extended amount of time to complete. This operation starts the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the custom key store is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.

    To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use ConnectCustomKeyStore again.

    CloudHSM key store

    During the connection process for an CloudHSM key store, KMS finds the CloudHSM cluster that is associated with the custom key store, creates the connection infrastructure, connects to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its password.

    To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs to the cluster, use the CreateHsm operation. Also, the kmsuser crypto user (CU) must not be logged into the cluster. This prevents KMS from using this account to log in.

    If you are having trouble connecting or disconnecting a CloudHSM key store, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.

    External key store

    When you connect an external key store that uses public endpoint connectivity, KMS tests its ability to communicate with your external key manager by sending a request via the external key store proxy.

    When you connect to an external key store that uses VPC endpoint service connectivity, KMS establishes the networking elements that it needs to communicate with your external key manager via the external key store proxy. This includes creating an interface endpoint to the VPC endpoint service and a private hosted zone for traffic between KMS and the VPC endpoint service.

    To connect an external key store, KMS must be able to connect to the external key store proxy, the external key store proxy must be able to communicate with your external key manager, and the external key manager must be available for cryptographic operations.

    If you are having trouble connecting or disconnecting an external key store, see Troubleshooting an external key store in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:ConnectCustomKeyStore (IAM policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Connects or reconnects a custom key store to its backing key store. For an CloudHSM key store, ConnectCustomKeyStore connects the key store to its associated CloudHSM cluster. For an external key store, ConnectCustomKeyStore connects the key store to the external key store proxy that communicates with your external key manager.

    The custom key store must be connected before you can create KMS keys in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key store at any time.

    The connection process for a custom key store can take an extended amount of time to complete. This operation starts the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the custom key store is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.

    To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use ConnectCustomKeyStore again.

    CloudHSM key store

    During the connection process for an CloudHSM key store, KMS finds the CloudHSM cluster that is associated with the custom key store, creates the connection infrastructure, connects to the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its password.

    To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs to the cluster, use the CreateHsm operation. Also, the kmsuser crypto user (CU) must not be logged into the cluster. This prevents KMS from using this account to log in.

    If you are having trouble connecting or disconnecting a CloudHSM key store, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.

    External key store

    When you connect an external key store that uses public endpoint connectivity, KMS tests its ability to communicate with your external key manager by sending a request via the external key store proxy.

    When you connect to an external key store that uses VPC endpoint service connectivity, KMS establishes the networking elements that it needs to communicate with your external key manager via the external key store proxy. This includes creating an interface endpoint to the VPC endpoint service and a private hosted zone for traffic between KMS and the VPC endpoint service.

    To connect an external key store, KMS must be able to connect to the external key store proxy, the external key store proxy must be able to communicate with your external key manager, and the external key manager must be available for cryptographic operations.

    If you are having trouble connecting or disconnecting an external key store, see Troubleshooting an external key store in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:ConnectCustomKeyStore (IAM policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "CreateAlias":{ "name":"CreateAlias", @@ -65,7 +65,7 @@ {"shape":"LimitExceededException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Creates a friendly name for a KMS key.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and GenerateDataKey. You can also change the KMS key that's associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. These operations don't affect the underlying KMS key.

    You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.

    The alias must be unique in the account and Region, but you can have aliases with the same name in different Regions. For detailed information about aliases, see Using aliases in the Key Management Service Developer Guide.

    This operation does not return a response. To get the alias that you created, use the ListAliases operation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Creates a friendly name for a KMS key.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and GenerateDataKey. You can also change the KMS key that's associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. These operations don't affect the underlying KMS key.

    You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.

    The alias must be unique in the account and Region, but you can have aliases with the same name in different Regions. For detailed information about aliases, see Aliases in KMS in the Key Management Service Developer Guide.

    This operation does not return a response. To get the alias that you created, use the ListAliases operation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "CreateCustomKeyStore":{ "name":"CreateCustomKeyStore", @@ -94,7 +94,7 @@ {"shape":"XksProxyInvalidResponseException"}, {"shape":"XksProxyInvalidConfigurationException"} ], - "documentation":"

    Creates a custom key store backed by a key store that you own and manage. When you use a KMS key in a custom key store for a cryptographic operation, the cryptographic operation is actually performed in your key store using your keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key store proxy and external key manager outside of Amazon Web Services.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    Before you create the custom key store, the required elements must be in place and operational. We recommend that you use the test tools that KMS provides to verify the configuration your external key store proxy. For details about the required elements and verification tests, see Assemble the prerequisites (for CloudHSM key stores) or Assemble the prerequisites (for external key stores) in the Key Management Service Developer Guide.

    To create a custom key store, use the following parameters.

    • To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter is optional for CloudHSM key stores. If you include it, set it to the default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.

    • To create an external key store, specify the CustomKeyStoreName and a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the XksProxyVpcEndpointServiceName parameter. For help with failures, see Troubleshooting an external key store in the Key Management Service Developer Guide.

    For external key stores:

    Some external key managers provide a simpler method for creating an external key store. For details, see your external key manager documentation.

    When creating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot use a proxy configuration with the CreateCustomKeyStore operation. However, you can use the values in the file to help you determine the correct values for the CreateCustomKeyStore parameters.

    When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect a new CloudHSM key store to its CloudHSM cluster, or to connect a new external key store to the external key store proxy for your external key manager. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.

    For help with failures, see Troubleshooting a custom key store in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:CreateCustomKeyStore (IAM policy).

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Creates a custom key store backed by a key store that you own and manage. When you use a KMS key in a custom key store for a cryptographic operation, the cryptographic operation is actually performed in your key store using your keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key store proxy and external key manager outside of Amazon Web Services.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    Before you create the custom key store, the required elements must be in place and operational. We recommend that you use the test tools that KMS provides to verify the configuration your external key store proxy. For details about the required elements and verification tests, see Assemble the prerequisites (for CloudHSM key stores) or Assemble the prerequisites (for external key stores) in the Key Management Service Developer Guide.

    To create a custom key store, use the following parameters.

    • To create an CloudHSM key store, specify the CustomKeyStoreName, CloudHsmClusterId, KeyStorePassword, and TrustAnchorCertificate. The CustomKeyStoreType parameter is optional for CloudHSM key stores. If you include it, set it to the default value, AWS_CLOUDHSM. For help with failures, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide.

    • To create an external key store, specify the CustomKeyStoreName and a CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values for XksProxyConnectivity, XksProxyAuthenticationCredential, XksProxyUriEndpoint, and XksProxyUriPath. If your XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify the XksProxyVpcEndpointServiceName parameter. For help with failures, see Troubleshooting an external key store in the Key Management Service Developer Guide.

    For external key stores:

    Some external key managers provide a simpler method for creating an external key store. For details, see your external key manager documentation.

    When creating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot use a proxy configuration with the CreateCustomKeyStore operation. However, you can use the values in the file to help you determine the correct values for the CreateCustomKeyStore parameters.

    When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect a new CloudHSM key store to its CloudHSM cluster, or to connect a new external key store to the external key store proxy for your external key manager. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:CreateCustomKeyStore (IAM policy).

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "CreateGrant":{ "name":"CreateGrant", @@ -115,7 +115,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Adds a grant to a KMS key.

    A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

    The CreateGrant operation returns a GrantToken and a GrantId.

    • When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal can use the permissions in the grant without identifying the grant.

      However, to use the permissions in the grant immediately, use the GrantToken that CreateGrant returns. For details, see Using a grant token in the Key Management Service Developer Guide .

    • The CreateGrant operation also returns a GrantId. You can use the GrantId and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant ID, use the ListGrants or ListRetirableGrants operations.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:CreateGrant (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Adds a grant to a KMS key.

    A grant is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of creating grants in several programming languages, see Use CreateGrant with an Amazon Web Services SDK or CLI.

    The CreateGrant operation returns a GrantToken and a GrantId.

    • When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee principal can use the permissions in the grant without identifying the grant.

      However, to use the permissions in the grant immediately, use the GrantToken that CreateGrant returns. For details, see Using a grant token in the Key Management Service Developer Guide .

    • The CreateGrant operation also returns a GrantId. You can use the GrantId and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant ID, use the ListGrants or ListRetirableGrants operations.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:CreateGrant (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "CreateKey":{ "name":"CreateKey", @@ -140,7 +140,7 @@ {"shape":"XksKeyAlreadyInUseException"}, {"shape":"XksKeyNotFoundException"} ], - "documentation":"

    Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources.

    A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide

    Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties.

    KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    To create different types of KMS keys, use the following guidance:

    Symmetric encryption KMS key

    By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance.

    To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material.

    If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair.

    Asymmetric KMS keys

    To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created.

    Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. Each KMS key can have only one key usage. KMS keys with RSA key pairs can be used to encrypt and decrypt data or sign and verify messages (but not both). KMS keys with NIST-recommended ECC key pairs can be used to sign and verify messages or derive shared secrets (but not both). KMS keys with ECC_SECG_P256K1 can be used only to sign and verify messages. KMS keys with SM2 key pairs (China Regions only) can be used to either encrypt and decrypt data, sign and verify messages, or derive shared secrets (you must choose one key usage type). For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    HMAC KMS key

    To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created.

    HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.

    Multi-Region primary keys
    Imported key material

    To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation.

    You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide .

    You can import key material into KMS keys of all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't import key material into a KMS key in a custom key store.

    To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    Custom key store

    A custom key store lets you protect your Amazon Web Services resources using keys in a backing key store that you own and manage. When you request a cryptographic operation with a KMS key in a custom key store, the operation is performed in the backing key store using its cryptographic keys.

    KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store, KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you specify an existing encryption key in the external key manager.

    Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.

    Before you create a KMS key in a custom key store, the ConnectionState of the key store must be CONNECTED. To connect the custom key store, use the ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores operation.

    To create a KMS key in a custom key store, use the CustomKeyStoreId. Use the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is supported in a custom key store.

    To create a KMS key in an CloudHSM key store, use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region.

    To create a KMS key in an external key store, use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId parameter that identifies an existing external key.

    Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.

    Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account.

    Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources.

    A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state.

    Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties.

    KMS has replaced the term customer master key (CMK) with Key Management Service key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    To create different types of KMS keys, use the following guidance:

    Symmetric encryption KMS key

    By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance.

    To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material.

    If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair.

    Asymmetric KMS keys

    To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created.

    Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, ML-DSA key pair or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. Each KMS key can have only one key usage. KMS keys with RSA key pairs can be used to encrypt and decrypt data or sign and verify messages (but not both). KMS keys with NIST-standard ECC key pairs can be used to sign and verify messages or derive shared secrets (but not both). KMS keys with ECC_SECG_P256K1 can be used only to sign and verify messages. KMS keys with ML-DSA key pairs can be used to sign and verify messages. KMS keys with SM2 key pairs (China Regions only) can be used to either encrypt and decrypt data, sign and verify messages, or derive shared secrets (you must choose one key usage type). For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    HMAC KMS key

    To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created.

    HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.

    Multi-Region primary keys
    Imported key material

    To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation.

    You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide .

    You can import key material into KMS keys of all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't import key material into a KMS key in a custom key store.

    To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material step 1. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    Custom key store

    A custom key store lets you protect your Amazon Web Services resources using keys in a backing key store that you own and manage. When you request a cryptographic operation with a KMS key in a custom key store, the operation is performed in the backing key store using its cryptographic keys.

    KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store, KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you specify an existing encryption key in the external key manager.

    Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.

    Before you create a KMS key in a custom key store, the ConnectionState of the key store must be CONNECTED. To connect the custom key store, use the ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores operation.

    To create a KMS key in a custom key store, use the CustomKeyStoreId. Use the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is supported in a custom key store.

    To create a KMS key in an CloudHSM key store, use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region.

    To create a KMS key in an external key store, use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId parameter that identifies an existing external key.

    Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation.

    Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account.

    Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "Decrypt":{ "name":"Decrypt", @@ -163,7 +163,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:

    You can use this operation to decrypt ciphertext that was encrypted under a symmetric encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt symmetric ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.

    If the ciphertext was encrypted under a symmetric encryption KMS key, the KeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the KMS key is always recommended as a best practice. When you use the KeyId parameter to specify a KMS key, KMS only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the Decrypt operation fails. This practice ensures that you use the KMS key that you intend.

    Whenever possible, use key policies to give users permission to call the Decrypt operation on a particular KMS key, instead of using &IAM; policies. Otherwise, you might create an &IAM; policy that gives the user Decrypt permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy for Decrypt permissions, limit the user to particular KMS keys or particular trusted accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.

    Decrypt also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call Decrypt for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. Instead of the plaintext data, the response includes the plaintext data encrypted with the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. If you use the KeyId parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias ARN of the KMS key.

    Required permissions: kms:Decrypt (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Decrypts ciphertext that was encrypted by a KMS key using any of the following operations:

    You can use this operation to decrypt ciphertext that was encrypted under a symmetric encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt symmetric ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.

    If the ciphertext was encrypted under a symmetric encryption KMS key, the KeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the KMS key is always recommended as a best practice. When you use the KeyId parameter to specify a KMS key, KMS only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the Decrypt operation fails. This practice ensures that you use the KMS key that you intend.

    Whenever possible, use key policies to give users permission to call the Decrypt operation on a particular KMS key, instead of using IAM policies. Otherwise, you might create an IAM policy that gives the user Decrypt permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy for Decrypt permissions, limit the user to particular KMS keys or particular trusted accounts. For details, see Best practices for IAM policies in the Key Management Service Developer Guide.

    Decrypt also supports Amazon Web Services Nitro Enclaves and NitroTPM, which provide attested environments in Amazon EC2. To call Decrypt for a Nitro enclave or NitroTPM, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the attested environment. Instead of the plaintext data, the response includes the plaintext data encrypted with the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. If you use the KeyId parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias ARN of the KMS key.

    Required permissions: kms:Decrypt (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DeleteAlias":{ "name":"DeleteAlias", @@ -178,7 +178,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Deletes the specified alias.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.

    Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.

    Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes the specified alias.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.

    Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.

    Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DeleteCustomKeyStore":{ "name":"DeleteCustomKeyStore", @@ -194,7 +194,7 @@ {"shape":"CustomKeyStoreNotFoundException"}, {"shape":"KMSInternalException"} ], - "documentation":"

    Deletes a custom key store. This operation does not affect any backing elements of the custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key store, or affect any users or keys in the cluster. For an external key store, it does not affect the external key store proxy, external key manager, or any external keys.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    The custom key store that you delete cannot contain any KMS keys. Before deleting the key store, verify that you will never need to use any of the KMS keys in the key store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. After the required waiting period expires and all KMS keys are deleted from the custom key store, use DisconnectCustomKeyStore to disconnect the key store from KMS. Then, you can delete the custom key store.

    For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes a best effort to delete the key material from the associated cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. KMS never creates, manages, or deletes cryptographic keys in the external key manager associated with an external key store. You must manage them using your external key manager tools.

    Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore operation to disconnect the custom key store from its backing key store. While the key store is disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected custom key store at any time.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DeleteCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes a custom key store. This operation does not affect any backing elements of the custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key store, or affect any users or keys in the cluster. For an external key store, it does not affect the external key store proxy, external key manager, or any external keys.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    The custom key store that you delete cannot contain any KMS keys. Before deleting the key store, verify that you will never need to use any of the KMS keys in the key store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the key store. After the required waiting period expires and all KMS keys are deleted from the custom key store, use DisconnectCustomKeyStore to disconnect the key store from KMS. Then, you can delete the custom key store.

    For keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes a best effort to delete the key material from the associated cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. KMS never creates, manages, or deletes cryptographic keys in the external key manager associated with an external key store. You must manage them using your external key manager tools.

    Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore operation to disconnect the custom key store from its backing key store. While the key store is disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected custom key store at any time.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DeleteCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DeleteImportedKeyMaterial":{ "name":"DeleteImportedKeyMaterial", @@ -203,6 +203,7 @@ "requestUri":"/" }, "input":{"shape":"DeleteImportedKeyMaterialRequest"}, + "output":{"shape":"DeleteImportedKeyMaterialResponse"}, "errors":[ {"shape":"InvalidArnException"}, {"shape":"UnsupportedOperationException"}, @@ -211,7 +212,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.

    When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DeleteImportedKeyMaterial (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.

    When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DeleteImportedKeyMaterial (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DeriveSharedSecret":{ "name":"DeriveSharedSecret", @@ -232,7 +233,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Derives a shared secret using a key agreement algorithm.

    You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) KMS key pair with a KeyUsage value of KEY_AGREEMENT to call DeriveSharedSecret.

    DeriveSharedSecret uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive (ECDH) to establish a key agreement between two peers by deriving a shared secret from their elliptic curve public-private key pairs. You can use the raw shared secret that DeriveSharedSecret returns to derive a symmetric key that can encrypt and decrypt data that is sent between the two peers, or that can generate and verify HMACs. KMS recommends that you follow NIST recommendations for key derivation when using the raw shared secret to derive a symmetric key.

    The following workflow demonstrates how to establish key agreement over an insecure communication channel using DeriveSharedSecret.

    1. Alice calls CreateKey to create an asymmetric KMS key pair with a KeyUsage value of KEY_AGREEMENT.

      The asymmetric KMS key must use a NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) key spec.

    2. Bob creates an elliptic curve key pair.

      Bob can call CreateKey to create an asymmetric KMS key pair or generate a key pair outside of KMS. Bob's key pair must use the same NIST-recommended elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice.

    3. Alice and Bob exchange their public keys through an insecure communication channel (like the internet).

      Use GetPublicKey to download the public key of your asymmetric KMS key pair.

      KMS strongly recommends verifying that the public key you receive came from the expected party before using it to derive a shared secret.

    4. Alice calls DeriveSharedSecret.

      KMS uses the private key from the KMS key pair generated in Step 1, Bob's public key, and the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive to derive the shared secret. The private key in your KMS key pair never leaves KMS unencrypted. DeriveSharedSecret returns the raw shared secret.

    5. Bob uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive to calculate the same raw secret using his private key and Alice's public key.

    To derive a shared secret you must provide a key agreement algorithm, the private key of the caller's asymmetric NIST-recommended elliptic curve or SM2 (China Regions only) KMS key pair, and the public key from your peer's NIST-recommended elliptic curve or SM2 (China Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a key pair generated outside of KMS, but both key pairs must be on the same elliptic curve.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:DeriveSharedSecret (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Derives a shared secret using a key agreement algorithm.

    You must use an asymmetric NIST-standard elliptic curve (ECC) or SM2 (China Regions only) KMS key pair with a KeyUsage value of KEY_AGREEMENT to call DeriveSharedSecret.

    DeriveSharedSecret uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive (ECDH) to establish a key agreement between two peers by deriving a shared secret from their elliptic curve public-private key pairs. You can use the raw shared secret that DeriveSharedSecret returns to derive a symmetric key that can encrypt and decrypt data that is sent between the two peers, or that can generate and verify HMACs. KMS recommends that you follow NIST recommendations for key derivation when using the raw shared secret to derive a symmetric key.

    The following workflow demonstrates how to establish key agreement over an insecure communication channel using DeriveSharedSecret.

    1. Alice calls CreateKey to create an asymmetric KMS key pair with a KeyUsage value of KEY_AGREEMENT.

      The asymmetric KMS key must use a NIST-standard elliptic curve (ECC) or SM2 (China Regions only) key spec.

    2. Bob creates an elliptic curve key pair.

      Bob can call CreateKey to create an asymmetric KMS key pair or generate a key pair outside of KMS. Bob's key pair must use the same NIST-standard elliptic curve (ECC) or SM2 (China Regions ony) curve as Alice.

    3. Alice and Bob exchange their public keys through an insecure communication channel (like the internet).

      Use GetPublicKey to download the public key of your asymmetric KMS key pair.

      KMS strongly recommends verifying that the public key you receive came from the expected party before using it to derive a shared secret.

    4. Alice calls DeriveSharedSecret.

      KMS uses the private key from the KMS key pair generated in Step 1, Bob's public key, and the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive to derive the shared secret. The private key in your KMS key pair never leaves KMS unencrypted. DeriveSharedSecret returns the raw shared secret.

    5. Bob uses the Elliptic Curve Cryptography Cofactor Diffie-Hellman Primitive to calculate the same raw secret using his private key and Alice's public key.

    To derive a shared secret you must provide a key agreement algorithm, the private key of the caller's asymmetric NIST-standard elliptic curve or SM2 (China Regions only) KMS key pair, and the public key from your peer's NIST-standard elliptic curve or SM2 (China Regions only) key pair. The public key can be from another asymmetric KMS key pair or from a key pair generated outside of KMS, but both key pairs must be on the same elliptic curve.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:DeriveSharedSecret (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DescribeCustomKeyStores":{ "name":"DescribeCustomKeyStores", @@ -247,7 +248,7 @@ {"shape":"InvalidMarkerException"}, {"shape":"KMSInternalException"} ], - "documentation":"

    Gets information about custom key stores in the account and Region.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter (but not both).

    To determine whether the custom key store is connected to its CloudHSM cluster or external key store proxy, use the ConnectionState element in the response. If an attempt to connect the custom key store failed, the ConnectionState value is FAILED and the ConnectionErrorCode element in the response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.

    Custom key stores have a DISCONNECTED connection state if the key store has never been connected or you used the DisconnectCustomKeyStore operation to disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store connection state is CONNECTED but you are having trouble using it, verify that the backing store is active and available. For an CloudHSM key store, verify that the associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any. For an external key store, verify that the external key store proxy and its associated external key manager are reachable and enabled.

    For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help repairing your external key store, see the Troubleshooting external key stores. Both topics are in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DescribeCustomKeyStores (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets information about custom key stores in the account and Region.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter (but not both).

    To determine whether the custom key store is connected to its CloudHSM cluster or external key store proxy, use the ConnectionState element in the response. If an attempt to connect the custom key store failed, the ConnectionState value is FAILED and the ConnectionErrorCode element in the response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.

    Custom key stores have a DISCONNECTED connection state if the key store has never been connected or you used the DisconnectCustomKeyStore operation to disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store connection state is CONNECTED but you are having trouble using it, verify that the backing store is active and available. For an CloudHSM key store, verify that the associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any. For an external key store, verify that the external key store proxy and its associated external key manager are reachable and enabled.

    For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help repairing your external key store, see the Troubleshooting external key stores. Both topics are in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DescribeCustomKeyStores (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DescribeKey":{ "name":"DescribeKey", @@ -263,7 +264,7 @@ {"shape":"DependencyTimeoutException"}, {"shape":"KMSInternalException"} ], - "documentation":"

    Provides detailed information about a KMS key. You can run DescribeKey on a customer managed key or an Amazon Web Services managed key.

    This detailed information includes the key ARN, creation date (and deletion date, if applicable), the key state, and the origin and expiration date (if any) of the key material. It includes fields, like KeySpec, that help you distinguish different types of KMS keys. It also displays the key usage (encryption, signing, or generating and verifying MACs) and the algorithms that the KMS key supports.

    For multi-Region keys, DescribeKey displays the primary key and all related replica keys. For KMS keys in CloudHSM key stores, it includes information about the key store, such as the key store ID and the CloudHSM cluster ID. For KMS keys in external key stores, it includes the custom key store ID and the ID of the external key.

    DescribeKey does not return the following information:

    • Aliases associated with the KMS key. To get this information, use ListAliases.

    • Whether automatic key rotation is enabled on the KMS key. To get this information, use GetKeyRotationStatus. Also, some key states prevent a KMS key from being automatically rotated. For details, see How Automatic Key Rotation Works in the Key Management Service Developer Guide.

    • Tags on the KMS key. To get this information, use ListResourceTags.

    • Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.

    In general, DescribeKey is a non-mutating operation. It returns data about KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to create Amazon Web Services managed keys from a predefined Amazon Web Services alias with no key ID.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:DescribeKey (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Provides detailed information about a KMS key. You can run DescribeKey on a customer managed key or an Amazon Web Services managed key.

    This detailed information includes the key ARN, creation date (and deletion date, if applicable), the key state, and the origin and expiration date (if any) of the key material. It includes fields, like KeySpec, that help you distinguish different types of KMS keys. It also displays the key usage (encryption, signing, or generating and verifying MACs) and the algorithms that the KMS key supports.

    For multi-Region keys, DescribeKey displays the primary key and all related replica keys. For KMS keys in CloudHSM key stores, it includes information about the key store, such as the key store ID and the CloudHSM cluster ID. For KMS keys in external key stores, it includes the custom key store ID and the ID of the external key.

    DescribeKey does not return the following information:

    • Aliases associated with the KMS key. To get this information, use ListAliases.

    • Whether automatic key rotation is enabled on the KMS key. To get this information, use GetKeyRotationStatus. Also, some key states prevent a KMS key from being automatically rotated. For details, see How key rotation works in the Key Management Service Developer Guide.

    • Tags on the KMS key. To get this information, use ListResourceTags.

    • Key policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.

    In general, DescribeKey is a non-mutating operation. It returns data about KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to create Amazon Web Services managed keys from a predefined Amazon Web Services alias with no key ID.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:DescribeKey (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DisableKey":{ "name":"DisableKey", @@ -279,7 +280,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.

    For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DisableKey (key policy)

    Related operations: EnableKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.

    The KMS key that you use for this operation must be in a compatible key state. For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide .

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DisableKey (key policy)

    Related operations: EnableKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DisableKeyRotation":{ "name":"DisableKeyRotation", @@ -297,7 +298,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Disables automatic rotation of the key material of the specified symmetric encryption KMS key.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    You can enable (EnableKeyRotation) and disable automatic rotation of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS keys varies.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DisableKeyRotation (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Disables automatic rotation of the key material of the specified symmetric encryption KMS key.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    You can enable (EnableKeyRotation) and disable automatic rotation of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS keys varies.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:DisableKeyRotation (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "DisconnectCustomKeyStore":{ "name":"DisconnectCustomKeyStore", @@ -312,7 +313,7 @@ {"shape":"CustomKeyStoreNotFoundException"}, {"shape":"KMSInternalException"} ], - "documentation":"

    Disconnects the custom key store from its backing key store. This operation disconnects an CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from the external key store proxy that communicates with your external key manager.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    While a custom key store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any time.

    While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.

    When you disconnect a custom key store, its ConnectionState changes to Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the ConnectCustomKeyStore operation.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DisconnectCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Disconnects the custom key store from its backing key store. This operation disconnects an CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from the external key store proxy that communicates with your external key manager.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    While a custom key store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any time.

    While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.

    When you disconnect a custom key store, its ConnectionState changes to Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the ConnectCustomKeyStore operation.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:DisconnectCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "EnableKey":{ "name":"EnableKey", @@ -329,7 +330,7 @@ {"shape":"LimitExceededException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:EnableKey (key policy)

    Related operations: DisableKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:EnableKey (key policy)

    Related operations: DisableKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "EnableKeyRotation":{ "name":"EnableKeyRotation", @@ -347,7 +348,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Enables automatic rotation of the key material of the specified symmetric encryption KMS key.

    By default, when you enable automatic rotation of a customer managed KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can use the optional RotationPeriodInDays parameter to specify a custom rotation period when you enable key rotation, or you can use RotationPeriodInDays to modify the rotation period of a key that you previously enabled automatic key rotation on.

    You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer managed KMS key, use the DisableKeyRotation operation. You can use the GetKeyRotationStatus operation to identify any in progress rotations. You can use the ListKeyRotations operation to view the details of completed rotations.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    You cannot enable or disable automatic rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days).

    New Amazon Web Services managed keys are automatically rotated one year after they are created, and approximately every year thereafter.

    Existing Amazon Web Services managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:EnableKeyRotation (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Enables automatic rotation of the key material of the specified symmetric encryption KMS key.

    By default, when you enable automatic rotation of a customer managed KMS key, KMS rotates the key material of the KMS key one year (approximately 365 days) from the enable date and every year thereafter. You can use the optional RotationPeriodInDays parameter to specify a custom rotation period when you enable key rotation, or you can use RotationPeriodInDays to modify the rotation period of a key that you previously enabled automatic key rotation on.

    You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer managed KMS key, use the DisableKeyRotation operation. You can use the GetKeyRotationStatus operation to identify any in progress rotations. You can use the ListKeyRotations operation to view the details of completed rotations.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    You cannot enable or disable automatic rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days).

    New Amazon Web Services managed keys are automatically rotated one year after they are created, and approximately every year thereafter.

    Existing Amazon Web Services managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:EnableKeyRotation (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "Encrypt":{ "name":"Encrypt", @@ -368,7 +369,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric or asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT.

    You can use this operation to encrypt small amounts of arbitrary data, such as a personal identifier or database password, or other sensitive information. You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey and GenerateDataKeyPair operations return a plaintext data key and an encrypted copy of that data key.

    If you use a symmetric encryption KMS key, you can use an encryption context to add additional security to your encryption operation. If you specify an EncryptionContext when encrypting data, you must specify the same encryption context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The algorithm must be compatible with the KMS key spec.

    When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.

    You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.

    The maximum size of the data that you can encrypt varies with the type of KMS key and the encryption algorithm that you choose.

    • Symmetric encryption KMS keys

      • SYMMETRIC_DEFAULT: 4096 bytes

    • RSA_2048

      • RSAES_OAEP_SHA_1: 214 bytes

      • RSAES_OAEP_SHA_256: 190 bytes

    • RSA_3072

      • RSAES_OAEP_SHA_1: 342 bytes

      • RSAES_OAEP_SHA_256: 318 bytes

    • RSA_4096

      • RSAES_OAEP_SHA_1: 470 bytes

      • RSAES_OAEP_SHA_256: 446 bytes

    • SM2PKE: 1024 bytes (China Regions only)

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Encrypt (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric or asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT.

    You can use this operation to encrypt small amounts of arbitrary data, such as a personal identifier or database password, or other sensitive information. You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey and GenerateDataKeyPair operations return a plaintext data key and an encrypted copy of that data key.

    If you use a symmetric encryption KMS key, you can use an encryption context to add additional security to your encryption operation. If you specify an EncryptionContext when encrypting data, you must specify the same encryption context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The algorithm must be compatible with the KMS key spec.

    When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.

    You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.

    The maximum size of the data that you can encrypt varies with the type of KMS key and the encryption algorithm that you choose.

    • Symmetric encryption KMS keys

      • SYMMETRIC_DEFAULT: 4096 bytes

    • RSA_2048

      • RSAES_OAEP_SHA_1: 214 bytes

      • RSAES_OAEP_SHA_256: 190 bytes

    • RSA_3072

      • RSAES_OAEP_SHA_1: 342 bytes

      • RSAES_OAEP_SHA_256: 318 bytes

    • RSA_4096

      • RSAES_OAEP_SHA_1: 470 bytes

      • RSAES_OAEP_SHA_256: 446 bytes

    • SM2PKE: 1024 bytes (China Regions only)

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Encrypt (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateDataKey":{ "name":"GenerateDataKey", @@ -389,7 +390,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Returns a unique symmetric data key for use outside of KMS. This operation returns a plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the plaintext key are random; they are not related to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and store the encrypted data key with the encrypted data.

    To generate a data key, specify the symmetric encryption KMS key that will be used to encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the type of your KMS key, use the DescribeKey operation.

    You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.

    To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec value of AES_128 or a NumberOfBytes value of 16. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.

    To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure random byte string, use GenerateRandom.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    GenerateDataKey also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. GenerateDataKey returns a copy of the data key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the data key, the response includes a copy of the data key encrypted under the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    How to use your data key

    We recommend that you use the following pattern to encrypt data locally in your application. You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or Amazon S3 client-side encryption to do these tasks for you.

    To encrypt data outside of KMS:

    1. Use the GenerateDataKey operation to get a data key.

    2. Use the plaintext data key (in the Plaintext field of the response) to encrypt your data outside of KMS. Then erase the plaintext data key from memory.

    3. Store the encrypted data key (in the CiphertextBlob field of the response) with the encrypted data.

    To decrypt data outside of KMS:

    1. Use the Decrypt operation to decrypt the encrypted data key. The operation returns a plaintext copy of the data key.

    2. Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext data key from memory.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKey (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns a unique symmetric data key for use outside of KMS. This operation returns a plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the plaintext key are random; they are not related to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and store the encrypted data key with the encrypted data.

    To generate a data key, specify the symmetric encryption KMS key that will be used to encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the type of your KMS key, use the DescribeKey operation.

    You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.

    To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec value of AES_128 or a NumberOfBytes value of 16. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.

    To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure random byte string, use GenerateRandom.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    GenerateDataKey also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateDataKey for an Amazon Web Services Nitro enclave or NitroTPM, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the attested environment. GenerateDataKey returns a copy of the data key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the data key, the response includes a copy of the data key encrypted under the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    How to use your data key

    We recommend that you use the following pattern to encrypt data locally in your application. You can write your own code or use a client-side encryption library, such as the Amazon Web Services Encryption SDK, the Amazon DynamoDB Encryption Client, or Amazon S3 client-side encryption to do these tasks for you.

    To encrypt data outside of KMS:

    1. Use the GenerateDataKey operation to get a data key.

    2. Use the plaintext data key (in the Plaintext field of the response) to encrypt your data outside of KMS. Then erase the plaintext data key from memory.

    3. Store the encrypted data key (in the CiphertextBlob field of the response) with the encrypted data.

    To decrypt data outside of KMS:

    1. Use the Decrypt operation to decrypt the encrypted data key. The operation returns a plaintext copy of the data key.

    2. Use the plaintext data key to decrypt data outside of KMS, then erase the plaintext data key from memory.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKey (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateDataKeyPair":{ "name":"GenerateDataKeyPair", @@ -411,7 +412,7 @@ {"shape":"UnsupportedOperationException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key, a plaintext private key, and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. You can use the data key pair to perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes in the keys are random; they are not related to the caller or to the KMS key that is used to encrypt the private key.

    You can use the public key that GenerateDataKeyPair returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.

    To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

    Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.

    If you are using the data key pair to encrypt data, or for any operation where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation. GenerateDataKeyPairWithoutPlaintext returns a plaintext public key and an encrypted private key, but omits the plaintext private key that you need only to decrypt ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use the Decrypt operation to decrypt the encrypted private key in the data key pair.

    GenerateDataKeyPair returns a unique data key pair for each request. The bytes in the keys are random; they are not related to the caller or the KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.

    GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair for an Amazon Web Services Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. GenerateDataKeyPair returns the public data key and a copy of the private data key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the private data key (PrivateKeyPlaintext), the response includes a copy of the private data key encrypted under the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyPair (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key, a plaintext private key, and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. You can use the data key pair to perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes in the keys are random; they are not related to the caller or to the KMS key that is used to encrypt the private key.

    You can use the public key that GenerateDataKeyPair returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.

    To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

    Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.

    If you are using the data key pair to encrypt data, or for any operation where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation. GenerateDataKeyPairWithoutPlaintext returns a plaintext public key and an encrypted private key, but omits the plaintext private key that you need only to decrypt ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use the Decrypt operation to decrypt the encrypted private key in the data key pair.

    GenerateDataKeyPair returns a unique data key pair for each request. The bytes in the keys are random; they are not related to the caller or the KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280. The private key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.

    GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateDataKeyPair for an Amazon Web Services Nitro enclave or NitroTPM, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the attested environment. GenerateDataKeyPair returns the public data key and a copy of the private data key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the private data key (PrivateKeyPlaintext), the response includes a copy of the private data key encrypted under the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyPair (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateDataKeyPairWithoutPlaintext":{ "name":"GenerateDataKeyPairWithoutPlaintext", @@ -433,7 +434,7 @@ {"shape":"UnsupportedOperationException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. Unlike GenerateDataKeyPair, this operation does not return a plaintext private key. The bytes in the keys are random; they are not related to the caller or to the KMS key that is used to encrypt the private key.

    You can use the public key that GenerateDataKeyPairWithoutPlaintext returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.

    To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

    Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.

    GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns a unique asymmetric data key pair for use outside of KMS. This operation returns a plaintext public key and a copy of the private key that is encrypted under the symmetric encryption KMS key you specify. Unlike GenerateDataKeyPair, this operation does not return a plaintext private key. The bytes in the keys are random; they are not related to the caller or to the KMS key that is used to encrypt the private key.

    You can use the public key that GenerateDataKeyPairWithoutPlaintext returns to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.

    To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.

    Use the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.

    GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each request. The bytes in the key are not related to the caller or KMS key that is used to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in RFC 5280.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateDataKeyWithoutPlaintext":{ "name":"GenerateDataKeyWithoutPlaintext", @@ -454,7 +455,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Returns a unique symmetric data key for use outside of KMS. This operation returns a data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the key are random; they are not related to the caller or to the KMS key.

    GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the data key.

    This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the Decrypt operation on the encrypted copy of the key.

    It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.

    To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.

    To generate a data key, you must specify the symmetric encryption KMS key that is used to encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the type of your KMS key, use the DescribeKey operation.

    You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.

    To generate an SM4 data key (China Regions only), specify a KeySpec value of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.

    If the operation succeeds, you will find the encrypted copy of the data key in the CiphertextBlob field.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns a unique symmetric data key for use outside of KMS. This operation returns a data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in the key are random; they are not related to the caller or to the KMS key.

    GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the data key.

    This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need to encrypt the data, you call the Decrypt operation on the encrypted copy of the key.

    It's also useful in distributed systems with different levels of trust. For example, you might store encrypted data in containers. One component of your system creates new containers and stores an encrypted data key with each container. Then, a different component puts the data into the containers. That component first decrypts the data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then destroys the plaintext data key. In this system, the component that creates the containers never sees the plaintext data key.

    To request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operations.

    To generate a data key, you must specify the symmetric encryption KMS key that is used to encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the type of your KMS key, use the DescribeKey operation.

    You must also specify the length of the data key. Use either the KeySpec or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use the KeySpec parameter.

    To generate an SM4 data key (China Regions only), specify a KeySpec value of AES_128 or NumberOfBytes value of 16. The symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption key.

    If the operation succeeds, you will find the encrypted copy of the data key in the CiphertextBlob field.

    You can use an optional encryption context to add additional security to the encryption operation. If you specify an EncryptionContext, you must specify the same encryption context (a case-sensitive exact match) when decrypting the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateDataKeyWithoutPlaintext (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateMac":{ "name":"GenerateMac", @@ -474,7 +475,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.

    You can use value that GenerateMac returns in the VerifyMac operation to demonstrate that the original message has not changed. Also, because a secret key is used to create the hash, you can verify that the party that generated the hash has the required secret key. You can also use the raw result to implement HMAC-based algorithms such as key derivation functions. This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide .

    Best practices recommend that you limit the time during which any signing mechanism, including an HMAC, is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. HMAC tags do not include a timestamp, but you can include a timestamp in the token or message to help you detect when its time to refresh the HMAC.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateMac (key policy)

    Related operations: VerifyMac

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.

    You can use value that GenerateMac returns in the VerifyMac operation to demonstrate that the original message has not changed. Also, because a secret key is used to create the hash, you can verify that the party that generated the hash has the required secret key. You can also use the raw result to implement HMAC-based algorithms such as key derivation functions. This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide .

    Best practices recommend that you limit the time during which any signing mechanism, including an HMAC, is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. HMAC tags do not include a timestamp, but you can include a timestamp in the token or message to help you detect when its time to refresh the HMAC.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GenerateMac (key policy)

    Related operations: VerifyMac

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GenerateRandom":{ "name":"GenerateRandom", @@ -491,7 +492,7 @@ {"shape":"CustomKeyStoreNotFoundException"}, {"shape":"CustomKeyStoreInvalidStateException"} ], - "documentation":"

    Returns a random byte string that is cryptographically secure.

    You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.

    By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.

    GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. Instead of plaintext bytes, the response includes the plaintext bytes encrypted under the public key from the attestation document (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    For more information about entropy and random number generation, see Key Management Service Cryptographic Details.

    Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.

    Required permissions: kms:GenerateRandom (IAM policy)

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns a random byte string that is cryptographically secure.

    You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.

    By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.

    GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro enclave or NitroTPM, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the attested environment. Instead of plaintext bytes, the response includes the plaintext bytes encrypted under the public key from the attestation document (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    For more information about entropy and random number generation, see Entropy and random number generation in the Key Management Service Developer Guide.

    Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.

    Required permissions: kms:GenerateRandom (IAM policy)

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GetKeyPolicy":{ "name":"GetKeyPolicy", @@ -508,7 +509,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Gets a key policy attached to the specified KMS key.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:GetKeyPolicy (key policy)

    Related operations: PutKeyPolicy

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets a key policy attached to the specified KMS key.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:GetKeyPolicy (key policy)

    Related operations: PutKeyPolicy

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GetKeyRotationStatus":{ "name":"GetKeyRotationStatus", @@ -526,7 +527,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Provides detailed information about the rotation status for a KMS key, including whether automatic rotation of the key material is enabled for the specified KMS key, the rotation period, and the next scheduled rotation date.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..

    You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The key rotation status for Amazon Web Services managed KMS keys is always true.

    You can perform on-demand (RotateKeyOnDemand) rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation was initiated. You can use ListKeyRotations to view the details of completed rotations.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    • Disabled: The key rotation status does not change when you disable a KMS key. However, while the KMS key is disabled, KMS does not rotate the key material. When you re-enable the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been less than a year since the key material in the re-enabled KMS key was rotated, the KMS key resumes its prior rotation schedule.

    • Pending deletion: While a KMS key is pending deletion, its key rotation status is false and KMS does not rotate the key material. If you cancel the deletion, the original key rotation status returns to true.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:GetKeyRotationStatus (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Provides detailed information about the rotation status for a KMS key, including whether automatic rotation of the key material is enabled for the specified KMS key, the rotation period, and the next scheduled rotation date.

    Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The key rotation status for Amazon Web Services managed KMS keys is always true.

    You can perform on-demand (RotateKeyOnDemand) rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation was initiated. You can use ListKeyRotations to view the details of completed rotations.

    In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    • Disabled: The key rotation status does not change when you disable a KMS key. However, while the KMS key is disabled, KMS does not rotate the key material. When you re-enable the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been less than a year since the key material in the re-enabled KMS key was rotated, the KMS key resumes its prior rotation schedule.

    • Pending deletion: While a KMS key is pending deletion, its key rotation status is false and KMS does not rotate the key material. If you cancel the deletion, the original key rotation status returns to true.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:GetKeyRotationStatus (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GetParametersForImport":{ "name":"GetParametersForImport", @@ -544,7 +545,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Returns the public key and an import token you need to import or reimport key material for a KMS key.

    By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.

    Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.

    GetParametersForImport returns the items that you need to import your key material.

    • The public key (or \"wrapping key\") of an RSA key pair that KMS generates.

      You will use this public key to encrypt (\"wrap\") your key material while it's in transit to KMS.

    • A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.

    The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.

    GetParametersForImport requires the following information:

    • The key ID of the KMS key for which you are importing the key material.

    • The key spec of the public key (\"wrapping key\") that you will use to encrypt your key material during import.

    • The wrapping algorithm that you will use with the public key to encrypt your key material.

    You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:GetParametersForImport (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns the public key and an import token you need to import or reimport key material for a KMS key.

    By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key.

    Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.

    GetParametersForImport returns the items that you need to import your key material.

    • The public key (or \"wrapping key\") of an RSA key pair that KMS generates.

      You will use this public key to encrypt (\"wrap\") your key material while it's in transit to KMS.

    • A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.

    The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.

    GetParametersForImport requires the following information:

    • The key ID of the KMS key for which you are importing the key material.

    • The key spec of the public key (\"wrapping key\") that you will use to encrypt your key material during import.

    • The wrapping algorithm that you will use with the public key to encrypt your key material.

    You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:GetParametersForImport (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "GetPublicKey":{ "name":"GetPublicKey", @@ -566,7 +567,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey permission can download the public key of an asymmetric KMS key. You can share the public key to allow others to encrypt messages and verify signatures outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    You do not need to download the public key. Instead, you can use the public key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the public key within KMS, you benefit from the authentication, authorization, and logging that are part of every KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. These features are not effective outside of KMS.

    To help you use the public key safely outside of KMS, GetPublicKey returns important information about the public key in the response, including:

    • KeySpec: The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.

    • KeyUsage: Whether the key is used for encryption, signing, or deriving a shared secret.

    • EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing algorithms for the key.

    Although KMS cannot enforce these restrictions on external operations, it is crucial that you use this information to prevent the public key from being used improperly. For example, you can prevent a public signing key from being used encrypt data, or prevent a public key from being used with an encryption algorithm that is not supported by KMS. You can also avoid errors, such as using the wrong signing algorithm in a verification operation.

    To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GetPublicKey (key policy)

    Related operations: CreateKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey permission can download the public key of an asymmetric KMS key. You can share the public key to allow others to encrypt messages and verify signatures outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    You do not need to download the public key. Instead, you can use the public key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the public key within KMS, you benefit from the authentication, authorization, and logging that are part of every KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. These features are not effective outside of KMS.

    To help you use the public key safely outside of KMS, GetPublicKey returns important information about the public key in the response, including:

    Although KMS cannot enforce these restrictions on external operations, it is crucial that you use this information to prevent the public key from being used improperly. For example, you can prevent a public signing key from being used encrypt data, or prevent a public key from being used with an encryption algorithm that is not supported by KMS. You can also avoid errors, such as using the wrong signing algorithm in a verification operation.

    To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:GetPublicKey (key policy)

    Related operations: CreateKey

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ImportKeyMaterial":{ "name":"ImportKeyMaterial", @@ -588,7 +589,7 @@ {"shape":"ExpiredImportTokenException"}, {"shape":"InvalidImportTokenException"} ], - "documentation":"

    Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material.

    By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.

    After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.

    Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console.

    Before calling ImportKeyMaterial:

    • Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.

      To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.

    • Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.

      If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.

    • Call the GetParametersForImport operation to get a public key and import token set for importing key material.

    • Use the public key in the GetParametersForImport response to encrypt your key material.

    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:

    • The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.

    • The encrypted key material.

    • The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.

    • Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.

      If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.

    When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations.

    If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ImportKeyMaterial (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Imports or reimports key material into an existing KMS key that was created without key material. You can also use this operation to set or update the expiration model and expiration date of the imported key material.

    By default, KMS creates KMS keys with key material that it generates. You can also generate and import your own key material. For more information about importing key material, see Importing key material.

    For asymmetric, HMAC and multi-Region keys, you cannot change the key material after the initial import. You can import multiple key materials into single-Region, symmetric encryption keys and rotate the key material on demand using RotateKeyOnDemand.

    After you import key material, you can reimport the same key material into that KMS key or, if the key supports on-demand rotation, import new key material. You can use the ImportType parameter to indicate whether you are importing new key material or re-importing previously imported key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.

    Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console.

    Before you call ImportKeyMaterial, complete these steps:

    • Create or identify a KMS key with EXTERNAL origin, which indicates that the KMS key is designed for imported key material.

      To create a new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key agreement key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.

    • Call the GetParametersForImport operation to get a public key and import token set for importing key material.

    • Use the public key in the GetParametersForImport response to encrypt your key material.

    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:

    • The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.

    • The encrypted key material.

    • The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.

    • Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.

      If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.

    When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. For single-Region, symmetric encryption keys, you will need to import all of the key materials associated with the KMS key to change its state to Enabled. Use the ListKeyRotations operation to list the ID and import state of each key material associated with a KMS key.

    If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see Create a KMS key with imported key material in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ImportKeyMaterial (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListAliases":{ "name":"ListAliases", @@ -605,7 +606,7 @@ {"shape":"InvalidArnException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about aliases, see CreateAlias.

    By default, the ListAliases operation returns all aliases in the account and region. To get only the aliases associated with a particular KMS key, use the KeyId parameter.

    The ListAliases response can include aliases that you created and associated with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format aws/<service-name>, such as aws/dynamodb.

    The response might also include aliases that have no TargetKeyId field. These are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against your KMS aliases quota.

    Cross-account use: No. ListAliases does not return aliases in other Amazon Web Services accounts.

    Required permissions: kms:ListAliases (IAM policy)

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about aliases, see CreateAlias.

    By default, the ListAliases operation returns all aliases in the account and region. To get only the aliases associated with a particular KMS key, use the KeyId parameter.

    The ListAliases response can include aliases that you created and associated with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format aws/<service-name>, such as aws/dynamodb.

    The response might also include aliases that have no TargetKeyId field. These are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against your KMS aliases quota.

    Cross-account use: No. ListAliases does not return aliases in other Amazon Web Services accounts.

    Required permissions: kms:ListAliases (IAM policy)

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListGrants":{ "name":"ListGrants", @@ -624,7 +625,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Gets a list of all grants for the specified KMS key.

    You must specify the KMS key in all requests. You can filter the grant list by grant ID or grantee principal.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

    The GranteePrincipal field in the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:ListGrants (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets a list of all grants for the specified KMS key.

    You must specify the KMS key in all requests. You can filter the grant list by grant ID or grantee principal.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of creating grants in several programming languages, see Use CreateGrant with an Amazon Web Services SDK or CLI.

    The GranteePrincipal field in the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:ListGrants (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListKeyPolicies":{ "name":"ListKeyPolicies", @@ -641,7 +642,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Gets the names of the key policies that are attached to a KMS key. This operation is designed to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is default.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeyPolicies (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets the names of the key policies that are attached to a KMS key. This operation is designed to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is default.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeyPolicies (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListKeyRotations":{ "name":"ListKeyRotations", @@ -659,7 +660,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Returns information about all completed key material rotations for the specified KMS key.

    You must specify the KMS key in all requests. You can refine the key rotations list by limiting the number of rotations returned.

    For detailed information about automatic and on-demand key rotations, see Rotating KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeyRotations (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns information about the key materials associated with the specified KMS key. You can use the optional IncludeKeyMaterial parameter to control which key materials are included in the response.

    You must specify the KMS key in all requests. You can refine the key rotations list by limiting the number of rotations returned.

    For detailed information about automatic and on-demand key rotations, see Rotate KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeyRotations (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListKeys":{ "name":"ListKeys", @@ -674,7 +675,7 @@ {"shape":"KMSInternalException"}, {"shape":"InvalidMarkerException"} ], - "documentation":"

    Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeys (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListKeys (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListResourceTags":{ "name":"ListResourceTags", @@ -690,7 +691,7 @@ {"shape":"InvalidArnException"}, {"shape":"InvalidMarkerException"} ], - "documentation":"

    Returns all tags on the specified KMS key.

    For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference. For information about using tags in KMS, see Tagging keys.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListResourceTags (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns all tags on the specified KMS key.

    For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference. For information about using tags in KMS, see Tags in KMS.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ListResourceTags (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ListRetirableGrants":{ "name":"ListRetirableGrants", @@ -707,7 +708,7 @@ {"shape":"NotFoundException"}, {"shape":"KMSInternalException"} ], - "documentation":"

    Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

    You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

    Cross-account use: You must specify a principal in your Amazon Web Services account. This operation returns a list of grants where the retiring principal specified in the ListRetirableGrants request is the same retiring principal on the grant. This can include grants on KMS keys owned by other Amazon Web Services accounts, but you do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.

    Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.

    KMS authorizes ListRetirableGrants requests by evaluating the caller account's kms:ListRetirableGrants permissions. The authorized resource in ListRetirableGrants calls is the retiring principal specified in the request. KMS does not evaluate the caller's permissions to verify their access to any KMS keys or grants that might be returned by the ListRetirableGrants call.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

    You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of creating grants in several programming languages, see Use CreateGrant with an Amazon Web Services SDK or CLI.

    Cross-account use: You must specify a principal in your Amazon Web Services account. This operation returns a list of grants where the retiring principal specified in the ListRetirableGrants request is the same retiring principal on the grant. This can include grants on KMS keys owned by other Amazon Web Services accounts, but you do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.

    Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.

    KMS authorizes ListRetirableGrants requests by evaluating the caller account's kms:ListRetirableGrants permissions. The authorized resource in ListRetirableGrants calls is the retiring principal specified in the request. KMS does not evaluate the caller's permissions to verify their access to any KMS keys or grants that might be returned by the ListRetirableGrants call.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "PutKeyPolicy":{ "name":"PutKeyPolicy", @@ -726,7 +727,7 @@ {"shape":"LimitExceededException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Attaches a key policy to the specified KMS key.

    For more information about key policies, see Key Policies in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide . For examples of adding a key policy in multiple programming languages, see Setting a key policy in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:PutKeyPolicy (key policy)

    Related operations: GetKeyPolicy

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Attaches a key policy to the specified KMS key.

    For more information about key policies, see Key Policies in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide . For examples of adding a key policy in multiple programming languages, see Use PutKeyPolicy with an Amazon Web Services SDK or CLI in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:PutKeyPolicy (key policy)

    Related operations: GetKeyPolicy

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ReEncrypt":{ "name":"ReEncrypt", @@ -749,7 +750,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this operation to change the KMS key under which data is encrypted, such as when you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also use it to reencrypt ciphertext under the same KMS key, such as to change the encryption context of a ciphertext.

    The ReEncrypt operation can decrypt ciphertext that was encrypted by using a KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.

    When you use the ReEncrypt operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.

    • If your ciphertext was encrypted under an asymmetric KMS key, you must use the SourceKeyId parameter to identify the KMS key that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.

    • If your ciphertext was encrypted under a symmetric encryption KMS key, the SourceKeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the source KMS key is always recommended as a best practice. When you use the SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt operation fails. This practice ensures that you use the KMS key that you intend.

    • To reencrypt the data, you must use the DestinationKeyId parameter to specify the KMS key that re-encrypts the data after it is decrypted. If the destination KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the KMS key.

      When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.

      You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than the caller. To specify a KMS key in a different account, you must use its key ARN or alias ARN.

    Required permissions:

    To permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\" permission in your key policy. This permission is automatically included in the key policy when you use the console to create a KMS key. But you must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this operation to change the KMS key under which data is encrypted, such as when you manually rotate a KMS key or change the KMS key that protects a ciphertext. You can also use it to reencrypt ciphertext under the same KMS key, such as to change the encryption context of a ciphertext.

    The ReEncrypt operation can decrypt ciphertext that was encrypted by using a KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext format that is incompatible with KMS.

    When you use the ReEncrypt operation, you need to provide information for the decrypt operation and the subsequent encrypt operation.

    • If your ciphertext was encrypted under an asymmetric KMS key, you must use the SourceKeyId parameter to identify the KMS key that encrypted the ciphertext. You must also supply the encryption algorithm that was used. This information is required to decrypt the data.

    • If your ciphertext was encrypted under a symmetric encryption KMS key, the SourceKeyId parameter is optional. KMS can get this information from metadata that it adds to the symmetric ciphertext blob. This feature adds durability to your implementation by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost track of the key ID. However, specifying the source KMS key is always recommended as a best practice. When you use the SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the ReEncrypt operation fails. This practice ensures that you use the KMS key that you intend.

    • To reencrypt the data, you must use the DestinationKeyId parameter to specify the KMS key that re-encrypts the data after it is decrypted. If the destination KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The algorithm that you choose must be compatible with the KMS key.

      When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.

      You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than the caller. To specify a KMS key in a different account, you must use its key ARN or alias ARN.

    Required permissions:

    To permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\" permission in your key policy. This permission is automatically included in the key policy when you use the console to create a KMS key. But you must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ReplicateKey":{ "name":"ReplicateKey", @@ -771,7 +772,7 @@ {"shape":"TagException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Replicates a multi-Region key into the specified Region. This operation creates a multi-Region replica key based on a multi-Region primary key in a different Region of the same Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a different Region. To create a multi-Region primary key, use the CreateKey operation.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    A replica key is a fully-functional KMS key that can be used independently of its primary and peer replica keys. A primary key and its replica keys share properties that make them interoperable. They have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. KMS automatically synchronizes these shared properties among related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and Key states of KMS keys. KMS pricing and quotas for KMS keys apply to each primary key and replica key.

    When this operation completes, the new replica key has a transient key state of Creating. This key state changes to Enabled (or PendingImport) after a few seconds when the process of creating the new replica key is complete. While the key state is Creating, you can manage key, but you cannot yet use it in cryptographic operations. If you are creating and using the replica key programmatically, retry on KMSInvalidStateException or call DescribeKey to check its KeyState value before using it. For details about the Creating key state, see Key states of KMS keys in the Key Management Service Developer Guide.

    You cannot create more than one replica of a primary key in any Region. If the Region already includes a replica of the key you're trying to replicate, ReplicateKey returns an AlreadyExistsException error. If the key state of the existing replica is PendingDeletion, you can cancel the scheduled key deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica key you create will have the same shared properties as the original replica key.

    The CloudTrail log of a ReplicateKey operation records a ReplicateKey operation in the primary key's Region and a CreateKey operation in the replica key's Region.

    If you replicate a multi-Region primary key with imported key material, the replica key is created with no key material. You must import the same key material that you imported into the primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide.

    To convert a replica key to a primary key, use the UpdatePrimaryRegion operation.

    ReplicateKey uses different default values for the KeyPolicy and Tags parameters than those used in the KMS console. For details, see the parameter descriptions.

    Cross-account use: No. You cannot use this operation to create a replica key in a different Amazon Web Services account.

    Required permissions:

    • kms:ReplicateKey on the primary key (in the primary key's Region). Include this permission in the primary key's key policy.

    • kms:CreateKey in an IAM policy in the replica Region.

    • To use the Tags parameter, kms:TagResource in an IAM policy in the replica Region.

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Replicates a multi-Region key into the specified Region. This operation creates a multi-Region replica key based on a multi-Region primary key in a different Region of the same Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a different Region. To create a multi-Region primary key, use the CreateKey operation.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    A replica key is a fully-functional KMS key that can be used independently of its primary and peer replica keys. A primary key and its replica keys share properties that make them interoperable. They have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. KMS automatically synchronizes these shared properties among related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. KMS pricing and quotas for KMS keys apply to each primary key and replica key.

    When this operation completes, the new replica key has a transient key state of Creating. This key state changes to Enabled (or PendingImport) after a few seconds when the process of creating the new replica key is complete. While the key state is Creating, you can manage key, but you cannot yet use it in cryptographic operations. If you are creating and using the replica key programmatically, retry on KMSInvalidStateException or call DescribeKey to check its KeyState value before using it. For details about the Creating key state, see Key states of KMS keys in the Key Management Service Developer Guide.

    You cannot create more than one replica of a primary key in any Region. If the Region already includes a replica of the key you're trying to replicate, ReplicateKey returns an AlreadyExistsException error. If the key state of the existing replica is PendingDeletion, you can cancel the scheduled key deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica key you create will have the same shared properties as the original replica key.

    The CloudTrail log of a ReplicateKey operation records a ReplicateKey operation in the primary key's Region and a CreateKey operation in the replica key's Region.

    If you replicate a multi-Region primary key with imported key material, the replica key is created with no key material. You must import the same key material that you imported into the primary key.

    To convert a replica key to a primary key, use the UpdatePrimaryRegion operation.

    ReplicateKey uses different default values for the KeyPolicy and Tags parameters than those used in the KMS console. For details, see the parameter descriptions.

    Cross-account use: No. You cannot use this operation to create a replica key in a different Amazon Web Services account.

    Required permissions:

    • kms:ReplicateKey on the primary key (in the primary key's Region). Include this permission in the primary key's key policy.

    • kms:CreateKey in an IAM policy in the replica Region.

    • To use the Tags parameter, kms:TagResource in an IAM policy in the replica Region.

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "RetireGrant":{ "name":"RetireGrant", @@ -790,7 +791,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To identify the grant to retire, use a grant token, or both the grant ID and a key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values.

    This operation can be called by the retiring principal for a grant, by the grantee principal if the grant allows the RetireGrant operation, and by the Amazon Web Services account in which the grant is created. It can also be called by principals to whom permission for retiring a grant is delegated. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

    Cross-account use: Yes. You can retire a grant on a KMS key in a different Amazon Web Services account.

    Required permissions: Permission to retire a grant is determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To identify the grant to retire, use a grant token, or both the grant ID and a key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation returns both values.

    This operation can be called by the retiring principal for a grant, by the grantee principal if the grant allows the RetireGrant operation, and by the Amazon Web Services account in which the grant is created. It can also be called by principals to whom permission for retiring a grant is delegated.

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of creating grants in several programming languages, see Use CreateGrant with an Amazon Web Services SDK or CLI.

    Cross-account use: Yes. You can retire a grant on a KMS key in a different Amazon Web Services account.

    Required permissions: Permission to retire a grant is determined primarily by the grant. For details, see Retiring and revoking grants in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "RevokeGrant":{ "name":"RevokeGrant", @@ -808,7 +809,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Deletes the specified grant. You revoke a grant to terminate the permissions that the grant allows. For more information, see Retiring and revoking grants in the Key Management Service Developer Guide .

    When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in the Key Management Service Developer Guide .

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:RevokeGrant (key policy).

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes the specified grant. You revoke a grant to terminate the permissions that the grant allows. For more information, see Retiring and revoking grants in the Key Management Service Developer Guide .

    When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in the Key Management Service Developer Guide .

    For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of creating grants in several programming languages, see Use CreateGrant with an Amazon Web Services SDK or CLI.

    Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

    Required permissions: kms:RevokeGrant (key policy).

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "RotateKeyOnDemand":{ "name":"RotateKeyOnDemand", @@ -829,7 +830,7 @@ {"shape":"LimitExceededException"}, {"shape":"ConflictException"} ], - "documentation":"

    Immediately initiates rotation of the key material of the specified symmetric encryption KMS key.

    You can perform on-demand rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate, as scheduled, on April 14, 2024 and every 730 days thereafter.

    You can perform on-demand key rotation a maximum of 10 times per KMS key. You can use the KMS console to view the number of remaining on-demand rotations available for a KMS key.

    You can use GetKeyRotationStatus to identify any in progress on-demand rotations. You can use ListKeyRotations to identify the date that completed on-demand rotations were performed. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.

    On-demand key rotation is supported only on symmetric encryption KMS keys. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To perform on-demand rotation of a set of related multi-Region keys, invoke the on-demand rotation on the primary key.

    You cannot initiate on-demand rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:RotateKeyOnDemand (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Immediately initiates rotation of the key material of the specified symmetric encryption KMS key.

    You can perform on-demand rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate, as scheduled, on April 14, 2024 and every 730 days thereafter.

    You can perform on-demand key rotation a maximum of 10 times per KMS key. You can use the KMS console to view the number of remaining on-demand rotations available for a KMS key.

    You can use GetKeyRotationStatus to identify any in progress on-demand rotations. You can use ListKeyRotations to identify the date that completed on-demand rotations were performed. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.

    On-demand key rotation is supported only on symmetric encryption KMS keys. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, multi-Region KMS keys with imported key material, or KMS keys in a custom key store. When you initiate on-demand key rotation on a symmetric encryption KMS key with imported key material, you must have already imported new key material and that key material's state should be PENDING_ROTATION. Use the ListKeyRotations operation to check the state of all key materials associated with a KMS key. To perform on-demand rotation of a set of related multi-Region keys, invoke the on-demand rotation on the primary key.

    You cannot initiate on-demand rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:RotateKeyOnDemand (key policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "ScheduleKeyDeletion":{ "name":"ScheduleKeyDeletion", @@ -846,7 +847,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.

    Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key, or an asymmetric or HMAC KMS key with imported key material.) To prevent the use of a KMS key without deleting it, use DisableKey.

    You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.

    When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material.

    For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ScheduleKeyDeletion (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.

    Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key, or an asymmetric or HMAC KMS key with imported key material.) To prevent the use of a KMS key without deleting it, use DisableKey.

    You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide.

    When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material.

    For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:ScheduleKeyDeletion (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "Sign":{ "name":"Sign", @@ -867,7 +868,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key. To verify the signature, use the Verify operation, or use the public key in the same asymmetric KMS key outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    Digital signatures are generated and verified by using asymmetric key pair, such as an RSA or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized user) uses their private key to sign a message. Anyone with the public key can verify that the message was signed with that particular private key and that the message hasn't changed since it was signed.

    To use the Sign operation, provide the following information:

    • Use the KeyId parameter to identify an asymmetric KMS key with a KeyUsage value of SIGN_VERIFY. To get the KeyUsage value of a KMS key, use the DescribeKey operation. The caller must have kms:Sign permission on the KMS key.

    • Use the Message parameter to specify the message or message digest to sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a hash digest of the message, and then provide the hash digest in the Message parameter. To indicate whether the message is a full message or a digest, use the MessageType parameter.

    • Choose a signing algorithm that is compatible with the KMS key.

    When signing a message, be sure to record the KMS key and the signing algorithm. This information is required to verify the signature.

    Best practices recommend that you limit the time during which any signature is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. Signatures do not include a timestamp, but you can include a timestamp in the signed message to help you detect when its time to refresh the signature.

    To verify the signature that this operation generates, use the Verify operation. Or use the GetPublicKey operation to download the public key and then use the public key to verify the signature outside of KMS.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Sign (key policy)

    Related operations: Verify

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Creates a digital signature for a message or message digest by using the private key in an asymmetric signing KMS key. To verify the signature, use the Verify operation, or use the public key in the same asymmetric KMS key outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    Digital signatures are generated and verified by using asymmetric key pair, such as an RSA, ECC, or ML-DSA pair that is represented by an asymmetric KMS key. The key owner (or an authorized user) uses their private key to sign a message. Anyone with the public key can verify that the message was signed with that particular private key and that the message hasn't changed since it was signed.

    To use the Sign operation, provide the following information:

    • Use the KeyId parameter to identify an asymmetric KMS key with a KeyUsage value of SIGN_VERIFY. To get the KeyUsage value of a KMS key, use the DescribeKey operation. The caller must have kms:Sign permission on the KMS key.

    • Use the Message parameter to specify the message or message digest to sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a hash digest of the message, and then provide the hash digest in the Message parameter. To indicate whether the message is a full message, a digest, or an ML-DSA EXTERNAL_MU, use the MessageType parameter.

    • Choose a signing algorithm that is compatible with the KMS key.

    When signing a message, be sure to record the KMS key and the signing algorithm. This information is required to verify the signature.

    Best practices recommend that you limit the time during which any signature is effective. This deters an attack where the actor uses a signed message to establish validity repeatedly or long after the message is superseded. Signatures do not include a timestamp, but you can include a timestamp in the signed message to help you detect when its time to refresh the signature.

    To verify the signature that this operation generates, use the Verify operation. Or use the GetPublicKey operation to download the public key and then use the public key to verify the signature outside of KMS.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Sign (key policy)

    Related operations: Verify

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "TagResource":{ "name":"TagResource", @@ -884,7 +885,7 @@ {"shape":"LimitExceededException"}, {"shape":"TagException"} ], - "documentation":"

    Adds or edits tags on a customer managed key.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.

    You can use this operation to tag a customer managed key, but you cannot tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or an alias.

    You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).

    For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:TagResource (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Adds or edits tags on a customer managed key.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.

    You can use this operation to tag a customer managed key, but you cannot tag an Amazon Web Services managed key, an Amazon Web Services owned key, a custom key store, or an alias.

    You can also add tags to a KMS key while creating it (CreateKey) or replicating it (ReplicateKey).

    For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:TagResource (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "UntagResource":{ "name":"UntagResource", @@ -900,7 +901,7 @@ {"shape":"KMSInvalidStateException"}, {"shape":"TagException"} ], - "documentation":"

    Deletes tags from a customer managed key. To delete a tag, specify the tag key and the KMS key.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    When it succeeds, the UntagResource operation doesn't return any output. Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return a response. To confirm that the operation worked, use the ListResourceTags operation.

    For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:UntagResource (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Deletes tags from a customer managed key. To delete a tag, specify the tag key and the KMS key.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    When it succeeds, the UntagResource operation doesn't return any output. Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return a response. To confirm that the operation worked, use the ListResourceTags operation.

    For information about using tags in KMS, see Tagging keys. For general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:UntagResource (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "UpdateAlias":{ "name":"UpdateAlias", @@ -916,7 +917,7 @@ {"shape":"LimitExceededException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Associates an existing KMS alias with a different KMS key. Each alias is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the KMS key must be in the same Amazon Web Services account and Region.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    The current and new KMS key must be the same type (both symmetric or both asymmetric or both HMAC), and they must have the same key usage. This restriction prevents errors in code that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.

    You cannot use UpdateAlias to change an alias name. To change an alias name, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.

    Because an alias is not a property of a KMS key, you can create, update, and delete the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys in the account, use the ListAliases operation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Associates an existing KMS alias with a different KMS key. Each alias is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the KMS key must be in the same Amazon Web Services account and Region.

    Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    The current and new KMS key must be the same type (both symmetric or both asymmetric or both HMAC), and they must have the same key usage. This restriction prevents errors in code that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.

    You cannot use UpdateAlias to change an alias name. To change an alias name, use DeleteAlias to delete the old alias and CreateAlias to create a new alias.

    Because an alias is not a property of a KMS key, you can create, update, and delete the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys in the account, use the ListAliases operation.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions

    For details, see Controlling access to aliases in the Key Management Service Developer Guide.

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "UpdateCustomKeyStore":{ "name":"UpdateCustomKeyStore", @@ -945,7 +946,7 @@ {"shape":"XksProxyInvalidResponseException"}, {"shape":"XksProxyInvalidConfigurationException"} ], - "documentation":"

    Changes the properties of a custom key store. You can use this operation to change the properties of an CloudHSM key store or an external key store.

    Use the required CustomKeyStoreId parameter to identify the custom key store. Use the remaining optional parameters to change its properties. This operation does not return any property values. To verify the updated property values, use the DescribeCustomKeyStores operation.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    When updating the properties of an external key store, verify that the updated settings connect your key store, via the external key store proxy, to the same external key manager as the previous settings, or to a backup or snapshot of the external key manager with the same cryptographic keys. If the updated connection settings fail, you can fix them and retry, although an extended delay might disrupt Amazon Web Services services. However, if KMS permanently loses its access to cryptographic keys, ciphertext encrypted under those keys is unrecoverable.

    For external key stores:

    Some external key managers provide a simpler method for updating an external key store. For details, see your external key manager documentation.

    When updating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot upload the proxy configuration file to the UpdateCustomKeyStore operation. However, you can use the file to help you determine the correct values for the UpdateCustomKeyStore parameters.

    For an CloudHSM key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), to tell KMS about a change to the kmsuser crypto user password (KeyStorePassword), or to associate the custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). To update any property of an CloudHSM key store, the ConnectionState of the CloudHSM key store must be DISCONNECTED.

    For an external key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service name (XksProxyVpcEndpointServiceName). To update most properties of an external key store, the ConnectionState of the external key store must be DISCONNECTED. However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, and XksProxyUriPath of an external key store when it is in the CONNECTED or DISCONNECTED state.

    If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, use the DisconnectCustomKeyStore operation to disconnect the custom key store. After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore to reconnect the custom key store. To find the ConnectionState of the custom key store, use the DescribeCustomKeyStores operation.

    Before updating the custom key store, verify that the new values allow KMS to connect the custom key store to its backing key store. For example, before you change the XksProxyUriPath value, verify that the external key store proxy is reachable at the new path.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:UpdateCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Changes the properties of a custom key store. You can use this operation to change the properties of an CloudHSM key store or an external key store.

    Use the required CustomKeyStoreId parameter to identify the custom key store. Use the remaining optional parameters to change its properties. This operation does not return any property values. To verify the updated property values, use the DescribeCustomKeyStores operation.

    This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

    When updating the properties of an external key store, verify that the updated settings connect your key store, via the external key store proxy, to the same external key manager as the previous settings, or to a backup or snapshot of the external key manager with the same cryptographic keys. If the updated connection settings fail, you can fix them and retry, although an extended delay might disrupt Amazon Web Services services. However, if KMS permanently loses its access to cryptographic keys, ciphertext encrypted under those keys is unrecoverable.

    For external key stores:

    Some external key managers provide a simpler method for updating an external key store. For details, see your external key manager documentation.

    When updating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot upload the proxy configuration file to the UpdateCustomKeyStore operation. However, you can use the file to help you determine the correct values for the UpdateCustomKeyStore parameters.

    For an CloudHSM key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), to tell KMS about a change to the kmsuser crypto user password (KeyStorePassword), or to associate the custom key store with a different, but related, CloudHSM cluster (CloudHsmClusterId). To update any property of an CloudHSM key store, the ConnectionState of the CloudHSM key store must be DISCONNECTED.

    For an external key store, you can use this operation to change the custom key store friendly name (NewCustomKeyStoreName), or to tell KMS about a change to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint service name (XksProxyVpcEndpointServiceName). To update most properties of an external key store, the ConnectionState of the external key store must be DISCONNECTED. However, you can update the CustomKeyStoreName, XksProxyAuthenticationCredential, and XksProxyUriPath of an external key store when it is in the CONNECTED or DISCONNECTED state.

    If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, use the DisconnectCustomKeyStore operation to disconnect the custom key store. After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore to reconnect the custom key store. To find the ConnectionState of the custom key store, use the DescribeCustomKeyStores operation.

    Before updating the custom key store, verify that the new values allow KMS to connect the custom key store to its backing key store. For example, before you change the XksProxyUriPath value, verify that the external key store proxy is reachable at the new path.

    If the operation succeeds, it returns a JSON object with no properties.

    Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

    Required permissions: kms:UpdateCustomKeyStore (IAM policy)

    Related operations:

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "UpdateKeyDescription":{ "name":"UpdateKeyDescription", @@ -961,7 +962,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"

    Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:UpdateKeyDescription (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

    Required permissions: kms:UpdateKeyDescription (key policy)

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "UpdatePrimaryRegion":{ "name":"UpdatePrimaryRegion", @@ -978,7 +979,7 @@ {"shape":"NotFoundException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"

    Changes the primary key of a multi-Region key.

    This operation changes the replica key in the specified Region to a primary key and changes the former primary key to a replica key. For example, suppose you have a primary key in us-east-1 and a replica key in eu-west-2. If you run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary key is now the key in eu-west-2, and the key in us-east-1 becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    The primary key of a multi-Region key is the source for properties that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material origin, and automatic key rotation. It's the only key that can be replicated. You cannot delete the primary key until all replica keys are deleted.

    The key ID and primary Region that you specify uniquely identify the replica key that will become the primary key. The primary Region must already have a replica key. This operation does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica key, use the ReplicateKey operation.

    You can run this operation while using the affected multi-Region keys in cryptographic operations. This operation should not delay, interrupt, or cause failures in cryptographic operations.

    Even after this operation completes, the process of updating the primary Region might still be in progress for a few more seconds. Operations such as DescribeKey might display both the old and new primary keys as replicas. The old and new primary keys have a transient key state of Updating. The original key state is restored when the update is complete. While the key state is Updating, you can use the keys in cryptographic operations, but you cannot replicate the new primary key or perform certain management operations, such as enabling or disabling these keys. For details about the Updating key state, see Key states of KMS keys in the Key Management Service Developer Guide.

    This operation does not return any output. To verify that primary key is changed, use the DescribeKey operation.

    Cross-account use: No. You cannot use this operation in a different Amazon Web Services account.

    Required permissions:

    • kms:UpdatePrimaryRegion on the current primary key (in the primary key's Region). Include this permission primary key's key policy.

    • kms:UpdatePrimaryRegion on the current replica key (in the replica key's Region). Include this permission in the replica key's key policy.

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Changes the primary key of a multi-Region key.

    This operation changes the replica key in the specified Region to a primary key and changes the former primary key to a replica key. For example, suppose you have a primary key in us-east-1 and a replica key in eu-west-2. If you run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary key is now the key in eu-west-2, and the key in us-east-1 becomes a replica key. For details, see Change the primary key in a set of multi-Region keys in the Key Management Service Developer Guide.

    This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    The primary key of a multi-Region key is the source for properties that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material origin, and automatic key rotation. It's the only key that can be replicated. You cannot delete the primary key until all replica keys are deleted.

    The key ID and primary Region that you specify uniquely identify the replica key that will become the primary key. The primary Region must already have a replica key. This operation does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica key, use the ReplicateKey operation.

    You can run this operation while using the affected multi-Region keys in cryptographic operations. This operation should not delay, interrupt, or cause failures in cryptographic operations.

    Even after this operation completes, the process of updating the primary Region might still be in progress for a few more seconds. Operations such as DescribeKey might display both the old and new primary keys as replicas. The old and new primary keys have a transient key state of Updating. The original key state is restored when the update is complete. While the key state is Updating, you can use the keys in cryptographic operations, but you cannot replicate the new primary key or perform certain management operations, such as enabling or disabling these keys. For details about the Updating key state, see Key states of KMS keys in the Key Management Service Developer Guide.

    This operation does not return any output. To verify that primary key is changed, use the DescribeKey operation.

    Cross-account use: No. You cannot use this operation in a different Amazon Web Services account.

    Required permissions:

    • kms:UpdatePrimaryRegion on the current primary key (in the primary key's Region). Include this permission primary key's key policy.

    • kms:UpdatePrimaryRegion on the current replica key (in the replica key's Region). Include this permission in the replica key's key policy.

    Related operations

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "Verify":{ "name":"Verify", @@ -1000,7 +1001,7 @@ {"shape":"KMSInvalidSignatureException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Verifies a digital signature that was generated by the Sign operation.

    Verification confirms that an authorized user signed the message with the specified KMS key and signing algorithm, and the message hasn't changed since it was signed. If the signature is verified, the value of the SignatureValid field in the response is True. If the signature verification fails, the Verify operation fails with an KMSInvalidSignatureException exception.

    A digital signature is generated by using the private key in an asymmetric KMS key. The signature is verified by using the public key in the same asymmetric KMS key. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    To use the Verify operation, specify the same asymmetric KMS key, message, and signing algorithm that were used to produce the signature. The message type does not need to be the same as the one used for signing, but it must indicate whether the value of the Message parameter should be hashed as part of the verification process.

    You can also verify the digital signature by using the public key of the KMS key outside of KMS. Use the GetPublicKey operation to download the public key in the asymmetric KMS key and then use the public key to verify the signature outside of KMS. The advantage of using the Verify operation is that it is performed within KMS. As a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use the KMS key to verify signatures.

    To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Verify (key policy)

    Related operations: Sign

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Verifies a digital signature that was generated by the Sign operation.

    Verification confirms that an authorized user signed the message with the specified KMS key and signing algorithm, and the message hasn't changed since it was signed. If the signature is verified, the value of the SignatureValid field in the response is True. If the signature verification fails, the Verify operation fails with an KMSInvalidSignatureException exception.

    A digital signature is generated by using the private key in an asymmetric KMS key. The signature is verified by using the public key in the same asymmetric KMS key. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.

    To use the Verify operation, specify the same asymmetric KMS key, message, and signing algorithm that were used to produce the signature. The message type does not need to be the same as the one used for signing, but it must indicate whether the value of the Message parameter should be hashed as part of the verification process.

    You can also verify the digital signature by using the public key of the KMS key outside of KMS. Use the GetPublicKey operation to download the public key in the asymmetric KMS key and then use the public key to verify the signature outside of KMS. The advantage of using the Verify operation is that it is performed within KMS. As a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use the KMS key to verify signatures.

    To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:Verify (key policy)

    Related operations: Sign

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " }, "VerifyMac":{ "name":"VerifyMac", @@ -1021,11 +1022,17 @@ {"shape":"KMSInvalidStateException"}, {"shape":"DryRunOperationException"} ], - "documentation":"

    Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC to the HMAC that you specify. If the HMACs are identical, the verification succeeds; otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was calculated, and the specified key was used to generate and verify the HMAC.

    HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.

    This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:VerifyMac (key policy)

    Related operations: GenerateMac

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " + "documentation":"

    Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC to the HMAC that you specify. If the HMACs are identical, the verification succeeds; otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was calculated, and the specified key was used to generate and verify the HMAC.

    HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.

    This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide.

    The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

    Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.

    Required permissions: kms:VerifyMac (key policy)

    Related operations: GenerateMac

    Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

    " } }, "shapes":{ "AWSAccountIdType":{"type":"string"}, + "AccountIdType":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]{12}" + }, "AlgorithmSpec":{ "type":"string", "enum":[ @@ -1091,6 +1098,18 @@ "max":262144, "min":1 }, + "BackingKeyIdResponseType":{ + "type":"string", + "max":64, + "min":0, + "pattern":"^[a-f0-9]+$" + }, + "BackingKeyIdType":{ + "type":"string", + "max":64, + "min":64, + "pattern":"^[a-f0-9]+$" + }, "BooleanType":{"type":"boolean"}, "CancelKeyDeletionRequest":{ "type":"structure", @@ -1182,8 +1201,7 @@ }, "ConnectCustomKeyStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ConnectionErrorCodeType":{ "type":"string", @@ -1227,11 +1245,11 @@ "members":{ "AliasName":{ "shape":"AliasNameType", - "documentation":"

    Specifies the alias name. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    The AliasName value must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is reserved for Amazon Web Services managed keys.

    " + "documentation":"

    Specifies the alias name. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    The AliasName value must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is reserved for Amazon Web Services managed keys.

    " }, "TargetKeyId":{ "shape":"KeyIdType", - "documentation":"

    Associates the alias with the specified customer managed key. The KMS key must be in the same Amazon Web Services Region.

    A valid key ID is required. If you supply a null or empty string value, this operation returns an error.

    For help finding the key ID and ARN, see Finding the Key ID and ARN in the Key Management Service Developer Guide .

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + "documentation":"

    Associates the alias with the specified customer managed key. The KMS key must be in the same Amazon Web Services Region.

    A valid key ID is required. If you supply a null or empty string value, this operation returns an error.

    For help finding the key ID and ARN, see Find the key ID and key ARN in the Key Management Service Developer Guide .

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " } } }, @@ -1253,7 +1271,7 @@ }, "KeyStorePassword":{ "shape":"KeyStorePasswordType", - "documentation":"

    Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.

    Enter the password of the kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.

    The password must be a string of 7 to 32 characters. Its value is case sensitive.

    This parameter tells KMS the kmsuser account password; it does not change the password in the CloudHSM cluster.

    " + "documentation":"

    Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.

    Enter the password of the kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.

    The password must be a string of 7 to 32 characters. Its value is case sensitive.

    This parameter tells KMS the kmsuser account password; it does not change the password in the CloudHSM cluster.

    " }, "CustomKeyStoreType":{ "shape":"CustomKeyStoreType", @@ -1271,13 +1289,17 @@ "shape":"XksProxyVpcEndpointServiceNameType", "documentation":"

    Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE.

    The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.

    Uniqueness requirements:

    • External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each external key store must have its own VPC endpoint service and private DNS name.

    " }, + "XksProxyVpcEndpointServiceOwner":{ + "shape":"AccountIdType", + "documentation":"

    Specifies the Amazon Web Services account ID that owns the Amazon VPC service endpoint for the interface that is used to communicate with your external key store proxy (XKS proxy). This parameter is optional. If not provided, the Amazon Web Services account ID calling the action will be used.

    " + }, "XksProxyAuthenticationCredential":{ "shape":"XksProxyAuthenticationCredentialType", - "documentation":"

    Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.

    KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.

    This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.

    " + "documentation":"

    Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.

    KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.

    This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.

    " }, "XksProxyConnectivity":{ "shape":"XksProxyConnectivityType", - "documentation":"

    Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.

    An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.

    " + "documentation":"

    Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.

    An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.

    " } } }, @@ -1308,7 +1330,7 @@ }, "RetiringPrincipal":{ "shape":"PrincipalIdType", - "documentation":"

    The principal that has permission to use the RetireGrant operation to retire the grant.

    To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs in the Identity and Access Management User Guide .

    The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke the grant. For details, see RevokeGrant and Retiring and revoking grants in the Key Management Service Developer Guide.

    " + "documentation":"

    The principal that has permission to use the RetireGrant operation to retire the grant.

    To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid principals include Amazon Web Services accounts, IAM users, IAM roles, federated users, and assumed role users. For help with the ARN syntax for a principal, see IAM ARNs in the Identity and Access Management User Guide .

    The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke the grant. For details, see RevokeGrant and Retiring and revoking grants in the Key Management Service Developer Guide.

    " }, "Operations":{ "shape":"GrantOperationList", @@ -1320,7 +1342,7 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "Name":{ "shape":"GrantNameType", @@ -1328,7 +1350,7 @@ }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -1337,7 +1359,7 @@ "members":{ "GrantToken":{ "shape":"GrantTokenType", - "documentation":"

    The grant token.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    The grant token.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "GrantId":{ "shape":"GrantIdType", @@ -1350,7 +1372,7 @@ "members":{ "Policy":{ "shape":"PolicyType", - "documentation":"

    The key policy to attach to the KMS key.

    If you provide a key policy, it must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see Default key policy in the Key Management Service Developer Guide.

    The key policy size quota is 32 kilobytes (32768 bytes).

    For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " + "documentation":"

    The key policy to attach to the KMS key.

    If you provide a key policy, it must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    If either of the required Resource or Action elements are missing from a key policy statement, the policy statement has no effect. When a key policy statement is missing one of these elements, the KMS console correctly reports an error, but the CreateKey and PutKeyPolicy API requests succeed, even though the policy statement is ineffective.

    For more information on required key policy elements, see Elements in a key policy in the Key Management Service Developer Guide.

    If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see Default key policy in the Key Management Service Developer Guide.

    If the key policy exceeds the length constraint, KMS returns a LimitExceededException.

    For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " }, "Description":{ "shape":"DescriptionType", @@ -1358,7 +1380,7 @@ }, "KeyUsage":{ "shape":"KeyUsageType", - "documentation":"

    Determines the cryptographic operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is created.

    Select only one valid value.

    • For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.

    • For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.

    • For asymmetric KMS keys with RSA key pairs, specify ENCRYPT_DECRYPT or SIGN_VERIFY.

    • For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify SIGN_VERIFY or KEY_AGREEMENT.

    • For asymmetric KMS keys with ECC_SECG_P256K1 key pairs specify SIGN_VERIFY.

    • For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.

    " + "documentation":"

    Determines the cryptographic operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is created. Each KMS key can have only one key usage. This follows key usage best practices according to NIST SP 800-57 Recommendations for Key Management, section 5.2, Key usage.

    Select only one valid value.

    • For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.

    • For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.

    • For asymmetric KMS keys with RSA key pairs, specify ENCRYPT_DECRYPT or SIGN_VERIFY.

    • For asymmetric KMS keys with NIST-standard elliptic curve key pairs, specify SIGN_VERIFY or KEY_AGREEMENT.

    • For asymmetric KMS keys with ECC_SECG_P256K1 key pairs, specify SIGN_VERIFY.

    • For asymmetric KMS keys with ML-DSA key pairs, specify SIGN_VERIFY.

    • For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.

    " }, "CustomerMasterKeySpec":{ "shape":"CustomerMasterKeySpec", @@ -1368,7 +1390,7 @@ }, "KeySpec":{ "shape":"KeySpec", - "documentation":"

    Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key type in the Key Management Service Developer Guide .

    The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the algorithms that the KMS key supports. You can't change the KeySpec after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm or kms:Signing Algorithm in the Key Management Service Developer Guide .

    Amazon Web Services services that are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support asymmetric KMS keys or HMAC KMS keys.

    KMS supports the following key specs for KMS keys:

    • Symmetric encryption key (default)

      • SYMMETRIC_DEFAULT

    • HMAC keys (symmetric)

      • HMAC_224

      • HMAC_256

      • HMAC_384

      • HMAC_512

    • Asymmetric RSA key pairs (encryption and decryption -or- signing and verification)

      • RSA_2048

      • RSA_3072

      • RSA_4096

    • Asymmetric NIST-recommended elliptic curve key pairs (signing and verification -or- deriving shared secrets)

      • ECC_NIST_P256 (secp256r1)

      • ECC_NIST_P384 (secp384r1)

      • ECC_NIST_P521 (secp521r1)

    • Other asymmetric elliptic curve key pairs (signing and verification)

      • ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.

    • SM2 key pairs (encryption and decryption -or- signing and verification -or- deriving shared secrets)

      • SM2 (China Regions only)

    " + "documentation":"

    Specifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates a 128-bit symmetric key that uses SM4 encryption. For a detailed description of all supported key specs, see Key spec reference in the Key Management Service Developer Guide .

    The KeySpec determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines the algorithms that the KMS key supports. You can't change the KeySpec after the KMS key is created. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see kms:EncryptionAlgorithm, kms:MacAlgorithm, kms:KeyAgreementAlgorithm, or kms:SigningAlgorithm in the Key Management Service Developer Guide .

    Amazon Web Services services that are integrated with KMS use symmetric encryption KMS keys to protect your data. These services do not support asymmetric KMS keys or HMAC KMS keys.

    KMS supports the following key specs for KMS keys:

    • Symmetric encryption key (default)

      • SYMMETRIC_DEFAULT

    • HMAC keys (symmetric)

      • HMAC_224

      • HMAC_256

      • HMAC_384

      • HMAC_512

    • Asymmetric RSA key pairs (encryption and decryption -or- signing and verification)

      • RSA_2048

      • RSA_3072

      • RSA_4096

    • Asymmetric NIST-standard elliptic curve key pairs (signing and verification -or- deriving shared secrets)

      • ECC_NIST_P256 (secp256r1)

      • ECC_NIST_P384 (secp384r1)

      • ECC_NIST_P521 (secp521r1)

      • ECC_NIST_EDWARDS25519 (ed25519) - signing and verification only

        • Note: For ECC_NIST_EDWARDS25519 KMS keys, the ED25519_SHA_512 signing algorithm requires MessageType:RAW , while ED25519_PH_SHA_512 requires MessageType:DIGEST . These message types cannot be used interchangeably.

    • Other asymmetric elliptic curve key pairs (signing and verification)

      • ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.

    • Asymmetric ML-DSA key pairs (signing and verification)

      • ML_DSA_44

      • ML_DSA_65

      • ML_DSA_87

    • SM2 key pairs (encryption and decryption -or- signing and verification -or- deriving shared secrets)

      • SM2 (China Regions only)

    " }, "Origin":{ "shape":"OriginType", @@ -1376,7 +1398,7 @@ }, "CustomKeyStoreId":{ "shape":"CustomKeyStoreIdType", - "documentation":"

    Creates the KMS key in the specified custom key store. The ConnectionState of the custom key store must be CONNECTED. To find the CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation.

    This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other type of KMS key in a custom key store.

    When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable 256-bit symmetric key in its associated CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you must use the XksKeyId parameter to specify an external key that serves as key material for the KMS key.

    " + "documentation":"

    Creates the KMS key in the specified custom key store. The ConnectionState of the custom key store must be CONNECTED. To find the CustomKeyStoreID and ConnectionState use the DescribeCustomKeyStores operation.

    This parameter is valid only for symmetric encryption KMS keys in a single Region. You cannot create any other type of KMS key in a custom key store.

    When you create a KMS key in an CloudHSM key store, KMS generates a non-exportable 256-bit symmetric key in its associated CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you must use the XksKeyId parameter to specify an external key that serves as key material for the KMS key.

    " }, "BypassPolicyLockoutSafetyCheck":{ "shape":"BooleanType", @@ -1384,7 +1406,7 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    To use this parameter, you must have kms:TagResource permission in an IAM policy.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.

    When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.

    " + "documentation":"

    Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    To use this parameter, you must have kms:TagResource permission in an IAM policy.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.

    When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tags in KMS.

    " }, "MultiRegion":{ "shape":"NullableBooleanType", @@ -1392,7 +1414,7 @@ }, "XksKeyId":{ "shape":"XksKeyIdType", - "documentation":"

    Identifies the external key that serves as key material for the KMS key in an external key store. Specify the ID that the external key store proxy uses to refer to the external key. For help, see the documentation for your external key store proxy.

    This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. It is not valid for KMS keys with any other Origin value.

    The external key must be an existing 256-bit AES symmetric encryption key hosted outside of Amazon Web Services in an external key manager associated with the external key store specified by the CustomKeyStoreId parameter. This key must be enabled and configured to perform encryption and decryption. Each KMS key in an external key store must use a different external key. For details, see Requirements for a KMS key in an external key store in the Key Management Service Developer Guide.

    Each KMS key in an external key store is associated two backing keys. One is key material that KMS generates. The other is the external key specified by this parameter. When you use the KMS key in an external key store to encrypt data, the encryption operation is performed first by KMS using the KMS key material, and then by the external key manager using the specified external key, a process known as double encryption. For details, see Double encryption in the Key Management Service Developer Guide.

    " + "documentation":"

    Identifies the external key that serves as key material for the KMS key in an external key store. Specify the ID that the external key store proxy uses to refer to the external key. For help, see the documentation for your external key store proxy.

    This parameter is required for a KMS key with an Origin value of EXTERNAL_KEY_STORE. It is not valid for KMS keys with any other Origin value.

    The external key must be an existing 256-bit AES symmetric encryption key hosted outside of Amazon Web Services in an external key manager associated with the external key store specified by the CustomKeyStoreId parameter. This key must be enabled and configured to perform encryption and decryption. Each KMS key in an external key store must use a different external key. For details, see Requirements for a KMS key in an external key store in the Key Management Service Developer Guide.

    Each KMS key in an external key store is associated two backing keys. One is key material that KMS generates. The other is the external key specified by this parameter. When you use the KMS key in an external key store to encrypt data, the encryption operation is performed first by KMS using the KMS key material, and then by the external key manager using the specified external key, a process known as double encryption. For details, see Double encryption in the Key Management Service Developer Guide.

    " } } }, @@ -1530,7 +1552,8 @@ "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", - "SM2" + "SM2", + "ECC_NIST_EDWARDS25519" ] }, "DataKeySpec":{ @@ -1551,11 +1574,11 @@ }, "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context to use when decrypting the data. An encryption context is valid only for cryptographic operations with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "KeyId":{ "shape":"KeyIdType", @@ -1567,11 +1590,11 @@ }, "Recipient":{ "shape":"RecipientInfo", - "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

    When you use this parameter, instead of returning the plaintext data, KMS encrypts the plaintext data with the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter supports the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK for Amazon Web Services Nitro Enclaves. It supports any Amazon Web Services SDK for Amazon Web Services NitroTPM.

    When you use this parameter, instead of returning the plaintext data, KMS encrypts the plaintext data with the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the attested environment. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -1592,7 +1615,11 @@ }, "CiphertextForRecipient":{ "shape":"CiphertextType", - "documentation":"

    The plaintext data encrypted with the public key in the attestation document.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    The plaintext data encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to decrypt the ciphertext. This field is present only when the operation uses a symmetric encryption KMS key. This field is omitted if the request includes the Recipient parameter.

    " } } }, @@ -1618,8 +1645,7 @@ }, "DeleteCustomKeyStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImportedKeyMaterialRequest":{ "type":"structure", @@ -1628,6 +1654,23 @@ "KeyId":{ "shape":"KeyIdType", "documentation":"

    Identifies the KMS key from which you are deleting imported key material. The Origin of the KMS key must be EXTERNAL.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    Identifies the imported key material you are deleting.

    If no KeyMaterialId is specified, KMS deletes the current key material.

    To get the list of key material IDs associated with a KMS key, use ListKeyRotations.

    " + } + } + }, + "DeleteImportedKeyMaterialResponse":{ + "type":"structure", + "members":{ + "KeyId":{ + "shape":"KeyIdType", + "documentation":"

    The Amazon Resource Name (key ARN) of the KMS key from which the key material was deleted.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdResponseType", + "documentation":"

    Identifies the deleted key material.

    " } } }, @@ -1650,7 +1693,7 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions only) KMS key. KMS uses the private key in the specified key pair to derive the shared secret. The key usage of the KMS key must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

    To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

    " + "documentation":"

    Identifies an asymmetric NIST-standard ECC or SM2 (China Regions only) KMS key. KMS uses the private key in the specified key pair to derive the shared secret. The key usage of the KMS key must be KEY_AGREEMENT. To find the KeyUsage of a KMS key, use the DescribeKey operation.

    To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

    " }, "KeyAgreementAlgorithm":{ "shape":"KeyAgreementAlgorithmSpec", @@ -1658,19 +1701,19 @@ }, "PublicKey":{ "shape":"PublicKeyType", - "documentation":"

    Specifies the public key in your peer's NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) key pair.

    The public key must be a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280.

    GetPublicKey returns the public key of an asymmetric KMS key pair in the required DER-encoded format.

    If you use Amazon Web Services CLI version 1, you must provide the DER-encoded X.509 public key in a file. Otherwise, the Amazon Web Services CLI Base64-encodes the public key a second time, resulting in a ValidationException.

    You can specify the public key as binary data in a file using fileb (fileb://<path-to-file>) or in-line using a Base64 encoded string.

    " + "documentation":"

    Specifies the public key in your peer's NIST-standard elliptic curve (ECC) or SM2 (China Regions only) key pair.

    The public key must be a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280.

    GetPublicKey returns the public key of an asymmetric KMS key pair in the required DER-encoded format.

    If you use Amazon Web Services CLI version 1, you must provide the DER-encoded X.509 public key in a file. Otherwise, the Amazon Web Services CLI Base64-encodes the public key a second time, resulting in a ValidationException.

    You can specify the public key as binary data in a file using fileb (fileb://<path-to-file>) or in-line using a Base64 encoded string.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " }, "Recipient":{ "shape":"RecipientInfo", - "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro Enclaves, use the Amazon Web Services Nitro Enclaves SDK to generate the attestation document and then use the Recipient parameter from any Amazon Web Services SDK to provide the attestation document for the enclave.

    When you use this parameter, instead of returning a plaintext copy of the shared secret, KMS encrypts the plaintext shared secret under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The CiphertextBlob field in the response contains the encrypted shared secret derived from the KMS key specified by the KeyId parameter and public key specified by the PublicKey parameter. The SharedSecret field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM. To call DeriveSharedSecret generate an attestation document use either Amazon Web Services Nitro Enclaves SDK for an Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM tools for Amazon Web Services NitroTPM. Then use the Recipient parameter from any Amazon Web Services SDK to provide the attestation document for the attested environment.

    When you use this parameter, instead of returning a plaintext copy of the shared secret, KMS encrypts the plaintext shared secret under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the attested environment. The CiphertextBlob field in the response contains the encrypted shared secret derived from the KMS key specified by the KeyId parameter and public key specified by the PublicKey parameter. The SharedSecret field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " } } }, @@ -1687,7 +1730,7 @@ }, "CiphertextForRecipient":{ "shape":"CiphertextType", - "documentation":"

    The plaintext shared secret encrypted with the public key in the attestation document.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    The plaintext shared secret encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " }, "KeyAgreementAlgorithm":{ "shape":"KeyAgreementAlgorithmSpec", @@ -1743,11 +1786,11 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    Describes the specified KMS key.

    If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates the alias with an Amazon Web Services managed key and returns its KeyId and Arn in the response.

    To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

    " + "documentation":"

    Describes the specified KMS key.

    If you specify a predefined Amazon Web Services alias (an Amazon Web Services alias with no key ID), KMS associates the alias with an Amazon Web Services managed key and returns its KeyId and Arn in the response.

    To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " } } }, @@ -1781,7 +1824,7 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + "documentation":"

    Identifies a symmetric encryption KMS key. You cannot enable or disable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " } } }, @@ -1805,8 +1848,7 @@ }, "DisconnectCustomKeyStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DryRunOperationException":{ "type":"structure", @@ -1832,7 +1874,7 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    Identifies a symmetric encryption KMS key. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + "documentation":"

    Identifies a symmetric encryption KMS key. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " }, "RotationPeriodInDays":{ "shape":"RotationPeriodInDaysType", @@ -1857,11 +1899,11 @@ }, "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations with a symmetric encryption KMS key. The standard asymmetric encryption algorithms and HMAC algorithms that KMS uses do not support an encryption context.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "EncryptionAlgorithm":{ "shape":"EncryptionAlgorithmSpec", @@ -1869,7 +1911,7 @@ }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -1935,7 +1977,7 @@ "members":{ "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context that will be used when encrypting the private key in the data key pair.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context that will be used when encrypting the private key in the data key pair.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "KeyId":{ "shape":"KeyIdType", @@ -1943,19 +1985,19 @@ }, "KeyPairSpec":{ "shape":"DataKeyPairSpec", - "documentation":"

    Determines the type of data key pair that is generated.

    The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.

    " + "documentation":"

    Determines the type of data key pair that is generated.

    The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), the rule that permits you to use ECC KMS keys only to sign and verify, and the rule that permits you to use ML-DSA key pairs to sign and verify only are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "Recipient":{ "shape":"RecipientInfo", - "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web Services Nitro Enclaves, use the Amazon Web Services Nitro Enclaves SDK to generate the attestation document and then use the Recipient parameter from any Amazon Web Services SDK to provide the attestation document for the enclave.

    When you use this parameter, instead of returning a plaintext copy of the private data key, KMS encrypts the plaintext private data key under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The CiphertextBlob field in the response contains a copy of the private data key encrypted under the KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM. To call GenerateDataKeyPair generate an attestation document use either Amazon Web Services Nitro Enclaves SDK for an Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM tools for Amazon Web Services NitroTPM. Then use the Recipient parameter from any Amazon Web Services SDK to provide the attestation document for the attested environment.

    When you use this parameter, instead of returning a plaintext copy of the private data key, KMS encrypts the plaintext private data key under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the attested environment. The CiphertextBlob field in the response contains a copy of the private data key encrypted under the KMS key specified by the KeyId parameter. The PrivateKeyPlaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -1984,7 +2026,11 @@ }, "CiphertextForRecipient":{ "shape":"CiphertextType", - "documentation":"

    The plaintext private data key encrypted with the public key from the Nitro enclave. This ciphertext can be decrypted only by using a private key in the Nitro enclave.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    The plaintext private data key encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to encrypt the private key.

    " } } }, @@ -1997,7 +2043,7 @@ "members":{ "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context that will be used when encrypting the private key in the data key pair.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context that will be used when encrypting the private key in the data key pair.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "KeyId":{ "shape":"KeyIdType", @@ -2005,15 +2051,15 @@ }, "KeyPairSpec":{ "shape":"DataKeyPairSpec", - "documentation":"

    Determines the type of data key pair that is generated.

    The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), and the rule that permits you to use ECC KMS keys only to sign and verify, are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.

    " + "documentation":"

    Determines the type of data key pair that is generated.

    The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys to encrypt and decrypt or to sign and verify (but not both), the rule that permits you to use ECC KMS keys only to sign and verify, and the rule that permits you to use ML-DSA key pairs to sign and verify only are not effective on data key pairs, which are used outside of KMS. The SM2 key spec is only available in China Regions.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -2035,6 +2081,10 @@ "KeyPairSpec":{ "shape":"DataKeyPairSpec", "documentation":"

    The type of data key pair that was generated.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to encrypt the private key.

    " } } }, @@ -2048,7 +2098,7 @@ }, "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context that will be used when encrypting the data key.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context that will be used when encrypting the data key.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "NumberOfBytes":{ "shape":"NumberOfBytesType", @@ -2060,15 +2110,15 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "Recipient":{ "shape":"RecipientInfo", - "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

    When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The CiphertextBlob field in the response contains a copy of the data key encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter supports the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK for Amazon Web Services Nitro Enclaves. It supports any Amazon Web Services SDK for Amazon Web Services NitroTPM.

    When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The CiphertextBlob field in the response contains a copy of the data key encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -2089,7 +2139,11 @@ }, "CiphertextForRecipient":{ "shape":"CiphertextType", - "documentation":"

    The plaintext data key encrypted with the public key from the Nitro enclave. This ciphertext can be decrypted only by using a private key in the Nitro enclave.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    The plaintext data key encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to encrypt the data key. This field is omitted if the request includes the Recipient parameter.

    " } } }, @@ -2103,7 +2157,7 @@ }, "EncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context that will be used when encrypting the data key.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context that will be used when encrypting the data key.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "KeySpec":{ "shape":"DataKeySpec", @@ -2115,11 +2169,11 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -2133,6 +2187,10 @@ "KeyId":{ "shape":"KeyIdType", "documentation":"

    The Amazon Resource Name (key ARN) of the KMS key that encrypted the data key.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to encrypt the data key.

    " } } }, @@ -2158,11 +2216,11 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -2196,7 +2254,7 @@ }, "Recipient":{ "shape":"RecipientInfo", - "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.

    When you use this parameter, instead of returning plaintext bytes, KMS encrypts the plaintext bytes under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the enclave. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    A signed attestation document from an Amazon Web Services Nitro enclave or NitroTPM, and the encryption algorithm to use with the public key in the attestation document. The only valid encryption algorithm is RSAES_OAEP_SHA_256.

    This parameter supports the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK for Amazon Web Services Nitro Enclaves. It supports any Amazon Web Services SDK for Amazon Web Services NitroTPM.

    When you use this parameter, instead of returning plaintext bytes, KMS encrypts the plaintext bytes under the public key in the attestation document, and returns the resulting ciphertext in the CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private key in the attested environment. The Plaintext field in the response is null or empty.

    For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " } } }, @@ -2209,7 +2267,7 @@ }, "CiphertextForRecipient":{ "shape":"CiphertextType", - "documentation":"

    The plaintext random bytes encrypted with the public key from the Nitro enclave. This ciphertext can be decrypted only by using a private key in the Nitro enclave.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    The plaintext random bytes encrypted with the public key from the attestation document. This ciphertext can be decrypted only by using a private key from the attested environment.

    This field is included in the response only when the Recipient parameter in the request includes a valid attestation document from an Amazon Web Services Nitro enclave or NitroTPM. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " } } }, @@ -2271,7 +2329,7 @@ }, "OnDemandRotationStartDate":{ "shape":"DateType", - "documentation":"

    Identifies the date and time that an in progress on-demand rotation was initiated.

    The KMS API follows an eventual consistency model due to the distributed nature of the system. As a result, there might be a slight delay between initiating on-demand key rotation and the rotation's completion. Once the on-demand rotation is complete, use ListKeyRotations to view the details of the on-demand rotation.

    " + "documentation":"

    Identifies the date and time that an in progress on-demand rotation was initiated.

    KMS uses a background process to perform rotations. As a result, there might be a slight delay between initiating on-demand key rotation and the rotation's completion. Once the on-demand rotation is complete, KMS removes this field from the response. You can use ListKeyRotations to view the details of the completed on-demand rotation.

    " } } }, @@ -2289,7 +2347,7 @@ }, "WrappingAlgorithm":{ "shape":"AlgorithmSpec", - "documentation":"

    The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.

    For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS.

    The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.

    • RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.

    • RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.

    • RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key).

      You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

    • RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key).

      You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

    • RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.

    " + "documentation":"

    The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.

    For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS.

    The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.

    • RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.

    • RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.

    • RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key).

      You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

    • RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key).

      You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.

    • RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.

    " }, "WrappingKeySpec":{ "shape":"WrappingKeySpec", @@ -2328,7 +2386,7 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " } } }, @@ -2376,14 +2434,14 @@ "members":{ "EncryptionContextSubset":{ "shape":"EncryptionContextType", - "documentation":"

    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.

    " + "documentation":"

    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.

    " }, "EncryptionContextEquals":{ "shape":"EncryptionContextType", - "documentation":"

    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.

    " + "documentation":"

    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.

    " } }, - "documentation":"

    Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

    KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKey or RetireGrant.

    In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

    However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

    To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the Key Management Service Developer Guide .

    " + "documentation":"

    Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

    KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric KMS key. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric KMS keys and management operations, such as DescribeKey or RetireGrant.

    In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

    However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

    To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext:context-key in the Key Management Service Developer Guide .

    " }, "GrantIdType":{ "type":"string", @@ -2489,7 +2547,7 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    The identifier of the KMS key that will be associated with the imported key material. This must be the same KMS key specified in the KeyID parameter of the corresponding GetParametersForImport request. The Origin of the KMS key must be EXTERNAL and its KeyState must be PendingImport.

    The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key, including a multi-Region key of any supported type. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + "documentation":"

    The identifier of the KMS key that will be associated with the imported key material. This must be the same KMS key specified in the KeyID parameter of the corresponding GetParametersForImport request. The Origin of the KMS key must be EXTERNAL and its KeyState must be PendingImport.

    The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key, including a multi-Region key of any supported type. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " }, "ImportToken":{ "shape":"CiphertextType", @@ -2505,15 +2563,56 @@ }, "ExpirationModel":{ "shape":"ExpirationModelType", - "documentation":"

    Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.

    When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.

    You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must reimport the key material.

    " + "documentation":"

    Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.

    When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter.

    You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must reimport the key material.

    " + }, + "ImportType":{ + "shape":"ImportType", + "documentation":"

    Indicates whether the key material being imported is previously associated with this KMS key or not. This parameter is optional and only usable with symmetric encryption keys. If no key material has ever been imported into the KMS key, and this parameter is omitted, the parameter defaults to NEW_KEY_MATERIAL. After the first key material is imported, if this parameter is omitted then the parameter defaults to EXISTING_KEY_MATERIAL.

    " + }, + "KeyMaterialDescription":{ + "shape":"KeyMaterialDescriptionType", + "documentation":"

    Description for the key material being imported. This parameter is optional and only usable with symmetric encryption keys. If you do not specify a key material description, KMS retains the value you specified when you last imported the same key material into this KMS key.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    Identifies the key material being imported. This parameter is optional and only usable with symmetric encryption keys. You cannot specify a key material ID with ImportType set to NEW_KEY_MATERIAL. Whenever you import key material into a symmetric encryption key, KMS assigns a unique identifier to the key material based on the KMS key ID and the imported key material. When you re-import key material with a specified key material ID, KMS:

    • Computes the identifier for the key material

    • Matches the computed identifier against the specified key material ID

    • Verifies that the key material ID is already associated with the KMS key

    To get the list of key material IDs associated with a KMS key, use ListKeyRotations.

    " } } }, "ImportKeyMaterialResponse":{ "type":"structure", "members":{ + "KeyId":{ + "shape":"KeyIdType", + "documentation":"

    The Amazon Resource Name (key ARN) of the KMS key into which key material was imported.

    " + }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    Identifies the imported key material.

    " + } } }, + "ImportState":{ + "type":"string", + "enum":[ + "IMPORTED", + "PENDING_IMPORT" + ] + }, + "ImportType":{ + "type":"string", + "enum":[ + "NEW_KEY_MATERIAL", + "EXISTING_KEY_MATERIAL" + ] + }, + "IncludeKeyMaterial":{ + "type":"string", + "enum":[ + "ALL_KEY_MATERIAL", + "ROTATIONS_ONLY" + ] + }, "IncorrectKeyException":{ "type":"structure", "members":{ @@ -2527,7 +2626,7 @@ "members":{ "message":{"shape":"ErrorMessageType"} }, - "documentation":"

    The request was rejected because the key material in the request is, expired, invalid, or is not the same key material that was previously imported into this KMS key.

    ", + "documentation":"

    The request was rejected because the key material in the request is, expired, invalid, or does not meet expectations. For example, it is not the same key material that was previously imported or KMS expected new key material but the key material being imported is already associated with the KMS key.

    ", "exception":true }, "IncorrectTrustAnchorException":{ @@ -2677,6 +2776,20 @@ "CUSTOMER" ] }, + "KeyMaterialDescriptionType":{ + "type":"string", + "max":256, + "min":0, + "pattern":"^[a-zA-Z0-9:/_\\s.-]+$" + }, + "KeyMaterialState":{ + "type":"string", + "enum":[ + "NON_CURRENT", + "CURRENT", + "PENDING_ROTATION" + ] + }, "KeyMetadata":{ "type":"structure", "required":["KeyId"], @@ -2707,7 +2820,7 @@ }, "KeyUsage":{ "shape":"KeyUsageType", - "documentation":"

    The cryptographic operations for which you can use the KMS key.

    " + "documentation":"

    The cryptographic operations for which you can use the KMS key.

    " }, "KeyState":{ "shape":"KeyState", @@ -2719,7 +2832,7 @@ }, "ValidTo":{ "shape":"DateType", - "documentation":"

    The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

    " + "documentation":"

    The earliest time at which any imported key material permanently associated with this KMS key expires. When a key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and the ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

    " }, "Origin":{ "shape":"OriginType", @@ -2727,11 +2840,11 @@ }, "CustomKeyStoreId":{ "shape":"CustomKeyStoreIdType", - "documentation":"

    A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.

    " + "documentation":"

    A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.

    " }, "CloudHsmClusterId":{ "shape":"CloudHsmClusterIdType", - "documentation":"

    The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.

    " + "documentation":"

    The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.

    " }, "ExpirationModel":{ "shape":"ExpirationModelType", @@ -2782,6 +2895,10 @@ "XksKeyConfiguration":{ "shape":"XksKeyConfigurationType", "documentation":"

    Information about the external key that is associated with a KMS key in an external key store.

    For more information, see External key in the Key Management Service Developer Guide.

    " + }, + "CurrentKeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    Identifies the current key material. This value is present for symmetric encryption keys with AWS_KMS origin and single-Region, symmetric encryption keys with EXTERNAL origin. These KMS keys support automatic or on-demand key rotation and can have multiple key materials associated with them. KMS uses the current key material for both encryption and decryption, and the non-current key material for decryption operations only.

    " } }, "documentation":"

    Contains metadata about a KMS key.

    This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.

    " @@ -2801,7 +2918,11 @@ "HMAC_256", "HMAC_384", "HMAC_512", - "SM2" + "SM2", + "ML_DSA_44", + "ML_DSA_65", + "ML_DSA_87", + "ECC_NIST_EDWARDS25519" ] }, "KeyState":{ @@ -2846,7 +2967,7 @@ "members":{ "message":{"shape":"ErrorMessageType"} }, - "documentation":"

    The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide.

    ", + "documentation":"

    The request was rejected because a length constraint or quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide.

    ", "exception":true }, "LimitType":{ @@ -2974,6 +3095,10 @@ "shape":"KeyIdType", "documentation":"

    Gets the key rotations for the specified KMS key.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " }, + "IncludeKeyMaterial":{ + "shape":"IncludeKeyMaterial", + "documentation":"

    Use this optional parameter to control which key materials associated with this key are listed in the response. The default value of this parameter is ROTATIONS_ONLY. If you omit this parameter, KMS returns information on the key materials created by automatic or on-demand key rotation. When you specify a value of ALL_KEY_MATERIAL, KMS adds the first key material and any imported key material pending rotation to the response. This parameter can only be used with KMS keys that support automatic or on-demand key rotation.

    " + }, "Limit":{ "shape":"LimitType", "documentation":"

    Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

    This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.

    " @@ -2989,7 +3114,7 @@ "members":{ "Rotations":{ "shape":"RotationsList", - "documentation":"

    A list of completed key material rotations.

    " + "documentation":"

    A list of completed key material rotations. When the optional input parameter IncludeKeyMaterial is specified with a value of ALL_KEY_MATERIAL, this list includes the first key material and any imported key material pending rotation.

    " }, "NextMarker":{ "shape":"MarkerType", @@ -3115,7 +3240,8 @@ "type":"string", "enum":[ "RAW", - "DIGEST" + "DIGEST", + "EXTERNAL_MU" ] }, "MultiRegionConfiguration":{ @@ -3239,7 +3365,7 @@ }, "Policy":{ "shape":"PolicyType", - "documentation":"

    The key policy to attach to the KMS key.

    The key policy must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    A key policy document can include only the following characters:

    • Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.

    • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).

    • The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters

    For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " + "documentation":"

    The key policy to attach to the KMS key.

    The key policy must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    If either of the required Resource or Action elements are missing from a key policy statement, the policy statement has no effect. When a key policy statement is missing one of these elements, the KMS console correctly reports an error, but the PutKeyPolicy API request succeeds, even though the policy statement is ineffective.

    For more information on required key policy elements, see Elements in a key policy in the Key Management Service Developer Guide.

    A key policy document can include only the following characters:

    • Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.

    • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).

    • The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters

    If the key policy exceeds the length constraint, KMS returns a LimitExceededException.

    For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " }, "BypassPolicyLockoutSafetyCheck":{ "shape":"BooleanType", @@ -3260,7 +3386,7 @@ }, "SourceEncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "SourceKeyId":{ "shape":"KeyIdType", @@ -3272,7 +3398,7 @@ }, "DestinationEncryptionContext":{ "shape":"EncryptionContextType", - "documentation":"

    Specifies that encryption context to use when the reencrypting the data.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " + "documentation":"

    Specifies that encryption context to use when the reencrypting the data.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.

    An encryption context is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.

    For more information, see Encryption context in the Key Management Service Developer Guide.

    " }, "SourceEncryptionAlgorithm":{ "shape":"EncryptionAlgorithmSpec", @@ -3284,11 +3410,11 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3314,6 +3440,14 @@ "DestinationEncryptionAlgorithm":{ "shape":"EncryptionAlgorithmSpec", "documentation":"

    The encryption algorithm that was used to reencrypt the data.

    " + }, + "SourceKeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to originally encrypt the data. This field is present only when the original encryption used a symmetric encryption KMS key.

    " + }, + "DestinationKeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    The identifier of the key material used to reencrypt the data. This field is present only when data is reencrypted using a symmetric encryption KMS key.

    " } } }, @@ -3322,14 +3456,14 @@ "members":{ "KeyEncryptionAlgorithm":{ "shape":"KeyEncryptionMechanism", - "documentation":"

    The encryption algorithm that KMS should use with the public key for an Amazon Web Services Nitro Enclave to encrypt plaintext values for the response. The only valid value is RSAES_OAEP_SHA_256.

    " + "documentation":"

    The encryption algorithm that KMS should use with the public key for an Amazon Web Services Nitro Enclave or NitroTPM to encrypt plaintext values for the response. The only valid value is RSAES_OAEP_SHA_256.

    " }, "AttestationDocument":{ "shape":"AttestationDocumentType", - "documentation":"

    The attestation document for an Amazon Web Services Nitro Enclave. This document includes the enclave's public key.

    " + "documentation":"

    The attestation document for an Amazon Web Services Nitro Enclave or a NitroTPM. This document includes the enclave's public key.

    " } }, - "documentation":"

    Contains information about the party that receives the response from the API operation.

    This data type is designed to support Amazon Web Services Nitro Enclaves, which lets you create an isolated compute environment in Amazon EC2. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.

    " + "documentation":"

    Contains information about the party that receives the response from the API operation.

    This data type is designed to support Amazon Web Services Nitro Enclaves and Amazon Web Services NitroTPM, which lets you create an attested environment in Amazon EC2. For information about the interaction between KMS and Amazon Web Services Nitro Enclaves or Amazon Web Services NitroTPM, see Cryptographic attestation support in KMS in the Key Management Service Developer Guide.

    " }, "RegionType":{ "type":"string", @@ -3350,11 +3484,11 @@ }, "ReplicaRegion":{ "shape":"RegionType", - "documentation":"

    The Region ID of the Amazon Web Services Region for this replica key.

    Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of Amazon Web Services Regions in which KMS is supported, see KMS service endpoints in the Amazon Web Services General Reference.

    HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS key in an Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey operation returns an UnsupportedOperationException. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service Developer Guide.

    The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information about Amazon Web Services partitions, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling Regions, see Enabling a Region and Disabling a Region in the Amazon Web Services General Reference.

    " + "documentation":"

    The Region ID of the Amazon Web Services Region for this replica key.

    Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of Amazon Web Services Regions in which KMS is supported, see KMS service endpoints in the Amazon Web Services General Reference.

    The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information about Amazon Web Services partitions, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling Regions, see Enabling a Region and Disabling a Region in the Amazon Web Services General Reference.

    " }, "Policy":{ "shape":"PolicyType", - "documentation":"

    The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key.

    The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.

    If you provide a key policy, it must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    A key policy document can include only the following characters:

    • Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.

    • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).

    • The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters

    For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " + "documentation":"

    The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key.

    The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.

    If you provide a key policy, it must meet the following criteria:

    • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

    • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

    A key policy document can include only the following characters:

    • Printable ASCII characters from the space character (\\u0020) through the end of the ASCII character range.

    • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \\u00FF).

    • The tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) special characters

    For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

    " }, "BypassPolicyLockoutSafetyCheck":{ "shape":"BooleanType", @@ -3366,7 +3500,7 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    To use this parameter, you must have kms:TagResource permission in an IAM policy.

    Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. KMS does not synchronize this property.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.

    When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.

    " + "documentation":"

    Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

    To use this parameter, you must have kms:TagResource permission in an IAM policy.

    Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. KMS does not synchronize this property.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.

    When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tags in KMS.

    " } } }, @@ -3404,7 +3538,7 @@ }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3425,7 +3559,7 @@ }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3435,7 +3569,7 @@ "members":{ "KeyId":{ "shape":"KeyIdType", - "documentation":"

    Identifies a symmetric encryption KMS key. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To perform on-demand rotation of a set of related multi-Region keys, invoke the on-demand rotation on the primary key.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " + "documentation":"

    Identifies a symmetric encryption KMS key. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, multi-Region KMS keys with imported key material, or KMS keys in a custom key store. To perform on-demand rotation of a set of related multi-Region keys, invoke the on-demand rotation on the primary key.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    " } } }, @@ -3471,16 +3605,40 @@ "shape":"KeyIdType", "documentation":"

    Unique identifier of the key.

    " }, + "KeyMaterialId":{ + "shape":"BackingKeyIdType", + "documentation":"

    Unique identifier of the key material.

    " + }, + "KeyMaterialDescription":{ + "shape":"KeyMaterialDescriptionType", + "documentation":"

    User-specified description of the key material. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.

    " + }, + "ImportState":{ + "shape":"ImportState", + "documentation":"

    Indicates if the key material is currently imported into KMS. It has two possible values: IMPORTED or PENDING_IMPORT. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.

    " + }, + "KeyMaterialState":{ + "shape":"KeyMaterialState", + "documentation":"

    There are three possible values for this field: CURRENT, NON_CURRENT and PENDING_ROTATION. KMS uses CURRENT key material for both encryption and decryption and NON_CURRENT key material only for decryption. PENDING_ROTATION identifies key material that has been imported for on-demand key rotation but the rotation hasn't completed. Key material in PENDING_ROTATION is not permanently associated with the KMS key. You can delete this key material and import different key material in its place. The PENDING_ROTATION value is only used in symmetric encryption keys with imported key material. The other values, CURRENT and NON_CURRENT, are used for all KMS keys that support automatic or on-demand key rotation.

    " + }, + "ExpirationModel":{ + "shape":"ExpirationModelType", + "documentation":"

    Indicates if the key material is configured to automatically expire. There are two possible values for this field: KEY_MATERIAL_EXPIRES and KEY_MATERIAL_DOES_NOT_EXPIRE. For any key material that expires, the expiration date and time is indicated in ValidTo. This field is only present for symmetric encryption KMS keys with EXTERNAL origin.

    " + }, + "ValidTo":{ + "shape":"DateType", + "documentation":"

    Date and time at which the key material expires. This field is only present for symmetric encryption KMS keys with EXTERNAL origin in rotation list entries with an ExpirationModel value of KEY_MATERIAL_EXPIRES.

    " + }, "RotationDate":{ "shape":"DateType", - "documentation":"

    Date and time that the key material rotation completed. Formatted as Unix time.

    " + "documentation":"

    Date and time that the key material rotation completed. Formatted as Unix time. This field is not present for the first key material or an imported key material in PENDING_ROTATION state.

    " }, "RotationType":{ "shape":"RotationType", - "documentation":"

    Identifies whether the key material rotation was a scheduled automatic rotation or an on-demand rotation.

    " + "documentation":"

    Identifies whether the key material rotation was a scheduled automatic rotation or an on-demand rotation. This field is not present for the first key material or an imported key material in PENDING_ROTATION state.

    " } }, - "documentation":"

    Contains information about completed key material rotations.

    " + "documentation":"

    Each entry contains information about one of the key materials associated with a KMS key.

    " }, "ScheduleKeyDeletionRequest":{ "type":"structure", @@ -3535,11 +3693,11 @@ }, "MessageType":{ "shape":"MessageType", - "documentation":"

    Tells KMS whether the value of the Message parameter should be hashed as part of the signing algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are already hashed.

    When the value of MessageType is RAW, KMS uses the standard signing algorithm, which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing algorithm.

    Use the DIGEST value only when the value of the Message parameter is a message digest. If you use the DIGEST value with an unhashed message, the security of the signing operation can be compromised.

    When the value of MessageTypeis DIGEST, the length of the Message value must match the length of hashed messages for the specified signing algorithm.

    You can submit a message digest and omit the MessageType or specify RAW so the digest is hashed again while signing. However, this can cause verification failures when verifying with a system that assumes a single hash.

    The hashing algorithm in that Sign uses is based on the SigningAlgorithm value.

    • Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.

    • Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.

    • Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.

    • SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.

    " + "documentation":"

    Tells KMS whether the value of the Message parameter should be hashed as part of the signing algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are already hashed; use EXTERNAL_MU for 64-byte representative μ used in ML-DSA signing as defined in NIST FIPS 204 Section 6.2.

    When the value of MessageType is RAW, KMS uses the standard signing algorithm, which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing algorithm. When the value is EXTERNAL_MU KMS skips the concatenated hashing of the public key hash and the message done in the ML-DSA signing algorithm.

    Use the DIGEST or EXTERNAL_MU value only when the value of the Message parameter is a message digest. If you use the DIGEST value with an unhashed message, the security of the signing operation can be compromised.

    When using ECC_NIST_EDWARDS25519 KMS keys:

    • ED25519_SHA_512 signing algorithm requires KMS MessageType:RAW

    • ED25519_PH_SHA_512 signing algorithm requires KMS MessageType:DIGEST

    When the value of MessageType is DIGEST, the length of the Message value must match the length of hashed messages for the specified signing algorithm.

    When the value of MessageType is EXTERNAL_MU the length of the Message value must be 64 bytes.

    You can submit a message digest and omit the MessageType or specify RAW so the digest is hashed again while signing. However, this can cause verification failures when verifying with a system that assumes a single hash.

    The hashing algorithm that Sign uses is based on the SigningAlgorithm value.

    • Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.

    • Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.

    • Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.

    • Signing algorithms that end in SHAKE_256 use the SHAKE_256 hashing algorithm.

    • SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.

    " }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "SigningAlgorithm":{ "shape":"SigningAlgorithmSpec", @@ -3547,7 +3705,7 @@ }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3580,7 +3738,10 @@ "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", - "SM2DSA" + "SM2DSA", + "ML_DSA_SHAKE_256", + "ED25519_SHA_512", + "ED25519_PH_SHA_512" ] }, "SigningAlgorithmSpecList":{ @@ -3691,7 +3852,7 @@ }, "TargetKeyId":{ "shape":"KeyIdType", - "documentation":"

    Identifies the customer managed key to associate with the alias. You don't have permission to associate an alias with an Amazon Web Services managed key.

    The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key must be the same type as the current target KMS key (both symmetric or both asymmetric or both HMAC) and they must have the same key usage.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    To verify that the alias is mapped to the correct KMS key, use ListAliases.

    " + "documentation":"

    Identifies the customer managed key to associate with the alias. You don't have permission to associate an alias with an Amazon Web Services managed key.

    The KMS key must be in the same Amazon Web Services account and Region as the alias. Also, the new target KMS key must be the same type as the current target KMS key (both symmetric or both asymmetric or both HMAC) and they must have the same key usage.

    Specify the key ID or key ARN of the KMS key.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    To verify that the alias is mapped to the correct KMS key, use ListAliases.

    " } } }, @@ -3727,6 +3888,10 @@ "shape":"XksProxyVpcEndpointServiceNameType", "documentation":"

    Changes the name that KMS uses to identify the Amazon VPC endpoint service for your external key store proxy (XKS proxy). This parameter is valid when the CustomKeyStoreType is EXTERNAL_KEY_STORE and the XksProxyConnectivity is VPC_ENDPOINT_SERVICE.

    To change this value, the external key store must be disconnected.

    " }, + "XksProxyVpcEndpointServiceOwner":{ + "shape":"AccountIdType", + "documentation":"

    Changes the Amazon Web Services account ID that KMS uses to identify the Amazon VPC endpoint service for your external key store proxy (XKS proxy). This parameter is optional. If not specified, the current Amazon Web Services account ID for the VPC endpoint service will not be updated.

    To change this value, the external key store must be disconnected.

    " + }, "XksProxyAuthenticationCredential":{ "shape":"XksProxyAuthenticationCredentialType", "documentation":"

    Changes the credentials that KMS uses to sign requests to the external key store proxy (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.

    You must specify both the AccessKeyId and SecretAccessKey value in the authentication credential, even if you are only updating one value.

    This parameter doesn't establish or change your authentication credentials on the proxy. It just tells KMS the credential that you established with your external key store proxy. For example, if you rotate the credential on your external key store proxy, you can use this parameter to update the credential in KMS.

    You can change this value when the external key store is connected or disconnected.

    " @@ -3739,8 +3904,7 @@ }, "UpdateCustomKeyStoreResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateKeyDescriptionRequest":{ "type":"structure", @@ -3803,11 +3967,11 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3847,7 +4011,7 @@ }, "MessageType":{ "shape":"MessageType", - "documentation":"

    Tells KMS whether the value of the Message parameter should be hashed as part of the signing algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are already hashed.

    When the value of MessageType is RAW, KMS uses the standard signing algorithm, which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing algorithm.

    Use the DIGEST value only when the value of the Message parameter is a message digest. If you use the DIGEST value with an unhashed message, the security of the verification operation can be compromised.

    When the value of MessageTypeis DIGEST, the length of the Message value must match the length of hashed messages for the specified signing algorithm.

    You can submit a message digest and omit the MessageType or specify RAW so the digest is hashed again while signing. However, if the signed message is hashed once while signing, but twice while verifying, verification fails, even when the message hasn't changed.

    The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.

    • Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.

    • Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.

    • Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.

    • SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.

    " + "documentation":"

    Tells KMS whether the value of the Message parameter should be hashed as part of the signing algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are already hashed; use EXTERNAL_MU for 64-byte representative μ used in ML-DSA signing as defined in NIST FIPS 204 Section 6.2.

    When the value of MessageType is RAW, KMS uses the standard signing algorithm, which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing algorithm. When the value is EXTERNAL_MU KMS skips the concatenated hashing of the public key hash and the message done in the ML-DSA signing algorithm.

    Use the DIGEST or EXTERNAL_MU value only when the value of the Message parameter is a message digest. If you use the DIGEST value with an unhashed message, the security of the signing operation can be compromised.

    When using ECC_NIST_EDWARDS25519 KMS keys:

    • ED25519_SHA_512 signing algorithm requires KMS MessageType:RAW

    • ED25519_PH_SHA_512 signing algorithm requires KMS MessageType:DIGEST

    When the value of MessageType is DIGEST, the length of the Message value must match the length of hashed messages for the specified signing algorithm.

    When the value of MessageType is EXTERNAL_MU the length of the Message value must be 64 bytes.

    You can submit a message digest and omit the MessageType or specify RAW so the digest is hashed again while signing. However, if the signed message is hashed once while signing, but twice while verifying, verification fails, even when the message hasn't changed.

    The hashing algorithm that Verify uses is based on the SigningAlgorithm value.

    • Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.

    • Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.

    • Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.

    • Signing algorithms that end in SHAKE_256 use the SHAKE_256 hashing algorithm.

    • SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.

    " }, "Signature":{ "shape":"CiphertextType", @@ -3859,11 +4023,11 @@ }, "GrantTokens":{ "shape":"GrantTokenList", - "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " + "documentation":"

    A list of grant tokens.

    Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

    " }, "DryRun":{ "shape":"NullableBooleanType", - "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service Developer Guide.

    " + "documentation":"

    Checks if your request will succeed. DryRun is an optional parameter.

    To learn more about how to use this parameter, see Testing your permissions in the Key Management Service Developer Guide.

    " } } }, @@ -3987,6 +4151,10 @@ "VpcEndpointServiceName":{ "shape":"XksProxyVpcEndpointServiceNameType", "documentation":"

    The Amazon VPC endpoint service used to communicate with the external key store proxy. This field appears only when the external key store proxy uses an Amazon VPC endpoint service to communicate with KMS.

    " + }, + "VpcEndpointServiceOwner":{ + "shape":"AccountIdType", + "documentation":"

    The Amazon Web Services account ID that owns the Amazon VPC endpoint service used to communicate with the external key store proxy (XKS). This field appears only when the XKS uses an VPC endpoint service to communicate with KMS.

    " } }, "documentation":"

    Detailed information about the external key store proxy (XKS proxy). Your external key store proxy translates KMS requests into a format that your external key manager can understand. These fields appear in a DescribeCustomKeyStores response only when the CustomKeyStoreType is EXTERNAL_KEY_STORE.

    " @@ -4078,7 +4246,7 @@ "type":"string", "max":64, "min":20, - "pattern":"^com\\.amazonaws\\.vpce\\.([a-z]+-){2,3}\\d+\\.vpce-svc-[0-9a-z]+$" + "pattern":"^(com|eu)\\.amazonaws\\.vpce\\.([a-z]+-){2,3}\\d+\\.vpce-svc-[0-9a-z]+$" }, "XksProxyVpcEndpointServiceNotFoundException":{ "type":"structure", @@ -4089,5 +4257,5 @@ "exception":true } }, - "documentation":"Key Management Service

    Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .

    KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.

    If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the available FIPS endpoints, see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference.

    All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

    Signing Requests

    Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account root access key ID and secret access key for everyday work. You can use the access key ID and secret access key for an IAM user or you can use the Security Token Service (STS) to generate temporary security credentials and use those to sign requests.

    All KMS requests must be signed with Signature Version 4.

    Logging API Requests

    KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    Additional Resources

    For more information about credentials and request signing, see the following:

    Commonly Used API Operations

    Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.

    " + "documentation":"Key Management Service

    Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .

    KMS has replaced the term customer master key (CMK) with Key Management Service key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Rust, Python, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.

    If you need to use FIPS 140-2 validated cryptographic modules when communicating with Amazon Web Services, use one of the FIPS endpoints in your preferred Amazon Web Services Region. If you need communicate over IPv6, use the dual-stack endpoint in your preferred Amazon Web Services Region. For more information see Service endpoints in the Key Management Service topic of the Amazon Web Services General Reference and Dual-stack endpoint support in the KMS Developer Guide.

    All KMS API calls must be signed and be transmitted using Transport Layer Security (TLS). KMS recommends you always use the latest supported TLS version. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

    Signing Requests

    Requests must be signed using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account root access key ID and secret access key for everyday work. You can use the access key ID and secret access key for an IAM user or you can use the Security Token Service (STS) to generate temporary security credentials and use those to sign requests.

    All KMS requests must be signed with Signature Version 4.

    Logging API Requests

    KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    Additional Resources

    For more information about credentials and request signing, see the following:

    Commonly Used API Operations

    Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/lakeformation/2017-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lakeformation/2017-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lakeformation/2017-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lakeformation/2017-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lakeformation/2017-03-31/service-2.json 2.31.35-1/awscli/botocore/data/lakeformation/2017-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/lakeformation/2017-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lakeformation/2017-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -201,7 +201,8 @@ {"shape":"OperationTimeoutException"}, {"shape":"EntityNotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"ConcurrentModificationException"} + {"shape":"ConcurrentModificationException"}, + {"shape":"ResourceNumberLimitExceededException"} ], "documentation":"

    Enforce Lake Formation permissions for the given databases, tables, and principals.

    " }, @@ -814,7 +815,7 @@ {"shape":"ResourceNumberLimitExceededException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Registers the resource as managed by the Data Catalog.

    To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

    The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

    ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true

    If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

    arn:aws:iam::12345:role/my-data-access-role

    " + "documentation":"

    Registers the resource as managed by the Data Catalog.

    To add or update data, Lake Formation needs read/write access to the chosen data location. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.

    The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.

    ResourceArn = arn:aws:s3:::my-bucket/ UseServiceLinkedRole = true

    If UseServiceLinkedRole is not set to true, you must provide or set the RoleArn:

    arn:aws:iam::12345:role/my-data-access-role

    " }, "RemoveLFTagsFromResource":{ "name":"RemoveLFTagsFromResource", @@ -1125,8 +1126,7 @@ }, "AllRowsWildcard":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A structure that you pass to indicate you want all rows in a filter.

    " }, "AlreadyExistsException":{ @@ -1276,6 +1276,7 @@ "shape":"PermissionList", "documentation":"

    The permissions to be granted.

    " }, + "Condition":{"shape":"Condition"}, "PermissionsWithGrantOption":{ "shape":"PermissionList", "documentation":"

    Indicates if the option to pass permissions is granted.

    " @@ -1310,6 +1311,7 @@ } } }, + "Boolean":{"type":"boolean"}, "BooleanNullable":{"type":"boolean"}, "CancelTransactionRequest":{ "type":"structure", @@ -1323,8 +1325,7 @@ }, "CancelTransactionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CatalogIdString":{ "type":"string", @@ -1452,8 +1453,7 @@ }, "CreateDataCellsFilterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateLFTagExpressionRequest":{ "type":"structure", @@ -1482,8 +1482,7 @@ }, "CreateLFTagExpressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateLFTagRequest":{ "type":"structure", @@ -1508,8 +1507,7 @@ }, "CreateLFTagResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateLakeFormationIdentityCenterConfigurationRequest":{ "type":"structure", @@ -1549,13 +1547,13 @@ ], "members":{ "Principal":{"shape":"DataLakePrincipal"}, - "Resource":{"shape":"Resource"} + "Resource":{"shape":"Resource"}, + "Condition":{"shape":"Condition"} } }, "CreateLakeFormationOptInResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CredentialTimeoutDurationSecondInteger":{ "type":"integer", @@ -1775,8 +1773,7 @@ }, "DeleteDataCellsFilterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLFTagExpressionRequest":{ "type":"structure", @@ -1794,8 +1791,7 @@ }, "DeleteLFTagExpressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLFTagRequest":{ "type":"structure", @@ -1813,8 +1809,7 @@ }, "DeleteLFTagResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLakeFormationIdentityCenterConfigurationRequest":{ "type":"structure", @@ -1827,8 +1822,7 @@ }, "DeleteLakeFormationIdentityCenterConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLakeFormationOptInRequest":{ "type":"structure", @@ -1838,13 +1832,13 @@ ], "members":{ "Principal":{"shape":"DataLakePrincipal"}, - "Resource":{"shape":"Resource"} + "Resource":{"shape":"Resource"}, + "Condition":{"shape":"Condition"} } }, "DeleteLakeFormationOptInResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteObjectInput":{ "type":"structure", @@ -1898,8 +1892,7 @@ }, "DeleteObjectsOnCancelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterResourceRequest":{ "type":"structure", @@ -1913,8 +1906,7 @@ }, "DeregisterResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeLakeFormationIdentityCenterConfigurationRequest":{ "type":"structure", @@ -2100,8 +2092,7 @@ }, "ExtendTransactionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ExternalFilteringConfiguration":{ "type":"structure", @@ -2191,8 +2182,7 @@ }, "GetDataLakePrincipalRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetDataLakePrincipalResponse":{ "type":"structure", @@ -2708,6 +2698,7 @@ "shape":"PermissionList", "documentation":"

    The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources.

    " }, + "Condition":{"shape":"Condition"}, "PermissionsWithGrantOption":{ "shape":"PermissionList", "documentation":"

    Indicates a list of the granted permissions that the principal may pass to other users. These permissions may only be a subset of the permissions granted in the Privileges.

    " @@ -2716,8 +2707,7 @@ }, "GrantPermissionsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "HashString":{ "type":"string", @@ -3498,8 +3488,7 @@ }, "PutDataLakeSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "QueryIdString":{"type":"string"}, "QueryParameterMap":{ @@ -3599,13 +3588,16 @@ "HybridAccessEnabled":{ "shape":"NullableBoolean", "documentation":"

    Specifies whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

    " + }, + "WithPrivilegedAccess":{ + "shape":"Boolean", + "documentation":"

    Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location.

    " } } }, "RegisterResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveLFTagsFromResourceRequest":{ "type":"structure", @@ -3702,6 +3694,10 @@ "HybridAccessEnabled":{ "shape":"NullableBoolean", "documentation":"

    Indicates whether the data access of tables pointing to the location can be managed by both Lake Formation permissions as well as Amazon S3 bucket policies.

    " + }, + "WithPrivilegedAccess":{ + "shape":"NullableBoolean", + "documentation":"

    Grants the calling principal the permissions to perform all supported Lake Formation operations on the registered data location.

    " } }, "documentation":"

    A structure containing information about an Lake Formation resource.

    " @@ -3780,6 +3776,7 @@ "shape":"PermissionList", "documentation":"

    The permissions revoked to the principal on the resource. For information about permissions, see Security and Access Control to Metadata and Data.

    " }, + "Condition":{"shape":"Condition"}, "PermissionsWithGrantOption":{ "shape":"PermissionList", "documentation":"

    Indicates a list of permissions for which to revoke the grant option allowing the principal to pass permissions to other principals.

    " @@ -3788,8 +3785,7 @@ }, "RevokePermissionsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RowFilter":{ "type":"structure", @@ -4063,8 +4059,7 @@ }, "TableWildcard":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A wildcard object representing every table under a database.

    " }, "TableWithColumnsResource":{ @@ -4283,8 +4278,7 @@ }, "UpdateDataCellsFilterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLFTagExpressionRequest":{ "type":"structure", @@ -4313,8 +4307,7 @@ }, "UpdateLFTagExpressionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLFTagRequest":{ "type":"structure", @@ -4340,8 +4333,7 @@ }, "UpdateLFTagResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLakeFormationIdentityCenterConfigurationRequest":{ "type":"structure", @@ -4366,8 +4358,7 @@ }, "UpdateLakeFormationIdentityCenterConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResourceRequest":{ "type":"structure", @@ -4396,8 +4387,7 @@ }, "UpdateResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTableObjectsRequest":{ "type":"structure", @@ -4431,8 +4421,7 @@ }, "UpdateTableObjectsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTableStorageOptimizerRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/service-2.json 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,14 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2015-03-31", + "auth":["aws.auth#sigv4"], "endpointPrefix":"lambda", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS Lambda", "serviceId":"Lambda", "signatureVersion":"v4", - "uid":"lambda-2015-03-31", - "auth":["aws.auth#sigv4"] + "signingName":"lambda", + "uid":"lambda-2015-03-31" }, "operations":{ "AddLayerVersionPermission":{ @@ -22,12 +23,12 @@ "input":{"shape":"AddLayerVersionPermissionRequest"}, "output":{"shape":"AddLayerVersionPermissionResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, {"shape":"PolicyLengthExceededException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"PreconditionFailedException"} ], "documentation":"

    Adds permissions to the resource-based policy of a version of an Lambda layer. Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all accounts in an organization, or all Amazon Web Services accounts.

    To revoke permission, call RemoveLayerVersionPermission with the statement ID that you specified when you added it.

    " @@ -42,12 +43,12 @@ "input":{"shape":"AddPermissionRequest"}, "output":{"shape":"AddPermissionResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceConflictException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"PolicyLengthExceededException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, + {"shape":"PolicyLengthExceededException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"PreconditionFailedException"} ], "documentation":"

    Grants a principal permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies to version $LATEST.

    To grant permission to another account, specify the account ID as the Principal. To grant permission to an organization defined in Organizations, specify the organization ID as the PrincipalOrgID. For Amazon Web Services services, the principal is a domain-style identifier that the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Services services, you can also specify the ARN of the associated resource as the SourceArn. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.

    This operation adds a statement to a resource-based permissions policy for the function. For more information about function policies, see Using resource-based policies for Lambda.

    " @@ -62,26 +63,27 @@ "input":{"shape":"CreateAliasRequest"}, "output":{"shape":"AliasConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceConflictException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Creates an alias for a Lambda function version. Use aliases to provide clients with a function identifier that you can update to invoke a different version.

    You can also map an alias to split invocation requests between two versions. Use the RoutingConfig parameter to specify a second version and the percentage of invocation requests that it receives.

    " + "documentation":"

    Creates an alias for a Lambda function version. Use aliases to provide clients with a function identifier that you can update to invoke a different version.

    You can also map an alias to split invocation requests between two versions. Use the RoutingConfig parameter to specify a second version and the percentage of invocation requests that it receives.

    ", + "idempotent":true }, "CreateCodeSigningConfig":{ "name":"CreateCodeSigningConfig", "http":{ "method":"POST", - "requestUri":"/2020-04-22/code-signing-configs/", + "requestUri":"/2020-04-22/code-signing-configs", "responseCode":201 }, "input":{"shape":"CreateCodeSigningConfigRequest"}, "output":{"shape":"CreateCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"} ], "documentation":"

    Creates a code signing configuration. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).

    " }, @@ -89,19 +91,19 @@ "name":"CreateEventSourceMapping", "http":{ "method":"POST", - "requestUri":"/2015-03-31/event-source-mappings/", + "requestUri":"/2015-03-31/event-source-mappings", "responseCode":202 }, "input":{"shape":"CreateEventSourceMappingRequest"}, "output":{"shape":"EventSourceMappingConfiguration"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and invokes the function.

    For details about how to configure different event sources, see the following topics.

    The following error handling options are available only for DynamoDB and Kinesis event sources:

    • BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.

    • MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires

    • MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.

    • ParallelizationFactor – Process multiple batches from each shard concurrently.

    For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:

    • DestinationConfig – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket.

    For information about which configuration parameters apply to each event source, see the following topics.

    " + "documentation":"

    Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and invokes the function.

    For details about how to configure different event sources, see the following topics.

    The following error handling options are available only for DynamoDB and Kinesis event sources:

    • BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.

    • MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires

    • MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.

    • ParallelizationFactor – Process multiple batches from each shard concurrently.

    For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:

    • OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket. For more information, see Adding a destination.

    For information about which configuration parameters apply to each event source, see the following topics.

    " }, "CreateFunction":{ "name":"CreateFunction", @@ -113,17 +115,18 @@ "input":{"shape":"CreateFunctionRequest"}, "output":{"shape":"FunctionConfiguration"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"CodeStorageExceededException"}, - {"shape":"CodeVerificationFailedException"}, {"shape":"InvalidCodeSignatureException"}, - {"shape":"CodeSigningConfigNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"CodeVerificationFailedException"}, + {"shape":"CodeSigningConfigNotFoundException"}, + {"shape":"CodeStorageExceededException"} ], - "documentation":"

    Creates a Lambda function. To create a function, you need a deployment package and an execution role. The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use Amazon Web Services services, such as Amazon CloudWatch Logs for log streaming and X-Ray for request tracing.

    If the deployment package is a container image, then you set the package type to Image. For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.

    If the deployment package is a .zip file archive, then you set the package type to Zip. For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must be compatible with the target instruction set architecture of the function (x86-64 or arm64). If you do not specify the architecture, then the default value is x86-64.

    When you create a function, Lambda provisions an instance of the function and its supporting resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't invoke or modify the function. The State, StateReason, and StateReasonCode fields in the response from GetFunctionConfiguration indicate when the function is ready to invoke. For more information, see Lambda function states.

    A function has an unpublished version, and can have published versions and aliases. The unpublished version changes when you update your function's code and configuration. A published version is a snapshot of your function code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be changed to map to a different version. Use the Publish parameter to create version 1 of your function from its initial configuration.

    The other parameters let you configure version-specific and function-level settings. You can modify version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply to both the unpublished and published versions of the function, and include tags (TagResource) and per-function concurrency limits (PutFunctionConcurrency).

    You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted publishers for this function.

    If another Amazon Web Services account or an Amazon Web Services service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.

    To invoke your function directly, use Invoke. To invoke your function in response to events in other Amazon Web Services services, create an event source mapping (CreateEventSourceMapping), or configure a function trigger in the other service. For more information, see Invoking Lambda functions.

    " + "documentation":"

    Creates a Lambda function. To create a function, you need a deployment package and an execution role. The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use Amazon Web Services services, such as Amazon CloudWatch Logs for log streaming and X-Ray for request tracing.

    If the deployment package is a container image, then you set the package type to Image. For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.

    If the deployment package is a .zip file archive, then you set the package type to Zip. For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must be compatible with the target instruction set architecture of the function (x86-64 or arm64). If you do not specify the architecture, then the default value is x86-64.

    When you create a function, Lambda provisions an instance of the function and its supporting resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't invoke or modify the function. The State, StateReason, and StateReasonCode fields in the response from GetFunctionConfiguration indicate when the function is ready to invoke. For more information, see Lambda function states.

    A function has an unpublished version, and can have published versions and aliases. The unpublished version changes when you update your function's code and configuration. A published version is a snapshot of your function code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be changed to map to a different version. Use the Publish parameter to create version 1 of your function from its initial configuration.

    The other parameters let you configure version-specific and function-level settings. You can modify version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply to both the unpublished and published versions of the function, and include tags (TagResource) and per-function concurrency limits (PutFunctionConcurrency).

    You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted publishers for this function.

    If another Amazon Web Services account or an Amazon Web Services service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.

    To invoke your function directly, use Invoke. To invoke your function in response to events in other Amazon Web Services services, create an event source mapping (CreateEventSourceMapping), or configure a function trigger in the other service. For more information, see Invoking Lambda functions.

    ", + "idempotent":true }, "CreateFunctionUrlConfig":{ "name":"CreateFunctionUrlConfig", @@ -135,11 +138,11 @@ "input":{"shape":"CreateFunctionUrlConfigRequest"}, "output":{"shape":"CreateFunctionUrlConfigResponse"}, "errors":[ - {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Creates a Lambda function URL with the specified configuration parameters. A function URL is a dedicated HTTP(S) endpoint that you can use to invoke your function.

    " }, @@ -152,12 +155,13 @@ }, "input":{"shape":"DeleteAliasRequest"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Deletes a Lambda function alias.

    " + "documentation":"

    Deletes a Lambda function alias.

    ", + "idempotent":true }, "DeleteCodeSigningConfig":{ "name":"DeleteCodeSigningConfig", @@ -169,12 +173,13 @@ "input":{"shape":"DeleteCodeSigningConfigRequest"}, "output":{"shape":"DeleteCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Deletes the code signing configuration. You can delete the code signing configuration only if no function is using it.

    " + "documentation":"

    Deletes the code signing configuration. You can delete the code signing configuration only if no function is using it.

    ", + "idempotent":true }, "DeleteEventSourceMapping":{ "name":"DeleteEventSourceMapping", @@ -186,14 +191,15 @@ "input":{"shape":"DeleteEventSourceMappingRequest"}, "output":{"shape":"EventSourceMappingConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"}, + {"shape":"ResourceInUseException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceInUseException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Deletes an event source mapping. You can get the identifier of a mapping from the output of ListEventSourceMappings.

    When you delete an event source mapping, it enters a Deleting state and might not be completely deleted for several seconds.

    " + "documentation":"

    Deletes an event source mapping. You can get the identifier of a mapping from the output of ListEventSourceMappings.

    When you delete an event source mapping, it enters a Deleting state and might not be completely deleted for several seconds.

    ", + "idempotent":true }, "DeleteFunction":{ "name":"DeleteFunction", @@ -204,13 +210,14 @@ }, "input":{"shape":"DeleteFunctionRequest"}, "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter. Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit permissions for DeleteAlias.

    To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Services services and resources that invoke your function directly, delete the trigger in the service where you originally configured it.

    " + "documentation":"

    Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter. Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit permissions for DeleteAlias.

    A deleted Lambda function cannot be recovered. Ensure that you specify the correct function name and version before deleting.

    To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Services services and resources that invoke your function directly, delete the trigger in the service where you originally configured it.

    ", + "idempotent":true }, "DeleteFunctionCodeSigningConfig":{ "name":"DeleteFunctionCodeSigningConfig", @@ -222,11 +229,11 @@ "input":{"shape":"DeleteFunctionCodeSigningConfigRequest"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"CodeSigningConfigNotFoundException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"CodeSigningConfigNotFoundException"} ], "documentation":"

    Removes the code signing configuration from the function.

    " }, @@ -239,11 +246,11 @@ }, "input":{"shape":"DeleteFunctionConcurrencyRequest"}, "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Removes a concurrent execution limit from a function.

    " }, @@ -256,11 +263,11 @@ }, "input":{"shape":"DeleteFunctionEventInvokeConfigRequest"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Deletes the configuration for asynchronous invocation for a function, version, or alias.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    " }, @@ -274,9 +281,9 @@ "input":{"shape":"DeleteFunctionUrlConfigRequest"}, "errors":[ {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ServiceException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Deletes a Lambda function URL. When you delete a function URL, you can't recover it. Creating a new function URL results in a different URL address.

    " }, @@ -292,7 +299,8 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Deletes a version of an Lambda layer. Deleted versions can no longer be viewed or added to functions. To avoid breaking functions, a copy of the version remains in Lambda until no functions refer to it.

    " + "documentation":"

    Deletes a version of an Lambda layer. Deleted versions can no longer be viewed or added to functions. To avoid breaking functions, a copy of the version remains in Lambda until no functions refer to it.

    ", + "idempotent":true }, "DeleteProvisionedConcurrencyConfig":{ "name":"DeleteProvisionedConcurrencyConfig", @@ -305,26 +313,28 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Deletes the provisioned concurrency configuration for a function.

    " + "documentation":"

    Deletes the provisioned concurrency configuration for a function.

    ", + "idempotent":true }, "GetAccountSettings":{ "name":"GetAccountSettings", "http":{ "method":"GET", - "requestUri":"/2016-08-19/account-settings/", + "requestUri":"/2016-08-19/account-settings", "responseCode":200 }, "input":{"shape":"GetAccountSettingsRequest"}, "output":{"shape":"GetAccountSettingsResponse"}, "errors":[ - {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves details about your account's limits and usage in an Amazon Web Services Region.

    " + "documentation":"

    Retrieves details about your account's limits and usage in an Amazon Web Services Region.

    ", + "readonly":true }, "GetAlias":{ "name":"GetAlias", @@ -336,12 +346,13 @@ "input":{"shape":"GetAliasRequest"}, "output":{"shape":"AliasConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns details about a Lambda function alias.

    " + "documentation":"

    Returns details about a Lambda function alias.

    ", + "readonly":true }, "GetCodeSigningConfig":{ "name":"GetCodeSigningConfig", @@ -353,11 +364,12 @@ "input":{"shape":"GetCodeSigningConfigRequest"}, "output":{"shape":"GetCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns information about the specified code signing configuration.

    " + "documentation":"

    Returns information about the specified code signing configuration.

    ", + "readonly":true }, "GetEventSourceMapping":{ "name":"GetEventSourceMapping", @@ -369,12 +381,13 @@ "input":{"shape":"GetEventSourceMappingRequest"}, "output":{"shape":"EventSourceMappingConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns details about an event source mapping. You can get the identifier of a mapping from the output of ListEventSourceMappings.

    " + "documentation":"

    Returns details about an event source mapping. You can get the identifier of a mapping from the output of ListEventSourceMappings.

    ", + "readonly":true }, "GetFunction":{ "name":"GetFunction", @@ -386,12 +399,13 @@ "input":{"shape":"GetFunctionRequest"}, "output":{"shape":"GetFunctionResponse"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns information about the function or function version, with a link to download the deployment package that's valid for 10 minutes. If you specify a function version, only details that are specific to that version are returned.

    " + "documentation":"

    Returns information about the function or function version, with a link to download the deployment package that's valid for 10 minutes. If you specify a function version, only details that are specific to that version are returned.

    ", + "readonly":true }, "GetFunctionCodeSigningConfig":{ "name":"GetFunctionCodeSigningConfig", @@ -404,11 +418,12 @@ "output":{"shape":"GetFunctionCodeSigningConfigResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ServiceException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the code signing configuration for the specified function.

    " + "documentation":"

    Returns the code signing configuration for the specified function.

    ", + "readonly":true }, "GetFunctionConcurrency":{ "name":"GetFunctionConcurrency", @@ -421,11 +436,12 @@ "output":{"shape":"GetFunctionConcurrencyResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns details about the reserved concurrency configuration for a function. To set a concurrency limit for a function, use PutFunctionConcurrency.

    " + "documentation":"

    Returns details about the reserved concurrency configuration for a function. To set a concurrency limit for a function, use PutFunctionConcurrency.

    ", + "readonly":true }, "GetFunctionConfiguration":{ "name":"GetFunctionConfiguration", @@ -437,12 +453,13 @@ "input":{"shape":"GetFunctionConfigurationRequest"}, "output":{"shape":"FunctionConfiguration"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the version-specific settings of a Lambda function or version. The output includes only options that can vary between versions of a function. To modify these settings, use UpdateFunctionConfiguration.

    To get all of a function's details, including function-level settings, use GetFunction.

    " + "documentation":"

    Returns the version-specific settings of a Lambda function or version. The output includes only options that can vary between versions of a function. To modify these settings, use UpdateFunctionConfiguration.

    To get all of a function's details, including function-level settings, use GetFunction.

    ", + "readonly":true }, "GetFunctionEventInvokeConfig":{ "name":"GetFunctionEventInvokeConfig", @@ -454,12 +471,13 @@ "input":{"shape":"GetFunctionEventInvokeConfigRequest"}, "output":{"shape":"FunctionEventInvokeConfig"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves the configuration for asynchronous invocation for a function, version, or alias.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    " + "documentation":"

    Retrieves the configuration for asynchronous invocation for a function, version, or alias.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    ", + "readonly":true }, "GetFunctionRecursionConfig":{ "name":"GetFunctionRecursionConfig", @@ -472,11 +490,12 @@ "output":{"shape":"GetFunctionRecursionConfigResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns your function's recursive loop detection configuration.

    " + "documentation":"

    Returns your function's recursive loop detection configuration.

    ", + "readonly":true }, "GetFunctionUrlConfig":{ "name":"GetFunctionUrlConfig", @@ -490,10 +509,11 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns details about a Lambda function URL.

    " + "documentation":"

    Returns details about a Lambda function URL.

    ", + "readonly":true }, "GetLayerVersion":{ "name":"GetLayerVersion", @@ -505,12 +525,13 @@ "input":{"shape":"GetLayerVersionRequest"}, "output":{"shape":"GetLayerVersionResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns information about a version of an Lambda layer, with a link to download the layer archive that's valid for 10 minutes.

    " + "documentation":"

    Returns information about a version of an Lambda layer, with a link to download the layer archive that's valid for 10 minutes.

    ", + "readonly":true }, "GetLayerVersionByArn":{ "name":"GetLayerVersionByArn", @@ -522,12 +543,13 @@ "input":{"shape":"GetLayerVersionByArnRequest"}, "output":{"shape":"GetLayerVersionResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns information about a version of an Lambda layer, with a link to download the layer archive that's valid for 10 minutes.

    " + "documentation":"

    Returns information about a version of an Lambda layer, with a link to download the layer archive that's valid for 10 minutes.

    ", + "readonly":true }, "GetLayerVersionPolicy":{ "name":"GetLayerVersionPolicy", @@ -539,12 +561,13 @@ "input":{"shape":"GetLayerVersionPolicyRequest"}, "output":{"shape":"GetLayerVersionPolicyResponse"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the permission policy for a version of an Lambda layer. For more information, see AddLayerVersionPermission.

    " + "documentation":"

    Returns the permission policy for a version of an Lambda layer. For more information, see AddLayerVersionPermission.

    ", + "readonly":true }, "GetPolicy":{ "name":"GetPolicy", @@ -556,12 +579,13 @@ "input":{"shape":"GetPolicyRequest"}, "output":{"shape":"GetPolicyResponse"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns the resource-based IAM policy for a function, version, or alias.

    " + "documentation":"

    Returns the resource-based IAM policy for a function, version, or alias.

    ", + "readonly":true }, "GetProvisionedConcurrencyConfig":{ "name":"GetProvisionedConcurrencyConfig", @@ -574,12 +598,13 @@ "output":{"shape":"GetProvisionedConcurrencyConfigResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"}, + {"shape":"ProvisionedConcurrencyConfigNotFoundException"}, {"shape":"ServiceException"}, - {"shape":"ProvisionedConcurrencyConfigNotFoundException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves the provisioned concurrency configuration for a function's alias or version.

    " + "documentation":"

    Retrieves the provisioned concurrency configuration for a function's alias or version.

    ", + "readonly":true }, "GetRuntimeManagementConfig":{ "name":"GetRuntimeManagementConfig", @@ -591,113 +616,118 @@ "input":{"shape":"GetRuntimeManagementConfigRequest"}, "output":{"shape":"GetRuntimeManagementConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves the runtime management configuration for a function's version. If the runtime update mode is Manual, this includes the ARN of the runtime version and the runtime update mode. If the runtime update mode is Auto or Function update, this includes the runtime update mode and null is returned for the ARN. For more information, see Runtime updates.

    " + "documentation":"

    Retrieves the runtime management configuration for a function's version. If the runtime update mode is Manual, this includes the ARN of the runtime version and the runtime update mode. If the runtime update mode is Auto or Function update, this includes the runtime update mode and null is returned for the ARN. For more information, see Runtime updates.

    ", + "readonly":true }, "Invoke":{ "name":"Invoke", "http":{ "method":"POST", - "requestUri":"/2015-03-31/functions/{FunctionName}/invocations" + "requestUri":"/2015-03-31/functions/{FunctionName}/invocations", + "responseCode":200 }, "input":{"shape":"InvocationRequest"}, "output":{"shape":"InvocationResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestContentException"}, + {"shape":"ResourceNotReadyException"}, + {"shape":"InvalidSecurityGroupIDException"}, + {"shape":"SnapStartTimeoutException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"EC2ThrottledException"}, + {"shape":"EFSMountConnectivityException"}, + {"shape":"SubnetIPAddressLimitReachedException"}, + {"shape":"KMSAccessDeniedException"}, {"shape":"RequestTooLargeException"}, + {"shape":"KMSDisabledException"}, {"shape":"UnsupportedMediaTypeException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, + {"shape":"SerializedRequestEntityTooLargeException"}, + {"shape":"InvalidRuntimeException"}, {"shape":"EC2UnexpectedException"}, - {"shape":"SubnetIPAddressLimitReachedException"}, - {"shape":"ENILimitReachedException"}, - {"shape":"EFSMountConnectivityException"}, - {"shape":"EFSMountFailureException"}, - {"shape":"EFSMountTimeoutException"}, - {"shape":"EFSIOException"}, - {"shape":"SnapStartException"}, - {"shape":"SnapStartTimeoutException"}, - {"shape":"SnapStartNotReadyException"}, - {"shape":"EC2ThrottledException"}, - {"shape":"EC2AccessDeniedException"}, {"shape":"InvalidSubnetIDException"}, - {"shape":"InvalidSecurityGroupIDException"}, - {"shape":"InvalidZipFileException"}, - {"shape":"KMSDisabledException"}, - {"shape":"KMSInvalidStateException"}, - {"shape":"KMSAccessDeniedException"}, {"shape":"KMSNotFoundException"}, - {"shape":"InvalidRuntimeException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"EC2AccessDeniedException"}, + {"shape":"EFSIOException"}, + {"shape":"KMSInvalidStateException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotReadyException"}, - {"shape":"RecursiveInvocationException"} + {"shape":"ENILimitReachedException"}, + {"shape":"SnapStartNotReadyException"}, + {"shape":"ServiceException"}, + {"shape":"SnapStartException"}, + {"shape":"RecursiveInvocationException"}, + {"shape":"EFSMountTimeoutException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestContentException"}, + {"shape":"InvalidZipFileException"}, + {"shape":"EFSMountFailureException"} ], - "documentation":"

    Invokes a Lambda function. You can invoke a function synchronously (and wait for the response), or asynchronously. By default, Lambda invokes your function synchronously (i.e. theInvocationType is RequestResponse). To invoke a function asynchronously, set InvocationType to Event. Lambda passes the ClientContext object to your function for synchronous invocations only.

    For synchronous invocation, details about the function response, including errors, are included in the response body and headers. For either invocation type, you can find more information in the execution log and trace.

    When an error occurs, your function may be invoked multiple times. Retry behavior varies by error type, client, event source, and invocation type. For example, if you invoke a function asynchronously and it returns an error, Lambda executes the function up to two more times. For more information, see Error handling and automatic retries in Lambda.

    For asynchronous invocation, Lambda adds events to a queue before sending them to your function. If your function does not have enough capacity to keep up with the queue, events may be lost. Occasionally, your function may receive the same event multiple times, even if no error occurs. To retain events that were not processed, configure your function with a dead-letter queue.

    The status code in the API response doesn't reflect function errors. Error codes are reserved for errors that prevent your function from executing, such as permissions errors, quota errors, or issues with your function's code and configuration. For example, Lambda returns TooManyRequestsException if running the function would cause you to exceed a concurrency limit at either the account level (ConcurrentInvocationLimitExceeded) or function level (ReservedFunctionConcurrentInvocationLimitExceeded).

    For functions with a long timeout, your client might disconnect during synchronous invocation while it waits for a response. Configure your HTTP client, SDK, firewall, proxy, or operating system to allow for long connections with timeout or keep-alive settings.

    This operation requires permission for the lambda:InvokeFunction action. For details on how to set up permissions for cross-account invocations, see Granting function access to other accounts.

    " + "documentation":"

    Invokes a Lambda function. You can invoke a function synchronously (and wait for the response), or asynchronously. By default, Lambda invokes your function synchronously (i.e. theInvocationType is RequestResponse). To invoke a function asynchronously, set InvocationType to Event. Lambda passes the ClientContext object to your function for synchronous invocations only.

    For synchronous invocations, the maximum payload size is 6 MB. For asynchronous invocations, the maximum payload size is 1 MB.

    For synchronous invocation, details about the function response, including errors, are included in the response body and headers. For either invocation type, you can find more information in the execution log and trace.

    When an error occurs, your function may be invoked multiple times. Retry behavior varies by error type, client, event source, and invocation type. For example, if you invoke a function asynchronously and it returns an error, Lambda executes the function up to two more times. For more information, see Error handling and automatic retries in Lambda.

    For asynchronous invocation, Lambda adds events to a queue before sending them to your function. If your function does not have enough capacity to keep up with the queue, events may be lost. Occasionally, your function may receive the same event multiple times, even if no error occurs. To retain events that were not processed, configure your function with a dead-letter queue.

    The status code in the API response doesn't reflect function errors. Error codes are reserved for errors that prevent your function from executing, such as permissions errors, quota errors, or issues with your function's code and configuration. For example, Lambda returns TooManyRequestsException if running the function would cause you to exceed a concurrency limit at either the account level (ConcurrentInvocationLimitExceeded) or function level (ReservedFunctionConcurrentInvocationLimitExceeded).

    For functions with a long timeout, your client might disconnect during synchronous invocation while it waits for a response. Configure your HTTP client, SDK, firewall, proxy, or operating system to allow for long connections with timeout or keep-alive settings.

    This operation requires permission for the lambda:InvokeFunction action. For details on how to set up permissions for cross-account invocations, see Granting function access to other accounts.

    " }, "InvokeAsync":{ "name":"InvokeAsync", "http":{ "method":"POST", - "requestUri":"/2014-11-13/functions/{FunctionName}/invoke-async/", + "requestUri":"/2014-11-13/functions/{FunctionName}/invoke-async", "responseCode":202 }, "input":{"shape":"InvokeAsyncRequest"}, "output":{"shape":"InvokeAsyncResponse"}, "errors":[ + {"shape":"InvalidRuntimeException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestContentException"}, - {"shape":"InvalidRuntimeException"}, - {"shape":"ResourceConflictException"} + {"shape":"InvalidRequestContentException"} ], - "documentation":"

    For asynchronous function invocation, use Invoke.

    Invokes a function asynchronously.

    If you do use the InvokeAsync action, note that it doesn't support the use of X-Ray active tracing. Trace ID is not propagated to the function, even if X-Ray active tracing is turned on.

    ", + "documentation":"

    For asynchronous function invocation, use Invoke.

    Invokes a function asynchronously.

    The payload limit is 256KB. For larger payloads, for up to 1MB, use Invoke.

    If you do use the InvokeAsync action, note that it doesn't support the use of X-Ray active tracing. Trace ID is not propagated to the function, even if X-Ray active tracing is turned on.

    ", "deprecated":true }, "InvokeWithResponseStream":{ "name":"InvokeWithResponseStream", "http":{ "method":"POST", - "requestUri":"/2021-11-15/functions/{FunctionName}/response-streaming-invocations" + "requestUri":"/2021-11-15/functions/{FunctionName}/response-streaming-invocations", + "responseCode":200 }, "input":{"shape":"InvokeWithResponseStreamRequest"}, "output":{"shape":"InvokeWithResponseStreamResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidRequestContentException"}, + {"shape":"ResourceNotReadyException"}, + {"shape":"InvalidSecurityGroupIDException"}, + {"shape":"SnapStartTimeoutException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"EC2ThrottledException"}, + {"shape":"EFSMountConnectivityException"}, + {"shape":"SubnetIPAddressLimitReachedException"}, + {"shape":"KMSAccessDeniedException"}, {"shape":"RequestTooLargeException"}, + {"shape":"KMSDisabledException"}, {"shape":"UnsupportedMediaTypeException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, + {"shape":"SerializedRequestEntityTooLargeException"}, + {"shape":"InvalidRuntimeException"}, {"shape":"EC2UnexpectedException"}, - {"shape":"SubnetIPAddressLimitReachedException"}, - {"shape":"ENILimitReachedException"}, - {"shape":"EFSMountConnectivityException"}, - {"shape":"EFSMountFailureException"}, - {"shape":"EFSMountTimeoutException"}, - {"shape":"EFSIOException"}, - {"shape":"SnapStartException"}, - {"shape":"SnapStartTimeoutException"}, - {"shape":"SnapStartNotReadyException"}, - {"shape":"EC2ThrottledException"}, - {"shape":"EC2AccessDeniedException"}, {"shape":"InvalidSubnetIDException"}, - {"shape":"InvalidSecurityGroupIDException"}, - {"shape":"InvalidZipFileException"}, - {"shape":"KMSDisabledException"}, - {"shape":"KMSInvalidStateException"}, - {"shape":"KMSAccessDeniedException"}, {"shape":"KMSNotFoundException"}, - {"shape":"InvalidRuntimeException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"EC2AccessDeniedException"}, + {"shape":"EFSIOException"}, + {"shape":"KMSInvalidStateException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotReadyException"}, - {"shape":"RecursiveInvocationException"} + {"shape":"ENILimitReachedException"}, + {"shape":"SnapStartNotReadyException"}, + {"shape":"ServiceException"}, + {"shape":"SnapStartException"}, + {"shape":"RecursiveInvocationException"}, + {"shape":"EFSMountTimeoutException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestContentException"}, + {"shape":"InvalidZipFileException"}, + {"shape":"EFSMountFailureException"} ], "documentation":"

    Configure your Lambda functions to stream response payloads back to clients. For more information, see Configuring a Lambda function to stream responses.

    This operation requires permission for the lambda:InvokeFunction action. For details on how to set up permissions for cross-account invocations, see Granting function access to other accounts.

    " }, @@ -711,44 +741,47 @@ "input":{"shape":"ListAliasesRequest"}, "output":{"shape":"ListAliasesResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of aliases for a Lambda function.

    " + "documentation":"

    Returns a list of aliases for a Lambda function.

    ", + "readonly":true }, "ListCodeSigningConfigs":{ "name":"ListCodeSigningConfigs", "http":{ "method":"GET", - "requestUri":"/2020-04-22/code-signing-configs/", + "requestUri":"/2020-04-22/code-signing-configs", "responseCode":200 }, "input":{"shape":"ListCodeSigningConfigsRequest"}, "output":{"shape":"ListCodeSigningConfigsResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"} ], - "documentation":"

    Returns a list of code signing configurations. A request returns up to 10,000 configurations per call. You can use the MaxItems parameter to return fewer configurations per call.

    " + "documentation":"

    Returns a list of code signing configurations. A request returns up to 10,000 configurations per call. You can use the MaxItems parameter to return fewer configurations per call.

    ", + "readonly":true }, "ListEventSourceMappings":{ "name":"ListEventSourceMappings", "http":{ "method":"GET", - "requestUri":"/2015-03-31/event-source-mappings/", + "requestUri":"/2015-03-31/event-source-mappings", "responseCode":200 }, "input":{"shape":"ListEventSourceMappingsRequest"}, "output":{"shape":"ListEventSourceMappingsResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Lists event source mappings. Specify an EventSourceArn to show only event source mappings for a single event source.

    " + "documentation":"

    Lists event source mappings. Specify an EventSourceArn to show only event source mappings for a single event source.

    ", + "readonly":true }, "ListFunctionEventInvokeConfigs":{ "name":"ListFunctionEventInvokeConfigs", @@ -761,11 +794,12 @@ "output":{"shape":"ListFunctionEventInvokeConfigsResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves a list of configurations for asynchronous invocation for a function.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    " + "documentation":"

    Retrieves a list of configurations for asynchronous invocation for a function.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    ", + "readonly":true }, "ListFunctionUrlConfigs":{ "name":"ListFunctionUrlConfigs", @@ -779,26 +813,28 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of Lambda function URLs for the specified function.

    " + "documentation":"

    Returns a list of Lambda function URLs for the specified function.

    ", + "readonly":true }, "ListFunctions":{ "name":"ListFunctions", "http":{ "method":"GET", - "requestUri":"/2015-03-31/functions/", + "requestUri":"/2015-03-31/functions", "responseCode":200 }, "input":{"shape":"ListFunctionsRequest"}, "output":{"shape":"ListFunctionsResponse"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"} + {"shape":"TooManyRequestsException"} ], - "documentation":"

    Returns a list of Lambda functions, with the version-specific configuration of each. Lambda returns up to 50 functions per call.

    Set FunctionVersion to ALL to include all published versions of each function in addition to the unpublished version.

    The ListFunctions operation returns a subset of the FunctionConfiguration fields. To get the additional fields (State, StateReasonCode, StateReason, LastUpdateStatus, LastUpdateStatusReason, LastUpdateStatusReasonCode, RuntimeVersionConfig) for a function or version, use GetFunction.

    " + "documentation":"

    Returns a list of Lambda functions, with the version-specific configuration of each. Lambda returns up to 50 functions per call.

    Set FunctionVersion to ALL to include all published versions of each function in addition to the unpublished version.

    The ListFunctions operation returns a subset of the FunctionConfiguration fields. To get the additional fields (State, StateReasonCode, StateReason, LastUpdateStatus, LastUpdateStatusReason, LastUpdateStatusReasonCode, RuntimeVersionConfig) for a function or version, use GetFunction.

    ", + "readonly":true }, "ListFunctionsByCodeSigningConfig":{ "name":"ListFunctionsByCodeSigningConfig", @@ -810,11 +846,12 @@ "input":{"shape":"ListFunctionsByCodeSigningConfigRequest"}, "output":{"shape":"ListFunctionsByCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    List the functions that use the specified code signing configuration. You can use this method prior to deleting a code signing configuration, to verify that no functions are using it.

    " + "documentation":"

    List the functions that use the specified code signing configuration. You can use this method prior to deleting a code signing configuration, to verify that no functions are using it.

    ", + "readonly":true }, "ListLayerVersions":{ "name":"ListLayerVersions", @@ -826,12 +863,13 @@ "input":{"shape":"ListLayerVersionsRequest"}, "output":{"shape":"ListLayerVersionsResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Lists the versions of an Lambda layer. Versions that have been deleted aren't listed. Specify a runtime identifier to list only versions that indicate that they're compatible with that runtime. Specify a compatible architecture to include only layer versions that are compatible with that architecture.

    " + "documentation":"

    Lists the versions of an Lambda layer. Versions that have been deleted aren't listed. Specify a runtime identifier to list only versions that indicate that they're compatible with that runtime. Specify a compatible architecture to include only layer versions that are compatible with that architecture.

    ", + "readonly":true }, "ListLayers":{ "name":"ListLayers", @@ -843,11 +881,12 @@ "input":{"shape":"ListLayersRequest"}, "output":{"shape":"ListLayersResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists Lambda layers and shows information about the latest version of each. Specify a runtime identifier to list only layers that indicate that they're compatible with that runtime. Specify a compatible architecture to include only layers that are compatible with that instruction set architecture.

    " + "documentation":"

    Lists Lambda layers and shows information about the latest version of each. Specify a runtime identifier to list only layers that indicate that they're compatible with that runtime. Specify a compatible architecture to include only layers that are compatible with that instruction set architecture.

    ", + "readonly":true }, "ListProvisionedConcurrencyConfigs":{ "name":"ListProvisionedConcurrencyConfigs", @@ -860,27 +899,30 @@ "output":{"shape":"ListProvisionedConcurrencyConfigsResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves a list of provisioned concurrency configurations for a function.

    " + "documentation":"

    Retrieves a list of provisioned concurrency configurations for a function.

    ", + "readonly":true }, "ListTags":{ "name":"ListTags", "http":{ "method":"GET", - "requestUri":"/2017-03-31/tags/{ARN}" + "requestUri":"/2017-03-31/tags/{Resource}", + "responseCode":200 }, "input":{"shape":"ListTagsRequest"}, "output":{"shape":"ListTagsResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a function, event source mapping, or code signing configuration's tags. You can also view function tags with GetFunction.

    " + "documentation":"

    Returns a function, event source mapping, or code signing configuration's tags. You can also view function tags with GetFunction.

    ", + "readonly":true }, "ListVersionsByFunction":{ "name":"ListVersionsByFunction", @@ -892,12 +934,13 @@ "input":{"shape":"ListVersionsByFunctionRequest"}, "output":{"shape":"ListVersionsByFunctionResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of versions, with the version-specific configuration of each. Lambda returns up to 50 versions per call.

    " + "documentation":"

    Returns a list of versions, with the version-specific configuration of each. Lambda returns up to 50 versions per call.

    ", + "readonly":true }, "PublishLayerVersion":{ "name":"PublishLayerVersion", @@ -909,10 +952,10 @@ "input":{"shape":"PublishLayerVersionRequest"}, "output":{"shape":"PublishLayerVersionResponse"}, "errors":[ + {"shape":"InvalidParameterValueException"}, {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"TooManyRequestsException"}, - {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"CodeStorageExceededException"} ], "documentation":"

    Creates an Lambda layer from a ZIP archive. Each time you call PublishLayerVersion with the same layer name, a new version is created.

    Add layers to your function with CreateFunction or UpdateFunctionConfiguration.

    " @@ -927,13 +970,13 @@ "input":{"shape":"PublishVersionRequest"}, "output":{"shape":"FunctionConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"CodeStorageExceededException"}, - {"shape":"PreconditionFailedException"}, - {"shape":"ResourceConflictException"} + {"shape":"PreconditionFailedException"} ], "documentation":"

    Creates a version from the current code and configuration of a function. Use versions to create a snapshot of your function code and configuration that doesn't change.

    Lambda doesn't publish a version if the function's configuration and code haven't changed since the last version. Use UpdateFunctionCode or UpdateFunctionConfiguration to update the function before publishing a version.

    Clients can invoke versions directly or with an alias. To create an alias, use CreateAlias.

    " }, @@ -947,11 +990,11 @@ "input":{"shape":"PutFunctionCodeSigningConfigRequest"}, "output":{"shape":"PutFunctionCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"CodeSigningConfigNotFoundException"} ], "documentation":"

    Update the code signing configuration for the function. Changes to the code signing configuration take effect the next time a user tries to deploy a code package to the function.

    " @@ -966,11 +1009,11 @@ "input":{"shape":"PutFunctionConcurrencyRequest"}, "output":{"shape":"Concurrency"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Sets the maximum number of simultaneous executions for a function, and reserves capacity for that concurrency level.

    Concurrency settings apply to the function as a whole, including all published versions and the unpublished version. Reserving concurrency both ensures that your function has capacity to process the specified number of events simultaneously, and prevents it from scaling beyond that level. Use GetFunction to see the current setting for a function.

    Use GetAccountSettings to see your Regional concurrency limit. You can reserve concurrency for as many functions as you like, as long as you leave at least 100 simultaneous executions unreserved for functions that aren't configured with a per-function limit. For more information, see Lambda function scaling.

    " }, @@ -984,11 +1027,11 @@ "input":{"shape":"PutFunctionEventInvokeConfigRequest"}, "output":{"shape":"FunctionEventInvokeConfig"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Configures options for asynchronous invocation on a function, version, or alias. If a configuration already exists for a function, version, or alias, this operation overwrites it. If you exclude any settings, they are removed. To set one option without affecting existing settings for other options, use UpdateFunctionEventInvokeConfig.

    By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it. To retain discarded events, configure a dead-letter queue with UpdateFunctionConfiguration.

    To send an invocation record to a queue, topic, S3 bucket, function, or event bus, specify a destination. You can configure separate destinations for successful invocations (on-success) and events that fail all processing attempts (on-failure). You can configure destinations in addition to or instead of a dead-letter queue.

    S3 buckets are supported only for on-failure destinations. To retain records of successful invocations, use another destination type.

    " }, @@ -1004,9 +1047,9 @@ "errors":[ {"shape":"InvalidParameterValueException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Sets your function's recursive loop detection configuration.

    When you configure a Lambda function to output to the same service or resource that invokes the function, it's possible to create an infinite recursive loop. For example, a Lambda function might write a message to an Amazon Simple Queue Service (Amazon SQS) queue, which then invokes the same function. This invocation causes the function to write another message to the queue, which in turn invokes the function again.

    Lambda can detect certain types of recursive loops shortly after they occur. When Lambda detects a recursive loop and your function's recursive loop detection configuration is set to Terminate, it stops your function being invoked and notifies you.

    " }, @@ -1021,12 +1064,13 @@ "output":{"shape":"PutProvisionedConcurrencyConfigResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ServiceException"} + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Adds a provisioned concurrency configuration to a function's alias or version.

    " + "documentation":"

    Adds a provisioned concurrency configuration to a function's alias or version.

    ", + "idempotent":true }, "PutRuntimeManagementConfig":{ "name":"PutRuntimeManagementConfig", @@ -1038,11 +1082,11 @@ "input":{"shape":"PutRuntimeManagementConfigRequest"}, "output":{"shape":"PutRuntimeManagementConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceConflictException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"} + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Sets the runtime management configuration for a function's version. For more information, see Runtime updates.

    " }, @@ -1055,10 +1099,10 @@ }, "input":{"shape":"RemoveLayerVersionPermissionRequest"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"PreconditionFailedException"} ], "documentation":"

    Removes a statement from the permissions policy for a version of an Lambda layer. For more information, see AddLayerVersionPermission.

    " @@ -1072,10 +1116,10 @@ }, "input":{"shape":"RemovePermissionRequest"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"PreconditionFailedException"} ], "documentation":"

    Revokes function-use permission from an Amazon Web Services service or another Amazon Web Services account. You can get the ID of the statement from the output of GetPolicy.

    " @@ -1084,16 +1128,16 @@ "name":"TagResource", "http":{ "method":"POST", - "requestUri":"/2017-03-31/tags/{ARN}", + "requestUri":"/2017-03-31/tags/{Resource}", "responseCode":204 }, "input":{"shape":"TagResourceRequest"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Adds tags to a function, event source mapping, or code signing configuration.

    " }, @@ -1101,16 +1145,16 @@ "name":"UntagResource", "http":{ "method":"DELETE", - "requestUri":"/2017-03-31/tags/{ARN}", + "requestUri":"/2017-03-31/tags/{Resource}", "responseCode":204 }, "input":{"shape":"UntagResourceRequest"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Removes tags from a function, event source mapping, or code signing configuration.

    " }, @@ -1124,12 +1168,12 @@ "input":{"shape":"UpdateAliasRequest"}, "output":{"shape":"AliasConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"PreconditionFailedException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"PreconditionFailedException"} ], "documentation":"

    Updates the configuration of a Lambda function alias.

    " }, @@ -1143,8 +1187,8 @@ "input":{"shape":"UpdateCodeSigningConfigRequest"}, "output":{"shape":"UpdateCodeSigningConfigResponse"}, "errors":[ - {"shape":"ServiceException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceException"}, {"shape":"ResourceNotFoundException"} ], "documentation":"

    Update the code signing configuration. Changes to the code signing configuration take effect the next time a user tries to deploy a code package to the function.

    " @@ -1159,14 +1203,14 @@ "input":{"shape":"UpdateEventSourceMappingRequest"}, "output":{"shape":"EventSourceMappingConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"}, + {"shape":"ResourceInUseException"}, {"shape":"ResourceConflictException"}, - {"shape":"ResourceInUseException"} + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.

    For details about how to configure different event sources, see the following topics.

    The following error handling options are available only for DynamoDB and Kinesis event sources:

    • BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.

    • MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires

    • MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.

    • ParallelizationFactor – Process multiple batches from each shard concurrently.

    For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:

    • DestinationConfig – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket.

    For information about which configuration parameters apply to each event source, see the following topics.

    " + "documentation":"

    Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.

    For details about how to configure different event sources, see the following topics.

    The following error handling options are available only for DynamoDB and Kinesis event sources:

    • BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.

    • MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires

    • MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.

    • ParallelizationFactor – Process multiple batches from each shard concurrently.

    For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:

    • OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket. For more information, see Adding a destination.

    For information about which configuration parameters apply to each event source, see the following topics.

    " }, "UpdateFunctionCode":{ "name":"UpdateFunctionCode", @@ -1178,16 +1222,16 @@ "input":{"shape":"UpdateFunctionCodeRequest"}, "output":{"shape":"FunctionConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"CodeStorageExceededException"}, - {"shape":"PreconditionFailedException"}, {"shape":"ResourceConflictException"}, - {"shape":"CodeVerificationFailedException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, {"shape":"InvalidCodeSignatureException"}, - {"shape":"CodeSigningConfigNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"CodeVerificationFailedException"}, + {"shape":"CodeSigningConfigNotFoundException"}, + {"shape":"CodeStorageExceededException"}, + {"shape":"PreconditionFailedException"} ], "documentation":"

    Updates a Lambda function's code. If code signing is enabled for the function, the code package must be signed by a trusted publisher. For more information, see Configuring code signing for Lambda.

    If the function's package type is Image, then you must specify the code package in ImageUri as the URI of a container image in the Amazon ECR registry.

    If the function's package type is Zip, then you must specify the deployment package as a .zip file archive. Enter the Amazon S3 bucket and key of the code .zip file location. You can also provide the function code inline using the ZipFile field.

    The code in the deployment package must be compatible with the target instruction set architecture of the function (x86-64 or arm64).

    The function's code is locked when you publish a version. You can't modify the code of a published version, only the unpublished version.

    For a function defined as a container image, Lambda resolves the image tag to an image digest. In Amazon ECR, if you update the image tag to a new image, Lambda does not automatically update the function.

    " }, @@ -1201,15 +1245,15 @@ "input":{"shape":"UpdateFunctionConfigurationRequest"}, "output":{"shape":"FunctionConfiguration"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, - {"shape":"TooManyRequestsException"}, {"shape":"ResourceConflictException"}, - {"shape":"PreconditionFailedException"}, - {"shape":"CodeVerificationFailedException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, {"shape":"InvalidCodeSignatureException"}, - {"shape":"CodeSigningConfigNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"CodeVerificationFailedException"}, + {"shape":"CodeSigningConfigNotFoundException"}, + {"shape":"PreconditionFailedException"} ], "documentation":"

    Modify the version-specific settings of a Lambda function.

    When you update a function, Lambda provisions an instance of the function and its supporting resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason, and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration indicate when the update is complete and the function is processing events with the new configuration. For more information, see Lambda function states.

    These settings can vary between versions of a function and are locked when you publish a version. You can't modify the configuration of a published version, only the unpublished version.

    To configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions to an Amazon Web Services account or Amazon Web Services service, use AddPermission.

    " }, @@ -1223,11 +1267,11 @@ "input":{"shape":"UpdateFunctionEventInvokeConfigRequest"}, "output":{"shape":"FunctionEventInvokeConfig"}, "errors":[ - {"shape":"ServiceException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, + {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"ResourceConflictException"} + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Updates the configuration for asynchronous invocation for a function, version, or alias.

    To configure options for asynchronous invocation, use PutFunctionEventInvokeConfig.

    " }, @@ -1241,11 +1285,11 @@ "input":{"shape":"UpdateFunctionUrlConfigRequest"}, "output":{"shape":"UpdateFunctionUrlConfigResponse"}, "errors":[ - {"shape":"ResourceConflictException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceConflictException"}, {"shape":"ServiceException"}, - {"shape":"TooManyRequestsException"} + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Updates the configuration for a Lambda function URL.

    " } @@ -1409,7 +1453,11 @@ }, "FunctionUrlAuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " + }, + "InvokedViaFunctionUrl":{ + "shape":"InvokedViaFunctionUrl", + "documentation":"

    Restricts the lambda:InvokeFunction action to function URL calls. When set to true, this prevents the principal from invoking the function by any means other than the function URL. For more information, see Control access to Lambda function URLs.

    " } } }, @@ -1483,16 +1531,21 @@ }, "documentation":"

    The traffic-shifting configuration of a Lambda function alias.

    " }, - "AllowCredentials":{"type":"boolean"}, + "AllowCredentials":{ + "type":"boolean", + "box":true + }, "AllowMethodsList":{ "type":"list", "member":{"shape":"Method"}, - "max":6 + "max":6, + "min":0 }, "AllowOriginsList":{ "type":"list", "member":{"shape":"Origin"}, - "max":100 + "max":100, + "min":0 }, "AllowedPublishers":{ "type":"structure", @@ -1511,6 +1564,10 @@ "ConsumerGroupId":{ "shape":"URI", "documentation":"

    The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see Customizable consumer group ID.

    " + }, + "SchemaRegistryConfig":{ + "shape":"KafkaSchemaRegistryConfig", + "documentation":"

    Specific configuration settings for a Kafka schema registry.

    " } }, "documentation":"

    Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.

    " @@ -1545,10 +1602,14 @@ }, "BatchSize":{ "type":"integer", + "box":true, "max":10000, "min":1 }, - "BisectBatchOnFunctionError":{"type":"boolean"}, + "BisectBatchOnFunctionError":{ + "type":"boolean", + "box":true + }, "Blob":{ "type":"blob", "sensitive":true @@ -1598,6 +1659,7 @@ "CodeSigningConfigArn":{ "type":"string", "max":200, + "min":0, "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}" }, "CodeSigningConfigId":{ @@ -1615,7 +1677,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The specified code signing configuration does not exist.

    ", - "error":{"httpStatusCode":404}, + "error":{ + "httpStatusCode":404, + "senderFault":true + }, "exception":true }, "CodeSigningPolicies":{ @@ -1623,7 +1688,7 @@ "members":{ "UntrustedArtifactOnDeployment":{ "shape":"CodeSigningPolicy", - "documentation":"

    Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.

    Default value: Warn

    " + "documentation":"

    Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and issues a new Amazon CloudWatch metric (SignatureValidationErrors) and also stores the warning in the CloudTrail log.

    Default value: Warn

    " } }, "documentation":"

    Code signing configuration policies specify the validation failure action for signature mismatch or expiry.

    " @@ -1645,7 +1710,10 @@ "message":{"shape":"String"} }, "documentation":"

    Your Amazon Web Services account has exceeded its maximum total code size. For more information, see Lambda quotas.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "CodeVerificationFailedException":{ @@ -1655,7 +1723,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The code signature failed one or more of the validation checks for signature mismatch or expiry, and the code signing policy is set to ENFORCE. Lambda blocks the deployment.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "CollectionName":{ @@ -1667,12 +1738,14 @@ "CompatibleArchitectures":{ "type":"list", "member":{"shape":"Architecture"}, - "max":2 + "max":2, + "min":0 }, "CompatibleRuntimes":{ "type":"list", "member":{"shape":"Runtime"}, - "max":15 + "max":15, + "min":0 }, "Concurrency":{ "type":"structure", @@ -1887,7 +1960,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The Provisioned Mode configuration for the event source. For more information, see Provisioned Mode.

    " + "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.

    " } } }, @@ -2018,7 +2091,7 @@ }, "AuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " }, "Cors":{ "shape":"Cors", @@ -2026,7 +2099,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } } }, @@ -2049,7 +2122,7 @@ }, "AuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " }, "Cors":{ "shape":"Cors", @@ -2061,7 +2134,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } } }, @@ -2080,7 +2153,7 @@ "documentation":"

    The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

    " } }, - "documentation":"

    The dead-letter queue for failed asynchronous invocations.

    " + "documentation":"

    The dead-letter queue for failed asynchronous invocations.

    " }, "DeleteAliasRequest":{ "type":"structure", @@ -2117,8 +2190,7 @@ }, "DeleteCodeSigningConfigResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEventSourceMappingRequest":{ "type":"structure", @@ -2261,21 +2333,21 @@ "type":"string", "max":350, "min":0, - "pattern":"^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)" + "pattern":"$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)" }, "DestinationConfig":{ "type":"structure", "members":{ "OnSuccess":{ "shape":"OnSuccess", - "documentation":"

    The destination configuration for successful invocations.

    " + "documentation":"

    The destination configuration for successful invocations. Not supported in CreateEventSourceMapping or UpdateEventSourceMapping.

    " }, "OnFailure":{ "shape":"OnFailure", "documentation":"

    The destination configuration for failed invocations.

    " } }, - "documentation":"

    A configuration object that specifies the destination of an event after Lambda processes it.

    " + "documentation":"

    A configuration object that specifies the destination of an event after Lambda processes it. For more information, see Adding a destination.

    " }, "DocumentDBEventSourceConfig":{ "type":"structure", @@ -2303,7 +2375,8 @@ }, "documentation":"

    Need additional permissions to configure VPC settings.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "EC2ThrottledException":{ "type":"structure", @@ -2313,7 +2386,8 @@ }, "documentation":"

    Amazon EC2 throttled Lambda during Lambda function initialization using the execution role provided for the function.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "EC2UnexpectedException":{ "type":"structure", @@ -2324,7 +2398,8 @@ }, "documentation":"

    Lambda received an unexpected Amazon EC2 client exception while setting up for the Lambda function.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "EFSIOException":{ "type":"structure", @@ -2333,7 +2408,10 @@ "Message":{"shape":"String"} }, "documentation":"

    An error occurred when reading from or writing to a connected file system.

    ", - "error":{"httpStatusCode":410}, + "error":{ + "httpStatusCode":410, + "senderFault":true + }, "exception":true }, "EFSMountConnectivityException":{ @@ -2343,7 +2421,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The Lambda function couldn't make a network connection to the configured file system.

    ", - "error":{"httpStatusCode":408}, + "error":{ + "httpStatusCode":408, + "senderFault":true + }, "exception":true }, "EFSMountFailureException":{ @@ -2353,7 +2434,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The Lambda function couldn't mount the configured file system due to a permission or configuration issue.

    ", - "error":{"httpStatusCode":403}, + "error":{ + "httpStatusCode":403, + "senderFault":true + }, "exception":true }, "EFSMountTimeoutException":{ @@ -2363,7 +2447,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The Lambda function made a network connection to the configured file system, but the mount operation timed out.

    ", - "error":{"httpStatusCode":408}, + "error":{ + "httpStatusCode":408, + "senderFault":true + }, "exception":true }, "ENILimitReachedException":{ @@ -2374,9 +2461,13 @@ }, "documentation":"

    Lambda couldn't create an elastic network interface in the VPC, specified as part of Lambda function configuration, because the limit for network interfaces has been reached. For more information, see Lambda quotas.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true + }, + "Enabled":{ + "type":"boolean", + "box":true }, - "Enabled":{"type":"boolean"}, "EndPointType":{ "type":"string", "enum":["KAFKA_BOOTSTRAP_SERVERS"] @@ -2385,7 +2476,7 @@ "type":"string", "max":300, "min":1, - "pattern":"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}" + "pattern":"(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}" }, "EndpointLists":{ "type":"list", @@ -2466,6 +2557,7 @@ }, "EphemeralStorageSize":{ "type":"integer", + "box":true, "max":10240, "min":512 }, @@ -2520,7 +2612,7 @@ }, "LastProcessingResult":{ "shape":"String", - "documentation":"

    The result of the last Lambda invocation of your function.

    " + "documentation":"

    The result of the event source mapping's last processing attempt.

    " }, "State":{ "shape":"String", @@ -2604,7 +2696,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The Provisioned Mode configuration for the event source. For more information, see Provisioned Mode.

    " + "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.

    " } }, "documentation":"

    A mapping between an Amazon Web Services resource and a Lambda function. For details, see CreateEventSourceMapping.

    " @@ -2650,6 +2742,7 @@ "FileSystemArn":{ "type":"string", "max":200, + "min":0, "pattern":"arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}" }, "FileSystemConfig":{ @@ -2673,7 +2766,8 @@ "FileSystemConfigList":{ "type":"list", "member":{"shape":"FileSystemConfig"}, - "max":1 + "max":1, + "min":0 }, "Filter":{ "type":"structure", @@ -3043,7 +3137,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } }, "documentation":"

    Details about a Lambda function URL.

    " @@ -3064,8 +3158,7 @@ }, "GetAccountSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountSettingsResponse":{ "type":"structure", @@ -3323,7 +3416,7 @@ }, "AuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " }, "Cors":{ "shape":"Cors", @@ -3339,7 +3432,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } } }, @@ -3570,17 +3663,20 @@ "Handler":{ "type":"string", "max":128, + "min":0, "pattern":"[^\\s]+" }, "Header":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "HeadersList":{ "type":"list", "member":{"shape":"Header"}, - "max":100 + "max":100, + "min":0 }, "HttpStatus":{"type":"integer"}, "ImageConfig":{ @@ -3637,7 +3733,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The code signature failed the integrity check. If the integrity check fails, then Lambda blocks deployment, even if the code signing policy is set to WARN.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "InvalidParameterValueException":{ @@ -3653,7 +3752,10 @@ } }, "documentation":"

    One of the parameters in the request is not valid.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "InvalidRequestContentException":{ @@ -3668,8 +3770,11 @@ "documentation":"

    The exception message.

    " } }, - "documentation":"

    The request body could not be parsed as JSON.

    ", - "error":{"httpStatusCode":400}, + "documentation":"

    The request body could not be parsed as JSON, or a request header is invalid. For example, the 'x-amzn-RequestId' header is not a valid UUID string.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "InvalidRuntimeException":{ @@ -3680,7 +3785,8 @@ }, "documentation":"

    The runtime or runtime version specified is not supported.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "InvalidSecurityGroupIDException":{ "type":"structure", @@ -3690,7 +3796,8 @@ }, "documentation":"

    The security group ID provided in the Lambda function VPC configuration is not valid.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "InvalidSubnetIDException":{ "type":"structure", @@ -3700,7 +3807,8 @@ }, "documentation":"

    The subnet ID provided in the Lambda function VPC configuration is not valid.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "InvalidZipFileException":{ "type":"structure", @@ -3710,7 +3818,8 @@ }, "documentation":"

    Lambda could not unzip the deployment package.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "InvocationRequest":{ "type":"structure", @@ -3742,7 +3851,7 @@ }, "Payload":{ "shape":"Blob", - "documentation":"

    The JSON that you want to provide to your Lambda function as input.

    You can enter the JSON directly. For example, --payload '{ \"key\": \"value\" }'. You can also specify a file path. For example, --payload file://payload.json.

    " + "documentation":"

    The JSON that you want to provide to your Lambda function as input. The maximum payload size is 6 MB for synchronous invocations and 1 MB for asynchronous invocations.

    You can enter the JSON directly. For example, --payload '{ \"key\": \"value\" }'. You can also specify a file path. For example, --payload file://payload.json.

    " }, "Qualifier":{ "shape":"Qualifier", @@ -3948,6 +4057,10 @@ "documentation":"

    An object that includes a chunk of the response payload. When the stream has ended, Lambda includes a InvokeComplete object.

    ", "eventstream":true }, + "InvokedViaFunctionUrl":{ + "type":"boolean", + "box":true + }, "KMSAccessDeniedException":{ "type":"structure", "members":{ @@ -3956,7 +4069,8 @@ }, "documentation":"

    Lambda couldn't decrypt the environment variables because KMS access was denied. Check the Lambda function's KMS permissions.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "KMSDisabledException":{ "type":"structure", @@ -3966,7 +4080,8 @@ }, "documentation":"

    Lambda couldn't decrypt the environment variables because the KMS key used is disabled. Check the Lambda function's KMS key settings.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "KMSInvalidStateException":{ "type":"structure", @@ -3976,7 +4091,8 @@ }, "documentation":"

    Lambda couldn't decrypt the environment variables because the state of the KMS key used is not valid for Decrypt. Check the function's KMS key settings.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "KMSKeyArn":{ "type":"string", @@ -3990,7 +4106,77 @@ }, "documentation":"

    Lambda couldn't decrypt the environment variables because the KMS key was not found. Check the function's KMS key settings.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true + }, + "KafkaSchemaRegistryAccessConfig":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"KafkaSchemaRegistryAuthType", + "documentation":"

    The type of authentication Lambda uses to access your schema registry.

    " + }, + "URI":{ + "shape":"Arn", + "documentation":"

    The URI of the secret (Secrets Manager secret ARN) to authenticate with your schema registry.

    " + } + }, + "documentation":"

    Specific access configuration settings that tell Lambda how to authenticate with your schema registry.

    If you're working with an Glue schema registry, don't provide authentication details in this object. Instead, ensure that your execution role has the required permissions for Lambda to access your cluster.

    If you're working with a Confluent schema registry, choose the authentication method in the Type field, and provide the Secrets Manager secret ARN in the URI field.

    " + }, + "KafkaSchemaRegistryAccessConfigList":{ + "type":"list", + "member":{"shape":"KafkaSchemaRegistryAccessConfig"} + }, + "KafkaSchemaRegistryAuthType":{ + "type":"string", + "enum":[ + "BASIC_AUTH", + "CLIENT_CERTIFICATE_TLS_AUTH", + "SERVER_ROOT_CA_CERTIFICATE" + ] + }, + "KafkaSchemaRegistryConfig":{ + "type":"structure", + "members":{ + "SchemaRegistryURI":{ + "shape":"SchemaRegistryUri", + "documentation":"

    The URI for your schema registry. The correct URI format depends on the type of schema registry you're using.

    • For Glue schema registries, use the ARN of the registry.

    • For Confluent schema registries, use the URL of the registry.

    " + }, + "EventRecordFormat":{ + "shape":"SchemaRegistryEventRecordFormat", + "documentation":"

    The record format that Lambda delivers to your function after schema validation.

    • Choose JSON to have Lambda deliver the record to your function as a standard JSON object.

    • Choose SOURCE to have Lambda deliver the record to your function in its original source format. Lambda removes all schema metadata, such as the schema ID, before sending the record to your function.

    " + }, + "AccessConfigs":{ + "shape":"KafkaSchemaRegistryAccessConfigList", + "documentation":"

    An array of access configuration objects that tell Lambda how to authenticate with your schema registry.

    " + }, + "SchemaValidationConfigs":{ + "shape":"KafkaSchemaValidationConfigList", + "documentation":"

    An array of schema validation configuration objects, which tell Lambda the message attributes you want to validate and filter using your schema registry.

    " + } + }, + "documentation":"

    Specific configuration settings for a Kafka schema registry.

    " + }, + "KafkaSchemaValidationAttribute":{ + "type":"string", + "enum":[ + "KEY", + "VALUE" + ] + }, + "KafkaSchemaValidationConfig":{ + "type":"structure", + "members":{ + "Attribute":{ + "shape":"KafkaSchemaValidationAttribute", + "documentation":"

    The attributes you want your schema registry to validate and filter for. If you selected JSON as the EventRecordFormat, Lambda also deserializes the selected message attributes.

    " + } + }, + "documentation":"

    Specific schema validation configuration settings that tell Lambda the message attributes you want to validate and filter using your schema registry.

    " + }, + "KafkaSchemaValidationConfigList":{ + "type":"list", + "member":{"shape":"KafkaSchemaValidationConfig"} }, "LastUpdateStatus":{ "type":"string", @@ -4068,6 +4254,7 @@ "LayerPermissionAllowedAction":{ "type":"string", "max":22, + "min":0, "pattern":"lambda:GetLayerVersion" }, "LayerPermissionAllowedPrincipal":{ @@ -4195,7 +4382,8 @@ }, "LicenseInfo":{ "type":"string", - "max":512 + "max":512, + "min":0 }, "ListAliasesRequest":{ "type":"structure", @@ -4603,7 +4791,7 @@ "shape":"TaggableResource", "documentation":"

    The resource's Amazon Resource Name (ARN). Note: Lambda does not support adding tags to function aliases or versions.

    ", "location":"uri", - "locationName":"ARN" + "locationName":"Resource" } } }, @@ -4656,7 +4844,8 @@ "LocalMountPath":{ "type":"string", "max":160, - "pattern":"^/mnt/[a-zA-Z0-9-_.]+$" + "min":0, + "pattern":"/mnt/[a-zA-Z0-9-_.]+" }, "LogFormat":{ "type":"string", @@ -4707,81 +4896,97 @@ }, "MaxAge":{ "type":"integer", + "box":true, "max":86400, "min":0 }, "MaxFunctionEventInvokeConfigListItems":{ "type":"integer", + "box":true, "max":50, "min":1 }, "MaxItems":{ "type":"integer", + "box":true, "max":50, "min":1 }, "MaxLayerListItems":{ "type":"integer", + "box":true, "max":50, "min":1 }, "MaxListItems":{ "type":"integer", + "box":true, "max":10000, "min":1 }, "MaxProvisionedConcurrencyConfigListItems":{ "type":"integer", + "box":true, "max":50, "min":1 }, "MaximumBatchingWindowInSeconds":{ "type":"integer", + "box":true, "max":300, "min":0 }, "MaximumConcurrency":{ "type":"integer", + "box":true, "max":1000, "min":2 }, "MaximumEventAgeInSeconds":{ "type":"integer", + "box":true, "max":21600, "min":60 }, "MaximumNumberOfPollers":{ "type":"integer", + "box":true, "max":2000, "min":1 }, "MaximumRecordAgeInSeconds":{ "type":"integer", + "box":true, "max":604800, "min":-1 }, "MaximumRetryAttempts":{ "type":"integer", + "box":true, "max":2, "min":0 }, "MaximumRetryAttemptsEventSourceMapping":{ "type":"integer", + "box":true, "max":10000, "min":-1 }, "MemorySize":{ "type":"integer", + "box":true, "max":10240, "min":128 }, "Method":{ "type":"string", "max":6, + "min":0, "pattern":".*" }, "MinimumNumberOfPollers":{ "type":"integer", + "box":true, "max":200, "min":1 }, @@ -4803,32 +5008,37 @@ }, "NonNegativeInteger":{ "type":"integer", + "box":true, "min":0 }, - "NullableBoolean":{"type":"boolean"}, + "NullableBoolean":{ + "type":"boolean", + "box":true + }, "OnFailure":{ "type":"structure", "members":{ "Destination":{ "shape":"DestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the destination resource.

    To retain records of unsuccessful asynchronous invocations, you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.

    To retain records of failed invocations from Kinesis, DynamoDB, self-managed Kafka or Amazon MSK, you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the destination resource.

    To retain records of unsuccessful asynchronous invocations, you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.

    Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending OnFailure event to the destination. For details on this behavior, refer to Retaining records of asynchronous invocations.

    To retain records of failed invocations from Kinesis, DynamoDB, self-managed Kafka or Amazon MSK, you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.

    " } }, - "documentation":"

    A destination for events that failed processing.

    " + "documentation":"

    A destination for events that failed processing. For more information, see Adding a destination.

    " }, "OnSuccess":{ "type":"structure", "members":{ "Destination":{ "shape":"DestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the destination resource.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the destination resource.

    Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending OnFailure event to the destination. For details on this behavior, refer to Retaining records of asynchronous invocations.

    " } }, - "documentation":"

    A destination for events that were processed successfully.

    To retain records of successful asynchronous invocations, you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.

    " + "documentation":"

    A destination for events that were processed successfully.

    To retain records of successful asynchronous invocations, you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.

    OnSuccess is not supported in CreateEventSourceMapping or UpdateEventSourceMapping requests.

    " }, "OrganizationId":{ "type":"string", "max":34, + "min":0, "pattern":"o-[a-z0-9]{10,32}" }, "Origin":{ @@ -4846,6 +5056,7 @@ }, "ParallelizationFactor":{ "type":"integer", + "box":true, "max":10, "min":1 }, @@ -4862,11 +5073,15 @@ "message":{"shape":"String"} }, "documentation":"

    The permissions policy for the resource is too large. For more information, see Lambda quotas.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "PositiveInteger":{ "type":"integer", + "box":true, "min":1 }, "PreconditionFailedException":{ @@ -4882,7 +5097,10 @@ } }, "documentation":"

    The RevisionId provided does not match the latest RevisionId for the Lambda function or alias.

    • For AddPermission and RemovePermission API operations: Call GetPolicy to retrieve the latest RevisionId for your resource.

    • For all other API operations: Call GetFunction or GetAlias to retrieve the latest RevisionId for your resource.

    ", - "error":{"httpStatusCode":412}, + "error":{ + "httpStatusCode":412, + "senderFault":true + }, "exception":true }, "Principal":{ @@ -4893,7 +5111,7 @@ "type":"string", "max":34, "min":12, - "pattern":"^o-[a-z0-9]{10,32}$" + "pattern":"o-[a-z0-9]{10,32}" }, "ProvisionedConcurrencyConfigList":{ "type":"list", @@ -4940,7 +5158,10 @@ "message":{"shape":"String"} }, "documentation":"

    The specified configuration does not exist.

    ", - "error":{"httpStatusCode":404}, + "error":{ + "httpStatusCode":404, + "senderFault":true + }, "exception":true }, "ProvisionedConcurrencyStatusEnum":{ @@ -4963,7 +5184,7 @@ "documentation":"

    The maximum number of event pollers this event source can scale up to.

    " } }, - "documentation":"

    The Provisioned Mode configuration for the event source. Use Provisioned Mode to customize the minimum and maximum number of event pollers for your event source. An event poller is a compute unit that provides approximately 5 MBps of throughput.

    " + "documentation":"

    The provisioned mode configuration for the event source. Use Provisioned Mode to customize the minimum and maximum number of event pollers for your event source. An event poller is a compute unit that provides approximately 5 MBps of throughput.

    " }, "PublishLayerVersionRequest":{ "type":"structure", @@ -5314,7 +5535,10 @@ } }, "documentation":"

    Lambda has detected your function being invoked in a recursive loop with other Amazon Web Services resources and stopped your function's invocation.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "RecursiveLoop":{ @@ -5398,11 +5622,15 @@ "message":{"shape":"String"} }, "documentation":"

    The request payload exceeded the Invoke request body JSON input quota. For more information, see Lambda quotas.

    ", - "error":{"httpStatusCode":413}, + "error":{ + "httpStatusCode":413, + "senderFault":true + }, "exception":true }, "ReservedConcurrentExecutions":{ "type":"integer", + "box":true, "min":0 }, "ResourceArn":{ @@ -5422,7 +5650,10 @@ } }, "documentation":"

    The resource already exists, or another operation is in progress.

    ", - "error":{"httpStatusCode":409}, + "error":{ + "httpStatusCode":409, + "senderFault":true + }, "exception":true }, "ResourceInUseException":{ @@ -5432,7 +5663,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The operation conflicts with the resource's availability. For example, you tried to update an event source mapping in the CREATING state, or you tried to delete an event source mapping currently UPDATING.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "ResourceNotFoundException":{ @@ -5442,7 +5676,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The resource specified in the request does not exist.

    ", - "error":{"httpStatusCode":404}, + "error":{ + "httpStatusCode":404, + "senderFault":true + }, "exception":true }, "ResourceNotReadyException":{ @@ -5459,7 +5696,8 @@ }, "documentation":"

    The function is inactive and its VPC connection is no longer available. Wait for the VPC connection to reestablish and try again.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "ResponseStreamingInvocationType":{ "type":"string", @@ -5508,20 +5746,24 @@ "java17", "ruby3.2", "ruby3.3", + "ruby3.4", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", - "nodejs22.x" + "nodejs22.x", + "java25", + "nodejs24.x", + "python3.14" ] }, "RuntimeVersionArn":{ "type":"string", "max":2048, "min":26, - "pattern":"^arn:(aws[a-zA-Z-]*):lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}::runtime:.+$" + "pattern":"arn:(aws[a-zA-Z-]*):lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}::runtime:.+" }, "RuntimeVersionConfig":{ "type":"structure", @@ -5555,7 +5797,7 @@ "type":"string", "max":63, "min":3, - "pattern":"^[0-9A-Za-z\\.\\-_]*(?(Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value.

    " }, + "SchemaRegistryEventRecordFormat":{ + "type":"string", + "enum":[ + "JSON", + "SOURCE" + ] + }, + "SchemaRegistryUri":{ + "type":"string", + "max":10000, + "min":1, + "pattern":"[a-zA-Z0-9-\\/*:_+=.@-]*" + }, "SecurityGroupId":{"type":"string"}, "SecurityGroupIds":{ "type":"list", "member":{"shape":"SecurityGroupId"}, - "max":5 + "max":5, + "min":0 }, "SelfManagedEventSource":{ "type":"structure", @@ -5598,7 +5854,11 @@ "members":{ "ConsumerGroupId":{ "shape":"URI", - "documentation":"

    The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see Customizable consumer group ID.

    " + "documentation":"

    The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see Customizable consumer group ID.

    " + }, + "SchemaRegistryConfig":{ + "shape":"KafkaSchemaRegistryConfig", + "documentation":"

    Specific configuration settings for a Kafka schema registry.

    " } }, "documentation":"

    Specific configuration settings for a self-managed Apache Kafka event source.

    " @@ -5607,6 +5867,22 @@ "type":"string", "sensitive":true }, + "SerializedRequestEntityTooLargeException":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"String", + "documentation":"

    The error type.

    " + }, + "message":{"shape":"String"} + }, + "documentation":"

    The processed request payload exceeded the Invoke request body size limit for asynchronous invocations. While the event payload may be under 1 MB, the size after internal serialization exceeds the maximum allowed size for asynchronous invocations.

    ", + "error":{ + "httpStatusCode":413, + "senderFault":true + }, + "exception":true + }, "ServiceException":{ "type":"structure", "members":{ @@ -5615,7 +5891,8 @@ }, "documentation":"

    The Lambda service encountered an internal error.

    ", "error":{"httpStatusCode":500}, - "exception":true + "exception":true, + "fault":true }, "SigningProfileVersionArns":{ "type":"list", @@ -5647,7 +5924,10 @@ "Message":{"shape":"String"} }, "documentation":"

    The afterRestore() runtime hook encountered an error. For more information, check the Amazon CloudWatch logs.

    ", - "error":{"httpStatusCode":400}, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, "exception":true }, "SnapStartNotReadyException":{ @@ -5657,7 +5937,10 @@ "Message":{"shape":"String"} }, "documentation":"

    Lambda is initializing your function. You can invoke the function when the function state becomes Active.

    ", - "error":{"httpStatusCode":409}, + "error":{ + "httpStatusCode":409, + "senderFault":true + }, "exception":true }, "SnapStartOptimizationStatus":{ @@ -5688,7 +5971,10 @@ "Message":{"shape":"String"} }, "documentation":"

    Lambda couldn't restore the snapshot within the timeout limit.

    ", - "error":{"httpStatusCode":408}, + "error":{ + "httpStatusCode":408, + "senderFault":true + }, "exception":true }, "SourceAccessConfiguration":{ @@ -5727,6 +6013,7 @@ "SourceOwner":{ "type":"string", "max":12, + "min":0, "pattern":"\\d{12}" }, "State":{ @@ -5778,7 +6065,8 @@ "StringList":{ "type":"list", "member":{"shape":"String"}, - "max":1500 + "max":1500, + "min":0 }, "SubnetIPAddressLimitReachedException":{ "type":"structure", @@ -5788,13 +6076,15 @@ }, "documentation":"

    Lambda couldn't set up VPC access for the Lambda function because one or more configured subnets has no available IP addresses.

    ", "error":{"httpStatusCode":502}, - "exception":true + "exception":true, + "fault":true }, "SubnetId":{"type":"string"}, "SubnetIds":{ "type":"list", "member":{"shape":"SubnetId"}, - "max":16 + "max":16, + "min":0 }, "SystemLogLevel":{ "type":"string", @@ -5820,7 +6110,7 @@ "shape":"TaggableResource", "documentation":"

    The resource's Amazon Resource Name (ARN).

    ", "location":"uri", - "locationName":"ARN" + "locationName":"Resource" }, "Tags":{ "shape":"Tags", @@ -5868,7 +6158,7 @@ "type":"string", "max":1000, "min":84, - "pattern":"^.*$" + "pattern":".*" }, "ThrottleReason":{ "type":"string", @@ -5883,6 +6173,7 @@ }, "Timeout":{ "type":"integer", + "box":true, "min":1 }, "Timestamp":{"type":"string"}, @@ -5900,14 +6191,17 @@ "Reason":{"shape":"ThrottleReason"} }, "documentation":"

    The request throughput limit was exceeded. For more information, see Lambda quotas.

    ", - "error":{"httpStatusCode":429}, + "error":{ + "httpStatusCode":429, + "senderFault":true + }, "exception":true }, "Topic":{ "type":"string", "max":249, "min":1, - "pattern":"^[^.]([a-zA-Z0-9\\-_.]+)" + "pattern":"[^.]([a-zA-Z0-9\\-_.]+)" }, "Topics":{ "type":"list", @@ -5944,6 +6238,7 @@ }, "TumblingWindowInSeconds":{ "type":"integer", + "box":true, "max":900, "min":0 }, @@ -5961,6 +6256,7 @@ }, "UnreservedConcurrentExecutions":{ "type":"integer", + "box":true, "min":0 }, "UnsupportedMediaTypeException":{ @@ -5970,7 +6266,10 @@ "message":{"shape":"String"} }, "documentation":"

    The content type of the Invoke request body is not JSON.

    ", - "error":{"httpStatusCode":415}, + "error":{ + "httpStatusCode":415, + "senderFault":true + }, "exception":true }, "UntagResourceRequest":{ @@ -5984,7 +6283,7 @@ "shape":"TaggableResource", "documentation":"

    The resource's Amazon Resource Name (ARN).

    ", "location":"uri", - "locationName":"ARN" + "locationName":"Resource" }, "TagKeys":{ "shape":"TagKeyList", @@ -6131,6 +6430,8 @@ "shape":"ScalingConfig", "documentation":"

    (Amazon SQS only) The scaling configuration for the event source. For more information, see Configuring maximum concurrency for Amazon SQS event sources.

    " }, + "AmazonManagedKafkaEventSourceConfig":{"shape":"AmazonManagedKafkaEventSourceConfig"}, + "SelfManagedKafkaEventSourceConfig":{"shape":"SelfManagedKafkaEventSourceConfig"}, "DocumentDBEventSourceConfig":{ "shape":"DocumentDBEventSourceConfig", "documentation":"

    Specific configuration settings for a DocumentDB event source.

    " @@ -6145,7 +6446,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The Provisioned Mode configuration for the event source. For more information, see Provisioned Mode.

    " + "documentation":"

    (Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.

    " } } }, @@ -6333,7 +6634,7 @@ }, "AuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " }, "Cors":{ "shape":"Cors", @@ -6341,7 +6642,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } } }, @@ -6365,7 +6666,7 @@ }, "AuthType":{ "shape":"FunctionUrlAuthType", - "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Security and auth model for Lambda function URLs.

    " + "documentation":"

    The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see Control access to Lambda function URLs.

    " }, "Cors":{ "shape":"Cors", @@ -6381,7 +6682,7 @@ }, "InvokeMode":{ "shape":"InvokeMode", - "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can request a quota increase.

    " + "documentation":"

    Use one of the following options:

    • BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.

    • RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 200 MB.

    " } } }, @@ -6447,8 +6748,9 @@ }, "WorkingDirectory":{ "type":"string", - "max":1000 + "max":1000, + "min":0 } }, - "documentation":"Lambda

    Overview

    Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. With Lambda, you can run code for virtually any type of application or backend service. For more information about the Lambda service, see What is Lambda in the Lambda Developer Guide.

    The Lambda API Reference provides information about each of the API methods, including details about the parameters in each API request and response.

    You can use Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools to access the API. For installation instructions, see Tools for Amazon Web Services.

    For a list of Region-specific endpoints that Lambda supports, see Lambda endpoints and quotas in the Amazon Web Services General Reference..

    When making the API calls, you will need to authenticate your request by providing a signature. Lambda supports signature version 4. For more information, see Signature Version 4 signing process in the Amazon Web Services General Reference..

    CA certificates

    Because Amazon Web Services SDKs use the CA certificates from your computer, changes to the certificates on the Amazon Web Services servers can cause connection failures when you attempt to use an SDK. You can prevent these failures by keeping your computer's CA certificates and operating system up-to-date. If you encounter this issue in a corporate environment and do not manage your own computer, you might need to ask an administrator to assist with the update process. The following list shows minimum operating system and Java versions:

    • Microsoft Windows versions that have updates from January 2005 or later installed contain at least one of the required CAs in their trust list.

    • Mac OS X 10.4 with Java for Mac OS X 10.4 Release 5 (February 2007), Mac OS X 10.5 (October 2007), and later versions contain at least one of the required CAs in their trust list.

    • Red Hat Enterprise Linux 5 (March 2007), 6, and 7 and CentOS 5, 6, and 7 all contain at least one of the required CAs in their default trusted CA list.

    • Java 1.4.2_12 (May 2006), 5 Update 2 (March 2005), and all later versions, including Java 6 (December 2006), 7, and 8, contain at least one of the required CAs in their default trusted CA list.

    When accessing the Lambda management console or Lambda API endpoints, whether through browsers or programmatically, you will need to ensure your client machines support any of the following CAs:

    • Amazon Root CA 1

    • Starfield Services Root Certificate Authority - G2

    • Starfield Class 2 Certification Authority

    Root certificates from the first two authorities are available from Amazon trust services, but keeping your computer up-to-date is the more straightforward solution. To learn more about ACM-provided certificates, see Amazon Web Services Certificate Manager FAQs.

    " + "documentation":"

    Lambda

    Overview

    Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. With Lambda, you can run code for virtually any type of application or backend service. For more information about the Lambda service, see What is Lambda in the Lambda Developer Guide.

    The Lambda API Reference provides information about each of the API methods, including details about the parameters in each API request and response.

    You can use Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools to access the API. For installation instructions, see Tools for Amazon Web Services.

    For a list of Region-specific endpoints that Lambda supports, see Lambda endpoints and quotas in the Amazon Web Services General Reference..

    When making the API calls, you will need to authenticate your request by providing a signature. Lambda supports signature version 4. For more information, see Signature Version 4 signing process in the Amazon Web Services General Reference..

    CA certificates

    Because Amazon Web Services SDKs use the CA certificates from your computer, changes to the certificates on the Amazon Web Services servers can cause connection failures when you attempt to use an SDK. You can prevent these failures by keeping your computer's CA certificates and operating system up-to-date. If you encounter this issue in a corporate environment and do not manage your own computer, you might need to ask an administrator to assist with the update process. The following list shows minimum operating system and Java versions:

    • Microsoft Windows versions that have updates from January 2005 or later installed contain at least one of the required CAs in their trust list.

    • Mac OS X 10.4 with Java for Mac OS X 10.4 Release 5 (February 2007), Mac OS X 10.5 (October 2007), and later versions contain at least one of the required CAs in their trust list.

    • Red Hat Enterprise Linux 5 (March 2007), 6, and 7 and CentOS 5, 6, and 7 all contain at least one of the required CAs in their default trusted CA list.

    • Java 1.4.2_12 (May 2006), 5 Update 2 (March 2005), and all later versions, including Java 6 (December 2006), 7, and 8, contain at least one of the required CAs in their default trusted CA list.

    When accessing the Lambda management console or Lambda API endpoints, whether through browsers or programmatically, you will need to ensure your client machines support any of the following CAs:

    • Amazon Root CA 1

    • Starfield Services Root Certificate Authority - G2

    • Starfield Class 2 Certification Authority

    Root certificates from the first two authorities are available from Amazon trust services, but keeping your computer up-to-date is the more straightforward solution. To learn more about ACM-provided certificates, see Amazon Web Services Certificate Manager FAQs.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/waiters-2.json 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/waiters-2.json --- 2.23.6-1/awscli/botocore/data/lambda/2015-03-31/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lambda/2015-03-31/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,152 +1,129 @@ { - "version": 2, - "waiters": { - "FunctionExists": { - "delay": 1, - "operation": "GetFunction", - "maxAttempts": 20, - "acceptors": [ - { - "state": "success", - "matcher": "status", - "expected": 200 - }, - { - "state": "retry", - "matcher": "error", - "expected": "ResourceNotFoundException" - } - ] + "version" : 2, + "waiters" : { + "FunctionActive" : { + "description" : "Waits for the function's State to be Active. This waiter uses GetFunctionConfiguration API. This should be used after new function creation.", + "delay" : 5, + "maxAttempts" : 60, + "operation" : "GetFunctionConfiguration", + "acceptors" : [ { + "matcher" : "path", + "argument" : "State", + "state" : "success", + "expected" : "Active" + }, { + "matcher" : "path", + "argument" : "State", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "path", + "argument" : "State", + "state" : "retry", + "expected" : "Pending" + } ] }, - "FunctionActive": { - "delay": 5, - "maxAttempts": 60, - "operation": "GetFunctionConfiguration", - "description": "Waits for the function's State to be Active. This waiter uses GetFunctionConfiguration API. This should be used after new function creation.", - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "State", - "expected": "Active" - }, - { - "state": "failure", - "matcher": "path", - "argument": "State", - "expected": "Failed" - }, - { - "state": "retry", - "matcher": "path", - "argument": "State", - "expected": "Pending" - } - ] + "FunctionActiveV2" : { + "description" : "Waits for the function's State to be Active. This waiter uses GetFunction API. This should be used after new function creation.", + "delay" : 1, + "maxAttempts" : 300, + "operation" : "GetFunction", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Configuration.State", + "state" : "success", + "expected" : "Active" + }, { + "matcher" : "path", + "argument" : "Configuration.State", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "path", + "argument" : "Configuration.State", + "state" : "retry", + "expected" : "Pending" + } ] }, - "FunctionUpdated": { - "delay": 5, - "maxAttempts": 60, - "operation": "GetFunctionConfiguration", - "description": "Waits for the function's LastUpdateStatus to be Successful. This waiter uses GetFunctionConfiguration API. This should be used after function updates.", - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "LastUpdateStatus", - "expected": "Successful" - }, - { - "state": "failure", - "matcher": "path", - "argument": "LastUpdateStatus", - "expected": "Failed" - }, - { - "state": "retry", - "matcher": "path", - "argument": "LastUpdateStatus", - "expected": "InProgress" - } - ] + "FunctionExists" : { + "delay" : 1, + "maxAttempts" : 20, + "operation" : "GetFunction", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : false + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ResourceNotFoundException" + } ] }, - "FunctionActiveV2": { - "delay": 1, - "maxAttempts": 300, - "operation": "GetFunction", - "description": "Waits for the function's State to be Active. This waiter uses GetFunction API. This should be used after new function creation.", - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "Configuration.State", - "expected": "Active" - }, - { - "state": "failure", - "matcher": "path", - "argument": "Configuration.State", - "expected": "Failed" - }, - { - "state": "retry", - "matcher": "path", - "argument": "Configuration.State", - "expected": "Pending" - } - ] + "FunctionUpdated" : { + "description" : "Waits for the function's LastUpdateStatus to be Successful. This waiter uses GetFunctionConfiguration API. This should be used after function updates.", + "delay" : 5, + "maxAttempts" : 60, + "operation" : "GetFunctionConfiguration", + "acceptors" : [ { + "matcher" : "path", + "argument" : "LastUpdateStatus", + "state" : "success", + "expected" : "Successful" + }, { + "matcher" : "path", + "argument" : "LastUpdateStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "path", + "argument" : "LastUpdateStatus", + "state" : "retry", + "expected" : "InProgress" + } ] }, - "FunctionUpdatedV2": { - "delay": 1, - "maxAttempts": 300, - "operation": "GetFunction", - "description": "Waits for the function's LastUpdateStatus to be Successful. This waiter uses GetFunction API. This should be used after function updates.", - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "Configuration.LastUpdateStatus", - "expected": "Successful" - }, - { - "state": "failure", - "matcher": "path", - "argument": "Configuration.LastUpdateStatus", - "expected": "Failed" - }, - { - "state": "retry", - "matcher": "path", - "argument": "Configuration.LastUpdateStatus", - "expected": "InProgress" - } - ] + "FunctionUpdatedV2" : { + "description" : "Waits for the function's LastUpdateStatus to be Successful. This waiter uses GetFunction API. This should be used after function updates.", + "delay" : 1, + "maxAttempts" : 300, + "operation" : "GetFunction", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Configuration.LastUpdateStatus", + "state" : "success", + "expected" : "Successful" + }, { + "matcher" : "path", + "argument" : "Configuration.LastUpdateStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "path", + "argument" : "Configuration.LastUpdateStatus", + "state" : "retry", + "expected" : "InProgress" + } ] }, - "PublishedVersionActive": { - "delay": 5, - "maxAttempts": 312, - "operation": "GetFunctionConfiguration", - "description": "Waits for the published version's State to be Active. This waiter uses GetFunctionConfiguration API. This should be used after new version is published.", - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "State", - "expected": "Active" - }, - { - "state": "failure", - "matcher": "path", - "argument": "State", - "expected": "Failed" - }, - { - "state": "retry", - "matcher": "path", - "argument": "State", - "expected": "Pending" - } - ] + "PublishedVersionActive" : { + "description" : "Waits for the published version's State to be Active. This waiter uses GetFunctionConfiguration API. This should be used after new version is published.", + "delay" : 5, + "maxAttempts" : 312, + "operation" : "GetFunctionConfiguration", + "acceptors" : [ { + "matcher" : "path", + "argument" : "State", + "state" : "success", + "expected" : "Active" + }, { + "matcher" : "path", + "argument" : "State", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "path", + "argument" : "State", + "state" : "retry", + "expected" : "Pending" + } ] } } -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/launch-wizard/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/launch-wizard/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/launch-wizard/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/launch-wizard/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lex-models/2017-04-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lex-models/2017-04-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lex-models/2017-04-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lex-models/2017-04-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws" ] } ], @@ -252,7 +248,6 @@ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -261,7 +256,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -281,14 +277,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -302,7 +300,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -322,7 +319,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -333,14 +329,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -401,9 +399,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/lex-models/2017-04-19/service-2.json 2.31.35-1/awscli/botocore/data/lex-models/2017-04-19/service-2.json --- 2.23.6-1/awscli/botocore/data/lex-models/2017-04-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lex-models/2017-04-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"models.lex", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Lex Model Building Service", "serviceId":"Lex Model Building Service", "signatureVersion":"v4", "signingName":"lex", - "uid":"lex-models-2017-04-19" + "uid":"lex-models-2017-04-19", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateBotVersion":{ @@ -4205,8 +4207,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4237,8 +4238,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UserId":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/lex-runtime/2016-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lex-runtime/2016-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lex-runtime/2016-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lex-runtime/2016-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,65 +5,110 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ { - "fn": "parseURL", + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", "argv": [ { - "ref": "Endpoint" + "ref": "Region" } ], - "assign": "url" + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -75,165 +120,109 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } ] } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://runtime.lex-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } - ] - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] + ], + "type": "tree" }, { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseFIPS" + }, + true ] } ], - "type": "tree", "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://runtime.lex-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", + ], "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws", { "fn": "getAttr", "argv": [ @@ -242,12 +231,13 @@ }, "name" ] - } + }, + "aws" ] } ], "endpoint": { - "url": "https://runtime-fips.lex.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://runtime-fips.lex.{Region}.amazonaws.com", "properties": {}, "headers": {} }, @@ -258,7 +248,6 @@ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -267,12 +256,13 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], "endpoint": { - "url": "https://runtime-fips.lex.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://runtime-fips.lex.{Region}.amazonaws.com", "properties": {}, "headers": {} }, @@ -287,79 +277,138 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://runtime.lex.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, - true - ] - } - ], - "type": "tree", - "rules": [ + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, + "aws", { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] } ] } ], - "type": "tree", - "rules": [ + "endpoint": { + "url": "https://runtime.lex.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [], - "endpoint": { - "url": "https://runtime.lex.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] } - ] + ], + "endpoint": { + "url": "https://runtime.lex.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://runtime.lex.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://runtime.lex.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + ], + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/lex-runtime/2016-11-28/service-2.json 2.31.35-1/awscli/botocore/data/lex-runtime/2016-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/lex-runtime/2016-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lex-runtime/2016-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"runtime.lex", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Lex Runtime Service", "serviceId":"Lex Runtime Service", "signatureVersion":"v4", "signingName":"lex", - "uid":"runtime.lex-2016-11-28" + "uid":"runtime.lex-2016-11-28", + "auth":["aws.auth#sigv4"] }, "operations":{ "DeleteSession":{ @@ -67,7 +69,8 @@ {"shape":"LoopDetectedException"} ], "documentation":"

    Sends user input (text or speech) to Amazon Lex. Clients use this API to send text and audio requests to Amazon Lex at runtime. Amazon Lex interprets the user input using the machine learning model that it built for the bot.

    The PostContent operation supports audio input at 8kHz and 16kHz. You can use 8kHz audio to achieve higher speech recognition accuracy in telephone audio applications.

    In response, Amazon Lex returns the next message to convey to the user. Consider the following example messages:

    • For a user input \"I would like a pizza,\" Amazon Lex might return a response with a message eliciting slot data (for example, PizzaSize): \"What size pizza would you like?\".

    • After the user provides all of the pizza order information, Amazon Lex might return a response with a message to get user confirmation: \"Order the pizza?\".

    • After the user replies \"Yes\" to the confirmation prompt, Amazon Lex might return a conclusion statement: \"Thank you, your cheese pizza has been ordered.\".

    Not all Amazon Lex messages require a response from the user. For example, conclusion statements do not require a response. Some messages require only a yes or no response. In addition to the message, Amazon Lex provides additional context about the message in the response that you can use to enhance client behavior, such as displaying the appropriate client user interface. Consider the following examples:

    • If the message is to elicit slot data, Amazon Lex returns the following context information:

      • x-amz-lex-dialog-state header set to ElicitSlot

      • x-amz-lex-intent-name header set to the intent name in the current context

      • x-amz-lex-slot-to-elicit header set to the slot name for which the message is eliciting information

      • x-amz-lex-slots header set to a map of slots configured for the intent with their current values

    • If the message is a confirmation prompt, the x-amz-lex-dialog-state header is set to Confirmation and the x-amz-lex-slot-to-elicit header is omitted.

    • If the message is a clarification prompt configured for the intent, indicating that the user intent is not understood, the x-amz-dialog-state header is set to ElicitIntent and the x-amz-slot-to-elicit header is omitted.

    In addition, Amazon Lex also returns your application-specific sessionAttributes. For more information, see Managing Conversation Context.

    ", - "authtype":"v4-unsigned-body" + "authtype":"v4-unsigned-body", + "unsignedPayload":true }, "PostText":{ "name":"PostText", diff -pruN 2.23.6-1/awscli/botocore/data/lexv2-models/2020-08-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lexv2-models/2020-08-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lexv2-models/2020-08-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lexv2-models/2020-08-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json 2.31.35-1/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json --- 2.23.6-1/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -3649,6 +3649,10 @@ "documentation":"

    The Amazon Resource Name (ARN) of the IAM role used to build and run the bot.

    " }, "dataPrivacy":{"shape":"DataPrivacy"}, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Allows you to configure destinations where error logs will be published during the bot import process.

    " + }, "idleSessionTTLInSeconds":{ "shape":"SessionTTL", "documentation":"

    The time, in seconds, that Amazon Lex should keep information about a user's conversation with the bot.

    A user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Lex deletes any data provided before the timeout.

    You can specify between 60 (1 minute) and 86,400 (24 hours) seconds.

    " @@ -5036,6 +5040,10 @@ "botMembers":{ "shape":"BotMembers", "documentation":"

    The list of bot members in a network to be created.

    " + }, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Specifies the configuration for error logging during bot creation.

    " } } }, @@ -5089,6 +5097,10 @@ "botMembers":{ "shape":"BotMembers", "documentation":"

    The list of bots in a network that was created.

    " + }, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Specifies configuration settings for delivering error logs to Cloudwatch Logs in an Amazon Lex bot response.

    " } } }, @@ -5274,6 +5286,10 @@ "qnAIntentConfiguration":{ "shape":"QnAIntentConfiguration", "documentation":"

    Specifies the configuration of the built-in Amazon.QnAIntent. The AMAZON.QnAIntent intent is called when Amazon Lex can't determine another intent to invoke. If you specify this field, you can't specify the kendraConfiguration field.

    " + }, + "qInConnectIntentConfiguration":{ + "shape":"QInConnectIntentConfiguration", + "documentation":"

    Qinconnect intent configuration details for the create intent request.

    " } } }, @@ -5351,6 +5367,10 @@ "qnAIntentConfiguration":{ "shape":"QnAIntentConfiguration", "documentation":"

    Details about the the configuration of the built-in Amazon.QnAIntent.

    " + }, + "qInConnectIntentConfiguration":{ + "shape":"QInConnectIntentConfiguration", + "documentation":"

    Qinconnect intent configuration details for the create intent response.

    " } } }, @@ -5717,8 +5737,7 @@ }, "CreateUploadUrlRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateUploadUrlResponse":{ "type":"structure", @@ -6474,8 +6493,7 @@ }, "DeleteUtterancesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeBotAliasRequest":{ "type":"structure", @@ -6933,6 +6951,10 @@ "failureReasons":{ "shape":"FailureReasons", "documentation":"

    If the botStatus is Failed, this contains a list of reasons that the bot couldn't be built.

    " + }, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Contains the configuration for error logging that specifies where and how bot errors are recorded, including destinations like CloudWatch Logs.

    " } } }, @@ -7290,6 +7312,10 @@ "qnAIntentConfiguration":{ "shape":"QnAIntentConfiguration", "documentation":"

    Details about the configuration of the built-in Amazon.QnAIntent.

    " + }, + "qInConnectIntentConfiguration":{ + "shape":"QInConnectIntentConfiguration", + "documentation":"

    Qinconnect intent configuration details for the describe intent response.

    " } } }, @@ -7744,7 +7770,7 @@ }, "Description":{ "type":"string", - "max":200, + "max":2000, "min":0 }, "DescriptiveBotBuilderSpecification":{ @@ -7905,6 +7931,17 @@ "INTERNAL_SERVER_FAILURE" ] }, + "ErrorLogSettings":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"BoxedBoolean", + "documentation":"

    Settings parameters for the error logs, when it is enabled.

    " + } + }, + "documentation":"

    Settings parameters for the error logs, whether it is enabled or disabled.

    " + }, "ErrorMessage":{"type":"string"}, "ExactResponseFields":{ "type":"structure", @@ -10841,6 +10878,17 @@ "min":0 }, "NextToken":{"type":"string"}, + "NluImprovementSpecification":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"Enabled", + "documentation":"

    Specifies whether the assisted nlu feature is enabled.

    " + } + }, + "documentation":"

    Specifies whether the assisted nlu feature is turned on or off.

    " + }, "NonEmptyString":{ "type":"string", "min":1 @@ -11246,6 +11294,31 @@ }, "documentation":"

    Specifies a list of message groups that Amazon Lex sends to a user to elicit a response.

    " }, + "QInConnectAssistantARN":{ + "type":"string", + "pattern":"^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$" + }, + "QInConnectAssistantConfiguration":{ + "type":"structure", + "required":["assistantArn"], + "members":{ + "assistantArn":{ + "shape":"QInConnectAssistantARN", + "documentation":"

    The assistant Arn details of the Qinconnect assistant configuration.

    " + } + }, + "documentation":"

    The configuration details of the Qinconnect assistant.

    " + }, + "QInConnectIntentConfiguration":{ + "type":"structure", + "members":{ + "qInConnectAssistantConfiguration":{ + "shape":"QInConnectAssistantConfiguration", + "documentation":"

    The Qinconnect assistant configuration details of the Qinconnect intent.

    " + } + }, + "documentation":"

    The configuration details of the Qinconnect intent.

    " + }, "QnAIntentConfiguration":{ "type":"structure", "members":{ @@ -11437,6 +11510,10 @@ "slotResolutionImprovement":{ "shape":"SlotResolutionImprovementSpecification", "documentation":"

    An object containing specifications for the assisted slot resolution feature.

    " + }, + "nluImprovement":{ + "shape":"NluImprovementSpecification", + "documentation":"

    An object containing specifications for the assisted nlu feature.

    " } }, "documentation":"

    Contains specifications about the Amazon Lex runtime generative AI capabilities from Amazon Bedrock that you can turn on for your bot.

    " @@ -12878,8 +12955,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -13586,8 +13662,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBotAliasRequest":{ "type":"structure", @@ -13904,6 +13979,10 @@ "botMembers":{ "shape":"BotMembers", "documentation":"

    The list of bot members in the network associated with the update action.

    " + }, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Allows you to modify how Amazon Lex logs errors during bot interactions, including destinations for error logs and the types of errors to be captured.

    " } } }, @@ -13953,6 +14032,10 @@ "botMembers":{ "shape":"BotMembers", "documentation":"

    The list of bot members in the network that was updated.

    " + }, + "errorLogSettings":{ + "shape":"ErrorLogSettings", + "documentation":"

    Settings for managing error logs within the response of an update bot operation.

    " } } }, @@ -14096,6 +14179,10 @@ "qnAIntentConfiguration":{ "shape":"QnAIntentConfiguration", "documentation":"

    Specifies the configuration of the built-in Amazon.QnAIntent. The AMAZON.QnAIntent intent is called when Amazon Lex can't determine another intent to invoke. If you specify this field, you can't specify the kendraConfiguration field.

    " + }, + "qInConnectIntentConfiguration":{ + "shape":"QInConnectIntentConfiguration", + "documentation":"

    Qinconnect intent configuration details for the update intent request.

    " } } }, @@ -14181,6 +14268,10 @@ "qnAIntentConfiguration":{ "shape":"QnAIntentConfiguration", "documentation":"

    Details about the configuration of the built-in Amazon.QnAIntent.

    " + }, + "qInConnectIntentConfiguration":{ + "shape":"QInConnectIntentConfiguration", + "documentation":"

    Qinconnect intent configuration details for the update intent response.

    " } } }, diff -pruN 2.23.6-1/awscli/botocore/data/lexv2-runtime/2020-08-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lexv2-runtime/2020-08-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lexv2-runtime/2020-08-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lexv2-runtime/2020-08-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lexv2-runtime/2020-08-07/service-2.json 2.31.35-1/awscli/botocore/data/lexv2-runtime/2020-08-07/service-2.json --- 2.23.6-1/awscli/botocore/data/lexv2-runtime/2020-08-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lexv2-runtime/2020-08-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,12 +6,14 @@ "jsonVersion":"1.1", "protocol":"rest-json", "protocolSettings":{"h2":"eventstream"}, + "protocols":["rest-json"], "serviceAbbreviation":"Lex Runtime V2", "serviceFullName":"Amazon Lex Runtime V2", "serviceId":"Lex Runtime V2", "signatureVersion":"v4", "signingName":"lex", - "uid":"runtime.lex.v2-2020-08-07" + "uid":"runtime.lex.v2-2020-08-07", + "auth":["aws.auth#sigv4"] }, "operations":{ "DeleteSession":{ @@ -108,7 +110,8 @@ {"shape":"BadGatewayException"} ], "documentation":"

    Sends user input to Amazon Lex V2. You can send text or speech. Clients use this API to send text and audio requests to Amazon Lex V2 at runtime. Amazon Lex V2 interprets the user input using the machine learning model built for the bot.

    The following request fields must be compressed with gzip and then base64 encoded before you send them to Amazon Lex V2.

    • requestAttributes

    • sessionState

    The following response fields are compressed using gzip and then base64 encoded by Amazon Lex V2. Before you can use these fields, you must decode and decompress them.

    • inputTranscript

    • interpretations

    • messages

    • requestAttributes

    • sessionState

    The example contains a Java application that compresses and encodes a Java object to send to Amazon Lex V2, and a second that decodes and decompresses a response from Amazon Lex V2.

    If the optional post-fulfillment response is specified, the messages are returned as follows. For more information, see PostFulfillmentStatusSpecification.

    • Success message - Returned if the Lambda function completes successfully and the intent state is fulfilled or ready fulfillment if the message is present.

    • Failed message - The failed message is returned if the Lambda function throws an exception or if the Lambda function returns a failed intent state without a message.

    • Timeout message - If you don't configure a timeout message and a timeout, and the Lambda function doesn't return within 30 seconds, the timeout message is returned. If you configure a timeout, the timeout message is returned when the period times out.

    For more information, see Completion message.

    ", - "authtype":"v4-unsigned-body" + "authtype":"v4-unsigned-body", + "unsignedPayload":true }, "StartConversation":{ "name":"StartConversation", diff -pruN 2.23.6-1/awscli/botocore/data/license-manager/2018-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/license-manager/2018-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/license-manager/2018-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager/2018-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/license-manager/2018-08-01/service-2.json 2.31.35-1/awscli/botocore/data/license-manager/2018-08-01/service-2.json --- 2.23.6-1/awscli/botocore/data/license-manager/2018-08-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager/2018-08-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"license-manager", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS License Manager", "serviceId":"License Manager", "signatureVersion":"v4", "targetPrefix":"AWSLicenseManager", - "uid":"license-manager-2018-08-01" + "uid":"license-manager-2018-08-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptGrant":{ @@ -776,7 +778,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RateLimitExceededException"} ], - "documentation":"

    Lists the tags for the specified license configuration.

    " + "documentation":"

    Lists the tags for the specified resource. For more information about tagging support in License Manager, see the TagResource operation.

    " }, "ListTokens":{ "name":"ListTokens", @@ -847,7 +849,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RateLimitExceededException"} ], - "documentation":"

    Adds the specified tags to the specified license configuration.

    " + "documentation":"

    Adds the specified tags to the specified resource. The following resources support tagging in License Manager:

    • Licenses

    • Grants

    • License configurations

    • Report generators

    " }, "UntagResource":{ "name":"UntagResource", @@ -864,7 +866,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RateLimitExceededException"} ], - "documentation":"

    Removes the specified tags from the specified license configuration.

    " + "documentation":"

    Removes the specified tags from the specified resource.

    " }, "UpdateLicenseConfiguration":{ "name":"UpdateLicenseConfiguration", @@ -880,7 +882,8 @@ {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, {"shape":"RateLimitExceededException"}, - {"shape":"ResourceLimitExceededException"} + {"shape":"ResourceLimitExceededException"}, + {"shape":"ConflictException"} ], "documentation":"

    Modifies the attributes of an existing license configuration.

    " }, @@ -919,7 +922,8 @@ {"shape":"ServerInternalException"}, {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, - {"shape":"RateLimitExceededException"} + {"shape":"RateLimitExceededException"}, + {"shape":"ConflictException"} ], "documentation":"

    Adds or removes the specified license configurations for the specified Amazon Web Services resource.

    You can update the license specifications of AMIs, instances, and hosts. You cannot update the license specifications for launch templates and CloudFormation templates, as they send license configurations to the operation that creates the resource.

    " }, @@ -999,13 +1003,13 @@ "AllowedOperationList":{ "type":"list", "member":{"shape":"AllowedOperation"}, - "max":7, + "max":8, "min":1 }, "Arn":{ "type":"string", "max":2048, - "pattern":"^arn:aws(-(cn|us-gov|iso-b|iso-c|iso-d))?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$" + "pattern":"^arn:aws[a-zA-Z-]*:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$" }, "ArnList":{ "type":"list", @@ -1067,8 +1071,7 @@ }, "CheckInLicenseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CheckoutBorrowLicenseRequest":{ "type":"structure", @@ -1314,6 +1317,10 @@ "AllowedOperations":{ "shape":"AllowedOperationList", "documentation":"

    Allowed operations for the grant.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Tags to add to the grant. For more information about tagging support in License Manager, see the TagResource operation.

    " } } }, @@ -1421,7 +1428,7 @@ }, "LicenseRules":{ "shape":"StringList", - "documentation":"

    License rules. The syntax is #name=value (for example, #allowedTenancy=EC2-DedicatedHost). The available rules vary by dimension, as follows.

    • Cores dimension: allowedTenancy | licenseAffinityToHost | maximumCores | minimumCores

    • Instances dimension: allowedTenancy | maximumCores | minimumCores | maximumSockets | minimumSockets | maximumVcpus | minimumVcpus

    • Sockets dimension: allowedTenancy | licenseAffinityToHost | maximumSockets | minimumSockets

    • vCPUs dimension: allowedTenancy | honorVcpuOptimization | maximumVcpus | minimumVcpus

    The unit for licenseAffinityToHost is days and the range is 1 to 180. The possible values for allowedTenancy are EC2-Default, EC2-DedicatedHost, and EC2-DedicatedInstance. The possible values for honorVcpuOptimization are True and False.

    " + "documentation":"

    License rules. The syntax is #name=value (for example, #allowedTenancy=EC2-DedicatedHost). The available rules vary by dimension, as follows.

    • Cores dimension: allowedTenancy | licenseAffinityToHost | maximumCores | minimumCores

    • Instances dimension: allowedTenancy | maximumVcpus | minimumVcpus

    • Sockets dimension: allowedTenancy | licenseAffinityToHost | maximumSockets | minimumSockets

    • vCPUs dimension: allowedTenancy | honorVcpuOptimization | maximumVcpus | minimumVcpus

    The unit for licenseAffinityToHost is days and the range is 1 to 180. The possible values for allowedTenancy are EC2-Default, EC2-DedicatedHost, and EC2-DedicatedInstance. The possible values for honorVcpuOptimization are True and False.

    " }, "Tags":{ "shape":"TagList", @@ -1584,6 +1591,10 @@ "ClientToken":{ "shape":"ClientToken", "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Tags to add to the license. For more information about tagging support in License Manager, see the TagResource operation.

    " } } }, @@ -1798,8 +1809,7 @@ }, "DeleteLicenseConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLicenseManagerReportGeneratorRequest":{ "type":"structure", @@ -1813,8 +1823,7 @@ }, "DeleteLicenseManagerReportGeneratorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLicenseRequest":{ "type":"structure", @@ -1858,8 +1867,7 @@ }, "DeleteTokenResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DigitalSignatureMethod":{ "type":"string", @@ -2347,8 +2355,7 @@ }, "GetServiceSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetServiceSettingsResponse":{ "type":"structure", @@ -2828,6 +2835,10 @@ "UsageOperation":{ "shape":"UsageOperation", "documentation":"

    The Usage operation value that corresponds to the license type you are converting your resource from. For more information about which platforms correspond to which usage operation values see Sample data: usage operation by platform

    " + }, + "ProductCodes":{ + "shape":"ProductCodeList", + "documentation":"

    Product codes referred to in the license conversion process.

    " } }, "documentation":"

    Information about a license type conversion task.

    " @@ -3115,7 +3126,7 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

    Filters to scope the results. The following filters and logical operators are supported:

    • licenseCountingType - The dimension for which licenses are counted. Possible values are vCPU | Instance | Core | Socket. Logical operators are EQUALS | NOT_EQUALS.

    • enforceLicenseCount - A Boolean value that indicates whether hard license enforcement is used. Logical operators are EQUALS | NOT_EQUALS.

    • usagelimitExceeded - A Boolean value that indicates whether the available licenses have been exceeded. Logical operators are EQUALS | NOT_EQUALS.

    " + "documentation":"

    Filters to scope the results. The following filters and logical operators are supported:

    • licenseCountingType - The dimension for which licenses are counted. Possible values are vCPU | Instance | Core | Socket.

    • enforceLicenseCount - A Boolean value that indicates whether hard license enforcement is used.

    • usagelimitExceeded - A Boolean value that indicates whether the available licenses have been exceeded.

    " } } }, @@ -3457,7 +3468,7 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"

    Amazon Resource Name (ARN) of the license configuration.

    " + "documentation":"

    Amazon Resource Name (ARN) of the resource.

    " } } }, @@ -3522,7 +3533,7 @@ }, "Filters":{ "shape":"Filters", - "documentation":"

    Filters to scope the results. The following filters and logical operators are supported:

    • resourceArn - The ARN of the license configuration resource. Logical operators are EQUALS | NOT_EQUALS.

    • resourceType - The resource type (EC2_INSTANCE | EC2_HOST | EC2_AMI | SYSTEMS_MANAGER_MANAGED_INSTANCE). Logical operators are EQUALS | NOT_EQUALS.

    • resourceAccount - The ID of the account that owns the resource. Logical operators are EQUALS | NOT_EQUALS.

    " + "documentation":"

    Filters to scope the results. The following filters and logical operators are supported:

    • resourceArn - The ARN of the license configuration resource.

    • resourceType - The resource type (EC2_INSTANCE | EC2_HOST | EC2_AMI | SYSTEMS_MANAGER_MANAGED_INSTANCE).

    • resourceAccount - The ID of the account that owns the resource.

    " } } }, @@ -3623,6 +3634,36 @@ "max":1, "min":1 }, + "ProductCodeId":{ + "type":"string", + "pattern":"^[A-Za-z0-9]{1,25}$" + }, + "ProductCodeList":{ + "type":"list", + "member":{"shape":"ProductCodeListItem"} + }, + "ProductCodeListItem":{ + "type":"structure", + "required":[ + "ProductCodeId", + "ProductCodeType" + ], + "members":{ + "ProductCodeId":{ + "shape":"ProductCodeId", + "documentation":"

    The product code ID

    " + }, + "ProductCodeType":{ + "shape":"ProductCodeType", + "documentation":"

    The product code type

    " + } + }, + "documentation":"

    A list item that contains a product code.

    " + }, + "ProductCodeType":{ + "type":"string", + "enum":["marketplace"] + }, "ProductInformation":{ "type":"structure", "required":[ @@ -3636,7 +3677,7 @@ }, "ProductInformationFilterList":{ "shape":"ProductInformationFilterList", - "documentation":"

    A Product information filter consists of a ProductInformationFilterComparator which is a logical operator, a ProductInformationFilterName which specifies the type of filter being declared, and a ProductInformationFilterValue that specifies the value to filter on.

    Accepted values for ProductInformationFilterName are listed here along with descriptions and valid options for ProductInformationFilterComparator.

    The following filters and are supported when the resource type is SSM_MANAGED:

    • Application Name - The name of the application. Logical operator is EQUALS.

    • Application Publisher - The publisher of the application. Logical operator is EQUALS.

    • Application Version - The version of the application. Logical operator is EQUALS.

    • Platform Name - The name of the platform. Logical operator is EQUALS.

    • Platform Type - The platform type. Logical operator is EQUALS.

    • Tag:key - The key of a tag attached to an Amazon Web Services resource you wish to exclude from automated discovery. Logical operator is NOT_EQUALS. The key for your tag must be appended to Tag: following the example: Tag:name-of-your-key. ProductInformationFilterValue is optional if you are not using values for the key.

    • AccountId - The 12-digit ID of an Amazon Web Services account you wish to exclude from automated discovery. Logical operator is NOT_EQUALS.

    • License Included - The type of license included. Logical operators are EQUALS and NOT_EQUALS. Possible values are: sql-server-enterprise | sql-server-standard | sql-server-web | windows-server-datacenter.

    The following filters and logical operators are supported when the resource type is RDS:

    • Engine Edition - The edition of the database engine. Logical operator is EQUALS. Possible values are: oracle-ee | oracle-se | oracle-se1 | oracle-se2.

    • License Pack - The license pack. Logical operator is EQUALS. Possible values are: data guard | diagnostic pack sqlt | tuning pack sqlt | ols | olap.

    " + "documentation":"

    A Product information filter consists of a ProductInformationFilterComparator which is a logical operator, a ProductInformationFilterName which specifies the type of filter being declared, and a ProductInformationFilterValue that specifies the value to filter on.

    Accepted values for ProductInformationFilterName are listed here along with descriptions and valid options for ProductInformationFilterComparator.

    The following filters and are supported when the resource type is SSM_MANAGED:

    • Application Name - The name of the application. Logical operator is EQUALS.

    • Application Publisher - The publisher of the application. Logical operator is EQUALS.

    • Application Version - The version of the application. Logical operator is EQUALS.

    • Platform Name - The name of the platform. Logical operator is EQUALS.

    • Platform Type - The platform type. Logical operator is EQUALS.

    • Tag:key - The key of a tag attached to an Amazon Web Services resource you wish to exclude from automated discovery. Logical operator is NOT_EQUALS. The key for your tag must be appended to Tag: following the example: Tag:name-of-your-key. ProductInformationFilterValue is optional if you are not using values for the key.

    • AccountId - The 12-digit ID of an Amazon Web Services account you wish to exclude from automated discovery. Logical operator is NOT_EQUALS.

    • License Included - The type of license included. Logical operators are EQUALS and NOT_EQUALS. Possible values are: sql-server-enterprise | sql-server-standard | sql-server-web | windows-server-datacenter.

    The following filters and logical operators are supported when the resource type is RDS:

    • Engine Edition - The edition of the database engine. Logical operator is EQUALS. Possible values are: oracle-ee | oracle-se | oracle-se1 | oracle-se2 | db2-se | db2-ae.

    • License Pack - The license pack. Logical operator is EQUALS. Possible values are: data guard | diagnostic pack sqlt | tuning pack sqlt | ols | olap.

    " } }, "documentation":"

    Describes product information for a license configuration.

    " @@ -3978,14 +4019,14 @@ "members":{ "Key":{ "shape":"String", - "documentation":"

    Tag key.

    " + "documentation":"

    The tag key.

    " }, "Value":{ "shape":"String", - "documentation":"

    Tag value.

    " + "documentation":"

    The tag value.

    " } }, - "documentation":"

    Details about a tag for a license configuration.

    " + "documentation":"

    Details about the tags for a resource. For more information about tagging support in License Manager, see the TagResource operation.

    " }, "TagKeyList":{ "type":"list", @@ -4004,7 +4045,7 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"

    Amazon Resource Name (ARN) of the license configuration.

    " + "documentation":"

    Amazon Resource Name (ARN) of the resource. The following examples provide an example ARN for each supported resource in License Manager:

    • Licenses - arn:aws:license-manager::111122223333:license:l-EXAMPLE2da7646d6861033667f20e895

    • Grants - arn:aws:license-manager::111122223333:grant:g-EXAMPLE7b19f4a0ab73679b0beb52707

    • License configurations - arn:aws:license-manager:us-east-1:111122223333:license-configuration:lic-EXAMPLE6a788d4c8acd4264ff0ecf2ed2d

    • Report generators - arn:aws:license-manager:us-east-1:111122223333:report-generator:r-EXAMPLE825b4a4f8fe5a3e0c88824e5fc6

    " }, "Tags":{ "shape":"TagList", @@ -4014,8 +4055,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TokenData":{ "type":"structure", @@ -4081,7 +4121,7 @@ "members":{ "ResourceArn":{ "shape":"String", - "documentation":"

    Amazon Resource Name (ARN) of the license configuration.

    " + "documentation":"

    Amazon Resource Name (ARN) of the resource.

    " }, "TagKeys":{ "shape":"TagKeyList", @@ -4091,8 +4131,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLicenseConfigurationRequest":{ "type":"structure", @@ -4138,8 +4177,7 @@ }, "UpdateLicenseConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLicenseManagerReportGeneratorRequest":{ "type":"structure", @@ -4184,8 +4222,7 @@ }, "UpdateLicenseManagerReportGeneratorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLicenseSpecificationsForResourceRequest":{ "type":"structure", @@ -4207,8 +4244,7 @@ }, "UpdateLicenseSpecificationsForResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateServiceSettingsRequest":{ "type":"structure", @@ -4233,8 +4269,7 @@ }, "UpdateServiceSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UsageOperation":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/license-manager-linux-subscriptions/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/license-manager-linux-subscriptions/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/license-manager-linux-subscriptions/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager-linux-subscriptions/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], "endpointPrefix":"license-manager-user-subscriptions", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS License Manager User Subscriptions", "serviceId":"License Manager User Subscriptions", "signatureVersion":"v4", "signingName":"license-manager-user-subscriptions", - "uid":"license-manager-user-subscriptions-2018-05-10", - "auth":["aws.auth#sigv4"] + "uid":"license-manager-user-subscriptions-2018-05-10" }, "operations":{ "AssociateUser":{ @@ -25,8 +24,8 @@ "output":{"shape":"AssociateUserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -46,8 +45,8 @@ "output":{"shape":"CreateLicenseServerEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -67,8 +66,8 @@ "output":{"shape":"DeleteLicenseServerEndpointResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -88,8 +87,8 @@ "output":{"shape":"DeregisterIdentityProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -109,8 +108,8 @@ "output":{"shape":"DisassociateUserResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -130,8 +129,8 @@ "output":{"shape":"ListIdentityProvidersResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -150,8 +149,8 @@ "output":{"shape":"ListInstancesResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -170,8 +169,8 @@ "output":{"shape":"ListLicenseServerEndpointsResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} @@ -189,8 +188,8 @@ "output":{"shape":"ListProductSubscriptionsResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -225,8 +224,8 @@ "output":{"shape":"ListUserAssociationsResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -245,8 +244,8 @@ "output":{"shape":"RegisterIdentityProviderResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -266,8 +265,8 @@ "output":{"shape":"StartProductSubscriptionResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -286,8 +285,8 @@ "output":{"shape":"StopProductSubscriptionResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, @@ -359,6 +358,10 @@ "ActiveDirectoryIdentityProvider":{ "type":"structure", "members":{ + "DirectoryId":{ + "shape":"Directory", + "documentation":"

    The directory ID for an Active Directory identity provider.

    " + }, "ActiveDirectorySettings":{ "shape":"ActiveDirectorySettings", "documentation":"

    The ActiveDirectorySettings resource contains details about the Active Directory, including network access details such as domain name and IP addresses, and the credential provider for user administration.

    " @@ -367,9 +370,9 @@ "shape":"ActiveDirectoryType", "documentation":"

    The type of Active Directory – either a self-managed Active Directory or an Amazon Web Services Managed Active Directory.

    " }, - "DirectoryId":{ - "shape":"Directory", - "documentation":"

    The directory ID for an Active Directory identity provider.

    " + "IsSharedActiveDirectory":{ + "shape":"Boolean", + "documentation":"

    Whether this directory is shared from an Amazon Web Services Managed Active Directory. The default value is false.

    " } }, "documentation":"

    Details about an Active Directory identity provider.

    " @@ -377,17 +380,21 @@ "ActiveDirectorySettings":{ "type":"structure", "members":{ - "DomainCredentialsProvider":{ - "shape":"CredentialsProvider", - "documentation":"

    Points to the CredentialsProvider resource that contains information about the credential provider for user administration.

    " + "DomainName":{ + "shape":"String", + "documentation":"

    The domain name for the Active Directory.

    " }, "DomainIpv4List":{ "shape":"ActiveDirectorySettingsDomainIpv4ListList", "documentation":"

    A list of domain IPv4 addresses that are used for the Active Directory.

    " }, - "DomainName":{ - "shape":"String", - "documentation":"

    The domain name for the Active Directory.

    " + "DomainIpv6List":{ + "shape":"ActiveDirectorySettingsDomainIpv6ListList", + "documentation":"

    A list of domain IPv6 addresses that are used for the Active Directory.

    " + }, + "DomainCredentialsProvider":{ + "shape":"CredentialsProvider", + "documentation":"

    Points to the CredentialsProvider resource that contains information about the credential provider for user administration.

    " }, "DomainNetworkSettings":{ "shape":"DomainNetworkSettings", @@ -402,6 +409,12 @@ "max":2, "min":1 }, + "ActiveDirectorySettingsDomainIpv6ListList":{ + "type":"list", + "member":{"shape":"IpV6"}, + "max":2, + "min":1 + }, "ActiveDirectoryType":{ "type":"string", "enum":[ @@ -411,35 +424,35 @@ }, "Arn":{ "type":"string", - "pattern":"^arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-zA-Z0-9-\\.]{1,510}/[a-zA-Z0-9-\\.]{1,510}$" + "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{1,63}:[a-zA-Z0-9-\\.]{1,510}/[a-zA-Z0-9-\\.]{1,510}" }, "AssociateUserRequest":{ "type":"structure", "required":[ - "IdentityProvider", + "Username", "InstanceId", - "Username" + "IdentityProvider" ], "members":{ - "Domain":{ + "Username":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains information for the user to associate.

    " + "documentation":"

    The user name from the identity provider.

    " + }, + "InstanceId":{ + "shape":"String", + "documentation":"

    The ID of the EC2 instance that provides the user-based subscription.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", "documentation":"

    The identity provider for the user.

    " }, - "InstanceId":{ + "Domain":{ "shape":"String", - "documentation":"

    The ID of the EC2 instance that provides the user-based subscription.

    " + "documentation":"

    The domain name of the Active Directory that contains information for the user to associate.

    " }, "Tags":{ "shape":"Tags", "documentation":"

    The tags that apply for the user association.

    " - }, - "Username":{ - "shape":"String", - "documentation":"

    The user name from the identity provider.

    " } } }, @@ -453,6 +466,10 @@ } } }, + "Boolean":{ + "type":"boolean", + "box":true + }, "BoxInteger":{ "type":"integer", "box":true @@ -544,13 +561,13 @@ "shape":"IdentityProvider", "documentation":"

    An object that specifies details for the Active Directory identity provider.

    " }, + "Product":{ + "shape":"String", + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " + }, "IdentityProviderArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that identifies the identity provider to deregister.

    " - }, - "Product":{ - "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " } } }, @@ -566,30 +583,30 @@ }, "Directory":{ "type":"string", - "pattern":"^(d|sd)-[0-9a-f]{10}$" + "pattern":"(d|sd)-[0-9a-f]{10}" }, "DisassociateUserRequest":{ "type":"structure", "members":{ - "Domain":{ + "Username":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains information for the user to disassociate.

    " - }, - "IdentityProvider":{ - "shape":"IdentityProvider", - "documentation":"

    An object that specifies details for the Active Directory identity provider.

    " + "documentation":"

    The user name from the Active Directory identity provider for the user.

    " }, "InstanceId":{ "shape":"String", "documentation":"

    The ID of the EC2 instance which provides user-based subscriptions.

    " }, + "IdentityProvider":{ + "shape":"IdentityProvider", + "documentation":"

    An object that specifies details for the Active Directory identity provider.

    " + }, "InstanceUserArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the user to disassociate from the EC2 instance.

    " }, - "Username":{ + "Domain":{ "shape":"String", - "documentation":"

    The user name from the Active Directory identity provider for the user.

    " + "documentation":"

    The domain name of the Active Directory that contains information for the user to disassociate.

    " } } }, @@ -656,34 +673,38 @@ "type":"structure", "required":[ "IdentityProvider", - "Product", "Settings", + "Product", "Status" ], "members":{ - "FailureMessage":{ - "shape":"String", - "documentation":"

    The failure message associated with an identity provider.

    " - }, "IdentityProvider":{ "shape":"IdentityProvider", "documentation":"

    The IdentityProvider resource contains information about an identity provider.

    " }, - "IdentityProviderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the identity provider.

    " + "Settings":{ + "shape":"Settings", + "documentation":"

    The Settings resource contains details about the registered identity provider’s product related configuration settings, such as the subnets to provision VPC endpoints.

    " }, "Product":{ "shape":"String", "documentation":"

    The name of the user-based subscription product.

    " }, - "Settings":{ - "shape":"Settings", - "documentation":"

    The Settings resource contains details about the registered identity provider’s product related configuration settings, such as the subnets to provision VPC endpoints.

    " - }, "Status":{ "shape":"String", "documentation":"

    The status of the identity provider.

    " + }, + "IdentityProviderArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the identity provider.

    " + }, + "FailureMessage":{ + "shape":"String", + "documentation":"

    The failure message associated with an identity provider.

    " + }, + "OwnerAccountId":{ + "shape":"String", + "documentation":"

    The AWS Account ID of the owner of this resource.

    " } }, "documentation":"

    Describes an identity provider.

    " @@ -696,29 +717,37 @@ "type":"structure", "required":[ "InstanceId", - "Products", - "Status" + "Status", + "Products" ], "members":{ "InstanceId":{ "shape":"String", "documentation":"

    The ID of the EC2 instance, which provides user-based subscriptions.

    " }, - "LastStatusCheckDate":{ + "Status":{ "shape":"String", - "documentation":"

    The date of the last status check.

    " + "documentation":"

    The status of an EC2 instance resource.

    " }, "Products":{ "shape":"StringList", "documentation":"

    A list of provided user-based subscription products.

    " }, - "Status":{ + "LastStatusCheckDate":{ "shape":"String", - "documentation":"

    The status of an EC2 instance resource.

    " + "documentation":"

    The date of the last status check.

    " }, "StatusMessage":{ "shape":"String", "documentation":"

    The status message for an EC2 instance.

    " + }, + "OwnerAccountId":{ + "shape":"String", + "documentation":"

    The AWS Account ID of the owner of this resource.

    " + }, + "IdentityProvider":{ + "shape":"IdentityProvider", + "documentation":"

    The IdentityProvider resource specifies details about the identity provider.

    " } }, "documentation":"

    Describes an EC2 instance providing user-based subscriptions.

    " @@ -730,47 +759,47 @@ "InstanceUserSummary":{ "type":"structure", "required":[ - "IdentityProvider", + "Username", "InstanceId", - "Status", - "Username" + "IdentityProvider", + "Status" ], "members":{ - "AssociationDate":{ - "shape":"String", - "documentation":"

    The date a user was associated with an EC2 instance.

    " - }, - "DisassociationDate":{ + "Username":{ "shape":"String", - "documentation":"

    The date a user was disassociated from an EC2 instance.

    " + "documentation":"

    The user name from the identity provider for the user.

    " }, - "Domain":{ + "InstanceId":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains the user information for the product subscription.

    " + "documentation":"

    The ID of the EC2 instance that provides user-based subscriptions.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", "documentation":"

    The IdentityProvider resource specifies details about the identity provider.

    " }, - "InstanceId":{ + "Status":{ "shape":"String", - "documentation":"

    The ID of the EC2 instance that provides user-based subscriptions.

    " + "documentation":"

    The status of a user associated with an EC2 instance.

    " }, "InstanceUserArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that identifies the instance user.

    " }, - "Status":{ - "shape":"String", - "documentation":"

    The status of a user associated with an EC2 instance.

    " - }, "StatusMessage":{ "shape":"String", "documentation":"

    The status message for users of an EC2 instance.

    " }, - "Username":{ + "Domain":{ "shape":"String", - "documentation":"

    The user name from the identity provider for the user.

    " + "documentation":"

    The domain name of the Active Directory that contains the user information for the product subscription.

    " + }, + "AssociationDate":{ + "shape":"String", + "documentation":"

    The date a user was associated with an EC2 instance.

    " + }, + "DisassociationDate":{ + "shape":"String", + "documentation":"

    The date a user was disassociated from an EC2 instance.

    " } }, "documentation":"

    Describes users of an EC2 instance providing user-based subscriptions.

    " @@ -791,11 +820,19 @@ }, "IpV4":{ "type":"string", - "pattern":"^(?:(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\.(?!$)|$)){4}$" + "pattern":"(?:(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\.(?!$)|$)){4}" + }, + "IpV6":{ + "type":"string", + "pattern":"([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|::[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}" }, "LicenseServer":{ "type":"structure", "members":{ + "ProvisioningStatus":{ + "shape":"LicenseServerEndpointProvisioningStatus", + "documentation":"

    The current state of the provisioning process for the RDS license server.

    " + }, "HealthStatus":{ "shape":"LicenseServerHealthStatus", "documentation":"

    The health status of the RDS license server.

    " @@ -804,9 +841,9 @@ "shape":"String", "documentation":"

    A list of domain IPv4 addresses that are used for the RDS license server.

    " }, - "ProvisioningStatus":{ - "shape":"LicenseServerEndpointProvisioningStatus", - "documentation":"

    The current state of the provisioning process for the RDS license server.

    " + "Ipv6Address":{ + "shape":"String", + "documentation":"

    A list of domain IPv6 addresses that are used for the RDS license server.

    " } }, "documentation":"

    Information about a Remote Desktop Services (RDS) license server.

    " @@ -814,22 +851,30 @@ "LicenseServerEndpoint":{ "type":"structure", "members":{ - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The timestamp when License Manager created the license server endpoint.

    " - }, "IdentityProviderArn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the identity provider that's associated with the RDS license server endpoint.

    " }, - "LicenseServerEndpointArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the ServerEndpoint resource for the RDS license server.

    " + "ServerType":{ + "shape":"ServerType", + "documentation":"

    The type of license server.

    " + }, + "ServerEndpoint":{ + "shape":"ServerEndpoint", + "documentation":"

    The ServerEndpoint resource contains the network address of the RDS license server endpoint.

    " + }, + "StatusMessage":{ + "shape":"String", + "documentation":"

    The message associated with the provisioning status, if there is one.

    " }, "LicenseServerEndpointId":{ "shape":"LicenseServerEndpointId", "documentation":"

    The ID of the license server endpoint.

    " }, + "LicenseServerEndpointArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the ServerEndpoint resource for the RDS license server.

    " + }, "LicenseServerEndpointProvisioningStatus":{ "shape":"LicenseServerEndpointProvisioningStatus", "documentation":"

    The current state of the provisioning process for the RDS license server endpoint

    " @@ -838,17 +883,9 @@ "shape":"LicenseServerList", "documentation":"

    An array of LicenseServer resources that represent the license servers that are accessed through this endpoint.

    " }, - "ServerEndpoint":{ - "shape":"ServerEndpoint", - "documentation":"

    The ServerEndpoint resource contains the network address of the RDS license server endpoint.

    " - }, - "ServerType":{ - "shape":"ServerType", - "documentation":"

    The type of license server.

    " - }, - "StatusMessage":{ - "shape":"String", - "documentation":"

    The message associated with the provisioning status, if there is one.

    " + "CreationTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when License Manager created the license server endpoint.

    " } }, "documentation":"

    Contains details about a network endpoint for a Remote Desktop Services (RDS) license server.

    " @@ -884,17 +921,17 @@ "LicenseServerSettings":{ "type":"structure", "required":[ - "ServerSettings", - "ServerType" + "ServerType", + "ServerSettings" ], "members":{ - "ServerSettings":{ - "shape":"ServerSettings", - "documentation":"

    The ServerSettings resource contains the settings for your server.

    " - }, "ServerType":{ "shape":"ServerType", "documentation":"

    The type of license server.

    " + }, + "ServerSettings":{ + "shape":"ServerSettings", + "documentation":"

    The ServerSettings resource contains the settings for your server.

    " } }, "documentation":"

    The settings to configure your license server.

    " @@ -902,14 +939,14 @@ "ListIdentityProvidersRequest":{ "type":"structure", "members":{ - "Filters":{ - "shape":"FilterList", - "documentation":"

    You can use the following filters to streamline results:

    • Product

    • DirectoryId

    " - }, "MaxResults":{ "shape":"BoxInteger", "documentation":"

    The maximum number of results to return from a single request.

    " }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    You can use the following filters to streamline results:

    • Product

    • DirectoryId

    " + }, "NextToken":{ "shape":"String", "documentation":"

    A token to specify where to start paginating. This is the nextToken from a previously truncated response.

    " @@ -933,10 +970,6 @@ "ListInstancesRequest":{ "type":"structure", "members":{ - "Filters":{ - "shape":"FilterList", - "documentation":"

    You can use the following filters to streamline results:

    • Status

    • InstanceId

    " - }, "MaxResults":{ "shape":"BoxInteger", "documentation":"

    The maximum number of results to return from a single request.

    " @@ -944,6 +977,10 @@ "NextToken":{ "shape":"String", "documentation":"

    A token to specify where to start paginating. This is the nextToken from a previously truncated response.

    " + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    You can use the following filters to streamline results:

    • Status

    • InstanceId

    " } } }, @@ -963,14 +1000,14 @@ "ListLicenseServerEndpointsRequest":{ "type":"structure", "members":{ - "Filters":{ - "shape":"FilterList", - "documentation":"

    You can use the following filters to streamline results:

    • IdentityProviderArn

    " - }, "MaxResults":{ "shape":"ListLicenseServerEndpointsRequestMaxResultsInteger", "documentation":"

    The maximum number of results to return from a single request.

    " }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    You can use the following filters to streamline results:

    • IdentityProviderArn

    " + }, "NextToken":{ "shape":"String", "documentation":"

    A token to specify where to start paginating. This is the nextToken from a previously truncated response.

    " @@ -1000,9 +1037,9 @@ "type":"structure", "required":["IdentityProvider"], "members":{ - "Filters":{ - "shape":"FilterList", - "documentation":"

    You can use the following filters to streamline results:

    • Status

    • Username

    • Domain

    " + "Product":{ + "shape":"String", + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " }, "IdentityProvider":{ "shape":"IdentityProvider", @@ -1012,26 +1049,26 @@ "shape":"BoxInteger", "documentation":"

    The maximum number of results to return from a single request.

    " }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    You can use the following filters to streamline results:

    • Status

    • Username

    • Domain

    " + }, "NextToken":{ "shape":"String", "documentation":"

    A token to specify where to start paginating. This is the nextToken from a previously truncated response.

    " - }, - "Product":{ - "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " } } }, "ListProductSubscriptionsResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    The next token used for paginated responses. When this field isn't empty, there are additional elements that the service hasn't included in this request. Use this token with the next request to retrieve additional objects.

    " - }, "ProductUserSummaries":{ "shape":"ProductUserSummaryList", "documentation":"

    Metadata that describes the list product subscriptions operation.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The next token used for paginated responses. When this field isn't empty, there are additional elements that the service hasn't included in this request. Use this token with the next request to retrieve additional objects.

    " } } }, @@ -1059,26 +1096,26 @@ "ListUserAssociationsRequest":{ "type":"structure", "required":[ - "IdentityProvider", - "InstanceId" + "InstanceId", + "IdentityProvider" ], "members":{ - "Filters":{ - "shape":"FilterList", - "documentation":"

    You can use the following filters to streamline results:

    • Status

    • Username

    • Domain

    " + "InstanceId":{ + "shape":"String", + "documentation":"

    The ID of the EC2 instance, which provides user-based subscriptions.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", "documentation":"

    An object that specifies details for the identity provider.

    " }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The ID of the EC2 instance, which provides user-based subscriptions.

    " - }, "MaxResults":{ "shape":"BoxInteger", "documentation":"

    The maximum number of results to return from a single request.

    " }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    You can use the following filters to streamline results:

    • Status

    • Username

    • Domain

    " + }, "NextToken":{ "shape":"String", "documentation":"

    A token to specify where to start paginating. This is the nextToken from a previously truncated response.

    " @@ -1101,47 +1138,47 @@ "ProductUserSummary":{ "type":"structure", "required":[ - "IdentityProvider", + "Username", "Product", - "Status", - "Username" + "IdentityProvider", + "Status" ], "members":{ - "Domain":{ + "Username":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains the user information for the product subscription.

    " + "documentation":"

    The user name from the identity provider for this product user.

    " + }, + "Product":{ + "shape":"String", + "documentation":"

    The name of the user-based subscription product.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", "documentation":"

    An object that specifies details for the identity provider.

    " }, - "Product":{ + "Status":{ "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    " + "documentation":"

    The status of a product for this user.

    " }, "ProductUserArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) for this product user.

    " }, - "Status":{ - "shape":"String", - "documentation":"

    The status of a product for this user.

    " - }, "StatusMessage":{ "shape":"String", "documentation":"

    The status message for a product for this user.

    " }, - "SubscriptionEndDate":{ + "Domain":{ "shape":"String", - "documentation":"

    The end date of a subscription.

    " + "documentation":"

    The domain name of the Active Directory that contains the user information for the product subscription.

    " }, "SubscriptionStartDate":{ "shape":"String", "documentation":"

    The start date of a subscription.

    " }, - "Username":{ + "SubscriptionEndDate":{ "shape":"String", - "documentation":"

    The user name from the identity provider for this product user.

    " + "documentation":"

    The end date of a subscription.

    " } }, "documentation":"

    A summary of the user-based subscription products for a specific user.

    " @@ -1174,7 +1211,7 @@ }, "Product":{ "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " }, "Settings":{ "shape":"Settings", @@ -1198,7 +1235,7 @@ }, "ResourceArn":{ "type":"string", - "pattern":"^arn:([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,510})/([a-z0-9-\\.]{1,510})$" + "pattern":"arn:([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,63}):([a-z0-9-\\.]{1,510})/([a-z0-9-\\.]{1,510})" }, "ResourceNotFoundException":{ "type":"structure", @@ -1230,7 +1267,7 @@ "type":"string", "max":200, "min":5, - "pattern":"^sg-(([0-9a-z]{8})|([0-9a-z]{17}))$" + "pattern":"sg-(([0-9a-z]{8})|([0-9a-z]{17}))" }, "ServerEndpoint":{ "type":"structure", @@ -1268,17 +1305,17 @@ "Settings":{ "type":"structure", "required":[ - "SecurityGroupId", - "Subnets" + "Subnets", + "SecurityGroupId" ], "members":{ - "SecurityGroupId":{ - "shape":"SecurityGroup", - "documentation":"

    A security group ID that allows inbound TCP port 1688 communication between resources in your VPC and the VPC endpoint for activation servers.

    " - }, "Subnets":{ "shape":"SettingsSubnetsList", "documentation":"

    The subnets defined for the registered identity provider.

    " + }, + "SecurityGroupId":{ + "shape":"SecurityGroup", + "documentation":"

    A security group ID that allows inbound TCP port 1688 communication between resources in your VPC and the VPC endpoint for activation servers.

    " } }, "documentation":"

    The registered identity provider’s product related configuration settings such as the subnets to provision VPC endpoints, and the security group ID that is associated with the VPC endpoints. The security group should permit inbound TCP port 1688 communication from resources in the VPC.

    " @@ -1291,14 +1328,14 @@ "StartProductSubscriptionRequest":{ "type":"structure", "required":[ + "Username", "IdentityProvider", - "Product", - "Username" + "Product" ], "members":{ - "Domain":{ + "Username":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains the user for whom to start the product subscription.

    " + "documentation":"

    The user name from the identity provider of the user.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", @@ -1306,15 +1343,15 @@ }, "Product":{ "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " + }, + "Domain":{ + "shape":"String", + "documentation":"

    The domain name of the Active Directory that contains the user for whom to start the product subscription.

    " }, "Tags":{ "shape":"Tags", "documentation":"

    The tags that apply to the product subscription.

    " - }, - "Username":{ - "shape":"String", - "documentation":"

    The user name from the identity provider of the user.

    " } } }, @@ -1331,9 +1368,9 @@ "StopProductSubscriptionRequest":{ "type":"structure", "members":{ - "Domain":{ + "Username":{ "shape":"String", - "documentation":"

    The domain name of the Active Directory that contains the user for whom to stop the product subscription.

    " + "documentation":"

    The user name from the identity provider for the user.

    " }, "IdentityProvider":{ "shape":"IdentityProvider", @@ -1341,15 +1378,15 @@ }, "Product":{ "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " }, "ProductUserArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the product user.

    " }, - "Username":{ + "Domain":{ "shape":"String", - "documentation":"

    The user name from the identity provider for the user.

    " + "documentation":"

    The domain name of the Active Directory that contains the user for whom to stop the product subscription.

    " } } }, @@ -1370,7 +1407,7 @@ }, "Subnet":{ "type":"string", - "pattern":"^subnet-[a-z0-9]{8,17}" + "pattern":"subnet-[a-z0-9]{8,17}.*" }, "Subnets":{ "type":"list", @@ -1404,8 +1441,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Tags":{ "type":"map", @@ -1447,22 +1483,21 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIdentityProviderSettingsRequest":{ "type":"structure", "required":["UpdateSettings"], "members":{ "IdentityProvider":{"shape":"IdentityProvider"}, + "Product":{ + "shape":"String", + "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS | REMOTE_DESKTOP_SERVICES

    " + }, "IdentityProviderArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the identity provider to update.

    " }, - "Product":{ - "shape":"String", - "documentation":"

    The name of the user-based subscription product.

    Valid values: VISUAL_STUDIO_ENTERPRISE | VISUAL_STUDIO_PROFESSIONAL | OFFICE_PROFESSIONAL_PLUS

    " - }, "UpdateSettings":{ "shape":"UpdateSettings", "documentation":"

    Updates the registered identity provider’s product related configuration settings. You can update any combination of settings in a single operation such as the:

    • Subnets which you want to add to provision VPC endpoints.

    • Subnets which you want to remove the VPC endpoints from.

    • Security group ID which permits traffic to the VPC endpoints.

    " diff -pruN 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/waiters-2.json 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/waiters-2.json --- 2.23.6-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/license-manager-user-subscriptions/2018-05-10/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/lightsail/2016-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lightsail/2016-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lightsail/2016-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lightsail/2016-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lightsail/2016-11-28/service-2.json 2.31.35-1/awscli/botocore/data/lightsail/2016-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/lightsail/2016-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lightsail/2016-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Allocates a static IP address.

    " @@ -66,9 +67,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Attaches a block storage disk to a running or stopped Lightsail instance and exposes it to the instance with the specified disk name.

    The attach disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Attaches a block storage disk to a running or stopped Lightsail instance and exposes it to the instance with the specified disk name.

    The attach disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "AttachInstancesToLoadBalancer":{ "name":"AttachInstancesToLoadBalancer", @@ -85,9 +87,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Attaches one or more Lightsail instances to a load balancer.

    After some time, the instances are attached to the load balancer and the health check status is available.

    The attach instances to load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Lightsail Developer Guide.

    " + "documentation":"

    Attaches one or more Lightsail instances to a load balancer.

    After some time, the instances are attached to the load balancer and the health check status is available.

    The attach instances to load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Lightsail Developer Guide.

    " }, "AttachLoadBalancerTlsCertificate":{ "name":"AttachLoadBalancerTlsCertificate", @@ -104,9 +107,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Attaches a Transport Layer Security (TLS) certificate to your load balancer. TLS is just an updated, more secure version of Secure Socket Layer (SSL).

    Once you create and validate your certificate, you can attach it to your load balancer. You can also use this API to rotate the certificates on your account. Use the AttachLoadBalancerTlsCertificate action with the non-attached certificate, and it will replace the existing one and become the attached certificate.

    The AttachLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Attaches a Transport Layer Security (TLS) certificate to your load balancer. TLS is just an updated, more secure version of Secure Socket Layer (SSL).

    Once you create and validate your certificate, you can attach it to your load balancer. You can also use this API to rotate the certificates on your account. Use the AttachLoadBalancerTlsCertificate action with the non-attached certificate, and it will replace the existing one and become the attached certificate.

    The AttachLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "AttachStaticIp":{ "name":"AttachStaticIp", @@ -123,6 +127,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Attaches a static IP address to a specific Amazon Lightsail instance.

    " @@ -142,9 +147,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Closes ports for a specific Amazon Lightsail instance.

    The CloseInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Closes ports for a specific Amazon Lightsail instance.

    The CloseInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CopySnapshot":{ "name":"CopySnapshot", @@ -161,6 +167,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Copies a manual snapshot of an instance or disk as another manual snapshot, or copies an automatic snapshot of an instance or disk as a manual snapshot. This operation can also be used to copy a manual or automatic snapshot of an instance or a disk from one Amazon Web Services Region to another in Amazon Lightsail.

    When copying a manual snapshot, be sure to define the source region, source snapshot name, and target snapshot name parameters.

    When copying an automatic snapshot, be sure to define the source region, source resource name, target snapshot name, and either the restore date or the use latest restorable auto snapshot parameters.

    " @@ -177,9 +184,10 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates an Amazon Lightsail bucket.

    A bucket is a cloud storage resource available in the Lightsail object storage service. Use buckets to store objects such as data and its descriptive metadata. For more information about buckets, see Buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates an Amazon Lightsail bucket.

    A bucket is a cloud storage resource available in the Lightsail object storage service. Use buckets to store objects such as data and its descriptive metadata. For more information about buckets, see Buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "CreateBucketAccessKey":{ "name":"CreateBucketAccessKey", @@ -194,9 +202,10 @@ {"shape":"NotFoundException"}, {"shape":"InvalidInputException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates a new access key for the specified Amazon Lightsail bucket. Access keys consist of an access key ID and corresponding secret access key.

    Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the GetBucketAccessKeys action to get a list of current access keys for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

    " + "documentation":"

    Creates a new access key for the specified Amazon Lightsail bucket. Access keys consist of an access key ID and corresponding secret access key.

    Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the GetBucketAccessKeys action to get a list of current access keys for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

    " }, "CreateCertificate":{ "name":"CreateCertificate", @@ -211,7 +220,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Creates an SSL/TLS certificate for an Amazon Lightsail content delivery network (CDN) distribution and a container service.

    After the certificate is valid, use the AttachCertificateToDistribution action to use the certificate and its domains with your distribution. Or use the UpdateContainerService action to use the certificate and its domains with your container service.

    Only certificates created in the us-east-1 Amazon Web Services Region can be attached to Lightsail distributions. Lightsail distributions are global resources that can reference an origin in any Amazon Web Services Region, and distribute its content globally. However, all distributions are located in the us-east-1 Region.

    " }, @@ -230,6 +240,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Creates an AWS CloudFormation stack, which creates a new Amazon EC2 instance from an exported Amazon Lightsail snapshot. This operation results in a CloudFormation stack record that can be used to track the AWS CloudFormation stack created. Use the get cloud formation stack records operation to get a list of the CloudFormation stacks created.

    Wait until after your new Amazon EC2 instance is created before running the create cloud formation stack operation again with the same export snapshot record.

    " @@ -248,9 +259,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates an email or SMS text message contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " + "documentation":"

    Creates an email or SMS text message contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " }, "CreateContainerService":{ "name":"CreateContainerService", @@ -265,9 +277,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates an Amazon Lightsail container service.

    A Lightsail container service is a compute resource to which you can deploy containers. For more information, see Container services in Amazon Lightsail in the Lightsail Dev Guide.

    " + "documentation":"

    Creates an Amazon Lightsail container service.

    A Lightsail container service is a compute resource to which you can deploy containers. For more information, see Container services in Amazon Lightsail in the Lightsail Dev Guide.

    " }, "CreateContainerServiceDeployment":{ "name":"CreateContainerServiceDeployment", @@ -282,9 +295,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates a deployment for your Amazon Lightsail container service.

    A deployment specifies the containers that will be launched on the container service and their settings, such as the ports to open, the environment variables to apply, and the launch command to run. It also specifies the container that will serve as the public endpoint of the deployment and its settings, such as the HTTP or HTTPS port to use, and the health check configuration.

    You can deploy containers to your container service using container images from a public registry such as Amazon ECR Public, or from your local machine. For more information, see Creating container images for your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a deployment for your Amazon Lightsail container service.

    A deployment specifies the containers that will be launched on the container service and their settings, such as the ports to open, the environment variables to apply, and the launch command to run. It also specifies the container that will serve as the public endpoint of the deployment and its settings, such as the HTTP or HTTPS port to use, and the health check configuration.

    You can deploy containers to your container service using container images from a public registry such as Amazon ECR Public, or from your local machine. For more information, see Creating container images for your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " }, "CreateContainerServiceRegistryLogin":{ "name":"CreateContainerServiceRegistryLogin", @@ -299,9 +313,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates a temporary set of log in credentials that you can use to log in to the Docker process on your local machine. After you're logged in, you can use the native Docker commands to push your local container images to the container image registry of your Amazon Lightsail account so that you can use them with your Lightsail container service. The log in credentials expire 12 hours after they are created, at which point you will need to create a new set of log in credentials.

    You can only push container images to the container service registry of your Lightsail account. You cannot pull container images or perform any other container image management actions on the container service registry.

    After you push your container images to the container image registry of your Lightsail account, use the RegisterContainerImage action to register the pushed images to a specific Lightsail container service.

    This action is not required if you install and use the Lightsail Control (lightsailctl) plugin to push container images to your Lightsail container service. For more information, see Pushing and managing container images on your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a temporary set of log in credentials that you can use to log in to the Docker process on your local machine. After you're logged in, you can use the native Docker commands to push your local container images to the container image registry of your Amazon Lightsail account so that you can use them with your Lightsail container service. The log in credentials expire 12 hours after they are created, at which point you will need to create a new set of log in credentials.

    You can only push container images to the container service registry of your Lightsail account. You cannot pull container images or perform any other container image management actions on the container service registry.

    After you push your container images to the container image registry of your Lightsail account, use the RegisterContainerImage action to register the pushed images to a specific Lightsail container service.

    This action is not required if you install and use the Lightsail Control (lightsailctl) plugin to push container images to your Lightsail container service. For more information, see Pushing and managing container images on your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " }, "CreateDisk":{ "name":"CreateDisk", @@ -318,9 +333,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a block storage disk that can be attached to an Amazon Lightsail instance in the same Availability Zone (us-east-2a).

    The create disk operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a block storage disk that can be attached to an Amazon Lightsail instance in the same Availability Zone (us-east-2a).

    The create disk operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateDiskFromSnapshot":{ "name":"CreateDiskFromSnapshot", @@ -337,9 +353,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a block storage disk from a manual or automatic snapshot of a disk. The resulting disk can be attached to an Amazon Lightsail instance in the same Availability Zone (us-east-2a).

    The create disk from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by disk snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a block storage disk from a manual or automatic snapshot of a disk. The resulting disk can be attached to an Amazon Lightsail instance in the same Availability Zone (us-east-2a).

    The create disk from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by disk snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateDiskSnapshot":{ "name":"CreateDiskSnapshot", @@ -356,9 +373,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a snapshot of a block storage disk. You can use snapshots for backups, to make copies of disks, and to save data before shutting down a Lightsail instance.

    You can take a snapshot of an attached disk that is in use; however, snapshots only capture data that has been written to your disk at the time the snapshot command is issued. This may exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the disk long enough to take a snapshot, your snapshot should be complete. Nevertheless, if you cannot pause all file writes to the disk, you should unmount the disk from within the Lightsail instance, issue the create disk snapshot command, and then remount the disk to ensure a consistent and complete snapshot. You may remount and use your disk while the snapshot status is pending.

    You can also use this operation to create a snapshot of an instance's system volume. You might want to do this, for example, to recover data from the system volume of a botched instance or to create a backup of the system volume like you would for a block storage disk. To create a snapshot of a system volume, just define the instance name parameter when issuing the snapshot command, and a snapshot of the defined instance's system volume will be created. After the snapshot is available, you can create a block storage disk from the snapshot and attach it to a running instance to access the data on the disk.

    The create disk snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a snapshot of a block storage disk. You can use snapshots for backups, to make copies of disks, and to save data before shutting down a Lightsail instance.

    You can take a snapshot of an attached disk that is in use; however, snapshots only capture data that has been written to your disk at the time the snapshot command is issued. This may exclude any data that has been cached by any applications or the operating system. If you can pause any file systems on the disk long enough to take a snapshot, your snapshot should be complete. Nevertheless, if you cannot pause all file writes to the disk, you should unmount the disk from within the Lightsail instance, issue the create disk snapshot command, and then remount the disk to ensure a consistent and complete snapshot. You may remount and use your disk while the snapshot status is pending.

    You can also use this operation to create a snapshot of an instance's system volume. You might want to do this, for example, to recover data from the system volume of a botched instance or to create a backup of the system volume like you would for a block storage disk. To create a snapshot of a system volume, just define the instance name parameter when issuing the snapshot command, and a snapshot of the defined instance's system volume will be created. After the snapshot is available, you can create a block storage disk from the snapshot and attach it to a running instance to access the data on the disk.

    The create disk snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateDistribution":{ "name":"CreateDistribution", @@ -376,7 +394,7 @@ {"shape":"AccessDeniedException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates an Amazon Lightsail content delivery network (CDN) distribution.

    A distribution is a globally distributed network of caching servers that improve the performance of your website or web application hosted on a Lightsail instance. For more information, see Content delivery networks in Amazon Lightsail.

    " + "documentation":"

    Creates an Amazon Lightsail content delivery network (CDN) distribution.

    A distribution is a globally distributed network of caching servers that improve the performance of your website or web application hosted on a Lightsail instance. For more information, see Content delivery networks in Amazon Lightsail.

    " }, "CreateDomain":{ "name":"CreateDomain", @@ -393,9 +411,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a domain resource for the specified domain (example.com).

    The create domain operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a domain resource for the specified domain (example.com).

    The create domain operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateDomainEntry":{ "name":"CreateDomainEntry", @@ -412,9 +431,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates one of the following domain name system (DNS) records in a domain DNS zone: Address (A), canonical name (CNAME), mail exchanger (MX), name server (NS), start of authority (SOA), service locator (SRV), or text (TXT).

    The create domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates one of the following domain name system (DNS) records in a domain DNS zone: Address (A), canonical name (CNAME), mail exchanger (MX), name server (NS), start of authority (SOA), service locator (SRV), or text (TXT).

    The create domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateGUISessionAccessDetails":{ "name":"CreateGUISessionAccessDetails", @@ -429,9 +449,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates two URLs that are used to access a virtual computer’s graphical user interface (GUI) session. The primary URL initiates a web-based NICE DCV session to the virtual computer's application. The secondary URL initiates a web-based NICE DCV session to the virtual computer's operating session.

    Use StartGUISession to open the session.

    " + "documentation":"

    Creates two URLs that are used to access a virtual computer’s graphical user interface (GUI) session. The primary URL initiates a web-based Amazon DCV session to the virtual computer's application. The secondary URL initiates a web-based Amazon DCV session to the virtual computer's operating session.

    Use StartGUISession to open the session.

    " }, "CreateInstanceSnapshot":{ "name":"CreateInstanceSnapshot", @@ -448,9 +469,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a snapshot of a specific virtual private server, or instance. You can use a snapshot to create a new instance that is based on that snapshot.

    The create instance snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a snapshot of a specific virtual private server, or instance. You can use a snapshot to create a new instance that is based on that snapshot.

    The create instance snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateInstances":{ "name":"CreateInstances", @@ -467,9 +489,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates one or more Amazon Lightsail instances.

    The create instances operation supports tag-based access control via request tags. For more information, see the Lightsail Developer Guide.

    " + "documentation":"

    Creates one or more Amazon Lightsail instances.

    The create instances operation supports tag-based access control via request tags. For more information, see the Lightsail Developer Guide.

    " }, "CreateInstancesFromSnapshot":{ "name":"CreateInstancesFromSnapshot", @@ -486,9 +509,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates one or more new instances from a manual or automatic snapshot of an instance.

    The create instances from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by instance snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates one or more new instances from a manual or automatic snapshot of an instance.

    The create instances from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by instance snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateKeyPair":{ "name":"CreateKeyPair", @@ -505,9 +529,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a custom SSH key pair that you can use with an Amazon Lightsail instance.

    Use the DownloadDefaultKeyPair action to create a Lightsail default key pair in an Amazon Web Services Region where a default key pair does not currently exist.

    The create key pair operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a custom SSH key pair that you can use with an Amazon Lightsail instance.

    Use the DownloadDefaultKeyPair action to create a Lightsail default key pair in an Amazon Web Services Region where a default key pair does not currently exist.

    The create key pair operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateLoadBalancer":{ "name":"CreateLoadBalancer", @@ -524,9 +549,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a Lightsail load balancer. To learn more about deciding whether to load balance your application, see Configure your Lightsail instances for load balancing. You can create up to 5 load balancers per AWS Region in your account.

    When you create a load balancer, you can specify a unique name and port settings. To change additional load balancer settings, use the UpdateLoadBalancerAttribute operation.

    The create load balancer operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a Lightsail load balancer. To learn more about deciding whether to load balance your application, see Configure your Lightsail instances for load balancing. You can create up to 10 load balancers per AWS Region in your account.

    When you create a load balancer, you can specify a unique name and port settings. To change additional load balancer settings, use the UpdateLoadBalancerAttribute operation.

    The create load balancer operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateLoadBalancerTlsCertificate":{ "name":"CreateLoadBalancerTlsCertificate", @@ -543,9 +569,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates an SSL/TLS certificate for an Amazon Lightsail load balancer.

    TLS is just an updated, more secure version of Secure Socket Layer (SSL).

    The CreateLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates an SSL/TLS certificate for an Amazon Lightsail load balancer.

    TLS is just an updated, more secure version of Secure Socket Layer (SSL).

    The CreateLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateRelationalDatabase":{ "name":"CreateRelationalDatabase", @@ -562,9 +589,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a new database in Amazon Lightsail.

    The create relational database operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a new database in Amazon Lightsail.

    The create relational database operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateRelationalDatabaseFromSnapshot":{ "name":"CreateRelationalDatabaseFromSnapshot", @@ -581,9 +609,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a new database from an existing database snapshot in Amazon Lightsail.

    You can create a new database from a snapshot in if something goes wrong with your original database, or to change it to a different plan, such as a high availability or standard plan.

    The create relational database from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by relationalDatabaseSnapshotName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a new database from an existing database snapshot in Amazon Lightsail.

    You can create a new database from a snapshot in if something goes wrong with your original database, or to change it to a different plan, such as a high availability or standard plan.

    The create relational database from snapshot operation supports tag-based access control via request tags and resource tags applied to the resource identified by relationalDatabaseSnapshotName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "CreateRelationalDatabaseSnapshot":{ "name":"CreateRelationalDatabaseSnapshot", @@ -600,9 +629,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Creates a snapshot of your database in Amazon Lightsail. You can use snapshots for backups, to make copies of a database, and to save data before deleting a database.

    The create relational database snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Creates a snapshot of your database in Amazon Lightsail. You can use snapshots for backups, to make copies of a database, and to save data before deleting a database.

    The create relational database snapshot operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteAlarm":{ "name":"DeleteAlarm", @@ -618,9 +648,10 @@ {"shape":"OperationFailureException"}, {"shape":"UnauthenticatedException"}, {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Deletes an alarm.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " + "documentation":"

    Deletes an alarm.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " }, "DeleteAutoSnapshot":{ "name":"DeleteAutoSnapshot", @@ -636,9 +667,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Deletes an automatic snapshot of an instance or disk. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes an automatic snapshot of an instance or disk. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteBucket":{ "name":"DeleteBucket", @@ -653,7 +685,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Deletes a Amazon Lightsail bucket.

    When you delete your bucket, the bucket name is released and can be reused for a new bucket in your account or another Amazon Web Services account.

    " }, @@ -670,9 +703,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Deletes an access key for the specified Amazon Lightsail bucket.

    We recommend that you delete an access key if the secret access key is compromised.

    For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes an access key for the specified Amazon Lightsail bucket.

    We recommend that you delete an access key if the secret access key is compromised.

    For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "DeleteCertificate":{ "name":"DeleteCertificate", @@ -687,7 +721,8 @@ {"shape":"InvalidInputException"}, {"shape":"AccessDeniedException"}, {"shape":"NotFoundException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Deletes an SSL/TLS certificate for your Amazon Lightsail content delivery network (CDN) distribution.

    Certificates that are currently attached to a distribution cannot be deleted. Use the DetachCertificateFromDistribution action to detach a certificate from a distribution.

    " }, @@ -705,9 +740,10 @@ {"shape":"OperationFailureException"}, {"shape":"UnauthenticatedException"}, {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Deletes a contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " + "documentation":"

    Deletes a contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " }, "DeleteContainerImage":{ "name":"DeleteContainerImage", @@ -722,7 +758,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Deletes a container image that is registered to your Amazon Lightsail container service.

    " }, @@ -739,7 +776,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Deletes your Amazon Lightsail container service.

    " }, @@ -758,9 +796,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the specified block storage disk. The disk must be in the available state (not attached to a Lightsail instance).

    The disk may remain in the deleting state for several minutes.

    The delete disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes the specified block storage disk. The disk must be in the available state (not attached to a Lightsail instance).

    The disk may remain in the deleting state for several minutes.

    The delete disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteDiskSnapshot":{ "name":"DeleteDiskSnapshot", @@ -777,9 +816,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the specified disk snapshot.

    When you make periodic snapshots of a disk, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the disk.

    The delete disk snapshot operation supports tag-based access control via resource tags applied to the resource identified by disk snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes the specified disk snapshot.

    When you make periodic snapshots of a disk, the snapshots are incremental, and only the blocks on the device that have changed since your last snapshot are saved in the new snapshot. When you delete a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior snapshots have been deleted, all active snapshots will have access to all the information needed to restore the disk.

    The delete disk snapshot operation supports tag-based access control via resource tags applied to the resource identified by disk snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteDistribution":{ "name":"DeleteDistribution", @@ -814,9 +854,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the specified domain recordset and all of its domain records.

    The delete domain operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes the specified domain recordset and all of its domain records.

    The delete domain operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteDomainEntry":{ "name":"DeleteDomainEntry", @@ -833,9 +874,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes a specific domain entry.

    The delete domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes a specific domain entry.

    The delete domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteInstance":{ "name":"DeleteInstance", @@ -852,9 +894,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes an Amazon Lightsail instance.

    The delete instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes an Amazon Lightsail instance.

    The delete instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteInstanceSnapshot":{ "name":"DeleteInstanceSnapshot", @@ -871,9 +914,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes a specific snapshot of a virtual private server (or instance).

    The delete instance snapshot operation supports tag-based access control via resource tags applied to the resource identified by instance snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes a specific snapshot of a virtual private server (or instance).

    The delete instance snapshot operation supports tag-based access control via resource tags applied to the resource identified by instance snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteKeyPair":{ "name":"DeleteKeyPair", @@ -890,9 +934,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the specified key pair by removing the public key from Amazon Lightsail.

    You can delete key pairs that were created using the ImportKeyPair and CreateKeyPair actions, as well as the Lightsail default key pair. A new default key pair will not be created unless you launch an instance without specifying a custom key pair, or you call the DownloadDefaultKeyPair API.

    The delete key pair operation supports tag-based access control via resource tags applied to the resource identified by key pair name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes the specified key pair by removing the public key from Amazon Lightsail.

    You can delete key pairs that were created using the ImportKeyPair and CreateKeyPair actions, as well as the Lightsail default key pair. A new default key pair will not be created unless you launch an instance without specifying a custom key pair, or you call the DownloadDefaultKeyPair API.

    The delete key pair operation supports tag-based access control via resource tags applied to the resource identified by key pair name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteKnownHostKeys":{ "name":"DeleteKnownHostKeys", @@ -909,9 +954,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the known host key or certificate used by the Amazon Lightsail browser-based SSH or RDP clients to authenticate an instance. This operation enables the Lightsail browser-based SSH or RDP clients to connect to the instance after a host key mismatch.

    Perform this operation only if you were expecting the host key or certificate mismatch or if you are familiar with the new host key or certificate on the instance. For more information, see Troubleshooting connection issues when using the Amazon Lightsail browser-based SSH or RDP client.

    " + "documentation":"

    Deletes the known host key or certificate used by the Amazon Lightsail browser-based SSH or RDP clients to authenticate an instance. This operation enables the Lightsail browser-based SSH or RDP clients to connect to the instance after a host key mismatch.

    Perform this operation only if you were expecting the host key or certificate mismatch or if you are familiar with the new host key or certificate on the instance. For more information, see Troubleshooting connection issues when using the Amazon Lightsail browser-based SSH or RDP client.

    " }, "DeleteLoadBalancer":{ "name":"DeleteLoadBalancer", @@ -928,9 +974,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes a Lightsail load balancer and all its associated SSL/TLS certificates. Once the load balancer is deleted, you will need to create a new load balancer, create a new certificate, and verify domain ownership again.

    The delete load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes a Lightsail load balancer and all its associated SSL/TLS certificates. Once the load balancer is deleted, you will need to create a new load balancer, create a new certificate, and verify domain ownership again.

    The delete load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteLoadBalancerTlsCertificate":{ "name":"DeleteLoadBalancerTlsCertificate", @@ -947,9 +994,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes an SSL/TLS certificate associated with a Lightsail load balancer.

    The DeleteLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes an SSL/TLS certificate associated with a Lightsail load balancer.

    The DeleteLoadBalancerTlsCertificate operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteRelationalDatabase":{ "name":"DeleteRelationalDatabase", @@ -966,9 +1014,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes a database in Amazon Lightsail.

    The delete relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes a database in Amazon Lightsail.

    The delete relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DeleteRelationalDatabaseSnapshot":{ "name":"DeleteRelationalDatabaseSnapshot", @@ -985,9 +1034,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes a database snapshot in Amazon Lightsail.

    The delete relational database snapshot operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes a database snapshot in Amazon Lightsail.

    The delete relational database snapshot operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DetachCertificateFromDistribution":{ "name":"DetachCertificateFromDistribution", @@ -1022,9 +1072,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Detaches a stopped block storage disk from a Lightsail instance. Make sure to unmount any file systems on the device within your operating system before stopping the instance and detaching the disk.

    The detach disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Detaches a stopped block storage disk from a Lightsail instance. Make sure to unmount any file systems on the device within your operating system before stopping the instance and detaching the disk.

    The detach disk operation supports tag-based access control via resource tags applied to the resource identified by disk name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DetachInstancesFromLoadBalancer":{ "name":"DetachInstancesFromLoadBalancer", @@ -1041,9 +1092,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Detaches the specified instances from a Lightsail load balancer.

    This operation waits until the instances are no longer needed before they are detached from the load balancer.

    The detach instances from load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Detaches the specified instances from a Lightsail load balancer.

    This operation waits until the instances are no longer needed before they are detached from the load balancer.

    The detach instances from load balancer operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DetachStaticIp":{ "name":"DetachStaticIp", @@ -1060,6 +1112,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Detaches a static IP from the Amazon Lightsail instance to which it is attached.

    " @@ -1078,9 +1131,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Disables an add-on for an Amazon Lightsail resource. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Disables an add-on for an Amazon Lightsail resource. For more information, see the Amazon Lightsail Developer Guide.

    " }, "DownloadDefaultKeyPair":{ "name":"DownloadDefaultKeyPair", @@ -1097,6 +1151,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Downloads the regional Amazon Lightsail default key pair.

    This action also creates a Lightsail default key pair if a default key pair does not currently exist in the Amazon Web Services Region.

    " @@ -1115,9 +1170,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Enables or modifies an add-on for an Amazon Lightsail resource. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Enables or modifies an add-on for an Amazon Lightsail resource. For more information, see the Amazon Lightsail Developer Guide.

    " }, "ExportSnapshot":{ "name":"ExportSnapshot", @@ -1134,9 +1190,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Exports an Amazon Lightsail instance or block storage disk snapshot to Amazon Elastic Compute Cloud (Amazon EC2). This operation results in an export snapshot record that can be used with the create cloud formation stack operation to create new Amazon EC2 instances.

    Exported instance snapshots appear in Amazon EC2 as Amazon Machine Images (AMIs), and the instance system disk appears as an Amazon Elastic Block Store (Amazon EBS) volume. Exported disk snapshots appear in Amazon EC2 as Amazon EBS volumes. Snapshots are exported to the same Amazon Web Services Region in Amazon EC2 as the source Lightsail snapshot.

    The export snapshot operation supports tag-based access control via resource tags applied to the resource identified by source snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    Use the get instance snapshots or get disk snapshots operations to get a list of snapshots that you can export to Amazon EC2.

    " + "documentation":"

    Exports an Amazon Lightsail instance or block storage disk snapshot to Amazon Elastic Compute Cloud (Amazon EC2). This operation results in an export snapshot record that can be used with the create cloud formation stack operation to create new Amazon EC2 instances.

    Exported instance snapshots appear in Amazon EC2 as Amazon Machine Images (AMIs), and the instance system disk appears as an Amazon Elastic Block Store (Amazon EBS) volume. Exported disk snapshots appear in Amazon EC2 as Amazon EBS volumes. Snapshots are exported to the same Amazon Web Services Region in Amazon EC2 as the source Lightsail snapshot.

    The export snapshot operation supports tag-based access control via resource tags applied to the resource identified by source snapshot name. For more information, see the Amazon Lightsail Developer Guide.

    Use the get instance snapshots or get disk snapshots operations to get a list of snapshots that you can export to Amazon EC2.

    " }, "GetActiveNames":{ "name":"GetActiveNames", @@ -1153,6 +1210,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the names of all active (not deleted) resources.

    " @@ -1171,9 +1229,10 @@ {"shape":"OperationFailureException"}, {"shape":"UnauthenticatedException"}, {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Returns information about the configured alarms. Specify an alarm name in your request to return information about a specific alarm, or specify a monitored resource name to return information about all alarms for a specific resource.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " + "documentation":"

    Returns information about the configured alarms. Specify an alarm name in your request to return information about a specific alarm, or specify a monitored resource name to return information about all alarms for a specific resource.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " }, "GetAutoSnapshots":{ "name":"GetAutoSnapshots", @@ -1189,9 +1248,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Returns the available automatic snapshots for an instance or disk. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Returns the available automatic snapshots for an instance or disk. For more information, see the Amazon Lightsail Developer Guide.

    " }, "GetBlueprints":{ "name":"GetBlueprints", @@ -1208,6 +1268,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the list of available instance images, or blueprints. You can use a blueprint to create a new instance already running a specific operating system, as well as a preinstalled app or development stack. The software each instance is running depends on the blueprint image you choose.

    Use active blueprints when creating new instances. Inactive blueprints are listed to support customers with existing instances and are not necessarily available to create new instances. Blueprints are marked inactive when they become outdated due to operating system updates or new application releases.

    " @@ -1225,7 +1286,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the existing access key IDs for the specified Amazon Lightsail bucket.

    This action does not return the secret access key value of an access key. You can get a secret access key only when you create it from the response of the CreateBucketAccessKey action. If you lose the secret access key, you must create a new access key.

    " }, @@ -1241,7 +1303,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the bundles that you can apply to a Amazon Lightsail bucket.

    The bucket bundle specifies the monthly cost, storage quota, and data transfer quota for a bucket.

    Use the UpdateBucketBundle action to update the bundle for a bucket.

    " }, @@ -1258,7 +1321,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the data points of a specific metric for an Amazon Lightsail bucket.

    Metrics report the utilization of a bucket. View and collect metric data regularly to monitor the number of objects stored in a bucket (including object versions) and the storage space used by those objects.

    " }, @@ -1275,9 +1339,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Returns information about one or more Amazon Lightsail buckets. The information returned includes the synchronization status of the Amazon Simple Storage Service (Amazon S3) account-level block public access feature for your Lightsail buckets.

    For more information about buckets, see Buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Returns information about one or more Amazon Lightsail buckets. The information returned includes the synchronization status of the Amazon Simple Storage Service (Amazon S3) account-level block public access feature for your Lightsail buckets.

    For more information about buckets, see Buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "GetBundles":{ "name":"GetBundles", @@ -1294,6 +1359,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the bundles that you can apply to an Amazon Lightsail instance when you create it.

    A bundle describes the specifications of an instance, such as the monthly cost, amount of memory, the number of vCPUs, amount of storage space, and monthly network data transfer quota.

    Bundles are referred to as instance plans in the Lightsail console.

    " @@ -1311,7 +1377,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns information about one or more Amazon Lightsail SSL/TLS certificates.

    To get a summary of a certificate, omit includeCertificateDetails from your request. The response will include only the certificate Amazon Resource Name (ARN), certificate name, domain name, and tags.

    " }, @@ -1330,6 +1397,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the CloudFormation stack record created as a result of the create cloud formation stack operation.

    An AWS CloudFormation stack is used to create a new Amazon EC2 instance from an exported Lightsail snapshot.

    " @@ -1348,9 +1416,10 @@ {"shape":"NotFoundException"}, {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Returns information about the configured contact methods. Specify a protocol in your request to return information about a specific contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " + "documentation":"

    Returns information about the configured contact methods. Specify a protocol in your request to return information about a specific contact method.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    " }, "GetContainerAPIMetadata":{ "name":"GetContainerAPIMetadata", @@ -1363,7 +1432,8 @@ "errors":[ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns information about Amazon Lightsail containers, such as the current version of the Lightsail Control (lightsailctl) plugin.

    " }, @@ -1380,7 +1450,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the container images that are registered to your Amazon Lightsail container service.

    If you created a deployment on your Lightsail container service that uses container images from a public registry like Docker Hub, those images are not returned as part of this action. Those images are not registered to your Lightsail container service.

    " }, @@ -1397,7 +1468,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the log events of a container of your Amazon Lightsail container service.

    If your container service has more than one node (i.e., a scale greater than 1), then the log events that are returned for the specified container are merged from all nodes on your container service.

    Container logs are retained for a certain amount of time. For more information, see Amazon Lightsail endpoints and quotas in the Amazon Web Services General Reference.

    " }, @@ -1414,7 +1486,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the deployments for your Amazon Lightsail container service

    A deployment specifies the settings, such as the ports and launch command, of containers that are deployed to your container service.

    The deployments are ordered by version in ascending order. The newest version is listed at the top of the response.

    A set number of deployments are kept before the oldest one is replaced with the newest one. For more information, see Amazon Lightsail endpoints and quotas in the Amazon Web Services General Reference.

    " }, @@ -1431,7 +1504,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the data points of a specific metric of your Amazon Lightsail container service.

    Metrics report the utilization of your resources. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.

    " }, @@ -1448,7 +1522,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns the list of powers that can be specified for your Amazon Lightsail container services.

    The power specifies the amount of memory, the number of vCPUs, and the base price of the container service.

    " }, @@ -1465,7 +1540,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns information about one or more of your Amazon Lightsail container services.

    " }, @@ -1482,7 +1558,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Retrieves information about the cost estimate for a specified resource. A cost estimate will not generate for a resource that has been deleted.

    " }, @@ -1501,6 +1578,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific block storage disk.

    " @@ -1520,6 +1598,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific block storage disk snapshot.

    " @@ -1539,6 +1618,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all block storage disk snapshots in your AWS account and region.

    " @@ -1558,6 +1638,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all block storage disks in your AWS account and region.

    " @@ -1649,6 +1730,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific domain recordset.

    " @@ -1668,6 +1750,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of all domains in the user's account.

    " @@ -1687,6 +1770,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns all export snapshot records created as a result of the export snapshot operation.

    An export snapshot record can be used to create a new Amazon EC2 instance and its related resources with the CreateCloudFormationStack action.

    " @@ -1706,6 +1790,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific Amazon Lightsail instance, which is a virtual private server.

    " @@ -1725,9 +1810,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Returns temporary SSH keys you can use to connect to a specific virtual private server, or instance.

    The get instance access details operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Returns temporary SSH keys you can use to connect to a specific virtual private server, or instance.

    The get instance access details operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "GetInstanceMetricData":{ "name":"GetInstanceMetricData", @@ -1744,6 +1830,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the data points for the specified Amazon Lightsail instance metric, given an instance name.

    Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.

    " @@ -1763,6 +1850,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the firewall port states for a specific Amazon Lightsail instance, the IP addresses allowed to connect to the instance through the ports, and the protocol.

    " @@ -1782,6 +1870,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific instance snapshot.

    " @@ -1801,6 +1890,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns all instance snapshots for the user's account.

    " @@ -1820,6 +1910,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the state of a specific instance. Works on one instance at a time.

    " @@ -1839,6 +1930,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all Amazon Lightsail virtual private servers, or instances.

    " @@ -1858,6 +1950,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific key pair.

    " @@ -1877,6 +1970,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all key pairs in the user's account.

    " @@ -1896,6 +1990,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about the specified Lightsail load balancer.

    " @@ -1915,6 +2010,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about health metrics for your Lightsail load balancer.

    Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.

    " @@ -1934,6 +2030,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about the TLS certificates that are associated with the specified Lightsail load balancer.

    TLS is just an updated, more secure version of Secure Socket Layer (SSL).

    You can have a maximum of 2 certificates associated with a Lightsail load balancer. One is active and the other is inactive.

    " @@ -1950,10 +2047,11 @@ {"shape":"ServiceException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    Returns a list of TLS security policies that you can apply to Lightsail load balancers.

    For more information about load balancer TLS security policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Returns a list of TLS security policies that you can apply to Lightsail load balancers.

    For more information about load balancer TLS security policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " }, "GetLoadBalancers":{ "name":"GetLoadBalancers", @@ -1970,6 +2068,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all load balancers in an account.

    " @@ -1989,6 +2088,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific operation. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on.

    " @@ -2008,6 +2108,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all operations.

    Results are returned from oldest to newest, up to a maximum of 200. Results can be paged by making each subsequent call to GetOperations use the maximum (last) statusChangedAt value from the previous request.

    " @@ -2027,6 +2128,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Gets operations for a specific resource (an instance or a static IP).

    " @@ -2046,6 +2148,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of all valid regions for Amazon Lightsail. Use the include availability zones parameter to also return the Availability Zones in a region.

    " @@ -2065,6 +2168,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific database in Amazon Lightsail.

    " @@ -2084,6 +2188,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of available database blueprints in Amazon Lightsail. A blueprint describes the major engine version of a database.

    You can use a blueprint ID to create a new database that runs a specific database engine.

    " @@ -2103,6 +2208,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the list of bundles that are available in Amazon Lightsail. A bundle describes the performance specifications for a database.

    You can use a bundle ID to create a new database with explicit performance specifications.

    " @@ -2122,6 +2228,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of events for a specific database in Amazon Lightsail.

    " @@ -2141,6 +2248,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of log events for a database in Amazon Lightsail.

    " @@ -2160,6 +2268,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a list of available log streams for a specific database in Amazon Lightsail.

    " @@ -2179,6 +2288,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the current, previous, or pending versions of the master user password for a Lightsail database.

    The GetRelationalDatabaseMasterUserPassword operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName.

    " @@ -2198,6 +2308,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns the data points of the specified metric for a database in Amazon Lightsail.

    Metrics report the utilization of your resources, and the error counts generated by them. Monitor and collect metric data regularly to maintain the reliability, availability, and performance of your resources.

    " @@ -2217,6 +2328,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns all of the runtime parameters offered by the underlying database software, or engine, for a specific database in Amazon Lightsail.

    In addition to the parameter names and values, this operation returns other information about each parameter. This information includes whether changes require a reboot, whether the parameter is modifiable, the allowed values, and the data types.

    " @@ -2236,6 +2348,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about a specific database snapshot in Amazon Lightsail.

    " @@ -2255,6 +2368,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all of your database snapshots in Amazon Lightsail.

    " @@ -2274,6 +2388,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all of your databases in Amazon Lightsail.

    " @@ -2291,7 +2406,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Returns detailed information for five of the most recent SetupInstanceHttps requests that were ran on the target instance.

    " }, @@ -2310,6 +2426,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about an Amazon Lightsail static IP.

    " @@ -2329,6 +2446,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns information about all static IPs in the user's account.

    " @@ -2348,6 +2466,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Imports a public SSH key from a specific key pair.

    " @@ -2367,6 +2486,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Returns a Boolean value indicating whether your Lightsail VPC is peered.

    " @@ -2386,9 +2506,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Opens ports for a specific Amazon Lightsail instance, and specifies the IP addresses allowed to connect to the instance through the ports, and the protocol.

    The OpenInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Opens ports for a specific Amazon Lightsail instance, and specifies the IP addresses allowed to connect to the instance through the ports, and the protocol.

    The OpenInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "PeerVpc":{ "name":"PeerVpc", @@ -2405,6 +2526,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Peers the Lightsail VPC with the user's default VPC.

    " @@ -2423,9 +2545,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"UnauthenticatedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Creates or updates an alarm, and associates it with the specified metric.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    When this action creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed.

    When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm. The alarm is then evaluated with the updated configuration.

    " + "documentation":"

    Creates or updates an alarm, and associates it with the specified metric.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    When this action creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed.

    When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm. The alarm is then evaluated with the updated configuration.

    " }, "PutInstancePublicPorts":{ "name":"PutInstancePublicPorts", @@ -2442,9 +2565,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Opens ports for a specific Amazon Lightsail instance, and specifies the IP addresses allowed to connect to the instance through the ports, and the protocol. This action also closes all currently open ports that are not included in the request. Include all of the ports and the protocols you want to open in your PutInstancePublicPortsrequest. Or use the OpenInstancePublicPorts action to open ports without closing currently open ports.

    The PutInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Opens ports for a specific Amazon Lightsail instance, and specifies the IP addresses allowed to connect to the instance through the ports, and the protocol. This action also closes all currently open ports that are not included in the request. Include all of the ports and the protocols you want to open in your PutInstancePublicPortsrequest. Or use the OpenInstancePublicPorts action to open ports without closing currently open ports.

    The PutInstancePublicPorts action supports tag-based access control via resource tags applied to the resource identified by instanceName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "RebootInstance":{ "name":"RebootInstance", @@ -2461,9 +2585,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Restarts a specific instance.

    The reboot instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Restarts a specific instance.

    The reboot instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "RebootRelationalDatabase":{ "name":"RebootRelationalDatabase", @@ -2480,9 +2605,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Restarts a specific database in Amazon Lightsail.

    The reboot relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Restarts a specific database in Amazon Lightsail.

    The reboot relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "RegisterContainerImage":{ "name":"RegisterContainerImage", @@ -2497,9 +2623,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Registers a container image to your Amazon Lightsail container service.

    This action is not required if you install and use the Lightsail Control (lightsailctl) plugin to push container images to your Lightsail container service. For more information, see Pushing and managing container images on your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Registers a container image to your Amazon Lightsail container service.

    This action is not required if you install and use the Lightsail Control (lightsailctl) plugin to push container images to your Lightsail container service. For more information, see Pushing and managing container images on your Amazon Lightsail container services in the Amazon Lightsail Developer Guide.

    " }, "ReleaseStaticIp":{ "name":"ReleaseStaticIp", @@ -2516,6 +2643,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Deletes a specific static IP from your account.

    " @@ -2552,9 +2680,10 @@ {"shape":"OperationFailureException"}, {"shape":"UnauthenticatedException"}, {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Sends a verification request to an email contact method to ensure it's owned by the requester. SMS contact methods don't need to be verified.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    A verification request is sent to the contact method when you initially create it. Use this action to send another verification request if a previous verification request was deleted, or has expired.

    Notifications are not sent to an email contact method until after it is verified, and confirmed as valid.

    " + "documentation":"

    Sends a verification request to an email contact method to ensure it's owned by the requester. SMS contact methods don't need to be verified.

    A contact method is used to send you notifications about your Amazon Lightsail resources. You can add one email address and one mobile phone number contact method in each Amazon Web Services Region. However, SMS text messaging is not supported in some Amazon Web Services Regions, and SMS text messages cannot be sent to some countries/regions. For more information, see Notifications in Amazon Lightsail.

    A verification request is sent to the contact method when you initially create it. Use this action to send another verification request if a previous verification request was deleted, or has expired.

    Notifications are not sent to an email contact method until after it is verified, and confirmed as valid.

    " }, "SetIpAddressType":{ "name":"SetIpAddressType", @@ -2571,6 +2700,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Sets the IP address type for an Amazon Lightsail resource.

    Use this action to enable dual-stack for a resource, which enables IPv4 and IPv6 for the specified resource. Alternately, you can use this action to disable dual-stack, and enable IPv4 only.

    " @@ -2588,7 +2718,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Sets the Amazon Lightsail resources that can access the specified Lightsail bucket.

    Lightsail buckets currently support setting access for Lightsail instances in the same Amazon Web Services Region.

    " }, @@ -2605,7 +2736,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Creates an SSL/TLS certificate that secures traffic for your website. After the certificate is created, it is installed on the specified Lightsail instance.

    If you provide more than one domain name in the request, at least one name must be less than or equal to 63 characters in length.

    " }, @@ -2622,7 +2754,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Initiates a graphical user interface (GUI) session that’s used to access a virtual computer’s operating system and application. The session will be active for 1 hour. Use this action to resume the session after it expires.

    " }, @@ -2641,9 +2774,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Starts a specific Amazon Lightsail instance from a stopped state. To restart an instance, use the reboot instance operation.

    When you start a stopped instance, Lightsail assigns a new public IP address to the instance. To use the same IP address after stopping and starting an instance, create a static IP address and attach it to the instance. For more information, see the Amazon Lightsail Developer Guide.

    The start instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Starts a specific Amazon Lightsail instance from a stopped state. To restart an instance, use the reboot instance operation.

    When you start a stopped instance, Lightsail assigns a new public IP address to the instance. To use the same IP address after stopping and starting an instance, create a static IP address and attach it to the instance. For more information, see the Amazon Lightsail Developer Guide.

    The start instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "StartRelationalDatabase":{ "name":"StartRelationalDatabase", @@ -2660,9 +2794,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Starts a specific database from a stopped state in Amazon Lightsail. To restart a database, use the reboot relational database operation.

    The start relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Starts a specific database from a stopped state in Amazon Lightsail. To restart a database, use the reboot relational database operation.

    The start relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "StopGUISession":{ "name":"StopGUISession", @@ -2677,9 +2812,10 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Terminates a web-based NICE DCV session that’s used to access a virtual computer’s operating system or application. The session will close and any unsaved data will be lost.

    " + "documentation":"

    Terminates a web-based Amazon DCV session that’s used to access a virtual computer’s operating system or application. The session will close and any unsaved data will be lost.

    " }, "StopInstance":{ "name":"StopInstance", @@ -2696,9 +2832,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Stops a specific Amazon Lightsail instance that is currently running.

    When you start a stopped instance, Lightsail assigns a new public IP address to the instance. To use the same IP address after stopping and starting an instance, create a static IP address and attach it to the instance. For more information, see the Amazon Lightsail Developer Guide.

    The stop instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Stops a specific Amazon Lightsail instance that is currently running.

    When you start a stopped instance, Lightsail assigns a new public IP address to the instance. To use the same IP address after stopping and starting an instance, create a static IP address and attach it to the instance. For more information, see the Amazon Lightsail Developer Guide.

    The stop instance operation supports tag-based access control via resource tags applied to the resource identified by instance name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "StopRelationalDatabase":{ "name":"StopRelationalDatabase", @@ -2715,9 +2852,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Stops a specific database that is currently running in Amazon Lightsail.

    The stop relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Stops a specific database that is currently running in Amazon Lightsail.

    If you don't manually start your database instance after it has been stopped for seven consecutive days, Amazon Lightsail automatically starts it for you. This action helps ensure that your database instance doesn't fall behind on any required maintenance updates.

    The stop relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "TagResource":{ "name":"TagResource", @@ -2734,9 +2872,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Adds one or more tags to the specified Amazon Lightsail resource. Each resource can have a maximum of 50 tags. Each tag consists of a key and an optional value. Tag keys must be unique per resource. For more information about tags, see the Amazon Lightsail Developer Guide.

    The tag resource operation supports tag-based access control via request tags and resource tags applied to the resource identified by resource name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Adds one or more tags to the specified Amazon Lightsail resource. Each resource can have a maximum of 50 tags. Each tag consists of a key and an optional value. Tag keys must be unique per resource. For more information about tags, see the Amazon Lightsail Developer Guide.

    The tag resource operation supports tag-based access control via request tags and resource tags applied to the resource identified by resource name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "TestAlarm":{ "name":"TestAlarm", @@ -2752,9 +2891,10 @@ {"shape":"OperationFailureException"}, {"shape":"UnauthenticatedException"}, {"shape":"AccessDeniedException"}, - {"shape":"NotFoundException"} + {"shape":"NotFoundException"}, + {"shape":"RegionSetupInProgressException"} ], - "documentation":"

    Tests an alarm by displaying a banner on the Amazon Lightsail console. If a notification trigger is configured for the specified alarm, the test also sends a notification to the notification protocol (Email and/or SMS) configured for the alarm.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " + "documentation":"

    Tests an alarm by displaying a banner on the Amazon Lightsail console. If a notification trigger is configured for the specified alarm, the test also sends a notification to the notification protocol (Email and/or SMS) configured for the alarm.

    An alarm is used to monitor a single metric for one of your resources. When a metric condition is met, the alarm can notify you by email, SMS text message, and a banner displayed on the Amazon Lightsail console. For more information, see Alarms in Amazon Lightsail.

    " }, "UnpeerVpc":{ "name":"UnpeerVpc", @@ -2771,6 +2911,7 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], "documentation":"

    Unpeers the Lightsail VPC from the user's default VPC.

    " @@ -2790,9 +2931,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Deletes the specified set of tag keys and their values from the specified Amazon Lightsail resource.

    The untag resource operation supports tag-based access control via request tags and resource tags applied to the resource identified by resource name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Deletes the specified set of tag keys and their values from the specified Amazon Lightsail resource.

    The untag resource operation supports tag-based access control via request tags and resource tags applied to the resource identified by resource name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "UpdateBucket":{ "name":"UpdateBucket", @@ -2807,7 +2949,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Updates an existing Amazon Lightsail bucket.

    Use this action to update the configuration of an existing bucket, such as versioning, public accessibility, and the Amazon Web Services accounts that can access the bucket.

    " }, @@ -2824,7 +2967,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"ServiceException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Updates the bundle, or storage plan, of an existing Amazon Lightsail bucket.

    A bucket bundle specifies the monthly cost, storage space, and data transfer quota for a bucket. You can update a bucket's bundle only one time within a monthly Amazon Web Services billing cycle. To determine if you can update a bucket's bundle, use the GetBuckets action. The ableToUpdateBundle parameter in the response will indicate whether you can currently update a bucket's bundle.

    Update a bucket's bundle if it's consistently going over its storage space or data transfer quota, or if a bucket's usage is consistently in the lower range of its storage space or data transfer quota. Due to the unpredictable usage fluctuations that a bucket might experience, we strongly recommend that you update a bucket's bundle only as a long-term strategy, instead of as a short-term, monthly cost-cutting measure. Choose a bucket bundle that will provide the bucket with ample storage space and data transfer for a long time to come.

    " }, @@ -2841,7 +2985,8 @@ {"shape":"InvalidInputException"}, {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, - {"shape":"UnauthenticatedException"} + {"shape":"UnauthenticatedException"}, + {"shape":"RegionSetupInProgressException"} ], "documentation":"

    Updates the configuration of your Amazon Lightsail container service, such as its power, scale, and public domain names.

    " }, @@ -2896,9 +3041,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Updates a domain recordset after it is created.

    The update domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Updates a domain recordset after it is created.

    The update domain entry operation supports tag-based access control via resource tags applied to the resource identified by domain name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "UpdateInstanceMetadataOptions":{ "name":"UpdateInstanceMetadataOptions", @@ -2915,9 +3061,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Modifies the Amazon Lightsail instance metadata parameters on a running or stopped instance. When you modify the parameters on a running instance, the GetInstance or GetInstances API operation initially responds with a state of pending. After the parameter modifications are successfully applied, the state changes to applied in subsequent GetInstance or GetInstances API calls. For more information, see Use IMDSv2 with an Amazon Lightsail instance in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Modifies the Amazon Lightsail instance metadata parameters on a running or stopped instance. When you modify the parameters on a running instance, the GetInstance or GetInstances API operation initially responds with a state of pending. After the parameter modifications are successfully applied, the state changes to applied in subsequent GetInstance or GetInstances API calls. For more information, see Use IMDSv2 with an Amazon Lightsail instance in the Amazon Lightsail Developer Guide.

    " }, "UpdateLoadBalancerAttribute":{ "name":"UpdateLoadBalancerAttribute", @@ -2934,9 +3081,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Updates the specified attribute for a load balancer. You can only update one attribute at a time.

    The update load balancer attribute operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Updates the specified attribute for a load balancer. You can only update one attribute at a time.

    The update load balancer attribute operation supports tag-based access control via resource tags applied to the resource identified by load balancer name. For more information, see the Amazon Lightsail Developer Guide.

    " }, "UpdateRelationalDatabase":{ "name":"UpdateRelationalDatabase", @@ -2953,9 +3101,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Allows the update of one or more attributes of a database in Amazon Lightsail.

    Updates are applied immediately, or in cases where the updates could result in an outage, are applied during the database's predefined maintenance window.

    The update relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Allows the update of one or more attributes of a database in Amazon Lightsail.

    Updates are applied immediately, or in cases where the updates could result in an outage, are applied during the database's predefined maintenance window.

    The update relational database operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " }, "UpdateRelationalDatabaseParameters":{ "name":"UpdateRelationalDatabaseParameters", @@ -2972,9 +3121,10 @@ {"shape":"OperationFailureException"}, {"shape":"AccessDeniedException"}, {"shape":"AccountSetupInProgressException"}, + {"shape":"RegionSetupInProgressException"}, {"shape":"UnauthenticatedException"} ], - "documentation":"

    Allows the update of one or more parameters of a database in Amazon Lightsail.

    Parameter updates don't cause outages; therefore, their application is not subject to the preferred maintenance window. However, there are two ways in which parameter updates are applied: dynamic or pending-reboot. Parameters marked with a dynamic apply type are applied immediately. Parameters marked with a pending-reboot apply type are applied only after the database is rebooted using the reboot relational database operation.

    The update relational database parameters operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Allows the update of one or more parameters of a database in Amazon Lightsail.

    Parameter updates don't cause outages; therefore, their application is not subject to the preferred maintenance window. However, there are two ways in which parameter updates are applied: dynamic or pending-reboot. Parameters marked with a dynamic apply type are applied immediately. Parameters marked with a pending-reboot apply type are applied only after the database is rebooted using the reboot relational database operation.

    The update relational database parameters operation supports tag-based access control via resource tags applied to the resource identified by relationalDatabaseName. For more information, see the Amazon Lightsail Developer Guide.

    " } }, "shapes":{ @@ -3020,7 +3170,7 @@ "documentation":"

    An object that describes the last time the access key was used.

    This object does not include data in the response of a CreateBucketAccessKey action. If the access key has not been used, the region and serviceName values are N/A, and the lastUsedDate value is null.

    " } }, - "documentation":"

    Describes an access key for an Amazon Lightsail bucket.

    Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the CreateBucketAccessKey action to create an access key for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

    " + "documentation":"

    Describes an access key for an Amazon Lightsail bucket.

    Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the CreateBucketAccessKey action to create an access key for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

    " }, "AccessKeyLastUsed":{ "type":"structure", @@ -3060,7 +3210,7 @@ "documentation":"

    A Boolean value that indicates whether the access control list (ACL) permissions that are applied to individual objects override the getObject option that is currently specified.

    When this is true, you can use the PutObjectAcl Amazon S3 API action to set individual objects to public (read-only) using the public-read ACL, or to private using the private ACL.

    " } }, - "documentation":"

    Describes the anonymous access permissions for an Amazon Lightsail bucket and its objects.

    For more information about bucket access permissions, see Understanding bucket permissions in Amazon Lightsail in the

    Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the anonymous access permissions for an Amazon Lightsail bucket and its objects.

    For more information about bucket access permissions, see Understanding bucket permissions in Amazon Lightsail in the

    Amazon Lightsail Developer Guide.

    " }, "AccessType":{ "type":"string", @@ -3082,14 +3232,14 @@ }, "message":{ "shape":"BPAStatusMessage", - "documentation":"

    A message that provides a reason for a Failed or Defaulted synchronization status.

    The following messages are possible:

    • SYNC_ON_HOLD - The synchronization has not yet happened. This status message occurs immediately after you create your first Lightsail bucket. This status message should change after the first synchronization happens, approximately 1 hour after the first bucket is created.

    • DEFAULTED_FOR_SLR_MISSING - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. The account-level BPA configuration for your Lightsail buckets is defaulted to active until the synchronization can occur. This means that all your buckets are private and not publicly accessible. For more information about how to create the required service-linked role to allow synchronization, see Using Service-Linked Roles for Amazon Lightsail in the Amazon Lightsail Developer Guide.

    • DEFAULTED_FOR_SLR_MISSING_ON_HOLD - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. Account-level BPA is not yet configured for your Lightsail buckets. Therefore, only the bucket access permissions and individual object access permissions apply to your Lightsail buckets. For more information about how to create the required service-linked role to allow synchronization, see Using Service-Linked Roles for Amazon Lightsail in the Amazon Lightsail Developer Guide.

    • Unknown - The reason that synchronization failed is unknown. Contact Amazon Web Services Support for more information.

    " + "documentation":"

    A message that provides a reason for a Failed or Defaulted synchronization status.

    The following messages are possible:

    • SYNC_ON_HOLD - The synchronization has not yet happened. This status message occurs immediately after you create your first Lightsail bucket. This status message should change after the first synchronization happens, approximately 1 hour after the first bucket is created.

    • DEFAULTED_FOR_SLR_MISSING - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. The account-level BPA configuration for your Lightsail buckets is defaulted to active until the synchronization can occur. This means that all your buckets are private and not publicly accessible. For more information about how to create the required service-linked role to allow synchronization, see Using Service-Linked Roles for Amazon Lightsail in the Amazon Lightsail Developer Guide.

    • DEFAULTED_FOR_SLR_MISSING_ON_HOLD - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. Account-level BPA is not yet configured for your Lightsail buckets. Therefore, only the bucket access permissions and individual object access permissions apply to your Lightsail buckets. For more information about how to create the required service-linked role to allow synchronization, see Using Service-Linked Roles for Amazon Lightsail in the Amazon Lightsail Developer Guide.

    • Unknown - The reason that synchronization failed is unknown. Contact Amazon Web Services Support for more information.

    " }, "bpaImpactsLightsail":{ "shape":"boolean", "documentation":"

    A Boolean value that indicates whether account-level block public access is affecting your Lightsail buckets.

    " } }, - "documentation":"

    Describes the synchronization status of the Amazon Simple Storage Service (Amazon S3) account-level block public access (BPA) feature for your Lightsail buckets.

    The account-level BPA feature of Amazon S3 provides centralized controls to limit public access to all Amazon S3 buckets in an account. BPA can make all Amazon S3 buckets in an Amazon Web Services account private regardless of the individual bucket and object permissions that are configured. Lightsail buckets take into account the Amazon S3 account-level BPA configuration when allowing or denying public access. To do this, Lightsail periodically fetches the account-level BPA configuration from Amazon S3. When the account-level BPA status is InSync, the Amazon S3 account-level BPA configuration is synchronized and it applies to your Lightsail buckets. For more information about Amazon Simple Storage Service account-level BPA and how it affects Lightsail buckets, see Block public access for buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the synchronization status of the Amazon Simple Storage Service (Amazon S3) account-level block public access (BPA) feature for your Lightsail buckets.

    The account-level BPA feature of Amazon S3 provides centralized controls to limit public access to all Amazon S3 buckets in an account. BPA can make all Amazon S3 buckets in an Amazon Web Services account private regardless of the individual bucket and object permissions that are configured. Lightsail buckets take into account the Amazon S3 account-level BPA configuration when allowing or denying public access. To do this, Lightsail periodically fetches the account-level BPA configuration from Amazon S3. When the account-level BPA status is InSync, the Amazon S3 account-level BPA configuration is synchronized and it applies to your Lightsail buckets. For more information about Amazon Simple Storage Service account-level BPA and how it affects Lightsail buckets, see Block public access for buckets in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "AccountLevelBpaSyncStatus":{ "type":"string", @@ -3259,7 +3409,7 @@ "documentation":"

    Indicates whether the alarm is enabled.

    " } }, - "documentation":"

    Describes an alarm.

    An alarm is a way to monitor your Lightsail resource metrics. For more information, see Alarms in Amazon Lightsail.

    " + "documentation":"

    Describes an alarm.

    An alarm is a way to monitor your Lightsail resource metrics. For more information, see Alarms in Amazon Lightsail.

    " }, "AlarmState":{ "type":"string", @@ -3690,6 +3840,10 @@ "accessLogConfig":{ "shape":"BucketAccessLogConfig", "documentation":"

    An object that describes the access log configuration for the bucket.

    " + }, + "cors":{ + "shape":"BucketCorsConfig", + "documentation":"

    An array of cross-origin resource sharing (CORS) rules that identify origins and the HTTP methods that can be executed on your bucket. This field is only included in the response when CORS configuration is requested or when updating CORS configuration. For more information, see Configuring cross-origin resource sharing (CORS).

    " } }, "documentation":"

    Describes an Amazon Lightsail bucket.

    " @@ -3711,7 +3865,7 @@ "documentation":"

    The optional object prefix for the bucket access log.

    The prefix is an optional addition to the object key that organizes your access log files in the destination bucket. For example, if you specify a logs/ prefix, then each log object will begin with the logs/ prefix in its key (for example, logs/2021-11-01-21-32-16-E568B2907131C0C0).

    This parameter can be optionally specified when enabling the access log for a bucket, and should be omitted when disabling the access log.

    " } }, - "documentation":"

    Describes the access log configuration for a bucket in the Amazon Lightsail object storage service.

    For more information about bucket access logs, see Logging bucket requests using access logging in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the access log configuration for a bucket in the Amazon Lightsail object storage service.

    For more information about bucket access logs, see Logging bucket requests using access logging in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "BucketAccessLogPrefix":{ "type":"string", @@ -3753,6 +3907,79 @@ "type":"list", "member":{"shape":"BucketBundle"} }, + "BucketCorsAllowedHeaders":{ + "type":"list", + "member":{"shape":"string"} + }, + "BucketCorsAllowedMethod":{ + "type":"string", + "pattern":"^(DELETE|GET|HEAD|POST|PUT)$" + }, + "BucketCorsAllowedMethods":{ + "type":"list", + "member":{"shape":"BucketCorsAllowedMethod"} + }, + "BucketCorsAllowedOrigins":{ + "type":"list", + "member":{"shape":"string"} + }, + "BucketCorsConfig":{ + "type":"structure", + "members":{ + "rules":{ + "shape":"BucketCorsRules", + "documentation":"

    A set of origins and methods (cross-origin access that you want to allow). You can add up to 20 rules to the configuration. The total size is limited to 64 KB.

    " + } + }, + "documentation":"

    Describes the cross-origin resource sharing (CORS) configuration for a Lightsail bucket. CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. For more information, see Configuring cross-origin resource sharing (CORS).

    " + }, + "BucketCorsExposeHeaders":{ + "type":"list", + "member":{"shape":"string"} + }, + "BucketCorsRule":{ + "type":"structure", + "required":[ + "allowedMethods", + "allowedOrigins" + ], + "members":{ + "id":{ + "shape":"BucketCorsRuleId", + "documentation":"

    A unique identifier for the CORS rule. The ID value can be up to 255 characters long. The IDs help you find a rule in the configuration.

    " + }, + "allowedMethods":{ + "shape":"BucketCorsAllowedMethods", + "documentation":"

    The HTTP methods that are allowed when accessing the bucket from the specified origin. Each CORS rule must identify at least one origin and one method.

    You can use the following HTTP methods:

    • GET - Retrieves data from the server, such as downloading files or viewing content.

    • PUT - Uploads or replaces data on the server, such as uploading new files.

    • POST - Sends data to the server for processing, such as submitting forms or creating new resources.

    • DELETE - Removes data from the server, such as deleting files or resources.

    • HEAD - Retrieves only the headers from the server without the actual content, useful for checking if a resource exists.

    " + }, + "allowedOrigins":{ + "shape":"BucketCorsAllowedOrigins", + "documentation":"

    One or more origins you want customers to be able to access the bucket from. Each CORS rule must identify at least one origin and one method.

    " + }, + "allowedHeaders":{ + "shape":"BucketCorsAllowedHeaders", + "documentation":"

    Headers that are specified in the Access-Control-Request-Headers header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.

    " + }, + "exposeHeaders":{ + "shape":"BucketCorsExposeHeaders", + "documentation":"

    One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).

    " + }, + "maxAgeSeconds":{ + "shape":"integer", + "documentation":"

    The time in seconds that your browser is to cache the preflight response for the specified resource. A CORS rule can have only one maxAgeSeconds element.

    " + } + }, + "documentation":"

    Describes a cross-origin resource sharing (CORS) rule for a Lightsail bucket. CORS rules specify which origins are allowed to access the bucket, which HTTP methods are allowed, and other access control information. For more information, see Configuring cross-origin resource sharing (CORS).

    " + }, + "BucketCorsRuleId":{ + "type":"string", + "max":255 + }, + "BucketCorsRules":{ + "type":"list", + "member":{"shape":"BucketCorsRule"}, + "max":20 + }, "BucketList":{ "type":"list", "member":{"shape":"Bucket"} @@ -3993,7 +4220,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "supportCode":{ "shape":"string", @@ -4052,7 +4279,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " } }, "documentation":"

    Describes an Amazon Lightsail SSL/TLS certificate.

    " @@ -4204,7 +4431,7 @@ "documentation":"

    The support code. Include this code in your email to support when you have questions about your Lightsail contact method. This code enables our support team to look up your Lightsail information more easily.

    " } }, - "documentation":"

    Describes a contact method.

    A contact method is a way to send you notifications. For more information, see Notifications in Amazon Lightsail.

    " + "documentation":"

    Describes a contact method.

    A contact method is a way to send you notifications. For more information, see Notifications in Amazon Lightsail.

    " }, "ContactMethodStatus":{ "type":"string", @@ -4319,7 +4546,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "power":{ "shape":"ContainerServicePowerName", @@ -4371,7 +4598,7 @@ }, "privateRegistryAccess":{ "shape":"PrivateRegistryAccess", - "documentation":"

    An object that describes the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    An object that describes the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " } }, "documentation":"

    Describes an Amazon Lightsail container service.

    " @@ -4441,7 +4668,7 @@ "documentation":"

    The Amazon Resource Name (ARN) of the role, if it is activated.

    " } }, - "documentation":"

    Describes the activation status of the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories.

    When activated, Lightsail creates an Identity and Access Management (IAM) role for the specified Lightsail container service. You can use the ARN of the role to create a trust relationship between your Lightsail container service and an Amazon ECR private repository in your Amazon Web Services account. This allows your container service to pull images from Amazon ECR private repositories. For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the activation status of the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories.

    When activated, Lightsail creates an Identity and Access Management (IAM) role for the specified Lightsail container service. You can use the ARN of the role to create a trust relationship between your Lightsail container service and an Amazon ECR private repository in your Amazon Web Services account. This allows your container service to pull images from Amazon ECR private repositories. For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " }, "ContainerServiceECRImagePullerRoleRequest":{ "type":"structure", @@ -4451,7 +4678,7 @@ "documentation":"

    A Boolean value that indicates whether to activate the role.

    " } }, - "documentation":"

    Describes a request to activate or deactivate the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories.

    When activated, Lightsail creates an Identity and Access Management (IAM) role for the specified Lightsail container service. You can use the ARN of the role to create a trust relationship between your Lightsail container service and an Amazon ECR private repository in your Amazon Web Services account. This allows your container service to pull images from Amazon ECR private repositories. For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes a request to activate or deactivate the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories.

    When activated, Lightsail creates an Identity and Access Management (IAM) role for the specified Lightsail container service. You can use the ARN of the role to create a trust relationship between your Lightsail container service and an Amazon ECR private repository in your Amazon Web Services account. This allows your container service to pull images from Amazon ECR private repositories. For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " }, "ContainerServiceEndpoint":{ "type":"structure", @@ -4711,15 +4938,15 @@ }, "sourceResourceName":{ "shape":"string", - "documentation":"

    The name of the source instance or disk from which the source automatic snapshot was created.

    Constraint:

    " + "documentation":"

    The name of the source instance or disk from which the source automatic snapshot was created.

    Constraint:

    " }, "restoreDate":{ "shape":"string", - "documentation":"

    The date of the source automatic snapshot to copy. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when copying an automatic snapshot as a manual snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The date of the source automatic snapshot to copy. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when copying an automatic snapshot as a manual snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "useLatestRestorableAutoSnapshot":{ "shape":"boolean", - "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot of the specified source instance or disk.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when copying an automatic snapshot as a manual snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot of the specified source instance or disk.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when copying an automatic snapshot as a manual snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "targetSnapshotName":{ "shape":"ResourceName", @@ -4790,7 +5017,7 @@ "members":{ "bucketName":{ "shape":"BucketName", - "documentation":"

    The name for the bucket.

    For more information about bucket names, see Bucket naming rules in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The name for the bucket.

    For more information about bucket names, see Bucket naming rules in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "bundleId":{ "shape":"NonEmptyString", @@ -4802,7 +5029,7 @@ }, "enableObjectVersioning":{ "shape":"boolean", - "documentation":"

    A Boolean value that indicates whether to enable versioning of objects in the bucket.

    For more information about versioning, see Enabling and suspending object versioning in a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    A Boolean value that indicates whether to enable versioning of objects in the bucket.

    For more information about versioning, see Enabling and suspending object versioning in a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " } } }, @@ -4885,7 +5112,7 @@ "members":{ "protocol":{ "shape":"ContactProtocol", - "documentation":"

    The protocol of the contact method, such as Email or SMS (text messaging).

    The SMS protocol is supported only in the following Amazon Web Services Regions.

    • US East (N. Virginia) (us-east-1)

    • US West (Oregon) (us-west-2)

    • Europe (Ireland) (eu-west-1)

    • Asia Pacific (Tokyo) (ap-northeast-1)

    • Asia Pacific (Singapore) (ap-southeast-1)

    • Asia Pacific (Sydney) (ap-southeast-2)

    For a list of countries/regions where SMS text messages can be sent, and the latest Amazon Web Services Regions where SMS text messaging is supported, see Supported Regions and Countries in the Amazon SNS Developer Guide.

    For more information about notifications in Amazon Lightsail, see Notifications in Amazon Lightsail.

    " + "documentation":"

    The protocol of the contact method, such as Email or SMS (text messaging).

    The SMS protocol is supported only in the following Amazon Web Services Regions.

    • US East (N. Virginia) (us-east-1)

    • US West (Oregon) (us-west-2)

    • Europe (Ireland) (eu-west-1)

    • Asia Pacific (Tokyo) (ap-northeast-1)

    • Asia Pacific (Singapore) (ap-southeast-1)

    • Asia Pacific (Sydney) (ap-southeast-2)

    For a list of countries/regions where SMS text messages can be sent, and the latest Amazon Web Services Regions where SMS text messaging is supported, see Supported Regions and Countries in the Amazon SNS Developer Guide.

    For more information about notifications in Amazon Lightsail, see Notifications in Amazon Lightsail.

    " }, "contactEndpoint":{ "shape":"StringMax256", @@ -4931,8 +5158,7 @@ }, "CreateContainerServiceRegistryLoginRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateContainerServiceRegistryLoginResult":{ "type":"structure", @@ -4965,7 +5191,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values to add to the container service during create.

    Use the TagResource action to tag a resource after it's created.

    For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values to add to the container service during create.

    Use the TagResource action to tag a resource after it's created.

    For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "publicDomainNames":{ "shape":"ContainerServicePublicDomains", @@ -4977,7 +5203,7 @@ }, "privateRegistryAccess":{ "shape":"PrivateRegistryAccessRequest", - "documentation":"

    An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " } } }, @@ -5024,15 +5250,15 @@ }, "sourceDiskName":{ "shape":"string", - "documentation":"

    The name of the source disk from which the source automatic snapshot was created.

    Constraints:

    • This parameter cannot be defined together with the disk snapshot name parameter. The source disk name and disk snapshot name parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The name of the source disk from which the source automatic snapshot was created.

    Constraints:

    • This parameter cannot be defined together with the disk snapshot name parameter. The source disk name and disk snapshot name parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "restoreDate":{ "shape":"string", - "documentation":"

    The date of the automatic snapshot to use for the new disk. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The date of the automatic snapshot to use for the new disk. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "useLatestRestorableAutoSnapshot":{ "shape":"boolean", - "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when creating a new disk from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " } } }, @@ -5259,7 +5485,7 @@ }, "sessions":{ "shape":"Sessions", - "documentation":"

    Returns information about the specified NICE DCV GUI session.

    " + "documentation":"

    Returns information about the specified Amazon DCV GUI session.

    " } } }, @@ -5323,7 +5549,7 @@ }, "userData":{ "shape":"string", - "documentation":"

    You can create a launch script that configures a server with additional user data. For example, apt-get -y update.

    Depending on the machine image you choose, the command to get software on your instance varies. Amazon Linux and CentOS use yum, Debian and Ubuntu use apt-get, and FreeBSD uses pkg. For a complete list, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    You can create a launch script that configures a server with additional user data. For example, apt-get -y update.

    Depending on the machine image you choose, the command to get software on your instance varies. Amazon Linux and CentOS use yum, Debian and Ubuntu use apt-get, and FreeBSD uses pkg. For a complete list, see the Amazon Lightsail Developer Guide.

    " }, "keyPairName":{ "shape":"ResourceName", @@ -5343,15 +5569,15 @@ }, "sourceInstanceName":{ "shape":"string", - "documentation":"

    The name of the source instance from which the source automatic snapshot was created.

    Constraints:

    • This parameter cannot be defined together with the instance snapshot name parameter. The source instance name and instance snapshot name parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The name of the source instance from which the source automatic snapshot was created.

    Constraints:

    • This parameter cannot be defined together with the instance snapshot name parameter. The source instance name and instance snapshot name parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "restoreDate":{ "shape":"string", - "documentation":"

    The date of the automatic snapshot to use for the new instance. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The date of the automatic snapshot to use for the new instance. Use the get auto snapshots operation to identify the dates of the available automatic snapshots.

    Constraints:

    • Must be specified in YYYY-MM-DD format.

    • This parameter cannot be defined together with the use latest restorable auto snapshot parameter. The restore date and use latest restorable auto snapshot parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " }, "useLatestRestorableAutoSnapshot":{ "shape":"boolean", - "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    A Boolean value to indicate whether to use the latest available automatic snapshot.

    Constraints:

    • This parameter cannot be defined together with the restore date parameter. The use latest restorable auto snapshot and restore date parameters are mutually exclusive.

    • Define this parameter only when creating a new instance from an automatic snapshot. For more information, see the Amazon Lightsail Developer Guide.

    " } } }, @@ -5396,7 +5622,7 @@ }, "userData":{ "shape":"string", - "documentation":"

    A launch script you can create that configures a server with additional user data. For example, you might want to run apt-get -y update.

    Depending on the machine image you choose, the command to get software on your instance varies. Amazon Linux and CentOS use yum, Debian and Ubuntu use apt-get, and FreeBSD uses pkg. For a complete list, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    A launch script you can create that configures a server with additional user data. For example, you might want to run apt-get -y update.

    Depending on the machine image you choose, the command to get software on your instance varies. Amazon Linux and CentOS use yum, Debian and Ubuntu use apt-get, and FreeBSD uses pkg. For a complete list, see the Amazon Lightsail Developer Guide.

    " }, "keyPairName":{ "shape":"ResourceName", @@ -5501,7 +5727,7 @@ }, "tlsPolicyName":{ "shape":"string", - "documentation":"

    The name of the TLS policy to apply to the load balancer.

    Use the GetLoadBalancerTlsPolicies action to get a list of TLS policy names that you can specify.

    For more information about load balancer TLS policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The name of the TLS policy to apply to the load balancer.

    Use the GetLoadBalancerTlsPolicies action to get a list of TLS policy names that you can specify.

    For more information about load balancer TLS policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " } } }, @@ -5854,8 +6080,7 @@ }, "DeleteContainerImageResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContainerServiceRequest":{ "type":"structure", @@ -5869,8 +6094,7 @@ }, "DeleteContainerServiceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDiskRequest":{ "type":"structure", @@ -6308,7 +6532,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "addOns":{ "shape":"AddOnList", @@ -6436,7 +6660,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "sizeInGb":{ "shape":"integer", @@ -6563,7 +6787,7 @@ "documentation":"

    The message that describes the reason for the status code.

    " } }, - "documentation":"

    Describes the creation state of the canonical name (CNAME) records that are automatically added by Amazon Lightsail to the DNS of a domain to validate domain ownership for an SSL/TLS certificate.

    When you create an SSL/TLS certificate for a Lightsail resource, you must add a set of CNAME records to the DNS of the domains for the certificate to validate that you own the domains. Lightsail can automatically add the CNAME records to the DNS of the domain if the DNS zone for the domain exists within your Lightsail account. If automatic record addition fails, or if you manage the DNS of your domain using a third-party service, then you must manually add the CNAME records to the DNS of your domain. For more information, see Verify an SSL/TLS certificate in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the creation state of the canonical name (CNAME) records that are automatically added by Amazon Lightsail to the DNS of a domain to validate domain ownership for an SSL/TLS certificate.

    When you create an SSL/TLS certificate for a Lightsail resource, you must add a set of CNAME records to the DNS of the domains for the certificate to validate that you own the domains. Lightsail can automatically add the CNAME records to the DNS of the domain if the DNS zone for the domain exists within your Lightsail account. If automatic record addition fails, or if you manage the DNS of your domain using a third-party service, then you must manually add the CNAME records to the DNS of your domain. For more information, see Verify an SSL/TLS certificate in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "DnsRecordCreationStateCode":{ "type":"string", @@ -6602,7 +6826,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "domainEntries":{ "shape":"DomainEntryList", @@ -6694,8 +6918,7 @@ }, "DownloadDefaultKeyPairRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DownloadDefaultKeyPairResult":{ "type":"structure", @@ -7134,6 +7357,10 @@ "includeConnectedResources":{ "shape":"boolean", "documentation":"

    A Boolean value that indicates whether to include Lightsail instances that were given access to the bucket using the SetResourceAccessForBucket action.

    " + }, + "includeCors":{ + "shape":"boolean", + "documentation":"

    A Boolean value that indicates whether to include Lightsail bucket CORS configuration in the response. For more information, see Configuring cross-origin resource sharing (CORS).

    This parameter is only supported when getting a single bucket with bucketName specified. The default value for this parameter is False.

    " } } }, @@ -7150,7 +7377,7 @@ }, "accountLevelBpaSync":{ "shape":"AccountLevelBpaSync", - "documentation":"

    An object that describes the synchronization status of the Amazon S3 account-level block public access feature for your Lightsail buckets.

    For more information about this feature and how it affects Lightsail buckets, see Block public access for buckets in Amazon Lightsail.

    " + "documentation":"

    An object that describes the synchronization status of the Amazon S3 account-level block public access feature for your Lightsail buckets.

    For more information about this feature and how it affects Lightsail buckets, see Block public access for buckets in Amazon Lightsail.

    " } } }, @@ -7260,8 +7487,7 @@ }, "GetContainerAPIMetadataRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetContainerAPIMetadataResult":{ "type":"structure", @@ -7408,8 +7634,7 @@ }, "GetContainerServicePowersRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetContainerServicePowersResult":{ "type":"structure", @@ -7544,8 +7769,7 @@ }, "GetDistributionBundlesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetDistributionBundlesResult":{ "type":"structure", @@ -7763,7 +7987,7 @@ }, "metricName":{ "shape":"InstanceMetricName", - "documentation":"

    The metric for which you want to return information.

    Valid instance metric names are listed below, along with the most useful statistics to include in your request, and the published unit value.

    • BurstCapacityPercentage - The percentage of CPU performance available for your instance to burst above its baseline. Your instance continuously accrues and consumes burst capacity. Burst capacity stops accruing when your instance's BurstCapacityPercentage reaches 100%. For more information, see Viewing instance burst capacity in Amazon Lightsail.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Percent.

    • BurstCapacityTime - The available amount of time for your instance to burst at 100% CPU utilization. Your instance continuously accrues and consumes burst capacity. Burst capacity time stops accruing when your instance's BurstCapacityPercentage metric reaches 100%.

      Burst capacity time is consumed at the full rate only when your instance operates at 100% CPU utilization. For example, if your instance operates at 50% CPU utilization in the burstable zone for a 5-minute period, then it consumes CPU burst capacity minutes at a 50% rate in that period. Your instance consumed 2 minutes and 30 seconds of CPU burst capacity minutes in the 5-minute period. For more information, see Viewing instance burst capacity in Amazon Lightsail.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Seconds.

    • CPUUtilization - The percentage of allocated compute units that are currently in use on the instance. This metric identifies the processing power to run the applications on the instance. Tools in your operating system can show a lower percentage than Lightsail when the instance is not allocated a full processor core.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Percent.

    • NetworkIn - The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to the instance. The number reported is the number of bytes received during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Bytes.

    • NetworkOut - The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from the instance. The number reported is the number of bytes sent during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Bytes.

    • StatusCheckFailed - Reports whether the instance passed or failed both the instance status check and the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • StatusCheckFailed_Instance - Reports whether the instance passed or failed the instance status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • StatusCheckFailed_System - Reports whether the instance passed or failed the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • MetadataNoToken - Reports the number of times that the instance metadata service was successfully accessed without a token. This metric determines if there are any processes accessing instance metadata by using Instance Metadata Service Version 1, which doesn't use a token. If all requests use token-backed sessions, such as Instance Metadata Service Version 2, then the value is 0.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    " + "documentation":"

    The metric for which you want to return information.

    Valid instance metric names are listed below, along with the most useful statistics to include in your request, and the published unit value.

    • BurstCapacityPercentage - The percentage of CPU performance available for your instance to burst above its baseline. Your instance continuously accrues and consumes burst capacity. Burst capacity stops accruing when your instance's BurstCapacityPercentage reaches 100%. For more information, see Viewing instance burst capacity in Amazon Lightsail.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Percent.

    • BurstCapacityTime - The available amount of time for your instance to burst at 100% CPU utilization. Your instance continuously accrues and consumes burst capacity. Burst capacity time stops accruing when your instance's BurstCapacityPercentage metric reaches 100%.

      Burst capacity time is consumed at the full rate only when your instance operates at 100% CPU utilization. For example, if your instance operates at 50% CPU utilization in the burstable zone for a 5-minute period, then it consumes CPU burst capacity minutes at a 50% rate in that period. Your instance consumed 2 minutes and 30 seconds of CPU burst capacity minutes in the 5-minute period. For more information, see Viewing instance burst capacity in Amazon Lightsail.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Seconds.

    • CPUUtilization - The percentage of allocated compute units that are currently in use on the instance. This metric identifies the processing power to run the applications on the instance. Tools in your operating system can show a lower percentage than Lightsail when the instance is not allocated a full processor core.

      Statistics: The most useful statistics are Maximum and Average.

      Unit: The published unit is Percent.

    • NetworkIn - The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to the instance. The number reported is the number of bytes received during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Bytes.

    • NetworkOut - The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from the instance. The number reported is the number of bytes sent during the period. Because this metric is reported in 5-minute intervals, divide the reported number by 300 to find Bytes/second.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Bytes.

    • StatusCheckFailed - Reports whether the instance passed or failed both the instance status check and the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • StatusCheckFailed_Instance - Reports whether the instance passed or failed the instance status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • StatusCheckFailed_System - Reports whether the instance passed or failed the system status check. This metric can be either 0 (passed) or 1 (failed). This metric data is available in 1-minute (60 seconds) granularity.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    • MetadataNoToken - Reports the number of times that the instance metadata service was successfully accessed without a token. This metric determines if there are any processes accessing instance metadata by using Instance Metadata Service Version 1, which doesn't use a token. If all requests use token-backed sessions, such as Instance Metadata Service Version 2, then the value is 0.

      Statistics: The most useful statistic is Sum.

      Unit: The published unit is Count.

    " }, "period":{ "shape":"MetricPeriod", @@ -8787,7 +9011,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "blueprintId":{ "shape":"NonEmptyString", @@ -9025,7 +9249,7 @@ }, "httpTokens":{ "shape":"HttpTokens", - "documentation":"

    The state of token usage for your instance metadata requests.

    If the state is optional, you can choose whether to retrieve instance metadata with a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials by using a valid signed token, the version 2.0 role credentials are returned.

    If the state is required, you must send a signed token header with all instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials. The version 1.0 credentials are not available.

    Not all instance blueprints in Lightsail support version 2.0 credentials. Use the MetadataNoToken instance metric to track the number of calls to the instance metadata service that are using version 1.0 credentials. For more information, see Viewing instance metrics in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The state of token usage for your instance metadata requests.

    If the state is optional, you can choose whether to retrieve instance metadata with a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials by using a valid signed token, the version 2.0 role credentials are returned.

    If the state is required, you must send a signed token header with all instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials. The version 1.0 credentials are not available.

    Not all instance blueprints in Lightsail support version 2.0 credentials. Use the MetadataNoToken instance metric to track the number of calls to the instance metadata service that are using version 1.0 credentials. For more information, see Viewing instance metrics in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "httpEndpoint":{ "shape":"HttpEndpoint", @@ -9205,7 +9429,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "state":{ "shape":"InstanceSnapshotState", @@ -9323,8 +9547,7 @@ }, "IsVpcPeeredRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "IsVpcPeeredResult":{ "type":"structure", @@ -9367,7 +9590,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "fingerprint":{ "shape":"Base64", @@ -9461,7 +9684,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "viewerMinimumTlsProtocolVersion":{ "shape":"string", @@ -9499,7 +9722,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "dnsName":{ "shape":"NonEmptyString", @@ -9634,7 +9857,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "loadBalancerName":{ "shape":"ResourceName", @@ -9900,7 +10123,7 @@ "documentation":"

    The ciphers used by the TLS security policy.

    The ciphers are listed in order of preference.

    " } }, - "documentation":"

    Describes the TLS security policies that are available for Lightsail load balancers.

    For more information about load balancer TLS security policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the TLS security policies that are available for Lightsail load balancers.

    For more information about load balancer TLS security policies, see Configuring TLS security policies on your Amazon Lightsail load balancers in the Amazon Lightsail Developer Guide.

    " }, "LoadBalancerTlsPolicyList":{ "type":"list", @@ -10059,7 +10282,7 @@ "documentation":"

    The Lightsail resource type of the resource being monitored.

    Instances, load balancers, and relational databases are the only Lightsail resources that can currently be monitored by alarms.

    " } }, - "documentation":"

    Describes resource being monitored by an alarm.

    An alarm is a way to monitor your Amazon Lightsail resource metrics. For more information, see Alarms in Amazon Lightsail.

    " + "documentation":"

    Describes resource being monitored by an alarm.

    An alarm is a way to monitor your Amazon Lightsail resource metrics. For more information, see Alarms in Amazon Lightsail.

    " }, "MonthlyTransfer":{ "type":"structure", @@ -10083,7 +10306,7 @@ "documentation":"

    The message that describes the reason for the status code.

    " } }, - "documentation":"

    Describes the state of the name server records update made by Amazon Lightsail to an Amazon Route 53 registered domain.

    For more information, see DNS in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the state of the name server records update made by Amazon Lightsail to an Amazon Route 53 registered domain.

    For more information, see DNS in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "NameServersUpdateStateCode":{ "type":"string", @@ -10370,8 +10593,7 @@ }, "PeerVpcRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "PeerVpcResult":{ "type":"structure", @@ -10511,7 +10733,7 @@ "documentation":"

    An object that describes the activation status of the role that you can use to grant a Lightsail container service access to Amazon ECR private repositories. If the role is activated, the Amazon Resource Name (ARN) of the role is also listed.

    " } }, - "documentation":"

    Describes the configuration for an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the configuration for an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " }, "PrivateRegistryAccessRequest":{ "type":"structure", @@ -10521,7 +10743,7 @@ "documentation":"

    An object to describe a request to activate or deactivate the role that you can use to grant an Amazon Lightsail container service access to Amazon Elastic Container Registry (Amazon ECR) private repositories.

    " } }, - "documentation":"

    Describes a request to configure an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes a request to configure an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " }, "PutAlarmRequest":{ "type":"structure", @@ -10540,7 +10762,7 @@ }, "metricName":{ "shape":"MetricName", - "documentation":"

    The name of the metric to associate with the alarm.

    You can configure up to two alarms per metric.

    The following metrics are available for each resource type:

    • Instances: BurstCapacityPercentage, BurstCapacityTime, CPUUtilization, NetworkIn, NetworkOut, StatusCheckFailed, StatusCheckFailed_Instance, and StatusCheckFailed_System.

    • Load balancers: ClientTLSNegotiationErrorCount, HealthyHostCount, UnhealthyHostCount, HTTPCode_LB_4XX_Count, HTTPCode_LB_5XX_Count, HTTPCode_Instance_2XX_Count, HTTPCode_Instance_3XX_Count, HTTPCode_Instance_4XX_Count, HTTPCode_Instance_5XX_Count, InstanceResponseTime, RejectedConnectionCount, and RequestCount.

    • Relational databases: CPUUtilization, DatabaseConnections, DiskQueueDepth, FreeStorageSpace, NetworkReceiveThroughput, and NetworkTransmitThroughput.

    For more information about these metrics, see Metrics available in Lightsail.

    " + "documentation":"

    The name of the metric to associate with the alarm.

    You can configure up to two alarms per metric.

    The following metrics are available for each resource type:

    • Instances: BurstCapacityPercentage, BurstCapacityTime, CPUUtilization, NetworkIn, NetworkOut, StatusCheckFailed, StatusCheckFailed_Instance, and StatusCheckFailed_System.

    • Load balancers: ClientTLSNegotiationErrorCount, HealthyHostCount, UnhealthyHostCount, HTTPCode_LB_4XX_Count, HTTPCode_LB_5XX_Count, HTTPCode_Instance_2XX_Count, HTTPCode_Instance_3XX_Count, HTTPCode_Instance_4XX_Count, HTTPCode_Instance_5XX_Count, InstanceResponseTime, RejectedConnectionCount, and RequestCount.

    • Relational databases: CPUUtilization, DatabaseConnections, DiskQueueDepth, FreeStorageSpace, NetworkReceiveThroughput, and NetworkTransmitThroughput.

    For more information about these metrics, see Metrics available in Lightsail.

    " }, "monitoredResourceName":{ "shape":"ResourceName", @@ -10749,9 +10971,27 @@ "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", - "eu-north-1" + "eu-north-1", + "ap-southeast-3" ] }, + "RegionSetupInProgressException":{ + "type":"structure", + "members":{ + "code":{"shape":"string"}, + "docs":{ + "shape":"string", + "documentation":"

    Regions and Availability Zones for Lightsail

    " + }, + "message":{"shape":"string"}, + "tip":{ + "shape":"string", + "documentation":"

    Opt-in Regions typically take a few minutes to finish setting up before you can work with them. Wait a few minutes and try again.

    " + } + }, + "documentation":"

    Lightsail throws this exception when an operation is performed on resources in an opt-in Region that is currently being set up.

    ", + "exception":true + }, "RegisterContainerImageRequest":{ "type":"structure", "required":[ @@ -10795,7 +11035,7 @@ "documentation":"

    Describes the deletion state of an Amazon Route 53 hosted zone for a domain that is being automatically delegated to an Amazon Lightsail DNS zone.

    " } }, - "documentation":"

    Describes the delegation state of an Amazon Route 53 registered domain to Amazon Lightsail.

    When you delegate an Amazon Route 53 registered domain to Lightsail, you can manage the DNS of the domain using a Lightsail DNS zone. You no longer use the Route 53 hosted zone to manage the DNS of the domain. To delegate the domain, Lightsail automatically updates the domain's name servers in Route 53 to the name servers of the Lightsail DNS zone. Then, Lightsail automatically deletes the Route 53 hosted zone for the domain.

    All of the following conditions must be true for automatic domain delegation to be successful:

    • The registered domain must be in the same Amazon Web Services account as the Lightsail account making the request.

    • The user or entity making the request must have permission to manage domains in Route 53.

    • The Route 53 hosted zone for the domain must be empty. It cannot contain DNS records other than start of authority (SOA) and name server records.

    If automatic domain delegation fails, or if you manage the DNS of your domain using a service other than Route 53, then you must manually add the Lightsail DNS zone name servers to your domain in order to delegate management of its DNS to Lightsail. For more information, see Creating a DNS zone to manage your domain’s records in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes the delegation state of an Amazon Route 53 registered domain to Amazon Lightsail.

    When you delegate an Amazon Route 53 registered domain to Lightsail, you can manage the DNS of the domain using a Lightsail DNS zone. You no longer use the Route 53 hosted zone to manage the DNS of the domain. To delegate the domain, Lightsail automatically updates the domain's name servers in Route 53 to the name servers of the Lightsail DNS zone. Then, Lightsail automatically deletes the Route 53 hosted zone for the domain.

    All of the following conditions must be true for automatic domain delegation to be successful:

    • The registered domain must be in the same Amazon Web Services account as the Lightsail account making the request.

    • The user or entity making the request must have permission to manage domains in Route 53.

    • The Route 53 hosted zone for the domain must be empty. It cannot contain DNS records other than start of authority (SOA) and name server records.

    If automatic domain delegation fails, or if you manage the DNS of your domain using a service other than Route 53, then you must manually add the Lightsail DNS zone name servers to your domain in order to delegate management of its DNS to Lightsail. For more information, see Creating a DNS zone to manage your domain’s records in Amazon Lightsail in the Amazon Lightsail Developer Guide.

    " }, "RelationalDatabase":{ "type":"structure", @@ -10826,7 +11066,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "relationalDatabaseBlueprintId":{ "shape":"NonEmptyString", @@ -11143,7 +11383,7 @@ }, "tags":{ "shape":"TagList", - "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    The tag keys and optional values for the resource. For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "engine":{ "shape":"NonEmptyString", @@ -11440,7 +11680,7 @@ "documentation":"

    When true, this Boolean value indicates the primary session for the specified resource.

    " } }, - "documentation":"

    Describes a web-based, remote graphical user interface (GUI), NICE DCV session. The session is used to access a virtual computer’s operating system or application.

    " + "documentation":"

    Describes a web-based, remote graphical user interface (GUI), Amazon DCV session. The session is used to access a virtual computer’s operating system or application.

    " }, "Sessions":{ "type":"list", @@ -11908,7 +12148,7 @@ "documentation":"

    The value of the tag.

    Constraints: Tag values accept a maximum of 256 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @

    " } }, - "documentation":"

    Describes a tag key and optional value assigned to an Amazon Lightsail resource.

    For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " + "documentation":"

    Describes a tag key and optional value assigned to an Amazon Lightsail resource.

    For more information about tags in Lightsail, see the Amazon Lightsail Developer Guide.

    " }, "TagKey":{"type":"string"}, "TagKeyList":{ @@ -12016,8 +12256,7 @@ }, "UnpeerVpcRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "UnpeerVpcResult":{ "type":"structure", @@ -12107,6 +12346,10 @@ "accessLogConfig":{ "shape":"BucketAccessLogConfig", "documentation":"

    An object that describes the access log configuration for the bucket.

    " + }, + "cors":{ + "shape":"BucketCorsConfig", + "documentation":"

    Sets the cross-origin resource sharing (CORS) configuration for your bucket. If a CORS configuration exists, it is replaced with the specified configuration. For AWS CLI operations, this parameter can also be passed as a file. For more information, see Configuring cross-origin resource sharing (CORS).

    CORS information is only returned in a response when you update the CORS policy.

    " } } }, @@ -12149,7 +12392,7 @@ }, "privateRegistryAccess":{ "shape":"PrivateRegistryAccessRequest", - "documentation":"

    An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " + "documentation":"

    An object to describe the configuration for the container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories.

    For more information, see Configuring access to an Amazon ECR private repository for an Amazon Lightsail container service in the Amazon Lightsail Developer Guide.

    " } } }, @@ -12433,5 +12676,5 @@ "string":{"type":"string"}, "timestamp":{"type":"timestamp"} }, - "documentation":"

    Amazon Lightsail is the easiest way to get started with Amazon Web Services (Amazon Web Services) for developers who need to build websites or web applications. It includes everything you need to launch your project quickly - instances (virtual private servers), container services, storage buckets, managed databases, SSD-based block storage, static IP addresses, load balancers, content delivery network (CDN) distributions, DNS management of registered domains, and resource snapshots (backups) - for a low, predictable monthly price.

    You can manage your Lightsail resources using the Lightsail console, Lightsail API, Command Line Interface (CLI), or SDKs. For more information about Lightsail concepts and tasks, see the Amazon Lightsail Developer Guide.

    This API Reference provides detailed information about the actions, data types, parameters, and errors of the Lightsail service. For more information about the supported Amazon Web Services Regions, endpoints, and service quotas of the Lightsail service, see Amazon Lightsail Endpoints and Quotas in the Amazon Web Services General Reference.

    " + "documentation":"

    Amazon Lightsail is the easiest way to get started with Amazon Web Services (Amazon Web Services) for developers who need to build websites or web applications. It includes everything you need to launch your project quickly - instances (virtual private servers), container services, storage buckets, managed databases, SSD-based block storage, static IP addresses, load balancers, content delivery network (CDN) distributions, DNS management of registered domains, and resource snapshots (backups) - for a low, predictable monthly price.

    You can manage your Lightsail resources using the Lightsail console, Lightsail API, Command Line Interface (CLI), or SDKs. For more information about Lightsail concepts and tasks, see the Amazon Lightsail Developer Guide.

    This API Reference provides detailed information about the actions, data types, parameters, and errors of the Lightsail service. For more information about the supported Amazon Web Services Regions, endpoints, and service quotas of the Lightsail service, see Amazon Lightsail Endpoints and Quotas in the Amazon Web Services General Reference.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/location/2020-11-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/location/2020-11-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/location/2020-11-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/location/2020-11-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/location/2020-11-19/service-2.json 2.31.35-1/awscli/botocore/data/location/2020-11-19/service-2.json --- 2.23.6-1/awscli/botocore/data/location/2020-11-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/location/2020-11-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-11-19", + "auth":["aws.auth#sigv4"], "endpointPrefix":"geo", "protocol":"rest-json", "protocols":["rest-json"], @@ -23,8 +24,8 @@ "output":{"shape":"AssociateTrackerConsumerResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, @@ -107,7 +108,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Lists the latest device positions for requested devices.

    ", - "endpoint":{"hostPrefix":"tracking."} + "endpoint":{"hostPrefix":"tracking."}, + "readonly":true }, "BatchPutGeofence":{ "name":"BatchPutGeofence", @@ -163,8 +165,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Calculates a route given the following required parameters: DeparturePosition and DestinationPosition. Requires that you first create a route calculator resource.

    By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating the route.

    Additional options include:

    • Specifying a departure time using either DepartureTime or DepartNow. This calculates a route based on predictive traffic data at the given time.

      You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.

    • Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.

      If you specify walking for the travel mode and your data provider is Esri, the start and destination must be within 40km.
    ", - "endpoint":{"hostPrefix":"routes."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to CalculateRoutes or CalculateIsolines unless you require Grab data.

    • CalculateRoute is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 CalculateRoutes operation gives better results for point-to-point routing, while the version 2 CalculateIsolines operation adds support for calculating service areas and travel time envelopes.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    Calculates a route given the following required parameters: DeparturePosition and DestinationPosition. Requires that you first create a route calculator resource.

    By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating the route.

    Additional options include:

    • Specifying a departure time using either DepartureTime or DepartNow. This calculates a route based on predictive traffic data at the given time.

      You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.

    • Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.

      If you specify walking for the travel mode and your data provider is Esri, the start and destination must be within 40km.

    ", + "endpoint":{"hostPrefix":"routes."}, + "readonly":true }, "CalculateRouteMatrix":{ "name":"CalculateRouteMatrix", @@ -182,8 +185,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Calculates a route matrix given the following required parameters: DeparturePositions and DestinationPositions. CalculateRouteMatrix calculates routes and returns the travel time and travel distance from each departure position to each destination position in the request. For example, given departure positions A and B, and destination positions X and Y, CalculateRouteMatrix will return time and distance for routes from A to X, A to Y, B to X, and B to Y (in that order). The number of results returned (and routes calculated) will be the number of DeparturePositions times the number of DestinationPositions.

    Your account is charged for each route calculated, not the number of requests.

    Requires that you first create a route calculator resource.

    By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating routes.

    Additional options include:

    • Specifying a departure time using either DepartureTime or DepartNow. This calculates routes based on predictive traffic data at the given time.

      You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.

    • Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.

    ", - "endpoint":{"hostPrefix":"routes."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the V2 CalculateRouteMatrix unless you require Grab data.

    • This version of CalculateRouteMatrix is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 CalculateRouteMatrix operation gives better results for matrix routing calculations.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Calculates a route matrix given the following required parameters: DeparturePositions and DestinationPositions. CalculateRouteMatrix calculates routes and returns the travel time and travel distance from each departure position to each destination position in the request. For example, given departure positions A and B, and destination positions X and Y, CalculateRouteMatrix will return time and distance for routes from A to X, A to Y, B to X, and B to Y (in that order). The number of results returned (and routes calculated) will be the number of DeparturePositions times the number of DestinationPositions.

    Your account is charged for each route calculated, not the number of requests.

    Requires that you first create a route calculator resource.

    By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating routes.

    Additional options include:

    • Specifying a departure time using either DepartureTime or DepartNow. This calculates routes based on predictive traffic data at the given time.

      You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.

    • Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.

    ", + "endpoint":{"hostPrefix":"routes."}, + "readonly":true }, "CreateGeofenceCollection":{ "name":"CreateGeofenceCollection", @@ -223,7 +227,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates an API key resource in your Amazon Web Services account, which lets you grant actions for Amazon Location resources to the API key bearer.

    For more information, see Using API keys.

    ", + "documentation":"

    Creates an API key resource in your Amazon Web Services account, which lets you grant actions for Amazon Location resources to the API key bearer.

    For more information, see Use API keys to authenticate in the Amazon Location Service Developer Guide.

    ", "endpoint":{"hostPrefix":"cp.metadata."}, "idempotent":true }, @@ -244,7 +248,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates a map resource in your Amazon Web Services account, which provides map tiles of different styles sourced from global location data providers.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to the Maps API V2 unless you require Grab data.

    • CreateMap is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Maps API version 2 has a simplified interface that can be used without creating or managing map resources.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Creates a map resource in your Amazon Web Services account, which provides map tiles of different styles sourced from global location data providers.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", "endpoint":{"hostPrefix":"cp.maps."}, "idempotent":true }, @@ -265,7 +269,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates a place index resource in your Amazon Web Services account. Use a place index resource to geocode addresses and other text queries by using the SearchPlaceIndexForText operation, and reverse geocode coordinates by using the SearchPlaceIndexForPosition operation, and enable autosuggestions by using the SearchPlaceIndexForSuggestions operation.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Places API V2 unless you require Grab data.

    • CreatePlaceIndex is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Places API version 2 has a simplified interface that can be used without creating or managing place index resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Creates a place index resource in your Amazon Web Services account. Use a place index resource to geocode addresses and other text queries by using the SearchPlaceIndexForText operation, and reverse geocode coordinates by using the SearchPlaceIndexForPosition operation, and enable autosuggestions by using the SearchPlaceIndexForSuggestions operation.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", "endpoint":{"hostPrefix":"cp.places."}, "idempotent":true }, @@ -286,7 +290,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates a route calculator resource in your Amazon Web Services account.

    You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Routes API V2 unless you require Grab data.

    • CreateRouteCalculator is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Routes API version 2 has a simplified interface that can be used without creating or managing route calculator resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Creates a route calculator resource in your Amazon Web Services account.

    You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.

    If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.

    ", "endpoint":{"hostPrefix":"cp.routes."}, "idempotent":true }, @@ -347,7 +351,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Deletes the specified API key. The API key must have been deactivated more than 90 days previously.

    ", + "documentation":"

    Deletes the specified API key. The API key must have been deactivated more than 90 days previously.

    For more information, see Use API keys to authenticate in the Amazon Location Service Developer Guide.

    ", "endpoint":{"hostPrefix":"cp.metadata."}, "idempotent":true }, @@ -367,7 +371,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Deletes a map resource from your Amazon Web Services account.

    This operation deletes the resource permanently. If the map is being used in an application, the map may not render.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to the Maps API V2 unless you require Grab data.

    • DeleteMap is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Maps API version 2 has a simplified interface that can be used without creating or managing map resources.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Deletes a map resource from your Amazon Web Services account.

    This operation deletes the resource permanently. If the map is being used in an application, the map may not render.

    ", "endpoint":{"hostPrefix":"cp.maps."}, "idempotent":true }, @@ -387,7 +391,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Deletes a place index resource from your Amazon Web Services account.

    This operation deletes the resource permanently.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Places API V2 unless you require Grab data.

    • DeletePlaceIndex is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Places API version 2 has a simplified interface that can be used without creating or managing place index resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Deletes a place index resource from your Amazon Web Services account.

    This operation deletes the resource permanently.

    ", "endpoint":{"hostPrefix":"cp.places."}, "idempotent":true }, @@ -407,7 +411,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Deletes a route calculator resource from your Amazon Web Services account.

    This operation deletes the resource permanently.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Routes API V2 unless you require Grab data.

    • DeleteRouteCalculator is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Routes API version 2 has a simplified interface that can be used without creating or managing route calculator resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Deletes a route calculator resource from your Amazon Web Services account.

    This operation deletes the resource permanently.

    ", "endpoint":{"hostPrefix":"cp.routes."}, "idempotent":true }, @@ -448,7 +452,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Retrieves the geofence collection details.

    ", - "endpoint":{"hostPrefix":"cp.geofencing."} + "endpoint":{"hostPrefix":"cp.geofencing."}, + "readonly":true }, "DescribeKey":{ "name":"DescribeKey", @@ -466,8 +471,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the API key resource details.

    ", - "endpoint":{"hostPrefix":"cp.metadata."} + "documentation":"

    Retrieves the API key resource details.

    For more information, see Use API keys to authenticate in the Amazon Location Service Developer Guide.

    ", + "endpoint":{"hostPrefix":"cp.metadata."}, + "readonly":true }, "DescribeMap":{ "name":"DescribeMap", @@ -485,8 +491,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the map resource details.

    ", - "endpoint":{"hostPrefix":"cp.maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to the Maps API V2 unless you require Grab data.

    • DescribeMap is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Maps API version 2 has a simplified interface that can be used without creating or managing map resources.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Retrieves the map resource details.

    ", + "endpoint":{"hostPrefix":"cp.maps."}, + "readonly":true }, "DescribePlaceIndex":{ "name":"DescribePlaceIndex", @@ -504,8 +511,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the place index resource details.

    ", - "endpoint":{"hostPrefix":"cp.places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Places API V2 unless you require Grab data.

    • DescribePlaceIndex is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Places API version 2 has a simplified interface that can be used without creating or managing place index resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Retrieves the place index resource details.

    ", + "endpoint":{"hostPrefix":"cp.places."}, + "readonly":true }, "DescribeRouteCalculator":{ "name":"DescribeRouteCalculator", @@ -523,8 +531,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the route calculator resource details.

    ", - "endpoint":{"hostPrefix":"cp.routes."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Routes API V2 unless you require Grab data.

    • DescribeRouteCalculator is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Routes API version 2 has a simplified interface that can be used without creating or managing route calculator resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Retrieves the route calculator resource details.

    ", + "endpoint":{"hostPrefix":"cp.routes."}, + "readonly":true }, "DescribeTracker":{ "name":"DescribeTracker", @@ -543,7 +552,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Retrieves the tracker resource details.

    ", - "endpoint":{"hostPrefix":"cp.tracking."} + "endpoint":{"hostPrefix":"cp.tracking."}, + "readonly":true }, "DisassociateTrackerConsumer":{ "name":"DisassociateTrackerConsumer", @@ -580,8 +590,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Evaluates device positions against geofence geometries from a given geofence collection. The event forecasts three states for which a device can be in relative to a geofence:

    ENTER: If a device is outside of a geofence, but would breach the fence if the device is moving at its current speed within time horizon window.

    EXIT: If a device is inside of a geofence, but would breach the fence if the device is moving at its current speed within time horizon window.

    IDLE: If a device is inside of a geofence, and the device is not moving.

    ", - "endpoint":{"hostPrefix":"geofencing."} + "documentation":"

    This action forecasts future geofence events that are likely to occur within a specified time horizon if a device continues moving at its current speed. Each forecasted event is associated with a geofence from a provided geofence collection. A forecast event can have one of the following states:

    ENTER: The device position is outside the referenced geofence, but the device may cross into the geofence during the forecasting time horizon if it maintains its current speed.

    EXIT: The device position is inside the referenced geofence, but the device may leave the geofence during the forecasted time horizon if the device maintains it's current speed.

    IDLE:The device is inside the geofence, and it will remain inside the geofence through the end of the time horizon if the device maintains it's current speed.

    Heading direction is not considered in the current version. The API takes a conservative approach and includes events that can occur for any heading.

    ", + "endpoint":{"hostPrefix":"geofencing."}, + "readonly":true }, "GetDevicePosition":{ "name":"GetDevicePosition", @@ -600,7 +611,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Retrieves a device's most recent position according to its sample time.

    Device positions are deleted after 30 days.

    ", - "endpoint":{"hostPrefix":"tracking."} + "endpoint":{"hostPrefix":"tracking."}, + "readonly":true }, "GetDevicePositionHistory":{ "name":"GetDevicePositionHistory", @@ -619,7 +631,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Retrieves the device position history from a tracker resource within a specified range of time.

    Device positions are deleted after 30 days.

    ", - "endpoint":{"hostPrefix":"tracking."} + "endpoint":{"hostPrefix":"tracking."}, + "readonly":true }, "GetGeofence":{ "name":"GetGeofence", @@ -638,7 +651,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Retrieves the geofence details from a geofence collection.

    The returned geometry will always match the geometry format used when the geofence was created.

    ", - "endpoint":{"hostPrefix":"geofencing."} + "endpoint":{"hostPrefix":"geofencing."}, + "readonly":true }, "GetMapGlyphs":{ "name":"GetMapGlyphs", @@ -656,8 +670,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves glyphs used to display labels on a map.

    ", - "endpoint":{"hostPrefix":"maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to GetGlyphs unless you require Grab data.

    • GetMapGlyphs is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 GetGlyphs operation gives a better user experience and is compatible with the remainder of the V2 Maps API.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Retrieves glyphs used to display labels on a map.

    ", + "endpoint":{"hostPrefix":"maps."}, + "readonly":true }, "GetMapSprites":{ "name":"GetMapSprites", @@ -675,8 +690,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the sprite sheet corresponding to a map resource. The sprite sheet is a PNG image paired with a JSON document describing the offsets of individual icons that will be displayed on a rendered map.

    ", - "endpoint":{"hostPrefix":"maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to GetSprites unless you require Grab data.

    • GetMapSprites is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 GetSprites operation gives a better user experience and is compatible with the remainder of the V2 Maps API.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Retrieves the sprite sheet corresponding to a map resource. The sprite sheet is a PNG image paired with a JSON document describing the offsets of individual icons that will be displayed on a rendered map.

    ", + "endpoint":{"hostPrefix":"maps."}, + "readonly":true }, "GetMapStyleDescriptor":{ "name":"GetMapStyleDescriptor", @@ -694,8 +710,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves the map style descriptor from a map resource.

    The style descriptor contains specifications on how features render on a map. For example, what data to display, what order to display the data in, and the style for the data. Style descriptors follow the Mapbox Style Specification.

    ", - "endpoint":{"hostPrefix":"maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to GetStyleDescriptor unless you require Grab data.

    • GetMapStyleDescriptor is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 GetStyleDescriptor operation gives a better user experience and is compatible with the remainder of the V2 Maps API.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Retrieves the map style descriptor from a map resource.

    The style descriptor contains specifications on how features render on a map. For example, what data to display, what order to display the data in, and the style for the data. Style descriptors follow the Mapbox Style Specification.

    ", + "endpoint":{"hostPrefix":"maps."}, + "readonly":true }, "GetMapTile":{ "name":"GetMapTile", @@ -713,8 +730,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves a vector data tile from the map resource. Map tiles are used by clients to render a map. they're addressed using a grid arrangement with an X coordinate, Y coordinate, and Z (zoom) level.

    The origin (0, 0) is the top left of the map. Increasing the zoom level by 1 doubles both the X and Y dimensions, so a tile containing data for the entire world at (0/0/0) will be split into 4 tiles at zoom 1 (1/0/0, 1/0/1, 1/1/0, 1/1/1).

    ", - "endpoint":{"hostPrefix":"maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to GetTile unless you require Grab data.

    • GetMapTile is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 GetTile operation gives a better user experience and is compatible with the remainder of the V2 Maps API.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Retrieves a vector data tile from the map resource. Map tiles are used by clients to render a map. they're addressed using a grid arrangement with an X coordinate, Y coordinate, and Z (zoom) level.

    The origin (0, 0) is the top left of the map. Increasing the zoom level by 1 doubles both the X and Y dimensions, so a tile containing data for the entire world at (0/0/0) will be split into 4 tiles at zoom 1 (1/0/0, 1/0/1, 1/1/0, 1/1/1).

    ", + "endpoint":{"hostPrefix":"maps."}, + "readonly":true }, "GetPlace":{ "name":"GetPlace", @@ -732,8 +750,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Finds a place by its unique ID. A PlaceId is returned by other search operations.

    A PlaceId is valid only if all of the following are the same in the original search request and the call to GetPlace.

    • Customer Amazon Web Services account

    • Amazon Web Services Region

    • Data provider specified in the place index resource

    ", - "endpoint":{"hostPrefix":"places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the V2 GetPlace operation unless you require Grab data.

    • This version of GetPlace is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • Version 2 of the GetPlace operation interoperates with the rest of the Places V2 API, while this version does not.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Finds a place by its unique ID. A PlaceId is returned by other search operations.

    A PlaceId is valid only if all of the following are the same in the original search request and the call to GetPlace.

    • Customer Amazon Web Services account

    • Amazon Web Services Region

    • Data provider specified in the place index resource

    If your Place index resource is configured with Grab as your geolocation provider and Storage as Intended use, the GetPlace operation is unavailable. For more information, see AWS service terms.

    ", + "endpoint":{"hostPrefix":"places."}, + "readonly":true }, "ListDevicePositions":{ "name":"ListDevicePositions", @@ -751,7 +770,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    A batch request to retrieve all device positions.

    ", - "endpoint":{"hostPrefix":"tracking."} + "endpoint":{"hostPrefix":"tracking."}, + "readonly":true }, "ListGeofenceCollections":{ "name":"ListGeofenceCollections", @@ -769,7 +789,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Lists geofence collections in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.geofencing."} + "endpoint":{"hostPrefix":"cp.geofencing."}, + "readonly":true }, "ListGeofences":{ "name":"ListGeofences", @@ -788,7 +809,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Lists geofences stored in a given geofence collection.

    ", - "endpoint":{"hostPrefix":"geofencing."} + "endpoint":{"hostPrefix":"geofencing."}, + "readonly":true }, "ListKeys":{ "name":"ListKeys", @@ -805,8 +827,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Lists API key resources in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.metadata."} + "documentation":"

    Lists API key resources in your Amazon Web Services account.

    For more information, see Use API keys to authenticate in the Amazon Location Service Developer Guide.

    ", + "endpoint":{"hostPrefix":"cp.metadata."}, + "readonly":true }, "ListMaps":{ "name":"ListMaps", @@ -823,8 +846,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Lists map resources in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.maps."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to the Maps API V2 unless you require Grab data.

    • ListMaps is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Maps API version 2 has a simplified interface that can be used without creating or managing map resources.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Lists map resources in your Amazon Web Services account.

    ", + "endpoint":{"hostPrefix":"cp.maps."}, + "readonly":true }, "ListPlaceIndexes":{ "name":"ListPlaceIndexes", @@ -841,8 +865,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Lists place index resources in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Places API V2 unless you require Grab data.

    • ListPlaceIndexes is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Places API version 2 has a simplified interface that can be used without creating or managing place index resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Lists place index resources in your Amazon Web Services account.

    ", + "endpoint":{"hostPrefix":"cp.places."}, + "readonly":true }, "ListRouteCalculators":{ "name":"ListRouteCalculators", @@ -859,8 +884,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Lists route calculator resources in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.routes."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Routes API V2 unless you require Grab data.

    • ListRouteCalculators is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Routes API version 2 has a simplified interface that can be used without creating or managing route calculator resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Lists route calculator resources in your Amazon Web Services account.

    ", + "endpoint":{"hostPrefix":"cp.routes."}, + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -879,7 +905,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Returns a list of tags that are applied to the specified Amazon Location resource.

    ", - "endpoint":{"hostPrefix":"cp.metadata."} + "endpoint":{"hostPrefix":"cp.metadata."}, + "readonly":true }, "ListTrackerConsumers":{ "name":"ListTrackerConsumers", @@ -898,7 +925,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Lists geofence collections currently associated to the given tracker resource.

    ", - "endpoint":{"hostPrefix":"cp.tracking."} + "endpoint":{"hostPrefix":"cp.tracking."}, + "readonly":true }, "ListTrackers":{ "name":"ListTrackers", @@ -916,7 +944,8 @@ {"shape":"ThrottlingException"} ], "documentation":"

    Lists tracker resources in your Amazon Web Services account.

    ", - "endpoint":{"hostPrefix":"cp.tracking."} + "endpoint":{"hostPrefix":"cp.tracking."}, + "readonly":true }, "PutGeofence":{ "name":"PutGeofence", @@ -929,8 +958,8 @@ "output":{"shape":"PutGeofenceResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"} @@ -954,8 +983,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Reverse geocodes a given coordinate and returns a legible address. Allows you to search for Places or points of interest near a given position.

    ", - "endpoint":{"hostPrefix":"places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to ReverseGeocode or SearchNearby unless you require Grab data.

    • SearchPlaceIndexForPosition is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 ReverseGeocode operation gives better results in the address reverse-geocoding use case, while the version 2 SearchNearby operation gives better results when searching for businesses and points of interest near a specific location.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    Reverse geocodes a given coordinate and returns a legible address. Allows you to search for Places or points of interest near a given position.

    ", + "endpoint":{"hostPrefix":"places."}, + "readonly":true }, "SearchPlaceIndexForSuggestions":{ "name":"SearchPlaceIndexForSuggestions", @@ -973,8 +1003,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Generates suggestions for addresses and points of interest based on partial or misspelled free-form text. This operation is also known as autocomplete, autosuggest, or fuzzy matching.

    Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.

    You can search for suggested place names near a specified position by using BiasPosition, or filter results within a bounding box by using FilterBBox. These parameters are mutually exclusive; using both BiasPosition and FilterBBox in the same command returns an error.

    ", - "endpoint":{"hostPrefix":"places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to Suggest or Autocomplete unless you require Grab data.

    • SearchPlaceIndexForSuggestions is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 Suggest operation gives better results for typeahead place search suggestions with fuzzy matching, while the version 2 Autocomplete operation gives better results for address completion based on partial input.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    Generates suggestions for addresses and points of interest based on partial or misspelled free-form text. This operation is also known as autocomplete, autosuggest, or fuzzy matching.

    Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.

    You can search for suggested place names near a specified position by using BiasPosition, or filter results within a bounding box by using FilterBBox. These parameters are mutually exclusive; using both BiasPosition and FilterBBox in the same command returns an error.

    ", + "endpoint":{"hostPrefix":"places."}, + "readonly":true }, "SearchPlaceIndexForText":{ "name":"SearchPlaceIndexForText", @@ -992,8 +1023,9 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Geocodes free-form text, such as an address, name, city, or region to allow you to search for Places or points of interest.

    Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.

    You can search for places near a given position using BiasPosition, or filter results within a bounding box using FilterBBox. Providing both parameters simultaneously returns an error.

    Search results are returned in order of highest to lowest relevance.

    ", - "endpoint":{"hostPrefix":"places."} + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to Geocode or SearchText unless you require Grab data.

    • SearchPlaceIndexForText is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The version 2 Geocode operation gives better results in the address geocoding use case, while the version 2 SearchText operation gives better results when searching for businesses and points of interest.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    Geocodes free-form text, such as an address, name, city, or region to allow you to search for Places or points of interest.

    Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.

    You can search for places near a given position using BiasPosition, or filter results within a bounding box using FilterBBox. Providing both parameters simultaneously returns an error.

    Search results are returned in order of highest to lowest relevance.

    ", + "endpoint":{"hostPrefix":"places."}, + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -1090,7 +1122,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Updates the specified properties of a given map resource.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend upgrading to the Maps API V2 unless you require Grab data.

    • UpdateMap is part of a previous Amazon Location Service Maps API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Maps API version 2 has a simplified interface that can be used without creating or managing map resources.

    • If you are using an AWS SDK or the AWS CLI, note that the Maps API version 2 is found under geo-maps or geo_maps, not under location.

    • Since Grab is not yet fully supported in Maps API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Maps V2 API Reference or the Developer Guide.

    Updates the specified properties of a given map resource.

    ", "endpoint":{"hostPrefix":"cp.maps."}, "idempotent":true }, @@ -1110,7 +1142,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Updates the specified properties of a given place index resource.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Places API V2 unless you require Grab data.

    • UpdatePlaceIndex is part of a previous Amazon Location Service Places API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Places API version 2 has a simplified interface that can be used without creating or managing place index resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Places API version 2 is found under geo-places or geo_places, not under location.

    • Since Grab is not yet fully supported in Places API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Places V2 API Reference or the Developer Guide.

    Updates the specified properties of a given place index resource.

    ", "endpoint":{"hostPrefix":"cp.places."}, "idempotent":true }, @@ -1130,7 +1162,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Updates the specified properties for a given route calculator resource.

    ", + "documentation":"

    This operation is no longer current and may be deprecated in the future. We recommend you upgrade to the Routes API V2 unless you require Grab data.

    • UpdateRouteCalculator is part of a previous Amazon Location Service Routes API (version 1) which has been superseded by a more intuitive, powerful, and complete API (version 2).

    • The Routes API version 2 has a simplified interface that can be used without creating or managing route calculator resources.

    • If you are using an Amazon Web Services SDK or the Amazon Web Services CLI, note that the Routes API version 2 is found under geo-routes or geo_routes, not under location.

    • Since Grab is not yet fully supported in Routes API version 2, we recommend you continue using API version 1 when using Grab.

    • Start your version 2 API journey with the Routes V2 API Reference or the Developer Guide.

    Updates the specified properties for a given route calculator resource.

    ", "endpoint":{"hostPrefix":"cp.routes."}, "idempotent":true }, @@ -1170,7 +1202,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Verifies the integrity of the device's position by determining if it was reported behind a proxy, and by comparing it to an inferred position estimated based on the device's state.

    ", + "documentation":"

    Verifies the integrity of the device's position by determining if it was reported behind a proxy, and by comparing it to an inferred position estimated based on the device's state.

    The Location Integrity SDK provides enhanced features related to device verification, and it is available for use by request. To get access to the SDK, contact Sales Support.

    ", "endpoint":{"hostPrefix":"tracking."} } }, @@ -1191,6 +1223,30 @@ }, "exception":true }, + "AndroidApp":{ + "type":"structure", + "required":[ + "Package", + "CertificateFingerprint" + ], + "members":{ + "Package":{ + "shape":"AndroidPackageName", + "documentation":"

    Unique package name for an Android app.

    " + }, + "CertificateFingerprint":{ + "shape":"Sha1CertificateFingerprint", + "documentation":"

    20 byte SHA-1 certificate fingerprint associated with the Android app signing certificate.

    " + } + }, + "documentation":"

    Unique identifying information for an Android app. Consists of a package name and a 20 byte SHA-1 certificate fingerprint.

    " + }, + "AndroidPackageName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"([A-Za-z][A-Za-z\\d_]*\\.)+[A-Za-z][A-Za-z\\d_]*" + }, "ApiKey":{ "type":"string", "max":1000, @@ -1222,7 +1278,7 @@ "members":{ "AllowActions":{ "shape":"ApiKeyRestrictionsAllowActionsList", - "documentation":"

    A list of allowed actions that an API key resource grants permissions to perform. You must have at least one action for each type of resource. For example, if you have a place resource, you must include at least one place action.

    The following are valid values for the actions.

    • Map actions

      • geo:GetMap* - Allows all actions needed for map rendering.

    • Place actions

      • geo:SearchPlaceIndexForText - Allows geocoding.

      • geo:SearchPlaceIndexForPosition - Allows reverse geocoding.

      • geo:SearchPlaceIndexForSuggestions - Allows generating suggestions from text.

      • GetPlace - Allows finding a place by place ID.

    • Route actions

      • geo:CalculateRoute - Allows point to point routing.

      • geo:CalculateRouteMatrix - Allows calculating a matrix of routes.

    You must use these strings exactly. For example, to provide access to map rendering, the only valid action is geo:GetMap* as an input to the list. [\"geo:GetMap*\"] is valid but [\"geo:GetMapTile\"] is not. Similarly, you cannot use [\"geo:SearchPlaceIndexFor*\"] - you must list each of the Place actions separately.

    " + "documentation":"

    A list of allowed actions that an API key resource grants permissions to perform. You must have at least one action for each type of resource. For example, if you have a place resource, you must include at least one place action.

    The following are valid values for the actions.

    • Map actions

      • geo:GetMap* - Allows all actions needed for map rendering.

      • geo-maps:GetTile - Allows retrieving map tiles.

      • geo-maps:GetStaticMap - Allows retrieving static map images.

      • geo-maps:* - Allows all actions related to map functionalities.

    • Place actions

      • geo:SearchPlaceIndexForText - Allows geocoding.

      • geo:SearchPlaceIndexForPosition - Allows reverse geocoding.

      • geo:SearchPlaceIndexForSuggestions - Allows generating suggestions from text.

      • GetPlace - Allows finding a place by place ID.

      • geo-places:Geocode - Allows geocoding using place information.

      • geo-places:ReverseGeocode - Allows reverse geocoding from location coordinates.

      • geo-places:SearchNearby - Allows searching for places near a location.

      • geo-places:SearchText - Allows searching for places based on text input.

      • geo-places:Autocomplete - Allows auto-completion of place names based on text input.

      • geo-places:Suggest - Allows generating suggestions for places based on partial input.

      • geo-places:GetPlace - Allows finding a place by its ID.

      • geo-places:* - Allows all actions related to place services.

    • Route actions

      • geo:CalculateRoute - Allows point to point routing.

      • geo:CalculateRouteMatrix - Allows calculating a matrix of routes.

      • geo-routes:CalculateRoutes - Allows calculating multiple routes between points.

      • geo-routes:CalculateRouteMatrix - Allows calculating a matrix of routes between points.

      • geo-routes:CalculateIsolines - Allows calculating isolines for a given area.

      • geo-routes:OptimizeWaypoints - Allows optimizing the order of waypoints in a route.

      • geo-routes:SnapToRoads - Allows snapping a route to the nearest roads.

      • geo-routes:* - Allows all actions related to routing functionalities.

    You must use these strings exactly. For example, to provide access to map rendering, the only valid action is geo:GetMap* as an input to the list. [\"geo:GetMap*\"] is valid but [\"geo:GetMapTile\"] is not. Similarly, you cannot use [\"geo:SearchPlaceIndexFor*\"] - you must list each of the Place actions separately.

    " }, "AllowResources":{ "shape":"ApiKeyRestrictionsAllowResourcesList", @@ -1231,6 +1287,14 @@ "AllowReferers":{ "shape":"ApiKeyRestrictionsAllowReferersList", "documentation":"

    An optional list of allowed HTTP referers for which requests must originate from. Requests using this API key from other domains will not be allowed.

    Requirements:

    • Contain only alphanumeric characters (A–Z, a–z, 0–9) or any symbols in this list $\\-._+!*`(),;/?:@=&

    • May contain a percent (%) if followed by 2 hexadecimal digits (A-F, a-f, 0-9); this is used for URL encoding purposes.

    • May contain wildcard characters question mark (?) and asterisk (*).

      Question mark (?) will replace any single character (including hexadecimal digits).

      Asterisk (*) will replace any multiple characters (including multiple hexadecimal digits).

    • No spaces allowed. For example, https://example.com.

    " + }, + "AllowAndroidApps":{ + "shape":"ApiKeyRestrictionsAllowAndroidAppsList", + "documentation":"

    An optional list of allowed Android applications for which requests must originate from. Requests using this API key from other sources will not be allowed.

    " + }, + "AllowAppleApps":{ + "shape":"ApiKeyRestrictionsAllowAppleAppsList", + "documentation":"

    An optional list of allowed Apple applications for which requests must originate from. Requests using this API key from other sources will not be allowed.

    " } }, "documentation":"

    API Restrictions on the allowed actions, resources, and referers for an API key resource.

    " @@ -1238,21 +1302,50 @@ "ApiKeyRestrictionsAllowActionsList":{ "type":"list", "member":{"shape":"ApiKeyAction"}, - "max":7, + "max":24, "min":1 }, + "ApiKeyRestrictionsAllowAndroidAppsList":{ + "type":"list", + "member":{"shape":"AndroidApp"}, + "max":5, + "min":0 + }, + "ApiKeyRestrictionsAllowAppleAppsList":{ + "type":"list", + "member":{"shape":"AppleApp"}, + "max":5, + "min":0 + }, "ApiKeyRestrictionsAllowReferersList":{ "type":"list", "member":{"shape":"RefererPattern"}, "max":5, - "min":1 + "min":0 }, "ApiKeyRestrictionsAllowResourcesList":{ "type":"list", "member":{"shape":"GeoArnV2"}, - "max":5, + "max":8, "min":1 }, + "AppleApp":{ + "type":"structure", + "required":["BundleId"], + "members":{ + "BundleId":{ + "shape":"AppleBundleId", + "documentation":"

    The unique identifier of the app across all Apple platforms (iOS, macOS, tvOS, watchOS, etc.)

    " + } + }, + "documentation":"

    Unique identifying information for an Apple app (iOS, macOS, tvOS and watchOS). Consists of an Apple Bundle ID.

    " + }, + "AppleBundleId":{ + "type":"string", + "max":155, + "min":1, + "pattern":"[A-Za-z0-9\\-]+(\\.[A-Za-z0-9\\-]+)+" + }, "Arn":{ "type":"string", "max":1600, @@ -1284,12 +1377,11 @@ }, "AssociateTrackerConsumerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Base64EncodedGeobuf":{ "type":"blob", - "max":600000, + "max":700000, "min":0, "sensitive":true }, @@ -1620,7 +1712,7 @@ }, "Geometry":{ "shape":"GeofenceGeometry", - "documentation":"

    Contains the details to specify the position of the geofence. Can be a polygon, a circle or a polygon encoded in Geobuf format. Including multiple selections will return a validation error.

    The geofence polygon format supports a maximum of 1,000 vertices. The Geofence geobuf format supports a maximum of 100,000 vertices.

    " + "documentation":"

    Contains the details to specify the position of the geofence. Can be a circle, a polygon, or a multipolygon. Polygon and MultiPolygon geometries can be defined using their respective parameters, or encoded in Geobuf format using the Geobuf parameter. Including multiple geometry types in the same request will return a validation error.

    The geofence Polygon and MultiPolygon formats support a maximum of 1,000 total vertices. The Geobuf format supports a maximum of 100,000 vertices.

    " }, "GeofenceProperties":{ "shape":"PropertyMap", @@ -1751,11 +1843,11 @@ "type":"structure", "members":{ "AvoidFerries":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids ferries when calculating routes.

    Default Value: false

    Valid Values: false | true

    " }, "AvoidTolls":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids tolls when calculating routes.

    Default Value: false

    Valid Values: false | true

    " } }, @@ -1777,22 +1869,22 @@ }, "DeparturePositions":{ "shape":"CalculateRouteMatrixRequestDeparturePositionsList", - "documentation":"

    The list of departure (origin) positions for the route matrix. An array of points, each of which is itself a 2-value array defined in WGS 84 format: [longitude, latitude]. For example, [-123.115, 49.285].

    Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See Position restrictions in the Amazon Location Service Developer Guide.

    For route calculators that use Esri as the data provider, if you specify a departure that's not located on a road, Amazon Location moves the position to the nearest road. The snapped value is available in the result in SnappedDeparturePositions.

    Valid Values: [-180 to 180,-90 to 90]

    " + "documentation":"

    The list of departure (origin) positions for the route matrix. An array of points, each of which is itself a 2-value array defined in WGS 84 format: [longitude, latitude]. For example, [-123.115, 49.285].

    Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See Position restrictions in the Amazon Location Service Developer Guide.

    For route calculators that use Esri as the data provider, if you specify a departure that's not located on a road, Amazon Location moves the position to the nearest road. The snapped value is available in the result in SnappedDeparturePositions.

    Valid Values: [-180 to 180,-90 to 90]

    " }, "DestinationPositions":{ "shape":"CalculateRouteMatrixRequestDestinationPositionsList", - "documentation":"

    The list of destination positions for the route matrix. An array of points, each of which is itself a 2-value array defined in WGS 84 format: [longitude, latitude]. For example, [-122.339, 47.615]

    Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See Position restrictions in the Amazon Location Service Developer Guide.

    For route calculators that use Esri as the data provider, if you specify a destination that's not located on a road, Amazon Location moves the position to the nearest road. The snapped value is available in the result in SnappedDestinationPositions.

    Valid Values: [-180 to 180,-90 to 90]

    " + "documentation":"

    The list of destination positions for the route matrix. An array of points, each of which is itself a 2-value array defined in WGS 84 format: [longitude, latitude]. For example, [-122.339, 47.615]

    Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See Position restrictions in the Amazon Location Service Developer Guide.

    For route calculators that use Esri as the data provider, if you specify a destination that's not located on a road, Amazon Location moves the position to the nearest road. The snapped value is available in the result in SnappedDestinationPositions.

    Valid Values: [-180 to 180,-90 to 90]

    " }, "TravelMode":{ "shape":"TravelMode", - "documentation":"

    Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility.

    The TravelMode you specify also determines how you specify route preferences:

    • If traveling by Car use the CarModeOptions parameter.

    • If traveling by Truck use the TruckModeOptions parameter.

    Bicycle or Motorcycle are only valid when using Grab as a data provider, and only within Southeast Asia.

    Truck is not available for Grab.

    For more information about using Grab as a data provider, see GrabMaps in the Amazon Location Service Developer Guide.

    Default Value: Car

    " + "documentation":"

    Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility.

    The TravelMode you specify also determines how you specify route preferences:

    • If traveling by Car use the CarModeOptions parameter.

    • If traveling by Truck use the TruckModeOptions parameter.

    Bicycle or Motorcycle are only valid when using Grab as a data provider, and only within Southeast Asia.

    Truck is not available for Grab.

    For more information about using Grab as a data provider, see GrabMaps in the Amazon Location Service Developer Guide.

    Default Value: Car

    " }, "DepartureTime":{ "shape":"Timestamp", "documentation":"

    Specifies the desired time of departure. Uses the given time to calculate the route matrix. You can't set both DepartureTime and DepartNow. If neither is set, the best time of day to travel with the best traffic conditions is used to calculate the route matrix.

    Setting a departure time in the past returns a 400 ValidationException error.

    • In ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ. For example, 2020–07-2T12:15:20.000Z+01:00

    " }, "DepartNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Sets the time of departure as the current time. Uses the current time to calculate the route matrix. You can't set both DepartureTime and DepartNow. If neither is set, the best time of day to travel with the best traffic conditions is used to calculate the route matrix.

    Default Value: false

    Valid Values: false | true

    " }, "DistanceUnit":{ @@ -1809,7 +1901,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -1876,7 +1968,7 @@ "members":{ "DataSource":{ "shape":"String", - "documentation":"

    The data provider of traffic and road network data used to calculate the routes. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of traffic and road network data used to calculate the routes. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "RouteCount":{ "shape":"CalculateRouteMatrixSummaryRouteCountInteger", @@ -1921,26 +2013,26 @@ }, "DeparturePosition":{ "shape":"Position", - "documentation":"

    The start position for the route. Defined in World Geodetic System (WGS 84) format: [longitude, latitude].

    • For example, [-123.115, 49.285]

    If you specify a departure that's not located on a road, Amazon Location moves the position to the nearest road. If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a 400 RoutesValidationException error.

    Valid Values: [-180 to 180,-90 to 90]

    " + "documentation":"

    The start position for the route. Defined in World Geodetic System (WGS 84) format: [longitude, latitude].

    • For example, [-123.115, 49.285]

    If you specify a departure that's not located on a road, Amazon Location moves the position to the nearest road. If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a 400 RoutesValidationException error.

    Valid Values: [-180 to 180,-90 to 90]

    " }, "DestinationPosition":{ "shape":"Position", - "documentation":"

    The finish position for the route. Defined in World Geodetic System (WGS 84) format: [longitude, latitude].

    • For example, [-122.339, 47.615]

    If you specify a destination that's not located on a road, Amazon Location moves the position to the nearest road.

    Valid Values: [-180 to 180,-90 to 90]

    " + "documentation":"

    The finish position for the route. Defined in World Geodetic System (WGS 84) format: [longitude, latitude].

    • For example, [-122.339, 47.615]

    If you specify a destination that's not located on a road, Amazon Location moves the position to the nearest road.

    Valid Values: [-180 to 180,-90 to 90]

    " }, "WaypointPositions":{ "shape":"CalculateRouteRequestWaypointPositionsList", - "documentation":"

    Specifies an ordered list of up to 23 intermediate positions to include along a route between the departure position and destination position.

    • For example, from the DeparturePosition [-123.115, 49.285], the route follows the order that the waypoint positions are given [[-122.757, 49.0021],[-122.349, 47.620]]

    If you specify a waypoint position that's not located on a road, Amazon Location moves the position to the nearest road.

    Specifying more than 23 waypoints returns a 400 ValidationException error.

    If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a 400 RoutesValidationException error.

    Valid Values: [-180 to 180,-90 to 90]

    " + "documentation":"

    Specifies an ordered list of up to 23 intermediate positions to include along a route between the departure position and destination position.

    • For example, from the DeparturePosition [-123.115, 49.285], the route follows the order that the waypoint positions are given [[-122.757, 49.0021],[-122.349, 47.620]]

    If you specify a waypoint position that's not located on a road, Amazon Location moves the position to the nearest road.

    Specifying more than 23 waypoints returns a 400 ValidationException error.

    If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a 400 RoutesValidationException error.

    Valid Values: [-180 to 180,-90 to 90]

    " }, "TravelMode":{ "shape":"TravelMode", - "documentation":"

    Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility. You can choose Car, Truck, Walking, Bicycle or Motorcycle as options for the TravelMode.

    Bicycle and Motorcycle are only valid when using Grab as a data provider, and only within Southeast Asia.

    Truck is not available for Grab.

    For more details on the using Grab for routing, including areas of coverage, see GrabMaps in the Amazon Location Service Developer Guide.

    The TravelMode you specify also determines how you specify route preferences:

    • If traveling by Car use the CarModeOptions parameter.

    • If traveling by Truck use the TruckModeOptions parameter.

    Default Value: Car

    " + "documentation":"

    Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility. You can choose Car, Truck, Walking, Bicycle or Motorcycle as options for the TravelMode.

    Bicycle and Motorcycle are only valid when using Grab as a data provider, and only within Southeast Asia.

    Truck is not available for Grab.

    For more details on the using Grab for routing, including areas of coverage, see GrabMaps in the Amazon Location Service Developer Guide.

    The TravelMode you specify also determines how you specify route preferences:

    • If traveling by Car use the CarModeOptions parameter.

    • If traveling by Truck use the TruckModeOptions parameter.

    Default Value: Car

    " }, "DepartureTime":{ "shape":"Timestamp", "documentation":"

    Specifies the desired time of departure. Uses the given time to calculate the route. Otherwise, the best time of day to travel with the best traffic conditions is used to calculate the route.

    • In ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ. For example, 2020–07-2T12:15:20.000Z+01:00

    " }, "DepartNow":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Sets the time of departure as the current time. Uses the current time to calculate a route. Otherwise, the best time of day to travel with the best traffic conditions is used to calculate the route.

    Default Value: false

    Valid Values: false | true

    " }, "DistanceUnit":{ @@ -1948,7 +2040,7 @@ "documentation":"

    Set the unit system to specify the distance.

    Default Value: Kilometers

    " }, "IncludeLegGeometry":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Set to include the geometry details in the result for each path between a pair of positions.

    Default Value: false

    Valid Values: false | true

    " }, "CarModeOptions":{ @@ -1969,7 +2061,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -1990,7 +2082,7 @@ "members":{ "Legs":{ "shape":"LegList", - "documentation":"

    Contains details about each path between a pair of positions included along a route such as: StartPosition, EndPosition, Distance, DurationSeconds, Geometry, and Steps. The number of legs returned corresponds to one fewer than the total number of positions in the request.

    For example, a route with a departure position and destination position returns one leg with the positions snapped to a nearby road:

    • The StartPosition is the departure position.

    • The EndPosition is the destination position.

    A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:

    • Leg 1: The StartPosition is the departure position . The EndPosition is the waypoint positon.

    • Leg 2: The StartPosition is the waypoint position. The EndPosition is the destination position.

    " + "documentation":"

    Contains details about each path between a pair of positions included along a route such as: StartPosition, EndPosition, Distance, DurationSeconds, Geometry, and Steps. The number of legs returned corresponds to one fewer than the total number of positions in the request.

    For example, a route with a departure position and destination position returns one leg with the positions snapped to a nearby road:

    • The StartPosition is the departure position.

    • The EndPosition is the destination position.

    A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:

    • Leg 1: The StartPosition is the departure position . The EndPosition is the waypoint positon.

    • Leg 2: The StartPosition is the waypoint position. The EndPosition is the destination position.

    " }, "Summary":{ "shape":"CalculateRouteSummary", @@ -2015,7 +2107,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The data provider of traffic and road network data used to calculate the route. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of traffic and road network data used to calculate the route. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "Distance":{ "shape":"CalculateRouteSummaryDistanceDouble", @@ -2035,22 +2127,24 @@ "CalculateRouteSummaryDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "CalculateRouteSummaryDurationSecondsDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "CalculateRouteTruckModeOptions":{ "type":"structure", "members":{ "AvoidFerries":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids ferries when calculating routes.

    Default Value: false

    Valid Values: false | true

    " }, "AvoidTolls":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    Avoids tolls when calculating routes.

    Default Value: false

    Valid Values: false | true

    " }, "Dimensions":{ @@ -2093,7 +2187,7 @@ "documentation":"

    A single point geometry, specifying the center of the circle, using WGS 84 coordinates, in the form [longitude, latitude].

    " }, "Radius":{ - "shape":"Double", + "shape":"SensitiveDouble", "documentation":"

    The radius of the circle in meters. Must be greater than zero and no larger than 100,000 (100 kilometers).

    " } }, @@ -2120,13 +2214,15 @@ "type":"string", "max":3, "min":3, - "pattern":"[A-Z]{3}" + "pattern":"[A-Z]{3}", + "sensitive":true }, "CountryCode3OrEmpty":{ "type":"string", "max":3, "min":0, - "pattern":"[A-Z]{3}$|^" + "pattern":"[A-Z]{3}$|^", + "sensitive":true }, "CountryCodeList":{ "type":"list", @@ -2146,13 +2242,15 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    This parameter is no longer used.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. No longer allowed." + "deprecatedMessage":"Deprecated. No longer allowed.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2234,7 +2332,7 @@ "members":{ "Key":{ "shape":"ApiKey", - "documentation":"

    The key value/string of an API key. This value is used when making API calls to authorize the call. For example, see GetMapGlyphs.

    " + "documentation":"

    The key value/string of an API key. This value is used when making API calls to authorize the call. For example, see GetMapGlyphs.

    " }, "KeyArn":{ "shape":"Arn", @@ -2269,7 +2367,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2316,13 +2415,14 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    Specifies the geospatial data provider for the new place index.

    This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.

    Valid values include:

    For additional information , see Data providers on the Amazon Location Service Developer Guide.

    " + "documentation":"

    Specifies the geospatial data provider for the new place index.

    This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.

    Valid values include:

    For additional information , see Data providers on the Amazon Location Service developer guide.

    " }, "PricingPlan":{ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2373,13 +2473,14 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    Specifies the data provider of traffic and road network data.

    This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.

    Valid values include:

    For additional information , see Data providers on the Amazon Location Service Developer Guide.

    " + "documentation":"

    Specifies the data provider of traffic and road network data.

    This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.

    Valid values include:

    For additional information , see Data providers on the Amazon Location Service Developer Guide.

    " }, "PricingPlan":{ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2425,7 +2526,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "KmsKeyId":{ "shape":"KmsKeyId", @@ -2435,7 +2537,8 @@ "shape":"String", "documentation":"

    This parameter is no longer used.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. No longer allowed." + "deprecatedMessage":"Deprecated. No longer allowed.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2517,8 +2620,7 @@ }, "DeleteGeofenceCollectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKeyRequest":{ "type":"structure", @@ -2540,8 +2642,7 @@ }, "DeleteKeyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMapRequest":{ "type":"structure", @@ -2557,8 +2658,7 @@ }, "DeleteMapResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePlaceIndexRequest":{ "type":"structure", @@ -2574,8 +2674,7 @@ }, "DeletePlaceIndexResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRouteCalculatorRequest":{ "type":"structure", @@ -2591,8 +2690,7 @@ }, "DeleteRouteCalculatorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrackerRequest":{ "type":"structure", @@ -2608,8 +2706,7 @@ }, "DeleteTrackerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeGeofenceCollectionRequest":{ "type":"structure", @@ -2649,13 +2746,15 @@ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    No longer used. Always returns an empty string.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Unused." + "deprecatedMessage":"Deprecated. Unused.", + "deprecatedSince":"2022-02-01" }, "KmsKeyId":{ "shape":"KmsKeyId", @@ -2779,7 +2878,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "DataSource":{ "shape":"String", @@ -2843,7 +2943,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2859,7 +2960,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The data provider of geospatial data. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of geospatial data. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "DataSourceConfiguration":{ "shape":"DataSourceConfiguration", @@ -2906,7 +3007,8 @@ "shape":"PricingPlan", "documentation":"

    Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -2922,7 +3024,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The data provider of traffic and road network data. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of traffic and road network data. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "Tags":{ "shape":"TagMap", @@ -2968,13 +3070,15 @@ "shape":"PricingPlan", "documentation":"

    Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    No longer used. Always returns an empty string.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Unused." + "deprecatedMessage":"Deprecated. Unused.", + "deprecatedSince":"2022-02-01" }, "Tags":{ "shape":"TagMap", @@ -3035,7 +3139,7 @@ "documentation":"

    The accuracy of the device position.

    " }, "PositionProperties":{ - "shape":"PropertyMap", + "shape":"PositionPropertyMap", "documentation":"

    The properties associated with the position.

    " } }, @@ -3070,7 +3174,7 @@ "documentation":"

    The accuracy of the device position.

    " }, "PositionProperties":{ - "shape":"PropertyMap", + "shape":"PositionPropertyMap", "documentation":"

    Associates one of more properties with the position update. A property is a key-value pair stored with the position update and added to any geofence event the update may trigger.

    Format: \"key\" : \"value\"

    " } }, @@ -3146,8 +3250,7 @@ }, "DisassociateTrackerConsumerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DistanceUnit":{ "type":"string", @@ -3189,7 +3292,7 @@ "documentation":"

    The device's speed.

    " } }, - "documentation":"

    The device's position, IP address, and WiFi access points.

    " + "documentation":"

    The device's position and speed.

    " }, "ForecastGeofenceEventsDeviceStateSpeedDouble":{ "type":"double", @@ -3211,11 +3314,11 @@ }, "DeviceState":{ "shape":"ForecastGeofenceEventsDeviceState", - "documentation":"

    The device's state, including current position and speed.

    " + "documentation":"

    Represents the device's state, including its current position and speed. When speed is omitted, this API performs a containment check. The containment check operation returns IDLE events for geofences where the device is currently inside of, but no other events.

    " }, "TimeHorizonMinutes":{ "shape":"ForecastGeofenceEventsRequestTimeHorizonMinutesDouble", - "documentation":"

    Specifies the time horizon in minutes for the forecasted events.

    " + "documentation":"

    The forward-looking time window for forecasting, specified in minutes. The API only returns events that are predicted to occur within this time horizon. When no value is specified, this API performs a containment check. The containment check operation returns IDLE events for geofences where the device is currently inside of, but no other events.

    " }, "DistanceUnit":{ "shape":"DistanceUnit", @@ -3341,8 +3444,8 @@ "type":"structure", "members":{ "Polygon":{ - "shape":"LinearRings", - "documentation":"

    A polygon is a list of linear rings which are each made up of a list of vertices.

    Each vertex is a 2-dimensional point of the form: [longitude, latitude]. This is represented as an array of doubles of length 2 (so [double, double]).

    An array of 4 or more vertices, where the first and last vertex are the same (to form a closed boundary), is called a linear ring. The linear ring vertices must be listed in counter-clockwise order around the ring’s interior. The linear ring is represented as an array of vertices, or an array of arrays of doubles ([[double, double], ...]).

    A geofence consists of a single linear ring. To allow for future expansion, the Polygon parameter takes an array of linear rings, which is represented as an array of arrays of arrays of doubles ([[[double, double], ...], ...]).

    A linear ring for use in geofences can consist of between 4 and 1,000 vertices.

    " + "shape":"GeofenceGeometryPolygonList", + "documentation":"

    A Polygon is a list of up to 250 linear rings which represent the shape of a geofence. This list must include 1 exterior ring (representing the outer perimeter of the geofence), and can optionally include up to 249 interior rings (representing polygonal spaces within the perimeter, which are excluded from the geofence area).

    A linear ring is an array of 4 or more vertices, where the first and last vertex are the same (to form a closed boundary). Each vertex is a 2-dimensional point represented as an array of doubles of length 2: [longitude, latitude].

    Each linear ring is represented as an array of arrays of doubles ([[longitude, latitude], [longitude, latitude], ...]). The vertices for the exterior ring must be listed in counter-clockwise sequence. Vertices for all interior rings must be listed in clockwise sequence.

    The list of linear rings that describe the entire Polygon is represented as an array of arrays of arrays of doubles ([[[longitude, latitude], [longitude, latitude], ...], [[longitude, latitude], [longitude, latitude], ...], ...]). The exterior ring must be listed first, before any interior rings.

    The following additional requirements and limitations apply to geometries defined using the Polygon parameter:

    • The entire Polygon must consist of no more than 1,000 vertices, including all vertices from the exterior ring and all interior rings.

    • Rings must not touch or cross each other.

    • All interior rings must be fully contained within the exterior ring.

    • Interior rings must not contain other interior rings.

    • No ring is permitted to intersect itself.

    " }, "Circle":{ "shape":"Circle", @@ -3350,10 +3453,26 @@ }, "Geobuf":{ "shape":"Base64EncodedGeobuf", - "documentation":"

    Geobuf is a compact binary encoding for geographic data that provides lossless compression of GeoJSON polygons. The Geobuf must be Base64-encoded.

    A polygon in Geobuf format can have up to 100,000 vertices.

    " + "documentation":"

    Geobuf is a compact binary encoding for geographic data that provides lossless compression of GeoJSON polygons. The Geobuf must be Base64-encoded.

    This parameter can contain a Geobuf-encoded GeoJSON geometry object of type Polygon OR MultiPolygon. For more information and specific configuration requirements for these object types, see Polygon and MultiPolygon.

    The following limitations apply specifically to geometries defined using the Geobuf parameter, and supercede the corresponding limitations of the Polygon and MultiPolygon parameters:

    • A Polygon in Geobuf format can have up to 25,000 rings and up to 100,000 total vertices, including all vertices from all component rings.

    • A MultiPolygon in Geobuf format can contain up to 10,000 Polygons and up to 100,000 total vertices, including all vertices from all component Polygons.

    " + }, + "MultiPolygon":{ + "shape":"GeofenceGeometryMultiPolygonList", + "documentation":"

    A MultiPolygon is a list of up to 250 Polygon elements which represent the shape of a geofence. The Polygon components of a MultiPolygon geometry can define separate geographical areas that are considered part of the same geofence, perimeters of larger exterior areas with smaller interior spaces that are excluded from the geofence, or some combination of these use cases to form complex geofence boundaries.

    For more information and specific configuration requirements for the Polygon components that form a MultiPolygon, see Polygon.

    The following additional requirements and limitations apply to geometries defined using the MultiPolygon parameter:

    • The entire MultiPolygon must consist of no more than 1,000 vertices, including all vertices from all component Polygons.

    • Each edge of a component Polygon must intersect no more than 5 edges from other Polygons. Parallel edges that are shared but do not cross are not counted toward this limit.

    • The total number of intersecting edges of component Polygons must be no more than 100,000. Parallel edges that are shared but do not cross are not counted toward this limit.

    " } }, - "documentation":"

    Contains the geofence geometry details.

    A geofence geometry is made up of either a polygon or a circle. Can be a polygon, a circle or a polygon encoded in Geobuf format. Including multiple selections will return a validation error.

    Amazon Location doesn't currently support polygons with holes, multipolygons, polygons that are wound clockwise, or that cross the antimeridian.

    " + "documentation":"

    Contains the geofence geometry details.

    A geofence geometry can be a circle, a polygon, or a multipolygon. Polygon and MultiPolygon geometries can be defined using their respective parameters, or encoded in Geobuf format using the Geobuf parameter. Including multiple geometry types in the same request will return a validation error.

    Amazon Location doesn't currently support polygons that cross the antimeridian.

    " + }, + "GeofenceGeometryMultiPolygonList":{ + "type":"list", + "member":{"shape":"LinearRings"}, + "max":250, + "min":1 + }, + "GeofenceGeometryPolygonList":{ + "type":"list", + "member":{"shape":"LinearRing"}, + "max":250, + "min":1 }, "GetDevicePositionHistoryRequest":{ "type":"structure", @@ -3462,7 +3581,7 @@ "documentation":"

    The accuracy of the device position.

    " }, "PositionProperties":{ - "shape":"PropertyMap", + "shape":"PositionPropertyMap", "documentation":"

    The properties associated with the position.

    " } } @@ -3504,7 +3623,7 @@ }, "Geometry":{ "shape":"GeofenceGeometry", - "documentation":"

    Contains the geofence geometry details describing a polygon or a circle.

    " + "documentation":"

    Contains the geofence geometry details describing the position of the geofence. Can be a circle, a polygon, or a multipolygon.

    " }, "Status":{ "shape":"String", @@ -3540,7 +3659,7 @@ }, "FontStack":{ "shape":"String", - "documentation":"

    A comma-separated list of fonts to load glyphs from in order of preference. For example, Noto Sans Regular, Arial Unicode.

    Valid font stacks for Esri styles:

    • VectorEsriDarkGrayCanvas – Ubuntu Medium Italic | Ubuntu Medium | Ubuntu Italic | Ubuntu Regular | Ubuntu Bold

    • VectorEsriLightGrayCanvas – Ubuntu Italic | Ubuntu Regular | Ubuntu Light | Ubuntu Bold

    • VectorEsriTopographic – Noto Sans Italic | Noto Sans Regular | Noto Sans Bold | Noto Serif Regular | Roboto Condensed Light Italic

    • VectorEsriStreets – Arial Regular | Arial Italic | Arial Bold

    • VectorEsriNavigation – Arial Regular | Arial Italic | Arial Bold

    Valid font stacks for HERE Technologies styles:

    • VectorHereContrast – Fira GO Regular | Fira GO Bold

    • VectorHereExplore, VectorHereExploreTruck, HybridHereExploreSatellite – Fira GO Italic | Fira GO Map | Fira GO Map Bold | Noto Sans CJK JP Bold | Noto Sans CJK JP Light | Noto Sans CJK JP Regular

    Valid font stacks for GrabMaps styles:

    • VectorGrabStandardLight, VectorGrabStandardDark – Noto Sans Regular | Noto Sans Medium | Noto Sans Bold

    Valid font stacks for Open Data styles:

    • VectorOpenDataStandardLight, VectorOpenDataStandardDark, VectorOpenDataVisualizationLight, VectorOpenDataVisualizationDark – Amazon Ember Regular,Noto Sans Regular | Amazon Ember Bold,Noto Sans Bold | Amazon Ember Medium,Noto Sans Medium | Amazon Ember Regular Italic,Noto Sans Italic | Amazon Ember Condensed RC Regular,Noto Sans Regular | Amazon Ember Condensed RC Bold,Noto Sans Bold | Amazon Ember Regular,Noto Sans Regular,Noto Sans Arabic Regular | Amazon Ember Condensed RC Bold,Noto Sans Bold,Noto Sans Arabic Condensed Bold | Amazon Ember Bold,Noto Sans Bold,Noto Sans Arabic Bold | Amazon Ember Regular Italic,Noto Sans Italic,Noto Sans Arabic Regular | Amazon Ember Condensed RC Regular,Noto Sans Regular,Noto Sans Arabic Condensed Regular | Amazon Ember Medium,Noto Sans Medium,Noto Sans Arabic Medium

    The fonts used by the Open Data map styles are combined fonts that use Amazon Ember for most glyphs but Noto Sans for glyphs unsupported by Amazon Ember.

    ", + "documentation":"

    A comma-separated list of fonts to load glyphs from in order of preference. For example, Noto Sans Regular, Arial Unicode.

    Valid font stacks for Esri styles:

    • VectorEsriDarkGrayCanvas – Ubuntu Medium Italic | Ubuntu Medium | Ubuntu Italic | Ubuntu Regular | Ubuntu Bold

    • VectorEsriLightGrayCanvas – Ubuntu Italic | Ubuntu Regular | Ubuntu Light | Ubuntu Bold

    • VectorEsriTopographic – Noto Sans Italic | Noto Sans Regular | Noto Sans Bold | Noto Serif Regular | Roboto Condensed Light Italic

    • VectorEsriStreets – Arial Regular | Arial Italic | Arial Bold

    • VectorEsriNavigation – Arial Regular | Arial Italic | Arial Bold

    Valid font stacks for HERE Technologies styles:

    • VectorHereContrast – Fira GO Regular | Fira GO Bold

    • VectorHereExplore, VectorHereExploreTruck, HybridHereExploreSatellite – Fira GO Italic | Fira GO Map | Fira GO Map Bold | Noto Sans CJK JP Bold | Noto Sans CJK JP Light | Noto Sans CJK JP Regular

    Valid font stacks for GrabMaps styles:

    • VectorGrabStandardLight, VectorGrabStandardDark – Noto Sans Regular | Noto Sans Medium | Noto Sans Bold

    Valid font stacks for Open Data styles:

    • VectorOpenDataStandardLight, VectorOpenDataStandardDark, VectorOpenDataVisualizationLight, VectorOpenDataVisualizationDark – Amazon Ember Regular,Noto Sans Regular | Amazon Ember Bold,Noto Sans Bold | Amazon Ember Medium,Noto Sans Medium | Amazon Ember Regular Italic,Noto Sans Italic | Amazon Ember Condensed RC Regular,Noto Sans Regular | Amazon Ember Condensed RC Bold,Noto Sans Bold | Amazon Ember Regular,Noto Sans Regular,Noto Sans Arabic Regular | Amazon Ember Condensed RC Bold,Noto Sans Bold,Noto Sans Arabic Condensed Bold | Amazon Ember Bold,Noto Sans Bold,Noto Sans Arabic Bold | Amazon Ember Regular Italic,Noto Sans Italic,Noto Sans Arabic Regular | Amazon Ember Condensed RC Regular,Noto Sans Regular,Noto Sans Arabic Condensed Regular | Amazon Ember Medium,Noto Sans Medium,Noto Sans Arabic Medium

    The fonts used by the Open Data map styles are combined fonts that use Amazon Ember for most glyphs but Noto Sans for glyphs unsupported by Amazon Ember.

    ", "location":"uri", "locationName":"FontStack" }, @@ -3552,7 +3671,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -3605,7 +3724,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -3649,7 +3768,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -3712,7 +3831,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -3720,15 +3839,18 @@ }, "GetMapTileRequestXString":{ "type":"string", - "pattern":".*\\d+.*" + "pattern":".*\\d+.*", + "sensitive":true }, "GetMapTileRequestYString":{ "type":"string", - "pattern":".*\\d+.*" + "pattern":".*\\d+.*", + "sensitive":true }, "GetMapTileRequestZString":{ "type":"string", - "pattern":".*\\d+.*" + "pattern":".*\\d+.*", + "sensitive":true }, "GetMapTileResponse":{ "type":"structure", @@ -3779,7 +3901,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -3877,11 +3999,11 @@ "members":{ "StartPosition":{ "shape":"Position", - "documentation":"

    The starting position of the leg. Follows the format [longitude,latitude].

    If the StartPosition isn't located on a road, it's snapped to a nearby road.

    " + "documentation":"

    The starting position of the leg. Follows the format [longitude,latitude].

    If the StartPosition isn't located on a road, it's snapped to a nearby road.

    " }, "EndPosition":{ "shape":"Position", - "documentation":"

    The terminating position of the leg. Follows the format [longitude,latitude].

    If the EndPosition isn't located on a road, it's snapped to a nearby road.

    " + "documentation":"

    The terminating position of the leg. Follows the format [longitude,latitude].

    If the EndPosition isn't located on a road, it's snapped to a nearby road.

    " }, "Distance":{ "shape":"LegDistanceDouble", @@ -3900,17 +4022,19 @@ "documentation":"

    Contains a list of steps, which represent subsections of a leg. Each step provides instructions for how to move to the next step in the leg such as the step's start position, end position, travel distance, travel duration, and geometry offset.

    " } }, - "documentation":"

    Contains the calculated route's details for each path between a pair of positions. The number of legs returned corresponds to one fewer than the total number of positions in the request.

    For example, a route with a departure position and destination position returns one leg with the positions snapped to a nearby road:

    • The StartPosition is the departure position.

    • The EndPosition is the destination position.

    A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:

    • Leg 1: The StartPosition is the departure position . The EndPosition is the waypoint positon.

    • Leg 2: The StartPosition is the waypoint position. The EndPosition is the destination position.

    " + "documentation":"

    Contains the calculated route's details for each path between a pair of positions. The number of legs returned corresponds to one fewer than the total number of positions in the request.

    For example, a route with a departure position and destination position returns one leg with the positions snapped to a nearby road:

    • The StartPosition is the departure position.

    • The EndPosition is the destination position.

    A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:

    • Leg 1: The StartPosition is the departure position . The EndPosition is the waypoint positon.

    • Leg 2: The StartPosition is the waypoint position. The EndPosition is the destination position.

    " }, "LegDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "LegDurationSecondsDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "LegGeometry":{ "type":"structure", @@ -4010,7 +4134,7 @@ "documentation":"

    The accuracy of the device position.

    " }, "PositionProperties":{ - "shape":"PropertyMap", + "shape":"PositionPropertyMap", "documentation":"

    The properties associated with the position.

    " } }, @@ -4074,13 +4198,15 @@ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    No longer used. Always returns an empty string.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Unused." + "deprecatedMessage":"Deprecated. Unused.", + "deprecatedSince":"2022-02-01" }, "CreateTime":{ "shape":"Timestamp", @@ -4113,7 +4239,7 @@ }, "Geometry":{ "shape":"GeofenceGeometry", - "documentation":"

    Contains the geofence geometry details describing a polygon or a circle.

    " + "documentation":"

    Contains the geofence geometry details describing the position of the geofence. Can be a circle, a polygon, or a multipolygon.

    " }, "Status":{ "shape":"String", @@ -4312,7 +4438,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "CreateTime":{ "shape":"Timestamp", @@ -4382,13 +4509,14 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The data provider of geospatial data. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of geospatial data. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "PricingPlan":{ "shape":"PricingPlan", "documentation":"

    No longer used. Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "CreateTime":{ "shape":"Timestamp", @@ -4458,13 +4586,14 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The data provider of traffic and road network data. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The data provider of traffic and road network data. Indicates one of the available providers:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "PricingPlan":{ "shape":"PricingPlan", "documentation":"

    Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "CreateTime":{ "shape":"Timestamp", @@ -4596,13 +4725,15 @@ "shape":"PricingPlan", "documentation":"

    Always returns RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage." + "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    No longer used. Always returns an empty string.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. Unused." + "deprecatedMessage":"Deprecated. Unused.", + "deprecatedSince":"2022-02-01" }, "CreateTime":{ "shape":"Timestamp", @@ -4755,11 +4886,11 @@ "members":{ "Style":{ "shape":"MapStyle", - "documentation":"

    Specifies the map style selected from an available data provider.

    Valid Esri map styles:

    • VectorEsriDarkGrayCanvas – The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.

    • RasterEsriImagery – The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.

    • VectorEsriLightGrayCanvas – The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.

    • VectorEsriTopographic – The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.

    • VectorEsriStreets – The Esri Street Map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.

    • VectorEsriNavigation – The Esri Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.

    Valid HERE Technologies map styles:

    • VectorHereContrast – The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.

      The VectorHereContrast style has been renamed from VectorHereBerlin. VectorHereBerlin has been deprecated, but will continue to work in applications that use it.

    • VectorHereExplore – A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.

    • VectorHereExploreTruck – A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.

    • RasterHereExploreSatellite – A global map containing high resolution satellite imagery.

    • HybridHereExploreSatellite – A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.

      Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.

    Valid GrabMaps map styles:

    • VectorGrabStandardLight – The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.

    • VectorGrabStandardDark – The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.

    Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region (ap-southeast-1). For more information, see GrabMaps countries and area covered.

    Valid Open Data map styles:

    • VectorOpenDataStandardLight – The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.

    • VectorOpenDataStandardDark – Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.

    • VectorOpenDataVisualizationLight – The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.

    • VectorOpenDataVisualizationDark – The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data.

    " + "documentation":"

    Specifies the map style selected from an available data provider.

    Valid Esri map styles:

    • VectorEsriDarkGrayCanvas – The Esri Dark Gray Canvas map style. A vector basemap with a dark gray, neutral background with minimal colors, labels, and features that's designed to draw attention to your thematic content.

    • RasterEsriImagery – The Esri Imagery map style. A raster basemap that provides one meter or better satellite and aerial imagery in many parts of the world and lower resolution satellite imagery worldwide.

    • VectorEsriLightGrayCanvas – The Esri Light Gray Canvas map style, which provides a detailed vector basemap with a light gray, neutral background style with minimal colors, labels, and features that's designed to draw attention to your thematic content.

    • VectorEsriTopographic – The Esri Light map style, which provides a detailed vector basemap with a classic Esri map style.

    • VectorEsriStreets – The Esri Street Map style, which provides a detailed vector basemap for the world symbolized with a classic Esri street map style. The vector tile layer is similar in content and style to the World Street Map raster map.

    • VectorEsriNavigation – The Esri Navigation map style, which provides a detailed basemap for the world symbolized with a custom navigation map style that's designed for use during the day in mobile devices.

    Valid HERE Technologies map styles:

    • VectorHereContrast – The HERE Contrast (Berlin) map style is a high contrast detailed base map of the world that blends 3D and 2D rendering.

      The VectorHereContrast style has been renamed from VectorHereBerlin. VectorHereBerlin has been deprecated, but will continue to work in applications that use it.

    • VectorHereExplore – A default HERE map style containing a neutral, global map and its features including roads, buildings, landmarks, and water features. It also now includes a fully designed map of Japan.

    • VectorHereExploreTruck – A global map containing truck restrictions and attributes (e.g. width / height / HAZMAT) symbolized with highlighted segments and icons on top of HERE Explore to support use cases within transport and logistics.

    • RasterHereExploreSatellite – A global map containing high resolution satellite imagery.

    • HybridHereExploreSatellite – A global map displaying the road network, street names, and city labels over satellite imagery. This style will automatically retrieve both raster and vector tiles, and your charges will be based on total tiles retrieved.

      Hybrid styles use both vector and raster tiles when rendering the map that you see. This means that more tiles are retrieved than when using either vector or raster tiles alone. Your charges will include all tiles retrieved.

    Valid GrabMaps map styles:

    • VectorGrabStandardLight – The Grab Standard Light map style provides a basemap with detailed land use coloring, area names, roads, landmarks, and points of interest covering Southeast Asia.

    • VectorGrabStandardDark – The Grab Standard Dark map style provides a dark variation of the standard basemap covering Southeast Asia.

    Grab provides maps only for countries in Southeast Asia, and is only available in the Asia Pacific (Singapore) Region (ap-southeast-1). For more information, see GrabMaps countries and area covered.

    Valid Open Data map styles:

    • VectorOpenDataStandardLight – The Open Data Standard Light map style provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.

    • VectorOpenDataStandardDark – Open Data Standard Dark is a dark-themed map style that provides a detailed basemap for the world suitable for website and mobile application use. The map includes highways major roads, minor roads, railways, water features, cities, parks, landmarks, building footprints, and administrative boundaries.

    • VectorOpenDataVisualizationLight – The Open Data Visualization Light map style is a light-themed style with muted colors and fewer features that aids in understanding overlaid data.

    • VectorOpenDataVisualizationDark – The Open Data Visualization Dark map style is a dark-themed style with muted colors and fewer features that aids in understanding overlaid data.

    " }, "PoliticalView":{ "shape":"CountryCode3", - "documentation":"

    Specifies the political view for the style. Leave unset to not use a political view, or, for styles that support specific political views, you can choose a view, such as IND for the Indian view.

    Default is unset.

    Not all map resources or styles support political view styles. See Political views for more information.

    " + "documentation":"

    Specifies the political view for the style. Leave unset to not use a political view, or, for styles that support specific political views, you can choose a view, such as IND for the Indian view.

    Default is unset.

    Not all map resources or styles support political view styles. See Political views for more information.

    " }, "CustomLayers":{ "shape":"CustomLayerList", @@ -4773,7 +4904,7 @@ "members":{ "PoliticalView":{ "shape":"CountryCode3OrEmpty", - "documentation":"

    Specifies the political view for the style. Set to an empty string to not use a political view, or, for styles that support specific political views, you can choose a view, such as IND for the Indian view.

    Not all map resources or styles support political view styles. See Political views for more information.

    " + "documentation":"

    Specifies the political view for the style. Set to an empty string to not use a political view, or, for styles that support specific political views, you can choose a view, such as IND for the Indian view.

    Not all map resources or styles support political view styles. See Political views for more information.

    " }, "CustomLayers":{ "shape":"CustomLayerList", @@ -4809,44 +4940,44 @@ "required":["Geometry"], "members":{ "Label":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The full name and address of the point of interest such as a city, region, or country. For example, 123 Any Street, Any Town, USA.

    " }, "Geometry":{"shape":"PlaceGeometry"}, "AddressNumber":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The numerical portion of an address, such as a building number.

    " }, "Street":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name for a street or a road to identify a location. For example, Main Street.

    " }, "Neighborhood":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of a community district. For example, Downtown.

    " }, "Municipality":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    A name for a local area, such as a city or town name. For example, Toronto.

    " }, "SubRegion":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    A county, or an area that's part of a larger region. For example, Metro Vancouver.

    " }, "Region":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    A name for an area or geographical division, such as a province or state name. For example, British Columbia.

    " }, "Country":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    A country/region specified using ISO 3166 3-digit country/region code. For example, CAN.

    " }, "PostalCode":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    A group of numbers and letters in a country-specific format, which accompanies the address for the purpose of identifying a location.

    " }, "Interpolated":{ - "shape":"Boolean", + "shape":"SensitiveBoolean", "documentation":"

    True if the result is interpolated from other known places.

    False if the Place is a known place.

    Not returned when the partner does not provide the information.

    For example, returns False for an address location that is found in the partner data, but returns True if an address does not exist in the partner data and its location is calculated by interpolating between other known addresses.

    " }, "TimeZone":{ @@ -4854,23 +4985,23 @@ "documentation":"

    The time zone in which the Place is located. Returned only when using HERE or Grab as the selected partner.

    " }, "UnitType":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    For addresses with a UnitNumber, the type of unit. For example, Apartment.

    Returned only for a place index that uses Esri as a data provider.

    " }, "UnitNumber":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    For addresses with multiple units, the unit identifier. Can include numbers and letters, for example 3B or Unit 123.

    Returned only for a place index that uses Esri or Grab as a data provider. Is not returned for SearchPlaceIndexForPosition.

    " }, "Categories":{ "shape":"PlaceCategoryList", - "documentation":"

    The Amazon Location categories that describe this Place.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service Developer Guide.

    " + "documentation":"

    The Amazon Location categories that describe this Place.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service developer guide.

    " }, "SupplementalCategories":{ "shape":"PlaceSupplementalCategoryList", "documentation":"

    Categories from the data provider that describe the Place that are not mapped to any Amazon Location categories.

    " }, "SubMunicipality":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    An area that's part of a larger municipality. For example, Blissville is a submunicipality in the Queen County in New York.

    This property supported by Esri and OpenData. The Esri property is district, and the OpenData property is borough.

    " } }, @@ -4879,7 +5010,8 @@ "PlaceCategory":{ "type":"string", "max":35, - "min":0 + "min":0, + "sensitive":true }, "PlaceCategoryList":{ "type":"list", @@ -4897,7 +5029,10 @@ }, "documentation":"

    Places uses a point geometry to specify a location or a Place.

    " }, - "PlaceId":{"type":"string"}, + "PlaceId":{ + "type":"string", + "sensitive":true + }, "PlaceIndexSearchResultLimit":{ "type":"integer", "box":true, @@ -4907,7 +5042,8 @@ "PlaceSupplementalCategory":{ "type":"string", "max":35, - "min":0 + "min":0, + "sensitive":true }, "PlaceSupplementalCategoryList":{ "type":"list", @@ -4930,6 +5066,24 @@ "AccuracyBased" ] }, + "PositionPropertyMap":{ + "type":"map", + "key":{"shape":"PositionPropertyMapKeyString"}, + "value":{"shape":"PositionPropertyMapValueString"}, + "max":4, + "min":0, + "sensitive":true + }, + "PositionPropertyMapKeyString":{ + "type":"string", + "max":20, + "min":1 + }, + "PositionPropertyMapValueString":{ + "type":"string", + "max":150, + "min":1 + }, "PositionalAccuracy":{ "type":"structure", "required":["Horizontal"], @@ -4945,7 +5099,8 @@ "type":"double", "box":true, "max":10000000, - "min":0 + "min":0, + "sensitive":true }, "PricingPlan":{ "type":"string", @@ -4995,7 +5150,7 @@ }, "Geometry":{ "shape":"GeofenceGeometry", - "documentation":"

    Contains the details to specify the position of the geofence. Can be a polygon, a circle or a polygon encoded in Geobuf format. Including multiple selections will return a validation error.

    The geofence polygon format supports a maximum of 1,000 vertices. The Geofence Geobuf format supports a maximum of 100,000 vertices.

    " + "documentation":"

    Contains the details to specify the position of the geofence. Can be a circle, a polygon, or a multipolygon. Polygon and MultiPolygon geometries can be defined using their respective parameters, or encoded in Geobuf format using the Geobuf parameter. Including multiple geometry types in the same request will return a validation error.

    The geofence Polygon and MultiPolygon formats support a maximum of 1,000 total vertices. The Geobuf format supports a maximum of 100,000 vertices.

    " }, "GeofenceProperties":{ "shape":"PropertyMap", @@ -5029,7 +5184,8 @@ "type":"string", "max":253, "min":0, - "pattern":"([$\\-._+!*\\x{60}(),;/?:@=&\\w]|%([0-9a-fA-F?]{2}|[0-9a-fA-F?]?[*]))+" + "pattern":"([\\w!$&()*+,./:;=?@\\x{60}-]|%([\\dA-Fa-f]{2}|[\\dA-Fa-f]?\\*))+", + "sensitive":true }, "ResourceDescription":{ "type":"string", @@ -5083,12 +5239,14 @@ "RouteMatrixEntryDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixEntryDurationSecondsDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "RouteMatrixEntryError":{ "type":"structure", @@ -5157,7 +5315,8 @@ "SearchForPositionResultDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "SearchForPositionResultList":{ "type":"list", @@ -5168,7 +5327,7 @@ "required":["Text"], "members":{ "Text":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The text of the place suggestion, typically formatted as an address string.

    " }, "PlaceId":{ @@ -5177,7 +5336,7 @@ }, "Categories":{ "shape":"PlaceCategoryList", - "documentation":"

    The Amazon Location categories that describe the Place.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service Developer Guide.

    " + "documentation":"

    The Amazon Location categories that describe the Place.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service developer guide.

    " }, "SupplementalCategories":{ "shape":"PlaceSupplementalCategoryList", @@ -5216,7 +5375,8 @@ "SearchForTextResultDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "SearchForTextResultList":{ "type":"list", @@ -5226,7 +5386,8 @@ "type":"double", "box":true, "max":1, - "min":0 + "min":0, + "sensitive":true }, "SearchPlaceIndexForPositionRequest":{ "type":"structure", @@ -5255,7 +5416,7 @@ }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -5295,7 +5456,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "Language":{ "shape":"LanguageTag", @@ -5343,11 +5504,11 @@ }, "FilterCategories":{ "shape":"FilterPlaceCategoryList", - "documentation":"

    A list of one or more Amazon Location categories to filter the returned places. If you include more than one category, the results will include results that match any of the categories listed.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service Developer Guide.

    " + "documentation":"

    A list of one or more Amazon Location categories to filter the returned places. If you include more than one category, the results will include results that match any of the categories listed.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service developer guide.

    " }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -5411,7 +5572,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "Language":{ "shape":"LanguageTag", @@ -5463,11 +5624,11 @@ }, "FilterCategories":{ "shape":"FilterPlaceCategoryList", - "documentation":"

    A list of one or more Amazon Location categories to filter the returned places. If you include more than one category, the results will include results that match any of the categories listed.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service Developer Guide.

    " + "documentation":"

    A list of one or more Amazon Location categories to filter the returned places. If you include more than one category, the results will include results that match any of the categories listed.

    For more information about using categories, including a list of Amazon Location categories, see Categories and filtering, in the Amazon Location Service developer guide.

    " }, "Key":{ "shape":"ApiKey", - "documentation":"

    The optional API key to authorize the request.

    ", + "documentation":"

    The optional API key to authorize the request.

    ", "location":"querystring", "locationName":"key" } @@ -5529,7 +5690,7 @@ }, "DataSource":{ "shape":"String", - "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " + "documentation":"

    The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:

    • Esri

    • Grab

    • Here

    For more information about data providers, see Amazon Location Service data providers.

    " }, "Language":{ "shape":"LanguageTag", @@ -5542,6 +5703,21 @@ }, "documentation":"

    A summary of the request sent by using SearchPlaceIndexForText.

    " }, + "SensitiveBoolean":{ + "type":"boolean", + "box":true, + "sensitive":true + }, + "SensitiveDouble":{ + "type":"double", + "box":true, + "sensitive":true + }, + "SensitiveInteger":{ + "type":"integer", + "box":true, + "sensitive":true + }, "SensitiveString":{ "type":"string", "sensitive":true @@ -5556,13 +5732,19 @@ "locationName":"message" } }, - "documentation":"

    The operation was denied because the request would exceed the maximum quota set for Amazon Location Service.

    ", + "documentation":"

    The operation was denied because the request would exceed the maximum quota set for Amazon Location Service.

    ", "error":{ "httpStatusCode":402, "senderFault":true }, "exception":true }, + "Sha1CertificateFingerprint":{ + "type":"string", + "max":59, + "min":59, + "pattern":"([A-Fa-f0-9]{2}:){19}[A-Fa-f0-9]{2}" + }, "SpeedUnit":{ "type":"string", "enum":[ @@ -5612,12 +5794,14 @@ "StepDistanceDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "StepDurationSecondsDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "StepGeometryOffsetInteger":{ "type":"integer", @@ -5633,7 +5817,7 @@ "type":"string", "max":128, "min":1, - "pattern":"[a-zA-Z+-=._:/]+" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.,:/=+\\-@]*)" }, "TagKeys":{ "type":"list", @@ -5669,14 +5853,13 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"[A-Za-z0-9 _=@:.+-/]*" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.,:/=+\\-@]*)" }, "ThrottlingException":{ "type":"structure", @@ -5700,11 +5883,11 @@ "required":["Name"], "members":{ "Name":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The name of the time zone, following the IANA time zone standard. For example, America/Los_Angeles.

    " }, "Offset":{ - "shape":"Integer", + "shape":"SensitiveInteger", "documentation":"

    The time zone's offset, in seconds, from UTC.

    " } }, @@ -5712,6 +5895,7 @@ }, "Timestamp":{ "type":"timestamp", + "sensitive":true, "timestampFormat":"iso8601" }, "Token":{ @@ -5764,17 +5948,20 @@ "TruckDimensionsHeightDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "TruckDimensionsLengthDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "TruckDimensionsWidthDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "TruckWeight":{ "type":"structure", @@ -5793,7 +5980,8 @@ "TruckWeightTotalDouble":{ "type":"double", "box":true, - "min":0 + "min":0, + "sensitive":true }, "UntagResourceRequest":{ "type":"structure", @@ -5818,8 +6006,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateGeofenceCollectionRequest":{ "type":"structure", @@ -5835,13 +6022,15 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    This parameter is no longer used.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. No longer allowed." + "deprecatedMessage":"Deprecated. No longer allowed.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -5939,7 +6128,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -5987,7 +6177,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -6035,7 +6226,8 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -6079,13 +6271,15 @@ "shape":"PricingPlan", "documentation":"

    No longer used. If included, the only allowed value is RequestBasedUsage.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage." + "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage.", + "deprecatedSince":"2022-02-01" }, "PricingPlanDataSource":{ "shape":"String", "documentation":"

    This parameter is no longer used.

    ", "deprecated":true, - "deprecatedMessage":"Deprecated. No longer allowed." + "deprecatedMessage":"Deprecated. No longer allowed.", + "deprecatedSince":"2022-02-01" }, "Description":{ "shape":"ResourceDescription", @@ -6192,7 +6386,8 @@ "Missing", "CannotParse", "FieldValidationFailed", - "Other" + "Other", + "UnknownField" ] }, "VehicleWeightUnit":{ @@ -6283,7 +6478,7 @@ "type":"string", "max":17, "min":12, - "pattern":"([0-9A-Fa-f]{2}[:-]?){5}([0-9A-Fa-f]{2})" + "pattern":"([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})" }, "WiFiAccessPointRssInteger":{ "type":"integer", diff -pruN 2.23.6-1/awscli/botocore/data/logs/2014-03-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/logs/2014-03-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/logs/2014-03-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/logs/2014-03-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/logs/2014-03-28/service-2.json 2.31.35-1/awscli/botocore/data/logs/2014-03-28/service-2.json --- 2.23.6-1/awscli/botocore/data/logs/2014-03-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/logs/2014-03-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -27,7 +27,7 @@ {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Associates the specified KMS key with either one log group in the account, or with all stored CloudWatch Logs query insights results in the account.

    When you use AssociateKmsKey, you specify either the logGroupName parameter or the resourceIdentifier parameter. You can't specify both of those parameters in the same operation.

    • Specify the logGroupName parameter to cause log events ingested into that log group to be encrypted with that key. Only the log events ingested after the key is associated are encrypted with that key.

      Associating a KMS key with a log group overrides any existing associations between the log group and a KMS key. After a KMS key is associated with a log group, all newly ingested data for the log group is encrypted using the KMS key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.

      Associating a key with a log group does not cause the results of queries of that log group to be encrypted with that key. To have query results encrypted with a KMS key, you must use an AssociateKmsKey operation with the resourceIdentifier parameter that specifies a query-result resource.

    • Specify the resourceIdentifier parameter with a query-result resource, to use that key to encrypt the stored results of all future StartQuery operations in the account. The response from a GetQueryResults operation will still return the query results in plain text.

      Even if you have not associated a key with your query results, the query results are encrypted when stored, using the default CloudWatch Logs method.

      If you run a query from a monitoring account that queries logs in a source account, the query results key from the monitoring account, if any, is used.

    If you delete the key that is used to encrypt log events or log group query results, then all the associated stored log events or query results that were encrypted with that key will be unencryptable and unusable.

    CloudWatch Logs supports only symmetric KMS keys. Do not use an associate an asymmetric KMS key with your log group or query results. For more information, see Using Symmetric and Asymmetric Keys.

    It can take up to 5 minutes for this operation to take effect.

    If you attempt to associate a KMS key with a log group but the KMS key does not exist or the KMS key is disabled, you receive an InvalidParameterException error.

    " + "documentation":"

    Associates the specified KMS key with either one log group in the account, or with all stored CloudWatch Logs query insights results in the account.

    When you use AssociateKmsKey, you specify either the logGroupName parameter or the resourceIdentifier parameter. You can't specify both of those parameters in the same operation.

    • Specify the logGroupName parameter to cause log events ingested into that log group to be encrypted with that key. Only the log events ingested after the key is associated are encrypted with that key.

      Associating a KMS key with a log group overrides any existing associations between the log group and a KMS key. After a KMS key is associated with a log group, all newly ingested data for the log group is encrypted using the KMS key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.

      Associating a key with a log group does not cause the results of queries of that log group to be encrypted with that key. To have query results encrypted with a KMS key, you must use an AssociateKmsKey operation with the resourceIdentifier parameter that specifies a query-result resource.

    • Specify the resourceIdentifier parameter with a query-result resource, to use that key to encrypt the stored results of all future StartQuery operations in the account. The response from a GetQueryResults operation will still return the query results in plain text.

      Even if you have not associated a key with your query results, the query results are encrypted when stored, using the default CloudWatch Logs method.

      If you run a query from a monitoring account that queries logs in a source account, the query results key from the monitoring account, if any, is used.

    If you delete the key that is used to encrypt log events or log group query results, then all the associated stored log events or query results that were encrypted with that key will be unencryptable and unusable.

    CloudWatch Logs supports only symmetric KMS keys. Do not associate an asymmetric KMS key with your log group or query results. For more information, see Using Symmetric and Asymmetric Keys.

    It can take up to 5 minutes for this operation to take effect.

    If you attempt to associate a KMS key with a log group but the KMS key does not exist or the KMS key is disabled, you receive an InvalidParameterException error.

    " }, "CancelExportTask":{ "name":"CancelExportTask", @@ -61,7 +61,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates a delivery. A delivery is a connection between a logical delivery source and a logical delivery destination that you have already created.

    Only some Amazon Web Services services support being configured as a delivery source using this operation. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    A delivery destination can represent a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    To update an existing delivery configuration, use UpdateDeliveryConfiguration.

    " + "documentation":"

    Creates a delivery. A delivery is a connection between a logical delivery source and a logical delivery destination that you have already created.

    Only some Amazon Web Services services support being configured as a delivery source using this operation. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    A delivery destination can represent a log group in CloudWatch Logs, an Amazon S3 bucket, a delivery stream in Firehose, or X-Ray.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    To update an existing delivery configuration, use UpdateDeliveryConfiguration.

    " }, "CreateExportTask":{ "name":"CreateExportTask", @@ -79,7 +79,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ResourceAlreadyExistsException"} ], - "documentation":"

    Creates an export task so that you can efficiently export data from a log group to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must use credentials that have permission to write to the S3 bucket that you specify as the destination.

    Exporting log data to S3 buckets that are encrypted by KMS is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a retention period is also supported.

    Exporting to S3 buckets that are encrypted with AES-256 is supported.

    This is an asynchronous call. If all the required information is provided, this operation initiates an export task and responds with the ID of the task. After the task has started, you can use DescribeExportTasks to get the status of the export task. Each account can only have one active (RUNNING or PENDING) export task at a time. To cancel an export task, use CancelExportTask.

    You can export logs from multiple log groups or multiple time ranges to the same S3 bucket. To separate log data for each export task, specify a prefix to be used as the Amazon S3 key prefix for all exported objects.

    We recommend that you don't regularly export to Amazon S3 as a way to continuously archive your logs. For that use case, we instaed recommend that you use subscriptions. For more information about subscriptions, see Real-time processing of log data with subscriptions.

    Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can sort the exported log field data by using Linux utilities.

    " + "documentation":"

    Creates an export task so that you can efficiently export data from a log group to an Amazon S3 bucket. When you perform a CreateExportTask operation, you must use credentials that have permission to write to the S3 bucket that you specify as the destination.

    Exporting log data to S3 buckets that are encrypted by KMS is supported. Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a retention period is also supported.

    Exporting to S3 buckets that are encrypted with AES-256 is supported.

    This is an asynchronous call. If all the required information is provided, this operation initiates an export task and responds with the ID of the task. After the task has started, you can use DescribeExportTasks to get the status of the export task. Each account can only have one active (RUNNING or PENDING) export task at a time. To cancel an export task, use CancelExportTask.

    You can export logs from multiple log groups or multiple time ranges to the same S3 bucket. To separate log data for each export task, specify a prefix to be used as the Amazon S3 key prefix for all exported objects.

    We recommend that you don't regularly export to Amazon S3 as a way to continuously archive your logs. For that use case, we instead recommend that you use subscriptions. For more information about subscriptions, see Real-time processing of log data with subscriptions.

    Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can sort the exported log field data by using Linux utilities.

    " }, "CreateLogAnomalyDetector":{ "name":"CreateLogAnomalyDetector", @@ -358,6 +358,7 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], "documentation":"

    Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.

    " @@ -422,7 +423,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Returns a list of all CloudWatch Logs account policies in the account.

    To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are retrieving information for.

    • To see data protection policies, you must have the logs:GetDataProtectionPolicy and logs:DescribeAccountPolicies permissions.

    • To see subscription filter policies, you must have the logs:DescrubeSubscriptionFilters and logs:DescribeAccountPolicies permissions.

    • To see transformer policies, you must have the logs:GetTransformer and logs:DescribeAccountPolicies permissions.

    • To see field index policies, you must have the logs:DescribeIndexPolicies and logs:DescribeAccountPolicies permissions.

    " + "documentation":"

    Returns a list of all CloudWatch Logs account policies in the account.

    To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are retrieving information for.

    • To see data protection policies, you must have the logs:GetDataProtectionPolicy and logs:DescribeAccountPolicies permissions.

    • To see subscription filter policies, you must have the logs:DescribeSubscriptionFilters and logs:DescribeAccountPolicies permissions.

    • To see transformer policies, you must have the logs:GetTransformer and logs:DescribeAccountPolicies permissions.

    • To see field index policies, you must have the logs:DescribeIndexPolicies and logs:DescribeAccountPolicies permissions.

    " }, "DescribeConfigurationTemplates":{ "name":"DescribeConfigurationTemplates", @@ -454,7 +455,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Retrieves a list of the deliveries that have been created in the account.

    A delivery is a connection between a delivery source and a delivery destination .

    A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, or Firehose. Only some Amazon Web Services services support being configured as a delivery source. These services are listed in Enable logging from Amazon Web Services services.

    " + "documentation":"

    Retrieves a list of the deliveries that have been created in the account.

    A delivery is a connection between a delivery source and a delivery destination .

    A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, Firehose or X-Ray. Only some Amazon Web Services services support being configured as a delivery source. These services are listed in Enable logging from Amazon Web Services services.

    " }, "DescribeDeliveryDestinations":{ "name":"DescribeDeliveryDestinations", @@ -531,7 +532,7 @@ {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Returns a list of field indexes listed in the field index policies of one or more log groups. For more information about field index policies, see PutIndexPolicy.

    " + "documentation":"

    Returns a list of custom and default field indexes which are discovered in log data. For more information about field index policies, see PutIndexPolicy.

    " }, "DescribeIndexPolicies":{ "name":"DescribeIndexPolicies", @@ -548,7 +549,7 @@ {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Returns the field index policies of one or more log groups. For more information about field index policies, see PutIndexPolicy.

    If a specified log group has a log-group level index policy, that policy is returned by this operation.

    If a specified log group doesn't have a log-group level index policy, but an account-wide index policy applies to it, that account-wide policy is returned by this operation.

    To find information about only account-level policies, use DescribeAccountPolicies instead.

    " + "documentation":"

    Returns the field index policies of the specified log group. For more information about field index policies, see PutIndexPolicy.

    If a specified log group has a log-group level index policy, that policy is returned by this operation.

    If a specified log group doesn't have a log-group level index policy, but an account-wide index policy applies to it, that account-wide policy is returned by this operation.

    To find information about only account-level policies, use DescribeAccountPolicies instead.

    " }, "DescribeLogGroups":{ "name":"DescribeLogGroups", @@ -562,7 +563,7 @@ {"shape":"InvalidParameterException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Lists the specified log groups. You can list all your log groups or filter the results by prefix. The results are ASCII-sorted by log group name.

    CloudWatch Logs doesn't support IAM policies that control access to the DescribeLogGroups action by using the aws:ResourceTag/key-name condition key. Other CloudWatch Logs actions do support the use of the aws:ResourceTag/key-name condition key to control access. For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    " + "documentation":"

    Returns information about log groups. You can return all your log groups or filter the results by prefix. The results are ASCII-sorted by log group name.

    CloudWatch Logs doesn't support IAM policies that control access to the DescribeLogGroups action by using the aws:ResourceTag/key-name condition key. Other CloudWatch Logs actions do support the use of the aws:ResourceTag/key-name condition key to control access. For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    " }, "DescribeLogStreams":{ "name":"DescribeLogStreams", @@ -680,7 +681,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Lists log events from the specified log group. You can list all the log events or filter the results using a filter pattern, a time range, and the name of the log stream.

    You must have the logs:FilterLogEvents permission to perform this operation.

    You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can't include both.

    By default, this operation returns as many log events as can fit in 1 MB (up to 10,000 log events) or all the events found within the specified time range. If the results include a token, that means there are more log events available. You can get additional results by specifying the token in a subsequent call. This operation can return empty results while there are more log events available through the token.

    The returned log events are sorted by event timestamp, the timestamp when the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    " + "documentation":"

    Lists log events from the specified log group. You can list all the log events or filter the results using one or more of the following:

    • A filter pattern

    • A time range

    • The log stream name, or a log stream name prefix that matches multiple log streams

    You must have the logs:FilterLogEvents permission to perform this operation.

    You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can't include both.

    FilterLogEvents is a paginated operation. Each page returned can contain up to 1 MB of log events or up to 10,000 log events. A returned page might only be partially full, or even empty. For example, if the result of a query would return 15,000 log events, the first page isn't guaranteed to have 10,000 log events even if they all fit into 1 MB.

    Partially full or empty pages don't necessarily mean that pagination is finished. If the results include a nextToken, there might be more log events available. You can return these additional log events by providing the nextToken in a subsequent FilterLogEvents operation. If the results don't include a nextToken, then pagination is finished.

    Specifying the limit parameter only guarantees that a single page doesn't return more log events than the specified limit, but it might return fewer events than the limit. This is the expected API behavior.

    The returned log events are sorted by event timestamp, the timestamp when the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    If you are using log transformation, the FilterLogEvents operation returns only the original versions of log events, before they were transformed. To view the transformed versions, you must use a CloudWatch Logs query.

    " }, "GetDataProtectionPolicy":{ "name":"GetDataProtectionPolicy", @@ -793,7 +794,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"OperationAbortedException"} ], - "documentation":"

    Retrieves information about the log anomaly detector that you specify.

    " + "documentation":"

    Retrieves information about the log anomaly detector that you specify. The KMS key ARN detected is valid.

    " }, "GetLogEvents":{ "name":"GetLogEvents", @@ -808,7 +809,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Lists log events from the specified log stream. You can list all of the log events or filter using a time range.

    By default, this operation returns as many log events as can fit in a response size of 1MB (up to 10,000 log events). You can get additional log events by specifying one of the tokens in a subsequent call. This operation can return empty results while there are more log events available through the token.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can't include both.

    " + "documentation":"

    Lists log events from the specified log stream. You can list all of the log events or filter using a time range.

    GetLogEvents is a paginated operation. Each page returned can contain up to 1 MB of log events or up to 10,000 log events. A returned page might only be partially full, or even empty. For example, if the result of a query would return 15,000 log events, the first page isn't guaranteed to have 10,000 log events even if they all fit into 1 MB.

    Partially full or empty pages don't necessarily mean that pagination is finished. As long as the nextBackwardToken or nextForwardToken returned is NOT equal to the nextToken that you passed into the API call, there might be more log events available. The token that you use depends on the direction you want to move in along the log stream. The returned tokens are never null.

    If you set startFromHead to true and you don’t include endTime in your request, you can end up in a situation where the pagination doesn't terminate. This can happen when the new log events are being added to the target log streams faster than they are being read. This situation is a good use case for the CloudWatch Logs Live Tail feature.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must include one of these two parameters, but you can't include both.

    If you are using log transformation, the GetLogEvents operation returns only the original versions of log events, before they were transformed. To view the transformed versions, you must use a CloudWatch Logs query.

    " }, "GetLogGroupFields":{ "name":"GetLogGroupFields", @@ -826,6 +827,24 @@ ], "documentation":"

    Returns a list of the fields that are included in log events in the specified log group. Includes the percentage of log events that contain each field. The search is limited to a time period that you specify.

    You can specify the log group to search by using either logGroupIdentifier or logGroupName. You must specify one of these parameters, but you can't specify both.

    In the results, fields that start with @ are fields generated by CloudWatch Logs. For example, @timestamp is the timestamp of each log event. For more information about the fields that are generated by CloudWatch logs, see Supported Logs and Discovered Fields.

    The response results are sorted by the frequency percentage, starting with the highest percentage.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see CloudWatch cross-account observability.

    " }, + "GetLogObject":{ + "name":"GetLogObject", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetLogObjectRequest"}, + "output":{"shape":"GetLogObjectResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

    Retrieves a large logging object (LLO) and streams it back. This API is used to fetch the content of large portions of log events that have been ingested through the PutOpenTelemetryLogs API. When log events contain fields that would cause the total event size to exceed 1MB, CloudWatch Logs automatically processes up to 10 fields, starting with the largest fields. Each field is truncated as needed to keep the total event size as close to 1MB as possible. The excess portions are stored as Large Log Objects (LLOs) and these fields are processed separately and LLO reference system fields (in the format @ptr.$[path.to.field]) are added. The path in the reference field reflects the original JSON structure where the large field was located. For example, this could be @ptr.$['input']['message'], @ptr.$['AAA']['BBB']['CCC']['DDD'], @ptr.$['AAA'], or any other path matching your log structure.

    ", + "endpoint":{"hostPrefix":"streaming-"} + }, "GetLogRecord":{ "name":"GetLogRecord", "http":{ @@ -919,6 +938,20 @@ ], "documentation":"

    Retrieves a list of the log anomaly detectors in the account.

    " }, + "ListLogGroups":{ + "name":"ListLogGroups", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListLogGroupsRequest"}, + "output":{"shape":"ListLogGroupsResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Returns a list of log groups in the Region in your account. If you are performing this action in a monitoring account, you can choose to also return log groups from source accounts that are linked to the monitoring account. For more information about using cross-account observability to set up monitoring accounts and source accounts, see CloudWatch cross-account observability.

    You can optionally filter the list by log group class and by using regular expressions in your request to match strings in the log group names.

    This operation is paginated. By default, your first use of this operation returns 50 results, and includes a token to use in a subsequent operation to return more results.

    " + }, "ListLogGroupsForQuery":{ "name":"ListLogGroupsForQuery", "http":{ @@ -980,7 +1013,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Creates an account-level data protection policy, subscription filter policy, or field index policy that applies to all log groups or a subset of log groups in the account.

    To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.

    • To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

    • To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutccountPolicy permissions.

    • To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.

    • To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

    Data protection policy

    A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

    Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

    If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

    By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

    For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

    To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

    The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

    Subscription filter policy

    A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

    The following destinations are supported for subscription filters:

    • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

    • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

    • A Lambda function in the same account as the subscription policy, for same-account delivery.

    • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

    Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

    Transformer policy

    Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.

    You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

    A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.

    Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.

    You can create transformers only for the log groups in the Standard log class.

    You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

    You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

    Field index policy

    You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs

    To find the fields that are in your log group events, use the GetLogGroupFields operation.

    For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.

    Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.

    You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

    If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.

    If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use only that log-group level policy, and will ignore the account-level policy that you create with PutAccountPolicy.

    " + "documentation":"

    Creates an account-level data protection policy, subscription filter policy, field index policy, transformer policy, or metric extraction policy that applies to all log groups or a subset of log groups in the account.

    To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.

    • To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

    • To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.

    • To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.

    • To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.

    • To create a metric extraction policy, you must have the logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.

    Data protection policy

    A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

    Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

    If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

    By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

    For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

    To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

    The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

    Subscription filter policy

    A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

    The following destinations are supported for subscription filters:

    • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.

    • An Firehose data stream in the same account as the subscription policy, for same-account delivery.

    • A Lambda function in the same account as the subscription policy, for same-account delivery.

    • A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

    Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

    Transformer policy

    Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.

    You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

    A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.

    Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.

    You can create transformers only for the log groups in the Standard log class.

    You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

    CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:

    • @aws.region

    • @aws.account

    • @source.log

    • traceId

    Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.

    You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

    Field index policy

    You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs

    To find the fields that are in your log group events, use the GetLogGroupFields operation.

    For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.

    Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.

    You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.

    If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.

    If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use only that log-group level policy, and will ignore the account-level policy that you create with PutAccountPolicy.

    Metric extraction policy

    A metric extraction policy controls whether CloudWatch Metrics can be created through the Embedded Metrics Format (EMF) for log groups in your account. By default, EMF metric creation is enabled for all log groups. You can use metric extraction policies to disable EMF metric creation for your entire account or specific log groups.

    When a policy disables EMF metric creation for a log group, log events in the EMF format are still ingested, but no CloudWatch Metrics are created from them.

    Creating a policy disables metrics for AWS features that use EMF to create metrics, such as CloudWatch Container Insights and CloudWatch Application Signals. To prevent turning off those features by accident, we recommend that you exclude the underlying log-groups through a selection-criteria such as LogGroupNamePrefix NOT IN [\"/aws/containerinsights\", \"/aws/ecs/containerinsights\", \"/aws/application-signals/data\"].

    Each account can have either one account-level metric extraction policy that applies to all log groups, or up to 5 policies that are each scoped to a subset of log groups with the selectionCriteria parameter. The selection criteria supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN and NOT IN. You can specify up to 50 values in each IN or NOT IN list.

    The selection criteria can be specified in these formats:

    LogGroupName IN [\"log-group-1\", \"log-group-2\"]

    LogGroupNamePrefix NOT IN [\"/aws/prefix1\", \"/aws/prefix2\"]

    If you have multiple account-level metric extraction policies with selection criteria, no two of them can have overlapping criteria. For example, if you have one policy with selection criteria LogGroupNamePrefix IN [\"my-log\"], you can't have another metric extraction policy with selection criteria LogGroupNamePrefix IN [\"/my-log-prod\"] or LogGroupNamePrefix IN [\"/my-logging\"], as the set of log groups matching these prefixes would be a subset of the log groups matching the first policy's prefix, creating an overlap.

    When using NOT IN, only one policy with this operator is allowed per account.

    When combining policies with IN and NOT IN operators, the overlap check ensures that policies don't have conflicting effects. Two policies with IN and NOT IN operators do not overlap if and only if every value in the IN policy is completely contained within some value in the NOT IN policy. For example:

    • If you have a NOT IN policy for prefix \"/aws/lambda\", you can create an IN policy for the exact log group name \"/aws/lambda/function1\" because the set of log groups matching \"/aws/lambda/function1\" is a subset of the log groups matching \"/aws/lambda\".

    • If you have a NOT IN policy for prefix \"/aws/lambda\", you cannot create an IN policy for prefix \"/aws\" because the set of log groups matching \"/aws\" is not a subset of the log groups matching \"/aws/lambda\".

    " }, "PutDataProtectionPolicy":{ "name":"PutDataProtectionPolicy", @@ -1015,7 +1048,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Creates or updates a logical delivery destination. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as logs delivery destinations.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Use PutDeliveryDestination to create a delivery destination in the same account of the actual delivery destination. The delivery destination that you create is a logical object that represents the actual delivery destination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    If you use this operation to update an existing delivery destination, all the current delivery destination parameters are overwritten with the new parameter values that you specify.

    " + "documentation":"

    Creates or updates a logical delivery destination. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as logs delivery destinations and X-Ray as the trace delivery destination.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Use PutDeliveryDestination to create a delivery destination in the same account of the actual delivery destination. The delivery destination that you create is a logical object that represents the actual delivery destination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    If you use this operation to update an existing delivery destination, all the current delivery destination parameters are overwritten with the new parameter values that you specify.

    " }, "PutDeliveryDestinationPolicy":{ "name":"PutDeliveryDestinationPolicy", @@ -1049,7 +1082,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates or updates a logical delivery source. A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, or Firehose.

    To configure logs delivery between a delivery destination and an Amazon Web Services service that is supported as a delivery source, you must do the following:

    • Use PutDeliverySource to create a delivery source, which is a logical object that represents the resource that is actually sending the logs.

    • Use PutDeliveryDestination to create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    If you use this operation to update an existing delivery source, all the current delivery source parameters are overwritten with the new parameter values that you specify.

    " + "documentation":"

    Creates or updates a logical delivery source. A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, Firehose or X-Ray for sending traces.

    To configure logs delivery between a delivery destination and an Amazon Web Services service that is supported as a delivery source, you must do the following:

    • Use PutDeliverySource to create a delivery source, which is a logical object that represents the resource that is actually sending the logs.

    • Use PutDeliveryDestination to create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.

    If you use this operation to update an existing delivery source, all the current delivery source parameters are overwritten with the new parameter values that you specify.

    " }, "PutDestination":{ "name":"PutDestination", @@ -1095,7 +1128,7 @@ {"shape":"OperationAbortedException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.

    You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.

    To find the fields that are in your log group events, use the GetLogGroupFields operation.

    For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId IN [value, value, ...] will process fewer log events to reduce costs, and have improved performance.

    Each index policy has the following quotas and restrictions:

    • As many as 20 fields can be included in the policy.

    • Each field name can include as many as 100 characters.

    Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of RequestId won't match a log event containing requestId.

    Log group-level field index policies created with PutIndexPolicy override account-level field index policies created with PutAccountPolicy. If you use PutIndexPolicy to create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.

    " + "documentation":"

    Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.

    You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.

    To find the fields that are in your log group events, use the GetLogGroupFields operation.

    For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId IN [value, value, ...] will process fewer log events to reduce costs, and have improved performance.

    CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:

    • @aws.region

    • @aws.account

    • @source.log

    • traceId

    Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.

    Each index policy has the following quotas and restrictions:

    • As many as 20 fields can be included in the policy.

    • Each field name can include as many as 100 characters.

    Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of RequestId won't match a log event containing requestId.

    Log group-level field index policies created with PutIndexPolicy override account-level field index policies created with PutAccountPolicy. If you use PutIndexPolicy to create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.

    " }, "PutIntegration":{ "name":"PutIntegration", @@ -1129,7 +1162,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"UnrecognizedClientException"} ], - "documentation":"

    Uploads a batch of log events to the specified log stream.

    The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are always accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException even if the sequence token is not valid. You can use parallel PutLogEvents actions on the same log stream.

    The batch of events must satisfy the following constraints:

    • The maximum batch size is 1,048,576 bytes. This size is calculated as the sum of all event messages in UTF-8, plus 26 bytes for each log event.

    • None of the log events in the batch can be more than 2 hours in the future.

    • None of the log events in the batch can be more than 14 days in the past. Also, none of the log events can be from earlier than the retention period of the log group.

    • The log events in the batch must be in chronological order by their timestamp. The timestamp is the time that the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In Amazon Web Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss. For example, 2017-09-15T13:45:30.)

    • A batch of log events in a single request cannot span more than 24 hours. Otherwise, the operation fails.

    • Each log event can be no larger than 256 KB.

    • The maximum number of log events in a batch is 10,000.

    • The quota of five requests per second per log stream has been removed. Instead, PutLogEvents actions are throttled based on a per-second per-account quota. You can request an increase to the per-second throttling quota by using the Service Quotas service.

    If a call to PutLogEvents returns \"UnrecognizedClientException\" the most likely cause is a non-valid Amazon Web Services access key ID or secret key.

    " + "documentation":"

    Uploads a batch of log events to the specified log stream.

    The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are always accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException even if the sequence token is not valid. You can use parallel PutLogEvents actions on the same log stream.

    The batch of events must satisfy the following constraints:

    • The maximum batch size is 1,048,576 bytes. This size is calculated as the sum of all event messages in UTF-8, plus 26 bytes for each log event.

    • Events more than 2 hours in the future are rejected while processing remaining valid events.

    • Events older than 14 days or preceding the log group's retention period are rejected while processing remaining valid events.

    • The log events in the batch must be in chronological order by their timestamp. The timestamp is the time that the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. (In Amazon Web Services Tools for PowerShell and the Amazon Web Services SDK for .NET, the timestamp is specified in .NET format: yyyy-mm-ddThh:mm:ss. For example, 2017-09-15T13:45:30.)

    • A batch of log events in a single request must be in a chronological order. Otherwise, the operation fails.

    • Each log event can be no larger than 1 MB.

    • The maximum number of log events in a batch is 10,000.

    • For valid events (within 14 days in the past to 2 hours in future), the time span in a single batch cannot exceed 24 hours. Otherwise, the operation fails.

    The quota of five requests per second per log stream has been removed. Instead, PutLogEvents actions are throttled based on a per-second per-account quota. You can request an increase to the per-second throttling quota by using the Service Quotas service.

    If a call to PutLogEvents returns \"UnrecognizedClientException\" the most likely cause is a non-valid Amazon Web Services access key ID or secret key.

    " }, "PutMetricFilter":{ "name":"PutMetricFilter", @@ -1175,6 +1208,8 @@ "errors":[ {"shape":"InvalidParameterException"}, {"shape":"LimitExceededException"}, + {"shape":"OperationAbortedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ServiceUnavailableException"} ], "documentation":"

    Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Web Services Region.

    " @@ -1243,7 +1278,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

    Starts a Live Tail streaming session for one or more log groups. A Live Tail session returns a stream of log events that have been recently ingested in the log groups. For more information, see Use Live Tail to view logs in near real time.

    The response to this operation is a response stream, over which the server sends live log events and the client receives them.

    The following objects are sent over the stream:

    • A single LiveTailSessionStart object is sent at the start of the session.

    • Every second, a LiveTailSessionUpdate object is sent. Each of these objects contains an array of the actual log events.

      If no new log events were ingested in the past second, the LiveTailSessionUpdate object will contain an empty array.

      The array of log events contained in a LiveTailSessionUpdate can include as many as 500 log events. If the number of log events matching the request exceeds 500 per second, the log events are sampled down to 500 log events to be included in each LiveTailSessionUpdate object.

      If your client consumes the log events slower than the server produces them, CloudWatch Logs buffers up to 10 LiveTailSessionUpdate events or 5000 log events, after which it starts dropping the oldest events.

    • A SessionStreamingException object is returned if an unknown error occurs on the server side.

    • A SessionTimeoutException object is returned when the session times out, after it has been kept open for three hours.

    You can end a session before it times out by closing the session stream or by closing the client that is receiving the stream. The session also ends if the established connection between the client and the server breaks.

    For examples of using an SDK to start a Live Tail session, see Start a Live Tail session using an Amazon Web Services SDK.

    ", + "documentation":"

    Starts a Live Tail streaming session for one or more log groups. A Live Tail session returns a stream of log events that have been recently ingested in the log groups. For more information, see Use Live Tail to view logs in near real time.

    The response to this operation is a response stream, over which the server sends live log events and the client receives them.

    The following objects are sent over the stream:

    • A single LiveTailSessionStart object is sent at the start of the session.

    • Every second, a LiveTailSessionUpdate object is sent. Each of these objects contains an array of the actual log events.

      If no new log events were ingested in the past second, the LiveTailSessionUpdate object will contain an empty array.

      The array of log events contained in a LiveTailSessionUpdate can include as many as 500 log events. If the number of log events matching the request exceeds 500 per second, the log events are sampled down to 500 log events to be included in each LiveTailSessionUpdate object.

      If your client consumes the log events slower than the server produces them, CloudWatch Logs buffers up to 10 LiveTailSessionUpdate events or 5000 log events, after which it starts dropping the oldest events.

    • A SessionStreamingException object is returned if an unknown error occurs on the server side.

    • A SessionTimeoutException object is returned when the session times out, after it has been kept open for three hours.

    The StartLiveTail API routes requests to streaming-logs.Region.amazonaws.com using SDK host prefix injection. VPC endpoint support is not available for this API.

    You can end a session before it times out by closing the session stream or by closing the client that is receiving the stream. The session also ends if the established connection between the client and the server breaks.

    For examples of using an SDK to start a Live Tail session, see Start a Live Tail session using an Amazon Web Services SDK.

    ", "endpoint":{"hostPrefix":"streaming-"} }, "StartQuery":{ @@ -1347,7 +1382,7 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"

    The UntagLogGroup operation is on the path to deprecation. We recommend that you use UntagResource instead.

    Removes the specified tags from the specified log group.

    To list the tags for a log group, use ListTagsForResource. To add tags, use TagResource.

    CloudWatch Logs doesn't support IAM policies that prevent users from assigning specified tags to log groups using the aws:Resource/key-name or aws:TagKeys condition keys.

    ", + "documentation":"

    The UntagLogGroup operation is on the path to deprecation. We recommend that you use UntagResource instead.

    Removes the specified tags from the specified log group.

    To list the tags for a log group, use ListTagsForResource. To add tags, use TagResource.

    When using IAM policies to control tag management for CloudWatch Logs log groups, the condition keys aws:Resource/key-name and aws:TagKeys cannot be used to restrict which tags users can assign.

    ", "deprecated":true, "deprecatedMessage":"Please use the generic tagging API UntagResource" }, @@ -1417,8 +1452,7 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You don't have sufficient permissions to perform this action.

    ", "exception":true }, @@ -1663,7 +1697,7 @@ }, "kmsKeyId":{ "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key assigned to this anomaly detector, if any.

    " + "documentation":"

    The ARN of the KMS key assigned to this anomaly detector, if any.

    " }, "creationTimeStamp":{ "shape":"EpochMillis", @@ -1855,8 +1889,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This operation attempted to create a resource that already exists.

    ", "exception":true }, @@ -2011,8 +2044,8 @@ "documentation":"

    You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see Filter and Pattern Syntax.

    " }, "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    Optionally assigns a KMS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.

    For more information about using a KMS key and to see the required IAM policy, see Use a KMS key with an anomaly detector.

    " + "shape":"DetectorKmsKeyArn", + "documentation":"

    Optionally assigns a KMS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.

    Make sure the value provided is a valid KMS key ARN. For more information about using a KMS key and to see the required IAM policy, see Use a KMS key with an anomaly detector.

    " }, "anomalyVisibilityTime":{ "shape":"AnomalyVisibilityTime", @@ -2051,7 +2084,7 @@ }, "logGroupClass":{ "shape":"LogGroupClass", - "documentation":"

    Use this parameter to specify the log group class for this log group. There are two classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    If you omit this parameter, the default of STANDARD is used.

    The value of logGroupClass can't be changed after a log group is created.

    For details about the features supported by each class, see Log classes

    " + "documentation":"

    Use this parameter to specify the log group class for this log group. There are three classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    • Use the Delivery log class only for delivering Lambda logs to store in Amazon S3 or Amazon Data Firehose. Log events in log groups in the Delivery class are kept in CloudWatch Logs for only one day. This log class doesn't offer rich CloudWatch Logs capabilities such as CloudWatch Logs Insights queries.

    If you omit this parameter, the default of STANDARD is used.

    The value of logGroupClass can't be changed after a log group is created.

    For details about the features supported by each class, see Log classes

    " } } }, @@ -2076,6 +2109,7 @@ "type":"list", "member":{"shape":"Arn"} }, + "Data":{"type":"blob"}, "DataAlreadyAcceptedException":{ "type":"structure", "members":{ @@ -2181,7 +2215,7 @@ "members":{ "name":{ "shape":"DeliveryDestinationName", - "documentation":"

    The name of the delivery destination that you want to delete. You can find a list of delivery destionation names by using the DescribeDeliveryDestinations operation.

    " + "documentation":"

    The name of the delivery destination that you want to delete. You can find a list of delivery destination names by using the DescribeDeliveryDestinations operation.

    " } } }, @@ -2227,8 +2261,7 @@ }, "DeleteIndexPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIntegrationRequest":{ "type":"structure", @@ -2246,8 +2279,7 @@ }, "DeleteIntegrationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKeys":{ "type":"structure", @@ -2339,6 +2371,14 @@ "policyName":{ "shape":"PolicyName", "documentation":"

    The name of the policy to be revoked. This parameter is required.

    " + }, + "resourceArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the CloudWatch Logs resource for which the resource policy needs to be deleted

    " + }, + "expectedRevisionId":{ + "shape":"ExpectedRevisionId", + "documentation":"

    The expected revision ID of the resource policy. Required when deleting a resource-scoped policy to prevent concurrent modifications.

    " } } }, @@ -2387,7 +2427,7 @@ }, "Delimiter":{ "type":"string", - "max":1, + "max":2, "min":1 }, "Deliveries":{ @@ -2415,7 +2455,7 @@ }, "deliveryDestinationType":{ "shape":"DeliveryDestinationType", - "documentation":"

    Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, or Firehose.

    " + "documentation":"

    Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.

    " }, "recordFields":{ "shape":"RecordFields", @@ -2449,7 +2489,7 @@ }, "deliveryDestinationType":{ "shape":"DeliveryDestinationType", - "documentation":"

    Displays whether this delivery destination is CloudWatch Logs, Amazon S3, or Firehose.

    " + "documentation":"

    Displays whether this delivery destination is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.

    " }, "outputFormat":{ "shape":"OutputFormat", @@ -2464,7 +2504,7 @@ "documentation":"

    The tags that have been assigned to this delivery destination.

    " } }, - "documentation":"

    This structure contains information about one delivery destination in your account. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Firehose delivery destinations.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Create a delivery destination, which is a logical object that represents the actual delivery destination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    " + "documentation":"

    This structure contains information about one delivery destination in your account. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, Firehose, and X-Ray are supported as delivery destinations.

    To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:

    • Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.

    • Create a delivery destination, which is a logical object that represents the actual delivery destination.

    • If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.

    • Create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.

    You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.

    " }, "DeliveryDestinationConfiguration":{ "type":"structure", @@ -2493,13 +2533,14 @@ "enum":[ "S3", "CWL", - "FH" + "FH", + "XRAY" ] }, "DeliveryDestinationTypes":{ "type":"list", "member":{"shape":"DeliveryDestinationType"}, - "max":3, + "max":4, "min":1 }, "DeliveryDestinations":{ @@ -2806,12 +2847,18 @@ "max":50, "min":1 }, + "DescribeLogGroupsLogGroupIdentifiers":{ + "type":"list", + "member":{"shape":"LogGroupIdentifier"}, + "max":50, + "min":1 + }, "DescribeLogGroupsRequest":{ "type":"structure", "members":{ "accountIdentifiers":{ "shape":"AccountIds", - "documentation":"

    When includeLinkedAccounts is set to True, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.

    " + "documentation":"

    When includeLinkedAccounts is set to true, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.

    " }, "logGroupNamePrefix":{ "shape":"LogGroupName", @@ -2819,7 +2866,7 @@ }, "logGroupNamePattern":{ "shape":"LogGroupNamePattern", - "documentation":"

    If you specify a string for this parameter, the operation returns only log groups that have names that match the string based on a case-sensitive substring search. For example, if you specify Foo, log groups named FooBar, aws/Foo, and GroupFoo would match, but foo, F/o/o and Froo would not match.

    If you specify logGroupNamePattern in your request, then only arn, creationTime, and logGroupName are included in the response.

    logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one of these parameters can be passed.

    " + "documentation":"

    If you specify a string for this parameter, the operation returns only log groups that have names that match the string based on a case-sensitive substring search. For example, if you specify DataLogs, log groups named DataLogs, aws/DataLogs, and GroupDataLogs would match, but datalogs, Data/log/s and Groupdata would not match.

    If you specify logGroupNamePattern in your request, then only arn, creationTime, and logGroupName are included in the response.

    logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one of these parameters can be passed.

    " }, "nextToken":{ "shape":"NextToken", @@ -2831,11 +2878,15 @@ }, "includeLinkedAccounts":{ "shape":"IncludeLinkedAccounts", - "documentation":"

    If you are using a monitoring account, set this to True to have the operation return log groups in the accounts listed in accountIdentifiers.

    If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.

    " + "documentation":"

    If you are using a monitoring account, set this to true to have the operation return log groups in the accounts listed in accountIdentifiers.

    If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.

    The default for this parameter is false.

    " }, "logGroupClass":{ "shape":"LogGroupClass", - "documentation":"

    Specifies the log group class for this log group. There are two classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    For details about the features supported by each class, see Log classes

    " + "documentation":"

    Use this parameter to limit the results to only those log groups in the specified log group class. If you omit this parameter, log groups of all classes can be returned.

    Specifies the log group class for this log group. There are three classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    • Use the Delivery log class only for delivering Lambda logs to store in Amazon S3 or Amazon Data Firehose. Log events in log groups in the Delivery class are kept in CloudWatch Logs for only one day. This log class doesn't offer rich CloudWatch Logs capabilities such as CloudWatch Logs Insights queries.

    For details about the features supported by each class, see Log classes

    " + }, + "logGroupIdentifiers":{ + "shape":"DescribeLogGroupsLogGroupIdentifiers", + "documentation":"

    Use this array to filter the list of log groups returned. If you specify this parameter, the only other filter that you can choose to specify is includeLinkedAccounts.

    If you are using this operation in a monitoring account, you can specify the ARNs of log groups in source accounts and in the monitoring account itself. If you are using this operation in an account that is not a cross-account monitoring account, you can specify only log group names in the same account as the operation.

    " } } }, @@ -2844,7 +2895,7 @@ "members":{ "logGroups":{ "shape":"LogGroups", - "documentation":"

    The log groups.

    If the retentionInDays value is not included for a log group, then that log group's events do not expire.

    " + "documentation":"

    An array of structures, where each structure contains the information about one log group.

    " }, "nextToken":{"shape":"NextToken"} } @@ -3003,6 +3054,14 @@ "limit":{ "shape":"DescribeLimit", "documentation":"

    The maximum number of resource policies to be displayed with one call of this API.

    " + }, + "resourceArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the CloudWatch Logs resource for which to query the resource policy.

    " + }, + "policyScope":{ + "shape":"PolicyScope", + "documentation":"

    Specifies the scope of the resource policy. Valid values are ACCOUNT or RESOURCE. When not specified, defaults to ACCOUNT.

    " } } }, @@ -3101,6 +3160,11 @@ "type":"list", "member":{"shape":"Destination"} }, + "DetectorKmsKeyArn":{ + "type":"string", + "max":256, + "pattern":"^arn:aws[a-z\\-]*:kms:[-a-z0-9]*:[0-9]*:key/[-a-z0-9]*$" + }, "DetectorName":{ "type":"string", "min":1 @@ -3140,6 +3204,10 @@ ] }, "DynamicTokenPosition":{"type":"integer"}, + "EmitSystemFields":{ + "type":"list", + "member":{"shape":"SystemField"} + }, "EncryptionKey":{ "type":"string", "max":256 @@ -3230,11 +3298,25 @@ "min":1 }, "EventNumber":{"type":"long"}, + "EventSource":{ + "type":"string", + "enum":[ + "CloudTrail", + "Route53Resolver", + "VPCFlow", + "EKSAudit", + "AWSWAF" + ] + }, "EventsLimit":{ "type":"integer", "max":10000, "min":1 }, + "ExpectedRevisionId":{ + "type":"string", + "min":1 + }, "ExportDestinationBucket":{ "type":"string", "max":512, @@ -3389,6 +3471,22 @@ "type":"list", "member":{"shape":"FieldIndex"} }, + "FieldSelectionCriteria":{ + "type":"string", + "max":2000, + "min":0 + }, + "FieldsData":{ + "type":"structure", + "members":{ + "data":{ + "shape":"Data", + "documentation":"

    The actual log data content returned in the streaming response. This contains the fields and values of the log event in a structured format that can be parsed and processed by the client.

    " + } + }, + "documentation":"

    A structure containing the extracted fields from a log event. These fields are extracted based on the log format and can be used for structured querying and analysis.

    ", + "event":true + }, "FilterCount":{"type":"integer"}, "FilterLogEventsRequest":{ "type":"structure", @@ -3454,7 +3552,7 @@ }, "nextToken":{ "shape":"NextToken", - "documentation":"

    The token to use when requesting the next set of items. The token expires after 24 hours.

    " + "documentation":"

    The token to use when requesting the next set of items. The token expires after 24 hours.

    If the results don't include a nextToken, then pagination is finished.

    " } } }, @@ -3681,7 +3779,7 @@ }, "kmsKeyId":{ "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key assigned to this anomaly detector, if any.

    " + "documentation":"

    The ARN of the KMS key assigned to this anomaly detector, if any.

    " }, "creationTimeStamp":{ "shape":"EpochMillis", @@ -3782,6 +3880,43 @@ } } }, + "GetLogObjectRequest":{ + "type":"structure", + "required":["logObjectPointer"], + "members":{ + "unmask":{ + "shape":"Unmask", + "documentation":"

    A boolean flag that indicates whether to unmask sensitive log data. When set to true, any masked or redacted data in the log object will be displayed in its original form. Default is false.

    " + }, + "logObjectPointer":{ + "shape":"LogObjectPointer", + "documentation":"

    A pointer to the specific log object to retrieve. This is a required parameter that uniquely identifies the log object within CloudWatch Logs. The pointer is typically obtained from a previous query or filter operation.

    " + } + }, + "documentation":"

    The parameters for the GetLogObject operation.

    " + }, + "GetLogObjectResponse":{ + "type":"structure", + "members":{ + "fieldStream":{ + "shape":"GetLogObjectResponseStream", + "documentation":"

    A stream of structured log data returned by the GetLogObject operation. This stream contains log events with their associated metadata and extracted fields.

    " + } + }, + "documentation":"

    The response from the GetLogObject operation.

    " + }, + "GetLogObjectResponseStream":{ + "type":"structure", + "members":{ + "fields":{"shape":"FieldsData"}, + "InternalStreamingException":{ + "shape":"InternalStreamingException", + "documentation":"

    An internal error occurred during the streaming of log data. This exception is thrown when there's an issue with the internal streaming mechanism used by the GetLogObject operation.

    " + } + }, + "documentation":"

    A stream of structured log data returned by the GetLogObject operation. This stream contains log events with their associated metadata and extracted fields.

    ", + "eventstream":true + }, "GetLogRecordRequest":{ "type":"structure", "required":["logRecordPointer"], @@ -3881,14 +4016,14 @@ }, "match":{ "shape":"GrokMatch", - "documentation":"

    The grok pattern to match against the log event. For a list of supported grok patterns, see Supported grok patterns.

    " + "documentation":"

    The grok pattern to match against the log event. For a list of supported grok patterns, see Supported grok patterns.

    " } }, - "documentation":"

    This processor uses pattern matching to parse and structure unstructured data. This processor can also extract fields from log messages.

    For more information about this processor including examples, see grok in the CloudWatch Logs User Guide.

    " + "documentation":"

    This processor uses pattern matching to parse and structure unstructured data. This processor can also extract fields from log messages.

    For more information about this processor including examples, see grok in the CloudWatch Logs User Guide.

    " }, "GrokMatch":{ "type":"string", - "max":128, + "max":512, "min":1 }, "Histogram":{ @@ -3959,7 +4094,7 @@ }, "message":{ "shape":"EventMessage", - "documentation":"

    The raw event message. Each log event can be no larger than 256 KB.

    " + "documentation":"

    The raw event message. Each log event can be no larger than 1 MB.

    " } }, "documentation":"

    Represents a log event, which is a record of activity that was recorded by the application or resource being monitored.

    " @@ -4039,17 +4174,23 @@ "enum":["OPENSEARCH"] }, "Interleaved":{"type":"boolean"}, - "InvalidOperationException":{ + "InternalStreamingException":{ "type":"structure", "members":{ + "message":{"shape":"Message"} }, + "documentation":"

    An internal error occurred during the streaming of log data. This exception is thrown when there's an issue with the internal streaming mechanism used by the GetLogObject operation.

    ", + "exception":true + }, + "InvalidOperationException":{ + "type":"structure", + "members":{}, "documentation":"

    The operation is not valid on the specified resource.

    ", "exception":true }, "InvalidParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A parameter is specified incorrectly.

    ", "exception":true }, @@ -4083,8 +4224,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have reached the maximum number of resources that can be created.

    ", "exception":true }, @@ -4147,6 +4287,11 @@ } } }, + "ListLimit":{ + "type":"integer", + "max":1000, + "min":1 + }, "ListLogAnomalyDetectorsLimit":{ "type":"integer", "max":50, @@ -4206,6 +4351,42 @@ "nextToken":{"shape":"NextToken"} } }, + "ListLogGroupsRequest":{ + "type":"structure", + "members":{ + "logGroupNamePattern":{ + "shape":"LogGroupNameRegexPattern", + "documentation":"

    Use this parameter to limit the returned log groups to only those with names that match the pattern that you specify. This parameter is a regular expression that can match prefixes and substrings, and supports wildcard matching and matching multiple patterns, as in the following examples.

    • Use ^ to match log group names by prefix.

    • For a substring match, specify the string to match. All matches are case sensitive

    • To match multiple patterns, separate them with a | as in the example ^/aws/lambda|discovery

    You can specify as many as five different regular expression patterns in this field, each of which must be between 3 and 24 characters. You can include the ^ symbol as many as five times, and include the | symbol as many as four times.

    " + }, + "logGroupClass":{ + "shape":"LogGroupClass", + "documentation":"

    Use this parameter to limit the results to only those log groups in the specified log group class. If you omit this parameter, log groups of all classes can be returned.

    " + }, + "includeLinkedAccounts":{ + "shape":"IncludeLinkedAccounts", + "documentation":"

    If you are using a monitoring account, set this to true to have the operation return log groups in the accounts listed in accountIdentifiers.

    If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.

    The default for this parameter is false.

    " + }, + "accountIdentifiers":{ + "shape":"AccountIds", + "documentation":"

    When includeLinkedAccounts is set to true, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.

    " + }, + "nextToken":{"shape":"NextToken"}, + "limit":{ + "shape":"ListLimit", + "documentation":"

    The maximum number of log groups to return. If you omit this parameter, the default is up to 50 log groups.

    " + } + } + }, + "ListLogGroupsResponse":{ + "type":"structure", + "members":{ + "logGroups":{ + "shape":"LogGroupSummaries", + "documentation":"

    An array of structures, where each structure contains the information about one log group.

    " + }, + "nextToken":{"shape":"NextToken"} + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceArn"], @@ -4280,7 +4461,7 @@ "documentation":"

    If you set flatten to true, use flattenedElement to specify which element, first or last, to keep.

    You must specify this parameter if flatten is true

    " } }, - "documentation":"

    This processor takes a list of objects that contain key fields, and converts them into a map of target keys.

    For more information about this processor including examples, see listToMap in the CloudWatch Logs User Guide.

    " + "documentation":"

    This processor takes a list of objects that contain key fields, and converts them into a map of target keys.

    For more information about this processor including examples, see listToMap in the CloudWatch Logs User Guide.

    " }, "LiveTailSessionLogEvent":{ "type":"structure", @@ -4425,7 +4606,7 @@ }, "logGroupClass":{ "shape":"LogGroupClass", - "documentation":"

    This specifies the log group class for this log group. There are two classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    For details about the features supported by each class, see Log classes

    " + "documentation":"

    This specifies the log group class for this log group. There are three classes:

    • The Standard log class supports all CloudWatch Logs features.

    • The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

    • Use the Delivery log class only for delivering Lambda logs to store in Amazon S3 or Amazon Data Firehose. Log events in log groups in the Delivery class are kept in CloudWatch Logs for only one day. This log class doesn't offer rich CloudWatch Logs capabilities such as CloudWatch Logs Insights queries.

    For details about the features supported by the Standard and Infrequent Access classes, see Log classes

    " }, "logGroupArn":{ "shape":"Arn", @@ -4448,7 +4629,8 @@ "type":"string", "enum":[ "STANDARD", - "INFREQUENT_ACCESS" + "INFREQUENT_ACCESS", + "DELIVERY" ] }, "LogGroupField":{ @@ -4491,14 +4673,47 @@ "min":0, "pattern":"[\\.\\-_/#A-Za-z0-9]*" }, + "LogGroupNameRegexPattern":{ + "type":"string", + "max":129, + "min":3, + "pattern":"(\\^?[\\.\\-_\\/#A-Za-z0-9]{3,24})(\\|\\^?[\\.\\-_\\/#A-Za-z0-9]{3,24}){0,4}" + }, "LogGroupNames":{ "type":"list", "member":{"shape":"LogGroupName"} }, + "LogGroupSummaries":{ + "type":"list", + "member":{"shape":"LogGroupSummary"} + }, + "LogGroupSummary":{ + "type":"structure", + "members":{ + "logGroupName":{ + "shape":"LogGroupName", + "documentation":"

    The name of the log group.

    " + }, + "logGroupArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the log group.

    " + }, + "logGroupClass":{ + "shape":"LogGroupClass", + "documentation":"

    The log group class for this log group. For details about the features supported by each log group class, see Log classes

    " + } + }, + "documentation":"

    This structure contains information about one log group in your account.

    " + }, "LogGroups":{ "type":"list", "member":{"shape":"LogGroup"} }, + "LogObjectPointer":{ + "type":"string", + "max":512, + "min":1 + }, "LogRecord":{ "type":"map", "key":{"shape":"Field"}, @@ -4631,6 +4846,14 @@ "applyOnTransformedLogs":{ "shape":"ApplyOnTransformedLogs", "documentation":"

    This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see PutTransformer.

    If this value is true, the metric filter is applied on the transformed version of the log events instead of the original ingested log events.

    " + }, + "fieldSelectionCriteria":{ + "shape":"FieldSelectionCriteria", + "documentation":"

    The filter expression that specifies which log events are processed by this metric filter based on system fields. Returns the fieldSelectionCriteria value if it was specified when the metric filter was created.

    " + }, + "emitSystemFieldDimensions":{ + "shape":"EmitSystemFields", + "documentation":"

    The list of system fields that are emitted as additional dimensions in the generated metrics. Returns the emitSystemFieldDimensions value if it was specified when the metric filter was created.

    " } }, "documentation":"

    Metric filters express how CloudWatch Logs would extract metric observations from ingested log events and transform them into metric data in a CloudWatch metric.

    " @@ -4767,6 +4990,10 @@ "max":128, "min":1 }, + "OCSFVersion":{ + "type":"string", + "enum":["V1.1"] + }, "OpenSearchApplication":{ "type":"structure", "members":{ @@ -5020,8 +5247,7 @@ }, "OperationAbortedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Multiple concurrent requests to update the same resource were in conflict.

    ", "exception":true }, @@ -5147,6 +5373,28 @@ }, "documentation":"

    Use this processor to parse Route 53 vended logs, extract fields, and and convert them into a JSON format. This processor always processes the entire log event message. For more information about this processor including examples, see parseRoute53.

    If you use this processor, it must be the first processor in your transformer.

    " }, + "ParseToOCSF":{ + "type":"structure", + "required":[ + "eventSource", + "ocsfVersion" + ], + "members":{ + "source":{ + "shape":"Source", + "documentation":"

    The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

    " + }, + "eventSource":{ + "shape":"EventSource", + "documentation":"

    Specify the service or process that produces the log events that will be converted with this processor.

    " + }, + "ocsfVersion":{ + "shape":"OCSFVersion", + "documentation":"

    Specify which version of the OCSF schema to use for the transformed log events.

    " + } + }, + "documentation":"

    This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.

    For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.

    " + }, "ParseVPC":{ "type":"structure", "members":{ @@ -5236,13 +5484,21 @@ "min":1 }, "PolicyName":{"type":"string"}, + "PolicyScope":{ + "type":"string", + "enum":[ + "ACCOUNT", + "RESOURCE" + ] + }, "PolicyType":{ "type":"string", "enum":[ "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY", "FIELD_INDEX_POLICY", - "TRANSFORMER_POLICY" + "TRANSFORMER_POLICY", + "METRIC_EXTRACTION_POLICY" ] }, "Priority":{ @@ -5304,6 +5560,10 @@ "shape":"ParseRoute53", "documentation":"

    Use this parameter to include the parseRoute53 processor in your transformer.

    If you use this processor, it must be the first processor in your transformer.

    " }, + "parseToOCSF":{ + "shape":"ParseToOCSF", + "documentation":"

    Use this parameter to convert logs into Open Cybersecurity Schema (OCSF) format.

    " + }, "parsePostgres":{ "shape":"ParsePostgres", "documentation":"

    Use this parameter to include the parsePostGres processor in your transformer.

    If you use this processor, it must be the first processor in your transformer.

    " @@ -5375,7 +5635,7 @@ }, "selectionCriteria":{ "shape":"SelectionCriteria", - "documentation":"

    Use this parameter to apply the new policy to a subset of log groups in the account.

    Specifing selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY or TRANSFORMER_POLICYfor policyType.

    If policyType is SUBSCRIPTION_FILTER_POLICY, the only supported selectionCriteria filter is LogGroupName NOT IN []

    If policyType is FIELD_INDEX_POLICY or TRANSFORMER_POLICY, the only supported selectionCriteria filter is LogGroupNamePrefix

    The selectionCriteria string can be up to 25KB in length. The length is determined by using its UTF-8 bytes.

    Using the selectionCriteria parameter with SUBSCRIPTION_FILTER_POLICY is useful to help prevent infinite loops. For more information, see Log recursion prevention.

    " + "documentation":"

    Use this parameter to apply the new policy to a subset of log groups in the account.

    Specifying selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY or TRANSFORMER_POLICYfor policyType.

    If policyType is SUBSCRIPTION_FILTER_POLICY, the only supported selectionCriteria filter is LogGroupName NOT IN []

    If policyType is FIELD_INDEX_POLICY or TRANSFORMER_POLICY, the only supported selectionCriteria filter is LogGroupNamePrefix

    The selectionCriteria string can be up to 25KB in length. The length is determined by using its UTF-8 bytes.

    Using the selectionCriteria parameter with SUBSCRIPTION_FILTER_POLICY is useful to help prevent infinite loops. For more information, see Log recursion prevention.

    " } } }, @@ -5450,10 +5710,7 @@ }, "PutDeliveryDestinationRequest":{ "type":"structure", - "required":[ - "name", - "deliveryDestinationConfiguration" - ], + "required":["name"], "members":{ "name":{ "shape":"DeliveryDestinationName", @@ -5465,7 +5722,11 @@ }, "deliveryDestinationConfiguration":{ "shape":"DeliveryDestinationConfiguration", - "documentation":"

    A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.

    " + "documentation":"

    A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.

    deliveryDestinationConfiguration is required for CloudWatch Logs, Amazon S3, Firehose log delivery destinations and not required for X-Ray trace delivery destinations. deliveryDestinationType is needed for X-Ray trace delivery destinations but not required for other logs delivery destinations.

    " + }, + "deliveryDestinationType":{ + "shape":"DeliveryDestinationType", + "documentation":"

    The type of delivery destination. This parameter specifies the target service where log data will be delivered. Valid values include:

    • S3 - Amazon S3 for long-term storage and analytics

    • CWL - CloudWatch Logs for centralized log management

    • FH - Amazon Kinesis Data Firehose for real-time data streaming

    • XRAY - Amazon Web Services X-Ray for distributed tracing and application monitoring

    The delivery destination type determines the format and configuration options available for log delivery.

    " }, "tags":{ "shape":"Tags", @@ -5500,7 +5761,7 @@ }, "logType":{ "shape":"LogType", - "documentation":"

    Defines the type of log that the source is sending.

    • For Amazon Bedrock, the valid value is APPLICATION_LOGS.

    • For CloudFront, the valid value is ACCESS_LOGS.

    • For Amazon CodeWhisperer, the valid value is EVENT_LOGS.

    • For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.

    • For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.

    • For IAM Identity Center, the valid value is ERROR_LOGS.

    • For Amazon Q, the valid value is EVENT_LOGS.

    • For Amazon SES mail manager, the valid value is APPLICATION_LOG.

    • For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.

    " + "documentation":"

    Defines the type of log that the source is sending.

    • For Amazon Bedrock, the valid value is APPLICATION_LOGS and TRACES.

    • For CloudFront, the valid value is ACCESS_LOGS.

    • For Amazon CodeWhisperer, the valid value is EVENT_LOGS.

    • For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.

    • For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.

    • For Entity Resolution, the valid value is WORKFLOW_LOGS.

    • For IAM Identity Center, the valid value is ERROR_LOGS.

    • For PCS, the valid values are PCS_SCHEDULER_LOGS and PCS_JOBCOMP_LOGS.

    • For Amazon Q, the valid value is EVENT_LOGS.

    • For Amazon SES mail manager, the valid values are APPLICATION_LOG and TRAFFIC_POLICY_DEBUG_LOGS.

    • For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.

    • For Amazon VPC Route Server, the valid value is EVENT_LOGS.

    " }, "tags":{ "shape":"Tags", @@ -5709,6 +5970,14 @@ "applyOnTransformedLogs":{ "shape":"ApplyOnTransformedLogs", "documentation":"

    This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see PutTransformer.

    If the log group uses either a log-group level or account-level transformer, and you specify true, the metric filter will be applied on the transformed version of the log events instead of the original ingested log events.

    " + }, + "fieldSelectionCriteria":{ + "shape":"FieldSelectionCriteria", + "documentation":"

    A filter expression that specifies which log events should be processed by this metric filter based on system fields such as source account and source region. Uses selection criteria syntax with operators like =, !=, AND, OR, IN, NOT IN. Example: @aws.region = \"us-east-1\" or @aws.account IN [\"123456789012\", \"987654321098\"]. Maximum length: 2000 characters.

    " + }, + "emitSystemFieldDimensions":{ + "shape":"EmitSystemFields", + "documentation":"

    A list of system fields to emit as additional dimensions in the generated metrics. Valid values are @aws.account and @aws.region. These dimensions help identify the source of centralized log data and count toward the total dimension limit for metric filters.

    " } } }, @@ -5765,6 +6034,14 @@ "policyDocument":{ "shape":"PolicyDocument", "documentation":"

    Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.

    The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace \"logArn\" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

    CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.

    In the example resource policy, you would replace the value of SourceArn with the resource making the call from Route 53 to CloudWatch Logs. You would also replace the value of SourceAccount with the Amazon Web Services account ID making that call.

    { \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\": \"logs:PutLogEvents\", \"Resource\": \"logArn\", \"Condition\": { \"ArnLike\": { \"aws:SourceArn\": \"myRoute53ResourceArn\" }, \"StringEquals\": { \"aws:SourceAccount\": \"myAwsAccountId\" } } } ] }

    " + }, + "resourceArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the CloudWatch Logs resource to which the resource policy needs to be added or attached. Currently only supports LogGroup ARN.

    " + }, + "expectedRevisionId":{ + "shape":"ExpectedRevisionId", + "documentation":"

    The expected revision ID of the resource policy. Required when resourceArn is provided to prevent concurrent modifications. Use null when creating a resource policy for the first time.

    " } } }, @@ -5774,6 +6051,10 @@ "resourcePolicy":{ "shape":"ResourcePolicy", "documentation":"

    The new policy.

    " + }, + "revisionId":{ + "shape":"ExpectedRevisionId", + "documentation":"

    The revision ID of the created or updated resource policy. Only returned for resource-scoped policies.

    " } } }, @@ -5827,6 +6108,14 @@ "applyOnTransformedLogs":{ "shape":"ApplyOnTransformedLogs", "documentation":"

    This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see PutTransformer.

    If the log group uses either a log-group level or account-level transformer, and you specify true, the subscription filter will be applied on the transformed version of the log events instead of the original ingested log events.

    " + }, + "fieldSelectionCriteria":{ + "shape":"FieldSelectionCriteria", + "documentation":"

    A filter expression that specifies which log events should be processed by this subscription filter based on system fields such as source account and source region. Uses selection criteria syntax with operators like =, !=, AND, OR, IN, NOT IN. Example: @aws.region NOT IN [\"cn-north-1\"] or @aws.account = \"123456789012\" AND @aws.region = \"us-east-1\". Maximum length: 2000 characters.

    " + }, + "emitSystemFields":{ + "shape":"EmitSystemFields", + "documentation":"

    A list of system fields to include in the log events sent to the subscription destination. Valid values are @aws.account and @aws.region. These fields provide source information for centralized log data in the forwarded payload.

    " } } }, @@ -5923,7 +6212,7 @@ "QueryId":{ "type":"string", "max":256, - "min":0 + "min":1 }, "QueryInfo":{ "type":"structure", @@ -6128,8 +6417,7 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource already exists.

    ", "exception":true }, @@ -6156,8 +6444,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource does not exist.

    ", "exception":true }, @@ -6179,6 +6466,18 @@ "lastUpdatedTime":{ "shape":"Timestamp", "documentation":"

    Timestamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

    " + }, + "policyScope":{ + "shape":"PolicyScope", + "documentation":"

    Specifies scope of the resource policy. Valid values are ACCOUNT or RESOURCE.

    " + }, + "resourceArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the CloudWatch Logs resource to which the resource policy is attached. Only populated for resource-scoped policies.

    " + }, + "revisionId":{ + "shape":"ExpectedRevisionId", + "documentation":"

    The revision ID of the resource policy. Only populated for resource-scoped policies.

    " } }, "documentation":"

    A policy enabling one or more entities to put logs to a log group in this account.

    " @@ -6267,15 +6566,13 @@ }, "ServiceQuotaExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This request exceeds a service quota.

    ", "exception":true }, "ServiceUnavailableException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The service cannot complete the request.

    ", "exception":true, "fault":true @@ -6321,6 +6618,11 @@ }, "documentation":"

    Use this processor to split a field into an array of strings using a delimiting character.

    For more information about this processor including examples, see splitString in the CloudWatch Logs User Guide.

    " }, + "SplitStringDelimiter":{ + "type":"string", + "max":128, + "min":1 + }, "SplitStringEntries":{ "type":"list", "member":{"shape":"SplitStringEntry"}, @@ -6339,7 +6641,7 @@ "documentation":"

    The key of the field to split.

    " }, "delimiter":{ - "shape":"Delimiter", + "shape":"SplitStringDelimiter", "documentation":"

    The separator characters to split the string entry on.

    " } }, @@ -6549,6 +6851,14 @@ "creationTime":{ "shape":"Timestamp", "documentation":"

    The creation time of the subscription filter, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

    " + }, + "fieldSelectionCriteria":{ + "shape":"FieldSelectionCriteria", + "documentation":"

    The filter expression that specifies which log events are processed by this subscription filter based on system fields. Returns the fieldSelectionCriteria value if it was specified when the subscription filter was created.

    " + }, + "emitSystemFields":{ + "shape":"EmitSystemFields", + "documentation":"

    The list of system fields that are included in the log events sent to the subscription destination. Returns the emitSystemFields value if it was specified when the subscription filter was created.

    " } }, "documentation":"

    Represents a subscription filter.

    " @@ -6634,6 +6944,7 @@ "HOURS" ] }, + "SystemField":{"type":"string"}, "TagKey":{ "type":"string", "max":128, @@ -6774,8 +7085,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request was throttled because of quota limits.

    ", "exception":true }, @@ -6900,8 +7210,7 @@ "Unmask":{"type":"boolean"}, "UnrecognizedClientException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The most likely cause is an Amazon Web Services access key ID or secret key that's not valid.

    ", "exception":true }, @@ -6995,8 +7304,7 @@ }, "UpdateDeliveryConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLogAnomalyDetectorRequest":{ "type":"structure", @@ -7043,8 +7351,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    One of the parameters for the request is not valid.

    ", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/lookoutequipment/2020-12-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lookoutequipment/2020-12-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lookoutequipment/2020-12-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutequipment/2020-12-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/lookoutequipment/2020-12-15/service-2.json 2.31.35-1/awscli/botocore/data/lookoutequipment/2020-12-15/service-2.json --- 2.23.6-1/awscli/botocore/data/lookoutequipment/2020-12-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutequipment/2020-12-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"lookoutequipment", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"LookoutEquipment", "serviceFullName":"Amazon Lookout for Equipment", "serviceId":"LookoutEquipment", "signatureVersion":"v4", "targetPrefix":"AWSLookoutEquipmentFrontendService", - "uid":"lookoutequipment-2020-12-15" + "uid":"lookoutequipment-2020-12-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateDataset":{ @@ -4204,8 +4206,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4273,8 +4274,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateActiveModelVersionRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutmetrics-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutmetrics-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutmetrics.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://lookoutmetrics.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/paginators-1.json 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/paginators-1.json --- 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -{ - "pagination": {} -} diff -pruN 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/lookoutmetrics/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutmetrics/2017-07-25/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,3361 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2017-07-25", - "endpointPrefix":"lookoutmetrics", - "jsonVersion":"1.1", - "protocol":"rest-json", - "serviceAbbreviation":"LookoutMetrics", - "serviceFullName":"Amazon Lookout for Metrics", - "serviceId":"LookoutMetrics", - "signatureVersion":"v4", - "signingName":"lookoutmetrics", - "uid":"lookoutmetrics-2017-07-25" - }, - "operations":{ - "ActivateAnomalyDetector":{ - "name":"ActivateAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/ActivateAnomalyDetector" - }, - "input":{"shape":"ActivateAnomalyDetectorRequest"}, - "output":{"shape":"ActivateAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"}, - {"shape":"ConflictException"} - ], - "documentation":"

    Activates an anomaly detector.

    " - }, - "BackTestAnomalyDetector":{ - "name":"BackTestAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/BackTestAnomalyDetector" - }, - "input":{"shape":"BackTestAnomalyDetectorRequest"}, - "output":{"shape":"BackTestAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Runs a backtest for anomaly detection for the specified resource.

    " - }, - "CreateAlert":{ - "name":"CreateAlert", - "http":{ - "method":"POST", - "requestUri":"/CreateAlert" - }, - "input":{"shape":"CreateAlertRequest"}, - "output":{"shape":"CreateAlertResponse"}, - "errors":[ - {"shape":"ConflictException"}, - {"shape":"ValidationException"}, - {"shape":"ServiceQuotaExceededException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Creates an alert for an anomaly detector.

    " - }, - "CreateAnomalyDetector":{ - "name":"CreateAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/CreateAnomalyDetector" - }, - "input":{"shape":"CreateAnomalyDetectorRequest"}, - "output":{"shape":"CreateAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ConflictException"}, - {"shape":"ValidationException"}, - {"shape":"ServiceQuotaExceededException"}, - {"shape":"ConflictException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Creates an anomaly detector.

    " - }, - "CreateMetricSet":{ - "name":"CreateMetricSet", - "http":{ - "method":"POST", - "requestUri":"/CreateMetricSet" - }, - "input":{"shape":"CreateMetricSetRequest"}, - "output":{"shape":"CreateMetricSetResponse"}, - "errors":[ - {"shape":"ConflictException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ServiceQuotaExceededException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Creates a dataset.

    " - }, - "DeactivateAnomalyDetector":{ - "name":"DeactivateAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/DeactivateAnomalyDetector" - }, - "input":{"shape":"DeactivateAnomalyDetectorRequest"}, - "output":{"shape":"DeactivateAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deactivates an anomaly detector.

    " - }, - "DeleteAlert":{ - "name":"DeleteAlert", - "http":{ - "method":"POST", - "requestUri":"/DeleteAlert" - }, - "input":{"shape":"DeleteAlertRequest"}, - "output":{"shape":"DeleteAlertResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deletes an alert.

    " - }, - "DeleteAnomalyDetector":{ - "name":"DeleteAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/DeleteAnomalyDetector" - }, - "input":{"shape":"DeleteAnomalyDetectorRequest"}, - "output":{"shape":"DeleteAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deletes a detector. Deleting an anomaly detector will delete all of its corresponding resources including any configured datasets and alerts.

    " - }, - "DescribeAlert":{ - "name":"DescribeAlert", - "http":{ - "method":"POST", - "requestUri":"/DescribeAlert" - }, - "input":{"shape":"DescribeAlertRequest"}, - "output":{"shape":"DescribeAlertResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Describes an alert.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "DescribeAnomalyDetectionExecutions":{ - "name":"DescribeAnomalyDetectionExecutions", - "http":{ - "method":"POST", - "requestUri":"/DescribeAnomalyDetectionExecutions" - }, - "input":{"shape":"DescribeAnomalyDetectionExecutionsRequest"}, - "output":{"shape":"DescribeAnomalyDetectionExecutionsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Returns information about the status of the specified anomaly detection jobs.

    " - }, - "DescribeAnomalyDetector":{ - "name":"DescribeAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/DescribeAnomalyDetector" - }, - "input":{"shape":"DescribeAnomalyDetectorRequest"}, - "output":{"shape":"DescribeAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Describes a detector.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "DescribeMetricSet":{ - "name":"DescribeMetricSet", - "http":{ - "method":"POST", - "requestUri":"/DescribeMetricSet" - }, - "input":{"shape":"DescribeMetricSetRequest"}, - "output":{"shape":"DescribeMetricSetResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Describes a dataset.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "DetectMetricSetConfig":{ - "name":"DetectMetricSetConfig", - "http":{ - "method":"POST", - "requestUri":"/DetectMetricSetConfig" - }, - "input":{"shape":"DetectMetricSetConfigRequest"}, - "output":{"shape":"DetectMetricSetConfigResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Detects an Amazon S3 dataset's file format, interval, and offset.

    " - }, - "GetAnomalyGroup":{ - "name":"GetAnomalyGroup", - "http":{ - "method":"POST", - "requestUri":"/GetAnomalyGroup" - }, - "input":{"shape":"GetAnomalyGroupRequest"}, - "output":{"shape":"GetAnomalyGroupResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Returns details about a group of anomalous metrics.

    " - }, - "GetDataQualityMetrics":{ - "name":"GetDataQualityMetrics", - "http":{ - "method":"POST", - "requestUri":"/GetDataQualityMetrics" - }, - "input":{"shape":"GetDataQualityMetricsRequest"}, - "output":{"shape":"GetDataQualityMetricsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Returns details about the requested data quality metrics.

    " - }, - "GetFeedback":{ - "name":"GetFeedback", - "http":{ - "method":"POST", - "requestUri":"/GetFeedback" - }, - "input":{"shape":"GetFeedbackRequest"}, - "output":{"shape":"GetFeedbackResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Get feedback for an anomaly group.

    " - }, - "GetSampleData":{ - "name":"GetSampleData", - "http":{ - "method":"POST", - "requestUri":"/GetSampleData" - }, - "input":{"shape":"GetSampleDataRequest"}, - "output":{"shape":"GetSampleDataResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Returns a selection of sample records from an Amazon S3 datasource.

    " - }, - "ListAlerts":{ - "name":"ListAlerts", - "http":{ - "method":"POST", - "requestUri":"/ListAlerts" - }, - "input":{"shape":"ListAlertsRequest"}, - "output":{"shape":"ListAlertsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Lists the alerts attached to a detector.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "ListAnomalyDetectors":{ - "name":"ListAnomalyDetectors", - "http":{ - "method":"POST", - "requestUri":"/ListAnomalyDetectors" - }, - "input":{"shape":"ListAnomalyDetectorsRequest"}, - "output":{"shape":"ListAnomalyDetectorsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists the detectors in the current AWS Region.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "ListAnomalyGroupRelatedMetrics":{ - "name":"ListAnomalyGroupRelatedMetrics", - "http":{ - "method":"POST", - "requestUri":"/ListAnomalyGroupRelatedMetrics" - }, - "input":{"shape":"ListAnomalyGroupRelatedMetricsRequest"}, - "output":{"shape":"ListAnomalyGroupRelatedMetricsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Returns a list of measures that are potential causes or effects of an anomaly group.

    " - }, - "ListAnomalyGroupSummaries":{ - "name":"ListAnomalyGroupSummaries", - "http":{ - "method":"POST", - "requestUri":"/ListAnomalyGroupSummaries" - }, - "input":{"shape":"ListAnomalyGroupSummariesRequest"}, - "output":{"shape":"ListAnomalyGroupSummariesResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Returns a list of anomaly groups.

    " - }, - "ListAnomalyGroupTimeSeries":{ - "name":"ListAnomalyGroupTimeSeries", - "http":{ - "method":"POST", - "requestUri":"/ListAnomalyGroupTimeSeries" - }, - "input":{"shape":"ListAnomalyGroupTimeSeriesRequest"}, - "output":{"shape":"ListAnomalyGroupTimeSeriesResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Gets a list of anomalous metrics for a measure in an anomaly group.

    " - }, - "ListMetricSets":{ - "name":"ListMetricSets", - "http":{ - "method":"POST", - "requestUri":"/ListMetricSets" - }, - "input":{"shape":"ListMetricSetsRequest"}, - "output":{"shape":"ListMetricSetsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists the datasets in the current AWS Region.

    Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Gets a list of tags for a detector, dataset, or alert.

    " - }, - "PutFeedback":{ - "name":"PutFeedback", - "http":{ - "method":"POST", - "requestUri":"/PutFeedback" - }, - "input":{"shape":"PutFeedbackRequest"}, - "output":{"shape":"PutFeedbackResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Add feedback for an anomalous metric.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}", - "responseCode":204 - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Adds tags to a detector, dataset, or alert.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}", - "responseCode":204 - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Removes tags from a detector, dataset, or alert.

    " - }, - "UpdateAlert":{ - "name":"UpdateAlert", - "http":{ - "method":"POST", - "requestUri":"/UpdateAlert" - }, - "input":{"shape":"UpdateAlertRequest"}, - "output":{"shape":"UpdateAlertResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Make changes to an existing alert.

    " - }, - "UpdateAnomalyDetector":{ - "name":"UpdateAnomalyDetector", - "http":{ - "method":"POST", - "requestUri":"/UpdateAnomalyDetector" - }, - "input":{"shape":"UpdateAnomalyDetectorRequest"}, - "output":{"shape":"UpdateAnomalyDetectorResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"} - ], - "documentation":"

    Updates a detector. After activation, you can only change a detector's ingestion delay and description.

    " - }, - "UpdateMetricSet":{ - "name":"UpdateMetricSet", - "http":{ - "method":"POST", - "requestUri":"/UpdateMetricSet" - }, - "input":{"shape":"UpdateMetricSetRequest"}, - "output":{"shape":"UpdateMetricSetResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"AccessDeniedException"}, - {"shape":"TooManyRequestsException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Updates a dataset.

    " - } - }, - "shapes":{ - "AccessDeniedException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"} - }, - "documentation":"

    You do not have sufficient permissions to perform this action.

    ", - "error":{"httpStatusCode":403}, - "exception":true - }, - "Action":{ - "type":"structure", - "members":{ - "SNSConfiguration":{ - "shape":"SNSConfiguration", - "documentation":"

    A configuration for an Amazon SNS channel.

    " - }, - "LambdaConfiguration":{ - "shape":"LambdaConfiguration", - "documentation":"

    A configuration for an AWS Lambda channel.

    " - } - }, - "documentation":"

    A configuration that specifies the action to perform when anomalies are detected.

    " - }, - "ActivateAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the anomaly detector.

    " - } - } - }, - "ActivateAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - } - }, - "AggregationFunction":{ - "type":"string", - "enum":[ - "AVG", - "SUM" - ] - }, - "Alert":{ - "type":"structure", - "members":{ - "Action":{ - "shape":"Action", - "documentation":"

    Action that will be triggered when there is an alert.

    " - }, - "AlertDescription":{ - "shape":"AlertDescription", - "documentation":"

    A description of the alert.

    " - }, - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to which the alert is attached.

    " - }, - "AlertName":{ - "shape":"AlertName", - "documentation":"

    The name of the alert.

    " - }, - "AlertSensitivityThreshold":{ - "shape":"SensitivityThreshold", - "documentation":"

    The minimum severity for an anomaly to trigger the alert.

    " - }, - "AlertType":{ - "shape":"AlertType", - "documentation":"

    The type of the alert.

    " - }, - "AlertStatus":{ - "shape":"AlertStatus", - "documentation":"

    The status of the alert.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the alert was last modified.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the alert was created.

    " - }, - "AlertFilters":{ - "shape":"AlertFilters", - "documentation":"

    The configuration of the alert filters, containing MetricList and DimensionFilter.

    " - } - }, - "documentation":"

    A configuration for Amazon SNS-integrated notifications.

    " - }, - "AlertDescription":{ - "type":"string", - "max":256, - "pattern":".*\\S.*" - }, - "AlertFilters":{ - "type":"structure", - "members":{ - "MetricList":{ - "shape":"MetricNameList", - "documentation":"

    The list of measures that you want to get alerts for.

    " - }, - "DimensionFilterList":{ - "shape":"DimensionFilterList", - "documentation":"

    The list of DimensionFilter objects that are used for dimension-based filtering.

    " - } - }, - "documentation":"

    The configuration of the alert filters.

    " - }, - "AlertName":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "AlertStatus":{ - "type":"string", - "enum":[ - "ACTIVE", - "INACTIVE" - ] - }, - "AlertSummary":{ - "type":"structure", - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to which the alert is attached.

    " - }, - "AlertName":{ - "shape":"AlertName", - "documentation":"

    The name of the alert.

    " - }, - "AlertSensitivityThreshold":{ - "shape":"SensitivityThreshold", - "documentation":"

    The minimum severity for an anomaly to trigger the alert.

    " - }, - "AlertType":{ - "shape":"AlertType", - "documentation":"

    The type of the alert.

    " - }, - "AlertStatus":{ - "shape":"AlertStatus", - "documentation":"

    The status of the alert.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the alert was last modified.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the alert was created.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    The alert's tags.

    " - } - }, - "documentation":"

    Provides a summary of an alert's configuration.

    " - }, - "AlertSummaryList":{ - "type":"list", - "member":{"shape":"AlertSummary"} - }, - "AlertType":{ - "type":"string", - "enum":[ - "SNS", - "LAMBDA" - ] - }, - "AnomalyDetectionTaskStatus":{ - "type":"string", - "enum":[ - "PENDING", - "IN_PROGRESS", - "COMPLETED", - "FAILED", - "FAILED_TO_SCHEDULE" - ] - }, - "AnomalyDetectionTaskStatusMessage":{ - "type":"string", - "max":256, - "min":1, - "pattern":".*\\S.*" - }, - "AnomalyDetectorConfig":{ - "type":"structure", - "members":{ - "AnomalyDetectorFrequency":{ - "shape":"Frequency", - "documentation":"

    The frequency at which the detector analyzes its source data.

    " - } - }, - "documentation":"

    Contains information about a detector's configuration.

    " - }, - "AnomalyDetectorConfigSummary":{ - "type":"structure", - "members":{ - "AnomalyDetectorFrequency":{ - "shape":"Frequency", - "documentation":"

    The interval at which the detector analyzes its source data.

    " - } - }, - "documentation":"

    Contains information about a detector's configuration.

    " - }, - "AnomalyDetectorDataQualityMetric":{ - "type":"structure", - "members":{ - "StartTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The start time for the data quality metrics collection.

    " - }, - "MetricSetDataQualityMetricList":{ - "shape":"MetricSetDataQualityMetricList", - "documentation":"

    An array of DataQualityMetricList objects. Each object in the array contains information about a data quality metric.

    " - } - }, - "documentation":"

    Aggregated details about the data quality metrics collected for the AnomalyDetectorArn provided in the GetDataQualityMetrics object.

    " - }, - "AnomalyDetectorDataQualityMetricList":{ - "type":"list", - "member":{"shape":"AnomalyDetectorDataQualityMetric"} - }, - "AnomalyDetectorDescription":{ - "type":"string", - "max":256, - "min":1, - "pattern":".*\\S.*" - }, - "AnomalyDetectorFailureType":{ - "type":"string", - "enum":[ - "ACTIVATION_FAILURE", - "BACK_TEST_ACTIVATION_FAILURE", - "DELETION_FAILURE", - "DEACTIVATION_FAILURE" - ] - }, - "AnomalyDetectorName":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "AnomalyDetectorStatus":{ - "type":"string", - "enum":[ - "ACTIVE", - "ACTIVATING", - "DELETING", - "FAILED", - "INACTIVE", - "LEARNING", - "BACK_TEST_ACTIVATING", - "BACK_TEST_ACTIVE", - "BACK_TEST_COMPLETE", - "DEACTIVATED", - "DEACTIVATING" - ] - }, - "AnomalyDetectorSummary":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector.

    " - }, - "AnomalyDetectorName":{ - "shape":"AnomalyDetectorName", - "documentation":"

    The name of the detector.

    " - }, - "AnomalyDetectorDescription":{ - "shape":"AnomalyDetectorDescription", - "documentation":"

    A description of the detector.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the detector was created.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the detector was last modified.

    " - }, - "Status":{ - "shape":"AnomalyDetectorStatus", - "documentation":"

    The status of detector.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    The detector's tags.

    " - } - }, - "documentation":"

    Contains information about an an anomaly detector.

    " - }, - "AnomalyDetectorSummaryList":{ - "type":"list", - "member":{"shape":"AnomalyDetectorSummary"} - }, - "AnomalyGroup":{ - "type":"structure", - "members":{ - "StartTime":{ - "shape":"TimestampString", - "documentation":"

    The start time for the group.

    " - }, - "EndTime":{ - "shape":"TimestampString", - "documentation":"

    The end time for the group.

    " - }, - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "AnomalyGroupScore":{ - "shape":"Score", - "documentation":"

    The severity score of the group.

    " - }, - "PrimaryMetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the primary affected measure for the group.

    " - }, - "MetricLevelImpactList":{ - "shape":"MetricLevelImpactList", - "documentation":"

    A list of measures affected by the anomaly.

    " - } - }, - "documentation":"

    A group of anomalous metrics

    " - }, - "AnomalyGroupStatistics":{ - "type":"structure", - "members":{ - "EvaluationStartDate":{ - "shape":"TimestampString", - "documentation":"

    The start of the time range that was searched.

    " - }, - "TotalCount":{ - "shape":"Integer", - "documentation":"

    The number of groups found.

    " - }, - "ItemizedMetricStatsList":{ - "shape":"ItemizedMetricStatsList", - "documentation":"

    Statistics for individual metrics within the group.

    " - } - }, - "documentation":"

    Aggregated statistics for a group of anomalous metrics.

    " - }, - "AnomalyGroupSummary":{ - "type":"structure", - "members":{ - "StartTime":{ - "shape":"TimestampString", - "documentation":"

    The start time for the group.

    " - }, - "EndTime":{ - "shape":"TimestampString", - "documentation":"

    The end time for the group.

    " - }, - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "AnomalyGroupScore":{ - "shape":"Score", - "documentation":"

    The severity score of the group.

    " - }, - "PrimaryMetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the primary affected measure for the group.

    " - } - }, - "documentation":"

    Details about a group of anomalous metrics.

    " - }, - "AnomalyGroupSummaryList":{ - "type":"list", - "member":{"shape":"AnomalyGroupSummary"} - }, - "AnomalyGroupTimeSeries":{ - "type":"structure", - "required":["AnomalyGroupId"], - "members":{ - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "TimeSeriesId":{ - "shape":"TimeSeriesId", - "documentation":"

    The ID of the metric.

    " - } - }, - "documentation":"

    An anomalous metric in an anomaly group.

    " - }, - "AnomalyGroupTimeSeriesFeedback":{ - "type":"structure", - "required":[ - "AnomalyGroupId", - "TimeSeriesId", - "IsAnomaly" - ], - "members":{ - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "TimeSeriesId":{ - "shape":"TimeSeriesId", - "documentation":"

    The ID of the metric.

    " - }, - "IsAnomaly":{ - "shape":"Boolean", - "documentation":"

    Feedback on whether the metric is a legitimate anomaly.

    " - } - }, - "documentation":"

    Feedback for an anomalous metric.

    " - }, - "AppFlowConfig":{ - "type":"structure", - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    An IAM role that gives Amazon Lookout for Metrics permission to access the flow.

    " - }, - "FlowName":{ - "shape":"FlowName", - "documentation":"

    name of the flow.

    " - } - }, - "documentation":"

    Details about an Amazon AppFlow flow datasource.

    " - }, - "Arn":{ - "type":"string", - "max":256, - "pattern":"arn:([a-z\\d-]+):.*:.*:.*:.+" - }, - "AthenaDataCatalog":{ - "type":"string", - "max":256, - "min":1, - "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*" - }, - "AthenaDatabaseName":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[a-zA-Z0-9_]+" - }, - "AthenaS3ResultsPath":{ - "type":"string", - "max":1024, - "pattern":"^s3://[a-z0-9].+$" - }, - "AthenaSourceConfig":{ - "type":"structure", - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    An IAM role that gives Amazon Lookout for Metrics permission to access the data.

    " - }, - "DatabaseName":{ - "shape":"AthenaDatabaseName", - "documentation":"

    The database's name.

    " - }, - "DataCatalog":{ - "shape":"AthenaDataCatalog", - "documentation":"

    The database's data catalog.

    " - }, - "TableName":{ - "shape":"AthenaTableName", - "documentation":"

    The database's table name.

    " - }, - "WorkGroupName":{ - "shape":"AthenaWorkGroupName", - "documentation":"

    The database's work group name.

    " - }, - "S3ResultsPath":{ - "shape":"AthenaS3ResultsPath", - "documentation":"

    The database's results path.

    " - }, - "BackTestConfiguration":{ - "shape":"BackTestConfiguration", - "documentation":"

    Settings for backtest mode.

    " - } - }, - "documentation":"

    Details about an Amazon Athena datasource.

    " - }, - "AthenaTableName":{ - "type":"string", - "max":128, - "min":1, - "pattern":"[a-zA-Z0-9_]+" - }, - "AthenaWorkGroupName":{ - "type":"string", - "max":128, - "min":1, - "pattern":"[a-zA-Z0-9._-]{1,128}" - }, - "AttributeValue":{ - "type":"structure", - "members":{ - "S":{ - "shape":"StringAttributeValue", - "documentation":"

    A string.

    " - }, - "N":{ - "shape":"NumberAttributeValue", - "documentation":"

    A number.

    " - }, - "B":{ - "shape":"BinaryAttributeValue", - "documentation":"

    A binary value.

    " - }, - "SS":{ - "shape":"StringListAttributeValue", - "documentation":"

    A list of strings.

    " - }, - "NS":{ - "shape":"NumberListAttributeValue", - "documentation":"

    A list of numbers.

    " - }, - "BS":{ - "shape":"BinaryListAttributeValue", - "documentation":"

    A list of binary values.

    " - } - }, - "documentation":"

    An attribute value.

    " - }, - "AutoDetectionMetricSource":{ - "type":"structure", - "members":{ - "S3SourceConfig":{ - "shape":"AutoDetectionS3SourceConfig", - "documentation":"

    The source's source config.

    " - } - }, - "documentation":"

    An auto detection metric source.

    " - }, - "AutoDetectionS3SourceConfig":{ - "type":"structure", - "members":{ - "TemplatedPathList":{ - "shape":"TemplatedPathList", - "documentation":"

    The config's templated path list.

    " - }, - "HistoricalDataPathList":{ - "shape":"HistoricalDataPathList", - "documentation":"

    The config's historical data path list.

    " - } - }, - "documentation":"

    An auto detection source config.

    " - }, - "BackTestAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - } - } - }, - "BackTestAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - } - }, - "BackTestConfiguration":{ - "type":"structure", - "required":["RunBackTestMode"], - "members":{ - "RunBackTestMode":{ - "shape":"Boolean", - "documentation":"

    Run a backtest instead of monitoring new data.

    " - } - }, - "documentation":"

    Settings for backtest mode.

    " - }, - "BinaryAttributeValue":{"type":"string"}, - "BinaryListAttributeValue":{ - "type":"list", - "member":{"shape":"BinaryAttributeValue"} - }, - "Boolean":{"type":"boolean"}, - "CSVFileCompression":{ - "type":"string", - "enum":[ - "NONE", - "GZIP" - ] - }, - "Charset":{ - "type":"string", - "max":63, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "CloudWatchConfig":{ - "type":"structure", - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    An IAM role that gives Amazon Lookout for Metrics permission to access data in Amazon CloudWatch.

    " - }, - "BackTestConfiguration":{ - "shape":"BackTestConfiguration", - "documentation":"

    Settings for backtest mode.

    " - } - }, - "documentation":"

    Details about an Amazon CloudWatch datasource.

    " - }, - "ColumnName":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "Confidence":{ - "type":"string", - "enum":[ - "HIGH", - "LOW", - "NONE" - ] - }, - "ConflictException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"}, - "ResourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - } - }, - "documentation":"

    There was a conflict processing the request. Try your request again.

    ", - "error":{"httpStatusCode":409}, - "exception":true - }, - "ContributionMatrix":{ - "type":"structure", - "members":{ - "DimensionContributionList":{ - "shape":"DimensionContributionList", - "documentation":"

    A list of contributing dimensions.

    " - } - }, - "documentation":"

    Details about dimensions that contributed to an anomaly.

    " - }, - "CreateAlertRequest":{ - "type":"structure", - "required":[ - "AlertName", - "AnomalyDetectorArn", - "Action" - ], - "members":{ - "AlertName":{ - "shape":"AlertName", - "documentation":"

    The name of the alert.

    " - }, - "AlertSensitivityThreshold":{ - "shape":"SensitivityThreshold", - "documentation":"

    An integer from 0 to 100 specifying the alert sensitivity threshold.

    " - }, - "AlertDescription":{ - "shape":"AlertDescription", - "documentation":"

    A description of the alert.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to which the alert is attached.

    " - }, - "Action":{ - "shape":"Action", - "documentation":"

    Action that will be triggered when there is an alert.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    A list of tags to apply to the alert.

    " - }, - "AlertFilters":{ - "shape":"AlertFilters", - "documentation":"

    The configuration of the alert filters, containing MetricList and DimensionFilterList.

    " - } - } - }, - "CreateAlertResponse":{ - "type":"structure", - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert.

    " - } - } - }, - "CreateAnomalyDetectorRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorName", - "AnomalyDetectorConfig" - ], - "members":{ - "AnomalyDetectorName":{ - "shape":"AnomalyDetectorName", - "documentation":"

    The name of the detector.

    " - }, - "AnomalyDetectorDescription":{ - "shape":"AnomalyDetectorDescription", - "documentation":"

    A description of the detector.

    " - }, - "AnomalyDetectorConfig":{ - "shape":"AnomalyDetectorConfig", - "documentation":"

    Contains information about the configuration of the anomaly detector.

    " - }, - "KmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

    The ARN of the KMS key to use to encrypt your data.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    A list of tags to apply to the anomaly detector.

    " - } - } - }, - "CreateAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector.

    " - } - } - }, - "CreateMetricSetRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "MetricSetName", - "MetricList", - "MetricSource" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the anomaly detector that will use the dataset.

    " - }, - "MetricSetName":{ - "shape":"MetricSetName", - "documentation":"

    The name of the dataset.

    " - }, - "MetricSetDescription":{ - "shape":"MetricSetDescription", - "documentation":"

    A description of the dataset you are creating.

    " - }, - "MetricList":{ - "shape":"MetricList", - "documentation":"

    A list of metrics that the dataset will contain.

    " - }, - "Offset":{ - "shape":"Offset", - "documentation":"

    After an interval ends, the amount of seconds that the detector waits before importing data. Offset is only supported for S3, Redshift, Athena and datasources.

    ", - "box":true - }, - "TimestampColumn":{ - "shape":"TimestampColumn", - "documentation":"

    Contains information about the column used for tracking time in your source data.

    " - }, - "DimensionList":{ - "shape":"DimensionList", - "documentation":"

    A list of the fields you want to treat as dimensions.

    " - }, - "MetricSetFrequency":{ - "shape":"Frequency", - "documentation":"

    The frequency with which the source data will be analyzed for anomalies.

    " - }, - "MetricSource":{ - "shape":"MetricSource", - "documentation":"

    Contains information about how the source data should be interpreted.

    " - }, - "Timezone":{ - "shape":"Timezone", - "documentation":"

    The time zone in which your source data was recorded.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    A list of tags to apply to the dataset.

    " - }, - "DimensionFilterList":{ - "shape":"MetricSetDimensionFilterList", - "documentation":"

    A list of filters that specify which data is kept for anomaly detection.

    " - } - } - }, - "CreateMetricSetResponse":{ - "type":"structure", - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset.

    " - } - } - }, - "CsvFormatDescriptor":{ - "type":"structure", - "members":{ - "FileCompression":{ - "shape":"CSVFileCompression", - "documentation":"

    The level of compression of the source CSV file.

    " - }, - "Charset":{ - "shape":"Charset", - "documentation":"

    The character set in which the source CSV file is written.

    " - }, - "ContainsHeader":{ - "shape":"Boolean", - "documentation":"

    Whether or not the source CSV file contains a header.

    " - }, - "Delimiter":{ - "shape":"Delimiter", - "documentation":"

    The character used to delimit the source CSV file.

    " - }, - "HeaderList":{ - "shape":"HeaderList", - "documentation":"

    A list of the source CSV file's headers, if any.

    " - }, - "QuoteSymbol":{ - "shape":"QuoteSymbol", - "documentation":"

    The character used as a quote character.

    " - } - }, - "documentation":"

    Contains information about how a source CSV data file should be analyzed.

    " - }, - "DataItem":{"type":"string"}, - "DataQualityMetric":{ - "type":"structure", - "members":{ - "MetricType":{ - "shape":"DataQualityMetricType", - "documentation":"

    The name of the data quality metric.

    " - }, - "MetricDescription":{ - "shape":"DataQualityMetricDescription", - "documentation":"

    A description of the data quality metric.

    " - }, - "RelatedColumnName":{ - "shape":"RelatedColumnName", - "documentation":"

    The column that is being monitored.

    " - }, - "MetricValue":{ - "shape":"Double", - "documentation":"

    The value of the data quality metric.

    " - } - }, - "documentation":"

    An array that describes a data quality metric. Each DataQualityMetric object contains the data quality metric name, its value, a description of the metric, and the affected column.

    " - }, - "DataQualityMetricDescription":{ - "type":"string", - "max":256, - "min":1, - "pattern":".*\\S.*" - }, - "DataQualityMetricList":{ - "type":"list", - "member":{"shape":"DataQualityMetric"} - }, - "DataQualityMetricType":{ - "type":"string", - "enum":[ - "COLUMN_COMPLETENESS", - "DIMENSION_UNIQUENESS", - "TIME_SERIES_COUNT", - "ROWS_PROCESSED", - "ROWS_PARTIAL_COMPLIANCE", - "INVALID_ROWS_COMPLIANCE", - "BACKTEST_TRAINING_DATA_START_TIME_STAMP", - "BACKTEST_TRAINING_DATA_END_TIME_STAMP", - "BACKTEST_INFERENCE_DATA_START_TIME_STAMP", - "BACKTEST_INFERENCE_DATA_END_TIME_STAMP" - ] - }, - "DatabaseHost":{ - "type":"string", - "max":253, - "min":1, - "pattern":".*\\S.*" - }, - "DatabasePort":{ - "type":"integer", - "max":65535, - "min":1 - }, - "DateTimeFormat":{ - "type":"string", - "max":63, - "pattern":".*\\S.*" - }, - "DeactivateAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - } - } - }, - "DeactivateAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteAlertRequest":{ - "type":"structure", - "required":["AlertArn"], - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert to delete.

    " - } - } - }, - "DeleteAlertResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to delete.

    " - } - } - }, - "DeleteAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - } - }, - "Delimiter":{ - "type":"string", - "max":1, - "pattern":"[^\\r\\n]" - }, - "DescribeAlertRequest":{ - "type":"structure", - "required":["AlertArn"], - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert to describe.

    " - } - } - }, - "DescribeAlertResponse":{ - "type":"structure", - "members":{ - "Alert":{ - "shape":"Alert", - "documentation":"

    Contains information about an alert.

    " - } - } - }, - "DescribeAnomalyDetectionExecutionsRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "Timestamp":{ - "shape":"TimestampString", - "documentation":"

    The timestamp of the anomaly detection job.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The number of items to return in the response.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Specify the pagination token that's returned by a previous request to retrieve the next page of results.

    " - } - } - }, - "DescribeAnomalyDetectionExecutionsResponse":{ - "type":"structure", - "members":{ - "ExecutionList":{ - "shape":"ExecutionList", - "documentation":"

    A list of detection jobs.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token that's included if more results are available.

    " - } - } - }, - "DescribeAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to describe.

    " - } - } - }, - "DescribeAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector.

    " - }, - "AnomalyDetectorName":{ - "shape":"AnomalyDetectorName", - "documentation":"

    The name of the detector.

    " - }, - "AnomalyDetectorDescription":{ - "shape":"AnomalyDetectorDescription", - "documentation":"

    A description of the detector.

    " - }, - "AnomalyDetectorConfig":{ - "shape":"AnomalyDetectorConfigSummary", - "documentation":"

    Contains information about the detector's configuration.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the detector was created.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the detector was last modified.

    " - }, - "Status":{ - "shape":"AnomalyDetectorStatus", - "documentation":"

    The status of the detector.

    " - }, - "FailureReason":{ - "shape":"ErrorMessage", - "documentation":"

    The reason that the detector failed.

    " - }, - "KmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

    The ARN of the KMS key to use to encrypt your data.

    " - }, - "FailureType":{ - "shape":"AnomalyDetectorFailureType", - "documentation":"

    The process that caused the detector to fail.

    " - } - } - }, - "DescribeMetricSetRequest":{ - "type":"structure", - "required":["MetricSetArn"], - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset.

    " - } - } - }, - "DescribeMetricSetResponse":{ - "type":"structure", - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector that contains the dataset.

    " - }, - "MetricSetName":{ - "shape":"MetricSetName", - "documentation":"

    The name of the dataset.

    " - }, - "MetricSetDescription":{ - "shape":"MetricSetDescription", - "documentation":"

    The dataset's description.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the dataset was created.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the dataset was last modified.

    " - }, - "Offset":{ - "shape":"Offset", - "documentation":"

    After an interval ends, the amount of seconds that the detector waits before importing data. Offset is only supported for S3, Redshift, Athena and datasources.

    ", - "box":true - }, - "MetricList":{ - "shape":"MetricList", - "documentation":"

    A list of the metrics defined by the dataset.

    " - }, - "TimestampColumn":{ - "shape":"TimestampColumn", - "documentation":"

    Contains information about the column used for tracking time in your source data.

    " - }, - "DimensionList":{ - "shape":"DimensionList", - "documentation":"

    A list of the dimensions chosen for analysis.

    " - }, - "MetricSetFrequency":{ - "shape":"Frequency", - "documentation":"

    The interval at which the data will be analyzed for anomalies.

    " - }, - "Timezone":{ - "shape":"Timezone", - "documentation":"

    The time zone in which the dataset's data was recorded.

    " - }, - "MetricSource":{ - "shape":"MetricSource", - "documentation":"

    Contains information about the dataset's source data.

    " - }, - "DimensionFilterList":{ - "shape":"MetricSetDimensionFilterList", - "documentation":"

    The dimensions and their values that were used to filter the dataset.

    " - } - } - }, - "DetectMetricSetConfigRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "AutoDetectionMetricSource" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    An anomaly detector ARN.

    " - }, - "AutoDetectionMetricSource":{ - "shape":"AutoDetectionMetricSource", - "documentation":"

    A data source.

    " - } - } - }, - "DetectMetricSetConfigResponse":{ - "type":"structure", - "members":{ - "DetectedMetricSetConfig":{ - "shape":"DetectedMetricSetConfig", - "documentation":"

    The inferred dataset configuration for the datasource.

    " - } - } - }, - "DetectedCsvFormatDescriptor":{ - "type":"structure", - "members":{ - "FileCompression":{ - "shape":"DetectedField", - "documentation":"

    The format's file compression.

    " - }, - "Charset":{ - "shape":"DetectedField", - "documentation":"

    The format's charset.

    " - }, - "ContainsHeader":{ - "shape":"DetectedField", - "documentation":"

    Whether the format includes a header.

    " - }, - "Delimiter":{ - "shape":"DetectedField", - "documentation":"

    The format's delimiter.

    " - }, - "HeaderList":{ - "shape":"DetectedField", - "documentation":"

    The format's header list.

    " - }, - "QuoteSymbol":{ - "shape":"DetectedField", - "documentation":"

    The format's quote symbol.

    " - } - }, - "documentation":"

    Properties of an inferred CSV format.

    " - }, - "DetectedField":{ - "type":"structure", - "members":{ - "Value":{ - "shape":"AttributeValue", - "documentation":"

    The field's value.

    " - }, - "Confidence":{ - "shape":"Confidence", - "documentation":"

    The field's confidence.

    " - }, - "Message":{ - "shape":"Message", - "documentation":"

    The field's message.

    " - } - }, - "documentation":"

    An inferred field.

    " - }, - "DetectedFileFormatDescriptor":{ - "type":"structure", - "members":{ - "CsvFormatDescriptor":{ - "shape":"DetectedCsvFormatDescriptor", - "documentation":"

    Details about a CSV format.

    " - }, - "JsonFormatDescriptor":{ - "shape":"DetectedJsonFormatDescriptor", - "documentation":"

    Details about a JSON format.

    " - } - }, - "documentation":"

    Properties of an inferred data format.

    " - }, - "DetectedJsonFormatDescriptor":{ - "type":"structure", - "members":{ - "FileCompression":{ - "shape":"DetectedField", - "documentation":"

    The format's file compression.

    " - }, - "Charset":{ - "shape":"DetectedField", - "documentation":"

    The format's character set.

    " - } - }, - "documentation":"

    A detected JSON format descriptor.

    " - }, - "DetectedMetricSetConfig":{ - "type":"structure", - "members":{ - "Offset":{ - "shape":"DetectedField", - "documentation":"

    The dataset's offset.

    " - }, - "MetricSetFrequency":{ - "shape":"DetectedField", - "documentation":"

    The dataset's interval.

    " - }, - "MetricSource":{ - "shape":"DetectedMetricSource", - "documentation":"

    The dataset's data source.

    " - } - }, - "documentation":"

    An inferred dataset configuration.

    " - }, - "DetectedMetricSource":{ - "type":"structure", - "members":{ - "S3SourceConfig":{ - "shape":"DetectedS3SourceConfig", - "documentation":"

    The data source's source configuration.

    " - } - }, - "documentation":"

    An inferred data source.

    " - }, - "DetectedS3SourceConfig":{ - "type":"structure", - "members":{ - "FileFormatDescriptor":{ - "shape":"DetectedFileFormatDescriptor", - "documentation":"

    The source's file format descriptor.

    " - } - }, - "documentation":"

    An inferred source configuration.

    " - }, - "DimensionContribution":{ - "type":"structure", - "members":{ - "DimensionName":{ - "shape":"ColumnName", - "documentation":"

    The name of the dimension.

    " - }, - "DimensionValueContributionList":{ - "shape":"DimensionValueContributionList", - "documentation":"

    A list of dimension values that contributed to the anomaly.

    " - } - }, - "documentation":"

    Details about a dimension that contributed to an anomaly.

    " - }, - "DimensionContributionList":{ - "type":"list", - "member":{"shape":"DimensionContribution"} - }, - "DimensionFilter":{ - "type":"structure", - "members":{ - "DimensionName":{ - "shape":"ColumnName", - "documentation":"

    The name of the dimension to filter on.

    " - }, - "DimensionValueList":{ - "shape":"DimensionValueList", - "documentation":"

    The list of values for the dimension specified in DimensionName that you want to filter on.

    " - } - }, - "documentation":"

    The dimension filter, containing DimensionName and DimensionValueList.

    " - }, - "DimensionFilterList":{ - "type":"list", - "member":{"shape":"DimensionFilter"}, - "max":5, - "min":1 - }, - "DimensionList":{ - "type":"list", - "member":{"shape":"ColumnName"}, - "min":1 - }, - "DimensionNameValue":{ - "type":"structure", - "required":[ - "DimensionName", - "DimensionValue" - ], - "members":{ - "DimensionName":{ - "shape":"ColumnName", - "documentation":"

    The name of the dimension.

    " - }, - "DimensionValue":{ - "shape":"DimensionValue", - "documentation":"

    The value of the dimension.

    " - } - }, - "documentation":"

    A dimension name and value.

    " - }, - "DimensionNameValueList":{ - "type":"list", - "member":{"shape":"DimensionNameValue"} - }, - "DimensionValue":{"type":"string"}, - "DimensionValueContribution":{ - "type":"structure", - "members":{ - "DimensionValue":{ - "shape":"DimensionValue", - "documentation":"

    The value of the dimension.

    " - }, - "ContributionScore":{ - "shape":"Score", - "documentation":"

    The severity score of the value.

    " - } - }, - "documentation":"

    The severity of a value of a dimension that contributed to an anomaly.

    " - }, - "DimensionValueContributionList":{ - "type":"list", - "member":{"shape":"DimensionValueContribution"} - }, - "DimensionValueList":{ - "type":"list", - "member":{"shape":"DimensionValue"}, - "max":10, - "min":1 - }, - "Double":{"type":"double"}, - "ErrorMessage":{ - "type":"string", - "max":256 - }, - "ExecutionList":{ - "type":"list", - "member":{"shape":"ExecutionStatus"} - }, - "ExecutionStatus":{ - "type":"structure", - "members":{ - "Timestamp":{ - "shape":"TimestampString", - "documentation":"

    The run's timestamp.

    " - }, - "Status":{ - "shape":"AnomalyDetectionTaskStatus", - "documentation":"

    The run's status.

    " - }, - "FailureReason":{ - "shape":"AnomalyDetectionTaskStatusMessage", - "documentation":"

    The reason that the run failed, if applicable.

    " - } - }, - "documentation":"

    The status of an anomaly detector run.

    " - }, - "FieldName":{"type":"string"}, - "FileFormatDescriptor":{ - "type":"structure", - "members":{ - "CsvFormatDescriptor":{ - "shape":"CsvFormatDescriptor", - "documentation":"

    Contains information about how a source CSV data file should be analyzed.

    " - }, - "JsonFormatDescriptor":{ - "shape":"JsonFormatDescriptor", - "documentation":"

    Contains information about how a source JSON data file should be analyzed.

    " - } - }, - "documentation":"

    Contains information about a source file's formatting.

    " - }, - "Filter":{ - "type":"structure", - "members":{ - "DimensionValue":{ - "shape":"DimensionValue", - "documentation":"

    The value that you want to include in the filter.

    " - }, - "FilterOperation":{ - "shape":"FilterOperation", - "documentation":"

    The condition to apply.

    " - } - }, - "documentation":"

    Describes a filter for choosing a subset of dimension values. Each filter consists of the dimension that you want to include and the condition statement. The condition statement is specified in the FilterOperation object.

    " - }, - "FilterList":{ - "type":"list", - "member":{"shape":"Filter"}, - "min":1 - }, - "FilterOperation":{ - "type":"string", - "enum":["EQUALS"] - }, - "FlowName":{ - "type":"string", - "max":256, - "pattern":"[a-zA-Z0-9][\\w!@#.-]+" - }, - "Frequency":{ - "type":"string", - "enum":[ - "P1D", - "PT1H", - "PT10M", - "PT5M" - ] - }, - "GetAnomalyGroupRequest":{ - "type":"structure", - "required":[ - "AnomalyGroupId", - "AnomalyDetectorArn" - ], - "members":{ - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - } - } - }, - "GetAnomalyGroupResponse":{ - "type":"structure", - "members":{ - "AnomalyGroup":{ - "shape":"AnomalyGroup", - "documentation":"

    Details about the anomaly group.

    " - } - } - }, - "GetDataQualityMetricsRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector that you want to investigate.

    " - }, - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of a specific data quality metric set.

    " - } - } - }, - "GetDataQualityMetricsResponse":{ - "type":"structure", - "members":{ - "AnomalyDetectorDataQualityMetricList":{ - "shape":"AnomalyDetectorDataQualityMetricList", - "documentation":"

    A list of the data quality metrics for the AnomalyDetectorArn that you requested.

    " - } - } - }, - "GetFeedbackRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "AnomalyGroupTimeSeriesFeedback" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "AnomalyGroupTimeSeriesFeedback":{ - "shape":"AnomalyGroupTimeSeries", - "documentation":"

    The anomalous metric and group ID.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Specify the pagination token that's returned by a previous request to retrieve the next page of results.

    " - } - } - }, - "GetFeedbackResponse":{ - "type":"structure", - "members":{ - "AnomalyGroupTimeSeriesFeedback":{ - "shape":"TimeSeriesFeedbackList", - "documentation":"

    Feedback for an anomalous metric.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token that's included if more results are available.

    " - } - } - }, - "GetSampleDataRequest":{ - "type":"structure", - "members":{ - "S3SourceConfig":{ - "shape":"SampleDataS3SourceConfig", - "documentation":"

    A datasource bucket in Amazon S3.

    " - } - } - }, - "GetSampleDataResponse":{ - "type":"structure", - "members":{ - "HeaderValues":{ - "shape":"HeaderValueList", - "documentation":"

    A list of header labels for the records.

    " - }, - "SampleRows":{ - "shape":"SampleRows", - "documentation":"

    A list of records.

    " - } - } - }, - "HeaderList":{ - "type":"list", - "member":{"shape":"ColumnName"} - }, - "HeaderValue":{"type":"string"}, - "HeaderValueList":{ - "type":"list", - "member":{"shape":"HeaderValue"} - }, - "HistoricalDataPath":{ - "type":"string", - "max":1024, - "pattern":"^s3://[a-z0-9].+$" - }, - "HistoricalDataPathList":{ - "type":"list", - "member":{"shape":"HistoricalDataPath"}, - "max":1, - "min":1 - }, - "Integer":{"type":"integer"}, - "InterMetricImpactDetails":{ - "type":"structure", - "members":{ - "MetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the measure.

    " - }, - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "RelationshipType":{ - "shape":"RelationshipType", - "documentation":"

    Whether a measure is a potential cause of the anomaly group (CAUSE_OF_INPUT_ANOMALY_GROUP), or whether the measure is impacted by the anomaly group (EFFECT_OF_INPUT_ANOMALY_GROUP).

    " - }, - "ContributionPercentage":{ - "shape":"MetricChangePercentage", - "documentation":"

    For potential causes (CAUSE_OF_INPUT_ANOMALY_GROUP), the percentage contribution the measure has in causing the anomalies.

    " - } - }, - "documentation":"

    Aggregated details about the measures contributing to the anomaly group, and the measures potentially impacted by the anomaly group.

    " - }, - "InterMetricImpactList":{ - "type":"list", - "member":{"shape":"InterMetricImpactDetails"} - }, - "InternalServerException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"} - }, - "documentation":"

    The request processing has failed because of an unknown error, exception, or failure.

    ", - "error":{"httpStatusCode":500}, - "exception":true, - "fault":true - }, - "ItemizedMetricStats":{ - "type":"structure", - "members":{ - "MetricName":{ - "shape":"ColumnName", - "documentation":"

    The name of the measure.

    " - }, - "OccurrenceCount":{ - "shape":"Integer", - "documentation":"

    The number of times that the measure appears.

    " - } - }, - "documentation":"

    Aggregated statistics about a measure affected by an anomaly.

    " - }, - "ItemizedMetricStatsList":{ - "type":"list", - "member":{"shape":"ItemizedMetricStats"} - }, - "JsonFileCompression":{ - "type":"string", - "enum":[ - "NONE", - "GZIP" - ] - }, - "JsonFormatDescriptor":{ - "type":"structure", - "members":{ - "FileCompression":{ - "shape":"JsonFileCompression", - "documentation":"

    The level of compression of the source CSV file.

    " - }, - "Charset":{ - "shape":"Charset", - "documentation":"

    The character set in which the source JSON file is written.

    " - } - }, - "documentation":"

    Contains information about how a source JSON data file should be analyzed.

    " - }, - "KmsKeyArn":{ - "type":"string", - "max":2048, - "min":20, - "pattern":"arn:aws.*:kms:.*:[0-9]{12}:key/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}" - }, - "LambdaConfiguration":{ - "type":"structure", - "required":[ - "RoleArn", - "LambdaArn" - ], - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The ARN of an IAM role that has permission to invoke the Lambda function.

    " - }, - "LambdaArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the Lambda function.

    " - } - }, - "documentation":"

    Contains information about a Lambda configuration.

    " - }, - "ListAlertsRequest":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert's detector.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the result of the previous request is truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results that will be displayed by the request.

    ", - "box":true - } - } - }, - "ListAlertsResponse":{ - "type":"structure", - "members":{ - "AlertSummaryList":{ - "shape":"AlertSummaryList", - "documentation":"

    Contains information about an alert.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the response is truncated, the service returns this token. To retrieve the next set of results, use this token in the next request.

    " - } - } - }, - "ListAnomalyDetectorsRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the result of the previous request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours.

    " - } - } - }, - "ListAnomalyDetectorsResponse":{ - "type":"structure", - "members":{ - "AnomalyDetectorSummaryList":{ - "shape":"AnomalyDetectorSummaryList", - "documentation":"

    A list of anomaly detectors in the account in the current region.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the response is truncated, the service returns this token. To retrieve the next set of results, use the token in the next request.

    " - } - } - }, - "ListAnomalyGroupRelatedMetricsRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "AnomalyGroupId" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "RelationshipTypeFilter":{ - "shape":"RelationshipType", - "documentation":"

    Filter for potential causes (CAUSE_OF_INPUT_ANOMALY_GROUP) or downstream effects (EFFECT_OF_INPUT_ANOMALY_GROUP) of the anomaly group.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Specify the pagination token that's returned by a previous request to retrieve the next page of results.

    " - } - } - }, - "ListAnomalyGroupRelatedMetricsResponse":{ - "type":"structure", - "members":{ - "InterMetricImpactList":{ - "shape":"InterMetricImpactList", - "documentation":"

    Aggregated details about the measures contributing to the anomaly group, and the measures potentially impacted by the anomaly group.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token that's included if more results are available.

    " - } - } - }, - "ListAnomalyGroupSummariesRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "SensitivityThreshold" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "SensitivityThreshold":{ - "shape":"SensitivityThreshold", - "documentation":"

    The minimum severity score for inclusion in the output.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Specify the pagination token that's returned by a previous request to retrieve the next page of results.

    " - } - } - }, - "ListAnomalyGroupSummariesResponse":{ - "type":"structure", - "members":{ - "AnomalyGroupSummaryList":{ - "shape":"AnomalyGroupSummaryList", - "documentation":"

    A list of anomaly group summaries.

    " - }, - "AnomalyGroupStatistics":{ - "shape":"AnomalyGroupStatistics", - "documentation":"

    Aggregated details about the anomaly groups.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token that's included if more results are available.

    " - } - } - }, - "ListAnomalyGroupTimeSeriesRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "AnomalyGroupId", - "MetricName" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "MetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the measure field.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Specify the pagination token that's returned by a previous request to retrieve the next page of results.

    " - } - } - }, - "ListAnomalyGroupTimeSeriesResponse":{ - "type":"structure", - "members":{ - "AnomalyGroupId":{ - "shape":"UUID", - "documentation":"

    The ID of the anomaly group.

    " - }, - "MetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the measure field.

    " - }, - "TimestampList":{ - "shape":"TimestampList", - "documentation":"

    Timestamps for the anomalous metrics.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    The pagination token that's included if more results are available.

    " - }, - "TimeSeriesList":{ - "shape":"TimeSeriesList", - "documentation":"

    A list of anomalous metrics.

    " - } - } - }, - "ListMetricSetsRequest":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the anomaly detector containing the metrics sets to list.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the result of the previous request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours.

    " - } - } - }, - "ListMetricSetsResponse":{ - "type":"structure", - "members":{ - "MetricSetSummaryList":{ - "shape":"MetricSetSummaryList", - "documentation":"

    A list of the datasets in the AWS Region, with configuration details for each.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If the response is truncated, the list call returns this token. To retrieve the next set of results, use the token in the next list request.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["ResourceArn"], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The resource's Amazon Resource Name (ARN).

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagMap", - "documentation":"

    The resource's tags.

    ", - "locationName":"Tags" - } - } - }, - "MaxResults":{ - "type":"integer", - "max":100, - "min":1 - }, - "Message":{"type":"string"}, - "Metric":{ - "type":"structure", - "required":[ - "MetricName", - "AggregationFunction" - ], - "members":{ - "MetricName":{ - "shape":"ColumnName", - "documentation":"

    The name of the metric.

    " - }, - "AggregationFunction":{ - "shape":"AggregationFunction", - "documentation":"

    The function with which the metric is calculated.

    " - }, - "Namespace":{ - "shape":"Namespace", - "documentation":"

    The namespace for the metric.

    " - } - }, - "documentation":"

    A calculation made by contrasting a measure and a dimension from your source data.

    " - }, - "MetricChangePercentage":{ - "type":"double", - "max":100.0, - "min":0.0 - }, - "MetricLevelImpact":{ - "type":"structure", - "members":{ - "MetricName":{ - "shape":"MetricName", - "documentation":"

    The name of the measure.

    " - }, - "NumTimeSeries":{ - "shape":"Integer", - "documentation":"

    The number of anomalous metrics for the measure.

    " - }, - "ContributionMatrix":{ - "shape":"ContributionMatrix", - "documentation":"

    Details about the dimensions that contributed to the anomaly.

    " - } - }, - "documentation":"

    Details about a measure affected by an anomaly.

    " - }, - "MetricLevelImpactList":{ - "type":"list", - "member":{"shape":"MetricLevelImpact"} - }, - "MetricList":{ - "type":"list", - "member":{"shape":"Metric"}, - "min":1 - }, - "MetricName":{ - "type":"string", - "max":256, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "MetricNameList":{ - "type":"list", - "member":{"shape":"MetricName"}, - "max":5, - "min":1 - }, - "MetricSetDataQualityMetric":{ - "type":"structure", - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the data quality metric array.

    " - }, - "DataQualityMetricList":{ - "shape":"DataQualityMetricList", - "documentation":"

    The array of data quality metrics contained in the data quality metric set.

    " - } - }, - "documentation":"

    An array of DataQualityMetric objects that describes one or more data quality metrics.

    " - }, - "MetricSetDataQualityMetricList":{ - "type":"list", - "member":{"shape":"MetricSetDataQualityMetric"} - }, - "MetricSetDescription":{ - "type":"string", - "max":256, - "min":1, - "pattern":".*\\S.*" - }, - "MetricSetDimensionFilter":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"ColumnName", - "documentation":"

    The dimension that you want to filter on.

    " - }, - "FilterList":{ - "shape":"FilterList", - "documentation":"

    The list of filters that you are applying.

    " - } - }, - "documentation":"

    Describes a list of filters for choosing a subset of dimension values. Each filter consists of the dimension and one of its values that you want to include. When multiple dimensions or values are specified, the dimensions are joined with an AND operation and the values are joined with an OR operation.

    " - }, - "MetricSetDimensionFilterList":{ - "type":"list", - "member":{"shape":"MetricSetDimensionFilter"} - }, - "MetricSetName":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9\\-_]*" - }, - "MetricSetSummary":{ - "type":"structure", - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset.

    " - }, - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to which the dataset belongs.

    " - }, - "MetricSetDescription":{ - "shape":"MetricSetDescription", - "documentation":"

    The description of the dataset.

    " - }, - "MetricSetName":{ - "shape":"MetricSetName", - "documentation":"

    The name of the dataset.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the dataset was created.

    " - }, - "LastModificationTime":{ - "shape":"Timestamp", - "documentation":"

    The time at which the dataset was last modified.

    " - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    The dataset's tags.

    " - } - }, - "documentation":"

    Contains information about a dataset.

    " - }, - "MetricSetSummaryList":{ - "type":"list", - "member":{"shape":"MetricSetSummary"} - }, - "MetricSource":{ - "type":"structure", - "members":{ - "S3SourceConfig":{"shape":"S3SourceConfig"}, - "AppFlowConfig":{ - "shape":"AppFlowConfig", - "documentation":"

    Details about an AppFlow datasource.

    " - }, - "CloudWatchConfig":{ - "shape":"CloudWatchConfig", - "documentation":"

    Details about an Amazon CloudWatch monitoring datasource.

    " - }, - "RDSSourceConfig":{ - "shape":"RDSSourceConfig", - "documentation":"

    Details about an Amazon Relational Database Service (RDS) datasource.

    " - }, - "RedshiftSourceConfig":{ - "shape":"RedshiftSourceConfig", - "documentation":"

    Details about an Amazon Redshift database datasource.

    " - }, - "AthenaSourceConfig":{ - "shape":"AthenaSourceConfig", - "documentation":"

    Details about an Amazon Athena datasource.

    " - } - }, - "documentation":"

    Contains information about source data used to generate metrics.

    " - }, - "MetricValue":{"type":"double"}, - "MetricValueList":{ - "type":"list", - "member":{"shape":"MetricValue"} - }, - "Namespace":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[^:].*" - }, - "NextToken":{ - "type":"string", - "max":3000, - "min":1, - "pattern":".*\\S.*" - }, - "NumberAttributeValue":{"type":"string"}, - "NumberListAttributeValue":{ - "type":"list", - "member":{"shape":"NumberAttributeValue"} - }, - "Offset":{ - "type":"integer", - "max":432000, - "min":0 - }, - "PoirotSecretManagerArn":{ - "type":"string", - "max":256, - "pattern":"arn:([a-z\\d-]+):.*:.*:secret:AmazonLookoutMetrics-.+" - }, - "PutFeedbackRequest":{ - "type":"structure", - "required":[ - "AnomalyDetectorArn", - "AnomalyGroupTimeSeriesFeedback" - ], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the anomaly detector.

    " - }, - "AnomalyGroupTimeSeriesFeedback":{ - "shape":"AnomalyGroupTimeSeriesFeedback", - "documentation":"

    Feedback for an anomalous metric.

    " - } - } - }, - "PutFeedbackResponse":{ - "type":"structure", - "members":{ - } - }, - "QuotaCode":{"type":"string"}, - "QuoteSymbol":{ - "type":"string", - "max":1, - "pattern":"[^\\r\\n]|^$" - }, - "RDSDatabaseIdentifier":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-zA-Z](?!.*--)(?!.*-$)[0-9a-zA-Z\\-]*$" - }, - "RDSDatabaseName":{ - "type":"string", - "max":64, - "min":1, - "pattern":"[a-zA-Z0-9_.]+" - }, - "RDSSourceConfig":{ - "type":"structure", - "members":{ - "DBInstanceIdentifier":{ - "shape":"RDSDatabaseIdentifier", - "documentation":"

    A string identifying the database instance.

    " - }, - "DatabaseHost":{ - "shape":"DatabaseHost", - "documentation":"

    The host name of the database.

    " - }, - "DatabasePort":{ - "shape":"DatabasePort", - "documentation":"

    The port number where the database can be accessed.

    ", - "box":true - }, - "SecretManagerArn":{ - "shape":"PoirotSecretManagerArn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS Secrets Manager role.

    " - }, - "DatabaseName":{ - "shape":"RDSDatabaseName", - "documentation":"

    The name of the RDS database.

    " - }, - "TableName":{ - "shape":"TableName", - "documentation":"

    The name of the table in the database.

    " - }, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the role.

    " - }, - "VpcConfiguration":{ - "shape":"VpcConfiguration", - "documentation":"

    An object containing information about the Amazon Virtual Private Cloud (VPC) configuration.

    " - } - }, - "documentation":"

    Contains information about the Amazon Relational Database Service (RDS) configuration.

    " - }, - "RedshiftClusterIdentifier":{ - "type":"string", - "max":63, - "min":1, - "pattern":"^[a-z](?!.*--)(?!.*-$)[0-9a-z\\-]*$" - }, - "RedshiftDatabaseName":{ - "type":"string", - "max":100, - "min":1, - "pattern":"[a-zA-Z0-9_.]+" - }, - "RedshiftSourceConfig":{ - "type":"structure", - "members":{ - "ClusterIdentifier":{ - "shape":"RedshiftClusterIdentifier", - "documentation":"

    A string identifying the Redshift cluster.

    " - }, - "DatabaseHost":{ - "shape":"DatabaseHost", - "documentation":"

    The name of the database host.

    " - }, - "DatabasePort":{ - "shape":"DatabasePort", - "documentation":"

    The port number where the database can be accessed.

    ", - "box":true - }, - "SecretManagerArn":{ - "shape":"PoirotSecretManagerArn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS Secrets Manager role.

    " - }, - "DatabaseName":{ - "shape":"RedshiftDatabaseName", - "documentation":"

    The Redshift database name.

    " - }, - "TableName":{ - "shape":"TableName", - "documentation":"

    The table name of the Redshift database.

    " - }, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the role providing access to the database.

    " - }, - "VpcConfiguration":{ - "shape":"VpcConfiguration", - "documentation":"

    Contains information about the Amazon Virtual Private Cloud (VPC) configuration.

    " - } - }, - "documentation":"

    Provides information about the Amazon Redshift database configuration.

    " - }, - "RelatedColumnName":{ - "type":"string", - "max":256, - "min":1, - "pattern":".*\\S.*" - }, - "RelationshipType":{ - "type":"string", - "enum":[ - "CAUSE_OF_INPUT_ANOMALY_GROUP", - "EFFECT_OF_INPUT_ANOMALY_GROUP" - ] - }, - "ResourceId":{"type":"string"}, - "ResourceNotFoundException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"}, - "ResourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - } - }, - "documentation":"

    The specified resource cannot be found. Check the ARN of the resource and try again.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ResourceType":{"type":"string"}, - "S3SourceConfig":{ - "type":"structure", - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The ARN of an IAM role that has read and write access permissions to the source S3 bucket.

    " - }, - "TemplatedPathList":{ - "shape":"TemplatedPathList", - "documentation":"

    A list of templated paths to the source files.

    " - }, - "HistoricalDataPathList":{ - "shape":"HistoricalDataPathList", - "documentation":"

    A list of paths to the historical data files.

    " - }, - "FileFormatDescriptor":{ - "shape":"FileFormatDescriptor", - "documentation":"

    Contains information about a source file's formatting.

    " - } - }, - "documentation":"

    Contains information about the configuration of the S3 bucket that contains source files.

    " - }, - "SNSConfiguration":{ - "type":"structure", - "required":[ - "RoleArn", - "SnsTopicArn" - ], - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the IAM role that has access to the target SNS topic.

    " - }, - "SnsTopicArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the target SNS topic.

    " - }, - "SnsFormat":{ - "shape":"SnsFormat", - "documentation":"

    The format of the SNS topic.

    • JSON – Send JSON alerts with an anomaly ID and a link to the anomaly detail page. This is the default.

    • LONG_TEXT – Send human-readable alerts with information about the impacted timeseries and a link to the anomaly detail page. We recommend this for email.

    • SHORT_TEXT – Send human-readable alerts with a link to the anomaly detail page. We recommend this for SMS.

    " - } - }, - "documentation":"

    Contains information about the SNS topic to which you want to send your alerts and the IAM role that has access to that topic.

    " - }, - "SampleDataS3SourceConfig":{ - "type":"structure", - "required":[ - "RoleArn", - "FileFormatDescriptor" - ], - "members":{ - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the role.

    " - }, - "TemplatedPathList":{ - "shape":"TemplatedPathList", - "documentation":"

    An array of strings containing the list of templated paths.

    " - }, - "HistoricalDataPathList":{ - "shape":"HistoricalDataPathList", - "documentation":"

    An array of strings containing the historical set of data paths.

    " - }, - "FileFormatDescriptor":{"shape":"FileFormatDescriptor"} - }, - "documentation":"

    Contains information about the source configuration in Amazon S3.

    " - }, - "SampleRow":{ - "type":"list", - "member":{"shape":"DataItem"} - }, - "SampleRows":{ - "type":"list", - "member":{"shape":"SampleRow"} - }, - "Score":{ - "type":"double", - "max":100.0, - "min":0.0 - }, - "SecurityGroupId":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[-0-9a-zA-Z]+" - }, - "SecurityGroupIdList":{ - "type":"list", - "member":{"shape":"SecurityGroupId"} - }, - "SensitivityThreshold":{ - "type":"integer", - "max":100, - "min":0 - }, - "ServiceCode":{"type":"string"}, - "ServiceQuotaExceededException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"}, - "ResourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - }, - "QuotaCode":{ - "shape":"QuotaCode", - "documentation":"

    The quota code.

    " - }, - "ServiceCode":{ - "shape":"ServiceCode", - "documentation":"

    The service code.

    " - } - }, - "documentation":"

    The request exceeded the service's quotas. Check the service quotas and try again.

    ", - "error":{"httpStatusCode":402}, - "exception":true - }, - "SnsFormat":{ - "type":"string", - "enum":[ - "LONG_TEXT", - "SHORT_TEXT", - "JSON" - ] - }, - "StringAttributeValue":{"type":"string"}, - "StringListAttributeValue":{ - "type":"list", - "member":{"shape":"StringAttributeValue"} - }, - "SubnetId":{ - "type":"string", - "max":255, - "pattern":"[\\-0-9a-zA-Z]+" - }, - "SubnetIdList":{ - "type":"list", - "member":{"shape":"SubnetId"} - }, - "TableName":{ - "type":"string", - "max":100, - "min":1, - "pattern":"^[a-zA-Z][a-zA-Z0-9_.]*$" - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1 - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":50, - "min":1 - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":50, - "min":1 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "Tags" - ], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The resource's Amazon Resource Name (ARN).

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "Tags":{ - "shape":"TagMap", - "documentation":"

    Tags to apply to the resource. Tag keys and values can contain letters, numbers, spaces, and the following symbols: _.:/=+@-

    ", - "locationName":"tags" - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256 - }, - "TemplatedPath":{ - "type":"string", - "max":1024, - "pattern":"^s3://[a-zA-Z0-9_\\-\\/ {}=]+$" - }, - "TemplatedPathList":{ - "type":"list", - "member":{"shape":"TemplatedPath"}, - "max":1, - "min":1 - }, - "TimeSeries":{ - "type":"structure", - "required":[ - "TimeSeriesId", - "DimensionList", - "MetricValueList" - ], - "members":{ - "TimeSeriesId":{ - "shape":"TimeSeriesId", - "documentation":"

    The ID of the metric.

    " - }, - "DimensionList":{ - "shape":"DimensionNameValueList", - "documentation":"

    The dimensions of the metric.

    " - }, - "MetricValueList":{ - "shape":"MetricValueList", - "documentation":"

    The values for the metric.

    " - } - }, - "documentation":"

    Details about a metric. A metric is an aggregation of the values of a measure for a dimension value, such as availability in the us-east-1 Region.

    " - }, - "TimeSeriesFeedback":{ - "type":"structure", - "members":{ - "TimeSeriesId":{ - "shape":"TimeSeriesId", - "documentation":"

    The ID of the metric.

    " - }, - "IsAnomaly":{ - "shape":"Boolean", - "documentation":"

    Feedback on whether the metric is a legitimate anomaly.

    " - } - }, - "documentation":"

    Details about feedback submitted for an anomalous metric.

    " - }, - "TimeSeriesFeedbackList":{ - "type":"list", - "member":{"shape":"TimeSeriesFeedback"} - }, - "TimeSeriesId":{ - "type":"string", - "max":520, - "pattern":".*\\S.*" - }, - "TimeSeriesList":{ - "type":"list", - "member":{"shape":"TimeSeries"} - }, - "Timestamp":{"type":"timestamp"}, - "TimestampColumn":{ - "type":"structure", - "members":{ - "ColumnName":{ - "shape":"ColumnName", - "documentation":"

    The name of the timestamp column.

    " - }, - "ColumnFormat":{ - "shape":"DateTimeFormat", - "documentation":"

    The format of the timestamp column.

    " - } - }, - "documentation":"

    Contains information about the column used to track time in a source data file.

    " - }, - "TimestampList":{ - "type":"list", - "member":{"shape":"TimestampString"} - }, - "TimestampString":{ - "type":"string", - "max":60, - "pattern":"^([12]\\d{3})-(1[0-2]|0[1-9])-(0[1-9]|[12]\\d|3[01])T([01]\\d|2[0-3]):([0-5]\\d):([0-5]\\d)(Z|(\\+|\\-)(0\\d|1[0-2]):([0-5]\\d)(\\[[[:alnum:]\\/\\_]+\\])?)$" - }, - "Timezone":{ - "type":"string", - "max":60, - "pattern":".*\\S.*" - }, - "TooManyRequestsException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"} - }, - "documentation":"

    The request was denied due to too many requests being submitted at the same time.

    ", - "error":{"httpStatusCode":429}, - "exception":true - }, - "UUID":{ - "type":"string", - "max":63, - "pattern":"[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}" - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "TagKeys" - ], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The resource's Amazon Resource Name (ARN).

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "TagKeys":{ - "shape":"TagKeyList", - "documentation":"

    Keys to remove from the resource's tags.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateAlertRequest":{ - "type":"structure", - "required":["AlertArn"], - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the alert to update.

    " - }, - "AlertDescription":{ - "shape":"AlertDescription", - "documentation":"

    A description of the alert.

    " - }, - "AlertSensitivityThreshold":{ - "shape":"SensitivityThreshold", - "documentation":"

    An integer from 0 to 100 specifying the alert sensitivity threshold.

    " - }, - "Action":{ - "shape":"Action", - "documentation":"

    Action that will be triggered when there is an alert.

    " - }, - "AlertFilters":{ - "shape":"AlertFilters", - "documentation":"

    The configuration of the alert filters, containing MetricList and DimensionFilterList.

    " - } - } - }, - "UpdateAlertResponse":{ - "type":"structure", - "members":{ - "AlertArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the updated alert.

    " - } - } - }, - "UpdateAnomalyDetectorRequest":{ - "type":"structure", - "required":["AnomalyDetectorArn"], - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the detector to update.

    " - }, - "KmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

    The Amazon Resource Name (ARN) of an AWS KMS encryption key.

    " - }, - "AnomalyDetectorDescription":{ - "shape":"AnomalyDetectorDescription", - "documentation":"

    The updated detector description.

    " - }, - "AnomalyDetectorConfig":{ - "shape":"AnomalyDetectorConfig", - "documentation":"

    Contains information about the configuration to which the detector will be updated.

    " - } - } - }, - "UpdateAnomalyDetectorResponse":{ - "type":"structure", - "members":{ - "AnomalyDetectorArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the updated detector.

    " - } - } - }, - "UpdateMetricSetRequest":{ - "type":"structure", - "required":["MetricSetArn"], - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset to update.

    " - }, - "MetricSetDescription":{ - "shape":"MetricSetDescription", - "documentation":"

    The dataset's description.

    " - }, - "MetricList":{ - "shape":"MetricList", - "documentation":"

    The metric list.

    " - }, - "Offset":{ - "shape":"Offset", - "documentation":"

    After an interval ends, the amount of seconds that the detector waits before importing data. Offset is only supported for S3, Redshift, Athena and datasources.

    ", - "box":true - }, - "TimestampColumn":{ - "shape":"TimestampColumn", - "documentation":"

    The timestamp column.

    " - }, - "DimensionList":{ - "shape":"DimensionList", - "documentation":"

    The dimension list.

    " - }, - "MetricSetFrequency":{ - "shape":"Frequency", - "documentation":"

    The dataset's interval.

    " - }, - "MetricSource":{"shape":"MetricSource"}, - "DimensionFilterList":{ - "shape":"MetricSetDimensionFilterList", - "documentation":"

    Describes a list of filters for choosing specific dimensions and specific values. Each filter consists of the dimension and one of its values that you want to include. When multiple dimensions or values are specified, the dimensions are joined with an AND operation and the values are joined with an OR operation.

    " - } - } - }, - "UpdateMetricSetResponse":{ - "type":"structure", - "members":{ - "MetricSetArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the dataset.

    " - } - } - }, - "ValidationException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"Message"}, - "Reason":{ - "shape":"ValidationExceptionReason", - "documentation":"

    The reason that validation failed.

    " - }, - "Fields":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

    Fields that failed validation.

    " - } - }, - "documentation":"

    The input fails to satisfy the constraints specified by the AWS service. Check your input values and try again.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ValidationExceptionField":{ - "type":"structure", - "required":[ - "Name", - "Message" - ], - "members":{ - "Name":{ - "shape":"FieldName", - "documentation":"

    The name of the field.

    " - }, - "Message":{ - "shape":"Message", - "documentation":"

    The message with more information about the validation exception.

    " - } - }, - "documentation":"

    Contains information about a a field in a validation exception.

    " - }, - "ValidationExceptionFieldList":{ - "type":"list", - "member":{"shape":"ValidationExceptionField"} - }, - "ValidationExceptionReason":{ - "type":"string", - "enum":[ - "UNKNOWN_OPERATION", - "CANNOT_PARSE", - "FIELD_VALIDATION_FAILED", - "OTHER" - ] - }, - "VpcConfiguration":{ - "type":"structure", - "required":[ - "SubnetIdList", - "SecurityGroupIdList" - ], - "members":{ - "SubnetIdList":{ - "shape":"SubnetIdList", - "documentation":"

    An array of strings containing the Amazon VPC subnet IDs (e.g., subnet-0bb1c79de3EXAMPLE.

    " - }, - "SecurityGroupIdList":{ - "shape":"SecurityGroupIdList", - "documentation":"

    An array of strings containing the list of security groups.

    " - } - }, - "documentation":"

    Contains configuration information about the Amazon Virtual Private Cloud (VPC).

    " - } - }, - "documentation":"

    This is the Amazon Lookout for Metrics API Reference. For an introduction to the service with tutorials for getting started, visit Amazon Lookout for Metrics Developer Guide.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutvision-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutvision-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://lookoutvision.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://lookoutvision.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/paginators-1.json 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/paginators-1.json --- 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -{ - "pagination": { - "ListDatasetEntries": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "DatasetEntries" - }, - "ListModels": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "Models" - }, - "ListProjects": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "Projects" - }, - "ListModelPackagingJobs": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "ModelPackagingJobs" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/service-2.json 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/service-2.json --- 2.23.6-1/awscli/botocore/data/lookoutvision/2020-11-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/lookoutvision/2020-11-20/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,2266 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2020-11-20", - "endpointPrefix":"lookoutvision", - "jsonVersion":"1.1", - "protocol":"rest-json", - "serviceFullName":"Amazon Lookout for Vision", - "serviceId":"LookoutVision", - "signatureVersion":"v4", - "signingName":"lookoutvision", - "uid":"lookoutvision-2020-11-20" - }, - "operations":{ - "CreateDataset":{ - "name":"CreateDataset", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/datasets", - "responseCode":202 - }, - "input":{"shape":"CreateDatasetRequest"}, - "output":{"shape":"CreateDatasetResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Creates a new dataset in an Amazon Lookout for Vision project. CreateDataset can create a training or a test dataset from a valid dataset source (DatasetSource).

    If you want a single dataset project, specify train for the value of DatasetType.

    To have a project with separate training and test datasets, call CreateDataset twice. On the first call, specify train for the value of DatasetType. On the second call, specify test for the value of DatasetType.

    This operation requires permissions to perform the lookoutvision:CreateDataset operation.

    " - }, - "CreateModel":{ - "name":"CreateModel", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/models", - "responseCode":202 - }, - "input":{"shape":"CreateModelRequest"}, - "output":{"shape":"CreateModelResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Creates a new version of a model within an an Amazon Lookout for Vision project. CreateModel is an asynchronous operation in which Amazon Lookout for Vision trains, tests, and evaluates a new version of a model.

    To get the current status, check the Status field returned in the response from DescribeModel.

    If the project has a single dataset, Amazon Lookout for Vision internally splits the dataset to create a training and a test dataset. If the project has a training and a test dataset, Lookout for Vision uses the respective datasets to train and test the model.

    After training completes, the evaluation metrics are stored at the location specified in OutputConfig.

    This operation requires permissions to perform the lookoutvision:CreateModel operation. If you want to tag your model, you also require permission to the lookoutvision:TagResource operation.

    " - }, - "CreateProject":{ - "name":"CreateProject", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects" - }, - "input":{"shape":"CreateProjectRequest"}, - "output":{"shape":"CreateProjectResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Creates an empty Amazon Lookout for Vision project. After you create the project, add a dataset by calling CreateDataset.

    This operation requires permissions to perform the lookoutvision:CreateProject operation.

    " - }, - "DeleteDataset":{ - "name":"DeleteDataset", - "http":{ - "method":"DELETE", - "requestUri":"/2020-11-20/projects/{projectName}/datasets/{datasetType}", - "responseCode":202 - }, - "input":{"shape":"DeleteDatasetRequest"}, - "output":{"shape":"DeleteDatasetResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Deletes an existing Amazon Lookout for Vision dataset.

    If your the project has a single dataset, you must create a new dataset before you can create a model.

    If you project has a training dataset and a test dataset consider the following.

    • If you delete the test dataset, your project reverts to a single dataset project. If you then train the model, Amazon Lookout for Vision internally splits the remaining dataset into a training and test dataset.

    • If you delete the training dataset, you must create a training dataset before you can create a model.

    This operation requires permissions to perform the lookoutvision:DeleteDataset operation.

    " - }, - "DeleteModel":{ - "name":"DeleteModel", - "http":{ - "method":"DELETE", - "requestUri":"/2020-11-20/projects/{projectName}/models/{modelVersion}", - "responseCode":202 - }, - "input":{"shape":"DeleteModelRequest"}, - "output":{"shape":"DeleteModelResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Deletes an Amazon Lookout for Vision model. You can't delete a running model. To stop a running model, use the StopModel operation.

    It might take a few seconds to delete a model. To determine if a model has been deleted, call ListModels and check if the version of the model (ModelVersion) is in the Models array.

    This operation requires permissions to perform the lookoutvision:DeleteModel operation.

    " - }, - "DeleteProject":{ - "name":"DeleteProject", - "http":{ - "method":"DELETE", - "requestUri":"/2020-11-20/projects/{projectName}" - }, - "input":{"shape":"DeleteProjectRequest"}, - "output":{"shape":"DeleteProjectResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Deletes an Amazon Lookout for Vision project.

    To delete a project, you must first delete each version of the model associated with the project. To delete a model use the DeleteModel operation.

    You also have to delete the dataset(s) associated with the model. For more information, see DeleteDataset. The images referenced by the training and test datasets aren't deleted.

    This operation requires permissions to perform the lookoutvision:DeleteProject operation.

    " - }, - "DescribeDataset":{ - "name":"DescribeDataset", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/datasets/{datasetType}" - }, - "input":{"shape":"DescribeDatasetRequest"}, - "output":{"shape":"DescribeDatasetResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Describe an Amazon Lookout for Vision dataset.

    This operation requires permissions to perform the lookoutvision:DescribeDataset operation.

    " - }, - "DescribeModel":{ - "name":"DescribeModel", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/models/{modelVersion}" - }, - "input":{"shape":"DescribeModelRequest"}, - "output":{"shape":"DescribeModelResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Describes a version of an Amazon Lookout for Vision model.

    This operation requires permissions to perform the lookoutvision:DescribeModel operation.

    " - }, - "DescribeModelPackagingJob":{ - "name":"DescribeModelPackagingJob", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs/{jobName}" - }, - "input":{"shape":"DescribeModelPackagingJobRequest"}, - "output":{"shape":"DescribeModelPackagingJobResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Describes an Amazon Lookout for Vision model packaging job.

    This operation requires permissions to perform the lookoutvision:DescribeModelPackagingJob operation.

    For more information, see Using your Amazon Lookout for Vision model on an edge device in the Amazon Lookout for Vision Developer Guide.

    " - }, - "DescribeProject":{ - "name":"DescribeProject", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}" - }, - "input":{"shape":"DescribeProjectRequest"}, - "output":{"shape":"DescribeProjectResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Describes an Amazon Lookout for Vision project.

    This operation requires permissions to perform the lookoutvision:DescribeProject operation.

    " - }, - "DetectAnomalies":{ - "name":"DetectAnomalies", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/models/{modelVersion}/detect" - }, - "input":{"shape":"DetectAnomaliesRequest"}, - "output":{"shape":"DetectAnomaliesResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Detects anomalies in an image that you supply.

    The response from DetectAnomalies includes a boolean prediction that the image contains one or more anomalies and a confidence value for the prediction. If the model is an image segmentation model, the response also includes segmentation information for each type of anomaly found in the image.

    Before calling DetectAnomalies, you must first start your model with the StartModel operation. You are charged for the amount of time, in minutes, that a model runs and for the number of anomaly detection units that your model uses. If you are not using a model, use the StopModel operation to stop your model.

    For more information, see Detecting anomalies in an image in the Amazon Lookout for Vision developer guide.

    This operation requires permissions to perform the lookoutvision:DetectAnomalies operation.

    " - }, - "ListDatasetEntries":{ - "name":"ListDatasetEntries", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/datasets/{datasetType}/entries" - }, - "input":{"shape":"ListDatasetEntriesRequest"}, - "output":{"shape":"ListDatasetEntriesResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Lists the JSON Lines within a dataset. An Amazon Lookout for Vision JSON Line contains the anomaly information for a single image, including the image location and the assigned label.

    This operation requires permissions to perform the lookoutvision:ListDatasetEntries operation.

    " - }, - "ListModelPackagingJobs":{ - "name":"ListModelPackagingJobs", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs" - }, - "input":{"shape":"ListModelPackagingJobsRequest"}, - "output":{"shape":"ListModelPackagingJobsResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Lists the model packaging jobs created for an Amazon Lookout for Vision project.

    This operation requires permissions to perform the lookoutvision:ListModelPackagingJobs operation.

    For more information, see Using your Amazon Lookout for Vision model on an edge device in the Amazon Lookout for Vision Developer Guide.

    " - }, - "ListModels":{ - "name":"ListModels", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects/{projectName}/models" - }, - "input":{"shape":"ListModelsRequest"}, - "output":{"shape":"ListModelsResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Lists the versions of a model in an Amazon Lookout for Vision project.

    The ListModels operation is eventually consistent. Recent calls to CreateModel might take a while to appear in the response from ListProjects.

    This operation requires permissions to perform the lookoutvision:ListModels operation.

    " - }, - "ListProjects":{ - "name":"ListProjects", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/projects" - }, - "input":{"shape":"ListProjectsRequest"}, - "output":{"shape":"ListProjectsResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Lists the Amazon Lookout for Vision projects in your AWS account that are in the AWS Region in which you call ListProjects.

    The ListProjects operation is eventually consistent. Recent calls to CreateProject and DeleteProject might take a while to appear in the response from ListProjects.

    This operation requires permissions to perform the lookoutvision:ListProjects operation.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/2020-11-20/tags/{resourceArn}" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Returns a list of tags attached to the specified Amazon Lookout for Vision model.

    This operation requires permissions to perform the lookoutvision:ListTagsForResource operation.

    " - }, - "StartModel":{ - "name":"StartModel", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/models/{modelVersion}/start", - "responseCode":202 - }, - "input":{"shape":"StartModelRequest"}, - "output":{"shape":"StartModelResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Starts the running of the version of an Amazon Lookout for Vision model. Starting a model takes a while to complete. To check the current state of the model, use DescribeModel.

    A model is ready to use when its status is HOSTED.

    Once the model is running, you can detect custom labels in new images by calling DetectAnomalies.

    You are charged for the amount of time that the model is running. To stop a running model, call StopModel.

    This operation requires permissions to perform the lookoutvision:StartModel operation.

    " - }, - "StartModelPackagingJob":{ - "name":"StartModelPackagingJob", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs" - }, - "input":{"shape":"StartModelPackagingJobRequest"}, - "output":{"shape":"StartModelPackagingJobResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Starts an Amazon Lookout for Vision model packaging job. A model packaging job creates an AWS IoT Greengrass component for a Lookout for Vision model. You can use the component to deploy your model to an edge device managed by Greengrass.

    Use the DescribeModelPackagingJob API to determine the current status of the job. The model packaging job is complete if the value of Status is SUCCEEDED.

    To deploy the component to the target device, use the component name and component version with the AWS IoT Greengrass CreateDeployment API.

    This operation requires the following permissions:

    • lookoutvision:StartModelPackagingJob

    • s3:PutObject

    • s3:GetBucketLocation

    • kms:GenerateDataKey

    • greengrass:CreateComponentVersion

    • greengrass:DescribeComponent

    • (Optional) greengrass:TagResource. Only required if you want to tag the component.

    For more information, see Using your Amazon Lookout for Vision model on an edge device in the Amazon Lookout for Vision Developer Guide.

    " - }, - "StopModel":{ - "name":"StopModel", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/projects/{projectName}/models/{modelVersion}/stop", - "responseCode":202 - }, - "input":{"shape":"StopModelRequest"}, - "output":{"shape":"StopModelResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Stops the hosting of a running model. The operation might take a while to complete. To check the current status, call DescribeModel.

    After the model hosting stops, the Status of the model is TRAINED.

    This operation requires permissions to perform the lookoutvision:StopModel operation.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/2020-11-20/tags/{resourceArn}" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"ServiceQuotaExceededException"} - ], - "documentation":"

    Adds one or more key-value tags to an Amazon Lookout for Vision model. For more information, see Tagging a model in the Amazon Lookout for Vision Developer Guide.

    This operation requires permissions to perform the lookoutvision:TagResource operation.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/2020-11-20/tags/{resourceArn}" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Removes one or more tags from an Amazon Lookout for Vision model. For more information, see Tagging a model in the Amazon Lookout for Vision Developer Guide.

    This operation requires permissions to perform the lookoutvision:UntagResource operation.

    " - }, - "UpdateDatasetEntries":{ - "name":"UpdateDatasetEntries", - "http":{ - "method":"PATCH", - "requestUri":"/2020-11-20/projects/{projectName}/datasets/{datasetType}/entries", - "responseCode":202 - }, - "input":{"shape":"UpdateDatasetEntriesRequest"}, - "output":{"shape":"UpdateDatasetEntriesResponse"}, - "errors":[ - {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, - {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Adds or updates one or more JSON Line entries in a dataset. A JSON Line includes information about an image used for training or testing an Amazon Lookout for Vision model.

    To update an existing JSON Line, use the source-ref field to identify the JSON Line. The JSON line that you supply replaces the existing JSON line. Any existing annotations that are not in the new JSON line are removed from the dataset.

    For more information, see Defining JSON lines for anomaly classification in the Amazon Lookout for Vision Developer Guide.

    The images you reference in the source-ref field of a JSON line, must be in the same S3 bucket as the existing images in the dataset.

    Updating a dataset might take a while to complete. To check the current status, call DescribeDataset and check the Status field in the response.

    This operation requires permissions to perform the lookoutvision:UpdateDatasetEntries operation.

    " - } - }, - "shapes":{ - "AccessDeniedException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"ExceptionString"} - }, - "documentation":"

    You are not authorized to perform the action.

    ", - "error":{"httpStatusCode":403}, - "exception":true - }, - "Anomaly":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"AnomalyName", - "documentation":"

    The name of an anomaly type found in an image. Name maps to an anomaly type in the training dataset, apart from the anomaly type background. The service automatically inserts the background anomaly type into the response from DetectAnomalies.

    " - }, - "PixelAnomaly":{ - "shape":"PixelAnomaly", - "documentation":"

    Information about the pixel mask that covers an anomaly type.

    " - } - }, - "documentation":"

    Information about an anomaly type found on an image by an image segmentation model. For more information, see DetectAnomalies.

    " - }, - "AnomalyClassFilter":{ - "type":"string", - "max":10, - "min":1, - "pattern":"(normal|anomaly)" - }, - "AnomalyList":{ - "type":"list", - "member":{"shape":"Anomaly"} - }, - "AnomalyMask":{ - "type":"blob", - "max":5242880, - "min":1 - }, - "AnomalyName":{ - "type":"string", - "max":256, - "min":1, - "pattern":"[a-zA-Z0-9]*" - }, - "Boolean":{"type":"boolean"}, - "ClientToken":{ - "type":"string", - "max":64, - "min":1, - "pattern":"^[a-zA-Z0-9-]+$" - }, - "Color":{ - "type":"string", - "max":7, - "min":7, - "pattern":"\\#[a-zA-Z0-9]{6}" - }, - "CompilerOptions":{ - "type":"string", - "max":1024, - "min":3, - "pattern":".*" - }, - "ComponentDescription":{ - "type":"string", - "max":256, - "min":1, - "pattern":"[a-zA-Z0-9-_. ()':,;?]+" - }, - "ComponentName":{ - "type":"string", - "max":128, - "min":1, - "pattern":"[a-zA-Z0-9-_.]+" - }, - "ComponentVersion":{ - "type":"string", - "max":64, - "min":1, - "pattern":"^([0-9]{1,6})\\.([0-9]{1,6})\\.([0-9]{1,6})$" - }, - "ComponentVersionArn":{ - "type":"string", - "pattern":"arn:[^:]*:greengrass:[^:]*:aws:components:[^:]+" - }, - "ConflictException":{ - "type":"structure", - "required":[ - "Message", - "ResourceId", - "ResourceType" - ], - "members":{ - "Message":{"shape":"ExceptionString"}, - "ResourceId":{ - "shape":"ExceptionString", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - } - }, - "documentation":"

    The update or deletion of a resource caused an inconsistent state.

    ", - "error":{"httpStatusCode":409}, - "exception":true - }, - "ContentType":{ - "type":"string", - "max":255, - "min":1, - "pattern":".*" - }, - "CreateDatasetRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "DatasetType" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project in which you want to create a dataset.

    ", - "location":"uri", - "locationName":"projectName" - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset. Specify train for a training dataset. Specify test for a test dataset.

    " - }, - "DatasetSource":{ - "shape":"DatasetSource", - "documentation":"

    The location of the manifest file that Amazon Lookout for Vision uses to create the dataset.

    If you don't specify DatasetSource, an empty dataset is created and the operation synchronously returns. Later, you can add JSON Lines by calling UpdateDatasetEntries.

    If you specify a value for DataSource, the manifest at the S3 location is validated and used to create the dataset. The call to CreateDataset is asynchronous and might take a while to complete. To find out the current status, Check the value of Status returned in a call to DescribeDataset.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to CreateDataset completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from CreateDataset. In this case, safely retry your call to CreateDataset by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple dataset creation requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to CreateDataset. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "CreateDatasetResponse":{ - "type":"structure", - "members":{ - "DatasetMetadata":{ - "shape":"DatasetMetadata", - "documentation":"

    Information about the dataset.

    " - } - } - }, - "CreateModelRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "OutputConfig" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project in which you want to create a model version.

    ", - "location":"uri", - "locationName":"projectName" - }, - "Description":{ - "shape":"ModelDescriptionMessage", - "documentation":"

    A description for the version of the model.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to CreateModel completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from CreateModel. In this case, safely retry your call to CreateModel by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from starting multiple training jobs. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to CreateModel. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - }, - "OutputConfig":{ - "shape":"OutputConfig", - "documentation":"

    The location where Amazon Lookout for Vision saves the training results.

    " - }, - "KmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The identifier for your AWS KMS key. The key is used to encrypt training and test images copied into the service for model training. Your source images are unaffected. If this parameter is not specified, the copied images are encrypted by a key that AWS owns and manages.

    " - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    A set of tags (key-value pairs) that you want to attach to the model.

    " - } - } - }, - "CreateModelResponse":{ - "type":"structure", - "members":{ - "ModelMetadata":{ - "shape":"ModelMetadata", - "documentation":"

    The response from a call to CreateModel.

    " - } - } - }, - "CreateProjectRequest":{ - "type":"structure", - "required":["ProjectName"], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name for the project.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to CreateProject completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from CreateProject. In this case, safely retry your call to CreateProject by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple project creation requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to CreateProject. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "CreateProjectResponse":{ - "type":"structure", - "members":{ - "ProjectMetadata":{ - "shape":"ProjectMetadata", - "documentation":"

    Information about the project.

    " - } - } - }, - "DatasetChanges":{ - "type":"blob", - "max":10485760, - "min":1 - }, - "DatasetDescription":{ - "type":"structure", - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the dataset.

    " - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset. The value train represents a training dataset or single dataset project. The value test represents a test dataset.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the time and date that the dataset was created.

    " - }, - "LastUpdatedTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the date and time that the dataset was last updated.

    " - }, - "Status":{ - "shape":"DatasetStatus", - "documentation":"

    The status of the dataset.

    " - }, - "StatusMessage":{ - "shape":"DatasetStatusMessage", - "documentation":"

    The status message for the dataset.

    " - }, - "ImageStats":{ - "shape":"DatasetImageStats", - "documentation":"

    Statistics about the images in a dataset.

    " - } - }, - "documentation":"

    The description for a dataset. For more information, see DescribeDataset.

    " - }, - "DatasetEntry":{ - "type":"string", - "max":8192, - "min":2, - "pattern":"^\\{.*\\}$" - }, - "DatasetEntryList":{ - "type":"list", - "member":{"shape":"DatasetEntry"} - }, - "DatasetGroundTruthManifest":{ - "type":"structure", - "members":{ - "S3Object":{ - "shape":"InputS3Object", - "documentation":"

    The S3 bucket location for the manifest file.

    " - } - }, - "documentation":"

    Location information about a manifest file. You can use a manifest file to create a dataset.

    " - }, - "DatasetImageStats":{ - "type":"structure", - "members":{ - "Total":{ - "shape":"Integer", - "documentation":"

    The total number of images in the dataset.

    " - }, - "Labeled":{ - "shape":"Integer", - "documentation":"

    The total number of labeled images.

    " - }, - "Normal":{ - "shape":"Integer", - "documentation":"

    The total number of images labeled as normal.

    " - }, - "Anomaly":{ - "shape":"Integer", - "documentation":"

    the total number of images labeled as an anomaly.

    " - } - }, - "documentation":"

    Statistics about the images in a dataset.

    " - }, - "DatasetMetadata":{ - "type":"structure", - "members":{ - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the date and time that the dataset was created.

    " - }, - "Status":{ - "shape":"DatasetStatus", - "documentation":"

    The status for the dataset.

    " - }, - "StatusMessage":{ - "shape":"DatasetStatusMessage", - "documentation":"

    The status message for the dataset.

    " - } - }, - "documentation":"

    Summary information for an Amazon Lookout for Vision dataset. For more information, see DescribeDataset and ProjectDescription.

    " - }, - "DatasetMetadataList":{ - "type":"list", - "member":{"shape":"DatasetMetadata"} - }, - "DatasetSource":{ - "type":"structure", - "members":{ - "GroundTruthManifest":{ - "shape":"DatasetGroundTruthManifest", - "documentation":"

    Location information for the manifest file.

    " - } - }, - "documentation":"

    Information about the location of a manifest file that Amazon Lookout for Vision uses to to create a dataset.

    " - }, - "DatasetStatus":{ - "type":"string", - "enum":[ - "CREATE_IN_PROGRESS", - "CREATE_COMPLETE", - "CREATE_FAILED", - "UPDATE_IN_PROGRESS", - "UPDATE_COMPLETE", - "UPDATE_FAILED_ROLLBACK_IN_PROGRESS", - "UPDATE_FAILED_ROLLBACK_COMPLETE", - "DELETE_IN_PROGRESS", - "DELETE_COMPLETE", - "DELETE_FAILED" - ] - }, - "DatasetStatusMessage":{"type":"string"}, - "DatasetType":{ - "type":"string", - "max":10, - "min":1, - "pattern":"train|test" - }, - "DateTime":{"type":"timestamp"}, - "DeleteDatasetRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "DatasetType" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the dataset that you want to delete.

    ", - "location":"uri", - "locationName":"projectName" - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset to delete. Specify train to delete the training dataset. Specify test to delete the test dataset. To delete the dataset in a single dataset project, specify train.

    ", - "location":"uri", - "locationName":"datasetType" - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to DeleteDataset completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from DeleteDataset. In this case, safely retry your call to DeleteDataset by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple deletetion requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to DeleteDataset. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "DeleteDatasetResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteModelRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model that you want to delete.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersionNoLatest", - "documentation":"

    The version of the model that you want to delete.

    ", - "location":"uri", - "locationName":"modelVersion" - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to DeleteModel completes only once. You choose the value to pass. For example, an issue might prevent you from getting a response from DeleteModel. In this case, safely retry your call to DeleteModel by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple model deletion requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to DeleteModel. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "DeleteModelResponse":{ - "type":"structure", - "members":{ - "ModelArn":{ - "shape":"ModelArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model that was deleted.

    " - } - } - }, - "DeleteProjectRequest":{ - "type":"structure", - "required":["ProjectName"], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project to delete.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to DeleteProject completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from DeleteProject. In this case, safely retry your call to DeleteProject by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple project deletion requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to DeleteProject. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "DeleteProjectResponse":{ - "type":"structure", - "members":{ - "ProjectArn":{ - "shape":"ProjectArn", - "documentation":"

    The Amazon Resource Name (ARN) of the project that was deleted.

    " - } - } - }, - "DescribeDatasetRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "DatasetType" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the dataset that you want to describe.

    ", - "location":"uri", - "locationName":"projectName" - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset to describe. Specify train to describe the training dataset. Specify test to describe the test dataset. If you have a single dataset project, specify train

    ", - "location":"uri", - "locationName":"datasetType" - } - } - }, - "DescribeDatasetResponse":{ - "type":"structure", - "members":{ - "DatasetDescription":{ - "shape":"DatasetDescription", - "documentation":"

    The description of the requested dataset.

    " - } - } - }, - "DescribeModelPackagingJobRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "JobName" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model packaging job that you want to describe.

    ", - "location":"uri", - "locationName":"projectName" - }, - "JobName":{ - "shape":"ModelPackagingJobName", - "documentation":"

    The job name for the model packaging job.

    ", - "location":"uri", - "locationName":"jobName" - } - } - }, - "DescribeModelPackagingJobResponse":{ - "type":"structure", - "members":{ - "ModelPackagingDescription":{ - "shape":"ModelPackagingDescription", - "documentation":"

    The description of the model packaging job.

    " - } - } - }, - "DescribeModelRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The project that contains the version of a model that you want to describe.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model that you want to describe.

    ", - "location":"uri", - "locationName":"modelVersion" - } - } - }, - "DescribeModelResponse":{ - "type":"structure", - "members":{ - "ModelDescription":{ - "shape":"ModelDescription", - "documentation":"

    Contains the description of the model.

    " - } - } - }, - "DescribeProjectRequest":{ - "type":"structure", - "required":["ProjectName"], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that you want to describe.

    ", - "location":"uri", - "locationName":"projectName" - } - } - }, - "DescribeProjectResponse":{ - "type":"structure", - "members":{ - "ProjectDescription":{ - "shape":"ProjectDescription", - "documentation":"

    The description of the project.

    " - } - } - }, - "DetectAnomaliesRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion", - "Body", - "ContentType" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model version that you want to use.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model that you want to use.

    ", - "location":"uri", - "locationName":"modelVersion" - }, - "Body":{ - "shape":"Stream", - "documentation":"

    The unencrypted image bytes that you want to analyze.

    " - }, - "ContentType":{ - "shape":"ContentType", - "documentation":"

    The type of the image passed in Body. Valid values are image/png (PNG format images) and image/jpeg (JPG format images).

    ", - "location":"header", - "locationName":"Content-Type" - } - }, - "payload":"Body" - }, - "DetectAnomaliesResponse":{ - "type":"structure", - "members":{ - "DetectAnomalyResult":{ - "shape":"DetectAnomalyResult", - "documentation":"

    The results of the DetectAnomalies operation.

    " - } - } - }, - "DetectAnomalyResult":{ - "type":"structure", - "members":{ - "Source":{ - "shape":"ImageSource", - "documentation":"

    The source of the image that was analyzed. direct means that the images was supplied from the local computer. No other values are supported.

    " - }, - "IsAnomalous":{ - "shape":"Boolean", - "documentation":"

    True if Amazon Lookout for Vision classifies the image as containing an anomaly, otherwise false.

    " - }, - "Confidence":{ - "shape":"Float", - "documentation":"

    The confidence that Lookout for Vision has in the accuracy of the classification in IsAnomalous.

    " - }, - "Anomalies":{ - "shape":"AnomalyList", - "documentation":"

    If the model is an image segmentation model, Anomalies contains a list of anomaly types found in the image. There is one entry for each type of anomaly found (even if multiple instances of an anomaly type exist on the image). The first element in the list is always an anomaly type representing the image background ('background') and shouldn't be considered an anomaly. Amazon Lookout for Vision automatically add the background anomaly type to the response, and you don't need to declare a background anomaly type in your dataset.

    If the list has one entry ('background'), no anomalies were found on the image.

    An image classification model doesn't return an Anomalies list.

    " - }, - "AnomalyMask":{ - "shape":"AnomalyMask", - "documentation":"

    If the model is an image segmentation model, AnomalyMask contains pixel masks that covers all anomaly types found on the image. Each anomaly type has a different mask color. To map a color to an anomaly type, see the color field of the PixelAnomaly object.

    An image classification model doesn't return an Anomalies list.

    " - } - }, - "documentation":"

    The prediction results from a call to DetectAnomalies. DetectAnomalyResult includes classification information for the prediction (IsAnomalous and Confidence). If the model you use is an image segementation model, DetectAnomalyResult also includes segmentation information (Anomalies and AnomalyMask). Classification information is calculated separately from segmentation information and you shouldn't assume a relationship between them.

    " - }, - "ExceptionString":{"type":"string"}, - "Float":{"type":"float"}, - "GreengrassConfiguration":{ - "type":"structure", - "required":[ - "S3OutputLocation", - "ComponentName" - ], - "members":{ - "CompilerOptions":{ - "shape":"CompilerOptions", - "documentation":"

    Additional compiler options for the Greengrass component. Currently, only NVIDIA Graphics Processing Units (GPU) and CPU accelerators are supported. If you specify TargetDevice, don't specify CompilerOptions.

    For more information, see Compiler options in the Amazon Lookout for Vision Developer Guide.

    " - }, - "TargetDevice":{ - "shape":"TargetDevice", - "documentation":"

    The target device for the model. Currently the only supported value is jetson_xavier. If you specify TargetDevice, you can't specify TargetPlatform.

    " - }, - "TargetPlatform":{ - "shape":"TargetPlatform", - "documentation":"

    The target platform for the model. If you specify TargetPlatform, you can't specify TargetDevice.

    " - }, - "S3OutputLocation":{ - "shape":"S3Location", - "documentation":"

    An S3 location in which Lookout for Vision stores the component artifacts.

    " - }, - "ComponentName":{ - "shape":"ComponentName", - "documentation":"

    A name for the AWS IoT Greengrass component.

    " - }, - "ComponentVersion":{ - "shape":"ComponentVersion", - "documentation":"

    A Version for the AWS IoT Greengrass component. If you don't provide a value, a default value of Model Version.0.0 is used.

    " - }, - "ComponentDescription":{ - "shape":"ComponentDescription", - "documentation":"

    A description for the AWS IoT Greengrass component.

    " - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    A set of tags (key-value pairs) that you want to attach to the AWS IoT Greengrass component.

    " - } - }, - "documentation":"

    Configuration information for the AWS IoT Greengrass component created in a model packaging job. For more information, see StartModelPackagingJob.

    You can't specify a component with the same ComponentName and Componentversion as an existing component with the same component name and component version.

    " - }, - "GreengrassOutputDetails":{ - "type":"structure", - "members":{ - "ComponentVersionArn":{ - "shape":"ComponentVersionArn", - "documentation":"

    The Amazon Resource Name (ARN) of the component.

    " - }, - "ComponentName":{ - "shape":"ComponentName", - "documentation":"

    The name of the component.

    " - }, - "ComponentVersion":{ - "shape":"ComponentVersion", - "documentation":"

    The version of the component.

    " - } - }, - "documentation":"

    Information about the AWS IoT Greengrass component created by a model packaging job.

    " - }, - "ImageSource":{ - "type":"structure", - "members":{ - "Type":{ - "shape":"ImageSourceType", - "documentation":"

    The type of the image.

    " - } - }, - "documentation":"

    The source for an image.

    " - }, - "ImageSourceType":{ - "type":"string", - "pattern":"direct" - }, - "InferenceUnits":{ - "type":"integer", - "min":1 - }, - "InputS3Object":{ - "type":"structure", - "required":[ - "Bucket", - "Key" - ], - "members":{ - "Bucket":{ - "shape":"S3BucketName", - "documentation":"

    The Amazon S3 bucket that contains the manifest.

    " - }, - "Key":{ - "shape":"S3ObjectKey", - "documentation":"

    The name and location of the manifest file withiin the bucket.

    " - }, - "VersionId":{ - "shape":"S3ObjectVersion", - "documentation":"

    The version ID of the bucket.

    " - } - }, - "documentation":"

    Amazon S3 Location information for an input manifest file.

    " - }, - "Integer":{"type":"integer"}, - "InternalServerException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"ExceptionString"}, - "RetryAfterSeconds":{ - "shape":"RetryAfterSeconds", - "documentation":"

    The period of time, in seconds, before the operation can be retried.

    ", - "location":"header", - "locationName":"Retry-After" - } - }, - "documentation":"

    Amazon Lookout for Vision experienced a service issue. Try your call again.

    ", - "error":{"httpStatusCode":500}, - "exception":true, - "fault":true - }, - "IsLabeled":{"type":"boolean"}, - "KmsKeyId":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"^[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,2048}$" - }, - "ListDatasetEntriesRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "DatasetType" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the dataset that you want to list.

    ", - "location":"uri", - "locationName":"projectName" - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset that you want to list. Specify train to list the training dataset. Specify test to list the test dataset. If you have a single dataset project, specify train.

    ", - "location":"uri", - "locationName":"datasetType" - }, - "Labeled":{ - "shape":"IsLabeled", - "documentation":"

    Specify true to include labeled entries, otherwise specify false. If you don't specify a value, Lookout for Vision returns all entries.

    ", - "location":"querystring", - "locationName":"labeled" - }, - "AnomalyClass":{ - "shape":"AnomalyClassFilter", - "documentation":"

    Specify normal to include only normal images. Specify anomaly to only include anomalous entries. If you don't specify a value, Amazon Lookout for Vision returns normal and anomalous images.

    ", - "location":"querystring", - "locationName":"anomalyClass" - }, - "BeforeCreationDate":{ - "shape":"DateTime", - "documentation":"

    Only includes entries before the specified date in the response. For example, 2020-06-23T00:00:00.

    ", - "location":"querystring", - "locationName":"createdBefore" - }, - "AfterCreationDate":{ - "shape":"DateTime", - "documentation":"

    Only includes entries after the specified date in the response. For example, 2020-06-23T00:00:00.

    ", - "location":"querystring", - "locationName":"createdAfter" - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous response was incomplete (because there is more data to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of dataset entries.

    ", - "location":"querystring", - "locationName":"nextToken" - }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"

    The maximum number of results to return per paginated call. The largest value you can specify is 100. If you specify a value greater than 100, a ValidationException error occurs. The default value is 100.

    ", - "location":"querystring", - "locationName":"maxResults" - }, - "SourceRefContains":{ - "shape":"QueryString", - "documentation":"

    Perform a \"contains\" search on the values of the source-ref key within the dataset. For example a value of \"IMG_17\" returns all JSON Lines where the source-ref key value matches *IMG_17*.

    ", - "location":"querystring", - "locationName":"sourceRefContains" - } - } - }, - "ListDatasetEntriesResponse":{ - "type":"structure", - "members":{ - "DatasetEntries":{ - "shape":"DatasetEntryList", - "documentation":"

    A list of the entries (JSON Lines) within the dataset.

    " - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the response is truncated, Amazon Lookout for Vision returns this token that you can use in the subsequent request to retrieve the next set ofdataset entries.

    " - } - } - }, - "ListModelPackagingJobsRequest":{ - "type":"structure", - "required":["ProjectName"], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project for which you want to list the model packaging jobs.

    ", - "location":"uri", - "locationName":"projectName" - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous response was incomplete (because there is more results to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" - }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"

    The maximum number of results to return per paginated call. The largest value you can specify is 100. If you specify a value greater than 100, a ValidationException error occurs. The default value is 100.

    ", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListModelPackagingJobsResponse":{ - "type":"structure", - "members":{ - "ModelPackagingJobs":{ - "shape":"ModelPackagingJobsList", - "documentation":"

    A list of the model packaging jobs created for the specified Amazon Lookout for Vision project.

    " - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous response was incomplete (because there is more results to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of results.

    " - } - } - }, - "ListModelsRequest":{ - "type":"structure", - "required":["ProjectName"], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model versions that you want to list.

    ", - "location":"uri", - "locationName":"projectName" - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous response was incomplete (because there is more data to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of models.

    ", - "location":"querystring", - "locationName":"nextToken" - }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"

    The maximum number of results to return per paginated call. The largest value you can specify is 100. If you specify a value greater than 100, a ValidationException error occurs. The default value is 100.

    ", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListModelsResponse":{ - "type":"structure", - "members":{ - "Models":{ - "shape":"ModelMetadataList", - "documentation":"

    A list of model versions in the specified project.

    " - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the response is truncated, Amazon Lookout for Vision returns this token that you can use in the subsequent request to retrieve the next set of models.

    " - } - } - }, - "ListProjectsRequest":{ - "type":"structure", - "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous response was incomplete (because there is more data to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of projects.

    ", - "location":"querystring", - "locationName":"nextToken" - }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"

    The maximum number of results to return per paginated call. The largest value you can specify is 100. If you specify a value greater than 100, a ValidationException error occurs. The default value is 100.

    ", - "location":"querystring", - "locationName":"maxResults" - } - } - }, - "ListProjectsResponse":{ - "type":"structure", - "members":{ - "Projects":{ - "shape":"ProjectMetadataList", - "documentation":"

    A list of projects in your AWS account.

    " - }, - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the response is truncated, Amazon Lookout for Vision returns this token that you can use in the subsequent request to retrieve the next set of projects.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["ResourceArn"], - "members":{ - "ResourceArn":{ - "shape":"TagArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model for which you want to list tags.

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagList", - "documentation":"

    A map of tag keys and values attached to the specified model.

    " - } - } - }, - "ModelArn":{"type":"string"}, - "ModelDescription":{ - "type":"structure", - "members":{ - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model

    " - }, - "ModelArn":{ - "shape":"ModelArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The unix timestamp for the date and time that the model was created.

    " - }, - "Description":{ - "shape":"ModelDescriptionMessage", - "documentation":"

    The description for the model.

    " - }, - "Status":{ - "shape":"ModelStatus", - "documentation":"

    The status of the model.

    " - }, - "StatusMessage":{ - "shape":"ModelStatusMessage", - "documentation":"

    The status message for the model.

    " - }, - "Performance":{ - "shape":"ModelPerformance", - "documentation":"

    Performance metrics for the model. Created during training.

    " - }, - "OutputConfig":{ - "shape":"OutputConfig", - "documentation":"

    The S3 location where Amazon Lookout for Vision saves model training files.

    " - }, - "EvaluationManifest":{ - "shape":"OutputS3Object", - "documentation":"

    The S3 location where Amazon Lookout for Vision saves the manifest file that was used to test the trained model and generate the performance scores.

    " - }, - "EvaluationResult":{ - "shape":"OutputS3Object", - "documentation":"

    The S3 location where Amazon Lookout for Vision saves the performance metrics.

    " - }, - "EvaluationEndTimestamp":{ - "shape":"DateTime", - "documentation":"

    The unix timestamp for the date and time that the evaluation ended.

    " - }, - "KmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The identifer for the AWS Key Management Service (AWS KMS) key that was used to encrypt the model during training.

    " - }, - "MinInferenceUnits":{ - "shape":"InferenceUnits", - "documentation":"

    The minimum number of inference units used by the model. For more information, see StartModel

    " - }, - "MaxInferenceUnits":{ - "shape":"InferenceUnits", - "documentation":"

    The maximum number of inference units Amazon Lookout for Vision uses to auto-scale the model. For more information, see StartModel.

    " - } - }, - "documentation":"

    Describes an Amazon Lookout for Vision model.

    " - }, - "ModelDescriptionMessage":{ - "type":"string", - "max":500, - "min":1, - "pattern":"[0-9A-Za-z\\.\\-_]*" - }, - "ModelHostingStatus":{ - "type":"string", - "enum":[ - "STARTING_HOSTING", - "HOSTED", - "HOSTING_FAILED", - "STOPPING_HOSTING", - "SYSTEM_UPDATING" - ] - }, - "ModelMetadata":{ - "type":"structure", - "members":{ - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The unix timestamp for the date and time that the model was created.

    " - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model.

    " - }, - "ModelArn":{ - "shape":"ModelArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model.

    " - }, - "Description":{ - "shape":"ModelDescriptionMessage", - "documentation":"

    The description for the model.

    " - }, - "Status":{ - "shape":"ModelStatus", - "documentation":"

    The status of the model.

    " - }, - "StatusMessage":{ - "shape":"ModelStatusMessage", - "documentation":"

    The status message for the model.

    " - }, - "Performance":{ - "shape":"ModelPerformance", - "documentation":"

    Performance metrics for the model. Not available until training has successfully completed.

    " - } - }, - "documentation":"

    Describes an Amazon Lookout for Vision model.

    " - }, - "ModelMetadataList":{ - "type":"list", - "member":{"shape":"ModelMetadata"} - }, - "ModelPackagingConfiguration":{ - "type":"structure", - "required":["Greengrass"], - "members":{ - "Greengrass":{ - "shape":"GreengrassConfiguration", - "documentation":"

    Configuration information for the AWS IoT Greengrass component in a model packaging job.

    " - } - }, - "documentation":"

    Configuration information for a Amazon Lookout for Vision model packaging job. For more information, see StartModelPackagingJob.

    " - }, - "ModelPackagingDescription":{ - "type":"structure", - "members":{ - "JobName":{ - "shape":"ModelPackagingJobName", - "documentation":"

    The name of the model packaging job.

    " - }, - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that's associated with a model that's in the model package.

    " - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model used in the model packaging job.

    " - }, - "ModelPackagingConfiguration":{ - "shape":"ModelPackagingConfiguration", - "documentation":"

    The configuration information used in the model packaging job.

    " - }, - "ModelPackagingJobDescription":{ - "shape":"ModelPackagingJobDescription", - "documentation":"

    The description for the model packaging job.

    " - }, - "ModelPackagingMethod":{ - "shape":"ModelPackagingMethod", - "documentation":"

    The AWS service used to package the job. Currently Lookout for Vision can package jobs with AWS IoT Greengrass.

    " - }, - "ModelPackagingOutputDetails":{ - "shape":"ModelPackagingOutputDetails", - "documentation":"

    Information about the output of the model packaging job. For more information, see DescribeModelPackagingJob.

    " - }, - "Status":{ - "shape":"ModelPackagingJobStatus", - "documentation":"

    The status of the model packaging job.

    " - }, - "StatusMessage":{ - "shape":"ModelPackagingStatusMessage", - "documentation":"

    The status message for the model packaging job.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the time and date that the model packaging job was created.

    " - }, - "LastUpdatedTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the time and date that the model packaging job was last updated.

    " - } - }, - "documentation":"

    Information about a model packaging job. For more information, see DescribeModelPackagingJob.

    " - }, - "ModelPackagingJobDescription":{ - "type":"string", - "max":256, - "min":1, - "pattern":"[a-zA-Z0-9-_. ()':,;?]+" - }, - "ModelPackagingJobMetadata":{ - "type":"structure", - "members":{ - "JobName":{ - "shape":"ModelPackagingJobName", - "documentation":"

    The name of the model packaging job.

    " - }, - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The project that contains the model that is in the model package.

    " - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model that is in the model package.

    " - }, - "ModelPackagingJobDescription":{ - "shape":"ModelPackagingJobDescription", - "documentation":"

    The description for the model packaging job.

    " - }, - "ModelPackagingMethod":{ - "shape":"ModelPackagingMethod", - "documentation":"

    The AWS service used to package the job. Currently Lookout for Vision can package jobs with AWS IoT Greengrass.

    " - }, - "Status":{ - "shape":"ModelPackagingJobStatus", - "documentation":"

    The status of the model packaging job.

    " - }, - "StatusMessage":{ - "shape":"ModelPackagingStatusMessage", - "documentation":"

    The status message for the model packaging job.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the time and date that the model packaging job was created.

    " - }, - "LastUpdatedTimestamp":{ - "shape":"DateTime", - "documentation":"

    The Unix timestamp for the time and date that the model packaging job was last updated.

    " - } - }, - "documentation":"

    Metadata for a model packaging job. For more information, see ListModelPackagingJobs.

    " - }, - "ModelPackagingJobName":{ - "type":"string", - "max":64, - "min":1, - "pattern":"[a-zA-Z0-9-]+" - }, - "ModelPackagingJobStatus":{ - "type":"string", - "enum":[ - "CREATED", - "RUNNING", - "SUCCEEDED", - "FAILED" - ] - }, - "ModelPackagingJobsList":{ - "type":"list", - "member":{"shape":"ModelPackagingJobMetadata"} - }, - "ModelPackagingMethod":{ - "type":"string", - "max":32, - "min":1, - "pattern":"^[a-zA-Z0-9]+" - }, - "ModelPackagingOutputDetails":{ - "type":"structure", - "members":{ - "Greengrass":{ - "shape":"GreengrassOutputDetails", - "documentation":"

    Information about the AWS IoT Greengrass component in a model packaging job.

    " - } - }, - "documentation":"

    Information about the output from a model packaging job.

    " - }, - "ModelPackagingStatusMessage":{"type":"string"}, - "ModelPerformance":{ - "type":"structure", - "members":{ - "F1Score":{ - "shape":"Float", - "documentation":"

    The overall F1 score metric for the trained model.

    " - }, - "Recall":{ - "shape":"Float", - "documentation":"

    The overall recall metric value for the trained model.

    " - }, - "Precision":{ - "shape":"Float", - "documentation":"

    The overall precision metric value for the trained model.

    " - } - }, - "documentation":"

    Information about the evaluation performance of a trained model.

    " - }, - "ModelStatus":{ - "type":"string", - "enum":[ - "TRAINING", - "TRAINED", - "TRAINING_FAILED", - "STARTING_HOSTING", - "HOSTED", - "HOSTING_FAILED", - "STOPPING_HOSTING", - "SYSTEM_UPDATING", - "DELETING" - ] - }, - "ModelStatusMessage":{"type":"string"}, - "ModelVersion":{ - "type":"string", - "max":10, - "min":1, - "pattern":"([1-9][0-9]*|latest)" - }, - "ModelVersionNoLatest":{ - "type":"string", - "max":10, - "min":1, - "pattern":"([1-9][0-9]*)" - }, - "OutputConfig":{ - "type":"structure", - "required":["S3Location"], - "members":{ - "S3Location":{ - "shape":"S3Location", - "documentation":"

    The S3 location for the output.

    " - } - }, - "documentation":"

    The S3 location where Amazon Lookout for Vision saves model training files.

    " - }, - "OutputS3Object":{ - "type":"structure", - "required":[ - "Bucket", - "Key" - ], - "members":{ - "Bucket":{ - "shape":"S3BucketName", - "documentation":"

    The bucket that contains the training output.

    " - }, - "Key":{ - "shape":"S3ObjectKey", - "documentation":"

    The location of the training output in the bucket.

    " - } - }, - "documentation":"

    The S3 location where Amazon Lookout for Vision saves training output.

    " - }, - "PageSize":{ - "type":"integer", - "max":100, - "min":1 - }, - "PaginationToken":{ - "type":"string", - "max":2048, - "pattern":"^[a-zA-Z0-9\\/\\+\\=]{0,2048}$" - }, - "PixelAnomaly":{ - "type":"structure", - "members":{ - "TotalPercentageArea":{ - "shape":"Float", - "documentation":"

    The percentage area of the image that the anomaly type covers.

    " - }, - "Color":{ - "shape":"Color", - "documentation":"

    A hex color value for the mask that covers an anomaly type. Each anomaly type has a different mask color. The color maps to the color of the anomaly type used in the training dataset.

    " - } - }, - "documentation":"

    Information about the pixels in an anomaly mask. For more information, see Anomaly. PixelAnomaly is only returned by image segmentation models.

    " - }, - "ProjectArn":{"type":"string"}, - "ProjectDescription":{ - "type":"structure", - "members":{ - "ProjectArn":{ - "shape":"ProjectArn", - "documentation":"

    The Amazon Resource Name (ARN) of the project.

    " - }, - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The unix timestamp for the date and time that the project was created.

    " - }, - "Datasets":{ - "shape":"DatasetMetadataList", - "documentation":"

    A list of datasets in the project.

    " - } - }, - "documentation":"

    Describe an Amazon Lookout for Vision project. For more information, see DescribeProject.

    " - }, - "ProjectMetadata":{ - "type":"structure", - "members":{ - "ProjectArn":{ - "shape":"ProjectArn", - "documentation":"

    The Amazon Resource Name (ARN) of the project.

    " - }, - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project.

    " - }, - "CreationTimestamp":{ - "shape":"DateTime", - "documentation":"

    The unix timestamp for the date and time that the project was created.

    " - } - }, - "documentation":"

    Metadata about an Amazon Lookout for Vision project.

    " - }, - "ProjectMetadataList":{ - "type":"list", - "member":{"shape":"ProjectMetadata"} - }, - "ProjectName":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[a-zA-Z0-9][a-zA-Z0-9_\\-]*" - }, - "QueryString":{ - "type":"string", - "max":2048, - "min":1, - "pattern":".*\\S.*" - }, - "ResourceNotFoundException":{ - "type":"structure", - "required":[ - "Message", - "ResourceId", - "ResourceType" - ], - "members":{ - "Message":{"shape":"ExceptionString"}, - "ResourceId":{ - "shape":"ExceptionString", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - } - }, - "documentation":"

    The resource could not be found.

    ", - "error":{"httpStatusCode":404}, - "exception":true - }, - "ResourceType":{ - "type":"string", - "enum":[ - "PROJECT", - "DATASET", - "MODEL", - "TRIAL", - "MODEL_PACKAGE_JOB" - ] - }, - "RetryAfterSeconds":{"type":"integer"}, - "S3BucketName":{ - "type":"string", - "max":63, - "min":3, - "pattern":"[0-9A-Za-z\\.\\-_]*" - }, - "S3KeyPrefix":{ - "type":"string", - "max":1024, - "pattern":"^([a-zA-Z0-9!_.*'()-][/a-zA-Z0-9!_.*'()-]*)?$" - }, - "S3Location":{ - "type":"structure", - "required":["Bucket"], - "members":{ - "Bucket":{ - "shape":"S3BucketName", - "documentation":"

    The S3 bucket that contains the training or model packaging job output. If you are training a model, the bucket must in your AWS account. If you use an S3 bucket for a model packaging job, the S3 bucket must be in the same AWS Region and AWS account in which you use AWS IoT Greengrass.

    " - }, - "Prefix":{ - "shape":"S3KeyPrefix", - "documentation":"

    The path of the folder, within the S3 bucket, that contains the output.

    " - } - }, - "documentation":"

    Information about the location of training output or the output of a model packaging job.

    " - }, - "S3ObjectKey":{ - "type":"string", - "max":1024, - "min":1, - "pattern":"^([a-zA-Z0-9!_.*'()-][/a-zA-Z0-9!_.*'()-]*)?$" - }, - "S3ObjectVersion":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".*" - }, - "ServiceQuotaExceededException":{ - "type":"structure", - "required":[ - "Message", - "QuotaCode", - "ServiceCode" - ], - "members":{ - "Message":{"shape":"ExceptionString"}, - "ResourceId":{ - "shape":"ExceptionString", - "documentation":"

    The ID of the resource.

    " - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource.

    " - }, - "QuotaCode":{ - "shape":"ExceptionString", - "documentation":"

    The quota code.

    " - }, - "ServiceCode":{ - "shape":"ExceptionString", - "documentation":"

    The service code.

    " - } - }, - "documentation":"

    A service quota was exceeded the allowed limit. For more information, see Limits in Amazon Lookout for Vision in the Amazon Lookout for Vision Developer Guide.

    ", - "error":{"httpStatusCode":402}, - "exception":true - }, - "StartModelPackagingJobRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion", - "Configuration" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project which contains the version of the model that you want to package.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model within the project that you want to package.

    " - }, - "JobName":{ - "shape":"ModelPackagingJobName", - "documentation":"

    A name for the model packaging job. If you don't supply a value, the service creates a job name for you.

    " - }, - "Configuration":{ - "shape":"ModelPackagingConfiguration", - "documentation":"

    The configuration for the model packaging job.

    " - }, - "Description":{ - "shape":"ModelPackagingJobDescription", - "documentation":"

    A description for the model packaging job.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to StartModelPackagingJob completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from StartModelPackagingJob. In this case, safely retry your call to StartModelPackagingJob by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple dataset creation requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to StartModelPackagingJob. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "StartModelPackagingJobResponse":{ - "type":"structure", - "members":{ - "JobName":{ - "shape":"ModelPackagingJobName", - "documentation":"

    The job name for the model packaging job. If you don't supply a job name in the JobName input parameter, the service creates a job name for you.

    " - } - } - }, - "StartModelRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion", - "MinInferenceUnits" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model that you want to start.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model that you want to start.

    ", - "location":"uri", - "locationName":"modelVersion" - }, - "MinInferenceUnits":{ - "shape":"InferenceUnits", - "documentation":"

    The minimum number of inference units to use. A single inference unit represents 1 hour of processing. Use a higher number to increase the TPS throughput of your model. You are charged for the number of inference units that you use.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to StartModel completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from StartModel. In this case, safely retry your call to StartModel by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple start requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to StartModel. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - }, - "MaxInferenceUnits":{ - "shape":"InferenceUnits", - "documentation":"

    The maximum number of inference units to use for auto-scaling the model. If you don't specify a value, Amazon Lookout for Vision doesn't auto-scale the model.

    " - } - } - }, - "StartModelResponse":{ - "type":"structure", - "members":{ - "Status":{ - "shape":"ModelHostingStatus", - "documentation":"

    The current running status of the model.

    " - } - } - }, - "StopModelRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "ModelVersion" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the model that you want to stop.

    ", - "location":"uri", - "locationName":"projectName" - }, - "ModelVersion":{ - "shape":"ModelVersion", - "documentation":"

    The version of the model that you want to stop.

    ", - "location":"uri", - "locationName":"modelVersion" - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to StopModel completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from StopModel. In this case, safely retry your call to StopModel by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple stop requests. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to StopModel. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "StopModelResponse":{ - "type":"structure", - "members":{ - "Status":{ - "shape":"ModelHostingStatus", - "documentation":"

    The status of the model.

    " - } - } - }, - "Stream":{ - "type":"blob", - "requiresLength":true, - "streaming":true - }, - "Tag":{ - "type":"structure", - "required":[ - "Key", - "Value" - ], - "members":{ - "Key":{ - "shape":"TagKey", - "documentation":"

    The key of the tag that is attached to the specified model.

    " - }, - "Value":{ - "shape":"TagValue", - "documentation":"

    The value of the tag that is attached to the specified model.

    " - } - }, - "documentation":"

    A key and value pair that is attached to the specified Amazon Lookout for Vision model.

    " - }, - "TagArn":{ - "type":"string", - "max":1011, - "min":1 - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":200, - "min":0 - }, - "TagList":{ - "type":"list", - "member":{"shape":"Tag"}, - "max":200, - "min":0 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "Tags" - ], - "members":{ - "ResourceArn":{ - "shape":"TagArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model to assign the tags.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    The key-value tags to assign to the model.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - }, - "TargetDevice":{ - "type":"string", - "enum":["jetson_xavier"] - }, - "TargetPlatform":{ - "type":"structure", - "required":[ - "Os", - "Arch" - ], - "members":{ - "Os":{ - "shape":"TargetPlatformOs", - "documentation":"

    The target operating system for the model. Linux is the only operating system that is currently supported.

    " - }, - "Arch":{ - "shape":"TargetPlatformArch", - "documentation":"

    The target architecture for the model. The currently supported architectures are X86_64 (64-bit version of the x86 instruction set) and ARM_64 (ARMv8 64-bit CPU).

    " - }, - "Accelerator":{ - "shape":"TargetPlatformAccelerator", - "documentation":"

    The target accelerator for the model. Currently, Amazon Lookout for Vision only supports NVIDIA (Nvidia graphics processing unit) and CPU accelerators. If you specify NVIDIA as an accelerator, you must also specify the gpu-code, trt-ver, and cuda-ver compiler options. If you don't specify an accelerator, Lookout for Vision uses the CPU for compilation and we highly recommend that you use the GreengrassConfiguration$CompilerOptions field. For example, you can use the following compiler options for CPU:

    • mcpu: CPU micro-architecture. For example, {'mcpu': 'skylake-avx512'}

    • mattr: CPU flags. For example, {'mattr': ['+neon', '+vfpv4']}

    " - } - }, - "documentation":"

    The platform on which a model runs on an AWS IoT Greengrass core device.

    " - }, - "TargetPlatformAccelerator":{ - "type":"string", - "enum":["NVIDIA"] - }, - "TargetPlatformArch":{ - "type":"string", - "enum":[ - "ARM64", - "X86_64" - ] - }, - "TargetPlatformOs":{ - "type":"string", - "enum":["LINUX"] - }, - "ThrottlingException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"ExceptionString"}, - "QuotaCode":{ - "shape":"ExceptionString", - "documentation":"

    The quota code.

    " - }, - "ServiceCode":{ - "shape":"ExceptionString", - "documentation":"

    The service code.

    " - }, - "RetryAfterSeconds":{ - "shape":"RetryAfterSeconds", - "documentation":"

    The period of time, in seconds, before the operation can be retried.

    ", - "location":"header", - "locationName":"Retry-After" - } - }, - "documentation":"

    Amazon Lookout for Vision is temporarily unable to process the request. Try your call again.

    ", - "error":{"httpStatusCode":429}, - "exception":true - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "TagKeys" - ], - "members":{ - "ResourceArn":{ - "shape":"TagArn", - "documentation":"

    The Amazon Resource Name (ARN) of the model from which you want to remove tags.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "TagKeys":{ - "shape":"TagKeyList", - "documentation":"

    A list of the keys of the tags that you want to remove.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateDatasetEntriesRequest":{ - "type":"structure", - "required":[ - "ProjectName", - "DatasetType", - "Changes" - ], - "members":{ - "ProjectName":{ - "shape":"ProjectName", - "documentation":"

    The name of the project that contains the dataset that you want to update.

    ", - "location":"uri", - "locationName":"projectName" - }, - "DatasetType":{ - "shape":"DatasetType", - "documentation":"

    The type of the dataset that you want to update. Specify train to update the training dataset. Specify test to update the test dataset. If you have a single dataset project, specify train.

    ", - "location":"uri", - "locationName":"datasetType" - }, - "Changes":{ - "shape":"DatasetChanges", - "documentation":"

    The entries to add to the dataset.

    " - }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    ClientToken is an idempotency token that ensures a call to UpdateDatasetEntries completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from UpdateDatasetEntries. In this case, safely retry your call to UpdateDatasetEntries by using the same ClientToken parameter value.

    If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple updates with the same dataset entries. You'll need to provide your own value for other use cases.

    An error occurs if the other input parameters are not the same as in the first request. Using a different value for ClientToken is considered a new call to UpdateDatasetEntries. An idempotency token is active for 8 hours.

    ", - "idempotencyToken":true, - "location":"header", - "locationName":"X-Amzn-Client-Token" - } - } - }, - "UpdateDatasetEntriesResponse":{ - "type":"structure", - "members":{ - "Status":{ - "shape":"DatasetStatus", - "documentation":"

    The status of the dataset update.

    " - } - } - }, - "ValidationException":{ - "type":"structure", - "required":["Message"], - "members":{ - "Message":{"shape":"ExceptionString"} - }, - "documentation":"

    An input validation error occured. For example, invalid characters in a project name, or if a pagination token is invalid.

    ", - "error":{"httpStatusCode":400}, - "exception":true - } - }, - "documentation":"

    This is the Amazon Lookout for Vision API Reference. It provides descriptions of actions, data types, common parameters, and common errors.

    Amazon Lookout for Vision enables you to find visual defects in industrial products, accurately and at scale. It uses computer vision to identify missing components in an industrial product, damage to vehicles or structures, irregularities in production lines, and even minuscule defects in silicon wafers — or any other physical item where quality is important such as a missing capacitor on printed circuit boards.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/m2/2021-04-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/m2/2021-04-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/m2/2021-04-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/m2/2021-04-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/m2/2021-04-28/paginators-1.json 2.31.35-1/awscli/botocore/data/m2/2021-04-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/m2/2021-04-28/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/m2/2021-04-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,6 +53,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "environments" + }, + "ListDataSetExportHistory": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dataSetExportTasks" } } } diff -pruN 2.23.6-1/awscli/botocore/data/m2/2021-04-28/service-2.json 2.31.35-1/awscli/botocore/data/m2/2021-04-28/service-2.json --- 2.23.6-1/awscli/botocore/data/m2/2021-04-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/m2/2021-04-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,6 +53,27 @@ "documentation":"

    Creates a new application with given parameters. Requires an existing runtime environment and application definition file.

    ", "idempotent":true }, + "CreateDataSetExportTask":{ + "name":"CreateDataSetExportTask", + "http":{ + "method":"POST", + "requestUri":"/applications/{applicationId}/dataset-export-task", + "responseCode":200 + }, + "input":{"shape":"CreateDataSetExportTaskRequest"}, + "output":{"shape":"CreateDataSetExportTaskResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Starts a data set export task for a specific application.

    ", + "idempotent":true + }, "CreateDataSetImportTask":{ "name":"CreateDataSetImportTask", "http":{ @@ -247,6 +268,24 @@ ], "documentation":"

    Gets the details of a specific data set.

    " }, + "GetDataSetExportTask":{ + "name":"GetDataSetExportTask", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/dataset-export-tasks/{taskId}", + "responseCode":200 + }, + "input":{"shape":"GetDataSetExportTaskRequest"}, + "output":{"shape":"GetDataSetExportTaskResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Gets the status of a data set import task initiated with the CreateDataSetExportTask operation.

    " + }, "GetDataSetImportTask":{ "name":"GetDataSetImportTask", "http":{ @@ -406,6 +445,24 @@ ], "documentation":"

    Lists all the job steps for a JCL file to restart a batch job. This is only applicable for Micro Focus engine with versions 8.0.6 and above.

    " }, + "ListDataSetExportHistory":{ + "name":"ListDataSetExportHistory", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/dataset-export-tasks", + "responseCode":200 + }, + "input":{"shape":"ListDataSetExportHistoryRequest"}, + "output":{"shape":"ListDataSetExportHistoryResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the data set exports for the specified application.

    " + }, "ListDataSetImportHistory":{ "name":"ListDataSetImportHistory", "http":{ @@ -1114,6 +1171,44 @@ } } }, + "CreateDataSetExportTaskRequest":{ + "type":"structure", + "required":[ + "applicationId", + "exportConfig" + ], + "members":{ + "applicationId":{ + "shape":"Identifier", + "documentation":"

    The unique identifier of the application for which you want to export data sets.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier you provide to ensure the idempotency of the request to create a data set export. The service generates the clientToken when the API call is triggered. The token expires after one hour, so if you retry the API within this timeframe with the same clientToken, you will get the same response. The service also handles deleting the clientToken after it expires.

    ", + "idempotencyToken":true + }, + "exportConfig":{ + "shape":"DataSetExportConfig", + "documentation":"

    The data set export task configuration.

    " + }, + "kmsKeyId":{ + "shape":"KMSKeyId", + "documentation":"

    The identifier of a customer managed key.

    " + } + } + }, + "CreateDataSetExportTaskResponse":{ + "type":"structure", + "required":["taskId"], + "members":{ + "taskId":{ + "shape":"Identifier", + "documentation":"

    The task identifier. This operation is asynchronous. Use this identifier with the GetDataSetExportTask operation to obtain the status of this task.

    " + } + } + }, "CreateDataSetImportTaskRequest":{ "type":"structure", "required":[ @@ -1299,6 +1394,109 @@ }, "documentation":"

    Defines a data set.

    " }, + "DataSetExportConfig":{ + "type":"structure", + "members":{ + "dataSets":{ + "shape":"DataSetExportList", + "documentation":"

    The data sets.

    " + }, + "s3Location":{ + "shape":"String", + "documentation":"

    The Amazon S3 location of the data sets.

    " + } + }, + "documentation":"

    Identifies one or more data sets you want to import with the CreateDataSetExportTask operation.

    ", + "union":true + }, + "DataSetExportItem":{ + "type":"structure", + "required":[ + "datasetName", + "externalLocation" + ], + "members":{ + "datasetName":{ + "shape":"String200", + "documentation":"

    The data set.

    " + }, + "externalLocation":{ + "shape":"ExternalLocation", + "documentation":"

    The location of the data set.

    " + } + }, + "documentation":"

    Identifies a specific data set to export from an external location.

    " + }, + "DataSetExportList":{ + "type":"list", + "member":{"shape":"DataSetExportItem"}, + "max":1024, + "min":1 + }, + "DataSetExportSummary":{ + "type":"structure", + "required":[ + "failed", + "inProgress", + "pending", + "succeeded", + "total" + ], + "members":{ + "failed":{ + "shape":"Integer", + "documentation":"

    The number of data set exports that have failed.

    " + }, + "inProgress":{ + "shape":"Integer", + "documentation":"

    The number of data set exports that are in progress.

    " + }, + "pending":{ + "shape":"Integer", + "documentation":"

    The number of data set exports that are pending.

    " + }, + "succeeded":{ + "shape":"Integer", + "documentation":"

    The number of data set exports that have succeeded.

    " + }, + "total":{ + "shape":"Integer", + "documentation":"

    The total number of data set exports.

    " + } + }, + "documentation":"

    Represents a summary of data set exports.

    " + }, + "DataSetExportTask":{ + "type":"structure", + "required":[ + "status", + "summary", + "taskId" + ], + "members":{ + "status":{ + "shape":"DataSetTaskLifecycle", + "documentation":"

    The status of the data set export task.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    If dataset exports failed, the failure reason will show here.

    " + }, + "summary":{ + "shape":"DataSetExportSummary", + "documentation":"

    A summary of the data set export task.

    " + }, + "taskId":{ + "shape":"Identifier", + "documentation":"

    The identifier of the data set export task.

    " + } + }, + "documentation":"

    Contains information about a data set export task.

    " + }, + "DataSetExportTaskList":{ + "type":"list", + "member":{"shape":"DataSetExportTask"} + }, "DataSetImportConfig":{ "type":"structure", "members":{ @@ -2196,6 +2394,56 @@ } } }, + "GetDataSetExportTaskRequest":{ + "type":"structure", + "required":[ + "applicationId", + "taskId" + ], + "members":{ + "applicationId":{ + "shape":"Identifier", + "documentation":"

    The application identifier.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "taskId":{ + "shape":"Identifier", + "documentation":"

    The task identifier returned by the CreateDataSetExportTask operation.

    ", + "location":"uri", + "locationName":"taskId" + } + } + }, + "GetDataSetExportTaskResponse":{ + "type":"structure", + "required":[ + "status", + "taskId" + ], + "members":{ + "kmsKeyArn":{ + "shape":"String", + "documentation":"

    The identifier of a customer managed key used for exported data set encryption.

    " + }, + "status":{ + "shape":"DataSetTaskLifecycle", + "documentation":"

    The status of the task.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    If dataset export failed, the failure reason will show here.

    " + }, + "summary":{ + "shape":"DataSetExportSummary", + "documentation":"

    A summary of the status of the task.

    " + }, + "taskId":{ + "shape":"Identifier", + "documentation":"

    The task identifier.

    " + } + } + }, "GetDataSetImportTaskRequest":{ "type":"structure", "required":[ @@ -2498,6 +2746,19 @@ "shape":"Integer", "documentation":"

    The number of a procedure step.

    " }, + "stepCheckpoint":{ + "shape":"Integer", + "documentation":"

    A registered step-level checkpoint identifier that can be used for restarting an Amazon Web Services Blu Age application batch job.

    ", + "box":true + }, + "stepCheckpointStatus":{ + "shape":"String", + "documentation":"

    The step-level checkpoint status for an Amazon Web Services Blu Age application batch job.

    " + }, + "stepCheckpointTime":{ + "shape":"Timestamp", + "documentation":"

    The step-level checkpoint status for an Amazon Web Services Blu Age application batch job.

    " + }, "stepCondCode":{ "shape":"String", "documentation":"

    The condition code of a step.

    " @@ -2529,6 +2790,16 @@ "shape":"String", "documentation":"

    The step name that a batch job was restarted from.

    " }, + "skip":{ + "shape":"Boolean", + "documentation":"

    The step-level checkpoint timestamp (creation or last modification) for an Amazon Web Services Blu Age application batch job.

    ", + "box":true + }, + "stepCheckpoint":{ + "shape":"Integer", + "documentation":"

    Skip selected step and issue a restart from immediate successor step for an Amazon Web Services Blu Age application batch job.

    ", + "box":true + }, "toProcStep":{ "shape":"String", "documentation":"

    The procedure step name that a batch job was restarted to.

    " @@ -2540,6 +2811,12 @@ }, "documentation":"

    Provides step/procedure step information for a restart batch job operation.

    " }, + "KMSKeyId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^[a-zA-Z0-9:/_-]+$" + }, "ListApplicationVersionsRequest":{ "type":"structure", "required":["applicationId"], @@ -2769,6 +3046,44 @@ } } }, + "ListDataSetExportHistoryRequest":{ + "type":"structure", + "required":["applicationId"], + "members":{ + "applicationId":{ + "shape":"Identifier", + "documentation":"

    The unique identifier of the application.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of objects to return.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token returned from a previous call to this operation. This specifies the next item to return. To return to the beginning of the list, exclude this parameter.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListDataSetExportHistoryResponse":{ + "type":"structure", + "required":["dataSetExportTasks"], + "members":{ + "dataSetExportTasks":{ + "shape":"DataSetExportTaskList", + "documentation":"

    The data set export tasks.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If there are more items to return, this contains a token that is passed to a subsequent call to this operation to retrieve the next set of items.

    " + } + } + }, "ListDataSetImportHistoryRequest":{ "type":"structure", "required":["applicationId"], diff -pruN 2.23.6-1/awscli/botocore/data/machinelearning/2014-12-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/machinelearning/2014-12-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/machinelearning/2014-12-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/machinelearning/2014-12-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/machinelearning/2014-12-12/service-2.json 2.31.35-1/awscli/botocore/data/machinelearning/2014-12-12/service-2.json --- 2.23.6-1/awscli/botocore/data/machinelearning/2014-12-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/machinelearning/2014-12-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"machinelearning", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Machine Learning", "serviceId":"Machine Learning", "signatureVersion":"v4", "targetPrefix":"AmazonML_20141212", - "uid":"machinelearning-2014-12-12" + "uid":"machinelearning-2014-12-12", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddTags":{ diff -pruN 2.23.6-1/awscli/botocore/data/macie2/2020-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/macie2/2020-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/macie2/2020-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/macie2/2020-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/macie2/2020-01-01/service-2.json 2.31.35-1/awscli/botocore/data/macie2/2020-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/macie2/2020-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/macie2/2020-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2485,9 +2485,7 @@ "shape": "ListManagedDataIdentifiersResponse", "documentation": "

    The request succeeded.

    " }, - "errors": [ - - ], + "errors": [], "documentation": "

    Retrieves information about all the managed data identifiers that Amazon Macie currently provides.

    " }, "ListMembers": { @@ -2714,9 +2712,7 @@ "shape": "ListTagsForResourceResponse", "documentation": "

    The request succeeded.

    " }, - "errors": [ - - ], + "errors": [], "documentation": "

    Retrieves the tags (keys and values) that are associated with an Amazon Macie resource.

    " }, "PutClassificationExportConfiguration": { @@ -2871,9 +2867,7 @@ "shape": "TagResourceResponse", "documentation": "

    The request succeeded and there isn't any content to include in the body of the response (No Content).

    " }, - "errors": [ - - ], + "errors": [], "documentation": "

    Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource.

    " }, "TestCustomDataIdentifier": { @@ -2936,9 +2930,7 @@ "shape": "UntagResourceResponse", "documentation": "

    The request succeeded and there isn't any content to include in the body of the response (No Content).

    " }, - "errors": [ - - ], + "errors": [], "documentation": "

    Removes one or more tags (keys and values) from an Amazon Macie resource.

    " }, "UpdateAllowList": { @@ -3464,8 +3456,7 @@ }, "AcceptInvitationResponse": { "type": "structure", - "members": { - } + "members": {} }, "AccessControlList": { "type": "structure", @@ -4879,8 +4870,7 @@ }, "CreateSampleFindingsResponse": { "type": "structure", - "members": { - } + "members": {} }, "CriteriaBlockForJob": { "type": "structure", @@ -5049,8 +5039,7 @@ }, "DailySchedule": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "

    Specifies that a classification job runs once a day, every day. This is an empty object.

    " }, "DataIdentifierSeverity": { @@ -5155,8 +5144,7 @@ }, "DeleteAllowListResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeleteCustomDataIdentifierRequest": { "type": "structure", @@ -5174,8 +5162,7 @@ }, "DeleteCustomDataIdentifierResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeleteFindingsFilterRequest": { "type": "structure", @@ -5193,8 +5180,7 @@ }, "DeleteFindingsFilterResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeleteInvitationsRequest": { "type": "structure", @@ -5235,8 +5221,7 @@ }, "DeleteMemberResponse": { "type": "structure", - "members": { - } + "members": {} }, "DescribeBucketsRequest": { "type": "structure", @@ -5405,8 +5390,7 @@ }, "DescribeOrganizationConfigurationRequest": { "type": "structure", - "members": { - } + "members": {} }, "DescribeOrganizationConfigurationResponse": { "type": "structure", @@ -5475,13 +5459,11 @@ }, "DisableMacieRequest": { "type": "structure", - "members": { - } + "members": {} }, "DisableMacieResponse": { "type": "structure", - "members": { - } + "members": {} }, "DisableOrganizationAdminAccountRequest": { "type": "structure", @@ -5499,28 +5481,23 @@ }, "DisableOrganizationAdminAccountResponse": { "type": "structure", - "members": { - } + "members": {} }, "DisassociateFromAdministratorAccountRequest": { "type": "structure", - "members": { - } + "members": {} }, "DisassociateFromAdministratorAccountResponse": { "type": "structure", - "members": { - } + "members": {} }, "DisassociateFromMasterAccountRequest": { "type": "structure", - "members": { - } + "members": {} }, "DisassociateFromMasterAccountResponse": { "type": "structure", - "members": { - } + "members": {} }, "DisassociateMemberRequest": { "type": "structure", @@ -5538,8 +5515,7 @@ }, "DisassociateMemberResponse": { "type": "structure", - "members": { - } + "members": {} }, "DomainDetails": { "type": "structure", @@ -5562,8 +5538,7 @@ }, "Empty": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "

    The request succeeded and there isn't any content to include in the body of the response (No Content).

    " }, "EnableMacieRequest": { @@ -5589,8 +5564,7 @@ }, "EnableMacieResponse": { "type": "structure", - "members": { - } + "members": {} }, "EnableOrganizationAdminAccountRequest": { "type": "structure", @@ -5613,8 +5587,7 @@ }, "EnableOrganizationAdminAccountResponse": { "type": "structure", - "members": { - } + "members": {} }, "EncryptionType": { "type": "string", @@ -5916,8 +5889,7 @@ }, "GetAdministratorAccountRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetAdministratorAccountResponse": { "type": "structure", @@ -5995,8 +5967,7 @@ }, "GetAutomatedDiscoveryConfigurationRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetAutomatedDiscoveryConfigurationResponse": { "type": "structure", @@ -6125,8 +6096,7 @@ }, "GetClassificationExportConfigurationRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetClassificationExportConfigurationResponse": { "type": "structure", @@ -6350,8 +6320,7 @@ }, "GetFindingsPublicationConfigurationRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetFindingsPublicationConfigurationResponse": { "type": "structure", @@ -6393,8 +6362,7 @@ }, "GetInvitationsCountRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetInvitationsCountResponse": { "type": "structure", @@ -6408,8 +6376,7 @@ }, "GetMacieSessionRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetMacieSessionResponse": { "type": "structure", @@ -6443,8 +6410,7 @@ }, "GetMasterAccountRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetMasterAccountResponse": { "type": "structure", @@ -6561,8 +6527,7 @@ }, "GetRevealConfigurationRequest": { "type": "structure", - "members": { - } + "members": {} }, "GetRevealConfigurationResponse": { "type": "structure", @@ -8134,8 +8099,7 @@ }, "PutFindingsPublicationConfigurationResponse": { "type": "structure", - "members": { - } + "members": {} }, "Range": { "type": "structure", @@ -9405,8 +9369,7 @@ }, "TagResourceResponse": { "type": "structure", - "members": { - } + "members": {} }, "TagScopeTerm": { "type": "structure", @@ -9623,8 +9586,7 @@ }, "UntagResourceResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateAllowListRequest": { "type": "structure", @@ -9692,8 +9654,7 @@ }, "UpdateAutomatedDiscoveryConfigurationResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateClassificationJobRequest": { "type": "structure", @@ -9717,8 +9678,7 @@ }, "UpdateClassificationJobResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateClassificationScopeRequest": { "type": "structure", @@ -9741,8 +9701,7 @@ }, "UpdateClassificationScopeResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateFindingsFilterRequest": { "type": "structure", @@ -9821,8 +9780,7 @@ }, "UpdateMacieSessionResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateMemberSessionRequest": { "type": "structure", @@ -9846,8 +9804,7 @@ }, "UpdateMemberSessionResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateOrganizationConfigurationRequest": { "type": "structure", @@ -9864,8 +9821,7 @@ }, "UpdateOrganizationConfigurationResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateResourceProfileDetectionsRequest": { "type": "structure", @@ -9888,8 +9844,7 @@ }, "UpdateResourceProfileDetectionsResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateResourceProfileRequest": { "type": "structure", @@ -9912,8 +9867,7 @@ }, "UpdateResourceProfileResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateRetrievalConfiguration": { "type": "structure", @@ -9998,8 +9952,7 @@ }, "UpdateSensitivityInspectionTemplateResponse": { "type": "structure", - "members": { - } + "members": {} }, "UsageByAccount": { "type": "structure", diff -pruN 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/paginators-1.json 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/paginators-1.json --- 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,6 +53,24 @@ "output_token": "NextToken", "limit_key": "PageSize", "result_key": "TrafficPolicies" + }, + "ListAddressListImportJobs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "ImportJobs" + }, + "ListAddressLists": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "AddressLists" + }, + "ListMembersOfAddressList": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "Addresses" } } } diff -pruN 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/service-2.json 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/service-2.json --- 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-10-17", + "auth":["aws.auth#sigv4"], "endpointPrefix":"mail-manager", "jsonVersion":"1.0", "protocol":"json", @@ -11,8 +12,7 @@ "signatureVersion":"v4", "signingName":"ses", "targetPrefix":"MailManagerSvc", - "uid":"mailmanager-2023-10-17", - "auth":["aws.auth#sigv4"] + "uid":"mailmanager-2023-10-17" }, "operations":{ "CreateAddonInstance":{ @@ -48,6 +48,41 @@ "documentation":"

    Creates a subscription for an Add On representing the acceptance of its terms of use and additional pricing. The subscription can then be used to create an instance for use in rule sets or traffic policies.

    ", "idempotent":true }, + "CreateAddressList":{ + "name":"CreateAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateAddressListRequest"}, + "output":{"shape":"CreateAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates a new address list.

    ", + "idempotent":true + }, + "CreateAddressListImportJob":{ + "name":"CreateAddressListImportJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateAddressListImportJobRequest"}, + "output":{"shape":"CreateAddressListImportJobResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates an import job for an address list.

    ", + "idempotent":true + }, "CreateArchive":{ "name":"CreateArchive", "http":{ @@ -160,6 +195,22 @@ "documentation":"

    Deletes an Add On subscription.

    ", "idempotent":true }, + "DeleteAddressList":{ + "name":"DeleteAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteAddressListRequest"}, + "output":{"shape":"DeleteAddressListResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Deletes an address list.

    ", + "idempotent":true + }, "DeleteArchive":{ "name":"DeleteArchive", "http":{ @@ -240,6 +291,23 @@ "documentation":"

    Delete a traffic policy resource.

    ", "idempotent":true }, + "DeregisterMemberFromAddressList":{ + "name":"DeregisterMemberFromAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeregisterMemberFromAddressListRequest"}, + "output":{"shape":"DeregisterMemberFromAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Removes a member from an address list.

    ", + "idempotent":true + }, "GetAddonInstance":{ "name":"GetAddonInstance", "http":{ @@ -268,6 +336,38 @@ ], "documentation":"

    Gets detailed information about an Add On subscription.

    " }, + "GetAddressList":{ + "name":"GetAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAddressListRequest"}, + "output":{"shape":"GetAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Fetch attributes of an address list.

    " + }, + "GetAddressListImportJob":{ + "name":"GetAddressListImportJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAddressListImportJobRequest"}, + "output":{"shape":"GetAddressListImportJobResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Fetch attributes of an import job.

    " + }, "GetArchive":{ "name":"GetArchive", "http":{ @@ -374,6 +474,22 @@ ], "documentation":"

    Fetch ingress endpoint resource attributes.

    " }, + "GetMemberOfAddressList":{ + "name":"GetMemberOfAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetMemberOfAddressListRequest"}, + "output":{"shape":"GetMemberOfAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Fetch attributes of a member in an address list.

    " + }, "GetRelay":{ "name":"GetRelay", "http":{ @@ -442,6 +558,37 @@ ], "documentation":"

    Lists all Add On subscriptions in your account.

    " }, + "ListAddressListImportJobs":{ + "name":"ListAddressListImportJobs", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAddressListImportJobsRequest"}, + "output":{"shape":"ListAddressListImportJobsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists jobs for an address list.

    " + }, + "ListAddressLists":{ + "name":"ListAddressLists", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAddressListsRequest"}, + "output":{"shape":"ListAddressListsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists address lists for this account.

    " + }, "ListArchiveExports":{ "name":"ListArchiveExports", "http":{ @@ -502,6 +649,22 @@ ], "documentation":"

    List all ingress endpoint resources.

    " }, + "ListMembersOfAddressList":{ + "name":"ListMembersOfAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListMembersOfAddressListRequest"}, + "output":{"shape":"ListMembersOfAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Lists members of an address list.

    " + }, "ListRelays":{ "name":"ListRelays", "http":{ @@ -555,6 +718,43 @@ ], "documentation":"

    List traffic policy resources.

    " }, + "RegisterMemberToAddressList":{ + "name":"RegisterMemberToAddressList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RegisterMemberToAddressListRequest"}, + "output":{"shape":"RegisterMemberToAddressListResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Adds a member to an address list.

    ", + "idempotent":true + }, + "StartAddressListImportJob":{ + "name":"StartAddressListImportJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartAddressListImportJobRequest"}, + "output":{"shape":"StartAddressListImportJobResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Starts an import job for an address list.

    ", + "idempotent":true + }, "StartArchiveExport":{ "name":"StartArchiveExport", "http":{ @@ -590,6 +790,24 @@ ], "documentation":"

    Initiates a search across emails in the specified archive.

    " }, + "StopAddressListImportJob":{ + "name":"StopAddressListImportJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopAddressListImportJobRequest"}, + "output":{"shape":"StopAddressListImportJobResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Stops an ongoing import job for an address list.

    ", + "idempotent":true + }, "StopArchiveExport":{ "name":"StopArchiveExport", "http":{ @@ -782,21 +1000,21 @@ "AddonInstance":{ "type":"structure", "members":{ - "AddonInstanceArn":{ - "shape":"AddonInstanceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Add On instance.

    " - }, "AddonInstanceId":{ "shape":"AddonInstanceId", "documentation":"

    The unique ID of the Add On instance.

    " }, + "AddonSubscriptionId":{ + "shape":"AddonSubscriptionId", + "documentation":"

    The subscription ID for the instance.

    " + }, "AddonName":{ "shape":"AddonName", "documentation":"

    The name of the Add On for the instance.

    " }, - "AddonSubscriptionId":{ - "shape":"AddonSubscriptionId", - "documentation":"

    The subscription ID for the instance.

    " + "AddonInstanceArn":{ + "shape":"AddonInstanceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Add On instance.

    " }, "CreatedTimestamp":{ "shape":"Timestamp", @@ -810,7 +1028,7 @@ "type":"string", "max":67, "min":4, - "pattern":"^ai-[a-zA-Z0-9]{1,64}$" + "pattern":"ai-[a-zA-Z0-9]{1,64}" }, "AddonInstances":{ "type":"list", @@ -820,6 +1038,10 @@ "AddonSubscription":{ "type":"structure", "members":{ + "AddonSubscriptionId":{ + "shape":"AddonSubscriptionId", + "documentation":"

    The unique ID of the Add On subscription.

    " + }, "AddonName":{ "shape":"AddonName", "documentation":"

    The name of the Add On.

    " @@ -828,10 +1050,6 @@ "shape":"AddonSubscriptionArn", "documentation":"

    The Amazon Resource Name (ARN) of the Add On subscription.

    " }, - "AddonSubscriptionId":{ - "shape":"AddonSubscriptionId", - "documentation":"

    The unique ID of the Add On subscription.

    " - }, "CreatedTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of when the Add On subscription was created.

    " @@ -844,12 +1062,90 @@ "type":"string", "max":67, "min":4, - "pattern":"^as-[a-zA-Z0-9]{1,64}$" + "pattern":"as-[a-zA-Z0-9]{1,64}" }, "AddonSubscriptions":{ "type":"list", "member":{"shape":"AddonSubscription"} }, + "Address":{ + "type":"string", + "max":320, + "min":3, + "sensitive":true + }, + "AddressFilter":{ + "type":"structure", + "members":{ + "AddressPrefix":{ + "shape":"AddressPrefix", + "documentation":"

    Filter to limit the results to addresses having the provided prefix.

    " + } + }, + "documentation":"

    Filtering options for ListMembersOfAddressList operation.

    " + }, + "AddressList":{ + "type":"structure", + "required":[ + "AddressListId", + "AddressListArn", + "AddressListName", + "CreatedTimestamp", + "LastUpdatedTimestamp" + ], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The identifier of the address list.

    " + }, + "AddressListArn":{ + "shape":"AddressListArn", + "documentation":"

    The Amazon Resource Name (ARN) of the address list.

    " + }, + "AddressListName":{ + "shape":"AddressListName", + "documentation":"

    The user-friendly name of the address list.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the address list was created.

    " + }, + "LastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the address list was last updated.

    " + } + }, + "documentation":"

    An address list contains a list of emails and domains that are used in MailManager Ingress endpoints and Rules for email management.

    " + }, + "AddressListArn":{"type":"string"}, + "AddressListId":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9-]+" + }, + "AddressListName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_.-]+" + }, + "AddressLists":{ + "type":"list", + "member":{"shape":"AddressList"} + }, + "AddressPageSize":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "AddressPrefix":{ + "type":"string", + "max":320, + "min":1, + "sensitive":true + }, "Analysis":{ "type":"structure", "required":[ @@ -870,7 +1166,7 @@ }, "AnalyzerArn":{ "type":"string", - "pattern":"^[a-zA-Z0-9:_/+=,@.#-]+$" + "pattern":"[a-zA-Z0-9:_/+=,@.#-]+" }, "Archive":{ "type":"structure", @@ -954,13 +1250,13 @@ "ArchiveFilterCondition":{ "type":"structure", "members":{ - "BooleanExpression":{ - "shape":"ArchiveBooleanExpression", - "documentation":"

    A boolean expression to evaluate against email attributes.

    " - }, "StringExpression":{ "shape":"ArchiveStringExpression", "documentation":"

    A string expression to evaluate against email attributes.

    " + }, + "BooleanExpression":{ + "shape":"ArchiveBooleanExpression", + "documentation":"

    A boolean expression to evaluate against email attributes.

    " } }, "documentation":"

    A filter condition used to include or exclude emails when exporting from or searching an archive.

    ", @@ -990,7 +1286,7 @@ "type":"string", "max":66, "min":3, - "pattern":"^a-[\\w]{1,64}$" + "pattern":"a-[\\w]{1,64}" }, "ArchiveIdString":{ "type":"string", @@ -1001,7 +1297,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]$" + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]" }, "ArchiveRetention":{ "type":"structure", @@ -1091,15 +1387,15 @@ "type":"structure", "required":["AddonSubscriptionId"], "members":{ - "AddonSubscriptionId":{ - "shape":"AddonSubscriptionId", - "documentation":"

    The unique ID of a previously created subscription that an Add On instance is created for. You can only have one instance per subscription.

    " - }, "ClientToken":{ "shape":"IdempotencyToken", "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", "idempotencyToken":true }, + "AddonSubscriptionId":{ + "shape":"AddonSubscriptionId", + "documentation":"

    The unique ID of a previously created subscription that an Add On instance is created for. You can only have one instance per subscription.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " @@ -1120,15 +1416,15 @@ "type":"structure", "required":["AddonName"], "members":{ - "AddonName":{ - "shape":"AddonName", - "documentation":"

    The name of the Add On to subscribe to. You can only have one subscription for each Add On name.

    " - }, "ClientToken":{ "shape":"IdempotencyToken", "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", "idempotencyToken":true }, + "AddonName":{ + "shape":"AddonName", + "documentation":"

    The name of the Add On to subscribe to. You can only have one subscription for each Add On name.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " @@ -1145,27 +1441,100 @@ } } }, + "CreateAddressListImportJobRequest":{ + "type":"structure", + "required":[ + "AddressListId", + "Name", + "ImportDataFormat" + ], + "members":{ + "ClientToken":{ + "shape":"IdempotencyToken", + "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", + "idempotencyToken":true + }, + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list for importing addresses to.

    " + }, + "Name":{ + "shape":"JobName", + "documentation":"

    A user-friendly name for the import job.

    " + }, + "ImportDataFormat":{ + "shape":"ImportDataFormat", + "documentation":"

    The format of the input for an import job.

    " + } + } + }, + "CreateAddressListImportJobResponse":{ + "type":"structure", + "required":[ + "JobId", + "PreSignedUrl" + ], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the created import job.

    " + }, + "PreSignedUrl":{ + "shape":"PreSignedUrl", + "documentation":"

    The pre-signed URL target for uploading the input file.

    " + } + } + }, + "CreateAddressListRequest":{ + "type":"structure", + "required":["AddressListName"], + "members":{ + "ClientToken":{ + "shape":"IdempotencyToken", + "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", + "idempotencyToken":true + }, + "AddressListName":{ + "shape":"AddressListName", + "documentation":"

    A user-friendly name for the address list.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " + } + } + }, + "CreateAddressListResponse":{ + "type":"structure", + "required":["AddressListId"], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The identifier of the created address list.

    " + } + } + }, "CreateArchiveRequest":{ "type":"structure", "required":["ArchiveName"], "members":{ - "ArchiveName":{ - "shape":"ArchiveNameString", - "documentation":"

    A unique name for the new archive.

    " - }, "ClientToken":{ "shape":"IdempotencyToken", "documentation":"

    A unique token Amazon SES uses to recognize retries of this request.

    ", "idempotencyToken":true }, - "KmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

    The Amazon Resource Name (ARN) of the KMS key for encrypting emails in the archive.

    " + "ArchiveName":{ + "shape":"ArchiveNameString", + "documentation":"

    A unique name for the new archive.

    " }, "Retention":{ "shape":"ArchiveRetention", "documentation":"

    The period for retaining emails in the archive before automatic deletion.

    " }, + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Amazon Resource Name (ARN) of the KMS key for encrypting emails in the archive.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " @@ -1188,9 +1557,9 @@ "type":"structure", "required":[ "IngressPointName", + "Type", "RuleSetId", - "TrafficPolicyId", - "Type" + "TrafficPolicyId" ], "members":{ "ClientToken":{ @@ -1198,29 +1567,33 @@ "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", "idempotencyToken":true }, - "IngressPointConfiguration":{ - "shape":"IngressPointConfiguration", - "documentation":"

    If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.

    " - }, "IngressPointName":{ "shape":"IngressPointName", "documentation":"

    A user friendly name for an ingress endpoint resource.

    " }, + "Type":{ + "shape":"IngressPointType", + "documentation":"

    The type of the ingress endpoint to create.

    " + }, "RuleSetId":{ "shape":"RuleSetId", "documentation":"

    The identifier of an existing rule set that you attach to an ingress endpoint resource.

    " }, - "Tags":{ - "shape":"TagList", - "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " - }, "TrafficPolicyId":{ "shape":"TrafficPolicyId", "documentation":"

    The identifier of an existing traffic policy that you attach to an ingress endpoint resource.

    " }, - "Type":{ - "shape":"IngressPointType", - "documentation":"

    The type of the ingress endpoint to create.

    " + "IngressPointConfiguration":{ + "shape":"IngressPointConfiguration", + "documentation":"

    If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.

    " + }, + "NetworkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"

    Specifies the network configuration for the ingress point. This allows you to create an IPv4-only, Dual-Stack, or PrivateLink type of ingress point. If not specified, the default network type is IPv4-only.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " } } }, @@ -1237,16 +1610,12 @@ "CreateRelayRequest":{ "type":"structure", "required":[ - "Authentication", "RelayName", "ServerName", - "ServerPort" + "ServerPort", + "Authentication" ], "members":{ - "Authentication":{ - "shape":"RelayAuthentication", - "documentation":"

    Authentication for the relay destination server—specify the secretARN where the SMTP credentials are stored.

    " - }, "ClientToken":{ "shape":"IdempotencyToken", "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", @@ -1264,6 +1633,10 @@ "shape":"RelayServerPort", "documentation":"

    The destination relay server port.

    " }, + "Authentication":{ + "shape":"RelayAuthentication", + "documentation":"

    Authentication for the relay destination server—specify the secretARN where the SMTP credentials are stored.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " @@ -1319,9 +1692,9 @@ "CreateTrafficPolicyRequest":{ "type":"structure", "required":[ - "DefaultAction", + "TrafficPolicyName", "PolicyStatements", - "TrafficPolicyName" + "DefaultAction" ], "members":{ "ClientToken":{ @@ -1329,6 +1702,14 @@ "documentation":"

    A unique token that Amazon SES uses to recognize subsequent retries of the same request.

    ", "idempotencyToken":true }, + "TrafficPolicyName":{ + "shape":"TrafficPolicyName", + "documentation":"

    A user-friendly name for the traffic policy resource.

    " + }, + "PolicyStatements":{ + "shape":"PolicyStatementList", + "documentation":"

    Conditional statements for filtering email traffic.

    " + }, "DefaultAction":{ "shape":"AcceptAction", "documentation":"

    Default action instructs the traffic policy to either Allow or Deny (block) messages that fall outside of (or not addressed by) the conditions of your policy statements

    " @@ -1337,17 +1718,9 @@ "shape":"MaxMessageSizeBytes", "documentation":"

    The maximum message size in bytes of email which is allowed in by this traffic policy—anything larger will be blocked.

    " }, - "PolicyStatements":{ - "shape":"PolicyStatementList", - "documentation":"

    Conditional statements for filtering email traffic.

    " - }, "Tags":{ "shape":"TagList", "documentation":"

    The tags used to organize, track, or control access for the resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.

    " - }, - "TrafficPolicyName":{ - "shape":"TrafficPolicyName", - "documentation":"

    A user-friendly name for the traffic policy resource.

    " } } }, @@ -1373,8 +1746,7 @@ }, "DeleteAddonInstanceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAddonSubscriptionRequest":{ "type":"structure", @@ -1388,9 +1760,22 @@ }, "DeleteAddonSubscriptionResponse":{ "type":"structure", + "members":{} + }, + "DeleteAddressListRequest":{ + "type":"structure", + "required":["AddressListId"], "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The identifier of an existing address list resource to delete.

    " + } } }, + "DeleteAddressListResponse":{ + "type":"structure", + "members":{} + }, "DeleteArchiveRequest":{ "type":"structure", "required":["ArchiveId"], @@ -1404,8 +1789,7 @@ }, "DeleteArchiveResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response indicating if the archive deletion was successfully initiated.

    On success, returns an HTTP 200 status code. On failure, returns an error message.

    " }, "DeleteIngressPointRequest":{ @@ -1420,8 +1804,7 @@ }, "DeleteIngressPointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRelayRequest":{ "type":"structure", @@ -1435,8 +1818,7 @@ }, "DeleteRelayResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleSetRequest":{ "type":"structure", @@ -1450,8 +1832,7 @@ }, "DeleteRuleSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrafficPolicyRequest":{ "type":"structure", @@ -1465,8 +1846,7 @@ }, "DeleteTrafficPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeliverToMailboxAction":{ "type":"structure", @@ -1500,7 +1880,7 @@ "members":{ "ActionFailurePolicy":{ "shape":"ActionFailurePolicy", - "documentation":"

    A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified application has been deleted or the role lacks necessary permissions to call the qbusiness:BatchPutDocument API.

    " + "documentation":"

    A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified application has been deleted or the role lacks necessary permissions to call the qbusiness:BatchPutDocument API.

    " }, "ApplicationId":{ "shape":"QBusinessApplicationId", @@ -1512,26 +1892,46 @@ }, "RoleArn":{ "shape":"IamRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM Role to use while delivering to Amazon Q Business. This role must have access to the qbusiness:BatchPutDocument API for the given application and index.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Role to use while delivering to Amazon Q Business. This role must have access to the qbusiness:BatchPutDocument API for the given application and index.

    " } }, "documentation":"

    The action to deliver incoming emails to an Amazon Q Business application for indexing.

    " }, + "DeregisterMemberFromAddressListRequest":{ + "type":"structure", + "required":[ + "AddressListId", + "Address" + ], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list to remove the address from.

    " + }, + "Address":{ + "shape":"Address", + "documentation":"

    The address to be removed from the address list.

    " + } + } + }, + "DeregisterMemberFromAddressListResponse":{ + "type":"structure", + "members":{} + }, "Double":{ "type":"double", "box":true }, "DropAction":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This action causes processing to stop and the email to be dropped. If the action applies only to certain recipients, only those recipients are dropped, and processing continues for other recipients.

    " }, "EmailAddress":{ "type":"string", "max":254, "min":0, - "pattern":"^[0-9A-Za-z@+.-]+$", + "pattern":"[a-zA-Z0-9._+-]+@[a-zA-Z0-9.-]+", "sensitive":true }, "EmailReceivedHeadersList":{ @@ -1541,14 +1941,14 @@ "Envelope":{ "type":"structure", "members":{ - "From":{ - "shape":"String", - "documentation":"

    The RCPT FROM given by the host from which the email was received.

    " - }, "Helo":{ "shape":"String", "documentation":"

    The HELO used by the host from which the email was received.

    " }, + "From":{ + "shape":"String", + "documentation":"

    The RCPT FROM given by the host from which the email was received.

    " + }, "To":{ "shape":"StringList", "documentation":"

    All SMTP TO entries given by the host from which the email was received.

    " @@ -1591,21 +1991,21 @@ "ExportStatus":{ "type":"structure", "members":{ + "SubmissionTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the export job was submitted.

    " + }, "CompletionTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of when the export job completed (if finished).

    " }, - "ErrorMessage":{ - "shape":"ErrorMessage", - "documentation":"

    An error message if the export job failed.

    " - }, "State":{ "shape":"ExportState", "documentation":"

    The current state of the export job.

    " }, - "SubmissionTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the export job was submitted.

    " + "ErrorMessage":{ + "shape":"ErrorMessage", + "documentation":"

    An error message if the export job failed.

    " } }, "documentation":"

    The current status of an archive export job.

    " @@ -1641,17 +2041,17 @@ "GetAddonInstanceResponse":{ "type":"structure", "members":{ - "AddonInstanceArn":{ - "shape":"AddonInstanceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Add On instance.

    " + "AddonSubscriptionId":{ + "shape":"AddonSubscriptionId", + "documentation":"

    The subscription ID associated to the instance.

    " }, "AddonName":{ "shape":"AddonName", "documentation":"

    The name of the Add On provider associated to the subscription of the instance.

    " }, - "AddonSubscriptionId":{ - "shape":"AddonSubscriptionId", - "documentation":"

    The subscription ID associated to the instance.

    " + "AddonInstanceArn":{ + "shape":"AddonInstanceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Add On instance.

    " }, "CreatedTimestamp":{ "shape":"Timestamp", @@ -1686,6 +2086,120 @@ } } }, + "GetAddressListImportJobRequest":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the import job that needs to be retrieved.

    " + } + } + }, + "GetAddressListImportJobResponse":{ + "type":"structure", + "required":[ + "JobId", + "Name", + "Status", + "PreSignedUrl", + "ImportDataFormat", + "AddressListId", + "CreatedTimestamp" + ], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the import job.

    " + }, + "Name":{ + "shape":"JobName", + "documentation":"

    A user-friendly name for the import job.

    " + }, + "Status":{ + "shape":"ImportJobStatus", + "documentation":"

    The status of the import job.

    " + }, + "PreSignedUrl":{ + "shape":"PreSignedUrl", + "documentation":"

    The pre-signed URL target for uploading the input file.

    " + }, + "ImportedItemsCount":{ + "shape":"JobItemsCount", + "documentation":"

    The number of input addresses successfully imported into the address list.

    " + }, + "FailedItemsCount":{ + "shape":"JobItemsCount", + "documentation":"

    The number of input addresses that failed to be imported into the address list.

    " + }, + "ImportDataFormat":{ + "shape":"ImportDataFormat", + "documentation":"

    The format of the input for an import job.

    " + }, + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list the import job was created for.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was created.

    " + }, + "StartTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was started.

    " + }, + "CompletedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was completed.

    " + }, + "Error":{ + "shape":"ErrorMessage", + "documentation":"

    The reason for failure of an import job.

    " + } + } + }, + "GetAddressListRequest":{ + "type":"structure", + "required":["AddressListId"], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The identifier of an existing address list resource to be retrieved.

    " + } + } + }, + "GetAddressListResponse":{ + "type":"structure", + "required":[ + "AddressListId", + "AddressListArn", + "AddressListName", + "CreatedTimestamp", + "LastUpdatedTimestamp" + ], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The identifier of the address list resource.

    " + }, + "AddressListArn":{ + "shape":"AddressListArn", + "documentation":"

    The Amazon Resource Name (ARN) of the address list resource.

    " + }, + "AddressListName":{ + "shape":"AddressListName", + "documentation":"

    A user-friendly name for the address list resource.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date of when then address list was created.

    " + }, + "LastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date of when the address list was last updated.

    " + } + } + }, "GetArchiveExportRequest":{ "type":"structure", "required":["ExportId"], @@ -1704,10 +2218,6 @@ "shape":"ArchiveId", "documentation":"

    The identifier of the archive the email export was performed from.

    " }, - "ExportDestinationConfiguration":{ - "shape":"ExportDestinationConfiguration", - "documentation":"

    Where the exported emails are being delivered.

    " - }, "Filters":{ "shape":"ArchiveFilters", "documentation":"

    The criteria used to filter emails included in the export.

    " @@ -1716,17 +2226,21 @@ "shape":"Timestamp", "documentation":"

    The start of the timestamp range the exported emails cover.

    " }, + "ToTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The end of the date range the exported emails cover.

    " + }, "MaxResults":{ "shape":"ExportMaxResults", "documentation":"

    The maximum number of email items included in the export.

    " }, + "ExportDestinationConfiguration":{ + "shape":"ExportDestinationConfiguration", + "documentation":"

    Where the exported emails are being delivered.

    " + }, "Status":{ "shape":"ExportStatus", "documentation":"

    The current status of the export job.

    " - }, - "ToTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The end of the date range the exported emails cover.

    " } }, "documentation":"

    The response containing details of the specified archive export job.

    " @@ -1766,10 +2280,6 @@ "GetArchiveMessageResponse":{ "type":"structure", "members":{ - "Envelope":{ - "shape":"Envelope", - "documentation":"

    The SMTP envelope information of the email.

    " - }, "MessageDownloadLink":{ "shape":"S3PresignedURL", "documentation":"

    A pre-signed URL to temporarily download the full message content.

    " @@ -1777,6 +2287,10 @@ "Metadata":{ "shape":"Metadata", "documentation":"

    The metadata about the email.

    " + }, + "Envelope":{ + "shape":"Envelope", + "documentation":"

    The SMTP envelope information of the email.

    " } }, "documentation":"

    The response containing details about the requested archived email message.

    " @@ -1795,17 +2309,13 @@ "GetArchiveResponse":{ "type":"structure", "required":[ - "ArchiveArn", "ArchiveId", "ArchiveName", + "ArchiveArn", "ArchiveState", "Retention" ], "members":{ - "ArchiveArn":{ - "shape":"ArchiveArn", - "documentation":"

    The Amazon Resource Name (ARN) of the archive.

    " - }, "ArchiveId":{ "shape":"ArchiveIdString", "documentation":"

    The unique identifier of the archive.

    " @@ -1814,25 +2324,29 @@ "shape":"ArchiveNameString", "documentation":"

    The unique name assigned to the archive.

    " }, + "ArchiveArn":{ + "shape":"ArchiveArn", + "documentation":"

    The Amazon Resource Name (ARN) of the archive.

    " + }, "ArchiveState":{ "shape":"ArchiveState", "documentation":"

    The current state of the archive:

    • ACTIVE – The archive is ready and available for use.

    • PENDING_DELETION – The archive has been marked for deletion and will be permanently deleted in 30 days. No further modifications can be made in this state.

    " }, + "Retention":{ + "shape":"ArchiveRetention", + "documentation":"

    The retention period for emails in this archive.

    " + }, "CreatedTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of when the archive was created.

    " }, - "KmsKeyArn":{ - "shape":"KmsKeyArn", - "documentation":"

    The Amazon Resource Name (ARN) of the KMS key used to encrypt the archive.

    " - }, "LastUpdatedTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of when the archive was modified.

    " }, - "Retention":{ - "shape":"ArchiveRetention", - "documentation":"

    The retention period for emails in this archive.

    " + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The Amazon Resource Name (ARN) of the KMS key used to encrypt the archive.

    " } }, "documentation":"

    The response containing details of the requested archive.

    " @@ -1863,6 +2377,10 @@ "shape":"Timestamp", "documentation":"

    The start timestamp of the range the searched emails cover.

    " }, + "ToTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The end timestamp of the range the searched emails cover.

    " + }, "MaxResults":{ "shape":"SearchMaxResults", "documentation":"

    The maximum number of search results to return.

    " @@ -1870,10 +2388,6 @@ "Status":{ "shape":"SearchStatus", "documentation":"

    The current status of the search job.

    " - }, - "ToTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The end timestamp of the range the searched emails cover.

    " } }, "documentation":"

    The response containing details of the specified archive search job.

    " @@ -1916,22 +2430,6 @@ "IngressPointName" ], "members":{ - "ARecord":{ - "shape":"IngressPointARecord", - "documentation":"

    The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.

    " - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the ingress endpoint was created.

    " - }, - "IngressPointArn":{ - "shape":"IngressPointArn", - "documentation":"

    The Amazon Resource Name (ARN) of the ingress endpoint resource.

    " - }, - "IngressPointAuthConfiguration":{ - "shape":"IngressPointAuthConfiguration", - "documentation":"

    The authentication configuration of the ingress endpoint resource.

    " - }, "IngressPointId":{ "shape":"IngressPointId", "documentation":"

    The identifier of an ingress endpoint resource.

    " @@ -1940,25 +2438,79 @@ "shape":"IngressPointName", "documentation":"

    A user friendly name for the ingress endpoint.

    " }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the ingress endpoint was last updated.

    " - }, - "RuleSetId":{ - "shape":"RuleSetId", - "documentation":"

    The identifier of a rule set resource associated with the ingress endpoint.

    " + "IngressPointArn":{ + "shape":"IngressPointArn", + "documentation":"

    The Amazon Resource Name (ARN) of the ingress endpoint resource.

    " }, "Status":{ "shape":"IngressPointStatus", "documentation":"

    The status of the ingress endpoint resource.

    " }, + "Type":{ + "shape":"IngressPointType", + "documentation":"

    The type of ingress endpoint.

    " + }, + "ARecord":{ + "shape":"IngressPointARecord", + "documentation":"

    The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.

    " + }, + "RuleSetId":{ + "shape":"RuleSetId", + "documentation":"

    The identifier of a rule set resource associated with the ingress endpoint.

    " + }, "TrafficPolicyId":{ "shape":"TrafficPolicyId", "documentation":"

    The identifier of the traffic policy resource associated with the ingress endpoint.

    " }, - "Type":{ - "shape":"IngressPointType", - "documentation":"

    The type of ingress endpoint.

    " + "IngressPointAuthConfiguration":{ + "shape":"IngressPointAuthConfiguration", + "documentation":"

    The authentication configuration of the ingress endpoint resource.

    " + }, + "NetworkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"

    The network configuration for the ingress point.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the ingress endpoint was created.

    " + }, + "LastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the ingress endpoint was last updated.

    " + } + } + }, + "GetMemberOfAddressListRequest":{ + "type":"structure", + "required":[ + "AddressListId", + "Address" + ], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list to retrieve the address from.

    " + }, + "Address":{ + "shape":"Address", + "documentation":"

    The address to be retrieved from the address list.

    " + } + } + }, + "GetMemberOfAddressListResponse":{ + "type":"structure", + "required":[ + "Address", + "CreatedTimestamp" + ], + "members":{ + "Address":{ + "shape":"Address", + "documentation":"

    The address retrieved from the address list.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the address was created.

    " } } }, @@ -1976,26 +2528,14 @@ "type":"structure", "required":["RelayId"], "members":{ - "Authentication":{ - "shape":"RelayAuthentication", - "documentation":"

    The authentication attribute—contains the secret ARN where the customer relay server credentials are stored.

    " - }, - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the relay was created.

    " - }, - "LastModifiedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when relay was last updated.

    " + "RelayId":{ + "shape":"RelayId", + "documentation":"

    The unique relay identifier.

    " }, "RelayArn":{ "shape":"RelayArn", "documentation":"

    The Amazon Resource Name (ARN) of the relay.

    " }, - "RelayId":{ - "shape":"RelayId", - "documentation":"

    The unique relay identifier.

    " - }, "RelayName":{ "shape":"RelayName", "documentation":"

    The unique name of the relay.

    " @@ -2007,6 +2547,18 @@ "ServerPort":{ "shape":"RelayServerPort", "documentation":"

    The destination relay server port.

    " + }, + "Authentication":{ + "shape":"RelayAuthentication", + "documentation":"

    The authentication attribute—contains the secret ARN where the customer relay server credentials are stored.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the relay was created.

    " + }, + "LastModifiedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when relay was last updated.

    " } } }, @@ -2023,34 +2575,34 @@ "GetRuleSetResponse":{ "type":"structure", "required":[ - "CreatedDate", - "LastModificationDate", - "RuleSetArn", "RuleSetId", + "RuleSetArn", "RuleSetName", + "CreatedDate", + "LastModificationDate", "Rules" ], "members":{ - "CreatedDate":{ - "shape":"Timestamp", - "documentation":"

    The date of when then rule set was created.

    " - }, - "LastModificationDate":{ - "shape":"Timestamp", - "documentation":"

    The date of when the rule set was last modified.

    " + "RuleSetId":{ + "shape":"RuleSetId", + "documentation":"

    The identifier of the rule set resource.

    " }, "RuleSetArn":{ "shape":"RuleSetArn", "documentation":"

    The Amazon Resource Name (ARN) of the rule set resource.

    " }, - "RuleSetId":{ - "shape":"RuleSetId", - "documentation":"

    The identifier of the rule set resource.

    " - }, "RuleSetName":{ "shape":"RuleSetName", "documentation":"

    A user-friendly name for the rule set resource.

    " }, + "CreatedDate":{ + "shape":"Timestamp", + "documentation":"

    The date of when then rule set was created.

    " + }, + "LastModificationDate":{ + "shape":"Timestamp", + "documentation":"

    The date of when the rule set was last modified.

    " + }, "Rules":{ "shape":"Rules", "documentation":"

    The rules contained in the rule set.

    " @@ -2070,41 +2622,41 @@ "GetTrafficPolicyResponse":{ "type":"structure", "required":[ - "TrafficPolicyId", - "TrafficPolicyName" + "TrafficPolicyName", + "TrafficPolicyId" ], "members":{ - "CreatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the traffic policy was created.

    " - }, - "DefaultAction":{ - "shape":"AcceptAction", - "documentation":"

    The default action of the traffic policy.

    " + "TrafficPolicyName":{ + "shape":"TrafficPolicyName", + "documentation":"

    A user-friendly name for the traffic policy resource.

    " }, - "LastUpdatedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the traffic policy was last updated.

    " + "TrafficPolicyId":{ + "shape":"TrafficPolicyId", + "documentation":"

    The identifier of the traffic policy resource.

    " }, - "MaxMessageSizeBytes":{ - "shape":"MaxMessageSizeBytes", - "documentation":"

    The maximum message size in bytes of email which is allowed in by this traffic policy—anything larger will be blocked.

    " + "TrafficPolicyArn":{ + "shape":"TrafficPolicyArn", + "documentation":"

    The Amazon Resource Name (ARN) of the traffic policy resource.

    " }, "PolicyStatements":{ "shape":"PolicyStatementList", "documentation":"

    The list of conditions which are in the traffic policy resource.

    " }, - "TrafficPolicyArn":{ - "shape":"TrafficPolicyArn", - "documentation":"

    The Amazon Resource Name (ARN) of the traffic policy resource.

    " + "MaxMessageSizeBytes":{ + "shape":"MaxMessageSizeBytes", + "documentation":"

    The maximum message size in bytes of email which is allowed in by this traffic policy—anything larger will be blocked.

    " }, - "TrafficPolicyId":{ - "shape":"TrafficPolicyId", - "documentation":"

    The identifier of the traffic policy resource.

    " + "DefaultAction":{ + "shape":"AcceptAction", + "documentation":"

    The default action of the traffic policy.

    " }, - "TrafficPolicyName":{ - "shape":"TrafficPolicyName", - "documentation":"

    A user-friendly name for the traffic policy resource.

    " + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the traffic policy was created.

    " + }, + "LastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the traffic policy was last updated.

    " } } }, @@ -2112,7 +2664,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[xX]\\-[a-zA-Z0-9\\-]+$" + "pattern":"[xX]\\-[a-zA-Z0-9\\-]+" }, "HeaderValue":{ "type":"string", @@ -2123,19 +2675,124 @@ "type":"string", "max":2048, "min":20, - "pattern":"^[a-zA-Z0-9:_/+=,@.#-]+$" + "pattern":"[a-zA-Z0-9:_/+=,@.#-]+" }, "IdOrArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^[a-zA-Z0-9:_/+=,@.#-]+$" + "pattern":"[a-zA-Z0-9:_/+=,@.#-]+" }, "IdempotencyToken":{ "type":"string", "max":128, "min":1 }, + "ImportDataFormat":{ + "type":"structure", + "required":["ImportDataType"], + "members":{ + "ImportDataType":{ + "shape":"ImportDataType", + "documentation":"

    The type of file that would be passed as an input for the address list import job.

    " + } + }, + "documentation":"

    The import data format contains the specifications of the input file that would be passed to the address list import job.

    " + }, + "ImportDataType":{ + "type":"string", + "enum":[ + "CSV", + "JSON" + ] + }, + "ImportJob":{ + "type":"structure", + "required":[ + "JobId", + "Name", + "Status", + "PreSignedUrl", + "ImportDataFormat", + "AddressListId", + "CreatedTimestamp" + ], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the import job.

    " + }, + "Name":{ + "shape":"JobName", + "documentation":"

    A user-friendly name for the import job.

    " + }, + "Status":{ + "shape":"ImportJobStatus", + "documentation":"

    The status of the import job.

    " + }, + "PreSignedUrl":{ + "shape":"PreSignedUrl", + "documentation":"

    The pre-signed URL target for uploading the input file.

    " + }, + "ImportedItemsCount":{ + "shape":"JobItemsCount", + "documentation":"

    The number of addresses in the input that were successfully imported into the address list.

    " + }, + "FailedItemsCount":{ + "shape":"JobItemsCount", + "documentation":"

    The number of addresses in the input that failed to get imported into address list.

    " + }, + "ImportDataFormat":{ + "shape":"ImportDataFormat", + "documentation":"

    The format of the input for the import job.

    " + }, + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list the import job was created for.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was created.

    " + }, + "StartTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was started.

    " + }, + "CompletedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the import job was completed.

    " + }, + "Error":{ + "shape":"ErrorMessage", + "documentation":"

    The reason for failure of an import job.

    " + } + }, + "documentation":"

    Details about an import job.

    " + }, + "ImportJobStatus":{ + "type":"string", + "enum":[ + "CREATED", + "PROCESSING", + "COMPLETED", + "FAILED", + "STOPPED" + ] + }, + "ImportJobs":{ + "type":"list", + "member":{"shape":"ImportJob"} + }, + "IngressAddressListArnList":{ + "type":"list", + "member":{"shape":"AddressListArn"}, + "max":1, + "min":1 + }, + "IngressAddressListEmailAttribute":{ + "type":"string", + "enum":["RECIPIENT"] + }, "IngressAnalysis":{ "type":"structure", "required":[ @@ -2185,6 +2842,10 @@ "Analysis":{ "shape":"IngressAnalysis", "documentation":"

    The structure type for a boolean condition stating the Add On ARN and its returned value.

    " + }, + "IsInAddressList":{ + "shape":"IngressIsInAddressList", + "documentation":"

    The structure type for a boolean condition that provides the address lists to evaluate incoming traffic on.

    " } }, "documentation":"

    The union type representing the allowed types of operands for a boolean condition.

    ", @@ -2235,27 +2896,79 @@ }, "documentation":"

    The union type representing the allowed types for the left hand side of an IP condition.

    " }, + "IngressIpv6Attribute":{ + "type":"string", + "enum":["SENDER_IPV6"] + }, + "IngressIpv6Expression":{ + "type":"structure", + "required":[ + "Evaluate", + "Operator", + "Values" + ], + "members":{ + "Evaluate":{ + "shape":"IngressIpv6ToEvaluate", + "documentation":"

    The left hand side argument of an IPv6 condition expression.

    " + }, + "Operator":{ + "shape":"IngressIpOperator", + "documentation":"

    The matching operator for an IPv6 condition expression.

    " + }, + "Values":{ + "shape":"Ipv6Cidrs", + "documentation":"

    The right hand side argument of an IPv6 condition expression.

    " + } + }, + "documentation":"

    The union type representing the allowed types for the left hand side of an IPv6 condition.

    " + }, + "IngressIpv6ToEvaluate":{ + "type":"structure", + "members":{ + "Attribute":{ + "shape":"IngressIpv6Attribute", + "documentation":"

    An enum type representing the allowed attribute types for an IPv6 condition.

    " + } + }, + "documentation":"

    The structure for an IPv6 based condition matching on the incoming mail.

    ", + "union":true + }, + "IngressIsInAddressList":{ + "type":"structure", + "required":[ + "Attribute", + "AddressLists" + ], + "members":{ + "Attribute":{ + "shape":"IngressAddressListEmailAttribute", + "documentation":"

    The email attribute that needs to be evaluated against the address list.

    " + }, + "AddressLists":{ + "shape":"IngressAddressListArnList", + "documentation":"

    The address lists that will be used for evaluation.

    " + } + }, + "documentation":"

    The address lists and the address list attribute value that is evaluated in a policy statement's conditional expression to either deny or block the incoming email.

    " + }, "IngressPoint":{ "type":"structure", "required":[ - "IngressPointId", "IngressPointName", + "IngressPointId", "Status", "Type" ], "members":{ - "ARecord":{ - "shape":"IngressPointARecord", - "documentation":"

    The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.

    " + "IngressPointName":{ + "shape":"IngressPointName", + "documentation":"

    A user friendly name for the ingress endpoint resource.

    " }, "IngressPointId":{ "shape":"IngressPointId", "documentation":"

    The identifier of the ingress endpoint resource.

    " }, - "IngressPointName":{ - "shape":"IngressPointName", - "documentation":"

    A user friendly name for the ingress endpoint resource.

    " - }, "Status":{ "shape":"IngressPointStatus", "documentation":"

    The status of the ingress endpoint resource.

    " @@ -2263,6 +2976,10 @@ "Type":{ "shape":"IngressPointType", "documentation":"

    The type of ingress endpoint resource.

    " + }, + "ARecord":{ + "shape":"IngressPointARecord", + "documentation":"

    The DNS A Record that identifies your ingress endpoint. Configure your DNS Mail Exchange (MX) record with this value to route emails to Mail Manager.

    " } }, "documentation":"

    The structure of an ingress endpoint resource.

    " @@ -2286,13 +3003,13 @@ "IngressPointConfiguration":{ "type":"structure", "members":{ - "SecretArn":{ - "shape":"SecretArn", - "documentation":"

    The SecretsManager::Secret ARN of the ingress endpoint resource.

    " - }, "SmtpPassword":{ "shape":"SmtpPassword", "documentation":"

    The password of the ingress endpoint resource.

    " + }, + "SecretArn":{ + "shape":"SecretArn", + "documentation":"

    The SecretsManager::Secret ARN of the ingress endpoint resource.

    " } }, "documentation":"

    The configuration of the ingress endpoint resource.

    ", @@ -2307,22 +3024,22 @@ "type":"string", "max":63, "min":3, - "pattern":"^[A-Za-z0-9_\\-]+$" + "pattern":"[A-Za-z0-9_\\-]+" }, "IngressPointPasswordConfiguration":{ "type":"structure", "members":{ - "PreviousSmtpPasswordExpiryTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The previous password expiry timestamp of the ingress endpoint resource.

    " + "SmtpPasswordVersion":{ + "shape":"String", + "documentation":"

    The current password expiry timestamp of the ingress endpoint resource.

    " }, "PreviousSmtpPasswordVersion":{ "shape":"String", "documentation":"

    The previous password version of the ingress endpoint resource.

    " }, - "SmtpPasswordVersion":{ - "shape":"String", - "documentation":"

    The current password expiry timestamp of the ingress endpoint resource.

    " + "PreviousSmtpPasswordExpiryTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The previous password expiry timestamp of the ingress endpoint resource.

    " } }, "documentation":"

    The password configuration of the ingress endpoint resource.

    " @@ -2399,6 +3116,10 @@ "Attribute":{ "shape":"IngressStringEmailAttribute", "documentation":"

    The enum type representing the allowed attribute types for a string condition.

    " + }, + "Analysis":{ + "shape":"IngressAnalysis", + "documentation":"

    The structure type for a string condition stating the Add On ARN and its returned value.

    " } }, "documentation":"

    The union type representing the allowed types for the left hand side of a string condition.

    ", @@ -2460,23 +3181,56 @@ "type":"integer", "box":true }, + "IpType":{ + "type":"string", + "enum":[ + "IPV4", + "DUAL_STACK" + ] + }, "Ipv4Cidr":{ "type":"string", - "pattern":"^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[0-2])$" + "pattern":"((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/([0-9]|[12][0-9]|3[0-2])" }, "Ipv4Cidrs":{ "type":"list", "member":{"shape":"Ipv4Cidr"} }, + "Ipv6Cidr":{ + "type":"string", + "max":49, + "min":0, + "pattern":"(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))\\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9])" + }, + "Ipv6Cidrs":{ + "type":"list", + "member":{"shape":"Ipv6Cidr"} + }, + "JobId":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9-]+" + }, + "JobItemsCount":{ + "type":"integer", + "box":true + }, + "JobName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_.-]+" + }, "KmsKeyArn":{ "type":"string", - "pattern":"^arn:aws(|-cn|-us-gov):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+$" + "pattern":"arn:aws(|-cn|-us-gov):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+" }, "KmsKeyId":{ "type":"string", "max":2048, "min":20, - "pattern":"^[a-zA-Z0-9-:/]+$" + "pattern":"[a-zA-Z0-9-:/]+" }, "ListAddonInstancesRequest":{ "type":"structure", @@ -2530,6 +3284,65 @@ } } }, + "ListAddressListImportJobsRequest":{ + "type":"structure", + "required":["AddressListId"], + "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list for listing import jobs.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " + }, + "PageSize":{ + "shape":"PageSize", + "documentation":"

    The maximum number of import jobs that are returned per call. You can use NextToken to retrieve the next page of jobs.

    " + } + } + }, + "ListAddressListImportJobsResponse":{ + "type":"structure", + "required":["ImportJobs"], + "members":{ + "ImportJobs":{ + "shape":"ImportJobs", + "documentation":"

    The list of import jobs.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + } + } + }, + "ListAddressListsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " + }, + "PageSize":{ + "shape":"PageSize", + "documentation":"

    The maximum number of address list resources that are returned per call. You can use NextToken to retrieve the next page of address lists.

    " + } + } + }, + "ListAddressListsResponse":{ + "type":"structure", + "required":["AddressLists"], + "members":{ + "AddressLists":{ + "shape":"AddressLists", + "documentation":"

    The list of address lists.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + } + } + }, "ListArchiveExportsRequest":{ "type":"structure", "required":["ArchiveId"], @@ -2585,13 +3398,13 @@ "ListArchiveSearchesResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If present, use to retrieve the next page of results.

    " - }, "Searches":{ "shape":"SearchSummaryList", "documentation":"

    The list of search job identifiers and statuses.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If present, use to retrieve the next page of results.

    " } }, "documentation":"

    The response containing a list of archive search jobs and their statuses.

    " @@ -2628,13 +3441,13 @@ "ListIngressPointsRequest":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " - }, "PageSize":{ "shape":"PageSize", "documentation":"

    The maximum number of ingress endpoint resources that are returned per call. You can use NextToken to obtain further ingress endpoints.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " } } }, @@ -2651,30 +3464,66 @@ } } }, - "ListRelaysRequest":{ + "ListMembersOfAddressListRequest":{ "type":"structure", + "required":["AddressListId"], "members":{ + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list to list the addresses from.

    " + }, + "Filter":{ + "shape":"AddressFilter", + "documentation":"

    Filter to be used to limit the results.

    " + }, "NextToken":{ "shape":"PaginationToken", "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " }, "PageSize":{ - "shape":"Integer", - "documentation":"

    The number of relays to be returned in one request.

    " + "shape":"AddressPageSize", + "documentation":"

    The maximum number of address list members that are returned per call. You can use NextToken to retrieve the next page of members.

    " } } }, - "ListRelaysResponse":{ + "ListMembersOfAddressListResponse":{ "type":"structure", - "required":["Relays"], + "required":["Addresses"], "members":{ + "Addresses":{ + "shape":"SavedAddresses", + "documentation":"

    The list of addresses.

    " + }, "NextToken":{ "shape":"PaginationToken", "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + } + } + }, + "ListRelaysRequest":{ + "type":"structure", + "members":{ + "PageSize":{ + "shape":"Integer", + "documentation":"

    The number of relays to be returned in one request.

    " }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " + } + } + }, + "ListRelaysResponse":{ + "type":"structure", + "required":["Relays"], + "members":{ "Relays":{ "shape":"Relays", "documentation":"

    The list of returned relays.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2695,13 +3544,13 @@ "type":"structure", "required":["RuleSets"], "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " - }, "RuleSets":{ "shape":"RuleSets", "documentation":"

    The list of rule sets.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2728,26 +3577,26 @@ "ListTrafficPoliciesRequest":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " - }, "PageSize":{ "shape":"PageSize", "documentation":"

    The maximum number of traffic policy resources that are returned per call. You can use NextToken to obtain further traffic policies.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If you received a pagination token from a previous call to this API, you can provide it here to continue paginating through the next page of results.

    " } } }, "ListTrafficPoliciesResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"PaginationToken", - "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " - }, "TrafficPolicies":{ "shape":"TrafficPolicyList", "documentation":"

    The list of traffic policies.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    If NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2766,6 +3615,10 @@ "MessageBody":{ "type":"structure", "members":{ + "Text":{ + "shape":"String", + "documentation":"

    The plain text body content of the message.

    " + }, "Html":{ "shape":"String", "documentation":"

    The HTML body content of the message.

    " @@ -2773,10 +3626,6 @@ "MessageMalformed":{ "shape":"Boolean", "documentation":"

    A flag indicating if the email was malformed.

    " - }, - "Text":{ - "shape":"String", - "documentation":"

    The plain text body content of the message.

    " } }, "documentation":"

    The textual body content of an email message.

    " @@ -2784,10 +3633,18 @@ "Metadata":{ "type":"structure", "members":{ + "Timestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the email was received.

    " + }, "IngressPointId":{ "shape":"IngressPointId", "documentation":"

    The ID of the ingress endpoint through which the email was received.

    " }, + "TrafficPolicyId":{ + "shape":"TrafficPolicyId", + "documentation":"

    The ID of the traffic policy that was in effect when the email was received.

    " + }, "RuleSetId":{ "shape":"RuleSetId", "documentation":"

    The ID of the rule set that processed the email.

    " @@ -2800,10 +3657,6 @@ "shape":"SenderIpAddress", "documentation":"

    The IP address of the host from which the email was received.

    " }, - "Timestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the email was received.

    " - }, "TlsCipherSuite":{ "shape":"String", "documentation":"

    The TLS cipher suite used to communicate with the host from which the email was received.

    " @@ -2812,27 +3665,57 @@ "shape":"String", "documentation":"

    The TLS protocol used to communicate with the host from which the email was received.

    " }, - "TrafficPolicyId":{ - "shape":"TrafficPolicyId", - "documentation":"

    The ID of the traffic policy that was in effect when the email was received.

    " + "SendingMethod":{ + "shape":"String", + "documentation":"

    The name of the API call used when sent through a configuration set with archiving enabled.

    " + }, + "SourceIdentity":{ + "shape":"String", + "documentation":"

    The identity name used to authorize the sending action when sent through a configuration set with archiving enabled.

    " + }, + "SendingPool":{ + "shape":"String", + "documentation":"

    The name of the dedicated IP pool used when sent through a configuration set with archiving enabled.

    " + }, + "ConfigurationSet":{ + "shape":"String", + "documentation":"

    The name of the configuration set used when sent through a configuration set with archiving enabled.

    " + }, + "SourceArn":{ + "shape":"String", + "documentation":"

    Specifies the archived email source, identified by either a Rule Set's ARN with an Archive action, or a Configuration Set's Archive ARN.

    " } }, "documentation":"

    The metadata about the email.

    " }, "MimeHeaderAttribute":{ "type":"string", - "pattern":"^X-[a-zA-Z0-9-]{1,256}$" + "pattern":"X-[a-zA-Z0-9-]{1,256}" }, "NameOrArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^[a-zA-Z0-9:_/+=,@.#-]+$" + "pattern":"[a-zA-Z0-9:_/+=,@.#-]+" }, - "NoAuthentication":{ + "NetworkConfiguration":{ "type":"structure", "members":{ + "PublicNetworkConfiguration":{ + "shape":"PublicNetworkConfiguration", + "documentation":"

    Specifies the network configuration for the public ingress point.

    " + }, + "PrivateNetworkConfiguration":{ + "shape":"PrivateNetworkConfiguration", + "documentation":"

    Specifies the network configuration for the private ingress point.

    " + } }, + "documentation":"

    The network type (IPv4-only, Dual-Stack, PrivateLink) of the ingress endpoint resource.

    ", + "union":true + }, + "NoAuthentication":{ + "type":"structure", + "members":{}, "documentation":"

    Explicitly indicate that the relay destination server does not require SMTP credential authentication.

    " }, "PageSize":{ @@ -2849,21 +3732,25 @@ "PolicyCondition":{ "type":"structure", "members":{ - "BooleanExpression":{ - "shape":"IngressBooleanExpression", - "documentation":"

    This represents a boolean type condition matching on the incoming mail. It performs the boolean operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " + "StringExpression":{ + "shape":"IngressStringExpression", + "documentation":"

    This represents a string based condition matching on the incoming mail. It performs the string operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " }, "IpExpression":{ "shape":"IngressIpv4Expression", "documentation":"

    This represents an IP based condition matching on the incoming mail. It performs the operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " }, - "StringExpression":{ - "shape":"IngressStringExpression", - "documentation":"

    This represents a string based condition matching on the incoming mail. It performs the string operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " + "Ipv6Expression":{ + "shape":"IngressIpv6Expression", + "documentation":"

    This represents an IPv6 based condition matching on the incoming mail. It performs the operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " }, "TlsExpression":{ "shape":"IngressTlsProtocolExpression", "documentation":"

    This represents a TLS based condition matching on the incoming mail. It performs the operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " + }, + "BooleanExpression":{ + "shape":"IngressBooleanExpression", + "documentation":"

    This represents a boolean type condition matching on the incoming mail. It performs the boolean operation configured in 'Operator' and evaluates the 'Protocol' object against the 'Value'.

    " } }, "documentation":"

    The email traffic filtering conditions which are contained in a traffic policy resource.

    ", @@ -2877,17 +3764,17 @@ "PolicyStatement":{ "type":"structure", "required":[ - "Action", - "Conditions" + "Conditions", + "Action" ], "members":{ - "Action":{ - "shape":"AcceptAction", - "documentation":"

    The action that informs a traffic policy resource to either allow or block the email if it matches a condition in the policy statement.

    " - }, "Conditions":{ "shape":"PolicyConditions", "documentation":"

    The list of conditions to apply to incoming messages for filtering email traffic.

    " + }, + "Action":{ + "shape":"AcceptAction", + "documentation":"

    The action that informs a traffic policy resource to either allow or block the email if it matches a condition in the policy statement.

    " } }, "documentation":"

    The structure containing traffic policy conditions and actions.

    " @@ -2896,17 +3783,43 @@ "type":"list", "member":{"shape":"PolicyStatement"} }, + "PreSignedUrl":{ + "type":"string", + "sensitive":true + }, + "PrivateNetworkConfiguration":{ + "type":"structure", + "required":["VpcEndpointId"], + "members":{ + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    The identifier of the VPC endpoint to associate with this private ingress point.

    " + } + }, + "documentation":"

    Specifies the network configuration for the private ingress point.

    " + }, + "PublicNetworkConfiguration":{ + "type":"structure", + "required":["IpType"], + "members":{ + "IpType":{ + "shape":"IpType", + "documentation":"

    The IP address type for the public ingress point. Valid values are IPV4 and DUAL_STACK.

    " + } + }, + "documentation":"

    Specifies the network configuration for the public ingress point.

    " + }, "QBusinessApplicationId":{ "type":"string", "max":36, "min":36, - "pattern":"^[a-z0-9-]+$" + "pattern":"[a-z0-9-]+" }, "QBusinessIndexId":{ "type":"string", "max":36, "min":36, - "pattern":"^[a-z0-9-]+$" + "pattern":"[a-z0-9-]+" }, "Recipients":{ "type":"list", @@ -2914,13 +3827,30 @@ "max":100, "min":1 }, - "Relay":{ + "RegisterMemberToAddressListRequest":{ "type":"structure", + "required":[ + "AddressListId", + "Address" + ], "members":{ - "LastModifiedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the relay was last modified.

    " + "AddressListId":{ + "shape":"AddressListId", + "documentation":"

    The unique identifier of the address list where the address should be added.

    " }, + "Address":{ + "shape":"Address", + "documentation":"

    The address to be added to the address list.

    " + } + } + }, + "RegisterMemberToAddressListResponse":{ + "type":"structure", + "members":{} + }, + "Relay":{ + "type":"structure", + "members":{ "RelayId":{ "shape":"RelayId", "documentation":"

    The unique relay identifier.

    " @@ -2928,6 +3858,10 @@ "RelayName":{ "shape":"RelayName", "documentation":"

    The unique relay name.

    " + }, + "LastModifiedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the relay was last modified.

    " } }, "documentation":"

    The relay resource that can be used as a rule to relay receiving emails to the destination relay server.

    " @@ -2940,13 +3874,13 @@ "shape":"ActionFailurePolicy", "documentation":"

    A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, the specified relay has been deleted.

    " }, - "MailFrom":{ - "shape":"MailFrom", - "documentation":"

    This action specifies whether to preserve or replace original mail from address while relaying received emails to a destination server.

    " - }, "Relay":{ "shape":"IdOrArn", "documentation":"

    The identifier of the relay resource to be used when relaying an email.

    " + }, + "MailFrom":{ + "shape":"MailFrom", + "documentation":"

    This action specifies whether to preserve or replace original mail from address while relaying received emails to a destination server.

    " } }, "documentation":"

    The action relays the email via SMTP to another specific SMTP server.

    " @@ -2955,13 +3889,13 @@ "RelayAuthentication":{ "type":"structure", "members":{ - "NoAuthentication":{ - "shape":"NoAuthentication", - "documentation":"

    Keep an empty structure if the relay destination server does not require SMTP credential authentication.

    " - }, "SecretArn":{ "shape":"SecretArn", "documentation":"

    The ARN of the secret created in secrets manager where the relay server's SMTP credentials are stored.

    " + }, + "NoAuthentication":{ + "shape":"NoAuthentication", + "documentation":"

    Keep an empty structure if the relay destination server does not require SMTP credential authentication.

    " } }, "documentation":"

    Authentication for the relay destination server—specify the secretARN where the SMTP credentials are stored, or specify an empty NoAuthentication structure if the relay destination server does not require SMTP credential authentication.

    ", @@ -2971,19 +3905,19 @@ "type":"string", "max":100, "min":1, - "pattern":"^[a-zA-Z0-9-]+$" + "pattern":"[a-zA-Z0-9-]+" }, "RelayName":{ "type":"string", "max":100, "min":1, - "pattern":"^[a-zA-Z0-9-_]+$" + "pattern":"[a-zA-Z0-9-_]+" }, "RelayServerName":{ "type":"string", "max":100, "min":1, - "pattern":"^[a-zA-Z0-9-\\.]+$" + "pattern":"[a-zA-Z0-9-\\.]+" }, "RelayServerPort":{ "type":"integer", @@ -3017,7 +3951,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[\\sa-zA-Z0-9_]+$" + "pattern":"(addon\\.)?[\\sa-zA-Z0-9_]+" }, "RetentionPeriod":{ "type":"string", @@ -3047,61 +3981,45 @@ "shape":"ArchivedMessageId", "documentation":"

    The unique identifier of the archived message.

    " }, - "Cc":{ - "shape":"String", - "documentation":"

    The email addresses in the CC header.

    " + "ReceivedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the email was received.

    " }, "Date":{ "shape":"String", "documentation":"

    The date the email was sent.

    " }, - "Envelope":{ - "shape":"Envelope", - "documentation":"

    The SMTP envelope information of the email.

    " + "To":{ + "shape":"String", + "documentation":"

    The email addresses in the To header.

    " }, "From":{ "shape":"String", "documentation":"

    The email address of the sender.

    " }, - "HasAttachments":{ - "shape":"Boolean", - "documentation":"

    A flag indicating if the email has attachments.

    " - }, - "InReplyTo":{ + "Cc":{ "shape":"String", - "documentation":"

    The email message ID this is a reply to.

    " + "documentation":"

    The email addresses in the CC header.

    " }, - "IngressPointId":{ - "shape":"IngressPointId", - "documentation":"

    The ID of the ingress endpoint through which the email was received.

    " + "Subject":{ + "shape":"String", + "documentation":"

    The subject header value of the email.

    " }, "MessageId":{ "shape":"String", "documentation":"

    The unique message ID of the email.

    " }, + "HasAttachments":{ + "shape":"Boolean", + "documentation":"

    A flag indicating if the email has attachments.

    " + }, "ReceivedHeaders":{ "shape":"EmailReceivedHeadersList", "documentation":"

    The received headers from the email delivery path.

    " }, - "ReceivedTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the email was received.

    " - }, - "SenderHostname":{ - "shape":"String", - "documentation":"

    The name of the host from which the email was received.

    " - }, - "SenderIpAddress":{ - "shape":"SenderIpAddress", - "documentation":"

    The IP address of the host from which the email was received.

    " - }, - "Subject":{ - "shape":"String", - "documentation":"

    The subject header value of the email.

    " - }, - "To":{ + "InReplyTo":{ "shape":"String", - "documentation":"

    The email addresses in the To header.

    " + "documentation":"

    The email message ID this is a reply to.

    " }, "XMailer":{ "shape":"String", @@ -3114,6 +4032,26 @@ "XPriority":{ "shape":"String", "documentation":"

    The priority level of the email.

    " + }, + "IngressPointId":{ + "shape":"IngressPointId", + "documentation":"

    The ID of the ingress endpoint through which the email was received.

    " + }, + "SenderHostname":{ + "shape":"String", + "documentation":"

    The name of the host from which the email was received.

    " + }, + "SenderIpAddress":{ + "shape":"SenderIpAddress", + "documentation":"

    • Mail archived with Mail Manager: The IP address of the client that connects to the ingress endpoint.

    • Mail sent through a configuration set with the archiving option enabled: The IP address of the client that makes the SendEmail API call.

    " + }, + "Envelope":{ + "shape":"Envelope", + "documentation":"

    The SMTP envelope information of the email.

    " + }, + "SourceArn":{ + "shape":"String", + "documentation":"

    Specifies the archived email source, identified by either a Rule Set's ARN with an Archive action, or a Configuration Set's Archive ARN.

    " } }, "documentation":"

    A result row containing metadata for an archived email message.

    " @@ -3126,21 +4064,21 @@ "type":"structure", "required":["Actions"], "members":{ - "Actions":{ - "shape":"RuleActions", - "documentation":"

    The list of actions to execute when the conditions match the incoming email, and none of the \"unless conditions\" match.

    " + "Name":{ + "shape":"RuleName", + "documentation":"

    The user-friendly name of the rule.

    " }, "Conditions":{ "shape":"RuleConditions", "documentation":"

    The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any \"unless conditions\"

    " }, - "Name":{ - "shape":"RuleName", - "documentation":"

    The user-friendly name of the rule.

    " - }, "Unless":{ "shape":"RuleConditions", "documentation":"

    The \"unless conditions\" of this rule. None of the conditions can match the email for the actions to be executed. If any of these conditions do match the email, then the actions are not executed.

    " + }, + "Actions":{ + "shape":"RuleActions", + "documentation":"

    The list of actions to execute when the conditions match the incoming email, and none of the \"unless conditions\" match.

    " } }, "documentation":"

    A rule contains conditions, \"unless conditions\" and actions. For each envelope recipient of an email, if all conditions match and none of the \"unless conditions\" match, then all of the actions are executed sequentially. If no conditions are provided, the rule always applies and the actions are implicitly executed. If only \"unless conditions\" are provided, the rule applies if the email does not match the evaluation of the \"unless conditions\".

    " @@ -3148,22 +4086,6 @@ "RuleAction":{ "type":"structure", "members":{ - "AddHeader":{ - "shape":"AddHeaderAction", - "documentation":"

    This action adds a header. This can be used to add arbitrary email headers.

    " - }, - "Archive":{ - "shape":"ArchiveAction", - "documentation":"

    This action archives the email. This can be used to deliver an email to an archive.

    " - }, - "DeliverToMailbox":{ - "shape":"DeliverToMailboxAction", - "documentation":"

    This action delivers an email to a WorkMail mailbox.

    " - }, - "DeliverToQBusiness":{ - "shape":"DeliverToQBusinessAction", - "documentation":"

    This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.

    " - }, "Drop":{ "shape":"DropAction", "documentation":"

    This action terminates the evaluation of rules in the rule set.

    " @@ -3172,17 +4094,37 @@ "shape":"RelayAction", "documentation":"

    This action relays the email to another SMTP server.

    " }, - "ReplaceRecipient":{ - "shape":"ReplaceRecipientAction", - "documentation":"

    The action replaces certain or all recipients with a different set of recipients.

    " + "Archive":{ + "shape":"ArchiveAction", + "documentation":"

    This action archives the email. This can be used to deliver an email to an archive.

    " + }, + "WriteToS3":{ + "shape":"S3Action", + "documentation":"

    This action writes the MIME content of the email to an S3 bucket.

    " }, "Send":{ "shape":"SendAction", "documentation":"

    This action sends the email to the internet.

    " }, - "WriteToS3":{ - "shape":"S3Action", - "documentation":"

    This action writes the MIME content of the email to an S3 bucket.

    " + "AddHeader":{ + "shape":"AddHeaderAction", + "documentation":"

    This action adds a header. This can be used to add arbitrary email headers.

    " + }, + "ReplaceRecipient":{ + "shape":"ReplaceRecipientAction", + "documentation":"

    The action replaces certain or all recipients with a different set of recipients.

    " + }, + "DeliverToMailbox":{ + "shape":"DeliverToMailboxAction", + "documentation":"

    This action delivers an email to a WorkMail mailbox.

    " + }, + "DeliverToQBusiness":{ + "shape":"DeliverToQBusinessAction", + "documentation":"

    This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.

    " + }, + "PublishToSns":{ + "shape":"SnsAction", + "documentation":"

    This action publishes the email content to an Amazon SNS topic.

    " } }, "documentation":"

    The action for a rule to take. Only one of the contained actions can be set.

    ", @@ -3194,6 +4136,23 @@ "max":10, "min":1 }, + "RuleAddressListArnList":{ + "type":"list", + "member":{"shape":"AddressListArn"}, + "max":1, + "min":1 + }, + "RuleAddressListEmailAttribute":{ + "type":"string", + "enum":[ + "RECIPIENT", + "MAIL_FROM", + "SENDER", + "FROM", + "TO", + "CC" + ] + }, "RuleBooleanEmailAttribute":{ "type":"string", "enum":[ @@ -3233,6 +4192,14 @@ "Attribute":{ "shape":"RuleBooleanEmailAttribute", "documentation":"

    The boolean type representing the allowed attribute types for an email.

    " + }, + "Analysis":{ + "shape":"Analysis", + "documentation":"

    The Add On ARN and its returned value to evaluate in a boolean condition expression.

    " + }, + "IsInAddressList":{ + "shape":"RuleIsInAddressList", + "documentation":"

    The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.

    " } }, "documentation":"

    The union type representing the allowed types of operands for a boolean condition.

    ", @@ -3245,25 +4212,25 @@ "shape":"RuleBooleanExpression", "documentation":"

    The condition applies to a boolean expression passed in this field.

    " }, - "DmarcExpression":{ - "shape":"RuleDmarcExpression", - "documentation":"

    The condition applies to a DMARC policy expression passed in this field.

    " - }, - "IpExpression":{ - "shape":"RuleIpExpression", - "documentation":"

    The condition applies to an IP address expression passed in this field.

    " + "StringExpression":{ + "shape":"RuleStringExpression", + "documentation":"

    The condition applies to a string expression passed in this field.

    " }, "NumberExpression":{ "shape":"RuleNumberExpression", "documentation":"

    The condition applies to a number expression passed in this field.

    " }, - "StringExpression":{ - "shape":"RuleStringExpression", - "documentation":"

    The condition applies to a string expression passed in this field.

    " + "IpExpression":{ + "shape":"RuleIpExpression", + "documentation":"

    The condition applies to an IP address expression passed in this field.

    " }, "VerdictExpression":{ "shape":"RuleVerdictExpression", "documentation":"

    The condition applies to a verdict expression passed in this field.

    " + }, + "DmarcExpression":{ + "shape":"RuleDmarcExpression", + "documentation":"

    The condition applies to a DMARC policy expression passed in this field.

    " } }, "documentation":"

    The conditional expression used to evaluate an email for determining if a rule action should be taken.

    ", @@ -3350,9 +4317,9 @@ }, "RuleIpStringValue":{ "type":"string", - "max":18, + "max":43, "min":1, - "pattern":"^(([0-9]|.|/)*)$" + "pattern":"(([0-9]|.|:|/)*)" }, "RuleIpToEvaluate":{ "type":"structure", @@ -3371,11 +4338,29 @@ "max":10, "min":1 }, + "RuleIsInAddressList":{ + "type":"structure", + "required":[ + "Attribute", + "AddressLists" + ], + "members":{ + "Attribute":{ + "shape":"RuleAddressListEmailAttribute", + "documentation":"

    The email attribute that needs to be evaluated against the address list.

    " + }, + "AddressLists":{ + "shape":"RuleAddressListArnList", + "documentation":"

    The address lists that will be used for evaluation.

    " + } + }, + "documentation":"

    The structure type for a boolean condition that provides the address lists and address list attribute to evaluate.

    " + }, "RuleName":{ "type":"string", "max":32, "min":1, - "pattern":"^[a-zA-Z0-9_.-]+$" + "pattern":"[a-zA-Z0-9_.-]+" }, "RuleNumberEmailAttribute":{ "type":"string", @@ -3429,10 +4414,6 @@ "RuleSet":{ "type":"structure", "members":{ - "LastModificationDate":{ - "shape":"Timestamp", - "documentation":"

    The last modification date of the rule set.

    " - }, "RuleSetId":{ "shape":"RuleSetId", "documentation":"

    The identifier of the rule set.

    " @@ -3440,6 +4421,10 @@ "RuleSetName":{ "shape":"RuleSetName", "documentation":"

    A user-friendly name for the rule set.

    " + }, + "LastModificationDate":{ + "shape":"Timestamp", + "documentation":"

    The last modification date of the rule set.

    " } }, "documentation":"

    A rule set contains a list of rules that are evaluated in order. Each rule is evaluated sequentially for each email.

    " @@ -3454,7 +4439,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^[a-zA-Z0-9_.-]+$" + "pattern":"[a-zA-Z0-9_.-]+" }, "RuleSets":{ "type":"list", @@ -3522,6 +4507,10 @@ "MimeHeaderAttribute":{ "shape":"MimeHeaderAttribute", "documentation":"

    The email MIME X-Header attribute to evaluate in a string condition expression.

    " + }, + "Analysis":{ + "shape":"Analysis", + "documentation":"

    The Add On ARN and its returned value to evaluate in a string condition expression.

    " } }, "documentation":"

    The string to evaluate in a string condition expression.

    ", @@ -3581,13 +4570,13 @@ "RuleVerdictToEvaluate":{ "type":"structure", "members":{ - "Analysis":{ - "shape":"Analysis", - "documentation":"

    The Add On ARN and its returned value to evaluate in a verdict condition expression.

    " - }, "Attribute":{ "shape":"RuleVerdictAttribute", "documentation":"

    The email verdict attribute to evaluate in a string verdict expression.

    " + }, + "Analysis":{ + "shape":"Analysis", + "documentation":"

    The Add On ARN and its returned value to evaluate in a verdict condition expression.

    " } }, "documentation":"

    The verdict to evaluate in a verdict condition expression.

    ", @@ -3639,7 +4628,7 @@ "type":"string", "max":62, "min":1, - "pattern":"^[a-zA-Z0-9.-]+$" + "pattern":"[a-zA-Z0-9.-]+" }, "S3ExportDestinationConfiguration":{ "type":"structure", @@ -3653,15 +4642,37 @@ }, "S3Location":{ "type":"string", - "pattern":"^s3://[a-zA-Z0-9.-]{3,63}(/[a-zA-Z0-9!_.*'()/-]*)*$" + "pattern":"s3://[a-zA-Z0-9.-]{3,63}(/[a-zA-Z0-9!_.*'()/-]*)*" }, "S3Prefix":{ "type":"string", "max":62, "min":1, - "pattern":"^[a-zA-Z0-9!_.*'()/-]+$" + "pattern":"[a-zA-Z0-9!_.*'()/-]+" }, "S3PresignedURL":{"type":"string"}, + "SavedAddress":{ + "type":"structure", + "required":[ + "Address", + "CreatedTimestamp" + ], + "members":{ + "Address":{ + "shape":"Address", + "documentation":"

    The email or domain that constitutes the address.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the address was added to the address list.

    " + } + }, + "documentation":"

    An address that is a member of an address list.

    " + }, + "SavedAddresses":{ + "type":"list", + "member":{"shape":"SavedAddress"} + }, "SearchId":{ "type":"string", "max":64, @@ -3686,21 +4697,21 @@ "SearchStatus":{ "type":"structure", "members":{ + "SubmissionTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the search was submitted.

    " + }, "CompletionTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of when the search completed (if finished).

    " }, - "ErrorMessage":{ - "shape":"ErrorMessage", - "documentation":"

    An error message if the search failed.

    " - }, "State":{ "shape":"SearchState", "documentation":"

    The current state of the search job.

    " }, - "SubmissionTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of when the search was submitted.

    " + "ErrorMessage":{ + "shape":"ErrorMessage", + "documentation":"

    An error message if the search failed.

    " } }, "documentation":"

    The current status of an archive search job.

    " @@ -3725,7 +4736,7 @@ }, "SecretArn":{ "type":"string", - "pattern":"^arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:\\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+$" + "pattern":"arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:\\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+" }, "SendAction":{ "type":"structure", @@ -3758,26 +4769,86 @@ "type":"string", "max":64, "min":8, - "pattern":"^[A-Za-z0-9!@#$%^&*()_+\\-=\\[\\]{}|.,?]+$", + "pattern":"[A-Za-z0-9!@#$%^&*()_+\\-=\\[\\]{}|.,?]+", "sensitive":true }, + "SnsAction":{ + "type":"structure", + "required":[ + "TopicArn", + "RoleArn" + ], + "members":{ + "ActionFailurePolicy":{ + "shape":"ActionFailurePolicy", + "documentation":"

    A policy that states what to do in the case of failure. The action will fail if there are configuration errors. For example, specified SNS topic has been deleted or the role lacks necessary permissions to call the sns:Publish API.

    " + }, + "TopicArn":{ + "shape":"SnsTopicArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon SNS Topic to which notification for the email received will be published.

    " + }, + "RoleArn":{ + "shape":"IamRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Role to use while writing to Amazon SNS. This role must have access to the sns:Publish API for the given topic.

    " + }, + "Encoding":{ + "shape":"SnsNotificationEncoding", + "documentation":"

    The encoding to use for the email within the Amazon SNS notification. The default value is UTF-8. Use BASE64 if you need to preserve all special characters, especially when the original message uses a different encoding format.

    " + }, + "PayloadType":{ + "shape":"SnsNotificationPayloadType", + "documentation":"

    The expected payload type within the Amazon SNS notification. CONTENT attempts to publish the full email content with 20KB of headers content. HEADERS extracts up to 100KB of header content to include in the notification, email content will not be included to the notification. The default value is CONTENT.

    " + } + }, + "documentation":"

    The action to publish the email content to an Amazon SNS topic. When executed, this action will send the email as a notification to the specified SNS topic.

    " + }, + "SnsNotificationEncoding":{ + "type":"string", + "enum":[ + "UTF-8", + "BASE64" + ] + }, + "SnsNotificationPayloadType":{ + "type":"string", + "enum":[ + "HEADERS", + "CONTENT" + ] + }, + "SnsTopicArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(aws|aws-cn|aws-us-gov):sns:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:[\\w\\-]{1,256}" + }, + "StartAddressListImportJobRequest":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the import job that needs to be started.

    " + } + } + }, + "StartAddressListImportJobResponse":{ + "type":"structure", + "members":{} + }, "StartArchiveExportRequest":{ "type":"structure", "required":[ "ArchiveId", - "ExportDestinationConfiguration", "FromTimestamp", - "ToTimestamp" + "ToTimestamp", + "ExportDestinationConfiguration" ], "members":{ "ArchiveId":{ "shape":"ArchiveId", "documentation":"

    The identifier of the archive to export emails from.

    " }, - "ExportDestinationConfiguration":{ - "shape":"ExportDestinationConfiguration", - "documentation":"

    Details on where to deliver the exported email data.

    " - }, "Filters":{ "shape":"ArchiveFilters", "documentation":"

    Criteria to filter which emails are included in the export.

    " @@ -3786,17 +4857,21 @@ "shape":"Timestamp", "documentation":"

    The start of the timestamp range to include emails from.

    " }, - "IncludeMetadata":{ - "shape":"Boolean", - "documentation":"

    Whether to include message metadata as JSON files in the export.

    " + "ToTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The end of the timestamp range to include emails from.

    " }, "MaxResults":{ "shape":"ExportMaxResults", "documentation":"

    The maximum number of email items to include in the export.

    " }, - "ToTimestamp":{ - "shape":"Timestamp", - "documentation":"

    The end of the timestamp range to include emails from.

    " + "ExportDestinationConfiguration":{ + "shape":"ExportDestinationConfiguration", + "documentation":"

    Details on where to deliver the exported email data.

    " + }, + "IncludeMetadata":{ + "shape":"Boolean", + "documentation":"

    Whether to include message metadata as JSON files in the export.

    " } }, "documentation":"

    The request to initiate an export of emails from an archive.

    " @@ -3816,8 +4891,8 @@ "required":[ "ArchiveId", "FromTimestamp", - "MaxResults", - "ToTimestamp" + "ToTimestamp", + "MaxResults" ], "members":{ "ArchiveId":{ @@ -3832,13 +4907,13 @@ "shape":"Timestamp", "documentation":"

    The start timestamp of the range to search emails from.

    " }, - "MaxResults":{ - "shape":"SearchMaxResults", - "documentation":"

    The maximum number of search results to return.

    " - }, "ToTimestamp":{ "shape":"Timestamp", "documentation":"

    The end timestamp of the range to search emails from.

    " + }, + "MaxResults":{ + "shape":"SearchMaxResults", + "documentation":"

    The maximum number of search results to return.

    " } }, "documentation":"

    The request to initiate a search across emails in an archive.

    " @@ -3853,6 +4928,20 @@ }, "documentation":"

    The response from initiating an archive search.

    " }, + "StopAddressListImportJobRequest":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

    The identifier of the import job that needs to be stopped.

    " + } + } + }, + "StopAddressListImportJobResponse":{ + "type":"structure", + "members":{} + }, "StopArchiveExportRequest":{ "type":"structure", "required":["ExportId"], @@ -3866,8 +4955,7 @@ }, "StopArchiveExportResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response indicating if the request to stop the export job succeeded.

    On success, returns an HTTP 200 status code. On failure, returns an error message.

    " }, "StopArchiveSearchRequest":{ @@ -3883,8 +4971,7 @@ }, "StopArchiveSearchResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response indicating if the request to stop the search job succeeded.

    On success, returns an HTTP 200 status code. On failure, returns an error message.

    " }, "String":{"type":"string"}, @@ -3925,8 +5012,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[a-zA-Z0-9/_\\+=\\.:@\\-]+$", - "sensitive":true + "pattern":"[a-zA-Z0-9/_\\+=\\.:@\\-]+" }, "TagKeyList":{ "type":"list", @@ -3959,21 +5045,19 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"^[a-zA-Z0-9/_\\+=\\.:@\\-]*$", - "sensitive":true + "pattern":"[a-zA-Z0-9/_\\+=\\.:@\\-]*" }, "TaggableResourceArn":{ "type":"string", "max":1011, "min":20, - "pattern":"^arn:aws(|-cn|-us-gov):ses:[a-z0-9-]{1,20}:[0-9]{12}:(mailmanager-|addon-).+$" + "pattern":"arn:aws(|-cn|-us-gov):ses:[a-z0-9-]{1,20}:[0-9]{12}:(mailmanager-|addon-).+" }, "ThrottlingException":{ "type":"structure", @@ -3987,22 +5071,22 @@ "TrafficPolicy":{ "type":"structure", "required":[ - "DefaultAction", + "TrafficPolicyName", "TrafficPolicyId", - "TrafficPolicyName" + "DefaultAction" ], "members":{ - "DefaultAction":{ - "shape":"AcceptAction", - "documentation":"

    Default action instructs the traffic policy to either Allow or Deny (block) messages that fall outside of (or not addressed by) the conditions of your policy statements

    " + "TrafficPolicyName":{ + "shape":"TrafficPolicyName", + "documentation":"

    A user-friendly name of the traffic policy resource.

    " }, "TrafficPolicyId":{ "shape":"TrafficPolicyId", "documentation":"

    The identifier of the traffic policy resource.

    " }, - "TrafficPolicyName":{ - "shape":"TrafficPolicyName", - "documentation":"

    A user-friendly name of the traffic policy resource.

    " + "DefaultAction":{ + "shape":"AcceptAction", + "documentation":"

    Default action instructs the traffic policy to either Allow or Deny (block) messages that fall outside of (or not addressed by) the conditions of your policy statements

    " } }, "documentation":"

    The structure of a traffic policy resource which is a container for policy statements.

    " @@ -4021,7 +5105,7 @@ "type":"string", "max":63, "min":3, - "pattern":"^[A-Za-z0-9_\\-]+$" + "pattern":"[A-Za-z0-9_\\-]+" }, "UntagResourceRequest":{ "type":"structure", @@ -4042,8 +5126,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateArchiveRequest":{ "type":"structure", @@ -4066,18 +5149,13 @@ }, "UpdateArchiveResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response indicating if the archive update succeeded or failed.

    On success, returns an HTTP 200 status code. On failure, returns an error message.

    " }, "UpdateIngressPointRequest":{ "type":"structure", "required":["IngressPointId"], "members":{ - "IngressPointConfiguration":{ - "shape":"IngressPointConfiguration", - "documentation":"

    If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.

    " - }, "IngressPointId":{ "shape":"IngressPointId", "documentation":"

    The identifier for the ingress endpoint you want to update.

    " @@ -4086,33 +5164,32 @@ "shape":"IngressPointName", "documentation":"

    A user friendly name for the ingress endpoint resource.

    " }, - "RuleSetId":{ - "shape":"RuleSetId", - "documentation":"

    The identifier of an existing rule set that you attach to an ingress endpoint resource.

    " - }, "StatusToUpdate":{ "shape":"IngressPointStatusToUpdate", "documentation":"

    The update status of an ingress endpoint.

    " }, + "RuleSetId":{ + "shape":"RuleSetId", + "documentation":"

    The identifier of an existing rule set that you attach to an ingress endpoint resource.

    " + }, "TrafficPolicyId":{ "shape":"TrafficPolicyId", "documentation":"

    The identifier of an existing traffic policy that you attach to an ingress endpoint resource.

    " + }, + "IngressPointConfiguration":{ + "shape":"IngressPointConfiguration", + "documentation":"

    If you choose an Authenticated ingress endpoint, you must configure either an SMTP password or a secret ARN.

    " } } }, "UpdateIngressPointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRelayRequest":{ "type":"structure", "required":["RelayId"], "members":{ - "Authentication":{ - "shape":"RelayAuthentication", - "documentation":"

    Authentication for the relay destination server—specify the secretARN where the SMTP credentials are stored.

    " - }, "RelayId":{ "shape":"RelayId", "documentation":"

    The unique relay identifier.

    " @@ -4128,13 +5205,16 @@ "ServerPort":{ "shape":"RelayServerPort", "documentation":"

    The destination relay server port.

    " + }, + "Authentication":{ + "shape":"RelayAuthentication", + "documentation":"

    Authentication for the relay destination server—specify the secretARN where the SMTP credentials are stored.

    " } } }, "UpdateRelayResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRuleSetRequest":{ "type":"structure", @@ -4156,25 +5236,12 @@ }, "UpdateRuleSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTrafficPolicyRequest":{ "type":"structure", "required":["TrafficPolicyId"], "members":{ - "DefaultAction":{ - "shape":"AcceptAction", - "documentation":"

    Default action instructs the traffic policy to either Allow or Deny (block) messages that fall outside of (or not addressed by) the conditions of your policy statements

    " - }, - "MaxMessageSizeBytes":{ - "shape":"MaxMessageSizeBytes", - "documentation":"

    The maximum message size in bytes of email which is allowed in by this traffic policy—anything larger will be blocked.

    " - }, - "PolicyStatements":{ - "shape":"PolicyStatementList", - "documentation":"

    The list of conditions to be updated for filtering email traffic.

    " - }, "TrafficPolicyId":{ "shape":"TrafficPolicyId", "documentation":"

    The identifier of the traffic policy that you want to update.

    " @@ -4182,13 +5249,24 @@ "TrafficPolicyName":{ "shape":"TrafficPolicyName", "documentation":"

    A user-friendly name for the traffic policy resource.

    " + }, + "PolicyStatements":{ + "shape":"PolicyStatementList", + "documentation":"

    The list of conditions to be updated for filtering email traffic.

    " + }, + "DefaultAction":{ + "shape":"AcceptAction", + "documentation":"

    Default action instructs the traffic policy to either Allow or Deny (block) messages that fall outside of (or not addressed by) the conditions of your policy statements

    " + }, + "MaxMessageSizeBytes":{ + "shape":"MaxMessageSizeBytes", + "documentation":"

    The maximum message size in bytes of email which is allowed in by this traffic policy—anything larger will be blocked.

    " } } }, "UpdateTrafficPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -4197,6 +5275,10 @@ }, "documentation":"

    The request validation has failed. For details, see the accompanying error message.

    ", "exception":true + }, + "VpcEndpointId":{ + "type":"string", + "pattern":"vpce-[a-zA-Z0-9]{17}" } }, "documentation":"

    Amazon SES Mail Manager API

    The Amazon SES Mail Manager API contains operations and data types that comprise the Mail Manager feature of Amazon Simple Email Service (SES).

    Mail Manager is a set of Amazon SES email gateway features designed to help you strengthen your organization's email infrastructure, simplify email workflow management, and streamline email compliance control. To learn more, see the Mail Manager chapter in the Amazon SES Developer Guide.

    " diff -pruN 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/waiters-2.json 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/waiters-2.json --- 2.23.6-1/awscli/botocore/data/mailmanager/2023-10-17/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mailmanager/2023-10-17/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/managedblockchain/2018-09-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/managedblockchain/2018-09-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/managedblockchain/2018-09-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/managedblockchain/2018-09-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/managedblockchain/2018-09-24/service-2.json 2.31.35-1/awscli/botocore/data/managedblockchain/2018-09-24/service-2.json --- 2.23.6-1/awscli/botocore/data/managedblockchain/2018-09-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/managedblockchain/2018-09-24/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,7 +11,8 @@ "serviceId":"ManagedBlockchain", "signatureVersion":"v4", "signingName":"managedblockchain", - "uid":"managedblockchain-2018-09-24" + "uid":"managedblockchain-2018-09-24", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateAccessor":{ @@ -879,8 +880,7 @@ }, "DeleteAccessorOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMemberInput":{ "type":"structure", @@ -905,8 +905,7 @@ }, "DeleteMemberOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNodeInput":{ "type":"structure", @@ -937,8 +936,7 @@ }, "DeleteNodeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescriptionString":{ "type":"string", @@ -1125,8 +1123,7 @@ "InstanceTypeString":{"type":"string"}, "InternalServiceErrorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request processing has failed because of an unknown error, exception or failure.

    ", "error":{"httpStatusCode":500}, "exception":true @@ -2315,8 +2312,7 @@ }, "RejectInvitationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveAction":{ "type":"structure", @@ -2418,8 +2414,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2441,8 +2436,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request or operation couldn't be performed because a service is throttling requests. The most common source of throttling errors is creating resources that exceed your service limit for this resource type. Request a limit increase or delete unused resources if possible.

    ", "error":{"httpStatusCode":429}, "exception":true @@ -2487,8 +2481,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMemberInput":{ "type":"structure", @@ -2517,8 +2510,7 @@ }, "UpdateMemberOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNodeInput":{ "type":"structure", @@ -2551,8 +2543,7 @@ }, "UpdateNodeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UsernameString":{ "type":"string", @@ -2597,8 +2588,7 @@ }, "VoteOnProposalOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "VoteSummary":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/managedblockchain-query/2023-05-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/managedblockchain-query/2023-05-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/managedblockchain-query/2023-05-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/managedblockchain-query/2023-05-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-agreement/2020-03-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplace-agreement/2020-03-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplace-agreement/2020-03-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-agreement/2020-03-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-catalog/2018-09-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplace-catalog/2018-09-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplace-catalog/2018-09-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-catalog/2018-09-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-catalog/2018-09-17/service-2.json 2.31.35-1/awscli/botocore/data/marketplace-catalog/2018-09-17/service-2.json --- 2.23.6-1/awscli/botocore/data/marketplace-catalog/2018-09-17/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-catalog/2018-09-17/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"catalog.marketplace", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"AWS Marketplace Catalog", "serviceFullName":"AWS Marketplace Catalog Service", "serviceId":"Marketplace Catalog", "signatureVersion":"v4", "signingName":"aws-marketplace", - "uid":"marketplace-catalog-2018-09-17" + "uid":"marketplace-catalog-2018-09-17", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchDescribeEntities":{ @@ -200,7 +202,7 @@ {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Allows you to request changes for your entities. Within a single ChangeSet, you can't start the same change type against the same entity multiple times. Additionally, when a ChangeSet is running, all the entities targeted by the different changes are locked until the change set has completed (either succeeded, cancelled, or failed). If you try to start a change set containing a change against an entity that is already locked, you will receive a ResourceInUseException error.

    For example, you can't start the ChangeSet described in the example later in this topic because it contains two changes to run the same change type (AddRevisions) against the same entity (entity-id@1).

    For more information about working with change sets, see Working with change sets. For information about change types for single-AMI products, see Working with single-AMI products. Also, for more information about change types available for container-based products, see Working with container products.

    " + "documentation":"

    Allows you to request changes for your entities. Within a single ChangeSet, you can't start the same change type against the same entity multiple times. Additionally, when a ChangeSet is running, all the entities targeted by the different changes are locked until the change set has completed (either succeeded, cancelled, or failed). If you try to start a change set containing a change against an entity that is already locked, you will receive a ResourceInUseException error.

    For example, you can't start the ChangeSet described in the example later in this topic because it contains two changes to run the same change type (AddRevisions) against the same entity (entity-id@1).

    For more information about working with change sets, see Working with change sets. For information about change types for single-AMI products, see Working with single-AMI products. Also, for more information about change types available for container-based products, see Working with container products.

    To download \"DetailsDocument\" shapes, see Python and Java shapes on GitHub.

    " }, "TagResource":{ "name":"TagResource", @@ -524,7 +526,7 @@ }, "DetailsDocument":{ "shape":"JsonDocumentType", - "documentation":"

    Alternative field that accepts a JSON value instead of a string for ChangeType details. You can use either Details or DetailsDocument, but not both.

    " + "documentation":"

    Alternative field that accepts a JSON value instead of a string for ChangeType details. You can use either Details or DetailsDocument, but not both.

    To download the \"DetailsDocument\" shapes, see the Python and Java shapes on GitHub.

    " }, "ChangeName":{ "shape":"ChangeName", @@ -618,7 +620,7 @@ }, "DetailsDocument":{ "shape":"JsonDocumentType", - "documentation":"

    The JSON value of the details specific to the change type of the requested change.

    " + "documentation":"

    The JSON value of the details specific to the change type of the requested change.

    To download the \"DetailsDocument\" shapes, see the Python and Java shapes on GitHub.

    " }, "ErrorDetailList":{ "shape":"ErrorDetailList", @@ -731,7 +733,8 @@ "EntityId", "LastModifiedDate", "ProductTitle", - "Visibility" + "Visibility", + "CompatibleAWSServices" ] }, "ContainerProductSummary":{ @@ -976,8 +979,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeChangeSetRequest":{ "type":"structure", @@ -1091,7 +1093,7 @@ }, "DetailsDocument":{ "shape":"JsonDocumentType", - "documentation":"

    The JSON value of the details specific to the entity.

    " + "documentation":"

    The JSON value of the details specific to the entity.

    To download \"DetailsDocument\" shapes, see the Python and Java shapes on GitHub.

    " } } }, @@ -1227,7 +1229,8 @@ "ResaleAuthorizationSummary":{ "shape":"ResaleAuthorizationSummary", "documentation":"

    An object that contains summary information about the Resale Authorization.

    " - } + }, + "MachineLearningProductSummary":{"shape":"MachineLearningProductSummary"} }, "documentation":"

    This object is a container for common summary information about the entity. The summary doesn't contain the whole entity structure, but it does contain information common across all entities.

    " }, @@ -1267,7 +1270,8 @@ "ResaleAuthorizationFilters":{ "shape":"ResaleAuthorizationFilters", "documentation":"

    A filter for Resale Authorizations.

    " - } + }, + "MachineLearningProductFilters":{"shape":"MachineLearningProductFilters"} }, "documentation":"

    Object containing all the filter fields per entity type.

    ", "union":true @@ -1298,7 +1302,8 @@ "ResaleAuthorizationSort":{ "shape":"ResaleAuthorizationSort", "documentation":"

    A sort for Resale Authorizations.

    " - } + }, + "MachineLearningProductSort":{"shape":"MachineLearningProductSort"} }, "documentation":"

    Object containing all the sort fields per entity type.

    ", "union":true @@ -1429,8 +1434,7 @@ }, "JsonDocumentType":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "ListChangeSetsMaxResultInteger":{ @@ -1565,6 +1569,169 @@ } } }, + "MachineLearningProductEntityIdFilter":{ + "type":"structure", + "members":{ + "ValueList":{ + "shape":"MachineLearningProductEntityIdFilterValueList", + "documentation":"

    A list of entity IDs to filter by. The operation returns machine learning products with entity IDs that match the values in this list.

    " + } + }, + "documentation":"

    The filter for machine learning product entity IDs.

    " + }, + "MachineLearningProductEntityIdFilterValueList":{ + "type":"list", + "member":{"shape":"MachineLearningProductEntityIdString"}, + "documentation":"

    A list of entity ID values to filter by. You can include up to 10 entity IDs in this list.

    ", + "max":10, + "min":1 + }, + "MachineLearningProductEntityIdString":{ + "type":"string", + "documentation":"

    The entity ID of a machine learning product. This string uniquely identifies the product.

    ", + "max":255, + "min":1, + "pattern":"^[a-zA-Z0-9][.a-zA-Z0-9/-]+[a-zA-Z0-9]$" + }, + "MachineLearningProductFilters":{ + "type":"structure", + "members":{ + "EntityId":{ + "shape":"MachineLearningProductEntityIdFilter", + "documentation":"

    Filter machine learning products by their entity IDs.

    " + }, + "LastModifiedDate":{ + "shape":"MachineLearningProductLastModifiedDateFilter", + "documentation":"

    Filter machine learning products by their last modified date.

    " + }, + "ProductTitle":{ + "shape":"MachineLearningProductTitleFilter", + "documentation":"

    Filter machine learning products by their product titles.

    " + }, + "Visibility":{ + "shape":"MachineLearningProductVisibilityFilter", + "documentation":"

    Filter machine learning products by their visibility status.

    " + } + }, + "documentation":"

    The filters that you can use with the ListEntities operation to filter machine learning products. You can filter by EntityId, astModifiedDate, ProductTitle, and Visibility.

    " + }, + "MachineLearningProductLastModifiedDateFilter":{ + "type":"structure", + "members":{ + "DateRange":{ + "shape":"MachineLearningProductLastModifiedDateFilterDateRange", + "documentation":"

    A date range to filter by. The operation returns machine learning products with last modified dates that fall within this range.

    " + } + }, + "documentation":"

    The filter for machine learning product last modified date.

    " + }, + "MachineLearningProductLastModifiedDateFilterDateRange":{ + "type":"structure", + "members":{ + "AfterValue":{ + "shape":"DateTimeISO8601", + "documentation":"

    The start date (inclusive) of the date range. The operation returns machine learning products with last modified dates on or after this date.

    " + }, + "BeforeValue":{ + "shape":"DateTimeISO8601", + "documentation":"

    The end date (inclusive) of the date range. The operation returns machine learning products with last modified dates on or before this date.

    " + } + }, + "documentation":"

    A date range for filtering machine learning products by their last modified date.

    " + }, + "MachineLearningProductSort":{ + "type":"structure", + "members":{ + "SortBy":{ + "shape":"MachineLearningProductSortBy", + "documentation":"

    The field to sort by. Valid values: EntityId, LastModifiedDate, ProductTitle, and Visibility.

    " + }, + "SortOrder":{ + "shape":"SortOrder", + "documentation":"

    The sort order. Valid values are ASC (ascending) and DESC (descending).

    " + } + }, + "documentation":"

    The sort options for machine learning products.

    " + }, + "MachineLearningProductSortBy":{ + "type":"string", + "documentation":"

    The fields that you can sort machine learning products by.

    ", + "enum":[ + "EntityId", + "LastModifiedDate", + "ProductTitle", + "Visibility" + ] + }, + "MachineLearningProductSummary":{ + "type":"structure", + "members":{ + "ProductTitle":{ + "shape":"MachineLearningProductTitleString", + "documentation":"

    The title of the machine learning product.

    " + }, + "Visibility":{ + "shape":"MachineLearningProductVisibilityString", + "documentation":"

    The visibility status of the machine learning product. Valid values are Limited, Public, Restricted, and Draft.

    " + } + }, + "documentation":"

    A summary of a machine learning product.

    " + }, + "MachineLearningProductTitleFilter":{ + "type":"structure", + "members":{ + "ValueList":{ + "shape":"MachineLearningProductTitleFilterValueList", + "documentation":"

    A list of product titles to filter by. The operation returns machine learning products with titles that exactly match the values in this list.

    " + }, + "WildCardValue":{ + "shape":"MachineLearningProductTitleString", + "documentation":"

    A wildcard value to filter product titles. The operation returns machine learning products with titles that match this wildcard pattern.

    " + } + }, + "documentation":"

    The filter for machine learning product titles.

    " + }, + "MachineLearningProductTitleFilterValueList":{ + "type":"list", + "member":{"shape":"MachineLearningProductTitleString"}, + "documentation":"

    A list of product title values to filter by. You can include up to 10 product titles in this list.

    ", + "max":10, + "min":1 + }, + "MachineLearningProductTitleString":{ + "type":"string", + "documentation":"

    The title of a machine learning product.

    ", + "max":255, + "min":1, + "pattern":"^(.)+$" + }, + "MachineLearningProductVisibilityFilter":{ + "type":"structure", + "members":{ + "ValueList":{ + "shape":"MachineLearningProductVisibilityFilterValueList", + "documentation":"

    A list of visibility values to filter by. The operation returns machine learning products with visibility status that match the values in this list.

    " + } + }, + "documentation":"

    The filter for machine learning product visibility status.

    " + }, + "MachineLearningProductVisibilityFilterValueList":{ + "type":"list", + "member":{"shape":"MachineLearningProductVisibilityString"}, + "documentation":"

    A list of visibility status values to filter by. You can include up to 10 visibility status values in this list.

    ", + "max":10, + "min":1 + }, + "MachineLearningProductVisibilityString":{ + "type":"string", + "documentation":"

    The visibility status of a machine learning product. Valid values are:

    • Limited - The product is available to a limited set of buyers.

    • Public - The product is publicly available to all buyers.

    • Restricted - The product has restricted availability.

    • Draft - The product is in draft state and not yet available to buyers.

    ", + "enum":[ + "Limited", + "Public", + "Restricted", + "Draft" + ] + }, "NextToken":{ "type":"string", "max":2048, @@ -1956,8 +2123,7 @@ }, "PutResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RequestedChangeList":{ "type":"list", @@ -2629,7 +2795,8 @@ "EntityId", "ProductTitle", "Visibility", - "LastModifiedDate" + "LastModifiedDate", + "DeliveryOptionTypes" ] }, "SaaSProductSummary":{ @@ -2836,8 +3003,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2874,8 +3040,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -2900,5 +3065,5 @@ "pattern":"^[a-zA-Z]+$" } }, - "documentation":"

    Catalog API actions allow you to manage your entities through list, describe, and update capabilities. An entity can be a product or an offer on AWS Marketplace.

    You can automate your entity update process by integrating the AWS Marketplace Catalog API with your AWS Marketplace product build or deployment pipelines. You can also create your own applications on top of the Catalog API to manage your products on AWS Marketplace.

    " + "documentation":"

    Catalog API actions allow you to manage your entities through list, describe, and update capabilities. An entity can be a product or an offer on AWS Marketplace.

    You can automate your entity update process by integrating the AWS Marketplace Catalog API with your AWS Marketplace product build or deployment pipelines. You can also create your own applications on top of the Catalog API to manage your products on AWS Marketplace.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-deployment/2023-01-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplace-deployment/2023-01-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplace-deployment/2023-01-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-deployment/2023-01-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-deployment/2023-01-25/service-2.json 2.31.35-1/awscli/botocore/data/marketplace-deployment/2023-01-25/service-2.json --- 2.23.6-1/awscli/botocore/data/marketplace-deployment/2023-01-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-deployment/2023-01-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"deployment-marketplace", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS Marketplace Deployment Service", "serviceId":"Marketplace Deployment", "signatureVersion":"v4", "signingName":"aws-marketplace", - "uid":"marketplace-deployment-2023-01-25" + "uid":"marketplace-deployment-2023-01-25", + "auth":["aws.auth#sigv4"] }, "operations":{ "ListTagsForResource":{ @@ -153,7 +155,7 @@ "documentation":"

    The text to encrypt and store in the secret.

    " } }, - "documentation":"

    The shape containing the requested deployment parameter name and secretString.

    " + "documentation":"

    The shape containing the requested deployment parameter name and secretString.

    To support AWS CloudFormation dynamic references to this resource using Quick Launch, this value must match a parameter defined in the CloudFormation templated provided to buyers.

    " }, "DeploymentParameterName":{ "type":"string", @@ -215,13 +217,13 @@ }, "catalog":{ "shape":"Catalog", - "documentation":"

    The catalog related to the request. Fixed value: AWS Marketplace

    ", + "documentation":"

    The catalog related to the request. Fixed value: AWSMarketplace

    ", "location":"uri", "locationName":"catalog" }, "clientToken":{ "shape":"ClientToken", - "documentation":"

    The idempotency token for deployment parameters. A unique identifier for the new version.

    ", + "documentation":"

    The idempotency token for deployment parameters. A unique identifier for the new version.

    This field is not required if you're calling using an AWS SDK. Otherwise, a clientToken must be provided with the request.

    ", "idempotencyToken":true }, "deploymentParameter":{ @@ -429,5 +431,5 @@ "exception":true } }, - "documentation":"

    The AWS Marketplace Deployment Service supports the Quick Launch experience, which is a deployment option for software as a service (SaaS) products. Quick Launch simplifies and reduces the time, resources, and steps required to configure, deploy, and launch a products. The AWS Marketplace Deployment Service provides sellers with a secure method for passing deployment parameters (for example, API keys and external IDs) to buyers during the Quick Launch experience.

    " + "documentation":"

    The AWS Marketplace Deployment Service supports the Quick Launch experience, which is a deployment option for software as a service (SaaS) products. Quick Launch simplifies and reduces the time, resources, and steps required to configure, deploy, and launch a products. The AWS Marketplace Deployment Service provides sellers with a secure method for passing deployment parameters, such as API keys and external IDs, to buyers during the Quick Launch experience.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,152 +57,158 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://entitlement-marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-cn" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://entitlement.marketplace-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://entitlement-marketplace.{Region}.amazonaws.com.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -210,149 +216,258 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://entitlement-marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://entitlement.marketplace-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://entitlement.marketplace-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } - ] - } - ], - "rules": [ + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://entitlement.marketplace-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], - "endpoint": { - "url": "https://entitlement.marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "ref": "Region" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - "cn-northwest-1" - ] - } - ], - "endpoint": { - "url": "https://entitlement-marketplace.cn-northwest-1.amazonaws.com.cn", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws", { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + true ] } - ] + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://entitlement.marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://entitlement.marketplace.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://entitlement.marketplace.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://entitlement.marketplace.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/service-2.json 2.31.35-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/service-2.json --- 2.23.6-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-entitlement/2017-01-11/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,7 +11,8 @@ "signatureVersion":"v4", "signingName":"aws-marketplace", "targetPrefix":"AWSMPEntitlementService", - "uid":"entitlement.marketplace-2017-01-11" + "uid":"entitlement.marketplace-2017-01-11", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetEntitlements":{ @@ -27,7 +28,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceErrorException"} ], - "documentation":"

    GetEntitlements retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions.

    " + "documentation":"

    GetEntitlements retrieves entitlement values for a given product. The results can be filtered based on customer identifier, AWS account ID, or product dimensions.

    The CustomerIdentifier parameter is on path for deprecation. Use CustomerAWSAccountID instead.

    These parameters are mutually exclusive. You can't specify both CustomerIdentifier and CustomerAWSAccountID in the same request.

    " } }, "shapes":{ @@ -48,6 +49,10 @@ "shape":"NonEmptyString", "documentation":"

    The customer identifier is a handle to each unique customer in an application. Customer identifiers are obtained through the ResolveCustomer operation in AWS Marketplace Metering Service.

    " }, + "CustomerAWSAccountId":{ + "shape":"NonEmptyString", + "documentation":"

    The CustomerAWSAccountID parameter specifies the AWS account ID of the buyer.

    " + }, "Value":{ "shape":"EntitlementValue", "documentation":"

    The EntitlementValue represents the amount of capacity that the customer is entitled to for the product.

    " @@ -97,7 +102,8 @@ "type":"string", "enum":[ "CUSTOMER_IDENTIFIER", - "DIMENSION" + "DIMENSION", + "CUSTOMER_AWS_ACCOUNT_ID" ] }, "GetEntitlementFilters":{ @@ -115,7 +121,7 @@ }, "Filter":{ "shape":"GetEntitlementFilters", - "documentation":"

    Filter is used to return entitlements for a specific customer or for a specific dimension. Filters are described as keys mapped to a lists of values. Filtered requests are unioned for each value in the value list, and then intersected for each filter key.

    " + "documentation":"

    Filter is used to return entitlements for a specific customer or for a specific dimension. Filters are described as keys mapped to a lists of values. Filtered requests are unioned for each value in the value list, and then intersected for each filter key.

    CustomerIdentifier and CustomerAWSAccountID are mutually exclusive. You can't specify both in the same request.

    " }, "NextToken":{ "shape":"NonEmptyString", diff -pruN 2.23.6-1/awscli/botocore/data/marketplace-reporting/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplace-reporting/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplace-reporting/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplace-reporting/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/service-2.json 2.31.35-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/service-2.json --- 2.23.6-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/marketplacecommerceanalytics/2015-07-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"marketplacecommerceanalytics", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Marketplace Commerce Analytics", "serviceId":"Marketplace Commerce Analytics", "signatureVersion":"v4", "signingName":"marketplacecommerceanalytics", "targetPrefix":"MarketplaceCommerceAnalytics20150701", - "uid":"marketplacecommerceanalytics-2015-07-01" + "uid":"marketplacecommerceanalytics-2015-07-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "GenerateDataSet":{ diff -pruN 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json --- 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3038 +1,1937 @@ { - "metadata": { - "apiVersion": "2018-11-14", - "endpointPrefix": "mediaconnect", - "signingName": "mediaconnect", - "serviceFullName": "AWS MediaConnect", - "serviceId": "MediaConnect", - "protocol": "rest-json", - "jsonVersion": "1.1", - "uid": "mediaconnect-2018-11-14", - "signatureVersion": "v4", - "auth": [ - "aws.auth#sigv4" - ] + "version":"2.0", + "metadata":{ + "apiVersion":"2018-11-14", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"mediaconnect", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS MediaConnect", + "serviceId":"MediaConnect", + "signatureVersion":"v4", + "signingName":"mediaconnect", + "uid":"mediaconnect-2018-11-14" }, - "operations": { - "AddBridgeOutputs": { - "name": "AddBridgeOutputs", - "http": { - "method": "POST", - "requestUri": "/v1/bridges/{bridgeArn}/outputs", - "responseCode": 202 - }, - "input": { - "shape": "AddBridgeOutputsRequest" - }, - "output": { - "shape": "AddBridgeOutputsResponse", - "documentation": "AWS Elemental MediaConnect added the bridge outputs successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Adds outputs to an existing bridge." - }, - "AddBridgeSources": { - "name": "AddBridgeSources", - "http": { - "method": "POST", - "requestUri": "/v1/bridges/{bridgeArn}/sources", - "responseCode": 202 - }, - "input": { - "shape": "AddBridgeSourcesRequest" - }, - "output": { - "shape": "AddBridgeSourcesResponse", - "documentation": "AWS Elemental MediaConnect added the bridge sources successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Adds sources to an existing bridge." - }, - "AddFlowMediaStreams": { - "name": "AddFlowMediaStreams", - "http": { - "method": "POST", - "requestUri": "/v1/flows/{flowArn}/mediaStreams", - "responseCode": 201 - }, - "input": { - "shape": "AddFlowMediaStreamsRequest" - }, - "output": { - "shape": "AddFlowMediaStreamsResponse", - "documentation": "MediaConnect created the new resource successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Adds media streams to an existing flow. After you add a media stream to a flow, you can associate it with a source and/or an output that uses the ST 2110 JPEG XS or CDI protocol." - }, - "AddFlowOutputs": { - "name": "AddFlowOutputs", - "http": { - "method": "POST", - "requestUri": "/v1/flows/{flowArn}/outputs", - "responseCode": 201 - }, - "input": { - "shape": "AddFlowOutputsRequest" - }, - "output": { - "shape": "AddFlowOutputsResponse", - "documentation": "AWS Elemental MediaConnect added the outputs successfully." - }, - "errors": [ - { - "shape": "AddFlowOutputs420Exception", - "documentation": "AWS Elemental MediaConnect can't complete this request because this flow already has the maximum number of allowed outputs (50). For more information, contact AWS Customer Support." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Adds outputs to an existing flow. You can create up to 50 outputs per flow." - }, - "AddFlowSources": { - "name": "AddFlowSources", - "http": { - "method": "POST", - "requestUri": "/v1/flows/{flowArn}/source", - "responseCode": 201 - }, - "input": { - "shape": "AddFlowSourcesRequest" - }, - "output": { - "shape": "AddFlowSourcesResponse", - "documentation": "AWS Elemental MediaConnect added sources to the flow successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Adds Sources to flow" - }, - "AddFlowVpcInterfaces": { - "name": "AddFlowVpcInterfaces", - "http": { - "method": "POST", - "requestUri": "/v1/flows/{flowArn}/vpcInterfaces", - "responseCode": 201 - }, - "input": { - "shape": "AddFlowVpcInterfacesRequest" - }, - "output": { - "shape": "AddFlowVpcInterfacesResponse", - "documentation": "The following VPC interface was added to the Flow configuration." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Adds VPC interfaces to flow" - }, - "CreateBridge": { - "name": "CreateBridge", - "http": { - "method": "POST", - "requestUri": "/v1/bridges", - "responseCode": 201 - }, - "input": { - "shape": "CreateBridgeRequest" - }, - "output": { - "shape": "CreateBridgeResponse", - "documentation": "AWS Elemental MediaConnect created the new bridge successfully." - }, - "errors": [ - { - "shape": "CreateBridge420Exception", - "documentation": "Your account already contains the maximum number of bridges per account, per Region. For more information, contact AWS Customer Support." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Creates a new bridge. The request must include one source." - }, - "CreateFlow": { - "name": "CreateFlow", - "http": { - "method": "POST", - "requestUri": "/v1/flows", - "responseCode": 201 - }, - "input": { - "shape": "CreateFlowRequest" - }, - "output": { - "shape": "CreateFlowResponse", - "documentation": "AWS Elemental MediaConnect created the new flow successfully." - }, - "errors": [ - { - "shape": "CreateFlow420Exception", - "documentation": "Your account already contains the maximum number of 20 flows per account, per Region. For more information, contact AWS Customer Support." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Creates a new flow. The request must include one source. The request optionally can include outputs (up to 50) and entitlements (up to 50)." - }, - "CreateGateway": { - "name": "CreateGateway", - "http": { - "method": "POST", - "requestUri": "/v1/gateways", - "responseCode": 201 - }, - "input": { - "shape": "CreateGatewayRequest" - }, - "output": { - "shape": "CreateGatewayResponse", - "documentation": "AWS Elemental MediaConnect created the new gateway successfully." - }, - "errors": [ - { - "shape": "CreateGateway420Exception", - "documentation": "Your account already contains the maximum number of gateways per account, per Region. For more information, contact AWS Customer Support." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Creates a new gateway. The request must include at least one network (up to 4)." - }, - "DeleteBridge": { - "name": "DeleteBridge", - "http": { - "method": "DELETE", - "requestUri": "/v1/bridges/{bridgeArn}", - "responseCode": 200 - }, - "input": { - "shape": "DeleteBridgeRequest" - }, - "output": { - "shape": "DeleteBridgeResponse", - "documentation": "AWS Elemental MediaConnect deleted the bridge." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Deletes a bridge. Before you can delete a bridge, you must stop the bridge." - }, - "DeleteFlow": { - "name": "DeleteFlow", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}", - "responseCode": 202 - }, - "input": { - "shape": "DeleteFlowRequest" - }, - "output": { - "shape": "DeleteFlowResponse", - "documentation": "AWS Elemental MediaConnect is deleting the flow." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Deletes a flow. Before you can delete a flow, you must stop the flow." - }, - "DeleteGateway": { - "name": "DeleteGateway", - "http": { - "method": "DELETE", - "requestUri": "/v1/gateways/{gatewayArn}", - "responseCode": 200 - }, - "input": { - "shape": "DeleteGatewayRequest" - }, - "output": { - "shape": "DeleteGatewayResponse", - "documentation": "AWS Elemental MediaConnect deleted the gateway." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Deletes a gateway. Before you can delete a gateway, you must deregister its instances and delete its bridges." - }, - "DeregisterGatewayInstance": { - "name": "DeregisterGatewayInstance", - "http": { - "method": "DELETE", - "requestUri": "/v1/gateway-instances/{gatewayInstanceArn}", - "responseCode": 202 - }, - "input": { - "shape": "DeregisterGatewayInstanceRequest" - }, - "output": { - "shape": "DeregisterGatewayInstanceResponse", - "documentation": "AWS Elemental MediaConnect is deleting the instance." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Deregisters an instance. Before you deregister an instance, all bridges running on the instance must be stopped. If you want to deregister an instance without stopping the bridges, you must use the --force option." - }, - "DescribeBridge": { - "name": "DescribeBridge", - "http": { - "method": "GET", - "requestUri": "/v1/bridges/{bridgeArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeBridgeRequest" - }, - "output": { - "shape": "DescribeBridgeResponse", - "documentation": "AWS Elemental MediaConnect returned the bridge details successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays the details of a bridge." - }, - "DescribeFlow": { - "name": "DescribeFlow", - "http": { - "method": "GET", - "requestUri": "/v1/flows/{flowArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeFlowRequest" - }, - "output": { - "shape": "DescribeFlowResponse", - "documentation": "AWS Elemental MediaConnect returned the flow details successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Displays the details of a flow. The response includes the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements." - }, - "DescribeFlowSourceMetadata": { - "name": "DescribeFlowSourceMetadata", - "http": { - "method": "GET", - "requestUri": "/v1/flows/{flowArn}/source-metadata", - "responseCode": 200 - }, - "input": { - "shape": "DescribeFlowSourceMetadataRequest" - }, - "output": { - "shape": "DescribeFlowSourceMetadataResponse", - "documentation": "Flow source metadata successfully described." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Displays details of the flow's source stream. The response contains information about the contents of the stream and its programs." - }, - "DescribeFlowSourceThumbnail": { - "name": "DescribeFlowSourceThumbnail", - "http": { - "method": "GET", - "requestUri": "/v1/flows/{flowArn}/source-thumbnail", - "responseCode": 200 - }, - "input": { - "shape": "DescribeFlowSourceThumbnailRequest" - }, - "output": { - "shape": "DescribeFlowSourceThumbnailResponse", - "documentation": "Flow source thumbnail successfully described." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Displays the thumbnail details of a flow's source stream." - }, - "DescribeGateway": { - "name": "DescribeGateway", - "http": { - "method": "GET", - "requestUri": "/v1/gateways/{gatewayArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeGatewayRequest" - }, - "output": { - "shape": "DescribeGatewayResponse", - "documentation": "AWS Elemental MediaConnect returned the gateway details successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays the details of a gateway. The response includes the gateway ARN, name, and CIDR blocks, as well as details about the networks." - }, - "DescribeGatewayInstance": { - "name": "DescribeGatewayInstance", - "http": { - "method": "GET", - "requestUri": "/v1/gateway-instances/{gatewayInstanceArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeGatewayInstanceRequest" - }, - "output": { - "shape": "DescribeGatewayInstanceResponse", - "documentation": "AWS Elemental MediaConnect returned the instance details successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays the details of an instance." - }, - "DescribeOffering": { - "name": "DescribeOffering", - "http": { - "method": "GET", - "requestUri": "/v1/offerings/{offeringArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeOfferingRequest" - }, - "output": { - "shape": "DescribeOfferingResponse", - "documentation": "MediaConnect returned the offering details successfully." - }, - "errors": [ - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays the details of an offering. The response includes the offering description, duration, outbound bandwidth, price, and Amazon Resource Name (ARN)." - }, - "DescribeReservation": { - "name": "DescribeReservation", - "http": { - "method": "GET", - "requestUri": "/v1/reservations/{reservationArn}", - "responseCode": 200 - }, - "input": { - "shape": "DescribeReservationRequest" - }, - "output": { - "shape": "DescribeReservationResponse", - "documentation": "MediaConnect returned the reservation details successfully." - }, - "errors": [ - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays the details of a reservation. The response includes the reservation name, state, start date and time, and the details of the offering that make up the rest of the reservation (such as price, duration, and outbound bandwidth)." - }, - "GrantFlowEntitlements": { - "name": "GrantFlowEntitlements", - "http": { - "method": "POST", - "requestUri": "/v1/flows/{flowArn}/entitlements", - "responseCode": 200 - }, - "input": { - "shape": "GrantFlowEntitlementsRequest" - }, - "output": { - "shape": "GrantFlowEntitlementsResponse", - "documentation": "AWS Elemental MediaConnect granted the entitlements successfully." - }, - "errors": [ - { - "shape": "GrantFlowEntitlements420Exception", - "documentation": "AWS Elemental MediaConnect can't complete this request because this flow already has the maximum number of allowed entitlements (50). For more information, contact AWS Customer Support." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Grants entitlements to an existing flow." - }, - "ListBridges": { - "name": "ListBridges", - "http": { - "method": "GET", - "requestUri": "/v1/bridges", - "responseCode": 200 - }, - "input": { - "shape": "ListBridgesRequest" - }, - "output": { - "shape": "ListBridgesResponse", - "documentation": "AWS Elemental MediaConnect returned the list of bridges successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays a list of bridges that are associated with this account and an optionally specified Arn. This request returns a paginated result." - }, - "ListEntitlements": { - "name": "ListEntitlements", - "http": { - "method": "GET", - "requestUri": "/v1/entitlements", - "responseCode": 200 - }, - "input": { - "shape": "ListEntitlementsRequest" - }, - "output": { - "shape": "ListEntitlementsResponse", - "documentation": "AWS Elemental MediaConnect returned the list of entitlements successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays a list of all entitlements that have been granted to this account. This request returns 20 results per page." - }, - "ListFlows": { - "name": "ListFlows", - "http": { - "method": "GET", - "requestUri": "/v1/flows", - "responseCode": 200 - }, - "input": { - "shape": "ListFlowsRequest" - }, - "output": { - "shape": "ListFlowsResponse", - "documentation": "AWS Elemental MediaConnect returned the list of flows successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays a list of flows that are associated with this account. This request returns a paginated result." - }, - "ListGatewayInstances": { - "name": "ListGatewayInstances", - "http": { - "method": "GET", - "requestUri": "/v1/gateway-instances", - "responseCode": 200 - }, - "input": { - "shape": "ListGatewayInstancesRequest" - }, - "output": { - "shape": "ListGatewayInstancesResponse", - "documentation": "AWS Elemental MediaConnect returned the list of instances in the gateway successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays a list of instances associated with the AWS account. This request returns a paginated result. You can use the filterArn property to display only the instances associated with the selected Gateway Amazon Resource Name (ARN)." - }, - "ListGateways": { - "name": "ListGateways", - "http": { - "method": "GET", - "requestUri": "/v1/gateways", - "responseCode": 200 - }, - "input": { - "shape": "ListGatewaysRequest" - }, - "output": { - "shape": "ListGatewaysResponse", - "documentation": "AWS Elemental MediaConnect returned the list of gateways successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Displays a list of gateways that are associated with this account. This request returns a paginated result." - }, - "ListOfferings": { - "name": "ListOfferings", - "http": { - "method": "GET", - "requestUri": "/v1/offerings", - "responseCode": 200 - }, - "input": { - "shape": "ListOfferingsRequest" - }, - "output": { - "shape": "ListOfferingsResponse", - "documentation": "MediaConnect returned the list of offerings successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays a list of all offerings that are available to this account in the current AWS Region. If you have an active reservation (which means you've purchased an offering that has already started and hasn't expired yet), your account isn't eligible for other offerings." - }, - "ListReservations": { - "name": "ListReservations", - "http": { - "method": "GET", - "requestUri": "/v1/reservations", - "responseCode": 200 - }, - "input": { - "shape": "ListReservationsRequest" - }, - "output": { - "shape": "ListReservationsResponse", - "documentation": "MediaConnect returned the list of reservations successfully." - }, - "errors": [ - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - } - ], - "documentation": "Displays a list of all reservations that have been purchased by this account in the current AWS Region. This list includes all reservations in all states (such as active and expired)." - }, - "ListTagsForResource": { - "name": "ListTagsForResource", - "http": { - "method": "GET", - "requestUri": "/tags/{resourceArn}", - "responseCode": 200 - }, - "input": { - "shape": "ListTagsForResourceRequest" - }, - "output": { - "shape": "ListTagsForResourceResponse", - "documentation": "The tags for the resource" - }, - "errors": [ - { - "shape": "NotFoundException", - "documentation": "The requested resource was not found" - }, - { - "shape": "BadRequestException", - "documentation": "The client performed an invalid request" - }, - { - "shape": "InternalServerErrorException", - "documentation": "Internal service error" - } + "operations":{ + "AddBridgeOutputs":{ + "name":"AddBridgeOutputs", + "http":{ + "method":"POST", + "requestUri":"/v1/bridges/{BridgeArn}/outputs", + "responseCode":202 + }, + "input":{"shape":"AddBridgeOutputsRequest"}, + "output":{"shape":"AddBridgeOutputsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds outputs to an existing bridge.

    " + }, + "AddBridgeSources":{ + "name":"AddBridgeSources", + "http":{ + "method":"POST", + "requestUri":"/v1/bridges/{BridgeArn}/sources", + "responseCode":202 + }, + "input":{"shape":"AddBridgeSourcesRequest"}, + "output":{"shape":"AddBridgeSourcesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds sources to an existing bridge.

    " + }, + "AddFlowMediaStreams":{ + "name":"AddFlowMediaStreams", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/{FlowArn}/mediaStreams", + "responseCode":201 + }, + "input":{"shape":"AddFlowMediaStreamsRequest"}, + "output":{"shape":"AddFlowMediaStreamsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds media streams to an existing flow. After you add a media stream to a flow, you can associate it with a source and/or an output that uses the ST 2110 JPEG XS or CDI protocol.

    " + }, + "AddFlowOutputs":{ + "name":"AddFlowOutputs", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/{FlowArn}/outputs", + "responseCode":201 + }, + "input":{"shape":"AddFlowOutputsRequest"}, + "output":{"shape":"AddFlowOutputsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"AddFlowOutputs420Exception"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds outputs to an existing flow. You can create up to 50 outputs per flow.

    " + }, + "AddFlowSources":{ + "name":"AddFlowSources", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/{FlowArn}/source", + "responseCode":201 + }, + "input":{"shape":"AddFlowSourcesRequest"}, + "output":{"shape":"AddFlowSourcesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds sources to a flow.

    " + }, + "AddFlowVpcInterfaces":{ + "name":"AddFlowVpcInterfaces", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/{FlowArn}/vpcInterfaces", + "responseCode":201 + }, + "input":{"shape":"AddFlowVpcInterfacesRequest"}, + "output":{"shape":"AddFlowVpcInterfacesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Adds VPC interfaces to a flow.

    " + }, + "CreateBridge":{ + "name":"CreateBridge", + "http":{ + "method":"POST", + "requestUri":"/v1/bridges", + "responseCode":201 + }, + "input":{"shape":"CreateBridgeRequest"}, + "output":{"shape":"CreateBridgeResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"CreateBridge420Exception"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Creates a new bridge. The request must include one source.

    " + }, + "CreateFlow":{ + "name":"CreateFlow", + "http":{ + "method":"POST", + "requestUri":"/v1/flows", + "responseCode":201 + }, + "input":{"shape":"CreateFlowRequest"}, + "output":{"shape":"CreateFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"CreateFlow420Exception"} + ], + "documentation":"

    Creates a new flow. The request must include one source. The request optionally can include outputs (up to 50) and entitlements (up to 50).

    " + }, + "CreateGateway":{ + "name":"CreateGateway", + "http":{ + "method":"POST", + "requestUri":"/v1/gateways", + "responseCode":201 + }, + "input":{"shape":"CreateGatewayRequest"}, + "output":{"shape":"CreateGatewayResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"CreateGateway420Exception"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Creates a new gateway. The request must include at least one network (up to four).

    " + }, + "DeleteBridge":{ + "name":"DeleteBridge", + "http":{ + "method":"DELETE", + "requestUri":"/v1/bridges/{BridgeArn}", + "responseCode":200 + }, + "input":{"shape":"DeleteBridgeRequest"}, + "output":{"shape":"DeleteBridgeResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Deletes a bridge. Before you can delete a bridge, you must stop the bridge.

    ", + "idempotent":true + }, + "DeleteFlow":{ + "name":"DeleteFlow", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}", + "responseCode":202 + }, + "input":{"shape":"DeleteFlowRequest"}, + "output":{"shape":"DeleteFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Deletes a flow. Before you can delete a flow, you must stop the flow.

    ", + "idempotent":true + }, + "DeleteGateway":{ + "name":"DeleteGateway", + "http":{ + "method":"DELETE", + "requestUri":"/v1/gateways/{GatewayArn}", + "responseCode":200 + }, + "input":{"shape":"DeleteGatewayRequest"}, + "output":{"shape":"DeleteGatewayResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Deletes a gateway. Before you can delete a gateway, you must deregister its instances and delete its bridges.

    ", + "idempotent":true + }, + "DeregisterGatewayInstance":{ + "name":"DeregisterGatewayInstance", + "http":{ + "method":"DELETE", + "requestUri":"/v1/gateway-instances/{GatewayInstanceArn}", + "responseCode":202 + }, + "input":{"shape":"DeregisterGatewayInstanceRequest"}, + "output":{"shape":"DeregisterGatewayInstanceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Deregisters an instance. Before you deregister an instance, all bridges running on the instance must be stopped. If you want to deregister an instance without stopping the bridges, you must use the --force option.

    ", + "idempotent":true + }, + "DescribeBridge":{ + "name":"DescribeBridge", + "http":{ + "method":"GET", + "requestUri":"/v1/bridges/{BridgeArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeBridgeRequest"}, + "output":{"shape":"DescribeBridgeResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of a bridge.

    ", + "readonly":true + }, + "DescribeFlow":{ + "name":"DescribeFlow", + "http":{ + "method":"GET", + "requestUri":"/v1/flows/{FlowArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeFlowRequest"}, + "output":{"shape":"DescribeFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of a flow. The response includes the flow Amazon Resource Name (ARN), name, and Availability Zone, as well as details about the source, outputs, and entitlements.

    ", + "readonly":true + }, + "DescribeFlowSourceMetadata":{ + "name":"DescribeFlowSourceMetadata", + "http":{ + "method":"GET", + "requestUri":"/v1/flows/{FlowArn}/source-metadata", + "responseCode":200 + }, + "input":{"shape":"DescribeFlowSourceMetadataRequest"}, + "output":{"shape":"DescribeFlowSourceMetadataResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    The DescribeFlowSourceMetadata API is used to view information about the flow's source transport stream and programs. This API displays status messages about the flow's source as well as details about the program's video, audio, and other data.

    ", + "readonly":true + }, + "DescribeFlowSourceThumbnail":{ + "name":"DescribeFlowSourceThumbnail", + "http":{ + "method":"GET", + "requestUri":"/v1/flows/{FlowArn}/source-thumbnail", + "responseCode":200 + }, + "input":{"shape":"DescribeFlowSourceThumbnailRequest"}, + "output":{"shape":"DescribeFlowSourceThumbnailResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Describes the thumbnail for the flow source.

    ", + "readonly":true + }, + "DescribeGateway":{ + "name":"DescribeGateway", + "http":{ + "method":"GET", + "requestUri":"/v1/gateways/{GatewayArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeGatewayRequest"}, + "output":{"shape":"DescribeGatewayResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of a gateway. The response includes the gateway Amazon Resource Name (ARN), name, and CIDR blocks, as well as details about the networks.

    ", + "readonly":true + }, + "DescribeGatewayInstance":{ + "name":"DescribeGatewayInstance", + "http":{ + "method":"GET", + "requestUri":"/v1/gateway-instances/{GatewayInstanceArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeGatewayInstanceRequest"}, + "output":{"shape":"DescribeGatewayInstanceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of an instance.

    ", + "readonly":true + }, + "DescribeOffering":{ + "name":"DescribeOffering", + "http":{ + "method":"GET", + "requestUri":"/v1/offerings/{OfferingArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeOfferingRequest"}, + "output":{"shape":"DescribeOfferingResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of an offering. The response includes the offering description, duration, outbound bandwidth, price, and Amazon Resource Name (ARN).

    ", + "readonly":true + }, + "DescribeReservation":{ + "name":"DescribeReservation", + "http":{ + "method":"GET", + "requestUri":"/v1/reservations/{ReservationArn}", + "responseCode":200 + }, + "input":{"shape":"DescribeReservationRequest"}, + "output":{"shape":"DescribeReservationResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays the details of a reservation. The response includes the reservation name, state, start date and time, and the details of the offering that make up the rest of the reservation (such as price, duration, and outbound bandwidth).

    ", + "readonly":true + }, + "GrantFlowEntitlements":{ + "name":"GrantFlowEntitlements", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/{FlowArn}/entitlements", + "responseCode":200 + }, + "input":{"shape":"GrantFlowEntitlementsRequest"}, + "output":{"shape":"GrantFlowEntitlementsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"GrantFlowEntitlements420Exception"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Grants entitlements to an existing flow.

    " + }, + "ListBridges":{ + "name":"ListBridges", + "http":{ + "method":"GET", + "requestUri":"/v1/bridges", + "responseCode":200 + }, + "input":{"shape":"ListBridgesRequest"}, + "output":{"shape":"ListBridgesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of bridges that are associated with this account and an optionally specified Amazon Resource Name (ARN). This request returns a paginated result.

    ", + "readonly":true + }, + "ListEntitlements":{ + "name":"ListEntitlements", + "http":{ + "method":"GET", + "requestUri":"/v1/entitlements", + "responseCode":200 + }, + "input":{"shape":"ListEntitlementsRequest"}, + "output":{"shape":"ListEntitlementsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of all entitlements that have been granted to this account. This request returns 20 results per page.

    ", + "readonly":true + }, + "ListFlows":{ + "name":"ListFlows", + "http":{ + "method":"GET", + "requestUri":"/v1/flows", + "responseCode":200 + }, + "input":{"shape":"ListFlowsRequest"}, + "output":{"shape":"ListFlowsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of flows that are associated with this account. This request returns a paginated result.

    ", + "readonly":true + }, + "ListGatewayInstances":{ + "name":"ListGatewayInstances", + "http":{ + "method":"GET", + "requestUri":"/v1/gateway-instances", + "responseCode":200 + }, + "input":{"shape":"ListGatewayInstancesRequest"}, + "output":{"shape":"ListGatewayInstancesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of instances associated with the Amazon Web Services account. This request returns a paginated result. You can use the filterArn property to display only the instances associated with the selected Gateway Amazon Resource Name (ARN).

    ", + "readonly":true + }, + "ListGateways":{ + "name":"ListGateways", + "http":{ + "method":"GET", + "requestUri":"/v1/gateways", + "responseCode":200 + }, + "input":{"shape":"ListGatewaysRequest"}, + "output":{"shape":"ListGatewaysResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of gateways that are associated with this account. This request returns a paginated result.

    ", + "readonly":true + }, + "ListOfferings":{ + "name":"ListOfferings", + "http":{ + "method":"GET", + "requestUri":"/v1/offerings", + "responseCode":200 + }, + "input":{"shape":"ListOfferingsRequest"}, + "output":{"shape":"ListOfferingsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of all offerings that are available to this account in the current Amazon Web Services Region. If you have an active reservation (which means you've purchased an offering that has already started and hasn't expired yet), your account isn't eligible for other offerings.

    ", + "readonly":true + }, + "ListReservations":{ + "name":"ListReservations", + "http":{ + "method":"GET", + "requestUri":"/v1/reservations", + "responseCode":200 + }, + "input":{"shape":"ListReservationsRequest"}, + "output":{"shape":"ListReservationsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Displays a list of all reservations that have been purchased by this account in the current Amazon Web Services Region. This list includes all reservations in all states (such as active and expired).

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    List all tags on a MediaConnect resource.

    ", + "readonly":true + }, + "PurchaseOffering":{ + "name":"PurchaseOffering", + "http":{ + "method":"POST", + "requestUri":"/v1/offerings/{OfferingArn}", + "responseCode":201 + }, + "input":{"shape":"PurchaseOfferingRequest"}, + "output":{"shape":"PurchaseOfferingResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Submits a request to purchase an offering. If you already have an active reservation, you can't purchase another offering.

    " + }, + "RemoveBridgeOutput":{ + "name":"RemoveBridgeOutput", + "http":{ + "method":"DELETE", + "requestUri":"/v1/bridges/{BridgeArn}/outputs/{OutputName}", + "responseCode":202 + }, + "input":{"shape":"RemoveBridgeOutputRequest"}, + "output":{"shape":"RemoveBridgeOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes an output from a bridge.

    ", + "idempotent":true + }, + "RemoveBridgeSource":{ + "name":"RemoveBridgeSource", + "http":{ + "method":"DELETE", + "requestUri":"/v1/bridges/{BridgeArn}/sources/{SourceName}", + "responseCode":202 + }, + "input":{"shape":"RemoveBridgeSourceRequest"}, + "output":{"shape":"RemoveBridgeSourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes a source from a bridge.

    ", + "idempotent":true + }, + "RemoveFlowMediaStream":{ + "name":"RemoveFlowMediaStream", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/mediaStreams/{MediaStreamName}", + "responseCode":200 + }, + "input":{"shape":"RemoveFlowMediaStreamRequest"}, + "output":{"shape":"RemoveFlowMediaStreamResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes a media stream from a flow. This action is only available if the media stream is not associated with a source or output.

    ", + "idempotent":true + }, + "RemoveFlowOutput":{ + "name":"RemoveFlowOutput", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/outputs/{OutputArn}", + "responseCode":202 + }, + "input":{"shape":"RemoveFlowOutputRequest"}, + "output":{"shape":"RemoveFlowOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes an output from an existing flow. This request can be made only on an output that does not have an entitlement associated with it. If the output has an entitlement, you must revoke the entitlement instead. When an entitlement is revoked from a flow, the service automatically removes the associated output.

    ", + "idempotent":true + }, + "RemoveFlowSource":{ + "name":"RemoveFlowSource", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/source/{SourceArn}", + "responseCode":202 + }, + "input":{"shape":"RemoveFlowSourceRequest"}, + "output":{"shape":"RemoveFlowSourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes a source from an existing flow. This request can be made only if there is more than one source on the flow.

    ", + "idempotent":true + }, + "RemoveFlowVpcInterface":{ + "name":"RemoveFlowVpcInterface", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/vpcInterfaces/{VpcInterfaceName}", + "responseCode":200 + }, + "input":{"shape":"RemoveFlowVpcInterfaceRequest"}, + "output":{"shape":"RemoveFlowVpcInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Removes a VPC Interface from an existing flow. This request can be made only on a VPC interface that does not have a Source or Output associated with it. If the VPC interface is referenced by a Source or Output, you must first delete or update the Source or Output to no longer reference the VPC interface.

    ", + "idempotent":true + }, + "RevokeFlowEntitlement":{ + "name":"RevokeFlowEntitlement", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/entitlements/{EntitlementArn}", + "responseCode":202 + }, + "input":{"shape":"RevokeFlowEntitlementRequest"}, + "output":{"shape":"RevokeFlowEntitlementResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Revokes an entitlement from a flow. Once an entitlement is revoked, the content becomes unavailable to the subscriber and the associated output is removed.

    ", + "idempotent":true + }, + "StartFlow":{ + "name":"StartFlow", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/start/{FlowArn}", + "responseCode":202 + }, + "input":{"shape":"StartFlowRequest"}, + "output":{"shape":"StartFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Starts a flow.

    " + }, + "StopFlow":{ + "name":"StopFlow", + "http":{ + "method":"POST", + "requestUri":"/v1/flows/stop/{FlowArn}", + "responseCode":202 + }, + "input":{"shape":"StopFlowRequest"}, + "output":{"shape":"StopFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Stops a flow.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"TagResourceRequest"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well.

    " + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"UntagResourceRequest"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Deletes specified tags from a resource.

    ", + "idempotent":true + }, + "UpdateBridge":{ + "name":"UpdateBridge", + "http":{ + "method":"PUT", + "requestUri":"/v1/bridges/{BridgeArn}", + "responseCode":202 + }, + "input":{"shape":"UpdateBridgeRequest"}, + "output":{"shape":"UpdateBridgeResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates the bridge.

    ", + "idempotent":true + }, + "UpdateBridgeOutput":{ + "name":"UpdateBridgeOutput", + "http":{ + "method":"PUT", + "requestUri":"/v1/bridges/{BridgeArn}/outputs/{OutputName}", + "responseCode":202 + }, + "input":{"shape":"UpdateBridgeOutputRequest"}, + "output":{"shape":"UpdateBridgeOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an existing bridge output.

    ", + "idempotent":true + }, + "UpdateBridgeSource":{ + "name":"UpdateBridgeSource", + "http":{ + "method":"PUT", + "requestUri":"/v1/bridges/{BridgeArn}/sources/{SourceName}", + "responseCode":202 + }, + "input":{"shape":"UpdateBridgeSourceRequest"}, + "output":{"shape":"UpdateBridgeSourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an existing bridge source.

    ", + "idempotent":true + }, + "UpdateBridgeState":{ + "name":"UpdateBridgeState", + "http":{ + "method":"PUT", + "requestUri":"/v1/bridges/{BridgeArn}/state", + "responseCode":202 + }, + "input":{"shape":"UpdateBridgeStateRequest"}, + "output":{"shape":"UpdateBridgeStateResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates the bridge state.

    ", + "idempotent":true + }, + "UpdateFlow":{ + "name":"UpdateFlow", + "http":{ + "method":"PUT", + "requestUri":"/v1/flows/{FlowArn}", + "responseCode":202 + }, + "input":{"shape":"UpdateFlowRequest"}, + "output":{"shape":"UpdateFlowResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an existing flow.

    ", + "idempotent":true + }, + "UpdateFlowEntitlement":{ + "name":"UpdateFlowEntitlement", + "http":{ + "method":"PUT", + "requestUri":"/v1/flows/{FlowArn}/entitlements/{EntitlementArn}", + "responseCode":202 + }, + "input":{"shape":"UpdateFlowEntitlementRequest"}, + "output":{"shape":"UpdateFlowEntitlementResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an entitlement. You can change an entitlement's description, subscribers, and encryption. If you change the subscribers, the service will remove the outputs that are are used by the subscribers that are removed.

    ", + "idempotent":true + }, + "UpdateFlowMediaStream":{ + "name":"UpdateFlowMediaStream", + "http":{ + "method":"PUT", + "requestUri":"/v1/flows/{FlowArn}/mediaStreams/{MediaStreamName}", + "responseCode":202 + }, + "input":{"shape":"UpdateFlowMediaStreamRequest"}, + "output":{"shape":"UpdateFlowMediaStreamResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an existing media stream.

    ", + "idempotent":true + }, + "UpdateFlowOutput":{ + "name":"UpdateFlowOutput", + "http":{ + "method":"PUT", + "requestUri":"/v1/flows/{FlowArn}/outputs/{OutputArn}", + "responseCode":202 + }, + "input":{"shape":"UpdateFlowOutputRequest"}, + "output":{"shape":"UpdateFlowOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates an existing flow output.

    ", + "idempotent":true + }, + "UpdateFlowSource":{ + "name":"UpdateFlowSource", + "http":{ + "method":"PUT", + "requestUri":"/v1/flows/{FlowArn}/source/{SourceArn}", + "responseCode":202 + }, + "input":{"shape":"UpdateFlowSourceRequest"}, + "output":{"shape":"UpdateFlowSourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Updates the source of a flow.

    ", + "idempotent":true + }, + "UpdateGatewayInstance":{ + "name":"UpdateGatewayInstance", + "http":{ + "method":"PUT", + "requestUri":"/v1/gateway-instances/{GatewayInstanceArn}", + "responseCode":200 + }, + "input":{"shape":"UpdateGatewayInstanceRequest"}, + "output":{"shape":"UpdateGatewayInstanceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} ], - "documentation": "List all tags on an AWS Elemental MediaConnect resource" - }, - "PurchaseOffering": { - "name": "PurchaseOffering", - "http": { - "method": "POST", - "requestUri": "/v1/offerings/{offeringArn}", - "responseCode": 201 - }, - "input": { - "shape": "PurchaseOfferingRequest" - }, - "output": { - "shape": "PurchaseOfferingResponse", - "documentation": "AWS Elemental MediaConnect purchased offering successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Submits a request to purchase an offering. If you already have an active reservation, you can't purchase another offering." - }, - "RemoveBridgeOutput": { - "name": "RemoveBridgeOutput", - "http": { - "method": "DELETE", - "requestUri": "/v1/bridges/{bridgeArn}/outputs/{outputName}", - "responseCode": 202 - }, - "input": { - "shape": "RemoveBridgeOutputRequest" - }, - "output": { - "shape": "RemoveBridgeOutputResponse", - "documentation": "The output was successfully removed from the bridge." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Removes an output from a bridge." - }, - "RemoveBridgeSource": { - "name": "RemoveBridgeSource", - "http": { - "method": "DELETE", - "requestUri": "/v1/bridges/{bridgeArn}/sources/{sourceName}", - "responseCode": 202 - }, - "input": { - "shape": "RemoveBridgeSourceRequest" - }, - "output": { - "shape": "RemoveBridgeSourceResponse", - "documentation": "The bridge source was successfully removed from the flow." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Removes a source from a bridge." - }, - "RemoveFlowMediaStream": { - "name": "RemoveFlowMediaStream", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}/mediaStreams/{mediaStreamName}", - "responseCode": 200 - }, - "input": { - "shape": "RemoveFlowMediaStreamRequest" - }, - "output": { - "shape": "RemoveFlowMediaStreamResponse", - "documentation": "The media stream was successfully removed from the flow." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Removes a media stream from a flow. This action is only available if the media stream is not associated with a source or output." - }, - "RemoveFlowOutput": { - "name": "RemoveFlowOutput", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}/outputs/{outputArn}", - "responseCode": 202 - }, - "input": { - "shape": "RemoveFlowOutputRequest" - }, - "output": { - "shape": "RemoveFlowOutputResponse", - "documentation": "output successfully removed from flow configuration." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Removes an output from an existing flow. This request can be made only on an output that does not have an entitlement associated with it. If the output has an entitlement, you must revoke the entitlement instead. When an entitlement is revoked from a flow, the service automatically removes the associated output." - }, - "RemoveFlowSource": { - "name": "RemoveFlowSource", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}/source/{sourceArn}", - "responseCode": 202 - }, - "input": { - "shape": "RemoveFlowSourceRequest" - }, - "output": { - "shape": "RemoveFlowSourceResponse", - "documentation": "source successfully removed from flow configuration." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Removes a source from an existing flow. This request can be made only if there is more than one source on the flow." - }, - "RemoveFlowVpcInterface": { - "name": "RemoveFlowVpcInterface", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}/vpcInterfaces/{vpcInterfaceName}", - "responseCode": 200 - }, - "input": { - "shape": "RemoveFlowVpcInterfaceRequest" - }, - "output": { - "shape": "RemoveFlowVpcInterfaceResponse", - "documentation": "VPC interface successfully removed from flow configuration." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Removes a VPC Interface from an existing flow. This request can be made only on a VPC interface that does not have a Source or Output associated with it. If the VPC interface is referenced by a Source or Output, you must first delete or update the Source or Output to no longer reference the VPC interface." - }, - "RevokeFlowEntitlement": { - "name": "RevokeFlowEntitlement", - "http": { - "method": "DELETE", - "requestUri": "/v1/flows/{flowArn}/entitlements/{entitlementArn}", - "responseCode": 202 - }, - "input": { - "shape": "RevokeFlowEntitlementRequest" - }, - "output": { - "shape": "RevokeFlowEntitlementResponse", - "documentation": "AWS Elemental MediaConnect revoked the entitlement successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Revokes an entitlement from a flow. Once an entitlement is revoked, the content becomes unavailable to the subscriber and the associated output is removed." - }, - "StartFlow": { - "name": "StartFlow", - "http": { - "method": "POST", - "requestUri": "/v1/flows/start/{flowArn}", - "responseCode": 202 - }, - "input": { - "shape": "StartFlowRequest" - }, - "output": { - "shape": "StartFlowResponse", - "documentation": "AWS Elemental MediaConnect is starting the flow." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Starts a flow." - }, - "StopFlow": { - "name": "StopFlow", - "http": { - "method": "POST", - "requestUri": "/v1/flows/stop/{flowArn}", - "responseCode": 202 - }, - "input": { - "shape": "StopFlowRequest" - }, - "output": { - "shape": "StopFlowResponse", - "documentation": "AWS Elemental MediaConnect is stopping the flow." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Stops a flow." - }, - "TagResource": { - "name": "TagResource", - "http": { - "method": "POST", - "requestUri": "/tags/{resourceArn}", - "responseCode": 204 - }, - "input": { - "shape": "TagResourceRequest" - }, - "errors": [ - { - "shape": "NotFoundException", - "documentation": "The requested resource was not found" - }, - { - "shape": "BadRequestException", - "documentation": "The client performed an invalid request" - }, - { - "shape": "InternalServerErrorException", - "documentation": "Internal service error" - } - ], - "documentation": "Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well." - }, - "UntagResource": { - "name": "UntagResource", - "http": { - "method": "DELETE", - "requestUri": "/tags/{resourceArn}", - "responseCode": 204 - }, - "input": { - "shape": "UntagResourceRequest" - }, - "errors": [ - { - "shape": "NotFoundException", - "documentation": "The requested resource was not found" - }, - { - "shape": "BadRequestException", - "documentation": "The client performed an invalid request" - }, - { - "shape": "InternalServerErrorException", - "documentation": "Internal service error" - } - ], - "documentation": "Deletes specified tags from a resource." - }, - "UpdateBridge": { - "name": "UpdateBridge", - "http": { - "method": "PUT", - "requestUri": "/v1/bridges/{bridgeArn}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateBridgeRequest" - }, - "output": { - "shape": "UpdateBridgeResponse", - "documentation": "AWS Elemental MediaConnect updated the bridge successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Updates the bridge" - }, - "UpdateBridgeOutput": { - "name": "UpdateBridgeOutput", - "http": { - "method": "PUT", - "requestUri": "/v1/bridges/{bridgeArn}/outputs/{outputName}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateBridgeOutputRequest" - }, - "output": { - "shape": "UpdateBridgeOutputResponse", - "documentation": "MediaConnect is updating the bridge output." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Updates an existing bridge output." - }, - "UpdateBridgeSource": { - "name": "UpdateBridgeSource", - "http": { - "method": "PUT", - "requestUri": "/v1/bridges/{bridgeArn}/sources/{sourceName}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateBridgeSourceRequest" - }, - "output": { - "shape": "UpdateBridgeSourceResponse", - "documentation": "MediaConnect is updating the bridge source." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Updates an existing bridge source." - }, - "UpdateBridgeState": { - "name": "UpdateBridgeState", - "http": { - "method": "PUT", - "requestUri": "/v1/bridges/{bridgeArn}/state", - "responseCode": 202 - }, - "input": { - "shape": "UpdateBridgeStateRequest" - }, - "output": { - "shape": "UpdateBridgeStateResponse", - "documentation": "AWS Elemental MediaConnect updated the bridge successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Updates the bridge state" - }, - "UpdateFlow": { - "name": "UpdateFlow", - "http": { - "method": "PUT", - "requestUri": "/v1/flows/{flowArn}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateFlowRequest" - }, - "output": { - "shape": "UpdateFlowResponse", - "documentation": "AWS Elemental MediaConnect updated the flow successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Updates flow" - }, - "UpdateFlowEntitlement": { - "name": "UpdateFlowEntitlement", - "http": { - "method": "PUT", - "requestUri": "/v1/flows/{flowArn}/entitlements/{entitlementArn}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateFlowEntitlementRequest" - }, - "output": { - "shape": "UpdateFlowEntitlementResponse", - "documentation": "AWS Elemental MediaConnect updated the entitlement successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "You can change an entitlement's description, subscribers, and encryption. If you change the subscribers, the service will remove the outputs that are are used by the subscribers that are removed." - }, - "UpdateFlowMediaStream": { - "name": "UpdateFlowMediaStream", - "http": { - "method": "PUT", - "requestUri": "/v1/flows/{flowArn}/mediaStreams/{mediaStreamName}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateFlowMediaStreamRequest" - }, - "output": { - "shape": "UpdateFlowMediaStreamResponse", - "documentation": "MediaConnect is updating the media stream." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Updates an existing media stream." - }, - "UpdateFlowOutput": { - "name": "UpdateFlowOutput", - "http": { - "method": "PUT", - "requestUri": "/v1/flows/{flowArn}/outputs/{outputArn}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateFlowOutputRequest" - }, - "output": { - "shape": "UpdateFlowOutputResponse", - "documentation": "AWS Elemental MediaConnect updated the output successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Updates an existing flow output." - }, - "UpdateFlowSource": { - "name": "UpdateFlowSource", - "http": { - "method": "PUT", - "requestUri": "/v1/flows/{flowArn}/source/{sourceArn}", - "responseCode": 202 - }, - "input": { - "shape": "UpdateFlowSourceRequest" - }, - "output": { - "shape": "UpdateFlowSourceResponse", - "documentation": "AWS Elemental MediaConnect updated the flow successfully." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - } - ], - "documentation": "Updates the source of a flow." - }, - "UpdateGatewayInstance": { - "name": "UpdateGatewayInstance", - "http": { - "method": "PUT", - "requestUri": "/v1/gateway-instances/{gatewayInstanceArn}", - "responseCode": 200 - }, - "input": { - "shape": "UpdateGatewayInstanceRequest" - }, - "output": { - "shape": "UpdateGatewayInstanceResponse", - "documentation": "AWS Elemental MediaConnect is applying the instance state." - }, - "errors": [ - { - "shape": "BadRequestException", - "documentation": "The request that you submitted is not valid." - }, - { - "shape": "InternalServerErrorException", - "documentation": "AWS Elemental MediaConnect can't fulfill your request because it encountered an unexpected condition." - }, - { - "shape": "ForbiddenException", - "documentation": "You don't have the required permissions to perform this operation." - }, - { - "shape": "NotFoundException", - "documentation": "AWS Elemental MediaConnect did not find the resource that you specified in the request." - }, - { - "shape": "ServiceUnavailableException", - "documentation": "AWS Elemental MediaConnect is currently unavailable. Try again later." - }, - { - "shape": "TooManyRequestsException", - "documentation": "You have exceeded the service request rate limit for your AWS Elemental MediaConnect account." - }, - { - "shape": "ConflictException", - "documentation": "The request could not be completed due to a conflict with the current state of the target resource." - } - ], - "documentation": "Updates the configuration of an existing Gateway Instance." + "documentation":"

    Updates an existing gateway instance.

    ", + "idempotent":true } }, - "shapes": { - "AddBridgeFlowSourceRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "locationName": "flowArn", - "documentation": "The Amazon Resource Number (ARN) of the cloud flow to use as a source of this bridge." - }, - "FlowVpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "flowVpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this source." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the flow source. This name is used to reference the source and must be unique among sources in this bridge." - } - }, - "documentation": "Add a flow source to an existing bridge.", - "required": [ + "shapes":{ + "AddBridgeFlowSourceRequest":{ + "type":"structure", + "required":[ "FlowArn", "Name" - ] - }, - "AddBridgeNetworkOutputRequest": { - "type": "structure", - "members": { - "IpAddress": { - "shape": "__string", - "locationName": "ipAddress", - "documentation": "The network output IP Address." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The network output name. This name is used to reference the output and must be unique among outputs in this bridge." - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network output's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network output port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network output protocol." - }, - "Ttl": { - "shape": "__integer", - "locationName": "ttl", - "documentation": "The network output TTL." - } - }, - "documentation": "Add a network output to an existing bridge.", - "required": [ + ], + "members":{ + "FlowArn":{ + "shape":"AddBridgeFlowSourceRequestFlowArnString", + "documentation":"

    The Amazon Resource Number (ARN) of the flow to use as a source of this bridge.

    ", + "locationName":"flowArn" + }, + "FlowVpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this source.

    ", + "locationName":"flowVpcInterfaceAttachment" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the flow source. This name is used to reference the source and must be unique among sources in this bridge.

    ", + "locationName":"name" + } + }, + "documentation":"

    Add a flow source to an existing bridge.

    " + }, + "AddBridgeFlowSourceRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "AddBridgeNetworkOutputRequest":{ + "type":"structure", + "required":[ + "IpAddress", + "Name", "NetworkName", "Port", - "IpAddress", "Protocol", - "Ttl", - "Name" - ] - }, - "AddBridgeNetworkSourceRequest": { - "type": "structure", - "members": { - "MulticastIp": { - "shape": "__string", - "locationName": "multicastIp", - "documentation": "The network source multicast IP." - }, - "MulticastSourceSettings": { - "shape": "MulticastSourceSettings", - "locationName": "multicastSourceSettings" - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the network source. This name is used to reference the source and must be unique among sources in this bridge." - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network source's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network source port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network source protocol." - } - }, - "documentation": "Add a network source to an existing bridge.", - "required": [ - "NetworkName", + "Ttl" + ], + "members":{ + "IpAddress":{ + "shape":"String", + "documentation":"

    The network output IP Address.

    ", + "locationName":"ipAddress" + }, + "Name":{ + "shape":"String", + "documentation":"

    The network output name. This name is used to reference the output and must be unique among outputs in this bridge.

    ", + "locationName":"name" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network output's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network output port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network output protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "Ttl":{ + "shape":"Integer", + "documentation":"

    The network output TTL.

    ", + "locationName":"ttl" + } + }, + "documentation":"

    Add a network output to an existing bridge.

    " + }, + "AddBridgeNetworkSourceRequest":{ + "type":"structure", + "required":[ "MulticastIp", + "Name", + "NetworkName", "Port", - "Protocol", - "Name" - ] - }, - "AddBridgeOutputRequest": { - "type": "structure", - "members": { - "NetworkOutput": { - "shape": "AddBridgeNetworkOutputRequest", - "locationName": "networkOutput" - } - }, - "documentation": "Add an output to a bridge." - }, - "AddBridgeOutputsRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "Outputs": { - "shape": "__listOfAddBridgeOutputRequest", - "locationName": "outputs", - "documentation": "The outputs that you want to add to this bridge." - } - }, - "documentation": "A request to add outputs to the specified bridge.", - "required": [ + "Protocol" + ], + "members":{ + "MulticastIp":{ + "shape":"String", + "documentation":"

    The network source multicast IP.

    ", + "locationName":"multicastIp" + }, + "MulticastSourceSettings":{ + "shape":"MulticastSourceSettings", + "documentation":"

    The settings related to the multicast source.

    ", + "locationName":"multicastSourceSettings" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the network source. This name is used to reference the source and must be unique among sources in this bridge.

    ", + "locationName":"name" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network source's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network source port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network source protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + } + }, + "documentation":"

    Add a network source to an existing bridge.

    " + }, + "AddBridgeOutputRequest":{ + "type":"structure", + "members":{ + "NetworkOutput":{ + "shape":"AddBridgeNetworkOutputRequest", + "documentation":"

    The network output of the bridge. A network output is delivered to your premises.

    ", + "locationName":"networkOutput" + } + }, + "documentation":"

    Add outputs to the specified bridge.

    " + }, + "AddBridgeOutputsRequest":{ + "type":"structure", + "required":[ "BridgeArn", "Outputs" - ] - }, - "AddBridgeOutputsResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "Outputs": { - "shape": "__listOfBridgeOutput", - "locationName": "outputs", - "documentation": "The outputs that you added to this bridge." + ], + "members":{ + "BridgeArn":{ + "shape":"AddBridgeOutputsRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "Outputs":{ + "shape":"__listOfAddBridgeOutputRequest", + "documentation":"

    The outputs that you want to add to this bridge.

    ", + "locationName":"outputs" } } }, - "AddBridgeSourceRequest": { - "type": "structure", - "members": { - "FlowSource": { - "shape": "AddBridgeFlowSourceRequest", - "locationName": "flowSource" - }, - "NetworkSource": { - "shape": "AddBridgeNetworkSourceRequest", - "locationName": "networkSource" - } - }, - "documentation": "Add a source to an existing bridge." - }, - "AddBridgeSourcesRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "Sources": { - "shape": "__listOfAddBridgeSourceRequest", - "locationName": "sources", - "documentation": "The sources that you want to add to this bridge." + "AddBridgeOutputsRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "AddBridgeOutputsResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge that you added outputs to.

    ", + "locationName":"bridgeArn" + }, + "Outputs":{ + "shape":"__listOfBridgeOutput", + "documentation":"

    The outputs that you added to this bridge.

    ", + "locationName":"outputs" } - }, - "documentation": "A request to add sources to the specified bridge.", - "required": [ + } + }, + "AddBridgeSourceRequest":{ + "type":"structure", + "members":{ + "FlowSource":{ + "shape":"AddBridgeFlowSourceRequest", + "documentation":"

    The source of the flow.

    ", + "locationName":"flowSource" + }, + "NetworkSource":{ + "shape":"AddBridgeNetworkSourceRequest", + "documentation":"

    The source of the network.

    ", + "locationName":"networkSource" + } + }, + "documentation":"

    Add an output to a bridge.

    " + }, + "AddBridgeSourcesRequest":{ + "type":"structure", + "required":[ "BridgeArn", "Sources" - ] - }, - "AddBridgeSourcesResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "Sources": { - "shape": "__listOfBridgeSource", - "locationName": "sources", - "documentation": "The sources that you added to this bridge." + ], + "members":{ + "BridgeArn":{ + "shape":"BridgeArn", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "Sources":{ + "shape":"__listOfAddBridgeSourceRequest", + "documentation":"

    The sources that you want to add to this bridge.

    ", + "locationName":"sources" } } }, - "AddEgressGatewayBridgeRequest": { - "type": "structure", - "members": { - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The maximum expected bitrate (in bps)." + "AddBridgeSourcesResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge that you added sources to.

    ", + "locationName":"bridgeArn" + }, + "Sources":{ + "shape":"__listOfBridgeSource", + "documentation":"

    The sources that you added to this bridge.

    ", + "locationName":"sources" } - }, - "required": [ - "MaxBitrate" - ] + } }, - "AddFlowMediaStreamsRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." - }, - "MediaStreams": { - "shape": "__listOfAddMediaStreamRequest", - "locationName": "mediaStreams", - "documentation": "The media streams that you want to add to the flow." - } - }, - "documentation": "A request to add media streams to the flow.", - "required": [ + "AddEgressGatewayBridgeRequest":{ + "type":"structure", + "required":["MaxBitrate"], + "members":{ + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps) of the egress bridge.

    ", + "locationName":"maxBitrate" + } + }, + "documentation":"

    Create a bridge with the egress bridge type. An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.

    " + }, + "AddFlowMediaStreamsRequest":{ + "type":"structure", + "required":[ "FlowArn", "MediaStreams" - ] - }, - "AddFlowMediaStreamsResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you added media streams to." - }, - "MediaStreams": { - "shape": "__listOfMediaStream", - "locationName": "mediaStreams", - "documentation": "The media streams that you added to the flow." + ], + "members":{ + "FlowArn":{ + "shape":"AddFlowMediaStreamsRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "MediaStreams":{ + "shape":"__listOfAddMediaStreamRequest", + "documentation":"

    The media streams that you want to add to the flow.

    ", + "locationName":"mediaStreams" } } }, - "AddFlowOutputs420Exception": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 420 - } - }, - "AddFlowOutputsRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to add outputs to." - }, - "Outputs": { - "shape": "__listOfAddOutputRequest", - "locationName": "outputs", - "documentation": "A list of outputs that you want to add." + "AddFlowMediaStreamsRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "AddFlowMediaStreamsResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that you added media streams to.

    ", + "locationName":"flowArn" + }, + "MediaStreams":{ + "shape":"__listOfMediaStream", + "documentation":"

    The media streams that you added to the flow.

    ", + "locationName":"mediaStreams" } - }, - "documentation": "A request to add outputs to the specified flow.", - "required": [ + } + }, + "AddFlowOutputs420Exception":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception raised by Elemental MediaConnect when adding the flow output. See the error message for the operation for more information on the cause of this exception.

    ", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "AddFlowOutputsRequest":{ + "type":"structure", + "required":[ "FlowArn", "Outputs" - ] - }, - "AddFlowOutputsResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that these outputs were added to." - }, - "Outputs": { - "shape": "__listOfOutput", - "locationName": "outputs", - "documentation": "The details of the newly added outputs." + ], + "members":{ + "FlowArn":{ + "shape":"AddFlowOutputsRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to add outputs to.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "Outputs":{ + "shape":"__listOfAddOutputRequest", + "documentation":"

    A list of outputs that you want to add to the flow.

    ", + "locationName":"outputs" } } }, - "AddFlowSourcesRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to mutate." - }, - "Sources": { - "shape": "__listOfSetSourceRequest", - "locationName": "sources", - "documentation": "A list of sources that you want to add." + "AddFlowOutputsRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "AddFlowOutputsResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that these outputs were added to.

    ", + "locationName":"flowArn" + }, + "Outputs":{ + "shape":"__listOfOutput", + "documentation":"

    The details of the newly added outputs.

    ", + "locationName":"outputs" } - }, - "documentation": "A request to add sources to the flow.", - "required": [ + } + }, + "AddFlowSourcesRequest":{ + "type":"structure", + "required":[ "FlowArn", "Sources" - ] - }, - "AddFlowSourcesResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that these sources were added to." - }, - "Sources": { - "shape": "__listOfSource", - "locationName": "sources", - "documentation": "The details of the newly added sources." + ], + "members":{ + "FlowArn":{ + "shape":"AddFlowSourcesRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "Sources":{ + "shape":"__listOfSetSourceRequest", + "documentation":"

    A list of sources that you want to add to the flow.

    ", + "locationName":"sources" } } }, - "AddFlowVpcInterfacesRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to mutate." - }, - "VpcInterfaces": { - "shape": "__listOfVpcInterfaceRequest", - "locationName": "vpcInterfaces", - "documentation": "A list of VPC interfaces that you want to add." + "AddFlowSourcesRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "AddFlowSourcesResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that these sources were added to.

    ", + "locationName":"flowArn" + }, + "Sources":{ + "shape":"__listOfSource", + "documentation":"

    The details of the newly added sources.

    ", + "locationName":"sources" } - }, - "documentation": "A request to add VPC interfaces to the flow.", - "required": [ + } + }, + "AddFlowVpcInterfacesRequest":{ + "type":"structure", + "required":[ "FlowArn", "VpcInterfaces" - ] - }, - "AddFlowVpcInterfacesResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that these VPC interfaces were added to." - }, - "VpcInterfaces": { - "shape": "__listOfVpcInterface", - "locationName": "vpcInterfaces", - "documentation": "The details of the newly added VPC interfaces." + ], + "members":{ + "FlowArn":{ + "shape":"AddFlowVpcInterfacesRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "VpcInterfaces":{ + "shape":"__listOfVpcInterfaceRequest", + "documentation":"

    A list of VPC interfaces that you want to add to the flow.

    ", + "locationName":"vpcInterfaces" } } }, - "AddIngressGatewayBridgeRequest": { - "type": "structure", - "members": { - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The maximum expected bitrate (in bps)." - }, - "MaxOutputs": { - "shape": "__integer", - "locationName": "maxOutputs", - "documentation": "The maximum number of expected outputs." - } - }, - "required": [ - "MaxOutputs", - "MaxBitrate" - ] - }, - "AddMaintenance": { - "type": "structure", - "members": { - "MaintenanceDay": { - "shape": "MaintenanceDay", - "locationName": "maintenanceDay", - "documentation": "A day of a week when the maintenance will happen. Use Monday/Tuesday/Wednesday/Thursday/Friday/Saturday/Sunday." - }, - "MaintenanceStartHour": { - "shape": "__string", - "locationName": "maintenanceStartHour", - "documentation": "UTC time when the maintenance will happen. Use 24-hour HH:MM format. Minutes must be 00. Example: 13:00. The default value is 02:00." + "AddFlowVpcInterfacesRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "AddFlowVpcInterfacesResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that these VPC interfaces were added to.

    ", + "locationName":"flowArn" + }, + "VpcInterfaces":{ + "shape":"__listOfVpcInterface", + "documentation":"

    The details of the newly added VPC interfaces.

    ", + "locationName":"vpcInterfaces" } - }, - "documentation": "Create maintenance setting for a flow", - "required": [ + } + }, + "AddIngressGatewayBridgeRequest":{ + "type":"structure", + "required":[ + "MaxBitrate", + "MaxOutputs" + ], + "members":{ + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps) of the ingress bridge.

    ", + "locationName":"maxBitrate" + }, + "MaxOutputs":{ + "shape":"Integer", + "documentation":"

    The maximum number of expected outputs on the ingress bridge.

    ", + "locationName":"maxOutputs" + } + }, + "documentation":"

    Create a bridge with the ingress bridge type. An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.

    " + }, + "AddMaintenance":{ + "type":"structure", + "required":[ "MaintenanceDay", "MaintenanceStartHour" - ] - }, - "AddMediaStreamRequest": { - "type": "structure", - "members": { - "Attributes": { - "shape": "MediaStreamAttributesRequest", - "locationName": "attributes", - "documentation": "The attributes that you want to assign to the new media stream." - }, - "ClockRate": { - "shape": "__integer", - "locationName": "clockRate", - "documentation": "The sample rate (in Hz) for the stream. If the media stream type is video or ancillary data, set this value to 90000. If the media stream type is audio, set this value to either 48000 or 96000." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description that can help you quickly identify what your media stream is used for." - }, - "MediaStreamId": { - "shape": "__integer", - "locationName": "mediaStreamId", - "documentation": "A unique identifier for the media stream." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "A name that helps you distinguish one media stream from another." - }, - "MediaStreamType": { - "shape": "MediaStreamType", - "locationName": "mediaStreamType", - "documentation": "The type of media stream." - }, - "VideoFormat": { - "shape": "__string", - "locationName": "videoFormat", - "documentation": "The resolution of the video." - } - }, - "documentation": "The media stream that you want to add to the flow.", - "required": [ - "MediaStreamType", + ], + "members":{ + "MaintenanceDay":{ + "shape":"MaintenanceDay", + "documentation":"

    A day of a week when the maintenance will happen.

    ", + "locationName":"maintenanceDay" + }, + "MaintenanceStartHour":{ + "shape":"String", + "documentation":"

    UTC time when the maintenance will happen.

    Use 24-hour HH:MM format.

    Minutes must be 00.

    Example: 13:00.

    The default value is 02:00.

    ", + "locationName":"maintenanceStartHour" + } + }, + "documentation":"

    Create a maintenance setting for a flow.

    " + }, + "AddMediaStreamRequest":{ + "type":"structure", + "required":[ "MediaStreamId", - "MediaStreamName" - ] - }, - "AddOutputRequest": { - "type": "structure", - "members": { - "CidrAllowList": { - "shape": "__listOf__string", - "locationName": "cidrAllowList", - "documentation": "The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the output. This description appears only on the AWS Elemental MediaConnect console and will not be seen by the end user." - }, - "Destination": { - "shape": "__string", - "locationName": "destination", - "documentation": "The IP address from which video will be sent to output destinations." - }, - "Encryption": { - "shape": "Encryption", - "locationName": "encryption", - "documentation": "The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key). Allowable encryption types: static-key." - }, - "MaxLatency": { - "shape": "__integer", - "locationName": "maxLatency", - "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams." - }, - "MediaStreamOutputConfigurations": { - "shape": "__listOfMediaStreamOutputConfigurationRequest", - "locationName": "mediaStreamOutputConfigurations", - "documentation": "The media streams that are associated with the output, and the parameters for those associations." - }, - "MinLatency": { - "shape": "__integer", - "locationName": "minLatency", - "documentation": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the output. This value must be unique within the current flow." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The port to use when content is distributed to this output." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The protocol to use for the output." - }, - "RemoteId": { - "shape": "__string", - "locationName": "remoteId", - "documentation": "The remote ID for the Zixi-pull output stream." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SmoothingLatency": { - "shape": "__integer", - "locationName": "smoothingLatency", - "documentation": "The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams." - }, - "StreamId": { - "shape": "__string", - "locationName": "streamId", - "documentation": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this output." - }, - "OutputStatus": { - "shape": "OutputStatus", - "locationName": "outputStatus", - "documentation": "An indication of whether the new output should be enabled or disabled as soon as it is created. If you don't specify the outputStatus field in your request, MediaConnect sets it to ENABLED." - } - }, - "documentation": "The output that you want to add to this flow.", - "required": [ - "Protocol" - ] - }, - "Algorithm": { - "type": "string", - "enum": [ + "MediaStreamName", + "MediaStreamType" + ], + "members":{ + "Attributes":{ + "shape":"MediaStreamAttributesRequest", + "documentation":"

    The attributes that you want to assign to the new media stream.

    ", + "locationName":"attributes" + }, + "ClockRate":{ + "shape":"Integer", + "documentation":"

    The sample rate (in Hz) for the stream. If the media stream type is video or ancillary data, set this value to 90000. If the media stream type is audio, set this value to either 48000 or 96000.

    ", + "locationName":"clockRate" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description that can help you quickly identify what your media stream is used for.

    ", + "locationName":"description" + }, + "MediaStreamId":{ + "shape":"Integer", + "documentation":"

    A unique identifier for the media stream.

    ", + "locationName":"mediaStreamId" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    A name that helps you distinguish one media stream from another.

    ", + "locationName":"mediaStreamName" + }, + "MediaStreamType":{ + "shape":"MediaStreamType", + "documentation":"

    The type of media stream.

    ", + "locationName":"mediaStreamType" + }, + "VideoFormat":{ + "shape":"String", + "documentation":"

    The resolution of the video.

    ", + "locationName":"videoFormat" + }, + "MediaStreamTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the media stream.

    ", + "locationName":"mediaStreamTags" + } + }, + "documentation":"

    The media stream that you want to add to the flow.

    " + }, + "AddOutputRequest":{ + "type":"structure", + "members":{ + "CidrAllowList":{ + "shape":"__listOfString", + "documentation":"

    The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"cidrAllowList" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the output. This description appears only on the Audit Manager console and will not be seen by the end user.

    ", + "locationName":"description" + }, + "Destination":{ + "shape":"String", + "documentation":"

    The IP address from which video will be sent to output destinations.

    ", + "locationName":"destination" + }, + "Encryption":{ + "shape":"Encryption", + "documentation":"

    The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key). Allowable encryption types: static-key.

    ", + "locationName":"encryption" + }, + "MaxLatency":{ + "shape":"Integer", + "documentation":"

    The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.

    ", + "locationName":"maxLatency" + }, + "MediaStreamOutputConfigurations":{ + "shape":"__listOfMediaStreamOutputConfigurationRequest", + "documentation":"

    The media streams that are associated with the output, and the parameters for those associations.

    ", + "locationName":"mediaStreamOutputConfigurations" + }, + "MinLatency":{ + "shape":"Integer", + "documentation":"

    The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.

    ", + "locationName":"minLatency" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the output. This value must be unique within the current flow.

    ", + "locationName":"name" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The port to use when content is distributed to this output.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The protocol to use for the output.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "RemoteId":{ + "shape":"String", + "documentation":"

    The remote ID for the Zixi-pull output stream.

    ", + "locationName":"remoteId" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SmoothingLatency":{ + "shape":"Integer", + "documentation":"

    The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"smoothingLatency" + }, + "StreamId":{ + "shape":"String", + "documentation":"

    The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.

    ", + "locationName":"streamId" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this output.

    ", + "locationName":"vpcInterfaceAttachment" + }, + "OutputStatus":{ + "shape":"OutputStatus", + "documentation":"

    An indication of whether the new output should be enabled or disabled as soon as it is created. If you don't specify the outputStatus field in your request, MediaConnect sets it to ENABLED.

    ", + "locationName":"outputStatus" + }, + "NdiSpeedHqQuality":{ + "shape":"Integer", + "documentation":"

    A quality setting for the NDI Speed HQ encoder.

    ", + "locationName":"ndiSpeedHqQuality" + }, + "NdiProgramName":{ + "shape":"String", + "documentation":"

    A suffix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect uses the output name.

    ", + "locationName":"ndiProgramName" + }, + "OutputTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the output.

    ", + "locationName":"outputTags" + } + }, + "documentation":"

    A request to add an output to a flow.

    " + }, + "Algorithm":{ + "type":"string", + "enum":[ "aes128", "aes192", "aes256" ] }, - "AudioMonitoringSetting": { - "type": "structure", - "members": { - "SilentAudio": { - "shape": "SilentAudio", - "locationName": "silentAudio", - "documentation": "Detects periods of silence." - } - }, - "documentation": "Specifies the configuration for audio stream metrics monitoring." - }, - "BadRequestException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 400 - } - }, - "BlackFrames": { - "type": "structure", - "members": { - "State": { - "shape": "State", - "locationName": "state", - "documentation": "Indicates whether the BlackFrames metric is enabled or disabled." - }, - "ThresholdSeconds": { - "shape": "__integer", - "locationName": "thresholdSeconds", - "documentation": "Specifies the number of consecutive seconds of black frames that triggers an event or alert." - } - }, - "documentation": "Configures settings for the BlackFrames metric." - }, - "Bridge": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "BridgeMessages": { - "shape": "__listOfMessageDetail", - "locationName": "bridgeMessages" - }, - "BridgeState": { - "shape": "BridgeState", - "locationName": "bridgeState" - }, - "EgressGatewayBridge": { - "shape": "EgressGatewayBridge", - "locationName": "egressGatewayBridge" - }, - "IngressGatewayBridge": { - "shape": "IngressGatewayBridge", - "locationName": "ingressGatewayBridge" - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the bridge." - }, - "Outputs": { - "shape": "__listOfBridgeOutput", - "locationName": "outputs", - "documentation": "The outputs on this bridge." - }, - "PlacementArn": { - "shape": "__string", - "locationName": "placementArn", - "documentation": "The placement Amazon Resource Number (ARN) of the bridge." - }, - "SourceFailoverConfig": { - "shape": "FailoverConfig", - "locationName": "sourceFailoverConfig" - }, - "Sources": { - "shape": "__listOfBridgeSource", - "locationName": "sources", - "documentation": "The sources on this bridge." - } - }, - "documentation": "A Bridge is the connection between your datacenter's Instances and the AWS cloud. A bridge can be used to send video from the AWS cloud to your datacenter or from your datacenter to the AWS cloud.", - "required": [ + "AudioMonitoringSetting":{ + "type":"structure", + "members":{ + "SilentAudio":{ + "shape":"SilentAudio", + "documentation":"

    Detects periods of silence.

    ", + "locationName":"silentAudio" + } + }, + "documentation":"

    Specifies the configuration for audio stream metrics monitoring.

    " + }, + "BadRequestException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    This exception is thrown if the request contains a semantic error. The precise meaning depends on the API, and is documented in the error message.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "BlackFrames":{ + "type":"structure", + "members":{ + "State":{ + "shape":"State", + "documentation":"

    Indicates whether the BlackFrames metric is enabled or disabled..

    ", + "locationName":"state" + }, + "ThresholdSeconds":{ + "shape":"Integer", + "documentation":"

    Specifies the number of consecutive seconds of black frames that triggers an event or alert.

    ", + "locationName":"thresholdSeconds" + } + }, + "documentation":"

    Configures settings for the BlackFrames metric.

    " + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "Bridge":{ + "type":"structure", + "required":[ "BridgeArn", "BridgeState", - "PlacementArn", - "Name" - ] - }, - "BridgeFlowOutput": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The Amazon Resource Number (ARN) of the cloud flow." - }, - "FlowSourceArn": { - "shape": "__string", - "locationName": "flowSourceArn", - "documentation": "The Amazon Resource Number (ARN) of the flow source." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the bridge's output." - } - }, - "documentation": "The output of the bridge. A flow output is delivered to the AWS cloud.", - "required": [ - "FlowSourceArn", + "Name", + "PlacementArn" + ], + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Number (ARN) of the bridge.

    ", + "locationName":"bridgeArn" + }, + "BridgeMessages":{ + "shape":"__listOfMessageDetail", + "documentation":"

    Messages with details about the bridge.

    ", + "locationName":"bridgeMessages" + }, + "BridgeState":{ + "shape":"BridgeState", + "documentation":"

    The state of the bridge.

    ", + "locationName":"bridgeState" + }, + "EgressGatewayBridge":{ + "shape":"EgressGatewayBridge", + "documentation":"

    An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.

    ", + "locationName":"egressGatewayBridge" + }, + "IngressGatewayBridge":{ + "shape":"IngressGatewayBridge", + "documentation":"

    An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.

    ", + "locationName":"ingressGatewayBridge" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the bridge.

    ", + "locationName":"name" + }, + "Outputs":{ + "shape":"__listOfBridgeOutput", + "documentation":"

    The outputs on this bridge.

    ", + "locationName":"outputs" + }, + "PlacementArn":{ + "shape":"String", + "documentation":"

    The placement Amazon Resource Number (ARN) of the bridge.

    ", + "locationName":"placementArn" + }, + "SourceFailoverConfig":{ + "shape":"FailoverConfig", + "documentation":"

    The settings for source failover.

    ", + "locationName":"sourceFailoverConfig" + }, + "Sources":{ + "shape":"__listOfBridgeSource", + "documentation":"

    The sources on this bridge.

    ", + "locationName":"sources" + } + }, + "documentation":"

    A Bridge is the connection between your data center's Instances and the Amazon Web Services cloud. A bridge can be used to send video from the Amazon Web Services cloud to your data center or from your data center to the Amazon Web Services cloud.

    " + }, + "BridgeArn":{"type":"string"}, + "BridgeFlowOutput":{ + "type":"structure", + "required":[ "FlowArn", + "FlowSourceArn", "Name" - ] - }, - "BridgeFlowSource": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the cloud flow used as a source of this bridge." - }, - "FlowVpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "flowVpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this source." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the flow source." - }, - "OutputArn": { - "shape": "__string", - "locationName": "outputArn", - "documentation": "The Amazon Resource Number (ARN) of the output." - } - }, - "documentation": "The source of the bridge. A flow source originates in MediaConnect as an existing cloud flow.", - "required": [ + ], + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Number (ARN) of the cloud flow.

    ", + "locationName":"flowArn" + }, + "FlowSourceArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Number (ARN) of the flow source.

    ", + "locationName":"flowSourceArn" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the bridge's output.

    ", + "locationName":"name" + } + }, + "documentation":"

    The output of the bridge. A flow output is delivered to the Amazon Web Services cloud.

    " + }, + "BridgeFlowSource":{ + "type":"structure", + "required":[ "FlowArn", "Name" - ] - }, - "BridgeNetworkOutput": { - "type": "structure", - "members": { - "IpAddress": { - "shape": "__string", - "locationName": "ipAddress", - "documentation": "The network output IP Address." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The network output name." - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network output's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network output port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network output protocol." - }, - "Ttl": { - "shape": "__integer", - "locationName": "ttl", - "documentation": "The network output TTL." - } - }, - "documentation": "The output of the bridge. A network output is delivered to your premises.", - "required": [ + ], + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the cloud flow used as a source of this bridge.

    ", + "locationName":"flowArn" + }, + "FlowVpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this source.

    ", + "locationName":"flowVpcInterfaceAttachment" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the flow source.

    ", + "locationName":"name" + }, + "OutputArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Number (ARN) of the output.

    ", + "locationName":"outputArn" + } + }, + "documentation":"

    The source of the bridge. A flow source originates in MediaConnect as an existing cloud flow.

    " + }, + "BridgeNetworkOutput":{ + "type":"structure", + "required":[ + "IpAddress", + "Name", "NetworkName", "Port", - "IpAddress", "Protocol", - "Ttl", - "Name" - ] - }, - "BridgeNetworkSource": { - "type": "structure", - "members": { - "MulticastIp": { - "shape": "__string", - "locationName": "multicastIp", - "documentation": "The network source multicast IP." - }, - "MulticastSourceSettings": { - "shape": "MulticastSourceSettings", - "locationName": "multicastSourceSettings" - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the network source." - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network source's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network source port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network source protocol." - } - }, - "documentation": "The source of the bridge. A network source originates at your premises.", - "required": [ - "NetworkName", + "Ttl" + ], + "members":{ + "IpAddress":{ + "shape":"String", + "documentation":"

    The network output IP address.

    ", + "locationName":"ipAddress" + }, + "Name":{ + "shape":"String", + "documentation":"

    The network output name.

    ", + "locationName":"name" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network output's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network output's port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network output protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "Ttl":{ + "shape":"Integer", + "documentation":"

    The network output TTL.

    ", + "locationName":"ttl" + } + }, + "documentation":"

    The output of the bridge. A network output is delivered to your premises.

    " + }, + "BridgeNetworkSource":{ + "type":"structure", + "required":[ "MulticastIp", + "Name", + "NetworkName", "Port", - "Protocol", - "Name" - ] - }, - "BridgeOutput": { - "type": "structure", - "members": { - "FlowOutput": { - "shape": "BridgeFlowOutput", - "locationName": "flowOutput" - }, - "NetworkOutput": { - "shape": "BridgeNetworkOutput", - "locationName": "networkOutput" - } - }, - "documentation": "The output of the bridge." - }, - "BridgePlacement": { - "type": "string", - "enum": [ + "Protocol" + ], + "members":{ + "MulticastIp":{ + "shape":"String", + "documentation":"

    The network source multicast IP.

    ", + "locationName":"multicastIp" + }, + "MulticastSourceSettings":{ + "shape":"MulticastSourceSettings", + "documentation":"

    The settings related to the multicast source.

    ", + "locationName":"multicastSourceSettings" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the network source.

    ", + "locationName":"name" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network source's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network source port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network source protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + } + }, + "documentation":"

    The source of the bridge. A network source originates at your premises.

    " + }, + "BridgeOutput":{ + "type":"structure", + "members":{ + "FlowOutput":{ + "shape":"BridgeFlowOutput", + "documentation":"

    The output of the associated flow.

    ", + "locationName":"flowOutput" + }, + "NetworkOutput":{ + "shape":"BridgeNetworkOutput", + "documentation":"

    The network output for the bridge.

    ", + "locationName":"networkOutput" + } + }, + "documentation":"

    The output of the bridge.

    " + }, + "BridgePlacement":{ + "type":"string", + "enum":[ "AVAILABLE", "LOCKED" ] }, - "BridgeSource": { - "type": "structure", - "members": { - "FlowSource": { - "shape": "BridgeFlowSource", - "locationName": "flowSource" - }, - "NetworkSource": { - "shape": "BridgeNetworkSource", - "locationName": "networkSource" - } - }, - "documentation": "The bridge's source." - }, - "BridgeState": { - "type": "string", - "enum": [ + "BridgeSource":{ + "type":"structure", + "members":{ + "FlowSource":{ + "shape":"BridgeFlowSource", + "documentation":"

    The source of the associated flow.

    ", + "locationName":"flowSource" + }, + "NetworkSource":{ + "shape":"BridgeNetworkSource", + "documentation":"

    The network source for the bridge.

    ", + "locationName":"networkSource" + } + }, + "documentation":"

    The bridge's source.

    " + }, + "BridgeState":{ + "type":"string", + "enum":[ "CREATING", "STANDBY", "STARTING", @@ -3047,9 +1946,9 @@ "UPDATING" ] }, - "Colorimetry": { - "type": "string", - "enum": [ + "Colorimetry":{ + "type":"string", + "enum":[ "BT601", "BT709", "BT2020", @@ -3059,1216 +1958,1257 @@ "XYZ" ] }, - "ConflictException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 409 - } - }, - "ConnectionStatus": { - "type": "string", - "enum": [ + "ConflictException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "ConnectionStatus":{ + "type":"string", + "enum":[ "CONNECTED", "DISCONNECTED" ] }, - "ContentQualityAnalysisState": { - "type": "string", - "enum": [ + "ContentQualityAnalysisState":{ + "type":"string", + "enum":[ "ENABLED", "DISABLED" ] }, - "CreateBridge420Exception": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 420 - } - }, - "CreateBridgeRequest": { - "type": "structure", - "members": { - "EgressGatewayBridge": { - "shape": "AddEgressGatewayBridgeRequest", - "locationName": "egressGatewayBridge", - "documentation": "Create a bridge with the egress bridge type. An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises." - }, - "IngressGatewayBridge": { - "shape": "AddIngressGatewayBridgeRequest", - "locationName": "ingressGatewayBridge", - "documentation": "Create a bridge with the ingress bridge type. An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the bridge. This name can not be modified after the bridge is created." - }, - "Outputs": { - "shape": "__listOfAddBridgeOutputRequest", - "locationName": "outputs", - "documentation": "The outputs that you want to add to this bridge." - }, - "PlacementArn": { - "shape": "__string", - "locationName": "placementArn", - "documentation": "The bridge placement Amazon Resource Number (ARN)." - }, - "SourceFailoverConfig": { - "shape": "FailoverConfig", - "locationName": "sourceFailoverConfig", - "documentation": "The settings for source failover." - }, - "Sources": { - "shape": "__listOfAddBridgeSourceRequest", - "locationName": "sources", - "documentation": "The sources that you want to add to this bridge." - } - }, - "documentation": "Creates a new bridge. The request must include one source.", - "required": [ - "Sources", + "CreateBridge420Exception":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception raised by Elemental MediaConnect when creating the bridge. See the error message for the operation for more information on the cause of this exception.

    ", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "CreateBridgeRequest":{ + "type":"structure", + "required":[ + "Name", "PlacementArn", - "Name" - ] - }, - "CreateBridgeResponse": { - "type": "structure", - "members": { - "Bridge": { - "shape": "Bridge", - "locationName": "bridge" + "Sources" + ], + "members":{ + "EgressGatewayBridge":{ + "shape":"AddEgressGatewayBridgeRequest", + "documentation":"

    An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.

    ", + "locationName":"egressGatewayBridge" + }, + "IngressGatewayBridge":{ + "shape":"AddIngressGatewayBridgeRequest", + "documentation":"

    An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.

    ", + "locationName":"ingressGatewayBridge" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the bridge. This name can not be modified after the bridge is created.

    ", + "locationName":"name" + }, + "Outputs":{ + "shape":"__listOfAddBridgeOutputRequest", + "documentation":"

    The outputs that you want to add to this bridge.

    ", + "locationName":"outputs" + }, + "PlacementArn":{ + "shape":"String", + "documentation":"

    The bridge placement Amazon Resource Number (ARN).

    ", + "locationName":"placementArn" + }, + "SourceFailoverConfig":{ + "shape":"FailoverConfig", + "documentation":"

    The settings for source failover.

    ", + "locationName":"sourceFailoverConfig" + }, + "Sources":{ + "shape":"__listOfAddBridgeSourceRequest", + "documentation":"

    The sources that you want to add to this bridge.

    ", + "locationName":"sources" + } + } + }, + "CreateBridgeResponse":{ + "type":"structure", + "members":{ + "Bridge":{ + "shape":"Bridge", + "documentation":"

    The name of the bridge that was created.

    ", + "locationName":"bridge" + } + } + }, + "CreateFlow420Exception":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception raised by Elemental MediaConnect when creating the flow. See the error message for the operation for more information on the cause of this exception.

    ", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "CreateFlowRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "AvailabilityZone":{ + "shape":"String", + "documentation":"

    The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current Amazon Web Services Region.

    ", + "locationName":"availabilityZone" + }, + "Entitlements":{ + "shape":"__listOfGrantEntitlementRequest", + "documentation":"

    The entitlements that you want to grant on a flow.

    ", + "locationName":"entitlements" + }, + "MediaStreams":{ + "shape":"__listOfAddMediaStreamRequest", + "documentation":"

    The media streams that you want to add to the flow. You can associate these media streams with sources and outputs on the flow.

    ", + "locationName":"mediaStreams" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the flow.

    ", + "locationName":"name" + }, + "Outputs":{ + "shape":"__listOfAddOutputRequest", + "documentation":"

    The outputs that you want to add to this flow.

    ", + "locationName":"outputs" + }, + "Source":{ + "shape":"SetSourceRequest", + "documentation":"

    The settings for the source that you want to use for the new flow.

    ", + "locationName":"source" + }, + "SourceFailoverConfig":{ + "shape":"FailoverConfig", + "documentation":"

    The settings for source failover.

    ", + "locationName":"sourceFailoverConfig" + }, + "Sources":{ + "shape":"__listOfSetSourceRequest", + "documentation":"

    The sources that are assigned to the flow.

    ", + "locationName":"sources" + }, + "VpcInterfaces":{ + "shape":"__listOfVpcInterfaceRequest", + "documentation":"

    The VPC interfaces you want on the flow.

    ", + "locationName":"vpcInterfaces" + }, + "Maintenance":{ + "shape":"AddMaintenance", + "documentation":"

    The maintenance settings you want to use for the flow.

    ", + "locationName":"maintenance" + }, + "SourceMonitoringConfig":{ + "shape":"MonitoringConfig", + "documentation":"

    The settings for source monitoring.

    ", + "locationName":"sourceMonitoringConfig" + }, + "FlowSize":{ + "shape":"FlowSize", + "documentation":"

    Determines the processing capacity and feature set of the flow. Set this optional parameter to LARGE if you want to enable NDI outputs on the flow.

    ", + "locationName":"flowSize" + }, + "NdiConfig":{ + "shape":"NdiConfig", + "documentation":"

    Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs.

    ", + "locationName":"ndiConfig" + }, + "FlowTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the flow.

    ", + "locationName":"flowTags" + } + } + }, + "CreateFlowResponse":{ + "type":"structure", + "members":{ + "Flow":{ + "shape":"Flow", + "documentation":"

    The flow that you created.

    ", + "locationName":"flow" + } + } + }, + "CreateGateway420Exception":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception raised by Elemental MediaConnect when creating the gateway. See the error message for the operation for more information on the cause of this exception.

    ", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "CreateGatewayRequest":{ + "type":"structure", + "required":[ + "EgressCidrBlocks", + "Name", + "Networks" + ], + "members":{ + "EgressCidrBlocks":{ + "shape":"__listOfString", + "documentation":"

    The range of IP addresses that are allowed to contribute content or initiate output requests for flows communicating with this gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"egressCidrBlocks" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the gateway. This name can not be modified after the gateway is created.

    ", + "locationName":"name" + }, + "Networks":{ + "shape":"__listOfGatewayNetwork", + "documentation":"

    The list of networks that you want to add to the gateway.

    ", + "locationName":"networks" } } }, - "CreateFlow420Exception": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 420 - } - }, - "CreateFlowRequest": { - "type": "structure", - "members": { - "AvailabilityZone": { - "shape": "__string", - "locationName": "availabilityZone", - "documentation": "The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current AWS Region." - }, - "Entitlements": { - "shape": "__listOfGrantEntitlementRequest", - "locationName": "entitlements", - "documentation": "The entitlements that you want to grant on a flow." - }, - "MediaStreams": { - "shape": "__listOfAddMediaStreamRequest", - "locationName": "mediaStreams", - "documentation": "The media streams that you want to add to the flow. You can associate these media streams with sources and outputs on the flow." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the flow." - }, - "Outputs": { - "shape": "__listOfAddOutputRequest", - "locationName": "outputs", - "documentation": "The outputs that you want to add to this flow." - }, - "Source": { - "shape": "SetSourceRequest", - "locationName": "source" - }, - "SourceFailoverConfig": { - "shape": "FailoverConfig", - "locationName": "sourceFailoverConfig" - }, - "Sources": { - "shape": "__listOfSetSourceRequest", - "locationName": "sources" - }, - "VpcInterfaces": { - "shape": "__listOfVpcInterfaceRequest", - "locationName": "vpcInterfaces", - "documentation": "The VPC interfaces you want on the flow." - }, - "Maintenance": { - "shape": "AddMaintenance", - "locationName": "maintenance" - }, - "SourceMonitoringConfig": { - "shape": "MonitoringConfig", - "locationName": "sourceMonitoringConfig" + "CreateGatewayResponse":{ + "type":"structure", + "members":{ + "Gateway":{ + "shape":"Gateway", + "documentation":"

    The gateway that you created.

    ", + "locationName":"gateway" } - }, - "documentation": "Creates a new flow. The request must include one source. The request optionally can include outputs (up to 50) and entitlements (up to 50).", - "required": [ - "Name" - ] + } }, - "CreateFlowResponse": { - "type": "structure", - "members": { - "Flow": { - "shape": "Flow", - "locationName": "flow" + "DeleteBridgeRequest":{ + "type":"structure", + "required":["BridgeArn"], + "members":{ + "BridgeArn":{ + "shape":"DeleteBridgeRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to delete.

    ", + "location":"uri", + "locationName":"BridgeArn" } } }, - "CreateGateway420Exception": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 420 - } - }, - "CreateGatewayRequest": { - "type": "structure", - "members": { - "EgressCidrBlocks": { - "shape": "__listOf__string", - "locationName": "egressCidrBlocks", - "documentation": "The range of IP addresses that are allowed to contribute content or initiate output requests for flows communicating with this gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the gateway. This name can not be modified after the gateway is created." - }, - "Networks": { - "shape": "__listOfGatewayNetwork", - "locationName": "networks", - "documentation": "The list of networks that you want to add." - } - }, - "documentation": "Creates a new gateway. The request must include at least one network (up to 4).", - "required": [ - "Networks", - "EgressCidrBlocks", - "Name" - ] + "DeleteBridgeRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" }, - "CreateGatewayResponse": { - "type": "structure", - "members": { - "Gateway": { - "shape": "Gateway", - "locationName": "gateway" + "DeleteBridgeResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the deleted bridge.

    ", + "locationName":"bridgeArn" } } }, - "DeleteBridgeRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to delete." - } - }, - "required": [ - "BridgeArn" - ] - }, - "DeleteBridgeResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the deleted bridge." + "DeleteFlowRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"DeleteFlowRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to delete.

    ", + "location":"uri", + "locationName":"FlowArn" } } }, - "DeleteFlowRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you want to delete." - } - }, - "required": [ - "FlowArn" - ] + "DeleteFlowRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" }, - "DeleteFlowResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that was deleted." - }, - "Status": { - "shape": "Status", - "locationName": "status", - "documentation": "The status of the flow when the DeleteFlow process begins." + "DeleteFlowResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that was deleted.

    ", + "locationName":"flowArn" + }, + "Status":{ + "shape":"Status", + "documentation":"

    The status of the flow when the DeleteFlow process begins.

    ", + "locationName":"status" } } }, - "DeleteGatewayRequest": { - "type": "structure", - "members": { - "GatewayArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:gateway:.+$", - "location": "uri", - "locationName": "gatewayArn", - "documentation": "The ARN of the gateway that you want to delete." + "DeleteGatewayRequest":{ + "type":"structure", + "required":["GatewayArn"], + "members":{ + "GatewayArn":{ + "shape":"DeleteGatewayRequestGatewayArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway that you want to delete.

    ", + "location":"uri", + "locationName":"GatewayArn" } - }, - "required": [ - "GatewayArn" - ] + } + }, + "DeleteGatewayRequestGatewayArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+" }, - "DeleteGatewayResponse": { - "type": "structure", - "members": { - "GatewayArn": { - "shape": "__string", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway that was deleted." + "DeleteGatewayResponse":{ + "type":"structure", + "members":{ + "GatewayArn":{ + "shape":"String", + "documentation":"

    The ARN of the gateway that was deleted.

    ", + "locationName":"gatewayArn" } } }, - "DeregisterGatewayInstanceRequest": { - "type": "structure", - "members": { - "Force": { - "shape": "__boolean", - "location": "querystring", - "locationName": "force", - "documentation": "Force the deregistration of an instance. Force will deregister an instance, even if there are bridges running on it." - }, - "GatewayInstanceArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:gateway:.+:instance:.+$", - "location": "uri", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway that contains the instance that you want to deregister." + "DeregisterGatewayInstanceRequest":{ + "type":"structure", + "required":["GatewayInstanceArn"], + "members":{ + "Force":{ + "shape":"Boolean", + "documentation":"

    Force the deregistration of an instance. Force will deregister an instance, even if there are bridges running on it.

    ", + "location":"querystring", + "locationName":"force" + }, + "GatewayInstanceArn":{ + "shape":"DeregisterGatewayInstanceRequestGatewayInstanceArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway that contains the instance that you want to deregister.

    ", + "location":"uri", + "locationName":"GatewayInstanceArn" } - }, - "required": [ - "GatewayInstanceArn" - ] + } + }, + "DeregisterGatewayInstanceRequestGatewayInstanceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+:instance:.+" }, - "DeregisterGatewayInstanceResponse": { - "type": "structure", - "members": { - "GatewayInstanceArn": { - "shape": "__string", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the instance." - }, - "InstanceState": { - "shape": "InstanceState", - "locationName": "instanceState", - "documentation": "The status of the instance." + "DeregisterGatewayInstanceResponse":{ + "type":"structure", + "members":{ + "GatewayInstanceArn":{ + "shape":"String", + "documentation":"

    The ARN of the instance.

    ", + "locationName":"gatewayInstanceArn" + }, + "InstanceState":{ + "shape":"InstanceState", + "documentation":"

    The status of the instance.

    ", + "locationName":"instanceState" } } }, - "DescribeBridgeRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to describe." + "DescribeBridgeRequest":{ + "type":"structure", + "required":["BridgeArn"], + "members":{ + "BridgeArn":{ + "shape":"DescribeBridgeRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to describe.

    ", + "location":"uri", + "locationName":"BridgeArn" } - }, - "required": [ - "BridgeArn" - ] + } + }, + "DescribeBridgeRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" }, - "DescribeBridgeResponse": { - "type": "structure", - "members": { - "Bridge": { - "shape": "Bridge", - "locationName": "bridge" + "DescribeBridgeResponse":{ + "type":"structure", + "members":{ + "Bridge":{ + "shape":"Bridge", + "documentation":"

    The bridge that you requested a description of.

    ", + "locationName":"bridge" } } }, - "DescribeFlowRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you want to describe." + "DescribeFlowRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"DescribeFlowRequestFlowArnString", + "documentation":"

    The ARN of the flow that you want to describe.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn" - ] + } + }, + "DescribeFlowRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" }, - "DescribeFlowResponse": { - "type": "structure", - "members": { - "Flow": { - "shape": "Flow", - "locationName": "flow" - }, - "Messages": { - "shape": "Messages", - "locationName": "messages" + "DescribeFlowResponse":{ + "type":"structure", + "members":{ + "Flow":{ + "shape":"Flow", + "documentation":"

    The flow that you requested a description of.

    ", + "locationName":"flow" + }, + "Messages":{ + "shape":"Messages", + "documentation":"

    Any errors that apply currently to the flow. If there are no errors, MediaConnect will not include this field in the response.

    ", + "locationName":"messages" } } }, - "DescribeFlowSourceMetadataRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "location": "uri", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." + "DescribeFlowSourceMetadataRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"FlowArn", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn" - ] + } }, - "DescribeFlowSourceMetadataResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that DescribeFlowSourceMetadata was performed on." - }, - "Messages": { - "shape": "__listOfMessageDetail", - "locationName": "messages", - "documentation": "Provides a status code and message regarding issues found with the flow source metadata." - }, - "Timestamp": { - "shape": "__timestampIso8601", - "locationName": "timestamp", - "documentation": "The timestamp of the most recent change in metadata for this flow’s source." - }, - "TransportMediaInfo": { - "shape": "TransportMediaInfo", - "locationName": "transportMediaInfo" + "DescribeFlowSourceMetadataResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that DescribeFlowSourceMetadata was performed on.

    ", + "locationName":"flowArn" + }, + "Messages":{ + "shape":"__listOfMessageDetail", + "documentation":"

    Provides a status code and message regarding issues found with the flow source metadata.

    ", + "locationName":"messages" + }, + "Timestamp":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp of the most recent change in metadata for this flow’s source.

    ", + "locationName":"timestamp" + }, + "TransportMediaInfo":{ + "shape":"TransportMediaInfo", + "documentation":"

    Information about the flow's transport media.

    ", + "locationName":"transportMediaInfo" } } }, - "DescribeFlowSourceThumbnailRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "location": "uri", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." + "DescribeFlowSourceThumbnailRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"FlowArn", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn" - ] + } }, - "DescribeFlowSourceThumbnailResponse": { - "type": "structure", - "members": { - "ThumbnailDetails": { - "shape": "ThumbnailDetails", - "locationName": "thumbnailDetails" + "DescribeFlowSourceThumbnailResponse":{ + "type":"structure", + "members":{ + "ThumbnailDetails":{ + "shape":"ThumbnailDetails", + "documentation":"

    The details of the thumbnail, including thumbnail base64 string, timecode and the time when thumbnail was generated.

    ", + "locationName":"thumbnailDetails" } } }, - "DescribeGatewayInstanceRequest": { - "type": "structure", - "members": { - "GatewayInstanceArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:gateway:.+:instance:.+$", - "location": "uri", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway instance that you want to describe." + "DescribeGatewayInstanceRequest":{ + "type":"structure", + "required":["GatewayInstanceArn"], + "members":{ + "GatewayInstanceArn":{ + "shape":"DescribeGatewayInstanceRequestGatewayInstanceArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway instance that you want to describe.

    ", + "location":"uri", + "locationName":"GatewayInstanceArn" } - }, - "required": [ - "GatewayInstanceArn" - ] + } }, - "DescribeGatewayInstanceResponse": { - "type": "structure", - "members": { - "GatewayInstance": { - "shape": "GatewayInstance", - "locationName": "gatewayInstance" + "DescribeGatewayInstanceRequestGatewayInstanceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+:instance:.+" + }, + "DescribeGatewayInstanceResponse":{ + "type":"structure", + "members":{ + "GatewayInstance":{ + "shape":"GatewayInstance", + "documentation":"

    The gateway instance that you requested a description of.

    ", + "locationName":"gatewayInstance" } } }, - "DescribeGatewayRequest": { - "type": "structure", - "members": { - "GatewayArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:gateway:.+$", - "location": "uri", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway that you want to describe." + "DescribeGatewayRequest":{ + "type":"structure", + "required":["GatewayArn"], + "members":{ + "GatewayArn":{ + "shape":"DescribeGatewayRequestGatewayArnString", + "documentation":"

    The ARN of the gateway that you want to describe.

    ", + "location":"uri", + "locationName":"GatewayArn" } - }, - "required": [ - "GatewayArn" - ] + } + }, + "DescribeGatewayRequestGatewayArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+" }, - "DescribeGatewayResponse": { - "type": "structure", - "members": { - "Gateway": { - "shape": "Gateway", - "locationName": "gateway" + "DescribeGatewayResponse":{ + "type":"structure", + "members":{ + "Gateway":{ + "shape":"Gateway", + "documentation":"

    The gateway that you wanted to describe.

    ", + "locationName":"gateway" } } }, - "DescribeOfferingRequest": { - "type": "structure", - "members": { - "OfferingArn": { - "shape": "__string", - "location": "uri", - "locationName": "offeringArn", - "documentation": "The Amazon Resource Name (ARN) of the offering." + "DescribeOfferingRequest":{ + "type":"structure", + "required":["OfferingArn"], + "members":{ + "OfferingArn":{ + "shape":"OfferingArn", + "documentation":"

    The ARN of the offering.

    ", + "location":"uri", + "locationName":"OfferingArn" } - }, - "required": [ - "OfferingArn" - ] + } }, - "DescribeOfferingResponse": { - "type": "structure", - "members": { - "Offering": { - "shape": "Offering", - "locationName": "offering" + "DescribeOfferingResponse":{ + "type":"structure", + "members":{ + "Offering":{ + "shape":"Offering", + "documentation":"

    The offering that you requested a description of.

    ", + "locationName":"offering" } } }, - "DescribeReservationRequest": { - "type": "structure", - "members": { - "ReservationArn": { - "shape": "__string", - "location": "uri", - "locationName": "reservationArn", - "documentation": "The Amazon Resource Name (ARN) of the reservation." + "DescribeReservationRequest":{ + "type":"structure", + "required":["ReservationArn"], + "members":{ + "ReservationArn":{ + "shape":"ReservationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the offering.

    ", + "location":"uri", + "locationName":"ReservationArn" } - }, - "required": [ - "ReservationArn" - ] + } }, - "DescribeReservationResponse": { - "type": "structure", - "members": { - "Reservation": { - "shape": "Reservation", - "locationName": "reservation" + "DescribeReservationResponse":{ + "type":"structure", + "members":{ + "Reservation":{ + "shape":"Reservation", + "documentation":"

    A pricing agreement for a discounted rate for a specific outbound bandwidth that your MediaConnect account will use each month over a specific time period. The discounted rate in the reservation applies to outbound bandwidth for all flows from your account until your account reaches the amount of bandwidth in your reservation. If you use more outbound bandwidth than the agreed upon amount in a single month, the overage is charged at the on-demand rate.

    ", + "locationName":"reservation" } } }, - "DesiredState": { - "type": "string", - "enum": [ + "DesiredState":{ + "type":"string", + "enum":[ "ACTIVE", "STANDBY", "DELETED" ] }, - "DestinationConfiguration": { - "type": "structure", - "members": { - "DestinationIp": { - "shape": "__string", - "locationName": "destinationIp", - "documentation": "The IP address where contents of the media stream will be sent." - }, - "DestinationPort": { - "shape": "__integer", - "locationName": "destinationPort", - "documentation": "The port to use when the content of the media stream is distributed to the output." - }, - "Interface": { - "shape": "Interface", - "locationName": "interface", - "documentation": "The VPC interface that is used for the media stream associated with the output." - }, - "OutboundIp": { - "shape": "__string", - "locationName": "outboundIp", - "documentation": "The IP address that the receiver requires in order to establish a connection with the flow. This value is represented by the elastic network interface IP address of the VPC. This field applies only to outputs that use the CDI or ST 2110 JPEG XS protocol." - } - }, - "documentation": "The transport parameters that are associated with an outbound media stream.", - "required": [ + "DestinationConfiguration":{ + "type":"structure", + "required":[ "DestinationIp", "DestinationPort", "Interface", "OutboundIp" - ] - }, - "DestinationConfigurationRequest": { - "type": "structure", - "members": { - "DestinationIp": { - "shape": "__string", - "locationName": "destinationIp", - "documentation": "The IP address where you want MediaConnect to send contents of the media stream." - }, - "DestinationPort": { - "shape": "__integer", - "locationName": "destinationPort", - "documentation": "The port that you want MediaConnect to use when it distributes the media stream to the output." - }, - "Interface": { - "shape": "InterfaceRequest", - "locationName": "interface", - "documentation": "The VPC interface that you want to use for the media stream associated with the output." - } - }, - "documentation": "The transport parameters that you want to associate with an outbound media stream.", - "required": [ + ], + "members":{ + "DestinationIp":{ + "shape":"String", + "documentation":"

    The IP address where you want MediaConnect to send contents of the media stream.

    ", + "locationName":"destinationIp" + }, + "DestinationPort":{ + "shape":"Integer", + "documentation":"

    The port that you want MediaConnect to use when it distributes the media stream to the output.

    ", + "locationName":"destinationPort" + }, + "Interface":{ + "shape":"Interface", + "documentation":"

    The VPC interface that you want to use for the media stream associated with the output.

    ", + "locationName":"interface" + }, + "OutboundIp":{ + "shape":"String", + "documentation":"

    The IP address that the receiver requires in order to establish a connection with the flow. This value is represented by the elastic network interface IP address of the VPC. This field applies only to outputs that use the CDI or ST 2110 JPEG XS or protocol.

    ", + "locationName":"outboundIp" + } + }, + "documentation":"

    The transport parameters that you want to associate with an outbound media stream.

    " + }, + "DestinationConfigurationRequest":{ + "type":"structure", + "required":[ "DestinationIp", "DestinationPort", "Interface" - ] - }, - "DurationUnits": { - "type": "string", - "enum": [ - "MONTHS" - ] - }, - "EgressGatewayBridge": { - "type": "structure", - "members": { - "InstanceId": { - "shape": "__string", - "locationName": "instanceId", - "documentation": "The ID of the instance running this bridge." - }, - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The maximum expected bitrate (in bps) of the egress bridge." - } - }, - "required": [ - "MaxBitrate" - ] - }, - "EncoderProfile": { - "type": "string", - "enum": [ + ], + "members":{ + "DestinationIp":{ + "shape":"String", + "documentation":"

    The IP address where you want MediaConnect to send contents of the media stream.

    ", + "locationName":"destinationIp" + }, + "DestinationPort":{ + "shape":"Integer", + "documentation":"

    The port that you want MediaConnect to use when it distributes the media stream to the output.

    ", + "locationName":"destinationPort" + }, + "Interface":{ + "shape":"InterfaceRequest", + "documentation":"

    The VPC interface that you want to use for the media stream associated with the output.

    ", + "locationName":"interface" + } + }, + "documentation":"

    The definition of a media stream that you want to associate with the output.

    " + }, + "Double":{ + "type":"double", + "box":true + }, + "DurationUnits":{ + "type":"string", + "enum":["MONTHS"] + }, + "EgressGatewayBridge":{ + "type":"structure", + "required":["MaxBitrate"], + "members":{ + "InstanceId":{ + "shape":"String", + "documentation":"

    The ID of the instance running this bridge.

    ", + "locationName":"instanceId" + }, + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps) of the egress bridge.

    ", + "locationName":"maxBitrate" + } + }, + "documentation":"

    Create a bridge with the egress bridge type. An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.

    " + }, + "EncoderProfile":{ + "type":"string", + "enum":[ "main", "high" ] }, - "EncodingName": { - "type": "string", - "enum": [ + "EncodingName":{ + "type":"string", + "enum":[ "jxsv", "raw", "smpte291", "pcm" ] }, - "EncodingParameters": { - "type": "structure", - "members": { - "CompressionFactor": { - "shape": "__double", - "locationName": "compressionFactor", - "documentation": "A value that is used to calculate compression for an output. The bitrate of the output is calculated as follows: Output bitrate = (1 / compressionFactor) * (source bitrate) This property only applies to outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol. Valid values are floating point numbers in the range of 3.0 to 10.0, inclusive." - }, - "EncoderProfile": { - "shape": "EncoderProfile", - "locationName": "encoderProfile", - "documentation": "A setting on the encoder that drives compression settings. This property only applies to video media streams associated with outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol." - } - }, - "documentation": "A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.", - "required": [ - "EncoderProfile", - "CompressionFactor" - ] - }, - "EncodingParametersRequest": { - "type": "structure", - "members": { - "CompressionFactor": { - "shape": "__double", - "locationName": "compressionFactor", - "documentation": "A value that is used to calculate compression for an output. The bitrate of the output is calculated as follows: Output bitrate = (1 / compressionFactor) * (source bitrate) This property only applies to outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol. Valid values are floating point numbers in the range of 3.0 to 10.0, inclusive." - }, - "EncoderProfile": { - "shape": "EncoderProfile", - "locationName": "encoderProfile", - "documentation": "A setting on the encoder that drives compression settings. This property only applies to video media streams associated with outputs that use the ST 2110 JPEG XS protocol, if at least one source on the flow uses the CDI protocol." - } - }, - "documentation": "A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.", - "required": [ - "EncoderProfile", - "CompressionFactor" - ] - }, - "Encryption": { - "type": "structure", - "members": { - "Algorithm": { - "shape": "Algorithm", - "locationName": "algorithm", - "documentation": "The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256)." - }, - "ConstantInitializationVector": { - "shape": "__string", - "locationName": "constantInitializationVector", - "documentation": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption." - }, - "DeviceId": { - "shape": "__string", - "locationName": "deviceId", - "documentation": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "KeyType": { - "shape": "KeyType", - "locationName": "keyType", - "documentation": "The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key)." - }, - "Region": { - "shape": "__string", - "locationName": "region", - "documentation": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "ResourceId": { - "shape": "__string", - "locationName": "resourceId", - "documentation": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "RoleArn": { - "shape": "__string", - "locationName": "roleArn", - "documentation": "The ARN of the role that you created during setup (when you set up AWS Elemental MediaConnect as a trusted entity)." - }, - "SecretArn": { - "shape": "__string", - "locationName": "secretArn", - "documentation": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption." - }, - "Url": { - "shape": "__string", - "locationName": "url", - "documentation": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption." - } - }, - "documentation": "Information about the encryption of the flow.", - "required": [ - "RoleArn" - ] - }, - "Entitlement": { - "type": "structure", - "members": { - "DataTransferSubscriberFeePercent": { - "shape": "__integer", - "locationName": "dataTransferSubscriberFeePercent", - "documentation": "Percentage from 0-100 of the data transfer cost to be billed to the subscriber." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the entitlement." - }, - "Encryption": { - "shape": "Encryption", - "locationName": "encryption", - "documentation": "The type of encryption that will be used on the output that is associated with this entitlement." - }, - "EntitlementArn": { - "shape": "__string", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement." - }, - "EntitlementStatus": { - "shape": "EntitlementStatus", - "locationName": "entitlementStatus", - "documentation": "An indication of whether the entitlement is enabled." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the entitlement." - }, - "Subscribers": { - "shape": "__listOf__string", - "locationName": "subscribers", - "documentation": "The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flow using your content as the source." - } - }, - "documentation": "The settings for a flow entitlement.", - "required": [ + "EncodingParameters":{ + "type":"structure", + "required":[ + "CompressionFactor", + "EncoderProfile" + ], + "members":{ + "CompressionFactor":{ + "shape":"Double", + "documentation":"

    A value that is used to calculate compression for an output. The bitrate of the output is calculated as follows: Output bitrate = (1 / compressionFactor) * (source bitrate) This property only applies to outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol. Valid values are floating point numbers in the range of 3.0 to 10.0, inclusive.

    ", + "locationName":"compressionFactor" + }, + "EncoderProfile":{ + "shape":"EncoderProfile", + "documentation":"

    A setting on the encoder that drives compression settings. This property only applies to video media streams associated with outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol.

    ", + "locationName":"encoderProfile" + } + }, + "documentation":"

    A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.

    " + }, + "EncodingParametersRequest":{ + "type":"structure", + "required":[ + "CompressionFactor", + "EncoderProfile" + ], + "members":{ + "CompressionFactor":{ + "shape":"Double", + "documentation":"

    A value that is used to calculate compression for an output. The bitrate of the output is calculated as follows: Output bitrate = (1 / compressionFactor) * (source bitrate) This property only applies to outputs that use the ST 2110 JPEG XS protocol, with a flow source that uses the CDI protocol. Valid values are floating point numbers in the range of 3.0 to 10.0, inclusive.

    ", + "locationName":"compressionFactor" + }, + "EncoderProfile":{ + "shape":"EncoderProfile", + "documentation":"

    A setting on the encoder that drives compression settings. This property only applies to video media streams associated with outputs that use the ST 2110 JPEG XS protocol, if at least one source on the flow uses the CDI protocol.

    ", + "locationName":"encoderProfile" + } + }, + "documentation":"

    A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.

    " + }, + "Encryption":{ + "type":"structure", + "required":["RoleArn"], + "members":{ + "Algorithm":{ + "shape":"Algorithm", + "documentation":"

    The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256).

    ", + "locationName":"algorithm" + }, + "ConstantInitializationVector":{ + "shape":"String", + "documentation":"

    A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.

    ", + "locationName":"constantInitializationVector" + }, + "DeviceId":{ + "shape":"String", + "documentation":"

    The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"deviceId" + }, + "KeyType":{ + "shape":"KeyType", + "documentation":"

    The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key).

    ", + "locationName":"keyType" + }, + "Region":{ + "shape":"String", + "documentation":"

    The Amazon Web Services Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"region" + }, + "ResourceId":{ + "shape":"String", + "documentation":"

    An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"resourceId" + }, + "RoleArn":{ + "shape":"String", + "documentation":"

    The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).

    ", + "locationName":"roleArn" + }, + "SecretArn":{ + "shape":"String", + "documentation":"

    The ARN of the secret that you created in Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.

    ", + "locationName":"secretArn" + }, + "Url":{ + "shape":"String", + "documentation":"

    The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"url" + } + }, + "documentation":"

    Information about the encryption of the flow.

    " + }, + "Entitlement":{ + "type":"structure", + "required":[ "EntitlementArn", - "Subscribers", - "Name" - ] - }, - "EntitlementStatus": { - "type": "string", - "enum": [ + "Name", + "Subscribers" + ], + "members":{ + "DataTransferSubscriberFeePercent":{ + "shape":"Integer", + "documentation":"

    Percentage from 0-100 of the data transfer cost to be billed to the subscriber.

    ", + "locationName":"dataTransferSubscriberFeePercent" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the entitlement.

    ", + "locationName":"description" + }, + "Encryption":{ + "shape":"Encryption", + "documentation":"

    The type of encryption that will be used on the output that is associated with this entitlement.

    ", + "locationName":"encryption" + }, + "EntitlementArn":{ + "shape":"String", + "documentation":"

    The ARN of the entitlement.

    ", + "locationName":"entitlementArn" + }, + "EntitlementStatus":{ + "shape":"EntitlementStatus", + "documentation":"

    An indication of whether the entitlement is enabled.

    ", + "locationName":"entitlementStatus" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the entitlement.

    ", + "locationName":"name" + }, + "Subscribers":{ + "shape":"__listOfString", + "documentation":"

    The Amazon Web Services account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flow using your content as the source.

    ", + "locationName":"subscribers" + } + }, + "documentation":"

    The settings for a flow entitlement.

    " + }, + "EntitlementStatus":{ + "type":"string", + "enum":[ "ENABLED", "DISABLED" ] }, - "FailoverConfig": { - "type": "structure", - "members": { - "FailoverMode": { - "shape": "FailoverMode", - "locationName": "failoverMode", - "documentation": "The type of failover you choose for this flow. MERGE combines the source streams into a single stream, allowing graceful recovery from any single-source loss. FAILOVER allows switching between different streams." - }, - "RecoveryWindow": { - "shape": "__integer", - "locationName": "recoveryWindow", - "documentation": "Search window time to look for dash-7 packets" - }, - "SourcePriority": { - "shape": "SourcePriority", - "locationName": "sourcePriority", - "documentation": "The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams." - }, - "State": { - "shape": "State", - "locationName": "state" - } - }, - "documentation": "The settings for source failover." - }, - "FailoverMode": { - "type": "string", - "enum": [ + "FailoverConfig":{ + "type":"structure", + "members":{ + "FailoverMode":{ + "shape":"FailoverMode", + "documentation":"

    The type of failover you choose for this flow. MERGE combines the source streams into a single stream, allowing graceful recovery from any single-source loss. FAILOVER allows switching between different streams.

    ", + "locationName":"failoverMode" + }, + "RecoveryWindow":{ + "shape":"Integer", + "documentation":"

    Search window time to look for dash-7 packets.

    ", + "locationName":"recoveryWindow" + }, + "SourcePriority":{ + "shape":"SourcePriority", + "documentation":"

    The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams.

    ", + "locationName":"sourcePriority" + }, + "State":{ + "shape":"State", + "documentation":"

    The state of source failover on the flow. If the state is inactive, the flow can have only one source. If the state is active, the flow can have one or two sources.

    ", + "locationName":"state" + } + }, + "documentation":"

    The settings for source failover.

    " + }, + "FailoverMode":{ + "type":"string", + "enum":[ "MERGE", "FAILOVER" ] }, - "Flow": { - "type": "structure", - "members": { - "AvailabilityZone": { - "shape": "__string", - "locationName": "availabilityZone", - "documentation": "The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current AWS." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the flow. This value is not used or seen outside of the current AWS Elemental MediaConnect account." - }, - "EgressIp": { - "shape": "__string", - "locationName": "egressIp", - "documentation": "The IP address from which video will be sent to output destinations." - }, - "Entitlements": { - "shape": "__listOfEntitlement", - "locationName": "entitlements", - "documentation": "The entitlements in this flow." - }, - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." - }, - "MediaStreams": { - "shape": "__listOfMediaStream", - "locationName": "mediaStreams", - "documentation": "The media streams that are associated with the flow. After you associate a media stream with a source, you can also associate it with outputs on the flow." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the flow." - }, - "Outputs": { - "shape": "__listOfOutput", - "locationName": "outputs", - "documentation": "The outputs in this flow." - }, - "Source": { - "shape": "Source", - "locationName": "source" - }, - "SourceFailoverConfig": { - "shape": "FailoverConfig", - "locationName": "sourceFailoverConfig" - }, - "Sources": { - "shape": "__listOfSource", - "locationName": "sources" - }, - "Status": { - "shape": "Status", - "locationName": "status", - "documentation": "The current status of the flow." - }, - "VpcInterfaces": { - "shape": "__listOfVpcInterface", - "locationName": "vpcInterfaces", - "documentation": "The VPC Interfaces for this flow." - }, - "Maintenance": { - "shape": "Maintenance", - "locationName": "maintenance" - }, - "SourceMonitoringConfig": { - "shape": "MonitoringConfig", - "locationName": "sourceMonitoringConfig" - } - }, - "documentation": "The settings for a flow, including its source, outputs, and entitlements.", - "required": [ - "Status", + "Flow":{ + "type":"structure", + "required":[ "AvailabilityZone", - "Source", - "Name", "Entitlements", + "FlowArn", + "Name", "Outputs", - "FlowArn" - ] - }, - "Fmtp": { - "type": "structure", - "members": { - "ChannelOrder": { - "shape": "__string", - "locationName": "channelOrder", - "documentation": "The format of the audio channel." - }, - "Colorimetry": { - "shape": "Colorimetry", - "locationName": "colorimetry", - "documentation": "The format that is used for the representation of color." - }, - "ExactFramerate": { - "shape": "__string", - "locationName": "exactFramerate", - "documentation": "The frame rate for the video stream, in frames/second. For example: 60000/1001. If you specify a whole number, MediaConnect uses a ratio of N/1. For example, if you specify 60, MediaConnect uses 60/1 as the exactFramerate." - }, - "Par": { - "shape": "__string", - "locationName": "par", - "documentation": "The pixel aspect ratio (PAR) of the video." - }, - "Range": { - "shape": "Range", - "locationName": "range", - "documentation": "The encoding range of the video." - }, - "ScanMode": { - "shape": "ScanMode", - "locationName": "scanMode", - "documentation": "The type of compression that was used to smooth the video’s appearance" - }, - "Tcs": { - "shape": "Tcs", - "locationName": "tcs", - "documentation": "The transfer characteristic system (TCS) that is used in the video." - } - }, - "documentation": "FMTP" - }, - "FmtpRequest": { - "type": "structure", - "members": { - "ChannelOrder": { - "shape": "__string", - "locationName": "channelOrder", - "documentation": "The format of the audio channel." - }, - "Colorimetry": { - "shape": "Colorimetry", - "locationName": "colorimetry", - "documentation": "The format that is used for the representation of color." - }, - "ExactFramerate": { - "shape": "__string", - "locationName": "exactFramerate", - "documentation": "The frame rate for the video stream, in frames/second. For example: 60000/1001. If you specify a whole number, MediaConnect uses a ratio of N/1. For example, if you specify 60, MediaConnect uses 60/1 as the exactFramerate." - }, - "Par": { - "shape": "__string", - "locationName": "par", - "documentation": "The pixel aspect ratio (PAR) of the video." - }, - "Range": { - "shape": "Range", - "locationName": "range", - "documentation": "The encoding range of the video." - }, - "ScanMode": { - "shape": "ScanMode", - "locationName": "scanMode", - "documentation": "The type of compression that was used to smooth the video’s appearance." - }, - "Tcs": { - "shape": "Tcs", - "locationName": "tcs", - "documentation": "The transfer characteristic system (TCS) that is used in the video." - } - }, - "documentation": "The settings that you want to use to define the media stream." - }, - "ForbiddenException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" + "Source", + "Status" ], - "exception": true, - "error": { - "httpStatusCode": 403 - } - }, - "FrameResolution": { - "type": "structure", - "members": { - "FrameHeight": { - "shape": "__integer", - "locationName": "frameHeight", - "documentation": "The number of pixels in the height of the video frame." - }, - "FrameWidth": { - "shape": "__integer", - "locationName": "frameWidth", - "documentation": "The number of pixels in the width of the video frame." - } - }, - "documentation": "The frame resolution used by the video stream.", - "required": [ - "FrameWidth", - "FrameHeight" - ] - }, - "FrozenFrames": { - "type": "structure", - "members": { - "State": { - "shape": "State", - "locationName": "state", - "documentation": "Indicates whether the FrozenFrames metric is enabled or disabled." - }, - "ThresholdSeconds": { - "shape": "__integer", - "locationName": "thresholdSeconds", - "documentation": "Specifies the number of consecutive seconds of a static image that triggers an event or alert." - } - }, - "documentation": "Configures settings for the FrozenFrames metric." - }, - "Gateway": { - "type": "structure", - "members": { - "EgressCidrBlocks": { - "shape": "__listOf__string", - "locationName": "egressCidrBlocks", - "documentation": "The range of IP addresses that contribute content or initiate output requests for flows communicating with this gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "GatewayArn": { - "shape": "__string", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway." - }, - "GatewayMessages": { - "shape": "__listOfMessageDetail", - "locationName": "gatewayMessages" - }, - "GatewayState": { - "shape": "GatewayState", - "locationName": "gatewayState", - "documentation": "The current status of the gateway." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the gateway. This name can not be modified after the gateway is created." - }, - "Networks": { - "shape": "__listOfGatewayNetwork", - "locationName": "networks", - "documentation": "The list of networks in the gateway." - } - }, - "documentation": "The settings for a gateway, including its networks.", - "required": [ - "GatewayArn", - "Networks", + "members":{ + "AvailabilityZone":{ + "shape":"String", + "documentation":"

    The Availability Zone that you want to create the flow in. These options are limited to the Availability Zones within the current Amazon Web Services Region.

    ", + "locationName":"availabilityZone" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the flow. This value is not used or seen outside of the current MediaConnect account.

    ", + "locationName":"description" + }, + "EgressIp":{ + "shape":"String", + "documentation":"

    The IP address from which video will be sent to output destinations.

    ", + "locationName":"egressIp" + }, + "Entitlements":{ + "shape":"__listOfEntitlement", + "documentation":"

    The entitlements in this flow.

    ", + "locationName":"entitlements" + }, + "FlowArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    ", + "locationName":"flowArn" + }, + "MediaStreams":{ + "shape":"__listOfMediaStream", + "documentation":"

    The media streams that are associated with the flow. After you associate a media stream with a source, you can also associate it with outputs on the flow.

    ", + "locationName":"mediaStreams" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the flow.

    ", + "locationName":"name" + }, + "Outputs":{ + "shape":"__listOfOutput", + "documentation":"

    The outputs in this flow.

    ", + "locationName":"outputs" + }, + "Source":{ + "shape":"Source", + "documentation":"

    The source for the flow.

    ", + "locationName":"source" + }, + "SourceFailoverConfig":{ + "shape":"FailoverConfig", + "documentation":"

    The settings for the source failover.

    ", + "locationName":"sourceFailoverConfig" + }, + "Sources":{ + "shape":"__listOfSource", + "documentation":"

    The settings for the sources that are assigned to the flow.

    ", + "locationName":"sources" + }, + "Status":{ + "shape":"Status", + "documentation":"

    The current status of the flow.

    ", + "locationName":"status" + }, + "VpcInterfaces":{ + "shape":"__listOfVpcInterface", + "documentation":"

    The VPC Interfaces for this flow.

    ", + "locationName":"vpcInterfaces" + }, + "Maintenance":{ + "shape":"Maintenance", + "documentation":"

    The maintenance settings for the flow.

    ", + "locationName":"maintenance" + }, + "SourceMonitoringConfig":{ + "shape":"MonitoringConfig", + "documentation":"

    The settings for source monitoring.

    ", + "locationName":"sourceMonitoringConfig" + }, + "FlowSize":{ + "shape":"FlowSize", + "documentation":"

    Determines the processing capacity and feature set of the flow. Set this optional parameter to LARGE if you want to enable NDI outputs on the flow.

    ", + "locationName":"flowSize" + }, + "NdiConfig":{ + "shape":"NdiConfig", + "documentation":"

    Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs.

    ", + "locationName":"ndiConfig" + } + }, + "documentation":"

    The settings for a flow, including its source, outputs, and entitlements.

    " + }, + "FlowArn":{"type":"string"}, + "FlowSize":{ + "type":"string", + "enum":[ + "MEDIUM", + "LARGE" + ] + }, + "Fmtp":{ + "type":"structure", + "members":{ + "ChannelOrder":{ + "shape":"String", + "documentation":"

    The format of the audio channel.

    ", + "locationName":"channelOrder" + }, + "Colorimetry":{ + "shape":"Colorimetry", + "documentation":"

    The format used for the representation of color.

    ", + "locationName":"colorimetry" + }, + "ExactFramerate":{ + "shape":"String", + "documentation":"

    The frame rate for the video stream, in frames/second. For example: 60000/1001.

    ", + "locationName":"exactFramerate" + }, + "Par":{ + "shape":"String", + "documentation":"

    The pixel aspect ratio (PAR) of the video.

    ", + "locationName":"par" + }, + "Range":{ + "shape":"Range", + "documentation":"

    The encoding range of the video.

    ", + "locationName":"range" + }, + "ScanMode":{ + "shape":"ScanMode", + "documentation":"

    The type of compression that was used to smooth the video’s appearance.

    ", + "locationName":"scanMode" + }, + "Tcs":{ + "shape":"Tcs", + "documentation":"

    The transfer characteristic system (TCS) that is used in the video.

    ", + "locationName":"tcs" + } + }, + "documentation":"

    A set of parameters that define the media stream.

    " + }, + "FmtpRequest":{ + "type":"structure", + "members":{ + "ChannelOrder":{ + "shape":"String", + "documentation":"

    The format of the audio channel.

    ", + "locationName":"channelOrder" + }, + "Colorimetry":{ + "shape":"Colorimetry", + "documentation":"

    The format that is used for the representation of color.

    ", + "locationName":"colorimetry" + }, + "ExactFramerate":{ + "shape":"String", + "documentation":"

    The frame rate for the video stream, in frames/second. For example: 60000/1001. If you specify a whole number, MediaConnect uses a ratio of N/1. For example, if you specify 60, MediaConnect uses 60/1 as the exactFramerate.

    ", + "locationName":"exactFramerate" + }, + "Par":{ + "shape":"String", + "documentation":"

    The pixel aspect ratio (PAR) of the video.

    ", + "locationName":"par" + }, + "Range":{ + "shape":"Range", + "documentation":"

    The encoding range of the video.

    ", + "locationName":"range" + }, + "ScanMode":{ + "shape":"ScanMode", + "documentation":"

    The type of compression that was used to smooth the video’s appearance.

    ", + "locationName":"scanMode" + }, + "Tcs":{ + "shape":"Tcs", + "documentation":"

    The transfer characteristic system (TCS) that is used in the video.

    ", + "locationName":"tcs" + } + }, + "documentation":"

    The settings that you want to use to define the media stream.

    " + }, + "ForbiddenException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    You do not have sufficient access to perform this action.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "FrameResolution":{ + "type":"structure", + "required":[ + "FrameHeight", + "FrameWidth" + ], + "members":{ + "FrameHeight":{ + "shape":"Integer", + "documentation":"

    The number of pixels in the height of the video frame.

    ", + "locationName":"frameHeight" + }, + "FrameWidth":{ + "shape":"Integer", + "documentation":"

    The number of pixels in the width of the video frame.

    ", + "locationName":"frameWidth" + } + }, + "documentation":"

    The frame resolution used by the video stream.

    " + }, + "FrozenFrames":{ + "type":"structure", + "members":{ + "State":{ + "shape":"State", + "documentation":"

    Indicates whether the FrozenFrames metric is enabled or disabled.

    ", + "locationName":"state" + }, + "ThresholdSeconds":{ + "shape":"Integer", + "documentation":"

    Specifies the number of consecutive seconds of a static image that triggers an event or alert.

    ", + "locationName":"thresholdSeconds" + } + }, + "documentation":"

    Configures settings for the FrozenFrames metric.

    " + }, + "Gateway":{ + "type":"structure", + "required":[ "EgressCidrBlocks", - "Name" - ] - }, - "GatewayBridgeSource": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge feeding this flow." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this bridge source." - } - }, - "documentation": "The source configuration for cloud flows receiving a stream from a bridge.", - "required": [ - "BridgeArn" - ] - }, - "GatewayInstance": { - "type": "structure", - "members": { - "BridgePlacement": { - "shape": "BridgePlacement", - "locationName": "bridgePlacement", - "documentation": "The availability of the instance to host new bridges. The bridgePlacement property can be LOCKED or AVAILABLE. If it is LOCKED, no new bridges can be deployed to this instance. If it is AVAILABLE, new bridges can be added to this instance." - }, - "ConnectionStatus": { - "shape": "ConnectionStatus", - "locationName": "connectionStatus", - "documentation": "The connection state of the instance." - }, - "GatewayArn": { - "shape": "__string", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the instance." - }, - "GatewayInstanceArn": { - "shape": "__string", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway." - }, - "InstanceId": { - "shape": "__string", - "locationName": "instanceId", - "documentation": "The managed instance ID generated by the SSM install. This will begin with \"mi-\"." - }, - "InstanceMessages": { - "shape": "__listOfMessageDetail", - "locationName": "instanceMessages" - }, - "InstanceState": { - "shape": "InstanceState", - "locationName": "instanceState", - "documentation": "The status of the instance." - }, - "RunningBridgeCount": { - "shape": "__integer", - "locationName": "runningBridgeCount", - "documentation": "The running bridge count." - } - }, - "documentation": "The settings for an instance in a gateway.", - "required": [ "GatewayArn", - "InstanceState", + "Name", + "Networks" + ], + "members":{ + "EgressCidrBlocks":{ + "shape":"__listOfString", + "documentation":"

    The range of IP addresses that contribute content or initiate output requests for flows communicating with this gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"egressCidrBlocks" + }, + "GatewayArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway.

    ", + "locationName":"gatewayArn" + }, + "GatewayMessages":{ + "shape":"__listOfMessageDetail", + "documentation":"

    Messages with information about the gateway.

    ", + "locationName":"gatewayMessages" + }, + "GatewayState":{ + "shape":"GatewayState", + "documentation":"

    The current status of the gateway.

    ", + "locationName":"gatewayState" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the gateway. This name can not be modified after the gateway is created.

    ", + "locationName":"name" + }, + "Networks":{ + "shape":"__listOfGatewayNetwork", + "documentation":"

    The list of networks in the gateway.

    ", + "locationName":"networks" + } + }, + "documentation":"

    The settings for a gateway, including its networks.

    " + }, + "GatewayBridgeSource":{ + "type":"structure", + "required":["BridgeArn"], + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge feeding this flow.

    ", + "locationName":"bridgeArn" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this bridge source.

    ", + "locationName":"vpcInterfaceAttachment" + } + }, + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    " + }, + "GatewayInstance":{ + "type":"structure", + "required":[ + "BridgePlacement", + "ConnectionStatus", + "GatewayArn", "GatewayInstanceArn", "InstanceId", - "RunningBridgeCount", - "BridgePlacement", - "ConnectionStatus" - ] - }, - "GatewayNetwork": { - "type": "structure", - "members": { - "CidrBlock": { - "shape": "__string", - "locationName": "cidrBlock", - "documentation": "A unique IP address range to use for this network. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the network. This name is used to reference the network and must be unique among networks in this gateway." - } - }, - "documentation": "The network settings for a gateway.", - "required": [ + "InstanceState", + "RunningBridgeCount" + ], + "members":{ + "BridgePlacement":{ + "shape":"BridgePlacement", + "documentation":"

    The availability of the instance to host new bridges. The bridgePlacement property can be LOCKED or AVAILABLE. If it is LOCKED, no new bridges can be deployed to this instance. If it is AVAILABLE, new bridges can be deployed to this instance.

    ", + "locationName":"bridgePlacement" + }, + "ConnectionStatus":{ + "shape":"ConnectionStatus", + "documentation":"

    The connection state of the instance.

    ", + "locationName":"connectionStatus" + }, + "GatewayArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the instance.

    ", + "locationName":"gatewayArn" + }, + "GatewayInstanceArn":{ + "shape":"String", + "documentation":"

    The ARN of the gateway.

    ", + "locationName":"gatewayInstanceArn" + }, + "InstanceId":{ + "shape":"String", + "documentation":"

    The instance ID generated by the SSM install. This will begin with \"mi-\".

    ", + "locationName":"instanceId" + }, + "InstanceMessages":{ + "shape":"__listOfMessageDetail", + "documentation":"

    Messages with information about the gateway.

    ", + "locationName":"instanceMessages" + }, + "InstanceState":{ + "shape":"InstanceState", + "documentation":"

    The status of the instance.

    ", + "locationName":"instanceState" + }, + "RunningBridgeCount":{ + "shape":"Integer", + "documentation":"

    The running bridge count.

    ", + "locationName":"runningBridgeCount" + } + }, + "documentation":"

    The settings for an instance in a gateway.

    " + }, + "GatewayNetwork":{ + "type":"structure", + "required":[ "CidrBlock", "Name" - ] - }, - "GatewayState": { - "type": "string", - "enum": [ + ], + "members":{ + "CidrBlock":{ + "shape":"String", + "documentation":"

    A unique IP address range to use for this network. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"cidrBlock" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the network. This name is used to reference the network and must be unique among networks in this gateway.

    ", + "locationName":"name" + } + }, + "documentation":"

    The network settings for a gateway.

    " + }, + "GatewayState":{ + "type":"string", + "enum":[ "CREATING", "ACTIVE", "UPDATING", @@ -4277,173 +3217,177 @@ "DELETED" ] }, - "GrantEntitlementRequest": { - "type": "structure", - "members": { - "DataTransferSubscriberFeePercent": { - "shape": "__integer", - "locationName": "dataTransferSubscriberFeePercent", - "documentation": "Percentage from 0-100 of the data transfer cost to be billed to the subscriber." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the entitlement. This description appears only on the AWS Elemental MediaConnect console and will not be seen by the subscriber or end user." - }, - "Encryption": { - "shape": "Encryption", - "locationName": "encryption", - "documentation": "The type of encryption that will be used on the output that is associated with this entitlement. Allowable encryption types: static-key, speke." - }, - "EntitlementStatus": { - "shape": "EntitlementStatus", - "locationName": "entitlementStatus", - "documentation": "An indication of whether the new entitlement should be enabled or disabled as soon as it is created. If you don’t specify the entitlementStatus field in your request, MediaConnect sets it to ENABLED." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the entitlement. This value must be unique within the current flow." - }, - "Subscribers": { - "shape": "__listOf__string", - "locationName": "subscribers", - "documentation": "The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flows using your content as the source." - } - }, - "documentation": "The entitlements that you want to grant on a flow.", - "required": [ - "Subscribers" - ] - }, - "GrantFlowEntitlements420Exception": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" + "GrantEntitlementRequest":{ + "type":"structure", + "required":["Subscribers"], + "members":{ + "DataTransferSubscriberFeePercent":{ + "shape":"Integer", + "documentation":"

    Percentage from 0-100 of the data transfer cost to be billed to the subscriber.

    ", + "locationName":"dataTransferSubscriberFeePercent" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the entitlement. This description appears only on the MediaConnect console and will not be seen by the subscriber or end user.

    ", + "locationName":"description" + }, + "Encryption":{ + "shape":"Encryption", + "documentation":"

    The type of encryption that will be used on the output that is associated with this entitlement. Allowable encryption types: static-key, speke.

    ", + "locationName":"encryption" + }, + "EntitlementStatus":{ + "shape":"EntitlementStatus", + "documentation":"

    An indication of whether the new entitlement should be enabled or disabled as soon as it is created. If you don’t specify the entitlementStatus field in your request, MediaConnect sets it to ENABLED.

    ", + "locationName":"entitlementStatus" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the entitlement. This value must be unique within the current flow.

    ", + "locationName":"name" + }, + "Subscribers":{ + "shape":"__listOfString", + "documentation":"

    The Amazon Web Services account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flows using your content as the source.

    ", + "locationName":"subscribers" + }, + "EntitlementTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the entitlement.

    ", + "locationName":"entitlementTags" + } + }, + "documentation":"

    The entitlements that you want to grant on a flow.

    " + }, + "GrantFlowEntitlements420Exception":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    Exception raised by Elemental MediaConnect when granting the entitlement. See the error message for the operation for more information on the cause of this exception.

    ", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "GrantFlowEntitlementsRequest":{ + "type":"structure", + "required":[ + "Entitlements", + "FlowArn" ], - "exception": true, - "error": { - "httpStatusCode": 420 - } - }, - "GrantFlowEntitlementsRequest": { - "type": "structure", - "members": { - "Entitlements": { - "shape": "__listOfGrantEntitlementRequest", - "locationName": "entitlements", - "documentation": "The list of entitlements that you want to grant." - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to grant entitlements on." + "members":{ + "Entitlements":{ + "shape":"__listOfGrantEntitlementRequest", + "documentation":"

    The list of entitlements that you want to grant.

    ", + "locationName":"entitlements" + }, + "FlowArn":{ + "shape":"GrantFlowEntitlementsRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to grant entitlements on.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "documentation": "A request to grant entitlements on a flow.", - "required": [ - "FlowArn", - "Entitlements" - ] + } }, - "GrantFlowEntitlementsResponse": { - "type": "structure", - "members": { - "Entitlements": { - "shape": "__listOfEntitlement", - "locationName": "entitlements", - "documentation": "The entitlements that were just granted." - }, - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that these entitlements were granted to." + "GrantFlowEntitlementsRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "GrantFlowEntitlementsResponse":{ + "type":"structure", + "members":{ + "Entitlements":{ + "shape":"__listOfEntitlement", + "documentation":"

    The entitlements that were just granted.

    ", + "locationName":"entitlements" + }, + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that these entitlements were granted to.

    ", + "locationName":"flowArn" } } }, - "IngressGatewayBridge": { - "type": "structure", - "members": { - "InstanceId": { - "shape": "__string", - "locationName": "instanceId", - "documentation": "The ID of the instance running this bridge." - }, - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The maximum expected bitrate (in bps) of the ingress bridge." - }, - "MaxOutputs": { - "shape": "__integer", - "locationName": "maxOutputs", - "documentation": "The maximum number of outputs on the ingress bridge." - } - }, - "required": [ - "MaxOutputs", - "MaxBitrate" - ] - }, - "InputConfiguration": { - "type": "structure", - "members": { - "InputIp": { - "shape": "__string", - "locationName": "inputIp", - "documentation": "The IP address that the flow listens on for incoming content for a media stream." - }, - "InputPort": { - "shape": "__integer", - "locationName": "inputPort", - "documentation": "The port that the flow listens on for an incoming media stream." - }, - "Interface": { - "shape": "Interface", - "locationName": "interface", - "documentation": "The VPC interface where the media stream comes in from." - } - }, - "documentation": "The transport parameters that are associated with an incoming media stream.", - "required": [ - "InputPort", + "IngressGatewayBridge":{ + "type":"structure", + "required":[ + "MaxBitrate", + "MaxOutputs" + ], + "members":{ + "InstanceId":{ + "shape":"String", + "documentation":"

    The ID of the instance running this bridge.

    ", + "locationName":"instanceId" + }, + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps) of the ingress bridge.

    ", + "locationName":"maxBitrate" + }, + "MaxOutputs":{ + "shape":"Integer", + "documentation":"

    The maximum number of outputs on the ingress bridge.

    ", + "locationName":"maxOutputs" + } + }, + "documentation":"

    Create a bridge with the ingress bridge type. An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.

    " + }, + "InputConfiguration":{ + "type":"structure", + "required":[ "InputIp", + "InputPort", "Interface" - ] - }, - "InputConfigurationRequest": { - "type": "structure", - "members": { - "InputPort": { - "shape": "__integer", - "locationName": "inputPort", - "documentation": "The port that you want the flow to listen on for an incoming media stream." - }, - "Interface": { - "shape": "InterfaceRequest", - "locationName": "interface", - "documentation": "The VPC interface that you want to use for the incoming media stream." - } - }, - "documentation": "The transport parameters that you want to associate with an incoming media stream.", - "required": [ + ], + "members":{ + "InputIp":{ + "shape":"String", + "documentation":"

    The IP address that the flow listens on for incoming content for a media stream.

    ", + "locationName":"inputIp" + }, + "InputPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow listens on for an incoming media stream.

    ", + "locationName":"inputPort" + }, + "Interface":{ + "shape":"Interface", + "documentation":"

    The VPC interface where the media stream comes in from.

    ", + "locationName":"interface" + } + }, + "documentation":"

    The transport parameters that are associated with an incoming media stream.

    " + }, + "InputConfigurationRequest":{ + "type":"structure", + "required":[ "InputPort", "Interface" - ] - }, - "InstanceState": { - "type": "string", - "enum": [ + ], + "members":{ + "InputPort":{ + "shape":"Integer", + "documentation":"

    The port that you want the flow to listen on for an incoming media stream.

    ", + "locationName":"inputPort" + }, + "Interface":{ + "shape":"InterfaceRequest", + "documentation":"

    The VPC interface that you want to use for the incoming media stream.

    ", + "locationName":"interface" + } + }, + "documentation":"

    The transport parameters that you want to associate with an incoming media stream.

    " + }, + "InstanceState":{ + "type":"string", + "enum":[ "REGISTERING", "ACTIVE", "DEREGISTERING", @@ -4452,515 +3396,513 @@ "DEREGISTRATION_ERROR" ] }, - "Interface": { - "type": "structure", - "members": { - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the VPC interface." - } - }, - "documentation": "The VPC interface that is used for the media stream associated with the source or output.", - "required": [ - "Name" - ] - }, - "InterfaceRequest": { - "type": "structure", - "members": { - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the VPC interface." - } - }, - "documentation": "The VPC interface that you want to designate where the media stream is coming from or going to.", - "required": [ - "Name" - ] - }, - "InternalServerErrorException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 500 - } - }, - "KeyType": { - "type": "string", - "enum": [ + "Integer":{ + "type":"integer", + "box":true + }, + "Interface":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    The name of the VPC interface.

    ", + "locationName":"name" + } + }, + "documentation":"

    The VPC interface that is used for the media stream associated with the source or output.

    " + }, + "InterfaceRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    The name of the VPC interface.

    ", + "locationName":"name" + } + }, + "documentation":"

    The VPC interface that you want to designate where the media stream is coming from or going to.

    " + }, + "InternalServerErrorException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    The server encountered an internal error and is unable to complete the request.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "KeyType":{ + "type":"string", + "enum":[ "speke", "static-key", "srt-password" ] }, - "ListBridgesRequest": { - "type": "structure", - "members": { - "FilterArn": { - "shape": "__string", - "location": "querystring", - "locationName": "filterArn", - "documentation": "Filter the list results to display only the bridges associated with the selected Amazon Resource Name (ARN)." - }, - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListBridges request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListBridges request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListBridges request a second time and specify the NextToken value." - } - } - }, - "ListBridgesResponse": { - "type": "structure", - "members": { - "Bridges": { - "shape": "__listOfListedBridge", - "locationName": "bridges", - "documentation": "A list of bridge summaries." - }, - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListBridges request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListBridges request a second time and specify the NextToken value." - } - } - }, - "ListEntitlementsRequest": { - "type": "structure", - "members": { - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListEntitlements request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 20 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListEntitlements request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListEntitlements request a second time and specify the NextToken value." - } - } - }, - "ListEntitlementsResponse": { - "type": "structure", - "members": { - "Entitlements": { - "shape": "__listOfListedEntitlement", - "locationName": "entitlements", - "documentation": "A list of entitlements that have been granted to you from other AWS accounts." - }, - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListEntitlements request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListEntitlements request a second time and specify the NextToken value." - } - } - }, - "ListFlowsRequest": { - "type": "structure", - "members": { - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListFlows request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListFlows request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListFlows request a second time and specify the NextToken value." - } - } - }, - "ListFlowsResponse": { - "type": "structure", - "members": { - "Flows": { - "shape": "__listOfListedFlow", - "locationName": "flows", - "documentation": "A list of flow summaries." - }, - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListFlows request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListFlows request a second time and specify the NextToken value." - } - } - }, - "ListGatewayInstancesRequest": { - "type": "structure", - "members": { - "FilterArn": { - "shape": "__string", - "location": "querystring", - "locationName": "filterArn", - "documentation": "Filter the list results to display only the instances associated with the selected Gateway Amazon Resource Name (ARN)." - }, - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListInstances request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListInstances request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListInstances request a second time and specify the NextToken value." - } - } - }, - "ListGatewayInstancesResponse": { - "type": "structure", - "members": { - "Instances": { - "shape": "__listOfListedGatewayInstance", - "locationName": "instances", - "documentation": "A list of instance summaries." - }, - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListInstances request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListInstances request a second time and specify the NextToken value." - } - } - }, - "ListGatewaysRequest": { - "type": "structure", - "members": { - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListGateways request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListGateways request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListGateways request a second time and specify the NextToken value." - } - } - }, - "ListGatewaysResponse": { - "type": "structure", - "members": { - "Gateways": { - "shape": "__listOfListedGateway", - "locationName": "gateways", - "documentation": "A list of gateway summaries." - }, - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListGateways request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListGateways request a second time and specify the NextToken value." - } - } - }, - "ListOfferingsRequest": { - "type": "structure", - "members": { - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListOfferings request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListOfferings request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value." - } - } - }, - "ListOfferingsResponse": { - "type": "structure", - "members": { - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListOfferings request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value." - }, - "Offerings": { - "shape": "__listOfOffering", - "locationName": "offerings", - "documentation": "A list of offerings that are available to this account in the current AWS Region." - } - } - }, - "ListReservationsRequest": { - "type": "structure", - "members": { - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of results to return per API request. For example, you submit a ListReservations request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.) The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page." - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListReservations request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value." - } - } - }, - "ListReservationsResponse": { - "type": "structure", - "members": { - "NextToken": { - "shape": "__string", - "locationName": "nextToken", - "documentation": "The token that identifies which batch of results that you want to see. For example, you submit a ListReservations request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListReservations request a second time and specify the NextToken value." - }, - "Reservations": { - "shape": "__listOfReservation", - "locationName": "reservations", - "documentation": "A list of all reservations that have been purchased by this account in the current AWS Region." - } - } - }, - "ListTagsForResourceRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "shape": "__string", - "location": "uri", - "locationName": "resourceArn", - "documentation": "The Amazon Resource Name (ARN) that identifies the AWS Elemental MediaConnect resource for which to list the tags." - } - }, - "required": [ - "ResourceArn" - ] - }, - "ListTagsForResourceResponse": { - "type": "structure", - "members": { - "Tags": { - "shape": "__mapOf__string", - "locationName": "tags", - "documentation": "A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters." - } - } - }, - "ListedBridge": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge." - }, - "BridgeState": { - "shape": "BridgeState", - "locationName": "bridgeState" - }, - "BridgeType": { - "shape": "__string", - "locationName": "bridgeType", - "documentation": "The type of the bridge." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the bridge." - }, - "PlacementArn": { - "shape": "__string", - "locationName": "placementArn", - "documentation": "The ARN of the gateway associated with the bridge." - } - }, - "documentation": "Displays details of the selected bridge.", - "required": [ + "ListBridgesRequest":{ + "type":"structure", + "members":{ + "FilterArn":{ + "shape":"String", + "documentation":"

    Filter the list results to display only the bridges associated with the selected ARN.

    ", + "location":"querystring", + "locationName":"filterArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListBridges request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListBridges request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListBridges request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListBridgesResponse":{ + "type":"structure", + "members":{ + "Bridges":{ + "shape":"__listOfListedBridge", + "documentation":"

    A list of bridge summaries.

    ", + "locationName":"bridges" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListBridges request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListBridges request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + } + } + }, + "ListEntitlementsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListEntitlements request with set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 20 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListEntitlements request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListEntitlements request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListEntitlementsResponse":{ + "type":"structure", + "members":{ + "Entitlements":{ + "shape":"__listOfListedEntitlement", + "documentation":"

    A list of entitlements that have been granted to you from other Amazon Web Services accounts.

    ", + "locationName":"entitlements" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListEntitlements request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListEntitlements request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + } + } + }, + "ListFlowsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListFlows request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListFlows request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListFlows request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListFlowsResponse":{ + "type":"structure", + "members":{ + "Flows":{ + "shape":"__listOfListedFlow", + "documentation":"

    A list of flow summaries.

    ", + "locationName":"flows" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListFlows request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListFlows request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + } + } + }, + "ListGatewayInstancesRequest":{ + "type":"structure", + "members":{ + "FilterArn":{ + "shape":"String", + "documentation":"

    Filter the list results to display only the instances associated with the selected Gateway ARN.

    ", + "location":"querystring", + "locationName":"filterArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListInstances request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListInstances request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListInstances request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListGatewayInstancesResponse":{ + "type":"structure", + "members":{ + "Instances":{ + "shape":"__listOfListedGatewayInstance", + "documentation":"

    A list of instance summaries.

    ", + "locationName":"instances" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListInstances request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListInstances request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + } + } + }, + "ListGatewaysRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListGateways request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListGateways request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListGateways request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListGatewaysResponse":{ + "type":"structure", + "members":{ + "Gateways":{ + "shape":"__listOfListedGateway", + "documentation":"

    A list of gateway summaries.

    ", + "locationName":"gateways" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListGateways request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListGateways request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + } + } + }, + "ListOfferingsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListOfferings request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListOfferings request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListOfferingsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListOfferings request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + }, + "Offerings":{ + "shape":"__listOfOffering", + "documentation":"

    A list of offerings that are available to this account in the current Amazon Web Services Region.

    ", + "locationName":"offerings" + } + } + }, + "ListReservationsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per API request.

    For example, you submit a ListReservations request with MaxResults set at 5. Although 20 items match your request, the service returns no more than the first 5 items. (The service also returns a NextToken value that you can use to fetch the next batch of results.)

    The service might return fewer results than the MaxResults value. If MaxResults is not included in the request, the service defaults to pagination with a maximum of 10 results per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListReservations request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListOfferings request a second time and specify the NextToken value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListReservationsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    The token that identifies the batch of results that you want to see.

    For example, you submit a ListReservations request with MaxResults set at 5. The service returns the first batch of results (up to 5) and a NextToken value. To see the next batch of results, you can submit the ListReservations request a second time and specify the NextToken value.

    ", + "locationName":"nextToken" + }, + "Reservations":{ + "shape":"__listOfReservation", + "documentation":"

    A list of all reservations that have been purchased by this account in the current Amazon Web Services Region.

    ", + "locationName":"reservations" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that identifies the MediaConnect resource for which to list the tags.

    ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"__mapOfString", + "documentation":"

    A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    ", + "locationName":"tags" + } + } + }, + "ListedBridge":{ + "type":"structure", + "required":[ "BridgeArn", "BridgeState", - "PlacementArn", "BridgeType", - "Name" - ] - }, - "ListedEntitlement": { - "type": "structure", - "members": { - "DataTransferSubscriberFeePercent": { - "shape": "__integer", - "locationName": "dataTransferSubscriberFeePercent", - "documentation": "Percentage from 0-100 of the data transfer cost to be billed to the subscriber." - }, - "EntitlementArn": { - "shape": "__string", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement." - }, - "EntitlementName": { - "shape": "__string", - "locationName": "entitlementName", - "documentation": "The name of the entitlement." - } - }, - "documentation": "An entitlement that has been granted to you from other AWS accounts.", - "required": [ + "Name", + "PlacementArn" + ], + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge.

    ", + "locationName":"bridgeArn" + }, + "BridgeState":{ + "shape":"BridgeState", + "documentation":"

    The state of the bridge.

    ", + "locationName":"bridgeState" + }, + "BridgeType":{ + "shape":"String", + "documentation":"

    The type of the bridge.

    ", + "locationName":"bridgeType" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the bridge.

    ", + "locationName":"name" + }, + "PlacementArn":{ + "shape":"String", + "documentation":"

    The ARN of the gateway associated with the bridge.

    ", + "locationName":"placementArn" + } + }, + "documentation":"

    Displays details of the selected bridge.

    " + }, + "ListedEntitlement":{ + "type":"structure", + "required":[ "EntitlementArn", "EntitlementName" - ] - }, - "ListedFlow": { - "type": "structure", - "members": { - "AvailabilityZone": { - "shape": "__string", - "locationName": "availabilityZone", - "documentation": "The Availability Zone that the flow was created in." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the flow." - }, - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the flow." - }, - "SourceType": { - "shape": "SourceType", - "locationName": "sourceType", - "documentation": "The type of source. This value is either owned (originated somewhere other than an AWS Elemental MediaConnect flow owned by another AWS account) or entitled (originated at an AWS Elemental MediaConnect flow owned by another AWS account)." - }, - "Status": { - "shape": "Status", - "locationName": "status", - "documentation": "The current status of the flow." - }, - "Maintenance": { - "shape": "Maintenance", - "locationName": "maintenance" - } - }, - "documentation": "Provides a summary of a flow, including its ARN, Availability Zone, and source type.", - "required": [ - "Status", - "Description", - "SourceType", + ], + "members":{ + "DataTransferSubscriberFeePercent":{ + "shape":"Integer", + "documentation":"

    Percentage from 0-100 of the data transfer cost to be billed to the subscriber.

    ", + "locationName":"dataTransferSubscriberFeePercent" + }, + "EntitlementArn":{ + "shape":"String", + "documentation":"

    The ARN of the entitlement.

    ", + "locationName":"entitlementArn" + }, + "EntitlementName":{ + "shape":"String", + "documentation":"

    The name of the entitlement.

    ", + "locationName":"entitlementName" + } + }, + "documentation":"

    An entitlement that has been granted to you from other Amazon Web Services accounts.

    " + }, + "ListedFlow":{ + "type":"structure", + "required":[ "AvailabilityZone", + "Description", "FlowArn", - "Name" - ] - }, - "ListedGateway": { - "type": "structure", - "members": { - "GatewayArn": { - "shape": "__string", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway." - }, - "GatewayState": { - "shape": "GatewayState", - "locationName": "gatewayState" - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the gateway." - } - }, - "documentation": "Provides a summary of a gateway, including its name, ARN, and status.", - "required": [ + "Name", + "SourceType", + "Status" + ], + "members":{ + "AvailabilityZone":{ + "shape":"String", + "documentation":"

    The Availability Zone that the flow was created in.

    ", + "locationName":"availabilityZone" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the flow.

    ", + "locationName":"description" + }, + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow.

    ", + "locationName":"flowArn" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the flow.

    ", + "locationName":"name" + }, + "SourceType":{ + "shape":"SourceType", + "documentation":"

    The type of source. This value is either owned (originated somewhere other than an MediaConnect flow owned by another Amazon Web Services account) or entitled (originated at a MediaConnect flow owned by another Amazon Web Services account).

    ", + "locationName":"sourceType" + }, + "Status":{ + "shape":"Status", + "documentation":"

    The current status of the flow.

    ", + "locationName":"status" + }, + "Maintenance":{ + "shape":"Maintenance", + "documentation":"

    The maintenance settings for the flow.

    ", + "locationName":"maintenance" + } + }, + "documentation":"

    A summary of a flow, including its ARN, Availability Zone, and source type.

    " + }, + "ListedGateway":{ + "type":"structure", + "required":[ "GatewayArn", "GatewayState", "Name" - ] - }, - "ListedGatewayInstance": { - "type": "structure", - "members": { - "GatewayArn": { - "shape": "__string", - "locationName": "gatewayArn", - "documentation": "The Amazon Resource Name (ARN) of the gateway." - }, - "GatewayInstanceArn": { - "shape": "__string", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the instance." - }, - "InstanceId": { - "shape": "__string", - "locationName": "instanceId", - "documentation": "The managed instance ID generated by the SSM install. This will begin with \"mi-\"." - }, - "InstanceState": { - "shape": "InstanceState", - "locationName": "instanceState", - "documentation": "The status of the instance." - } - }, - "documentation": "Provides a summary of an instance.", - "required": [ + ], + "members":{ + "GatewayArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway.

    ", + "locationName":"gatewayArn" + }, + "GatewayState":{ + "shape":"GatewayState", + "documentation":"

    The status of the gateway.

    ", + "locationName":"gatewayState" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the gateway.

    ", + "locationName":"name" + } + }, + "documentation":"

    A summary of a gateway, including its name, ARN, and status.

    " + }, + "ListedGatewayInstance":{ + "type":"structure", + "required":[ "GatewayArn", "GatewayInstanceArn", "InstanceId" - ] - }, - "Maintenance": { - "type": "structure", - "members": { - "MaintenanceDay": { - "shape": "MaintenanceDay", - "locationName": "maintenanceDay", - "documentation": "A day of a week when the maintenance will happen. Use Monday/Tuesday/Wednesday/Thursday/Friday/Saturday/Sunday." - }, - "MaintenanceDeadline": { - "shape": "__string", - "locationName": "maintenanceDeadline", - "documentation": "The Maintenance has to be performed before this deadline in ISO UTC format. Example: 2021-01-30T08:30:00Z." - }, - "MaintenanceScheduledDate": { - "shape": "__string", - "locationName": "maintenanceScheduledDate", - "documentation": "A scheduled date in ISO UTC format when the maintenance will happen. Use YYYY-MM-DD format. Example: 2021-01-30." - }, - "MaintenanceStartHour": { - "shape": "__string", - "locationName": "maintenanceStartHour", - "documentation": "UTC time when the maintenance will happen. Use 24-hour HH:MM format. Minutes must be 00. Example: 13:00. The default value is 02:00." - } - }, - "documentation": "The maintenance setting of a flow" - }, - "MaintenanceDay": { - "type": "string", - "enum": [ + ], + "members":{ + "GatewayArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway.

    ", + "locationName":"gatewayArn" + }, + "GatewayInstanceArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the instance.

    ", + "locationName":"gatewayInstanceArn" + }, + "InstanceId":{ + "shape":"String", + "documentation":"

    The managed instance ID generated by the SSM install. This will begin with \"mi-\".

    ", + "locationName":"instanceId" + }, + "InstanceState":{ + "shape":"InstanceState", + "documentation":"

    The status of the instance.

    ", + "locationName":"instanceState" + } + }, + "documentation":"

    A summary of an instance.

    " + }, + "Maintenance":{ + "type":"structure", + "members":{ + "MaintenanceDay":{ + "shape":"MaintenanceDay", + "documentation":"

    A day of a week when the maintenance will happen. Use Monday/Tuesday/Wednesday/Thursday/Friday/Saturday/Sunday.

    ", + "locationName":"maintenanceDay" + }, + "MaintenanceDeadline":{ + "shape":"String", + "documentation":"

    The Maintenance has to be performed before this deadline in ISO UTC format. Example: 2021-01-30T08:30:00Z.

    ", + "locationName":"maintenanceDeadline" + }, + "MaintenanceScheduledDate":{ + "shape":"String", + "documentation":"

    A scheduled date in ISO UTC format when the maintenance will happen. Use YYYY-MM-DD format. Example: 2021-01-30.

    ", + "locationName":"maintenanceScheduledDate" + }, + "MaintenanceStartHour":{ + "shape":"String", + "documentation":"

    UTC time when the maintenance will happen. Use 24-hour HH:MM format. Minutes must be 00. Example: 13:00. The default value is 02:00.

    ", + "locationName":"maintenanceStartHour" + } + }, + "documentation":"

    The maintenance setting of a flow.

    " + }, + "MaintenanceDay":{ + "type":"string", + "enum":[ "Monday", "Tuesday", "Wednesday", @@ -4970,478 +3912,531 @@ "Sunday" ] }, - "MaxResults": { - "type": "integer", - "min": 1, - "max": 1000 - }, - "MediaStream": { - "type": "structure", - "members": { - "Attributes": { - "shape": "MediaStreamAttributes", - "locationName": "attributes", - "documentation": "Attributes that are related to the media stream." - }, - "ClockRate": { - "shape": "__integer", - "locationName": "clockRate", - "documentation": "The sample rate for the stream. This value is measured in Hz." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description that can help you quickly identify what your media stream is used for." - }, - "Fmt": { - "shape": "__integer", - "locationName": "fmt", - "documentation": "The format type number (sometimes referred to as RTP payload type) of the media stream. MediaConnect assigns this value to the media stream. For ST 2110 JPEG XS outputs, you need to provide this value to the receiver." - }, - "MediaStreamId": { - "shape": "__integer", - "locationName": "mediaStreamId", - "documentation": "A unique identifier for the media stream." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "A name that helps you distinguish one media stream from another." - }, - "MediaStreamType": { - "shape": "MediaStreamType", - "locationName": "mediaStreamType", - "documentation": "The type of media stream." - }, - "VideoFormat": { - "shape": "__string", - "locationName": "videoFormat", - "documentation": "The resolution of the video." - } - }, - "documentation": "A single track or stream of media that contains video, audio, or ancillary data. After you add a media stream to a flow, you can associate it with sources and outputs on that flow, as long as they use the CDI protocol or the ST 2110 JPEG XS protocol. Each source or output can consist of one or many media streams.", - "required": [ - "MediaStreamType", + "MaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "MediaStream":{ + "type":"structure", + "required":[ + "Fmt", "MediaStreamId", "MediaStreamName", - "Fmt" - ] - }, - "MediaStreamAttributes": { - "type": "structure", - "members": { - "Fmtp": { - "shape": "Fmtp", - "locationName": "fmtp", - "documentation": "A set of parameters that define the media stream." - }, - "Lang": { - "shape": "__string", - "locationName": "lang", - "documentation": "The audio language, in a format that is recognized by the receiver." - } - }, - "documentation": "Attributes that are related to the media stream.", - "required": [ - "Fmtp" - ] - }, - "MediaStreamAttributesRequest": { - "type": "structure", - "members": { - "Fmtp": { - "shape": "FmtpRequest", - "locationName": "fmtp", - "documentation": "The settings that you want to use to define the media stream." - }, - "Lang": { - "shape": "__string", - "locationName": "lang", - "documentation": "The audio language, in a format that is recognized by the receiver." - } - }, - "documentation": "Attributes that are related to the media stream." - }, - "MediaStreamOutputConfiguration": { - "type": "structure", - "members": { - "DestinationConfigurations": { - "shape": "__listOfDestinationConfiguration", - "locationName": "destinationConfigurations", - "documentation": "The transport parameters that are associated with each outbound media stream." - }, - "EncodingName": { - "shape": "EncodingName", - "locationName": "encodingName", - "documentation": "The format that was used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv." - }, - "EncodingParameters": { - "shape": "EncodingParameters", - "locationName": "encodingParameters", - "documentation": "Encoding parameters" - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream." - } - }, - "documentation": "The media stream that is associated with the output, and the parameters for that association.", - "required": [ - "MediaStreamName", - "EncodingName" - ] - }, - "MediaStreamOutputConfigurationRequest": { - "type": "structure", - "members": { - "DestinationConfigurations": { - "shape": "__listOfDestinationConfigurationRequest", - "locationName": "destinationConfigurations", - "documentation": "The transport parameters that you want to associate with the media stream." - }, - "EncodingName": { - "shape": "EncodingName", - "locationName": "encodingName", - "documentation": "The format that will be used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv." - }, - "EncodingParameters": { - "shape": "EncodingParametersRequest", - "locationName": "encodingParameters", - "documentation": "A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream that is associated with the output." - } - }, - "documentation": "The media stream that you want to associate with the output, and the parameters for that association.", - "required": [ - "MediaStreamName", - "EncodingName" - ] - }, - "MediaStreamSourceConfiguration": { - "type": "structure", - "members": { - "EncodingName": { - "shape": "EncodingName", - "locationName": "encodingName", - "documentation": "The format that was used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv." - }, - "InputConfigurations": { - "shape": "__listOfInputConfiguration", - "locationName": "inputConfigurations", - "documentation": "The transport parameters that are associated with an incoming media stream." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream." - } - }, - "documentation": "The media stream that is associated with the source, and the parameters for that association.", - "required": [ - "MediaStreamName", - "EncodingName" - ] - }, - "MediaStreamSourceConfigurationRequest": { - "type": "structure", - "members": { - "EncodingName": { - "shape": "EncodingName", - "locationName": "encodingName", - "documentation": "The format you want to use to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv." - }, - "InputConfigurations": { - "shape": "__listOfInputConfigurationRequest", - "locationName": "inputConfigurations", - "documentation": "The transport parameters that you want to associate with the media stream." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream." - } - }, - "documentation": "The definition of a media stream that you want to associate with the source.", - "required": [ - "MediaStreamName", - "EncodingName" - ] - }, - "MediaStreamType": { - "type": "string", - "enum": [ + "MediaStreamType" + ], + "members":{ + "Attributes":{ + "shape":"MediaStreamAttributes", + "documentation":"

    Attributes that are related to the media stream.

    ", + "locationName":"attributes" + }, + "ClockRate":{ + "shape":"Integer", + "documentation":"

    The sample rate for the stream. This value is measured in Hz.

    ", + "locationName":"clockRate" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description that can help you quickly identify what your media stream is used for.

    ", + "locationName":"description" + }, + "Fmt":{ + "shape":"Integer", + "documentation":"

    The format type number (sometimes referred to as RTP payload type) of the media stream. MediaConnect assigns this value to the media stream. For ST 2110 JPEG XS outputs, you need to provide this value to the receiver.

    ", + "locationName":"fmt" + }, + "MediaStreamId":{ + "shape":"Integer", + "documentation":"

    A unique identifier for the media stream.

    ", + "locationName":"mediaStreamId" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    A name that helps you distinguish one media stream from another.

    ", + "locationName":"mediaStreamName" + }, + "MediaStreamType":{ + "shape":"MediaStreamType", + "documentation":"

    The type of media stream.

    ", + "locationName":"mediaStreamType" + }, + "VideoFormat":{ + "shape":"String", + "documentation":"

    The resolution of the video.

    ", + "locationName":"videoFormat" + } + }, + "documentation":"

    A media stream represents one component of your content, such as video, audio, or ancillary data. After you add a media stream to your flow, you can associate it with sources and outputs that use the ST 2110 JPEG XS or CDI protocol.

    " + }, + "MediaStreamAttributes":{ + "type":"structure", + "required":["Fmtp"], + "members":{ + "Fmtp":{ + "shape":"Fmtp", + "documentation":"

    The settings that you want to use to define the media stream.

    ", + "locationName":"fmtp" + }, + "Lang":{ + "shape":"String", + "documentation":"

    The audio language, in a format that is recognized by the receiver.

    ", + "locationName":"lang" + } + }, + "documentation":"

    Attributes that are related to the media stream.

    " + }, + "MediaStreamAttributesRequest":{ + "type":"structure", + "members":{ + "Fmtp":{ + "shape":"FmtpRequest", + "documentation":"

    The settings that you want to use to define the media stream.

    ", + "locationName":"fmtp" + }, + "Lang":{ + "shape":"String", + "documentation":"

    The audio language, in a format that is recognized by the receiver.

    ", + "locationName":"lang" + } + }, + "documentation":"

    Attributes that are related to the media stream.

    " + }, + "MediaStreamOutputConfiguration":{ + "type":"structure", + "required":[ + "EncodingName", + "MediaStreamName" + ], + "members":{ + "DestinationConfigurations":{ + "shape":"__listOfDestinationConfiguration", + "documentation":"

    The transport parameters that are associated with each outbound media stream.

    ", + "locationName":"destinationConfigurations" + }, + "EncodingName":{ + "shape":"EncodingName", + "documentation":"

    The format that was used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv.

    ", + "locationName":"encodingName" + }, + "EncodingParameters":{ + "shape":"EncodingParameters", + "documentation":"

    A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.

    ", + "locationName":"encodingParameters" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The name of the media stream.

    ", + "locationName":"mediaStreamName" + } + }, + "documentation":"

    The media stream that is associated with the output, and the parameters for that association.

    " + }, + "MediaStreamOutputConfigurationRequest":{ + "type":"structure", + "required":[ + "EncodingName", + "MediaStreamName" + ], + "members":{ + "DestinationConfigurations":{ + "shape":"__listOfDestinationConfigurationRequest", + "documentation":"

    The media streams that you want to associate with the output.

    ", + "locationName":"destinationConfigurations" + }, + "EncodingName":{ + "shape":"EncodingName", + "documentation":"

    The format that will be used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv.

    ", + "locationName":"encodingName" + }, + "EncodingParameters":{ + "shape":"EncodingParametersRequest", + "documentation":"

    A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.

    ", + "locationName":"encodingParameters" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The name of the media stream that is associated with the output.

    ", + "locationName":"mediaStreamName" + } + }, + "documentation":"

    The media stream that you want to associate with the output, and the parameters for that association.

    " + }, + "MediaStreamSourceConfiguration":{ + "type":"structure", + "required":[ + "EncodingName", + "MediaStreamName" + ], + "members":{ + "EncodingName":{ + "shape":"EncodingName", + "documentation":"

    The format that was used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv.

    ", + "locationName":"encodingName" + }, + "InputConfigurations":{ + "shape":"__listOfInputConfiguration", + "documentation":"

    The media streams that you want to associate with the source.

    ", + "locationName":"inputConfigurations" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    A name that helps you distinguish one media stream from another.

    ", + "locationName":"mediaStreamName" + } + }, + "documentation":"

    The media stream that is associated with the source, and the parameters for that association.

    " + }, + "MediaStreamSourceConfigurationRequest":{ + "type":"structure", + "required":[ + "EncodingName", + "MediaStreamName" + ], + "members":{ + "EncodingName":{ + "shape":"EncodingName", + "documentation":"

    The format that was used to encode the data. For ancillary data streams, set the encoding name to smpte291. For audio streams, set the encoding name to pcm. For video, 2110 streams, set the encoding name to raw. For video, JPEG XS streams, set the encoding name to jxsv.

    ", + "locationName":"encodingName" + }, + "InputConfigurations":{ + "shape":"__listOfInputConfigurationRequest", + "documentation":"

    The media streams that you want to associate with the source.

    ", + "locationName":"inputConfigurations" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The name of the media stream.

    ", + "locationName":"mediaStreamName" + } + }, + "documentation":"

    The media stream that you want to associate with the source, and the parameters for that association.

    " + }, + "MediaStreamType":{ + "type":"string", + "enum":[ "video", "audio", "ancillary-data" ] }, - "MessageDetail": { - "type": "structure", - "members": { - "Code": { - "shape": "__string", - "locationName": "code", - "documentation": "The error code." - }, - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The specific error message that MediaConnect returns to help you understand the reason that the request did not succeed." - }, - "ResourceName": { - "shape": "__string", - "locationName": "resourceName", - "documentation": "The name of the resource." - } - }, - "required": [ - "Message", - "Code" - ] - }, - "Messages": { - "type": "structure", - "members": { - "Errors": { - "shape": "__listOf__string", - "locationName": "errors", - "documentation": "A list of errors that might have been generated from processes on this flow." - } - }, - "documentation": "Messages that provide the state of the flow.", - "required": [ - "Errors" + "MessageDetail":{ + "type":"structure", + "required":[ + "Code", + "Message" + ], + "members":{ + "Code":{ + "shape":"String", + "documentation":"

    The error code.

    ", + "locationName":"code" + }, + "Message":{ + "shape":"String", + "documentation":"

    The specific error message that MediaConnect returns to help you understand the reason that the request did not succeed.

    ", + "locationName":"message" + }, + "ResourceName":{ + "shape":"String", + "documentation":"

    The name of the resource.

    ", + "locationName":"resourceName" + } + }, + "documentation":"

    The details of an error message.

    " + }, + "Messages":{ + "type":"structure", + "required":["Errors"], + "members":{ + "Errors":{ + "shape":"__listOfString", + "documentation":"

    A list of errors that might have been generated from processes on this flow.

    ", + "locationName":"errors" + } + }, + "documentation":"

    Messages that provide the state of the flow.

    " + }, + "MonitoringConfig":{ + "type":"structure", + "members":{ + "ThumbnailState":{ + "shape":"ThumbnailState", + "documentation":"

    Indicates whether thumbnails are enabled or disabled.

    ", + "locationName":"thumbnailState" + }, + "AudioMonitoringSettings":{ + "shape":"__listOfAudioMonitoringSetting", + "documentation":"

    Contains the settings for audio stream metrics monitoring.

    ", + "locationName":"audioMonitoringSettings" + }, + "ContentQualityAnalysisState":{ + "shape":"ContentQualityAnalysisState", + "documentation":"

    Indicates whether content quality analysis is enabled or disabled.

    ", + "locationName":"contentQualityAnalysisState" + }, + "VideoMonitoringSettings":{ + "shape":"__listOfVideoMonitoringSetting", + "documentation":"

    Contains the settings for video stream metrics monitoring.

    ", + "locationName":"videoMonitoringSettings" + } + }, + "documentation":"

    The settings for source monitoring.

    " + }, + "MulticastSourceSettings":{ + "type":"structure", + "members":{ + "MulticastSourceIp":{ + "shape":"String", + "documentation":"

    The IP address of the source for source-specific multicast (SSM).

    ", + "locationName":"multicastSourceIp" + } + }, + "documentation":"

    The settings related to the multicast source.

    " + }, + "NdiConfig":{ + "type":"structure", + "members":{ + "NdiState":{ + "shape":"NdiState", + "documentation":"

    A setting that controls whether NDI outputs can be used in the flow. Must be ENABLED to add NDI outputs. Default is DISABLED.

    ", + "locationName":"ndiState" + }, + "MachineName":{ + "shape":"String", + "documentation":"

    A prefix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect generates a unique 12-character ID as the prefix.

    ", + "locationName":"machineName" + }, + "NdiDiscoveryServers":{ + "shape":"__listOfNdiDiscoveryServerConfig", + "documentation":"

    A list of up to three NDI discovery server configurations. While not required by the API, this configuration is necessary for NDI functionality to work properly.

    ", + "locationName":"ndiDiscoveryServers" + } + }, + "documentation":"

    Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs.

    " + }, + "NdiDiscoveryServerConfig":{ + "type":"structure", + "required":[ + "DiscoveryServerAddress", + "VpcInterfaceAdapter" + ], + "members":{ + "DiscoveryServerAddress":{ + "shape":"String", + "documentation":"

    The unique network address of the NDI discovery server.

    ", + "locationName":"discoveryServerAddress" + }, + "DiscoveryServerPort":{ + "shape":"Integer", + "documentation":"

    The port for the NDI discovery server. Defaults to 5959 if a custom port isn't specified.

    ", + "locationName":"discoveryServerPort" + }, + "VpcInterfaceAdapter":{ + "shape":"String", + "documentation":"

    The identifier for the Virtual Private Cloud (VPC) network interface used by the flow.

    ", + "locationName":"vpcInterfaceAdapter" + } + }, + "documentation":"

    Specifies the configuration settings for individual NDI discovery servers. A maximum of 3 servers is allowed.

    " + }, + "NdiState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" ] }, - "MonitoringConfig": { - "type": "structure", - "members": { - "ThumbnailState": { - "shape": "ThumbnailState", - "locationName": "thumbnailState", - "documentation": "The state of thumbnail monitoring." - }, - "AudioMonitoringSettings": { - "shape": "__listOfAudioMonitoringSetting", - "locationName": "audioMonitoringSettings", - "documentation": "Contains the settings for audio stream metrics monitoring." - }, - "ContentQualityAnalysisState": { - "shape": "ContentQualityAnalysisState", - "locationName": "contentQualityAnalysisState", - "documentation": "Indicates whether content quality analysis is enabled or disabled." - }, - "VideoMonitoringSettings": { - "shape": "__listOfVideoMonitoringSetting", - "locationName": "videoMonitoringSettings", - "documentation": "Contains the settings for video stream metrics monitoring." - } - }, - "documentation": "The settings for source monitoring." - }, - "MulticastSourceSettings": { - "type": "structure", - "members": { - "MulticastSourceIp": { - "shape": "__string", - "locationName": "multicastSourceIp", - "documentation": "The IP address of the source for source-specific multicast (SSM)." - } - }, - "documentation": "The settings related to the multicast source." - }, - "NetworkInterfaceType": { - "type": "string", - "enum": [ + "NetworkInterfaceType":{ + "type":"string", + "enum":[ "ena", "efa" ] }, - "NotFoundException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 404 - } - }, - "Offering": { - "type": "structure", - "members": { - "CurrencyCode": { - "shape": "__string", - "locationName": "currencyCode", - "documentation": "The type of currency that is used for billing. The currencyCode used for all reservations is US dollars." - }, - "Duration": { - "shape": "__integer", - "locationName": "duration", - "documentation": "The length of time that your reservation would be active." - }, - "DurationUnits": { - "shape": "DurationUnits", - "locationName": "durationUnits", - "documentation": "The unit of measurement for the duration of the offering." - }, - "OfferingArn": { - "shape": "__string", - "locationName": "offeringArn", - "documentation": "The Amazon Resource Name (ARN) that MediaConnect assigns to the offering." - }, - "OfferingDescription": { - "shape": "__string", - "locationName": "offeringDescription", - "documentation": "A description of the offering." - }, - "PricePerUnit": { - "shape": "__string", - "locationName": "pricePerUnit", - "documentation": "The cost of a single unit. This value, in combination with priceUnits, makes up the rate." - }, - "PriceUnits": { - "shape": "PriceUnits", - "locationName": "priceUnits", - "documentation": "The unit of measurement that is used for billing. This value, in combination with pricePerUnit, makes up the rate." - }, - "ResourceSpecification": { - "shape": "ResourceSpecification", - "locationName": "resourceSpecification", - "documentation": "A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering." - } - }, - "documentation": "A savings plan that reserves a certain amount of outbound bandwidth usage at a discounted rate each month over a period of time.", - "required": [ + "NotFoundException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    One or more of the resources in the request does not exist in the system.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "Offering":{ + "type":"structure", + "required":[ "CurrencyCode", + "Duration", + "DurationUnits", "OfferingArn", "OfferingDescription", - "DurationUnits", - "Duration", "PricePerUnit", - "ResourceSpecification", - "PriceUnits" - ] - }, - "Output": { - "type": "structure", - "members": { - "DataTransferSubscriberFeePercent": { - "shape": "__integer", - "locationName": "dataTransferSubscriberFeePercent", - "documentation": "Percentage from 0-100 of the data transfer cost to be billed to the subscriber." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the output." - }, - "Destination": { - "shape": "__string", - "locationName": "destination", - "documentation": "The address where you want to send the output." - }, - "Encryption": { - "shape": "Encryption", - "locationName": "encryption", - "documentation": "The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key)." - }, - "EntitlementArn": { - "shape": "__string", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement on the originator''s flow. This value is relevant only on entitled flows." - }, - "ListenerAddress": { - "shape": "__string", - "locationName": "listenerAddress", - "documentation": "The IP address that the receiver requires in order to establish a connection with the flow. For public networking, the ListenerAddress is represented by the elastic IP address of the flow. For private networking, the ListenerAddress is represented by the elastic network interface IP address of the VPC. This field applies only to outputs that use the Zixi pull or SRT listener protocol." - }, - "MediaLiveInputArn": { - "shape": "__string", - "locationName": "mediaLiveInputArn", - "documentation": "The input ARN of the AWS Elemental MediaLive channel. This parameter is relevant only for outputs that were added by creating a MediaLive input." - }, - "MediaStreamOutputConfigurations": { - "shape": "__listOfMediaStreamOutputConfiguration", - "locationName": "mediaStreamOutputConfigurations", - "documentation": "The configuration for each media stream that is associated with the output." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the output. This value must be unique within the current flow." - }, - "OutputArn": { - "shape": "__string", - "locationName": "outputArn", - "documentation": "The ARN of the output." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The port to use when content is distributed to this output." - }, - "Transport": { - "shape": "Transport", - "locationName": "transport", - "documentation": "Attributes related to the transport stream that are used in the output." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this output." - }, - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that added this output." - }, - "BridgePorts": { - "shape": "__listOf__integer", - "locationName": "bridgePorts", - "documentation": "The bridge output ports currently in use." - }, - "OutputStatus": { - "shape": "OutputStatus", - "locationName": "outputStatus", - "documentation": "An indication of whether the output is transmitting data or not." - } - }, - "documentation": "The settings for an output.", - "required": [ - "OutputArn", - "Name" - ] - }, - "OutputStatus": { - "type": "string", - "enum": [ + "PriceUnits", + "ResourceSpecification" + ], + "members":{ + "CurrencyCode":{ + "shape":"String", + "documentation":"

    The type of currency that is used for billing. The currencyCode used for all reservations is US dollars.

    ", + "locationName":"currencyCode" + }, + "Duration":{ + "shape":"Integer", + "documentation":"

    The length of time that your reservation would be active.

    ", + "locationName":"duration" + }, + "DurationUnits":{ + "shape":"DurationUnits", + "documentation":"

    The unit of measurement for the duration of the offering.

    ", + "locationName":"durationUnits" + }, + "OfferingArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that MediaConnect assigns to the offering.

    ", + "locationName":"offeringArn" + }, + "OfferingDescription":{ + "shape":"String", + "documentation":"

    A description of the offering.

    ", + "locationName":"offeringDescription" + }, + "PricePerUnit":{ + "shape":"String", + "documentation":"

    The cost of a single unit. This value, in combination with priceUnits, makes up the rate.

    ", + "locationName":"pricePerUnit" + }, + "PriceUnits":{ + "shape":"PriceUnits", + "documentation":"

    The unit of measurement that is used for billing. This value, in combination with pricePerUnit, makes up the rate.

    ", + "locationName":"priceUnits" + }, + "ResourceSpecification":{ + "shape":"ResourceSpecification", + "documentation":"

    A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering.

    ", + "locationName":"resourceSpecification" + } + }, + "documentation":"

    A savings plan that reserves a certain amount of outbound bandwidth usage at a discounted rate each month over a period of time.

    " + }, + "OfferingArn":{"type":"string"}, + "Output":{ + "type":"structure", + "required":[ + "Name", + "OutputArn" + ], + "members":{ + "DataTransferSubscriberFeePercent":{ + "shape":"Integer", + "documentation":"

    Percentage from 0-100 of the data transfer cost to be billed to the subscriber.

    ", + "locationName":"dataTransferSubscriberFeePercent" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the output.

    ", + "locationName":"description" + }, + "Destination":{ + "shape":"String", + "documentation":"

    The address where you want to send the output.

    ", + "locationName":"destination" + }, + "Encryption":{ + "shape":"Encryption", + "documentation":"

    The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key).

    ", + "locationName":"encryption" + }, + "EntitlementArn":{ + "shape":"String", + "documentation":"

    The ARN of the entitlement on the originator''s flow. This value is relevant only on entitled flows.

    ", + "locationName":"entitlementArn" + }, + "ListenerAddress":{ + "shape":"String", + "documentation":"

    The IP address that the receiver requires in order to establish a connection with the flow. For public networking, the ListenerAddress is represented by the elastic IP address of the flow. For private networking, the ListenerAddress is represented by the elastic network interface IP address of the VPC. This field applies only to outputs that use the Zixi pull or SRT listener protocol.

    ", + "locationName":"listenerAddress" + }, + "MediaLiveInputArn":{ + "shape":"String", + "documentation":"

    The input ARN of the MediaLive channel. This parameter is relevant only for outputs that were added by creating a MediaLive input.

    ", + "locationName":"mediaLiveInputArn" + }, + "MediaStreamOutputConfigurations":{ + "shape":"__listOfMediaStreamOutputConfiguration", + "documentation":"

    The configuration for each media stream that is associated with the output.

    ", + "locationName":"mediaStreamOutputConfigurations" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the output. This value must be unique within the current flow.

    ", + "locationName":"name" + }, + "OutputArn":{ + "shape":"String", + "documentation":"

    The ARN of the output.

    ", + "locationName":"outputArn" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The port to use when content is distributed to this output.

    ", + "locationName":"port" + }, + "Transport":{ + "shape":"Transport", + "documentation":"

    Attributes related to the transport stream that are used in the output.

    ", + "locationName":"transport" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this output.

    ", + "locationName":"vpcInterfaceAttachment" + }, + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge added to this output.

    ", + "locationName":"bridgeArn" + }, + "BridgePorts":{ + "shape":"__listOfInteger", + "documentation":"

    The bridge output ports currently in use.

    ", + "locationName":"bridgePorts" + }, + "OutputStatus":{ + "shape":"OutputStatus", + "documentation":"

    An indication of whether the output is transmitting data or not.

    ", + "locationName":"outputStatus" + }, + "PeerIpAddress":{ + "shape":"String", + "documentation":"

    The IP address of the device that is currently receiving content from this output.

    • For outputs that use protocols where you specify the destination (such as SRT Caller or Zixi Push), this value matches the configured destination address.

    • For outputs that use listener protocols (such as SRT Listener), this value shows the address of the connected receiver.

    • Peer IP addresses aren't available for entitlements, managed MediaLive outputs, NDI outputs, and CDI/ST2110 outputs.

    • The peer IP address might not be visible for flows that haven't been started yet, or flows that were started before May 2025. In these cases, restart your flow to see the peer IP address.

    ", + "locationName":"peerIpAddress" + } + }, + "documentation":"

    The settings for an output.

    " + }, + "OutputStatus":{ + "type":"string", + "enum":[ "ENABLED", "DISABLED" ] }, - "PriceUnits": { - "type": "string", - "enum": [ - "HOURLY" - ] - }, - "Protocol": { - "type": "string", - "enum": [ + "PriceUnits":{ + "type":"string", + "enum":["HOURLY"] + }, + "Protocol":{ + "type":"string", + "enum":[ "zixi-push", "rtp-fec", "rtp", @@ -5452,757 +4447,787 @@ "srt-listener", "srt-caller", "fujitsu-qos", - "udp" + "udp", + "ndi-speed-hq" ] }, - "PurchaseOfferingRequest": { - "type": "structure", - "members": { - "OfferingArn": { - "shape": "__string", - "location": "uri", - "locationName": "offeringArn", - "documentation": "The Amazon Resource Name (ARN) of the offering." - }, - "ReservationName": { - "shape": "__string", - "locationName": "reservationName", - "documentation": "The name that you want to use for the reservation." - }, - "Start": { - "shape": "__string", - "locationName": "start", - "documentation": "The date and time that you want the reservation to begin, in Coordinated Universal Time (UTC). You can specify any date and time between 12:00am on the first day of the current month to the current time on today's date, inclusive. Specify the start in a 24-hour notation. Use the following format: YYYY-MM-DDTHH:mm:SSZ, where T and Z are literal characters. For example, to specify 11:30pm on March 5, 2020, enter 2020-03-05T23:30:00Z." - } - }, - "documentation": "A request to purchase a offering.", - "required": [ + "PurchaseOfferingRequest":{ + "type":"structure", + "required":[ "OfferingArn", - "Start", - "ReservationName" - ] + "ReservationName", + "Start" + ], + "members":{ + "OfferingArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the offering.

    ", + "location":"uri", + "locationName":"OfferingArn" + }, + "ReservationName":{ + "shape":"String", + "documentation":"

    The name that you want to use for the reservation.

    ", + "locationName":"reservationName" + }, + "Start":{ + "shape":"String", + "documentation":"

    The date and time that you want the reservation to begin, in Coordinated Universal Time (UTC).

    You can specify any date and time between 12:00am on the first day of the current month to the current time on today's date, inclusive. Specify the start in a 24-hour notation. Use the following format: YYYY-MM-DDTHH:mm:SSZ, where T and Z are literal characters. For example, to specify 11:30pm on March 5, 2020, enter 2020-03-05T23:30:00Z.

    ", + "locationName":"start" + } + } }, - "PurchaseOfferingResponse": { - "type": "structure", - "members": { - "Reservation": { - "shape": "Reservation", - "locationName": "reservation" + "PurchaseOfferingResponse":{ + "type":"structure", + "members":{ + "Reservation":{ + "shape":"Reservation", + "documentation":"

    The details of the reservation that you just created when you purchased the offering.

    ", + "locationName":"reservation" } } }, - "Range": { - "type": "string", - "enum": [ + "Range":{ + "type":"string", + "enum":[ "NARROW", "FULL", "FULLPROTECT" ] }, - "RemoveBridgeOutputRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "OutputName": { - "shape": "__string", - "location": "uri", - "locationName": "outputName", - "documentation": "The name of the bridge output that you want to remove." - } - }, - "required": [ - "OutputName", - "BridgeArn" - ] - }, - "RemoveBridgeOutputResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn" - }, - "OutputName": { - "shape": "__string", - "locationName": "outputName" + "RemoveBridgeOutputRequest":{ + "type":"structure", + "required":[ + "BridgeArn", + "OutputName" + ], + "members":{ + "BridgeArn":{ + "shape":"RemoveBridgeOutputRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "OutputName":{ + "shape":"String", + "documentation":"

    The name of the bridge output that you want to remove.

    ", + "location":"uri", + "locationName":"OutputName" } } }, - "RemoveBridgeSourceRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "SourceName": { - "shape": "__string", - "location": "uri", - "locationName": "sourceName", - "documentation": "The name of the bridge source that you want to remove." + "RemoveBridgeOutputRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "RemoveBridgeOutputResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge from which the output was removed.

    ", + "locationName":"bridgeArn" + }, + "OutputName":{ + "shape":"String", + "documentation":"

    The name of the bridge output that was removed.

    ", + "locationName":"outputName" } - }, - "required": [ + } + }, + "RemoveBridgeSourceRequest":{ + "type":"structure", + "required":[ "BridgeArn", "SourceName" - ] - }, - "RemoveBridgeSourceResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn" - }, - "SourceName": { - "shape": "__string", - "locationName": "sourceName" + ], + "members":{ + "BridgeArn":{ + "shape":"RemoveBridgeSourceRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "SourceName":{ + "shape":"String", + "documentation":"

    The name of the bridge source that you want to remove.

    ", + "location":"uri", + "locationName":"SourceName" } } }, - "RemoveFlowMediaStreamRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." - }, - "MediaStreamName": { - "shape": "__string", - "location": "uri", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream that you want to remove." + "RemoveBridgeSourceRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "RemoveBridgeSourceResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge from which the source was removed.

    ", + "locationName":"bridgeArn" + }, + "SourceName":{ + "shape":"String", + "documentation":"

    The name of the bridge source that was removed.

    ", + "locationName":"sourceName" } - }, - "required": [ + } + }, + "RemoveFlowMediaStreamRequest":{ + "type":"structure", + "required":[ "FlowArn", "MediaStreamName" - ] - }, - "RemoveFlowMediaStreamResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." - }, - "MediaStreamName": { - "shape": "__string", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream that was removed." + ], + "members":{ + "FlowArn":{ + "shape":"RemoveFlowMediaStreamRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The name of the media stream that you want to remove.

    ", + "location":"uri", + "locationName":"MediaStreamName" } } }, - "RemoveFlowOutputRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to remove an output from." - }, - "OutputArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:output:.+$", - "location": "uri", - "locationName": "outputArn", - "documentation": "The ARN of the output that you want to remove." + "RemoveFlowMediaStreamRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RemoveFlowMediaStreamResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that was updated.

    ", + "locationName":"flowArn" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The name of the media stream that was removed.

    ", + "locationName":"mediaStreamName" } - }, - "required": [ + } + }, + "RemoveFlowOutputRequest":{ + "type":"structure", + "required":[ "FlowArn", "OutputArn" - ] - }, - "RemoveFlowOutputResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that is associated with the output you removed." - }, - "OutputArn": { - "shape": "__string", - "locationName": "outputArn", - "documentation": "The ARN of the output that was removed." + ], + "members":{ + "FlowArn":{ + "shape":"RemoveFlowOutputRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to remove an output from.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "OutputArn":{ + "shape":"RemoveFlowOutputRequestOutputArnString", + "documentation":"

    The ARN of the output that you want to remove.

    ", + "location":"uri", + "locationName":"OutputArn" } } }, - "RemoveFlowSourceRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to remove a source from." - }, - "SourceArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:source:.+$", - "location": "uri", - "locationName": "sourceArn", - "documentation": "The ARN of the source that you want to remove." + "RemoveFlowOutputRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RemoveFlowOutputRequestOutputArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:output:.+" + }, + "RemoveFlowOutputResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that the output was removed from.

    ", + "locationName":"flowArn" + }, + "OutputArn":{ + "shape":"String", + "documentation":"

    The ARN of the output that was removed.

    ", + "locationName":"outputArn" } - }, - "required": [ + } + }, + "RemoveFlowSourceRequest":{ + "type":"structure", + "required":[ "FlowArn", "SourceArn" - ] - }, - "RemoveFlowSourceResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that is associated with the source you removed." - }, - "SourceArn": { - "shape": "__string", - "locationName": "sourceArn", - "documentation": "The ARN of the source that was removed." + ], + "members":{ + "FlowArn":{ + "shape":"RemoveFlowSourceRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to remove a source from.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "SourceArn":{ + "shape":"RemoveFlowSourceRequestSourceArnString", + "documentation":"

    The ARN of the source that you want to remove.

    ", + "location":"uri", + "locationName":"SourceArn" } } }, - "RemoveFlowVpcInterfaceRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to remove a VPC interface from." - }, - "VpcInterfaceName": { - "shape": "__string", - "location": "uri", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface that you want to remove." + "RemoveFlowSourceRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RemoveFlowSourceRequestSourceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:source:.+" + }, + "RemoveFlowSourceResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that the source was removed from.

    ", + "locationName":"flowArn" + }, + "SourceArn":{ + "shape":"String", + "documentation":"

    The ARN of the source that was removed.

    ", + "locationName":"sourceArn" } - }, - "required": [ + } + }, + "RemoveFlowVpcInterfaceRequest":{ + "type":"structure", + "required":[ "FlowArn", "VpcInterfaceName" - ] + ], + "members":{ + "FlowArn":{ + "shape":"RemoveFlowVpcInterfaceRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to remove a VPC interface from.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface that you want to remove.

    ", + "location":"uri", + "locationName":"VpcInterfaceName" + } + } }, - "RemoveFlowVpcInterfaceResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that is associated with the VPC interface you removed." - }, - "NonDeletedNetworkInterfaceIds": { - "shape": "__listOf__string", - "locationName": "nonDeletedNetworkInterfaceIds", - "documentation": "IDs of network interfaces associated with the removed VPC interface that Media Connect was unable to remove." - }, - "VpcInterfaceName": { - "shape": "__string", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface that was removed." - } - } - }, - "Reservation": { - "type": "structure", - "members": { - "CurrencyCode": { - "shape": "__string", - "locationName": "currencyCode", - "documentation": "The type of currency that is used for billing. The currencyCode used for your reservation is US dollars." - }, - "Duration": { - "shape": "__integer", - "locationName": "duration", - "documentation": "The length of time that this reservation is active. MediaConnect defines this value in the offering." - }, - "DurationUnits": { - "shape": "DurationUnits", - "locationName": "durationUnits", - "documentation": "The unit of measurement for the duration of the reservation. MediaConnect defines this value in the offering." - }, - "End": { - "shape": "__string", - "locationName": "end", - "documentation": "The day and time that this reservation expires. This value is calculated based on the start date and time that you set and the offering's duration." - }, - "OfferingArn": { - "shape": "__string", - "locationName": "offeringArn", - "documentation": "The Amazon Resource Name (ARN) that MediaConnect assigns to the offering." - }, - "OfferingDescription": { - "shape": "__string", - "locationName": "offeringDescription", - "documentation": "A description of the offering. MediaConnect defines this value in the offering." - }, - "PricePerUnit": { - "shape": "__string", - "locationName": "pricePerUnit", - "documentation": "The cost of a single unit. This value, in combination with priceUnits, makes up the rate. MediaConnect defines this value in the offering." - }, - "PriceUnits": { - "shape": "PriceUnits", - "locationName": "priceUnits", - "documentation": "The unit of measurement that is used for billing. This value, in combination with pricePerUnit, makes up the rate. MediaConnect defines this value in the offering." - }, - "ReservationArn": { - "shape": "__string", - "locationName": "reservationArn", - "documentation": "The Amazon Resource Name (ARN) that MediaConnect assigns to the reservation when you purchase an offering." - }, - "ReservationName": { - "shape": "__string", - "locationName": "reservationName", - "documentation": "The name that you assigned to the reservation when you purchased the offering." - }, - "ReservationState": { - "shape": "ReservationState", - "locationName": "reservationState", - "documentation": "The status of your reservation." - }, - "ResourceSpecification": { - "shape": "ResourceSpecification", - "locationName": "resourceSpecification", - "documentation": "A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering. MediaConnect defines the values that make up the resourceSpecification in the offering." - }, - "Start": { - "shape": "__string", - "locationName": "start", - "documentation": "The day and time that the reservation becomes active. You set this value when you purchase the offering." + "RemoveFlowVpcInterfaceRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RemoveFlowVpcInterfaceResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that is associated with the VPC interface you removed.

    ", + "locationName":"flowArn" + }, + "NonDeletedNetworkInterfaceIds":{ + "shape":"__listOfString", + "documentation":"

    IDs of network interfaces associated with the removed VPC interface that MediaConnect was unable to remove.

    ", + "locationName":"nonDeletedNetworkInterfaceIds" + }, + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface that was removed.

    ", + "locationName":"vpcInterfaceName" } - }, - "documentation": "A pricing agreement for a discounted rate for a specific outbound bandwidth that your MediaConnect account will use each month over a specific time period. The discounted rate in the reservation applies to outbound bandwidth for all flows from your account until your account reaches the amount of bandwidth in your reservation. If you use more outbound bandwidth than the agreed upon amount in a single month, the overage is charged at the on-demand rate.", - "required": [ + } + }, + "Reservation":{ + "type":"structure", + "required":[ "CurrencyCode", - "ReservationState", - "OfferingArn", - "ReservationArn", - "Start", - "OfferingDescription", - "ReservationName", - "End", "Duration", "DurationUnits", + "End", + "OfferingArn", + "OfferingDescription", "PricePerUnit", + "PriceUnits", + "ReservationArn", + "ReservationName", + "ReservationState", "ResourceSpecification", - "PriceUnits" - ] - }, - "ReservationState": { - "type": "string", - "enum": [ + "Start" + ], + "members":{ + "CurrencyCode":{ + "shape":"String", + "documentation":"

    The type of currency that is used for billing. The currencyCode used for your reservation is US dollars.

    ", + "locationName":"currencyCode" + }, + "Duration":{ + "shape":"Integer", + "documentation":"

    The length of time that this reservation is active. MediaConnect defines this value in the offering.

    ", + "locationName":"duration" + }, + "DurationUnits":{ + "shape":"DurationUnits", + "documentation":"

    The unit of measurement for the duration of the reservation. MediaConnect defines this value in the offering.

    ", + "locationName":"durationUnits" + }, + "End":{ + "shape":"String", + "documentation":"

    The day and time that this reservation expires. This value is calculated based on the start date and time that you set and the offering's duration.

    ", + "locationName":"end" + }, + "OfferingArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that MediaConnect assigns to the offering.

    ", + "locationName":"offeringArn" + }, + "OfferingDescription":{ + "shape":"String", + "documentation":"

    A description of the offering. MediaConnect defines this value in the offering.

    ", + "locationName":"offeringDescription" + }, + "PricePerUnit":{ + "shape":"String", + "documentation":"

    The cost of a single unit. This value, in combination with priceUnits, makes up the rate. MediaConnect defines this value in the offering.

    ", + "locationName":"pricePerUnit" + }, + "PriceUnits":{ + "shape":"PriceUnits", + "documentation":"

    The unit of measurement that is used for billing. This value, in combination with pricePerUnit, makes up the rate. MediaConnect defines this value in the offering.

    ", + "locationName":"priceUnits" + }, + "ReservationArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that MediaConnect assigns to the reservation when you purchase an offering.

    ", + "locationName":"reservationArn" + }, + "ReservationName":{ + "shape":"String", + "documentation":"

    The name that you assigned to the reservation when you purchased the offering.

    ", + "locationName":"reservationName" + }, + "ReservationState":{ + "shape":"ReservationState", + "documentation":"

    The status of your reservation.

    ", + "locationName":"reservationState" + }, + "ResourceSpecification":{ + "shape":"ResourceSpecification", + "documentation":"

    A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering. MediaConnect defines the values that make up the resourceSpecification in the offering.

    ", + "locationName":"resourceSpecification" + }, + "Start":{ + "shape":"String", + "documentation":"

    The day and time that the reservation becomes active. You set this value when you purchase the offering.

    ", + "locationName":"start" + } + }, + "documentation":"

    A pricing agreement for a discounted rate for a specific outbound bandwidth that your MediaConnect account will use each month over a specific time period. The discounted rate in the reservation applies to outbound bandwidth for all flows from your account until your account reaches the amount of bandwidth in your reservation. If you use more outbound bandwidth than the agreed upon amount in a single month, the overage is charged at the on-demand rate.

    " + }, + "ReservationArn":{"type":"string"}, + "ReservationState":{ + "type":"string", + "enum":[ "ACTIVE", "EXPIRED", "PROCESSING", "CANCELED" ] }, - "ResourceSpecification": { - "type": "structure", - "members": { - "ReservedBitrate": { - "shape": "__integer", - "locationName": "reservedBitrate", - "documentation": "The amount of outbound bandwidth that is discounted in the offering." - }, - "ResourceType": { - "shape": "ResourceType", - "locationName": "resourceType", - "documentation": "The type of resource and the unit that is being billed for." - } - }, - "documentation": "A definition of what is being billed for, including the type and amount.", - "required": [ - "ResourceType" - ] - }, - "ResourceType": { - "type": "string", - "enum": [ - "Mbps_Outbound_Bandwidth" - ] - }, - "ResponseError": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ] - }, - "RevokeFlowEntitlementRequest": { - "type": "structure", - "members": { - "EntitlementArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:entitlement:.+$", - "location": "uri", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that you want to revoke." - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to revoke an entitlement from." + "ResourceSpecification":{ + "type":"structure", + "required":["ResourceType"], + "members":{ + "ReservedBitrate":{ + "shape":"Integer", + "documentation":"

    The amount of outbound bandwidth that is discounted in the offering.

    ", + "locationName":"reservedBitrate" + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of resource and the unit that is being billed for.

    ", + "locationName":"resourceType" + } + }, + "documentation":"

    A definition of what is being billed for, including the type and amount.

    " + }, + "ResourceType":{ + "type":"string", + "enum":["Mbps_Outbound_Bandwidth"] + }, + "RevokeFlowEntitlementRequest":{ + "type":"structure", + "required":[ + "EntitlementArn", + "FlowArn" + ], + "members":{ + "EntitlementArn":{ + "shape":"RevokeFlowEntitlementRequestEntitlementArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the entitlement that you want to revoke.

    ", + "location":"uri", + "locationName":"EntitlementArn" + }, + "FlowArn":{ + "shape":"RevokeFlowEntitlementRequestFlowArnString", + "documentation":"

    The flow that you want to revoke an entitlement from.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn", - "EntitlementArn" - ] + } }, - "RevokeFlowEntitlementResponse": { - "type": "structure", - "members": { - "EntitlementArn": { - "shape": "__string", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that was revoked." - }, - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that the entitlement was revoked from." + "RevokeFlowEntitlementRequestEntitlementArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + }, + "RevokeFlowEntitlementRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RevokeFlowEntitlementResponse":{ + "type":"structure", + "members":{ + "EntitlementArn":{ + "shape":"String", + "documentation":"

    The ARN of the entitlement that was revoked.

    ", + "locationName":"entitlementArn" + }, + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that the entitlement was revoked from.

    ", + "locationName":"flowArn" } } }, - "ScanMode": { - "type": "string", - "enum": [ + "ScanMode":{ + "type":"string", + "enum":[ "progressive", "interlace", "progressive-segmented-frame" ] }, - "ServiceUnavailableException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 503 - } - }, - "SetGatewayBridgeSourceRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge feeding this flow." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this bridge source." - } - }, - "documentation": "The source configuration for cloud flows receiving a stream from a bridge.", - "required": [ - "BridgeArn" - ] - }, - "SetSourceRequest": { - "type": "structure", - "members": { - "Decryption": { - "shape": "Encryption", - "locationName": "decryption", - "documentation": "The type of encryption that is used on the content ingested from this source. Allowable encryption types: static-key." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description for the source. This value is not used or seen outside of the current AWS Elemental MediaConnect account." - }, - "EntitlementArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:entitlement:.+$", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that allows you to subscribe to this flow. The entitlement is set by the flow originator, and the ARN is generated as part of the originator's flow." - }, - "IngestPort": { - "shape": "__integer", - "locationName": "ingestPort", - "documentation": "The port that the flow will be listening on for incoming content." - }, - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The smoothing max bitrate (in bps) for RIST, RTP, and RTP-FEC streams." - }, - "MaxLatency": { - "shape": "__integer", - "locationName": "maxLatency", - "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams." - }, - "MaxSyncBuffer": { - "shape": "__integer", - "locationName": "maxSyncBuffer", - "documentation": "The size of the buffer (in milliseconds) to use to sync incoming source data." - }, - "MediaStreamSourceConfigurations": { - "shape": "__listOfMediaStreamSourceConfigurationRequest", - "locationName": "mediaStreamSourceConfigurations", - "documentation": "The media streams that are associated with the source, and the parameters for those associations." - }, - "MinLatency": { - "shape": "__integer", - "locationName": "minLatency", - "documentation": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the source." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The protocol that is used by the source." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SenderIpAddress": { - "shape": "__string", - "locationName": "senderIpAddress", - "documentation": "The IP address that the flow communicates with to initiate connection with the sender." - }, - "SourceListenerAddress": { - "shape": "__string", - "locationName": "sourceListenerAddress", - "documentation": "Source IP or domain name for SRT-caller protocol." - }, - "SourceListenerPort": { - "shape": "__integer", - "locationName": "sourceListenerPort", - "documentation": "Source port for SRT-caller protocol." - }, - "StreamId": { - "shape": "__string", - "locationName": "streamId", - "documentation": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams." - }, - "VpcInterfaceName": { - "shape": "__string", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface to use for this source." - }, - "WhitelistCidr": { - "shape": "__string", - "locationName": "whitelistCidr", - "documentation": "The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "GatewayBridgeSource": { - "shape": "SetGatewayBridgeSourceRequest", - "locationName": "gatewayBridgeSource", - "documentation": "The source configuration for cloud flows receiving a stream from a bridge." - } - }, - "documentation": "The settings for the source of the flow." - }, - "SilentAudio": { - "type": "structure", - "members": { - "State": { - "shape": "State", - "locationName": "state", - "documentation": "Indicates whether the SilentAudio metric is enabled or disabled." - }, - "ThresholdSeconds": { - "shape": "__integer", - "locationName": "thresholdSeconds", - "documentation": "Specifies the number of consecutive seconds of silence that triggers an event or alert." - } - }, - "documentation": "Configures settings for the SilentAudio metric." - }, - "Source": { - "type": "structure", - "members": { - "DataTransferSubscriberFeePercent": { - "shape": "__integer", - "locationName": "dataTransferSubscriberFeePercent", - "documentation": "Percentage from 0-100 of the data transfer cost to be billed to the subscriber." - }, - "Decryption": { - "shape": "Encryption", - "locationName": "decryption", - "documentation": "The type of encryption that is used on the content ingested from this source." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description for the source. This value is not used or seen outside of the current AWS Elemental MediaConnect account." - }, - "EntitlementArn": { - "shape": "__string", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that allows you to subscribe to content that comes from another AWS account. The entitlement is set by the content originator and the ARN is generated as part of the originator's flow." - }, - "IngestIp": { - "shape": "__string", - "locationName": "ingestIp", - "documentation": "The IP address that the flow will be listening on for incoming content." - }, - "IngestPort": { - "shape": "__integer", - "locationName": "ingestPort", - "documentation": "The port that the flow will be listening on for incoming content." - }, - "MediaStreamSourceConfigurations": { - "shape": "__listOfMediaStreamSourceConfiguration", - "locationName": "mediaStreamSourceConfigurations", - "documentation": "The media streams that are associated with the source, and the parameters for those associations." - }, - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the source." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SenderIpAddress": { - "shape": "__string", - "locationName": "senderIpAddress", - "documentation": "The IP address that the flow communicates with to initiate connection with the sender." - }, - "SourceArn": { - "shape": "__string", - "locationName": "sourceArn", - "documentation": "The ARN of the source." - }, - "Transport": { - "shape": "Transport", - "locationName": "transport", - "documentation": "Attributes related to the transport stream that are used in the source." - }, - "VpcInterfaceName": { - "shape": "__string", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface that is used for this source." - }, - "WhitelistCidr": { - "shape": "__string", - "locationName": "whitelistCidr", - "documentation": "The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "GatewayBridgeSource": { - "shape": "GatewayBridgeSource", - "locationName": "gatewayBridgeSource", - "documentation": "The source configuration for cloud flows receiving a stream from a bridge." - } - }, - "documentation": "The settings for the source of the flow.", - "required": [ + "ServiceUnavailableException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    The service is currently unavailable or busy.

    ", + "error":{"httpStatusCode":503}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "SetGatewayBridgeSourceRequest":{ + "type":"structure", + "required":["BridgeArn"], + "members":{ + "BridgeArn":{ + "shape":"SetGatewayBridgeSourceRequestBridgeArnString", + "documentation":"

    The ARN of the bridge feeding this flow.

    ", + "locationName":"bridgeArn" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this bridge source.

    ", + "locationName":"vpcInterfaceAttachment" + } + }, + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    " + }, + "SetGatewayBridgeSourceRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "SetSourceRequest":{ + "type":"structure", + "members":{ + "Decryption":{ + "shape":"Encryption", + "documentation":"

    The type of encryption that is used on the content ingested from this source. Allowable encryption types: static-key.

    ", + "locationName":"decryption" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description for the source. This value is not used or seen outside of the current MediaConnect account.

    ", + "locationName":"description" + }, + "EntitlementArn":{ + "shape":"SetSourceRequestEntitlementArnString", + "documentation":"

    The ARN of the entitlement that allows you to subscribe to this flow. The entitlement is set by the flow originator, and the ARN is generated as part of the originator's flow.

    ", + "locationName":"entitlementArn" + }, + "IngestPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow will be listening on for incoming content.

    ", + "locationName":"ingestPort" + }, + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The smoothing max bitrate (in bps) for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"maxBitrate" + }, + "MaxLatency":{ + "shape":"Integer", + "documentation":"

    The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.

    ", + "locationName":"maxLatency" + }, + "MaxSyncBuffer":{ + "shape":"Integer", + "documentation":"

    The size of the buffer (in milliseconds) to use to sync incoming source data.

    ", + "locationName":"maxSyncBuffer" + }, + "MediaStreamSourceConfigurations":{ + "shape":"__listOfMediaStreamSourceConfigurationRequest", + "documentation":"

    The media streams that are associated with the source, and the parameters for those associations.

    ", + "locationName":"mediaStreamSourceConfigurations" + }, + "MinLatency":{ + "shape":"Integer", + "documentation":"

    The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.

    ", + "locationName":"minLatency" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the source.

    ", + "locationName":"name" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The protocol that is used by the source.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SenderIpAddress":{ + "shape":"String", + "documentation":"

    The IP address that the flow communicates with to initiate connection with the sender.

    ", + "locationName":"senderIpAddress" + }, + "SourceListenerAddress":{ + "shape":"String", + "documentation":"

    Source IP or domain name for SRT-caller protocol.

    ", + "locationName":"sourceListenerAddress" + }, + "SourceListenerPort":{ + "shape":"Integer", + "documentation":"

    Source port for SRT-caller protocol.

    ", + "locationName":"sourceListenerPort" + }, + "StreamId":{ + "shape":"String", + "documentation":"

    The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.

    ", + "locationName":"streamId" + }, + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface to use for this source.

    ", + "locationName":"vpcInterfaceName" + }, + "WhitelistCidr":{ + "shape":"String", + "documentation":"

    The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"whitelistCidr" + }, + "GatewayBridgeSource":{ + "shape":"SetGatewayBridgeSourceRequest", + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    ", + "locationName":"gatewayBridgeSource" + }, + "SourceTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the source.

    ", + "locationName":"sourceTags" + } + }, + "documentation":"

    The settings for the source of the flow.

    " + }, + "SetSourceRequestEntitlementArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + }, + "SilentAudio":{ + "type":"structure", + "members":{ + "State":{ + "shape":"State", + "documentation":"

    Indicates whether the SilentAudio metric is enabled or disabled.

    ", + "locationName":"state" + }, + "ThresholdSeconds":{ + "shape":"Integer", + "documentation":"

    Specifies the number of consecutive seconds of silence that triggers an event or alert.

    ", + "locationName":"thresholdSeconds" + } + }, + "documentation":"

    Configures settings for the SilentAudio metric.

    " + }, + "Source":{ + "type":"structure", + "required":[ "Name", "SourceArn" - ] - }, - "SourcePriority": { - "type": "structure", - "members": { - "PrimarySource": { - "shape": "__string", - "locationName": "primarySource", - "documentation": "The name of the source you choose as the primary source for this flow." - } - }, - "documentation": "The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams." - }, - "SourceType": { - "type": "string", - "enum": [ + ], + "members":{ + "DataTransferSubscriberFeePercent":{ + "shape":"Integer", + "documentation":"

    Percentage from 0-100 of the data transfer cost to be billed to the subscriber.

    ", + "locationName":"dataTransferSubscriberFeePercent" + }, + "Decryption":{ + "shape":"Encryption", + "documentation":"

    The type of encryption that is used on the content ingested from this source.

    ", + "locationName":"decryption" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description for the source. This value is not used or seen outside of the current MediaConnect account.

    ", + "locationName":"description" + }, + "EntitlementArn":{ + "shape":"String", + "documentation":"

    The ARN of the entitlement that allows you to subscribe to content that comes from another Amazon Web Services account. The entitlement is set by the content originator and the ARN is generated as part of the originator's flow.

    ", + "locationName":"entitlementArn" + }, + "IngestIp":{ + "shape":"String", + "documentation":"

    The IP address that the flow will be listening on for incoming content.

    ", + "locationName":"ingestIp" + }, + "IngestPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow will be listening on for incoming content.

    ", + "locationName":"ingestPort" + }, + "MediaStreamSourceConfigurations":{ + "shape":"__listOfMediaStreamSourceConfiguration", + "documentation":"

    The media streams that are associated with the source, and the parameters for those associations.

    ", + "locationName":"mediaStreamSourceConfigurations" + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the source.

    ", + "locationName":"name" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The IP address that the flow communicates with to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SenderIpAddress":{ + "shape":"String", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderIpAddress" + }, + "SourceArn":{ + "shape":"String", + "documentation":"

    The ARN of the source.

    ", + "locationName":"sourceArn" + }, + "Transport":{ + "shape":"Transport", + "documentation":"

    Attributes related to the transport stream that are used in the source.

    ", + "locationName":"transport" + }, + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface that is used for this source.

    ", + "locationName":"vpcInterfaceName" + }, + "WhitelistCidr":{ + "shape":"String", + "documentation":"

    The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"whitelistCidr" + }, + "GatewayBridgeSource":{ + "shape":"GatewayBridgeSource", + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    ", + "locationName":"gatewayBridgeSource" + }, + "PeerIpAddress":{ + "shape":"String", + "documentation":"

    The IP address of the device that is currently sending content to this source.

    • For sources that use protocols where you specify the origin (such as SRT Caller), this value matches the configured origin address.

    • For sources that use listener protocols (such as SRT Listener or RTP), this value shows the address of the connected sender.

    • Peer IP addresses aren't available for entitlements and CDI/ST2110 sources.

    • The peer IP address might not be visible for flows that haven't been started yet, or flows that were started before May 2025. In these cases, restart your flow to see the peer IP address.

    ", + "locationName":"peerIpAddress" + } + }, + "documentation":"

    The settings for the source of the flow.

    " + }, + "SourcePriority":{ + "type":"structure", + "members":{ + "PrimarySource":{ + "shape":"String", + "documentation":"

    The name of the source you choose as the primary source for this flow.

    ", + "locationName":"primarySource" + } + }, + "documentation":"

    The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams.

    " + }, + "SourceType":{ + "type":"string", + "enum":[ "OWNED", "ENTITLED" ] }, - "StartFlowRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you want to start." + "StartFlowRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"StartFlowRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to start.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn" - ] + } }, - "StartFlowResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you started." - }, - "Status": { - "shape": "Status", - "locationName": "status", - "documentation": "The status of the flow when the StartFlow process begins." + "StartFlowRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "StartFlowResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that you started.

    ", + "locationName":"flowArn" + }, + "Status":{ + "shape":"Status", + "documentation":"

    The status of the flow when the StartFlow process begins.

    ", + "locationName":"status" } } }, - "State": { - "type": "string", - "enum": [ + "State":{ + "type":"string", + "enum":[ "ENABLED", "DISABLED" ] }, - "Status": { - "type": "string", - "enum": [ + "Status":{ + "type":"string", + "enum":[ "STANDBY", "ACTIVE", "UPDATING", @@ -6212,60 +5237,65 @@ "ERROR" ] }, - "StopFlowRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you want to stop." + "StopFlowRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"StopFlowRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to stop.

    ", + "location":"uri", + "locationName":"FlowArn" } - }, - "required": [ - "FlowArn" - ] + } }, - "StopFlowResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you stopped." - }, - "Status": { - "shape": "Status", - "locationName": "status", - "documentation": "The status of the flow when the StopFlow process begins." + "StopFlowRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "StopFlowResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that you stopped.

    ", + "locationName":"flowArn" + }, + "Status":{ + "shape":"Status", + "documentation":"

    The status of the flow when the StopFlow process begins.

    ", + "locationName":"status" } } }, - "TagResourceRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "shape": "__string", - "location": "uri", - "locationName": "resourceArn", - "documentation": "The Amazon Resource Name (ARN) that identifies the AWS Elemental MediaConnect resource to which to add tags." - }, - "Tags": { - "shape": "__mapOf__string", - "locationName": "tags", - "documentation": "A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters." - } - }, - "documentation": "The tags to add to the resource. A tag is an array of key-value pairs. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.", - "required": [ + "String":{"type":"string"}, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ "ResourceArn", "Tags" - ] + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) that identifies the MediaConnect resource to which to add tags.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"

    A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    ", + "locationName":"tags" + } + } }, - "Tcs": { - "type": "string", - "enum": [ + "Tcs":{ + "type":"string", + "enum":[ "SDR", "PQ", "HLG", @@ -6277,1444 +5307,1427 @@ "DENSITY" ] }, - "ThumbnailDetails": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that DescribeFlowSourceThumbnail was performed on." - }, - "Thumbnail": { - "shape": "__string", - "locationName": "thumbnail", - "documentation": "Thumbnail Base64 string." - }, - "ThumbnailMessages": { - "shape": "__listOfMessageDetail", - "locationName": "thumbnailMessages", - "documentation": "Status code and messages about the flow source thumbnail." - }, - "Timecode": { - "shape": "__string", - "locationName": "timecode", - "documentation": "Timecode of thumbnail." - }, - "Timestamp": { - "shape": "__timestampIso8601", - "locationName": "timestamp", - "documentation": "The timestamp of when thumbnail was generated." - } - }, - "documentation": "The details of the thumbnail, including thumbnail base64 string, timecode and the time when thumbnail was generated.", - "required": [ - "ThumbnailMessages", - "FlowArn" - ] - }, - "ThumbnailState": { - "type": "string", - "enum": [ + "ThumbnailDetails":{ + "type":"structure", + "required":[ + "FlowArn", + "ThumbnailMessages" + ], + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that DescribeFlowSourceThumbnail was performed on.

    ", + "locationName":"flowArn" + }, + "Thumbnail":{ + "shape":"String", + "documentation":"

    Thumbnail Base64 string.

    ", + "locationName":"thumbnail" + }, + "ThumbnailMessages":{ + "shape":"__listOfMessageDetail", + "documentation":"

    Status code and messages about the flow source thumbnail.

    ", + "locationName":"thumbnailMessages" + }, + "Timecode":{ + "shape":"String", + "documentation":"

    Timecode of thumbnail.

    ", + "locationName":"timecode" + }, + "Timestamp":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp of when thumbnail was generated.

    ", + "locationName":"timestamp" + } + }, + "documentation":"

    The details of the thumbnail, including thumbnail base64 string, timecode and the time when thumbnail was generated.

    " + }, + "ThumbnailState":{ + "type":"string", + "enum":[ "ENABLED", "DISABLED" ] }, - "TooManyRequestsException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "The error message returned by AWS Elemental MediaConnect." - } - }, - "documentation": "Exception raised by AWS Elemental MediaConnect. See the error message and documentation for the operation for more information on the cause of this exception.", - "required": [ - "Message" - ], - "exception": true, - "error": { - "httpStatusCode": 429 - } - }, - "Transport": { - "type": "structure", - "members": { - "CidrAllowList": { - "shape": "__listOf__string", - "locationName": "cidrAllowList", - "documentation": "The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The smoothing max bitrate (in bps) for RIST, RTP, and RTP-FEC streams." - }, - "MaxLatency": { - "shape": "__integer", - "locationName": "maxLatency", - "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams." - }, - "MaxSyncBuffer": { - "shape": "__integer", - "locationName": "maxSyncBuffer", - "documentation": "The size of the buffer (in milliseconds) to use to sync incoming source data." - }, - "MinLatency": { - "shape": "__integer", - "locationName": "minLatency", - "documentation": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The protocol that is used by the source or output." - }, - "RemoteId": { - "shape": "__string", - "locationName": "remoteId", - "documentation": "The remote ID for the Zixi-pull stream." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SenderIpAddress": { - "shape": "__string", - "locationName": "senderIpAddress", - "documentation": "The IP address that the flow communicates with to initiate connection with the sender." - }, - "SmoothingLatency": { - "shape": "__integer", - "locationName": "smoothingLatency", - "documentation": "The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams." - }, - "SourceListenerAddress": { - "shape": "__string", - "locationName": "sourceListenerAddress", - "documentation": "Source IP or domain name for SRT-caller protocol." - }, - "SourceListenerPort": { - "shape": "__integer", - "locationName": "sourceListenerPort", - "documentation": "Source port for SRT-caller protocol." - }, - "StreamId": { - "shape": "__string", - "locationName": "streamId", - "documentation": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams." - } - }, - "documentation": "Attributes related to the transport stream that are used in a source or output.", - "required": [ - "Protocol" - ] - }, - "TransportMediaInfo": { - "type": "structure", - "members": { - "Programs": { - "shape": "__listOfTransportStreamProgram", - "locationName": "programs", - "documentation": "The list of transport stream programs in the current flow's source." - } - }, - "documentation": "The metadata of the transport stream in the current flow's source.", - "required": [ - "Programs" - ] - }, - "TransportStream": { - "type": "structure", - "members": { - "Channels": { - "shape": "__integer", - "locationName": "channels", - "documentation": "The number of channels in the audio stream." - }, - "Codec": { - "shape": "__string", - "locationName": "codec", - "documentation": "The codec used by the stream." - }, - "FrameRate": { - "shape": "__string", - "locationName": "frameRate", - "documentation": "The frame rate used by the video stream." - }, - "FrameResolution": { - "shape": "FrameResolution", - "locationName": "frameResolution" - }, - "Pid": { - "shape": "__integer", - "locationName": "pid", - "documentation": "The Packet ID (PID) as it is reported in the Program Map Table." - }, - "SampleRate": { - "shape": "__integer", - "locationName": "sampleRate", - "documentation": "The sample rate used by the audio stream." - }, - "SampleSize": { - "shape": "__integer", - "locationName": "sampleSize", - "documentation": "The sample bit size used by the audio stream." - }, - "StreamType": { - "shape": "__string", - "locationName": "streamType", - "documentation": "The Stream Type as it is reported in the Program Map Table." - } - }, - "documentation": "The metadata of an elementary transport stream.", - "required": [ - "StreamType", - "Pid" - ] - }, - "TransportStreamProgram": { - "type": "structure", - "members": { - "PcrPid": { - "shape": "__integer", - "locationName": "pcrPid", - "documentation": "The Program Clock Reference (PCR) Packet ID (PID) as it is reported in the Program Association Table." - }, - "ProgramName": { - "shape": "__string", - "locationName": "programName", - "documentation": "The program name as it is reported in the Program Association Table." - }, - "ProgramNumber": { - "shape": "__integer", - "locationName": "programNumber", - "documentation": "The program number as it is reported in the Program Association Table." - }, - "ProgramPid": { - "shape": "__integer", - "locationName": "programPid", - "documentation": "The program Packet ID (PID) as it is reported in the Program Association Table." - }, - "Streams": { - "shape": "__listOfTransportStream", - "locationName": "streams", - "documentation": "The list of elementary transport streams in the program. The list includes video, audio, and data streams." - } - }, - "documentation": "The metadata of a single transport stream program.", - "required": [ - "ProgramPid", + "TooManyRequestsException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "Transport":{ + "type":"structure", + "required":["Protocol"], + "members":{ + "CidrAllowList":{ + "shape":"__listOfString", + "documentation":"

    The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16

    ", + "locationName":"cidrAllowList" + }, + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The smoothing max bitrate (in bps) for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"maxBitrate" + }, + "MaxLatency":{ + "shape":"Integer", + "documentation":"

    The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.

    ", + "locationName":"maxLatency" + }, + "MaxSyncBuffer":{ + "shape":"Integer", + "documentation":"

    The size of the buffer (in milliseconds) to use to sync incoming source data.

    ", + "locationName":"maxSyncBuffer" + }, + "MinLatency":{ + "shape":"Integer", + "documentation":"

    The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.

    ", + "locationName":"minLatency" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The protocol that is used by the source or output.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "RemoteId":{ + "shape":"String", + "documentation":"

    The remote ID for the Zixi-pull stream.

    ", + "locationName":"remoteId" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SenderIpAddress":{ + "shape":"String", + "documentation":"

    The IP address that the flow communicates with to initiate connection with the sender.

    ", + "locationName":"senderIpAddress" + }, + "SmoothingLatency":{ + "shape":"Integer", + "documentation":"

    The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"smoothingLatency" + }, + "SourceListenerAddress":{ + "shape":"String", + "documentation":"

    Source IP or domain name for SRT-caller protocol.

    ", + "locationName":"sourceListenerAddress" + }, + "SourceListenerPort":{ + "shape":"Integer", + "documentation":"

    Source port for SRT-caller protocol.

    ", + "locationName":"sourceListenerPort" + }, + "StreamId":{ + "shape":"String", + "documentation":"

    The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.

    ", + "locationName":"streamId" + }, + "NdiSpeedHqQuality":{ + "shape":"Integer", + "documentation":"

    A quality setting for the NDI Speed HQ encoder.

    ", + "locationName":"ndiSpeedHqQuality" + }, + "NdiProgramName":{ + "shape":"String", + "documentation":"

    A suffix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect uses the output name.

    ", + "locationName":"ndiProgramName" + } + }, + "documentation":"

    Attributes related to the transport stream that are used in a source or output.

    " + }, + "TransportMediaInfo":{ + "type":"structure", + "required":["Programs"], + "members":{ + "Programs":{ + "shape":"__listOfTransportStreamProgram", + "documentation":"

    The list of transport stream programs in the current flow's source.

    ", + "locationName":"programs" + } + }, + "documentation":"

    The metadata of the transport stream in the current flow's source.

    " + }, + "TransportStream":{ + "type":"structure", + "required":[ + "Pid", + "StreamType" + ], + "members":{ + "Channels":{ + "shape":"Integer", + "documentation":"

    The number of channels in the audio stream.

    ", + "locationName":"channels" + }, + "Codec":{ + "shape":"String", + "documentation":"

    The codec used by the stream.

    ", + "locationName":"codec" + }, + "FrameRate":{ + "shape":"String", + "documentation":"

    The frame rate used by the video stream.

    ", + "locationName":"frameRate" + }, + "FrameResolution":{ + "shape":"FrameResolution", + "documentation":"

    The frame resolution used by the video stream.

    ", + "locationName":"frameResolution" + }, + "Pid":{ + "shape":"Integer", + "documentation":"

    The Packet ID (PID) as it is reported in the Program Map Table.

    ", + "locationName":"pid" + }, + "SampleRate":{ + "shape":"Integer", + "documentation":"

    The sample rate used by the audio stream.

    ", + "locationName":"sampleRate" + }, + "SampleSize":{ + "shape":"Integer", + "documentation":"

    The sample bit size used by the audio stream.

    ", + "locationName":"sampleSize" + }, + "StreamType":{ + "shape":"String", + "documentation":"

    The Stream Type as it is reported in the Program Map Table.

    ", + "locationName":"streamType" + } + }, + "documentation":"

    The metadata of an elementary transport stream.

    " + }, + "TransportStreamProgram":{ + "type":"structure", + "required":[ "PcrPid", "ProgramNumber", + "ProgramPid", "Streams" - ] - }, - "UntagResourceRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "shape": "__string", - "location": "uri", - "locationName": "resourceArn", - "documentation": "The Amazon Resource Name (ARN) that identifies the AWS Elemental MediaConnect resource from which to delete tags." - }, - "TagKeys": { - "shape": "__listOf__string", - "location": "querystring", - "locationName": "tagKeys", - "documentation": "The keys of the tags to be removed." - } - }, - "required": [ - "TagKeys", - "ResourceArn" - ] - }, - "UpdateBridgeFlowSourceRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "locationName": "flowArn", - "documentation": "The ARN of the cloud flow to use as a source of this bridge." - }, - "FlowVpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "flowVpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this source." - } - }, - "documentation": "Update the flow source of the bridge." - }, - "UpdateBridgeNetworkOutputRequest": { - "type": "structure", - "members": { - "IpAddress": { - "shape": "__string", - "locationName": "ipAddress", - "documentation": "The network output IP Address." - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network output's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network output port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network output protocol." - }, - "Ttl": { - "shape": "__integer", - "locationName": "ttl", - "documentation": "The network output TTL." - } - }, - "documentation": "Update an existing network output." - }, - "UpdateBridgeNetworkSourceRequest": { - "type": "structure", - "members": { - "MulticastIp": { - "shape": "__string", - "locationName": "multicastIp", - "documentation": "The network source multicast IP." - }, - "MulticastSourceSettings": { - "shape": "MulticastSourceSettings", - "locationName": "multicastSourceSettings" - }, - "NetworkName": { - "shape": "__string", - "locationName": "networkName", - "documentation": "The network source's gateway network name." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The network source port." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The network source protocol." - } - }, - "documentation": "Update the network source of the bridge." - }, - "UpdateBridgeOutputRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "NetworkOutput": { - "shape": "UpdateBridgeNetworkOutputRequest", - "locationName": "networkOutput" - }, - "OutputName": { - "shape": "__string", - "location": "uri", - "locationName": "outputName", - "documentation": "The name of the bridge output that you want to update." - } - }, - "documentation": "The fields that you want to update in the bridge output.", - "required": [ - "OutputName", - "BridgeArn" - ] - }, - "UpdateBridgeOutputResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "Output": { - "shape": "BridgeOutput", - "locationName": "output", - "documentation": "The output that you updated." - } - } - }, - "UpdateBridgeRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge that you want to update." - }, - "EgressGatewayBridge": { - "shape": "UpdateEgressGatewayBridgeRequest", - "locationName": "egressGatewayBridge" - }, - "IngressGatewayBridge": { - "shape": "UpdateIngressGatewayBridgeRequest", - "locationName": "ingressGatewayBridge" - }, - "SourceFailoverConfig": { - "shape": "UpdateFailoverConfig", - "locationName": "sourceFailoverConfig" - } - }, - "documentation": "A request to update the bridge.", - "required": [ - "BridgeArn" - ] - }, - "UpdateBridgeResponse": { - "type": "structure", - "members": { - "Bridge": { - "shape": "Bridge", - "locationName": "bridge" - } - } - }, - "UpdateBridgeSourceRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "FlowSource": { - "shape": "UpdateBridgeFlowSourceRequest", - "locationName": "flowSource" - }, - "NetworkSource": { - "shape": "UpdateBridgeNetworkSourceRequest", - "locationName": "networkSource" - }, - "SourceName": { - "shape": "__string", - "location": "uri", - "locationName": "sourceName", - "documentation": "The name of the source that you want to update." - } - }, - "documentation": "The fields that you want to update in the bridge source.", - "required": [ + ], + "members":{ + "PcrPid":{ + "shape":"Integer", + "documentation":"

    The Program Clock Reference (PCR) Packet ID (PID) as it is reported in the Program Association Table.

    ", + "locationName":"pcrPid" + }, + "ProgramName":{ + "shape":"String", + "documentation":"

    The program name as it is reported in the Program Association Table.

    ", + "locationName":"programName" + }, + "ProgramNumber":{ + "shape":"Integer", + "documentation":"

    The program number as it is reported in the Program Association Table.

    ", + "locationName":"programNumber" + }, + "ProgramPid":{ + "shape":"Integer", + "documentation":"

    The program Packet ID (PID) as it is reported in the Program Association Table.

    ", + "locationName":"programPid" + }, + "Streams":{ + "shape":"__listOfTransportStream", + "documentation":"

    The list of elementary transport streams in the program. The list includes video, audio, and data streams.

    ", + "locationName":"streams" + } + }, + "documentation":"

    The metadata of a single transport stream program.

    " + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the resource that you want to untag.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "TagKeys":{ + "shape":"__listOfString", + "documentation":"

    The keys of the tags to be removed.

    ", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UpdateBridgeFlowSourceRequest":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"UpdateBridgeFlowSourceRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) that identifies the MediaConnect resource from which to delete tags.

    ", + "locationName":"flowArn" + }, + "FlowVpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this source.

    ", + "locationName":"flowVpcInterfaceAttachment" + } + }, + "documentation":"

    Update the flow source of the bridge.

    " + }, + "UpdateBridgeFlowSourceRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateBridgeNetworkOutputRequest":{ + "type":"structure", + "members":{ + "IpAddress":{ + "shape":"String", + "documentation":"

    The network output IP Address.

    ", + "locationName":"ipAddress" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network output's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network output port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network output protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "Ttl":{ + "shape":"Integer", + "documentation":"

    The network output TTL.

    ", + "locationName":"ttl" + } + }, + "documentation":"

    Update an existing network output.

    " + }, + "UpdateBridgeNetworkSourceRequest":{ + "type":"structure", + "members":{ + "MulticastIp":{ + "shape":"String", + "documentation":"

    The network source multicast IP.

    ", + "locationName":"multicastIp" + }, + "MulticastSourceSettings":{ + "shape":"MulticastSourceSettings", + "documentation":"

    The settings related to the multicast source.

    ", + "locationName":"multicastSourceSettings" + }, + "NetworkName":{ + "shape":"String", + "documentation":"

    The network source's gateway network name.

    ", + "locationName":"networkName" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The network source port.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The network source protocol.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + } + }, + "documentation":"

    Update the network source of the bridge.

    " + }, + "UpdateBridgeOutputRequest":{ + "type":"structure", + "required":[ + "BridgeArn", + "OutputName" + ], + "members":{ + "BridgeArn":{ + "shape":"UpdateBridgeOutputRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "NetworkOutput":{ + "shape":"UpdateBridgeNetworkOutputRequest", + "documentation":"

    The network of the bridge output.

    ", + "locationName":"networkOutput" + }, + "OutputName":{ + "shape":"String", + "documentation":"

    Tname of the output that you want to update.

    ", + "location":"uri", + "locationName":"OutputName" + } + } + }, + "UpdateBridgeOutputRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "UpdateBridgeOutputResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the bridge that was updated.

    ", + "locationName":"bridgeArn" + }, + "Output":{ + "shape":"BridgeOutput", + "documentation":"

    The bridge output that was updated.

    ", + "locationName":"output" + } + } + }, + "UpdateBridgeRequest":{ + "type":"structure", + "required":["BridgeArn"], + "members":{ + "BridgeArn":{ + "shape":"UpdateBridgeRequestBridgeArnString", + "documentation":"

    TheAmazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "EgressGatewayBridge":{ + "shape":"UpdateEgressGatewayBridgeRequest", + "documentation":"

    A cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.

    ", + "locationName":"egressGatewayBridge" + }, + "IngressGatewayBridge":{ + "shape":"UpdateIngressGatewayBridgeRequest", + "documentation":"

    A ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.

    ", + "locationName":"ingressGatewayBridge" + }, + "SourceFailoverConfig":{ + "shape":"UpdateFailoverConfig", + "documentation":"

    The settings for source failover.

    ", + "locationName":"sourceFailoverConfig" + } + } + }, + "UpdateBridgeRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "UpdateBridgeResponse":{ + "type":"structure", + "members":{ + "Bridge":{ + "shape":"Bridge", + "documentation":"

    The bridge that was updated.

    ", + "locationName":"bridge" + } + } + }, + "UpdateBridgeSourceRequest":{ + "type":"structure", + "required":[ "BridgeArn", "SourceName" - ] - }, - "UpdateBridgeSourceResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "Source": { - "shape": "BridgeSource", - "locationName": "source" + ], + "members":{ + "BridgeArn":{ + "shape":"UpdateBridgeSourceRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "FlowSource":{ + "shape":"UpdateBridgeFlowSourceRequest", + "documentation":"

    The name of the flow that you want to update.

    ", + "locationName":"flowSource" + }, + "NetworkSource":{ + "shape":"UpdateBridgeNetworkSourceRequest", + "documentation":"

    The network for the bridge source.

    ", + "locationName":"networkSource" + }, + "SourceName":{ + "shape":"String", + "documentation":"

    The name of the source that you want to update.

    ", + "location":"uri", + "locationName":"SourceName" } } }, - "UpdateBridgeStateRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "location": "uri", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge that you want to update." - }, - "DesiredState": { - "shape": "DesiredState", - "locationName": "desiredState" + "UpdateBridgeSourceRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "UpdateBridgeSourceResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the updated bridge source.

    ", + "locationName":"bridgeArn" + }, + "Source":{ + "shape":"BridgeSource", + "documentation":"

    The updated bridge source.

    ", + "locationName":"source" } - }, - "documentation": "A request to update the bridge state.", - "required": [ + } + }, + "UpdateBridgeStateRequest":{ + "type":"structure", + "required":[ "BridgeArn", "DesiredState" - ] - }, - "UpdateBridgeStateResponse": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "locationName": "bridgeArn", - "documentation": "The Amazon Resource Number (ARN) of the bridge." - }, - "DesiredState": { - "shape": "DesiredState", - "locationName": "desiredState", - "documentation": "The state of the bridge. ACTIVE or STANDBY." - } - } - }, - "UpdateEgressGatewayBridgeRequest": { - "type": "structure", - "members": { - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "Update an existing egress-type bridge." - } - } - }, - "UpdateEncryption": { - "type": "structure", - "members": { - "Algorithm": { - "shape": "Algorithm", - "locationName": "algorithm", - "documentation": "The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256)." - }, - "ConstantInitializationVector": { - "shape": "__string", - "locationName": "constantInitializationVector", - "documentation": "A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption." - }, - "DeviceId": { - "shape": "__string", - "locationName": "deviceId", - "documentation": "The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "KeyType": { - "shape": "KeyType", - "locationName": "keyType", - "documentation": "The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key)." - }, - "Region": { - "shape": "__string", - "locationName": "region", - "documentation": "The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "ResourceId": { - "shape": "__string", - "locationName": "resourceId", - "documentation": "An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption." - }, - "RoleArn": { - "shape": "__string", - "locationName": "roleArn", - "documentation": "The ARN of the role that you created during setup (when you set up AWS Elemental MediaConnect as a trusted entity)." - }, - "SecretArn": { - "shape": "__string", - "locationName": "secretArn", - "documentation": "The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption." - }, - "Url": { - "shape": "__string", - "locationName": "url", - "documentation": "The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption." - } - }, - "documentation": "Information about the encryption of the flow." - }, - "UpdateFailoverConfig": { - "type": "structure", - "members": { - "FailoverMode": { - "shape": "FailoverMode", - "locationName": "failoverMode", - "documentation": "The type of failover you choose for this flow. MERGE combines the source streams into a single stream, allowing graceful recovery from any single-source loss. FAILOVER allows switching between different streams." - }, - "RecoveryWindow": { - "shape": "__integer", - "locationName": "recoveryWindow", - "documentation": "Recovery window time to look for dash-7 packets" - }, - "SourcePriority": { - "shape": "SourcePriority", - "locationName": "sourcePriority", - "documentation": "The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams." - }, - "State": { - "shape": "State", - "locationName": "state" - } - }, - "documentation": "The settings for source failover." - }, - "UpdateFlowEntitlementRequest": { - "type": "structure", - "members": { - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the entitlement. This description appears only on the AWS Elemental MediaConnect console and will not be seen by the subscriber or end user." - }, - "Encryption": { - "shape": "UpdateEncryption", - "locationName": "encryption", - "documentation": "The type of encryption that will be used on the output associated with this entitlement. Allowable encryption types: static-key, speke." - }, - "EntitlementArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:entitlement:.+$", - "location": "uri", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that you want to update." - }, - "EntitlementStatus": { - "shape": "EntitlementStatus", - "locationName": "entitlementStatus", - "documentation": "An indication of whether you want to enable the entitlement to allow access, or disable it to stop streaming content to the subscriber’s flow temporarily. If you don’t specify the entitlementStatus field in your request, MediaConnect leaves the value unchanged." - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that is associated with the entitlement that you want to update." - }, - "Subscribers": { - "shape": "__listOf__string", - "locationName": "subscribers", - "documentation": "The AWS account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flow using your content as the source." + ], + "members":{ + "BridgeArn":{ + "shape":"UpdateBridgeStateRequestBridgeArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the bridge that you want to update the state of.

    ", + "location":"uri", + "locationName":"BridgeArn" + }, + "DesiredState":{ + "shape":"DesiredState", + "documentation":"

    The desired state for the bridge.

    ", + "locationName":"desiredState" + } + } + }, + "UpdateBridgeStateRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "UpdateBridgeStateResponse":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"String", + "documentation":"

    The ARN of the updated bridge.

    ", + "locationName":"bridgeArn" + }, + "DesiredState":{ + "shape":"DesiredState", + "documentation":"

    The new state of the bridge.

    ", + "locationName":"desiredState" + } + } + }, + "UpdateEgressGatewayBridgeRequest":{ + "type":"structure", + "members":{ + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps).

    ", + "locationName":"maxBitrate" + } + }, + "documentation":"

    Update an existing egress-type bridge.

    " + }, + "UpdateEncryption":{ + "type":"structure", + "members":{ + "Algorithm":{ + "shape":"Algorithm", + "documentation":"

    The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256).

    ", + "locationName":"algorithm" + }, + "ConstantInitializationVector":{ + "shape":"String", + "documentation":"

    A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.

    ", + "locationName":"constantInitializationVector" + }, + "DeviceId":{ + "shape":"String", + "documentation":"

    The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"deviceId" + }, + "KeyType":{ + "shape":"KeyType", + "documentation":"

    The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key).

    ", + "locationName":"keyType" + }, + "Region":{ + "shape":"String", + "documentation":"

    The Amazon Web Services Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"region" + }, + "ResourceId":{ + "shape":"String", + "documentation":"

    An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"resourceId" + }, + "RoleArn":{ + "shape":"String", + "documentation":"

    The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).

    ", + "locationName":"roleArn" + }, + "SecretArn":{ + "shape":"String", + "documentation":"

    The ARN of the secret that you created in Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.

    ", + "locationName":"secretArn" + }, + "Url":{ + "shape":"String", + "documentation":"

    The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.

    ", + "locationName":"url" + } + }, + "documentation":"

    Information about the encryption of the flow.

    " + }, + "UpdateFailoverConfig":{ + "type":"structure", + "members":{ + "FailoverMode":{ + "shape":"FailoverMode", + "documentation":"

    The type of failover you choose for this flow. MERGE combines the source streams into a single stream, allowing graceful recovery from any single-source loss. FAILOVER allows switching between different streams.

    ", + "locationName":"failoverMode" + }, + "RecoveryWindow":{ + "shape":"Integer", + "documentation":"

    Recovery window time to look for dash-7 packets.

    ", + "locationName":"recoveryWindow" + }, + "SourcePriority":{ + "shape":"SourcePriority", + "documentation":"

    The priority you want to assign to a source. You can have a primary stream and a backup stream or two equally prioritized streams.

    ", + "locationName":"sourcePriority" + }, + "State":{ + "shape":"State", + "documentation":"

    The state of source failover on the flow. If the state is inactive, the flow can have only one source. If the state is active, the flow can have one or two sources.

    ", + "locationName":"state" + } + }, + "documentation":"

    The settings for source failover.

    " + }, + "UpdateFlowEntitlementRequest":{ + "type":"structure", + "required":[ + "EntitlementArn", + "FlowArn" + ], + "members":{ + "Description":{ + "shape":"String", + "documentation":"

    A description of the entitlement. This description appears only on the MediaConnect console and will not be seen by the subscriber or end user.

    ", + "locationName":"description" + }, + "Encryption":{ + "shape":"UpdateEncryption", + "documentation":"

    The type of encryption that will be used on the output associated with this entitlement. Allowable encryption types: static-key, speke.

    ", + "locationName":"encryption" + }, + "EntitlementArn":{ + "shape":"UpdateFlowEntitlementRequestEntitlementArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the entitlement that you want to update.

    ", + "location":"uri", + "locationName":"EntitlementArn" + }, + "EntitlementStatus":{ + "shape":"EntitlementStatus", + "documentation":"

    An indication of whether you want to enable the entitlement to allow access, or disable it to stop streaming content to the subscriber’s flow temporarily. If you don’t specify the entitlementStatus field in your request, MediaConnect leaves the value unchanged.

    ", + "locationName":"entitlementStatus" + }, + "FlowArn":{ + "shape":"UpdateFlowEntitlementRequestFlowArnString", + "documentation":"

    The ARN of the flow that is associated with the entitlement that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "Subscribers":{ + "shape":"__listOfString", + "documentation":"

    The Amazon Web Services account IDs that you want to share your content with. The receiving accounts (subscribers) will be allowed to create their own flow using your content as the source.

    ", + "locationName":"subscribers" } - }, - "documentation": "The entitlement fields that you want to update.", - "required": [ - "FlowArn", - "EntitlementArn" - ] + } }, - "UpdateFlowEntitlementResponse": { - "type": "structure", - "members": { - "Entitlement": { - "shape": "Entitlement", - "locationName": "entitlement", - "documentation": "The new configuration of the entitlement that you updated." - }, - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that this entitlement was granted on." + "UpdateFlowEntitlementRequestEntitlementArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + }, + "UpdateFlowEntitlementRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateFlowEntitlementResponse":{ + "type":"structure", + "members":{ + "Entitlement":{ + "shape":"Entitlement", + "documentation":"

    The new configuration of the entitlement that you updated.

    ", + "locationName":"entitlement" + }, + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that this entitlement was granted on.

    ", + "locationName":"flowArn" } } }, - "UpdateFlowMediaStreamRequest": { - "type": "structure", - "members": { - "Attributes": { - "shape": "MediaStreamAttributesRequest", - "locationName": "attributes", - "documentation": "The attributes that you want to assign to the media stream." - }, - "ClockRate": { - "shape": "__integer", - "locationName": "clockRate", - "documentation": "The sample rate (in Hz) for the stream. If the media stream type is video or ancillary data, set this value to 90000. If the media stream type is audio, set this value to either 48000 or 96000." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "Description" - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The Amazon Resource Name (ARN) of the flow." - }, - "MediaStreamName": { - "shape": "__string", - "location": "uri", - "locationName": "mediaStreamName", - "documentation": "The name of the media stream that you want to update." - }, - "MediaStreamType": { - "shape": "MediaStreamType", - "locationName": "mediaStreamType", - "documentation": "The type of media stream." - }, - "VideoFormat": { - "shape": "__string", - "locationName": "videoFormat", - "documentation": "The resolution of the video." - } - }, - "documentation": "The fields that you want to update in the media stream.", - "required": [ + "UpdateFlowMediaStreamRequest":{ + "type":"structure", + "required":[ "FlowArn", "MediaStreamName" - ] - }, - "UpdateFlowMediaStreamResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that is associated with the media stream that you updated." - }, - "MediaStream": { - "shape": "MediaStream", - "locationName": "mediaStream", - "documentation": "The media stream that you updated." - } - } - }, - "UpdateFlowOutputRequest": { - "type": "structure", - "members": { - "CidrAllowList": { - "shape": "__listOf__string", - "locationName": "cidrAllowList", - "documentation": "The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description of the output. This description appears only on the AWS Elemental MediaConnect console and will not be seen by the end user." - }, - "Destination": { - "shape": "__string", - "locationName": "destination", - "documentation": "The IP address where you want to send the output." - }, - "Encryption": { - "shape": "UpdateEncryption", - "locationName": "encryption", - "documentation": "The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key). Allowable encryption types: static-key." - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that is associated with the output that you want to update." - }, - "MaxLatency": { - "shape": "__integer", - "locationName": "maxLatency", - "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams." - }, - "MediaStreamOutputConfigurations": { - "shape": "__listOfMediaStreamOutputConfigurationRequest", - "locationName": "mediaStreamOutputConfigurations", - "documentation": "The media streams that are associated with the output, and the parameters for those associations." - }, - "MinLatency": { - "shape": "__integer", - "locationName": "minLatency", - "documentation": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency." - }, - "OutputArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:output:.+$", - "location": "uri", - "locationName": "outputArn", - "documentation": "The ARN of the output that you want to update." - }, - "Port": { - "shape": "__integer", - "locationName": "port", - "documentation": "The port to use when content is distributed to this output." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The protocol to use for the output." - }, - "RemoteId": { - "shape": "__string", - "locationName": "remoteId", - "documentation": "The remote ID for the Zixi-pull stream." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SenderIpAddress": { - "shape": "__string", - "locationName": "senderIpAddress", - "documentation": "The IP address that the flow communicates with to initiate connection with the sender." - }, - "SmoothingLatency": { - "shape": "__integer", - "locationName": "smoothingLatency", - "documentation": "The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams." - }, - "StreamId": { - "shape": "__string", - "locationName": "streamId", - "documentation": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this output." - }, - "OutputStatus": { - "shape": "OutputStatus", - "locationName": "outputStatus", - "documentation": "An indication of whether the output should transmit data or not. If you don't specify the outputStatus field in your request, MediaConnect leaves the value unchanged." - } - }, - "documentation": "The fields that you want to update in the output.", - "required": [ - "FlowArn", - "OutputArn" - ] - }, - "UpdateFlowOutputResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that is associated with the updated output." - }, - "Output": { - "shape": "Output", - "locationName": "output", - "documentation": "The new settings of the output that you updated." + ], + "members":{ + "Attributes":{ + "shape":"MediaStreamAttributesRequest", + "documentation":"

    The attributes that you want to assign to the media stream.

    ", + "locationName":"attributes" + }, + "ClockRate":{ + "shape":"Integer", + "documentation":"

    The sample rate for the stream. This value in measured in kHz.

    ", + "locationName":"clockRate" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description that can help you quickly identify what your media stream is used for.

    ", + "locationName":"description" + }, + "FlowArn":{ + "shape":"UpdateFlowMediaStreamRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that is associated with the media stream that you updated.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "MediaStreamName":{ + "shape":"String", + "documentation":"

    The media stream that you updated.

    ", + "location":"uri", + "locationName":"MediaStreamName" + }, + "MediaStreamType":{ + "shape":"MediaStreamType", + "documentation":"

    The type of media stream.

    ", + "locationName":"mediaStreamType" + }, + "VideoFormat":{ + "shape":"String", + "documentation":"

    The resolution of the video.

    ", + "locationName":"videoFormat" } } }, - "UpdateFlowRequest": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that you want to update." - }, - "SourceFailoverConfig": { - "shape": "UpdateFailoverConfig", - "locationName": "sourceFailoverConfig" - }, - "Maintenance": { - "shape": "UpdateMaintenance", - "locationName": "maintenance" - }, - "SourceMonitoringConfig": { - "shape": "MonitoringConfig", - "locationName": "sourceMonitoringConfig" + "UpdateFlowMediaStreamRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateFlowMediaStreamResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that is associated with the media stream that you updated.

    ", + "locationName":"flowArn" + }, + "MediaStream":{ + "shape":"MediaStream", + "documentation":"

    The media stream that you updated.

    ", + "locationName":"mediaStream" } - }, - "documentation": "A request to update flow.", - "required": [ - "FlowArn" - ] + } }, - "UpdateFlowResponse": { - "type": "structure", - "members": { - "Flow": { - "shape": "Flow", - "locationName": "flow" - } - } - }, - "UpdateFlowSourceRequest": { - "type": "structure", - "members": { - "Decryption": { - "shape": "UpdateEncryption", - "locationName": "decryption", - "documentation": "The type of encryption used on the content ingested from this source. Allowable encryption types: static-key." - }, - "Description": { - "shape": "__string", - "locationName": "description", - "documentation": "A description for the source. This value is not used or seen outside of the current AWS Elemental MediaConnect account." - }, - "EntitlementArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:entitlement:.+$", - "locationName": "entitlementArn", - "documentation": "The ARN of the entitlement that allows you to subscribe to this flow. The entitlement is set by the flow originator, and the ARN is generated as part of the originator's flow." - }, - "FlowArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:flow:.+$", - "location": "uri", - "locationName": "flowArn", - "documentation": "The flow that is associated with the source that you want to update." - }, - "IngestPort": { - "shape": "__integer", - "locationName": "ingestPort", - "documentation": "The port that the flow will be listening on for incoming content." - }, - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The smoothing max bitrate (in bps) for RIST, RTP, and RTP-FEC streams." - }, - "MaxLatency": { - "shape": "__integer", - "locationName": "maxLatency", - "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams." - }, - "MaxSyncBuffer": { - "shape": "__integer", - "locationName": "maxSyncBuffer", - "documentation": "The size of the buffer (in milliseconds) to use to sync incoming source data." - }, - "MediaStreamSourceConfigurations": { - "shape": "__listOfMediaStreamSourceConfigurationRequest", - "locationName": "mediaStreamSourceConfigurations", - "documentation": "The media streams that are associated with the source, and the parameters for those associations." - }, - "MinLatency": { - "shape": "__integer", - "locationName": "minLatency", - "documentation": "The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency." - }, - "Protocol": { - "shape": "Protocol", - "locationName": "protocol", - "documentation": "The protocol that is used by the source." - }, - "SenderControlPort": { - "shape": "__integer", - "locationName": "senderControlPort", - "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender." - }, - "SenderIpAddress": { - "shape": "__string", - "locationName": "senderIpAddress", - "documentation": "The IP address that the flow communicates with to initiate connection with the sender." - }, - "SourceArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:source:.+$", - "location": "uri", - "locationName": "sourceArn", - "documentation": "The ARN of the source that you want to update." - }, - "SourceListenerAddress": { - "shape": "__string", - "locationName": "sourceListenerAddress", - "documentation": "Source IP or domain name for SRT-caller protocol." - }, - "SourceListenerPort": { - "shape": "__integer", - "locationName": "sourceListenerPort", - "documentation": "Source port for SRT-caller protocol." - }, - "StreamId": { - "shape": "__string", - "locationName": "streamId", - "documentation": "The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams." - }, - "VpcInterfaceName": { - "shape": "__string", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface to use for this source." - }, - "WhitelistCidr": { - "shape": "__string", - "locationName": "whitelistCidr", - "documentation": "The range of IP addresses that should be allowed to contribute content to your source. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16." - }, - "GatewayBridgeSource": { - "shape": "UpdateGatewayBridgeSourceRequest", - "locationName": "gatewayBridgeSource", - "documentation": "The source configuration for cloud flows receiving a stream from a bridge." - } - }, - "documentation": "A request to update the source of a flow.", - "required": [ + "UpdateFlowOutputRequest":{ + "type":"structure", + "required":[ + "FlowArn", + "OutputArn" + ], + "members":{ + "CidrAllowList":{ + "shape":"__listOfString", + "documentation":"

    The range of IP addresses that should be allowed to initiate output requests to this flow. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"cidrAllowList" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the output. This description appears only on the MediaConnect console and will not be seen by the end user.

    ", + "locationName":"description" + }, + "Destination":{ + "shape":"String", + "documentation":"

    The IP address where you want to send the output.

    ", + "locationName":"destination" + }, + "Encryption":{ + "shape":"UpdateEncryption", + "documentation":"

    The type of key used for the encryption. If no keyType is provided, the service will use the default setting (static-key). Allowable encryption types: static-key.

    ", + "locationName":"encryption" + }, + "FlowArn":{ + "shape":"UpdateFlowOutputRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that is associated with the output that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "MaxLatency":{ + "shape":"Integer", + "documentation":"

    The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.

    ", + "locationName":"maxLatency" + }, + "MediaStreamOutputConfigurations":{ + "shape":"__listOfMediaStreamOutputConfigurationRequest", + "documentation":"

    The media streams that are associated with the output, and the parameters for those associations.

    ", + "locationName":"mediaStreamOutputConfigurations" + }, + "MinLatency":{ + "shape":"Integer", + "documentation":"

    The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.

    ", + "locationName":"minLatency" + }, + "OutputArn":{ + "shape":"UpdateFlowOutputRequestOutputArnString", + "documentation":"

    The ARN of the output that you want to update.

    ", + "location":"uri", + "locationName":"OutputArn" + }, + "Port":{ + "shape":"Integer", + "documentation":"

    The port to use when content is distributed to this output.

    ", + "locationName":"port" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The protocol to use for the output.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "RemoteId":{ + "shape":"String", + "documentation":"

    The remote ID for the Zixi-pull stream.

    ", + "locationName":"remoteId" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SenderIpAddress":{ + "shape":"String", + "documentation":"

    The IP address that the flow communicates with to initiate connection with the sender.

    ", + "locationName":"senderIpAddress" + }, + "SmoothingLatency":{ + "shape":"Integer", + "documentation":"

    The smoothing latency in milliseconds for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"smoothingLatency" + }, + "StreamId":{ + "shape":"String", + "documentation":"

    The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.

    ", + "locationName":"streamId" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this output.

    ", + "locationName":"vpcInterfaceAttachment" + }, + "OutputStatus":{ + "shape":"OutputStatus", + "documentation":"

    An indication of whether the output should transmit data or not. If you don't specify the outputStatus field in your request, MediaConnect leaves the value unchanged.

    ", + "locationName":"outputStatus" + }, + "NdiProgramName":{ + "shape":"String", + "documentation":"

    A suffix for the names of the NDI sources that the flow creates. If a custom name isn't specified, MediaConnect uses the output name.

    ", + "locationName":"ndiProgramName" + }, + "NdiSpeedHqQuality":{ + "shape":"Integer", + "documentation":"

    A quality setting for the NDI Speed HQ encoder.

    ", + "locationName":"ndiSpeedHqQuality" + } + } + }, + "UpdateFlowOutputRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateFlowOutputRequestOutputArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:output:.+" + }, + "UpdateFlowOutputResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that is associated with the updated output.

    ", + "locationName":"flowArn" + }, + "Output":{ + "shape":"Output", + "documentation":"

    The new settings of the output that you updated.

    ", + "locationName":"output" + } + } + }, + "UpdateFlowRequest":{ + "type":"structure", + "required":["FlowArn"], + "members":{ + "FlowArn":{ + "shape":"UpdateFlowRequestFlowArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the flow that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "SourceFailoverConfig":{ + "shape":"UpdateFailoverConfig", + "documentation":"

    The settings for source failover.

    ", + "locationName":"sourceFailoverConfig" + }, + "Maintenance":{ + "shape":"UpdateMaintenance", + "documentation":"

    The maintenance setting of the flow.

    ", + "locationName":"maintenance" + }, + "SourceMonitoringConfig":{ + "shape":"MonitoringConfig", + "documentation":"

    The settings for source monitoring.

    ", + "locationName":"sourceMonitoringConfig" + }, + "NdiConfig":{ + "shape":"NdiConfig", + "documentation":"

    Specifies the configuration settings for NDI outputs. Required when the flow includes NDI outputs.

    ", + "locationName":"ndiConfig" + }, + "FlowSize":{ + "shape":"FlowSize", + "documentation":"

    Determines the processing capacity and feature set of the flow.

    ", + "locationName":"flowSize" + } + } + }, + "UpdateFlowRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateFlowResponse":{ + "type":"structure", + "members":{ + "Flow":{ + "shape":"Flow", + "documentation":"

    The updated flow.

    ", + "locationName":"flow" + } + } + }, + "UpdateFlowSourceRequest":{ + "type":"structure", + "required":[ "FlowArn", "SourceArn" - ] - }, - "UpdateFlowSourceResponse": { - "type": "structure", - "members": { - "FlowArn": { - "shape": "__string", - "locationName": "flowArn", - "documentation": "The ARN of the flow that you want to update." - }, - "Source": { - "shape": "Source", - "locationName": "source", - "documentation": "The settings for the source of the flow." - } - } - }, - "UpdateGatewayBridgeSourceRequest": { - "type": "structure", - "members": { - "BridgeArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:bridge:.+$", - "locationName": "bridgeArn", - "documentation": "The ARN of the bridge feeding this flow." - }, - "VpcInterfaceAttachment": { - "shape": "VpcInterfaceAttachment", - "locationName": "vpcInterfaceAttachment", - "documentation": "The name of the VPC interface attachment to use for this bridge source." - } - }, - "documentation": "The source configuration for cloud flows receiving a stream from a bridge." - }, - "UpdateGatewayInstanceRequest": { - "type": "structure", - "members": { - "BridgePlacement": { - "shape": "BridgePlacement", - "locationName": "bridgePlacement", - "documentation": "The availability of the instance to host new bridges. The bridgePlacement property can be LOCKED or AVAILABLE. If it is LOCKED, no new bridges can be deployed to this instance. If it is AVAILABLE, new bridges can be added to this instance." - }, - "GatewayInstanceArn": { - "shape": "__string", - "pattern": "^arn:.+:mediaconnect.+:gateway:.+:instance:.+$", - "location": "uri", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the instance that you want to update." - } - }, - "documentation": "A request to update gateway instance state.", - "required": [ - "GatewayInstanceArn" - ] - }, - "UpdateGatewayInstanceResponse": { - "type": "structure", - "members": { - "BridgePlacement": { - "shape": "BridgePlacement", - "locationName": "bridgePlacement", - "documentation": "The availability of the instance to host new bridges. The bridgePlacement property can be LOCKED or AVAILABLE. If it is LOCKED, no new bridges can be deployed to this instance. If it is AVAILABLE, new bridges can be added to this instance." - }, - "GatewayInstanceArn": { - "shape": "__string", - "locationName": "gatewayInstanceArn", - "documentation": "The Amazon Resource Name (ARN) of the instance." - } - } - }, - "UpdateIngressGatewayBridgeRequest": { - "type": "structure", - "members": { - "MaxBitrate": { - "shape": "__integer", - "locationName": "maxBitrate", - "documentation": "The maximum expected bitrate (in bps)." - }, - "MaxOutputs": { - "shape": "__integer", - "locationName": "maxOutputs", - "documentation": "The maximum number of expected outputs." - } - } - }, - "UpdateMaintenance": { - "type": "structure", - "members": { - "MaintenanceDay": { - "shape": "MaintenanceDay", - "locationName": "maintenanceDay", - "documentation": "A day of a week when the maintenance will happen. use Monday/Tuesday/Wednesday/Thursday/Friday/Saturday/Sunday." - }, - "MaintenanceScheduledDate": { - "shape": "__string", - "locationName": "maintenanceScheduledDate", - "documentation": "A scheduled date in ISO UTC format when the maintenance will happen. Use YYYY-MM-DD format. Example: 2021-01-30." - }, - "MaintenanceStartHour": { - "shape": "__string", - "locationName": "maintenanceStartHour", - "documentation": "UTC time when the maintenance will happen. Use 24-hour HH:MM format. Minutes must be 00. Example: 13:00. The default value is 02:00." - } - }, - "documentation": "Update maintenance setting for a flow" - }, - "VideoMonitoringSetting": { - "type": "structure", - "members": { - "BlackFrames": { - "shape": "BlackFrames", - "locationName": "blackFrames", - "documentation": "Detects video frames that are black." - }, - "FrozenFrames": { - "shape": "FrozenFrames", - "locationName": "frozenFrames", - "documentation": "Detects video frames that have not changed." - } - }, - "documentation": "Specifies the configuration for video stream metrics monitoring." - }, - "VpcInterface": { - "type": "structure", - "members": { - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "Immutable and has to be a unique against other VpcInterfaces in this Flow." - }, - "NetworkInterfaceIds": { - "shape": "__listOf__string", - "locationName": "networkInterfaceIds", - "documentation": "IDs of the network interfaces created in customer's account by MediaConnect." - }, - "NetworkInterfaceType": { - "shape": "NetworkInterfaceType", - "locationName": "networkInterfaceType", - "documentation": "The type of network interface." - }, - "RoleArn": { - "shape": "__string", - "locationName": "roleArn", - "documentation": "Role Arn MediaConnect can assumes to create ENIs in customer's account" - }, - "SecurityGroupIds": { - "shape": "__listOf__string", - "locationName": "securityGroupIds", - "documentation": "Security Group IDs to be used on ENI." - }, - "SubnetId": { - "shape": "__string", - "locationName": "subnetId", - "documentation": "Subnet must be in the AZ of the Flow" - } - }, - "documentation": "The settings for a VPC Source.", - "required": [ - "NetworkInterfaceType", + ], + "members":{ + "Decryption":{ + "shape":"UpdateEncryption", + "documentation":"

    The type of encryption that is used on the content ingested from the source.

    ", + "locationName":"decryption" + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the source. This description is not visible outside of the current Amazon Web Services account.

    ", + "locationName":"description" + }, + "EntitlementArn":{ + "shape":"UpdateFlowSourceRequestEntitlementArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the entitlement that allows you to subscribe to the flow. The entitlement is set by the content originator, and the ARN is generated as part of the originator's flow.

    ", + "locationName":"entitlementArn" + }, + "FlowArn":{ + "shape":"UpdateFlowSourceRequestFlowArnString", + "documentation":"

    The ARN of the flow that you want to update.

    ", + "location":"uri", + "locationName":"FlowArn" + }, + "IngestPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow listens on for incoming content. If the protocol of the source is Zixi, the port must be set to 2088.

    ", + "locationName":"ingestPort" + }, + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum bitrate for RIST, RTP, and RTP-FEC streams.

    ", + "locationName":"maxBitrate" + }, + "MaxLatency":{ + "shape":"Integer", + "documentation":"

    The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams.

    ", + "locationName":"maxLatency" + }, + "MaxSyncBuffer":{ + "shape":"Integer", + "documentation":"

    The size of the buffer (in milliseconds) to use to sync incoming source data.

    ", + "locationName":"maxSyncBuffer" + }, + "MediaStreamSourceConfigurations":{ + "shape":"__listOfMediaStreamSourceConfigurationRequest", + "documentation":"

    The media stream that is associated with the source, and the parameters for that association.

    ", + "locationName":"mediaStreamSourceConfigurations" + }, + "MinLatency":{ + "shape":"Integer", + "documentation":"

    The minimum latency in milliseconds for SRT-based streams. In streams that use the SRT protocol, this value that you set on your MediaConnect source or output represents the minimal potential latency of that connection. The latency of the stream is set to the highest number between the sender’s minimum latency and the receiver’s minimum latency.

    ", + "locationName":"minLatency" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"

    The protocol that the source uses to deliver the content to MediaConnect.

    Elemental MediaConnect no longer supports the Fujitsu QoS protocol. This reference is maintained for legacy purposes only.

    ", + "locationName":"protocol" + }, + "SenderControlPort":{ + "shape":"Integer", + "documentation":"

    The port that the flow uses to send outbound requests to initiate connection with the sender.

    ", + "locationName":"senderControlPort" + }, + "SenderIpAddress":{ + "shape":"String", + "documentation":"

    The IP address that the flow communicates with to initiate connection with the sender.

    ", + "locationName":"senderIpAddress" + }, + "SourceArn":{ + "shape":"UpdateFlowSourceRequestSourceArnString", + "documentation":"

    The ARN of the source that you want to update.

    ", + "location":"uri", + "locationName":"SourceArn" + }, + "SourceListenerAddress":{ + "shape":"String", + "documentation":"

    The source IP or domain name for SRT-caller protocol.

    ", + "locationName":"sourceListenerAddress" + }, + "SourceListenerPort":{ + "shape":"Integer", + "documentation":"

    Source port for SRT-caller protocol.

    ", + "locationName":"sourceListenerPort" + }, + "StreamId":{ + "shape":"String", + "documentation":"

    The stream ID that you want to use for this transport. This parameter applies only to Zixi and SRT caller-based streams.

    ", + "locationName":"streamId" + }, + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface that you want to send your output to.

    ", + "locationName":"vpcInterfaceName" + }, + "WhitelistCidr":{ + "shape":"String", + "documentation":"

    The range of IP addresses that are allowed to contribute content to your source. Format the IP addresses as a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.

    ", + "locationName":"whitelistCidr" + }, + "GatewayBridgeSource":{ + "shape":"UpdateGatewayBridgeSourceRequest", + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    ", + "locationName":"gatewayBridgeSource" + } + } + }, + "UpdateFlowSourceRequestEntitlementArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + }, + "UpdateFlowSourceRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "UpdateFlowSourceRequestSourceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:source:.+" + }, + "UpdateFlowSourceResponse":{ + "type":"structure", + "members":{ + "FlowArn":{ + "shape":"String", + "documentation":"

    The ARN of the flow that you was updated.

    ", + "locationName":"flowArn" + }, + "Source":{ + "shape":"Source", + "documentation":"

    The details of the sources that are assigned to the flow.

    ", + "locationName":"source" + } + } + }, + "UpdateGatewayBridgeSourceRequest":{ + "type":"structure", + "members":{ + "BridgeArn":{ + "shape":"UpdateGatewayBridgeSourceRequestBridgeArnString", + "documentation":"

    The ARN of the bridge feeding this flow.

    ", + "locationName":"bridgeArn" + }, + "VpcInterfaceAttachment":{ + "shape":"VpcInterfaceAttachment", + "documentation":"

    The name of the VPC interface attachment to use for this bridge source.

    ", + "locationName":"vpcInterfaceAttachment" + } + }, + "documentation":"

    The source configuration for cloud flows receiving a stream from a bridge.

    " + }, + "UpdateGatewayBridgeSourceRequestBridgeArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:bridge:.+" + }, + "UpdateGatewayInstanceRequest":{ + "type":"structure", + "required":["GatewayInstanceArn"], + "members":{ + "BridgePlacement":{ + "shape":"BridgePlacement", + "documentation":"

    The state of the instance. ACTIVE or INACTIVE.

    ", + "locationName":"bridgePlacement" + }, + "GatewayInstanceArn":{ + "shape":"UpdateGatewayInstanceRequestGatewayInstanceArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the gateway instance that you want to update.

    ", + "location":"uri", + "locationName":"GatewayInstanceArn" + } + } + }, + "UpdateGatewayInstanceRequestGatewayInstanceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+:instance:.+" + }, + "UpdateGatewayInstanceResponse":{ + "type":"structure", + "members":{ + "BridgePlacement":{ + "shape":"BridgePlacement", + "documentation":"

    The state of the instance. ACTIVE or INACTIVE.

    ", + "locationName":"bridgePlacement" + }, + "GatewayInstanceArn":{ + "shape":"String", + "documentation":"

    The ARN of the instance that was updated.

    ", + "locationName":"gatewayInstanceArn" + } + } + }, + "UpdateIngressGatewayBridgeRequest":{ + "type":"structure", + "members":{ + "MaxBitrate":{ + "shape":"Integer", + "documentation":"

    The maximum expected bitrate (in bps).

    ", + "locationName":"maxBitrate" + }, + "MaxOutputs":{ + "shape":"Integer", + "documentation":"

    The maximum number of expected outputs.

    ", + "locationName":"maxOutputs" + } + }, + "documentation":"

    Update an existing ingress-type bridge.

    " + }, + "UpdateMaintenance":{ + "type":"structure", + "members":{ + "MaintenanceDay":{ + "shape":"MaintenanceDay", + "documentation":"

    A day of a week when the maintenance will happen.

    ", + "locationName":"maintenanceDay" + }, + "MaintenanceScheduledDate":{ + "shape":"String", + "documentation":"

    A scheduled date in ISO UTC format when the maintenance will happen. Use YYYY-MM-DD format. Example: 2021-01-30.

    ", + "locationName":"maintenanceScheduledDate" + }, + "MaintenanceStartHour":{ + "shape":"String", + "documentation":"

    UTC time when the maintenance will happen. Use 24-hour HH:MM format. Minutes must be 00. Example: 13:00. The default value is 02:00.

    ", + "locationName":"maintenanceStartHour" + } + }, + "documentation":"

    Update maintenance setting for a flow.

    " + }, + "VideoMonitoringSetting":{ + "type":"structure", + "members":{ + "BlackFrames":{ + "shape":"BlackFrames", + "documentation":"

    Detects video frames that are black.

    ", + "locationName":"blackFrames" + }, + "FrozenFrames":{ + "shape":"FrozenFrames", + "documentation":"

    Detects video frames that have not changed.

    ", + "locationName":"frozenFrames" + } + }, + "documentation":"

    Specifies the configuration for video stream metrics monitoring.

    " + }, + "VpcInterface":{ + "type":"structure", + "required":[ + "Name", "NetworkInterfaceIds", - "SubnetId", - "SecurityGroupIds", + "NetworkInterfaceType", "RoleArn", - "Name" - ] - }, - "VpcInterfaceAttachment": { - "type": "structure", - "members": { - "VpcInterfaceName": { - "shape": "__string", - "locationName": "vpcInterfaceName", - "documentation": "The name of the VPC interface to use for this resource." - } - }, - "documentation": "The settings for attaching a VPC interface to an resource." - }, - "VpcInterfaceRequest": { - "type": "structure", - "members": { - "Name": { - "shape": "__string", - "locationName": "name", - "documentation": "The name of the VPC Interface. This value must be unique within the current flow." - }, - "NetworkInterfaceType": { - "shape": "NetworkInterfaceType", - "locationName": "networkInterfaceType", - "documentation": "The type of network interface. If this value is not included in the request, MediaConnect uses ENA as the networkInterfaceType." - }, - "RoleArn": { - "shape": "__string", - "locationName": "roleArn", - "documentation": "Role Arn MediaConnect can assumes to create ENIs in customer's account" - }, - "SecurityGroupIds": { - "shape": "__listOf__string", - "locationName": "securityGroupIds", - "documentation": "Security Group IDs to be used on ENI." - }, - "SubnetId": { - "shape": "__string", - "locationName": "subnetId", - "documentation": "Subnet must be in the AZ of the Flow" - } - }, - "documentation": "Desired VPC Interface for a Flow", - "required": [ - "SubnetId", "SecurityGroupIds", + "SubnetId" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    Immutable and has to be a unique against other VpcInterfaces in this Flow.

    ", + "locationName":"name" + }, + "NetworkInterfaceIds":{ + "shape":"__listOfString", + "documentation":"

    IDs of the network interfaces created in customer's account by MediaConnect.

    ", + "locationName":"networkInterfaceIds" + }, + "NetworkInterfaceType":{ + "shape":"NetworkInterfaceType", + "documentation":"

    The type of network interface.

    ", + "locationName":"networkInterfaceType" + }, + "RoleArn":{ + "shape":"String", + "documentation":"

    A role Arn MediaConnect can assume to create ENIs in your account.

    ", + "locationName":"roleArn" + }, + "SecurityGroupIds":{ + "shape":"__listOfString", + "documentation":"

    Security Group IDs to be used on ENI.

    ", + "locationName":"securityGroupIds" + }, + "SubnetId":{ + "shape":"String", + "documentation":"

    Subnet must be in the AZ of the Flow.

    ", + "locationName":"subnetId" + } + }, + "documentation":"

    The settings for a VPC source.

    " + }, + "VpcInterfaceAttachment":{ + "type":"structure", + "members":{ + "VpcInterfaceName":{ + "shape":"String", + "documentation":"

    The name of the VPC interface to use for this resource.

    ", + "locationName":"vpcInterfaceName" + } + }, + "documentation":"

    The settings for attaching a VPC interface to an resource.

    " + }, + "VpcInterfaceRequest":{ + "type":"structure", + "required":[ + "Name", "RoleArn", - "Name" - ] - }, - "__boolean": { - "type": "boolean" - }, - "__double": { - "type": "double" - }, - "__integer": { - "type": "integer" - }, - "__listOfAddBridgeOutputRequest": { - "type": "list", - "member": { - "shape": "AddBridgeOutputRequest" - } - }, - "__listOfAddBridgeSourceRequest": { - "type": "list", - "member": { - "shape": "AddBridgeSourceRequest" - } - }, - "__listOfAddMediaStreamRequest": { - "type": "list", - "member": { - "shape": "AddMediaStreamRequest" - } - }, - "__listOfAddOutputRequest": { - "type": "list", - "member": { - "shape": "AddOutputRequest" - } - }, - "__listOfAudioMonitoringSetting": { - "type": "list", - "member": { - "shape": "AudioMonitoringSetting" - } - }, - "__listOfBridgeOutput": { - "type": "list", - "member": { - "shape": "BridgeOutput" - } - }, - "__listOfBridgeSource": { - "type": "list", - "member": { - "shape": "BridgeSource" - } - }, - "__listOfDestinationConfiguration": { - "type": "list", - "member": { - "shape": "DestinationConfiguration" - } - }, - "__listOfDestinationConfigurationRequest": { - "type": "list", - "member": { - "shape": "DestinationConfigurationRequest" - } - }, - "__listOfEntitlement": { - "type": "list", - "member": { - "shape": "Entitlement" - } - }, - "__listOfGatewayNetwork": { - "type": "list", - "member": { - "shape": "GatewayNetwork" - } - }, - "__listOfGrantEntitlementRequest": { - "type": "list", - "member": { - "shape": "GrantEntitlementRequest" - } - }, - "__listOfInputConfiguration": { - "type": "list", - "member": { - "shape": "InputConfiguration" - } - }, - "__listOfInputConfigurationRequest": { - "type": "list", - "member": { - "shape": "InputConfigurationRequest" - } - }, - "__listOfListedBridge": { - "type": "list", - "member": { - "shape": "ListedBridge" - } - }, - "__listOfListedEntitlement": { - "type": "list", - "member": { - "shape": "ListedEntitlement" - } - }, - "__listOfListedFlow": { - "type": "list", - "member": { - "shape": "ListedFlow" - } - }, - "__listOfListedGateway": { - "type": "list", - "member": { - "shape": "ListedGateway" - } - }, - "__listOfListedGatewayInstance": { - "type": "list", - "member": { - "shape": "ListedGatewayInstance" - } - }, - "__listOfMediaStream": { - "type": "list", - "member": { - "shape": "MediaStream" - } - }, - "__listOfMediaStreamOutputConfiguration": { - "type": "list", - "member": { - "shape": "MediaStreamOutputConfiguration" - } - }, - "__listOfMediaStreamOutputConfigurationRequest": { - "type": "list", - "member": { - "shape": "MediaStreamOutputConfigurationRequest" - } - }, - "__listOfMediaStreamSourceConfiguration": { - "type": "list", - "member": { - "shape": "MediaStreamSourceConfiguration" - } - }, - "__listOfMediaStreamSourceConfigurationRequest": { - "type": "list", - "member": { - "shape": "MediaStreamSourceConfigurationRequest" - } - }, - "__listOfMessageDetail": { - "type": "list", - "member": { - "shape": "MessageDetail" - } - }, - "__listOfOffering": { - "type": "list", - "member": { - "shape": "Offering" - } - }, - "__listOfOutput": { - "type": "list", - "member": { - "shape": "Output" - } - }, - "__listOfReservation": { - "type": "list", - "member": { - "shape": "Reservation" - } - }, - "__listOfSetSourceRequest": { - "type": "list", - "member": { - "shape": "SetSourceRequest" - } - }, - "__listOfSource": { - "type": "list", - "member": { - "shape": "Source" - } - }, - "__listOfTransportStream": { - "type": "list", - "member": { - "shape": "TransportStream" - } - }, - "__listOfTransportStreamProgram": { - "type": "list", - "member": { - "shape": "TransportStreamProgram" - } - }, - "__listOfVideoMonitoringSetting": { - "type": "list", - "member": { - "shape": "VideoMonitoringSetting" - } - }, - "__listOfVpcInterface": { - "type": "list", - "member": { - "shape": "VpcInterface" - } - }, - "__listOfVpcInterfaceRequest": { - "type": "list", - "member": { - "shape": "VpcInterfaceRequest" - } - }, - "__listOf__integer": { - "type": "list", - "member": { - "shape": "__integer" - } - }, - "__listOf__string": { - "type": "list", - "member": { - "shape": "__string" - } - }, - "__long": { - "type": "long" - }, - "__mapOf__string": { - "type": "map", - "key": { - "shape": "__string" - }, - "value": { - "shape": "__string" - } - }, - "__string": { - "type": "string" - }, - "__timestampIso8601": { - "type": "timestamp", - "timestampFormat": "iso8601" - }, - "__timestampUnix": { - "type": "timestamp", - "timestampFormat": "unixTimestamp" + "SecurityGroupIds", + "SubnetId" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    The name for the VPC interface. This name must be unique within the flow.

    ", + "locationName":"name" + }, + "NetworkInterfaceType":{ + "shape":"NetworkInterfaceType", + "documentation":"

    The type of network interface.

    ", + "locationName":"networkInterfaceType" + }, + "RoleArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the role that you created when you set up MediaConnect as a trusted service.

    ", + "locationName":"roleArn" + }, + "SecurityGroupIds":{ + "shape":"__listOfString", + "documentation":"

    A virtual firewall to control inbound and outbound traffic.

    ", + "locationName":"securityGroupIds" + }, + "SubnetId":{ + "shape":"String", + "documentation":"

    The subnet IDs that you want to use for your VPC interface. A range of IP addresses in your VPC. When you create your VPC, you specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. This is the primary CIDR block for your VPC. When you create a subnet for your VPC, you specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. The subnets that you use across all VPC interfaces on the flow must be in the same Availability Zone as the flow.

    ", + "locationName":"subnetId" + }, + "VpcInterfaceTags":{ + "shape":"__mapOfString", + "documentation":"

    The key-value pairs that can be used to tag and organize the VPC network interface.

    ", + "locationName":"vpcInterfaceTags" + } + }, + "documentation":"

    The details of the VPC interfaces that you want to add to the flow.

    " + }, + "__listOfAddBridgeOutputRequest":{ + "type":"list", + "member":{"shape":"AddBridgeOutputRequest"} + }, + "__listOfAddBridgeSourceRequest":{ + "type":"list", + "member":{"shape":"AddBridgeSourceRequest"} + }, + "__listOfAddMediaStreamRequest":{ + "type":"list", + "member":{"shape":"AddMediaStreamRequest"} + }, + "__listOfAddOutputRequest":{ + "type":"list", + "member":{"shape":"AddOutputRequest"} + }, + "__listOfAudioMonitoringSetting":{ + "type":"list", + "member":{"shape":"AudioMonitoringSetting"} + }, + "__listOfBridgeOutput":{ + "type":"list", + "member":{"shape":"BridgeOutput"} + }, + "__listOfBridgeSource":{ + "type":"list", + "member":{"shape":"BridgeSource"} + }, + "__listOfDestinationConfiguration":{ + "type":"list", + "member":{"shape":"DestinationConfiguration"} + }, + "__listOfDestinationConfigurationRequest":{ + "type":"list", + "member":{"shape":"DestinationConfigurationRequest"} + }, + "__listOfEntitlement":{ + "type":"list", + "member":{"shape":"Entitlement"} + }, + "__listOfGatewayNetwork":{ + "type":"list", + "member":{"shape":"GatewayNetwork"} + }, + "__listOfGrantEntitlementRequest":{ + "type":"list", + "member":{"shape":"GrantEntitlementRequest"} + }, + "__listOfInputConfiguration":{ + "type":"list", + "member":{"shape":"InputConfiguration"} + }, + "__listOfInputConfigurationRequest":{ + "type":"list", + "member":{"shape":"InputConfigurationRequest"} + }, + "__listOfInteger":{ + "type":"list", + "member":{"shape":"Integer"} + }, + "__listOfListedBridge":{ + "type":"list", + "member":{"shape":"ListedBridge"} + }, + "__listOfListedEntitlement":{ + "type":"list", + "member":{"shape":"ListedEntitlement"} + }, + "__listOfListedFlow":{ + "type":"list", + "member":{"shape":"ListedFlow"} + }, + "__listOfListedGateway":{ + "type":"list", + "member":{"shape":"ListedGateway"} + }, + "__listOfListedGatewayInstance":{ + "type":"list", + "member":{"shape":"ListedGatewayInstance"} + }, + "__listOfMediaStream":{ + "type":"list", + "member":{"shape":"MediaStream"} + }, + "__listOfMediaStreamOutputConfiguration":{ + "type":"list", + "member":{"shape":"MediaStreamOutputConfiguration"} + }, + "__listOfMediaStreamOutputConfigurationRequest":{ + "type":"list", + "member":{"shape":"MediaStreamOutputConfigurationRequest"} + }, + "__listOfMediaStreamSourceConfiguration":{ + "type":"list", + "member":{"shape":"MediaStreamSourceConfiguration"} + }, + "__listOfMediaStreamSourceConfigurationRequest":{ + "type":"list", + "member":{"shape":"MediaStreamSourceConfigurationRequest"} + }, + "__listOfMessageDetail":{ + "type":"list", + "member":{"shape":"MessageDetail"} + }, + "__listOfNdiDiscoveryServerConfig":{ + "type":"list", + "member":{"shape":"NdiDiscoveryServerConfig"} + }, + "__listOfOffering":{ + "type":"list", + "member":{"shape":"Offering"} + }, + "__listOfOutput":{ + "type":"list", + "member":{"shape":"Output"} + }, + "__listOfReservation":{ + "type":"list", + "member":{"shape":"Reservation"} + }, + "__listOfSetSourceRequest":{ + "type":"list", + "member":{"shape":"SetSourceRequest"} + }, + "__listOfSource":{ + "type":"list", + "member":{"shape":"Source"} + }, + "__listOfString":{ + "type":"list", + "member":{"shape":"String"} + }, + "__listOfTransportStream":{ + "type":"list", + "member":{"shape":"TransportStream"} + }, + "__listOfTransportStreamProgram":{ + "type":"list", + "member":{"shape":"TransportStreamProgram"} + }, + "__listOfVideoMonitoringSetting":{ + "type":"list", + "member":{"shape":"VideoMonitoringSetting"} + }, + "__listOfVpcInterface":{ + "type":"list", + "member":{"shape":"VpcInterface"} + }, + "__listOfVpcInterfaceRequest":{ + "type":"list", + "member":{"shape":"VpcInterfaceRequest"} + }, + "__mapOfString":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} } }, - "documentation": "API for AWS Elemental MediaConnect" -} \ No newline at end of file + "documentation":"

    Welcome to the Elemental MediaConnect API reference.

    MediaConnect is a service that lets you ingest live video content into the cloud and distribute it to destinations all over the world, both inside and outside the Amazon Web Services cloud. This API reference provides descriptions, syntax, and usage examples for each of the actions and data types that are supported by MediaConnect.

    Use the following links to get started with the MediaConnect API:

    • Actions: An alphabetical list of all MediaConnect API operations.

    • Data types: An alphabetical list of all MediaConnect data types.

    • Common parameters: Parameters that all operations can use.

    • Common errors: Client and server errors that all operations can return.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json --- 2.23.6-1/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,118 +1,104 @@ { - "version": 2, - "waiters": { - "FlowActive": { - "description": "Wait until a flow is active", - "operation": "DescribeFlow", - "delay": 3, - "maxAttempts": 40, - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "Flow.Status", - "expected": "ACTIVE" - }, - { - "state": "retry", - "matcher": "path", - "argument": "Flow.Status", - "expected": "STARTING" - }, - { - "state": "retry", - "matcher": "path", - "argument": "Flow.Status", - "expected": "UPDATING" - }, - { - "state": "retry", - "matcher": "status", - "expected": 500 - }, - { - "state": "retry", - "matcher": "status", - "expected": 503 - }, - { - "state": "failure", - "matcher": "path", - "argument": "Flow.Status", - "expected": "ERROR" - } - ] + "version" : 2, + "waiters" : { + "FlowActive" : { + "description" : "Wait until a flow is active", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "DescribeFlow", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "retry", + "expected" : "STARTING" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "retry", + "expected" : "UPDATING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "failure", + "expected" : "STANDBY" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "failure", + "expected" : "ERROR" + } ] }, - "FlowStandby": { - "description": "Wait until a flow is in standby mode", - "operation": "DescribeFlow", - "delay": 3, - "maxAttempts": 40, - "acceptors": [ - { - "state": "success", - "matcher": "path", - "argument": "Flow.Status", - "expected": "STANDBY" - }, - { - "state": "retry", - "matcher": "path", - "argument": "Flow.Status", - "expected": "STOPPING" - }, - { - "state": "retry", - "matcher": "status", - "expected": 500 - }, - { - "state": "retry", - "matcher": "status", - "expected": 503 - }, - { - "state": "failure", - "matcher": "path", - "argument": "Flow.Status", - "expected": "ERROR" - } - ] + "FlowDeleted" : { + "description" : "Wait until a flow is deleted", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "DescribeFlow", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "NotFoundException" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "retry", + "expected" : "DELETING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "failure", + "expected" : "ERROR" + } ] }, - "FlowDeleted": { - "description": "Wait until a flow is deleted", - "operation": "DescribeFlow", - "delay": 3, - "maxAttempts": 40, - "acceptors": [ - { - "state": "success", - "matcher": "status", - "expected": 404 - }, - { - "state": "retry", - "matcher": "path", - "argument": "Flow.Status", - "expected": "DELETING" - }, - { - "state": "retry", - "matcher": "status", - "expected": 500 - }, - { - "state": "retry", - "matcher": "status", - "expected": 503 - }, - { - "state": "failure", - "matcher": "path", - "argument": "Flow.Status", - "expected": "ERROR" - } - ] + "FlowStandby" : { + "description" : "Wait until a flow is in standby mode", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "DescribeFlow", + "acceptors" : [ { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "success", + "expected" : "STANDBY" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "retry", + "expected" : "STOPPING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "Flow.Status", + "state" : "failure", + "expected" : "ERROR" + } ] } } -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/mediaconvert/2017-08-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediaconvert/2017-08-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediaconvert/2017-08-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediaconvert/2017-08-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json 2.31.35-1/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json --- 2.23.6-1/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,15 +1,15 @@ { "metadata": { "apiVersion": "2017-08-29", - "endpointPrefix": "mediaconvert", "signingName": "mediaconvert", "serviceFullName": "AWS Elemental MediaConvert", "serviceId": "MediaConvert", "protocol": "rest-json", "jsonVersion": "1.1", - "uid": "mediaconvert-2017-08-29", "signatureVersion": "v4", + "endpointPrefix": "mediaconvert", "serviceAbbreviation": "MediaConvert", + "uid": "mediaconvert-2017-08-29", "auth": [ "aws.auth#sigv4" ] @@ -38,6 +38,10 @@ "documentation": "The service encountered an unexpected condition and cannot fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -79,6 +83,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -120,6 +128,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -161,6 +173,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -202,6 +218,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -243,6 +263,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -261,6 +285,52 @@ ], "documentation": "Create a new transcoding queue. For information about queues, see Working With Queues in the User Guide at https://docs.aws.amazon.com/mediaconvert/latest/ug/working-with-queues.html" }, + "CreateResourceShare": { + "name": "CreateResourceShare", + "http": { + "method": "POST", + "requestUri": "/2017-08-29/resourceShares", + "responseCode": 202 + }, + "input": { + "shape": "CreateResourceShareRequest" + }, + "output": { + "shape": "CreateResourceShareResponse", + "documentation": "Share request accepted and queued, or resource is already shared with the specified support case" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "The service can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "The service encountered an unexpected condition and can't fulfill your request." + }, + { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permissions for this action with the credentials you sent." + }, + { + "shape": "NotFoundException", + "documentation": "The resource you requested doesn't exist." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." + }, + { + "shape": "ConflictException", + "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." + } + ], + "documentation": "Create a new resource share request for MediaConvert resources with AWS Support." + }, "DeleteJobTemplate": { "name": "DeleteJobTemplate", "http": { @@ -284,6 +354,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -325,6 +399,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -366,6 +444,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -407,6 +489,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -448,6 +534,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -491,6 +581,10 @@ "documentation": "The service encountered an unexpected condition and cannot fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -532,6 +626,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -573,6 +671,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -591,6 +693,51 @@ ], "documentation": "Retrieve the JSON for a specific job template." }, + "GetJobsQueryResults": { + "name": "GetJobsQueryResults", + "http": { + "method": "GET", + "requestUri": "/2017-08-29/jobsQueries/{id}", + "responseCode": 200 + }, + "input": { + "shape": "GetJobsQueryResultsRequest" + }, + "output": { + "shape": "GetJobsQueryResultsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "The service can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "The service encountered an unexpected condition and can't fulfill your request." + }, + { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permissions for this action with the credentials you sent." + }, + { + "shape": "NotFoundException", + "documentation": "The resource you requested doesn't exist." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." + }, + { + "shape": "ConflictException", + "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." + } + ], + "documentation": "Retrieve a JSON array of up to twenty of your most recent jobs matched by a jobs query." + }, "GetPolicy": { "name": "GetPolicy", "http": { @@ -614,6 +761,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -655,6 +806,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -696,6 +851,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -737,6 +896,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -778,6 +941,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -819,6 +986,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -860,6 +1031,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -901,6 +1076,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -942,6 +1121,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -960,6 +1143,51 @@ ], "documentation": "Retrieve a JSON array of all available Job engine versions and the date they expire." }, + "Probe": { + "name": "Probe", + "http": { + "method": "POST", + "requestUri": "/2017-08-29/probe", + "responseCode": 200 + }, + "input": { + "shape": "ProbeRequest" + }, + "output": { + "shape": "ProbeResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "The service can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "The service encountered an unexpected condition and can't fulfill your request." + }, + { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permissions for this action with the credentials you sent." + }, + { + "shape": "NotFoundException", + "documentation": "The resource you requested doesn't exist." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." + }, + { + "shape": "ConflictException", + "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." + } + ], + "documentation": "Use Probe to obtain detailed information about your input media files. Probe returns a JSON that includes container, codec, frame rate, resolution, track count, audio layout, captions, and more. You can use this information to learn more about your media files, or to help make decisions while automating your transcoding workflow." + }, "PutPolicy": { "name": "PutPolicy", "http": { @@ -983,6 +1211,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1024,6 +1256,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1042,6 +1278,51 @@ ], "documentation": "Retrieve a JSON array that includes job details for up to twenty of your most recent jobs. Optionally filter results further according to input file, queue, or status. To retrieve the twenty next most recent jobs, use the nextToken string returned with the array." }, + "StartJobsQuery": { + "name": "StartJobsQuery", + "http": { + "method": "POST", + "requestUri": "/2017-08-29/jobsQueries", + "responseCode": 201 + }, + "input": { + "shape": "StartJobsQueryRequest" + }, + "output": { + "shape": "StartJobsQueryResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "The service can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "The service encountered an unexpected condition and can't fulfill your request." + }, + { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permissions for this action with the credentials you sent." + }, + { + "shape": "NotFoundException", + "documentation": "The resource you requested doesn't exist." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." + }, + { + "shape": "ConflictException", + "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." + } + ], + "documentation": "Start an asynchronous jobs query using the provided filters. To receive the list of jobs that match your query, call the GetJobsQueryResults API using the query ID returned by this API." + }, "TagResource": { "name": "TagResource", "http": { @@ -1065,6 +1346,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1106,6 +1391,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1147,6 +1436,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1188,6 +1481,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1229,6 +1526,10 @@ "documentation": "The service encountered an unexpected condition and can't fulfill your request." }, { + "shape": "ServiceQuotaExceededException", + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + { "shape": "ForbiddenException", "documentation": "You don't have permissions for this action with the credentials you sent." }, @@ -1259,11 +1560,12 @@ }, "AacCodecProfile": { "type": "string", - "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates.", + "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates. For improved audio quality at lower bitrates, adaptive audio bitrate switching, and loudness control: Choose XHE.", "enum": [ "LC", "HEV1", - "HEV2" + "HEV2", + "XHE" ] }, "AacCodingMode": { @@ -1277,6 +1579,14 @@ "CODING_MODE_5_1" ] }, + "AacLoudnessMeasurementMode": { + "type": "string", + "documentation": "Choose the loudness measurement mode for your audio content. For music or advertisements: We recommend that you keep the default value, Program. For speech or other content: We recommend that you choose Anchor. When you do, MediaConvert optimizes the loudness of your output for clarify by applying speech gates.", + "enum": [ + "PROGRAM", + "ANCHOR" + ] + }, "AacRateControlMode": { "type": "string", "documentation": "Specify the AAC rate control mode. For a constant bitrate: Choose CBR. Your AAC output bitrate will be equal to the value that you choose for Bitrate. For a variable bitrate: Choose VBR. Your AAC output bitrate will vary according to your audio content and the value that you choose for Bitrate quality.", @@ -1309,13 +1619,23 @@ "CodecProfile": { "shape": "AacCodecProfile", "locationName": "codecProfile", - "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates." + "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates. For improved audio quality at lower bitrates, adaptive audio bitrate switching, and loudness control: Choose XHE." }, "CodingMode": { "shape": "AacCodingMode", "locationName": "codingMode", "documentation": "The Coding mode that you specify determines the number of audio channels and the audio channel layout metadata in your AAC output. Valid coding modes depend on the Rate control mode and Profile that you select. The following list shows the number of audio channels and channel layout for each coding mode. * 1.0 Audio Description (Receiver Mix): One channel, C. Includes audio description data from your stereo input. For more information see ETSI TS 101 154 Annex E. * 1.0 Mono: One channel, C. * 2.0 Stereo: Two channels, L, R. * 5.1 Surround: Six channels, C, L, R, Ls, Rs, LFE." }, + "LoudnessMeasurementMode": { + "shape": "AacLoudnessMeasurementMode", + "locationName": "loudnessMeasurementMode", + "documentation": "Choose the loudness measurement mode for your audio content. For music or advertisements: We recommend that you keep the default value, Program. For speech or other content: We recommend that you choose Anchor. When you do, MediaConvert optimizes the loudness of your output for clarify by applying speech gates." + }, + "RapInterval": { + "shape": "__integerMin2000Max30000", + "locationName": "rapInterval", + "documentation": "Specify the RAP (Random Access Point) interval for your xHE-AAC audio output. A RAP allows a decoder to decode audio data mid-stream, without the need to reference previous audio frames, and perform adaptive audio bitrate switching. To specify the RAP interval: Enter an integer from 2000 to 30000, in milliseconds. Smaller values allow for better seeking and more frequent stream switching, while large values improve compression efficiency. To have MediaConvert automatically determine the RAP interval: Leave blank." + }, "RateControlMode": { "shape": "AacRateControlMode", "locationName": "rateControlMode", @@ -1336,6 +1656,11 @@ "locationName": "specification", "documentation": "Use MPEG-2 AAC instead of MPEG-4 AAC audio for raw or MPEG-2 Transport Stream containers." }, + "TargetLoudnessRange": { + "shape": "__integerMin6Max16", + "locationName": "targetLoudnessRange", + "documentation": "Specify the xHE-AAC loudness target. Enter an integer from 6 to 16, representing \"loudness units\". For more information, see the following specification: Supplementary information for R 128 EBU Tech 3342-2023." + }, "VbrQuality": { "shape": "AacVbrQuality", "locationName": "vbrQuality", @@ -1683,8 +2008,7 @@ }, "AssociateCertificateResponse": { "type": "structure", - "members": { - } + "members": {} }, "AudioChannelTag": { "type": "string", @@ -1841,6 +2165,11 @@ "locationName": "audioNormalizationSettings", "documentation": "Advanced audio normalization settings. Ignore these settings unless you need to comply with a loudness standard." }, + "AudioPitchCorrectionSettings": { + "shape": "AudioPitchCorrectionSettings", + "locationName": "audioPitchCorrectionSettings", + "documentation": "Settings for audio pitch correction during framerate conversion." + }, "AudioSourceName": { "shape": "__stringMax2048", "locationName": "audioSourceName", @@ -1869,7 +2198,7 @@ "LanguageCode": { "shape": "LanguageCode", "locationName": "languageCode", - "documentation": "Indicates the language of the audio output track. The ISO 639 language specified in the 'Language Code' drop down will be used when 'Follow Input Language Code' is not selected or when 'Follow Input Language Code' is selected but there is no ISO 639 language code specified by the input." + "documentation": "Specify the language for your output audio track. To follow the input language: Leave blank. When you do, also set Language code control to Follow input. If no input language is detected MediaConvert will not write an output language code. To follow the input langauge, but fall back to a specified language code if there is no input language to follow: Enter an ISO 639-2 three-letter language code in all capital letters. When you do, also set Language code control to Follow input. To specify the language code: Enter an ISO 639 three-letter language code in all capital letters. When you do, also set Language code control to Use configured." }, "LanguageCodeControl": { "shape": "AudioLanguageCodeControl", @@ -1983,6 +2312,53 @@ }, "documentation": "Advanced audio normalization settings. Ignore these settings unless you need to comply with a loudness standard." }, + "AudioPitchCorrectionSettings": { + "type": "structure", + "members": { + "SlowPalPitchCorrection": { + "shape": "SlowPalPitchCorrection", + "locationName": "slowPalPitchCorrection", + "documentation": "Use Slow PAL pitch correction to compensate for audio pitch changes during slow PAL frame rate conversion. This setting only applies when Slow PAL is enabled in your output video codec settings. To automatically apply audio pitch correction: Choose Enabled. MediaConvert automatically applies a pitch correction to your output to match the original content's audio pitch. To not apply audio pitch correction: Keep the default value, Disabled." + } + }, + "documentation": "Settings for audio pitch correction during framerate conversion." + }, + "AudioProperties": { + "type": "structure", + "members": { + "BitDepth": { + "shape": "__integer", + "locationName": "bitDepth", + "documentation": "The bit depth of the audio track." + }, + "BitRate": { + "shape": "__long", + "locationName": "bitRate", + "documentation": "The bit rate of the audio track, in bits per second." + }, + "Channels": { + "shape": "__integer", + "locationName": "channels", + "documentation": "The number of audio channels in the audio track." + }, + "FrameRate": { + "shape": "FrameRate", + "locationName": "frameRate", + "documentation": "The frame rate of the video or audio track, expressed as a fraction with numerator and denominator values." + }, + "LanguageCode": { + "shape": "__string", + "locationName": "languageCode", + "documentation": "The language code of the audio track, in three character ISO 639-3 format." + }, + "SampleRate": { + "shape": "__integer", + "locationName": "sampleRate", + "documentation": "The sample rate of the audio track." + } + }, + "documentation": "Details about the media file's audio track." + }, "AudioSelector": { "type": "structure", "members": { @@ -2004,7 +2380,7 @@ "ExternalAudioFileInput": { "shape": "__stringPatternS3Https", "locationName": "externalAudioFileInput", - "documentation": "Specifies audio data from an external file source." + "documentation": "Specify the S3, HTTP, or HTTPS URL for your external audio file input." }, "HlsRenditionGroupSettings": { "shape": "HlsRenditionGroupSettings", @@ -2014,12 +2390,12 @@ "LanguageCode": { "shape": "LanguageCode", "locationName": "languageCode", - "documentation": "Selects a specific language code from within an audio source." + "documentation": "Specify the language, using an ISO 639-2 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" }, "Offset": { "shape": "__integerMinNegative2147483648Max2147483647", "locationName": "offset", - "documentation": "Specifies a time delta in milliseconds to offset the audio from the input video." + "documentation": "Specify a time delta, in milliseconds, to offset the audio from the input video.\nTo specify no offset: Keep the default value, 0.\nTo specify an offset: Enter an integer from -2147483648 to 2147483647" }, "Pids": { "shape": "__listOf__integerMin1Max2147483647", @@ -2039,12 +2415,17 @@ "SelectorType": { "shape": "AudioSelectorType", "locationName": "selectorType", - "documentation": "Specifies the type of the audio selector." + "documentation": "Specify how MediaConvert selects audio content within your input. The default is Track. PID: Select audio by specifying the Packet Identifier (PID) values for MPEG Transport Stream inputs. Use this when you know the exact PID values of your audio streams. Track: Default. Select audio by track number. This is the most common option and works with most input container formats. If more types of audio data get recognized in the future, these numberings may shift, but the numberings used for Stream mode will not. Language code: Select audio by language using an ISO 639-2 or ISO 639-3 three-letter code in all capital letters. Use this when your source has embedded language metadata and you want to select tracks based on their language. HLS rendition group: Select audio from an HLS rendition group. Use this when your input is an HLS package with multiple audio renditions and you want to select specific rendition groups. All PCM: Select all uncompressed PCM audio tracks from your input automatically. This is useful when you want to include all PCM audio tracks without specifying individual track numbers. Stream: Select audio by stream number. Stream numbers include all tracks in the source file, regardless of type, and correspond to either the order of tracks in the file, or if applicable, the stream number metadata of the track. Although all tracks count toward these stream numbers, in this audio selector context, only the stream number of a track containing audio data may be used. If your source file contains a track which is not recognized by the service, then the corresponding stream number will still be reserved for future use. If more types of audio data get recognized in the future, these numberings will not shift." + }, + "Streams": { + "shape": "__listOf__integerMin1Max2147483647", + "locationName": "streams", + "documentation": "Identify a track from the input audio to include in this selector by entering the stream index number. These numberings count all tracks in the input file, but only a track containing audio data may be used here. To include several tracks in a single audio selector, specify multiple tracks as follows. Using the console, enter a comma-separated list. For example, type \"1,2,3\" to include tracks 1 through 3." }, "Tracks": { "shape": "__listOf__integerMin1Max2147483647", "locationName": "tracks", - "documentation": "Identify a track from the input audio to include in this selector by entering the track index number. To include several tracks in a single audio selector, specify multiple tracks as follows. Using the console, enter a comma-separated list. For example, type \"1,2,3\" to include tracks 1 through 3." + "documentation": "Identify a track from the input audio to include in this selector by entering the track index number. These numberings include only tracks recognized as audio. If the service recognizes more types of audio tracks in the future, these numberings may shift. To include several tracks in a single audio selector, specify multiple tracks as follows. Using the console, enter a comma-separated list. For example, type \"1,2,3\" to include tracks 1 through 3." } }, "documentation": "Use Audio selectors to specify a track or set of tracks from the input that you will use in your outputs. You can use multiple Audio selectors per input." @@ -2062,12 +2443,14 @@ }, "AudioSelectorType": { "type": "string", - "documentation": "Specifies the type of the audio selector.", + "documentation": "Specify how MediaConvert selects audio content within your input. The default is Track. PID: Select audio by specifying the Packet Identifier (PID) values for MPEG Transport Stream inputs. Use this when you know the exact PID values of your audio streams. Track: Default. Select audio by track number. This is the most common option and works with most input container formats. If more types of audio data get recognized in the future, these numberings may shift, but the numberings used for Stream mode will not. Language code: Select audio by language using an ISO 639-2 or ISO 639-3 three-letter code in all capital letters. Use this when your source has embedded language metadata and you want to select tracks based on their language. HLS rendition group: Select audio from an HLS rendition group. Use this when your input is an HLS package with multiple audio renditions and you want to select specific rendition groups. All PCM: Select all uncompressed PCM audio tracks from your input automatically. This is useful when you want to include all PCM audio tracks without specifying individual track numbers. Stream: Select audio by stream number. Stream numbers include all tracks in the source file, regardless of type, and correspond to either the order of tracks in the file, or if applicable, the stream number metadata of the track. Although all tracks count toward these stream numbers, in this audio selector context, only the stream number of a track containing audio data may be used. If your source file contains a track which is not recognized by the service, then the corresponding stream number will still be reserved for future use. If more types of audio data get recognized in the future, these numberings will not shift.", "enum": [ "PID", "TRACK", "LANGUAGE_CODE", - "HLS_RENDITION_GROUP" + "HLS_RENDITION_GROUP", + "ALL_PCM", + "STREAM" ] }, "AudioTypeControl": { @@ -2117,6 +2500,11 @@ "locationName": "maxAbrBitrate", "documentation": "Specify the maximum average bitrate for MediaConvert to use in your automated ABR stack. If you don't specify a value, MediaConvert uses 8,000,000 (8 mb/s) by default. The average bitrate of your highest-quality rendition will be equal to or below this value, depending on the quality, complexity, and resolution of your content. Note that the instantaneous maximum bitrate may vary above the value that you specify." }, + "MaxQualityLevel": { + "shape": "__doubleMin1Max10", + "locationName": "maxQualityLevel", + "documentation": "Optional. Specify the QVBR quality level to use for all renditions in your automated ABR stack. To have MediaConvert automatically determine the quality level: Leave blank. To manually specify a quality level: Enter a value from 1 to 10. MediaConvert will use a quality level up to the value that you specify, depending on your source. For more information about QVBR quality levels, see: https://docs.aws.amazon.com/mediaconvert/latest/ug/qvbr-guidelines.html" + }, "MaxRenditions": { "shape": "__integerMin3Max15", "locationName": "maxRenditions", @@ -2184,11 +2572,12 @@ }, "Av1FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "Av1QvbrSettings": { @@ -2240,7 +2629,7 @@ "FramerateConversionAlgorithm": { "shape": "Av1FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -2267,6 +2656,11 @@ "locationName": "numberBFramesBetweenReferenceFrames", "documentation": "Specify from the number of B-frames, in the range of 0-15. For AV1 encoding, we recommend using 7 or 15. Choose a larger number for a lower bitrate and smaller file size; choose a smaller number for better video quality." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "QvbrSettings": { "shape": "Av1QvbrSettings", "locationName": "qvbrSettings", @@ -2329,11 +2723,12 @@ }, "AvcIntraFramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "AvcIntraInterlaceMode": { @@ -2376,7 +2771,7 @@ "FramerateConversionAlgorithm": { "shape": "AvcIntraFramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max1001", @@ -2393,6 +2788,11 @@ "locationName": "interlaceMode", "documentation": "Choose the scan line type for the output. Keep the default value, Progressive to create a progressive output, regardless of the scan type of your input. Use Top field first or Bottom field first to create an output that's interlaced with the same field polarity throughout. Use Follow, default top or Follow, default bottom to produce outputs with the same field polarity as the source. For jobs that have multiple inputs, the output field polarity might change over the course of the output. Follow behavior depends on the input scan type. If the source is interlaced, the output will be interlaced with the same polarity as the source. If the source is progressive, the output will be interlaced with top field bottom field first, depending on which of the Follow options you choose." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "ScanTypeConversionMode": { "shape": "AvcIntraScanTypeConversionMode", "locationName": "scanTypeConversionMode", @@ -2751,8 +3151,7 @@ }, "CancelJobResponse": { "type": "structure", - "members": { - } + "members": {} }, "CaptionDescription": { "type": "structure", @@ -3004,6 +3403,14 @@ "WEBVTT" ] }, + "CaptionSourceUpconvertSTLToTeletext": { + "type": "string", + "documentation": "Specify whether this set of input captions appears in your outputs in both STL and Teletext format. If you choose Upconvert, MediaConvert includes the captions data in two ways: it passes the STL data through using the Teletext compatibility bytes fields of the Teletext wrapper, and it also translates the STL data into Teletext.", + "enum": [ + "UPCONVERT", + "DISABLED" + ] + }, "ChannelMapping": { "type": "structure", "members": { @@ -3015,6 +3422,15 @@ }, "documentation": "Channel mapping contains the group of fields that hold the remixing value for each channel, in dB. Specify remix values to indicate how much of the content from your input audio channel you want in your output audio channels. Each instance of the InputChannels or InputChannelsFineTune array specifies these values for one output channel. Use one instance of this array for each output channel. In the console, each array corresponds to a column in the graphical depiction of the mapping matrix. The rows of the graphical matrix correspond to input channels. Valid values are within the range from -60 (mute) through 6. A setting of 0 passes the input channel unchanged to the output channel (no attenuation or amplification). Use InputChannels or InputChannelsFineTune to specify your remix values. Don't use both." }, + "ChromaPositionMode": { + "type": "string", + "documentation": "Specify the chroma sample positioning metadata for your H.264 or H.265 output. To have MediaConvert automatically determine chroma positioning: We recommend that you keep the default value, Auto. To specify center positioning: Choose Force center. To specify top left positioning: Choose Force top left.", + "enum": [ + "AUTO", + "FORCE_CENTER", + "FORCE_TOP_LEFT" + ] + }, "ClipLimits": { "type": "structure", "members": { @@ -3148,7 +3564,7 @@ "DashManifestStyle": { "shape": "DashManifestStyle", "locationName": "dashManifestStyle", - "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline in each video Representation: Keep the default value, Basic. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct." + "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline for outputs that you also specify a Name modifier for: Keep the default value, Basic. Note that if you do not specify a name modifier for an output, MediaConvert will not write a SegmentTimeline for it. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct. To write a SegmentTimeline in each AdaptationSet: Choose Full." }, "Destination": { "shape": "__stringPatternS3", @@ -3228,7 +3644,7 @@ "SegmentLengthControl": { "shape": "CmafSegmentLengthControl", "locationName": "segmentLengthControl", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary." + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz." }, "StreamInfResolution": { "shape": "CmafStreamInfResolution", @@ -3383,10 +3799,11 @@ }, "CmafSegmentLengthControl": { "type": "string", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary.", + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz.", "enum": [ "EXACT", - "GOP_MULTIPLE" + "GOP_MULTIPLE", + "MATCH" ] }, "CmafStreamInfResolution": { @@ -3595,6 +4012,98 @@ "VERSION_1" ] }, + "Codec": { + "type": "string", + "enum": [ + "UNKNOWN", + "AAC", + "AC3", + "EAC3", + "FLAC", + "MP3", + "OPUS", + "PCM", + "VORBIS", + "AV1", + "AVC", + "HEVC", + "JPEG2000", + "MJPEG", + "MPEG1", + "MP4V", + "MPEG2", + "PRORES", + "THEORA", + "VFW", + "VP8", + "VP9", + "QTRLE", + "C608", + "C708", + "WEBVTT" + ] + }, + "CodecMetadata": { + "type": "structure", + "members": { + "BitDepth": { + "shape": "__integer", + "locationName": "bitDepth", + "documentation": "The number of bits used per color component in the video essence such as 8, 10, or 12 bits. Standard range (SDR) video typically uses 8-bit, while 10-bit is common for high dynamic range (HDR)." + }, + "ChromaSubsampling": { + "shape": "__string", + "locationName": "chromaSubsampling", + "documentation": "The chroma subsampling format used in the video encoding, such as \"4:2:0\" or \"4:4:4\". This describes how color information is sampled relative to brightness information. Different subsampling ratios affect video quality and file size, with \"4:4:4\" providing the highest color fidelity and \"4:2:0\" being most common for standard video." + }, + "CodedFrameRate": { + "shape": "FrameRate", + "locationName": "codedFrameRate", + "documentation": "The frame rate of the video or audio track, expressed as a fraction with numerator and denominator values." + }, + "ColorPrimaries": { + "shape": "ColorPrimaries", + "locationName": "colorPrimaries", + "documentation": "The color space primaries of the video track, defining the red, green, and blue color coordinates used for the video. This information helps ensure accurate color reproduction during playback and transcoding." + }, + "Height": { + "shape": "__integer", + "locationName": "height", + "documentation": "The height in pixels as coded by the codec. This represents the actual encoded video height as specified in the video stream headers." + }, + "Level": { + "shape": "__string", + "locationName": "level", + "documentation": "The codec level or tier that specifies the maximum processing requirements and capabilities. Levels define constraints such as maximum bit rate, frame rate, and resolution." + }, + "MatrixCoefficients": { + "shape": "MatrixCoefficients", + "locationName": "matrixCoefficients", + "documentation": "The color space matrix coefficients of the video track, defining how RGB color values are converted to and from YUV color space. This affects color accuracy during encoding and decoding processes." + }, + "Profile": { + "shape": "__string", + "locationName": "profile", + "documentation": "The codec profile used to encode the video. Profiles define specific feature sets and capabilities within a codec standard. For example, H.264 profiles include Baseline, Main, and High, each supporting different encoding features and complexity levels." + }, + "ScanType": { + "shape": "__string", + "locationName": "scanType", + "documentation": "The scanning method specified in the video essence, indicating whether the video uses progressive or interlaced scanning." + }, + "TransferCharacteristics": { + "shape": "TransferCharacteristics", + "locationName": "transferCharacteristics", + "documentation": "The color space transfer characteristics of the video track, defining the relationship between linear light values and the encoded signal values. This affects brightness and contrast reproduction." + }, + "Width": { + "shape": "__integer", + "locationName": "width", + "documentation": "The width in pixels as coded by the codec. This represents the actual encoded video width as specified in the video stream headers." + } + }, + "documentation": "Codec-specific parameters parsed from the video essence headers. This information provides detailed technical specifications about how the video was encoded, including profile settings, resolution details, and color space information that can help you understand the source video characteristics and make informed encoding decisions." + }, "ColorConversion3DLUTSetting": { "type": "structure", "members": { @@ -3695,6 +4204,28 @@ "INSERT" ] }, + "ColorPrimaries": { + "type": "string", + "documentation": "The color space primaries of the video track, defining the red, green, and blue color coordinates used for the video. This information helps ensure accurate color reproduction during playback and transcoding.", + "enum": [ + "ITU_709", + "UNSPECIFIED", + "RESERVED", + "ITU_470M", + "ITU_470BG", + "SMPTE_170M", + "SMPTE_240M", + "GENERIC_FILM", + "ITU_2020", + "SMPTE_428_1", + "SMPTE_431_2", + "SMPTE_EG_432_1", + "IPT", + "SMPTE_2067XYZ", + "EBU_3213_E", + "LAST" + ] + }, "ColorSpace": { "type": "string", "documentation": "If your input video has accurate color space metadata, or if you don't know about color space: Keep the default value, Follow. MediaConvert will automatically detect your input color space. If your input video has metadata indicating the wrong color space, or has missing metadata: Specify the accurate color space here. If your input video is HDR 10 and the SMPTE ST 2086 Mastering Display Color Volume static metadata isn't present in your video stream, or if that metadata is present but not accurate: Choose Force HDR 10. Specify correct values in the input HDR 10 metadata settings. For more information about HDR jobs, see https://docs.aws.amazon.com/console/mediaconvert/hdr. When you specify an input color space, MediaConvert uses the following color space metadata, which includes color primaries, transfer characteristics, and matrix coefficients:\n * HDR 10: BT.2020, PQ, BT.2020 non-constant\n * HLG 2020: BT.2020, HLG, BT.2020 non-constant\n * P3DCI (Theater): DCIP3, SMPTE 428M, BT.709\n * P3D65 (SDR): Display P3, sRGB, BT.709\n * P3D65 (HDR): Display P3, PQ, BT.709", @@ -3752,6 +4283,27 @@ }, "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." }, + "Container": { + "type": "structure", + "members": { + "Duration": { + "shape": "__double", + "locationName": "duration", + "documentation": "The total duration of your media file, in seconds." + }, + "Format": { + "shape": "Format", + "locationName": "format", + "documentation": "The format of your media file. For example: MP4, QuickTime (MOV), Matroska (MKV), WebM or MXF. Note that this will be blank if your media file has a format that the MediaConvert Probe operation does not recognize." + }, + "Tracks": { + "shape": "__listOfTrack", + "locationName": "tracks", + "documentation": "Details about each track (video, audio, or data) in the media file." + } + }, + "documentation": "The container of your media file. This information helps you understand the overall structure and details of your media, including format, duration, and track layout." + }, "ContainerSettings": { "type": "structure", "members": { @@ -3808,6 +4360,7 @@ "documentation": "Container for this output. Some containers require a container settings object. If not specified, the default object will be created.", "enum": [ "F4V", + "GIF", "ISMV", "M2TS", "M3U8", @@ -3841,7 +4394,7 @@ "BillingTagsSource": { "shape": "BillingTagsSource", "locationName": "billingTagsSource", - "documentation": "Optional. Choose a tag type that AWS Billing and Cost Management will use to sort your AWS Elemental MediaConvert costs on any billing report that you set up. Any transcoding outputs that don't have an associated tag will appear in your billing report unsorted. If you don't choose a valid value for this field, your job outputs will appear on the billing report unsorted." + "documentation": "Optionally choose a Billing tags source that AWS Billing and Cost Management will use to display tags for individual output costs on any billing report that you set up. Leave blank to use the default value, Job." }, "ClientRequestToken": { "shape": "__string", @@ -3857,7 +4410,7 @@ "JobEngineVersion": { "shape": "__string", "locationName": "jobEngineVersion", - "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. To specify a Job engine version: Enter a date in a YYYY-MM-DD format. For a list of valid Job engine versions, submit a ListVersions request. To not specify a Job engine version: Leave blank." + "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions represent periodically grouped MediaConvert releases with new features, updates, improvements, and fixes. Job engine versions are in a YYYY-MM-DD format. Note that the Job engine version feature is not publicly available at this time. To request access, contact AWS support." }, "JobTemplate": { "shape": "__string", @@ -4086,6 +4639,29 @@ } } }, + "CreateResourceShareRequest": { + "type": "structure", + "members": { + "JobId": { + "shape": "__string", + "locationName": "jobId", + "documentation": "Specify MediaConvert Job ID or ARN to share" + }, + "SupportCaseId": { + "shape": "__string", + "locationName": "supportCaseId", + "documentation": "AWS Support case identifier" + } + }, + "required": [ + "SupportCaseId", + "JobId" + ] + }, + "CreateResourceShareResponse": { + "type": "structure", + "members": {} + }, "DashAdditionalManifest": { "type": "structure", "members": { @@ -4152,7 +4728,7 @@ "DashManifestStyle": { "shape": "DashManifestStyle", "locationName": "dashManifestStyle", - "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline in each video Representation: Keep the default value, Basic. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct." + "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline for outputs that you also specify a Name modifier for: Keep the default value, Basic. Note that if you do not specify a name modifier for an output, MediaConvert will not write a SegmentTimeline for it. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct. To write a SegmentTimeline in each AdaptationSet: Choose Full." }, "Destination": { "shape": "__stringPatternS3", @@ -4227,7 +4803,7 @@ "SegmentLengthControl": { "shape": "DashIsoSegmentLengthControl", "locationName": "segmentLengthControl", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary." + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz." }, "VideoCompositionOffsets": { "shape": "DashIsoVideoCompositionOffsets", @@ -4346,10 +4922,11 @@ }, "DashIsoSegmentLengthControl": { "type": "string", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary.", + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz.", "enum": [ "EXACT", - "GOP_MULTIPLE" + "GOP_MULTIPLE", + "MATCH" ] }, "DashIsoVideoCompositionOffsets": { @@ -4370,13 +4947,25 @@ }, "DashManifestStyle": { "type": "string", - "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline in each video Representation: Keep the default value, Basic. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct.", + "documentation": "Specify how MediaConvert writes SegmentTimeline in your output DASH manifest. To write a SegmentTimeline for outputs that you also specify a Name modifier for: Keep the default value, Basic. Note that if you do not specify a name modifier for an output, MediaConvert will not write a SegmentTimeline for it. To write a common SegmentTimeline in the video AdaptationSet: Choose Compact. Note that MediaConvert will still write a SegmentTimeline in any Representation that does not share a common timeline. To write a video AdaptationSet for each different output framerate, and a common SegmentTimeline in each AdaptationSet: Choose Distinct. To write a SegmentTimeline in each AdaptationSet: Choose Full.", "enum": [ "BASIC", "COMPACT", - "DISTINCT" + "DISTINCT", + "FULL" ] }, + "DataProperties": { + "type": "structure", + "members": { + "LanguageCode": { + "shape": "__string", + "locationName": "languageCode", + "documentation": "The language code of the data track, in three character ISO 639-3 format." + } + }, + "documentation": "Details about the media file's data track." + }, "DecryptionMode": { "type": "string", "documentation": "Specify the encryption mode that you used to encrypt your input files.", @@ -4451,18 +5040,15 @@ }, "DeleteJobTemplateResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeletePolicyRequest": { "type": "structure", - "members": { - } + "members": {} }, "DeletePolicyResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeletePresetRequest": { "type": "structure", @@ -4480,8 +5066,7 @@ }, "DeletePresetResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeleteQueueRequest": { "type": "structure", @@ -4499,8 +5084,7 @@ }, "DeleteQueueResponse": { "type": "structure", - "members": { - } + "members": {} }, "DescribeEndpointsMode": { "type": "string", @@ -4578,8 +5162,7 @@ }, "DisassociateCertificateResponse": { "type": "structure", - "members": { - } + "members": {} }, "DolbyVision": { "type": "structure", @@ -4729,7 +5312,7 @@ "DdsHandling": { "shape": "DvbddsHandling", "locationName": "ddsHandling", - "documentation": "Specify how MediaConvert handles the display definition segment (DDS). To exclude the DDS from this set of captions: Keep the default, None. To include the DDS: Choose Specified. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate. To include the DDS, but not include display window data: Choose No display window. When you do, you can write position metadata to the page composition segment (PCS) with DDS x-coordinate and DDS y-coordinate. For video resolutions with a height of 576 pixels or less, MediaConvert doesn't include the DDS, regardless of the value you choose for DDS handling. All burn-in and DVB-Sub font settings must match." + "documentation": "Specify how MediaConvert handles the display definition segment (DDS). To exclude the DDS from this set of captions: Keep the default, None. To include the DDS: Choose Specified. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate. To include the DDS, but not include display window data: Choose No display window. When you do, you can write position metadata to the page composition segment (PCS) with DDS x-coordinate and DDS y-coordinate. For video resolutions with a height of 576 pixels or less, MediaConvert doesn't include the DDS, regardless of the value you choose for DDS handling. All burn-in and DVB-Sub font settings must match. To include the DDS, with optimized subtitle placement and reduced data overhead: We recommend that you choose Specified (optimal). This option provides the same visual positioning as Specified while using less bandwidth. This also supports resolutions higher than 1080p while maintaining full DVB-Sub compatibility. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate." }, "DdsXCoordinate": { "shape": "__integerMin0Max2147483647", @@ -4988,11 +5571,51 @@ }, "DvbddsHandling": { "type": "string", - "documentation": "Specify how MediaConvert handles the display definition segment (DDS). To exclude the DDS from this set of captions: Keep the default, None. To include the DDS: Choose Specified. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate. To include the DDS, but not include display window data: Choose No display window. When you do, you can write position metadata to the page composition segment (PCS) with DDS x-coordinate and DDS y-coordinate. For video resolutions with a height of 576 pixels or less, MediaConvert doesn't include the DDS, regardless of the value you choose for DDS handling. All burn-in and DVB-Sub font settings must match.", + "documentation": "Specify how MediaConvert handles the display definition segment (DDS). To exclude the DDS from this set of captions: Keep the default, None. To include the DDS: Choose Specified. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate. To include the DDS, but not include display window data: Choose No display window. When you do, you can write position metadata to the page composition segment (PCS) with DDS x-coordinate and DDS y-coordinate. For video resolutions with a height of 576 pixels or less, MediaConvert doesn't include the DDS, regardless of the value you choose for DDS handling. All burn-in and DVB-Sub font settings must match. To include the DDS, with optimized subtitle placement and reduced data overhead: We recommend that you choose Specified (optimal). This option provides the same visual positioning as Specified while using less bandwidth. This also supports resolutions higher than 1080p while maintaining full DVB-Sub compatibility. When you do, also specify the offset coordinates of the display window with DDS x-coordinate and DDS y-coordinate.", "enum": [ "NONE", "SPECIFIED", - "NO_DISPLAY_WINDOW" + "NO_DISPLAY_WINDOW", + "SPECIFIED_OPTIMAL" + ] + }, + "DynamicAudioSelector": { + "type": "structure", + "members": { + "AudioDurationCorrection": { + "shape": "AudioDurationCorrection", + "locationName": "audioDurationCorrection", + "documentation": "Apply audio timing corrections to help synchronize audio and video in your output. To apply timing corrections, your input must meet the following requirements: * Container: MP4, or MOV, with an accurate time-to-sample (STTS) table. * Audio track: AAC. Choose from the following audio timing correction settings: * Disabled (Default): Apply no correction. * Auto: Recommended for most inputs. MediaConvert analyzes the audio timing in your input and determines which correction setting to use, if needed. * Track: Adjust the duration of each audio frame by a constant amount to align the audio track length with STTS duration. Track-level correction does not affect pitch, and is recommended for tonal audio content such as music. * Frame: Adjust the duration of each audio frame by a variable amount to align audio frames with STTS timestamps. No corrections are made to already-aligned frames. Frame-level correction may affect the pitch of corrected frames, and is recommended for atonal audio content such as speech or percussion. * Force: Apply audio duration correction, either Track or Frame depending on your input, regardless of the accuracy of your input's STTS table. Your output audio and video may not be aligned or it may contain audio artifacts." + }, + "ExternalAudioFileInput": { + "shape": "__stringPatternS3Https", + "locationName": "externalAudioFileInput", + "documentation": "Specify the S3, HTTP, or HTTPS URL for your external audio file input." + }, + "LanguageCode": { + "shape": "LanguageCode", + "locationName": "languageCode", + "documentation": "Specify the language, using an ISO 639-2 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" + }, + "Offset": { + "shape": "__integerMinNegative2147483648Max2147483647", + "locationName": "offset", + "documentation": "Specify a time delta, in milliseconds, to offset the audio from the input video.\nTo specify no offset: Keep the default value, 0.\nTo specify an offset: Enter an integer from -2147483648 to 2147483647" + }, + "SelectorType": { + "shape": "DynamicAudioSelectorType", + "locationName": "selectorType", + "documentation": "Specify which audio tracks to dynamically select from your source. To select all audio tracks: Keep the default value, All tracks. To select all audio tracks with a specific language code: Choose Language code. When you do, you must also specify a language code under the Language code setting. If there is no matching Language code in your source, then no track will be selected." + } + }, + "documentation": "Use Dynamic audio selectors when you do not know the track layout of your source when you submit your job, but want to select multiple audio tracks. When you include an audio track in your output and specify this Dynamic audio selector as the Audio source, MediaConvert creates an audio track within that output for each dynamically selected track. Note that when you include a Dynamic audio selector for two or more inputs, each input must have the same number of audio tracks and audio channels." + }, + "DynamicAudioSelectorType": { + "type": "string", + "documentation": "Specify which audio tracks to dynamically select from your source. To select all audio tracks: Keep the default value, All tracks. To select all audio tracks with a specific language code: Choose Language code. When you do, you must also specify a language code under the Language code setting. If there is no matching Language code in your source, then no track will be selected.", + "enum": [ + "ALL_TRACKS", + "LANGUAGE_CODE" ] }, "Eac3AtmosBitstreamMode": { @@ -5661,6 +6284,11 @@ "shape": "FileSourceTimeDeltaUnits", "locationName": "timeDeltaUnits", "documentation": "When you use the setting Time delta to adjust the sync between your sidecar captions and your video, use this setting to specify the units for the delta that you specify. When you don't specify a value for Time delta units, MediaConvert uses seconds by default." + }, + "UpconvertSTLToTeletext": { + "shape": "CaptionSourceUpconvertSTLToTeletext", + "locationName": "upconvertSTLToTeletext", + "documentation": "Specify whether this set of input captions appears in your outputs in both STL and Teletext format. If you choose Upconvert, MediaConvert includes the captions data in two ways: it passes the STL data through using the Teletext compatibility bytes fields of the Teletext wrapper, and it also translates the STL data into Teletext." } }, "documentation": "If your input captions are SCC, SMI, SRT, STL, TTML, WebVTT, or IMSC 1.1 in an xml file, specify the URI of the input caption source file. If your caption source is IMSC in an IMF package, use TrackSourceSettings instead of FileSoureSettings." @@ -5687,7 +6315,7 @@ "documentation": "Specify the number of channels in this output audio track. Choosing Mono on the console gives you 1 output channel; choosing Stereo gives you 2. In the API, valid values are between 1 and 8." }, "SampleRate": { - "shape": "__integerMin22050Max48000", + "shape": "__integerMin22050Max192000", "locationName": "sampleRate", "documentation": "Sample rate in Hz." } @@ -5733,6 +6361,16 @@ }, "documentation": "Use Force include renditions to specify one or more resolutions to include your ABR stack. * (Recommended) To optimize automated ABR, specify as few resolutions as possible. * (Required) The number of resolutions that you specify must be equal to, or less than, the Max renditions setting. * If you specify a Min top rendition size rule, specify at least one resolution that is equal to, or greater than, Min top rendition size. * If you specify a Min bottom rendition size rule, only specify resolutions that are equal to, or greater than, Min bottom rendition size. * If you specify a Force include renditions rule, do not specify a separate rule for Allowed renditions. * Note: The ABR stack may include other resolutions that you do not specify here, depending on the Max renditions setting." }, + "Format": { + "type": "string", + "enum": [ + "mp4", + "quicktime", + "matroska", + "webm", + "mxf" + ] + }, "FrameCaptureSettings": { "type": "structure", "members": { @@ -5759,6 +6397,35 @@ }, "documentation": "Required when you set Codec to the value FRAME_CAPTURE." }, + "FrameMetricType": { + "type": "string", + "documentation": "* PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes", + "enum": [ + "PSNR", + "SSIM", + "MS_SSIM", + "PSNR_HVS", + "VMAF", + "QVBR", + "SHOT_CHANGE" + ] + }, + "FrameRate": { + "type": "structure", + "members": { + "Denominator": { + "shape": "__integer", + "locationName": "denominator", + "documentation": "The denominator, or bottom number, in the fractional frame rate. For example, if your frame rate is 24000 / 1001 (23.976 frames per second), then the denominator would be 1001." + }, + "Numerator": { + "shape": "__integer", + "locationName": "numerator", + "documentation": "The numerator, or top number, in the fractional frame rate. For example, if your frame rate is 24000 / 1001 (23.976 frames per second), then the numerator would be 24000." + } + }, + "documentation": "The frame rate of the video or audio track, expressed as a fraction with numerator and denominator values." + }, "GetJobRequest": { "type": "structure", "members": { @@ -5807,11 +6474,44 @@ } } }, - "GetPolicyRequest": { + "GetJobsQueryResultsRequest": { "type": "structure", "members": { + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The ID of the jobs query.", + "location": "uri" + } + }, + "required": [ + "Id" + ] + }, + "GetJobsQueryResultsResponse": { + "type": "structure", + "members": { + "Jobs": { + "shape": "__listOfJob", + "locationName": "jobs", + "documentation": "List of jobs." + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "Use this string to request the next batch of jobs via the StartJobsQuery API." + }, + "Status": { + "shape": "JobsQueryStatus", + "locationName": "status", + "documentation": "The status of the jobs query." + } } }, + "GetPolicyRequest": { + "type": "structure", + "members": {} + }, "GetPolicyResponse": { "type": "structure", "members": { @@ -5870,6 +6570,48 @@ } } }, + "GifFramerateControl": { + "type": "string", + "documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.", + "enum": [ + "INITIALIZE_FROM_SOURCE", + "SPECIFIED" + ] + }, + "GifFramerateConversionAlgorithm": { + "type": "string", + "documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion.", + "enum": [ + "DUPLICATE_DROP", + "INTERPOLATE" + ] + }, + "GifSettings": { + "type": "structure", + "members": { + "FramerateControl": { + "shape": "GifFramerateControl", + "locationName": "framerateControl", + "documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator." + }, + "FramerateConversionAlgorithm": { + "shape": "GifFramerateConversionAlgorithm", + "locationName": "framerateConversionAlgorithm", + "documentation": "Optional. Specify how the transcoder performs framerate conversion. The default behavior is to use Drop duplicate (DUPLICATE_DROP) conversion. When you choose Interpolate (INTERPOLATE) instead, the conversion produces smoother motion." + }, + "FramerateDenominator": { + "shape": "__integerMin1Max2147483647", + "locationName": "framerateDenominator", + "documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateDenominator to specify the denominator of this fraction. In this example, use 1001 for the value of FramerateDenominator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976." + }, + "FramerateNumerator": { + "shape": "__integerMin1Max2147483647", + "locationName": "framerateNumerator", + "documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateNumerator to specify the numerator of this fraction. In this example, use 24000 for the value of FramerateNumerator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976." + } + }, + "documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value GIF" + }, "H264AdaptiveQuantization": { "type": "string", "documentation": "Keep the default value, Auto, for this setting to have MediaConvert automatically apply the best types of quantization for your video content. When you want to apply your quantization settings manually, you must set H264AdaptiveQuantization to a value other than Auto. Use this setting to specify the strength of any adaptive quantization filters that you enable. If you don't want MediaConvert to do any adaptive quantization in this transcode, set Adaptive quantization to Off. Related settings: The value that you choose here applies to the following settings: H264FlickerAdaptiveQuantization, H264SpatialAdaptiveQuantization, and H264TemporalAdaptiveQuantization.", @@ -5969,11 +6711,12 @@ }, "H264FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "H264GopBReference": { @@ -6145,7 +6888,7 @@ "FramerateConversionAlgorithm": { "shape": "H264FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -6232,6 +6975,11 @@ "locationName": "parNumerator", "documentation": "Required when you set Pixel aspect ratio to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "QualityTuningLevel": { "shape": "H264QualityTuningLevel", "locationName": "qualityTuningLevel", @@ -6427,6 +7175,14 @@ "MAIN_422_10BIT_HIGH" ] }, + "H265Deblocking": { + "type": "string", + "documentation": "Use Deblocking to improve the video quality of your output by smoothing the edges of macroblock artifacts created during video compression. To reduce blocking artifacts at block boundaries, and improve overall video quality: Keep the default value, Enabled. To not apply any deblocking: Choose Disabled. Visible block edge artifacts might appear in the output, especially at lower bitrates.", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "H265DynamicSubGop": { "type": "string", "documentation": "Choose Adaptive to improve subjective video quality for high-motion content. This will cause the service to use fewer B-frames (which infer information based on other frames) for high-motion portions of the video and more B-frames for low-motion portions. The maximum number of B-frames is limited by the value you provide for the setting B frames between reference frames.", @@ -6461,11 +7217,12 @@ }, "H265FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "H265GopBReference": { @@ -6602,6 +7359,11 @@ "locationName": "codecProfile", "documentation": "Represents the Profile and Tier, per the HEVC (H.265) specification. Selections are grouped as [Profile] / [Tier], so \"Main/High\" represents Main Profile with High Tier. 4:2:2 profiles are only available with the HEVC 4:2:2 License." }, + "Deblocking": { + "shape": "H265Deblocking", + "locationName": "deblocking", + "documentation": "Use Deblocking to improve the video quality of your output by smoothing the edges of macroblock artifacts created during video compression. To reduce blocking artifacts at block boundaries, and improve overall video quality: Keep the default value, Enabled. To not apply any deblocking: Choose Disabled. Visible block edge artifacts might appear in the output, especially at lower bitrates." + }, "DynamicSubGop": { "shape": "H265DynamicSubGop", "locationName": "dynamicSubGop", @@ -6625,7 +7387,7 @@ "FramerateConversionAlgorithm": { "shape": "H265FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -6712,6 +7474,11 @@ "locationName": "parNumerator", "documentation": "Required when you set Pixel aspect ratio to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "QualityTuningLevel": { "shape": "H265QualityTuningLevel", "locationName": "qualityTuningLevel", @@ -7006,12 +7773,12 @@ "CustomLanguageCode": { "shape": "__stringMin3Max3PatternAZaZ3", "locationName": "customLanguageCode", - "documentation": "Specify the language for this captions channel, using the ISO 639-2 or ISO 639-3 three-letter language code" + "documentation": "Specify the language, using an ISO 639-2 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" }, "LanguageCode": { "shape": "LanguageCode", "locationName": "languageCode", - "documentation": "Specify the language, using the ISO 639-2 three-letter code listed at https://www.loc.gov/standards/iso639-2/php/code_list.php." + "documentation": "Specify the language, using an ISO 639-2 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" }, "LanguageDescription": { "shape": "__string", @@ -7250,7 +8017,7 @@ "SegmentLengthControl": { "shape": "HlsSegmentLengthControl", "locationName": "segmentLengthControl", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary." + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz." }, "SegmentsPerSubdirectory": { "shape": "__integerMin1Max2147483647", @@ -7287,9 +8054,10 @@ }, "HlsIFrameOnlyManifest": { "type": "string", - "documentation": "Choose Include to have MediaConvert generate a child manifest that lists only the I-frames for this rendition, in addition to your regular manifest for this rendition. You might use this manifest as part of a workflow that creates preview functions for your video. MediaConvert adds both the I-frame only child manifest and the regular child manifest to the parent manifest. When you don't need the I-frame only child manifest, keep the default value Exclude.", + "documentation": "Generate a variant manifest that lists only the I-frames for this rendition. You might use this manifest as part of a workflow that creates preview functions for your video. MediaConvert adds both the I-frame only variant manifest and the regular variant manifest to the multivariant manifest. To have MediaConvert write a variant manifest that references I-frames from your output content using EXT-X-BYTERANGE tags: Choose Include. To have MediaConvert output I-frames as single frame TS files and a corresponding variant manifest that references them: Choose Include as TS. When you don't need the I-frame only variant manifest: Keep the default value, Exclude.", "enum": [ "INCLUDE", + "INCLUDE_AS_TS", "EXCLUDE" ] }, @@ -7422,7 +8190,7 @@ "RenditionLanguageCode": { "shape": "LanguageCode", "locationName": "renditionLanguageCode", - "documentation": "Optional. Specify ISO 639-2 or ISO 639-3 code in the language property" + "documentation": "Optionally specify the language, using an ISO 639-2 or ISO 639-3 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" }, "RenditionName": { "shape": "__string", @@ -7442,10 +8210,11 @@ }, "HlsSegmentLengthControl": { "type": "string", - "documentation": "Specify how you want MediaConvert to determine the segment length. Choose Exact to have the encoder use the exact length that you specify with the setting Segment length. This might result in extra I-frames. Choose Multiple of GOP to have the encoder round up the segment lengths to match the next GOP boundary.", + "documentation": "Specify how you want MediaConvert to determine segment lengths in this output group. To use the exact value that you specify under Segment length: Choose Exact. Note that this might result in additional I-frames in the output GOP. To create segment lengths that are a multiple of the GOP: Choose Multiple of GOP. MediaConvert will round up the segment lengths to match the next GOP boundary. To have MediaConvert automatically determine a segment duration that is a multiple of both the audio packets and the frame rates: Choose Match. When you do, also specify a target segment duration under Segment length. This is useful for some ad-insertion or segment replacement workflows. Note that Match has the following requirements: - Output containers: Include at least one video output and at least one audio output. Audio-only outputs are not supported. - Output frame rate: Follow source is not supported. - Multiple output frame rates: When you specify multiple outputs, we recommend they share a similar frame rate (as in X/3, X/2, X, or 2X). For example: 5, 15, 30 and 60. Or: 25 and 50. (Outputs must share an integer multiple.) - Output audio codec: Specify Advanced Audio Coding (AAC). - Output sample rate: Choose 48kHz.", "enum": [ "EXACT", - "GOP_MULTIPLE" + "GOP_MULTIPLE", + "MATCH" ] }, "HlsSettings": { @@ -7479,7 +8248,7 @@ "IFrameOnlyManifest": { "shape": "HlsIFrameOnlyManifest", "locationName": "iFrameOnlyManifest", - "documentation": "Choose Include to have MediaConvert generate a child manifest that lists only the I-frames for this rendition, in addition to your regular manifest for this rendition. You might use this manifest as part of a workflow that creates preview functions for your video. MediaConvert adds both the I-frame only child manifest and the regular child manifest to the parent manifest. When you don't need the I-frame only child manifest, keep the default value Exclude." + "documentation": "Generate a variant manifest that lists only the I-frames for this rendition. You might use this manifest as part of a workflow that creates preview functions for your video. MediaConvert adds both the I-frame only variant manifest and the regular variant manifest to the multivariant manifest. To have MediaConvert write a variant manifest that references I-frames from your output content using EXT-X-BYTERANGE tags: Choose Include. To have MediaConvert output I-frames as single frame TS files and a corresponding variant manifest that references them: Choose Include as TS. When you don't need the I-frame only variant manifest: Keep the default value, Exclude." }, "SegmentModifier": { "shape": "__string", @@ -7569,7 +8338,7 @@ }, "ImscAccessibilitySubs": { "type": "string", - "documentation": "If the IMSC captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: .", + "documentation": "If the IMSC captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.transcribes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: .", "enum": [ "DISABLED", "ENABLED" @@ -7581,7 +8350,7 @@ "Accessibility": { "shape": "ImscAccessibilitySubs", "locationName": "accessibility", - "documentation": "If the IMSC captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: ." + "documentation": "If the IMSC captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.transcribes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: ." }, "StylePassthrough": { "shape": "ImscStylePassthrough", @@ -7652,10 +8421,15 @@ "locationName": "dolbyVisionMetadataXml", "documentation": "Use this setting only when your video source has Dolby Vision studio mastering metadata that is carried in a separate XML file. Specify the Amazon S3 location for the metadata XML file. MediaConvert uses this file to provide global and frame-level metadata for Dolby Vision preprocessing. When you specify a file here and your input also has interleaved global and frame level metadata, MediaConvert ignores the interleaved metadata and uses only the the metadata from this external XML file. Note that your IAM service role must grant MediaConvert read permissions to this file. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/iam-role.html." }, + "DynamicAudioSelectors": { + "shape": "__mapOfDynamicAudioSelector", + "locationName": "dynamicAudioSelectors", + "documentation": "Use Dynamic audio selectors when you do not know the track layout of your source when you submit your job, but want to select multiple audio tracks. When you include an audio track in your output and specify this Dynamic audio selector as the Audio source, MediaConvert creates an output audio track for each dynamically selected track. Note that when you include a Dynamic audio selector for two or more inputs, each input must have the same number of audio tracks and audio channels." + }, "FileInput": { "shape": "__stringMax2048PatternS3Https", "locationName": "fileInput", - "documentation": "Specify the source file for your transcoding job. You can use multiple inputs in a single job. The service concatenates these inputs, in the order that you specify them in the job, to create the outputs. If your input format is IMF, specify your input by providing the path to your CPL. For example, \"s3://bucket/vf/cpl.xml\". If the CPL is in an incomplete IMP, make sure to use *Supplemental IMPs* to specify any supplemental IMPs that contain assets referenced by the CPL." + "documentation": "Specify the source file for your transcoding job. You can use multiple inputs in a single job. The service concatenates these inputs, in the order that you specify them in the job, to create the outputs. For standard inputs, provide the path to your S3, HTTP, or HTTPS source file. For example, s3://amzn-s3-demo-bucket/input.mp4 for an Amazon S3 input or https://example.com/input.mp4 for an HTTPS input. For TAMS inputs, specify the HTTPS endpoint of your TAMS server. For example, https://tams-server.example.com . When you do, also specify Source ID, Timerange, GAP handling, and the Authorization connection ARN under TAMS settings. (Don't include these parameters in the Input file URL.) For IMF inputs, specify your input by providing the path to your CPL. For example, s3://amzn-s3-demo-bucket/vf/cpl.xml . If the CPL is in an incomplete IMP, make sure to use Supplemental IMPsto specify any supplemental IMPs that contain assets referenced by the CPL." }, "FilterEnable": { "shape": "InputFilterEnable", @@ -7702,6 +8476,11 @@ "locationName": "supplementalImps", "documentation": "Provide a list of any necessary supplemental IMPs. You need supplemental IMPs if the CPL that you're using for your input is in an incomplete IMP. Specify either the supplemental IMP directories with a trailing slash or the ASSETMAP.xml files. For example [\"s3://bucket/ov/\", \"s3://bucket/vf2/ASSETMAP.xml\"]. You don't need to specify the IMP that contains your input CPL, because the service automatically detects it." }, + "TamsSettings": { + "shape": "InputTamsSettings", + "locationName": "tamsSettings", + "documentation": "Specify a Time Addressable Media Store (TAMS) server as an input source. TAMS is an open-source API specification that provides access to time-segmented media content. Use TAMS to retrieve specific time ranges from live or archived media streams. When you specify TAMS settings, MediaConvert connects to your TAMS server, retrieves the media segments for your specified time range, and processes them as a single input. This enables workflows like extracting clips from live streams or processing specific portions of archived content. To use TAMS, you must: 1. Have access to a TAMS-compliant server 2. Specify the server URL in the Input file URL field 3. Provide the required SourceId and Timerange parameters 4. Configure authentication, if your TAMS server requires it" + }, "TimecodeSource": { "shape": "InputTimecodeSource", "locationName": "timecodeSource", @@ -7841,6 +8620,32 @@ "PSF" ] }, + "InputTamsSettings": { + "type": "structure", + "members": { + "AuthConnectionArn": { + "shape": "__stringPatternArnAwsAZ09EventsAZ090912ConnectionAZAZ09AF0936", + "locationName": "authConnectionArn", + "documentation": "Specify the ARN (Amazon Resource Name) of an EventBridge Connection to authenticate with your TAMS server. The EventBridge Connection stores your authentication credentials securely. MediaConvert assumes your job's IAM role to access this connection, so ensure the role has the events:RetrieveConnectionCredentials, secretsmanager:DescribeSecret, and secretsmanager:GetSecretValue permissions. Format: arn:aws:events:region:account-id:connection/connection-name/unique-id This setting is required when you include TAMS settings in your job." + }, + "GapHandling": { + "shape": "TamsGapHandling", + "locationName": "gapHandling", + "documentation": "Specify how MediaConvert handles gaps between media segments in your TAMS source. Gaps can occur in live streams due to network issues or other interruptions. Choose from the following options: * Skip gaps - Default. Skip over gaps and join segments together. This creates a continuous output with no blank frames, but may cause timeline discontinuities. * Fill with black - Insert black frames to fill gaps between segments. This maintains timeline continuity but adds black frames where content is missing. * Hold last frame - Repeat the last frame before a gap until the next segment begins. This maintains visual continuity during gaps." + }, + "SourceId": { + "shape": "__string", + "locationName": "sourceId", + "documentation": "Specify the unique identifier for the media source in your TAMS server. MediaConvert uses this source ID to locate the appropriate flows containing the media segments you want to process. The source ID corresponds to a specific media source registered in your TAMS server. This source must be of type urn:x-nmos:format:multi, and can can reference multiple flows for audio, video, or combined audio/video content. MediaConvert automatically selects the highest quality flows available for your job. This setting is required when you include TAMS settings in your job." + }, + "Timerange": { + "shape": "__stringPattern019090190908019090190908", + "locationName": "timerange", + "documentation": "Specify the time range of media segments to retrieve from your TAMS server. MediaConvert fetches only the segments that fall within this range. Use the format specified by your TAMS server implementation. This must be two timestamp values with the format {sign?}{seconds}:{nanoseconds}, separated by an underscore, surrounded by either parentheses or square brackets. Example: [15:0_35:0) This setting is required when you include TAMS settings in your job." + } + }, + "documentation": "Specify a Time Addressable Media Store (TAMS) server as an input source. TAMS is an open-source API specification that provides access to time-segmented media content. Use TAMS to retrieve specific time ranges from live or archived media streams. When you specify TAMS settings, MediaConvert connects to your TAMS server, retrieves the media segments for your specified time range, and processes them as a single input. This enables workflows like extracting clips from live streams or processing specific portions of archived content. To use TAMS, you must: 1. Have access to a TAMS-compliant server 2. Specify the server URL in the Input file URL field 3. Provide the required SourceId and Timerange parameters 4. Configure authentication, if your TAMS server requires it" + }, "InputTemplate": { "type": "structure", "members": { @@ -7889,6 +8694,11 @@ "locationName": "dolbyVisionMetadataXml", "documentation": "Use this setting only when your video source has Dolby Vision studio mastering metadata that is carried in a separate XML file. Specify the Amazon S3 location for the metadata XML file. MediaConvert uses this file to provide global and frame-level metadata for Dolby Vision preprocessing. When you specify a file here and your input also has interleaved global and frame level metadata, MediaConvert ignores the interleaved metadata and uses only the the metadata from this external XML file. Note that your IAM service role must grant MediaConvert read permissions to this file. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/iam-role.html." }, + "DynamicAudioSelectors": { + "shape": "__mapOfDynamicAudioSelector", + "locationName": "dynamicAudioSelectors", + "documentation": "Use Dynamic audio selectors when you do not know the track layout of your source when you submit your job, but want to select multiple audio tracks. When you include an audio track in your output and specify this Dynamic audio selector as the Audio source, MediaConvert creates an output audio track for each dynamically selected track. Note that when you include a Dynamic audio selector for two or more inputs, each input must have the same number of audio tracks and audio channels." + }, "FilterEnable": { "shape": "InputFilterEnable", "locationName": "filterEnable", @@ -7984,10 +8794,20 @@ "locationName": "framerateNumerator", "documentation": "Specify the numerator of the fraction that represents the frame rate for your video generator input. When you do, you must also specify a value for Frame rate denominator. MediaConvert uses a default frame rate of 29.97 when you leave Frame rate numerator and Frame rate denominator blank." }, + "Height": { + "shape": "__integerMin32Max8192", + "locationName": "height", + "documentation": "Specify the height, in pixels, for your video generator input. This is useful for positioning when you include one or more video overlays for this input. To use the default resolution 540x360: Leave both width and height blank. To specify a height: Enter an even integer from 32 to 8192. When you do, you must also specify a value for width." + }, "SampleRate": { "shape": "__integerMin32000Max48000", "locationName": "sampleRate", "documentation": "Specify the audio sample rate, in Hz, for the silent audio in your video generator input.\nEnter an integer from 32000 to 48000." + }, + "Width": { + "shape": "__integerMin32Max8192", + "locationName": "width", + "documentation": "Specify the width, in pixels, for your video generator input. This is useful for positioning when you include one or more video overlays for this input. To use the default resolution 540x360: Leave both width and height blank. To specify a width: Enter an even integer from 32 to 8192. When you do, you must also specify a value for height." } }, "documentation": "When you include Video generator, MediaConvert creates a video input with black frames. Use this setting if you do not have a video input or if you want to add black video frames before, or after, other inputs. You can specify Video generator, or you can specify an Input file, but you cannot specify both. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-generator.html" @@ -8145,6 +8965,11 @@ "locationName": "jobTemplate", "documentation": "The job template that the job is created from, if it is created from a job template." }, + "LastShareDetails": { + "shape": "__string", + "locationName": "lastShareDetails", + "documentation": "Contains information about the most recent share attempt for the job. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/creating-resource-share.html" + }, "Messages": { "shape": "JobMessages", "locationName": "messages", @@ -8185,6 +9010,11 @@ "locationName": "settings", "documentation": "JobSettings contains all the transcode settings for a job." }, + "ShareStatus": { + "shape": "ShareStatus", + "locationName": "shareStatus", + "documentation": "A job's share status can be NOT_SHARED, INITIATED, or SHARED" + }, "SimulateReservedQueue": { "shape": "SimulateReservedQueue", "locationName": "simulateReservedQueue", @@ -8233,7 +9063,7 @@ "Version": { "shape": "__string", "locationName": "version", - "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions are in a YYYY-MM-DD format." + "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions represent periodically grouped MediaConvert releases with new features, updates, improvements, and fixes. Job engine versions are in a YYYY-MM-DD format. Note that the Job engine version feature is not publicly available at this time. To request access, contact AWS support." } }, "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions are in a YYYY-MM-DD format." @@ -8510,6 +9340,45 @@ }, "documentation": "JobTemplateSettings contains all the transcode settings saved in the template that will be applied to jobs created from it." }, + "JobsQueryFilter": { + "type": "structure", + "members": { + "Key": { + "shape": "JobsQueryFilterKey", + "locationName": "key", + "documentation": "Specify job details to filter for while performing a jobs query. You specify these filters as part of a key-value pair within the JobsQueryFilter array. The following list describes which keys are available and their possible values: * queue - Your Queue's name or ARN. * status - Your job's status. (SUBMITTED | PROGRESSING | COMPLETE | CANCELED | ERROR) * fileInput - Your input file URL, or partial input file name. * jobEngineVersionRequested - The Job engine version that you requested for your job. Valid versions are in a YYYY-MM-DD format. * jobEngineVersionUsed - The Job engine version that your job used. This may differ from the version that you requested. Valid versions are in a YYYY-MM-DD format. * audioCodec - Your output's audio codec. (AAC | MP2 | MP3 | WAV | AIFF | AC3| EAC3 | EAC3_ATMOS | VORBIS | OPUS | PASSTHROUGH | FLAC) * videoCodec - Your output's video codec. (AV1 | AVC_INTRA | FRAME_CAPTURE | H_264 | H_265 | MPEG2 | PASSTHROUGH | PRORES | UNCOMPRESSED | VC3 | VP8 | VP9 | XAVC)" + }, + "Values": { + "shape": "__listOf__stringMax100", + "locationName": "values", + "documentation": "A list of values associated with a JobsQueryFilterKey." + } + }, + "documentation": "Provide one or more JobsQueryFilter objects, each containing a Key with an associated Values array. Note that MediaConvert queries jobs using OR logic." + }, + "JobsQueryFilterKey": { + "type": "string", + "documentation": "Specify job details to filter for while performing a jobs query. You specify these filters as part of a key-value pair within the JobsQueryFilter array. The following list describes which keys are available and their possible values: * queue - Your Queue's name or ARN. * status - Your job's status. (SUBMITTED | PROGRESSING | COMPLETE | CANCELED | ERROR) * fileInput - Your input file URL, or partial input file name. * jobEngineVersionRequested - The Job engine version that you requested for your job. Valid versions are in a YYYY-MM-DD format. * jobEngineVersionUsed - The Job engine version that your job used. This may differ from the version that you requested. Valid versions are in a YYYY-MM-DD format. * audioCodec - Your output's audio codec. (AAC | MP2 | MP3 | WAV | AIFF | AC3| EAC3 | EAC3_ATMOS | VORBIS | OPUS | PASSTHROUGH | FLAC) * videoCodec - Your output's video codec. (AV1 | AVC_INTRA | FRAME_CAPTURE | H_264 | H_265 | MPEG2 | PASSTHROUGH | PRORES | UNCOMPRESSED | VC3 | VP8 | VP9 | XAVC)", + "enum": [ + "queue", + "status", + "fileInput", + "jobEngineVersionRequested", + "jobEngineVersionUsed", + "audioCodec", + "videoCodec" + ] + }, + "JobsQueryStatus": { + "type": "string", + "documentation": "A job query's status can be SUBMITTED, PROGRESSING, COMPLETE, or ERROR.", + "enum": [ + "SUBMITTED", + "PROGRESSING", + "COMPLETE", + "ERROR" + ] + }, "KantarWatermarkSettings": { "type": "structure", "members": { @@ -8583,7 +9452,7 @@ }, "LanguageCode": { "type": "string", - "documentation": "Specify the language, using the ISO 639-2 three-letter code listed at https://www.loc.gov/standards/iso639-2/php/code_list.php.", + "documentation": "Specify the language, using an ISO 639-2 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php", "enum": [ "ENG", "SPA", @@ -9205,6 +10074,11 @@ "locationName": "audioPids", "documentation": "Specify the packet identifiers (PIDs) for any elementary audio streams you include in this output. Specify multiple PIDs as a JSON array. Default is the range 482-492." }, + "AudioPtsOffsetDelta": { + "shape": "__integerMinNegative10000Max10000", + "locationName": "audioPtsOffsetDelta", + "documentation": "Manually specify the difference in PTS offset that will be applied to the audio track, in seconds or milliseconds, when you set PTS offset to Seconds or Milliseconds. Enter an integer from -10000 to 10000. Leave blank to keep the default value 0." + }, "Bitrate": { "shape": "__integerMin0Max2147483647", "locationName": "bitrate", @@ -9343,7 +10217,7 @@ "PtsOffsetMode": { "shape": "TsPtsOffset", "locationName": "ptsOffsetMode", - "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds. Then specify the number of seconds with PTS offset." + "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds or Milliseconds. Then specify the number of seconds or milliseconds with PTS offset." }, "RateMode": { "shape": "M2tsRateMode", @@ -9456,6 +10330,11 @@ "locationName": "audioPids", "documentation": "Packet Identifier (PID) of the elementary audio stream(s) in the transport stream. Multiple values are accepted, and can be entered in ranges and/or by comma separation." }, + "AudioPtsOffsetDelta": { + "shape": "__integerMinNegative10000Max10000", + "locationName": "audioPtsOffsetDelta", + "documentation": "Manually specify the difference in PTS offset that will be applied to the audio track, in seconds or milliseconds, when you set PTS offset to Seconds or Milliseconds. Enter an integer from -10000 to 10000. Leave blank to keep the default value 0." + }, "DataPTSControl": { "shape": "M3u8DataPtsControl", "locationName": "dataPTSControl", @@ -9514,7 +10393,7 @@ "PtsOffsetMode": { "shape": "TsPtsOffset", "locationName": "ptsOffsetMode", - "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds. Then specify the number of seconds with PTS offset." + "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds or Milliseconds. Then specify the number of seconds or milliseconds with PTS offset." }, "Scte35Pid": { "shape": "__integerMin32Max8182", @@ -9549,6 +10428,56 @@ }, "documentation": "These settings relate to the MPEG-2 transport stream (MPEG2-TS) container for the MPEG2-TS segments in your HLS outputs." }, + "MatrixCoefficients": { + "type": "string", + "documentation": "The color space matrix coefficients of the video track, defining how RGB color values are converted to and from YUV color space. This affects color accuracy during encoding and decoding processes.", + "enum": [ + "RGB", + "ITU_709", + "UNSPECIFIED", + "RESERVED", + "FCC", + "ITU_470BG", + "SMPTE_170M", + "SMPTE_240M", + "YCgCo", + "ITU_2020_NCL", + "ITU_2020_CL", + "SMPTE_2085", + "CD_NCL", + "CD_CL", + "ITU_2100ICtCp", + "IPT", + "EBU3213", + "LAST" + ] + }, + "Metadata": { + "type": "structure", + "members": { + "ETag": { + "shape": "__string", + "locationName": "eTag", + "documentation": "The entity tag (ETag) of the file." + }, + "FileSize": { + "shape": "__long", + "locationName": "fileSize", + "documentation": "The size of the media file, in bytes." + }, + "LastModified": { + "shape": "__timestampUnix", + "locationName": "lastModified", + "documentation": "The last modification timestamp of the media file, in Unix time." + }, + "MimeType": { + "shape": "__string", + "locationName": "mimeType", + "documentation": "The MIME type of the media file." + } + }, + "documentation": "Metadata and other file information." + }, "MinBottomRenditionSize": { "type": "structure", "members": { @@ -9736,9 +10665,22 @@ }, "documentation": "These settings relate to your QuickTime MOV output container." }, + "Mp2AudioDescriptionMix": { + "type": "string", + "documentation": "Choose BROADCASTER_MIXED_AD when the input contains pre-mixed main audio + audio description (AD) as a stereo pair. The value for AudioType will be set to 3, which signals to downstream systems that this stream contains \"broadcaster mixed AD\". Note that the input received by the encoder must contain pre-mixed audio; the encoder does not perform the mixing. When you choose BROADCASTER_MIXED_AD, the encoder ignores any values you provide in AudioType and FollowInputAudioType. Choose NONE when the input does not contain pre-mixed audio + audio description (AD). In this case, the encoder will use any values you provide for AudioType and FollowInputAudioType.", + "enum": [ + "BROADCASTER_MIXED_AD", + "NONE" + ] + }, "Mp2Settings": { "type": "structure", "members": { + "AudioDescriptionMix": { + "shape": "Mp2AudioDescriptionMix", + "locationName": "audioDescriptionMix", + "documentation": "Choose BROADCASTER_MIXED_AD when the input contains pre-mixed main audio + audio description (AD) as a stereo pair. The value for AudioType will be set to 3, which signals to downstream systems that this stream contains \"broadcaster mixed AD\". Note that the input received by the encoder must contain pre-mixed audio; the encoder does not perform the mixing. When you choose BROADCASTER_MIXED_AD, the encoder ignores any values you provide in AudioType and FollowInputAudioType. Choose NONE when the input does not contain pre-mixed audio + audio description (AD). In this case, the encoder will use any values you provide for AudioType and FollowInputAudioType." + }, "Bitrate": { "shape": "__integerMin32000Max384000", "locationName": "bitrate", @@ -9796,6 +10738,14 @@ }, "documentation": "Required when you set Codec, under AudioDescriptions>CodecSettings, to the value MP3." }, + "Mp4C2paManifest": { + "type": "string", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html", + "enum": [ + "INCLUDE", + "EXCLUDE" + ] + }, "Mp4CslgAtom": { "type": "string", "documentation": "When enabled, file composition times will start at zero, composition times in the 'ctts' (composition time to sample) box for B-frames will be negative, and a 'cslg' (composition shift least greatest) box will be included per 14496-1 amendment 1. This improves compatibility with Apple players and tools.", @@ -9828,6 +10778,16 @@ "locationName": "audioDuration", "documentation": "Specify this setting only when your output will be consumed by a downstream repackaging workflow that is sensitive to very small duration differences between video and audio. For this situation, choose Match video duration. In all other cases, keep the default value, Default codec duration. When you choose Match video duration, MediaConvert pads the output audio streams with silence or trims them to ensure that the total duration of each audio stream is at least as long as the total duration of the video stream. After padding or trimming, the audio stream duration is no more than one frame longer than the video stream. MediaConvert applies audio padding or trimming only to the end of the last segment of the output. For unsegmented outputs, MediaConvert adds padding only to the end of the file. When you keep the default value, any minor discrepancies between audio and video duration will depend on your output audio codec." }, + "C2paManifest": { + "shape": "Mp4C2paManifest", + "locationName": "c2paManifest", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html" + }, + "CertificateSecret": { + "shape": "__stringMin1Max2048PatternArnAZSecretsmanagerWD12SecretAZAZ09", + "locationName": "certificateSecret", + "documentation": "Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer's certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: https://opensource.contentauthenticity.org/docs/manifest/signing-manifests" + }, "CslgAtom": { "shape": "Mp4CslgAtom", "locationName": "cslgAtom", @@ -9852,6 +10812,11 @@ "shape": "__string", "locationName": "mp4MajorBrand", "documentation": "Overrides the \"Major Brand\" field in the output file. Usually not necessary to specify." + }, + "SigningKmsKey": { + "shape": "__stringMin1PatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932", + "locationName": "signingKmsKey", + "documentation": "Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key." } }, "documentation": "These settings relate to your MP4 output container. You can create audio only outputs with this container. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/supported-codecs-containers-audio-only.html#output-codecs-and-containers-supported-for-audio-only." @@ -9874,7 +10839,7 @@ }, "MpdCaptionContainerType": { "type": "string", - "documentation": "Use this setting only in DASH output groups that include sidecar TTML or IMSC captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files.", + "documentation": "Use this setting only in DASH output groups that include sidecar TTML, IMSC or WEBVTT captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files.", "enum": [ "RAW", "FRAGMENTED_MP4" @@ -9928,7 +10893,7 @@ "CaptionContainerType": { "shape": "MpdCaptionContainerType", "locationName": "captionContainerType", - "documentation": "Use this setting only in DASH output groups that include sidecar TTML or IMSC captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files." + "documentation": "Use this setting only in DASH output groups that include sidecar TTML, IMSC or WEBVTT captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files." }, "KlvMetadata": { "shape": "MpdKlvMetadata", @@ -10036,11 +11001,12 @@ }, "Mpeg2FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "Mpeg2GopSizeUnits": { @@ -10149,7 +11115,7 @@ "FramerateConversionAlgorithm": { "shape": "Mpeg2FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max1001", @@ -10231,6 +11197,11 @@ "locationName": "parNumerator", "documentation": "Required when you set Pixel aspect ratio to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "QualityTuningLevel": { "shape": "Mpeg2QualityTuningLevel", "locationName": "qualityTuningLevel", @@ -10799,7 +11770,7 @@ "Extension": { "shape": "__stringMax256", "locationName": "extension", - "documentation": "Use Extension to specify the file extension for outputs in File output groups. If you do not specify a value, the service will use default extensions by container type as follows * MPEG-2 transport stream, m2ts * Quicktime, mov * MXF container, mxf * MPEG-4 container, mp4 * WebM container, webm * No Container, the service will use codec extensions (e.g. AAC, H265, H265, AC3)" + "documentation": "Use Extension to specify the file extension for outputs in File output groups. If you do not specify a value, the service will use default extensions by container type as follows * MPEG-2 transport stream, m2ts * Quicktime, mov * MXF container, mxf * MPEG-4 container, mp4 * WebM container, webm * Animated GIF container, gif * No Container, the service will use codec extensions (e.g. AAC, H265, H265, AC3)" }, "NameModifier": { "shape": "__stringMin1Max256", @@ -10926,6 +11897,11 @@ "locationName": "msSmoothGroupSettings", "documentation": "Settings related to your Microsoft Smooth Streaming output package. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/outputs-file-ABR.html." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "Type": { "shape": "OutputGroupType", "locationName": "type", @@ -10985,6 +11961,17 @@ }, "documentation": "If you work with a third party video watermarking partner, use the group of settings that correspond with your watermarking partner to include watermarks in your output." }, + "PassthroughSettings": { + "type": "structure", + "members": { + "VideoSelectorMode": { + "shape": "VideoSelectorMode", + "locationName": "videoSelectorMode", + "documentation": "AUTO will select the highest bitrate input in the video selector source. REMUX_ALL will passthrough all the selected streams in the video selector source. When selecting streams from multiple renditions (i.e. using Stream video selector type): REMUX_ALL will only remux all streams selected, and AUTO will use the highest bitrate video stream among the selected streams as source." + } + }, + "documentation": "Optional settings when you set Codec to the value Passthrough." + }, "Policy": { "type": "structure", "members": { @@ -11126,6 +12113,58 @@ "RESERVED" ] }, + "ProbeInputFile": { + "type": "structure", + "members": { + "FileUrl": { + "shape": "__string", + "locationName": "fileUrl", + "documentation": "Specify the S3, HTTP, or HTTPS URL for your media file." + } + }, + "documentation": "The input file that needs to be analyzed." + }, + "ProbeRequest": { + "type": "structure", + "members": { + "InputFiles": { + "shape": "__listOfProbeInputFile", + "locationName": "inputFiles", + "documentation": "Specify a media file to probe." + } + } + }, + "ProbeResponse": { + "type": "structure", + "members": { + "ProbeResults": { + "shape": "__listOfProbeResult", + "locationName": "probeResults", + "documentation": "Probe results for your media file." + } + } + }, + "ProbeResult": { + "type": "structure", + "members": { + "Container": { + "shape": "Container", + "locationName": "container", + "documentation": "The container of your media file. This information helps you understand the overall structure and details of your media, including format, duration, and track layout." + }, + "Metadata": { + "shape": "Metadata", + "locationName": "metadata", + "documentation": "Metadata and other file information." + }, + "TrackMappings": { + "shape": "__listOfTrackMapping", + "locationName": "trackMappings", + "documentation": "An array containing track mapping information." + } + }, + "documentation": "Probe results for your media file." + }, "ProresChromaSampling": { "type": "string", "documentation": "This setting applies only to ProRes 4444 and ProRes 4444 XQ outputs that you create from inputs that use 4:4:4 chroma sampling. Set Preserve 4:4:4 sampling to allow outputs to also use 4:4:4 chroma sampling. You must specify a value for this setting when your output codec profile supports 4:4:4 chroma sampling. Related Settings: For Apple ProRes outputs with 4:4:4 chroma sampling: Choose Preserve 4:4:4 sampling. Use when your input has 4:4:4 chroma sampling and your output codec Profile is Apple ProRes 4444 or 4444 XQ. Note that when you choose Preserve 4:4:4 sampling, you cannot include any of the following Preprocessors: Dolby Vision, HDR10+, or Noise reducer.", @@ -11156,11 +12195,12 @@ }, "ProresFramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "ProresInterlaceMode": { @@ -11211,7 +12251,7 @@ "FramerateConversionAlgorithm": { "shape": "ProresFramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -11243,6 +12283,11 @@ "locationName": "parNumerator", "documentation": "Required when you set Pixel aspect ratio to SPECIFIED. On the console, this corresponds to any value other than Follow source. When you specify an output pixel aspect ratio (PAR) that is different from your input video PAR, provide your output PAR as a ratio. For example, for D1/DV NTSC widescreen, you would specify the ratio 40:33. In this example, the value for parNumerator is 40." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "ScanTypeConversionMode": { "shape": "ProresScanTypeConversionMode", "locationName": "scanTypeConversionMode", @@ -11805,6 +12850,28 @@ }, "documentation": "A service override applied by MediaConvert to the settings that you have configured. If you see any overrides, we recommend that you contact AWS Support." }, + "ServiceQuotaExceededException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message" + } + }, + "exception": true, + "error": { + "httpStatusCode": 402 + }, + "documentation": "You attempted to create more resources than the service allows based on service quotas." + }, + "ShareStatus": { + "type": "string", + "enum": [ + "NOT_SHARED", + "INITIATED", + "SHARED" + ] + }, "SimulateReservedQueue": { "type": "string", "documentation": "Enable this setting when you run a test job to estimate how many reserved transcoding slots (RTS) you need. When this is enabled, MediaConvert runs your job from an on-demand queue with similar performance to what you will see with one RTS in a reserved queue. This setting is disabled by default.", @@ -11813,6 +12880,14 @@ "ENABLED" ] }, + "SlowPalPitchCorrection": { + "type": "string", + "documentation": "Use Slow PAL pitch correction to compensate for audio pitch changes during slow PAL frame rate conversion. This setting only applies when Slow PAL is enabled in your output video codec settings. To automatically apply audio pitch correction: Choose Enabled. MediaConvert automatically applies a pitch correction to your output to match the original content's audio pitch. To not apply audio pitch correction: Keep the default value, Disabled.", + "enum": [ + "DISABLED", + "ENABLED" + ] + }, "SpekeKeyProvider": { "type": "structure", "members": { @@ -11834,7 +12909,7 @@ "SystemIds": { "shape": "__listOf__stringPattern09aFAF809aFAF409aFAF409aFAF409aFAF12", "locationName": "systemIds", - "documentation": "Relates to SPEKE implementation. DRM system identifiers. DASH output groups support a max of two system ids. Other group types support one system id. See\n https://dashif.org/identifiers/content_protection/ for more details." + "documentation": "Relates to SPEKE implementation. DRM system identifiers. DASH output groups support a max of two system ids. HLS output groups support a max of 3 system ids. Other group types support one system id. See https://dashif.org/identifiers/content_protection/ for more details." }, "Url": { "shape": "__stringPatternHttpsD", @@ -11865,7 +12940,7 @@ "HlsSignaledSystemIds": { "shape": "__listOf__stringMin36Max36Pattern09aFAF809aFAF409aFAF409aFAF409aFAF12", "locationName": "hlsSignaledSystemIds", - "documentation": "Specify the DRM system ID that you want signaled in the HLS manifest that MediaConvert creates as part of this CMAF package. The HLS manifest can currently signal only one system ID. For more information, see https://dashif.org/identifiers/content_protection/." + "documentation": "Specify up to 3 DRM system IDs that you want signaled in the HLS manifest that MediaConvert creates as part of this CMAF package. For more information, see https://dashif.org/identifiers/content_protection/." }, "ResourceId": { "shape": "__stringPatternW", @@ -11899,6 +12974,41 @@ "DISABLED" ] }, + "StartJobsQueryRequest": { + "type": "structure", + "members": { + "FilterList": { + "shape": "__listOfJobsQueryFilter", + "locationName": "filterList", + "documentation": "Optional. Provide an array of JobsQueryFilters for your StartJobsQuery request." + }, + "MaxResults": { + "shape": "__integerMin1Max20", + "locationName": "maxResults", + "documentation": "Optional. Number of jobs, up to twenty, that will be included in the jobs query." + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "Use this string to request the next batch of jobs matched by a jobs query." + }, + "Order": { + "shape": "Order", + "locationName": "order", + "documentation": "Optional. When you request lists of resources, you can specify whether they are sorted in ASCENDING or DESCENDING order. Default varies by resource." + } + } + }, + "StartJobsQueryResponse": { + "type": "structure", + "members": { + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The ID of the jobs query." + } + } + }, "StaticKeyProvider": { "type": "structure", "members": { @@ -11967,8 +13077,16 @@ }, "TagResourceResponse": { "type": "structure", - "members": { - } + "members": {} + }, + "TamsGapHandling": { + "type": "string", + "documentation": "Specify how MediaConvert handles gaps between media segments in your TAMS source. Gaps can occur in live streams due to network issues or other interruptions. Choose from the following options: * Skip gaps - Default. Skip over gaps and join segments together. This creates a continuous output with no blank frames, but may cause timeline discontinuities. * Fill with black - Insert black frames to fill gaps between segments. This maintains timeline continuity but adds black frames where content is missing. * Hold last frame - Repeat the last frame before a gap until the next segment begins. This maintains visual continuity during gaps.", + "enum": [ + "SKIP_GAPS", + "FILL_WITH_BLACK", + "HOLD_LAST_FRAME" + ] }, "TeletextDestinationSettings": { "type": "structure", @@ -12141,23 +13259,124 @@ }, "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." }, + "Track": { + "type": "structure", + "members": { + "AudioProperties": { + "shape": "AudioProperties", + "locationName": "audioProperties", + "documentation": "Details about the media file's audio track." + }, + "Codec": { + "shape": "Codec", + "locationName": "codec", + "documentation": "The codec of the audio or video track, or caption format of the data track." + }, + "DataProperties": { + "shape": "DataProperties", + "locationName": "dataProperties", + "documentation": "Details about the media file's data track." + }, + "Duration": { + "shape": "__double", + "locationName": "duration", + "documentation": "The duration of the track, in seconds." + }, + "Index": { + "shape": "__integer", + "locationName": "index", + "documentation": "The unique index number of the track, starting at 1." + }, + "TrackType": { + "shape": "TrackType", + "locationName": "trackType", + "documentation": "The type of track: video, audio, or data." + }, + "VideoProperties": { + "shape": "VideoProperties", + "locationName": "videoProperties", + "documentation": "Details about the media file's video track." + } + }, + "documentation": "Details about each track (video, audio, or data) in the media file." + }, + "TrackMapping": { + "type": "structure", + "members": { + "AudioTrackIndexes": { + "shape": "__listOf__integer", + "locationName": "audioTrackIndexes", + "documentation": "The index numbers of the audio tracks in your media file." + }, + "DataTrackIndexes": { + "shape": "__listOf__integer", + "locationName": "dataTrackIndexes", + "documentation": "The index numbers of the data tracks in your media file." + }, + "VideoTrackIndexes": { + "shape": "__listOf__integer", + "locationName": "videoTrackIndexes", + "documentation": "The index numbers of the video tracks in your media file." + } + }, + "documentation": "An array containing track mapping information." + }, "TrackSourceSettings": { "type": "structure", "members": { + "StreamNumber": { + "shape": "__integerMin1Max2147483647", + "locationName": "streamNumber", + "documentation": "Use this setting to select a single captions track from a source. Stream numbers include all tracks in the source file, regardless of type, and correspond to either the order of tracks in the file, or if applicable, the stream number metadata of the track. Although all tracks count toward these stream numbers, in this caption selector context, only the stream number of a track containing caption data may be used. To include more than one captions track in your job outputs, create multiple input captions selectors. Specify one stream per selector. If your source file contains a track which is not recognized by the service, then the corresponding stream number will still be reserved for future use. If more types of caption data get recognized in the future, these numberings will not shift." + }, "TrackNumber": { "shape": "__integerMin1Max2147483647", "locationName": "trackNumber", - "documentation": "Use this setting to select a single captions track from a source. Track numbers correspond to the order in the captions source file. For IMF sources, track numbering is based on the order that the captions appear in the CPL. For example, use 1 to select the captions asset that is listed first in the CPL. To include more than one captions track in your job outputs, create multiple input captions selectors. Specify one track per selector." + "documentation": "Use this setting to select a single captions track from a source. Track numbers correspond to the order in the captions source file. For IMF sources, track numbering is based on the order that the captions appear in the CPL. For example, use 1 to select the captions asset that is listed first in the CPL. To include more than one captions track in your job outputs, create multiple input captions selectors. Specify one track per selector. If more types of caption data get recognized in the future, these numberings may shift, but the numberings used for streamNumber will not." } }, "documentation": "Settings specific to caption sources that are specified by track number. Currently, this is only IMSC captions in an IMF package. If your caption source is IMSC 1.1 in a separate xml file, use FileSourceSettings instead of TrackSourceSettings." }, + "TrackType": { + "type": "string", + "enum": [ + "video", + "audio", + "data" + ] + }, + "TransferCharacteristics": { + "type": "string", + "documentation": "The color space transfer characteristics of the video track, defining the relationship between linear light values and the encoded signal values. This affects brightness and contrast reproduction.", + "enum": [ + "ITU_709", + "UNSPECIFIED", + "RESERVED", + "ITU_470M", + "ITU_470BG", + "SMPTE_170M", + "SMPTE_240M", + "LINEAR", + "LOG10_2", + "LOC10_2_5", + "IEC_61966_2_4", + "ITU_1361", + "IEC_61966_2_1", + "ITU_2020_10bit", + "ITU_2020_12bit", + "SMPTE_2084", + "SMPTE_428_1", + "ARIB_B67", + "LAST" + ] + }, "TsPtsOffset": { "type": "string", - "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds. Then specify the number of seconds with PTS offset.", + "documentation": "Specify the initial presentation timestamp (PTS) offset for your transport stream output. To let MediaConvert automatically determine the initial PTS offset: Keep the default value, Auto. We recommend that you choose Auto for the widest player compatibility. The initial PTS will be at least two seconds and vary depending on your output's bitrate, HRD buffer size and HRD buffer initial fill percentage. To manually specify an initial PTS offset: Choose Seconds or Milliseconds. Then specify the number of seconds or milliseconds with PTS offset.", "enum": [ "AUTO", - "SECONDS" + "SECONDS", + "MILLISECONDS" ] }, "TtmlDestinationSettings": { @@ -12205,11 +13424,12 @@ }, "UncompressedFramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "UncompressedInterlaceMode": { @@ -12244,7 +13464,7 @@ "FramerateConversionAlgorithm": { "shape": "UncompressedFramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -12316,8 +13536,7 @@ }, "UntagResourceResponse": { "type": "structure", - "members": { - } + "members": {} }, "UpdateJobTemplateRequest": { "type": "structure", @@ -12485,11 +13704,12 @@ }, "Vc3FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "Vc3InterlaceMode": { @@ -12519,7 +13739,7 @@ "FramerateConversionAlgorithm": { "shape": "Vc3FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max1001", @@ -12590,6 +13810,7 @@ "AV1", "AVC_INTRA", "FRAME_CAPTURE", + "GIF", "H_264", "H_265", "MPEG2", @@ -12618,13 +13839,18 @@ "Codec": { "shape": "VideoCodec", "locationName": "codec", - "documentation": "Specifies the video codec. This must be equal to one of the enum values defined by the object VideoCodec. To passthrough the video stream of your input JPEG2000, VC-3, AVC-INTRA or Apple ProRes video without any video encoding: Choose Passthrough. If you have multiple input videos, note that they must have identical encoding attributes. When you choose Passthrough, your output container must be MXF or QuickTime MOV." + "documentation": "Specifies the video codec. This must be equal to one of the enum values defined by the object VideoCodec. To passthrough the video stream of your input without any video encoding: Choose Passthrough. More information about passthrough codec support and job settings requirements, see: https://docs.aws.amazon.com/mediaconvert/latest/ug/video-passthrough-feature-restrictions.html" }, "FrameCaptureSettings": { "shape": "FrameCaptureSettings", "locationName": "frameCaptureSettings", "documentation": "Required when you set Codec to the value FRAME_CAPTURE." }, + "GifSettings": { + "shape": "GifSettings", + "locationName": "gifSettings", + "documentation": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value GIF" + }, "H264Settings": { "shape": "H264Settings", "locationName": "h264Settings", @@ -12640,6 +13866,11 @@ "locationName": "mpeg2Settings", "documentation": "Required when you set Codec to the value MPEG2." }, + "PassthroughSettings": { + "shape": "PassthroughSettings", + "locationName": "passthroughSettings", + "documentation": "Optional settings when you set Codec to the value Passthrough." + }, "ProresSettings": { "shape": "ProresSettings", "locationName": "proresSettings", @@ -12671,7 +13902,7 @@ "documentation": "Required when you set Codec to the value XAVC." } }, - "documentation": "Video codec settings contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec. For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AV1, Av1Settings * AVC_INTRA, AvcIntraSettings * FRAME_CAPTURE, FrameCaptureSettings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * UNCOMPRESSED, UncompressedSettings * VC3, Vc3Settings * VP8, Vp8Settings * VP9, Vp9Settings * XAVC, XavcSettings" + "documentation": "Video codec settings contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec. For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AV1, Av1Settings * AVC_INTRA, AvcIntraSettings * FRAME_CAPTURE, FrameCaptureSettings * GIF, GifSettings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * UNCOMPRESSED, UncompressedSettings * VC3, Vc3Settings * VP8, Vp8Settings * VP9, Vp9Settings * XAVC, XavcSettings" }, "VideoDescription": { "type": "structure", @@ -12686,10 +13917,15 @@ "locationName": "antiAlias", "documentation": "The anti-alias filter is automatically applied to all outputs. The service no longer accepts the value DISABLED for AntiAlias. If you specify that in your job, the service will ignore the setting." }, + "ChromaPositionMode": { + "shape": "ChromaPositionMode", + "locationName": "chromaPositionMode", + "documentation": "Specify the chroma sample positioning metadata for your H.264 or H.265 output. To have MediaConvert automatically determine chroma positioning: We recommend that you keep the default value, Auto. To specify center positioning: Choose Force center. To specify top left positioning: Choose Force top left." + }, "CodecSettings": { "shape": "VideoCodecSettings", "locationName": "codecSettings", - "documentation": "Video codec settings contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec. For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AV1, Av1Settings * AVC_INTRA, AvcIntraSettings * FRAME_CAPTURE, FrameCaptureSettings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * UNCOMPRESSED, UncompressedSettings * VC3, Vc3Settings * VP8, Vp8Settings * VP9, Vp9Settings * XAVC, XavcSettings" + "documentation": "Video codec settings contains the group of settings related to video encoding. The settings in this group vary depending on the value that you choose for Video codec. For each codec enum that you choose, define the corresponding settings object. The following lists the codec enum, settings object pairs. * AV1, Av1Settings * AVC_INTRA, AvcIntraSettings * FRAME_CAPTURE, FrameCaptureSettings * GIF, GifSettings * H_264, H264Settings * H_265, H265Settings * MPEG2, Mpeg2Settings * PRORES, ProresSettings * UNCOMPRESSED, UncompressedSettings * VC3, Vc3Settings * VP8, Vp8Settings * VP9, Vp9Settings * XAVC, XavcSettings" }, "ColorMetadata": { "shape": "ColorMetadata", @@ -12778,6 +14014,11 @@ "VideoOverlay": { "type": "structure", "members": { + "Crop": { + "shape": "VideoOverlayCrop", + "locationName": "crop", + "documentation": "Specify a rectangle of content to crop and use from your video overlay's input video. When you do, MediaConvert uses the cropped dimensions that you specify under X offset, Y offset, Width, and Height." + }, "EndTimecode": { "shape": "__stringPattern010920405090509092", "locationName": "endTimecode", @@ -12811,6 +14052,37 @@ }, "documentation": "Overlay one or more videos on top of your input video. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-overlays.html" }, + "VideoOverlayCrop": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMin0Max2147483647", + "locationName": "height", + "documentation": "Specify the height of the video overlay cropping rectangle. To use the same height as your overlay input video: Keep blank, or enter 0. To specify a different height for the cropping rectangle: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 100 and choose Pixels, the cropping rectangle will be 100 pixels high. When you enter 10, choose Percentage, and your overlay input video is 1920x1080, the cropping rectangle will be 108 pixels high." + }, + "Unit": { + "shape": "VideoOverlayUnit", + "locationName": "unit", + "documentation": "Specify the Unit type to use when you enter a value for X position, Y position, Width, or Height. You can choose Pixels or Percentage. Leave blank to use the default value, Pixels." + }, + "Width": { + "shape": "__integerMin0Max2147483647", + "locationName": "width", + "documentation": "Specify the width of the video overlay cropping rectangle. To use the same width as your overlay input video: Keep blank, or enter 0. To specify a different width for the cropping rectangle: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 100 and choose Pixels, the cropping rectangle will be 100 pixels wide. When you enter 10, choose Percentage, and your overlay input video is 1920x1080, the cropping rectangle will be 192 pixels wide." + }, + "X": { + "shape": "__integerMin0Max2147483647", + "locationName": "x", + "documentation": "Specify the distance between the cropping rectangle and the left edge of your overlay video's frame. To position the cropping rectangle along the left edge: Keep blank, or enter 0. To position the cropping rectangle to the right, relative to the left edge of your overlay video's frame: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 10 and choose Pixels, the cropping rectangle will be positioned 10 pixels from the left edge of the overlay video's frame. When you enter 10, choose Percentage, and your overlay input video is 1920x1080, the cropping rectangle will be positioned 192 pixels from the left edge of the overlay video's frame." + }, + "Y": { + "shape": "__integerMin0Max2147483647", + "locationName": "y", + "documentation": "Specify the distance between the cropping rectangle and the top edge of your overlay video's frame. To position the cropping rectangle along the top edge: Keep blank, or enter 0. To position the cropping rectangle down, relative to the top edge of your overlay video's frame: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 10 and choose Pixels, the cropping rectangle will be positioned 10 pixels from the top edge of the overlay video's frame. When you enter 10, choose Percentage, and your overlay input video is 1920x1080, the cropping rectangle will be positioned 108 pixels from the top edge of the overlay video's frame." + } + }, + "documentation": "Specify a rectangle of content to crop and use from your video overlay's input video. When you do, MediaConvert uses the cropped dimensions that you specify under X offset, Y offset, Width, and Height." + }, "VideoOverlayInput": { "type": "structure", "members": { @@ -12869,6 +14141,11 @@ "locationName": "height", "documentation": "To scale your video overlay to the same height as the base input video: Leave blank. To scale the height of your video overlay to a different height: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 360 and choose Pixels, your video overlay will be rendered with a height of 360. When you enter 50, choose Percentage, and your overlay's source has a height of 1080, your video overlay will be rendered with a height of 540. To scale your overlay to a specific height while automatically maintaining its original aspect ratio, enter a value for Height and leave Width blank." }, + "Opacity": { + "shape": "__integerMin0Max100", + "locationName": "opacity", + "documentation": "Use Opacity to specify how much of the underlying video shows through the overlay video. 0 is transparent and 100 is fully opaque. Default is 100." + }, "Unit": { "shape": "VideoOverlayUnit", "locationName": "unit", @@ -12911,7 +14188,7 @@ "documentation": "Specify the timecode for when this transition begins. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for Timecode source." } }, - "documentation": "Specify one or more Transitions for your video overlay. Use Transitions to reposition or resize your overlay over time. To use the same position and size for the duration of your video overlay: Leave blank. To specify a Transition: Enter a value for Start timecode, End Timecode, X Position, Y Position, Width, or Height." + "documentation": "Specify one or more Transitions for your video overlay. Use Transitions to reposition or resize your overlay over time. To use the same position and size for the duration of your video overlay: Leave blank. To specify a Transition: Enter a value for Start timecode, End Timecode, X Position, Y Position, Width, Height, or Opacity" }, "VideoOverlayUnit": { "type": "string", @@ -12967,6 +14244,57 @@ }, "documentation": "Find additional transcoding features under Preprocessors. Enable the features at each output individually. These features are disabled by default." }, + "VideoProperties": { + "type": "structure", + "members": { + "BitDepth": { + "shape": "__integer", + "locationName": "bitDepth", + "documentation": "The number of bits used per color component such as 8, 10, or 12 bits. Standard range (SDR) video typically uses 8-bit, while 10-bit is common for high dynamic range (HDR)." + }, + "BitRate": { + "shape": "__long", + "locationName": "bitRate", + "documentation": "The bit rate of the video track, in bits per second." + }, + "CodecMetadata": { + "shape": "CodecMetadata", + "locationName": "codecMetadata", + "documentation": "Codec-specific parameters parsed from the video essence headers. This information provides detailed technical specifications about how the video was encoded, including profile settings, resolution details, and color space information that can help you understand the source video characteristics and make informed encoding decisions." + }, + "ColorPrimaries": { + "shape": "ColorPrimaries", + "locationName": "colorPrimaries", + "documentation": "The color space primaries of the video track, defining the red, green, and blue color coordinates used for the video. This information helps ensure accurate color reproduction during playback and transcoding." + }, + "FrameRate": { + "shape": "FrameRate", + "locationName": "frameRate", + "documentation": "The frame rate of the video or audio track, expressed as a fraction with numerator and denominator values." + }, + "Height": { + "shape": "__integer", + "locationName": "height", + "documentation": "The height of the video track, in pixels." + }, + "MatrixCoefficients": { + "shape": "MatrixCoefficients", + "locationName": "matrixCoefficients", + "documentation": "The color space matrix coefficients of the video track, defining how RGB color values are converted to and from YUV color space. This affects color accuracy during encoding and decoding processes." + }, + "TransferCharacteristics": { + "shape": "TransferCharacteristics", + "locationName": "transferCharacteristics", + "documentation": "The color space transfer characteristics of the video track, defining the relationship between linear light values and the encoded signal values. This affects brightness and contrast reproduction." + }, + "Width": { + "shape": "__integer", + "locationName": "width", + "documentation": "The width of the video track, in pixels." + } + }, + "documentation": "Details about the media file's video track." + }, "VideoSelector": { "type": "structure", "members": { @@ -13024,10 +14352,36 @@ "shape": "InputSampleRange", "locationName": "sampleRange", "documentation": "If the sample range metadata in your input video is accurate, or if you don't know about sample range, keep the default value, Follow, for this setting. When you do, the service automatically detects your input sample range. If your input video has metadata indicating the wrong sample range, specify the accurate sample range here. When you do, MediaConvert ignores any sample range information in the input metadata. Regardless of whether MediaConvert uses the input sample range or the sample range that you specify, MediaConvert uses the sample range for transcoding and also writes it to the output metadata." + }, + "SelectorType": { + "shape": "VideoSelectorType", + "locationName": "selectorType", + "documentation": "Choose the video selector type for your HLS input. Use to specify which video rendition MediaConvert uses from your HLS input. To have MediaConvert automatically use the highest bitrate rendition from your HLS input: Keep the default value, Auto. To manually specify a rendition: Choose Stream. Then enter the unique stream number in the Streams array, starting at 1, corresponding to the stream order in the manifest." + }, + "Streams": { + "shape": "__listOf__integerMin1Max2147483647", + "locationName": "streams", + "documentation": "Specify one or more video streams for MediaConvert to use from your HLS input. Enter an integer corresponding to the stream number, with the first stream in your HLS multivariant playlist starting at 1.For re-encoding workflows, MediaConvert uses the video stream that you select with the highest bitrate as the input.For video passthrough workflows, you specify whether to passthrough a single video stream or multiple video streams under Video selector source in the output video encoding settings." } }, "documentation": "Input video selectors contain the video settings for the input. Each of your inputs can have up to one video selector." }, + "VideoSelectorMode": { + "type": "string", + "documentation": "AUTO will select the highest bitrate input in the video selector source. REMUX_ALL will passthrough all the selected streams in the video selector source. When selecting streams from multiple renditions (i.e. using Stream video selector type): REMUX_ALL will only remux all streams selected, and AUTO will use the highest bitrate video stream among the selected streams as source.", + "enum": [ + "AUTO", + "REMUX_ALL" + ] + }, + "VideoSelectorType": { + "type": "string", + "documentation": "Choose the video selector type for your HLS input. Use to specify which video rendition MediaConvert uses from your HLS input. To have MediaConvert automatically use the highest bitrate rendition from your HLS input: Keep the default value, Auto. To manually specify a rendition: Choose Stream. Then enter the unique stream number in the Streams array, starting at 1, corresponding to the stream order in the manifest.", + "enum": [ + "AUTO", + "STREAM" + ] + }, "VideoTimecodeInsertion": { "type": "string", "documentation": "Applies only to H.264, H.265, MPEG2, and ProRes outputs. Only enable Timecode insertion when the input frame rate is identical to the output frame rate. To include timecodes in this output, set Timecode insertion to PIC_TIMING_SEI. To leave them out, set it to DISABLED. Default is DISABLED. When the service inserts timecodes in an output, by default, it uses any embedded timecodes from the input. If none are present, the service will set the timecode for the first output frame to zero. To change this default behavior, adjust the settings under Timecode configuration. In the console, these settings are located under Job > Job settings > Timecode configuration. Note - Timecode source under input settings does not affect the timecodes that are inserted in the output. Source under Job settings > Timecode configuration does.", @@ -13067,11 +14421,12 @@ }, "Vp8FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "Vp8ParControl": { @@ -13113,7 +14468,7 @@ "FramerateConversionAlgorithm": { "shape": "Vp8FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -13178,11 +14533,12 @@ }, "Vp9FramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "Vp9ParControl": { @@ -13224,7 +14580,7 @@ "FramerateConversionAlgorithm": { "shape": "Vp9FramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max2147483647", @@ -13312,10 +14668,11 @@ }, "WavFormat": { "type": "string", - "documentation": "The service defaults to using RIFF for WAV outputs. If your output audio is likely to exceed 4 GB in file size, or if you otherwise need the extended support of the RF64 format, set your output WAV file format to RF64.", + "documentation": "Specify the file format for your wave audio output. To use a RIFF wave format: Keep the default value, RIFF. If your output audio is likely to exceed 4GB in file size, or if you otherwise need the extended support of the RF64 format: Choose RF64. If your player only supports the extensible wave format: Choose Extensible.", "enum": [ "RIFF", - "RF64" + "RF64", + "EXTENSIBLE" ] }, "WavSettings": { @@ -13334,7 +14691,7 @@ "Format": { "shape": "WavFormat", "locationName": "format", - "documentation": "The service defaults to using RIFF for WAV outputs. If your output audio is likely to exceed 4 GB in file size, or if you otherwise need the extended support of the RF64 format, set your output WAV file format to RF64." + "documentation": "Specify the file format for your wave audio output. To use a RIFF wave format: Keep the default value, RIFF. If your output audio is likely to exceed 4GB in file size, or if you otherwise need the extended support of the RF64 format: Choose RF64. If your player only supports the extensible wave format: Choose Extensible." }, "SampleRate": { "shape": "__integerMin8000Max192000", @@ -13346,7 +14703,7 @@ }, "WebvttAccessibilitySubs": { "type": "string", - "documentation": "If the WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: .", + "documentation": "If the WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.transcribes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: .", "enum": [ "DISABLED", "ENABLED" @@ -13358,12 +14715,12 @@ "Accessibility": { "shape": "WebvttAccessibilitySubs", "locationName": "accessibility", - "documentation": "If the WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: ." + "documentation": "If the WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing: Set Accessibility subtitles to Enabled. When you do, MediaConvert adds accessibility attributes to your output HLS or DASH manifest. For HLS manifests, MediaConvert adds the following accessibility attributes under EXT-X-MEDIA for this track: CHARACTERISTICS=\"public.accessibility.transcribes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". For DASH manifests, MediaConvert adds the following in the adaptation set for this track: . If the captions track is not intended to provide such accessibility: Keep the default value, Disabled. When you do, for DASH manifests, MediaConvert instead adds the following in the adaptation set for this track: ." }, "StylePassthrough": { "shape": "WebvttStylePassthrough", "locationName": "stylePassthrough", - "documentation": "To use the available style, color, and position information from your input captions: Set Style passthrough to Enabled. MediaConvert uses default settings when style and position information is missing from your input captions. To recreate the input captions exactly: Set Style passthrough to Strict. MediaConvert automatically applies timing adjustments, including adjustments for frame rate conversion, ad avails, and input clipping. Your input captions format must be WebVTT. To ignore the style and position information from your input captions and use simplified output captions: Set Style passthrough to Disabled, or leave blank." + "documentation": "Specify how MediaConvert writes style information in your output WebVTT captions. To use the available style, color, and position information from your input captions: Choose Enabled. MediaConvert uses default settings when style and position information is missing from your input captions. To recreate the input captions exactly: Choose Strict. MediaConvert automatically applies timing adjustments, including adjustments for frame rate conversion, ad avails, and input clipping. Your input captions format must be WebVTT. To ignore the style and position information from your input captions and use simplified output captions: Keep the default value, Disabled. Or leave blank. To use the available style, color, and position information from your input captions, while merging cues with identical time ranges: Choose merge. This setting can help prevent positioning overlaps for certain players that expect a single single cue for any given time range." } }, "documentation": "Settings related to WebVTT captions. WebVTT is a sidecar format that holds captions in a file that is separate from the video container. Set up sidecar captions in the same output group, but different output from your video. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/ttml-and-webvtt-output-captions.html." @@ -13379,7 +14736,7 @@ "RenditionLanguageCode": { "shape": "LanguageCode", "locationName": "renditionLanguageCode", - "documentation": "Optional. Specify ISO 639-2 or ISO 639-3 code in the language property" + "documentation": "Optionally specify the language, using an ISO 639-2 or ISO 639-3 three-letter code in all capital letters. You can find a list of codes at: https://www.loc.gov/standards/iso639-2/php/code_list.php" }, "RenditionName": { "shape": "__string", @@ -13391,11 +14748,12 @@ }, "WebvttStylePassthrough": { "type": "string", - "documentation": "To use the available style, color, and position information from your input captions: Set Style passthrough to Enabled. MediaConvert uses default settings when style and position information is missing from your input captions. To recreate the input captions exactly: Set Style passthrough to Strict. MediaConvert automatically applies timing adjustments, including adjustments for frame rate conversion, ad avails, and input clipping. Your input captions format must be WebVTT. To ignore the style and position information from your input captions and use simplified output captions: Set Style passthrough to Disabled, or leave blank.", + "documentation": "Specify how MediaConvert writes style information in your output WebVTT captions. To use the available style, color, and position information from your input captions: Choose Enabled. MediaConvert uses default settings when style and position information is missing from your input captions. To recreate the input captions exactly: Choose Strict. MediaConvert automatically applies timing adjustments, including adjustments for frame rate conversion, ad avails, and input clipping. Your input captions format must be WebVTT. To ignore the style and position information from your input captions and use simplified output captions: Keep the default value, Disabled. Or leave blank. To use the available style, color, and position information from your input captions, while merging cues with identical time ranges: Choose merge. This setting can help prevent positioning overlaps for certain players that expect a single single cue for any given time range.", "enum": [ "ENABLED", "DISABLED", - "STRICT" + "STRICT", + "MERGE" ] }, "Xavc4kIntraCbgProfileClass": { @@ -13550,11 +14908,12 @@ }, "XavcFramerateConversionAlgorithm": { "type": "string", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96.", + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates.", "enum": [ "DUPLICATE_DROP", "INTERPOLATE", - "FRAMEFORMER" + "FRAMEFORMER", + "MAINTAIN_FRAME_COUNT" ] }, "XavcGopBReference": { @@ -13705,7 +15064,7 @@ "FramerateConversionAlgorithm": { "shape": "XavcFramerateConversionAlgorithm", "locationName": "framerateConversionAlgorithm", - "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing the frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96." + "documentation": "Choose the method that you want MediaConvert to use when increasing or decreasing your video's frame rate. For numerically simple conversions, such as 60 fps to 30 fps: We recommend that you keep the default value, Drop duplicate. For numerically complex conversions, to avoid stutter: Choose Interpolate. This results in a smooth picture, but might introduce undesirable video artifacts. For complex frame rate conversions, especially if your source video has already been converted from its original cadence: Choose FrameFormer to do motion-compensated interpolation. FrameFormer uses the best conversion method frame by frame. Note that using FrameFormer increases the transcoding time and incurs a significant add-on cost. When you choose FrameFormer, your input video resolution must be at least 128x96. To create an output with the same number of frames as your input: Choose Maintain frame count. When you do, MediaConvert will not drop, interpolate, add, or otherwise change the frame count from your input to your output. Note that since the frame count is maintained, the duration of your output will become shorter at higher frame rates and longer at lower frame rates." }, "FramerateDenominator": { "shape": "__integerMin1Max1001", @@ -13717,6 +15076,11 @@ "locationName": "framerateNumerator", "documentation": "When you use the API for transcode jobs that use frame rate conversion, specify the frame rate as a fraction. For example, 24000 / 1001 = 23.976 fps. Use FramerateNumerator to specify the numerator of this fraction. In this example, use 24000 for the value of FramerateNumerator. When you use the console for transcode jobs that use frame rate conversion, provide the value as a decimal number for Framerate. In this example, specify 23.976." }, + "PerFrameMetrics": { + "shape": "__listOfFrameMetricType", + "locationName": "perFrameMetrics", + "documentation": "Optionally choose one or more per frame metric reports to generate along with your output. You can use these metrics to analyze your video output according to one or more commonly used image quality metrics. You can specify per frame metrics for output groups or for individual outputs. When you do, MediaConvert writes a CSV (Comma-Separated Values) file to your S3 output destination, named after the output name and metric type. For example: videofile_PSNR.csv Jobs that generate per frame metrics will take longer to complete, depending on the resolution and complexity of your output. For example, some 4K jobs might take up to twice as long to complete. Note that when analyzing the video quality of your output, or when comparing the video quality of multiple different outputs, we generally also recommend a detailed visual review in a controlled environment. You can choose from the following per frame metrics: * PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes" + }, "Profile": { "shape": "XavcProfile", "locationName": "profile", @@ -13809,6 +15173,9 @@ "__doubleMin0Max2147483647": { "type": "double" }, + "__doubleMin1Max10": { + "type": "double" + }, "__doubleMinNegative59Max0": { "type": "double" }, @@ -14150,6 +15517,16 @@ "min": 1, "max": 8 }, + "__integerMin2000Max30000": { + "type": "integer", + "min": 2000, + "max": 30000 + }, + "__integerMin22050Max192000": { + "type": "integer", + "min": 22050, + "max": 192000 + }, "__integerMin22050Max48000": { "type": "integer", "min": 22050, @@ -14245,6 +15622,11 @@ "min": 64000, "max": 640000 }, + "__integerMin6Max16": { + "type": "integer", + "min": 6, + "max": 16 + }, "__integerMin8000Max192000": { "type": "integer", "min": 8000, @@ -14280,6 +15662,11 @@ "min": 96, "max": 600 }, + "__integerMinNegative10000Max10000": { + "type": "integer", + "min": -10000, + "max": 10000 + }, "__integerMinNegative1000Max1000": { "type": "integer", "min": -1000, @@ -14401,6 +15788,12 @@ "shape": "ForceIncludeRenditionSize" } }, + "__listOfFrameMetricType": { + "type": "list", + "member": { + "shape": "FrameMetricType" + } + }, "__listOfHlsAdMarkers": { "type": "list", "member": { @@ -14473,6 +15866,12 @@ "shape": "JobTemplate" } }, + "__listOfJobsQueryFilter": { + "type": "list", + "member": { + "shape": "JobsQueryFilter" + } + }, "__listOfMsSmoothAdditionalManifest": { "type": "list", "member": { @@ -14515,6 +15914,18 @@ "shape": "Preset" } }, + "__listOfProbeInputFile": { + "type": "list", + "member": { + "shape": "ProbeInputFile" + } + }, + "__listOfProbeResult": { + "type": "list", + "member": { + "shape": "ProbeResult" + } + }, "__listOfQueue": { "type": "list", "member": { @@ -14539,6 +15950,18 @@ "shape": "TeletextPageType" } }, + "__listOfTrack": { + "type": "list", + "member": { + "shape": "Track" + } + }, + "__listOfTrackMapping": { + "type": "list", + "member": { + "shape": "TrackMapping" + } + }, "__listOfVideoOverlay": { "type": "list", "member": { @@ -14569,6 +15992,12 @@ "shape": "__doubleMinNegative60Max6" } }, + "__listOf__integer": { + "type": "list", + "member": { + "shape": "__integer" + } + }, "__listOf__integerMin1Max2147483647": { "type": "list", "member": { @@ -14593,6 +16022,12 @@ "shape": "__string" } }, + "__listOf__stringMax100": { + "type": "list", + "member": { + "shape": "__stringMax100" + } + }, "__listOf__stringMin1": { "type": "list", "member": { @@ -14617,6 +16052,9 @@ "shape": "__stringPatternS3ASSETMAPXml" } }, + "__long": { + "type": "long" + }, "__mapOfAudioSelector": { "type": "map", "key": { @@ -14644,6 +16082,15 @@ "shape": "CaptionSelector" } }, + "__mapOfDynamicAudioSelector": { + "type": "map", + "key": { + "shape": "__string" + }, + "value": { + "shape": "DynamicAudioSelector" + } + }, "__mapOf__string": { "type": "map", "key": { @@ -14656,6 +16103,10 @@ "__string": { "type": "string" }, + "__stringMax100": { + "type": "string", + "max": 100 + }, "__stringMax1000": { "type": "string", "max": 1000 @@ -14755,6 +16206,11 @@ "max": 50, "pattern": "^[a-zA-Z0-9_\\/_+=.@-]*$" }, + "__stringMin1PatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932": { + "type": "string", + "min": 1, + "pattern": "^(arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\\d{12}:key/)?[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32}$" + }, "__stringMin24Max512PatternAZaZ0902": { "type": "string", "min": 24, @@ -14809,6 +16265,10 @@ "type": "string", "pattern": "^([01][0-9]|2[0-4]):[0-5][0-9]:[0-5][0-9][:;][0-9]{2}(@[0-9]+(\\.[0-9]+)?(:[0-9]+)?)?$" }, + "__stringPattern019090190908019090190908": { + "type": "string", + "pattern": "^(\\[|\\()?(-?(0|[1-9][0-9]*):(0|[1-9][0-9]{0,8}))?(_(-?(0|[1-9][0-9]*):(0|[1-9][0-9]{0,8}))?)?(\\]|\\))?$" + }, "__stringPattern01D20305D205D": { "type": "string", "pattern": "^((([0-1]\\d)|(2[0-3]))(:[0-5]\\d){2}([:;][0-5]\\d))$" @@ -14841,9 +16301,13 @@ "type": "string", "pattern": "^[A-Za-z]{2,3}(-[A-Za-z0-9-]+)?$" }, + "__stringPatternArnAwsAZ09EventsAZ090912ConnectionAZAZ09AF0936": { + "type": "string", + "pattern": "^arn:aws[a-z0-9-]*:events:[a-z0-9-]+:[0-9]{12}:connection/[a-zA-Z0-9-]+/[a-f0-9-]{36}$" + }, "__stringPatternArnAwsUsGovAcm": { "type": "string", - "pattern": "^arn:aws(-us-gov)?:acm:" + "pattern": "^arn:aws(-us-gov)?:acm:.*$" }, "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932": { "type": "string", @@ -14855,7 +16319,7 @@ }, "__stringPatternHttps": { "type": "string", - "pattern": "^https:\\/\\/" + "pattern": "^https:\\/\\/.*$" }, "__stringPatternHttpsD": { "type": "string", @@ -14871,7 +16335,7 @@ }, "__stringPatternS3": { "type": "string", - "pattern": "^s3:\\/\\/" + "pattern": "^s3:\\/\\/.*$" }, "__stringPatternS3ASSETMAPXml": { "type": "string", diff -pruN 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/paginators-1.json 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/paginators-1.json --- 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -113,6 +113,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Networks" + }, + "ListSdiSources": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "SdiSources" + }, + "ListAlerts": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Alerts" + }, + "ListClusterAlerts": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Alerts" + }, + "ListMultiplexAlerts": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Alerts" } } } diff -pruN 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/service-2.json 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/service-2.json --- 2.23.6-1/awscli/botocore/data/medialive/2017-10-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/medialive/2017-10-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5212,6 +5212,374 @@ } ], "documentation": "Retrieves an array of all the encoder engine versions that are available in this AWS account." + }, + "CreateSdiSource": { + "name": "CreateSdiSource", + "http": { + "method": "POST", + "requestUri": "/prod/sdiSources", + "responseCode": 200 + }, + "input": { + "shape": "CreateSdiSourceRequest" + }, + "output": { + "shape": "CreateSdiSourceResponse", + "documentation": "The SdiSource is created." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "MediaLive can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permission to create the SdiSource." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded on create SdiSource calls to service." + }, + { + "shape": "ConflictException", + "documentation": "The SdiSource is unable to create due to an issue with SdiSource resources." + } + ], + "documentation": "Create an SdiSource for each video source that uses the SDI protocol. You will reference the SdiSource when you create an SDI input in MediaLive. You will also reference it in an SdiSourceMapping, in order to create a connection between the logical SdiSource and the physical SDI card and port that the physical SDI source uses." + }, + "DeleteSdiSource": { + "name": "DeleteSdiSource", + "http": { + "method": "DELETE", + "requestUri": "/prod/sdiSources/{sdiSourceId}", + "responseCode": 202 + }, + "input": { + "shape": "DeleteSdiSourceRequest" + }, + "output": { + "shape": "DeleteSdiSourceResponse", + "documentation": "Deletion of the SdiSource is in progress." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "This request was invalid." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permission to delete the SdiSource." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "NotFoundException", + "documentation": "The SdiSource that you are trying to delete doesn't exist. Check the ID and try again." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded on DeleteSdiSource calls to SdiSource service." + }, + { + "shape": "ConflictException", + "documentation": "The SdiSource is unable to delete due to an issue with SdiSource resources." + } + ], + "documentation": "Delete an SdiSource. The SdiSource must not be part of any SidSourceMapping and must not be attached to any input." + }, + "DescribeSdiSource": { + "name": "DescribeSdiSource", + "http": { + "method": "GET", + "requestUri": "/prod/sdiSources/{sdiSourceId}", + "responseCode": 200 + }, + "input": { + "shape": "DescribeSdiSourceRequest" + }, + "output": { + "shape": "DescribeSdiSourceResponse", + "documentation": "Details for one SdiSource." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "This request was invalid." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permission to describe the SdiSource." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "NotFoundException", + "documentation": "The SdiSource that you are trying to describe does not exist. Check the ID and try again." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded on describe SdiSource calls to SdiSource service." + } + ], + "documentation": "Gets details about a SdiSource." + }, + "ListSdiSources": { + "name": "ListSdiSources", + "http": { + "method": "GET", + "requestUri": "/prod/sdiSources", + "responseCode": 200 + }, + "input": { + "shape": "ListSdiSourcesRequest" + }, + "output": { + "shape": "ListSdiSourcesResponse", + "documentation": "An array of SdiSources." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "MediaLive can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permission to list SdiSources." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded on ListSdiSources calls to SdiSource service." + } + ], + "documentation": "List all the SdiSources in the AWS account." + }, + "UpdateSdiSource": { + "name": "UpdateSdiSource", + "http": { + "method": "PUT", + "requestUri": "/prod/sdiSources/{sdiSourceId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateSdiSourceRequest" + }, + "output": { + "shape": "UpdateSdiSourceResponse", + "documentation": "The SdiSource has been successfully updated." + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "MediaLive can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permission to update the SdiSource." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded on UpdateSdiSource calls to service." + }, + { + "shape": "ConflictException", + "documentation": "The SdiSource is unable to update due to an issue with SdiSource resources." + } + ], + "documentation": "Change some of the settings in an SdiSource." + }, + "ListAlerts": { + "name": "ListAlerts", + "http": { + "method": "GET", + "requestUri": "/prod/channels/{channelId}/alerts", + "responseCode": 200 + }, + "input": { + "shape": "ListAlertsRequest" + }, + "output": { + "shape": "ListAlertsResponse", + "documentation": "List of alerts" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "This request was invalid." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error" + }, + { + "shape": "ForbiddenException", + "documentation": "You do not have permission to list the alerts." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error" + }, + { + "shape": "NotFoundException", + "documentation": "The specified channel doesn't exist." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout" + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded for this operation." + } + ], + "documentation": "List the alerts for a channel with optional filtering based on alert state." + }, + "ListClusterAlerts": { + "name": "ListClusterAlerts", + "http": { + "method": "GET", + "requestUri": "/prod/clusters/{clusterId}/alerts", + "responseCode": 200 + }, + "input": { + "shape": "ListClusterAlertsRequest" + }, + "output": { + "shape": "ListClusterAlertsResponse", + "documentation": "List of alerts" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "This request was invalid." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error" + }, + { + "shape": "ForbiddenException", + "documentation": "You do not have permission to list the alerts." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error." + }, + { + "shape": "NotFoundException", + "documentation": "The specified cluster doesn't exist." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout" + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded for this operation." + } + ], + "documentation": "List the alerts for a cluster with optional filtering based on alert state." + }, + "ListMultiplexAlerts": { + "name": "ListMultiplexAlerts", + "http": { + "method": "GET", + "requestUri": "/prod/multiplexes/{multiplexId}/alerts", + "responseCode": 200 + }, + "input": { + "shape": "ListMultiplexAlertsRequest" + }, + "output": { + "shape": "ListMultiplexAlertsResponse", + "documentation": "List of alerts" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "This request was invalid." + }, + { + "shape": "InternalServerErrorException", + "documentation": "Internal Service Error" + }, + { + "shape": "ForbiddenException", + "documentation": "You do not have permission to list the alerts." + }, + { + "shape": "BadGatewayException", + "documentation": "Bad Gateway Error" + }, + { + "shape": "NotFoundException", + "documentation": "The specified multiplex doesn't exist." + }, + { + "shape": "GatewayTimeoutException", + "documentation": "Gateway Timeout" + }, + { + "shape": "TooManyRequestsException", + "documentation": "Request limit exceeded for this operation." + } + ], + "documentation": "List the alerts for a multiplex with optional filtering based on alert state." } }, "shapes": { @@ -5447,8 +5815,7 @@ }, "AcceptInputDeviceTransferResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for AcceptInputDeviceTransferResponse" }, "AccessDenied": { @@ -5554,7 +5921,7 @@ "ContainerSettings": { "shape": "ArchiveContainerSettings", "locationName": "containerSettings", - "documentation": "Settings specific to the container type of the file." + "documentation": "Container for this output. Can be auto-detected from extension field." }, "Extension": { "shape": "__string", @@ -5593,14 +5960,12 @@ }, "AribDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Arib Destination Settings" }, "AribSourceSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Arib Source Settings" }, "AudioChannelMapping": { @@ -6664,6 +7029,11 @@ "shape": "__integerMin0", "locationName": "yPosition", "documentation": "Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. All burn-in and DVB-Sub font settings must match." + }, + "SubtitleRows": { + "shape": "BurnInDestinationSubtitleRows", + "locationName": "subtitleRows", + "documentation": "Applies only when the input captions are Teletext and the output captions are DVB-Sub or Burn-In. Choose the number of lines for the captions bitmap. The captions bitmap is 700 wide × 576 high and will be laid over the video. For example, a value of 16 divides the bitmap into 16 lines, with each line 36 pixels high (16 × 36 = 576). The default is 24 (24 pixels high). Enter the same number in every encode in every output that converts the same Teletext source to DVB-Sub or Burn-in." } }, "documentation": "Burn In Destination Settings" @@ -6726,8 +7096,7 @@ }, "CancelInputDeviceTransferResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for CancelInputDeviceTransferResponse" }, "CaptionDescription": { @@ -7243,8 +7612,7 @@ }, "ClaimDeviceResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for ClaimDeviceResponse" }, "ColorCorrection": { @@ -7299,8 +7667,7 @@ }, "ColorSpacePassthroughSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Passthrough applies no color space conversion to the output" }, "ConflictException": { @@ -7588,6 +7955,15 @@ "shape": "MulticastSettingsCreateRequest", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "Placeholder documentation for CreateInput" @@ -7663,6 +8039,15 @@ "shape": "MulticastSettingsCreateRequest", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "The name of the input" @@ -8121,8 +8506,7 @@ }, "DeleteInputResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for DeleteInputResponse" }, "DeleteInputSecurityGroupRequest": { @@ -8142,8 +8526,7 @@ }, "DeleteInputSecurityGroupResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for DeleteInputSecurityGroupResponse" }, "DeleteMultiplexProgramRequest": { @@ -8403,8 +8786,7 @@ }, "DeleteScheduleResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for DeleteScheduleResponse" }, "DeleteTagsRequest": { @@ -8430,8 +8812,7 @@ }, "DescribeAccountConfigurationRequest": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for DescribeAccountConfigurationRequest" }, "DescribeAccountConfigurationResponse": { @@ -8842,6 +9223,15 @@ "shape": "MulticastSettings", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "Placeholder documentation for DescribeInputResponse" @@ -9337,8 +9727,7 @@ }, "DolbyVision81Settings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Dolby Vision81 Settings" }, "DvbNitSettings": { @@ -9531,6 +9920,11 @@ "shape": "__integerMin0", "locationName": "yPosition", "documentation": "Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match." + }, + "SubtitleRows": { + "shape": "DvbSubDestinationSubtitleRows", + "locationName": "subtitleRows", + "documentation": "Applies only when the input captions are Teletext and the output captions are DVB-Sub or Burn-In. Choose the number of lines for the captions bitmap. The captions bitmap is 700 wide × 576 high and will be laid over the video. For example, a value of 16 divides the bitmap into 16 lines, with each line 36 pixels high (16 × 36 = 576). The default is 24 (24 pixels high). Enter the same number in every encode in every output that converts the same Teletext source to DVB-Sub or Burn-in." } }, "documentation": "Dvb Sub Destination Settings" @@ -9910,17 +10304,27 @@ "FillLineGap": { "shape": "EbuTtDFillLineGapControl", "locationName": "fillLineGap", - "documentation": "Specifies how to handle the gap between the lines (in multi-line captions).\n\n- enabled: Fill with the captions background color (as specified in the input captions).\n- disabled: Leave the gap unfilled." + "documentation": "Specifies how to handle the gap between the lines (in multi-line captions). ENABLED: Fill with the captions background color (as specified in the input captions). DISABLED: Leave the gap unfilled" }, "FontFamily": { "shape": "__string", "locationName": "fontFamily", - "documentation": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to \"monospaced\". (If styleControl is set to exclude, the font family is always set to \"monospaced\".)\n\nYou specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size.\n\n- Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as “Arial”), or a generic font family (such as “serif”), or “default” (to let the downstream player choose the font).\n- Leave blank to set the family to “monospace”." + "documentation": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if style_control is set to include. (If style_control is set to exclude, the font family is always set to monospaced.) Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as Arial), or a generic font family (such as serif), or default (to let the downstream player choose the font). Or leave blank to set the family to monospace. Note that you can specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size." }, "StyleControl": { "shape": "EbuTtDDestinationStyleControl", "locationName": "styleControl", - "documentation": "Specifies the style information (font color, font position, and so on) to include in the font data that is attached to the EBU-TT captions.\n\n- include: Take the style information (font color, font position, and so on) from the source captions and include that information in the font data attached to the EBU-TT captions. This option is valid only if the source captions are Embedded or Teletext.\n- exclude: In the font data attached to the EBU-TT captions, set the font family to \"monospaced\". Do not include any other style information." + "documentation": "Specifies the style information to include in the font data that is attached to the EBU-TT captions. INCLUDE: Take the style information from the source captions and include that information in the font data attached to the EBU-TT captions. This option is valid only if the source captions are Embedded or Teletext. EXCLUDE: Set the font family to monospaced. Do not include any other style information." + }, + "DefaultFontSize": { + "shape": "__integerMin1Max800", + "locationName": "defaultFontSize", + "documentation": "Specifies the default font size as a percentage of the computed cell size. Valid only if the defaultLineHeight is also set. If you leave this field empty, the default font size is 80% of the cell size." + }, + "DefaultLineHeight": { + "shape": "__integerMin80Max800", + "locationName": "defaultLineHeight", + "documentation": "Documentation update needed" } }, "documentation": "Ebu Tt DDestination Settings" @@ -9951,14 +10355,12 @@ }, "EmbeddedDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Embedded Destination Settings" }, "EmbeddedPlusScte20DestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Embedded Plus Scte20 Destination Settings" }, "EmbeddedScte20Detection": { @@ -9997,8 +10399,7 @@ }, "Empty": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for Empty" }, "EncoderSettings": { @@ -10370,8 +10771,7 @@ }, "FrameCaptureHlsSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Frame Capture Hls Settings" }, "FrameCaptureIntervalUnit": { @@ -10468,7 +10868,7 @@ "OutputLockingMode": { "shape": "GlobalConfigurationOutputLockingMode", "locationName": "outputLockingMode", - "documentation": "Indicates how MediaLive pipelines are synchronized.\n\nPIPELINE_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the other.\nEPOCH_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the Unix epoch." + "documentation": "Indicates how MediaLive pipelines are synchronized.\n\nPIPELINE_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the other.\nEPOCH_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the Unix epoch.\nDISABLED - MediaLive will not attempt to synchronize the output of pipelines. We advise against disabling output locking because it has negative side effects in most workflows. For more information, see the section about output locking (pipeline locking) in the Medialive user guide." }, "OutputTimingSource": { "shape": "GlobalConfigurationOutputTimingSource", @@ -10509,7 +10909,8 @@ "documentation": "Global Configuration Output Locking Mode", "enum": [ "EPOCH_LOCKING", - "PIPELINE_LOCKING" + "PIPELINE_LOCKING", + "DISABLED" ] }, "GlobalConfigurationOutputTimingSource": { @@ -10713,7 +11114,7 @@ "AdaptiveQuantization": { "shape": "H264AdaptiveQuantization", "locationName": "adaptiveQuantization", - "documentation": "Enables or disables adaptive quantization, which is a technique MediaLive can apply to video on a frame-by-frame basis to produce more compression without losing quality. There are three types of adaptive quantization: flicker, spatial, and temporal. Set the field in one of these ways: Set to Auto. Recommended. For each type of AQ, MediaLive will determine if AQ is needed, and if so, the appropriate strength. Set a strength (a value other than Auto or Disable). This strength will apply to any of the AQ fields that you choose to enable. Set to Disabled to disable all types of adaptive quantization." + "documentation": "Enables or disables adaptive quantization (AQ), which is a technique MediaLive can apply to video on a frame-by-frame basis to produce more compression without losing quality. There are three types of adaptive quantization: spatial, temporal, and flicker. We recommend that you set the field to Auto. For more information about all the options, see the topic about video adaptive quantization in the MediaLive user guide." }, "AfdSignaling": { "shape": "AfdSignaling", @@ -10743,7 +11144,7 @@ "ColorSpaceSettings": { "shape": "H264ColorSpaceSettings", "locationName": "colorSpaceSettings", - "documentation": "Color Space settings" + "documentation": "Specify the type of color space to apply or choose to pass through. The default is to pass through the color space that is in the source." }, "EntropyEncoding": { "shape": "H264EntropyEncoding", @@ -10763,7 +11164,7 @@ "FlickerAq": { "shape": "H264FlickerAq", "locationName": "flickerAq", - "documentation": "Flicker AQ makes adjustments within each frame to reduce flicker or 'pop' on I-frames. The value to enter in this field depends on the value in the Adaptive quantization field: If you have set the Adaptive quantization field to Auto, MediaLive ignores any value in this field. MediaLive will determine if flicker AQ is appropriate and will apply the appropriate strength. If you have set the Adaptive quantization field to a strength, you can set this field to Enabled or Disabled. Enabled: MediaLive will apply flicker AQ using the specified strength. Disabled: MediaLive won't apply flicker AQ. If you have set the Adaptive quantization to Disabled, MediaLive ignores any value in this field and doesn't apply flicker AQ." + "documentation": "Flicker AQ makes adjustments within each frame to reduce flicker or 'pop' on I-frames. The value to enter in this field depends on the value in the Adaptive quantization field. For more information, see the topic about video adaptive quantization in the MediaLive user guide." }, "ForceFieldPictures": { "shape": "H264ForceFieldPictures", @@ -10893,7 +11294,7 @@ "SpatialAq": { "shape": "H264SpatialAq", "locationName": "spatialAq", - "documentation": "Spatial AQ makes adjustments within each frame based on spatial variation of content complexity. The value to enter in this field depends on the value in the Adaptive quantization field: If you have set the Adaptive quantization field to Auto, MediaLive ignores any value in this field. MediaLive will determine if spatial AQ is appropriate and will apply the appropriate strength. If you have set the Adaptive quantization field to a strength, you can set this field to Enabled or Disabled. Enabled: MediaLive will apply spatial AQ using the specified strength. Disabled: MediaLive won't apply spatial AQ. If you have set the Adaptive quantization to Disabled, MediaLive ignores any value in this field and doesn't apply spatial AQ." + "documentation": "Spatial AQ makes adjustments within each frame based on spatial variation of content complexity. The value to enter in this field depends on the value in the Adaptive quantization field. For more information, see the topic about video adaptive quantization in the MediaLive user guide." }, "SubgopLength": { "shape": "H264SubGopLength", @@ -10908,7 +11309,7 @@ "TemporalAq": { "shape": "H264TemporalAq", "locationName": "temporalAq", - "documentation": "Temporal makes adjustments within each frame based on temporal variation of content complexity. The value to enter in this field depends on the value in the Adaptive quantization field: If you have set the Adaptive quantization field to Auto, MediaLive ignores any value in this field. MediaLive will determine if temporal AQ is appropriate and will apply the appropriate strength. If you have set the Adaptive quantization field to a strength, you can set this field to Enabled or Disabled. Enabled: MediaLive will apply temporal AQ using the specified strength. Disabled: MediaLive won't apply temporal AQ. If you have set the Adaptive quantization to Disabled, MediaLive ignores any value in this field and doesn't apply temporal AQ." + "documentation": "Temporal makes adjustments within each frame based on variations in content complexity over time. The value to enter in this field depends on the value in the Adaptive quantization field. For more information, see the topic about video adaptive quantization in the MediaLive user guide." }, "TimecodeInsertion": { "shape": "H264TimecodeInsertionBehavior", @@ -10924,6 +11325,11 @@ "shape": "__integerMin1Max51", "locationName": "minQp", "documentation": "Sets the minimum QP. If you aren't familiar with quantization adjustment, leave the field empty. MediaLive will\napply an appropriate value." + }, + "MinBitrate": { + "shape": "__integerMin0", + "locationName": "minBitrate", + "documentation": "Used for QVBR rate control mode only.\nOptional.\nEnter a minimum bitrate if you want to keep the output bitrate about a threshold, in order to prevent the downstream system from de-allocating network bandwidth for this output." } }, "documentation": "H264 Settings" @@ -11121,7 +11527,7 @@ "AdaptiveQuantization": { "shape": "H265AdaptiveQuantization", "locationName": "adaptiveQuantization", - "documentation": "Adaptive quantization. Allows intra-frame quantizers to vary to improve visual quality." + "documentation": "Enables or disables adaptive quantization (AQ), which is a technique MediaLive can apply to video on a frame-by-frame basis to produce more compression without losing quality. There are three types of adaptive quantization: spatial, temporal, and flicker. Flicker is the only type that you can customize. We recommend that you set the field to Auto. For more information about all the options, see the topic about video adaptive quantization in the MediaLive user guide." }, "AfdSignaling": { "shape": "AfdSignaling", @@ -11151,7 +11557,7 @@ "ColorSpaceSettings": { "shape": "H265ColorSpaceSettings", "locationName": "colorSpaceSettings", - "documentation": "Color Space settings" + "documentation": "Specify the type of color space to apply or choose to pass through. The default is to pass through the color space that is in the source." }, "FilterSettings": { "shape": "H265FilterSettings", @@ -11166,7 +11572,7 @@ "FlickerAq": { "shape": "H265FlickerAq", "locationName": "flickerAq", - "documentation": "If set to enabled, adjust quantization within each frame to reduce flicker or 'pop' on I-frames." + "documentation": "Flicker AQ makes adjustments within each frame to reduce flicker or 'pop' on I-frames. The value to enter in this field depends on the value in the Adaptive quantization field. For more information, see the topic about video adaptive quantization in the MediaLive user guide." }, "FramerateDenominator": { "shape": "__integerMin1Max3003", @@ -11307,6 +11713,26 @@ "shape": "H265Deblocking", "locationName": "deblocking", "documentation": "Enable or disable the deblocking filter for this codec. The filter reduces blocking artifacts at block boundaries,\nwhich improves overall video quality. If the filter is disabled, visible block edges might appear in the output,\nespecially at lower bitrates." + }, + "GopBReference": { + "shape": "H265GopBReference", + "locationName": "gopBReference", + "documentation": "Allows the encoder to use a B-Frame as a reference frame as well.\nENABLED: B-frames will also serve as reference frames.\nDISABLED: B-frames won't be reference frames.\nMust be DISABLED if resolution is greater than 1080p or when using tiled hevc encoding." + }, + "GopNumBFrames": { + "shape": "__integerMin0Max3", + "locationName": "gopNumBFrames", + "documentation": "Sets the number of B-frames between reference frames.\nSet to 2 if resolution is greater than 1080p or when using tiled hevc encoding." + }, + "MinBitrate": { + "shape": "__integerMin0Max40000000", + "locationName": "minBitrate", + "documentation": "Used for QVBR rate control mode only.\nOptional.\nEnter a minimum bitrate if you want to keep the output bitrate about a threshold, in order to prevent the downstream system from de-allocating network bandwidth for this output." + }, + "SubgopLength": { + "shape": "H265SubGopLength", + "locationName": "subgopLength", + "documentation": "Sets the number of B-frames in each sub-GOP.\nFIXED: Use the value in Num B-frames.\nDYNAMIC: Optimizes the number of B-frames in each sub-GOP to improve visual quality.\nMust be FIXED if resolution is greater than 1080p or when using tiled hevc encoding." } }, "documentation": "H265 Settings", @@ -12078,8 +12504,7 @@ }, "HtmlMotionGraphicsSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Html Motion Graphics Settings" }, "IFrameOnlyPlaylistType": { @@ -12092,8 +12517,7 @@ }, "ImmediateModeScheduleActionStartSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Settings to configure an action so that it occurs as soon as possible." }, "IncludeFillerNalUnits": { @@ -12200,6 +12624,15 @@ "shape": "MulticastSettings", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "Placeholder documentation for Input" @@ -12523,6 +12956,11 @@ "shape": "__listOfInputDeviceConfigurableAudioChannelPairConfig", "locationName": "audioChannelPairs", "documentation": "An array of eight audio configurations, one for each audio pair in the source. Set up each audio configuration either to exclude the pair, or to format it and include it in the output from the device. This parameter applies only to UHD devices, and only when the device is configured as the source for a MediaConnect flow. For an HD device, you configure the audio by setting up audio selectors in the channel configuration." + }, + "InputResolution": { + "shape": "__string", + "locationName": "inputResolution", + "documentation": "Choose the resolution of the Link device's source (HD or UHD). Make sure the resolution matches the current source from the device. This value determines MediaLive resource allocation and billing for this input. Only UHD devices can specify this parameter." } }, "documentation": "Configurable settings for the input device." @@ -12913,6 +13351,11 @@ "shape": "__listOfInputDeviceUhdAudioChannelPairConfig", "locationName": "audioChannelPairs", "documentation": "An array of eight audio configurations, one for each audio pair in the source. Each audio configuration specifies either to exclude the pair, or to format it and include it in the output from the UHD device. Applies only when the device is configured as the source for a MediaConnect flow." + }, + "InputResolution": { + "shape": "__string", + "locationName": "inputResolution", + "documentation": "The resolution of the Link device's source (HD or UHD). This value determines MediaLive resource allocation and billing for this input." } }, "documentation": "Settings that describe the active source from the input device, and the video characteristics of that source." @@ -13340,7 +13783,9 @@ "AWS_CDI", "TS_FILE", "SRT_CALLER", - "MULTICAST" + "MULTICAST", + "SMPTE_2110_RECEIVER_GROUP", + "SDI" ] }, "InputVpcRequest": { @@ -14686,6 +15131,11 @@ "shape": "OutputLocationRef", "locationName": "destination", "documentation": "MediaPackage channel destination." + }, + "MediapackageV2GroupSettings": { + "shape": "MediaPackageV2GroupSettings", + "locationName": "mediapackageV2GroupSettings", + "documentation": "Parameters that apply only if the destination parameter (for the output group) specifies a channelGroup and channelName. Use of these two paramters indicates that the output group is for MediaPackage V2 (CMAF Ingest)." } }, "documentation": "Media Package Group Settings", @@ -14717,6 +15167,11 @@ "MediaPackageOutputSettings": { "type": "structure", "members": { + "MediaPackageV2DestinationSettings": { + "shape": "MediaPackageV2DestinationSettings", + "locationName": "mediaPackageV2DestinationSettings", + "documentation": "Optional settings for MediaPackage V2 destinations" + } }, "documentation": "Media Package Output Settings" }, @@ -14766,8 +15221,7 @@ }, "MotionGraphicsDeactivateScheduleActionSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Settings to specify the ending of rendering motion graphics into the video stream." }, "MotionGraphicsInsertion": { @@ -15191,8 +15645,7 @@ }, "MultiplexGroupSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Multiplex Group Settings" }, "MultiplexMediaConnectOutputDestinationSettings": { @@ -15888,6 +16341,11 @@ "shape": "__listOfSrtOutputDestinationSettings", "locationName": "srtSettings", "documentation": "SRT settings for an SRT output; one destination for each redundant encoder." + }, + "LogicalInterfaceNames": { + "shape": "__listOf__string", + "locationName": "logicalInterfaceNames", + "documentation": "Optional assignment of an output to a logical interface on the Node. Only applies to on premises channels." } }, "documentation": "Placeholder documentation for OutputDestination" @@ -16060,8 +16518,7 @@ }, "PassThroughSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Pass Through Settings" }, "PauseStateScheduleActionSettings": { @@ -16120,8 +16577,7 @@ }, "PipelineLockingSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Pipeline Locking Settings" }, "PipelinePauseStateSettings": { @@ -16256,8 +16712,7 @@ }, "RawSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Raw Settings" }, "RebootInputDevice": { @@ -16301,20 +16756,17 @@ }, "RebootInputDeviceResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for RebootInputDeviceResponse" }, "Rec601Settings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Rec601 Settings" }, "Rec709Settings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Rec709 Settings" }, "RejectInputDeviceTransferRequest": { @@ -16334,8 +16786,7 @@ }, "RejectInputDeviceTransferResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for RejectInputDeviceTransferResponse" }, "RemixSettings": { @@ -16658,8 +17109,7 @@ }, "RtmpCaptionInfoDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Rtmp Caption Info Destination Settings" }, "RtmpGroupSettings": { @@ -16895,8 +17345,7 @@ }, "ScheduleDeleteResultModel": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Result of a schedule deletion." }, "ScheduleDescribeResultModel": { @@ -16928,8 +17377,7 @@ }, "Scte20PlusEmbeddedDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Scte20 Plus Embedded Destination Settings" }, "Scte20SourceSettings": { @@ -16950,8 +17398,7 @@ }, "Scte27DestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Scte27 Destination Settings" }, "Scte27OcrLanguage": { @@ -17373,8 +17820,7 @@ }, "SmpteTtDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Smpte Tt Destination Settings" }, "StandardHlsSettings": { @@ -17531,8 +17977,7 @@ }, "StartInputDeviceMaintenanceWindowResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for StartInputDeviceMaintenanceWindowResponse" }, "StartInputDeviceRequest": { @@ -17552,8 +17997,7 @@ }, "StartInputDeviceResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for StartInputDeviceResponse" }, "StartMultiplexRequest": { @@ -17957,8 +18401,7 @@ }, "StopInputDeviceResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for StopInputDeviceResponse" }, "StopMultiplexRequest": { @@ -18070,8 +18513,7 @@ }, "TeletextDestinationSettings": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Teletext Destination Settings" }, "TeletextSourceSettings": { @@ -18207,8 +18649,7 @@ }, "ThumbnailNoData": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Response when thumbnail has no data. It should have no message." }, "ThumbnailState": { @@ -18372,8 +18813,7 @@ }, "TransferInputDeviceResponse": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for TransferInputDeviceResponse" }, "TransferringInputDeviceSummary": { @@ -18605,6 +19045,11 @@ "DryRun": { "shape": "__boolean", "locationName": "dryRun" + }, + "AnywhereSettings": { + "shape": "AnywhereSettings", + "locationName": "anywhereSettings", + "documentation": "The Elemental Anywhere settings for this channel." } }, "documentation": "Placeholder documentation for UpdateChannel" @@ -18725,6 +19170,11 @@ "DryRun": { "shape": "__boolean", "locationName": "dryRun" + }, + "AnywhereSettings": { + "shape": "AnywhereSettings", + "locationName": "anywhereSettings", + "documentation": "The Elemental Anywhere settings for this channel." } }, "documentation": "A request to update a channel.", @@ -18799,6 +19249,15 @@ "shape": "MulticastSettingsUpdateRequest", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "Placeholder documentation for UpdateInput" @@ -19003,6 +19462,15 @@ "shape": "MulticastSettingsUpdateRequest", "locationName": "multicastSettings", "documentation": "Multicast Input settings." + }, + "Smpte2110ReceiverGroupSettings": { + "shape": "Smpte2110ReceiverGroupSettings", + "locationName": "smpte2110ReceiverGroupSettings", + "documentation": "Include this parameter if the input is a SMPTE 2110 input, to identify the stream sources for this input." + }, + "SdiSources": { + "shape": "InputSdiSources", + "locationName": "sdiSources" } }, "documentation": "A request to update an input.", @@ -19395,12 +19863,12 @@ "ColorSpace": { "shape": "VideoSelectorColorSpace", "locationName": "colorSpace", - "documentation": "Specifies the color space of an input. This setting works in tandem with colorSpaceUsage and a video description's colorSpaceSettingsChoice to determine if any conversion will be performed." + "documentation": "Controls how MediaLive will use the color space metadata from the source. Typically, choose FOLLOW, which means to use the color space metadata without changing it. Or choose another value (a standard). In this case, the handling is controlled by the colorspaceUsage property." }, "ColorSpaceSettings": { "shape": "VideoSelectorColorSpaceSettings", "locationName": "colorSpaceSettings", - "documentation": "Color space settings" + "documentation": "Choose HDR10 only if the following situation applies. Firstly, you specified HDR10 in ColorSpace. Secondly, the attached input is for AWS Elemental Link. Thirdly, you plan to convert the content to another color space. You need to specify the color space metadata that is missing from the source sent from AWS Elemental Link." }, "ColorSpaceUsage": { "shape": "VideoSelectorColorSpaceUsage", @@ -20780,6 +21248,31 @@ "shape": "__stringMax100", "locationName": "id3NameModifier", "documentation": "Change the modifier that MediaLive automatically adds to the Streams() name that identifies an ID3 track. The default is \"id3\", which means the default name will be Streams(id3.cmfm). Any string you enter here will replace the \"id3\" string.\\nThe modifier can only contain: numbers, letters, plus (+), minus (-), underscore (_) and period (.) and has a maximum length of 100 characters." + }, + "CaptionLanguageMappings": { + "shape": "__listOfCmafIngestCaptionLanguageMapping", + "locationName": "captionLanguageMappings", + "documentation": "An array that identifies the languages in the four caption channels in the embedded captions." + }, + "TimedMetadataId3Frame": { + "shape": "CmafTimedMetadataId3Frame", + "locationName": "timedMetadataId3Frame", + "documentation": "Set to none if you don't want to insert a timecode in the output. Otherwise choose the frame type for the timecode." + }, + "TimedMetadataId3Period": { + "shape": "__integerMin0Max10000", + "locationName": "timedMetadataId3Period", + "documentation": "If you set up to insert a timecode in the output, specify the frequency for the frame, in seconds." + }, + "TimedMetadataPassthrough": { + "shape": "CmafTimedMetadataPassthrough", + "locationName": "timedMetadataPassthrough", + "documentation": "Set to enabled to pass through ID3 metadata from the input sources." + }, + "AdditionalDestinations": { + "shape": "__listOfAdditionalDestinations", + "locationName": "additionalDestinations", + "documentation": "Optional an array of additional destinational HTTP destinations for the OutputGroup outputs" } }, "documentation": "Cmaf Ingest Group Settings", @@ -21075,7 +21568,8 @@ "MEDIAPACKAGE_CHANNEL", "MEDIAPACKAGE_ORIGIN_ENDPOINT", "MEDIACONNECT_FLOW", - "S3_BUCKET" + "S3_BUCKET", + "MEDIATAILOR_PLAYBACK_CONFIGURATION" ] }, "CloudWatchAlarmTemplateTreatMissingData": { @@ -21115,6 +21609,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21138,6 +21638,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21289,6 +21795,12 @@ "TreatMissingData": { "shape": "CloudWatchAlarmTemplateTreatMissingData", "locationName": "treatMissingData" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21367,6 +21879,12 @@ "TreatMissingData": { "shape": "CloudWatchAlarmTemplateTreatMissingData", "locationName": "treatMissingData" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21582,6 +22100,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21605,6 +22129,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21723,6 +22253,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21761,6 +22297,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21909,6 +22451,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -21946,6 +22494,12 @@ "Tags": { "shape": "TagMap", "locationName": "tags" + }, + "RequestId": { + "shape": "__stringMin1Max256PatternS", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true } }, "required": [ @@ -25383,14 +25937,14 @@ "documentation": "Configures whether MediaLive will write AFD values into the video.\nAUTO: MediaLive will try to preserve the input AFD value (in cases where multiple AFD values are valid).\nFIXED: the AFD value will be the value configured in the fixedAfd parameter.\nNONE: MediaLive won't write AFD into the video" }, "BufSize": { - "shape": "__integerMin50000Max16000000", + "shape": "__integerMin50000Max24000000", "locationName": "bufSize", "documentation": "The size of the buffer (HRD buffer model) in bits." }, "ColorSpaceSettings": { "shape": "Av1ColorSpaceSettings", "locationName": "colorSpaceSettings", - "documentation": "Color Space settings" + "documentation": "Specify the type of color space to apply or choose to pass through. The default is to pass through the color space that is in the source." }, "FixedAfd": { "shape": "FixedAfd", @@ -25428,7 +25982,7 @@ "documentation": "Sets the amount of lookahead. A value of LOW can decrease latency and memory usage. A value of HIGH can produce better quality for certain content." }, "MaxBitrate": { - "shape": "__integerMin50000Max8000000", + "shape": "__integerMin50000Max12000000", "locationName": "maxBitrate", "documentation": "The maximum bitrate to assign.\nFor recommendations, see the description for qvbrQualityLevel." }, @@ -25461,6 +26015,21 @@ "shape": "TimecodeBurninSettings", "locationName": "timecodeBurninSettings", "documentation": "Configures the timecode burn-in feature. If you enable this feature, the timecode will become part of the video." + }, + "Bitrate": { + "shape": "__integerMin50000Max12000000", + "locationName": "bitrate", + "documentation": "Average bitrate in bits/second. Required when the rate control mode is CBR. Not used for QVBR." + }, + "RateControlMode": { + "shape": "Av1RateControlMode", + "locationName": "rateControlMode", + "documentation": "Rate control mode.\n\nQVBR: Quality will match the specified quality level except when it is constrained by the\nmaximum bitrate. Recommended if you or your viewers pay for bandwidth.\n\nCBR: Quality varies, depending on the video complexity. Recommended only if you distribute\nyour assets to devices that cannot handle variable bitrates." + }, + "MinBitrate": { + "shape": "__integerMin0Max8000000", + "locationName": "minBitrate", + "documentation": "Used for QVBR rate control mode only.\nOptional.\nEnter a minimum bitrate if you want to keep the output bitrate about a threshold, in order to prevent the downstream system from de-allocating network bandwidth for this output." } }, "documentation": "Av1 Settings", @@ -25616,7 +26185,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -25936,6 +26505,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for CreateNodeResponse" @@ -25993,7 +26567,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -26192,6 +26766,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for DeleteNodeResponse" @@ -26265,7 +26844,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -26306,7 +26885,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -26347,7 +26926,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -26717,6 +27296,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for DescribeNodeResponse" @@ -26773,6 +27357,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Contains the response for CreateNode, DescribeNode, DeleteNode, UpdateNode" @@ -26834,6 +27423,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for DescribeNodeSummary" @@ -27574,7 +28168,7 @@ "Nodes": { "shape": "__listOf__string", "locationName": "nodes", - "documentation": "An array with one item, which is the signle Node that is associated with the ChannelPlacementGroup." + "documentation": "An array with one item, which is the single Node that is associated with the ChannelPlacementGroup." }, "State": { "shape": "ChannelPlacementGroupState", @@ -27825,6 +28419,11 @@ "shape": "NodeRole", "locationName": "role", "documentation": "The initial role of the Node in the Cluster. ACTIVE means the Node is available for encoding. BACKUP means the Node is a redundant Node and might get used if an ACTIVE Node fails." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappingsUpdateRequest", + "locationName": "sdiSourceMappings", + "documentation": "The mappings of a SDI capture card port to a logical SDI data stream" } }, "documentation": "A request to update the node.", @@ -27885,6 +28484,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for UpdateNodeResponse" @@ -27976,6 +28580,11 @@ "shape": "NodeState", "locationName": "state", "documentation": "The current state of the Node." + }, + "SdiSourceMappings": { + "shape": "SdiSourceMappings", + "locationName": "sdiSourceMappings", + "documentation": "An array of SDI source mappings. Each mapping connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses." } }, "documentation": "Placeholder documentation for UpdateNodeStateResponse" @@ -27986,17 +28595,17 @@ "max": 16000, "documentation": "Placeholder documentation for __integerMin40Max16000" }, - "__integerMin50000Max16000000": { + "__integerMin50000Max24000000": { "type": "integer", "min": 50000, - "max": 16000000, - "documentation": "Placeholder documentation for __integerMin50000Max16000000" + "max": 24000000, + "documentation": "Placeholder documentation for __integerMin50000Max24000000" }, - "__integerMin50000Max8000000": { + "__integerMin50000Max12000000": { "type": "integer", "min": 50000, - "max": 8000000, - "documentation": "Placeholder documentation for __integerMin50000Max8000000" + "max": 12000000, + "documentation": "Placeholder documentation for __integerMin50000Max12000000" }, "__listOfDescribeChannelPlacementGroupSummary": { "type": "list", @@ -28318,8 +28927,7 @@ }, "ListVersionsRequest": { "type": "structure", - "members": { - }, + "members": {}, "documentation": "Placeholder documentation for ListVersionsRequest" }, "ListVersionsResponse": { @@ -28377,6 +28985,1033 @@ "required": [ "Id3" ] + }, + "__stringMin1Max256PatternS": { + "type": "string", + "min": 1, + "max": 256, + "pattern": "^[\\S]+$", + "documentation": "Placeholder documentation for __stringMin1Max256PatternS" + }, + "__integerMin1Max800": { + "type": "integer", + "min": 1, + "max": 800, + "documentation": "Placeholder documentation for __integerMin1Max800" + }, + "__integerMin80Max800": { + "type": "integer", + "min": 80, + "max": 800, + "documentation": "Placeholder documentation for __integerMin80Max800" + }, + "InputSdpLocation": { + "type": "structure", + "members": { + "MediaIndex": { + "shape": "__integer", + "locationName": "mediaIndex", + "documentation": "The index of the media stream in the SDP file for one SMPTE 2110 stream." + }, + "SdpUrl": { + "shape": "__string", + "locationName": "sdpUrl", + "documentation": "The URL of the SDP file for one SMPTE 2110 stream." + } + }, + "documentation": "The location of the SDP file for one of the SMPTE 2110 streams in a receiver group." + }, + "Smpte2110ReceiverGroup": { + "type": "structure", + "members": { + "SdpSettings": { + "shape": "Smpte2110ReceiverGroupSdpSettings", + "locationName": "sdpSettings", + "documentation": "The single Smpte2110ReceiverGroupSdpSettings that identify the video, audio, and ancillary streams for this receiver group." + } + }, + "documentation": "A receiver group is a collection of video, audio, and ancillary streams that you want to group together and attach to one input." + }, + "Smpte2110ReceiverGroupSdpSettings": { + "type": "structure", + "members": { + "AncillarySdps": { + "shape": "__listOfInputSdpLocation", + "locationName": "ancillarySdps", + "documentation": "A list of InputSdpLocations. Each item in the list specifies the SDP file and index for one ancillary SMPTE 2110 stream.\nEach stream encapsulates one captions stream (out of any number you can include) or the single SCTE 35 stream that you can include." + }, + "AudioSdps": { + "shape": "__listOfInputSdpLocation", + "locationName": "audioSdps", + "documentation": "A list of InputSdpLocations. Each item in the list specifies the SDP file and index for one audio SMPTE 2110 stream." + }, + "VideoSdp": { + "shape": "InputSdpLocation", + "locationName": "videoSdp", + "documentation": "The InputSdpLocation that specifies the SDP file and index for the single video SMPTE 2110 stream for this 2110 input." + } + }, + "documentation": "Information about the SDP files that describe the SMPTE 2110 streams that go into one SMPTE 2110 receiver group." + }, + "Smpte2110ReceiverGroupSettings": { + "type": "structure", + "members": { + "Smpte2110ReceiverGroups": { + "shape": "__listOfSmpte2110ReceiverGroup", + "locationName": "smpte2110ReceiverGroups" + } + }, + "documentation": "Configures the sources for the SMPTE 2110 Receiver Group input." + }, + "__listOfInputSdpLocation": { + "type": "list", + "member": { + "shape": "InputSdpLocation" + }, + "documentation": "Placeholder documentation for __listOfInputSdpLocation" + }, + "__listOfSmpte2110ReceiverGroup": { + "type": "list", + "member": { + "shape": "Smpte2110ReceiverGroup" + }, + "documentation": "Placeholder documentation for __listOfSmpte2110ReceiverGroup" + }, + "CreateSdiSourceRequest": { + "type": "structure", + "members": { + "Mode": { + "shape": "SdiSourceMode", + "locationName": "mode", + "documentation": "Applies only if the type is QUAD. Specify the mode for handling the quad-link signal: QUADRANT or INTERLEAVE." + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "Specify a name that is unique in the AWS account. We recommend you assign a name that describes the source, for example curling-cameraA. Names are case-sensitive." + }, + "RequestId": { + "shape": "__string", + "locationName": "requestId", + "documentation": "An ID that you assign to a create request. This ID ensures idempotency when creating resources.", + "idempotencyToken": true + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "A collection of key-value pairs." + }, + "Type": { + "shape": "SdiSourceType", + "locationName": "type", + "documentation": "Specify the type of the SDI source: SINGLE: The source is a single-link source. QUAD: The source is one part of a quad-link source." + } + }, + "documentation": "A request to create a SdiSource." + }, + "CreateSdiSourceResponse": { + "type": "structure", + "members": { + "SdiSource": { + "shape": "SdiSource", + "locationName": "sdiSource", + "documentation": "Settings for the SDI source." + } + }, + "documentation": "Placeholder documentation for CreateSdiSourceResponse" + }, + "DeleteSdiSourceRequest": { + "type": "structure", + "members": { + "SdiSourceId": { + "shape": "__string", + "location": "uri", + "locationName": "sdiSourceId", + "documentation": "The ID of the SdiSource." + } + }, + "required": [ + "SdiSourceId" + ], + "documentation": "Placeholder documentation for DeleteSdiSourceRequest" + }, + "DeleteSdiSourceResponse": { + "type": "structure", + "members": { + "SdiSource": { + "shape": "SdiSource", + "locationName": "sdiSource", + "documentation": "Settings for the SDI source." + } + }, + "documentation": "Placeholder documentation for DeleteSdiSourceResponse" + }, + "DescribeSdiSourceRequest": { + "type": "structure", + "members": { + "SdiSourceId": { + "shape": "__string", + "location": "uri", + "locationName": "sdiSourceId", + "documentation": "Get details about an SdiSource." + } + }, + "required": [ + "SdiSourceId" + ], + "documentation": "Placeholder documentation for DescribeSdiSourceRequest" + }, + "DescribeSdiSourceResponse": { + "type": "structure", + "members": { + "SdiSource": { + "shape": "SdiSource", + "locationName": "sdiSource", + "documentation": "Settings for the SDI source." + } + }, + "documentation": "Placeholder documentation for DescribeSdiSourceResponse" + }, + "InputSdiSources": { + "type": "list", + "documentation": "SDI Sources for this Input.", + "member": { + "shape": "__string" + } + }, + "ListSdiSourcesRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of items to return." + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The token to retrieve the next page of results." + } + }, + "documentation": "Placeholder documentation for ListSdiSourcesRequest" + }, + "ListSdiSourcesResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "locationName": "nextToken" + }, + "SdiSources": { + "shape": "__listOfSdiSourceSummary", + "locationName": "sdiSources" + } + }, + "documentation": "Placeholder documentation for ListSdiSourcesResponse" + }, + "SdiSource": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "locationName": "arn", + "documentation": "The ARN of this SdiSource. It is automatically assigned when the SdiSource is created." + }, + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The ID of the SdiSource. Unique in the AWS account.The ID is the resource-id portion of the ARN." + }, + "Inputs": { + "shape": "__listOf__string", + "locationName": "inputs", + "documentation": "The list of inputs that are currently using this SDI source. This list will be empty if the SdiSource has just been deleted." + }, + "Mode": { + "shape": "SdiSourceMode", + "locationName": "mode", + "documentation": "Applies only if the type is QUAD. The mode for handling the quad-link signal QUADRANT or INTERLEAVE." + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "The name of the SdiSource." + }, + "State": { + "shape": "SdiSourceState", + "locationName": "state", + "documentation": "Specifies whether the SDI source is attached to an SDI input (IN_USE) or not (IDLE)." + }, + "Type": { + "shape": "SdiSourceType", + "locationName": "type" + } + }, + "documentation": "Used in CreateSdiSourceResponse, DeleteSdiSourceResponse, DescribeSdiSourceResponse, ListSdiSourcesResponse, UpdateSdiSourceResponse" + }, + "SdiSourceMapping": { + "type": "structure", + "members": { + "CardNumber": { + "shape": "__integer", + "locationName": "cardNumber", + "documentation": "A number that uniquely identifies the SDI card on the node hardware." + }, + "ChannelNumber": { + "shape": "__integer", + "locationName": "channelNumber", + "documentation": "A number that uniquely identifies a port on the SDI card." + }, + "SdiSource": { + "shape": "__string", + "locationName": "sdiSource", + "documentation": "The ID of the SdiSource to associate with this port on this card. You can use the ListSdiSources operation to discover all the IDs." + } + }, + "documentation": "Used in DescribeNodeSummary, DescribeNodeResult." + }, + "SdiSourceMappingUpdateRequest": { + "type": "structure", + "members": { + "CardNumber": { + "shape": "__integer", + "locationName": "cardNumber", + "documentation": "A number that uniquely identifies the SDI card on the node hardware. For information about how physical cards are identified on your node hardware, see the documentation for your node hardware. The numbering always starts at 1." + }, + "ChannelNumber": { + "shape": "__integer", + "locationName": "channelNumber", + "documentation": "A number that uniquely identifies a port on the card. This must be an SDI port (not a timecode port, for example). For information about how ports are identified on physical cards, see the documentation for your node hardware." + }, + "SdiSource": { + "shape": "__string", + "locationName": "sdiSource", + "documentation": "The ID of a SDI source streaming on the given SDI capture card port." + } + }, + "documentation": "Used in SdiSourceMappingsUpdateRequest. One SDI source mapping. It connects one logical SdiSource to the physical SDI card and port that the physical SDI source uses. You must specify all three parameters in this object." + }, + "SdiSourceMappings": { + "type": "list", + "documentation": "Used in SdiSourceMappings.", + "member": { + "shape": "SdiSourceMapping" + } + }, + "SdiSourceMappingsUpdateRequest": { + "type": "list", + "documentation": "Used in the SdiSourceMappingsUpdateRequest, which is a parameter of the UpdateNodeRequest, which is used in the UpdateNodeRequest operation. This means that you create a mapping for an SDI source by updating a Node. You can't create the mapping when you first create the Node.", + "member": { + "shape": "SdiSourceMappingUpdateRequest" + } + }, + "SdiSourceMode": { + "type": "string", + "documentation": "Used in SdiSource, CreateSdiSourceRequest, UpdateSdiSourceRequest.", + "enum": [ + "QUADRANT", + "INTERLEAVE" + ] + }, + "SdiSourceState": { + "type": "string", + "documentation": "Used in SdiSource, DescribeNodeRequest, DescribeNodeResult", + "enum": [ + "IDLE", + "IN_USE", + "DELETED" + ] + }, + "SdiSourceSummary": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "locationName": "arn", + "documentation": "The ARN of this SdiSource. It is automatically assigned when the SdiSource is created." + }, + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The ID of the SdiSource. Unique in the AWS account.The ID is the resource-id portion of the ARN." + }, + "Inputs": { + "shape": "__listOf__string", + "locationName": "inputs", + "documentation": "The list of inputs that are currently using this SDI source. This list will be empty if the SdiSource has just been deleted." + }, + "Mode": { + "shape": "SdiSourceMode", + "locationName": "mode", + "documentation": "Applies only if the type is QUAD. The mode for handling the quad-link signal QUADRANT or INTERLEAVE." + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "The name of the SdiSource." + }, + "State": { + "shape": "SdiSourceState", + "locationName": "state", + "documentation": "Specifies whether the SDI source is attached to an SDI input (IN_USE) or not (IDLE)." + }, + "Type": { + "shape": "SdiSourceType", + "locationName": "type" + } + }, + "documentation": "Used in CreateSdiSourceResponse, DeleteSdiSourceResponse, DescribeSdiSourceResponse, ListSdiSourcesResponse, UpdateSdiSourceResponse" + }, + "SdiSourceType": { + "type": "string", + "documentation": "Used in SdiSource, CreateSdiSourceRequest, UpdateSdiSourceRequest.", + "enum": [ + "SINGLE", + "QUAD" + ] + }, + "UpdateSdiSourceRequest": { + "type": "structure", + "members": { + "Mode": { + "shape": "SdiSourceMode", + "locationName": "mode", + "documentation": "Include this parameter only if you want to change the name of the SdiSource. Specify a name that is unique in the AWS account. We recommend you assign a name that describes the source, for example curling-cameraA. Names are case-sensitive." + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "Include this parameter only if you want to change the name of the SdiSource. Specify a name that is unique in the AWS account. We recommend you assign a name that describes the source, for example curling-cameraA. Names are case-sensitive." + }, + "SdiSourceId": { + "shape": "__string", + "location": "uri", + "locationName": "sdiSourceId", + "documentation": "The ID of the SdiSource" + }, + "Type": { + "shape": "SdiSourceType", + "locationName": "type", + "documentation": "Include this parameter only if you want to change the mode. Specify the type of the SDI source: SINGLE: The source is a single-link source. QUAD: The source is one part of a quad-link source." + } + }, + "documentation": "A request to update the SdiSource.", + "required": [ + "SdiSourceId" + ] + }, + "UpdateSdiSourceResponse": { + "type": "structure", + "members": { + "SdiSource": { + "shape": "SdiSource", + "locationName": "sdiSource", + "documentation": "Settings for the SDI source." + } + }, + "documentation": "Placeholder documentation for UpdateSdiSourceResponse" + }, + "__listOfSdiSourceSummary": { + "type": "list", + "member": { + "shape": "SdiSourceSummary" + }, + "documentation": "Placeholder documentation for __listOfSdiSourceSummary" + }, + "CmafIngestCaptionLanguageMapping": { + "type": "structure", + "members": { + "CaptionChannel": { + "shape": "__integerMin1Max4", + "locationName": "captionChannel", + "documentation": "A number for the channel for this caption, 1 to 4." + }, + "LanguageCode": { + "shape": "__stringMin3Max3", + "locationName": "languageCode", + "documentation": "Language code for the language of the caption in this channel. For example, ger/deu. See http://www.loc.gov/standards/iso639-2" + } + }, + "documentation": "Add an array item for each language. Follow the order of the caption descriptions. For example, if the first caption description is for German, then the first array item must be for German, and its caption channel must be set to 1. The second array item must be 2, and so on.", + "required": [ + "LanguageCode", + "CaptionChannel" + ] + }, + "CmafTimedMetadataId3Frame": { + "type": "string", + "documentation": "Cmaf Timed Metadata Id3 Frame", + "enum": [ + "NONE", + "PRIV", + "TDRL" + ] + }, + "CmafTimedMetadataPassthrough": { + "type": "string", + "documentation": "Cmaf Timed Metadata Passthrough", + "enum": [ + "DISABLED", + "ENABLED" + ] + }, + "__listOfCmafIngestCaptionLanguageMapping": { + "type": "list", + "member": { + "shape": "CmafIngestCaptionLanguageMapping" + }, + "documentation": "Placeholder documentation for __listOfCmafIngestCaptionLanguageMapping" + }, + "Av1RateControlMode": { + "type": "string", + "documentation": "Av1 Rate Control Mode", + "enum": [ + "CBR", + "QVBR" + ] + }, + "AdditionalDestinations": { + "type": "structure", + "members": { + "Destination": { + "shape": "OutputLocationRef", + "locationName": "destination", + "documentation": "The destination location" + } + }, + "documentation": "Additional output destinations for a CMAF Ingest output group", + "required": [ + "Destination" + ] + }, + "__listOfAdditionalDestinations": { + "type": "list", + "member": { + "shape": "AdditionalDestinations" + }, + "documentation": "Placeholder documentation for __listOfAdditionalDestinations" + }, + "BurnInDestinationSubtitleRows": { + "type": "string", + "documentation": "Burn In Destination Subtitle Rows", + "enum": [ + "ROWS_16", + "ROWS_20", + "ROWS_24" + ] + }, + "DvbSubDestinationSubtitleRows": { + "type": "string", + "documentation": "Dvb Sub Destination Subtitle Rows", + "enum": [ + "ROWS_16", + "ROWS_20", + "ROWS_24" + ] + }, + "HlsAutoSelect": { + "type": "string", + "documentation": "Hls Auto Select", + "enum": [ + "NO", + "OMIT", + "YES" + ] + }, + "HlsDefault": { + "type": "string", + "documentation": "Hls Default", + "enum": [ + "NO", + "OMIT", + "YES" + ] + }, + "MediaPackageV2DestinationSettings": { + "type": "structure", + "members": { + "AudioGroupId": { + "shape": "__string", + "locationName": "audioGroupId", + "documentation": "Applies only to an output that contains audio. If you want to put several audio encodes into one audio rendition group, decide on a name (ID) for the group. Then in every audio output that you want to belong to that group, enter that ID in this field. Note that this information is part of the HLS specification (not the CMAF specification), but if you include it then MediaPackage will include it in the manifest it creates for the video player." + }, + "AudioRenditionSets": { + "shape": "__string", + "locationName": "audioRenditionSets", + "documentation": "Applies only to an output that contains video, and only if you want to associate one or more audio groups to this video. In this field you assign the groups that you create (in the Group ID fields in the various audio outputs). Enter one group ID, or enter a comma-separated list of group IDs. Note that this information is part of the HLS specification (not the CMAF specification), but if you include it then MediaPackage will include it in the manifest it creates for the video player." + }, + "HlsAutoSelect": { + "shape": "HlsAutoSelect", + "locationName": "hlsAutoSelect", + "documentation": "Specifies whether MediaPackage should set this output as the auto-select rendition in the HLS manifest. YES means this must be the auto-select. NO means this should never be the auto-select. OMIT means MediaPackage decides what to set on this rendition.\nWhen you consider all the renditions, follow these guidelines. You can set zero or one renditions to YES. You can set zero or more renditions to NO, but you can't set all renditions to NO. You can set zero, some, or all to OMIT." + }, + "HlsDefault": { + "shape": "HlsDefault", + "locationName": "hlsDefault", + "documentation": "Specifies whether MediaPackage should set this output as the default rendition in the HLS manifest. YES means this must be the default. NO means this should never be the default. OMIT means MediaPackage decides what to set on this rendition.\nWhen you consider all the renditions, follow these guidelines. You can set zero or one renditions to YES. You can set zero or more renditions to NO, but you can't set all renditions to NO. You can set zero, some, or all to OMIT." + } + }, + "documentation": "Media Package V2 Destination Settings" + }, + "MediaPackageV2GroupSettings": { + "type": "structure", + "members": { + "CaptionLanguageMappings": { + "shape": "__listOfCaptionLanguageMapping", + "locationName": "captionLanguageMappings", + "documentation": "Mapping of up to 4 caption channels to caption languages." + }, + "Id3Behavior": { + "shape": "CmafId3Behavior", + "locationName": "id3Behavior", + "documentation": "Set to ENABLED to enable ID3 metadata insertion. To include metadata, you configure other parameters in the output group, or you add an ID3 action to the channel schedule." + }, + "KlvBehavior": { + "shape": "CmafKLVBehavior", + "locationName": "klvBehavior", + "documentation": "If set to passthrough, passes any KLV data from the input source to this output." + }, + "NielsenId3Behavior": { + "shape": "CmafNielsenId3Behavior", + "locationName": "nielsenId3Behavior", + "documentation": "If set to passthrough, Nielsen inaudible tones for media tracking will be detected in the input audio and an equivalent ID3 tag will be inserted in the output." + }, + "Scte35Type": { + "shape": "Scte35Type", + "locationName": "scte35Type", + "documentation": "Type of scte35 track to add. none or scte35WithoutSegmentation" + }, + "SegmentLength": { + "shape": "__integerMin1", + "locationName": "segmentLength", + "documentation": "The nominal duration of segments. The units are specified in SegmentLengthUnits. The segments will end on the next keyframe after the specified duration, so the actual segment length might be longer, and it might be a fraction of the units." + }, + "SegmentLengthUnits": { + "shape": "CmafIngestSegmentLengthUnits", + "locationName": "segmentLengthUnits", + "documentation": "Time unit for segment length parameter." + }, + "TimedMetadataId3Frame": { + "shape": "CmafTimedMetadataId3Frame", + "locationName": "timedMetadataId3Frame", + "documentation": "Set to none if you don't want to insert a timecode in the output. Otherwise choose the frame type for the timecode." + }, + "TimedMetadataId3Period": { + "shape": "__integerMin0Max10000", + "locationName": "timedMetadataId3Period", + "documentation": "If you set up to insert a timecode in the output, specify the frequency for the frame, in seconds." + }, + "TimedMetadataPassthrough": { + "shape": "CmafTimedMetadataPassthrough", + "locationName": "timedMetadataPassthrough", + "documentation": "Set to enabled to pass through ID3 metadata from the input sources." + } + }, + "documentation": "Media Package V2 Group Settings" + }, + "H265GopBReference": { + "type": "string", + "documentation": "H265 Gop BReference", + "enum": [ + "DISABLED", + "ENABLED" + ] + }, + "H265SubGopLength": { + "type": "string", + "documentation": "H265 Sub Gop Length", + "enum": [ + "DYNAMIC", + "FIXED" + ] + }, + "__integerMin0Max3": { + "type": "integer", + "min": 0, + "max": 3, + "documentation": "Placeholder documentation for __integerMin0Max3" + }, + "__integerMin0Max40000000": { + "type": "integer", + "min": 0, + "max": 40000000, + "documentation": "Placeholder documentation for __integerMin0Max40000000" + }, + "__integerMin0Max8000000": { + "type": "integer", + "min": 0, + "max": 8000000, + "documentation": "Placeholder documentation for __integerMin0Max8000000" + }, + "ChannelAlert": { + "type": "structure", + "members": { + "AlertType": { + "shape": "__string", + "locationName": "alertType", + "documentation": "The type of the alert" + }, + "ClearedTimestamp": { + "shape": "__timestampIso8601", + "locationName": "clearedTimestamp", + "documentation": "The time when the alert was cleared" + }, + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The unique ID for this alert instance" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The user facing alert message which can have more context" + }, + "PipelineId": { + "shape": "__string", + "locationName": "pipelineId", + "documentation": "The ID of the pipeline this alert is associated with" + }, + "SetTimestamp": { + "shape": "__timestampIso8601", + "locationName": "setTimestamp", + "documentation": "The time when the alert was set" + }, + "State": { + "shape": "ChannelAlertState", + "locationName": "state", + "documentation": "The state of the alert" + } + }, + "documentation": "An alert on a channel" + }, + "ChannelAlertState": { + "type": "string", + "documentation": "The possible states of a channel alert. SET - The alert is actively happening. CLEARED - The alert is no longer happening.", + "enum": [ + "SET", + "CLEARED" + ] + }, + "ClusterAlert": { + "type": "structure", + "members": { + "AlertType": { + "shape": "__string", + "locationName": "alertType", + "documentation": "The type of the alert" + }, + "ChannelId": { + "shape": "__string", + "locationName": "channelId", + "documentation": "The ID of the channel this alert is associated with" + }, + "ClearedTimestamp": { + "shape": "__timestampIso8601", + "locationName": "clearedTimestamp", + "documentation": "The time when the alert was cleared" + }, + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The further subtype of this alert" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The user facing alert message which can have more context" + }, + "NodeId": { + "shape": "__string", + "locationName": "nodeId", + "documentation": "The ID of the node this alert is associated with" + }, + "SetTimestamp": { + "shape": "__timestampIso8601", + "locationName": "setTimestamp", + "documentation": "The time when the alert was set" + }, + "State": { + "shape": "ClusterAlertState", + "locationName": "state", + "documentation": "The state of the alert" + } + }, + "documentation": "An alert on a cluster" + }, + "ClusterAlertState": { + "type": "string", + "documentation": "The possible states of a cluster alert. SET - The alert is actively happening. CLEARED - The alert is no longer happening.", + "enum": [ + "SET", + "CLEARED" + ] + }, + "ListAlertsRequest": { + "type": "structure", + "members": { + "ChannelId": { + "shape": "__string", + "location": "uri", + "locationName": "channelId", + "documentation": "The unique ID of the channel" + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of items to return" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next pagination token" + }, + "StateFilter": { + "shape": "__string", + "location": "querystring", + "locationName": "stateFilter", + "documentation": "Specifies the set of alerts to return based on their state. SET - Return only alerts with SET state. CLEARED - Return only alerts with CLEARED state. ALL - Return all alerts." + } + }, + "required": [ + "ChannelId" + ], + "documentation": "Placeholder documentation for ListAlertsRequest" + }, + "ListAlertsResponse": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfChannelAlert", + "locationName": "alerts", + "documentation": "The alerts found for this channel" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "Placeholder documentation for ListAlertsResponse" + }, + "ListAlertsResultModel": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfChannelAlert", + "locationName": "alerts", + "documentation": "The alerts found for this channel" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "The result of a successful ListAlerts request" + }, + "ListClusterAlertsRequest": { + "type": "structure", + "members": { + "ClusterId": { + "shape": "__string", + "location": "uri", + "locationName": "clusterId", + "documentation": "The unique ID of the cluster" + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of items to return" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next pagination token" + }, + "StateFilter": { + "shape": "__string", + "location": "querystring", + "locationName": "stateFilter", + "documentation": "Specifies the set of alerts to return based on their state. SET - Return only alerts with SET state. CLEARED - Return only alerts with CLEARED state. ALL - Return all alerts." + } + }, + "required": [ + "ClusterId" + ], + "documentation": "Placeholder documentation for ListClusterAlertsRequest" + }, + "ListClusterAlertsResponse": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfClusterAlert", + "locationName": "alerts", + "documentation": "The alerts found for this cluster" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "Placeholder documentation for ListClusterAlertsResponse" + }, + "ListClusterAlertsResultModel": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfClusterAlert", + "locationName": "alerts", + "documentation": "The alerts found for this cluster" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "The result of a successful ListClusterAlerts request" + }, + "ListMultiplexAlertsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of items to return" + }, + "MultiplexId": { + "shape": "__string", + "location": "uri", + "locationName": "multiplexId", + "documentation": "The unique ID of the multiplex" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next pagination token" + }, + "StateFilter": { + "shape": "__string", + "location": "querystring", + "locationName": "stateFilter", + "documentation": "Specifies the set of alerts to return based on their state. SET - Return only alerts with SET state. CLEARED - Return only alerts with CLEARED state. ALL - Return all alerts." + } + }, + "required": [ + "MultiplexId" + ], + "documentation": "Placeholder documentation for ListMultiplexAlertsRequest" + }, + "ListMultiplexAlertsResponse": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfMultiplexAlert", + "locationName": "alerts", + "documentation": "The alerts found for this multiplex" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "Placeholder documentation for ListMultiplexAlertsResponse" + }, + "ListMultiplexAlertsResultModel": { + "type": "structure", + "members": { + "Alerts": { + "shape": "__listOfMultiplexAlert", + "locationName": "alerts", + "documentation": "The alerts found for this multiplex" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "The token to use to retrieve the next page of results" + } + }, + "documentation": "The result of a successful ListMultiplexAlerts request." + }, + "MultiplexAlert": { + "type": "structure", + "members": { + "AlertType": { + "shape": "__string", + "locationName": "alertType", + "documentation": "The type of the alert" + }, + "ClearedTimestamp": { + "shape": "__timestampIso8601", + "locationName": "clearedTimestamp", + "documentation": "The time when the alert was cleared" + }, + "Id": { + "shape": "__string", + "locationName": "id", + "documentation": "The unique ID for this alert instance" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The user facing alert message which can have more context" + }, + "PipelineId": { + "shape": "__string", + "locationName": "pipelineId", + "documentation": "The ID of the pipeline this alert is associated with" + }, + "SetTimestamp": { + "shape": "__timestampIso8601", + "locationName": "setTimestamp", + "documentation": "The time when the alert was set" + }, + "State": { + "shape": "MultiplexAlertState", + "locationName": "state", + "documentation": "The state of the alert" + } + }, + "documentation": "An alert on a multiplex" + }, + "MultiplexAlertState": { + "type": "string", + "documentation": "The possible states of a multiplex alert. SET - The alert is actively happening. CLEARED - The alert is no longer happening.", + "enum": [ + "SET", + "CLEARED" + ] + }, + "__listOfChannelAlert": { + "type": "list", + "member": { + "shape": "ChannelAlert" + }, + "documentation": "Placeholder documentation for __listOfChannelAlert" + }, + "__listOfClusterAlert": { + "type": "list", + "member": { + "shape": "ClusterAlert" + }, + "documentation": "Placeholder documentation for __listOfClusterAlert" + }, + "__listOfMultiplexAlert": { + "type": "list", + "member": { + "shape": "MultiplexAlert" + }, + "documentation": "Placeholder documentation for __listOfMultiplexAlert" } }, "documentation": "API for AWS Elemental MediaLive" diff -pruN 2.23.6-1/awscli/botocore/data/mediapackage/2017-10-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediapackage/2017-10-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediapackage/2017-10-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackage/2017-10-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mediapackage/2017-10-12/service-2.json 2.31.35-1/awscli/botocore/data/mediapackage/2017-10-12/service-2.json --- 2.23.6-1/awscli/botocore/data/mediapackage/2017-10-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackage/2017-10-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,10 @@ "serviceId": "MediaPackage", "signatureVersion": "v4", "signingName": "mediapackage", - "uid": "mediapackage-2017-10-12" + "uid": "mediapackage-2017-10-12", + "auth": [ + "aws.auth#sigv4" + ] }, "operations": { "ConfigureLogs": { diff -pruN 2.23.6-1/awscli/botocore/data/mediapackage-vod/2018-11-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediapackage-vod/2018-11-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediapackage-vod/2018-11-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackage-vod/2018-11-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/mediapackage-vod/2018-11-07/service-2.json 2.31.35-1/awscli/botocore/data/mediapackage-vod/2018-11-07/service-2.json --- 2.23.6-1/awscli/botocore/data/mediapackage-vod/2018-11-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackage-vod/2018-11-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,10 @@ "serviceId": "MediaPackage Vod", "signatureVersion": "v4", "signingName": "mediapackage-vod", - "uid": "mediapackage-vod-2018-11-07" + "uid": "mediapackage-vod-2018-11-07", + "auth": [ + "aws.auth#sigv4" + ] }, "operations": { "ConfigureLogs": { diff -pruN 2.23.6-1/awscli/botocore/data/mediapackagev2/2022-12-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediapackagev2/2022-12-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediapackagev2/2022-12-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackagev2/2022-12-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json 2.31.35-1/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json --- 2.23.6-1/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,10 +24,10 @@ "input":{"shape":"CancelHarvestJobRequest"}, "output":{"shape":"CancelHarvestJobResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -44,10 +44,10 @@ "input":{"shape":"CreateChannelRequest"}, "output":{"shape":"CreateChannelResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} @@ -65,10 +65,10 @@ "input":{"shape":"CreateChannelGroupRequest"}, "output":{"shape":"CreateChannelGroupResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} @@ -86,10 +86,10 @@ "input":{"shape":"CreateHarvestJobRequest"}, "output":{"shape":"CreateHarvestJobResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} @@ -107,10 +107,10 @@ "input":{"shape":"CreateOriginEndpointRequest"}, "output":{"shape":"CreateOriginEndpointResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} @@ -128,10 +128,10 @@ "input":{"shape":"DeleteChannelRequest"}, "output":{"shape":"DeleteChannelResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], "documentation":"

    Delete a channel to stop AWS Elemental MediaPackage from receiving further content. You must delete the channel's origin endpoints before you can delete the channel.

    ", @@ -147,10 +147,10 @@ "input":{"shape":"DeleteChannelGroupRequest"}, "output":{"shape":"DeleteChannelGroupResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], "documentation":"

    Delete a channel group. You must delete the channel group's channels and origin endpoints before you can delete the channel group. If you delete a channel group, you'll lose access to the egress domain and will have to create a new channel group to replace it.

    ", @@ -166,10 +166,10 @@ "input":{"shape":"DeleteChannelPolicyRequest"}, "output":{"shape":"DeleteChannelPolicyResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], "documentation":"

    Delete a channel policy.

    ", @@ -186,8 +186,8 @@ "output":{"shape":"DeleteOriginEndpointResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], "documentation":"

    Origin endpoints can serve content until they're deleted. Delete the endpoint if it should no longer respond to playback requests. You must delete all endpoints from a channel before you can delete the channel.

    ", @@ -203,10 +203,10 @@ "input":{"shape":"DeleteOriginEndpointPolicyRequest"}, "output":{"shape":"DeleteOriginEndpointPolicyResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], "documentation":"

    Delete an origin endpoint policy.

    ", @@ -223,12 +223,12 @@ "output":{"shape":"GetChannelResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves the specified channel that's configured in AWS Elemental MediaPackage, including the origin endpoints that are associated with it.

    " + "documentation":"

    Retrieves the specified channel that's configured in AWS Elemental MediaPackage.

    " }, "GetChannelGroup":{ "name":"GetChannelGroup", @@ -241,12 +241,12 @@ "output":{"shape":"GetChannelGroupResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves the specified channel group that's configured in AWS Elemental MediaPackage, including the channels and origin endpoints that are associated with it.

    " + "documentation":"

    Retrieves the specified channel group that's configured in AWS Elemental MediaPackage.

    " }, "GetChannelPolicy":{ "name":"GetChannelPolicy", @@ -259,8 +259,8 @@ "output":{"shape":"GetChannelPolicyResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -277,8 +277,8 @@ "output":{"shape":"GetHarvestJobResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -295,8 +295,8 @@ "output":{"shape":"GetOriginEndpointResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -313,8 +313,8 @@ "output":{"shape":"GetOriginEndpointPolicyResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -331,11 +331,11 @@ "output":{"shape":"ListChannelGroupsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves all channel groups that are configured in AWS Elemental MediaPackage, including the channels and origin endpoints that are associated with it.

    " + "documentation":"

    Retrieves all channel groups that are configured in Elemental MediaPackage.

    " }, "ListChannels":{ "name":"ListChannels", @@ -348,12 +348,12 @@ "output":{"shape":"ListChannelsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves all channels in a specific channel group that are configured in AWS Elemental MediaPackage, including the origin endpoints that are associated with it.

    " + "documentation":"

    Retrieves all channels in a specific channel group that are configured in AWS Elemental MediaPackage.

    " }, "ListHarvestJobs":{ "name":"ListHarvestJobs", @@ -366,8 +366,8 @@ "output":{"shape":"ListHarvestJobsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -384,8 +384,8 @@ "output":{"shape":"ListOriginEndpointsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -415,10 +415,10 @@ "input":{"shape":"PutChannelPolicyRequest"}, "output":{"shape":"PutChannelPolicyResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -435,14 +435,54 @@ "input":{"shape":"PutOriginEndpointPolicyRequest"}, "output":{"shape":"PutOriginEndpointPolicyResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Attaches an IAM policy to the specified origin endpoint. You can attach only one policy with each request.

    ", + "idempotent":true + }, + "ResetChannelState":{ + "name":"ResetChannelState", + "http":{ + "method":"POST", + "requestUri":"/channelGroup/{ChannelGroupName}/channel/{ChannelName}/reset", + "responseCode":200 + }, + "input":{"shape":"ResetChannelStateRequest"}, + "output":{"shape":"ResetChannelStateResponse"}, + "errors":[ {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Resetting the channel can help to clear errors from misconfigurations in the encoder. A reset refreshes the ingest stream and removes previous content.

    Be sure to stop the encoder before you reset the channel, and wait at least 30 seconds before you restart the encoder.

    ", + "idempotent":true + }, + "ResetOriginEndpointState":{ + "name":"ResetOriginEndpointState", + "http":{ + "method":"POST", + "requestUri":"/channelGroup/{ChannelGroupName}/channel/{ChannelName}/originEndpoint/{OriginEndpointName}/reset", + "responseCode":200 + }, + "input":{"shape":"ResetOriginEndpointStateRequest"}, + "output":{"shape":"ResetOriginEndpointStateResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Attaches an IAM policy to the specified origin endpoint. You can attach only one policy with each request.

    ", + "documentation":"

    Resetting the origin endpoint can help to resolve unexpected behavior and other content packaging issues. It also helps to preserve special events when you don't want the previous content to be available for viewing. A reset clears out all previous content from the origin endpoint.

    MediaPackage might return old content from this endpoint in the first 30 seconds after the endpoint reset. For best results, when possible, wait 30 seconds from endpoint reset to send playback requests to this endpoint.

    ", "idempotent":true }, "TagResource":{ @@ -482,10 +522,10 @@ "input":{"shape":"UpdateChannelRequest"}, "output":{"shape":"UpdateChannelResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -502,10 +542,10 @@ "input":{"shape":"UpdateChannelGroupRequest"}, "output":{"shape":"UpdateChannelGroupResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], @@ -522,10 +562,10 @@ "input":{"shape":"UpdateOriginEndpointRequest"}, "output":{"shape":"UpdateOriginEndpointResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} @@ -540,7 +580,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.

    ", + "documentation":"

    Access is denied because either you don't have permissions to perform the requested operation or MediaPackage is getting throttling errors with CDN authorization. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide. Or, if you're using CDN authorization, you will receive this exception if MediaPackage receives a throttling error from Secrets Manager.

    ", "error":{ "httpStatusCode":403, "senderFault":true @@ -556,7 +596,10 @@ }, "AdMarkerHls":{ "type":"string", - "enum":["DATERANGE"] + "enum":[ + "DATERANGE", + "SCTE35_ENHANCED" + ] }, "Boolean":{ "type":"boolean", @@ -605,8 +648,40 @@ }, "CancelHarvestJobResponse":{ "type":"structure", + "members":{} + }, + "CdnAuthConfiguration":{ + "type":"structure", + "required":[ + "CdnIdentifierSecretArns", + "SecretsRoleArn" + ], "members":{ - } + "CdnIdentifierSecretArns":{ + "shape":"CdnAuthConfigurationCdnIdentifierSecretArnsList", + "documentation":"

    The ARN for the secret in Secrets Manager that your CDN uses for authorization to access the endpoint.

    " + }, + "SecretsRoleArn":{ + "shape":"CdnAuthConfigurationSecretsRoleArnString", + "documentation":"

    The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and KMS for CDN authorization.

    " + } + }, + "documentation":"

    The settings to enable CDN authorization headers in MediaPackage.

    " + }, + "CdnAuthConfigurationCdnIdentifierSecretArnsList":{ + "type":"list", + "member":{"shape":"CdnIdentifierSecretArn"}, + "min":1 + }, + "CdnAuthConfigurationSecretsRoleArnString":{ + "type":"string", + "max":2048, + "min":20 + }, + "CdnIdentifierSecretArn":{ + "type":"string", + "max":2048, + "min":20 }, "ChannelGroupListConfiguration":{ "type":"structure", @@ -725,7 +800,8 @@ "type":"string", "enum":[ "TS", - "CMAF" + "CMAF", + "ISM" ] }, "CreateChannelGroupRequest":{ @@ -946,6 +1022,30 @@ "UtcTiming":{ "shape":"DashUtcTiming", "documentation":"

    Determines the type of UTC timing included in the DASH Media Presentation Description (MPD).

    " + }, + "Profiles":{ + "shape":"DashProfiles", + "documentation":"

    The profile that the output is compliant with.

    " + }, + "BaseUrls":{ + "shape":"DashBaseUrls", + "documentation":"

    The base URLs to use for retrieving segments.

    " + }, + "ProgramInformation":{ + "shape":"DashProgramInformation", + "documentation":"

    Details about the content that you want MediaPackage to pass through in the manifest to the playback device.

    " + }, + "DvbSettings":{ + "shape":"DashDvbSettings", + "documentation":"

    For endpoints that use the DVB-DASH profile only. The font download and error reporting information that you want MediaPackage to pass through to the manifest.

    " + }, + "Compactness":{ + "shape":"DashCompactness", + "documentation":"

    The layout of the DASH manifest that MediaPackage produces. STANDARD indicates a default manifest, which is compacted. NONE indicates a full manifest.

    For information about compactness, see DASH manifest compactness in the Elemental MediaPackage v2 User Guide.

    " + }, + "SubtitleConfiguration":{ + "shape":"DashSubtitleConfiguration", + "documentation":"

    The configuration for DASH subtitles.

    " } }, "documentation":"

    Create a DASH manifest configuration.

    " @@ -1141,7 +1241,11 @@ "shape":"CreateHlsManifestConfigurationProgramDateTimeIntervalSecondsInteger", "documentation":"

    Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.

    Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

    " }, - "FilterConfiguration":{"shape":"FilterConfiguration"} + "FilterConfiguration":{"shape":"FilterConfiguration"}, + "UrlEncodeChildManifest":{ + "shape":"Boolean", + "documentation":"

    When enabled, MediaPackage URL-encodes the query string for API requests for HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol. For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

    " + } }, "documentation":"

    Create an HTTP live streaming (HLS) manifest configuration.

    " }, @@ -1182,7 +1286,11 @@ "shape":"CreateLowLatencyHlsManifestConfigurationProgramDateTimeIntervalSecondsInteger", "documentation":"

    Inserts EXT-X-PROGRAM-DATE-TIME tags in the output manifest at the interval that you specify. If you don't enter an interval, EXT-X-PROGRAM-DATE-TIME tags aren't included in the manifest. The tags sync the stream to the wall clock so that viewers can seek to a specific time in the playback timeline on the player.

    Irrespective of this parameter, if any ID3Timed metadata is in the HLS input, it is passed through to the HLS output.

    " }, - "FilterConfiguration":{"shape":"FilterConfiguration"} + "FilterConfiguration":{"shape":"FilterConfiguration"}, + "UrlEncodeChildManifest":{ + "shape":"Boolean", + "documentation":"

    When enabled, MediaPackage URL-encodes the query string for API requests for LL-HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol. For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

    " + } }, "documentation":"

    Create a low-latency HTTP live streaming (HLS) manifest configuration.

    " }, @@ -1201,6 +1309,35 @@ "type":"list", "member":{"shape":"CreateLowLatencyHlsManifestConfiguration"} }, + "CreateMssManifestConfiguration":{ + "type":"structure", + "required":["ManifestName"], + "members":{ + "ManifestName":{ + "shape":"ManifestName", + "documentation":"

    A short string that's appended to the endpoint URL to create a unique path to this MSS manifest. The manifest name must be unique within the origin endpoint and can contain letters, numbers, hyphens, and underscores.

    " + }, + "ManifestWindowSeconds":{ + "shape":"CreateMssManifestConfigurationManifestWindowSecondsInteger", + "documentation":"

    The total duration (in seconds) of the manifest window. This determines how much content is available in the manifest at any given time. The manifest window slides forward as new segments become available, maintaining a consistent duration of content. The minimum value is 30 seconds.

    " + }, + "FilterConfiguration":{"shape":"FilterConfiguration"}, + "ManifestLayout":{ + "shape":"MssManifestLayout", + "documentation":"

    Determines the layout format of the MSS manifest. This controls how the manifest is structured and presented to client players, affecting compatibility with different MSS-compatible devices and applications.

    " + } + }, + "documentation":"

    Configuration parameters for creating a Microsoft Smooth Streaming (MSS) manifest. MSS is a streaming media format developed by Microsoft that delivers adaptive bitrate streaming content to compatible players and devices.

    " + }, + "CreateMssManifestConfigurationManifestWindowSecondsInteger":{ + "type":"integer", + "box":true, + "min":30 + }, + "CreateMssManifests":{ + "type":"list", + "member":{"shape":"CreateMssManifestConfiguration"} + }, "CreateOriginEndpointRequest":{ "type":"structure", "required":[ @@ -1261,6 +1398,10 @@ "shape":"CreateDashManifests", "documentation":"

    A DASH manifest configuration.

    " }, + "MssManifests":{ + "shape":"CreateMssManifests", + "documentation":"

    A list of Microsoft Smooth Streaming (MSS) manifest configurations for the origin endpoint. You can configure multiple MSS manifests to provide different streaming experiences or to support different client requirements.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -1342,6 +1483,10 @@ "shape":"GetDashManifests", "documentation":"

    A DASH manifest configuration.

    " }, + "MssManifests":{ + "shape":"GetMssManifests", + "documentation":"

    The Microsoft Smooth Streaming (MSS) manifest configurations that were created for this origin endpoint.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -1356,6 +1501,64 @@ } } }, + "DashBaseUrl":{ + "type":"structure", + "required":["Url"], + "members":{ + "Url":{ + "shape":"DashBaseUrlUrlString", + "documentation":"

    A source location for segments.

    " + }, + "ServiceLocation":{ + "shape":"DashBaseUrlServiceLocationString", + "documentation":"

    The name of the source location.

    " + }, + "DvbPriority":{ + "shape":"DashBaseUrlDvbPriorityInteger", + "documentation":"

    For use with DVB-DASH profiles only. The priority of this location for servings segments. The lower the number, the higher the priority.

    " + }, + "DvbWeight":{ + "shape":"DashBaseUrlDvbWeightInteger", + "documentation":"

    For use with DVB-DASH profiles only. The weighting for source locations that have the same priority.

    " + } + }, + "documentation":"

    The base URLs to use for retrieving segments. You can specify multiple locations and indicate the priority and weight for when each should be used, for use in mutli-CDN workflows.

    " + }, + "DashBaseUrlDvbPriorityInteger":{ + "type":"integer", + "box":true, + "max":15000, + "min":1 + }, + "DashBaseUrlDvbWeightInteger":{ + "type":"integer", + "box":true, + "max":15000, + "min":1 + }, + "DashBaseUrlServiceLocationString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashBaseUrlUrlString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashBaseUrls":{ + "type":"list", + "member":{"shape":"DashBaseUrl"}, + "max":20, + "min":0 + }, + "DashCompactness":{ + "type":"string", + "enum":[ + "STANDARD", + "NONE" + ] + }, "DashDrmSignaling":{ "type":"string", "enum":[ @@ -1363,6 +1566,86 @@ "REFERENCED" ] }, + "DashDvbErrorMetrics":{ + "type":"list", + "member":{"shape":"DashDvbMetricsReporting"}, + "max":20, + "min":0 + }, + "DashDvbFontDownload":{ + "type":"structure", + "members":{ + "Url":{ + "shape":"DashDvbFontDownloadUrlString", + "documentation":"

    The URL for downloading fonts for subtitles.

    " + }, + "MimeType":{ + "shape":"DashDvbFontDownloadMimeTypeString", + "documentation":"

    The mimeType of the resource that's at the font download URL.

    For information about font MIME types, see the MPEG-DASH Profile for Transport of ISO BMFF Based DVB Services over IP Based Networks document.

    " + }, + "FontFamily":{ + "shape":"DashDvbFontDownloadFontFamilyString", + "documentation":"

    The fontFamily name for subtitles, as described in EBU-TT-D Subtitling Distribution Format.

    " + } + }, + "documentation":"

    For use with DVB-DASH profiles only. The settings for font downloads that you want Elemental MediaPackage to pass through to the manifest.

    " + }, + "DashDvbFontDownloadFontFamilyString":{ + "type":"string", + "max":256, + "min":1 + }, + "DashDvbFontDownloadMimeTypeString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_/-]*[a-zA-Z0-9]" + }, + "DashDvbFontDownloadUrlString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashDvbMetricsReporting":{ + "type":"structure", + "required":["ReportingUrl"], + "members":{ + "ReportingUrl":{ + "shape":"DashDvbMetricsReportingReportingUrlString", + "documentation":"

    The URL where playback devices send error reports.

    " + }, + "Probability":{ + "shape":"DashDvbMetricsReportingProbabilityInteger", + "documentation":"

    The number of playback devices per 1000 that will send error reports to the reporting URL. This represents the probability that a playback device will be a reporting player for this session.

    " + } + }, + "documentation":"

    For use with DVB-DASH profiles only. The settings for error reporting from the playback device that you want Elemental MediaPackage to pass through to the manifest.

    " + }, + "DashDvbMetricsReportingProbabilityInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "DashDvbMetricsReportingReportingUrlString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashDvbSettings":{ + "type":"structure", + "members":{ + "FontDownload":{ + "shape":"DashDvbFontDownload", + "documentation":"

    Subtitle font settings.

    " + }, + "ErrorMetrics":{ + "shape":"DashDvbErrorMetrics", + "documentation":"

    Playback device error reporting settings.

    " + } + }, + "documentation":"

    For endpoints that use the DVB-DASH profile only. The font download and error reporting information that you want MediaPackage to pass through to the manifest.

    " + }, "DashPeriodTrigger":{ "type":"string", "enum":[ @@ -1379,10 +1662,100 @@ "max":100, "min":0 }, + "DashProfile":{ + "type":"string", + "enum":["DVB_DASH"] + }, + "DashProfiles":{ + "type":"list", + "member":{"shape":"DashProfile"}, + "max":5, + "min":0 + }, + "DashProgramInformation":{ + "type":"structure", + "members":{ + "Title":{ + "shape":"DashProgramInformationTitleString", + "documentation":"

    The title for the manifest.

    " + }, + "Source":{ + "shape":"DashProgramInformationSourceString", + "documentation":"

    Information about the content provider.

    " + }, + "Copyright":{ + "shape":"DashProgramInformationCopyrightString", + "documentation":"

    A copyright statement about the content.

    " + }, + "LanguageCode":{ + "shape":"DashProgramInformationLanguageCodeString", + "documentation":"

    The language code for this manifest.

    " + }, + "MoreInformationUrl":{ + "shape":"DashProgramInformationMoreInformationUrlString", + "documentation":"

    An absolute URL that contains more information about this content.

    " + } + }, + "documentation":"

    Details about the content that you want MediaPackage to pass through in the manifest to the playback device.

    " + }, + "DashProgramInformationCopyrightString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashProgramInformationLanguageCodeString":{ + "type":"string", + "max":5, + "min":2, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]" + }, + "DashProgramInformationMoreInformationUrlString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashProgramInformationSourceString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DashProgramInformationTitleString":{ + "type":"string", + "max":2048, + "min":1 + }, "DashSegmentTemplateFormat":{ "type":"string", "enum":["NUMBER_WITH_TIMELINE"] }, + "DashSubtitleConfiguration":{ + "type":"structure", + "members":{ + "TtmlConfiguration":{ + "shape":"DashTtmlConfiguration", + "documentation":"

    Settings for TTML subtitles.

    " + } + }, + "documentation":"

    The configuration for DASH subtitles.

    " + }, + "DashTtmlConfiguration":{ + "type":"structure", + "required":["TtmlProfile"], + "members":{ + "TtmlProfile":{ + "shape":"DashTtmlProfile", + "documentation":"

    The profile that MediaPackage uses when signaling subtitles in the manifest. IMSC is the default profile. EBU-TT-D produces subtitles that are compliant with the EBU-TT-D TTML profile. MediaPackage passes through subtitle styles to the manifest. For more information about EBU-TT-D subtitles, see EBU-TT-D Subtitling Distribution Format.

    " + } + }, + "documentation":"

    The settings for TTML subtitles.

    " + }, + "DashTtmlProfile":{ + "type":"string", + "enum":[ + "IMSC_1", + "EBU_TT_D_101" + ] + }, "DashUtcTiming":{ "type":"structure", "members":{ @@ -1425,8 +1798,7 @@ }, "DeleteChannelGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChannelPolicyRequest":{ "type":"structure", @@ -1451,8 +1823,7 @@ }, "DeleteChannelPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChannelRequest":{ "type":"structure", @@ -1477,8 +1848,7 @@ }, "DeleteChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOriginEndpointPolicyRequest":{ "type":"structure", @@ -1510,8 +1880,7 @@ }, "DeleteOriginEndpointPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOriginEndpointRequest":{ "type":"structure", @@ -1543,8 +1912,7 @@ }, "DeleteOriginEndpointResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Destination":{ "type":"structure", @@ -1586,6 +1954,10 @@ "shape":"EncryptionKeyRotationIntervalSecondsInteger", "documentation":"

    The frequency (in seconds) of key changes for live workflows, in which content is streamed real time. The service retrieves content keys before the live content begins streaming, and then retrieves them as needed over the lifetime of the workflow. By default, key rotation is set to 300 seconds (5 minutes), the minimum rotation interval, which is equivalent to setting it to 300. If you don't enter an interval, content keys aren't rotated.

    The following example setting causes the service to rotate keys every thirty minutes: 1800

    " }, + "CmafExcludeSegmentDrmMetadata":{ + "shape":"Boolean", + "documentation":"

    Excludes SEIG and SGPD boxes from segment metadata in CMAF containers.

    When set to true, MediaPackage omits these DRM metadata boxes from CMAF segments, which can improve compatibility with certain devices and players that don't support these boxes.

    Important considerations:

    • This setting only affects CMAF container formats

    • Key rotation can still be handled through media playlist signaling

    • PSSH and TENC boxes remain unaffected

    • Default behavior is preserved when this setting is disabled

    Valid values: true | false

    Default: false

    " + }, "SpekeKeyProvider":{ "shape":"SpekeKeyProvider", "documentation":"

    The parameters for the SPEKE key provider.

    " @@ -1633,6 +2005,10 @@ "CmafEncryptionMethod":{ "shape":"CmafEncryptionMethod", "documentation":"

    The encryption method to use.

    " + }, + "IsmEncryptionMethod":{ + "shape":"IsmEncryptionMethod", + "documentation":"

    The encryption method used for Microsoft Smooth Streaming (MSS) content. This specifies how the MSS segments are encrypted to protect the content during delivery to client players.

    " } }, "documentation":"

    The encryption type.

    " @@ -1858,6 +2234,10 @@ "shape":"Timestamp", "documentation":"

    The date and time the channel was modified.

    " }, + "ResetAt":{ + "shape":"Timestamp", + "documentation":"

    The time that the channel was last reset.

    " + }, "Description":{ "shape":"ResourceDescription", "documentation":"

    The description for your channel.

    " @@ -1936,6 +2316,30 @@ "UtcTiming":{ "shape":"DashUtcTiming", "documentation":"

    Determines the type of UTC timing included in the DASH Media Presentation Description (MPD).

    " + }, + "Profiles":{ + "shape":"DashProfiles", + "documentation":"

    The profile that the output is compliant with.

    " + }, + "BaseUrls":{ + "shape":"DashBaseUrls", + "documentation":"

    The base URL to use for retrieving segments.

    " + }, + "ProgramInformation":{ + "shape":"DashProgramInformation", + "documentation":"

    Details about the content that you want MediaPackage to pass through in the manifest to the playback device.

    " + }, + "DvbSettings":{ + "shape":"DashDvbSettings", + "documentation":"

    For endpoints that use the DVB-DASH profile only. The font download and error reporting information that you want MediaPackage to pass through to the manifest.

    " + }, + "Compactness":{ + "shape":"DashCompactness", + "documentation":"

    The layout of the DASH manifest that MediaPackage produces. STANDARD indicates a default manifest, which is compacted. NONE indicates a full manifest.

    " + }, + "SubtitleConfiguration":{ + "shape":"DashSubtitleConfiguration", + "documentation":"

    The configuration for DASH subtitles.

    " } }, "documentation":"

    Retrieve the DASH manifest configuration.

    " @@ -2088,7 +2492,11 @@ }, "ScteHls":{"shape":"ScteHls"}, "FilterConfiguration":{"shape":"FilterConfiguration"}, - "StartTag":{"shape":"StartTag"} + "StartTag":{"shape":"StartTag"}, + "UrlEncodeChildManifest":{ + "shape":"Boolean", + "documentation":"

    When enabled, MediaPackage URL-encodes the query string for API requests for HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol. For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

    " + } }, "documentation":"

    Retrieve the HTTP live streaming (HLS) manifest configuration.

    " }, @@ -2125,7 +2533,11 @@ }, "ScteHls":{"shape":"ScteHls"}, "FilterConfiguration":{"shape":"FilterConfiguration"}, - "StartTag":{"shape":"StartTag"} + "StartTag":{"shape":"StartTag"}, + "UrlEncodeChildManifest":{ + "shape":"Boolean", + "documentation":"

    When enabled, MediaPackage URL-encodes the query string for API requests for LL-HLS child manifests to comply with Amazon Web Services Signature Version 4 (SigV4) signature signing protocol. For more information, see Amazon Web Services Signature Version 4 for API requests in Identity and Access Management User Guide.

    " + } }, "documentation":"

    Retrieve the low-latency HTTP live streaming (HLS) manifest configuration.

    " }, @@ -2133,6 +2545,37 @@ "type":"list", "member":{"shape":"GetLowLatencyHlsManifestConfiguration"} }, + "GetMssManifestConfiguration":{ + "type":"structure", + "required":[ + "ManifestName", + "Url" + ], + "members":{ + "ManifestName":{ + "shape":"ManifestName", + "documentation":"

    The name of the MSS manifest. This name is appended to the origin endpoint URL to create the unique path for accessing this specific MSS manifest.

    " + }, + "Url":{ + "shape":"String", + "documentation":"

    The complete URL for accessing the MSS manifest. Client players use this URL to retrieve the manifest and begin streaming the Microsoft Smooth Streaming content.

    " + }, + "FilterConfiguration":{"shape":"FilterConfiguration"}, + "ManifestWindowSeconds":{ + "shape":"Integer", + "documentation":"

    The duration (in seconds) of the manifest window. This represents the total amount of content available in the manifest at any given time.

    " + }, + "ManifestLayout":{ + "shape":"MssManifestLayout", + "documentation":"

    The layout format of the MSS manifest, which determines how the manifest is structured for client compatibility.

    " + } + }, + "documentation":"

    Configuration details for a Microsoft Smooth Streaming (MSS) manifest associated with an origin endpoint. This includes all the settings and properties that define how the MSS content is packaged and delivered.

    " + }, + "GetMssManifests":{ + "type":"list", + "member":{"shape":"GetMssManifestConfiguration"} + }, "GetOriginEndpointPolicyRequest":{ "type":"structure", "required":[ @@ -2185,6 +2628,10 @@ "Policy":{ "shape":"PolicyText", "documentation":"

    The policy assigned to the origin endpoint.

    " + }, + "CdnAuthConfiguration":{ + "shape":"CdnAuthConfiguration", + "documentation":"

    The settings for using authorization headers between the MediaPackage endpoint and your CDN.

    For information about CDN authorization, see CDN authorization in Elemental MediaPackage in the MediaPackage user guide.

    " } } }, @@ -2258,6 +2705,10 @@ "shape":"Timestamp", "documentation":"

    The date and time the origin endpoint was modified.

    " }, + "ResetAt":{ + "shape":"Timestamp", + "documentation":"

    The time that the origin endpoint was last reset.

    " + }, "Description":{ "shape":"ResourceDescription", "documentation":"

    The description for your origin endpoint.

    " @@ -2278,6 +2729,10 @@ "shape":"GetDashManifests", "documentation":"

    A DASH manifest configuration.

    " }, + "MssManifests":{ + "shape":"GetMssManifests", + "documentation":"

    The Microsoft Smooth Streaming (MSS) manifest configurations associated with this origin endpoint.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -2493,10 +2948,20 @@ "MQCSInputSwitching":{ "shape":"Boolean", "documentation":"

    When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is true. This setting is valid only when InputType is CMAF.

    " + }, + "PreferredInput":{ + "shape":"InputSwitchConfigurationPreferredInputInteger", + "documentation":"

    For CMAF inputs, indicates which input MediaPackage should prefer when both inputs have equal MQCS scores. Select 1 to prefer the first ingest endpoint, or 2 to prefer the second ingest endpoint. If you don't specify a preferred input, MediaPackage uses its default switching behavior when MQCS scores are equal.

    " } }, "documentation":"

    The configuration for input switching based on the media quality confidence score (MQCS) as provided from AWS Elemental MediaLive.

    " }, + "InputSwitchConfigurationPreferredInputInteger":{ + "type":"integer", + "box":true, + "max":2, + "min":1 + }, "InputType":{ "type":"string", "enum":[ @@ -2518,6 +2983,10 @@ "exception":true, "fault":true }, + "IsmEncryptionMethod":{ + "type":"string", + "enum":["CENC"] + }, "ListChannelGroupsRequest":{ "type":"structure", "members":{ @@ -2725,6 +3194,25 @@ "type":"list", "member":{"shape":"ListLowLatencyHlsManifestConfiguration"} }, + "ListMssManifestConfiguration":{ + "type":"structure", + "required":["ManifestName"], + "members":{ + "ManifestName":{ + "shape":"ResourceName", + "documentation":"

    The name of the MSS manifest configuration.

    " + }, + "Url":{ + "shape":"String", + "documentation":"

    The URL for accessing the MSS manifest.

    " + } + }, + "documentation":"

    Summary information about a Microsoft Smooth Streaming (MSS) manifest configuration. This provides key details about the MSS manifest without including all configuration parameters.

    " + }, + "ListMssManifests":{ + "type":"list", + "member":{"shape":"ListMssManifestConfiguration"} + }, "ListOriginEndpointsRequest":{ "type":"structure", "required":[ @@ -2805,6 +3293,13 @@ "min":1, "pattern":"[a-zA-Z0-9-]+" }, + "MssManifestLayout":{ + "type":"string", + "enum":[ + "FULL", + "COMPACT" + ] + }, "OriginEndpointListConfiguration":{ "type":"structure", "required":[ @@ -2859,6 +3354,10 @@ "shape":"ListDashManifests", "documentation":"

    A DASH manifest configuration.

    " }, + "MssManifests":{ + "shape":"ListMssManifests", + "documentation":"

    A list of Microsoft Smooth Streaming (MSS) manifest configurations associated with the origin endpoint. Each configuration represents a different MSS streaming option available from this endpoint.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -2938,8 +3437,7 @@ }, "PutChannelPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutOriginEndpointPolicyRequest":{ "type":"structure", @@ -2971,12 +3469,123 @@ "Policy":{ "shape":"PolicyText", "documentation":"

    The policy to attach to the specified origin endpoint.

    " + }, + "CdnAuthConfiguration":{ + "shape":"CdnAuthConfiguration", + "documentation":"

    The settings for using authorization headers between the MediaPackage endpoint and your CDN.

    For information about CDN authorization, see CDN authorization in Elemental MediaPackage in the MediaPackage user guide.

    " } } }, "PutOriginEndpointPolicyResponse":{ "type":"structure", + "members":{} + }, + "ResetChannelStateRequest":{ + "type":"structure", + "required":[ + "ChannelGroupName", + "ChannelName" + ], + "members":{ + "ChannelGroupName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel group that contains the channel that you are resetting.

    ", + "location":"uri", + "locationName":"ChannelGroupName" + }, + "ChannelName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel that you are resetting.

    ", + "location":"uri", + "locationName":"ChannelName" + } + } + }, + "ResetChannelStateResponse":{ + "type":"structure", + "required":[ + "ChannelGroupName", + "ChannelName", + "Arn", + "ResetAt" + ], + "members":{ + "ChannelGroupName":{ + "shape":"String", + "documentation":"

    The name of the channel group that contains the channel that you just reset.

    " + }, + "ChannelName":{ + "shape":"String", + "documentation":"

    The name of the channel that you just reset.

    " + }, + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) associated with the channel that you just reset.

    " + }, + "ResetAt":{ + "shape":"Timestamp", + "documentation":"

    The time that the channel was last reset.

    " + } + } + }, + "ResetOriginEndpointStateRequest":{ + "type":"structure", + "required":[ + "ChannelGroupName", + "ChannelName", + "OriginEndpointName" + ], + "members":{ + "ChannelGroupName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel group that contains the channel with the origin endpoint that you are resetting.

    ", + "location":"uri", + "locationName":"ChannelGroupName" + }, + "ChannelName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel with the origin endpoint that you are resetting.

    ", + "location":"uri", + "locationName":"ChannelName" + }, + "OriginEndpointName":{ + "shape":"ResourceName", + "documentation":"

    The name of the origin endpoint that you are resetting.

    ", + "location":"uri", + "locationName":"OriginEndpointName" + } + } + }, + "ResetOriginEndpointStateResponse":{ + "type":"structure", + "required":[ + "ChannelGroupName", + "ChannelName", + "OriginEndpointName", + "Arn", + "ResetAt" + ], "members":{ + "ChannelGroupName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel group that contains the channel with the origin endpoint that you just reset.

    " + }, + "ChannelName":{ + "shape":"ResourceName", + "documentation":"

    The name of the channel with the origin endpoint that you just reset.

    " + }, + "OriginEndpointName":{ + "shape":"ResourceName", + "documentation":"

    The name of the origin endpoint that you just reset.

    " + }, + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) associated with the endpoint that you just reset.

    " + }, + "ResetAt":{ + "shape":"Timestamp", + "documentation":"

    The time that the origin endpoint was last reset.

    " + } } }, "ResourceDescription":{ @@ -3512,6 +4121,10 @@ "shape":"CreateDashManifests", "documentation":"

    A DASH manifest configuration.

    " }, + "MssManifests":{ + "shape":"CreateMssManifests", + "documentation":"

    A list of Microsoft Smooth Streaming (MSS) manifest configurations to update for the origin endpoint. This replaces the existing MSS manifest configurations.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -3591,6 +4204,10 @@ "shape":"GetLowLatencyHlsManifests", "documentation":"

    A low-latency HLS manifest configuration.

    " }, + "MssManifests":{ + "shape":"GetMssManifests", + "documentation":"

    The updated Microsoft Smooth Streaming (MSS) manifest configurations for this origin endpoint.

    " + }, "ForceEndpointErrorConfiguration":{ "shape":"ForceEndpointErrorConfiguration", "documentation":"

    The failover settings for the endpoint.

    " @@ -3634,6 +4251,7 @@ "ENCRYPTION_METHOD_CONTAINER_TYPE_MISMATCH", "CENC_IV_INCOMPATIBLE", "ENCRYPTION_CONTRACT_WITHOUT_AUDIO_RENDITION_INCOMPATIBLE", + "ENCRYPTION_CONTRACT_WITH_ISM_CONTAINER_INCOMPATIBLE", "ENCRYPTION_CONTRACT_UNENCRYPTED", "ENCRYPTION_CONTRACT_SHARED", "NUM_MANIFESTS_LOW", @@ -3682,10 +4300,38 @@ "HARVEST_JOB_CUSTOMER_ENDPOINT_READ_ACCESS_DENIED", "CLIP_START_TIME_WITH_START_OR_END", "START_TAG_TIME_OFFSET_INVALID", + "INCOMPATIBLE_DASH_PROFILE_DVB_DASH_CONFIGURATION", + "DASH_DVB_ATTRIBUTES_WITHOUT_DVB_DASH_PROFILE", + "INCOMPATIBLE_DASH_COMPACTNESS_CONFIGURATION", + "INCOMPATIBLE_XML_ENCODING", + "CMAF_EXCLUDE_SEGMENT_DRM_METADATA_INCOMPATIBLE_CONTAINER_TYPE", "ONLY_CMAF_INPUT_TYPE_ALLOW_MQCS_INPUT_SWITCHING", - "ONLY_CMAF_INPUT_TYPE_ALLOW_MQCS_OUTPUT_CONFIGURATION" + "ONLY_CMAF_INPUT_TYPE_ALLOW_MQCS_OUTPUT_CONFIGURATION", + "ONLY_CMAF_INPUT_TYPE_ALLOW_PREFERRED_INPUT_CONFIGURATION", + "TS_CONTAINER_TYPE_WITH_MSS_MANIFEST", + "CMAF_CONTAINER_TYPE_WITH_MSS_MANIFEST", + "ISM_CONTAINER_TYPE_WITH_HLS_MANIFEST", + "ISM_CONTAINER_TYPE_WITH_LL_HLS_MANIFEST", + "ISM_CONTAINER_TYPE_WITH_DASH_MANIFEST", + "ISM_CONTAINER_TYPE_WITH_SCTE", + "ISM_CONTAINER_WITH_KEY_ROTATION", + "BATCH_GET_SECRET_VALUE_DENIED", + "GET_SECRET_VALUE_DENIED", + "DESCRIBE_SECRET_DENIED", + "INVALID_SECRET_FORMAT", + "SECRET_IS_NOT_ONE_KEY_VALUE_PAIR", + "INVALID_SECRET_KEY", + "INVALID_SECRET_VALUE", + "SECRET_ARN_RESOURCE_NOT_FOUND", + "DECRYPT_SECRET_FAILED", + "TOO_MANY_SECRETS", + "DUPLICATED_SECRET", + "MALFORMED_SECRET_ARN", + "SECRET_FROM_DIFFERENT_ACCOUNT", + "SECRET_FROM_DIFFERENT_REGION", + "INVALID_SECRET" ] } }, - "documentation":"

    This guide is intended for creating AWS Elemental MediaPackage resources in MediaPackage Version 2 (v2) starting from May 2023. To get started with MediaPackage v2, create your MediaPackage resources. There isn't an automated process to migrate your resources from MediaPackage v1 to MediaPackage v2.

    The names of the entities that you use to access this API, like URLs and ARNs, all have the versioning information added, like \"v2\", to distinguish from the prior version. If you used MediaPackage prior to this release, you can't use the MediaPackage v2 CLI or the MediaPackage v2 API to access any MediaPackage v1 resources.

    If you created resources in MediaPackage v1, use video on demand (VOD) workflows, and aren't looking to migrate to MediaPackage v2 yet, see the MediaPackage v1 Live API Reference.

    This is the AWS Elemental MediaPackage v2 Live REST API Reference. It describes all the MediaPackage API operations for live content in detail, and provides sample requests, responses, and errors for the supported web services protocols.

    We assume that you have the IAM permissions that you need to use MediaPackage via the REST API. We also assume that you are familiar with the features and operations of MediaPackage, as described in the AWS Elemental MediaPackage User Guide.

    " + "documentation":"

    This guide is intended for creating AWS Elemental MediaPackage resources in MediaPackage Version 2 (v2) starting from May 2023. To get started with MediaPackage v2, create your MediaPackage resources. There isn't an automated process to migrate your resources from MediaPackage v1 to MediaPackage v2.

    The names of the entities that you use to access this API, like URLs and ARNs, all have the versioning information added, like "v2", to distinguish from the prior version. If you used MediaPackage prior to this release, you can't use the MediaPackage v2 CLI or the MediaPackage v2 API to access any MediaPackage v1 resources.

    If you created resources in MediaPackage v1, use video on demand (VOD) workflows, and aren't looking to migrate to MediaPackage v2 yet, see the MediaPackage v1 Live API Reference.

    This is the AWS Elemental MediaPackage v2 Live REST API Reference. It describes all the MediaPackage API operations for live content in detail, and provides sample requests, responses, and errors for the supported web services protocols.

    We assume that you have the IAM permissions that you need to use MediaPackage via the REST API. We also assume that you are familiar with the features and operations of MediaPackage, as described in the AWS Elemental MediaPackage User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/mediastore/2017-09-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediastore/2017-09-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediastore/2017-09-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediastore/2017-09-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/mediastore/2017-09-01/service-2.json 2.31.35-1/awscli/botocore/data/mediastore/2017-09-01/service-2.json --- 2.23.6-1/awscli/botocore/data/mediastore/2017-09-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediastore/2017-09-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,13 +5,15 @@ "endpointPrefix":"mediastore", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"MediaStore", "serviceFullName":"AWS Elemental MediaStore", "serviceId":"MediaStore", "signatureVersion":"v4", "signingName":"mediastore", "targetPrefix":"MediaStore_20170901", - "uid":"mediastore-2017-09-01" + "uid":"mediastore-2017-09-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateContainer":{ @@ -526,8 +528,7 @@ }, "DeleteContainerOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContainerPolicyInput":{ "type":"structure", @@ -541,8 +542,7 @@ }, "DeleteContainerPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCorsPolicyInput":{ "type":"structure", @@ -556,8 +556,7 @@ }, "DeleteCorsPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLifecyclePolicyInput":{ "type":"structure", @@ -571,8 +570,7 @@ }, "DeleteLifecyclePolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMetricPolicyInput":{ "type":"structure", @@ -586,8 +584,7 @@ }, "DeleteMetricPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeContainerInput":{ "type":"structure", @@ -884,8 +881,7 @@ }, "PutContainerPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutCorsPolicyInput":{ "type":"structure", @@ -906,8 +902,7 @@ }, "PutCorsPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutLifecyclePolicyInput":{ "type":"structure", @@ -928,8 +923,7 @@ }, "PutLifecyclePolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "PutMetricPolicyInput":{ "type":"structure", @@ -950,8 +944,7 @@ }, "PutMetricPolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StartAccessLoggingInput":{ "type":"structure", @@ -965,8 +958,7 @@ }, "StartAccessLoggingOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StopAccessLoggingInput":{ "type":"structure", @@ -980,8 +972,7 @@ }, "StopAccessLoggingOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Tag":{ "type":"structure", @@ -1033,8 +1024,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1062,8 +1052,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} } }, "documentation":"

    An AWS Elemental MediaStore container is a namespace that holds folders and objects. You use a container endpoint to create, read, and delete objects.

    " diff -pruN 2.23.6-1/awscli/botocore/data/mediastore-data/2017-09-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediastore-data/2017-09-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediastore-data/2017-09-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediastore-data/2017-09-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/mediastore-data/2017-09-01/service-2.json 2.31.35-1/awscli/botocore/data/mediastore-data/2017-09-01/service-2.json --- 2.23.6-1/awscli/botocore/data/mediastore-data/2017-09-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediastore-data/2017-09-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,12 +4,14 @@ "apiVersion":"2017-09-01", "endpointPrefix":"data.mediastore", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"MediaStore Data", "serviceFullName":"AWS Elemental MediaStore Data Plane", "serviceId":"MediaStore Data", "signatureVersion":"v4", "signingName":"mediastore", - "uid":"mediastore-data-2017-09-01" + "uid":"mediastore-data-2017-09-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "DeleteObject":{ @@ -85,7 +87,8 @@ {"shape":"InternalServerError"} ], "documentation":"

    Uploads an object to the specified path. Object sizes are limited to 25 MB for standard upload availability and 10 MB for streaming upload availability.

    ", - "authtype":"v4-unsigned-body" + "authtype":"v4-unsigned-body", + "unsignedPayload":true } }, "shapes":{ @@ -120,8 +123,7 @@ }, "DeleteObjectResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeObjectRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/mediatailor/2018-04-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mediatailor/2018-04-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mediatailor/2018-04-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediatailor/2018-04-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mediatailor/2018-04-23/service-2.json 2.31.35-1/awscli/botocore/data/mediatailor/2018-04-23/service-2.json --- 2.23.6-1/awscli/botocore/data/mediatailor/2018-04-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mediatailor/2018-04-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-04-23", + "auth":["aws.auth#sigv4"], "endpointPrefix":"api.mediatailor", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"MediaTailor", "serviceFullName":"AWS MediaTailor", "serviceId":"MediaTailor", @@ -33,7 +34,7 @@ }, "input":{"shape":"ConfigureLogsForPlaybackConfigurationRequest"}, "output":{"shape":"ConfigureLogsForPlaybackConfigurationResponse"}, - "documentation":"

    Amazon CloudWatch log settings for a playback configuration.

    ", + "documentation":"

    Defines where AWS Elemental MediaTailor sends logs for the playback configuration.

    ", "idempotent":true }, "CreateChannel":{ @@ -213,7 +214,8 @@ }, "input":{"shape":"DescribeChannelRequest"}, "output":{"shape":"DescribeChannelResponse"}, - "documentation":"

    Describes a channel. For information about MediaTailor channels, see Working with channels in the MediaTailor User Guide.

    " + "documentation":"

    Describes a channel. For information about MediaTailor channels, see Working with channels in the MediaTailor User Guide.

    ", + "readonly":true }, "DescribeLiveSource":{ "name":"DescribeLiveSource", @@ -224,7 +226,8 @@ }, "input":{"shape":"DescribeLiveSourceRequest"}, "output":{"shape":"DescribeLiveSourceResponse"}, - "documentation":"

    The live source to describe.

    " + "documentation":"

    The live source to describe.

    ", + "readonly":true }, "DescribeProgram":{ "name":"DescribeProgram", @@ -235,7 +238,8 @@ }, "input":{"shape":"DescribeProgramRequest"}, "output":{"shape":"DescribeProgramResponse"}, - "documentation":"

    Describes a program within a channel. For information about programs, see Working with programs in the MediaTailor User Guide.

    " + "documentation":"

    Describes a program within a channel. For information about programs, see Working with programs in the MediaTailor User Guide.

    ", + "readonly":true }, "DescribeSourceLocation":{ "name":"DescribeSourceLocation", @@ -246,7 +250,8 @@ }, "input":{"shape":"DescribeSourceLocationRequest"}, "output":{"shape":"DescribeSourceLocationResponse"}, - "documentation":"

    Describes a source location. A source location is a container for sources. For more information about source locations, see Working with source locations in the MediaTailor User Guide.

    " + "documentation":"

    Describes a source location. A source location is a container for sources. For more information about source locations, see Working with source locations in the MediaTailor User Guide.

    ", + "readonly":true }, "DescribeVodSource":{ "name":"DescribeVodSource", @@ -257,7 +262,8 @@ }, "input":{"shape":"DescribeVodSourceRequest"}, "output":{"shape":"DescribeVodSourceResponse"}, - "documentation":"

    Provides details about a specific video on demand (VOD) source in a specific source location.

    " + "documentation":"

    Provides details about a specific video on demand (VOD) source in a specific source location.

    ", + "readonly":true }, "GetChannelPolicy":{ "name":"GetChannelPolicy", @@ -268,7 +274,8 @@ }, "input":{"shape":"GetChannelPolicyRequest"}, "output":{"shape":"GetChannelPolicyResponse"}, - "documentation":"

    Returns the channel's IAM policy. IAM policies are used to control access to your channel.

    " + "documentation":"

    Returns the channel's IAM policy. IAM policies are used to control access to your channel.

    ", + "readonly":true }, "GetChannelSchedule":{ "name":"GetChannelSchedule", @@ -279,7 +286,8 @@ }, "input":{"shape":"GetChannelScheduleRequest"}, "output":{"shape":"GetChannelScheduleResponse"}, - "documentation":"

    Retrieves information about your channel's schedule.

    " + "documentation":"

    Retrieves information about your channel's schedule.

    ", + "readonly":true }, "GetPlaybackConfiguration":{ "name":"GetPlaybackConfiguration", @@ -290,7 +298,8 @@ }, "input":{"shape":"GetPlaybackConfigurationRequest"}, "output":{"shape":"GetPlaybackConfigurationResponse"}, - "documentation":"

    Retrieves a playback configuration. For information about MediaTailor configurations, see Working with configurations in AWS Elemental MediaTailor.

    " + "documentation":"

    Retrieves a playback configuration. For information about MediaTailor configurations, see Working with configurations in AWS Elemental MediaTailor.

    ", + "readonly":true }, "GetPrefetchSchedule":{ "name":"GetPrefetchSchedule", @@ -301,7 +310,8 @@ }, "input":{"shape":"GetPrefetchScheduleRequest"}, "output":{"shape":"GetPrefetchScheduleResponse"}, - "documentation":"

    Retrieves a prefetch schedule for a playback configuration. A prefetch schedule allows you to tell MediaTailor to fetch and prepare certain ads before an ad break happens. For more information about ad prefetching, see Using ad prefetching in the MediaTailor User Guide.

    " + "documentation":"

    Retrieves a prefetch schedule for a playback configuration. A prefetch schedule allows you to tell MediaTailor to fetch and prepare certain ads before an ad break happens. For more information about ad prefetching, see Using ad prefetching in the MediaTailor User Guide.

    ", + "readonly":true }, "ListAlerts":{ "name":"ListAlerts", @@ -312,7 +322,8 @@ }, "input":{"shape":"ListAlertsRequest"}, "output":{"shape":"ListAlertsResponse"}, - "documentation":"

    Lists the alerts that are associated with a MediaTailor channel assembly resource.

    " + "documentation":"

    Lists the alerts that are associated with a MediaTailor channel assembly resource.

    ", + "readonly":true }, "ListChannels":{ "name":"ListChannels", @@ -323,7 +334,8 @@ }, "input":{"shape":"ListChannelsRequest"}, "output":{"shape":"ListChannelsResponse"}, - "documentation":"

    Retrieves information about the channels that are associated with the current AWS account.

    " + "documentation":"

    Retrieves information about the channels that are associated with the current AWS account.

    ", + "readonly":true }, "ListLiveSources":{ "name":"ListLiveSources", @@ -334,7 +346,8 @@ }, "input":{"shape":"ListLiveSourcesRequest"}, "output":{"shape":"ListLiveSourcesResponse"}, - "documentation":"

    Lists the live sources contained in a source location. A source represents a piece of content.

    " + "documentation":"

    Lists the live sources contained in a source location. A source represents a piece of content.

    ", + "readonly":true }, "ListPlaybackConfigurations":{ "name":"ListPlaybackConfigurations", @@ -345,7 +358,8 @@ }, "input":{"shape":"ListPlaybackConfigurationsRequest"}, "output":{"shape":"ListPlaybackConfigurationsResponse"}, - "documentation":"

    Retrieves existing playback configurations. For information about MediaTailor configurations, see Working with Configurations in AWS Elemental MediaTailor.

    " + "documentation":"

    Retrieves existing playback configurations. For information about MediaTailor configurations, see Working with Configurations in AWS Elemental MediaTailor.

    ", + "readonly":true }, "ListPrefetchSchedules":{ "name":"ListPrefetchSchedules", @@ -356,7 +370,8 @@ }, "input":{"shape":"ListPrefetchSchedulesRequest"}, "output":{"shape":"ListPrefetchSchedulesResponse"}, - "documentation":"

    Lists the prefetch schedules for a playback configuration.

    " + "documentation":"

    Lists the prefetch schedules for a playback configuration.

    ", + "readonly":true }, "ListSourceLocations":{ "name":"ListSourceLocations", @@ -367,7 +382,8 @@ }, "input":{"shape":"ListSourceLocationsRequest"}, "output":{"shape":"ListSourceLocationsResponse"}, - "documentation":"

    Lists the source locations for a channel. A source location defines the host server URL, and contains a list of sources.

    " + "documentation":"

    Lists the source locations for a channel. A source location defines the host server URL, and contains a list of sources.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -381,7 +397,8 @@ "errors":[ {"shape":"BadRequestException"} ], - "documentation":"

    A list of tags that are associated with this resource. Tags are key-value pairs that you can associate with Amazon resources to help with organization, access control, and cost tracking. For more information, see Tagging AWS Elemental MediaTailor Resources.

    " + "documentation":"

    A list of tags that are associated with this resource. Tags are key-value pairs that you can associate with Amazon resources to help with organization, access control, and cost tracking. For more information, see Tagging AWS Elemental MediaTailor Resources.

    ", + "readonly":true }, "ListVodSources":{ "name":"ListVodSources", @@ -392,7 +409,8 @@ }, "input":{"shape":"ListVodSourcesRequest"}, "output":{"shape":"ListVodSourcesResponse"}, - "documentation":"

    Lists the VOD sources contained in a source location. A source represents a piece of content.

    " + "documentation":"

    Lists the VOD sources contained in a source location. A source represents a piece of content.

    ", + "readonly":true }, "PutChannelPolicy":{ "name":"PutChannelPolicy", @@ -557,10 +575,6 @@ "type":"structure", "required":["OffsetMillis"], "members":{ - "AdBreakMetadata":{ - "shape":"AdBreakMetadataList", - "documentation":"

    Defines a list of key/value pairs that MediaTailor generates within the EXT-X-ASSETtag for SCTE35_ENHANCED output.

    " - }, "MessageType":{ "shape":"MessageType", "documentation":"

    The SCTE-35 ad insertion type. Accepted value: SPLICE_INSERT, TIME_SIGNAL.

    " @@ -580,6 +594,10 @@ "TimeSignalMessage":{ "shape":"TimeSignalMessage", "documentation":"

    Defines the SCTE-35 time_signal message inserted around the ad.

    Programs on a channel's schedule can be configured with one or more ad breaks. You can attach a splice_insert SCTE-35 message to the ad break. This message provides basic metadata about the ad break.

    See section 9.7.4 of the 2022 SCTE-35 specification for more information.

    " + }, + "AdBreakMetadata":{ + "shape":"AdBreakMetadataList", + "documentation":"

    Defines a list of key/value pairs that MediaTailor generates within the EXT-X-ASSETtag for SCTE35_ENHANCED output.

    " } }, "documentation":"

    Ad break configuration parameters.

    " @@ -604,6 +622,17 @@ }, "documentation":"

    A location at which a zero-duration ad marker was detected in a VOD source manifest.

    " }, + "AdConditioningConfiguration":{ + "type":"structure", + "required":["StreamingMediaFileConditioning"], + "members":{ + "StreamingMediaFileConditioning":{ + "shape":"StreamingMediaFileConditioning", + "documentation":"

    For ads that have media files with streaming delivery and supported file extensions, indicates what transcoding action MediaTailor takes when it first receives these ads from the ADS. TRANSCODE indicates that MediaTailor must transcode the ads. NONE indicates that you have already transcoded the ads outside of MediaTailor and don't need them transcoded as part of the ad insertion workflow. For more information about ad conditioning see Using preconditioned ads in the Elemental MediaTailor user guide.

    " + } + }, + "documentation":"

    The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns.

    " + }, "AdMarkerPassthrough":{ "type":"structure", "members":{ @@ -621,6 +650,70 @@ "SCTE35_ENHANCED" ] }, + "AdsInteractionExcludeEventType":{ + "type":"string", + "enum":[ + "AD_MARKER_FOUND", + "NON_AD_MARKER_FOUND", + "MAKING_ADS_REQUEST", + "MODIFIED_TARGET_URL", + "VAST_REDIRECT", + "EMPTY_VAST_RESPONSE", + "EMPTY_VMAP_RESPONSE", + "VAST_RESPONSE", + "REDIRECTED_VAST_RESPONSE", + "FILLED_AVAIL", + "FILLED_OVERLAY_AVAIL", + "BEACON_FIRED", + "WARNING_NO_ADVERTISEMENTS", + "WARNING_VPAID_AD_DROPPED", + "WARNING_URL_VARIABLE_SUBSTITUTION_FAILED", + "ERROR_UNKNOWN", + "ERROR_UNKNOWN_HOST", + "ERROR_DISALLOWED_HOST", + "ERROR_ADS_IO", + "ERROR_ADS_TIMEOUT", + "ERROR_ADS_RESPONSE_PARSE", + "ERROR_ADS_RESPONSE_UNKNOWN_ROOT_ELEMENT", + "ERROR_ADS_INVALID_RESPONSE", + "ERROR_VAST_REDIRECT_EMPTY_RESPONSE", + "ERROR_VAST_REDIRECT_MULTIPLE_VAST", + "ERROR_VAST_REDIRECT_FAILED", + "ERROR_VAST_MISSING_MEDIAFILES", + "ERROR_VAST_MISSING_CREATIVES", + "ERROR_VAST_MISSING_OVERLAYS", + "ERROR_VAST_MISSING_IMPRESSION", + "ERROR_VAST_INVALID_VAST_AD_TAG_URI", + "ERROR_VAST_MULTIPLE_TRACKING_EVENTS", + "ERROR_VAST_MULTIPLE_LINEAR", + "ERROR_VAST_INVALID_MEDIA_FILE", + "ERROR_FIRING_BEACON_FAILED", + "ERROR_PERSONALIZATION_DISABLED", + "VOD_TIME_BASED_AVAIL_PLAN_VAST_RESPONSE_FOR_OFFSET", + "VOD_TIME_BASED_AVAIL_PLAN_SUCCESS", + "VOD_TIME_BASED_AVAIL_PLAN_WARNING_NO_ADVERTISEMENTS", + "INTERSTITIAL_VOD_SUCCESS", + "INTERSTITIAL_VOD_FAILURE" + ] + }, + "AdsInteractionLog":{ + "type":"structure", + "members":{ + "PublishOptInEventTypes":{ + "shape":"__adsInteractionPublishOptInEventTypesList", + "documentation":"

    Indicates that MediaTailor emits RAW_ADS_RESPONSE logs for playback sessions that are initialized with this configuration.

    " + }, + "ExcludeEventTypes":{ + "shape":"__adsInteractionExcludeEventTypesList", + "documentation":"

    Indicates that MediaTailor won't emit the selected events in the logs for playback sessions that are initialized with this configuration.

    " + } + }, + "documentation":"

    Settings for customizing what events are included in logs for interactions with the ad decision server (ADS).

    For more information about ADS logs, inlcuding descriptions of the event types, see MediaTailor ADS logs description and event types in Elemental MediaTailor User Guide.

    " + }, + "AdsInteractionPublishOptInEventType":{ + "type":"string", + "enum":["RAW_ADS_RESPONSE"] + }, "Alert":{ "type":"structure", "required":[ @@ -639,10 +732,6 @@ "shape":"__string", "documentation":"

    If an alert is generated for a resource, an explanation of the reason for the alert.

    " }, - "Category":{ - "shape":"AlertCategory", - "documentation":"

    The category that MediaTailor assigns to the alert.

    " - }, "LastModifiedTime":{ "shape":"__timestampUnix", "documentation":"

    The timestamp when the alert was last modified.

    " @@ -654,6 +743,10 @@ "ResourceArn":{ "shape":"__string", "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " + }, + "Category":{ + "shape":"AlertCategory", + "documentation":"

    The category that MediaTailor assigns to the alert.

    " } }, "documentation":"

    Alert configuration parameters.

    " @@ -669,30 +762,30 @@ "AlternateMedia":{ "type":"structure", "members":{ - "AdBreaks":{ - "shape":"__listOfAdBreak", - "documentation":"

    Ad break configuration parameters defined in AlternateMedia.

    " - }, - "ClipRange":{"shape":"ClipRange"}, - "DurationMillis":{ - "shape":"__long", - "documentation":"

    The duration of the alternateMedia in milliseconds.

    " + "SourceLocationName":{ + "shape":"__string", + "documentation":"

    The name of the source location for alternateMedia.

    " }, "LiveSourceName":{ "shape":"__string", "documentation":"

    The name of the live source for alternateMedia.

    " }, + "VodSourceName":{ + "shape":"__string", + "documentation":"

    The name of the VOD source for alternateMedia.

    " + }, + "ClipRange":{"shape":"ClipRange"}, "ScheduledStartTimeMillis":{ "shape":"__long", "documentation":"

    The date and time that the alternateMedia is scheduled to start, in epoch milliseconds.

    " }, - "SourceLocationName":{ - "shape":"__string", - "documentation":"

    The name of the source location for alternateMedia.

    " + "AdBreaks":{ + "shape":"__listOfAdBreak", + "documentation":"

    Ad break configuration parameters defined in AlternateMedia.

    " }, - "VodSourceName":{ - "shape":"__string", - "documentation":"

    The name of the VOD source for alternateMedia.

    " + "DurationMillis":{ + "shape":"__long", + "documentation":"

    The duration of the alternateMedia in milliseconds.

    " } }, "documentation":"

    A playlist of media (VOD and/or live) to be played instead of the default media on a particular program.

    " @@ -700,13 +793,13 @@ "AudienceMedia":{ "type":"structure", "members":{ - "AlternateMedia":{ - "shape":"__listOfAlternateMedia", - "documentation":"

    The list of AlternateMedia defined in AudienceMedia.

    " - }, "Audience":{ "shape":"__string", "documentation":"

    The Audience defined in AudienceMedia.

    " + }, + "AlternateMedia":{ + "shape":"__listOfAlternateMedia", + "documentation":"

    The list of AlternateMedia defined in AudienceMedia.

    " } }, "documentation":"

    An AudienceMedia object contains an Audience and a list of AlternateMedia.

    " @@ -736,10 +829,6 @@ "AvailSuppression":{ "type":"structure", "members":{ - "FillPolicy":{ - "shape":"FillPolicy", - "documentation":"

    Defines the policy to apply to the avail suppression mode. BEHIND_LIVE_EDGE will always use the full avail suppression policy. AFTER_LIVE_EDGE mode can be used to invoke partial ad break fills when a session starts mid-break.

    " - }, "Mode":{ "shape":"Mode", "documentation":"

    Sets the ad suppression mode. By default, ad suppression is off and all ad breaks are filled with ads or slate. When Mode is set to BEHIND_LIVE_EDGE, ad suppression is active and MediaTailor won't fill ad breaks on or behind the ad suppression Value time in the manifest lookback window. When Mode is set to AFTER_LIVE_EDGE, ad suppression is active and MediaTailor won't fill ad breaks that are within the live edge plus the avail suppression value.

    " @@ -747,6 +836,10 @@ "Value":{ "shape":"__string", "documentation":"

    A live edge offset time in HH:MM:SS. MediaTailor won't fill ad breaks on or behind this time in the manifest lookback window. If Value is set to 00:00:00, it is in sync with the live edge, and MediaTailor won't fill any ad breaks on or behind the live edge. If you set a Value time, MediaTailor won't fill any ad breaks on or behind this time in the manifest lookback window. For example, if you set 00:45:00, then MediaTailor will fill ad breaks that occur within 45 minutes behind the live edge, but won't fill ad breaks on or behind 45 minutes behind the live edge.

    " + }, + "FillPolicy":{ + "shape":"FillPolicy", + "documentation":"

    Defines the policy to apply to the avail suppression mode. BEHIND_LIVE_EDGE will always use the full avail suppression policy. AFTER_LIVE_EDGE mode can be used to invoke partial ad break fills when a session starts mid-break.

    " } }, "documentation":"

    The configuration for avail suppression, also known as ad suppression. For more information about ad suppression, see Ad Suppression.

    " @@ -797,20 +890,16 @@ "Arn", "ChannelName", "ChannelState", - "LogConfiguration", "Outputs", "PlaybackMode", - "Tier" + "Tier", + "LogConfiguration" ], "members":{ "Arn":{ "shape":"__string", "documentation":"

    The ARN of the channel.

    " }, - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel.

    " @@ -831,10 +920,6 @@ "shape":"__timestampUnix", "documentation":"

    The timestamp of when the channel was last modified.

    " }, - "LogConfiguration":{ - "shape":"LogConfigurationForChannel", - "documentation":"

    The log configuration.

    " - }, "Outputs":{ "shape":"ResponseOutputs", "documentation":"

    The channel's output properties.

    " @@ -851,6 +936,14 @@ "Tier":{ "shape":"__string", "documentation":"

    The tier for this channel. STANDARD tier channels can contain live programs.

    " + }, + "LogConfiguration":{ + "shape":"LogConfigurationForChannel", + "documentation":"

    The log configuration.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } }, "documentation":"

    The configuration parameters for a channel. For information about MediaTailor channels, see Working with channels in the MediaTailor User Guide.

    " @@ -940,11 +1033,23 @@ "members":{ "PercentEnabled":{ "shape":"__integer", - "documentation":"

    The percentage of session logs that MediaTailor sends to your Cloudwatch Logs account. For example, if your playback configuration has 1000 sessions and percentEnabled is set to 60, MediaTailor sends logs for 600 of the sessions to CloudWatch Logs. MediaTailor decides at random which of the playback configuration sessions to send logs for. If you want to view logs for a specific session, you can use the debug log mode.

    Valid values: 0 - 100

    " + "documentation":"

    The percentage of session logs that MediaTailor sends to your CloudWatch Logs account. For example, if your playback configuration has 1000 sessions and percentEnabled is set to 60, MediaTailor sends logs for 600 of the sessions to CloudWatch Logs. MediaTailor decides at random which of the playback configuration sessions to send logs for. If you want to view logs for a specific session, you can use the debug log mode.

    Valid values: 0 - 100

    " }, "PlaybackConfigurationName":{ "shape":"__string", "documentation":"

    The name of the playback configuration.

    " + }, + "EnabledLoggingStrategies":{ + "shape":"__listOfLoggingStrategies", + "documentation":"

    The method used for collecting logs from AWS Elemental MediaTailor. To configure MediaTailor to send logs directly to Amazon CloudWatch Logs, choose LEGACY_CLOUDWATCH. To configure MediaTailor to send logs to CloudWatch, which then vends the logs to your destination of choice, choose VENDED_LOGS. Supported destinations are CloudWatch Logs log group, Amazon S3 bucket, and Amazon Data Firehose stream.

    To use vended logs, you must configure the delivery destination in Amazon CloudWatch, as described in Enable logging from AWS services, Logging that requires additional permissions [V2].

    " + }, + "AdsInteractionLog":{ + "shape":"AdsInteractionLog", + "documentation":"

    The event types that MediaTailor emits in logs for interactions with the ADS.

    " + }, + "ManifestServiceInteractionLog":{ + "shape":"ManifestServiceInteractionLog", + "documentation":"

    The event types that MediaTailor emits in logs for interactions with the origin server.

    " } }, "documentation":"

    Configures Amazon CloudWatch log settings for a playback configuration.

    " @@ -960,6 +1065,18 @@ "PlaybackConfigurationName":{ "shape":"__string", "documentation":"

    The name of the playback configuration.

    " + }, + "EnabledLoggingStrategies":{ + "shape":"__listOfLoggingStrategies", + "documentation":"

    The method used for collecting logs from AWS Elemental MediaTailor. LEGACY_CLOUDWATCH indicates that MediaTailor is sending logs directly to Amazon CloudWatch Logs. VENDED_LOGS indicates that MediaTailor is sending logs to CloudWatch, which then vends the logs to your destination of choice. Supported destinations are CloudWatch Logs log group, Amazon S3 bucket, and Amazon Data Firehose stream.

    " + }, + "AdsInteractionLog":{ + "shape":"AdsInteractionLog", + "documentation":"

    The event types that MediaTailor emits in logs for interactions with the ADS.

    " + }, + "ManifestServiceInteractionLog":{ + "shape":"ManifestServiceInteractionLog", + "documentation":"

    The event types that MediaTailor emits in logs for interactions with the origin server.

    " } } }, @@ -971,10 +1088,6 @@ "PlaybackMode" ], "members":{ - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel.

    ", @@ -1005,6 +1118,10 @@ "TimeShiftConfiguration":{ "shape":"TimeShiftConfiguration", "documentation":"

    The time-shifted viewing configuration you want to associate to the channel.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } } }, @@ -1015,10 +1132,6 @@ "shape":"__string", "documentation":"

    The Amazon Resource Name (ARN) to assign to the channel.

    " }, - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name to assign to the channel.

    " @@ -1059,6 +1172,10 @@ "TimeShiftConfiguration":{ "shape":"TimeShiftConfiguration", "documentation":"

    The time-shifted viewing configuration assigned to the channel.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } } }, @@ -1130,15 +1247,13 @@ "CreatePrefetchScheduleRequest":{ "type":"structure", "required":[ - "Consumption", "Name", - "PlaybackConfigurationName", - "Retrieval" + "PlaybackConfigurationName" ], "members":{ "Consumption":{ "shape":"PrefetchConsumption", - "documentation":"

    The configuration settings for MediaTailor's consumption of the prefetched ads from the ad decision server. Each consumption configuration contains an end time and an optional start time that define the consumption window. Prefetch schedules automatically expire no earlier than seven days after the end time.

    " + "documentation":"

    The configuration settings for how and when MediaTailor consumes prefetched ads from the ad decision server for single prefetch schedules. Each consumption configuration contains an end time and an optional start time that define the consumption window. Prefetch schedules automatically expire no earlier than seven days after the end time.

    " }, "Name":{ "shape":"__string", @@ -1156,6 +1271,14 @@ "shape":"PrefetchRetrieval", "documentation":"

    The configuration settings for retrieval of prefetched ads from the ad decision server. Only one set of prefetched ads will be retrieved and subsequently consumed for each ad break.

    " }, + "RecurringPrefetchConfiguration":{ + "shape":"RecurringPrefetchConfiguration", + "documentation":"

    The configuration that defines how and when MediaTailor performs ad prefetching in a live event.

    " + }, + "ScheduleType":{ + "shape":"PrefetchScheduleType", + "documentation":"

    The frequency that MediaTailor creates prefetch schedules. SINGLE indicates that this schedule applies to one ad break. RECURRING indicates that MediaTailor automatically creates a schedule for each ad avail in a live event.

    For more information about the prefetch types and when you might use each, see Prefetching ads in Elemental MediaTailor.

    " + }, "StreamId":{ "shape":"__string", "documentation":"

    An optional stream identifier that MediaTailor uses to prefetch ads for multiple streams that use the same playback configuration. If StreamId is specified, MediaTailor returns all of the prefetch schedules with an exact match on StreamId. If not specified, MediaTailor returns all of the prefetch schedules for the playback configuration, regardless of StreamId.

    " @@ -1171,7 +1294,7 @@ }, "Consumption":{ "shape":"PrefetchConsumption", - "documentation":"

    The configuration settings for MediaTailor's consumption of the prefetched ads from the ad decision server. Each consumption configuration contains an end time and an optional start time that define the consumption window. Prefetch schedules automatically expire no earlier than seven days after the end time.

    " + "documentation":"

    The configuration settings for how and when MediaTailor consumes prefetched ads from the ad decision server for single prefetch schedules. Each consumption configuration contains an end time and an optional start time that define the consumption window. Prefetch schedules automatically expire no earlier than seven days after the end time.

    " }, "Name":{ "shape":"__string", @@ -1185,6 +1308,14 @@ "shape":"PrefetchRetrieval", "documentation":"

    The configuration settings for retrieval of prefetched ads from the ad decision server. Only one set of prefetched ads will be retrieved and subsequently consumed for each ad break.

    " }, + "RecurringPrefetchConfiguration":{ + "shape":"RecurringPrefetchConfiguration", + "documentation":"

    The configuration that defines how MediaTailor performs recurring prefetch.

    " + }, + "ScheduleType":{ + "shape":"PrefetchScheduleType", + "documentation":"

    The frequency that MediaTailor creates prefetch schedules. SINGLE indicates that this schedule applies to one ad break. RECURRING indicates that MediaTailor automatically creates a schedule for each ad avail in a live event.

    " + }, "StreamId":{ "shape":"__string", "documentation":"

    An optional stream identifier that MediaTailor uses to prefetch ads for multiple streams that use the same playback configuration. If StreamId is specified, MediaTailor returns all of the prefetch schedules with an exact match on StreamId. If not specified, MediaTailor returns all of the prefetch schedules for the playback configuration, regardless of StreamId.

    " @@ -1204,10 +1335,6 @@ "shape":"__listOfAdBreak", "documentation":"

    The ad break configuration settings.

    " }, - "AudienceMedia":{ - "shape":"__listOfAudienceMedia", - "documentation":"

    The list of AudienceMedia defined in program.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel for this Program.

    ", @@ -1235,6 +1362,10 @@ "VodSourceName":{ "shape":"__string", "documentation":"

    The name that's used to refer to a VOD source.

    " + }, + "AudienceMedia":{ + "shape":"__listOfAudienceMedia", + "documentation":"

    The list of AudienceMedia defined in program.

    " } } }, @@ -1249,26 +1380,14 @@ "shape":"__string", "documentation":"

    The ARN to assign to the program.

    " }, - "AudienceMedia":{ - "shape":"__listOfAudienceMedia", - "documentation":"

    The list of AudienceMedia defined in program.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name to assign to the channel for this program.

    " }, - "ClipRange":{ - "shape":"ClipRange", - "documentation":"

    The clip range configuration settings.

    " - }, "CreationTime":{ "shape":"__timestampUnix", "documentation":"

    The time the program was created.

    " }, - "DurationMillis":{ - "shape":"__long", - "documentation":"

    The duration of the live program in milliseconds.

    " - }, "LiveSourceName":{ "shape":"__string", "documentation":"

    The name of the LiveSource for this Program.

    " @@ -1288,6 +1407,18 @@ "VodSourceName":{ "shape":"__string", "documentation":"

    The name that's used to refer to a VOD source.

    " + }, + "ClipRange":{ + "shape":"ClipRange", + "documentation":"

    The clip range configuration settings.

    " + }, + "DurationMillis":{ + "shape":"__long", + "documentation":"

    The duration of the live program in milliseconds.

    " + }, + "AudienceMedia":{ + "shape":"__listOfAudienceMedia", + "documentation":"

    The list of AudienceMedia defined in program.

    " } } }, @@ -1512,8 +1643,7 @@ }, "DeleteChannelPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteChannelRequest":{ "type":"structure", @@ -1529,8 +1659,7 @@ }, "DeleteChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLiveSourceRequest":{ "type":"structure", @@ -1555,8 +1684,7 @@ }, "DeleteLiveSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePlaybackConfigurationRequest":{ "type":"structure", @@ -1572,8 +1700,7 @@ }, "DeletePlaybackConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePrefetchScheduleRequest":{ "type":"structure", @@ -1598,8 +1725,7 @@ }, "DeletePrefetchScheduleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProgramRequest":{ "type":"structure", @@ -1624,8 +1750,7 @@ }, "DeleteProgramResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSourceLocationRequest":{ "type":"structure", @@ -1641,8 +1766,7 @@ }, "DeleteSourceLocationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVodSourceRequest":{ "type":"structure", @@ -1667,8 +1791,7 @@ }, "DeleteVodSourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeChannelRequest":{ "type":"structure", @@ -1690,10 +1813,6 @@ "shape":"__string", "documentation":"

    The ARN of the channel.

    " }, - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel.

    " @@ -1714,10 +1833,6 @@ "shape":"__timestampUnix", "documentation":"

    The timestamp of when the channel was last modified.

    " }, - "LogConfiguration":{ - "shape":"LogConfigurationForChannel", - "documentation":"

    The log configuration for the channel.

    " - }, "Outputs":{ "shape":"ResponseOutputs", "documentation":"

    The channel's output properties.

    " @@ -1735,9 +1850,17 @@ "shape":"__string", "documentation":"

    The channel's tier.

    " }, + "LogConfiguration":{ + "shape":"LogConfigurationForChannel", + "documentation":"

    The log configuration for the channel.

    " + }, "TimeShiftConfiguration":{ "shape":"TimeShiftConfiguration", "documentation":"

    The time-shifted viewing configuration for the channel.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } } }, @@ -1828,26 +1951,14 @@ "shape":"__string", "documentation":"

    The ARN of the program.

    " }, - "AudienceMedia":{ - "shape":"__listOfAudienceMedia", - "documentation":"

    The list of AudienceMedia defined in program.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel that the program belongs to.

    " }, - "ClipRange":{ - "shape":"ClipRange", - "documentation":"

    The clip range configuration settings.

    " - }, "CreationTime":{ "shape":"__timestampUnix", "documentation":"

    The timestamp of when the program was created.

    " }, - "DurationMillis":{ - "shape":"Long", - "documentation":"

    The duration of the live program in milliseconds.

    " - }, "LiveSourceName":{ "shape":"__string", "documentation":"

    The name of the LiveSource for this Program.

    " @@ -1867,6 +1978,18 @@ "VodSourceName":{ "shape":"__string", "documentation":"

    The name that's used to refer to a VOD source.

    " + }, + "ClipRange":{ + "shape":"ClipRange", + "documentation":"

    The clip range configuration settings.

    " + }, + "DurationMillis":{ + "shape":"Long", + "documentation":"

    The duration of the live program in milliseconds.

    " + }, + "AudienceMedia":{ + "shape":"__listOfAudienceMedia", + "documentation":"

    The list of AudienceMedia defined in program.

    " } } }, @@ -2015,12 +2138,6 @@ "type":"structure", "required":["ChannelName"], "members":{ - "Audience":{ - "shape":"__string", - "documentation":"

    The single audience for GetChannelScheduleRequest.

    ", - "location":"querystring", - "locationName":"audience" - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel associated with this Channel Schedule.

    ", @@ -2044,6 +2161,12 @@ "documentation":"

    (Optional) If the playback configuration has more than MaxResults channel schedules, use NextToken to get the second and subsequent pages of results.

    For the first GetChannelScheduleRequest request, omit this value.

    For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.

    If the previous response didn't include a NextToken element, there are no more channel schedules to get.

    ", "location":"querystring", "locationName":"nextToken" + }, + "Audience":{ + "shape":"__string", + "documentation":"

    The single audience for GetChannelScheduleRequest.

    ", + "location":"querystring", + "locationName":"audience" } } }, @@ -2093,7 +2216,7 @@ }, "ConfigurationAliases":{ "shape":"ConfigurationAliasesResponse", - "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " + "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " }, "DashConfiguration":{ "shape":"DashConfiguration", @@ -2113,7 +2236,7 @@ }, "LogConfiguration":{ "shape":"LogConfiguration", - "documentation":"

    The Amazon CloudWatch log settings for a playback configuration.

    " + "documentation":"

    The configuration that defines where AWS Elemental MediaTailor sends logs for the playback configuration.

    " }, "ManifestProcessingRules":{ "shape":"ManifestProcessingRules", @@ -2155,6 +2278,10 @@ "VideoContentSourceUrl":{ "shape":"__string", "documentation":"

    The URL prefix for the parent manifest for the stream, minus the asset ID. The maximum length is 512 characters.

    " + }, + "AdConditioningConfiguration":{ + "shape":"AdConditioningConfiguration", + "documentation":"

    The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

    " } } }, @@ -2188,7 +2315,7 @@ }, "Consumption":{ "shape":"PrefetchConsumption", - "documentation":"

    Consumption settings determine how, and when, MediaTailor places the prefetched ads into ad breaks. Ad consumption occurs within a span of time that you define, called a consumption window. You can designate which ad breaks that MediaTailor fills with prefetch ads by setting avail matching criteria.

    " + "documentation":"

    The configuration settings for how and when MediaTailor consumes prefetched ads from the ad decision server for single prefetch schedules. Each consumption configuration contains an end time and an optional start time that define the consumption window. Prefetch schedules automatically expire no earlier than seven days after the end time.

    " }, "Name":{ "shape":"__string", @@ -2202,6 +2329,14 @@ "shape":"PrefetchRetrieval", "documentation":"

    A complex type that contains settings for prefetch retrieval from the ad decision server (ADS).

    " }, + "ScheduleType":{ + "shape":"PrefetchScheduleType", + "documentation":"

    The frequency that MediaTailor creates prefetch schedules. SINGLE indicates that this schedule applies to one ad break. RECURRING indicates that MediaTailor automatically creates a schedule for each ad avail in a live event.

    " + }, + "RecurringPrefetchConfiguration":{ + "shape":"RecurringPrefetchConfiguration", + "documentation":"

    The configuration that defines how and when MediaTailor performs ad prefetching in a live event.

    " + }, "StreamId":{ "shape":"__string", "documentation":"

    An optional stream identifier that you can specify in order to prefetch for multiple streams that use the same playback configuration.

    " @@ -2221,13 +2356,13 @@ "HlsPlaylistSettings":{ "type":"structure", "members":{ - "AdMarkupType":{ - "shape":"adMarkupTypes", - "documentation":"

    Determines the type of SCTE 35 tags to use in ad markup. Specify DATERANGE to use DATERANGE tags (for live or VOD content). Specify SCTE35_ENHANCED to use EXT-X-CUE-OUT and EXT-X-CUE-IN tags (for VOD content only).

    " - }, "ManifestWindowSeconds":{ "shape":"__integer", "documentation":"

    The total duration (in seconds) of each manifest. Minimum value: 30 seconds. Maximum value: 3600 seconds.

    " + }, + "AdMarkupType":{ + "shape":"adMarkupTypes", + "documentation":"

    Determines the type of SCTE 35 tags to use in ad markup. Specify DATERANGE to use DATERANGE tags (for live or VOD content). Specify SCTE35_ENHANCED to use EXT-X-CUE-OUT and EXT-X-CUE-IN tags (for VOD content only).

    " } }, "documentation":"

    HLS playlist configuration parameters.

    " @@ -2307,13 +2442,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of alerts that you want MediaTailor to return in response to the current request. If there are more than MaxResults alerts, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of alerts that you want MediaTailor to return in response to the current request. If there are more than MaxResults alerts, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"maxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListAlerts request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"nextToken" }, @@ -2343,13 +2478,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of channels that you want MediaTailor to return in response to the current request. If there are more than MaxResults channels, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of channels that you want MediaTailor to return in response to the current request. If there are more than MaxResults channels, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"maxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListChannels request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"nextToken" } @@ -2374,13 +2509,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of live sources that you want MediaTailor to return in response to the current request. If there are more than MaxResults live sources, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of live sources that you want MediaTailor to return in response to the current request. If there are more than MaxResults live sources, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"maxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListLiveSources request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"nextToken" }, @@ -2410,13 +2545,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of playback configurations that you want MediaTailor to return in response to the current request. If there are more than MaxResults playback configurations, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of playback configurations that you want MediaTailor to return in response to the current request. If there are more than MaxResults playback configurations, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"MaxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListPlaybackConfigurations request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"NextToken" } @@ -2435,17 +2570,25 @@ } } }, + "ListPrefetchScheduleType":{ + "type":"string", + "enum":[ + "SINGLE", + "RECURRING", + "ALL" + ] + }, "ListPrefetchSchedulesRequest":{ "type":"structure", "required":["PlaybackConfigurationName"], "members":{ "MaxResults":{ "shape":"__integerMin1Max100", - "documentation":"

    The maximum number of prefetch schedules that you want MediaTailor to return in response to the current request. If there are more than MaxResults prefetch schedules, use the value of NextToken in the response to get the next page of results.

    " + "documentation":"

    The maximum number of prefetch schedules that you want MediaTailor to return in response to the current request. If there are more than MaxResults prefetch schedules, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    " }, "NextToken":{ "shape":"__string", - "documentation":"

    (Optional) If the playback configuration has more than MaxResults prefetch schedules, use NextToken to get the second and subsequent pages of results.

    For the first ListPrefetchSchedulesRequest request, omit this value.

    For the second and subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request.

    If the previous response didn't include a NextToken element, there are no more prefetch schedules to get.

    " + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListPrefetchSchedules request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    " }, "PlaybackConfigurationName":{ "shape":"__string", @@ -2453,6 +2596,10 @@ "location":"uri", "locationName":"PlaybackConfigurationName" }, + "ScheduleType":{ + "shape":"ListPrefetchScheduleType", + "documentation":"

    The type of prefetch schedules that you want to list. SINGLE indicates that you want to list the configured single prefetch schedules. RECURRING indicates that you want to list the configured recurring prefetch schedules. ALL indicates that you want to list all configured prefetch schedules.

    " + }, "StreamId":{ "shape":"__string", "documentation":"

    An optional filtering parameter whereby MediaTailor filters the prefetch schedules to include only specific streams.

    " @@ -2477,13 +2624,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of source locations that you want MediaTailor to return in response to the current request. If there are more than MaxResults source locations, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of source locations that you want MediaTailor to return in response to the current request. If there are more than MaxResults source locations, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"maxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListSourceLocations request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"nextToken" } @@ -2530,13 +2677,13 @@ "members":{ "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of VOD sources that you want MediaTailor to return in response to the current request. If there are more than MaxResults VOD sources, use the value of NextToken in the response to get the next page of results.

    ", + "documentation":"

    The maximum number of VOD sources that you want MediaTailor to return in response to the current request. If there are more than MaxResults VOD sources, use the value of NextToken in the response to get the next page of results.

    The default value is 100. MediaTailor uses DynamoDB-based pagination, which means that a response might contain fewer than MaxResults items, including 0 items, even when more results are available. To retrieve all results, you must continue making requests using the NextToken value from each response until the response no longer includes a NextToken value.

    ", "location":"querystring", "locationName":"maxResults" }, "NextToken":{ "shape":"__string", - "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    ", + "documentation":"

    Pagination token returned by the list request when results exceed the maximum allowed. Use the token to fetch the next page of results.

    For the first ListVodSources request, omit this value. For subsequent requests, get the value of NextToken from the previous response and specify that value for NextToken in the request. Continue making requests until the response no longer includes a NextToken value, which indicates that all results have been retrieved.

    ", "location":"querystring", "locationName":"nextToken" }, @@ -2618,14 +2765,29 @@ }, "LogConfiguration":{ "type":"structure", - "required":["PercentEnabled"], + "required":[ + "PercentEnabled", + "EnabledLoggingStrategies" + ], "members":{ "PercentEnabled":{ "shape":"__integer", - "documentation":"

    The percentage of session logs that MediaTailor sends to your Cloudwatch Logs account. For example, if your playback configuration has 1000 sessions and percentEnabled is set to 60, MediaTailor sends logs for 600 of the sessions to CloudWatch Logs. MediaTailor decides at random which of the playback configuration sessions to send logs for. If you want to view logs for a specific session, you can use the debug log mode.

    Valid values: 0 - 100

    " + "documentation":"

    The percentage of session logs that MediaTailor sends to your configured log destination. For example, if your playback configuration has 1000 sessions and percentEnabled is set to 60, MediaTailor sends logs for 600 of the sessions to CloudWatch Logs. MediaTailor decides at random which of the playback configuration sessions to send logs for. If you want to view logs for a specific session, you can use the debug log mode.

    Valid values: 0 - 100

    " + }, + "EnabledLoggingStrategies":{ + "shape":"__listOfLoggingStrategies", + "documentation":"

    The method used for collecting logs from AWS Elemental MediaTailor. LEGACY_CLOUDWATCH indicates that MediaTailor is sending logs directly to Amazon CloudWatch Logs. VENDED_LOGS indicates that MediaTailor is sending logs to CloudWatch, which then vends the logs to your destination of choice. Supported destinations are CloudWatch Logs log group, Amazon S3 bucket, and Amazon Data Firehose stream.

    " + }, + "AdsInteractionLog":{ + "shape":"AdsInteractionLog", + "documentation":"

    Settings for customizing what events are included in logs for interactions with the ad decision server (ADS).

    " + }, + "ManifestServiceInteractionLog":{ + "shape":"ManifestServiceInteractionLog", + "documentation":"

    Settings for customizing what events are included in logs for interactions with the origin server.

    " } }, - "documentation":"

    Returns Amazon CloudWatch log settings for a playback configuration.

    " + "documentation":"

    Defines where AWS Elemental MediaTailor sends logs for the playback configuration.

    " }, "LogConfigurationForChannel":{ "type":"structure", @@ -2645,6 +2807,13 @@ "type":"list", "member":{"shape":"LogType"} }, + "LoggingStrategy":{ + "type":"string", + "enum":[ + "VENDED_LOGS", + "LEGACY_CLOUDWATCH" + ] + }, "Long":{ "type":"long", "box":true @@ -2659,6 +2828,53 @@ }, "documentation":"

    The configuration for manifest processing rules. Manifest processing rules enable customization of the personalized manifests created by MediaTailor.

    " }, + "ManifestServiceExcludeEventType":{ + "type":"string", + "enum":[ + "GENERATED_MANIFEST", + "ORIGIN_MANIFEST", + "SESSION_INITIALIZED", + "TRACKING_RESPONSE", + "CONFIG_SYNTAX_ERROR", + "CONFIG_SECURITY_ERROR", + "UNKNOWN_HOST", + "TIMEOUT_ERROR", + "CONNECTION_ERROR", + "IO_ERROR", + "UNKNOWN_ERROR", + "HOST_DISALLOWED", + "PARSING_ERROR", + "MANIFEST_ERROR", + "NO_MASTER_OR_MEDIA_PLAYLIST", + "NO_MASTER_PLAYLIST", + "NO_MEDIA_PLAYLIST", + "INCOMPATIBLE_HLS_VERSION", + "SCTE35_PARSING_ERROR", + "INVALID_SINGLE_PERIOD_DASH_MANIFEST", + "UNSUPPORTED_SINGLE_PERIOD_DASH_MANIFEST", + "LAST_PERIOD_MISSING_AUDIO", + "LAST_PERIOD_MISSING_AUDIO_WARNING", + "ERROR_ORIGIN_PREFIX_INTERPOLATION", + "ERROR_ADS_INTERPOLATION", + "ERROR_LIVE_PRE_ROLL_ADS_INTERPOLATION", + "ERROR_CDN_AD_SEGMENT_INTERPOLATION", + "ERROR_CDN_CONTENT_SEGMENT_INTERPOLATION", + "ERROR_SLATE_AD_URL_INTERPOLATION", + "ERROR_PROFILE_NAME_INTERPOLATION", + "ERROR_BUMPER_START_INTERPOLATION", + "ERROR_BUMPER_END_INTERPOLATION" + ] + }, + "ManifestServiceInteractionLog":{ + "type":"structure", + "members":{ + "ExcludeEventTypes":{ + "shape":"__manifestServiceExcludeEventTypesList", + "documentation":"

    Indicates that MediaTailor won't emit the selected events in the logs for playback sessions that are initialized with this configuration.

    " + } + }, + "documentation":"

    Settings for customizing what events are included in logs for interactions with the origin server.

    For more information about manifest service logs, including descriptions of the event types, see MediaTailor manifest logs description and event types in Elemental MediaTailor User Guide.

    " + }, "MaxResults":{ "type":"integer", "box":true, @@ -2712,7 +2928,7 @@ }, "ConfigurationAliases":{ "shape":"ConfigurationAliasesResponse", - "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " + "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " }, "DashConfiguration":{ "shape":"DashConfiguration", @@ -2732,7 +2948,7 @@ }, "LogConfiguration":{ "shape":"LogConfiguration", - "documentation":"

    The Amazon CloudWatch log settings for a playback configuration.

    " + "documentation":"

    Defines where AWS Elemental MediaTailor sends logs for the playback configuration.

    " }, "ManifestProcessingRules":{ "shape":"ManifestProcessingRules", @@ -2774,6 +2990,10 @@ "VideoContentSourceUrl":{ "shape":"__string", "documentation":"

    The URL prefix for the parent manifest for the stream, minus the asset ID. The maximum length is 512 characters.

    " + }, + "AdConditioningConfiguration":{ + "shape":"AdConditioningConfiguration", + "documentation":"

    The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

    " } }, "documentation":"

    A playback configuration. For information about MediaTailor configurations, see Working with configurations in AWS Elemental MediaTailor.

    " @@ -2799,10 +3019,10 @@ }, "StartTime":{ "shape":"__timestampUnix", - "documentation":"

    The time when prefetched ads are considered for use in an ad break. If you don't specify StartTime, the prefetched ads are available after MediaTailor retrives them from the ad decision server.

    " + "documentation":"

    The time when prefetched ads are considered for use in an ad break. If you don't specify StartTime, the prefetched ads are available after MediaTailor retrieves them from the ad decision server.

    " } }, - "documentation":"

    A complex type that contains settings that determine how and when that MediaTailor places prefetched ads into upcoming ad breaks.

    " + "documentation":"

    For single prefetch, describes how and when that MediaTailor places prefetched ads into upcoming ad breaks.

    " }, "PrefetchRetrieval":{ "type":"structure", @@ -2819,6 +3039,18 @@ "StartTime":{ "shape":"__timestampUnix", "documentation":"

    The time when prefetch retrievals can start for this break. Ad prefetching will be attempted for manifest requests that occur at or after this time. Defaults to the current time. If not specified, the prefetch retrieval starts as soon as possible.

    " + }, + "TrafficShapingType":{ + "shape":"TrafficShapingType", + "documentation":"

    Indicates the type of traffic shaping used for prefetch traffic shaping and limiting the number of requests to the ADS at one time.

    " + }, + "TrafficShapingRetrievalWindow":{ + "shape":"TrafficShapingRetrievalWindow", + "documentation":"

    Configuration for spreading ADS traffic across a set window instead of sending ADS requests for all sessions at the same time.

    " + }, + "TrafficShapingTpsConfiguration":{ + "shape":"TrafficShapingTpsConfiguration", + "documentation":"

    The configuration for TPS-based traffic shaping that limits the number of requests to the ad decision server (ADS) based on transactions per second instead of time windows.

    " } }, "documentation":"

    A complex type that contains settings governing when MediaTailor prefetches ads, and which dynamic variables that MediaTailor includes in the request to the ad decision server.

    " @@ -2827,10 +3059,8 @@ "type":"structure", "required":[ "Arn", - "Consumption", "Name", - "PlaybackConfigurationName", - "Retrieval" + "PlaybackConfigurationName" ], "members":{ "Arn":{ @@ -2839,7 +3069,7 @@ }, "Consumption":{ "shape":"PrefetchConsumption", - "documentation":"

    Consumption settings determine how, and when, MediaTailor places the prefetched ads into ad breaks. Ad consumption occurs within a span of time that you define, called a consumption window. You can designate which ad breaks that MediaTailor fills with prefetch ads by setting avail matching criteria.

    " + "documentation":"

    Consumption settings determine how, and when, MediaTailor places the prefetched ads into ad breaks for single prefetch schedules. Ad consumption occurs within a span of time that you define, called a consumption window. You can designate which ad breaks that MediaTailor fills with prefetch ads by setting avail matching criteria.

    " }, "Name":{ "shape":"__string", @@ -2853,6 +3083,14 @@ "shape":"PrefetchRetrieval", "documentation":"

    A complex type that contains settings for prefetch retrieval from the ad decision server (ADS).

    " }, + "ScheduleType":{ + "shape":"PrefetchScheduleType", + "documentation":"

    The frequency that MediaTailor creates prefetch schedules. SINGLE indicates that this schedule applies to one ad break. RECURRING indicates that MediaTailor automatically creates a schedule for each ad avail in a live event.

    For more information about the prefetch types and when you might use each, see Prefetching ads in Elemental MediaTailor.

    " + }, + "RecurringPrefetchConfiguration":{ + "shape":"RecurringPrefetchConfiguration", + "documentation":"

    The settings that determine how and when MediaTailor prefetches ads and inserts them into ad breaks.

    " + }, "StreamId":{ "shape":"__string", "documentation":"

    An optional stream identifier that you can specify in order to prefetch for multiple streams that use the same playback configuration.

    " @@ -2860,6 +3098,13 @@ }, "documentation":"

    A prefetch schedule allows you to tell MediaTailor to fetch and prepare certain ads before an ad break happens. For more information about ad prefetching, see Using ad prefetching in the MediaTailor User Guide.

    " }, + "PrefetchScheduleType":{ + "type":"string", + "enum":[ + "SINGLE", + "RECURRING" + ] + }, "PutChannelPolicyRequest":{ "type":"structure", "required":[ @@ -2881,8 +3126,7 @@ }, "PutChannelPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutPlaybackConfigurationRequest":{ "type":"structure", @@ -2906,7 +3150,7 @@ }, "ConfigurationAliases":{ "shape":"ConfigurationAliasesRequest", - "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " + "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " }, "DashConfiguration":{ "shape":"DashConfigurationForPut", @@ -2948,6 +3192,10 @@ "VideoContentSourceUrl":{ "shape":"__string", "documentation":"

    The URL prefix for the parent manifest for the stream, minus the asset ID. The maximum length is 512 characters.

    " + }, + "AdConditioningConfiguration":{ + "shape":"AdConditioningConfiguration", + "documentation":"

    The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

    " } } }, @@ -2972,7 +3220,7 @@ }, "ConfigurationAliases":{ "shape":"ConfigurationAliasesResponse", - "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " + "documentation":"

    The player parameters and aliases used as dynamic variables during session initialization. For more information, see Domain Variables.

    " }, "DashConfiguration":{ "shape":"DashConfiguration", @@ -2992,7 +3240,7 @@ }, "LogConfiguration":{ "shape":"LogConfiguration", - "documentation":"

    The Amazon CloudWatch log settings for a playback configuration.

    " + "documentation":"

    The configuration that defines where AWS Elemental MediaTailor sends logs for the playback configuration.

    " }, "ManifestProcessingRules":{ "shape":"ManifestProcessingRules", @@ -3034,9 +3282,80 @@ "VideoContentSourceUrl":{ "shape":"__string", "documentation":"

    The URL prefix for the parent manifest for the stream, minus the asset ID. The maximum length is 512 characters.

    " + }, + "AdConditioningConfiguration":{ + "shape":"AdConditioningConfiguration", + "documentation":"

    The setting that indicates what conditioning MediaTailor will perform on ads that the ad decision server (ADS) returns, and what priority MediaTailor uses when inserting ads.

    " } } }, + "RecurringConsumption":{ + "type":"structure", + "members":{ + "RetrievedAdExpirationSeconds":{ + "shape":"__integer", + "documentation":"

    The number of seconds that an ad is available for insertion after it was prefetched.

    " + }, + "AvailMatchingCriteria":{ + "shape":"__listOfAvailMatchingCriteria", + "documentation":"

    The configuration for the dynamic variables that determine which ad breaks that MediaTailor inserts prefetched ads in.

    " + } + }, + "documentation":"

    The settings that determine how and when MediaTailor places prefetched ads into upcoming ad breaks for recurring prefetch scedules.

    " + }, + "RecurringPrefetchConfiguration":{ + "type":"structure", + "required":[ + "EndTime", + "RecurringConsumption", + "RecurringRetrieval" + ], + "members":{ + "StartTime":{ + "shape":"__timestampUnix", + "documentation":"

    The start time for the window that MediaTailor prefetches and inserts ads in a live event.

    " + }, + "EndTime":{ + "shape":"__timestampUnix", + "documentation":"

    The end time for the window that MediaTailor prefetches and inserts ads in a live event.

    " + }, + "RecurringConsumption":{ + "shape":"RecurringConsumption", + "documentation":"

    The settings that determine how and when MediaTailor places prefetched ads into upcoming ad breaks for recurring prefetch scedules.

    " + }, + "RecurringRetrieval":{ + "shape":"RecurringRetrieval", + "documentation":"

    The configuration for prefetch ad retrieval from the ADS.

    " + } + }, + "documentation":"

    The configuration that defines how MediaTailor performs recurring prefetch.

    " + }, + "RecurringRetrieval":{ + "type":"structure", + "members":{ + "DynamicVariables":{ + "shape":"__mapOf__string", + "documentation":"

    The dynamic variables to use for substitution during prefetch requests to the ADS.

    " + }, + "DelayAfterAvailEndSeconds":{ + "shape":"__integer", + "documentation":"

    The number of seconds that MediaTailor waits after an ad avail before prefetching ads for the next avail. If not set, the default is 0 (no delay).

    " + }, + "TrafficShapingType":{ + "shape":"TrafficShapingType", + "documentation":"

    Indicates the type of traffic shaping used for traffic shaping and limiting the number of requests to the ADS at one time.

    " + }, + "TrafficShapingRetrievalWindow":{ + "shape":"TrafficShapingRetrievalWindow", + "documentation":"

    Configuration for spreading ADS traffic across a set window instead of sending ADS requests for all sessions at the same time.

    " + }, + "TrafficShapingTpsConfiguration":{ + "shape":"TrafficShapingTpsConfiguration", + "documentation":"

    The configuration for TPS-based traffic shaping that limits the number of requests to the ad decision server (ADS) based on transactions per second instead of time windows.

    " + } + }, + "documentation":"

    With recurring prefetch, MediaTailor automatically prefetches ads for every avail that occurs during the retrieval window. The following configurations describe the MediaTailor behavior when prefetching ads for a live event.

    " + }, "RelativePosition":{ "type":"string", "enum":[ @@ -3136,13 +3455,13 @@ "type":"structure", "required":["Transition"], "members":{ - "ClipRange":{ - "shape":"ClipRange", - "documentation":"

    Program clip range configuration.

    " - }, "Transition":{ "shape":"Transition", "documentation":"

    Program transition configurations.

    " + }, + "ClipRange":{ + "shape":"ClipRange", + "documentation":"

    Program clip range configuration.

    " } }, "documentation":"

    Schedule configuration parameters. A channel must be stopped before changes can be made to the schedule.

    " @@ -3168,10 +3487,6 @@ "shape":"__string", "documentation":"

    The ARN of the program.

    " }, - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in ScheduleEntry.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel that uses this schedule.

    " @@ -3199,6 +3514,10 @@ "VodSourceName":{ "shape":"__string", "documentation":"

    The name of the VOD source.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in ScheduleEntry.

    " } }, "documentation":"

    The properties for a schedule.

    " @@ -3246,25 +3565,25 @@ "SegmentationDescriptor":{ "type":"structure", "members":{ - "SegmentNum":{ - "shape":"Integer", - "documentation":"

    The segment number to assign to the segmentation_descriptor.segment_num message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification Values must be between 0 and 256, inclusive. The default value is 0.

    " - }, "SegmentationEventId":{ "shape":"Integer", "documentation":"

    The Event Identifier to assign to the segmentation_descriptor.segmentation_event_id message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. The default value is 1.

    " }, - "SegmentationTypeId":{ + "SegmentationUpidType":{ "shape":"Integer", - "documentation":"

    The Type Identifier to assign to the segmentation_descriptor.segmentation_type_id message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. Values must be between 0 and 256, inclusive. The default value is 48.

    " + "documentation":"

    The Upid Type to assign to the segmentation_descriptor.segmentation_upid_type message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. Values must be between 0 and 256, inclusive. The default value is 14.

    " }, "SegmentationUpid":{ "shape":"String", "documentation":"

    The Upid to assign to the segmentation_descriptor.segmentation_upid message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. The value must be a hexadecimal string containing only the characters 0 though 9 and A through F. The default value is \"\" (an empty string).

    " }, - "SegmentationUpidType":{ + "SegmentationTypeId":{ "shape":"Integer", - "documentation":"

    The Upid Type to assign to the segmentation_descriptor.segmentation_upid_type message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. Values must be between 0 and 256, inclusive. The default value is 14.

    " + "documentation":"

    The Type Identifier to assign to the segmentation_descriptor.segmentation_type_id message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification. Values must be between 0 and 256, inclusive. The default value is 48.

    " + }, + "SegmentNum":{ + "shape":"Integer", + "documentation":"

    The segment number to assign to the segmentation_descriptor.segment_num message, as defined in section 10.3.3.1 of the 2022 SCTE-35 specification Values must be between 0 and 256, inclusive. The default value is 0.

    " }, "SegmentsExpected":{ "shape":"Integer", @@ -3383,8 +3702,7 @@ }, "StartChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopChannelRequest":{ "type":"structure", @@ -3400,8 +3718,14 @@ }, "StopChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} + }, + "StreamingMediaFileConditioning":{ + "type":"string", + "enum":[ + "TRANSCODE", + "NONE" + ] }, "String":{"type":"string"}, "TagResourceRequest":{ @@ -3452,6 +3776,37 @@ }, "documentation":"

    The SCTE-35 time_signal message can be sent with one or more segmentation_descriptor messages. A time_signal message can be sent only if a single segmentation_descriptor message is sent.

    The time_signal message contains only the splice_time field which is constructed using a given presentation timestamp. When sending a time_signal message, the splice_command_type field in the splice_info_section message is set to 6 (0x06).

    See the time_signal() table of the 2022 SCTE-35 specification for more information.

    " }, + "TrafficShapingRetrievalWindow":{ + "type":"structure", + "members":{ + "RetrievalWindowDurationSeconds":{ + "shape":"__integer", + "documentation":"

    The amount of time, in seconds, that MediaTailor spreads prefetch requests to the ADS.

    " + } + }, + "documentation":"

    The configuration that tells Elemental MediaTailor how to spread out requests to the ad decision server (ADS). Instead of sending ADS requests for all sessions at the same time, MediaTailor spreads the requests across the amount of time specified in the retrieval window.

    " + }, + "TrafficShapingTpsConfiguration":{ + "type":"structure", + "members":{ + "PeakTps":{ + "shape":"__integer", + "documentation":"

    The maximum number of transactions per second (TPS) that your ad decision server (ADS) can handle. MediaTailor uses this value along with concurrent users and headroom multiplier to calculate optimal traffic distribution and prevent ADS overload.

    " + }, + "PeakConcurrentUsers":{ + "shape":"__integer", + "documentation":"

    The expected peak number of concurrent viewers for your content. MediaTailor uses this value along with peak TPS to determine how to distribute prefetch requests across the available capacity without exceeding your ADS limits.

    " + } + }, + "documentation":"

    The configuration for TPS-based traffic shaping. This approach limits requests to the ad decision server (ADS) based on transactions per second and concurrent users, providing more intuitive capacity management compared to time-window based traffic shaping.

    " + }, + "TrafficShapingType":{ + "type":"string", + "enum":[ + "RETRIEVAL_WINDOW", + "TPS" + ] + }, "Transition":{ "type":"structure", "required":[ @@ -3517,10 +3872,6 @@ "Outputs" ], "members":{ - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel.

    ", @@ -3538,6 +3889,10 @@ "TimeShiftConfiguration":{ "shape":"TimeShiftConfiguration", "documentation":"

    The time-shifted viewing configuration you want to associate to the channel.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } } }, @@ -3548,10 +3903,6 @@ "shape":"__string", "documentation":"

    The Amazon Resource Name (ARN) associated with the channel.

    " }, - "Audiences":{ - "shape":"Audiences", - "documentation":"

    The list of audiences defined in channel.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel.

    " @@ -3592,6 +3943,10 @@ "TimeShiftConfiguration":{ "shape":"TimeShiftConfiguration", "documentation":"

    The time-shifted viewing configuration for the channel.

    " + }, + "Audiences":{ + "shape":"Audiences", + "documentation":"

    The list of audiences defined in channel.

    " } } }, @@ -3667,10 +4022,6 @@ "shape":"__listOfAdBreak", "documentation":"

    The ad break configuration settings.

    " }, - "AudienceMedia":{ - "shape":"__listOfAudienceMedia", - "documentation":"

    The list of AudienceMedia defined in program.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name of the channel for this Program.

    ", @@ -3686,6 +4037,10 @@ "ScheduleConfiguration":{ "shape":"UpdateProgramScheduleConfiguration", "documentation":"

    The schedule configuration settings.

    " + }, + "AudienceMedia":{ + "shape":"__listOfAudienceMedia", + "documentation":"

    The list of AudienceMedia defined in program.

    " } } }, @@ -3700,38 +4055,18 @@ "shape":"__string", "documentation":"

    The ARN to assign to the program.

    " }, - "AudienceMedia":{ - "shape":"__listOfAudienceMedia", - "documentation":"

    The list of AudienceMedia defined in program.

    " - }, "ChannelName":{ "shape":"__string", "documentation":"

    The name to assign to the channel for this program.

    " }, - "ClipRange":{ - "shape":"ClipRange", - "documentation":"

    The clip range configuration settings.

    " - }, "CreationTime":{ "shape":"__timestampUnix", "documentation":"

    The time the program was created.

    " }, - "DurationMillis":{ - "shape":"__long", - "documentation":"

    The duration of the live program in milliseconds.

    " - }, - "LiveSourceName":{ - "shape":"__string", - "documentation":"

    The name of the LiveSource for this Program.

    " - }, "ProgramName":{ "shape":"__string", "documentation":"

    The name to assign to this program.

    " }, - "ScheduledStartTime":{ - "shape":"__timestampUnix", - "documentation":"

    The scheduled start time for this Program.

    " - }, "SourceLocationName":{ "shape":"__string", "documentation":"

    The name to assign to the source location for this program.

    " @@ -3739,19 +4074,39 @@ "VodSourceName":{ "shape":"__string", "documentation":"

    The name that's used to refer to a VOD source.

    " + }, + "LiveSourceName":{ + "shape":"__string", + "documentation":"

    The name of the LiveSource for this Program.

    " + }, + "ClipRange":{ + "shape":"ClipRange", + "documentation":"

    The clip range configuration settings.

    " + }, + "DurationMillis":{ + "shape":"__long", + "documentation":"

    The duration of the live program in milliseconds.

    " + }, + "ScheduledStartTime":{ + "shape":"__timestampUnix", + "documentation":"

    The scheduled start time for this Program.

    " + }, + "AudienceMedia":{ + "shape":"__listOfAudienceMedia", + "documentation":"

    The list of AudienceMedia defined in program.

    " } } }, "UpdateProgramScheduleConfiguration":{ "type":"structure", "members":{ - "ClipRange":{ - "shape":"ClipRange", - "documentation":"

    Program clip range configuration.

    " - }, "Transition":{ "shape":"UpdateProgramTransition", "documentation":"

    Program transition configuration.

    " + }, + "ClipRange":{ + "shape":"ClipRange", + "documentation":"

    Program clip range configuration.

    " } }, "documentation":"

    Schedule configuration parameters.

    " @@ -3759,13 +4114,13 @@ "UpdateProgramTransition":{ "type":"structure", "members":{ - "DurationMillis":{ - "shape":"__long", - "documentation":"

    The duration of the live program in seconds.

    " - }, "ScheduledStartTimeMillis":{ "shape":"__long", "documentation":"

    The date and time that the program is scheduled to start, in epoch milliseconds.

    " + }, + "DurationMillis":{ + "shape":"__long", + "documentation":"

    The duration of the live program in seconds.

    " } }, "documentation":"

    Program transition configuration.

    " @@ -3944,6 +4299,14 @@ }, "documentation":"

    VOD source configuration parameters.

    " }, + "__adsInteractionExcludeEventTypesList":{ + "type":"list", + "member":{"shape":"AdsInteractionExcludeEventType"} + }, + "__adsInteractionPublishOptInEventTypesList":{ + "type":"list", + "member":{"shape":"AdsInteractionPublishOptInEventType"} + }, "__boolean":{ "type":"boolean", "box":true @@ -3991,6 +4354,10 @@ "type":"list", "member":{"shape":"LiveSource"} }, + "__listOfLoggingStrategies":{ + "type":"list", + "member":{"shape":"LoggingStrategy"} + }, "__listOfPlaybackConfiguration":{ "type":"list", "member":{"shape":"PlaybackConfiguration"} @@ -4027,6 +4394,10 @@ "type":"long", "box":true }, + "__manifestServiceExcludeEventTypesList":{ + "type":"list", + "member":{"shape":"ManifestServiceExcludeEventType"} + }, "__mapOf__string":{ "type":"map", "key":{"shape":"__string"}, diff -pruN 2.23.6-1/awscli/botocore/data/medical-imaging/2023-07-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/medical-imaging/2023-07-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/medical-imaging/2023-07-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/medical-imaging/2023-07-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/medical-imaging/2023-07-19/service-2.json 2.31.35-1/awscli/botocore/data/medical-imaging/2023-07-19/service-2.json --- 2.23.6-1/awscli/botocore/data/medical-imaging/2023-07-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/medical-imaging/2023-07-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -49,6 +49,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"

    Create a data store.

    ", @@ -112,7 +113,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Get the import job properties to learn more about the job or job progress.

    The jobStatus refers to the execution of the import job. Therefore, an import job can return a jobStatus as COMPLETED even if validation issues are discovered during the import process. If a jobStatus returns as COMPLETED, we still recommend you review the output manifests written to S3, as they provide details on the success or failure of individual P10 object imports.

    " + "documentation":"

    Get the import job properties to learn more about the job or job progress.

    The jobStatus refers to the execution of the import job. Therefore, an import job can return a jobStatus as COMPLETED even if validation issues are discovered during the import process. If a jobStatus returns as COMPLETED, we still recommend you review the output manifests written to S3, as they provide details on the success or failure of individual P10 object imports.

    ", + "readonly":true }, "GetDatastore":{ "name":"GetDatastore", @@ -130,7 +132,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Get data store properties.

    " + "documentation":"

    Get data store properties.

    ", + "readonly":true }, "GetImageFrame":{ "name":"GetImageFrame", @@ -150,7 +153,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Get an image frame (pixel data) for an image set.

    ", - "endpoint":{"hostPrefix":"runtime-"} + "endpoint":{"hostPrefix":"runtime-"}, + "readonly":true }, "GetImageSet":{ "name":"GetImageSet", @@ -170,7 +174,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Get image set properties.

    ", - "endpoint":{"hostPrefix":"runtime-"} + "endpoint":{"hostPrefix":"runtime-"}, + "readonly":true }, "GetImageSetMetadata":{ "name":"GetImageSetMetadata", @@ -190,7 +195,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Get metadata attributes for an image set.

    ", - "endpoint":{"hostPrefix":"runtime-"} + "endpoint":{"hostPrefix":"runtime-"}, + "readonly":true }, "ListDICOMImportJobs":{ "name":"ListDICOMImportJobs", @@ -209,7 +215,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    List import jobs created for a specific data store.

    " + "documentation":"

    List import jobs created for a specific data store.

    ", + "readonly":true }, "ListDatastores":{ "name":"ListDatastores", @@ -226,7 +233,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List data stores.

    " + "documentation":"

    List data stores.

    ", + "readonly":true }, "ListImageSetVersions":{ "name":"ListImageSetVersions", @@ -246,7 +254,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    List image set versions.

    ", - "endpoint":{"hostPrefix":"runtime-"} + "endpoint":{"hostPrefix":"runtime-"}, + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -264,7 +273,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Lists all tags associated with a medical imaging resource.

    " + "documentation":"

    Lists all tags associated with a medical imaging resource.

    ", + "readonly":true }, "SearchImageSets":{ "name":"SearchImageSets", @@ -517,9 +527,15 @@ }, "force":{ "shape":"Boolean", - "documentation":"

    Setting this flag will force the CopyImageSet operation, even if Patient, Study, or Series level metadata are mismatched across the sourceImageSet and destinationImageSet.

    ", + "documentation":"

    Providing this parameter will force completion of the CopyImageSet operation, even if there are inconsistent Patient, Study, and/or Series level metadata elements between the sourceImageSet and destinationImageSet.

    ", "location":"querystring", "locationName":"force" + }, + "promoteToPrimary":{ + "shape":"Boolean", + "documentation":"

    Providing this parameter will configure the CopyImageSet operation to promote the given image set to the primary DICOM hierarchy. If successful, a new primary image set ID will be returned as the destination image set.

    ", + "location":"querystring", + "locationName":"promoteToPrimary" } }, "payload":"copyImageSetInformation" @@ -619,6 +635,14 @@ "kmsKeyArn":{ "shape":"KmsKeyArn", "documentation":"

    The Amazon Resource Name (ARN) assigned to the Key Management Service (KMS) key for accessing encrypted data.

    " + }, + "lambdaAuthorizerArn":{ + "shape":"LambdaArn", + "documentation":"

    The ARN of the authorizer's Lambda function.

    " + }, + "losslessStorageFormat":{ + "shape":"LosslessStorageFormat", + "documentation":"

    The lossless storage format for the datastore.

    " } } }, @@ -756,7 +780,7 @@ }, "DICOMNumberOfStudyRelatedInstances":{ "type":"integer", - "max":10000, + "max":1000000, "min":0 }, "DICOMNumberOfStudyRelatedSeries":{ @@ -798,7 +822,7 @@ "type":"string", "max":256, "min":0, - "pattern":"(?:[0-9][0-9]*|0)(\\.(?:[1-9][0-9]*|0))*", + "pattern":"(?:[0-9][0-9]*|0)(\\.(?:[0-9][0-9]*|0))*", "sensitive":true }, "DICOMSeriesModality":{ @@ -837,13 +861,13 @@ }, "DICOMStudyDescription":{ "type":"string", - "max":64, + "max":256, "min":0, "sensitive":true }, "DICOMStudyId":{ "type":"string", - "max":16, + "max":256, "min":0, "sensitive":true }, @@ -851,7 +875,7 @@ "type":"string", "max":256, "min":0, - "pattern":"(?:[0-9][0-9]*|0)(\\.(?:[1-9][0-9]*|0))*", + "pattern":"(?:[0-9][0-9]*|0)(\\.(?:[0-9][0-9]*|0))*", "sensitive":true }, "DICOMStudyTime":{ @@ -978,6 +1002,14 @@ "shape":"KmsKeyArn", "documentation":"

    The Amazon Resource Name (ARN) assigned to the Key Management Service (KMS) key for accessing encrypted data.

    " }, + "lambdaAuthorizerArn":{ + "shape":"LambdaArn", + "documentation":"

    The ARN of the authorizer's Lambda function.

    " + }, + "losslessStorageFormat":{ + "shape":"LosslessStorageFormat", + "documentation":"

    The datastore's lossless storage format.

    " + }, "datastoreArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) for the data store.

    " @@ -1210,7 +1242,7 @@ }, "contentType":{ "shape":"String", - "documentation":"

    The format in which the image frame information is returned to the customer. Default is application/octet-stream.

    ", + "documentation":"

    The format in which the image frame information is returned to the customer. Default is application/octet-stream.

    • If the stored transfer syntax is 1.2.840.10008.1.2.1, the returned contentType is application/octet-stream.

    • If the stored transfer syntax is 1.2.840.10008.1.2.4.50, the returned contentType is image/jpeg.

    • If the stored transfer syntax is 1.2.840.10008.1.2.4.91, the returned contentType is image/j2c.

    • If the stored transfer syntax is MPEG2, 1.2.840.10008.1.2.4.100, 1.2.840.10008.1.2.4.100.1, 1.2.840.10008.1.2.4.101, or 1.2.840.10008.1.2.4.101.1, the returned contentType is video/mpeg.

    • If the stored transfer syntax is MPEG-4 AVC/H.264, UID 1.2.840.10008.1.2.4.102, 1.2.840.10008.1.2.4.102.1, 1.2.840.10008.1.2.4.103, 1.2.840.10008.1.2.4.103.1, 1.2.840.10008.1.2.4.104, 1.2.840.10008.1.2.4.104.1, 1.2.840.10008.1.2.4.105, 1.2.840.10008.1.2.4.105.1, 1.2.840.10008.1.2.4.106, or 1.2.840.10008.1.2.4.106.1, the returned contentType is video/mp4.

    • If the stored transfer syntax is HEVC/H.265, UID 1.2.840.10008.1.2.4.107 or 1.2.840.10008.1.2.4.108, the returned contentType is video/H256.

    • If the stored transfer syntax is 1.2.840.10008.1.2.4.202 or if the stored transfer syntax is missing, the returned contentType is image/jph.

    • If the stored transfer syntax is 1.2.840.10008.1.2.4.203, the returned contentType is image/jphc.

    ", "location":"header", "locationName":"Content-Type" } @@ -1346,6 +1378,18 @@ "overrides":{ "shape":"Overrides", "documentation":"

    This object contains the details of any overrides used while creating a specific image set version. If an image set was copied or updated using the force flag, this object will contain the forced flag.

    " + }, + "isPrimary":{ + "shape":"Boolean", + "documentation":"

    The flag to determine whether the image set is primary or not.

    " + }, + "lastAccessedAt":{ + "shape":"Date", + "documentation":"

    When the image set was last accessed.

    " + }, + "storageTier":{ + "shape":"StorageTier", + "documentation":"

    The storage tier of the image set.

    " } } }, @@ -1419,6 +1463,10 @@ "overrides":{ "shape":"Overrides", "documentation":"

    Contains details on overrides used when creating the returned version of an image set. For example, if forced exists, the forced flag was used when creating the image set.

    " + }, + "isPrimary":{ + "shape":"Boolean", + "documentation":"

    The flag to determine whether the image set is primary or not.

    " } }, "documentation":"

    The image set properties.

    " @@ -1447,7 +1495,10 @@ "UPDATED", "UPDATE_FAILED", "DELETING", - "DELETED" + "DELETED", + "IMPORTING", + "IMPORTED", + "IMPORT_FAILED" ] }, "ImageSetsMetadataSummaries":{ @@ -1474,9 +1525,21 @@ "shape":"Date", "documentation":"

    The time an image set was last updated.

    " }, + "lastAccessedAt":{ + "shape":"Date", + "documentation":"

    When the image set was last accessed.

    " + }, + "storageTier":{ + "shape":"StorageTier", + "documentation":"

    The image set's storage tier.

    " + }, "DICOMTags":{ "shape":"DICOMTags", "documentation":"

    The DICOM tags associated with the image set.

    " + }, + "isPrimary":{ + "shape":"Boolean", + "documentation":"

    The flag to determine whether the image set is primary or not.

    " } }, "documentation":"

    Summary of the image set metadata.

    " @@ -1524,6 +1587,10 @@ "min":1, "pattern":"arn:aws[a-zA-Z-]{0,16}:kms:[a-z]{2}(-[a-z]{1,16}){1,3}-\\d{1}:\\d{12}:((key/[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})|(alias/[a-zA-Z0-9:/_-]{1,256}))" }, + "LambdaArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?" + }, "ListDICOMImportJobsRequest":{ "type":"structure", "required":["datastoreId"], @@ -1691,6 +1758,13 @@ } } }, + "LosslessStorageFormat":{ + "type":"string", + "enum":[ + "HTJ2K", + "JPEG_2000_LOSSLESS" + ] + }, "Message":{ "type":"string", "max":2048, @@ -1741,7 +1815,7 @@ "members":{ "forced":{ "shape":"Boolean", - "documentation":"

    Setting this flag will force the CopyImageSet and UpdateImageSetMetadata operations, even if Patient, Study, or Series level metadata are mismatched.

    " + "documentation":"

    Providing this parameter will force completion of the CopyImageSet and UpdateImageSetMetadata actions, even if metadata is inconsistent at the Patient, Study, and/or Series levels.

    " } }, "documentation":"

    Specifies the overrides used in image set modification calls to CopyImageSet and UpdateImageSetMetadata.

    " @@ -1809,6 +1883,10 @@ "DICOMStudyDateAndTime":{ "shape":"DICOMStudyDateAndTime", "documentation":"

    The aggregated structure containing DICOM study date and study time for search.

    " + }, + "isPrimary":{ + "shape":"Boolean", + "documentation":"

    The primary image set flag provided for search.

    " } }, "documentation":"

    The search input attribute value.

    ", @@ -2028,6 +2106,14 @@ } } }, + "StorageTier":{ + "type":"string", + "documentation":"

    Storage tier for image sets

    ", + "enum":[ + "FREQUENT_ACCESS", + "ARCHIVE_INSTANT_ACCESS" + ] + }, "String":{"type":"string"}, "TagKey":{ "type":"string", @@ -2067,8 +2153,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2111,8 +2196,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateImageSetMetadataRequest":{ "type":"structure", @@ -2211,5 +2295,5 @@ "exception":true } }, - "documentation":"

    This is the AWS HealthImaging API Reference. AWS HealthImaging is a HIPAA eligible service that empowers healthcare providers, life science organizations, and their software partners to store, analyze, and share medical images in the cloud at petabyte scale. For an introduction to the service, see the AWS HealthImaging Developer Guide .

    We recommend using one of the AWS Software Development Kits (SDKs) for your programming language, as they take care of request authentication, serialization, and connection management. For more information, see Tools to build on AWS.

    The following sections list AWS HealthImaging API actions categorized according to functionality. Links are provided to actions within this Reference, along with links back to corresponding sections in the AWS HealthImaging Developer Guide where you can view tested code examples.

    Data store actions

    Import job actions

    Image set access actions

    Image set modification actions

    Tagging actions

    " + "documentation":"

    This is the AWS HealthImaging API Reference. For an introduction to the service, see What is AWS HealthImaging? in the AWS HealthImaging Developer Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/memorydb/2021-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/memorydb/2021-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/memorydb/2021-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/memorydb/2021-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/memorydb/2021-01-01/service-2.json 2.31.35-1/awscli/botocore/data/memorydb/2021-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/memorydb/2021-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/memorydb/2021-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -381,6 +381,38 @@ ], "documentation":"

    Returns details about one or more multi-Region clusters.

    " }, + "DescribeMultiRegionParameterGroups":{ + "name":"DescribeMultiRegionParameterGroups", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMultiRegionParameterGroupsRequest"}, + "output":{"shape":"DescribeMultiRegionParameterGroupsResponse"}, + "errors":[ + {"shape":"MultiRegionParameterGroupNotFoundFault"}, + {"shape":"ServiceLinkedRoleNotFoundFault"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InvalidParameterCombinationException"} + ], + "documentation":"

    Returns a list of multi-region parameter groups.

    " + }, + "DescribeMultiRegionParameters":{ + "name":"DescribeMultiRegionParameters", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMultiRegionParametersRequest"}, + "output":{"shape":"DescribeMultiRegionParametersResponse"}, + "errors":[ + {"shape":"MultiRegionParameterGroupNotFoundFault"}, + {"shape":"ServiceLinkedRoleNotFoundFault"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InvalidParameterCombinationException"} + ], + "documentation":"

    Returns the detailed parameter list for a particular multi-region parameter group.

    " + }, "DescribeParameterGroups":{ "name":"DescribeParameterGroups", "http":{ @@ -575,7 +607,7 @@ {"shape":"MultiRegionClusterNotFoundFault"}, {"shape":"MultiRegionParameterGroupNotFoundFault"} ], - "documentation":"

    Lists all tags currently on a named resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track your MemoryDB resources. For more information, see Tagging your MemoryDB resources.

    " + "documentation":"

    Lists all tags currently on a named resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track your MemoryDB resources. For more information, see Tagging your MemoryDB resources.

    When you add or remove tags from multi region clusters, you might not immediately see the latest effective tags in the ListTags API response due to it being eventually consistent specifically for multi region clusters. For more information, see Tagging your MemoryDB resources.

    " }, "PurchaseReservedNodesOffering":{ "name":"PurchaseReservedNodesOffering", @@ -636,7 +668,7 @@ {"shape":"ServiceLinkedRoleNotFoundFault"}, {"shape":"InvalidParameterValueException"} ], - "documentation":"

    A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track all your MemoryDB resources. When you add or remove tags on clusters, those actions will be replicated to all nodes in the cluster. For more information, see Resource-level permissions.

    For example, you can use cost-allocation tags to your MemoryDB resources, Amazon generates a cost allocation report as a comma-separated value (CSV) file with your usage and costs aggregated by your tags. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. For more information, see Using Cost Allocation Tags.

    " + "documentation":"

    Use this operation to add tags to a resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track all your MemoryDB resources. For more information, see Tagging your MemoryDB resources.

    When you add tags to multi region clusters, you might not immediately see the latest effective tags in the ListTags API response due to it being eventually consistent specifically for multi region clusters. For more information, see Tagging your MemoryDB resources.

    You can specify cost-allocation tags for your MemoryDB resources, Amazon generates a cost allocation report as a comma-separated value (CSV) file with your usage and costs aggregated by your tags. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. For more information, see Using Cost Allocation Tags.

    " }, "UntagResource":{ "name":"UntagResource", @@ -661,7 +693,7 @@ {"shape":"MultiRegionClusterNotFoundFault"}, {"shape":"MultiRegionParameterGroupNotFoundFault"} ], - "documentation":"

    Use this operation to remove tags on a resource.

    " + "documentation":"

    Use this operation to remove tags on a resource. A tag is a key-value pair where the key and value are case-sensitive. You can use tags to categorize and track all your MemoryDB resources. For more information, see Tagging your MemoryDB resources.

    When you remove tags from multi region clusters, you might not immediately see the latest effective tags in the ListTags API response due to it being eventually consistent specifically for multi region clusters. For more information, see Tagging your MemoryDB resources.

    You can specify cost-allocation tags for your MemoryDB resources, Amazon generates a cost allocation report as a comma-separated value (CSV) file with your usage and costs aggregated by your tags. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. For more information, see Using Cost Allocation Tags.

    " }, "UpdateACL":{ "name":"UpdateACL", @@ -816,9 +848,8 @@ }, "ACLAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    An ACL with the specified name already exists.

    ", "exception":true }, "ACLClusterNameList":{ @@ -840,9 +871,8 @@ }, "ACLNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified ACL does not exist.

    ", "exception":true }, "ACLPendingChanges":{ @@ -861,9 +891,8 @@ }, "ACLQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of ACLs allowed.

    ", "exception":true }, "ACLsUpdateStatus":{ @@ -878,9 +907,8 @@ }, "APICallRateForCustomerExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The customer has exceeded the maximum number of API requests allowed per time period.

    ", "exception":true }, "AZStatus":{ @@ -1084,15 +1112,22 @@ "DataTiering":{ "shape":"DataTieringStatus", "documentation":"

    Enables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. For more information, see Data tiering.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    The IP address type for the cluster. Returns 'ipv4' for IPv4 only, 'ipv6' for IPv6 only, or 'dual-stack' if the cluster supports both IPv4 and IPv6 addressing.

    " + }, + "IpDiscovery":{ + "shape":"IpDiscovery", + "documentation":"

    The mechanism that the cluster uses to discover IP addresses. Returns 'ipv4' when DNS endpoints resolve to IPv4 addresses, or 'ipv6' when DNS endpoints resolve to IPv6 addresses.

    " } }, "documentation":"

    Contains all of the attributes of a specific cluster.

    " }, "ClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A cluster with the specified name already exists.

    ", "exception":true }, "ClusterConfiguration":{ @@ -1180,9 +1215,8 @@ }, "ClusterNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified cluster does not exist.

    ", "exception":true }, "ClusterPendingUpdates":{ @@ -1205,9 +1239,8 @@ }, "ClusterQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of clusters allowed for this customer.

    ", "exception":true }, "CopySnapshotRequest":{ @@ -1378,6 +1411,14 @@ "DataTiering":{ "shape":"BooleanOptional", "documentation":"

    Enables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. For more information, see Data tiering.

    " + }, + "NetworkType":{ + "shape":"NetworkType", + "documentation":"

    Specifies the IP address type for the cluster. Valid values are 'ipv4', 'ipv6', or 'dual_stack'. When set to 'ipv4', the cluster will only be accessible via IPv4 addresses. When set to 'ipv6', the cluster will only be accessible via IPv6 addresses. When set to 'dual_stack', the cluster will be accessible via both IPv4 and IPv6 addresses. If not specified, the default is 'ipv4'.

    " + }, + "IpDiscovery":{ + "shape":"IpDiscovery", + "documentation":"

    The mechanism for discovering IP addresses for the cluster discovery protocol. Valid values are 'ipv4' or 'ipv6'. When set to 'ipv4', cluster discovery functions such as cluster slots, cluster shards, and cluster nodes return IPv4 addresses for cluster nodes. When set to 'ipv6', the cluster discovery functions return IPv6 addresses for cluster nodes. The value must be compatible with the NetworkType parameter. If not specified, the default is 'ipv4'.

    " } } }, @@ -1399,7 +1440,7 @@ "members":{ "MultiRegionClusterNameSuffix":{ "shape":"String", - "documentation":"

    A suffix to be added to the multi-Region cluster name.

    " + "documentation":"

    A suffix to be added to the Multi-Region cluster name. Amazon MemoryDB automatically applies a prefix to the Multi-Region cluster Name when it is created. Each Amazon Region has its own prefix. For instance, a Multi-Region cluster Name created in the US-West-1 region will begin with \"virxk\", along with the suffix name you provide. The suffix guarantees uniqueness of the Multi-Region cluster name across multiple regions.

    " }, "Description":{ "shape":"String", @@ -1590,9 +1631,8 @@ }, "DefaultUserRequired":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A default user is required and must be specified.

    ", "exception":true }, "DeleteACLRequest":{ @@ -1922,6 +1962,71 @@ } } }, + "DescribeMultiRegionParameterGroupsRequest":{ + "type":"structure", + "members":{ + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"

    The request for information on a specific multi-region parameter group.

    " + }, + "MaxResults":{ + "shape":"IntegerOptional", + "documentation":"

    The maximum number of records to include in the response. If more records exist than the specified MaxResults value, a token is included in the response so that the remaining results can be retrieved.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    An optional token returned from a prior request. Use this token for pagination of results from this action. If this parameter is specified, the response includes only results beyond the token, up to the value specified by MaxResults.

    " + } + } + }, + "DescribeMultiRegionParameterGroupsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    An optional token to include in the response. If this token is provided, the response includes only results beyond the token, up to the value specified by MaxResults.

    " + }, + "MultiRegionParameterGroups":{ + "shape":"MultiRegionParameterGroupList", + "documentation":"

    A list of multi-region parameter groups. Each element in the list contains detailed information about one parameter group.

    " + } + } + }, + "DescribeMultiRegionParametersRequest":{ + "type":"structure", + "required":["MultiRegionParameterGroupName"], + "members":{ + "MultiRegionParameterGroupName":{ + "shape":"String", + "documentation":"

    The name of the multi-region parameter group to return details for.

    " + }, + "Source":{ + "shape":"String", + "documentation":"

    The parameter types to return. Valid values: user | system | engine-default

    " + }, + "MaxResults":{ + "shape":"IntegerOptional", + "documentation":"

    The maximum number of records to include in the response. If more records exist than the specified MaxResults value, a token is included in the response so that the remaining results can be retrieved.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    An optional token returned from a prior request. Use this token for pagination of results from this action. If this parameter is specified, the response includes only results beyond the token, up to the value specified by MaxResults.

    " + } + } + }, + "DescribeMultiRegionParametersResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    An optional token to include in the response. If this token is provided, the response includes only results beyond the token, up to the value specified by MaxResults.

    " + }, + "MultiRegionParameters":{ + "shape":"MultiRegionParametersList", + "documentation":"

    A list of parameters specific to a particular multi-region parameter group. Each element in the list contains detailed information about one parameter.

    " + } + } + }, "DescribeParameterGroupsRequest":{ "type":"structure", "members":{ @@ -2218,9 +2323,8 @@ "Double":{"type":"double"}, "DuplicateUserNameFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A user with the specified name already exists.

    ", "exception":true }, "Endpoint":{ @@ -2359,60 +2463,52 @@ }, "InsufficientClusterCapacityFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The cluster does not have sufficient capacity to perform the requested operation.

    ", "exception":true }, "Integer":{"type":"integer"}, "IntegerOptional":{"type":"integer"}, "InvalidACLStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The ACL is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidARNFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified Amazon Resource Name (ARN) is not valid.

    ", "exception":true }, "InvalidClusterStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The cluster is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidCredentialsException":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The provided credentials are not valid.

    ", "exception":true }, "InvalidKMSKeyFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified KMS key is not valid or accessible.

    ", "exception":true }, "InvalidMultiRegionClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation cannot be performed on the multi-Region cluster in its current state.

    ", "exception":true }, "InvalidNodeStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The node is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidParameterCombinationException":{ @@ -2420,15 +2516,14 @@ "members":{ "message":{"shape":"AwsQueryErrorMessage"} }, - "documentation":"

    ", + "documentation":"

    The specified parameter combination is not valid.

    ", "exception":true, "synthetic":true }, "InvalidParameterGroupStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The parameter group is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidParameterValueException":{ @@ -2436,38 +2531,41 @@ "members":{ "message":{"shape":"AwsQueryErrorMessage"} }, - "documentation":"

    ", + "documentation":"

    The specified parameter value is not valid.

    ", "exception":true, "synthetic":true }, "InvalidSnapshotStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The snapshot is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified subnet is not valid.

    ", "exception":true }, "InvalidUserStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The user is not in a valid state for the requested operation.

    ", "exception":true }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The VPC network is not in a valid state for the requested operation.

    ", "exception":true }, + "IpDiscovery":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6" + ] + }, "KeyList":{ "type":"list", "member":{"shape":"String"} @@ -2593,8 +2691,7 @@ }, "MultiRegionClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A multi-Region cluster with the specified name already exists.

    ", "exception":true }, @@ -2604,23 +2701,96 @@ }, "MultiRegionClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified multi-Region cluster does not exist.

    ", "exception":true }, - "MultiRegionParameterGroupNotFoundFault":{ + "MultiRegionParameter":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    The name of the parameter.

    " + }, + "Value":{ + "shape":"String", + "documentation":"

    The value of the parameter.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the parameter.

    " + }, + "Source":{ + "shape":"String", + "documentation":"

    Indicates the source of the parameter value. Valid values: user | system | engine-default

    " + }, + "DataType":{ + "shape":"String", + "documentation":"

    The valid data type for the parameter.

    " + }, + "AllowedValues":{ + "shape":"String", + "documentation":"

    The valid range of values for the parameter.

    " + }, + "MinimumEngineVersion":{ + "shape":"String", + "documentation":"

    The earliest engine version to which the parameter can apply.

    " + } + }, + "documentation":"

    Describes an individual setting that controls some aspect of MemoryDB behavior across multiple regions.

    " + }, + "MultiRegionParameterGroup":{ "type":"structure", "members":{ + "Name":{ + "shape":"String", + "documentation":"

    The name of the multi-region parameter group.

    " + }, + "Family":{ + "shape":"String", + "documentation":"

    The name of the parameter group family that this multi-region parameter group is compatible with.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of the multi-region parameter group.

    " + }, + "ARN":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the multi-region parameter group.

    " + } }, + "documentation":"

    Represents the output of a CreateMultiRegionParameterGroup operation. A multi-region parameter group represents a collection of parameters that can be applied to clusters across multiple regions.

    " + }, + "MultiRegionParameterGroupList":{ + "type":"list", + "member":{"shape":"MultiRegionParameterGroup"} + }, + "MultiRegionParameterGroupNotFoundFault":{ + "type":"structure", + "members":{}, "documentation":"

    The specified multi-Region parameter group does not exist.

    ", "exception":true }, + "MultiRegionParametersList":{ + "type":"list", + "member":{"shape":"MultiRegionParameter"} + }, + "NetworkType":{ + "type":"string", + "enum":[ + "ipv4", + "ipv6", + "dual_stack" + ] + }, + "NetworkTypeList":{ + "type":"list", + "member":{"shape":"NetworkType"} + }, "NoOperationFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The requested operation would result in no changes.

    ", "exception":true }, "Node":{ @@ -2655,16 +2825,14 @@ }, "NodeQuotaForClusterExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of nodes allowed for this cluster.

    ", "exception":true }, "NodeQuotaForCustomerExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of nodes allowed for this customer.

    ", "exception":true }, "NodeTypeList":{ @@ -2725,9 +2893,8 @@ }, "ParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A parameter group with the specified name already exists.

    ", "exception":true }, "ParameterGroupList":{ @@ -2736,16 +2903,14 @@ }, "ParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified parameter group does not exist.

    ", "exception":true }, "ParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of parameter groups allowed.

    ", "exception":true }, "ParameterNameList":{ @@ -2935,8 +3100,7 @@ }, "ReservedNodeAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You already have a reservation with the given identifier.

    ", "exception":true }, @@ -2946,15 +3110,13 @@ }, "ReservedNodeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested node does not exist.

    ", "exception":true }, "ReservedNodeQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request cannot be processed because it would exceed the user's node quota.

    ", "exception":true }, @@ -2994,8 +3156,7 @@ }, "ReservedNodesOfferingNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested node offering does not exist.

    ", "exception":true }, @@ -3060,9 +3221,8 @@ }, "ServiceLinkedRoleNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The required service-linked role was not found.

    ", "exception":true }, "ServiceUpdate":{ @@ -3113,9 +3273,8 @@ }, "ServiceUpdateNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified service update does not exist.

    ", "exception":true }, "ServiceUpdateRequest":{ @@ -3228,16 +3387,14 @@ }, "ShardNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified shard does not exist.

    ", "exception":true }, "ShardsPerClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of shards allowed per cluster.

    ", "exception":true }, "SlotMigration":{ @@ -3286,9 +3443,8 @@ }, "SnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A snapshot with the specified name already exists.

    ", "exception":true }, "SnapshotArnsList":{ @@ -3301,16 +3457,14 @@ }, "SnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified snapshot does not exist.

    ", "exception":true }, "SnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of snapshots allowed.

    ", "exception":true }, "SourceType":{ @@ -3335,6 +3489,10 @@ "AvailabilityZone":{ "shape":"AvailabilityZone", "documentation":"

    The Availability Zone where the subnet resides

    " + }, + "SupportedNetworkTypes":{ + "shape":"NetworkTypeList", + "documentation":"

    The network types supported by this subnet. Returns an array of strings that can include 'ipv4', 'ipv6', or both, indicating whether the subnet supports IPv4 only, IPv6 only, or dual-stack deployments.

    " } }, "documentation":"

    Represents the subnet associated with a cluster. This parameter refers to subnets defined in Amazon Virtual Private Cloud (Amazon VPC) and used with MemoryDB.

    " @@ -3361,22 +3519,24 @@ "ARN":{ "shape":"String", "documentation":"

    The ARN (Amazon Resource Name) of the subnet group.

    " + }, + "SupportedNetworkTypes":{ + "shape":"NetworkTypeList", + "documentation":"

    The network types supported by this subnet group. Returns an array of strings that can include 'ipv4', 'ipv6', or both, indicating the IP address types that can be used for clusters deployed in this subnet group.

    " } }, "documentation":"

    Represents the output of one of the following operations:

    • CreateSubnetGroup

    • UpdateSubnetGroup

    A subnet group is a collection of subnets (typically private) that you can designate for your clusters running in an Amazon Virtual Private Cloud (VPC) environment.

    " }, "SubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A subnet group with the specified name already exists.

    ", "exception":true }, "SubnetGroupInUseFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The subnet group is currently in use and cannot be deleted.

    ", "exception":true }, "SubnetGroupList":{ @@ -3385,16 +3545,14 @@ }, "SubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified subnet group does not exist.

    ", "exception":true }, "SubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of subnet groups allowed.

    ", "exception":true }, "SubnetIdentifierList":{ @@ -3403,9 +3561,8 @@ }, "SubnetInUse":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The subnet is currently in use and cannot be deleted.

    ", "exception":true }, "SubnetList":{ @@ -3414,16 +3571,14 @@ }, "SubnetNotAllowedFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified subnet is not allowed for this operation.

    ", "exception":true }, "SubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of subnets allowed.

    ", "exception":true }, "TStamp":{"type":"timestamp"}, @@ -3448,16 +3603,14 @@ }, "TagNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified tag does not exist.

    ", "exception":true }, "TagQuotaPerResourceExceeded":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of tags allowed per resource.

    ", "exception":true }, "TagResourceRequest":{ @@ -3493,9 +3646,8 @@ }, "TestFailoverNotAvailableFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    Test failover is not available for this cluster configuration.

    ", "exception":true }, "UnprocessedCluster":{ @@ -3636,6 +3788,10 @@ "ACLName":{ "shape":"ACLName", "documentation":"

    The Access Control List that is associated with the cluster.

    " + }, + "IpDiscovery":{ + "shape":"IpDiscovery", + "documentation":"

    The mechanism for discovering IP addresses for the cluster discovery protocol. Valid values are 'ipv4' or 'ipv6'. When set to 'ipv4', cluster discovery functions such as cluster slots, cluster shards, and cluster nodes will return IPv4 addresses for cluster nodes. When set to 'ipv6', the cluster discovery functions return IPv6 addresses for cluster nodes. The value must be compatible with the NetworkType parameter. If not specified, the default is 'ipv4'.

    " } } }, @@ -3675,7 +3831,7 @@ }, "UpdateStrategy":{ "shape":"UpdateStrategy", - "documentation":"

    Whether to force the update even if it may cause data loss.

    " + "documentation":"

    The strategy to use for the update operation. Supported values are \"coordinated\" or \"uncoordinated\".

    " } } }, @@ -3811,9 +3967,8 @@ }, "UserAlreadyExistsFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    A user with the specified name already exists.

    ", "exception":true }, "UserList":{ @@ -3836,16 +3991,14 @@ }, "UserNotFoundFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The specified user does not exist.

    ", "exception":true }, "UserQuotaExceededFault":{ "type":"structure", - "members":{ - }, - "documentation":"

    ", + "members":{}, + "documentation":"

    The request cannot be processed because it would exceed the maximum number of users allowed.

    ", "exception":true } }, diff -pruN 2.23.6-1/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -58,307 +57,417 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } - ] + ], + "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://metering-marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-cn" ] - } - ], - "type": "tree", - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://metering.marketplace-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://metering-marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://metering-marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], - "type": "tree", "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://metering.marketplace-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://metering.marketplace-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://metering.marketplace-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], - "endpoint": { - "url": "https://metering.marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws", + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "name" + false ] - } - ] - } - ], - "endpoint": { - "url": "https://metering.marketplace.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + true ] } - ] + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://metering.marketplace.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://metering.marketplace.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://metering.marketplace.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://metering.marketplace.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/meteringmarketplace/2016-01-14/service-2.json 2.31.35-1/awscli/botocore/data/meteringmarketplace/2016-01-14/service-2.json --- 2.23.6-1/awscli/botocore/data/meteringmarketplace/2016-01-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/meteringmarketplace/2016-01-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"metering.marketplace", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWSMarketplace Metering", "serviceId":"Marketplace Metering", "signatureVersion":"v4", "signingName":"aws-marketplace", "targetPrefix":"AWSMPMeteringService", - "uid":"meteringmarketplace-2016-01-14" + "uid":"meteringmarketplace-2016-01-14", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchMeterUsage":{ @@ -32,7 +34,7 @@ {"shape":"ThrottlingException"}, {"shape":"DisabledApiException"} ], - "documentation":"

    BatchMeterUsage is called from a SaaS application listed on AWS Marketplace to post metering records for a set of customers.

    For identical requests, the API is idempotent; requests can be retried with the same records or a subset of the input records.

    Every request to BatchMeterUsage is for one product. If you need to meter usage for multiple products, you must make multiple calls to BatchMeterUsage.

    Usage records are expected to be submitted as quickly as possible after the event that is being recorded, and are not accepted more than 6 hours after the event.

    BatchMeterUsage can process up to 25 UsageRecords at a time.

    A UsageRecord can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).

    BatchMeterUsage returns a list of UsageRecordResult objects, showing the result for each UsageRecord, as well as a list of UnprocessedRecords, indicating errors in the service side that you should retry.

    BatchMeterUsage requests must be less than 1MB in size.

    For an example of using BatchMeterUsage, see BatchMeterUsage code example in the AWS Marketplace Seller Guide.

    " + "documentation":"

    The CustomerIdentifier parameter is scheduled for deprecation on March 31, 2026. Use CustomerAWSAccountID instead.

    These parameters are mutually exclusive. You can't specify both CustomerIdentifier and CustomerAWSAccountID in the same request.

    To post metering records for customers, SaaS applications call BatchMeterUsage, which is used for metering SaaS flexible consumption pricing (FCP). Identical requests are idempotent and can be retried with the same records or a subset of records. Each BatchMeterUsage request is for only one product. If you want to meter usage for multiple products, you must make multiple BatchMeterUsage calls.

    Usage records should be submitted in quick succession following a recorded event. Usage records aren't accepted 6 hours or more after an event.

    BatchMeterUsage can process up to 25 UsageRecords at a time, and each request must be less than 1 MB in size. Optionally, you can have multiple usage allocations for usage data that's split into buckets according to predefined tags.

    BatchMeterUsage returns a list of UsageRecordResult objects, which have each UsageRecord. It also returns a list of UnprocessedRecords, which indicate errors on the service side that should be retried.

    For Amazon Web Services Regions that support BatchMeterUsage, see BatchMeterUsage Region support.

    For an example of BatchMeterUsage, see BatchMeterUsage code example in the Amazon Web Services Marketplace Seller Guide.

    " }, "MeterUsage":{ "name":"MeterUsage", @@ -51,10 +53,11 @@ {"shape":"InvalidEndpointRegionException"}, {"shape":"TimestampOutOfBoundsException"}, {"shape":"DuplicateRequestException"}, + {"shape":"IdempotencyConflictException"}, {"shape":"ThrottlingException"}, {"shape":"CustomerNotEntitledException"} ], - "documentation":"

    API to emit metering records. For identical requests, the API is idempotent. It simply returns the metering record ID.

    MeterUsage is authenticated on the buyer's AWS account using credentials from the EC2 instance, ECS task, or EKS pod.

    MeterUsage can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).

    Usage records are expected to be submitted as quickly as possible after the event that is being recorded, and are not accepted more than 6 hours after the event.

    " + "documentation":"

    API to emit metering records. For identical requests, the API is idempotent and returns the metering record ID. This is used for metering flexible consumption pricing (FCP) Amazon Machine Images (AMI) and container products.

    MeterUsage is authenticated on the buyer's Amazon Web Services account using credentials from the Amazon EC2 instance, Amazon ECS task, or Amazon EKS pod.

    MeterUsage can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).

    Submit usage records to report events from the previous hour. If you submit records that are greater than six hours after events occur, the records won’t be accepted. The timestamp in your request determines when an event is recorded. You can only report usage once per hour for each dimension. For AMI-based products, this is per dimension and per EC2 instance. For container products, this is per dimension and per ECS task or EKS pod. You can’t modify values after they’re recorded. If you report usage before the current hour ends, you will be unable to report additional usage until the next hour begins.

    For Amazon Web Services Regions that support MeterUsage, see MeterUsage Region support for Amazon EC2 and MeterUsage Region support for Amazon ECS and Amazon EKS.

    " }, "RegisterUsage":{ "name":"RegisterUsage", @@ -74,7 +77,7 @@ {"shape":"InternalServiceErrorException"}, {"shape":"DisabledApiException"} ], - "documentation":"

    Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you may choose to do so if you would like to receive usage data in your seller reports. The sections below explain the behavior of RegisterUsage. RegisterUsage performs two primary functions: metering and entitlement.

    • Entitlement: RegisterUsage allows you to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Your container image that integrates with RegisterUsage is only required to guard against unauthorized use at container startup, as such a CustomerNotSubscribedException or PlatformNotSupportedException will only be thrown on the initial call to RegisterUsage. Subsequent calls from the same Amazon ECS task instance (e.g. task-id) or Amazon EKS pod will not throw a CustomerNotSubscribedException, even if the customer unsubscribes while the Amazon ECS task or Amazon EKS pod is still running.

    • Metering: RegisterUsage meters software use per ECS task, per hour, or per pod for Amazon EKS with usage prorated to the second. A minimum of 1 minute of usage applies to tasks that are short lived. For example, if a customer has a 10 node Amazon ECS or Amazon EKS cluster and a service configured as a Daemon Set, then Amazon ECS or Amazon EKS will launch a task on all 10 cluster nodes and the customer will be charged: (10 * hourly_rate). Metering for software use is automatically handled by the AWS Marketplace Metering Control Plane -- your software is not required to perform any metering specific actions, other than call RegisterUsage once for metering of software use to commence. The AWS Marketplace Metering Control Plane will also continue to bill customers for running ECS tasks and Amazon EKS pods, regardless of the customers subscription state, removing the need for your software to perform entitlement checks at runtime.

    " + "documentation":"

    Paid container software products sold through Amazon Web Services Marketplace must integrate with the Amazon Web Services Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you may choose to do so if you would like to receive usage data in your seller reports. The sections below explain the behavior of RegisterUsage. RegisterUsage performs two primary functions: metering and entitlement.

    • Entitlement: RegisterUsage allows you to verify that the customer running your paid software is subscribed to your product on Amazon Web Services Marketplace, enabling you to guard against unauthorized use. Your container image that integrates with RegisterUsage is only required to guard against unauthorized use at container startup, as such a CustomerNotSubscribedException or PlatformNotSupportedException will only be thrown on the initial call to RegisterUsage. Subsequent calls from the same Amazon ECS task instance (e.g. task-id) or Amazon EKS pod will not throw a CustomerNotSubscribedException, even if the customer unsubscribes while the Amazon ECS task or Amazon EKS pod is still running.

    • Metering: RegisterUsage meters software use per ECS task, per hour, or per pod for Amazon EKS with usage prorated to the second. A minimum of 1 minute of usage applies to tasks that are short lived. For example, if a customer has a 10 node Amazon ECS or Amazon EKS cluster and a service configured as a Daemon Set, then Amazon ECS or Amazon EKS will launch a task on all 10 cluster nodes and the customer will be charged for 10 tasks. Software metering is handled by the Amazon Web Services Marketplace metering control plane—your software is not required to perform metering-specific actions other than to call RegisterUsage to commence metering. The Amazon Web Services Marketplace metering control plane will also bill customers for running ECS tasks and Amazon EKS pods, regardless of the customer's subscription state, which removes the need for your software to run entitlement checks at runtime. For containers, RegisterUsage should be called immediately at launch. If you don’t register the container within the first 6 hours of the launch, Amazon Web Services Marketplace Metering Service doesn’t provide any metering guarantees for previous months. Metering will continue, however, for the current month forward until the container ends. RegisterUsage is for metering paid hourly container products.

      For Amazon Web Services Regions that support RegisterUsage, see RegisterUsage Region support.

    " }, "ResolveCustomer":{ "name":"ResolveCustomer", @@ -91,7 +94,7 @@ {"shape":"InternalServiceErrorException"}, {"shape":"DisabledApiException"} ], - "documentation":"

    ResolveCustomer is called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a registration token through their browser. The registration token is resolved through this API to obtain a CustomerIdentifier along with the CustomerAWSAccountId and ProductCode.

    The API needs to called from the seller account id used to publish the SaaS application to successfully resolve the token.

    For an example of using ResolveCustomer, see ResolveCustomer code example in the AWS Marketplace Seller Guide.

    " + "documentation":"

    ResolveCustomer is called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a registration token through their browser. The registration token is resolved through this API to obtain a CustomerIdentifier along with the CustomerAWSAccountId and ProductCode.

    To successfully resolve the token, the API must be called from the account that was used to publish the SaaS application. For an example of using ResolveCustomer, see ResolveCustomer code example in the Amazon Web Services Marketplace Seller Guide.

    Permission is required for this operation. Your IAM role or user performing this operation requires a policy to allow the aws-marketplace:ResolveCustomer action. For more information, see Actions, resources, and condition keys for Amazon Web Services Marketplace Metering Service in the Service Authorization Reference.

    For Amazon Web Services Regions that support ResolveCustomer, see ResolveCustomer Region support.

    " } }, "shapes":{ @@ -113,7 +116,7 @@ }, "ProductCode":{ "shape":"ProductCode", - "documentation":"

    Product code is used to uniquely identify a product in AWS Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " + "documentation":"

    Product code is used to uniquely identify a product in Amazon Web Services Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " } }, "documentation":"

    A BatchMeterUsageRequest contains UsageRecords, which indicate quantities of usage within your application.

    " @@ -123,7 +126,7 @@ "members":{ "Results":{ "shape":"UsageRecordResultList", - "documentation":"

    Contains all UsageRecords processed by BatchMeterUsage. These records were either honored by AWS Marketplace Metering Service or were invalid. Invalid records should be fixed before being resubmitted.

    " + "documentation":"

    Contains all UsageRecords processed by BatchMeterUsage. These records were either honored by Amazon Web Services Marketplace Metering Service or were invalid. Invalid records should be fixed before being resubmitted.

    " }, "UnprocessedRecords":{ "shape":"UsageRecordList", @@ -133,6 +136,11 @@ "documentation":"

    Contains the UsageRecords processed by BatchMeterUsage and any records that have failed due to transient error.

    " }, "Boolean":{"type":"boolean"}, + "ClientToken":{ + "type":"string", + "max":64, + "min":1 + }, "CustomerAWSAccountId":{ "type":"string", "max":255, @@ -142,8 +150,8 @@ "CustomerIdentifier":{ "type":"string", "max":255, - "min":1, - "pattern":"[\\s\\S]+" + "min":0, + "pattern":"[\\s\\S]*" }, "CustomerNotEntitledException":{ "type":"structure", @@ -177,12 +185,20 @@ "documentation":"

    The submitted registration token has expired. This can happen if the buyer's browser takes too long to redirect to your page, the buyer has resubmitted the registration token, or your application has held on to the registration token for too long. Your SaaS registration website should redeem this token as soon as it is submitted by the buyer's browser.

    ", "exception":true }, + "IdempotencyConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"errorMessage"} + }, + "documentation":"

    The ClientToken is being used for multiple requests.

    ", + "exception":true + }, "InternalServiceErrorException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "documentation":"

    An internal error has occurred. Retry your request. If the problem persists, post a message with details on the AWS forums.

    ", + "documentation":"

    An internal error has occurred. Retry your request. If the problem persists, post a message with details on the Amazon Web Services forums.

    ", "exception":true, "fault":true }, @@ -199,7 +215,7 @@ "members":{ "message":{"shape":"errorMessage"} }, - "documentation":"

    The endpoint being called is in a AWS Region different from your EC2 instance, ECS task, or EKS pod. The Region of the Metering Service endpoint and the AWS Region of the resource must match.

    ", + "documentation":"

    The endpoint being called is in a Amazon Web Services Region different from your EC2 instance, ECS task, or EKS pod. The Region of the Metering Service endpoint and the Amazon Web Services Region of the resource must match.

    ", "exception":true }, "InvalidProductCodeException":{ @@ -223,7 +239,7 @@ "members":{ "message":{"shape":"errorMessage"} }, - "documentation":"

    RegisterUsage must be called in the same AWS Region the ECS task was launched in. This prevents a container from hardcoding a Region (e.g. withRegion(“us-east-1”) when calling RegisterUsage.

    ", + "documentation":"

    RegisterUsage must be called in the same Amazon Web Services Region the ECS task was launched in. This prevents a container from hardcoding a Region (e.g. withRegion(“us-east-1”) when calling RegisterUsage.

    ", "exception":true }, "InvalidTagException":{ @@ -247,7 +263,7 @@ "members":{ "message":{"shape":"errorMessage"} }, - "documentation":"

    The usage allocation objects are invalid, or the number of allocations is greater than 500 for a single usage record.

    ", + "documentation":"

    Sum of allocated usage quantities is not equal to the usage quantity.

    ", "exception":true }, "InvalidUsageDimensionException":{ @@ -268,11 +284,11 @@ "members":{ "ProductCode":{ "shape":"ProductCode", - "documentation":"

    Product code is used to uniquely identify a product in AWS Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " + "documentation":"

    Product code is used to uniquely identify a product in Amazon Web Services Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " }, "Timestamp":{ "shape":"Timestamp", - "documentation":"

    Timestamp, in UTC, for which the usage is being reported. Your application can meter usage for up to one hour in the past. Make sure the timestamp value is not before the start of the software usage.

    " + "documentation":"

    Timestamp, in UTC, for which the usage is being reported. Your application can meter usage for up to six hours in the past. Make sure the timestamp value is not before the start of the software usage.

    " }, "UsageDimension":{ "shape":"UsageDimension", @@ -289,6 +305,11 @@ "UsageAllocations":{ "shape":"UsageAllocations", "documentation":"

    The set of UsageAllocations to submit.

    The sum of all UsageAllocation quantities must equal the UsageQuantity of the MeterUsage request, and each UsageAllocation must have a unique set of tags (include no tags).

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotencyConflictException error.

    ", + "idempotencyToken":true } } }, @@ -315,7 +336,7 @@ "members":{ "message":{"shape":"errorMessage"} }, - "documentation":"

    AWS Marketplace does not support metering usage from the underlying platform. Currently, Amazon ECS, Amazon EKS, and AWS Fargate are supported.

    ", + "documentation":"

    Amazon Web Services Marketplace does not support metering usage from the underlying platform. Currently, Amazon ECS, Amazon EKS, and Fargate are supported.

    ", "exception":true }, "ProductCode":{ @@ -333,11 +354,11 @@ "members":{ "ProductCode":{ "shape":"ProductCode", - "documentation":"

    Product code is used to uniquely identify a product in AWS Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " + "documentation":"

    Product code is used to uniquely identify a product in Amazon Web Services Marketplace. The product code should be the same as the one used during the publishing of a new product.

    " }, "PublicKeyVersion":{ "shape":"VersionInteger", - "documentation":"

    Public Key Version provided by AWS Marketplace

    " + "documentation":"

    Public Key Version provided by Amazon Web Services Marketplace

    " }, "Nonce":{ "shape":"Nonce", @@ -382,7 +403,7 @@ }, "CustomerAWSAccountId":{ "shape":"CustomerAWSAccountId", - "documentation":"

    The CustomerAWSAccountId provides the AWS account ID associated with the CustomerIdentifier for the individual customer.

    " + "documentation":"

    The CustomerAWSAccountId provides the Amazon Web Services account ID associated with the CustomerIdentifier for the individual customer.

    " } }, "documentation":"

    The result of the ResolveCustomer operation. Contains the CustomerIdentifier along with the CustomerAWSAccountId and ProductCode.

    " @@ -477,13 +498,12 @@ "type":"structure", "required":[ "Timestamp", - "CustomerIdentifier", "Dimension" ], "members":{ "Timestamp":{ "shape":"Timestamp", - "documentation":"

    Timestamp, in UTC, for which the usage is being reported.

    Your application can meter usage for up to one hour in the past. Make sure the timestamp value is not before the start of the software usage.

    " + "documentation":"

    Timestamp, in UTC, for which the usage is being reported.

    Your application can meter usage for up to six hours in the past. Make sure the timestamp value is not before the start of the software usage.

    " }, "CustomerIdentifier":{ "shape":"CustomerIdentifier", @@ -491,7 +511,7 @@ }, "Dimension":{ "shape":"UsageDimension", - "documentation":"

    During the process of registering a product on AWS Marketplace, dimensions are specified. These represent different units of value in your application.

    " + "documentation":"

    During the process of registering a product on Amazon Web Services Marketplace, dimensions are specified. These represent different units of value in your application.

    " }, "Quantity":{ "shape":"UsageQuantity", @@ -500,6 +520,10 @@ "UsageAllocations":{ "shape":"UsageAllocations", "documentation":"

    The set of UsageAllocations to submit. The sum of all UsageAllocation quantities must equal the Quantity of the UsageRecord.

    " + }, + "CustomerAWSAccountId":{ + "shape":"CustomerAWSAccountId", + "documentation":"

    The CustomerAWSAccountID parameter specifies the AWS account ID of the buyer.

    " } }, "documentation":"

    A UsageRecord indicates a quantity of usage for a given product, customer, dimension and time.

    Multiple requests with the same UsageRecords as input will be de-duplicated to prevent double charges.

    " @@ -523,7 +547,7 @@ }, "Status":{ "shape":"UsageRecordResultStatus", - "documentation":"

    The UsageRecordResult Status indicates the status of an individual UsageRecord processed by BatchMeterUsage.

    • Success- The UsageRecord was accepted and honored by BatchMeterUsage.

    • CustomerNotSubscribed- The CustomerIdentifier specified is not able to use your product. The UsageRecord was not honored. There are three causes for this result:

      • The customer identifier is invalid.

      • The customer identifier provided in the metering record does not have an active agreement or subscription with this product. Future UsageRecords for this customer will fail until the customer subscribes to your product.

      • The customer's AWS account was suspended.

    • DuplicateRecord- Indicates that the UsageRecord was invalid and not honored. A previously metered UsageRecord had the same customer, dimension, and time, but a different quantity.

    " + "documentation":"

    The UsageRecordResult Status indicates the status of an individual UsageRecord processed by BatchMeterUsage.

    • Success- The UsageRecord was accepted and honored by BatchMeterUsage.

    • CustomerNotSubscribed- The CustomerIdentifier specified is not able to use your product. The UsageRecord was not honored. There are three causes for this result:

      • The customer identifier is invalid.

      • The customer identifier provided in the metering record does not have an active agreement or subscription with this product. Future UsageRecords for this customer will fail until the customer subscribes to your product.

      • The customer's Amazon Web Services account was suspended.

    • DuplicateRecord- Indicates that the UsageRecord was invalid and not honored. A previously metered UsageRecord had the same customer, dimension, and time, but a different quantity.

    " } }, "documentation":"

    A UsageRecordResult indicates the status of a given UsageRecord processed by BatchMeterUsage.

    " @@ -546,5 +570,5 @@ }, "errorMessage":{"type":"string"} }, - "documentation":"AWS Marketplace Metering Service

    This reference provides descriptions of the low-level AWS Marketplace Metering Service API.

    AWS Marketplace sellers can use this API to submit usage data for custom usage dimensions.

    For information on the permissions you need to use this API, see AWS Marketplace metering and entitlement API permissions in the AWS Marketplace Seller Guide.

    Submitting Metering Records

    • MeterUsage - Submits the metering record for an AWS Marketplace product. MeterUsage is called from an EC2 instance or a container running on EKS or ECS.

    • BatchMeterUsage - Submits the metering record for a set of customers. BatchMeterUsage is called from a software-as-a-service (SaaS) application.

    Accepting New Customers

    • ResolveCustomer - Called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a Registration Token through the browser. The Registration Token is resolved through this API to obtain a CustomerIdentifier along with the CustomerAWSAccountId and ProductCode.

    Entitlement and Metering for Paid Container Products

    • Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you can do so if you want to receive usage data in your seller reports. For more information on using the RegisterUsage operation, see Container-Based Products.

    BatchMeterUsage API calls are captured by AWS CloudTrail. You can use Cloudtrail to verify that the SaaS metering records that you sent are accurate by searching for records with the eventName of BatchMeterUsage. You can also use CloudTrail to audit records over time. For more information, see the AWS CloudTrail User Guide.

    " + "documentation":"Amazon Web Services Marketplace Metering Service

    This reference provides descriptions of the low-level Marketplace Metering Service API.

    Amazon Web Services Marketplace sellers can use this API to submit usage data for custom usage dimensions.

    For information about the permissions that you need to use this API, see Amazon Web Services Marketplace metering and entitlement API permissions in the Amazon Web Services Marketplace Seller Guide.

    Submitting metering records

    MeterUsage

    • Submits the metering record for an Amazon Web Services Marketplace product.

    • Called from: Amazon Elastic Compute Cloud (Amazon EC2) instance or a container running on either Amazon Elastic Kubernetes Service (Amazon EKS) or Amazon Elastic Container Service (Amazon ECS)

    • Supported product types: Amazon Machine Images (AMIs) and containers

    • Vendor-metered tagging: Supported allocation tagging

    BatchMeterUsage

    • Submits the metering record for a set of customers. BatchMeterUsage API calls are captured by CloudTrail. You can use CloudTrail to verify that the software as a subscription (SaaS) metering records that you sent are accurate by searching for records with the eventName of BatchMeterUsage. You can also use CloudTrail to audit records over time. For more information, see the CloudTrail User Guide.

    • Called from: SaaS applications

    • Supported product type: SaaS

    • Vendor-metered tagging: Supports allocation tagging

    Accepting new customers

    ResolveCustomer

    • Resolves the registration token that the buyer submits through the browser during the registration process. Obtains a CustomerIdentifier along with the CustomerAWSAccountId and ProductCode.

    • Called from: SaaS application during the registration process

    • Supported product type: SaaS

    • Vendor-metered tagging: Not applicable

    Entitlement and metering for paid container products

    RegisteredUsage

    • Provides software entitlement and metering. Paid container software products sold through Amazon Web Services Marketplace must integrate with the Marketplace Metering Service and call the RegisterUsage operation. Free and Bring Your Own License model (BYOL) products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage. However, you can do so if you want to receive usage data in your seller reports. For more information about using the RegisterUsage operation, see Container-based products.

    • Called from: Paid container software products

    • Supported product type: Containers

    • Vendor-metered tagging: Not applicable

    Entitlement custom metering for container products

    • MeterUsage API is available in GovCloud Regions but only supports AMI FCP products in GovCloud Regions. Flexible Consumption Pricing (FCP) Container products aren’t supported in GovCloud Regions: us-gov-west-1 and us-gov-east-1. For more information, see Container-based products.

    • Custom metering for container products are called using the MeterUsage API. The API is used for FCP AMI and FCP Container product metering.

    Custom metering for Amazon EKS is available in 17 Amazon Web Services Regions

    • The metering service supports Amazon ECS and EKS for Flexible Consumption Pricing (FCP) products using MeterUsage API. Amazon ECS is supported in all Amazon Web Services Regions that MeterUsage API is available except for GovCloud.

    • Amazon EKS is supported in the following: us-east-1, us-east-2, us-west-1, us-west-2, eu-west-1, eu-central-1, eu-west-2, eu-west-3, eu-north-1, ap-east-1, ap-southeast-1, ap-northeast-1, ap-southeast-2, ap-northeast-2, ap-south-1, ca-central-1, sa-east-1.

      For questions about adding Amazon Web Services Regions for metering, contact Amazon Web Services Marketplace Seller Operations.
    " } diff -pruN 2.23.6-1/awscli/botocore/data/mgh/2017-05-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mgh/2017-05-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mgh/2017-05-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mgh/2017-05-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mgh/2017-05-31/service-2.json 2.31.35-1/awscli/botocore/data/mgh/2017-05-31/service-2.json --- 2.23.6-1/awscli/botocore/data/mgh/2017-05-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mgh/2017-05-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -516,8 +516,7 @@ }, "AssociateCreatedArtifactResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateDiscoveredResourceRequest":{ "type":"structure", @@ -547,8 +546,7 @@ }, "AssociateDiscoveredResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateSourceResourceRequest":{ "type":"structure", @@ -578,8 +576,7 @@ }, "AssociateSourceResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ConfigurationId":{ "type":"string", @@ -603,8 +600,7 @@ }, "CreateProgressUpdateStreamResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreatedArtifact":{ "type":"structure", @@ -653,8 +649,7 @@ }, "DeleteProgressUpdateStreamResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeApplicationStateRequest":{ "type":"structure", @@ -733,8 +728,7 @@ }, "DisassociateCreatedArtifactResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateDiscoveredResourceRequest":{ "type":"structure", @@ -764,8 +758,7 @@ }, "DisassociateDiscoveredResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateSourceResourceRequest":{ "type":"structure", @@ -795,8 +788,7 @@ }, "DisassociateSourceResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DiscoveredResource":{ "type":"structure", @@ -864,8 +856,7 @@ }, "ImportMigrationTaskResult":{ "type":"structure", - "members":{ - } + "members":{} }, "InternalServerError":{ "type":"structure", @@ -1268,8 +1259,7 @@ }, "NotifyApplicationStateResult":{ "type":"structure", - "members":{ - } + "members":{} }, "NotifyMigrationTaskStateRequest":{ "type":"structure", @@ -1309,8 +1299,7 @@ }, "NotifyMigrationTaskStateResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PolicyErrorException":{ "type":"structure", @@ -1374,8 +1363,7 @@ }, "PutResourceAttributesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ResourceAttribute":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/mgn/2020-02-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mgn/2020-02-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mgn/2020-02-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mgn/2020-02-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/migration-hub-refactor-spaces/2021-10-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/migration-hub-refactor-spaces/2021-10-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/migration-hub-refactor-spaces/2021-10-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/migration-hub-refactor-spaces/2021-10-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/migrationhub-config/2019-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/migrationhub-config/2019-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/migrationhub-config/2019-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/migrationhub-config/2019-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/migrationhub-config/2019-06-30/service-2.json 2.31.35-1/awscli/botocore/data/migrationhub-config/2019-06-30/service-2.json --- 2.23.6-1/awscli/botocore/data/migrationhub-config/2019-06-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/migrationhub-config/2019-06-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"migrationhub-config", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Migration Hub Config", "serviceId":"MigrationHub Config", "signatureVersion":"v4", "signingName":"mgh", "targetPrefix":"AWSMigrationHubMultiAccountService", - "uid":"migrationhub-config-2019-06-30" + "uid":"migrationhub-config-2019-06-30", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateHomeRegionControl":{ @@ -140,8 +142,7 @@ }, "DeleteHomeRegionControlResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeHomeRegionControlsMaxResults":{ "type":"integer", @@ -199,8 +200,7 @@ "ErrorMessage":{"type":"string"}, "GetHomeRegionRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetHomeRegionResult":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/migrationhuborchestrator/2021-08-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/migrationhuborchestrator/2021-08-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/migrationhuborchestrator/2021-08-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/migrationhuborchestrator/2021-08-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/migrationhubstrategy/2020-02-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/migrationhubstrategy/2020-02-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/migrationhubstrategy/2020-02-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/migrationhubstrategy/2020-02-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://mpa-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://mpa.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/paginators-1.json 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/paginators-1.json --- 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,40 @@ +{ + "pagination": { + "ListApprovalTeams": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ApprovalTeams" + }, + "ListIdentitySources": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "IdentitySources" + }, + "ListPolicies": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Policies" + }, + "ListPolicyVersions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "PolicyVersions" + }, + "ListResourcePolicies": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ResourcePolicies" + }, + "ListSessions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Sessions" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/service-2.json 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,2293 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2022-07-26", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"mpa", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS Multi-party Approval", + "serviceId":"MPA", + "signatureVersion":"v4", + "signingName":"mpa", + "uid":"mpa-2022-07-26" + }, + "operations":{ + "CancelSession":{ + "name":"CancelSession", + "http":{ + "method":"PUT", + "requestUri":"/sessions/{SessionArn}", + "responseCode":200 + }, + "input":{"shape":"CancelSessionRequest"}, + "output":{"shape":"CancelSessionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Cancels an approval session. For more information, see Session in the Multi-party approval User Guide.

    ", + "idempotent":true + }, + "CreateApprovalTeam":{ + "name":"CreateApprovalTeam", + "http":{ + "method":"POST", + "requestUri":"/approval-teams", + "responseCode":200 + }, + "input":{"shape":"CreateApprovalTeamRequest"}, + "output":{"shape":"CreateApprovalTeamResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Creates a new approval team. For more information, see Approval team in the Multi-party approval User Guide.

    ", + "idempotent":true + }, + "CreateIdentitySource":{ + "name":"CreateIdentitySource", + "http":{ + "method":"POST", + "requestUri":"/identity-sources", + "responseCode":200 + }, + "input":{"shape":"CreateIdentitySourceRequest"}, + "output":{"shape":"CreateIdentitySourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates a new identity source. For more information, see Identity Source in the Multi-party approval User Guide.

    ", + "idempotent":true + }, + "DeleteIdentitySource":{ + "name":"DeleteIdentitySource", + "http":{ + "method":"DELETE", + "requestUri":"/identity-sources/{IdentitySourceArn}", + "responseCode":200 + }, + "input":{"shape":"DeleteIdentitySourceRequest"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes an identity source. For more information, see Identity Source in the Multi-party approval User Guide.

    ", + "idempotent":true + }, + "DeleteInactiveApprovalTeamVersion":{ + "name":"DeleteInactiveApprovalTeamVersion", + "http":{ + "method":"DELETE", + "requestUri":"/approval-teams/{Arn}/{VersionId}", + "responseCode":200 + }, + "input":{"shape":"DeleteInactiveApprovalTeamVersionRequest"}, + "output":{"shape":"DeleteInactiveApprovalTeamVersionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes an inactive approval team. For more information, see Team health in the Multi-party approval User Guide.

    You can also use this operation to delete a team draft. For more information, see Interacting with drafts in the Multi-party approval User Guide.

    ", + "idempotent":true + }, + "GetApprovalTeam":{ + "name":"GetApprovalTeam", + "http":{ + "method":"GET", + "requestUri":"/approval-teams/{Arn}", + "responseCode":200 + }, + "input":{"shape":"GetApprovalTeamRequest"}, + "output":{"shape":"GetApprovalTeamResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns details for an approval team.

    " + }, + "GetIdentitySource":{ + "name":"GetIdentitySource", + "http":{ + "method":"GET", + "requestUri":"/identity-sources/{IdentitySourceArn}", + "responseCode":200 + }, + "input":{"shape":"GetIdentitySourceRequest"}, + "output":{"shape":"GetIdentitySourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns details for an identity source. For more information, see Identity Source in the Multi-party approval User Guide.

    " + }, + "GetPolicyVersion":{ + "name":"GetPolicyVersion", + "http":{ + "method":"GET", + "requestUri":"/policy-versions/{PolicyVersionArn}", + "responseCode":200 + }, + "input":{"shape":"GetPolicyVersionRequest"}, + "output":{"shape":"GetPolicyVersionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns details for the version of a policy. Policies define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"POST", + "requestUri":"/GetResourcePolicy", + "responseCode":200 + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns details about a policy for a resource.

    " + }, + "GetSession":{ + "name":"GetSession", + "http":{ + "method":"GET", + "requestUri":"/sessions/{SessionArn}", + "responseCode":200 + }, + "input":{"shape":"GetSessionRequest"}, + "output":{"shape":"GetSessionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns details for an approval session. For more information, see Session in the Multi-party approval User Guide.

    " + }, + "ListApprovalTeams":{ + "name":"ListApprovalTeams", + "http":{ + "method":"POST", + "requestUri":"/approval-teams/?List", + "responseCode":200 + }, + "input":{"shape":"ListApprovalTeamsRequest"}, + "output":{"shape":"ListApprovalTeamsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of approval teams.

    " + }, + "ListIdentitySources":{ + "name":"ListIdentitySources", + "http":{ + "method":"POST", + "requestUri":"/identity-sources/?List", + "responseCode":200 + }, + "input":{"shape":"ListIdentitySourcesRequest"}, + "output":{"shape":"ListIdentitySourcesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of identity sources. For more information, see Identity Source in the Multi-party approval User Guide.

    " + }, + "ListPolicies":{ + "name":"ListPolicies", + "http":{ + "method":"POST", + "requestUri":"/policies/?List", + "responseCode":200 + }, + "input":{"shape":"ListPoliciesRequest"}, + "output":{"shape":"ListPoliciesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of policies. Policies define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "ListPolicyVersions":{ + "name":"ListPolicyVersions", + "http":{ + "method":"POST", + "requestUri":"/policies/{PolicyArn}/?List", + "responseCode":200 + }, + "input":{"shape":"ListPolicyVersionsRequest"}, + "output":{"shape":"ListPolicyVersionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of the versions for policies. Policies define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "ListResourcePolicies":{ + "name":"ListResourcePolicies", + "http":{ + "method":"POST", + "requestUri":"/resource-policies/{ResourceArn}/?List", + "responseCode":200 + }, + "input":{"shape":"ListResourcePoliciesRequest"}, + "output":{"shape":"ListResourcePoliciesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of policies for a resource.

    " + }, + "ListSessions":{ + "name":"ListSessions", + "http":{ + "method":"POST", + "requestUri":"/approval-teams/{ApprovalTeamArn}/sessions/?List", + "responseCode":200 + }, + "input":{"shape":"ListSessionsRequest"}, + "output":{"shape":"ListSessionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of approval sessions. For more information, see Session in the Multi-party approval User Guide.

    " + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns a list of the tags for a resource.

    " + }, + "StartActiveApprovalTeamDeletion":{ + "name":"StartActiveApprovalTeamDeletion", + "http":{ + "method":"POST", + "requestUri":"/approval-teams/{Arn}?Delete", + "responseCode":200 + }, + "input":{"shape":"StartActiveApprovalTeamDeletionRequest"}, + "output":{"shape":"StartActiveApprovalTeamDeletionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Starts the deletion process for an active approval team.

    Deletions require team approval

    Requests to delete an active team must be approved by the team.

    ", + "idempotent":true + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"PUT", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"TooManyTagsException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates or updates a resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Removes a resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

    ", + "idempotent":true + }, + "UpdateApprovalTeam":{ + "name":"UpdateApprovalTeam", + "http":{ + "method":"PATCH", + "requestUri":"/approval-teams/{Arn}", + "responseCode":200 + }, + "input":{"shape":"UpdateApprovalTeamRequest"}, + "output":{"shape":"UpdateApprovalTeamResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Updates an approval team. You can request to update the team description, approval threshold, and approvers in the team.

    Updates require team approval

    Updates to an active team must be approved by the team.

    ", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the AccessDeniedException error.

    " + } + }, + "documentation":"

    You do not have sufficient access to perform this action. Check your permissions, and try again.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccountId":{ + "type":"string", + "max":12, + "min":0, + "pattern":"\\d{12}" + }, + "ActionCompletionStrategy":{ + "type":"string", + "enum":["AUTO_COMPLETION_UPON_APPROVAL"] + }, + "ActionName":{ + "type":"string", + "max":500, + "min":0 + }, + "ApprovalStrategy":{ + "type":"structure", + "members":{ + "MofN":{ + "shape":"MofNApprovalStrategy", + "documentation":"

    Minimum number of approvals (M) required for a total number of approvers (N).

    " + } + }, + "documentation":"

    Strategy for how an approval team grants approval.

    ", + "union":true + }, + "ApprovalStrategyResponse":{ + "type":"structure", + "members":{ + "MofN":{ + "shape":"MofNApprovalStrategy", + "documentation":"

    Minimum number of approvals (M) required for a total number of approvers (N).

    " + } + }, + "documentation":"

    Contains details for how an approval team grants approval.

    ", + "union":true + }, + "ApprovalTeamArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws(-[^:]+)?:mpa:[a-z0-9-]{1,20}:[0-9]{12}:approval-team/[a-zA-Z0-9._-]+" + }, + "ApprovalTeamName":{ + "type":"string", + "max":64, + "min":0, + "pattern":"[a-zA-Z0-9._-]+" + }, + "ApprovalTeamRequestApprover":{ + "type":"structure", + "required":[ + "PrimaryIdentityId", + "PrimaryIdentitySourceArn" + ], + "members":{ + "PrimaryIdentityId":{ + "shape":"IdentityId", + "documentation":"

    ID for the user.

    " + }, + "PrimaryIdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

    " + } + }, + "documentation":"

    Contains details for an approver.

    " + }, + "ApprovalTeamRequestApprovers":{ + "type":"list", + "member":{"shape":"ApprovalTeamRequestApprover"}, + "max":20, + "min":1 + }, + "ApprovalTeamStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "INACTIVE", + "DELETING", + "PENDING" + ] + }, + "ApprovalTeamStatusCode":{ + "type":"string", + "enum":[ + "VALIDATING", + "PENDING_ACTIVATION", + "FAILED_VALIDATION", + "FAILED_ACTIVATION", + "UPDATE_PENDING_APPROVAL", + "UPDATE_PENDING_ACTIVATION", + "UPDATE_FAILED_APPROVAL", + "UPDATE_FAILED_ACTIVATION", + "UPDATE_FAILED_VALIDATION", + "DELETE_PENDING_APPROVAL", + "DELETE_FAILED_APPROVAL", + "DELETE_FAILED_VALIDATION" + ] + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CancelSessionRequest":{ + "type":"structure", + "required":["SessionArn"], + "members":{ + "SessionArn":{ + "shape":"SessionArn", + "documentation":"

    Amazon Resource Name (ARN) for the session.

    ", + "location":"uri", + "locationName":"SessionArn" + } + } + }, + "CancelSessionResponse":{ + "type":"structure", + "members":{ + } + }, + "ConflictException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the ConflictException error.

    " + } + }, + "documentation":"

    The request cannot be completed because it conflicts with the current state of a resource.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateApprovalTeamRequest":{ + "type":"structure", + "required":[ + "ApprovalStrategy", + "Approvers", + "Description", + "Policies", + "Name" + ], + "members":{ + "ClientToken":{ + "shape":"Token", + "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services populates this field.

    What is idempotency?

    When you make a mutating API request, the request typically returns a result before the operation's asynchronous workflows have completed. Operations might also time out or encounter other server issues before they complete, even though the request has already returned a result. This could make it difficult to determine whether the request succeeded or not, and could lead to multiple retries to ensure that the operation completes successfully. However, if the original request and the subsequent retries are successful, the operation is completed multiple times. This means that you might create more resources than you intended.

    Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

    ", + "idempotencyToken":true + }, + "ApprovalStrategy":{ + "shape":"ApprovalStrategy", + "documentation":"

    An ApprovalStrategy object. Contains details for how the team grants approval.

    " + }, + "Approvers":{ + "shape":"ApprovalTeamRequestApprovers", + "documentation":"

    An array of ApprovalTeamRequesterApprovers objects. Contains details for the approvers in the team.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the team.

    " + }, + "Policies":{ + "shape":"PoliciesReferences", + "documentation":"

    An array of PolicyReference objects. Contains a list of policies that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "Name":{ + "shape":"ApprovalTeamName", + "documentation":"

    Name of the team.

    " + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    Tags you want to attach to the team.

    " + } + } + }, + "CreateApprovalTeamResponse":{ + "type":"structure", + "members":{ + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the team was created.

    " + }, + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the team that was created.

    " + }, + "Name":{ + "shape":"String", + "documentation":"

    Name of the team that was created.

    " + }, + "VersionId":{ + "shape":"String", + "documentation":"

    Version ID for the team that was created. When a team is updated, the version ID changes.

    " + } + } + }, + "CreateIdentitySourceRequest":{ + "type":"structure", + "required":["IdentitySourceParameters"], + "members":{ + "IdentitySourceParameters":{ + "shape":"IdentitySourceParameters", + "documentation":"

    A IdentitySourceParameters object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "ClientToken":{ + "shape":"Token", + "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services populates this field.

    What is idempotency?

    When you make a mutating API request, the request typically returns a result before the operation's asynchronous workflows have completed. Operations might also time out or encounter other server issues before they complete, even though the request has already returned a result. This could make it difficult to determine whether the request succeeded or not, and could lead to multiple retries to ensure that the operation completes successfully. However, if the original request and the subsequent retries are successful, the operation is completed multiple times. This means that you might create more resources than you intended.

    Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    Tag you want to attach to the identity source.

    " + } + } + }, + "CreateIdentitySourceResponse":{ + "type":"structure", + "members":{ + "IdentitySourceType":{ + "shape":"IdentitySourceType", + "documentation":"

    The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source that was created.

    " + }, + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the identity source was created.

    " + } + } + }, + "DeleteIdentitySourceRequest":{ + "type":"structure", + "required":["IdentitySourceArn"], + "members":{ + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for identity source.

    ", + "location":"uri", + "locationName":"IdentitySourceArn" + } + } + }, + "DeleteInactiveApprovalTeamVersionRequest":{ + "type":"structure", + "required":[ + "Arn", + "VersionId" + ], + "members":{ + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amaazon Resource Name (ARN) for the team.

    ", + "location":"uri", + "locationName":"Arn" + }, + "VersionId":{ + "shape":"String", + "documentation":"

    Version ID for the team.

    ", + "location":"uri", + "locationName":"VersionId" + } + } + }, + "DeleteInactiveApprovalTeamVersionResponse":{ + "type":"structure", + "members":{ + } + }, + "Description":{ + "type":"string", + "max":256, + "min":1, + "sensitive":true + }, + "Filter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"FilterField", + "documentation":"

    Name of the filter to use.

    Supported filters

    The supported filters for ListSessions are: ActionName, SessionStatus, and InitationTime.

    " + }, + "Operator":{ + "shape":"Operator", + "documentation":"

    Operator to use for filtering.

    • EQ: Equal to the specified value

    • NE: Not equal to the specified value

    • GT: Greater than the specified value

    • LT: Less than the specified value

    • GTE: Greater than or equal to the specified value

    • LTE: Less than or equal to the specified value

    • CONTAINS: Contains the specified value

    • NOT_CONTAINS: Does not contain the specified value

    • BETWEEN: Between two values, inclusive of the specified values.

    Supported operators for each filter:

    • ActionName: EQ | NE | CONTAINS | NOT_CONTAINS

    • SessionStatus: EQ | NE

    • InitiationTime: GT | LT | GTE | LTE | BETWEEN

    " + }, + "Value":{ + "shape":"String", + "documentation":"

    Value to use for filtering. For the BETWEEN operator, specify values in the format a AND b (AND is case-insensitive).

    " + } + }, + "documentation":"

    Contains the filter to apply to requests. You can specify up to 10 filters for a request.

    " + }, + "FilterField":{ + "type":"string", + "enum":[ + "ActionName", + "ApprovalTeamName", + "VotingTime", + "Vote", + "SessionStatus", + "InitiationTime" + ] + }, + "Filters":{ + "type":"list", + "member":{"shape":"Filter"}, + "max":10, + "min":0 + }, + "GetApprovalTeamRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    ", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetApprovalTeamResponse":{ + "type":"structure", + "members":{ + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the team was created.

    " + }, + "ApprovalStrategy":{ + "shape":"ApprovalStrategyResponse", + "documentation":"

    An ApprovalStrategyResponse object. Contains details for how the team grants approval.

    " + }, + "NumberOfApprovers":{ + "shape":"Integer", + "documentation":"

    Total number of approvers in the team.

    " + }, + "Approvers":{ + "shape":"GetApprovalTeamResponseApprovers", + "documentation":"

    An array of GetApprovalTeamResponseApprover objects. Contains details for the approvers in the team.

    " + }, + "Arn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the team.

    " + }, + "Name":{ + "shape":"String", + "documentation":"

    Name of the approval team.

    " + }, + "Status":{ + "shape":"ApprovalTeamStatus", + "documentation":"

    Status for the team. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusCode":{ + "shape":"ApprovalTeamStatusCode", + "documentation":"

    Status code for the approval team. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusMessage":{ + "shape":"Message", + "documentation":"

    Message describing the status for the team.

    " + }, + "UpdateSessionArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the session.

    " + }, + "VersionId":{ + "shape":"String", + "documentation":"

    Version ID for the team.

    " + }, + "Policies":{ + "shape":"PoliciesReferences", + "documentation":"

    An array of PolicyReference objects. Contains a list of policies that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "LastUpdateTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the team was last updated.

    " + }, + "PendingUpdate":{ + "shape":"PendingUpdate", + "documentation":"

    A PendingUpdate object. Contains details for the pending updates for the team, if applicable.

    " + } + } + }, + "GetApprovalTeamResponseApprover":{ + "type":"structure", + "members":{ + "ApproverId":{ + "shape":"ParticipantId", + "documentation":"

    ID for the approver.

    " + }, + "ResponseTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the approver responded to an approval team invitation.

    " + }, + "PrimaryIdentityId":{ + "shape":"IdentityId", + "documentation":"

    ID for the user.

    " + }, + "PrimaryIdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

    " + }, + "PrimaryIdentityStatus":{ + "shape":"IdentityStatus", + "documentation":"

    Status for the identity source. For example, if an approver has accepted a team invitation with a user authentication method managed by the identity source.

    " + } + }, + "documentation":"

    Contains details for an approver.

    " + }, + "GetApprovalTeamResponseApprovers":{ + "type":"list", + "member":{"shape":"GetApprovalTeamResponseApprover"}, + "max":20, + "min":0 + }, + "GetIdentitySourceRequest":{ + "type":"structure", + "required":["IdentitySourceArn"], + "members":{ + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source.

    ", + "location":"uri", + "locationName":"IdentitySourceArn" + } + } + }, + "GetIdentitySourceResponse":{ + "type":"structure", + "members":{ + "IdentitySourceType":{ + "shape":"IdentitySourceType", + "documentation":"

    The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceParameters":{ + "shape":"IdentitySourceParametersForGet", + "documentation":"

    A IdentitySourceParameters object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source.

    " + }, + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the identity source was created.

    " + }, + "Status":{ + "shape":"IdentitySourceStatus", + "documentation":"

    Status for the identity source. For example, if the identity source is ACTIVE.

    " + }, + "StatusCode":{ + "shape":"IdentitySourceStatusCode", + "documentation":"

    Status code of the identity source.

    " + }, + "StatusMessage":{ + "shape":"String", + "documentation":"

    Message describing the status for the identity source.

    " + } + } + }, + "GetPolicyVersionRequest":{ + "type":"structure", + "required":["PolicyVersionArn"], + "members":{ + "PolicyVersionArn":{ + "shape":"QualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    ", + "location":"uri", + "locationName":"PolicyVersionArn" + } + } + }, + "GetPolicyVersionResponse":{ + "type":"structure", + "required":["PolicyVersion"], + "members":{ + "PolicyVersion":{ + "shape":"PolicyVersion", + "documentation":"

    A PolicyVersion object. Contains details for the version of the policy. Policies define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + } + } + }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "PolicyName", + "PolicyType" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource.

    " + }, + "PolicyName":{ + "shape":"String", + "documentation":"

    Name of the policy.

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy.

    " + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "required":[ + "ResourceArn", + "PolicyType", + "PolicyName", + "PolicyDocument" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource.

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy

    " + }, + "PolicyVersionArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the policy version.

    " + }, + "PolicyName":{ + "shape":"PolicyName", + "documentation":"

    Name of the policy.

    " + }, + "PolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"

    Document that contains the contents for the policy.

    " + } + } + }, + "GetSessionRequest":{ + "type":"structure", + "required":["SessionArn"], + "members":{ + "SessionArn":{ + "shape":"SessionArn", + "documentation":"

    Amazon Resource Name (ARN) for the session.

    ", + "location":"uri", + "locationName":"SessionArn" + } + } + }, + "GetSessionResponse":{ + "type":"structure", + "members":{ + "SessionArn":{ + "shape":"SessionArn", + "documentation":"

    Amazon Resource Name (ARN) for the session.

    " + }, + "ApprovalTeamArn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the approval team.

    " + }, + "ApprovalTeamName":{ + "shape":"ApprovalTeamName", + "documentation":"

    Name of the approval team.

    " + }, + "ProtectedResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the protected operation.

    " + }, + "ApprovalStrategy":{ + "shape":"ApprovalStrategyResponse", + "documentation":"

    An ApprovalStrategyResponse object. Contains details for how the team grants approval

    " + }, + "NumberOfApprovers":{ + "shape":"Integer", + "documentation":"

    Total number of approvers in the session.

    " + }, + "InitiationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session was initiated.

    " + }, + "ExpirationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session will expire.

    " + }, + "CompletionTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session completed.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the session.

    " + }, + "Metadata":{ + "shape":"SessionMetadata", + "documentation":"

    Metadata for the session.

    " + }, + "Status":{ + "shape":"SessionStatus", + "documentation":"

    Status for the session. For example, if the team has approved the requested operation.

    " + }, + "StatusCode":{ + "shape":"SessionStatusCode", + "documentation":"

    Status code of the session.

    " + }, + "StatusMessage":{ + "shape":"Message", + "documentation":"

    Message describing the status for session.

    " + }, + "ExecutionStatus":{ + "shape":"SessionExecutionStatus", + "documentation":"

    Status for the protected operation. For example, if the operation is PENDING.

    " + }, + "ActionName":{ + "shape":"ActionName", + "documentation":"

    Name of the protected operation.

    " + }, + "RequesterServicePrincipal":{ + "shape":"ServicePrincipal", + "documentation":"

    Service principal for the service associated with the protected operation.

    " + }, + "RequesterPrincipalArn":{ + "shape":"String", + "documentation":"

    IAM principal that made the operation request.

    " + }, + "RequesterAccountId":{ + "shape":"AccountId", + "documentation":"

    ID for the account that made the operation request.

    " + }, + "RequesterRegion":{ + "shape":"Region", + "documentation":"

    Amazon Web Services Region where the operation request originated.

    " + }, + "RequesterComment":{ + "shape":"RequesterComment", + "documentation":"

    Message from the account that made the operation request

    " + }, + "ActionCompletionStrategy":{ + "shape":"ActionCompletionStrategy", + "documentation":"

    Strategy for executing the protected operation. AUTO_COMPLETION_UPON_APPROVAL means the operation is automatically executed using the requester's permissions, if approved.

    " + }, + "ApproverResponses":{ + "shape":"GetSessionResponseApproverResponses", + "documentation":"

    An array of GetSessionResponseApproverResponse objects. Contains details for approver responses in the session.

    " + } + } + }, + "GetSessionResponseApproverResponse":{ + "type":"structure", + "members":{ + "ApproverId":{ + "shape":"ParticipantId", + "documentation":"

    ID for the approver.

    " + }, + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source. The identity source manages the user authentication for approvers.

    " + }, + "IdentityId":{ + "shape":"IdentityId", + "documentation":"

    ID for the identity source. The identity source manages the user authentication for approvers.

    " + }, + "Response":{ + "shape":"SessionResponse", + "documentation":"

    Response to the operation request.

    " + }, + "ResponseTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when a approver responded to the operation request.

    " + } + }, + "documentation":"

    Contains details for an approver response in an approval session.

    " + }, + "GetSessionResponseApproverResponses":{ + "type":"list", + "member":{"shape":"GetSessionResponseApproverResponse"}, + "max":20, + "min":0 + }, + "IamIdentityCenter":{ + "type":"structure", + "required":[ + "InstanceArn", + "Region" + ], + "members":{ + "InstanceArn":{ + "shape":"IdcInstanceArn", + "documentation":"

    Amazon Resource Name (ARN) for the IAM Identity Center instance.

    " + }, + "Region":{ + "shape":"String", + "documentation":"

    Amazon Web Services Region where the IAM Identity Center instance is located.

    " + } + }, + "documentation":"

    IAM Identity Center credentials. For more information see, IAM Identity Center .

    " + }, + "IamIdentityCenterForGet":{ + "type":"structure", + "members":{ + "InstanceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the IAM Identity Center instance.

    " + }, + "ApprovalPortalUrl":{ + "shape":"String", + "documentation":"

    URL for the approval portal associated with the IAM Identity Center instance.

    " + }, + "Region":{ + "shape":"String", + "documentation":"

    Amazon Web Services Region where the IAM Identity Center instance is located.

    " + } + }, + "documentation":"

    IAM Identity Center credentials. For more information see, IAM Identity Center .

    " + }, + "IamIdentityCenterForList":{ + "type":"structure", + "members":{ + "InstanceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the IAM Identity Center instance.

    " + }, + "ApprovalPortalUrl":{ + "shape":"String", + "documentation":"

    URL for the approval portal associated with the IAM Identity Center instance.

    " + }, + "Region":{ + "shape":"String", + "documentation":"

    Amazon Web Services Region where the IAM Identity Center instance is located.

    " + } + }, + "documentation":"

    IAM Identity Center credentials. For more information see, IAM Identity Center .

    " + }, + "IdcInstanceArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:.+:sso:::instance/(?:sso)?ins-[a-zA-Z0-9-.]{16}" + }, + "IdentityId":{ + "type":"string", + "max":100, + "min":1 + }, + "IdentitySourceForList":{ + "type":"structure", + "members":{ + "IdentitySourceType":{ + "shape":"IdentitySourceType", + "documentation":"

    The type of resource that provided identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceParameters":{ + "shape":"IdentitySourceParametersForList", + "documentation":"

    A IdentitySourceParametersForList object. Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the identity source.

    " + }, + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the identity source was created.

    " + }, + "Status":{ + "shape":"IdentitySourceStatus", + "documentation":"

    Status for the identity source. For example, if the identity source is ACTIVE.

    " + }, + "StatusCode":{ + "shape":"IdentitySourceStatusCode", + "documentation":"

    Status code of the identity source.

    " + }, + "StatusMessage":{ + "shape":"String", + "documentation":"

    Message describing the status for the identity source.

    " + } + }, + "documentation":"

    Contains details for an identity source. For more information, see Identity source in the Multi-party approval User Guide.

    " + }, + "IdentitySourceParameters":{ + "type":"structure", + "members":{ + "IamIdentityCenter":{ + "shape":"IamIdentityCenter", + "documentation":"

    IAM Identity Center credentials.

    " + } + }, + "documentation":"

    Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.

    " + }, + "IdentitySourceParametersForGet":{ + "type":"structure", + "members":{ + "IamIdentityCenter":{ + "shape":"IamIdentityCenterForGet", + "documentation":"

    IAM Identity Center credentials.

    " + } + }, + "documentation":"

    Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance. For more information, see Identity source in the Multi-party approval User Guide.

    ", + "union":true + }, + "IdentitySourceParametersForList":{ + "type":"structure", + "members":{ + "IamIdentityCenter":{ + "shape":"IamIdentityCenterForList", + "documentation":"

    IAM Identity Center credentials.

    " + } + }, + "documentation":"

    Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance. For more information, see Identity source in the Multi-party approval User Guide.

    ", + "union":true + }, + "IdentitySourceStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "DELETING", + "ERROR" + ] + }, + "IdentitySourceStatusCode":{ + "type":"string", + "enum":[ + "ACCESS_DENIED", + "DELETION_FAILED", + "IDC_INSTANCE_NOT_FOUND", + "IDC_INSTANCE_NOT_VALID" + ] + }, + "IdentitySourceType":{ + "type":"string", + "enum":["IAM_IDENTITY_CENTER"] + }, + "IdentitySources":{ + "type":"list", + "member":{"shape":"IdentitySourceForList"}, + "max":20, + "min":0 + }, + "IdentityStatus":{ + "type":"string", + "enum":[ + "PENDING", + "ACCEPTED", + "REJECTED", + "INVALID" + ] + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the InternalServerException error.

    " + } + }, + "documentation":"

    The service encountered an internal error. Try your request again. If the problem persists, contact Amazon Web Services Support.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "InvalidParameterException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the InvalidParameterException error.

    " + } + }, + "documentation":"

    The request contains an invalid parameter value.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "IsoTimestamp":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "ListApprovalTeamsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListApprovalTeamsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "ApprovalTeams":{ + "shape":"ListApprovalTeamsResponseApprovalTeams", + "documentation":"

    An array of ListApprovalTeamsResponseApprovalTeam objects. Contains details for approval teams.

    " + } + } + }, + "ListApprovalTeamsResponseApprovalTeam":{ + "type":"structure", + "members":{ + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the team was created.

    " + }, + "ApprovalStrategy":{ + "shape":"ApprovalStrategyResponse", + "documentation":"

    An ApprovalStrategyResponse object. Contains details for how an approval team grants approval.

    " + }, + "NumberOfApprovers":{ + "shape":"Integer", + "documentation":"

    Total number of approvers in the team.

    " + }, + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    " + }, + "Name":{ + "shape":"ApprovalTeamName", + "documentation":"

    Name of the team.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the team.

    " + }, + "Status":{ + "shape":"ApprovalTeamStatus", + "documentation":"

    Status for the team. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusCode":{ + "shape":"ApprovalTeamStatusCode", + "documentation":"

    Status code for the team. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusMessage":{ + "shape":"Message", + "documentation":"

    Message describing the status for the team.

    " + } + }, + "documentation":"

    Contains details for an approval team

    " + }, + "ListApprovalTeamsResponseApprovalTeams":{ + "type":"list", + "member":{"shape":"ListApprovalTeamsResponseApprovalTeam"}, + "max":20, + "min":0 + }, + "ListIdentitySourcesRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListIdentitySourcesResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "IdentitySources":{ + "shape":"IdentitySources", + "documentation":"

    A IdentitySources. Contains details for identity sources.

    " + } + } + }, + "ListPoliciesRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListPoliciesResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "Policies":{ + "shape":"Policies", + "documentation":"

    An array of Policy objects. Contains a list of policies that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + } + } + }, + "ListPolicyVersionsRequest":{ + "type":"structure", + "required":["PolicyArn"], + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "PolicyArn":{ + "shape":"UnqualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    ", + "location":"uri", + "locationName":"PolicyArn" + } + } + }, + "ListPolicyVersionsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "PolicyVersions":{ + "shape":"PolicyVersions", + "documentation":"

    An array of PolicyVersionSummary objects. Contains details for the version of the policies that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + } + } + }, + "ListResourcePoliciesRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    ", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListResourcePoliciesResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "ResourcePolicies":{ + "shape":"ListResourcePoliciesResponseResourcePolicies", + "documentation":"

    An array of ListResourcePoliciesResponseResourcePolicy objects. Contains details about the policy for the resource.

    " + } + } + }, + "ListResourcePoliciesResponseResourcePolicies":{ + "type":"list", + "member":{"shape":"ListResourcePoliciesResponseResourcePolicy"}, + "max":100, + "min":0 + }, + "ListResourcePoliciesResponseResourcePolicy":{ + "type":"structure", + "members":{ + "PolicyArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for policy.

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy.

    " + }, + "PolicyName":{ + "shape":"String", + "documentation":"

    Name of the policy.

    " + } + }, + "documentation":"

    Contains details about a policy for a resource.

    " + }, + "ListSessionsRequest":{ + "type":"structure", + "required":["ApprovalTeamArn"], + "members":{ + "ApprovalTeamArn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the approval team.

    ", + "location":"uri", + "locationName":"ApprovalTeamArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "Filters":{ + "shape":"Filters", + "documentation":"

    An array of Filter objects. Contains the filter to apply when listing sessions.

    " + } + } + }, + "ListSessionsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a next call to the operation to get more output. You can repeat this until the NextToken response element returns null.

    " + }, + "Sessions":{ + "shape":"ListSessionsResponseSessions", + "documentation":"

    An array of ListSessionsResponseSession objects. Contains details for the sessions.

    " + } + } + }, + "ListSessionsResponseSession":{ + "type":"structure", + "members":{ + "SessionArn":{ + "shape":"SessionArn", + "documentation":"

    Amazon Resource Name (ARN) for the session.

    " + }, + "ApprovalTeamName":{ + "shape":"ApprovalTeamName", + "documentation":"

    Name of the approval team.

    " + }, + "ApprovalTeamArn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the approval team.

    " + }, + "InitiationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session was initiated.

    " + }, + "ExpirationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session was expire.

    " + }, + "CompletionTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the session was completed.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the team.

    " + }, + "ActionName":{ + "shape":"ActionName", + "documentation":"

    Name of the protected operation.

    " + }, + "ProtectedResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the protected operation.

    " + }, + "RequesterServicePrincipal":{ + "shape":"ServicePrincipal", + "documentation":"

    Service principal for the service associated with the protected operation.

    " + }, + "RequesterPrincipalArn":{ + "shape":"String", + "documentation":"

    IAM principal that made the operation request.

    " + }, + "RequesterRegion":{ + "shape":"Region", + "documentation":"

    Amazon Web Services Region where the operation request originated.

    " + }, + "RequesterAccountId":{ + "shape":"AccountId", + "documentation":"

    ID for the account that made the operation request.

    " + }, + "Status":{ + "shape":"SessionStatus", + "documentation":"

    Status for the protected operation. For example, if the operation is PENDING.

    " + }, + "StatusCode":{ + "shape":"SessionStatusCode", + "documentation":"

    Status code of the session.

    " + }, + "StatusMessage":{ + "shape":"Message", + "documentation":"

    Message describing the status for session.

    " + }, + "ActionCompletionStrategy":{ + "shape":"ActionCompletionStrategy", + "documentation":"

    Strategy for executing the protected operation. AUTO_COMPLETION_UPON_APPROVAL means the operation is executed automatically using the requester's permissions, if approved.

    " + } + }, + "documentation":"

    Contains details for an approval session. For more information, see Session in the Multi-party approval User Guide

    " + }, + "ListSessionsResponseSessions":{ + "type":"list", + "member":{"shape":"ListSessionsResponseSession"}, + "max":20, + "min":0 + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource.

    ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"Tags", + "documentation":"

    Tags attached to the resource.

    " + } + } + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "Message":{ + "type":"string", + "max":500, + "min":0 + }, + "MofNApprovalStrategy":{ + "type":"structure", + "required":["MinApprovalsRequired"], + "members":{ + "MinApprovalsRequired":{ + "shape":"MofNApprovalStrategyMinApprovalsRequiredInteger", + "documentation":"

    Minimum number of approvals (M) required for a total number of approvers (N).

    " + } + }, + "documentation":"

    Strategy for how an approval team grants approval.

    " + }, + "MofNApprovalStrategyMinApprovalsRequiredInteger":{ + "type":"integer", + "box":true, + "min":1 + }, + "Operator":{ + "type":"string", + "enum":[ + "EQ", + "NE", + "GT", + "LT", + "GTE", + "LTE", + "CONTAINS", + "NOT_CONTAINS", + "BETWEEN" + ] + }, + "ParticipantId":{ + "type":"string", + "max":100, + "min":1 + }, + "PendingUpdate":{ + "type":"structure", + "members":{ + "VersionId":{ + "shape":"String", + "documentation":"

    Version ID for the team.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    Description for the team.

    " + }, + "ApprovalStrategy":{ + "shape":"ApprovalStrategyResponse", + "documentation":"

    An ApprovalStrategyResponse object. Contains details for how the team grants approval.

    " + }, + "NumberOfApprovers":{ + "shape":"Integer", + "documentation":"

    Total number of approvers in the team.

    " + }, + "Status":{ + "shape":"ApprovalTeamStatus", + "documentation":"

    Status for the team. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusCode":{ + "shape":"ApprovalTeamStatusCode", + "documentation":"

    Status code for the update. For more information, see Team health in the Multi-party approval User Guide.

    " + }, + "StatusMessage":{ + "shape":"Message", + "documentation":"

    Message describing the status for the team.

    " + }, + "Approvers":{ + "shape":"GetApprovalTeamResponseApprovers", + "documentation":"

    An array of GetApprovalTeamResponseApprover objects. Contains details for the approvers in the team.

    " + }, + "UpdateInitiationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the update request was initiated.

    " + } + }, + "documentation":"

    Contains details for the pending updates for an approval team, if applicable.

    " + }, + "Policies":{ + "type":"list", + "member":{"shape":"Policy"}, + "max":20, + "min":0 + }, + "PoliciesReferences":{ + "type":"list", + "member":{"shape":"PolicyReference"}, + "max":10, + "min":1 + }, + "Policy":{ + "type":"structure", + "required":[ + "Arn", + "DefaultVersion", + "PolicyType", + "Name" + ], + "members":{ + "Arn":{ + "shape":"UnqualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    " + }, + "DefaultVersion":{ + "shape":"PolicyVersionId", + "documentation":"

    Determines if the specified policy is the default for the team.

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy.

    " + }, + "Name":{ + "shape":"PolicyName", + "documentation":"

    Name of the policy.

    " + } + }, + "documentation":"

    Contains details for a policy. Policies define what operations a team that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "PolicyDocument":{ + "type":"string", + "max":400000, + "min":0, + "sensitive":true + }, + "PolicyName":{ + "type":"string", + "max":64, + "min":0 + }, + "PolicyReference":{ + "type":"structure", + "required":["PolicyArn"], + "members":{ + "PolicyArn":{ + "shape":"QualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    " + } + }, + "documentation":"

    Contains the Amazon Resource Name (ARN) for a policy. Policies define what operations a team that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "PolicyStatus":{ + "type":"string", + "enum":[ + "ATTACHABLE", + "DEPRECATED" + ] + }, + "PolicyType":{ + "type":"string", + "enum":[ + "AWS_MANAGED", + "AWS_RAM" + ] + }, + "PolicyVersion":{ + "type":"structure", + "required":[ + "Arn", + "PolicyArn", + "VersionId", + "PolicyType", + "IsDefault", + "Name", + "Status", + "CreationTime", + "LastUpdatedTime", + "Document" + ], + "members":{ + "Arn":{ + "shape":"QualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    " + }, + "PolicyArn":{ + "shape":"UnqualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    " + }, + "VersionId":{ + "shape":"PolicyVersionId", + "documentation":"

    Verison ID

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy.

    " + }, + "IsDefault":{ + "shape":"Boolean", + "documentation":"

    Determines if the specified policy is the default for the team.

    " + }, + "Name":{ + "shape":"PolicyName", + "documentation":"

    Name of the policy.

    " + }, + "Status":{ + "shape":"PolicyStatus", + "documentation":"

    Status for the policy. For example, if the policy is attachable or deprecated.

    " + }, + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the policy was created.

    " + }, + "LastUpdatedTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the policy was last updated.

    " + }, + "Document":{ + "shape":"PolicyDocument", + "documentation":"

    Document that contains the policy contents.

    " + } + }, + "documentation":"

    Contains details for the version of a policy. Policies define what operations a team that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "PolicyVersionId":{ + "type":"integer", + "box":true, + "min":1 + }, + "PolicyVersionSummary":{ + "type":"structure", + "required":[ + "Arn", + "PolicyArn", + "VersionId", + "PolicyType", + "IsDefault", + "Name", + "Status", + "CreationTime", + "LastUpdatedTime" + ], + "members":{ + "Arn":{ + "shape":"QualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    " + }, + "PolicyArn":{ + "shape":"UnqualifiedPolicyArn", + "documentation":"

    Amazon Resource Name (ARN) for the policy.

    " + }, + "VersionId":{ + "shape":"PolicyVersionId", + "documentation":"

    Version ID for the policy.

    " + }, + "PolicyType":{ + "shape":"PolicyType", + "documentation":"

    The type of policy.

    " + }, + "IsDefault":{ + "shape":"Boolean", + "documentation":"

    Determines if the specified policy is the default for the team.

    " + }, + "Name":{ + "shape":"PolicyName", + "documentation":"

    Name of the policy

    " + }, + "Status":{ + "shape":"PolicyStatus", + "documentation":"

    Status for the policy. For example, if the policy is attachable or deprecated.

    " + }, + "CreationTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the policy was created.

    " + }, + "LastUpdatedTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the policy was last updated.

    " + } + }, + "documentation":"

    Contains details for the version of a policy. Policies define what operations a team that define the permissions for team resources.

    The protected operation for a service integration might require specific permissions. For more information, see How other services work with Multi-party approval in the Multi-party approval User Guide.

    " + }, + "PolicyVersions":{ + "type":"list", + "member":{"shape":"PolicyVersionSummary"}, + "max":20, + "min":0 + }, + "QualifiedPolicyArn":{ + "type":"string", + "max":1224, + "min":0, + "pattern":"arn:.{1,63}:mpa:::aws:policy/[a-zA-Z0-9_\\.-]{1,1023}/[a-zA-Z0-9_\\.-]{1,1023}/(?:[\\d]+|\\$DEFAULT)" + }, + "Region":{ + "type":"string", + "max":100, + "min":0 + }, + "RequesterComment":{ + "type":"string", + "max":200, + "min":0, + "sensitive":true + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the ResourceNotFoundException error.

    " + } + }, + "documentation":"

    The specified resource doesn't exist. Check the resource ID, and try again.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ServicePrincipal":{ + "type":"string", + "max":100, + "min":1 + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the ServiceQuotaExceededException error.

    " + } + }, + "documentation":"

    The request exceeds the service quota for your account. Request a quota increase or reduce your request size.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "SessionArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws(-[^:]+)?:mpa:[a-z0-9-]{1,20}:[0-9]{12}:session/[a-zA-Z0-9._-]+/[a-zA-Z0-9_-]+" + }, + "SessionExecutionStatus":{ + "type":"string", + "enum":[ + "EXECUTED", + "FAILED", + "PENDING" + ] + }, + "SessionKey":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9\\p{P}]*", + "sensitive":true + }, + "SessionMetadata":{ + "type":"map", + "key":{"shape":"SessionKey"}, + "value":{"shape":"SessionValue"}, + "sensitive":true + }, + "SessionResponse":{ + "type":"string", + "enum":[ + "APPROVED", + "REJECTED", + "NO_RESPONSE" + ] + }, + "SessionStatus":{ + "type":"string", + "enum":[ + "PENDING", + "CANCELLED", + "APPROVED", + "FAILED", + "CREATING" + ] + }, + "SessionStatusCode":{ + "type":"string", + "enum":[ + "REJECTED", + "EXPIRED", + "CONFIGURATION_CHANGED" + ] + }, + "SessionValue":{ + "type":"string", + "max":200, + "min":1, + "pattern":"[a-zA-Z0-9\\p{P}]*", + "sensitive":true + }, + "StartActiveApprovalTeamDeletionRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "PendingWindowDays":{ + "shape":"Integer", + "documentation":"

    Number of days between when the team approves the delete request and when the team is deleted.

    " + }, + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    ", + "location":"uri", + "locationName":"Arn" + } + } + }, + "StartActiveApprovalTeamDeletionResponse":{ + "type":"structure", + "members":{ + "DeletionCompletionTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the deletion process is scheduled to complete.

    " + }, + "DeletionStartTime":{ + "shape":"IsoTimestamp", + "documentation":"

    Timestamp when the deletion process was initiated.

    " + } + } + }, + "String":{ + "type":"string", + "max":1000, + "min":0 + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "sensitive":true + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":0, + "sensitive":true + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource you want to tag.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    Tags that you have added to the specified resource.

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "sensitive":true + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "sensitive":true + }, + "ThrottlingException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the ThrottlingException error.

    " + } + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "Token":{ + "type":"string", + "max":4096, + "min":0 + }, + "TooManyTagsException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the TooManyTagsException error.

    " + }, + "ResourceName":{ + "shape":"String", + "documentation":"

    Name of the resource for the TooManyTagsException error.

    " + } + }, + "documentation":"

    The request exceeds the maximum number of tags allowed for this resource. Remove some tags, and try again.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "UnqualifiedPolicyArn":{ + "type":"string", + "max":1224, + "min":0, + "pattern":"arn:.{1,63}:mpa:::aws:policy/[a-zA-Z0-9_\\.-]{1,1023}/[a-zA-Z0-9_\\.-]{1,1023}" + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"

    Amazon Resource Name (ARN) for the resource you want to untag.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    Array of tag key-value pairs that you want to untag.

    " + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateApprovalTeamRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "ApprovalStrategy":{ + "shape":"ApprovalStrategy", + "documentation":"

    An ApprovalStrategy object. Contains details for how the team grants approval.

    " + }, + "Approvers":{ + "shape":"ApprovalTeamRequestApprovers", + "documentation":"

    An array of ApprovalTeamRequestApprover objects. Contains details for the approvers in the team.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Description for the team.

    " + }, + "Arn":{ + "shape":"ApprovalTeamArn", + "documentation":"

    Amazon Resource Name (ARN) for the team.

    ", + "location":"uri", + "locationName":"Arn" + } + } + }, + "UpdateApprovalTeamResponse":{ + "type":"structure", + "members":{ + "VersionId":{ + "shape":"String", + "documentation":"

    Version ID for the team that was created. When an approval team is updated, the version ID changes.

    " + } + } + }, + "ValidationException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Message for the ValidationException error.

    " + } + }, + "documentation":"

    The input fails to satisfy the constraints specified by an Amazon Web Services service.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + }, + "documentation":"

    Multi-party approval is a capability of Organizations that allows you to protect a predefined list of operations through a distributed approval process. Use Multi-party approval to establish approval workflows and transform security processes into team-based decisions.

    When to use Multi-party approval:

    • You need to align with the Zero Trust principle of \"never trust, always verify\"

    • You need to make sure that the right humans have access to the right things in the right way

    • You need distributed decision-making for sensitive or critical operations

    • You need to protect against unintended operations on sensitive or critical resources

    • You need formal reviews and approvals for auditing or compliance reasons

    For more information, see What is Multi-party approval in the Multi-party approval User Guide.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/waiters-2.json 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/waiters-2.json --- 2.23.6-1/awscli/botocore/data/mpa/2022-07-26/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mpa/2022-07-26/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/mq/2017-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mq/2017-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mq/2017-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mq/2017-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mq/2017-11-27/service-2.json 2.31.35-1/awscli/botocore/data/mq/2017-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/mq/2017-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mq/2017-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -188,6 +188,44 @@ ], "documentation": "

    Deletes a broker. Note: This API is asynchronous.

    " }, + "DeleteConfiguration": { + "name": "DeleteConfiguration", + "http": { + "method": "DELETE", + "requestUri": "/v1/configurations/{configuration-id}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteConfigurationRequest" + }, + "output": { + "shape": "DeleteConfigurationResponse", + "documentation": "

    HTTP Status Code 200: OK.

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    HTTP Status Code 404: Resource not found due to incorrect input. Correct your request and then retry it.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    HTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    HTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    HTTP Status Code 409: Conflict. This broker name already exists. Retry your request with another name.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    HTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.

    " + } + ], + "documentation": "

    Deletes the specified configuration.

    " + }, "DeleteTags": { "name": "DeleteTags", "http": { @@ -815,7 +853,8 @@ "documentation": "

    Optional. The authentication strategy used to secure the broker. The default is SIMPLE.

    ", "enum": [ "SIMPLE", - "LDAP" + "LDAP", + "CONFIG_MANAGED" ] }, "AvailabilityZone": { @@ -1309,13 +1348,12 @@ "Users": { "shape": "__listOfUser", "locationName": "users", - "documentation": "

    The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

    " + "documentation": "

    The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, an administrative user is required if using simple authentication and authorization. For brokers using OAuth2, this user is optional. When provided, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

    " } }, "documentation": "

    Creates a broker.

    ", "required": [ "HostInstanceType", - "Users", "BrokerName", "DeploymentMode", "EngineType", @@ -1435,7 +1473,7 @@ "Users": { "shape": "__listOfUser", "locationName": "users", - "documentation": "

    The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

    " + "documentation": "

    The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, an administrative user is required if using simple authentication and authorization. For brokers using OAuth2, this user is optional. When provided, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

    " }, "DataReplicationMode": { "shape": "DataReplicationMode", @@ -1451,7 +1489,6 @@ "documentation": "

    Creates a broker using the specified properties.

    ", "required": [ "HostInstanceType", - "Users", "BrokerName", "DeploymentMode", "EngineType", @@ -1715,8 +1752,7 @@ }, "CreateUserResponse": { "type": "structure", - "members": { - } + "members": {} }, "DataReplicationCounterpart": { "type": "structure", @@ -1812,6 +1848,41 @@ } } }, + "DeleteConfigurationOutput": { + "type": "structure", + "members": { + "ConfigurationId": { + "shape": "__string", + "locationName": "configurationId", + "documentation": "

    The unique ID that Amazon MQ generates for the configuration.

    " + } + }, + "documentation": "

    Returns information about the deleted configuration.

    " + }, + "DeleteConfigurationRequest": { + "type": "structure", + "members": { + "ConfigurationId": { + "shape": "__string", + "location": "uri", + "locationName": "configuration-id", + "documentation": "

    The unique ID that Amazon MQ generates for the configuration.

    " + } + }, + "required": [ + "ConfigurationId" + ] + }, + "DeleteConfigurationResponse": { + "type": "structure", + "members": { + "ConfigurationId": { + "shape": "__string", + "locationName": "configurationId", + "documentation": "

    The unique ID that Amazon MQ generates for the configuration.

    " + } + } + }, "DeleteTagsRequest": { "type": "structure", "members": { @@ -1856,8 +1927,7 @@ }, "DeleteUserResponse": { "type": "structure", - "members": { - } + "members": {} }, "DeploymentMode": { "type": "string", @@ -3258,8 +3328,7 @@ }, "RebootBrokerResponse": { "type": "structure", - "members": { - } + "members": {} }, "SanitizationWarning": { "type": "structure", @@ -3792,8 +3861,7 @@ }, "UpdateUserResponse": { "type": "structure", - "members": { - } + "members": {} }, "User": { "type": "structure", diff -pruN 2.23.6-1/awscli/botocore/data/mturk/2017-01-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mturk/2017-01-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mturk/2017-01-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mturk/2017-01-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,65 +5,110 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ { - "fn": "parseURL", + "fn": "aws.partition", "argv": [ { - "ref": "Endpoint" + "ref": "Region" } ], - "assign": "url" + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -75,158 +120,103 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } ] } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://mturk-requester-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } - ] - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] + ], + "type": "tree" }, { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseFIPS" + }, + true ] } ], - "type": "tree", "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://mturk-requester-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", + ], "rules": [ { "conditions": [], @@ -237,74 +227,70 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "UseDualStack" + }, + true ] } ], - "type": "tree", "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://mturk-requester.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://mturk-requester.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } - ] + ], + "type": "tree" }, { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "type": "tree", - "rules": [ - { "conditions": [ { "fn": "stringEquals", @@ -332,9 +318,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/mturk/2017-01-17/service-2.json 2.31.35-1/awscli/botocore/data/mturk/2017-01-17/service-2.json --- 2.23.6-1/awscli/botocore/data/mturk/2017-01-17/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mturk/2017-01-17/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"mturk-requester", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Amazon MTurk", "serviceFullName":"Amazon Mechanical Turk", "serviceId":"MTurk", "signatureVersion":"v4", "targetPrefix":"MTurkRequesterServiceV20170117", - "uid":"mturk-requester-2017-01-17" + "uid":"mturk-requester-2017-01-17", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptQualificationRequest":{ @@ -603,8 +605,7 @@ }, "AcceptQualificationRequestResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ApproveAssignmentRequest":{ "type":"structure", @@ -626,8 +627,7 @@ }, "ApproveAssignmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Assignment":{ "type":"structure", @@ -726,8 +726,7 @@ }, "AssociateQualificationWithWorkerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "BonusPayment":{ "type":"structure", @@ -800,8 +799,7 @@ }, "CreateAdditionalAssignmentsForHITResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateHITRequest":{ "type":"structure", @@ -1072,8 +1070,7 @@ }, "CreateWorkerBlockResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CurrencyAmount":{ "type":"string", @@ -1102,8 +1099,7 @@ }, "DeleteHITResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteQualificationTypeRequest":{ "type":"structure", @@ -1117,8 +1113,7 @@ }, "DeleteQualificationTypeResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkerBlockRequest":{ "type":"structure", @@ -1136,8 +1131,7 @@ }, "DeleteWorkerBlockResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateQualificationFromWorkerRequest":{ "type":"structure", @@ -1162,8 +1156,7 @@ }, "DisassociateQualificationFromWorkerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EntityId":{ "type":"string", @@ -1195,8 +1188,7 @@ "ExceptionMessage":{"type":"string"}, "GetAccountBalanceRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountBalanceResponse":{ "type":"structure", @@ -2166,8 +2158,7 @@ }, "RejectAssignmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RejectQualificationRequestRequest":{ "type":"structure", @@ -2185,8 +2176,7 @@ }, "RejectQualificationRequestResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RequestError":{ "type":"structure", @@ -2367,8 +2357,7 @@ }, "SendBonusResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "SendTestEventNotificationRequest":{ "type":"structure", @@ -2389,8 +2378,7 @@ }, "SendTestEventNotificationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ServiceFault":{ "type":"structure", @@ -2428,8 +2416,7 @@ }, "UpdateExpirationForHITResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateHITReviewStatusRequest":{ "type":"structure", @@ -2447,8 +2434,7 @@ }, "UpdateHITReviewStatusResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateHITTypeOfHITRequest":{ "type":"structure", @@ -2469,8 +2455,7 @@ }, "UpdateHITTypeOfHITResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotificationSettingsRequest":{ "type":"structure", @@ -2492,8 +2477,7 @@ }, "UpdateNotificationSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateQualificationTypeRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/mwaa/2020-07-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/mwaa/2020-07-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/mwaa/2020-07-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mwaa/2020-07-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/mwaa/2020-07-01/service-2.json 2.31.35-1/awscli/botocore/data/mwaa/2020-07-01/service-2.json --- 2.23.6-1/awscli/botocore/data/mwaa/2020-07-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/mwaa/2020-07-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -825,6 +825,10 @@ "Source":{ "shape":"UpdateSource", "documentation":"

    The source of the last update to the environment. Includes internal processes by Amazon MWAA, such as an environment maintenance update.

    " + }, + "WorkerReplacementStrategy":{ + "shape":"WorkerReplacementStrategy", + "documentation":"

    The worker replacement strategy used in the last update of the environment.

    " } }, "documentation":"

    Describes the status of the last update on the environment, and any errors that were encountered.

    " @@ -1375,18 +1379,50 @@ "shape":"IamRoleArn", "documentation":"

    The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access Amazon Web Services resources in your environment. For example, arn:aws:iam::123456789:role/my-execution-role. For more information, see Amazon MWAA Execution role.

    " }, + "AirflowConfigurationOptions":{ + "shape":"AirflowConfigurationOptions", + "documentation":"

    A list of key-value pairs containing the Apache Airflow configuration options you want to attach to your environment. For more information, see Apache Airflow configuration options.

    " + }, "AirflowVersion":{ "shape":"AirflowVersion", "documentation":"

    The Apache Airflow version for your environment. To upgrade your environment, specify a newer version of Apache Airflow supported by Amazon MWAA.

    Before you upgrade an environment, make sure your requirements, DAGs, plugins, and other resources used in your workflows are compatible with the new Apache Airflow version. For more information about updating your resources, see Upgrading an Amazon MWAA environment.

    Valid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, 2.5.1, 2.6.3, 2.7.2, 2.8.1, 2.9.2, 2.10.1, and 2.10.3.

    " }, - "SourceBucketArn":{ - "shape":"S3BucketArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code and supporting files are stored. For example, arn:aws:s3:::my-airflow-bucket-unique-name. For more information, see Create an Amazon S3 bucket for Amazon MWAA.

    " - }, "DagS3Path":{ "shape":"RelativePath", "documentation":"

    The relative path to the DAGs folder on your Amazon S3 bucket. For example, dags. For more information, see Adding or updating DAGs.

    " }, + "EnvironmentClass":{ + "shape":"EnvironmentClass", + "documentation":"

    The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.

    " + }, + "LoggingConfiguration":{ + "shape":"LoggingConfigurationInput", + "documentation":"

    The Apache Airflow log types to send to CloudWatch Logs.

    " + }, + "MaxWorkers":{ + "shape":"MaxWorkers", + "documentation":"

    The maximum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. For example, 20. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the one worker that is included with your environment, or the number you specify in MinWorkers.

    " + }, + "MinWorkers":{ + "shape":"MinWorkers", + "documentation":"

    The minimum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the worker count you specify in the MinWorkers field. For example, 2.

    " + }, + "MaxWebservers":{ + "shape":"MaxWebservers", + "documentation":"

    The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

    Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

    " + }, + "MinWebservers":{ + "shape":"MinWebservers", + "documentation":"

    The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

    Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

    " + }, + "WorkerReplacementStrategy":{ + "shape":"WorkerReplacementStrategy", + "documentation":"

    The worker replacement strategy to use when updating the environment.

    You can select one of the following strategies:

    • Forced - Stops and replaces Apache Airflow workers without waiting for tasks to complete before an update.

    • Graceful - Allows Apache Airflow workers to complete running tasks for up to 12 hours during an update before they're stopped and replaced.

    " + }, + "NetworkConfiguration":{ + "shape":"UpdateNetworkConfigurationInput", + "documentation":"

    The VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. For more information, see About networking on Amazon MWAA.

    " + }, "PluginsS3Path":{ "shape":"RelativePath", "documentation":"

    The relative path to the plugins.zip file on your Amazon S3 bucket. For example, plugins.zip. If specified, then the plugins.zip version is required. For more information, see Installing custom plugins.

    " @@ -1403,6 +1439,14 @@ "shape":"S3ObjectVersion", "documentation":"

    The version of the requirements.txt file on your Amazon S3 bucket. You must specify a version each time a requirements.txt file is updated. For more information, see How S3 Versioning works.

    " }, + "Schedulers":{ + "shape":"Schedulers", + "documentation":"

    The number of Apache Airflow schedulers to run in your Amazon MWAA environment.

    " + }, + "SourceBucketArn":{ + "shape":"S3BucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code and supporting files are stored. For example, arn:aws:s3:::my-airflow-bucket-unique-name. For more information, see Create an Amazon S3 bucket for Amazon MWAA.

    " + }, "StartupScriptS3Path":{ "shape":"RelativePath", "documentation":"

    The relative path to the startup shell script in your Amazon S3 bucket. For example, s3://mwaa-environment/startup.sh.

    Amazon MWAA runs the script as your environment starts, and before running the Apache Airflow process. You can use this script to install dependencies, modify Apache Airflow configuration options, and set environment variables. For more information, see Using a startup script.

    " @@ -1411,49 +1455,13 @@ "shape":"S3ObjectVersion", "documentation":"

    The version of the startup shell script in your Amazon S3 bucket. You must specify the version ID that Amazon S3 assigns to the file every time you update the script.

    Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. The following is an example:

    3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo

    For more information, see Using a startup script.

    " }, - "AirflowConfigurationOptions":{ - "shape":"AirflowConfigurationOptions", - "documentation":"

    A list of key-value pairs containing the Apache Airflow configuration options you want to attach to your environment. For more information, see Apache Airflow configuration options.

    " - }, - "EnvironmentClass":{ - "shape":"EnvironmentClass", - "documentation":"

    The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.

    " - }, - "MaxWorkers":{ - "shape":"MaxWorkers", - "documentation":"

    The maximum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. For example, 20. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the one worker that is included with your environment, or the number you specify in MinWorkers.

    " - }, - "NetworkConfiguration":{ - "shape":"UpdateNetworkConfigurationInput", - "documentation":"

    The VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. For more information, see About networking on Amazon MWAA.

    " - }, - "LoggingConfiguration":{ - "shape":"LoggingConfigurationInput", - "documentation":"

    The Apache Airflow log types to send to CloudWatch Logs.

    " - }, - "WeeklyMaintenanceWindowStart":{ - "shape":"WeeklyMaintenanceWindowStart", - "documentation":"

    The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time to start weekly maintenance updates of your environment in the following format: DAY:HH:MM. For example: TUE:03:30. You can specify a start time in 30 minute increments only.

    " - }, "WebserverAccessMode":{ "shape":"WebserverAccessMode", "documentation":"

    The Apache Airflow Web server access mode. For more information, see Apache Airflow access modes.

    " }, - "MinWorkers":{ - "shape":"MinWorkers", - "documentation":"

    The minimum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the worker count you specify in the MinWorkers field. For example, 2.

    " - }, - "Schedulers":{ - "shape":"Schedulers", - "documentation":"

    The number of Apache Airflow schedulers to run in your Amazon MWAA environment.

    " - }, - "MinWebservers":{ - "shape":"MinWebservers", - "documentation":"

    The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

    Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

    " - }, - "MaxWebservers":{ - "shape":"MaxWebservers", - "documentation":"

    The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

    Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

    " + "WeeklyMaintenanceWindowStart":{ + "shape":"WeeklyMaintenanceWindowStart", + "documentation":"

    The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time to start weekly maintenance updates of your environment in the following format: DAY:HH:MM. For example: TUE:03:30. You can specify a start time in 30 minute increments only.

    " } } }, @@ -1541,6 +1549,13 @@ "max":9, "min":1, "pattern":".*(MON|TUE|WED|THU|FRI|SAT|SUN):([01]\\d|2[0-3]):(00|30).*" + }, + "WorkerReplacementStrategy":{ + "type":"string", + "enum":[ + "FORCED", + "GRACEFUL" + ] } }, "documentation":"

    Amazon Managed Workflows for Apache Airflow

    This section contains the Amazon Managed Workflows for Apache Airflow (MWAA) API reference documentation. For more information, see What is Amazon MWAA?.

    Endpoints

    Regions

    For a list of supported regions, see Amazon MWAA endpoints and quotas in the Amazon Web Services General Reference.

    " diff -pruN 2.23.6-1/awscli/botocore/data/neptune/2014-10-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/neptune/2014-10-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/neptune/2014-10-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptune/2014-10-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/neptune/2014-10-31/service-2.json 2.31.35-1/awscli/botocore/data/neptune/2014-10-31/service-2.json --- 2.23.6-1/awscli/botocore/data/neptune/2014-10-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptune/2014-10-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1261,6 +1261,25 @@ {"shape":"InvalidDBInstanceStateFault"} ], "documentation":"

    Stops an Amazon Neptune DB cluster. When you stop a DB cluster, Neptune retains the DB cluster's metadata, including its endpoints and DB parameter groups.

    Neptune also retains the transaction logs so you can do a point-in-time restore if necessary.

    " + }, + "SwitchoverGlobalCluster":{ + "name":"SwitchoverGlobalCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"SwitchoverGlobalClusterMessage"}, + "output":{ + "shape":"SwitchoverGlobalClusterResult", + "resultWrapper":"SwitchoverGlobalClusterResult" + }, + "errors":[ + {"shape":"GlobalClusterNotFoundFault"}, + {"shape":"InvalidGlobalClusterStateFault"}, + {"shape":"InvalidDBClusterStateFault"}, + {"shape":"DBClusterNotFoundFault"} + ], + "documentation":"

    Switches over the specified secondary DB cluster to be the new primary DB cluster in the global database cluster. Switchover operations were previously called \"managed planned failovers.\"

    Promotes the specified secondary cluster to assume full read/write capabilities and demotes the current primary cluster to a secondary (read-only) cluster, maintaining the original replication topology. All secondary clusters are synchronized with the primary at the beginning of the process so the new primary continues operations for the global database without losing any data. Your database is unavailable for a short time while the primary and selected secondary clusters are assuming their new roles.

    This operation is intended for controlled environments, for operations such as \"regional rotation\" or to fall back to the original primary after a global database failover.

    " } }, "shapes":{ @@ -1369,8 +1388,7 @@ }, "AuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specified CIDRIP or EC2 security group is not authorized for the specified DB security group.

    Neptune may not also be authorized via IAM to perform necessary actions on your behalf.

    ", "error":{ "code":"AuthorizationNotFound", @@ -1408,8 +1426,7 @@ "BooleanOptional":{"type":"boolean"}, "CertificateNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    CertificateIdentifier does not refer to an existing certificate.

    ", "error":{ "code":"CertificateNotFound", @@ -1471,7 +1488,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type for the DB cluster.

    " + "documentation":"

    The pending change in storage type for the DB cluster.   Valid Values:

    • standard   –   ( the default ) Configures cost-effective database storage for applications with moderate to small I/O usage.

    • iopt1   –   Enables I/O-Optimized storage that's designed to meet the needs of I/O-intensive graph workloads that require predictable pricing with low I/O latency and consistent I/O throughput.

      Neptune I/O-Optimized storage is only available starting with engine release 1.3.0.0.

    " }, "AllocatedStorage":{ "shape":"IntegerOptional", @@ -1479,7 +1496,7 @@ }, "Iops":{ "shape":"IntegerOptional", - "documentation":"

    The Provisioned IOPS (I/O operations per second) value. This setting is only for non-Aurora Multi-AZ DB clusters.

    " + "documentation":"

    The Provisioned IOPS (I/O operations per second) value. This setting is only for Multi-AZ DB clusters.

    " } }, "documentation":"

    This data type is used as a response element in the ModifyDBCluster operation and contains changes that will be applied during the next maintenance window.

    " @@ -1525,7 +1542,7 @@ "members":{ "SourceDBClusterSnapshotIdentifier":{ "shape":"String", - "documentation":"

    The identifier of the DB cluster snapshot to copy. This parameter is not case-sensitive.

    Constraints:

    • Must specify a valid system snapshot in the \"available\" state.

    • Specify a valid DB snapshot identifier.

    Example: my-cluster-snapshot1

    " + "documentation":"

    The identifier of the DB cluster snapshot to copy. This parameter is not case-sensitive. If the source DB cluster snapshot is in a different region or owned by another account, specify the snapshot ARN.

    Constraints:

    • Must specify a valid system snapshot in the \"available\" state.

    • Specify a valid DB snapshot identifier.

    Example: my-cluster-snapshot1

    " }, "TargetDBClusterSnapshotIdentifier":{ "shape":"String", @@ -1716,7 +1733,7 @@ }, "EngineVersion":{ "shape":"String", - "documentation":"

    The version number of the database engine to use for the new DB cluster.

    Example: 1.0.2.1

    " + "documentation":"

    The version number of the database engine to use for the new DB cluster.

    Example: 1.2.1.0

    " }, "Port":{ "shape":"IntegerOptional", @@ -1784,7 +1801,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type to associate with the DB cluster.

    Valid Values:

    • standard | iopt1

    Default:

    • standard

    When you create a Neptune cluster with the storage type set to iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to standard.

    " + "documentation":"

    The storage type for the new DB cluster.

    Valid Values:

    • standard   –   ( the default ) Configures cost-effective database storage for applications with moderate to small I/O usage. When set to standard, the storage type is not returned in the response.

    • iopt1   –   Enables I/O-Optimized storage that's designed to meet the needs of I/O-intensive graph workloads that require predictable pricing with low I/O latency and consistent I/O throughput.

      Neptune I/O-Optimized storage is only available starting with engine release 1.3.0.0.

    " } } }, @@ -1956,8 +1973,7 @@ }, "PubliclyAccessible":{ "shape":"BooleanOptional", - "documentation":"

    This flag should no longer be used.

    ", - "deprecated":true + "documentation":"

    Indicates whether the DB instance is publicly accessible.

    When the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.

    " }, "Tags":{ "shape":"TagList", @@ -1969,7 +1985,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    Specifies the storage type to be associated with the DB instance.

    Not applicable. Storage is managed by the DB Cluster.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "TdeCredentialArn":{ "shape":"String", @@ -2367,7 +2383,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type associated with the DB cluster.

    " + "documentation":"

    The storage type used by the DB cluster.

    Valid Values:

    • standard   –   ( the default ) Provides cost-effective database storage for applications with moderate to small I/O usage.

    • iopt1   –   Enables I/O-Optimized storage that's designed to meet the needs of I/O-intensive graph workloads that require predictable pricing with low I/O latency and consistent I/O throughput.

      Neptune I/O-Optimized storage is only available starting with engine release 1.3.0.0.

    " } }, "documentation":"

    Contains the details of an Amazon Neptune DB cluster.

    This data type is used as a response element in the DescribeDBClusters.

    ", @@ -2375,8 +2391,7 @@ }, "DBClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User already has a DB cluster with the given identifier.

    ", "error":{ "code":"DBClusterAlreadyExistsFault", @@ -2433,8 +2448,7 @@ }, "DBClusterEndpointAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified custom endpoint cannot be created because it already exists.

    ", "error":{ "code":"DBClusterEndpointAlreadyExistsFault", @@ -2455,7 +2469,7 @@ "members":{ "Marker":{ "shape":"String", - "documentation":"

    An optional pagination token provided by a previous DescribeDBClusterEndpoints request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " + "documentation":"

    n optional pagination token provided by a previous DescribeDBClusterEndpoints request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " }, "DBClusterEndpoints":{ "shape":"DBClusterEndpointList", @@ -2465,8 +2479,7 @@ }, "DBClusterEndpointNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified custom endpoint doesn't exist.

    ", "error":{ "code":"DBClusterEndpointNotFoundFault", @@ -2477,8 +2490,7 @@ }, "DBClusterEndpointQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster already has the maximum number of custom endpoints.

    ", "error":{ "code":"DBClusterEndpointQuotaExceededFault", @@ -2539,8 +2551,7 @@ }, "DBClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterIdentifier does not refer to an existing DB cluster.

    ", "error":{ "code":"DBClusterNotFoundFault", @@ -2624,8 +2635,7 @@ }, "DBClusterParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterParameterGroupName does not refer to an existing DB Cluster parameter group.

    ", "error":{ "code":"DBClusterParameterGroupNotFound", @@ -2649,8 +2659,7 @@ }, "DBClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User attempted to create a new DB cluster and the user has already reached the maximum allowed DB cluster quota.

    ", "error":{ "code":"DBClusterQuotaExceededFault", @@ -2679,8 +2688,7 @@ }, "DBClusterRoleAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified IAM role Amazon Resource Name (ARN) is already associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleAlreadyExists", @@ -2691,8 +2699,7 @@ }, "DBClusterRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified IAM role Amazon Resource Name (ARN) is not associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleNotFound", @@ -2703,8 +2710,7 @@ }, "DBClusterRoleQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the maximum number of IAM roles that can be associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleQuotaExceeded", @@ -2813,8 +2819,7 @@ }, "DBClusterSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User already has a DB cluster snapshot with the given identifier.

    ", "error":{ "code":"DBClusterSnapshotAlreadyExistsFault", @@ -2881,8 +2886,7 @@ }, "DBClusterSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterSnapshotIdentifier does not refer to an existing DB cluster snapshot.

    ", "error":{ "code":"DBClusterSnapshotNotFoundFault", @@ -3094,8 +3098,7 @@ }, "PubliclyAccessible":{ "shape":"Boolean", - "documentation":"

    This flag should no longer be used.

    ", - "deprecated":true + "documentation":"

    Indicates whether the DB instance is publicly accessible.

    When the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.

    " }, "StatusInfos":{ "shape":"DBInstanceStatusInfoList", @@ -3103,7 +3106,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    Specifies the storage type associated with DB instance.

    " + "documentation":"

    Specifies the storage type associated with the DB instance.

    " }, "TdeCredentialArn":{ "shape":"String", @@ -3191,8 +3194,7 @@ }, "DBInstanceAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User already has a DB instance with the given identifier.

    ", "error":{ "code":"DBInstanceAlreadyExists", @@ -3223,8 +3225,7 @@ }, "DBInstanceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBInstanceIdentifier does not refer to an existing DB instance.

    ", "error":{ "code":"DBInstanceNotFound", @@ -3287,8 +3288,7 @@ }, "DBParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A DB parameter group with the same name exists.

    ", "error":{ "code":"DBParameterGroupAlreadyExists", @@ -3328,8 +3328,7 @@ }, "DBParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBParameterGroupName does not refer to an existing DB parameter group.

    ", "error":{ "code":"DBParameterGroupNotFound", @@ -3340,8 +3339,7 @@ }, "DBParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed number of DB parameter groups.

    ", "error":{ "code":"DBParameterGroupQuotaExceeded", @@ -3414,8 +3412,7 @@ }, "DBSecurityGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSecurityGroupName does not refer to an existing DB security group.

    ", "error":{ "code":"DBSecurityGroupNotFound", @@ -3426,8 +3423,7 @@ }, "DBSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSnapshotIdentifier is already used by an existing snapshot.

    ", "error":{ "code":"DBSnapshotAlreadyExists", @@ -3438,8 +3434,7 @@ }, "DBSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSnapshotIdentifier does not refer to an existing DB snapshot.

    ", "error":{ "code":"DBSnapshotNotFound", @@ -3481,8 +3476,7 @@ }, "DBSubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSubnetGroupName is already used by an existing DB subnet group.

    ", "error":{ "code":"DBSubnetGroupAlreadyExists", @@ -3493,8 +3487,7 @@ }, "DBSubnetGroupDoesNotCoverEnoughAZs":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Subnets in the DB subnet group should cover at least two Availability Zones unless there is only one Availability Zone.

    ", "error":{ "code":"DBSubnetGroupDoesNotCoverEnoughAZs", @@ -3518,8 +3511,7 @@ }, "DBSubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSubnetGroupName does not refer to an existing DB subnet group.

    ", "error":{ "code":"DBSubnetGroupNotFoundFault", @@ -3530,8 +3522,7 @@ }, "DBSubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed number of DB subnet groups.

    ", "error":{ "code":"DBSubnetGroupQuotaExceeded", @@ -3549,8 +3540,7 @@ }, "DBSubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed number of subnets in a DB subnet groups.

    ", "error":{ "code":"DBSubnetQuotaExceededFault", @@ -3561,8 +3551,7 @@ }, "DBUpgradeDependencyFailureFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB upgrade failed because a resource the DB depends on could not be modified.

    ", "error":{ "code":"DBUpgradeDependencyFailure", @@ -3770,11 +3759,11 @@ }, "MaxRecords":{ "shape":"IntegerOptional", - "documentation":"

    The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a pagination token called a marker is included in the response so you can retrieve the remaining results.

    Default: 100

    Constraints: Minimum 20, maximum 100.

    " + "documentation":"

    The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a pagination token called a marker is included in the response so you can retrieve the remaining results.

    Default: 100

    Constraints: Minimum 20, maximum 100.

    " }, "Marker":{ "shape":"String", - "documentation":"

    An optional pagination token provided by a previous DescribeDBClusterEndpoints request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " + "documentation":"

    An optional pagination token provided by a previous DescribeDBClusterEndpoints request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " } } }, @@ -4283,8 +4272,7 @@ }, "DomainNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Domain does not refer to an existing Active Directory Domain.

    ", "error":{ "code":"DomainNotFoundFault", @@ -4477,8 +4465,7 @@ }, "EventSubscriptionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the number of events you can subscribe to.

    ", "error":{ "code":"EventSubscriptionQuotaExceeded", @@ -4553,6 +4540,14 @@ "TargetDbClusterIdentifier":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the secondary Neptune DB cluster that you want to promote to primary for the global database.

    " + }, + "AllowDataLoss":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to allow data loss for this global database cluster operation. Allowing data loss triggers a global failover operation.

    If you don't specify AllowDataLoss, the global database cluster operation defaults to a switchover.

    Constraints:Can't be specified together with the Switchover parameter.

    " + }, + "Switchover":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to switch over this global database cluster.

    Constraints:Can't be specified together with the AllowDataLoss parameter.

    " } } }, @@ -4562,6 +4557,37 @@ "GlobalCluster":{"shape":"GlobalCluster"} } }, + "FailoverState":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"FailoverStatus", + "documentation":"

    The current status of the global cluster. Possible values are as follows:

    • pending – The service received a request to switch over or fail over the global cluster. The global cluster's primary DB cluster and the specified secondary DB cluster are being verified before the operation starts.

    • failing-over – Neptune is promoting the chosen secondary Neptune DB cluster to become the new primary DB cluster to fail over the global cluster.

    • cancelling – The request to switch over or fail over the global cluster was cancelled and the primary Neptune DB cluster and the selected secondary Neptune DB cluster are returning to their previous states.

    • switching-over – This status covers the range of Neptune internal operations that take place during the switchover process, such as demoting the primary Neptune DB cluster, promoting the secondary Neptune DB cluster, and synchronizing replicas.

    " + }, + "FromDbClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the Neptune DB cluster that is currently being demoted, and which is associated with this state.

    " + }, + "ToDbClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the Neptune DB cluster that is currently being promoted, and which is associated with this state.

    " + }, + "IsDataLossAllowed":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the operation is a global switchover or a global failover. If data loss is allowed, then the operation is a global failover. Otherwise, it's a switchover.

    " + } + }, + "documentation":"

    Contains the state of scheduled or in-process operations on a global cluster (Neptune global database). This data type is empty unless a switchover or failover operation is scheduled or is in progress on the Neptune global database.

    ", + "wrapper":true + }, + "FailoverStatus":{ + "type":"string", + "enum":[ + "pending", + "failing-over", + "cancelling" + ] + }, "Filter":{ "type":"structure", "required":[ @@ -4632,6 +4658,10 @@ "GlobalClusterMembers":{ "shape":"GlobalClusterMemberList", "documentation":"

    A list of cluster ARNs and instance ARNs for all the DB clusters that are part of the global database.

    " + }, + "FailoverState":{ + "shape":"FailoverState", + "documentation":"

    A data object containing all properties for the current state of an in-process or pending switchover or failover process for this global cluster (Neptune global database). This object is empty unless the SwitchoverGlobalCluster or FailoverGlobalCluster operation was called on this global cluster.

    " } }, "documentation":"

    Contains the details of an Amazon Neptune global database.

    This data type is used as a response element for the CreateGlobalCluster, DescribeGlobalClusters, ModifyGlobalCluster, DeleteGlobalCluster, FailoverGlobalCluster, and RemoveFromGlobalCluster actions.

    ", @@ -4639,8 +4669,7 @@ }, "GlobalClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The GlobalClusterIdentifier already exists. Choose a new global database identifier (unique name) to create a new global database cluster.

    ", "error":{ "code":"GlobalClusterAlreadyExistsFault", @@ -4690,8 +4719,7 @@ }, "GlobalClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The GlobalClusterIdentifier doesn't refer to an existing global database cluster.

    ", "error":{ "code":"GlobalClusterNotFoundFault", @@ -4702,8 +4730,7 @@ }, "GlobalClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of global database clusters for this account is already at the maximum allowed.

    ", "error":{ "code":"GlobalClusterQuotaExceededFault", @@ -4727,8 +4754,7 @@ }, "InstanceQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed number of DB instances.

    ", "error":{ "code":"InstanceQuotaExceeded", @@ -4739,8 +4765,7 @@ }, "InsufficientDBClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB cluster does not have enough capacity for the current operation.

    ", "error":{ "code":"InsufficientDBClusterCapacityFault", @@ -4751,8 +4776,7 @@ }, "InsufficientDBInstanceCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specified DB instance class is not available in the specified Availability Zone.

    ", "error":{ "code":"InsufficientDBInstanceCapacity", @@ -4763,8 +4787,7 @@ }, "InsufficientStorageClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is insufficient storage available for the current action. You may be able to resolve this error by updating your subnet group to use different Availability Zones that have more storage available.

    ", "error":{ "code":"InsufficientStorageClusterCapacity", @@ -4777,8 +4800,7 @@ "IntegerOptional":{"type":"integer"}, "InvalidDBClusterEndpointStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation cannot be performed on the endpoint while the endpoint is in this state.

    ", "error":{ "code":"InvalidDBClusterEndpointStateFault", @@ -4789,8 +4811,7 @@ }, "InvalidDBClusterSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The supplied value is not a valid DB cluster snapshot state.

    ", "error":{ "code":"InvalidDBClusterSnapshotStateFault", @@ -4801,8 +4822,7 @@ }, "InvalidDBClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB cluster is not in a valid state.

    ", "error":{ "code":"InvalidDBClusterStateFault", @@ -4813,8 +4833,7 @@ }, "InvalidDBInstanceStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB instance is not in the available state.

    ", "error":{ "code":"InvalidDBInstanceState", @@ -4825,8 +4844,7 @@ }, "InvalidDBParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB parameter group is in use or is in an invalid state. If you are attempting to delete the parameter group, you cannot delete it when the parameter group is in this state.

    ", "error":{ "code":"InvalidDBParameterGroupState", @@ -4837,8 +4855,7 @@ }, "InvalidDBSecurityGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the DB security group does not allow deletion.

    ", "error":{ "code":"InvalidDBSecurityGroupState", @@ -4849,8 +4866,7 @@ }, "InvalidDBSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the DB snapshot does not allow deletion.

    ", "error":{ "code":"InvalidDBSnapshotState", @@ -4861,8 +4877,7 @@ }, "InvalidDBSubnetGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet group cannot be deleted because it is in use.

    ", "error":{ "code":"InvalidDBSubnetGroupStateFault", @@ -4873,8 +4888,7 @@ }, "InvalidDBSubnetStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet is not in the available state.

    ", "error":{ "code":"InvalidDBSubnetStateFault", @@ -4885,8 +4899,7 @@ }, "InvalidEventSubscriptionStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The event subscription is in an invalid state.

    ", "error":{ "code":"InvalidEventSubscriptionState", @@ -4897,8 +4910,7 @@ }, "InvalidGlobalClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The global cluster is in an invalid state and can't perform the requested operation.

    ", "error":{ "code":"InvalidGlobalClusterStateFault", @@ -4909,8 +4921,7 @@ }, "InvalidRestoreFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Cannot restore from vpc backup to non-vpc DB instance.

    ", "error":{ "code":"InvalidRestoreFault", @@ -4921,8 +4932,7 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested subnet is invalid, or multiple subnets were requested that are not all in a common VPC.

    ", "error":{ "code":"InvalidSubnet", @@ -4933,8 +4943,7 @@ }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DB subnet group does not cover all Availability Zones after it is created because users' change.

    ", "error":{ "code":"InvalidVPCNetworkStateFault", @@ -4945,8 +4954,7 @@ }, "KMSKeyNotAccessibleFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Error accessing KMS key.

    ", "error":{ "code":"KMSKeyNotAccessibleFault", @@ -5127,7 +5135,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type to associate with the DB cluster.

    Valid Values:

    • standard | iopt1

    Default:

    • standard

    " + "documentation":"

    The storage type to associate with the DB cluster.

    Valid Values:

    • standard   –   ( the default ) Configures cost-effective database storage for applications with moderate to small I/O usage.

    • iopt1   –   Enables I/O-Optimized storage that's designed to meet the needs of I/O-intensive graph workloads that require predictable pricing with low I/O latency and consistent I/O throughput.

      Neptune I/O-Optimized storage is only available starting with engine release 1.3.0.0.

    " } } }, @@ -5271,7 +5279,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    Not supported.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "TdeCredentialArn":{ "shape":"String", @@ -5303,8 +5311,7 @@ }, "PubliclyAccessible":{ "shape":"BooleanOptional", - "documentation":"

    This flag should no longer be used.

    ", - "deprecated":true + "documentation":"

    Indicates whether the DB instance is publicly accessible.

    When the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.

    " }, "MonitoringRoleArn":{ "shape":"String", @@ -5477,8 +5484,7 @@ }, "OptionGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The designated option group could not be found.

    ", "error":{ "code":"OptionGroupNotFoundFault", @@ -5528,7 +5534,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    Indicates the storage type for a DB instance.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "SupportsIops":{ "shape":"Boolean", @@ -5767,7 +5773,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    Specifies the storage type to be associated with the DB instance.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "CACertificateIdentifier":{ "shape":"String", @@ -5802,8 +5808,7 @@ }, "ProvisionedIopsNotAvailableInAZFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Provisioned IOPS not available in the specified Availability Zone.

    ", "error":{ "code":"ProvisionedIopsNotAvailableInAZFault", @@ -6004,8 +6009,7 @@ }, "ResourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource ID was not found.

    ", "error":{ "code":"ResourceNotFoundFault", @@ -6206,8 +6210,7 @@ }, "SNSInvalidTopicFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The SNS topic is invalid.

    ", "error":{ "code":"SNSInvalidTopic", @@ -6218,8 +6221,7 @@ }, "SNSNoAuthorizationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is no SNS authorization.

    ", "error":{ "code":"SNSNoAuthorization", @@ -6230,8 +6232,7 @@ }, "SNSTopicArnNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The ARN of the SNS topic could not be found.

    ", "error":{ "code":"SNSTopicArnNotFound", @@ -6274,8 +6275,7 @@ }, "SharedSnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the maximum number of accounts that you can share a manual DB snapshot with.

    ", "error":{ "code":"SharedSnapshotQuotaExceeded", @@ -6286,8 +6286,7 @@ }, "SnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed number of DB snapshots.

    ", "error":{ "code":"SnapshotQuotaExceeded", @@ -6305,8 +6304,7 @@ }, "SourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The source could not be found.

    ", "error":{ "code":"SourceNotFound", @@ -6360,8 +6358,7 @@ }, "StorageQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would result in user exceeding the allowed amount of storage available across all DB instances.

    ", "error":{ "code":"StorageQuotaExceeded", @@ -6372,8 +6369,7 @@ }, "StorageTypeNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    StorageType specified cannot be associated with the DB Instance.

    ", "error":{ "code":"StorageTypeNotSupported", @@ -6407,8 +6403,7 @@ }, "SubnetAlreadyInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet is already in use in the Availability Zone.

    ", "error":{ "code":"SubnetAlreadyInUse", @@ -6433,8 +6428,7 @@ }, "SubscriptionAlreadyExistFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This subscription already exists.

    ", "error":{ "code":"SubscriptionAlreadyExist", @@ -6445,8 +6439,7 @@ }, "SubscriptionCategoryNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The designated subscription category could not be found.

    ", "error":{ "code":"SubscriptionCategoryNotFound", @@ -6457,8 +6450,7 @@ }, "SubscriptionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The designated subscription could not be found.

    ", "error":{ "code":"SubscriptionNotFound", @@ -6481,6 +6473,29 @@ "locationName":"Timezone" } }, + "SwitchoverGlobalClusterMessage":{ + "type":"structure", + "required":[ + "GlobalClusterIdentifier", + "TargetDbClusterIdentifier" + ], + "members":{ + "GlobalClusterIdentifier":{ + "shape":"GlobalClusterIdentifier", + "documentation":"

    The identifier of the global database cluster to switch over. This parameter isn't case-sensitive.

    Constraints: Must match the identifier of an existing global database cluster.

    " + }, + "TargetDbClusterIdentifier":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the secondary Neptune DB cluster that you want to promote to primary for the global database.

    " + } + } + }, + "SwitchoverGlobalClusterResult":{ + "type":"structure", + "members":{ + "GlobalCluster":{"shape":"GlobalCluster"} + } + }, "TStamp":{"type":"timestamp"}, "Tag":{ "type":"structure", @@ -6568,22 +6583,22 @@ "members":{ "StorageType":{ "shape":"String", - "documentation":"

    The valid storage types for your DB instance. For example, gp2, io1.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "StorageSize":{ "shape":"RangeList", - "documentation":"

    The valid range of storage in gibibytes. For example, 100 to 16384.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "ProvisionedIops":{ "shape":"RangeList", - "documentation":"

    The valid range of provisioned IOPS. For example, 1000-20000.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "IopsToStorageRatio":{ "shape":"DoubleRangeList", - "documentation":"

    The valid range of Provisioned IOPS to gibibytes of storage multiplier. For example, 3-10, which means that provisioned IOPS can be between 3 and 10 times storage.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " } }, - "documentation":"

    Information about valid modifications that you can make to your DB instance.

    Contains the result of a successful call to the DescribeValidDBInstanceModifications action.

    " + "documentation":"

    Not applicable. In Neptune the storage type is managed at the DB Cluster level.

    " }, "ValidStorageOptionsList":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,32 +5,32 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "ApiType": { "required": true, "documentation": "Parameter to determine whether current API is a control plane or dataplane API", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/service-2.json 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/service-2.json --- 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,7 +6,6 @@ "endpointPrefix":"neptune-graph", "protocol":"rest-json", "protocols":["rest-json"], - "ripServiceName":"neptune-graph", "serviceAbbreviation":"Neptune Graph", "serviceFullName":"Amazon Neptune Graph", "serviceId":"Neptune Graph", @@ -240,8 +239,8 @@ "input":{"shape":"ExecuteQueryInput"}, "output":{"shape":"ExecuteQueryOutput"}, "errors":[ - {"shape":"UnprocessableException"}, {"shape":"ThrottlingException"}, + {"shape":"UnprocessableException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, @@ -609,6 +608,27 @@ "ApiType":{"value":"ControlPlane"} } }, + "StartGraph":{ + "name":"StartGraph", + "http":{ + "method":"POST", + "requestUri":"/graphs/{graphIdentifier}/start", + "responseCode":200 + }, + "input":{"shape":"StartGraphInput"}, + "output":{"shape":"StartGraphOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Starts the specific graph.

    ", + "staticContextParams":{ + "ApiType":{"value":"ControlPlane"} + } + }, "StartImportTask":{ "name":"StartImportTask", "http":{ @@ -630,6 +650,27 @@ "ApiType":{"value":"ControlPlane"} } }, + "StopGraph":{ + "name":"StopGraph", + "http":{ + "method":"POST", + "requestUri":"/graphs/{graphIdentifier}/stop", + "responseCode":200 + }, + "input":{"shape":"StopGraphInput"}, + "output":{"shape":"StopGraphOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Stops the specific graph.

    ", + "staticContextParams":{ + "ApiType":{"value":"ControlPlane"} + } + }, "TagResource":{ "name":"TagResource", "http":{ @@ -898,7 +939,7 @@ "members":{ "graphName":{ "shape":"GraphName", - "documentation":"

    A name for the new Neptune Analytics graph to be created.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    A name for the new Neptune Analytics graph to be created.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "tags":{ "shape":"TagMap", @@ -926,7 +967,7 @@ }, "provisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Min = 128

    " + "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Min = 16

    " } } }, @@ -944,7 +985,7 @@ }, "name":{ "shape":"GraphName", - "documentation":"

    The graph name. For example: my-graph-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The graph name. For example: my-graph-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "arn":{ "shape":"String", @@ -964,7 +1005,7 @@ }, "provisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 128

    " + "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 16

    " }, "endpoint":{ "shape":"String", @@ -1013,7 +1054,7 @@ }, "snapshotName":{ "shape":"SnapshotName", - "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "tags":{ "shape":"TagMap", @@ -1069,7 +1110,7 @@ "members":{ "graphName":{ "shape":"GraphName", - "documentation":"

    A name for the new Neptune Analytics graph to be created.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    A name for the new Neptune Analytics graph to be created.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "tags":{ "shape":"TagMap", @@ -1101,11 +1142,11 @@ }, "maxProvisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The maximum provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Default: 1024, or the approved upper limit for your account.

    If both the minimum and maximum values are specified, the max of the min-provisioned-memory and max-provisioned memory is used to create the graph. If neither value is specified 128 m-NCUs are used.

    " + "documentation":"

    The maximum provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Default: 1024, or the approved upper limit for your account.

    If both the minimum and maximum values are specified, the final provisioned-memory will be chosen per the actual size of your imported data. If neither value is specified, 128 m-NCUs are used.

    " }, "minProvisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The minimum provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Default: 128

    " + "documentation":"

    The minimum provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph. Default: 16

    " }, "failOnError":{ "shape":"Boolean", @@ -1340,7 +1381,7 @@ }, "name":{ "shape":"SnapshotName", - "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "arn":{ "shape":"String", @@ -1413,8 +1454,7 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "DocumentValuedMap":{ @@ -1884,7 +1924,7 @@ }, "name":{ "shape":"SnapshotName", - "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "arn":{ "shape":"String", @@ -2195,7 +2235,7 @@ }, "name":{ "shape":"SnapshotName", - "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The snapshot name. For example: my-snapshot-1.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "arn":{ "shape":"String", @@ -2234,7 +2274,10 @@ "UPDATING", "SNAPSHOTTING", "FAILED", - "IMPORTING" + "IMPORTING", + "STARTING", + "STOPPING", + "STOPPED" ] }, "GraphSummary":{ @@ -2445,6 +2488,12 @@ "ListExportTasksInput":{ "type":"structure", "members":{ + "graphIdentifier":{ + "shape":"GraphIdentifier", + "documentation":"

    The unique identifier of the Neptune Analytics graph.

    ", + "location":"querystring", + "locationName":"graphIdentifier" + }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    Pagination token used to paginate input.

    ", @@ -3006,11 +3055,11 @@ }, "graphName":{ "shape":"GraphName", - "documentation":"

    A name for the new Neptune Analytics graph to be created from the snapshot.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    A name for the new Neptune Analytics graph to be created from the snapshot.

    The name must contain from 1 to 63 letters, numbers, or hyphens, and its first character must be a letter. It cannot end with a hyphen or contain two consecutive hyphens. Only lowercase letters are allowed.

    " }, "provisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 128

    " + "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 16

    " }, "deletionProtection":{ "shape":"Boolean", @@ -3099,7 +3148,7 @@ }, "RoleArn":{ "type":"string", - "pattern":"arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)/[\\w+=,.@-]*" + "pattern":"arn:aws[^:]*:iam::\\d{12}:(role|role/service-role)(/[\\w+=,.@-]+)+" }, "SecurityGroupId":{ "type":"string", @@ -3271,6 +3320,85 @@ "max":1024, "min":1 }, + "StartGraphInput":{ + "type":"structure", + "required":["graphIdentifier"], + "members":{ + "graphIdentifier":{ + "shape":"GraphIdentifier", + "documentation":"

    The unique identifier of the Neptune Analytics graph.

    ", + "location":"uri", + "locationName":"graphIdentifier" + } + } + }, + "StartGraphOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "arn" + ], + "members":{ + "id":{ + "shape":"GraphId", + "documentation":"

    The unique identifier of the graph.

    " + }, + "name":{ + "shape":"GraphName", + "documentation":"

    The name of the graph.

    " + }, + "arn":{ + "shape":"String", + "documentation":"

    The ARN associated with the graph.

    " + }, + "status":{ + "shape":"GraphStatus", + "documentation":"

    The status of the graph.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason that the graph has this status.

    " + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

    The time at which the graph was created.

    " + }, + "provisionedMemory":{ + "shape":"ProvisionedMemory", + "documentation":"

    The number of memory-optimized Neptune Capacity Units (m-NCUs) allocated to the graph.

    " + }, + "endpoint":{ + "shape":"String", + "documentation":"

    The graph endpoint.

    " + }, + "publicConnectivity":{ + "shape":"Boolean", + "documentation":"

    If true, the graph has a public endpoint, otherwise not.

    " + }, + "vectorSearchConfiguration":{"shape":"VectorSearchConfiguration"}, + "replicaCount":{ + "shape":"ReplicaCount", + "documentation":"

    The number of replicas for the graph.

    " + }, + "kmsKeyIdentifier":{ + "shape":"KmsKeyArn", + "documentation":"

    The ID of the KMS key used to encrypt and decrypt graph data.

    " + }, + "sourceSnapshotId":{ + "shape":"SnapshotId", + "documentation":"

    The ID of the snapshot from which the graph was created, if it was created from a snapshot.

    " + }, + "deletionProtection":{ + "shape":"Boolean", + "documentation":"

    If true, deletion protection is enabled for the graph.

    " + }, + "buildNumber":{ + "shape":"String", + "documentation":"

    The build number of the graph.

    " + } + } + }, "StartImportTaskInput":{ "type":"structure", "required":[ @@ -3352,6 +3480,85 @@ "importOptions":{"shape":"ImportOptions"} } }, + "StopGraphInput":{ + "type":"structure", + "required":["graphIdentifier"], + "members":{ + "graphIdentifier":{ + "shape":"GraphIdentifier", + "documentation":"

    The unique identifier of the Neptune Analytics graph.

    ", + "location":"uri", + "locationName":"graphIdentifier" + } + } + }, + "StopGraphOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "arn" + ], + "members":{ + "id":{ + "shape":"GraphId", + "documentation":"

    The unique identifier of the graph.

    " + }, + "name":{ + "shape":"GraphName", + "documentation":"

    The name of the graph.

    " + }, + "arn":{ + "shape":"String", + "documentation":"

    The ARN associated with the graph.

    " + }, + "status":{ + "shape":"GraphStatus", + "documentation":"

    The status of the graph.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason that the graph has this status.

    " + }, + "createTime":{ + "shape":"Timestamp", + "documentation":"

    The time at which the graph was created.

    " + }, + "provisionedMemory":{ + "shape":"ProvisionedMemory", + "documentation":"

    The number of memory-optimized Neptune Capacity Units (m-NCUs) allocated to the graph.

    " + }, + "endpoint":{ + "shape":"String", + "documentation":"

    The graph endpoint.

    " + }, + "publicConnectivity":{ + "shape":"Boolean", + "documentation":"

    If true, the graph has a public endpoint, otherwise not.

    " + }, + "vectorSearchConfiguration":{"shape":"VectorSearchConfiguration"}, + "replicaCount":{ + "shape":"ReplicaCount", + "documentation":"

    The number of replicas for the graph.

    " + }, + "kmsKeyIdentifier":{ + "shape":"KmsKeyArn", + "documentation":"

    The ID of the KMS key used to encrypt and decrypt graph data.

    " + }, + "sourceSnapshotId":{ + "shape":"SnapshotId", + "documentation":"

    The ID of the snapshot from which the graph was created, if it was created from a snapshot.

    " + }, + "deletionProtection":{ + "shape":"Boolean", + "documentation":"

    If true, deletion protection is enabled for the graph.

    " + }, + "buildNumber":{ + "shape":"String", + "documentation":"

    The build number of the graph.

    " + } + } + }, "String":{"type":"string"}, "SubnetId":{ "type":"string", @@ -3407,8 +3614,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3490,8 +3696,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateGraphInput":{ "type":"structure", @@ -3509,7 +3714,7 @@ }, "provisionedMemory":{ "shape":"ProvisionedMemory", - "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 128

    " + "documentation":"

    The provisioned memory-optimized Neptune Capacity Units (m-NCUs) to use for the graph.

    Min = 16

    " }, "deletionProtection":{ "shape":"Boolean", diff -pruN 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/waiters-2.json 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/waiters-2.json --- 2.23.6-1/awscli/botocore/data/neptune-graph/2023-11-29/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptune-graph/2023-11-29/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -121,6 +121,23 @@ "expected" : "ResourceNotFoundException" } ] }, + "GraphStopped" : { + "description" : "Wait until Graph is Stopped", + "delay" : 20, + "maxAttempts" : 90, + "operation" : "GetGraph", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "STOPPED" + }, { + "matcher" : "path", + "argument" : "status != 'STOPPING'", + "state" : "failure", + "expected" : true + } ] + }, "ImportTaskCancelled" : { "description" : "Wait until Import Task is Cancelled", "delay" : 60, diff -pruN 2.23.6-1/awscli/botocore/data/neptunedata/2023-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/neptunedata/2023-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/neptunedata/2023-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptunedata/2023-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/neptunedata/2023-08-01/service-2.json 2.31.35-1/awscli/botocore/data/neptunedata/2023-08-01/service-2.json --- 2.23.6-1/awscli/botocore/data/neptunedata/2023-08-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/neptunedata/2023-08-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,10 @@ "version":"2.0", "metadata":{ "apiVersion":"2023-08-01", + "auth":["aws.auth#sigv4"], "endpointPrefix":"neptune-db", - "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon NeptuneData", "serviceId":"neptunedata", "signatureVersion":"v4", @@ -79,8 +80,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -104,8 +105,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -129,8 +130,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -183,8 +184,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -207,8 +208,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -288,9 +289,9 @@ {"shape":"IllegalArgumentException"}, {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedOperationException"}, - {"shape":"ServerShutdownException"}, - {"shape":"PreconditionsFailedException"}, {"shape":"MethodNotAllowedException"}, + {"shape":"PreconditionsFailedException"}, + {"shape":"ServerShutdownException"}, {"shape":"ReadOnlyViolationException"}, {"shape":"ConstraintViolationException"}, {"shape":"InvalidArgumentException"}, @@ -553,8 +554,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -577,8 +578,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -601,8 +602,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -625,8 +626,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -885,8 +886,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -909,8 +910,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -933,8 +934,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -957,8 +958,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -1072,8 +1073,8 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedOperationException"}, {"shape":"InternalFailureException"}, - {"shape":"S3Exception"}, {"shape":"PreconditionsFailedException"}, + {"shape":"S3Exception"}, {"shape":"ConstraintViolationException"}, {"shape":"InvalidArgumentException"}, {"shape":"MissingParameterException"} @@ -1093,8 +1094,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -1117,8 +1118,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -1141,8 +1142,8 @@ "errors":[ {"shape":"UnsupportedOperationException"}, {"shape":"BadRequestException"}, - {"shape":"MLResourceNotFoundException"}, {"shape":"InvalidParameterException"}, + {"shape":"MLResourceNotFoundException"}, {"shape":"ClientTimeoutException"}, {"shape":"PreconditionsFailedException"}, {"shape":"ConstraintViolationException"}, @@ -1716,8 +1717,7 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "DocumentValuedMap":{ @@ -3805,7 +3805,20 @@ "cn-north-1", "cn-northwest-1", "us-gov-west-1", - "us-gov-east-1" + "us-gov-east-1", + "ca-west-1", + "eu-south-2", + "il-central-1", + "me-central-1", + "ap-northeast-3", + "ap-southeast-3", + "ap-southeast-4", + "ap-southeast-5", + "ap-southeast-7", + "mx-central-1", + "ap-east-2", + "ap-south-2", + "eu-central-2" ] }, "S3Exception":{ diff -pruN 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.json 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.json --- 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,36 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "TLSInspectionConfigurations" + }, + "GetAnalysisReportResults": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AnalysisReportResults" + }, + "ListAnalysisReports": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AnalysisReports" + }, + "ListFlowOperationResults": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Flows" + }, + "ListFlowOperations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FlowOperations" + }, + "ListVpcEndpointAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "VpcEndpointAssociations" } } } diff -pruN 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "GetAnalysisReportResults": { + "non_aggregate_keys": [ + "EndTime", + "ReportTime", + "Status", + "AnalysisType", + "StartTime" + ] + }, + "ListFlowOperationResults": { + "non_aggregate_keys": [ + "FirewallArn", + "FlowOperationId", + "AvailabilityZone", + "FlowOperationStatus", + "FlowRequestTimestamp", + "StatusMessage", + "VpcEndpointAssociationArn", + "VpcEndpointId" + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/service-2.json 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/service-2.json --- 2.23.6-1/awscli/botocore/data/network-firewall/2020-11-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/network-firewall/2020-11-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -16,6 +16,41 @@ "auth":["aws.auth#sigv4"] }, "operations":{ + "AcceptNetworkFirewallTransitGatewayAttachment":{ + "name":"AcceptNetworkFirewallTransitGatewayAttachment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AcceptNetworkFirewallTransitGatewayAttachmentRequest"}, + "output":{"shape":"AcceptNetworkFirewallTransitGatewayAttachmentResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Accepts a transit gateway attachment request for Network Firewall. When you accept the attachment request, Network Firewall creates the necessary routing components to enable traffic flow between the transit gateway and firewall endpoints.

    You must accept a transit gateway attachment to complete the creation of a transit gateway-attached firewall, unless auto-accept is enabled on the transit gateway. After acceptance, use DescribeFirewall to verify the firewall status.

    To reject an attachment instead of accepting it, use RejectNetworkFirewallTransitGatewayAttachment.

    It can take several minutes for the attachment acceptance to complete and the firewall to become available.

    " + }, + "AssociateAvailabilityZones":{ + "name":"AssociateAvailabilityZones", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateAvailabilityZonesRequest"}, + "output":{"shape":"AssociateAvailabilityZonesResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"}, + {"shape":"InvalidOperationException"}, + {"shape":"InsufficientCapacityException"} + ], + "documentation":"

    Associates the specified Availability Zones with a transit gateway-attached firewall. For each Availability Zone, Network Firewall creates a firewall endpoint to process traffic. You can specify one or more Availability Zones where you want to deploy the firewall.

    After adding Availability Zones, you must update your transit gateway route tables to direct traffic through the new firewall endpoints. Use DescribeFirewall to monitor the status of the new endpoints.

    " + }, "AssociateFirewallPolicy":{ "name":"AssociateFirewallPolicy", "http":{ @@ -69,7 +104,7 @@ {"shape":"InsufficientCapacityException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

    Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.

    The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.

    After you create a firewall, you can provide additional settings, like the logging configuration.

    To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.

    To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.

    To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.

    " + "documentation":"

    Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.

    The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.

    After you create a firewall, you can provide additional settings, like the logging configuration.

    To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.

    To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.

    To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.

    To generate a report on the last 30 days of traffic monitored by a firewall, use StartAnalysisReport.

    " }, "CreateFirewallPolicy":{ "name":"CreateFirewallPolicy", @@ -122,6 +157,25 @@ ], "documentation":"

    Creates an Network Firewall TLS inspection configuration. Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using ACM, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.

    To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.

    To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.

    To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.

    For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.

    " }, + "CreateVpcEndpointAssociation":{ + "name":"CreateVpcEndpointAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateVpcEndpointAssociationRequest"}, + "output":{"shape":"CreateVpcEndpointAssociationResponse"}, + "errors":[ + {"shape":"LimitExceededException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerError"}, + {"shape":"InsufficientCapacityException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

    Creates a firewall endpoint for an Network Firewall firewall. This type of firewall endpoint is independent of the firewall endpoints that you specify in the Firewall itself, and you define it in addition to those endpoints after the firewall has been created. You can define a VPC endpoint association using a different VPC than the one you used in the firewall specifications.

    " + }, "DeleteFirewall":{ "name":"DeleteFirewall", "http":{ @@ -158,6 +212,22 @@ ], "documentation":"

    Deletes the specified FirewallPolicy.

    " }, + "DeleteNetworkFirewallTransitGatewayAttachment":{ + "name":"DeleteNetworkFirewallTransitGatewayAttachment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteNetworkFirewallTransitGatewayAttachmentRequest"}, + "output":{"shape":"DeleteNetworkFirewallTransitGatewayAttachmentResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Deletes a transit gateway attachment from a Network Firewall. Either the firewall owner or the transit gateway owner can delete the attachment.

    After you delete a transit gateway attachment, traffic will no longer flow through the firewall endpoints.

    After you initiate the delete operation, use DescribeFirewall to monitor the deletion status.

    " + }, "DeleteResourcePolicy":{ "name":"DeleteResourcePolicy", "http":{ @@ -210,6 +280,23 @@ ], "documentation":"

    Deletes the specified TLSInspectionConfiguration.

    " }, + "DeleteVpcEndpointAssociation":{ + "name":"DeleteVpcEndpointAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteVpcEndpointAssociationRequest"}, + "output":{"shape":"DeleteVpcEndpointAssociationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

    Deletes the specified VpcEndpointAssociation.

    You can check whether an endpoint association is in use by reviewing the route tables for the Availability Zones where you have the endpoint subnet mapping. You can retrieve the subnet mapping by calling DescribeVpcEndpointAssociation. You define and update the route tables through Amazon VPC. As needed, update the route tables for the Availability Zone to remove the firewall endpoint for the association. When the route tables no longer use the firewall endpoint, you can remove the endpoint association safely.

    " + }, "DescribeFirewall":{ "name":"DescribeFirewall", "http":{ @@ -226,6 +313,22 @@ ], "documentation":"

    Returns the data objects for the specified firewall.

    " }, + "DescribeFirewallMetadata":{ + "name":"DescribeFirewallMetadata", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeFirewallMetadataRequest"}, + "output":{"shape":"DescribeFirewallMetadataResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the high-level information about a firewall, including the Availability Zones where the Firewall is currently in use.

    " + }, "DescribeFirewallPolicy":{ "name":"DescribeFirewallPolicy", "http":{ @@ -242,6 +345,22 @@ ], "documentation":"

    Returns the data objects for the specified firewall policy.

    " }, + "DescribeFlowOperation":{ + "name":"DescribeFlowOperation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeFlowOperationRequest"}, + "output":{"shape":"DescribeFlowOperationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns key information about a specific flow operation.

    " + }, "DescribeLoggingConfiguration":{ "name":"DescribeLoggingConfiguration", "http":{ @@ -306,6 +425,22 @@ ], "documentation":"

    High-level information about a rule group, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

    " }, + "DescribeRuleGroupSummary":{ + "name":"DescribeRuleGroupSummary", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeRuleGroupSummaryRequest"}, + "output":{"shape":"DescribeRuleGroupSummaryResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Returns detailed information for a stateful rule group.

    For active threat defense Amazon Web Services managed rule groups, this operation provides insight into the protections enabled by the rule group, based on Suricata rule metadata fields. Summaries are available for rule groups you manage and for active threat defense Amazon Web Services managed rule groups.

    To modify how threat information appears in summaries, use the SummaryConfiguration parameter in UpdateRuleGroup.

    " + }, "DescribeTLSInspectionConfiguration":{ "name":"DescribeTLSInspectionConfiguration", "http":{ @@ -322,6 +457,40 @@ ], "documentation":"

    Returns the data objects for the specified TLS inspection configuration.

    " }, + "DescribeVpcEndpointAssociation":{ + "name":"DescribeVpcEndpointAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpcEndpointAssociationRequest"}, + "output":{"shape":"DescribeVpcEndpointAssociationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the data object for the specified VPC endpoint association.

    " + }, + "DisassociateAvailabilityZones":{ + "name":"DisassociateAvailabilityZones", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateAvailabilityZonesRequest"}, + "output":{"shape":"DisassociateAvailabilityZonesResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"}, + {"shape":"InvalidOperationException"} + ], + "documentation":"

    Removes the specified Availability Zone associations from a transit gateway-attached firewall. This removes the firewall endpoints from these Availability Zones and stops traffic filtering in those zones. Before removing an Availability Zone, ensure you've updated your transit gateway route tables to redirect traffic appropriately.

    If AvailabilityZoneChangeProtection is enabled, you must first disable it using UpdateAvailabilityZoneChangeProtection.

    To verify the status of your Availability Zone changes, use DescribeFirewall.

    " + }, "DisassociateSubnets":{ "name":"DisassociateSubnets", "http":{ @@ -340,6 +509,38 @@ ], "documentation":"

    Removes the specified subnet associations from the firewall. This removes the firewall endpoints from the subnets and removes any network filtering protections that the endpoints were providing.

    " }, + "GetAnalysisReportResults":{ + "name":"GetAnalysisReportResults", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAnalysisReportResultsRequest"}, + "output":{"shape":"GetAnalysisReportResultsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    The results of a COMPLETED analysis report generated with StartAnalysisReport.

    For more information, see AnalysisTypeReportResult.

    " + }, + "ListAnalysisReports":{ + "name":"ListAnalysisReports", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAnalysisReportsRequest"}, + "output":{"shape":"ListAnalysisReportsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of all traffic analysis reports generated within the last 30 days.

    " + }, "ListFirewallPolicies":{ "name":"ListFirewallPolicies", "http":{ @@ -370,6 +571,38 @@ ], "documentation":"

    Retrieves the metadata for the firewalls that you have defined. If you provide VPC identifiers in your request, this returns only the firewalls for those VPCs.

    Depending on your setting for max results and the number of firewalls, a single call might not return the full list.

    " }, + "ListFlowOperationResults":{ + "name":"ListFlowOperationResults", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListFlowOperationResultsRequest"}, + "output":{"shape":"ListFlowOperationResultsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the results of a specific flow operation.

    Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.

    A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

    " + }, + "ListFlowOperations":{ + "name":"ListFlowOperations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListFlowOperationsRequest"}, + "output":{"shape":"ListFlowOperationsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of all flow operations ran in a specific firewall. You can optionally narrow the request scope by specifying the operation type or Availability Zone associated with a firewall's flow operations.

    Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.

    A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

    " + }, "ListRuleGroups":{ "name":"ListRuleGroups", "http":{ @@ -416,6 +649,21 @@ ], "documentation":"

    Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

    You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.

    " }, + "ListVpcEndpointAssociations":{ + "name":"ListVpcEndpointAssociations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListVpcEndpointAssociationsRequest"}, + "output":{"shape":"ListVpcEndpointAssociationsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Retrieves the metadata for the VPC endpoint associations that you have defined. If you specify a fireawll, this returns only the endpoint associations for that firewall.

    Depending on your setting for max results and the number of associations, a single call might not return the full list.

    " + }, "PutResourcePolicy":{ "name":"PutResourcePolicy", "http":{ @@ -431,7 +679,71 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidResourcePolicyException"} ], - "documentation":"

    Creates or updates an IAM policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.

    Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.

    When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.

    For additional information about resource sharing using RAM, see Resource Access Manager User Guide.

    " + "documentation":"

    Creates or updates an IAM policy for your rule group, firewall policy, or firewall. Use this to share these resources between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.

    For information about using sharing with Network Firewall resources, see Sharing Network Firewall resources in the Network Firewall Developer Guide.

    Use this operation to create or update a resource policy for your Network Firewall rule group, firewall policy, or firewall. In the resource policy, you specify the accounts that you want to share the Network Firewall resource with and the operations that you want the accounts to be able to perform.

    When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared resource.

    For additional information about resource sharing using RAM, see Resource Access Manager User Guide.

    " + }, + "RejectNetworkFirewallTransitGatewayAttachment":{ + "name":"RejectNetworkFirewallTransitGatewayAttachment", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RejectNetworkFirewallTransitGatewayAttachmentRequest"}, + "output":{"shape":"RejectNetworkFirewallTransitGatewayAttachmentResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Rejects a transit gateway attachment request for Network Firewall. When you reject the attachment request, Network Firewall cancels the creation of routing components between the transit gateway and firewall endpoints.

    Only the transit gateway owner can reject the attachment. After rejection, no traffic will flow through the firewall endpoints for this attachment.

    Use DescribeFirewall to monitor the rejection status. To accept the attachment instead of rejecting it, use AcceptNetworkFirewallTransitGatewayAttachment.

    Once rejected, you cannot reverse this action. To establish connectivity, you must create a new transit gateway-attached firewall.

    " + }, + "StartAnalysisReport":{ + "name":"StartAnalysisReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartAnalysisReportRequest"}, + "output":{"shape":"StartAnalysisReportResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Generates a traffic analysis report for the timeframe and traffic type you specify.

    For information on the contents of a traffic analysis report, see AnalysisReport.

    " + }, + "StartFlowCapture":{ + "name":"StartFlowCapture", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartFlowCaptureRequest"}, + "output":{"shape":"StartFlowCaptureResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Begins capturing the flows in a firewall, according to the filters you define. Captures are similar, but not identical to snapshots. Capture operations provide visibility into flows that are not closed and are tracked by a firewall's flow table. Unlike snapshots, captures are a time-boxed view.

    A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

    To avoid encountering operation limits, you should avoid starting captures with broad filters, like wide IP ranges. Instead, we recommend you define more specific criteria with FlowFilters, like narrow IP ranges, ports, or protocols.

    " + }, + "StartFlowFlush":{ + "name":"StartFlowFlush", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartFlowFlushRequest"}, + "output":{"shape":"StartFlowFlushResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Begins the flushing of traffic from the firewall, according to the filters you define. When the operation starts, impacted flows are temporarily marked as timed out before the Suricata engine prunes, or flushes, the flows from the firewall table.

    While the flush completes, impacted flows are processed as midstream traffic. This may result in a temporary increase in midstream traffic metrics. We recommend that you double check your stream exception policy before you perform a flush operation.

    " }, "TagResource":{ "name":"TagResource", @@ -465,6 +777,40 @@ ], "documentation":"

    Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

    You can manage tags for the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.

    " }, + "UpdateAvailabilityZoneChangeProtection":{ + "name":"UpdateAvailabilityZoneChangeProtection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateAvailabilityZoneChangeProtectionRequest"}, + "output":{"shape":"UpdateAvailabilityZoneChangeProtectionResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"}, + {"shape":"ResourceOwnerCheckException"} + ], + "documentation":"

    Modifies the AvailabilityZoneChangeProtection setting for a transit gateway-attached firewall. When enabled, this setting prevents accidental changes to the firewall's Availability Zone configuration. This helps protect against disrupting traffic flow in production environments.

    When enabled, you must disable this protection before using AssociateAvailabilityZones or DisassociateAvailabilityZones to modify the firewall's Availability Zone configuration.

    " + }, + "UpdateFirewallAnalysisSettings":{ + "name":"UpdateFirewallAnalysisSettings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateFirewallAnalysisSettingsRequest"}, + "output":{"shape":"UpdateFirewallAnalysisSettingsResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"InternalServerError"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Enables specific types of firewall analysis on a specific firewall you define.

    " + }, "UpdateFirewallDeleteProtection":{ "name":"UpdateFirewallDeleteProtection", "http":{ @@ -625,6 +971,46 @@ } }, "shapes":{ + "AWSAccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"^\\d{12}$" + }, + "AZSyncState":{ + "type":"structure", + "members":{ + "Attachment":{"shape":"Attachment"} + }, + "documentation":"

    The status of the firewall endpoint defined by a VpcEndpointAssociation.

    " + }, + "AcceptNetworkFirewallTransitGatewayAttachmentRequest":{ + "type":"structure", + "required":["TransitGatewayAttachmentId"], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    Required. The unique identifier of the transit gateway attachment to accept. This ID is returned in the response when creating a transit gateway-attached firewall.

    " + } + } + }, + "AcceptNetworkFirewallTransitGatewayAttachmentResponse":{ + "type":"structure", + "required":[ + "TransitGatewayAttachmentId", + "TransitGatewayAttachmentStatus" + ], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    The unique identifier of the transit gateway attachment that was accepted.

    " + }, + "TransitGatewayAttachmentStatus":{ + "shape":"TransitGatewayAttachmentStatus", + "documentation":"

    The current status of the transit gateway attachment. Valid values are:

    • CREATING - The attachment is being created

    • DELETING - The attachment is being deleted

    • DELETED - The attachment has been deleted

    • FAILED - The attachment creation has failed and cannot be recovered

    • ERROR - The attachment is in an error state that might be recoverable

    • READY - The attachment is active and processing traffic

    • PENDING_ACCEPTANCE - The attachment is waiting to be accepted

    • REJECTING - The attachment is in the process of being rejected

    • REJECTED - The attachment has been rejected

    " + } + } + }, "ActionDefinition":{ "type":"structure", "members":{ @@ -662,6 +1048,48 @@ "type":"list", "member":{"shape":"Address"} }, + "Age":{"type":"integer"}, + "AnalysisReport":{ + "type":"structure", + "members":{ + "AnalysisReportId":{ + "shape":"AnalysisReportId", + "documentation":"

    The unique ID of the query that ran when you requested an analysis report.

    " + }, + "AnalysisType":{ + "shape":"EnabledAnalysisType", + "documentation":"

    The type of traffic that will be used to generate a report.

    " + }, + "ReportTime":{ + "shape":"ReportTime", + "documentation":"

    The date and time the analysis report was ran.

    " + }, + "Status":{ + "shape":"Status", + "documentation":"

    The status of the analysis report you specify. Statuses include RUNNING, COMPLETED, or FAILED.

    " + } + }, + "documentation":"

    A report that captures key activity from the last 30 days of network traffic monitored by your firewall.

    You can generate up to one report per traffic type, per 30 day period. For example, when you successfully create an HTTP traffic report, you cannot create another HTTP traffic report until 30 days pass. Alternatively, if you generate a report that combines metrics on both HTTP and HTTPS traffic, you cannot create another report for either traffic type until 30 days pass.

    " + }, + "AnalysisReportId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"\\S+" + }, + "AnalysisReportNextToken":{ + "type":"string", + "max":1024, + "min":1 + }, + "AnalysisReportResults":{ + "type":"list", + "member":{"shape":"AnalysisTypeReportResult"} + }, + "AnalysisReports":{ + "type":"list", + "member":{"shape":"AnalysisReport"} + }, "AnalysisResult":{ "type":"structure", "members":{ @@ -678,12 +1106,85 @@ "documentation":"

    Provides analysis details for the identified rule.

    " } }, - "documentation":"

    The analysis result for Network Firewall's stateless rule group analyzer. Every time you call CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup on a stateless rule group, Network Firewall analyzes the stateless rule groups in your account and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in a list of analysis results.

    " + "documentation":"

    The analysis result for Network Firewall's stateless rule group analyzer. Every time you call CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup on a stateless rule group, Network Firewall analyzes the stateless rule groups in your account and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in a list of analysis results.

    The AnalysisResult data type is not related to traffic analysis reports you generate using StartAnalysisReport. For information on traffic analysis report results, see AnalysisTypeReportResult.

    " }, "AnalysisResultList":{ "type":"list", "member":{"shape":"AnalysisResult"} }, + "AnalysisTypeReportResult":{ + "type":"structure", + "members":{ + "Protocol":{ + "shape":"CollectionMember_String", + "documentation":"

    The type of traffic captured by the analysis report.

    " + }, + "FirstAccessed":{ + "shape":"FirstAccessed", + "documentation":"

    The date and time any domain was first accessed (within the last 30 day period).

    " + }, + "LastAccessed":{ + "shape":"LastAccessed", + "documentation":"

    The date and time any domain was last accessed (within the last 30 day period).

    " + }, + "Domain":{ + "shape":"Domain", + "documentation":"

    The most frequently accessed domains.

    " + }, + "Hits":{ + "shape":"Hits", + "documentation":"

    The number of attempts made to access a observed domain.

    " + }, + "UniqueSources":{ + "shape":"UniqueSources", + "documentation":"

    The number of unique source IP addresses that connected to a domain.

    " + } + }, + "documentation":"

    The results of a COMPLETED analysis report generated with StartAnalysisReport.

    For an example of traffic analysis report results, see the response syntax of GetAnalysisReportResults.

    " + }, + "AssociateAvailabilityZonesRequest":{ + "type":"structure", + "required":["AvailabilityZoneMappings"], + "members":{ + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    Required. The Availability Zones where you want to create firewall endpoints. You must specify at least one Availability Zone.

    " + } + } + }, + "AssociateAvailabilityZonesResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    The Availability Zones where Network Firewall created firewall endpoints. Each mapping specifies an Availability Zone where the firewall processes traffic.

    " + }, + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + } + } + }, "AssociateFirewallPolicyRequest":{ "type":"structure", "required":["FirewallPolicyArn"], @@ -770,6 +1271,11 @@ } } }, + "AssociationSyncState":{ + "type":"map", + "key":{"shape":"AvailabilityZone"}, + "value":{"shape":"AZSyncState"} + }, "Attachment":{ "type":"structure", "members":{ @@ -783,15 +1289,16 @@ }, "Status":{ "shape":"AttachmentStatus", - "documentation":"

    The current status of the firewall endpoint in the subnet. This value reflects both the instantiation of the endpoint in the VPC subnet and the sync states that are reported in the Config settings. When this value is READY, the endpoint is available and configured properly to handle network traffic. When the endpoint isn't available for traffic, this value will reflect its state, for example CREATING or DELETING.

    " + "documentation":"

    The current status of the firewall endpoint instantiation in the subnet.

    When this value is READY, the endpoint is available to handle network traffic. Otherwise, this value reflects its state, for example CREATING or DELETING.

    " }, "StatusMessage":{ "shape":"StatusMessage", "documentation":"

    If Network Firewall fails to create or delete the firewall endpoint in the subnet, it populates this with the reason for the error or failure and how to resolve it. A FAILED status indicates a non-recoverable state, and a ERROR status indicates an issue that you can fix. Depending on the error, it can take as many as 15 minutes to populate this field. For more information about the causes for failiure or errors and solutions available for this field, see Troubleshooting firewall endpoint failures in the Network Firewall Developer Guide.

    " } }, - "documentation":"

    The configuration and status for a single subnet that you've specified for use by the Network Firewall firewall. This is part of the FirewallStatus.

    " + "documentation":"

    The definition and status of the firewall endpoint for a single subnet. In each configured subnet, Network Firewall instantiates a firewall endpoint to handle network traffic.

    This data type is used for any firewall endpoint type:

    • For Firewall.SubnetMappings, this Attachment is part of the FirewallStatus sync states information. You define firewall subnets using CreateFirewall and AssociateSubnets.

    • For VpcEndpointAssociation, this Attachment is part of the VpcEndpointAssociationStatus sync states information. You define these subnets using CreateVpcEndpointAssociation.

    " }, + "AttachmentId":{"type":"string"}, "AttachmentStatus":{ "type":"string", "enum":[ @@ -804,6 +1311,37 @@ ] }, "AvailabilityZone":{"type":"string"}, + "AvailabilityZoneMapping":{ + "type":"structure", + "required":["AvailabilityZone"], + "members":{ + "AvailabilityZone":{ + "shape":"AvailabilityZoneMappingString", + "documentation":"

    The ID of the Availability Zone where the firewall endpoint is located. For example, us-east-2a. The Availability Zone must be in the same Region as the transit gateway.

    " + } + }, + "documentation":"

    Defines the mapping between an Availability Zone and a firewall endpoint for a transit gateway-attached firewall. Each mapping represents where the firewall can process traffic. You use these mappings when calling CreateFirewall, AssociateAvailabilityZones, and DisassociateAvailabilityZones.

    To retrieve the current Availability Zone mappings for a firewall, use DescribeFirewall.

    " + }, + "AvailabilityZoneMappingString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"\\S+" + }, + "AvailabilityZoneMappings":{ + "type":"list", + "member":{"shape":"AvailabilityZoneMapping"} + }, + "AvailabilityZoneMetadata":{ + "type":"structure", + "members":{ + "IPAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type of the Firewall subnet in the Availability Zone. You can't change the IP address type after you create the subnet.

    " + } + }, + "documentation":"

    High-level information about an Availability Zone where the firewall has an endpoint defined.

    " + }, "AzSubnet":{ "type":"string", "max":128, @@ -815,6 +1353,7 @@ "member":{"shape":"AzSubnet"} }, "Boolean":{"type":"boolean"}, + "ByteCount":{"type":"long"}, "CIDRCount":{ "type":"integer", "max":1000000, @@ -875,6 +1414,7 @@ "CAPACITY_CONSTRAINED" ] }, + "Count":{"type":"integer"}, "CreateFirewallPolicyRequest":{ "type":"structure", "required":[ @@ -929,9 +1469,7 @@ "type":"structure", "required":[ "FirewallName", - "FirewallPolicyArn", - "VpcId", - "SubnetMappings" + "FirewallPolicyArn" ], "members":{ "FirewallName":{ @@ -973,6 +1511,22 @@ "EncryptionConfiguration":{ "shape":"EncryptionConfiguration", "documentation":"

    A complex type that contains settings for encryption of your firewall resources.

    " + }, + "EnabledAnalysisTypes":{ + "shape":"EnabledAnalysisTypes", + "documentation":"

    An optional setting indicating the specific traffic analysis types to enable on the firewall.

    " + }, + "TransitGatewayId":{ + "shape":"TransitGatewayId", + "documentation":"

    Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.

    After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.

    For information about creating firewalls, see CreateFirewall. For specific guidance about transit gateway-attached firewalls, see Considerations for transit gateway-attached firewalls in the Network Firewall Developer Guide.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.

    You can modify Availability Zones later using AssociateAvailabilityZones or DisassociateAvailabilityZones, but this may briefly disrupt traffic. The AvailabilityZoneChangeProtection setting controls whether you can make these modifications.

    " + }, + "AvailabilityZoneChangeProtection":{ + "shape":"Boolean", + "documentation":"

    Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to TRUE, you cannot add or remove Availability Zones without first disabling this protection using UpdateAvailabilityZoneChangeProtection.

    Default value: FALSE

    " } } }, @@ -985,7 +1539,7 @@ }, "FirewallStatus":{ "shape":"FirewallStatus", - "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    " + "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    The firewall status indicates a combined status. It indicates whether all subnets are up-to-date with the latest firewall configurations, which is based on the sync states config values, and also whether all subnets have their endpoints fully enabled, based on their sync states attachment values.

    " } } }, @@ -1040,6 +1594,10 @@ "AnalyzeRuleGroup":{ "shape":"Boolean", "documentation":"

    Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then creates the rule group for you. To run the stateless rule group analyzer without creating the rule group, set DryRun to TRUE.

    " + }, + "SummaryConfiguration":{ + "shape":"SummaryConfiguration", + "documentation":"

    An object that contains a RuleOptions array of strings. You use RuleOptions to determine which of the following RuleSummary values are returned in response to DescribeRuleGroupSummary.

    • Metadata - returns

    • Msg

    • SID

    " } } }, @@ -1103,6 +1661,46 @@ } } }, + "CreateVpcEndpointAssociationRequest":{ + "type":"structure", + "required":[ + "FirewallArn", + "VpcId", + "SubnetMapping" + ], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the VPC where you want to create a firewall endpoint.

    " + }, + "SubnetMapping":{"shape":"SubnetMapping"}, + "Description":{ + "shape":"Description", + "documentation":"

    A description of the VPC endpoint association.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    The key:value pairs to associate with the resource.

    " + } + } + }, + "CreateVpcEndpointAssociationResponse":{ + "type":"structure", + "members":{ + "VpcEndpointAssociation":{ + "shape":"VpcEndpointAssociation", + "documentation":"

    The configuration settings for the VPC endpoint association. These settings include the firewall and the VPC and subnet to use for the firewall endpoint.

    " + }, + "VpcEndpointAssociationStatus":{ + "shape":"VpcEndpointAssociationStatus", + "documentation":"

    Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.

    " + } + } + }, "CustomAction":{ "type":"structure", "required":[ @@ -1125,6 +1723,7 @@ "type":"list", "member":{"shape":"CustomAction"} }, + "DeepThreatInspection":{"type":"boolean"}, "DeleteFirewallPolicyRequest":{ "type":"structure", "members":{ @@ -1168,6 +1767,33 @@ "FirewallStatus":{"shape":"FirewallStatus"} } }, + "DeleteNetworkFirewallTransitGatewayAttachmentRequest":{ + "type":"structure", + "required":["TransitGatewayAttachmentId"], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    Required. The unique identifier of the transit gateway attachment to delete.

    " + } + } + }, + "DeleteNetworkFirewallTransitGatewayAttachmentResponse":{ + "type":"structure", + "required":[ + "TransitGatewayAttachmentId", + "TransitGatewayAttachmentStatus" + ], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    The ID of the transit gateway attachment that was deleted.

    " + }, + "TransitGatewayAttachmentStatus":{ + "shape":"TransitGatewayAttachmentStatus", + "documentation":"

    The current status of the transit gateway attachment deletion process.

    Valid values are:

    • CREATING - The attachment is being created

    • DELETING - The attachment is being deleted

    • DELETED - The attachment has been deleted

    • FAILED - The attachment creation has failed and cannot be recovered

    • ERROR - The attachment is in an error state that might be recoverable

    • READY - The attachment is active and processing traffic

    • PENDING_ACCEPTANCE - The attachment is waiting to be accepted

    • REJECTING - The attachment is in the process of being rejected

    • REJECTED - The attachment has been rejected

    " + } + } + }, "DeleteResourcePolicyRequest":{ "type":"structure", "required":["ResourceArn"], @@ -1180,8 +1806,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleGroupRequest":{ "type":"structure", @@ -1233,6 +1858,67 @@ } } }, + "DeleteVpcEndpointAssociationRequest":{ + "type":"structure", + "required":["VpcEndpointAssociationArn"], + "members":{ + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + } + } + }, + "DeleteVpcEndpointAssociationResponse":{ + "type":"structure", + "members":{ + "VpcEndpointAssociation":{ + "shape":"VpcEndpointAssociation", + "documentation":"

    The configuration settings for the VPC endpoint association. These settings include the firewall and the VPC and subnet to use for the firewall endpoint.

    " + }, + "VpcEndpointAssociationStatus":{ + "shape":"VpcEndpointAssociationStatus", + "documentation":"

    Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.

    " + } + } + }, + "DescribeFirewallMetadataRequest":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + } + } + }, + "DescribeFirewallMetadataResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FirewallPolicyArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall policy.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A description of the firewall.

    " + }, + "Status":{ + "shape":"FirewallStatusValue", + "documentation":"

    The readiness of the configured firewall to handle network traffic across all of the Availability Zones where you have it configured. This setting is READY only when the ConfigurationSyncStateSummary value is IN_SYNC and the Attachment Status values for all of the configured subnets are READY.

    " + }, + "SupportedAvailabilityZones":{ + "shape":"SupportedAvailabilityZones", + "documentation":"

    The Availability Zones that the firewall currently supports. This includes all Availability Zones for which the firewall has a subnet defined.

    " + }, + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    The unique identifier of the transit gateway attachment associated with this firewall. This field is only present for transit gateway-attached firewalls.

    " + } + } + }, "DescribeFirewallPolicyRequest":{ "type":"structure", "members":{ @@ -1293,7 +1979,81 @@ }, "FirewallStatus":{ "shape":"FirewallStatus", - "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    " + "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    The firewall status indicates a combined status. It indicates whether all subnets are up-to-date with the latest firewall configurations, which is based on the sync states config values, and also whether all subnets have their endpoints fully enabled, based on their sync states attachment values.

    " + } + } + }, + "DescribeFlowOperationRequest":{ + "type":"structure", + "required":[ + "FirewallArn", + "FlowOperationId" + ], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + } + } + }, + "DescribeFlowOperationResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "FlowOperationType":{ + "shape":"FlowOperationType", + "documentation":"

    Defines the type of FlowOperation.

    " + }, + "FlowOperationStatus":{ + "shape":"FlowOperationStatus", + "documentation":"

    Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

    If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    " + }, + "StatusMessage":{ + "shape":"StatusReason", + "documentation":"

    If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include Flow operation error and Flow timeout.

    " + }, + "FlowRequestTimestamp":{ + "shape":"FlowRequestTimestamp", + "documentation":"

    A timestamp indicating when the Suricata engine identified flows impacted by an operation.

    " + }, + "FlowOperation":{ + "shape":"FlowOperation", + "documentation":"

    Returns key information about a flow operation, such as related statuses, unique identifiers, and all filters defined in the operation.

    " } } }, @@ -1317,7 +2077,11 @@ "shape":"ResourceArn", "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " }, - "LoggingConfiguration":{"shape":"LoggingConfiguration"} + "LoggingConfiguration":{"shape":"LoggingConfiguration"}, + "EnableMonitoringDashboard":{ + "shape":"EnableMonitoringDashboard", + "documentation":"

    A boolean that reflects whether or not the firewall monitoring dashboard is enabled on a firewall.

    Returns TRUE when the firewall monitoring dashboard is enabled on the firewall. Returns FALSE when the firewall monitoring dashboard is not enabled on the firewall.

    " + } } }, "DescribeResourcePolicyRequest":{ @@ -1386,7 +2150,7 @@ "StatefulRuleOptions":{"shape":"StatefulRuleOptions"}, "LastModifiedTime":{ "shape":"LastUpdateTime", - "documentation":"

    The last time that the rule group was changed.

    " + "documentation":"

    A timestamp indicating when the rule group was last modified.

    " } } }, @@ -1432,6 +2196,41 @@ } } }, + "DescribeRuleGroupSummaryRequest":{ + "type":"structure", + "members":{ + "RuleGroupName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the rule group. You can't change the name of a rule group after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "RuleGroupArn":{ + "shape":"ResourceArn", + "documentation":"

    Required. The Amazon Resource Name (ARN) of the rule group.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "Type":{ + "shape":"RuleGroupType", + "documentation":"

    The type of rule group you want a summary for. This is a required field.

    Valid value: STATEFUL

    Note that STATELESS exists but is not currently supported. If you provide STATELESS, an exception is returned.

    " + } + } + }, + "DescribeRuleGroupSummaryResponse":{ + "type":"structure", + "required":["RuleGroupName"], + "members":{ + "RuleGroupName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the rule group. You can't change the name of a rule group after you create it.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    A description of the rule group.

    " + }, + "Summary":{ + "shape":"Summary", + "documentation":"

    A complex type that contains rule information based on the rule group's configured summary settings. The content varies depending on the fields that you specified to extract in your SummaryConfiguration. When you haven't configured any summary settings, this returns an empty array. The response might include:

    • Rule identifiers

    • Rule descriptions

    • Any metadata fields that you specified in your SummaryConfiguration

    " + } + } + }, "DescribeTLSInspectionConfigurationRequest":{ "type":"structure", "members":{ @@ -1466,6 +2265,29 @@ } } }, + "DescribeVpcEndpointAssociationRequest":{ + "type":"structure", + "required":["VpcEndpointAssociationArn"], + "members":{ + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + } + } + }, + "DescribeVpcEndpointAssociationResponse":{ + "type":"structure", + "members":{ + "VpcEndpointAssociation":{ + "shape":"VpcEndpointAssociation", + "documentation":"

    The configuration settings for the VPC endpoint association. These settings include the firewall and the VPC and subnet to use for the firewall endpoint.

    " + }, + "VpcEndpointAssociationStatus":{ + "shape":"VpcEndpointAssociationStatus", + "documentation":"

    Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.

    " + } + } + }, "Description":{ "type":"string", "max":512, @@ -1500,6 +2322,49 @@ "max":1, "min":1 }, + "DisassociateAvailabilityZonesRequest":{ + "type":"structure", + "required":["AvailabilityZoneMappings"], + "members":{ + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    Required. The Availability Zones to remove from the firewall's configuration.

    " + } + } + }, + "DisassociateAvailabilityZonesResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    The remaining Availability Zones where the firewall has endpoints after the disassociation.

    " + }, + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + } + } + }, "DisassociateSubnetsRequest":{ "type":"structure", "required":["SubnetIds"], @@ -1543,6 +2408,20 @@ } } }, + "Domain":{"type":"string"}, + "EnableMonitoringDashboard":{"type":"boolean"}, + "EnableTLSSessionHolding":{"type":"boolean"}, + "EnabledAnalysisType":{ + "type":"string", + "enum":[ + "TLS_SNI", + "HTTP_HOST" + ] + }, + "EnabledAnalysisTypes":{ + "type":"list", + "member":{"shape":"EnabledAnalysisType"} + }, "EncryptionConfiguration":{ "type":"structure", "required":["Type"], @@ -1565,6 +2444,7 @@ "AWS_OWNED_KMS_KEY" ] }, + "EndTime":{"type":"timestamp"}, "EndpointId":{"type":"string"}, "ErrorMessage":{"type":"string"}, "Firewall":{ @@ -1594,7 +2474,7 @@ }, "SubnetMappings":{ "shape":"SubnetMappings", - "documentation":"

    The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.

    " + "documentation":"

    The primary public subnets that Network Firewall is using for the firewall. Network Firewall creates a firewall endpoint in each subnet. Create a subnet mapping for each Availability Zone where you want to use the firewall.

    These subnets are all defined for a single, primary VPC, and each must belong to a different Availability Zone. Each of these subnets establishes the availability of the firewall in its Availability Zone.

    In addition to these subnets, you can define other endpoints for the firewall in VpcEndpointAssociation resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone.

    " }, "DeleteProtection":{ "shape":"Boolean", @@ -1623,9 +2503,33 @@ "EncryptionConfiguration":{ "shape":"EncryptionConfiguration", "documentation":"

    A complex type that contains the Amazon Web Services KMS encryption configuration settings for your firewall.

    " + }, + "NumberOfAssociations":{ + "shape":"NumberOfAssociations", + "documentation":"

    The number of VpcEndpointAssociation resources that use this firewall.

    " + }, + "EnabledAnalysisTypes":{ + "shape":"EnabledAnalysisTypes", + "documentation":"

    An optional setting indicating the specific traffic analysis types to enable on the firewall.

    " + }, + "TransitGatewayId":{ + "shape":"TransitGatewayId", + "documentation":"

    The unique identifier of the transit gateway associated with this firewall. This field is only present for transit gateway-attached firewalls.

    " + }, + "TransitGatewayOwnerAccountId":{ + "shape":"AWSAccountId", + "documentation":"

    The Amazon Web Services account ID that owns the transit gateway. This may be different from the firewall owner's account ID when using a shared transit gateway.

    " + }, + "AvailabilityZoneMappings":{ + "shape":"AvailabilityZoneMappings", + "documentation":"

    The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall. Each mapping specifies an Availability Zone where the firewall processes traffic.

    " + }, + "AvailabilityZoneChangeProtection":{ + "shape":"Boolean", + "documentation":"

    A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to TRUE, you must first disable this protection before adding or removing Availability Zones.

    " } }, - "documentation":"

    The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.

    The status of the firewall, for example whether it's ready to filter network traffic, is provided in the corresponding FirewallStatus. You can retrieve both objects by calling DescribeFirewall.

    " + "documentation":"

    A firewall defines the behavior of a firewall, the main VPC where the firewall is used, the Availability Zones where the firewall can be used, and one subnet to use for a firewall endpoint within each of the Availability Zones. The Availability Zones are defined implicitly in the subnet specifications.

    In addition to the firewall endpoints that you define in this Firewall specification, you can create firewall endpoints in VpcEndpointAssociation resources for any VPC, in any Availability Zone where the firewall is already in use.

    The status of the firewall, for example whether it's ready to filter network traffic, is provided in the corresponding FirewallStatus. You can retrieve both the firewall and firewall status by calling DescribeFirewall.

    " }, "FirewallMetadata":{ "type":"structure", @@ -1637,6 +2541,10 @@ "FirewallArn":{ "shape":"ResourceArn", "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    The unique identifier of the transit gateway attachment associated with this firewall. This field is only present for transit gateway-attached firewalls.

    " } }, "documentation":"

    High-level information about a firewall, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a firewall.

    " @@ -1687,6 +2595,10 @@ "PolicyVariables":{ "shape":"PolicyVariables", "documentation":"

    Contains variables that you can use to override default Suricata settings in your firewall policy.

    " + }, + "EnableTLSSessionHolding":{ + "shape":"EnableTLSSessionHolding", + "documentation":"

    When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.

    " } }, "documentation":"

    The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.

    This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.

    " @@ -1769,22 +2681,26 @@ "members":{ "Status":{ "shape":"FirewallStatusValue", - "documentation":"

    The readiness of the configured firewall to handle network traffic across all of the Availability Zones where you've configured it. This setting is READY only when the ConfigurationSyncStateSummary value is IN_SYNC and the Attachment Status values for all of the configured subnets are READY.

    " + "documentation":"

    The readiness of the configured firewall to handle network traffic across all of the Availability Zones where you have it configured. This setting is READY only when the ConfigurationSyncStateSummary value is IN_SYNC and the Attachment Status values for all of the configured subnets are READY.

    " }, "ConfigurationSyncStateSummary":{ "shape":"ConfigurationSyncState", - "documentation":"

    The configuration sync state for the firewall. This summarizes the sync states reported in the Config settings for all of the Availability Zones where you have configured the firewall.

    When you create a firewall or update its configuration, for example by adding a rule group to its firewall policy, Network Firewall distributes the configuration changes to all zones where the firewall is in use. This summary indicates whether the configuration changes have been applied everywhere.

    This status must be IN_SYNC for the firewall to be ready for use, but it doesn't indicate that the firewall is ready. The Status setting indicates firewall readiness.

    " + "documentation":"

    The configuration sync state for the firewall. This summarizes the Config settings in the SyncStates for this firewall status object.

    When you create a firewall or update its configuration, for example by adding a rule group to its firewall policy, Network Firewall distributes the configuration changes to all Availability Zones that have subnets defined for the firewall. This summary indicates whether the configuration changes have been applied everywhere.

    This status must be IN_SYNC for the firewall to be ready for use, but it doesn't indicate that the firewall is ready. The Status setting indicates firewall readiness. It's based on this setting and the readiness of the firewall endpoints to take traffic.

    " }, "SyncStates":{ "shape":"SyncStates", - "documentation":"

    The subnets that you've configured for use by the Network Firewall firewall. This contains one array element per Availability Zone where you've configured a subnet. These objects provide details of the information that is summarized in the ConfigurationSyncStateSummary and Status, broken down by zone and configuration object.

    " + "documentation":"

    Status for the subnets that you've configured in the firewall. This contains one array element per Availability Zone where you've configured a subnet in the firewall.

    These objects provide detailed information for the settings ConfigurationSyncStateSummary and Status.

    " }, "CapacityUsageSummary":{ "shape":"CapacityUsageSummary", - "documentation":"

    Describes the capacity usage of the resources contained in a firewall's reference sets. Network Firewall calclulates the capacity usage by taking an aggregated count of all of the resources used by all of the reference sets in a firewall.

    " + "documentation":"

    Describes the capacity usage of the resources contained in a firewall's reference sets. Network Firewall calculates the capacity usage by taking an aggregated count of all of the resources used by all of the reference sets in a firewall.

    " + }, + "TransitGatewayAttachmentSyncState":{ + "shape":"TransitGatewayAttachmentSyncState", + "documentation":"

    The synchronization state of the transit gateway attachment. This indicates whether the firewall's transit gateway configuration is properly synchronized and operational. Use this to verify that your transit gateway configuration changes have been applied.

    " } }, - "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    " + "documentation":"

    Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

    The firewall status indicates a combined status. It indicates whether all subnets are up-to-date with the latest firewall configurations, which is based on the sync states config values, and also whether all subnets have their endpoints fully enabled, based on their sync states attachment values.

    " }, "FirewallStatusValue":{ "type":"string", @@ -1798,10 +2714,130 @@ "type":"list", "member":{"shape":"FirewallMetadata"} }, + "FirstAccessed":{"type":"timestamp"}, "Flags":{ "type":"list", "member":{"shape":"TCPFlag"} }, + "Flow":{ + "type":"structure", + "members":{ + "SourceAddress":{"shape":"Address"}, + "DestinationAddress":{"shape":"Address"}, + "SourcePort":{ + "shape":"Port", + "documentation":"

    The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + }, + "DestinationPort":{ + "shape":"Port", + "documentation":"

    The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + }, + "Protocol":{ + "shape":"ProtocolString", + "documentation":"

    The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

    " + }, + "Age":{ + "shape":"Age", + "documentation":"

    Returned as info about age of the flows identified by the flow operation.

    " + }, + "PacketCount":{ + "shape":"PacketCount", + "documentation":"

    Returns the total number of data packets received or transmitted in a flow.

    " + }, + "ByteCount":{ + "shape":"ByteCount", + "documentation":"

    Returns the number of bytes received or transmitted in a specific flow.

    " + } + }, + "documentation":"

    Any number of arrays, where each array is a single flow identified in the scope of the operation. If multiple flows were in the scope of the operation, multiple Flows arrays are returned.

    " + }, + "FlowFilter":{ + "type":"structure", + "members":{ + "SourceAddress":{"shape":"Address"}, + "DestinationAddress":{"shape":"Address"}, + "SourcePort":{ + "shape":"Port", + "documentation":"

    The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + }, + "DestinationPort":{ + "shape":"Port", + "documentation":"

    The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + }, + "Protocols":{ + "shape":"ProtocolStrings", + "documentation":"

    The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

    " + } + }, + "documentation":"

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "FlowFilters":{ + "type":"list", + "member":{"shape":"FlowFilter"} + }, + "FlowOperation":{ + "type":"structure", + "members":{ + "MinimumFlowAgeInSeconds":{ + "shape":"Age", + "documentation":"

    The reqested FlowOperation ignores flows with an age (in seconds) lower than MinimumFlowAgeInSeconds. You provide this for start commands.

    " + }, + "FlowFilters":{ + "shape":"FlowFilters", + "documentation":"

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + } + }, + "documentation":"

    Contains information about a flow operation, such as related statuses, unique identifiers, and all filters defined in the operation.

    Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.

    A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

    " + }, + "FlowOperationId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$" + }, + "FlowOperationMetadata":{ + "type":"structure", + "members":{ + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "FlowOperationType":{ + "shape":"FlowOperationType", + "documentation":"

    Defines the type of FlowOperation.

    " + }, + "FlowRequestTimestamp":{ + "shape":"FlowRequestTimestamp", + "documentation":"

    A timestamp indicating when the Suricata engine identified flows impacted by an operation.

    " + }, + "FlowOperationStatus":{ + "shape":"FlowOperationStatus", + "documentation":"

    Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

    If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    " + } + }, + "documentation":"

    An array of objects with metadata about the requested FlowOperation.

    " + }, + "FlowOperationStatus":{ + "type":"string", + "enum":[ + "COMPLETED", + "IN_PROGRESS", + "FAILED", + "COMPLETED_WITH_ERRORS" + ] + }, + "FlowOperationType":{ + "type":"string", + "enum":[ + "FLOW_FLUSH", + "FLOW_CAPTURE" + ] + }, + "FlowOperations":{ + "type":"list", + "member":{"shape":"FlowOperationMetadata"} + }, + "FlowRequestTimestamp":{"type":"timestamp"}, "FlowTimeouts":{ "type":"structure", "members":{ @@ -1812,13 +2848,78 @@ }, "documentation":"

    Describes the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle and Network Firewall removes the flow entry from its flow table. Existing connections and flows are not impacted when you update this value. Only new connections after you update this value are impacted.

    " }, + "Flows":{ + "type":"list", + "member":{"shape":"Flow"} + }, "GeneratedRulesType":{ "type":"string", "enum":[ "ALLOWLIST", - "DENYLIST" + "DENYLIST", + "REJECTLIST", + "ALERTLIST" ] }, + "GetAnalysisReportResultsRequest":{ + "type":"structure", + "required":["AnalysisReportId"], + "members":{ + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "AnalysisReportId":{ + "shape":"AnalysisReportId", + "documentation":"

    The unique ID of the query that ran when you requested an analysis report.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "NextToken":{ + "shape":"AnalysisReportNextToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "MaxResults":{ + "shape":"PaginationMaxResults", + "documentation":"

    The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

    " + } + } + }, + "GetAnalysisReportResultsResponse":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"Status", + "documentation":"

    The status of the analysis report you specify. Statuses include RUNNING, COMPLETED, or FAILED.

    " + }, + "StartTime":{ + "shape":"StartTime", + "documentation":"

    The date and time within the last 30 days from which to start retrieving analysis data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ.

    " + }, + "EndTime":{ + "shape":"EndTime", + "documentation":"

    The date and time, up to the current date, from which to stop retrieving analysis data, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ).

    " + }, + "ReportTime":{ + "shape":"ReportTime", + "documentation":"

    The date and time the analysis report was ran.

    " + }, + "AnalysisType":{ + "shape":"EnabledAnalysisType", + "documentation":"

    The type of traffic that will be used to generate a report.

    " + }, + "NextToken":{ + "shape":"AnalysisReportNextToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "AnalysisReportResults":{ + "shape":"AnalysisReportResults", + "documentation":"

    Retrieves the results of a traffic analysis report.

    " + } + } + }, "HashMapKey":{ "type":"string", "max":50, @@ -1852,7 +2953,7 @@ }, "SourcePort":{ "shape":"Port", - "documentation":"

    The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + "documentation":"

    The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " }, "Direction":{ "shape":"StatefulRuleDirection", @@ -1864,11 +2965,21 @@ }, "DestinationPort":{ "shape":"Port", - "documentation":"

    The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " + "documentation":"

    The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    " } }, "documentation":"

    The basic rule criteria for Network Firewall to use to inspect packet headers in stateful traffic flow inspection. Traffic flows that match the criteria are a match for the corresponding StatefulRule.

    " }, + "Hits":{ + "type":"structure", + "members":{ + "Count":{ + "shape":"Count", + "documentation":"

    The number of attempts made to access a domain.

    " + } + }, + "documentation":"

    Attempts made to a access domain.

    " + }, "IPAddressType":{ "type":"string", "enum":[ @@ -1999,6 +3110,7 @@ "min":1, "pattern":".*" }, + "LastAccessed":{"type":"timestamp"}, "LastUpdateTime":{"type":"timestamp"}, "LimitExceededException":{ "type":"structure", @@ -2008,6 +3120,40 @@ "documentation":"

    Unable to perform the operation because doing so would violate a limit setting.

    ", "exception":true }, + "ListAnalysisReportsRequest":{ + "type":"structure", + "members":{ + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "MaxResults":{ + "shape":"PaginationMaxResults", + "documentation":"

    The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

    " + } + } + }, + "ListAnalysisReportsResponse":{ + "type":"structure", + "members":{ + "AnalysisReports":{ + "shape":"AnalysisReports", + "documentation":"

    The id and ReportTime associated with a requested analysis report. Does not provide the status of the analysis report.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + } + } + }, "ListFirewallPoliciesRequest":{ "type":"structure", "members":{ @@ -2064,6 +3210,135 @@ } } }, + "ListFlowOperationResultsRequest":{ + "type":"structure", + "required":[ + "FirewallArn", + "FlowOperationId" + ], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "MaxResults":{ + "shape":"PaginationMaxResults", + "documentation":"

    The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + } + } + }, + "ListFlowOperationResultsResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "FlowOperationStatus":{ + "shape":"FlowOperationStatus", + "documentation":"

    Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

    If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    " + }, + "StatusMessage":{ + "shape":"StatusReason", + "documentation":"

    If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include Flow operation error and Flow timeout.

    " + }, + "FlowRequestTimestamp":{ + "shape":"FlowRequestTimestamp", + "documentation":"

    A timestamp indicating when the Suricata engine identified flows impacted by an operation.

    " + }, + "Flows":{ + "shape":"Flows", + "documentation":"

    Any number of arrays, where each array is a single flow identified in the scope of the operation. If multiple flows were in the scope of the operation, multiple Flows arrays are returned.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + } + } + }, + "ListFlowOperationsRequest":{ + "type":"structure", + "required":["FirewallArn"], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "FlowOperationType":{ + "shape":"FlowOperationType", + "documentation":"

    An optional string that defines whether any or all operation types are returned.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "MaxResults":{ + "shape":"PaginationMaxResults", + "documentation":"

    The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

    " + } + } + }, + "ListFlowOperationsResponse":{ + "type":"structure", + "members":{ + "FlowOperations":{ + "shape":"FlowOperations", + "documentation":"

    Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.

    A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

    " + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + } + } + }, "ListRuleGroupsRequest":{ "type":"structure", "members":{ @@ -2159,6 +3434,36 @@ } } }, + "ListVpcEndpointAssociationsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "MaxResults":{ + "shape":"PaginationMaxResults", + "documentation":"

    The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    If you don't specify this, Network Firewall retrieves all VPC endpoint associations that you have defined.

    " + } + } + }, + "ListVpcEndpointAssociationsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"PaginationToken", + "documentation":"

    When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    " + }, + "VpcEndpointAssociations":{ + "shape":"VpcEndpointAssociations", + "documentation":"

    The VPC endpoint assocation metadata objects for the firewall that you specified. If you didn't specify a firewall, this is all VPC endpoint associations that you have defined.

    Depending on your setting for max results and the number of firewalls you have, a single call might not be the full list.

    " + } + } + }, "LogDestinationConfig":{ "type":"structure", "required":[ @@ -2242,15 +3547,15 @@ }, "SourcePorts":{ "shape":"PortRanges", - "documentation":"

    The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

    You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994.

    " + "documentation":"

    The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    If not specified, this matches with any source port.

    This setting is only used for protocols 6 (TCP) and 17 (UDP).

    " }, "DestinationPorts":{ "shape":"PortRanges", - "documentation":"

    The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

    You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994.

    " + "documentation":"

    The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

    This setting is only used for protocols 6 (TCP) and 17 (UDP).

    " }, "Protocols":{ "shape":"ProtocolNumbers", - "documentation":"

    The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.

    " + "documentation":"

    The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

    " }, "TCPFlags":{ "shape":"TCPFlags", @@ -2264,6 +3569,7 @@ "type":"string", "enum":["DROP_TO_ALERT"] }, + "PacketCount":{"type":"integer"}, "PaginationMaxResults":{ "type":"integer", "max":100, @@ -2375,6 +3681,16 @@ "type":"list", "member":{"shape":"ProtocolNumber"} }, + "ProtocolString":{ + "type":"string", + "max":12, + "min":1, + "pattern":"^.*$" + }, + "ProtocolStrings":{ + "type":"list", + "member":{"shape":"ProtocolString"} + }, "PublishMetricAction":{ "type":"structure", "required":["Dimensions"], @@ -2395,18 +3711,17 @@ "members":{ "ResourceArn":{ "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the account that you want to share rule groups and firewall policies with.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the account that you want to share your Network Firewall resources with.

    " }, "Policy":{ "shape":"PolicyString", - "documentation":"

    The IAM policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.

    For a rule group resource, you can specify the following operations in the Actions section of the statement:

    • network-firewall:CreateFirewallPolicy

    • network-firewall:UpdateFirewallPolicy

    • network-firewall:ListRuleGroups

    For a firewall policy resource, you can specify the following operations in the Actions section of the statement:

    • network-firewall:AssociateFirewallPolicy

    • network-firewall:ListFirewallPolicies

    In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in Arn.

    " + "documentation":"

    The IAM policy statement that lists the accounts that you want to share your Network Firewall resources with and the operations that you want the accounts to be able to perform.

    For a rule group resource, you can specify the following operations in the Actions section of the statement:

    • network-firewall:CreateFirewallPolicy

    • network-firewall:UpdateFirewallPolicy

    • network-firewall:ListRuleGroups

    For a firewall policy resource, you can specify the following operations in the Actions section of the statement:

    • network-firewall:AssociateFirewallPolicy

    • network-firewall:ListFirewallPolicies

    For a firewall resource, you can specify the following operations in the Actions section of the statement:

    • network-firewall:CreateVpcEndpointAssociation

    • network-firewall:DescribeFirewallMetadata

    • network-firewall:ListFirewalls

    In the Resource section of the statement, you specify the ARNs for the Network Firewall resources that you want to share with the account that you specified in Arn.

    " } } }, "PutResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ReferenceSets":{ "type":"structure", @@ -2418,6 +3733,34 @@ }, "documentation":"

    Contains a set of IP set references.

    " }, + "RejectNetworkFirewallTransitGatewayAttachmentRequest":{ + "type":"structure", + "required":["TransitGatewayAttachmentId"], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    Required. The unique identifier of the transit gateway attachment to reject. This ID is returned in the response when creating a transit gateway-attached firewall.

    " + } + } + }, + "RejectNetworkFirewallTransitGatewayAttachmentResponse":{ + "type":"structure", + "required":[ + "TransitGatewayAttachmentId", + "TransitGatewayAttachmentStatus" + ], + "members":{ + "TransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"

    The unique identifier of the transit gateway attachment that was rejected.

    " + }, + "TransitGatewayAttachmentStatus":{ + "shape":"TransitGatewayAttachmentStatus", + "documentation":"

    The current status of the transit gateway attachment. Valid values are:

    • CREATING - The attachment is being created

    • DELETING - The attachment is being deleted

    • DELETED - The attachment has been deleted

    • FAILED - The attachment creation has failed and cannot be recovered

    • ERROR - The attachment is in an error state that might be recoverable

    • READY - The attachment is active and processing traffic

    • PENDING_ACCEPTANCE - The attachment is waiting to be accepted

    • REJECTING - The attachment is in the process of being rejected

    • REJECTED - The attachment has been rejected

    For information about troubleshooting endpoint failures, see Troubleshooting firewall endpoint failures in the Network Firewall Developer Guide.

    " + } + } + }, + "ReportTime":{"type":"timestamp"}, "ResourceArn":{ "type":"string", "max":256, @@ -2441,7 +3784,8 @@ "type":"string", "enum":[ "AWS_MANAGED_THREAT_SIGNATURES", - "AWS_MANAGED_DOMAIN_LISTS" + "AWS_MANAGED_DOMAIN_LISTS", + "ACTIVE_THREAT_DEFENSE" ] }, "ResourceName":{ @@ -2596,7 +3940,7 @@ }, "SnsTopic":{ "shape":"ResourceArn", - "documentation":"

    The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..

    " }, "LastModifiedTime":{ "shape":"LastUpdateTime", @@ -2605,6 +3949,10 @@ "AnalysisResults":{ "shape":"AnalysisResultList", "documentation":"

    The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network Firewall analyzes the rule group and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in the list of analysis results.

    " + }, + "SummaryConfiguration":{ + "shape":"SummaryConfiguration", + "documentation":"

    A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by DescribeRuleGroupSummary.

    " } }, "documentation":"

    The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

    " @@ -2630,11 +3978,11 @@ "members":{ "Keyword":{ "shape":"Keyword", - "documentation":"

    The keyword for the Suricata compatible rule option. You must include a sid (signature ID), and can optionally include other keywords. For information about Suricata compatible keywords, see Rule options in the Suricata documentation.

    " + "documentation":"

    The keyword for the Suricata compatible rule option. You must include a sid (signature ID), and can optionally include other keywords. For information about Suricata compatible keywords, see Rule options in the Suricata documentation.

    " }, "Settings":{ "shape":"Settings", - "documentation":"

    The settings of the Suricata compatible rule option. Rule options have zero or more setting values, and the number of possible and required settings depends on the Keyword. For more information about the settings for specific options, see Rule options.

    " + "documentation":"

    The settings of the Suricata compatible rule option. Rule options have zero or more setting values, and the number of possible and required settings depends on the Keyword. For more information about the settings for specific options, see Rule options.

    " } }, "documentation":"

    Additional settings for a stateful rule. This is part of the StatefulRule configuration.

    " @@ -2650,6 +3998,28 @@ "STRICT_ORDER" ] }, + "RuleSummaries":{ + "type":"list", + "member":{"shape":"RuleSummary"} + }, + "RuleSummary":{ + "type":"structure", + "members":{ + "SID":{ + "shape":"CollectionMember_String", + "documentation":"

    The unique identifier (Signature ID) of the Suricata rule.

    " + }, + "Msg":{ + "shape":"CollectionMember_String", + "documentation":"

    The contents taken from the rule's msg field.

    " + }, + "Metadata":{ + "shape":"CollectionMember_String", + "documentation":"

    The contents of the rule's metadata.

    " + } + }, + "documentation":"

    A complex type containing details about a Suricata rule. Contains:

    • SID

    • Msg

    • Metadata

    Summaries are available for rule groups you manage and for active threat defense Amazon Web Services managed rule groups.

    " + }, "RuleTargets":{ "type":"list", "member":{"shape":"CollectionMember_String"} @@ -2672,7 +4042,7 @@ "documentation":"

    A list of port ranges.

    " } }, - "documentation":"

    Settings that are available for use in the rules in the RuleGroup where this is defined.

    " + "documentation":"

    Settings that are available for use in the rules in the RuleGroup where this is defined. See CreateRuleGroup or UpdateRuleGroup for usage.

    " }, "RulesSource":{ "type":"structure", @@ -2687,7 +4057,7 @@ }, "StatefulRules":{ "shape":"StatefulRules", - "documentation":"

    An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

    " + "documentation":"

    An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

    " }, "StatelessRulesAndCustomActions":{ "shape":"StatelessRulesAndCustomActions", @@ -2714,7 +4084,7 @@ }, "GeneratedRulesType":{ "shape":"GeneratedRulesType", - "documentation":"

    Whether you want to allow or deny access to the domains in your target list.

    " + "documentation":"

    Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.

    When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.

    " } }, "documentation":"

    Stateful inspection criteria for a domain list rule group.

    For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

    By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in Network Firewall in the Network Firewall Developer Guide.

    " @@ -2747,7 +4117,7 @@ }, "CertificateAuthorityArn":{ "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.

    • You can't use certificates issued by Private Certificate Authority.

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.

    For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.

    • You can't use certificates issued by Private Certificate Authority.

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.

    For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.

    " }, "CheckCertificateRevocationStatus":{ "shape":"CheckCertificateRevocationStatusActions", @@ -2781,7 +4151,7 @@ }, "Protocols":{ "shape":"ProtocolNumbers", - "documentation":"

    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.

    " + "documentation":"

    The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

    Network Firewall currently supports only TCP.

    " } }, "documentation":"

    Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.

    " @@ -2824,6 +4194,135 @@ }, "documentation":"

    High-level information about the managed rule group that your own rule group is copied from. You can use the the metadata to track version updates made to the originating rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

    " }, + "StartAnalysisReportRequest":{ + "type":"structure", + "required":["AnalysisType"], + "members":{ + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "AnalysisType":{ + "shape":"EnabledAnalysisType", + "documentation":"

    The type of traffic that will be used to generate a report.

    " + } + } + }, + "StartAnalysisReportResponse":{ + "type":"structure", + "required":["AnalysisReportId"], + "members":{ + "AnalysisReportId":{ + "shape":"AnalysisReportId", + "documentation":"

    The unique ID of the query that ran when you requested an analysis report.

    " + } + } + }, + "StartFlowCaptureRequest":{ + "type":"structure", + "required":[ + "FirewallArn", + "FlowFilters" + ], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "MinimumFlowAgeInSeconds":{ + "shape":"Age", + "documentation":"

    The reqested FlowOperation ignores flows with an age (in seconds) lower than MinimumFlowAgeInSeconds. You provide this for start commands.

    We recommend setting this value to at least 1 minute (60 seconds) to reduce chance of capturing flows that are not yet established.

    " + }, + "FlowFilters":{ + "shape":"FlowFilters", + "documentation":"

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + } + } + }, + "StartFlowCaptureResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "FlowOperationStatus":{ + "shape":"FlowOperationStatus", + "documentation":"

    Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

    If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    " + } + } + }, + "StartFlowFlushRequest":{ + "type":"structure", + "required":[ + "FirewallArn", + "FlowFilters" + ], + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"

    A unique identifier for the primary endpoint associated with a firewall.

    " + }, + "MinimumFlowAgeInSeconds":{ + "shape":"Age", + "documentation":"

    The reqested FlowOperation ignores flows with an age (in seconds) lower than MinimumFlowAgeInSeconds. You provide this for start commands.

    " + }, + "FlowFilters":{ + "shape":"FlowFilters", + "documentation":"

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    " + } + } + }, + "StartFlowFlushResponse":{ + "type":"structure", + "members":{ + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FlowOperationId":{ + "shape":"FlowOperationId", + "documentation":"

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    " + }, + "FlowOperationStatus":{ + "shape":"FlowOperationStatus", + "documentation":"

    Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

    If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    " + } + } + }, + "StartTime":{"type":"timestamp"}, "StatefulAction":{ "type":"string", "enum":[ @@ -2842,7 +4341,7 @@ "members":{ "RuleOrder":{ "shape":"RuleOrder", - "documentation":"

    Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER is the default and recommended option. With STRICT_ORDER, provide your rules in the order that you want them to be evaluated. You can then choose one or more default actions for packets that don't match any rules. Choose STRICT_ORDER to have the stateful rules engine determine the evaluation order of your rules. The default action for this rule order is PASS, followed by DROP, REJECT, and ALERT actions. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.

    " + "documentation":"

    Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER is the recommended option, but DEFAULT_ACTION_ORDER is the default option. With STRICT_ORDER, provide your rules in the order that you want them to be evaluated. You can then choose one or more default actions for packets that don't match any rules. Choose STRICT_ORDER to have the stateful rules engine determine the evaluation order of your rules. The default action for this rule order is PASS, followed by DROP, REJECT, and ALERT actions. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.

    " }, "StreamExceptionPolicy":{ "shape":"StreamExceptionPolicy", @@ -2876,7 +4375,7 @@ "documentation":"

    Additional options for the rule. These are the Suricata RuleOptions settings.

    " } }, - "documentation":"

    A single Suricata rules specification, for use in a stateful rule group. Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

    " + "documentation":"

    A single Suricata rules specification, for use in a stateful rule group. Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

    " }, "StatefulRuleDirection":{ "type":"string", @@ -2911,6 +4410,10 @@ "Override":{ "shape":"StatefulRuleGroupOverride", "documentation":"

    The action that allows the policy owner to override the behavior of the rule group within a policy.

    " + }, + "DeepThreatInspection":{ + "shape":"DeepThreatInspection", + "documentation":"

    Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, Amazon Web Services will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. Amazon Web Services will use these threat indicators to improve the active threat defense managed rule groups and protect the security of Amazon Web Services customers and services.

    Customers can opt-out of deep threat inspection at any time through the Network Firewall console or API. When customers opt out, Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.

    " } }, "documentation":"

    Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.

    " @@ -2950,7 +4453,9 @@ "IKEV2", "TFTP", "NTP", - "DHCP" + "DHCP", + "HTTP2", + "QUIC" ] }, "StatefulRules":{ @@ -3020,6 +4525,7 @@ }, "documentation":"

    Stateless inspection criteria. Each stateless rule group uses exactly one of these data types to define its stateless rules.

    " }, + "Status":{"type":"string"}, "StatusMessage":{"type":"string"}, "StatusReason":{ "type":"string", @@ -3048,25 +4554,62 @@ "documentation":"

    The subnet's IP address type. You can't change the IP address type after you create the subnet.

    " } }, - "documentation":"

    The ID for a subnet that you want to associate with the firewall. This is used with CreateFirewall and AssociateSubnets. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet's Availability Zone.

    " + "documentation":"

    The ID for a subnet that's used in an association with a firewall. This is used in CreateFirewall, AssociateSubnets, and CreateVpcEndpointAssociation. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet's Availability Zone.

    " }, "SubnetMappings":{ "type":"list", "member":{"shape":"SubnetMapping"} }, + "Summary":{ + "type":"structure", + "members":{ + "RuleSummaries":{ + "shape":"RuleSummaries", + "documentation":"

    An array of RuleSummary objects containing individual rule details that had been configured by the rulegroup's SummaryConfiguration.

    " + } + }, + "documentation":"

    A complex type containing summaries of security protections provided by a rule group.

    Network Firewall extracts this information from selected fields in the rule group's Suricata rules, based on your SummaryConfiguration settings.

    " + }, + "SummaryConfiguration":{ + "type":"structure", + "members":{ + "RuleOptions":{ + "shape":"SummaryRuleOptions", + "documentation":"

    Specifies the selected rule options returned by DescribeRuleGroupSummary.

    " + } + }, + "documentation":"

    A complex type that specifies which Suricata rule metadata fields to use when displaying threat information. Contains:

    • RuleOptions - The Suricata rule options fields to extract and display

    These settings affect how threat information appears in both the console and API responses. Summaries are available for rule groups you manage and for active threat defense Amazon Web Services managed rule groups.

    " + }, + "SummaryRuleOption":{ + "type":"string", + "enum":[ + "SID", + "MSG", + "METADATA" + ] + }, + "SummaryRuleOptions":{ + "type":"list", + "member":{"shape":"SummaryRuleOption"} + }, + "SupportedAvailabilityZones":{ + "type":"map", + "key":{"shape":"AvailabilityZone"}, + "value":{"shape":"AvailabilityZoneMetadata"} + }, "SyncState":{ "type":"structure", "members":{ "Attachment":{ "shape":"Attachment", - "documentation":"

    The attachment status of the firewall's association with a single VPC subnet. For each configured subnet, Network Firewall creates the attachment by instantiating the firewall endpoint in the subnet so that it's ready to take traffic. This is part of the FirewallStatus.

    " + "documentation":"

    The configuration and status for a single firewall subnet. For each configured subnet, Network Firewall creates the attachment by instantiating the firewall endpoint in the subnet so that it's ready to take traffic.

    " }, "Config":{ "shape":"SyncStateConfig", - "documentation":"

    The configuration status of the firewall endpoint in a single VPC subnet. Network Firewall provides each endpoint with the rules that are configured in the firewall policy. Each time you add a subnet or modify the associated firewall policy, Network Firewall synchronizes the rules in the endpoint, so it can properly filter network traffic. This is part of the FirewallStatus.

    " + "documentation":"

    The configuration status of the firewall endpoint in a single VPC subnet. Network Firewall provides each endpoint with the rules that are configured in the firewall policy. Each time you add a subnet or modify the associated firewall policy, Network Firewall synchronizes the rules in the endpoint, so it can properly filter network traffic.

    " } }, - "documentation":"

    The status of the firewall endpoint and firewall policy configuration for a single VPC subnet.

    For each VPC subnet that you associate with a firewall, Network Firewall does the following:

    • Instantiates a firewall endpoint in the subnet, ready to take traffic.

    • Configures the endpoint with the current firewall policy settings, to provide the filtering behavior for the endpoint.

    When you update a firewall, for example to add a subnet association or change a rule group in the firewall policy, the affected sync states reflect out-of-sync or not ready status until the changes are complete.

    " + "documentation":"

    The status of the firewall endpoint and firewall policy configuration for a single VPC subnet. This is part of the FirewallStatus.

    For each VPC subnet that you associate with a firewall, Network Firewall does the following:

    • Instantiates a firewall endpoint in the subnet, ready to take traffic.

    • Configures the endpoint with the current firewall policy settings, to provide the filtering behavior for the endpoint.

    When you update a firewall, for example to add a subnet association or change a rule group in the firewall policy, the affected sync states reflect out-of-sync or not ready status until the changes are complete.

    " }, "SyncStateConfig":{ "type":"map", @@ -3245,8 +4788,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3301,6 +4843,61 @@ }, "documentation":"

    Contains metadata about an Certificate Manager certificate.

    " }, + "TransitGatewayAttachmentId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^tgw-attach-[0-9a-z]+$" + }, + "TransitGatewayAttachmentStatus":{ + "type":"string", + "enum":[ + "CREATING", + "DELETING", + "DELETED", + "FAILED", + "ERROR", + "READY", + "PENDING_ACCEPTANCE", + "REJECTING", + "REJECTED" + ] + }, + "TransitGatewayAttachmentSyncState":{ + "type":"structure", + "members":{ + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"

    The unique identifier of the transit gateway attachment.

    " + }, + "TransitGatewayAttachmentStatus":{ + "shape":"TransitGatewayAttachmentStatus", + "documentation":"

    The current status of the transit gateway attachment.

    Valid values are:

    • CREATING - The attachment is being created

    • DELETING - The attachment is being deleted

    • DELETED - The attachment has been deleted

    • FAILED - The attachment creation has failed and cannot be recovered

    • ERROR - The attachment is in an error state that might be recoverable

    • READY - The attachment is active and processing traffic

    • PENDING_ACCEPTANCE - The attachment is waiting to be accepted

    • REJECTING - The attachment is in the process of being rejected

    • REJECTED - The attachment has been rejected

    " + }, + "StatusMessage":{ + "shape":"TransitGatewayAttachmentSyncStateMessage", + "documentation":"

    A message providing additional information about the current status, particularly useful when the transit gateway attachment is in a non-READY state.

    Valid values are:

    • CREATING - The attachment is being created

    • DELETING - The attachment is being deleted

    • DELETED - The attachment has been deleted

    • FAILED - The attachment creation has failed and cannot be recovered

    • ERROR - The attachment is in an error state that might be recoverable

    • READY - The attachment is active and processing traffic

    • PENDING_ACCEPTANCE - The attachment is waiting to be accepted

    • REJECTING - The attachment is in the process of being rejected

    • REJECTED - The attachment has been rejected

    For information about troubleshooting endpoint failures, see Troubleshooting firewall endpoint failures in the Network Firewall Developer Guide.

    " + } + }, + "documentation":"

    Contains information about the synchronization state of a transit gateway attachment, including its current status and any error messages. Network Firewall uses this to track the state of your transit gateway configuration changes.

    " + }, + "TransitGatewayAttachmentSyncStateMessage":{"type":"string"}, + "TransitGatewayId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^tgw-[0-9a-z]+$" + }, + "UniqueSources":{ + "type":"structure", + "members":{ + "Count":{ + "shape":"Count", + "documentation":"

    The number of unique source IP addresses that connected to a domain.

    " + } + }, + "documentation":"

    A unique source IP address that connected to a domain.

    " + }, "UnsupportedOperationException":{ "type":"structure", "members":{ @@ -3328,7 +4925,91 @@ }, "UntagResourceResponse":{ "type":"structure", + "members":{} + }, + "UpdateAvailabilityZoneChangeProtectionRequest":{ + "type":"structure", + "required":["AvailabilityZoneChangeProtection"], "members":{ + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "AvailabilityZoneChangeProtection":{ + "shape":"Boolean", + "documentation":"

    A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

    " + } + } + }, + "UpdateAvailabilityZoneChangeProtectionResponse":{ + "type":"structure", + "members":{ + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    " + }, + "AvailabilityZoneChangeProtection":{ + "shape":"Boolean", + "documentation":"

    A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

    " + } + } + }, + "UpdateFirewallAnalysisSettingsRequest":{ + "type":"structure", + "members":{ + "EnabledAnalysisTypes":{ + "shape":"EnabledAnalysisTypes", + "documentation":"

    An optional setting indicating the specific traffic analysis types to enable on the firewall.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + } + } + }, + "UpdateFirewallAnalysisSettingsResponse":{ + "type":"structure", + "members":{ + "EnabledAnalysisTypes":{ + "shape":"EnabledAnalysisTypes", + "documentation":"

    An optional setting indicating the specific traffic analysis types to enable on the firewall.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "FirewallName":{ + "shape":"ResourceName", + "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    You must specify the ARN or the name, and you can specify both.

    " + }, + "UpdateToken":{ + "shape":"UpdateToken", + "documentation":"

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    " + } } }, "UpdateFirewallDeleteProtectionRequest":{ @@ -3563,6 +5244,10 @@ "LoggingConfiguration":{ "shape":"LoggingConfiguration", "documentation":"

    Defines how Network Firewall performs logging for a firewall. If you omit this setting, Network Firewall disables logging for the firewall.

    " + }, + "EnableMonitoringDashboard":{ + "shape":"EnableMonitoringDashboard", + "documentation":"

    A boolean that lets you enable or disable the detailed firewall monitoring dashboard on the firewall.

    The monitoring dashboard provides comprehensive visibility into your firewall's flow logs and alert logs. After you enable detailed monitoring, you can access these dashboards directly from the Monitoring page of the Network Firewall console.

    Specify TRUE to enable the the detailed monitoring dashboard on the firewall. Specify FALSE to disable the the detailed monitoring dashboard on the firewall.

    " } } }, @@ -3577,7 +5262,11 @@ "shape":"ResourceName", "documentation":"

    The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    " }, - "LoggingConfiguration":{"shape":"LoggingConfiguration"} + "LoggingConfiguration":{"shape":"LoggingConfiguration"}, + "EnableMonitoringDashboard":{ + "shape":"EnableMonitoringDashboard", + "documentation":"

    A boolean that reflects whether or not the firewall monitoring dashboard is enabled on a firewall.

    Returns TRUE when the firewall monitoring dashboard is enabled on the firewall. Returns FALSE when the firewall monitoring dashboard is not enabled on the firewall.

    " + } } }, "UpdateRuleGroupRequest":{ @@ -3627,6 +5316,10 @@ "AnalyzeRuleGroup":{ "shape":"Boolean", "documentation":"

    Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then updates the rule group for you. To run the stateless rule group analyzer without updating the rule group, set DryRun to TRUE.

    " + }, + "SummaryConfiguration":{ + "shape":"SummaryConfiguration", + "documentation":"

    Updates the selected summary configuration for a rule group.

    Changes affect subsequent responses from DescribeRuleGroupSummary.

    " } } }, @@ -3755,6 +5448,78 @@ "type":"list", "member":{"shape":"VariableDefinition"} }, + "VpcEndpointAssociation":{ + "type":"structure", + "required":[ + "VpcEndpointAssociationArn", + "FirewallArn", + "VpcId", + "SubnetMapping" + ], + "members":{ + "VpcEndpointAssociationId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VPC endpoint association.

    " + }, + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + }, + "FirewallArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the firewall.

    " + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the VPC for the endpoint association.

    " + }, + "SubnetMapping":{"shape":"SubnetMapping"}, + "Description":{ + "shape":"Description", + "documentation":"

    A description of the VPC endpoint association.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    The key:value pairs to associate with the resource.

    " + } + }, + "documentation":"

    A VPC endpoint association defines a single subnet to use for a firewall endpoint for a Firewall. You can define VPC endpoint associations only in the Availability Zones that already have a subnet mapping defined in the Firewall resource.

    You can retrieve the list of Availability Zones that are available for use by calling DescribeFirewallMetadata.

    To manage firewall endpoints, first, in the Firewall specification, you specify a single VPC and one subnet for each of the Availability Zones where you want to use the firewall. Then you can define additional endpoints as VPC endpoint associations.

    You can use VPC endpoint associations to expand the protections of the firewall as follows:

    • Protect multiple VPCs with a single firewall - You can use the firewall to protect other VPCs, either in your account or in accounts where the firewall is shared. You can only specify Availability Zones that already have a firewall endpoint defined in the Firewall subnet mappings.

    • Define multiple firewall endpoints for a VPC in an Availability Zone - You can create additional firewall endpoints for the VPC that you have defined in the firewall, in any Availability Zone that already has an endpoint defined in the Firewall subnet mappings. You can create multiple VPC endpoint associations for any other VPC where you use the firewall.

    You can use Resource Access Manager to share a Firewall that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see PutResourcePolicy in this guide and see Sharing Network Firewall resources in the Network Firewall Developer Guide.

    The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VpcEndpointAssociationStatus. You can retrieve both the association and its status by calling DescribeVpcEndpointAssociation.

    " + }, + "VpcEndpointAssociationMetadata":{ + "type":"structure", + "members":{ + "VpcEndpointAssociationArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    " + } + }, + "documentation":"

    High-level information about a VPC endpoint association, returned by ListVpcEndpointAssociations. You can use the information provided in the metadata to retrieve and manage a VPC endpoint association.

    " + }, + "VpcEndpointAssociationStatus":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"FirewallStatusValue", + "documentation":"

    The readiness of the configured firewall endpoint to handle network traffic.

    " + }, + "AssociationSyncState":{ + "shape":"AssociationSyncState", + "documentation":"

    The list of the Availability Zone sync states for all subnets that are defined by the firewall.

    " + } + }, + "documentation":"

    Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.

    " + }, + "VpcEndpointAssociations":{ + "type":"list", + "member":{"shape":"VpcEndpointAssociationMetadata"} + }, + "VpcEndpointId":{ + "type":"string", + "max":256, + "min":5, + "pattern":"^vpce-[a-zA-Z0-9]*$" + }, "VpcId":{ "type":"string", "max":128, @@ -3766,5 +5531,5 @@ "member":{"shape":"VpcId"} } }, - "documentation":"

    This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.

    The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and error handling. For general information about using the Amazon Web Services REST APIs, see Amazon Web Services APIs.

    To view the complete list of Amazon Web Services Regions where Network Firewall is available, see Service endpoints and quotas in the Amazon Web Services General Reference.

    To access Network Firewall using the IPv4 REST API endpoint: https://network-firewall.<region>.amazonaws.com

    To access Network Firewall using the Dualstack (IPv4 and IPv6) REST API endpoint: https://network-firewall.<region>.aws.api

    Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.

    For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the Network Firewall console, see the Network Firewall Developer Guide.

    Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat detection engine.

    You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:

    • Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other forms of traffic.

    • Use custom lists of known bad domains to limit the types of domain names that your applications can access.

    • Perform deep packet inspection on traffic entering or leaving your VPC.

    • Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.

    To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.

    To start using Network Firewall, do the following:

    1. (Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.

    2. In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.

    3. In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.

    4. In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.

    5. In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.

    6. In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.

    " + "documentation":"

    This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.

    The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and error handling. For general information about using the Amazon Web Services REST APIs, see Amazon Web Services APIs.

    To view the complete list of Amazon Web Services Regions where Network Firewall is available, see Service endpoints and quotas in the Amazon Web Services General Reference.

    To access Network Firewall using the IPv4 REST API endpoint: https://network-firewall.<region>.amazonaws.com

    To access Network Firewall using the Dualstack (IPv4 and IPv6) REST API endpoint: https://network-firewall.<region>.aws.api

    Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.

    For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the Network Firewall console, see the Network Firewall Developer Guide.

    Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat detection engine. Network Firewall supports Suricata version 7.0.3. For information about Suricata, see the Suricata website and the Suricata User Guide.

    You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:

    • Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other forms of traffic.

    • Use custom lists of known bad domains to limit the types of domain names that your applications can access.

    • Perform deep packet inspection on traffic entering or leaving your VPC.

    • Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.

    To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.

    To start using Network Firewall, do the following:

    1. (Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.

    2. In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.

    3. In Network Firewall, define the firewall behavior as follows:

      1. Create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.

      2. Create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.

    4. In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.

    5. In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.

    After your firewall is established, you can add firewall endpoints for new Availability Zones by following the prior steps for the Amazon VPC setup and firewall subnet definitions. You can also add endpoints to Availability Zones that you're using in the firewall, either for the same VPC or for another VPC, by following the prior steps for the Amazon VPC setup, and defining the new VPC subnets as VPC endpoint associations.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/networkflowmonitor/2023-04-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/networkflowmonitor/2023-04-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/networkflowmonitor/2023-04-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/networkflowmonitor/2023-04-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json 2.31.35-1/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json --- 2.23.6-1/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Create a monitor for specific network flows between local and remote resources, so that you can monitor network performance for one or several of your workloads. For each monitor, Network Flow Monitor publishes detailed end-to-end performance metrics and a network health indicators (NHI) that informs you whether there were Amazon Web Services network issues for one or more of the network flows tracked by a monitor, during a time period that you choose.

    ", + "documentation":"

    Create a monitor for specific network flows between local and remote resources, so that you can monitor network performance for one or several of your workloads. For each monitor, Network Flow Monitor publishes detailed end-to-end performance metrics and a network health indicator (NHI) that informs you whether there were Amazon Web Services network issues for one or more of the network flows tracked by a monitor, during a time period that you choose.

    ", "idempotent":true }, "CreateScope":{ @@ -50,7 +50,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Create a scope of resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend. This call returns a scope ID to identify the scope.

    When you create a scope, you enable permissions for Network Flow Monitor. The scope is set to the resources for the Amazon Web Services that enables the feature.

    ", + "documentation":"

    In Network Flow Monitor, you specify a scope for the service to generate metrics for. By using the scope, Network Flow Monitor can generate a topology of all the resources to measure performance metrics for. When you create a scope, you enable permissions for Network Flow Monitor.

    A scope is a Region-account pair or multiple Region-account pairs. Network Flow Monitor uses your scope to determine all the resources (the topology) where Network Flow Monitor will gather network flow performance metrics for you. To provide performance metrics, Network Flow Monitor uses the data that is sent by the Network Flow Monitor agents you install on the resources.

    To define the Region-account pairs for your scope, the Network Flow Monitor API uses the following constucts, which allow for future flexibility in defining scopes:

    • Targets, which are arrays of targetResources.

    • Target resources, which are Region-targetIdentifier pairs.

    • Target identifiers, made up of a targetID (currently always an account ID) and a targetType (currently always an account).

    ", "idempotent":true }, "DeleteMonitor":{ @@ -64,6 +64,7 @@ "output":{"shape":"DeleteMonitorOutput"}, "errors":[ {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, @@ -83,6 +84,8 @@ "output":{"shape":"DeleteScopeOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, @@ -107,7 +110,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets information about a monitor in Network Flow Monitor based on a monitor name. The information returned includes the Amazon Resource Name (ARN), create time, modified time, resources included in the monitor, and status information.

    " + "documentation":"

    Gets information about a monitor in Network Flow Monitor based on a monitor name. The information returned includes the Amazon Resource Name (ARN), create time, modified time, resources included in the monitor, and status information.

    ", + "readonly":true }, "GetQueryResultsMonitorTopContributors":{ "name":"GetQueryResultsMonitorTopContributors", @@ -126,7 +130,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryMonitorTopContributors. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryMonitorTopContributors. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "GetQueryResultsWorkloadInsightsTopContributors":{ "name":"GetQueryResultsWorkloadInsightsTopContributors", @@ -145,7 +150,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name.

    This query returns the top contributors for a scope for workload insights. Workload insights provide a high level view of network flow performance data collected by agents. To return the data for the top contributors, see GetQueryResultsWorkloadInsightsTopContributorsData.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "GetQueryResultsWorkloadInsightsTopContributorsData":{ "name":"GetQueryResultsWorkloadInsightsTopContributorsData", @@ -164,7 +170,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.

    " + "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID.

    This query returns the data for top contributors for workload insights for a specific scope. Workload insights provide a high level view of network flow performance data collected by agents for a scope. To return just the top contributors, see GetQueryResultsWorkloadInsightsTopContributors.

    Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData. Use the scope ID that was returned for your account by CreateScope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    The top contributor network flows overall are for a specific metric type, for example, the number of retransmissions.

    ", + "readonly":true }, "GetQueryStatusMonitorTopContributors":{ "name":"GetQueryStatusMonitorTopContributors", @@ -182,7 +189,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors for a monitor.

    When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryMonitorTopContributors.

    When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.

    " + "documentation":"

    Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors for a monitor.

    When you create a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start (create) the query, StartQueryMonitorTopContributors.

    When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.

    ", + "readonly":true }, "GetQueryStatusWorkloadInsightsTopContributors":{ "name":"GetQueryStatusWorkloadInsightsTopContributors", @@ -200,7 +208,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for workload insights.

    When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for workload insights.

    When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "GetQueryStatusWorkloadInsightsTopContributorsData":{ "name":"GetQueryStatusWorkloadInsightsTopContributorsData", @@ -218,7 +227,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors data for workload insights.

    When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.

    " + "documentation":"

    Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors data for workload insights.

    When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    The top contributor network flows overall are for a specific metric type, for example, the number of retransmissions.

    ", + "readonly":true }, "GetScope":{ "name":"GetScope", @@ -231,12 +241,14 @@ "output":{"shape":"GetScopeOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets information about a scope, including the name, status, tags, and target details. The scope in Network Flow Monitor is an account.

    " + "documentation":"

    Gets information about a scope, including the name, status, tags, and target details. The scope in Network Flow Monitor is an account.

    ", + "readonly":true }, "ListMonitors":{ "name":"ListMonitors", @@ -253,7 +265,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List all monitors in an account. Optionally, you can list only monitors that have a specific status, by using the STATUS parameter.

    " + "documentation":"

    List all monitors in an account. Optionally, you can list only monitors that have a specific status, by using the STATUS parameter.

    ", + "readonly":true }, "ListScopes":{ "name":"ListScopes", @@ -271,7 +284,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List all the scopes for an account.

    " + "documentation":"

    List all the scopes for an account.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -290,7 +304,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns all the tags for a resource.

    " + "documentation":"

    Returns all the tags for a resource.

    ", + "readonly":true }, "StartQueryMonitorTopContributors":{ "name":"StartQueryMonitorTopContributors", @@ -308,7 +323,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Create a query that you can use with the Network Flow Monitor query interface to return the top contributors for a monitor. Specify the monitor that you want to create the query for.

    The call returns a query ID that you can use with GetQueryResultsMonitorTopContributors to run the query and return the top contributors for a specific monitor.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable APIs for the top contributors that you want to be returned.

    " }, "StartQueryWorkloadInsightsTopContributors":{ "name":"StartQueryWorkloadInsightsTopContributors", @@ -326,7 +341,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to start by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Create a query with the Network Flow Monitor query interface that you can run to return workload insights top contributors. Specify the scope that you want to create a query for.

    The call returns a query ID that you can use with GetQueryResultsWorkloadInsightsTopContributors to run the query and return the top contributors for the workload insights for a scope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable APIs for the top contributors that you want to be returned.

    ", + "readonly":true }, "StartQueryWorkloadInsightsTopContributorsData":{ "name":"StartQueryWorkloadInsightsTopContributorsData", @@ -344,7 +360,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.

    A query ID is returned from an API call to start a query of a specific type; for example

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.

    " + "documentation":"

    Create a query with the Network Flow Monitor query interface that you can run to return data for workload insights top contributors. Specify the scope that you want to create a query for.

    The call returns a query ID that you can use with GetQueryResultsWorkloadInsightsTopContributorsData to run the query and return the data for the top contributors for the workload insights for a scope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "StopQueryMonitorTopContributors":{ "name":"StopQueryMonitorTopContributors", @@ -362,7 +379,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    ", + "documentation":"

    Stop a top contributors query for a monitor. Specify the query that you want to stop by providing a query ID and a monitor name.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", "idempotent":true }, "StopQueryWorkloadInsightsTopContributors":{ @@ -381,7 +398,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    " + "documentation":"

    Stop a top contributors query for workload insights. Specify the query that you want to stop by providing a query ID and a scope ID.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "StopQueryWorkloadInsightsTopContributorsData":{ "name":"StopQueryWorkloadInsightsTopContributorsData", @@ -399,7 +417,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.

    The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.

    " + "documentation":"

    Stop a top contributors data query for workload insights. Specify the query that you want to stop by providing a query ID and a scope ID.

    Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type. Top contributors can be across all workload insights, for a given scope, or for a specific monitor. Use the applicable call for the top contributors that you want to be returned.

    ", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -471,6 +490,8 @@ "output":{"shape":"UpdateScopeOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, @@ -535,18 +556,18 @@ }, "localResources":{ "shape":"CreateMonitorInputLocalResourcesList", - "documentation":"

    The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed. For example, if a workload consists of an interaction between a web service and a backend database (for example, Amazon Relational Database Service (RDS)), the EC2 instance hosting the web service, which also runs the agent, is the local resource.

    " + "documentation":"

    The local resources to monitor. A local resource in a workload is the location of the host, or hosts, where the Network Flow Monitor agent is installed. For example, if a workload consists of an interaction between a web service and a backend database (for example, Amazon Dynamo DB), the subnet with the EC2 instance that hosts the web service, which also runs the agent, is the local resource.

    Be aware that all local resources must belong to the current Region.

    " }, "remoteResources":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource.

    " + "documentation":"

    The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    When you specify remote resources, be aware that specific combinations of resources are allowed and others are not, including the following constraints:

    • All remote resources that you specify must all belong to a single Region.

    • If you specify Amazon Web Services services as remote resources, any other remote resources that you specify must be in the current Region.

    • When you specify a remote resource for another Region, you can only specify the Region resource type. You cannot specify a subnet, VPC, or Availability Zone in another Region.

    • If you leave the RemoteResources parameter empty, the monitor will include all network flows that terminate in the current Region.

    " }, "scopeArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the scope for the monitor.

    " }, "clientToken":{ - "shape":"String", + "shape":"UuidString", "documentation":"

    A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.

    ", "idempotencyToken":true }, @@ -587,11 +608,11 @@ }, "localResources":{ "shape":"MonitorLocalResources", - "documentation":"

    The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed.

    " + "documentation":"

    The local resources to monitor. A local resource in a workload is the location of hosts where the Network Flow Monitor agent is installed.

    " }, "remoteResources":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource. The remote resource is identified by its ARN or an identifier.

    " + "documentation":"

    The remote resources to monitor. A remote resource is the other endpoint specified for the network flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    " }, "createdAt":{ "shape":"Iso8601Timestamp", @@ -613,10 +634,10 @@ "members":{ "targets":{ "shape":"CreateScopeInputTargetsList", - "documentation":"

    The targets to define the scope to be monitored. Currently, a target is an Amazon Web Services account.

    " + "documentation":"

    The targets to define the scope to be monitored. A target is an array of targetResources, which are currently Region-account pairs, defined by targetResource constructs.

    " }, "clientToken":{ - "shape":"String", + "shape":"UuidString", "documentation":"

    A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.

    ", "idempotencyToken":true }, @@ -646,7 +667,7 @@ }, "status":{ "shape":"ScopeStatus", - "documentation":"

    The status for a call to create a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.

    " + "documentation":"

    The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.

    A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.

    " }, "scopeArn":{ "shape":"Arn", @@ -672,8 +693,7 @@ }, "DeleteMonitorOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScopeInput":{ "type":"structure", @@ -689,8 +709,7 @@ }, "DeleteScopeOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DestinationCategory":{ "type":"string", @@ -700,7 +719,8 @@ "INTER_VPC", "UNCLASSIFIED", "AMAZON_S3", - "AMAZON_DYNAMODB" + "AMAZON_DYNAMODB", + "INTER_REGION" ] }, "Double":{ @@ -745,11 +765,11 @@ }, "localResources":{ "shape":"MonitorLocalResources", - "documentation":"

    The local resources for this monitor.

    " + "documentation":"

    The local resources to monitor. A local resource in a workload is the location of the hosts where the Network Flow Monitor agent is installed.

    " }, "remoteResources":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remote resources for this monitor.

    " + "documentation":"

    The remote resources to monitor. A remote resource is the other endpoint specified for the network flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    " }, "createdAt":{ "shape":"Iso8601Timestamp", @@ -780,7 +800,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" }, @@ -830,7 +850,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" }, @@ -884,7 +904,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" }, @@ -1039,7 +1059,7 @@ }, "status":{ "shape":"ScopeStatus", - "documentation":"

    The status of a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.

    " + "documentation":"

    The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.

    A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.

    " }, "scopeArn":{ "shape":"Arn", @@ -1047,7 +1067,7 @@ }, "targets":{ "shape":"TargetResourceList", - "documentation":"

    The targets for a scope

    " + "documentation":"

    The targets to define the scope to be monitored. A target is an array of targetResources, which are currently Region-account pairs, defined by targetResource constructs.

    " }, "tags":{ "shape":"TagMap", @@ -1262,21 +1282,22 @@ "members":{ "type":{ "shape":"MonitorLocalResourceType", - "documentation":"

    The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.

    " + "documentation":"

    The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::Region.

    " }, "identifier":{ "shape":"String", - "documentation":"

    The identifier of the local resource, such as an ARN.

    " + "documentation":"

    The identifier of the local resource. For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN. For an Availability Zone, this identifier is the AZ name, for example, us-west-2b.

    " } }, - "documentation":"

    A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.

    " + "documentation":"

    A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.

    " }, "MonitorLocalResourceType":{ "type":"string", "enum":[ "AWS::EC2::VPC", "AWS::AvailabilityZone", - "AWS::EC2::Subnet" + "AWS::EC2::Subnet", + "AWS::Region" ] }, "MonitorLocalResources":{ @@ -1301,14 +1322,14 @@ "members":{ "type":{ "shape":"MonitorRemoteResourceType", - "documentation":"

    The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.

    " + "documentation":"

    The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, AWS::AWSService, or AWS::Region.

    " }, "identifier":{ "shape":"String", - "documentation":"

    The identifier of the remote resource, such as an ARN.

    " + "documentation":"

    The identifier of the remote resource. For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN. For an Availability Zone, this identifier is the AZ name, for example, us-west-2b. For an Amazon Web Services Region , this identifier is the Region name, for example, us-west-2.

    " } }, - "documentation":"

    A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.

    " + "documentation":"

    A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, an Amazon Web Services service, or an Amazon Web Services Region.

    When a remote resource is an Amazon Web Services Region, Network Flow Monitor provides network performance measurements up to the edge of the Region that you specify.

    " }, "MonitorRemoteResourceType":{ "type":"string", @@ -1316,7 +1337,8 @@ "AWS::EC2::VPC", "AWS::AvailabilityZone", "AWS::EC2::Subnet", - "AWS::AWSService" + "AWS::AWSService", + "AWS::Region" ] }, "MonitorRemoteResources":{ @@ -1354,7 +1376,7 @@ "documentation":"

    The status of a monitor. The status can be one of the following

    • PENDING: The monitor is in the process of being created.

    • ACTIVE: The monitor is active.

    • INACTIVE: The monitor is inactive.

    • ERROR: Monitor creation failed due to an error.

    • DELETING: The monitor is in the process of being deleted.

    " } }, - "documentation":"

    A summary of information about a monitor, includ the ARN, the name, and the status.

    " + "documentation":"

    A summary of information about a monitor, including the ARN, the name, and the status.

    " }, "MonitorTopContributorsRow":{ "type":"structure", @@ -1393,7 +1415,7 @@ }, "destinationCategory":{ "shape":"DestinationCategory", - "documentation":"

    The destination category for a top contributors row. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " + "documentation":"

    The destination category for a top contributors row. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_REGION: Top contributor network flows between Regions (to the edge of another Region)

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " }, "remoteVpcId":{ "shape":"VpcId", @@ -1500,7 +1522,9 @@ "enum":[ "SUCCEEDED", "IN_PROGRESS", - "FAILED" + "FAILED", + "DEACTIVATING", + "DEACTIVATED" ] }, "ScopeSummary":{ @@ -1513,11 +1537,11 @@ "members":{ "scopeId":{ "shape":"ScopeId", - "documentation":"

    The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.

    " + "documentation":"

    The identifier for the scope that includes the resources that you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for the accounts in a scope.

    " }, "status":{ "shape":"ScopeStatus", - "documentation":"

    The status of a scope. The status can be one of the following, depending on the state of scope creation: SUCCEEDED, IN_PROGRESS, or FAILED.

    " + "documentation":"

    The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.

    A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.

    " }, "scopeArn":{ "shape":"Arn", @@ -1560,7 +1584,7 @@ }, "startTime":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.

    " + "documentation":"

    The timestamp that is the date and time that is the beginning of the period that you want to retrieve results for with your query.

    " }, "endTime":{ "shape":"SyntheticTimestamp_date_time", @@ -1568,11 +1592,11 @@ }, "metricName":{ "shape":"MonitorMetric", - "documentation":"

    The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.

    " + "documentation":"

    The metric that you want to query top contributors for. That is, you can specify a metric with this call and return the top contributor network flows, for that type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.

    " }, "destinationCategory":{ "shape":"DestinationCategory", - "documentation":"

    The category that you want to query top contributors for, for a specific monitor. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " + "documentation":"

    The category that you want to query top contributors for, for a specific monitor. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_REGION: Top contributor network flows between Regions (to the edge of another Region)

    • INTER_VPC: Top contributor network flows between VPCs

    • AMAZON_S3: Top contributor network flows to or from Amazon S3

    • AMAZON_DYNAMODB: Top contributor network flows to or from Amazon Dynamo DB

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " }, "limit":{ "shape":"Limit", @@ -1608,7 +1632,7 @@ }, "startTime":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.

    " + "documentation":"

    The timestamp that is the date and time that is the beginning of the period that you want to retrieve results for with your query.

    " }, "endTime":{ "shape":"SyntheticTimestamp_date_time", @@ -1620,7 +1644,7 @@ }, "destinationCategory":{ "shape":"DestinationCategory", - "documentation":"

    The destination category for a top contributors. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " + "documentation":"

    The destination category for a top contributors. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_REGION: Top contributor network flows between Regions (to the edge of another Region)

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " } } }, @@ -1652,7 +1676,7 @@ }, "startTime":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.

    " + "documentation":"

    The timestamp that is the date and time that is the beginning of the period that you want to retrieve results for with your query.

    " }, "endTime":{ "shape":"SyntheticTimestamp_date_time", @@ -1664,7 +1688,7 @@ }, "destinationCategory":{ "shape":"DestinationCategory", - "documentation":"

    The destination category for a top contributors row. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " + "documentation":"

    The destination category for a top contributors row. Destination categories can be one of the following:

    • INTRA_AZ: Top contributor network flows within a single Availability Zone

    • INTER_AZ: Top contributor network flows between Availability Zones

    • INTER_REGION: Top contributor network flows between Regions (to the edge of another Region)

    • INTER_VPC: Top contributor network flows between VPCs

    • AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services

    • UNCLASSIFIED: Top contributor network flows that do not have a bucket classification

    " }, "limit":{ "shape":"Limit", @@ -1697,7 +1721,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" } @@ -1705,8 +1729,7 @@ }, "StopQueryMonitorTopContributorsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StopQueryWorkloadInsightsTopContributorsDataInput":{ "type":"structure", @@ -1723,7 +1746,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" } @@ -1731,8 +1754,7 @@ }, "StopQueryWorkloadInsightsTopContributorsDataOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "StopQueryWorkloadInsightsTopContributorsInput":{ "type":"structure", @@ -1749,7 +1771,7 @@ }, "queryId":{ "shape":"String", - "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.

    ", + "documentation":"

    The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to create a query.

    ", "location":"uri", "locationName":"queryId" } @@ -1757,8 +1779,7 @@ }, "StopQueryWorkloadInsightsTopContributorsOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{"type":"string"}, "SubnetArn":{"type":"string"}, @@ -1809,8 +1830,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1837,14 +1857,14 @@ "members":{ "targetId":{ "shape":"TargetId", - "documentation":"

    The identifier for a target.

    " + "documentation":"

    The identifier for a target, which is currently always an account ID .

    " }, "targetType":{ "shape":"TargetType", - "documentation":"

    The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.

    " + "documentation":"

    The type of a target. A target type is currently always ACCOUNT.

    " } }, - "documentation":"

    A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.

    " + "documentation":"

    A target identifier is a pair of identifying information for a scope that is included in a target. A target identifier is made up of a target ID and a target type. Currently the target ID is always an account ID and the target type is always ACCOUNT.

    " }, "TargetResource":{ "type":"structure", @@ -1855,14 +1875,14 @@ "members":{ "targetIdentifier":{ "shape":"TargetIdentifier", - "documentation":"

    A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.

    " + "documentation":"

    A target identifier is a pair of identifying information for a scope. A target identifier is made up of a targetID (currently always an account ID) and a targetType (currently always an account).

    " }, "region":{ "shape":"AwsRegion", - "documentation":"

    The Amazon Web Services Region where the target resource is located.

    " + "documentation":"

    The Amazon Web Services Region for the scope.

    " } }, - "documentation":"

    A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.

    " + "documentation":"

    A target resource in a scope. The resource is identified by a Region and an account, defined by a target identifier. A target identifier is made up of a target ID (currently always an account ID) and a target type (currently always ACCOUNT).

    " }, "TargetResourceList":{ "type":"list", @@ -1898,7 +1918,7 @@ }, "componentArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of a tranversed component.

    " + "documentation":"

    The Amazon Resource Name (ARN) of a traversed component.

    " }, "serviceName":{ "shape":"String", @@ -1934,8 +1954,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMonitorInput":{ "type":"structure", @@ -1949,7 +1968,7 @@ }, "localResourcesToAdd":{ "shape":"MonitorLocalResources", - "documentation":"

    The local resources to add, as an array of resources with identifiers and types.

    " + "documentation":"

    Additional local resources to specify network flows for a monitor, as an array of resources with identifiers and types. A local resource in a workload is the location of hosts where the Network Flow Monitor agent is installed.

    " }, "localResourcesToRemove":{ "shape":"MonitorLocalResources", @@ -1957,14 +1976,14 @@ }, "remoteResourcesToAdd":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remove resources to add, as an array of resources with identifiers and types.

    " + "documentation":"

    The remote resources to add, as an array of resources with identifiers and types.

    A remote resource is the other endpoint in the flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    " }, "remoteResourcesToRemove":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remove resources to remove, as an array of resources with identifiers and types.

    " + "documentation":"

    The remote resources to remove, as an array of resources with identifiers and types.

    A remote resource is the other endpoint specified for the network flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    " }, "clientToken":{ - "shape":"String", + "shape":"UuidString", "documentation":"

    A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.

    ", "idempotencyToken":true } @@ -1996,11 +2015,11 @@ }, "localResources":{ "shape":"MonitorLocalResources", - "documentation":"

    The local resources updated for a monitor, as an array of resources with identifiers and types.

    " + "documentation":"

    The local resources to monitor. A local resource in a workload is the location of hosts where the Network Flow Monitor agent is installed.

    " }, "remoteResources":{ "shape":"MonitorRemoteResources", - "documentation":"

    The remote resources updated for a monitor, as an array of resources with identifiers and types.

    " + "documentation":"

    The remote resources updated for a monitor, as an array of resources with identifiers and types.

    A remote resource is the other endpoint specified for the network flow of a workload, with a local resource. For example, Amazon Dynamo DB can be a remote resource.

    " }, "createdAt":{ "shape":"Iso8601Timestamp", @@ -2062,7 +2081,7 @@ }, "status":{ "shape":"ScopeStatus", - "documentation":"

    The status for a call to update a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.

    " + "documentation":"

    The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.

    A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.

    " }, "scopeArn":{ "shape":"Arn", @@ -2074,6 +2093,12 @@ } } }, + "UuidString":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "ValidationException":{ "type":"structure", "members":{ @@ -2151,7 +2176,7 @@ }, "remoteIdentifier":{ "shape":"String", - "documentation":"

    The identifier of a remote resource.

    " + "documentation":"

    The identifier of a remote resource. For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN. For an Availability Zone, this identifier is the AZ name, for example, us-west-2b. For an Amazon Web Services Region , this identifier is the Region name, for example, us-west-2.

    " }, "value":{ "shape":"Long", diff -pruN 2.23.6-1/awscli/botocore/data/networkmanager/2019-07-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/networkmanager/2019-07-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/networkmanager/2019-07-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/networkmanager/2019-07-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,254 +57,322 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://networkmanager.us-west-2.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "networkmanager", - "signingRegion": "us-west-2" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://networkmanager.us-west-2.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws-us-gov" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" - }, - false - ] - } - ], - "endpoint": { - "url": "https://networkmanager.us-gov-west-1.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "networkmanager", - "signingRegion": "us-gov-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://networkmanager.us-west-2.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://networkmanager-fips.us-west-2.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://networkmanager-fips.us-west-2.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-us-gov" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://networkmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + "endpoint": { + "url": "https://networkmanager.us-gov-west-1.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] }, - true - ] - } - ], - "rules": [ + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -312,105 +380,293 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://networkmanager.us-gov-west-1.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://networkmanager-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://networkmanager-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://networkmanager-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://networkmanager.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://networkmanager.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://networkmanager.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://networkmanager.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/networkmanager/2019-07-05/service-2.json 2.31.35-1/awscli/botocore/data/networkmanager/2019-07-05/service-2.json --- 2.23.6-1/awscli/botocore/data/networkmanager/2019-07-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/networkmanager/2019-07-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2611,6 +2611,18 @@ "ServiceInsertionActions":{ "shape":"ServiceInsertionActionList", "documentation":"

    Describes the service insertion action.

    " + }, + "VpnEcmpSupport":{ + "shape":"Boolean", + "documentation":"

    Indicates whether Equal Cost Multipath (ECMP) is enabled for the core network.

    " + }, + "DnsSupport":{ + "shape":"Boolean", + "documentation":"

    Indicates whether public DNS support is supported. The default is true.

    " + }, + "SecurityGroupReferencingSupport":{ + "shape":"Boolean", + "documentation":"

    Indicates whether security group referencing is enabled for the core network.

    " } }, "documentation":"

    Describes a core network change.

    " @@ -3716,8 +3728,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSiteRequest":{ "type":"structure", @@ -4102,8 +4113,7 @@ }, "ExecuteCoreNetworkChangeSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ExternalRegionCode":{ "type":"string", @@ -6256,8 +6266,7 @@ }, "PutResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ReasonContextKey":{ "type":"string", @@ -6903,8 +6912,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7120,8 +7128,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectionRequest":{ "type":"structure", @@ -7552,6 +7559,14 @@ "ApplianceModeSupport":{ "shape":"Boolean", "documentation":"

    Indicates whether appliance mode is supported. If enabled, traffic flow between a source and destination use the same Availability Zone for the VPC attachment for the lifetime of that flow. The default value is false.

    " + }, + "DnsSupport":{ + "shape":"Boolean", + "documentation":"

    Indicates whether DNS is supported.

    " + }, + "SecurityGroupReferencingSupport":{ + "shape":"Boolean", + "documentation":"

    Indicates whether security group referencing is enabled for this VPC attachment. The default is true. However, at the core network policy-level the default is set to false.

    " } }, "documentation":"

    Describes the VPC options.

    " diff -pruN 2.23.6-1/awscli/botocore/data/networkmonitor/2023-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/networkmonitor/2023-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/networkmonitor/2023-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/networkmonitor/2023-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,6 +53,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "managedNotificationEvents" + }, + "ListMemberAccounts": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "memberAccounts" + }, + "ListOrganizationalUnits": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "organizationalUnits" } } } diff -pruN 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/notifications/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/notifications/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -27,11 +27,11 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

    Associates a delivery Channel with a particular NotificationConfiguration. Supported Channels include Chatbot, the Console Mobile Application, and emails (notifications-contacts).

    ", + "documentation":"

    Associates a delivery Channel with a particular NotificationConfiguration. Supported Channels include Amazon Q Developer in chat applications, the Console Mobile Application, and emails (notifications-contacts).

    ", "idempotent":true }, "AssociateManagedNotificationAccountContact":{ @@ -48,9 +48,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Associates an Account Contact with a particular ManagedNotificationConfiguration.

    ", "idempotent":true @@ -69,11 +69,32 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Associates an additional Channel with a particular ManagedNotificationConfiguration.

    Supported Channels include Amazon Q Developer in chat applications, the Console Mobile Application, and emails (notifications-contacts).

    ", + "idempotent":true + }, + "AssociateOrganizationalUnit":{ + "name":"AssociateOrganizationalUnit", + "http":{ + "method":"POST", + "requestUri":"/organizational-units/associate/{organizationalUnitId}", + "responseCode":201 + }, + "input":{"shape":"AssociateOrganizationalUnitRequest"}, + "output":{"shape":"AssociateOrganizationalUnitResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

    Associates an additional Channel with a particular ManagedNotificationConfiguration.

    Supported Channels include Chatbot, the Console Mobile Application, and emails (notifications-contacts).

    ", + "documentation":"

    Associates an organizational unit with a notification configuration.

    ", "idempotent":true }, "CreateEventRule":{ @@ -90,9 +111,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Creates an EventRule that is associated with a specified NotificationConfiguration.

    ", "idempotent":true @@ -111,8 +132,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Creates a new NotificationConfiguration.

    ", "idempotent":true @@ -130,9 +151,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Deletes an EventRule.

    ", "idempotent":true @@ -150,9 +171,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Deletes a NotificationConfiguration.

    ", "idempotent":true @@ -170,9 +191,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Deregisters a NotificationConfiguration in the specified Region.

    You can't deregister the last NotificationHub in the account. NotificationEvents stored in the deregistered NotificationConfiguration are no longer be visible. Recreating a new NotificationConfiguration in the same Region restores access to those NotificationEvents.

    ", "idempotent":true @@ -191,9 +212,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Disables service trust between User Notifications and Amazon Web Services Organizations.

    ", "idempotent":true @@ -211,10 +232,10 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

    Disassociates a Channel from a specified NotificationConfiguration. Supported Channels include Chatbot, the Console Mobile Application, and emails (notifications-contacts).

    ", + "documentation":"

    Disassociates a Channel from a specified NotificationConfiguration. Supported Channels include Amazon Q Developer in chat applications, the Console Mobile Application, and emails (notifications-contacts).

    ", "idempotent":true }, "DisassociateManagedNotificationAccountContact":{ @@ -230,9 +251,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Disassociates an Account Contact with a particular ManagedNotificationConfiguration.

    ", "idempotent":true @@ -250,10 +271,29 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Disassociates an additional Channel from a particular ManagedNotificationConfiguration.

    Supported Channels include Amazon Q Developer in chat applications, the Console Mobile Application, and emails (notifications-contacts).

    ", + "idempotent":true + }, + "DisassociateOrganizationalUnit":{ + "name":"DisassociateOrganizationalUnit", + "http":{ + "method":"POST", + "requestUri":"/organizational-units/disassociate/{organizationalUnitId}", + "responseCode":200 + }, + "input":{"shape":"DisassociateOrganizationalUnitRequest"}, + "output":{"shape":"DisassociateOrganizationalUnitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], - "documentation":"

    Disassociates an additional Channel from a particular ManagedNotificationConfiguration.

    Supported Channels include Chatbot, the Console Mobile Application, and emails (notifications-contacts).

    ", + "documentation":"

    Removes the association between an organizational unit and a notification configuration.

    ", "idempotent":true }, "EnableNotificationsAccessForOrganization":{ @@ -270,9 +310,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Enables service trust between User Notifications and Amazon Web Services Organizations.

    ", "idempotent":true @@ -290,8 +330,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a specified EventRule.

    " }, @@ -308,8 +348,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns the child event of a specific given ManagedNotificationEvent.

    " }, @@ -326,8 +366,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a specified ManagedNotificationConfiguration.

    " }, @@ -344,8 +384,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a specified ManagedNotificationEvent.

    " }, @@ -362,8 +402,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a specified NotificationConfiguration.

    " }, @@ -380,8 +420,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a specified NotificationEvent.

    User Notifications stores notifications in the individual Regions you register as notification hubs and the Region of the source event rule. GetNotificationEvent only returns notifications stored in the same Region in which the action is called. User Notifications doesn't backfill notifications to new Regions selected as notification hubs. For this reason, we recommend that you make calls in your oldest registered notification hub. For more information, see Notification hubs in the Amazon Web Services User Notifications User Guide.

    " }, @@ -415,8 +455,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a list of Channels for a NotificationConfiguration.

    " }, @@ -433,8 +473,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a list of EventRules according to specified filters, in reverse chronological order (newest first).

    " }, @@ -451,8 +491,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a list of Account contacts and Channels associated with a ManagedNotificationConfiguration, in paginated format.

    " }, @@ -507,6 +547,24 @@ ], "documentation":"

    Returns a list of Managed Notification Events according to specified filters, ordered by creation time in reverse chronological order (newest first).

    " }, + "ListMemberAccounts":{ + "name":"ListMemberAccounts", + "http":{ + "method":"GET", + "requestUri":"/list-member-accounts", + "responseCode":200 + }, + "input":{"shape":"ListMemberAccountsRequest"}, + "output":{"shape":"ListMemberAccountsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns a list of member accounts associated with a notification configuration.

    " + }, "ListNotificationConfigurations":{ "name":"ListNotificationConfigurations", "http":{ @@ -558,6 +616,24 @@ ], "documentation":"

    Returns a list of NotificationHubs.

    " }, + "ListOrganizationalUnits":{ + "name":"ListOrganizationalUnits", + "http":{ + "method":"GET", + "requestUri":"/organizational-units", + "responseCode":200 + }, + "input":{"shape":"ListOrganizationalUnitsRequest"}, + "output":{"shape":"ListOrganizationalUnitsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of organizational units associated with a notification configuration.

    " + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -571,8 +647,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Returns a list of tags for a specified Amazon Resource Name (ARN).

    For more information, see Tagging your Amazon Web Services resources in the Tagging Amazon Web Services Resources User Guide.

    This is only supported for NotificationConfigurations.

    " }, @@ -590,8 +666,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Registers a NotificationConfiguration in the specified Region.

    There is a maximum of one NotificationConfiguration per Region. You can have a maximum of 3 NotificationHub resources at a time.

    ", "idempotent":true @@ -609,8 +685,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Tags the resource with a tag key and value.

    For more information, see Tagging your Amazon Web Services resources in the Tagging Amazon Web Services Resources User Guide.

    This is only supported for NotificationConfigurations.

    ", "idempotent":true @@ -628,8 +704,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Untags a resource with a specified Amazon Resource Name (ARN).

    For more information, see Tagging your Amazon Web Services resources in the Tagging Amazon Web Services Resources User Guide.

    ", "idempotent":true @@ -647,9 +723,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Updates an existing EventRule.

    ", "idempotent":true @@ -667,9 +743,9 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} ], "documentation":"

    Updates a NotificationConfiguration.

    ", "idempotent":true @@ -694,7 +770,8 @@ "enum":[ "ENABLED", "DISABLED", - "PENDING" + "PENDING", + "FAILED" ] }, "AccountContactType":{ @@ -811,7 +888,7 @@ "members":{ "arn":{ "shape":"ChannelArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Channel to associate with the NotificationConfiguration.

    Supported ARNs include Chatbot, the Console Mobile Application, and notifications-contacts.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the Channel to associate with the NotificationConfiguration.

    Supported ARNs include Amazon Q Developer in chat applications, the Console Mobile Application, and notifications-contacts.

    ", "location":"uri", "locationName":"arn" }, @@ -823,8 +900,7 @@ }, "AssociateChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateManagedNotificationAccountContactRequest":{ "type":"structure", @@ -847,8 +923,7 @@ }, "AssociateManagedNotificationAccountContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateManagedNotificationAdditionalChannelRequest":{ "type":"structure", @@ -859,7 +934,7 @@ "members":{ "channelArn":{ "shape":"ChannelArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Channel to associate with the ManagedNotificationConfiguration.

    Supported ARNs include Chatbot, the Console Mobile Application, and email (notifications-contacts).

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the Channel to associate with the ManagedNotificationConfiguration.

    Supported ARNs include Amazon Q Developer in chat applications, the Console Mobile Application, and email (notifications-contacts).

    ", "location":"uri", "locationName":"channelArn" }, @@ -871,9 +946,31 @@ }, "AssociateManagedNotificationAdditionalChannelResponse":{ "type":"structure", + "members":{} + }, + "AssociateOrganizationalUnitRequest":{ + "type":"structure", + "required":[ + "organizationalUnitId", + "notificationConfigurationArn" + ], "members":{ + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit to associate.

    ", + "location":"uri", + "locationName":"organizationalUnitId" + }, + "notificationConfigurationArn":{ + "shape":"NotificationConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the notification configuration to associate with the organizational unit.

    " + } } }, + "AssociateOrganizationalUnitResponse":{ + "type":"structure", + "members":{} + }, "Boolean":{ "type":"boolean", "box":true @@ -1039,8 +1136,7 @@ }, "DeleteEventRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNotificationConfigurationRequest":{ "type":"structure", @@ -1056,8 +1152,7 @@ }, "DeleteNotificationConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterNotificationHubRequest":{ "type":"structure", @@ -1114,13 +1209,11 @@ }, "DisableNotificationsAccessForOrganizationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableNotificationsAccessForOrganizationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateChannelRequest":{ "type":"structure", @@ -1143,8 +1236,7 @@ }, "DisassociateChannelResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateManagedNotificationAccountContactRequest":{ "type":"structure", @@ -1167,8 +1259,7 @@ }, "DisassociateManagedNotificationAccountContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateManagedNotificationAdditionalChannelRequest":{ "type":"structure", @@ -1191,18 +1282,38 @@ }, "DisassociateManagedNotificationAdditionalChannelResponse":{ "type":"structure", + "members":{} + }, + "DisassociateOrganizationalUnitRequest":{ + "type":"structure", + "required":[ + "organizationalUnitId", + "notificationConfigurationArn" + ], "members":{ + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit to disassociate.

    ", + "location":"uri", + "locationName":"organizationalUnitId" + }, + "notificationConfigurationArn":{ + "shape":"NotificationConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the notification configuration to disassociate from the organizational unit.

    " + } } }, + "DisassociateOrganizationalUnitResponse":{ + "type":"structure", + "members":{} + }, "EnableNotificationsAccessForOrganizationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableNotificationsAccessForOrganizationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ErrorMessage":{"type":"string"}, "EventRuleArn":{ @@ -1556,6 +1667,10 @@ "aggregationDuration":{ "shape":"AggregationDuration", "documentation":"

    The aggregation preference of the NotificationConfiguration.

    • Values:

      • LONG

        • Aggregate notifications for long periods of time (12 hours).

      • SHORT

        • Aggregate notifications for short periods of time (5 minutes).

      • NONE

        • Don't aggregate notifications.

    " + }, + "subtype":{ + "shape":"NotificationConfigurationSubtype", + "documentation":"

    The subtype of the notification configuration returned in the response.

    " } } }, @@ -1606,8 +1721,7 @@ }, "GetNotificationsAccessForOrganizationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetNotificationsAccessForOrganizationResponse":{ "type":"structure", @@ -1961,6 +2075,68 @@ } } }, + "ListMemberAccountsRequest":{ + "type":"structure", + "required":["notificationConfigurationArn"], + "members":{ + "notificationConfigurationArn":{ + "shape":"NotificationConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the notification configuration used to filter the member accounts.

    ", + "location":"querystring", + "locationName":"notificationConfigurationArn" + }, + "maxResults":{ + "shape":"ListMemberAccountsRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to return in a single call. Valid values are 1-100.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results. Use the value returned in the previous response.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "memberAccount":{ + "shape":"AccountId", + "documentation":"

    The member account identifier used to filter the results.

    ", + "location":"querystring", + "locationName":"memberAccount" + }, + "status":{ + "shape":"MemberAccountNotificationConfigurationStatus", + "documentation":"

    The status used to filter the member accounts.

    ", + "location":"querystring", + "locationName":"status" + }, + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The organizational unit ID used to filter the member accounts.

    ", + "location":"querystring", + "locationName":"organizationalUnitId" + } + } + }, + "ListMemberAccountsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListMemberAccountsResponse":{ + "type":"structure", + "required":["memberAccounts"], + "members":{ + "memberAccounts":{ + "shape":"MemberAccounts", + "documentation":"

    The list of member accounts that match the specified criteria.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use for the next page of results.

    " + } + } + }, "ListNotificationConfigurationsRequest":{ "type":"structure", "members":{ @@ -1982,6 +2158,12 @@ "location":"querystring", "locationName":"status" }, + "subtype":{ + "shape":"NotificationConfigurationSubtype", + "documentation":"

    The subtype used to filter the notification configurations in the request.

    ", + "location":"querystring", + "locationName":"subtype" + }, "maxResults":{ "shape":"ListNotificationConfigurationsRequestMaxResultsInteger", "documentation":"

    The maximum number of results to be returned in this call. Defaults to 20.

    ", @@ -2066,6 +2248,12 @@ "documentation":"

    The start token for paginated calls. Retrieved from the response of a previous ListEventRules call. Next token uses Base64 encoding.

    ", "location":"querystring", "locationName":"nextToken" + }, + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit used to filter notification events.

    ", + "location":"querystring", + "locationName":"organizationalUnitId" } } }, @@ -2126,6 +2314,50 @@ } } }, + "ListOrganizationalUnitsRequest":{ + "type":"structure", + "required":["notificationConfigurationArn"], + "members":{ + "notificationConfigurationArn":{ + "shape":"NotificationConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the notification configuration used to filter the organizational units.

    ", + "location":"querystring", + "locationName":"notificationConfigurationArn" + }, + "maxResults":{ + "shape":"ListOrganizationalUnitsRequestMaxResultsInteger", + "documentation":"

    The maximum number of organizational units to return in a single call. Valid values are 1-100.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results. Use the value returned in the previous response.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListOrganizationalUnitsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListOrganizationalUnitsResponse":{ + "type":"structure", + "required":["organizationalUnits"], + "members":{ + "organizationalUnits":{ + "shape":"OrganizationalUnits", + "documentation":"

    The list of organizational units that match the specified criteria.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use for the next page of results. If there are no additional results, this value is null.

    " + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["arn"], @@ -2180,7 +2412,7 @@ }, "channelType":{ "shape":"ChannelType", - "documentation":"

    The type of notification channel used for message delivery.

    • Values:

      • ACCOUNT_CONTACT

        • Delivers notifications to Account Managed contacts through the User Notification Service.

      • MOBILE

        • Delivers notifications through the Amazon Web Services Console Mobile Application to mobile devices.

      • CHATBOT

        • Delivers notifications through Chatbot to collaboration platforms (Slack, Chime).

      • EMAIL

        • Delivers notifications to email addresses.

    " + "documentation":"

    The type of notification channel used for message delivery.

    • Values:

      • ACCOUNT_CONTACT

        • Delivers notifications to Account Managed contacts through the User Notification Service.

      • MOBILE

        • Delivers notifications through the Amazon Web Services Console Mobile Application to mobile devices.

      • CHATBOT

        • Delivers notifications through Amazon Q Developer in chat applications to collaboration platforms (Slack, Chime).

      • EMAIL

        • Delivers notifications to email addresses.

    " }, "overrideOption":{ "shape":"ChannelAssociationOverrideOption", @@ -2473,7 +2705,10 @@ "shape":"CreationTime", "documentation":"

    The creation time of the ManagedNotificationEvent.

    " }, - "notificationEvent":{"shape":"ManagedNotificationEventSummary"}, + "notificationEvent":{ + "shape":"ManagedNotificationEventSummary", + "documentation":"

    " + }, "aggregationEventType":{ "shape":"AggregationEventType", "documentation":"

    The notifications aggregation type.

    • Values:

      • AGGREGATE

        • The notification event is an aggregate notification. Aggregate notifications summarize grouped events over a specified time period.

      • CHILD

        • Some EventRules are ACTIVE and some are INACTIVE. Any call can be run.

      • NONE

        • The notification isn't aggregated.

    " @@ -2607,6 +2842,52 @@ "max":256, "min":1 }, + "MemberAccount":{ + "type":"structure", + "required":[ + "accountId", + "status", + "statusReason", + "organizationalUnitId" + ], + "members":{ + "notificationConfigurationArn":{ + "shape":"NotificationConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the notification configuration associated with the member account.

    " + }, + "accountId":{ + "shape":"AccountId", + "documentation":"

    The AWS account ID of the member account.

    " + }, + "status":{ + "shape":"MemberAccountNotificationConfigurationStatus", + "documentation":"

    The current status of the member account.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the member account.

    " + }, + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit containing the member account.

    " + } + }, + "documentation":"

    Contains information about a member account.

    " + }, + "MemberAccountNotificationConfigurationStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "PENDING", + "INACTIVE", + "CREATING", + "DELETING" + ] + }, + "MemberAccounts":{ + "type":"list", + "member":{"shape":"MemberAccount"} + }, "MessageComponents":{ "type":"structure", "members":{ @@ -2616,7 +2897,7 @@ }, "paragraphSummary":{ "shape":"TextPartReference", - "documentation":"

    A paragraph long or multiple sentence summary. For example, Chatbot notifications.

    " + "documentation":"

    A paragraph long or multiple sentence summary. For example, Amazon Q Developer in chat applications notifications.

    " }, "completeDescription":{ "shape":"TextPartReference", @@ -2709,10 +2990,21 @@ "aggregationDuration":{ "shape":"AggregationDuration", "documentation":"

    The aggregation preference of the NotificationConfiguration.

    • Values:

      • LONG

        • Aggregate notifications for long periods of time (12 hours).

      • SHORT

        • Aggregate notifications for short periods of time (5 minutes).

      • NONE

        • Don't aggregate notifications.

    " + }, + "subtype":{ + "shape":"NotificationConfigurationSubtype", + "documentation":"

    The subtype of the notification configuration.

    " } }, "documentation":"

    Contains the complete list of fields for a NotificationConfiguration.

    " }, + "NotificationConfigurationSubtype":{ + "type":"string", + "enum":[ + "ACCOUNT", + "ADMIN_MANAGED" + ] + }, "NotificationConfigurations":{ "type":"list", "member":{"shape":"NotificationConfigurationStructure"} @@ -2785,6 +3077,10 @@ "media":{ "shape":"Media", "documentation":"

    A list of media elements.

    " + }, + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit associated with the notification event.

    " } }, "documentation":"

    A NotificationEvent is a notification-focused representation of an event. They contain semantic information used by Channels to create end-user notifications.

    " @@ -2838,6 +3134,10 @@ "aggregationSummary":{ "shape":"AggregationSummary", "documentation":"

    Provides an aggregated summary data for notification events.

    " + }, + "organizationalUnitId":{ + "shape":"OrganizationalUnitId", + "documentation":"

    The unique identifier of the organizational unit in the notification event overview.

    " } }, "documentation":"

    Describes a short summary of a NotificationEvent. This is only used when listing notification events.

    " @@ -2960,7 +3260,11 @@ }, "OrganizationalUnitId":{ "type":"string", - "pattern":"Root|ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}" + "pattern":"(Root|r-[0-9a-z]{4,32}|ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})" + }, + "OrganizationalUnits":{ + "type":"list", + "member":{"shape":"OrganizationalUnitId"} }, "QuotaCode":{"type":"string"}, "Region":{ @@ -3308,8 +3612,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3431,8 +3734,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEventRuleRequest":{ "type":"structure", @@ -3567,5 +3869,5 @@ ] } }, - "documentation":"

    The Amazon Web Services User Notifications API Reference provides descriptions, API request parameters, and the JSON response for each of the User Notification API actions.

    User Notification control plane APIs are currently available in US East (Virginia) - us-east-1.

    GetNotificationEvent and ListNotificationEvents APIs are currently available in commercial partition Regions and only return notifications stored in the same Region in which they're called.

    The User Notifications console can only be used in US East (Virginia). Your data however, is stored in each Region chosen as a notification hub in addition to US East (Virginia).

    " + "documentation":"

    The User Notifications API Reference provides descriptions, API request parameters, and the JSON response for each of the User Notifications API actions.

    User Notification control plane APIs are currently available in US East (Virginia) - us-east-1.

    GetNotificationEvent and ListNotificationEvents APIs are currently available in commercial partition Regions and only return notifications stored in the same Region in which they're called.

    The User Notifications console can only be used in US East (Virginia). Your data however, is stored in each Region chosen as a notification hub in addition to US East (Virginia).

    For information about descriptions, API request parameters, and the JSON response for email contact related API actions, see the User Notifications Contacts API Reference Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/notificationscontacts/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/notificationscontacts/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/notificationscontacts/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/notificationscontacts/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/oam/2022-06-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/oam/2022-06-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/oam/2022-06-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/oam/2022-06-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/oam/2022-06-10/service-2.json 2.31.35-1/awscli/botocore/data/oam/2022-06-10/service-2.json --- 2.23.6-1/awscli/botocore/data/oam/2022-06-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/oam/2022-06-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,8 @@ "serviceId":"OAM", "signatureVersion":"v4", "signingName":"oam", - "uid":"oam-2022-06-10" + "uid":"oam-2022-06-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateLink":{ @@ -214,7 +215,7 @@ {"shape":"InvalidParameterException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Creates or updates the resource policy that grants permissions to source accounts to link to the monitoring account sink. When you create a sink policy, you can grant permissions to all accounts in an organization or to individual accounts.

    You can also use a sink policy to limit the types of data that is shared. The three types that you can allow or deny are:

    • Metrics - Specify with AWS::CloudWatch::Metric

    • Log groups - Specify with AWS::Logs::LogGroup

    • Traces - Specify with AWS::XRay::Trace

    • Application Insights - Applications - Specify with AWS::ApplicationInsights::Application

    See the examples in this section to see how to specify permitted source accounts and data types.

    " + "documentation":"

    Creates or updates the resource policy that grants permissions to source accounts to link to the monitoring account sink. When you create a sink policy, you can grant permissions to all accounts in an organization or to individual accounts.

    You can also use a sink policy to limit the types of data that is shared. The six types of services with their respective resource types that you can allow or deny are:

    • Metrics - Specify with AWS::CloudWatch::Metric

    • Log groups - Specify with AWS::Logs::LogGroup

    • Traces - Specify with AWS::XRay::Trace

    • Application Insights - Applications - Specify with AWS::ApplicationInsights::Application

    • Internet Monitor - Specify with AWS::InternetMonitor::Monitor

    • Application Signals - Specify with AWS::ApplicationSignals::Service and AWS::ApplicationSignals::ServiceLevelObjective

    See the examples in this section to see how to specify permitted source accounts and data types.

    " }, "TagResource":{ "name":"TagResource", @@ -298,7 +299,7 @@ "members":{ "LabelTemplate":{ "shape":"LabelTemplate", - "documentation":"

    Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring account.

    You can use a custom label or use the following variables:

    • $AccountName is the name of the account

    • $AccountEmail is the globally unique email address of the account

    • $AccountEmailNoDomain is the email address of the account without the domain name

    " + "documentation":"

    Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring account.

    You can use a custom label or use the following variables:

    • $AccountName is the name of the account

    • $AccountEmail is the globally unique email address of the account

    • $AccountEmailNoDomain is the email address of the account without the domain name

    In the Amazon Web Services GovCloud (US-East) and Amazon Web Services GovCloud (US-West) Regions, the only supported option is to use custom labels, and the $AccountName, $AccountEmail, and $AccountEmailNoDomain variables all resolve as account-id instead of the specified variable.

    " }, "LinkConfiguration":{ "shape":"LinkConfiguration", @@ -427,6 +428,10 @@ "Identifier":{ "shape":"ResourceIdentifier", "documentation":"

    The ARN of the link to retrieve information for.

    " + }, + "IncludeTags":{ + "shape":"IncludeTags", + "documentation":"

    Specifies whether to include the tags associated with the link in the response. When IncludeTags is set to true and the caller has the required permission, oam:ListTagsForResource, the API will return the tags for the specified resource. If the caller doesn't have the required permission, oam:ListTagsForResource, the API will raise an exception.

    The default value is false.

    " } } }, @@ -474,6 +479,10 @@ "Identifier":{ "shape":"ResourceIdentifier", "documentation":"

    The ARN of the sink to retrieve information for.

    " + }, + "IncludeTags":{ + "shape":"IncludeTags", + "documentation":"

    Specifies whether to include the tags associated with the sink in the response. When IncludeTags is set to true and the caller has the required permission, oam:ListTagsForResource, the API will return the tags for the specified resource. If the caller doesn't have the required permission, oam:ListTagsForResource, the API will raise an exception.

    The default value is false.

    " } } }, @@ -525,6 +534,10 @@ } } }, + "IncludeTags":{ + "type":"boolean", + "box":true + }, "InternalServiceFault":{ "type":"structure", "members":{ @@ -891,7 +904,9 @@ "AWS::Logs::LogGroup", "AWS::XRay::Trace", "AWS::ApplicationInsights::Application", - "AWS::InternetMonitor::Monitor" + "AWS::InternetMonitor::Monitor", + "AWS::ApplicationSignals::Service", + "AWS::ApplicationSignals::ServiceLevelObjective" ] }, "ResourceTypesInput":{ @@ -1027,6 +1042,10 @@ "shape":"ResourceIdentifier", "documentation":"

    The ARN of the link that you want to update.

    " }, + "IncludeTags":{ + "shape":"IncludeTags", + "documentation":"

    Specifies whether to include the tags associated with the link in the response after the update operation. When IncludeTags is set to true and the caller has the required permission, oam:ListTagsForResource, the API will return the tags for the specified resource. If the caller doesn't have the required permission, oam:ListTagsForResource, the API will raise an exception.

    The default value is false.

    " + }, "LinkConfiguration":{ "shape":"LinkConfiguration", "documentation":"

    Use this structure to filter which metric namespaces and which log groups are to be shared from the source account to the monitoring account.

    " @@ -1087,5 +1106,5 @@ "exception":true } }, - "documentation":"

    Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and monitoring accounts by using CloudWatch cross-account observability. With CloudWatch cross-account observability, you can monitor and troubleshoot applications that span multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.

    Set up one or more Amazon Web Services accounts as monitoring accounts and link them with multiple source accounts. A monitoring account is a central Amazon Web Services account that can view and interact with observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. Source accounts share their observability data with the monitoring account. The shared observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.

    " + "documentation":"

    Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and monitoring accounts by using CloudWatch cross-account observability. With CloudWatch cross-account observability, you can monitor and troubleshoot applications that span multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, logs, traces, Application Signals services and service level objectives (SLOs), Application Insights applications, and internet monitors in any of the linked accounts without account boundaries.

    Set up one or more Amazon Web Services accounts as monitoring accounts and link them with multiple source accounts. A monitoring account is a central Amazon Web Services account that can view and interact with observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. Source accounts share their observability data with the monitoring account. The shared observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, Application Signals services and service level objectives (SLOs), applications in Amazon CloudWatch Application Insights, and internet monitors in CloudWatch Internet Monitor.

    When you set up a link, you can choose to share the metrics from all namespaces with the monitoring account, or filter to a subset of namespaces. And for CloudWatch Logs, you can choose to share all log groups with the monitoring account, or filter to a subset of log groups.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,24 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "TelemetryConfigurations" + }, + "ListTelemetryRules": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TelemetryRuleSummaries" + }, + "ListTelemetryRulesForOrganization": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TelemetryRuleSummaries" + }, + "ListCentralizationRulesForOrganization": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "CentralizationRuleSummaries" } } } diff -pruN 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/observabilityadmin/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/observabilityadmin/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,150 @@ "uid":"observabilityadmin-2018-05-10" }, "operations":{ + "CreateCentralizationRuleForOrganization":{ + "name":"CreateCentralizationRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/CreateCentralizationRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"CreateCentralizationRuleForOrganizationInput"}, + "output":{"shape":"CreateCentralizationRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Creates a centralization rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

    " + }, + "CreateTelemetryRule":{ + "name":"CreateTelemetryRule", + "http":{ + "method":"POST", + "requestUri":"/CreateTelemetryRule", + "responseCode":200 + }, + "input":{"shape":"CreateTelemetryRuleInput"}, + "output":{"shape":"CreateTelemetryRuleOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Creates a telemetry rule that defines how telemetry should be configured for Amazon Web Services resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.

    " + }, + "CreateTelemetryRuleForOrganization":{ + "name":"CreateTelemetryRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/CreateTelemetryRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"CreateTelemetryRuleForOrganizationInput"}, + "output":{"shape":"CreateTelemetryRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

    " + }, + "DeleteCentralizationRuleForOrganization":{ + "name":"DeleteCentralizationRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/DeleteCentralizationRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"DeleteCentralizationRuleForOrganizationInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Deletes an organization-wide centralization rule. This operation can only be called by the organization's management account or a delegated administrator account.

    " + }, + "DeleteTelemetryRule":{ + "name":"DeleteTelemetryRule", + "http":{ + "method":"POST", + "requestUri":"/DeleteTelemetryRule", + "responseCode":200 + }, + "input":{"shape":"DeleteTelemetryRuleInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Deletes a telemetry rule from your account. Any telemetry configurations previously created by the rule will remain but no new resources will be configured by this rule.

    " + }, + "DeleteTelemetryRuleForOrganization":{ + "name":"DeleteTelemetryRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/DeleteTelemetryRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"DeleteTelemetryRuleForOrganizationInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Deletes an organization-wide telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.

    " + }, + "GetCentralizationRuleForOrganization":{ + "name":"GetCentralizationRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/GetCentralizationRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"GetCentralizationRuleForOrganizationInput"}, + "output":{"shape":"GetCentralizationRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Retrieves the details of a specific organization centralization rule. This operation can only be called by the organization's management account or a delegated administrator account.

    ", + "readonly":true + }, + "GetTelemetryEnrichmentStatus":{ + "name":"GetTelemetryEnrichmentStatus", + "http":{ + "method":"POST", + "requestUri":"/GetTelemetryEnrichmentStatus", + "responseCode":200 + }, + "output":{"shape":"GetTelemetryEnrichmentStatusOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Returns the current status of the resource tags for telemetry feature, which enhances telemetry data with additional resource metadata from Amazon Web Services Resource Explorer.

    ", + "readonly":true + }, "GetTelemetryEvaluationStatus":{ "name":"GetTelemetryEvaluationStatus", "http":{ @@ -23,9 +167,11 @@ "output":{"shape":"GetTelemetryEvaluationStatusOutput"}, "errors":[ {"shape":"AccessDeniedException"}, - {"shape":"InternalServerException"} + {"shape":"InternalServerException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    Returns the current onboarding status of the telemetry config feature, including the status of the feature and reason the feature failed to start or stop.

    " + "documentation":"

    Returns the current onboarding status of the telemetry config feature, including the status of the feature and reason the feature failed to start or stop.

    ", + "readonly":true }, "GetTelemetryEvaluationStatusForOrganization":{ "name":"GetTelemetryEvaluationStatusForOrganization", @@ -38,9 +184,67 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    This returns the onboarding status of the telemetry configuration feature for the organization. It can only be called by a Management Account of an Amazon Web Services Organization or an assigned Delegated Admin Account of Amazon CloudWatch telemetry config.

    ", + "readonly":true + }, + "GetTelemetryRule":{ + "name":"GetTelemetryRule", + "http":{ + "method":"POST", + "requestUri":"/GetTelemetryRule", + "responseCode":200 + }, + "input":{"shape":"GetTelemetryRuleInput"}, + "output":{"shape":"GetTelemetryRuleOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Retrieves the details of a specific telemetry rule in your account.

    ", + "readonly":true + }, + "GetTelemetryRuleForOrganization":{ + "name":"GetTelemetryRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/GetTelemetryRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"GetTelemetryRuleForOrganizationInput"}, + "output":{"shape":"GetTelemetryRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Retrieves the details of a specific organization telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.

    ", + "readonly":true + }, + "ListCentralizationRulesForOrganization":{ + "name":"ListCentralizationRulesForOrganization", + "http":{ + "method":"POST", + "requestUri":"/ListCentralizationRulesForOrganization", + "responseCode":200 + }, + "input":{"shape":"ListCentralizationRulesForOrganizationInput"}, + "output":{"shape":"ListCentralizationRulesForOrganizationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    This returns the onboarding status of the telemetry configuration feature for the organization. It can only be called by a Management Account of an AWS Organization or an assigned Delegated Admin Account of AWS CloudWatch telemetry config.

    " + "documentation":"

    Lists all centralization rules in your organization. This operation can only be called by the organization's management account or a delegated administrator account.

    ", + "readonly":true }, "ListResourceTelemetry":{ "name":"ListResourceTelemetry", @@ -54,9 +258,11 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    Returns a list of telemetry configurations for AWS resources supported by telemetry config. For more information, see Auditing CloudWatch telemetry configurations.

    " + "documentation":"

    Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config. For more information, see Auditing CloudWatch telemetry configurations.

    ", + "readonly":true }, "ListResourceTelemetryForOrganization":{ "name":"ListResourceTelemetryForOrganization", @@ -70,9 +276,82 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/ListTagsForResource", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Lists all tags attached to the specified telemetry rule resource.

    ", + "readonly":true + }, + "ListTelemetryRules":{ + "name":"ListTelemetryRules", + "http":{ + "method":"POST", + "requestUri":"/ListTelemetryRules", + "responseCode":200 + }, + "input":{"shape":"ListTelemetryRulesInput"}, + "output":{"shape":"ListTelemetryRulesOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Lists all telemetry rules in your account. You can filter the results by specifying a rule name prefix.

    ", + "readonly":true + }, + "ListTelemetryRulesForOrganization":{ + "name":"ListTelemetryRulesForOrganization", + "http":{ + "method":"POST", + "requestUri":"/ListTelemetryRulesForOrganization", + "responseCode":200 + }, + "input":{"shape":"ListTelemetryRulesForOrganizationInput"}, + "output":{"shape":"ListTelemetryRulesForOrganizationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Lists all telemetry rules in your organization. This operation can only be called by the organization's management account or a delegated administrator account.

    ", + "readonly":true + }, + "StartTelemetryEnrichment":{ + "name":"StartTelemetryEnrichment", + "http":{ + "method":"POST", + "requestUri":"/StartTelemetryEnrichment", + "responseCode":202 + }, + "output":{"shape":"StartTelemetryEnrichmentOutput"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    Returns a list of telemetry configurations for AWS resources supported by telemetry config in the organization.

    " + "documentation":"

    Enables the resource tags for telemetry feature for your account, which enhances telemetry data with additional resource metadata from Amazon Web Services Resource Explorer to provide richer context for monitoring and observability.

    " }, "StartTelemetryEvaluation":{ "name":"StartTelemetryEvaluation", @@ -84,9 +363,10 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    This action begins onboarding onboarding the caller AWS account to the telemetry config feature.

    " + "documentation":"

    This action begins onboarding the caller Amazon Web Services account to the telemetry config feature.

    " }, "StartTelemetryEvaluationForOrganization":{ "name":"StartTelemetryEvaluationForOrganization", @@ -98,10 +378,27 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], "documentation":"

    This actions begins onboarding the organization and all member accounts to the telemetry config feature.

    " }, + "StopTelemetryEnrichment":{ + "name":"StopTelemetryEnrichment", + "http":{ + "method":"POST", + "requestUri":"/StopTelemetryEnrichment", + "responseCode":202 + }, + "output":{"shape":"StopTelemetryEnrichmentOutput"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Disables the resource tags for telemetry feature for your account, stopping the enhancement of telemetry data with additional resource metadata.

    " + }, "StopTelemetryEvaluation":{ "name":"StopTelemetryEvaluation", "http":{ @@ -112,9 +409,10 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    This action begins offboarding the caller AWS account from the telemetry config feature.

    " + "documentation":"

    This action begins offboarding the caller Amazon Web Services account from the telemetry config feature.

    " }, "StopTelemetryEvaluationForOrganization":{ "name":"StopTelemetryEvaluationForOrganization", @@ -126,9 +424,102 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    This action offboards the Organization of the caller Amazon Web Services account from the telemetry config feature.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/TagResource", + "responseCode":200 + }, + "input":{"shape":"TagResourceInput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Adds or updates tags for a telemetry rule resource.

    " + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/UntagResource", + "responseCode":200 + }, + "input":{"shape":"UntagResourceInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Removes tags from a telemetry rule resource.

    " + }, + "UpdateCentralizationRuleForOrganization":{ + "name":"UpdateCentralizationRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/UpdateCentralizationRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"UpdateCentralizationRuleForOrganizationInput"}, + "output":{"shape":"UpdateCentralizationRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Updates an existing centralization rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

    " + }, + "UpdateTelemetryRule":{ + "name":"UpdateTelemetryRule", + "http":{ + "method":"POST", + "requestUri":"/UpdateTelemetryRule", + "responseCode":200 + }, + "input":{"shape":"UpdateTelemetryRuleInput"}, + "output":{"shape":"UpdateTelemetryRuleOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Updates an existing telemetry rule in your account.

    " + }, + "UpdateTelemetryRuleForOrganization":{ + "name":"UpdateTelemetryRuleForOrganization", + "http":{ + "method":"POST", + "requestUri":"/UpdateTelemetryRuleForOrganization", + "responseCode":200 + }, + "input":{"shape":"UpdateTelemetryRuleForOrganizationInput"}, + "output":{"shape":"UpdateTelemetryRuleForOrganizationOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyRequestsException"} ], - "documentation":"

    This action offboards the Organization of the caller AWS account from thef telemetry config feature.

    " + "documentation":"

    Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

    " } }, "shapes":{ @@ -143,7 +534,7 @@ "locationName":"x-amzn-ErrorType" } }, - "documentation":"

    Indicates you don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access management for AWS resources in the IAM user guide.

    ", + "documentation":"

    Indicates you don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access management for Amazon Web Services resources in the IAM user guide.

    ", "error":{ "httpStatusCode":400, "senderFault":true @@ -160,9 +551,368 @@ "type":"list", "member":{"shape":"AccountIdentifier"}, "max":10, - "min":0 + "min":1 + }, + "AwsResourceExplorerManagedViewArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws([a-z0-9\\-]+)?:resource-explorer-2:([a-z0-9\\-]+)?:([0-9]{12})?:managed-view/(.+)" + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CentralizationFailureReason":{ + "type":"string", + "enum":[ + "TRUSTED_ACCESS_NOT_ENABLED", + "DESTINATION_ACCOUNT_NOT_IN_ORGANIZATION", + "INTERNAL_SERVER_ERROR" + ] + }, + "CentralizationRule":{ + "type":"structure", + "required":[ + "Source", + "Destination" + ], + "members":{ + "Source":{ + "shape":"CentralizationRuleSource", + "documentation":"

    Configuration determining the source of the telemetry data to be centralized.

    " + }, + "Destination":{ + "shape":"CentralizationRuleDestination", + "documentation":"

    Configuration determining where the telemetry data should be centralized, backed up, as well as encryption configuration for the primary and backup destinations.

    " + } + }, + "documentation":"

    Defines how telemetry data should be centralized across an Amazon Web Services Organization, including source and destination configurations.

    " + }, + "CentralizationRuleDestination":{ + "type":"structure", + "required":["Region"], + "members":{ + "Region":{ + "shape":"Region", + "documentation":"

    The primary destination region to which telemetry data should be centralized.

    " + }, + "Account":{ + "shape":"AccountIdentifier", + "documentation":"

    The destination account (within the organization) to which the telemetry data should be centralized.

    " + }, + "DestinationLogsConfiguration":{ + "shape":"DestinationLogsConfiguration", + "documentation":"

    Log specific configuration for centralization destination log groups.

    " + } + }, + "documentation":"

    Configuration specifying the primary destination for centralized telemetry data.

    " + }, + "CentralizationRuleSource":{ + "type":"structure", + "required":["Regions"], + "members":{ + "Regions":{ + "shape":"Regions", + "documentation":"

    The list of source regions from which telemetry data should be centralized.

    " + }, + "Scope":{ + "shape":"SourceFilterString", + "documentation":"

    The organizational scope from which telemetry data should be centralized, specified using organization id, accounts or organizational unit ids.

    " + }, + "SourceLogsConfiguration":{ + "shape":"SourceLogsConfiguration", + "documentation":"

    Log specific configuration for centralization source log groups.

    " + } + }, + "documentation":"

    Configuration specifying the source of telemetry data to be centralized.

    " + }, + "CentralizationRuleSummaries":{ + "type":"list", + "member":{"shape":"CentralizationRuleSummary"} + }, + "CentralizationRuleSummary":{ + "type":"structure", + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the organization centralization rule.

    " + }, + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the organization centralization rule.

    " + }, + "CreatorAccountId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services Account that created the organization centralization rule.

    " + }, + "CreatedTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization centralization rule was created.

    " + }, + "CreatedRegion":{ + "shape":"Region", + "documentation":"

    The Amazon Web Services region where the organization centralization rule was created.

    " + }, + "LastUpdateTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization centralization rule was last updated.

    " + }, + "RuleHealth":{ + "shape":"RuleHealth", + "documentation":"

    The health status of the organization centralization rule.

    " + }, + "FailureReason":{ + "shape":"CentralizationFailureReason", + "documentation":"

    The reason why an organization centralization rule is marked UNHEALTHY.

    " + }, + "DestinationAccountId":{ + "shape":"String", + "documentation":"

    The primary destination account of the organization centralization rule.

    " + }, + "DestinationRegion":{ + "shape":"Region", + "documentation":"

    The primary destination region of the organization centralization rule.

    " + } + }, + "documentation":"

    A summary of a centralization rule's key properties and status.

    " + }, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

    The requested operation conflicts with the current state of the specified resource or with another request.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateCentralizationRuleForOrganizationInput":{ + "type":"structure", + "required":[ + "RuleName", + "Rule" + ], + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    A unique name for the organization-wide centralization rule being created.

    " + }, + "Rule":{ + "shape":"CentralizationRule", + "documentation":"

    The configuration details for the organization-wide centralization rule, including the source configuration and the destination configuration to centralize telemetry data across the organization.

    " + }, + "Tags":{ + "shape":"TagMapInput", + "documentation":"

    The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.

    " + } + } + }, + "CreateCentralizationRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created organization centralization rule.

    " + } + } + }, + "CreateTelemetryRuleForOrganizationInput":{ + "type":"structure", + "required":[ + "RuleName", + "Rule" + ], + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    A unique name for the organization-wide telemetry rule being created.

    " + }, + "Rule":{ + "shape":"TelemetryRule", + "documentation":"

    The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.

    " + }, + "Tags":{ + "shape":"TagMapInput", + "documentation":"

    The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.

    " + } + } + }, + "CreateTelemetryRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created organization telemetry rule.

    " + } + } + }, + "CreateTelemetryRuleInput":{ + "type":"structure", + "required":[ + "RuleName", + "Rule" + ], + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    A unique name for the telemetry rule being created.

    " + }, + "Rule":{ + "shape":"TelemetryRule", + "documentation":"

    The configuration details for the telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to.

    " + }, + "Tags":{ + "shape":"TagMapInput", + "documentation":"

    The key-value pairs to associate with the telemetry rule resource for categorization and management purposes.

    " + } + } + }, + "CreateTelemetryRuleOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created telemetry rule.

    " + } + } + }, + "DeleteCentralizationRuleForOrganizationInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization centralization rule to delete.

    " + } + } + }, + "DeleteTelemetryRuleForOrganizationInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization telemetry rule to delete.

    " + } + } + }, + "DeleteTelemetryRuleInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the telemetry rule to delete.

    " + } + } + }, + "DestinationLogsConfiguration":{ + "type":"structure", + "members":{ + "LogsEncryptionConfiguration":{ + "shape":"LogsEncryptionConfiguration", + "documentation":"

    The encryption configuration for centralization destination log groups.

    " + }, + "BackupConfiguration":{ + "shape":"LogsBackupConfiguration", + "documentation":"

    Configuration defining the backup region and an optional KMS key for the backup destination.

    " + } + }, + "documentation":"

    Configuration for centralization destination log groups, including encryption and backup settings.

    " + }, + "DestinationType":{ + "type":"string", + "enum":["cloud-watch-logs"] + }, + "EncryptedLogGroupStrategy":{ + "type":"string", + "enum":[ + "ALLOW", + "SKIP" + ] + }, + "EncryptionConflictResolutionStrategy":{ + "type":"string", + "enum":[ + "ALLOW", + "SKIP" + ] + }, + "EncryptionStrategy":{ + "type":"string", + "enum":[ + "CUSTOMER_MANAGED", + "AWS_OWNED" + ] }, "FailureReason":{"type":"string"}, + "GetCentralizationRuleForOrganizationInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization centralization rule to retrieve.

    " + } + } + }, + "GetCentralizationRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the organization centralization rule.

    " + }, + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the organization centralization rule.

    " + }, + "CreatorAccountId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services Account that created the organization centralization rule.

    " + }, + "CreatedTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization centralization rule was created.

    " + }, + "CreatedRegion":{ + "shape":"Region", + "documentation":"

    The Amazon Web Services region where the organization centralization rule was created.

    " + }, + "LastUpdateTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization centralization rule was last updated.

    " + }, + "RuleHealth":{ + "shape":"RuleHealth", + "documentation":"

    The health status of the organization centralization rule.

    " + }, + "FailureReason":{ + "shape":"CentralizationFailureReason", + "documentation":"

    The reason why an organization centralization rule is marked UNHEALTHY.

    " + }, + "CentralizationRule":{ + "shape":"CentralizationRule", + "documentation":"

    The configuration details for the organization centralization rule.

    " + } + } + }, + "GetTelemetryEnrichmentStatusOutput":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"TelemetryEnrichmentStatus", + "documentation":"

    The current status of the resource tags for telemetry feature (Running, Stopped, or Impaired).

    " + }, + "AwsResourceExplorerManagedViewArn":{ + "shape":"AwsResourceExplorerManagedViewArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Resource Explorer managed view used for resource tags for telemetry, if the feature is enabled.

    " + } + } + }, "GetTelemetryEvaluationStatusForOrganizationOutput":{ "type":"structure", "members":{ @@ -189,6 +939,80 @@ } } }, + "GetTelemetryRuleForOrganizationInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization telemetry rule to retrieve.

    " + } + } + }, + "GetTelemetryRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the organization telemetry rule.

    " + }, + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the organization telemetry rule.

    " + }, + "CreatedTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization telemetry rule was created.

    " + }, + "LastUpdateTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the organization telemetry rule was last updated.

    " + }, + "TelemetryRule":{ + "shape":"TelemetryRule", + "documentation":"

    The configuration details of the organization telemetry rule.

    " + } + } + }, + "GetTelemetryRuleInput":{ + "type":"structure", + "required":["RuleIdentifier"], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the telemetry rule to retrieve.

    " + } + } + }, + "GetTelemetryRuleOutput":{ + "type":"structure", + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the telemetry rule.

    " + }, + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the telemetry rule.

    " + }, + "CreatedTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the telemetry rule was created.

    " + }, + "LastUpdateTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the telemetry rule was last updated.

    " + }, + "TelemetryRule":{ + "shape":"TelemetryRule", + "documentation":"

    The configuration details of the telemetry rule.

    " + } + } + }, + "Integer":{ + "type":"integer", + "box":true + }, "InternalServerException":{ "type":"structure", "members":{ @@ -205,12 +1029,57 @@ "exception":true, "fault":true }, + "ListCentralizationRulesForOrganizationInput":{ + "type":"structure", + "members":{ + "RuleNamePrefix":{ + "shape":"ListCentralizationRulesForOrganizationInputRuleNamePrefixString", + "documentation":"

    A string to filter organization centralization rules whose names begin with the specified prefix.

    " + }, + "AllRegions":{ + "shape":"Boolean", + "documentation":"

    A flag determining whether to return organization centralization rules from all regions or only the current region.

    " + }, + "MaxResults":{ + "shape":"ListCentralizationRulesForOrganizationMaxResults", + "documentation":"

    The maximum number of organization centralization rules to return in a single call.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. A previous call generates this token.

    " + } + } + }, + "ListCentralizationRulesForOrganizationInputRuleNamePrefixString":{ + "type":"string", + "max":100, + "min":1 + }, + "ListCentralizationRulesForOrganizationMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListCentralizationRulesForOrganizationOutput":{ + "type":"structure", + "members":{ + "CentralizationRuleSummaries":{ + "shape":"CentralizationRuleSummaries", + "documentation":"

    A list of centralization rule summaries.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token to resume pagination of results.

    " + } + } + }, "ListResourceTelemetryForOrganizationInput":{ "type":"structure", "members":{ "AccountIdentifiers":{ "shape":"AccountIdentifiers", - "documentation":"

    A list of AWS account IDs used to filter the resources to those associated with the specified accounts.

    " + "documentation":"

    A list of Amazon Web Services accounts used to filter the resources to those associated with the specified accounts.

    " }, "ResourceIdentifierPrefix":{ "shape":"ResourceIdentifierPrefix", @@ -249,7 +1118,7 @@ "members":{ "TelemetryConfigurations":{ "shape":"TelemetryConfigurations", - "documentation":"

    A list of telemetry configurations for AWS resources supported by telemetry config in the organization.

    " + "documentation":"

    A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.

    " }, "NextToken":{ "shape":"NextToken", @@ -297,7 +1166,7 @@ "members":{ "TelemetryConfigurations":{ "shape":"TelemetryConfigurations", - "documentation":"

    A list of telemetry configurations for AWS resources supported by telemetry config in the caller's account.

    " + "documentation":"

    A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the caller's account.

    " }, "NextToken":{ "shape":"NextToken", @@ -305,17 +1174,192 @@ } } }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["ResourceARN"], + "members":{ + "ResourceARN":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the telemetry rule resource whose tags you want to list.

    " + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "required":["Tags"], + "members":{ + "Tags":{ + "shape":"TagMapOutput", + "documentation":"

    The list of tags associated with the telemetry rule resource.

    " + } + } + }, + "ListTelemetryRulesForOrganizationInput":{ + "type":"structure", + "members":{ + "RuleNamePrefix":{ + "shape":"String", + "documentation":"

    A string to filter organization telemetry rules whose names begin with the specified prefix.

    " + }, + "SourceAccountIds":{ + "shape":"AccountIdentifiers", + "documentation":"

    The list of account IDs to filter organization telemetry rules by their source accounts.

    " + }, + "SourceOrganizationUnitIds":{ + "shape":"OrganizationUnitIdentifiers", + "documentation":"

    The list of organizational unit IDs to filter organization telemetry rules by their source organizational units.

    " + }, + "MaxResults":{ + "shape":"ListTelemetryRulesForOrganizationMaxResults", + "documentation":"

    The maximum number of organization telemetry rules to return in a single call.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. A previous call generates this token.

    " + } + } + }, + "ListTelemetryRulesForOrganizationMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListTelemetryRulesForOrganizationOutput":{ + "type":"structure", + "members":{ + "TelemetryRuleSummaries":{ + "shape":"TelemetryRuleSummaries", + "documentation":"

    A list of organization telemetry rule summaries.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token to resume pagination of results.

    " + } + } + }, + "ListTelemetryRulesInput":{ + "type":"structure", + "members":{ + "RuleNamePrefix":{ + "shape":"String", + "documentation":"

    A string to filter telemetry rules whose names begin with the specified prefix.

    " + }, + "MaxResults":{ + "shape":"ListTelemetryRulesMaxResults", + "documentation":"

    The maximum number of telemetry rules to return in a single call.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. A previous call generates this token.

    " + } + } + }, + "ListTelemetryRulesMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListTelemetryRulesOutput":{ + "type":"structure", + "members":{ + "TelemetryRuleSummaries":{ + "shape":"TelemetryRuleSummaries", + "documentation":"

    A list of telemetry rule summaries.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token to resume pagination of results.

    " + } + } + }, + "LogsBackupConfiguration":{ + "type":"structure", + "required":["Region"], + "members":{ + "Region":{ + "shape":"Region", + "documentation":"

    Logs specific backup destination region within the primary destination account to which log data should be centralized.

    " + }, + "KmsKeyArn":{ + "shape":"ResourceArn", + "documentation":"

    KMS Key arn belonging to the primary destination account and backup region, to encrypt newly created central log groups in the backup destination.

    " + } + }, + "documentation":"

    Configuration for backing up centralized log data to a secondary region.

    " + }, + "LogsEncryptionConfiguration":{ + "type":"structure", + "required":["EncryptionStrategy"], + "members":{ + "EncryptionStrategy":{ + "shape":"EncryptionStrategy", + "documentation":"

    Configuration that determines the encryption strategy of the destination log groups. CUSTOMER_MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups.

    " + }, + "KmsKeyArn":{ + "shape":"ResourceArn", + "documentation":"

    KMS Key arn belonging to the primary destination account and region, to encrypt newly created central log groups in the primary destination.

    " + }, + "EncryptionConflictResolutionStrategy":{ + "shape":"EncryptionConflictResolutionStrategy", + "documentation":"

    Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER_MANAGED and the destination log group is encrypted with an AWS_OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group.

    " + } + }, + "documentation":"

    Configuration for encrypting centralized log groups. This configuration is only applied to destination log groups for which the corresponding source log groups are encrypted using Customer Managed KMS Keys.

    " + }, + "LogsFilterString":{ + "type":"string", + "max":2000, + "min":1 + }, "Long":{ "type":"long", "box":true }, "NextToken":{"type":"string"}, + "OrganizationUnitIdentifier":{ + "type":"string", + "pattern":"ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}" + }, + "OrganizationUnitIdentifiers":{ + "type":"list", + "member":{"shape":"OrganizationUnitIdentifier"}, + "min":1 + }, + "Region":{ + "type":"string", + "min":1 + }, + "Regions":{ + "type":"list", + "member":{"shape":"Region"}, + "min":1 + }, + "ResourceArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"arn:aws([a-z0-9\\-]+)?:([a-zA-Z0-9\\-]+):([a-z0-9\\-]+)?:([0-9]{12})?:(.+)" + }, "ResourceIdentifier":{"type":"string"}, "ResourceIdentifierPrefix":{ "type":"string", "max":768, "min":3 }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

    The specified resource (such as a telemetry rule) could not be found.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, "ResourceType":{ "type":"string", "enum":[ @@ -327,9 +1371,88 @@ "ResourceTypes":{ "type":"list", "member":{"shape":"ResourceType"}, - "max":5, + "max":9, + "min":1 + }, + "RetentionPeriodInDays":{ + "type":"integer", + "box":true, + "max":3653, + "min":1 + }, + "RuleHealth":{ + "type":"string", + "enum":[ + "Healthy", + "Unhealthy", + "Provisioning" + ] + }, + "RuleIdentifier":{ + "type":"string", + "max":1011, "min":1 }, + "RuleName":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[0-9A-Za-z-_.#/]+" + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"}, + "amznErrorType":{ + "shape":"String", + "documentation":"

    The name of the exception.

    ", + "location":"header", + "locationName":"x-amzn-ErrorType" + } + }, + "documentation":"

    The requested operation would exceed the allowed quota for the specified resource type.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "SourceFilterString":{ + "type":"string", + "max":2000, + "min":1 + }, + "SourceLogsConfiguration":{ + "type":"structure", + "required":[ + "LogGroupSelectionCriteria", + "EncryptedLogGroupStrategy" + ], + "members":{ + "LogGroupSelectionCriteria":{ + "shape":"LogsFilterString", + "documentation":"

    The selection criteria that specifies which source log groups to centralize. The selection criteria uses the same format as OAM link filters.

    " + }, + "EncryptedLogGroupStrategy":{ + "shape":"EncryptedLogGroupStrategy", + "documentation":"

    A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.

    " + } + }, + "documentation":"

    Configuration for selecting and handling source log groups for centralization.

    " + }, + "StartTelemetryEnrichmentOutput":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"TelemetryEnrichmentStatus", + "documentation":"

    The status of the resource tags for telemetry feature after the start operation (Running, Stopped, or Impaired).

    " + }, + "AwsResourceExplorerManagedViewArn":{ + "shape":"AwsResourceExplorerManagedViewArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Resource Explorer managed view created for resource tags for telemetry.

    " + } + } + }, "Status":{ "type":"string", "enum":[ @@ -342,6 +1465,15 @@ "STOPPED" ] }, + "StopTelemetryEnrichmentOutput":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"TelemetryEnrichmentStatus", + "documentation":"

    The status of the resource tags for telemetry feature after the stop operation (Running, Stopped, or Impaired).

    " + } + } + }, "String":{"type":"string"}, "TagKey":{ "type":"string", @@ -349,18 +1481,41 @@ "min":1, "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":1 + }, "TagMapInput":{ "type":"map", "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"}, "max":50, - "min":0 + "min":1 }, "TagMapOutput":{ "type":"map", "key":{"shape":"String"}, "value":{"shape":"String"} }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "ResourceARN", + "Tags" + ], + "members":{ + "ResourceARN":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the telemetry rule resource to tag.

    " + }, + "Tags":{ + "shape":"TagMapInput", + "documentation":"

    The key-value pairs to add or update for the telemetry rule resource.

    " + } + } + }, "TagValue":{ "type":"string", "max":256, @@ -380,7 +1535,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

    The type of resource, for example AWS::EC2::Instance.

    " + "documentation":"

    The type of resource, for example Amazon Web Services::EC2::Instance.

    " }, "ResourceIdentifier":{ "shape":"ResourceIdentifier", @@ -406,6 +1561,97 @@ "type":"list", "member":{"shape":"TelemetryConfiguration"} }, + "TelemetryDestinationConfiguration":{ + "type":"structure", + "members":{ + "DestinationType":{ + "shape":"DestinationType", + "documentation":"

    The type of destination for the telemetry data (e.g., \"Amazon CloudWatch Logs\", \"S3\").

    " + }, + "DestinationPattern":{ + "shape":"String", + "documentation":"

    The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

    " + }, + "RetentionInDays":{ + "shape":"RetentionPeriodInDays", + "documentation":"

    The number of days to retain the telemetry data in the destination.

    " + }, + "VPCFlowLogParameters":{ + "shape":"VPCFlowLogParameters", + "documentation":"

    Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

    " + } + }, + "documentation":"

    Configuration specifying where and how telemetry data should be delivered for Amazon Web Services resources.

    " + }, + "TelemetryEnrichmentStatus":{ + "type":"string", + "enum":[ + "Running", + "Stopped", + "Impaired" + ] + }, + "TelemetryRule":{ + "type":"structure", + "required":["TelemetryType"], + "members":{ + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of Amazon Web Services resource to configure telemetry for (e.g., \"AWS::EC2::VPC\").

    " + }, + "TelemetryType":{ + "shape":"TelemetryType", + "documentation":"

    The type of telemetry to collect (Logs, Metrics, or Traces).

    " + }, + "DestinationConfiguration":{ + "shape":"TelemetryDestinationConfiguration", + "documentation":"

    Configuration specifying where and how the telemetry data should be delivered.

    " + }, + "Scope":{ + "shape":"String", + "documentation":"

    The organizational scope to which the rule applies, specified using accounts or organizational units.

    " + }, + "SelectionCriteria":{ + "shape":"String", + "documentation":"

    Criteria for selecting which resources the rule applies to, such as resource tags.

    " + } + }, + "documentation":"

    Defines how telemetry should be configured for specific Amazon Web Services resources.

    " + }, + "TelemetryRuleSummaries":{ + "type":"list", + "member":{"shape":"TelemetryRuleSummary"} + }, + "TelemetryRuleSummary":{ + "type":"structure", + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the telemetry rule.

    " + }, + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the telemetry rule.

    " + }, + "CreatedTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the telemetry rule was created.

    " + }, + "LastUpdateTimeStamp":{ + "shape":"Long", + "documentation":"

    The timestamp when the telemetry rule was last modified.

    " + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of Amazon Web Services resource the rule applies to.

    " + }, + "TelemetryType":{ + "shape":"TelemetryType", + "documentation":"

    The type of telemetry (Logs, Metrics, or Traces) the rule configures.

    " + } + }, + "documentation":"

    A summary of a telemetry rule's key properties.

    " + }, "TelemetryState":{ "type":"string", "enum":[ @@ -422,6 +1668,131 @@ "Traces" ] }, + "TooManyRequestsException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

    The request throughput limit was exceeded.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "ResourceARN", + "TagKeys" + ], + "members":{ + "ResourceARN":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the telemetry rule resource to remove tags from.

    " + }, + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    The list of tag keys to remove from the telemetry rule resource.

    " + } + } + }, + "UpdateCentralizationRuleForOrganizationInput":{ + "type":"structure", + "required":[ + "RuleIdentifier", + "Rule" + ], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization centralization rule to update.

    " + }, + "Rule":{ + "shape":"CentralizationRule", + "documentation":"

    The configuration details for the organization-wide centralization rule, including the source configuration and the destination configuration to centralize telemetry data across the organization.

    " + } + } + }, + "UpdateCentralizationRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated organization centralization rule.

    " + } + } + }, + "UpdateTelemetryRuleForOrganizationInput":{ + "type":"structure", + "required":[ + "RuleIdentifier", + "Rule" + ], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the organization telemetry rule to update.

    " + }, + "Rule":{ + "shape":"TelemetryRule", + "documentation":"

    The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.

    " + } + } + }, + "UpdateTelemetryRuleForOrganizationOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated organization telemetry rule.

    " + } + } + }, + "UpdateTelemetryRuleInput":{ + "type":"structure", + "required":[ + "RuleIdentifier", + "Rule" + ], + "members":{ + "RuleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The identifier (name or ARN) of the telemetry rule to update.

    " + }, + "Rule":{ + "shape":"TelemetryRule", + "documentation":"

    The new configuration details for the telemetry rule.

    " + } + } + }, + "UpdateTelemetryRuleOutput":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated telemetry rule.

    " + } + } + }, + "VPCFlowLogParameters":{ + "type":"structure", + "members":{ + "LogFormat":{ + "shape":"String", + "documentation":"

    The format in which VPC Flow Log entries should be logged.

    " + }, + "TrafficType":{ + "shape":"String", + "documentation":"

    The type of traffic to log (ACCEPT, REJECT, or ALL).

    " + }, + "MaxAggregationInterval":{ + "shape":"Integer", + "documentation":"

    The maximum interval in seconds between the capture of flow log records.

    " + } + }, + "documentation":"

    Configuration parameters specific to VPC Flow Logs.

    " + }, "ValidationException":{ "type":"structure", "members":{ @@ -435,5 +1806,5 @@ "exception":true } }, - "documentation":"

    Amazon CloudWatch Obsersavability Admin to control temletry config for your AWS Organization or account. Telemetry config config to discover and understand the state of telemetry configuration for your AWS resources from a central view in the CloudWatch console. Telemetry config simplifies the process of auditing your telemetry collection configurations across multiple resource types across your AWS Organization or account. For more information, see Auditing CloudWatch telemetry configurations in the CloudWatch User Guide.

    For information on the permissions you need to use this API, see Identity and access management for Amazon CloudWatch in the CloudWatch User Guide.

    " + "documentation":"

    You can use Amazon CloudWatch Observability Admin to discover and understand the state of telemetry configuration in CloudWatch for your Amazon Web Services Organization or account. This simplifies the process of auditing your telemetry collection configurations across multiple resource types within your Amazon Web Services Organization or account. By providing a consolidated view, it allows you to easily review and manage telemetry settings, helping you ensure proper monitoring and data collection across your Amazon Web Services environment. For more information, see Auditing CloudWatch telemetry configurations in the CloudWatch User Guide.

    For information on the permissions you need to use this API, see Identity and access management for Amazon CloudWatch in the CloudWatch User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/odb/2024-08-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/odb/2024-08-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/odb/2024-08-20/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/odb/2024-08-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://odb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://odb-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://odb.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://odb.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/odb/2024-08-20/paginators-1.json 2.31.35-1/awscli/botocore/data/odb/2024-08-20/paginators-1.json --- 2.23.6-1/awscli/botocore/data/odb/2024-08-20/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/odb/2024-08-20/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,70 @@ +{ + "pagination": { + "ListAutonomousVirtualMachines": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "autonomousVirtualMachines" + }, + "ListCloudAutonomousVmClusters": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "cloudAutonomousVmClusters" + }, + "ListCloudExadataInfrastructures": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "cloudExadataInfrastructures" + }, + "ListCloudVmClusters": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "cloudVmClusters" + }, + "ListDbNodes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dbNodes" + }, + "ListDbServers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dbServers" + }, + "ListDbSystemShapes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "dbSystemShapes" + }, + "ListGiVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "giVersions" + }, + "ListOdbNetworks": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "odbNetworks" + }, + "ListOdbPeeringConnections": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "odbPeeringConnections" + }, + "ListSystemVersions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "systemVersions" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/odb/2024-08-20/service-2.json 2.31.35-1/awscli/botocore/data/odb/2024-08-20/service-2.json --- 2.23.6-1/awscli/botocore/data/odb/2024-08-20/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/odb/2024-08-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5282 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-08-20", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"odb", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"odb", + "serviceId":"odb", + "signatureVersion":"v4", + "signingName":"odb", + "targetPrefix":"Odb", + "uid":"odb-2024-08-20" + }, + "operations":{ + "AcceptMarketplaceRegistration":{ + "name":"AcceptMarketplaceRegistration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AcceptMarketplaceRegistrationInput"}, + "output":{"shape":"AcceptMarketplaceRegistrationOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Registers the Amazon Web Services Marketplace token for your Amazon Web Services account to activate your Oracle Database@Amazon Web Services subscription.

    ", + "idempotent":true + }, + "CreateCloudAutonomousVmCluster":{ + "name":"CreateCloudAutonomousVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateCloudAutonomousVmClusterInput"}, + "output":{"shape":"CreateCloudAutonomousVmClusterOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a new Autonomous VM cluster in the specified Exadata infrastructure.

    ", + "idempotent":true + }, + "CreateCloudExadataInfrastructure":{ + "name":"CreateCloudExadataInfrastructure", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateCloudExadataInfrastructureInput"}, + "output":{"shape":"CreateCloudExadataInfrastructureOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates an Exadata infrastructure.

    ", + "idempotent":true + }, + "CreateCloudVmCluster":{ + "name":"CreateCloudVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateCloudVmClusterInput"}, + "output":{"shape":"CreateCloudVmClusterOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a VM cluster on the specified Exadata infrastructure.

    ", + "idempotent":true + }, + "CreateOdbNetwork":{ + "name":"CreateOdbNetwork", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateOdbNetworkInput"}, + "output":{"shape":"CreateOdbNetworkOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates an ODB network.

    ", + "idempotent":true + }, + "CreateOdbPeeringConnection":{ + "name":"CreateOdbPeeringConnection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateOdbPeeringConnectionInput"}, + "output":{"shape":"CreateOdbPeeringConnectionOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a peering connection between an ODB network and a VPC.

    A peering connection enables private connectivity between the networks for application-tier communication.

    ", + "idempotent":true + }, + "DeleteCloudAutonomousVmCluster":{ + "name":"DeleteCloudAutonomousVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCloudAutonomousVmClusterInput"}, + "output":{"shape":"DeleteCloudAutonomousVmClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deletes an Autonomous VM cluster.

    ", + "idempotent":true + }, + "DeleteCloudExadataInfrastructure":{ + "name":"DeleteCloudExadataInfrastructure", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCloudExadataInfrastructureInput"}, + "output":{"shape":"DeleteCloudExadataInfrastructureOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deletes the specified Exadata infrastructure. Before you use this operation, make sure to delete all of the VM clusters that are hosted on this Exadata infrastructure.

    ", + "idempotent":true + }, + "DeleteCloudVmCluster":{ + "name":"DeleteCloudVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCloudVmClusterInput"}, + "output":{"shape":"DeleteCloudVmClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deletes the specified VM cluster.

    ", + "idempotent":true + }, + "DeleteOdbNetwork":{ + "name":"DeleteOdbNetwork", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteOdbNetworkInput"}, + "output":{"shape":"DeleteOdbNetworkOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deletes the specified ODB network.

    ", + "idempotent":true + }, + "DeleteOdbPeeringConnection":{ + "name":"DeleteOdbPeeringConnection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteOdbPeeringConnectionInput"}, + "output":{"shape":"DeleteOdbPeeringConnectionOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Deletes an ODB peering connection.

    When you delete an ODB peering connection, the underlying VPC peering connection is also deleted.

    ", + "idempotent":true + }, + "GetCloudAutonomousVmCluster":{ + "name":"GetCloudAutonomousVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCloudAutonomousVmClusterInput"}, + "output":{"shape":"GetCloudAutonomousVmClusterOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Gets information about a specific Autonomous VM cluster.

    ", + "readonly":true + }, + "GetCloudExadataInfrastructure":{ + "name":"GetCloudExadataInfrastructure", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCloudExadataInfrastructureInput"}, + "output":{"shape":"GetCloudExadataInfrastructureOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the specified Exadata infrastructure.

    ", + "readonly":true + }, + "GetCloudExadataInfrastructureUnallocatedResources":{ + "name":"GetCloudExadataInfrastructureUnallocatedResources", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCloudExadataInfrastructureUnallocatedResourcesInput"}, + "output":{"shape":"GetCloudExadataInfrastructureUnallocatedResourcesOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Retrieves information about unallocated resources in a specified Cloud Exadata Infrastructure.

    ", + "readonly":true + }, + "GetCloudVmCluster":{ + "name":"GetCloudVmCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCloudVmClusterInput"}, + "output":{"shape":"GetCloudVmClusterOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the specified VM cluster.

    ", + "readonly":true + }, + "GetDbNode":{ + "name":"GetDbNode", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDbNodeInput"}, + "output":{"shape":"GetDbNodeOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the specified DB node.

    ", + "readonly":true + }, + "GetDbServer":{ + "name":"GetDbServer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDbServerInput"}, + "output":{"shape":"GetDbServerOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the specified database server.

    ", + "readonly":true + }, + "GetOciOnboardingStatus":{ + "name":"GetOciOnboardingStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetOciOnboardingStatusInput"}, + "output":{"shape":"GetOciOnboardingStatusOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns the tenancy activation link and onboarding status for your Amazon Web Services account.

    ", + "readonly":true + }, + "GetOdbNetwork":{ + "name":"GetOdbNetwork", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetOdbNetworkInput"}, + "output":{"shape":"GetOdbNetworkOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the specified ODB network.

    ", + "readonly":true + }, + "GetOdbPeeringConnection":{ + "name":"GetOdbPeeringConnection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetOdbPeeringConnectionInput"}, + "output":{"shape":"GetOdbPeeringConnectionOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Retrieves information about an ODB peering connection.

    ", + "readonly":true + }, + "InitializeService":{ + "name":"InitializeService", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"InitializeServiceInput"}, + "output":{"shape":"InitializeServiceOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Initializes the ODB service for the first time in an account.

    ", + "idempotent":true + }, + "ListAutonomousVirtualMachines":{ + "name":"ListAutonomousVirtualMachines", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutonomousVirtualMachinesInput"}, + "output":{"shape":"ListAutonomousVirtualMachinesOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Lists all Autonomous VMs in an Autonomous VM cluster.

    ", + "readonly":true + }, + "ListCloudAutonomousVmClusters":{ + "name":"ListCloudAutonomousVmClusters", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListCloudAutonomousVmClustersInput"}, + "output":{"shape":"ListCloudAutonomousVmClustersOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Lists all Autonomous VM clusters in a specified Cloud Exadata infrastructure.

    ", + "readonly":true + }, + "ListCloudExadataInfrastructures":{ + "name":"ListCloudExadataInfrastructures", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListCloudExadataInfrastructuresInput"}, + "output":{"shape":"ListCloudExadataInfrastructuresOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns information about the Exadata infrastructures owned by your Amazon Web Services account.

    ", + "readonly":true + }, + "ListCloudVmClusters":{ + "name":"ListCloudVmClusters", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListCloudVmClustersInput"}, + "output":{"shape":"ListCloudVmClustersOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the VM clusters owned by your Amazon Web Services account or only the ones on the specified Exadata infrastructure.

    ", + "readonly":true + }, + "ListDbNodes":{ + "name":"ListDbNodes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDbNodesInput"}, + "output":{"shape":"ListDbNodesOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the DB nodes for the specified VM cluster.

    ", + "readonly":true + }, + "ListDbServers":{ + "name":"ListDbServers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDbServersInput"}, + "output":{"shape":"ListDbServersOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the database servers that belong to the specified Exadata infrastructure.

    ", + "readonly":true + }, + "ListDbSystemShapes":{ + "name":"ListDbSystemShapes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDbSystemShapesInput"}, + "output":{"shape":"ListDbSystemShapesOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns information about the shapes that are available for an Exadata infrastructure.

    ", + "readonly":true + }, + "ListGiVersions":{ + "name":"ListGiVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListGiVersionsInput"}, + "output":{"shape":"ListGiVersionsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns information about Oracle Grid Infrastructure (GI) software versions that are available for a VM cluster for the specified shape.

    ", + "readonly":true + }, + "ListOdbNetworks":{ + "name":"ListOdbNetworks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListOdbNetworksInput"}, + "output":{"shape":"ListOdbNetworksOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns information about the ODB networks owned by your Amazon Web Services account.

    ", + "readonly":true + }, + "ListOdbPeeringConnections":{ + "name":"ListOdbPeeringConnections", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListOdbPeeringConnectionsInput"}, + "output":{"shape":"ListOdbPeeringConnectionsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Lists all ODB peering connections or those associated with a specific ODB network.

    ", + "readonly":true + }, + "ListSystemVersions":{ + "name":"ListSystemVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListSystemVersionsInput"}, + "output":{"shape":"ListSystemVersionsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the system versions that are available for a VM cluster for the specified giVersion and shape.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns information about the tags applied to this resource.

    ", + "readonly":true + }, + "RebootDbNode":{ + "name":"RebootDbNode", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RebootDbNodeInput"}, + "output":{"shape":"RebootDbNodeOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Reboots the specified DB node in a VM cluster.

    " + }, + "StartDbNode":{ + "name":"StartDbNode", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartDbNodeInput"}, + "output":{"shape":"StartDbNodeOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Starts the specified DB node in a VM cluster.

    " + }, + "StopDbNode":{ + "name":"StopDbNode", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopDbNodeInput"}, + "output":{"shape":"StopDbNodeOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Stops the specified DB node in a VM cluster.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Applies tags to the specified resource.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Removes tags from the specified resource.

    ", + "idempotent":true + }, + "UpdateCloudExadataInfrastructure":{ + "name":"UpdateCloudExadataInfrastructure", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateCloudExadataInfrastructureInput"}, + "output":{"shape":"UpdateCloudExadataInfrastructureOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Updates the properties of an Exadata infrastructure resource.

    " + }, + "UpdateOdbNetwork":{ + "name":"UpdateOdbNetwork", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateOdbNetworkInput"}, + "output":{"shape":"UpdateOdbNetworkOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Updates properties of a specified ODB network.

    " + }, + "UpdateOdbPeeringConnection":{ + "name":"UpdateOdbPeeringConnection", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateOdbPeeringConnectionInput"}, + "output":{"shape":"UpdateOdbPeeringConnectionOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Modifies the settings of an Oracle Database@Amazon Web Services peering connection. You can update the display name and add or remove CIDR blocks from the peering connection.

    " + } + }, + "shapes":{ + "AcceptMarketplaceRegistrationInput":{ + "type":"structure", + "required":["marketplaceRegistrationToken"], + "members":{ + "marketplaceRegistrationToken":{ + "shape":"String", + "documentation":"

    The registration token that's generated by Amazon Web Services Marketplace and sent to Oracle Database@Amazon Web Services.

    " + } + } + }, + "AcceptMarketplaceRegistrationOutput":{ + "type":"structure", + "members":{} + }, + "Access":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    You don't have sufficient access to perform this action. Make sure you have the required permissions and try again.

    ", + "exception":true + }, + "AutonomousVirtualMachineList":{ + "type":"list", + "member":{"shape":"AutonomousVirtualMachineSummary"} + }, + "AutonomousVirtualMachineSummary":{ + "type":"structure", + "members":{ + "autonomousVirtualMachineId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Autonomous VM.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the Autonomous VM, if applicable.

    " + }, + "vmName":{ + "shape":"String", + "documentation":"

    The name of the Autonomous VM.

    " + }, + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the database server hosting this Autonomous VM.

    " + }, + "dbServerDisplayName":{ + "shape":"String", + "documentation":"

    The display name of the database server hosting this Autonomous VM.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores allocated to this Autonomous VM.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory allocated to this Autonomous VM, in gigabytes (GB).

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of storage allocated to this Autonomous Virtual Machine, in gigabytes (GB).

    " + }, + "clientIpAddress":{ + "shape":"String", + "documentation":"

    The IP address used by clients to connect to this Autonomous VM.

    " + }, + "cloudAutonomousVmClusterId":{ + "shape":"String", + "documentation":"

    The unique identifier of the Autonomous VM cluster containing this Autonomous VM.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The Oracle Cloud Identifier (OCID) of the Autonomous VM.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the Oracle Cloud Infrastructure (OCI) resource anchor associated with this Autonomous VM.

    " + } + }, + "documentation":"

    A summary of an Autonomous Virtual Machine (VM) within an Autonomous VM cluster.

    " + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CloudAutonomousVmCluster":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster.

    " + }, + "cloudAutonomousVmClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) for the Autonomous VM cluster.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network associated with this Autonomous VM cluster.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor associated with this Autonomous VM cluster.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The progress of the current operation on the Autonomous VM cluster, as a percentage.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    The display name of the Autonomous VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current state of the Autonomous VM cluster. Possible values include CREATING, AVAILABLE, UPDATING, DELETING, DELETED, FAILED.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the Autonomous VM cluster.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Cloud Exadata Infrastructure containing this Autonomous VM cluster.

    " + }, + "autonomousDataStoragePercentage":{ + "shape":"Float", + "documentation":"

    The percentage of data storage currently in use for Autonomous Databases in the Autonomous VM cluster.

    " + }, + "autonomousDataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The data storage size allocated for Autonomous Databases in the Autonomous VM cluster, in TB.

    " + }, + "availableAutonomousDataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The available data storage space for Autonomous Databases in the Autonomous VM cluster, in TB.

    " + }, + "availableContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs that you can create with the currently available storage.

    " + }, + "availableCpus":{ + "shape":"Float", + "documentation":"

    The number of CPU cores available for allocation to Autonomous Databases.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The compute model of the Autonomous VM cluster: ECPU or OCPU.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores in the Autonomous VM cluster.

    " + }, + "cpuCoreCountPerNode":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled per node in the Autonomous VM cluster.

    " + }, + "cpuPercentage":{ + "shape":"Float", + "documentation":"

    The percentage of total CPU cores currently in use in the Autonomous VM cluster.

    " + }, + "dataStorageSizeInGBs":{ + "shape":"Double", + "documentation":"

    The total data storage allocated to the Autonomous VM cluster, in GB.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The total data storage allocated to the Autonomous VM cluster, in TB.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The local node storage allocated to the Autonomous VM cluster, in gigabytes (GB).

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers associated with the Autonomous VM cluster.

    " + }, + "description":{ + "shape":"String", + "documentation":"

    The user-provided description of the Autonomous VM cluster.

    " + }, + "domain":{ + "shape":"String", + "documentation":"

    The domain name for the Autonomous VM cluster.

    " + }, + "exadataStorageInTBsLowestScaledValue":{ + "shape":"Double", + "documentation":"

    The minimum value to which you can scale down the Exadata storage, in TB.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The hostname for the Autonomous VM cluster.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The Oracle Cloud Identifier (OCID) of the Autonomous VM cluster.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The URL for accessing the OCI console page for this Autonomous VM cluster.

    " + }, + "isMtlsEnabledVmCluster":{ + "shape":"Boolean", + "documentation":"

    Indicates whether mutual TLS (mTLS) authentication is enabled for the Autonomous VM cluster.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model that applies to the Autonomous VM cluster.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "maxAcdsLowestScaledValue":{ + "shape":"Integer", + "documentation":"

    The minimum value to which you can scale down the maximum number of Autonomous CDBs.

    " + }, + "memoryPerOracleComputeUnitInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory allocated per Oracle Compute Unit, in GB.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of memory allocated to the Autonomous VM cluster, in gigabytes (GB).

    " + }, + "nodeCount":{ + "shape":"Integer", + "documentation":"

    The number of database server nodes in the Autonomous VM cluster.

    " + }, + "nonProvisionableAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs that can't be provisioned because of resource constraints.

    " + }, + "provisionableAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs that can be provisioned in the Autonomous VM cluster.

    " + }, + "provisionedAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs currently provisioned in the Autonomous VM cluster.

    " + }, + "provisionedCpus":{ + "shape":"Float", + "documentation":"

    The number of CPU cores currently provisioned in the Autonomous VM cluster.

    " + }, + "reclaimableCpus":{ + "shape":"Float", + "documentation":"

    The number of CPU cores that can be reclaimed from terminated or scaled-down Autonomous Databases.

    " + }, + "reservedCpus":{ + "shape":"Float", + "documentation":"

    The number of CPU cores reserved for system operations and redundancy.

    " + }, + "scanListenerPortNonTls":{ + "shape":"Integer", + "documentation":"

    The SCAN listener port for non-TLS (TCP) protocol. The default is 1521.

    " + }, + "scanListenerPortTls":{ + "shape":"Integer", + "documentation":"

    The SCAN listener port for TLS (TCP) protocol. The default is 2484.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The shape of the Exadata infrastructure for the Autonomous VM cluster.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the Autonomous VM cluster was created.

    " + }, + "timeDatabaseSslCertificateExpires":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The expiration date and time of the database SSL certificate.

    " + }, + "timeOrdsCertificateExpires":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The expiration date and time of the Oracle REST Data Services (ORDS) certificate.

    " + }, + "timeZone":{ + "shape":"String", + "documentation":"

    The time zone of the Autonomous VM cluster.

    " + }, + "totalContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The total number of Autonomous Container Databases that can be created with the allocated local storage.

    " + } + }, + "documentation":"

    Information about an Autonomous VM cluster resource.

    " + }, + "CloudAutonomousVmClusterList":{ + "type":"list", + "member":{"shape":"CloudAutonomousVmClusterSummary"} + }, + "CloudAutonomousVmClusterResourceDetails":{ + "type":"structure", + "members":{ + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster.

    " + }, + "unallocatedAdbStorageInTBs":{ + "shape":"Double", + "documentation":"

    The amount of unallocated Autonomous Database storage in the Autonomous VM cluster, in terabytes.

    " + } + }, + "documentation":"

    Resource details of an Autonomous VM cluster.

    " + }, + "CloudAutonomousVmClusterResourceDetailsList":{ + "type":"list", + "member":{"shape":"CloudAutonomousVmClusterResourceDetails"} + }, + "CloudAutonomousVmClusterSummary":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster.

    " + }, + "cloudAutonomousVmClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) for the Autonomous VM cluster.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network associated with this Autonomous VM cluster.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor associated with this Autonomous VM cluster.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The progress of the current operation on the Autonomous VM cluster, as a percentage.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    The user-friendly name for the Autonomous VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Autonomous VM cluster.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the Autonomous VM cluster, if applicable.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure containing this Autonomous VM cluster.

    " + }, + "autonomousDataStoragePercentage":{ + "shape":"Float", + "documentation":"

    The percentage of data storage currently in use for Autonomous Databases in the Autonomous VM cluster.

    " + }, + "autonomousDataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The total data storage allocated for Autonomous Databases in the Autonomous VM cluster, in TB.

    " + }, + "availableAutonomousDataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The available data storage for Autonomous Databases in the Autonomous VM cluster, in TB.

    " + }, + "availableContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous Container Databases that you can create with the currently available storage.

    " + }, + "availableCpus":{ + "shape":"Float", + "documentation":"

    The number of CPU cores available for allocation to Autonomous Databases.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The compute model of the Autonomous VM cluster: ECPU or OCPU.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores in the Autonomous VM cluster.

    " + }, + "cpuCoreCountPerNode":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores per node in the Autonomous VM cluster.

    " + }, + "cpuPercentage":{ + "shape":"Float", + "documentation":"

    The percentage of total CPU cores currently in use in the Autonomous VM cluster.

    " + }, + "dataStorageSizeInGBs":{ + "shape":"Double", + "documentation":"

    The total data storage allocated to the Autonomous VM cluster, in GB.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The total data storage allocated to the Autonomous VM cluster, in TB.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The local node storage allocated to the Autonomous VM cluster, in GB.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers associated with the Autonomous VM cluster.

    " + }, + "description":{ + "shape":"String", + "documentation":"

    The user-provided description of the Autonomous VM cluster.

    " + }, + "domain":{ + "shape":"String", + "documentation":"

    The domain name for the Autonomous VM cluster.

    " + }, + "exadataStorageInTBsLowestScaledValue":{ + "shape":"Double", + "documentation":"

    The lowest value to which Exadata storage can be scaled down, in TB.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The host name for the Autonomous VM cluster.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The Oracle Cloud Identifier (OCID) of the Autonomous VM cluster.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The URL for accessing the OCI console page for this Autonomous VM cluster.

    " + }, + "isMtlsEnabledVmCluster":{ + "shape":"Boolean", + "documentation":"

    Indicates if mutual TLS (mTLS) authentication is enabled for the Autonomous VM cluster.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model that applies to the Autonomous VM cluster.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "maxAcdsLowestScaledValue":{ + "shape":"Integer", + "documentation":"

    The lowest value to which you can scale down the maximum number of Autonomous CDBs.

    " + }, + "memoryPerOracleComputeUnitInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory allocated per Oracle Compute Unit (OCU), in GB.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of memory allocated to the Autonomous VM cluster, in GB.

    " + }, + "nodeCount":{ + "shape":"Integer", + "documentation":"

    The number of database server nodes in the Autonomous VM cluster.

    " + }, + "nonProvisionableAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs that can't be provisioned because of resource constraints.

    " + }, + "provisionableAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous CDBs that you can provision in the Autonomous VM cluster.

    " + }, + "provisionedAutonomousContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The number of Autonomous Container Databases currently provisioned in the Autonomous VM cluster.

    " + }, + "provisionedCpus":{ + "shape":"Float", + "documentation":"

    The number of CPUs currently provisioned in the Autonomous VM cluster.

    " + }, + "reclaimableCpus":{ + "shape":"Float", + "documentation":"

    The number of CPUs that can be reclaimed from terminated or scaled-down Autonomous Databases.

    " + }, + "reservedCpus":{ + "shape":"Float", + "documentation":"

    The number of CPUs reserved for system operations and redundancy.

    " + }, + "scanListenerPortNonTls":{ + "shape":"Integer", + "documentation":"

    The SCAN listener port for non-TLS (TCP) protocol.

    " + }, + "scanListenerPortTls":{ + "shape":"Integer", + "documentation":"

    The SCAN listener port for TLS (TCP) protocol.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The shape of the Exadata infrastructure for the Autonomous VM cluster.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the Autonomous VM cluster was created.

    " + }, + "timeDatabaseSslCertificateExpires":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The expiration date and time of the database SSL certificate.

    " + }, + "timeOrdsCertificateExpires":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The expiration date and time of the Oracle REST Data Services (ORDS) certificate.

    " + }, + "timeZone":{ + "shape":"String", + "documentation":"

    The time zone of the Autonomous VM cluster.

    " + }, + "totalContainerDatabases":{ + "shape":"Integer", + "documentation":"

    The total number of Autonomous Container Databases that can be created in the Autonomous VM cluster.

    " + } + }, + "documentation":"

    A summary of an Autonomous VM cluster.

    " + }, + "CloudExadataInfrastructure":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier for the Exadata infrastructure.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the Exadata infrastructure.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Exadata infrastructure.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the Exadata infrastructure.

    " + }, + "cloudExadataInfrastructureArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) for the Exadata infrastructure.

    " + }, + "activatedStorageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers requested for the Exadata infrastructure.

    " + }, + "additionalStorageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers requested for the Exadata infrastructure.

    " + }, + "availableStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of available storage, in gigabytes (GB), for the Exadata infrastructure.

    " + }, + "availabilityZone":{ + "shape":"String", + "documentation":"

    The name of the Availability Zone (AZ) where the Exadata infrastructure is located.

    " + }, + "availabilityZoneId":{ + "shape":"String", + "documentation":"

    The AZ ID of the AZ where the Exadata infrastructure is located.

    " + }, + "computeCount":{ + "shape":"Integer", + "documentation":"

    The number of database servers for the Exadata infrastructure.

    " + }, + "cpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores that are allocated to the Exadata infrastructure.

    " + }, + "customerContactsToSendToOCI":{ + "shape":"CustomerContacts", + "documentation":"

    The email addresses of contacts to receive notification from Oracle about maintenance updates for the Exadata infrastructure.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The size of the Exadata infrastructure's data disk group, in terabytes (TB).

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The size of the Exadata infrastructure's local node storage, in gigabytes (GB).

    " + }, + "dbServerVersion":{ + "shape":"String", + "documentation":"

    The software version of the database servers (dom0) in the Exadata infrastructure.

    " + }, + "lastMaintenanceRunId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud Identifier (OCID) of the last maintenance run for the Exadata infrastructure.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "maxCpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores available on the Exadata infrastructure.

    " + }, + "maxDataStorageInTBs":{ + "shape":"Double", + "documentation":"

    The total amount of data disk group storage, in terabytes (TB), that's available on the Exadata infrastructure.

    " + }, + "maxDbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of local node storage, in gigabytes (GB), that's available on the Exadata infrastructure.

    " + }, + "maxMemoryInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of memory, in gigabytes (GB), that's available on the Exadata infrastructure.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that's allocated on the Exadata infrastructure.

    " + }, + "monthlyDbServerVersion":{ + "shape":"String", + "documentation":"

    The monthly software version of the database servers installed on the Exadata infrastructure.

    " + }, + "monthlyStorageServerVersion":{ + "shape":"String", + "documentation":"

    The monthly software version of the storage servers installed on the Exadata infrastructure.

    " + }, + "nextMaintenanceRunId":{ + "shape":"String", + "documentation":"

    The OCID of the next maintenance run for the Exadata infrastructure.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the Exadata infrastructure.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The HTTPS link to the Exadata infrastructure in OCI.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the Exadata infrastructure.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The model name of the Exadata infrastructure.

    " + }, + "storageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers that are activated for the Exadata infrastructure.

    " + }, + "storageServerVersion":{ + "shape":"String", + "documentation":"

    The software version of the storage servers on the Exadata infrastructure.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the Exadata infrastructure was created.

    " + }, + "totalStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of storage, in gigabytes (GB), on the the Exadata infrastructure.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the Exadata infrastructure, expressed as a percentage.

    " + }, + "databaseServerType":{ + "shape":"String", + "documentation":"

    The database server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "storageServerType":{ + "shape":"String", + "documentation":"

    The storage server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + } + }, + "documentation":"

    Information about an Exadata infrastructure.

    " + }, + "CloudExadataInfrastructureList":{ + "type":"list", + "member":{"shape":"CloudExadataInfrastructureSummary"} + }, + "CloudExadataInfrastructureSummary":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier for the Exadata infrastructure.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the Exadata infrastructure.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Exadata infrastructure.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the Exadata infrastructure.

    " + }, + "cloudExadataInfrastructureArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) for the Exadata infrastructure.

    " + }, + "activatedStorageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers requested for the Exadata infrastructure.

    " + }, + "additionalStorageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers requested for the Exadata infrastructure.

    " + }, + "availableStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of available storage, in gigabytes (GB), for the Exadata infrastructure.

    " + }, + "availabilityZone":{ + "shape":"String", + "documentation":"

    The name of the Availability Zone (AZ) where the Exadata infrastructure is located.

    " + }, + "availabilityZoneId":{ + "shape":"String", + "documentation":"

    The AZ ID of the AZ where the Exadata infrastructure is located.

    " + }, + "computeCount":{ + "shape":"Integer", + "documentation":"

    The number of database servers for the Exadata infrastructure.

    " + }, + "cpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores that are allocated to the Exadata infrastructure.

    " + }, + "customerContactsToSendToOCI":{ + "shape":"CustomerContacts", + "documentation":"

    The email addresses of contacts to receive notification from Oracle about maintenance updates for the Exadata infrastructure.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The size of the Exadata infrastructure's data disk group, in terabytes (TB).

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The size of the Exadata infrastructure's local node storage, in gigabytes (GB).

    " + }, + "dbServerVersion":{ + "shape":"String", + "documentation":"

    The software version of the database servers on the Exadata infrastructure.

    " + }, + "lastMaintenanceRunId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud Identifier (OCID) of the last maintenance run for the Exadata infrastructure.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "maxCpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores available on the Exadata infrastructure.

    " + }, + "maxDataStorageInTBs":{ + "shape":"Double", + "documentation":"

    The total amount of data disk group storage, in terabytes (TB), that's available on the Exadata infrastructure.

    " + }, + "maxDbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of local node storage, in gigabytes (GB), that's available on the Exadata infrastructure.

    " + }, + "maxMemoryInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of memory, in gigabytes (GB), that's available on the Exadata infrastructure.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that's allocated on the Exadata infrastructure.

    " + }, + "monthlyDbServerVersion":{ + "shape":"String", + "documentation":"

    The monthly software version of the database servers (dom0) installed on the Exadata infrastructure.

    " + }, + "monthlyStorageServerVersion":{ + "shape":"String", + "documentation":"

    The monthly software version of the storage servers installed on the Exadata infrastructure.

    " + }, + "nextMaintenanceRunId":{ + "shape":"String", + "documentation":"

    The OCID of the next maintenance run for the Exadata infrastructure.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the Exadata infrastructure.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The HTTPS link to the Exadata infrastructure in OCI.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the Exadata infrastructure.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The model name of the Exadata infrastructure.

    " + }, + "storageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers that are activated for the Exadata infrastructure.

    " + }, + "storageServerVersion":{ + "shape":"String", + "documentation":"

    The software version of the storage servers on the Exadata infrastructure.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the Exadata infrastructure was created.

    " + }, + "totalStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of storage, in gigabytes (GB), on the the Exadata infrastructure.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the Exadata infrastructure, expressed as a percentage.

    " + }, + "databaseServerType":{ + "shape":"String", + "documentation":"

    The database server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "storageServerType":{ + "shape":"String", + "documentation":"

    The storage server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + } + }, + "documentation":"

    Information about an Exadata infrastructure.

    " + }, + "CloudExadataInfrastructureUnallocatedResources":{ + "type":"structure", + "members":{ + "cloudAutonomousVmClusters":{ + "shape":"CloudAutonomousVmClusterResourceDetailsList", + "documentation":"

    A list of Autonomous VM clusters associated with this Cloud Exadata Infrastructure.

    " + }, + "cloudExadataInfrastructureDisplayName":{ + "shape":"String", + "documentation":"

    The display name of the Cloud Exadata infrastructure.

    " + }, + "exadataStorageInTBs":{ + "shape":"Double", + "documentation":"

    The amount of unallocated Exadata storage available, in terabytes (TB).

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Cloud Exadata infrastructure.

    " + }, + "localStorageInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of unallocated local storage available, in gigabytes (GB).

    " + }, + "memoryInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of unallocated memory available, in gigabytes (GB).

    " + }, + "ocpus":{ + "shape":"Integer", + "documentation":"

    The number of unallocated Oracle CPU Units (OCPUs) available.

    " + } + }, + "documentation":"

    Information about unallocated resources in the Cloud Exadata infrastructure.

    " + }, + "CloudVmCluster":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the VM cluster.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the VM cluster.

    " + }, + "cloudVmClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the VM cluster.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The unique identifier of the Exadata infrastructure that this VM cluster belongs to.

    " + }, + "clusterName":{ + "shape":"String", + "documentation":"

    The name of the Grid Infrastructure (GI) cluster.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled on the VM cluster.

    " + }, + "dataCollectionOptions":{ + "shape":"DataCollectionOptions", + "documentation":"

    The set of diagnostic collection options enabled for the VM cluster.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The size of the data disk group, in terabytes (TB), that's allocated for the VM cluster.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated for the VM cluster.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers for the VM cluster.

    " + }, + "diskRedundancy":{ + "shape":"DiskRedundancy", + "documentation":"

    The type of redundancy configured for the VM cluster. NORMAL is 2-way redundancy. HIGH is 3-way redundancy.

    " + }, + "giVersion":{ + "shape":"String", + "documentation":"

    The software version of the Oracle Grid Infrastructure (GI) for the VM cluster.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The host name for the VM cluster.

    " + }, + "iormConfigCache":{ + "shape":"ExadataIormConfig", + "documentation":"

    The ExadataIormConfig cache details for the VM cluster.

    " + }, + "isLocalBackupEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether database backups to local Exadata storage is enabled for the VM cluster.

    " + }, + "isSparseDiskgroupEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the VM cluster is configured with a sparse disk group.

    " + }, + "lastUpdateHistoryEntryId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud ID (OCID) of the last maintenance update history entry.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model applied to the VM cluster.

    " + }, + "listenerPort":{ + "shape":"Integer", + "documentation":"

    The port number configured for the listener on the VM cluster.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that's allocated for the VM cluster.

    " + }, + "nodeCount":{ + "shape":"Integer", + "documentation":"

    The number of nodes in the VM cluster.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the VM cluster.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the VM cluster.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The HTTPS link to the VM cluster in OCI.

    " + }, + "domain":{ + "shape":"String", + "documentation":"

    The domain of the VM cluster.

    " + }, + "scanDnsName":{ + "shape":"String", + "documentation":"

    The FQDN of the DNS record for the Single Client Access Name (SCAN) IP addresses that are associated with the VM cluster.

    " + }, + "scanDnsRecordId":{ + "shape":"String", + "documentation":"

    The OCID of the DNS record for the SCAN IP addresses that are associated with the VM cluster.

    " + }, + "scanIpIds":{ + "shape":"StringList", + "documentation":"

    The OCID of the SCAN IP addresses that are associated with the VM cluster.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The hardware model name of the Exadata infrastructure that's running the VM cluster.

    " + }, + "sshPublicKeys":{ + "shape":"SensitiveStringList", + "documentation":"

    The public key portion of one or more key pairs used for SSH access to the VM cluster.

    " + }, + "storageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated to the VM cluster.

    " + }, + "systemVersion":{ + "shape":"String", + "documentation":"

    The operating system version of the image chosen for the VM cluster.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the VM cluster was created.

    " + }, + "timeZone":{ + "shape":"String", + "documentation":"

    The time zone of the VM cluster.

    " + }, + "vipIds":{ + "shape":"StringList", + "documentation":"

    The virtual IP (VIP) addresses that are associated with the VM cluster. Oracle's Cluster Ready Services (CRS) creates and maintains one VIP address for each node in the VM cluster to enable failover. If one node fails, the VIP is reassigned to another active node in the cluster.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network for the VM cluster.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the VM cluster, expressed as a percentage.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + } + }, + "documentation":"

    Information about a VM cluster.

    " + }, + "CloudVmClusterList":{ + "type":"list", + "member":{"shape":"CloudVmClusterSummary"} + }, + "CloudVmClusterSummary":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the VM cluster.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the VM cluster.

    " + }, + "cloudVmClusterArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the VM cluster.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The unique identifier of the Exadata infrastructure that this VM cluster belongs to.

    " + }, + "clusterName":{ + "shape":"String", + "documentation":"

    The name of the Grid Infrastructure (GI) cluster.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled on the VM cluster.

    " + }, + "dataCollectionOptions":{"shape":"DataCollectionOptions"}, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The size of the data disk group, in terabytes (TB), that's allocated for the VM cluster.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated for the VM cluster.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers for the VM cluster.

    " + }, + "diskRedundancy":{ + "shape":"DiskRedundancy", + "documentation":"

    The type of redundancy configured for the VM cluster. NORMAL is 2-way redundancy. HIGH is 3-way redundancy.

    " + }, + "giVersion":{ + "shape":"String", + "documentation":"

    The software version of the Oracle Grid Infrastructure (GI) for the VM cluster.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The host name for the VM cluster.

    " + }, + "iormConfigCache":{"shape":"ExadataIormConfig"}, + "isLocalBackupEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether database backups to local Exadata storage is enabled for the VM cluster.

    " + }, + "isSparseDiskgroupEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the VM cluster is configured with a sparse disk group.

    " + }, + "lastUpdateHistoryEntryId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud ID (OCID) of the last maintenance update history entry.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model applied to the VM cluster.

    " + }, + "listenerPort":{ + "shape":"Integer", + "documentation":"

    The port number configured for the listener on the VM cluster.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that's allocated for the VM cluster.

    " + }, + "nodeCount":{ + "shape":"Integer", + "documentation":"

    The number of nodes in the VM cluster.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the VM cluster.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the VM cluster.

    " + }, + "ociUrl":{ + "shape":"String", + "documentation":"

    The HTTPS link to the VM cluster in OCI.

    " + }, + "domain":{ + "shape":"String", + "documentation":"

    The domain of the VM cluster.

    " + }, + "scanDnsName":{ + "shape":"String", + "documentation":"

    The FQDN of the DNS record for the Single Client Access Name (SCAN) IP addresses that are associated with the VM cluster.

    " + }, + "scanDnsRecordId":{ + "shape":"String", + "documentation":"

    The OCID of the DNS record for the SCAN IP addresses that are associated with the VM cluster.

    " + }, + "scanIpIds":{ + "shape":"StringList", + "documentation":"

    The OCID of the SCAN IP addresses that are associated with the VM cluster.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The hardware model name of the Exadata infrastructure that's running the VM cluster.

    " + }, + "sshPublicKeys":{ + "shape":"SensitiveStringList", + "documentation":"

    The public key portion of one or more key pairs used for SSH access to the VM cluster.

    " + }, + "storageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated to the VM cluster.

    " + }, + "systemVersion":{ + "shape":"String", + "documentation":"

    The operating system version of the image chosen for the VM cluster.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the VM cluster was created.

    " + }, + "timeZone":{ + "shape":"String", + "documentation":"

    The time zone of the VM cluster.

    " + }, + "vipIds":{ + "shape":"StringList", + "documentation":"

    The virtual IP (VIP) addresses that are associated with the VM cluster. Oracle's Cluster Ready Services (CRS) creates and maintains one VIP address for each node in the VM cluster to enable failover. If one node fails, the VIP is reassigned to another active node in the cluster.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network for the VM cluster.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the VM cluster, expressed as a percentage.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + } + }, + "documentation":"

    Information about a VM cluster.

    " + }, + "ComputeModel":{ + "type":"string", + "enum":[ + "ECPU", + "OCPU" + ] + }, + "ConflictException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType" + ], + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"

    The identifier of the resource that caused the conflict.

    " + }, + "resourceType":{ + "shape":"String", + "documentation":"

    The type of resource that caused the conflict.

    " + } + }, + "documentation":"

    Occurs when a conflict with the current status of your resource. Fix any inconsistencies with your resource and try again.

    ", + "exception":true + }, + "CreateCloudAutonomousVmClusterInput":{ + "type":"structure", + "required":[ + "cloudExadataInfrastructureId", + "odbNetworkId", + "displayName", + "autonomousDataStorageSizeInTBs", + "cpuCoreCountPerNode", + "memoryPerOracleComputeUnitInGBs", + "totalContainerDatabases" + ], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure where the VM cluster will be created.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network to be used for the VM cluster.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    The display name for the Autonomous VM cluster. The name does not need to be unique.

    " + }, + "clientToken":{ + "shape":"CreateCloudAutonomousVmClusterInputClientTokenString", + "documentation":"

    A client-provided token to ensure idempotency of the request.

    ", + "idempotencyToken":true + }, + "autonomousDataStorageSizeInTBs":{ + "shape":"CreateCloudAutonomousVmClusterInputAutonomousDataStorageSizeInTBsDouble", + "documentation":"

    The data disk group size to be allocated for Autonomous Databases, in terabytes (TB).

    " + }, + "cpuCoreCountPerNode":{ + "shape":"CreateCloudAutonomousVmClusterInputCpuCoreCountPerNodeInteger", + "documentation":"

    The number of CPU cores to be enabled per VM cluster node.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers to be used for the Autonomous VM cluster.

    " + }, + "description":{ + "shape":"CreateCloudAutonomousVmClusterInputDescriptionString", + "documentation":"

    A user-provided description of the Autonomous VM cluster.

    " + }, + "isMtlsEnabledVmCluster":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to enable mutual TLS (mTLS) authentication for the Autonomous VM cluster.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model to apply to the Autonomous VM cluster.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "memoryPerOracleComputeUnitInGBs":{ + "shape":"CreateCloudAutonomousVmClusterInputMemoryPerOracleComputeUnitInGBsInteger", + "documentation":"

    The amount of memory to be allocated per OCPU, in GB.

    " + }, + "scanListenerPortNonTls":{ + "shape":"CreateCloudAutonomousVmClusterInputScanListenerPortNonTlsInteger", + "documentation":"

    The SCAN listener port for non-TLS (TCP) protocol.

    " + }, + "scanListenerPortTls":{ + "shape":"CreateCloudAutonomousVmClusterInputScanListenerPortTlsInteger", + "documentation":"

    The SCAN listener port for TLS (TCP) protocol.

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    Free-form tags for this resource. Each tag is a key-value pair with no predefined name, type, or namespace.

    " + }, + "timeZone":{ + "shape":"CreateCloudAutonomousVmClusterInputTimeZoneString", + "documentation":"

    The time zone to use for the Autonomous VM cluster.

    " + }, + "totalContainerDatabases":{ + "shape":"CreateCloudAutonomousVmClusterInputTotalContainerDatabasesInteger", + "documentation":"

    The total number of Autonomous CDBs that you can create in the Autonomous VM cluster.

    " + } + } + }, + "CreateCloudAutonomousVmClusterInputAutonomousDataStorageSizeInTBsDouble":{ + "type":"double", + "box":true, + "min":0 + }, + "CreateCloudAutonomousVmClusterInputClientTokenString":{ + "type":"string", + "max":64, + "min":8, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudAutonomousVmClusterInputCpuCoreCountPerNodeInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "CreateCloudAutonomousVmClusterInputDescriptionString":{ + "type":"string", + "max":400, + "min":1 + }, + "CreateCloudAutonomousVmClusterInputMemoryPerOracleComputeUnitInGBsInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "CreateCloudAutonomousVmClusterInputScanListenerPortNonTlsInteger":{ + "type":"integer", + "box":true, + "max":8999, + "min":1024 + }, + "CreateCloudAutonomousVmClusterInputScanListenerPortTlsInteger":{ + "type":"integer", + "box":true, + "max":8999, + "min":1024 + }, + "CreateCloudAutonomousVmClusterInputTimeZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudAutonomousVmClusterInputTotalContainerDatabasesInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "CreateCloudAutonomousVmClusterOutput":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The display name of the created Autonomous VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Autonomous VM cluster creation process.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the Autonomous VM cluster creation process, if applicable.

    " + }, + "cloudAutonomousVmClusterId":{ + "shape":"String", + "documentation":"

    The unique identifier of the created Autonomous VM cluster.

    " + } + } + }, + "CreateCloudExadataInfrastructureInput":{ + "type":"structure", + "required":[ + "displayName", + "shape", + "computeCount", + "storageCount" + ], + "members":{ + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    A user-friendly name for the Exadata infrastructure.

    " + }, + "shape":{ + "shape":"CreateCloudExadataInfrastructureInputShapeString", + "documentation":"

    The model name of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "availabilityZone":{ + "shape":"CreateCloudExadataInfrastructureInputAvailabilityZoneString", + "documentation":"

    The name of the Availability Zone (AZ) where the Exadata infrastructure is located.

    This operation requires that you specify a value for either availabilityZone or availabilityZoneId.

    Example: us-east-1a

    " + }, + "availabilityZoneId":{ + "shape":"CreateCloudExadataInfrastructureInputAvailabilityZoneIdString", + "documentation":"

    The AZ ID of the AZ where the Exadata infrastructure is located.

    This operation requires that you specify a value for either availabilityZone or availabilityZoneId.

    Example: use1-az1

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    The list of resource tags to apply to the Exadata infrastructure.

    " + }, + "computeCount":{ + "shape":"Integer", + "documentation":"

    The number of database servers for the Exadata infrastructure. Valid values for this parameter depend on the shape. To get information about the minimum and maximum values, use the ListDbSystemShapes operation.

    " + }, + "customerContactsToSendToOCI":{ + "shape":"CustomerContacts", + "documentation":"

    The email addresses of contacts to receive notification from Oracle about maintenance updates for the Exadata infrastructure.

    " + }, + "maintenanceWindow":{ + "shape":"MaintenanceWindow", + "documentation":"

    The maintenance window configuration for the Exadata Cloud infrastructure.

    This allows you to define when maintenance operations such as patching and updates can be performed on the infrastructure.

    " + }, + "storageCount":{ + "shape":"Integer", + "documentation":"

    The number of storage servers to activate for this Exadata infrastructure. Valid values for this parameter depend on the shape. To get information about the minimum and maximum values, use the ListDbSystemShapes operation.

    " + }, + "clientToken":{ + "shape":"CreateCloudExadataInfrastructureInputClientTokenString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you don't specify a client token, the Amazon Web Services SDK automatically generates a client token and uses it for the request to ensure idempotency. The client token is valid for up to 24 hours after it's first used.

    ", + "idempotencyToken":true + }, + "databaseServerType":{ + "shape":"CreateCloudExadataInfrastructureInputDatabaseServerTypeString", + "documentation":"

    The database server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + }, + "storageServerType":{ + "shape":"CreateCloudExadataInfrastructureInputStorageServerTypeString", + "documentation":"

    The storage server model type of the Exadata infrastructure. For the list of valid model names, use the ListDbSystemShapes operation.

    " + } + } + }, + "CreateCloudExadataInfrastructureInputAvailabilityZoneIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudExadataInfrastructureInputAvailabilityZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudExadataInfrastructureInputClientTokenString":{ + "type":"string", + "max":64, + "min":8, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudExadataInfrastructureInputDatabaseServerTypeString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudExadataInfrastructureInputShapeString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudExadataInfrastructureInputStorageServerTypeString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudExadataInfrastructureOutput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the Exadata infrastructure.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Exadata infrastructure.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the Exadata infrastructure.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The unique identifier of the Exadata infrastructure.

    " + } + } + }, + "CreateCloudVmClusterInput":{ + "type":"structure", + "required":[ + "cloudExadataInfrastructureId", + "cpuCoreCount", + "displayName", + "giVersion", + "hostname", + "sshPublicKeys", + "odbNetworkId" + ], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure for this VM cluster.

    " + }, + "cpuCoreCount":{ + "shape":"CreateCloudVmClusterInputCpuCoreCountInteger", + "documentation":"

    The number of CPU cores to enable on the VM cluster.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    A user-friendly name for the VM cluster.

    " + }, + "giVersion":{ + "shape":"CreateCloudVmClusterInputGiVersionString", + "documentation":"

    A valid software version of Oracle Grid Infrastructure (GI). To get the list of valid values, use the ListGiVersions operation and specify the shape of the Exadata infrastructure.

    Example: 19.0.0.0

    " + }, + "hostname":{ + "shape":"CreateCloudVmClusterInputHostnameString", + "documentation":"

    The host name for the VM cluster.

    Constraints:

    • Can't be \"localhost\" or \"hostname\".

    • Can't contain \"-version\".

    • The maximum length of the combined hostname and domain is 63 characters.

    • The hostname must be unique within the subnet.

    " + }, + "sshPublicKeys":{ + "shape":"StringList", + "documentation":"

    The public key portion of one or more key pairs used for SSH access to the VM cluster.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network for the VM cluster.

    " + }, + "clusterName":{ + "shape":"CreateCloudVmClusterInputClusterNameString", + "documentation":"

    A name for the Grid Infrastructure cluster. The name isn't case sensitive.

    " + }, + "dataCollectionOptions":{ + "shape":"DataCollectionOptions", + "documentation":"

    The set of preferences for the various diagnostic collection options for the VM cluster.

    " + }, + "dataStorageSizeInTBs":{ + "shape":"Double", + "documentation":"

    The size of the data disk group, in terabytes (TBs), to allocate for the VM cluster.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GBs), to allocate for the VM cluster.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The list of database servers for the VM cluster.

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    The list of resource tags to apply to the VM cluster.

    " + }, + "isLocalBackupEnabled":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to enable database backups to local Exadata storage for the VM cluster.

    " + }, + "isSparseDiskgroupEnabled":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to create a sparse disk group for the VM cluster.

    " + }, + "licenseModel":{ + "shape":"LicenseModel", + "documentation":"

    The Oracle license model to apply to the VM cluster.

    Default: LICENSE_INCLUDED

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GBs), to allocate for the VM cluster.

    " + }, + "systemVersion":{ + "shape":"CreateCloudVmClusterInputSystemVersionString", + "documentation":"

    The version of the operating system of the image for the VM cluster.

    " + }, + "timeZone":{ + "shape":"CreateCloudVmClusterInputTimeZoneString", + "documentation":"

    The time zone for the VM cluster. For a list of valid values for time zone, you can check the options in the console.

    Default: UTC

    " + }, + "clientToken":{ + "shape":"CreateCloudVmClusterInputClientTokenString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you don't specify a client token, the Amazon Web Services SDK automatically generates a client token and uses it for the request to ensure idempotency. The client token is valid for up to 24 hours after it's first used.

    ", + "idempotencyToken":true + }, + "scanListenerPortTcp":{ + "shape":"CreateCloudVmClusterInputScanListenerPortTcpInteger", + "documentation":"

    The port number for TCP connections to the single client access name (SCAN) listener.

    Valid values: 1024–8999 with the following exceptions: 2484, 6100, 6200, 7060, 7070, 7085, and 7879

    Default: 1521

    " + } + } + }, + "CreateCloudVmClusterInputClientTokenString":{ + "type":"string", + "max":64, + "min":8, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateCloudVmClusterInputClusterNameString":{ + "type":"string", + "max":11, + "min":1, + "pattern":"[a-zA-Z][a-zA-Z0-9-]*" + }, + "CreateCloudVmClusterInputCpuCoreCountInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":0 + }, + "CreateCloudVmClusterInputGiVersionString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudVmClusterInputHostnameString":{ + "type":"string", + "max":12, + "min":1, + "pattern":"[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]" + }, + "CreateCloudVmClusterInputScanListenerPortTcpInteger":{ + "type":"integer", + "box":true, + "max":8999, + "min":1024 + }, + "CreateCloudVmClusterInputSystemVersionString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudVmClusterInputTimeZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateCloudVmClusterOutput":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name for the VM cluster.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the VM cluster.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the VM cluster.

    " + }, + "cloudVmClusterId":{ + "shape":"String", + "documentation":"

    The unique identifier for the VM cluster.

    " + } + } + }, + "CreateOdbNetworkInput":{ + "type":"structure", + "required":[ + "displayName", + "clientSubnetCidr" + ], + "members":{ + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    A user-friendly name for the ODB network.

    " + }, + "availabilityZone":{ + "shape":"CreateOdbNetworkInputAvailabilityZoneString", + "documentation":"

    The Amazon Web Services Availability Zone (AZ) where the ODB network is located.

    This operation requires that you specify a value for either availabilityZone or availabilityZoneId.

    " + }, + "availabilityZoneId":{ + "shape":"CreateOdbNetworkInputAvailabilityZoneIdString", + "documentation":"

    The AZ ID of the AZ where the ODB network is located.

    This operation requires that you specify a value for either availabilityZone or availabilityZoneId.

    " + }, + "clientSubnetCidr":{ + "shape":"CreateOdbNetworkInputClientSubnetCidrString", + "documentation":"

    The CIDR range of the client subnet for the ODB network.

    Constraints:

    • Must not overlap with the CIDR range of the backup subnet.

    • Must not overlap with the CIDR ranges of the VPCs that are connected to the ODB network.

    • Must not use the following CIDR ranges that are reserved by OCI:

      • 100.106.0.0/16 and 100.107.0.0/16

      • 169.254.0.0/16

      • 224.0.0.0 - 239.255.255.255

      • 240.0.0.0 - 255.255.255.255

    " + }, + "backupSubnetCidr":{ + "shape":"CreateOdbNetworkInputBackupSubnetCidrString", + "documentation":"

    The CIDR range of the backup subnet for the ODB network.

    Constraints:

    • Must not overlap with the CIDR range of the client subnet.

    • Must not overlap with the CIDR ranges of the VPCs that are connected to the ODB network.

    • Must not use the following CIDR ranges that are reserved by OCI:

      • 100.106.0.0/16 and 100.107.0.0/16

      • 169.254.0.0/16

      • 224.0.0.0 - 239.255.255.255

      • 240.0.0.0 - 255.255.255.255

    " + }, + "customDomainName":{ + "shape":"CreateOdbNetworkInputCustomDomainNameString", + "documentation":"

    The domain name to use for the resources in the ODB network.

    " + }, + "defaultDnsPrefix":{ + "shape":"CreateOdbNetworkInputDefaultDnsPrefixString", + "documentation":"

    The DNS prefix to the default DNS domain name. The default DNS domain name is oraclevcn.com.

    " + }, + "clientToken":{ + "shape":"CreateOdbNetworkInputClientTokenString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you don't specify a client token, the Amazon Web Services SDK automatically generates a client token and uses it for the request to ensure idempotency. The client token is valid for up to 24 hours after it's first used.

    ", + "idempotencyToken":true + }, + "s3Access":{ + "shape":"Access", + "documentation":"

    Specifies the configuration for Amazon S3 access from the ODB network.

    " + }, + "zeroEtlAccess":{ + "shape":"Access", + "documentation":"

    Specifies the configuration for Zero-ETL access from the ODB network.

    " + }, + "s3PolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"

    Specifies the endpoint policy for Amazon S3 access from the ODB network.

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    The list of resource tags to apply to the ODB network.

    " + } + } + }, + "CreateOdbNetworkInputAvailabilityZoneIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateOdbNetworkInputAvailabilityZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateOdbNetworkInputBackupSubnetCidrString":{ + "type":"string", + "max":43, + "min":1 + }, + "CreateOdbNetworkInputClientSubnetCidrString":{ + "type":"string", + "max":43, + "min":1 + }, + "CreateOdbNetworkInputClientTokenString":{ + "type":"string", + "max":64, + "min":8, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateOdbNetworkInputCustomDomainNameString":{ + "type":"string", + "max":255, + "min":1 + }, + "CreateOdbNetworkInputDefaultDnsPrefixString":{ + "type":"string", + "max":15, + "min":1, + "pattern":"[a-zA-Z][a-zA-Z0-9]*" + }, + "CreateOdbNetworkOutput":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the ODB network.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the ODB network.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the ODB network.

    " + }, + "odbNetworkId":{ + "shape":"String", + "documentation":"

    The unique identifier of the ODB network.

    " + } + } + }, + "CreateOdbPeeringConnectionInput":{ + "type":"structure", + "required":[ + "odbNetworkId", + "peerNetworkId" + ], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network that initiates the peering connection.

    " + }, + "peerNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the peer network. This can be either a VPC ID or another ODB network ID.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    The display name for the ODB peering connection.

    " + }, + "peerNetworkCidrsToBeAdded":{ + "shape":"PeeredCidrList", + "documentation":"

    A list of CIDR blocks to add to the peering connection. These CIDR blocks define the IP address ranges that can communicate through the peering connection.

    " + }, + "clientToken":{ + "shape":"CreateOdbPeeringConnectionInputClientTokenString", + "documentation":"

    The client token for the ODB peering connection request.

    Constraints:

    • Must be unique for each request.

    ", + "idempotencyToken":true + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    The tags to assign to the ODB peering connection.

    " + } + } + }, + "CreateOdbPeeringConnectionInputClientTokenString":{ + "type":"string", + "max":64, + "min":8, + "pattern":"[a-zA-Z0-9_\\/.=-]+" + }, + "CreateOdbPeeringConnectionOutput":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The display name of the ODB peering connection.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The status of the ODB peering connection.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the ODB peering connection.

    " + }, + "odbPeeringConnectionId":{ + "shape":"String", + "documentation":"

    The unique identifier of the ODB peering connection.

    " + } + } + }, + "CustomerContact":{ + "type":"structure", + "members":{ + "email":{ + "shape":"CustomerContactEmailString", + "documentation":"

    The email address of the contact.

    " + } + }, + "documentation":"

    A contact to receive notification from Oracle about maintenance updates for a specific Exadata infrastructure.

    " + }, + "CustomerContactEmailString":{ + "type":"string", + "max":320, + "min":1, + "sensitive":true + }, + "CustomerContacts":{ + "type":"list", + "member":{"shape":"CustomerContact"} + }, + "DataCollectionOptions":{ + "type":"structure", + "members":{ + "isDiagnosticsEventsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether diagnostic collection is enabled for the VM cluster.

    " + }, + "isHealthMonitoringEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether health monitoring is enabled for the VM cluster.

    " + }, + "isIncidentLogsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether incident logs are enabled for the cloud VM cluster.

    " + } + }, + "documentation":"

    Information about the data collection options enabled for a VM cluster.

    " + }, + "DayOfWeek":{ + "type":"structure", + "members":{ + "name":{ + "shape":"DayOfWeekName", + "documentation":"

    The name of the day of the week.

    " + } + }, + "documentation":"

    An enumeration of days of the week used for scheduling maintenance windows.

    " + }, + "DayOfWeekName":{ + "type":"string", + "enum":[ + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY", + "SUNDAY" + ] + }, + "DaysOfWeek":{ + "type":"list", + "member":{"shape":"DayOfWeek"} + }, + "DbIormConfig":{ + "type":"structure", + "members":{ + "dbName":{ + "shape":"String", + "documentation":"

    The database name. For the default DbPlan, the dbName is default.

    " + }, + "flashCacheLimit":{ + "shape":"String", + "documentation":"

    The flash cache limit for this database. This value is internally configured based on the share value assigned to the database.

    " + }, + "share":{ + "shape":"Integer", + "documentation":"

    The relative priority of this database.

    " + } + }, + "documentation":"

    The IORM configuration settings for the database.

    " + }, + "DbIormConfigList":{ + "type":"list", + "member":{"shape":"DbIormConfig"} + }, + "DbNode":{ + "type":"structure", + "members":{ + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node.

    " + }, + "dbNodeArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the DB node.

    " + }, + "status":{ + "shape":"DbNodeResourceStatus", + "documentation":"

    The current status of the DB node.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the DB node.

    " + }, + "additionalDetails":{ + "shape":"String", + "documentation":"

    Additional information about the planned maintenance.

    " + }, + "backupIpId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud ID (OCID) of the backup IP address that's associated with the DB node.

    " + }, + "backupVnic2Id":{ + "shape":"String", + "documentation":"

    The OCID of the second backup VNIC.

    " + }, + "backupVnicId":{ + "shape":"String", + "documentation":"

    The OCID of the backup VNIC.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    Number of CPU cores enabled on the DB node.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GBs), that's allocated on the DB node.

    " + }, + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Db server that is associated with the DB node.

    " + }, + "dbSystemId":{ + "shape":"String", + "documentation":"

    The OCID of the DB system.

    " + }, + "faultDomain":{ + "shape":"String", + "documentation":"

    The name of the fault domain the instance is contained in.

    " + }, + "hostIpId":{ + "shape":"String", + "documentation":"

    The OCID of the host IP address that's associated with the DB node.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The host name for the DB node.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the DB node.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the DB node.

    " + }, + "maintenanceType":{ + "shape":"DbNodeMaintenanceType", + "documentation":"

    The type of database node maintenance. Either VMDB_REBOOT_MIGRATION or EXADBXS_REBOOT_MIGRATION.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The allocated memory in GBs on the DB node.

    " + }, + "softwareStorageSizeInGB":{ + "shape":"Integer", + "documentation":"

    The size (in GB) of the block storage volume allocation for the DB system.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the DB node was created.

    " + }, + "timeMaintenanceWindowEnd":{ + "shape":"String", + "documentation":"

    End date and time of maintenance window.

    " + }, + "timeMaintenanceWindowStart":{ + "shape":"String", + "documentation":"

    Start date and time of maintenance window.

    " + }, + "totalCpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores reserved on the DB node.

    " + }, + "vnic2Id":{ + "shape":"String", + "documentation":"

    The OCID of the second VNIC.

    " + }, + "vnicId":{ + "shape":"String", + "documentation":"

    The OCID of the VNIC.

    " + }, + "privateIpAddress":{ + "shape":"String", + "documentation":"

    The private IP address assigned to the DB node.

    " + }, + "floatingIpAddress":{ + "shape":"String", + "documentation":"

    The floating IP address assigned to the DB node.

    " + } + }, + "documentation":"

    Information about a DB node.

    " + }, + "DbNodeList":{ + "type":"list", + "member":{"shape":"DbNodeSummary"} + }, + "DbNodeMaintenanceType":{ + "type":"string", + "enum":["VMDB_REBOOT_MIGRATION"] + }, + "DbNodeResourceStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "FAILED", + "PROVISIONING", + "TERMINATED", + "TERMINATING", + "UPDATING", + "STOPPING", + "STOPPED", + "STARTING" + ] + }, + "DbNodeSummary":{ + "type":"structure", + "members":{ + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node.

    " + }, + "dbNodeArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the DB node.

    " + }, + "status":{ + "shape":"DbNodeResourceStatus", + "documentation":"

    The current status of the DB node.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the DB node.

    " + }, + "additionalDetails":{ + "shape":"String", + "documentation":"

    Additional information about the planned maintenance.

    " + }, + "backupIpId":{ + "shape":"String", + "documentation":"

    The Oracle Cloud ID (OCID) of the backup IP address that's associated with the DB node.

    " + }, + "backupVnic2Id":{ + "shape":"String", + "documentation":"

    The OCID of the second backup virtual network interface card (VNIC) for the DB node.

    " + }, + "backupVnicId":{ + "shape":"String", + "documentation":"

    The OCID of the backup VNIC for the DB node.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled on the DB node.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated on the DB node.

    " + }, + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the database server that's associated with the DB node.

    " + }, + "dbSystemId":{ + "shape":"String", + "documentation":"

    The OCID of the DB system.

    " + }, + "faultDomain":{ + "shape":"String", + "documentation":"

    The name of the fault domain where the DB node is located.

    " + }, + "hostIpId":{ + "shape":"String", + "documentation":"

    The OCID of the host IP address that's associated with the DB node.

    " + }, + "hostname":{ + "shape":"String", + "documentation":"

    The host name for the DB node.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the DB node.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the DB node.

    " + }, + "maintenanceType":{ + "shape":"DbNodeMaintenanceType", + "documentation":"

    The type of maintenance the DB node.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that allocated on the DB node.

    " + }, + "softwareStorageSizeInGB":{ + "shape":"Integer", + "documentation":"

    The size of the block storage volume, in gigabytes (GB), that's allocated for the DB system. This attribute applies only for virtual machine DB systems.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the DB node was created.

    " + }, + "timeMaintenanceWindowEnd":{ + "shape":"String", + "documentation":"

    The end date and time of the maintenance window.

    " + }, + "timeMaintenanceWindowStart":{ + "shape":"String", + "documentation":"

    The start date and time of the maintenance window.

    " + }, + "totalCpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores reserved on the DB node.

    " + }, + "vnic2Id":{ + "shape":"String", + "documentation":"

    The OCID of the second VNIC.

    " + }, + "vnicId":{ + "shape":"String", + "documentation":"

    The OCID of the VNIC.

    " + } + }, + "documentation":"

    Information about a DB node.

    " + }, + "DbServer":{ + "type":"structure", + "members":{ + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier for the database server.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the database server.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the database server.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled on the database server.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The allocated local node storage in GBs on the database server.

    " + }, + "dbServerPatchingDetails":{ + "shape":"DbServerPatchingDetails", + "documentation":"

    The scheduling details for the quarterly maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the database server.

    " + }, + "exadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The ID of the Exadata infrastructure the database server belongs to.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the database server.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the database server.

    " + }, + "maxCpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores available.

    " + }, + "maxDbNodeStorageInGBs":{ + "shape":"Integer", + "documentation":"

    The total local node storage available in GBs.

    " + }, + "maxMemoryInGBs":{ + "shape":"Integer", + "documentation":"

    The total memory available in GBs.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The allocated memory in GBs on the database server.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The shape of the database server. The shape determines the amount of CPU, storage, and memory resources available.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the database server was created.

    " + }, + "vmClusterIds":{ + "shape":"StringList", + "documentation":"

    The OCID of the VM clusters that are associated with the database server.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The compute model of the database server (ECPU or OCPU).

    " + }, + "autonomousVmClusterIds":{ + "shape":"StringList", + "documentation":"

    The list of identifiers for the Autonomous VM clusters associated with this database server.

    " + }, + "autonomousVirtualMachineIds":{ + "shape":"StringList", + "documentation":"

    The list of unique identifiers for the Autonomous VMs associated with this database server.

    " + } + }, + "documentation":"

    Information about a database server.

    " + }, + "DbServerList":{ + "type":"list", + "member":{"shape":"DbServerSummary"} + }, + "DbServerPatchingDetails":{ + "type":"structure", + "members":{ + "estimatedPatchDuration":{ + "shape":"Integer", + "documentation":"

    Estimated time, in minutes, to patch one database server.

    " + }, + "patchingStatus":{ + "shape":"DbServerPatchingStatus", + "documentation":"

    The status of the patching operation. Possible values are SCHEDULED, MAINTENANCE_IN_PROGRESS, FAILED, and COMPLETE.

    " + }, + "timePatchingEnded":{ + "shape":"String", + "documentation":"

    The time when the patching operation ended.

    " + }, + "timePatchingStarted":{ + "shape":"String", + "documentation":"

    The time when the patching operation started.

    " + } + }, + "documentation":"

    The scheduling details for the quarterly maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "DbServerPatchingStatus":{ + "type":"string", + "enum":[ + "COMPLETE", + "FAILED", + "MAINTENANCE_IN_PROGRESS", + "SCHEDULED" + ] + }, + "DbServerSummary":{ + "type":"structure", + "members":{ + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the database server.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the database server.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the database server.

    " + }, + "cpuCoreCount":{ + "shape":"Integer", + "documentation":"

    The number of CPU cores enabled on the database server.

    " + }, + "dbNodeStorageSizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of local node storage, in gigabytes (GB), that's allocated on the database server.

    " + }, + "dbServerPatchingDetails":{"shape":"DbServerPatchingDetails"}, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the database server. The name doesn't need to be unique.

    " + }, + "exadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The ID of the Exadata infrastructure that hosts the database server.

    " + }, + "ocid":{ + "shape":"String", + "documentation":"

    The OCID of the database server.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor for the database server.

    " + }, + "maxCpuCount":{ + "shape":"Integer", + "documentation":"

    The total number of CPU cores available on the database server.

    " + }, + "maxDbNodeStorageInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of local node storage, in gigabytes (GB), that's available on the database server.

    " + }, + "maxMemoryInGBs":{ + "shape":"Integer", + "documentation":"

    The total amount of memory, in gigabytes (GB), that's available on the database server.

    " + }, + "memorySizeInGBs":{ + "shape":"Integer", + "documentation":"

    The amount of memory, in gigabytes (GB), that's allocated on the database server.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The hardware system model of the Exadata infrastructure that the database server is hosted on. The shape determines the amount of CPU, storage, and memory resources available.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the database server was created.

    " + }, + "vmClusterIds":{ + "shape":"StringList", + "documentation":"

    The IDs of the VM clusters that are associated with the database server.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + }, + "autonomousVmClusterIds":{ + "shape":"StringList", + "documentation":"

    A list of identifiers for the Autonomous VM clusters.

    " + }, + "autonomousVirtualMachineIds":{ + "shape":"StringList", + "documentation":"

    A list of unique identifiers for the Autonomous VMs.

    " + } + }, + "documentation":"

    Information about a database server.

    " + }, + "DbSystemShapeList":{ + "type":"list", + "member":{"shape":"DbSystemShapeSummary"} + }, + "DbSystemShapeSummary":{ + "type":"structure", + "members":{ + "availableCoreCount":{ + "shape":"Integer", + "documentation":"

    The maximum number of CPU cores that can be enabled for the shape.

    " + }, + "availableCoreCountPerNode":{ + "shape":"Integer", + "documentation":"

    The maximum number of CPU cores per DB node that can be enabled for the shape.

    " + }, + "availableDataStorageInTBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of data storage, in terabytes (TB), that can be enabled for the shape.

    " + }, + "availableDataStoragePerServerInTBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of data storage, in terabytes (TB), that's available per storage server for the shape.

    " + }, + "availableDbNodePerNodeInGBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of DB node storage, in gigabytes (GB), that's available per DB node for the shape.

    " + }, + "availableDbNodeStorageInGBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of DB node storage, in gigabytes (GB), that can be enabled for the shape.

    " + }, + "availableMemoryInGBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of memory, in gigabytes (GB), that can be enabled for the shape.

    " + }, + "availableMemoryPerNodeInGBs":{ + "shape":"Integer", + "documentation":"

    The maximum amount of memory, in gigabytes (GB), that's available per DB node for the shape.

    " + }, + "coreCountIncrement":{ + "shape":"Integer", + "documentation":"

    The discrete number by which the CPU core count for the shape can be increased or decreased.

    " + }, + "maxStorageCount":{ + "shape":"Integer", + "documentation":"

    The maximum number of Exadata storage servers that's available for the shape.

    " + }, + "maximumNodeCount":{ + "shape":"Integer", + "documentation":"

    The maximum number of compute servers that is available for the shape.

    " + }, + "minCoreCountPerNode":{ + "shape":"Integer", + "documentation":"

    The minimum number of CPU cores that can be enabled per node for the shape.

    " + }, + "minDataStorageInTBs":{ + "shape":"Integer", + "documentation":"

    The minimum amount of data storage, in terabytes (TB), that must be allocated for the shape.

    " + }, + "minDbNodeStoragePerNodeInGBs":{ + "shape":"Integer", + "documentation":"

    The minimum amount of DB node storage, in gigabytes (GB), that must be allocated per DB node for the shape.

    " + }, + "minMemoryPerNodeInGBs":{ + "shape":"Integer", + "documentation":"

    The minimum amount of memory, in gigabytes (GB), that must be allocated per DB node for the shape.

    " + }, + "minStorageCount":{ + "shape":"Integer", + "documentation":"

    The minimum number of Exadata storage servers that are available for the shape.

    " + }, + "minimumCoreCount":{ + "shape":"Integer", + "documentation":"

    The minimum number of CPU cores that can be enabled for the shape.

    " + }, + "minimumNodeCount":{ + "shape":"Integer", + "documentation":"

    The minimum number of compute servers that are available for the shape.

    " + }, + "runtimeMinimumCoreCount":{ + "shape":"Integer", + "documentation":"

    The runtime minimum number of CPU cores that can be enabled for the shape.

    " + }, + "shapeFamily":{ + "shape":"String", + "documentation":"

    The family of the shape.

    " + }, + "shapeType":{ + "shape":"ShapeType", + "documentation":"

    The shape type. This property is determined by the CPU hardware.

    " + }, + "name":{ + "shape":"String", + "documentation":"

    The name of the shape.

    " + }, + "computeModel":{ + "shape":"ComputeModel", + "documentation":"

    The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.

    " + }, + "areServerTypesSupported":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the hardware system model supports configurable database and server storage types.

    " + } + }, + "documentation":"

    Information about a hardware system model (shape) that's available for an Exadata infrastructure. The shape determines resources, such as CPU cores, memory, and storage, to allocate to the Exadata infrastructure.

    " + }, + "DeleteCloudAutonomousVmClusterInput":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster to delete.

    " + } + } + }, + "DeleteCloudAutonomousVmClusterOutput":{ + "type":"structure", + "members":{} + }, + "DeleteCloudExadataInfrastructureInput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure to delete.

    " + } + } + }, + "DeleteCloudExadataInfrastructureOutput":{ + "type":"structure", + "members":{} + }, + "DeleteCloudVmClusterInput":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster to delete.

    " + } + } + }, + "DeleteCloudVmClusterOutput":{ + "type":"structure", + "members":{} + }, + "DeleteOdbNetworkInput":{ + "type":"structure", + "required":[ + "odbNetworkId", + "deleteAssociatedResources" + ], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network to delete.

    " + }, + "deleteAssociatedResources":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to delete associated OCI networking resources along with the ODB network.

    " + } + } + }, + "DeleteOdbNetworkOutput":{ + "type":"structure", + "members":{} + }, + "DeleteOdbPeeringConnectionInput":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "odbPeeringConnectionId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB peering connection to delete.

    " + } + } + }, + "DeleteOdbPeeringConnectionOutput":{ + "type":"structure", + "members":{} + }, + "DiskRedundancy":{ + "type":"string", + "enum":[ + "HIGH", + "NORMAL" + ] + }, + "Double":{ + "type":"double", + "box":true + }, + "ExadataIormConfig":{ + "type":"structure", + "members":{ + "dbPlans":{ + "shape":"DbIormConfigList", + "documentation":"

    An array of IORM settings for all the database in the Exadata DB system.

    " + }, + "lifecycleDetails":{ + "shape":"String", + "documentation":"

    Additional information about the current lifecycleState.

    " + }, + "lifecycleState":{ + "shape":"IormLifecycleState", + "documentation":"

    The current state of IORM configuration for the Exadata DB system.

    " + }, + "objective":{ + "shape":"Objective", + "documentation":"

    The current value for the IORM objective. The default is AUTO.

    " + } + }, + "documentation":"

    The IORM settings of the Exadata DB system.

    " + }, + "Float":{ + "type":"float", + "box":true + }, + "GetCloudAutonomousVmClusterInput":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster to retrieve information about.

    " + } + } + }, + "GetCloudAutonomousVmClusterOutput":{ + "type":"structure", + "members":{ + "cloudAutonomousVmCluster":{ + "shape":"CloudAutonomousVmCluster", + "documentation":"

    The details of the requested Autonomous VM cluster.

    " + } + } + }, + "GetCloudExadataInfrastructureInput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure.

    " + } + } + }, + "GetCloudExadataInfrastructureOutput":{ + "type":"structure", + "members":{ + "cloudExadataInfrastructure":{ + "shape":"CloudExadataInfrastructure", + "documentation":"

    The Exadata infrastructure.

    " + } + } + }, + "GetCloudExadataInfrastructureUnallocatedResourcesInput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Cloud Exadata infrastructure for which to retrieve unallocated resources.

    " + }, + "dbServers":{ + "shape":"StringList", + "documentation":"

    The database servers to include in the unallocated resources query.

    " + } + } + }, + "GetCloudExadataInfrastructureUnallocatedResourcesOutput":{ + "type":"structure", + "members":{ + "cloudExadataInfrastructureUnallocatedResources":{ + "shape":"CloudExadataInfrastructureUnallocatedResources", + "documentation":"

    Details about the unallocated resources in the specified Cloud Exadata infrastructure.

    " + } + } + }, + "GetCloudVmClusterInput":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster.

    " + } + } + }, + "GetCloudVmClusterOutput":{ + "type":"structure", + "members":{ + "cloudVmCluster":{ + "shape":"CloudVmCluster", + "documentation":"

    The VM cluster.

    " + } + } + }, + "GetDbNodeInput":{ + "type":"structure", + "required":[ + "cloudVmClusterId", + "dbNodeId" + ], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster that contains the DB node.

    " + }, + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node to retrieve information about.

    " + } + } + }, + "GetDbNodeOutput":{ + "type":"structure", + "members":{ + "dbNode":{"shape":"DbNode"} + } + }, + "GetDbServerInput":{ + "type":"structure", + "required":[ + "cloudExadataInfrastructureId", + "dbServerId" + ], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Oracle Exadata infrastructure that contains the database server.

    " + }, + "dbServerId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the database server to retrieve information about.

    " + } + } + }, + "GetDbServerOutput":{ + "type":"structure", + "members":{ + "dbServer":{ + "shape":"DbServer", + "documentation":"

    The details of the requested database server.

    " + } + } + }, + "GetOciOnboardingStatusInput":{ + "type":"structure", + "members":{} + }, + "GetOciOnboardingStatusOutput":{ + "type":"structure", + "members":{ + "status":{"shape":"OciOnboardingStatus"}, + "existingTenancyActivationLink":{ + "shape":"String", + "documentation":"

    The existing OCI tenancy activation link for your Amazon Web Services account.

    " + }, + "newTenancyActivationLink":{ + "shape":"String", + "documentation":"

    A new OCI tenancy activation link for your Amazon Web Services account.

    " + } + } + }, + "GetOdbNetworkInput":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network.

    " + } + } + }, + "GetOdbNetworkOutput":{ + "type":"structure", + "members":{ + "odbNetwork":{ + "shape":"OdbNetwork", + "documentation":"

    The ODB network.

    " + } + } + }, + "GetOdbPeeringConnectionInput":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "odbPeeringConnectionId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB peering connection to retrieve information about.

    " + } + } + }, + "GetOdbPeeringConnectionOutput":{ + "type":"structure", + "members":{ + "odbPeeringConnection":{"shape":"OdbPeeringConnection"} + } + }, + "GiVersionList":{ + "type":"list", + "member":{"shape":"GiVersionSummary"} + }, + "GiVersionSummary":{ + "type":"structure", + "members":{ + "version":{ + "shape":"String", + "documentation":"

    The GI software version.

    " + } + }, + "documentation":"

    Information about a specific version of Oracle Grid Infrastructure (GI) software that can be installed on a VM cluster.

    " + }, + "HoursOfDay":{ + "type":"list", + "member":{"shape":"Integer"} + }, + "InitializeServiceInput":{ + "type":"structure", + "members":{} + }, + "InitializeServiceOutput":{ + "type":"structure", + "members":{} + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"}, + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"

    The number of seconds to wait before retrying the request after an internal server error.

    " + } + }, + "documentation":"

    Occurs when there is an internal failure in the Oracle Database@Amazon Web Services service. Wait and try again.

    ", + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "IormLifecycleState":{ + "type":"string", + "enum":[ + "BOOTSTRAPPING", + "DISABLED", + "ENABLED", + "FAILED", + "UPDATING" + ] + }, + "LicenseModel":{ + "type":"string", + "enum":[ + "BRING_YOUR_OWN_LICENSE", + "LICENSE_INCLUDED" + ] + }, + "ListAutonomousVirtualMachinesInput":{ + "type":"structure", + "required":["cloudAutonomousVmClusterId"], + "members":{ + "maxResults":{ + "shape":"ListAutonomousVirtualMachinesInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return per page.

    " + }, + "nextToken":{ + "shape":"ListAutonomousVirtualMachinesInputNextTokenString", + "documentation":"

    The pagination token to continue listing from.

    " + }, + "cloudAutonomousVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the Autonomous VM cluster whose virtual machines you're listing.

    " + } + } + }, + "ListAutonomousVirtualMachinesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListAutonomousVirtualMachinesInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListAutonomousVirtualMachinesOutput":{ + "type":"structure", + "required":["autonomousVirtualMachines"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The pagination token from which to continue listing.

    " + }, + "autonomousVirtualMachines":{ + "shape":"AutonomousVirtualMachineList", + "documentation":"

    The list of Autonomous VMs in the specified Autonomous VM cluster.

    " + } + } + }, + "ListCloudAutonomousVmClustersInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListCloudAutonomousVmClustersInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return per page.

    " + }, + "nextToken":{ + "shape":"ListCloudAutonomousVmClustersInputNextTokenString", + "documentation":"

    The pagination token to continue listing from.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Cloud Exadata Infrastructure that hosts the Autonomous VM clusters to be listed.

    " + } + } + }, + "ListCloudAutonomousVmClustersInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListCloudAutonomousVmClustersInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListCloudAutonomousVmClustersOutput":{ + "type":"structure", + "required":["cloudAutonomousVmClusters"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The pagination token to continue listing from.

    " + }, + "cloudAutonomousVmClusters":{ + "shape":"CloudAutonomousVmClusterList", + "documentation":"

    The list of Autonomous VM clusters in the specified Cloud Exadata Infrastructure.

    " + } + } + }, + "ListCloudExadataInfrastructuresInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListCloudExadataInfrastructuresInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListCloudExadataInfrastructuresInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + } + } + }, + "ListCloudExadataInfrastructuresInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListCloudExadataInfrastructuresInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListCloudExadataInfrastructuresOutput":{ + "type":"structure", + "required":["cloudExadataInfrastructures"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "cloudExadataInfrastructures":{ + "shape":"CloudExadataInfrastructureList", + "documentation":"

    The list of Exadata infrastructures along with their properties.

    " + } + } + }, + "ListCloudVmClustersInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListCloudVmClustersInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListCloudVmClustersInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Oracle Exadata infrastructure.

    " + } + } + }, + "ListCloudVmClustersInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListCloudVmClustersInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListCloudVmClustersOutput":{ + "type":"structure", + "required":["cloudVmClusters"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "cloudVmClusters":{ + "shape":"CloudVmClusterList", + "documentation":"

    The list of VM clusters along with their properties.

    " + } + } + }, + "ListDbNodesInput":{ + "type":"structure", + "required":["cloudVmClusterId"], + "members":{ + "maxResults":{ + "shape":"ListDbNodesInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListDbNodesInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + }, + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster.

    " + } + } + }, + "ListDbNodesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListDbNodesInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListDbNodesOutput":{ + "type":"structure", + "required":["dbNodes"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "dbNodes":{ + "shape":"DbNodeList", + "documentation":"

    The list of DB nodes along with their properties.

    " + } + } + }, + "ListDbServersInput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Oracle Exadata infrastructure.

    " + }, + "maxResults":{ + "shape":"ListDbServersInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListDbServersInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + } + } + }, + "ListDbServersInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListDbServersInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListDbServersOutput":{ + "type":"structure", + "required":["dbServers"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "dbServers":{ + "shape":"DbServerList", + "documentation":"

    The list of database servers along with their properties.

    " + } + } + }, + "ListDbSystemShapesInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListDbSystemShapesInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListDbSystemShapesInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + }, + "availabilityZone":{ + "shape":"ListDbSystemShapesInputAvailabilityZoneString", + "documentation":"

    The logical name of the AZ, for example, us-east-1a. This name varies depending on the account.

    " + }, + "availabilityZoneId":{ + "shape":"ListDbSystemShapesInputAvailabilityZoneIdString", + "documentation":"

    The physical ID of the AZ, for example, use1-az4. This ID persists across accounts.

    " + } + } + }, + "ListDbSystemShapesInputAvailabilityZoneIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "ListDbSystemShapesInputAvailabilityZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "ListDbSystemShapesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListDbSystemShapesInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListDbSystemShapesOutput":{ + "type":"structure", + "required":["dbSystemShapes"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "dbSystemShapes":{ + "shape":"DbSystemShapeList", + "documentation":"

    The list of shapes and their properties.

    " + } + } + }, + "ListGiVersionsInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListGiVersionsInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListGiVersionsInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + }, + "shape":{ + "shape":"ListGiVersionsInputShapeString", + "documentation":"

    The shape to return GI versions for. For a list of valid shapes, use the ListDbSystemShapes operation..

    " + } + } + }, + "ListGiVersionsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListGiVersionsInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListGiVersionsInputShapeString":{ + "type":"string", + "max":255, + "min":1 + }, + "ListGiVersionsOutput":{ + "type":"structure", + "required":["giVersions"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "giVersions":{ + "shape":"GiVersionList", + "documentation":"

    The list of GI versions and their properties.

    " + } + } + }, + "ListOdbNetworksInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListOdbNetworksInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListOdbNetworksInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + } + } + }, + "ListOdbNetworksInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListOdbNetworksInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListOdbNetworksOutput":{ + "type":"structure", + "required":["odbNetworks"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "odbNetworks":{ + "shape":"OdbNetworkList", + "documentation":"

    The list of ODB networks.

    " + } + } + }, + "ListOdbPeeringConnectionsInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListOdbPeeringConnectionsInputMaxResultsInteger", + "documentation":"

    The maximum number of ODB peering connections to return in the response.

    Default: 20

    Constraints:

    • Must be between 1 and 100.

    " + }, + "nextToken":{ + "shape":"ListOdbPeeringConnectionsInputNextTokenString", + "documentation":"

    The pagination token for the next page of ODB peering connections.

    " + }, + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The identifier of the ODB network to list peering connections for.

    If not specified, lists all ODB peering connections in the account.

    " + } + } + }, + "ListOdbPeeringConnectionsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListOdbPeeringConnectionsInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListOdbPeeringConnectionsOutput":{ + "type":"structure", + "required":["odbPeeringConnections"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The pagination token for the next page of ODB peering connections.

    " + }, + "odbPeeringConnections":{ + "shape":"OdbPeeringConnectionList", + "documentation":"

    The list of ODB peering connections.

    " + } + } + }, + "ListSystemVersionsInput":{ + "type":"structure", + "required":[ + "giVersion", + "shape" + ], + "members":{ + "maxResults":{ + "shape":"ListSystemVersionsInputMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output.

    Default: 10

    " + }, + "nextToken":{ + "shape":"ListSystemVersionsInputNextTokenString", + "documentation":"

    The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

    " + }, + "giVersion":{ + "shape":"ListSystemVersionsInputGiVersionString", + "documentation":"

    The software version of the Exadata Grid Infrastructure (GI).

    " + }, + "shape":{ + "shape":"ListSystemVersionsInputShapeString", + "documentation":"

    The Exadata hardware system model.

    " + } + } + }, + "ListSystemVersionsInputGiVersionString":{ + "type":"string", + "max":30, + "min":1 + }, + "ListSystemVersionsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListSystemVersionsInputNextTokenString":{ + "type":"string", + "max":8192, + "min":1 + }, + "ListSystemVersionsInputShapeString":{ + "type":"string", + "max":255, + "min":1 + }, + "ListSystemVersionsOutput":{ + "type":"structure", + "required":["systemVersions"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

    " + }, + "systemVersions":{ + "shape":"SystemVersionList", + "documentation":"

    The list of system versions.

    " + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to list tags for.

    " + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"ResponseTagMap", + "documentation":"

    The list of tags applied to the resource.

    " + } + } + }, + "MaintenanceWindow":{ + "type":"structure", + "members":{ + "customActionTimeoutInMins":{ + "shape":"MaintenanceWindowCustomActionTimeoutInMinsInteger", + "documentation":"

    The custom action timeout in minutes for the maintenance window.

    " + }, + "daysOfWeek":{ + "shape":"DaysOfWeek", + "documentation":"

    The days of the week when maintenance can be performed.

    " + }, + "hoursOfDay":{ + "shape":"HoursOfDay", + "documentation":"

    The hours of the day when maintenance can be performed.

    " + }, + "isCustomActionTimeoutEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether custom action timeout is enabled for the maintenance window.

    " + }, + "leadTimeInWeeks":{ + "shape":"MaintenanceWindowLeadTimeInWeeksInteger", + "documentation":"

    The lead time in weeks before the maintenance window.

    " + }, + "months":{ + "shape":"Months", + "documentation":"

    The months when maintenance can be performed.

    " + }, + "patchingMode":{ + "shape":"PatchingModeType", + "documentation":"

    The patching mode for the maintenance window.

    " + }, + "preference":{ + "shape":"PreferenceType", + "documentation":"

    The preference for the maintenance window scheduling.

    " + }, + "skipRu":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to skip release updates during maintenance.

    " + }, + "weeksOfMonth":{ + "shape":"WeeksOfMonth", + "documentation":"

    The weeks of the month when maintenance can be performed.

    " + } + }, + "documentation":"

    The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.

    " + }, + "MaintenanceWindowCustomActionTimeoutInMinsInteger":{ + "type":"integer", + "box":true, + "max":120, + "min":15 + }, + "MaintenanceWindowLeadTimeInWeeksInteger":{ + "type":"integer", + "box":true, + "max":4, + "min":1 + }, + "ManagedResourceStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "ENABLING", + "DISABLED", + "DISABLING" + ] + }, + "ManagedS3BackupAccess":{ + "type":"structure", + "members":{ + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"

    The status of the managed Amazon S3 backup access.

    " + }, + "ipv4Addresses":{ + "shape":"StringList", + "documentation":"

    The IPv4 addresses for the managed Amazon S3 backup access.

    " + } + }, + "documentation":"

    The configuration for managed Amazon S3 backup access from the ODB network.

    " + }, + "ManagedServices":{ + "type":"structure", + "members":{ + "serviceNetworkArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, + "resourceGatewayArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " + }, + "managedServicesIpv4Cidrs":{ + "shape":"StringList", + "documentation":"

    The IPv4 CIDR blocks for the managed services.

    " + }, + "serviceNetworkEndpoint":{ + "shape":"ServiceNetworkEndpoint", + "documentation":"

    The service network endpoint configuration.

    " + }, + "managedS3BackupAccess":{ + "shape":"ManagedS3BackupAccess", + "documentation":"

    The managed Amazon S3 backup access configuration.

    " + }, + "zeroEtlAccess":{ + "shape":"ZeroEtlAccess", + "documentation":"

    The Zero-ETL access configuration.

    " + }, + "s3Access":{ + "shape":"S3Access", + "documentation":"

    The Amazon S3 access configuration.

    " + } + }, + "documentation":"

    The managed services configuration for the ODB network.

    " + }, + "Month":{ + "type":"structure", + "members":{ + "name":{ + "shape":"MonthName", + "documentation":"

    The name of the month.

    " + } + }, + "documentation":"

    An enumeration of months used for scheduling maintenance windows.

    " + }, + "MonthName":{ + "type":"string", + "enum":[ + "JANUARY", + "FEBRUARY", + "MARCH", + "APRIL", + "MAY", + "JUNE", + "JULY", + "AUGUST", + "SEPTEMBER", + "OCTOBER", + "NOVEMBER", + "DECEMBER" + ] + }, + "Months":{ + "type":"list", + "member":{"shape":"Month"} + }, + "Objective":{ + "type":"string", + "enum":[ + "AUTO", + "BALANCED", + "BASIC", + "HIGH_THROUGHPUT", + "LOW_LATENCY" + ] + }, + "OciDnsForwardingConfig":{ + "type":"structure", + "members":{ + "domainName":{ + "shape":"OciDnsForwardingConfigDomainNameString", + "documentation":"

    Domain name to which DNS resolver forwards to.

    " + }, + "ociDnsListenerIp":{ + "shape":"String", + "documentation":"

    OCI DNS listener IP for custom DNS setup.

    " + } + }, + "documentation":"

    DNS configuration to forward DNS resolver endpoints to your OCI Private Zone.

    " + }, + "OciDnsForwardingConfigDomainNameString":{ + "type":"string", + "max":255, + "min":1 + }, + "OciDnsForwardingConfigList":{ + "type":"list", + "member":{"shape":"OciDnsForwardingConfig"} + }, + "OciOnboardingStatus":{ + "type":"string", + "documentation":"

    ", + "enum":[ + "NOT_STARTED", + "PENDING_LINK_GENERATION", + "PENDING_CUSTOMER_ACTION", + "PENDING_INITIALIZATION", + "ACTIVATING", + "ACTIVE_IN_HOME_REGION", + "ACTIVE", + "ACTIVE_LIMITED", + "FAILED", + "PUBLIC_OFFER_UNSUPPORTED", + "SUSPENDED", + "CANCELED" + ] + }, + "OdbNetwork":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the ODB network.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the ODB network.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the ODB network.

    " + }, + "odbNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB network.

    " + }, + "availabilityZone":{ + "shape":"OdbNetworkAvailabilityZoneString", + "documentation":"

    The Amazon Web Services Availability Zone (AZ) where the ODB network is located.

    " + }, + "availabilityZoneId":{ + "shape":"OdbNetworkAvailabilityZoneIdString", + "documentation":"

    The AZ ID of the AZ where the ODB network is located.

    " + }, + "clientSubnetCidr":{ + "shape":"OdbNetworkClientSubnetCidrString", + "documentation":"

    The CIDR range of the client subnet in the ODB network.

    " + }, + "backupSubnetCidr":{ + "shape":"OdbNetworkBackupSubnetCidrString", + "documentation":"

    The CIDR range of the backup subnet in the ODB network.

    " + }, + "customDomainName":{ + "shape":"OdbNetworkCustomDomainNameString", + "documentation":"

    The domain name for the resources in the ODB network.

    " + }, + "defaultDnsPrefix":{ + "shape":"OdbNetworkDefaultDnsPrefixString", + "documentation":"

    The DNS prefix to the default DNS domain name. The default DNS domain name is oraclevcn.com.

    " + }, + "peeredCidrs":{ + "shape":"StringList", + "documentation":"

    The list of CIDR ranges from the peered VPC that are allowed access to the ODB network.

    " + }, + "ociNetworkAnchorId":{ + "shape":"OdbNetworkOciNetworkAnchorIdString", + "documentation":"

    The unique identifier of the OCI network anchor for the ODB network.

    " + }, + "ociNetworkAnchorUrl":{ + "shape":"String", + "documentation":"

    The URL of the OCI network anchor for the ODB network.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor that's associated with the ODB network.

    " + }, + "ociVcnId":{ + "shape":"OdbNetworkOciVcnIdString", + "documentation":"

    The Oracle Cloud ID (OCID) for the Virtual Cloud Network (VCN) that's associated with the ODB network.

    " + }, + "ociVcnUrl":{ + "shape":"String", + "documentation":"

    The URL for the VCN that's associated with the ODB network.

    " + }, + "ociDnsForwardingConfigs":{ + "shape":"OciDnsForwardingConfigList", + "documentation":"

    The DNS resolver endpoint in OCI for forwarding DNS queries for the ociPrivateZone domain.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the ODB network was created.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the ODB network, expressed as a percentage.

    " + }, + "managedServices":{ + "shape":"ManagedServices", + "documentation":"

    The managed services configuration for the ODB network.

    " + } + }, + "documentation":"

    Information about an ODB network.

    " + }, + "OdbNetworkAvailabilityZoneIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkAvailabilityZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkBackupSubnetCidrString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkClientSubnetCidrString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkCustomDomainNameString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkDefaultDnsPrefixString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkList":{ + "type":"list", + "member":{"shape":"OdbNetworkSummary"} + }, + "OdbNetworkOciNetworkAnchorIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkOciVcnIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummary":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the ODB network.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the ODB network.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the current status of the ODB network.

    " + }, + "odbNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB network.

    " + }, + "availabilityZone":{ + "shape":"OdbNetworkSummaryAvailabilityZoneString", + "documentation":"

    The Amazon Web Services Availability Zone (AZ) where the ODB network is located.

    " + }, + "availabilityZoneId":{ + "shape":"OdbNetworkSummaryAvailabilityZoneIdString", + "documentation":"

    The AZ ID of the AZ where the ODB network is located.

    " + }, + "clientSubnetCidr":{ + "shape":"OdbNetworkSummaryClientSubnetCidrString", + "documentation":"

    The CIDR range of the client subnet in the ODB network.

    " + }, + "backupSubnetCidr":{ + "shape":"OdbNetworkSummaryBackupSubnetCidrString", + "documentation":"

    The CIDR range of the backup subnet in the ODB network.

    " + }, + "customDomainName":{ + "shape":"OdbNetworkSummaryCustomDomainNameString", + "documentation":"

    The domain name for the resources in the ODB network.

    " + }, + "defaultDnsPrefix":{ + "shape":"OdbNetworkSummaryDefaultDnsPrefixString", + "documentation":"

    The DNS prefix to the default DNS domain name. The default DNS domain name is oraclevcn.com.

    " + }, + "peeredCidrs":{ + "shape":"StringList", + "documentation":"

    The list of CIDR ranges from the peered VPC that are allowed access to the ODB network.

    " + }, + "ociNetworkAnchorId":{ + "shape":"OdbNetworkSummaryOciNetworkAnchorIdString", + "documentation":"

    The unique identifier of the OCI network anchor for the ODB network.

    " + }, + "ociNetworkAnchorUrl":{ + "shape":"String", + "documentation":"

    The URL of the OCI network anchor for the ODB network.

    " + }, + "ociResourceAnchorName":{ + "shape":"String", + "documentation":"

    The name of the OCI resource anchor associated with the ODB network.

    " + }, + "ociVcnId":{ + "shape":"OdbNetworkSummaryOciVcnIdString", + "documentation":"

    The Oracle Cloud ID (OCID) for the Virtual Cloud Network (VCN) associated with the ODB network.

    " + }, + "ociVcnUrl":{ + "shape":"String", + "documentation":"

    The URL for the VCN that's associated with the ODB network.

    " + }, + "ociDnsForwardingConfigs":{ + "shape":"OciDnsForwardingConfigList", + "documentation":"

    The DNS resolver endpoint in OCI for forwarding DNS queries for the ociPrivateZone domain.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the ODB network was created.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The amount of progress made on the current operation on the ODB network, expressed as a percentage.

    " + }, + "managedServices":{ + "shape":"ManagedServices", + "documentation":"

    The managed services configuration for the ODB network.

    " + } + }, + "documentation":"

    Information about an ODB network.

    " + }, + "OdbNetworkSummaryAvailabilityZoneIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryAvailabilityZoneString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryBackupSubnetCidrString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryClientSubnetCidrString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryCustomDomainNameString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryDefaultDnsPrefixString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryOciNetworkAnchorIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbNetworkSummaryOciVcnIdString":{ + "type":"string", + "max":255, + "min":1 + }, + "OdbPeeringConnection":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "odbPeeringConnectionId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB peering connection. A sample ID is odbpcx-abcdefgh12345678.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The display name of the ODB peering connection.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The status of the ODB peering connection.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the ODB peering connection.

    " + }, + "odbPeeringConnectionArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB peering connection.

    Example: arn:aws:odb:us-east-1:123456789012:odb-peering-connection/odbpcx-abcdefgh12345678

    " + }, + "odbNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB network that initiated the peering connection.

    " + }, + "peerNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the peer network.

    " + }, + "odbPeeringConnectionType":{ + "shape":"String", + "documentation":"

    The type of the ODB peering connection.

    Valid Values: ODB-VPC | ODB-ODB

    " + }, + "peerNetworkCidrs":{ + "shape":"PeeredCidrList", + "documentation":"

    The CIDR blocks associated with the peering connection. These CIDR blocks define the IP address ranges that can communicate through the peering connection.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the ODB peering connection was created.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The percentage progress of the ODB peering connection creation or deletion.

    " + } + }, + "documentation":"

    A peering connection between an ODB network and either another ODB network or a customer-owned VPC.

    " + }, + "OdbPeeringConnectionList":{ + "type":"list", + "member":{"shape":"OdbPeeringConnectionSummary"} + }, + "OdbPeeringConnectionSummary":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "odbPeeringConnectionId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB peering connection. A sample ID is odbpcx-abcdefgh12345678.

    " + }, + "displayName":{ + "shape":"String", + "documentation":"

    The display name of the ODB peering connection.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The status of the ODB peering connection.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    The reason for the current status of the ODB peering connection.

    " + }, + "odbPeeringConnectionArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB peering connection.

    " + }, + "odbNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the ODB network that initiated the peering connection.

    " + }, + "peerNetworkArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the peer network.

    " + }, + "odbPeeringConnectionType":{ + "shape":"String", + "documentation":"

    The type of the ODB peering connection.

    Valid Values: ODB-VPC | ODB-ODB

    " + }, + "peerNetworkCidrs":{ + "shape":"PeeredCidrList", + "documentation":"

    The CIDR blocks associated with the peering connection. These CIDR blocks define the IP address ranges that can communicate through the peering connection.

    " + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the ODB peering connection was created.

    " + }, + "percentProgress":{ + "shape":"Float", + "documentation":"

    The percentage progress of the ODB peering connection creation or deletion.

    " + } + }, + "documentation":"

    A summary of an ODB peering connection.

    " + }, + "PatchingModeType":{ + "type":"string", + "enum":[ + "ROLLING", + "NONROLLING" + ] + }, + "PeeredCidr":{ + "type":"string", + "max":18, + "min":1, + "pattern":"(?:(?:\\d|[01]?\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)\\/(?:[1-2][0-9]|3[0-2]|[1-9])" + }, + "PeeredCidrList":{ + "type":"list", + "member":{"shape":"PeeredCidr"} + }, + "PolicyDocument":{ + "type":"string", + "max":20480, + "min":3 + }, + "PreferenceType":{ + "type":"string", + "enum":[ + "NO_PREFERENCE", + "CUSTOM_PREFERENCE" + ] + }, + "RebootDbNodeInput":{ + "type":"structure", + "required":[ + "cloudVmClusterId", + "dbNodeId" + ], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster that contains the DB node to reboot.

    " + }, + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node to reboot.

    " + } + } + }, + "RebootDbNodeOutput":{ + "type":"structure", + "required":["dbNodeId"], + "members":{ + "dbNodeId":{ + "shape":"String", + "documentation":"

    The unique identifier of the DB node that was rebooted.

    " + }, + "status":{ + "shape":"DbNodeResourceStatus", + "documentation":"

    The current status of the DB node after the reboot operation.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the DB node after the reboot operation.

    " + } + } + }, + "RequestTagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":1 + }, + "ResourceArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(?:aws|aws-cn|aws-us-gov|aws-iso-{0,1}[a-z]{0,1}):[a-z0-9-]+:[a-z0-9-]*:[0-9]+:[a-z0-9-]+/[a-z0-9-_]{6,64}" + }, + "ResourceDisplayName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z_](?!.*--)[a-zA-Z0-9_-]*" + }, + "ResourceId":{ + "type":"string", + "max":64, + "min":6, + "pattern":"[a-zA-Z0-9_~.-]+" + }, + "ResourceIdOrArn":{ + "type":"string", + "max":2048, + "min":6, + "pattern":"(arn:(?:aws|aws-cn|aws-us-gov|aws-iso-{0,1}[a-z]{0,1}):[a-z0-9-]+:[a-z0-9-]*:[0-9]+:[a-z0-9-]+/[a-zA-Z0-9_~.-]{6,64}|[a-zA-Z0-9_~.-]{6,64})" + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType" + ], + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"

    The identifier of the resource that was not found.

    " + }, + "resourceType":{ + "shape":"String", + "documentation":"

    The type of resource that was not found.

    " + } + }, + "documentation":"

    The operation tried to access a resource that doesn't exist. Make sure you provided the correct resource and try again.

    ", + "exception":true + }, + "ResourceStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "FAILED", + "PROVISIONING", + "TERMINATED", + "TERMINATING", + "UPDATING", + "MAINTENANCE_IN_PROGRESS" + ] + }, + "ResponseTagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":0 + }, + "S3Access":{ + "type":"structure", + "members":{ + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"

    The status of the Amazon S3 access.

    " + }, + "ipv4Addresses":{ + "shape":"StringList", + "documentation":"

    The IPv4 addresses for the Amazon S3 access.

    " + }, + "domainName":{ + "shape":"String", + "documentation":"

    The domain name for the Amazon S3 access.

    " + }, + "s3PolicyDocument":{ + "shape":"String", + "documentation":"

    The endpoint policy for the Amazon S3 access.

    " + } + }, + "documentation":"

    The configuration for Amazon S3 access from the ODB network.

    " + }, + "SensitiveString":{ + "type":"string", + "sensitive":true + }, + "SensitiveStringList":{ + "type":"list", + "member":{"shape":"SensitiveString"} + }, + "ServiceNetworkEndpoint":{ + "type":"structure", + "members":{ + "vpcEndpointId":{ + "shape":"String", + "documentation":"

    The identifier of the VPC endpoint.

    " + }, + "vpcEndpointType":{ + "shape":"VpcEndpointType", + "documentation":"

    The type of the VPC endpoint.

    " + } + }, + "documentation":"

    The configuration for a service network endpoint.

    " + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType", + "quotaCode" + ], + "members":{ + "message":{"shape":"String"}, + "resourceId":{ + "shape":"String", + "documentation":"

    The identifier of the resource that exceeded the service quota.

    " + }, + "resourceType":{ + "shape":"String", + "documentation":"

    The type of resource that exceeded the service quota.

    " + }, + "quotaCode":{ + "shape":"String", + "documentation":"

    The unqiue identifier of the service quota that was exceeded.

    " + } + }, + "documentation":"

    You have exceeded the service quota.

    ", + "exception":true + }, + "ShapeType":{ + "type":"string", + "enum":[ + "AMD", + "INTEL", + "INTEL_FLEX_X9", + "AMPERE_FLEX_A1" + ] + }, + "StartDbNodeInput":{ + "type":"structure", + "required":[ + "cloudVmClusterId", + "dbNodeId" + ], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster that contains the DB node to start.

    " + }, + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node to start.

    " + } + } + }, + "StartDbNodeOutput":{ + "type":"structure", + "required":["dbNodeId"], + "members":{ + "dbNodeId":{ + "shape":"String", + "documentation":"

    The unique identifier of the DB node that was started.

    " + }, + "status":{ + "shape":"DbNodeResourceStatus", + "documentation":"

    The current status of the DB node after the start operation.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the DB node after the start operation.

    " + } + } + }, + "StopDbNodeInput":{ + "type":"structure", + "required":[ + "cloudVmClusterId", + "dbNodeId" + ], + "members":{ + "cloudVmClusterId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the VM cluster that contains the DB node to stop.

    " + }, + "dbNodeId":{ + "shape":"ResourceId", + "documentation":"

    The unique identifier of the DB node to stop.

    " + } + } + }, + "StopDbNodeOutput":{ + "type":"structure", + "required":["dbNodeId"], + "members":{ + "dbNodeId":{ + "shape":"String", + "documentation":"

    The unique identifier of the DB node that was stopped.

    " + }, + "status":{ + "shape":"DbNodeResourceStatus", + "documentation":"

    The current status of the DB node after the stop operation.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the DB node after the stop operation.

    " + } + } + }, + "String":{"type":"string"}, + "StringList":{ + "type":"list", + "member":{"shape":"String"}, + "max":1024, + "min":1 + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "SystemVersionList":{ + "type":"list", + "member":{"shape":"SystemVersionSummary"} + }, + "SystemVersionSummary":{ + "type":"structure", + "members":{ + "giVersion":{ + "shape":"String", + "documentation":"

    The version of GI software.

    " + }, + "shape":{ + "shape":"String", + "documentation":"

    The Exadata hardware model.

    " + }, + "systemVersions":{ + "shape":"StringList", + "documentation":"

    The Exadata system versions that are compatible with the specified Exadata shape and GI version.

    " + } + }, + "documentation":"

    Information about the compatible system versions that can be used with a specific Exadata shape and Grid Infrastructure (GI) version.

    " + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":1 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to apply tags to.

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    The list of tags to apply to the resource.

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"}, + "retryAfterSeconds":{ + "shape":"Integer", + "documentation":"

    The number of seconds to wait before retrying the request after being throttled.

    " + } + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "exception":true + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to remove tags from.

    " + }, + "tagKeys":{ + "shape":"TagKeys", + "documentation":"

    The names (keys) of the tags to remove from the resource.

    " + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateCloudExadataInfrastructureInput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "cloudExadataInfrastructureId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the Exadata infrastructure to update.

    " + }, + "maintenanceWindow":{"shape":"MaintenanceWindow"} + } + }, + "UpdateCloudExadataInfrastructureOutput":{ + "type":"structure", + "required":["cloudExadataInfrastructureId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the updated Exadata infrastructure.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the Exadata infrastructure after the update operation.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the Exadata infrastructure after the update operation.

    " + }, + "cloudExadataInfrastructureId":{ + "shape":"String", + "documentation":"

    The unique identifier of the updated Exadata infrastructure.

    " + } + } + }, + "UpdateOdbNetworkInput":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "odbNetworkId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The unique identifier of the ODB network to update.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    The new user-friendly name of the ODB network.

    " + }, + "peeredCidrsToBeAdded":{ + "shape":"StringList", + "documentation":"

    The list of CIDR ranges from the peered VPC that allow access to the ODB network.

    " + }, + "peeredCidrsToBeRemoved":{ + "shape":"StringList", + "documentation":"

    The list of CIDR ranges from the peered VPC to remove from the ODB network.

    " + }, + "s3Access":{ + "shape":"Access", + "documentation":"

    Specifies the updated configuration for Amazon S3 access from the ODB network.

    " + }, + "zeroEtlAccess":{ + "shape":"Access", + "documentation":"

    Specifies the updated configuration for Zero-ETL access from the ODB network.

    " + }, + "s3PolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"

    Specifies the updated endpoint policy for Amazon S3 access from the ODB network.

    " + } + } + }, + "UpdateOdbNetworkOutput":{ + "type":"structure", + "required":["odbNetworkId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The user-friendly name of the ODB network.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the ODB network.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the ODB network.

    " + }, + "odbNetworkId":{ + "shape":"String", + "documentation":"

    The unique identifier of the ODB network.

    " + } + } + }, + "UpdateOdbPeeringConnectionInput":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "odbPeeringConnectionId":{ + "shape":"ResourceIdOrArn", + "documentation":"

    The identifier of the Oracle Database@Amazon Web Services peering connection to update.

    " + }, + "displayName":{ + "shape":"ResourceDisplayName", + "documentation":"

    A new display name for the peering connection.

    " + }, + "peerNetworkCidrsToBeAdded":{ + "shape":"PeeredCidrList", + "documentation":"

    A list of CIDR blocks to add to the peering connection. These CIDR blocks define the IP address ranges that can communicate through the peering connection. The CIDR blocks must not overlap with existing CIDR blocks in the Oracle Database@Amazon Web Services network.

    " + }, + "peerNetworkCidrsToBeRemoved":{ + "shape":"PeeredCidrList", + "documentation":"

    A list of CIDR blocks to remove from the peering connection. The CIDR blocks must currently exist in the peering connection.

    " + } + } + }, + "UpdateOdbPeeringConnectionOutput":{ + "type":"structure", + "required":["odbPeeringConnectionId"], + "members":{ + "displayName":{ + "shape":"String", + "documentation":"

    The display name of the peering connection.

    " + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"

    The status of the peering connection update operation.

    " + }, + "statusReason":{ + "shape":"String", + "documentation":"

    Additional information about the status of the peering connection update operation.

    " + }, + "odbPeeringConnectionId":{ + "shape":"String", + "documentation":"

    The identifier of the Oracle Database@Amazon Web Services peering connection that was updated.

    " + } + } + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{"shape":"String"}, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

    The reason why the validation failed.

    " + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    A list of fields that failed validation.

    " + } + }, + "documentation":"

    The request has failed validation because it is missing required fields or has invalid inputs.

    ", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

    The field name for which validation failed.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    The description of the error.

    " + } + }, + "documentation":"

    The input failed to meet the constraints specified by the service in a specified field. Make sure you provided the correct input and try again.

    " + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "unknownOperation", + "cannotParse", + "fieldValidationFailed", + "other" + ] + }, + "VpcEndpointType":{ + "type":"string", + "enum":["SERVICENETWORK"] + }, + "WeeksOfMonth":{ + "type":"list", + "member":{"shape":"Integer"} + }, + "ZeroEtlAccess":{ + "type":"structure", + "members":{ + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"

    The status of the Zero-ETL access.

    " + }, + "cidr":{ + "shape":"String", + "documentation":"

    The CIDR block for the Zero-ETL access.

    " + } + }, + "documentation":"

    The configuration for Zero-ETL access from the ODB network.

    " + } + }, + "documentation":"

    Oracle Database@Amazon Web Services is an offering that enables you to access Oracle Exadata infrastructure managed by Oracle Cloud Infrastructure (OCI) inside Amazon Web Services data centers. You can migrate your Oracle Exadata workloads, establish low-latency connectivity with applications running on Amazon Web Services, and integrate with Amazon Web Services services. For example, you can run application servers in a Virtual Private Cloud (VPC) and access an Oracle Exadata system running in Oracle Database@Amazon Web Services. You can get started with Oracle Database@Amazon Web Services by using the familiar Amazon Web Services Management Console, APIs, or CLI.

    This interface reference for Oracle Database@Amazon Web Services contains documentation for a programming or command line interface that you can use to manage Oracle Database@Amazon Web Services. Oracle Database@Amazon Web Services is asynchronous, which means that some interfaces might require techniques such as polling or callback functions to determine when a command has been applied. The reference structure is as follows.

    Oracle Database@Amazon Web Services API Reference

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/odb/2024-08-20/waiters-2.json 2.31.35-1/awscli/botocore/data/odb/2024-08-20/waiters-2.json --- 2.23.6-1/awscli/botocore/data/odb/2024-08-20/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/odb/2024-08-20/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/omics/2022-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/omics/2022-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/omics/2022-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/omics/2022-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/omics/2022-11-28/paginators-1.json 2.31.35-1/awscli/botocore/data/omics/2022-11-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/omics/2022-11-28/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/omics/2022-11-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -125,6 +125,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListWorkflowVersions": { + "input_token": "startingToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/omics/2022-11-28/service-2.json 2.31.35-1/awscli/botocore/data/omics/2022-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/omics/2022-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/omics/2022-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -32,7 +32,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Stops a multipart upload.

    ", + "documentation":"

    Stops a multipart read set upload into a sequence store and returns a response with no body if the operation is successful. To confirm that a multipart read set upload has been stopped, use the ListMultipartReadSetUploads API operation to view all active multipart read set uploads.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "AcceptShare":{ @@ -73,7 +73,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes one or more read sets.

    ", + "documentation":"

    Deletes one or more read sets. If the operation is successful, it returns a response with no body. If there is an error with deleting one of the read sets, the operation returns an error list. If the operation successfully deletes only a subset of files, it will return an error list for the remaining files that fail to be deleted. There is a limit of 100 read sets that can be deleted in each BatchDeleteReadSet API call.

    ", "endpoint":{"hostPrefix":"control-storage-"}, "idempotent":true }, @@ -93,7 +93,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Cancels an annotation import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Cancels an annotation import job.

    ", "endpoint":{"hostPrefix":"analytics-"}, "idempotent":true }, @@ -115,7 +115,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Cancels a run.

    ", + "documentation":"

    Cancels a run using its ID and returns a response with no body if the operation is successful. To confirm that the run has been cancelled, use the ListRuns API operation to check that it is no longer listed.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "CancelVariantImportJob":{ @@ -134,7 +134,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Cancels a variant import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Cancels a variant import job.

    ", "endpoint":{"hostPrefix":"analytics-"}, "idempotent":true }, @@ -157,7 +157,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Concludes a multipart upload once you have uploaded all the components.

    ", + "documentation":"

    Completes a multipart read set upload into a sequence store after you have initiated the upload process with CreateMultipartReadSetUpload and uploaded all read set parts using UploadReadSetPart. You must specify the parts you uploaded using the parts parameter. If the operation is successful, it returns the read set ID(s) of the uploaded read set(s).

    For more information, see Direct upload to a sequence store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"storage-"} }, "CreateAnnotationStore":{ @@ -178,7 +178,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Creates an annotation store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Creates an annotation store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "CreateAnnotationStoreVersion":{ @@ -221,7 +221,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Begins a multipart read set upload.

    ", + "documentation":"

    Initiates a multipart read set upload for uploading partitioned source files into a sequence store. You can directly import source files from an EC2 instance and other local compute, or from an S3 bucket. To separate these source files into parts, use the split operation. Each part cannot be larger than 100 MB. If the operation is successful, it provides an uploadId which is required by the UploadReadSetPart API operation to upload parts into a sequence store.

    To continue uploading a multipart read set into your sequence store, you must use the UploadReadSetPart API operation to upload each part individually following the steps below:

    • Specify the uploadId obtained from the previous call to CreateMultipartReadSetUpload.

    • Upload parts for that uploadId.

    When you have finished uploading parts, use the CompleteMultipartReadSetUpload API to complete the multipart read set upload and to retrieve the final read set IDs in the response.

    To learn more about creating parts and the split operation, see Direct upload to a sequence store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "CreateReferenceStore":{ @@ -241,7 +241,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Creates a reference store.

    ", + "documentation":"

    Creates a reference store and returns metadata in JSON format. Reference stores are used to store reference genomes in FASTA format. A reference store is created when the first reference genome is imported. To import additional reference genomes from an Amazon S3 bucket, use the StartReferenceImportJob API operation.

    For more information, see Creating a HealthOmics reference store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "CreateRunCache":{ @@ -263,7 +263,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    You can create a run cache to save the task outputs from completed tasks in a run for a private workflow. Subsequent runs use the task outputs from the cache, rather than computing the task outputs again. You specify an Amazon S3 location where HealthOmics saves the cached data. This data must be immediately accessible (not in an archived state).

    For more information, see Creating a run cache in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Creates a run cache to store and reference task outputs from completed private runs. Specify an Amazon S3 location where Amazon Web Services HealthOmics saves the cached data. This data must be immediately accessible and not in an archived state. You can save intermediate task files to a run cache if they are declared as task outputs in the workflow definition file.

    For more information, see Call caching and Creating a run cache in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "CreateRunGroup":{ @@ -285,7 +285,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    You can optionally create a run group to limit the compute resources for the runs that you add to the group.

    ", + "documentation":"

    Creates a run group to limit the compute resources for the runs that are added to the group. Returns an ARN, ID, and tags for the run group.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "CreateSequenceStore":{ @@ -305,7 +305,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Creates a sequence store.

    ", + "documentation":"

    Creates a sequence store and returns its metadata. Sequence stores are used to store sequence data files called read sets that are saved in FASTQ, BAM, uBAM, or CRAM formats. For aligned formats (BAM and CRAM), a sequence store can only use one reference genome. For unaligned formats (FASTQ and uBAM), a reference genome is not required. You can create multiple sequence stores per region per account.

    The following are optional parameters you can specify for your sequence store:

    • Use s3AccessConfig to configure your sequence store with S3 access logs (recommended).

    • Use sseConfig to define your own KMS key for encryption.

    • Use eTagAlgorithmFamily to define which algorithm to use for the HealthOmics eTag on objects.

    • Use fallbackLocation to define a backup location for storing files that have failed a direct upload.

    • Use propagatedSetLevelTags to configure tags that propagate to all objects in your store.

    For more information, see Creating a HealthOmics sequence store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "CreateShare":{ @@ -347,7 +347,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Creates a variant store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Creates a variant store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "CreateWorkflow":{ @@ -369,9 +369,32 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Creates a workflow.

    ", + "documentation":"

    Creates a private workflow. Before you create a private workflow, you must create and configure these required resources:

    • Workflow definition file: A workflow definition file written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements. The workflow definition file must be in .zip format. For more information, see Workflow definition files in Amazon Web Services HealthOmics.

    • (Optional) Parameter template file: A parameter template file written in JSON. Create the file to define the run parameters, or Amazon Web Services HealthOmics generates the parameter template for you. For more information, see Parameter template files for HealthOmics workflows.

    • ECR container images: Create container images for the workflow in a private ECR repository, or synchronize images from a supported upstream registry with your Amazon ECR private repository.

    • (Optional) Sentieon licenses: Request a Sentieon license to use the Sentieon software in private workflows.

    For more information, see Creating or updating a private workflow in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, + "CreateWorkflowVersion":{ + "name":"CreateWorkflowVersion", + "http":{ + "method":"POST", + "requestUri":"/workflow/{workflowId}/version", + "responseCode":201 + }, + "input":{"shape":"CreateWorkflowVersionRequest"}, + "output":{"shape":"CreateWorkflowVersionResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Creates a new workflow version for the workflow that you specify with the workflowId parameter.

    When you create a new version of a workflow, you need to specify the configuration for the new version. It doesn't inherit any configuration values from the workflow.

    Provide a version name that is unique for this workflow. You cannot change the name after HealthOmics creates the version.

    Don't include any personally identifiable information (PII) in the version name. Version names appear in the workflow version ARN.

    For more information, see Workflow versioning in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", + "endpoint":{"hostPrefix":"workflows-"}, + "idempotent":true + }, "DeleteAnnotationStore":{ "name":"DeleteAnnotationStore", "http":{ @@ -389,7 +412,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Deletes an annotation store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Deletes an annotation store.

    ", "endpoint":{"hostPrefix":"analytics-"}, "idempotent":true }, @@ -432,7 +455,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a genome reference.

    ", + "documentation":"

    Deletes a reference genome and returns a response with no body if the operation is successful. The read set associated with the reference genome must first be deleted before deleting the reference genome. After the reference genome is deleted, you can delete the reference store using the DeleteReferenceStore API operation.

    For more information, see Deleting HealthOmics reference and sequence stores in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"}, "idempotent":true }, @@ -454,7 +477,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a genome reference store.

    ", + "documentation":"

    Deletes a reference store and returns a response with no body if the operation is successful. You can only delete a reference store when it does not contain any reference genomes. To empty a reference store, use DeleteReference.

    For more information about your workflow status, see Deleting HealthOmics reference and sequence stores in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"}, "idempotent":true }, @@ -476,7 +499,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a workflow run.

    ", + "documentation":"

    Deletes a run and returns a response with no body if the operation is successful. You can only delete a run that has reached a COMPLETED, FAILED, or CANCELLED stage. A completed run has delivered an output, or was cancelled and resulted in no output. When you delete a run, only the metadata associated with the run is deleted. The run outputs remain in Amazon S3 and logs remain in CloudWatch.

    To verify that the workflow is deleted:

    • Use ListRuns to confirm the workflow no longer appears in the list.

    • Use GetRun to verify the workflow cannot be found.

    ", "endpoint":{"hostPrefix":"workflows-"}, "idempotent":true }, @@ -498,7 +521,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Delete a run cache. This action removes the cache metadata stored in the service account, but doesn't delete the data in Amazon S3. You can access the cache data in Amazon S3, for inspection or to troubleshoot issues. You can remove old cache data using standard S3 Delete operations.

    For more information, see Deleting a run cache in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Deletes a run cache and returns a response with no body if the operation is successful. This action removes the cache metadata stored in the service account, but does not delete the data in Amazon S3. You can access the cache data in Amazon S3, for inspection or to troubleshoot issues. You can remove old cache data using standard S3 Delete operations.

    For more information, see Deleting a run cache in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"}, "idempotent":true }, @@ -520,7 +543,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a workflow run group.

    ", + "documentation":"

    Deletes a run group and returns a response with no body if the operation is successful.

    To verify that the run group is deleted:

    • Use ListRunGroups to confirm the workflow no longer appears in the list.

    • Use GetRunGroup to verify the workflow cannot be found.

    ", "endpoint":{"hostPrefix":"workflows-"}, "idempotent":true }, @@ -534,8 +557,8 @@ "input":{"shape":"DeleteS3AccessPolicyRequest"}, "output":{"shape":"DeleteS3AccessPolicyResponse"}, "errors":[ - {"shape":"InternalServerException"}, {"shape":"NotSupportedOperationException"}, + {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, @@ -564,7 +587,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a sequence store.

    ", + "documentation":"

    Deletes a sequence store and returns a response with no body if the operation is successful. You can only delete a sequence store when it does not contain any read sets.

    Use the BatchDeleteReadSet API operation to ensure that all read sets in the sequence store are deleted. When a sequence store is deleted, all tags associated with the store are also deleted.

    For more information, see Deleting HealthOmics reference and sequence stores in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"}, "idempotent":true }, @@ -607,7 +630,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Deletes a variant store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Deletes a variant store.

    ", "endpoint":{"hostPrefix":"analytics-"}, "idempotent":true }, @@ -629,7 +652,29 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Deletes a workflow.

    ", + "documentation":"

    Deletes a workflow by specifying its ID. This operation returns a response with no body if the deletion is successful.

    To verify that the workflow is deleted:

    • Use ListWorkflows to confirm the workflow no longer appears in the list.

    • Use GetWorkflow to verify the workflow cannot be found.

    ", + "endpoint":{"hostPrefix":"workflows-"}, + "idempotent":true + }, + "DeleteWorkflowVersion":{ + "name":"DeleteWorkflowVersion", + "http":{ + "method":"DELETE", + "requestUri":"/workflow/{workflowId}/version/{versionName}", + "responseCode":202 + }, + "input":{"shape":"DeleteWorkflowVersionRequest"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Deletes a workflow version. Deleting a workflow version doesn't affect any ongoing runs that are using the workflow version.

    For more information, see Workflow versioning in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"}, "idempotent":true }, @@ -649,7 +694,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Gets information about an annotation import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Gets information about an annotation import job.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "GetAnnotationStore":{ @@ -668,7 +713,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Gets information about an annotation store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Gets information about an annotation store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "GetAnnotationStoreVersion":{ @@ -709,7 +754,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets a file from a read set.

    ", + "documentation":"

    Retrieves detailed information from parts of a read set and returns the read set in the same format that it was uploaded. You must have read sets uploaded to your sequence store in order to run this operation.

    ", "endpoint":{"hostPrefix":"storage-"} }, "GetReadSetActivationJob":{ @@ -729,7 +774,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a read set activation job.

    ", + "documentation":"

    Returns detailed information about the status of a read set activation job in JSON format.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReadSetExportJob":{ @@ -749,7 +794,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a read set export job.

    ", + "documentation":"

    Retrieves status information about a read set export job and returns the data in JSON format. Use this operation to actively monitor the progress of an export job.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReadSetImportJob":{ @@ -769,7 +814,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a read set import job.

    ", + "documentation":"

    Gets detailed and status information about a read set import job and returns the data in JSON format.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReadSetMetadata":{ @@ -789,7 +834,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets details about a read set.

    ", + "documentation":"

    Retrieves the metadata for a read set from a sequence store in JSON format. This operation does not return tags. To retrieve the list of tags for a read set, use the ListTagsForResource API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReference":{ @@ -810,7 +855,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets a reference file.

    ", + "documentation":"

    Downloads parts of data from a reference genome and returns the reference file in the same format that it was uploaded.

    For more information, see Creating a HealthOmics reference store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"storage-"} }, "GetReferenceImportJob":{ @@ -830,7 +875,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a reference import job.

    ", + "documentation":"

    Monitors the status of a reference import job. This operation can be called after calling the StartReferenceImportJob operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReferenceMetadata":{ @@ -850,7 +895,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a genome reference's metadata.

    ", + "documentation":"

    Retrieves metadata for a reference genome. This operation returns the number of parts, part size, and MD5 of an entire file. This operation does not return tags. To retrieve the list of tags for a read set, use the ListTagsForResource API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetReferenceStore":{ @@ -892,7 +937,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a workflow run.

    If a workflow is shared with you, you cannot export information about the run.

    HealthOmics stores a fixed number of runs that are available to the console and API. If GetRun doesn't return the requested run, you can find run logs for all runs in the CloudWatch logs. For more information about viewing the run logs, see CloudWatch logs in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Gets detailed information about a specific run using its ID.

    Amazon Web Services HealthOmics stores a configurable number of runs, as determined by service limits, that are available to the console and API. If GetRun does not return the requested run, you can find all run logs in the CloudWatch logs. For more information about viewing the run logs, see CloudWatch logs in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "GetRunCache":{ @@ -914,7 +959,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieve the details for the specified run cache.

    For more information, see Call caching for HealthOmics runs in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Retrieves detailed information about the specified run cache using its ID.

    For more information, see Call caching for Amazon Web Services HealthOmics runs in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "GetRunGroup":{ @@ -936,7 +981,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a workflow run group.

    ", + "documentation":"

    Gets information about a run group and returns its metadata.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "GetRunTask":{ @@ -958,7 +1003,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a workflow run task.

    ", + "documentation":"

    Gets detailed information about a run task using its ID.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "GetS3AccessPolicy":{ @@ -971,8 +1016,8 @@ "input":{"shape":"GetS3AccessPolicyRequest"}, "output":{"shape":"GetS3AccessPolicyResponse"}, "errors":[ - {"shape":"InternalServerException"}, {"shape":"NotSupportedOperationException"}, + {"shape":"InternalServerException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1000,7 +1045,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a sequence store.

    ", + "documentation":"

    Retrieves metadata for a sequence store using its ID and returns it in JSON format.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "GetShare":{ @@ -1040,7 +1085,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Gets information about a variant import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Gets information about a variant import job.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "GetVariantStore":{ @@ -1059,7 +1104,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Gets information about a variant store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Gets information about a variant store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "GetWorkflow":{ @@ -1081,7 +1126,29 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Gets information about a workflow.

    If a workflow is shared with you, you cannot export the workflow.

    ", + "documentation":"

    Gets all information about a workflow using its ID.

    If a workflow is shared with you, you cannot export the workflow.

    For more information about your workflow status, see Verify the workflow status in the Amazon Web Services HealthOmics User Guide.

    ", + "endpoint":{"hostPrefix":"workflows-"} + }, + "GetWorkflowVersion":{ + "name":"GetWorkflowVersion", + "http":{ + "method":"GET", + "requestUri":"/workflow/{workflowId}/version/{versionName}", + "responseCode":200 + }, + "input":{"shape":"GetWorkflowVersionRequest"}, + "output":{"shape":"GetWorkflowVersionResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Gets information about a workflow version. For more information, see Workflow versioning in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "ListAnnotationImportJobs":{ @@ -1100,7 +1167,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of annotation import jobs.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Retrieves a list of annotation import jobs.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "ListAnnotationStoreVersions":{ @@ -1138,7 +1205,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of annotation stores.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Retrieves a list of annotation stores.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "ListMultipartReadSetUploads":{ @@ -1160,7 +1227,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Lists multipart read set uploads and for in progress uploads. Once the upload is completed, a read set is created and the upload will no longer be returned in the response.

    ", + "documentation":"

    Lists in-progress multipart read set uploads for a sequence store and returns it in a JSON formatted output. Multipart read set uploads are initiated by the CreateMultipartReadSetUploads API operation. This operation returns a response with no body when the upload is complete.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReadSetActivationJobs":{ @@ -1180,7 +1247,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of read set activation jobs.

    ", + "documentation":"

    Retrieves a list of read set activation jobs and returns the metadata in a JSON formatted output. To extract metadata from a read set activation job, use the GetReadSetActivationJob API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReadSetExportJobs":{ @@ -1200,7 +1267,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of read set export jobs.

    ", + "documentation":"

    Retrieves a list of read set export jobs in a JSON formatted response. This API operation is used to check the status of a read set export job initiated by the StartReadSetExportJob API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReadSetImportJobs":{ @@ -1220,7 +1287,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of read set import jobs.

    ", + "documentation":"

    Retrieves a list of read set import jobs and returns the data in JSON format.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReadSetUploadParts":{ @@ -1242,7 +1309,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    This operation will list all parts in a requested multipart upload for a sequence store.

    ", + "documentation":"

    Lists all parts in a multipart read set upload for a sequence store and returns the metadata in a JSON formatted output.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReadSets":{ @@ -1262,7 +1329,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of read sets.

    ", + "documentation":"

    Retrieves a list of read sets from a sequence store ID and returns the metadata in JSON format.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReferenceImportJobs":{ @@ -1282,7 +1349,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of reference import jobs.

    ", + "documentation":"

    Retrieves the metadata of one or more reference import jobs for a reference store.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReferenceStores":{ @@ -1301,7 +1368,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of reference stores.

    ", + "documentation":"

    Retrieves a list of reference stores linked to your account and returns their metadata in JSON format.

    For more information, see Creating a reference store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListReferences":{ @@ -1321,7 +1388,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of references.

    ", + "documentation":"

    Retrieves the metadata of one or more reference genomes in a reference store.

    For more information, see Creating a reference store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListRunCaches":{ @@ -1343,7 +1410,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of your run caches.

    ", + "documentation":"

    Retrieves a list of your run caches and the metadata for each cache.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "ListRunGroups":{ @@ -1365,7 +1432,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of run groups.

    ", + "documentation":"

    Retrieves a list of all run groups and returns the metadata for each run group.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "ListRunTasks":{ @@ -1387,7 +1454,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of tasks for a run.

    ", + "documentation":"

    Returns a list of tasks and status information within their specified run. Use this operation to monitor runs and to identify which specific tasks have failed.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "ListRuns":{ @@ -1409,7 +1476,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of runs.

    HealthOmics stores a fixed number of runs that are available to the console and API. If the ListRuns response doesn't include specific runs that you expected, you can find run logs for all runs in the CloudWatch logs. For more information about viewing the run logs, see CloudWatch logs in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Retrieves a list of runs and returns each run's metadata and status.

    Amazon Web Services HealthOmics stores a configurable number of runs, as determined by service limits, that are available to the console and API. If the ListRuns response doesn't include specific runs that you expected, you can find all run logs in the CloudWatch logs. For more information about viewing the run logs, see CloudWatch logs in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "ListSequenceStores":{ @@ -1428,7 +1495,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of sequence stores.

    ", + "documentation":"

    Retrieves a list of sequence stores and returns each sequence store's metadata.

    For more information, see Creating a HealthOmics sequence store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "ListShares":{ @@ -1490,7 +1557,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of variant import jobs.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Retrieves a list of variant import jobs.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "ListVariantStores":{ @@ -1509,9 +1576,31 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of variant stores.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Retrieves a list of variant stores.

    ", "endpoint":{"hostPrefix":"analytics-"} }, + "ListWorkflowVersions":{ + "name":"ListWorkflowVersions", + "http":{ + "method":"GET", + "requestUri":"/workflow/{workflowId}/version", + "responseCode":200 + }, + "input":{"shape":"ListWorkflowVersionsRequest"}, + "output":{"shape":"ListWorkflowVersionsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Lists the workflow versions for the specified workflow. For more information, see Workflow versioning in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", + "endpoint":{"hostPrefix":"workflows-"} + }, "ListWorkflows":{ "name":"ListWorkflows", "http":{ @@ -1531,7 +1620,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Retrieves a list of workflows.

    ", + "documentation":"

    Retrieves a list of existing workflows. You can filter for specific workflows by their name and type. Using the type parameter, specify PRIVATE to retrieve a list of private workflows or specify READY2RUN for a list of all Ready2Run workflows. If you do not specify the type of workflow, this operation returns a list of existing workflows.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "PutS3AccessPolicy":{ @@ -1544,8 +1633,8 @@ "input":{"shape":"PutS3AccessPolicyRequest"}, "output":{"shape":"PutS3AccessPolicyResponse"}, "errors":[ - {"shape":"InternalServerException"}, {"shape":"NotSupportedOperationException"}, + {"shape":"InternalServerException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, @@ -1572,7 +1661,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Starts an annotation import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Starts an annotation import job.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "StartReadSetActivationJob":{ @@ -1593,7 +1682,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Activates an archived read set. To reduce storage charges, Amazon Omics archives unused read sets after 30 days.

    ", + "documentation":"

    Activates an archived read set and returns its metadata in a JSON formatted output. AWS HealthOmics automatically archives unused read sets after 30 days. To monitor the status of your read set activation job, use the GetReadSetActivationJob operation.

    To learn more, see Activating read sets in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "StartReadSetExportJob":{ @@ -1614,7 +1703,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Exports a read set to Amazon S3.

    ", + "documentation":"

    Starts a read set export job. When the export job is finished, the read set is exported to an Amazon S3 bucket which can be retrieved using the GetReadSetExportJob API operation.

    To monitor the status of the export job, use the ListReadSetExportJobs API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "StartReadSetImportJob":{ @@ -1635,7 +1724,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Starts a read set import job.

    ", + "documentation":"

    Imports a read set from the sequence store. Read set import jobs support a maximum of 100 read sets of different types. Monitor the progress of your read set import job by calling the GetReadSetImportJob API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "StartReferenceImportJob":{ @@ -1656,7 +1745,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Starts a reference import job.

    ", + "documentation":"

    Imports a reference genome from Amazon S3 into a specified reference store. You can have multiple reference genomes in a reference store. You can only import reference genomes one at a time into each reference store. Monitor the status of your reference import job by using the GetReferenceImportJob API operation.

    ", "endpoint":{"hostPrefix":"control-storage-"} }, "StartRun":{ @@ -1678,7 +1767,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Starts a workflow run. To duplicate a run, specify the run's ID and a role ARN. The remaining parameters are copied from the previous run.

    StartRun will not support re-run for a workflow that is shared with you.

    HealthOmics stores a fixed number of runs that are available to the console and API. By default, HealthOmics doesn't any remove any runs. If HealthOmics reaches the maximum number of runs, you must manually remove runs. To have older runs removed automatically, set the retention mode to REMOVE.

    By default, the run uses STATIC storage. For STATIC storage, set the storageCapacity field. You can set the storage type to DYNAMIC. You do not set storageCapacity, because HealthOmics dynamically scales the storage up or down as required. For more information about static and dynamic storage, see Running workflows in the AWS HealthOmics User Guide.

    ", + "documentation":"

    Starts a new run and returns details about the run, or duplicates an existing run. A run is a single invocation of a workflow. If you provide request IDs, Amazon Web Services HealthOmics identifies duplicate requests and starts the run only once. Monitor the progress of the run by calling the GetRun API operation.

    To start a new run, the following inputs are required:

    • A service role ARN (roleArn).

    • The run's workflow ID (workflowId, not the uuid or runId).

    • An Amazon S3 location (outputUri) where the run outputs will be saved.

    • All required workflow parameters (parameter), which can include optional parameters from the parameter template. The run cannot include any parameters that are not defined in the parameter template. To see all possible parameters, use the GetRun API operation.

    • For runs with a STATIC (default) storage type, specify the required storage capacity (in gibibytes). A storage capacity value is not required for runs that use DYNAMIC storage.

    StartRun can also duplicate an existing run using the run's default values. You can modify these default values and/or add other optional inputs. To duplicate a run, the following inputs are required:

    • A service role ARN (roleArn).

    • The ID of the run to duplicate (runId).

    • An Amazon S3 location where the run outputs will be saved (outputUri).

    To learn more about the optional parameters for StartRun, see Starting a run in the Amazon Web Services HealthOmics User Guide.

    Use the retentionMode input to control how long the metadata for each run is stored in CloudWatch. There are two retention modes:

    • Specify REMOVE to automatically remove the oldest runs when you reach the maximum service retention limit for runs. It is recommended that you use the REMOVE mode to initiate major run requests so that your runs do not fail when you reach the limit.

    • The retentionMode is set to the RETAIN mode by default, which allows you to manually remove runs after reaching the maximum service retention limit. Under this setting, you cannot create additional runs until you remove the excess runs.

    To learn more about the retention modes, see Run retention mode in the Amazon Web Services HealthOmics User Guide.

    You can use Amazon Q CLI to analyze run logs and make performance optimization recommendations. To get started, see the Amazon Web Services HealthOmics MCP server on GitHub.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "StartVariantImportJob":{ @@ -1698,7 +1787,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Starts a variant import job.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Starts a variant import job.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "TagResource":{ @@ -1762,7 +1851,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Updates an annotation store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Updates an annotation store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "UpdateAnnotationStoreVersion":{ @@ -1802,7 +1891,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Update a run cache.

    ", + "documentation":"

    Updates a run cache using its ID and returns a response with no body if the operation is successful. You can update the run cache description, name, or the default run cache behavior with CACHE_ON_FAILURE or CACHE_ALWAYS. To confirm that your run cache settings have been properly updated, use the GetRunCache API operation.

    For more information, see How call caching works in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "UpdateRunGroup":{ @@ -1823,7 +1912,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Updates a run group.

    ", + "documentation":"

    Updates the settings of a run group and returns a response with no body if the operation is successful.

    You can update the following settings with UpdateRunGroup:

    • Maximum number of CPUs

    • Run time (measured in minutes)

    • Number of GPUs

    • Number of concurrent runs

    • Group name

    To confirm that the settings have been successfully updated, use the ListRunGroups or GetRunGroup API operations to verify that the desired changes have been made.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "UpdateSequenceStore":{ @@ -1863,7 +1952,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Updates a variant store.

    ", + "documentation":"

    Amazon Web Services HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services HealthOmics variant store and annotation store availability change.

    Updates a variant store.

    ", "endpoint":{"hostPrefix":"analytics-"} }, "UpdateWorkflow":{ @@ -1884,7 +1973,28 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    Updates a workflow.

    ", + "documentation":"

    Updates information about a workflow.

    You can update the following workflow information:

    • Name

    • Description

    • Default storage type

    • Default storage capacity (with workflow ID)

    This operation returns a response with no body if the operation is successful. You can check the workflow updates by calling the GetWorkflow API operation.

    For more information, see Update a private workflow in the Amazon Web Services HealthOmics User Guide.

    ", + "endpoint":{"hostPrefix":"workflows-"} + }, + "UpdateWorkflowVersion":{ + "name":"UpdateWorkflowVersion", + "http":{ + "method":"POST", + "requestUri":"/workflow/{workflowId}/version/{versionName}", + "responseCode":202 + }, + "input":{"shape":"UpdateWorkflowVersionRequest"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Updates information about the workflow version. For more information, see Workflow versioning in Amazon Web Services HealthOmics in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"workflows-"} }, "UploadReadSetPart":{ @@ -1906,7 +2016,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

    This operation uploads a specific part of a read set. If you upload a new part using a previously used part number, the previously uploaded part will be overwritten.

    ", + "documentation":"

    Uploads a specific part of a read set into a sequence store. When you a upload a read set part with a part number that already exists, the new part replaces the existing one. This operation returns a JSON formatted response containing a string identifier that is used to confirm that parts are being added to the intended upload.

    For more information, see Direct upload to a sequence store in the Amazon Web Services HealthOmics User Guide.

    ", "endpoint":{"hostPrefix":"storage-"}, "unsignedPayload":true, "authtype":"v4-unsigned-body" @@ -2543,6 +2653,26 @@ }, "exception":true }, + "ConnectionArn":{ + "type":"string", + "max":256, + "min":1, + "pattern":"arn:aws(-[\\w]+)*:.+:.+:[0-9]{12}:.+" + }, + "ContainerRegistryMap":{ + "type":"structure", + "members":{ + "registryMappings":{ + "shape":"RegistryMappingsList", + "documentation":"

    Mapping that provides the ECR repository path where upstream container images are pulled and synchronized.

    " + }, + "imageMappings":{ + "shape":"ImageMappingsList", + "documentation":"

    Image mappings specify path mappings between the ECR private repository and their corresponding external repositories.

    " + } + }, + "documentation":"

    Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see Container images in the Amazon Web Services HealthOmics User Guide.

    " + }, "CreateAnnotationStoreRequest":{ "type":"structure", "required":["storeFormat"], @@ -2878,7 +3008,7 @@ "members":{ "cacheBehavior":{ "shape":"CacheBehavior", - "documentation":"

    Default cache behavior for runs that use this cache. Supported values are:

    CACHE_ON_FAILURE: Caches task outputs from completed tasks for runs that fail. This setting is useful if you're debugging a workflow that fails after several tasks completed successfully. The subsequent run uses the cache outputs for previously-completed tasks if the task definition, inputs, and container in ECR are identical to the prior run.

    CACHE_ALWAYS: Caches task outputs from completed tasks for all runs. This setting is useful in development mode, but do not use it in a production setting.

    If you don't specify a value, the default behavior is CACHE_ON_FAILURE. When you start a run that uses this cache, you can override the default cache behavior.

    For more information, see Run cache behavior in the AWS HealthOmics User Guide.

    " + "documentation":"

    Default cache behavior for runs that use this cache. Supported values are:

    CACHE_ON_FAILURE: Caches task outputs from completed tasks for runs that fail. This setting is useful if you're debugging a workflow that fails after several tasks completed successfully. The subsequent run uses the cache outputs for previously-completed tasks if the task definition, inputs, and container in ECR are identical to the prior run.

    CACHE_ALWAYS: Caches task outputs from completed tasks for all runs. This setting is useful in development mode, but do not use it in a production setting.

    If you don't specify a value, the default behavior is CACHE_ON_FAILURE. When you start a run that uses this cache, you can override the default cache behavior.

    For more information, see Run cache behavior in the Amazon Web Services HealthOmics User Guide.

    " }, "cacheS3Location":{ "shape":"S3UriForBucketOrObject", @@ -2894,7 +3024,7 @@ }, "requestId":{ "shape":"RunCacheRequestId", - "documentation":"

    A unique request token, to ensure idempotency. If you don't specify a token, HealthOmics automatically generates a universally unique identifier (UUID) for the request.

    ", + "documentation":"

    A unique request token, to ensure idempotency. If you don't specify a token, Amazon Web Services HealthOmics automatically generates a universally unique identifier (UUID) for the request.

    ", "idempotencyToken":true }, "tags":{ @@ -2903,7 +3033,7 @@ }, "cacheBucketOwnerId":{ "shape":"AwsAccountId", - "documentation":"

    The AWS account ID of the expected owner of the S3 bucket for the run cache. If not provided, your account ID is set as the owner of the bucket.

    " + "documentation":"

    The Amazon Web Services account ID of the expected owner of the S3 bucket for the run cache. If not provided, your account ID is set as the owner of the bucket.

    " } } }, @@ -3022,28 +3152,28 @@ }, "tags":{ "shape":"TagMap", - "documentation":"

    Tags for the store.

    " + "documentation":"

    Tags for the store. You can configure up to 50 tags.

    " }, "clientToken":{ "shape":"ClientToken", - "documentation":"

    To ensure that requests don't run multiple times, specify a unique token for each request.

    ", + "documentation":"

    An idempotency token used to dedupe retry requests so that duplicate runs are not created.

    ", "idempotencyToken":true }, "fallbackLocation":{ - "shape":"S3Destination", - "documentation":"

    An S3 location that is used to store files that have failed a direct upload.

    " + "shape":"FallbackLocation", + "documentation":"

    An S3 location that is used to store files that have failed a direct upload. You can add or change the fallbackLocation after creating a sequence store. This is not required if you are uploading files from a different S3 bucket.

    " }, "eTagAlgorithmFamily":{ "shape":"ETagAlgorithmFamily", - "documentation":"

    The ETag algorithm family to use for ingested read sets.

    " + "documentation":"

    The ETag algorithm family to use for ingested read sets. The default value is MD5up. For more information on ETags, see ETags and data provenance in the Amazon Web Services HealthOmics User Guide.

    " }, "propagatedSetLevelTags":{ "shape":"PropagatedSetLevelTags", - "documentation":"

    The tags keys to propagate to the S3 objects associated with read sets in the sequence store.

    " + "documentation":"

    The tags keys to propagate to the S3 objects associated with read sets in the sequence store. These tags can be used as input to add metadata to your read sets.

    " }, "s3AccessConfig":{ "shape":"S3AccessConfig", - "documentation":"

    S3 access configuration parameters

    " + "documentation":"

    S3 access configuration parameters. This specifies the parameters needed to access logs stored in S3 buckets. The S3 bucket must be in the same region and account as the sequence store.

    " } } }, @@ -3073,14 +3203,14 @@ }, "sseConfig":{ "shape":"SseConfig", - "documentation":"

    The store's SSE settings.

    " + "documentation":"

    Server-side encryption (SSE) settings for the store. This contains the KMS key ARN that is used to encrypt read set objects.

    " }, "creationTime":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    When the store was created.

    " }, "fallbackLocation":{ - "shape":"S3Destination", + "shape":"FallbackLocation", "documentation":"

    An S3 location that is used to store files that have failed a direct upload.

    " }, "eTagAlgorithmFamily":{ @@ -3203,7 +3333,7 @@ "members":{ "name":{ "shape":"WorkflowName", - "documentation":"

    A name for the workflow.

    " + "documentation":"

    Name (optional but highly recommended) for the workflow to locate relevant information in the CloudWatch logs and Amazon Web Services HealthOmics console.

    " }, "description":{ "shape":"WorkflowDescription", @@ -3211,40 +3341,76 @@ }, "engine":{ "shape":"WorkflowEngine", - "documentation":"

    An engine for the workflow.

    " + "documentation":"

    The workflow engine for the workflow. This is only required if you have workflow definition files from more than one engine in your zip file. Otherwise, the service can detect the engine automatically from your workflow definition.

    " }, "definitionZip":{ "shape":"Blob", - "documentation":"

    A ZIP archive for the workflow.

    " + "documentation":"

    A ZIP archive containing the main workflow definition file and dependencies that it imports for the workflow. You can use a file with a ://fileb prefix instead of the Base64 string. For more information, see Workflow definition requirements in the Amazon Web Services HealthOmics User Guide.

    " }, "definitionUri":{ "shape":"WorkflowDefinition", - "documentation":"

    The URI of a definition for the workflow.

    " + "documentation":"

    The S3 URI of a definition for the workflow. The S3 bucket must be in the same region as the workflow.

    " }, "main":{ "shape":"WorkflowMain", - "documentation":"

    The path of the main definition file for the workflow.

    " + "documentation":"

    The path of the main definition file for the workflow. This parameter is not required if the ZIP archive contains only one workflow definition file, or if the main definition file is named “main”. An example path is: workflow-definition/main-file.wdl.

    " }, "parameterTemplate":{ "shape":"WorkflowParameterTemplate", - "documentation":"

    A parameter template for the workflow.

    " + "documentation":"

    A parameter template for the workflow. If this field is blank, Amazon Web Services HealthOmics will automatically parse the parameter template values from your workflow definition file. To override these service generated default values, provide a parameter template. To view an example of a parameter template, see Parameter template files in the Amazon Web Services HealthOmics User Guide.

    " }, "storageCapacity":{ "shape":"CreateWorkflowRequestStorageCapacityInteger", - "documentation":"

    The default storage capacity for the workflow runs, in gibibytes.

    " + "documentation":"

    The default static storage capacity (in gibibytes) for runs that use this workflow or workflow version. The storageCapacity can be overwritten at run time. The storage capacity is not required for runs with a DYNAMIC storage type.

    " }, "tags":{ "shape":"TagMap", - "documentation":"

    Tags for the workflow.

    " + "documentation":"

    Tags for the workflow. You can define up to 50 tags for the workflow. For more information, see Adding a tag in the Amazon Web Services HealthOmics User Guide.

    " }, "requestId":{ "shape":"WorkflowRequestId", - "documentation":"

    To ensure that requests don't run multiple times, specify a unique ID for each request.

    ", + "documentation":"

    An idempotency token to ensure that duplicate workflows are not created when Amazon Web Services HealthOmics submits retry requests.

    ", "idempotencyToken":true }, "accelerators":{ "shape":"Accelerators", "documentation":"

    The computational accelerator specified to run the workflow.

    " + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for runs that use this workflow. The storageType can be overridden at run time. DYNAMIC storage dynamically scales the storage up or down, based on file system utilization. STATIC storage allocates a fixed amount of storage. For more information about dynamic and static storage types, see Run storage types in the Amazon Web Services HealthOmics User Guide.

    " + }, + "containerRegistryMap":{ + "shape":"ContainerRegistryMap", + "documentation":"

    (Optional) Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see Container images in the Amazon Web Services HealthOmics User Guide.

    " + }, + "containerRegistryMapUri":{ + "shape":"Uri", + "documentation":"

    (Optional) URI of the S3 location for the registry mapping file.

    " + }, + "readmeMarkdown":{ + "shape":"ReadmeMarkdown", + "documentation":"

    The markdown content for the workflow's README file. This provides documentation and usage information for users of the workflow.

    " + }, + "parameterTemplatePath":{ + "shape":"ParameterTemplatePath", + "documentation":"

    The path to the workflow parameter template JSON file within the repository. This file defines the input parameters for runs that use this workflow. If not specified, the workflow will be created without a parameter template.

    " + }, + "readmePath":{ + "shape":"ReadmePath", + "documentation":"

    The path to the workflow README markdown file within the repository. This file provides documentation and usage information for the workflow. If not specified, the README.md file from the root directory of the repository will be used.

    " + }, + "definitionRepository":{ + "shape":"DefinitionRepository", + "documentation":"

    The repository information for the workflow definition. This allows you to source your workflow definition directly from a code repository.

    " + }, + "workflowBucketOwnerId":{ + "shape":"WorkflowBucketOwnerId", + "documentation":"

    The Amazon Web Services account ID of the expected owner of the S3 bucket that contains the workflow definition. If not specified, the service skips the validation.

    " + }, + "readmeUri":{ + "shape":"S3UriForObject", + "documentation":"

    The S3 URI of the README file for the workflow. This file provides documentation and usage information for the workflow. Requirements include:

    • The S3 URI must begin with s3://USER-OWNED-BUCKET/

    • The requester must have access to the S3 bucket and object.

    • The max README content length is 500 KiB.

    " } } }, @@ -3272,6 +3438,142 @@ "tags":{ "shape":"TagMap", "documentation":"

    The workflow's tags.

    " + }, + "uuid":{ + "shape":"WorkflowUuid", + "documentation":"

    The universally unique identifier (UUID) value for this workflow.

    " + } + } + }, + "CreateWorkflowVersionRequest":{ + "type":"structure", + "required":[ + "workflowId", + "versionName", + "requestId" + ], + "members":{ + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The ID of the workflow where you are creating the new version. The workflowId is not the UUID.

    ", + "location":"uri", + "locationName":"workflowId" + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    A name for the workflow version. Provide a version name that is unique for this workflow. You cannot change the name after HealthOmics creates the version.

    The version name must start with a letter or number and it can include upper-case and lower-case letters, numbers, hyphens, periods and underscores. The maximum length is 64 characters. You can use a simple naming scheme, such as version1, version2, version3. You can also match your workflow versions with your own internal versioning conventions, such as 2.7.0, 2.7.1, 2.7.2.

    " + }, + "definitionZip":{ + "shape":"Blob", + "documentation":"

    A ZIP archive containing the main workflow definition file and dependencies that it imports for this workflow version. You can use a file with a ://fileb prefix instead of the Base64 string. For more information, see Workflow definition requirements in the Amazon Web Services HealthOmics User Guide.

    " + }, + "definitionUri":{ + "shape":"WorkflowDefinition", + "documentation":"

    The S3 URI of a definition for this workflow version. The S3 bucket must be in the same region as this workflow version.

    " + }, + "accelerators":{ + "shape":"Accelerators", + "documentation":"

    The computational accelerator for this workflow version.

    " + }, + "description":{ + "shape":"WorkflowVersionDescription", + "documentation":"

    A description for this workflow version.

    " + }, + "engine":{ + "shape":"WorkflowEngine", + "documentation":"

    The workflow engine for this workflow version. This is only required if you have workflow definition files from more than one engine in your zip file. Otherwise, the service can detect the engine automatically from your workflow definition.

    " + }, + "main":{ + "shape":"WorkflowMain", + "documentation":"

    The path of the main definition file for this workflow version. This parameter is not required if the ZIP archive contains only one workflow definition file, or if the main definition file is named “main”. An example path is: workflow-definition/main-file.wdl.

    " + }, + "parameterTemplate":{ + "shape":"WorkflowParameterTemplate", + "documentation":"

    A parameter template for this workflow version. If this field is blank, Amazon Web Services HealthOmics will automatically parse the parameter template values from your workflow definition file. To override these service generated default values, provide a parameter template. To view an example of a parameter template, see Parameter template files in the Amazon Web Services HealthOmics User Guide.

    " + }, + "requestId":{ + "shape":"WorkflowRequestId", + "documentation":"

    An idempotency token to ensure that duplicate workflows are not created when Amazon Web Services HealthOmics submits retry requests.

    ", + "idempotencyToken":true + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for runs that use this workflow version. The storageType can be overridden at run time. DYNAMIC storage dynamically scales the storage up or down, based on file system utilization. STATIC storage allocates a fixed amount of storage. For more information about dynamic and static storage types, see Run storage types in the Amazon Web Services HealthOmics User Guide.

    " + }, + "storageCapacity":{ + "shape":"CreateWorkflowVersionRequestStorageCapacityInteger", + "documentation":"

    The default static storage capacity (in gibibytes) for runs that use this workflow version. The storageCapacity can be overwritten at run time. The storage capacity is not required for runs with a DYNAMIC storage type.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    Tags for this workflow version. You can define up to 50 tags for the workflow. For more information, see Adding a tag in the Amazon Web Services HealthOmics User Guide.

    " + }, + "workflowBucketOwnerId":{ + "shape":"WorkflowBucketOwnerId", + "documentation":"

    Amazon Web Services Id of the owner of the S3 bucket that contains the workflow definition. You need to specify this parameter if your account is not the bucket owner.

    " + }, + "containerRegistryMap":{ + "shape":"ContainerRegistryMap", + "documentation":"

    (Optional) Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see Container images in the Amazon Web Services HealthOmics User Guide.

    " + }, + "containerRegistryMapUri":{ + "shape":"Uri", + "documentation":"

    (Optional) URI of the S3 location for the registry mapping file.

    " + }, + "readmeMarkdown":{ + "shape":"ReadmeMarkdown", + "documentation":"

    The markdown content for the workflow version's README file. This provides documentation and usage information for users of this specific workflow version.

    " + }, + "parameterTemplatePath":{ + "shape":"ParameterTemplatePath", + "documentation":"

    The path to the workflow version parameter template JSON file within the repository. This file defines the input parameters for runs that use this workflow version. If not specified, the workflow version will be created without a parameter template.

    " + }, + "readmePath":{ + "shape":"ReadmePath", + "documentation":"

    The path to the workflow version README markdown file within the repository. This file provides documentation and usage information for the workflow. If not specified, the README.md file from the root directory of the repository will be used.

    " + }, + "definitionRepository":{ + "shape":"DefinitionRepository", + "documentation":"

    The repository information for the workflow version definition. This allows you to source your workflow version definition directly from a code repository.

    " + }, + "readmeUri":{ + "shape":"S3UriForObject", + "documentation":"

    The S3 URI of the README file for the workflow version. This file provides documentation and usage information for the workflow version. Requirements include:

    • The S3 URI must begin with s3://USER-OWNED-BUCKET/

    • The requester must have access to the S3 bucket and object.

    • The max README content length is 500 KiB.

    " + } + } + }, + "CreateWorkflowVersionRequestStorageCapacityInteger":{ + "type":"integer", + "box":true, + "max":100000, + "min":0 + }, + "CreateWorkflowVersionResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"WorkflowVersionArn", + "documentation":"

    ARN of the workflow version.

    " + }, + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID.

    " + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The workflow version name.

    " + }, + "status":{ + "shape":"WorkflowStatus", + "documentation":"

    The workflow version status.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The workflow version's tags.

    " + }, + "uuid":{ + "shape":"WorkflowUuid", + "documentation":"

    The universally unique identifier (UUID) value for this workflow version.

    " } } }, @@ -3292,6 +3594,58 @@ "UPLOAD" ] }, + "DefinitionRepository":{ + "type":"structure", + "required":[ + "connectionArn", + "fullRepositoryId" + ], + "members":{ + "connectionArn":{ + "shape":"ConnectionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the connection to the source code repository.

    " + }, + "fullRepositoryId":{ + "shape":"FullRepositoryId", + "documentation":"

    The full repository identifier, including the repository owner and name. For example, 'repository-owner/repository-name'.

    " + }, + "sourceReference":{ + "shape":"SourceReference", + "documentation":"

    The source reference for the repository, such as a branch name, tag, or commit ID.

    " + }, + "excludeFilePatterns":{ + "shape":"ExcludeFilePatternList", + "documentation":"

    A list of file patterns to exclude when retrieving the workflow definition from the repository.

    " + } + }, + "documentation":"

    Contains information about a source code repository that hosts the workflow definition files.

    " + }, + "DefinitionRepositoryDetails":{ + "type":"structure", + "members":{ + "connectionArn":{ + "shape":"ConnectionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the connection to the source code repository.

    " + }, + "fullRepositoryId":{ + "shape":"FullRepositoryId", + "documentation":"

    The full repository identifier, including the repository owner and name. For example, 'repository-owner/repository-name'.

    " + }, + "sourceReference":{ + "shape":"SourceReference", + "documentation":"

    The source reference for the repository, such as a branch name, tag, or commit ID.

    " + }, + "providerType":{ + "shape":"String", + "documentation":"

    The provider type of the source code repository, such as Bitbucket, GitHub, GitHubEnterpriseServer, GitLab, and GitLabSelfManaged.

    " + }, + "providerEndpoint":{ + "shape":"String", + "documentation":"

    The endpoint URL of the source code repository provider.

    " + } + }, + "documentation":"

    Contains detailed information about the source code repository that hosts the workflow definition files.

    " + }, "DeleteAnnotationStoreRequest":{ "type":"structure", "required":["name"], @@ -3528,6 +3882,27 @@ } } }, + "DeleteWorkflowVersionRequest":{ + "type":"structure", + "required":[ + "workflowId", + "versionName" + ], + "members":{ + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID.

    ", + "location":"uri", + "locationName":"workflowId" + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The workflow version name.

    ", + "location":"uri", + "locationName":"versionName" + } + } + }, "Description":{ "type":"string", "max":500, @@ -3573,6 +3948,12 @@ "SHA512up" ] }, + "EcrRepositoryPrefix":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "Encoding":{ "type":"string", "max":20, @@ -3596,6 +3977,12 @@ "min":1 }, "EscapeQuotes":{"type":"boolean"}, + "ExcludeFilePatternList":{ + "type":"list", + "member":{"shape":"String"}, + "max":50, + "min":1 + }, "ExportJobId":{ "type":"string", "max":36, @@ -3698,6 +4085,10 @@ "type":"list", "member":{"shape":"ExportReadSetJobDetail"} }, + "FallbackLocation":{ + "type":"string", + "pattern":"$|^s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/?((.{1,1024})/)?" + }, "FileInformation":{ "type":"structure", "members":{ @@ -3801,6 +4192,10 @@ "max":1000, "min":0 }, + "FullRepositoryId":{ + "type":"string", + "pattern":".+/.+" + }, "GeneratedFrom":{ "type":"string", "max":127, @@ -4837,7 +5232,7 @@ }, "engineVersion":{ "shape":"EngineVersion", - "documentation":"

    The workflow engine version.

    " + "documentation":"

    The actual Nextflow engine version that Amazon Web Services HealthOmics used for the run. The other workflow definition languages don't provide a value for this field.

    " }, "status":{ "shape":"RunStatus", @@ -4954,6 +5349,14 @@ "workflowOwnerId":{ "shape":"WorkflowOwnerId", "documentation":"

    The ID of the workflow owner.

    " + }, + "workflowVersionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The workflow version name.

    " + }, + "workflowUuid":{ + "shape":"WorkflowUuid", + "documentation":"

    The universally unique identifier (UUID) value for the workflow.

    " } } }, @@ -5011,7 +5414,7 @@ }, "cacheHit":{ "shape":"Boolean", - "documentation":"

    Set to true if AWS HealthOmics found a matching entry in the run cache for this task.

    " + "documentation":"

    Set to true if Amazon Web Services HealthOmics found a matching entry in the run cache for this task.

    " }, "cacheS3Uri":{ "shape":"S3UriForBucketOrObject", @@ -5052,6 +5455,10 @@ "failureReason":{ "shape":"TaskFailureReason", "documentation":"

    The reason a task has failed.

    " + }, + "imageDetails":{ + "shape":"ImageDetails", + "documentation":"

    Details about the container image that this task uses.

    " } } }, @@ -5092,7 +5499,7 @@ }, "storeId":{ "shape":"StoreId", - "documentation":"

    The AWS-generated Sequence Store or Reference Store ID.

    " + "documentation":"

    The Amazon Web Services-generated Sequence Store or Reference Store ID.

    " }, "storeType":{ "shape":"StoreType", @@ -5154,7 +5561,7 @@ "documentation":"

    When the store was created.

    " }, "fallbackLocation":{ - "shape":"S3Destination", + "shape":"FallbackLocation", "documentation":"

    An S3 location that is used to store files that have failed a direct upload.

    " }, "s3Access":{ @@ -5434,7 +5841,7 @@ }, "storageCapacity":{ "shape":"GetWorkflowResponseStorageCapacityInteger", - "documentation":"

    The workflow's default run storage capacity in gibibytes.

    " + "documentation":"

    The default static storage capacity (in gibibytes) for runs that use this workflow or workflow version.

    " }, "creationTime":{ "shape":"WorkflowTimestamp", @@ -5450,11 +5857,35 @@ }, "metadata":{ "shape":"WorkflowMetadata", - "documentation":"

    Gets metadata for workflow.

    " + "documentation":"

    Gets metadata for the workflow.

    " }, "accelerators":{ "shape":"Accelerators", "documentation":"

    The computational accelerator specified to run the workflow.

    " + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for runs using this workflow.

    " + }, + "uuid":{ + "shape":"WorkflowUuid", + "documentation":"

    The universally unique identifier (UUID) value for this workflow.

    " + }, + "containerRegistryMap":{ + "shape":"ContainerRegistryMap", + "documentation":"

    The registry map that this workflow is using.

    " + }, + "readme":{ + "shape":"ReadmeS3PresignedUrl", + "documentation":"

    The README content for the workflow, providing documentation and usage information.

    " + }, + "definitionRepositoryDetails":{ + "shape":"DefinitionRepositoryDetails", + "documentation":"

    Details about the source code repository that hosts the workflow definition files.

    " + }, + "readmePath":{ + "shape":"ReadmePath", + "documentation":"

    The path to the workflow README markdown file within the repository. This file provides documentation and usage information for the workflow. If not specified, the README.md file from the root directory of the repository will be used.

    " } } }, @@ -5464,7 +5895,189 @@ "max":100000, "min":0 }, + "GetWorkflowVersionRequest":{ + "type":"structure", + "required":[ + "workflowId", + "versionName" + ], + "members":{ + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID. The workflowId is not the UUID.

    ", + "location":"uri", + "locationName":"workflowId" + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The workflow version name.

    ", + "location":"uri", + "locationName":"versionName" + }, + "type":{ + "shape":"WorkflowType", + "documentation":"

    The workflow's type.

    ", + "location":"querystring", + "locationName":"type" + }, + "export":{ + "shape":"WorkflowExportList", + "documentation":"

    The export format for the workflow.

    ", + "location":"querystring", + "locationName":"export" + }, + "workflowOwnerId":{ + "shape":"WorkflowOwnerId", + "documentation":"

    The 12-digit account ID of the workflow owner. The workflow owner ID can be retrieved using the GetShare API operation. If you are the workflow owner, you do not need to include this ID.

    ", + "location":"querystring", + "locationName":"workflowOwnerId" + } + } + }, + "GetWorkflowVersionResponse":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"WorkflowVersionArn", + "documentation":"

    ARN of the workflow version.

    " + }, + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID.

    " + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The workflow version name.

    " + }, + "accelerators":{ + "shape":"Accelerators", + "documentation":"

    The accelerator for this workflow version.

    " + }, + "creationTime":{ + "shape":"WorkflowTimestamp", + "documentation":"

    When the workflow version was created.

    " + }, + "description":{ + "shape":"WorkflowVersionDescription", + "documentation":"

    Description of the workflow version.

    " + }, + "definition":{ + "shape":"WorkflowDefinition", + "documentation":"

    Definition of the workflow version.

    " + }, + "digest":{ + "shape":"WorkflowDigest", + "documentation":"

    The workflow version's digest.

    " + }, + "engine":{ + "shape":"WorkflowEngine", + "documentation":"

    The workflow engine for this workflow version.

    " + }, + "main":{ + "shape":"WorkflowMain", + "documentation":"

    The path of the main definition file for the workflow.

    " + }, + "metadata":{ + "shape":"WorkflowMetadata", + "documentation":"

    The metadata for the workflow version.

    " + }, + "parameterTemplate":{ + "shape":"WorkflowParameterTemplate", + "documentation":"

    The parameter template for the workflow version.

    " + }, + "status":{ + "shape":"WorkflowStatus", + "documentation":"

    The workflow version status

    " + }, + "statusMessage":{ + "shape":"WorkflowStatusMessage", + "documentation":"

    The workflow version status message

    " + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for the run.

    " + }, + "storageCapacity":{ + "shape":"GetWorkflowVersionResponseStorageCapacityInteger", + "documentation":"

    The default run storage capacity for static storage.

    " + }, + "type":{ + "shape":"WorkflowType", + "documentation":"

    The workflow version type

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The workflow version tags

    " + }, + "uuid":{ + "shape":"WorkflowUuid", + "documentation":"

    The universally unique identifier (UUID) value for this workflow version

    " + }, + "workflowBucketOwnerId":{ + "shape":"WorkflowBucketOwnerId", + "documentation":"

    Amazon Web Services Id of the owner of the bucket.

    " + }, + "containerRegistryMap":{ + "shape":"ContainerRegistryMap", + "documentation":"

    The registry map that this workflow version uses.

    " + }, + "readme":{ + "shape":"ReadmeS3PresignedUrl", + "documentation":"

    The README content for the workflow version, providing documentation and usage information specific to this version.

    " + }, + "definitionRepositoryDetails":{ + "shape":"DefinitionRepositoryDetails", + "documentation":"

    Details about the source code repository that hosts the workflow version definition files.

    " + }, + "readmePath":{ + "shape":"ReadmePath", + "documentation":"

    The path to the workflow version README markdown file within the repository. This file provides documentation and usage information for the workflow. If not specified, the README.md file from the root directory of the repository will be used.

    " + } + } + }, + "GetWorkflowVersionResponseStorageCapacityInteger":{ + "type":"integer", + "box":true, + "max":100000, + "min":0 + }, "Header":{"type":"boolean"}, + "ImageDetails":{ + "type":"structure", + "members":{ + "image":{ + "shape":"Uri", + "documentation":"

    The URI of the container image.

    " + }, + "imageDigest":{ + "shape":"TaskImageDigest", + "documentation":"

    The container image digest. If the image URI was transformed, this will be the digest of the container image referenced by the transformed URI.

    " + }, + "sourceImage":{ + "shape":"Uri", + "documentation":"

    URI of the source registry. If the URI is from a third-party registry, Amazon Web Services HealthOmics transforms the URI to the corresponding ECR path, using the pull-through cache mapping rules.

    " + } + }, + "documentation":"

    Information about the container image used for a task.

    " + }, + "ImageMapping":{ + "type":"structure", + "members":{ + "sourceImage":{ + "shape":"Uri", + "documentation":"

    Specifies the URI of the source image in the upstream registry.

    " + }, + "destinationImage":{ + "shape":"Uri", + "documentation":"

    Specifies the URI of the corresponding image in the private ECR registry.

    " + } + }, + "documentation":"

    Specifies image mappings that workflow tasks can use. For example, you can replace all the task references of a public image to use an equivalent image in your private ECR repository. You can use image mappings with upstream registries that don't support pull through cache. You need to manually synchronize the upstream registry with your private repository.

    " + }, + "ImageMappingsList":{ + "type":"list", + "member":{"shape":"ImageMapping"} + }, "ImportJobId":{ "type":"string", "max":36, @@ -6781,6 +7394,61 @@ } } }, + "ListWorkflowVersionsRequest":{ + "type":"structure", + "required":["workflowId"], + "members":{ + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID. The workflowId is not the UUID.

    ", + "location":"uri", + "locationName":"workflowId" + }, + "type":{ + "shape":"WorkflowType", + "documentation":"

    The workflow type.

    ", + "location":"querystring", + "locationName":"type" + }, + "workflowOwnerId":{ + "shape":"WorkflowOwnerId", + "documentation":"

    The 12-digit account ID of the workflow owner. The workflow owner ID can be retrieved using the GetShare API operation. If you are the workflow owner, you do not need to include this ID.

    ", + "location":"querystring", + "locationName":"workflowOwnerId" + }, + "startingToken":{ + "shape":"WorkflowVersionListToken", + "documentation":"

    Specify the pagination token from a previous request to retrieve the next page of results.

    ", + "location":"querystring", + "locationName":"startingToken" + }, + "maxResults":{ + "shape":"ListWorkflowVersionsRequestMaxResultsInteger", + "documentation":"

    The maximum number of workflows to return in one page of results.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListWorkflowVersionsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListWorkflowVersionsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"WorkflowVersionList", + "documentation":"

    A list of workflow version items.

    " + }, + "nextToken":{ + "shape":"WorkflowVersionListToken", + "documentation":"

    A pagination token that's included if more results are available.

    " + } + } + }, "ListWorkflowsRequest":{ "type":"structure", "members":{ @@ -6928,6 +7596,12 @@ "min":1, "pattern":"[0-9]+" }, + "ParameterTemplatePath":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "PrimitiveBoolean":{"type":"boolean"}, "PropagatedSetLevelTags":{ "type":"list", @@ -6964,7 +7638,7 @@ }, "storeId":{ "shape":"StoreId", - "documentation":"

    The AWS-generated Sequence Store or Reference Store ID.

    " + "documentation":"

    The Amazon Web Services-generated Sequence Store or Reference Store ID.

    " }, "storeType":{ "shape":"StoreType", @@ -7413,6 +8087,19 @@ "max":5368709120, "min":1 }, + "ReadmeMarkdown":{"type":"string"}, + "ReadmePath":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, + "ReadmeS3PresignedUrl":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "ReferenceArn":{ "type":"string", "max":127, @@ -7669,6 +8356,32 @@ "type":"blob", "streaming":true }, + "RegistryMapping":{ + "type":"structure", + "members":{ + "upstreamRegistryUrl":{ + "shape":"Uri", + "documentation":"

    The URI of the upstream registry.

    " + }, + "ecrRepositoryPrefix":{ + "shape":"EcrRepositoryPrefix", + "documentation":"

    The repository prefix to use in the ECR private repository.

    " + }, + "upstreamRepositoryPrefix":{ + "shape":"UpstreamRepositoryPrefix", + "documentation":"

    The repository prefix of the corresponding repository in the upstream registry.

    " + }, + "ecrAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    Account ID of the account that owns the upstream container image.

    " + } + }, + "documentation":"

    If you are using the ECR pull through cache feature, the registry mapping maps between the ECR repository and the upstream registry where container images are pulled and synchronized.

    " + }, + "RegistryMappingsList":{ + "type":"list", + "member":{"shape":"RegistryMapping"} + }, "RequestTimeoutException":{ "type":"structure", "required":["message"], @@ -7968,6 +8681,10 @@ "storageType":{ "shape":"StorageType", "documentation":"

    The run's storage type.

    " + }, + "workflowVersionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The name of the workflow version.

    " } }, "documentation":"

    A workflow run.

    " @@ -8143,6 +8860,10 @@ "documentation":"

    Uri to a S3 object or bucket

    ", "pattern":"s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])(/(.{0,1024}))?" }, + "S3UriForObject":{ + "type":"string", + "pattern":"s3://([a-z0-9][a-z0-9-.]{1,61}[a-z0-9])/((.{1,1024}))" + }, "SampleId":{ "type":"string", "max":127, @@ -8243,7 +8964,7 @@ "documentation":"

    When the store was created.

    " }, "fallbackLocation":{ - "shape":"S3Destination", + "shape":"FallbackLocation", "documentation":"

    An S3 location that is used to store files that have failed a direct upload.

    " }, "eTagAlgorithmFamily":{ @@ -8448,6 +9169,33 @@ }, "documentation":"

    Source files for a sequence.

    " }, + "SourceReference":{ + "type":"structure", + "required":[ + "type", + "value" + ], + "members":{ + "type":{ + "shape":"SourceReferenceType", + "documentation":"

    The type of source reference, such as branch, tag, or commit.

    " + }, + "value":{ + "shape":"SourceReferenceValue", + "documentation":"

    The value of the source reference, such as the branch name, tag name, or commit ID.

    " + } + }, + "documentation":"

    Contains information about the source reference in a code repository, such as a branch, tag, or commit.

    " + }, + "SourceReferenceType":{ + "type":"string", + "enum":[ + "BRANCH", + "TAG", + "COMMIT" + ] + }, + "SourceReferenceValue":{"type":"string"}, "SseConfig":{ "type":"structure", "required":["type"], @@ -8865,16 +9613,17 @@ "type":"structure", "required":[ "roleArn", + "outputUri", "requestId" ], "members":{ "workflowId":{ "shape":"WorkflowId", - "documentation":"

    The run's workflow ID.

    " + "documentation":"

    The run's workflow ID. The workflowId is not the UUID.

    " }, "workflowType":{ "shape":"WorkflowType", - "documentation":"

    The run's workflow type.

    " + "documentation":"

    The run's workflow type. The workflowType must be specified if you are running a READY2RUN workflow. If you are running a PRIVATE workflow (default), you do not need to include the workflow type.

    " }, "runId":{ "shape":"RunId", @@ -8882,11 +9631,11 @@ }, "roleArn":{ "shape":"RunRoleArn", - "documentation":"

    A service role for the run.

    " + "documentation":"

    A service role for the run. The roleArn requires access to Amazon Web Services HealthOmics, S3, Cloudwatch logs, and EC2. An example roleArn is arn:aws:iam::123456789012:role/omics-service-role-serviceRole-W8O1XMPL7QZ. In this example, the AWS account ID is 123456789012 and the role name is omics-service-role-serviceRole-W8O1XMPL7QZ.

    " }, "name":{ "shape":"RunName", - "documentation":"

    A name for the run.

    " + "documentation":"

    A name for the run. This is recommended to view and organize runs in the Amazon Web Services HealthOmics console and CloudWatch logs.

    " }, "cacheId":{ "shape":"NumericIdInArn", @@ -8894,27 +9643,27 @@ }, "cacheBehavior":{ "shape":"CacheBehavior", - "documentation":"

    The cache behavior for the run. You specify this value if you want to override the default behavior for the cache. You had set the default value when you created the cache. For more information, see Run cache behavior in the AWS HealthOmics User Guide.

    " + "documentation":"

    The cache behavior for the run. You specify this value if you want to override the default behavior for the cache. You had set the default value when you created the cache. For more information, see Run cache behavior in the Amazon Web Services HealthOmics User Guide.

    " }, "runGroupId":{ "shape":"RunGroupId", - "documentation":"

    The run's group ID.

    " + "documentation":"

    The run's group ID. Use a run group to cap the compute resources (and number of concurrent runs) for the runs that you add to the run group.

    " }, "priority":{ "shape":"StartRunRequestPriorityInteger", - "documentation":"

    A priority for the run.

    " + "documentation":"

    Use the run priority (highest: 1) to establish the order of runs in a run group when you start a run. If multiple runs share the same priority, the run that was initiated first will have the higher priority. Runs that do not belong to a run group can be assigned a priority. The priorities of these runs are ranked among other runs that are not in a run group. For more information, see Run priority in the Amazon Web Services HealthOmics User Guide.

    " }, "parameters":{ "shape":"RunParameters", - "documentation":"

    Parameters for the run.

    " + "documentation":"

    Parameters for the run. The run needs all required parameters and can include optional parameters. The run cannot include any parameters that are not defined in the parameter template. To retrieve parameters from the run, use the GetRun API operation.

    " }, "storageCapacity":{ "shape":"StartRunRequestStorageCapacityInteger", - "documentation":"

    A storage capacity for the run in gibibytes. This field is not required if the storage type is dynamic (the system ignores any value that you enter).

    " + "documentation":"

    The STATIC storage capacity (in gibibytes, GiB) for this run. The default run storage capacity is 1200 GiB. If your requested storage capacity is unavailable, the system rounds up the value to the nearest 1200 GiB multiple. If the requested storage capacity is still unavailable, the system rounds up the value to the nearest 2400 GiB multiple. This field is not required if the storage type is DYNAMIC (the system ignores any value that you enter).

    " }, "outputUri":{ "shape":"RunOutputUri", - "documentation":"

    An output URI for the run.

    " + "documentation":"

    An output S3 URI for the run. The S3 bucket must be in the same region as the workflow. The role ARN must have permission to write to this S3 bucket.

    " }, "logLevel":{ "shape":"RunLogLevel", @@ -8922,24 +9671,28 @@ }, "tags":{ "shape":"TagMap", - "documentation":"

    Tags for the run.

    " + "documentation":"

    Tags for the run. You can add up to 50 tags per run. For more information, see Adding a tag in the Amazon Web Services HealthOmics User Guide.

    " }, "requestId":{ "shape":"RunRequestId", - "documentation":"

    To ensure that requests don't run multiple times, specify a unique ID for each request.

    ", + "documentation":"

    An idempotency token used to dedupe retry requests so that duplicate runs are not created.

    ", "idempotencyToken":true }, "retentionMode":{ "shape":"RunRetentionMode", - "documentation":"

    The retention mode for the run. The default value is RETAIN.

    HealthOmics stores a fixed number of runs that are available to the console and API. In the default mode (RETAIN), you need to remove runs manually when the number of run exceeds the maximum. If you set the retention mode to REMOVE, HealthOmics automatically removes runs (that have mode set to REMOVE) when the number of run exceeds the maximum. All run logs are available in CloudWatch logs, if you need information about a run that is no longer available to the API.

    For more information about retention mode, see Specifying run retention mode in the AWS HealthOmics User Guide.

    " + "documentation":"

    The retention mode for the run. The default value is RETAIN.

    Amazon Web Services HealthOmics stores a fixed number of runs that are available to the console and API. In the default mode (RETAIN), you need to remove runs manually when the number of run exceeds the maximum. If you set the retention mode to REMOVE, Amazon Web Services HealthOmics automatically removes runs (that have mode set to REMOVE) when the number of run exceeds the maximum. All run logs are available in CloudWatch logs, if you need information about a run that is no longer available to the API.

    For more information about retention mode, see Specifying run retention mode in the Amazon Web Services HealthOmics User Guide.

    " }, "storageType":{ "shape":"StorageType", - "documentation":"

    The run's storage type. By default, the run uses STATIC storage type, which allocates a fixed amount of storage. If you set the storage type to DYNAMIC, HealthOmics dynamically scales the storage up or down, based on file system utilization.

    " + "documentation":"

    The storage type for the run. If you set the storage type to DYNAMIC, Amazon Web Services HealthOmics dynamically scales the storage up or down, based on file system utilization. By default, the run uses STATIC storage type, which allocates a fixed amount of storage. For more information about DYNAMIC and STATIC storage, see Run storage types in the Amazon Web Services HealthOmics User Guide.

    " }, "workflowOwnerId":{ "shape":"WorkflowOwnerId", - "documentation":"

    The ID of the workflow owner.

    " + "documentation":"

    The 12-digit account ID of the workflow owner that is used for running a shared workflow. The workflow owner ID can be retrieved using the GetShare API operation. If you are the workflow owner, you do not need to include this ID.

    " + }, + "workflowVersionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The name of the workflow version. Use workflow versions to track and organize changes to the workflow. If your workflow has multiple versions, the run uses the default version unless you specify a version name. To learn more, see Workflow versioning in the Amazon Web Services HealthOmics User Guide.

    " } } }, @@ -9105,7 +9858,7 @@ }, "TagArn":{ "type":"string", - "max":128, + "max":150, "min":1, "pattern":"arn:.+" }, @@ -9173,6 +9926,12 @@ "min":1, "pattern":"[0-9]+" }, + "TaskImageDigest":{ + "type":"string", + "max":128, + "min":1, + "pattern":"sha[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "TaskInstanceType":{ "type":"string", "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" @@ -9202,7 +9961,7 @@ }, "cacheHit":{ "shape":"Boolean", - "documentation":"

    Set to true if AWS HealthOmics found a matching entry in the run cache for this task.

    " + "documentation":"

    Set to true if Amazon Web Services HealthOmics found a matching entry in the run cache for this task.

    " }, "cacheS3Uri":{ "shape":"S3UriForBucketOrObject", @@ -9633,7 +10392,7 @@ "idempotencyToken":true }, "fallbackLocation":{ - "shape":"S3Destination", + "shape":"FallbackLocation", "documentation":"

    The S3 URI of a bucket and folder to store Read Sets that fail to upload.

    " }, "propagatedSetLevelTags":{ @@ -9692,7 +10451,7 @@ "documentation":"

    The status message of the sequence store.

    " }, "fallbackLocation":{ - "shape":"S3Destination", + "shape":"FallbackLocation", "documentation":"

    The S3 URI of a bucket and folder to store Read Sets that fail to upload.

    " }, "s3Access":{"shape":"SequenceStoreS3Access"}, @@ -9781,9 +10540,70 @@ "description":{ "shape":"WorkflowDescription", "documentation":"

    A description for the workflow.

    " + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for runs that use this workflow. STATIC storage allocates a fixed amount of storage. DYNAMIC storage dynamically scales the storage up or down, based on file system utilization. For more information about static and dynamic storage, see Running workflows in the Amazon Web Services HealthOmics User Guide.

    " + }, + "storageCapacity":{ + "shape":"UpdateWorkflowRequestStorageCapacityInteger", + "documentation":"

    The default static storage capacity (in gibibytes) for runs that use this workflow or workflow version.

    " + }, + "readmeMarkdown":{ + "shape":"ReadmeMarkdown", + "documentation":"

    The markdown content for the workflow's README file. This provides documentation and usage information for users of the workflow.

    " + } + } + }, + "UpdateWorkflowRequestStorageCapacityInteger":{ + "type":"integer", + "box":true, + "max":100000, + "min":0 + }, + "UpdateWorkflowVersionRequest":{ + "type":"structure", + "required":[ + "workflowId", + "versionName" + ], + "members":{ + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID. The workflowId is not the UUID.

    ", + "location":"uri", + "locationName":"workflowId" + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The name of the workflow version.

    ", + "location":"uri", + "locationName":"versionName" + }, + "description":{ + "shape":"WorkflowVersionDescription", + "documentation":"

    Description of the workflow version.

    " + }, + "storageType":{ + "shape":"StorageType", + "documentation":"

    The default storage type for runs that use this workflow version. The storageType can be overridden at run time. DYNAMIC storage dynamically scales the storage up or down, based on file system utilization. STATIC storage allocates a fixed amount of storage. For more information about dynamic and static storage types, see Run storage types in the in the Amazon Web Services HealthOmics User Guide .

    " + }, + "storageCapacity":{ + "shape":"UpdateWorkflowVersionRequestStorageCapacityInteger", + "documentation":"

    The default static storage capacity (in gibibytes) for runs that use this workflow version. The storageCapacity can be overwritten at run time. The storage capacity is not required for runs with a DYNAMIC storage type.

    " + }, + "readmeMarkdown":{ + "shape":"ReadmeMarkdown", + "documentation":"

    The markdown content for the workflow version's README file. This provides documentation and usage information for users of this specific workflow version.

    " } } }, + "UpdateWorkflowVersionRequestStorageCapacityInteger":{ + "type":"integer", + "box":true, + "max":100000, + "min":0 + }, "UploadId":{ "type":"string", "max":36, @@ -9847,6 +10667,18 @@ } } }, + "UpstreamRepositoryPrefix":{ + "type":"string", + "max":30, + "min":2, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, + "Uri":{ + "type":"string", + "max":750, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "UserCustomDescription":{ "type":"string", "max":256, @@ -10111,6 +10943,10 @@ "min":1, "pattern":"arn:.+" }, + "WorkflowBucketOwnerId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, "WorkflowDefinition":{ "type":"string", "max":256, @@ -10133,14 +10969,18 @@ "enum":[ "WDL", "NEXTFLOW", - "CWL" + "CWL", + "WDL_LENIENT" ], "max":64, "min":1 }, "WorkflowExport":{ "type":"string", - "enum":["DEFINITION"], + "enum":[ + "DEFINITION", + "README" + ], "max":64, "min":1 }, @@ -10303,7 +11143,81 @@ ], "max":64, "min":1 + }, + "WorkflowUuid":{ + "type":"string", + "pattern":"[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}" + }, + "WorkflowVersionArn":{ + "type":"string", + "max":150, + "min":1, + "pattern":"arn:.+" + }, + "WorkflowVersionDescription":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, + "WorkflowVersionList":{ + "type":"list", + "member":{"shape":"WorkflowVersionListItem"} + }, + "WorkflowVersionListItem":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"WorkflowVersionArn", + "documentation":"

    ARN of the workflow version.

    " + }, + "workflowId":{ + "shape":"WorkflowId", + "documentation":"

    The workflow's ID.

    " + }, + "versionName":{ + "shape":"WorkflowVersionName", + "documentation":"

    The name of the workflow version.

    " + }, + "description":{ + "shape":"WorkflowVersionDescription", + "documentation":"

    The description of the workflow version.

    " + }, + "status":{ + "shape":"WorkflowStatus", + "documentation":"

    The status of the workflow version.

    " + }, + "type":{ + "shape":"WorkflowType", + "documentation":"

    The type of the workflow version.

    " + }, + "digest":{ + "shape":"WorkflowDigest", + "documentation":"

    The digist of the workflow version.

    " + }, + "creationTime":{ + "shape":"WorkflowTimestamp", + "documentation":"

    The creation time of the workflow version.

    " + }, + "metadata":{ + "shape":"WorkflowMetadata", + "documentation":"

    Metadata for the workflow version.

    " + } + }, + "documentation":"

    A list of workflow version items.

    " + }, + "WorkflowVersionListToken":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, + "WorkflowVersionName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9][A-Za-z0-9\\-\\._]*" } }, - "documentation":"

    This is the AWS HealthOmics API Reference. For an introduction to the service, see What is AWS HealthOmics? in the AWS HealthOmics User Guide.

    " + "documentation":"

    Amazon Web Services HealthOmics is a service that helps users such as bioinformaticians, researchers, and scientists to store, query, analyze, and generate insights from genomics and other biological data. It simplifies and accelerates the process of storing and analyzing genomic information for Amazon Web Services.

    For an introduction to the service, see What is Amazon Web Services HealthOmics? in the Amazon Web Services HealthOmics User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/omics/2022-11-28/waiters-2.json 2.31.35-1/awscli/botocore/data/omics/2022-11-28/waiters-2.json --- 2.23.6-1/awscli/botocore/data/omics/2022-11-28/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/omics/2022-11-28/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -541,6 +541,33 @@ "state" : "failure", "expected" : "FAILED" } ] + }, + "WorkflowVersionActive" : { + "description" : "Wait until a workflow version is active.", + "delay" : 3, + "maxAttempts" : 10, + "operation" : "GetWorkflowVersion", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "retry", + "expected" : "CREATING" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "retry", + "expected" : "UPDATING" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "FAILED" + } ] } } } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/opensearch/2021-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/opensearch/2021-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/opensearch/2021-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opensearch/2021-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/opensearch/2021-01-01/service-2.json 2.31.35-1/awscli/botocore/data/opensearch/2021-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/opensearch/2021-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opensearch/2021-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -183,7 +183,7 @@ {"shape":"InternalException"}, {"shape":"DisabledOperationException"} ], - "documentation":"

    Creates an OpenSearch Application.

    " + "documentation":"

    Creates an OpenSearch UI application. For more information, see Using the OpenSearch user interface in Amazon OpenSearch Service.

    " }, "CreateDomain":{ "name":"CreateDomain", @@ -275,7 +275,7 @@ {"shape":"InternalException"}, {"shape":"DisabledOperationException"} ], - "documentation":"

    Deletes an existing OpenSearch Application.

    " + "documentation":"

    Deletes a specified OpenSearch application.

    " }, "DeleteDataSource":{ "name":"DeleteDataSource", @@ -684,7 +684,7 @@ {"shape":"InternalException"}, {"shape":"DisabledOperationException"} ], - "documentation":"

    Check the configuration and status of an existing OpenSearch Application.

    " + "documentation":"

    Retrieves the configuration and status of an existing OpenSearch application.

    " }, "GetCompatibleVersions":{ "name":"GetCompatibleVersions", @@ -721,6 +721,23 @@ ], "documentation":"

    Retrieves information about a direct query data source.

    " }, + "GetDefaultApplicationSetting":{ + "name":"GetDefaultApplicationSetting", + "http":{ + "method":"GET", + "requestUri":"/2021-01-01/opensearch/defaultApplicationSetting", + "responseCode":200 + }, + "input":{"shape":"GetDefaultApplicationSettingRequest"}, + "output":{"shape":"GetDefaultApplicationSettingResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Gets the ARN of the current default application.

    If the default application isn't set, the operation returns a resource not found error.

    " + }, "GetDirectQueryDataSource":{ "name":"GetDirectQueryDataSource", "http":{ @@ -823,7 +840,7 @@ {"shape":"InternalException"}, {"shape":"DisabledOperationException"} ], - "documentation":"

    List all OpenSearch Applications under your account.

    " + "documentation":"

    Lists all OpenSearch applications under your account.

    " }, "ListDataSources":{ "name":"ListDataSources", @@ -1055,6 +1072,23 @@ ], "documentation":"

    Allows you to purchase Amazon OpenSearch Service Reserved Instances.

    " }, + "PutDefaultApplicationSetting":{ + "name":"PutDefaultApplicationSetting", + "http":{ + "method":"PUT", + "requestUri":"/2021-01-01/opensearch/defaultApplicationSetting", + "responseCode":200 + }, + "input":{"shape":"PutDefaultApplicationSettingRequest"}, + "output":{"shape":"PutDefaultApplicationSettingResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Sets the default application to the application with the specified ARN.

    To remove the default application, use the GetDefaultApplicationSetting operation to get the current default and then call the PutDefaultApplicationSetting with the current applications ARN and the setAsDefault parameter set to false.

    " + }, "RejectInboundConnection":{ "name":"RejectInboundConnection", "http":{ @@ -1151,7 +1185,7 @@ {"shape":"InternalException"}, {"shape":"DisabledOperationException"} ], - "documentation":"

    Update the OpenSearch Application.

    " + "documentation":"

    Updates the configuration and settings of an existing OpenSearch application.

    " }, "UpdateDataSource":{ "name":"UpdateDataSource", @@ -1304,6 +1338,10 @@ "NaturalLanguageQueryGenerationOptions":{ "shape":"NaturalLanguageQueryGenerationOptionsInput", "documentation":"

    Container for parameters required for natural language query generation on the specified domain.

    " + }, + "S3VectorsEngine":{ + "shape":"S3VectorsEngine", + "documentation":"

    Container for parameters required to enable S3 vectors engine features on the specified domain.

    " } }, "documentation":"

    Container for parameters required to enable all machine learning features.

    " @@ -1314,6 +1352,10 @@ "NaturalLanguageQueryGenerationOptions":{ "shape":"NaturalLanguageQueryGenerationOptionsOutput", "documentation":"

    Container for parameters required for natural language query generation on the specified domain.

    " + }, + "S3VectorsEngine":{ + "shape":"S3VectorsEngine", + "documentation":"

    Container for parameters representing the state of S3 vectors engine features on the specified domain.

    " } }, "documentation":"

    Container for parameters representing the state of machine learning features on the specified domain.

    " @@ -1388,8 +1430,7 @@ }, "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred because you don't have permissions to access the resource.

    ", "error":{"httpStatusCode":403}, "exception":true @@ -1593,6 +1634,10 @@ "shape":"JWTOptionsOutput", "documentation":"

    Container for information about the JWT configuration of the Amazon OpenSearch Service.

    " }, + "IAMFederationOptions":{ + "shape":"IAMFederationOptionsOutput", + "documentation":"

    Configuration options for IAM identity federation in advanced security settings.

    " + }, "AnonymousAuthDisableDate":{ "shape":"DisableTimestamp", "documentation":"

    Date and time when the migration period will be disabled. Only necessary when enabling fine-grained access control on an existing domain.

    " @@ -1627,6 +1672,10 @@ "shape":"JWTOptionsInput", "documentation":"

    Container for information about the JWT configuration of the Amazon OpenSearch Service.

    " }, + "IAMFederationOptions":{ + "shape":"IAMFederationOptionsInput", + "documentation":"

    Input configuration for IAM identity federation within advanced security options.

    " + }, "AnonymousAuthEnabled":{ "shape":"Boolean", "documentation":"

    True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when enabling fine-grained access control on an existing domain.

    " @@ -1657,14 +1706,14 @@ "members":{ "key":{ "shape":"AppConfigType", - "documentation":"

    Specify the item to configure, such as admin role for the OpenSearch Application.

    " + "documentation":"

    The configuration item to set, such as the admin role for the OpenSearch application.

    " }, "value":{ "shape":"AppConfigValue", - "documentation":"

    Specifies the value to configure for the key, such as an IAM user ARN.

    " + "documentation":"

    The value assigned to the configuration key, such as an IAM user ARN.

    " } }, - "documentation":"

    Configurations of the OpenSearch Application.

    " + "documentation":"

    Configuration settings for an OpenSearch application. For more information, see see Using the OpenSearch user interface in Amazon OpenSearch Service.

    " }, "AppConfigType":{ "type":"string", @@ -1712,31 +1761,31 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier for an OpenSearch application.

    " + "documentation":"

    The unique identifier of an OpenSearch application.

    " }, "arn":{"shape":"ARN"}, "name":{ "shape":"ApplicationName", - "documentation":"

    Name of an OpenSearch Application.

    " + "documentation":"

    The name of an OpenSearch application.

    " }, "endpoint":{ "shape":"String", - "documentation":"

    Endpoint URL of an OpenSearch Application.

    " + "documentation":"

    The endpoint URL of an OpenSearch application.

    " }, "status":{ "shape":"ApplicationStatus", - "documentation":"

    Status of an OpenSearch Application. Possible values are CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    " + "documentation":"

    The current status of an OpenSearch application. Possible values: CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    " }, "createdAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which an OpenSearch Application was created.

    " + "documentation":"

    The timestamp when an OpenSearch application was created.

    " }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which an OpenSearch Application was last updated.

    " + "documentation":"

    The timestamp of the last update to an OpenSearch application.

    " } }, - "documentation":"

    Basic information of the OpenSearch Application.

    " + "documentation":"

    Basic details of an OpenSearch application.

    " }, "AssociatePackageRequest":{ "type":"structure", @@ -2474,8 +2523,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred because the client attempts to remove a resource that is currently in use.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -2521,24 +2569,24 @@ "members":{ "clientToken":{ "shape":"ClientToken", - "documentation":"

    A unique client idempotency token. It will be auto generated if not provided.

    ", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", "idempotencyToken":true }, "name":{ "shape":"ApplicationName", - "documentation":"

    Name of the OpenSearch Appication to create. Application names are unique across the applications owned by an account within an Amazon Web Services Region.

    " + "documentation":"

    The unique name of the OpenSearch application. Names must be unique within an Amazon Web Services Region for each account.

    " }, "dataSources":{ "shape":"DataSources", - "documentation":"

    Data sources to be associated with the OpenSearch Application.

    " + "documentation":"

    The data sources to link to the OpenSearch application.

    " }, "iamIdentityCenterOptions":{ "shape":"IamIdentityCenterOptionsInput", - "documentation":"

    Settings of IAM Identity Center for the OpenSearch Application.

    " + "documentation":"

    Configuration settings for integrating Amazon Web Services IAM Identity Center with the OpenSearch application.

    " }, "appConfigs":{ "shape":"AppConfigs", - "documentation":"

    Configurations of the OpenSearch Application, inlcuding admin configuration.

    " + "documentation":"

    Configuration settings for the OpenSearch application, including administrative options.

    " }, "tagList":{"shape":"TagList"} } @@ -2548,29 +2596,29 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier for the created OpenSearch Application.

    " + "documentation":"

    The unique identifier assigned to the OpenSearch application.

    " }, "name":{ "shape":"ApplicationName", - "documentation":"

    Name of the created OpenSearch Application.

    " + "documentation":"

    The name of the OpenSearch application.

    " }, "arn":{"shape":"ARN"}, "dataSources":{ "shape":"DataSources", - "documentation":"

    Data sources associated with the created OpenSearch Application.

    " + "documentation":"

    The data sources linked to the OpenSearch application.

    " }, "iamIdentityCenterOptions":{ "shape":"IamIdentityCenterOptions", - "documentation":"

    Settings of IAM Identity Center for the created OpenSearch Application.

    " + "documentation":"

    The IAM Identity Center settings configured for the OpenSearch application.

    " }, "appConfigs":{ "shape":"AppConfigs", - "documentation":"

    Configurations of the OpenSearch Application, inlcuding admin configuration.

    " + "documentation":"

    Configuration settings for the OpenSearch application, including administrative options.

    " }, "tagList":{"shape":"TagList"}, "createdAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp when the OpenSearch Application was created.

    " + "documentation":"

    The timestamp indicating when the OpenSearch application was created.

    " } } }, @@ -2640,7 +2688,7 @@ }, "IdentityCenterOptions":{ "shape":"IdentityCenterOptionsInput", - "documentation":"

    Options for IAM Identity Center Option control for the domain.

    " + "documentation":"

    Configuration options for enabling and managing IAM Identity Center integration within a domain.

    " }, "TagList":{ "shape":"TagList", @@ -2843,7 +2891,7 @@ "documentation":"

    Detailed description of a data source.

    " } }, - "documentation":"

    Data sources that are associated with an OpenSearch Application.

    " + "documentation":"

    Data sources that are associated with an OpenSearch application.

    " }, "DataSourceDescription":{ "type":"string", @@ -2910,7 +2958,7 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier for the OpenSearch Application that you want to delete.

    ", + "documentation":"

    The unique identifier of the OpenSearch application to delete.

    ", "location":"uri", "locationName":"id" } @@ -2918,8 +2966,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDataSourceRequest":{ "type":"structure", @@ -3081,8 +3128,7 @@ }, "DependencyFailureException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for when a failure in one of the dependencies results in the service being unable to fetch details about the resource.

    ", "error":{"httpStatusCode":424}, "exception":true @@ -3722,8 +3768,7 @@ "DisableTimestamp":{"type":"timestamp"}, "DisabledOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occured because the client wanted to access an unsupported operation.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -3850,7 +3895,7 @@ }, "IdentityCenterOptions":{ "shape":"IdentityCenterOptionsStatus", - "documentation":"

    Container for IAM Identity Center Option control for the domain.

    " + "documentation":"

    Configuration options for enabling and managing IAM Identity Center integration within a domain.

    " }, "AutoTuneOptions":{ "shape":"AutoTuneOptionsStatus", @@ -4036,7 +4081,7 @@ }, "NodeType":{ "shape":"NodeType", - "documentation":"

    Indicates whether the nodes is a data, master, or ultrawarm node.

    " + "documentation":"

    Indicates whether the nodes is a data, master, or UltraWarm node.

    " }, "AvailabilityZone":{ "shape":"AvailabilityZone", @@ -4056,7 +4101,7 @@ }, "StorageVolumeType":{ "shape":"VolumeType", - "documentation":"

    If the nodes has EBS storage, indicates if the volume type is GP2 or GP3. Only applicable for data nodes.

    " + "documentation":"

    If the nodes has EBS storage, indicates if the volume type is gp2 or gp3. Only applicable for data nodes.

    " }, "StorageSize":{ "shape":"VolumeSize", @@ -4269,7 +4314,7 @@ }, "IdentityCenterOptions":{ "shape":"IdentityCenterOptions", - "documentation":"

    Container for IAM Identity Center Option control for the domain.

    " + "documentation":"

    Configuration options for controlling IAM Identity Center integration within a domain.

    " }, "AutoTuneOptions":{ "shape":"AutoTuneOptionsOutput", @@ -4542,7 +4587,7 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier of the checked OpenSearch Application.

    ", + "documentation":"

    The unique identifier of the OpenSearch application to retrieve.

    ", "location":"uri", "locationName":"id" } @@ -4553,40 +4598,40 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier of the checked OpenSearch Application.

    " + "documentation":"

    The unique identifier of the OpenSearch application.

    " }, "arn":{"shape":"ARN"}, "name":{ "shape":"ApplicationName", - "documentation":"

    Name of the checked OpenSearch Application.

    " + "documentation":"

    The name of the OpenSearch application.

    " }, "endpoint":{ "shape":"String", - "documentation":"

    Endpoint URL of the checked OpenSearch Application.

    " + "documentation":"

    The endpoint URL of the OpenSearch application.

    " }, "status":{ "shape":"ApplicationStatus", - "documentation":"

    Current status of the checked OpenSearch Application. Possible values are CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    " + "documentation":"

    The current status of the OpenSearch application. Possible values: CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    " }, "iamIdentityCenterOptions":{ "shape":"IamIdentityCenterOptions", - "documentation":"

    IAM Identity Center settings for the checked OpenSearch Application.

    " + "documentation":"

    The IAM Identity Center settings configured for the OpenSearch application.

    " }, "dataSources":{ "shape":"DataSources", - "documentation":"

    Associated data sources to the checked OpenSearch Application.

    " + "documentation":"

    The data sources associated with the OpenSearch application.

    " }, "appConfigs":{ "shape":"AppConfigs", - "documentation":"

    App configurations of the checked OpenSearch Application.

    " + "documentation":"

    The configuration settings of the OpenSearch application.

    " }, "createdAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which the checked OpenSearch Application was created.

    " + "documentation":"

    The timestamp when the OpenSearch application was created.

    " }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which the checked OpenSearch Application was last updated.

    " + "documentation":"

    The timestamp of the last update to the OpenSearch application.

    " } } }, @@ -4656,6 +4701,16 @@ }, "documentation":"

    The result of a GetDataSource operation.

    " }, + "GetDefaultApplicationSettingRequest":{ + "type":"structure", + "members":{} + }, + "GetDefaultApplicationSettingResponse":{ + "type":"structure", + "members":{ + "applicationArn":{"shape":"ARN"} + } + }, "GetDirectQueryDataSourceRequest":{ "type":"structure", "required":["DataSourceName"], @@ -4859,6 +4914,54 @@ "documentation":"

    Container for the response returned by the GetUpgradeStatus operation.

    " }, "HostedZoneId":{"type":"string"}, + "IAMFederationOptionsInput":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    Specifies whether IAM identity federation is enabled for the OpenSearch domain.

    " + }, + "SubjectKey":{ + "shape":"IAMFederationSubjectKey", + "documentation":"

    The key in the SAML assertion that contains the user's subject identifier.

    " + }, + "RolesKey":{ + "shape":"IAMFederationRolesKey", + "documentation":"

    The key in the SAML assertion that contains the user's role information.

    " + } + }, + "documentation":"

    Input parameters for configuring IAM identity federation settings.

    " + }, + "IAMFederationOptionsOutput":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    Indicates whether IAM identity federation is currently enabled for the domain.

    " + }, + "SubjectKey":{ + "shape":"IAMFederationSubjectKey", + "documentation":"

    The configured key in the SAML assertion for the user's subject identifier.

    " + }, + "RolesKey":{ + "shape":"IAMFederationRolesKey", + "documentation":"

    The configured key in the SAML assertion for the user's role information.

    " + } + }, + "documentation":"

    Output parameters showing the current IAM identity federation configuration.

    " + }, + "IAMFederationRolesKey":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$" + }, + "IAMFederationSubjectKey":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^(null|[A-Za-z][A-Za-z0-9_.:/=+\\-@]*)$" + }, "IPAddressType":{ "type":"string", "enum":[ @@ -4886,31 +4989,31 @@ "members":{ "enabled":{ "shape":"Boolean", - "documentation":"

    IAM Identity Center is enabled for the OpenSearch Application.

    " + "documentation":"

    Indicates whether IAM Identity Center is enabled for the OpenSearch application.

    " }, "iamIdentityCenterInstanceArn":{"shape":"ARN"}, "iamRoleForIdentityCenterApplicationArn":{ "shape":"RoleArn", - "documentation":"

    Amazon Resource Name of the IAM Identity Center's Application created for the OpenSearch Application after enabling IAM Identity Center.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role assigned to the IAM Identity Center application for the OpenSearch application.

    " }, "iamIdentityCenterApplicationArn":{"shape":"ARN"} }, - "documentation":"

    Settings for IAM Identity Center for an OpenSearch Application.

    " + "documentation":"

    Configuration settings for IAM Identity Center in an OpenSearch application.

    " }, "IamIdentityCenterOptionsInput":{ "type":"structure", "members":{ "enabled":{ "shape":"Boolean", - "documentation":"

    Enable/disable settings for IAM Identity Center.

    " + "documentation":"

    Specifies whether IAM Identity Center is enabled or disabled.

    " }, "iamIdentityCenterInstanceArn":{"shape":"ARN"}, "iamRoleForIdentityCenterApplicationArn":{ "shape":"RoleArn", - "documentation":"

    Amazon Resource Name of IAM Identity Center's application.

    " + "documentation":"

    The ARN of the IAM role associated with the IAM Identity Center application.

    " } }, - "documentation":"

    Settings for IAM Identity Center.

    " + "documentation":"

    Configuration settings for enabling and managing IAM Identity Center.

    " }, "Id":{ "type":"string", @@ -4933,52 +5036,52 @@ "members":{ "EnabledAPIAccess":{ "shape":"Boolean", - "documentation":"

    True to enable IAM Identity Center for API access in Amazon OpenSearch Service.

    " + "documentation":"

    Indicates whether IAM Identity Center is enabled for the application.

    " }, "IdentityCenterInstanceARN":{ "shape":"IdentityCenterInstanceARN", - "documentation":"

    The ARN for IAM Identity Center Instance.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Identity Center instance.

    " }, "SubjectKey":{ "shape":"SubjectKeyIdCOption", - "documentation":"

    Specify the attribute that contains the subject (username, userID, email) of IAM Identity Center.

    " + "documentation":"

    Specifies the attribute that contains the subject identifier (such as username, user ID, or email) in IAM Identity Center.

    " }, "RolesKey":{ "shape":"RolesKeyIdCOption", - "documentation":"

    Specify the attribute that contains the backend role (groupName, groupID) of IAM Identity Center

    " + "documentation":"

    Specifies the attribute that contains the backend role identifier (such as group name or group ID) in IAM Identity Center.

    " }, "IdentityCenterApplicationARN":{ "shape":"IdentityCenterApplicationARN", - "documentation":"

    The ARN for IAM Identity Center Application which will integrate with Amazon OpenSearch Service.

    " + "documentation":"

    The ARN of the IAM Identity Center application that integrates with Amazon OpenSearch Service.

    " }, "IdentityStoreId":{ "shape":"IdentityStoreId", - "documentation":"

    The ID of IAM Identity Store.

    " + "documentation":"

    The identifier of the IAM Identity Store.

    " } }, - "documentation":"

    Container for IAM Identity Center Options settings.

    " + "documentation":"

    Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management.

    " }, "IdentityCenterOptionsInput":{ "type":"structure", "members":{ "EnabledAPIAccess":{ "shape":"Boolean", - "documentation":"

    True to enable IAM Identity Center for API access in Amazon OpenSearch Service.

    " + "documentation":"

    Indicates whether IAM Identity Center is enabled for API access in Amazon OpenSearch Service.

    " }, "IdentityCenterInstanceARN":{ "shape":"IdentityCenterInstanceARN", - "documentation":"

    The ARN for IAM Identity Center Instance which will be used for IAM Identity Center Application creation.

    " + "documentation":"

    The ARN of the IAM Identity Center instance used to create an OpenSearch UI application that uses IAM Identity Center for authentication.

    " }, "SubjectKey":{ "shape":"SubjectKeyIdCOption", - "documentation":"

    Specify the attribute that contains the subject (username, userID, email) of IAM Identity Center.

    " + "documentation":"

    Specifies the attribute that contains the subject identifier (such as username, user ID, or email) in IAM Identity Center.

    " }, "RolesKey":{ "shape":"RolesKeyIdCOption", - "documentation":"

    Specify the attribute that contains the backend role (groupName, groupID) of IAM Identity Center

    " + "documentation":"

    Specifies the attribute that contains the backend role identifier (such as group name or group ID) in IAM Identity Center.

    " } }, - "documentation":"

    Container for IAM Identity Center Options settings.

    " + "documentation":"

    Configuration settings for enabling and managing IAM Identity Center.

    " }, "IdentityCenterOptionsStatus":{ "type":"structure", @@ -4989,14 +5092,14 @@ "members":{ "Options":{ "shape":"IdentityCenterOptions", - "documentation":"

    Container for IAM Identity Center Options settings.

    " + "documentation":"

    Configuration settings for IAM Identity Center integration.

    " }, "Status":{ "shape":"OptionStatus", - "documentation":"

    The status of IAM Identity Center Options settings for a domain.

    " + "documentation":"

    The status of IAM Identity Center configuration settings for a domain.

    " } }, - "documentation":"

    The status of IAM Identity Center Options settings for a domain.

    " + "documentation":"

    The status of IAM Identity Center configuration settings for a domain.

    " }, "IdentityPoolId":{ "type":"string", @@ -5160,24 +5263,21 @@ "IntegerClass":{"type":"integer"}, "InternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request processing failed because of an unknown error, exception, or internal failure.

    ", "error":{"httpStatusCode":500}, "exception":true }, "InvalidPaginationTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request processing failed because you provided an invalid pagination token.

    ", "error":{"httpStatusCode":400}, "exception":true }, "InvalidTypeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for trying to create or access a sub-resource that's either invalid or not supported.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -5260,8 +5360,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for trying to create more than the allowed number of resources or sub-resources.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -5306,7 +5405,7 @@ }, "statuses":{ "shape":"ApplicationStatuses", - "documentation":"

    OpenSearch Application Status can be used as filters for the listing request. Possible values are CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    ", + "documentation":"

    Filters the list of OpenSearch applications by status. Possible values: CREATING, UPDATING, DELETING, FAILED, ACTIVE, and DELETED.

    ", "location":"querystring", "locationName":"statuses" }, @@ -5322,7 +5421,7 @@ "members":{ "ApplicationSummaries":{ "shape":"ApplicationSummaries", - "documentation":"

    Summary of the OpenSearch Applications, including ID, ARN, name, endpoint, status, create time and last update time.

    " + "documentation":"

    Summarizes OpenSearch applications, including ID, ARN, name, endpoint, status, creation time, and last update time.

    " }, "nextToken":{"shape":"NextToken"} } @@ -5955,18 +6054,18 @@ "members":{ "Enabled":{ "shape":"Boolean", - "documentation":"

    A boolean that indicates whether a particular node type is enabled or not.

    " + "documentation":"

    A boolean value indicating whether a specific node type is active or inactive.

    " }, "Type":{ "shape":"OpenSearchPartitionInstanceType", - "documentation":"

    The instance type of a particular node type in the cluster.

    " + "documentation":"

    The instance type of a particular node within the cluster.

    " }, "Count":{ "shape":"IntegerClass", - "documentation":"

    The number of nodes of a particular node type in the cluster.

    " + "documentation":"

    The number of nodes of a specific type within the cluster.

    " } }, - "documentation":"

    Container for specifying configuration of any node type.

    " + "documentation":"

    Configuration options for defining the setup of any node type within the cluster.

    " }, "NodeId":{ "type":"string", @@ -5978,14 +6077,14 @@ "members":{ "NodeType":{ "shape":"NodeOptionsNodeType", - "documentation":"

    Container for node type like coordinating.

    " + "documentation":"

    Defines the type of node, such as coordinating nodes.

    " }, "NodeConfig":{ "shape":"NodeConfig", - "documentation":"

    Container for specifying configuration of any node type.

    " + "documentation":"

    Configuration options for defining the setup of any node type.

    " } }, - "documentation":"

    Container for specifying node type.

    " + "documentation":"

    Configuration settings for defining the node type within a cluster.

    " }, "NodeOptionsList":{ "type":"list", @@ -6431,7 +6530,7 @@ }, "PackageOwner":{ "shape":"PackageOwner", - "documentation":"

    The owner of the package who is allowed to create/update a package and add users to the package scope.

    " + "documentation":"

    The owner of the package who is allowed to create and update a package and add users to the package scope.

    " }, "PackageVendingOptions":{ "shape":"PackageVendingOptions", @@ -6439,7 +6538,7 @@ }, "PackageEncryptionOptions":{ "shape":"PackageEncryptionOptions", - "documentation":"

    Package Encryption Options for a package.

    " + "documentation":"

    Encryption options for a package.

    " } }, "documentation":"

    Basic information about a package.

    " @@ -6454,7 +6553,7 @@ }, "PrerequisitePackageIDList":{ "shape":"PackageIDList", - "documentation":"

    List of package IDs that must be associated with the domain with or before the package can be associated.

    " + "documentation":"

    List of package IDs that must be linked to the domain before or simultaneously with the package association.

    " }, "AssociationConfiguration":{ "shape":"PackageAssociationConfiguration", @@ -6477,11 +6576,11 @@ "members":{ "KmsKeyIdentifier":{ "shape":"KmsKeyId", - "documentation":"

    KMS key ID for encrypting the package.

    " + "documentation":"

    KMS key ID for encrypting the package.

    " }, "EncryptionEnabled":{ "shape":"Boolean", - "documentation":"

    This indicates whether encryption is enabled for the package.

    " + "documentation":"

    Whether encryption is enabled for the package.

    " } }, "documentation":"

    Encryption options for a package.

    " @@ -6564,10 +6663,10 @@ "members":{ "VendingEnabled":{ "shape":"Boolean", - "documentation":"

    This indicates whether vending is enabled for the package to determine if package can be used by other users.

    " + "documentation":"

    Indicates whether the package vending feature is enabled, allowing the package to be used by other users.

    " } }, - "documentation":"

    The vending options for a package to determine if the package can be used by other users.

    " + "documentation":"

    Configuration options for determining whether a package can be made available for use by other users.

    " }, "PackageVersion":{"type":"string"}, "PackageVersionHistory":{ @@ -6706,6 +6805,26 @@ }, "documentation":"

    Represents the output of a PurchaseReservedInstanceOffering operation.

    " }, + "PutDefaultApplicationSettingRequest":{ + "type":"structure", + "required":[ + "applicationArn", + "setAsDefault" + ], + "members":{ + "applicationArn":{"shape":"ARN"}, + "setAsDefault":{ + "shape":"Boolean", + "documentation":"

    Set to true to set the specified ARN as the default application. Set to false to clear the default application.

    " + } + } + }, + "PutDefaultApplicationSettingResponse":{ + "type":"structure", + "members":{ + "applicationArn":{"shape":"ARN"} + } + }, "RecurringCharge":{ "type":"structure", "members":{ @@ -6910,16 +7029,14 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for creating a resource that already exists.

    ", "error":{"httpStatusCode":409}, "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for accessing or deleting a resource that doesn't exist.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -6946,8 +7063,7 @@ }, "RevokeVpcEndpointAccessResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RoleArn":{ "type":"string", @@ -6995,6 +7111,16 @@ "max":1024, "min":1 }, + "S3VectorsEngine":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    Enables S3 vectors engine features.

    " + } + }, + "documentation":"

    Options for enabling S3 vectors engine features on the specified domain.

    " + }, "SAMLEntityId":{ "type":"string", "max":512, @@ -7526,17 +7652,17 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier of the OpenSearch Application to be updated.

    ", + "documentation":"

    The unique identifier for the OpenSearch application to be updated.

    ", "location":"uri", "locationName":"id" }, "dataSources":{ "shape":"DataSources", - "documentation":"

    Data sources to be associated with the OpenSearch Application.

    " + "documentation":"

    The data sources to associate with the OpenSearch application.

    " }, "appConfigs":{ "shape":"AppConfigs", - "documentation":"

    Configurations to be changed for the OpenSearch Application.

    " + "documentation":"

    The configuration settings to modify for the OpenSearch application.

    " } } }, @@ -7545,32 +7671,32 @@ "members":{ "id":{ "shape":"Id", - "documentation":"

    Unique identifier of the updated OpenSearch Application.

    " + "documentation":"

    The unique identifier of the updated OpenSearch application.

    " }, "name":{ "shape":"ApplicationName", - "documentation":"

    Name of the updated OpenSearch Application.

    " + "documentation":"

    The name of the updated OpenSearch application.

    " }, "arn":{"shape":"ARN"}, "dataSources":{ "shape":"DataSources", - "documentation":"

    Data sources associated with the updated OpenSearch Application.

    " + "documentation":"

    The data sources associated with the updated OpenSearch application.

    " }, "iamIdentityCenterOptions":{ "shape":"IamIdentityCenterOptions", - "documentation":"

    IAM Identity Center settings for the updated OpenSearch Application.

    " + "documentation":"

    The IAM Identity Center configuration for the updated OpenSearch application.

    " }, "appConfigs":{ "shape":"AppConfigs", - "documentation":"

    Configurations for the updated OpenSearch Application.

    " + "documentation":"

    The configuration settings for the updated OpenSearch application.

    " }, "createdAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which the OpenSearch Application was created.

    " + "documentation":"

    The timestamp when the OpenSearch application was originally created.

    " }, "lastUpdatedAt":{ "shape":"Timestamp", - "documentation":"

    Timestamp at which the OpenSearch Application was last updated.

    " + "documentation":"

    The timestamp when the OpenSearch application was last updated.

    " } } }, @@ -8113,8 +8239,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for accessing or deleting a resource that doesn't exist.

    ", "error":{"httpStatusCode":400}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/service-2.json 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2021-11-01", + "auth":["aws.auth#sigv4"], "endpointPrefix":"aoss", "jsonVersion":"1.0", "protocol":"json", @@ -11,8 +12,7 @@ "signatureVersion":"v4", "signingName":"aoss", "targetPrefix":"OpenSearchServerless", - "uid":"opensearchserverless-2021-11-01", - "auth":["aws.auth#sigv4"] + "uid":"opensearchserverless-2021-11-01" }, "operations":{ "BatchGetCollection":{ @@ -27,7 +27,7 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"

    Returns attributes for one or more collections, including the collection endpoint and the OpenSearch Dashboards endpoint. For more information, see Creating and managing Amazon OpenSearch Serverless collections.

    " + "documentation":"

    Returns attributes for one or more collections, including the collection endpoint, the OpenSearch Dashboards endpoint, and FIPS-compliant endpoints. For more information, see Creating and managing Amazon OpenSearch Serverless collections.

    " }, "BatchGetEffectiveLifecyclePolicy":{ "name":"BatchGetEffectiveLifecyclePolicy", @@ -97,8 +97,8 @@ "input":{"shape":"CreateCollectionRequest"}, "output":{"shape":"CreateCollectionResponse"}, "errors":[ - {"shape":"OcuLimitExceededException"}, {"shape":"InternalServerException"}, + {"shape":"OcuLimitExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} @@ -106,6 +106,23 @@ "documentation":"

    Creates a new OpenSearch Serverless collection. For more information, see Creating and managing Amazon OpenSearch Serverless collections.

    ", "idempotent":true }, + "CreateIndex":{ + "name":"CreateIndex", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateIndexRequest"}, + "output":{"shape":"CreateIndexResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates an index within an OpenSearch Serverless collection. Unlike other OpenSearch indexes, indexes created by this API are automatically configured to conduct automatic semantic enrichment ingestion and search. For more information, see About automatic semantic enrichment in the OpenSearch User Guide.

    ", + "idempotent":true + }, "CreateLifecyclePolicy":{ "name":"CreateLifecyclePolicy", "http":{ @@ -137,7 +154,7 @@ {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

    ", + "documentation":"

    Specifies a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

    ", "idempotent":true }, "CreateSecurityPolicy":{ @@ -184,8 +201,8 @@ "output":{"shape":"DeleteAccessPolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes an OpenSearch Serverless access policy. For more information, see Data access control for Amazon OpenSearch Serverless.

    ", @@ -201,13 +218,29 @@ "output":{"shape":"DeleteCollectionResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes an OpenSearch Serverless collection. For more information, see Creating and managing Amazon OpenSearch Serverless collections.

    ", "idempotent":true }, + "DeleteIndex":{ + "name":"DeleteIndex", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIndexRequest"}, + "output":{"shape":"DeleteIndexResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes an index from an OpenSearch Serverless collection. Be aware that the index might be configured to conduct automatic semantic enrichment ingestion and search. For more information, see About automatic semantic enrichment.

    ", + "idempotent":true + }, "DeleteLifecyclePolicy":{ "name":"DeleteLifecyclePolicy", "http":{ @@ -218,8 +251,8 @@ "output":{"shape":"DeleteLifecyclePolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes an OpenSearch Serverless lifecycle policy. For more information, see Deleting data lifecycle policies.

    ", @@ -235,8 +268,8 @@ "output":{"shape":"DeleteSecurityConfigResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

    ", @@ -252,8 +285,8 @@ "output":{"shape":"DeleteSecurityPolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes an OpenSearch Serverless security policy.

    ", @@ -269,8 +302,8 @@ "output":{"shape":"DeleteVpcEndpointResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Deletes an OpenSearch Serverless-managed interface endpoint. For more information, see Access Amazon OpenSearch Serverless using an interface endpoint.

    ", @@ -305,6 +338,21 @@ ], "documentation":"

    Returns account-level settings related to OpenSearch Serverless.

    " }, + "GetIndex":{ + "name":"GetIndex", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIndexRequest"}, + "output":{"shape":"GetIndexResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about an index in an OpenSearch Serverless collection, including its schema definition. The index might be configured to conduct automatic semantic enrichment ingestion and search. For more information, see About automatic semantic enrichment.

    " + }, "GetPoliciesStats":{ "name":"GetPoliciesStats", "http":{ @@ -457,8 +505,8 @@ "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], @@ -474,8 +522,8 @@ "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Removes a tag or set of tags from an OpenSearch Serverless resource. For more information, see Tagging Amazon OpenSearch Serverless collections.

    " @@ -490,8 +538,8 @@ "output":{"shape":"UpdateAccessPolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Updates an OpenSearch Serverless access policy. For more information, see Data access control for Amazon OpenSearch Serverless.

    ", @@ -527,6 +575,22 @@ "documentation":"

    Updates an OpenSearch Serverless collection.

    ", "idempotent":true }, + "UpdateIndex":{ + "name":"UpdateIndex", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateIndexRequest"}, + "output":{"shape":"UpdateIndexResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates an existing index in an OpenSearch Serverless collection. This operation allows you to modify the index schema, including adding new fields or changing field mappings. You can also enable automatic semantic enrichment ingestion and search. For more information, see About automatic semantic enrichment.

    ", + "idempotent":true + }, "UpdateLifecyclePolicy":{ "name":"UpdateLifecyclePolicy", "http":{ @@ -537,8 +601,8 @@ "output":{"shape":"UpdateLifecyclePolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], @@ -555,8 +619,8 @@ "output":{"shape":"UpdateSecurityConfigResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"} ], "documentation":"

    Updates a security configuration for OpenSearch Serverless. For more information, see SAML authentication for Amazon OpenSearch Serverless.

    ", @@ -572,8 +636,8 @@ "output":{"shape":"UpdateSecurityPolicyResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"} ], @@ -601,33 +665,33 @@ "AccessPolicyDetail":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The timestamp of when the policy was last modified.

    " + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of access policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

    The version of the policy.

    " + }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the policy.

    " + }, "policy":{ "shape":"Document", "documentation":"

    The JSON policy document without any whitespaces.

    " }, - "policyVersion":{ - "shape":"PolicyVersion", - "documentation":"

    The version of the policy.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the policy was created.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of access policy.

    " + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The timestamp of when the policy was last modified.

    " } }, "documentation":"

    Details about an OpenSearch Serverless access policy.

    " @@ -649,17 +713,9 @@ "AccessPolicySummary":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The Epoch time when the access policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the access policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The date and time when the collection was last modified.

    " + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of access policy. Currently, the only available type is data.

    " }, "name":{ "shape":"PolicyName", @@ -669,9 +725,17 @@ "shape":"PolicyVersion", "documentation":"

    The version of the policy.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of access policy. Currently, the only available type is data.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the access policy.

    " + }, + "createdDate":{ + "shape":"Long", + "documentation":"

    The Epoch time when the access policy was created.

    " + }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The date and time when the collection was last modified.

    " } }, "documentation":"

    A summary of the data access policy.

    " @@ -813,25 +877,57 @@ "CollectionDetail":{ "type":"structure", "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    A unique identifier for the collection.

    " + }, + "name":{ + "shape":"CollectionName", + "documentation":"

    The name of the collection.

    " + }, + "status":{ + "shape":"CollectionStatus", + "documentation":"

    The current status of the collection.

    " + }, + "type":{ + "shape":"CollectionType", + "documentation":"

    The type of collection.

    " + }, + "description":{ + "shape":"String", + "documentation":"

    A description of the collection.

    " + }, "arn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " }, - "collectionEndpoint":{ + "kmsKeyArn":{ "shape":"String", - "documentation":"

    Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection.

    " + "documentation":"

    The ARN of the Amazon Web Services KMS key used to encrypt the collection.

    " + }, + "standbyReplicas":{ + "shape":"StandbyReplicas", + "documentation":"

    Details about an OpenSearch Serverless collection.

    " }, "createdDate":{ "shape":"Long", "documentation":"

    The Epoch time when the collection was created.

    " }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The date and time when the collection was last modified.

    " + }, + "collectionEndpoint":{ + "shape":"String", + "documentation":"

    Collection-specific endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection.

    " + }, "dashboardEndpoint":{ "shape":"String", "documentation":"

    Collection-specific endpoint used to access OpenSearch Dashboards.

    " }, - "description":{ - "shape":"String", - "documentation":"

    A description of the collection.

    " + "fipsEndpoints":{ + "shape":"FipsEndpoints", + "documentation":"

    FIPS-compliant endpoints for the collection. These endpoints use FIPS 140-3 validated cryptographic modules and are required for federal government workloads that must comply with FedRAMP security standards.

    " }, "failureCode":{ "shape":"String", @@ -840,37 +936,9 @@ "failureMessage":{ "shape":"String", "documentation":"

    A message associated with the failure code.

    " - }, - "id":{ - "shape":"CollectionId", - "documentation":"

    A unique identifier for the collection.

    " - }, - "kmsKeyArn":{ - "shape":"String", - "documentation":"

    The ARN of the Amazon Web Services KMS key used to encrypt the collection.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The date and time when the collection was last modified.

    " - }, - "name":{ - "shape":"CollectionName", - "documentation":"

    The name of the collection.

    " - }, - "standbyReplicas":{ - "shape":"StandbyReplicas", - "documentation":"

    Details about an OpenSearch Serverless collection.

    " - }, - "status":{ - "shape":"CollectionStatus", - "documentation":"

    The current status of the collection.

    " - }, - "type":{ - "shape":"CollectionType", - "documentation":"

    The type of collection.

    " } }, - "documentation":"

    Details about each OpenSearch Serverless collection, including the collection endpoint and the OpenSearch Dashboards endpoint.

    " + "documentation":"

    Details about each OpenSearch Serverless collection, including the collection endpoint, the OpenSearch Dashboards endpoint, and FIPS-compliant endpoints for federal government workloads.

    " }, "CollectionDetails":{ "type":"list", @@ -879,14 +947,6 @@ "CollectionErrorDetail":{ "type":"structure", "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

    The error code for the request. For example, NOT_FOUND.

    " - }, - "errorMessage":{ - "shape":"String", - "documentation":"

    A description of the error. For example, The specified Collection is not found.

    " - }, "id":{ "shape":"CollectionId", "documentation":"

    If the request contains collection IDs, the response includes the IDs provided in the request.

    " @@ -894,6 +954,14 @@ "name":{ "shape":"CollectionName", "documentation":"

    If the request contains collection names, the response includes the names provided in the request.

    " + }, + "errorMessage":{ + "shape":"String", + "documentation":"

    A description of the error. For example, The specified Collection is not found.

    " + }, + "errorCode":{ + "shape":"String", + "documentation":"

    The error code for the request. For example, NOT_FOUND.

    " } }, "documentation":"

    Error information for an OpenSearch Serverless request.

    " @@ -920,7 +988,7 @@ "type":"string", "max":40, "min":3, - "pattern":"^[a-z0-9]{3,40}$" + "pattern":"[a-z0-9]{3,40}" }, "CollectionIds":{ "type":"list", @@ -932,7 +1000,7 @@ "type":"string", "max":32, "min":3, - "pattern":"^[a-z][a-z0-9-]+$" + "pattern":"[a-z][a-z0-9-]+" }, "CollectionNames":{ "type":"list", @@ -956,10 +1024,6 @@ "CollectionSummary":{ "type":"structure", "members":{ - "arn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " - }, "id":{ "shape":"CollectionId", "documentation":"

    The unique identifier of the collection.

    " @@ -971,6 +1035,10 @@ "status":{ "shape":"CollectionStatus", "documentation":"

    The current status of the collection.

    " + }, + "arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " } }, "documentation":"

    Details about each OpenSearch Serverless collection.

    " @@ -992,7 +1060,7 @@ "type":"string", "max":32, "min":3, - "pattern":"^[a-z][a-z0-9-]+$" + "pattern":"[a-z][a-z0-9-]+" }, "ConflictException":{ "type":"structure", @@ -1005,31 +1073,31 @@ "CreateAccessPolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policy", - "type" + "policy" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + }, "policy":{ "shape":"PolicyDocument", "documentation":"

    The JSON policy document to use as the content for the policy.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1045,45 +1113,45 @@ "CreateCollectionDetail":{ "type":"structure", "members":{ - "arn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection.

    " }, - "createdDate":{ - "shape":"Long", - "documentation":"

    The Epoch time when the collection was created.

    " + "name":{ + "shape":"CollectionName", + "documentation":"

    The name of the collection.

    " + }, + "status":{ + "shape":"CollectionStatus", + "documentation":"

    The current status of the collection.

    " + }, + "type":{ + "shape":"CollectionType", + "documentation":"

    The type of collection.

    " }, "description":{ "shape":"String", "documentation":"

    A description of the collection.

    " }, - "id":{ - "shape":"CollectionId", - "documentation":"

    The unique identifier of the collection.

    " + "arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " }, "kmsKeyArn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the KMS key with which to encrypt the collection.

    " }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The date and time when the collection was last modified.

    " - }, - "name":{ - "shape":"CollectionName", - "documentation":"

    The name of the collection.

    " - }, "standbyReplicas":{ "shape":"StandbyReplicas", "documentation":"

    Creates details about an OpenSearch Serverless collection.

    " }, - "status":{ - "shape":"CollectionStatus", - "documentation":"

    The current status of the collection.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The Epoch time when the collection was created.

    " }, - "type":{ - "shape":"CollectionType", - "documentation":"

    The type of collection.

    " + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The date and time when the collection was last modified.

    " } }, "documentation":"

    Details about the created OpenSearch Serverless collection.

    " @@ -1092,30 +1160,30 @@ "type":"structure", "required":["name"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "name":{ + "shape":"CollectionName", + "documentation":"

    Name of the collection.

    " + }, + "type":{ + "shape":"CollectionType", + "documentation":"

    The type of collection.

    " }, "description":{ "shape":"CreateCollectionRequestDescriptionString", "documentation":"

    Description of the collection.

    " }, - "name":{ - "shape":"CollectionName", - "documentation":"

    Name of the collection.

    " + "tags":{ + "shape":"Tags", + "documentation":"

    An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Serverless collection.

    " }, "standbyReplicas":{ "shape":"StandbyReplicas", "documentation":"

    Indicates whether standby replicas should be used for a collection.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    An arbitrary set of tags (key–value pairs) to associate with the OpenSearch Serverless collection.

    " - }, - "type":{ - "shape":"CollectionType", - "documentation":"

    The type of collection.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1137,10 +1205,6 @@ "type":"structure", "required":["instanceArn"], "members":{ - "groupAttribute":{ - "shape":"IamIdentityCenterGroupAttribute", - "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " - }, "instanceArn":{ "shape":"IamIdentityCenterInstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.

    " @@ -1148,38 +1212,67 @@ "userAttribute":{ "shape":"IamIdentityCenterUserAttribute", "documentation":"

    The user attribute for this IAM Identity Center integration. Defaults to UserId.

    " + }, + "groupAttribute":{ + "shape":"IamIdentityCenterGroupAttribute", + "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " } }, "documentation":"

    Describes IAM Identity Center options for creating an OpenSearch Serverless security configuration in the form of a key-value map.

    " }, + "CreateIndexRequest":{ + "type":"structure", + "required":[ + "id", + "indexName" + ], + "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection in which to create the index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the index to create. Index names must be lowercase and can't begin with underscores (_) or hyphens (-).

    " + }, + "indexSchema":{ + "shape":"IndexSchema", + "documentation":"

    The JSON schema definition for the index, including field mappings and settings.

    " + } + } + }, + "CreateIndexResponse":{ + "type":"structure", + "members":{} + }, "CreateLifecyclePolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policy", - "type" + "policy" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the lifecycle policy.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the lifecycle policy.

    " }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the lifecycle policy.

    " + }, "policy":{ "shape":"PolicyDocument", "documentation":"

    The JSON policy document to use as the content for the lifecycle policy.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1195,34 +1288,38 @@ "CreateSecurityConfigRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "type":{ + "shape":"SecurityConfigType", + "documentation":"

    The type of security configuration.

    " + }, + "name":{ + "shape":"ConfigName", + "documentation":"

    The name of the security configuration.

    " }, "description":{ "shape":"ConfigDescription", "documentation":"

    A description of the security configuration.

    " }, + "samlOptions":{ + "shape":"SamlConfigOptions", + "documentation":"

    Describes SAML options in in the form of a key-value map. This field is required if you specify SAML for the type parameter.

    " + }, "iamIdentityCenterOptions":{ "shape":"CreateIamIdentityCenterConfigOptions", "documentation":"

    Describes IAM Identity Center options in the form of a key-value map. This field is required if you specify iamidentitycenter for the type parameter.

    " }, - "name":{ - "shape":"ConfigName", - "documentation":"

    The name of the security configuration.

    " - }, - "samlOptions":{ - "shape":"SamlConfigOptions", - "documentation":"

    Describes SAML options in in the form of a key-value map. This field is required if you specify saml for the type parameter.

    " + "iamFederationOptions":{ + "shape":"IamFederationConfigOptions", + "documentation":"

    Describes IAM federation options in the form of a key-value map. This field is required if you specify iamFederation for the type parameter.

    " }, - "type":{ - "shape":"SecurityConfigType", - "documentation":"

    The type of security configuration.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1231,38 +1328,38 @@ "members":{ "securityConfigDetail":{ "shape":"SecurityConfigDetail", - "documentation":"

    Details about the created security configuration.

    " + "documentation":"

    Details about the created security configuration.

    " } } }, "CreateSecurityPolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policy", - "type" + "policy" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of security policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + }, "policy":{ "shape":"PolicyDocument", "documentation":"

    The JSON policy document to use as the content for the new policy.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of security policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1297,30 +1394,30 @@ "type":"structure", "required":[ "name", - "subnetIds", - "vpcId" + "vpcId", + "subnetIds" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, "name":{ "shape":"VpcEndpointName", "documentation":"

    The name of the interface endpoint.

    " }, - "securityGroupIds":{ - "shape":"SecurityGroupIds", - "documentation":"

    The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC from which you'll access OpenSearch Serverless.

    " }, "subnetIds":{ "shape":"SubnetIds", "documentation":"

    The ID of one or more subnets from which you'll access OpenSearch Serverless.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC from which you'll access OpenSearch Serverless.

    " + "securityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -1336,29 +1433,28 @@ "DeleteAccessPolicyRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy to delete.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, "DeleteAccessPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCollectionDetail":{ "type":"structure", @@ -1382,14 +1478,14 @@ "type":"structure", "required":["id"], "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection. For example, 1iu5usc406kd. The ID is part of the collection endpoint. You can also retrieve it using the ListCollections API.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request.

    ", "idempotencyToken":true - }, - "id":{ - "shape":"CollectionId", - "documentation":"

    The unique identifier of the collection. For example, 1iu5usc406kd. The ID is part of the collection endpoint. You can also retrieve it using the ListCollections API.

    " } } }, @@ -1402,79 +1498,97 @@ } } }, + "DeleteIndexRequest":{ + "type":"structure", + "required":[ + "id", + "indexName" + ], + "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection containing the index to delete.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the index to delete.

    " + } + } + }, + "DeleteIndexResponse":{ + "type":"structure", + "members":{} + }, "DeleteLifecyclePolicyRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy to delete.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, "DeleteLifecyclePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSecurityConfigRequest":{ "type":"structure", "required":["id"], "members":{ + "id":{ + "shape":"SecurityConfigId", + "documentation":"

    The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", "idempotencyToken":true - }, - "id":{ - "shape":"SecurityConfigId", - "documentation":"

    The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.

    " } } }, "DeleteSecurityConfigResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSecurityPolicyRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy to delete.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of policy.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, "DeleteSecurityPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVpcEndpointDetail":{ "type":"structure", @@ -1498,14 +1612,14 @@ "type":"structure", "required":["id"], "members":{ + "id":{ + "shape":"VpcEndpointId", + "documentation":"

    The VPC endpoint identifier.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", "idempotencyToken":true - }, - "id":{ - "shape":"VpcEndpointId", - "documentation":"

    The VPC endpoint identifier.

    " } } }, @@ -1520,25 +1634,24 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "EffectiveLifecyclePolicyDetail":{ "type":"structure", "members":{ - "noMinRetentionPeriod":{ - "shape":"Boolean", - "documentation":"

    The minimum number of index retention days set. That is an optional param that will return as true if the minimum number of days or hours is not set to a index resource.

    " - }, - "policyName":{ - "shape":"PolicyName", - "documentation":"

    The name of the lifecycle policy.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "resource":{ "shape":"Resource", "documentation":"

    The name of the OpenSearch Serverless index resource.

    " }, + "policyName":{ + "shape":"PolicyName", + "documentation":"

    The name of the lifecycle policy.

    " + }, "resourceType":{ "shape":"ResourceType", "documentation":"

    The type of OpenSearch Serverless resource. Currently, the only supported resource is index.

    " @@ -1547,9 +1660,9 @@ "shape":"String", "documentation":"

    The minimum number of index retention in days or hours. This is an optional parameter that will return only if it’s set.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "noMinRetentionPeriod":{ + "shape":"Boolean", + "documentation":"

    The minimum number of index retention days set. That is an optional param that will return as true if the minimum number of days or hours is not set to a index resource.

    " } }, "documentation":"

    Error information for an OpenSearch Serverless request.

    " @@ -1561,21 +1674,21 @@ "EffectiveLifecyclePolicyErrorDetail":{ "type":"structure", "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

    The error code for the request.

    " - }, - "errorMessage":{ - "shape":"String", - "documentation":"

    A description of the error. For example, The specified Index resource is not found.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "resource":{ "shape":"Resource", "documentation":"

    The name of OpenSearch Serverless index resource.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "errorMessage":{ + "shape":"String", + "documentation":"

    A description of the error. For example, The specified Index resource is not found.

    " + }, + "errorCode":{ + "shape":"String", + "documentation":"

    The error code for the request.

    " } }, "documentation":"

    Error information for an OpenSearch Serverless request.

    " @@ -1584,20 +1697,34 @@ "type":"list", "member":{"shape":"EffectiveLifecyclePolicyErrorDetail"} }, + "FipsEndpoints":{ + "type":"structure", + "members":{ + "collectionEndpoint":{ + "shape":"String", + "documentation":"

    FIPS-compliant collection endpoint used to submit index, search, and data upload requests to an OpenSearch Serverless collection. This endpoint uses FIPS 140-3 validated cryptography and is required for federal government workloads.

    " + }, + "dashboardEndpoint":{ + "shape":"String", + "documentation":"

    FIPS-compliant endpoint used to access OpenSearch Dashboards. This endpoint uses FIPS 140-3 validated cryptography and is required for federal government workloads that need dashboard visualization capabilities.

    " + } + }, + "documentation":"

    FIPS-compliant endpoint URLs for an OpenSearch Serverless collection. These endpoints ensure all data transmission uses FIPS 140-3 validated cryptographic implementations, meeting federal security requirements for government workloads.

    " + }, "GetAccessPolicyRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "name":{ - "shape":"PolicyName", - "documentation":"

    The name of the access policy.

    " - }, "type":{ "shape":"AccessPolicyType", "documentation":"

    Tye type of policy. Currently, the only supported value is data.

    " + }, + "name":{ + "shape":"PolicyName", + "documentation":"

    The name of the access policy.

    " } } }, @@ -1612,8 +1739,7 @@ }, "GetAccountSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAccountSettingsResponse":{ "type":"structure", @@ -1624,11 +1750,36 @@ } } }, - "GetPoliciesStatsRequest":{ + "GetIndexRequest":{ + "type":"structure", + "required":[ + "id", + "indexName" + ], + "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection containing the index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the index to retrieve information about.

    " + } + } + }, + "GetIndexResponse":{ "type":"structure", "members":{ + "indexSchema":{ + "shape":"IndexSchema", + "documentation":"

    The JSON schema definition for the index, including field mappings and settings.

    " + } } }, + "GetPoliciesStatsRequest":{ + "type":"structure", + "members":{} + }, "GetPoliciesStatsResponse":{ "type":"structure", "members":{ @@ -1636,17 +1787,17 @@ "shape":"AccessPolicyStats", "documentation":"

    Information about the data access policies in your account.

    " }, - "LifecyclePolicyStats":{ - "shape":"LifecyclePolicyStats", - "documentation":"

    Information about the lifecycle policies in your account.

    " + "SecurityPolicyStats":{ + "shape":"SecurityPolicyStats", + "documentation":"

    Information about the security policies in your account.

    " }, "SecurityConfigStats":{ "shape":"SecurityConfigStats", "documentation":"

    Information about the security configurations in your account.

    " }, - "SecurityPolicyStats":{ - "shape":"SecurityPolicyStats", - "documentation":"

    Information about the security policies in your account.

    " + "LifecyclePolicyStats":{ + "shape":"LifecyclePolicyStats", + "documentation":"

    Information about the lifecycle policies in your account.

    " }, "TotalPolicyCount":{ "shape":"Long", @@ -1676,17 +1827,17 @@ "GetSecurityPolicyRequest":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "name":{ - "shape":"PolicyName", - "documentation":"

    The name of the security policy.

    " - }, "type":{ "shape":"SecurityPolicyType", "documentation":"

    The type of security policy.

    " + }, + "name":{ + "shape":"PolicyName", + "documentation":"

    The name of the security policy.

    " } } }, @@ -1699,38 +1850,52 @@ } } }, + "IamFederationConfigOptions":{ + "type":"structure", + "members":{ + "groupAttribute":{ + "shape":"iamFederationGroupAttribute", + "documentation":"

    The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.

    " + }, + "userAttribute":{ + "shape":"iamFederationUserAttribute", + "documentation":"

    The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process.

    " + } + }, + "documentation":"

    Describes IAM federation options for an OpenSearch Serverless security configuration in the form of a key-value map. These options define how OpenSearch Serverless integrates with external identity providers using federation.

    " + }, "IamIdentityCenterApplicationArn":{ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" }, "IamIdentityCenterConfigOptions":{ "type":"structure", "members":{ + "instanceArn":{ + "shape":"IamIdentityCenterInstanceArn", + "documentation":"

    The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.

    " + }, "applicationArn":{ "shape":"IamIdentityCenterApplicationArn", "documentation":"

    The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.

    " }, - "applicationDescription":{ - "shape":"String", - "documentation":"

    The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.

    " - }, "applicationName":{ "shape":"String", "documentation":"

    The name of the IAM Identity Center application used to integrate with OpenSearch Serverless.

    " }, - "groupAttribute":{ - "shape":"IamIdentityCenterGroupAttribute", - "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " - }, - "instanceArn":{ - "shape":"IamIdentityCenterInstanceArn", - "documentation":"

    The ARN of the IAM Identity Center instance used to integrate with OpenSearch Serverless.

    " + "applicationDescription":{ + "shape":"String", + "documentation":"

    The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.

    " }, "userAttribute":{ "shape":"IamIdentityCenterUserAttribute", "documentation":"

    The user attribute for this IAM Identity Center integration. Defaults to UserId

    " + }, + "groupAttribute":{ + "shape":"IamIdentityCenterGroupAttribute", + "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " } }, "documentation":"

    Describes IAM Identity Center options for an OpenSearch Serverless security configuration in the form of a key-value map.

    " @@ -1746,7 +1911,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" }, "IamIdentityCenterUserAttribute":{ "type":"string", @@ -1756,6 +1921,12 @@ "Email" ] }, + "IndexName":{"type":"string"}, + "IndexSchema":{ + "type":"structure", + "members":{}, + "document":true + }, "IndexingCapacityValue":{ "type":"integer", "box":true, @@ -1773,33 +1944,33 @@ "LifecyclePolicyDetail":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the lifecycle policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the lifecycle policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The timestamp of when the lifecycle policy was last modified.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the lifecycle policy.

    " }, + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

    The version of the lifecycle policy.

    " + }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the lifecycle policy.

    " + }, "policy":{ "shape":"Document", "documentation":"

    The JSON policy document without any whitespaces.

    " }, - "policyVersion":{ - "shape":"PolicyVersion", - "documentation":"

    The version of the lifecycle policy.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the lifecycle policy was created.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The timestamp of when the lifecycle policy was last modified.

    " } }, "documentation":"

    Details about an OpenSearch Serverless lifecycle policy.

    " @@ -1811,21 +1982,21 @@ "LifecyclePolicyErrorDetail":{ "type":"structure", "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

    The error code for the request. For example, NOT_FOUND.

    " - }, - "errorMessage":{ - "shape":"String", - "documentation":"

    A description of the error. For example, The specified Lifecycle Policy is not found.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the lifecycle policy.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "errorMessage":{ + "shape":"String", + "documentation":"

    A description of the error. For example, The specified Lifecycle Policy is not found.

    " + }, + "errorCode":{ + "shape":"String", + "documentation":"

    The error code for the request. For example, NOT_FOUND.

    " } }, "documentation":"

    Error information for an OpenSearch Serverless request.

    " @@ -1837,17 +2008,17 @@ "LifecyclePolicyIdentifier":{ "type":"structure", "required":[ - "name", - "type" + "type", + "name" ], "members":{ - "name":{ - "shape":"PolicyName", - "documentation":"

    The name of the lifecycle policy.

    " - }, "type":{ "shape":"LifecyclePolicyType", "documentation":"

    The type of lifecycle policy.

    " + }, + "name":{ + "shape":"PolicyName", + "documentation":"

    The name of the lifecycle policy.

    " } }, "documentation":"

    The unique identifiers of policy types and policy names.

    " @@ -1861,17 +2032,17 @@ "LifecyclePolicyResourceIdentifier":{ "type":"structure", "required":[ - "resource", - "type" + "type", + "resource" ], "members":{ - "resource":{ - "shape":"ResourceName", - "documentation":"

    The name of the OpenSearch Serverless ilndex resource.

    " - }, "type":{ "shape":"LifecyclePolicyType", "documentation":"

    The type of lifecycle policy.

    " + }, + "resource":{ + "shape":"ResourceName", + "documentation":"

    The name of the OpenSearch Serverless ilndex resource.

    " } }, "documentation":"

    The unique identifiers of policy types and resource names.

    " @@ -1899,17 +2070,9 @@ "LifecyclePolicySummary":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The Epoch time when the lifecycle policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the lifecycle policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The date and time when the lifecycle policy was last modified.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", @@ -1919,9 +2082,17 @@ "shape":"PolicyVersion", "documentation":"

    The version of the lifecycle policy.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the lifecycle policy.

    " + }, + "createdDate":{ + "shape":"Long", + "documentation":"

    The Epoch time when the lifecycle policy was created.

    " + }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The date and time when the lifecycle policy was last modified.

    " } }, "documentation":"

    A summary of the lifecycle policy.

    " @@ -1935,21 +2106,21 @@ "type":"structure", "required":["type"], "members":{ - "maxResults":{ - "shape":"ListAccessPoliciesRequestMaxResultsInteger", - "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " - }, - "nextToken":{ - "shape":"String", - "documentation":"

    If your initial ListAccessPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListAccessPolicies operations, which returns results in the next page.

    " + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of access policy.

    " }, "resource":{ "shape":"ListAccessPoliciesRequestResourceList", "documentation":"

    Resource filters (can be collections or indexes) that policies can apply to.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of access policy.

    " + "nextToken":{ + "shape":"String", + "documentation":"

    If your initial ListAccessPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListAccessPolicies operations, which returns results in the next page.

    " + }, + "maxResults":{ + "shape":"ListAccessPoliciesRequestMaxResultsInteger", + "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " } } }, @@ -1985,13 +2156,13 @@ "shape":"CollectionFilters", "documentation":"

    A list of filter names and values that you can use for requests.

    " }, - "maxResults":{ - "shape":"ListCollectionsRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return. Default is 20. You can use nextToken to get the next page of results.

    " - }, "nextToken":{ "shape":"String", "documentation":"

    If your initial ListCollections operation returns a nextToken, you can include the returned nextToken in subsequent ListCollections operations, which returns results in the next page.

    " + }, + "maxResults":{ + "shape":"ListCollectionsRequestMaxResultsInteger", + "documentation":"

    The maximum number of results to return. Default is 20. You can use nextToken to get the next page of results.

    " } } }, @@ -2018,21 +2189,21 @@ "type":"structure", "required":["type"], "members":{ - "maxResults":{ - "shape":"ListLifecyclePoliciesRequestMaxResultsInteger", - "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use use nextToken to get the next page of results. The default is 10.

    " - }, - "nextToken":{ - "shape":"String", - "documentation":"

    If your initial ListLifecyclePolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListLifecyclePolicies operations, which returns results in the next page.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "resources":{ "shape":"ListLifecyclePoliciesRequestResourcesList", "documentation":"

    Resource filters that policies can apply to. Currently, the only supported resource type is index.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "nextToken":{ + "shape":"String", + "documentation":"

    If your initial ListLifecyclePolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListLifecyclePolicies operations, which returns results in the next page.

    " + }, + "maxResults":{ + "shape":"ListLifecyclePoliciesRequestMaxResultsInteger", + "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use use nextToken to get the next page of results. The default is 10.

    " } } }, @@ -2065,17 +2236,17 @@ "type":"structure", "required":["type"], "members":{ - "maxResults":{ - "shape":"ListSecurityConfigsRequestMaxResultsInteger", - "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " + "type":{ + "shape":"SecurityConfigType", + "documentation":"

    The type of security configuration.

    " }, "nextToken":{ "shape":"String", - "documentation":"

    If your initial ListSecurityConfigs operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityConfigs operations, which returns results in the next page.

    " + "documentation":"

    If your initial ListSecurityConfigs operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityConfigs operations, which returns results in the next page.

    " }, - "type":{ - "shape":"SecurityConfigType", - "documentation":"

    The type of security configuration.

    " + "maxResults":{ + "shape":"ListSecurityConfigsRequestMaxResultsInteger", + "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " } } }, @@ -2088,13 +2259,13 @@ "ListSecurityConfigsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"String", - "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " - }, "securityConfigSummaries":{ "shape":"SecurityConfigSummaries", "documentation":"

    Details about the security configurations in your account.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2102,21 +2273,21 @@ "type":"structure", "required":["type"], "members":{ - "maxResults":{ - "shape":"ListSecurityPoliciesRequestMaxResultsInteger", - "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " - }, - "nextToken":{ - "shape":"String", - "documentation":"

    If your initial ListSecurityPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityPolicies operations, which returns results in the next page.

    " + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of policy.

    " }, "resource":{ "shape":"ListSecurityPoliciesRequestResourceList", "documentation":"

    Resource filters (can be collection or indexes) that policies can apply to.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of policy.

    " + "nextToken":{ + "shape":"String", + "documentation":"

    If your initial ListSecurityPolicies operation returns a nextToken, you can include the returned nextToken in subsequent ListSecurityPolicies operations, which returns results in the next page.

    " + }, + "maxResults":{ + "shape":"ListSecurityPoliciesRequestMaxResultsInteger", + "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " } } }, @@ -2135,13 +2306,13 @@ "ListSecurityPoliciesResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"String", - "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " - }, "securityPolicySummaries":{ "shape":"SecurityPolicySummaries", "documentation":"

    Details about the security policies in your account.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2167,17 +2338,17 @@ "ListVpcEndpointsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"ListVpcEndpointsRequestMaxResultsInteger", - "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " + "vpcEndpointFilters":{ + "shape":"VpcEndpointFilters", + "documentation":"

    Filter the results according to the current status of the VPC endpoint. Possible statuses are CREATING, DELETING, UPDATING, ACTIVE, and FAILED.

    " }, "nextToken":{ "shape":"String", "documentation":"

    If your initial ListVpcEndpoints operation returns a nextToken, you can include the returned nextToken in subsequent ListVpcEndpoints operations, which returns results in the next page.

    " }, - "vpcEndpointFilters":{ - "shape":"VpcEndpointFilters", - "documentation":"

    Filter the results according to the current status of the VPC endpoint. Possible statuses are CREATING, DELETING, UPDATING, ACTIVE, and FAILED.

    " + "maxResults":{ + "shape":"ListVpcEndpointsRequestMaxResultsInteger", + "documentation":"

    An optional parameter that specifies the maximum number of results to return. You can use nextToken to get the next page of results. The default is 20.

    " } } }, @@ -2190,13 +2361,13 @@ "ListVpcEndpointsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"String", - "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " - }, "vpcEndpointSummaries":{ "shape":"VpcEndpointSummaries", "documentation":"

    Details about each VPC endpoint, including the name and current status.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " } } }, @@ -2225,24 +2396,24 @@ "type":"string", "max":20480, "min":1, - "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+" + "pattern":".*[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+.*" }, "PolicyName":{ "type":"string", "max":32, "min":3, - "pattern":"^[a-z][a-z0-9-]+$" + "pattern":"[a-z][a-z0-9-]+" }, "PolicyVersion":{ "type":"string", "max":36, "min":20, - "pattern":"^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$" + "pattern":"([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?" }, "Resource":{"type":"string"}, "ResourceName":{ "type":"string", - "pattern":"^index/[a-z][a-z0-9-]{3,32}/([a-z;0-9&$%][+.~=\\-_a-z;0-9&$%]*)$" + "pattern":"index/[a-z][a-z0-9-]{3,32}/([a-z;0-9&$%][+.~=\\-_a-z;0-9&$%]*)" }, "ResourceNotFoundException":{ "type":"structure", @@ -2260,21 +2431,25 @@ "type":"structure", "required":["metadata"], "members":{ + "metadata":{ + "shape":"samlMetadata", + "documentation":"

    The XML IdP metadata file generated from your identity provider.

    " + }, + "userAttribute":{ + "shape":"samlUserAttribute", + "documentation":"

    A user attribute for this SAML integration.

    " + }, "groupAttribute":{ "shape":"samlGroupAttribute", "documentation":"

    The group attribute for this SAML integration.

    " }, - "metadata":{ - "shape":"samlMetadata", - "documentation":"

    The XML IdP metadata file generated from your identity provider.

    " + "openSearchServerlessEntityId":{ + "shape":"openSearchServerlessEntityId", + "documentation":"

    Custom entity ID attribute to override the default entity ID for this SAML integration.

    " }, "sessionTimeout":{ "shape":"SamlConfigOptionsSessionTimeoutInteger", "documentation":"

    The session timeout, in minutes. Default is 60 minutes (12 hours).

    " - }, - "userAttribute":{ - "shape":"samlUserAttribute", - "documentation":"

    A user attribute for this SAML integration.

    " } }, "documentation":"

    Describes SAML options for an OpenSearch Serverless security configuration in the form of a key-value map.

    " @@ -2293,40 +2468,44 @@ "SecurityConfigDetail":{ "type":"structure", "members":{ + "id":{ + "shape":"SecurityConfigId", + "documentation":"

    The unique identifier of the security configuration.

    " + }, + "type":{ + "shape":"SecurityConfigType", + "documentation":"

    The type of security configuration.

    " + }, "configVersion":{ "shape":"PolicyVersion", "documentation":"

    The version of the security configuration.

    " }, - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the configuration was created.

    " - }, "description":{ "shape":"ConfigDescription", "documentation":"

    The description of the security configuration.

    " }, + "samlOptions":{ + "shape":"SamlConfigOptions", + "documentation":"

    SAML options for the security configuration in the form of a key-value map.

    " + }, "iamIdentityCenterOptions":{ "shape":"IamIdentityCenterConfigOptions", "documentation":"

    Describes IAM Identity Center options in the form of a key-value map.

    " }, - "id":{ - "shape":"SecurityConfigId", - "documentation":"

    The unique identifier of the security configuration.

    " + "iamFederationOptions":{ + "shape":"IamFederationConfigOptions", + "documentation":"

    Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.

    " + }, + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the configuration was created.

    " }, "lastModifiedDate":{ "shape":"Long", "documentation":"

    The timestamp of when the configuration was last modified.

    " - }, - "samlOptions":{ - "shape":"SamlConfigOptions", - "documentation":"

    SAML options for the security configuration in the form of a key-value map.

    " - }, - "type":{ - "shape":"SecurityConfigType", - "documentation":"

    The type of security configuration.

    " } }, - "documentation":"

    Details about a security configuration for OpenSearch Serverless.

    " + "documentation":"

    Details about a security configuration for OpenSearch Serverless.

    " }, "SecurityConfigId":{ "type":"string", @@ -2350,29 +2529,29 @@ "SecurityConfigSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"SecurityConfigId", + "documentation":"

    The unique identifier of the security configuration.

    " + }, + "type":{ + "shape":"SecurityConfigType", + "documentation":"

    The type of security configuration.

    " + }, "configVersion":{ "shape":"PolicyVersion", "documentation":"

    The version of the security configuration.

    " }, - "createdDate":{ - "shape":"Long", - "documentation":"

    The Epoch time when the security configuration was created.

    " - }, "description":{ "shape":"ConfigDescription", "documentation":"

    The description of the security configuration.

    " }, - "id":{ - "shape":"SecurityConfigId", - "documentation":"

    The unique identifier of the security configuration.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The Epoch time when the security configuration was created.

    " }, "lastModifiedDate":{ "shape":"Long", "documentation":"

    The timestamp of when the configuration was last modified.

    " - }, - "type":{ - "shape":"SecurityConfigType", - "documentation":"

    The type of security configuration.

    " } }, "documentation":"

    A summary of a security configuration for OpenSearch Serverless.

    " @@ -2381,14 +2560,15 @@ "type":"string", "enum":[ "saml", - "iamidentitycenter" + "iamidentitycenter", + "iamfederation" ] }, "SecurityGroupId":{ "type":"string", "max":128, "min":1, - "pattern":"^[\\w+\\-]+$" + "pattern":"[\\w+\\-]+" }, "SecurityGroupIds":{ "type":"list", @@ -2399,33 +2579,33 @@ "SecurityPolicyDetail":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the security policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The timestamp of when the policy was last modified.

    " + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of security policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, + "policyVersion":{ + "shape":"PolicyVersion", + "documentation":"

    The version of the policy.

    " + }, + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the security policy.

    " + }, "policy":{ "shape":"Document", "documentation":"

    The JSON policy document without any whitespaces.

    " }, - "policyVersion":{ - "shape":"PolicyVersion", - "documentation":"

    The version of the policy.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the policy was created.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of security policy.

    " + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The timestamp of when the policy was last modified.

    " } }, "documentation":"

    Details about an OpenSearch Serverless security policy.

    " @@ -2451,17 +2631,9 @@ "SecurityPolicySummary":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the policy was created.

    " - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    The description of the security policy.

    " - }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The timestamp of when the policy was last modified.

    " + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of security policy.

    " }, "name":{ "shape":"PolicyName", @@ -2471,9 +2643,17 @@ "shape":"PolicyVersion", "documentation":"

    The version of the policy.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of security policy.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    The description of the security policy.

    " + }, + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the policy was created.

    " + }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The timestamp of when the policy was last modified.

    " } }, "documentation":"

    A summary of a security policy for OpenSearch Serverless.

    " @@ -2496,10 +2676,6 @@ "shape":"String", "documentation":"

    Description of the error.

    " }, - "quotaCode":{ - "shape":"String", - "documentation":"

    Service Quotas requirement to identify originating quota.

    " - }, "resourceId":{ "shape":"String", "documentation":"

    Identifier of the resource affected.

    " @@ -2511,6 +2687,10 @@ "serviceCode":{ "shape":"String", "documentation":"

    Service Quotas requirement to identify originating service.

    " + }, + "quotaCode":{ + "shape":"String", + "documentation":"

    Service Quotas requirement to identify originating quota.

    " } }, "documentation":"

    Thrown when you attempt to create more resources than the service allows based on service quotas.

    ", @@ -2528,12 +2708,11 @@ "type":"string", "max":32, "min":1, - "pattern":"^subnet-([0-9a-f]{8}|[0-9a-f]{17})$" + "pattern":"subnet-([0-9a-f]{8}|[0-9a-f]{17})" }, "SubnetIds":{ "type":"list", "member":{"shape":"SubnetId"}, - "max":6, "min":1 }, "Tag":{ @@ -2584,8 +2763,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2617,41 +2795,40 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccessPolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policyVersion", - "type" + "policyVersion" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + "type":{ + "shape":"AccessPolicyType", + "documentation":"

    The type of policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

    The JSON policy document to use as the content for the policy.

    " - }, "policyVersion":{ "shape":"PolicyVersion", "documentation":"

    The version of the policy being updated.

    " }, - "type":{ - "shape":"AccessPolicyType", - "documentation":"

    The type of policy.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

    The JSON policy document to use as the content for the policy.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2675,33 +2852,17 @@ "members":{ "accountSettingsDetail":{ "shape":"AccountSettingsDetail", - "documentation":"

    OpenSearch Serverless-related settings for the current Amazon Web Services account.

    " + "documentation":"

    OpenSearch Serverless-related settings for the current Amazon Web Services account.

    " } } }, "UpdateCollectionDetail":{ "type":"structure", "members":{ - "arn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " - }, - "createdDate":{ - "shape":"Long", - "documentation":"

    The date and time when the collection was created.

    " - }, - "description":{ - "shape":"String", - "documentation":"

    The description of the collection.

    " - }, "id":{ "shape":"CollectionId", "documentation":"

    The unique identifier of the collection.

    " }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The date and time when the collection was last modified.

    " - }, "name":{ "shape":"CollectionName", "documentation":"

    The name of the collection.

    " @@ -2713,6 +2874,22 @@ "type":{ "shape":"CollectionType", "documentation":"

    The collection type.

    " + }, + "description":{ + "shape":"String", + "documentation":"

    The description of the collection.

    " + }, + "arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the collection.

    " + }, + "createdDate":{ + "shape":"Long", + "documentation":"

    The date and time when the collection was created.

    " + }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The date and time when the collection was last modified.

    " } }, "documentation":"

    Details about an updated OpenSearch Serverless collection.

    " @@ -2721,18 +2898,18 @@ "type":"structure", "required":["id"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection.

    " }, "description":{ "shape":"UpdateCollectionRequestDescriptionString", "documentation":"

    A description of the collection.

    " }, - "id":{ - "shape":"CollectionId", - "documentation":"

    The unique identifier of the collection.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2753,49 +2930,74 @@ "UpdateIamIdentityCenterConfigOptions":{ "type":"structure", "members":{ - "groupAttribute":{ - "shape":"IamIdentityCenterGroupAttribute", - "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " - }, "userAttribute":{ "shape":"IamIdentityCenterUserAttribute", "documentation":"

    The user attribute for this IAM Identity Center integration. Defaults to UserId.

    " + }, + "groupAttribute":{ + "shape":"IamIdentityCenterGroupAttribute", + "documentation":"

    The group attribute for this IAM Identity Center integration. Defaults to GroupId.

    " } }, "documentation":"

    Describes IAM Identity Center options for updating an OpenSearch Serverless security configuration in the form of a key-value map.

    " }, + "UpdateIndexRequest":{ + "type":"structure", + "required":[ + "id", + "indexName" + ], + "members":{ + "id":{ + "shape":"CollectionId", + "documentation":"

    The unique identifier of the collection containing the index to update.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the index to update.

    " + }, + "indexSchema":{ + "shape":"IndexSchema", + "documentation":"

    The updated JSON schema definition for the index, including field mappings and settings.

    " + } + } + }, + "UpdateIndexResponse":{ + "type":"structure", + "members":{} + }, "UpdateLifecyclePolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policyVersion", - "type" + "policyVersion" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the lifecycle policy.

    " + "type":{ + "shape":"LifecyclePolicyType", + "documentation":"

    The type of lifecycle policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

    The JSON policy document to use as the content for the lifecycle policy.

    " - }, "policyVersion":{ "shape":"PolicyVersion", "documentation":"

    The version of the policy being updated.

    " }, - "type":{ - "shape":"LifecyclePolicyType", - "documentation":"

    The type of lifecycle policy.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the lifecycle policy.

    " + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

    The JSON policy document to use as the content for the lifecycle policy.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2811,14 +3013,13 @@ "UpdateSecurityConfigRequest":{ "type":"structure", "required":[ - "configVersion", - "id" + "id", + "configVersion" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "id":{ + "shape":"SecurityConfigId", + "documentation":"

    The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.

    " }, "configVersion":{ "shape":"PolicyVersion", @@ -2828,17 +3029,22 @@ "shape":"ConfigDescription", "documentation":"

    A description of the security configuration.

    " }, + "samlOptions":{ + "shape":"SamlConfigOptions", + "documentation":"

    SAML options in in the form of a key-value map.

    " + }, "iamIdentityCenterOptionsUpdates":{ "shape":"UpdateIamIdentityCenterConfigOptions", "documentation":"

    Describes IAM Identity Center options in the form of a key-value map.

    " }, - "id":{ - "shape":"SecurityConfigId", - "documentation":"

    The security configuration identifier. For SAML the ID will be saml/<accountId>/<idpProviderName>. For example, saml/123456789123/OKTADev.

    " + "iamFederationOptions":{ + "shape":"IamFederationConfigOptions", + "documentation":"

    Describes IAM federation options in the form of a key-value map for updating an existing security configuration. Use this field to modify IAM federation settings for the security configuration.

    " }, - "samlOptions":{ - "shape":"SamlConfigOptions", - "documentation":"

    SAML options in in the form of a key-value map.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2854,35 +3060,35 @@ "UpdateSecurityPolicyRequest":{ "type":"structure", "required":[ + "type", "name", - "policyVersion", - "type" + "policyVersion" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"PolicyDescription", - "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + "type":{ + "shape":"SecurityPolicyType", + "documentation":"

    The type of access policy.

    " }, "name":{ "shape":"PolicyName", "documentation":"

    The name of the policy.

    " }, - "policy":{ - "shape":"PolicyDocument", - "documentation":"

    The JSON policy document to use as the content for the new policy.

    " - }, "policyVersion":{ "shape":"PolicyVersion", "documentation":"

    The version of the policy being updated.

    " }, - "type":{ - "shape":"SecurityPolicyType", - "documentation":"

    The type of access policy.

    " + "description":{ + "shape":"PolicyDescription", + "documentation":"

    A description of the policy. Typically used to store information about the permissions defined in the policy.

    " + }, + "policy":{ + "shape":"PolicyDocument", + "documentation":"

    The JSON policy document to use as the content for the new policy.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2902,18 +3108,10 @@ "shape":"VpcEndpointId", "documentation":"

    The unique identifier of the endpoint.

    " }, - "lastModifiedDate":{ - "shape":"Long", - "documentation":"

    The timestamp of when the endpoint was last modified.

    " - }, "name":{ "shape":"VpcEndpointName", "documentation":"

    The name of the endpoint.

    " }, - "securityGroupIds":{ - "shape":"SecurityGroupIds", - "documentation":"

    The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " - }, "status":{ "shape":"VpcEndpointStatus", "documentation":"

    The current status of the endpoint update process.

    " @@ -2921,6 +3119,14 @@ "subnetIds":{ "shape":"SubnetIds", "documentation":"

    The ID of the subnets from which you access OpenSearch Serverless.

    " + }, + "securityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " + }, + "lastModifiedDate":{ + "shape":"Long", + "documentation":"

    The timestamp of when the endpoint was last modified.

    " } }, "documentation":"

    Update details for an OpenSearch Serverless-managed interface endpoint.

    " @@ -2929,30 +3135,30 @@ "type":"structure", "required":["id"], "members":{ - "addSecurityGroupIds":{ - "shape":"SecurityGroupIds", - "documentation":"

    The unique identifiers of the security groups to add to the endpoint. Security groups define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " + "id":{ + "shape":"VpcEndpointId", + "documentation":"

    The unique identifier of the interface endpoint to update.

    " }, "addSubnetIds":{ "shape":"SubnetIds", "documentation":"

    The ID of one or more subnets to add to the endpoint.

    " }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", - "idempotencyToken":true + "removeSubnetIds":{ + "shape":"SubnetIds", + "documentation":"

    The unique identifiers of the subnets to remove from the endpoint.

    " }, - "id":{ - "shape":"VpcEndpointId", - "documentation":"

    The unique identifier of the interface endpoint to update.

    " + "addSecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    The unique identifiers of the security groups to add to the endpoint. Security groups define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " }, "removeSecurityGroupIds":{ "shape":"SecurityGroupIds", "documentation":"

    The unique identifiers of the security groups to remove from the endpoint.

    " }, - "removeSubnetIds":{ - "shape":"SubnetIds", - "documentation":"

    The unique identifiers of the subnets to remove from the endpoint.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique, case-sensitive identifier to ensure idempotency of the request.

    ", + "idempotencyToken":true } } }, @@ -2976,18 +3182,6 @@ "VpcEndpointDetail":{ "type":"structure", "members":{ - "createdDate":{ - "shape":"Long", - "documentation":"

    The date the endpoint was created.

    " - }, - "failureCode":{ - "shape":"String", - "documentation":"

    A failure code associated with the request.

    " - }, - "failureMessage":{ - "shape":"String", - "documentation":"

    A message associated with the failure code.

    " - }, "id":{ "shape":"VpcEndpointId", "documentation":"

    The unique identifier of the endpoint.

    " @@ -2996,6 +3190,14 @@ "shape":"VpcEndpointName", "documentation":"

    The name of the endpoint.

    " }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC from which you access OpenSearch Serverless.

    " + }, + "subnetIds":{ + "shape":"SubnetIds", + "documentation":"

    The ID of the subnets from which you access OpenSearch Serverless.

    " + }, "securityGroupIds":{ "shape":"SecurityGroupIds", "documentation":"

    The unique identifiers of the security groups that define the ports, protocols, and sources for inbound traffic that you are authorizing into your endpoint.

    " @@ -3004,13 +3206,17 @@ "shape":"VpcEndpointStatus", "documentation":"

    The current status of the endpoint.

    " }, - "subnetIds":{ - "shape":"SubnetIds", - "documentation":"

    The ID of the subnets from which you access OpenSearch Serverless.

    " + "createdDate":{ + "shape":"Long", + "documentation":"

    The date the endpoint was created.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC from which you access OpenSearch Serverless.

    " + "failureCode":{ + "shape":"String", + "documentation":"

    A failure code associated with the request.

    " + }, + "failureMessage":{ + "shape":"String", + "documentation":"

    A message associated with the failure code.

    " } }, "documentation":"

    Details about an OpenSearch Serverless-managed interface endpoint.

    " @@ -3022,17 +3228,17 @@ "VpcEndpointErrorDetail":{ "type":"structure", "members":{ - "errorCode":{ - "shape":"String", - "documentation":"

    The error code for the failed request.

    " + "id":{ + "shape":"VpcEndpointId", + "documentation":"

    The unique identifier of the VPC endpoint.

    " }, "errorMessage":{ "shape":"String", "documentation":"

    An error message describing the reason for the failure.

    " }, - "id":{ - "shape":"VpcEndpointId", - "documentation":"

    The unique identifier of the VPC endpoint.

    " + "errorCode":{ + "shape":"String", + "documentation":"

    The error code for the failed request.

    " } }, "documentation":"

    Error information for a failed BatchGetVpcEndpoint request.

    " @@ -3055,18 +3261,19 @@ "type":"string", "max":255, "min":1, - "pattern":"^vpce-[0-9a-z]*$" + "pattern":"vpce-[0-9a-z]*" }, "VpcEndpointIds":{ "type":"list", "member":{"shape":"VpcEndpointId"}, + "max":100, "min":1 }, "VpcEndpointName":{ "type":"string", "max":32, "min":3, - "pattern":"^[a-z][a-z0-9-]+$" + "pattern":"[a-z][a-z0-9-]+" }, "VpcEndpointStatus":{ "type":"string", @@ -3103,26 +3310,44 @@ "type":"string", "max":255, "min":1, - "pattern":"^vpc-[0-9a-z]*$" + "pattern":"vpc-[0-9a-z]*" + }, + "iamFederationGroupAttribute":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9_.:/=+\\-@]*" + }, + "iamFederationUserAttribute":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9_.:/=+\\-@]*" + }, + "openSearchServerlessEntityId":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"aws:opensearch:[0-9]{12}:*.*" }, "samlGroupAttribute":{ "type":"string", "max":2048, "min":1, - "pattern":"[\\w+=,.@-]+" + "pattern":".*[\\w+=,.@-]+.*" }, "samlMetadata":{ "type":"string", "max":51200, "min":1, - "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+" + "pattern":".*[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+.*" }, "samlUserAttribute":{ "type":"string", "max":2048, "min":1, - "pattern":"[\\w+=,.@-]+" + "pattern":".*[\\w+=,.@-]+.*" } }, - "documentation":"

    Use the Amazon OpenSearch Serverless API to create, configure, and manage OpenSearch Serverless collections and security policies.

    OpenSearch Serverless is an on-demand, pre-provisioned serverless configuration for Amazon OpenSearch Service. OpenSearch Serverless removes the operational complexities of provisioning, configuring, and tuning your OpenSearch clusters. It enables you to easily search and analyze petabytes of data without having to worry about the underlying infrastructure and data management.

    To learn more about OpenSearch Serverless, see What is Amazon OpenSearch Serverless?

    " + "documentation":"

    Use the Amazon OpenSearch Serverless API to create, configure, and manage OpenSearch Serverless collections and security policies.

    OpenSearch Serverless is an on-demand, pre-provisioned serverless configuration for Amazon OpenSearch Service. OpenSearch Serverless removes the operational complexities of provisioning, configuring, and tuning your OpenSearch clusters. It enables you to easily search and analyze petabytes of data without having to worry about the underlying infrastructure and data management.

    To learn more about OpenSearch Serverless, see What is Amazon OpenSearch Serverless?

    " } diff -pruN 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/waiters-2.json 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/waiters-2.json --- 2.23.6-1/awscli/botocore/data/opensearchserverless/2021-11-01/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opensearchserverless/2021-11-01/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/completions-1.json 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/completions-1.json --- 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/completions-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/completions-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,1823 +0,0 @@ -{ - "version": "1.0", - "resources": { - "App": { - "operation": "DescribeApps", - "resourceIdentifier": { - "Description": "Apps[].Description", - "DataSources": "Apps[].DataSources", - "AppSource": "Apps[].AppSource", - "Domains": "Apps[].Domains", - "EnableSsl": "Apps[].EnableSsl", - "SslConfiguration": "Apps[].SslConfiguration", - "Environment": "Apps[].Environment" - } - }, - "Command": { - "operation": "DescribeCommands", - "resourceIdentifier": { - "CommandId": "Commands[].CommandId" - } - }, - "Deployment": { - "operation": "DescribeDeployments", - "resourceIdentifier": { - "DeploymentId": "Deployments[].DeploymentId", - "AppId": "Deployments[].AppId", - "InstanceIds": "Deployments[].InstanceIds" - } - }, - "ElasticLoadBalancer": { - "operation": "DescribeElasticLoadBalancers", - "resourceIdentifier": { - "ElasticLoadBalancerName": "ElasticLoadBalancers[].ElasticLoadBalancerName" - } - }, - "Instance": { - "operation": "DescribeInstances", - "resourceIdentifier": { - "AmiId": "Instances[].AmiId", - "Architecture": "Instances[].Architecture", - "AutoScalingType": "Instances[].AutoScalingType", - "EbsOptimized": "Instances[].EbsOptimized", - "EcsClusterArn": "Instances[].EcsClusterArn", - "ElasticIp": "Instances[].ElasticIp", - "Hostname": "Instances[].Hostname", - "InstanceType": "Instances[].InstanceType", - "LayerIds": "Instances[].LayerIds", - "Os": "Instances[].Os", - "PrivateIp": "Instances[].PrivateIp", - "PublicIp": "Instances[].PublicIp", - "SshKeyName": "Instances[].SshKeyName" - } - }, - "Layer": { - "operation": "DescribeLayers", - "resourceIdentifier": { - "LayerId": "Layers[].LayerId", - "Shortname": "Layers[].Shortname", - "CloudWatchLogsConfiguration": "Layers[].CloudWatchLogsConfiguration", - "CustomInstanceProfileArn": "Layers[].CustomInstanceProfileArn", - "CustomSecurityGroupIds": "Layers[].CustomSecurityGroupIds", - "Packages": "Layers[].Packages", - "VolumeConfigurations": "Layers[].VolumeConfigurations", - "EnableAutoHealing": "Layers[].EnableAutoHealing", - "AutoAssignElasticIps": "Layers[].AutoAssignElasticIps", - "AutoAssignPublicIps": "Layers[].AutoAssignPublicIps", - "CustomRecipes": "Layers[].CustomRecipes", - "InstallUpdatesOnBoot": "Layers[].InstallUpdatesOnBoot", - "UseEbsOptimizedInstances": "Layers[].UseEbsOptimizedInstances", - "LifecycleEventConfiguration": "Layers[].LifecycleEventConfiguration" - } - }, - "Permission": { - "operation": "DescribePermissions", - "resourceIdentifier": { - "AllowSsh": "Permissions[].AllowSsh", - "AllowSudo": "Permissions[].AllowSudo", - "Level": "Permissions[].Level" - } - }, - "ServiceError": { - "operation": "DescribeServiceErrors", - "resourceIdentifier": { - "ServiceErrorId": "ServiceErrors[].ServiceErrorId", - "Type": "ServiceErrors[].Type" - } - }, - "Stack": { - "operation": "DescribeStacks", - "resourceIdentifier": { - "StackId": "Stacks[].StackId", - "VpcId": "Stacks[].VpcId", - "Attributes": "Stacks[].Attributes", - "ServiceRoleArn": "Stacks[].ServiceRoleArn", - "DefaultInstanceProfileArn": "Stacks[].DefaultInstanceProfileArn", - "DefaultOs": "Stacks[].DefaultOs", - "HostnameTheme": "Stacks[].HostnameTheme", - "DefaultAvailabilityZone": "Stacks[].DefaultAvailabilityZone", - "DefaultSubnetId": "Stacks[].DefaultSubnetId", - "CustomJson": "Stacks[].CustomJson", - "ConfigurationManager": "Stacks[].ConfigurationManager", - "ChefConfiguration": "Stacks[].ChefConfiguration", - "UseCustomCookbooks": "Stacks[].UseCustomCookbooks", - "UseOpsworksSecurityGroups": "Stacks[].UseOpsworksSecurityGroups", - "CustomCookbooksSource": "Stacks[].CustomCookbooksSource", - "DefaultSshKeyName": "Stacks[].DefaultSshKeyName", - "DefaultRootDeviceType": "Stacks[].DefaultRootDeviceType", - "AgentVersion": "Stacks[].AgentVersion" - } - }, - "UserProfile": { - "operation": "DescribeUserProfiles", - "resourceIdentifier": { - "IamUserArn": "UserProfiles[].IamUserArn", - "SshUsername": "UserProfiles[].SshUsername", - "SshPublicKey": "UserProfiles[].SshPublicKey", - "AllowSelfManagement": "UserProfiles[].AllowSelfManagement" - } - }, - "Volume": { - "operation": "DescribeVolumes", - "resourceIdentifier": { - "VolumeId": "Volumes[].VolumeId", - "Ec2VolumeId": "Volumes[].Ec2VolumeId", - "Name": "Volumes[].Name", - "RaidArrayId": "Volumes[].RaidArrayId", - "InstanceId": "Volumes[].InstanceId", - "MountPoint": "Volumes[].MountPoint", - "Region": "Volumes[].Region" - } - } - }, - "operations": { - "AssignInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "LayerIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "LayerIds" - } - ] - } - }, - "AssignVolume": { - "VolumeId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "VolumeId" - } - ] - }, - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "AssociateElasticIp": { - "ElasticIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "ElasticIp" - } - ] - }, - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "AttachElasticLoadBalancer": { - "ElasticLoadBalancerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "ElasticLoadBalancer", - "resourceIdentifier": "ElasticLoadBalancerName" - } - ] - }, - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - } - }, - "CloneStack": { - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - }, - "Region": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Region" - } - ] - }, - "VpcId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "VpcId" - } - ] - }, - "Attributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "Attributes" - } - ] - }, - "ServiceRoleArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ServiceRoleArn" - } - ] - }, - "DefaultInstanceProfileArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultInstanceProfileArn" - } - ] - }, - "DefaultOs": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultOs" - } - ] - }, - "HostnameTheme": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "HostnameTheme" - } - ] - }, - "DefaultAvailabilityZone": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultAvailabilityZone" - } - ] - }, - "DefaultSubnetId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultSubnetId" - } - ] - }, - "CustomJson": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "CustomJson" - } - ] - }, - "ConfigurationManager": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ConfigurationManager" - } - ] - }, - "ChefConfiguration": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ChefConfiguration" - } - ] - }, - "UseCustomCookbooks": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "UseCustomCookbooks" - } - ] - }, - "UseOpsworksSecurityGroups": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "UseOpsworksSecurityGroups" - } - ] - }, - "CustomCookbooksSource": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "CustomCookbooksSource" - } - ] - }, - "DefaultSshKeyName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultSshKeyName" - } - ] - }, - "DefaultRootDeviceType": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultRootDeviceType" - } - ] - }, - "AgentVersion": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "AgentVersion" - } - ] - } - }, - "DeleteApp": { - "AppId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "AppId" - } - ] - } - }, - "DeleteInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "DeleteLayer": { - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - } - }, - "DeleteStack": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DeleteUserProfile": { - "IamUserArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "IamUserArn" - } - ] - } - }, - "DeregisterEcsCluster": { - "EcsClusterArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "EcsClusterArn" - } - ] - } - }, - "DeregisterElasticIp": { - "ElasticIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "ElasticIp" - } - ] - } - }, - "DeregisterInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "DeregisterVolume": { - "VolumeId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "VolumeId" - } - ] - } - }, - "DescribeAgentVersions": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "ConfigurationManager": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ConfigurationManager" - } - ] - } - }, - "DescribeApps": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "AppIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "AppId" - } - ] - } - }, - "DescribeCommands": { - "DeploymentId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "DeploymentId" - } - ] - }, - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "CommandIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Command", - "resourceIdentifier": "CommandId" - } - ] - } - }, - "DescribeDeployments": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "AppId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "AppId" - } - ] - }, - "DeploymentIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "DeploymentId" - } - ] - } - }, - "DescribeEcsClusters": { - "EcsClusterArns": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "EcsClusterArn" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeElasticIps": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeElasticLoadBalancers": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "LayerIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "LayerIds" - } - ] - } - }, - "DescribeInstances": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - }, - "InstanceIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "InstanceIds" - } - ] - } - }, - "DescribeLayers": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "LayerIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "LayerIds" - } - ] - } - }, - "DescribeLoadBasedAutoScaling": { - "LayerIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "LayerIds" - } - ] - } - }, - "DescribePermissions": { - "IamUserArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "IamUserArn" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeRaidArrays": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "RaidArrayIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "RaidArrayId" - } - ] - } - }, - "DescribeRdsDbInstances": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeServiceErrors": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "ServiceErrorIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "ServiceError", - "resourceIdentifier": "ServiceErrorId" - } - ] - } - }, - "DescribeStackProvisioningParameters": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeStackSummary": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeStacks": { - "StackIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "DescribeTimeBasedAutoScaling": { - "InstanceIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "InstanceIds" - } - ] - } - }, - "DescribeUserProfiles": { - "IamUserArns": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "IamUserArn" - } - ] - } - }, - "DescribeVolumes": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "RaidArrayId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "RaidArrayId" - } - ] - }, - "VolumeIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "VolumeId" - } - ] - } - }, - "DetachElasticLoadBalancer": { - "ElasticLoadBalancerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "ElasticLoadBalancer", - "resourceIdentifier": "ElasticLoadBalancerName" - } - ] - }, - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - } - }, - "DisassociateElasticIp": { - "ElasticIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "ElasticIp" - } - ] - } - }, - "GetHostnameSuggestion": { - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - } - }, - "GrantAccess": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "RebootInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "RegisterEcsCluster": { - "EcsClusterArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "EcsClusterArn" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "RegisterElasticIp": { - "ElasticIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "ElasticIp" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "RegisterInstance": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "Hostname": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "Hostname" - } - ] - }, - "PublicIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "PublicIp" - } - ] - }, - "PrivateIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "PrivateIp" - } - ] - } - }, - "RegisterRdsDbInstance": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "RegisterVolume": { - "Ec2VolumeId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Ec2VolumeId" - } - ] - }, - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "SetLoadBasedAutoScaling": { - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - } - }, - "SetPermission": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "IamUserArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "IamUserArn" - } - ] - }, - "AllowSsh": { - "completions": [ - { - "parameters": {}, - "resourceName": "Permission", - "resourceIdentifier": "AllowSsh" - } - ] - }, - "AllowSudo": { - "completions": [ - { - "parameters": {}, - "resourceName": "Permission", - "resourceIdentifier": "AllowSudo" - } - ] - }, - "Level": { - "completions": [ - { - "parameters": {}, - "resourceName": "Permission", - "resourceIdentifier": "Level" - } - ] - } - }, - "SetTimeBasedAutoScaling": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "StartInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "StartStack": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "StopInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "StopStack": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - } - }, - "UnassignInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - } - }, - "UnassignVolume": { - "VolumeId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "VolumeId" - } - ] - } - }, - "UpdateApp": { - "AppId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Deployment", - "resourceIdentifier": "AppId" - } - ] - }, - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - }, - "Description": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "Description" - } - ] - }, - "DataSources": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "DataSources" - } - ] - }, - "Type": { - "completions": [ - { - "parameters": {}, - "resourceName": "ServiceError", - "resourceIdentifier": "Type" - } - ] - }, - "AppSource": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "AppSource" - } - ] - }, - "Domains": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "Domains" - } - ] - }, - "EnableSsl": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "EnableSsl" - } - ] - }, - "SslConfiguration": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "SslConfiguration" - } - ] - }, - "Attributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "Attributes" - } - ] - }, - "Environment": { - "completions": [ - { - "parameters": {}, - "resourceName": "App", - "resourceIdentifier": "Environment" - } - ] - } - }, - "UpdateElasticIp": { - "ElasticIp": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "ElasticIp" - } - ] - }, - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - } - }, - "UpdateInstance": { - "InstanceId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "InstanceId" - } - ] - }, - "LayerIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "LayerIds" - } - ] - }, - "InstanceType": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "InstanceType" - } - ] - }, - "AutoScalingType": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "AutoScalingType" - } - ] - }, - "Hostname": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "Hostname" - } - ] - }, - "Os": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "Os" - } - ] - }, - "AmiId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "AmiId" - } - ] - }, - "SshKeyName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "SshKeyName" - } - ] - }, - "Architecture": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "Architecture" - } - ] - }, - "InstallUpdatesOnBoot": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "InstallUpdatesOnBoot" - } - ] - }, - "EbsOptimized": { - "completions": [ - { - "parameters": {}, - "resourceName": "Instance", - "resourceIdentifier": "EbsOptimized" - } - ] - }, - "AgentVersion": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "AgentVersion" - } - ] - } - }, - "UpdateLayer": { - "LayerId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LayerId" - } - ] - }, - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - }, - "Shortname": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "Shortname" - } - ] - }, - "Attributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "Attributes" - } - ] - }, - "CloudWatchLogsConfiguration": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "CloudWatchLogsConfiguration" - } - ] - }, - "CustomInstanceProfileArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "CustomInstanceProfileArn" - } - ] - }, - "CustomJson": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "CustomJson" - } - ] - }, - "CustomSecurityGroupIds": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "CustomSecurityGroupIds" - } - ] - }, - "Packages": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "Packages" - } - ] - }, - "VolumeConfigurations": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "VolumeConfigurations" - } - ] - }, - "EnableAutoHealing": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "EnableAutoHealing" - } - ] - }, - "AutoAssignElasticIps": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "AutoAssignElasticIps" - } - ] - }, - "AutoAssignPublicIps": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "AutoAssignPublicIps" - } - ] - }, - "CustomRecipes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "CustomRecipes" - } - ] - }, - "InstallUpdatesOnBoot": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "InstallUpdatesOnBoot" - } - ] - }, - "UseEbsOptimizedInstances": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "UseEbsOptimizedInstances" - } - ] - }, - "LifecycleEventConfiguration": { - "completions": [ - { - "parameters": {}, - "resourceName": "Layer", - "resourceIdentifier": "LifecycleEventConfiguration" - } - ] - } - }, - "UpdateMyUserProfile": { - "SshPublicKey": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "SshPublicKey" - } - ] - } - }, - "UpdateStack": { - "StackId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "StackId" - } - ] - }, - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - }, - "Attributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "Attributes" - } - ] - }, - "ServiceRoleArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ServiceRoleArn" - } - ] - }, - "DefaultInstanceProfileArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultInstanceProfileArn" - } - ] - }, - "DefaultOs": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultOs" - } - ] - }, - "HostnameTheme": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "HostnameTheme" - } - ] - }, - "DefaultAvailabilityZone": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultAvailabilityZone" - } - ] - }, - "DefaultSubnetId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultSubnetId" - } - ] - }, - "CustomJson": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "CustomJson" - } - ] - }, - "ConfigurationManager": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ConfigurationManager" - } - ] - }, - "ChefConfiguration": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "ChefConfiguration" - } - ] - }, - "UseCustomCookbooks": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "UseCustomCookbooks" - } - ] - }, - "CustomCookbooksSource": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "CustomCookbooksSource" - } - ] - }, - "DefaultSshKeyName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultSshKeyName" - } - ] - }, - "DefaultRootDeviceType": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "DefaultRootDeviceType" - } - ] - }, - "UseOpsworksSecurityGroups": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "UseOpsworksSecurityGroups" - } - ] - }, - "AgentVersion": { - "completions": [ - { - "parameters": {}, - "resourceName": "Stack", - "resourceIdentifier": "AgentVersion" - } - ] - } - }, - "UpdateUserProfile": { - "IamUserArn": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "IamUserArn" - } - ] - }, - "SshUsername": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "SshUsername" - } - ] - }, - "SshPublicKey": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "SshPublicKey" - } - ] - }, - "AllowSelfManagement": { - "completions": [ - { - "parameters": {}, - "resourceName": "UserProfile", - "resourceIdentifier": "AllowSelfManagement" - } - ] - } - }, - "UpdateVolume": { - "VolumeId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "VolumeId" - } - ] - }, - "Name": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "Name" - } - ] - }, - "MountPoint": { - "completions": [ - { - "parameters": {}, - "resourceName": "Volume", - "resourceIdentifier": "MountPoint" - } - ] - } - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://opsworks.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/paginators-1.json 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/paginators-1.json --- 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -{ - "pagination": { - "DescribeEcsClusters": { - "input_token": "NextToken", - "output_token": "NextToken", - "limit_key": "MaxResults", - "result_key": "EcsClusters" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/service-2.json 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/service-2.json --- 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,4984 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2013-02-18", - "endpointPrefix":"opsworks", - "jsonVersion":"1.1", - "protocol":"json", - "protocols":["json"], - "serviceFullName":"AWS OpsWorks", - "serviceId":"OpsWorks", - "signatureVersion":"v4", - "targetPrefix":"OpsWorks_20130218", - "uid":"opsworks-2013-02-18" - }, - "operations":{ - "AssignInstance":{ - "name":"AssignInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AssignInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Assign a registered instance to a layer.

    • You can assign registered on-premises instances to any layer type.

    • You can assign registered Amazon EC2 instances only to custom layers.

    • You cannot use this action with instances that were created with OpsWorks Stacks.

    Required Permissions: To use this action, an Identity and Access Management (IAM) user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "AssignVolume":{ - "name":"AssignVolume", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AssignVolumeRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Assigns one of the stack's registered Amazon EBS volumes to a specified instance. The volume must first be registered with the stack by calling RegisterVolume. After you register the volume, you must call UpdateVolume to specify a mount point before calling AssignVolume. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "AssociateElasticIp":{ - "name":"AssociateElasticIp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AssociateElasticIpRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Associates one of the stack's registered Elastic IP addresses with a specified instance. The address must first be registered with the stack by calling RegisterElasticIp. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "AttachElasticLoadBalancer":{ - "name":"AttachElasticLoadBalancer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AttachElasticLoadBalancerRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Attaches an Elastic Load Balancing load balancer to a specified layer. OpsWorks Stacks does not support Application Load Balancer. You can only use Classic Load Balancer with OpsWorks Stacks. For more information, see Elastic Load Balancing.

    You must create the Elastic Load Balancing instance separately, by using the Elastic Load Balancing console, API, or CLI. For more information, see the Elastic Load Balancing Developer Guide.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "CloneStack":{ - "name":"CloneStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CloneStackRequest"}, - "output":{"shape":"CloneStackResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Creates a clone of a specified stack. For more information, see Clone a Stack. By default, all parameters are set to the values used by the parent stack.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "CreateApp":{ - "name":"CreateApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateAppRequest"}, - "output":{"shape":"CreateAppResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Creates an app for a specified stack. For more information, see Creating Apps.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "CreateDeployment":{ - "name":"CreateDeployment", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateDeploymentRequest"}, - "output":{"shape":"CreateDeploymentResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Runs deployment or stack commands. For more information, see Deploying Apps and Run Stack Commands.

    Required Permissions: To use this action, an IAM user must have a Deploy or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "CreateInstance":{ - "name":"CreateInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateInstanceRequest"}, - "output":{"shape":"CreateInstanceResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Creates an instance in a specified stack. For more information, see Adding an Instance to a Layer.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "CreateLayer":{ - "name":"CreateLayer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateLayerRequest"}, - "output":{"shape":"CreateLayerResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Creates a layer. For more information, see How to Create a Layer.

    You should use CreateLayer for noncustom layer types such as PHP App Server only if the stack does not have an existing layer of that type. A stack can have at most one instance of each noncustom layer; if you attempt to create a second instance, CreateLayer fails. A stack can have an arbitrary number of custom layers, so you can call CreateLayer as many times as you like for that layer type.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "CreateStack":{ - "name":"CreateStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateStackRequest"}, - "output":{"shape":"CreateStackResult"}, - "errors":[ - {"shape":"ValidationException"} - ], - "documentation":"

    Creates a new stack. For more information, see Create a New Stack.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "CreateUserProfile":{ - "name":"CreateUserProfile", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateUserProfileRequest"}, - "output":{"shape":"CreateUserProfileResult"}, - "errors":[ - {"shape":"ValidationException"} - ], - "documentation":"

    Creates a new user profile.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DeleteApp":{ - "name":"DeleteApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteAppRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deletes a specified app.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeleteInstance":{ - "name":"DeleteInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deletes a specified instance, which terminates the associated Amazon EC2 instance. You must stop an instance before you can delete it.

    For more information, see Deleting Instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeleteLayer":{ - "name":"DeleteLayer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteLayerRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deletes a specified layer. You must first stop and then delete all associated instances or unassign registered instances. For more information, see How to Delete a Layer.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeleteStack":{ - "name":"DeleteStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteStackRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deletes a specified stack. You must first delete all instances, layers, and apps or deregister registered instances. For more information, see Shut Down a Stack.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeleteUserProfile":{ - "name":"DeleteUserProfile", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteUserProfileRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deletes a user profile.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DeregisterEcsCluster":{ - "name":"DeregisterEcsCluster", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeregisterEcsClusterRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deregisters a specified Amazon ECS cluster from a stack. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information on user permissions, see https://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users.html.

    " - }, - "DeregisterElasticIp":{ - "name":"DeregisterElasticIp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeregisterElasticIpRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deregisters a specified Elastic IP address. The address can be registered by another stack after it is deregistered. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeregisterInstance":{ - "name":"DeregisterInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeregisterInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deregister an instance from OpsWorks Stacks. The instance can be a registered instance (Amazon EC2 or on-premises) or an instance created with OpsWorks. This action removes the instance from the stack and returns it to your control.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeregisterRdsDbInstance":{ - "name":"DeregisterRdsDbInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeregisterRdsDbInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deregisters an Amazon RDS instance.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DeregisterVolume":{ - "name":"DeregisterVolume", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeregisterVolumeRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Deregisters an Amazon EBS volume. The volume can then be registered by another stack. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DescribeAgentVersions":{ - "name":"DescribeAgentVersions", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeAgentVersionsRequest"}, - "output":{"shape":"DescribeAgentVersionsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes the available OpsWorks Stacks agent versions. You must specify a stack ID or a configuration manager. DescribeAgentVersions returns a list of available agent versions for the specified stack or configuration manager.

    " - }, - "DescribeApps":{ - "name":"DescribeApps", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeAppsRequest"}, - "output":{"shape":"DescribeAppsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of a specified set of apps.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeCommands":{ - "name":"DescribeCommands", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeCommandsRequest"}, - "output":{"shape":"DescribeCommandsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes the results of specified commands.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeDeployments":{ - "name":"DescribeDeployments", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeDeploymentsRequest"}, - "output":{"shape":"DescribeDeploymentsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of a specified set of deployments.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeEcsClusters":{ - "name":"DescribeEcsClusters", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeEcsClustersRequest"}, - "output":{"shape":"DescribeEcsClustersResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes Amazon ECS clusters that are registered with a stack. If you specify only a stack ID, you can use the MaxResults and NextToken parameters to paginate the response. However, OpsWorks Stacks currently supports only one cluster per layer, so the result set has a maximum of one element.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack or an attached policy that explicitly grants permission. For more information about user permissions, see Managing User Permissions.

    This call accepts only one resource-identifying parameter.

    " - }, - "DescribeElasticIps":{ - "name":"DescribeElasticIps", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeElasticIpsRequest"}, - "output":{"shape":"DescribeElasticIpsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes Elastic IP addresses.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeElasticLoadBalancers":{ - "name":"DescribeElasticLoadBalancers", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeElasticLoadBalancersRequest"}, - "output":{"shape":"DescribeElasticLoadBalancersResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes a stack's Elastic Load Balancing instances.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeInstances":{ - "name":"DescribeInstances", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeInstancesRequest"}, - "output":{"shape":"DescribeInstancesResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of a set of instances.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeLayers":{ - "name":"DescribeLayers", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeLayersRequest"}, - "output":{"shape":"DescribeLayersResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of one or more layers in a specified stack.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeLoadBasedAutoScaling":{ - "name":"DescribeLoadBasedAutoScaling", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeLoadBasedAutoScalingRequest"}, - "output":{"shape":"DescribeLoadBasedAutoScalingResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes load-based auto scaling configurations for specified layers.

    You must specify at least one of the parameters.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeMyUserProfile":{ - "name":"DescribeMyUserProfile", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "output":{"shape":"DescribeMyUserProfileResult"}, - "documentation":"

    Describes a user's SSH information.

    Required Permissions: To use this action, an IAM user must have self-management enabled or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeOperatingSystems":{ - "name":"DescribeOperatingSystems", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "output":{"shape":"DescribeOperatingSystemsResponse"}, - "documentation":"

    Describes the operating systems that are supported by OpsWorks Stacks.

    " - }, - "DescribePermissions":{ - "name":"DescribePermissions", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribePermissionsRequest"}, - "output":{"shape":"DescribePermissionsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes the permissions for a specified stack.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DescribeRaidArrays":{ - "name":"DescribeRaidArrays", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeRaidArraysRequest"}, - "output":{"shape":"DescribeRaidArraysResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describe an instance's RAID arrays.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeRdsDbInstances":{ - "name":"DescribeRdsDbInstances", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeRdsDbInstancesRequest"}, - "output":{"shape":"DescribeRdsDbInstancesResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes Amazon RDS instances.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    This call accepts only one resource-identifying parameter.

    " - }, - "DescribeServiceErrors":{ - "name":"DescribeServiceErrors", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeServiceErrorsRequest"}, - "output":{"shape":"DescribeServiceErrorsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes OpsWorks Stacks service errors.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    This call accepts only one resource-identifying parameter.

    " - }, - "DescribeStackProvisioningParameters":{ - "name":"DescribeStackProvisioningParameters", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStackProvisioningParametersRequest"}, - "output":{"shape":"DescribeStackProvisioningParametersResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of a stack's provisioning parameters.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeStackSummary":{ - "name":"DescribeStackSummary", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStackSummaryRequest"}, - "output":{"shape":"DescribeStackSummaryResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes the number of layers and apps in a specified stack, and the number of instances in each state, such as running_setup or online.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeStacks":{ - "name":"DescribeStacks", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeStacksRequest"}, - "output":{"shape":"DescribeStacksResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Requests a description of one or more stacks.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeTimeBasedAutoScaling":{ - "name":"DescribeTimeBasedAutoScaling", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeTimeBasedAutoScalingRequest"}, - "output":{"shape":"DescribeTimeBasedAutoScalingResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes time-based auto scaling configurations for specified instances.

    You must specify at least one of the parameters.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeUserProfiles":{ - "name":"DescribeUserProfiles", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeUserProfilesRequest"}, - "output":{"shape":"DescribeUserProfilesResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describe specified users.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DescribeVolumes":{ - "name":"DescribeVolumes", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeVolumesRequest"}, - "output":{"shape":"DescribeVolumesResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes an instance's Amazon EBS volumes.

    This call accepts only one resource-identifying parameter.

    Required Permissions: To use this action, an IAM user must have a Show, Deploy, or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "DetachElasticLoadBalancer":{ - "name":"DetachElasticLoadBalancer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DetachElasticLoadBalancerRequest"}, - "errors":[ - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Detaches a specified Elastic Load Balancing instance from its layer.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "DisassociateElasticIp":{ - "name":"DisassociateElasticIp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DisassociateElasticIpRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Disassociates an Elastic IP address from its instance. The address remains registered with the stack. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "GetHostnameSuggestion":{ - "name":"GetHostnameSuggestion", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetHostnameSuggestionRequest"}, - "output":{"shape":"GetHostnameSuggestionResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Gets a generated host name for the specified layer, based on the current host name theme.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "GrantAccess":{ - "name":"GrantAccess", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GrantAccessRequest"}, - "output":{"shape":"GrantAccessResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    This action can be used only with Windows stacks.

    Grants RDP access to a Windows instance for a specified time period.

    " - }, - "ListTags":{ - "name":"ListTags", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ListTagsRequest"}, - "output":{"shape":"ListTagsResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Returns a list of tags that are applied to the specified stack or layer.

    " - }, - "RebootInstance":{ - "name":"RebootInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RebootInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Reboots a specified instance. For more information, see Starting, Stopping, and Rebooting Instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "RegisterEcsCluster":{ - "name":"RegisterEcsCluster", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RegisterEcsClusterRequest"}, - "output":{"shape":"RegisterEcsClusterResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Registers a specified Amazon ECS cluster with a stack. You can register only one cluster with a stack. A cluster can be registered with only one stack. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "RegisterElasticIp":{ - "name":"RegisterElasticIp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RegisterElasticIpRequest"}, - "output":{"shape":"RegisterElasticIpResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Registers an Elastic IP address with a specified stack. An address can be registered with only one stack at a time. If the address is already registered, you must first deregister it by calling DeregisterElasticIp. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "RegisterInstance":{ - "name":"RegisterInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RegisterInstanceRequest"}, - "output":{"shape":"RegisterInstanceResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Registers instances that were created outside of OpsWorks Stacks with a specified stack.

    We do not recommend using this action to register instances. The complete registration operation includes two tasks: installing the OpsWorks Stacks agent on the instance, and registering the instance with the stack. RegisterInstance handles only the second step. You should instead use the CLI register command, which performs the entire registration operation. For more information, see Registering an Instance with an OpsWorks Stacks Stack.

    Registered instances have the same requirements as instances that are created by using the CreateInstance API. For example, registered instances must be running a supported Linux-based operating system, and they must have a supported instance type. For more information about requirements for instances that you want to register, see Preparing the Instance.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "RegisterRdsDbInstance":{ - "name":"RegisterRdsDbInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RegisterRdsDbInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Registers an Amazon RDS instance with a stack.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "RegisterVolume":{ - "name":"RegisterVolume", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RegisterVolumeRequest"}, - "output":{"shape":"RegisterVolumeResult"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Registers an Amazon EBS volume with a specified stack. A volume can be registered with only one stack at a time. If the volume is already registered, you must first deregister it by calling DeregisterVolume. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "SetLoadBasedAutoScaling":{ - "name":"SetLoadBasedAutoScaling", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"SetLoadBasedAutoScalingRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Specify the load-based auto scaling configuration for a specified layer. For more information, see Managing Load with Time-based and Load-based Instances.

    To use load-based auto scaling, you must create a set of load-based auto scaling instances. Load-based auto scaling operates only on the instances from that set, so you must ensure that you have created enough instances to handle the maximum anticipated load.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "SetPermission":{ - "name":"SetPermission", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"SetPermissionRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Specifies a user's permissions. For more information, see Security and Permissions.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "SetTimeBasedAutoScaling":{ - "name":"SetTimeBasedAutoScaling", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"SetTimeBasedAutoScalingRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Specify the time-based auto scaling configuration for a specified instance. For more information, see Managing Load with Time-based and Load-based Instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "StartInstance":{ - "name":"StartInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Starts a specified instance. For more information, see Starting, Stopping, and Rebooting Instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "StartStack":{ - "name":"StartStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartStackRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Starts a stack's instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "StopInstance":{ - "name":"StopInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StopInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Stops a specified instance. When you stop a standard instance, the data disappears and must be reinstalled when you restart the instance. You can stop an Amazon EBS-backed instance without losing data. For more information, see Starting, Stopping, and Rebooting Instances.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "StopStack":{ - "name":"StopStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StopStackRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Stops a specified stack.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"TagResourceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Apply cost-allocation tags to a specified stack or layer in OpsWorks Stacks. For more information about how tagging works, see Tags in the OpsWorks User Guide.

    " - }, - "UnassignInstance":{ - "name":"UnassignInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UnassignInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Unassigns a registered instance from all layers that are using the instance. The instance remains in the stack as an unassigned instance, and can be assigned to another layer as needed. You cannot use this action with instances that were created with OpsWorks Stacks.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "UnassignVolume":{ - "name":"UnassignVolume", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UnassignVolumeRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Unassigns an assigned Amazon EBS volume. The volume remains registered with the stack. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UntagResourceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Removes tags from a specified stack or layer.

    " - }, - "UpdateApp":{ - "name":"UpdateApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateAppRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a specified app.

    Required Permissions: To use this action, an IAM user must have a Deploy or Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateElasticIp":{ - "name":"UpdateElasticIp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateElasticIpRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a registered Elastic IP address's name. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateInstance":{ - "name":"UpdateInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a specified instance.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateLayer":{ - "name":"UpdateLayer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateLayerRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a specified layer.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateMyUserProfile":{ - "name":"UpdateMyUserProfile", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateMyUserProfileRequest"}, - "errors":[ - {"shape":"ValidationException"} - ], - "documentation":"

    Updates a user's SSH public key.

    Required Permissions: To use this action, an IAM user must have self-management enabled or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "UpdateRdsDbInstance":{ - "name":"UpdateRdsDbInstance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateRdsDbInstanceRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates an Amazon RDS instance.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateStack":{ - "name":"UpdateStack", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateStackRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a specified stack.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - }, - "UpdateUserProfile":{ - "name":"UpdateUserProfile", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateUserProfileRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates a specified user profile.

    Required Permissions: To use this action, an IAM user must have an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions.

    " - }, - "UpdateVolume":{ - "name":"UpdateVolume", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateVolumeRequest"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates an Amazon EBS volume's name or mount point. For more information, see Resource Management.

    Required Permissions: To use this action, an IAM user must have a Manage permissions level for the stack, or an attached policy that explicitly grants permissions. For more information on user permissions, see Managing User Permissions.

    " - } - }, - "shapes":{ - "AgentVersion":{ - "type":"structure", - "members":{ - "Version":{ - "shape":"String", - "documentation":"

    The agent version.

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager.

    " - } - }, - "documentation":"

    Describes an agent version.

    " - }, - "AgentVersions":{ - "type":"list", - "member":{"shape":"AgentVersion"} - }, - "App":{ - "type":"structure", - "members":{ - "AppId":{ - "shape":"String", - "documentation":"

    The app ID.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The app stack ID.

    " - }, - "Shortname":{ - "shape":"String", - "documentation":"

    The app's short name.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The app name.

    " - }, - "Description":{ - "shape":"String", - "documentation":"

    A description of the app.

    " - }, - "DataSources":{ - "shape":"DataSources", - "documentation":"

    The app's data sources.

    " - }, - "Type":{ - "shape":"AppType", - "documentation":"

    The app type.

    " - }, - "AppSource":{ - "shape":"Source", - "documentation":"

    A Source object that describes the app repository.

    " - }, - "Domains":{ - "shape":"Strings", - "documentation":"

    The app vhost settings with multiple domains separated by commas. For example: 'www.example.com, example.com'

    " - }, - "EnableSsl":{ - "shape":"Boolean", - "documentation":"

    Whether to enable SSL for the app.

    " - }, - "SslConfiguration":{ - "shape":"SslConfiguration", - "documentation":"

    An SslConfiguration object with the SSL configuration.

    " - }, - "Attributes":{ - "shape":"AppAttributes", - "documentation":"

    The stack attributes.

    " - }, - "CreatedAt":{ - "shape":"String", - "documentation":"

    When the app was created.

    " - }, - "Environment":{ - "shape":"EnvironmentVariables", - "documentation":"

    An array of EnvironmentVariable objects that specify environment variables to be associated with the app. After you deploy the app, these variables are defined on the associated app server instances. For more information, see Environment Variables.

    There is no specific limit on the number of environment variables. However, the size of the associated data structure - which includes the variable names, values, and protected flag values - cannot exceed 20 KB. This limit should accommodate most if not all use cases, but if you do exceed it, you will cause an exception (API) with an \"Environment: is too large (maximum is 20 KB)\" message.

    " - } - }, - "documentation":"

    A description of the app.

    " - }, - "AppAttributes":{ - "type":"map", - "key":{"shape":"AppAttributesKeys"}, - "value":{"shape":"String"} - }, - "AppAttributesKeys":{ - "type":"string", - "enum":[ - "DocumentRoot", - "RailsEnv", - "AutoBundleOnDeploy", - "AwsFlowRubySettings" - ] - }, - "AppType":{ - "type":"string", - "enum":[ - "aws-flow-ruby", - "java", - "rails", - "php", - "nodejs", - "static", - "other" - ] - }, - "Apps":{ - "type":"list", - "member":{"shape":"App"} - }, - "Architecture":{ - "type":"string", - "enum":[ - "x86_64", - "i386" - ] - }, - "AssignInstanceRequest":{ - "type":"structure", - "required":[ - "InstanceId", - "LayerIds" - ], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    The layer ID, which must correspond to a custom layer. You cannot assign a registered instance to a built-in layer.

    " - } - } - }, - "AssignVolumeRequest":{ - "type":"structure", - "required":["VolumeId"], - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The volume ID.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "AssociateElasticIpRequest":{ - "type":"structure", - "required":["ElasticIp"], - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The Elastic IP address.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "AttachElasticLoadBalancerRequest":{ - "type":"structure", - "required":[ - "ElasticLoadBalancerName", - "LayerId" - ], - "members":{ - "ElasticLoadBalancerName":{ - "shape":"String", - "documentation":"

    The Elastic Load Balancing instance's name.

    " - }, - "LayerId":{ - "shape":"String", - "documentation":"

    The ID of the layer to which the Elastic Load Balancing instance is to be attached.

    " - } - } - }, - "AutoScalingThresholds":{ - "type":"structure", - "members":{ - "InstanceCount":{ - "shape":"Integer", - "documentation":"

    The number of instances to add or remove when the load exceeds a threshold.

    " - }, - "ThresholdsWaitTime":{ - "shape":"Minute", - "documentation":"

    The amount of time, in minutes, that the load must exceed a threshold before more instances are added or removed.

    " - }, - "IgnoreMetricsTime":{ - "shape":"Minute", - "documentation":"

    The amount of time (in minutes) after a scaling event occurs that OpsWorks Stacks should ignore metrics and suppress additional scaling events. For example, OpsWorks Stacks adds new instances following an upscaling event but the instances won't start reducing the load until they have been booted and configured. There is no point in raising additional scaling events during that operation, which typically takes several minutes. IgnoreMetricsTime allows you to direct OpsWorks Stacks to suppress scaling events long enough to get the new instances online.

    " - }, - "CpuThreshold":{ - "shape":"Double", - "documentation":"

    The CPU utilization threshold, as a percent of the available CPU. A value of -1 disables the threshold.

    " - }, - "MemoryThreshold":{ - "shape":"Double", - "documentation":"

    The memory utilization threshold, as a percent of the available memory. A value of -1 disables the threshold.

    " - }, - "LoadThreshold":{ - "shape":"Double", - "documentation":"

    The load threshold. A value of -1 disables the threshold. For more information about how load is computed, see Load (computing).

    " - }, - "Alarms":{ - "shape":"Strings", - "documentation":"

    Custom CloudWatch auto scaling alarms, to be used as thresholds. This parameter takes a list of up to five alarm names, which are case sensitive and must be in the same region as the stack.

    To use custom alarms, you must update your service role to allow cloudwatch:DescribeAlarms. You can either have OpsWorks Stacks update the role for you when you first use this feature or you can edit the role manually. For more information, see Allowing OpsWorks Stacks to Act on Your Behalf.

    " - } - }, - "documentation":"

    Describes a load-based auto scaling upscaling or downscaling threshold configuration, which specifies when OpsWorks Stacks starts or stops load-based instances.

    " - }, - "AutoScalingType":{ - "type":"string", - "enum":[ - "load", - "timer" - ] - }, - "BlockDeviceMapping":{ - "type":"structure", - "members":{ - "DeviceName":{ - "shape":"String", - "documentation":"

    The device name that is exposed to the instance, such as /dev/sdh. For the root device, you can use the explicit device name or you can set this parameter to ROOT_DEVICE and OpsWorks Stacks will provide the correct device name.

    " - }, - "NoDevice":{ - "shape":"String", - "documentation":"

    Suppresses the specified device included in the AMI's block device mapping.

    " - }, - "VirtualName":{ - "shape":"String", - "documentation":"

    The virtual device name. For more information, see BlockDeviceMapping.

    " - }, - "Ebs":{ - "shape":"EbsBlockDevice", - "documentation":"

    An EBSBlockDevice that defines how to configure an Amazon EBS volume when the instance is launched.

    " - } - }, - "documentation":"

    Describes a block device mapping. This data type maps directly to the Amazon EC2 BlockDeviceMapping data type.

    " - }, - "BlockDeviceMappings":{ - "type":"list", - "member":{"shape":"BlockDeviceMapping"} - }, - "Boolean":{ - "type":"boolean", - "box":true - }, - "ChefConfiguration":{ - "type":"structure", - "members":{ - "ManageBerkshelf":{ - "shape":"Boolean", - "documentation":"

    Whether to enable Berkshelf.

    " - }, - "BerkshelfVersion":{ - "shape":"String", - "documentation":"

    The Berkshelf version.

    " - } - }, - "documentation":"

    Describes the Chef configuration.

    " - }, - "CloneStackRequest":{ - "type":"structure", - "required":[ - "SourceStackId", - "ServiceRoleArn" - ], - "members":{ - "SourceStackId":{ - "shape":"String", - "documentation":"

    The source stack ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The cloned stack name. Stack names can be a maximum of 64 characters.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The cloned stack Amazon Web Services Region, such as ap-northeast-2. For more information about Amazon Web Services Regions, see Regions and Endpoints.

    " - }, - "VpcId":{ - "shape":"String", - "documentation":"

    The ID of the VPC that the cloned stack is to be launched into. It must be in the specified region. All instances are launched into this VPC, and you cannot change the ID later.

    • If your account supports EC2 Classic, the default value is no VPC.

    • If your account does not support EC2 Classic, the default value is the default VPC for the specified region.

    If the VPC ID corresponds to a default VPC and you have specified either the DefaultAvailabilityZone or the DefaultSubnetId parameter only, OpsWorks Stacks infers the value of the other parameter. If you specify neither parameter, OpsWorks Stacks sets these parameters to the first valid Availability Zone for the specified region and the corresponding default VPC subnet ID, respectively.

    If you specify a nondefault VPC ID, note the following:

    • It must belong to a VPC in your account that is in the specified region.

    • You must specify a value for DefaultSubnetId.

    For more information about how to use OpsWorks Stacks with a VPC, see Running a Stack in a VPC. For more information about default VPC and EC2 Classic, see Supported Platforms.

    " - }, - "Attributes":{ - "shape":"StackAttributes", - "documentation":"

    A list of stack attributes and values as key/value pairs to be added to the cloned stack.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    The stack Identity and Access Management (IAM) role, which allows OpsWorks Stacks to work with Amazon Web Services resources on your behalf. You must set this parameter to the Amazon Resource Name (ARN) for an existing IAM role. If you create a stack by using the OpsWorkss Stacks console, it creates the role for you. You can obtain an existing stack's IAM ARN programmatically by calling DescribePermissions. For more information about IAM ARNs, see Using Identifiers.

    You must set this parameter to a valid service role ARN or the action will fail; there is no default value. You can specify the source stack's service role ARN, if you prefer, but you must do so explicitly.

    " - }, - "DefaultInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "DefaultOs":{ - "shape":"String", - "documentation":"

    The stack's operating system, which must be set to one of the following.

    • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

    • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

    • CentOS Linux 7

    • Red Hat Enterprise Linux 7

    • Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

    • A custom AMI: Custom. You specify the custom AMI you want to use when you create instances. For more information about how to use custom AMIs with OpsWorks, see Using Custom AMIs.

    The default option is the parent stack's operating system. Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see OpsWorks Stacks Operating Systems.

    You can specify a different Linux operating system for the cloned stack, but you cannot change from Linux to Windows or Windows to Linux.

    " - }, - "HostnameTheme":{ - "shape":"String", - "documentation":"

    The stack's host name theme, with spaces are replaced by underscores. The theme is used to generate host names for the stack's instances. By default, HostnameTheme is set to Layer_Dependent, which creates host names by appending integers to the layer's short name. The other themes are:

    • Baked_Goods

    • Clouds

    • Europe_Cities

    • Fruits

    • Greek_Deities_and_Titans

    • Legendary_creatures_from_Japan

    • Planets_and_Moons

    • Roman_Deities

    • Scottish_Islands

    • US_Cities

    • Wild_Cats

    To obtain a generated host name, call GetHostNameSuggestion, which returns a host name based on the current theme.

    " - }, - "DefaultAvailabilityZone":{ - "shape":"String", - "documentation":"

    The cloned stack's default Availability Zone, which must be in the specified region. For more information, see Regions and Endpoints. If you also specify a value for DefaultSubnetId, the subnet must be in the same zone. For more information, see the VpcId parameter description.

    " - }, - "DefaultSubnetId":{ - "shape":"String", - "documentation":"

    The stack's default VPC subnet ID. This parameter is required if you specify a value for the VpcId parameter. All instances are launched into this subnet unless you specify otherwise when you create the instance. If you also specify a value for DefaultAvailabilityZone, the subnet must be in that zone. For information on default values and when this parameter is required, see the VpcId parameter description.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A string that contains user-defined, custom JSON. It is used to override the corresponding default stack configuration JSON values. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager. When you clone a stack we recommend that you use the configuration manager to specify the Chef version: 12, 11.10, or 11.4 for Linux stacks, or 12.2 for Windows stacks. The default value for Linux stacks is currently 12.

    " - }, - "ChefConfiguration":{ - "shape":"ChefConfiguration", - "documentation":"

    A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information, see Create a New Stack.

    " - }, - "UseCustomCookbooks":{ - "shape":"Boolean", - "documentation":"

    Whether to use custom cookbooks.

    " - }, - "UseOpsworksSecurityGroups":{ - "shape":"Boolean", - "documentation":"

    Whether to associate the OpsWorks Stacks built-in security groups with the stack's layers.

    OpsWorks Stacks provides a standard set of security groups, one for each layer, which are associated with layers by default. With UseOpsworksSecurityGroups you can instead provide your own custom security groups. UseOpsworksSecurityGroups has the following settings:

    • True - OpsWorks Stacks automatically associates the appropriate built-in security group with each layer (default setting). You can associate additional security groups with a layer after you create it but you cannot delete the built-in security group.

    • False - OpsWorks Stacks does not associate built-in security groups with layers. You must create appropriate Amazon EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on creation; custom security groups are required only for those layers that need custom settings.

    For more information, see Create a New Stack.

    " - }, - "CustomCookbooksSource":{ - "shape":"Source", - "documentation":"

    Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.

    " - }, - "DefaultSshKeyName":{ - "shape":"String", - "documentation":"

    A default Amazon EC2 key pair name. The default value is none. If you specify a key pair name, OpsWorks installs the public key on the instance and you can use the private key with an SSH client to log in to the instance. For more information, see Using SSH to Communicate with an Instance and Managing SSH Access. You can override this setting by specifying a different key pair, or no key pair, when you create an instance.

    " - }, - "ClonePermissions":{ - "shape":"Boolean", - "documentation":"

    Whether to clone the source stack's permissions.

    " - }, - "CloneAppIds":{ - "shape":"Strings", - "documentation":"

    A list of source stack app IDs to be included in the cloned stack.

    " - }, - "DefaultRootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The default root device type. This value is used by default for all instances in the cloned stack, but you can override it when you create an instance. For more information, see Storage for the Root Device.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The default OpsWorks Stacks agent version. You have the following options:

    • Auto-update - Set this parameter to LATEST. OpsWorks Stacks automatically installs new agent versions on the stack's instances as soon as they are available.

    • Fixed version - Set this parameter to your preferred agent version. To update the agent version, you must edit the stack configuration and specify a new version. OpsWorks Stacks automatically installs that version on the stack's instances.

    The default setting is LATEST. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.

    You can also specify an agent version when you create or update an instance, which overrides the stack's default setting.

    " - } - } - }, - "CloneStackResult":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The cloned stack ID.

    " - } - }, - "documentation":"

    Contains the response to a CloneStack request.

    " - }, - "CloudWatchLogsConfiguration":{ - "type":"structure", - "members":{ - "Enabled":{ - "shape":"Boolean", - "documentation":"

    Whether CloudWatch Logs is enabled for a layer.

    " - }, - "LogStreams":{ - "shape":"CloudWatchLogsLogStreams", - "documentation":"

    A list of configuration options for CloudWatch Logs.

    " - } - }, - "documentation":"

    Describes the Amazon CloudWatch Logs configuration for a layer.

    " - }, - "CloudWatchLogsEncoding":{ - "type":"string", - "documentation":"

    Specifies the encoding of the log file so that the file can be read correctly. The default is utf_8. Encodings supported by Python codecs.decode() can be used here.

    ", - "enum":[ - "ascii", - "big5", - "big5hkscs", - "cp037", - "cp424", - "cp437", - "cp500", - "cp720", - "cp737", - "cp775", - "cp850", - "cp852", - "cp855", - "cp856", - "cp857", - "cp858", - "cp860", - "cp861", - "cp862", - "cp863", - "cp864", - "cp865", - "cp866", - "cp869", - "cp874", - "cp875", - "cp932", - "cp949", - "cp950", - "cp1006", - "cp1026", - "cp1140", - "cp1250", - "cp1251", - "cp1252", - "cp1253", - "cp1254", - "cp1255", - "cp1256", - "cp1257", - "cp1258", - "euc_jp", - "euc_jis_2004", - "euc_jisx0213", - "euc_kr", - "gb2312", - "gbk", - "gb18030", - "hz", - "iso2022_jp", - "iso2022_jp_1", - "iso2022_jp_2", - "iso2022_jp_2004", - "iso2022_jp_3", - "iso2022_jp_ext", - "iso2022_kr", - "latin_1", - "iso8859_2", - "iso8859_3", - "iso8859_4", - "iso8859_5", - "iso8859_6", - "iso8859_7", - "iso8859_8", - "iso8859_9", - "iso8859_10", - "iso8859_13", - "iso8859_14", - "iso8859_15", - "iso8859_16", - "johab", - "koi8_r", - "koi8_u", - "mac_cyrillic", - "mac_greek", - "mac_iceland", - "mac_latin2", - "mac_roman", - "mac_turkish", - "ptcp154", - "shift_jis", - "shift_jis_2004", - "shift_jisx0213", - "utf_32", - "utf_32_be", - "utf_32_le", - "utf_16", - "utf_16_be", - "utf_16_le", - "utf_7", - "utf_8", - "utf_8_sig" - ] - }, - "CloudWatchLogsInitialPosition":{ - "type":"string", - "documentation":"

    Specifies where to start to read data (start_of_file or end_of_file). The default is start_of_file. It's only used if there is no state persisted for that log stream.

    ", - "enum":[ - "start_of_file", - "end_of_file" - ] - }, - "CloudWatchLogsLogStream":{ - "type":"structure", - "members":{ - "LogGroupName":{ - "shape":"String", - "documentation":"

    Specifies the destination log group. A log group is created automatically if it doesn't already exist. Log group names can be between 1 and 512 characters long. Allowed characters include a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period).

    " - }, - "DatetimeFormat":{ - "shape":"String", - "documentation":"

    Specifies how the time stamp is extracted from logs. For more information, see the CloudWatch Logs Agent Reference.

    " - }, - "TimeZone":{ - "shape":"CloudWatchLogsTimeZone", - "documentation":"

    Specifies the time zone of log event time stamps.

    " - }, - "File":{ - "shape":"String", - "documentation":"

    Specifies log files that you want to push to CloudWatch Logs.

    File can point to a specific file or multiple files (by using wild card characters such as /var/log/system.log*). Only the latest file is pushed to CloudWatch Logs, based on file modification time. We recommend that you use wild card characters to specify a series of files of the same type, such as access_log.2014-06-01-01, access_log.2014-06-01-02, and so on by using a pattern like access_log.*. Don't use a wildcard to match multiple file types, such as access_log_80 and access_log_443. To specify multiple, different file types, add another log stream entry to the configuration file, so that each log file type is stored in a different log group.

    Zipped files are not supported.

    " - }, - "FileFingerprintLines":{ - "shape":"String", - "documentation":"

    Specifies the range of lines for identifying a file. The valid values are one number, or two dash-delimited numbers, such as '1', '2-5'. The default value is '1', meaning the first line is used to calculate the fingerprint. Fingerprint lines are not sent to CloudWatch Logs unless all specified lines are available.

    " - }, - "MultiLineStartPattern":{ - "shape":"String", - "documentation":"

    Specifies the pattern for identifying the start of a log message.

    " - }, - "InitialPosition":{ - "shape":"CloudWatchLogsInitialPosition", - "documentation":"

    Specifies where to start to read data (start_of_file or end_of_file). The default is start_of_file. This setting is only used if there is no state persisted for that log stream.

    " - }, - "Encoding":{ - "shape":"CloudWatchLogsEncoding", - "documentation":"

    Specifies the encoding of the log file so that the file can be read correctly. The default is utf_8. Encodings supported by Python codecs.decode() can be used here.

    " - }, - "BufferDuration":{ - "shape":"Integer", - "documentation":"

    Specifies the time duration for the batching of log events. The minimum value is 5000ms and default value is 5000ms.

    " - }, - "BatchCount":{ - "shape":"Integer", - "documentation":"

    Specifies the max number of log events in a batch, up to 10000. The default value is 1000.

    " - }, - "BatchSize":{ - "shape":"Integer", - "documentation":"

    Specifies the maximum size of log events in a batch, in bytes, up to 1048576 bytes. The default value is 32768 bytes. This size is calculated as the sum of all event messages in UTF-8, plus 26 bytes for each log event.

    " - } - }, - "documentation":"

    Describes the CloudWatch Logs configuration for a layer. For detailed information about members of this data type, see the CloudWatch Logs Agent Reference.

    " - }, - "CloudWatchLogsLogStreams":{ - "type":"list", - "member":{"shape":"CloudWatchLogsLogStream"}, - "documentation":"

    Describes the Amazon CloudWatch Logs configuration for a layer.

    " - }, - "CloudWatchLogsTimeZone":{ - "type":"string", - "documentation":"

    The preferred time zone for logs streamed to CloudWatch Logs. Valid values are LOCAL and UTC, for Coordinated Universal Time.

    ", - "enum":[ - "LOCAL", - "UTC" - ] - }, - "Command":{ - "type":"structure", - "members":{ - "CommandId":{ - "shape":"String", - "documentation":"

    The command ID.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The ID of the instance where the command was executed.

    " - }, - "DeploymentId":{ - "shape":"String", - "documentation":"

    The command deployment ID.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    Date and time when the command was run.

    " - }, - "AcknowledgedAt":{ - "shape":"DateTime", - "documentation":"

    Date and time when the command was acknowledged.

    " - }, - "CompletedAt":{ - "shape":"DateTime", - "documentation":"

    Date when the command completed.

    " - }, - "Status":{ - "shape":"String", - "documentation":"

    The command status:

    • failed

    • successful

    • skipped

    • pending

    " - }, - "ExitCode":{ - "shape":"Integer", - "documentation":"

    The command exit code.

    " - }, - "LogUrl":{ - "shape":"String", - "documentation":"

    The URL of the command log.

    " - }, - "Type":{ - "shape":"String", - "documentation":"

    The command type:

    • configure

    • deploy

    • execute_recipes

    • install_dependencies

    • restart

    • rollback

    • setup

    • start

    • stop

    • undeploy

    • update_custom_cookbooks

    • update_dependencies

    " - } - }, - "documentation":"

    Describes a command.

    " - }, - "Commands":{ - "type":"list", - "member":{"shape":"Command"} - }, - "CreateAppRequest":{ - "type":"structure", - "required":[ - "StackId", - "Name", - "Type" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "Shortname":{ - "shape":"String", - "documentation":"

    The app's short name.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The app name.

    " - }, - "Description":{ - "shape":"String", - "documentation":"

    A description of the app.

    " - }, - "DataSources":{ - "shape":"DataSources", - "documentation":"

    The app's data source.

    " - }, - "Type":{ - "shape":"AppType", - "documentation":"

    The app type. Each supported type is associated with a particular layer. For example, PHP applications are associated with a PHP layer. OpsWorks Stacks deploys an application to those instances that are members of the corresponding layer. If your app isn't one of the standard types, or you prefer to implement your own Deploy recipes, specify other.

    " - }, - "AppSource":{ - "shape":"Source", - "documentation":"

    A Source object that specifies the app repository.

    " - }, - "Domains":{ - "shape":"Strings", - "documentation":"

    The app virtual host settings, with multiple domains separated by commas. For example: 'www.example.com, example.com'

    " - }, - "EnableSsl":{ - "shape":"Boolean", - "documentation":"

    Whether to enable SSL for the app.

    " - }, - "SslConfiguration":{ - "shape":"SslConfiguration", - "documentation":"

    An SslConfiguration object with the SSL configuration.

    " - }, - "Attributes":{ - "shape":"AppAttributes", - "documentation":"

    One or more user-defined key/value pairs to be added to the stack attributes.

    " - }, - "Environment":{ - "shape":"EnvironmentVariables", - "documentation":"

    An array of EnvironmentVariable objects that specify environment variables to be associated with the app. After you deploy the app, these variables are defined on the associated app server instance. For more information, see Environment Variables.

    There is no specific limit on the number of environment variables. However, the size of the associated data structure - which includes the variables' names, values, and protected flag values - cannot exceed 20 KB. This limit should accommodate most if not all use cases. Exceeding it will cause an exception with the message, \"Environment: is too large (maximum is 20KB).\"

    If you have specified one or more environment variables, you cannot modify the stack's Chef version.

    " - } - } - }, - "CreateAppResult":{ - "type":"structure", - "members":{ - "AppId":{ - "shape":"String", - "documentation":"

    The app ID.

    " - } - }, - "documentation":"

    Contains the response to a CreateApp request.

    " - }, - "CreateDeploymentRequest":{ - "type":"structure", - "required":[ - "StackId", - "Command" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "AppId":{ - "shape":"String", - "documentation":"

    The app ID. This parameter is required for app deployments, but not for other deployment commands.

    " - }, - "InstanceIds":{ - "shape":"Strings", - "documentation":"

    The instance IDs for the deployment targets.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    The layer IDs for the deployment targets.

    " - }, - "Command":{ - "shape":"DeploymentCommand", - "documentation":"

    A DeploymentCommand object that specifies the deployment command and any associated arguments.

    " - }, - "Comment":{ - "shape":"String", - "documentation":"

    A user-defined comment.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A string that contains user-defined, custom JSON. You can use this parameter to override some corresponding default stack configuration JSON values. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes and Overriding Attributes With Custom JSON.

    " - } - } - }, - "CreateDeploymentResult":{ - "type":"structure", - "members":{ - "DeploymentId":{ - "shape":"String", - "documentation":"

    The deployment ID, which can be used with other requests to identify the deployment.

    " - } - }, - "documentation":"

    Contains the response to a CreateDeployment request.

    " - }, - "CreateInstanceRequest":{ - "type":"structure", - "required":[ - "StackId", - "LayerIds", - "InstanceType" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    An array that contains the instance's layer IDs.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The instance type, such as t2.micro. For a list of supported instance types, open the stack in the console, choose Instances, and choose + Instance. The Size list contains the currently supported types. For more information, see Instance Families and Types. The parameter values that you use to specify the various types are in the API Name column of the Available Instance Types table.

    " - }, - "AutoScalingType":{ - "shape":"AutoScalingType", - "documentation":"

    For load-based or time-based instances, the type. Windows stacks can use only time-based instances.

    " - }, - "Hostname":{ - "shape":"String", - "documentation":"

    The instance host name. The following are character limits for instance host names.

    • Linux-based instances: 63 characters

    • Windows-based instances: 15 characters

    " - }, - "Os":{ - "shape":"String", - "documentation":"

    The instance's operating system, which must be set to one of the following.

    • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

    • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

    • CentOS Linux 7

    • Red Hat Enterprise Linux 7

    • A supported Windows operating system, such as Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

    • A custom AMI: Custom.

    Not all operating systems are supported with all versions of Chef. For more information about the supported operating systems, see OpsWorks Stacks Operating Systems.

    The default option is the current Amazon Linux version. If you set this parameter to Custom, you must use the CreateInstance action's AmiId parameter to specify the custom AMI that you want to use. Block device mappings are not supported if the value is Custom. For more information about how to use custom AMIs with OpsWorks Stacks, see Using Custom AMIs.

    " - }, - "AmiId":{ - "shape":"String", - "documentation":"

    A custom AMI ID to be used to create the instance. The AMI should be based on one of the supported operating systems. For more information, see Using Custom AMIs.

    If you specify a custom AMI, you must set Os to Custom.

    " - }, - "SshKeyName":{ - "shape":"String", - "documentation":"

    The instance's Amazon EC2 key-pair name.

    " - }, - "AvailabilityZone":{ - "shape":"String", - "documentation":"

    The instance Availability Zone. For more information, see Regions and Endpoints.

    " - }, - "VirtualizationType":{ - "shape":"String", - "documentation":"

    The instance's virtualization type, paravirtual or hvm.

    " - }, - "SubnetId":{ - "shape":"String", - "documentation":"

    The ID of the instance's subnet. If the stack is running in a VPC, you can use this parameter to override the stack's default subnet ID value and direct OpsWorks Stacks to launch the instance in a different subnet.

    " - }, - "Architecture":{ - "shape":"Architecture", - "documentation":"

    The instance architecture. The default option is x86_64. Instance types do not necessarily support both architectures. For a list of the architectures that are supported by the different instance types, see Instance Families and Types.

    " - }, - "RootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The instance root device type. For more information, see Storage for the Root Device.

    " - }, - "BlockDeviceMappings":{ - "shape":"BlockDeviceMappings", - "documentation":"

    An array of BlockDeviceMapping objects that specify the instance's block devices. For more information, see Block Device Mapping. Note that block device mappings are not supported for custom AMIs.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. To control when updates are installed, set this value to false. You must then update your instances manually by using CreateDeployment to run the update_dependencies stack command or by manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    We strongly recommend using the default value of true to ensure that your instances have the latest security updates.

    " - }, - "EbsOptimized":{ - "shape":"Boolean", - "documentation":"

    Whether to create an Amazon EBS-optimized instance.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The default OpsWorks Stacks agent version. You have the following options:

    • INHERIT - Use the stack's default agent version setting.

    • version_number - Use the specified agent version. This value overrides the stack's default setting. To update the agent version, edit the instance configuration and specify a new version. OpsWorks Stacks installs that version on the instance.

    The default setting is INHERIT. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.

    " - }, - "Tenancy":{ - "shape":"String", - "documentation":"

    The instance's tenancy option. The default option is no tenancy, or if the instance is running in a VPC, inherit tenancy settings from the VPC. The following are valid values for this parameter: dedicated, default, or host. Because there are costs associated with changes in tenancy options, we recommend that you research tenancy options before choosing them for your instances. For more information about dedicated hosts, see Dedicated Hosts Overview and Amazon EC2 Dedicated Hosts. For more information about dedicated instances, see Dedicated Instances and Amazon EC2 Dedicated Instances.

    " - } - } - }, - "CreateInstanceResult":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - }, - "documentation":"

    Contains the response to a CreateInstance request.

    " - }, - "CreateLayerRequest":{ - "type":"structure", - "required":[ - "StackId", - "Type", - "Name", - "Shortname" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The layer stack ID.

    " - }, - "Type":{ - "shape":"LayerType", - "documentation":"

    The layer type. A stack cannot have more than one built-in layer of the same type. It can have any number of custom layers. Built-in layers are not available in Chef 12 stacks.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The layer name, which is used by the console. Layer names can be a maximum of 32 characters.

    " - }, - "Shortname":{ - "shape":"String", - "documentation":"

    For custom layers only, use this parameter to specify the layer's short name, which is used internally by OpsWorks Stacks and by Chef recipes. The short name is also used as the name for the directory where your app files are installed. It can have a maximum of 32 characters, which are limited to the alphanumeric characters, '-', '_', and '.'.

    Built-in layer short names are defined by OpsWorks Stacks. For more information, see the Layer Reference.

    " - }, - "Attributes":{ - "shape":"LayerAttributes", - "documentation":"

    One or more user-defined key-value pairs to be added to the stack attributes.

    To create a cluster layer, set the EcsClusterArn attribute to the cluster's ARN.

    " - }, - "CloudWatchLogsConfiguration":{ - "shape":"CloudWatchLogsConfiguration", - "documentation":"

    Specifies CloudWatch Logs configuration options for the layer. For more information, see CloudWatchLogsLogStream.

    " - }, - "CustomInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of an IAM profile to be used for the layer's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A JSON-formatted string containing custom stack configuration and deployment attributes to be installed on the layer's instances. For more information, see Using Custom JSON. This feature is supported as of version 1.7.42 of the CLI.

    " - }, - "CustomSecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    An array containing the layer custom security group IDs.

    " - }, - "Packages":{ - "shape":"Strings", - "documentation":"

    An array of Package objects that describes the layer packages.

    " - }, - "VolumeConfigurations":{ - "shape":"VolumeConfigurations", - "documentation":"

    A VolumeConfigurations object that describes the layer's Amazon EBS volumes.

    " - }, - "EnableAutoHealing":{ - "shape":"Boolean", - "documentation":"

    Whether to disable auto healing for the layer.

    " - }, - "AutoAssignElasticIps":{ - "shape":"Boolean", - "documentation":"

    Whether to automatically assign an Elastic IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "AutoAssignPublicIps":{ - "shape":"Boolean", - "documentation":"

    For stacks that are running in a VPC, whether to automatically assign a public IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "CustomRecipes":{ - "shape":"Recipes", - "documentation":"

    A LayerCustomRecipes object that specifies the layer custom recipes.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. To control when updates are installed, set this value to false. You must then update your instances manually by using CreateDeployment to run the update_dependencies stack command or by manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    To ensure that your instances have the latest security updates, we strongly recommend using the default value of true.

    " - }, - "UseEbsOptimizedInstances":{ - "shape":"Boolean", - "documentation":"

    Whether to use Amazon EBS-optimized instances.

    " - }, - "LifecycleEventConfiguration":{ - "shape":"LifecycleEventConfiguration", - "documentation":"

    A LifeCycleEventConfiguration object that you can use to configure the Shutdown event to specify an execution timeout and enable or disable Elastic Load Balancer connection draining.

    " - } - } - }, - "CreateLayerResult":{ - "type":"structure", - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - } - }, - "documentation":"

    Contains the response to a CreateLayer request.

    " - }, - "CreateStackRequest":{ - "type":"structure", - "required":[ - "Name", - "Region", - "ServiceRoleArn", - "DefaultInstanceProfileArn" - ], - "members":{ - "Name":{ - "shape":"String", - "documentation":"

    The stack name. Stack names can be a maximum of 64 characters.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The stack's Amazon Web Services Region, such as ap-south-1. For more information about Amazon Web Services Regions, see Regions and Endpoints.

    In the CLI, this API maps to the --stack-region parameter. If the --stack-region parameter and the CLI common parameter --region are set to the same value, the stack uses a regional endpoint. If the --stack-region parameter is not set, but the CLI --region parameter is, this also results in a stack with a regional endpoint. However, if the --region parameter is set to us-east-1, and the --stack-region parameter is set to one of the following, then the stack uses a legacy or classic region: us-west-1, us-west-2, sa-east-1, eu-central-1, eu-west-1, ap-northeast-1, ap-southeast-1, ap-southeast-2. In this case, the actual API endpoint of the stack is in us-east-1. Only the preceding regions are supported as classic regions in the us-east-1 API endpoint. Because it is a best practice to choose the regional endpoint that is closest to where you manage Amazon Web Services, we recommend that you use regional endpoints for new stacks. The CLI common --region parameter always specifies a regional API endpoint; it cannot be used to specify a classic OpsWorks Stacks region.

    " - }, - "VpcId":{ - "shape":"String", - "documentation":"

    The ID of the VPC that the stack is to be launched into. The VPC must be in the stack's region. All instances are launched into this VPC. You cannot change the ID later.

    • If your account supports EC2-Classic, the default value is no VPC.

    • If your account does not support EC2-Classic, the default value is the default VPC for the specified region.

    If the VPC ID corresponds to a default VPC and you have specified either the DefaultAvailabilityZone or the DefaultSubnetId parameter only, OpsWorks Stacks infers the value of the other parameter. If you specify neither parameter, OpsWorks Stacks sets these parameters to the first valid Availability Zone for the specified region and the corresponding default VPC subnet ID, respectively.

    If you specify a nondefault VPC ID, note the following:

    • It must belong to a VPC in your account that is in the specified region.

    • You must specify a value for DefaultSubnetId.

    For more information about how to use OpsWorks Stacks with a VPC, see Running a Stack in a VPC. For more information about default VPC and EC2-Classic, see Supported Platforms.

    " - }, - "Attributes":{ - "shape":"StackAttributes", - "documentation":"

    One or more user-defined key-value pairs to be added to the stack attributes.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    The stack's IAM role, which allows OpsWorks Stacks to work with Amazon Web Services resources on your behalf. You must set this parameter to the Amazon Resource Name (ARN) for an existing IAM role. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "DefaultInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "DefaultOs":{ - "shape":"String", - "documentation":"

    The stack's default operating system, which is installed on every instance unless you specify a different operating system when you create the instance. You can specify one of the following.

    • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

    • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

    • CentOS Linux 7

    • Red Hat Enterprise Linux 7

    • A supported Windows operating system, such as Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

    • A custom AMI: Custom. You specify the custom AMI you want to use when you create instances. For more information, see Using Custom AMIs.

    The default option is the current Amazon Linux version. Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see OpsWorks Stacks Operating Systems.

    " - }, - "HostnameTheme":{ - "shape":"String", - "documentation":"

    The stack's host name theme, with spaces replaced by underscores. The theme is used to generate host names for the stack's instances. By default, HostnameTheme is set to Layer_Dependent, which creates host names by appending integers to the layer's short name. The other themes are:

    • Baked_Goods

    • Clouds

    • Europe_Cities

    • Fruits

    • Greek_Deities_and_Titans

    • Legendary_creatures_from_Japan

    • Planets_and_Moons

    • Roman_Deities

    • Scottish_Islands

    • US_Cities

    • Wild_Cats

    To obtain a generated host name, call GetHostNameSuggestion, which returns a host name based on the current theme.

    " - }, - "DefaultAvailabilityZone":{ - "shape":"String", - "documentation":"

    The stack's default Availability Zone, which must be in the specified region. For more information, see Regions and Endpoints. If you also specify a value for DefaultSubnetId, the subnet must be in the same zone. For more information, see the VpcId parameter description.

    " - }, - "DefaultSubnetId":{ - "shape":"String", - "documentation":"

    The stack's default VPC subnet ID. This parameter is required if you specify a value for the VpcId parameter. All instances are launched into this subnet unless you specify otherwise when you create the instance. If you also specify a value for DefaultAvailabilityZone, the subnet must be in that zone. For information on default values and when this parameter is required, see the VpcId parameter description.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A string that contains user-defined, custom JSON. It can be used to override the corresponding default stack configuration attribute values or to pass data to recipes. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager. When you create a stack we recommend that you use the configuration manager to specify the Chef version: 12, 11.10, or 11.4 for Linux stacks, or 12.2 for Windows stacks. The default value for Linux stacks is currently 12.

    " - }, - "ChefConfiguration":{ - "shape":"ChefConfiguration", - "documentation":"

    A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information, see Create a New Stack.

    " - }, - "UseCustomCookbooks":{ - "shape":"Boolean", - "documentation":"

    Whether the stack uses custom cookbooks.

    " - }, - "UseOpsworksSecurityGroups":{ - "shape":"Boolean", - "documentation":"

    Whether to associate the OpsWorks Stacks built-in security groups with the stack's layers.

    OpsWorks Stacks provides a standard set of built-in security groups, one for each layer, which are associated with layers by default. With UseOpsworksSecurityGroups you can instead provide your own custom security groups. UseOpsworksSecurityGroups has the following settings:

    • True - OpsWorks Stacks automatically associates the appropriate built-in security group with each layer (default setting). You can associate additional security groups with a layer after you create it, but you cannot delete the built-in security group.

    • False - OpsWorks Stacks does not associate built-in security groups with layers. You must create appropriate EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on creation; custom security groups are required only for those layers that need custom settings.

    For more information, see Create a New Stack.

    " - }, - "CustomCookbooksSource":{ - "shape":"Source", - "documentation":"

    Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.

    " - }, - "DefaultSshKeyName":{ - "shape":"String", - "documentation":"

    A default Amazon EC2 key pair name. The default value is none. If you specify a key pair name, OpsWorks installs the public key on the instance and you can use the private key with an SSH client to log in to the instance. For more information, see Using SSH to Communicate with an Instance and Managing SSH Access. You can override this setting by specifying a different key pair, or no key pair, when you create an instance.

    " - }, - "DefaultRootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The default root device type. This value is the default for all instances in the stack, but you can override it when you create an instance. The default option is instance-store. For more information, see Storage for the Root Device.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The default OpsWorks Stacks agent version. You have the following options:

    • Auto-update - Set this parameter to LATEST. OpsWorks Stacks automatically installs new agent versions on the stack's instances as soon as they are available.

    • Fixed version - Set this parameter to your preferred agent version. To update the agent version, you must edit the stack configuration and specify a new version. OpsWorks Stacks installs that version on the stack's instances.

    The default setting is the most recent release of the agent. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.

    You can also specify an agent version when you create or update an instance, which overrides the stack's default setting.

    " - } - } - }, - "CreateStackResult":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID, which is an opaque string that you use to identify the stack when performing actions such as DescribeStacks.

    " - } - }, - "documentation":"

    Contains the response to a CreateStack request.

    " - }, - "CreateUserProfileRequest":{ - "type":"structure", - "required":["IamUserArn"], - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN; this can also be a federated user's ARN.

    " - }, - "SshUsername":{ - "shape":"String", - "documentation":"

    The user's SSH user name. The allowable characters are [a-z], [A-Z], [0-9], '-', and '_'. If the specified name includes other punctuation marks, OpsWorks Stacks removes them. For example, my.name is changed to myname. If you do not specify an SSH user name, OpsWorks Stacks generates one from the IAM user name.

    " - }, - "SshPublicKey":{ - "shape":"String", - "documentation":"

    The user's public SSH key.

    " - }, - "AllowSelfManagement":{ - "shape":"Boolean", - "documentation":"

    Whether users can specify their own SSH public key through the My Settings page. For more information, see Setting an IAM User's Public SSH Key.

    " - } - } - }, - "CreateUserProfileResult":{ - "type":"structure", - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN.

    " - } - }, - "documentation":"

    Contains the response to a CreateUserProfile request.

    " - }, - "DailyAutoScalingSchedule":{ - "type":"map", - "key":{"shape":"Hour"}, - "value":{"shape":"Switch"} - }, - "DataSource":{ - "type":"structure", - "members":{ - "Type":{ - "shape":"String", - "documentation":"

    The data source's type, AutoSelectOpsworksMysqlInstance, OpsworksMysqlInstance, RdsDbInstance, or None.

    " - }, - "Arn":{ - "shape":"String", - "documentation":"

    The data source's ARN.

    " - }, - "DatabaseName":{ - "shape":"String", - "documentation":"

    The database name.

    " - } - }, - "documentation":"

    Describes an app's data source.

    " - }, - "DataSources":{ - "type":"list", - "member":{"shape":"DataSource"} - }, - "DateTime":{"type":"string"}, - "DeleteAppRequest":{ - "type":"structure", - "required":["AppId"], - "members":{ - "AppId":{ - "shape":"String", - "documentation":"

    The app ID.

    " - } - } - }, - "DeleteInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "DeleteElasticIp":{ - "shape":"Boolean", - "documentation":"

    Whether to delete the instance Elastic IP address.

    " - }, - "DeleteVolumes":{ - "shape":"Boolean", - "documentation":"

    Whether to delete the instance's Amazon EBS volumes.

    " - } - } - }, - "DeleteLayerRequest":{ - "type":"structure", - "required":["LayerId"], - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - } - } - }, - "DeleteStackRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "DeleteUserProfileRequest":{ - "type":"structure", - "required":["IamUserArn"], - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN. This can also be a federated user's ARN.

    " - } - } - }, - "Deployment":{ - "type":"structure", - "members":{ - "DeploymentId":{ - "shape":"String", - "documentation":"

    The deployment ID.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "AppId":{ - "shape":"String", - "documentation":"

    The app ID.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    Date when the deployment was created.

    " - }, - "CompletedAt":{ - "shape":"DateTime", - "documentation":"

    Date when the deployment completed.

    " - }, - "Duration":{ - "shape":"Integer", - "documentation":"

    The deployment duration.

    " - }, - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN.

    " - }, - "Comment":{ - "shape":"String", - "documentation":"

    A user-defined comment.

    " - }, - "Command":{ - "shape":"DeploymentCommand", - "documentation":"

    Used to specify a stack or deployment command.

    " - }, - "Status":{ - "shape":"String", - "documentation":"

    The deployment status:

    • running

    • successful

    • failed

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A string that contains user-defined custom JSON. It can be used to override the corresponding default stack configuration attribute values for stack or to pass data to recipes. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information on custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.

    " - }, - "InstanceIds":{ - "shape":"Strings", - "documentation":"

    The IDs of the target instances.

    " - } - }, - "documentation":"

    Describes a deployment of a stack or app.

    " - }, - "DeploymentCommand":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"DeploymentCommandName", - "documentation":"

    Specifies the operation. You can specify only one command.

    For stacks, the following commands are available:

    • execute_recipes: Execute one or more recipes. To specify the recipes, set an Args parameter named recipes to the list of recipes to be executed. For example, to execute phpapp::appsetup, set Args to {\"recipes\":[\"phpapp::appsetup\"]}.

    • install_dependencies: Install the stack's dependencies.

    • update_custom_cookbooks: Update the stack's custom cookbooks.

    • update_dependencies: Update the stack's dependencies.

    The update_dependencies and install_dependencies commands are supported only for Linux instances. You can run the commands successfully on Windows instances, but they do nothing.

    For apps, the following commands are available:

    • deploy: Deploy an app. Ruby on Rails apps have an optional Args parameter named migrate. Set Args to {\"migrate\":[\"true\"]} to migrate the database. The default setting is {\"migrate\":[\"false\"]}.

    • rollback Roll the app back to the previous version. When you update an app, OpsWorks Stacks stores the previous version, up to a maximum of five versions. You can use this command to roll an app back as many as four versions.

    • start: Start the app's web or application server.

    • stop: Stop the app's web or application server.

    • restart: Restart the app's web or application server.

    • undeploy: Undeploy the app.

    " - }, - "Args":{ - "shape":"DeploymentCommandArgs", - "documentation":"

    The arguments of those commands that take arguments. It should be set to a JSON object with the following format:

    {\"arg_name1\" : [\"value1\", \"value2\", ...], \"arg_name2\" : [\"value1\", \"value2\", ...], ...}

    The update_dependencies command takes two arguments:

    • upgrade_os_to - Specifies the Amazon Linux version that you want instances to run, such as Amazon Linux 2. You must also set the allow_reboot argument to true.

    • allow_reboot - Specifies whether to allow OpsWorks Stacks to reboot the instances if necessary, after installing the updates. This argument can be set to either true or false. The default value is false.

    For example, to upgrade an instance to Amazon Linux 2018.03, set Args to the following.

    { \"upgrade_os_to\":[\"Amazon Linux 2018.03\"], \"allow_reboot\":[\"true\"] }

    " - } - }, - "documentation":"

    Used to specify a stack or deployment command.

    " - }, - "DeploymentCommandArgs":{ - "type":"map", - "key":{"shape":"String"}, - "value":{"shape":"Strings"} - }, - "DeploymentCommandName":{ - "type":"string", - "enum":[ - "install_dependencies", - "update_dependencies", - "update_custom_cookbooks", - "execute_recipes", - "configure", - "setup", - "deploy", - "rollback", - "start", - "stop", - "restart", - "undeploy" - ] - }, - "Deployments":{ - "type":"list", - "member":{"shape":"Deployment"} - }, - "DeregisterEcsClusterRequest":{ - "type":"structure", - "required":["EcsClusterArn"], - "members":{ - "EcsClusterArn":{ - "shape":"String", - "documentation":"

    The cluster's Amazon Resource Number (ARN).

    " - } - } - }, - "DeregisterElasticIpRequest":{ - "type":"structure", - "required":["ElasticIp"], - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The Elastic IP address.

    " - } - } - }, - "DeregisterInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "DeregisterRdsDbInstanceRequest":{ - "type":"structure", - "required":["RdsDbInstanceArn"], - "members":{ - "RdsDbInstanceArn":{ - "shape":"String", - "documentation":"

    The Amazon RDS instance's ARN.

    " - } - } - }, - "DeregisterVolumeRequest":{ - "type":"structure", - "required":["VolumeId"], - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The OpsWorks Stacks volume ID, which is the GUID that OpsWorks Stacks assigned to the instance when you registered the volume with the stack, not the Amazon EC2 volume ID.

    " - } - } - }, - "DescribeAgentVersionsRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager.

    " - } - } - }, - "DescribeAgentVersionsResult":{ - "type":"structure", - "members":{ - "AgentVersions":{ - "shape":"AgentVersions", - "documentation":"

    The agent versions for the specified stack or configuration manager. Note that this value is the complete version number, not the abbreviated number used by the console.

    " - } - }, - "documentation":"

    Contains the response to a DescribeAgentVersions request.

    " - }, - "DescribeAppsRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The app stack ID. If you use this parameter, DescribeApps returns a description of the apps in the specified stack.

    " - }, - "AppIds":{ - "shape":"Strings", - "documentation":"

    An array of app IDs for the apps to be described. If you use this parameter, DescribeApps returns a description of the specified apps. Otherwise, it returns a description of every app.

    " - } - } - }, - "DescribeAppsResult":{ - "type":"structure", - "members":{ - "Apps":{ - "shape":"Apps", - "documentation":"

    An array of App objects that describe the specified apps.

    " - } - }, - "documentation":"

    Contains the response to a DescribeApps request.

    " - }, - "DescribeCommandsRequest":{ - "type":"structure", - "members":{ - "DeploymentId":{ - "shape":"String", - "documentation":"

    The deployment ID. If you include this parameter, DescribeCommands returns a description of the commands associated with the specified deployment.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID. If you include this parameter, DescribeCommands returns a description of the commands associated with the specified instance.

    " - }, - "CommandIds":{ - "shape":"Strings", - "documentation":"

    An array of command IDs. If you include this parameter, DescribeCommands returns a description of the specified commands. Otherwise, it returns a description of every command.

    " - } - } - }, - "DescribeCommandsResult":{ - "type":"structure", - "members":{ - "Commands":{ - "shape":"Commands", - "documentation":"

    An array of Command objects that describe each of the specified commands.

    " - } - }, - "documentation":"

    Contains the response to a DescribeCommands request.

    " - }, - "DescribeDeploymentsRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID. If you include this parameter, the command returns a description of the commands associated with the specified stack.

    " - }, - "AppId":{ - "shape":"String", - "documentation":"

    The app ID. If you include this parameter, the command returns a description of the commands associated with the specified app.

    " - }, - "DeploymentIds":{ - "shape":"Strings", - "documentation":"

    An array of deployment IDs to be described. If you include this parameter, the command returns a description of the specified deployments. Otherwise, it returns a description of every deployment.

    " - } - } - }, - "DescribeDeploymentsResult":{ - "type":"structure", - "members":{ - "Deployments":{ - "shape":"Deployments", - "documentation":"

    An array of Deployment objects that describe the deployments.

    " - } - }, - "documentation":"

    Contains the response to a DescribeDeployments request.

    " - }, - "DescribeEcsClustersRequest":{ - "type":"structure", - "members":{ - "EcsClusterArns":{ - "shape":"Strings", - "documentation":"

    A list of ARNs, one for each cluster to be described.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID. DescribeEcsClusters returns a description of the cluster that is registered with the stack.

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object'sNextToken parameter value is set to a token. To retrieve the next set of results, call DescribeEcsClusters again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "MaxResults":{ - "shape":"Integer", - "documentation":"

    To receive a paginated response, use this parameter to specify the maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

    " - } - } - }, - "DescribeEcsClustersResult":{ - "type":"structure", - "members":{ - "EcsClusters":{ - "shape":"EcsClusters", - "documentation":"

    A list of EcsCluster objects containing the cluster descriptions.

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    If a paginated request does not return all of the remaining results, this parameter is set to a token that you can assign to the request object's NextToken parameter to retrieve the next set of results. If the previous paginated request returned all of the remaining results, this parameter is set to null.

    " - } - }, - "documentation":"

    Contains the response to a DescribeEcsClusters request.

    " - }, - "DescribeElasticIpsRequest":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID. If you include this parameter, DescribeElasticIps returns a description of the Elastic IP addresses associated with the specified instance.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID. If you include this parameter, DescribeElasticIps returns a description of the Elastic IP addresses that are registered with the specified stack.

    " - }, - "Ips":{ - "shape":"Strings", - "documentation":"

    An array of Elastic IP addresses to be described. If you include this parameter, DescribeElasticIps returns a description of the specified Elastic IP addresses. Otherwise, it returns a description of every Elastic IP address.

    " - } - } - }, - "DescribeElasticIpsResult":{ - "type":"structure", - "members":{ - "ElasticIps":{ - "shape":"ElasticIps", - "documentation":"

    An ElasticIps object that describes the specified Elastic IP addresses.

    " - } - }, - "documentation":"

    Contains the response to a DescribeElasticIps request.

    " - }, - "DescribeElasticLoadBalancersRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID. The action describes the stack's Elastic Load Balancing instances.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    A list of layer IDs. The action describes the Elastic Load Balancing instances for the specified layers.

    " - } - } - }, - "DescribeElasticLoadBalancersResult":{ - "type":"structure", - "members":{ - "ElasticLoadBalancers":{ - "shape":"ElasticLoadBalancers", - "documentation":"

    A list of ElasticLoadBalancer objects that describe the specified Elastic Load Balancing instances.

    " - } - }, - "documentation":"

    Contains the response to a DescribeElasticLoadBalancers request.

    " - }, - "DescribeInstancesRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID. If you use this parameter, DescribeInstances returns descriptions of the instances associated with the specified stack.

    " - }, - "LayerId":{ - "shape":"String", - "documentation":"

    A layer ID. If you use this parameter, DescribeInstances returns descriptions of the instances associated with the specified layer.

    " - }, - "InstanceIds":{ - "shape":"Strings", - "documentation":"

    An array of instance IDs to be described. If you use this parameter, DescribeInstances returns a description of the specified instances. Otherwise, it returns a description of every instance.

    " - } - } - }, - "DescribeInstancesResult":{ - "type":"structure", - "members":{ - "Instances":{ - "shape":"Instances", - "documentation":"

    An array of Instance objects that describe the instances.

    " - } - }, - "documentation":"

    Contains the response to a DescribeInstances request.

    " - }, - "DescribeLayersRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    An array of layer IDs that specify the layers to be described. If you omit this parameter, DescribeLayers returns a description of every layer in the specified stack.

    " - } - } - }, - "DescribeLayersResult":{ - "type":"structure", - "members":{ - "Layers":{ - "shape":"Layers", - "documentation":"

    An array of Layer objects that describe the layers.

    " - } - }, - "documentation":"

    Contains the response to a DescribeLayers request.

    " - }, - "DescribeLoadBasedAutoScalingRequest":{ - "type":"structure", - "required":["LayerIds"], - "members":{ - "LayerIds":{ - "shape":"Strings", - "documentation":"

    An array of layer IDs.

    " - } - } - }, - "DescribeLoadBasedAutoScalingResult":{ - "type":"structure", - "members":{ - "LoadBasedAutoScalingConfigurations":{ - "shape":"LoadBasedAutoScalingConfigurations", - "documentation":"

    An array of LoadBasedAutoScalingConfiguration objects that describe each layer's configuration.

    " - } - }, - "documentation":"

    Contains the response to a DescribeLoadBasedAutoScaling request.

    " - }, - "DescribeMyUserProfileResult":{ - "type":"structure", - "members":{ - "UserProfile":{ - "shape":"SelfUserProfile", - "documentation":"

    A UserProfile object that describes the user's SSH information.

    " - } - }, - "documentation":"

    Contains the response to a DescribeMyUserProfile request.

    " - }, - "DescribeOperatingSystemsResponse":{ - "type":"structure", - "members":{ - "OperatingSystems":{ - "shape":"OperatingSystems", - "documentation":"

    Contains information in response to a DescribeOperatingSystems request.

    " - } - }, - "documentation":"

    The response to a DescribeOperatingSystems request.

    " - }, - "DescribePermissionsRequest":{ - "type":"structure", - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN. This can also be a federated user's ARN. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "DescribePermissionsResult":{ - "type":"structure", - "members":{ - "Permissions":{ - "shape":"Permissions", - "documentation":"

    An array of Permission objects that describe the stack permissions.

    • If the request object contains only a stack ID, the array contains a Permission object with permissions for each of the stack IAM ARNs.

    • If the request object contains only an IAM ARN, the array contains a Permission object with permissions for each of the user's stack IDs.

    • If the request contains a stack ID and an IAM ARN, the array contains a single Permission object with permissions for the specified stack and IAM ARN.

    " - } - }, - "documentation":"

    Contains the response to a DescribePermissions request.

    " - }, - "DescribeRaidArraysRequest":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID. If you use this parameter, DescribeRaidArrays returns descriptions of the RAID arrays associated with the specified instance.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "RaidArrayIds":{ - "shape":"Strings", - "documentation":"

    An array of RAID array IDs. If you use this parameter, DescribeRaidArrays returns descriptions of the specified arrays. Otherwise, it returns a description of every array.

    " - } - } - }, - "DescribeRaidArraysResult":{ - "type":"structure", - "members":{ - "RaidArrays":{ - "shape":"RaidArrays", - "documentation":"

    A RaidArrays object that describes the specified RAID arrays.

    " - } - }, - "documentation":"

    Contains the response to a DescribeRaidArrays request.

    " - }, - "DescribeRdsDbInstancesRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The ID of the stack with which the instances are registered. The operation returns descriptions of all registered Amazon RDS instances.

    " - }, - "RdsDbInstanceArns":{ - "shape":"Strings", - "documentation":"

    An array containing the ARNs of the instances to be described.

    " - } - } - }, - "DescribeRdsDbInstancesResult":{ - "type":"structure", - "members":{ - "RdsDbInstances":{ - "shape":"RdsDbInstances", - "documentation":"

    An a array of RdsDbInstance objects that describe the instances.

    " - } - }, - "documentation":"

    Contains the response to a DescribeRdsDbInstances request.

    " - }, - "DescribeServiceErrorsRequest":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID. If you use this parameter, DescribeServiceErrors returns descriptions of the errors associated with the specified stack.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID. If you use this parameter, DescribeServiceErrors returns descriptions of the errors associated with the specified instance.

    " - }, - "ServiceErrorIds":{ - "shape":"Strings", - "documentation":"

    An array of service error IDs. If you use this parameter, DescribeServiceErrors returns descriptions of the specified errors. Otherwise, it returns a description of every error.

    " - } - } - }, - "DescribeServiceErrorsResult":{ - "type":"structure", - "members":{ - "ServiceErrors":{ - "shape":"ServiceErrors", - "documentation":"

    An array of ServiceError objects that describe the specified service errors.

    " - } - }, - "documentation":"

    Contains the response to a DescribeServiceErrors request.

    " - }, - "DescribeStackProvisioningParametersRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "DescribeStackProvisioningParametersResult":{ - "type":"structure", - "members":{ - "AgentInstallerUrl":{ - "shape":"String", - "documentation":"

    The OpsWorks Stacks agent installer's URL.

    " - }, - "Parameters":{ - "shape":"Parameters", - "documentation":"

    An embedded object that contains the provisioning parameters.

    " - } - }, - "documentation":"

    Contains the response to a DescribeStackProvisioningParameters request.

    " - }, - "DescribeStackSummaryRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "DescribeStackSummaryResult":{ - "type":"structure", - "members":{ - "StackSummary":{ - "shape":"StackSummary", - "documentation":"

    A StackSummary object that contains the results.

    " - } - }, - "documentation":"

    Contains the response to a DescribeStackSummary request.

    " - }, - "DescribeStacksRequest":{ - "type":"structure", - "members":{ - "StackIds":{ - "shape":"Strings", - "documentation":"

    An array of stack IDs that specify the stacks to be described. If you omit this parameter, and have permissions to get information about all stacks, DescribeStacks returns a description of every stack. If the IAM policy that is attached to an IAM user limits the DescribeStacks action to specific stack ARNs, this parameter is required, and the user must specify a stack ARN that is allowed by the policy. Otherwise, DescribeStacks returns an AccessDenied error.

    " - } - } - }, - "DescribeStacksResult":{ - "type":"structure", - "members":{ - "Stacks":{ - "shape":"Stacks", - "documentation":"

    An array of Stack objects that describe the stacks.

    " - } - }, - "documentation":"

    Contains the response to a DescribeStacks request.

    " - }, - "DescribeTimeBasedAutoScalingRequest":{ - "type":"structure", - "required":["InstanceIds"], - "members":{ - "InstanceIds":{ - "shape":"Strings", - "documentation":"

    An array of instance IDs.

    " - } - } - }, - "DescribeTimeBasedAutoScalingResult":{ - "type":"structure", - "members":{ - "TimeBasedAutoScalingConfigurations":{ - "shape":"TimeBasedAutoScalingConfigurations", - "documentation":"

    An array of TimeBasedAutoScalingConfiguration objects that describe the configuration for the specified instances.

    " - } - }, - "documentation":"

    Contains the response to a DescribeTimeBasedAutoScaling request.

    " - }, - "DescribeUserProfilesRequest":{ - "type":"structure", - "members":{ - "IamUserArns":{ - "shape":"Strings", - "documentation":"

    An array of IAM or federated user ARNs that identify the users to be described.

    " - } - } - }, - "DescribeUserProfilesResult":{ - "type":"structure", - "members":{ - "UserProfiles":{ - "shape":"UserProfiles", - "documentation":"

    A Users object that describes the specified users.

    " - } - }, - "documentation":"

    Contains the response to a DescribeUserProfiles request.

    " - }, - "DescribeVolumesRequest":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID. If you use this parameter, DescribeVolumes returns descriptions of the volumes associated with the specified instance.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID. The action describes the stack's registered Amazon EBS volumes.

    " - }, - "RaidArrayId":{ - "shape":"String", - "documentation":"

    The RAID array ID. If you use this parameter, DescribeVolumes returns descriptions of the volumes associated with the specified RAID array.

    " - }, - "VolumeIds":{ - "shape":"Strings", - "documentation":"

    Am array of volume IDs. If you use this parameter, DescribeVolumes returns descriptions of the specified volumes. Otherwise, it returns a description of every volume.

    " - } - } - }, - "DescribeVolumesResult":{ - "type":"structure", - "members":{ - "Volumes":{ - "shape":"Volumes", - "documentation":"

    An array of volume IDs.

    " - } - }, - "documentation":"

    Contains the response to a DescribeVolumes request.

    " - }, - "DetachElasticLoadBalancerRequest":{ - "type":"structure", - "required":[ - "ElasticLoadBalancerName", - "LayerId" - ], - "members":{ - "ElasticLoadBalancerName":{ - "shape":"String", - "documentation":"

    The Elastic Load Balancing instance's name.

    " - }, - "LayerId":{ - "shape":"String", - "documentation":"

    The ID of the layer that the Elastic Load Balancing instance is attached to.

    " - } - } - }, - "DisassociateElasticIpRequest":{ - "type":"structure", - "required":["ElasticIp"], - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The Elastic IP address.

    " - } - } - }, - "Double":{ - "type":"double", - "box":true - }, - "EbsBlockDevice":{ - "type":"structure", - "members":{ - "SnapshotId":{ - "shape":"String", - "documentation":"

    The snapshot ID.

    " - }, - "Iops":{ - "shape":"Integer", - "documentation":"

    The number of I/O operations per second (IOPS) that the volume supports. For more information, see EbsBlockDevice.

    " - }, - "VolumeSize":{ - "shape":"Integer", - "documentation":"

    The volume size, in GiB. For more information, see EbsBlockDevice.

    " - }, - "VolumeType":{ - "shape":"VolumeType", - "documentation":"

    The volume type. gp2 for General Purpose (SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, st1 for Throughput Optimized hard disk drives (HDD), sc1 for Cold HDD,and standard for Magnetic volumes.

    If you specify the io1 volume type, you must also specify a value for the Iops attribute. The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1. Amazon Web Services uses the default volume size (in GiB) specified in the AMI attributes to set IOPS to 50 x (volume size).

    " - }, - "DeleteOnTermination":{ - "shape":"Boolean", - "documentation":"

    Whether the volume is deleted on instance termination.

    " - } - }, - "documentation":"

    Describes an Amazon EBS volume. This data type maps directly to the Amazon EC2 EbsBlockDevice data type.

    " - }, - "EcsCluster":{ - "type":"structure", - "members":{ - "EcsClusterArn":{ - "shape":"String", - "documentation":"

    The cluster's ARN.

    " - }, - "EcsClusterName":{ - "shape":"String", - "documentation":"

    The cluster name.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "RegisteredAt":{ - "shape":"DateTime", - "documentation":"

    The time and date that the cluster was registered with the stack.

    " - } - }, - "documentation":"

    Describes a registered Amazon ECS cluster.

    " - }, - "EcsClusters":{ - "type":"list", - "member":{"shape":"EcsCluster"} - }, - "ElasticIp":{ - "type":"structure", - "members":{ - "Ip":{ - "shape":"String", - "documentation":"

    The IP address.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The name, which can be a maximum of 32 characters.

    " - }, - "Domain":{ - "shape":"String", - "documentation":"

    The domain.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The Amazon Web Services Region. For more information, see Regions and Endpoints.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The ID of the instance that the address is attached to.

    " - } - }, - "documentation":"

    Describes an Elastic IP address.

    " - }, - "ElasticIps":{ - "type":"list", - "member":{"shape":"ElasticIp"} - }, - "ElasticLoadBalancer":{ - "type":"structure", - "members":{ - "ElasticLoadBalancerName":{ - "shape":"String", - "documentation":"

    The Elastic Load Balancing instance name.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The instance's Amazon Web Services Region.

    " - }, - "DnsName":{ - "shape":"String", - "documentation":"

    The instance's public DNS name.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The ID of the stack with which the instance is associated.

    " - }, - "LayerId":{ - "shape":"String", - "documentation":"

    The ID of the layer to which the instance is attached.

    " - }, - "VpcId":{ - "shape":"String", - "documentation":"

    The VPC ID.

    " - }, - "AvailabilityZones":{ - "shape":"Strings", - "documentation":"

    A list of Availability Zones.

    " - }, - "SubnetIds":{ - "shape":"Strings", - "documentation":"

    A list of subnet IDs, if the stack is running in a VPC.

    " - }, - "Ec2InstanceIds":{ - "shape":"Strings", - "documentation":"

    A list of the EC2 instances for which the Elastic Load Balancing instance is managing traffic.

    " - } - }, - "documentation":"

    Describes an Elastic Load Balancing instance.

    " - }, - "ElasticLoadBalancers":{ - "type":"list", - "member":{"shape":"ElasticLoadBalancer"} - }, - "EnvironmentVariable":{ - "type":"structure", - "required":[ - "Key", - "Value" - ], - "members":{ - "Key":{ - "shape":"String", - "documentation":"

    (Required) The environment variable's name, which can consist of up to 64 characters and must be specified. The name can contain upper- and lowercase letters, numbers, and underscores (_), but it must start with a letter or underscore.

    " - }, - "Value":{ - "shape":"String", - "documentation":"

    (Optional) The environment variable's value, which can be left empty. If you specify a value, it can contain up to 256 characters, which must all be printable.

    " - }, - "Secure":{ - "shape":"Boolean", - "documentation":"

    (Optional) Whether the variable's value is returned by the DescribeApps action. To hide an environment variable's value, set Secure to true. DescribeApps returns *****FILTERED***** instead of the actual value. The default value for Secure is false.

    " - } - }, - "documentation":"

    Represents an app's environment variable.

    " - }, - "EnvironmentVariables":{ - "type":"list", - "member":{"shape":"EnvironmentVariable"} - }, - "GetHostnameSuggestionRequest":{ - "type":"structure", - "required":["LayerId"], - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - } - } - }, - "GetHostnameSuggestionResult":{ - "type":"structure", - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - }, - "Hostname":{ - "shape":"String", - "documentation":"

    The generated host name.

    " - } - }, - "documentation":"

    Contains the response to a GetHostnameSuggestion request.

    " - }, - "GrantAccessRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance's OpsWorks Stacks ID.

    " - }, - "ValidForInMinutes":{ - "shape":"ValidForInMinutes", - "documentation":"

    The length of time (in minutes) that the grant is valid. When the grant expires at the end of this period, the user will no longer be able to use the credentials to log in. If the user is logged in at the time, they are logged out.

    " - } - } - }, - "GrantAccessResult":{ - "type":"structure", - "members":{ - "TemporaryCredential":{ - "shape":"TemporaryCredential", - "documentation":"

    A TemporaryCredential object that contains the data needed to log in to the instance by RDP clients, such as the Microsoft Remote Desktop Connection.

    " - } - }, - "documentation":"

    Contains the response to a GrantAccess request.

    " - }, - "Hour":{"type":"string"}, - "Instance":{ - "type":"structure", - "members":{ - "AgentVersion":{ - "shape":"String", - "documentation":"

    The agent version. This parameter is set to INHERIT if the instance inherits the default stack setting or to a a version number for a fixed agent version.

    " - }, - "AmiId":{ - "shape":"String", - "documentation":"

    A custom AMI ID to be used to create the instance. For more information, see Instances

    " - }, - "Architecture":{ - "shape":"Architecture", - "documentation":"

    The instance architecture: \"i386\" or \"x86_64\".

    " - }, - "Arn":{ - "shape":"String", - "documentation":"

    The instance's Amazon Resource Number (ARN).

    " - }, - "AutoScalingType":{ - "shape":"AutoScalingType", - "documentation":"

    For load-based or time-based instances, the type.

    " - }, - "AvailabilityZone":{ - "shape":"String", - "documentation":"

    The instance Availability Zone. For more information, see Regions and Endpoints.

    " - }, - "BlockDeviceMappings":{ - "shape":"BlockDeviceMappings", - "documentation":"

    An array of BlockDeviceMapping objects that specify the instance's block device mappings.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    The time that the instance was created.

    " - }, - "EbsOptimized":{ - "shape":"Boolean", - "documentation":"

    Whether this is an Amazon EBS-optimized instance.

    " - }, - "Ec2InstanceId":{ - "shape":"String", - "documentation":"

    The ID of the associated Amazon EC2 instance.

    " - }, - "EcsClusterArn":{ - "shape":"String", - "documentation":"

    For container instances, the Amazon ECS cluster's ARN.

    " - }, - "EcsContainerInstanceArn":{ - "shape":"String", - "documentation":"

    For container instances, the instance's ARN.

    " - }, - "ElasticIp":{ - "shape":"String", - "documentation":"

    The instance Elastic IP address.

    " - }, - "Hostname":{ - "shape":"String", - "documentation":"

    The instance host name. The following are character limits for instance host names.

    • Linux-based instances: 63 characters

    • Windows-based instances: 15 characters

    " - }, - "InfrastructureClass":{ - "shape":"String", - "documentation":"

    For registered instances, the infrastructure class: ec2 or on-premises.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. If this value is set to false, you must update instances manually by using CreateDeployment to run the update_dependencies stack command or by manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    We strongly recommend using the default value of true to ensure that your instances have the latest security updates.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "InstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of the instance's IAM profile. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The instance type, such as t2.micro.

    " - }, - "LastServiceErrorId":{ - "shape":"String", - "documentation":"

    The ID of the last service error. For more information, call DescribeServiceErrors.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    An array containing the instance layer IDs.

    " - }, - "Os":{ - "shape":"String", - "documentation":"

    The instance's operating system.

    " - }, - "Platform":{ - "shape":"String", - "documentation":"

    The instance's platform.

    " - }, - "PrivateDns":{ - "shape":"String", - "documentation":"

    The instance's private DNS name.

    " - }, - "PrivateIp":{ - "shape":"String", - "documentation":"

    The instance's private IP address.

    " - }, - "PublicDns":{ - "shape":"String", - "documentation":"

    The instance public DNS name.

    " - }, - "PublicIp":{ - "shape":"String", - "documentation":"

    The instance public IP address.

    " - }, - "RegisteredBy":{ - "shape":"String", - "documentation":"

    For registered instances, who performed the registration.

    " - }, - "ReportedAgentVersion":{ - "shape":"String", - "documentation":"

    The instance's reported OpsWorks Stacks agent version.

    " - }, - "ReportedOs":{ - "shape":"ReportedOs", - "documentation":"

    For registered instances, the reported operating system.

    " - }, - "RootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The instance's root device type. For more information, see Storage for the Root Device.

    " - }, - "RootDeviceVolumeId":{ - "shape":"String", - "documentation":"

    The root device volume ID.

    " - }, - "SecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    An array containing the instance security group IDs.

    " - }, - "SshHostDsaKeyFingerprint":{ - "shape":"String", - "documentation":"

    The SSH key's Deep Security Agent (DSA) fingerprint.

    " - }, - "SshHostRsaKeyFingerprint":{ - "shape":"String", - "documentation":"

    The SSH key's RSA fingerprint.

    " - }, - "SshKeyName":{ - "shape":"String", - "documentation":"

    The instance's Amazon EC2 key-pair name.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "Status":{ - "shape":"String", - "documentation":"

    The instance status:

    • booting

    • connection_lost

    • online

    • pending

    • rebooting

    • requested

    • running_setup

    • setup_failed

    • shutting_down

    • start_failed

    • stop_failed

    • stopped

    • stopping

    • terminated

    • terminating

    " - }, - "SubnetId":{ - "shape":"String", - "documentation":"

    The instance's subnet ID; applicable only if the stack is running in a VPC.

    " - }, - "Tenancy":{ - "shape":"String", - "documentation":"

    The instance's tenancy option, such as dedicated or host.

    " - }, - "VirtualizationType":{ - "shape":"VirtualizationType", - "documentation":"

    The instance's virtualization type: paravirtual or hvm.

    " - } - }, - "documentation":"

    Describes an instance.

    " - }, - "InstanceIdentity":{ - "type":"structure", - "members":{ - "Document":{ - "shape":"String", - "documentation":"

    A JSON document that contains the metadata.

    " - }, - "Signature":{ - "shape":"String", - "documentation":"

    A signature that can be used to verify the document's accuracy and authenticity.

    " - } - }, - "documentation":"

    Contains a description of an Amazon EC2 instance from the Amazon EC2 metadata service. For more information, see Instance Metadata and User Data.

    " - }, - "Instances":{ - "type":"list", - "member":{"shape":"Instance"} - }, - "InstancesCount":{ - "type":"structure", - "members":{ - "Assigning":{ - "shape":"Integer", - "documentation":"

    The number of instances in the Assigning state.

    " - }, - "Booting":{ - "shape":"Integer", - "documentation":"

    The number of instances with booting status.

    " - }, - "ConnectionLost":{ - "shape":"Integer", - "documentation":"

    The number of instances with connection_lost status.

    " - }, - "Deregistering":{ - "shape":"Integer", - "documentation":"

    The number of instances in the Deregistering state.

    " - }, - "Online":{ - "shape":"Integer", - "documentation":"

    The number of instances with online status.

    " - }, - "Pending":{ - "shape":"Integer", - "documentation":"

    The number of instances with pending status.

    " - }, - "Rebooting":{ - "shape":"Integer", - "documentation":"

    The number of instances with rebooting status.

    " - }, - "Registered":{ - "shape":"Integer", - "documentation":"

    The number of instances in the Registered state.

    " - }, - "Registering":{ - "shape":"Integer", - "documentation":"

    The number of instances in the Registering state.

    " - }, - "Requested":{ - "shape":"Integer", - "documentation":"

    The number of instances with requested status.

    " - }, - "RunningSetup":{ - "shape":"Integer", - "documentation":"

    The number of instances with running_setup status.

    " - }, - "SetupFailed":{ - "shape":"Integer", - "documentation":"

    The number of instances with setup_failed status.

    " - }, - "ShuttingDown":{ - "shape":"Integer", - "documentation":"

    The number of instances with shutting_down status.

    " - }, - "StartFailed":{ - "shape":"Integer", - "documentation":"

    The number of instances with start_failed status.

    " - }, - "StopFailed":{ - "shape":"Integer", - "documentation":"

    The number of instances with stop_failed status.

    " - }, - "Stopped":{ - "shape":"Integer", - "documentation":"

    The number of instances with stopped status.

    " - }, - "Stopping":{ - "shape":"Integer", - "documentation":"

    The number of instances with stopping status.

    " - }, - "Terminated":{ - "shape":"Integer", - "documentation":"

    The number of instances with terminated status.

    " - }, - "Terminating":{ - "shape":"Integer", - "documentation":"

    The number of instances with terminating status.

    " - }, - "Unassigning":{ - "shape":"Integer", - "documentation":"

    The number of instances in the Unassigning state.

    " - } - }, - "documentation":"

    Describes how many instances a stack has for each status.

    " - }, - "Integer":{ - "type":"integer", - "box":true - }, - "Layer":{ - "type":"structure", - "members":{ - "Arn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Number (ARN) of a layer.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The layer stack ID.

    " - }, - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - }, - "Type":{ - "shape":"LayerType", - "documentation":"

    The layer type.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The layer name. Layer names can be a maximum of 32 characters.

    " - }, - "Shortname":{ - "shape":"String", - "documentation":"

    The layer short name.

    " - }, - "Attributes":{ - "shape":"LayerAttributes", - "documentation":"

    The layer attributes.

    For the HaproxyStatsPassword, MysqlRootPassword, and GangliaPassword attributes, OpsWorks Stacks returns *****FILTERED***** instead of the actual value

    For an ECS Cluster layer, OpsWorks Stacks the EcsClusterArn attribute is set to the cluster's ARN.

    " - }, - "CloudWatchLogsConfiguration":{ - "shape":"CloudWatchLogsConfiguration", - "documentation":"

    The Amazon CloudWatch Logs configuration settings for the layer.

    " - }, - "CustomInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of the default IAM profile to be used for the layer's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A JSON formatted string containing the layer's custom stack configuration and deployment attributes.

    " - }, - "CustomSecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    An array containing the layer's custom security group IDs.

    " - }, - "DefaultSecurityGroupNames":{ - "shape":"Strings", - "documentation":"

    An array containing the layer's security group names.

    " - }, - "Packages":{ - "shape":"Strings", - "documentation":"

    An array of Package objects that describe the layer's packages.

    " - }, - "VolumeConfigurations":{ - "shape":"VolumeConfigurations", - "documentation":"

    A VolumeConfigurations object that describes the layer's Amazon EBS volumes.

    " - }, - "EnableAutoHealing":{ - "shape":"Boolean", - "documentation":"

    Whether auto healing is disabled for the layer.

    " - }, - "AutoAssignElasticIps":{ - "shape":"Boolean", - "documentation":"

    Whether to automatically assign an Elastic IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "AutoAssignPublicIps":{ - "shape":"Boolean", - "documentation":"

    For stacks that are running in a VPC, whether to automatically assign a public IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "DefaultRecipes":{ - "shape":"Recipes", - "documentation":"

    OpsWorks Stacks supports five lifecycle events: setup, configuration, deploy, undeploy, and shutdown. For each layer, OpsWorks Stacks runs a set of standard recipes for each event. You can also provide custom recipes for any or all layers and events. OpsWorks Stacks runs custom event recipes after the standard recipes. LayerCustomRecipes specifies the custom recipes for a particular layer to be run in response to each of the five events.

    To specify a recipe, use the cookbook's directory name in the repository followed by two colons and the recipe name, which is the recipe's file name without the .rb extension. For example: phpapp2::dbsetup specifies the dbsetup.rb recipe in the repository's phpapp2 folder.

    " - }, - "CustomRecipes":{ - "shape":"Recipes", - "documentation":"

    A LayerCustomRecipes object that specifies the layer's custom recipes.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    Date when the layer was created.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. If this value is set to false, you must then update your instances manually by using CreateDeployment to run the update_dependencies stack command or manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    We strongly recommend using the default value of true, to ensure that your instances have the latest security updates.

    " - }, - "UseEbsOptimizedInstances":{ - "shape":"Boolean", - "documentation":"

    Whether the layer uses Amazon EBS-optimized instances.

    " - }, - "LifecycleEventConfiguration":{ - "shape":"LifecycleEventConfiguration", - "documentation":"

    A LifeCycleEventConfiguration object that specifies the Shutdown event configuration.

    " - } - }, - "documentation":"

    Describes a layer.

    " - }, - "LayerAttributes":{ - "type":"map", - "key":{"shape":"LayerAttributesKeys"}, - "value":{"shape":"String"} - }, - "LayerAttributesKeys":{ - "type":"string", - "enum":[ - "EcsClusterArn", - "EnableHaproxyStats", - "HaproxyStatsUrl", - "HaproxyStatsUser", - "HaproxyStatsPassword", - "HaproxyHealthCheckUrl", - "HaproxyHealthCheckMethod", - "MysqlRootPassword", - "MysqlRootPasswordUbiquitous", - "GangliaUrl", - "GangliaUser", - "GangliaPassword", - "MemcachedMemory", - "NodejsVersion", - "RubyVersion", - "RubygemsVersion", - "ManageBundler", - "BundlerVersion", - "RailsStack", - "PassengerVersion", - "Jvm", - "JvmVersion", - "JvmOptions", - "JavaAppServer", - "JavaAppServerVersion" - ] - }, - "LayerType":{ - "type":"string", - "enum":[ - "aws-flow-ruby", - "ecs-cluster", - "java-app", - "lb", - "web", - "php-app", - "rails-app", - "nodejs-app", - "memcached", - "db-master", - "monitoring-master", - "custom" - ] - }, - "Layers":{ - "type":"list", - "member":{"shape":"Layer"} - }, - "LifecycleEventConfiguration":{ - "type":"structure", - "members":{ - "Shutdown":{ - "shape":"ShutdownEventConfiguration", - "documentation":"

    A ShutdownEventConfiguration object that specifies the Shutdown event configuration.

    " - } - }, - "documentation":"

    Specifies the lifecycle event configuration

    " - }, - "ListTagsRequest":{ - "type":"structure", - "required":["ResourceArn"], - "members":{ - "ResourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The stack or layer's Amazon Resource Number (ARN).

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    Do not use. A validation exception occurs if you add a MaxResults parameter to a ListTagsRequest call.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    Do not use. A validation exception occurs if you add a NextToken parameter to a ListTagsRequest call.

    " - } - } - }, - "ListTagsResult":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"Tags", - "documentation":"

    A set of key-value pairs that contain tag keys and tag values that are attached to a stack or layer.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    If a paginated request does not return all of the remaining results, this parameter is set to a token that you can assign to the request object's NextToken parameter to get the next set of results. If the previous paginated request returned all of the remaining results, this parameter is set to null.

    " - } - }, - "documentation":"

    Contains the response to a ListTags request.

    " - }, - "LoadBasedAutoScalingConfiguration":{ - "type":"structure", - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - }, - "Enable":{ - "shape":"Boolean", - "documentation":"

    Whether load-based auto scaling is enabled for the layer.

    " - }, - "UpScaling":{ - "shape":"AutoScalingThresholds", - "documentation":"

    An AutoScalingThresholds object that describes the upscaling configuration, which defines how and when OpsWorks Stacks increases the number of instances.

    " - }, - "DownScaling":{ - "shape":"AutoScalingThresholds", - "documentation":"

    An AutoScalingThresholds object that describes the downscaling configuration, which defines how and when OpsWorks Stacks reduces the number of instances.

    " - } - }, - "documentation":"

    Describes a layer's load-based auto scaling configuration.

    " - }, - "LoadBasedAutoScalingConfigurations":{ - "type":"list", - "member":{"shape":"LoadBasedAutoScalingConfiguration"} - }, - "MaxResults":{"type":"integer"}, - "Minute":{ - "type":"integer", - "box":true, - "max":100, - "min":1 - }, - "NextToken":{"type":"string"}, - "OperatingSystem":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"String", - "documentation":"

    The name of the operating system, such as Amazon Linux 2.

    " - }, - "Id":{ - "shape":"String", - "documentation":"

    The ID of a supported operating system, such as Amazon Linux 2.

    " - }, - "Type":{ - "shape":"String", - "documentation":"

    The type of a supported operating system, either Linux or Windows.

    " - }, - "ConfigurationManagers":{ - "shape":"OperatingSystemConfigurationManagers", - "documentation":"

    Supported configuration manager name and versions for an OpsWorks Stacks operating system.

    " - }, - "ReportedName":{ - "shape":"String", - "documentation":"

    A short name for the operating system manufacturer.

    " - }, - "ReportedVersion":{ - "shape":"String", - "documentation":"

    The version of the operating system, including the release and edition, if applicable.

    " - }, - "Supported":{ - "shape":"Boolean", - "documentation":"

    Indicates that an operating system is not supported for new instances.

    " - } - }, - "documentation":"

    Describes supported operating systems in OpsWorks Stacks.

    " - }, - "OperatingSystemConfigurationManager":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"String", - "documentation":"

    The name of the configuration manager, which is Chef.

    " - }, - "Version":{ - "shape":"String", - "documentation":"

    The versions of the configuration manager that are supported by an operating system.

    " - } - }, - "documentation":"

    A block that contains information about the configuration manager (Chef) and the versions of the configuration manager that are supported for an operating system.

    " - }, - "OperatingSystemConfigurationManagers":{ - "type":"list", - "member":{"shape":"OperatingSystemConfigurationManager"} - }, - "OperatingSystems":{ - "type":"list", - "member":{"shape":"OperatingSystem"} - }, - "Parameters":{ - "type":"map", - "key":{"shape":"String"}, - "value":{"shape":"String"} - }, - "Permission":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    A stack ID.

    " - }, - "IamUserArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) for an Identity and Access Management (IAM) role. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "AllowSsh":{ - "shape":"Boolean", - "documentation":"

    Whether the user can use SSH.

    " - }, - "AllowSudo":{ - "shape":"Boolean", - "documentation":"

    Whether the user can use sudo.

    " - }, - "Level":{ - "shape":"String", - "documentation":"

    The user's permission level, which must be the following:

    • deny

    • show

    • deploy

    • manage

    • iam_only

    For more information on the permissions associated with these levels, see Managing User Permissions

    " - } - }, - "documentation":"

    Describes stack or user permissions.

    " - }, - "Permissions":{ - "type":"list", - "member":{"shape":"Permission"} - }, - "RaidArray":{ - "type":"structure", - "members":{ - "RaidArrayId":{ - "shape":"String", - "documentation":"

    The array ID.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The array name.

    " - }, - "RaidLevel":{ - "shape":"Integer", - "documentation":"

    The RAID level.

    " - }, - "NumberOfDisks":{ - "shape":"Integer", - "documentation":"

    The number of disks in the array.

    " - }, - "Size":{ - "shape":"Integer", - "documentation":"

    The array's size.

    " - }, - "Device":{ - "shape":"String", - "documentation":"

    The array's Linux device. For example /dev/mdadm0.

    " - }, - "MountPoint":{ - "shape":"String", - "documentation":"

    The array's mount point.

    " - }, - "AvailabilityZone":{ - "shape":"String", - "documentation":"

    The array's Availability Zone. For more information, see Regions and Endpoints.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    When the RAID array was created.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "VolumeType":{ - "shape":"String", - "documentation":"

    The volume type, standard or PIOPS.

    " - }, - "Iops":{ - "shape":"Integer", - "documentation":"

    For PIOPS volumes, the IOPS per disk.

    " - } - }, - "documentation":"

    Describes an instance's RAID array.

    " - }, - "RaidArrays":{ - "type":"list", - "member":{"shape":"RaidArray"} - }, - "RdsDbInstance":{ - "type":"structure", - "members":{ - "RdsDbInstanceArn":{ - "shape":"String", - "documentation":"

    The instance's ARN.

    " - }, - "DbInstanceIdentifier":{ - "shape":"String", - "documentation":"

    The database instance identifier.

    " - }, - "DbUser":{ - "shape":"String", - "documentation":"

    The master user name.

    " - }, - "DbPassword":{ - "shape":"String", - "documentation":"

    OpsWorks Stacks returns *****FILTERED***** instead of the actual value.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The instance's Amazon Web Services Region.

    " - }, - "Address":{ - "shape":"String", - "documentation":"

    The instance's address.

    " - }, - "Engine":{ - "shape":"String", - "documentation":"

    The instance's database engine.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The ID of the stack with which the instance is registered.

    " - }, - "MissingOnRds":{ - "shape":"Boolean", - "documentation":"

    Set to true if OpsWorks Stacks is unable to discover the Amazon RDS instance. OpsWorks Stacks attempts to discover the instance only once. If this value is set to true, you must deregister the instance, and then register it again.

    " - } - }, - "documentation":"

    Describes an Amazon RDS instance.

    " - }, - "RdsDbInstances":{ - "type":"list", - "member":{"shape":"RdsDbInstance"} - }, - "RebootInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "Recipes":{ - "type":"structure", - "members":{ - "Setup":{ - "shape":"Strings", - "documentation":"

    An array of custom recipe names to be run following a setup event.

    " - }, - "Configure":{ - "shape":"Strings", - "documentation":"

    An array of custom recipe names to be run following a configure event.

    " - }, - "Deploy":{ - "shape":"Strings", - "documentation":"

    An array of custom recipe names to be run following a deploy event.

    " - }, - "Undeploy":{ - "shape":"Strings", - "documentation":"

    An array of custom recipe names to be run following a undeploy event.

    " - }, - "Shutdown":{ - "shape":"Strings", - "documentation":"

    An array of custom recipe names to be run following a shutdown event.

    " - } - }, - "documentation":"

    OpsWorks Stacks supports five lifecycle events: setup, configuration, deploy, undeploy, and shutdown. For each layer, OpsWorks Stacks runs a set of standard recipes for each event. In addition, you can provide custom recipes for any or all layers and events. OpsWorks Stacks runs custom event recipes after the standard recipes. LayerCustomRecipes specifies the custom recipes for a particular layer to be run in response to each of the five events.

    To specify a recipe, use the cookbook's directory name in the repository followed by two colons and the recipe name, which is the recipe's file name without the .rb extension. For example: phpapp2::dbsetup specifies the dbsetup.rb recipe in the repository's phpapp2 folder.

    " - }, - "RegisterEcsClusterRequest":{ - "type":"structure", - "required":[ - "EcsClusterArn", - "StackId" - ], - "members":{ - "EcsClusterArn":{ - "shape":"String", - "documentation":"

    The cluster's ARN.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "RegisterEcsClusterResult":{ - "type":"structure", - "members":{ - "EcsClusterArn":{ - "shape":"String", - "documentation":"

    The cluster's ARN.

    " - } - }, - "documentation":"

    Contains the response to a RegisterEcsCluster request.

    " - }, - "RegisterElasticIpRequest":{ - "type":"structure", - "required":[ - "ElasticIp", - "StackId" - ], - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The Elastic IP address.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "RegisterElasticIpResult":{ - "type":"structure", - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The Elastic IP address.

    " - } - }, - "documentation":"

    Contains the response to a RegisterElasticIp request.

    " - }, - "RegisterInstanceRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The ID of the stack that the instance is to be registered with.

    " - }, - "Hostname":{ - "shape":"String", - "documentation":"

    The instance's host name. The following are character limits for instance host names.

    • Linux-based instances: 63 characters

    • Windows-based instances: 15 characters

    " - }, - "PublicIp":{ - "shape":"String", - "documentation":"

    The instance's public IP address.

    " - }, - "PrivateIp":{ - "shape":"String", - "documentation":"

    The instance's private IP address.

    " - }, - "RsaPublicKey":{ - "shape":"String", - "documentation":"

    The instances public RSA key. This key is used to encrypt communication between the instance and the service.

    " - }, - "RsaPublicKeyFingerprint":{ - "shape":"String", - "documentation":"

    The instances public RSA key fingerprint.

    " - }, - "InstanceIdentity":{ - "shape":"InstanceIdentity", - "documentation":"

    An InstanceIdentity object that contains the instance's identity.

    " - } - } - }, - "RegisterInstanceResult":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The registered instance's OpsWorks Stacks ID.

    " - } - }, - "documentation":"

    Contains the response to a RegisterInstanceResult request.

    " - }, - "RegisterRdsDbInstanceRequest":{ - "type":"structure", - "required":[ - "StackId", - "RdsDbInstanceArn", - "DbUser", - "DbPassword" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "RdsDbInstanceArn":{ - "shape":"String", - "documentation":"

    The Amazon RDS instance's ARN.

    " - }, - "DbUser":{ - "shape":"String", - "documentation":"

    The database's master user name.

    " - }, - "DbPassword":{ - "shape":"String", - "documentation":"

    The database password.

    " - } - } - }, - "RegisterVolumeRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "Ec2VolumeId":{ - "shape":"String", - "documentation":"

    The Amazon EBS volume ID.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "RegisterVolumeResult":{ - "type":"structure", - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The volume ID.

    " - } - }, - "documentation":"

    Contains the response to a RegisterVolume request.

    " - }, - "ReportedOs":{ - "type":"structure", - "members":{ - "Family":{ - "shape":"String", - "documentation":"

    The operating system family.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The operating system name.

    " - }, - "Version":{ - "shape":"String", - "documentation":"

    The operating system version.

    " - } - }, - "documentation":"

    A registered instance's reported operating system.

    " - }, - "ResourceArn":{"type":"string"}, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "message":{ - "shape":"String", - "documentation":"

    The exception message.

    " - } - }, - "documentation":"

    Indicates that a resource was not found.

    ", - "exception":true - }, - "RootDeviceType":{ - "type":"string", - "enum":[ - "ebs", - "instance-store" - ] - }, - "SelfUserProfile":{ - "type":"structure", - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The user's name.

    " - }, - "SshUsername":{ - "shape":"String", - "documentation":"

    The user's SSH user name.

    " - }, - "SshPublicKey":{ - "shape":"String", - "documentation":"

    The user's SSH public key.

    " - } - }, - "documentation":"

    Describes a user's SSH information.

    " - }, - "ServiceError":{ - "type":"structure", - "members":{ - "ServiceErrorId":{ - "shape":"String", - "documentation":"

    The error ID.

    " - }, - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "Type":{ - "shape":"String", - "documentation":"

    The error type.

    " - }, - "Message":{ - "shape":"String", - "documentation":"

    A message that describes the error.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    When the error occurred.

    " - } - }, - "documentation":"

    Describes an OpsWorks Stacks service error.

    " - }, - "ServiceErrors":{ - "type":"list", - "member":{"shape":"ServiceError"} - }, - "SetLoadBasedAutoScalingRequest":{ - "type":"structure", - "required":["LayerId"], - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - }, - "Enable":{ - "shape":"Boolean", - "documentation":"

    Enables load-based auto scaling for the layer.

    " - }, - "UpScaling":{ - "shape":"AutoScalingThresholds", - "documentation":"

    An AutoScalingThresholds object with the upscaling threshold configuration. If the load exceeds these thresholds for a specified amount of time, OpsWorks Stacks starts a specified number of instances.

    " - }, - "DownScaling":{ - "shape":"AutoScalingThresholds", - "documentation":"

    An AutoScalingThresholds object with the downscaling threshold configuration. If the load falls below these thresholds for a specified amount of time, OpsWorks Stacks stops a specified number of instances.

    " - } - } - }, - "SetPermissionRequest":{ - "type":"structure", - "required":[ - "StackId", - "IamUserArn" - ], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN. This can also be a federated user's ARN.

    " - }, - "AllowSsh":{ - "shape":"Boolean", - "documentation":"

    The user is allowed to use SSH to communicate with the instance.

    " - }, - "AllowSudo":{ - "shape":"Boolean", - "documentation":"

    The user is allowed to use sudo to elevate privileges.

    " - }, - "Level":{ - "shape":"String", - "documentation":"

    The user's permission level, which must be set to one of the following strings. You cannot set your own permissions level.

    • deny

    • show

    • deploy

    • manage

    • iam_only

    For more information about the permissions associated with these levels, see Managing User Permissions.

    " - } - } - }, - "SetTimeBasedAutoScalingRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "AutoScalingSchedule":{ - "shape":"WeeklyAutoScalingSchedule", - "documentation":"

    An AutoScalingSchedule with the instance schedule.

    " - } - } - }, - "ShutdownEventConfiguration":{ - "type":"structure", - "members":{ - "ExecutionTimeout":{ - "shape":"Integer", - "documentation":"

    The time, in seconds, that OpsWorks Stacks waits after triggering a Shutdown event before shutting down an instance.

    " - }, - "DelayUntilElbConnectionsDrained":{ - "shape":"Boolean", - "documentation":"

    Whether to enable Elastic Load Balancing connection draining. For more information, see Connection Draining

    " - } - }, - "documentation":"

    The Shutdown event configuration.

    " - }, - "Source":{ - "type":"structure", - "members":{ - "Type":{ - "shape":"SourceType", - "documentation":"

    The repository type.

    " - }, - "Url":{ - "shape":"String", - "documentation":"

    The source URL. The following is an example of an Amazon S3 source URL: https://s3.amazonaws.com/opsworks-demo-bucket/opsworks_cookbook_demo.tar.gz.

    " - }, - "Username":{ - "shape":"String", - "documentation":"

    This parameter depends on the repository type.

    • For Amazon S3 bundles, set Username to the appropriate IAM access key ID.

    • For HTTP bundles, Git repositories, and Subversion repositories, set Username to the user name.

    " - }, - "Password":{ - "shape":"String", - "documentation":"

    When included in a request, the parameter depends on the repository type.

    • For Amazon S3 bundles, set Password to the appropriate IAM secret access key.

    • For HTTP bundles and Subversion repositories, set Password to the password.

    For more information on how to safely handle IAM credentials, see https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html.

    In responses, OpsWorks Stacks returns *****FILTERED***** instead of the actual value.

    " - }, - "SshKey":{ - "shape":"String", - "documentation":"

    In requests, the repository's SSH key.

    In responses, OpsWorks Stacks returns *****FILTERED***** instead of the actual value.

    " - }, - "Revision":{ - "shape":"String", - "documentation":"

    The application's version. OpsWorks Stacks enables you to easily deploy new versions of an application. One of the simplest approaches is to have branches or revisions in your repository that represent different versions that can potentially be deployed.

    " - } - }, - "documentation":"

    Contains the information required to retrieve an app or cookbook from a repository. For more information, see Creating Apps or Custom Recipes and Cookbooks.

    " - }, - "SourceType":{ - "type":"string", - "enum":[ - "git", - "svn", - "archive", - "s3" - ] - }, - "SslConfiguration":{ - "type":"structure", - "required":[ - "Certificate", - "PrivateKey" - ], - "members":{ - "Certificate":{ - "shape":"String", - "documentation":"

    The contents of the certificate's domain.crt file.

    " - }, - "PrivateKey":{ - "shape":"String", - "documentation":"

    The private key; the contents of the certificate's domain.kex file.

    " - }, - "Chain":{ - "shape":"String", - "documentation":"

    Optional. Can be used to specify an intermediate certificate authority key or client authentication.

    " - } - }, - "documentation":"

    Describes an app's SSL configuration.

    " - }, - "Stack":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The stack name. Stack names can be a maximum of 64 characters.

    " - }, - "Arn":{ - "shape":"String", - "documentation":"

    The stack's ARN.

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The stack Amazon Web Services Region, such as ap-northeast-2. For more information about Amazon Web Services Regions, see Regions and Endpoints.

    " - }, - "VpcId":{ - "shape":"String", - "documentation":"

    The VPC ID; applicable only if the stack is running in a VPC.

    " - }, - "Attributes":{ - "shape":"StackAttributes", - "documentation":"

    The stack's attributes.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    The stack Identity and Access Management (IAM) role.

    " - }, - "DefaultInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "DefaultOs":{ - "shape":"String", - "documentation":"

    The stack's default operating system.

    " - }, - "HostnameTheme":{ - "shape":"String", - "documentation":"

    The stack host name theme, with spaces replaced by underscores.

    " - }, - "DefaultAvailabilityZone":{ - "shape":"String", - "documentation":"

    The stack's default Availability Zone. For more information, see Regions and Endpoints.

    " - }, - "DefaultSubnetId":{ - "shape":"String", - "documentation":"

    The default subnet ID; applicable only if the stack is running in a VPC.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A JSON object that contains user-defined attributes to be added to the stack configuration and deployment attributes. You can use custom JSON to override the corresponding default stack configuration attribute values or to pass data to recipes. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information on custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager.

    " - }, - "ChefConfiguration":{ - "shape":"ChefConfiguration", - "documentation":"

    A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version. For more information, see Create a New Stack.

    " - }, - "UseCustomCookbooks":{ - "shape":"Boolean", - "documentation":"

    Whether the stack uses custom cookbooks.

    " - }, - "UseOpsworksSecurityGroups":{ - "shape":"Boolean", - "documentation":"

    Whether the stack automatically associates the OpsWorks Stacks built-in security groups with the stack's layers.

    " - }, - "CustomCookbooksSource":{ - "shape":"Source", - "documentation":"

    Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.

    " - }, - "DefaultSshKeyName":{ - "shape":"String", - "documentation":"

    A default Amazon EC2 key pair for the stack's instances. You can override this value when you create or update an instance.

    " - }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    The date when the stack was created.

    " - }, - "DefaultRootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The default root device type. This value is used by default for all instances in the stack, but you can override it when you create an instance. For more information, see Storage for the Root Device.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The agent version. This parameter is set to LATEST for auto-update. or a version number for a fixed agent version.

    " - } - }, - "documentation":"

    Describes a stack.

    " - }, - "StackAttributes":{ - "type":"map", - "key":{"shape":"StackAttributesKeys"}, - "value":{"shape":"String"} - }, - "StackAttributesKeys":{ - "type":"string", - "enum":["Color"] - }, - "StackConfigurationManager":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"String", - "documentation":"

    The name. This parameter must be set to Chef.

    " - }, - "Version":{ - "shape":"String", - "documentation":"

    The Chef version. This parameter must be set to 12, 11.10, or 11.4 for Linux stacks, and to 12.2 for Windows stacks. The default value for Linux stacks is 12.

    " - } - }, - "documentation":"

    Describes the configuration manager.

    " - }, - "StackSummary":{ - "type":"structure", - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The stack name.

    " - }, - "Arn":{ - "shape":"String", - "documentation":"

    The stack's ARN.

    " - }, - "LayersCount":{ - "shape":"Integer", - "documentation":"

    The number of layers.

    " - }, - "AppsCount":{ - "shape":"Integer", - "documentation":"

    The number of apps.

    " - }, - "InstancesCount":{ - "shape":"InstancesCount", - "documentation":"

    An InstancesCount object with the number of instances in each status.

    " - } - }, - "documentation":"

    Summarizes the number of layers, instances, and apps in a stack.

    " - }, - "Stacks":{ - "type":"list", - "member":{"shape":"Stack"} - }, - "StartInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "StartStackRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "StopInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "Force":{ - "shape":"Boolean", - "documentation":"

    Specifies whether to force an instance to stop. If the instance's root device type is ebs, or EBS-backed, adding the Force parameter to the StopInstances API call disassociates the OpsWorks Stacks instance from EC2, and forces deletion of only the OpsWorks Stacks instance. You must also delete the formerly-associated instance in EC2 after troubleshooting and replacing the OpsWorks Stacks instance with a new one.

    " - } - } - }, - "StopStackRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - } - } - }, - "String":{"type":"string"}, - "Strings":{ - "type":"list", - "member":{"shape":"String"} - }, - "Switch":{"type":"string"}, - "TagKey":{"type":"string"}, - "TagKeys":{ - "type":"list", - "member":{"shape":"TagKey"} - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "Tags" - ], - "members":{ - "ResourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The stack or layer's Amazon Resource Number (ARN).

    " - }, - "Tags":{ - "shape":"Tags", - "documentation":"

    A map that contains tag keys and tag values that are attached to a stack or layer.

    • The key cannot be empty.

    • The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • Leading and trailing white spaces are trimmed from both the key and value.

    • A maximum of 40 tags is allowed for any resource.

    " - } - } - }, - "TagValue":{"type":"string"}, - "Tags":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"} - }, - "TemporaryCredential":{ - "type":"structure", - "members":{ - "Username":{ - "shape":"String", - "documentation":"

    The user name.

    " - }, - "Password":{ - "shape":"String", - "documentation":"

    The password.

    " - }, - "ValidForInMinutes":{ - "shape":"Integer", - "documentation":"

    The length of time (in minutes) that the grant is valid. When the grant expires, at the end of this period, the user will no longer be able to use the credentials to log in. If they are logged in at the time, they are automatically logged out.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance's OpsWorks Stacks ID.

    " - } - }, - "documentation":"

    Contains the data needed by RDP clients such as the Microsoft Remote Desktop Connection to log in to the instance.

    " - }, - "TimeBasedAutoScalingConfiguration":{ - "type":"structure", - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "AutoScalingSchedule":{ - "shape":"WeeklyAutoScalingSchedule", - "documentation":"

    A WeeklyAutoScalingSchedule object with the instance schedule.

    " - } - }, - "documentation":"

    Describes an instance's time-based auto scaling configuration.

    " - }, - "TimeBasedAutoScalingConfigurations":{ - "type":"list", - "member":{"shape":"TimeBasedAutoScalingConfiguration"} - }, - "UnassignInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - } - } - }, - "UnassignVolumeRequest":{ - "type":"structure", - "required":["VolumeId"], - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The volume ID.

    " - } - } - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "TagKeys" - ], - "members":{ - "ResourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The stack or layer's Amazon Resource Number (ARN).

    " - }, - "TagKeys":{ - "shape":"TagKeys", - "documentation":"

    A list of the keys of tags to be removed from a stack or layer.

    " - } - } - }, - "UpdateAppRequest":{ - "type":"structure", - "required":["AppId"], - "members":{ - "AppId":{ - "shape":"String", - "documentation":"

    The app ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The app name.

    " - }, - "Description":{ - "shape":"String", - "documentation":"

    A description of the app.

    " - }, - "DataSources":{ - "shape":"DataSources", - "documentation":"

    The app's data sources.

    " - }, - "Type":{ - "shape":"AppType", - "documentation":"

    The app type.

    " - }, - "AppSource":{ - "shape":"Source", - "documentation":"

    A Source object that specifies the app repository.

    " - }, - "Domains":{ - "shape":"Strings", - "documentation":"

    The app's virtual host settings, with multiple domains separated by commas. For example: 'www.example.com, example.com'

    " - }, - "EnableSsl":{ - "shape":"Boolean", - "documentation":"

    Whether SSL is enabled for the app.

    " - }, - "SslConfiguration":{ - "shape":"SslConfiguration", - "documentation":"

    An SslConfiguration object with the SSL configuration.

    " - }, - "Attributes":{ - "shape":"AppAttributes", - "documentation":"

    One or more user-defined key/value pairs to be added to the stack attributes.

    " - }, - "Environment":{ - "shape":"EnvironmentVariables", - "documentation":"

    An array of EnvironmentVariable objects that specify environment variables to be associated with the app. After you deploy the app, these variables are defined on the associated app server instances.For more information, see Environment Variables.

    There is no specific limit on the number of environment variables. However, the size of the associated data structure - which includes the variables' names, values, and protected flag values - cannot exceed 20 KB. This limit should accommodate most if not all use cases. Exceeding it will cause an exception with the message, \"Environment: is too large (maximum is 20 KB).\"

    If you have specified one or more environment variables, you cannot modify the stack's Chef version.

    " - } - } - }, - "UpdateElasticIpRequest":{ - "type":"structure", - "required":["ElasticIp"], - "members":{ - "ElasticIp":{ - "shape":"String", - "documentation":"

    The IP address for which you want to update the name.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The new name, which can be a maximum of 32 characters.

    " - } - } - }, - "UpdateInstanceRequest":{ - "type":"structure", - "required":["InstanceId"], - "members":{ - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "LayerIds":{ - "shape":"Strings", - "documentation":"

    The instance's layer IDs.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The instance type, such as t2.micro. For a list of supported instance types, open the stack in the console, choose Instances, and choose + Instance. The Size list contains the currently supported types. For more information, see Instance Families and Types. The parameter values that you use to specify the various types are in the API Name column of the Available Instance Types table.

    " - }, - "AutoScalingType":{ - "shape":"AutoScalingType", - "documentation":"

    For load-based or time-based instances, the type. Windows stacks can use only time-based instances.

    " - }, - "Hostname":{ - "shape":"String", - "documentation":"

    The instance host name. The following are character limits for instance host names.

    • Linux-based instances: 63 characters

    • Windows-based instances: 15 characters

    " - }, - "Os":{ - "shape":"String", - "documentation":"

    The instance's operating system, which must be set to one of the following. You cannot update an instance that is using a custom AMI.

    • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

    • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

    • CentOS Linux 7

    • Red Hat Enterprise Linux 7

    • A supported Windows operating system, such as Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

    Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see OpsWorks Stacks Operating Systems.

    The default option is the current Amazon Linux version. If you set this parameter to Custom, you must use the AmiId parameter to specify the custom AMI that you want to use. For more information about how to use custom AMIs with OpsWorks, see Using Custom AMIs.

    You can specify a different Linux operating system for the updated stack, but you cannot change from Linux to Windows or Windows to Linux.

    " - }, - "AmiId":{ - "shape":"String", - "documentation":"

    The ID of the AMI that was used to create the instance. The value of this parameter must be the same AMI ID that the instance is already using. You cannot apply a new AMI to an instance by running UpdateInstance. UpdateInstance does not work on instances that are using custom AMIs.

    " - }, - "SshKeyName":{ - "shape":"String", - "documentation":"

    The instance's Amazon EC2 key name.

    " - }, - "Architecture":{ - "shape":"Architecture", - "documentation":"

    The instance architecture. Instance types do not necessarily support both architectures. For a list of the architectures that are supported by the different instance types, see Instance Families and Types.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. To control when updates are installed, set this value to false. You must then update your instances manually by using CreateDeployment to run the update_dependencies stack command or by manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    We strongly recommend using the default value of true, to ensure that your instances have the latest security updates.

    " - }, - "EbsOptimized":{ - "shape":"Boolean", - "documentation":"

    This property cannot be updated.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The default OpsWorks Stacks agent version. You have the following options:

    • INHERIT - Use the stack's default agent version setting.

    • version_number - Use the specified agent version. This value overrides the stack's default setting. To update the agent version, you must edit the instance configuration and specify a new version. OpsWorks Stacks installs that version on the instance.

    The default setting is INHERIT. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions.

    AgentVersion cannot be set to Chef 12.2.

    " - } - } - }, - "UpdateLayerRequest":{ - "type":"structure", - "required":["LayerId"], - "members":{ - "LayerId":{ - "shape":"String", - "documentation":"

    The layer ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The layer name, which is used by the console. Layer names can be a maximum of 32 characters.

    " - }, - "Shortname":{ - "shape":"String", - "documentation":"

    For custom layers only, use this parameter to specify the layer's short name, which is used internally by OpsWorks Stacks and by Chef. The short name is also used as the name for the directory where your app files are installed. It can have a maximum of 32 characters and must be in the following format: /\\A[a-z0-9\\-\\_\\.]+\\Z/.

    Built-in layer short names are defined by OpsWorks Stacks. For more information, see the Layer reference in the OpsWorks User Guide.

    " - }, - "Attributes":{ - "shape":"LayerAttributes", - "documentation":"

    One or more user-defined key/value pairs to be added to the stack attributes.

    " - }, - "CloudWatchLogsConfiguration":{ - "shape":"CloudWatchLogsConfiguration", - "documentation":"

    Specifies CloudWatch Logs configuration options for the layer. For more information, see CloudWatchLogsLogStream.

    " - }, - "CustomInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of an IAM profile to be used for all of the layer's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A JSON-formatted string containing custom stack configuration and deployment attributes to be installed on the layer's instances. For more information, see Using Custom JSON.

    " - }, - "CustomSecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    An array containing the layer's custom security group IDs.

    " - }, - "Packages":{ - "shape":"Strings", - "documentation":"

    An array of Package objects that describe the layer's packages.

    " - }, - "VolumeConfigurations":{ - "shape":"VolumeConfigurations", - "documentation":"

    A VolumeConfigurations object that describes the layer's Amazon EBS volumes.

    " - }, - "EnableAutoHealing":{ - "shape":"Boolean", - "documentation":"

    Whether to disable auto healing for the layer.

    " - }, - "AutoAssignElasticIps":{ - "shape":"Boolean", - "documentation":"

    Whether to automatically assign an Elastic IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "AutoAssignPublicIps":{ - "shape":"Boolean", - "documentation":"

    For stacks that are running in a VPC, whether to automatically assign a public IP address to the layer's instances. For more information, see How to Edit a Layer.

    " - }, - "CustomRecipes":{ - "shape":"Recipes", - "documentation":"

    A LayerCustomRecipes object that specifies the layer's custom recipes.

    " - }, - "InstallUpdatesOnBoot":{ - "shape":"Boolean", - "documentation":"

    Whether to install operating system and package updates when the instance boots. The default value is true. To control when updates are installed, set this value to false. You must then update your instances manually by using CreateDeployment to run the update_dependencies stack command or manually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.

    We strongly recommend using the default value of true, to ensure that your instances have the latest security updates.

    " - }, - "UseEbsOptimizedInstances":{ - "shape":"Boolean", - "documentation":"

    Whether to use Amazon EBS-optimized instances.

    " - }, - "LifecycleEventConfiguration":{ - "shape":"LifecycleEventConfiguration", - "documentation":"

    " - } - } - }, - "UpdateMyUserProfileRequest":{ - "type":"structure", - "members":{ - "SshPublicKey":{ - "shape":"String", - "documentation":"

    The user's SSH public key.

    " - } - } - }, - "UpdateRdsDbInstanceRequest":{ - "type":"structure", - "required":["RdsDbInstanceArn"], - "members":{ - "RdsDbInstanceArn":{ - "shape":"String", - "documentation":"

    The Amazon RDS instance's ARN.

    " - }, - "DbUser":{ - "shape":"String", - "documentation":"

    The master user name.

    " - }, - "DbPassword":{ - "shape":"String", - "documentation":"

    The database password.

    " - } - } - }, - "UpdateStackRequest":{ - "type":"structure", - "required":["StackId"], - "members":{ - "StackId":{ - "shape":"String", - "documentation":"

    The stack ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The stack's new name. Stack names can be a maximum of 64 characters.

    " - }, - "Attributes":{ - "shape":"StackAttributes", - "documentation":"

    One or more user-defined key-value pairs to be added to the stack attributes.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    Do not use this parameter. You cannot update a stack's service role.

    " - }, - "DefaultInstanceProfileArn":{ - "shape":"String", - "documentation":"

    The ARN of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

    " - }, - "DefaultOs":{ - "shape":"String", - "documentation":"

    The stack's operating system, which must be set to one of the following:

    • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

    • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

    • CentOS Linux 7

    • Red Hat Enterprise Linux 7

    • A supported Windows operating system, such as Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

    • A custom AMI: Custom. You specify the custom AMI you want to use when you create instances. For more information about how to use custom AMIs with OpsWorks, see Using Custom AMIs.

    The default option is the stack's current operating system. Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see OpsWorks Stacks Operating Systems.

    " - }, - "HostnameTheme":{ - "shape":"String", - "documentation":"

    The stack's new host name theme, with spaces replaced by underscores. The theme is used to generate host names for the stack's instances. By default, HostnameTheme is set to Layer_Dependent, which creates host names by appending integers to the layer's short name. The other themes are:

    • Baked_Goods

    • Clouds

    • Europe_Cities

    • Fruits

    • Greek_Deities_and_Titans

    • Legendary_creatures_from_Japan

    • Planets_and_Moons

    • Roman_Deities

    • Scottish_Islands

    • US_Cities

    • Wild_Cats

    To obtain a generated host name, call GetHostNameSuggestion, which returns a host name based on the current theme.

    " - }, - "DefaultAvailabilityZone":{ - "shape":"String", - "documentation":"

    The stack's default Availability Zone, which must be in the stack's region. For more information, see Regions and Endpoints. If you also specify a value for DefaultSubnetId, the subnet must be in the same zone. For more information, see CreateStack.

    " - }, - "DefaultSubnetId":{ - "shape":"String", - "documentation":"

    The stack's default VPC subnet ID. This parameter is required if you specify a value for the VpcId parameter. All instances are launched into this subnet unless you specify otherwise when you create the instance. If you also specify a value for DefaultAvailabilityZone, the subnet must be in that zone. For information on default values and when this parameter is required, see the VpcId parameter description.

    " - }, - "CustomJson":{ - "shape":"String", - "documentation":"

    A string that contains user-defined, custom JSON. It can be used to override the corresponding default stack configuration JSON values or to pass data to recipes. The string should be in the following format:

    \"{\\\"key1\\\": \\\"value1\\\", \\\"key2\\\": \\\"value2\\\",...}\"

    For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.

    " - }, - "ConfigurationManager":{ - "shape":"StackConfigurationManager", - "documentation":"

    The configuration manager. When you update a stack, we recommend that you use the configuration manager to specify the Chef version: 12, 11.10, or 11.4 for Linux stacks, or 12.2 for Windows stacks. The default value for Linux stacks is currently 12.

    " - }, - "ChefConfiguration":{ - "shape":"ChefConfiguration", - "documentation":"

    A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information, see Create a New Stack.

    " - }, - "UseCustomCookbooks":{ - "shape":"Boolean", - "documentation":"

    Whether the stack uses custom cookbooks.

    " - }, - "CustomCookbooksSource":{ - "shape":"Source", - "documentation":"

    Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.

    " - }, - "DefaultSshKeyName":{ - "shape":"String", - "documentation":"

    A default Amazon EC2 key-pair name. The default value is none. If you specify a key-pair name, OpsWorks Stacks installs the public key on the instance and you can use the private key with an SSH client to log in to the instance. For more information, see Using SSH to Communicate with an Instance and Managing SSH Access. You can override this setting by specifying a different key pair, or no key pair, when you create an instance.

    " - }, - "DefaultRootDeviceType":{ - "shape":"RootDeviceType", - "documentation":"

    The default root device type. This value is used by default for all instances in the stack, but you can override it when you create an instance. For more information, see Storage for the Root Device.

    " - }, - "UseOpsworksSecurityGroups":{ - "shape":"Boolean", - "documentation":"

    Whether to associate the OpsWorks Stacks built-in security groups with the stack's layers.

    OpsWorks Stacks provides a standard set of built-in security groups, one for each layer, which are associated with layers by default. UseOpsworksSecurityGroups allows you to provide your own custom security groups instead of using the built-in groups. UseOpsworksSecurityGroups has the following settings:

    • True - OpsWorks Stacks automatically associates the appropriate built-in security group with each layer (default setting). You can associate additional security groups with a layer after you create it, but you cannot delete the built-in security group.

    • False - OpsWorks Stacks does not associate built-in security groups with layers. You must create appropriate EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on. Custom security groups are required only for those layers that need custom settings.

    For more information, see Create a New Stack.

    " - }, - "AgentVersion":{ - "shape":"String", - "documentation":"

    The default OpsWorks Stacks agent version. You have the following options:

    • Auto-update - Set this parameter to LATEST. OpsWorks Stacks automatically installs new agent versions on the stack's instances as soon as they are available.

    • Fixed version - Set this parameter to your preferred agent version. To update the agent version, you must edit the stack configuration and specify a new version. OpsWorks Stacks installs that version on the stack's instances.

    The default setting is LATEST. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.

    You can also specify an agent version when you create or update an instance, which overrides the stack's default setting.

    " - } - } - }, - "UpdateUserProfileRequest":{ - "type":"structure", - "required":["IamUserArn"], - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user IAM ARN. This can also be a federated user's ARN.

    " - }, - "SshUsername":{ - "shape":"String", - "documentation":"

    The user's SSH user name. The allowable characters are [a-z], [A-Z], [0-9], '-', and '_'. If the specified name includes other punctuation marks, OpsWorks Stacks removes them. For example, my.name will be changed to myname. If you do not specify an SSH user name, OpsWorks Stacks generates one from the IAM user name.

    " - }, - "SshPublicKey":{ - "shape":"String", - "documentation":"

    The user's new SSH public key.

    " - }, - "AllowSelfManagement":{ - "shape":"Boolean", - "documentation":"

    Whether users can specify their own SSH public key through the My Settings page. For more information, see Managing User Permissions.

    " - } - } - }, - "UpdateVolumeRequest":{ - "type":"structure", - "required":["VolumeId"], - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The volume ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The new name. Volume names can be a maximum of 128 characters.

    " - }, - "MountPoint":{ - "shape":"String", - "documentation":"

    The new mount point.

    " - } - } - }, - "UserProfile":{ - "type":"structure", - "members":{ - "IamUserArn":{ - "shape":"String", - "documentation":"

    The user's IAM ARN.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The user's name.

    " - }, - "SshUsername":{ - "shape":"String", - "documentation":"

    The user's SSH user name.

    " - }, - "SshPublicKey":{ - "shape":"String", - "documentation":"

    The user's SSH public key.

    " - }, - "AllowSelfManagement":{ - "shape":"Boolean", - "documentation":"

    Whether users can specify their own SSH public key through the My Settings page. For more information, see Managing User Permissions.

    " - } - }, - "documentation":"

    Describes a user's SSH information.

    " - }, - "UserProfiles":{ - "type":"list", - "member":{"shape":"UserProfile"} - }, - "ValidForInMinutes":{ - "type":"integer", - "box":true, - "max":1440, - "min":60 - }, - "ValidationException":{ - "type":"structure", - "members":{ - "message":{ - "shape":"String", - "documentation":"

    The exception message.

    " - } - }, - "documentation":"

    Indicates that a request was not valid.

    ", - "exception":true - }, - "VirtualizationType":{ - "type":"string", - "enum":[ - "paravirtual", - "hvm" - ] - }, - "Volume":{ - "type":"structure", - "members":{ - "VolumeId":{ - "shape":"String", - "documentation":"

    The volume ID.

    " - }, - "Ec2VolumeId":{ - "shape":"String", - "documentation":"

    The Amazon EC2 volume ID.

    " - }, - "Name":{ - "shape":"String", - "documentation":"

    The volume name. Volume names are a maximum of 128 characters.

    " - }, - "RaidArrayId":{ - "shape":"String", - "documentation":"

    The RAID array ID.

    " - }, - "InstanceId":{ - "shape":"String", - "documentation":"

    The instance ID.

    " - }, - "Status":{ - "shape":"String", - "documentation":"

    The value returned by DescribeVolumes.

    " - }, - "Size":{ - "shape":"Integer", - "documentation":"

    The volume size.

    " - }, - "Device":{ - "shape":"String", - "documentation":"

    The device name.

    " - }, - "MountPoint":{ - "shape":"String", - "documentation":"

    The volume mount point. For example, \"/mnt/disk1\".

    " - }, - "Region":{ - "shape":"String", - "documentation":"

    The Amazon Web Services Region. For more information about Amazon Web Services Regions, see Regions and Endpoints.

    " - }, - "AvailabilityZone":{ - "shape":"String", - "documentation":"

    The volume Availability Zone. For more information, see Regions and Endpoints.

    " - }, - "VolumeType":{ - "shape":"String", - "documentation":"

    The volume type. For more information, see Amazon EBS Volume Types.

    • standard - Magnetic. Magnetic volumes must have a minimum size of 1 GiB and a maximum size of 1024 GiB.

    • io1 - Provisioned IOPS (SSD). PIOPS volumes must have a minimum size of 4 GiB and a maximum size of 16384 GiB.

    • gp2 - General Purpose (SSD). General purpose volumes must have a minimum size of 1 GiB and a maximum size of 16384 GiB.

    • st1 - Throughput Optimized hard disk drive (HDD). Throughput optimized HDD volumes must have a minimum size of 125 GiB and a maximum size of 16384 GiB.

    • sc1 - Cold HDD. Cold HDD volumes must have a minimum size of 125 GiB and a maximum size of 16384 GiB.

    " - }, - "Iops":{ - "shape":"Integer", - "documentation":"

    For PIOPS volumes, the IOPS per disk.

    " - }, - "Encrypted":{ - "shape":"Boolean", - "documentation":"

    Specifies whether an Amazon EBS volume is encrypted. For more information, see Amazon EBS Encryption.

    " - } - }, - "documentation":"

    Describes an instance's Amazon EBS volume.

    " - }, - "VolumeConfiguration":{ - "type":"structure", - "required":[ - "MountPoint", - "NumberOfDisks", - "Size" - ], - "members":{ - "MountPoint":{ - "shape":"String", - "documentation":"

    The volume mount point. For example \"/dev/sdh\".

    " - }, - "RaidLevel":{ - "shape":"Integer", - "documentation":"

    The volume RAID level.

    " - }, - "NumberOfDisks":{ - "shape":"Integer", - "documentation":"

    The number of disks in the volume.

    " - }, - "Size":{ - "shape":"Integer", - "documentation":"

    The volume size.

    " - }, - "VolumeType":{ - "shape":"String", - "documentation":"

    The volume type. For more information, see Amazon EBS Volume Types.

    • standard - Magnetic. Magnetic volumes must have a minimum size of 1 GiB and a maximum size of 1024 GiB.

    • io1 - Provisioned IOPS (SSD). PIOPS volumes must have a minimum size of 4 GiB and a maximum size of 16384 GiB.

    • gp2 - General Purpose (SSD). General purpose volumes must have a minimum size of 1 GiB and a maximum size of 16384 GiB.

    • st1 - Throughput Optimized hard disk drive (HDD). Throughput optimized HDD volumes must have a minimum size of 125 GiB and a maximum size of 16384 GiB.

    • sc1 - Cold HDD. Cold HDD volumes must have a minimum size of 125 GiB and a maximum size of 16384 GiB.

    " - }, - "Iops":{ - "shape":"Integer", - "documentation":"

    For PIOPS volumes, the IOPS per disk.

    " - }, - "Encrypted":{ - "shape":"Boolean", - "documentation":"

    Specifies whether an Amazon EBS volume is encrypted. For more information, see Amazon EBS Encryption.

    " - } - }, - "documentation":"

    Describes an Amazon EBS volume configuration.

    " - }, - "VolumeConfigurations":{ - "type":"list", - "member":{"shape":"VolumeConfiguration"} - }, - "VolumeType":{ - "type":"string", - "enum":[ - "gp2", - "io1", - "standard" - ] - }, - "Volumes":{ - "type":"list", - "member":{"shape":"Volume"} - }, - "WeeklyAutoScalingSchedule":{ - "type":"structure", - "members":{ - "Monday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Monday.

    " - }, - "Tuesday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Tuesday.

    " - }, - "Wednesday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Wednesday.

    " - }, - "Thursday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Thursday.

    " - }, - "Friday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Friday.

    " - }, - "Saturday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Saturday.

    " - }, - "Sunday":{ - "shape":"DailyAutoScalingSchedule", - "documentation":"

    The schedule for Sunday.

    " - } - }, - "documentation":"

    Describes a time-based instance's auto scaling schedule. The schedule consists of a set of key-value pairs.

    • The key is the time period (a UTC hour) and must be an integer from 0 - 23.

    • The value indicates whether the instance should be online or offline for the specified period, and must be set to \"on\" or \"off\"

    The default setting for all time periods is off, so you use the following parameters primarily to specify the online periods. You don't have to explicitly specify offline periods unless you want to change an online period to an offline period.

    The following example specifies that the instance should be online for four hours, from UTC 1200 - 1600. It will be off for the remainder of the day.

    { \"12\":\"on\", \"13\":\"on\", \"14\":\"on\", \"15\":\"on\" }

    " - } - }, - "documentation":"OpsWorks

    Welcome to the OpsWorks Stacks API Reference. This guide provides descriptions, syntax, and usage examples for OpsWorks Stacks actions and data types, including common parameters and error codes.

    OpsWorks Stacks is an application management service that provides an integrated experience for managing the complete application lifecycle. For information about OpsWorks, see the OpsWorks information page.

    SDKs and CLI

    Use the OpsWorks Stacks API by using the Command Line Interface (CLI) or by using one of the Amazon Web Services SDKs to implement applications in your preferred language. For more information, see:

    Endpoints

    OpsWorks Stacks supports the following endpoints, all HTTPS. You must connect to one of the following endpoints. Stacks can only be accessed or managed within the endpoint in which they are created.

    • opsworks.us-east-1.amazonaws.com

    • opsworks.us-east-2.amazonaws.com

    • opsworks.us-west-1.amazonaws.com

    • opsworks.us-west-2.amazonaws.com

    • opsworks.ca-central-1.amazonaws.com (API only; not available in the Amazon Web Services Management Console)

    • opsworks.eu-west-1.amazonaws.com

    • opsworks.eu-west-2.amazonaws.com

    • opsworks.eu-west-3.amazonaws.com

    • opsworks.eu-central-1.amazonaws.com

    • opsworks.ap-northeast-1.amazonaws.com

    • opsworks.ap-northeast-2.amazonaws.com

    • opsworks.ap-south-1.amazonaws.com

    • opsworks.ap-southeast-1.amazonaws.com

    • opsworks.ap-southeast-2.amazonaws.com

    • opsworks.sa-east-1.amazonaws.com

    Chef Versions

    When you call CreateStack, CloneStack, or UpdateStack we recommend you use the ConfigurationManager parameter to specify the Chef version. The recommended and default value for Linux stacks is currently 12. Windows stacks use Chef 12.2. For more information, see Chef Versions.

    You can specify Chef 12, 11.10, or 11.4 for your Linux stack. We recommend migrating your existing Linux stacks to Chef 12 as soon as possible.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/waiters-2.json 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/waiters-2.json --- 2.23.6-1/awscli/botocore/data/opsworks/2013-02-18/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworks/2013-02-18/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,289 +0,0 @@ -{ - "version": 2, - "waiters": { - "AppExists": { - "delay": 1, - "operation": "DescribeApps", - "maxAttempts": 40, - "acceptors": [ - { - "expected": 200, - "matcher": "status", - "state": "success" - }, - { - "matcher": "status", - "expected": 400, - "state": "failure" - } - ] - }, - "DeploymentSuccessful": { - "delay": 15, - "operation": "DescribeDeployments", - "maxAttempts": 40, - "description": "Wait until a deployment has completed successfully.", - "acceptors": [ - { - "expected": "successful", - "matcher": "pathAll", - "state": "success", - "argument": "Deployments[].Status" - }, - { - "expected": "failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Deployments[].Status" - } - ] - }, - "InstanceOnline": { - "delay": 15, - "operation": "DescribeInstances", - "maxAttempts": 40, - "description": "Wait until OpsWorks instance is online.", - "acceptors": [ - { - "expected": "online", - "matcher": "pathAll", - "state": "success", - "argument": "Instances[].Status" - }, - { - "expected": "setup_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "shutting_down", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "start_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stopped", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stopping", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "terminating", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "terminated", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stop_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - } - ] - }, - "InstanceRegistered": { - "delay": 15, - "operation": "DescribeInstances", - "maxAttempts": 40, - "description": "Wait until OpsWorks instance is registered.", - "acceptors": [ - { - "expected": "registered", - "matcher": "pathAll", - "state": "success", - "argument": "Instances[].Status" - }, - { - "expected": "setup_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "shutting_down", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stopped", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stopping", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "terminating", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "terminated", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stop_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - } - ] - }, - "InstanceStopped": { - "delay": 15, - "operation": "DescribeInstances", - "maxAttempts": 40, - "description": "Wait until OpsWorks instance is stopped.", - "acceptors": [ - { - "expected": "stopped", - "matcher": "pathAll", - "state": "success", - "argument": "Instances[].Status" - }, - { - "expected": "booting", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "pending", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "rebooting", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "requested", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "running_setup", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "setup_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "start_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "stop_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - } - ] - }, - "InstanceTerminated": { - "delay": 15, - "operation": "DescribeInstances", - "maxAttempts": 40, - "description": "Wait until OpsWorks instance is terminated.", - "acceptors": [ - { - "expected": "terminated", - "matcher": "pathAll", - "state": "success", - "argument": "Instances[].Status" - }, - { - "expected": "ResourceNotFoundException", - "matcher": "error", - "state": "success" - }, - { - "expected": "booting", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "online", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "pending", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "rebooting", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "requested", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "running_setup", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "setup_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - }, - { - "expected": "start_failed", - "matcher": "pathAny", - "state": "failure", - "argument": "Instances[].Status" - } - ] - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/completions-1.json 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/completions-1.json --- 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/completions-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/completions-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,268 +0,0 @@ -{ - "version": "1.0", - "resources": { - "Backup": { - "operation": "DescribeBackups", - "resourceIdentifier": { - "BackupId": "Backups[].BackupId" - } - }, - "Server": { - "operation": "DescribeServers", - "resourceIdentifier": { - "BackupRetentionCount": "Servers[].BackupRetentionCount", - "ServerName": "Servers[].ServerName", - "DisableAutomatedBackup": "Servers[].DisableAutomatedBackup", - "EngineAttributes": "Servers[].EngineAttributes", - "InstanceType": "Servers[].InstanceType", - "KeyPair": "Servers[].KeyPair", - "PreferredMaintenanceWindow": "Servers[].PreferredMaintenanceWindow", - "PreferredBackupWindow": "Servers[].PreferredBackupWindow" - } - } - }, - "operations": { - "AssociateNode": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - }, - "EngineAttributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "EngineAttributes" - } - ] - } - }, - "DeleteBackup": { - "BackupId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Backup", - "resourceIdentifier": "BackupId" - } - ] - } - }, - "DeleteServer": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "DescribeBackups": { - "BackupId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Backup", - "resourceIdentifier": "BackupId" - } - ] - }, - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "DescribeEvents": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "DescribeNodeAssociationStatus": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "DescribeServers": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "DisassociateNode": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - }, - "EngineAttributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "EngineAttributes" - } - ] - } - }, - "ExportServerEngineAttribute": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - }, - "RestoreServer": { - "BackupId": { - "completions": [ - { - "parameters": {}, - "resourceName": "Backup", - "resourceIdentifier": "BackupId" - } - ] - }, - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - }, - "InstanceType": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "InstanceType" - } - ] - }, - "KeyPair": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "KeyPair" - } - ] - } - }, - "StartMaintenance": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - }, - "EngineAttributes": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "EngineAttributes" - } - ] - } - }, - "UpdateServer": { - "DisableAutomatedBackup": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "DisableAutomatedBackup" - } - ] - }, - "BackupRetentionCount": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "BackupRetentionCount" - } - ] - }, - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - }, - "PreferredMaintenanceWindow": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "PreferredMaintenanceWindow" - } - ] - }, - "PreferredBackupWindow": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "PreferredBackupWindow" - } - ] - } - }, - "UpdateServerEngineAttributes": { - "ServerName": { - "completions": [ - { - "parameters": {}, - "resourceName": "Server", - "resourceIdentifier": "ServerName" - } - ] - } - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-cm-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-cm-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-cm.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://opsworks-cm.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/paginators-1.json 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -{ - "pagination": { - "DescribeBackups": { - "input_token": "NextToken", - "limit_key": "MaxResults", - "output_token": "NextToken", - "result_key": "Backups" - }, - "DescribeEvents": { - "input_token": "NextToken", - "limit_key": "MaxResults", - "output_token": "NextToken", - "result_key": "ServerEvents" - }, - "DescribeServers": { - "input_token": "NextToken", - "limit_key": "MaxResults", - "output_token": "NextToken", - "result_key": "Servers" - }, - "ListTagsForResource": { - "input_token": "NextToken", - "limit_key": "MaxResults", - "output_token": "NextToken", - "result_key": "Tags" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/service-2.json 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,1434 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2016-11-01", - "endpointPrefix":"opsworks-cm", - "jsonVersion":"1.1", - "protocol":"json", - "serviceAbbreviation":"OpsWorksCM", - "serviceFullName":"AWS OpsWorks CM", - "serviceId":"OpsWorksCM", - "signatureVersion":"v4", - "signingName":"opsworks-cm", - "targetPrefix":"OpsWorksCM_V2016_11_01", - "uid":"opsworkscm-2016-11-01" - }, - "operations":{ - "AssociateNode":{ - "name":"AssociateNode", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"AssociateNodeRequest"}, - "output":{"shape":"AssociateNodeResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Associates a new node with the server. For more information about how to disassociate a node, see DisassociateNode.

    On a Chef server: This command is an alternative to knife bootstrap.

    Example (Chef): aws opsworks-cm associate-node --server-name MyServer --node-name MyManagedNode --engine-attributes \"Name=CHEF_ORGANIZATION,Value=default\" \"Name=CHEF_NODE_PUBLIC_KEY,Value=public-key-pem\"

    On a Puppet server, this command is an alternative to the puppet cert sign command that signs a Puppet node CSR.

    Example (Puppet): aws opsworks-cm associate-node --server-name MyServer --node-name MyManagedNode --engine-attributes \"Name=PUPPET_NODE_CSR,Value=csr-pem\"

    A node can can only be associated with servers that are in a HEALTHY state. Otherwise, an InvalidStateException is thrown. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid. The AssociateNode API call can be integrated into Auto Scaling configurations, AWS Cloudformation templates, or the user data of a server's instance.

    " - }, - "CreateBackup":{ - "name":"CreateBackup", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateBackupRequest"}, - "output":{"shape":"CreateBackupResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"LimitExceededException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Creates an application-level backup of a server. While the server is in the BACKING_UP state, the server cannot be changed, and no additional backup can be created.

    Backups can be created for servers in RUNNING, HEALTHY, and UNHEALTHY states. By default, you can create a maximum of 50 manual backups.

    This operation is asynchronous.

    A LimitExceededException is thrown when the maximum number of manual backups is reached. An InvalidStateException is thrown when the server is not in any of the following states: RUNNING, HEALTHY, or UNHEALTHY. A ResourceNotFoundException is thrown when the server is not found. A ValidationException is thrown when parameters of the request are not valid.

    " - }, - "CreateServer":{ - "name":"CreateServer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateServerRequest"}, - "output":{"shape":"CreateServerResponse"}, - "errors":[ - {"shape":"LimitExceededException"}, - {"shape":"ResourceAlreadyExistsException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Creates and immedately starts a new server. The server is ready to use when it is in the HEALTHY state. By default, you can create a maximum of 10 servers.

    This operation is asynchronous.

    A LimitExceededException is thrown when you have created the maximum number of servers (10). A ResourceAlreadyExistsException is thrown when a server with the same name already exists in the account. A ResourceNotFoundException is thrown when you specify a backup ID that is not valid or is for a backup that does not exist. A ValidationException is thrown when parameters of the request are not valid.

    If you do not specify a security group by adding the SecurityGroupIds parameter, AWS OpsWorks creates a new security group.

    Chef Automate: The default security group opens the Chef server to the world on TCP port 443. If a KeyName is present, AWS OpsWorks enables SSH access. SSH is also open to the world on TCP port 22.

    Puppet Enterprise: The default security group opens TCP ports 22, 443, 4433, 8140, 8142, 8143, and 8170. If a KeyName is present, AWS OpsWorks enables SSH access. SSH is also open to the world on TCP port 22.

    By default, your server is accessible from any IP address. We recommend that you update your security group rules to allow access from known IP addresses and address ranges only. To edit security group rules, open Security Groups in the navigation pane of the EC2 management console.

    To specify your own domain for a server, and provide your own self-signed or CA-signed certificate and private key, specify values for CustomDomain, CustomCertificate, and CustomPrivateKey.

    " - }, - "DeleteBackup":{ - "name":"DeleteBackup", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteBackupRequest"}, - "output":{"shape":"DeleteBackupResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Deletes a backup. You can delete both manual and automated backups. This operation is asynchronous.

    An InvalidStateException is thrown when a backup deletion is already in progress. A ResourceNotFoundException is thrown when the backup does not exist. A ValidationException is thrown when parameters of the request are not valid.

    " - }, - "DeleteServer":{ - "name":"DeleteServer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteServerRequest"}, - "output":{"shape":"DeleteServerResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Deletes the server and the underlying AWS CloudFormation stacks (including the server's EC2 instance). When you run this command, the server state is updated to DELETING. After the server is deleted, it is no longer returned by DescribeServer requests. If the AWS CloudFormation stack cannot be deleted, the server cannot be deleted.

    This operation is asynchronous.

    An InvalidStateException is thrown when a server deletion is already in progress. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "DescribeAccountAttributes":{ - "name":"DescribeAccountAttributes", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeAccountAttributesRequest"}, - "output":{"shape":"DescribeAccountAttributesResponse"}, - "documentation":"

    Describes your OpsWorks-CM account attributes.

    This operation is synchronous.

    " - }, - "DescribeBackups":{ - "name":"DescribeBackups", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeBackupsRequest"}, - "output":{"shape":"DescribeBackupsResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidNextTokenException"} - ], - "documentation":"

    Describes backups. The results are ordered by time, with newest backups first. If you do not specify a BackupId or ServerName, the command returns all backups.

    This operation is synchronous.

    A ResourceNotFoundException is thrown when the backup does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "DescribeEvents":{ - "name":"DescribeEvents", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeEventsRequest"}, - "output":{"shape":"DescribeEventsResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"InvalidNextTokenException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Describes events for a specified server. Results are ordered by time, with newest events first.

    This operation is synchronous.

    A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "DescribeNodeAssociationStatus":{ - "name":"DescribeNodeAssociationStatus", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeNodeAssociationStatusRequest"}, - "output":{"shape":"DescribeNodeAssociationStatusResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Returns the current status of an existing association or disassociation request.

    A ResourceNotFoundException is thrown when no recent association or disassociation request with the specified token is found, or when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "DescribeServers":{ - "name":"DescribeServers", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DescribeServersRequest"}, - "output":{"shape":"DescribeServersResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidNextTokenException"} - ], - "documentation":"

    Lists all configuration management servers that are identified with your account. Only the stored results from Amazon DynamoDB are returned. AWS OpsWorks CM does not query other services.

    This operation is synchronous.

    A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "DisassociateNode":{ - "name":"DisassociateNode", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DisassociateNodeRequest"}, - "output":{"shape":"DisassociateNodeResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Disassociates a node from an AWS OpsWorks CM server, and removes the node from the server's managed nodes. After a node is disassociated, the node key pair is no longer valid for accessing the configuration manager's API. For more information about how to associate a node, see AssociateNode.

    A node can can only be disassociated from a server that is in a HEALTHY state. Otherwise, an InvalidStateException is thrown. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "ExportServerEngineAttribute":{ - "name":"ExportServerEngineAttribute", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ExportServerEngineAttributeRequest"}, - "output":{"shape":"ExportServerEngineAttributeResponse"}, - "errors":[ - {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidStateException"} - ], - "documentation":"

    Exports a specified server engine attribute as a base64-encoded string. For example, you can export user data that you can use in EC2 to associate nodes with a server.

    This operation is synchronous.

    A ValidationException is raised when parameters of the request are not valid. A ResourceNotFoundException is thrown when the server does not exist. An InvalidStateException is thrown when the server is in any of the following states: CREATING, TERMINATED, FAILED or DELETING.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Returns a list of tags that are applied to the specified AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise servers or backups.

    " - }, - "RestoreServer":{ - "name":"RestoreServer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"RestoreServerRequest"}, - "output":{"shape":"RestoreServerResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Restores a backup to a server that is in a CONNECTION_LOST, HEALTHY, RUNNING, UNHEALTHY, or TERMINATED state. When you run RestoreServer, the server's EC2 instance is deleted, and a new EC2 instance is configured. RestoreServer maintains the existing server endpoint, so configuration management of the server's client devices (nodes) should continue to work.

    Restoring from a backup is performed by creating a new EC2 instance. If restoration is successful, and the server is in a HEALTHY state, AWS OpsWorks CM switches traffic over to the new instance. After restoration is finished, the old EC2 instance is maintained in a Running or Stopped state, but is eventually terminated.

    This operation is asynchronous.

    An InvalidStateException is thrown when the server is not in a valid state. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "StartMaintenance":{ - "name":"StartMaintenance", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartMaintenanceRequest"}, - "output":{"shape":"StartMaintenanceResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Manually starts server maintenance. This command can be useful if an earlier maintenance attempt failed, and the underlying cause of maintenance failure has been resolved. The server is in an UNDER_MAINTENANCE state while maintenance is in progress.

    Maintenance can only be started on servers in HEALTHY and UNHEALTHY states. Otherwise, an InvalidStateException is thrown. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InvalidStateException"} - ], - "documentation":"

    Applies tags to an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server, or to server backups.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InvalidStateException"} - ], - "documentation":"

    Removes specified tags from an AWS OpsWorks-CM server or backup.

    " - }, - "UpdateServer":{ - "name":"UpdateServer", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateServerRequest"}, - "output":{"shape":"UpdateServerResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Updates settings for a server.

    This operation is synchronous.

    " - }, - "UpdateServerEngineAttributes":{ - "name":"UpdateServerEngineAttributes", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateServerEngineAttributesRequest"}, - "output":{"shape":"UpdateServerEngineAttributesResponse"}, - "errors":[ - {"shape":"InvalidStateException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"} - ], - "documentation":"

    Updates engine-specific attributes on a specified server. The server enters the MODIFYING state when this operation is in progress. Only one update can occur at a time. You can use this command to reset a Chef server's public key (CHEF_PIVOTAL_KEY) or a Puppet server's admin password (PUPPET_ADMIN_PASSWORD).

    This operation is asynchronous.

    This operation can only be called for servers in HEALTHY or UNHEALTHY states. Otherwise, an InvalidStateException is raised. A ResourceNotFoundException is thrown when the server does not exist. A ValidationException is raised when parameters of the request are not valid.

    " - } - }, - "shapes":{ - "AWSOpsWorksCMResourceArn":{ - "type":"string", - "pattern":"arn:aws.*:opsworks-cm:.*:[0-9]{12}:.*" - }, - "AccountAttribute":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"String", - "documentation":"

    The attribute name. The following are supported attribute names.

    • ServerLimit: The number of current servers/maximum number of servers allowed. By default, you can have a maximum of 10 servers.

    • ManualBackupLimit: The number of current manual backups/maximum number of backups allowed. By default, you can have a maximum of 50 manual backups saved.

    " - }, - "Maximum":{ - "shape":"Integer", - "documentation":"

    The maximum allowed value.

    " - }, - "Used":{ - "shape":"Integer", - "documentation":"

    The current usage, such as the current number of servers that are associated with the account.

    " - } - }, - "documentation":"

    Stores account attributes.

    " - }, - "AccountAttributes":{ - "type":"list", - "member":{"shape":"AccountAttribute"}, - "documentation":"

    A list of individual account attributes.

    " - }, - "AssociateNodeRequest":{ - "type":"structure", - "required":[ - "ServerName", - "NodeName", - "EngineAttributes" - ], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server with which to associate the node.

    " - }, - "NodeName":{ - "shape":"NodeName", - "documentation":"

    The name of the node.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    Engine attributes used for associating the node.

    Attributes accepted in a AssociateNode request for Chef

    • CHEF_ORGANIZATION: The Chef organization with which the node is associated. By default only one organization named default can exist.

    • CHEF_NODE_PUBLIC_KEY: A PEM-formatted public key. This key is required for the chef-client agent to access the Chef API.

    Attributes accepted in a AssociateNode request for Puppet

    • PUPPET_NODE_CSR: A PEM-formatted certificate-signing request (CSR) that is created by the node.

    " - } - } - }, - "AssociateNodeResponse":{ - "type":"structure", - "members":{ - "NodeAssociationStatusToken":{ - "shape":"NodeAssociationStatusToken", - "documentation":"

    Contains a token which can be passed to the DescribeNodeAssociationStatus API call to get the status of the association request.

    " - } - } - }, - "AttributeName":{ - "type":"string", - "max":64, - "min":1, - "pattern":"[A-Z][A-Z0-9_]*" - }, - "AttributeValue":{ - "type":"string", - "max":10000, - "pattern":"(?s).*" - }, - "Backup":{ - "type":"structure", - "members":{ - "BackupArn":{ - "shape":"String", - "documentation":"

    The ARN of the backup.

    " - }, - "BackupId":{ - "shape":"BackupId", - "documentation":"

    The generated ID of the backup. Example: myServerName-yyyyMMddHHmmssSSS

    " - }, - "BackupType":{ - "shape":"BackupType", - "documentation":"

    The backup type. Valid values are automated or manual.

    " - }, - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"

    The time stamp when the backup was created in the database. Example: 2016-07-29T13:38:47.520Z

    " - }, - "Description":{ - "shape":"String", - "documentation":"

    A user-provided description for a manual backup. This field is empty for automated backups.

    " - }, - "Engine":{ - "shape":"String", - "documentation":"

    The engine type that is obtained from the server when the backup is created.

    " - }, - "EngineModel":{ - "shape":"String", - "documentation":"

    The engine model that is obtained from the server when the backup is created.

    " - }, - "EngineVersion":{ - "shape":"String", - "documentation":"

    The engine version that is obtained from the server when the backup is created.

    " - }, - "InstanceProfileArn":{ - "shape":"String", - "documentation":"

    The EC2 instance profile ARN that is obtained from the server when the backup is created. Because this value is stored, you are not required to provide the InstanceProfileArn again if you restore a backup.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The instance type that is obtained from the server when the backup is created.

    " - }, - "KeyPair":{ - "shape":"String", - "documentation":"

    The key pair that is obtained from the server when the backup is created.

    " - }, - "PreferredBackupWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The preferred backup period that is obtained from the server when the backup is created.

    " - }, - "PreferredMaintenanceWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The preferred maintenance period that is obtained from the server when the backup is created.

    " - }, - "S3DataSize":{ - "shape":"Integer", - "documentation":"

    This field is deprecated and is no longer used.

    ", - "deprecated":true - }, - "S3DataUrl":{ - "shape":"String", - "documentation":"

    This field is deprecated and is no longer used.

    ", - "deprecated":true - }, - "S3LogUrl":{ - "shape":"String", - "documentation":"

    The Amazon S3 URL of the backup's log file.

    " - }, - "SecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    The security group IDs that are obtained from the server when the backup is created.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server from which the backup was made.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    The service role ARN that is obtained from the server when the backup is created.

    " - }, - "Status":{ - "shape":"BackupStatus", - "documentation":"

    The status of a backup while in progress.

    " - }, - "StatusDescription":{ - "shape":"String", - "documentation":"

    An informational message about backup status.

    " - }, - "SubnetIds":{ - "shape":"Strings", - "documentation":"

    The subnet IDs that are obtained from the server when the backup is created.

    " - }, - "ToolsVersion":{ - "shape":"String", - "documentation":"

    The version of AWS OpsWorks CM-specific tools that is obtained from the server when the backup is created.

    " - }, - "UserArn":{ - "shape":"String", - "documentation":"

    The IAM user ARN of the requester for manual backups. This field is empty for automated backups.

    " - } - }, - "documentation":"

    Describes a single backup.

    " - }, - "BackupId":{ - "type":"string", - "max":79, - "pattern":"[a-zA-Z][a-zA-Z0-9\\-\\.\\:]*" - }, - "BackupRetentionCountDefinition":{ - "type":"integer", - "min":1 - }, - "BackupStatus":{ - "type":"string", - "enum":[ - "IN_PROGRESS", - "OK", - "FAILED", - "DELETING" - ] - }, - "BackupType":{ - "type":"string", - "enum":[ - "AUTOMATED", - "MANUAL" - ] - }, - "Backups":{ - "type":"list", - "member":{"shape":"Backup"} - }, - "Boolean":{"type":"boolean"}, - "CreateBackupRequest":{ - "type":"structure", - "required":["ServerName"], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server that you want to back up.

    " - }, - "Description":{ - "shape":"String", - "documentation":"

    A user-defined description of the backup.

    " - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    A map that contains tag keys and tag values to attach to an AWS OpsWorks-CM server backup.

    • The key cannot be empty.

    • The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • Leading and trailing white spaces are trimmed from both the key and value.

    • A maximum of 50 user-applied tags is allowed for tag-supported AWS OpsWorks-CM resources.

    " - } - } - }, - "CreateBackupResponse":{ - "type":"structure", - "members":{ - "Backup":{ - "shape":"Backup", - "documentation":"

    Backup created by request.

    " - } - } - }, - "CreateServerRequest":{ - "type":"structure", - "required":[ - "Engine", - "ServerName", - "InstanceProfileArn", - "InstanceType", - "ServiceRoleArn" - ], - "members":{ - "AssociatePublicIpAddress":{ - "shape":"Boolean", - "documentation":"

    Associate a public IP address with a server that you are launching. Valid values are true or false. The default value is true.

    " - }, - "CustomDomain":{ - "shape":"CustomDomain", - "documentation":"

    An optional public endpoint of a server, such as https://aws.my-company.com. To access the server, create a CNAME DNS record in your preferred DNS service that points the custom domain to the endpoint that is generated when the server is created (the value of the CreateServer Endpoint attribute). You cannot access the server by using the generated Endpoint value if the server is using a custom domain. If you specify a custom domain, you must also specify values for CustomCertificate and CustomPrivateKey.

    " - }, - "CustomCertificate":{ - "shape":"CustomCertificate", - "documentation":"

    A PEM-formatted HTTPS certificate. The value can be be a single, self-signed certificate, or a certificate chain. If you specify a custom certificate, you must also specify values for CustomDomain and CustomPrivateKey. The following are requirements for the CustomCertificate value:

    • You can provide either a self-signed, custom certificate, or the full certificate chain.

    • The certificate must be a valid X509 certificate, or a certificate chain in PEM format.

    • The certificate must be valid at the time of upload. A certificate can't be used before its validity period begins (the certificate's NotBefore date), or after it expires (the certificate's NotAfter date).

    • The certificate’s common name or subject alternative names (SANs), if present, must match the value of CustomDomain.

    • The certificate must match the value of CustomPrivateKey.

    " - }, - "CustomPrivateKey":{ - "shape":"CustomPrivateKey", - "documentation":"

    A private key in PEM format for connecting to the server by using HTTPS. The private key must not be encrypted; it cannot be protected by a password or passphrase. If you specify a custom private key, you must also specify values for CustomDomain and CustomCertificate.

    " - }, - "DisableAutomatedBackup":{ - "shape":"Boolean", - "documentation":"

    Enable or disable scheduled backups. Valid values are true or false. The default value is true.

    " - }, - "Engine":{ - "shape":"String", - "documentation":"

    The configuration management engine to use. Valid values include ChefAutomate and Puppet.

    " - }, - "EngineModel":{ - "shape":"String", - "documentation":"

    The engine model of the server. Valid values in this release include Monolithic for Puppet and Single for Chef.

    " - }, - "EngineVersion":{ - "shape":"String", - "documentation":"

    The major release version of the engine that you want to use. For a Chef server, the valid value for EngineVersion is currently 2. For a Puppet server, valid values are 2019 or 2017.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    Optional engine attributes on a specified server.

    Attributes accepted in a Chef createServer request:

    • CHEF_AUTOMATE_PIVOTAL_KEY: A base64-encoded RSA public key. The corresponding private key is required to access the Chef API. When no CHEF_AUTOMATE_PIVOTAL_KEY is set, a private key is generated and returned in the response.

    • CHEF_AUTOMATE_ADMIN_PASSWORD: The password for the administrative user in the Chef Automate web-based dashboard. The password length is a minimum of eight characters, and a maximum of 32. The password can contain letters, numbers, and special characters (!/@#$%^&+=_). The password must contain at least one lower case letter, one upper case letter, one number, and one special character. When no CHEF_AUTOMATE_ADMIN_PASSWORD is set, one is generated and returned in the response.

    Attributes accepted in a Puppet createServer request:

    • PUPPET_ADMIN_PASSWORD: To work with the Puppet Enterprise console, a password must use ASCII characters.

    • PUPPET_R10K_REMOTE: The r10k remote is the URL of your control repository (for example, ssh://git@your.git-repo.com:user/control-repo.git). Specifying an r10k remote opens TCP port 8170.

    • PUPPET_R10K_PRIVATE_KEY: If you are using a private Git repository, add PUPPET_R10K_PRIVATE_KEY to specify a PEM-encoded private SSH key.

    " - }, - "BackupRetentionCount":{ - "shape":"BackupRetentionCountDefinition", - "documentation":"

    The number of automated backups that you want to keep. Whenever a new backup is created, AWS OpsWorks CM deletes the oldest backups if this number is exceeded. The default value is 1.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server. The server name must be unique within your AWS account, within each region. Server names must start with a letter; then letters, numbers, or hyphens (-) are allowed, up to a maximum of 40 characters.

    " - }, - "InstanceProfileArn":{ - "shape":"InstanceProfileArn", - "documentation":"

    The ARN of the instance profile that your Amazon EC2 instances use. Although the AWS OpsWorks console typically creates the instance profile for you, if you are using API commands instead, run the service-role-creation.yaml AWS CloudFormation template, located at https://s3.amazonaws.com/opsworks-cm-us-east-1-prod-default-assets/misc/opsworks-cm-roles.yaml. This template creates a CloudFormation stack that includes the instance profile you need.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The Amazon EC2 instance type to use. For example, m5.large.

    " - }, - "KeyPair":{ - "shape":"KeyPair", - "documentation":"

    The Amazon EC2 key pair to set for the instance. This parameter is optional; if desired, you may specify this parameter to connect to your instances by using SSH.

    " - }, - "PreferredMaintenanceWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The start time for a one-hour period each week during which AWS OpsWorks CM performs maintenance on the instance. Valid values must be specified in the following format: DDD:HH:MM. MM must be specified as 00. The specified time is in coordinated universal time (UTC). The default value is a random one-hour period on Tuesday, Wednesday, or Friday. See TimeWindowDefinition for more information.

    Example: Mon:08:00, which represents a start time of every Monday at 08:00 UTC. (8:00 a.m.)

    " - }, - "PreferredBackupWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The start time for a one-hour period during which AWS OpsWorks CM backs up application-level data on your server if automated backups are enabled. Valid values must be specified in one of the following formats:

    • HH:MM for daily backups

    • DDD:HH:MM for weekly backups

    MM must be specified as 00. The specified time is in coordinated universal time (UTC). The default value is a random, daily start time.

    Example: 08:00, which represents a daily start time of 08:00 UTC.

    Example: Mon:08:00, which represents a start time of every Monday at 08:00 UTC. (8:00 a.m.)

    " - }, - "SecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    A list of security group IDs to attach to the Amazon EC2 instance. If you add this parameter, the specified security groups must be within the VPC that is specified by SubnetIds.

    If you do not specify this parameter, AWS OpsWorks CM creates one new security group that uses TCP ports 22 and 443, open to 0.0.0.0/0 (everyone).

    " - }, - "ServiceRoleArn":{ - "shape":"ServiceRoleArn", - "documentation":"

    The service role that the AWS OpsWorks CM service backend uses to work with your account. Although the AWS OpsWorks management console typically creates the service role for you, if you are using the AWS CLI or API commands, run the service-role-creation.yaml AWS CloudFormation template, located at https://s3.amazonaws.com/opsworks-cm-us-east-1-prod-default-assets/misc/opsworks-cm-roles.yaml. This template creates a CloudFormation stack that includes the service role and instance profile that you need.

    " - }, - "SubnetIds":{ - "shape":"Strings", - "documentation":"

    The IDs of subnets in which to launch the server EC2 instance.

    Amazon EC2-Classic customers: This field is required. All servers must run within a VPC. The VPC must have \"Auto Assign Public IP\" enabled.

    EC2-VPC customers: This field is optional. If you do not specify subnet IDs, your EC2 instances are created in a default subnet that is selected by Amazon EC2. If you specify subnet IDs, the VPC must have \"Auto Assign Public IP\" enabled.

    For more information about supported Amazon EC2 platforms, see Supported Platforms.

    " - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    A map that contains tag keys and tag values to attach to an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.

    • The key cannot be empty.

    • The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @

    • The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : / @

    • Leading and trailing white spaces are trimmed from both the key and value.

    • A maximum of 50 user-applied tags is allowed for any AWS OpsWorks-CM server.

    " - }, - "BackupId":{ - "shape":"BackupId", - "documentation":"

    If you specify this field, AWS OpsWorks CM creates the server by using the backup represented by BackupId.

    " - } - } - }, - "CreateServerResponse":{ - "type":"structure", - "members":{ - "Server":{ - "shape":"Server", - "documentation":"

    The server that is created by the request.

    " - } - } - }, - "CustomCertificate":{ - "type":"string", - "max":2097152, - "pattern":"(?s)\\s*-----BEGIN CERTIFICATE-----.+-----END CERTIFICATE-----\\s*" - }, - "CustomDomain":{ - "type":"string", - "max":253, - "pattern":"^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$" - }, - "CustomPrivateKey":{ - "type":"string", - "max":4096, - "pattern":"(?ms)\\s*^-----BEGIN (?-s:.*)PRIVATE KEY-----$.*?^-----END (?-s:.*)PRIVATE KEY-----$\\s*", - "sensitive":true - }, - "DeleteBackupRequest":{ - "type":"structure", - "required":["BackupId"], - "members":{ - "BackupId":{ - "shape":"BackupId", - "documentation":"

    The ID of the backup to delete. Run the DescribeBackups command to get a list of backup IDs. Backup IDs are in the format ServerName-yyyyMMddHHmmssSSS.

    " - } - } - }, - "DeleteBackupResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteServerRequest":{ - "type":"structure", - "required":["ServerName"], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The ID of the server to delete.

    " - } - } - }, - "DeleteServerResponse":{ - "type":"structure", - "members":{ - } - }, - "DescribeAccountAttributesRequest":{ - "type":"structure", - "members":{ - } - }, - "DescribeAccountAttributesResponse":{ - "type":"structure", - "members":{ - "Attributes":{ - "shape":"AccountAttributes", - "documentation":"

    The attributes that are currently set for the account.

    " - } - } - }, - "DescribeBackupsRequest":{ - "type":"structure", - "members":{ - "BackupId":{ - "shape":"BackupId", - "documentation":"

    Describes a single backup.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    Returns backups for the server with the specified ServerName.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    This is not currently implemented for DescribeBackups requests.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    This is not currently implemented for DescribeBackups requests.

    " - } - } - }, - "DescribeBackupsResponse":{ - "type":"structure", - "members":{ - "Backups":{ - "shape":"Backups", - "documentation":"

    Contains the response to a DescribeBackups request.

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    This is not currently implemented for DescribeBackups requests.

    " - } - } - }, - "DescribeEventsRequest":{ - "type":"structure", - "required":["ServerName"], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server for which you want to view events.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    NextToken is a string that is returned in some command responses. It indicates that not all entries have been returned, and that you must run at least one more request to get remaining items. To get remaining results, call DescribeEvents again, and assign the token from the previous results as the value of the nextToken parameter. If there are no more results, the response object's nextToken parameter value is null. Setting a nextToken value that was not returned in your previous results causes an InvalidNextTokenException to occur.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    To receive a paginated response, use this parameter to specify the maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

    " - } - } - }, - "DescribeEventsResponse":{ - "type":"structure", - "members":{ - "ServerEvents":{ - "shape":"ServerEvents", - "documentation":"

    Contains the response to a DescribeEvents request.

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    NextToken is a string that is returned in some command responses. It indicates that not all entries have been returned, and that you must run at least one more request to get remaining items. To get remaining results, call DescribeEvents again, and assign the token from the previous results as the value of the nextToken parameter. If there are no more results, the response object's nextToken parameter value is null. Setting a nextToken value that was not returned in your previous results causes an InvalidNextTokenException to occur.

    " - } - } - }, - "DescribeNodeAssociationStatusRequest":{ - "type":"structure", - "required":[ - "NodeAssociationStatusToken", - "ServerName" - ], - "members":{ - "NodeAssociationStatusToken":{ - "shape":"NodeAssociationStatusToken", - "documentation":"

    The token returned in either the AssociateNodeResponse or the DisassociateNodeResponse.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server from which to disassociate the node.

    " - } - } - }, - "DescribeNodeAssociationStatusResponse":{ - "type":"structure", - "members":{ - "NodeAssociationStatus":{ - "shape":"NodeAssociationStatus", - "documentation":"

    The status of the association or disassociation request.

    Possible values:

    • SUCCESS: The association or disassociation succeeded.

    • FAILED: The association or disassociation failed.

    • IN_PROGRESS: The association or disassociation is still in progress.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    Attributes specific to the node association. In Puppet, the attibute PUPPET_NODE_CERT contains the signed certificate (the result of the CSR).

    " - } - } - }, - "DescribeServersRequest":{ - "type":"structure", - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    Describes the server with the specified ServerName.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    This is not currently implemented for DescribeServers requests.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    This is not currently implemented for DescribeServers requests.

    " - } - } - }, - "DescribeServersResponse":{ - "type":"structure", - "members":{ - "Servers":{ - "shape":"Servers", - "documentation":"

    Contains the response to a DescribeServers request.

    For Chef Automate servers: If DescribeServersResponse$Servers$EngineAttributes includes CHEF_MAJOR_UPGRADE_AVAILABLE, you can upgrade the Chef Automate server to Chef Automate 2. To be eligible for upgrade, a server running Chef Automate 1 must have had at least one successful maintenance run after November 1, 2019.

    For Puppet servers: DescribeServersResponse$Servers$EngineAttributes contains the following two responses:

    • PUPPET_API_CA_CERT, the PEM-encoded CA certificate that is used by the Puppet API over TCP port number 8140. The CA certificate is also used to sign node certificates.

    • PUPPET_API_CRL, a certificate revocation list. The certificate revocation list is for internal maintenance purposes only. For more information about the Puppet certificate revocation list, see Man Page: puppet certificate_revocation_list in the Puppet documentation.

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    This is not currently implemented for DescribeServers requests.

    " - } - } - }, - "DisassociateNodeRequest":{ - "type":"structure", - "required":[ - "ServerName", - "NodeName" - ], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server from which to disassociate the node.

    " - }, - "NodeName":{ - "shape":"NodeName", - "documentation":"

    The name of the client node.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    Engine attributes that are used for disassociating the node. No attributes are required for Puppet.

    Attributes required in a DisassociateNode request for Chef

    • CHEF_ORGANIZATION: The Chef organization with which the node was associated. By default only one organization named default can exist.

    " - } - } - }, - "DisassociateNodeResponse":{ - "type":"structure", - "members":{ - "NodeAssociationStatusToken":{ - "shape":"NodeAssociationStatusToken", - "documentation":"

    Contains a token which can be passed to the DescribeNodeAssociationStatus API call to get the status of the disassociation request.

    " - } - } - }, - "EngineAttribute":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"EngineAttributeName", - "documentation":"

    The name of the engine attribute.

    " - }, - "Value":{ - "shape":"EngineAttributeValue", - "documentation":"

    The value of the engine attribute.

    " - } - }, - "documentation":"

    A name and value pair that is specific to the engine of the server.

    " - }, - "EngineAttributeName":{ - "type":"string", - "max":10000, - "pattern":"(?s).*" - }, - "EngineAttributeValue":{ - "type":"string", - "max":10000, - "pattern":"(?s).*", - "sensitive":true - }, - "EngineAttributes":{ - "type":"list", - "member":{"shape":"EngineAttribute"} - }, - "ExportServerEngineAttributeRequest":{ - "type":"structure", - "required":[ - "ExportAttributeName", - "ServerName" - ], - "members":{ - "ExportAttributeName":{ - "shape":"String", - "documentation":"

    The name of the export attribute. Currently, the supported export attribute is Userdata. This exports a user data script that includes parameters and values provided in the InputAttributes list.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server from which you are exporting the attribute.

    " - }, - "InputAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    The list of engine attributes. The list type is EngineAttribute. An EngineAttribute list item is a pair that includes an attribute name and its value. For the Userdata ExportAttributeName, the following are supported engine attribute names.

    • RunList In Chef, a list of roles or recipes that are run in the specified order. In Puppet, this parameter is ignored.

    • OrganizationName In Chef, an organization name. AWS OpsWorks for Chef Automate always creates the organization default. In Puppet, this parameter is ignored.

    • NodeEnvironment In Chef, a node environment (for example, development, staging, or one-box). In Puppet, this parameter is ignored.

    • NodeClientVersion In Chef, the version of the Chef engine (three numbers separated by dots, such as 13.8.5). If this attribute is empty, OpsWorks for Chef Automate uses the most current version. In Puppet, this parameter is ignored.

    " - } - } - }, - "ExportServerEngineAttributeResponse":{ - "type":"structure", - "members":{ - "EngineAttribute":{ - "shape":"EngineAttribute", - "documentation":"

    The requested engine attribute pair with attribute name and value.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The server name used in the request.

    " - } - } - }, - "InstanceProfileArn":{ - "type":"string", - "max":10000, - "pattern":"arn:aws:iam::[0-9]{12}:instance-profile/.*" - }, - "Integer":{"type":"integer"}, - "InvalidNextTokenException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message that can contain more detail about a nextToken failure.

    " - } - }, - "documentation":"

    This occurs when the provided nextToken is not valid.

    ", - "exception":true - }, - "InvalidStateException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message that provides more detail if a resource is in a state that is not valid for performing a specified action.

    " - } - }, - "documentation":"

    The resource is in a state that does not allow you to perform a specified action.

    ", - "exception":true - }, - "KeyPair":{ - "type":"string", - "max":10000, - "pattern":".*" - }, - "LimitExceededException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message that the maximum allowed number of servers or backups has been exceeded.

    " - } - }, - "documentation":"

    The limit of servers or backups has been reached.

    ", - "exception":true - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["ResourceArn"], - "members":{ - "ResourceArn":{ - "shape":"AWSOpsWorksCMResourceArn", - "documentation":"

    The Amazon Resource Number (ARN) of an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server for which you want to show applied tags. For example, arn:aws:opsworks-cm:us-west-2:123456789012:server/test-owcm-server/EXAMPLE-66b0-4196-8274-d1a2bEXAMPLE.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    NextToken is a string that is returned in some command responses. It indicates that not all entries have been returned, and that you must run at least one more request to get remaining items. To get remaining results, call ListTagsForResource again, and assign the token from the previous results as the value of the nextToken parameter. If there are no more results, the response object's nextToken parameter value is null. Setting a nextToken value that was not returned in your previous results causes an InvalidNextTokenException to occur.

    " - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    To receive a paginated response, use this parameter to specify the maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

    " - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"TagList", - "documentation":"

    Tags that have been applied to the resource.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A token that you can use as the value of NextToken in subsequent calls to the API to show more results.

    " - } - } - }, - "MaintenanceStatus":{ - "type":"string", - "enum":[ - "SUCCESS", - "FAILED" - ] - }, - "MaxResults":{ - "type":"integer", - "min":1 - }, - "NextToken":{ - "type":"string", - "max":10000, - "pattern":"(?s).*" - }, - "NodeAssociationStatus":{ - "type":"string", - "documentation":"

    The status of the association or disassociation request.

    Possible values:

    • SUCCESS: The association or disassociation succeeded.

    • FAILED: The association or disassociation failed.

    • IN_PROGRESS: The association or disassociation is still in progress.

    ", - "enum":[ - "SUCCESS", - "FAILED", - "IN_PROGRESS" - ] - }, - "NodeAssociationStatusToken":{ - "type":"string", - "max":10000, - "pattern":"(?s).*" - }, - "NodeName":{ - "type":"string", - "documentation":"

    The node name that is used by chef-client or puppet-agentfor a new node. We recommend to use a unique FQDN as hostname. For more information, see the Chef or Puppet documentation.

    ", - "max":10000, - "pattern":"^[\\-\\p{Alnum}_:.]+$" - }, - "ResourceAlreadyExistsException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message in response to a CreateServer request that a resource cannot be created because it already exists.

    " - } - }, - "documentation":"

    The requested resource cannot be created because it already exists.

    ", - "exception":true - }, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message that can contain more detail about problems locating or accessing a resource.

    " - } - }, - "documentation":"

    The requested resource does not exist, or access was denied.

    ", - "exception":true - }, - "RestoreServerRequest":{ - "type":"structure", - "required":[ - "BackupId", - "ServerName" - ], - "members":{ - "BackupId":{ - "shape":"BackupId", - "documentation":"

    The ID of the backup that you want to use to restore a server.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server that you want to restore.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The type of instance to restore. Valid values must be specified in the following format: ^([cm][34]|t2).* For example, m5.large. Valid values are m5.large, r5.xlarge, and r5.2xlarge. If you do not specify this parameter, RestoreServer uses the instance type from the specified backup.

    " - }, - "KeyPair":{ - "shape":"KeyPair", - "documentation":"

    The name of the key pair to set on the new EC2 instance. This can be helpful if the administrator no longer has the SSH key.

    " - } - } - }, - "RestoreServerResponse":{ - "type":"structure", - "members":{ - "Server":{"shape":"Server"} - } - }, - "Server":{ - "type":"structure", - "members":{ - "AssociatePublicIpAddress":{ - "shape":"Boolean", - "documentation":"

    Associate a public IP address with a server that you are launching.

    " - }, - "BackupRetentionCount":{ - "shape":"Integer", - "documentation":"

    The number of automated backups to keep.

    " - }, - "ServerName":{ - "shape":"String", - "documentation":"

    The name of the server.

    " - }, - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"

    Time stamp of server creation. Example 2016-07-29T13:38:47.520Z

    " - }, - "CloudFormationStackArn":{ - "shape":"String", - "documentation":"

    The ARN of the CloudFormation stack that was used to create the server.

    " - }, - "CustomDomain":{ - "shape":"CustomDomain", - "documentation":"

    An optional public endpoint of a server, such as https://aws.my-company.com. You cannot access the server by using the Endpoint value if the server has a CustomDomain specified.

    " - }, - "DisableAutomatedBackup":{ - "shape":"Boolean", - "documentation":"

    Disables automated backups. The number of stored backups is dependent on the value of PreferredBackupCount.

    " - }, - "Endpoint":{ - "shape":"String", - "documentation":"

    A DNS name that can be used to access the engine. Example: myserver-asdfghjkl.us-east-1.opsworks.io. You cannot access the server by using the Endpoint value if the server has a CustomDomain specified.

    " - }, - "Engine":{ - "shape":"String", - "documentation":"

    The engine type of the server. Valid values in this release include ChefAutomate and Puppet.

    " - }, - "EngineModel":{ - "shape":"String", - "documentation":"

    The engine model of the server. Valid values in this release include Monolithic for Puppet and Single for Chef.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    The response of a createServer() request returns the master credential to access the server in EngineAttributes. These credentials are not stored by AWS OpsWorks CM; they are returned only as part of the result of createServer().

    Attributes returned in a createServer response for Chef

    • CHEF_AUTOMATE_PIVOTAL_KEY: A base64-encoded RSA private key that is generated by AWS OpsWorks for Chef Automate. This private key is required to access the Chef API.

    • CHEF_STARTER_KIT: A base64-encoded ZIP file. The ZIP file contains a Chef starter kit, which includes a README, a configuration file, and the required RSA private key. Save this file, unzip it, and then change to the directory where you've unzipped the file contents. From this directory, you can run Knife commands.

    Attributes returned in a createServer response for Puppet

    • PUPPET_STARTER_KIT: A base64-encoded ZIP file. The ZIP file contains a Puppet starter kit, including a README and a required private key. Save this file, unzip it, and then change to the directory where you've unzipped the file contents.

    • PUPPET_ADMIN_PASSWORD: An administrator password that you can use to sign in to the Puppet Enterprise console after the server is online.

    " - }, - "EngineVersion":{ - "shape":"String", - "documentation":"

    The engine version of the server. For a Chef server, the valid value for EngineVersion is currently 2. For a Puppet server, specify either 2019 or 2017.

    " - }, - "InstanceProfileArn":{ - "shape":"String", - "documentation":"

    The instance profile ARN of the server.

    " - }, - "InstanceType":{ - "shape":"String", - "documentation":"

    The instance type for the server, as specified in the CloudFormation stack. This might not be the same instance type that is shown in the EC2 console.

    " - }, - "KeyPair":{ - "shape":"String", - "documentation":"

    The key pair associated with the server.

    " - }, - "MaintenanceStatus":{ - "shape":"MaintenanceStatus", - "documentation":"

    The status of the most recent server maintenance run. Shows SUCCESS or FAILED.

    " - }, - "PreferredMaintenanceWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The preferred maintenance period specified for the server.

    " - }, - "PreferredBackupWindow":{ - "shape":"TimeWindowDefinition", - "documentation":"

    The preferred backup period specified for the server.

    " - }, - "SecurityGroupIds":{ - "shape":"Strings", - "documentation":"

    The security group IDs for the server, as specified in the CloudFormation stack. These might not be the same security groups that are shown in the EC2 console.

    " - }, - "ServiceRoleArn":{ - "shape":"String", - "documentation":"

    The service role ARN used to create the server.

    " - }, - "Status":{ - "shape":"ServerStatus", - "documentation":"

    The server's status. This field displays the states of actions in progress, such as creating, running, or backing up the server, as well as the server's health state.

    " - }, - "StatusReason":{ - "shape":"String", - "documentation":"

    Depending on the server status, this field has either a human-readable message (such as a create or backup error), or an escaped block of JSON (used for health check results).

    " - }, - "SubnetIds":{ - "shape":"Strings", - "documentation":"

    The subnet IDs specified in a CreateServer request.

    " - }, - "ServerArn":{ - "shape":"String", - "documentation":"

    The ARN of the server.

    " - } - }, - "documentation":"

    Describes a configuration management server.

    " - }, - "ServerEvent":{ - "type":"structure", - "members":{ - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"

    The time when the event occurred.

    " - }, - "ServerName":{ - "shape":"String", - "documentation":"

    The name of the server on or for which the event occurred.

    " - }, - "Message":{ - "shape":"String", - "documentation":"

    A human-readable informational or status message.

    " - }, - "LogUrl":{ - "shape":"String", - "documentation":"

    The Amazon S3 URL of the event's log file.

    " - } - }, - "documentation":"

    An event that is related to the server, such as the start of maintenance or backup.

    " - }, - "ServerEvents":{ - "type":"list", - "member":{"shape":"ServerEvent"} - }, - "ServerName":{ - "type":"string", - "max":40, - "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9\\-]*" - }, - "ServerStatus":{ - "type":"string", - "enum":[ - "BACKING_UP", - "CONNECTION_LOST", - "CREATING", - "DELETING", - "MODIFYING", - "FAILED", - "HEALTHY", - "RUNNING", - "RESTORING", - "SETUP", - "UNDER_MAINTENANCE", - "UNHEALTHY", - "TERMINATED" - ] - }, - "Servers":{ - "type":"list", - "member":{"shape":"Server"} - }, - "ServiceRoleArn":{ - "type":"string", - "max":10000, - "pattern":"arn:aws:iam::[0-9]{12}:role/.*" - }, - "StartMaintenanceRequest":{ - "type":"structure", - "required":["ServerName"], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server on which to run maintenance.

    " - }, - "EngineAttributes":{ - "shape":"EngineAttributes", - "documentation":"

    Engine attributes that are specific to the server on which you want to run maintenance.

    Attributes accepted in a StartMaintenance request for Chef

    " - } - } - }, - "StartMaintenanceResponse":{ - "type":"structure", - "members":{ - "Server":{ - "shape":"Server", - "documentation":"

    Contains the response to a StartMaintenance request.

    " - } - } - }, - "String":{ - "type":"string", - "max":10000, - "pattern":"(?s).*" - }, - "Strings":{ - "type":"list", - "member":{"shape":"String"} - }, - "Tag":{ - "type":"structure", - "required":[ - "Key", - "Value" - ], - "members":{ - "Key":{ - "shape":"TagKey", - "documentation":"

    A tag key, such as Stage or Name. A tag key cannot be empty. The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    " - }, - "Value":{ - "shape":"TagValue", - "documentation":"

    An optional tag value, such as Production or test-owcm-server. The value can be a maximum of 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    " - } - }, - "documentation":"

    A map that contains tag keys and tag values to attach to an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server. Leading and trailing white spaces are trimmed from both the key and value. A maximum of 50 user-applied tags is allowed for tag-supported AWS OpsWorks-CM resources.

    " - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":200, - "min":0 - }, - "TagList":{ - "type":"list", - "member":{"shape":"Tag"}, - "max":200, - "min":0 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "Tags" - ], - "members":{ - "ResourceArn":{ - "shape":"AWSOpsWorksCMResourceArn", - "documentation":"

    The Amazon Resource Number (ARN) of a resource to which you want to apply tags. For example, arn:aws:opsworks-cm:us-west-2:123456789012:server/test-owcm-server/EXAMPLE-66b0-4196-8274-d1a2bEXAMPLE.

    " - }, - "Tags":{ - "shape":"TagList", - "documentation":"

    A map that contains tag keys and tag values to attach to AWS OpsWorks-CM servers or backups.

    • The key cannot be empty.

    • The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

    • Leading and trailing white spaces are trimmed from both the key and value.

    • A maximum of 50 user-applied tags is allowed for any AWS OpsWorks-CM server or backup.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - }, - "TimeWindowDefinition":{ - "type":"string", - "documentation":"

    DDD:HH:MM (weekly start time) or HH:MM (daily start time).

    Time windows always use coordinated universal time (UTC). Valid strings for day of week (DDD) are: Mon, Tue, Wed, Thr, Fri, Sat, or Sun.

    ", - "max":10000, - "pattern":"^((Mon|Tue|Wed|Thu|Fri|Sat|Sun):)?([0-1][0-9]|2[0-3]):[0-5][0-9]$" - }, - "Timestamp":{"type":"timestamp"}, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "TagKeys" - ], - "members":{ - "ResourceArn":{ - "shape":"AWSOpsWorksCMResourceArn", - "documentation":"

    The Amazon Resource Number (ARN) of a resource from which you want to remove tags. For example, arn:aws:opsworks-cm:us-west-2:123456789012:server/test-owcm-server/EXAMPLE-66b0-4196-8274-d1a2bEXAMPLE.

    " - }, - "TagKeys":{ - "shape":"TagKeyList", - "documentation":"

    The keys of tags that you want to remove.

    " - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateServerEngineAttributesRequest":{ - "type":"structure", - "required":[ - "ServerName", - "AttributeName" - ], - "members":{ - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server to update.

    " - }, - "AttributeName":{ - "shape":"AttributeName", - "documentation":"

    The name of the engine attribute to update.

    " - }, - "AttributeValue":{ - "shape":"AttributeValue", - "documentation":"

    The value to set for the attribute.

    " - } - } - }, - "UpdateServerEngineAttributesResponse":{ - "type":"structure", - "members":{ - "Server":{ - "shape":"Server", - "documentation":"

    Contains the response to an UpdateServerEngineAttributes request.

    " - } - } - }, - "UpdateServerRequest":{ - "type":"structure", - "required":["ServerName"], - "members":{ - "DisableAutomatedBackup":{ - "shape":"Boolean", - "documentation":"

    Setting DisableAutomatedBackup to true disables automated or scheduled backups. Automated backups are enabled by default.

    " - }, - "BackupRetentionCount":{ - "shape":"Integer", - "documentation":"

    Sets the number of automated backups that you want to keep.

    " - }, - "ServerName":{ - "shape":"ServerName", - "documentation":"

    The name of the server to update.

    " - }, - "PreferredMaintenanceWindow":{"shape":"TimeWindowDefinition"}, - "PreferredBackupWindow":{"shape":"TimeWindowDefinition"} - } - }, - "UpdateServerResponse":{ - "type":"structure", - "members":{ - "Server":{ - "shape":"Server", - "documentation":"

    Contains the response to a UpdateServer request.

    " - } - } - }, - "ValidationException":{ - "type":"structure", - "members":{ - "Message":{ - "shape":"String", - "documentation":"

    Error or informational message that can contain more detail about a validation failure.

    " - } - }, - "documentation":"

    One or more of the provided request parameters are not valid.

    ", - "exception":true - } - }, - "documentation":"AWS OpsWorks CM

    AWS OpsWorks for configuration management (CM) is a service that runs and manages configuration management servers. You can use AWS OpsWorks CM to create and manage AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet Enterprise servers, and add or remove nodes for the servers to manage.

    Glossary of terms

    • Server: A configuration management server that can be highly-available. The configuration management server runs on an Amazon Elastic Compute Cloud (EC2) instance, and may use various other AWS services, such as Amazon Relational Database Service (RDS) and Elastic Load Balancing. A server is a generic abstraction over the configuration manager that you want to use, much like Amazon RDS. In AWS OpsWorks CM, you do not start or stop servers. After you create servers, they continue to run until they are deleted.

    • Engine: The engine is the specific configuration manager that you want to use. Valid values in this release include ChefAutomate and Puppet.

    • Backup: This is an application-level backup of the data that the configuration manager stores. AWS OpsWorks CM creates an S3 bucket for backups when you launch the first server. A backup maintains a snapshot of a server's configuration-related attributes at the time the backup starts.

    • Events: Events are always related to a server. Events are written during server creation, when health checks run, when backups are created, when system maintenance is performed, etc. When you delete a server, the server's events are also deleted.

    • Account attributes: Every account has attributes that are assigned in the AWS OpsWorks CM database. These attributes store information about configuration limits (servers, backups, etc.) and your customer account.

    Endpoints

    AWS OpsWorks CM supports the following endpoints, all HTTPS. You must connect to one of the following endpoints. Your servers can only be accessed or managed within the endpoint in which they are created.

    • opsworks-cm.us-east-1.amazonaws.com

    • opsworks-cm.us-east-2.amazonaws.com

    • opsworks-cm.us-west-1.amazonaws.com

    • opsworks-cm.us-west-2.amazonaws.com

    • opsworks-cm.ap-northeast-1.amazonaws.com

    • opsworks-cm.ap-southeast-1.amazonaws.com

    • opsworks-cm.ap-southeast-2.amazonaws.com

    • opsworks-cm.eu-central-1.amazonaws.com

    • opsworks-cm.eu-west-1.amazonaws.com

    For more information, see AWS OpsWorks endpoints and quotas in the AWS General Reference.

    Throttling limits

    All API operations allow for five requests per second with a burst of 10 requests per second.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/waiters-2.json 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/waiters-2.json --- 2.23.6-1/awscli/botocore/data/opsworkscm/2016-11-01/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/opsworkscm/2016-11-01/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -{ - "version": 2, - "waiters": { - "NodeAssociated": { - "delay": 15, - "maxAttempts": 15, - "operation": "DescribeNodeAssociationStatus", - "description": "Wait until node is associated or disassociated.", - "acceptors": [ - { - "expected": "SUCCESS", - "state": "success", - "matcher": "path", - "argument": "NodeAssociationStatus" - }, - { - "expected": "FAILED", - "state": "failure", - "matcher": "path", - "argument": "NodeAssociationStatus" - } - ] - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.json 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -94,6 +94,18 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "DelegatedServices" + }, + "ListAccountsWithInvalidEffectivePolicy": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "Accounts" + }, + "ListEffectivePolicyValidationErrors": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "EffectivePolicyValidationErrors" } } } diff -pruN 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,20 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "ListAccountsWithInvalidEffectivePolicy": { + "non_aggregate_keys": [ + "PolicyType" + ] + }, + "ListEffectivePolicyValidationErrors": { + "non_aggregate_keys": [ + "PolicyType", + "AccountId", + "EvaluationTimestamp", + "Path" + ] + } + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/service-2.json 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/organizations/2016-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/organizations/2016-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -60,7 +60,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

    Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "CancelHandshake":{ "name":"CancelHandshake", @@ -208,7 +208,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.

    For more information about policies and their use, see Managing Organizations policies.

    If the request includes tags, then the requester must have the organizations:TagResource permission.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.

    For more information about policies and their use, see Managing Organizations policies.

    If the request includes tags, then the requester must have the organizations:TagResource permission.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DeclineHandshake":{ "name":"DeclineHandshake", @@ -284,7 +284,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DeleteResourcePolicy":{ "name":"DeleteResourcePolicy", @@ -302,7 +302,7 @@ {"shape":"AWSOrganizationsNotInUseException"}, {"shape":"ResourcePolicyNotFoundException"} ], - "documentation":"

    Deletes the resource policy from your organization.

    You can only call this operation from the organization's management account.

    " + "documentation":"

    Deletes the resource policy from your organization.

    This operation can be called only from the organization's management account.

    " }, "DeregisterDelegatedAdministrator":{ "name":"DeregisterDelegatedAdministrator", @@ -341,7 +341,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves Organizations-related information about the specified account.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves Organizations-related information about the specified account.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DescribeCreateAccountStatus":{ "name":"DescribeCreateAccountStatus", @@ -360,7 +360,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Retrieves the current status of an asynchronous request to create an account.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves the current status of an asynchronous request to create an account.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DescribeEffectivePolicy":{ "name":"DescribeEffectivePolicy", @@ -433,7 +433,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves information about an organizational unit (OU).

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves information about an organizational unit (OU).

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DescribePolicy":{ "name":"DescribePolicy", @@ -452,7 +452,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Retrieves information about a policy.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves information about a policy.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DescribeResourcePolicy":{ "name":"DescribeResourcePolicy", @@ -470,7 +470,7 @@ {"shape":"ResourcePolicyNotFoundException"}, {"shape":"ConstraintViolationException"} ], - "documentation":"

    Retrieves information about a resource policy.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves information about a resource policy.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DetachPolicy":{ "name":"DetachPolicy", @@ -493,7 +493,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

    Detaches a policy from a target root, organizational unit (OU), or account.

    If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.

    Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Detaches a policy from a target root, organizational unit (OU), or account.

    If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.

    Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "DisableAWSServiceAccess":{ "name":"DisableAWSServiceAccess", @@ -535,7 +535,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

    Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.

    This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    To view the status of available policy types in the organization, use DescribeOrganization.

    " + "documentation":"

    Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.

    This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    To view the status of available policy types in the organization, use ListRoots.

    " }, "EnableAWSServiceAccess":{ "name":"EnableAWSServiceAccess", @@ -554,7 +554,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Provides an Amazon Web Services service (the service that is specified by ServicePrincipal) with permissions to view the structure of an organization, create a service-linked role in all the accounts in the organization, and allow the service to perform operations on behalf of the organization and its accounts. Establishing these permissions can be a first step in enabling the integration of an Amazon Web Services service with Organizations.

    We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.

    For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.

    You can only call this operation from the organization's management account and only if the organization has enabled all features.

    " + "documentation":"

    Provides an Amazon Web Services service (the service that is specified by ServicePrincipal) with permissions to view the structure of an organization, create a service-linked role in all the accounts in the organization, and allow the service to perform operations on behalf of the organization and its accounts. Establishing these permissions can be a first step in enabling the integration of an Amazon Web Services service with Organizations.

    We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.

    For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.

    This operation can be called only from the organization's management account.

    " }, "EnableAllFeatures":{ "name":"EnableAllFeatures", @@ -598,7 +598,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

    Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.

    This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.

    " + "documentation":"

    Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.

    This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use ListRoots.

    " }, "InviteAccountToOrganization":{ "name":"InviteAccountToOrganization", @@ -621,7 +621,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.

    • You can invite Amazon Web Services accounts only from the same seller as the management account. For example, if your organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an Amazon Web Services seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and Amazon Web Services or from any other Amazon Web Services seller. For more information, see Consolidated billing in India.

    • If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.

    If the request includes tags, then the requester must have the organizations:TagResource permission.

    This operation can be called only from the organization's management account.

    " + "documentation":"

    Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.

    If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.

    If the request includes tags, then the requester must have the organizations:TagResource permission.

    This operation can be called only from the organization's management account.

    " }, "LeaveOrganization":{ "name":"LeaveOrganization", @@ -640,7 +640,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.

    This operation can be called only from a member account in the organization.

    • The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.

    • You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.

      • Choose a support plan

      • Provide and verify the required contact information

      • Provide a current payment method

      Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.

    • You can leave an organization only after you enable IAM user access to billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide.

    • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.

    • A newly created account has a waiting period before it can be removed from its organization. You must wait until at least seven days after the account was created. Invited accounts aren't subject to this waiting period.

    • If you are using an organization principal to call LeaveOrganization across multiple accounts, you can only do this up to 5 accounts per second in a single organization.

    " + "documentation":"

    Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.

    This operation can be called only from a member account in the organization.

    • The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.

    • You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.

      • Choose a support plan

      • Provide and verify the required contact information

      • Provide a current payment method

      Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.

    • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.

    • A newly created account has a waiting period before it can be removed from its organization. You must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.

    • If you are using an organization principal to call LeaveOrganization across multiple accounts, you can only do this up to 5 accounts per second in a single organization.

    " }, "ListAWSServiceAccessForOrganization":{ "name":"ListAWSServiceAccessForOrganization", @@ -659,7 +659,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.

    For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.

    For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListAccounts":{ "name":"ListAccounts", @@ -676,7 +676,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListAccountsForParent":{ "name":"ListAccountsForParent", @@ -694,7 +694,27 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " + }, + "ListAccountsWithInvalidEffectivePolicy":{ + "name":"ListAccountsWithInvalidEffectivePolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAccountsWithInvalidEffectivePolicyRequest"}, + "output":{"shape":"ListAccountsWithInvalidEffectivePolicyResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"EffectivePolicyNotFoundException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InvalidInputException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"

    Lists all the accounts in an organization that have invalid effective policies. An invalid effective policy is an effective policy that fails validation checks, resulting in the effective policy not being fully enforced on all the intended accounts within an organization.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListChildren":{ "name":"ListChildren", @@ -712,7 +732,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListCreateAccountStatus":{ "name":"ListCreateAccountStatus", @@ -730,7 +750,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Lists the account creation requests that match the specified status that is currently being tracked for the organization.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the account creation requests that match the specified status that is currently being tracked for the organization.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListDelegatedAdministrators":{ "name":"ListDelegatedAdministrators", @@ -749,7 +769,7 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListDelegatedServicesForAccount":{ "name":"ListDelegatedServicesForAccount", @@ -770,7 +790,28 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    List the Amazon Web Services services for which the specified account is a delegated administrator.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    List the Amazon Web Services services for which the specified account is a delegated administrator.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " + }, + "ListEffectivePolicyValidationErrors":{ + "name":"ListEffectivePolicyValidationErrors", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListEffectivePolicyValidationErrorsRequest"}, + "output":{"shape":"ListEffectivePolicyValidationErrorsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"EffectivePolicyNotFoundException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"AccountNotFoundException"}, + {"shape":"InvalidInputException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"

    Lists all the validation errors on an effective policy for a specified account and policy type.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListHandshakesForAccount":{ "name":"ListHandshakesForAccount", @@ -805,7 +846,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the handshakes that are associated with the organization that the requesting user is part of. The ListHandshakesForOrganization operation returns a list of handshake structures. Each structure contains details and status about a handshake.

    Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the handshakes that are associated with the organization that the requesting user is part of. The ListHandshakesForOrganization operation returns a list of handshake structures. Each structure contains details and status about a handshake.

    Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListOrganizationalUnitsForParent":{ "name":"ListOrganizationalUnitsForParent", @@ -823,7 +864,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the organizational units (OUs) in a parent organizational unit or root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the organizational units (OUs) in a parent organizational unit or root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListParents":{ "name":"ListParents", @@ -841,7 +882,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    In the current release, a child can have only a single parent.

    " + "documentation":"

    Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    In the current release, a child can have only a single parent.

    " }, "ListPolicies":{ "name":"ListPolicies", @@ -859,7 +900,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Retrieves the list of all policies in an organization of a specified type.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Retrieves the list of all policies in an organization of a specified type.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListPoliciesForTarget":{ "name":"ListPoliciesForTarget", @@ -878,7 +919,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListRoots":{ "name":"ListRoots", @@ -895,7 +936,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the roots that are defined in the current organization.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.

    " + "documentation":"

    Lists the roots that are defined in the current organization.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -913,7 +954,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists tags that are attached to the specified resource.

    You can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists tags that are attached to the specified resource.

    You can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "ListTargetsForPolicy":{ "name":"ListTargetsForPolicy", @@ -932,7 +973,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"

    Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.

    Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "MoveAccount":{ "name":"MoveAccount", @@ -973,7 +1014,7 @@ {"shape":"ConstraintViolationException"}, {"shape":"AWSOrganizationsNotInUseException"} ], - "documentation":"

    Creates or updates a resource policy.

    You can only call this operation from the organization's management account.

    " + "documentation":"

    Creates or updates a resource policy.

    This operation can be called only from the organization's management account..

    " }, "RegisterDelegatedAdministrator":{ "name":"RegisterDelegatedAdministrator", @@ -1033,7 +1074,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Adds one or more tags to the specified resource.

    Currently, you can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Adds one or more tags to the specified resource.

    Currently, you can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "UntagResource":{ "name":"UntagResource", @@ -1052,7 +1093,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Removes any tags with the specified keys from the specified resource.

    You can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Removes any tags with the specified keys from the specified resource.

    You can attach tags to the following resources in Organizations.

    • Amazon Web Services account

    • Organization root

    • Organizational unit (OU)

    • Policy (any type)

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " }, "UpdateOrganizationalUnit":{ "name":"UpdateOrganizationalUnit", @@ -1096,7 +1137,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"

    Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

    " + "documentation":"

    Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.

    This operation can be called only from the organization's management account or by a member account that is a delegated administrator.

    " } }, "shapes":{ @@ -1169,7 +1210,11 @@ }, "Status":{ "shape":"AccountStatus", - "documentation":"

    The status of the account in the organization.

    " + "documentation":"

    The status of the account in the organization.

    The Status parameter in the Account object will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.

    " + }, + "State":{ + "shape":"AccountState", + "documentation":"

    Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes.

    For more information about account states and their implications, see Monitor the state of your Amazon Web Services accounts in the Organizations User Guide.

    " }, "JoinedMethod":{ "shape":"AccountJoinedMethod", @@ -1245,6 +1290,16 @@ "documentation":"

    You can't invite an existing account to your organization until you verify that you own the email address associated with the management account. For more information, see Email address verification in the Organizations User Guide.

    ", "exception":true }, + "AccountState":{ + "type":"string", + "enum":[ + "PENDING_ACTIVATION", + "ACTIVE", + "SUSPENDED", + "PENDING_CLOSURE", + "CLOSED" + ] + }, "AccountStatus":{ "type":"string", "enum":[ @@ -1381,7 +1436,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"ConstraintViolationExceptionReason"} }, - "documentation":"

    Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:

    Some of the reasons in the following list might not be applicable to this specific API or operation.

    • ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.

    • ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.

    • ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.

    • ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You must complete the account setup before you create an organization.

    • ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.

      Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.

      Deleted and closed accounts still count toward your limit.

      If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.

    • ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED: Your organization has more than 5000 accounts, and you can only use the standard migration process for organizations with less than 5000 accounts. Use the assisted migration process to enable all features mode, or create a support case for assistance if you are unable to use assisted migration.

    • CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as a delegated administrator.

    • CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.

    • CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.​

    • CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.

    • CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.

    • CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time. ​

    • CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.

    • DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.

    • EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.

    • HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.

    • INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.

    • MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. All accounts in an organization must be associated with the same marketplace.

    • MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.

    • MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.

    • MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.

    • MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.

    • MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.

    • MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.

    • MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.

    • ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.

    • OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.

    • OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.

    • POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.

    • POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.

    • SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.

    • TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.

    • WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. Invited accounts aren't subject to this waiting period.

    ", + "documentation":"

    Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:

    Some of the reasons in the following list might not be applicable to this specific API or operation.

    • ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.

    • ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.

    • ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.

    • ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You must complete the account setup before you create an organization.

    • ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.

      Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.

      Deleted and closed accounts still count toward your limit.

      If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.

    • ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED: Your organization has more than 5000 accounts, and you can only use the standard migration process for organizations with less than 5000 accounts. Use the assisted migration process to enable all features mode, or create a support case for assistance if you are unable to use assisted migration.

    • CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as a delegated administrator.

    • CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.

    • CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.​

    • CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.

    • CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.

    • CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time. ​

    • CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.

    • DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.

    • EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.

    • HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.

    • INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.

    • MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. All accounts in an organization must be associated with the same marketplace.

    • MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.

    • MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.

    • MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.

    • MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.

    • MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.

    • MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.

    • MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.

    • MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.

    • ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.

    • OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.

    • OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.

    • POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.

    • POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.

    • POLICY_TYPE_ENABLED_FOR_THIS_SERVICE: You attempted to disable service access before you disabled the policy type (for example, SECURITYHUB_POLICY). To complete this operation, you must first disable the policy type.

    • SERVICE_ACCESS_NOT_ENABLED:

      • You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.

      • You attempted to enable a policy type before you enabled service access. Call the EnableAWSServiceAccess API first.

    • TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.

    • WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.

    ", "exception":true }, "ConstraintViolationExceptionReason":{ @@ -1414,6 +1469,7 @@ "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR", "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG", "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE", + "POLICY_TYPE_ENABLED_FOR_THIS_SERVICE", "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE", "CANNOT_CLOSE_MANAGEMENT_ACCOUNT", "CLOSE_ACCOUNT_QUOTA_EXCEEDED", @@ -1663,7 +1719,7 @@ }, "Type":{ "shape":"PolicyType", - "documentation":"

    The type of policy to create. You can specify one of the following values:

    " + "documentation":"

    The type of policy to create. You can specify one of the following values:

    " }, "Tags":{ "shape":"Tags", @@ -1722,6 +1778,10 @@ "shape":"AccountStatus", "documentation":"

    The status of the delegated administrator's account in the organization.

    " }, + "State":{ + "shape":"AccountState", + "documentation":"

    Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes.

    For more information about account states and their implications, see Monitor the state of your Amazon Web Services accounts in the Organizations User Guide.

    " + }, "JoinedMethod":{ "shape":"AccountJoinedMethod", "documentation":"

    The method by which the delegated administrator's account joined the organization.

    " @@ -1811,7 +1871,7 @@ "members":{ "Account":{ "shape":"Account", - "documentation":"

    A structure that contains information about the requested account.

    " + "documentation":"

    A structure that contains information about the requested account.

    The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.

    " } } }, @@ -1840,7 +1900,7 @@ "members":{ "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"

    The type of policy that you want information about. You can specify one of the following values:

    " + "documentation":"

    The type of policy that you want information about. You can specify one of the following values:

    " }, "TargetId":{ "shape":"PolicyTargetId", @@ -1980,7 +2040,7 @@ }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

    The policy type that you want to disable in this root. You can specify one of the following values:

    " + "documentation":"

    The policy type that you want to disable in this root. You can specify one of the following values:

    " } } }, @@ -2070,9 +2130,36 @@ "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", - "DECLARATIVE_POLICY_EC2" + "DECLARATIVE_POLICY_EC2", + "SECURITYHUB_POLICY" ] }, + "EffectivePolicyValidationError":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    The error code for the validation error. For example, ELEMENTS_TOO_MANY.

    " + }, + "ErrorMessage":{ + "shape":"ErrorMessage", + "documentation":"

    The error message for the validation error.

    " + }, + "PathToError":{ + "shape":"PathToError", + "documentation":"

    The path within the effective policy where the validation error occurred.

    " + }, + "ContributingPolicies":{ + "shape":"PolicyIds", + "documentation":"

    The individual policies inherited and attached to the account which contributed to the validation error.

    " + } + }, + "documentation":"

    Contains details about the validation errors that occurred when generating or enforcing an effective policy, such as which policies contributed to the error and location of the error.

    " + }, + "EffectivePolicyValidationErrors":{ + "type":"list", + "member":{"shape":"EffectivePolicyValidationError"} + }, "Email":{ "type":"string", "max":64, @@ -2092,8 +2179,7 @@ }, "EnableAllFeaturesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableAllFeaturesResponse":{ "type":"structure", @@ -2117,7 +2203,7 @@ }, "PolicyType":{ "shape":"PolicyType", - "documentation":"

    The policy type that you want to enable. You can specify one of the following values:

    " + "documentation":"

    The policy type that you want to enable. You can specify one of the following values:

    " } } }, @@ -2148,6 +2234,8 @@ "type":"list", "member":{"shape":"EnabledServicePrincipal"} }, + "ErrorCode":{"type":"string"}, + "ErrorMessage":{"type":"string"}, "ExceptionMessage":{"type":"string"}, "ExceptionType":{"type":"string"}, "FinalizingOrganizationException":{ @@ -2218,7 +2306,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"HandshakeConstraintViolationExceptionReason"} }, - "documentation":"

    The requested operation would violate the constraint identified in the reason code.

    Some of the reasons in the following list might not be applicable to this specific API or operation:

    • ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.

      If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.

    • ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.

    • HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.

    • INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.

    • ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.

    • ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.

    • ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.

    • ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.

    • PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.

    ", + "documentation":"

    The requested operation would violate the constraint identified in the reason code.

    Some of the reasons in the following list might not be applicable to this specific API or operation:

    • ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.

      If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.

    • ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.

    • HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.

    • INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.

    • ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.

    • ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.

    • ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization.

    • ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.

    • PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.

    ", "exception":true }, "HandshakeConstraintViolationExceptionReason":{ @@ -2495,7 +2583,7 @@ "members":{ "Accounts":{ "shape":"Accounts", - "documentation":"

    A list of the accounts in the specified root or OU.

    " + "documentation":"

    A list of the accounts in the specified root or OU.

    The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.

    " }, "NextToken":{ "shape":"NextToken", @@ -2521,7 +2609,42 @@ "members":{ "Accounts":{ "shape":"Accounts", - "documentation":"

    A list of objects in the organization.

    " + "documentation":"

    A list of objects in the organization.

    The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null.

    " + } + } + }, + "ListAccountsWithInvalidEffectivePolicyRequest":{ + "type":"structure", + "required":["PolicyType"], + "members":{ + "PolicyType":{ + "shape":"EffectivePolicyType", + "documentation":"

    The type of policy that you want information about. You can specify one of the following values:

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " + } + } + }, + "ListAccountsWithInvalidEffectivePolicyResponse":{ + "type":"structure", + "members":{ + "Accounts":{ + "shape":"Accounts", + "documentation":"

    The accounts in the organization which have an invalid effective policy for the specified policy type.

    " + }, + "PolicyType":{ + "shape":"EffectivePolicyType", + "documentation":"

    The specified policy type. One of the following values:

    " }, "NextToken":{ "shape":"NextToken", @@ -2658,6 +2781,60 @@ } } }, + "ListEffectivePolicyValidationErrorsRequest":{ + "type":"structure", + "required":[ + "AccountId", + "PolicyType" + ], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.

    " + }, + "PolicyType":{ + "shape":"EffectivePolicyType", + "documentation":"

    The type of policy that you want information about. You can specify one of the following values:

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " + } + } + }, + "ListEffectivePolicyValidationErrorsResponse":{ + "type":"structure", + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the specified account.

    " + }, + "PolicyType":{ + "shape":"EffectivePolicyType", + "documentation":"

    The specified policy type. One of the following values:

    " + }, + "Path":{ + "shape":"Path", + "documentation":"

    The path in the organization where the specified account exists.

    " + }, + "EvaluationTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The time when the latest effective policy was generated for the specified account.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null.

    " + }, + "EffectivePolicyValidationErrors":{ + "shape":"EffectivePolicyValidationErrors", + "documentation":"

    The EffectivePolicyValidationError object contains details about the validation errors that occurred when generating or enforcing an effective policy, such as which policies contributed to the error and location of the error.

    " + } + } + }, "ListHandshakesForAccountRequest":{ "type":"structure", "members":{ @@ -2793,7 +2970,7 @@ }, "Filter":{ "shape":"PolicyType", - "documentation":"

    The type of policy that you want to include in the returned list. You must specify one of the following values:

    " + "documentation":"

    The type of policy that you want to include in the returned list. You must specify one of the following values:

    " }, "NextToken":{ "shape":"NextToken", @@ -2824,7 +3001,7 @@ "members":{ "Filter":{ "shape":"PolicyType", - "documentation":"

    Specifies the type of policy that you want to include in the response. You must specify one of the following values:

    " + "documentation":"

    Specifies the type of policy that you want to include in the response. You must specify one of the following values:

    " }, "NextToken":{ "shape":"NextToken", @@ -3130,6 +3307,11 @@ "type":"list", "member":{"shape":"Parent"} }, + "Path":{ + "type":"string", + "pattern":"^(o-[a-z0-9]{10,32}\\/r-[0-9a-z]{4,32}(\\/ou\\-[0-9a-z]{4,32}-[a-z0-9]{8,32})*(\\/\\d{12})*)\\/" + }, + "PathToError":{"type":"string"}, "Policies":{ "type":"list", "member":{"shape":"PolicySummary"} @@ -3175,6 +3357,10 @@ "max":130, "pattern":"^p-[0-9a-zA-Z_]{8,128}$" }, + "PolicyIds":{ + "type":"list", + "member":{"shape":"PolicyId"} + }, "PolicyInUseException":{ "type":"structure", "members":{ @@ -3275,7 +3461,8 @@ "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY", "CHATBOT_POLICY", - "DECLARATIVE_POLICY_EC2" + "DECLARATIVE_POLICY_EC2", + "SECURITYHUB_POLICY" ] }, "PolicyTypeAlreadyEnabledException":{ @@ -3676,5 +3863,5 @@ } } }, - "documentation":"

    Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.

    This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.

    Support and feedback for Organizations

    We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services support forums, see Forums Help.

    Endpoint to call When using the CLI or the Amazon Web Services SDK

    For the current release of Organizations, specify the us-east-1 region for all Amazon Web Services API and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the Amazon Web Services Regions in China, then specify cn-northwest-1. You can do this in the CLI by using these parameters and commands:

    • Use the following parameter with each command to specify both the endpoint and its region:

      --endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial Amazon Web Services Regions outside of China)

      or

      --endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn (from Amazon Web Services Regions in China)

    • Use the default endpoint, but configure your default region with this command:

      aws configure set default.region us-east-1 (from commercial Amazon Web Services Regions outside of China)

      or

      aws configure set default.region cn-northwest-1 (from Amazon Web Services Regions in China)

    • Use the following parameter with each command to specify the endpoint:

      --region us-east-1 (from commercial Amazon Web Services Regions outside of China)

      or

      --region cn-northwest-1 (from Amazon Web Services Regions in China)

    Recording API Requests

    Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    " + "documentation":"

    Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.

    This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.

    Support and feedback for Organizations

    We welcome your feedback. You can post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services Support forums, see Forums Help.

    Endpoint to call When using the CLI or the Amazon Web Services SDK

    For the current release of Organizations, specify the us-east-1 region for all Amazon Web Services API and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the Amazon Web Services Regions in China, then specify cn-northwest-1. You can do this in the CLI by using these parameters and commands:

    • Use the following parameter with each command to specify both the endpoint and its region:

      --endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial Amazon Web Services Regions outside of China)

      or

      --endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn (from Amazon Web Services Regions in China)

    • Use the default endpoint, but configure your default region with this command:

      aws configure set default.region us-east-1 (from commercial Amazon Web Services Regions outside of China)

      or

      aws configure set default.region cn-northwest-1 (from Amazon Web Services Regions in China)

    • Use the following parameter with each command to specify the endpoint:

      --region us-east-1 (from commercial Amazon Web Services Regions outside of China)

      or

      --region cn-northwest-1 (from Amazon Web Services Regions in China)

    Recording API Requests

    Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/osis/2022-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/osis/2022-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/osis/2022-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/osis/2022-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/osis/2022-01-01/paginators-1.json 2.31.35-1/awscli/botocore/data/osis/2022-01-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/osis/2022-01-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/osis/2022-01-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,16 @@ { - "pagination": {} + "pagination": { + "ListPipelineEndpointConnections": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "PipelineEndpointConnections" + }, + "ListPipelineEndpoints": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "PipelineEndpoints" + } + } } diff -pruN 2.23.6-1/awscli/botocore/data/osis/2022-01-01/service-2.json 2.31.35-1/awscli/botocore/data/osis/2022-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/osis/2022-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/osis/2022-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -31,6 +31,24 @@ ], "documentation":"

    Creates an OpenSearch Ingestion pipeline. For more information, see Creating Amazon OpenSearch Ingestion pipelines.

    " }, + "CreatePipelineEndpoint":{ + "name":"CreatePipelineEndpoint", + "http":{ + "method":"POST", + "requestUri":"/2022-01-01/osis/createPipelineEndpoint" + }, + "input":{"shape":"CreatePipelineEndpointRequest"}, + "output":{"shape":"CreatePipelineEndpointResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Creates a VPC endpoint for an OpenSearch Ingestion pipeline. Pipeline endpoints allow you to ingest data from your VPC into pipelines that you have access to.

    " + }, "DeletePipeline":{ "name":"DeletePipeline", "http":{ @@ -49,6 +67,42 @@ ], "documentation":"

    Deletes an OpenSearch Ingestion pipeline. For more information, see Deleting Amazon OpenSearch Ingestion pipelines.

    " }, + "DeletePipelineEndpoint":{ + "name":"DeletePipelineEndpoint", + "http":{ + "method":"DELETE", + "requestUri":"/2022-01-01/osis/deletePipelineEndpoint/{EndpointId}" + }, + "input":{"shape":"DeletePipelineEndpointRequest"}, + "output":{"shape":"DeletePipelineEndpointResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes a VPC endpoint for an OpenSearch Ingestion pipeline.

    ", + "idempotent":true + }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy", + "http":{ + "method":"DELETE", + "requestUri":"/2022-01-01/osis/resourcePolicy/{ResourceArn}" + }, + "input":{"shape":"DeleteResourcePolicyRequest"}, + "output":{"shape":"DeleteResourcePolicyResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes a resource-based policy from an OpenSearch Ingestion resource.

    ", + "idempotent":true + }, "GetPipeline":{ "name":"GetPipeline", "http":{ @@ -100,6 +154,24 @@ ], "documentation":"

    Returns progress information for the current change happening on an OpenSearch Ingestion pipeline. Currently, this operation only returns information when a pipeline is being created.

    For more information, see Tracking the status of pipeline creation.

    " }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"GET", + "requestUri":"/2022-01-01/osis/resourcePolicy/{ResourceArn}" + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves the resource-based policy attached to an OpenSearch Ingestion resource.

    " + }, "ListPipelineBlueprints":{ "name":"ListPipelineBlueprints", "http":{ @@ -117,6 +189,40 @@ ], "documentation":"

    Retrieves a list of all available blueprints for Data Prepper. For more information, see Using blueprints to create a pipeline.

    " }, + "ListPipelineEndpointConnections":{ + "name":"ListPipelineEndpointConnections", + "http":{ + "method":"GET", + "requestUri":"/2022-01-01/osis/listPipelineEndpointConnections" + }, + "input":{"shape":"ListPipelineEndpointConnectionsRequest"}, + "output":{"shape":"ListPipelineEndpointConnectionsResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists the pipeline endpoints connected to pipelines in your account.

    " + }, + "ListPipelineEndpoints":{ + "name":"ListPipelineEndpoints", + "http":{ + "method":"GET", + "requestUri":"/2022-01-01/osis/listPipelineEndpoints" + }, + "input":{"shape":"ListPipelineEndpointsRequest"}, + "output":{"shape":"ListPipelineEndpointsResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all pipeline endpoints in your account.

    " + }, "ListPipelines":{ "name":"ListPipelines", "http":{ @@ -151,6 +257,43 @@ ], "documentation":"

    Lists all resource tags associated with an OpenSearch Ingestion pipeline. For more information, see Tagging Amazon OpenSearch Ingestion pipelines.

    " }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy", + "http":{ + "method":"PUT", + "requestUri":"/2022-01-01/osis/resourcePolicy/{ResourceArn}" + }, + "input":{"shape":"PutResourcePolicyRequest"}, + "output":{"shape":"PutResourcePolicyResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Attaches a resource-based policy to an OpenSearch Ingestion resource. Resource-based policies grant permissions to principals to perform actions on the resource.

    ", + "idempotent":true + }, + "RevokePipelineEndpointConnections":{ + "name":"RevokePipelineEndpointConnections", + "http":{ + "method":"POST", + "requestUri":"/2022-01-01/osis/revokePipelineEndpointConnections" + }, + "input":{"shape":"RevokePipelineEndpointConnectionsRequest"}, + "output":{"shape":"RevokePipelineEndpointConnectionsResponse"}, + "errors":[ + {"shape":"DisabledOperationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"InternalException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Revokes pipeline endpoints from specified endpoint IDs.

    ", + "idempotent":true + }, "StartPipeline":{ "name":"StartPipeline", "http":{ @@ -260,12 +403,17 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You don't have permissions to access the resource.

    ", "error":{"httpStatusCode":403}, "exception":true }, + "AwsAccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"^\\\\d{12}$" + }, "BlueprintFormat":{ "type":"string", "pattern":"(YAML|JSON)" @@ -369,12 +517,49 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The client attempted to remove a resource that is currently in use.

    ", "error":{"httpStatusCode":409}, "exception":true }, + "CreatePipelineEndpointRequest":{ + "type":"structure", + "required":[ + "PipelineArn", + "VpcOptions" + ], + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline to create the endpoint for.

    " + }, + "VpcOptions":{ + "shape":"PipelineEndpointVpcOptions", + "documentation":"

    Container for the VPC configuration for the pipeline endpoint, including subnet IDs and security group IDs.

    " + } + } + }, + "CreatePipelineEndpointResponse":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline associated with the endpoint.

    " + }, + "EndpointId":{ + "shape":"PipelineEndpointId", + "documentation":"

    The unique identifier of the pipeline endpoint.

    " + }, + "Status":{ + "shape":"PipelineEndpointStatus", + "documentation":"

    The current status of the pipeline endpoint.

    " + }, + "VpcId":{ + "shape":"String", + "documentation":"

    The ID of the VPC where the pipeline endpoint was created.

    " + } + } + }, "CreatePipelineRequest":{ "type":"structure", "required":[ @@ -419,6 +604,10 @@ "Tags":{ "shape":"TagList", "documentation":"

    List of tags to add to the pipeline upon creation.

    " + }, + "PipelineRoleArn":{ + "shape":"PipelineRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants the pipeline permission to access Amazon Web Services resources.

    " } } }, @@ -431,6 +620,22 @@ } } }, + "DeletePipelineEndpointRequest":{ + "type":"structure", + "required":["EndpointId"], + "members":{ + "EndpointId":{ + "shape":"PipelineEndpointId", + "documentation":"

    The unique identifier of the pipeline endpoint to delete.

    ", + "location":"uri", + "locationName":"EndpointId" + } + } + }, + "DeletePipelineEndpointResponse":{ + "type":"structure", + "members":{} + }, "DeletePipelineRequest":{ "type":"structure", "required":["PipelineName"], @@ -445,13 +650,27 @@ }, "DeletePipelineResponse":{ "type":"structure", + "members":{} + }, + "DeleteResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], "members":{ + "ResourceArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource from which to delete the policy.

    ", + "location":"uri", + "locationName":"ResourceArn" + } } }, + "DeleteResourcePolicyResponse":{ + "type":"structure", + "members":{} + }, "DisabledOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Exception is thrown when an operation has been disabled.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -540,6 +759,31 @@ } } }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource for which to retrieve the policy.

    ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " + }, + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

    The resource-based policy document in JSON format.

    " + } + } + }, "IngestEndpointUrlsList":{ "type":"list", "member":{"shape":"String"} @@ -547,16 +791,14 @@ "Integer":{"type":"integer"}, "InternalException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request failed because of an unknown error, exception, or failure (the failure is internal to the service).

    ", "error":{"httpStatusCode":500}, "exception":true }, "InvalidPaginationTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An invalid pagination token provided in the request.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -568,16 +810,14 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You attempted to create more than the allowed number of tags.

    ", "error":{"httpStatusCode":409}, "exception":true }, "ListPipelineBlueprintsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "ListPipelineBlueprintsResponse":{ "type":"structure", @@ -588,6 +828,66 @@ } } }, + "ListPipelineEndpointConnectionsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of pipeline endpoint connections to return in the response.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If your initial ListPipelineEndpointConnections operation returns a nextToken, you can include the returned nextToken in subsequent ListPipelineEndpointConnections operations, which returns results in the next page.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListPipelineEndpointConnectionsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + }, + "PipelineEndpointConnections":{ + "shape":"PipelineEndpointConnectionsSummaryList", + "documentation":"

    A list of pipeline endpoint connections.

    " + } + } + }, + "ListPipelineEndpointsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of pipeline endpoints to return in the response.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If your initial ListPipelineEndpoints operation returns a NextToken, you can include the returned NextToken in subsequent ListPipelineEndpoints operations, which returns results in the next page.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListPipelineEndpointsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    When NextToken is returned, there are more results available. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + }, + "PipelineEndpoints":{ + "shape":"PipelineEndpointsSummaryList", + "documentation":"

    A list of pipeline endpoints.

    " + } + } + }, "ListPipelinesRequest":{ "type":"structure", "members":{ @@ -738,6 +1038,10 @@ "Tags":{ "shape":"TagList", "documentation":"

    A list of tags associated with the given pipeline.

    " + }, + "PipelineRoleArn":{ + "shape":"PipelineRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that the pipeline uses to access AWS resources.

    " } }, "documentation":"

    Information about an existing OpenSearch Ingestion pipeline.

    " @@ -831,12 +1135,113 @@ "type":"list", "member":{"shape":"PipelineDestination"} }, + "PipelineEndpoint":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline associated with this endpoint.

    " + }, + "EndpointId":{ + "shape":"PipelineEndpointId", + "documentation":"

    The unique identifier for the pipeline endpoint.

    " + }, + "Status":{ + "shape":"PipelineEndpointStatus", + "documentation":"

    The current status of the pipeline endpoint.

    " + }, + "VpcId":{ + "shape":"String", + "documentation":"

    The ID of the VPC where the pipeline endpoint is created.

    " + }, + "VpcOptions":{ + "shape":"PipelineEndpointVpcOptions", + "documentation":"

    Configuration options for the VPC endpoint, including subnet and security group settings.

    " + }, + "IngestEndpointUrl":{ + "shape":"String", + "documentation":"

    The URL used to ingest data to the pipeline through the VPC endpoint.

    " + } + }, + "documentation":"

    Represents a VPC endpoint for an OpenSearch Ingestion pipeline, enabling private connectivity between your VPC and the pipeline.

    " + }, + "PipelineEndpointConnection":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline in the endpoint connection.

    " + }, + "EndpointId":{ + "shape":"PipelineEndpointId", + "documentation":"

    The unique identifier of the endpoint in the connection.

    " + }, + "Status":{ + "shape":"PipelineEndpointStatus", + "documentation":"

    The current status of the pipeline endpoint connection.

    " + }, + "VpcEndpointOwner":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that owns the VPC endpoint used in this connection.

    " + } + }, + "documentation":"

    Represents a connection to a pipeline endpoint, containing details about the endpoint association.

    " + }, + "PipelineEndpointConnectionsSummaryList":{ + "type":"list", + "member":{"shape":"PipelineEndpointConnection"} + }, + "PipelineEndpointId":{ + "type":"string", + "max":512, + "min":3, + "pattern":"^[a-zA-Z0-9][a-zA-Z0-9-_]+$" + }, + "PipelineEndpointIdsList":{ + "type":"list", + "member":{"shape":"PipelineEndpointId"} + }, + "PipelineEndpointStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "CREATE_FAILED", + "DELETING", + "REVOKING", + "REVOKED" + ] + }, + "PipelineEndpointVpcOptions":{ + "type":"structure", + "members":{ + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"

    A list of subnet IDs where the pipeline endpoint network interfaces are created.

    " + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    A list of security group IDs that control network access to the pipeline endpoint.

    " + } + }, + "documentation":"

    Configuration settings for the VPC endpoint, specifying network access controls.

    " + }, + "PipelineEndpointsSummaryList":{ + "type":"list", + "member":{"shape":"PipelineEndpoint"} + }, "PipelineName":{ "type":"string", "max":28, "min":3, "pattern":"[a-z][a-z0-9\\-]+" }, + "PipelineRoleArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^arn:(aws|aws\\-cn|aws\\-us\\-gov|aws\\-iso|aws\\-iso\\-b|aws\\-iso\\-e|aws\\-iso\\-f):iam::[0-9]+:role\\/.*$" + }, "PipelineStatus":{ "type":"string", "enum":[ @@ -913,22 +1318,83 @@ "type":"integer", "min":1 }, - "ResourceAlreadyExistsException":{ + "PutResourcePolicyRequest":{ "type":"structure", + "required":[ + "ResourceArn", + "Policy" + ], "members":{ - }, + "ResourceArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to attach the policy to.

    ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

    The resource-based policy document in JSON format.

    " + } + } + }, + "PutResourcePolicyResponse":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " + }, + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

    The resource-based policy document that was attached to the resource.

    " + } + } + }, + "ResourceAlreadyExistsException":{ + "type":"structure", + "members":{}, "documentation":"

    You attempted to create a resource that already exists.

    ", "error":{"httpStatusCode":409}, "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You attempted to access or delete a resource that does not exist.

    ", "error":{"httpStatusCode":404}, "exception":true }, + "ResourcePolicy":{ + "type":"string", + "max":204800, + "min":2 + }, + "RevokePipelineEndpointConnectionsRequest":{ + "type":"structure", + "required":[ + "PipelineArn", + "EndpointIds" + ], + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline from which to revoke endpoint connections.

    " + }, + "EndpointIds":{ + "shape":"PipelineEndpointIdsList", + "documentation":"

    A list of endpoint IDs for which to revoke access to the pipeline.

    " + } + } + }, + "RevokePipelineEndpointConnectionsResponse":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline from which endpoint connections were revoked.

    " + } + } + }, "SecurityGroupId":{ "type":"string", "max":20, @@ -1061,8 +1527,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1092,8 +1557,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePipelineRequest":{ "type":"structure", @@ -1128,6 +1592,10 @@ "EncryptionAtRestOptions":{ "shape":"EncryptionAtRestOptions", "documentation":"

    Key-value pairs to configure encryption for data that is written to a persistent buffer.

    " + }, + "PipelineRoleArn":{ + "shape":"PipelineRoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants the pipeline permission to access Amazon Web Services resources.

    " } } }, @@ -1165,8 +1633,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An exception for missing or invalid input fields.

    ", "error":{"httpStatusCode":400}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.json 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.json --- 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -59,6 +59,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "BlockingInstances" + }, + "GetOutpostBillingInformation": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Subscriptions" } } } diff -pruN 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.sdk-extras.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -7,6 +7,11 @@ "OutpostArn", "OutpostId" ] + }, + "GetOutpostBillingInformation": { + "non_aggregate_keys": [ + "ContractEndDate" + ] } } } diff -pruN 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/service-2.json 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/service-2.json --- 2.23.6-1/awscli/botocore/data/outposts/2019-12-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/outposts/2019-12-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -163,6 +163,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"NotFoundException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Gets information about the specified catalog item.

    " @@ -214,6 +215,21 @@ ], "documentation":"

    Gets information about the specified Outpost.

    " }, + "GetOutpostBillingInformation":{ + "name":"GetOutpostBillingInformation", + "http":{ + "method":"GET", + "requestUri":"/outpost/{OutpostIdentifier}/billing-information" + }, + "input":{"shape":"GetOutpostBillingInformationInput"}, + "output":{"shape":"GetOutpostBillingInformationOutput"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Gets current and historical billing information about the specified Outpost.

    " + }, "GetOutpostInstanceTypes":{ "name":"GetOutpostInstanceTypes", "http":{ @@ -353,6 +369,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"NotFoundException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Lists the items in the catalog.

    Use filters to return specific results. If you specify multiple filters, the results include only the resources that match all of the specified filters. For a filter where you can specify multiple values, the results include items that match any of the values that you specify for the filter.

    " @@ -451,6 +468,23 @@ ], "documentation":"

    Amazon Web Services uses this action to install Outpost servers.

    Starts the connection required for Outpost server installation.

    Use CloudTrail to monitor this action or Amazon Web Services managed policy for Amazon Web Services Outposts to secure it. For more information, see Amazon Web Services managed policies for Amazon Web Services Outposts and Logging Amazon Web Services Outposts API calls with Amazon Web Services CloudTrail in the Amazon Web Services Outposts User Guide.

    " }, + "StartOutpostDecommission":{ + "name":"StartOutpostDecommission", + "http":{ + "method":"POST", + "requestUri":"/outposts/{OutpostId}/decommission" + }, + "input":{"shape":"StartOutpostDecommissionInput"}, + "output":{"shape":"StartOutpostDecommissionOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Starts the decommission process to return the Outposts racks or servers.

    " + }, "TagResource":{ "name":"TagResource", "http":{ @@ -589,6 +623,8 @@ "Address":{ "type":"structure", "required":[ + "ContactName", + "ContactPhoneNumber", "AddressLine1", "City", "StateOrRegion", @@ -679,6 +715,12 @@ "min":1, "pattern":"^(\\w+)$" }, + "AssetIdInput":{ + "type":"string", + "max":10, + "min":10, + "pattern":"\\d{10}" + }, "AssetIdList":{ "type":"list", "member":{"shape":"AssetId"} @@ -688,7 +730,7 @@ "members":{ "AssetId":{ "shape":"AssetId", - "documentation":"

    The ID of the asset.

    " + "documentation":"

    The ID of the asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " }, "RackId":{ "shape":"RackId", @@ -722,7 +764,7 @@ }, "AssetId":{ "shape":"AssetId", - "documentation":"

    The ID of the asset.

    " + "documentation":"

    The ID of the asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " }, "AccountId":{"shape":"AccountId"}, "AwsServiceName":{ @@ -829,6 +871,22 @@ "type":"list", "member":{"shape":"BlockingInstance"} }, + "BlockingResourceType":{ + "type":"string", + "enum":[ + "EC2_INSTANCE", + "OUTPOST_RAM_SHARE", + "LGW_ROUTING_DOMAIN", + "LGW_ROUTE_TABLE", + "LGW_VIRTUAL_INTERFACE_GROUP", + "OUTPOST_ORDER_CANCELLABLE", + "OUTPOST_ORDER_INTERVENTION_REQUIRED" + ] + }, + "BlockingResourceTypeList":{ + "type":"list", + "member":{"shape":"BlockingResourceType"} + }, "CIDR":{ "type":"string", "max":18, @@ -862,8 +920,7 @@ }, "CancelCapacityTaskOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelOrderInput":{ "type":"structure", @@ -879,8 +936,7 @@ }, "CancelOrderOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "CapacityTaskFailure":{ "type":"structure", @@ -952,6 +1008,10 @@ "shape":"OrderId", "documentation":"

    The ID of the Amazon Web Services Outposts order of the host associated with the capacity task.

    " }, + "AssetId":{ + "shape":"AssetId", + "documentation":"

    The ID of the asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " + }, "CapacityTaskStatus":{ "shape":"CapacityTaskStatus", "documentation":"

    The status of the capacity task.

    " @@ -1158,7 +1218,6 @@ "type":"structure", "required":[ "OutpostIdentifier", - "LineItems", "PaymentOption" ], "members":{ @@ -1254,6 +1313,14 @@ "Site":{"shape":"Site"} } }, + "DecommissionRequestStatus":{ + "type":"string", + "enum":[ + "SKIPPED", + "BLOCKED", + "REQUESTED" + ] + }, "DeleteOutpostInput":{ "type":"structure", "required":["OutpostId"], @@ -1268,8 +1335,7 @@ }, "DeleteOutpostOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSiteInput":{ "type":"structure", @@ -1285,8 +1351,7 @@ }, "DeleteSiteOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeviceSerialNumber":{ "type":"string", @@ -1382,6 +1447,10 @@ "shape":"OrderId", "documentation":"

    ID of the Amazon Web Services Outposts order associated with the specified capacity task.

    " }, + "AssetId":{ + "shape":"AssetId", + "documentation":"

    The ID of the Outpost asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " + }, "RequestedInstancePools":{ "shape":"RequestedInstancePools", "documentation":"

    List of instance pools requested in the capacity task.

    " @@ -1396,7 +1465,7 @@ }, "CapacityTaskStatus":{ "shape":"CapacityTaskStatus", - "documentation":"

    Status of the capacity task.

    A capacity task can have one of the following statuses:

    • REQUESTED - The capacity task was created and is awaiting the next step by Amazon Web Services Outposts.

    • IN_PROGRESS - The capacity task is running and cannot be cancelled.

    • WAITING_FOR_EVACUATION - The capacity task requires capacity to run. You must stop the recommended EC2 running instances to free up capacity for the task to run.

    " + "documentation":"

    Status of the capacity task.

    A capacity task can have one of the following statuses:

    • REQUESTED - The capacity task was created and is awaiting the next step by Amazon Web Services Outposts.

    • IN_PROGRESS - The capacity task is running and cannot be cancelled.

    • FAILED - The capacity task could not be completed.

    • COMPLETED - The capacity task has completed successfully.

    • WAITING_FOR_EVACUATION - The capacity task requires capacity to run. You must stop the recommended EC2 running instances to free up capacity for the task to run.

    • CANCELLATION_IN_PROGRESS - The capacity task has been cancelled and is in the process of cleaning up resources.

    • CANCELLED - The capacity task is cancelled.

    " }, "Failed":{ "shape":"CapacityTaskFailure", @@ -1484,13 +1553,49 @@ "Order":{"shape":"Order"} } }, + "GetOutpostBillingInformationInput":{ + "type":"structure", + "required":["OutpostIdentifier"], + "members":{ + "NextToken":{ + "shape":"Token", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults1000", + "location":"querystring", + "locationName":"MaxResults" + }, + "OutpostIdentifier":{ + "shape":"OutpostIdentifier", + "documentation":"

    The ID or ARN of the Outpost.

    ", + "location":"uri", + "locationName":"OutpostIdentifier" + } + } + }, + "GetOutpostBillingInformationOutput":{ + "type":"structure", + "members":{ + "NextToken":{"shape":"Token"}, + "Subscriptions":{ + "shape":"SubscriptionList", + "documentation":"

    The subscription details for the specified Outpost.

    " + }, + "ContractEndDate":{ + "shape":"String", + "documentation":"

    The date the current contract term ends for the specified Outpost. You must start the renewal or decommission process at least 5 business days before the current term for your Amazon Web Services Outposts ends. Failing to complete these steps at least 5 business days before the current term ends might result in unanticipated charges.

    " + } + } + }, "GetOutpostInput":{ "type":"structure", "required":["OutpostId"], "members":{ "OutpostId":{ "shape":"OutpostId", - "documentation":"

    The ID or ARN of the Outpost.

    ", + "documentation":"

    The ID or ARN of the Outpost.

    ", "location":"uri", "locationName":"OutpostId" } @@ -1552,6 +1657,12 @@ "location":"querystring", "locationName":"OrderId" }, + "AssetId":{ + "shape":"AssetIdInput", + "documentation":"

    The ID of the Outpost asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    ", + "location":"querystring", + "locationName":"AssetId" + }, "MaxResults":{ "shape":"MaxResults1000", "location":"querystring", @@ -1787,7 +1898,7 @@ "members":{ "AssetId":{ "shape":"AssetId", - "documentation":"

    The ID of the asset.

    " + "documentation":"

    The ID of the asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " }, "MacAddressList":{ "shape":"MacAddressList", @@ -2252,6 +2363,7 @@ "error":{"httpStatusCode":404}, "exception":true }, + "NullableDouble":{"type":"double"}, "OpticalStandard":{ "type":"string", "enum":[ @@ -2318,6 +2430,10 @@ "min":1, "pattern":"oo-[a-f0-9]{17}$" }, + "OrderIdList":{ + "type":"list", + "member":{"shape":"String"} + }, "OrderStatus":{ "type":"string", "enum":[ @@ -2714,6 +2830,10 @@ "shape":"OrderId", "documentation":"

    The ID of the Amazon Web Services Outposts order associated with the specified capacity task.

    " }, + "AssetId":{ + "shape":"AssetIdInput", + "documentation":"

    The ID of the Outpost asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " + }, "InstancePools":{ "shape":"RequestedInstancePools", "documentation":"

    The instance pools specified in the capacity task.

    " @@ -2747,6 +2867,10 @@ "shape":"OrderId", "documentation":"

    ID of the Amazon Web Services Outposts order of the host associated with the capacity task.

    " }, + "AssetId":{ + "shape":"AssetId", + "documentation":"

    The ID of the asset. An Outpost asset can be a single server within an Outposts rack or an Outposts server configuration.

    " + }, "RequestedInstancePools":{ "shape":"RequestedInstancePools", "documentation":"

    List of the instance pools requested in the specified capacity task.

    " @@ -2799,7 +2923,7 @@ }, "AssetId":{ "shape":"AssetId", - "documentation":"

    The ID of the Outpost server.

    " + "documentation":"

    The ID of the Outpost server.

    " }, "ClientPublicKey":{ "shape":"WireGuardPublicKey", @@ -2824,6 +2948,35 @@ } } }, + "StartOutpostDecommissionInput":{ + "type":"structure", + "required":["OutpostIdentifier"], + "members":{ + "OutpostIdentifier":{ + "shape":"OutpostIdentifier", + "documentation":"

    The ID or ARN of the Outpost that you want to decommission.

    ", + "location":"uri", + "locationName":"OutpostId" + }, + "ValidateOnly":{ + "shape":"ValidateOnly", + "documentation":"

    Validates the request without starting the decommission process.

    " + } + } + }, + "StartOutpostDecommissionOutput":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"DecommissionRequestStatus", + "documentation":"

    The status of the decommission request.

    " + }, + "BlockingResourceTypes":{ + "shape":"BlockingResourceTypeList", + "documentation":"

    The resources still associated with the Outpost that you are decommissioning.

    " + } + } + }, "StateOrRegion":{ "type":"string", "max":50, @@ -2846,6 +2999,64 @@ "min":1, "pattern":"^[\\S \\n]+$" }, + "Subscription":{ + "type":"structure", + "members":{ + "SubscriptionId":{ + "shape":"String", + "documentation":"

    The ID of the subscription that appears on the Amazon Web Services Billing Center console.

    " + }, + "SubscriptionType":{ + "shape":"SubscriptionType", + "documentation":"

    The type of subscription which can be one of the following:

    • ORIGINAL - The first order on the Amazon Web Services Outposts.

    • RENEWAL - Renewal requests, both month to month and longer term.

    • CAPACITY_INCREASE - Capacity scaling orders.

    " + }, + "SubscriptionStatus":{ + "shape":"SubscriptionStatus", + "documentation":"

    The status of subscription which can be one of the following:

    • INACTIVE - Subscription requests that are inactive.

    • ACTIVE - Subscription requests that are in progress and have an end date in the future.

    • CANCELLED - Subscription requests that are cancelled.

    " + }, + "OrderIds":{ + "shape":"OrderIdList", + "documentation":"

    The order ID for your subscription.

    " + }, + "BeginDate":{ + "shape":"ISO8601Timestamp", + "documentation":"

    The date your subscription starts.

    " + }, + "EndDate":{ + "shape":"ISO8601Timestamp", + "documentation":"

    The date your subscription ends.

    " + }, + "MonthlyRecurringPrice":{ + "shape":"NullableDouble", + "documentation":"

    The amount you are billed each month in the subscription period.

    " + }, + "UpfrontPrice":{ + "shape":"NullableDouble", + "documentation":"

    The amount billed when the subscription is created. This is a one-time charge.

    " + } + }, + "documentation":"

    Provides information about your Amazon Web Services Outposts subscriptions.

    " + }, + "SubscriptionList":{ + "type":"list", + "member":{"shape":"Subscription"} + }, + "SubscriptionStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "INACTIVE", + "CANCELLED" + ] + }, + "SubscriptionType":{ + "type":"string", + "enum":[ + "ORIGINAL", + "RENEWAL", + "CAPACITY_INCREASE" + ] + }, "SupportedHardwareType":{ "type":"string", "enum":[ @@ -2909,8 +3120,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2966,8 +3176,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOutpostInput":{ "type":"structure", @@ -3136,6 +3345,7 @@ "type":"integer", "box":true }, + "ValidateOnly":{"type":"boolean"}, "ValidationException":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/panorama/2019-07-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/panorama/2019-07-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/panorama/2019-07-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/panorama/2019-07-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/partitions.json 2.31.35-1/awscli/botocore/data/partitions.json --- 2.23.6-1/awscli/botocore/data/partitions.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/partitions.json 2025-11-12 19:17:29.000000000 +0000 @@ -17,6 +17,9 @@ "ap-east-1" : { "description" : "Asia Pacific (Hong Kong)" }, + "ap-east-2" : { + "description" : "Asia Pacific (Taipei)" + }, "ap-northeast-1" : { "description" : "Asia Pacific (Tokyo)" }, @@ -47,11 +50,14 @@ "ap-southeast-5" : { "description" : "Asia Pacific (Malaysia)" }, + "ap-southeast-6" : { + "description" : "Asia Pacific (New Zealand)" + }, "ap-southeast-7" : { "description" : "Asia Pacific (Thailand)" }, "aws-global" : { - "description" : "AWS Standard global region" + "description" : "aws global region" }, "ca-central-1" : { "description" : "Canada (Central)" @@ -124,7 +130,7 @@ "regionRegex" : "^cn\\-\\w+\\-\\d+$", "regions" : { "aws-cn-global" : { - "description" : "AWS China global region" + "description" : "aws-cn global region" }, "cn-north-1" : { "description" : "China (Beijing)" @@ -134,41 +140,35 @@ } } }, { - "id" : "aws-us-gov", + "id" : "aws-eusc", "outputs" : { - "dnsSuffix" : "amazonaws.com", - "dualStackDnsSuffix" : "api.aws", - "implicitGlobalRegion" : "us-gov-west-1", - "name" : "aws-us-gov", + "dnsSuffix" : "amazonaws.eu", + "dualStackDnsSuffix" : "api.amazonwebservices.eu", + "implicitGlobalRegion" : "eusc-de-east-1", + "name" : "aws-eusc", "supportsDualStack" : true, "supportsFIPS" : true }, - "regionRegex" : "^us\\-gov\\-\\w+\\-\\d+$", + "regionRegex" : "^eusc\\-(de)\\-\\w+\\-\\d+$", "regions" : { - "aws-us-gov-global" : { - "description" : "AWS GovCloud (US) global region" - }, - "us-gov-east-1" : { - "description" : "AWS GovCloud (US-East)" - }, - "us-gov-west-1" : { - "description" : "AWS GovCloud (US-West)" + "eusc-de-east-1" : { + "description" : "EU (Germany)" } } }, { "id" : "aws-iso", "outputs" : { "dnsSuffix" : "c2s.ic.gov", - "dualStackDnsSuffix" : "c2s.ic.gov", + "dualStackDnsSuffix" : "api.aws.ic.gov", "implicitGlobalRegion" : "us-iso-east-1", "name" : "aws-iso", - "supportsDualStack" : false, + "supportsDualStack" : true, "supportsFIPS" : true }, "regionRegex" : "^us\\-iso\\-\\w+\\-\\d+$", "regions" : { "aws-iso-global" : { - "description" : "AWS ISO (US) global region" + "description" : "aws-iso global region" }, "us-iso-east-1" : { "description" : "US ISO East" @@ -181,33 +181,39 @@ "id" : "aws-iso-b", "outputs" : { "dnsSuffix" : "sc2s.sgov.gov", - "dualStackDnsSuffix" : "sc2s.sgov.gov", + "dualStackDnsSuffix" : "api.aws.scloud", "implicitGlobalRegion" : "us-isob-east-1", "name" : "aws-iso-b", - "supportsDualStack" : false, + "supportsDualStack" : true, "supportsFIPS" : true }, "regionRegex" : "^us\\-isob\\-\\w+\\-\\d+$", "regions" : { "aws-iso-b-global" : { - "description" : "AWS ISOB (US) global region" + "description" : "aws-iso-b global region" }, "us-isob-east-1" : { "description" : "US ISOB East (Ohio)" + }, + "us-isob-west-1" : { + "description" : "US ISOB West" } } }, { "id" : "aws-iso-e", "outputs" : { "dnsSuffix" : "cloud.adc-e.uk", - "dualStackDnsSuffix" : "cloud.adc-e.uk", + "dualStackDnsSuffix" : "api.cloud-aws.adc-e.uk", "implicitGlobalRegion" : "eu-isoe-west-1", "name" : "aws-iso-e", - "supportsDualStack" : false, + "supportsDualStack" : true, "supportsFIPS" : true }, "regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$", "regions" : { + "aws-iso-e-global" : { + "description" : "aws-iso-e global region" + }, "eu-isoe-west-1" : { "description" : "EU ISOE West" } @@ -216,14 +222,46 @@ "id" : "aws-iso-f", "outputs" : { "dnsSuffix" : "csp.hci.ic.gov", - "dualStackDnsSuffix" : "csp.hci.ic.gov", + "dualStackDnsSuffix" : "api.aws.hci.ic.gov", "implicitGlobalRegion" : "us-isof-south-1", "name" : "aws-iso-f", - "supportsDualStack" : false, + "supportsDualStack" : true, "supportsFIPS" : true }, "regionRegex" : "^us\\-isof\\-\\w+\\-\\d+$", - "regions" : { } + "regions" : { + "aws-iso-f-global" : { + "description" : "aws-iso-f global region" + }, + "us-isof-east-1" : { + "description" : "US ISOF EAST" + }, + "us-isof-south-1" : { + "description" : "US ISOF SOUTH" + } + } + }, { + "id" : "aws-us-gov", + "outputs" : { + "dnsSuffix" : "amazonaws.com", + "dualStackDnsSuffix" : "api.aws", + "implicitGlobalRegion" : "us-gov-west-1", + "name" : "aws-us-gov", + "supportsDualStack" : true, + "supportsFIPS" : true + }, + "regionRegex" : "^us\\-gov\\-\\w+\\-\\d+$", + "regions" : { + "aws-us-gov-global" : { + "description" : "aws-us-gov global region" + }, + "us-gov-east-1" : { + "description" : "AWS GovCloud (US-East)" + }, + "us-gov-west-1" : { + "description" : "AWS GovCloud (US-West)" + } + } } ], "version" : "1.1" } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-07-26", + "auth":["aws.auth#sigv4"], "endpointPrefix":"partnercentral-selling", "jsonVersion":"1.0", "protocol":"json", @@ -11,8 +12,7 @@ "signatureVersion":"v4", "signingName":"partnercentral-selling", "targetPrefix":"AWSPartnerCentralSelling", - "uid":"partnercentral-selling-2022-07-26", - "auth":["aws.auth#sigv4"] + "uid":"partnercentral-selling-2022-07-26" }, "operations":{ "AcceptEngagementInvitation":{ @@ -23,8 +23,8 @@ }, "input":{"shape":"AcceptEngagementInvitationRequest"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -73,8 +73,8 @@ "input":{"shape":"CreateEngagementRequest"}, "output":{"shape":"CreateEngagementResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, @@ -92,8 +92,8 @@ "input":{"shape":"CreateEngagementInvitationRequest"}, "output":{"shape":"CreateEngagementInvitationResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, @@ -111,8 +111,8 @@ "input":{"shape":"CreateOpportunityRequest"}, "output":{"shape":"CreateOpportunityResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -130,8 +130,8 @@ "input":{"shape":"CreateResourceSnapshotRequest"}, "output":{"shape":"CreateResourceSnapshotResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, @@ -149,8 +149,8 @@ "input":{"shape":"CreateResourceSnapshotJobRequest"}, "output":{"shape":"CreateResourceSnapshotJobResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, @@ -167,8 +167,8 @@ }, "input":{"shape":"DeleteResourceSnapshotJobRequest"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} @@ -419,7 +419,7 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    This request accepts a list of filters that retrieve opportunity subsets as well as sort options. This feature is available to partners from Partner Central using the ListOpportunities API action.

    To synchronize your system with Amazon Web Services, only list the opportunities that were newly created or updated. We recommend you rely on events emitted by the service into your Amazon Web Services account’s Amazon EventBridge default event bus, you can also use the ListOpportunities action.

    We recommend the following approach:

    1. Find the latest LastModifiedDate that you stored, and only use the values that came from Amazon Web Services. Don’t use values generated by your system.

    2. When you send a ListOpportunities request, submit the date in ISO 8601 format in the AfterLastModifiedDate filter.

    3. Amazon Web Services only returns opportunities created or updated on or after that date and time. Use NextToken to iterate over all pages.

    " + "documentation":"

    This request accepts a list of filters that retrieve opportunity subsets as well as sort options. This feature is available to partners from Partner Central using the ListOpportunities API action.

    To synchronize your system with Amazon Web Services, list only the opportunities that were newly created or updated. We recommend you rely on events emitted by the service into your Amazon Web Services account’s Amazon EventBridge default event bus. You can also use the ListOpportunities action.

    We recommend the following approach:

    1. Find the latest LastModifiedDate that you stored, and only use the values that came from Amazon Web Services. Don’t use values generated by your system.

    2. When you send a ListOpportunities request, submit the date in ISO 8601 format in the AfterLastModifiedDate filter.

    3. Amazon Web Services only returns opportunities created or updated on or after that date and time. Use NextToken to iterate over all pages.

    " }, "ListResourceSnapshotJobs":{ "name":"ListResourceSnapshotJobs", @@ -511,8 +511,8 @@ }, "input":{"shape":"RejectEngagementInvitationRequest"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -529,8 +529,8 @@ "input":{"shape":"StartEngagementByAcceptingInvitationTaskRequest"}, "output":{"shape":"StartEngagementByAcceptingInvitationTaskResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -548,15 +548,15 @@ "input":{"shape":"StartEngagementFromOpportunityTaskRequest"}, "output":{"shape":"StartEngagementFromOpportunityTaskResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    This action initiates the engagement process from an existing opportunity by accepting the engagement invitation and creating a corresponding opportunity in the partner’s system. Similar to StartEngagementByAcceptingInvitationTask, this action is asynchronous and performs multiple steps before completion.

    " + "documentation":"

    Similar to StartEngagementByAcceptingInvitationTask, this action is asynchronous and performs multiple steps before completion. This action orchestrates a comprehensive workflow that combines multiple API operations into a single task to create and initiate an engagement from an existing opportunity. It automatically executes a sequence of operations including GetOpportunity, CreateEngagement (if it doesn't exist), CreateResourceSnapshot, CreateResourceSnapshotJob, CreateEngagementInvitation (if not already invited/accepted), and SubmitOpportunity.

    " }, "StartResourceSnapshotJob":{ "name":"StartResourceSnapshotJob", @@ -615,8 +615,8 @@ "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -634,8 +634,8 @@ "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -653,8 +653,8 @@ "input":{"shape":"UpdateOpportunityRequest"}, "output":{"shape":"UpdateOpportunityResponse"}, "errors":[ - {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"}, {"shape":"ValidationException"}, @@ -693,22 +693,6 @@ "type":"structure", "required":["CompanyName"], "members":{ - "Address":{ - "shape":"Address", - "documentation":"

    Specifies the end Customer's address details associated with the Opportunity.

    " - }, - "AwsAccountId":{ - "shape":"AwsAccount", - "documentation":"

    Specifies the Customer Amazon Web Services account ID associated with the Opportunity.

    " - }, - "CompanyName":{ - "shape":"AccountCompanyNameString", - "documentation":"

    Specifies the end Customer's company name associated with the Opportunity.

    " - }, - "Duns":{ - "shape":"DunsNumber", - "documentation":"

    Indicates the Customer DUNS number, if available.

    " - }, "Industry":{ "shape":"Industry", "documentation":"

    Specifies the industry the end Customer belongs to that's associated with the Opportunity. It refers to the category or sector where the customer's business operates. This is a required field.

    " @@ -717,9 +701,25 @@ "shape":"AccountOtherIndustryString", "documentation":"

    Specifies the end Customer's industry associated with the Opportunity, when the selected value in the Industry field is Other.

    " }, + "CompanyName":{ + "shape":"AccountCompanyNameString", + "documentation":"

    Specifies the end Customer's company name associated with the Opportunity.

    " + }, "WebsiteUrl":{ "shape":"WebsiteUrl", "documentation":"

    Specifies the end customer's company website URL associated with the Opportunity. This value is crucial to map the customer within the Amazon Web Services CRM system. This field is required in all cases except when the opportunity is related to national security.

    " + }, + "AwsAccountId":{ + "shape":"AwsAccount", + "documentation":"

    Specifies the Customer Amazon Web Services account ID associated with the Opportunity.

    " + }, + "Address":{ + "shape":"Address", + "documentation":"

    Specifies the end Customer's address details associated with the Opportunity.

    " + }, + "Duns":{ + "shape":"DunsNumber", + "documentation":"

    Indicates the Customer DUNS number, if available.

    " } }, "documentation":"

    Specifies the Customer's account details associated with the Opportunity.

    " @@ -754,14 +754,6 @@ "type":"structure", "required":["CompanyName"], "members":{ - "Address":{ - "shape":"AddressSummary", - "documentation":"

    Specifies the end Customer's address details associated with the Opportunity.

    " - }, - "CompanyName":{ - "shape":"AccountSummaryCompanyNameString", - "documentation":"

    Specifies the end Customer's company name associated with the Opportunity.

    " - }, "Industry":{ "shape":"Industry", "documentation":"

    Specifies which industry the end Customer belongs to associated with the Opportunity. It refers to the category or sector that the customer's business operates in.

    To submit a value outside the picklist, use Other.

    Conditionally mandatory if Other is selected for Industry Vertical in LOVs.

    " @@ -770,9 +762,17 @@ "shape":"AccountSummaryOtherIndustryString", "documentation":"

    Specifies the end Customer's industry associated with the Opportunity, when the selected value in the Industry field is Other. This field is relevant when the customer's industry doesn't fall under the predefined picklist values and requires a custom description.

    " }, + "CompanyName":{ + "shape":"AccountSummaryCompanyNameString", + "documentation":"

    Specifies the end Customer's company name associated with the Opportunity.

    " + }, "WebsiteUrl":{ "shape":"WebsiteUrl", "documentation":"

    Specifies the end customer's company website URL associated with the Opportunity. This value is crucial to map the customer within the Amazon Web Services CRM system.

    " + }, + "Address":{ + "shape":"AddressSummary", + "documentation":"

    Specifies the end Customer's address details associated with the Opportunity.

    " } }, "documentation":"

    An object that contains an Account's subset of fields.

    " @@ -795,10 +795,6 @@ "shape":"AddressCityString", "documentation":"

    Specifies the end Customer's city associated with the Opportunity.

    " }, - "CountryCode":{ - "shape":"CountryCode", - "documentation":"

    Specifies the end Customer's country associated with the Opportunity.

    " - }, "PostalCode":{ "shape":"AddressPostalCodeString", "documentation":"

    Specifies the end Customer's postal code associated with the Opportunity.

    " @@ -807,6 +803,10 @@ "shape":"AddressPart", "documentation":"

    Specifies the end Customer's state or region associated with the Opportunity.

    Valid values: Alabama | Alaska | American Samoa | Arizona | Arkansas | California | Colorado | Connecticut | Delaware | Dist. of Columbia | Federated States of Micronesia | Florida | Georgia | Guam | Hawaii | Idaho | Illinois | Indiana | Iowa | Kansas | Kentucky | Louisiana | Maine | Marshall Islands | Maryland | Massachusetts | Michigan | Minnesota | Mississippi | Missouri | Montana | Nebraska | Nevada | New Hampshire | New Jersey | New Mexico | New York | North Carolina | North Dakota | Northern Mariana Islands | Ohio | Oklahoma | Oregon | Palau | Pennsylvania | Puerto Rico | Rhode Island | South Carolina | South Dakota | Tennessee | Texas | Utah | Vermont | Virginia | Virgin Islands | Washington | West Virginia | Wisconsin | Wyoming | APO/AE | AFO/FPO | FPO, AP

    " }, + "CountryCode":{ + "shape":"CountryCode", + "documentation":"

    Specifies the end Customer's country associated with the Opportunity.

    " + }, "StreetAddress":{ "shape":"AddressStreetAddressString", "documentation":"

    Specifies the end Customer's street address associated with the Opportunity.

    " @@ -843,10 +843,6 @@ "shape":"AddressSummaryCityString", "documentation":"

    Specifies the end Customer's city associated with the Opportunity.

    " }, - "CountryCode":{ - "shape":"CountryCode", - "documentation":"

    Specifies the end Customer's country associated with the Opportunity.

    " - }, "PostalCode":{ "shape":"AddressSummaryPostalCodeString", "documentation":"

    Specifies the end Customer's postal code associated with the Opportunity.

    " @@ -854,6 +850,10 @@ "StateOrRegion":{ "shape":"AddressPart", "documentation":"

    Specifies the end Customer's state or region associated with the Opportunity.

    Valid values: Alabama | Alaska | American Samoa | Arizona | Arkansas | California | Colorado | Connecticut | Delaware | Dist. of Columbia | Federated States of Micronesia | Florida | Georgia | Guam | Hawaii | Idaho | Illinois | Indiana | Iowa | Kansas | Kentucky | Louisiana | Maine | Marshall Islands | Maryland | Massachusetts | Michigan | Minnesota | Mississippi | Missouri | Montana | Nebraska | Nevada | New Hampshire | New Jersey | New Mexico | New York | North Carolina | North Dakota | Northern Mariana Islands | Ohio | Oklahoma | Oregon | Palau | Pennsylvania | Puerto Rico | Rhode Island | South Carolina | South Dakota | Tennessee | Texas | Utah | Vermont | Virginia | Virgin Islands | Washington | West Virginia | Wisconsin | Wyoming | APO/AE | AFO/FPO | FPO, AP

    " + }, + "CountryCode":{ + "shape":"CountryCode", + "documentation":"

    Specifies the end Customer's country associated with the Opportunity.

    " } }, "documentation":"

    An object that contains an Address object's subset of fields.

    " @@ -874,7 +874,12 @@ "type":"string", "max":80, "min":0, - "pattern":"^[\\p{L}\\p{N}\\p{P}\\p{Z}]+$" + "sensitive":true + }, + "Amount":{ + "type":"string", + "pattern":"(0|([1-9][0-9]{0,30}))(\\.[0-9]{0,2})?", + "sensitive":true }, "ApnPrograms":{ "type":"list", @@ -883,15 +888,11 @@ "AssignOpportunityRequest":{ "type":"structure", "required":[ - "Assignee", "Catalog", - "Identifier" + "Identifier", + "Assignee" ], "members":{ - "Assignee":{ - "shape":"AssigneeContact", - "documentation":"

    Specifies the user or team member responsible for managing the assigned opportunity. This field identifies the Assignee based on the partner's internal team structure. Ensure that the email address is associated with a registered user in your Partner Central account.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the opportunity is assigned in. Use AWS to assign real opportunities in the Amazon Web Services catalog, and Sandbox for testing in secure, isolated environments.

    " @@ -899,22 +900,22 @@ "Identifier":{ "shape":"OpportunityIdentifier", "documentation":"

    Requires the Opportunity's unique identifier when you want to assign it to another user. Provide the correct identifier so the intended opportunity is reassigned.

    " + }, + "Assignee":{ + "shape":"AssigneeContact", + "documentation":"

    Specifies the user or team member responsible for managing the assigned opportunity. This field identifies the Assignee based on the partner's internal team structure. Ensure that the email address is associated with a registered user in your Partner Central account.

    " } } }, "AssigneeContact":{ "type":"structure", "required":[ - "BusinessTitle", "Email", "FirstName", - "LastName" + "LastName", + "BusinessTitle" ], "members":{ - "BusinessTitle":{ - "shape":"JobTitle", - "documentation":"

    Specifies the business title of the assignee managing the opportunity. This helps clarify the individual's role and responsibilities within the organization. Use the value PartnerAccountManager to update details of the opportunity owner.

    " - }, "Email":{ "shape":"Email", "documentation":"

    Provides the email address of the assignee. This email is used for communications and notifications related to the opportunity.

    " @@ -926,6 +927,10 @@ "LastName":{ "shape":"AssigneeContactLastNameString", "documentation":"

    Specifies the last name of the assignee managing the opportunity. The system automatically retrieves this value from the user profile by referencing the associated email address.

    " + }, + "BusinessTitle":{ + "shape":"JobTitle", + "documentation":"

    Specifies the business title of the assignee managing the opportunity. This helps clarify the individual's role and responsibilities within the organization. Use the value PartnerAccountManager to update details of the opportunity owner.

    " } }, "documentation":"

    Represents the contact details of the individual assigned to manage the opportunity within the partner organization. This helps to ensure that there is a point of contact for the opportunity's progress.

    " @@ -947,8 +952,8 @@ "required":[ "Catalog", "OpportunityIdentifier", - "RelatedEntityIdentifier", - "RelatedEntityType" + "RelatedEntityType", + "RelatedEntityIdentifier" ], "members":{ "Catalog":{ @@ -959,13 +964,13 @@ "shape":"OpportunityIdentifier", "documentation":"

    Requires the Opportunity's unique identifier when you want to associate it with a related entity. Provide the correct identifier so the intended opportunity is updated with the association.

    " }, - "RelatedEntityIdentifier":{ - "shape":"AssociateOpportunityRequestRelatedEntityIdentifierString", - "documentation":"

    Requires the related entity's unique identifier when you want to associate it with the Opportunity. For Amazon Web Services Marketplace entities, provide the Amazon Resource Name (ARN). Use the Amazon Web Services Marketplace API to obtain the ARN.

    " - }, "RelatedEntityType":{ "shape":"RelatedEntityType", "documentation":"

    Specifies the entity type that you're associating with the Opportunity. This helps to categorize and properly process the association.

    " + }, + "RelatedEntityIdentifier":{ + "shape":"AssociateOpportunityRequestRelatedEntityIdentifierString", + "documentation":"

    Requires the related entity's unique identifier when you want to associate it with the Opportunity. For Amazon Web Services Marketplace entities, provide the Amazon Resource Name (ARN). Use the Amazon Web Services Marketplace API to obtain the ARN.

    " } } }, @@ -976,7 +981,7 @@ }, "AwsAccount":{ "type":"string", - "pattern":"^([0-9]{12}|\\w{1,12})$", + "pattern":"([0-9]{12}|\\w{1,12})", "sensitive":true }, "AwsAccountIdOrAliasList":{ @@ -1053,7 +1058,7 @@ }, "AwsMarketplaceOfferIdentifier":{ "type":"string", - "pattern":"^arn:aws:aws-marketplace:[a-z]{1,2}-[a-z]*-\\d+:\\d{12}:AWSMarketplace/Offer/.*$" + "pattern":"arn:aws:aws-marketplace:[a-z]{1,2}-[a-z]*-\\d+:\\d{12}:AWSMarketplace/Offer/.*" }, "AwsMarketplaceOfferIdentifiers":{ "type":"list", @@ -1083,13 +1088,13 @@ "AwsOpportunityInsights":{ "type":"structure", "members":{ - "EngagementScore":{ - "shape":"EngagementScore", - "documentation":"

    Represents a score assigned by AWS to indicate the level of engagement and potential success for the opportunity. This score helps partners prioritize their efforts.

    " - }, "NextBestActions":{ "shape":"String", "documentation":"

    Provides recommendations from AWS on the next best actions to take in order to move the opportunity forward and increase the likelihood of success.

    " + }, + "EngagementScore":{ + "shape":"EngagementScore", + "documentation":"

    Represents a score assigned by AWS to indicate the level of engagement and potential success for the opportunity. This score helps partners prioritize their efforts.

    " } }, "documentation":"

    Contains insights provided by AWS for the opportunity, offering recommendations and analysis that can help the partner optimize their engagement and strategy.

    " @@ -1097,10 +1102,18 @@ "AwsOpportunityLifeCycle":{ "type":"structure", "members":{ + "TargetCloseDate":{ + "shape":"Date", + "documentation":"

    Indicates the expected date by which the opportunity is projected to close. This field helps in planning resources and timelines for both the partner and AWS.

    " + }, "ClosedLostReason":{ "shape":"AwsClosedLostReason", "documentation":"

    Indicates the reason why an opportunity was marked as Closed Lost. This helps in understanding the context behind the lost opportunity and aids in refining future strategies.

    " }, + "Stage":{ + "shape":"AwsOpportunityStage", + "documentation":"

    Represents the current stage of the opportunity in its lifecycle, such as Qualification, Validation, or Closed Won. This helps in understanding the opportunity's progress.

    " + }, "NextSteps":{ "shape":"AwsOpportunityLifeCycleNextStepsString", "documentation":"

    Specifies the immediate next steps required to progress the opportunity. These steps are based on AWS guidance and the current stage of the opportunity.

    " @@ -1108,14 +1121,6 @@ "NextStepsHistory":{ "shape":"AwsOpportunityLifeCycleNextStepsHistoryList", "documentation":"

    Provides a historical log of previous next steps that were taken to move the opportunity forward. This helps in tracking the decision-making process and identifying any delays or obstacles encountered.

    " - }, - "Stage":{ - "shape":"AwsOpportunityStage", - "documentation":"

    Represents the current stage of the opportunity in its lifecycle, such as Qualification, Validation, or Closed Won. This helps in understanding the opportunity's progress.

    " - }, - "TargetCloseDate":{ - "shape":"Date", - "documentation":"

    Indicates the expected date by which the opportunity is projected to close. This field helps in planning resources and timelines for both the partner and AWS.

    " } }, "documentation":"

    Tracks the lifecycle of the AWS opportunity, including stages such as qualification, validation, and closure. This field helps partners understand the current status and progression of the opportunity.

    " @@ -1212,10 +1217,6 @@ "AwsTeamMember":{ "type":"structure", "members":{ - "BusinessTitle":{ - "shape":"AwsMemberBusinessTitle", - "documentation":"

    Specifies the Amazon Web Services team member's business title and indicates their organizational role.

    " - }, "Email":{ "shape":"Email", "documentation":"

    Provides the Amazon Web Services team member's email address.

    " @@ -1227,6 +1228,10 @@ "LastName":{ "shape":"AwsTeamMemberLastNameString", "documentation":"

    Provides the Amazon Web Services team member's last name.

    " + }, + "BusinessTitle":{ + "shape":"AwsMemberBusinessTitle", + "documentation":"

    Specifies the Amazon Web Services team member's business title and indicates their organizational role.

    " } }, "documentation":"

    Represents an Amazon Web Services team member for the engagement. This structure includes details such as name, email, and business title.

    " @@ -1245,7 +1250,7 @@ }, "CatalogIdentifier":{ "type":"string", - "pattern":"^[a-zA-Z]+$" + "pattern":"[a-zA-Z]+" }, "Channel":{ "type":"string", @@ -1271,7 +1276,7 @@ }, "ClientToken":{ "type":"string", - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "ClosedLostReason":{ "type":"string", @@ -1301,13 +1306,13 @@ "type":"string", "max":120, "min":1, - "pattern":"^[\\p{L}\\p{N}\\p{P}\\p{Z}]+$" + "sensitive":true }, "CompanyWebsiteUrl":{ "type":"string", "max":255, "min":4, - "pattern":"^((http|https)://)??(www[.])??([a-zA-Z0-9]|-)+?([.][a-zA-Z0-9(-|/|=|?)??]+?)+?$", + "pattern":"((http|https)://)??(www[.])??([a-zA-Z0-9]|-)+?([.][a-zA-Z0-9(-|/|=|?)??]+?)+?", "sensitive":true }, "CompetitorName":{ @@ -1337,10 +1342,6 @@ "Contact":{ "type":"structure", "members":{ - "BusinessTitle":{ - "shape":"JobTitle", - "documentation":"

    The partner contact's title (job title or role) associated with the Opportunity. BusinessTitle supports either PartnerAccountManager or OpportunityOwner.

    " - }, "Email":{ "shape":"Email", "documentation":"

    The contact's email address associated with the Opportunity.

    " @@ -1353,6 +1354,10 @@ "shape":"ContactLastNameString", "documentation":"

    The contact's last name associated with the Opportunity.

    " }, + "BusinessTitle":{ + "shape":"JobTitle", + "documentation":"

    The partner contact's title (job title or role) associated with the Opportunity. BusinessTitle supports either PartnerAccountManager or OpportunityOwner.

    " + }, "Phone":{ "shape":"PhoneNumber", "documentation":"

    The contact's phone number associated with the Opportunity.

    " @@ -1658,17 +1663,17 @@ "CreateEngagementInvitationResponse":{ "type":"structure", "required":[ - "Arn", - "Id" + "Id", + "Arn" ], "members":{ - "Arn":{ - "shape":"EngagementInvitationArn", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the engagement invitation.

    " - }, "Id":{ "shape":"EngagementInvitationIdentifier", "documentation":"

    Unique identifier assigned to the newly created engagement invitation.

    " + }, + "Arn":{ + "shape":"EngagementInvitationArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the engagement invitation.

    " } } }, @@ -1677,8 +1682,8 @@ "required":[ "Catalog", "ClientToken", - "Description", - "Title" + "Title", + "Description" ], "members":{ "Catalog":{ @@ -1690,34 +1695,34 @@ "documentation":"

    The CreateEngagementRequest$ClientToken parameter specifies a unique, case-sensitive identifier to ensure that the request is handled exactly once. The value must not exceed sixty-four alphanumeric characters.

    ", "idempotencyToken":true }, - "Contexts":{ - "shape":"EngagementContexts", - "documentation":"

    The Contexts field is a required array of objects, with a maximum of 5 contexts allowed, specifying detailed information about customer projects associated with the Engagement. Each context object contains a Type field indicating the context type, which must be CustomerProject in this version, and a Payload field containing the CustomerProject details. The CustomerProject object is composed of two main components: Customer and Project. The Customer object includes information such as CompanyName, WebsiteUrl, Industry, and CountryCode, providing essential details about the customer. The Project object contains Title, BusinessProblem, and TargetCompletionDate, offering insights into the specific project associated with the customer. This structure allows comprehensive context to be included within the Engagement, facilitating effective collaboration between parties by providing relevant customer and project information.

    " + "Title":{ + "shape":"EngagementTitle", + "documentation":"

    Specifies the title of the Engagement.

    " }, "Description":{ "shape":"EngagementDescription", "documentation":"

    Provides a description of the Engagement.

    " }, - "Title":{ - "shape":"EngagementTitle", - "documentation":"

    Specifies the title of the Engagement.

    " + "Contexts":{ + "shape":"EngagementContexts", + "documentation":"

    The Contexts field is a required array of objects, with a maximum of 5 contexts allowed, specifying detailed information about customer projects associated with the Engagement. Each context object contains a Type field indicating the context type, which must be CustomerProject in this version, and a Payload field containing the CustomerProject details. The CustomerProject object is composed of two main components: Customer and Project. The Customer object includes information such as CompanyName, WebsiteUrl, Industry, and CountryCode, providing essential details about the customer. The Project object contains Title, BusinessProblem, and TargetCompletionDate, offering insights into the specific project associated with the customer. This structure allows comprehensive context to be included within the Engagement, facilitating effective collaboration between parties by providing relevant customer and project information.

    " } } }, "CreateEngagementRequestClientTokenString":{ "type":"string", - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "CreateEngagementResponse":{ "type":"structure", "members":{ - "Arn":{ - "shape":"EngagementArn", - "documentation":"

    The Amazon Resource Name (ARN) that identifies the engagement.

    " - }, "Id":{ "shape":"EngagementIdentifier", "documentation":"

    Unique identifier assigned to the newly created engagement.

    " + }, + "Arn":{ + "shape":"EngagementArn", + "documentation":"

    The Amazon Resource Name (ARN) that identifies the engagement.

    " } } }, @@ -1732,54 +1737,58 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the opportunity is created in. Use AWS to create opportunities in the Amazon Web Services catalog, and Sandbox for testing in secure, isolated environments.

    " }, - "ClientToken":{ - "shape":"CreateOpportunityRequestClientTokenString", - "documentation":"

    Required to be unique, and should be unchanging, it can be randomly generated or a meaningful string.

    Default: None

    Best practice: To help ensure uniqueness and avoid conflicts, use a Universally Unique Identifier (UUID) as the ClientToken. You can use standard libraries from most programming languages to generate this. If you use the same client token, the API returns the following error: \"Conflicting client token submitted for a new request body.\"

    ", - "idempotencyToken":true + "PrimaryNeedsFromAws":{ + "shape":"PrimaryNeedsFromAws", + "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an Amazon Web Services seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connect with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs Amazon Web Services RFx support.

    " + }, + "NationalSecurity":{ + "shape":"NationalSecurity", + "documentation":"

    Indicates whether the Opportunity pertains to a national security project. This field must be set to true only when the customer's industry is Government. Additional privacy and security measures apply during the review and management process for opportunities marked as NationalSecurity.

    " + }, + "PartnerOpportunityIdentifier":{ + "shape":"CreateOpportunityRequestPartnerOpportunityIdentifierString", + "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload to the partner.

    This field allows partners to link an opportunity to their CRM, which helps to ensure seamless integration and accurate synchronization between the Partner Central API and the partner's internal systems.

    " }, "Customer":{ "shape":"Customer", "documentation":"

    Specifies customer details associated with the Opportunity.

    " }, - "LifeCycle":{ - "shape":"LifeCycle", - "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " + "Project":{ + "shape":"Project", + "documentation":"

    An object that contains project details for the Opportunity.

    " + }, + "OpportunityType":{ + "shape":"OpportunityType", + "documentation":"

    Specifies the opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " }, "Marketing":{ "shape":"Marketing", "documentation":"

    This object contains marketing details and is optional for an opportunity.

    " }, - "NationalSecurity":{ - "shape":"NationalSecurity", - "documentation":"

    Indicates whether the Opportunity pertains to a national security project. This field must be set to true only when the customer's industry is Government. Additional privacy and security measures apply during the review and management process for opportunities marked as NationalSecurity.

    " + "SoftwareRevenue":{ + "shape":"SoftwareRevenue", + "documentation":"

    Specifies details of a customer's procurement terms. This is required only for partners in eligible programs.

    " }, - "OpportunityTeam":{ - "shape":"PartnerOpportunityTeamMembersList", - "documentation":"

    Represents the internal team handling the opportunity. Specify collaborating members of this opportunity who are within the partner's organization.

    " + "ClientToken":{ + "shape":"CreateOpportunityRequestClientTokenString", + "documentation":"

    Required to be unique, and should be unchanging, it can be randomly generated or a meaningful string.

    Default: None

    Best practice: To help ensure uniqueness and avoid conflicts, use a Universally Unique Identifier (UUID) as the ClientToken. You can use standard libraries from most programming languages to generate this. If you use the same client token, the API returns the following error: \"Conflicting client token submitted for a new request body.\"

    ", + "idempotencyToken":true }, - "OpportunityType":{ - "shape":"OpportunityType", - "documentation":"

    Specifies the opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " + "LifeCycle":{ + "shape":"LifeCycle", + "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " }, "Origin":{ "shape":"OpportunityOrigin", "documentation":"

    Specifies the origin of the opportunity, indicating if it was sourced from Amazon Web Services or the partner. For all opportunities created with Catalog: AWS, this field must only be Partner Referral. However, when using Catalog: Sandbox, you can set this field to AWS Referral to simulate Amazon Web Services referral creation. This allows Amazon Web Services-originated flows testing in the sandbox catalog.

    " }, - "PartnerOpportunityIdentifier":{ - "shape":"CreateOpportunityRequestPartnerOpportunityIdentifierString", - "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload to the partner.

    This field allows partners to link an opportunity to their CRM, which helps to ensure seamless integration and accurate synchronization between the Partner Central API and the partner's internal systems.

    " - }, - "PrimaryNeedsFromAws":{ - "shape":"PrimaryNeedsFromAws", - "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an Amazon Web Services seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connect with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs Amazon Web Services RFx support.

    " - }, - "Project":{ - "shape":"Project", - "documentation":"

    An object that contains project details for the Opportunity.

    " + "OpportunityTeam":{ + "shape":"PartnerOpportunityTeamMembersList", + "documentation":"

    Represents the internal team handling the opportunity. Specify collaborating members of this opportunity who are within the partner's organization.

    " }, - "SoftwareRevenue":{ - "shape":"SoftwareRevenue", - "documentation":"

    Specifies details of a customer's procurement terms. This is required only for partners in eligible programs.

    " + "Tags":{ + "shape":"TagList", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign.

    " } } }, @@ -1800,13 +1809,13 @@ "shape":"OpportunityIdentifier", "documentation":"

    Read-only, system-generated Opportunity unique identifier. Amazon Web Services creates this identifier, and it's used for all subsequent opportunity actions, such as updates, associations, and submissions. It helps to ensure that each opportunity is accurately tracked and managed.

    " }, - "LastModifiedDate":{ - "shape":"DateTime", - "documentation":"

    DateTime when the opportunity was last modified. When the Opportunity is created, its value is CreatedDate.

    " - }, "PartnerOpportunityIdentifier":{ "shape":"String", "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner.

    " + }, + "LastModifiedDate":{ + "shape":"DateTime", + "documentation":"

    DateTime when the opportunity was last modified. When the Opportunity is created, its value is CreatedDate.

    " } } }, @@ -1816,9 +1825,9 @@ "Catalog", "ClientToken", "EngagementIdentifier", + "ResourceType", "ResourceIdentifier", - "ResourceSnapshotTemplateIdentifier", - "ResourceType" + "ResourceSnapshotTemplateIdentifier" ], "members":{ "Catalog":{ @@ -1834,6 +1843,10 @@ "shape":"EngagementIdentifier", "documentation":"

    Specifies the identifier of the engagement associated with the resource to be snapshotted.

    " }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of resource for which the snapshot job is being created. Must be one of the supported resource types i.e. Opportunity

    " + }, "ResourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    Specifies the identifier of the specific resource to be snapshotted. The format depends on the ResourceType.

    " @@ -1842,30 +1855,26 @@ "shape":"ResourceTemplateName", "documentation":"

    Specifies the name of the template that defines the schema for the snapshot.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource for which the snapshot job is being created. Must be one of the supported resource types i.e. Opportunity

    " - }, "Tags":{ "shape":"TagList", - "documentation":"

    A list of objects specifying each tag name and value.

    " + "documentation":"

    A map of the key-value pairs of the tag or tags to assign.

    " } } }, "CreateResourceSnapshotJobRequestClientTokenString":{ "type":"string", - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "CreateResourceSnapshotJobResponse":{ "type":"structure", "members":{ - "Arn":{ - "shape":"ResourceSnapshotJobArn", - "documentation":"

    The Amazon Resource Name (ARN) of the created snapshot job.

    " - }, "Id":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    The unique identifier for the created snapshot job.

    " + }, + "Arn":{ + "shape":"ResourceSnapshotJobArn", + "documentation":"

    The Amazon Resource Name (ARN) of the created snapshot job.

    " } } }, @@ -1873,26 +1882,25 @@ "type":"structure", "required":[ "Catalog", - "ClientToken", "EngagementIdentifier", + "ResourceType", "ResourceIdentifier", "ResourceSnapshotTemplateIdentifier", - "ResourceType" + "ClientToken" ], "members":{ "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog where the snapshot is created. Valid values are AWS and Sandbox.

    " }, - "ClientToken":{ - "shape":"CreateResourceSnapshotRequestClientTokenString", - "documentation":"

    Specifies a unique, client-generated UUID to ensure that the request is handled exactly once. This token helps prevent duplicate snapshot creations.

    ", - "idempotencyToken":true - }, "EngagementIdentifier":{ "shape":"EngagementIdentifier", "documentation":"

    The unique identifier of the engagement associated with this snapshot. This field links the snapshot to a specific engagement context.

    " }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    Specifies the type of resource for which the snapshot is being created. This field determines the structure and content of the snapshot. Must be one of the supported resource types, such as: Opportunity.

    " + }, "ResourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    The unique identifier of the specific resource to be snapshotted. The format and constraints of this identifier depend on the ResourceType specified. For example: For Opportunity type, it will be an opportunity ID.

    " @@ -1901,15 +1909,16 @@ "shape":"ResourceTemplateName", "documentation":"

    The name of the template that defines the schema for the snapshot. This template determines which subset of the resource data will be included in the snapshot. Must correspond to an existing and valid template for the specified ResourceType.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    Specifies the type of resource for which the snapshot is being created. This field determines the structure and content of the snapshot. Must be one of the supported resource types, such as: Opportunity.

    " + "ClientToken":{ + "shape":"CreateResourceSnapshotRequestClientTokenString", + "documentation":"

    Specifies a unique, client-generated UUID to ensure that the request is handled exactly once. This token helps prevent duplicate snapshot creations.

    ", + "idempotencyToken":true } } }, "CreateResourceSnapshotRequestClientTokenString":{ "type":"string", - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "CreateResourceSnapshotResponse":{ "type":"structure", @@ -2139,7 +2148,7 @@ }, "Date":{ "type":"string", - "pattern":"^[1-9][0-9]{3}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])$" + "pattern":"[1-9][0-9]{3}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])" }, "DateTime":{ "type":"timestamp", @@ -2182,8 +2191,8 @@ "required":[ "Catalog", "OpportunityIdentifier", - "RelatedEntityIdentifier", - "RelatedEntityType" + "RelatedEntityType", + "RelatedEntityIdentifier" ], "members":{ "Catalog":{ @@ -2194,13 +2203,13 @@ "shape":"OpportunityIdentifier", "documentation":"

    The opportunity's unique identifier for when you want to disassociate it from related entities. This identifier helps to ensure that the correct opportunity is updated.

    Validation: Ensure that the provided identifier corresponds to an existing opportunity in the Amazon Web Services system because incorrect identifiers result in an error and no changes are made.

    " }, - "RelatedEntityIdentifier":{ - "shape":"DisassociateOpportunityRequestRelatedEntityIdentifierString", - "documentation":"

    The related entity's identifier that you want to disassociate from the opportunity. Depending on the type of entity, this could be a simple identifier or an Amazon Resource Name (ARN) for entities managed through Amazon Web Services Marketplace.

    For Amazon Web Services Marketplace entities, use the Amazon Web Services Marketplace API to obtain the necessary ARNs. For guidance on retrieving these ARNs, see Amazon Web Services MarketplaceUsing the Amazon Web Services Marketplace Catalog API.

    Validation: Ensure the identifier or ARN is valid and corresponds to an existing entity. An incorrect or invalid identifier results in an error.

    " - }, "RelatedEntityType":{ "shape":"RelatedEntityType", "documentation":"

    The type of the entity that you're disassociating from the opportunity. When you specify the entity type, it helps the system correctly process the disassociation request to ensure that the right connections are removed.

    Examples of entity types include Partner Solution, Amazon Web Services product, and Amazon Web Services Marketplaceoffer. Ensure that the value matches one of the expected entity types.

    Validation: Provide a valid entity type to help ensure successful disassociation. An invalid or incorrect entity type results in an error.

    " + }, + "RelatedEntityIdentifier":{ + "shape":"DisassociateOpportunityRequestRelatedEntityIdentifierString", + "documentation":"

    The related entity's identifier that you want to disassociate from the opportunity. Depending on the type of entity, this could be a simple identifier or an Amazon Resource Name (ARN) for entities managed through Amazon Web Services Marketplace.

    For Amazon Web Services Marketplace entities, use the Amazon Web Services Marketplace API to obtain the necessary ARNs. For guidance on retrieving these ARNs, see Amazon Web Services MarketplaceUsing the Amazon Web Services Marketplace Catalog API.

    Validation: Ensure the identifier or ARN is valid and corresponds to an existing entity. An incorrect or invalid identifier results in an error.

    " } } }, @@ -2211,35 +2220,35 @@ }, "DunsNumber":{ "type":"string", - "pattern":"^[0-9]{9}$", + "pattern":"[0-9]{9}", "sensitive":true }, "Email":{ "type":"string", "max":80, "min":0, - "pattern":"^[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$", + "pattern":"[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?", "sensitive":true }, "EngagementArn":{ "type":"string", - "pattern":"^arn:.*" + "pattern":"arn:.*" }, "EngagementArnOrIdentifier":{ "type":"string", - "pattern":"^(arn:.*|eng-[0-9a-z]{14})$" + "pattern":"(arn:.*|eng-[0-9a-z]{14})" }, "EngagementContextDetails":{ "type":"structure", "required":["Type"], "members":{ - "Payload":{ - "shape":"EngagementContextPayload", - "documentation":"

    Contains the specific details of the Engagement context. The structure of this payload varies depending on the Type field.

    " - }, "Type":{ "shape":"EngagementContextType", "documentation":"

    Specifies the type of Engagement context. Valid values are \"CustomerProject\" or \"Document\", indicating whether the context relates to a customer project or a document respectively.

    " + }, + "Payload":{ + "shape":"EngagementContextPayload", + "documentation":"

    Contains the specific details of the Engagement context. The structure of this payload varies depending on the Type field.

    " } }, "documentation":"

    Provides detailed context information for an Engagement. This structure allows for specifying the type of context and its associated payload.

    " @@ -2268,27 +2277,27 @@ "EngagementCustomer":{ "type":"structure", "required":[ - "CompanyName", - "CountryCode", "Industry", - "WebsiteUrl" + "CompanyName", + "WebsiteUrl", + "CountryCode" ], "members":{ - "CompanyName":{ - "shape":"CompanyName", - "documentation":"

    Represents the name of the customer’s company associated with the Engagement Invitation. This field is used to identify the customer.

    " - }, - "CountryCode":{ - "shape":"CountryCode", - "documentation":"

    Indicates the country in which the customer’s company operates. This field is useful for understanding regional requirements or compliance needs.

    " - }, "Industry":{ "shape":"Industry", "documentation":"

    Specifies the industry to which the customer’s company belongs. This field helps categorize the opportunity based on the customer’s business sector.

    " }, + "CompanyName":{ + "shape":"CompanyName", + "documentation":"

    Represents the name of the customer’s company associated with the Engagement Invitation. This field is used to identify the customer.

    " + }, "WebsiteUrl":{ "shape":"CompanyWebsiteUrl", "documentation":"

    Provides the website URL of the customer’s company. This field helps partners verify the legitimacy and size of the customer organization.

    " + }, + "CountryCode":{ + "shape":"CountryCode", + "documentation":"

    Indicates the country in which the customer’s company operates. This field is useful for understanding regional requirements or compliance needs.

    " } }, "documentation":"

    Contains details about the customer associated with the Engagement Invitation, including company information and industry.

    " @@ -2302,11 +2311,15 @@ "EngagementCustomerProjectDetails":{ "type":"structure", "required":[ + "Title", "BusinessProblem", - "TargetCompletionDate", - "Title" + "TargetCompletionDate" ], "members":{ + "Title":{ + "shape":"EngagementCustomerProjectTitle", + "documentation":"

    The title of the project.

    " + }, "BusinessProblem":{ "shape":"EngagementCustomerBusinessProblem", "documentation":"

    A description of the business problem the project aims to solve.

    " @@ -2314,17 +2327,13 @@ "TargetCompletionDate":{ "shape":"EngagementCustomerProjectDetailsTargetCompletionDateString", "documentation":"

    The target completion date for the customer's project.

    " - }, - "Title":{ - "shape":"EngagementCustomerProjectTitle", - "documentation":"

    The title of the project.

    " } }, "documentation":"

    Provides comprehensive details about a customer project associated with an Engagement. This may include information such as project goals, timelines, and specific customer requirements.

    " }, "EngagementCustomerProjectDetailsTargetCompletionDateString":{ "type":"string", - "pattern":"^[1-9][0-9]{3}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])$" + "pattern":"[1-9][0-9]{3}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])" }, "EngagementCustomerProjectTitle":{ "type":"string", @@ -2338,7 +2347,7 @@ }, "EngagementIdentifier":{ "type":"string", - "pattern":"^eng-[0-9a-z]{14}$" + "pattern":"eng-[0-9a-z]{14}" }, "EngagementIdentifiers":{ "type":"list", @@ -2348,17 +2357,17 @@ }, "EngagementInvitationArn":{ "type":"string", - "pattern":"^arn:aws:partnercentral::[0-9]{12}:[a-zA-Z]+/engagement-invitation/engi-[0-9,a-z]{13}$" + "pattern":"arn:aws:partnercentral::[0-9]{12}:[a-zA-Z]+/engagement-invitation/engi-[0-9,a-z]{13}" }, "EngagementInvitationArnOrIdentifier":{ "type":"string", "max":255, "min":1, - "pattern":"^(arn:.*|engi-[0-9a-z]{13})$" + "pattern":"(arn:.*|engi-[0-9a-z]{13})" }, "EngagementInvitationIdentifier":{ "type":"string", - "pattern":"^engi-[0-9,a-z]{13}$" + "pattern":"engi-[0-9,a-z]{13}" }, "EngagementInvitationIdentifiers":{ "type":"list", @@ -2377,17 +2386,21 @@ "EngagementInvitationSummary":{ "type":"structure", "required":[ - "Catalog", - "Id" + "Id", + "Catalog" ], "members":{ "Arn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the Engagement Invitation. The ARN is a unique identifier that allows partners to reference the invitation in their system and manage its lifecycle.

    " }, - "Catalog":{ - "shape":"CatalogIdentifier", - "documentation":"

    Specifies the catalog in which the Engagement Invitation resides. This can be either the AWS or Sandbox catalog, indicating whether the opportunity is live or being tested.

    " + "PayloadType":{ + "shape":"EngagementInvitationPayloadType", + "documentation":"

    Describes the type of payload associated with the Engagement Invitation, such as Opportunity or MarketplaceOffer. This helps partners understand the nature of the engagement request from AWS.

    " + }, + "Id":{ + "shape":"EngagementInvitationArnOrIdentifier", + "documentation":"

    Represents the unique identifier of the Engagement Invitation. This identifier is used to track the invitation and to manage responses like acceptance or rejection.

    " }, "EngagementId":{ "shape":"EngagementIdentifier", @@ -2397,29 +2410,17 @@ "shape":"EngagementTitle", "documentation":"

    Provides a short title or description of the Engagement Invitation. This title helps partners quickly identify and differentiate between multiple engagement opportunities.

    " }, - "ExpirationDate":{ - "shape":"DateTime", - "documentation":"

    Indicates the date and time when the Engagement Invitation will expire. After this date, the invitation can no longer be accepted, and the opportunity will be unavailable to the partner.

    " - }, - "Id":{ - "shape":"EngagementInvitationArnOrIdentifier", - "documentation":"

    Represents the unique identifier of the Engagement Invitation. This identifier is used to track the invitation and to manage responses like acceptance or rejection.

    " + "Status":{ + "shape":"InvitationStatus", + "documentation":"

    Represents the current status of the Engagement Invitation, such as Pending, Accepted, or Rejected. The status helps track the progress and response to the invitation.

    " }, "InvitationDate":{ "shape":"DateTime", "documentation":"

    Indicates the date when the Engagement Invitation was sent to the partner. This provides context for when the opportunity was shared and helps in tracking the timeline for engagement.

    " }, - "ParticipantType":{ - "shape":"ParticipantType", - "documentation":"

    Identifies the role of the caller in the engagement invitation.

    " - }, - "PayloadType":{ - "shape":"EngagementInvitationPayloadType", - "documentation":"

    Describes the type of payload associated with the Engagement Invitation, such as Opportunity or MarketplaceOffer. This helps partners understand the nature of the engagement request from AWS.

    " - }, - "Receiver":{ - "shape":"Receiver", - "documentation":"

    Specifies the partner company or individual that received the Engagement Invitation. This field is important for tracking who the invitation was sent to within the partner organization.

    " + "ExpirationDate":{ + "shape":"DateTime", + "documentation":"

    Indicates the date and time when the Engagement Invitation will expire. After this date, the invitation can no longer be accepted, and the opportunity will be unavailable to the partner.

    " }, "SenderAwsAccountId":{ "shape":"AwsAccount", @@ -2429,9 +2430,17 @@ "shape":"EngagementInvitationSummarySenderCompanyNameString", "documentation":"

    Indicates the name of the company or AWS division that sent the Engagement Invitation. This information is useful for partners to know which part of AWS is requesting engagement.

    " }, - "Status":{ - "shape":"InvitationStatus", - "documentation":"

    Represents the current status of the Engagement Invitation, such as Pending, Accepted, or Rejected. The status helps track the progress and response to the invitation.

    " + "Receiver":{ + "shape":"Receiver", + "documentation":"

    Specifies the partner company or individual that received the Engagement Invitation. This field is important for tracking who the invitation was sent to within the partner organization.

    " + }, + "Catalog":{ + "shape":"CatalogIdentifier", + "documentation":"

    Specifies the catalog in which the Engagement Invitation resides. This can be either the AWS or Sandbox catalog, indicating whether the opportunity is live or being tested.

    " + }, + "ParticipantType":{ + "shape":"ParticipantType", + "documentation":"

    Identifies the role of the caller in the engagement invitation.

    " } }, "documentation":"

    Provides a summarized view of the Engagement Invitation, including details like the identifier, status, and sender. This summary helps partners track and manage AWS originated opportunities.

    " @@ -2448,10 +2457,6 @@ "EngagementMember":{ "type":"structure", "members":{ - "AccountId":{ - "shape":"AwsAccount", - "documentation":"

    This is the unique identifier for the AWS account associated with the member organization. It's used for AWS-related operations and identity verification.

    " - }, "CompanyName":{ "shape":"MemberCompanyName", "documentation":"

    The official name of the member's company or organization.

    " @@ -2459,6 +2464,10 @@ "WebsiteUrl":{ "shape":"String", "documentation":"

    The URL of the member company's website. This offers a way to find more information about the member organization and serves as an additional identifier.

    " + }, + "AccountId":{ + "shape":"AwsAccount", + "documentation":"

    This is the unique identifier for the AWS account associated with the member organization. It's used for AWS-related operations and identity verification.

    " } }, "documentation":"

    Engagement members are the participants in an Engagement, which is likely a collaborative project or business opportunity within the AWS partner network. Members can be different partner organizations or AWS accounts that are working together on a specific engagement.

    Each member is represented by their AWS Account ID, Company Name, and associated details. Members have a status within the Engagement (PENDING, ACCEPTED, REJECTED, or WITHDRAWN), indicating their current state of participation. Only existing members of an Engagement can view the list of other members. This implies a level of privacy and access control within the Engagement structure.

    " @@ -2501,21 +2510,21 @@ "shape":"CatalogIdentifier", "documentation":"

    Indicates the environment in which the resource and engagement exist.

    " }, - "CreatedBy":{ - "shape":"AwsAccount", - "documentation":"

    The AWS account ID of the entity that owns the resource. Identifies the account responsible for or having primary control over the resource.

    " - }, "EngagementId":{ "shape":"EngagementIdentifier", "documentation":"

    A unique identifier for the engagement associated with the resource.

    " }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    Categorizes the type of resource associated with the engagement.

    " + }, "ResourceId":{ "shape":"ResourceIdentifier", "documentation":"

    A unique identifier for the specific resource. Varies depending on the resource type.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    Categorizes the type of resource associated with the engagement.

    " + "CreatedBy":{ + "shape":"AwsAccount", + "documentation":"

    The AWS account ID of the entity that owns the resource. Identifies the account responsible for or having primary control over the resource.

    " } }, "documentation":"

    This provide a streamlined view of the relationships between engagements and resources. These summaries offer a crucial link between collaborative engagements and the specific resources involved, such as opportunities.These summaries are particularly valuable for partners navigating complex engagements with multiple resources. They enable quick insights into resource distribution across engagements, support efficient resource management, and help maintain a clear overview of collaborative activities.

    " @@ -2535,17 +2544,17 @@ "EngagementSort":{ "type":"structure", "required":[ - "SortBy", - "SortOrder" + "SortOrder", + "SortBy" ], "members":{ - "SortBy":{ - "shape":"EngagementSortName", - "documentation":"

    The field by which to sort the results.

    " - }, "SortOrder":{ "shape":"SortOrder", "documentation":"

    The order in which to sort the results.

    " + }, + "SortBy":{ + "shape":"EngagementSortName", + "documentation":"

    The field by which to sort the results.

    " } }, "documentation":"

    Specifies the sorting parameters for listing Engagements.

    " @@ -2561,6 +2570,14 @@ "shape":"EngagementArn", "documentation":"

    The Amazon Resource Name (ARN) of the created Engagement.

    " }, + "Id":{ + "shape":"EngagementIdentifier", + "documentation":"

    The unique identifier for the Engagement.

    " + }, + "Title":{ + "shape":"EngagementTitle", + "documentation":"

    The title of the Engagement.

    " + }, "CreatedAt":{ "shape":"DateTime", "documentation":"

    The date and time when the Engagement was created.

    " @@ -2569,17 +2586,9 @@ "shape":"AwsAccount", "documentation":"

    The AWS Account ID of the Engagement creator.

    " }, - "Id":{ - "shape":"EngagementIdentifier", - "documentation":"

    The unique identifier for the Engagement.

    " - }, "MemberCount":{ "shape":"Integer", "documentation":"

    The number of members in the Engagement.

    " - }, - "Title":{ - "shape":"EngagementTitle", - "documentation":"

    The title of the Engagement.

    " } }, "documentation":"

    An object that contains an Engagement's subset of fields.

    " @@ -2603,24 +2612,24 @@ ], "members":{ "Amount":{ - "shape":"String", + "shape":"Amount", "documentation":"

    Represents the estimated monthly revenue that the partner expects to earn from the opportunity. This helps in forecasting financial returns.

    " }, "CurrencyCode":{ "shape":"ExpectedCustomerSpendCurrencyCodeEnum", "documentation":"

    Indicates the currency in which the revenue estimate is provided. This helps in understanding the financial impact across different markets.

    " }, - "EstimationUrl":{ - "shape":"WebsiteUrl", - "documentation":"

    A URL providing additional information or context about the spend estimation.

    " - }, "Frequency":{ "shape":"PaymentFrequency", - "documentation":"

    Indicates how frequently the customer is expected to spend the projected amount. This can include values such as Monthly, Quarterly, or Annually. The default value is Monthly, representing recurring monthly spend.

    " + "documentation":"

    Indicates how frequently the customer is expected to spend the projected amount. Only the value Monthly is allowed for the Frequency field, representing recurring monthly spend.

    " }, "TargetCompany":{ "shape":"ExpectedCustomerSpendTargetCompanyString", - "documentation":"

    Specifies the name of the partner company that is expected to generate revenue from the opportunity. This field helps track the partner’s involvement in the opportunity.

    " + "documentation":"

    Specifies the name of the partner company that is expected to generate revenue from the opportunity. This field helps track the partner’s involvement in the opportunity. This field only accepts the value AWS. If any other value is provided, the system will automatically set it to AWS.

    " + }, + "EstimationUrl":{ + "shape":"WebsiteUrl", + "documentation":"

    A URL providing additional information or context about the spend estimation.

    " } }, "documentation":"

    Provides an estimate of the revenue that the partner is expected to generate from the opportunity. This information helps partners assess the financial value of the project.

    " @@ -2797,13 +2806,14 @@ "ZMW", "ZWL" ], - "pattern":"^USD$", + "pattern":"USD", "sensitive":true }, "ExpectedCustomerSpendList":{ "type":"list", "member":{"shape":"ExpectedCustomerSpend"}, - "min":1 + "max":10, + "min":0 }, "ExpectedCustomerSpendTargetCompanyString":{ "type":"string", @@ -2835,21 +2845,21 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog in which the AWS Opportunity exists. This is the environment (e.g., AWS or Sandbox) where the opportunity is being managed.

    " }, - "Customer":{ - "shape":"AwsOpportunityCustomer", - "documentation":"

    Provides details about the customer associated with the AWS Opportunity, including account information, industry, and other customer data. These details help partners understand the business context of the opportunity.

    " + "RelatedOpportunityId":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Provides the unique identifier of the related partner opportunity, allowing partners to link the AWS Opportunity to their corresponding opportunity in their CRM system.

    " }, - "Insights":{ - "shape":"AwsOpportunityInsights", - "documentation":"

    Provides insights into the AWS Opportunity, including engagement score and recommended actions that AWS suggests for the partner.

    " + "Origin":{ + "shape":"OpportunityOrigin", + "documentation":"

    Specifies whether the AWS Opportunity originated from AWS or the partner. This helps distinguish between opportunities that were sourced by AWS and those referred by the partner.

    " }, "InvolvementType":{ "shape":"SalesInvolvementType", "documentation":"

    Specifies the type of involvement AWS has in the opportunity, such as direct cosell or advisory support. This field helps partners understand the role AWS plays in advancing the opportunity.

    " }, - "InvolvementTypeChangeReason":{ - "shape":"InvolvementTypeChangeReason", - "documentation":"

    Provides a reason for any changes in the involvement type of AWS in the opportunity. This field is used to track why the level of AWS engagement has changed from For Visibility Only to Co-sell offering transparency into the partnership dynamics.

    " + "Visibility":{ + "shape":"Visibility", + "documentation":"

    Defines the visibility level for the AWS Opportunity. Use Full visibility for most cases, while Limited visibility is reserved for special programs or sensitive opportunities.

    " }, "LifeCycle":{ "shape":"AwsOpportunityLifeCycle", @@ -2859,25 +2869,25 @@ "shape":"AwsOpportunityTeamMembersList", "documentation":"

    Details the AWS opportunity team, including members involved. This information helps partners know who from AWS is engaged and what their role is.

    " }, - "Origin":{ - "shape":"OpportunityOrigin", - "documentation":"

    Specifies whether the AWS Opportunity originated from AWS or the partner. This helps distinguish between opportunities that were sourced by AWS and those referred by the partner.

    " + "Insights":{ + "shape":"AwsOpportunityInsights", + "documentation":"

    Provides insights into the AWS Opportunity, including engagement score and recommended actions that AWS suggests for the partner.

    " }, - "Project":{ - "shape":"AwsOpportunityProject", - "documentation":"

    Provides details about the project associated with the AWS Opportunity, including the customer’s business problem, expected outcomes, and project scope. This information is crucial for understanding the broader context of the opportunity.

    " + "InvolvementTypeChangeReason":{ + "shape":"InvolvementTypeChangeReason", + "documentation":"

    Provides a reason for any changes in the involvement type of AWS in the opportunity. This field is used to track why the level of AWS engagement has changed from For Visibility Only to Co-sell offering transparency into the partnership dynamics.

    " }, "RelatedEntityIds":{ "shape":"AwsOpportunityRelatedEntities", "documentation":"

    Lists related entity identifiers, such as AWS products or partner solutions, associated with the AWS Opportunity. These identifiers provide additional context and help partners understand which AWS services are involved.

    " }, - "RelatedOpportunityId":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Provides the unique identifier of the related partner opportunity, allowing partners to link the AWS Opportunity to their corresponding opportunity in their CRM system.

    " + "Customer":{ + "shape":"AwsOpportunityCustomer", + "documentation":"

    Provides details about the customer associated with the AWS Opportunity, including account information, industry, and other customer data. These details help partners understand the business context of the opportunity.

    " }, - "Visibility":{ - "shape":"Visibility", - "documentation":"

    Defines the visibility level for the AWS Opportunity. Use Full visibility for most cases, while Limited visibility is reserved for special programs or sensitive opportunities.

    " + "Project":{ + "shape":"AwsOpportunityProject", + "documentation":"

    Provides details about the project associated with the AWS Opportunity, including the customer’s business problem, expected outcomes, and project scope. This information is crucial for understanding the broader context of the opportunity.

    " } } }, @@ -2901,21 +2911,21 @@ "GetEngagementInvitationResponse":{ "type":"structure", "required":[ - "Catalog", - "Id" + "Id", + "Catalog" ], "members":{ "Arn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) that identifies the engagement invitation.

    " }, - "Catalog":{ - "shape":"CatalogIdentifier", - "documentation":"

    Indicates the catalog from which the engagement invitation details are retrieved. This field helps in identifying the appropriate catalog (e.g., AWS or Sandbox) used in the request.

    " + "PayloadType":{ + "shape":"EngagementInvitationPayloadType", + "documentation":"

    The type of payload contained in the engagement invitation, indicating what data or context the payload covers.

    " }, - "EngagementDescription":{ - "shape":"EngagementDescription", - "documentation":"

    The description of the engagement associated with this invitation.

    " + "Id":{ + "shape":"EngagementInvitationArnOrIdentifier", + "documentation":"

    Unique identifier assigned to the engagement invitation being retrieved.

    " }, "EngagementId":{ "shape":"EngagementIdentifier", @@ -2925,53 +2935,53 @@ "shape":"EngagementTitle", "documentation":"

    The title of the engagement invitation, summarizing the purpose or objectives of the opportunity shared by AWS.

    " }, - "ExistingMembers":{ - "shape":"EngagementMemberSummaries", - "documentation":"

    A list of active members currently part of the Engagement. This array contains a maximum of 10 members, each represented by an object with the following properties.

    • CompanyName: The name of the member's company.

    • WebsiteUrl: The website URL of the member's company.

    " - }, - "ExpirationDate":{ - "shape":"DateTime", - "documentation":"

    Indicates the date on which the engagement invitation will expire if not accepted by the partner.

    " - }, - "Id":{ - "shape":"EngagementInvitationArnOrIdentifier", - "documentation":"

    Unique identifier assigned to the engagement invitation being retrieved.

    " + "Status":{ + "shape":"InvitationStatus", + "documentation":"

    The current status of the engagement invitation.

    " }, "InvitationDate":{ "shape":"DateTime", "documentation":"

    The date when the engagement invitation was sent to the partner.

    " }, - "InvitationMessage":{ - "shape":"InvitationMessage", - "documentation":"

    The message sent to the invited partner when the invitation was created.

    " + "ExpirationDate":{ + "shape":"DateTime", + "documentation":"

    Indicates the date on which the engagement invitation will expire if not accepted by the partner.

    " }, - "Payload":{ - "shape":"Payload", - "documentation":"

    Details of the engagement invitation payload, including specific data relevant to the invitation's contents, such as customer information and opportunity insights.

    " + "SenderAwsAccountId":{ + "shape":"AwsAccount", + "documentation":"

    Specifies the AWS Account ID of the sender, which identifies the AWS team responsible for sharing the engagement invitation.

    " }, - "PayloadType":{ - "shape":"EngagementInvitationPayloadType", - "documentation":"

    The type of payload contained in the engagement invitation, indicating what data or context the payload covers.

    " + "SenderCompanyName":{ + "shape":"GetEngagementInvitationResponseSenderCompanyNameString", + "documentation":"

    The name of the AWS organization or team that sent the engagement invitation.

    " }, "Receiver":{ "shape":"Receiver", "documentation":"

    Information about the partner organization or team that received the engagement invitation, including contact details and identifiers.

    " }, + "Catalog":{ + "shape":"CatalogIdentifier", + "documentation":"

    Indicates the catalog from which the engagement invitation details are retrieved. This field helps in identifying the appropriate catalog (e.g., AWS or Sandbox) used in the request.

    " + }, "RejectionReason":{ "shape":"RejectionReasonString", "documentation":"

    If the engagement invitation was rejected, this field specifies the reason provided by the partner for the rejection.

    " }, - "SenderAwsAccountId":{ - "shape":"AwsAccount", - "documentation":"

    Specifies the AWS Account ID of the sender, which identifies the AWS team responsible for sharing the engagement invitation.

    " + "Payload":{ + "shape":"Payload", + "documentation":"

    Details of the engagement invitation payload, including specific data relevant to the invitation's contents, such as customer information and opportunity insights.

    " }, - "SenderCompanyName":{ - "shape":"GetEngagementInvitationResponseSenderCompanyNameString", - "documentation":"

    The name of the AWS organization or team that sent the engagement invitation.

    " + "InvitationMessage":{ + "shape":"InvitationMessage", + "documentation":"

    The message sent to the invited partner when the invitation was created.

    " }, - "Status":{ - "shape":"InvitationStatus", - "documentation":"

    The current status of the engagement invitation.

    " + "EngagementDescription":{ + "shape":"EngagementDescription", + "documentation":"

    The description of the engagement associated with this invitation.

    " + }, + "ExistingMembers":{ + "shape":"EngagementMemberSummaries", + "documentation":"

    A list of active members currently part of the Engagement. This array contains a maximum of 10 members, each represented by an object with the following properties.

    • CompanyName: The name of the member's company.

    • WebsiteUrl: The website URL of the member's company.

    " } } }, @@ -3000,13 +3010,21 @@ "GetEngagementResponse":{ "type":"structure", "members":{ + "Id":{ + "shape":"EngagementIdentifier", + "documentation":"

    The unique resource identifier of the engagement retrieved.

    " + }, "Arn":{ "shape":"EngagementArn", "documentation":"

    The Amazon Resource Name (ARN) of the engagement retrieved.

    " }, - "Contexts":{ - "shape":"EngagementContexts", - "documentation":"

    A list of context objects associated with the engagement. Each context provides additional information related to the Engagement, such as customer projects or documents.

    " + "Title":{ + "shape":"EngagementTitle", + "documentation":"

    The title of the engagement. It provides a brief, descriptive name for the engagement that is meaningful and easily recognizable.

    " + }, + "Description":{ + "shape":"EngagementDescription", + "documentation":"

    A more detailed description of the engagement. This provides additional context or information about the engagement's purpose or scope.

    " }, "CreatedAt":{ "shape":"DateTime", @@ -3016,21 +3034,13 @@ "shape":"AwsAccount", "documentation":"

    The AWS account ID of the user who originally created the engagement. This field helps in tracking the origin of the engagement.

    " }, - "Description":{ - "shape":"EngagementDescription", - "documentation":"

    A more detailed description of the engagement. This provides additional context or information about the engagement's purpose or scope.

    " - }, - "Id":{ - "shape":"EngagementIdentifier", - "documentation":"

    The unique resource identifier of the engagement retrieved.

    " - }, "MemberCount":{ "shape":"Integer", "documentation":"

    Specifies the current count of members participating in the Engagement. This count includes all active members regardless of their roles or permissions within the Engagement.

    " }, - "Title":{ - "shape":"EngagementTitle", - "documentation":"

    The title of the engagement. It provides a brief, descriptive name for the engagement that is meaningful and easily recognizable.

    " + "Contexts":{ + "shape":"EngagementContexts", + "documentation":"

    A list of context objects associated with the engagement. Each context provides additional information related to the Engagement, such as customer projects or documents.

    " } } }, @@ -3055,75 +3065,75 @@ "type":"structure", "required":[ "Catalog", - "CreatedDate", "Id", "LastModifiedDate", + "CreatedDate", "RelatedEntityIdentifiers" ], "members":{ - "Arn":{ - "shape":"OpportunityArn", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the opportunity.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the opportunity information is retrieved from. Use AWS to retrieve opportunities in the Amazon Web Services catalog, and Sandbox to retrieve opportunities in a secure and isolated testing environment.

    " }, - "CreatedDate":{ - "shape":"DateTime", - "documentation":"

    DateTime when the Opportunity was last created.

    " + "PrimaryNeedsFromAws":{ + "shape":"PrimaryNeedsFromAws", + "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an Amazon Web Services seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connect with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs Amazon Web Services RFx support.

    " + }, + "NationalSecurity":{ + "shape":"NationalSecurity", + "documentation":"

    Indicates whether the Opportunity pertains to a national security project. This field must be set to true only when the customer's industry is Government. Additional privacy and security measures apply during the review and management process for opportunities marked as NationalSecurity.

    " + }, + "PartnerOpportunityIdentifier":{ + "shape":"GetOpportunityResponsePartnerOpportunityIdentifierString", + "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner.

    " }, "Customer":{ "shape":"Customer", "documentation":"

    Specifies details of the customer associated with the Opportunity.

    " }, - "Id":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Read-only, system generated Opportunity unique identifier.

    " - }, - "LastModifiedDate":{ - "shape":"DateTime", - "documentation":"

    DateTime when the opportunity was last modified.

    " + "Project":{ + "shape":"Project", + "documentation":"

    An object that contains project details summary for the Opportunity.

    " }, - "LifeCycle":{ - "shape":"LifeCycle", - "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " + "OpportunityType":{ + "shape":"OpportunityType", + "documentation":"

    Specifies the opportunity type as renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, which helps to ensure service continuity.

    • Expansion opportunity: Represents an opportunity to expand the scope of a customer's contract or subscription, either by adding new services or increasing the volume of existing services.

    " }, "Marketing":{ "shape":"Marketing", "documentation":"

    An object that contains marketing details for the Opportunity.

    " }, - "NationalSecurity":{ - "shape":"NationalSecurity", - "documentation":"

    Indicates whether the Opportunity pertains to a national security project. This field must be set to true only when the customer's industry is Government. Additional privacy and security measures apply during the review and management process for opportunities marked as NationalSecurity.

    " - }, - "OpportunityTeam":{ - "shape":"PartnerOpportunityTeamMembersList", - "documentation":"

    Represents the internal team handling the opportunity. Specify the members involved in collaborating on this opportunity within the partner's organization.

    " + "SoftwareRevenue":{ + "shape":"SoftwareRevenue", + "documentation":"

    Specifies details of a customer's procurement terms. Required only for partners in eligible programs.

    " }, - "OpportunityType":{ - "shape":"OpportunityType", - "documentation":"

    Specifies the opportunity type as renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, which helps to ensure service continuity.

    • Expansion opportunity: Represents an opportunity to expand the scope of a customer's contract or subscription, either by adding new services or increasing the volume of existing services.

    " + "Id":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Read-only, system generated Opportunity unique identifier.

    " }, - "PartnerOpportunityIdentifier":{ - "shape":"GetOpportunityResponsePartnerOpportunityIdentifierString", - "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner.

    " + "Arn":{ + "shape":"OpportunityArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the opportunity.

    " }, - "PrimaryNeedsFromAws":{ - "shape":"PrimaryNeedsFromAws", - "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an Amazon Web Services seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connect with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs Amazon Web Services RFx support.

    " + "LastModifiedDate":{ + "shape":"DateTime", + "documentation":"

    DateTime when the opportunity was last modified.

    " }, - "Project":{ - "shape":"Project", - "documentation":"

    An object that contains project details summary for the Opportunity.

    " + "CreatedDate":{ + "shape":"DateTime", + "documentation":"

    DateTime when the Opportunity was last created.

    " }, "RelatedEntityIdentifiers":{ "shape":"RelatedEntityIdentifiers", "documentation":"

    Provides information about the associations of other entities with the opportunity. These entities include identifiers for AWSProducts, Partner Solutions, and AWSMarketplaceOffers.

    " }, - "SoftwareRevenue":{ - "shape":"SoftwareRevenue", - "documentation":"

    Specifies details of a customer's procurement terms. Required only for partners in eligible programs.

    " + "LifeCycle":{ + "shape":"LifeCycle", + "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " + }, + "OpportunityTeam":{ + "shape":"PartnerOpportunityTeamMembersList", + "documentation":"

    Represents the internal team handling the opportunity. Specify the members involved in collaborating on this opportunity within the partner's organization.

    " } } }, @@ -3153,53 +3163,53 @@ "type":"structure", "required":["Catalog"], "members":{ - "Arn":{ - "shape":"ResourceSnapshotJobArn", - "documentation":"

    The Amazon Resource Name (ARN) of the snapshot job. This globally unique identifier can be used for resource-specific operations across AWS services.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    The catalog in which the snapshot job was created. This will match the Catalog specified in the request.

    " }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    The date and time when the snapshot job was created in ISO 8601 format (UTC). Example: \"2023-05-01T20:37:46Z\"

    " - }, - "EngagementId":{ - "shape":"EngagementIdentifier", - "documentation":"

    The identifier of the engagement associated with this snapshot job. This links the job to a specific engagement context.

    " - }, "Id":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    The unique identifier of the snapshot job. This matches the ResourceSnapshotJobIdentifier provided in the request.

    " }, - "LastFailure":{ - "shape":"String", - "documentation":"

    If the job has encountered any failures, this field contains the error message from the most recent failure. This can be useful for troubleshooting issues with the job.

    " + "Arn":{ + "shape":"ResourceSnapshotJobArn", + "documentation":"

    The Amazon Resource Name (ARN) of the snapshot job. This globally unique identifier can be used for resource-specific operations across AWS services.

    " }, - "LastSuccessfulExecutionDate":{ - "shape":"DateTime", - "documentation":"

    The date and time of the last successful execution of the job, in ISO 8601 format (UTC). Example: \"2023-05-01T20:37:46Z\"

    " + "EngagementId":{ + "shape":"EngagementIdentifier", + "documentation":"

    The identifier of the engagement associated with this snapshot job. This links the job to a specific engagement context.

    " }, - "ResourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource being snapshotted. This provides a globally unique identifier for the resource across AWS.

    " + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of resource being snapshotted. This would have \"Opportunity\" as a value as it is dependent on the supported resource type.

    " }, "ResourceId":{ "shape":"ResourceIdentifier", "documentation":"

    The identifier of the specific resource being snapshotted. The format might vary depending on the ResourceType.

    " }, + "ResourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource being snapshotted. This provides a globally unique identifier for the resource across AWS.

    " + }, "ResourceSnapshotTemplateName":{ "shape":"ResourceTemplateName", "documentation":"

    The name of the template used for creating the snapshot. This is the same as the template name. It defines the structure and content of the snapshot.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource being snapshotted. This would have \"Opportunity\" as a value as it is dependent on the supported resource type.

    " + "CreatedAt":{ + "shape":"DateTime", + "documentation":"

    The date and time when the snapshot job was created in ISO 8601 format (UTC). Example: \"2023-05-01T20:37:46Z\"

    " }, "Status":{ "shape":"ResourceSnapshotJobStatus", "documentation":"

    The current status of the snapshot job. Valid values:

    • STOPPED: The job is not currently running.

    • RUNNING: The job is actively executing.

    " + }, + "LastSuccessfulExecutionDate":{ + "shape":"DateTime", + "documentation":"

    The date and time of the last successful execution of the job, in ISO 8601 format (UTC). Example: \"2023-05-01T20:37:46Z\"

    " + }, + "LastFailure":{ + "shape":"String", + "documentation":"

    If the job has encountered any failures, this field contains the error message from the most recent failure. This can be useful for troubleshooting issues with the job.

    " } } }, @@ -3208,9 +3218,9 @@ "required":[ "Catalog", "EngagementIdentifier", + "ResourceType", "ResourceIdentifier", - "ResourceSnapshotTemplateIdentifier", - "ResourceType" + "ResourceSnapshotTemplateIdentifier" ], "members":{ "Catalog":{ @@ -3221,6 +3231,10 @@ "shape":"EngagementIdentifier", "documentation":"

    The unique identifier of the engagement associated with the snapshot. This field links the snapshot to a specific engagement context.

    " }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    Specifies the type of resource that was snapshotted. This field determines the structure and content of the snapshot payload. Valid value includes:Opportunity: For opportunity-related data.

    " + }, "ResourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    The unique identifier of the specific resource that was snapshotted. The format and constraints of this identifier depend on the ResourceType specified. For Opportunity type, it will be an opportunity ID

    " @@ -3229,10 +3243,6 @@ "shape":"ResourceTemplateName", "documentation":"

    he name of the template that defines the schema for the snapshot. This template determines which subset of the resource data is included in the snapshot and must correspond to an existing and valid template for the specified ResourceType.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    Specifies the type of resource that was snapshotted. This field determines the structure and content of the snapshot payload. Valid value includes:Opportunity: For opportunity-related data.

    " - }, "Revision":{ "shape":"ResourceSnapshotRevision", "documentation":"

    Specifies which revision of the snapshot to retrieve. If omitted returns the latest revision.

    " @@ -3243,27 +3253,30 @@ "type":"structure", "required":["Catalog"], "members":{ - "Arn":{ - "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the resource snapshot.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    The catalog in which the snapshot was created. Matches the Catalog specified in the request.

    " }, - "CreatedAt":{ - "shape":"DateTime", - "documentation":"

    The timestamp when the snapshot was created, in ISO 8601 format (e.g., \"2023-06-01T14:30:00Z\"). This allows for precise tracking of when the snapshot was taken.

    " + "Arn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the resource snapshot.

    " }, "CreatedBy":{ "shape":"AwsAccount", "documentation":"

    The AWS account ID of the principal (user or role) who created the snapshot. This helps in tracking the origin of the snapshot.

    " }, + "CreatedAt":{ + "shape":"DateTime", + "documentation":"

    The timestamp when the snapshot was created, in ISO 8601 format (e.g., \"2023-06-01T14:30:00Z\"). This allows for precise tracking of when the snapshot was taken.

    " + }, "EngagementId":{ "shape":"EngagementIdentifier", "documentation":"

    The identifier of the engagement associated with this snapshot. Matches the EngagementIdentifier specified in the request.

    " }, - "Payload":{"shape":"ResourceSnapshotPayload"}, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of the resource that was snapshotted. Matches the ResourceType specified in the request.

    " + }, "ResourceId":{ "shape":"ResourceIdentifier", "documentation":"

    The identifier of the specific resource that was snapshotted. Matches the ResourceIdentifier specified in the request.

    " @@ -3272,14 +3285,11 @@ "shape":"ResourceTemplateName", "documentation":"

    The name of the view used for this snapshot. This is the same as the template name.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of the resource that was snapshotted. Matches the ResourceType specified in the request.

    " - }, "Revision":{ "shape":"ResourceSnapshotRevision", "documentation":"

    The revision number of this snapshot. This is a positive integer that is sequential and unique within the context of a resource view.

    " - } + }, + "Payload":{"shape":"ResourceSnapshotPayload"} } }, "GetSellingSystemSettingsRequest":{ @@ -3356,23 +3366,24 @@ "type":"structure", "required":[ "Message", - "Payload", - "Receiver" + "Receiver", + "Payload" ], "members":{ "Message":{ "shape":"InvitationMessage", "documentation":"

    A message accompanying the invitation.

    " }, - "Payload":{"shape":"Payload"}, - "Receiver":{"shape":"Receiver"} + "Receiver":{"shape":"Receiver"}, + "Payload":{"shape":"Payload"} }, "documentation":"

    The Invitation structure represents an invitation exchanged between partners and AWS. It includes a message, receiver information, and a payload providing context for the invitation.

    " }, "InvitationMessage":{ "type":"string", "max":255, - "min":1 + "min":1, + "sensitive":true }, "InvitationStatus":{ "type":"string", @@ -3422,6 +3433,10 @@ "LifeCycle":{ "type":"structure", "members":{ + "Stage":{ + "shape":"Stage", + "documentation":"

    Specifies the current stage of the Opportunity's lifecycle as it maps to Amazon Web Services stages from the current stage in the partner CRM. This field provides a translated value of the stage, and offers insight into the Opportunity's progression in the sales cycle, according to Amazon Web Services definitions.

    A lead and a prospect must be further matured to a Qualified opportunity before submission. Opportunities that were closed/lost before submission aren't suitable for submission.

    The descriptions of each sales stage are:

    • Prospect: Amazon Web Services identifies the opportunity. It can be active (Comes directly from the end customer through a lead) or latent (Your account team believes it exists based on research, account plans, sales plays).

    • Qualified: Your account team engaged with the customer to discuss viability and requirements. The customer agreed that the opportunity is real, of interest, and may solve business/technical needs.

    • Technical Validation: All parties understand the implementation plan.

    • Business Validation: Pricing was proposed, and all parties agree to the steps to close.

    • Committed: The customer signed the contract, but Amazon Web Services hasn't started billing.

    • Launched: The workload is complete, and Amazon Web Services has started billing.

    • Closed Lost: The opportunity is lost, and there are no steps to move forward.

    " + }, "ClosedLostReason":{ "shape":"ClosedLostReason", "documentation":"

    Specifies the reason code when an opportunity is marked as Closed Lost. When you select an appropriate reason code, you communicate the context for closing the Opportunity, and aid in accurate reports and analysis of opportunity outcomes. The possible values are:

    • Customer Deficiency: The customer lacked necessary resources or capabilities.

    • Delay/Cancellation of Project: The project was delayed or canceled.

    • Legal/Tax/Regulatory: Legal, tax, or regulatory issues prevented progress.

    • Lost to Competitor—Google: The opportunity was lost to Google.

    • Lost to Competitor—Microsoft: The opportunity was lost to Microsoft.

    • Lost to Competitor—SoftLayer: The opportunity was lost to SoftLayer.

    • Lost to Competitor—VMWare: The opportunity was lost to VMWare.

    • Lost to Competitor—Other: The opportunity was lost to a competitor not listed above.

    • No Opportunity: There was no opportunity to pursue.

    • On Premises Deployment: The customer chose an on-premises solution.

    • Partner Gap: The partner lacked necessary resources or capabilities.

    • Price: The price was not competitive or acceptable to the customer.

    • Security/Compliance: Security or compliance issues prevented progress.

    • Technical Limitations: Technical limitations prevented progress.

    • Customer Experience: Issues related to the customer's experience impacted the decision.

    • Other: Any reason not covered by the other values.

    • People/Relationship/Governance: Issues related to people, relationships, or governance.

    • Product/Technology: Issues related to the product or technology.

    • Financial/Commercial: Financial or commercial issues impacted the decision.

    " @@ -3430,29 +3445,25 @@ "shape":"LifeCycleNextStepsString", "documentation":"

    Specifies the upcoming actions or tasks for the Opportunity. Use this field to communicate with Amazon Web Services about the next actions required for the Opportunity.

    " }, - "NextStepsHistory":{ - "shape":"LifeCycleNextStepsHistoryList", - "documentation":"

    Captures a chronological record of the next steps or actions planned or taken for the current opportunity, along with the timestamp.

    " - }, - "ReviewComments":{ - "shape":"String", - "documentation":"

    Indicates why an opportunity was sent back for further details. Partners must take corrective action based on the ReviewComments.

    " + "TargetCloseDate":{ + "shape":"Date", + "documentation":"

    Specifies the date when Amazon Web Services expects to start significant billing, when the project finishes, and when it moves into production. This field informs the Amazon Web Services seller about when the opportunity launches and starts to incur Amazon Web Services usage.

    Ensure the Target Close Date isn't in the past.

    " }, "ReviewStatus":{ "shape":"ReviewStatus", "documentation":"

    Indicates the review status of an opportunity referred by a partner. This field is read-only and only applicable for partner referrals. The possible values are:

    • Pending Submission: Not submitted for validation (editable).

    • Submitted: Submitted for validation, and Amazon Web Services hasn't reviewed it (read-only).

    • In Review: Amazon Web Services is validating (read-only).

    • Action Required: Issues that Amazon Web Services highlights need to be addressed. Partners should use the UpdateOpportunity API action to update the opportunity and helps to ensure that all required changes are made. Only the following fields are editable when the Lifecycle.ReviewStatus is Action Required:

      • Customer.Account.Address.City

      • Customer.Account.Address.CountryCode

      • Customer.Account.Address.PostalCode

      • Customer.Account.Address.StateOrRegion

      • Customer.Account.Address.StreetAddress

      • Customer.Account.WebsiteUrl

      • LifeCycle.TargetCloseDate

      • Project.ExpectedMonthlyAWSRevenue.Amount

      • Project.ExpectedMonthlyAWSRevenue.CurrencyCode

      • Project.CustomerBusinessProblem

      • PartnerOpportunityIdentifier

      After updates, the opportunity re-enters the validation phase. This process repeats until all issues are resolved, and the opportunity's Lifecycle.ReviewStatus is set to Approved or Rejected.

    • Approved: Validated and converted into the Amazon Web Services seller's pipeline (editable).

    • Rejected: Disqualified (read-only).

    " }, - "ReviewStatusReason":{ + "ReviewComments":{ "shape":"String", - "documentation":"

    Indicates the reason a decision was made during the opportunity review process. This field combines the reasons for both disqualified and action required statuses, and provide clarity for why an opportunity was disqualified or requires further action.

    " + "documentation":"

    Contains detailed feedback from Amazon Web Services when requesting additional information from partners. Provides specific guidance on what partners need to provide or clarify for opportunity validation, complementing the ReviewStatusReason field.

    " }, - "Stage":{ - "shape":"Stage", - "documentation":"

    Specifies the current stage of the Opportunity's lifecycle as it maps to Amazon Web Services stages from the current stage in the partner CRM. This field provides a translated value of the stage, and offers insight into the Opportunity's progression in the sales cycle, according to Amazon Web Services definitions.

    A lead and a prospect must be further matured to a Qualified opportunity before submission. Opportunities that were closed/lost before submission aren't suitable for submission.

    The descriptions of each sales stage are:

    • Prospect: Amazon Web Services identifies the opportunity. It can be active (Comes directly from the end customer through a lead) or latent (Your account team believes it exists based on research, account plans, sales plays).

    • Qualified: Your account team engaged with the customer to discuss viability and requirements. The customer agreed that the opportunity is real, of interest, and may solve business/technical needs.

    • Technical Validation: All parties understand the implementation plan.

    • Business Validation: Pricing was proposed, and all parties agree to the steps to close.

    • Committed: The customer signed the contract, but Amazon Web Services hasn't started billing.

    • Launched: The workload is complete, and Amazon Web Services has started billing.

    • Closed Lost: The opportunity is lost, and there are no steps to move forward.

    " + "ReviewStatusReason":{ + "shape":"String", + "documentation":"

    Code indicating the validation decision during the Amazon Web Services opportunity review. Applies when status is Rejected or Action Required. Used to document validation results for AWS Partner Referrals and indicate when additional information is needed from partners as part of the APN Customer Engagement (ACE) program.

    " }, - "TargetCloseDate":{ - "shape":"Date", - "documentation":"

    Specifies the date when Amazon Web Services expects to start significant billing, when the project finishes, and when it moves into production. This field informs the Amazon Web Services seller about when the opportunity launches and starts to incur Amazon Web Services usage.

    Ensure the Target Close Date isn't in the past.

    " + "NextStepsHistory":{ + "shape":"LifeCycleNextStepsHistoryList", + "documentation":"

    Captures a chronological record of the next steps or actions planned or taken for the current opportunity, along with the timestamp.

    " } }, "documentation":"

    An object that contains the Opportunity lifecycle's details.

    " @@ -3460,9 +3471,9 @@ "LifeCycleForView":{ "type":"structure", "members":{ - "NextSteps":{ - "shape":"LifeCycleForViewNextStepsString", - "documentation":"

    Describes the next steps for the opportunity shared through a snapshot.

    " + "TargetCloseDate":{ + "shape":"Date", + "documentation":"

    The projected launch date of the opportunity shared through a snapshot.

    " }, "ReviewStatus":{ "shape":"ReviewStatus", @@ -3472,9 +3483,9 @@ "shape":"Stage", "documentation":"

    Defines the current stage of the opportunity shared through a snapshot.

    " }, - "TargetCloseDate":{ - "shape":"Date", - "documentation":"

    The projected launch date of the opportunity shared through a snapshot.

    " + "NextSteps":{ + "shape":"LifeCycleForViewNextStepsString", + "documentation":"

    Describes the next steps for the opportunity shared through a snapshot.

    " } }, "documentation":"

    Provides the lifecycle view of an opportunity resource shared through a snapshot.

    " @@ -3500,6 +3511,10 @@ "LifeCycleSummary":{ "type":"structure", "members":{ + "Stage":{ + "shape":"Stage", + "documentation":"

    Specifies the current stage of the Opportunity's lifecycle as it maps to Amazon Web Services stages from the current stage in the partner CRM. This field provides a translated value of the stage, and offers insight into the Opportunity's progression in the sales cycle, according to Amazon Web Services definitions.

    A lead and a prospect must be further matured to a Qualified opportunity before submission. Opportunities that were closed/lost before submission aren't suitable for submission.

    The descriptions of each sales stage are:

    • Prospect: Amazon Web Services identifies the opportunity. It can be active (Comes directly from the end customer through a lead) or latent (Your account team believes it exists based on research, account plans, sales plays).

    • Qualified: Your account team engaged with the customer to discuss viability and understand requirements. The customer agreed that the opportunity is real, of interest, and may solve business/technical needs.

    • Technical Validation: All parties understand the implementation plan.

    • Business Validation: Pricing was proposed, and all parties agree to the steps to close.

    • Committed: The customer signed the contract, but Amazon Web Services hasn't started billing.

    • Launched: The workload is complete, and Amazon Web Services has started billing.

    • Closed Lost: The opportunity is lost, and there are no steps to move forward.

    " + }, "ClosedLostReason":{ "shape":"ClosedLostReason", "documentation":"

    Specifies the reason code when an opportunity is marked as Closed Lost. When you select an appropriate reason code, you communicate the context for closing the Opportunity, and aid in accurate reports and analysis of opportunity outcomes.

    " @@ -3508,25 +3523,21 @@ "shape":"LifeCycleSummaryNextStepsString", "documentation":"

    Specifies the upcoming actions or tasks for the Opportunity. This field is utilized to communicate to Amazon Web Services the next actions required for the Opportunity.

    " }, - "ReviewComments":{ - "shape":"String", - "documentation":"

    Indicates why an opportunity was sent back for further details. Partners must take corrective action based on the ReviewComments.

    " + "TargetCloseDate":{ + "shape":"Date", + "documentation":"

    Specifies the date when Amazon Web Services expects to start significant billing, when the project finishes, and when it moves into production. This field informs the Amazon Web Services seller about when the opportunity launches and starts to incur Amazon Web Services usage.

    Ensure the Target Close Date isn't in the past.

    " }, "ReviewStatus":{ "shape":"ReviewStatus", "documentation":"

    Indicates the review status of a partner referred opportunity. This field is read-only and only applicable for partner referrals. Valid values:

    • Pending Submission: Not submitted for validation (editable).

    • Submitted: Submitted for validation and not yet Amazon Web Services reviewed (read-only).

    • In Review: Undergoing Amazon Web Services validation (read-only).

    • Action Required: Address any issues Amazon Web Services highlights. Use the UpdateOpportunity API action to update the opportunity, and ensure you make all required changes. Only these fields are editable when the Lifecycle.ReviewStatus is Action Required:

      • Customer.Account.Address.City

      • Customer.Account.Address.CountryCode

      • Customer.Account.Address.PostalCode

      • Customer.Account.Address.StateOrRegion

      • Customer.Account.Address.StreetAddress

      • Customer.Account.WebsiteUrl

      • LifeCycle.TargetCloseDate

      • Project.ExpectedCustomerSpend.Amount

      • Project.ExpectedCustomerSpend.CurrencyCode

      • Project.CustomerBusinessProblem

      • PartnerOpportunityIdentifier

      After updates, the opportunity re-enters the validation phase. This process repeats until all issues are resolved, and the opportunity's Lifecycle.ReviewStatus is set to Approved or Rejected.

    • Approved: Validated and converted into the Amazon Web Services seller's pipeline (editable).

    • Rejected: Disqualified (read-only).

    " }, + "ReviewComments":{ + "shape":"String", + "documentation":"

    Indicates why an opportunity was sent back for further details. Partners must take corrective action based on the ReviewComments.

    " + }, "ReviewStatusReason":{ "shape":"String", "documentation":"

    Indicates the reason a specific decision was taken during the opportunity review process. This field combines the reasons for both disqualified and action required statuses, and provides clarity for why an opportunity was disqualified or required further action.

    " - }, - "Stage":{ - "shape":"Stage", - "documentation":"

    Specifies the current stage of the Opportunity's lifecycle as it maps to Amazon Web Services stages from the current stage in the partner CRM. This field provides a translated value of the stage, and offers insight into the Opportunity's progression in the sales cycle, according to Amazon Web Services definitions.

    A lead and a prospect must be further matured to a Qualified opportunity before submission. Opportunities that were closed/lost before submission aren't suitable for submission.

    The descriptions of each sales stage are:

    • Prospect: Amazon Web Services identifies the opportunity. It can be active (Comes directly from the end customer through a lead) or latent (Your account team believes it exists based on research, account plans, sales plays).

    • Qualified: Your account team engaged with the customer to discuss viability and understand requirements. The customer agreed that the opportunity is real, of interest, and may solve business/technical needs.

    • Technical Validation: All parties understand the implementation plan.

    • Business Validation: Pricing was proposed, and all parties agree to the steps to close.

    • Committed: The customer signed the contract, but Amazon Web Services hasn't started billing.

    • Launched: The workload is complete, and Amazon Web Services has started billing.

    • Closed Lost: The opportunity is lost, and there are no steps to move forward.

    " - }, - "TargetCloseDate":{ - "shape":"Date", - "documentation":"

    Specifies the date when Amazon Web Services expects to start significant billing, when the project finishes, and when it moves into production. This field informs the Amazon Web Services seller about when the opportunity launches and starts to incur Amazon Web Services usage.

    Ensure the Target Close Date isn't in the past.

    " } }, "documentation":"

    An object that contains a LifeCycle object's subset of fields.

    " @@ -3544,41 +3555,41 @@ "ListEngagementByAcceptingInvitationTaskSummary":{ "type":"structure", "members":{ - "EngagementInvitationId":{ - "shape":"EngagementInvitationIdentifier", - "documentation":"

    The unique identifier of the engagement invitation that was accepted.

    " + "TaskId":{ + "shape":"TaskIdentifier", + "documentation":"

    Unique identifier of the task.

    " + }, + "TaskArn":{ + "shape":"TaskArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the task.

    " + }, + "StartTime":{ + "shape":"DateTime", + "documentation":"

    Task start timestamp.

    " + }, + "TaskStatus":{ + "shape":"TaskStatus", + "documentation":"

    Status of the task.

    " }, "Message":{ "shape":"String", "documentation":"

    Detailed message describing the failure and possible recovery steps.

    " }, - "OpportunityId":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Unique identifier of opportunity that was created.

    " - }, "ReasonCode":{ "shape":"ReasonCode", "documentation":"

    A code pointing to the specific reason for the failure.

    " }, + "OpportunityId":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Unique identifier of opportunity that was created.

    " + }, "ResourceSnapshotJobId":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    Unique identifier of the resource snapshot job that was created.

    " }, - "StartTime":{ - "shape":"DateTime", - "documentation":"

    Task start timestamp.

    " - }, - "TaskArn":{ - "shape":"TaskArn", - "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the task.

    " - }, - "TaskId":{ - "shape":"TaskIdentifier", - "documentation":"

    Unique identifier of the task.

    " - }, - "TaskStatus":{ - "shape":"TaskStatus", - "documentation":"

    Status of the task.

    " + "EngagementInvitationId":{ + "shape":"EngagementInvitationIdentifier", + "documentation":"

    The unique identifier of the engagement invitation that was accepted.

    " } }, "documentation":"

    Specifies a subset of fields associated with tasks related to accepting an engagement invitation.

    " @@ -3587,14 +3598,6 @@ "type":"structure", "required":["Catalog"], "members":{ - "Catalog":{ - "shape":"CatalogIdentifier", - "documentation":"

    Specifies the catalog related to the request. Valid values are:

    • AWS: Retrieves the request from the production AWS environment.

    • Sandbox: Retrieves the request from a sandbox environment used for testing or development purposes.

    " - }, - "EngagementInvitationIdentifier":{ - "shape":"EngagementInvitationIdentifiers", - "documentation":"

    Filters tasks by the identifiers of the engagement invitations they are processing.

    " - }, "MaxResults":{ "shape":"ListEngagementByAcceptingInvitationTasksRequestMaxResultsInteger", "documentation":"

    Use this parameter to control the number of items returned in each request, which can be useful for performance tuning and managing large result sets.

    " @@ -3603,21 +3606,29 @@ "shape":"ListEngagementByAcceptingInvitationTasksRequestNextTokenString", "documentation":"

    Use this parameter for pagination when the result set spans multiple pages. This value is obtained from the NextToken field in the response of a previous call to this API.

    " }, - "OpportunityIdentifier":{ - "shape":"OpportunityIdentifiers", - "documentation":"

    Filters tasks by the identifiers of the opportunities they created or are associated with.

    " - }, "Sort":{ "shape":"ListTasksSortBase", "documentation":"

    Specifies the sorting criteria for the returned results. This allows you to order the tasks based on specific attributes.

    " }, - "TaskIdentifier":{ - "shape":"TaskIdentifiers", - "documentation":"

    Filters tasks by their unique identifiers. Use this when you want to retrieve information about specific tasks.

    " + "Catalog":{ + "shape":"CatalogIdentifier", + "documentation":"

    Specifies the catalog related to the request. Valid values are:

    • AWS: Retrieves the request from the production AWS environment.

    • Sandbox: Retrieves the request from a sandbox environment used for testing or development purposes.

    " }, "TaskStatus":{ "shape":"TaskStatuses", "documentation":"

    Filters the tasks based on their current status. This allows you to focus on tasks in specific states.

    " + }, + "OpportunityIdentifier":{ + "shape":"OpportunityIdentifiers", + "documentation":"

    Filters tasks by the identifiers of the opportunities they created or are associated with.

    " + }, + "EngagementInvitationIdentifier":{ + "shape":"EngagementInvitationIdentifiers", + "documentation":"

    Filters tasks by the identifiers of the engagement invitations they are processing.

    " + }, + "TaskIdentifier":{ + "shape":"TaskIdentifiers", + "documentation":"

    Filters tasks by their unique identifiers. Use this when you want to retrieve information about specific tasks.

    " } } }, @@ -3635,13 +3646,13 @@ "ListEngagementByAcceptingInvitationTasksResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    A token used for pagination to retrieve the next page of results.If there are more results available, this field will contain a token that can be used in a subsequent API call to retrieve the next page. If there are no more results, this field will be null or an empty string.

    " - }, "TaskSummaries":{ "shape":"ListEngagementByAcceptingInvitationTaskSummaries", "documentation":"

    An array of EngagementByAcceptingInvitationTaskSummary objects, each representing a task that matches the specified filters. The array may be empty if no tasks match the criteria.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A token used for pagination to retrieve the next page of results.If there are more results available, this field will contain a token that can be used in a subsequent API call to retrieve the next page. If there are no more results, this field will be null or an empty string.

    " } } }, @@ -3652,45 +3663,45 @@ "ListEngagementFromOpportunityTaskSummary":{ "type":"structure", "members":{ - "EngagementId":{ - "shape":"EngagementIdentifier", - "documentation":"

    The unique identifier of the engagement created as a result of the task. This field is populated when the task is completed successfully.

    " + "TaskId":{ + "shape":"TaskIdentifier", + "documentation":"

    A unique identifier for a specific task.

    " }, - "EngagementInvitationId":{ - "shape":"EngagementInvitationIdentifier", - "documentation":"

    The unique identifier of the Engagement Invitation.

    " + "TaskArn":{ + "shape":"TaskArn", + "documentation":"

    The Amazon Resource Name (ARN) uniquely identifying this task within AWS. This ARN can be used for referencing the task in other AWS services or APIs.

    " + }, + "StartTime":{ + "shape":"DateTime", + "documentation":"

    The timestamp indicating when the task was initiated, in RFC 3339 5.6 date-time format.

    " + }, + "TaskStatus":{ + "shape":"TaskStatus", + "documentation":"

    The current status of the task.

    " }, "Message":{ "shape":"String", "documentation":"

    A detailed message providing additional information about the task, especially useful in case of failures. This field may contain error details or other relevant information about the task's execution

    " }, - "OpportunityId":{ - "shape":"OpportunityIdentifier", - "documentation":"

    The unique identifier of the original Opportunity from which the Engagement is being created. This field helps track the source of the Engagement creation task.

    " - }, "ReasonCode":{ "shape":"ReasonCode", "documentation":"

    A code indicating the specific reason for a task failure. This field is populated when the task status is FAILED and provides a categorized reason for the failure.

    " }, + "OpportunityId":{ + "shape":"OpportunityIdentifier", + "documentation":"

    The unique identifier of the original Opportunity from which the Engagement is being created. This field helps track the source of the Engagement creation task.

    " + }, "ResourceSnapshotJobId":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    The identifier of the resource snapshot job associated with this task, if a snapshot was created as part of the Engagement creation process.

    " }, - "StartTime":{ - "shape":"DateTime", - "documentation":"

    The timestamp indicating when the task was initiated, in RFC 3339 5.6 date-time format.

    " - }, - "TaskArn":{ - "shape":"TaskArn", - "documentation":"

    The Amazon Resource Name (ARN) uniquely identifying this task within AWS. This ARN can be used for referencing the task in other AWS services or APIs.

    " - }, - "TaskId":{ - "shape":"TaskIdentifier", - "documentation":"

    A unique identifier for a specific task.

    " + "EngagementId":{ + "shape":"EngagementIdentifier", + "documentation":"

    The unique identifier of the engagement created as a result of the task. This field is populated when the task is completed successfully.

    " }, - "TaskStatus":{ - "shape":"TaskStatus", - "documentation":"

    The current status of the task.

    " + "EngagementInvitationId":{ + "shape":"EngagementInvitationIdentifier", + "documentation":"

    The unique identifier of the Engagement Invitation.

    " } }, "documentation":"

    Provides a summary of a task related to creating an engagement from an opportunity. This structure contains key information about the task's status, associated identifiers, and any failure details.

    " @@ -3699,14 +3710,6 @@ "type":"structure", "required":["Catalog"], "members":{ - "Catalog":{ - "shape":"CatalogIdentifier", - "documentation":"

    Specifies the catalog related to the request. Valid values are:

    • AWS: Retrieves the request from the production AWS environment.

    • Sandbox: Retrieves the request from a sandbox environment used for testing or development purposes.

    " - }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifiers", - "documentation":"

    Filters tasks by the identifiers of the engagements they created or are associated with.

    " - }, "MaxResults":{ "shape":"ListEngagementFromOpportunityTasksRequestMaxResultsInteger", "documentation":"

    Specifies the maximum number of results to return in a single page of the response.Use this parameter to control the number of items returned in each request, which can be useful for performance tuning and managing large result sets.

    " @@ -3715,21 +3718,29 @@ "shape":"ListEngagementFromOpportunityTasksRequestNextTokenString", "documentation":"

    The token for requesting the next page of results. This value is obtained from the NextToken field in the response of a previous call to this API. Use this parameter for pagination when the result set spans multiple pages.

    " }, - "OpportunityIdentifier":{ - "shape":"OpportunityIdentifiers", - "documentation":"

    The identifier of the original opportunity associated with this task.

    " - }, "Sort":{ "shape":"ListTasksSortBase", "documentation":"

    Specifies the sorting criteria for the returned results. This allows you to order the tasks based on specific attributes.

    " }, - "TaskIdentifier":{ - "shape":"TaskIdentifiers", - "documentation":"

    Filters tasks by their unique identifiers. Use this when you want to retrieve information about specific tasks.

    " + "Catalog":{ + "shape":"CatalogIdentifier", + "documentation":"

    Specifies the catalog related to the request. Valid values are:

    • AWS: Retrieves the request from the production AWS environment.

    • Sandbox: Retrieves the request from a sandbox environment used for testing or development purposes.

    " }, "TaskStatus":{ "shape":"TaskStatuses", "documentation":"

    Filters the tasks based on their current status. This allows you to focus on tasks in specific states.

    " + }, + "TaskIdentifier":{ + "shape":"TaskIdentifiers", + "documentation":"

    Filters tasks by their unique identifiers. Use this when you want to retrieve information about specific tasks.

    " + }, + "OpportunityIdentifier":{ + "shape":"OpportunityIdentifiers", + "documentation":"

    The identifier of the original opportunity associated with this task.

    " + }, + "EngagementIdentifier":{ + "shape":"EngagementIdentifiers", + "documentation":"

    Filters tasks by the identifiers of the engagements they created or are associated with.

    " } } }, @@ -3747,13 +3758,13 @@ "ListEngagementFromOpportunityTasksResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    A token used for pagination to retrieve the next page of results. If there are more results available, this field will contain a token that can be used in a subsequent API call to retrieve the next page. If there are no more results, this field will be null or an empty string.

    " - }, "TaskSummaries":{ "shape":"ListEngagementFromOpportunityTaskSummaries", "documentation":"

    TaskSummaries An array of TaskSummary objects containing details about each task.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A token used for pagination to retrieve the next page of results. If there are more results available, this field will contain a token that can be used in a subsequent API call to retrieve the next page. If there are no more results, this field will be null or an empty string.

    " } } }, @@ -3768,10 +3779,6 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog from which to list the engagement invitations. Use AWS for production invitations or Sandbox for testing environments.

    " }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifiers", - "documentation":"

    Retrieves a list of engagement invitation summaries based on specified filters. The ListEngagementInvitations operation allows you to view all invitations that you have sent or received. You must specify the ParticipantType to filter invitations where you are either the SENDER or the RECEIVER. Invitations will automatically expire if not accepted within 15 days.

    " - }, "MaxResults":{ "shape":"PageSize", "documentation":"

    Specifies the maximum number of engagement invitations to return in the response. If more results are available, a pagination token will be provided.

    " @@ -3780,25 +3787,29 @@ "shape":"String", "documentation":"

    A pagination token used to retrieve additional pages of results when the response to a previous request was truncated. Pass this token to continue listing invitations from where the previous call left off.

    " }, - "ParticipantType":{ - "shape":"ParticipantType", - "documentation":"

    Specifies the type of participant for which to list engagement invitations. Identifies the role of the participant.

    " + "Sort":{ + "shape":"OpportunityEngagementInvitationSort", + "documentation":"

    Specifies the sorting options for listing engagement invitations. Invitations can be sorted by fields such as InvitationDate or Status to help partners view results in their preferred order.

    " }, "PayloadType":{ "shape":"EngagementInvitationsPayloadType", "documentation":"

    Defines the type of payload associated with the engagement invitations to be listed. The attributes in this payload help decide on acceptance or rejection of the invitation.

    " }, - "SenderAwsAccountId":{ - "shape":"AwsAccountIdOrAliasList", - "documentation":"

    List of sender AWS account IDs to filter the invitations.

    " - }, - "Sort":{ - "shape":"OpportunityEngagementInvitationSort", - "documentation":"

    Specifies the sorting options for listing engagement invitations. Invitations can be sorted by fields such as InvitationDate or Status to help partners view results in their preferred order.

    " + "ParticipantType":{ + "shape":"ParticipantType", + "documentation":"

    Specifies the type of participant for which to list engagement invitations. Identifies the role of the participant.

    " }, "Status":{ "shape":"InvitationStatusList", "documentation":"

    Status values to filter the invitations.

    " + }, + "EngagementIdentifier":{ + "shape":"EngagementIdentifiers", + "documentation":"

    Retrieves a list of engagement invitation summaries based on specified filters. The ListEngagementInvitations operation allows you to view all invitations that you have sent or received. You must specify the ParticipantType to filter invitations where you are either the SENDER or the RECEIVER. Invitations will automatically expire if not accepted within 15 days.

    " + }, + "SenderAwsAccountId":{ + "shape":"AwsAccountIdOrAliasList", + "documentation":"

    List of sender AWS account IDs to filter the invitations.

    " } } }, @@ -3862,14 +3873,6 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog in which to search for engagement-resource associations. Valid Values: \"AWS\" or \"Sandbox\"

    • AWS for production environments.

    • Sandbox for testing and development purposes.

    " }, - "CreatedBy":{ - "shape":"AwsAccount", - "documentation":"

    Filters the response to include only snapshots of resources owned by the specified AWS account ID. Use this when you want to find associations related to resources owned by a particular account.

    " - }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifier", - "documentation":"

    Filters the results to include only associations related to the specified engagement. Use this when you want to find all resources associated with a specific engagement.

    " - }, "MaxResults":{ "shape":"ListEngagementResourceAssociationsRequestMaxResultsInteger", "documentation":"

    Limits the number of results returned in a single call. Use this to control the number of results returned, especially useful for pagination.

    " @@ -3878,13 +3881,21 @@ "shape":"String", "documentation":"

    A token used for pagination of results. Include this token in subsequent requests to retrieve the next set of results.

    " }, - "ResourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

    Filters the results to include only associations with the specified resource. Varies depending on the resource type. Use this when you want to find all engagements associated with a specific resource.

    " + "EngagementIdentifier":{ + "shape":"EngagementIdentifier", + "documentation":"

    Filters the results to include only associations related to the specified engagement. Use this when you want to find all resources associated with a specific engagement.

    " }, "ResourceType":{ "shape":"ResourceType", "documentation":"

    Filters the results to include only associations with resources of the specified type.

    " + }, + "ResourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

    Filters the results to include only associations with the specified resource. Varies depending on the resource type. Use this when you want to find all engagements associated with a specific resource.

    " + }, + "CreatedBy":{ + "shape":"AwsAccount", + "documentation":"

    Filters the response to include only snapshots of resources owned by the specified AWS account ID. Use this when you want to find associations related to resources owned by a particular account.

    " } } }, @@ -3920,14 +3931,11 @@ "shape":"AwsAccountList", "documentation":"

    A list of AWS account IDs. When specified, the response includes engagements created by these accounts. This filter is useful for finding engagements created by specific team members.

    " }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifiers", - "documentation":"

    An array of strings representing engagement identifiers to retrieve.

    " - }, "ExcludeCreatedBy":{ "shape":"AwsAccountList", "documentation":"

    An array of strings representing AWS Account IDs. Use this to exclude engagements created by specific users.

    " }, + "Sort":{"shape":"EngagementSort"}, "MaxResults":{ "shape":"EngagementPageSize", "documentation":"

    The maximum number of results to return in a single call.

    " @@ -3936,9 +3944,9 @@ "shape":"String", "documentation":"

    The token for the next set of results. This value is returned from a previous call.

    " }, - "Sort":{ - "shape":"EngagementSort", - "documentation":"

    An object that specifies the sort order of the results.

    " + "EngagementIdentifier":{ + "shape":"EngagementIdentifiers", + "documentation":"

    An array of strings representing engagement identifiers to retrieve.

    " } } }, @@ -3964,37 +3972,37 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the opportunities are listed in. Use AWS for listing real opportunities in the Amazon Web Services catalog, and Sandbox for testing in secure, isolated environments.

    " }, - "CustomerCompanyName":{ - "shape":"ListOpportunitiesRequestCustomerCompanyNameList", - "documentation":"

    Filters the opportunities based on the customer's company name. This allows partners to search for opportunities associated with a specific customer by matching the provided company name string.

    " + "MaxResults":{ + "shape":"PageSize", + "documentation":"

    Specifies the maximum number of results to return in a single call. This limits the number of opportunities returned in the response to avoid providing too many results at once.

    Default: 20

    " }, - "Identifier":{ - "shape":"ListOpportunitiesRequestIdentifierList", - "documentation":"

    Filters the opportunities based on the opportunity identifier. This allows partners to retrieve specific opportunities by providing their unique identifiers, ensuring precise results.

    " + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " + }, + "Sort":{ + "shape":"OpportunitySort", + "documentation":"

    An object that specifies how the response is sorted. The default Sort.SortBy value is LastModifiedDate.

    " }, "LastModifiedDate":{ "shape":"LastModifiedDate", "documentation":"

    Filters the opportunities based on their last modified date. This filter helps retrieve opportunities that were updated after the specified date, allowing partners to track recent changes or updates.

    " }, - "LifeCycleReviewStatus":{ - "shape":"ListOpportunitiesRequestLifeCycleReviewStatusList", - "documentation":"

    Filters the opportunities based on their current lifecycle approval status. Use this filter to retrieve opportunities with statuses such as Pending Submission, In Review, Action Required, or Approved.

    " + "Identifier":{ + "shape":"ListOpportunitiesRequestIdentifierList", + "documentation":"

    Filters the opportunities based on the opportunity identifier. This allows partners to retrieve specific opportunities by providing their unique identifiers, ensuring precise results.

    " }, "LifeCycleStage":{ "shape":"ListOpportunitiesRequestLifeCycleStageList", "documentation":"

    Filters the opportunities based on their lifecycle stage. This filter allows partners to retrieve opportunities at various stages in the sales cycle, such as Qualified, Technical Validation, Business Validation, or Closed Won.

    " }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"

    Specifies the maximum number of results to return in a single call. This limits the number of opportunities returned in the response to avoid providing too many results at once.

    Default: 20

    " - }, - "NextToken":{ - "shape":"String", - "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " + "LifeCycleReviewStatus":{ + "shape":"ListOpportunitiesRequestLifeCycleReviewStatusList", + "documentation":"

    Filters the opportunities based on their current lifecycle approval status. Use this filter to retrieve opportunities with statuses such as Pending Submission, In Review, Action Required, or Approved.

    " }, - "Sort":{ - "shape":"OpportunitySort", - "documentation":"

    An object that specifies how the response is sorted. The default Sort.SortBy value is LastModifiedDate.

    " + "CustomerCompanyName":{ + "shape":"ListOpportunitiesRequestCustomerCompanyNameList", + "documentation":"

    Filters the opportunities based on the customer's company name. This allows partners to search for opportunities associated with a specific customer by matching the provided company name string.

    " } } }, @@ -4026,13 +4034,13 @@ "type":"structure", "required":["OpportunitySummaries"], "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " - }, "OpportunitySummaries":{ "shape":"OpportunitySummaries", "documentation":"

    An array that contains minimal details for opportunities that match the request criteria. This summary view provides a quick overview of relevant opportunities.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " } } }, @@ -4044,10 +4052,6 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog related to the request.

    " }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifier", - "documentation":"

    The identifier of the engagement to filter the response.

    " - }, "MaxResults":{ "shape":"ListResourceSnapshotJobsRequestMaxResultsInteger", "documentation":"

    The maximum number of results to return in a single call. If omitted, defaults to 50.

    " @@ -4056,13 +4060,17 @@ "shape":"String", "documentation":"

    The token for the next set of results.

    " }, - "Sort":{ - "shape":"SortObject", - "documentation":"

    Configures the sorting of the response. If omitted, results are sorted by CreatedDate in descending order.

    " + "EngagementIdentifier":{ + "shape":"EngagementIdentifier", + "documentation":"

    The identifier of the engagement to filter the response.

    " }, "Status":{ "shape":"ResourceSnapshotJobStatus", "documentation":"

    The status of the jobs to filter the response.

    " + }, + "Sort":{ + "shape":"SortObject", + "documentation":"

    Configures the sorting of the response. If omitted, results are sorted by CreatedDate in descending order.

    " } } }, @@ -4076,13 +4084,13 @@ "type":"structure", "required":["ResourceSnapshotJobSummaries"], "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    The token to retrieve the next set of results. If there are no additional results, this value is null.

    " - }, "ResourceSnapshotJobSummaries":{ "shape":"ResourceSnapshotJobSummaryList", "documentation":"

    An array of resource snapshot job summary objects.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token to retrieve the next set of results. If there are no additional results, this value is null.

    " } } }, @@ -4097,14 +4105,6 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog related to the request.

    " }, - "CreatedBy":{ - "shape":"AwsAccount", - "documentation":"

    Filters the response to include only snapshots of resources owned by the specified AWS account.

    " - }, - "EngagementIdentifier":{ - "shape":"EngagementIdentifier", - "documentation":"

    The unique identifier of the engagement associated with the snapshots.

    " - }, "MaxResults":{ "shape":"ListResourceSnapshotsRequestMaxResultsInteger", "documentation":"

    The maximum number of results to return in a single call.

    " @@ -4113,6 +4113,14 @@ "shape":"String", "documentation":"

    The token for the next set of results.

    " }, + "EngagementIdentifier":{ + "shape":"EngagementIdentifier", + "documentation":"

    The unique identifier of the engagement associated with the snapshots.

    " + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    Filters the response to include only snapshots of the specified resource type.

    " + }, "ResourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    Filters the response to include only snapshots of the specified resource.

    " @@ -4121,9 +4129,9 @@ "shape":"ResourceTemplateName", "documentation":"

    Filters the response to include only snapshots created using the specified template.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    Filters the response to include only snapshots of the specified resource type.

    " + "CreatedBy":{ + "shape":"AwsAccount", + "documentation":"

    Filters the response to include only snapshots of resources owned by the specified AWS account.

    " } } }, @@ -4137,13 +4145,13 @@ "type":"structure", "required":["ResourceSnapshotSummaries"], "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    The token to retrieve the next set of results. If there are no additional results, this value is null.

    " - }, "ResourceSnapshotSummaries":{ "shape":"ResourceSnapshotSummaryList", "documentation":"

    An array of resource snapshot summary objects.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token to retrieve the next set of results. If there are no additional results, this value is null.

    " } } }, @@ -4155,14 +4163,6 @@ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the solutions are listed in. Use AWS to list solutions in the Amazon Web Services catalog, and Sandbox to list solutions in a secure and isolated testing environment.

    " }, - "Category":{ - "shape":"ListSolutionsRequestCategoryList", - "documentation":"

    Filters the solutions based on the category to which they belong. This allows partners to search for solutions within specific categories, such as Software, Consulting, or Managed Services.

    " - }, - "Identifier":{ - "shape":"ListSolutionsRequestIdentifierList", - "documentation":"

    Filters the solutions based on their unique identifier. Use this filter to retrieve specific solutions by providing the solution's identifier for accurate results.

    " - }, "MaxResults":{ "shape":"PageSize", "documentation":"

    The maximum number of results returned by a single call. This value must be provided in the next call to retrieve the next set of results.

    Default: 20

    " @@ -4178,6 +4178,14 @@ "Status":{ "shape":"ListSolutionsRequestStatusList", "documentation":"

    Filters solutions based on their status. This filter helps partners manage their solution portfolios effectively.

    " + }, + "Identifier":{ + "shape":"ListSolutionsRequestIdentifierList", + "documentation":"

    Filters the solutions based on their unique identifier. Use this filter to retrieve specific solutions by providing the solution's identifier for accurate results.

    " + }, + "Category":{ + "shape":"ListSolutionsRequestCategoryList", + "documentation":"

    Filters the solutions based on the category to which they belong. This allows partners to search for solutions within specific categories, such as Software, Consulting, or Managed Services.

    " } } }, @@ -4203,13 +4211,13 @@ "type":"structure", "required":["SolutionSummaries"], "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " - }, "SolutionSummaries":{ "shape":"SolutionList", "documentation":"

    An array with minimal details for solutions matching the request criteria.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token used to retrieve the next set of results in subsequent calls. This token is included in the response only if there are additional result pages available.

    " } } }, @@ -4236,17 +4244,17 @@ "ListTasksSortBase":{ "type":"structure", "required":[ - "SortBy", - "SortOrder" + "SortOrder", + "SortBy" ], "members":{ - "SortBy":{ - "shape":"ListTasksSortName", - "documentation":"

    Specifies the field by which the task list should be sorted.

    " - }, "SortOrder":{ "shape":"SortOrder", "documentation":"

    Determines the order in which the sorted results are presented.

    " + }, + "SortBy":{ + "shape":"ListTasksSortName", + "documentation":"

    Specifies the field by which the task list should be sorted.

    " } }, "documentation":"

    Defines the sorting parameters for listing tasks. This structure allows for specifying the field to sort by and the order of sorting.

    " @@ -4258,18 +4266,10 @@ "Marketing":{ "type":"structure", "members":{ - "AwsFundingUsed":{ - "shape":"AwsFundingUsed", - "documentation":"

    Indicates if the Opportunity is a marketing development fund (MDF) funded activity.

    " - }, "CampaignName":{ "shape":"String", "documentation":"

    Specifies the Opportunity marketing campaign code. The Amazon Web Services campaign code is a reference to specific marketing initiatives, promotions, or activities. This field captures the identifier used to track and categorize the Opportunity within marketing campaigns. If you don't have a campaign code, contact your Amazon Web Services point of contact to obtain one.

    " }, - "Channels":{ - "shape":"Channels", - "documentation":"

    Specifies the Opportunity's channel that the marketing activity is associated with or was contacted through. This field provides information about the specific marketing channel that contributed to the generation of the lead or contact.

    " - }, "Source":{ "shape":"MarketingSource", "documentation":"

    Indicates if the Opportunity was sourced from an Amazon Web Services marketing activity. Use the value Marketing Activity. Use None if it's not associated with an Amazon Web Services marketing activity. This field helps Amazon Web Services track the return on marketing investments and enables better distribution of marketing budgets among partners.

    " @@ -4277,6 +4277,14 @@ "UseCases":{ "shape":"UseCases", "documentation":"

    Specifies the marketing activity use case or purpose that led to the Opportunity's creation or contact. This field captures the context or marketing activity's execution's intention and the direct correlation to the generated opportunity or contact. Must be empty when Marketing.AWSFundingUsed = No.

    Valid values: AI/ML | Analytics | Application Integration | Blockchain | Business Applications | Cloud Financial Management | Compute | Containers | Customer Engagement | Databases | Developer Tools | End User Computing | Front End Web & Mobile | Game Tech | IoT | Management & Governance | Media Services | Migration & Transfer | Networking & Content Delivery | Quantum Technologies | Robotics | Satellite | Security | Serverless | Storage | VR & AR

    " + }, + "Channels":{ + "shape":"Channels", + "documentation":"

    Specifies the Opportunity's channel that the marketing activity is associated with or was contacted through. This field provides information about the specific marketing channel that contributed to the generation of the lead or contact.

    " + }, + "AwsFundingUsed":{ + "shape":"AwsFundingUsed", + "documentation":"

    Indicates if the Opportunity is a marketing development fund (MDF) funded activity.

    " } }, "documentation":"

    An object that contains marketing details for the Opportunity.

    " @@ -4291,7 +4299,8 @@ "MemberCompanyName":{ "type":"string", "max":120, - "min":1 + "min":1, + "sensitive":true }, "MemberPageSize":{ "type":"integer", @@ -4319,7 +4328,7 @@ }, "MonetaryValueAmountString":{ "type":"string", - "pattern":"^(0|([1-9][0-9]{0,30}))(\\.[0-9]{0,2})?$" + "pattern":"(0|([1-9][0-9]{0,30}))(\\.[0-9]{0,2})?" }, "Name":{ "type":"string", @@ -4337,39 +4346,39 @@ "NextStepsHistory":{ "type":"structure", "required":[ - "Time", - "Value" + "Value", + "Time" ], "members":{ - "Time":{ - "shape":"DateTime", - "documentation":"

    Indicates the step execution time.

    " - }, "Value":{ "shape":"String", "documentation":"

    Indicates the step's execution details.

    " + }, + "Time":{ + "shape":"DateTime", + "documentation":"

    Indicates the step execution time.

    " } }, "documentation":"

    Read-only; shows the last 50 values and change dates for the NextSteps field.

    " }, "OpportunityArn":{ "type":"string", - "pattern":"^arn:.*$" + "pattern":"arn:.*" }, "OpportunityEngagementInvitationSort":{ "type":"structure", "required":[ - "SortBy", - "SortOrder" + "SortOrder", + "SortBy" ], "members":{ - "SortBy":{ - "shape":"OpportunityEngagementInvitationSortName", - "documentation":"

    Specifies the field by which the Engagement Invitations are sorted. Common values include InvitationDate and Status.

    " - }, "SortOrder":{ "shape":"SortOrder", "documentation":"

    Defines the order in which the Engagement Invitations are sorted. The values can be ASC (ascending) or DESC (descending).

    " + }, + "SortBy":{ + "shape":"OpportunityEngagementInvitationSortName", + "documentation":"

    Specifies the field by which the Engagement Invitations are sorted. Common values include InvitationDate and Status.

    " } }, "documentation":"

    Defines sorting options for retrieving Engagement Invitations. Sorting can be done based on various criteria like the invitation date or status.

    " @@ -4380,7 +4389,7 @@ }, "OpportunityIdentifier":{ "type":"string", - "pattern":"^O[0-9]{1,19}$" + "pattern":"O[0-9]{1,19}" }, "OpportunityIdentifiers":{ "type":"list", @@ -4391,11 +4400,19 @@ "OpportunityInvitationPayload":{ "type":"structure", "required":[ + "ReceiverResponsibilities", "Customer", - "Project", - "ReceiverResponsibilities" + "Project" ], "members":{ + "SenderContacts":{ + "shape":"SenderContactList", + "documentation":"

    Represents the contact details of the AWS representatives involved in sending the Engagement Invitation. These contacts are opportunity stakeholders.

    " + }, + "ReceiverResponsibilities":{ + "shape":"ReceiverResponsibilityList", + "documentation":"

    Outlines the responsibilities or expectations of the receiver in the context of the invitation.

    " + }, "Customer":{ "shape":"EngagementCustomer", "documentation":"

    Contains information about the customer related to the opportunity in the Engagement Invitation. This data helps partners understand the customer’s profile and requirements.

    " @@ -4403,14 +4420,6 @@ "Project":{ "shape":"ProjectDetails", "documentation":"

    Describes the project details associated with the opportunity, including the customer’s needs and the scope of work expected to be performed.

    " - }, - "ReceiverResponsibilities":{ - "shape":"ReceiverResponsibilityList", - "documentation":"

    Outlines the responsibilities or expectations of the receiver in the context of the invitation.

    " - }, - "SenderContacts":{ - "shape":"SenderContactList", - "documentation":"

    Represents the contact details of the AWS representatives involved in sending the Engagement Invitation. These contacts are opportunity stakeholders.

    " } }, "documentation":"

    Represents the data payload of an Engagement Invitation for a specific opportunity. This contains detailed information that partners use to evaluate the engagement.

    " @@ -4425,17 +4434,17 @@ "OpportunitySort":{ "type":"structure", "required":[ - "SortBy", - "SortOrder" + "SortOrder", + "SortBy" ], "members":{ - "SortBy":{ - "shape":"OpportunitySortName", - "documentation":"

    Field name to sort by.

    " - }, "SortOrder":{ "shape":"SortOrder", "documentation":"

    Sort order.

    Default: Descending

    " + }, + "SortBy":{ + "shape":"OpportunitySortName", + "documentation":"

    Field name to sort by.

    " } }, "documentation":"

    Object that configures response sorting.

    " @@ -4456,41 +4465,41 @@ "type":"structure", "required":["Catalog"], "members":{ - "Arn":{ - "shape":"OpportunityArn", - "documentation":"

    The Amazon Resource Name (ARN) for the opportunity. This globally unique identifier can be used for IAM policies and cross-service references.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the opportunity, either AWS or Sandbox. This indicates the environment in which the opportunity is managed.

    " }, - "CreatedDate":{ - "shape":"DateTime", - "documentation":"

    DateTime when the Opportunity was last created.

    " - }, - "Customer":{ - "shape":"CustomerSummary", - "documentation":"

    An object that contains the Opportunity's customer details.

    " - }, "Id":{ "shape":"OpportunityIdentifier", "documentation":"

    Read-only, system-generated Opportunity unique identifier.

    " }, + "Arn":{ + "shape":"OpportunityArn", + "documentation":"

    The Amazon Resource Name (ARN) for the opportunity. This globally unique identifier can be used for IAM policies and cross-service references.

    " + }, + "PartnerOpportunityIdentifier":{ + "shape":"String", + "documentation":"

    Specifies the Opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner. It allows partners to link an opportunity to their CRM.

    " + }, + "OpportunityType":{ + "shape":"OpportunityType", + "documentation":"

    Specifies opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New Opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal Opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion Opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " + }, "LastModifiedDate":{ "shape":"DateTime", "documentation":"

    DateTime when the Opportunity was last modified.

    " }, + "CreatedDate":{ + "shape":"DateTime", + "documentation":"

    DateTime when the Opportunity was last created.

    " + }, "LifeCycle":{ "shape":"LifeCycleSummary", "documentation":"

    An object that contains the Opportunity's lifecycle details.

    " }, - "OpportunityType":{ - "shape":"OpportunityType", - "documentation":"

    Specifies opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New Opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal Opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion Opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " - }, - "PartnerOpportunityIdentifier":{ - "shape":"String", - "documentation":"

    Specifies the Opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner. It allows partners to link an opportunity to their CRM.

    " + "Customer":{ + "shape":"CustomerSummary", + "documentation":"

    An object that contains the Opportunity's customer details.

    " }, "Project":{ "shape":"ProjectSummary", @@ -4502,7 +4511,10 @@ "OpportunitySummaryView":{ "type":"structure", "members":{ - "Customer":{"shape":"Customer"}, + "OpportunityType":{ + "shape":"OpportunityType", + "documentation":"

    Specifies the opportunity type.

    " + }, "Lifecycle":{ "shape":"LifeCycleForView", "documentation":"

    Contains information about the opportunity's lifecycle, including its current stage, status, and important dates such as creation and last modification times.

    " @@ -4511,14 +4523,11 @@ "shape":"PartnerOpportunityTeamMembersList", "documentation":"

    Represents the internal team handling the opportunity. Specify the members involved in collaborating on an opportunity within the partner's organization.

    " }, - "OpportunityType":{ - "shape":"OpportunityType", - "documentation":"

    Specifies the opportunity type.

    " - }, "PrimaryNeedsFromAws":{ "shape":"PrimaryNeedsFromAws", "documentation":"

    Identifies the type of support the partner needs from AWS.

    " }, + "Customer":{"shape":"Customer"}, "Project":{ "shape":"ProjectView", "documentation":"

    Contains summary information about the project associated with the opportunity, including project name, description, timeline, and other relevant details.

    " @@ -4551,7 +4560,7 @@ "PartnerOpportunityTeamMembersList":{ "type":"list", "member":{"shape":"Contact"}, - "max":1, + "max":2, "min":0 }, "Payload":{ @@ -4573,7 +4582,7 @@ "type":"string", "max":40, "min":0, - "pattern":"^\\+[1-9]\\d{1,14}$", + "pattern":"\\+[1-9]\\d{1,14}", "sensitive":true }, "PrimaryNeedFromAws":{ @@ -4596,17 +4605,17 @@ "ProfileNextStepsHistory":{ "type":"structure", "required":[ - "Time", - "Value" + "Value", + "Time" ], "members":{ - "Time":{ - "shape":"DateTime", - "documentation":"

    Indicates the date and time when a particular next step was recorded or planned. This helps in managing the timeline for the opportunity.

    " - }, "Value":{ "shape":"String", "documentation":"

    Represents the details of the next step recorded, such as follow-up actions or decisions made. This field helps in tracking progress and ensuring alignment with project goals.

    " + }, + "Time":{ + "shape":"DateTime", + "documentation":"

    Indicates the date and time when a particular next step was recorded or planned. This helps in managing the timeline for the opportunity.

    " } }, "documentation":"

    Tracks the history of next steps associated with the opportunity. This field captures the actions planned for the future and their timeline.

    " @@ -4614,18 +4623,22 @@ "Project":{ "type":"structure", "members":{ - "AdditionalComments":{ - "shape":"ProjectAdditionalCommentsString", - "documentation":"

    Captures additional comments or information for the Opportunity that weren't captured in other fields.

    " + "DeliveryModels":{ + "shape":"DeliveryModels", + "documentation":"

    Specifies the deployment or consumption model for your solution or service in the Opportunity's context. You can select multiple options.

    Options' descriptions from the Delivery Model field are:

    • SaaS or PaaS: Your Amazon Web Services based solution deployed as SaaS or PaaS in your Amazon Web Services environment.

    • BYOL or AMI: Your Amazon Web Services based solution deployed as BYOL or AMI in the end customer's Amazon Web Services environment.

    • Managed Services: The end customer's Amazon Web Services business management (For example: Consulting, design, implementation, billing support, cost optimization, technical support).

    • Professional Services: Offerings to help enterprise end customers achieve specific business outcomes for enterprise cloud adoption (For example: Advisory or transformation planning).

    • Resell: Amazon Web Services accounts and billing management for your customers.

    • Other: Delivery model not described above.

    " + }, + "ExpectedCustomerSpend":{ + "shape":"ExpectedCustomerSpendList", + "documentation":"

    Represents the estimated amount that the customer is expected to spend on AWS services related to the opportunity. This helps in evaluating the potential financial value of the opportunity for AWS.

    " + }, + "Title":{ + "shape":"ProjectTitleString", + "documentation":"

    Specifies the Opportunity's title or name.

    " }, "ApnPrograms":{ "shape":"ApnPrograms", "documentation":"

    Specifies the Amazon Partner Network (APN) program that influenced the Opportunity. APN programs refer to specific partner programs or initiatives that can impact the Opportunity.

    Valid values: APN Immersion Days | APN Solution Space | ATO (Authority to Operate) | AWS Marketplace Campaign | IS Immersion Day SFID Program | ISV Workload Migration | Migration Acceleration Program | P3 | Partner Launch Initiative | Partner Opportunity Acceleration Funded | The Next Smart | VMware Cloud on AWS | Well-Architected | Windows | Workspaces/AppStream Accelerator Program | WWPS NDPP

    " }, - "CompetitorName":{ - "shape":"CompetitorName", - "documentation":"

    Name of the Opportunity's competitor (if any). Use Other to submit a value not in the picklist.

    " - }, "CustomerBusinessProblem":{ "shape":"ProjectCustomerBusinessProblemString", "documentation":"

    Describes the problem the end customer has, and how the partner is helping. Utilize this field to provide a concise narrative that outlines the customer's business challenge or issue. Elaborate on how the partner's solution or offerings align to resolve the customer's business problem. Include relevant information about the partner's value proposition, unique selling points, and expertise to tackle the issue. Offer insights on how the proposed solution meets the customer's needs and provides value. Use concise language and precise descriptions to convey the context and significance of the Opportunity. The content in this field helps Amazon Web Services understand the nature of the Opportunity and the strategic fit of the partner's solution.

    " @@ -4634,13 +4647,17 @@ "shape":"String", "documentation":"

    Specifies the proposed solution focus or type of workload for the Opportunity. This field captures the primary use case or objective of the proposed solution, and provides context and clarity to the addressed workload.

    Valid values: AI Machine Learning and Analytics | Archiving | Big Data: Data Warehouse/Data Integration/ETL/Data Lake/BI | Blockchain | Business Applications: Mainframe Modernization | Business Applications & Contact Center | Business Applications & SAP Production | Centralized Operations Management | Cloud Management Tools | Cloud Management Tools & DevOps with Continuous Integration & Continuous Delivery (CICD) | Configuration, Compliance & Auditing | Connected Services | Containers & Serverless | Content Delivery & Edge Services | Database | Edge Computing/End User Computing | Energy | Enterprise Governance & Controls | Enterprise Resource Planning | Financial Services | Healthcare and Life Sciences | High Performance Computing | Hybrid Application Platform | Industrial Software | IOT | Manufacturing, Supply Chain and Operations | Media & High performance computing (HPC) | Migration/Database Migration | Monitoring, logging and performance | Monitoring & Observability | Networking | Outpost | SAP | Security & Compliance | Storage & Backup | Training | VMC | VMWare | Web development & DevOps

    " }, - "DeliveryModels":{ - "shape":"DeliveryModels", - "documentation":"

    Specifies the deployment or consumption model for your solution or service in the Opportunity's context. You can select multiple options.

    Options' descriptions from the Delivery Model field are:

    • SaaS or PaaS: Your Amazon Web Services based solution deployed as SaaS or PaaS in your Amazon Web Services environment.

    • BYOL or AMI: Your Amazon Web Services based solution deployed as BYOL or AMI in the end customer's Amazon Web Services environment.

    • Managed Services: The end customer's Amazon Web Services business management (For example: Consulting, design, implementation, billing support, cost optimization, technical support).

    • Professional Services: Offerings to help enterprise end customers achieve specific business outcomes for enterprise cloud adoption (For example: Advisory or transformation planning).

    • Resell: Amazon Web Services accounts and billing management for your customers.

    • Other: Delivery model not described above.

    " + "RelatedOpportunityIdentifier":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Specifies the current opportunity's parent opportunity identifier.

    " }, - "ExpectedCustomerSpend":{ - "shape":"ExpectedCustomerSpendList", - "documentation":"

    Represents the estimated amount that the customer is expected to spend on AWS services related to the opportunity. This helps in evaluating the potential financial value of the opportunity for AWS.

    " + "SalesActivities":{ + "shape":"SalesActivities", + "documentation":"

    Specifies the Opportunity's sales activities conducted with the end customer. These activities help drive Amazon Web Services assignment priority.

    Valid values:

    • Initialized discussions with customer: Initial conversations with the customer to understand their needs and introduce your solution.

    • Customer has shown interest in solution: After initial discussions, the customer is interested in your solution.

    • Conducted POC/demo: You conducted a proof of concept (POC) or demonstration of the solution for the customer.

    • In evaluation/planning stage: The customer is evaluating the solution and planning potential implementation.

    • Agreed on solution to Business Problem: Both parties agree on how the solution addresses the customer's business problem.

    • Completed Action Plan: A detailed action plan is complete and outlines the steps for implementation.

    • Finalized Deployment Need: Both parties agree with and finalized the deployment needs.

    • SOW Signed: Both parties signed a statement of work (SOW), and formalize the agreement and detail the project scope and deliverables.

    " + }, + "CompetitorName":{ + "shape":"CompetitorName", + "documentation":"

    Name of the Opportunity's competitor (if any). Use Other to submit a value not in the picklist.

    " }, "OtherCompetitorNames":{ "shape":"ProjectOtherCompetitorNamesString", @@ -4650,17 +4667,9 @@ "shape":"ProjectOtherSolutionDescriptionString", "documentation":"

    Specifies the offered solution for the customer's business problem when the RelatedEntityIdentifiers.Solutions field value is Other.

    " }, - "RelatedOpportunityIdentifier":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Specifies the current opportunity's parent opportunity identifier.

    " - }, - "SalesActivities":{ - "shape":"SalesActivities", - "documentation":"

    Specifies the Opportunity's sales activities conducted with the end customer. These activities help drive Amazon Web Services assignment priority.

    Valid values:

    • Initialized discussions with customer: Initial conversations with the customer to understand their needs and introduce your solution.

    • Customer has shown interest in solution: After initial discussions, the customer is interested in your solution.

    • Conducted POC/demo: You conducted a proof of concept (POC) or demonstration of the solution for the customer.

    • In evaluation/planning stage: The customer is evaluating the solution and planning potential implementation.

    • Agreed on solution to Business Problem: Both parties agree on how the solution addresses the customer's business problem.

    • Completed Action Plan: A detailed action plan is complete and outlines the steps for implementation.

    • Finalized Deployment Need: Both parties agree with and finalized the deployment needs.

    • SOW Signed: Both parties signed a statement of work (SOW), and formalize the agreement and detail the project scope and deliverables.

    " - }, - "Title":{ - "shape":"ProjectTitleString", - "documentation":"

    Specifies the Opportunity's title or name.

    " + "AdditionalComments":{ + "shape":"ProjectAdditionalCommentsString", + "documentation":"

    Captures additional comments or information for the Opportunity that weren't captured in other fields.

    " } }, "documentation":"

    An object that contains the Opportunity's project details.

    " @@ -4680,26 +4689,26 @@ "type":"structure", "required":[ "BusinessProblem", - "ExpectedCustomerSpend", + "Title", "TargetCompletionDate", - "Title" + "ExpectedCustomerSpend" ], "members":{ "BusinessProblem":{ "shape":"EngagementCustomerBusinessProblem", "documentation":"

    Describes the business problem that the project aims to solve. This information is crucial for understanding the project’s goals and objectives.

    " }, - "ExpectedCustomerSpend":{ - "shape":"ExpectedCustomerSpendList", - "documentation":"

    Contains revenue estimates for the partner related to the project. This field provides an idea of the financial potential of the opportunity for the partner.

    " + "Title":{ + "shape":"ProjectDetailsTitleString", + "documentation":"

    Specifies the title of the project. This title helps partners quickly identify and understand the focus of the project.

    " }, "TargetCompletionDate":{ "shape":"Date", "documentation":"

    Specifies the estimated date of project completion. This field helps track the project timeline and manage expectations.

    " }, - "Title":{ - "shape":"ProjectDetailsTitleString", - "documentation":"

    Specifies the title of the project. This title helps partners quickly identify and understand the focus of the project.

    " + "ExpectedCustomerSpend":{ + "shape":"ExpectedCustomerSpendList", + "documentation":"

    Contains revenue estimates for the partner related to the project. This field provides an idea of the financial potential of the opportunity for the partner.

    " } }, "documentation":"

    Contains details about the project associated with the Engagement Invitation, including the business problem and expected outcomes.

    " @@ -4743,10 +4752,6 @@ "ProjectView":{ "type":"structure", "members":{ - "CustomerUseCase":{ - "shape":"String", - "documentation":"

    Specifies the proposed solution focus or type of workload for the project.

    " - }, "DeliveryModels":{ "shape":"DeliveryModels", "documentation":"

    Describes the deployment or consumption model for the partner solution or offering. This field indicates how the project's solution will be delivered or implemented for the customer.

    " @@ -4755,13 +4760,17 @@ "shape":"ExpectedCustomerSpendList", "documentation":"

    Provides information about the anticipated customer spend related to this project. This may include details such as amount, frequency, and currency of expected expenditure.

    " }, - "OtherSolutionDescription":{ - "shape":"ProjectViewOtherSolutionDescriptionString", - "documentation":"

    Offers a description of other solutions if the standard solutions do not adequately cover the project's scope.

    " + "CustomerUseCase":{ + "shape":"String", + "documentation":"

    Specifies the proposed solution focus or type of workload for the project.

    " }, "SalesActivities":{ "shape":"SalesActivities", "documentation":"

    Lists the pre-sales activities that have occurred with the end-customer related to the opportunity. This field is conditionally mandatory when the project is qualified for Co-Sell and helps drive assignment priority on the AWS side. It provides insight into the engagement level with the customer.

    " + }, + "OtherSolutionDescription":{ + "shape":"ProjectViewOtherSolutionDescriptionString", + "documentation":"

    Offers a description of other solutions if the standard solutions do not adequately cover the project's scope.

    " } }, "documentation":"

    Provides the project view of an opportunity resource shared through a snapshot.

    " @@ -4876,7 +4885,7 @@ }, "RejectionReasonString":{ "type":"string", - "pattern":"^[\\u0020-\\u007E\\u00A0-\\uD7FF\\uE000-\\uFFFD]{1,80}$" + "pattern":"[\\u0020-\\u007E\\u00A0-\\uD7FF\\uE000-\\uFFFD]{1,80}" }, "RelatedEntityIdentifiers":{ "type":"structure", @@ -4885,13 +4894,13 @@ "shape":"AwsMarketplaceOfferIdentifiers", "documentation":"

    Takes one value per opportunity. Each value is an Amazon Resource Name (ARN), in this format: \"offers\": [\"arn:aws:aws-marketplace:us-east-1:999999999999:AWSMarketplace/Offer/offer-sampleOffer32\"].

    Use the ListEntities action in the Marketplace Catalog APIs for a list of offers in the associated Marketplace seller account.

    " }, - "AwsProducts":{ - "shape":"AwsProductIdentifiers", - "documentation":"

    Enables the association of specific Amazon Web Services products with the Opportunity. Partners can indicate the relevant Amazon Web Services products for the Opportunity's solution and align with the customer's needs. Returns multiple values separated by commas. For example, \"AWSProducts\" : [\"AmazonRedshift\", \"AWSAppFabric\", \"AWSCleanRooms\"].

    Use the file with the list of Amazon Web Services products hosted on GitHub: Amazon Web Services products.

    " - }, "Solutions":{ "shape":"SolutionIdentifiers", "documentation":"

    Enables partner solutions or offerings' association with an opportunity. To associate a solution, provide the solution's unique identifier, which you can obtain with the ListSolutions operation.

    If the specific solution identifier is not available, you can use the value Other and provide details about the solution in the otherSolutionOffered field. But when the opportunity reaches the Committed stage or beyond, the Other value cannot be used, and a valid solution identifier must be provided.

    By associating the relevant solutions with the opportunity, you can communicate the offerings that are being considered or implemented to address the customer's business problem.

    " + }, + "AwsProducts":{ + "shape":"AwsProductIdentifiers", + "documentation":"

    Enables the association of specific Amazon Web Services products with the Opportunity. Partners can indicate the relevant Amazon Web Services products for the Opportunity's solution and align with the customer's needs. Returns multiple values separated by commas. For example, \"AWSProducts\" : [\"AmazonRedshift\", \"AWSAppFabric\", \"AWSCleanRooms\"].

    Use the file with the list of Amazon Web Services products hosted on GitHub: Amazon Web Services products.

    " } }, "documentation":"

    This field provides the associations' information for other entities with the opportunity. These entities include identifiers for AWSProducts, Partner Solutions, and AWSMarketplaceOffers.

    " @@ -4906,11 +4915,11 @@ }, "ResourceArn":{ "type":"string", - "pattern":"^arn:.*" + "pattern":"arn:.*" }, "ResourceIdentifier":{ "type":"string", - "pattern":"^O[0-9]{1,19}$" + "pattern":"O[0-9]{1,19}" }, "ResourceNotFoundException":{ "type":"structure", @@ -4922,27 +4931,27 @@ }, "ResourceSnapshotArn":{ "type":"string", - "pattern":"^arn:.*" + "pattern":"arn:.*" }, "ResourceSnapshotJobArn":{ "type":"string", - "pattern":"^arn:.*" + "pattern":"arn:.*" }, "ResourceSnapshotJobIdentifier":{ "type":"string", - "pattern":"^job-[0-9a-z]{13}$" + "pattern":"job-[0-9a-z]{13}" }, "ResourceSnapshotJobRoleArn":{ "type":"string", "max":2048, "min":0, - "pattern":"^arn:aws:iam::\\d{12}:role/([-+=,.@_a-zA-Z0-9]+/)*[-+=,.@_a-zA-Z0-9]{1,64}$" + "pattern":"arn:aws:iam::\\d{12}:role/([-+=,.@_a-zA-Z0-9]+/)*[-+=,.@_a-zA-Z0-9]{1,64}" }, "ResourceSnapshotJobRoleIdentifier":{ "type":"string", "max":2048, "min":0, - "pattern":"^(arn:aws:iam::\\d{12}:role/([-+=,.@_a-zA-Z0-9]+/)*)?[-+=,.@_a-zA-Z0-9]{1,64}$" + "pattern":"(arn:aws:iam::\\d{12}:role/([-+=,.@_a-zA-Z0-9]+/)*)?[-+=,.@_a-zA-Z0-9]{1,64}" }, "ResourceSnapshotJobStatus":{ "type":"string", @@ -4954,6 +4963,10 @@ "ResourceSnapshotJobSummary":{ "type":"structure", "members":{ + "Id":{ + "shape":"ResourceSnapshotJobIdentifier", + "documentation":"

    The unique identifier for the resource snapshot job within the AWS Partner Central system. This ID is used for direct references to the job within the service.

    " + }, "Arn":{ "shape":"ResourceSnapshotJobArn", "documentation":"

    The Amazon Resource Name (ARN) for the resource snapshot job.

    " @@ -4962,10 +4975,6 @@ "shape":"EngagementIdentifier", "documentation":"

    The unique identifier of the Engagement.

    " }, - "Id":{ - "shape":"ResourceSnapshotJobIdentifier", - "documentation":"

    The unique identifier for the resource snapshot job within the AWS Partner Central system. This ID is used for direct references to the job within the service.

    " - }, "Status":{ "shape":"ResourceSnapshotJobStatus", "documentation":"

    The current status of the snapshot job.

    Valid values:

    • STOPPED: The job is not currently running.

    • RUNNING: The job is actively executing.

    " @@ -5000,9 +5009,13 @@ "shape":"ResourceSnapshotArn", "documentation":"

    The Amazon Resource Name (ARN) of the snapshot. This globally unique identifier can be used for cross-service references and in IAM policies.

    " }, - "CreatedBy":{ - "shape":"AwsAccount", - "documentation":"

    The AWS account ID of the entity that owns the resource from which the snapshot was created.

    " + "Revision":{ + "shape":"ResourceSnapshotRevision", + "documentation":"

    The revision number of the snapshot. This integer value is incremented each time the snapshot is updated, allowing for version tracking of the resource snapshot.

    " + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of resource snapshotted.

    " }, "ResourceId":{ "shape":"ResourceIdentifier", @@ -5012,13 +5025,9 @@ "shape":"ResourceTemplateName", "documentation":"

    The name of the template used to create the snapshot.

    " }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource snapshotted.

    " - }, - "Revision":{ - "shape":"ResourceSnapshotRevision", - "documentation":"

    The revision number of the snapshot. This integer value is incremented each time the snapshot is updated, allowing for version tracking of the resource snapshot.

    " + "CreatedBy":{ + "shape":"AwsAccount", + "documentation":"

    The AWS account ID of the entity that owns the resource from which the snapshot was created.

    " } }, "documentation":"

    Provides a concise summary of a resource snapshot, including its unique identifier and version information. This structure is used to quickly reference and identify specific versions of resource snapshots.

    " @@ -5029,7 +5038,7 @@ }, "ResourceTemplateName":{ "type":"string", - "pattern":"^[a-zA-Z0-9]{3,80}$" + "pattern":"[a-zA-Z0-9]{3,80}" }, "ResourceType":{ "type":"string", @@ -5082,10 +5091,6 @@ "type":"structure", "required":["Email"], "members":{ - "BusinessTitle":{ - "shape":"JobTitle", - "documentation":"

    The sender-provided contact's title (job title or role) associated with the EngagementInvitation.

    " - }, "Email":{ "shape":"SenderContactEmail", "documentation":"

    The sender-provided contact's email address associated with the EngagementInvitation.

    " @@ -5098,6 +5103,10 @@ "shape":"Name", "documentation":"

    The sender-provided contact's first name associated with the EngagementInvitation.

    " }, + "BusinessTitle":{ + "shape":"JobTitle", + "documentation":"

    The sender-provided contact's title (job title or role) associated with the EngagementInvitation.

    " + }, "Phone":{ "shape":"PhoneNumber", "documentation":"

    The sender-provided contact's phone number associated with the EngagementInvitation.

    " @@ -5109,7 +5118,7 @@ "type":"string", "max":80, "min":0, - "pattern":"^[a-zA-Z0-9.!#$%&'*+/=?^_{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$", + "pattern":"[a-zA-Z0-9.!#$%&'*+/=?^_{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*", "sensitive":true }, "SenderContactList":{ @@ -5133,6 +5142,10 @@ "shape":"RevenueModel", "documentation":"

    Specifies the customer's intended payment type agreement or procurement method to acquire the solution or service outlined in the Opportunity.

    " }, + "Value":{ + "shape":"MonetaryValue", + "documentation":"

    Specifies the payment value (amount and currency).

    " + }, "EffectiveDate":{ "shape":"Date", "documentation":"

    Specifies the Opportunity's customer engagement start date for the contract's effectiveness.

    " @@ -5140,49 +5153,37 @@ "ExpirationDate":{ "shape":"Date", "documentation":"

    Specifies the expiration date for the contract between the customer and Amazon Web Services partner. It signifies the termination date of the agreed-upon engagement period between both parties.

    " - }, - "Value":{ - "shape":"MonetaryValue", - "documentation":"

    Specifies the payment value (amount and currency).

    " } }, "documentation":"

    Specifies a customer's procurement terms details. Required only for partners in eligible programs.

    " }, "SolutionArn":{ "type":"string", - "pattern":"^S-[0-9]{1,19}$" + "pattern":"S-[0-9]{1,19}" }, "SolutionBase":{ "type":"structure", "required":[ "Catalog", - "Category", - "CreatedDate", "Id", "Name", - "Status" + "Status", + "Category", + "CreatedDate" ], "members":{ - "Arn":{ - "shape":"SolutionArn", - "documentation":"

    The SolutionBase structure provides essential information about a solution.

    " - }, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog in which the solution is hosted, either AWS or Sandbox. This helps partners differentiate between live solutions and those in testing environments.

    " }, - "Category":{ - "shape":"String", - "documentation":"

    Specifies the solution category, which helps to categorize and organize the solutions partners offer. Valid values: Software Product | Consulting Service | Hardware Product | Communications Product | Professional Service | Managed Service | Value-Added Resale Amazon Web Services Service | Distribution Service | Training Service | Merger and Acquisition Advising Service.

    " - }, - "CreatedDate":{ - "shape":"DateTime", - "documentation":"

    Indicates the solution creation date. This is useful to track and audit.

    " - }, "Id":{ "shape":"SolutionIdentifier", "documentation":"

    Enables the association of solutions (offerings) to opportunities.

    " }, + "Arn":{ + "shape":"SolutionArn", + "documentation":"

    The SolutionBase structure provides essential information about a solution.

    " + }, "Name":{ "shape":"String", "documentation":"

    Specifies the solution name.

    " @@ -5190,13 +5191,21 @@ "Status":{ "shape":"SolutionStatus", "documentation":"

    Specifies the solution's current status, which indicates its state in the system. Valid values: Active | Inactive | Draft. The status helps partners and Amazon Web Services track the solution's lifecycle and availability. Filter for Active solutions for association to an opportunity.

    " + }, + "Category":{ + "shape":"String", + "documentation":"

    Specifies the solution category, which helps to categorize and organize the solutions partners offer. Valid values: Software Product | Consulting Service | Hardware Product | Communications Product | Professional Service | Managed Service | Value-Added Resale Amazon Web Services Service | Distribution Service | Training Service | Merger and Acquisition Advising Service.

    " + }, + "CreatedDate":{ + "shape":"DateTime", + "documentation":"

    Indicates the solution creation date. This is useful to track and audit.

    " } }, "documentation":"

    Specifies minimal information for the solution offered to solve the customer's business problem.

    " }, "SolutionIdentifier":{ "type":"string", - "pattern":"^S-[0-9]{1,19}$" + "pattern":"S-[0-9]{1,19}" }, "SolutionIdentifiers":{ "type":"list", @@ -5209,17 +5218,17 @@ "SolutionSort":{ "type":"structure", "required":[ - "SortBy", - "SortOrder" + "SortOrder", + "SortBy" ], "members":{ - "SortBy":{ - "shape":"SolutionSortName", - "documentation":"

    Specifies the attribute to sort by, such as Name, CreatedDate, or Status.

    " - }, "SortOrder":{ "shape":"SortOrder", "documentation":"

    Specifies the sorting order, either Ascending or Descending. The default is Descending.

    " + }, + "SortBy":{ + "shape":"SolutionSortName", + "documentation":"

    Specifies the attribute to sort by, such as Name, CreatedDate, or Status.

    " } }, "documentation":"

    Configures the solutions' response sorting that enables partners to order solutions based on specified attributes.

    " @@ -5302,66 +5311,65 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    A list of objects specifying each tag name and value.

    " + "documentation":"

    A map of the key-value pairs of the tag or tags to assign.

    " } } }, "StartEngagementByAcceptingInvitationTaskRequestClientTokenString":{ "type":"string", "min":1, - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "StartEngagementByAcceptingInvitationTaskResponse":{ "type":"structure", "members":{ - "EngagementInvitationId":{ - "shape":"EngagementInvitationIdentifier", - "documentation":"

    Returns the identifier of the engagement invitation that was accepted and used to create the opportunity.

    " + "TaskId":{ + "shape":"TaskIdentifier", + "documentation":"

    The unique identifier of the task, used to track the task’s progress.

    " + }, + "TaskArn":{ + "shape":"TaskArn", + "documentation":"

    The Amazon Resource Name (ARN) of the task, used for tracking and managing the task within AWS.

    " + }, + "StartTime":{ + "shape":"DateTime", + "documentation":"

    The timestamp indicating when the task was initiated. The format follows RFC 3339 section 5.6.

    " + }, + "TaskStatus":{ + "shape":"TaskStatus", + "documentation":"

    Indicates the current status of the task.

    " }, "Message":{ "shape":"String", "documentation":"

    If the task fails, this field contains a detailed message describing the failure and possible recovery steps.

    " }, - "OpportunityId":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Returns the original opportunity identifier passed in the request. This is the unique identifier for the opportunity.

    " - }, "ReasonCode":{ "shape":"ReasonCode", "documentation":"

    Indicates the reason for task failure using an enumerated code.

    " }, + "OpportunityId":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Returns the original opportunity identifier passed in the request. This is the unique identifier for the opportunity.

    " + }, "ResourceSnapshotJobId":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    The identifier of the Resource Snapshot Job created as part of this task.

    " }, - "StartTime":{ - "shape":"DateTime", - "documentation":"

    The timestamp indicating when the task was initiated. The format follows RFC 3339 section 5.6.

    " - }, - "TaskArn":{ - "shape":"TaskArn", - "documentation":"

    The Amazon Resource Name (ARN) of the task, used for tracking and managing the task within AWS.

    " - }, - "TaskId":{ - "shape":"TaskIdentifier", - "documentation":"

    The unique identifier of the task, used to track the task’s progress.

    " - }, - "TaskStatus":{ - "shape":"TaskStatus", - "documentation":"

    Indicates the current status of the task.

    " + "EngagementInvitationId":{ + "shape":"EngagementInvitationIdentifier", + "documentation":"

    Returns the identifier of the engagement invitation that was accepted and used to create the opportunity.

    " } } }, "StartEngagementFromOpportunityTaskRequest":{ "type":"structure", "required":[ - "AwsSubmission", "Catalog", "ClientToken", - "Identifier" + "Identifier", + "AwsSubmission" ], "members":{ - "AwsSubmission":{"shape":"AwsSubmission"}, "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog in which the engagement is tracked. Acceptable values include AWS for production and Sandbox for testing environments.

    " @@ -5375,59 +5383,60 @@ "shape":"OpportunityIdentifier", "documentation":"

    The unique identifier of the opportunity from which the engagement task is to be initiated. This helps ensure that the task is applied to the correct opportunity.

    " }, + "AwsSubmission":{"shape":"AwsSubmission"}, "Tags":{ "shape":"TagList", - "documentation":"

    A list of objects specifying each tag name and value.

    " + "documentation":"

    A map of the key-value pairs of the tag or tags to assign.

    " } } }, "StartEngagementFromOpportunityTaskRequestClientTokenString":{ "type":"string", "min":1, - "pattern":"^[!-~]{1,64}$" + "pattern":"[!-~]{1,64}" }, "StartEngagementFromOpportunityTaskResponse":{ "type":"structure", "members":{ - "EngagementId":{ - "shape":"EngagementIdentifier", - "documentation":"

    The identifier of the newly created Engagement. Only populated if TaskStatus is COMPLETE.

    " + "TaskId":{ + "shape":"TaskIdentifier", + "documentation":"

    The unique identifier of the task, used to track the task’s progress. This value follows a specific pattern: ^oit-[0-9a-z]{13}$.

    " }, - "EngagementInvitationId":{ - "shape":"EngagementInvitationIdentifier", - "documentation":"

    The identifier of the new Engagement invitation. Only populated if TaskStatus is COMPLETE.

    " + "TaskArn":{ + "shape":"TaskArn", + "documentation":"

    The Amazon Resource Name (ARN) of the task, used for tracking and managing the task within AWS.

    " + }, + "StartTime":{ + "shape":"DateTime", + "documentation":"

    The timestamp indicating when the task was initiated. The format follows RFC 3339 section 5.6.

    " + }, + "TaskStatus":{ + "shape":"TaskStatus", + "documentation":"

    Indicates the current status of the task. Valid values include IN_PROGRESS, COMPLETE, and FAILED.

    " }, "Message":{ "shape":"String", "documentation":"

    If the task fails, this field contains a detailed message describing the failure and possible recovery steps.

    " }, - "OpportunityId":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Returns the original opportunity identifier passed in the request, which is the unique identifier for the opportunity created in the partner’s system.

    " - }, "ReasonCode":{ "shape":"ReasonCode", "documentation":"

    Indicates the reason for task failure using an enumerated code.

    " }, + "OpportunityId":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Returns the original opportunity identifier passed in the request, which is the unique identifier for the opportunity created in the partner’s system.

    " + }, "ResourceSnapshotJobId":{ "shape":"ResourceSnapshotJobIdentifier", "documentation":"

    The identifier of the resource snapshot job created to add the opportunity resource snapshot to the Engagement. Only populated if TaskStatus is COMPLETE

    " }, - "StartTime":{ - "shape":"DateTime", - "documentation":"

    The timestamp indicating when the task was initiated. The format follows RFC 3339 section 5.6.

    " - }, - "TaskArn":{ - "shape":"TaskArn", - "documentation":"

    The Amazon Resource Name (ARN) of the task, used for tracking and managing the task within AWS.

    " - }, - "TaskId":{ - "shape":"TaskIdentifier", - "documentation":"

    The unique identifier of the task, used to track the task’s progress. This value follows a specific pattern: ^oit-[0-9a-z]{13}$.

    " + "EngagementId":{ + "shape":"EngagementIdentifier", + "documentation":"

    The identifier of the newly created Engagement. Only populated if TaskStatus is COMPLETE.

    " }, - "TaskStatus":{ - "shape":"TaskStatus", - "documentation":"

    Indicates the current status of the task. Valid values include IN_PROGRESS, COMPLETE, and FAILED.

    " + "EngagementInvitationId":{ + "shape":"EngagementInvitationIdentifier", + "documentation":"

    The identifier of the new Engagement invitation. Only populated if TaskStatus is COMPLETE.

    " } } }, @@ -5514,7 +5523,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TagKeyList":{ "type":"list", @@ -5541,38 +5550,37 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + "documentation":"

    A map of the key-value pairs of the tag or tags to assign.

    " } } }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TaggableResourceArn":{ "type":"string", "max":1000, "min":1, - "pattern":"^arn:[\\w+=/,.@-]+:partnercentral:[\\w+=/,.@-]*:[0-9]{12}:catalog/([a-zA-Z]+)/[\\w+=,.@-]+(/[\\w+=,.@-]+)*$" + "pattern":"arn:[\\w+=/,.@-]+:partnercentral:[\\w+=/,.@-]*:[0-9]{12}:catalog/([a-zA-Z]+)/[\\w+=,.@-]+(/[\\w+=,.@-]+)*" }, "TaskArn":{ "type":"string", - "pattern":"^arn:.*" + "pattern":"arn:.*" }, "TaskArnOrIdentifier":{ "type":"string", - "pattern":"^(arn:.*|task-[0-9a-z]{13})$" + "pattern":"(arn:.*|task-[0-9a-z]{13})" }, "TaskIdentifier":{ "type":"string", - "pattern":"task-[0-9a-z]{13}$" + "pattern":".*task-[0-9a-z]{13}" }, "TaskIdentifiers":{ "type":"list", @@ -5621,64 +5629,63 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOpportunityRequest":{ "type":"structure", "required":[ "Catalog", - "Identifier", - "LastModifiedDate" + "LastModifiedDate", + "Identifier" ], "members":{ "Catalog":{ "shape":"CatalogIdentifier", "documentation":"

    Specifies the catalog associated with the request. This field takes a string value from a predefined list: AWS or Sandbox. The catalog determines which environment the opportunity is updated in. Use AWS to update real opportunities in the production environment, and Sandbox for testing in secure, isolated environments. When you use the Sandbox catalog, it allows you to simulate and validate your interactions with Amazon Web Services services without affecting live data or operations.

    " }, - "Customer":{ - "shape":"Customer", - "documentation":"

    Specifies details of the customer associated with the Opportunity.

    " - }, - "Identifier":{ - "shape":"OpportunityIdentifier", - "documentation":"

    Read-only, system generated Opportunity unique identifier.

    " - }, - "LastModifiedDate":{ - "shape":"DateTime", - "documentation":"

    DateTime when the opportunity was last modified.

    " - }, - "LifeCycle":{ - "shape":"LifeCycle", - "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " - }, - "Marketing":{ - "shape":"Marketing", - "documentation":"

    An object that contains marketing details for the Opportunity.

    " + "PrimaryNeedsFromAws":{ + "shape":"PrimaryNeedsFromAws", + "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an AWS seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connection with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs RFx support from Amazon Web Services.

    " }, "NationalSecurity":{ "shape":"NationalSecurity", "documentation":"

    Specifies if the opportunity is associated with national security concerns. This flag is only applicable when the industry is Government. For national-security-related opportunities, validation and compliance rules may apply, impacting the opportunity's visibility and processing.

    " }, - "OpportunityType":{ - "shape":"OpportunityType", - "documentation":"

    Specifies the opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " - }, "PartnerOpportunityIdentifier":{ "shape":"UpdateOpportunityRequestPartnerOpportunityIdentifierString", "documentation":"

    Specifies the opportunity's unique identifier in the partner's CRM system. This value is essential to track and reconcile because it's included in the outbound payload sent back to the partner.

    " }, - "PrimaryNeedsFromAws":{ - "shape":"PrimaryNeedsFromAws", - "documentation":"

    Identifies the type of support the partner needs from Amazon Web Services.

    Valid values:

    • Cosell—Architectural Validation: Confirmation from Amazon Web Services that the partner's proposed solution architecture is aligned with Amazon Web Services best practices and poses minimal architectural risks.

    • Cosell—Business Presentation: Request Amazon Web Services seller's participation in a joint customer presentation.

    • Cosell—Competitive Information: Access to Amazon Web Services competitive resources and support for the partner's proposed solution.

    • Cosell—Pricing Assistance: Connect with an AWS seller for support situations where a partner may be receiving an upfront discount on a service (for example: EDP deals).

    • Cosell—Technical Consultation: Connection with an Amazon Web Services Solutions Architect to address the partner's questions about the proposed solution.

    • Cosell—Total Cost of Ownership Evaluation: Assistance with quoting different cost savings of proposed solutions on Amazon Web Services versus on-premises or a traditional hosting environment.

    • Cosell—Deal Support: Request Amazon Web Services seller's support to progress the opportunity (for example: joint customer call, strategic positioning).

    • Cosell—Support for Public Tender/RFx: Opportunity related to the public sector where the partner needs RFx support from Amazon Web Services.

    " + "Customer":{ + "shape":"Customer", + "documentation":"

    Specifies details of the customer associated with the Opportunity.

    " }, "Project":{ "shape":"Project", "documentation":"

    An object that contains project details summary for the Opportunity.

    " }, + "OpportunityType":{ + "shape":"OpportunityType", + "documentation":"

    Specifies the opportunity type as a renewal, new, or expansion.

    Opportunity types:

    • New opportunity: Represents a new business opportunity with a potential customer that's not previously engaged with your solutions or services.

    • Renewal opportunity: Represents an opportunity to renew an existing contract or subscription with a current customer, ensuring continuity of service.

    • Expansion opportunity: Represents an opportunity to expand the scope of an existing contract or subscription, either by adding new services or increasing the volume of existing services for a current customer.

    " + }, + "Marketing":{ + "shape":"Marketing", + "documentation":"

    An object that contains marketing details for the Opportunity.

    " + }, "SoftwareRevenue":{ "shape":"SoftwareRevenue", "documentation":"

    Specifies details of a customer's procurement terms. Required only for partners in eligible programs.

    " + }, + "LastModifiedDate":{ + "shape":"DateTime", + "documentation":"

    DateTime when the opportunity was last modified.

    " + }, + "Identifier":{ + "shape":"OpportunityIdentifier", + "documentation":"

    Read-only, system generated Opportunity unique identifier.

    " + }, + "LifeCycle":{ + "shape":"LifeCycle", + "documentation":"

    An object that contains lifecycle details for the Opportunity.

    " } } }, @@ -5715,14 +5722,14 @@ "Reason" ], "members":{ - "ErrorList":{ - "shape":"ValidationExceptionErrorList", - "documentation":"

    A list of issues that were discovered in the submitted request or the resource state.

    " - }, "Message":{"shape":"String"}, "Reason":{ "shape":"ValidationExceptionReason", "documentation":"

    The primary reason for this validation exception to occur.

    • REQUEST_VALIDATION_FAILED: The request format is not valid.

      Fix: Verify your request payload includes all required fields, uses correct data types and string formats.

    • BUSINESS_VALIDATION_FAILED: The requested change doesn't pass the business validation rules.

      Fix: Check that your change aligns with the business rules defined by AWS Partner Central.

    " + }, + "ErrorList":{ + "shape":"ValidationExceptionErrorList", + "documentation":"

    A list of issues that were discovered in the submitted request or the resource state.

    " } }, "documentation":"

    The input fails to satisfy the constraints specified by the service or business validation rules.

    Suggested action: Review the error message, including the failed fields and reasons, to correct the request payload.

    ", @@ -5731,14 +5738,10 @@ "ValidationExceptionError":{ "type":"structure", "required":[ - "Code", - "Message" + "Message", + "Code" ], "members":{ - "Code":{ - "shape":"ValidationExceptionErrorCode", - "documentation":"

    Specifies the error code for the invalid field value.

    " - }, "FieldName":{ "shape":"String", "documentation":"

    Specifies the field name with the invalid value.

    " @@ -5746,6 +5749,10 @@ "Message":{ "shape":"String", "documentation":"

    Specifies the detailed error message for the invalid field value.

    " + }, + "Code":{ + "shape":"ValidationExceptionErrorCode", + "documentation":"

    Specifies the error code for the invalid field value.

    " } }, "documentation":"

    Indicates an invalid value for a field.

    • REQUIRED_FIELD_MISSING: The request is missing a required field.

      Fix: Verify your request payload includes all required fields.

    • INVALID_ENUM_VALUE: The enum field value isn't an accepted values.

      Fix: Check the documentation for the list of valid enum values, and update your request with a valid value.

    • INVALID_STRING_FORMAT: The string format is invalid.

      Fix: Confirm that the string is in the expected format (For example: email address, date).

    • INVALID_VALUE: The value isn't valid.

      Fix: Confirm that the value meets the expected criteria and is within the allowable range or set.

    • TOO_MANY_VALUES: There are too many values in a field that expects fewer entries.

      Fix: Reduce the number of values to match the expected limit.

    • ACTION_NOT_PERMITTED: The action isn't permitted due to current state or permissions.

      Fix: Verify that the action is appropriate for the current state, and that you have the necessary permissions to perform it.

    • DUPLICATE_KEY_VALUE: The value in a field duplicates a value that must be unique.

      Fix: Verify that the value is unique and doesn't duplicate an existing value in the system.

    " diff -pruN 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/waiters-2.json 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/waiters-2.json --- 2.23.6-1/awscli/botocore/data/partnercentral-selling/2022-07-26/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/partnercentral-selling/2022-07-26/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/payment-cryptography/2021-09-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/payment-cryptography/2021-09-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/payment-cryptography/2021-09-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/payment-cryptography/2021-09-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json 2.31.35-1/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json --- 2.23.6-1/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/payment-cryptography/2021-09-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,25 @@ "uid":"payment-cryptography-2021-09-14" }, "operations":{ + "AddKeyReplicationRegions":{ + "name":"AddKeyReplicationRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AddKeyReplicationRegionsInput"}, + "output":{"shape":"AddKeyReplicationRegionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Adds replication Amazon Web Services Regions to an existing Amazon Web Services Payment Cryptography key, enabling the key to be used for cryptographic operations in additional Amazon Web Services Regions.

    Multi-Region key replication allow you to use the same key material across multiple Amazon Web Services Regions, providing lower latency for applications distributed across regions. When you add Replication Regions, Amazon Web Services Payment Cryptography securely replicates the key material to the specified Amazon Web Services Regions.

    The key must be in an active state to add Replication Regions. You can add multiple regions in a single operation, and the key will be available for use in those regions once replication is complete.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + }, "CreateAlias":{ "name":"CreateAlias", "http":{ @@ -54,7 +73,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption.

    In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.

    When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information about valid combinations of key attributes, see Understanding key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.

    Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption.

    In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.

    When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.

    For information about valid combinations of key attributes, see Understanding key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.

    You can use the CreateKey operation to generate an ECC (Elliptic Curve Cryptography) key pair used for establishing an ECDH (Elliptic Curve Diffie-Hellman) key agreement between two parties. In the ECDH key agreement process, both parties generate their own ECC key pair with key usage K3 and exchange the public keys. Each party then use their private key, the received public key from the other party, and the key derivation parameters including key derivation function, hash algorithm, derivation data, and key algorithm to derive a shared key.

    To maintain the single-use principle of cryptographic keys in payments, ECDH derived keys should not be used for multiple purposes, such as a TR31_P0_PIN_ENCRYPTION_KEY and TR31_K1_KEY_BLOCK_PROTECTION_KEY. When creating ECC key pairs in Amazon Web Services Payment Cryptography you can optionally set the DeriveKeyUsage parameter, which defines the key usage bound to the symmetric key that will be derived using the ECC key pair.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "DeleteAlias":{ "name":"DeleteAlias", @@ -96,6 +115,44 @@ "documentation":"

    Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key.

    Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period set using DeleteKeyInDays. The default waiting period is 7 days. During the waiting period, the KeyState is DELETE_PENDING. After the key is deleted, the KeyState is DELETE_COMPLETE.

    You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", "idempotent":true }, + "DisableDefaultKeyReplicationRegions":{ + "name":"DisableDefaultKeyReplicationRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableDefaultKeyReplicationRegionsInput"}, + "output":{"shape":"DisableDefaultKeyReplicationRegionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Disables Multi-Region key replication settings for the specified Amazon Web Services Regions in your Amazon Web Services account, preventing new keys from being automatically replicated to those regions.

    After disabling Multi-Region key replication for specific regions, new keys created in your account will not be automatically replicated to those regions. You can still manually add replication to those regions for individual keys using the AddKeyReplicationRegions operation.

    This operation does not affect existing keys or their current replication configuration.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + }, + "EnableDefaultKeyReplicationRegions":{ + "name":"EnableDefaultKeyReplicationRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableDefaultKeyReplicationRegionsInput"}, + "output":{"shape":"EnableDefaultKeyReplicationRegionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Enables Multi-Region key replication settings for your Amazon Web Services account, causing new keys to be automatically replicated to the specified Amazon Web Services Regions when created.

    When Multi-Region key replication are enabled, any new keys created in your account will automatically be replicated to these regions unless you explicitly override this behavior during key creation. This simplifies key management for applications that operate across multiple regions.

    Existing keys are not affected by this operation - only keys created after enabling default replication will be automatically replicated.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + }, "ExportKey":{ "name":"ExportKey", "http":{ @@ -113,7 +170,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Exports a key from Amazon Web Services Payment Cryptography.

    Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ExportKey you can export symmetric keys using either symmetric and asymmetric key exchange mechanisms. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography

    For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange mechanism. Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK). After which you can export working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.

    The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block. With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram format and you will need to specify the key attributes during import.

    You can also use ExportKey functionality to generate and export an IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber). The generated IPEK does not persist within Amazon Web Services Payment Cryptography and has to be re-generated each time during export.

    For key exchange using TR-31 or TR-34 key blocks, you can also export optional blocks within the key block header which contain additional attribute information about the key. The KeyVersion within KeyBlockHeaders indicates the version of the key within the key block. Furthermore, KeyExportability within KeyBlockHeaders can be used to further restrict exportability of the key after export from Amazon Web Services Payment Cryptography.

    The OptionalBlocks contain the additional data related to the key. For information on data type that can be included within optional blocks, refer to ASC X9.143-2022.

    Data included in key block headers is signed but transmitted in clear text. Sensitive or confidential information should not be included in optional blocks. Refer to ASC X9.143-2022 standard for information on allowed data type.

    To export initial keys (KEK) or IPEK using TR-34

    Using this operation, you can export initial key using TR-34 asymmetric key exchange. You can only export KEK generated within Amazon Web Services Payment Cryptography. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export and KRD is the user receiving the key.

    To initiate TR-34 key export, the KRD must obtain an export token by calling GetParametersForExport. This operation also generates a key pair for the purpose of key export, signs the key and returns back the signing public key certificate (also known as KDH signing certificate) and root certificate chain. The KDH uses the private key to sign the the export payload and the signing public key certificate is provided to KRD to verify the signature. The KRD can import the root certificate into its Hardware Security Module (HSM), as required. The export token and the associated KDH signing certificate expires after 7 days.

    Next the KRD generates a key pair for the the purpose of encrypting the KDH key and provides the public key cerificate (also known as KRD wrapping certificate) back to KDH. The KRD will also import the root cerificate chain into Amazon Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey. The KDH, Amazon Web Services Payment Cryptography, will use the KRD wrapping cerificate to encrypt (wrap) the key under export and signs it with signing private key to generate a TR-34 WrappedKeyBlock. For more information on TR-34 key export, see section Exporting symmetric keys in the Amazon Web Services Payment Cryptography User Guide.

    Set the following parameters:

    • ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.

    • ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.

    • KeyMaterial: Use Tr34KeyBlock parameters.

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KRD wrapping key certificate.

    • ExportToken: Obtained from KDH by calling GetParametersForImport.

    • WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KRD wrapping key Amazon Web Services Payment Cryptography uses for encryption of the TR-34 export payload. This certificate must be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services Payment Cryptography.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the KEK or IPEK as a TR-34 WrappedKeyBlock.

    To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap

    Using this operation, you can export initial key using asymmetric RSA wrap and unwrap key exchange method. To initiate export, generate an asymmetric key pair on the receiving HSM and obtain the public key certificate in PEM format (base64 encoded) for the purpose of wrapping and the root certifiate chain. Import the root certificate into Amazon Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey.

    Next call ExportKey and set the following parameters:

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed wrapping key certificate.

    • KeyMaterial: Set to KeyCryptogram.

    • WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) obtained by the receiving HSM and signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services Payment Cryptography. The receiving HSM uses its private key component to unwrap the WrappedKeyCryptogram.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the WrappedKeyCryptogram.

    To export working keys or IPEK using TR-31

    Using this operation, you can export working keys or IPEK using TR-31 symmetric key exchange. In TR-31, you must use an initial key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or ImportKey.

    Set the following parameters:

    • ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.

    • ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.

    • KeyMaterial: Use Tr31KeyBlock parameters.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the working key or IPEK as a TR-31 WrappedKeyBlock.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Exports a key from Amazon Web Services Payment Cryptography.

    Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ExportKey you can export symmetric keys using either symmetric and asymmetric key exchange mechanisms. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography

    For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm, RSA unwrap, and ECDH (Elliptic Curve Diffie-Hellman) key exchange mechanisms. Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK). After which you can export working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.

    PCI requires specific minimum key strength of wrapping keys used to protect the keys being exchanged electronically. These requirements can change when PCI standards are revised. The rules specify that wrapping keys used for transport must be at least as strong as the key being protected. For more information on recommended key strength of wrapping keys and key exchange mechanism, see Importing and exporting keys in the Amazon Web Services Payment Cryptography User Guide.

    You can also use ExportKey functionality to generate and export an IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber). The generated IPEK does not persist within Amazon Web Services Payment Cryptography and has to be re-generated each time during export.

    For key exchange using TR-31 or TR-34 key blocks, you can also export optional blocks within the key block header which contain additional attribute information about the key. The KeyVersion within KeyBlockHeaders indicates the version of the key within the key block. Furthermore, KeyExportability within KeyBlockHeaders can be used to further restrict exportability of the key after export from Amazon Web Services Payment Cryptography.

    The OptionalBlocks contain the additional data related to the key. For information on data type that can be included within optional blocks, refer to ASC X9.143-2022.

    Data included in key block headers is signed but transmitted in clear text. Sensitive or confidential information should not be included in optional blocks. Refer to ASC X9.143-2022 standard for information on allowed data type.

    To export initial keys (KEK) or IPEK using TR-34

    Using this operation, you can export initial key using TR-34 asymmetric key exchange. You can only export KEK generated within Amazon Web Services Payment Cryptography. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export and KRD is the user receiving the key.

    To initiate TR-34 key export, the KRD must obtain an export token by calling GetParametersForExport. This operation also generates a key pair for the purpose of key export, signs the key and returns back the signing public key certificate (also known as KDH signing certificate) and root certificate chain. The KDH uses the private key to sign the the export payload and the signing public key certificate is provided to KRD to verify the signature. The KRD can import the root certificate into its Hardware Security Module (HSM), as required. The export token and the associated KDH signing certificate expires after 30 days.

    Next the KRD generates a key pair for the the purpose of encrypting the KDH key and provides the public key cerificate (also known as KRD wrapping certificate) back to KDH. The KRD will also import the root cerificate chain into Amazon Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey. The KDH, Amazon Web Services Payment Cryptography, will use the KRD wrapping cerificate to encrypt (wrap) the key under export and signs it with signing private key to generate a TR-34 WrappedKeyBlock. For more information on TR-34 key export, see section Exporting symmetric keys in the Amazon Web Services Payment Cryptography User Guide.

    Set the following parameters:

    • ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.

    • ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.

    • KeyMaterial: Use Tr34KeyBlock parameters.

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KRD wrapping key certificate.

    • ExportToken: Obtained from KDH by calling GetParametersForImport.

    • WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KRD wrapping key Amazon Web Services Payment Cryptography uses for encryption of the TR-34 export payload. This certificate must be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services Payment Cryptography.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the KEK or IPEK as a TR-34 WrappedKeyBlock.

    To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap

    Using this operation, you can export initial key using asymmetric RSA wrap and unwrap key exchange method. To initiate export, generate an asymmetric key pair on the receiving HSM and obtain the public key certificate in PEM format (base64 encoded) for the purpose of wrapping and the root certifiate chain. Import the root certificate into Amazon Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey.

    Next call ExportKey and set the following parameters:

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed wrapping key certificate.

    • KeyMaterial: Set to KeyCryptogram.

    • WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) obtained by the receiving HSM and signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services Payment Cryptography. The receiving HSM uses its private key component to unwrap the WrappedKeyCryptogram.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the WrappedKeyCryptogram.

    To export working keys or IPEK using TR-31

    Using this operation, you can export working keys or IPEK using TR-31 symmetric key exchange. In TR-31, you must use an initial key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or ImportKey.

    Set the following parameters:

    • ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for KEK export.

    • ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.

    • KeyMaterial: Use Tr31KeyBlock parameters.

    To export working keys using ECDH

    You can also use ECDH key agreement to export working keys in a TR-31 keyblock, where the wrapping key is an ECDH derived key.

    To initiate a TR-31 key export using ECDH, both sides must create an ECC key pair with key usage K3 and exchange public key certificates. In Amazon Web Services Payment Cryptography, you can do this by calling CreateKey. If you have not already done so, you must import the CA chain that issued the receiving public key certificate by calling ImportKey with input RootCertificatePublicKey for root CA or TrustedPublicKey for intermediate CA. You can then complete a TR-31 key export by deriving a shared wrapping key using the service ECC key pair, public certificate of your ECC key pair outside of Amazon Web Services Payment Cryptography, and the key derivation parameters including key derivation function, hash algorithm, derivation data, key algorithm.

    • KeyMaterial: Use DiffieHellmanTr31KeyBlock parameters.

    • PrivateKeyIdentifier: The KeyArn of the ECC key pair created within Amazon Web Services Payment Cryptography to derive a shared KEK.

    • PublicKeyCertificate: The public key certificate of the receiving ECC key pair in PEM format (base64 encoded) to derive a shared KEK.

    • CertificateAuthorityPublicKeyIdentifier: The keyARN of the CA that signed the public key certificate of the receiving ECC key pair.

    When this operation is successful, Amazon Web Services Payment Cryptography returns the working key as a TR-31 WrappedKeyBlock, where the wrapping key is the ECDH derived key.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "GetAlias":{ "name":"GetAlias", @@ -131,7 +188,45 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the Amazon Web Services Payment Cryptography key associated with the alias.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Gets the Amazon Web Services Payment Cryptography key associated with the alias.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", + "readonly":true + }, + "GetCertificateSigningRequest":{ + "name":"GetCertificateSigningRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetCertificateSigningRequestInput"}, + "output":{"shape":"GetCertificateSigningRequestOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Creates a certificate signing request (CSR) from a key pair.

    " + }, + "GetDefaultKeyReplicationRegions":{ + "name":"GetDefaultKeyReplicationRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDefaultKeyReplicationRegionsInput"}, + "output":{"shape":"GetDefaultKeyReplicationRegionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves the list of Amazon Web Services Regions where Multi-Region key replication is currently enabled for your Amazon Web Services account.

    This operation returns the current Multi-Region key replication configuration. New keys created in your account will be automatically replicated to these regions unless explicitly overridden during key creation.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "GetKey":{ "name":"GetKey", @@ -149,7 +244,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the key material for an Amazon Web Services Payment Cryptography key, including the immutable and mutable data specified when the key was created.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Gets the key metadata for an Amazon Web Services Payment Cryptography key, including the immutable and mutable attributes specified when the key was created. Returns key metadata including attributes, state, and timestamps, but does not return the actual cryptographic key material.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", + "readonly":true }, "GetParametersForExport":{ "name":"GetParametersForExport", @@ -169,7 +265,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.

    The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 7 days. You can use the same export token to export multiple keys from your service account.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.

    The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 30 days. You can use the same export token to export multiple keys from your service account.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "GetParametersForImport":{ "name":"GetParametersForImport", @@ -189,7 +285,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34 WrappedKeyBlock or a RSA WrappedKeyCryptogram import into Amazon Web Services Payment Cryptography.

    The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 7 days. You can use the same import token to import multiple keys into your service account.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34 WrappedKeyBlock or a RSA WrappedKeyCryptogram import into Amazon Web Services Payment Cryptography.

    The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 30 days. You can use the same import token to import multiple keys into your service account.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "GetPublicKeyCertificate":{ "name":"GetPublicKeyCertificate", @@ -207,7 +303,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment Cryptography.

    Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify signatures outside of Amazon Web Services Payment Cryptography

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    " + "documentation":"

    Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment Cryptography.

    Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify signatures outside of Amazon Web Services Payment Cryptography

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    ", + "readonly":true }, "ImportKey":{ "name":"ImportKey", @@ -227,7 +324,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Imports symmetric keys and public key certificates in PEM format (base64 encoded) into Amazon Web Services Payment Cryptography.

    Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ImportKey you can import symmetric keys using either symmetric and asymmetric key exchange mechanisms.

    For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange mechanisms. Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.

    The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block. With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram format and you will need to specify the key attributes during import.

    You can also import a root public key certificate, used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.

    To import a public root key certificate

    You can also import a root public key certificate, used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.

    To import a public root key certificate

    Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.

    Set the following parameters:

    • KeyMaterial: RootCertificatePublicKey

    • KeyClass: PUBLIC_KEY

    • KeyModesOfUse: Verify

    • KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE

    • PublicKeyCertificate: The public key certificate in PEM format (base64 encoded) of the private root key under import.

    To import a trusted public key certificate

    The root public key certificate must be in place and operational before you import a trusted public key certificate. Set the following parameters:

    • KeyMaterial: TrustedCertificatePublicKey

    • CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.

    • KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap, sign, or encrypt that you will allow the trusted public key certificate to perform.

    • PublicKeyCertificate: The trusted public key certificate in PEM format (base64 encoded) under import.

    To import initial keys (KEK or ZMK or similar) using TR-34

    Using this operation, you can import initial key using TR-34 asymmetric key exchange. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During the key import process, KDH is the user who initiates the key import and KRD is Amazon Web Services Payment Cryptography who receives the key.

    To initiate TR-34 key import, the KDH must obtain an import token by calling GetParametersForImport. This operation generates an encryption keypair for the purpose of key import, signs the key and returns back the wrapping key certificate (also known as KRD wrapping certificate) and the root certificate chain. The KDH must trust and install the KRD wrapping certificate on its HSM and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import token and associated KRD wrapping certificate expires after 7 days.

    Next the KDH generates a key pair for the purpose of signing the encrypted KDH key and provides the public certificate of the signing key to Amazon Web Services Payment Cryptography. The KDH will also need to import the root certificate chain of the KDH signing certificate by calling ImportKey for RootCertificatePublicKey. For more information on TR-34 key import, see section Importing symmetric keys in the Amazon Web Services Payment Cryptography User Guide.

    Set the following parameters:

    • KeyMaterial: Use Tr34KeyBlock parameters.

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KDH signing key certificate.

    • ImportToken: Obtained from KRD by calling GetParametersForImport.

    • WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains the KDH key under import, wrapped with KRD wrapping certificate and signed by KDH signing private key. This TR-34 key block is typically generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.

    • SigningKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KDH signing key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web Services Payment Cryptography.

    To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap

    Using this operation, you can import initial key using asymmetric RSA wrap and unwrap key exchange method. To initiate import, call GetParametersForImport with KeyMaterial set to KEY_CRYPTOGRAM to generate an import token. This operation also generates an encryption keypair for the purpose of key import, signs the key and returns back the wrapping key certificate in PEM format (base64 encoded) and its root certificate chain. The import token and associated KRD wrapping certificate expires after 7 days.

    You must trust and install the wrapping certificate and its certificate chain on the sending HSM and use it to wrap the key under export for WrappedKeyCryptogram generation. Next call ImportKey with KeyMaterial set to KEY_CRYPTOGRAM and provide the ImportToken and KeyAttributes for the key under import.

    To import working keys using TR-31

    Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange norm to import working keys. A KEK must be established within Amazon Web Services Payment Cryptography by using TR-34 key import or by using CreateKey. To initiate a TR-31 key import, set the following parameters:

    • KeyMaterial: Use Tr31KeyBlock parameters.

    • WrappedKeyBlock: The TR-31 wrapped key material. It contains the key under import, encrypted using KEK. The TR-31 key block is typically generated by a HSM outside of Amazon Web Services Payment Cryptography.

    • WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment Cryptography uses to decrypt or unwrap the key under import.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Imports symmetric keys and public key certificates in PEM format (base64 encoded) into Amazon Web Services Payment Cryptography.

    Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach with a modern electronic approach. With ImportKey you can import symmetric keys using either symmetric and asymmetric key exchange mechanisms.

    For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34 norm, RSA unwrap, and ECDH (Elliptic Curve Diffie-Hellman) key exchange mechanisms. Asymmetric key exchange methods are typically used to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import working keys using symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.

    PCI requires specific minimum key strength of wrapping keys used to protect the keys being exchanged electronically. These requirements can change when PCI standards are revised. The rules specify that wrapping keys used for transport must be at least as strong as the key being protected. For more information on recommended key strength of wrapping keys and key exchange mechanism, see Importing and exporting keys in the Amazon Web Services Payment Cryptography User Guide.

    You can also import a root public key certificate, used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.

    To import a public root key certificate

    Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.

    Set the following parameters:

    • KeyMaterial: RootCertificatePublicKey

    • KeyClass: PUBLIC_KEY

    • KeyModesOfUse: Verify

    • KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE

    • PublicKeyCertificate: The public key certificate in PEM format (base64 encoded) of the private root key under import.

    To import a trusted public key certificate

    The root public key certificate must be in place and operational before you import a trusted public key certificate. Set the following parameters:

    • KeyMaterial: TrustedCertificatePublicKey

    • CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.

    • KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap, sign, or encrypt that you will allow the trusted public key certificate to perform.

    • PublicKeyCertificate: The trusted public key certificate in PEM format (base64 encoded) under import.

    To import initial keys (KEK or ZMK or similar) using TR-34

    Using this operation, you can import initial key using TR-34 asymmetric key exchange. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD). During the key import process, KDH is the user who initiates the key import and KRD is Amazon Web Services Payment Cryptography who receives the key.

    To initiate TR-34 key import, the KDH must obtain an import token by calling GetParametersForImport. This operation generates an encryption keypair for the purpose of key import, signs the key and returns back the wrapping key certificate (also known as KRD wrapping certificate) and the root certificate chain. The KDH must trust and install the KRD wrapping certificate on its HSM and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import token and associated KRD wrapping certificate expires after 30 days.

    Next the KDH generates a key pair for the purpose of signing the encrypted KDH key and provides the public certificate of the signing key to Amazon Web Services Payment Cryptography. The KDH will also need to import the root certificate chain of the KDH signing certificate by calling ImportKey for RootCertificatePublicKey. For more information on TR-34 key import, see section Importing symmetric keys in the Amazon Web Services Payment Cryptography User Guide.

    Set the following parameters:

    • KeyMaterial: Use Tr34KeyBlock parameters.

    • CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that signed the KDH signing key certificate.

    • ImportToken: Obtained from KRD by calling GetParametersForImport.

    • WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains the KDH key under import, wrapped with KRD wrapping certificate and signed by KDH signing private key. This TR-34 key block is typically generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.

    • SigningKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KDH signing key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web Services Payment Cryptography.

    To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap

    Using this operation, you can import initial key using asymmetric RSA wrap and unwrap key exchange method. To initiate import, call GetParametersForImport with KeyMaterial set to KEY_CRYPTOGRAM to generate an import token. This operation also generates an encryption keypair for the purpose of key import, signs the key and returns back the wrapping key certificate in PEM format (base64 encoded) and its root certificate chain. The import token and associated KRD wrapping certificate expires after 30 days.

    You must trust and install the wrapping certificate and its certificate chain on the sending HSM and use it to wrap the key under export for WrappedKeyCryptogram generation. Next call ImportKey with KeyMaterial set to KEY_CRYPTOGRAM and provide the ImportToken and KeyAttributes for the key under import.

    To import working keys using TR-31

    Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange norm to import working keys. A KEK must be established within Amazon Web Services Payment Cryptography by using TR-34 key import or by using CreateKey. To initiate a TR-31 key import, set the following parameters:

    • KeyMaterial: Use Tr31KeyBlock parameters.

    • WrappedKeyBlock: The TR-31 wrapped key material. It contains the key under import, encrypted using KEK. The TR-31 key block is typically generated by a HSM outside of Amazon Web Services Payment Cryptography.

    • WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment Cryptography uses to decrypt or unwrap the key under import.

    To import working keys using ECDH

    You can also use ECDH key agreement to import working keys as a TR-31 keyblock, where the wrapping key is an ECDH derived key.

    To initiate a TR-31 key import using ECDH, both sides must create an ECC key pair with key usage K3 and exchange public key certificates. In Amazon Web Services Payment Cryptography, you can do this by calling CreateKey and then GetPublicKeyCertificate to retrieve its public key certificate. Next, you can then generate a TR-31 WrappedKeyBlock using your own ECC key pair, the public certificate of the service's ECC key pair, and the key derivation parameters including key derivation function, hash algorithm, derivation data, and key algorithm. If you have not already done so, you must import the CA chain that issued the receiving public key certificate by calling ImportKey with input RootCertificatePublicKey for root CA or TrustedPublicKey for intermediate CA. To complete the TR-31 key import, you can use the following parameters. It is important that the ECDH key derivation parameters you use should match those used during import to derive the same shared wrapping key within Amazon Web Services Payment Cryptography.

    • KeyMaterial: Use DiffieHellmanTr31KeyBlock parameters.

    • PrivateKeyIdentifier: The KeyArn of the ECC key pair created within Amazon Web Services Payment Cryptography to derive a shared KEK.

    • PublicKeyCertificate: The public key certificate of the receiving ECC key pair in PEM format (base64 encoded) to derive a shared KEK.

    • CertificateAuthorityPublicKeyIdentifier: The keyARN of the CA that signed the public key certificate of the receiving ECC key pair.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "ListAliases":{ "name":"ListAliases", @@ -245,7 +342,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the aliases by keyARN. For more information, see Using aliases in the Amazon Web Services Payment Cryptography User Guide.

    This is a paginated operation, which means that each response might contain only a subset of all the aliases. When the response contains only a subset of aliases, it includes a NextToken value. Use this value in a subsequent ListAliases request to get more aliases. When you receive a response with no NextToken (or an empty or null value), that means there are no more aliases to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the aliases by keyARN. For more information, see Using aliases in the Amazon Web Services Payment Cryptography User Guide.

    This is a paginated operation, which means that each response might contain only a subset of all the aliases. When the response contains only a subset of aliases, it includes a NextToken value. Use this value in a subsequent ListAliases request to get more aliases. When you receive a response with no NextToken (or an empty or null value), that means there are no more aliases to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", + "readonly":true }, "ListKeys":{ "name":"ListKeys", @@ -263,7 +361,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of keys.

    This is a paginated operation, which means that each response might contain only a subset of all the keys. When the response contains only a subset of keys, it includes a NextToken value. Use this value in a subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an empty or null value), that means there are no more keys to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of keys.

    This is a paginated operation, which means that each response might contain only a subset of all the keys. When the response contains only a subset of keys, it includes a NextToken value. Use this value in a subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an empty or null value), that means there are no more keys to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -281,7 +380,27 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the tags for an Amazon Web Services resource.

    This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Lists the tags for an Amazon Web Services resource.

    This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    ", + "readonly":true + }, + "RemoveKeyReplicationRegions":{ + "name":"RemoveKeyReplicationRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RemoveKeyReplicationRegionsInput"}, + "output":{"shape":"RemoveKeyReplicationRegionsOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Removes Replication Regions from an existing Amazon Web Services Payment Cryptography key, disabling the key's availability for cryptographic operations in the specified Amazon Web Services Regions.

    When you remove Replication Regions, the key material is securely deleted from those regions and can no longer be used for cryptographic operations there. This operation is irreversible for the specified Amazon Web Services Regions. For more information, see Multi-Region key replication.

    Ensure that no active cryptographic operations or applications depend on the key in the regions you're removing before performing this operation.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "RestoreKey":{ "name":"RestoreKey", @@ -408,9 +527,38 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    You do not have sufficient access to perform this action.

    ", + "documentation":"

    You do not have sufficient access to perform this action.

    This exception is thrown when the caller lacks the necessary IAM permissions to perform the requested operation. Verify that your IAM policy includes the required permissions for the specific Amazon Web Services Payment Cryptography action you're attempting.

    ", "exception":true }, + "AddKeyReplicationRegionsInput":{ + "type":"structure", + "required":[ + "KeyIdentifier", + "ReplicationRegions" + ], + "members":{ + "KeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The key identifier (ARN or alias) of the key for which to add replication regions.

    This key must exist and be in a valid state for replication operations.

    " + }, + "ReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The list of Amazon Web Services Regions to add to the key's replication configuration.

    Each region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available. The key will be replicated to these regions, allowing cryptographic operations to be performed closer to your applications.

    " + } + }, + "documentation":"

    Input parameters for adding replication regions to a specific key.

    " + }, + "AddKeyReplicationRegionsOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"Key", + "documentation":"

    The updated key metadata after adding the replication regions.

    This includes the current state of the key and its replication configuration.

    " + } + }, + "documentation":"

    Output from adding replication regions to a key.

    " + }, "Alias":{ "type":"structure", "required":["AliasName"], @@ -440,19 +588,102 @@ "type":"boolean", "box":true }, - "CertificateType":{ + "CertificateSigningRequestType":{ "type":"string", "max":32768, "min":1, "pattern":"[^\\[;\\]<>]+", "sensitive":true }, + "CertificateSubjectType":{ + "type":"structure", + "required":["CommonName"], + "members":{ + "CommonName":{ + "shape":"CertificateSubjectTypeCommonNameString", + "documentation":"

    The name you provide to create the certificate signing request.

    " + }, + "OrganizationUnit":{ + "shape":"CertificateSubjectTypeOrganizationUnitString", + "documentation":"

    The organization unit you provide to create the certificate signing request.

    " + }, + "Organization":{ + "shape":"CertificateSubjectTypeOrganizationString", + "documentation":"

    The organization you provide to create the certificate signing request.

    " + }, + "City":{ + "shape":"CertificateSubjectTypeCityString", + "documentation":"

    The city you provide to create the certificate signing request.

    " + }, + "Country":{ + "shape":"CertificateSubjectTypeCountryString", + "documentation":"

    The city you provide to create the certificate signing request.

    " + }, + "StateOrProvince":{ + "shape":"CertificateSubjectTypeStateOrProvinceString", + "documentation":"

    The state or province you provide to create the certificate signing request.

    " + }, + "EmailAddress":{ + "shape":"CertificateSubjectTypeEmailAddressString", + "documentation":"

    The email address you provide to create the certificate signing request.

    " + } + }, + "documentation":"

    The metadata used to create the certificate signing request.

    " + }, + "CertificateSubjectTypeCityString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, + "CertificateSubjectTypeCommonNameString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, + "CertificateSubjectTypeCountryString":{ + "type":"string", + "max":2, + "min":2, + "pattern":"[A-Za-z]+" + }, + "CertificateSubjectTypeEmailAddressString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*" + }, + "CertificateSubjectTypeOrganizationString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, + "CertificateSubjectTypeOrganizationUnitString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, + "CertificateSubjectTypeStateOrProvinceString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, + "CertificateType":{ + "type":"string", + "max":32768, + "min":1, + "pattern":"[^\\[;\\]<>]+" + }, "ConflictException":{ "type":"structure", "members":{ "Message":{"shape":"String"} }, - "documentation":"

    This request can cause an inconsistent state for the resource.

    ", + "documentation":"

    This request can cause an inconsistent state for the resource.

    The requested operation conflicts with the current state of the resource. For example, attempting to delete a key that is currently being used, or trying to create a resource that already exists.

    ", "exception":true }, "CreateAliasInput":{ @@ -505,7 +736,12 @@ "Tags":{ "shape":"Tags", "documentation":"

    Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.

    Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.

    " - } + }, + "DeriveKeyUsage":{ + "shape":"DeriveKeyUsage", + "documentation":"

    The intended cryptographic usage of keys derived from the ECC key pair to be created.

    After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.

    " + }, + "ReplicationRegions":{"shape":"Regions"} } }, "CreateKeyOutput":{ @@ -530,8 +766,7 @@ }, "DeleteAliasOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKeyInput":{ "type":"structure", @@ -563,6 +798,85 @@ } } }, + "DeriveKeyUsage":{ + "type":"string", + "enum":[ + "TR31_B0_BASE_DERIVATION_KEY", + "TR31_C0_CARD_VERIFICATION_KEY", + "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", + "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", + "TR31_E1_EMV_MKEY_CONFIDENTIALITY", + "TR31_E2_EMV_MKEY_INTEGRITY", + "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", + "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", + "TR31_E6_EMV_MKEY_OTHER", + "TR31_K0_KEY_ENCRYPTION_KEY", + "TR31_K1_KEY_BLOCK_PROTECTION_KEY", + "TR31_M3_ISO_9797_3_MAC_KEY", + "TR31_M1_ISO_9797_1_MAC_KEY", + "TR31_M6_ISO_9797_5_CMAC_KEY", + "TR31_M7_HMAC_KEY", + "TR31_P0_PIN_ENCRYPTION_KEY", + "TR31_P1_PIN_GENERATION_KEY", + "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", + "TR31_V2_VISA_PIN_VERIFICATION_KEY" + ] + }, + "DiffieHellmanDerivationData":{ + "type":"structure", + "members":{ + "SharedInformation":{ + "shape":"SharedInformation", + "documentation":"

    A string containing information that binds the ECDH derived key to the two parties involved or to the context of the key.

    It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes. It is not recommended to reuse shared information for multiple ECDH key derivations, as it could result in derived key material being the same across different derivations.

    " + } + }, + "documentation":"

    The shared information used when deriving a key using ECDH.

    ", + "union":true + }, + "DisableDefaultKeyReplicationRegionsInput":{ + "type":"structure", + "required":["ReplicationRegions"], + "members":{ + "ReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The list of Amazon Web Services Regions to remove from the account's default replication regions.

    New keys created after this operation will not automatically be replicated to these regions, though existing keys with replication to these regions will be unaffected.

    " + } + }, + "documentation":"

    Input parameters for disabling default key replication regions for the account.

    " + }, + "DisableDefaultKeyReplicationRegionsOutput":{ + "type":"structure", + "required":["EnabledReplicationRegions"], + "members":{ + "EnabledReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The remaining list of regions where default key replication is still enabled for the account.

    This reflects the account's default replication configuration after removing the specified regions.

    " + } + }, + "documentation":"

    Output from disabling default key replication regions for the account.

    " + }, + "EnableDefaultKeyReplicationRegionsInput":{ + "type":"structure", + "required":["ReplicationRegions"], + "members":{ + "ReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The list of Amazon Web Services Regions to enable as default replication regions for the Amazon Web Services account for Multi-Region key replication.

    New keys created in this account will automatically be replicated to these regions unless explicitly overridden during key creation.

    " + } + }, + "documentation":"

    Input parameters for enabling default key replication regions for the account.

    " + }, + "EnableDefaultKeyReplicationRegionsOutput":{ + "type":"structure", + "required":["EnabledReplicationRegions"], + "members":{ + "EnabledReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The complete list of regions where default key replication is now enabled for the account.

    This includes both previously enabled regions and the newly added regions from this operation.

    " + } + }, + "documentation":"

    Output from enabling default key replication regions for the account.

    " + }, "EvenHexLengthBetween16And32":{ "type":"string", "max":32, @@ -583,6 +897,50 @@ }, "documentation":"

    The attributes for IPEK generation during export.

    " }, + "ExportDiffieHellmanTr31KeyBlock":{ + "type":"structure", + "required":[ + "PrivateKeyIdentifier", + "CertificateAuthorityPublicKeyIdentifier", + "PublicKeyCertificate", + "DeriveKeyAlgorithm", + "KeyDerivationFunction", + "KeyDerivationHashAlgorithm", + "DerivationData" + ], + "members":{ + "PrivateKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.

    " + }, + "CertificateAuthorityPublicKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the CA that signed the PublicKeyCertificate for the client's receiving ECC key pair.

    " + }, + "PublicKeyCertificate":{ + "shape":"CertificateType", + "documentation":"

    The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.

    " + }, + "DeriveKeyAlgorithm":{ + "shape":"SymmetricKeyAlgorithm", + "documentation":"

    The key algorithm of the shared derived ECDH key.

    " + }, + "KeyDerivationFunction":{ + "shape":"KeyDerivationFunction", + "documentation":"

    The key derivation function to use when deriving a key using ECDH.

    " + }, + "KeyDerivationHashAlgorithm":{ + "shape":"KeyDerivationHashAlgorithm", + "documentation":"

    The hash type to use when deriving a key using ECDH.

    " + }, + "DerivationData":{ + "shape":"DiffieHellmanDerivationData", + "documentation":"

    The shared information used when deriving a key using ECDH.

    " + }, + "KeyBlockHeaders":{"shape":"KeyBlockHeaders"} + }, + "documentation":"

    Key derivation parameter information for key material export using asymmetric ECDH key exchange method.

    " + }, "ExportDukptInitialKey":{ "type":"structure", "required":["KeySerialNumber"], @@ -651,6 +1009,10 @@ "KeyCryptogram":{ "shape":"ExportKeyCryptogram", "documentation":"

    Parameter information for key material export using asymmetric RSA wrap and unwrap key exchange method

    " + }, + "DiffieHellmanTr31KeyBlock":{ + "shape":"ExportDiffieHellmanTr31KeyBlock", + "documentation":"

    Key derivation parameter information for key material export using asymmetric ECDH key exchange method.

    " } }, "documentation":"

    Parameter information for key material export from Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.

    ", @@ -667,7 +1029,7 @@ }, "ExportTokenId":{ "type":"string", - "pattern":"export-token-[0-9a-zA-Z]{16,64}" + "pattern":"(export-token-[0-9a-zA-Z]{16,64})?" }, "ExportTr31KeyBlock":{ "type":"structure", @@ -689,7 +1051,6 @@ "required":[ "CertificateAuthorityPublicKeyIdentifier", "WrappingKeyCertificate", - "ExportToken", "KeyBlockFormat" ], "members":{ @@ -703,7 +1064,15 @@ }, "ExportToken":{ "shape":"ExportTokenId", - "documentation":"

    The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 7 days. You can use the same export token to export multiple keys from the same service account.

    " + "documentation":"

    The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 30 days. You can use the same export token to export multiple keys from the same service account.

    " + }, + "SigningKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    Key Identifier used for signing the export key

    " + }, + "SigningKeyCertificate":{ + "shape":"CertificateType", + "documentation":"

    The certificate used to sign the TR-34 key block.

    " }, "KeyBlockFormat":{ "shape":"Tr34KeyBlockFormat", @@ -740,6 +1109,54 @@ } } }, + "GetCertificateSigningRequestInput":{ + "type":"structure", + "required":[ + "KeyIdentifier", + "SigningAlgorithm", + "CertificateSubject" + ], + "members":{ + "KeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    Asymmetric key used for generating the certificate signing request

    " + }, + "SigningAlgorithm":{ + "shape":"SigningAlgorithmType", + "documentation":"

    The cryptographic algorithm used to sign your CSR.

    " + }, + "CertificateSubject":{ + "shape":"CertificateSubjectType", + "documentation":"

    The metadata used to create the CSR.

    " + } + } + }, + "GetCertificateSigningRequestOutput":{ + "type":"structure", + "required":["CertificateSigningRequest"], + "members":{ + "CertificateSigningRequest":{ + "shape":"CertificateSigningRequestType", + "documentation":"

    The certificate signing request generated using the key pair associated with the key identifier.

    " + } + } + }, + "GetDefaultKeyReplicationRegionsInput":{ + "type":"structure", + "members":{}, + "documentation":"

    Input parameters for retrieving the account's default key replication regions. This operation requires no input parameters.

    " + }, + "GetDefaultKeyReplicationRegionsOutput":{ + "type":"structure", + "required":["EnabledReplicationRegions"], + "members":{ + "EnabledReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The list of regions where default key replication is currently enabled for the account.

    New keys created in this account will automatically be replicated to these regions unless explicitly configured otherwise during key creation.

    " + } + }, + "documentation":"

    Output containing the account's current default key replication configuration.

    " + }, "GetKeyInput":{ "type":"structure", "required":["KeyIdentifier"], @@ -756,7 +1173,7 @@ "members":{ "Key":{ "shape":"Key", - "documentation":"

    The key material, including the immutable and mutable data for the key.

    " + "documentation":"

    Contains the key metadata, including both immutable and mutable attributes for the key, but does not include actual cryptographic key material.

    " } } }, @@ -789,7 +1206,7 @@ "members":{ "SigningKeyCertificate":{ "shape":"CertificateType", - "documentation":"

    The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.

    " + "documentation":"

    The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 30 days.

    " }, "SigningKeyCertificateChain":{ "shape":"CertificateType", @@ -801,7 +1218,7 @@ }, "ExportToken":{ "shape":"ExportTokenId", - "documentation":"

    The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.

    " + "documentation":"

    The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 30 days. You can use the same export token to export multiple keys from the same service account.

    " }, "ParametersValidUntilTimestamp":{ "shape":"Timestamp", @@ -838,7 +1255,7 @@ "members":{ "WrappingKeyCertificate":{ "shape":"CertificateType", - "documentation":"

    The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.

    " + "documentation":"

    The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 30 days.

    " }, "WrappingKeyCertificateChain":{ "shape":"CertificateType", @@ -850,7 +1267,7 @@ }, "ImportToken":{ "shape":"ImportTokenId", - "documentation":"

    The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.

    " + "documentation":"

    The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 30 days. You can use the same import token to import multiple keys to the same service account.

    " }, "ParametersValidUntilTimestamp":{ "shape":"Timestamp", @@ -891,6 +1308,54 @@ "min":20, "pattern":"[0-9A-F]{20}$|^[0-9A-F]{24}" }, + "ImportDiffieHellmanTr31KeyBlock":{ + "type":"structure", + "required":[ + "PrivateKeyIdentifier", + "CertificateAuthorityPublicKeyIdentifier", + "PublicKeyCertificate", + "DeriveKeyAlgorithm", + "KeyDerivationFunction", + "KeyDerivationHashAlgorithm", + "DerivationData", + "WrappedKeyBlock" + ], + "members":{ + "PrivateKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.

    " + }, + "CertificateAuthorityPublicKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the CA that signed the PublicKeyCertificate for the client's receiving ECC key pair.

    " + }, + "PublicKeyCertificate":{ + "shape":"CertificateType", + "documentation":"

    The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.

    " + }, + "DeriveKeyAlgorithm":{ + "shape":"SymmetricKeyAlgorithm", + "documentation":"

    The key algorithm of the shared derived ECDH key.

    " + }, + "KeyDerivationFunction":{ + "shape":"KeyDerivationFunction", + "documentation":"

    The key derivation function to use when deriving a key using ECDH.

    " + }, + "KeyDerivationHashAlgorithm":{ + "shape":"KeyDerivationHashAlgorithm", + "documentation":"

    The hash type to use when deriving a key using ECDH.

    " + }, + "DerivationData":{ + "shape":"DiffieHellmanDerivationData", + "documentation":"

    The shared information used when deriving a key using ECDH.

    " + }, + "WrappedKeyBlock":{ + "shape":"Tr31WrappedKeyBlock", + "documentation":"

    The ECDH wrapped key block to import.

    " + } + }, + "documentation":"

    Key derivation parameter information for key material import using asymmetric ECDH key exchange method.

    " + }, "ImportKeyCryptogram":{ "type":"structure", "required":[ @@ -911,7 +1376,7 @@ }, "ImportToken":{ "shape":"ImportTokenId", - "documentation":"

    The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.

    " + "documentation":"

    The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.

    " }, "WrappingSpec":{ "shape":"WrappingKeySpec", @@ -939,7 +1404,8 @@ "Tags":{ "shape":"Tags", "documentation":"

    Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.

    Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.

    Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.

    " - } + }, + "ReplicationRegions":{"shape":"Regions"} } }, "ImportKeyMaterial":{ @@ -964,6 +1430,10 @@ "KeyCryptogram":{ "shape":"ImportKeyCryptogram", "documentation":"

    Parameter information for key material import using asymmetric RSA wrap and unwrap key exchange method.

    " + }, + "DiffieHellmanTr31KeyBlock":{ + "shape":"ImportDiffieHellmanTr31KeyBlock", + "documentation":"

    Key derivation parameter information for key material import using asymmetric ECDH key exchange method.

    " } }, "documentation":"

    Parameter information for key material import into Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.

    ", @@ -981,7 +1451,7 @@ }, "ImportTokenId":{ "type":"string", - "pattern":"import-token-[0-9a-zA-Z]{16,64}" + "pattern":"(import-token-[0-9a-zA-Z]{16,64})?" }, "ImportTr31KeyBlock":{ "type":"structure", @@ -1006,7 +1476,6 @@ "required":[ "CertificateAuthorityPublicKeyIdentifier", "SigningKeyCertificate", - "ImportToken", "WrappedKeyBlock", "KeyBlockFormat" ], @@ -1021,7 +1490,15 @@ }, "ImportToken":{ "shape":"ImportTokenId", - "documentation":"

    The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.

    " + "documentation":"

    The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.

    " + }, + "WrappingKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    Key Identifier used for unwrapping the import key

    " + }, + "WrappingKeyCertificate":{ + "shape":"CertificateType", + "documentation":"

    The certificate used to wrap the TR-34 key block.

    " }, "WrappedKeyBlock":{ "shape":"Tr34WrappedKeyBlock", @@ -1043,7 +1520,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The request processing has failed because of an unknown error, exception, or failure.

    ", + "documentation":"

    The request processing has failed because of an unknown error, exception, or failure.

    This indicates a server-side error within the Amazon Web Services Payment Cryptography service. If this error persists, contact support for assistance.

    ", "exception":true, "fault":true }, @@ -1112,6 +1589,23 @@ "DeleteTimestamp":{ "shape":"Timestamp", "documentation":"

    The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.

    " + }, + "DeriveKeyUsage":{ + "shape":"DeriveKeyUsage", + "documentation":"

    The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

    " + }, + "MultiRegionKeyType":{ + "shape":"MultiRegionKeyType", + "documentation":"

    Indicates whether this key is a Multi-Region key and its role in the Multi-Region key hierarchy.

    Multi-Region replication keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a Primary Region key (PRK) (which can be replicated to other Amazon Web Services Regions) or a Replica Region key (RRK) (which is a copy of a PRK in another Region). For more information, see Multi-Region key replication.

    " + }, + "PrimaryRegion":{"shape":"Region"}, + "ReplicationStatus":{ + "shape":"ReplicationStatus", + "documentation":"

    Information about the replication status of the key across different Amazon Web Services Regions.

    This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.

    " + }, + "UsingDefaultReplicationRegions":{ + "shape":"Boolean", + "documentation":"

    Indicates whether this key is using the account's default replication regions configuration for Multi-Region key replication.

    When set to true, the key automatically replicates to the regions specified in the account's default replication settings. When set to false, the key has a custom replication configuration that overrides the account defaults.

    " } }, "documentation":"

    Metadata about an Amazon Web Services Payment Cryptography key.

    " @@ -1124,11 +1618,16 @@ "AES_128", "AES_192", "AES_256", + "HMAC_SHA256", + "HMAC_SHA384", + "HMAC_SHA512", + "HMAC_SHA224", "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", - "ECC_NIST_P384" + "ECC_NIST_P384", + "ECC_NIST_P521" ] }, "KeyArn":{ @@ -1139,6 +1638,7 @@ }, "KeyArnOrKeyAliasType":{ "type":"string", + "documentation":"

    A key identifier that can be either a key ARN or an alias name. This allows flexible key identification in operations.

    When using a key ARN, it must be a fully qualified ARN in the format: arn:aws:payment-cryptography:region:account:key/key-id.

    When using an alias, it must begin with alias/ followed by the alias name.

    Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

    ", "max":322, "min":7, "pattern":"arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+" @@ -1200,7 +1700,9 @@ "type":"string", "enum":[ "CMAC", - "ANSI_X9_24" + "ANSI_X9_24", + "HMAC", + "SHA_1" ] }, "KeyClass":{ @@ -1212,6 +1714,21 @@ "PUBLIC_KEY" ] }, + "KeyDerivationFunction":{ + "type":"string", + "enum":[ + "NIST_SP800", + "ANSI_X963" + ] + }, + "KeyDerivationHashAlgorithm":{ + "type":"string", + "enum":[ + "SHA_256", + "SHA_384", + "SHA_512" + ] + }, "KeyExportability":{ "type":"string", "enum":[ @@ -1223,7 +1740,7 @@ "KeyMaterial":{ "type":"string", "max":16384, - "min":48, + "min":32, "sensitive":true }, "KeyMaterialType":{ @@ -1286,6 +1803,16 @@ "AWS_PAYMENT_CRYPTOGRAPHY" ] }, + "KeyReplicationState":{ + "type":"string", + "documentation":"

    Defines the replication state of a key

    ", + "enum":[ + "IN_PROGRESS", + "DELETE_IN_PROGRESS", + "FAILED", + "SYNCHRONIZED" + ] + }, "KeyState":{ "type":"string", "documentation":"

    Defines the state of a key

    ", @@ -1330,7 +1857,12 @@ "Enabled":{ "shape":"Boolean", "documentation":"

    Specifies whether the key is enabled.

    " - } + }, + "MultiRegionKeyType":{ + "shape":"MultiRegionKeyType", + "documentation":"

    Indicates whether this key is a Multi-Region key and its role in the Multi-Region key hierarchy.

    Multi-Region replication keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a Primary Region key (PRK) (which can be replicated to other Amazon Web Services Regions) or a Replica Region key (RRK) (which is a copy of a PRK in another Region). For more information, see Multi-Region key replication.

    " + }, + "PrimaryRegion":{"shape":"Region"} }, "documentation":"

    Metadata about an Amazon Web Services Payment Cryptography key.

    " }, @@ -1472,6 +2004,14 @@ "max":100, "min":1 }, + "MultiRegionKeyType":{ + "type":"string", + "documentation":"

    Defines the replication type of a key

    ", + "enum":[ + "PRIMARY", + "REPLICA" + ] + }, "NextToken":{ "type":"string", "max":8192, @@ -1488,7 +2028,7 @@ "type":"string", "max":108, "min":1, - "pattern":"[0-9A-Z]+", + "pattern":"[0-9a-zA-Z]+", "sensitive":true }, "OptionalBlocks":{ @@ -1497,6 +2037,65 @@ "value":{"shape":"OptionalBlockValue"} }, "PrimitiveBoolean":{"type":"boolean"}, + "Region":{ + "type":"string", + "documentation":"

    An Amazon Web Services Region identifier in the standard format (e.g., us-east-1, eu-west-1).

    Used to specify regions for key replication operations. The region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available.

    ", + "pattern":"[a-z]{2}-[a-z]{1,16}-[0-9]+" + }, + "Regions":{ + "type":"list", + "member":{"shape":"Region"}, + "documentation":"

    A list of Amazon Web Services Regions for key replication operations.

    Each region in the list must be a valid Amazon Web Services Region identifier where Amazon Web Services Payment Cryptography is available. This list is used to specify which regions should be added to or removed from a key's replication configuration.

    " + }, + "RemoveKeyReplicationRegionsInput":{ + "type":"structure", + "required":[ + "KeyIdentifier", + "ReplicationRegions" + ], + "members":{ + "KeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The key identifier (ARN or alias) of the key from which to remove replication regions.

    This key must exist and have replication enabled in the specified regions.

    " + }, + "ReplicationRegions":{ + "shape":"Regions", + "documentation":"

    The list of Amazon Web Services Regions to remove from the key's replication configuration.

    The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal.

    " + } + }, + "documentation":"

    Input parameters for removing replication regions from a specific key.

    " + }, + "RemoveKeyReplicationRegionsOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"Key", + "documentation":"

    The updated key metadata after removing the replication regions.

    This reflects the current state of the key and its updated replication configuration.

    " + } + }, + "documentation":"

    Output from removing replication regions from a key.

    " + }, + "ReplicationStatus":{ + "type":"map", + "key":{"shape":"Region"}, + "value":{"shape":"ReplicationStatusType"} + }, + "ReplicationStatusType":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"KeyReplicationState", + "documentation":"

    The current status of key replication in this Amazon Web Services Region.

    This field indicates whether the key replication is in progress, completed successfully, or has encountered an error. Possible values include states such as SYNCRHONIZED, IN_PROGRESS, DELETE_IN_PROGRESS, or FAILED. This provides visibility into the replication process for monitoring and troubleshooting purposes.

    " + }, + "StatusMessage":{ + "shape":"String", + "documentation":"

    A message that provides additional information about the current replication status of the key.

    This field contains details about any issues or progress updates related to key replication operations. It may include information about replication failures, synchronization status, or other operational details.

    " + } + }, + "documentation":"

    Represents the replication status information for a key in a replication region for Multi-Region key replication.

    This structure contains details about the current state of key replication, including any status messages and operational information about the replication process.

    " + }, "ResourceArn":{ "type":"string", "max":150, @@ -1508,10 +2107,10 @@ "members":{ "ResourceId":{ "shape":"String", - "documentation":"

    The string for the exception.

    " + "documentation":"

    The identifier of the resource that was not found.

    This field contains the specific resource identifier (such as a key ARN or alias name) that could not be located.

    " } }, - "documentation":"

    The request was denied due to an invalid resource error.

    ", + "documentation":"

    The request was denied due to resource not found.

    The specified key, alias, or other resource does not exist in your account or region. Verify that the resource identifier is correct and that the resource exists in the expected region.

    ", "exception":true }, "RestoreKeyInput":{ @@ -1557,7 +2156,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    This request would cause a service quota to be exceeded.

    ", + "documentation":"

    This request would cause a service quota to be exceeded.

    You have reached the maximum number of keys, aliases, or other resources allowed in your account. Review your current usage and consider deleting unused resources or requesting a quota increase.

    ", "exception":true }, "ServiceUnavailableException":{ @@ -1565,10 +2164,26 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The service cannot complete the request.

    ", + "documentation":"

    The service cannot complete the request.

    The Amazon Web Services Payment Cryptography service is temporarily unavailable. This is typically a temporary condition - retry your request after a brief delay.

    ", "exception":true, "fault":true }, + "SharedInformation":{ + "type":"string", + "max":2048, + "min":2, + "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+" + }, + "SigningAlgorithmType":{ + "type":"string", + "documentation":"

    Defines the Algorithm used to generate the certificate signing request

    ", + "enum":[ + "SHA224", + "SHA256", + "SHA384", + "SHA512" + ] + }, "StartKeyUsageInput":{ "type":"structure", "required":["KeyIdentifier"], @@ -1610,6 +2225,20 @@ } }, "String":{"type":"string"}, + "SymmetricKeyAlgorithm":{ + "type":"string", + "enum":[ + "TDES_2KEY", + "TDES_3KEY", + "AES_128", + "AES_192", + "AES_256", + "HMAC_SHA256", + "HMAC_SHA384", + "HMAC_SHA512", + "HMAC_SHA224" + ] + }, "Tag":{ "type":"structure", "required":[ @@ -1658,8 +2287,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1677,7 +2305,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The request was denied due to request throttling.

    ", + "documentation":"

    The request was denied due to request throttling.

    You have exceeded the rate limits for Amazon Web Services Payment Cryptography API calls. Implement exponential backoff and retry logic in your application to handle throttling gracefully.

    ", "exception":true }, "Timestamp":{"type":"timestamp"}, @@ -1685,7 +2313,7 @@ "type":"string", "max":9984, "min":56, - "pattern":"[0-9A-Z]+", + "pattern":"[0-9a-zA-Z]+", "sensitive":true }, "Tr34KeyBlockFormat":{ @@ -1741,8 +2369,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAliasInput":{ "type":"structure", @@ -1773,7 +2400,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

    The request was denied due to an invalid request error.

    ", + "documentation":"

    The request was denied due to an invalid request error.

    One or more parameters in your request are invalid. Check the parameter values, formats, and constraints specified in the API documentation.

    ", "exception":true }, "WrappedKey":{ diff -pruN 2.23.6-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json 2.31.35-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json --- 2.23.6-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/payment-cryptography-data/2022-02-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -83,7 +83,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.

    You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.

    You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.

    You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.

    You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and the key must have KeyModesOfUse set to Generate and Verify.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "GenerateMacEmvPinChange":{ "name":"GenerateMacEmvPinChange", @@ -139,6 +139,24 @@ ], "documentation":"

    Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys.

    You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey or import your own encryption key by calling ImportKey. The KeyArn for use with this operation must be in a compatible key state with KeyModesOfUse set to Encrypt.

    This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To re-encrypt using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see Using Dynamic Keys in the Amazon Web Services Payment Cryptography User Guide.

    For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. To encrypt using DUKPT, a DUKPT key must already exist within your account with KeyModesOfUse set to DeriveKey or a new DUKPT can be generated by calling CreateKey.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, + "TranslateKeyMaterial":{ + "name":"TranslateKeyMaterial", + "http":{ + "method":"POST", + "requestUri":"/keymaterial/translate", + "responseCode":200 + }, + "input":{"shape":"TranslateKeyMaterialInput"}, + "output":{"shape":"TranslateKeyMaterialOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Translates an encryption key between different wrapping keys without importing the key into Amazon Web Services Payment Cryptography.

    This operation can be used when key material is frequently rotated, such as during every card transaction, and there is a need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. It translates short-lived transaction keys such as Pin Encryption Key (PEK) generated for each transaction and wrapped with an ECDH (Elliptic Curve Diffie-Hellman) derived wrapping key to another KEK (Key Encryption Key) wrapping key.

    Before using this operation, you must first request the public key certificate of the ECC key pair generated within Amazon Web Services Payment Cryptography to establish an ECDH key agreement. In TranslateKeyData, the service uses its own ECC key pair, public certificate of receiving ECC key pair, and the key derivation parameters to generate a derived key. The service uses this derived key to unwrap the incoming transaction key received as a TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate an outgoing Tr31WrappedKeyBlock. For more information on establishing ECDH derived keys, see the Creating keys in the Amazon Web Services Payment Cryptography User Guide.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + }, "TranslatePinData":{ "name":"TranslatePinData", "http":{ @@ -155,7 +173,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide.

    PIN block translation involves changing a PIN block from one encryption key to another and optionally change its format. PIN block translation occurs entirely within the HSM boundary and PIN data never enters or leaves Amazon Web Services Payment Cryptography in clear text. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK.

    Amazon Web Services Payment Cryptography also supports use of dynamic keys and ECDH (Elliptic Curve Diffie-Hellman) based key exchange for this operation.

    Dynamic keys allow you to pass a PEK as a TR-31 WrappedKeyBlock. They can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To translate PIN block using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped PEK. The incoming wrapped key shall have a key purpose of P0 with a mode of use of B or D. For more information, see Using Dynamic Keys in the Amazon Web Services Payment Cryptography User Guide.

    Using ECDH key exchange, you can receive cardholder selectable PINs into Amazon Web Services Payment Cryptography. The ECDH derived key protects the incoming PIN block, which is translated to a PEK encrypted PIN block for use within the service. You can also use ECDH for reveal PIN, wherein the service translates the PIN block from PEK to a ECDH derived encryption key. For more information on establishing ECDH derived keys, see the Generating keys in the Amazon Web Services Payment Cryptography User Guide.

    The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " + "documentation":"

    Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide.

    PIN block translation involves changing a PIN block from one encryption key to another and optionally change its format. PIN block translation occurs entirely within the HSM boundary and PIN data never enters or leaves Amazon Web Services Payment Cryptography in clear text. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK.

    Amazon Web Services Payment Cryptography also supports use of dynamic keys and ECDH (Elliptic Curve Diffie-Hellman) based key exchange for this operation.

    Dynamic keys allow you to pass a PEK as a TR-31 WrappedKeyBlock. They can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To translate PIN block using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped PEK. The incoming wrapped key shall have a key purpose of P0 with a mode of use of B or D. For more information, see Using Dynamic Keys in the Amazon Web Services Payment Cryptography User Guide.

    Using ECDH key exchange, you can receive cardholder selectable PINs into Amazon Web Services Payment Cryptography. The ECDH derived key protects the incoming PIN block, which is translated to a PEK encrypted PIN block for use within the service. You can also use ECDH for reveal PIN, wherein the service translates the PIN block from PEK to a ECDH derived encryption key. For more information on establishing ECDH derived keys, see the Creating keys in the Amazon Web Services Payment Cryptography User Guide.

    The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.

    For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

    Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits.

    Cross-account use: This operation can't be used across different Amazon Web Services accounts.

    Related operations:

    " }, "VerifyAuthRequestCryptogram":{ "name":"VerifyAuthRequestCryptogram", @@ -475,12 +493,11 @@ "type":"string", "max":32768, "min":1, - "pattern":"[^\\[;\\]<>]+", - "sensitive":true + "pattern":"[^\\[;\\]<>]+" }, "CipherTextType":{ "type":"string", - "max":4096, + "max":4224, "min":2, "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+", "sensitive":true @@ -635,6 +652,17 @@ "documentation":"

    Parameters to derive the payment card specific confidentiality and integrity keys.

    ", "union":true }, + "DiffieHellmanDerivationData":{ + "type":"structure", + "members":{ + "SharedInformation":{ + "shape":"SharedInformation", + "documentation":"

    A string containing information that binds the ECDH derived key to the two parties involved or to the context of the key.

    It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes. It is not recommended to reuse shared information for multiple ECDH key derivations, as it could result in derived key material being the same across different derivations.

    " + } + }, + "documentation":"

    The shared information used when deriving a key using ECDH.

    ", + "union":true + }, "DiscoverDynamicCardVerificationCode":{ "type":"structure", "required":[ @@ -666,7 +694,7 @@ ], "members":{ "KeySerialNumber":{ - "shape":"HexLengthBetween10And24", + "shape":"HexLength16Or20Or24", "documentation":"

    The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

    " }, "DukptDerivationType":{ @@ -681,7 +709,7 @@ "required":["KeySerialNumber"], "members":{ "KeySerialNumber":{ - "shape":"HexLengthBetween10And24", + "shape":"HexLength16Or20Or24", "documentation":"

    The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

    " }, "DukptKeyDerivationType":{ @@ -710,7 +738,7 @@ "required":["KeySerialNumber"], "members":{ "KeySerialNumber":{ - "shape":"HexLengthBetween10And24", + "shape":"HexLength16Or20Or24", "documentation":"

    The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

    " }, "Mode":{ @@ -1243,7 +1271,6 @@ "GenerationKeyIdentifier", "EncryptionKeyIdentifier", "GenerationAttributes", - "PrimaryAccountNumber", "PinBlockFormat" ], "members":{ @@ -1269,7 +1296,7 @@ }, "PinBlockFormat":{ "shape":"PinBlockFormatForPinData", - "documentation":"

    The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3.

    The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.

    The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.

    " + "documentation":"

    The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0, ISO_Format_3 and ISO_Format_4.

    The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.

    The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.

    The ISO_Format_4 PIN block format is the only one supporting AES encryption. It is similar to ISO_Format_3 but doubles the pin block length by padding with fill digit A and random values from 10 to 15.

    " }, "EncryptionWrappedKey":{"shape":"WrappedKey"} } @@ -1318,11 +1345,11 @@ "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+", "sensitive":true }, - "HexLengthBetween10And24":{ + "HexLength16Or20Or24":{ "type":"string", "max":24, - "min":10, - "pattern":"[0-9a-fA-F]+" + "min":16, + "pattern":"(?:[0-9a-fA-F]{16}|[0-9a-fA-F]{20}|[0-9a-fA-F]{24})" }, "HexLengthBetween2And4":{ "type":"string", @@ -1484,6 +1511,62 @@ }, "documentation":"

    Parameters that are required to generate or verify Ibm3624 random PIN.

    " }, + "IncomingDiffieHellmanTr31KeyBlock":{ + "type":"structure", + "required":[ + "PrivateKeyIdentifier", + "CertificateAuthorityPublicKeyIdentifier", + "PublicKeyCertificate", + "DeriveKeyAlgorithm", + "KeyDerivationFunction", + "KeyDerivationHashAlgorithm", + "DerivationData", + "WrappedKeyBlock" + ], + "members":{ + "PrivateKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the asymmetric ECC key pair.

    " + }, + "CertificateAuthorityPublicKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyArn of the certificate that signed the client's PublicKeyCertificate.

    " + }, + "PublicKeyCertificate":{ + "shape":"CertificateType", + "documentation":"

    The client's public key certificate in PEM format (base64 encoded) to use for ECDH key derivation.

    " + }, + "DeriveKeyAlgorithm":{ + "shape":"SymmetricKeyAlgorithm", + "documentation":"

    The key algorithm of the derived ECDH key.

    " + }, + "KeyDerivationFunction":{ + "shape":"KeyDerivationFunction", + "documentation":"

    The key derivation function to use for deriving a key using ECDH.

    " + }, + "KeyDerivationHashAlgorithm":{ + "shape":"KeyDerivationHashAlgorithm", + "documentation":"

    The hash type to use for deriving a key using ECDH.

    " + }, + "DerivationData":{"shape":"DiffieHellmanDerivationData"}, + "WrappedKeyBlock":{ + "shape":"Tr31WrappedKeyBlock", + "documentation":"

    The WrappedKeyBlock containing the transaction key wrapped using an ECDH dervied key.

    " + } + }, + "documentation":"

    Parameter information of a TR31KeyBlock wrapped using an ECDH derived key.

    " + }, + "IncomingKeyMaterial":{ + "type":"structure", + "members":{ + "DiffieHellmanTr31KeyBlock":{ + "shape":"IncomingDiffieHellmanTr31KeyBlock", + "documentation":"

    Parameter information of the TR31WrappedKeyBlock containing the transaction key wrapped using an ECDH dervied key.

    " + } + }, + "documentation":"

    Parameter information of the incoming WrappedKeyBlock containing the transaction key.

    ", + "union":true + }, "InitializationVectorType":{ "type":"string", "max":32, @@ -1547,7 +1630,9 @@ "type":"string", "enum":[ "CMAC", - "ANSI_X9_24" + "ANSI_X9_24", + "HMAC", + "SHA_1" ] }, "KeyDerivationFunction":{ @@ -1565,12 +1650,19 @@ "SHA_512" ] }, + "KeyMaterial":{ + "type":"string", + "max":16384, + "min":48, + "sensitive":true + }, "MacAlgorithm":{ "type":"string", "enum":[ "ISO9797_ALGORITHM1", "ISO9797_ALGORITHM3", "CMAC", + "HMAC", "HMAC_SHA224", "HMAC_SHA256", "HMAC_SHA384", @@ -1585,7 +1677,7 @@ ], "members":{ "KeySerialNumber":{ - "shape":"HexLengthBetween10And24", + "shape":"HexLength16Or20Or24", "documentation":"

    The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

    " }, "DukptKeyVariant":{ @@ -1710,7 +1802,7 @@ }, "MessageDataType":{ "type":"string", - "max":4096, + "max":8192, "min":2, "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+", "sensitive":true @@ -1721,6 +1813,28 @@ "min":2, "pattern":"[0-9]+" }, + "OutgoingKeyMaterial":{ + "type":"structure", + "members":{ + "Tr31KeyBlock":{ + "shape":"OutgoingTr31KeyBlock", + "documentation":"

    Parameter information of the TR31WrappedKeyBlock containing the transaction key wrapped using a KEK.

    " + } + }, + "documentation":"

    Parameter information of the outgoing TR31WrappedKeyBlock containing the transaction key.

    ", + "union":true + }, + "OutgoingTr31KeyBlock":{ + "type":"structure", + "required":["WrappingKeyIdentifier"], + "members":{ + "WrappingKeyIdentifier":{ + "shape":"KeyArnOrKeyAliasType", + "documentation":"

    The keyARN of the KEK used to wrap the transaction key.

    " + } + }, + "documentation":"

    Parameter information of the TR31WrappedKeyBlock containing the transaction key wrapped using a KEK.

    " + }, "PaddingType":{ "type":"string", "enum":[ @@ -1742,6 +1856,7 @@ "type":"string", "enum":[ "ISO_FORMAT_0", + "ISO_FORMAT_1", "ISO_FORMAT_3", "ISO_FORMAT_4" ] @@ -1851,14 +1966,14 @@ }, "PlainTextOutputType":{ "type":"string", - "max":4096, + "max":4224, "min":2, "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+", "sensitive":true }, "PlainTextType":{ "type":"string", - "max":4064, + "max":4096, "min":2, "pattern":"(?:[0-9a-fA-F][0-9a-fA-F])+", "sensitive":true @@ -2177,7 +2292,11 @@ "TDES_3KEY", "AES_128", "AES_192", - "AES_256" + "AES_256", + "HMAC_SHA256", + "HMAC_SHA384", + "HMAC_SHA512", + "HMAC_SHA224" ] }, "ThrottlingException":{ @@ -2196,7 +2315,7 @@ "type":"string", "max":9984, "min":56, - "pattern":"[0-9A-Z]+", + "pattern":"[0-9a-zA-Z]+", "sensitive":true }, "TrackDataType":{ @@ -2213,6 +2332,37 @@ "pattern":"[0-9a-fA-F]+", "sensitive":true }, + "TranslateKeyMaterialInput":{ + "type":"structure", + "required":[ + "IncomingKeyMaterial", + "OutgoingKeyMaterial" + ], + "members":{ + "IncomingKeyMaterial":{ + "shape":"IncomingKeyMaterial", + "documentation":"

    Parameter information of the TR31WrappedKeyBlock containing the transaction key.

    " + }, + "OutgoingKeyMaterial":{ + "shape":"OutgoingKeyMaterial", + "documentation":"

    Parameter information of the wrapping key used to wrap the transaction key in the outgoing TR31WrappedKeyBlock.

    " + }, + "KeyCheckValueAlgorithm":{ + "shape":"KeyCheckValueAlgorithm", + "documentation":"

    The key check value (KCV) algorithm used for calculating the KCV.

    " + } + } + }, + "TranslateKeyMaterialOutput":{ + "type":"structure", + "required":["WrappedKey"], + "members":{ + "WrappedKey":{ + "shape":"WrappedWorkingKey", + "documentation":"

    The outgoing KEK wrapped TR31WrappedKeyBlock.

    " + } + } + }, "TranslatePinDataInput":{ "type":"structure", "required":[ @@ -2319,8 +2469,7 @@ }, "TranslationPinDataIsoFormat1":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Parameters that are required for ISO9564 PIN format 1 tranlation.

    " }, "ValidationDataType":{ @@ -2557,7 +2706,6 @@ "EncryptionKeyIdentifier", "VerificationAttributes", "EncryptedPinBlock", - "PrimaryAccountNumber", "PinBlockFormat" ], "members":{ @@ -2762,6 +2910,37 @@ }, "documentation":"

    Parameter information of a WrappedKeyBlock for encryption key exchange.

    ", "union":true + }, + "WrappedKeyMaterialFormat":{ + "type":"string", + "enum":[ + "KEY_CRYPTOGRAM", + "TR31_KEY_BLOCK", + "TR34_KEY_BLOCK" + ] + }, + "WrappedWorkingKey":{ + "type":"structure", + "required":[ + "WrappedKeyMaterial", + "KeyCheckValue", + "WrappedKeyMaterialFormat" + ], + "members":{ + "WrappedKeyMaterial":{ + "shape":"KeyMaterial", + "documentation":"

    The wrapped key block of the outgoing transaction key.

    " + }, + "KeyCheckValue":{ + "shape":"KeyCheckValue", + "documentation":"

    The key check value (KCV) of the key contained within the outgoing TR31WrappedKeyBlock.

    The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. For more information on KCV, see KCV in the Amazon Web Services Payment Cryptography User Guide.

    " + }, + "WrappedKeyMaterialFormat":{ + "shape":"WrappedKeyMaterialFormat", + "documentation":"

    The key block format of the wrapped key.

    " + } + }, + "documentation":"

    The parameter information of the outgoing wrapped key block.

    " } }, "documentation":"

    You use the Amazon Web Services Payment Cryptography Data Plane to manage how encryption keys are used for payment-related transaction processing and associated cryptographic operations. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations in Amazon Web Services Payment Cryptography. For more information, see Data operations in the Amazon Web Services Payment Cryptography User Guide.

    To manage your encryption keys, you use the Amazon Web Services Payment Cryptography Control Plane. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys.

    " diff -pruN 2.23.6-1/awscli/botocore/data/pca-connector-ad/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pca-connector-ad/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pca-connector-ad/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pca-connector-ad/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/pca-connector-ad/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/pca-connector-ad/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/pca-connector-ad/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pca-connector-ad/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"pca-connector-ad", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"PcaConnectorAd", "serviceId":"Pca Connector Ad", "signatureVersion":"v4", "signingName":"pca-connector-ad", - "uid":"pca-connector-ad-2018-05-10" + "uid":"pca-connector-ad-2018-05-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateConnector":{ @@ -830,8 +832,11 @@ "ConnectorStatusReason":{ "type":"string", "enum":[ + "CA_CERTIFICATE_REGISTRATION_FAILED", "DIRECTORY_ACCESS_DENIED", "INTERNAL_FAILURE", + "INSUFFICIENT_FREE_ADDRESSES", + "INVALID_SUBNET_IP_PROTOCOL", "PRIVATECA_ACCESS_DENIED", "PRIVATECA_RESOURCE_NOT_FOUND", "SECURITY_GROUP_NOT_IN_VPC", @@ -909,7 +914,7 @@ }, "VpcInformation":{ "shape":"VpcInformation", - "documentation":"

    Security group IDs that describe the inbound and outbound rules.

    " + "documentation":"

    Information about your VPC and security groups used with the connector.

    " } } }, @@ -1563,6 +1568,13 @@ "fault":true, "retryable":{"throttling":false} }, + "IpAddressType":{ + "type":"string", + "enum":[ + "IPV4", + "DUALSTACK" + ] + }, "KeySpec":{ "type":"string", "enum":[ @@ -2120,6 +2132,7 @@ "DIRECTORY_NOT_REACHABLE", "DIRECTORY_RESOURCE_NOT_FOUND", "SPN_EXISTS_ON_DIFFERENT_AD_OBJECT", + "SPN_LIMIT_EXCEEDED", "INTERNAL_FAILURE" ] }, @@ -2777,6 +2790,7 @@ "type":"string", "enum":[ "FIELD_VALIDATION_FAILED", + "INVALID_CA_SUBJECT", "INVALID_PERMISSION", "INVALID_STATE", "MISMATCHED_CONNECTOR", @@ -2824,6 +2838,10 @@ "type":"structure", "required":["SecurityGroupIds"], "members":{ + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

    The VPC IP address type.

    " + }, "SecurityGroupIds":{ "shape":"SecurityGroupIdList", "documentation":"

    The security groups used with the connector. You can use a maximum of 4 security groups with a connector.

    " diff -pruN 2.23.6-1/awscli/botocore/data/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pcs/2023-02-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pcs/2023-02-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pcs/2023-02-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pcs/2023-02-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pcs/2023-02-10/service-2.json 2.31.35-1/awscli/botocore/data/pcs/2023-02-10/service-2.json --- 2.23.6-1/awscli/botocore/data/pcs/2023-02-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pcs/2023-02-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -31,7 +31,7 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Creates a cluster in your account. Amazon Web Services PCS creates the cluster controller in a service-owned account. The cluster controller communicates with the cluster resources in your account. The subnets and security groups for the cluster must already exist before you use this API action.

    It takes time for Amazon Web Services PCS to create the cluster. The cluster is in a Creating state until it is ready to use. There can only be 1 cluster in a Creating state per Amazon Web Services Region per Amazon Web Services account. CreateCluster fails with a ServiceQuotaExceededException if there is already a cluster in a Creating state.

    ", + "documentation":"

    Creates a cluster in your account. PCS creates the cluster controller in a service-owned account. The cluster controller communicates with the cluster resources in your account. The subnets and security groups for the cluster must already exist before you use this API action.

    It takes time for PCS to create the cluster. The cluster is in a Creating state until it is ready to use. There can only be 1 cluster in a Creating state per Amazon Web Services Region per Amazon Web Services account. CreateCluster fails with a ServiceQuotaExceededException if there is already a cluster in a Creating state.

    ", "idempotent":true }, "CreateComputeNodeGroup":{ @@ -51,7 +51,7 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Creates a managed set of compute nodes. You associate a compute node group with a cluster through 1 or more Amazon Web Services PCS queues or as part of the login fleet. A compute node group includes the definition of the compute properties and lifecycle management. Amazon Web Services PCS uses the information you provide to this API action to launch compute nodes in your account. You can only specify subnets in the same Amazon VPC as your cluster. You receive billing charges for the compute nodes that Amazon Web Services PCS launches in your account. You must already have a launch template before you call this API. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

    ", + "documentation":"

    Creates a managed set of compute nodes. You associate a compute node group with a cluster through 1 or more PCS queues or as part of the login fleet. A compute node group includes the definition of the compute properties and lifecycle management. PCS uses the information you provide to this API action to launch compute nodes in your account. You can only specify subnets in the same Amazon VPC as your cluster. You receive billing charges for the compute nodes that PCS launches in your account. You must already have a launch template before you call this API. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

    ", "idempotent":true }, "CreateQueue":{ @@ -128,7 +128,7 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Deletes a job queue. If the compute node group associated with this queue isn't associated with any other queues, Amazon Web Services PCS terminates all the compute nodes for this queue.

    ", + "documentation":"

    Deletes a job queue. If the compute node group associated with this queue isn't associated with any other queues, PCS terminates all the compute nodes for this queue.

    ", "idempotent":true }, "GetCluster":{ @@ -147,7 +147,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns detailed information about a running cluster in your account. This API action provides networking information, endpoint information for communication with the scheduler, and provisioning status.

    " + "documentation":"

    Returns detailed information about a running cluster in your account. This API action provides networking information, endpoint information for communication with the scheduler, and provisioning status.

    ", + "readonly":true }, "GetComputeNodeGroup":{ "name":"GetComputeNodeGroup", @@ -165,7 +166,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns detailed information about a compute node group. This API action provides networking information, EC2 instance type, compute node group status, and scheduler (such as Slurm) configuration.

    " + "documentation":"

    Returns detailed information about a compute node group. This API action provides networking information, EC2 instance type, compute node group status, and scheduler (such as Slurm) configuration.

    ", + "readonly":true }, "GetQueue":{ "name":"GetQueue", @@ -183,7 +185,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns detailed information about a queue. The information includes the compute node groups that the queue uses to schedule jobs.

    " + "documentation":"

    Returns detailed information about a queue. The information includes the compute node groups that the queue uses to schedule jobs.

    ", + "readonly":true }, "ListClusters":{ "name":"ListClusters", @@ -201,7 +204,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns a list of running clusters in your account.

    " + "documentation":"

    Returns a list of running clusters in your account.

    ", + "readonly":true }, "ListComputeNodeGroups":{ "name":"ListComputeNodeGroups", @@ -219,7 +223,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns a list of all compute node groups associated with a cluster.

    " + "documentation":"

    Returns a list of all compute node groups associated with a cluster.

    ", + "readonly":true }, "ListQueues":{ "name":"ListQueues", @@ -237,7 +242,8 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns a list of all queues associated with a cluster.

    " + "documentation":"

    Returns a list of all queues associated with a cluster.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -250,7 +256,8 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of all tags on an Amazon Web Services PCS resource.

    " + "documentation":"

    Returns a list of all tags on an PCS resource.

    ", + "readonly":true }, "RegisterComputeNodeGroupInstance":{ "name":"RegisterComputeNodeGroupInstance", @@ -264,7 +271,7 @@ {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    This API action isn't intended for you to use.

    Amazon Web Services PCS uses this API action to register the compute nodes it launches in your account.

    " + "documentation":"

    This API action isn't intended for you to use.

    PCS uses this API action to register the compute nodes it launches in your account.

    " }, "TagResource":{ "name":"TagResource", @@ -274,9 +281,10 @@ }, "input":{"shape":"TagResourceRequest"}, "errors":[ + {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Adds or edits tags on an Amazon Web Services PCS resource. Each tag consists of a tag key and a tag value. The tag key and tag value are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.

    ", + "documentation":"

    Adds or edits tags on an PCS resource. Each tag consists of a tag key and a tag value. The tag key and tag value are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value.

    ", "idempotent":true }, "UntagResource":{ @@ -289,7 +297,26 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Deletes tags from an Amazon Web Services PCS resource. To delete a tag, specify the tag key and the Amazon Resource Name (ARN) of the Amazon Web Services PCS resource.

    ", + "documentation":"

    Deletes tags from an PCS resource. To delete a tag, specify the tag key and the Amazon Resource Name (ARN) of the PCS resource.

    ", + "idempotent":true + }, + "UpdateCluster":{ + "name":"UpdateCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateClusterRequest"}, + "output":{"shape":"UpdateClusterResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Updates a cluster configuration. You can modify Slurm scheduler settings, accounting configuration, and security groups for an existing cluster.

    You can only update clusters that are in ACTIVE, UPDATE_FAILED, or SUSPENDED state. All associated resources (queues and compute node groups) must be in ACTIVE state before you can update the cluster.

    ", "idempotent":true }, "UpdateComputeNodeGroup":{ @@ -343,6 +370,55 @@ "documentation":"

    You don't have permission to perform the action.

    Examples

    • The launch template instance profile doesn't pass iam:PassRole verification.

    • There is a mismatch between the account ID and cluster ID.

    • The cluster ID doesn't exist.

    • The EC2 instance isn't present.

    ", "exception":true }, + "Accounting":{ + "type":"structure", + "required":["mode"], + "members":{ + "defaultPurgeTimeInDays":{ + "shape":"AccountingDefaultPurgeTimeInDaysInteger", + "documentation":"

    The default value for all purge settings for slurmdbd.conf. For more information, see the slurmdbd.conf documentation at SchedMD.

    The default value for defaultPurgeTimeInDays is -1.

    A value of -1 means there is no purge time and records persist as long as the cluster exists.

    0 isn't a valid value.

    " + }, + "mode":{ + "shape":"AccountingMode", + "documentation":"

    The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

    " + } + }, + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting. It's a property of the ClusterSlurmConfiguration object.

    " + }, + "AccountingDefaultPurgeTimeInDaysInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":-1 + }, + "AccountingMode":{ + "type":"string", + "enum":[ + "STANDARD", + "NONE" + ] + }, + "AccountingRequest":{ + "type":"structure", + "required":["mode"], + "members":{ + "defaultPurgeTimeInDays":{ + "shape":"AccountingRequestDefaultPurgeTimeInDaysInteger", + "documentation":"

    The default value for all purge settings for slurmdbd.conf. For more information, see the slurmdbd.conf documentation at SchedMD.

    The default value for defaultPurgeTimeInDays is -1.

    A value of -1 means there is no purge time and records persist as long as the cluster exists.

    0 isn't a valid value.

    " + }, + "mode":{ + "shape":"AccountingMode", + "documentation":"

    The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

    " + } + }, + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting. It's a property of the ClusterSlurmConfiguration object.

    " + }, + "AccountingRequestDefaultPurgeTimeInDaysInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":-1 + }, "AmiId":{ "type":"string", "pattern":"ami-[a-z0-9]+" @@ -351,7 +427,7 @@ "type":"string", "max":1011, "min":1, - "pattern":"arn:aws*:pcs:.*:[0-9]{12}:.*/[a-z0-9_\\-]+" + "pattern":"arn:aws.*:pcs:.*:[0-9]{12}:.*/[a-z0-9_\\-]+" }, "BootstrapId":{ "type":"string", @@ -387,7 +463,7 @@ }, "status":{ "shape":"ClusterStatus", - "documentation":"

    The provisioning status of the cluster.

    The provisioning status doesn't indicate the overall health of the cluster.

    " + "documentation":"

    The provisioning status of the cluster.

    The provisioning status doesn't indicate the overall health of the cluster.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " }, "createdAt":{ "shape":"SyntheticTimestamp_date_time", @@ -420,7 +496,7 @@ }, "ClusterIdentifier":{ "type":"string", - "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,40})" + "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{2,40})" }, "ClusterList":{ "type":"list", @@ -429,8 +505,8 @@ "ClusterName":{ "type":"string", "max":40, - "min":1, - "pattern":"(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+" + "min":3, + "pattern":"(?!pcs_)^[A-Za-z][A-Za-z0-9-]+" }, "ClusterSlurmConfiguration":{ "type":"structure", @@ -446,6 +522,10 @@ "authKey":{ "shape":"SlurmAuthKey", "documentation":"

    The shared Slurm key for authentication, also known as the cluster secret.

    " + }, + "accounting":{ + "shape":"Accounting", + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting.

    " } }, "documentation":"

    Additional options related to the Slurm scheduler.

    " @@ -460,6 +540,10 @@ "slurmCustomSettings":{ "shape":"SlurmCustomSettings", "documentation":"

    Additional Slurm-specific configuration that directly maps to Slurm settings.

    " + }, + "accounting":{ + "shape":"AccountingRequest", + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting.

    " } }, "documentation":"

    Additional options related to the Slurm scheduler.

    " @@ -483,7 +567,9 @@ "DELETING", "CREATE_FAILED", "DELETE_FAILED", - "UPDATE_FAILED" + "UPDATE_FAILED", + "SUSPENDING", + "SUSPENDED" ] }, "ClusterSummary":{ @@ -519,7 +605,7 @@ }, "status":{ "shape":"ClusterStatus", - "documentation":"

    The provisioning status of the cluster.

    The provisioning status doesn't indicate the overall health of the cluster.

    " + "documentation":"

    The provisioning status of the cluster.

    The provisioning status doesn't indicate the overall health of the cluster.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " } }, "documentation":"

    The object returned by the ListClusters API action.

    " @@ -567,11 +653,11 @@ }, "status":{ "shape":"ComputeNodeGroupStatus", - "documentation":"

    The provisioning status of the compute node group.

    The provisioning status doesn't indicate the overall health of the compute node group.

    " + "documentation":"

    The provisioning status of the compute node group.

    The provisioning status doesn't indicate the overall health of the compute node group.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " }, "amiId":{ "shape":"AmiId", - "documentation":"

    The ID of the Amazon Machine Image (AMI) that Amazon Web Services PCS uses to launch instances. If not provided, Amazon Web Services PCS uses the AMI ID specified in the custom launch template.

    " + "documentation":"

    The ID of the Amazon Machine Image (AMI) that PCS uses to launch instances. If not provided, PCS uses the AMI ID specified in the custom launch template.

    " }, "subnetIds":{ "shape":"SubnetIdList", @@ -579,17 +665,17 @@ }, "purchaseOption":{ "shape":"PurchaseOption", - "documentation":"

    Specifies how EC2 instances are purchased on your behalf. Amazon Web Services PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand.

    " + "documentation":"

    Specifies how EC2 instances are purchased on your behalf. PCS supports On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For more information, see Amazon EC2 billing and purchasing options in the Amazon Elastic Compute Cloud User Guide. For more information about PCS support for Capacity Blocks, see Using Amazon EC2 Capacity Blocks for ML with PCS in the PCS User Guide. If you don't provide this option, it defaults to On-Demand.

    " }, "customLaunchTemplate":{"shape":"CustomLaunchTemplate"}, "iamInstanceProfileArn":{ "shape":"InstanceProfileArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission. The resource identifier of the ARN must start with AWSPCS or it must have /aws-pcs/ in its path.

    Examples

    • arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1

    • arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission and the role name must start with AWSPCS or must have the path /aws-pcs/. For more information, see IAM instance profiles for PCS in the PCS User Guide.

    " }, "scalingConfiguration":{"shape":"ScalingConfiguration"}, "instanceConfigs":{ "shape":"InstanceList", - "documentation":"

    A list of EC2 instance configurations that Amazon Web Services PCS can provision in the compute node group.

    " + "documentation":"

    A list of EC2 instance configurations that PCS can provision in the compute node group.

    " }, "spotOptions":{"shape":"SpotOptions"}, "slurmConfiguration":{"shape":"ComputeNodeGroupSlurmConfiguration"}, @@ -616,7 +702,7 @@ }, "ComputeNodeGroupIdentifier":{ "type":"string", - "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,25})" + "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{2,25})" }, "ComputeNodeGroupList":{ "type":"list", @@ -625,8 +711,8 @@ "ComputeNodeGroupName":{ "type":"string", "max":25, - "min":1, - "pattern":"(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+" + "min":3, + "pattern":"(?!pcs_)^[A-Za-z][A-Za-z0-9-]+" }, "ComputeNodeGroupSlurmConfiguration":{ "type":"structure", @@ -658,7 +744,9 @@ "CREATE_FAILED", "DELETE_FAILED", "UPDATE_FAILED", - "DELETED" + "DELETED", + "SUSPENDING", + "SUSPENDED" ] }, "ComputeNodeGroupSummary":{ @@ -699,7 +787,7 @@ }, "status":{ "shape":"ComputeNodeGroupStatus", - "documentation":"

    The provisioning status of the compute node group.

    The provisioning status doesn't indicate the overall health of the compute node group.

    " + "documentation":"

    The provisioning status of the compute node group.

    The provisioning status doesn't indicate the overall health of the compute node group.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " } }, "documentation":"

    The object returned by the ListComputeNodeGroups API action.

    " @@ -796,7 +884,7 @@ }, "amiId":{ "shape":"AmiId", - "documentation":"

    The ID of the Amazon Machine Image (AMI) that Amazon Web Services PCS uses to launch compute nodes (Amazon EC2 instances). If you don't provide this value, Amazon Web Services PCS uses the AMI ID specified in the custom launch template.

    " + "documentation":"

    The ID of the Amazon Machine Image (AMI) that PCS uses to launch compute nodes (Amazon EC2 instances). If you don't provide this value, PCS uses the AMI ID specified in the custom launch template.

    " }, "subnetIds":{ "shape":"StringList", @@ -804,12 +892,12 @@ }, "purchaseOption":{ "shape":"PurchaseOption", - "documentation":"

    Specifies how EC2 instances are purchased on your behalf. Amazon Web Services PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand.

    " + "documentation":"

    Specifies how EC2 instances are purchased on your behalf. PCS supports On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For more information, see Amazon EC2 billing and purchasing options in the Amazon Elastic Compute Cloud User Guide. For more information about PCS support for Capacity Blocks, see Using Amazon EC2 Capacity Blocks for ML with PCS in the PCS User Guide. If you don't provide this option, it defaults to On-Demand.

    " }, "customLaunchTemplate":{"shape":"CustomLaunchTemplate"}, "iamInstanceProfileArn":{ "shape":"InstanceProfileArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission. The resource identifier of the ARN must start with AWSPCS or it must have /aws-pcs/ in its path.

    Examples

    • arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1

    • arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission and the role name must start with AWSPCS or must have the path /aws-pcs/. For more information, see IAM instance profiles for PCS in the PCS User Guide.

    " }, "scalingConfiguration":{ "shape":"ScalingConfigurationRequest", @@ -817,7 +905,7 @@ }, "instanceConfigs":{ "shape":"InstanceList", - "documentation":"

    A list of EC2 instance configurations that Amazon Web Services PCS can provision in the compute node group.

    " + "documentation":"

    A list of EC2 instance configurations that PCS can provision in the compute node group.

    " }, "spotOptions":{"shape":"SpotOptions"}, "slurmConfiguration":{ @@ -860,6 +948,10 @@ "shape":"ComputeNodeGroupConfigurationList", "documentation":"

    The list of compute node group configurations to associate with the queue. Queues assign jobs to associated compute node groups.

    " }, + "slurmConfiguration":{ + "shape":"QueueSlurmConfigurationRequest", + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, "clientToken":{ "shape":"SBClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you don't specify a client token, the CLI and SDK automatically generate 1 for you.

    ", @@ -893,7 +985,7 @@ "documentation":"

    The version of the EC2 launch template to use to provision instances.

    " } }, - "documentation":"

    An Amazon EC2 launch template Amazon Web Services PCS uses to launch compute nodes.

    " + "documentation":"

    An Amazon EC2 launch template PCS uses to launch compute nodes.

    " }, "DeleteClusterRequest":{ "type":"structure", @@ -912,8 +1004,7 @@ }, "DeleteClusterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteComputeNodeGroupRequest":{ "type":"structure", @@ -939,8 +1030,7 @@ }, "DeleteComputeNodeGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteQueueRequest":{ "type":"structure", @@ -966,8 +1056,7 @@ }, "DeleteQueueResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Endpoint":{ "type":"structure", @@ -983,11 +1072,15 @@ }, "privateIpAddress":{ "shape":"String", - "documentation":"

    The endpoint's private IP address.

    Example: 2.2.2.2

    " + "documentation":"

    For clusters that use IPv4, this is the endpoint's private IP address.

    Example: 10.1.2.3

    For clusters configured to use IPv6, this is an empty string.

    " }, "publicIpAddress":{ "shape":"String", - "documentation":"

    The endpoint's public IP address.

    Example: 1.1.1.1

    " + "documentation":"

    The endpoint's public IP address.

    Example: 192.0.2.1

    " + }, + "ipv6Address":{ + "shape":"String", + "documentation":"

    The endpoint's IPv6 address.

    Example: 2001:db8::1

    " }, "port":{ "shape":"String", @@ -1031,7 +1124,7 @@ "members":{ "clusterIdentifier":{ "shape":"ClusterIdentifier", - "documentation":"

    The name or ID of the cluster of the queue.

    " + "documentation":"

    The name or ID of the cluster.

    " } } }, @@ -1095,10 +1188,10 @@ "members":{ "instanceType":{ "shape":"String", - "documentation":"

    The EC2 instance type that Amazon Web Services PCS can provision in the compute node group.

    Example: t2.xlarge

    " + "documentation":"

    The EC2 instance type that PCS can provision in the compute node group.

    Example: t2.xlarge

    " } }, - "documentation":"

    An EC2 instance configuration Amazon Web Services PCS uses to launch compute nodes.

    " + "documentation":"

    An EC2 instance configuration PCS uses to launch compute nodes.

    " }, "InstanceList":{ "type":"list", @@ -1106,7 +1199,7 @@ }, "InstanceProfileArn":{ "type":"string", - "pattern":"arn:aws([a-zA-Z-]{0,10})?:iam::[0-9]{12}:instance-profile/.{1,128}" + "pattern":"arn:aws([a-zA-Z-]{0,10})?:iam::[0-9]{12}:instance-profile/([!-~]{1,510}/)?([\\w+=,.@-]{1,128})" }, "Integer":{ "type":"integer", @@ -1118,7 +1211,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

    Amazon Web Services PCS can't process your request right now. Try again later.

    ", + "documentation":"

    PCS can't process your request right now. Try again later.

    ", "exception":true, "fault":true, "retryable":{"throttling":false} @@ -1239,16 +1332,27 @@ "max":100, "min":1 }, + "NetworkType":{ + "type":"string", + "enum":[ + "IPV4", + "IPV6" + ] + }, "Networking":{ "type":"structure", "members":{ "subnetIds":{ "shape":"SubnetIdList", - "documentation":"

    The ID of the subnet where Amazon Web Services PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and Amazon Web Services PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone.

    Example: subnet-abcd1234

    " + "documentation":"

    The ID of the subnet where PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and PCS resources. The subnet must have an available IP address, cannot reside in Outposts, Wavelength, or an Amazon Web Services Local Zone.

    Example: subnet-abcd1234

    " }, "securityGroupIds":{ "shape":"SecurityGroupIdList", - "documentation":"

    The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.

    The following rules are required:

    • Inbound rule 1

      • Protocol: All

      • Ports: All

      • Source: Self

    • Outbound rule 1

      • Protocol: All

      • Ports: All

      • Destination: 0.0.0.0/0 (IPv4)

    • Outbound rule 2

      • Protocol: All

      • Ports: All

      • Destination: Self

    " + "documentation":"

    The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.

    The following rules are required:

    • Inbound rule 1

      • Protocol: All

      • Ports: All

      • Source: Self

    • Outbound rule 1

      • Protocol: All

      • Ports: All

      • Destination: 0.0.0.0/0 (IPv4) or ::/0 (IPv6)

    • Outbound rule 2

      • Protocol: All

      • Ports: All

      • Destination: Self

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    The IP address version the cluster uses. The default is IPV4.

    " } }, "documentation":"

    The networking configuration for the cluster's control plane.

    " @@ -1258,11 +1362,15 @@ "members":{ "subnetIds":{ "shape":"SubnetIdList", - "documentation":"

    The list of subnet IDs where Amazon Web Services PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and Amazon Web Services PCS resources. Subnet IDs have the form subnet-0123456789abcdef0.

    Subnets can't be in Outposts, Wavelength or an Amazon Web Services Local Zone.

    Amazon Web Services PCS currently supports only 1 subnet in this list.

    " + "documentation":"

    The list of subnet IDs where PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and PCS resources. Subnet IDs have the form subnet-0123456789abcdef0.

    Subnets can't be in Outposts, Wavelength or an Amazon Web Services Local Zone.

    PCS currently supports only 1 subnet in this list.

    " }, "securityGroupIds":{ "shape":"SecurityGroupIdList", "documentation":"

    A list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    The IP address version the cluster uses. The default is IPV4.

    " } }, "documentation":"

    The networking configuration for the cluster's control plane.

    " @@ -1271,7 +1379,8 @@ "type":"string", "enum":[ "ONDEMAND", - "SPOT" + "SPOT", + "CAPACITY_BLOCK" ] }, "Queue":{ @@ -1313,12 +1422,16 @@ }, "status":{ "shape":"QueueStatus", - "documentation":"

    The provisioning status of the queue.

    The provisioning status doesn't indicate the overall health of the queue.

    " + "documentation":"

    The provisioning status of the queue.

    The provisioning status doesn't indicate the overall health of the queue.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " }, "computeNodeGroupConfigurations":{ "shape":"ComputeNodeGroupConfigurationList", "documentation":"

    The list of compute node group configurations associated with the queue. Queues assign jobs to associated compute node groups.

    " }, + "slurmConfiguration":{ + "shape":"QueueSlurmConfiguration", + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, "errorInfo":{ "shape":"ErrorInfoList", "documentation":"

    The list of errors that occurred during queue provisioning.

    " @@ -1328,7 +1441,7 @@ }, "QueueIdentifier":{ "type":"string", - "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{1,25})" + "pattern":"(pcs_[a-zA-Z0-9]+|[A-Za-z][A-Za-z0-9-]{2,25})" }, "QueueList":{ "type":"list", @@ -1337,8 +1450,28 @@ "QueueName":{ "type":"string", "max":25, - "min":1, - "pattern":"(?!pcs_)^(?![A-Za-z0-9]{10}$)[A-Za-z][A-Za-z0-9-]+" + "min":3, + "pattern":"(?!pcs_)^[A-Za-z][A-Za-z0-9-]+" + }, + "QueueSlurmConfiguration":{ + "type":"structure", + "members":{ + "slurmCustomSettings":{ + "shape":"SlurmCustomSettings", + "documentation":"

    Additional Slurm-specific configuration that directly maps to Slurm settings.

    " + } + }, + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, + "QueueSlurmConfigurationRequest":{ + "type":"structure", + "members":{ + "slurmCustomSettings":{ + "shape":"SlurmCustomSettings", + "documentation":"

    Additional Slurm-specific configuration that directly maps to Slurm settings.

    " + } + }, + "documentation":"

    Additional options related to the Slurm scheduler.

    " }, "QueueStatus":{ "type":"string", @@ -1349,7 +1482,9 @@ "DELETING", "CREATE_FAILED", "DELETE_FAILED", - "UPDATE_FAILED" + "UPDATE_FAILED", + "SUSPENDING", + "SUSPENDED" ] }, "QueueSummary":{ @@ -1390,7 +1525,7 @@ }, "status":{ "shape":"QueueStatus", - "documentation":"

    The provisioning status of the queue.

    The provisioning status doesn't indicate the overall health of the queue.

    " + "documentation":"

    The provisioning status of the queue.

    The provisioning status doesn't indicate the overall health of the queue.

    The resource enters the SUSPENDING and SUSPENDED states when the scheduler is beyond end of life and we have suspended the cluster. When in these states, you can't use the cluster. The cluster controller is down and all compute instances are terminated. The resources still count toward your service quotas. You can delete a resource if its status is SUSPENDED. For more information, see Frequently asked questions about Slurm versions in PCS in the PCS User Guide.

    " } }, "documentation":"

    The object returned by the ListQueues API action.

    " @@ -1537,11 +1672,11 @@ "members":{ "type":{ "shape":"SchedulerType", - "documentation":"

    The software Amazon Web Services PCS uses to manage cluster scaling and job scheduling.

    " + "documentation":"

    The software PCS uses to manage cluster scaling and job scheduling.

    " }, "version":{ "shape":"String", - "documentation":"

    The version of the specified scheduling software that Amazon Web Services PCS uses to manage cluster scaling and job scheduling.

    " + "documentation":"

    The version of the specified scheduling software that PCS uses to manage cluster scaling and job scheduling. For more information, see Slurm versions in PCS in the PCS User Guide.

    Valid Values: 23.11 | 24.05 | 24.11

    " } }, "documentation":"

    The cluster management and job scheduling software associated with the cluster.

    " @@ -1555,11 +1690,11 @@ "members":{ "type":{ "shape":"SchedulerType", - "documentation":"

    The software Amazon Web Services PCS uses to manage cluster scaling and job scheduling.

    " + "documentation":"

    The software PCS uses to manage cluster scaling and job scheduling.

    " }, "version":{ "shape":"String", - "documentation":"

    The version of the specified scheduling software that Amazon Web Services PCS uses to manage cluster scaling and job scheduling.

    " + "documentation":"

    The version of the specified scheduling software that PCS uses to manage cluster scaling and job scheduling. For more information, see Slurm versions in PCS in the PCS User Guide.

    Valid Values: 23.11 | 24.05 | 24.11

    " } }, "documentation":"

    The cluster management and job scheduling software associated with the cluster.

    " @@ -1625,7 +1760,7 @@ "members":{ "secretArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the the shared Slurm key.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the shared Slurm key.

    " }, "secretVersion":{ "shape":"String", @@ -1643,14 +1778,14 @@ "members":{ "parameterName":{ "shape":"String", - "documentation":"

    Amazon Web Services PCS supports configuration of the following Slurm parameters:

    " + "documentation":"

    PCS supports custom Slurm settings for clusters, compute node groups, and queues. For more information, see Configuring custom Slurm settings in PCS in the PCS User Guide.

    " }, "parameterValue":{ "shape":"String", "documentation":"

    The values for the configured Slurm settings.

    " } }, - "documentation":"

    Additional settings that directly map to Slurm settings.

    " + "documentation":"

    Additional settings that directly map to Slurm settings.

    PCS supports a subset of Slurm settings. For more information, see Configuring custom Slurm settings in PCS in the PCS User Guide.

    " }, "SlurmCustomSettings":{ "type":"list", @@ -1669,7 +1804,7 @@ "members":{ "allocationStrategy":{ "shape":"SpotAllocationStrategy", - "documentation":"

    The Amazon EC2 allocation strategy Amazon Web Services PCS uses to provision EC2 instances. Amazon Web Services PCS supports lowest price, capacity optimized, and price capacity optimized. For more information, see Use allocation strategies to determine how EC2 Fleet or Spot Fleet fulfills Spot and On-Demand capacity in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to price capacity optimized.

    " + "documentation":"

    The Amazon EC2 allocation strategy PCS uses to provision EC2 instances. PCS supports lowest price, capacity optimized, and price capacity optimized. For more information, see Use allocation strategies to determine how EC2 Fleet or Spot Fleet fulfills Spot and On-Demand capacity in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to price capacity optimized.

    " } }, "documentation":"

    Additional configuration when you specify SPOT as the purchaseOption for the CreateComputeNodeGroup API action.

    " @@ -1756,6 +1891,74 @@ } } }, + "UpdateAccountingRequest":{ + "type":"structure", + "members":{ + "defaultPurgeTimeInDays":{ + "shape":"UpdateAccountingRequestDefaultPurgeTimeInDaysInteger", + "documentation":"

    The default value for all purge settings for slurmdbd.conf. For more information, see the slurmdbd.conf documentation at SchedMD.

    The default value for defaultPurgeTimeInDays is -1.

    A value of -1 means there is no purge time and records persist as long as the cluster exists.

    0 isn't a valid value.

    " + }, + "mode":{ + "shape":"AccountingMode", + "documentation":"

    The default value for mode is STANDARD. A value of STANDARD means Slurm accounting is enabled.

    " + } + }, + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting.

    " + }, + "UpdateAccountingRequestDefaultPurgeTimeInDaysInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":-1 + }, + "UpdateClusterRequest":{ + "type":"structure", + "required":["clusterIdentifier"], + "members":{ + "clusterIdentifier":{ + "shape":"ClusterIdentifier", + "documentation":"

    The name or ID of the cluster to update.

    " + }, + "clientToken":{ + "shape":"SBClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you don't specify a client token, the CLI and SDK automatically generate 1 for you.

    ", + "idempotencyToken":true + }, + "slurmConfiguration":{ + "shape":"UpdateClusterSlurmConfigurationRequest", + "documentation":"

    Additional options related to the Slurm scheduler.

    " + } + } + }, + "UpdateClusterResponse":{ + "type":"structure", + "members":{ + "cluster":{"shape":"Cluster"} + } + }, + "UpdateClusterSlurmConfigurationRequest":{ + "type":"structure", + "members":{ + "scaleDownIdleTimeInSeconds":{ + "shape":"UpdateClusterSlurmConfigurationRequestScaleDownIdleTimeInSecondsInteger", + "documentation":"

    The time (in seconds) before an idle node is scaled down.

    Default: 600

    " + }, + "slurmCustomSettings":{ + "shape":"SlurmCustomSettings", + "documentation":"

    Additional Slurm-specific configuration that directly maps to Slurm settings.

    " + }, + "accounting":{ + "shape":"UpdateAccountingRequest", + "documentation":"

    The accounting configuration includes configurable settings for Slurm accounting.

    " + } + }, + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, + "UpdateClusterSlurmConfigurationRequestScaleDownIdleTimeInSecondsInteger":{ + "type":"integer", + "box":true, + "min":1 + }, "UpdateComputeNodeGroupRequest":{ "type":"structure", "required":[ @@ -1773,7 +1976,7 @@ }, "amiId":{ "shape":"AmiId", - "documentation":"

    The ID of the Amazon Machine Image (AMI) that Amazon Web Services PCS uses to launch instances. If not provided, Amazon Web Services PCS uses the AMI ID specified in the custom launch template.

    " + "documentation":"

    The ID of the Amazon Machine Image (AMI) that PCS uses to launch instances. If not provided, PCS uses the AMI ID specified in the custom launch template.

    " }, "subnetIds":{ "shape":"StringList", @@ -1782,7 +1985,7 @@ "customLaunchTemplate":{"shape":"CustomLaunchTemplate"}, "purchaseOption":{ "shape":"PurchaseOption", - "documentation":"

    Specifies how EC2 instances are purchased on your behalf. Amazon Web Services PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand.

    " + "documentation":"

    Specifies how EC2 instances are purchased on your behalf. PCS supports On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For more information, see Amazon EC2 billing and purchasing options in the Amazon Elastic Compute Cloud User Guide. For more information about PCS support for Capacity Blocks, see Using Amazon EC2 Capacity Blocks for ML with PCS in the PCS User Guide. If you don't provide this option, it defaults to On-Demand.

    " }, "spotOptions":{"shape":"SpotOptions"}, "scalingConfiguration":{ @@ -1791,7 +1994,7 @@ }, "iamInstanceProfileArn":{ "shape":"InstanceProfileArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission. The resource identifier of the ARN must start with AWSPCS or it must have /aws-pcs/ in its path.

    Examples

    • arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1

    • arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the pcs:RegisterComputeNodeGroupInstance permission and the role name must start with AWSPCS or must have the path /aws-pcs/. For more information, see IAM instance profiles for PCS in the PCS User Guide.

    " }, "slurmConfiguration":{ "shape":"UpdateComputeNodeGroupSlurmConfigurationRequest", @@ -1839,6 +2042,10 @@ "shape":"ComputeNodeGroupConfigurationList", "documentation":"

    The list of compute node group configurations to associate with the queue. Queues assign jobs to associated compute node groups.

    " }, + "slurmConfiguration":{ + "shape":"UpdateQueueSlurmConfigurationRequest", + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, "clientToken":{ "shape":"SBClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you don't specify a client token, the CLI and SDK automatically generate 1 for you.

    ", @@ -1852,6 +2059,16 @@ "queue":{"shape":"Queue"} } }, + "UpdateQueueSlurmConfigurationRequest":{ + "type":"structure", + "members":{ + "slurmCustomSettings":{ + "shape":"SlurmCustomSettings", + "documentation":"

    Additional Slurm-specific configuration that directly maps to Slurm settings.

    " + } + }, + "documentation":"

    Additional options related to the Slurm scheduler.

    " + }, "ValidationException":{ "type":"structure", "required":[ @@ -1904,5 +2121,5 @@ ] } }, - "documentation":"

    Amazon Web Services Parallel Computing Service (Amazon Web Services PCS) is a managed service that makes it easier for you to run and scale your high performance computing (HPC) workloads, and build scientific and engineering models on Amazon Web Services using Slurm. For more information, see the Amazon Web Services Parallel Computing Service User Guide.

    This reference describes the actions and data types of the service management API. You can use the Amazon Web Services SDKs to call the API actions in software, or use the Command Line Interface (CLI) to call the API actions manually. These API actions manage the service through an Amazon Web Services account.

    The API actions operate on Amazon Web Services PCS resources. A resource is an entity in Amazon Web Services that you can work with. Amazon Web Services services create resources when you use the features of the service. Examples of Amazon Web Services PCS resources include clusters, compute node groups, and queues. For more information about resources in Amazon Web Services, see Resource in the Resource Explorer User Guide.

    An Amazon Web Services PCS compute node is an Amazon EC2 instance. You don't launch compute nodes directly. Amazon Web Services PCS uses configuration information that you provide to launch compute nodes in your Amazon Web Services account. You receive billing charges for your running compute nodes. Amazon Web Services PCS automatically terminates your compute nodes when you delete the Amazon Web Services PCS resources related to those compute nodes.

    " + "documentation":"

    Parallel Computing Service (PCS) is a managed service that makes it easier for you to run and scale your high performance computing (HPC) workloads, and build scientific and engineering models on Amazon Web Services using Slurm. For more information, see the Parallel Computing Service User Guide.

    This reference describes the actions and data types of the service management API. You can use the Amazon Web Services SDKs to call the API actions in software, or use the Command Line Interface (CLI) to call the API actions manually. These API actions manage the service through an Amazon Web Services account.

    The API actions operate on PCS resources. A resource is an entity in Amazon Web Services that you can work with. Amazon Web Services services create resources when you use the features of the service. Examples of PCS resources include clusters, compute node groups, and queues. For more information about resources in Amazon Web Services, see Resource in the Resource Explorer User Guide.

    An PCS compute node is an Amazon EC2 instance. You don't launch compute nodes directly. PCS uses configuration information that you provide to launch compute nodes in your Amazon Web Services account. You receive billing charges for your running compute nodes. PCS automatically terminates your compute nodes when you delete the PCS resources related to those compute nodes.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/personalize/2018-05-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/personalize/2018-05-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/personalize/2018-05-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize/2018-05-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/personalize/2018-05-22/service-2.json 2.31.35-1/awscli/botocore/data/personalize/2018-05-22/service-2.json --- 2.23.6-1/awscli/botocore/data/personalize/2018-05-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize/2018-05-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -311,7 +311,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ResourceInUseException"} ], - "documentation":"

    Deletes a dataset. You can't delete a dataset if an associated DatasetImportJob or SolutionVersion is in the CREATE PENDING or IN PROGRESS state. For more information on datasets, see CreateDataset.

    ", + "documentation":"

    Deletes a dataset. You can't delete a dataset if an associated DatasetImportJob or SolutionVersion is in the CREATE PENDING or IN PROGRESS state. For more information about deleting datasets, see Deleting a dataset.

    ", "idempotent":true }, "DeleteDatasetGroup":{ @@ -1662,7 +1662,8 @@ }, "ColumnName":{ "type":"string", - "max":150 + "max":150, + "pattern":"[A-Za-z_][A-Za-z\\d_]*" }, "ColumnNamesList":{ "type":"list", @@ -3385,6 +3386,29 @@ ] }, "ErrorMessage":{"type":"string"}, + "EventParameters":{ + "type":"structure", + "members":{ + "eventType":{ + "shape":"EventType", + "documentation":"

    The name of the event type to be considered for solution creation.

    " + }, + "eventValueThreshold":{ + "shape":"EventTypeThresholdValue", + "documentation":"

    The threshold of the event type. Only events with a value greater or equal to this threshold will be considered for solution creation.

    " + }, + "weight":{ + "shape":"EventTypeWeight", + "documentation":"

    The weight of the event type. A higher weight means higher importance of the event type for the created solution.

    " + } + }, + "documentation":"

    Describes the parameters of events, which are used in solution creation.

    " + }, + "EventParametersList":{ + "type":"list", + "member":{"shape":"EventParameters"}, + "max":10 + }, "EventTracker":{ "type":"structure", "members":{ @@ -3458,10 +3482,26 @@ "type":"string", "max":256 }, + "EventTypeThresholdValue":{"type":"double"}, + "EventTypeWeight":{ + "type":"double", + "max":1, + "min":0 + }, "EventValueThreshold":{ "type":"string", "max":256 }, + "EventsConfig":{ + "type":"structure", + "members":{ + "eventParametersList":{ + "shape":"EventParametersList", + "documentation":"

    A list of event parameters, which includes event types and their event value thresholds and weights.

    " + } + }, + "documentation":"

    Describes the configuration of events, which are used in solution creation.

    " + }, "ExcludedDatasetColumns":{ "type":"map", "key":{"shape":"DatasetType"}, @@ -4888,6 +4928,10 @@ "shape":"AutoMLConfig", "documentation":"

    The AutoMLConfig object containing a list of recipes to search when AutoML is performed.

    " }, + "eventsConfig":{ + "shape":"EventsConfig", + "documentation":"

    Describes the configuration of an event, which includes a list of event parameters. You can specify up to 10 event parameters. Events are used in solution creation.

    " + }, "optimizationObjective":{ "shape":"OptimizationObjective", "documentation":"

    Describes the additional objective for the solution, such as maximizing streaming minutes or increasing revenue. For more information see Optimizing a solution.

    " @@ -4936,7 +4980,11 @@ "SolutionUpdateConfig":{ "type":"structure", "members":{ - "autoTrainingConfig":{"shape":"AutoTrainingConfig"} + "autoTrainingConfig":{"shape":"AutoTrainingConfig"}, + "eventsConfig":{ + "shape":"EventsConfig", + "documentation":"

    Describes the configuration of an event, which includes a list of event parameters. You can specify up to 10 event parameters. Events are used in solution creation.

    " + } }, "documentation":"

    The configuration details of the solution update.

    " }, @@ -5162,7 +5210,8 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "sensitive":true }, "TagKeys":{ "type":"list", @@ -5189,14 +5238,14 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "sensitive":true }, "Tags":{ "type":"list", @@ -5302,8 +5351,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCampaignRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/personalize-events/2018-03-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/personalize-events/2018-03-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/personalize-events/2018-03-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize-events/2018-03-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/personalize-events/2018-03-22/service-2.json 2.31.35-1/awscli/botocore/data/personalize-events/2018-03-22/service-2.json --- 2.23.6-1/awscli/botocore/data/personalize-events/2018-03-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize-events/2018-03-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"personalize-events", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Personalize Events", "serviceId":"Personalize Events", "signatureVersion":"v4", "signingName":"personalize", - "uid":"personalize-events-2018-03-22" + "uid":"personalize-events-2018-03-22", + "auth":["aws.auth#sigv4"] }, "operations":{ "PutActionInteractions":{ diff -pruN 2.23.6-1/awscli/botocore/data/personalize-runtime/2018-05-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/personalize-runtime/2018-05-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/personalize-runtime/2018-05-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize-runtime/2018-05-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/personalize-runtime/2018-05-22/service-2.json 2.31.35-1/awscli/botocore/data/personalize-runtime/2018-05-22/service-2.json --- 2.23.6-1/awscli/botocore/data/personalize-runtime/2018-05-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/personalize-runtime/2018-05-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,8 @@ "serviceId":"Personalize Runtime", "signatureVersion":"v4", "signingName":"personalize", - "uid":"personalize-runtime-2018-05-22" + "uid":"personalize-runtime-2018-05-22", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetActionRecommendations":{ diff -pruN 2.23.6-1/awscli/botocore/data/pi/2018-02-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pi/2018-02-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pi/2018-02-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pi/2018-02-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pi/2018-02-27/service-2.json 2.31.35-1/awscli/botocore/data/pi/2018-02-27/service-2.json --- 2.23.6-1/awscli/botocore/data/pi/2018-02-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pi/2018-02-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -74,7 +74,7 @@ {"shape":"InternalServiceError"}, {"shape":"NotAuthorizedException"} ], - "documentation":"

    Get the attributes of the specified dimension group for a DB instance or data source. For example, if you specify a SQL ID, GetDimensionKeyDetails retrieves the full text of the dimension db.sql.statement associated with this ID. This operation is useful because GetResourceMetrics and DescribeDimensionKeys don't support retrieval of large SQL statement text.

    " + "documentation":"

    Get the attributes of the specified dimension group for a DB instance or data source. For example, if you specify a SQL ID, GetDimensionKeyDetails retrieves the full text of the dimension db.sql.statement associated with this ID. This operation is useful because GetResourceMetrics and DescribeDimensionKeys don't support retrieval of large SQL statement text, lock snapshots, and execution plans.

    " }, "GetPerformanceAnalysisReport":{ "name":"GetPerformanceAnalysisReport", @@ -435,8 +435,7 @@ }, "DeletePerformanceAnalysisReportResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDimensionKeysRequest":{ "type":"structure", @@ -479,7 +478,7 @@ }, "AdditionalMetrics":{ "shape":"AdditionalMetricsList", - "documentation":"

    Additional metrics for the top N dimension keys. If the specified dimension group in the GroupBy parameter is db.sql_tokenized, you can specify per-SQL metrics to get the values for the top N SQL digests. The response syntax is as follows: \"AdditionalMetrics\" : { \"string\" : \"string\" }.

    " + "documentation":"

    Additional metrics for the top N dimension keys. If the specified dimension group in the GroupBy parameter is db.sql_tokenized, you can specify per-SQL metrics to get the values for the top N SQL digests. The response syntax is as follows: \"AdditionalMetrics\" : { \"string\" : \"string\" }.

    The only supported statistic function is .avg.

    " }, "PartitionBy":{ "shape":"DimensionGroup", @@ -568,11 +567,11 @@ "members":{ "Group":{ "shape":"SanitizedString", - "documentation":"

    The name of the dimension group. Valid values are as follows:

    • db - The name of the database to which the client is connected. The following values are permitted:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Aurora MySQL

      • Amazon RDS MySQL

      • Amazon RDS MariaDB

      • Amazon DocumentDB

    • db.application - The name of the application that is connected to the database. The following values are permitted:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Amazon DocumentDB

    • db.host - The host name of the connected client (all engines).

    • db.query - The query that is currently running (only Amazon DocumentDB).

    • db.query_tokenized - The digest query (only Amazon DocumentDB).

    • db.session_type - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL).

    • db.sql - The text of the SQL statement that is currently running (all engines except Amazon DocumentDB).

    • db.sql_tokenized - The SQL digest (all engines except Amazon DocumentDB).

    • db.user - The user logged in to the database (all engines except Amazon DocumentDB).

    • db.wait_event - The event for which the database backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event_type - The type of event for which the database backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_state - The event for which the database backend is waiting (only Amazon DocumentDB).

    " + "documentation":"

    The name of the dimension group. Valid values are as follows:

    • db - The name of the database to which the client is connected. The following values are permitted:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Aurora MySQL

      • Amazon RDS MySQL

      • Amazon RDS MariaDB

      • Amazon DocumentDB

    • db.application - The name of the application that is connected to the database. The following values are permitted:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Amazon DocumentDB

    • db.blocking_sql - The SQL queries blocking the most DB load.

    • db.blocking_session - The sessions blocking the most DB load.

    • db.blocking_object - The object resources acquired by other sessions that are blocking the most DB load.

    • db.host - The host name of the connected client (all engines).

    • db.plans - The execution plans for the query (only Aurora PostgreSQL).

    • db.query - The query that is currently running (only Amazon DocumentDB).

    • db.query_tokenized - The digest query (only Amazon DocumentDB).

    • db.session_type - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL).

    • db.sql - The text of the SQL statement that is currently running (all engines except Amazon DocumentDB).

    • db.sql_tokenized - The SQL digest (all engines except Amazon DocumentDB).

    • db.user - The user logged in to the database (all engines except Amazon DocumentDB).

    • db.wait_event - The event for which the database backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event_type - The type of event for which the database backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_state - The event for which the database backend is waiting (only Amazon DocumentDB).

    " }, "Dimensions":{ "shape":"SanitizedStringList", - "documentation":"

    A list of specific dimensions from a dimension group. If this parameter is not present, then it signifies that all of the dimensions in the group were requested, or are present in the response.

    Valid values for elements in the Dimensions array are:

    • db.application.name - The name of the application that is connected to the database. Valid values are as follows:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Amazon DocumentDB

    • db.host.id - The host ID of the connected client (all engines).

    • db.host.name - The host name of the connected client (all engines).

    • db.name - The name of the database to which the client is connected. Valid values are as follows:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Aurora MySQL

      • Amazon RDS MySQL

      • Amazon RDS MariaDB

      • Amazon DocumentDB

    • db.query.id - The query ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.db_id - The query ID generated by the database (only Amazon DocumentDB).

    • db.query.statement - The text of the query that is being run (only Amazon DocumentDB).

    • db.query.tokenized_id

    • db.query.tokenized.id - The query digest ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.tokenized.db_id - The query digest ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.tokenized.statement - The text of the query digest (only Amazon DocumentDB).

    • db.session_type.name - The type of the current session (only Amazon DocumentDB).

    • db.sql.id - The hash of the full, non-tokenized SQL statement generated by Performance Insights (all engines except Amazon DocumentDB).

    • db.sql.db_id - Either the SQL ID generated by the database engine, or a value generated by Performance Insights that begins with pi- (all engines except Amazon DocumentDB).

    • db.sql.statement - The full text of the SQL statement that is running, as in SELECT * FROM employees (all engines except Amazon DocumentDB)

    • db.sql.tokenized_id - The hash of the SQL digest generated by Performance Insights (all engines except Amazon DocumentDB). The db.sql.tokenized_id dimension fetches the value of the db.sql_tokenized.id dimension. Amazon RDS returns db.sql.tokenized_id from the db.sql dimension group.

    • db.sql_tokenized.id - The hash of the SQL digest generated by Performance Insights (all engines except Amazon DocumentDB). In the console, db.sql_tokenized.id is called the Support ID because Amazon Web Services Support can look at this data to help you troubleshoot database issues.

    • db.sql_tokenized.db_id - Either the native database ID used to refer to the SQL statement, or a synthetic ID such as pi-2372568224 that Performance Insights generates if the native database ID isn't available (all engines except Amazon DocumentDB).

    • db.sql_tokenized.statement - The text of the SQL digest, as in SELECT * FROM employees WHERE employee_id = ? (all engines except Amazon DocumentDB)

    • db.user.id - The ID of the user logged in to the database (all engines except Amazon DocumentDB).

    • db.user.name - The name of the user logged in to the database (all engines except Amazon DocumentDB).

    • db.wait_event.name - The event for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event.type - The type of event for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event_type.name - The name of the event type for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_state.name - The event for which the backend is waiting (only Amazon DocumentDB).

    " + "documentation":"

    A list of specific dimensions from a dimension group. If this parameter is not present, then it signifies that all of the dimensions in the group were requested, or are present in the response.

    Valid values for elements in the Dimensions array are:

    • db.application.name - The name of the application that is connected to the database. Valid values are as follows:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Amazon DocumentDB

    • db.blocking_sql.id - The ID for each of the SQL queries blocking the most DB load.

    • db.blocking_sql.sql - The SQL text for each of the SQL queries blocking the most DB load.

    • db.blocking_session.id - The ID for each of the sessions blocking the most DB load.

    • db.blocking_object.id - The ID for each of the object resources acquired by other sessions that are blocking the most DB load.

    • db.blocking_object.type - The object type for each of the object resources acquired by other sessions that are blocking the most DB load.

    • db.blocking_object.value - The value for each of the object resources acquired by other sessions that are blocking the most DB load.

    • db.host.id - The host ID of the connected client (all engines).

    • db.host.name - The host name of the connected client (all engines).

    • db.name - The name of the database to which the client is connected. Valid values are as follows:

      • Aurora PostgreSQL

      • Amazon RDS PostgreSQL

      • Aurora MySQL

      • Amazon RDS MySQL

      • Amazon RDS MariaDB

      • Amazon DocumentDB

    • db.query.id - The query ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.db_id - The query ID generated by the database (only Amazon DocumentDB).

    • db.query.statement - The text of the query that is being run (only Amazon DocumentDB).

    • db.query.tokenized_id

    • db.query.tokenized.id - The query digest ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.tokenized.db_id - The query digest ID generated by Performance Insights (only Amazon DocumentDB).

    • db.query.tokenized.statement - The text of the query digest (only Amazon DocumentDB).

    • db.session_type.name - The type of the current session (only Amazon DocumentDB).

    • db.sql.id - The hash of the full, non-tokenized SQL statement generated by Performance Insights (all engines except Amazon DocumentDB).

    • db.sql.db_id - Either the SQL ID generated by the database engine, or a value generated by Performance Insights that begins with pi- (all engines except Amazon DocumentDB).

    • db.sql.statement - The full text of the SQL statement that is running, as in SELECT * FROM employees (all engines except Amazon DocumentDB)

    • db.sql.tokenized_id - The hash of the SQL digest generated by Performance Insights (all engines except Amazon DocumentDB). The db.sql.tokenized_id dimension fetches the value of the db.sql_tokenized.id dimension. Amazon RDS returns db.sql.tokenized_id from the db.sql dimension group.

    • db.sql_tokenized.id - The hash of the SQL digest generated by Performance Insights (all engines except Amazon DocumentDB). In the console, db.sql_tokenized.id is called the Support ID because Amazon Web Services Support can look at this data to help you troubleshoot database issues.

    • db.sql_tokenized.db_id - Either the native database ID used to refer to the SQL statement, or a synthetic ID such as pi-2372568224 that Performance Insights generates if the native database ID isn't available (all engines except Amazon DocumentDB).

    • db.sql_tokenized.statement - The text of the SQL digest, as in SELECT * FROM employees WHERE employee_id = ? (all engines except Amazon DocumentDB)

    • db.user.id - The ID of the user logged in to the database (all engines except Amazon DocumentDB).

    • db.user.name - The name of the user logged in to the database (all engines except Amazon DocumentDB).

    • db.wait_event.name - The event for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event.type - The type of event for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_event_type.name - The name of the event type for which the backend is waiting (all engines except Amazon DocumentDB).

    • db.wait_state.name - The event for which the backend is waiting (only Amazon DocumentDB).

    " }, "Limit":{ "shape":"Limit", @@ -713,15 +712,15 @@ }, "Group":{ "shape":"RequestString", - "documentation":"

    The name of the dimension group. Performance Insights searches the specified group for the dimension group ID. The following group name values are valid:

    • db.query (Amazon DocumentDB only)

    • db.sql (Amazon RDS and Aurora only)

    " + "documentation":"

    The name of the dimension group. Performance Insights searches the specified group for the dimension group ID. The following group name values are valid:

    • db.execution_plan (Amazon RDS and Aurora only)

    • db.lock_snapshot (Aurora only)

    • db.query (Amazon DocumentDB only)

    • db.sql (Amazon RDS and Aurora only)

    " }, "GroupIdentifier":{ "shape":"RequestString", - "documentation":"

    The ID of the dimension group from which to retrieve dimension details. For dimension group db.sql, the group ID is db.sql.id. The following group ID values are valid:

    • db.sql.id for dimension group db.sql (Aurora and RDS only)

    • db.query.id for dimension group db.query (DocumentDB only)

    " + "documentation":"

    The ID of the dimension group from which to retrieve dimension details. For dimension group db.sql, the group ID is db.sql.id. The following group ID values are valid:

    • db.execution_plan.id for dimension group db.execution_plan (Aurora and RDS only)

    • db.sql.id for dimension group db.sql (Aurora and RDS only)

    • db.query.id for dimension group db.query (DocumentDB only)

    • For the dimension group db.lock_snapshot, the GroupIdentifier is the epoch timestamp when Performance Insights captured the snapshot, in seconds. You can retrieve this value with the GetResourceMetrics operation for a 1 second period.

    " }, "RequestedDimensions":{ "shape":"RequestedDimensionList", - "documentation":"

    A list of dimensions to retrieve the detail data for within the given dimension group. If you don't specify this parameter, Performance Insights returns all dimension data within the specified dimension group. Specify dimension names for the following dimension groups:

    • db.sql - Specify either the full dimension name db.sql.statement or the short dimension name statement (Aurora and RDS only).

    • db.query - Specify either the full dimension name db.query.statement or the short dimension name statement (DocumentDB only).

    " + "documentation":"

    A list of dimensions to retrieve the detail data for within the given dimension group. If you don't specify this parameter, Performance Insights returns all dimension data within the specified dimension group. Specify dimension names for the following dimension groups:

    • db.execution_plan - Specify the dimension name db.execution_plan.raw_plan or the short dimension name raw_plan (Amazon RDS and Aurora only)

    • db.lock_snapshot - Specify the dimension name db.lock_snapshot.lock_trees or the short dimension name lock_trees. (Aurora only)

    • db.sql - Specify either the full dimension name db.sql.statement or the short dimension name statement (Aurora and RDS only).

    • db.query - Specify either the full dimension name db.query.statement or the short dimension name statement (DocumentDB only).

    " } } }, @@ -839,7 +838,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of items to return in the response. If more items exist than the specified MaxRecords value, a pagination token is included in the response so that the remaining results can be retrieved.

    " + "documentation":"

    The maximum number of items to return in the response.

    " }, "NextToken":{ "shape":"NextToken", @@ -1234,6 +1233,10 @@ "shape":"DescriptiveMap", "documentation":"

    A dimension map that contains the dimensions for this partition.

    " }, + "Filter":{ + "shape":"DescriptiveMap", + "documentation":"

    The filter for the Performance Insights metric.

    " + }, "Value":{ "shape":"Double", "documentation":"

    The value of the metric. For example, 9 for db.load.avg.

    " @@ -1424,8 +1427,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1464,8 +1466,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} } }, "documentation":"Amazon RDS Performance Insights

    Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. The guide provides detailed information about Performance Insights data types, parameters and errors.

    When Performance Insights is enabled, the Amazon RDS Performance Insights API provides visibility into the performance of your DB instance. Amazon CloudWatch provides the authoritative source for Amazon Web Services service-vended monitoring metrics. Performance Insights offers a domain-specific view of DB load.

    DB load is measured as average active sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host.

    " diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint/2016-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pinpoint/2016-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pinpoint/2016-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint/2016-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint/2016-12-01/service-2.json 2.31.35-1/awscli/botocore/data/pinpoint/2016-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/pinpoint/2016-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint/2016-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -3899,9 +3899,7 @@ "shape": "ListTagsForResourceResponse", "documentation": "

    The request succeeded.

    " }, - "errors": [ - - ], + "errors": [], "documentation": "

    Retrieves all the tags (keys and values) that are associated with an application, campaign, message template, or segment.

    " }, "ListTemplateVersions": { @@ -4320,9 +4318,7 @@ "input": { "shape": "TagResourceRequest" }, - "errors": [ - - ], + "errors": [], "documentation": "

    Adds one or more tags (keys and values) to an application, campaign, message template, or segment.

    " }, "UntagResource": { @@ -4335,9 +4331,7 @@ "input": { "shape": "UntagResourceRequest" }, - "errors": [ - - ], + "errors": [], "documentation": "

    Removes one or more tags (keys and values) from an application, campaign, message template, or segment.

    " }, "UpdateAdmChannel": { diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-email/2018-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pinpoint-email/2018-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pinpoint-email/2018-07-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-email/2018-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-email/2018-07-26/service-2.json 2.31.35-1/awscli/botocore/data/pinpoint-email/2018-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/pinpoint-email/2018-07-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-email/2018-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"email", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Pinpoint Email", "serviceFullName":"Amazon Pinpoint Email Service", "serviceId":"Pinpoint Email", "signatureVersion":"v4", "signingName":"ses", - "uid":"pinpoint-email-2018-07-26" + "uid":"pinpoint-email-2018-07-26", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateConfigurationSet":{ @@ -667,16 +669,14 @@ "shapes":{ "AccountSuspendedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the account's ability to send email has been permanently restricted.

    ", "error":{"httpStatusCode":400}, "exception":true }, "AlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource specified in your request already exists.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -684,8 +684,7 @@ "AmazonResourceName":{"type":"string"}, "BadRequestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The input you provided is invalid.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -793,8 +792,7 @@ }, "ConcurrentModificationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource is being modified by another operation or thread.

    ", "error":{"httpStatusCode":500}, "exception":true @@ -849,8 +847,7 @@ }, "CreateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateConfigurationSetRequest":{ @@ -886,8 +883,7 @@ }, "CreateConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateDedicatedIpPoolRequest":{ @@ -907,8 +903,7 @@ }, "CreateDedicatedIpPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateDeliverabilityTestReportRequest":{ @@ -1074,8 +1069,7 @@ }, "DeleteConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteConfigurationSetRequest":{ @@ -1093,8 +1087,7 @@ }, "DeleteConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteDedicatedIpPoolRequest":{ @@ -1112,8 +1105,7 @@ }, "DeleteDedicatedIpPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteEmailIdentityRequest":{ @@ -1131,8 +1123,7 @@ }, "DeleteEmailIdentityResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeliverabilityDashboardAccountStatus":{ @@ -1516,8 +1507,7 @@ "GeneralEnforcementStatus":{"type":"string"}, "GetAccountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A request to obtain information about the email-sending capabilities of your Amazon Pinpoint account.

    " }, "GetAccountResponse":{ @@ -1699,8 +1689,7 @@ }, "GetDeliverabilityDashboardOptionsRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Retrieve information about the status of the Deliverability dashboard for your Amazon Pinpoint account. When the Deliverability dashboard is enabled, you gain access to reputation, deliverability, and other metrics for the domains that you use to send email using Amazon Pinpoint. You also gain the ability to perform predictive inbox placement tests.

    When you use the Deliverability dashboard, you pay a monthly subscription charge, in addition to any other fees that you accrue by using Amazon Pinpoint. For more information about the features and cost of a Deliverability dashboard subscription, see Amazon Pinpoint Pricing.

    " }, "GetDeliverabilityDashboardOptionsResponse":{ @@ -1993,8 +1982,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There are too many instances of the specified resource type.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -2240,8 +2228,7 @@ }, "MailFromDomainNotVerifiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the sending domain isn't verified.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -2284,8 +2271,7 @@ "MessageData":{"type":"string"}, "MessageRejected":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because it contains invalid content.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -2324,8 +2310,7 @@ "NextToken":{"type":"string"}, "NotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource you attempted to access doesn't exist.

    ", "error":{"httpStatusCode":404}, "exception":true @@ -2406,8 +2391,7 @@ }, "PutAccountDedicatedIpWarmupAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutAccountSendingAttributesRequest":{ @@ -2422,8 +2406,7 @@ }, "PutAccountSendingAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetDeliveryOptionsRequest":{ @@ -2449,8 +2432,7 @@ }, "PutConfigurationSetDeliveryOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetReputationOptionsRequest":{ @@ -2472,8 +2454,7 @@ }, "PutConfigurationSetReputationOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetSendingOptionsRequest":{ @@ -2495,8 +2476,7 @@ }, "PutConfigurationSetSendingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetTrackingOptionsRequest":{ @@ -2518,8 +2498,7 @@ }, "PutConfigurationSetTrackingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDedicatedIpInPoolRequest":{ @@ -2544,8 +2523,7 @@ }, "PutDedicatedIpInPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDedicatedIpWarmupAttributesRequest":{ @@ -2570,8 +2548,7 @@ }, "PutDedicatedIpWarmupAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDeliverabilityDashboardOptionRequest":{ @@ -2591,8 +2568,7 @@ }, "PutDeliverabilityDashboardOptionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A response that indicates whether the Deliverability dashboard is enabled for your Amazon Pinpoint account.

    " }, "PutEmailIdentityDkimAttributesRequest":{ @@ -2614,8 +2590,7 @@ }, "PutEmailIdentityDkimAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutEmailIdentityFeedbackAttributesRequest":{ @@ -2637,8 +2612,7 @@ }, "PutEmailIdentityFeedbackAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutEmailIdentityMailFromAttributesRequest":{ @@ -2664,8 +2638,7 @@ }, "PutEmailIdentityMailFromAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "RawMessage":{ @@ -2787,8 +2760,7 @@ }, "SendingPausedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the account's ability to send email is currently paused.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -2856,8 +2828,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{"type":"string"}, "Template":{ @@ -2889,8 +2860,7 @@ }, "TooManyRequestsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Too many requests have been made to the operation.

    ", "error":{"httpStatusCode":429}, "exception":true @@ -2929,8 +2899,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConfigurationSetEventDestinationRequest":{ "type":"structure", @@ -2961,8 +2930,7 @@ }, "UpdateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "Volume":{ diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -32,38 +32,32 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] - }, - { - "fn": "parseURL", - "argv": [ - { - "ref": "Endpoint" - } - ], - "assign": "url" } ], - "type": "tree", + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "rules": [ { "conditions": [ @@ -71,239 +65,286 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] - }, + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms-voice.pinpoint-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://sms-voice.pinpoint-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms-voice.pinpoint-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://sms-voice.pinpoint-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://sms-voice.pinpoint.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, { "conditions": [], - "endpoint": { - "url": "https://sms-voice.pinpoint.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://sms-voice.pinpoint.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": "https://sms-voice.pinpoint.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/service-2.json 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/service-2.json --- 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice/2018-09-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,677 +1,808 @@ { - "metadata" : { - "apiVersion" : "2018-09-05", - "endpointPrefix" : "sms-voice.pinpoint", - "signingName" : "sms-voice", - "serviceAbbreviation":"Pinpoint SMS Voice", - "serviceFullName" : "Amazon Pinpoint SMS and Voice Service", - "serviceId" : "Pinpoint SMS Voice", - "protocol" : "rest-json", - "jsonVersion" : "1.1", - "uid" : "pinpoint-sms-voice-2018-09-05", - "signatureVersion" : "v4" + "metadata": { + "apiVersion": "2018-09-05", + "endpointPrefix": "sms-voice.pinpoint", + "signingName": "sms-voice", + "serviceAbbreviation": "Pinpoint SMS Voice", + "serviceFullName": "Amazon Pinpoint SMS and Voice Service", + "serviceId": "Pinpoint SMS Voice", + "protocol": "rest-json", + "jsonVersion": "1.1", + "uid": "pinpoint-sms-voice-2018-09-05", + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, - "operations" : { - "CreateConfigurationSet" : { - "name" : "CreateConfigurationSet", - "http" : { - "method" : "POST", - "requestUri" : "/v1/sms-voice/configuration-sets", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateConfigurationSetRequest" - }, - "output" : { - "shape" : "CreateConfigurationSetResponse", - "documentation" : "CreateConfigurationSetResponse" - }, - "errors" : [ { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "LimitExceededException", - "documentation" : "LimitExceededException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - }, { - "shape" : "AlreadyExistsException", - "documentation" : "AlreadyExistsException" - } ], - "documentation" : "Create a new configuration set. After you create the configuration set, you can add one or more event destinations to it." - }, - "CreateConfigurationSetEventDestination" : { - "name" : "CreateConfigurationSetEventDestination", - "http" : { - "method" : "POST", - "requestUri" : "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations", - "responseCode" : 200 - }, - "input" : { - "shape" : "CreateConfigurationSetEventDestinationRequest" - }, - "output" : { - "shape" : "CreateConfigurationSetEventDestinationResponse", - "documentation" : "CreateConfigurationSetEventDestinationResponse" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "LimitExceededException", - "documentation" : "LimitExceededException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - }, { - "shape" : "NotFoundException", - "documentation" : "NotFoundException" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "AlreadyExistsException", - "documentation" : "AlreadyExistsException" - } ], - "documentation" : "Create a new event destination in a configuration set." - }, - "DeleteConfigurationSet" : { - "name" : "DeleteConfigurationSet", - "http" : { - "method" : "DELETE", - "requestUri" : "/v1/sms-voice/configuration-sets/{ConfigurationSetName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteConfigurationSetRequest" - }, - "output" : { - "shape" : "DeleteConfigurationSetResponse", - "documentation" : "DeleteConfigurationSetResponse" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "NotFoundException" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - } ], - "documentation" : "Deletes an existing configuration set." - }, - "DeleteConfigurationSetEventDestination" : { - "name" : "DeleteConfigurationSetEventDestination", - "http" : { - "method" : "DELETE", - "requestUri" : "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations/{EventDestinationName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "DeleteConfigurationSetEventDestinationRequest" - }, - "output" : { - "shape" : "DeleteConfigurationSetEventDestinationResponse", - "documentation" : "DeleteConfigurationSetEventDestinationResponse" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "NotFoundException" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - } ], - "documentation" : "Deletes an event destination in a configuration set." - }, - "GetConfigurationSetEventDestinations" : { - "name" : "GetConfigurationSetEventDestinations", - "http" : { - "method" : "GET", - "requestUri" : "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetConfigurationSetEventDestinationsRequest" - }, - "output" : { - "shape" : "GetConfigurationSetEventDestinationsResponse", - "documentation" : "GetConfigurationSetEventDestinationsResponse" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "NotFoundException" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - } ], - "documentation" : "Obtain information about an event destination, including the types of events it reports, the Amazon Resource Name (ARN) of the destination, and the name of the event destination." - }, - "SendVoiceMessage" : { - "name" : "SendVoiceMessage", - "http" : { - "method" : "POST", - "requestUri" : "/v1/sms-voice/voice/message", - "responseCode" : 200 - }, - "input" : { - "shape" : "SendVoiceMessageRequest" - }, - "output" : { - "shape" : "SendVoiceMessageResponse", - "documentation" : "SendVoiceMessageResponse" - }, - "errors" : [ { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - } ], - "documentation" : "Create a new voice message and send it to a recipient's phone number." - }, - "UpdateConfigurationSetEventDestination" : { - "name" : "UpdateConfigurationSetEventDestination", - "http" : { - "method" : "PUT", - "requestUri" : "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations/{EventDestinationName}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateConfigurationSetEventDestinationRequest" - }, - "output" : { - "shape" : "UpdateConfigurationSetEventDestinationResponse", - "documentation" : "UpdateConfigurationSetEventDestinationResponse" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "NotFoundException" - }, { - "shape" : "TooManyRequestsException", - "documentation" : "TooManyRequestsException" - }, { - "shape" : "BadRequestException", - "documentation" : "BadRequestException" - }, { - "shape" : "InternalServiceErrorException", - "documentation" : "InternalServiceErrorException" - } ], - "documentation" : "Update an event destination in a configuration set. An event destination is a location that you publish information about your voice calls to. For example, you can log an event to an Amazon CloudWatch destination when a call fails." + "operations": { + "CreateConfigurationSet": { + "name": "CreateConfigurationSet", + "http": { + "method": "POST", + "requestUri": "/v1/sms-voice/configuration-sets", + "responseCode": 200 + }, + "input": { + "shape": "CreateConfigurationSetRequest" + }, + "output": { + "shape": "CreateConfigurationSetResponse", + "documentation": "CreateConfigurationSetResponse" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "LimitExceededException", + "documentation": "LimitExceededException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + }, + { + "shape": "AlreadyExistsException", + "documentation": "AlreadyExistsException" + } + ], + "documentation": "Create a new configuration set. After you create the configuration set, you can add one or more event destinations to it." + }, + "CreateConfigurationSetEventDestination": { + "name": "CreateConfigurationSetEventDestination", + "http": { + "method": "POST", + "requestUri": "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations", + "responseCode": 200 + }, + "input": { + "shape": "CreateConfigurationSetEventDestinationRequest" + }, + "output": { + "shape": "CreateConfigurationSetEventDestinationResponse", + "documentation": "CreateConfigurationSetEventDestinationResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "LimitExceededException", + "documentation": "LimitExceededException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + }, + { + "shape": "NotFoundException", + "documentation": "NotFoundException" + }, + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "AlreadyExistsException", + "documentation": "AlreadyExistsException" + } + ], + "documentation": "Create a new event destination in a configuration set." + }, + "DeleteConfigurationSet": { + "name": "DeleteConfigurationSet", + "http": { + "method": "DELETE", + "requestUri": "/v1/sms-voice/configuration-sets/{ConfigurationSetName}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteConfigurationSetRequest" + }, + "output": { + "shape": "DeleteConfigurationSetResponse", + "documentation": "DeleteConfigurationSetResponse" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "NotFoundException" + }, + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "Deletes an existing configuration set." + }, + "DeleteConfigurationSetEventDestination": { + "name": "DeleteConfigurationSetEventDestination", + "http": { + "method": "DELETE", + "requestUri": "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations/{EventDestinationName}", + "responseCode": 200 + }, + "input": { + "shape": "DeleteConfigurationSetEventDestinationRequest" + }, + "output": { + "shape": "DeleteConfigurationSetEventDestinationResponse", + "documentation": "DeleteConfigurationSetEventDestinationResponse" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "NotFoundException" + }, + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "Deletes an event destination in a configuration set." + }, + "GetConfigurationSetEventDestinations": { + "name": "GetConfigurationSetEventDestinations", + "http": { + "method": "GET", + "requestUri": "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations", + "responseCode": 200 + }, + "input": { + "shape": "GetConfigurationSetEventDestinationsRequest" + }, + "output": { + "shape": "GetConfigurationSetEventDestinationsResponse", + "documentation": "GetConfigurationSetEventDestinationsResponse" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "NotFoundException" + }, + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "Obtain information about an event destination, including the types of events it reports, the Amazon Resource Name (ARN) of the destination, and the name of the event destination." + }, + "ListConfigurationSets": { + "name": "ListConfigurationSets", + "http": { + "method": "GET", + "requestUri": "/v1/sms-voice/configuration-sets", + "responseCode": 200 + }, + "input": { + "shape": "ListConfigurationSetsRequest" + }, + "output": { + "shape": "ListConfigurationSetsResponse", + "documentation": "ListConfigurationSetsResponse" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "List all of the configuration sets associated with your Amazon Pinpoint account in the current region." + }, + "SendVoiceMessage": { + "name": "SendVoiceMessage", + "http": { + "method": "POST", + "requestUri": "/v1/sms-voice/voice/message", + "responseCode": 200 + }, + "input": { + "shape": "SendVoiceMessageRequest" + }, + "output": { + "shape": "SendVoiceMessageResponse", + "documentation": "SendVoiceMessageResponse" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "Create a new voice message and send it to a recipient's phone number." + }, + "UpdateConfigurationSetEventDestination": { + "name": "UpdateConfigurationSetEventDestination", + "http": { + "method": "PUT", + "requestUri": "/v1/sms-voice/configuration-sets/{ConfigurationSetName}/event-destinations/{EventDestinationName}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateConfigurationSetEventDestinationRequest" + }, + "output": { + "shape": "UpdateConfigurationSetEventDestinationResponse", + "documentation": "UpdateConfigurationSetEventDestinationResponse" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "NotFoundException" + }, + { + "shape": "TooManyRequestsException", + "documentation": "TooManyRequestsException" + }, + { + "shape": "BadRequestException", + "documentation": "BadRequestException" + }, + { + "shape": "InternalServiceErrorException", + "documentation": "InternalServiceErrorException" + } + ], + "documentation": "Update an event destination in a configuration set. An event destination is a location that you publish information about your voice calls to. For example, you can log an event to an Amazon CloudWatch destination when a call fails." } }, - "shapes" : { - "AlreadyExistsException" : { - "type" : "structure", - "documentation" : "The resource specified in your request already exists.", - "members" : { - "Message" : { - "shape" : "String" + "shapes": { + "AlreadyExistsException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" } }, - "exception" : true, - "error" : { - "httpStatusCode" : 409 + "documentation": "The resource specified in your request already exists.", + "exception": true, + "error": { + "httpStatusCode": 409 } }, - "BadRequestException" : { - "type" : "structure", - "documentation" : "The input you provided is invalid.", - "members" : { - "Message" : { - "shape" : "String" + "BadRequestException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" } }, - "exception" : true, - "error" : { - "httpStatusCode" : 400 + "documentation": "The input you provided is invalid.", + "exception": true, + "error": { + "httpStatusCode": 400 } }, - "Boolean" : { - "type" : "boolean" - }, - "CallInstructionsMessageType" : { - "type" : "structure", - "members" : { - "Text" : { - "shape" : "NonEmptyString", - "documentation" : "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." - } - }, - "documentation" : "An object that defines a message that contains text formatted using Amazon Pinpoint Voice Instructions markup.", - "required" : [ ] - }, - "CloudWatchLogsDestination" : { - "type" : "structure", - "members" : { - "IamRoleArn" : { - "shape" : "String", - "documentation" : "The Amazon Resource Name (ARN) of an Amazon Identity and Access Management (IAM) role that is able to write event data to an Amazon CloudWatch destination." - }, - "LogGroupArn" : { - "shape" : "String", - "documentation" : "The name of the Amazon CloudWatch Log Group that you want to record events in." - } - }, - "documentation" : "An object that contains information about an event destination that sends data to Amazon CloudWatch Logs.", - "required" : [ ] - }, - "CreateConfigurationSetEventDestinationRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConfigurationSetName", - "documentation" : "ConfigurationSetName" - }, - "EventDestination" : { - "shape" : "EventDestinationDefinition" - }, - "EventDestinationName" : { - "shape" : "NonEmptyString", - "documentation" : "A name that identifies the event destination." - } - }, - "documentation" : "Create a new event destination in a configuration set.", - "required" : [ "ConfigurationSetName" ] - }, - "CreateConfigurationSetEventDestinationResponse" : { - "type" : "structure", - "members" : { }, - "documentation" : "An empty object that indicates that the event destination was created successfully." - }, - "CreateConfigurationSetRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "WordCharactersWithDelimiters", - "documentation" : "The name that you want to give the configuration set." - } - }, - "documentation" : "A request to create a new configuration set." - }, - "CreateConfigurationSetResponse" : { - "type" : "structure", - "members" : { }, - "documentation" : "An empty object that indicates that the configuration set was successfully created." - }, - "DeleteConfigurationSetEventDestinationRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConfigurationSetName", - "documentation" : "ConfigurationSetName" - }, - "EventDestinationName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "EventDestinationName", - "documentation" : "EventDestinationName" - } - }, - "required" : [ "EventDestinationName", "ConfigurationSetName" ] - }, - "DeleteConfigurationSetEventDestinationResponse" : { - "type" : "structure", - "members" : { }, - "documentation" : "An empty object that indicates that the event destination was deleted successfully." + "Boolean": { + "type": "boolean" }, - "DeleteConfigurationSetRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConfigurationSetName", - "documentation" : "ConfigurationSetName" - } - }, - "required" : [ "ConfigurationSetName" ] - }, - "DeleteConfigurationSetResponse" : { - "type" : "structure", - "members" : { }, - "documentation" : "An empty object that indicates that the configuration set was deleted successfully." + "CallInstructionsMessageType": { + "type": "structure", + "members": { + "Text": { + "shape": "NonEmptyString", + "documentation": "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." + } + }, + "documentation": "An object that defines a message that contains text formatted using Amazon Pinpoint Voice Instructions markup.", + "required": [] + }, + "CloudWatchLogsDestination": { + "type": "structure", + "members": { + "IamRoleArn": { + "shape": "String", + "documentation": "The Amazon Resource Name (ARN) of an Amazon Identity and Access Management (IAM) role that is able to write event data to an Amazon CloudWatch destination." + }, + "LogGroupArn": { + "shape": "String", + "documentation": "The name of the Amazon CloudWatch Log Group that you want to record events in." + } + }, + "documentation": "An object that contains information about an event destination that sends data to Amazon CloudWatch Logs.", + "required": [] + }, + "ConfigurationSets": { + "type": "list", + "documentation": "An array that contains all of the configuration sets in your Amazon Pinpoint account in the current AWS Region.", + "member": { + "shape": "WordCharactersWithDelimiters" + } }, - "EventDestination" : { - "type" : "structure", - "members" : { - "CloudWatchLogsDestination" : { - "shape" : "CloudWatchLogsDestination" - }, - "Enabled" : { - "shape" : "Boolean", - "documentation" : "Indicates whether or not the event destination is enabled. If the event destination is enabled, then Amazon Pinpoint sends response data to the specified event destination." - }, - "KinesisFirehoseDestination" : { - "shape" : "KinesisFirehoseDestination" - }, - "MatchingEventTypes" : { - "shape" : "EventTypes" - }, - "Name" : { - "shape" : "String", - "documentation" : "A name that identifies the event destination configuration." - }, - "SnsDestination" : { - "shape" : "SnsDestination" - } - }, - "documentation" : "An object that defines an event destination." + "CreateConfigurationSetEventDestinationRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "__string", + "location": "uri", + "locationName": "ConfigurationSetName", + "documentation": "ConfigurationSetName" + }, + "EventDestination": { + "shape": "EventDestinationDefinition" + }, + "EventDestinationName": { + "shape": "NonEmptyString", + "documentation": "A name that identifies the event destination." + } + }, + "documentation": "Create a new event destination in a configuration set.", + "required": [ + "ConfigurationSetName" + ] + }, + "CreateConfigurationSetEventDestinationResponse": { + "type": "structure", + "members": {}, + "documentation": "An empty object that indicates that the event destination was created successfully." + }, + "CreateConfigurationSetRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "WordCharactersWithDelimiters", + "documentation": "The name that you want to give the configuration set." + } + }, + "documentation": "A request to create a new configuration set." + }, + "CreateConfigurationSetResponse": { + "type": "structure", + "members": {}, + "documentation": "An empty object that indicates that the configuration set was successfully created." + }, + "DeleteConfigurationSetEventDestinationRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "__string", + "location": "uri", + "locationName": "ConfigurationSetName", + "documentation": "ConfigurationSetName" + }, + "EventDestinationName": { + "shape": "__string", + "location": "uri", + "locationName": "EventDestinationName", + "documentation": "EventDestinationName" + } + }, + "required": [ + "EventDestinationName", + "ConfigurationSetName" + ] + }, + "DeleteConfigurationSetEventDestinationResponse": { + "type": "structure", + "members": {}, + "documentation": "An empty object that indicates that the event destination was deleted successfully." + }, + "DeleteConfigurationSetRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "__string", + "location": "uri", + "locationName": "ConfigurationSetName", + "documentation": "ConfigurationSetName" + } + }, + "required": [ + "ConfigurationSetName" + ] + }, + "DeleteConfigurationSetResponse": { + "type": "structure", + "members": {}, + "documentation": "An empty object that indicates that the configuration set was deleted successfully." + }, + "EventDestination": { + "type": "structure", + "members": { + "CloudWatchLogsDestination": { + "shape": "CloudWatchLogsDestination" + }, + "Enabled": { + "shape": "Boolean", + "documentation": "Indicates whether or not the event destination is enabled. If the event destination is enabled, then Amazon Pinpoint sends response data to the specified event destination." + }, + "KinesisFirehoseDestination": { + "shape": "KinesisFirehoseDestination" + }, + "MatchingEventTypes": { + "shape": "EventTypes" + }, + "Name": { + "shape": "String", + "documentation": "A name that identifies the event destination configuration." + }, + "SnsDestination": { + "shape": "SnsDestination" + } + }, + "documentation": "An object that defines an event destination." + }, + "EventDestinationDefinition": { + "type": "structure", + "members": { + "CloudWatchLogsDestination": { + "shape": "CloudWatchLogsDestination" + }, + "Enabled": { + "shape": "Boolean", + "documentation": "Indicates whether or not the event destination is enabled. If the event destination is enabled, then Amazon Pinpoint sends response data to the specified event destination." + }, + "KinesisFirehoseDestination": { + "shape": "KinesisFirehoseDestination" + }, + "MatchingEventTypes": { + "shape": "EventTypes" + }, + "SnsDestination": { + "shape": "SnsDestination" + } + }, + "documentation": "An object that defines a single event destination.", + "required": [] + }, + "EventDestinations": { + "type": "list", + "documentation": "An array of EventDestination objects. Each EventDestination object includes ARNs and other information that define an event destination.", + "member": { + "shape": "EventDestination" + } }, - "EventDestinationDefinition" : { - "type" : "structure", - "members" : { - "CloudWatchLogsDestination" : { - "shape" : "CloudWatchLogsDestination" - }, - "Enabled" : { - "shape" : "Boolean", - "documentation" : "Indicates whether or not the event destination is enabled. If the event destination is enabled, then Amazon Pinpoint sends response data to the specified event destination." - }, - "KinesisFirehoseDestination" : { - "shape" : "KinesisFirehoseDestination" - }, - "MatchingEventTypes" : { - "shape" : "EventTypes" - }, - "SnsDestination" : { - "shape" : "SnsDestination" - } - }, - "documentation" : "An object that defines a single event destination.", - "required" : [ ] + "EventType": { + "type": "string", + "documentation": "The types of events that are sent to the event destination.", + "enum": [ + "INITIATED_CALL", + "RINGING", + "ANSWERED", + "COMPLETED_CALL", + "BUSY", + "FAILED", + "NO_ANSWER" + ] + }, + "EventTypes": { + "type": "list", + "documentation": "An array of EventDestination objects. Each EventDestination object includes ARNs and other information that define an event destination.", + "member": { + "shape": "EventType" + } }, - "EventDestinations" : { - "type" : "list", - "documentation" : "An array of EventDestination objects. Each EventDestination object includes ARNs and other information that define an event destination.", - "member" : { - "shape" : "EventDestination" + "GetConfigurationSetEventDestinationsRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "__string", + "location": "uri", + "locationName": "ConfigurationSetName", + "documentation": "ConfigurationSetName" + } + }, + "required": [ + "ConfigurationSetName" + ] + }, + "GetConfigurationSetEventDestinationsResponse": { + "type": "structure", + "members": { + "EventDestinations": { + "shape": "EventDestinations" + } + }, + "documentation": "An object that contains information about an event destination." + }, + "InternalServiceErrorException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" + } + }, + "documentation": "The API encountered an unexpected error and couldn't complete the request. You might be able to successfully issue the request again in the future.", + "exception": true, + "error": { + "httpStatusCode": 500 } }, - "EventType" : { - "type" : "string", - "documentation" : "The types of events that are sent to the event destination.", - "enum" : [ "INITIATED_CALL", "RINGING", "ANSWERED", "COMPLETED_CALL", "BUSY", "FAILED", "NO_ANSWER" ] - }, - "EventTypes" : { - "type" : "list", - "documentation" : "An array of EventDestination objects. Each EventDestination object includes ARNs and other information that define an event destination.", - "member" : { - "shape" : "EventType" + "KinesisFirehoseDestination": { + "type": "structure", + "members": { + "DeliveryStreamArn": { + "shape": "String", + "documentation": "The Amazon Resource Name (ARN) of an IAM role that can write data to an Amazon Kinesis Data Firehose stream." + }, + "IamRoleArn": { + "shape": "String", + "documentation": "The Amazon Resource Name (ARN) of the Amazon Kinesis Data Firehose destination that you want to use in the event destination." + } + }, + "documentation": "An object that contains information about an event destination that sends data to Amazon Kinesis Data Firehose.", + "required": [] + }, + "LimitExceededException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" + } + }, + "documentation": "There are too many instances of the specified resource type.", + "exception": true, + "error": { + "httpStatusCode": 412 } }, - "GetConfigurationSetEventDestinationsRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConfigurationSetName", - "documentation" : "ConfigurationSetName" - } - }, - "required" : [ "ConfigurationSetName" ] - }, - "GetConfigurationSetEventDestinationsResponse" : { - "type" : "structure", - "members" : { - "EventDestinations" : { - "shape" : "EventDestinations" - } - }, - "documentation" : "An object that contains information about an event destination." - }, - "InternalServiceErrorException" : { - "type" : "structure", - "members" : { - "Message" : { - "shape" : "String" - } - }, - "documentation" : "The API encountered an unexpected error and couldn't complete the request. You might be able to successfully issue the request again in the future.", - "exception" : true, - "error" : { - "httpStatusCode" : 500 + "ListConfigurationSetsRequest": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "NextToken", + "documentation": "A token returned from a previous call to the API that indicates the position in the list of results." + }, + "PageSize": { + "shape": "__string", + "location": "querystring", + "locationName": "PageSize", + "documentation": "Used to specify the number of items that should be returned in the response." + } } }, - "KinesisFirehoseDestination" : { - "type" : "structure", - "members" : { - "DeliveryStreamArn" : { - "shape" : "String", - "documentation" : "The Amazon Resource Name (ARN) of an IAM role that can write data to an Amazon Kinesis Data Firehose stream." - }, - "IamRoleArn" : { - "shape" : "String", - "documentation" : "The Amazon Resource Name (ARN) of the Amazon Kinesis Data Firehose destination that you want to use in the event destination." - } - }, - "documentation" : "An object that contains information about an event destination that sends data to Amazon Kinesis Data Firehose.", - "required" : [ ] - }, - "LimitExceededException" : { - "type" : "structure", - "documentation" : "There are too many instances of the specified resource type.", - "exception" : true, - "members" : { - "Message" : { - "shape" : "String" + "ListConfigurationSetsResponse": { + "type": "structure", + "members": { + "ConfigurationSets": { + "shape": "ConfigurationSets", + "documentation": "An object that contains a list of configuration sets for your account in the current region." + }, + "NextToken": { + "shape": "NextTokenString", + "documentation": "A token returned from a previous call to ListConfigurationSets to indicate the position in the list of configuration sets." } }, - "error" : { - "httpStatusCode" : 412 - } + "documentation": "An object that contains information about the configuration sets for your account in the current region." + }, + "NextTokenString": { + "type": "string" }, - "NonEmptyString" : { - "type" : "string" + "NonEmptyString": { + "type": "string" }, - "NotFoundException" : { - "type" : "structure", - "documentation" : "The resource you attempted to access doesn't exist.", - "exception" : true, - "members" : { - "Message" : { - "shape" : "String" + "NotFoundException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" } }, - "error" : { - "httpStatusCode" : 404 + "documentation": "The resource you attempted to access doesn't exist.", + "exception": true, + "error": { + "httpStatusCode": 404 } }, - "PlainTextMessageType" : { - "type" : "structure", - "members" : { - "LanguageCode" : { - "shape" : "String", - "documentation" : "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." + "PlainTextMessageType": { + "type": "structure", + "members": { + "LanguageCode": { + "shape": "String", + "documentation": "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." }, - "Text" : { - "shape" : "NonEmptyString", - "documentation" : "The plain (not SSML-formatted) text to deliver to the recipient." + "Text": { + "shape": "NonEmptyString", + "documentation": "The plain (not SSML-formatted) text to deliver to the recipient." }, - "VoiceId" : { - "shape" : "String", - "documentation" : "The name of the voice that you want to use to deliver the message. For a complete list of supported voices, see the Amazon Polly Developer Guide." + "VoiceId": { + "shape": "String", + "documentation": "The name of the voice that you want to use to deliver the message. For a complete list of supported voices, see the Amazon Polly Developer Guide." } }, - "documentation" : "An object that defines a message that contains unformatted text.", - "required" : [ ] + "documentation": "An object that defines a message that contains unformatted text.", + "required": [] }, - "SSMLMessageType" : { - "type" : "structure", - "members" : { - "LanguageCode" : { - "shape" : "String", - "documentation" : "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." + "SSMLMessageType": { + "type": "structure", + "members": { + "LanguageCode": { + "shape": "String", + "documentation": "The language to use when delivering the message. For a complete list of supported languages, see the Amazon Polly Developer Guide." }, - "Text" : { - "shape" : "NonEmptyString", - "documentation" : "The SSML-formatted text to deliver to the recipient." + "Text": { + "shape": "NonEmptyString", + "documentation": "The SSML-formatted text to deliver to the recipient." }, - "VoiceId" : { - "shape" : "String", - "documentation" : "The name of the voice that you want to use to deliver the message. For a complete list of supported voices, see the Amazon Polly Developer Guide." + "VoiceId": { + "shape": "String", + "documentation": "The name of the voice that you want to use to deliver the message. For a complete list of supported voices, see the Amazon Polly Developer Guide." } }, - "documentation" : "An object that defines a message that contains SSML-formatted text.", - "required" : [ ] + "documentation": "An object that defines a message that contains SSML-formatted text.", + "required": [] }, - "SendVoiceMessageRequest" : { - "type" : "structure", - "members" : { - "CallerId" : { - "shape" : "String", - "documentation" : "The phone number that appears on recipients' devices when they receive the message." + "SendVoiceMessageRequest": { + "type": "structure", + "members": { + "CallerId": { + "shape": "String", + "documentation": "The phone number that appears on recipients' devices when they receive the message." }, - "ConfigurationSetName" : { - "shape" : "WordCharactersWithDelimiters", - "documentation" : "The name of the configuration set that you want to use to send the message." + "ConfigurationSetName": { + "shape": "WordCharactersWithDelimiters", + "documentation": "The name of the configuration set that you want to use to send the message." }, - "Content" : { - "shape" : "VoiceMessageContent" + "Content": { + "shape": "VoiceMessageContent" }, - "DestinationPhoneNumber" : { - "shape" : "NonEmptyString", - "documentation" : "The phone number that you want to send the voice message to." + "DestinationPhoneNumber": { + "shape": "NonEmptyString", + "documentation": "The phone number that you want to send the voice message to." }, - "OriginationPhoneNumber" : { - "shape" : "NonEmptyString", - "documentation" : "The phone number that Amazon Pinpoint should use to send the voice message. This isn't necessarily the phone number that appears on recipients' devices when they receive the message, because you can specify a CallerId parameter in the request." + "OriginationPhoneNumber": { + "shape": "NonEmptyString", + "documentation": "The phone number that Amazon Pinpoint should use to send the voice message. This isn't necessarily the phone number that appears on recipients' devices when they receive the message, because you can specify a CallerId parameter in the request." } }, - "documentation" : "SendVoiceMessageRequest" + "documentation": "SendVoiceMessageRequest" }, - "SendVoiceMessageResponse" : { - "type" : "structure", - "members" : { - "MessageId" : { - "shape" : "String", - "documentation" : "A unique identifier for the voice message." + "SendVoiceMessageResponse": { + "type": "structure", + "members": { + "MessageId": { + "shape": "String", + "documentation": "A unique identifier for the voice message." } }, - "documentation" : "An object that that contains the Message ID of a Voice message that was sent successfully." + "documentation": "An object that that contains the Message ID of a Voice message that was sent successfully." }, - "SnsDestination" : { - "type" : "structure", - "members" : { - "TopicArn" : { - "shape" : "String", - "documentation" : "The Amazon Resource Name (ARN) of the Amazon SNS topic that you want to publish events to." + "SnsDestination": { + "type": "structure", + "members": { + "TopicArn": { + "shape": "String", + "documentation": "The Amazon Resource Name (ARN) of the Amazon SNS topic that you want to publish events to." } }, - "documentation" : "An object that contains information about an event destination that sends data to Amazon SNS.", - "required" : [ ] + "documentation": "An object that contains information about an event destination that sends data to Amazon SNS.", + "required": [] }, - "String" : { - "type" : "string" + "String": { + "type": "string" }, - "TooManyRequestsException" : { - "type" : "structure", - "documentation" : "You've issued too many requests to the resource. Wait a few minutes, and then try again.", - "exception" : true, - "members" : { - "Message" : { - "shape" : "String" + "TooManyRequestsException": { + "type": "structure", + "members": { + "Message": { + "shape": "String" } }, - "error" : { - "httpStatusCode" : 429 + "documentation": "You've issued too many requests to the resource. Wait a few minutes, and then try again.", + "exception": true, + "error": { + "httpStatusCode": 429 } }, - "UpdateConfigurationSetEventDestinationRequest" : { - "type" : "structure", - "members" : { - "ConfigurationSetName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "ConfigurationSetName", - "documentation" : "ConfigurationSetName" + "UpdateConfigurationSetEventDestinationRequest": { + "type": "structure", + "members": { + "ConfigurationSetName": { + "shape": "__string", + "location": "uri", + "locationName": "ConfigurationSetName", + "documentation": "ConfigurationSetName" }, - "EventDestination" : { - "shape" : "EventDestinationDefinition" + "EventDestination": { + "shape": "EventDestinationDefinition" }, - "EventDestinationName" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "EventDestinationName", - "documentation" : "EventDestinationName" + "EventDestinationName": { + "shape": "__string", + "location": "uri", + "locationName": "EventDestinationName", + "documentation": "EventDestinationName" } }, - "documentation" : "UpdateConfigurationSetEventDestinationRequest", - "required" : [ "EventDestinationName", "ConfigurationSetName" ] + "documentation": "UpdateConfigurationSetEventDestinationRequest", + "required": [ + "EventDestinationName", + "ConfigurationSetName" + ] }, - "UpdateConfigurationSetEventDestinationResponse" : { - "type" : "structure", - "members" : { }, - "documentation" : "An empty object that indicates that the event destination was updated successfully." + "UpdateConfigurationSetEventDestinationResponse": { + "type": "structure", + "members": {}, + "documentation": "An empty object that indicates that the event destination was updated successfully." }, - "VoiceMessageContent" : { - "type" : "structure", - "members" : { - "CallInstructionsMessage" : { - "shape" : "CallInstructionsMessageType" + "VoiceMessageContent": { + "type": "structure", + "members": { + "CallInstructionsMessage": { + "shape": "CallInstructionsMessageType" }, - "PlainTextMessage" : { - "shape" : "PlainTextMessageType" + "PlainTextMessage": { + "shape": "PlainTextMessageType" }, - "SSMLMessage" : { - "shape" : "SSMLMessageType" + "SSMLMessage": { + "shape": "SSMLMessageType" } }, - "documentation" : "An object that contains a voice message and information about the recipient that you want to send it to." + "documentation": "An object that contains a voice message and information about the recipient that you want to send it to." }, - "WordCharactersWithDelimiters" : { - "type" : "string" + "WordCharactersWithDelimiters": { + "type": "string" }, - "__boolean" : { - "type" : "boolean" + "__boolean": { + "type": "boolean" }, - "__double" : { - "type" : "double" + "__double": { + "type": "double" }, - "__integer" : { - "type" : "integer" + "__integer": { + "type": "integer" }, - "__long" : { - "type" : "long" + "__long": { + "type": "long" }, - "__string" : { - "type" : "string" + "__string": { + "type": "string" }, - "__timestampIso8601" : { - "type" : "timestamp", - "timestampFormat" : "iso8601" + "__timestampIso8601": { + "type": "timestamp", + "timestampFormat": "iso8601" }, - "__timestampUnix" : { - "type" : "timestamp", - "timestampFormat" : "unixTimestamp" + "__timestampUnix": { + "type": "timestamp", + "timestampFormat": "unixTimestamp" } }, - "documentation" : "Pinpoint SMS and Voice Messaging public facing APIs" + "documentation": "Pinpoint SMS and Voice Messaging public facing APIs" } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/service-2.json 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pinpoint-sms-voice-v2/2022-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -46,12 +46,29 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], "documentation":"

    Associate a protect configuration with a configuration set. This replaces the configuration sets current protect configuration. A configuration set can only be associated with one protect configuration at a time. A protect configuration can be associated with multiple configuration sets.

    " }, + "CarrierLookup":{ + "name":"CarrierLookup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CarrierLookupRequest"}, + "output":{"shape":"CarrierLookupResult"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns information about a destination phone number, including whether the number type and whether it is valid, the carrier, and more.

    " + }, "CreateConfigurationSet":{ "name":"CreateConfigurationSet", "http":{ @@ -87,7 +104,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates a new event destination in a configuration set.

    An event destination is a location where you send message events. The event options are Amazon CloudWatch, Amazon Data Firehose, or Amazon SNS. For example, when a message is delivered successfully, you can send information about that event to an event destination, or send notifications to endpoints that are subscribed to an Amazon SNS topic.

    Each configuration set can contain between 0 and 5 event destinations. Each event destination can contain a reference to a single destination, such as a CloudWatch or Firehose destination.

    " + "documentation":"

    Creates a new event destination in a configuration set.

    An event destination is a location where you send message events. The event options are Amazon CloudWatch, Amazon Data Firehose, or Amazon SNS. For example, when a message is delivered successfully, you can send information about that event to an event destination, or send notifications to endpoints that are subscribed to an Amazon SNS topic.

    You can only create one event destination at a time. You must provide a value for a single event destination using either CloudWatchLogsDestination, KinesisFirehoseDestination or SnsDestination. If an event destination isn't provided then an exception is returned.

    Each configuration set can contain between 0 and 5 event destinations. Each event destination can contain a reference to a single destination, such as a CloudWatch or Firehose destination.

    " }, "CreateOptOutList":{ "name":"CreateOptOutList", @@ -105,7 +122,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates a new opt-out list.

    If the opt-out list name already exists, an error is returned.

    An opt-out list is a list of phone numbers that are opted out, meaning you can't send SMS or voice messages to them. If end user replies with the keyword \"STOP,\" an entry for the phone number is added to the opt-out list. In addition to STOP, your recipients can use any supported opt-out keyword, such as CANCEL or OPTOUT. For a list of supported opt-out keywords, see SMS opt out in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Creates a new opt-out list.

    If the opt-out list name already exists, an error is returned.

    An opt-out list is a list of phone numbers that are opted out, meaning you can't send SMS or voice messages to them. If end user replies with the keyword \"STOP,\" an entry for the phone number is added to the opt-out list. In addition to STOP, your recipients can use any supported opt-out keyword, such as CANCEL or OPTOUT. For a list of supported opt-out keywords, see SMS opt out in the End User MessagingSMS User Guide.

    " }, "CreatePool":{ "name":"CreatePool", @@ -139,6 +156,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Create a new protect configuration. By default all country rule sets for each capability are set to ALLOW. Update the country rule sets using UpdateProtectConfigurationCountryRuleSet. A protect configurations name is stored as a Tag with the key set to Name and value as the name of the protect configuration.

    " @@ -336,7 +354,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes an existing keyword from an origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, AWS End User Messaging SMS and Voice responds with a customizable message.

    Keywords \"HELP\" and \"STOP\" can't be deleted or modified.

    " + "documentation":"

    Deletes an existing keyword from an origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, End User MessagingSMS responds with a customizable message.

    Keywords \"HELP\" and \"STOP\" can't be deleted or modified.

    " }, "DeleteMediaMessageSpendLimitOverride":{ "name":"DeleteMediaMessageSpendLimitOverride", @@ -420,8 +438,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], "documentation":"

    Permanently delete the protect configuration. The protect configuration must have deletion protection disabled and must not be associated as the account default protect configuration or associated with a configuration set.

    " @@ -512,7 +530,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes the resource-based policy document attached to the AWS End User Messaging SMS and Voice resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number.

    " + "documentation":"

    Deletes the resource-based policy document attached to the End User MessagingSMS resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number.

    " }, "DeleteTextMessageSpendLimitOverride":{ "name":"DeleteTextMessageSpendLimitOverride", @@ -528,7 +546,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes an account-level monthly spending limit override for sending text messages. Deleting a spend limit override will set the EnforcedLimit to equal the MaxLimit, which is controlled by Amazon Web Services. For more information on spend limits (quotas) see Quotas in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Deletes an account-level monthly spending limit override for sending text messages. Deleting a spend limit override will set the EnforcedLimit to equal the MaxLimit, which is controlled by Amazon Web Services. For more information on spend limits (quotas) see Quotas in the End User MessagingSMS User Guide.

    " }, "DeleteVerifiedDestinationNumber":{ "name":"DeleteVerifiedDestinationNumber", @@ -562,7 +580,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes an account level monthly spend limit override for sending voice messages. Deleting a spend limit override sets the EnforcedLimit equal to the MaxLimit, which is controlled by Amazon Web Services. For more information on spending limits (quotas) see Quotas in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Deletes an account level monthly spend limit override for sending voice messages. Deleting a spend limit override sets the EnforcedLimit equal to the MaxLimit, which is controlled by Amazon Web Services. For more information on spending limits (quotas) see Quotas in the End User MessagingSMS User Guide.

    " }, "DescribeAccountAttributes":{ "name":"DescribeAccountAttributes", @@ -594,7 +612,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes the current AWS End User Messaging SMS and Voice SMS Voice V2 resource quotas for your account. The description for a quota includes the quota name, current usage toward that quota, and the quota's maximum value.

    When you establish an Amazon Web Services account, the account has initial quotas on the maximum number of configuration sets, opt-out lists, phone numbers, and pools that you can create in a given Region. For more information see Quotas in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Describes the current End User MessagingSMS SMS Voice V2 resource quotas for your account. The description for a quota includes the quota name, current usage toward that quota, and the quota's maximum value.

    When you establish an Amazon Web Services account, the account has initial quotas on the maximum number of configuration sets, opt-out lists, phone numbers, and pools that you can create in a given Region. For more information see Quotas in the End User MessagingSMS User Guide.

    " }, "DescribeConfigurationSets":{ "name":"DescribeConfigurationSets", @@ -628,7 +646,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes the specified keywords or all keywords on your origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, AWS End User Messaging SMS and Voice responds with a customizable message.

    If you specify a keyword that isn't valid, an error is returned.

    " + "documentation":"

    Describes the specified keywords or all keywords on your origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, End User MessagingSMS responds with a customizable message.

    If you specify a keyword that isn't valid, an error is returned.

    " }, "DescribeOptOutLists":{ "name":"DescribeOptOutLists", @@ -862,7 +880,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes the current monthly spend limits for sending voice and text messages.

    When you establish an Amazon Web Services account, the account has initial monthly spend limit in a given Region. For more information on increasing your monthly spend limit, see Requesting increases to your monthly SMS, MMS, or Voice spending quota in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Describes the current monthly spend limits for sending voice and text messages.

    When you establish an Amazon Web Services account, the account has initial monthly spend limit in a given Region. For more information on increasing your monthly spend limit, see Requesting increases to your monthly SMS, MMS, or Voice spending quota in the End User MessagingSMS User Guide.

    " }, "DescribeVerifiedDestinationNumbers":{ "name":"DescribeVerifiedDestinationNumbers", @@ -911,8 +929,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], "documentation":"

    Disassociate a protect configuration from a configuration set.

    " @@ -967,7 +985,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves the JSON text of the resource-based policy document attached to the AWS End User Messaging SMS and Voice resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number.

    " + "documentation":"

    Retrieves the JSON text of the resource-based policy document attached to the End User MessagingSMS resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number.

    " }, "ListPoolOriginationIdentities":{ "name":"ListPoolOriginationIdentities", @@ -1054,7 +1072,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates or updates a keyword configuration on an origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, AWS End User Messaging SMS and Voice responds with a customizable message.

    If you specify a keyword that isn't valid, an error is returned.

    " + "documentation":"

    Creates or updates a keyword configuration on an origination phone number or pool.

    A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, End User MessagingSMS responds with a customizable message.

    If you specify a keyword that isn't valid, an error is returned.

    " }, "PutMessageFeedback":{ "name":"PutMessageFeedback", @@ -1106,7 +1124,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Create or update a RuleSetNumberOverride and associate it with a protect configuration.

    " + "documentation":"

    Create or update a phone number rule override and associate it with a protect configuration.

    " }, "PutRegistrationFieldValue":{ "name":"PutRegistrationFieldValue", @@ -1141,7 +1159,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Attaches a resource-based policy to a AWS End User Messaging SMS and Voice resource(phone number, sender Id, phone poll, or opt-out list) that is used for sharing the resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number. For more information about resource-based policies, see Working with shared resources in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Attaches a resource-based policy to a End User MessagingSMS resource(phone number, sender Id, phone poll, or opt-out list) that is used for sharing the resource. A shared resource can be a Pool, Opt-out list, Sender Id, or Phone number. For more information about resource-based policies, see Working with shared resources in the End User MessagingSMS User Guide.

    " }, "ReleasePhoneNumber":{ "name":"ReleasePhoneNumber", @@ -1196,7 +1214,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Request an origination phone number for use in your account. For more information on phone number request see Request a phone number in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Request an origination phone number for use in your account. For more information on phone number request see Request a phone number in the End User MessagingSMS User Guide.

    " }, "RequestSenderId":{ "name":"RequestSenderId", @@ -1271,7 +1289,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates a new text message and sends it to a recipient's phone number. SendTextMessage only sends an SMS message to one recipient each time it is invoked.

    SMS throughput limits are measured in Message Parts per Second (MPS). Your MPS limit depends on the destination country of your messages, as well as the type of phone number (origination number) that you use to send the message. For more information about MPS, see Message Parts per Second (MPS) limits in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Creates a new text message and sends it to a recipient's phone number. SendTextMessage only sends an SMS message to one recipient each time it is invoked.

    SMS throughput limits are measured in Message Parts per Second (MPS). Your MPS limit depends on the destination country of your messages, as well as the type of phone number (origination number) that you use to send the message. For more information about MPS, see Message Parts per Second (MPS) limits in the End User MessagingSMS User Guide.

    " }, "SendVoiceMessage":{ "name":"SendVoiceMessage", @@ -1442,7 +1460,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Adds or overwrites only the specified tags for the specified resource. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and an optional value. Tag keys must be unique per resource. For more information about tags, see Tags in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Adds or overwrites only the specified tags for the specified resource. When you specify an existing tag key, the value is overwritten with the new value. Each tag consists of a key and an optional value. Tag keys must be unique per resource. For more information about tags, see Tags in the End User MessagingSMS User Guide.

    " }, "UntagResource":{ "name":"UntagResource", @@ -1459,7 +1477,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Removes the association of the specified tags from a resource. For more information on tags see Tags in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Removes the association of the specified tags from a resource. For more information on tags see Tags in the End User MessagingSMS User Guide.

    " }, "UpdateEventDestination":{ "name":"UpdateEventDestination", @@ -1547,7 +1565,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a country rule set to ALLOW or BLOCK messages to be sent to the specified destination counties. You can update one or multiple countries at a time. The updates are only applied to the specified NumberCapability type.

    " + "documentation":"

    Update a country rule set to ALLOW, BLOCK, MONITOR, or FILTER messages to be sent to the specified destination counties. You can update one or multiple countries at a time. The updates are only applied to the specified NumberCapability type.

    " }, "UpdateSenderId":{ "name":"UpdateSenderId", @@ -1690,11 +1708,11 @@ "members":{ "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The pool to update with the new Identity. This value can be either the PoolId or PoolArn, and you can find these values using DescribePools.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The pool to update with the new Identity. This value can be either the PoolId or PoolArn, and you can find these values using DescribePools.

    If you are using a shared End User MessagingSMS; resource then you must use the full Amazon Resource Name(ARN).

    " }, "OriginationIdentity":{ "shape":"PhoneOrSenderIdOrArn", - "documentation":"

    The origination identity to use, such as PhoneNumberId, PhoneNumberArn, SenderId, or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn, while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use, such as PhoneNumberId, PhoneNumberArn, SenderId, or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn, while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "IsoCountryCode":{ "shape":"IsoCountryCode", @@ -1804,6 +1822,63 @@ "type":"boolean", "box":true }, + "CarrierLookupInputPhoneNumberType":{ + "type":"string", + "max":40, + "min":1, + "pattern":"\\+[({\\s\\[]?[1-9][0-9(){}\\s\\[\\],.-]{1,38}" + }, + "CarrierLookupRequest":{ + "type":"structure", + "required":["PhoneNumber"], + "members":{ + "PhoneNumber":{ + "shape":"CarrierLookupInputPhoneNumberType", + "documentation":"

    The phone number that you want to retrieve information about. You can provide the phone number in various formats including special characters such as parentheses, brackets, spaces, hyphens, periods, and commas. The service automatically converts the input to E164 format for processing.

    " + } + } + }, + "CarrierLookupResult":{ + "type":"structure", + "required":[ + "E164PhoneNumber", + "PhoneNumberType" + ], + "members":{ + "E164PhoneNumber":{ + "shape":"E164PhoneNumberType", + "documentation":"

    The phone number in E164 format, sanitized from the original input by removing any formatting characters.

    " + }, + "DialingCountryCode":{ + "shape":"DialingCountryCodeType", + "documentation":"

    The numeric dialing code for the country or region where the phone number was originally registered.

    " + }, + "IsoCountryCode":{ + "shape":"IsoCountryCode", + "documentation":"

    The two-character code, in ISO 3166-1 alpha-2 format, for the country or region where the phone number was originally registered.

    " + }, + "Country":{ + "shape":"String", + "documentation":"

    The name of the country where the phone number was originally registered.

    " + }, + "MCC":{ + "shape":"MCCType", + "documentation":"

    The phone number's mobile country code, for mobile phone number types

    " + }, + "MNC":{ + "shape":"MNCType", + "documentation":"

    The phone number's mobile network code, for mobile phone number types.

    " + }, + "Carrier":{ + "shape":"String", + "documentation":"

    The carrier or service provider that the phone number is currently registered with. In some countries and regions, this value may be the carrier or service provider that the phone number was originally registered with.

    " + }, + "PhoneNumberType":{ + "shape":"PhoneNumberType", + "documentation":"

    Describes the type of phone number. Valid values are: MOBILE, LANDLINE, OTHER, and INVALID. Avoid sending SMS or voice messages to INVALID phone numbers, as these numbers are unlikely to belong to actual recipients.

    " + } + } + }, "ClientToken":{ "type":"string", "max":64, @@ -2067,7 +2142,7 @@ }, "MatchingEventTypes":{ "shape":"EventTypeList", - "documentation":"

    An array of event types that determine which events to log. If \"ALL\" is used, then AWS End User Messaging SMS and Voice logs every event type.

    The TEXT_SENT event type is not supported.

    " + "documentation":"

    An array of event types that determine which events to log. If \"ALL\" is used, then End User MessagingSMS logs every event type.

    The TEXT_SENT event type is not supported.

    " }, "CloudWatchLogsDestination":{ "shape":"CloudWatchLogsDestination", @@ -2155,7 +2230,7 @@ "members":{ "OriginationIdentity":{ "shape":"PhoneOrSenderIdOrArn", - "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    After the pool is created you can add more origination identities to the pool by using AssociateOriginationIdentity.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn, and use DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    After the pool is created you can add more origination identities to the pool by using AssociateOriginationIdentity.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "IsoCountryCode":{ "shape":"IsoCountryCode", @@ -2167,7 +2242,7 @@ }, "DeletionProtectionEnabled":{ "shape":"Boolean", - "documentation":"

    By default this is set to false. When set to true the pool can't be deleted. You can change this value using the UpdatePool action.

    " + "documentation":"

    By default this is set to false. When set to true the pool can't be deleted. You can change this value using the UpdatePool action.

    " }, "Tags":{ "shape":"TagList", @@ -2213,7 +2288,7 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false, and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListName", @@ -2569,8 +2644,7 @@ }, "DeleteAccountDefaultProtectConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAccountDefaultProtectConfigurationResult":{ "type":"structure", @@ -2729,7 +2803,7 @@ "members":{ "OriginationIdentity":{ "shape":"PhoneOrPoolIdOrArn", - "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, PoolId or PoolArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn and DescribePools to find the values of PoolId and PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, PoolId or PoolArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn and DescribePools to find the values of PoolId and PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Keyword":{ "shape":"Keyword", @@ -2764,8 +2838,7 @@ }, "DeleteMediaMessageSpendLimitOverrideRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMediaMessageSpendLimitOverrideResult":{ "type":"structure", @@ -2782,7 +2855,7 @@ "members":{ "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutListName or OptOutListArn of the OptOutList to delete. You can use DescribeOptOutLists to find the values for OptOutListName and OptOutListArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutListName or OptOutListArn of the OptOutList to delete. You can use DescribeOptOutLists to find the values for OptOutListName and OptOutListArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " } } }, @@ -2812,7 +2885,7 @@ "members":{ "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutListName or OptOutListArn to remove the phone number from.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutListName or OptOutListArn to remove the phone number from.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "OptedOutNumber":{ "shape":"PhoneNumber", @@ -2851,7 +2924,7 @@ "members":{ "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The PoolId or PoolArn of the pool to delete. You can use DescribePools to find the values for PoolId and PoolArn .

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The PoolId or PoolArn of the pool to delete. You can use DescribePools to find the values for PoolId and PoolArn .

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " } } }, @@ -2888,7 +2961,7 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListName", @@ -3165,7 +3238,7 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource you're deleting the resource-based policy from.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource you're deleting the resource-based policy from.

    " } } }, @@ -3174,7 +3247,7 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource that the resource-based policy was deleted from.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource that the resource-based policy was deleted from.

    " }, "Policy":{ "shape":"ResourcePolicy", @@ -3188,8 +3261,7 @@ }, "DeleteTextMessageSpendLimitOverrideRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTextMessageSpendLimitOverrideResult":{ "type":"structure", @@ -3239,8 +3311,7 @@ }, "DeleteVoiceMessageSpendLimitOverrideRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVoiceMessageSpendLimitOverrideResult":{ "type":"structure", @@ -3349,7 +3420,7 @@ "members":{ "OriginationIdentity":{ "shape":"PhoneOrPoolIdOrArn", - "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers to find the values for PhoneNumberId and PhoneNumberArn while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Keywords":{ "shape":"KeywordList", @@ -3395,7 +3466,7 @@ "members":{ "OptOutListNames":{ "shape":"OptOutListNameList", - "documentation":"

    The OptOutLists to show the details of. This is an array of strings that can be either the OptOutListName or OptOutListArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutLists to show the details of. This is an array of strings that can be either the OptOutListName or OptOutListArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "NextToken":{ "shape":"NextToken", @@ -3430,7 +3501,7 @@ "members":{ "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutListName or OptOutListArn of the OptOutList. You can use DescribeOptOutLists to find the values for OptOutListName and OptOutListArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutListName or OptOutListArn of the OptOutList. You can use DescribeOptOutLists to find the values for OptOutListName and OptOutListArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "OptedOutNumbers":{ "shape":"OptedOutNumberList", @@ -3476,7 +3547,7 @@ "members":{ "PhoneNumberIds":{ "shape":"PhoneNumberIdList", - "documentation":"

    The unique identifier of phone numbers to find information about. This is an array of strings that can be either the PhoneNumberId or PhoneNumberArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier of phone numbers to find information about. This is an array of strings that can be either the PhoneNumberId or PhoneNumberArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Filters":{ "shape":"PhoneNumberFilterList", @@ -3514,7 +3585,7 @@ "members":{ "PoolIds":{ "shape":"PoolIdList", - "documentation":"

    The unique identifier of pools to find. This is an array of strings that can be either the PoolId or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier of pools to find. This is an array of strings that can be either the PoolId or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Filters":{ "shape":"PoolFilterList", @@ -3894,7 +3965,7 @@ "members":{ "SenderIds":{ "shape":"SenderIdList", - "documentation":"

    An array of SenderIdAndCountry objects to search for.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    An array of SenderIdAndCountry objects to search for.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Filters":{ "shape":"SenderIdFilterList", @@ -4018,6 +4089,12 @@ "max":5, "min":0 }, + "DialingCountryCodeType":{ + "type":"string", + "max":3, + "min":1, + "pattern":"[\\d]+" + }, "DisassociateOriginationIdentityRequest":{ "type":"structure", "required":[ @@ -4028,11 +4105,11 @@ "members":{ "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The unique identifier for the pool to disassociate with the origination identity. This value can be either the PoolId or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier for the pool to disassociate with the origination identity. This value can be either the PoolId or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "OriginationIdentity":{ "shape":"PhoneOrSenderIdOrArn", - "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers find the values for PhoneNumberId and PhoneNumberArn, or use DescribeSenderIds to get the values for SenderId and SenderIdArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers find the values for PhoneNumberId and PhoneNumberArn, or use DescribeSenderIds to get the values for SenderId and SenderIdArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "IsoCountryCode":{ "shape":"IsoCountryCode", @@ -4156,6 +4233,12 @@ } } }, + "E164PhoneNumberType":{ + "type":"string", + "max":20, + "min":1, + "pattern":"\\+[1-9][0-9]{1,18}" + }, "EventDestination":{ "type":"structure", "required":[ @@ -4335,7 +4418,7 @@ }, "CountryRuleSet":{ "shape":"ProtectConfigurationCountryRuleSet", - "documentation":"

    A map of ProtectConfigurationCountryRuleSetInformation objects that contain the details for the requested NumberCapability. The Key is the two-letter ISO country code. For a list of supported ISO country codes, see Supported countries and regions (SMS channel) in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    A map of ProtectConfigurationCountryRuleSetInformation objects that contain the details for the requested NumberCapability. The Key is the two-letter ISO country code. For a list of supported ISO country codes, see Supported countries and regions (SMS channel) in the End User MessagingSMS User Guide.

    " } } }, @@ -4345,7 +4428,7 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource attached to the resource-based policy.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource attached to the resource-based policy.

    " } } }, @@ -4354,11 +4437,11 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource attached to the resource-based policy.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource attached to the resource-based policy.

    " }, "Policy":{ "shape":"ResourcePolicy", - "documentation":"

    The JSON formatted string that contains the resource-based policy attached to the AWS End User Messaging SMS and Voice resource.

    " + "documentation":"

    The JSON formatted string that contains the resource-based policy attached to the End User MessagingSMS resource.

    " }, "CreatedTimestamp":{ "shape":"Timestamp", @@ -4519,7 +4602,7 @@ "members":{ "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The unique identifier for the pool. This value can be either the PoolId or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier for the pool. This value can be either the PoolId or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Filters":{ "shape":"PoolOriginationIdentitiesFilterList", @@ -4691,6 +4774,18 @@ "min":20, "pattern":"arn:\\S+" }, + "MCCType":{ + "type":"string", + "max":3, + "min":3, + "pattern":"[\\d]+" + }, + "MNCType":{ + "type":"string", + "max":3, + "min":2, + "pattern":"[\\d]+" + }, "MaxPrice":{ "type":"string", "max":8, @@ -5073,12 +5168,16 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    When set to false an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out request. For more information see Self-managed opt-outs

    " + "documentation":"

    When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out request. For more information see Self-managed opt-outs

    " }, "OptOutListName":{ "shape":"OptOutListName", "documentation":"

    The name of the OptOutList associated with the phone number.

    " }, + "InternationalSendingEnabled":{ + "shape":"PrimitiveBoolean", + "documentation":"

    When set to true the international sending of phone number is Enabled.

    " + }, "DeletionProtectionEnabled":{ "shape":"PrimitiveBoolean", "documentation":"

    When set to true the phone number can't be deleted.

    " @@ -5102,6 +5201,15 @@ "type":"list", "member":{"shape":"PhoneNumberInformation"} }, + "PhoneNumberType":{ + "type":"string", + "enum":[ + "MOBILE", + "LANDLINE", + "OTHER", + "INVALID" + ] + }, "PhoneOrPoolIdOrArn":{ "type":"string", "max":256, @@ -5208,7 +5316,7 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    When set to false, an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests. For more information see Self-managed opt-outs

    " + "documentation":"

    When set to false, an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests. For more information see Self-managed opt-outs

    " }, "OptOutListName":{ "shape":"OptOutListName", @@ -5422,7 +5530,7 @@ "documentation":"

    The time the rule will expire at. If ExpirationTimestamp is not set then the rule will not expire.

    " } }, - "documentation":"

    Provides details on a RuleSetNumberOverride.

    " + "documentation":"

    Provides details on phone number rule overrides for a protect configuration.

    " }, "ProtectConfigurationRuleSetNumberOverrideFilterItem":{ "type":"structure", @@ -5464,7 +5572,9 @@ "type":"string", "enum":[ "ALLOW", - "BLOCK" + "BLOCK", + "MONITOR", + "FILTER" ] }, "PutKeywordRequest":{ @@ -5477,7 +5587,7 @@ "members":{ "OriginationIdentity":{ "shape":"PhoneOrPoolIdOrArn", - "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers get the values for PhoneNumberId and PhoneNumberArn while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use such as a PhoneNumberId, PhoneNumberArn, SenderId or SenderIdArn. You can use DescribePhoneNumbers get the values for PhoneNumberId and PhoneNumberArn while DescribeSenderIds can be used to get the values for SenderId and SenderIdArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "Keyword":{ "shape":"Keyword", @@ -5561,7 +5671,7 @@ "members":{ "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutListName or OptOutListArn to add the phone number to.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutListName or OptOutListArn to add the phone number to.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "OptedOutNumber":{ "shape":"PhoneNumber", @@ -5742,7 +5852,7 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource to attach the resource-based policy to.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource to attach the resource-based policy to.

    " }, "Policy":{ "shape":"ResourcePolicy", @@ -5755,7 +5865,7 @@ "members":{ "ResourceArn":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS End User Messaging SMS and Voice resource attached to the resource-based policy.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the End User MessagingSMS resource attached to the resource-based policy.

    " }, "Policy":{ "shape":"ResourcePolicy", @@ -6470,7 +6580,7 @@ "members":{ "PhoneNumberId":{ "shape":"PhoneNumberIdOrArn", - "documentation":"

    The PhoneNumberId or PhoneNumberArn of the phone number to release. You can use DescribePhoneNumbers to get the values for PhoneNumberId and PhoneNumberArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The PhoneNumberId or PhoneNumberArn of the phone number to release. You can use DescribePhoneNumbers to get the values for PhoneNumberId and PhoneNumberArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " } } }, @@ -6527,7 +6637,7 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListName", @@ -6616,7 +6726,7 @@ }, "MessageType":{ "shape":"MessageType", - "documentation":"

    The type of message. Valid values are TRANSACTIONAL for messages that are critical or time-sensitive and PROMOTIONAL for messages that aren't critical or time-sensitive.

    " + "documentation":"

    The type of message. Valid values are TRANSACTIONAL for messages that are critical or time-sensitive and PROMOTIONAL for messages that aren't critical or time-sensitive.

    " }, "NumberCapabilities":{ "shape":"NumberCapabilityList", @@ -6624,27 +6734,31 @@ }, "NumberType":{ "shape":"RequestableNumberType", - "documentation":"

    The type of phone number to request.

    " + "documentation":"

    The type of phone number to request.

    When you request a SIMULATOR phone number, you must set MessageType as TRANSACTIONAL.

    " }, "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The name of the OptOutList to associate with the phone number. You can use the OptOutListName or OptOutListArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The name of the OptOutList to associate with the phone number. You can use the OptOutListName or OptOutListArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The pool to associated with the phone number. You can use the PoolId or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The pool to associated with the phone number. You can use the PoolId or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "RegistrationId":{ "shape":"RegistrationIdOrArn", "documentation":"

    Use this field to attach your phone number for an external registration process.

    " }, + "InternationalSendingEnabled":{ + "shape":"Boolean", + "documentation":"

    By default this is set to false. When set to true the international sending of phone number is Enabled.

    " + }, "DeletionProtectionEnabled":{ "shape":"Boolean", "documentation":"

    By default this is set to false. When set to true the phone number can't be deleted.

    " }, "Tags":{ "shape":"TagList", - "documentation":"

    An array of tags (key and value pairs) associate with the requested phone number.

    " + "documentation":"

    An array of tags (key and value pairs) to associate with the requested phone number.

    " }, "ClientToken":{ "shape":"ClientToken", @@ -6706,12 +6820,16 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListName", "documentation":"

    The name of the OptOutList that is associated with the requested phone number.

    " }, + "InternationalSendingEnabled":{ + "shape":"PrimitiveBoolean", + "documentation":"

    By default this is set to false. When set to true the international sending of phone number is Enabled.

    " + }, "DeletionProtectionEnabled":{ "shape":"PrimitiveBoolean", "documentation":"

    By default this is set to false. When set to true the phone number can't be deleted.

    " @@ -6866,6 +6984,7 @@ "registration-attachment", "verified-destination-number", "protect-configuration", + "message-template", "policy", "message" ] @@ -6960,7 +7079,7 @@ }, "OriginationIdentity":{ "shape":"VerificationMessageOriginationIdentity", - "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "ConfigurationSetName":{ "shape":"ConfigurationSetNameOrArn", @@ -6999,7 +7118,7 @@ }, "OriginationIdentity":{ "shape":"MediaMessageOriginationIdentity", - "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "MessageBody":{ "shape":"TextMessageBody", @@ -7007,7 +7126,7 @@ }, "MediaUrls":{ "shape":"MediaUrlList", - "documentation":"

    An array of URLs to each media file to send.

    The media files have to be stored in a publicly available S3 bucket. Supported media file formats are listed in MMS file types, size and character limits. For more information on creating an S3 bucket and managing objects, see Creating a bucket and Uploading objects in the S3 user guide.

    " + "documentation":"

    An array of URLs to each media file to send.

    The media files have to be stored in an S3 bucket. Supported media file formats are listed in MMS file types, size and character limits. For more information on creating an S3 bucket and managing objects, see Creating a bucket, Uploading objects in the Amazon S3 User Guide, and Setting up an Amazon S3 bucket for MMS files in the Amazon Web Services End User Messaging SMS User Guide.

    " }, "ConfigurationSetName":{ "shape":"ConfigurationSetNameOrArn", @@ -7058,7 +7177,7 @@ }, "OriginationIdentity":{ "shape":"TextMessageOriginationIdentity", - "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity of the message. This can be either the PhoneNumber, PhoneNumberId, PhoneNumberArn, SenderId, SenderIdArn, PoolId, or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "MessageBody":{ "shape":"TextMessageBody", @@ -7094,7 +7213,7 @@ }, "DryRun":{ "shape":"PrimitiveBoolean", - "documentation":"

    When set to true, the message is checked and validated, but isn't sent to the end recipient. You are not charged for using DryRun.

    The Message Parts per Second (MPS) limit when using DryRun is five. If your origination identity has a lower MPS limit then the lower MPS limit is used. For more information about MPS limits, see Message Parts per Second (MPS) limits in the AWS End User Messaging SMS User Guide..

    " + "documentation":"

    When set to true, the message is checked and validated, but isn't sent to the end recipient. You are not charged for using DryRun.

    The Message Parts per Second (MPS) limit when using DryRun is five. If your origination identity has a lower MPS limit then the lower MPS limit is used. For more information about MPS limits, see Message Parts per Second (MPS) limits in the End User MessagingSMS User Guide..

    " }, "ProtectConfigurationId":{ "shape":"ProtectConfigurationIdOrArn", @@ -7128,7 +7247,7 @@ }, "OriginationIdentity":{ "shape":"VoiceMessageOriginationIdentity", - "documentation":"

    The origination identity to use for the voice call. This can be the PhoneNumber, PhoneNumberId, PhoneNumberArn, PoolId, or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The origination identity to use for the voice call. This can be the PhoneNumber, PhoneNumberId, PhoneNumberArn, PoolId, or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "MessageBody":{ "shape":"VoiceMessageBody", @@ -7203,7 +7322,7 @@ "documentation":"

    The two-character code, in ISO 3166-1 alpha-2 format, for the country or region.

    " } }, - "documentation":"

    The alphanumeric sender ID in a specific country that you want to describe. For more information on sender IDs see Requesting sender IDs in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    The alphanumeric sender ID in a specific country that you want to describe. For more information on sender IDs see Requesting sender IDs in the End User MessagingSMS User Guide.

    " }, "SenderIdFilter":{ "type":"structure", @@ -7571,7 +7690,7 @@ "documentation":"

    When set to True, the value that has been specified in the EnforcedLimit is used to determine the maximum amount in US dollars that can be spent to send messages each month, in US dollars.

    " } }, - "documentation":"

    Describes the current monthly spend limits for sending voice and text messages. For more information on increasing your monthly spend limit, see Requesting a spending quota increase in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    Describes the current monthly spend limits for sending voice and text messages. For more information on increasing your monthly spend limit, see Requesting a spending quota increase in the End User MessagingSMS User Guide.

    " }, "SpendLimitList":{ "type":"list", @@ -7655,7 +7774,7 @@ }, "AssociationBehavior":{ "shape":"RegistrationAssociationBehavior", - "documentation":"

    The association behavior.

    • ASSOCIATE_BEFORE_SUBMIT The origination identity has to be supplied when creating a registration.

    • ASSOCIATE_ON_APPROVAL This applies to all short code registrations. The short code will be automatically provisioned once the registration is approved.

    • ASSOCIATE_AFTER_COMPLETE This applies to phone number registrations when you must complete a registration first, then associate one or more phone numbers later. For example 10DLC campaigns and long codes.

    " + "documentation":"

    The association behavior.

    • ASSOCIATE_BEFORE_SUBMIT The origination identity has to be supplied when creating a registration.

    • ASSOCIATE_ON_APPROVAL This applies to all sender ID registrations. The sender ID will be automatically provisioned once the registration is approved.

    • ASSOCIATE_AFTER_COMPLETE This applies to phone number registrations when you must complete a registration first, then associate one or more phone numbers later. For example 10DLC campaigns and long codes.

    " }, "DisassociationBehavior":{ "shape":"RegistrationDisassociationBehavior", @@ -7723,8 +7842,7 @@ }, "TagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7813,8 +7931,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEventDestinationRequest":{ "type":"structure", @@ -7876,7 +7993,7 @@ "members":{ "PhoneNumberId":{ "shape":"PhoneNumberIdOrArn", - "documentation":"

    The unique identifier of the phone number. Valid values for this field can be either the PhoneNumberId or PhoneNumberArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier of the phone number. Valid values for this field can be either the PhoneNumberId or PhoneNumberArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "TwoWayEnabled":{ "shape":"Boolean", @@ -7892,11 +8009,15 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"Boolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutList to add the phone number to. Valid values for this field can be either the OutOutListName or OutOutListArn.

    " + "documentation":"

    The OptOutList to add the phone number to. You can use either the opt out list name or the opt out list ARN.

    " + }, + "InternationalSendingEnabled":{ + "shape":"Boolean", + "documentation":"

    By default this is set to false. When set to true the international sending of phone number is Enabled.

    " }, "DeletionProtectionEnabled":{ "shape":"Boolean", @@ -7963,6 +8084,10 @@ "shape":"OptOutListName", "documentation":"

    The name of the OptOutList associated with the phone number.

    " }, + "InternationalSendingEnabled":{ + "shape":"PrimitiveBoolean", + "documentation":"

    When set to true the international sending of phone number is Enabled.

    " + }, "DeletionProtectionEnabled":{ "shape":"PrimitiveBoolean", "documentation":"

    When set to true the phone number can't be deleted.

    " @@ -7983,7 +8108,7 @@ "members":{ "PoolId":{ "shape":"PoolIdOrArn", - "documentation":"

    The unique identifier of the pool to update. Valid values are either the PoolId or PoolArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The unique identifier of the pool to update. Valid values are either the PoolId or PoolArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "TwoWayEnabled":{ "shape":"Boolean", @@ -7999,11 +8124,11 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"Boolean", - "documentation":"

    By default this is set to false. When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    By default this is set to false. When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListNameOrArn", - "documentation":"

    The OptOutList to associate with the pool. Valid values are either OptOutListName or OptOutListArn.

    If you are using a shared AWS End User Messaging SMS and Voice resource then you must use the full Amazon Resource Name(ARN).

    " + "documentation":"

    The OptOutList to associate with the pool. Valid values are either OptOutListName or OptOutListArn.

    If you are using a shared End User MessagingSMS resource then you must use the full Amazon Resource Name(ARN).

    " }, "SharedRoutesEnabled":{ "shape":"Boolean", @@ -8048,7 +8173,7 @@ }, "SelfManagedOptOutsEnabled":{ "shape":"PrimitiveBoolean", - "documentation":"

    When an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, AWS End User Messaging SMS and Voice automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " + "documentation":"

    When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User MessagingSMS automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests.

    " }, "OptOutListName":{ "shape":"OptOutListName", @@ -8086,7 +8211,7 @@ }, "CountryRuleSetUpdates":{ "shape":"ProtectConfigurationCountryRuleSet", - "documentation":"

    A map of ProtectConfigurationCountryRuleSetInformation objects that contain the details for the requested NumberCapability. The Key is the two-letter ISO country code. For a list of supported ISO country codes, see Supported countries and regions (SMS channel) in the AWS End User Messaging SMS User Guide.

    " + "documentation":"

    A map of ProtectConfigurationCountryRuleSetInformation objects that contain the details for the requested NumberCapability. The Key is the two-letter ISO country code. For a list of supported ISO country codes, see Supported countries and regions (SMS channel) in the End User MessagingSMS User Guide.

    For example, to set the United States as allowed and Canada as blocked, the CountryRuleSetUpdates would be formatted as: \"CountryRuleSetUpdates\": { \"US\" : { \"ProtectStatus\": \"ALLOW\" } \"CA\" : { \"ProtectStatus\": \"BLOCK\" } }

    " } } }, @@ -8277,6 +8402,7 @@ "DESTINATION_COUNTRY_BLOCKED", "FIELD_VALIDATION_FAILED", "ATTACHMENT_TYPE_NOT_SUPPORTED", + "INTERNATIONAL_SENDING_NOT_SUPPORTED", "INVALID_ARN", "INVALID_FILTER_VALUES", "INVALID_IDENTITY_FOR_DESTINATION_COUNTRY", @@ -8549,5 +8675,5 @@ "pattern":"[A-Za-z0-9_:/\\+-]+" } }, - "documentation":"

    Welcome to the AWS End User Messaging SMS and Voice, version 2 API Reference. This guide provides information about AWS End User Messaging SMS and Voice, version 2 API resources, including supported HTTP methods, parameters, and schemas.

    Amazon Pinpoint is an Amazon Web Services service that you can use to engage with your recipients across multiple messaging channels. The AWS End User Messaging SMS and Voice, version 2 API provides programmatic access to options that are unique to the SMS and voice channels. AWS End User Messaging SMS and Voice, version 2 resources such as phone numbers, sender IDs, and opt-out lists can be used by the Amazon Pinpoint API.

    If you're new to AWS End User Messaging SMS and Voice, it's also helpful to review the AWS End User Messaging SMS User Guide. The AWS End User Messaging SMS User Guide provides tutorials, code samples, and procedures that demonstrate how to use AWS End User Messaging SMS and Voice features programmatically and how to integrate functionality into mobile apps and other types of applications. The guide also provides key information, such as AWS End User Messaging SMS and Voice integration with other Amazon Web Services services, and the quotas that apply to use of the service.

    Regional availability

    The AWS End User Messaging SMS and Voice version 2 API Reference is available in several Amazon Web Services Regions and it provides an endpoint for each of these Regions. For a list of all the Regions and endpoints where the API is currently available, see Amazon Web Services Service Endpoints and Amazon Pinpoint endpoints and quotas in the Amazon Web Services General Reference. To learn more about Amazon Web Services Regions, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

    In each Region, Amazon Web Services maintains multiple Availability Zones. These Availability Zones are physically isolated from each other, but are united by private, low-latency, high-throughput, and highly redundant network connections. These Availability Zones enable us to provide very high levels of availability and redundancy, while also minimizing latency. To learn more about the number of Availability Zones that are available in each Region, see Amazon Web Services Global Infrastructure.

    " + "documentation":"

    Welcome to the End User MessagingSMS, version 2 API Reference. This guide provides information about End User MessagingSMS, version 2 API resources, including supported HTTP methods, parameters, and schemas.

    Amazon Pinpoint is an Amazon Web Services service that you can use to engage with your recipients across multiple messaging channels. The End User MessagingSMS, version 2 API provides programmatic access to options that are unique to the SMS and voice channels. End User MessagingSMS, version 2 resources such as phone numbers, sender IDs, and opt-out lists can be used by the Amazon Pinpoint API.

    If you're new to End User MessagingSMS, it's also helpful to review the End User MessagingSMS User Guide, where you'll find tutorials, code samples, and procedures that demonstrate how to use End User MessagingSMS features programmatically and how to integrate functionality into mobile apps and other types of applications. The guide also provides key information, such as End User MessagingSMS integration with other Amazon Web Services services, and the quotas that apply to use of the service.

    Regional availability

    The End User MessagingSMS version 2 API Reference is available in several Amazon Web Services Regions and it provides an endpoint for each of these Regions. For a list of all the Regions and endpoints where the API is currently available, see Amazon Web Services Service Endpoints and Amazon Pinpoint endpoints and quotas in the Amazon Web Services General Reference. To learn more about Amazon Web Services Regions, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

    In each Region, Amazon Web Services maintains multiple Availability Zones. These Availability Zones are physically isolated from each other, but are united by private, low-latency, high-throughput, and highly redundant network connections. These Availability Zones enable us to provide very high levels of availability and redundancy, while also minimizing latency. To learn more about the number of Availability Zones that are available in each Region, see Amazon Web Services Global Infrastructure.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/pipes/2015-10-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pipes/2015-10-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pipes/2015-10-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pipes/2015-10-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/polly/2016-06-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/polly/2016-06-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/polly/2016-06-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/polly/2016-06-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/polly/2016-06-10/service-2.json 2.31.35-1/awscli/botocore/data/polly/2016-06-10/service-2.json --- 2.23.6-1/awscli/botocore/data/polly/2016-06-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/polly/2016-06-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -193,8 +193,7 @@ }, "DeleteLexiconOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeVoicesInput":{ "type":"structure", @@ -430,7 +429,8 @@ "nl-BE", "fr-BE", "cs-CZ", - "de-CH" + "de-CH", + "en-SG" ] }, "LanguageCodeList":{ @@ -645,6 +645,7 @@ "enum":[ "json", "mp3", + "ogg_opus", "ogg_vorbis", "pcm" ] @@ -679,8 +680,7 @@ }, "PutLexiconOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "RequestCharacters":{"type":"integer"}, "SampleRate":{"type":"string"}, @@ -879,7 +879,7 @@ "members":{ "Engine":{ "shape":"Engine", - "documentation":"

    Specifies the engine (standard, neural, long-form, or generative) for Amazon Polly to use when processing input text for speech synthesis. Provide an engine that is supported by the voice you select. If you don't provide an engine, the standard engine is selected by default. If a chosen voice isn't supported by the standard engine, this will result in an error. For information on Amazon Polly voices and which voices are available for each engine, see Available Voices.

    Type: String

    Valid Values: standard | neural | long-form | generative

    Required: Yes

    " + "documentation":"

    Specifies the engine (standard, neural, long-form, or generative) for Amazon Polly to use when processing input text for speech synthesis. Provide an engine that is supported by the voice you select. If you don't provide an engine, the standard engine is selected by default. If a chosen voice isn't supported by the standard engine, this will result in an error. For information on Amazon Polly voices and which voices are available for each engine, see Available Voices.

    " }, "LanguageCode":{ "shape":"LanguageCode", @@ -895,7 +895,7 @@ }, "SampleRate":{ "shape":"SampleRate", - "documentation":"

    The audio frequency specified in Hz.

    The valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\", and \"24000\". The default value for standard voices is \"22050\". The default value for neural voices is \"24000\". The default value for long-form voices is \"24000\". The default value for generative voices is \"24000\".

    Valid values for pcm are \"8000\" and \"16000\" The default value is \"16000\".

    " + "documentation":"

    The audio frequency specified in Hz.

    The valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\", \"24000\", \"44100\" and \"48000\". The default value for standard voices is \"22050\". The default value for neural voices is \"24000\". The default value for long-form voices is \"24000\". The default value for generative voices is \"24000\".

    Valid values for pcm are \"8000\" and \"16000\" The default value is \"16000\".

    " }, "SpeechMarkTypes":{ "shape":"SpeechMarkTypeList", @@ -1120,7 +1120,9 @@ "Gregory", "Burcu", "Jitka", - "Sabrina" + "Sabrina", + "Jasmine", + "Jihye" ] }, "VoiceList":{ diff -pruN 2.23.6-1/awscli/botocore/data/pricing/2017-10-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/pricing/2017-10-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/pricing/2017-10-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pricing/2017-10-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/pricing/2017-10-15/service-2.json 2.31.35-1/awscli/botocore/data/pricing/2017-10-15/service-2.json --- 2.23.6-1/awscli/botocore/data/pricing/2017-10-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/pricing/2017-10-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -154,7 +154,7 @@ "documentation":"

    The code for the service whose information you want to retrieve, such as AmazonEC2. You can use the ServiceCode to filter the results in a GetProducts call. To retrieve a list of all services, leave this blank.

    " }, "FormatVersion":{ - "shape":"String", + "shape":"FormatVersion", "documentation":"

    The format version that you want the response to be in.

    Valid values are: aws_v1

    " }, "NextToken":{ @@ -175,7 +175,7 @@ "documentation":"

    The service metadata for the service or services in the response.

    " }, "FormatVersion":{ - "shape":"String", + "shape":"FormatVersion", "documentation":"

    The format version of the response. For example, aws_v1.

    " }, "NextToken":{ @@ -193,6 +193,11 @@ "documentation":"

    The pagination token expired. Try again without a pagination token.

    ", "exception":true }, + "Field":{ + "type":"string", + "max":1024, + "min":1 + }, "FileFormat":{ "type":"string", "max":255, @@ -212,26 +217,39 @@ "members":{ "Type":{ "shape":"FilterType", - "documentation":"

    The type of filter that you want to use.

    Valid values are: TERM_MATCH. TERM_MATCH returns only products that match both the given filter field and the given value.

    " + "documentation":"

    The type of filter that you want to use.

    Valid values are:

    • TERM_MATCH: Returns only products that match both the given filter field and the given value.

    • EQUALS: Returns products that have a field value exactly matching the provided value.

    • CONTAINS: Returns products where the field value contains the provided value as a substring.

    • ANY_OF: Returns products where the field value is any of the provided values.

    • NONE_OF: Returns products where the field value is not any of the provided values.

    " }, "Field":{ - "shape":"String", + "shape":"Field", "documentation":"

    The product metadata field that you want to filter on. You can filter by just the service code to see all products for a specific service, filter by just the attribute name to see a specific attribute for multiple services, or use both a service code and an attribute name to retrieve only products that match both fields.

    Valid values include: ServiceCode, and all attribute names

    For example, you can filter by the AmazonEC2 service code and the volumeType attribute name to get the prices for only Amazon EC2 volumes.

    " }, "Value":{ - "shape":"String", - "documentation":"

    The service code or attribute value that you want to filter by. If you're filtering by service code this is the actual service code, such as AmazonEC2. If you're filtering by attribute name, this is the attribute value that you want the returned products to match, such as a Provisioned IOPS volume.

    " + "shape":"Value", + "documentation":"

    The service code or attribute value that you want to filter by. If you're filtering by service code this is the actual service code, such as AmazonEC2. If you're filtering by attribute name, this is the attribute value that you want the returned products to match, such as a Provisioned IOPS volume.

    For ANY_OF and NONE_OF filter types, you can provide multiple values as a comma-separated string. For example, t2.micro,t2.small,t2.medium or Compute optimized, GPU instance, Micro instances.

    " } }, "documentation":"

    The constraints that you want all returned products to match.

    " }, "FilterType":{ "type":"string", - "enum":["TERM_MATCH"] + "enum":[ + "TERM_MATCH", + "EQUALS", + "CONTAINS", + "ANY_OF", + "NONE_OF" + ] }, "Filters":{ "type":"list", - "member":{"shape":"Filter"} + "member":{"shape":"Filter"}, + "max":50, + "min":0 + }, + "FormatVersion":{ + "type":"string", + "max":32, + "min":1 }, "GetAttributeValuesRequest":{ "type":"structure", @@ -310,7 +328,7 @@ "documentation":"

    The list of filters that limit the returned products. only products that match all filters are returned.

    " }, "FormatVersion":{ - "shape":"String", + "shape":"FormatVersion", "documentation":"

    The format version that you want the response to be in.

    Valid values are: aws_v1

    " }, "NextToken":{ @@ -327,7 +345,7 @@ "type":"structure", "members":{ "FormatVersion":{ - "shape":"String", + "shape":"FormatVersion", "documentation":"

    The format version of the response. For example, aws_v1.

    " }, "PriceList":{ @@ -514,6 +532,11 @@ "exception":true, "retryable":{"throttling":true} }, + "Value":{ + "type":"string", + "max":1024, + "min":1 + }, "errorMessage":{"type":"string"} }, "documentation":"

    The Amazon Web Services Price List API is a centralized and convenient way to programmatically query Amazon Web Services for services, products, and pricing information. The Amazon Web Services Price List uses standardized product attributes such as Location, Storage Class, and Operating System, and provides prices at the SKU level. You can use the Amazon Web Services Price List to do the following:

    • Build cost control and scenario planning tools

    • Reconcile billing data

    • Forecast future spend for budgeting purposes

    • Provide cost benefit analysis that compare your internal workloads with Amazon Web Services

    Use GetServices without a service code to retrieve the service codes for all Amazon Web Services services, then GetServices with a service code to retrieve the attribute names for that service. After you have the service code and attribute names, you can use GetAttributeValues to see what values are available for an attribute. With the service code and an attribute name and value, you can use GetProducts to find specific products that you're interested in, such as an AmazonEC2 instance, with a Provisioned IOPS volumeType.

    For more information, see Using the Amazon Web Services Price List API in the Billing User Guide.

    " diff -pruN 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://private-networks-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://private-networks-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://private-networks.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://private-networks.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/paginators-1.json 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/paginators-1.json --- 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -{ - "pagination": { - "ListDeviceIdentifiers": { - "input_token": "startToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "deviceIdentifiers" - }, - "ListNetworkResources": { - "input_token": "startToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "networkResources" - }, - "ListNetworkSites": { - "input_token": "startToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "networkSites" - }, - "ListNetworks": { - "input_token": "startToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "networks" - }, - "ListOrders": { - "input_token": "startToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "orders" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/service-2.json 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/service-2.json --- 2.23.6-1/awscli/botocore/data/privatenetworks/2021-12-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/privatenetworks/2021-12-03/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,2182 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2021-12-03", - "endpointPrefix":"private-networks", - "jsonVersion":"1.1", - "protocol":"rest-json", - "serviceFullName":"AWS Private 5G", - "serviceId":"PrivateNetworks", - "signatureVersion":"v4", - "signingName":"private-networks", - "uid":"privatenetworks-2021-12-03" - }, - "operations":{ - "AcknowledgeOrderReceipt":{ - "name":"AcknowledgeOrderReceipt", - "http":{ - "method":"POST", - "requestUri":"/v1/orders/acknowledge", - "responseCode":200 - }, - "input":{"shape":"AcknowledgeOrderReceiptRequest"}, - "output":{"shape":"AcknowledgeOrderReceiptResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Acknowledges that the specified network order was received.

    " - }, - "ActivateDeviceIdentifier":{ - "name":"ActivateDeviceIdentifier", - "http":{ - "method":"POST", - "requestUri":"/v1/device-identifiers/activate", - "responseCode":200 - }, - "input":{"shape":"ActivateDeviceIdentifierRequest"}, - "output":{"shape":"ActivateDeviceIdentifierResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Activates the specified device identifier.

    ", - "idempotent":true - }, - "ActivateNetworkSite":{ - "name":"ActivateNetworkSite", - "http":{ - "method":"POST", - "requestUri":"/v1/network-sites/activate", - "responseCode":200 - }, - "input":{"shape":"ActivateNetworkSiteRequest"}, - "output":{"shape":"ActivateNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Activates the specified network site.

    ", - "idempotent":true - }, - "ConfigureAccessPoint":{ - "name":"ConfigureAccessPoint", - "http":{ - "method":"POST", - "requestUri":"/v1/network-resources/configure", - "responseCode":200 - }, - "input":{"shape":"ConfigureAccessPointRequest"}, - "output":{"shape":"ConfigureAccessPointResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Configures the specified network resource.

    Use this action to specify the geographic position of the hardware. You must provide Certified Professional Installer (CPI) credentials in the request so that we can obtain spectrum grants. For more information, see Radio units in the Amazon Web Services Private 5G User Guide.

    ", - "idempotent":true - }, - "CreateNetwork":{ - "name":"CreateNetwork", - "http":{ - "method":"POST", - "requestUri":"/v1/networks", - "responseCode":200 - }, - "input":{"shape":"CreateNetworkRequest"}, - "output":{"shape":"CreateNetworkResponse"}, - "errors":[ - {"shape":"LimitExceededException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Creates a network.

    ", - "idempotent":true - }, - "CreateNetworkSite":{ - "name":"CreateNetworkSite", - "http":{ - "method":"POST", - "requestUri":"/v1/network-sites", - "responseCode":200 - }, - "input":{"shape":"CreateNetworkSiteRequest"}, - "output":{"shape":"CreateNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Creates a network site.

    ", - "idempotent":true - }, - "DeactivateDeviceIdentifier":{ - "name":"DeactivateDeviceIdentifier", - "http":{ - "method":"POST", - "requestUri":"/v1/device-identifiers/deactivate", - "responseCode":200 - }, - "input":{"shape":"DeactivateDeviceIdentifierRequest"}, - "output":{"shape":"DeactivateDeviceIdentifierResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deactivates the specified device identifier.

    ", - "idempotent":true - }, - "DeleteNetwork":{ - "name":"DeleteNetwork", - "http":{ - "method":"DELETE", - "requestUri":"/v1/networks/{networkArn}", - "responseCode":200 - }, - "input":{"shape":"DeleteNetworkRequest"}, - "output":{"shape":"DeleteNetworkResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deletes the specified network. You must delete network sites before you delete the network. For more information, see DeleteNetworkSite in the API Reference for Amazon Web Services Private 5G.

    ", - "idempotent":true - }, - "DeleteNetworkSite":{ - "name":"DeleteNetworkSite", - "http":{ - "method":"DELETE", - "requestUri":"/v1/network-sites/{networkSiteArn}", - "responseCode":200 - }, - "input":{"shape":"DeleteNetworkSiteRequest"}, - "output":{"shape":"DeleteNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Deletes the specified network site. Return the hardware after you delete the network site. You are responsible for minimum charges. For more information, see Hardware returns in the Amazon Web Services Private 5G User Guide.

    ", - "idempotent":true - }, - "GetDeviceIdentifier":{ - "name":"GetDeviceIdentifier", - "http":{ - "method":"GET", - "requestUri":"/v1/device-identifiers/{deviceIdentifierArn}", - "responseCode":200 - }, - "input":{"shape":"GetDeviceIdentifierRequest"}, - "output":{"shape":"GetDeviceIdentifierResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Gets the specified device identifier.

    " - }, - "GetNetwork":{ - "name":"GetNetwork", - "http":{ - "method":"GET", - "requestUri":"/v1/networks/{networkArn}", - "responseCode":200 - }, - "input":{"shape":"GetNetworkRequest"}, - "output":{"shape":"GetNetworkResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Gets the specified network.

    " - }, - "GetNetworkResource":{ - "name":"GetNetworkResource", - "http":{ - "method":"GET", - "requestUri":"/v1/network-resources/{networkResourceArn}", - "responseCode":200 - }, - "input":{"shape":"GetNetworkResourceRequest"}, - "output":{"shape":"GetNetworkResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Gets the specified network resource.

    " - }, - "GetNetworkSite":{ - "name":"GetNetworkSite", - "http":{ - "method":"GET", - "requestUri":"/v1/network-sites/{networkSiteArn}", - "responseCode":200 - }, - "input":{"shape":"GetNetworkSiteRequest"}, - "output":{"shape":"GetNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Gets the specified network site.

    " - }, - "GetOrder":{ - "name":"GetOrder", - "http":{ - "method":"GET", - "requestUri":"/v1/orders/{orderArn}", - "responseCode":200 - }, - "input":{"shape":"GetOrderRequest"}, - "output":{"shape":"GetOrderResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Gets the specified order.

    " - }, - "ListDeviceIdentifiers":{ - "name":"ListDeviceIdentifiers", - "http":{ - "method":"POST", - "requestUri":"/v1/device-identifiers/list", - "responseCode":200 - }, - "input":{"shape":"ListDeviceIdentifiersRequest"}, - "output":{"shape":"ListDeviceIdentifiersResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists device identifiers. Add filters to your request to return a more specific list of results. Use filters to match the Amazon Resource Name (ARN) of an order, the status of device identifiers, or the ARN of the traffic group.

    If you specify multiple filters, filters are joined with an OR, and the request returns results that match all of the specified filters.

    " - }, - "ListNetworkResources":{ - "name":"ListNetworkResources", - "http":{ - "method":"POST", - "requestUri":"/v1/network-resources", - "responseCode":200 - }, - "input":{"shape":"ListNetworkResourcesRequest"}, - "output":{"shape":"ListNetworkResourcesResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists network resources. Add filters to your request to return a more specific list of results. Use filters to match the Amazon Resource Name (ARN) of an order or the status of network resources.

    If you specify multiple filters, filters are joined with an OR, and the request returns results that match all of the specified filters.

    " - }, - "ListNetworkSites":{ - "name":"ListNetworkSites", - "http":{ - "method":"POST", - "requestUri":"/v1/network-sites/list", - "responseCode":200 - }, - "input":{"shape":"ListNetworkSitesRequest"}, - "output":{"shape":"ListNetworkSitesResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists network sites. Add filters to your request to return a more specific list of results. Use filters to match the status of the network site.

    " - }, - "ListNetworks":{ - "name":"ListNetworks", - "http":{ - "method":"POST", - "requestUri":"/v1/networks/list", - "responseCode":200 - }, - "input":{"shape":"ListNetworksRequest"}, - "output":{"shape":"ListNetworksResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists networks. Add filters to your request to return a more specific list of results. Use filters to match the status of the network.

    " - }, - "ListOrders":{ - "name":"ListOrders", - "http":{ - "method":"POST", - "requestUri":"/v1/orders/list", - "responseCode":200 - }, - "input":{"shape":"ListOrdersRequest"}, - "output":{"shape":"ListOrdersResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Lists orders. Add filters to your request to return a more specific list of results. Use filters to match the Amazon Resource Name (ARN) of the network site or the status of the order.

    If you specify multiple filters, filters are joined with an OR, and the request returns results that match all of the specified filters.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Lists the tags for the specified resource.

    " - }, - "Ping":{ - "name":"Ping", - "http":{ - "method":"GET", - "requestUri":"/ping", - "responseCode":200 - }, - "output":{"shape":"PingResponse"}, - "errors":[ - {"shape":"InternalServerException"} - ], - "documentation":"

    Checks the health of the service.

    " - }, - "StartNetworkResourceUpdate":{ - "name":"StartNetworkResourceUpdate", - "http":{ - "method":"POST", - "requestUri":"/v1/network-resources/update", - "responseCode":200 - }, - "input":{"shape":"StartNetworkResourceUpdateRequest"}, - "output":{"shape":"StartNetworkResourceUpdateResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Use this action to do the following tasks:

    • Update the duration and renewal status of the commitment period for a radio unit. The update goes into effect immediately.

    • Request a replacement for a network resource.

    • Request that you return a network resource.

    After you submit a request to replace or return a network resource, the status of the network resource changes to CREATING_SHIPPING_LABEL. The shipping label is available when the status of the network resource is PENDING_RETURN. After the network resource is successfully returned, its status changes to DELETED. For more information, see Return a radio unit.

    ", - "idempotent":true - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Adds tags to the specified resource.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}", - "responseCode":200 - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    Removes tags from the specified resource.

    " - }, - "UpdateNetworkSite":{ - "name":"UpdateNetworkSite", - "http":{ - "method":"PUT", - "requestUri":"/v1/network-sites/site", - "responseCode":200 - }, - "input":{"shape":"UpdateNetworkSiteRequest"}, - "output":{"shape":"UpdateNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Updates the specified network site.

    ", - "idempotent":true - }, - "UpdateNetworkSitePlan":{ - "name":"UpdateNetworkSitePlan", - "http":{ - "method":"PUT", - "requestUri":"/v1/network-sites/plan", - "responseCode":200 - }, - "input":{"shape":"UpdateNetworkSitePlanRequest"}, - "output":{"shape":"UpdateNetworkSiteResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    Updates the specified network site plan.

    ", - "idempotent":true - } - }, - "shapes":{ - "AccessDeniedException":{ - "type":"structure", - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

    You do not have permission to perform this operation.

    ", - "error":{ - "httpStatusCode":403, - "senderFault":true - }, - "exception":true - }, - "AcknowledgeOrderReceiptRequest":{ - "type":"structure", - "required":["orderArn"], - "members":{ - "orderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the order.

    " - } - } - }, - "AcknowledgeOrderReceiptResponse":{ - "type":"structure", - "required":["order"], - "members":{ - "order":{ - "shape":"Order", - "documentation":"

    Information about the order.

    " - } - } - }, - "AcknowledgmentStatus":{ - "type":"string", - "enum":[ - "ACKNOWLEDGING", - "ACKNOWLEDGED", - "UNACKNOWLEDGED" - ] - }, - "ActivateDeviceIdentifierRequest":{ - "type":"structure", - "required":["deviceIdentifierArn"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "deviceIdentifierArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the device identifier.

    " - } - } - }, - "ActivateDeviceIdentifierResponse":{ - "type":"structure", - "required":["deviceIdentifier"], - "members":{ - "deviceIdentifier":{ - "shape":"DeviceIdentifier", - "documentation":"

    Information about the device identifier.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The tags on the device identifier.

    " - } - } - }, - "ActivateNetworkSiteRequest":{ - "type":"structure", - "required":[ - "networkSiteArn", - "shippingAddress" - ], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "commitmentConfiguration":{ - "shape":"CommitmentConfiguration", - "documentation":"

    Determines the duration and renewal status of the commitment period for all pending radio units.

    If you include commitmentConfiguration in the ActivateNetworkSiteRequest action, you must specify the following:

    • The commitment period for the radio unit. You can choose a 60-day, 1-year, or 3-year period.

    • Whether you want your commitment period to automatically renew for one more year after your current commitment period expires.

    For pricing, see Amazon Web Services Private 5G Pricing.

    If you do not include commitmentConfiguration in the ActivateNetworkSiteRequest action, the commitment period is set to 60-days.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    " - }, - "shippingAddress":{ - "shape":"Address", - "documentation":"

    The shipping address of the network site.

    " - } - } - }, - "ActivateNetworkSiteResponse":{ - "type":"structure", - "members":{ - "networkSite":{ - "shape":"NetworkSite", - "documentation":"

    Information about the network site.

    " - } - } - }, - "Address":{ - "type":"structure", - "required":[ - "city", - "country", - "name", - "postalCode", - "stateOrProvince", - "street1" - ], - "members":{ - "city":{ - "shape":"AddressContent", - "documentation":"

    The city for this address.

    " - }, - "company":{ - "shape":"AddressContent", - "documentation":"

    The company name for this address.

    " - }, - "country":{ - "shape":"AddressContent", - "documentation":"

    The country for this address.

    " - }, - "emailAddress":{ - "shape":"AddressContent", - "documentation":"

    The recipient's email address.

    " - }, - "name":{ - "shape":"AddressContent", - "documentation":"

    The recipient's name for this address.

    " - }, - "phoneNumber":{ - "shape":"AddressContent", - "documentation":"

    The recipient's phone number.

    " - }, - "postalCode":{ - "shape":"AddressContent", - "documentation":"

    The postal code for this address.

    " - }, - "stateOrProvince":{ - "shape":"AddressContent", - "documentation":"

    The state or province for this address.

    " - }, - "street1":{ - "shape":"AddressContent", - "documentation":"

    The first line of the street address.

    " - }, - "street2":{ - "shape":"AddressContent", - "documentation":"

    The second line of the street address.

    " - }, - "street3":{ - "shape":"AddressContent", - "documentation":"

    The third line of the street address.

    " - } - }, - "documentation":"

    Information about an address.

    " - }, - "AddressContent":{ - "type":"string", - "max":1024, - "min":1, - "sensitive":true - }, - "Arn":{ - "type":"string", - "pattern":"^arn:aws:private-networks:[a-z0-9-]+:[^:]*:.*$" - }, - "Boolean":{ - "type":"boolean", - "box":true - }, - "ClientToken":{ - "type":"string", - "max":100, - "min":1 - }, - "CommitmentConfiguration":{ - "type":"structure", - "required":[ - "automaticRenewal", - "commitmentLength" - ], - "members":{ - "automaticRenewal":{ - "shape":"Boolean", - "documentation":"

    Determines whether the commitment period for a radio unit is set to automatically renew for an additional 1 year after your current commitment period expires.

    Set to True, if you want your commitment period to automatically renew. Set to False if you do not want your commitment to automatically renew.

    You can do the following:

    • Set a 1-year commitment to automatically renew for an additional 1 year. The hourly rate for the additional year will continue to be the same as your existing 1-year rate.

    • Set a 3-year commitment to automatically renew for an additional 1 year. The hourly rate for the additional year will continue to be the same as your existing 3-year rate.

    • Turn off a previously-enabled automatic renewal on a 1-year or 3-year commitment.

    You cannot use the automatic-renewal option for a 60-day commitment.

    " - }, - "commitmentLength":{ - "shape":"CommitmentLength", - "documentation":"

    The duration of the commitment period for the radio unit. You can choose a 60-day, 1-year, or 3-year period.

    " - } - }, - "documentation":"

    Determines the duration and renewal status of the commitment period for a radio unit.

    For pricing, see Amazon Web Services Private 5G Pricing.

    " - }, - "CommitmentInformation":{ - "type":"structure", - "required":["commitmentConfiguration"], - "members":{ - "commitmentConfiguration":{ - "shape":"CommitmentConfiguration", - "documentation":"

    The duration and renewal status of the commitment period for the radio unit.

    " - }, - "expiresOn":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the commitment period ends. If you do not cancel or renew the commitment before the expiration date, you will be billed at the 60-day-commitment rate.

    " - }, - "startAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the commitment period started.

    " - } - }, - "documentation":"

    Shows the duration, the date and time that the contract started and ends, and the renewal status of the commitment period for the radio unit.

    " - }, - "CommitmentLength":{ - "type":"string", - "enum":[ - "SIXTY_DAYS", - "ONE_YEAR", - "THREE_YEARS" - ] - }, - "ConfigureAccessPointRequest":{ - "type":"structure", - "required":["accessPointArn"], - "members":{ - "accessPointArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network resource.

    " - }, - "cpiSecretKey":{ - "shape":"ConfigureAccessPointRequestCpiSecretKeyString", - "documentation":"

    A Base64 encoded string of the CPI certificate associated with the CPI user who is certifying the coordinates of the network resource.

    " - }, - "cpiUserId":{ - "shape":"ConfigureAccessPointRequestCpiUserIdString", - "documentation":"

    The CPI user ID of the CPI user who is certifying the coordinates of the network resource.

    " - }, - "cpiUserPassword":{ - "shape":"ConfigureAccessPointRequestCpiUserPasswordString", - "documentation":"

    The CPI password associated with the CPI certificate in cpiSecretKey.

    " - }, - "cpiUsername":{ - "shape":"ConfigureAccessPointRequestCpiUsernameString", - "documentation":"

    The CPI user name of the CPI user who is certifying the coordinates of the radio unit.

    " - }, - "position":{ - "shape":"Position", - "documentation":"

    The position of the network resource.

    " - } - } - }, - "ConfigureAccessPointRequestCpiSecretKeyString":{ - "type":"string", - "max":100000, - "min":1, - "sensitive":true - }, - "ConfigureAccessPointRequestCpiUserIdString":{ - "type":"string", - "max":4096, - "min":1, - "sensitive":true - }, - "ConfigureAccessPointRequestCpiUserPasswordString":{ - "type":"string", - "max":4096, - "min":1, - "sensitive":true - }, - "ConfigureAccessPointRequestCpiUsernameString":{ - "type":"string", - "max":4096, - "min":1, - "sensitive":true - }, - "ConfigureAccessPointResponse":{ - "type":"structure", - "required":["accessPoint"], - "members":{ - "accessPoint":{ - "shape":"NetworkResource", - "documentation":"

    Information about the network resource.

    " - } - } - }, - "CreateNetworkRequest":{ - "type":"structure", - "required":["networkName"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the network.

    " - }, - "networkName":{ - "shape":"Name", - "documentation":"

    The name of the network. You can't change the name after you create the network.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The tags to apply to the network.

    " - } - } - }, - "CreateNetworkResponse":{ - "type":"structure", - "required":["network"], - "members":{ - "network":{ - "shape":"Network", - "documentation":"

    Information about the network.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network tags.

    " - } - } - }, - "CreateNetworkSiteRequest":{ - "type":"structure", - "required":[ - "networkArn", - "networkSiteName" - ], - "members":{ - "availabilityZone":{ - "shape":"String", - "documentation":"

    The Availability Zone that is the parent of this site. You can't change the Availability Zone after you create the site.

    " - }, - "availabilityZoneId":{ - "shape":"String", - "documentation":"

    The ID of the Availability Zone that is the parent of this site. You can't change the Availability Zone after you create the site.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the site.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "networkSiteName":{ - "shape":"Name", - "documentation":"

    The name of the site. You can't change the name after you create the site.

    " - }, - "pendingPlan":{ - "shape":"SitePlan", - "documentation":"

    Information about the pending plan for this site.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The tags to apply to the network site.

    " - } - } - }, - "CreateNetworkSiteResponse":{ - "type":"structure", - "members":{ - "networkSite":{ - "shape":"NetworkSite", - "documentation":"

    Information about the network site.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network site tags.

    " - } - } - }, - "DeactivateDeviceIdentifierRequest":{ - "type":"structure", - "required":["deviceIdentifierArn"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "deviceIdentifierArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the device identifier.

    " - } - } - }, - "DeactivateDeviceIdentifierResponse":{ - "type":"structure", - "required":["deviceIdentifier"], - "members":{ - "deviceIdentifier":{ - "shape":"DeviceIdentifier", - "documentation":"

    Information about the device identifier.

    " - } - } - }, - "DeleteNetworkRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    ", - "location":"querystring", - "locationName":"clientToken" - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    ", - "location":"uri", - "locationName":"networkArn" - } - } - }, - "DeleteNetworkResponse":{ - "type":"structure", - "required":["network"], - "members":{ - "network":{ - "shape":"Network", - "documentation":"

    Information about the network.

    " - } - } - }, - "DeleteNetworkSiteRequest":{ - "type":"structure", - "required":["networkSiteArn"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    ", - "location":"querystring", - "locationName":"clientToken" - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    ", - "location":"uri", - "locationName":"networkSiteArn" - } - } - }, - "DeleteNetworkSiteResponse":{ - "type":"structure", - "members":{ - "networkSite":{ - "shape":"NetworkSite", - "documentation":"

    Information about the network site.

    " - } - } - }, - "Description":{ - "type":"string", - "max":100, - "min":0 - }, - "DeviceIdentifier":{ - "type":"structure", - "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The creation time of this device identifier.

    " - }, - "deviceIdentifierArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the device identifier.

    " - }, - "iccid":{ - "shape":"String", - "documentation":"

    The Integrated Circuit Card Identifier of the device identifier.

    " - }, - "imsi":{ - "shape":"DeviceIdentifierImsiString", - "documentation":"

    The International Mobile Subscriber Identity of the device identifier.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network on which the device identifier appears.

    " - }, - "orderArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the order used to purchase the device identifier.

    " - }, - "status":{ - "shape":"DeviceIdentifierStatus", - "documentation":"

    The status of the device identifier.

    " - }, - "trafficGroupArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the traffic group to which the device identifier belongs.

    " - }, - "vendor":{ - "shape":"String", - "documentation":"

    The vendor of the device identifier.

    " - } - }, - "documentation":"

    Information about a subscriber of a device that can use a network.

    " - }, - "DeviceIdentifierFilterKeys":{ - "type":"string", - "enum":[ - "STATUS", - "ORDER", - "TRAFFIC_GROUP" - ] - }, - "DeviceIdentifierFilterValues":{ - "type":"list", - "member":{"shape":"String"} - }, - "DeviceIdentifierFilters":{ - "type":"map", - "key":{"shape":"DeviceIdentifierFilterKeys"}, - "value":{"shape":"DeviceIdentifierFilterValues"} - }, - "DeviceIdentifierImsiString":{ - "type":"string", - "pattern":"^[0-9]{15}$", - "sensitive":true - }, - "DeviceIdentifierList":{ - "type":"list", - "member":{"shape":"DeviceIdentifier"} - }, - "DeviceIdentifierStatus":{ - "type":"string", - "enum":[ - "ACTIVE", - "INACTIVE" - ] - }, - "Double":{ - "type":"double", - "box":true - }, - "ElevationReference":{ - "type":"string", - "enum":[ - "AGL", - "AMSL" - ] - }, - "ElevationUnit":{ - "type":"string", - "enum":["FEET"] - }, - "GetDeviceIdentifierRequest":{ - "type":"structure", - "required":["deviceIdentifierArn"], - "members":{ - "deviceIdentifierArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the device identifier.

    ", - "location":"uri", - "locationName":"deviceIdentifierArn" - } - } - }, - "GetDeviceIdentifierResponse":{ - "type":"structure", - "members":{ - "deviceIdentifier":{ - "shape":"DeviceIdentifier", - "documentation":"

    Information about the device identifier.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The device identifier tags.

    " - } - } - }, - "GetNetworkRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    ", - "location":"uri", - "locationName":"networkArn" - } - } - }, - "GetNetworkResourceRequest":{ - "type":"structure", - "required":["networkResourceArn"], - "members":{ - "networkResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network resource.

    ", - "location":"uri", - "locationName":"networkResourceArn" - } - } - }, - "GetNetworkResourceResponse":{ - "type":"structure", - "required":["networkResource"], - "members":{ - "networkResource":{ - "shape":"NetworkResource", - "documentation":"

    Information about the network resource.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network resource tags.

    " - } - } - }, - "GetNetworkResponse":{ - "type":"structure", - "required":["network"], - "members":{ - "network":{ - "shape":"Network", - "documentation":"

    Information about the network.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network tags.

    " - } - } - }, - "GetNetworkSiteRequest":{ - "type":"structure", - "required":["networkSiteArn"], - "members":{ - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    ", - "location":"uri", - "locationName":"networkSiteArn" - } - } - }, - "GetNetworkSiteResponse":{ - "type":"structure", - "members":{ - "networkSite":{ - "shape":"NetworkSite", - "documentation":"

    Information about the network site.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network site tags.

    " - } - } - }, - "GetOrderRequest":{ - "type":"structure", - "required":["orderArn"], - "members":{ - "orderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the order.

    ", - "location":"uri", - "locationName":"orderArn" - } - } - }, - "GetOrderResponse":{ - "type":"structure", - "required":["order"], - "members":{ - "order":{ - "shape":"Order", - "documentation":"

    Information about the order.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The order tags.

    " - } - } - }, - "HealthStatus":{ - "type":"string", - "enum":[ - "INITIAL", - "HEALTHY", - "UNHEALTHY" - ] - }, - "Integer":{ - "type":"integer", - "box":true - }, - "InternalServerException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{ - "shape":"String", - "documentation":"

    Description of the error.

    " - }, - "retryAfterSeconds":{ - "shape":"Integer", - "documentation":"

    Advice to clients on when the call can be safely retried.

    ", - "location":"header", - "locationName":"Retry-After" - } - }, - "documentation":"

    Information about an internal error.

    ", - "error":{"httpStatusCode":500}, - "exception":true, - "fault":true, - "retryable":{"throttling":false} - }, - "LimitExceededException":{ - "type":"structure", - "required":["message"], - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

    The limit was exceeded.

    ", - "error":{ - "httpStatusCode":400, - "senderFault":true - }, - "exception":true - }, - "ListDeviceIdentifiersRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "filters":{ - "shape":"DeviceIdentifierFilters", - "documentation":"

    The filters.

    • ORDER - The Amazon Resource Name (ARN) of the order.

    • STATUS - The status (ACTIVE | INACTIVE).

    • TRAFFIC_GROUP - The Amazon Resource Name (ARN) of the traffic group.

    Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    " - }, - "maxResults":{ - "shape":"ListDeviceIdentifiersRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "startToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListDeviceIdentifiersRequestMaxResultsInteger":{ - "type":"integer", - "box":true, - "max":20, - "min":1 - }, - "ListDeviceIdentifiersResponse":{ - "type":"structure", - "members":{ - "deviceIdentifiers":{ - "shape":"DeviceIdentifierList", - "documentation":"

    Information about the device identifiers.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworkResourcesRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "filters":{ - "shape":"NetworkResourceFilters", - "documentation":"

    The filters.

    • ORDER - The Amazon Resource Name (ARN) of the order.

    • STATUS - The status (AVAILABLE | DELETED | DELETING | PENDING | PENDING_RETURN | PROVISIONING | SHIPPED).

    Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    " - }, - "maxResults":{ - "shape":"ListNetworkResourcesRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "startToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworkResourcesRequestMaxResultsInteger":{ - "type":"integer", - "box":true, - "max":20, - "min":1 - }, - "ListNetworkResourcesResponse":{ - "type":"structure", - "members":{ - "networkResources":{ - "shape":"NetworkResourceList", - "documentation":"

    Information about network resources.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworkSitesRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "filters":{ - "shape":"NetworkSiteFilters", - "documentation":"

    The filters. Add filters to your request to return a more specific list of results. Use filters to match the status of the network sites.

    • STATUS - The status (AVAILABLE | CREATED | DELETED | DEPROVISIONING | PROVISIONING).

    Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    " - }, - "maxResults":{ - "shape":"ListNetworkSitesRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "startToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworkSitesRequestMaxResultsInteger":{ - "type":"integer", - "box":true, - "max":20, - "min":1 - }, - "ListNetworkSitesResponse":{ - "type":"structure", - "members":{ - "networkSites":{ - "shape":"NetworkSiteList", - "documentation":"

    Information about the network sites.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworksRequest":{ - "type":"structure", - "members":{ - "filters":{ - "shape":"NetworkFilters", - "documentation":"

    The filters.

    • STATUS - The status (AVAILABLE | CREATED | DELETED | DEPROVISIONING | PROVISIONING).

    Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    " - }, - "maxResults":{ - "shape":"ListNetworksRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return.

    " - }, - "startToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListNetworksRequestMaxResultsInteger":{ - "type":"integer", - "box":true, - "max":20, - "min":1 - }, - "ListNetworksResponse":{ - "type":"structure", - "members":{ - "networks":{ - "shape":"NetworkList", - "documentation":"

    The networks.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListOrdersRequest":{ - "type":"structure", - "required":["networkArn"], - "members":{ - "filters":{ - "shape":"OrderFilters", - "documentation":"

    The filters.

    • NETWORK_SITE - The Amazon Resource Name (ARN) of the network site.

    • STATUS - The status (ACKNOWLEDGING | ACKNOWLEDGED | UNACKNOWLEDGED).

    Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    " - }, - "maxResults":{ - "shape":"ListOrdersRequestMaxResultsInteger", - "documentation":"

    The maximum number of results to return.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "startToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - } - } - }, - "ListOrdersRequestMaxResultsInteger":{ - "type":"integer", - "box":true, - "max":20, - "min":1 - }, - "ListOrdersResponse":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The token for the next page of results.

    " - }, - "orders":{ - "shape":"OrderList", - "documentation":"

    Information about the orders.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["resourceArn"], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "tags":{ - "shape":"TagMap", - "documentation":"

    The resource tags.

    " - } - } - }, - "Name":{ - "type":"string", - "max":64, - "min":1, - "pattern":"^[0-9a-zA-Z-]*$" - }, - "NameValuePair":{ - "type":"structure", - "required":["name"], - "members":{ - "name":{ - "shape":"String", - "documentation":"

    The name of the pair.

    " - }, - "value":{ - "shape":"String", - "documentation":"

    The value of the pair.

    " - } - }, - "documentation":"

    Information about a name/value pair.

    " - }, - "NameValuePairs":{ - "type":"list", - "member":{"shape":"NameValuePair"} - }, - "Network":{ - "type":"structure", - "required":[ - "networkArn", - "networkName", - "status" - ], - "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The creation time of the network.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the network.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network.

    " - }, - "networkName":{ - "shape":"Name", - "documentation":"

    The name of the network.

    " - }, - "status":{ - "shape":"NetworkStatus", - "documentation":"

    The status of the network.

    " - }, - "statusReason":{ - "shape":"String", - "documentation":"

    The status reason of the network.

    " - } - }, - "documentation":"

    Information about a network.

    " - }, - "NetworkFilterKeys":{ - "type":"string", - "enum":["STATUS"] - }, - "NetworkFilterValues":{ - "type":"list", - "member":{"shape":"String"} - }, - "NetworkFilters":{ - "type":"map", - "key":{"shape":"NetworkFilterKeys"}, - "value":{"shape":"NetworkFilterValues"} - }, - "NetworkList":{ - "type":"list", - "member":{"shape":"Network"} - }, - "NetworkResource":{ - "type":"structure", - "members":{ - "attributes":{ - "shape":"NameValuePairs", - "documentation":"

    The attributes of the network resource.

    " - }, - "commitmentInformation":{ - "shape":"CommitmentInformation", - "documentation":"

    Information about the commitment period for the radio unit. Shows the duration, the date and time that the contract started and ends, and the renewal status of the commitment period.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The creation time of the network resource.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the network resource.

    " - }, - "health":{ - "shape":"HealthStatus", - "documentation":"

    The health of the network resource.

    " - }, - "model":{ - "shape":"String", - "documentation":"

    The model of the network resource.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network on which this network resource appears.

    " - }, - "networkResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network resource.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site on which this network resource appears.

    " - }, - "orderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the order used to purchase this network resource.

    " - }, - "position":{ - "shape":"Position", - "documentation":"

    The position of the network resource.

    " - }, - "returnInformation":{ - "shape":"ReturnInformation", - "documentation":"

    Information about a request to return the network resource.

    " - }, - "serialNumber":{ - "shape":"String", - "documentation":"

    The serial number of the network resource.

    " - }, - "status":{ - "shape":"NetworkResourceStatus", - "documentation":"

    The status of the network resource.

    " - }, - "statusReason":{ - "shape":"String", - "documentation":"

    The status reason of the network resource.

    " - }, - "type":{ - "shape":"NetworkResourceType", - "documentation":"

    The type of the network resource.

    " - }, - "vendor":{ - "shape":"String", - "documentation":"

    The vendor of the network resource.

    " - } - }, - "documentation":"

    Information about a network resource.

    " - }, - "NetworkResourceDefinition":{ - "type":"structure", - "required":[ - "count", - "type" - ], - "members":{ - "count":{ - "shape":"NetworkResourceDefinitionCountInteger", - "documentation":"

    The count in the network resource definition.

    " - }, - "options":{ - "shape":"Options", - "documentation":"

    The options in the network resource definition.

    " - }, - "type":{ - "shape":"NetworkResourceDefinitionType", - "documentation":"

    The type in the network resource definition.

    " - } - }, - "documentation":"

    Information about a network resource definition.

    " - }, - "NetworkResourceDefinitionCountInteger":{ - "type":"integer", - "box":true, - "min":0 - }, - "NetworkResourceDefinitionType":{ - "type":"string", - "enum":[ - "RADIO_UNIT", - "DEVICE_IDENTIFIER" - ] - }, - "NetworkResourceDefinitions":{ - "type":"list", - "member":{"shape":"NetworkResourceDefinition"} - }, - "NetworkResourceFilterKeys":{ - "type":"string", - "enum":[ - "ORDER", - "STATUS" - ] - }, - "NetworkResourceFilterValues":{ - "type":"list", - "member":{"shape":"String"} - }, - "NetworkResourceFilters":{ - "type":"map", - "key":{"shape":"NetworkResourceFilterKeys"}, - "value":{"shape":"NetworkResourceFilterValues"} - }, - "NetworkResourceList":{ - "type":"list", - "member":{"shape":"NetworkResource"} - }, - "NetworkResourceStatus":{ - "type":"string", - "enum":[ - "PENDING", - "SHIPPED", - "PROVISIONING", - "PROVISIONED", - "AVAILABLE", - "DELETING", - "PENDING_RETURN", - "DELETED", - "CREATING_SHIPPING_LABEL" - ] - }, - "NetworkResourceType":{ - "type":"string", - "enum":["RADIO_UNIT"] - }, - "NetworkSite":{ - "type":"structure", - "required":[ - "networkArn", - "networkSiteArn", - "networkSiteName", - "status" - ], - "members":{ - "availabilityZone":{ - "shape":"String", - "documentation":"

    The parent Availability Zone for the network site.

    " - }, - "availabilityZoneId":{ - "shape":"String", - "documentation":"

    The parent Availability Zone ID for the network site.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The creation time of the network site.

    " - }, - "currentPlan":{ - "shape":"SitePlan", - "documentation":"

    The current plan of the network site.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the network site.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network to which the network site belongs.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    " - }, - "networkSiteName":{ - "shape":"Name", - "documentation":"

    The name of the network site.

    " - }, - "pendingPlan":{ - "shape":"SitePlan", - "documentation":"

    The pending plan of the network site.

    " - }, - "status":{ - "shape":"NetworkSiteStatus", - "documentation":"

    The status of the network site.

    " - }, - "statusReason":{ - "shape":"String", - "documentation":"

    The status reason of the network site.

    " - } - }, - "documentation":"

    Information about a network site.

    " - }, - "NetworkSiteFilterKeys":{ - "type":"string", - "enum":["STATUS"] - }, - "NetworkSiteFilterValues":{ - "type":"list", - "member":{"shape":"String"} - }, - "NetworkSiteFilters":{ - "type":"map", - "key":{"shape":"NetworkSiteFilterKeys"}, - "value":{"shape":"NetworkSiteFilterValues"} - }, - "NetworkSiteList":{ - "type":"list", - "member":{"shape":"NetworkSite"} - }, - "NetworkSiteStatus":{ - "type":"string", - "enum":[ - "CREATED", - "PROVISIONING", - "AVAILABLE", - "DEPROVISIONING", - "DELETED" - ] - }, - "NetworkStatus":{ - "type":"string", - "enum":[ - "CREATED", - "PROVISIONING", - "AVAILABLE", - "DEPROVISIONING", - "DELETED" - ] - }, - "Options":{ - "type":"list", - "member":{"shape":"NameValuePair"} - }, - "Order":{ - "type":"structure", - "members":{ - "acknowledgmentStatus":{ - "shape":"AcknowledgmentStatus", - "documentation":"

    The acknowledgement status of the order.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The creation time of the order.

    " - }, - "networkArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network associated with this order.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site associated with this order.

    " - }, - "orderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the order.

    " - }, - "orderedResources":{ - "shape":"OrderedResourceDefinitions", - "documentation":"

    A list of the network resources placed in the order.

    " - }, - "shippingAddress":{ - "shape":"Address", - "documentation":"

    The shipping address of the order.

    " - }, - "trackingInformation":{ - "shape":"TrackingInformationList", - "documentation":"

    The tracking information of the order.

    " - } - }, - "documentation":"

    Information about an order.

    " - }, - "OrderFilterKeys":{ - "type":"string", - "enum":[ - "STATUS", - "NETWORK_SITE" - ] - }, - "OrderFilterValues":{ - "type":"list", - "member":{"shape":"String"} - }, - "OrderFilters":{ - "type":"map", - "key":{"shape":"OrderFilterKeys"}, - "value":{"shape":"OrderFilterValues"} - }, - "OrderList":{ - "type":"list", - "member":{"shape":"Order"} - }, - "OrderedResourceDefinition":{ - "type":"structure", - "required":[ - "count", - "type" - ], - "members":{ - "commitmentConfiguration":{ - "shape":"CommitmentConfiguration", - "documentation":"

    The duration and renewal status of the commitment period for each radio unit in the order. Does not show details if the resource type is DEVICE_IDENTIFIER.

    " - }, - "count":{ - "shape":"OrderedResourceDefinitionCountInteger", - "documentation":"

    The number of network resources in the order.

    " - }, - "type":{ - "shape":"NetworkResourceDefinitionType", - "documentation":"

    The type of network resource in the order.

    " - } - }, - "documentation":"

    Details of the network resources in the order.

    " - }, - "OrderedResourceDefinitionCountInteger":{ - "type":"integer", - "box":true, - "min":0 - }, - "OrderedResourceDefinitions":{ - "type":"list", - "member":{"shape":"OrderedResourceDefinition"} - }, - "PaginationToken":{"type":"string"}, - "PingResponse":{ - "type":"structure", - "members":{ - "status":{ - "shape":"String", - "documentation":"

    Information about the health of the service.

    " - } - } - }, - "Position":{ - "type":"structure", - "members":{ - "elevation":{ - "shape":"Double", - "documentation":"

    The elevation of the equipment at this position.

    " - }, - "elevationReference":{ - "shape":"ElevationReference", - "documentation":"

    The reference point from which elevation is reported.

    " - }, - "elevationUnit":{ - "shape":"ElevationUnit", - "documentation":"

    The units used to measure the elevation of the position.

    " - }, - "latitude":{ - "shape":"Double", - "documentation":"

    The latitude of the position.

    " - }, - "longitude":{ - "shape":"Double", - "documentation":"

    The longitude of the position.

    " - } - }, - "documentation":"

    Information about a position.

    " - }, - "ResourceNotFoundException":{ - "type":"structure", - "required":[ - "message", - "resourceId", - "resourceType" - ], - "members":{ - "message":{ - "shape":"String", - "documentation":"

    Description of the error.

    " - }, - "resourceId":{ - "shape":"String", - "documentation":"

    Identifier of the affected resource.

    " - }, - "resourceType":{ - "shape":"String", - "documentation":"

    Type of the affected resource.

    " - } - }, - "documentation":"

    The resource was not found.

    ", - "error":{ - "httpStatusCode":404, - "senderFault":true - }, - "exception":true - }, - "ReturnInformation":{ - "type":"structure", - "members":{ - "replacementOrderArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the replacement order.

    " - }, - "returnReason":{ - "shape":"String", - "documentation":"

    The reason for the return. If the return request did not include a reason for the return, this value is null.

    " - }, - "shippingAddress":{ - "shape":"Address", - "documentation":"

    The shipping address.

    " - }, - "shippingLabel":{ - "shape":"String", - "documentation":"

    The URL of the shipping label. The shipping label is available for download only if the status of the network resource is PENDING_RETURN. For more information, see Return a radio unit.

    " - } - }, - "documentation":"

    Information about a request to return a network resource.

    " - }, - "SitePlan":{ - "type":"structure", - "members":{ - "options":{ - "shape":"Options", - "documentation":"

    The options of the plan.

    " - }, - "resourceDefinitions":{ - "shape":"NetworkResourceDefinitions", - "documentation":"

    The resource definitions of the plan.

    " - } - }, - "documentation":"

    Information about a site plan.

    " - }, - "StartNetworkResourceUpdateRequest":{ - "type":"structure", - "required":[ - "networkResourceArn", - "updateType" - ], - "members":{ - "commitmentConfiguration":{ - "shape":"CommitmentConfiguration", - "documentation":"

    Use this action to extend and automatically renew the commitment period for the radio unit. You can do the following:

    • Change a 60-day commitment to a 1-year or 3-year commitment. The change is immediate and the hourly rate decreases to the rate for the new commitment period.

    • Change a 1-year commitment to a 3-year commitment. The change is immediate and the hourly rate decreases to the rate for the 3-year commitment period.

    • Set a 1-year commitment to automatically renew for an additional 1 year. The hourly rate for the additional year will continue to be the same as your existing 1-year rate.

    • Set a 3-year commitment to automatically renew for an additional 1 year. The hourly rate for the additional year will continue to be the same as your existing 3-year rate.

    • Turn off a previously-enabled automatic renewal on a 1-year or 3-year commitment. You cannot use the automatic-renewal option for a 60-day commitment.

    For pricing, see Amazon Web Services Private 5G Pricing.

    " - }, - "networkResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network resource.

    " - }, - "returnReason":{ - "shape":"StartNetworkResourceUpdateRequestReturnReasonString", - "documentation":"

    The reason for the return. Providing a reason for a return is optional.

    " - }, - "shippingAddress":{ - "shape":"Address", - "documentation":"

    The shipping address. If you don't provide a shipping address when replacing or returning a network resource, we use the address from the original order for the network resource.

    " - }, - "updateType":{ - "shape":"UpdateType", - "documentation":"

    The update type.

    • REPLACE - Submits a request to replace a defective radio unit. We provide a shipping label that you can use for the return process and we ship a replacement radio unit to you.

    • RETURN - Submits a request to return a radio unit that you no longer need. We provide a shipping label that you can use for the return process.

    • COMMITMENT - Submits a request to change or renew the commitment period. If you choose this value, then you must set commitmentConfiguration .

    " - } - } - }, - "StartNetworkResourceUpdateRequestReturnReasonString":{ - "type":"string", - "max":1000, - "min":0 - }, - "StartNetworkResourceUpdateResponse":{ - "type":"structure", - "members":{ - "networkResource":{ - "shape":"NetworkResource", - "documentation":"

    The network resource.

    " - } - } - }, - "String":{"type":"string"}, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"^(?!aws:)[^\\x00-\\x1f\\x22]+$" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":50, - "min":1, - "sensitive":true - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":50, - "min":1, - "sensitive":true - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tags" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The tags to add to the resource.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0, - "pattern":"^[^\\x00-\\x1f\\x22]*$" - }, - "ThrottlingException":{ - "type":"structure", - "members":{ - "message":{"shape":"String"} - }, - "documentation":"

    The request was denied due to request throttling.

    ", - "error":{ - "httpStatusCode":429, - "senderFault":true - }, - "exception":true, - "retryable":{"throttling":true} - }, - "Timestamp":{ - "type":"timestamp", - "timestampFormat":"iso8601" - }, - "TrackingInformation":{ - "type":"structure", - "members":{ - "trackingNumber":{ - "shape":"String", - "documentation":"

    The tracking number of the shipment.

    " - } - }, - "documentation":"

    Information about tracking a shipment.

    " - }, - "TrackingInformationList":{ - "type":"list", - "member":{"shape":"TrackingInformation"} - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tagKeys" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tagKeys":{ - "shape":"TagKeyList", - "documentation":"

    The tag keys.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateNetworkSitePlanRequest":{ - "type":"structure", - "required":[ - "networkSiteArn", - "pendingPlan" - ], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    " - }, - "pendingPlan":{ - "shape":"SitePlan", - "documentation":"

    The pending plan.

    " - } - } - }, - "UpdateNetworkSiteRequest":{ - "type":"structure", - "required":["networkSiteArn"], - "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description.

    " - }, - "networkSiteArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the network site.

    " - } - } - }, - "UpdateNetworkSiteResponse":{ - "type":"structure", - "members":{ - "networkSite":{ - "shape":"NetworkSite", - "documentation":"

    Information about the network site.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The network site tags.

    " - } - } - }, - "UpdateType":{ - "type":"string", - "enum":[ - "REPLACE", - "RETURN", - "COMMITMENT" - ] - }, - "ValidationException":{ - "type":"structure", - "required":[ - "message", - "reason" - ], - "members":{ - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

    The list of fields that caused the error, if applicable.

    " - }, - "message":{ - "shape":"String", - "documentation":"

    Description of the error.

    " - }, - "reason":{ - "shape":"ValidationExceptionReason", - "documentation":"

    Reason the request failed validation.

    " - } - }, - "documentation":"

    The request failed validation.

    ", - "error":{ - "httpStatusCode":400, - "senderFault":true - }, - "exception":true - }, - "ValidationExceptionField":{ - "type":"structure", - "required":[ - "message", - "name" - ], - "members":{ - "message":{ - "shape":"String", - "documentation":"

    The message about the validation failure.

    " - }, - "name":{ - "shape":"String", - "documentation":"

    The field name that failed validation.

    " - } - }, - "documentation":"

    Information about a field that failed validation.

    " - }, - "ValidationExceptionFieldList":{ - "type":"list", - "member":{"shape":"ValidationExceptionField"} - }, - "ValidationExceptionReason":{ - "type":"string", - "enum":[ - "UNKNOWN_OPERATION", - "CANNOT_PARSE", - "CANNOT_ASSUME_ROLE", - "FIELD_VALIDATION_FAILED", - "OTHER" - ] - } - }, - "documentation":"

    Amazon Web Services Private 5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile network at your on-premises location. Private 5G provides the pre-configured hardware and software for mobile networks, helps automate setup, and scales capacity on demand to support additional devices as needed.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/proton/2020-07-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/proton/2020-07-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/proton/2020-07-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/proton/2020-07-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/proton/2020-07-20/service-2.json 2.31.35-1/awscli/botocore/data/proton/2020-07-20/service-2.json --- 2.23.6-1/awscli/botocore/data/proton/2020-07-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/proton/2020-07-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,6 +30,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    In a management account, an environment account connection request is accepted. When the environment account connection request is accepted, Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CancelComponentDeployment":{ @@ -48,7 +50,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Attempts to cancel a component deployment (for a component that is in the IN_PROGRESS deployment status).

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Attempts to cancel a component deployment (for a component that is in the IN_PROGRESS deployment status).

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "CancelEnvironmentDeployment":{ "name":"CancelEnvironmentDeployment", @@ -66,7 +70,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Attempts to cancel an environment deployment on an UpdateEnvironment action, if the deployment is IN_PROGRESS. For more information, see Update an environment in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateEnvironment action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    " + "documentation":"

    Attempts to cancel an environment deployment on an UpdateEnvironment action, if the deployment is IN_PROGRESS. For more information, see Update an environment in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateEnvironment action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "CancelServiceInstanceDeployment":{ "name":"CancelServiceInstanceDeployment", @@ -84,7 +90,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Attempts to cancel a service instance deployment on an UpdateServiceInstance action, if the deployment is IN_PROGRESS. For more information, see Update a service instance in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateServiceInstance action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    " + "documentation":"

    Attempts to cancel a service instance deployment on an UpdateServiceInstance action, if the deployment is IN_PROGRESS. For more information, see Update a service instance in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateServiceInstance action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "CancelServicePipelineDeployment":{ "name":"CancelServicePipelineDeployment", @@ -102,7 +110,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Attempts to cancel a service pipeline deployment on an UpdateServicePipeline action, if the deployment is IN_PROGRESS. For more information, see Update a service pipeline in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateServicePipeline action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    " + "documentation":"

    Attempts to cancel a service pipeline deployment on an UpdateServicePipeline action, if the deployment is IN_PROGRESS. For more information, see Update a service pipeline in the Proton User guide.

    The following list includes potential cancellation scenarios.

    • If the cancellation attempt succeeds, the resulting deployment state is CANCELLED.

    • If the cancellation attempt fails, the resulting deployment state is FAILED.

    • If the current UpdateServicePipeline action succeeds before the cancellation attempt starts, the resulting deployment state is SUCCEEDED and the cancellation attempt has no effect.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "CreateComponent":{ "name":"CreateComponent", @@ -122,6 +132,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create an Proton component. A component is an infrastructure extension for a service instance.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateEnvironment":{ @@ -142,6 +154,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Deploy a new environment. An Proton environment is created from an environment template that defines infrastructure and resources that can be shared across services.

    You can provision environments using the following methods:

    • Amazon Web Services-managed provisioning: Proton makes direct calls to provision your resources.

    • Self-managed provisioning: Proton makes pull requests on your repository to provide compiled infrastructure as code (IaC) files that your IaC engine uses to provision resources.

    For more information, see Environments and Provisioning methods in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateEnvironmentAccountConnection":{ @@ -161,6 +175,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create an environment account connection in an environment account so that environment infrastructure resources can be provisioned in the environment account from a management account.

    An environment account connection is a secure bi-directional connection between a management account and an environment account that maintains authorization and permissions. For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateEnvironmentTemplate":{ @@ -180,6 +196,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create an environment template for Proton. For more information, see Environment Templates in the Proton User Guide.

    You can create an environment template in one of the two following ways:

    • Register and publish a standard environment template that instructs Proton to deploy and manage environment infrastructure.

    • Register and publish a customer managed environment template that connects Proton to your existing provisioned infrastructure that you manage. Proton doesn't manage your existing provisioned infrastructure. To create an environment template for customer provisioned and managed infrastructure, include the provisioning parameter and set the value to CUSTOMER_MANAGED. For more information, see Register and publish an environment template in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateEnvironmentTemplateVersion":{ @@ -200,6 +218,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create a new major or minor version of an environment template. A major version of an environment template is a version that isn't backwards compatible. A minor version of an environment template is a version that's backwards compatible within its major version.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateRepository":{ @@ -219,6 +239,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create and register a link to a repository. Proton uses the link to repeatedly access the repository, to either push to it (self-managed provisioning) or pull from it (template sync). You can share a linked repository across multiple resources (like environments using self-managed provisioning, or synced templates). When you create a repository link, Proton creates a service-linked role for you.

    For more information, see Self-managed provisioning, Template bundles, and Template sync configurations in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateService":{ @@ -239,6 +261,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create an Proton service. An Proton service is an instantiation of a service template and often includes several service instances and pipeline. For more information, see Services in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateServiceInstance":{ @@ -258,6 +282,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create a service instance.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateServiceSyncConfig":{ @@ -277,6 +303,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create the Proton Ops configuration file.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateServiceTemplate":{ @@ -296,6 +324,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create a service template. The administrator creates a service template to define standardized infrastructure and an optional CI/CD service pipeline. Developers, in turn, select the service template from Proton. If the selected service template includes a service pipeline definition, they provide a link to their source code repository. Proton then deploys and manages the infrastructure defined by the selected service template. For more information, see Proton templates in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateServiceTemplateVersion":{ @@ -316,6 +346,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Create a new major or minor version of a service template. A major version of a service template is a version that isn't backward compatible. A minor version of a service template is a version that's backward compatible within its major version.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "CreateTemplateSyncConfig":{ @@ -335,6 +367,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Set up a template to create new template versions automatically by tracking a linked repository. A linked repository is a repository that has been registered with Proton. For more information, see CreateRepository.

    When a commit is pushed to your linked repository, Proton checks for changes to your repository template bundles. If it detects a template bundle change, a new major or minor version of its template is created, if the version doesn’t already exist. For more information, see Template sync configurations in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteComponent":{ @@ -354,6 +388,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete an Proton component resource.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteDeployment":{ @@ -372,6 +408,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete the deployment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteEnvironment":{ @@ -391,6 +429,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete an environment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteEnvironmentAccountConnection":{ @@ -410,6 +450,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    In an environment account, delete an environment account connection.

    After you delete an environment account connection that’s in use by an Proton environment, Proton can’t manage the environment infrastructure resources until a new environment account connection is accepted for the environment account and associated environment. You're responsible for cleaning up provisioned resources that remain without an environment connection.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteEnvironmentTemplate":{ @@ -429,6 +471,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    If no other major or minor versions of an environment template exist, delete the environment template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteEnvironmentTemplateVersion":{ @@ -448,6 +492,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    If no other minor versions of an environment template exist, delete a major version of the environment template if it's not the Recommended version. Delete the Recommended version of the environment template if no other major versions or minor versions of the environment template exist. A major version of an environment template is a version that's not backward compatible.

    Delete a minor version of an environment template if it isn't the Recommended version. Delete a Recommended minor version of the environment template if no other minor versions of the environment template exist. A minor version of an environment template is a version that's backward compatible.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteRepository":{ @@ -467,6 +513,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    De-register and unlink your repository.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteService":{ @@ -486,6 +534,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete a service, with its instances and pipeline.

    You can't delete a service if it has any service instances that have components attached to them.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteServiceSyncConfig":{ @@ -505,6 +555,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete the Proton Ops file.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteServiceTemplate":{ @@ -524,6 +576,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    If no other major or minor versions of the service template exist, delete the service template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteServiceTemplateVersion":{ @@ -543,6 +597,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    If no other minor versions of a service template exist, delete a major version of the service template if it's not the Recommended version. Delete the Recommended version of the service template if no other major versions or minor versions of the service template exist. A major version of a service template is a version that isn't backwards compatible.

    Delete a minor version of a service template if it's not the Recommended version. Delete a Recommended minor version of the service template if no other minor versions of the service template exist. A minor version of a service template is a version that's backwards compatible.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "DeleteTemplateSyncConfig":{ @@ -562,6 +618,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Delete a template sync configuration.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "GetAccountSettings":{ @@ -579,7 +637,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detail data for Proton account-wide settings.

    " + "documentation":"

    Get detail data for Proton account-wide settings.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetComponent":{ "name":"GetComponent", @@ -596,7 +656,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a component.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Get detailed data for a component.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetDeployment":{ "name":"GetDeployment", @@ -613,7 +675,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a deployment.

    " + "documentation":"

    Get detailed data for a deployment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetEnvironment":{ "name":"GetEnvironment", @@ -630,7 +694,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for an environment.

    " + "documentation":"

    Get detailed data for an environment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetEnvironmentAccountConnection":{ "name":"GetEnvironmentAccountConnection", @@ -647,7 +713,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    In an environment account, get the detailed data for an environment account connection.

    For more information, see Environment account connections in the Proton User guide.

    " + "documentation":"

    In an environment account, get the detailed data for an environment account connection.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetEnvironmentTemplate":{ "name":"GetEnvironmentTemplate", @@ -664,7 +732,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for an environment template.

    " + "documentation":"

    Get detailed data for an environment template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetEnvironmentTemplateVersion":{ "name":"GetEnvironmentTemplateVersion", @@ -681,7 +751,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a major or minor version of an environment template.

    " + "documentation":"

    Get detailed data for a major or minor version of an environment template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetRepository":{ "name":"GetRepository", @@ -698,7 +770,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detail data for a linked repository.

    " + "documentation":"

    Get detail data for a linked repository.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetRepositorySyncStatus":{ "name":"GetRepositorySyncStatus", @@ -715,7 +789,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get the sync status of a repository used for Proton template sync. For more information about template sync, see .

    A repository sync status isn't tied to the Proton Repository resource (or any other Proton resource). Therefore, tags on an Proton Repository resource have no effect on this action. Specifically, you can't use these tags to control access to this action using Attribute-based access control (ABAC).

    For more information about ABAC, see ABAC in the Proton User Guide.

    " + "documentation":"

    Get the sync status of a repository used for Proton template sync. For more information about template sync, see .

    A repository sync status isn't tied to the Proton Repository resource (or any other Proton resource). Therefore, tags on an Proton Repository resource have no effect on this action. Specifically, you can't use these tags to control access to this action using Attribute-based access control (ABAC).

    For more information about ABAC, see ABAC in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetResourcesSummary":{ "name":"GetResourcesSummary", @@ -731,7 +807,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get counts of Proton resources.

    For infrastructure-provisioning resources (environments, services, service instances, pipelines), the action returns staleness counts. A resource is stale when it's behind the recommended version of the Proton template that it uses and it needs an update to become current.

    The action returns staleness counts (counts of resources that are up-to-date, behind a template major version, or behind a template minor version), the total number of resources, and the number of resources that are in a failed state, grouped by resource type. Components, environments, and service templates return less information - see the components, environments, and serviceTemplates field descriptions.

    For context, the action also returns the total number of each type of Proton template in the Amazon Web Services account.

    For more information, see Proton dashboard in the Proton User Guide.

    " + "documentation":"

    Get counts of Proton resources.

    For infrastructure-provisioning resources (environments, services, service instances, pipelines), the action returns staleness counts. A resource is stale when it's behind the recommended version of the Proton template that it uses and it needs an update to become current.

    The action returns staleness counts (counts of resources that are up-to-date, behind a template major version, or behind a template minor version), the total number of resources, and the number of resources that are in a failed state, grouped by resource type. Components, environments, and service templates return less information - see the components, environments, and serviceTemplates field descriptions.

    For context, the action also returns the total number of each type of Proton template in the Amazon Web Services account.

    For more information, see Proton dashboard in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetService":{ "name":"GetService", @@ -748,7 +826,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a service.

    " + "documentation":"

    Get detailed data for a service.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceInstance":{ "name":"GetServiceInstance", @@ -765,7 +845,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a service instance. A service instance is an instantiation of service template and it runs in a specific environment.

    " + "documentation":"

    Get detailed data for a service instance. A service instance is an instantiation of service template and it runs in a specific environment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceInstanceSyncStatus":{ "name":"GetServiceInstanceSyncStatus", @@ -782,7 +864,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get the status of the synced service instance.

    " + "documentation":"

    Get the status of the synced service instance.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceSyncBlockerSummary":{ "name":"GetServiceSyncBlockerSummary", @@ -799,7 +883,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for the service sync blocker summary.

    " + "documentation":"

    Get detailed data for the service sync blocker summary.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceSyncConfig":{ "name":"GetServiceSyncConfig", @@ -816,7 +902,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed information for the service sync configuration.

    " + "documentation":"

    Get detailed information for the service sync configuration.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceTemplate":{ "name":"GetServiceTemplate", @@ -833,7 +921,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a service template.

    " + "documentation":"

    Get detailed data for a service template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetServiceTemplateVersion":{ "name":"GetServiceTemplateVersion", @@ -850,7 +940,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detailed data for a major or minor version of a service template.

    " + "documentation":"

    Get detailed data for a major or minor version of a service template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetTemplateSyncConfig":{ "name":"GetTemplateSyncConfig", @@ -867,7 +959,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get detail data for a template sync configuration.

    " + "documentation":"

    Get detail data for a template sync configuration.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "GetTemplateSyncStatus":{ "name":"GetTemplateSyncStatus", @@ -884,7 +978,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get the status of a template sync.

    " + "documentation":"

    Get the status of a template sync.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListComponentOutputs":{ "name":"ListComponentOutputs", @@ -901,7 +997,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get a list of component Infrastructure as Code (IaC) outputs.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Get a list of component Infrastructure as Code (IaC) outputs.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListComponentProvisionedResources":{ "name":"ListComponentProvisionedResources", @@ -918,7 +1016,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List provisioned resources for a component with details.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    List provisioned resources for a component with details.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListComponents":{ "name":"ListComponents", @@ -934,7 +1034,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List components with summary data. You can filter the result list by environment, service, or a single service instance.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    List components with summary data. You can filter the result list by environment, service, or a single service instance.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListDeployments":{ "name":"ListDeployments", @@ -951,7 +1053,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List deployments. You can filter the result list by environment, service, or a single service instance.

    " + "documentation":"

    List deployments. You can filter the result list by environment, service, or a single service instance.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironmentAccountConnections":{ "name":"ListEnvironmentAccountConnections", @@ -967,7 +1071,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    View a list of environment account connections.

    For more information, see Environment account connections in the Proton User guide.

    " + "documentation":"

    View a list of environment account connections.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironmentOutputs":{ "name":"ListEnvironmentOutputs", @@ -984,7 +1090,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List the infrastructure as code outputs for your environment.

    " + "documentation":"

    List the infrastructure as code outputs for your environment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironmentProvisionedResources":{ "name":"ListEnvironmentProvisionedResources", @@ -1001,7 +1109,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List the provisioned resources for your environment.

    " + "documentation":"

    List the provisioned resources for your environment.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironmentTemplateVersions":{ "name":"ListEnvironmentTemplateVersions", @@ -1018,7 +1128,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List major or minor versions of an environment template with detail data.

    " + "documentation":"

    List major or minor versions of an environment template with detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironmentTemplates":{ "name":"ListEnvironmentTemplates", @@ -1034,7 +1146,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List environment templates.

    " + "documentation":"

    List environment templates.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListEnvironments":{ "name":"ListEnvironments", @@ -1051,7 +1165,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List environments with detail data summaries.

    " + "documentation":"

    List environments with detail data summaries.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListRepositories":{ "name":"ListRepositories", @@ -1068,7 +1184,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List linked repositories with detail data.

    " + "documentation":"

    List linked repositories with detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListRepositorySyncDefinitions":{ "name":"ListRepositorySyncDefinitions", @@ -1084,7 +1202,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List repository sync definitions with detail data.

    " + "documentation":"

    List repository sync definitions with detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServiceInstanceOutputs":{ "name":"ListServiceInstanceOutputs", @@ -1101,7 +1221,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get a list service of instance Infrastructure as Code (IaC) outputs.

    " + "documentation":"

    Get a list service of instance Infrastructure as Code (IaC) outputs.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServiceInstanceProvisionedResources":{ "name":"ListServiceInstanceProvisionedResources", @@ -1118,7 +1240,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List provisioned resources for a service instance with details.

    " + "documentation":"

    List provisioned resources for a service instance with details.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServiceInstances":{ "name":"ListServiceInstances", @@ -1135,7 +1259,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List service instances with summary data. This action lists service instances of all services in the Amazon Web Services account.

    " + "documentation":"

    List service instances with summary data. This action lists service instances of all services in the Amazon Web Services account.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServicePipelineOutputs":{ "name":"ListServicePipelineOutputs", @@ -1152,7 +1278,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get a list of service pipeline Infrastructure as Code (IaC) outputs.

    " + "documentation":"

    Get a list of service pipeline Infrastructure as Code (IaC) outputs.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServicePipelineProvisionedResources":{ "name":"ListServicePipelineProvisionedResources", @@ -1169,7 +1297,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List provisioned resources for a service and pipeline with details.

    " + "documentation":"

    List provisioned resources for a service and pipeline with details.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServiceTemplateVersions":{ "name":"ListServiceTemplateVersions", @@ -1186,7 +1316,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List major or minor versions of a service template with detail data.

    " + "documentation":"

    List major or minor versions of a service template with detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServiceTemplates":{ "name":"ListServiceTemplates", @@ -1202,7 +1334,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List service templates with detail data.

    " + "documentation":"

    List service templates with detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListServices":{ "name":"ListServices", @@ -1218,7 +1352,9 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List services with summaries of detail data.

    " + "documentation":"

    List services with summaries of detail data.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1235,7 +1371,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List tags for a resource. For more information, see Proton resources and tagging in the Proton User Guide.

    " + "documentation":"

    List tags for a resource. For more information, see Proton resources and tagging in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "NotifyResourceDeploymentStatusChange":{ "name":"NotifyResourceDeploymentStatusChange", @@ -1254,7 +1392,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Notify Proton of status changes to a provisioned resource when you use self-managed provisioning.

    For more information, see Self-managed provisioning in the Proton User Guide.

    " + "documentation":"

    Notify Proton of status changes to a provisioned resource when you use self-managed provisioning.

    For more information, see Self-managed provisioning in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "RejectEnvironmentAccountConnection":{ "name":"RejectEnvironmentAccountConnection", @@ -1273,6 +1413,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    In a management account, reject an environment account connection from another environment account.

    After you reject an environment account connection request, you can't accept or use the rejected environment account connection.

    You can’t reject an environment account connection that's connected to an environment.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "TagResource":{ @@ -1292,6 +1434,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Tag a resource. A tag is a key-value pair of metadata that you associate with an Proton resource.

    For more information, see Proton resources and tagging in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "UntagResource":{ @@ -1311,6 +1455,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    Remove a customer tag from a resource. A tag is a key-value pair of metadata associated with an Proton resource.

    For more information, see Proton resources and tagging in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "UpdateAccountSettings":{ @@ -1328,7 +1474,9 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update Proton settings that are used for multiple services in the Amazon Web Services account.

    " + "documentation":"

    Update Proton settings that are used for multiple services in the Amazon Web Services account.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateComponent":{ "name":"UpdateComponent", @@ -1347,7 +1495,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a component.

    There are a few modes for updating a component. The deploymentType field defines the mode.

    You can't update a component while its deployment status, or the deployment status of a service instance attached to it, is IN_PROGRESS.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Update a component.

    There are a few modes for updating a component. The deploymentType field defines the mode.

    You can't update a component while its deployment status, or the deployment status of a service instance attached to it, is IN_PROGRESS.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateEnvironment":{ "name":"UpdateEnvironment", @@ -1365,7 +1515,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update an environment.

    If the environment is associated with an environment account connection, don't update or include the protonServiceRoleArn and provisioningRepository parameter to update or connect to an environment account connection.

    You can only update to a new environment account connection if that connection was created in the same environment account that the current environment account connection was created in. The account connection must also be associated with the current environment.

    If the environment isn't associated with an environment account connection, don't update or include the environmentAccountConnectionId parameter. You can't update or connect the environment to an environment account connection if it isn't already associated with an environment connection.

    You can update either the environmentAccountConnectionId or protonServiceRoleArn parameter and value. You can’t update both.

    If the environment was configured for Amazon Web Services-managed provisioning, omit the provisioningRepository parameter.

    If the environment was configured for self-managed provisioning, specify the provisioningRepository parameter and omit the protonServiceRoleArn and environmentAccountConnectionId parameters.

    For more information, see Environments and Provisioning methods in the Proton User Guide.

    There are four modes for updating an environment. The deploymentType field defines the mode.

    NONE

    In this mode, a deployment doesn't occur. Only the requested metadata parameters are updated.

    CURRENT_VERSION

    In this mode, the environment is deployed and updated with the new spec that you provide. Only requested parameters are updated. Don’t include minor or major version parameters when you use this deployment-type.

    MINOR_VERSION

    In this mode, the environment is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can also specify a different minor version of the current major version in use.

    MAJOR_VERSION

    In this mode, the environment is deployed and updated with the published, recommended (latest) major and minor version of the current template, by default. You can also specify a different major version that's higher than the major version in use and a minor version.

    " + "documentation":"

    Update an environment.

    If the environment is associated with an environment account connection, don't update or include the protonServiceRoleArn and provisioningRepository parameter to update or connect to an environment account connection.

    You can only update to a new environment account connection if that connection was created in the same environment account that the current environment account connection was created in. The account connection must also be associated with the current environment.

    If the environment isn't associated with an environment account connection, don't update or include the environmentAccountConnectionId parameter. You can't update or connect the environment to an environment account connection if it isn't already associated with an environment connection.

    You can update either the environmentAccountConnectionId or protonServiceRoleArn parameter and value. You can’t update both.

    If the environment was configured for Amazon Web Services-managed provisioning, omit the provisioningRepository parameter.

    If the environment was configured for self-managed provisioning, specify the provisioningRepository parameter and omit the protonServiceRoleArn and environmentAccountConnectionId parameters.

    For more information, see Environments and Provisioning methods in the Proton User Guide.

    There are four modes for updating an environment. The deploymentType field defines the mode.

    NONE

    In this mode, a deployment doesn't occur. Only the requested metadata parameters are updated.

    CURRENT_VERSION

    In this mode, the environment is deployed and updated with the new spec that you provide. Only requested parameters are updated. Don’t include minor or major version parameters when you use this deployment-type.

    MINOR_VERSION

    In this mode, the environment is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can also specify a different minor version of the current major version in use.

    MAJOR_VERSION

    In this mode, the environment is deployed and updated with the published, recommended (latest) major and minor version of the current template, by default. You can also specify a different major version that's higher than the major version in use and a minor version.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateEnvironmentAccountConnection":{ "name":"UpdateEnvironmentAccountConnection", @@ -1384,6 +1536,8 @@ {"shape":"InternalServerException"} ], "documentation":"

    In an environment account, update an environment account connection to use a new IAM role.

    For more information, see Environment account connections in the Proton User guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers.", "idempotent":true }, "UpdateEnvironmentTemplate":{ @@ -1402,7 +1556,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update an environment template.

    " + "documentation":"

    Update an environment template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateEnvironmentTemplateVersion":{ "name":"UpdateEnvironmentTemplateVersion", @@ -1420,7 +1576,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a major or minor version of an environment template.

    " + "documentation":"

    Update a major or minor version of an environment template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateService":{ "name":"UpdateService", @@ -1439,7 +1597,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Edit a service description or use a spec to add and delete service instances.

    Existing service instances and the service pipeline can't be edited using this API. They can only be deleted.

    Use the description parameter to modify the description.

    Edit the spec parameter to add or delete instances.

    You can't delete a service instance (remove it from the spec) if it has an attached component.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Edit a service description or use a spec to add and delete service instances.

    Existing service instances and the service pipeline can't be edited using this API. They can only be deleted.

    Use the description parameter to modify the description.

    Edit the spec parameter to add or delete instances.

    You can't delete a service instance (remove it from the spec) if it has an attached component.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServiceInstance":{ "name":"UpdateServiceInstance", @@ -1457,7 +1617,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a service instance.

    There are a few modes for updating a service instance. The deploymentType field defines the mode.

    You can't update a service instance while its deployment status, or the deployment status of a component attached to it, is IN_PROGRESS.

    For more information about components, see Proton components in the Proton User Guide.

    " + "documentation":"

    Update a service instance.

    There are a few modes for updating a service instance. The deploymentType field defines the mode.

    You can't update a service instance while its deployment status, or the deployment status of a component attached to it, is IN_PROGRESS.

    For more information about components, see Proton components in the Proton User Guide.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServicePipeline":{ "name":"UpdateServicePipeline", @@ -1475,7 +1637,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update the service pipeline.

    There are four modes for updating a service pipeline. The deploymentType field defines the mode.

    NONE

    In this mode, a deployment doesn't occur. Only the requested metadata parameters are updated.

    CURRENT_VERSION

    In this mode, the service pipeline is deployed and updated with the new spec that you provide. Only requested parameters are updated. Don’t include major or minor version parameters when you use this deployment-type.

    MINOR_VERSION

    In this mode, the service pipeline is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can specify a different minor version of the current major version in use.

    MAJOR_VERSION

    In this mode, the service pipeline is deployed and updated with the published, recommended (latest) major and minor version of the current template by default. You can specify a different major version that's higher than the major version in use and a minor version.

    " + "documentation":"

    Update the service pipeline.

    There are four modes for updating a service pipeline. The deploymentType field defines the mode.

    NONE

    In this mode, a deployment doesn't occur. Only the requested metadata parameters are updated.

    CURRENT_VERSION

    In this mode, the service pipeline is deployed and updated with the new spec that you provide. Only requested parameters are updated. Don’t include major or minor version parameters when you use this deployment-type.

    MINOR_VERSION

    In this mode, the service pipeline is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can specify a different minor version of the current major version in use.

    MAJOR_VERSION

    In this mode, the service pipeline is deployed and updated with the published, recommended (latest) major and minor version of the current template by default. You can specify a different major version that's higher than the major version in use and a minor version.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServiceSyncBlocker":{ "name":"UpdateServiceSyncBlocker", @@ -1493,7 +1657,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update the service sync blocker by resolving it.

    " + "documentation":"

    Update the service sync blocker by resolving it.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServiceSyncConfig":{ "name":"UpdateServiceSyncConfig", @@ -1511,7 +1677,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update the Proton Ops config file.

    " + "documentation":"

    Update the Proton Ops config file.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServiceTemplate":{ "name":"UpdateServiceTemplate", @@ -1529,7 +1697,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a service template.

    " + "documentation":"

    Update a service template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateServiceTemplateVersion":{ "name":"UpdateServiceTemplateVersion", @@ -1547,7 +1717,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update a major or minor version of a service template.

    " + "documentation":"

    Update a major or minor version of a service template.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." }, "UpdateTemplateSyncConfig":{ "name":"UpdateTemplateSyncConfig", @@ -1565,7 +1737,9 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Update template sync configuration parameters, except for the templateName and templateType. Repository details (branch, name, and provider) should be of a linked repository. A linked repository is a repository that has been registered with Proton. For more information, see CreateRepository.

    " + "documentation":"

    Update template sync configuration parameters, except for the templateName and templateType. Repository details (branch, name, and provider) should be of a linked repository. A linked repository is a repository that has been registered with Proton. For more information, see CreateRepository.

    ", + "deprecated":true, + "deprecatedMessage":"AWS Proton is not accepting new customers." } }, "shapes":{ diff -pruN 2.23.6-1/awscli/botocore/data/qapps/2023-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/qapps/2023-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/qapps/2023-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qapps/2023-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/qapps/2023-11-27/service-2.json 2.31.35-1/awscli/botocore/data/qapps/2023-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/qapps/2023-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qapps/2023-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -145,7 +145,7 @@ {"shape":"UnauthorizedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Creates a presigned URL for an S3 POST operation to upload a file. You can use this URL to set a default file for a FileUploadCard in a Q App definition or to provide a file for a single Q App run. The scope parameter determines how the file will be used, either at the app definition level or the app session level.

    " + "documentation":"

    Creates a presigned URL for an S3 POST operation to upload a file. You can use this URL to set a default file for a FileUploadCard in a Q App definition or to provide a file for a single Q App run. The scope parameter determines how the file will be used, either at the app definition level or the app session level.

    The IAM permissions are derived from the qapps:ImportDocument action. For more information on the IAM policy for Amazon Q Apps, see IAM permissions for using Amazon Q Apps.

    " }, "CreateQApp":{ "name":"CreateQApp", @@ -1648,8 +1648,7 @@ }, "Document":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "DocumentAttribute":{ @@ -1927,8 +1926,7 @@ }, "FormInputCardMetadataSchema":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "GetLibraryItemInput":{ @@ -3283,8 +3281,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3442,8 +3439,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLibraryItemInput":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,20 +5,20 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.json 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.json --- 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -107,6 +107,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "relevantContent" + }, + "ListSubscriptions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "subscriptions" + }, + "ListChatResponseConfigurations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "chatResponseConfigurations" } } } diff -pruN 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.sdk-extras.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,9 +6,11 @@ "non_aggregate_keys": [ "responseScope", "blockedPhrases", - "creatorModeConfiguration" + "creatorModeConfiguration", + "orchestrationConfiguration", + "hallucinationReductionConfiguration" ] } } } -} \ No newline at end of file +} diff -pruN 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/service-2.json 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/qbusiness/2023-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qbusiness/2023-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,15 +24,15 @@ "input":{"shape":"AssociatePermissionRequest"}, "output":{"shape":"AssociatePermissionResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Adds or updates a permission policy for a Q Business application, allowing cross-account access for an ISV. This operation creates a new policy statement for the specified Q Business application. The policy statement defines the IAM actions that the ISV is allowed to perform on the Q Business application's resources.

    " + "documentation":"

    Adds or updates a permission policy for a Amazon Q Business application, allowing cross-account access for an ISV. This operation creates a new policy statement for the specified Amazon Q Business application. The policy statement defines the IAM actions that the ISV is allowed to perform on the Amazon Q Business application's resources.

    " }, "BatchDeleteDocument":{ "name":"BatchDeleteDocument", @@ -44,8 +44,8 @@ "input":{"shape":"BatchDeleteDocumentRequest"}, "output":{"shape":"BatchDeleteDocumentResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -63,8 +63,8 @@ "input":{"shape":"BatchPutDocumentRequest"}, "output":{"shape":"BatchPutDocumentResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -73,6 +73,25 @@ ], "documentation":"

    Adds one or more documents to an Amazon Q Business index.

    You use this API to:

    • ingest your structured and unstructured documents and documents stored in an Amazon S3 bucket into an Amazon Q Business index.

    • add custom attributes to documents in an Amazon Q Business index.

    • attach an access control list to the documents added to an Amazon Q Business index.

    You can see the progress of the deletion, and any error messages related to the process, by using CloudWatch.

    " }, + "CancelSubscription":{ + "name":"CancelSubscription", + "http":{ + "method":"DELETE", + "requestUri":"/applications/{applicationId}/subscriptions/{subscriptionId}", + "responseCode":200 + }, + "input":{"shape":"CancelSubscriptionRequest"}, + "output":{"shape":"CancelSubscriptionResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Unsubscribes a user or a group from their pricing tier in an Amazon Q Business application. An unsubscribed user or group loses all Amazon Q Business feature access at the start of next month.

    ", + "idempotent":true + }, "Chat":{ "name":"Chat", "http":{ @@ -83,10 +102,10 @@ "input":{"shape":"ChatInput"}, "output":{"shape":"ChatOutput"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, - {"shape":"LicenseNotFoundException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"LicenseNotFoundException"}, {"shape":"ExternalResourceException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -104,10 +123,10 @@ "input":{"shape":"ChatSyncInput"}, "output":{"shape":"ChatSyncOutput"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, - {"shape":"LicenseNotFoundException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"LicenseNotFoundException"}, {"shape":"ExternalResourceException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -115,6 +134,43 @@ ], "documentation":"

    Starts or continues a non-streaming Amazon Q Business conversation.

    " }, + "CheckDocumentAccess":{ + "name":"CheckDocumentAccess", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/index/{indexId}/users/{userId}/documents/{documentId}/check-document-access", + "responseCode":200 + }, + "input":{"shape":"CheckDocumentAccessRequest"}, + "output":{"shape":"CheckDocumentAccessResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Verifies if a user has access permissions for a specified document and returns the actual ACL attached to the document. Resolves user access on the document via user aliases and groups when verifying user access.

    " + }, + "CreateAnonymousWebExperienceUrl":{ + "name":"CreateAnonymousWebExperienceUrl", + "http":{ + "method":"POST", + "requestUri":"/applications/{applicationId}/experiences/{webExperienceId}/anonymous-url", + "responseCode":200 + }, + "input":{"shape":"CreateAnonymousWebExperienceUrlRequest"}, + "output":{"shape":"CreateAnonymousWebExperienceUrlResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Creates a unique URL for anonymous Amazon Q Business web experience. This URL can only be used once and must be used within 5 minutes after it's generated.

    " + }, "CreateApplication":{ "name":"CreateApplication", "http":{ @@ -125,8 +181,8 @@ "input":{"shape":"CreateApplicationRequest"}, "output":{"shape":"CreateApplicationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -136,6 +192,27 @@ "documentation":"

    Creates an Amazon Q Business application.

    There are new tiers for Amazon Q Business. Not all features in Amazon Q Business Pro are also available in Amazon Q Business Lite. For information on what's included in Amazon Q Business Lite and what's included in Amazon Q Business Pro, see Amazon Q Business tiers. You must use the Amazon Q Business console to assign subscription tiers to users.

    An Amazon Q Apps service linked role will be created if it's absent in the Amazon Web Services account when QAppsConfiguration is enabled in the request. For more information, see Using service-linked roles for Q Apps.

    When you create an application, Amazon Q Business may securely transmit data for processing from your selected Amazon Web Services region, but within your geography. For more information, see Cross region inference in Amazon Q Business.

    ", "idempotent":true }, + "CreateChatResponseConfiguration":{ + "name":"CreateChatResponseConfiguration", + "http":{ + "method":"POST", + "requestUri":"/applications/{applicationId}/chatresponseconfigurations", + "responseCode":200 + }, + "input":{"shape":"CreateChatResponseConfigurationRequest"}, + "output":{"shape":"CreateChatResponseConfigurationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Creates a new chat response configuration for an Amazon Q Business application. This operation establishes a set of parameters that define how the system generates and formats responses to user queries in chat interactions.

    ", + "idempotent":true + }, "CreateDataAccessor":{ "name":"CreateDataAccessor", "http":{ @@ -146,15 +223,15 @@ "input":{"shape":"CreateDataAccessorRequest"}, "output":{"shape":"CreateDataAccessorResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Creates a new data accessor for an ISV to access data from a Q Business application. The data accessor is an entity that represents the ISV's access to the Q Business application's data. It includes the IAM role ARN for the ISV, a friendly name, and a set of action configurations that define the specific actions the ISV is allowed to perform and any associated data filters. When the data accessor is created, an AWS IAM Identity Center application is also created to manage the ISV's identity and authentication for accessing the Q Business application.

    ", + "documentation":"

    Creates a new data accessor for an ISV to access data from a Amazon Q Business application. The data accessor is an entity that represents the ISV's access to the Amazon Q Business application's data. It includes the IAM role ARN for the ISV, a friendly name, and a set of action configurations that define the specific actions the ISV is allowed to perform and any associated data filters. When the data accessor is created, an IAM Identity Center application is also created to manage the ISV's identity and authentication for accessing the Amazon Q Business application.

    ", "idempotent":true }, "CreateDataSource":{ @@ -167,8 +244,8 @@ "input":{"shape":"CreateDataSourceRequest"}, "output":{"shape":"CreateDataSourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -188,8 +265,8 @@ "input":{"shape":"CreateIndexRequest"}, "output":{"shape":"CreateIndexResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -208,8 +285,8 @@ "input":{"shape":"CreatePluginRequest"}, "output":{"shape":"CreatePluginResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -229,8 +306,8 @@ "input":{"shape":"CreateRetrieverRequest"}, "output":{"shape":"CreateRetrieverResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -239,6 +316,26 @@ ], "documentation":"

    Adds a retriever to your Amazon Q Business application.

    " }, + "CreateSubscription":{ + "name":"CreateSubscription", + "http":{ + "method":"POST", + "requestUri":"/applications/{applicationId}/subscriptions", + "responseCode":200 + }, + "input":{"shape":"CreateSubscriptionRequest"}, + "output":{"shape":"CreateSubscriptionResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Subscribes an IAM Identity Center user or a group to a pricing tier for an Amazon Q Business application.

    Amazon Q Business offers two subscription tiers: Q_LITE and Q_BUSINESS. Subscription tier determines feature access for the user. For more information on subscriptions and pricing tiers, see Amazon Q Business pricing.

    For an example IAM role policy for assigning subscriptions, see Set up required permissions in the Amazon Q Business User Guide.

    ", + "idempotent":true + }, "CreateUser":{ "name":"CreateUser", "http":{ @@ -249,8 +346,8 @@ "input":{"shape":"CreateUserRequest"}, "output":{"shape":"CreateUserResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -270,8 +367,8 @@ "input":{"shape":"CreateWebExperienceRequest"}, "output":{"shape":"CreateWebExperienceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -290,8 +387,8 @@ "input":{"shape":"DeleteApplicationRequest"}, "output":{"shape":"DeleteApplicationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -300,6 +397,26 @@ "documentation":"

    Deletes an Amazon Q Business application.

    ", "idempotent":true }, + "DeleteAttachment":{ + "name":"DeleteAttachment", + "http":{ + "method":"DELETE", + "requestUri":"/applications/{applicationId}/conversations/{conversationId}/attachments/{attachmentId}", + "responseCode":200 + }, + "input":{"shape":"DeleteAttachmentRequest"}, + "output":{"shape":"DeleteAttachmentResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LicenseNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes an attachment associated with a specific Amazon Q Business conversation.

    ", + "idempotent":true + }, "DeleteChatControlsConfiguration":{ "name":"DeleteChatControlsConfiguration", "http":{ @@ -310,8 +427,8 @@ "input":{"shape":"DeleteChatControlsConfigurationRequest"}, "output":{"shape":"DeleteChatControlsConfigurationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -319,6 +436,26 @@ "documentation":"

    Deletes chat controls configured for an existing Amazon Q Business application.

    ", "idempotent":true }, + "DeleteChatResponseConfiguration":{ + "name":"DeleteChatResponseConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/applications/{applicationId}/chatresponseconfigurations/{chatResponseConfigurationId}", + "responseCode":200 + }, + "input":{"shape":"DeleteChatResponseConfigurationRequest"}, + "output":{"shape":"DeleteChatResponseConfigurationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes a specified chat response configuration from an Amazon Q Business application.

    ", + "idempotent":true + }, "DeleteConversation":{ "name":"DeleteConversation", "http":{ @@ -329,8 +466,9 @@ "input":{"shape":"DeleteConversationRequest"}, "output":{"shape":"DeleteConversationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -349,14 +487,14 @@ "input":{"shape":"DeleteDataAccessorRequest"}, "output":{"shape":"DeleteDataAccessorResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Deletes a specified data accessor. This operation permanently removes the data accessor and its associated AWS IAM Identity Center application. Any access granted to the ISV through this data accessor will be revoked

    ", + "documentation":"

    Deletes a specified data accessor. This operation permanently removes the data accessor and its associated IAM Identity Center application. Any access granted to the ISV through this data accessor will be revoked.

    ", "idempotent":true }, "DeleteDataSource":{ @@ -369,8 +507,8 @@ "input":{"shape":"DeleteDataSourceRequest"}, "output":{"shape":"DeleteDataSourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -389,8 +527,8 @@ "input":{"shape":"DeleteGroupRequest"}, "output":{"shape":"DeleteGroupResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -409,8 +547,8 @@ "input":{"shape":"DeleteIndexRequest"}, "output":{"shape":"DeleteIndexResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -429,8 +567,8 @@ "input":{"shape":"DeletePluginRequest"}, "output":{"shape":"DeletePluginResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -449,8 +587,8 @@ "input":{"shape":"DeleteRetrieverRequest"}, "output":{"shape":"DeleteRetrieverResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -469,8 +607,8 @@ "input":{"shape":"DeleteUserRequest"}, "output":{"shape":"DeleteUserResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -489,8 +627,8 @@ "input":{"shape":"DeleteWebExperienceRequest"}, "output":{"shape":"DeleteWebExperienceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -509,14 +647,14 @@ "input":{"shape":"DisassociatePermissionRequest"}, "output":{"shape":"DisassociatePermissionResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Removes a permission policy from a Q Business application, revoking the cross-account access that was previously granted to an ISV. This operation deletes the specified policy statement from the application's permission policy.

    ", + "documentation":"

    Removes a permission policy from a Amazon Q Business application, revoking the cross-account access that was previously granted to an ISV. This operation deletes the specified policy statement from the application's permission policy.

    ", "idempotent":true }, "GetApplication":{ @@ -529,8 +667,8 @@ "input":{"shape":"GetApplicationRequest"}, "output":{"shape":"GetApplicationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -547,13 +685,31 @@ "input":{"shape":"GetChatControlsConfigurationRequest"}, "output":{"shape":"GetChatControlsConfigurationResponse"}, "errors":[ + {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Gets information about chat controls configured for an existing Amazon Q Business application.

    " + }, + "GetChatResponseConfiguration":{ + "name":"GetChatResponseConfiguration", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/chatresponseconfigurations/{chatResponseConfigurationId}", + "responseCode":200 + }, + "input":{"shape":"GetChatResponseConfigurationRequest"}, + "output":{"shape":"GetChatResponseConfigurationResponse"}, + "errors":[ {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Gets information about an chat controls configured for an existing Amazon Q Business application.

    " + "documentation":"

    Retrieves detailed information about a specific chat response configuration from an Amazon Q Business application. This operation returns the complete configuration settings and metadata.

    " }, "GetDataAccessor":{ "name":"GetDataAccessor", @@ -565,13 +721,13 @@ "input":{"shape":"GetDataAccessorRequest"}, "output":{"shape":"GetDataAccessorResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves information about a specified data accessor. This operation returns details about the data accessor, including its display name, unique identifier, Amazon Resource Name (ARN), the associated Q Business application and AWS IAM Identity Center application, the IAM role for the ISV, the action configurations, and the timestamps for when the data accessor was created and last updated.

    " + "documentation":"

    Retrieves information about a specified data accessor. This operation returns details about the data accessor, including its display name, unique identifier, Amazon Resource Name (ARN), the associated Amazon Q Business application and IAM Identity Center application, the IAM role for the ISV, the action configurations, and the timestamps for when the data accessor was created and last updated.

    " }, "GetDataSource":{ "name":"GetDataSource", @@ -583,14 +739,32 @@ "input":{"shape":"GetDataSourceRequest"}, "output":{"shape":"GetDataSourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], "documentation":"

    Gets information about an existing Amazon Q Business data source connector.

    " }, + "GetDocumentContent":{ + "name":"GetDocumentContent", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/index/{indexId}/documents/{documentId}/content", + "responseCode":200 + }, + "input":{"shape":"GetDocumentContentRequest"}, + "output":{"shape":"GetDocumentContentResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves the content of a document that was ingested into Amazon Q Business. This API validates user authorization against document ACLs before returning a pre-signed URL for secure document access. You can download or view source documents referenced in chat responses through the URL.

    " + }, "GetGroup":{ "name":"GetGroup", "http":{ @@ -601,8 +775,8 @@ "input":{"shape":"GetGroupRequest"}, "output":{"shape":"GetGroupResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -620,8 +794,8 @@ "input":{"shape":"GetIndexRequest"}, "output":{"shape":"GetIndexResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -638,8 +812,8 @@ "input":{"shape":"GetMediaRequest"}, "output":{"shape":"GetMediaResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"LicenseNotFoundException"}, {"shape":"MediaTooLargeException"}, {"shape":"ThrottlingException"}, @@ -658,8 +832,8 @@ "input":{"shape":"GetPluginRequest"}, "output":{"shape":"GetPluginResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -676,13 +850,13 @@ "input":{"shape":"GetPolicyRequest"}, "output":{"shape":"GetPolicyResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves the current permission policy for a Q Business application. The policy is returned as a JSON-formatted string and defines the IAM actions that are allowed or denied for the application's resources.

    " + "documentation":"

    Retrieves the current permission policy for a Amazon Q Business application. The policy is returned as a JSON-formatted string and defines the IAM actions that are allowed or denied for the application's resources.

    " }, "GetRetriever":{ "name":"GetRetriever", @@ -694,8 +868,8 @@ "input":{"shape":"GetRetrieverRequest"}, "output":{"shape":"GetRetrieverResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -712,8 +886,8 @@ "input":{"shape":"GetUserRequest"}, "output":{"shape":"GetUserResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -731,8 +905,8 @@ "input":{"shape":"GetWebExperienceRequest"}, "output":{"shape":"GetWebExperienceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -766,8 +940,8 @@ "input":{"shape":"ListAttachmentsRequest"}, "output":{"shape":"ListAttachmentsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -775,6 +949,24 @@ ], "documentation":"

    Gets a list of attachments associated with an Amazon Q Business web experience or a list of attachements associated with a specific Amazon Q Business conversation.

    " }, + "ListChatResponseConfigurations":{ + "name":"ListChatResponseConfigurations", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/chatresponseconfigurations", + "responseCode":200 + }, + "input":{"shape":"ListChatResponseConfigurationsRequest"}, + "output":{"shape":"ListChatResponseConfigurationsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves a list of all chat response configurations available in a specified Amazon Q Business application. This operation returns summary information about each configuration to help administrators manage and select appropriate response settings.

    " + }, "ListConversations":{ "name":"ListConversations", "http":{ @@ -785,8 +977,8 @@ "input":{"shape":"ListConversationsRequest"}, "output":{"shape":"ListConversationsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -804,13 +996,13 @@ "input":{"shape":"ListDataAccessorsRequest"}, "output":{"shape":"ListDataAccessorsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Lists the data accessors for a Q Business application. This operation returns a paginated list of data accessor summaries, including the friendly name, unique identifier, ARN, associated IAM role, and creation/update timestamps for each data accessor.

    " + "documentation":"

    Lists the data accessors for a Amazon Q Business application. This operation returns a paginated list of data accessor summaries, including the friendly name, unique identifier, ARN, associated IAM role, and creation/update timestamps for each data accessor.

    " }, "ListDataSourceSyncJobs":{ "name":"ListDataSourceSyncJobs", @@ -822,8 +1014,8 @@ "input":{"shape":"ListDataSourceSyncJobsRequest"}, "output":{"shape":"ListDataSourceSyncJobsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -841,8 +1033,8 @@ "input":{"shape":"ListDataSourcesRequest"}, "output":{"shape":"ListDataSourcesResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -859,8 +1051,8 @@ "input":{"shape":"ListDocumentsRequest"}, "output":{"shape":"ListDocumentsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -877,8 +1069,8 @@ "input":{"shape":"ListGroupsRequest"}, "output":{"shape":"ListGroupsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -896,8 +1088,8 @@ "input":{"shape":"ListIndicesRequest"}, "output":{"shape":"ListIndicesResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -914,8 +1106,8 @@ "input":{"shape":"ListMessagesRequest"}, "output":{"shape":"ListMessagesResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -933,8 +1125,8 @@ "input":{"shape":"ListPluginActionsRequest"}, "output":{"shape":"ListPluginActionsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -985,8 +1177,8 @@ "input":{"shape":"ListPluginsRequest"}, "output":{"shape":"ListPluginsResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -1003,14 +1195,33 @@ "input":{"shape":"ListRetrieversRequest"}, "output":{"shape":"ListRetrieversResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], "documentation":"

    Lists the retriever used by an Amazon Q Business application.

    " }, + "ListSubscriptions":{ + "name":"ListSubscriptions", + "http":{ + "method":"GET", + "requestUri":"/applications/{applicationId}/subscriptions", + "responseCode":200 + }, + "input":{"shape":"ListSubscriptionsRequest"}, + "output":{"shape":"ListSubscriptionsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all subscriptions created in an Amazon Q Business application.

    " + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -1021,8 +1232,8 @@ "input":{"shape":"ListTagsForResourceRequest"}, "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -1039,8 +1250,8 @@ "input":{"shape":"ListWebExperiencesRequest"}, "output":{"shape":"ListWebExperiencesResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -1056,8 +1267,8 @@ }, "input":{"shape":"PutFeedbackRequest"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -1074,15 +1285,15 @@ "input":{"shape":"PutGroupRequest"}, "output":{"shape":"PutGroupResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Create, or updates, a mapping of users—who have access to a document—to groups.

    You can also map sub groups to groups. For example, the group \"Company Intellectual Property Teams\" includes sub groups \"Research\" and \"Engineering\". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their Amazon Q Business chat results.

    ", + "documentation":"

    Create, or updates, a mapping of users—who have access to a document—to groups.

    You can also map sub groups to groups. For example, the group \"Company Intellectual Property Teams\" includes sub groups \"Research\" and \"Engineering\". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their Amazon Q Business chat results.

    There are two options for creating groups, either passing group members inline or using an S3 file via the S3PathForGroupMembers field. For inline groups, there is a limit of 1000 members per group and for provided S3 files there is a limit of 100 thousand members. When creating a group using an S3 file, you provide both an S3 file and a RoleArn for Amazon Q Buisness to access the file.

    ", "idempotent":true }, "SearchRelevantContent":{ @@ -1095,14 +1306,14 @@ "input":{"shape":"SearchRelevantContentRequest"}, "output":{"shape":"SearchRelevantContentResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"LicenseNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Searches for relevant content in a Q Business application based on a query. This operation takes a search query text, the Q Business application identifier, and optional filters (such as content source and maximum results) as input. It returns a list of relevant content items, where each item includes the content text, the unique document identifier, the document title, the document URI, any relevant document attributes, and score attributes indicating the confidence level of the relevance.

    " + "documentation":"

    Searches for relevant content in a Amazon Q Business application based on a query. This operation takes a search query text, the Amazon Q Business application identifier, and optional filters (such as content source and maximum results) as input. It returns a list of relevant content items, where each item includes the content text, the unique document identifier, the document title, the document URI, any relevant document attributes, and score attributes indicating the confidence level of the relevance.

    " }, "StartDataSourceSyncJob":{ "name":"StartDataSourceSyncJob", @@ -1114,8 +1325,8 @@ "input":{"shape":"StartDataSourceSyncJobRequest"}, "output":{"shape":"StartDataSourceSyncJobResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1134,8 +1345,8 @@ "input":{"shape":"StopDataSourceSyncJobRequest"}, "output":{"shape":"StopDataSourceSyncJobResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1153,8 +1364,8 @@ "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1173,8 +1384,8 @@ "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} @@ -1192,8 +1403,8 @@ "input":{"shape":"UpdateApplicationRequest"}, "output":{"shape":"UpdateApplicationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1212,15 +1423,35 @@ "input":{"shape":"UpdateChatControlsConfigurationRequest"}, "output":{"shape":"UpdateChatControlsConfigurationResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Updates an set of chat controls configured for an existing Amazon Q Business application.

    ", + "documentation":"

    Updates a set of chat controls configured for an existing Amazon Q Business application.

    ", + "idempotent":true + }, + "UpdateChatResponseConfiguration":{ + "name":"UpdateChatResponseConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/applications/{applicationId}/chatresponseconfigurations/{chatResponseConfigurationId}", + "responseCode":200 + }, + "input":{"shape":"UpdateChatResponseConfigurationRequest"}, + "output":{"shape":"UpdateChatResponseConfigurationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Updates an existing chat response configuration in an Amazon Q Business application. This operation allows administrators to modify configuration settings, display name, and response parameters to refine how the system generates responses.

    ", "idempotent":true }, "UpdateDataAccessor":{ @@ -1233,8 +1464,8 @@ "input":{"shape":"UpdateDataAccessorRequest"}, "output":{"shape":"UpdateDataAccessorResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1253,8 +1484,8 @@ "input":{"shape":"UpdateDataSourceRequest"}, "output":{"shape":"UpdateDataSourceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1273,8 +1504,8 @@ "input":{"shape":"UpdateIndexRequest"}, "output":{"shape":"UpdateIndexResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1294,8 +1525,8 @@ "input":{"shape":"UpdatePluginRequest"}, "output":{"shape":"UpdatePluginResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1315,8 +1546,8 @@ "input":{"shape":"UpdateRetrieverRequest"}, "output":{"shape":"UpdateRetrieverResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1326,6 +1557,26 @@ "documentation":"

    Updates the retriever used for your Amazon Q Business application.

    ", "idempotent":true }, + "UpdateSubscription":{ + "name":"UpdateSubscription", + "http":{ + "method":"PUT", + "requestUri":"/applications/{applicationId}/subscriptions/{subscriptionId}", + "responseCode":200 + }, + "input":{"shape":"UpdateSubscriptionRequest"}, + "output":{"shape":"UpdateSubscriptionResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Updates the pricing tier for an Amazon Q Business subscription. Upgrades are instant. Downgrades apply at the start of the next month. Subscription tier determines feature access for the user. For more information on subscriptions and pricing tiers, see Amazon Q Business pricing.

    ", + "idempotent":true + }, "UpdateUser":{ "name":"UpdateUser", "http":{ @@ -1336,8 +1587,9 @@ "input":{"shape":"UpdateUserRequest"}, "output":{"shape":"UpdateUserResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, @@ -1356,8 +1608,8 @@ "input":{"shape":"UpdateWebExperienceRequest"}, "output":{"shape":"UpdateWebExperienceResponse"}, "errors":[ - {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, {"shape":"ValidationException"}, @@ -1440,7 +1692,7 @@ "members":{ "action":{ "shape":"QIamAction", - "documentation":"

    The Q Business action that is allowed.

    " + "documentation":"

    The Amazon Q Business action that is allowed.

    " }, "filterConfiguration":{ "shape":"ActionFilterConfiguration", @@ -1796,6 +2048,17 @@ }, "documentation":"

    The creator mode specific admin controls configured for an Amazon Q Business application. Determines whether an end user can generate LLM-only responses when they use the web experience.

    For more information, see Admin controls and guardrails and Conversation settings.

    " }, + "AppliedOrchestrationConfiguration":{ + "type":"structure", + "required":["control"], + "members":{ + "control":{ + "shape":"OrchestrationControl", + "documentation":"

    Information about whether chat orchestration is enabled or disabled for an Amazon Q Business application.

    " + } + }, + "documentation":"

    The chat orchestration specific admin controls configured for an Amazon Q Business application. Determines whether Amazon Q Business automatically routes chat requests across configured plugins and data sources in your Amazon Q Business application.

    For more information, see Chat orchestration settings.

    " + }, "AssociatePermissionRequest":{ "type":"structure", "required":[ @@ -1807,7 +2070,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -1817,11 +2080,15 @@ }, "actions":{ "shape":"QIamActions", - "documentation":"

    The list of Q Business actions that the ISV is allowed to perform.

    " + "documentation":"

    The list of Amazon Q Business actions that the ISV is allowed to perform.

    " + }, + "conditions":{ + "shape":"PermissionConditions", + "documentation":"

    The conditions that restrict when the permission is effective. These conditions can be used to limit the permission based on specific attributes of the request.

    " }, "principal":{ "shape":"PrincipalRoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM role for the ISV that is being granted permission.

    " + "documentation":"

    The Amazon Resource Name of the IAM role for the ISV that is being granted permission.

    " } } }, @@ -1834,6 +2101,42 @@ } } }, + "AssociatedGroup":{ + "type":"structure", + "members":{ + "name":{ + "shape":"GroupName", + "documentation":"

    The name of the group associated with the user. This is used to identify the group in access control decisions.

    " + }, + "type":{ + "shape":"MembershipType", + "documentation":"

    The type of the associated group. This indicates the scope of the group's applicability.

    " + } + }, + "documentation":"

    Represents a group associated with a given user in the access control system.

    " + }, + "AssociatedGroups":{ + "type":"list", + "member":{"shape":"AssociatedGroup"} + }, + "AssociatedUser":{ + "type":"structure", + "members":{ + "id":{ + "shape":"String", + "documentation":"

    The unique identifier of the associated user. This is used to identify the user in access control decisions.

    " + }, + "type":{ + "shape":"MembershipType", + "documentation":"

    The type of the associated user. This indicates the scope of the user's association.

    " + } + }, + "documentation":"

    Represents an associated user in the access control system.

    " + }, + "AssociatedUsers":{ + "type":"list", + "member":{"shape":"AssociatedUser"} + }, "Attachment":{ "type":"structure", "members":{ @@ -2043,6 +2346,57 @@ "type":"string", "enum":["DELETE"] }, + "AudioExtractionConfiguration":{ + "type":"structure", + "required":["audioExtractionStatus"], + "members":{ + "audioExtractionStatus":{ + "shape":"AudioExtractionStatus", + "documentation":"

    The status of audio extraction (ENABLED or DISABLED) for processing audio content from files.

    " + } + }, + "documentation":"

    Configuration settings for audio content extraction and processing.

    " + }, + "AudioExtractionStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "AudioExtractionType":{ + "type":"string", + "enum":[ + "TRANSCRIPT", + "SUMMARY" + ] + }, + "AudioSourceDetails":{ + "type":"structure", + "members":{ + "mediaId":{ + "shape":"MediaId", + "documentation":"

    Unique identifier for the audio media file.

    " + }, + "mediaMimeType":{ + "shape":"String", + "documentation":"

    The MIME type of the audio file (e.g., audio/mp3, audio/wav).

    " + }, + "startTimeMilliseconds":{ + "shape":"Long", + "documentation":"

    The starting timestamp in milliseconds for the relevant audio segment.

    " + }, + "endTimeMilliseconds":{ + "shape":"Long", + "documentation":"

    The ending timestamp in milliseconds for the relevant audio segment.

    " + }, + "audioExtractionType":{ + "shape":"AudioExtractionType", + "documentation":"

    The type of audio extraction performed on the content.

    " + } + }, + "documentation":"

    Details about an audio source, including its identifier, format, and time information.

    " + }, "AuthChallengeRequest":{ "type":"structure", "required":["authorizationUrl"], @@ -2205,7 +2559,7 @@ }, "documents":{ "shape":"Documents", - "documentation":"

    One or more documents to add to the index.

    " + "documentation":"

    One or more documents to add to the index.

    Ensure that the name of your document doesn't contain any confidential information. Amazon Q Business returns document names in chat responses and citations when relevant.

    " }, "roleArn":{ "shape":"RoleArn", @@ -2242,7 +2596,7 @@ "members":{ "blockedPhrases":{ "shape":"BlockedPhrases", - "documentation":"

    A list of phrases blocked from a Amazon Q Business web experience chat.

    " + "documentation":"

    A list of phrases blocked from a Amazon Q Business web experience chat.

    Each phrase can contain a maximum of 36 characters. The list can contain a maximum of 20 phrases.

    " }, "systemMessageOverride":{ "shape":"SystemMessageOverride", @@ -2303,6 +2657,44 @@ "max":2, "min":0 }, + "CancelSubscriptionRequest":{ + "type":"structure", + "required":[ + "applicationId", + "subscriptionId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The identifier of the Amazon Q Business application for which the subscription is being cancelled.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "subscriptionId":{ + "shape":"SubscriptionId", + "documentation":"

    The identifier of the Amazon Q Business subscription being cancelled.

    ", + "location":"uri", + "locationName":"subscriptionId" + } + } + }, + "CancelSubscriptionResponse":{ + "type":"structure", + "members":{ + "subscriptionArn":{ + "shape":"SubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q Business subscription being cancelled.

    " + }, + "currentSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of your current Amazon Q Business subscription.

    " + }, + "nextSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of the Amazon Q Business subscription for the next month.

    " + } + } + }, "ChatInput":{ "type":"structure", "required":["applicationId"], @@ -2438,6 +2830,94 @@ "documentation":"

    The streaming output for the Chat API.

    ", "eventstream":true }, + "ChatResponseConfiguration":{ + "type":"structure", + "required":[ + "chatResponseConfigurationId", + "chatResponseConfigurationArn", + "displayName", + "status" + ], + "members":{ + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    A unique identifier for your chat response configuration settings, used to reference and manage the configuration within the Amazon Q Business service.

    " + }, + "chatResponseConfigurationArn":{ + "shape":"ChatResponseConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the chat response configuration, which uniquely identifies the resource across all Amazon Web Services services and accounts.

    " + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    A human-readable name for the chat response configuration, making it easier to identify and manage multiple configurations within an organization.

    " + }, + "responseConfigurationSummary":{ + "shape":"ResponseConfigurationSummary", + "documentation":"

    A summary of the response configuration settings, providing a concise overview of the key parameters that define how responses are generated and formatted.

    " + }, + "status":{ + "shape":"ChatResponseConfigurationStatus", + "documentation":"

    The current status of the chat response configuration, indicating whether it is active, pending, or in another state that affects its availability for use in chat interactions.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp indicating when the chat response configuration was initially created, useful for tracking the lifecycle of configuration resources.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp indicating when the chat response configuration was last modified, helping administrators track changes and maintain version awareness.

    " + } + }, + "documentation":"

    Configuration details that define how Amazon Q Business generates and formats responses to user queries in chat interactions. This configuration allows administrators to customize response characteristics to meet specific organizational needs and communication standards.

    " + }, + "ChatResponseConfigurationArn":{ + "type":"string", + "max":1284, + "min":1, + "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" + }, + "ChatResponseConfigurationDetail":{ + "type":"structure", + "members":{ + "responseConfigurations":{ + "shape":"ResponseConfigurations", + "documentation":"

    A collection of specific response configuration settings that collectively define how responses are generated, formatted, and presented to users in chat interactions.

    " + }, + "responseConfigurationSummary":{ + "shape":"String", + "documentation":"

    A summary of the response configuration details, providing a concise overview of the key parameters and settings that define the response generation behavior.

    " + }, + "status":{ + "shape":"ChatResponseConfigurationStatus", + "documentation":"

    The current status of the chat response configuration, indicating whether it is active, pending, or in another state that affects its availability for use.

    " + }, + "error":{"shape":"ErrorDetail"}, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp indicating when the detailed chat response configuration was last modified, helping administrators track changes and maintain version awareness.

    " + } + }, + "documentation":"

    Detailed information about a chat response configuration, including comprehensive settings and parameters that define how Amazon Q Business generates and formats responses.

    " + }, + "ChatResponseConfigurationId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" + }, + "ChatResponseConfigurationStatus":{ + "type":"string", + "enum":[ + "CREATING", + "UPDATING", + "FAILED", + "ACTIVE" + ] + }, + "ChatResponseConfigurations":{ + "type":"list", + "member":{"shape":"ChatResponseConfiguration"} + }, "ChatSyncInput":{ "type":"structure", "required":["applicationId"], @@ -2540,6 +3020,68 @@ } } }, + "CheckDocumentAccessRequest":{ + "type":"structure", + "required":[ + "applicationId", + "indexId", + "userId", + "documentId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the application. This is required to identify the specific Amazon Q Business application context for the document access check.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "indexId":{ + "shape":"IndexId", + "documentation":"

    The unique identifier of the index. Used to locate the correct index within the application where the document is stored.

    ", + "location":"uri", + "locationName":"indexId" + }, + "userId":{ + "shape":"String", + "documentation":"

    The unique identifier of the user. Used to check the access permissions for this specific user against the document's ACL.

    ", + "location":"uri", + "locationName":"userId" + }, + "documentId":{ + "shape":"DocumentId", + "documentation":"

    The unique identifier of the document. Specifies which document's access permissions are being checked.

    ", + "location":"uri", + "locationName":"documentId" + }, + "dataSourceId":{ + "shape":"DataSourceId", + "documentation":"

    The unique identifier of the data source. Identifies the specific data source from which the document originates. Should not be used when a document is uploaded directly with BatchPutDocument, as no dataSourceId is available or necessary.

    ", + "location":"querystring", + "locationName":"dataSourceId" + } + } + }, + "CheckDocumentAccessResponse":{ + "type":"structure", + "members":{ + "userGroups":{ + "shape":"AssociatedGroups", + "documentation":"

    An array of groups the user is part of for the specified data source. Each group has a name and type.

    " + }, + "userAliases":{ + "shape":"AssociatedUsers", + "documentation":"

    An array of aliases associated with the user. This includes both global and local aliases, each with a name and type.

    " + }, + "hasAccess":{ + "shape":"Boolean", + "documentation":"

    A boolean value indicating whether the specified user has access to the document, either direct access or transitive access via groups and aliases attached to the document.

    " + }, + "documentAcl":{ + "shape":"DocumentAcl", + "documentation":"

    The Access Control List (ACL) associated with the document. Includes allowlist and denylist conditions that determine user access.

    " + } + } + }, "ClientIdForOIDC":{ "type":"string", "max":255, @@ -2708,6 +3250,40 @@ "documentation":"

    The source reference for an existing attachment.

    ", "union":true }, + "CreateAnonymousWebExperienceUrlRequest":{ + "type":"structure", + "required":[ + "applicationId", + "webExperienceId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The identifier of the Amazon Q Business application environment attached to the web experience.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "webExperienceId":{ + "shape":"WebExperienceId", + "documentation":"

    The identifier of the web experience.

    ", + "location":"uri", + "locationName":"webExperienceId" + }, + "sessionDurationInMinutes":{ + "shape":"SessionDurationInMinutes", + "documentation":"

    The duration of the session associated with the unique URL for the web experience.

    " + } + } + }, + "CreateAnonymousWebExperienceUrlResponse":{ + "type":"structure", + "members":{ + "anonymousUrl":{ + "shape":"Url", + "documentation":"

    The unique URL for accessing the web experience.

    This URL can only be used once and must be used within 5 minutes after it's generated.

    " + } + } + }, "CreateApplicationRequest":{ "type":"structure", "required":["displayName"], @@ -2784,6 +3360,56 @@ } } }, + "CreateChatResponseConfigurationRequest":{ + "type":"structure", + "required":[ + "applicationId", + "displayName", + "responseConfigurations" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the Amazon Q Business application for which to create the new chat response configuration.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    A human-readable name for the new chat response configuration, making it easier to identify and manage among multiple configurations.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request. This helps prevent the same configuration from being created multiple times if retries occur.

    ", + "idempotencyToken":true + }, + "responseConfigurations":{ + "shape":"ResponseConfigurations", + "documentation":"

    A collection of response configuration settings that define how Amazon Q Business will generate and format responses to user queries in chat interactions.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    A list of key-value pairs to apply as tags to the new chat response configuration, enabling categorization and management of resources across Amazon Web Services services.

    " + } + } + }, + "CreateChatResponseConfigurationResponse":{ + "type":"structure", + "required":[ + "chatResponseConfigurationId", + "chatResponseConfigurationArn" + ], + "members":{ + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    The unique identifier assigned to a newly created chat response configuration, used for subsequent operations on this resource.

    " + }, + "chatResponseConfigurationArn":{ + "shape":"ChatResponseConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the newly created chat response configuration, which uniquely identifies the resource across all Amazon Web Services services.

    " + } + } + }, "CreateDataAccessorRequest":{ "type":"structure", "required":[ @@ -2795,7 +3421,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -2816,6 +3442,10 @@ "shape":"DataAccessorName", "documentation":"

    A friendly name for the data accessor.

    " }, + "authenticationDetail":{ + "shape":"DataAccessorAuthenticationDetail", + "documentation":"

    The authentication configuration details for the data accessor. This specifies how the ISV will authenticate when accessing data through this data accessor.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags to associate with the data accessor.

    " @@ -2836,7 +3466,7 @@ }, "idcApplicationArn":{ "shape":"IdcApplicationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS IAM Identity Center application created for this data accessor.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Identity Center application created for this data accessor.

    " }, "dataAccessorArn":{ "shape":"DataAccessorArn", @@ -2891,7 +3521,7 @@ }, "roleArn":{ "shape":"RoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of an IAM role with permission to access the data source and required resources.

    " + "documentation":"

    The Amazon Resource Name (ARN) of an IAM role with permission to access the data source and required resources. This field is required for all connector types except custom connectors, where it is optional.

    " }, "clientToken":{ "shape":"ClientToken", @@ -3083,6 +3713,56 @@ } } }, + "CreateSubscriptionRequest":{ + "type":"structure", + "required":[ + "applicationId", + "principal", + "type" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The identifier of the Amazon Q Business application the subscription should be added to.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "principal":{ + "shape":"SubscriptionPrincipal", + "documentation":"

    The IAM Identity Center UserId or GroupId of a user or group in the IAM Identity Center instance connected to the Amazon Q Business application.

    " + }, + "type":{ + "shape":"SubscriptionType", + "documentation":"

    The type of Amazon Q Business subscription you want to create.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A token that you provide to identify the request to create a subscription for your Amazon Q Business application.

    ", + "idempotencyToken":true + } + } + }, + "CreateSubscriptionResponse":{ + "type":"structure", + "members":{ + "subscriptionId":{ + "shape":"SubscriptionId", + "documentation":"

    The identifier of the Amazon Q Business subscription created.

    " + }, + "subscriptionArn":{ + "shape":"SubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q Business subscription created.

    " + }, + "currentSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of your current Amazon Q Business subscription.

    " + }, + "nextSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of the Amazon Q Business subscription for the next month.

    " + } + } + }, "CreateUserRequest":{ "type":"structure", "required":[ @@ -3150,11 +3830,11 @@ }, "origins":{ "shape":"WebExperienceOrigins", - "documentation":"

    Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. 

     The <i>domain origin</i> refers to the base URL for accessing a website including the protocol (<code>http/https</code>), the domain name, and the port number (if specified). </p> <note> <p>You must only submit a <i>base URL</i> and not a full path. For example, <code>https://docs.aws.amazon.com</code>.</p> </note>
    " + "documentation":"

    Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The domain origin refers to the base URL for accessing a website including the protocol (http/https), the domain name, and the port number (if specified).

    You must only submit a base URL and not a full path. For example, https://docs.aws.amazon.com.

    " }, "roleArn":{ "shape":"RoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service role attached to your web experience.

    You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the service role attached to your web experience.

    The roleArn parameter is required when your Amazon Q Business application is created with IAM Identity Center. It is not required for SAML-based applications.

    " }, "tags":{ "shape":"Tags", @@ -3220,8 +3900,7 @@ "type":"structure", "required":[ "description", - "apiSchemaType", - "apiSchema" + "apiSchemaType" ], "members":{ "description":{ @@ -3278,12 +3957,16 @@ }, "idcApplicationArn":{ "shape":"IdcApplicationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the associated AWS IAM Identity Center application.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the associated IAM Identity Center application.

    " }, "principal":{ "shape":"PrincipalRoleArn", "documentation":"

    The Amazon Resource Name (ARN) of the IAM role for the ISV associated with this data accessor.

    " }, + "authenticationDetail":{ + "shape":"DataAccessorAuthenticationDetail", + "documentation":"

    The authentication configuration details for the data accessor. This specifies how the ISV authenticates when accessing data through this data accessor.

    " + }, "createdAt":{ "shape":"Timestamp", "documentation":"

    The timestamp when the data accessor was created.

    " @@ -3301,12 +3984,73 @@ "min":0, "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" }, + "DataAccessorAuthenticationConfiguration":{ + "type":"structure", + "members":{ + "idcTrustedTokenIssuerConfiguration":{ + "shape":"DataAccessorIdcTrustedTokenIssuerConfiguration", + "documentation":"

    Configuration for IAM Identity Center Trusted Token Issuer (TTI) authentication used when the authentication type is AWS_IAM_IDC_TTI.

    " + } + }, + "documentation":"

    A union type that contains the specific authentication configuration based on the authentication type selected.

    ", + "union":true + }, + "DataAccessorAuthenticationDetail":{ + "type":"structure", + "required":["authenticationType"], + "members":{ + "authenticationType":{ + "shape":"DataAccessorAuthenticationType", + "documentation":"

    The type of authentication to use for the data accessor. This determines how the ISV authenticates when accessing data. You can use one of two authentication types:

    • AWS_IAM_IDC_TTI - Authentication using IAM Identity Center Trusted Token Issuer (TTI). This authentication type allows the ISV to use a trusted token issuer to generate tokens for accessing the data.

    • AWS_IAM_IDC_AUTH_CODE - Authentication using IAM Identity Center authorization code flow. This authentication type uses the standard OAuth 2.0 authorization code flow for authentication.

    " + }, + "authenticationConfiguration":{ + "shape":"DataAccessorAuthenticationConfiguration", + "documentation":"

    The specific authentication configuration based on the authentication type.

    " + }, + "externalIds":{ + "shape":"DataAccessorExternalIds", + "documentation":"

    A list of external identifiers associated with this authentication configuration. These are used to correlate the data accessor with external systems.

    " + } + }, + "documentation":"

    Contains the authentication configuration details for a data accessor. This structure defines how the ISV authenticates when accessing data through the data accessor.

    " + }, + "DataAccessorAuthenticationType":{ + "type":"string", + "documentation":"

    The type of authentication mechanism used by the data accessor.

    ", + "enum":[ + "AWS_IAM_IDC_TTI", + "AWS_IAM_IDC_AUTH_CODE" + ] + }, + "DataAccessorExternalId":{ + "type":"string", + "max":1000, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*" + }, + "DataAccessorExternalIds":{ + "type":"list", + "member":{"shape":"DataAccessorExternalId"}, + "max":1, + "min":1 + }, "DataAccessorId":{ "type":"string", "max":36, "min":36, "pattern":"[a-zA-Z0-9][a-zA-Z0-9-]{35}" }, + "DataAccessorIdcTrustedTokenIssuerConfiguration":{ + "type":"structure", + "required":["idcTrustedTokenIssuerArn"], + "members":{ + "idcTrustedTokenIssuerArn":{ + "shape":"IdcTrustedTokenIssuerArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Identity Center Trusted Token Issuer that will be used for authentication.

    " + } + }, + "documentation":"

    Configuration details for IAM Identity Center Trusted Token Issuer (TTI) authentication.

    " + }, "DataAccessorName":{ "type":"string", "max":100, @@ -3500,7 +4244,7 @@ "members":{ "boostingLevel":{ "shape":"DocumentAttributeBoostingLevel", - "documentation":"

    Specifies how much a document attribute is boosted.

    " + "documentation":"

    Specifies the priority tier ranking of boosting applied to document attributes. For version 2, this parameter indicates the relative ranking between boosted fields (ONE being highest priority, TWO being second highest, etc.) and determines the order in which attributes influence document ranking in search results. For version 1, this parameter specifies the boosting intensity. For version 2, boosting intensity (VERY HIGH, HIGH, MEDIUM, LOW, NONE) are not supported. Note that in version 2, you are not allowed to boost on only one field and make this value TWO.

    " }, "boostingDurationInSeconds":{ "shape":"BoostingDurationInSeconds", @@ -3526,6 +4270,45 @@ "members":{ } }, + "DeleteAttachmentRequest":{ + "type":"structure", + "required":[ + "applicationId", + "conversationId", + "attachmentId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier for the Amazon Q Business application environment.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "conversationId":{ + "shape":"ConversationId", + "documentation":"

    The unique identifier of the conversation.

    ", + "location":"uri", + "locationName":"conversationId" + }, + "attachmentId":{ + "shape":"AttachmentId", + "documentation":"

    The unique identifier for the attachment.

    ", + "location":"uri", + "locationName":"attachmentId" + }, + "userId":{ + "shape":"UserId", + "documentation":"

    The unique identifier of the user involved in the conversation.

    ", + "location":"querystring", + "locationName":"userId" + } + } + }, + "DeleteAttachmentResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteChatControlsConfigurationRequest":{ "type":"structure", "required":["applicationId"], @@ -3543,6 +4326,32 @@ "members":{ } }, + "DeleteChatResponseConfigurationRequest":{ + "type":"structure", + "required":[ + "applicationId", + "chatResponseConfigurationId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of theAmazon Q Business application from which to delete the chat response configuration.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    The unique identifier of the chat response configuration to delete from the specified application.

    ", + "location":"uri", + "locationName":"chatResponseConfigurationId" + } + } + }, + "DeleteChatResponseConfigurationResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteConversationRequest":{ "type":"structure", "required":[ @@ -3584,7 +4393,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -3833,7 +4642,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -3850,6 +4659,11 @@ "members":{ } }, + "DisplayName":{ + "type":"string", + "max":100, + "min":1 + }, "Document":{ "type":"structure", "required":["id"], @@ -3889,6 +4703,92 @@ }, "documentation":"

    A document in an Amazon Q Business application.

    " }, + "DocumentAcl":{ + "type":"structure", + "members":{ + "allowlist":{ + "shape":"DocumentAclMembership", + "documentation":"

    The allowlist conditions for the document. Users or groups matching these conditions are granted access to the document.

    " + }, + "denyList":{ + "shape":"DocumentAclMembership", + "documentation":"

    The denylist conditions for the document. Users or groups matching these conditions are denied access to the document, overriding allowlist permissions.

    " + } + }, + "documentation":"

    Represents the Access Control List (ACL) for a document, containing both allowlist and denylist conditions.

    " + }, + "DocumentAclCondition":{ + "type":"structure", + "members":{ + "memberRelation":{ + "shape":"MemberRelation", + "documentation":"

    The logical relation between members in the condition, determining how multiple user or group conditions are combined.

    " + }, + "users":{ + "shape":"DocumentAclUsers", + "documentation":"

    An array of user identifiers that this condition applies to. Users listed here are subject to the access rule defined by this condition.

    " + }, + "groups":{ + "shape":"DocumentAclGroups", + "documentation":"

    An array of group identifiers that this condition applies to. Groups listed here are subject to the access rule defined by this condition.

    " + } + }, + "documentation":"

    Represents a condition in the document's ACL, specifying access rules for users and groups.

    " + }, + "DocumentAclConditions":{ + "type":"list", + "member":{"shape":"DocumentAclCondition"} + }, + "DocumentAclGroup":{ + "type":"structure", + "members":{ + "name":{ + "shape":"GroupName", + "documentation":"

    The name of the group in the document's ACL. This is used to identify the group when applying access rules.

    " + }, + "type":{ + "shape":"MembershipType", + "documentation":"

    The type of the group. This indicates the scope of the group's applicability in access control.

    " + } + }, + "documentation":"

    Represents a group in the document's ACL, used to define access permissions for multiple users collectively.

    " + }, + "DocumentAclGroups":{ + "type":"list", + "member":{"shape":"DocumentAclGroup"} + }, + "DocumentAclMembership":{ + "type":"structure", + "members":{ + "memberRelation":{ + "shape":"MemberRelation", + "documentation":"

    The logical relation between members in the membership rule, determining how multiple conditions are combined.

    " + }, + "conditions":{ + "shape":"DocumentAclConditions", + "documentation":"

    An array of conditions that define the membership rules. Each condition specifies criteria for users or groups to be included in this membership.

    " + } + }, + "documentation":"

    Represents membership rules in the document's ACL, defining how users or groups are associated with access permissions.

    " + }, + "DocumentAclUser":{ + "type":"structure", + "members":{ + "id":{ + "shape":"String", + "documentation":"

    The unique identifier of the user in the document's ACL. This is used to identify the user when applying access rules.

    " + }, + "type":{ + "shape":"MembershipType", + "documentation":"

    The type of the user. This indicates the scope of the user's applicability in access control.

    " + } + }, + "documentation":"

    Represents a user in the document's ACL, used to define access permissions for individual users.

    " + }, + "DocumentAclUsers":{ + "type":"list", + "member":{"shape":"DocumentAclUser"} + }, "DocumentAttribute":{ "type":"structure", "required":[ @@ -3912,22 +4812,22 @@ "members":{ "numberConfiguration":{ "shape":"NumberAttributeBoostingConfiguration", - "documentation":"

    Provides information on boosting NUMBER type document attributes.

    " + "documentation":"

    Provides information on boosting NUMBER type document attributes.

    NUMBER attributes are not supported when using NativeIndexConfiguration version 2, which focuses on DATE attributes for recency and STRING attributes for source prioritization.

    " }, "stringConfiguration":{ "shape":"StringAttributeBoostingConfiguration", - "documentation":"

    Provides information on boosting STRING type document attributes.

    " + "documentation":"

    Provides information on boosting STRING type document attributes.

    Version 2 assigns priority tiers to STRING attributes, establishing clear hierarchical relationships with other boosted attributes.

    " }, "dateConfiguration":{ "shape":"DateAttributeBoostingConfiguration", - "documentation":"

    Provides information on boosting DATE type document attributes.

    " + "documentation":"

    Provides information on boosting DATE type document attributes.

    Version 2 assigns priority tiers to DATE attributes, establishing clear hierarchical relationships with other boosted attributes.

    " }, "stringListConfiguration":{ "shape":"StringListAttributeBoostingConfiguration", - "documentation":"

    Provides information on boosting STRING_LIST type document attributes.

    " + "documentation":"

    Provides information on boosting STRING_LIST type document attributes.

    STRING_LIST attributes are not supported when using NativeIndexConfiguration version 2, which focuses on DATE attributes for recency and STRING attributes for source prioritization.

    " } }, - "documentation":"

    Provides information on boosting supported Amazon Q Business document attribute types. When an end user chat query matches document attributes that have been boosted, Amazon Q Business prioritizes generating responses from content that matches the boosted document attributes.

    For STRING and STRING_LIST type document attributes to be used for boosting on the console and the API, they must be enabled for search using the DocumentAttributeConfiguration object of the UpdateIndex API. If you haven't enabled searching on these attributes, you can't boost attributes of these data types on either the console or the API.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    ", + "documentation":"

    Provides information on boosting supported Amazon Q Business document attribute types. When an end user chat query matches document attributes that have been boosted, Amazon Q Business prioritizes generating responses from content that matches the boosted document attributes.

    In version 2, boosting uses numeric values (ONE, TWO) to indicate priority tiers that establish clear hierarchical relationships between boosted attributes. This allows for more precise control over how different attributes influence search results.

    For STRING and STRING_LIST type document attributes to be used for boosting on the console and the API, they must be enabled for search using the DocumentAttributeConfiguration object of the UpdateIndex API. If you haven't enabled searching on these attributes, you can't boost attributes of these data types on either the console or the API.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    ", "union":true }, "DocumentAttributeBoostingLevel":{ @@ -3937,7 +4837,9 @@ "LOW", "MEDIUM", "HIGH", - "VERY_HIGH" + "VERY_HIGH", + "ONE", + "TWO" ] }, "DocumentAttributeBoostingOverrideMap":{ @@ -4061,7 +4963,7 @@ "documentation":"

    The path to the document in an Amazon S3 bucket.

    " } }, - "documentation":"

    The contents of a document.

    ", + "documentation":"

    The contents of a document.

    Documents have size limitations. The maximum file size for a document is 50 MB. The maximum amount of text that can be extracted from a single document is 5 MB. For more information, see Supported document formats in Amazon Q Business.

    ", "union":true }, "DocumentContentOperator":{ @@ -4432,6 +5334,10 @@ "shape":"ResponseScope", "documentation":"

    The response scope configured for a Amazon Q Business application. This determines whether your application uses its retrieval augmented generation (RAG) system to generate answers only from your enterprise data, or also uses the large language models (LLM) knowledge to respons to end user questions in chat.

    " }, + "orchestrationConfiguration":{ + "shape":"AppliedOrchestrationConfiguration", + "documentation":"

    The chat response orchestration settings for your application.

    Chat orchestration is optimized to work for English language content. For more details on language support in Amazon Q Business, see Supported languages.

    " + }, "blockedPhrases":{ "shape":"BlockedPhrasesConfiguration", "documentation":"

    The phrases blocked from chat by your chat control configuration.

    " @@ -4447,6 +5353,60 @@ "nextToken":{ "shape":"NextToken", "documentation":"

    If the maxResults response was incomplete because there is more data to retrieve, Amazon Q Business returns a pagination token in the response. You can use this pagination token to retrieve the next set of Amazon Q Business chat controls configured.

    " + }, + "hallucinationReductionConfiguration":{ + "shape":"HallucinationReductionConfiguration", + "documentation":"

    The hallucination reduction settings for your application.

    " + } + } + }, + "GetChatResponseConfigurationRequest":{ + "type":"structure", + "required":[ + "applicationId", + "chatResponseConfigurationId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the Amazon Q Business application containing the chat response configuration to retrieve.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    The unique identifier of the chat response configuration to retrieve from the specified application.

    ", + "location":"uri", + "locationName":"chatResponseConfigurationId" + } + } + }, + "GetChatResponseConfigurationResponse":{ + "type":"structure", + "members":{ + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    The unique identifier of the retrieved chat response configuration.

    " + }, + "chatResponseConfigurationArn":{ + "shape":"ChatResponseConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the retrieved chat response configuration, which uniquely identifies the resource across all Amazon Web Services services.

    " + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The human-readable name of the retrieved chat response configuration, making it easier to identify among multiple configurations.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp indicating when the chat response configuration was initially created.

    " + }, + "inUseConfiguration":{ + "shape":"ChatResponseConfigurationDetail", + "documentation":"

    The currently active configuration settings that are being used to generate responses in the Amazon Q Business application.

    " + }, + "lastUpdateConfiguration":{ + "shape":"ChatResponseConfigurationDetail", + "documentation":"

    Information about the most recent update to the configuration, including timestamp and modification details.

    " } } }, @@ -4459,7 +5419,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -4488,11 +5448,11 @@ }, "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application associated with this data accessor.

    " + "documentation":"

    The unique identifier of the Amazon Q Business application associated with this data accessor.

    " }, "idcApplicationArn":{ "shape":"IdcApplicationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS IAM Identity Center application associated with this data accessor.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Identity Center application associated with this data accessor.

    " }, "principal":{ "shape":"PrincipalRoleArn", @@ -4502,6 +5462,10 @@ "shape":"ActionConfigurationList", "documentation":"

    The list of action configurations specifying the allowed actions and any associated filters.

    " }, + "authenticationDetail":{ + "shape":"DataAccessorAuthenticationDetail", + "documentation":"

    The authentication configuration details for the data accessor. This specifies how the ISV authenticates when accessing data through this data accessor.

    " + }, "createdAt":{ "shape":"Timestamp", "documentation":"

    The timestamp when the data accessor was created.

    " @@ -4610,6 +5574,63 @@ } } }, + "GetDocumentContentRequest":{ + "type":"structure", + "required":[ + "applicationId", + "indexId", + "documentId" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the Amazon Q Business application containing the document. This ensures the request is scoped to the correct application environment and its associated security policies.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "indexId":{ + "shape":"IndexId", + "documentation":"

    The identifier of the index where documents are indexed.

    ", + "location":"uri", + "locationName":"indexId" + }, + "dataSourceId":{ + "shape":"DataSourceId", + "documentation":"

    The identifier of the data source from which the document was ingested. This field is not present if the document is ingested by directly calling the BatchPutDocument API. If the document is from a file-upload data source, the datasource will be \"uploaded-docs-file-stat-datasourceid\".

    ", + "location":"querystring", + "locationName":"dataSourceId" + }, + "documentId":{ + "shape":"DocumentId", + "documentation":"

    The unique identifier of the document that is indexed via BatchPutDocument API or file-upload or connector sync. It is also found in chat or chatSync response.

    ", + "location":"uri", + "locationName":"documentId" + }, + "outputFormat":{ + "shape":"OutputFormat", + "documentation":"

    Document outputFormat. Defaults to RAW if not selected.

    ", + "location":"querystring", + "locationName":"outputFormat" + } + } + }, + "GetDocumentContentResponse":{ + "type":"structure", + "required":[ + "presignedUrl", + "mimeType" + ], + "members":{ + "presignedUrl":{ + "shape":"String", + "documentation":"

    A pre-signed URL that provides temporary access to download the document content directly from Amazon Q Business. The URL expires after 5 minutes for security purposes. This URL is generated only after successful ACL validation.

    " + }, + "mimeType":{ + "shape":"String", + "documentation":"

    The MIME type of the document content. When outputFormat is RAW, this corresponds to the original document's MIME type (e.g., application/pdf, text/plain, application/vnd.openxmlformats-officedocument.wordprocessingml.document). When outputFormat is EXTRACTED, the MIME type is always application/json.

    " + } + } + }, "GetGroupRequest":{ "type":"structure", "required":[ @@ -4860,7 +5881,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" } @@ -5038,7 +6059,7 @@ }, "origins":{ "shape":"WebExperienceOrigins", - "documentation":"

    Gets the website domain origins that are allowed to embed the Amazon Q Business web experience. 

     The <i>domain origin</i> refers to the base URL for accessing a website including the protocol (<code>http/https</code>), the domain name, and the port number (if specified). </p>
    " + "documentation":"

    Gets the website domain origins that are allowed to embed the Amazon Q Business web experience. The domain origin refers to the base URL for accessing a website including the protocol (http/https), the domain name, and the port number (if specified).

    " }, "roleArn":{ "shape":"RoleArn", @@ -5068,6 +6089,12 @@ } } }, + "GroupIdentifier":{ + "type":"string", + "max":47, + "min":1, + "pattern":"([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" + }, "GroupMembers":{ "type":"structure", "members":{ @@ -5135,6 +6162,23 @@ "type":"list", "member":{"shape":"GroupSummary"} }, + "HallucinationReductionConfiguration":{ + "type":"structure", + "members":{ + "hallucinationReductionControl":{ + "shape":"HallucinationReductionControl", + "documentation":"

    Controls whether hallucination reduction has been enabled or disabled for your application. The default status is DISABLED.

    " + } + }, + "documentation":"

    Configuration information required to setup hallucination reduction. For more information, see hallucination reduction.

    The hallucination reduction feature won't work if chat orchestration controls are enabled for your application.

    " + }, + "HallucinationReductionControl":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "HookConfiguration":{ "type":"structure", "members":{ @@ -5144,7 +6188,7 @@ }, "lambdaArn":{ "shape":"LambdaArn", - "documentation":"

    The Amazon Resource Name (ARN) of a role with permission to run a Lambda function during ingestion. For more information, see IAM roles for Custom Document Enrichment (CDE).

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Lambda function during ingestion. For more information, see Using Lambda functions for Amazon Q Business document enrichment.

    " }, "s3BucketName":{ "shape":"S3BucketName", @@ -5187,6 +6231,12 @@ }, "documentation":"

    Information about the IAM Identity Center Application used to configure authentication for a plugin.

    " }, + "IdcTrustedTokenIssuerArn":{ + "type":"string", + "max":1284, + "min":0, + "pattern":"arn:aws:sso::[0-9]{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, "IdentityProviderConfiguration":{ "type":"structure", "members":{ @@ -5202,7 +6252,8 @@ "AWS_IAM_IDP_SAML", "AWS_IAM_IDP_OIDC", "AWS_IAM_IDC", - "AWS_QUICKSIGHT_IDP" + "AWS_QUICKSIGHT_IDP", + "ANONYMOUS" ] }, "ImageExtractionConfiguration":{ @@ -5223,6 +6274,20 @@ "DISABLED" ] }, + "ImageSourceDetails":{ + "type":"structure", + "members":{ + "mediaId":{ + "shape":"MediaId", + "documentation":"

    Unique identifier for the image file.

    " + }, + "mediaMimeType":{ + "shape":"String", + "documentation":"

    The MIME type of the image file.

    " + } + }, + "documentation":"

    Details about an image source, including its identifier and format.

    " + }, "Index":{ "type":"structure", "members":{ @@ -5347,6 +6412,50 @@ "min":10, "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" }, + "Instruction":{ + "type":"string", + "max":1000, + "min":5, + "pattern":"[\\s\\S]*" + }, + "InstructionCollection":{ + "type":"structure", + "members":{ + "responseLength":{ + "shape":"Instruction", + "documentation":"

    Specifies the desired length of responses generated by Amazon Q Business. This parameter allows administrators to control whether responses are concise and brief or more detailed and comprehensive.

    " + }, + "targetAudience":{ + "shape":"Instruction", + "documentation":"

    Defines the intended audience for the responses, allowing Amazon Q Business to tailor its language, terminology, and explanations appropriately. This could range from technical experts to general users with varying levels of domain knowledge.

    " + }, + "perspective":{ + "shape":"Instruction", + "documentation":"

    Determines the point of view or perspective from which Amazon Q Business generates responses, such as first-person, second-person, or third-person perspective, affecting how information is presented to users.

    " + }, + "outputStyle":{ + "shape":"Instruction", + "documentation":"

    Specifies the formatting and structural style of responses, such as bullet points, paragraphs, step-by-step instructions, or other organizational formats that enhance readability and comprehension.

    " + }, + "identity":{ + "shape":"Instruction", + "documentation":"

    Defines the persona or identity that Amazon Q Business should adopt when responding to users, allowing for customization of the assistant's character, role, or representation within an organization.

    " + }, + "tone":{ + "shape":"Instruction", + "documentation":"

    Controls the emotional tone and communication style of responses, such as formal, casual, technical, friendly, or professional, to align with organizational communication standards and user expectations.

    " + }, + "customInstructions":{ + "shape":"Instruction", + "documentation":"

    Allows administrators to provide specific, custom instructions that guide how Amazon Q Business should respond in particular scenarios or to certain types of queries, enabling fine-grained control over response generation.

    " + }, + "examples":{ + "shape":"Instruction", + "documentation":"

    Provides sample responses or templates that Amazon Q Business can reference when generating responses, helping to establish consistent patterns and formats for different types of user queries.

    " + } + }, + "documentation":"

    A set of instructions that define how Amazon Q Business should generate and format responses to user queries. This collection includes parameters for controlling response characteristics such as length, audience targeting, perspective, style, identity, tone, and custom instructions.

    " + }, "Integer":{ "type":"integer", "box":true @@ -5483,6 +6592,43 @@ } } }, + "ListChatResponseConfigurationsRequest":{ + "type":"structure", + "required":["applicationId"], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the Amazon Q Business application for which to list available chat response configurations.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

    The maximum number of chat response configurations to return in a single response. This parameter helps control pagination of results when many configurations exist.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token used to retrieve the next set of results when the number of configurations exceeds the specified maxResults value.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListChatResponseConfigurationsResponse":{ + "type":"structure", + "members":{ + "chatResponseConfigurations":{ + "shape":"ChatResponseConfigurations", + "documentation":"

    A list of chat response configuration summaries, each containing key information about an available configuration in the specified application.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token that can be used in a subsequent request to retrieve additional chat response configurations if the results were truncated due to the maxResults parameter.

    " + } + } + }, "ListConversationsRequest":{ "type":"structure", "required":["applicationId"], @@ -5532,7 +6678,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -6071,6 +7217,43 @@ } } }, + "ListSubscriptionsRequest":{ + "type":"structure", + "required":["applicationId"], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The identifier of the Amazon Q Business application linked to the subscription.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If the maxResults response was incomplete because there is more data to retrieve, Amazon Q Business returns a pagination token in the response. You can use this pagination token to retrieve the next set of Amazon Q Business subscriptions.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResultsIntegerForListSubscriptions", + "documentation":"

    The maximum number of Amazon Q Business subscriptions to return.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListSubscriptionsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If the response is truncated, Amazon Q Business returns this token. You can use this token in a subsequent request to retrieve the next set of subscriptions.

    " + }, + "subscriptions":{ + "shape":"Subscriptions", + "documentation":"

    An array of summary information on the subscriptions configured for an Amazon Q Business application.

    " + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceARN"], @@ -6141,7 +7324,9 @@ }, "MaxResults":{ "type":"integer", - "box":true + "box":true, + "max":100, + "min":1 }, "MaxResultsIntegerForGetTopicConfigurations":{ "type":"integer", @@ -6239,6 +7424,12 @@ "max":50, "min":1 }, + "MaxResultsIntegerForListSubscriptions":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, "MaxResultsIntegerForListWebExperiencesRequest":{ "type":"integer", "box":true, @@ -6251,6 +7442,14 @@ "imageExtractionConfiguration":{ "shape":"ImageExtractionConfiguration", "documentation":"

    The configuration for extracting semantic meaning from images in documents. For more information, see Extracting semantic meaning from images and visuals.

    " + }, + "audioExtractionConfiguration":{ + "shape":"AudioExtractionConfiguration", + "documentation":"

    Configuration settings for extracting and processing audio content from media files.

    " + }, + "videoExtractionConfiguration":{ + "shape":"VideoExtractionConfiguration", + "documentation":"

    Configuration settings for extracting and processing video content from media files.

    " } }, "documentation":"

    The configuration for extracting information from media in documents.

    " @@ -6476,6 +7675,10 @@ "shape":"IndexId", "documentation":"

    The identifier for the Amazon Q Business index.

    " }, + "version":{ + "shape":"Long", + "documentation":"

    A read-only field that specifies the version of the NativeIndexConfiguration.

    Amazon Q Business introduces enhanced document retrieval capabilities in version 2 of NativeIndexConfiguration, focusing on streamlined metadata boosting that prioritizes recency and source relevance to deliver more accurate responses to your queries. Version 2 has the following differences from version 1:

    • Version 2 supports a single Date field (created_at OR last_updated_at) for recency boosting

    • Version 2 supports a single String field with an ordered list of up to 5 values

    • Version 2 introduces number-based boost levels (ONE, TWO) alongside the text-based levels

    • Version 2 allows specifying prioritization between Date and String fields

    • Version 2 maintains backward compatibility with existing configurations

    " + }, "boostingOverride":{ "shape":"DocumentAttributeBoostingOverrideMap", "documentation":"

    Overrides the default boosts applied by Amazon Q Business to supported document attribute data types.

    " @@ -6505,14 +7708,14 @@ "members":{ "boostingLevel":{ "shape":"DocumentAttributeBoostingLevel", - "documentation":"

    Specifies the duration, in seconds, of a boost applies to a NUMBER type document attribute.

    " + "documentation":"

    Specifies the priority of boosted document attributes in relation to other boosted attributes. This parameter determines how strongly the attribute influences document ranking in search results. NUMBER attributes can serve as additional boosting factors when needed, but are not supported when using NativeIndexConfiguration version 2.

    " }, "boostingType":{ "shape":"NumberAttributeBoostingType", - "documentation":"

    Specifies how much a document attribute is boosted.

    " + "documentation":"

    Specifies whether higher or lower numeric values should be prioritized when boosting. Valid values are ASCENDING (higher numbers are more important) and DESCENDING (lower numbers are more important).

    " } }, - "documentation":"

    Provides information on boosting NUMBER type document attributes.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    " + "documentation":"

    Provides information on boosting NUMBER type document attributes.

    In the current boosting implementation, boosting focuses primarily on DATE attributes for recency and STRING attributes for source prioritization. NUMBER attributes can serve as additional boosting factors when needed, but are not supported when using NativeIndexConfiguration version 2.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    " }, "NumberAttributeBoostingType":{ "type":"string", @@ -6565,16 +7768,90 @@ }, "documentation":"

    Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience.

    " }, + "OrchestrationConfiguration":{ + "type":"structure", + "required":["control"], + "members":{ + "control":{ + "shape":"OrchestrationControl", + "documentation":"

    Status information about whether chat orchestration is activated or deactivated for your Amazon Q Business application.

    " + } + }, + "documentation":"

    Configuration information required to enable chat orchestration for your Amazon Q Business application.

    Chat orchestration is optimized to work for English language content. For more details on language support in Amazon Q Business, see Supported languages.

    " + }, + "OrchestrationControl":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Origin":{ "type":"string", "max":256, "min":1, "pattern":"(http://|https://)[a-zA-Z0-9-_.]+(?::[0-9]{1,5})?" }, + "OutputFormat":{ + "type":"string", + "enum":[ + "RAW", + "EXTRACTED" + ] + }, "Payload":{ "type":"string", "sensitive":true }, + "PermissionCondition":{ + "type":"structure", + "required":[ + "conditionOperator", + "conditionKey", + "conditionValues" + ], + "members":{ + "conditionOperator":{ + "shape":"PermissionConditionOperator", + "documentation":"

    The operator to use for the condition evaluation. This determines how the condition values are compared.

    " + }, + "conditionKey":{ + "shape":"PermissionConditionKey", + "documentation":"

    The key for the condition. This identifies the attribute that the condition applies to.

    " + }, + "conditionValues":{ + "shape":"PermissionConditionValues", + "documentation":"

    The values to compare against using the specified condition operator.

    " + } + }, + "documentation":"

    Defines a condition that restricts when a permission is effective. Conditions allow you to control access based on specific attributes of the request.

    " + }, + "PermissionConditionKey":{ + "type":"string", + "pattern":"aws:PrincipalTag/qbusiness-dataaccessor:[a-zA-Z]+.*" + }, + "PermissionConditionOperator":{ + "type":"string", + "enum":["StringEquals"] + }, + "PermissionConditionValue":{ + "type":"string", + "max":1000, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*" + }, + "PermissionConditionValues":{ + "type":"list", + "member":{"shape":"PermissionConditionValue"}, + "max":1, + "min":1 + }, + "PermissionConditions":{ + "type":"list", + "member":{"shape":"PermissionCondition"}, + "max":10, + "min":1 + }, "PersonalizationConfiguration":{ "type":"structure", "required":["personalizationControlMode"], @@ -6903,7 +8180,7 @@ "groupMembers":{"shape":"GroupMembers"}, "roleArn":{ "shape":"RoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.

    " + "documentation":"

    The Amazon Resource Name (ARN) of an IAM role that has access to the S3 file that contains your list of users that belong to a group.

    " } } }, @@ -7021,6 +8298,32 @@ }, "exception":true }, + "ResponseConfiguration":{ + "type":"structure", + "members":{ + "instructionCollection":{ + "shape":"InstructionCollection", + "documentation":"

    A collection of instructions that guide how Amazon Q Business generates responses, including parameters for response length, target audience, perspective, output style, identity, tone, and custom instructions.

    " + } + }, + "documentation":"

    Configuration settings to define how Amazon Q Business generates and formats responses to user queries. This includes customization options for response style, tone, length, and other characteristics.

    " + }, + "ResponseConfigurationSummary":{ + "type":"string", + "max":1000, + "min":1 + }, + "ResponseConfigurationType":{ + "type":"string", + "enum":["ALL"] + }, + "ResponseConfigurations":{ + "type":"map", + "key":{"shape":"ResponseConfigurationType"}, + "value":{"shape":"ResponseConfiguration"}, + "max":1, + "min":1 + }, "ResponseScope":{ "type":"string", "enum":[ @@ -7285,7 +8588,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application to search.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application to search.

    ", "location":"uri", "locationName":"applicationId" }, @@ -7300,7 +8603,8 @@ "attributeFilter":{"shape":"AttributeFilter"}, "maxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    " + "documentation":"

    The maximum number of results to return.

    ", + "box":true }, "nextToken":{ "shape":"NextToken", @@ -7367,6 +8671,12 @@ }, "exception":true }, + "SessionDurationInMinutes":{ + "type":"integer", + "box":true, + "max":60, + "min":15 + }, "SnippetExcerpt":{ "type":"structure", "members":{ @@ -7404,6 +8714,18 @@ "textMessageSegments":{ "shape":"TextSegmentList", "documentation":"

    A text extract from a source document that is used for source attribution.

    " + }, + "documentId":{ + "shape":"String", + "documentation":"

    The unique identifier of the source document used in the citation, obtained from the Amazon Q Business index during chat response generation. This ID is used as input to the GetDocumentContent API to retrieve the actual document content for user verification.

    " + }, + "indexId":{ + "shape":"String", + "documentation":"

    The identifier of the index containing the source document's metadata and access control information. This links the citation back to the specific Amazon Q Business index where the document's searchable content and permissions are stored.

    " + }, + "datasourceId":{ + "shape":"String", + "documentation":"

    The identifier of the data source from which the document was ingested. This field is not present if the document is ingested by directly calling the BatchPutDocument API (similar to checkDocumentAccess). If the document is from a file-upload data source, the datasource will be \"uploaded-docs-file-stat-datasourceid\".

    " } }, "documentation":"

    The documents used to generate an Amazon Q Business web experience response.

    " @@ -7418,6 +8740,25 @@ "type":"list", "member":{"shape":"SourceAttribution"} }, + "SourceDetails":{ + "type":"structure", + "members":{ + "imageSourceDetails":{ + "shape":"ImageSourceDetails", + "documentation":"

    Details specific to image content within the source.

    " + }, + "audioSourceDetails":{ + "shape":"AudioSourceDetails", + "documentation":"

    Details specific to audio content within the source.

    " + }, + "videoSourceDetails":{ + "shape":"VideoSourceDetails", + "documentation":"

    Details specific to video content within the source.

    " + } + }, + "documentation":"

    Container for details about different types of media sources (image, audio, or video).

    ", + "union":true + }, "StartDataSourceSyncJobRequest":{ "type":"structure", "required":[ @@ -7512,11 +8853,11 @@ "members":{ "boostingLevel":{ "shape":"DocumentAttributeBoostingLevel", - "documentation":"

    Specifies how much a document attribute is boosted.

    " + "documentation":"

    Specifies the priority tier ranking of boosting applied to document attributes. For version 2, this parameter indicates the relative ranking between boosted fields (ONE being highest priority, TWO being second highest, etc.) and determines the order in which attributes influence document ranking in search results. For version 1, this parameter specifies the boosting intensity. For version 2, boosting intensity (VERY HIGH, HIGH, MEDIUM, LOW, NONE) are not supported. Note that in version 2, you are not allowed to boost on only one field and make this value TWO.

    " }, "attributeValueBoosting":{ "shape":"StringAttributeValueBoosting", - "documentation":"

    Specifies specific values of a STRING type document attribute being boosted.

    " + "documentation":"

    Specifies specific values of a STRING type document attribute being boosted. When using NativeIndexConfiguration version 2, you can specify up to five values in order of priority.

    " } }, "documentation":"

    Provides information on boosting STRING type document attributes.

    For STRING and STRING_LIST type document attributes to be used for boosting on the console and the API, they must be enabled for search using the DocumentAttributeConfiguration object of the UpdateIndex API. If you haven't enabled searching on these attributes, you can't boost attributes of these data types on either the console or the API.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    " @@ -7534,7 +8875,12 @@ "LOW", "MEDIUM", "HIGH", - "VERY_HIGH" + "VERY_HIGH", + "ONE", + "TWO", + "THREE", + "FOUR", + "FIVE" ] }, "StringListAttributeBoostingConfiguration":{ @@ -7543,10 +8889,10 @@ "members":{ "boostingLevel":{ "shape":"DocumentAttributeBoostingLevel", - "documentation":"

    Specifies how much a document attribute is boosted.

    " + "documentation":"

    Specifies the priority of boosted document attributes in relation to other boosted attributes. This parameter determines how strongly the attribute influences document ranking in search results. STRING_LIST attributes can serve as additional boosting factors when needed, but are not supported when using NativeIndexConfiguration version 2.

    " } }, - "documentation":"

    Provides information on boosting STRING_LIST type document attributes.

    For STRING and STRING_LIST type document attributes to be used for boosting on the console and the API, they must be enabled for search using the DocumentAttributeConfiguration object of the UpdateIndex API. If you haven't enabled searching on these attributes, you can't boost attributes of these data types on either the console or the API.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    " + "documentation":"

    Provides information on boosting STRING_LIST type document attributes.

    In the current boosting implementation, boosting focuses primarily on DATE attributes for recency and STRING attributes for source prioritization. STRING_LIST attributes can serve as additional boosting factors when needed, but are not supported when using NativeIndexConfiguration version 2.

    For STRING and STRING_LIST type document attributes to be used for boosting on the console and the API, they must be enabled for search using the DocumentAttributeConfiguration object of the UpdateIndex API. If you haven't enabled searching on these attributes, you can't boost attributes of these data types on either the console or the API.

    For more information on how boosting document attributes work in Amazon Q Business, see Boosting using document attributes.

    " }, "SubnetId":{ "type":"string", @@ -7558,6 +8904,68 @@ "type":"list", "member":{"shape":"SubnetId"} }, + "Subscription":{ + "type":"structure", + "members":{ + "subscriptionId":{ + "shape":"SubscriptionId", + "documentation":"

    The identifier of the Amazon Q Business subscription to be updated.

    " + }, + "subscriptionArn":{ + "shape":"SubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q Business subscription that was updated.

    " + }, + "principal":{ + "shape":"SubscriptionPrincipal", + "documentation":"

    The IAM Identity Center UserId or GroupId of a user or group in the IAM Identity Center instance connected to the Amazon Q Business application.

    " + }, + "currentSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of your current Amazon Q Business subscription.

    " + }, + "nextSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of the Amazon Q Business subscription for the next month.

    " + } + }, + "documentation":"

    Information about an Amazon Q Business subscription.

    Subscriptions are used to provide access for an IAM Identity Center user or a group to an Amazon Q Business application.

    Amazon Q Business offers two subscription tiers: Q_LITE and Q_BUSINESS. Subscription tier determines feature access for the user. For more information on subscriptions and pricing tiers, see Amazon Q Business pricing.

    " + }, + "SubscriptionArn":{ + "type":"string", + "max":1224, + "min":10, + "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}" + }, + "SubscriptionDetails":{ + "type":"structure", + "members":{ + "type":{ + "shape":"SubscriptionType", + "documentation":"

    The type of an Amazon Q Business subscription.

    " + } + }, + "documentation":"

    The details of an Amazon Q Business subscription.

    " + }, + "SubscriptionId":{ + "type":"string", + "max":1224, + "min":0 + }, + "SubscriptionPrincipal":{ + "type":"structure", + "members":{ + "user":{ + "shape":"UserIdentifier", + "documentation":"

    The identifier of a user in the IAM Identity Center instance connected to the Amazon Q Business application.

    " + }, + "group":{ + "shape":"GroupIdentifier", + "documentation":"

    The identifier of a group in the IAM Identity Center instance connected to the Amazon Q Business application.

    " + } + }, + "documentation":"

    A user or group in the IAM Identity Center instance connected to the Amazon Q Business application.

    ", + "union":true + }, "SubscriptionType":{ "type":"string", "enum":[ @@ -7565,6 +8973,10 @@ "Q_BUSINESS" ] }, + "Subscriptions":{ + "type":"list", + "member":{"shape":"Subscription"} + }, "SyncSchedule":{ "type":"string", "max":998, @@ -7583,6 +8995,13 @@ "min":0, "pattern":"\\P{C}*" }, + "SystemMessageType":{ + "type":"string", + "enum":[ + "RESPONSE", + "GROUNDED_RESPONSE" + ] + }, "Tag":{ "type":"structure", "required":[ @@ -7676,6 +9095,10 @@ "TextOutputEvent":{ "type":"structure", "members":{ + "systemMessageType":{ + "shape":"SystemMessageType", + "documentation":"

    The type of AI-generated message in a TextOutputEvent. Amazon Q Business currently supports two types of messages:

    • RESPONSE - The Amazon Q Business system response.

    • GROUNDED_RESPONSE - The corrected, hallucination-reduced, response returned by Amazon Q Business. Available only if hallucination reduction is supported and configured for the application and detected in the end user chat query by Amazon Q Business.

    " + }, "conversationId":{ "shape":"ConversationId", "documentation":"

    The identifier of the conversation with which the text output event is associated.

    " @@ -7713,11 +9136,21 @@ }, "mediaId":{ "shape":"SourceAttributionMediaId", - "documentation":"

    The identifier of the media object associated with the text segment in the source attribution.

    " + "documentation":"

    The identifier of the media object associated with the text segment in the source attribution.

    ", + "deprecated":true, + "deprecatedMessage":"Deprecated in favor of using mediaId within the respective sourceDetails field.", + "deprecatedSince":"2025-02-28" }, "mediaMimeType":{ "shape":"String", - "documentation":"

    The MIME type (image/png) of the media object associated with the text segment in the source attribution.

    " + "documentation":"

    The MIME type (image/png) of the media object associated with the text segment in the source attribution.

    ", + "deprecated":true, + "deprecatedMessage":"Deprecated in favor of using mediaMimeType within the respective sourceDetails field.", + "deprecatedSince":"2025-02-28" + }, + "sourceDetails":{ + "shape":"SourceDetails", + "documentation":"

    Source information for a segment of extracted text, including its media type.

    " } }, "documentation":"

    Provides information about a text extract in a chat response that can be attributed to a source document.

    " @@ -7883,6 +9316,10 @@ "shape":"ResponseScope", "documentation":"

    The response scope configured for your application. This determines whether your application uses its retrieval augmented generation (RAG) system to generate answers only from your enterprise data, or also uses the large language models (LLM) knowledge to respons to end user questions in chat.

    " }, + "orchestrationConfiguration":{ + "shape":"OrchestrationConfiguration", + "documentation":"

    The chat response orchestration settings for your application.

    " + }, "blockedPhrasesConfigurationUpdate":{ "shape":"BlockedPhrasesConfigurationUpdate", "documentation":"

    The phrases blocked from chat by your chat control configuration.

    " @@ -7898,6 +9335,10 @@ "creatorModeConfiguration":{ "shape":"CreatorModeConfiguration", "documentation":"

    The configuration details for CREATOR_MODE.

    " + }, + "hallucinationReductionConfiguration":{ + "shape":"HallucinationReductionConfiguration", + "documentation":"

    The hallucination reduction settings for your application.

    " } } }, @@ -7906,6 +9347,46 @@ "members":{ } }, + "UpdateChatResponseConfigurationRequest":{ + "type":"structure", + "required":[ + "applicationId", + "chatResponseConfigurationId", + "responseConfigurations" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The unique identifier of the Amazon Q Business application containing the chat response configuration to update.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "chatResponseConfigurationId":{ + "shape":"ChatResponseConfigurationId", + "documentation":"

    The unique identifier of the chat response configuration to update within the specified application.

    ", + "location":"uri", + "locationName":"chatResponseConfigurationId" + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The new human-readable name to assign to the chat response configuration, making it easier to identify among multiple configurations.

    " + }, + "responseConfigurations":{ + "shape":"ResponseConfigurations", + "documentation":"

    The updated collection of response configuration settings that define how Amazon Q Business generates and formats responses to user queries.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    A unique, case-sensitive identifier to ensure idempotency of the request. This helps prevent the same update from being processed multiple times if retries occur.

    ", + "idempotencyToken":true + } + } + }, + "UpdateChatResponseConfigurationResponse":{ + "type":"structure", + "members":{ + } + }, "UpdateDataAccessorRequest":{ "type":"structure", "required":[ @@ -7916,7 +9397,7 @@ "members":{ "applicationId":{ "shape":"ApplicationId", - "documentation":"

    The unique identifier of the Q Business application.

    ", + "documentation":"

    The unique identifier of the Amazon Q Business application.

    ", "location":"uri", "locationName":"applicationId" }, @@ -7930,6 +9411,10 @@ "shape":"ActionConfigurationList", "documentation":"

    The updated list of action configurations specifying the allowed actions and any associated filters.

    " }, + "authenticationDetail":{ + "shape":"DataAccessorAuthenticationDetail", + "documentation":"

    The updated authentication configuration details for the data accessor. This specifies how the ISV will authenticate when accessing data through this data accessor.

    " + }, "displayName":{ "shape":"DataAccessorName", "documentation":"

    The updated friendly name for the data accessor.

    " @@ -8120,6 +9605,49 @@ "members":{ } }, + "UpdateSubscriptionRequest":{ + "type":"structure", + "required":[ + "applicationId", + "subscriptionId", + "type" + ], + "members":{ + "applicationId":{ + "shape":"ApplicationId", + "documentation":"

    The identifier of the Amazon Q Business application where the subscription update should take effect.

    ", + "location":"uri", + "locationName":"applicationId" + }, + "subscriptionId":{ + "shape":"SubscriptionId", + "documentation":"

    The identifier of the Amazon Q Business subscription to be updated.

    ", + "location":"uri", + "locationName":"subscriptionId" + }, + "type":{ + "shape":"SubscriptionType", + "documentation":"

    The type of the Amazon Q Business subscription to be updated.

    " + } + } + }, + "UpdateSubscriptionResponse":{ + "type":"structure", + "members":{ + "subscriptionArn":{ + "shape":"SubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q Business subscription that was updated.

    " + }, + "currentSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of your current Amazon Q Business subscription.

    " + }, + "nextSubscription":{ + "shape":"SubscriptionDetails", + "documentation":"

    The type of the Amazon Q Business subscription for the next month.

    " + } + } + }, "UpdateUserRequest":{ "type":"structure", "required":[ @@ -8217,7 +9745,7 @@ }, "origins":{ "shape":"WebExperienceOrigins", - "documentation":"

    Updates the website domain origins that are allowed to embed the Amazon Q Business web experience. 

     The <i>domain origin</i> refers to the <i>base URL</i> for accessing a website including the protocol (<code>http/https</code>), the domain name, and the port number (if specified).</p> <note> <ul> <li> <p>Any values except <code>null</code> submitted as part of this update will replace all previous values.</p> </li> <li> <p>You must only submit a <i>base URL</i> and not a full path. For example, <code>https://docs.aws.amazon.com</code>.</p> </li> </ul> </note>
    " + "documentation":"

    Updates the website domain origins that are allowed to embed the Amazon Q Business web experience. The domain origin refers to the base URL for accessing a website including the protocol (http/https), the domain name, and the port number (if specified).

    • Any values except null submitted as part of this update will replace all previous values.

    • You must only submit a base URL and not a full path. For example, https://docs.aws.amazon.com.

    " }, "browserExtensionConfiguration":{ "shape":"BrowserExtensionConfiguration", @@ -8273,6 +9801,12 @@ "min":1, "pattern":"\\P{C}*" }, + "UserIdentifier":{ + "type":"string", + "max":47, + "min":1, + "pattern":"([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" + }, "UserIds":{ "type":"list", "member":{"shape":"String"} @@ -8349,6 +9883,57 @@ "UNKNOWN_OPERATION" ] }, + "VideoExtractionConfiguration":{ + "type":"structure", + "required":["videoExtractionStatus"], + "members":{ + "videoExtractionStatus":{ + "shape":"VideoExtractionStatus", + "documentation":"

    The status of video extraction (ENABLED or DISABLED) for processing video content from files.

    " + } + }, + "documentation":"

    Configuration settings for video content extraction and processing.

    " + }, + "VideoExtractionStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "VideoExtractionType":{ + "type":"string", + "enum":[ + "TRANSCRIPT", + "SUMMARY" + ] + }, + "VideoSourceDetails":{ + "type":"structure", + "members":{ + "mediaId":{ + "shape":"MediaId", + "documentation":"

    Unique identifier for the video media file.

    " + }, + "mediaMimeType":{ + "shape":"String", + "documentation":"

    The MIME type of the video file (e.g., video/mp4, video/avi).

    " + }, + "startTimeMilliseconds":{ + "shape":"Long", + "documentation":"

    The starting timestamp in milliseconds for the relevant video segment.

    " + }, + "endTimeMilliseconds":{ + "shape":"Long", + "documentation":"

    The ending timestamp in milliseconds for the relevant video segment.

    " + }, + "videoExtractionType":{ + "shape":"VideoExtractionType", + "documentation":"

    The type of video extraction performed on the content.

    " + } + }, + "documentation":"

    Details about a video source, including its identifier, format, and time information.

    " + }, "WebExperience":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/service-2.json 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/service-2.json --- 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-10-19", + "auth":["aws.auth#sigv4"], "endpointPrefix":"wisdom", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Amazon Q Connect", "serviceId":"QConnect", "signatureVersion":"v4", "signingName":"wisdom", - "uid":"qconnect-2020-10-19", - "auth":["aws.auth#sigv4"] + "uid":"qconnect-2020-10-19" }, "operations":{ "ActivateMessageTemplate":{ @@ -45,6 +44,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -65,9 +65,10 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Creates and Amazon Q in Connect AI Agent version.

    ", "idempotent":true @@ -85,6 +86,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -105,9 +107,10 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Creates an Amazon Q in Connect AI Guardrail version.

    ", "idempotent":true @@ -125,6 +128,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -145,9 +149,10 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Creates an Amazon Q in Connect AI Prompt version.

    ", "idempotent":true @@ -165,6 +170,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"} ], "documentation":"

    Creates an Amazon Q in Connect assistant.

    ", @@ -202,6 +208,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -221,6 +228,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -240,6 +248,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"} ], "documentation":"

    Creates a knowledge base.

    When using this API, you cannot reuse Amazon AppIntegrations DataIntegrations with external knowledge bases such as Salesforce and ServiceNow. If you do, you'll get an InvalidRequestException error.

    For example, you're programmatically managing your external knowledge base, and you want to add or remove one of the fields that is being ingested from Salesforce. Do the following:

    1. Call DeleteKnowledgeBase.

    2. Call DeleteDataIntegration.

    3. Call CreateDataIntegration to recreate the DataIntegration or a create different one.

    4. Call CreateKnowledgeBase.

    ", @@ -278,6 +287,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -317,6 +327,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -335,6 +346,8 @@ "errors":[ {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, + {"shape":"DependencyFailedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -370,6 +383,7 @@ "output":{"shape":"DeleteAIAgentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -387,8 +401,9 @@ "input":{"shape":"DeleteAIAgentVersionRequest"}, "output":{"shape":"DeleteAIAgentVersionResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -406,8 +421,9 @@ "input":{"shape":"DeleteAIGuardrailRequest"}, "output":{"shape":"DeleteAIGuardrailResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -425,8 +441,9 @@ "input":{"shape":"DeleteAIGuardrailVersionRequest"}, "output":{"shape":"DeleteAIGuardrailVersionResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -445,6 +462,7 @@ "output":{"shape":"DeleteAIPromptResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -462,8 +480,9 @@ "input":{"shape":"DeleteAIPromptVersionRequest"}, "output":{"shape":"DeleteAIPromptVersionResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -482,6 +501,7 @@ "output":{"shape":"DeleteAssistantResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -499,6 +519,7 @@ "output":{"shape":"DeleteAssistantAssociationResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -516,6 +537,8 @@ "output":{"shape":"DeleteContentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -533,6 +556,7 @@ "output":{"shape":"DeleteContentAssociationResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -549,8 +573,9 @@ "input":{"shape":"DeleteImportJobRequest"}, "output":{"shape":"DeleteImportJobResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -569,6 +594,7 @@ "errors":[ {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -624,6 +650,7 @@ "output":{"shape":"DeleteQuickResponseResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -641,6 +668,7 @@ "output":{"shape":"GetAIAgentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -658,6 +686,7 @@ "output":{"shape":"GetAIGuardrailResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -675,6 +704,7 @@ "output":{"shape":"GetAIPromptResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -692,6 +722,7 @@ "output":{"shape":"GetAssistantResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -708,6 +739,7 @@ "output":{"shape":"GetAssistantAssociationResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -724,6 +756,7 @@ "output":{"shape":"GetContentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -740,6 +773,7 @@ "output":{"shape":"GetContentAssociationResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -756,6 +790,7 @@ "output":{"shape":"GetContentSummaryResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -788,6 +823,7 @@ "output":{"shape":"GetKnowledgeBaseResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -804,6 +840,7 @@ "output":{"shape":"GetMessageTemplateResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -837,6 +874,7 @@ "output":{"shape":"GetQuickResponseResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -856,7 +894,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.

    Retrieves recommendations for the specified session. To avoid retrieving the same recommendations in subsequent calls, use NotifyRecommendationsReceived. This API supports long-polling behavior with the waitTimeSeconds parameter. Short poll is the default behavior and only returns recommendations already available. To perform a manual query against an assistant, use QueryAssistant.

    ", + "documentation":"

    This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.

    Retrieves recommendations for the specified session. To avoid retrieving the same recommendations in subsequent calls, use NotifyRecommendationsReceived. This API supports long-polling behavior with the waitTimeSeconds parameter. Short poll is the default behavior and only returns recommendations already available. To perform a manual query against an assistant, use QueryAssistant.

    ", "deprecated":true, "deprecatedMessage":"GetRecommendations API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications." }, @@ -871,6 +909,7 @@ "output":{"shape":"GetSessionResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -887,9 +926,10 @@ "output":{"shape":"ListAIAgentVersionsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    List AI Agent versions.

    " }, @@ -904,9 +944,10 @@ "output":{"shape":"ListAIAgentsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists AI Agents.

    " }, @@ -921,9 +962,10 @@ "output":{"shape":"ListAIGuardrailVersionsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists AI Guardrail versions.

    " }, @@ -938,6 +980,7 @@ "output":{"shape":"ListAIGuardrailsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -955,9 +998,10 @@ "output":{"shape":"ListAIPromptVersionsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists AI Prompt versions.

    " }, @@ -972,9 +1016,10 @@ "output":{"shape":"ListAIPromptsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists the AI Prompts available on the Amazon Q in Connect assistant.

    " }, @@ -1005,6 +1050,7 @@ "output":{"shape":"ListAssistantsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"} ], "documentation":"

    Lists information about assistants.

    " @@ -1020,6 +1066,7 @@ "output":{"shape":"ListContentAssociationsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1200,7 +1247,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.

    Performs a manual search against the specified assistant. To retrieve recommendations for an assistant, use GetRecommendations.

    ", + "documentation":"

    This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.

    Performs a manual search against the specified assistant. To retrieve recommendations for an assistant, use GetRecommendations.

    ", "deprecated":true, "deprecatedMessage":"QueryAssistant API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications." }, @@ -1219,7 +1266,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Removes the AI Agent that is set for use by defafult on an Amazon Q in Connect Assistant.

    ", + "documentation":"

    Removes the AI Agent that is set for use by default on an Amazon Q in Connect Assistant.

    ", "idempotent":true }, "RemoveKnowledgeBaseTemplateUri":{ @@ -1266,6 +1313,7 @@ "output":{"shape":"SearchContentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1282,6 +1330,7 @@ "output":{"shape":"SearchMessageTemplatesResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -1300,6 +1349,7 @@ "errors":[ {"shape":"RequestTimeoutException"}, {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1316,6 +1366,7 @@ "output":{"shape":"SearchSessionsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1332,8 +1383,8 @@ "output":{"shape":"SendMessageResponse"}, "errors":[ {"shape":"RequestTimeoutException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -1352,6 +1403,7 @@ "output":{"shape":"StartContentUploadResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1370,6 +1422,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"ServiceQuotaExceededException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1417,8 +1470,9 @@ "input":{"shape":"UpdateAIAgentRequest"}, "output":{"shape":"UpdateAIAgentResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -1436,8 +1490,9 @@ "input":{"shape":"UpdateAIGuardrailRequest"}, "output":{"shape":"UpdateAIGuardrailResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -1455,8 +1510,9 @@ "input":{"shape":"UpdateAIPromptRequest"}, "output":{"shape":"UpdateAIPromptResponse"}, "errors":[ - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} @@ -1479,7 +1535,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Updates the AI Agent that is set for use by defafult on an Amazon Q in Connect Assistant.

    " + "documentation":"

    Updates the AI Agent that is set for use by default on an Amazon Q in Connect Assistant.

    " }, "UpdateContent":{ "name":"UpdateContent", @@ -1492,6 +1548,7 @@ "output":{"shape":"UpdateContentResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"PreconditionFailedException"}, {"shape":"ResourceNotFoundException"} @@ -1562,6 +1619,7 @@ "errors":[ {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"PreconditionFailedException"}, {"shape":"ResourceNotFoundException"} @@ -1579,6 +1637,7 @@ "output":{"shape":"UpdateSessionResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1595,6 +1654,7 @@ "output":{"shape":"UpdateSessionDataResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], @@ -1609,17 +1669,29 @@ "AIAgentConfiguration":{ "type":"structure", "members":{ - "answerRecommendationAIAgentConfiguration":{ - "shape":"AnswerRecommendationAIAgentConfiguration", - "documentation":"

    The configuration for AI Agents of type ANSWER_RECOMMENDATION.

    " - }, "manualSearchAIAgentConfiguration":{ "shape":"ManualSearchAIAgentConfiguration", "documentation":"

    The configuration for AI Agents of type MANUAL_SEARCH.

    " }, + "answerRecommendationAIAgentConfiguration":{ + "shape":"AnswerRecommendationAIAgentConfiguration", + "documentation":"

    The configuration for AI Agents of type ANSWER_RECOMMENDATION.

    " + }, "selfServiceAIAgentConfiguration":{ "shape":"SelfServiceAIAgentConfiguration", "documentation":"

    The configuration for AI Agents of type SELF_SERVICE.

    " + }, + "emailResponseAIAgentConfiguration":{ + "shape":"EmailResponseAIAgentConfiguration", + "documentation":"

    Configuration for the EMAIL_RESPONSE AI agent that generates professional email responses using knowledge base content.

    " + }, + "emailOverviewAIAgentConfiguration":{ + "shape":"EmailOverviewAIAgentConfiguration", + "documentation":"

    Configuration for the EMAIL_OVERVIEW AI agent that generates structured overview of email conversations.

    " + }, + "emailGenerativeAnswerAIAgentConfiguration":{ + "shape":"EmailGenerativeAnswerAIAgentConfiguration", + "documentation":"

    Configuration for the EMAIL_GENERATIVE_ANSWER AI agent that provides comprehensive knowledge-based answers for customer queries.

    " } }, "documentation":"

    A typed union that specifies the configuration based on the type of AI Agent.

    ", @@ -1644,47 +1716,59 @@ "AIAgentData":{ "type":"structure", "required":[ - "aiAgentArn", - "aiAgentId", - "assistantArn", "assistantId", - "configuration", + "assistantArn", + "aiAgentId", + "aiAgentArn", "name", "type", + "configuration", "visibilityStatus" ], "members":{ - "aiAgentArn":{ + "assistantId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + }, + "assistantArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AI agent.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "aiAgentId":{ "shape":"Uuid", "documentation":"

    The identifier of the AI Agent.

    " }, - "assistantArn":{ + "aiAgentArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the AI agent.

    " }, - "assistantId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Agent.

    " + }, + "type":{ + "shape":"AIAgentType", + "documentation":"

    The type of the AI Agent.

    " }, "configuration":{ "shape":"AIAgentConfiguration", "documentation":"

    Configuration for the AI Agent.

    " }, + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time the AI Agent was last modified.

    " + }, "description":{ "shape":"Description", "documentation":"

    The description of the AI Agent.

    " }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The time the AI Agent was last modified.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Agent.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Agent.

    " + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, "origin":{ "shape":"Origin", @@ -1693,18 +1777,6 @@ "status":{ "shape":"Status", "documentation":"

    The status of the AI Agent.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "type":{ - "shape":"AIAgentType", - "documentation":"

    The type of the AI Agent.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Agent.

    " } }, "documentation":"

    The data for the AI Agent.

    " @@ -1712,51 +1784,59 @@ "AIAgentSummary":{ "type":"structure", "required":[ - "aiAgentArn", - "aiAgentId", - "assistantArn", - "assistantId", "name", + "assistantId", + "assistantArn", + "aiAgentId", "type", + "aiAgentArn", "visibilityStatus" ], "members":{ - "aiAgentArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AI agent.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Agent.

    " }, - "aiAgentId":{ + "assistantId":{ "shape":"Uuid", - "documentation":"

    The identifier of the AI Agent.

    " + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, "assistantArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, - "assistantId":{ + "aiAgentId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "documentation":"

    The identifier of the AI Agent.

    " }, - "configuration":{ - "shape":"AIAgentConfiguration", - "documentation":"

    The configuration for the AI Agent.

    " + "type":{ + "shape":"AIAgentType", + "documentation":"

    The type of the AI Agent.

    " }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the AI Agent.

    " + "aiAgentArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the AI agent.

    " }, "modifiedTime":{ "shape":"Timestamp", "documentation":"

    The time the AI Agent was last modified.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Agent.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Agent.

    " + }, + "configuration":{ + "shape":"AIAgentConfiguration", + "documentation":"

    The configuration for the AI Agent.

    " }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Agent. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.

    " }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the AI Agent.

    " + }, "status":{ "shape":"Status", "documentation":"

    The status of the AI Agent.

    " @@ -1764,14 +1844,6 @@ "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "type":{ - "shape":"AIAgentType", - "documentation":"

    The type of the AI Agent.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Agent.

    " } }, "documentation":"

    The summary of the AI Agent.

    " @@ -1785,7 +1857,10 @@ "enum":[ "MANUAL_SEARCH", "ANSWER_RECOMMENDATION", - "SELF_SERVICE" + "SELF_SERVICE", + "EMAIL_RESPONSE", + "EMAIL_OVERVIEW", + "EMAIL_GENERATIVE_ANSWER" ] }, "AIAgentVersionSummariesList":{ @@ -1838,16 +1913,24 @@ "AIGuardrailData":{ "type":"structure", "required":[ + "assistantId", + "assistantArn", "aiGuardrailArn", "aiGuardrailId", - "assistantArn", - "assistantId", - "blockedInputMessaging", - "blockedOutputsMessaging", "name", - "visibilityStatus" + "visibilityStatus", + "blockedInputMessaging", + "blockedOutputsMessaging" ], "members":{ + "assistantId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + }, + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " + }, "aiGuardrailArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the AI Guardrail.

    " @@ -1856,13 +1939,13 @@ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    " }, - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Guardrail.

    " }, - "assistantId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Guardrail.

    " }, "blockedInputMessaging":{ "shape":"AIGuardrailBlockedMessaging", @@ -1872,49 +1955,41 @@ "shape":"AIGuardrailBlockedMessaging", "documentation":"

    The message to return when the AI Guardrail blocks a model response.

    " }, - "contentPolicyConfig":{ - "shape":"AIGuardrailContentPolicyConfig", - "documentation":"

    Contains details about how to handle harmful content.

    " - }, - "contextualGroundingPolicyConfig":{ - "shape":"AIGuardrailContextualGroundingPolicyConfig", - "documentation":"

    The policy configuration details for the AI Guardrail's contextual grounding policy.

    " - }, "description":{ "shape":"AIGuardrailDescription", "documentation":"

    A description of the AI Guardrail.

    " }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The time the AI Guardrail was last modified.

    " + "topicPolicyConfig":{ + "shape":"AIGuardrailTopicPolicyConfig", + "documentation":"

    Contains details about topics that the AI Guardrail should identify and deny.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Guardrail.

    " + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"

    Contains details about how to handle harmful content.

    " + }, + "wordPolicyConfig":{ + "shape":"AIGuardrailWordPolicyConfig", + "documentation":"

    Contains details about the word policy to configured for the AI Guardrail.

    " }, "sensitiveInformationPolicyConfig":{ "shape":"AIGuardrailSensitiveInformationPolicyConfig", "documentation":"

    Contains details about PII entities and regular expressions to configure for the AI Guardrail.

    " }, - "status":{ - "shape":"Status", - "documentation":"

    The status of the AI Guardrail.

    " + "contextualGroundingPolicyConfig":{ + "shape":"AIGuardrailContextualGroundingPolicyConfig", + "documentation":"

    The policy configuration details for the AI Guardrail's contextual grounding policy.

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "topicPolicyConfig":{ - "shape":"AIGuardrailTopicPolicyConfig", - "documentation":"

    Contains details about topics that the AI Guardrail should identify and deny.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Guardrail.

    " + "status":{ + "shape":"Status", + "documentation":"

    The status of the AI Guardrail.

    " }, - "wordPolicyConfig":{ - "shape":"AIGuardrailWordPolicyConfig", - "documentation":"

    Contains details about the word policy to configured for the AI Guardrail.

    " + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time the AI Guardrail was last modified.

    " } }, "documentation":"

    The data for the AI Guardrail

    " @@ -1947,41 +2022,45 @@ "AIGuardrailSummary":{ "type":"structure", "required":[ - "aiGuardrailArn", - "aiGuardrailId", - "assistantArn", - "assistantId", "name", + "assistantId", + "assistantArn", + "aiGuardrailId", + "aiGuardrailArn", "visibilityStatus" ], "members":{ - "aiGuardrailArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AI Guardrail.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Guardrail.

    " }, - "aiGuardrailId":{ + "assistantId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    " + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, "assistantArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, - "assistantId":{ + "aiGuardrailId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    " }, - "description":{ - "shape":"AIGuardrailDescription", - "documentation":"

    A description of the AI Guardrail.

    " + "aiGuardrailArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the AI Guardrail.

    " }, "modifiedTime":{ "shape":"Timestamp", "documentation":"

    The time the AI Guardrail was last modified.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Guardrail.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Guardrail.

    " + }, + "description":{ + "shape":"AIGuardrailDescription", + "documentation":"

    A description of the AI Guardrail.

    " }, "status":{ "shape":"Status", @@ -1990,10 +2069,6 @@ "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Guardrail.

    " } }, "documentation":"

    The summary of the AI Guardrail.

    " @@ -2030,13 +2105,13 @@ "AIGuardrailWordPolicyConfig":{ "type":"structure", "members":{ - "managedWordListsConfig":{ - "shape":"GuardrailManagedWordListsConfig", - "documentation":"

    A list of managed words to configure for the AI Guardrail.

    " - }, "wordsConfig":{ "shape":"GuardrailWordsConfig", "documentation":"

    A list of words to configure for the AI Guardrail.

    " + }, + "managedWordListsConfig":{ + "shape":"GuardrailManagedWordListsConfig", + "documentation":"

    A list of managed words to configure for the AI Guardrail.

    " } }, "documentation":"

    Contains details about the word policy to configured for the AI Guardrail.

    " @@ -2045,88 +2120,90 @@ "type":"string", "enum":[ "ANTHROPIC_CLAUDE_MESSAGES", - "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS" + "ANTHROPIC_CLAUDE_TEXT_COMPLETIONS", + "MESSAGES", + "TEXT_COMPLETIONS" ] }, "AIPromptData":{ "type":"structure", "required":[ - "aiPromptArn", - "aiPromptId", - "apiFormat", - "assistantArn", "assistantId", - "modelId", + "assistantArn", + "aiPromptId", + "aiPromptArn", "name", - "templateConfiguration", - "templateType", "type", + "templateType", + "modelId", + "apiFormat", + "templateConfiguration", "visibilityStatus" ], "members":{ - "aiPromptArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AI Prompt.

    " - }, - "aiPromptId":{ + "assistantId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    " - }, - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"

    The API format used for this AI Prompt.

    " + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, "assistantArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, - "assistantId":{ + "aiPromptId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the AI Prompt.

    " - }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"

    The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.

    " + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    " }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The time the AI Prompt was last modified.

    " + "aiPromptArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the AI Prompt.

    " }, "name":{ "shape":"Name", "documentation":"

    The name of the AI Prompt

    " }, - "origin":{ - "shape":"Origin", - "documentation":"

    The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.

    " + "type":{ + "shape":"AIPromptType", + "documentation":"

    The type of this AI Prompt.

    " }, - "status":{ - "shape":"Status", - "documentation":"

    The status of the AI Prompt.

    " + "templateType":{ + "shape":"AIPromptTemplateType", + "documentation":"

    The type of the prompt template for this AI Prompt.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"

    The identifier of the model used for this AI Prompt. The following model Ids are supported:

    • anthropic.claude-3-haiku--v1:0

    • apac.amazon.nova-lite-v1:0

    • apac.amazon.nova-micro-v1:0

    • apac.amazon.nova-pro-v1:0

    • apac.anthropic.claude-3-5-sonnet--v2:0

    • apac.anthropic.claude-3-haiku-20240307-v1:0

    • eu.amazon.nova-lite-v1:0

    • eu.amazon.nova-micro-v1:0

    • eu.amazon.nova-pro-v1:0

    • eu.anthropic.claude-3-7-sonnet-20250219-v1:0

    • eu.anthropic.claude-3-haiku-20240307-v1:0

    • us.amazon.nova-lite-v1:0

    • us.amazon.nova-micro-v1:0

    • us.amazon.nova-pro-v1:0

    • us.anthropic.claude-3-5-haiku-20241022-v1:0

    • us.anthropic.claude-3-7-sonnet-20250219-v1:0

    • us.anthropic.claude-3-haiku-20240307-v1:0

    " + }, + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"

    The API format used for this AI Prompt.

    " }, "templateConfiguration":{ "shape":"AIPromptTemplateConfiguration", "documentation":"

    The configuration of the prompt template for this AI Prompt.

    " }, - "templateType":{ - "shape":"AIPromptTemplateType", - "documentation":"

    The type of the prompt template for this AI Prompt.

    " + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time the AI Prompt was last modified.

    " }, - "type":{ - "shape":"AIPromptType", - "documentation":"

    The type of this AI Prompt.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description of the AI Prompt.

    " }, "visibilityStatus":{ "shape":"VisibilityStatus", "documentation":"

    The visibility status of the AI Prompt.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + }, + "origin":{ + "shape":"Origin", + "documentation":"

    The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.

    " + }, + "status":{ + "shape":"Status", + "documentation":"

    The status of the AI Prompt.

    " } }, "documentation":"

    The data for the AI Prompt

    " @@ -2139,58 +2216,70 @@ "AIPromptSummary":{ "type":"structure", "required":[ - "aiPromptArn", - "aiPromptId", - "apiFormat", - "assistantArn", - "assistantId", - "modelId", "name", - "templateType", + "assistantId", + "assistantArn", + "aiPromptId", "type", + "aiPromptArn", + "templateType", + "modelId", + "apiFormat", "visibilityStatus" ], "members":{ - "aiPromptArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AI Prompt.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Prompt.

    " }, - "aiPromptId":{ + "assistantId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    " - }, - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"

    The API format used for this AI Prompt.

    " + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, "assistantArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, - "assistantId":{ + "aiPromptId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    " }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the AI Prompt.

    " + "type":{ + "shape":"AIPromptType", + "documentation":"

    The type of this AI Prompt.

    " }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"

    The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1.

    " + "aiPromptArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the AI Prompt.

    " }, "modifiedTime":{ "shape":"Timestamp", "documentation":"

    The time the AI Prompt was last modified.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Prompt.

    " + "templateType":{ + "shape":"AIPromptTemplateType", + "documentation":"

    The type of the prompt template for this AI Prompt.

    " + }, + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"

    The identifier of the model used for this AI Prompt. Model Ids supported are: anthropic.claude-3-haiku-20240307-v1:0.

    " + }, + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"

    The API format used for this AI Prompt.

    " + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Prompt.

    " }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Prompt. SYSTEM for a default AI Prompt created by Q in Connect or CUSTOMER for an AI Prompt created by calling AI Prompt creation APIs.

    " }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the AI Prompt.

    " + }, "status":{ "shape":"Status", "documentation":"

    The status of the AI Prompt.

    " @@ -2198,18 +2287,6 @@ "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "templateType":{ - "shape":"AIPromptTemplateType", - "documentation":"

    The type of the prompt template for this AI Prompt.

    " - }, - "type":{ - "shape":"AIPromptType", - "documentation":"

    The type of this AI Prompt.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Prompt.

    " } }, "documentation":"

    The summary of the AI Prompt.

    " @@ -2240,7 +2317,11 @@ "INTENT_LABELING_GENERATION", "QUERY_REFORMULATION", "SELF_SERVICE_PRE_PROCESSING", - "SELF_SERVICE_ANSWER_GENERATION" + "SELF_SERVICE_ANSWER_GENERATION", + "EMAIL_RESPONSE", + "EMAIL_OVERVIEW", + "EMAIL_GENERATIVE_ANSWER", + "EMAIL_QUERY_REFORMULATION" ] }, "AIPromptVersionSummariesList":{ @@ -2352,29 +2433,29 @@ "AnswerRecommendationAIAgentConfiguration":{ "type":"structure", "members":{ - "answerGenerationAIGuardrailId":{ + "intentLabelingGenerationAIPromptId":{ "shape":"UuidWithQualifier", - "documentation":"

    The AI Guardrail identifier for the Answer Generation Guardrail used by the ANSWER_RECOMMENDATION AI Agent.

    " + "documentation":"

    The AI Prompt identifier for the Intent Labeling prompt used by the ANSWER_RECOMMENDATION AI Agent.

    " + }, + "queryReformulationAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The AI Prompt identifier for the Query Reformulation prompt used by the ANSWER_RECOMMENDATION AI Agent.

    " }, "answerGenerationAIPromptId":{ "shape":"UuidWithQualifier", "documentation":"

    The AI Prompt identifier for the Answer Generation prompt used by the ANSWER_RECOMMENDATION AI Agent.

    " }, + "answerGenerationAIGuardrailId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The AI Guardrail identifier for the Answer Generation Guardrail used by the ANSWER_RECOMMENDATION AI Agent.

    " + }, "associationConfigurations":{ "shape":"AssociationConfigurationList", "documentation":"

    The association configurations for overriding behavior on this AI Agent.

    " }, - "intentLabelingGenerationAIPromptId":{ - "shape":"UuidWithQualifier", - "documentation":"

    The AI Prompt identifier for the Intent Labeling prompt used by the ANSWER_RECOMMENDATION AI Agent.

    " - }, "locale":{ "shape":"NonEmptyString", - "documentation":"

    The locale to which specifies the language and region settings that determine the response language for QueryAssistant.

    Changing this locale to anything other than en_US will turn off recommendations triggered by contact transcripts for agent assistance, as this feature is not supported in multiple languages.

    " - }, - "queryReformulationAIPromptId":{ - "shape":"UuidWithQualifier", - "documentation":"

    The AI Prompt identifier for the Query Reformulation prompt used by the ANSWER_RECOMMENDATION AI Agent.

    " + "documentation":"

    The locale to which specifies the language and region settings that determine the response language for QueryAssistant.

    For more information on supported locales, see Language support for Amazon Q in Connect.

    " } }, "documentation":"

    The configuration for the ANSWER_RECOMMENDATION AI Agent type.

    " @@ -2396,47 +2477,47 @@ }, "Arn":{ "type":"string", - "pattern":"^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$" + "pattern":"arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}" }, "ArnWithQualifier":{ "type":"string", - "pattern":"^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$" + "pattern":"arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}" }, "AssistantAssociationData":{ "type":"structure", "required":[ - "assistantArn", - "assistantAssociationArn", "assistantAssociationId", + "assistantAssociationArn", "assistantId", - "associationData", - "associationType" + "assistantArn", + "associationType", + "associationData" ], "members":{ - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " + "assistantAssociationId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the assistant association.

    " }, "assistantAssociationArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the assistant association.

    " }, - "assistantAssociationId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the assistant association.

    " - }, "assistantId":{ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " }, - "associationData":{ - "shape":"AssistantAssociationOutputData", - "documentation":"

    A union type that currently has a single argument, the knowledge base ID.

    " + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "associationType":{ "shape":"AssociationType", "documentation":"

    The type of association.

    " }, + "associationData":{ + "shape":"AssistantAssociationOutputData", + "documentation":"

    A union type that currently has a single argument, the knowledge base ID.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " @@ -2469,38 +2550,38 @@ "AssistantAssociationSummary":{ "type":"structure", "required":[ - "assistantArn", - "assistantAssociationArn", "assistantAssociationId", + "assistantAssociationArn", "assistantId", - "associationData", - "associationType" + "assistantArn", + "associationType", + "associationData" ], "members":{ - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " + "assistantAssociationId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the assistant association.

    " }, "assistantAssociationArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the assistant association.

    " }, - "assistantAssociationId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the assistant association.

    " - }, "assistantId":{ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " }, - "associationData":{ - "shape":"AssistantAssociationOutputData", - "documentation":"

    The association data.

    " + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "associationType":{ "shape":"AssociationType", "documentation":"

    The type of association.

    " }, + "associationData":{ + "shape":"AssistantAssociationOutputData", + "documentation":"

    The association data.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " @@ -2532,56 +2613,56 @@ "AssistantData":{ "type":"structure", "required":[ - "assistantArn", "assistantId", + "assistantArn", "name", - "status", - "type" + "type", + "status" ], "members":{ - "aiAgentConfiguration":{ - "shape":"AIAgentConfigurationMap", - "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that is set on the Amazon Q in Connect Assistant.

    " - }, - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " - }, "assistantId":{ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " }, - "capabilityConfiguration":{ - "shape":"AssistantCapabilityConfiguration", - "documentation":"

    The configuration information for the Amazon Q in Connect assistant capability.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description.

    " - }, - "integrationConfiguration":{ - "shape":"AssistantIntegrationConfiguration", - "documentation":"

    The configuration information for the Amazon Q in Connect assistant integration.

    " + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "name":{ "shape":"Name", "documentation":"

    The name.

    " }, - "serverSideEncryptionConfiguration":{ - "shape":"ServerSideEncryptionConfiguration", - "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " + "type":{ + "shape":"AssistantType", + "documentation":"

    The type of assistant.

    " }, "status":{ "shape":"AssistantStatus", "documentation":"

    The status of the assistant.

    " }, + "description":{ + "shape":"Description", + "documentation":"

    The description.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "type":{ - "shape":"AssistantType", - "documentation":"

    The type of assistant.

    " + "serverSideEncryptionConfiguration":{ + "shape":"ServerSideEncryptionConfiguration", + "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " + }, + "integrationConfiguration":{ + "shape":"AssistantIntegrationConfiguration", + "documentation":"

    The configuration information for the Amazon Q in Connect assistant integration.

    " + }, + "capabilityConfiguration":{ + "shape":"AssistantCapabilityConfiguration", + "documentation":"

    The configuration information for the Amazon Q in Connect assistant capability.

    " + }, + "aiAgentConfiguration":{ + "shape":"AIAgentConfigurationMap", + "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that is set on the Amazon Q in Connect Assistant.

    " } }, "documentation":"

    The assistant data.

    " @@ -2614,56 +2695,56 @@ "AssistantSummary":{ "type":"structure", "required":[ - "assistantArn", "assistantId", + "assistantArn", "name", - "status", - "type" + "type", + "status" ], "members":{ - "aiAgentConfiguration":{ - "shape":"AIAgentConfigurationMap", - "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that is set on the Amazon Q in Connect Assistant.

    " - }, - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " - }, "assistantId":{ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " }, - "capabilityConfiguration":{ - "shape":"AssistantCapabilityConfiguration", - "documentation":"

    The configuration information for the Amazon Q in Connect assistant capability.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the assistant.

    " - }, - "integrationConfiguration":{ - "shape":"AssistantIntegrationConfiguration", - "documentation":"

    The configuration information for the Amazon Q in Connect assistant integration.

    " + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "name":{ "shape":"Name", "documentation":"

    The name of the assistant.

    " }, - "serverSideEncryptionConfiguration":{ - "shape":"ServerSideEncryptionConfiguration", - "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " + "type":{ + "shape":"AssistantType", + "documentation":"

    The type of the assistant.

    " }, "status":{ "shape":"AssistantStatus", "documentation":"

    The status of the assistant.

    " }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the assistant.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "type":{ - "shape":"AssistantType", - "documentation":"

    The type of the assistant.

    " + "serverSideEncryptionConfiguration":{ + "shape":"ServerSideEncryptionConfiguration", + "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " + }, + "integrationConfiguration":{ + "shape":"AssistantIntegrationConfiguration", + "documentation":"

    The configuration information for the Amazon Q in Connect assistant integration.

    " + }, + "capabilityConfiguration":{ + "shape":"AssistantCapabilityConfiguration", + "documentation":"

    The configuration information for the Amazon Q in Connect assistant capability.

    " + }, + "aiAgentConfiguration":{ + "shape":"AIAgentConfigurationMap", + "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that is set on the Amazon Q in Connect Assistant.

    " } }, "documentation":"

    Summary information about the assistant.

    " @@ -2675,10 +2756,6 @@ "AssociationConfiguration":{ "type":"structure", "members":{ - "associationConfigurationData":{ - "shape":"AssociationConfigurationData", - "documentation":"

    The data of the configuration for an Amazon Q in Connect Assistant Association.

    " - }, "associationId":{ "shape":"Uuid", "documentation":"

    The identifier of the association for this Association Configuration.

    " @@ -2686,6 +2763,10 @@ "associationType":{ "shape":"AIAgentAssociationConfigurationType", "documentation":"

    The type of the association for this Association Configuration.

    " + }, + "associationConfigurationData":{ + "shape":"AssociationConfigurationData", + "documentation":"

    The data of the configuration for an Amazon Q in Connect Assistant Association.

    " } }, "documentation":"

    The configuration for an Amazon Q in Connect Assistant Association.

    " @@ -2713,7 +2794,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[\\p{L}\\p{M}\\p{N}_\\s&@()+,;=\\-]+\\.[A-Za-z0-9]+$", + "pattern":"[\\p{L}\\p{M}\\p{N}_\\s&@()+,;=\\-]+\\.[A-Za-z0-9]+", "sensitive":true }, "BedrockFoundationModelConfigurationForParsing":{ @@ -2735,7 +2816,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/anthropic.claude-3-haiku-20240307-v1:0$" + "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}::foundation-model/anthropic.claude-3-haiku-20240307-v1:0" }, "Boolean":{ "type":"boolean", @@ -2870,47 +2951,47 @@ "ContentAssociationData":{ "type":"structure", "required":[ - "associationData", - "associationType", + "knowledgeBaseId", + "knowledgeBaseArn", + "contentId", "contentArn", - "contentAssociationArn", "contentAssociationId", - "contentId", - "knowledgeBaseArn", - "knowledgeBaseId" + "contentAssociationArn", + "associationType", + "associationData" ], "members":{ - "associationData":{ - "shape":"ContentAssociationContents", - "documentation":"

    The content association.

    " + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " }, - "associationType":{ - "shape":"ContentAssociationType", - "documentation":"

    The type of association.

    " + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "contentId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the content.

    " }, "contentArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the content.

    " }, - "contentAssociationArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the content association.

    " - }, "contentAssociationId":{ "shape":"Uuid", "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, - "contentId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the content.

    " - }, - "knowledgeBaseArn":{ + "contentAssociationArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the content association.

    " }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " + "associationType":{ + "shape":"ContentAssociationType", + "documentation":"

    The type of association.

    " + }, + "associationData":{ + "shape":"ContentAssociationContents", + "documentation":"

    The content association.

    " }, "tags":{ "shape":"Tags", @@ -2922,47 +3003,47 @@ "ContentAssociationSummary":{ "type":"structure", "required":[ - "associationData", - "associationType", + "knowledgeBaseId", + "knowledgeBaseArn", + "contentId", "contentArn", - "contentAssociationArn", "contentAssociationId", - "contentId", - "knowledgeBaseArn", - "knowledgeBaseId" + "contentAssociationArn", + "associationType", + "associationData" ], "members":{ - "associationData":{ - "shape":"ContentAssociationContents", - "documentation":"

    The content association.

    " + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " }, - "associationType":{ - "shape":"ContentAssociationType", - "documentation":"

    The type of association.

    " + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "contentId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the content.

    " }, "contentArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the content.

    " }, - "contentAssociationArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the content association.

    " - }, "contentAssociationId":{ "shape":"Uuid", "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, - "contentId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the content.

    " - }, - "knowledgeBaseArn":{ + "contentAssociationArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the content association.

    " }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " + "associationType":{ + "shape":"ContentAssociationType", + "documentation":"

    The type of association.

    " + }, + "associationData":{ + "shape":"ContentAssociationContents", + "documentation":"

    The content association.

    " }, "tags":{ "shape":"Tags", @@ -2984,14 +3065,14 @@ "required":[ "contentArn", "contentId", - "contentType", "knowledgeBaseArn", "knowledgeBaseId", - "metadata", "name", "revisionId", - "status", "title", + "contentType", + "status", + "metadata", "url", "urlExpiry" ], @@ -3004,10 +3085,6 @@ "shape":"Uuid", "documentation":"

    The identifier of the content.

    " }, - "contentType":{ - "shape":"ContentType", - "documentation":"

    The media type of the content.

    " - }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " @@ -3016,14 +3093,6 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "linkOutUri":{ - "shape":"Uri", - "documentation":"

    The URI of the content.

    " - }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the content.

    " @@ -3032,17 +3101,29 @@ "shape":"NonEmptyString", "documentation":"

    The identifier of the content revision.

    " }, + "title":{ + "shape":"ContentTitle", + "documentation":"

    The title of the content.

    " + }, + "contentType":{ + "shape":"ContentType", + "documentation":"

    The media type of the content.

    " + }, "status":{ "shape":"ContentStatus", "documentation":"

    The status of the content.

    " }, + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "title":{ - "shape":"ContentTitle", - "documentation":"

    The title of the content.

    " + "linkOutUri":{ + "shape":"Uri", + "documentation":"

    The URI of the content.

    " }, "url":{ "shape":"Url", @@ -3058,17 +3139,17 @@ "ContentDataDetails":{ "type":"structure", "required":[ - "rankingData", - "textData" + "textData", + "rankingData" ], "members":{ - "rankingData":{ - "shape":"RankingData", - "documentation":"

    Details about the content ranking data.

    " - }, "textData":{ "shape":"TextData", "documentation":"

    Details about the content text data.

    " + }, + "rankingData":{ + "shape":"RankingData", + "documentation":"

    Details about the content ranking data.

    " } }, "documentation":"

    Details about the content data.

    " @@ -3098,14 +3179,6 @@ "ContentReference":{ "type":"structure", "members":{ - "contentArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the content.

    " - }, - "contentId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the content.

    " - }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " @@ -3114,13 +3187,21 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base.

    " }, - "referenceType":{ - "shape":"ReferenceType", - "documentation":"

    The type of reference content.

    " + "contentArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the content.

    " + }, + "contentId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the content.

    " }, "sourceURL":{ "shape":"String", "documentation":"

    The web URL of the source content.

    " + }, + "referenceType":{ + "shape":"ReferenceType", + "documentation":"

    The type of reference content.

    " } }, "documentation":"

    Reference information about the content.

    " @@ -3142,14 +3223,14 @@ "required":[ "contentArn", "contentId", - "contentType", "knowledgeBaseArn", "knowledgeBaseId", - "metadata", "name", "revisionId", + "title", + "contentType", "status", - "title" + "metadata" ], "members":{ "contentArn":{ @@ -3160,10 +3241,6 @@ "shape":"Uuid", "documentation":"

    The identifier of the content.

    " }, - "contentType":{ - "shape":"ContentType", - "documentation":"

    The media type of the content.

    " - }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " @@ -3172,10 +3249,6 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base.

    " }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the content.

    " @@ -3184,17 +3257,25 @@ "shape":"NonEmptyString", "documentation":"

    The identifier of the revision of the content.

    " }, + "title":{ + "shape":"ContentTitle", + "documentation":"

    The title of the content.

    " + }, + "contentType":{ + "shape":"ContentType", + "documentation":"

    The media type of the content.

    " + }, "status":{ "shape":"ContentStatus", "documentation":"

    The status of the content.

    " }, + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "title":{ - "shape":"ContentTitle", - "documentation":"

    The title of the content.

    " } }, "documentation":"

    Summary information about the content.

    " @@ -3210,7 +3291,7 @@ }, "ContentType":{ "type":"string", - "pattern":"^(text/(plain|html|csv))|(application/(pdf|vnd\\.openxmlformats-officedocument\\.wordprocessingml\\.document))|(application/x\\.wisdom-json;source=(salesforce|servicenow|zendesk))$" + "pattern":"(text/(plain|html|csv))|(application/(pdf|vnd\\.openxmlformats-officedocument\\.wordprocessingml\\.document))|(application/x\\.wisdom-json;source=(salesforce|servicenow|zendesk))" }, "ConversationContext":{ "type":"structure", @@ -3227,13 +3308,13 @@ "type":"structure", "required":["status"], "members":{ - "reason":{ - "shape":"ConversationStatusReason", - "documentation":"

    The reason of the conversation state.

    " - }, "status":{ "shape":"ConversationStatus", "documentation":"

    The status of the conversation state.

    " + }, + "reason":{ + "shape":"ConversationStatusReason", + "documentation":"

    The reason of the conversation state.

    " } }, "documentation":"

    The conversation state associated to a message.

    " @@ -3258,46 +3339,46 @@ "type":"structure", "required":[ "assistantId", - "configuration", "name", "type", + "configuration", "visibilityStatus" ], "members":{ - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" - }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", "idempotencyToken":true }, - "configuration":{ - "shape":"AIAgentConfiguration", - "documentation":"

    The configuration of the AI Agent.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the AI Agent.

    " + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" }, "name":{ "shape":"Name", "documentation":"

    The name of the AI Agent.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, "type":{ "shape":"AIAgentType", "documentation":"

    The type of the AI Agent.

    " }, + "configuration":{ + "shape":"AIAgentConfiguration", + "documentation":"

    The configuration of the AI Agent.

    " + }, "visibilityStatus":{ "shape":"VisibilityStatus", "documentation":"

    The visibility status of the AI Agent.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the AI Agent.

    " } } }, @@ -3313,30 +3394,30 @@ "CreateAIAgentVersionRequest":{ "type":"structure", "required":[ - "aiAgentId", - "assistantId" + "assistantId", + "aiAgentId" ], "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" + }, "aiAgentId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the Amazon Q in Connect AI Agent.

    ", "location":"uri", "locationName":"aiAgentId" }, - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The modification time of the AI Agent should be tracked for version creation. This field should be specified to avoid version creation when simultaneous update to the underlying AI Agent are possible. The value should be the modifiedTime returned from the request to create or update an AI Agent so that version creation can fail if an update to the AI Agent post the specified modification time has been made.

    " }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", "idempotencyToken":true - }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The modification time of the AI Agent should be tracked for version creation. This field should be specified to avoid version creation when simultaneous update to the underlying AI Agent are possible. The value should be the modifiedTime returned from the request to create or update an AI Agent so that version creation can fail if an update to the AI Agent post the specified modification time has been made.

    " } } }, @@ -3357,18 +3438,27 @@ "type":"structure", "required":[ "assistantId", + "name", "blockedInputMessaging", "blockedOutputsMessaging", - "name", "visibilityStatus" ], "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", + "idempotencyToken":true + }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, + "name":{ + "shape":"Name", + "documentation":"

    The name of the AI Guardrail.

    " + }, "blockedInputMessaging":{ "shape":"AIGuardrailBlockedMessaging", "documentation":"

    The message to return when the AI Guardrail blocks a prompt.

    " @@ -3377,46 +3467,37 @@ "shape":"AIGuardrailBlockedMessaging", "documentation":"

    The message to return when the AI Guardrail blocks a model response.

    " }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", - "idempotencyToken":true - }, - "contentPolicyConfig":{ - "shape":"AIGuardrailContentPolicyConfig", - "documentation":"

    The content filter policies to configure for the AI Guardrail.

    " - }, - "contextualGroundingPolicyConfig":{ - "shape":"AIGuardrailContextualGroundingPolicyConfig", - "documentation":"

    The contextual grounding policy configuration used to create an AI Guardrail.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Guardrail.

    " }, "description":{ "shape":"AIGuardrailDescription", "documentation":"

    A description of the AI Guardrail.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the AI Guardrail.

    " - }, - "sensitiveInformationPolicyConfig":{ - "shape":"AIGuardrailSensitiveInformationPolicyConfig", - "documentation":"

    The sensitive information policy to configure for the AI Guardrail.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, "topicPolicyConfig":{ "shape":"AIGuardrailTopicPolicyConfig", "documentation":"

    The topic policies to configure for the AI Guardrail.

    " }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Guardrail.

    " + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"

    The content filter policies to configure for the AI Guardrail.

    " }, "wordPolicyConfig":{ "shape":"AIGuardrailWordPolicyConfig", "documentation":"

    The word policy you configure for the AI Guardrail.

    " + }, + "sensitiveInformationPolicyConfig":{ + "shape":"AIGuardrailSensitiveInformationPolicyConfig", + "documentation":"

    The sensitive information policy to configure for the AI Guardrail.

    " + }, + "contextualGroundingPolicyConfig":{ + "shape":"AIGuardrailContextualGroundingPolicyConfig", + "documentation":"

    The contextual grounding policy configuration used to create an AI Guardrail.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " } } }, @@ -3432,30 +3513,30 @@ "CreateAIGuardrailVersionRequest":{ "type":"structure", "required":[ - "aiGuardrailId", - "assistantId" + "assistantId", + "aiGuardrailId" ], "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" + }, "aiGuardrailId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", "location":"uri", "locationName":"aiGuardrailId" }, - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time the AI Guardrail was last modified.

    " }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", "idempotencyToken":true - }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The time the AI Guardrail was last modified.

    " } } }, @@ -3475,19 +3556,20 @@ "CreateAIPromptRequest":{ "type":"structure", "required":[ - "apiFormat", "assistantId", - "modelId", "name", + "type", "templateConfiguration", + "visibilityStatus", "templateType", - "type", - "visibilityStatus" + "modelId", + "apiFormat" ], "members":{ - "apiFormat":{ - "shape":"AIPromptAPIFormat", - "documentation":"

    The API Format of the AI Prompt.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", + "idempotencyToken":true }, "assistantId":{ "shape":"UuidOrArn", @@ -3495,42 +3577,41 @@ "location":"uri", "locationName":"assistantId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the AI Prompt.

    " - }, - "modelId":{ - "shape":"AIPromptModelIdentifier", - "documentation":"

    The identifier of the model used for this AI Prompt. Model Ids supported are: CLAUDE_3_HAIKU_20240307_V1

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the AI Prompt.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + "type":{ + "shape":"AIPromptType", + "documentation":"

    The type of this AI Prompt.

    " }, "templateConfiguration":{ "shape":"AIPromptTemplateConfiguration", "documentation":"

    The configuration of the prompt template for this AI Prompt.

    " }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the AI Prompt.

    " + }, "templateType":{ "shape":"AIPromptTemplateType", "documentation":"

    The type of the prompt template for this AI Prompt.

    " }, - "type":{ - "shape":"AIPromptType", - "documentation":"

    The type of this AI Prompt.

    " + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"

    The identifier of the model used for this AI Prompt.

    For information about which models are supported in each Amazon Web Services Region, see Supported models for system/custom prompts.

    " }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the AI Prompt.

    " + "apiFormat":{ + "shape":"AIPromptAPIFormat", + "documentation":"

    The API Format of the AI Prompt.

    Recommended values: MESSAGES | TEXT_COMPLETIONS

    The values ANTHROPIC_CLAUDE_MESSAGES | ANTHROPIC_CLAUDE_TEXT_COMPLETIONS will be deprecated.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the AI Prompt.

    " } } }, @@ -3546,30 +3627,30 @@ "CreateAIPromptVersionRequest":{ "type":"structure", "required":[ - "aiPromptId", - "assistantId" + "assistantId", + "aiPromptId" ], "members":{ + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" + }, "aiPromptId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    ", "location":"uri", "locationName":"aiPromptId" }, - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" + "modifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time the AI Prompt was last modified.

    " }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", "idempotencyToken":true - }, - "modifiedTime":{ - "shape":"Timestamp", - "documentation":"

    The time the AI Prompt was last modified.

    " } } }, @@ -3590,8 +3671,8 @@ "type":"structure", "required":[ "assistantId", - "association", - "associationType" + "associationType", + "association" ], "members":{ "assistantId":{ @@ -3600,14 +3681,14 @@ "location":"uri", "locationName":"assistantId" }, - "association":{ - "shape":"AssistantAssociationInputData", - "documentation":"

    The identifier of the associated resource.

    " - }, "associationType":{ "shape":"AssociationType", "documentation":"

    The type of association.

    " }, + "association":{ + "shape":"AssistantAssociationInputData", + "documentation":"

    The identifier of the associated resource.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", @@ -3640,25 +3721,25 @@ "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", "idempotencyToken":true }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the assistant.

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the assistant.

    " }, - "serverSideEncryptionConfiguration":{ - "shape":"ServerSideEncryptionConfiguration", - "documentation":"

    The configuration information for the customer managed key used for encryption.

    The customer managed key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " + "type":{ + "shape":"AssistantType", + "documentation":"

    The type of assistant.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the assistant.

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "type":{ - "shape":"AssistantType", - "documentation":"

    The type of assistant.

    " + "serverSideEncryptionConfiguration":{ + "shape":"ServerSideEncryptionConfiguration", + "documentation":"

    The configuration information for the customer managed key used for encryption.

    The customer managed key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect. To use Amazon Q in Connect with chat, the key policy must also allow kms:Decrypt, kms:GenerateDataKey*, and kms:DescribeKey permissions to the connect.amazonaws.com service principal.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " } } }, @@ -3674,36 +3755,36 @@ "CreateContentAssociationRequest":{ "type":"structure", "required":[ - "association", - "associationType", + "knowledgeBaseId", "contentId", - "knowledgeBaseId" + "associationType", + "association" ], "members":{ - "association":{ - "shape":"ContentAssociationContents", - "documentation":"

    The identifier of the associated resource.

    " - }, - "associationType":{ - "shape":"ContentAssociationType", - "documentation":"

    The type of association.

    " - }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", "idempotencyToken":true }, + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "contentId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the content.

    ", "location":"uri", "locationName":"contentId" }, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "associationType":{ + "shape":"ContentAssociationType", + "documentation":"

    The type of association.

    " + }, + "association":{ + "shape":"ContentAssociationContents", + "documentation":"

    The identifier of the associated resource.

    " }, "tags":{ "shape":"Tags", @@ -3728,40 +3809,40 @@ "uploadId" ], "members":{ - "clientToken":{ - "shape":"NonEmptyString", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", - "idempotencyToken":true - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"knowledgeBaseId" }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the content. Each piece of content in a knowledge base must have a unique name. You can retrieve a piece of content using only its knowledge base and its name with the SearchContent API.

    " }, + "title":{ + "shape":"ContentTitle", + "documentation":"

    The title of the content. If not set, the title is equal to the name.

    " + }, "overrideLinkOutUri":{ "shape":"Uri", "documentation":"

    The URI you want to use for the article. If the knowledge base has a templateUri, setting this argument overrides it for this piece of content.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "title":{ - "shape":"ContentTitle", - "documentation":"

    The title of the content. If not set, the title is equal to the name.

    " + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " }, "uploadId":{ "shape":"UploadId", "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " + }, + "clientToken":{ + "shape":"NonEmptyString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", + "idempotencyToken":true + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " } } }, @@ -3777,8 +3858,8 @@ "CreateKnowledgeBaseRequest":{ "type":"structure", "required":[ - "knowledgeBaseType", - "name" + "name", + "knowledgeBaseType" ], "members":{ "clientToken":{ @@ -3786,37 +3867,37 @@ "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", "idempotencyToken":true }, - "description":{ - "shape":"Description", - "documentation":"

    The description.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the knowledge base.

    " }, "knowledgeBaseType":{ "shape":"KnowledgeBaseType", "documentation":"

    The type of knowledge base. Only CUSTOM knowledge bases allow you to upload your own content. EXTERNAL knowledge bases support integrations with third-party systems whose content is synchronized automatically.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the knowledge base.

    " + "sourceConfiguration":{ + "shape":"SourceConfiguration", + "documentation":"

    The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.

    " }, "renderingConfiguration":{ "shape":"RenderingConfiguration", "documentation":"

    Information about how to render the content.

    " }, + "vectorIngestionConfiguration":{ + "shape":"VectorIngestionConfiguration", + "documentation":"

    Contains details about how to ingest the documents in a data source.

    " + }, "serverSideEncryptionConfiguration":{ "shape":"ServerSideEncryptionConfiguration", "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " }, - "sourceConfiguration":{ - "shape":"SourceConfiguration", - "documentation":"

    The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description.

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "vectorIngestionConfiguration":{ - "shape":"VectorIngestionConfiguration", - "documentation":"

    Contains details about how to ingest the documents in a data source.

    " } } }, @@ -3832,25 +3913,13 @@ "CreateMessageTemplateAttachmentRequest":{ "type":"structure", "required":[ - "body", - "contentDisposition", "knowledgeBaseId", "messageTemplateId", - "name" + "contentDisposition", + "name", + "body" ], "members":{ - "body":{ - "shape":"NonEmptyUnlimitedString", - "documentation":"

    The body of the attachment file being uploaded. It should be encoded using base64 encoding.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    " - }, - "contentDisposition":{ - "shape":"ContentDisposition", - "documentation":"

    The presentation information for the attachment file.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", @@ -3863,9 +3932,21 @@ "location":"uri", "locationName":"messageTemplateId" }, + "contentDisposition":{ + "shape":"ContentDisposition", + "documentation":"

    The presentation information for the attachment file.

    " + }, "name":{ "shape":"AttachmentFileName", "documentation":"

    The name of the attachment file being uploaded. The name should include the file extension.

    " + }, + "body":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"

    The body of the attachment file being uploaded. It should be encoded using base64 encoding.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    " } } }, @@ -3881,47 +3962,47 @@ "CreateMessageTemplateRequest":{ "type":"structure", "required":[ - "channelSubtype", - "content", "knowledgeBaseId", - "name" + "name", + "content", + "channelSubtype" ], "members":{ - "channelSubtype":{ - "shape":"ChannelSubtype", - "documentation":"

    The channel subtype this message template applies to.

    " + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", - "idempotencyToken":true + "name":{ + "shape":"Name", + "documentation":"

    The name of the message template.

    " }, "content":{ "shape":"MessageTemplateContentProvider", "documentation":"

    The content of the message template.

    " }, - "defaultAttributes":{ - "shape":"MessageTemplateAttributes", - "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " - }, "description":{ "shape":"Description", "documentation":"

    The description of the message template.

    " }, - "groupingConfiguration":{"shape":"GroupingConfiguration"}, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "channelSubtype":{ + "shape":"ChannelSubtype", + "documentation":"

    The channel subtype this message template applies to.

    " }, "language":{ "shape":"LanguageCode", "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the message template.

    " + "defaultAttributes":{ + "shape":"MessageTemplateAttributes", + "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " + }, + "groupingConfiguration":{"shape":"GroupingConfiguration"}, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", + "idempotencyToken":true }, "tags":{ "shape":"Tags", @@ -3951,15 +4032,15 @@ "location":"uri", "locationName":"knowledgeBaseId" }, - "messageTemplateContentSha256":{ - "shape":"MessageTemplateContentSha256", - "documentation":"

    The checksum value of the message template content that is referenced by the $LATEST qualifier. It can be returned in MessageTemplateData or ExtendedMessageTemplateData. It’s calculated by content, language, defaultAttributes and Attachments of the message template. If not supplied, the message template version will be created based on the message template content that is referenced by the $LATEST qualifier by default.

    " - }, "messageTemplateId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the message template. Can be either the ID or the ARN. It cannot contain any qualifier.

    ", "location":"uri", "locationName":"messageTemplateId" + }, + "messageTemplateContentSha256":{ + "shape":"MessageTemplateContentSha256", + "documentation":"

    The checksum value of the message template content that is referenced by the $LATEST qualifier. It can be returned in MessageTemplateData or ExtendedMessageTemplateData. It’s calculated by content, language, defaultAttributes and Attachments of the message template. If not supplied, the message template version will be created based on the message template content that is referenced by the $LATEST qualifier by default.

    " } } }, @@ -3975,19 +4056,20 @@ "CreateQuickResponseRequest":{ "type":"structure", "required":[ - "content", "knowledgeBaseId", - "name" + "name", + "content" ], "members":{ - "channels":{ - "shape":"Channels", - "documentation":"

    The Amazon Connect channels this quick response applies to.

    " + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" }, - "clientToken":{ - "shape":"NonEmptyString", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", - "idempotencyToken":true + "name":{ + "shape":"QuickResponseName", + "documentation":"

    The name of the quick response.

    " }, "content":{ "shape":"QuickResponseDataProvider", @@ -3997,35 +4079,34 @@ "shape":"QuickResponseType", "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for a quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for a quick response written in richtext.

    " }, + "groupingConfiguration":{ + "shape":"GroupingConfiguration", + "documentation":"

    The configuration information of the user groups that the quick response is accessible to.

    " + }, "description":{ "shape":"QuickResponseDescription", "documentation":"

    The description of the quick response.

    " }, - "groupingConfiguration":{ - "shape":"GroupingConfiguration", - "documentation":"

    The configuration information of the user groups that the quick response is accessible to.

    " + "shortcutKey":{ + "shape":"ShortCutKey", + "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " }, "isActive":{ "shape":"Boolean", "documentation":"

    Whether the quick response is active.

    " }, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "channels":{ + "shape":"Channels", + "documentation":"

    The Amazon Connect channels this quick response applies to.

    " }, "language":{ "shape":"LanguageCode", "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, - "name":{ - "shape":"QuickResponseName", - "documentation":"

    The name of the quick response.

    " - }, - "shortcutKey":{ - "shape":"ShortCutKey", - "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " + "clientToken":{ + "shape":"NonEmptyString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", + "idempotencyToken":true }, "tags":{ "shape":"Tags", @@ -4049,9 +4130,10 @@ "name" ], "members":{ - "aiAgentConfiguration":{ - "shape":"AIAgentConfigurationMap", - "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", + "idempotencyToken":true }, "assistantId":{ "shape":"UuidOrArn", @@ -4059,26 +4141,29 @@ "location":"uri", "locationName":"assistantId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.

    ", - "idempotencyToken":true + "name":{ + "shape":"Name", + "documentation":"

    The name of the session.

    " }, "description":{ "shape":"Description", "documentation":"

    The description.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the session.

    " + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, "tagFilter":{ "shape":"TagFilter", "documentation":"

    An object that can be used to specify Tag conditions.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + "aiAgentConfiguration":{ + "shape":"AIAgentConfigurationMap", + "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " + }, + "contactArn":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the email contact in Amazon Connect. Used to retrieve email content and establish session context for AI-powered email assistance.

    " } } }, @@ -4100,121 +4185,153 @@ "CustomerProfileAttributes":{ "type":"structure", "members":{ - "accountNumber":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    A unique account number that you have given to the customer.

    " - }, - "additionalInformation":{ + "profileId":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    Any additional information relevant to the customer's profile.

    " + "documentation":"

    The unique identifier of a customer profile.

    " }, - "address1":{ + "profileARN":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The first line of a customer address.

    " + "documentation":"

    The ARN of a customer profile.

    " }, - "address2":{ + "firstName":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The second line of a customer address.

    " + "documentation":"

    The customer's first name.

    " }, - "address3":{ + "middleName":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The third line of a customer address.

    " + "documentation":"

    The customer's middle name.

    " }, - "address4":{ + "lastName":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The fourth line of a customer address.

    " + "documentation":"

    The customer's last name.

    " }, - "billingAddress1":{ + "accountNumber":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The first line of a customer’s billing address.

    " + "documentation":"

    A unique account number that you have given to the customer.

    " }, - "billingAddress2":{ + "emailAddress":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The second line of a customer’s billing address.

    " + "documentation":"

    The customer's email address, which has not been specified as a personal or business address.

    " }, - "billingAddress3":{ + "phoneNumber":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The third line of a customer’s billing address.

    " + "documentation":"

    The customer's phone number, which has not been specified as a mobile, home, or business number.

    " }, - "billingAddress4":{ + "additionalInformation":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The fourth line of a customer’s billing address.

    " + "documentation":"

    Any additional information relevant to the customer's profile.

    " }, - "billingCity":{ + "partyType":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The city of a customer’s billing address.

    " + "documentation":"

    The customer's party type.

    " }, - "billingCountry":{ + "businessName":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The country of a customer’s billing address.

    " + "documentation":"

    The name of the customer's business.

    " }, - "billingCounty":{ + "birthDate":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The county of a customer’s billing address.

    " + "documentation":"

    The customer's birth date.

    " }, - "billingPostalCode":{ + "gender":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The postal code of a customer’s billing address.

    " + "documentation":"

    The customer's gender.

    " }, - "billingProvince":{ + "mobilePhoneNumber":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The province of a customer’s billing address.

    " + "documentation":"

    The customer's mobile phone number.

    " }, - "billingState":{ + "homePhoneNumber":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The state of a customer’s billing address.

    " + "documentation":"

    The customer's mobile phone number.

    " }, - "birthDate":{ + "businessPhoneNumber":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's birth date.

    " + "documentation":"

    The customer's business phone number.

    " }, "businessEmailAddress":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The customer's business email address.

    " }, - "businessName":{ + "address1":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The name of the customer's business.

    " + "documentation":"

    The first line of a customer address.

    " }, - "businessPhoneNumber":{ + "address2":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's business phone number.

    " + "documentation":"

    The second line of a customer address.

    " + }, + "address3":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The third line of a customer address.

    " + }, + "address4":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The fourth line of a customer address.

    " }, "city":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The city in which a customer lives.

    " }, + "county":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The county in which a customer lives.

    " + }, "country":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The country in which a customer lives.

    " }, - "county":{ + "postalCode":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The county in which a customer lives.

    " + "documentation":"

    The postal code of a customer address.

    " }, - "custom":{ - "shape":"CustomAttributes", - "documentation":"

    The custom attributes in customer profile attributes.

    " + "province":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The province in which a customer lives.

    " }, - "emailAddress":{ + "state":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's email address, which has not been specified as a personal or business address.

    " + "documentation":"

    The state in which a customer lives.

    " }, - "firstName":{ + "shippingAddress1":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's first name.

    " + "documentation":"

    The first line of a customer’s shipping address.

    " }, - "gender":{ + "shippingAddress2":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's gender.

    " + "documentation":"

    The second line of a customer’s shipping address.

    " }, - "homePhoneNumber":{ + "shippingAddress3":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's mobile phone number.

    " + "documentation":"

    The third line of a customer’s shipping address.

    " }, - "lastName":{ + "shippingAddress4":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's last name.

    " + "documentation":"

    The fourth line of a customer’s shipping address.

    " + }, + "shippingCity":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The city of a customer’s shipping address.

    " + }, + "shippingCounty":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The county of a customer’s shipping address.

    " + }, + "shippingCountry":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The country of a customer’s shipping address.

    " + }, + "shippingPostalCode":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The postal code of a customer’s shipping address.

    " + }, + "shippingProvince":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The province of a customer’s shipping address.

    " + }, + "shippingState":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The state of a customer’s shipping address.

    " }, "mailingAddress1":{ "shape":"MessageTemplateAttributeValue", @@ -4236,14 +4353,14 @@ "shape":"MessageTemplateAttributeValue", "documentation":"

    The city of a customer’s mailing address.

    " }, - "mailingCountry":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The country of a customer’s mailing address.

    " - }, "mailingCounty":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The county of a customer’s mailing address.

    " }, + "mailingCountry":{ + "shape":"MessageTemplateAttributeValue", + "documentation":"

    The country of a customer’s mailing address.

    " + }, "mailingPostalCode":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The postal code of a customer’s mailing address.

    " @@ -4256,81 +4373,49 @@ "shape":"MessageTemplateAttributeValue", "documentation":"

    The state of a customer’s mailing address.

    " }, - "middleName":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's middle name.

    " - }, - "mobilePhoneNumber":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's mobile phone number.

    " - }, - "partyType":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's party type.

    " - }, - "phoneNumber":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The customer's phone number, which has not been specified as a mobile, home, or business number.

    " - }, - "postalCode":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The postal code of a customer address.

    " - }, - "profileARN":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The ARN of a customer profile.

    " - }, - "profileId":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The unique identifier of a customer profile.

    " - }, - "province":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The province in which a customer lives.

    " - }, - "shippingAddress1":{ + "billingAddress1":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The first line of a customer’s shipping address.

    " + "documentation":"

    The first line of a customer’s billing address.

    " }, - "shippingAddress2":{ + "billingAddress2":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The second line of a customer’s shipping address.

    " + "documentation":"

    The second line of a customer’s billing address.

    " }, - "shippingAddress3":{ + "billingAddress3":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The third line of a customer’s shipping address.

    " + "documentation":"

    The third line of a customer’s billing address.

    " }, - "shippingAddress4":{ + "billingAddress4":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The fourth line of a customer’s shipping address.

    " + "documentation":"

    The fourth line of a customer’s billing address.

    " }, - "shippingCity":{ + "billingCity":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The city of a customer’s shipping address.

    " + "documentation":"

    The city of a customer’s billing address.

    " }, - "shippingCountry":{ + "billingCounty":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The country of a customer’s shipping address.

    " + "documentation":"

    The county of a customer’s billing address.

    " }, - "shippingCounty":{ + "billingCountry":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The county of a customer’s shipping address.

    " + "documentation":"

    The country of a customer’s billing address.

    " }, - "shippingPostalCode":{ + "billingPostalCode":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The postal code of a customer’s shipping address.

    " + "documentation":"

    The postal code of a customer’s billing address.

    " }, - "shippingProvince":{ + "billingProvince":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The province of a customer’s shipping address.

    " + "documentation":"

    The province of a customer’s billing address.

    " }, - "shippingState":{ + "billingState":{ "shape":"MessageTemplateAttributeValue", - "documentation":"

    The state of a customer’s shipping address.

    " + "documentation":"

    The state of a customer’s billing address.

    " }, - "state":{ - "shape":"MessageTemplateAttributeValue", - "documentation":"

    The state in which a customer lives.

    " + "custom":{ + "shape":"CustomAttributes", + "documentation":"

    The custom attributes in customer profile attributes.

    " } }, "documentation":"

    The customer profile attributes that are used with the message template.

    " @@ -4353,6 +4438,22 @@ "sourceContentData":{ "shape":"SourceContentDataDetails", "documentation":"

    Details about the content data.

    " + }, + "generativeChunkData":{ + "shape":"GenerativeChunkDataDetails", + "documentation":"

    Details about the generative chunk data.

    " + }, + "emailResponseChunkData":{ + "shape":"EmailResponseChunkDataDetails", + "documentation":"

    Streaming chunk data for email response generation containing partial response content.

    " + }, + "emailOverviewChunkData":{ + "shape":"EmailOverviewChunkDataDetails", + "documentation":"

    Streaming chunk data for email overview containing partial overview content.

    " + }, + "emailGenerativeAnswerChunkData":{ + "shape":"EmailGenerativeAnswerChunkDataDetails", + "documentation":"

    Streaming chunk data for email generative answers containing partial knowledge-based response content.

    " } }, "documentation":"

    Details about the data.

    ", @@ -4373,17 +4474,17 @@ "DataSummary":{ "type":"structure", "required":[ - "details", - "reference" + "reference", + "details" ], "members":{ - "details":{ - "shape":"DataDetails", - "documentation":"

    Details about the data.

    " - }, "reference":{ "shape":"DataReference", "documentation":"

    Reference information about the content.

    " + }, + "details":{ + "shape":"DataDetails", + "documentation":"

    Details about the data.

    " } }, "documentation":"

    Summary of the data.

    " @@ -4443,49 +4544,48 @@ "DeleteAIAgentRequest":{ "type":"structure", "required":[ - "aiAgentId", - "assistantId" + "assistantId", + "aiAgentId" ], "members":{ - "aiAgentId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Agent. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"aiAgentId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Agent. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"aiAgentId" } } }, "DeleteAIAgentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAIAgentVersionRequest":{ "type":"structure", "required":[ - "aiAgentId", "assistantId", + "aiAgentId", "versionNumber" ], "members":{ - "aiAgentId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Agent. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"aiAgentId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Agent. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"aiAgentId" + }, "versionNumber":{ "shape":"Version", "documentation":"

    The version number of the AI Agent version.

    ", @@ -4496,55 +4596,53 @@ }, "DeleteAIAgentVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAIGuardrailRequest":{ "type":"structure", "required":[ - "aiGuardrailId", - "assistantId" + "assistantId", + "aiGuardrailId" ], "members":{ - "aiGuardrailId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"aiGuardrailId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"aiGuardrailId" } } }, "DeleteAIGuardrailResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAIGuardrailVersionRequest":{ "type":"structure", "required":[ - "aiGuardrailId", "assistantId", + "aiGuardrailId", "versionNumber" ], "members":{ - "aiGuardrailId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", - "location":"uri", - "locationName":"aiGuardrailId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", + "location":"uri", + "locationName":"aiGuardrailId" + }, "versionNumber":{ "shape":"Version", "documentation":"

    The version number of the AI Guardrail version to be deleted.

    ", @@ -4555,55 +4653,53 @@ }, "DeleteAIGuardrailVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAIPromptRequest":{ "type":"structure", "required":[ - "aiPromptId", - "assistantId" + "assistantId", + "aiPromptId" ], "members":{ - "aiPromptId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"aiPromptId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiPromptId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"aiPromptId" } } }, "DeleteAIPromptResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAIPromptVersionRequest":{ "type":"structure", "required":[ - "aiPromptId", "assistantId", + "aiPromptId", "versionNumber" ], "members":{ - "aiPromptId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    ", - "location":"uri", - "locationName":"aiPromptId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, + "aiPromptId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    ", + "location":"uri", + "locationName":"aiPromptId" + }, "versionNumber":{ "shape":"Version", "documentation":"

    The version number of the AI Prompt version to be deleted.

    ", @@ -4614,8 +4710,7 @@ }, "DeleteAIPromptVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssistantAssociationRequest":{ "type":"structure", @@ -4640,8 +4735,7 @@ }, "DeleteAssistantAssociationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssistantRequest":{ "type":"structure", @@ -4657,22 +4751,21 @@ }, "DeleteAssistantResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContentAssociationRequest":{ "type":"structure", "required":[ - "contentAssociationId", + "knowledgeBaseId", "contentId", - "knowledgeBaseId" + "contentAssociationId" ], "members":{ - "contentAssociationId":{ + "knowledgeBaseId":{ "shape":"UuidOrArn", - "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "documentation":"

    The identifier of the knowledge base.

    ", "location":"uri", - "locationName":"contentAssociationId" + "locationName":"knowledgeBaseId" }, "contentId":{ "shape":"UuidOrArn", @@ -4680,70 +4773,67 @@ "location":"uri", "locationName":"contentId" }, - "knowledgeBaseId":{ + "contentAssociationId":{ "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base.

    ", + "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", - "locationName":"knowledgeBaseId" + "locationName":"contentAssociationId" } } }, "DeleteContentAssociationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContentRequest":{ "type":"structure", "required":[ - "contentId", - "knowledgeBaseId" + "knowledgeBaseId", + "contentId" ], "members":{ - "contentId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the content. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"contentId" - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"knowledgeBaseId" + }, + "contentId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the content. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"contentId" } } }, "DeleteContentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImportJobRequest":{ "type":"structure", "required":[ - "importJobId", - "knowledgeBaseId" + "knowledgeBaseId", + "importJobId" ], "members":{ - "importJobId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the import job to be deleted.

    ", - "location":"uri", - "locationName":"importJobId" - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base.

    ", "location":"uri", "locationName":"knowledgeBaseId" + }, + "importJobId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the import job to be deleted.

    ", + "location":"uri", + "locationName":"importJobId" } } }, "DeleteImportJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteKnowledgeBaseRequest":{ "type":"structure", @@ -4759,23 +4849,16 @@ }, "DeleteKnowledgeBaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMessageTemplateAttachmentRequest":{ "type":"structure", "required":[ - "attachmentId", "knowledgeBaseId", - "messageTemplateId" + "messageTemplateId", + "attachmentId" ], "members":{ - "attachmentId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the attachment file.

    ", - "location":"uri", - "locationName":"attachmentId" - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", @@ -4787,13 +4870,18 @@ "documentation":"

    The identifier of the message template. Can be either the ID or the ARN. It cannot contain any qualifier.

    ", "location":"uri", "locationName":"messageTemplateId" + }, + "attachmentId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the attachment file.

    ", + "location":"uri", + "locationName":"attachmentId" } } }, "DeleteMessageTemplateAttachmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMessageTemplateRequest":{ "type":"structure", @@ -4818,8 +4906,7 @@ }, "DeleteMessageTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteQuickResponseRequest":{ "type":"structure", @@ -4844,14 +4931,25 @@ }, "DeleteQuickResponseResponse":{ "type":"structure", + "members":{} + }, + "DependencyFailedException":{ + "type":"structure", "members":{ - } + "message":{"shape":"String"} + }, + "documentation":"

    An error occurred while calling a dependency. For example, calling connect:DecribeContact as part of CreateSession with a contactArn.

    ", + "error":{ + "httpStatusCode":424, + "senderFault":true + }, + "exception":true }, "Description":{ "type":"string", "max":255, "min":1, - "pattern":"^[a-zA-Z0-9\\s_.,-]+" + "pattern":"[a-zA-Z0-9\\s_.,-]+.*" }, "Document":{ "type":"structure", @@ -4861,13 +4959,13 @@ "shape":"ContentReference", "documentation":"

    A reference to the content resource.

    " }, - "excerpt":{ - "shape":"DocumentText", - "documentation":"

    The excerpt from the document.

    " - }, "title":{ "shape":"DocumentText", "documentation":"

    The title of the document.

    " + }, + "excerpt":{ + "shape":"DocumentText", + "documentation":"

    The excerpt from the document.

    " } }, "documentation":"

    The document.

    " @@ -4875,17 +4973,57 @@ "DocumentText":{ "type":"structure", "members":{ - "highlights":{ - "shape":"Highlights", - "documentation":"

    Highlights in the document text.

    " - }, "text":{ "shape":"SensitiveString", "documentation":"

    Text in the document.

    " + }, + "highlights":{ + "shape":"Highlights", + "documentation":"

    Highlights in the document text.

    " } }, "documentation":"

    The text of the document.

    " }, + "EmailGenerativeAnswerAIAgentConfiguration":{ + "type":"structure", + "members":{ + "emailGenerativeAnswerAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The ID of the System AI prompt used for generating comprehensive knowledge-based answers from email queries.

    " + }, + "emailQueryReformulationAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The ID of the System AI prompt used for reformulating email queries to optimize knowledge base search results.

    " + }, + "locale":{ + "shape":"NonEmptyString", + "documentation":"

    The locale setting for language-specific email processing and response generation (for example, en_US, es_ES).

    " + }, + "associationConfigurations":{ + "shape":"AssociationConfigurationList", + "documentation":"

    Configuration settings for knowledge base associations used by the email generative answer agent.

    " + } + }, + "documentation":"

    Configuration settings for the EMAIL_GENERATIVE_ANSWER AI agent including prompts, locale, and knowledge base associations.

    " + }, + "EmailGenerativeAnswerChunkDataDetails":{ + "type":"structure", + "members":{ + "completion":{ + "shape":"NonEmptySensitiveString", + "documentation":"

    The partial or complete text content of the generative answer response.

    " + }, + "references":{ + "shape":"DataSummaryList", + "documentation":"

    Source references and citations from knowledge base articles used to generate the answer.

    " + }, + "nextChunkToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving the next chunk of streaming response data, if available.

    " + } + }, + "documentation":"

    Details of streaming chunk data for email generative answers including completion text and references.

    " + }, "EmailHeader":{ "type":"structure", "members":{ @@ -4904,13 +5042,13 @@ "type":"string", "max":126, "min":1, - "pattern":"^[!-9;-@A-~]+$" + "pattern":"[!-9;-@A-~]+" }, "EmailHeaderValue":{ "type":"string", "max":870, "min":1, - "pattern":"[ -~]*", + "pattern":".*[ -~]*.*", "sensitive":true }, "EmailHeaders":{ @@ -4922,6 +5060,10 @@ "EmailMessageTemplateContent":{ "type":"structure", "members":{ + "subject":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"

    The subject line, or title, to use in email messages.

    " + }, "body":{ "shape":"EmailMessageTemplateContentBody", "documentation":"

    The body to use in email messages.

    " @@ -4929,10 +5071,6 @@ "headers":{ "shape":"EmailHeaders", "documentation":"

    The email headers to include in email messages.

    " - }, - "subject":{ - "shape":"NonEmptyUnlimitedString", - "documentation":"

    The subject line, or title, to use in email messages.

    " } }, "documentation":"

    The content of the message template that applies to the email channel subtype.

    " @@ -4940,109 +5078,173 @@ "EmailMessageTemplateContentBody":{ "type":"structure", "members":{ - "html":{ - "shape":"MessageTemplateBodyContentProvider", - "documentation":"

    The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message.

    " - }, "plainText":{ "shape":"MessageTemplateBodyContentProvider", "documentation":"

    The message body, in plain text format, to use in email messages that are based on the message template. We recommend using plain text format for email clients that don't render HTML content and clients that are connected to high-latency networks, such as mobile devices.

    " + }, + "html":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"

    The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message.

    " } }, "documentation":"

    The body to use in email messages.

    " }, + "EmailOverviewAIAgentConfiguration":{ + "type":"structure", + "members":{ + "emailOverviewAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The ID of the System AI prompt used for generating structured email conversation summaries.

    " + }, + "locale":{ + "shape":"NonEmptyString", + "documentation":"

    The locale setting for language-specific email overview processing (for example, en_US, es_ES).

    " + } + }, + "documentation":"

    Configuration settings for the EMAIL_OVERVIEW AI agent including prompt ID and locale settings.

    " + }, + "EmailOverviewChunkDataDetails":{ + "type":"structure", + "members":{ + "completion":{ + "shape":"NonEmptySensitiveString", + "documentation":"

    The partial or complete overview text content in structured HTML format with customer issues, resolutions, and next steps.

    " + }, + "nextChunkToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving the next chunk of streaming overview data, if available.

    " + } + }, + "documentation":"

    Details of streaming chunk data for email overview including completion text and pagination tokens.

    " + }, + "EmailResponseAIAgentConfiguration":{ + "type":"structure", + "members":{ + "emailResponseAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The ID of the System AI prompt used for generating professional email responses based on knowledge base content.

    " + }, + "emailQueryReformulationAIPromptId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The ID of the System AI prompt used for reformulating email queries to optimize knowledge base search for response generation.

    " + }, + "locale":{ + "shape":"NonEmptyString", + "documentation":"

    The locale setting for language-specific email response generation (for example, en_US, es_ES).

    " + }, + "associationConfigurations":{ + "shape":"AssociationConfigurationList", + "documentation":"

    Configuration settings for knowledge base associations used by the email response agent.

    " + } + }, + "documentation":"

    Configuration settings for the EMAIL_RESPONSE AI agent including prompts, locale, and knowledge base associations.

    " + }, + "EmailResponseChunkDataDetails":{ + "type":"structure", + "members":{ + "completion":{ + "shape":"NonEmptySensitiveString", + "documentation":"

    The partial or complete professional email response text with appropriate greetings and closings.

    " + }, + "nextChunkToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving the next chunk of streaming response data, if available.

    " + } + }, + "documentation":"

    Details of streaming chunk data for email responses including completion text and pagination tokens.

    " + }, "ExtendedMessageTemplateData":{ "type":"structure", "required":[ - "channelSubtype", - "content", - "createdTime", + "messageTemplateArn", + "messageTemplateId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedBy", + "name", + "channelSubtype", + "createdTime", "lastModifiedTime", - "messageTemplateArn", - "messageTemplateContentSha256", - "messageTemplateId", - "name" + "lastModifiedBy", + "content", + "messageTemplateContentSha256" ], "members":{ - "attachments":{ - "shape":"MessageTemplateAttachmentList", - "documentation":"

    The message template attachments.

    " + "messageTemplateArn":{ + "shape":"ArnWithQualifier", + "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " }, - "attributeTypes":{ - "shape":"MessageTemplateAttributeTypeList", - "documentation":"

    The types of attributes contain the message template.

    " + "messageTemplateId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the message template.

    " + }, + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " + }, + "name":{ + "shape":"Name", + "documentation":"

    The name of the message template.

    " }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"

    The channel subtype this message template applies to.

    " }, - "content":{ - "shape":"MessageTemplateContentProvider", - "documentation":"

    The content of the message template.

    " - }, "createdTime":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The timestamp when the message template was created.

    " }, - "defaultAttributes":{ - "shape":"MessageTemplateAttributes", - "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the message template data was last modified.

    " + }, + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " + }, + "content":{ + "shape":"MessageTemplateContentProvider", + "documentation":"

    The content of the message template.

    " }, "description":{ "shape":"Description", "documentation":"

    The description of the message template.

    " }, - "groupingConfiguration":{"shape":"GroupingConfiguration"}, - "isActive":{ - "shape":"Boolean", - "documentation":"

    Whether the version of the message template is activated.

    " - }, - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " - }, "language":{ "shape":"LanguageCode", "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " + "groupingConfiguration":{"shape":"GroupingConfiguration"}, + "defaultAttributes":{ + "shape":"MessageTemplateAttributes", + "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp when the message template data was last modified.

    " + "attributeTypes":{ + "shape":"MessageTemplateAttributeTypeList", + "documentation":"

    The types of attributes contain the message template.

    " }, - "messageTemplateArn":{ - "shape":"ArnWithQualifier", - "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " + "attachments":{ + "shape":"MessageTemplateAttachmentList", + "documentation":"

    The message template attachments.

    " + }, + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the version of the message template is activated.

    " + }, + "versionNumber":{ + "shape":"Version", + "documentation":"

    The version number of the message template version.

    " }, "messageTemplateContentSha256":{ "shape":"MessageTemplateContentSha256", "documentation":"

    The checksum value of the message template content that is referenced by the $LATEST qualifier. It can be returned in MessageTemplateData or ExtendedMessageTemplateData. It’s calculated by content, language, defaultAttributes and Attachments of the message template.

    " }, - "messageTemplateId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the message template.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the message template.

    " - }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "versionNumber":{ - "shape":"Version", - "documentation":"

    The version number of the message template version.

    " } }, "documentation":"

    The extended data of a message template.

    " @@ -5054,17 +5256,17 @@ "ExternalSourceConfiguration":{ "type":"structure", "required":[ - "configuration", - "source" + "source", + "configuration" ], "members":{ - "configuration":{ - "shape":"Configuration", - "documentation":"

    The configuration information of the external data source.

    " - }, "source":{ "shape":"ExternalSource", "documentation":"

    The type of the external data source.

    " + }, + "configuration":{ + "shape":"Configuration", + "documentation":"

    The configuration information of the external data source.

    " } }, "documentation":"

    The configuration information of the external data source.

    " @@ -5137,6 +5339,24 @@ "max":99, "min":1 }, + "GenerativeChunkDataDetails":{ + "type":"structure", + "members":{ + "completion":{ + "shape":"SensitiveString", + "documentation":"

    A chunk of the LLM response.

    " + }, + "references":{ + "shape":"DataSummaryList", + "documentation":"

    The references used to generate the LLM response.

    " + }, + "nextChunkToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of chunks. Use the value returned in the previous response in the next request to retrieve the next set of chunks.

    " + } + }, + "documentation":"

    Details about the generative chunk data.

    " + }, "GenerativeContentFeedbackData":{ "type":"structure", "required":["relevance"], @@ -5152,21 +5372,21 @@ "type":"structure", "required":[ "completion", - "rankingData", - "references" + "references", + "rankingData" ], "members":{ "completion":{ "shape":"SensitiveString", "documentation":"

    The LLM response.

    " }, - "rankingData":{ - "shape":"RankingData", - "documentation":"

    Details about the generative content ranking data.

    " - }, "references":{ "shape":"DataSummaryList", "documentation":"

    The references used to generative the LLM response.

    " + }, + "rankingData":{ + "shape":"RankingData", + "documentation":"

    Details about the generative content ranking data.

    " } }, "documentation":"

    Details about generative data.

    " @@ -5174,13 +5394,13 @@ "GenerativeReference":{ "type":"structure", "members":{ - "generationId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the LLM model.

    " - }, "modelId":{ "shape":"LlmModelId", "documentation":"

    The identifier of the LLM model.

    " + }, + "generationId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the LLM model.

    " } }, "documentation":"

    Reference information about generative content.

    " @@ -5189,26 +5409,26 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:[a-z-]+?:[a-z-]+?:[a-z0-9-]*?:([0-9]{12})?:[a-zA-Z0-9-:/]+$" + "pattern":"arn:[a-z-]+?:[a-z-]+?:[a-z0-9-]*?:([0-9]{12})?:[a-zA-Z0-9-:/]+" }, "GetAIAgentRequest":{ "type":"structure", "required":[ - "aiAgentId", - "assistantId" + "assistantId", + "aiAgentId" ], "members":{ - "aiAgentId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Agent (with or without a version qualifier). Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"aiAgentId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Agent (with or without a version qualifier). Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"aiAgentId" } } }, @@ -5228,21 +5448,21 @@ "GetAIGuardrailRequest":{ "type":"structure", "required":[ - "aiGuardrailId", - "assistantId" + "assistantId", + "aiGuardrailId" ], "members":{ - "aiGuardrailId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", - "location":"uri", - "locationName":"aiGuardrailId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", + "location":"uri", + "locationName":"aiGuardrailId" } } }, @@ -5262,21 +5482,21 @@ "GetAIPromptRequest":{ "type":"structure", "required":[ - "aiPromptId", - "assistantId" + "assistantId", + "aiPromptId" ], "members":{ - "aiPromptId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    ", - "location":"uri", - "locationName":"aiPromptId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiPromptId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt.

    ", + "location":"uri", + "locationName":"aiPromptId" } } }, @@ -5347,16 +5567,16 @@ "GetContentAssociationRequest":{ "type":"structure", "required":[ - "contentAssociationId", + "knowledgeBaseId", "contentId", - "knowledgeBaseId" + "contentAssociationId" ], "members":{ - "contentAssociationId":{ + "knowledgeBaseId":{ "shape":"UuidOrArn", - "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "documentation":"

    The identifier of the knowledge base.

    ", "location":"uri", - "locationName":"contentAssociationId" + "locationName":"knowledgeBaseId" }, "contentId":{ "shape":"UuidOrArn", @@ -5364,11 +5584,11 @@ "location":"uri", "locationName":"contentId" }, - "knowledgeBaseId":{ + "contentAssociationId":{ "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base.

    ", + "documentation":"

    The identifier of the content association. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", - "locationName":"knowledgeBaseId" + "locationName":"contentAssociationId" } } }, @@ -5495,21 +5715,21 @@ "GetMessageTemplateRequest":{ "type":"structure", "required":[ - "knowledgeBaseId", - "messageTemplateId" + "messageTemplateId", + "knowledgeBaseId" ], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" - }, "messageTemplateId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the message template. Can be either the ID or the ARN.

    ", "location":"uri", "locationName":"messageTemplateId" + }, + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -5526,8 +5746,8 @@ "type":"structure", "required":[ "assistantId", - "nextMessageToken", - "sessionId" + "sessionId", + "nextMessageToken" ], "members":{ "assistantId":{ @@ -5536,32 +5756,40 @@ "location":"uri", "locationName":"assistantId" }, - "nextMessageToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next message. Use the value returned in the SendMessage or previous response in the next request to retrieve the next message.

    ", - "location":"querystring", - "locationName":"nextMessageToken" - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect session.

    ", "location":"uri", "locationName":"sessionId" + }, + "nextMessageToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next message. Use the value returned in the SendMessage or previous response in the next request to retrieve the next message.

    ", + "location":"querystring", + "locationName":"nextMessageToken" } } }, "GetNextMessageResponse":{ "type":"structure", "required":[ - "conversationState", - "requestMessageId", + "type", "response", - "type" + "requestMessageId", + "conversationState" ], "members":{ - "conversationSessionData":{ - "shape":"RuntimeSessionDataList", - "documentation":"

    The conversation data stored on an Amazon Q in Connect Session.

    " + "type":{ + "shape":"MessageType", + "documentation":"

    The type of message response.

    " + }, + "response":{ + "shape":"MessageOutput", + "documentation":"

    The message response to the requested message.

    " + }, + "requestMessageId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the submitted message.

    " }, "conversationState":{ "shape":"ConversationState", @@ -5571,38 +5799,30 @@ "shape":"NextToken", "documentation":"

    The token for the next message.

    " }, - "requestMessageId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the submitted message.

    " - }, - "response":{ - "shape":"MessageOutput", - "documentation":"

    The message response to the requested message.

    " - }, - "type":{ - "shape":"MessageType", - "documentation":"

    The type of message response.

    " + "conversationSessionData":{ + "shape":"RuntimeSessionDataList", + "documentation":"

    The conversation data stored on an Amazon Q in Connect Session.

    " } } }, "GetQuickResponseRequest":{ "type":"structure", "required":[ - "knowledgeBaseId", - "quickResponseId" + "quickResponseId", + "knowledgeBaseId" ], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. This should be a QUICK_RESPONSES type knowledge base.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" - }, "quickResponseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the quick response.

    ", "location":"uri", "locationName":"quickResponseId" + }, + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. This should be a QUICK_RESPONSES type knowledge base.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -5628,23 +5848,29 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"sessionId" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "waitTimeSeconds":{ "shape":"WaitTimeSeconds", "documentation":"

    The duration (in seconds) for which the call waits for a recommendation to be made available before returning. If a recommendation is available, the call returns sooner than WaitTimeSeconds. If no messages are available and the wait time expires, the call returns successfully with an empty list.

    ", "location":"querystring", "locationName":"waitTimeSeconds" + }, + "nextChunkToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of chunks. Use the value returned in the previous response in the next request to retrieve the next set of chunks.

    ", + "location":"querystring", + "locationName":"nextChunkToken" } } }, @@ -5725,11 +5951,15 @@ "GuardrailContentFilterConfig":{ "type":"structure", "required":[ + "type", "inputStrength", - "outputStrength", - "type" + "outputStrength" ], "members":{ + "type":{ + "shape":"GuardrailContentFilterType", + "documentation":"

    The harmful category that the content filter is applied to.

    " + }, "inputStrength":{ "shape":"GuardrailFilterStrength", "documentation":"

    The strength of the content filter to apply to prompts. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.

    " @@ -5737,10 +5967,6 @@ "outputStrength":{ "shape":"GuardrailFilterStrength", "documentation":"

    The strength of the content filter to apply to model responses. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces.

    " - }, - "type":{ - "shape":"GuardrailContentFilterType", - "documentation":"

    The harmful category that the content filter is applied to.

    " } }, "documentation":"

    Contains filter strengths for harmful content. AI Guardrail's support the following content filters to detect and filter harmful user inputs and FM-generated outputs.

    • Hate: Describes input prompts and model responses that discriminate, criticize, insult, denounce, or dehumanize a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin).

    • Insults: Describes input prompts and model responses that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying.

    • Sexual: Describes input prompts and model responses that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex.

    • Violence: Describes input prompts and model responses that includes glorification of, or threats to inflict physical pain, hurt, or injury toward a person, group, or thing.

    Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence.

    " @@ -5768,17 +5994,17 @@ "GuardrailContextualGroundingFilterConfig":{ "type":"structure", "required":[ - "threshold", - "type" + "type", + "threshold" ], "members":{ - "threshold":{ - "shape":"GuardrailContextualGroundingFilterThreshold", - "documentation":"

    The threshold details for the AI Guardrail's contextual grounding filter.

    " - }, "type":{ "shape":"GuardrailContextualGroundingFilterType", "documentation":"

    The filter type for the AI Guardrail's contextual grounding filter.

    " + }, + "threshold":{ + "shape":"GuardrailContextualGroundingFilterThreshold", + "documentation":"

    The threshold details for the AI Guardrail's contextual grounding filter.

    " } }, "documentation":"

    The filter configuration details for the AI Guardrail's contextual grounding filter.

    " @@ -5846,17 +6072,17 @@ "GuardrailPiiEntityConfig":{ "type":"structure", "required":[ - "action", - "type" + "type", + "action" ], "members":{ - "action":{ - "shape":"GuardrailSensitiveInformationAction", - "documentation":"

    Configure AI Guardrail's action when the PII entity is detected.

    " - }, "type":{ "shape":"GuardrailPiiEntityType", "documentation":"

    Configure AI Guardrail type when the PII entity is detected.

    The following PIIs are used to block or mask sensitive information:

    • General

      • ADDRESS

        A physical address, such as \"100 Main Street, Anytown, USA\" or \"Suite #12, Building 123\". An address can include information such as the street, building, location, city, state, country, county, zip code, precinct, and neighborhood.

      • AGE

        An individual's age, including the quantity and unit of time. For example, in the phrase \"I am 40 years old,\" Guarrails recognizes \"40 years\" as an age.

      • NAME

        An individual's name. This entity type does not include titles, such as Dr., Mr., Mrs., or Miss. AI Guardrail doesn't apply this entity type to names that are part of organizations or addresses. For example, AI Guardrail recognizes the \"John Doe Organization\" as an organization, and it recognizes \"Jane Doe Street\" as an address.

      • EMAIL

        An email address, such as marymajor@email.com.

      • PHONE

        A phone number. This entity type also includes fax and pager numbers.

      • USERNAME

        A user name that identifies an account, such as a login name, screen name, nick name, or handle.

      • PASSWORD

        An alphanumeric string that is used as a password, such as \"* very20special#pass*\".

      • DRIVER_ID

        The number assigned to a driver's license, which is an official document permitting an individual to operate one or more motorized vehicles on a public road. A driver's license number consists of alphanumeric characters.

      • LICENSE_PLATE

        A license plate for a vehicle is issued by the state or country where the vehicle is registered. The format for passenger vehicles is typically five to eight digits, consisting of upper-case letters and numbers. The format varies depending on the location of the issuing state or country.

      • VEHICLE_IDENTIFICATION_NUMBER

        A Vehicle Identification Number (VIN) uniquely identifies a vehicle. VIN content and format are defined in the ISO 3779 specification. Each country has specific codes and formats for VINs.

    • Finance

      • CREDIT_DEBIT_CARD_CVV

        A three-digit card verification code (CVV) that is present on VISA, MasterCard, and Discover credit and debit cards. For American Express credit or debit cards, the CVV is a four-digit numeric code.

      • CREDIT_DEBIT_CARD_EXPIRY

        The expiration date for a credit or debit card. This number is usually four digits long and is often formatted as month/year or MM/YY. AI Guardrail recognizes expiration dates such as 01/21, 01/2021, and Jan 2021.

      • CREDIT_DEBIT_CARD_NUMBER

        The number for a credit or debit card. These numbers can vary from 13 to 16 digits in length. However, Amazon Comprehend also recognizes credit or debit card numbers when only the last four digits are present.

      • PIN

        A four-digit personal identification number (PIN) with which you can access your bank account.

      • INTERNATIONAL_BANK_ACCOUNT_NUMBER

        An International Bank Account Number has specific formats in each country. For more information, see www.iban.com/structure.

      • SWIFT_CODE

        A SWIFT code is a standard format of Bank Identifier Code (BIC) used to specify a particular bank or branch. Banks use these codes for money transfers such as international wire transfers.

        SWIFT codes consist of eight or 11 characters. The 11-digit codes refer to specific branches, while eight-digit codes (or 11-digit codes ending in 'XXX') refer to the head or primary office.

    • IT

      • IP_ADDRESS

        An IPv4 address, such as 198.51.100.0.

      • MAC_ADDRESS

        A media access control (MAC) address is a unique identifier assigned to a network interface controller (NIC).

      • URL

        A web address, such as www.example.com.

      • AWS_ACCESS_KEY

        A unique identifier that's associated with a secret access key; you use the access key ID and secret access key to sign programmatic Amazon Web Services requests cryptographically.

      • AWS_SECRET_KEY

        A unique identifier that's associated with an access key. You use the access key ID and secret access key to sign programmatic Amazon Web Services requests cryptographically.

    • USA specific

      • US_BANK_ACCOUNT_NUMBER

        A US bank account number, which is typically 10 to 12 digits long.

      • US_BANK_ROUTING_NUMBER

        A US bank account routing number. These are typically nine digits long,

      • US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER

        A US Individual Taxpayer Identification Number (ITIN) is a nine-digit number that starts with a \"9\" and contain a \"7\" or \"8\" as the fourth digit. An ITIN can be formatted with a space or a dash after the third and forth digits.

      • US_PASSPORT_NUMBER

        A US passport number. Passport numbers range from six to nine alphanumeric characters.

      • US_SOCIAL_SECURITY_NUMBER

        A US Social Security Number (SSN) is a nine-digit number that is issued to US citizens, permanent residents, and temporary working residents.

    • Canada specific

      • CA_HEALTH_NUMBER

        A Canadian Health Service Number is a 10-digit unique identifier, required for individuals to access healthcare benefits.

      • CA_SOCIAL_INSURANCE_NUMBER

        A Canadian Social Insurance Number (SIN) is a nine-digit unique identifier, required for individuals to access government programs and benefits.

        The SIN is formatted as three groups of three digits, such as 123-456-789. A SIN can be validated through a simple check-digit process called the Luhn algorithm .

    • UK Specific

      • UK_NATIONAL_HEALTH_SERVICE_NUMBER

        A UK National Health Service Number is a 10-17 digit number, such as 485 555 3456. The current system formats the 10-digit number with spaces after the third and sixth digits. The final digit is an error-detecting checksum.

      • UK_NATIONAL_INSURANCE_NUMBER

        A UK National Insurance Number (NINO) provides individuals with access to National Insurance (social security) benefits. It is also used for some purposes in the UK tax system.

        The number is nine digits long and starts with two letters, followed by six numbers and one letter. A NINO can be formatted with a space or a dash after the two letters and after the second, forth, and sixth digits.

      • UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER

        A UK Unique Taxpayer Reference (UTR) is a 10-digit number that identifies a taxpayer or a business.

    • Custom

      • Regex filter - You can use a regular expressions to define patterns for an AI Guardrail to recognize and act upon such as serial number, booking ID etc..

    " + }, + "action":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

    Configure AI Guardrail's action when the PII entity is detected.

    " } }, "documentation":"

    The PII entity to configure for the AI Guardrail.

    " @@ -5902,26 +6128,26 @@ "GuardrailRegexConfig":{ "type":"structure", "required":[ - "action", "name", - "pattern" + "pattern", + "action" ], "members":{ - "action":{ - "shape":"GuardrailSensitiveInformationAction", - "documentation":"

    The AI Guardrail action to configure when matching regular expression is detected.

    " + "name":{ + "shape":"GuardrailRegexName", + "documentation":"

    The name of the regular expression to configure for the AI Guardrail.

    " }, "description":{ "shape":"GuardrailRegexDescription", "documentation":"

    The description of the regular expression to configure for the AI Guardrail.

    " }, - "name":{ - "shape":"GuardrailRegexName", - "documentation":"

    The name of the regular expression to configure for the AI Guardrail.

    " - }, "pattern":{ "shape":"GuardrailRegexPattern", "documentation":"

    The regular expression pattern to configure for the AI Guardrail.

    " + }, + "action":{ + "shape":"GuardrailSensitiveInformationAction", + "documentation":"

    The AI Guardrail action to configure when matching regular expression is detected.

    " } }, "documentation":"

    The regular expression to configure for the AI Guardrail.

    " @@ -5964,11 +6190,15 @@ "GuardrailTopicConfig":{ "type":"structure", "required":[ - "definition", "name", + "definition", "type" ], "members":{ + "name":{ + "shape":"GuardrailTopicName", + "documentation":"

    The name of the topic to deny.

    " + }, "definition":{ "shape":"GuardrailTopicDefinition", "documentation":"

    A definition of the topic to deny.

    " @@ -5977,10 +6207,6 @@ "shape":"GuardrailTopicExamples", "documentation":"

    A list of prompts, each of which is an example of a prompt that can be categorized as belonging to the topic.

    " }, - "name":{ - "shape":"GuardrailTopicName", - "documentation":"

    The name of the topic to deny.

    " - }, "type":{ "shape":"GuardrailTopicType", "documentation":"

    Specifies to deny the topic.

    " @@ -6013,7 +6239,7 @@ "documentation":"

    Name of topic in topic policy

    ", "max":100, "min":1, - "pattern":"^[0-9a-zA-Z-_ !?.]+$", + "pattern":"[0-9a-zA-Z-_ !?.]+", "sensitive":true }, "GuardrailTopicType":{ @@ -6124,67 +6350,67 @@ "ImportJobData":{ "type":"structure", "required":[ - "createdTime", "importJobId", - "importJobType", - "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedTime", - "status", "uploadId", + "knowledgeBaseArn", + "importJobType", + "status", "url", - "urlExpiry" + "urlExpiry", + "createdTime", + "lastModifiedTime" ], "members":{ - "createdTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the import job was created.

    " - }, - "externalSourceConfiguration":{"shape":"ExternalSourceConfiguration"}, - "failedRecordReport":{ - "shape":"Url", - "documentation":"

    The link to download the information of resource data that failed to be imported.

    " - }, "importJobId":{ "shape":"Uuid", "documentation":"

    The identifier of the import job.

    " }, - "importJobType":{ - "shape":"ImportJobType", - "documentation":"

    The type of the import job.

    " - }, - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, "knowledgeBaseId":{ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the import job data was last modified.

    " + "uploadId":{ + "shape":"UploadId", + "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    The metadata fields of the imported Amazon Q in Connect resources.

    " + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "importJobType":{ + "shape":"ImportJobType", + "documentation":"

    The type of the import job.

    " }, "status":{ "shape":"ImportJobStatus", "documentation":"

    The status of the import job.

    " }, - "uploadId":{ - "shape":"UploadId", - "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " - }, "url":{ "shape":"Url", "documentation":"

    The download link to the resource file that is uploaded to the import job.

    " }, + "failedRecordReport":{ + "shape":"Url", + "documentation":"

    The link to download the information of resource data that failed to be imported.

    " + }, "urlExpiry":{ "shape":"SyntheticTimestamp_epoch_seconds", "documentation":"

    The expiration time of the URL as an epoch timestamp.

    " - } + }, + "createdTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the import job was created.

    " + }, + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the import job data was last modified.

    " + }, + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    The metadata fields of the imported Amazon Q in Connect resources.

    " + }, + "externalSourceConfiguration":{"shape":"ExternalSourceConfiguration"} }, "documentation":"

    Summary information about the import job.

    " }, @@ -6206,39 +6432,43 @@ "ImportJobSummary":{ "type":"structure", "required":[ - "createdTime", "importJobId", - "importJobType", - "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedTime", + "uploadId", + "knowledgeBaseArn", + "importJobType", "status", - "uploadId" + "createdTime", + "lastModifiedTime" ], "members":{ - "createdTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the import job was created.

    " - }, - "externalSourceConfiguration":{ - "shape":"ExternalSourceConfiguration", - "documentation":"

    The configuration information of the external source that the resource data are imported from.

    " - }, "importJobId":{ "shape":"Uuid", "documentation":"

    The identifier of the import job.

    " }, - "importJobType":{ - "shape":"ImportJobType", - "documentation":"

    The type of import job.

    " + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " + }, + "uploadId":{ + "shape":"UploadId", + "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " + "importJobType":{ + "shape":"ImportJobType", + "documentation":"

    The type of import job.

    " + }, + "status":{ + "shape":"ImportJobStatus", + "documentation":"

    The status of the import job.

    " + }, + "createdTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the import job was created.

    " }, "lastModifiedTime":{ "shape":"SyntheticTimestamp_epoch_seconds", @@ -6248,13 +6478,9 @@ "shape":"ContentMetadata", "documentation":"

    The metadata fields of the imported Amazon Q in Connect resources.

    " }, - "status":{ - "shape":"ImportJobStatus", - "documentation":"

    The status of the import job.

    " - }, - "uploadId":{ - "shape":"UploadId", - "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " + "externalSourceConfiguration":{ + "shape":"ExternalSourceConfiguration", + "documentation":"

    The configuration information of the external source that the resource data are imported from.

    " } }, "documentation":"

    Summary information about the import job.

    " @@ -6314,13 +6540,13 @@ "KnowledgeBaseAssociationData":{ "type":"structure", "members":{ - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, "knowledgeBaseId":{ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " + }, + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " } }, "documentation":"

    Association information about the knowledge base.

    " @@ -6328,44 +6554,44 @@ "KnowledgeBaseData":{ "type":"structure", "required":[ - "knowledgeBaseArn", "knowledgeBaseId", - "knowledgeBaseType", + "knowledgeBaseArn", "name", + "knowledgeBaseType", "status" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

    The description.

    " - }, - "ingestionFailureReasons":{ - "shape":"FailureReason", - "documentation":"

    List of failure reasons on ingestion per file.

    " - }, - "ingestionStatus":{ - "shape":"SyncStatus", - "documentation":"

    Status of ingestion on data source.

    " + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the knowledge base.

    " }, "knowledgeBaseType":{ "shape":"KnowledgeBaseType", "documentation":"

    The type of knowledge base.

    " }, + "status":{ + "shape":"KnowledgeBaseStatus", + "documentation":"

    The status of the knowledge base.

    " + }, "lastContentModificationTime":{ "shape":"SyntheticTimestamp_epoch_seconds", "documentation":"

    An epoch timestamp indicating the most recent content modification inside the knowledge base. If no content exists in a knowledge base, this value is unset.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the knowledge base.

    " + "vectorIngestionConfiguration":{ + "shape":"VectorIngestionConfiguration", + "documentation":"

    Contains details about how to ingest the documents in a data source.

    " + }, + "sourceConfiguration":{ + "shape":"SourceConfiguration", + "documentation":"

    Source configuration information about the knowledge base.

    " }, "renderingConfiguration":{ "shape":"RenderingConfiguration", @@ -6375,21 +6601,21 @@ "shape":"ServerSideEncryptionConfiguration", "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " }, - "sourceConfiguration":{ - "shape":"SourceConfiguration", - "documentation":"

    Source configuration information about the knowledge base.

    " - }, - "status":{ - "shape":"KnowledgeBaseStatus", - "documentation":"

    The status of the knowledge base.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description.

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " }, - "vectorIngestionConfiguration":{ - "shape":"VectorIngestionConfiguration", - "documentation":"

    Contains details about how to ingest the documents in a data source.

    " + "ingestionStatus":{ + "shape":"SyncStatus", + "documentation":"

    Status of ingestion on data source.

    " + }, + "ingestionFailureReasons":{ + "shape":"FailureReason", + "documentation":"

    List of failure reasons on ingestion per file.

    " } }, "documentation":"

    Information about the knowledge base.

    " @@ -6419,32 +6645,40 @@ "KnowledgeBaseSummary":{ "type":"structure", "required":[ - "knowledgeBaseArn", "knowledgeBaseId", - "knowledgeBaseType", + "knowledgeBaseArn", "name", + "knowledgeBaseType", "status" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

    The description of the knowledge base.

    " + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " }, "knowledgeBaseArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the knowledge base.

    " }, "knowledgeBaseType":{ "shape":"KnowledgeBaseType", "documentation":"

    The type of knowledge base.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the knowledge base.

    " + "status":{ + "shape":"KnowledgeBaseStatus", + "documentation":"

    The status of the knowledge base summary.

    " + }, + "sourceConfiguration":{ + "shape":"SourceConfiguration", + "documentation":"

    Configuration information about the external data source.

    " + }, + "vectorIngestionConfiguration":{ + "shape":"VectorIngestionConfiguration", + "documentation":"

    Contains details about how to ingest the documents in a data source.

    " }, "renderingConfiguration":{ "shape":"RenderingConfiguration", @@ -6454,21 +6688,13 @@ "shape":"ServerSideEncryptionConfiguration", "documentation":"

    The configuration information for the customer managed key used for encryption.

    This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q in Connect.

    For more information about setting up a customer managed key for Amazon Q in Connect, see Enable Amazon Q in Connect for your instance.

    " }, - "sourceConfiguration":{ - "shape":"SourceConfiguration", - "documentation":"

    Configuration information about the external data source.

    " - }, - "status":{ - "shape":"KnowledgeBaseStatus", - "documentation":"

    The status of the knowledge base summary.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description of the knowledge base.

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "vectorIngestionConfiguration":{ - "shape":"VectorIngestionConfiguration", - "documentation":"

    Contains details about how to ingest the documents in a data source.

    " } }, "documentation":"

    Summary information about the knowledge base.

    " @@ -6491,27 +6717,21 @@ "ListAIAgentVersionsRequest":{ "type":"structure", "required":[ - "aiAgentId", - "assistantId" + "assistantId", + "aiAgentId" ], "members":{ - "aiAgentId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Agent for which versions are to be listed.

    ", - "location":"uri", - "locationName":"aiAgentId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Agent for which versions are to be listed.

    ", + "location":"uri", + "locationName":"aiAgentId" }, "nextToken":{ "shape":"NextToken", @@ -6519,6 +6739,12 @@ "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Agent versions to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.

    ", @@ -6551,18 +6777,18 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Agents to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.

    ", @@ -6588,33 +6814,33 @@ "ListAIGuardrailVersionsRequest":{ "type":"structure", "required":[ - "aiGuardrailId", - "assistantId" + "assistantId", + "aiGuardrailId" ], "members":{ - "aiGuardrailId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail for which versions are to be listed.

    ", - "location":"uri", - "locationName":"aiGuardrailId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail for which versions are to be listed.

    ", + "location":"uri", + "locationName":"aiGuardrailId" }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -6642,17 +6868,17 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -6673,27 +6899,21 @@ "ListAIPromptVersionsRequest":{ "type":"structure", "required":[ - "aiPromptId", - "assistantId" + "assistantId", + "aiPromptId" ], "members":{ - "aiPromptId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI prompt for which versions are to be listed.

    ", - "location":"uri", - "locationName":"aiPromptId" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "aiPromptId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI prompt for which versions are to be listed.

    ", + "location":"uri", + "locationName":"aiPromptId" }, "nextToken":{ "shape":"NextToken", @@ -6701,6 +6921,12 @@ "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Prompt versions to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.

    ", @@ -6733,18 +6959,18 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "origin":{ "shape":"Origin", "documentation":"

    The origin of the AI Prompts to be listed. SYSTEM for a default AI Agent created by Q in Connect or CUSTOMER for an AI Agent created by calling AI Agent creation APIs.

    ", @@ -6771,11 +6997,11 @@ "type":"structure", "required":["assistantId"], "members":{ - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -6783,11 +7009,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" } } }, @@ -6808,17 +7034,17 @@ "ListAssistantsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -6839,21 +7065,15 @@ "ListContentAssociationsRequest":{ "type":"structure", "required":[ - "contentId", - "knowledgeBaseId" + "knowledgeBaseId", + "contentId" ], "members":{ - "contentId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the content.

    ", - "location":"uri", - "locationName":"contentId" - }, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -6861,11 +7081,17 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" + }, + "contentId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the content.

    ", + "location":"uri", + "locationName":"contentId" } } }, @@ -6887,11 +7113,11 @@ "type":"structure", "required":["knowledgeBaseId"], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -6899,11 +7125,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -6925,11 +7151,11 @@ "type":"structure", "required":["knowledgeBaseId"], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NonEmptyString", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -6937,11 +7163,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NonEmptyString", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -6962,17 +7188,17 @@ "ListKnowledgeBasesRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"NonEmptyString", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -7003,12 +7229,6 @@ "location":"uri", "locationName":"knowledgeBaseId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "messageTemplateId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the message template. Can be either the ID or the ARN. It cannot contain any qualifier.

    ", @@ -7020,6 +7240,12 @@ "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -7041,11 +7267,11 @@ "type":"structure", "required":["knowledgeBaseId"], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -7053,11 +7279,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -7088,11 +7314,11 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "sessionId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect session.

    ", + "location":"uri", + "locationName":"sessionId" }, "nextToken":{ "shape":"NextToken", @@ -7100,11 +7326,11 @@ "location":"querystring", "locationName":"nextToken" }, - "sessionId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect session.

    ", - "location":"uri", - "locationName":"sessionId" + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -7126,11 +7352,11 @@ "type":"structure", "required":["knowledgeBaseId"], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NonEmptyString", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -7138,11 +7364,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NonEmptyString", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" } } }, @@ -7150,13 +7376,13 @@ "type":"structure", "required":["quickResponseSummaries"], "members":{ - "nextToken":{ - "shape":"NonEmptyString", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    " - }, "quickResponseSummaries":{ "shape":"QuickResponseSummaryList", "documentation":"

    Summary information about the quick responses.

    " + }, + "nextToken":{ + "shape":"NonEmptyString", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    " } } }, @@ -7200,21 +7426,21 @@ "ManualSearchAIAgentConfiguration":{ "type":"structure", "members":{ - "answerGenerationAIGuardrailId":{ - "shape":"UuidWithQualifier", - "documentation":"

    The AI Guardrail identifier for the Answer Generation guardrail used by the MANUAL_SEARCH AI Agent.

    " - }, "answerGenerationAIPromptId":{ "shape":"UuidWithQualifier", "documentation":"

    The AI Prompt identifier for the Answer Generation prompt used by the MANUAL_SEARCH AI Agent.

    " }, + "answerGenerationAIGuardrailId":{ + "shape":"UuidWithQualifier", + "documentation":"

    The AI Guardrail identifier for the Answer Generation guardrail used by the MANUAL_SEARCH AI Agent.

    " + }, "associationConfigurations":{ "shape":"AssociationConfigurationList", "documentation":"

    The association configurations for overriding behavior on this AI Agent.

    " }, "locale":{ "shape":"NonEmptyString", - "documentation":"

    The locale to which specifies the language and region settings that determine the response language for QueryAssistant.

    " + "documentation":"

    The locale to which specifies the language and region settings that determine the response language for QueryAssistant.

    For more information on supported locales, see Language support for Amazon Q in Connect.

    " } }, "documentation":"

    The configuration for the MANUAL_SEARCH AI Agent type.

    " @@ -7225,6 +7451,16 @@ "max":100, "min":1 }, + "MessageConfiguration":{ + "type":"structure", + "members":{ + "generateFillerMessage":{ + "shape":"Boolean", + "documentation":"

    Generates a filler response when tool selection is QUESTION.

    " + } + }, + "documentation":"

    The configuration for a SendMessage request.

    " + }, "MessageData":{ "type":"structure", "members":{ @@ -7254,12 +7490,16 @@ "MessageOutput":{ "type":"structure", "required":[ + "value", "messageId", "participant", - "timestamp", - "value" + "timestamp" ], "members":{ + "value":{ + "shape":"MessageData", + "documentation":"

    The value of a message data.

    " + }, "messageId":{ "shape":"Uuid", "documentation":"

    The identifier of a message.

    " @@ -7271,10 +7511,6 @@ "timestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of a message.

    " - }, - "value":{ - "shape":"MessageData", - "documentation":"

    The value of a message data.

    " } }, "documentation":"

    The message output.

    " @@ -7282,18 +7518,14 @@ "MessageTemplateAttachment":{ "type":"structure", "required":[ - "attachmentId", "contentDisposition", "name", "uploadedTime", "url", - "urlExpiry" + "urlExpiry", + "attachmentId" ], "members":{ - "attachmentId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the attachment file.

    " - }, "contentDisposition":{ "shape":"ContentDisposition", "documentation":"

    The presentation information for the attachment file.

    " @@ -7313,6 +7545,10 @@ "urlExpiry":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The expiration time of the pre-signed Amazon S3 URL.

    " + }, + "attachmentId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the attachment file.

    " } }, "documentation":"

    Information about the message template attachment.

    " @@ -7353,21 +7589,21 @@ "MessageTemplateAttributes":{ "type":"structure", "members":{ + "systemAttributes":{ + "shape":"SystemAttributes", + "documentation":"

    The system attributes that are used with the message template.

    " + }, "agentAttributes":{ "shape":"AgentAttributes", "documentation":"

    The agent attributes that are used with the message template.

    " }, - "customAttributes":{ - "shape":"CustomAttributes", - "documentation":"

    The custom attributes that are used with the message template.

    " - }, "customerProfileAttributes":{ "shape":"CustomerProfileAttributes", "documentation":"

    The customer profile attributes that are used with the message template.

    " }, - "systemAttributes":{ - "shape":"SystemAttributes", - "documentation":"

    The system attributes that are used with the message template.

    " + "customAttributes":{ + "shape":"CustomAttributes", + "documentation":"

    The custom attributes that are used with the message template.

    " } }, "documentation":"

    The attributes that are used with the message template.

    " @@ -7402,85 +7638,85 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9]+$" + "pattern":"[a-zA-Z0-9]+" }, "MessageTemplateData":{ "type":"structure", "required":[ - "channelSubtype", - "content", - "createdTime", + "messageTemplateArn", + "messageTemplateId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedBy", + "name", + "channelSubtype", + "createdTime", "lastModifiedTime", - "messageTemplateArn", - "messageTemplateContentSha256", - "messageTemplateId", - "name" + "lastModifiedBy", + "content", + "messageTemplateContentSha256" ], "members":{ - "attributeTypes":{ - "shape":"MessageTemplateAttributeTypeList", - "documentation":"

    The types of attributes that the message template contains.

    " + "messageTemplateArn":{ + "shape":"ArnWithQualifier", + "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " + }, + "messageTemplateId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the message template.

    " + }, + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base.

    " + }, + "name":{ + "shape":"Name", + "documentation":"

    The name of the message template.

    " }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"

    The channel subtype this message template applies to.

    " }, - "content":{ - "shape":"MessageTemplateContentProvider", - "documentation":"

    The content of the message template.

    " - }, "createdTime":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The timestamp when the message template was created.

    " }, - "defaultAttributes":{ - "shape":"MessageTemplateAttributes", - "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the message template data was last modified.

    " + }, + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " + }, + "content":{ + "shape":"MessageTemplateContentProvider", + "documentation":"

    The content of the message template.

    " }, "description":{ "shape":"Description", "documentation":"

    The description of the message template.

    " }, - "groupingConfiguration":{"shape":"GroupingConfiguration"}, - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base.

    " - }, "language":{ "shape":"LanguageCode", "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " - }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp when the message template data was last modified.

    " + "groupingConfiguration":{"shape":"GroupingConfiguration"}, + "defaultAttributes":{ + "shape":"MessageTemplateAttributes", + "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " }, - "messageTemplateArn":{ - "shape":"ArnWithQualifier", - "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " + "attributeTypes":{ + "shape":"MessageTemplateAttributeTypeList", + "documentation":"

    The types of attributes that the message template contains.

    " }, "messageTemplateContentSha256":{ "shape":"MessageTemplateContentSha256", "documentation":"

    The checksum value of the message template content that is referenced by the $LATEST qualifier. It can be returned in MessageTemplateData or ExtendedMessageTemplateData. It’s calculated by content, language, defaultAttributes and Attachments of the message template.

    " }, - "messageTemplateId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the message template.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the message template.

    " - }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " @@ -7495,21 +7731,21 @@ "operator" ], "members":{ - "includeNoExistence":{ - "shape":"Boolean", - "documentation":"

    Whether to treat null value as a match for the attribute field.

    " - }, "name":{ "shape":"NonEmptyString", "documentation":"

    The name of the attribute field to filter the message templates by.

    " }, + "values":{ + "shape":"MessageTemplateFilterValueList", + "documentation":"

    The values of attribute field to filter the message template by.

    " + }, "operator":{ "shape":"MessageTemplateFilterOperator", "documentation":"

    The operator to use for filtering.

    " }, - "values":{ - "shape":"MessageTemplateFilterValueList", - "documentation":"

    The values of attribute field to filter the message template by.

    " + "includeNoExistence":{ + "shape":"Boolean", + "documentation":"

    Whether to treat null value as a match for the attribute field.

    " } }, "documentation":"

    The message template fields to filter the message template query results by. The following is the list of supported field names:

    • name

    • description

    • channel

    • channelSubtype

    • language

    • qualifier

    • createdTime

    • lastModifiedTime

    • lastModifiedBy

    • groupingConfiguration.criteria

    • groupingConfiguration.values

    " @@ -7557,29 +7793,29 @@ "type":"structure", "required":[ "name", - "operator", - "values" + "values", + "operator" ], "members":{ - "allowFuzziness":{ - "shape":"Boolean", - "documentation":"

    Whether the query expects only exact matches on the attribute field values. The results of the query will only include exact matches if this parameter is set to false.

    " - }, "name":{ "shape":"NonEmptyString", "documentation":"

    The name of the attribute to query the message templates by.

    " }, + "values":{ + "shape":"MessageTemplateQueryValueList", + "documentation":"

    The values of the attribute to query the message templates by.

    " + }, "operator":{ "shape":"MessageTemplateQueryOperator", "documentation":"

    The operator to use for matching attribute field values in the query.

    " }, + "allowFuzziness":{ + "shape":"Boolean", + "documentation":"

    Whether the query expects only exact matches on the attribute field values. The results of the query will only include exact matches if this parameter is set to false.

    " + }, "priority":{ "shape":"Priority", "documentation":"

    The importance of the attribute field when calculating query result relevancy scores. The value set for this parameter affects the ordering of search results.

    " - }, - "values":{ - "shape":"MessageTemplateQueryValueList", - "documentation":"

    The values of the attribute to query the message templates by.

    " } }, "documentation":"

    The message template fields to query message templates by. The following is the list of supported field names:

    • name

    • description

    " @@ -7611,6 +7847,10 @@ "MessageTemplateSearchExpression":{ "type":"structure", "members":{ + "queries":{ + "shape":"MessageTemplateQueryFieldList", + "documentation":"

    The message template query expressions.

    " + }, "filters":{ "shape":"MessageTemplateFilterFieldList", "documentation":"

    The configuration of filtering rules applied to message template query results.

    " @@ -7618,10 +7858,6 @@ "orderOnField":{ "shape":"MessageTemplateOrderField", "documentation":"

    The message template attribute fields on which the query results are ordered.

    " - }, - "queries":{ - "shape":"MessageTemplateQueryFieldList", - "documentation":"

    The message template query expressions.

    " } }, "documentation":"

    The search expression of the message template.

    " @@ -7629,33 +7865,24 @@ "MessageTemplateSearchResultData":{ "type":"structure", "required":[ - "channelSubtype", - "createdTime", + "messageTemplateArn", + "messageTemplateId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedBy", + "name", + "channelSubtype", + "createdTime", "lastModifiedTime", - "messageTemplateArn", - "messageTemplateId", - "name" + "lastModifiedBy" ], "members":{ - "channelSubtype":{ - "shape":"ChannelSubtype", - "documentation":"

    The channel subtype this message template applies to.

    " - }, - "createdTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp when the message template was created.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the message template.

    " + "messageTemplateArn":{ + "shape":"ArnWithQualifier", + "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " }, - "groupingConfiguration":{"shape":"GroupingConfiguration"}, - "isActive":{ - "shape":"Boolean", - "documentation":"

    Whether the version of the message template is activated.

    " + "messageTemplateId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the message template.

    " }, "knowledgeBaseArn":{ "shape":"Arn", @@ -7665,37 +7892,46 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "language":{ - "shape":"LanguageCode", - "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the message template.

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " + "channelSubtype":{ + "shape":"ChannelSubtype", + "documentation":"

    The channel subtype this message template applies to.

    " + }, + "createdTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the message template was created.

    " }, "lastModifiedTime":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The timestamp when the message template data was last modified.

    " }, - "messageTemplateArn":{ - "shape":"ArnWithQualifier", - "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " }, - "messageTemplateId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the message template.

    " + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the version of the message template is activated.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the message template.

    " + "versionNumber":{ + "shape":"Version", + "documentation":"

    The version number of the message template version.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the message template.

    " + }, + "groupingConfiguration":{"shape":"GroupingConfiguration"}, + "language":{ + "shape":"LanguageCode", + "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " - }, - "versionNumber":{ - "shape":"Version", - "documentation":"

    The version number of the message template version.

    " } }, "documentation":"

    The result of message template search.

    " @@ -7707,32 +7943,24 @@ "MessageTemplateSummary":{ "type":"structure", "required":[ - "channelSubtype", - "createdTime", + "messageTemplateArn", + "messageTemplateId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedBy", + "name", + "channelSubtype", + "createdTime", "lastModifiedTime", - "messageTemplateArn", - "messageTemplateId", - "name" + "lastModifiedBy" ], "members":{ - "activeVersionNumber":{ - "shape":"Version", - "documentation":"

    The version number of the message template version that is activated.

    " - }, - "channelSubtype":{ - "shape":"ChannelSubtype", - "documentation":"

    The channel subtype this message template applies to.

    " - }, - "createdTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The timestamp when the message template was created.

    " + "messageTemplateArn":{ + "shape":"ArnWithQualifier", + "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the message template.

    " + "messageTemplateId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the message template.

    " }, "knowledgeBaseArn":{ "shape":"Arn", @@ -7742,25 +7970,33 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " + "name":{ + "shape":"Name", + "documentation":"

    The name of the message template.

    " + }, + "channelSubtype":{ + "shape":"ChannelSubtype", + "documentation":"

    The channel subtype this message template applies to.

    " + }, + "createdTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The timestamp when the message template was created.

    " }, "lastModifiedTime":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The timestamp when the message template data was last modified.

    " }, - "messageTemplateArn":{ - "shape":"ArnWithQualifier", - "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the message template data.

    " }, - "messageTemplateId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the message template.

    " + "activeVersionNumber":{ + "shape":"Version", + "documentation":"

    The version number of the message template version that is activated.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the message template.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description of the message template.

    " }, "tags":{ "shape":"Tags", @@ -7776,23 +8012,23 @@ "MessageTemplateVersionSummary":{ "type":"structure", "required":[ - "channelSubtype", - "isActive", - "knowledgeBaseArn", - "knowledgeBaseId", "messageTemplateArn", "messageTemplateId", + "knowledgeBaseArn", + "knowledgeBaseId", "name", + "channelSubtype", + "isActive", "versionNumber" ], "members":{ - "channelSubtype":{ - "shape":"ChannelSubtype", - "documentation":"

    The channel subtype this message template applies to.

    " + "messageTemplateArn":{ + "shape":"ArnWithQualifier", + "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " }, - "isActive":{ - "shape":"Boolean", - "documentation":"

    Whether the version of the message template is activated.

    " + "messageTemplateId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the message template.

    " }, "knowledgeBaseArn":{ "shape":"Arn", @@ -7802,18 +8038,18 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "messageTemplateArn":{ - "shape":"ArnWithQualifier", - "documentation":"

    The Amazon Resource Name (ARN) of the message template.

    " - }, - "messageTemplateId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the message template.

    " - }, "name":{ "shape":"Name", "documentation":"

    The name of the message template.

    " }, + "channelSubtype":{ + "shape":"ChannelSubtype", + "documentation":"

    The channel subtype this message template applies to.

    " + }, + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the version of the message template is activated.

    " + }, "versionNumber":{ "shape":"Version", "documentation":"

    The version number of the message template version.

    " @@ -7833,7 +8069,7 @@ "type":"string", "max":255, "min":1, - "pattern":"^[a-zA-Z0-9\\s_.,-]+" + "pattern":"[a-zA-Z0-9\\s_.,-]+.*" }, "NextToken":{ "type":"string", @@ -7859,13 +8095,13 @@ "NotifyRecommendationsReceivedError":{ "type":"structure", "members":{ - "message":{ - "shape":"NotifyRecommendationsReceivedErrorMessage", - "documentation":"

    A recommendation is causing an error.

    " - }, "recommendationId":{ "shape":"RecommendationId", "documentation":"

    The identifier of the recommendation that is in error.

    " + }, + "message":{ + "shape":"NotifyRecommendationsReceivedErrorMessage", + "documentation":"

    A recommendation is causing an error.

    " } }, "documentation":"

    An error occurred when creating a recommendation.

    " @@ -7879,8 +8115,8 @@ "type":"structure", "required":[ "assistantId", - "recommendationIds", - "sessionId" + "sessionId", + "recommendationIds" ], "members":{ "assistantId":{ @@ -7889,28 +8125,28 @@ "location":"uri", "locationName":"assistantId" }, - "recommendationIds":{ - "shape":"RecommendationIdList", - "documentation":"

    The identifiers of the recommendations.

    " - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"sessionId" + }, + "recommendationIds":{ + "shape":"RecommendationIdList", + "documentation":"

    The identifiers of the recommendations.

    " } } }, "NotifyRecommendationsReceivedResponse":{ "type":"structure", "members":{ - "errors":{ - "shape":"NotifyRecommendationsReceivedErrorList", - "documentation":"

    The identifiers of recommendations that are causing errors.

    " - }, "recommendationIds":{ "shape":"RecommendationIdList", "documentation":"

    The identifiers of the recommendations.

    " + }, + "errors":{ + "shape":"NotifyRecommendationsReceivedErrorList", + "documentation":"

    The identifiers of recommendations that are causing errors.

    " } } }, @@ -7957,13 +8193,13 @@ "type":"structure", "required":["parsingStrategy"], "members":{ - "bedrockFoundationModelConfiguration":{ - "shape":"BedrockFoundationModelConfigurationForParsing", - "documentation":"

    Settings for a foundation model used to parse documents for a data source.

    " - }, "parsingStrategy":{ "shape":"ParsingStrategy", "documentation":"

    The parsing strategy for the data source.

    " + }, + "bedrockFoundationModelConfiguration":{ + "shape":"BedrockFoundationModelConfigurationForParsing", + "documentation":"

    Settings for a foundation model used to parse documents for a data source.

    " } }, "documentation":"

    Settings for parsing document contents. By default, the service converts the contents of each document into text before splitting it into chunks. To improve processing of PDF files with tables and images, you can configure the data source to convert the pages of text into images and use a model to describe the contents of each page.

    " @@ -8020,9 +8256,9 @@ "type":"structure", "required":[ "assistantId", - "contentFeedback", "targetId", - "targetType" + "targetType", + "contentFeedback" ], "members":{ "assistantId":{ @@ -8031,10 +8267,6 @@ "location":"uri", "locationName":"assistantId" }, - "contentFeedback":{ - "shape":"ContentFeedbackData", - "documentation":"

    Information about the feedback provided.

    " - }, "targetId":{ "shape":"Uuid", "documentation":"

    The identifier of the feedback target.

    " @@ -8042,30 +8274,30 @@ "targetType":{ "shape":"TargetType", "documentation":"

    The type of the feedback target.

    " + }, + "contentFeedback":{ + "shape":"ContentFeedbackData", + "documentation":"

    Information about the feedback provided.

    " } } }, "PutFeedbackResponse":{ "type":"structure", "required":[ - "assistantArn", "assistantId", - "contentFeedback", + "assistantArn", "targetId", - "targetType" + "targetType", + "contentFeedback" ], "members":{ - "assistantArn":{ - "shape":"UuidOrArn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " - }, "assistantId":{ "shape":"Uuid", "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " }, - "contentFeedback":{ - "shape":"ContentFeedbackData", - "documentation":"

    Information about the feedback provided.

    " + "assistantArn":{ + "shape":"UuidOrArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " }, "targetId":{ "shape":"Uuid", @@ -8074,6 +8306,10 @@ "targetType":{ "shape":"TargetType", "documentation":"

    The type of the feedback target.

    " + }, + "contentFeedback":{ + "shape":"ContentFeedbackData", + "documentation":"

    Information about the feedback provided.

    " } } }, @@ -8087,17 +8323,21 @@ "location":"uri", "locationName":"assistantId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    " + "queryText":{ + "shape":"QueryText", + "documentation":"

    The text to search for.

    " }, "nextToken":{ "shape":"NextToken", "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    " }, - "overrideKnowledgeBaseSearchType":{ - "shape":"KnowledgeBaseSearchType", - "documentation":"

    The search type to be used against the Knowledge Base for this request. The values can be SEMANTIC which uses vector embeddings or HYBRID which use vector embeddings and raw text.

    " + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    " + }, + "sessionId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " }, "queryCondition":{ "shape":"QueryConditionExpression", @@ -8107,13 +8347,9 @@ "shape":"QueryInputData", "documentation":"

    Information about the query.

    " }, - "queryText":{ - "shape":"QueryText", - "documentation":"

    The text to search for.

    " - }, - "sessionId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "overrideKnowledgeBaseSearchType":{ + "shape":"KnowledgeBaseSearchType", + "documentation":"

    The search type to be used against the Knowledge Base for this request. The values can be SEMANTIC which uses vector embeddings or HYBRID which use vector embeddings and raw text.

    " } } }, @@ -8121,13 +8357,13 @@ "type":"structure", "required":["results"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    If there are additional results, this is the token for the next set of results.

    " - }, "results":{ "shape":"QueryResultsList", "documentation":"

    The results of the query.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If there are additional results, this is the token for the next set of results.

    " } } }, @@ -8159,19 +8395,19 @@ "QueryConditionItem":{ "type":"structure", "required":[ - "comparator", "field", + "comparator", "value" ], "members":{ - "comparator":{ - "shape":"QueryConditionComparisonOperator", - "documentation":"

    The comparison operator for query condition to query on.

    " - }, "field":{ "shape":"QueryConditionFieldName", "documentation":"

    The name of the field for query condition to query on.

    " }, + "comparator":{ + "shape":"QueryConditionComparisonOperator", + "documentation":"

    The comparison operator for query condition to query on.

    " + }, "value":{ "shape":"NonEmptyString", "documentation":"

    The value for the query condition to query on.

    " @@ -8182,13 +8418,13 @@ "QueryInputData":{ "type":"structure", "members":{ - "intentInputData":{ - "shape":"IntentInputData", - "documentation":"

    Input information for the intent.

    " - }, "queryTextInputData":{ "shape":"QueryTextInputData", "documentation":"

    Input information for the query.

    " + }, + "intentInputData":{ + "shape":"IntentInputData", + "documentation":"

    Input information for the intent.

    " } }, "documentation":"

    Input information for the query.

    ", @@ -8209,7 +8445,14 @@ "enum":[ "KNOWLEDGE_CONTENT", "INTENT_ANSWER", - "GENERATIVE_ANSWER" + "GENERATIVE_ANSWER", + "GENERATIVE_ANSWER_CHUNK", + "BLOCKED_GENERATIVE_ANSWER_CHUNK", + "INTENT_ANSWER_CHUNK", + "BLOCKED_INTENT_ANSWER_CHUNK", + "EMAIL_RESPONSE_CHUNK", + "EMAIL_OVERVIEW_CHUNK", + "EMAIL_GENERATIVE_ANSWER_CHUNK" ] }, "QueryResultsList":{ @@ -8253,41 +8496,65 @@ "QuickResponseContents":{ "type":"structure", "members":{ - "markdown":{"shape":"QuickResponseContentProvider"}, - "plainText":{"shape":"QuickResponseContentProvider"} + "plainText":{"shape":"QuickResponseContentProvider"}, + "markdown":{"shape":"QuickResponseContentProvider"} }, "documentation":"

    The content of the quick response stored in different media types.

    " }, "QuickResponseData":{ "type":"structure", "required":[ - "contentType", - "createdTime", + "quickResponseArn", + "quickResponseId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedTime", "name", - "quickResponseArn", - "quickResponseId", - "status" + "contentType", + "status", + "createdTime", + "lastModifiedTime" ], "members":{ - "channels":{ - "shape":"Channels", - "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " + "quickResponseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " + }, + "quickResponseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the quick response.

    " + }, + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + }, + "name":{ + "shape":"QuickResponseName", + "documentation":"

    The name of the quick response.

    " }, "contentType":{ "shape":"QuickResponseType", "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for quick response written in richtext.

    " }, - "contents":{ - "shape":"QuickResponseContents", - "documentation":"

    The contents of the quick response.

    " + "status":{ + "shape":"QuickResponseStatus", + "documentation":"

    The status of the quick response data.

    " }, "createdTime":{ "shape":"SyntheticTimestamp_epoch_seconds", "documentation":"

    The timestamp when the quick response was created.

    " }, + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the quick response data was last modified.

    " + }, + "contents":{ + "shape":"QuickResponseContents", + "documentation":"

    The contents of the quick response.

    " + }, "description":{ "shape":"QuickResponseDescription", "documentation":"

    The description of the quick response.

    " @@ -8296,50 +8563,26 @@ "shape":"GroupingConfiguration", "documentation":"

    The configuration information of the user groups that the quick response is accessible to.

    " }, + "shortcutKey":{ + "shape":"ShortCutKey", + "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " + }, + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the quick response data.

    " + }, "isActive":{ "shape":"Boolean", "documentation":"

    Whether the quick response is active.

    " }, - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + "channels":{ + "shape":"Channels", + "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " }, "language":{ "shape":"LanguageCode", "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the quick response data.

    " - }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the quick response data was last modified.

    " - }, - "name":{ - "shape":"QuickResponseName", - "documentation":"

    The name of the quick response.

    " - }, - "quickResponseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " - }, - "quickResponseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the quick response.

    " - }, - "shortcutKey":{ - "shape":"ShortCutKey", - "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " - }, - "status":{ - "shape":"QuickResponseStatus", - "documentation":"

    The status of the quick response data.

    " - }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " @@ -8370,21 +8613,21 @@ "operator" ], "members":{ - "includeNoExistence":{ - "shape":"Boolean", - "documentation":"

    Whether to treat null value as a match for the attribute field.

    " - }, "name":{ "shape":"NonEmptyString", "documentation":"

    The name of the attribute field to filter the quick responses by.

    " }, + "values":{ + "shape":"QuickResponseFilterValueList", + "documentation":"

    The values of attribute field to filter the quick response by.

    " + }, "operator":{ "shape":"QuickResponseFilterOperator", "documentation":"

    The operator to use for filtering.

    " }, - "values":{ - "shape":"QuickResponseFilterValueList", - "documentation":"

    The values of attribute field to filter the quick response by.

    " + "includeNoExistence":{ + "shape":"Boolean", + "documentation":"

    Whether to treat null value as a match for the attribute field.

    " } }, "documentation":"

    The quick response fields to filter the quick response query results by.

    The following is the list of supported field names.

    • name

    • description

    • shortcutKey

    • isActive

    • channels

    • language

    • contentType

    • createdTime

    • lastModifiedTime

    • lastModifiedBy

    • groupingConfiguration.criteria

    • groupingConfiguration.values

    " @@ -8437,29 +8680,29 @@ "type":"structure", "required":[ "name", - "operator", - "values" + "values", + "operator" ], "members":{ - "allowFuzziness":{ - "shape":"Boolean", - "documentation":"

    Whether the query expects only exact matches on the attribute field values. The results of the query will only include exact matches if this parameter is set to false.

    " - }, "name":{ "shape":"NonEmptyString", "documentation":"

    The name of the attribute to query the quick responses by.

    " }, + "values":{ + "shape":"QuickResponseQueryValueList", + "documentation":"

    The values of the attribute to query the quick responses by.

    " + }, "operator":{ "shape":"QuickResponseQueryOperator", "documentation":"

    The operator to use for matching attribute field values in the query.

    " }, + "allowFuzziness":{ + "shape":"Boolean", + "documentation":"

    Whether the query expects only exact matches on the attribute field values. The results of the query will only include exact matches if this parameter is set to false.

    " + }, "priority":{ "shape":"Priority", "documentation":"

    The importance of the attribute field when calculating query result relevancy scores. The value set for this parameter affects the ordering of search results.

    " - }, - "values":{ - "shape":"QuickResponseQueryValueList", - "documentation":"

    The values of the attribute to query the quick responses by.

    " } }, "documentation":"

    The quick response fields to query quick responses by.

    The following is the list of supported field names.

    • content

    • name

    • description

    • shortcutKey

    " @@ -8491,6 +8734,10 @@ "QuickResponseSearchExpression":{ "type":"structure", "members":{ + "queries":{ + "shape":"QuickResponseQueryFieldList", + "documentation":"

    The quick response query expressions.

    " + }, "filters":{ "shape":"QuickResponseFilterFieldList", "documentation":"

    The configuration of filtering rules applied to quick response query results.

    " @@ -8498,10 +8745,6 @@ "orderOnField":{ "shape":"QuickResponseOrderField", "documentation":"

    The quick response attribute fields on which the query results are ordered.

    " - }, - "queries":{ - "shape":"QuickResponseQueryFieldList", - "documentation":"

    The quick response query expressions.

    " } }, "documentation":"

    Information about the import job.

    " @@ -8509,35 +8752,47 @@ "QuickResponseSearchResultData":{ "type":"structure", "required":[ + "quickResponseArn", + "quickResponseId", + "knowledgeBaseArn", + "knowledgeBaseId", + "name", "contentType", + "status", "contents", "createdTime", - "isActive", - "knowledgeBaseArn", - "knowledgeBaseId", "lastModifiedTime", - "name", - "quickResponseArn", - "quickResponseId", - "status" + "isActive" ], "members":{ - "attributesInterpolated":{ - "shape":"ContactAttributeKeys", - "documentation":"

    The user defined contact attributes that are resolved when the search result is returned.

    " + "quickResponseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " }, - "attributesNotInterpolated":{ - "shape":"ContactAttributeKeys", - "documentation":"

    The user defined contact attributes that are not resolved when the search result is returned.

    " + "quickResponseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the quick response.

    " }, - "channels":{ - "shape":"Channels", - "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " + "knowledgeBaseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " + }, + "knowledgeBaseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " + }, + "name":{ + "shape":"QuickResponseName", + "documentation":"

    The name of the quick response.

    " }, "contentType":{ "shape":"QuickResponseType", "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for quick response written in richtext.

    " }, + "status":{ + "shape":"QuickResponseStatus", + "documentation":"

    The resource status of the quick response.

    " + }, "contents":{ "shape":"QuickResponseContents", "documentation":"

    The contents of the quick response.

    " @@ -8546,6 +8801,14 @@ "shape":"SyntheticTimestamp_epoch_seconds", "documentation":"

    The timestamp when the quick response was created.

    " }, + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the quick response search result data was last modified.

    " + }, + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the quick response is active.

    " + }, "description":{ "shape":"QuickResponseDescription", "documentation":"

    The description of the quick response.

    " @@ -8554,49 +8817,29 @@ "shape":"GroupingConfiguration", "documentation":"

    The configuration information of the user groups that the quick response is accessible to.

    " }, - "isActive":{ - "shape":"Boolean", - "documentation":"

    Whether the quick response is active.

    " - }, - "knowledgeBaseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the knowledge base.

    " - }, - "knowledgeBaseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    " - }, - "language":{ - "shape":"LanguageCode", - "documentation":"

    The language code value for the language in which the quick response is written.

    " + "shortcutKey":{ + "shape":"ShortCutKey", + "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " }, "lastModifiedBy":{ "shape":"GenericArn", "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the quick response search result data.

    " }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the quick response search result data was last modified.

    " - }, - "name":{ - "shape":"QuickResponseName", - "documentation":"

    The name of the quick response.

    " - }, - "quickResponseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " + "channels":{ + "shape":"Channels", + "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " }, - "quickResponseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the quick response.

    " + "language":{ + "shape":"LanguageCode", + "documentation":"

    The language code value for the language in which the quick response is written.

    " }, - "shortcutKey":{ - "shape":"ShortCutKey", - "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " + "attributesNotInterpolated":{ + "shape":"ContactAttributeKeys", + "documentation":"

    The user defined contact attributes that are not resolved when the search result is returned.

    " }, - "status":{ - "shape":"QuickResponseStatus", - "documentation":"

    The resource status of the quick response.

    " + "attributesInterpolated":{ + "shape":"ContactAttributeKeys", + "documentation":"

    The user defined contact attributes that are resolved when the search result is returned.

    " }, "tags":{ "shape":"Tags", @@ -8625,36 +8868,24 @@ "QuickResponseSummary":{ "type":"structure", "required":[ - "contentType", - "createdTime", + "quickResponseArn", + "quickResponseId", "knowledgeBaseArn", "knowledgeBaseId", - "lastModifiedTime", "name", - "quickResponseArn", - "quickResponseId", - "status" + "contentType", + "status", + "createdTime", + "lastModifiedTime" ], "members":{ - "channels":{ - "shape":"Channels", - "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " - }, - "contentType":{ - "shape":"QuickResponseType", - "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for quick response written in richtext.

    " - }, - "createdTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the quick response was created.

    " - }, - "description":{ - "shape":"QuickResponseDescription", - "documentation":"

    The description of the quick response.

    " + "quickResponseArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " }, - "isActive":{ - "shape":"Boolean", - "documentation":"

    Whether the quick response is active.

    " + "quickResponseId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the quick response.

    " }, "knowledgeBaseArn":{ "shape":"Arn", @@ -8664,30 +8895,42 @@ "shape":"Uuid", "documentation":"

    The identifier of the knowledge base.

    " }, - "lastModifiedBy":{ - "shape":"GenericArn", - "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the quick response data.

    " - }, - "lastModifiedTime":{ - "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The timestamp when the quick response summary was last modified.

    " - }, "name":{ "shape":"QuickResponseName", "documentation":"

    The name of the quick response.

    " }, - "quickResponseArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the quick response.

    " - }, - "quickResponseId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the quick response.

    " + "contentType":{ + "shape":"QuickResponseType", + "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for quick response written in richtext.

    " }, "status":{ "shape":"QuickResponseStatus", "documentation":"

    The resource status of the quick response.

    " }, + "createdTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the quick response was created.

    " + }, + "lastModifiedTime":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"

    The timestamp when the quick response summary was last modified.

    " + }, + "description":{ + "shape":"QuickResponseDescription", + "documentation":"

    The description of the quick response.

    " + }, + "lastModifiedBy":{ + "shape":"GenericArn", + "documentation":"

    The Amazon Resource Name (ARN) of the user who last updated the quick response data.

    " + }, + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the quick response is active.

    " + }, + "channels":{ + "shape":"Channels", + "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " + }, "tags":{ "shape":"Tags", "documentation":"

    The tags used to organize, track, or control access for this resource.

    " @@ -8701,18 +8944,18 @@ }, "QuickResponseType":{ "type":"string", - "pattern":"^(application/x\\.quickresponse;format=(plain|markdown))$" + "pattern":"(application/x\\.quickresponse;format=(plain|markdown))" }, "RankingData":{ "type":"structure", "members":{ - "relevanceLevel":{ - "shape":"RelevanceLevel", - "documentation":"

    The relevance score of the content.

    " - }, "relevanceScore":{ "shape":"RelevanceScore", "documentation":"

    The relevance level of the recommendation.

    " + }, + "relevanceLevel":{ + "shape":"RelevanceLevel", + "documentation":"

    The relevance score of the content.

    " } }, "documentation":"

    Details about the source content ranking data.

    " @@ -8721,29 +8964,29 @@ "type":"structure", "required":["recommendationId"], "members":{ - "data":{ - "shape":"DataSummary", - "documentation":"

    Summary of the recommended content.

    " + "recommendationId":{ + "shape":"RecommendationId", + "documentation":"

    The identifier of the recommendation.

    " }, "document":{ "shape":"Document", "documentation":"

    The recommended document.

    " }, - "recommendationId":{ - "shape":"RecommendationId", - "documentation":"

    The identifier of the recommendation.

    " + "relevanceScore":{ + "shape":"RelevanceScore", + "documentation":"

    The relevance score of the recommendation.

    " }, "relevanceLevel":{ "shape":"RelevanceLevel", "documentation":"

    The relevance level of the recommendation.

    " }, - "relevanceScore":{ - "shape":"RelevanceScore", - "documentation":"

    The relevance score of the recommendation.

    " - }, "type":{ "shape":"RecommendationType", "documentation":"

    The type of recommendation.

    " + }, + "data":{ + "shape":"DataSummary", + "documentation":"

    Summary of the recommended content.

    " } }, "documentation":"

    Information about the recommendation.

    " @@ -8774,32 +9017,32 @@ "RecommendationTrigger":{ "type":"structure", "required":[ - "data", "id", - "recommendationIds", + "type", "source", - "type" + "data", + "recommendationIds" ], "members":{ - "data":{ - "shape":"RecommendationTriggerData", - "documentation":"

    A union type containing information related to the trigger.

    " - }, "id":{ "shape":"Uuid", "documentation":"

    The identifier of the recommendation trigger.

    " }, - "recommendationIds":{ - "shape":"RecommendationIdList", - "documentation":"

    The identifiers of the recommendations.

    " + "type":{ + "shape":"RecommendationTriggerType", + "documentation":"

    The type of recommendation trigger.

    " }, "source":{ "shape":"RecommendationSourceType", "documentation":"

    The source of the recommendation trigger.

    • ISSUE_DETECTION: The corresponding recommendations were triggered by a Contact Lens issue.

    • RULE_EVALUATION: The corresponding recommendations were triggered by a Contact Lens rule.

    " }, - "type":{ - "shape":"RecommendationTriggerType", - "documentation":"

    The type of recommendation trigger.

    " + "data":{ + "shape":"RecommendationTriggerData", + "documentation":"

    A union type containing information related to the trigger.

    " + }, + "recommendationIds":{ + "shape":"RecommendationIdList", + "documentation":"

    The identifiers of the recommendations.

    " } }, "documentation":"

    A recommendation trigger provides context on the event that produced the referenced recommendations. Recommendations are only referenced in recommendationIds by a single RecommendationTrigger.

    " @@ -8832,7 +9075,14 @@ "KNOWLEDGE_CONTENT", "GENERATIVE_RESPONSE", "GENERATIVE_ANSWER", - "DETECTED_INTENT" + "DETECTED_INTENT", + "GENERATIVE_ANSWER_CHUNK", + "BLOCKED_GENERATIVE_ANSWER_CHUNK", + "INTENT_ANSWER_CHUNK", + "BLOCKED_INTENT_ANSWER_CHUNK", + "EMAIL_RESPONSE_CHUNK", + "EMAIL_OVERVIEW_CHUNK", + "EMAIL_GENERATIVE_ANSWER_CHUNK" ] }, "ReferenceType":{ @@ -8864,28 +9114,27 @@ "RemoveAssistantAIAgentRequest":{ "type":"structure", "required":[ - "aiAgentType", - "assistantId" + "assistantId", + "aiAgentType" ], "members":{ - "aiAgentType":{ - "shape":"AIAgentType", - "documentation":"

    The type of the AI Agent being removed for use by default from the Amazon Q in Connect Assistant.

    ", - "location":"querystring", - "locationName":"aiAgentType" - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" + }, + "aiAgentType":{ + "shape":"AIAgentType", + "documentation":"

    The type of the AI Agent being removed for use by default from the Amazon Q in Connect Assistant.

    ", + "location":"querystring", + "locationName":"aiAgentType" } } }, "RemoveAssistantAIAgentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RemoveKnowledgeBaseTemplateUriRequest":{ "type":"structure", @@ -8901,21 +9150,16 @@ }, "RemoveKnowledgeBaseTemplateUriResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RenderMessageTemplateRequest":{ "type":"structure", "required":[ - "attributes", "knowledgeBaseId", - "messageTemplateId" + "messageTemplateId", + "attributes" ], "members":{ - "attributes":{ - "shape":"MessageTemplateAttributes", - "documentation":"

    An object that specifies the values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the value for that variable.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", @@ -8927,6 +9171,10 @@ "documentation":"

    The identifier of the message template. Can be either the ID or the ARN.

    ", "location":"uri", "locationName":"messageTemplateId" + }, + "attributes":{ + "shape":"MessageTemplateAttributes", + "documentation":"

    An object that specifies the values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the value for that variable.

    " } } }, @@ -8934,17 +9182,17 @@ "type":"structure", "required":["content"], "members":{ - "attachments":{ - "shape":"MessageTemplateAttachmentList", - "documentation":"

    The message template attachments.

    " + "content":{ + "shape":"MessageTemplateContentProvider", + "documentation":"

    The content of the message template.

    " }, "attributesNotInterpolated":{ "shape":"MessageTemplateAttributeKeyList", "documentation":"

    The attribute keys that are not resolved.

    " }, - "content":{ - "shape":"MessageTemplateContentProvider", - "documentation":"

    The content of the message template.

    " + "attachments":{ + "shape":"MessageTemplateAttachmentList", + "documentation":"

    The message template attachments.

    " } } }, @@ -8991,9 +9239,9 @@ "type":"structure", "required":["resultId"], "members":{ - "data":{ - "shape":"DataSummary", - "documentation":"

    Summary of the recommended content.

    " + "resultId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the result data.

    " }, "document":{ "shape":"Document", @@ -9003,9 +9251,9 @@ "shape":"RelevanceScore", "documentation":"

    The relevance score of the results.

    " }, - "resultId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the result data.

    " + "data":{ + "shape":"DataSummary", + "documentation":"

    Summary of the recommended content.

    " }, "type":{ "shape":"QueryResultType", @@ -9076,11 +9324,11 @@ "searchExpression" ], "members":{ - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -9088,11 +9336,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" }, "searchExpression":{ "shape":"SearchExpression", @@ -9138,11 +9386,9 @@ "location":"uri", "locationName":"knowledgeBaseId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "searchExpression":{ + "shape":"MessageTemplateSearchExpression", + "documentation":"

    The search expression for querying the message template.

    " }, "nextToken":{ "shape":"NextToken", @@ -9150,9 +9396,11 @@ "location":"querystring", "locationName":"nextToken" }, - "searchExpression":{ - "shape":"MessageTemplateSearchExpression", - "documentation":"

    The search expression for querying the message template.

    " + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -9160,13 +9408,13 @@ "type":"structure", "required":["results"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    If there are additional results, this is the token for the next set of results.

    " - }, "results":{ "shape":"MessageTemplateSearchResultsList", "documentation":"

    The results of the message template search.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If there are additional results, this is the token for the next set of results.

    " } } }, @@ -9177,21 +9425,15 @@ "searchExpression" ], "members":{ - "attributes":{ - "shape":"ContactAttributes", - "documentation":"

    The user-defined Amazon Connect contact attributes to be resolved when search results are returned.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. This should be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"knowledgeBaseId" }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return per page.

    ", - "location":"querystring", - "locationName":"maxResults" + "searchExpression":{ + "shape":"QuickResponseSearchExpression", + "documentation":"

    The search expression for querying the quick response.

    " }, "nextToken":{ "shape":"NonEmptyString", @@ -9199,9 +9441,15 @@ "location":"querystring", "locationName":"nextToken" }, - "searchExpression":{ - "shape":"QuickResponseSearchExpression", - "documentation":"

    The search expression for querying the quick response.

    " + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "attributes":{ + "shape":"ContactAttributes", + "documentation":"

    The user-defined Amazon Connect contact attributes to be resolved when search results are returned.

    " } } }, @@ -9209,13 +9457,13 @@ "type":"structure", "required":["results"], "members":{ - "nextToken":{ - "shape":"NonEmptyString", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    " - }, "results":{ "shape":"QuickResponseSearchResultsList", "documentation":"

    The results of the quick response search.

    " + }, + "nextToken":{ + "shape":"NonEmptyString", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    " } } }, @@ -9226,11 +9474,11 @@ "searchExpression" ], "members":{ - "assistantId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"assistantId" + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", + "location":"querystring", + "locationName":"nextToken" }, "maxResults":{ "shape":"MaxResults", @@ -9238,11 +9486,11 @@ "location":"querystring", "locationName":"maxResults" }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.

    ", - "location":"querystring", - "locationName":"nextToken" + "assistantId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"assistantId" }, "searchExpression":{ "shape":"SearchExpression", @@ -9254,13 +9502,13 @@ "type":"structure", "required":["sessionSummaries"], "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    If there are additional results, this is the token for the next set of results.

    " - }, "sessionSummaries":{ "shape":"SessionSummaries", "documentation":"

    Summary information about the sessions.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    If there are additional results, this is the token for the next set of results.

    " } } }, @@ -9283,21 +9531,21 @@ "SelfServiceAIAgentConfiguration":{ "type":"structure", "members":{ - "associationConfigurations":{ - "shape":"AssociationConfigurationList", - "documentation":"

    The association configurations for overriding behavior on this AI Agent.

    " - }, - "selfServiceAIGuardrailId":{ + "selfServicePreProcessingAIPromptId":{ "shape":"UuidWithQualifier", - "documentation":"

    The AI Guardrail identifier used by the SELF_SERVICE AI Agent.

    " + "documentation":"

    The AI Prompt identifier for the Self Service Pre-Processing prompt used by the SELF_SERVICE AI Agent

    " }, "selfServiceAnswerGenerationAIPromptId":{ "shape":"UuidWithQualifier", "documentation":"

    The AI Prompt identifier for the Self Service Answer Generation prompt used by the SELF_SERVICE AI Agent

    " }, - "selfServicePreProcessingAIPromptId":{ + "selfServiceAIGuardrailId":{ "shape":"UuidWithQualifier", - "documentation":"

    The AI Prompt identifier for the Self Service Pre-Processing prompt used by the SELF_SERVICE AI Agent

    " + "documentation":"

    The AI Guardrail identifier used by the SELF_SERVICE AI Agent.

    " + }, + "associationConfigurations":{ + "shape":"AssociationConfigurationList", + "documentation":"

    The association configurations for overriding behavior on this AI Agent.

    " } }, "documentation":"

    The configuration for AI Agents of type SELF_SERVICE.

    " @@ -9306,20 +9554,20 @@ "type":"structure", "required":["turnNumber"], "members":{ - "botResponse":{ - "shape":"SensitiveString", - "documentation":"

    The bot response of the conversation history data.

    " + "turnNumber":{ + "shape":"Integer", + "documentation":"

    The number of turn of the conversation history data.

    " }, "inputTranscript":{ "shape":"SensitiveString", "documentation":"

    The input transcript of the conversation history data.

    " }, - "turnNumber":{ - "shape":"Integer", - "documentation":"

    The number of turn of the conversation history data.

    " + "botResponse":{ + "shape":"SensitiveString", + "documentation":"

    The bot response of the conversation history data.

    " } }, - "documentation":"

    The conversation history data to included in conversation context data before the the Amazon Q in Connect session..

    " + "documentation":"

    The conversation history data to included in conversation context data before the Amazon Q in Connect session.

    " }, "SelfServiceConversationHistoryList":{ "type":"list", @@ -9330,22 +9578,22 @@ "SemanticChunkingConfiguration":{ "type":"structure", "required":[ - "breakpointPercentileThreshold", + "maxTokens", "bufferSize", - "maxTokens" + "breakpointPercentileThreshold" ], "members":{ - "breakpointPercentileThreshold":{ - "shape":"SemanticChunkingConfigurationBreakpointPercentileThresholdInteger", - "documentation":"

    The dissimilarity threshold for splitting chunks.

    " + "maxTokens":{ + "shape":"SemanticChunkingConfigurationMaxTokensInteger", + "documentation":"

    The maximum number of tokens that a chunk can contain.

    " }, "bufferSize":{ "shape":"SemanticChunkingConfigurationBufferSizeInteger", "documentation":"

    The buffer size.

    " }, - "maxTokens":{ - "shape":"SemanticChunkingConfigurationMaxTokensInteger", - "documentation":"

    The maximum number of tokens that a chunk can contain.

    " + "breakpointPercentileThreshold":{ + "shape":"SemanticChunkingConfigurationBreakpointPercentileThresholdInteger", + "documentation":"

    The dissimilarity threshold for splitting chunks.

    " } }, "documentation":"

    Settings for semantic document chunking for a data source. Semantic chunking splits a document into smaller documents based on groups of similar content derived from the text with natural language processing.

    " @@ -9371,9 +9619,9 @@ "type":"structure", "required":[ "assistantId", - "message", "sessionId", - "type" + "type", + "message" ], "members":{ "assistantId":{ @@ -9382,19 +9630,6 @@ "location":"uri", "locationName":"assistantId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the AWS SDK populates this field.For more information about idempotency, see Making retries safe with idempotent APIs.

    ", - "idempotencyToken":true - }, - "conversationContext":{ - "shape":"ConversationContext", - "documentation":"

    The conversation context before the Amazon Q in Connect session.

    " - }, - "message":{ - "shape":"MessageInput", - "documentation":"

    The message data to submit to the Amazon Q in Connect session.

    " - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect session.

    ", @@ -9404,23 +9639,44 @@ "type":{ "shape":"MessageType", "documentation":"

    The message type.

    " + }, + "message":{ + "shape":"MessageInput", + "documentation":"

    The message data to submit to the Amazon Q in Connect session.

    " + }, + "conversationContext":{ + "shape":"ConversationContext", + "documentation":"

    The conversation context before the Amazon Q in Connect session.

    " + }, + "configuration":{ + "shape":"MessageConfiguration", + "documentation":"

    The configuration of the SendMessage request.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the AWS SDK populates this field.For more information about idempotency, see Making retries safe with idempotent APIs.

    ", + "idempotencyToken":true } } }, "SendMessageResponse":{ "type":"structure", "required":[ - "nextMessageToken", - "requestMessageId" + "requestMessageId", + "nextMessageToken" ], "members":{ - "nextMessageToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next message, used by GetNextMessage.

    " - }, "requestMessageId":{ "shape":"Uuid", "documentation":"

    The identifier of the submitted message.

    " + }, + "configuration":{ + "shape":"MessageConfiguration", + "documentation":"

    The configuration of the SendMessage request.

    " + }, + "nextMessageToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next message, used by GetNextMessage.

    " } } }, @@ -9453,42 +9709,46 @@ "SessionData":{ "type":"structure", "required":[ - "name", "sessionArn", - "sessionId" + "sessionId", + "name" ], "members":{ - "aiAgentConfiguration":{ - "shape":"AIAgentConfigurationMap", - "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " + "sessionArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the session.

    " + }, + "sessionId":{ + "shape":"Uuid", + "documentation":"

    The identifier of the session.

    " + }, + "name":{ + "shape":"Name", + "documentation":"

    The name of the session.

    " }, "description":{ "shape":"Description", "documentation":"

    The description of the session.

    " }, + "tags":{ + "shape":"Tags", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + }, "integrationConfiguration":{ "shape":"SessionIntegrationConfiguration", "documentation":"

    The configuration information for the session integration.

    " }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the session.

    " - }, - "sessionArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the session.

    " - }, - "sessionId":{ - "shape":"Uuid", - "documentation":"

    The identifier of the session.

    " - }, "tagFilter":{ "shape":"TagFilter", "documentation":"

    An object that can be used to specify Tag conditions.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    " + "aiAgentConfiguration":{ + "shape":"AIAgentConfigurationMap", + "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " + }, + "origin":{ + "shape":"Origin", + "documentation":"

    The origin of the Session to be listed. SYSTEM for a default Session created by Amazon Q in Connect or CUSTOMER for a Session created by calling CreateSession API.

    " } }, "documentation":"

    Information about the session.

    " @@ -9514,27 +9774,27 @@ "SessionSummary":{ "type":"structure", "required":[ - "assistantArn", - "assistantId", + "sessionId", "sessionArn", - "sessionId" + "assistantId", + "assistantArn" ], "members":{ - "assistantArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " - }, - "assistantId":{ + "sessionId":{ "shape":"Uuid", - "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " + "documentation":"

    The identifier of the session.

    " }, "sessionArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the session.

    " }, - "sessionId":{ + "assistantId":{ "shape":"Uuid", - "documentation":"

    The identifier of the session.

    " + "documentation":"

    The identifier of the Amazon Q in Connect assistant.

    " + }, + "assistantArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant.

    " } }, "documentation":"

    Summary information about the session.

    " @@ -9563,30 +9823,30 @@ "type":"structure", "required":[ "id", - "rankingData", + "type", "textData", - "type" + "rankingData" ], "members":{ - "citationSpan":{ - "shape":"CitationSpan", - "documentation":"

    Contains information about where the text with a citation begins and ends in the generated output.

    " - }, "id":{ "shape":"Uuid", "documentation":"

    The identifier of the source content.

    " }, - "rankingData":{ - "shape":"RankingData", - "documentation":"

    Details about the source content ranking data.

    " + "type":{ + "shape":"SourceContentType", + "documentation":"

    The type of the source content.

    " }, "textData":{ "shape":"TextData", "documentation":"

    Details about the source content text data.

    " }, - "type":{ - "shape":"SourceContentType", - "documentation":"

    The type of the source content.

    " + "rankingData":{ + "shape":"RankingData", + "documentation":"

    Details about the source content ranking data.

    " + }, + "citationSpan":{ + "shape":"CitationSpan", + "documentation":"

    Contains information about where the text with a citation begins and ends in the generated output.

    " } }, "documentation":"

    Details about the source content data.

    " @@ -9598,20 +9858,20 @@ "StartContentUploadRequest":{ "type":"structure", "required":[ - "contentType", - "knowledgeBaseId" + "knowledgeBaseId", + "contentType" ], "members":{ - "contentType":{ - "shape":"ContentType", - "documentation":"

    The type of content to upload.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"knowledgeBaseId" }, + "contentType":{ + "shape":"ContentType", + "documentation":"

    The type of content to upload.

    " + }, "presignedUrlTimeToLive":{ "shape":"TimeToLive", "documentation":"

    The expected expiration time of the generated presigned URL, specified in minutes.

    " @@ -9621,16 +9881,12 @@ "StartContentUploadResponse":{ "type":"structure", "required":[ - "headersToInclude", "uploadId", "url", - "urlExpiry" + "urlExpiry", + "headersToInclude" ], "members":{ - "headersToInclude":{ - "shape":"Headers", - "documentation":"

    The headers to include in the upload.

    " - }, "uploadId":{ "shape":"UploadId", "documentation":"

    The identifier of the upload.

    " @@ -9642,43 +9898,47 @@ "urlExpiry":{ "shape":"SyntheticTimestamp_epoch_seconds", "documentation":"

    The expiration time of the URL as an epoch timestamp.

    " + }, + "headersToInclude":{ + "shape":"Headers", + "documentation":"

    The headers to include in the upload.

    " } } }, "StartImportJobRequest":{ "type":"structure", "required":[ - "importJobType", "knowledgeBaseId", + "importJobType", "uploadId" ], "members":{ - "clientToken":{ - "shape":"NonEmptyString", - "documentation":"

    The tags used to organize, track, or control access for this resource.

    ", - "idempotencyToken":true - }, - "externalSourceConfiguration":{ - "shape":"ExternalSourceConfiguration", - "documentation":"

    The configuration information of the external source that the resource data are imported from.

    " - }, - "importJobType":{ - "shape":"ImportJobType", - "documentation":"

    The type of the import job.

    • For importing quick response resource, set the value to QUICK_RESPONSES.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    • For importing Amazon Q in Connect quick responses, this should be a QUICK_RESPONSES type knowledge base.

    ", "location":"uri", "locationName":"knowledgeBaseId" }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    The metadata fields of the imported Amazon Q in Connect resources.

    " + "importJobType":{ + "shape":"ImportJobType", + "documentation":"

    The type of the import job.

    • For importing quick response resource, set the value to QUICK_RESPONSES.

    " }, "uploadId":{ "shape":"UploadId", "documentation":"

    A pointer to the uploaded asset. This value is returned by StartContentUpload.

    " + }, + "clientToken":{ + "shape":"NonEmptyString", + "documentation":"

    The tags used to organize, track, or control access for this resource.

    ", + "idempotencyToken":true + }, + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    The metadata fields of the imported Amazon Q in Connect resources.

    " + }, + "externalSourceConfiguration":{ + "shape":"ExternalSourceConfiguration", + "documentation":"

    The configuration information of the external source that the resource data are imported from.

    " } } }, @@ -9723,14 +9983,14 @@ "SystemAttributes":{ "type":"structure", "members":{ - "customerEndpoint":{ - "shape":"SystemEndpointAttributes", - "documentation":"

    The CustomerEndpoint attribute.

    " - }, "name":{ "shape":"MessageTemplateAttributeValue", "documentation":"

    The name of the task.

    " }, + "customerEndpoint":{ + "shape":"SystemEndpointAttributes", + "documentation":"

    The CustomerEndpoint attribute.

    " + }, "systemEndpoint":{ "shape":"SystemEndpointAttributes", "documentation":"

    The SystemEndpoint attribute.

    " @@ -9766,6 +10026,10 @@ "TagFilter":{ "type":"structure", "members":{ + "tagCondition":{ + "shape":"TagCondition", + "documentation":"

    A leaf node condition which can be used to specify a tag condition.

    " + }, "andConditions":{ "shape":"AndConditions", "documentation":"

    A list of conditions which would be applied together with an AND condition.

    " @@ -9773,10 +10037,6 @@ "orConditions":{ "shape":"OrConditions", "documentation":"

    A list of conditions which would be applied together with an OR condition.

    " - }, - "tagCondition":{ - "shape":"TagCondition", - "documentation":"

    A leaf node condition which can be used to specify a tag condition.

    " } }, "documentation":"

    An object that can be used to specify Tag conditions.

    ", @@ -9786,7 +10046,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" + "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" }, "TagKeyList":{ "type":"list", @@ -9815,8 +10075,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -9837,15 +10096,15 @@ }, "TextAIPrompt":{ "type":"string", - "max":200000, + "max":1000000, "min":1, "sensitive":true }, "TextData":{ "type":"structure", "members":{ - "excerpt":{"shape":"DocumentText"}, - "title":{"shape":"DocumentText"} + "title":{"shape":"DocumentText"}, + "excerpt":{"shape":"DocumentText"} }, "documentation":"

    Details about the source content text data.

    " }, @@ -9913,6 +10172,18 @@ }, "exception":true }, + "UnauthorizedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    You do not have permission to perform this action.

    ", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -9936,22 +10207,20 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAIAgentRequest":{ "type":"structure", "required":[ - "aiAgentId", "assistantId", + "aiAgentId", "visibilityStatus" ], "members":{ - "aiAgentId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Agent.

    ", - "location":"uri", - "locationName":"aiAgentId" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", + "idempotencyToken":true }, "assistantId":{ "shape":"UuidOrArn", @@ -9959,10 +10228,15 @@ "location":"uri", "locationName":"assistantId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", - "idempotencyToken":true + "aiAgentId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Agent.

    ", + "location":"uri", + "locationName":"aiAgentId" + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visbility status of the Amazon Q in Connect AI Agent.

    " }, "configuration":{ "shape":"AIAgentConfiguration", @@ -9971,10 +10245,6 @@ "description":{ "shape":"Description", "documentation":"

    The description of the Amazon Q in Connect AI Agent.

    " - }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visbility status of the Amazon Q in Connect AI Agent.

    " } } }, @@ -9990,18 +10260,17 @@ "UpdateAIGuardrailRequest":{ "type":"structure", "required":[ - "aiGuardrailId", "assistantId", + "aiGuardrailId", + "visibilityStatus", "blockedInputMessaging", - "blockedOutputsMessaging", - "visibilityStatus" + "blockedOutputsMessaging" ], "members":{ - "aiGuardrailId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", - "location":"uri", - "locationName":"aiGuardrailId" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", + "idempotencyToken":true }, "assistantId":{ "shape":"UuidOrArn", @@ -10009,6 +10278,16 @@ "location":"uri", "locationName":"assistantId" }, + "aiGuardrailId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Guardrail.

    ", + "location":"uri", + "locationName":"aiGuardrailId" + }, + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the Amazon Q in Connect AI Guardrail.

    " + }, "blockedInputMessaging":{ "shape":"AIGuardrailBlockedMessaging", "documentation":"

    The message to return when the AI Guardrail blocks a prompt.

    " @@ -10017,38 +10296,29 @@ "shape":"AIGuardrailBlockedMessaging", "documentation":"

    The message to return when the AI Guardrail blocks a model response.

    " }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", - "idempotencyToken":true - }, - "contentPolicyConfig":{ - "shape":"AIGuardrailContentPolicyConfig", - "documentation":"

    The content filter policies to configure for the AI Guardrail.

    " - }, - "contextualGroundingPolicyConfig":{ - "shape":"AIGuardrailContextualGroundingPolicyConfig", - "documentation":"

    The contextual grounding policy configuration used to create an AI Guardrail.

    " - }, "description":{ "shape":"AIGuardrailDescription", "documentation":"

    A description of the AI Guardrail.

    " }, - "sensitiveInformationPolicyConfig":{ - "shape":"AIGuardrailSensitiveInformationPolicyConfig", - "documentation":"

    The sensitive information policy to configure for the AI Guardrail.

    " - }, "topicPolicyConfig":{ "shape":"AIGuardrailTopicPolicyConfig", "documentation":"

    The topic policies to configure for the AI Guardrail.

    " }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the Amazon Q in Connect AI Guardrail.

    " + "contentPolicyConfig":{ + "shape":"AIGuardrailContentPolicyConfig", + "documentation":"

    The content filter policies to configure for the AI Guardrail.

    " }, "wordPolicyConfig":{ "shape":"AIGuardrailWordPolicyConfig", "documentation":"

    The word policy you configure for the AI Guardrail.

    " + }, + "sensitiveInformationPolicyConfig":{ + "shape":"AIGuardrailSensitiveInformationPolicyConfig", + "documentation":"

    The sensitive information policy to configure for the AI Guardrail.

    " + }, + "contextualGroundingPolicyConfig":{ + "shape":"AIGuardrailContextualGroundingPolicyConfig", + "documentation":"

    The contextual grounding policy configuration used to create an AI Guardrail.

    " } } }, @@ -10064,16 +10334,15 @@ "UpdateAIPromptRequest":{ "type":"structure", "required":[ - "aiPromptId", "assistantId", + "aiPromptId", "visibilityStatus" ], "members":{ - "aiPromptId":{ - "shape":"UuidOrArnOrEitherWithQualifier", - "documentation":"

    The identifier of the Amazon Q in Connect AI Prompt.

    ", - "location":"uri", - "locationName":"aiPromptId" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", + "idempotencyToken":true }, "assistantId":{ "shape":"UuidOrArn", @@ -10081,22 +10350,27 @@ "location":"uri", "locationName":"assistantId" }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs..

    ", - "idempotencyToken":true + "aiPromptId":{ + "shape":"UuidOrArnOrEitherWithQualifier", + "documentation":"

    The identifier of the Amazon Q in Connect AI Prompt.

    ", + "location":"uri", + "locationName":"aiPromptId" }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the Amazon Q in Connect AI Prompt.

    " + "visibilityStatus":{ + "shape":"VisibilityStatus", + "documentation":"

    The visibility status of the Amazon Q in Connect AI prompt.

    " }, "templateConfiguration":{ "shape":"AIPromptTemplateConfiguration", "documentation":"

    The configuration of the prompt template for this AI Prompt.

    " }, - "visibilityStatus":{ - "shape":"VisibilityStatus", - "documentation":"

    The visibility status of the Amazon Q in Connect AI prompt.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description of the Amazon Q in Connect AI Prompt.

    " + }, + "modelId":{ + "shape":"AIPromptModelIdentifier", + "documentation":"

    The identifier of the model used for this AI Prompt.

    For information about which models are supported in each Amazon Web Services Region, see Supported models for system/custom prompts.

    " } } }, @@ -10112,21 +10386,21 @@ "UpdateAssistantAIAgentRequest":{ "type":"structure", "required":[ - "aiAgentType", "assistantId", + "aiAgentType", "configuration" ], "members":{ - "aiAgentType":{ - "shape":"AIAgentType", - "documentation":"

    The type of the AI Agent being updated for use by default on the Amazon Q in Connect Assistant.

    " - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, + "aiAgentType":{ + "shape":"AIAgentType", + "documentation":"

    The type of the AI Agent being updated for use by default on the Amazon Q in Connect Assistant.

    " + }, "configuration":{ "shape":"AIAgentConfigurationData", "documentation":"

    The configuration of the AI Agent being updated for use by default on the Amazon Q in Connect Assistant.

    " @@ -10142,25 +10416,29 @@ "UpdateContentRequest":{ "type":"structure", "required":[ - "contentId", - "knowledgeBaseId" + "knowledgeBaseId", + "contentId" ], "members":{ + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN

    ", + "location":"uri", + "locationName":"knowledgeBaseId" + }, "contentId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the content. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"contentId" }, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. This should not be a QUICK_RESPONSES type knowledge base. Can be either the ID or the ARN

    ", - "location":"uri", - "locationName":"knowledgeBaseId" + "revisionId":{ + "shape":"NonEmptyString", + "documentation":"

    The revisionId of the content resource to update, taken from an earlier call to GetContent, GetContentSummary, SearchContent, or ListContents. If included, this argument acts as an optimistic lock to ensure content was not modified since it was last read. If it has been modified, this API throws a PreconditionFailedException.

    " }, - "metadata":{ - "shape":"ContentMetadata", - "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " + "title":{ + "shape":"ContentTitle", + "documentation":"

    The title of the content.

    " }, "overrideLinkOutUri":{ "shape":"Uri", @@ -10170,13 +10448,9 @@ "shape":"Boolean", "documentation":"

    Unset the existing overrideLinkOutUri if it exists.

    " }, - "revisionId":{ - "shape":"NonEmptyString", - "documentation":"

    The revisionId of the content resource to update, taken from an earlier call to GetContent, GetContentSummary, SearchContent, or ListContents. If included, this argument acts as an optimistic lock to ensure content was not modified since it was last read. If it has been modified, this API throws a PreconditionFailedException.

    " - }, - "title":{ - "shape":"ContentTitle", - "documentation":"

    The title of the content.

    " + "metadata":{ + "shape":"ContentMetadata", + "documentation":"

    A key/value map to store attributes without affecting tagging or recommendations. For example, when synchronizing data between an external system and Amazon Q in Connect, you can store an external version identifier as metadata to utilize for determining drift.

    " }, "uploadId":{ "shape":"UploadId", @@ -10228,11 +10502,6 @@ "messageTemplateId" ], "members":{ - "description":{ - "shape":"Description", - "documentation":"

    The description of the message template.

    " - }, - "groupingConfiguration":{"shape":"GroupingConfiguration"}, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", @@ -10248,7 +10517,12 @@ "name":{ "shape":"Name", "documentation":"

    The name of the message template.

    " - } + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the message template.

    " + }, + "groupingConfiguration":{"shape":"GroupingConfiguration"} } }, "UpdateMessageTemplateMetadataResponse":{ @@ -10267,29 +10541,29 @@ "messageTemplateId" ], "members":{ - "content":{ - "shape":"MessageTemplateContentProvider", - "documentation":"

    The content of the message template.

    " - }, - "defaultAttributes":{ - "shape":"MessageTemplateAttributes", - "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " - }, "knowledgeBaseId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"knowledgeBaseId" }, - "language":{ - "shape":"LanguageCode", - "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " - }, "messageTemplateId":{ "shape":"UuidOrArnOrEitherWithQualifier", "documentation":"

    The identifier of the message template. Can be either the ID or the ARN. It cannot contain any qualifier.

    ", "location":"uri", "locationName":"messageTemplateId" + }, + "content":{ + "shape":"MessageTemplateContentProvider", + "documentation":"

    The content of the message template.

    " + }, + "language":{ + "shape":"LanguageCode", + "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " + }, + "defaultAttributes":{ + "shape":"MessageTemplateAttributes", + "documentation":"

    An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.

    " } } }, @@ -10309,9 +10583,21 @@ "quickResponseId" ], "members":{ - "channels":{ - "shape":"Channels", - "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " + "knowledgeBaseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", + "location":"uri", + "locationName":"knowledgeBaseId" + }, + "quickResponseId":{ + "shape":"UuidOrArn", + "documentation":"

    The identifier of the quick response.

    ", + "location":"uri", + "locationName":"quickResponseId" + }, + "name":{ + "shape":"QuickResponseName", + "documentation":"

    The name of the quick response.

    " }, "content":{ "shape":"QuickResponseDataProvider", @@ -10321,53 +10607,41 @@ "shape":"QuickResponseType", "documentation":"

    The media type of the quick response content.

    • Use application/x.quickresponse;format=plain for quick response written in plain text.

    • Use application/x.quickresponse;format=markdown for quick response written in richtext.

    " }, - "description":{ - "shape":"QuickResponseDescription", - "documentation":"

    The updated description of the quick response.

    " - }, "groupingConfiguration":{ "shape":"GroupingConfiguration", "documentation":"

    The updated grouping configuration of the quick response.

    " }, - "isActive":{ + "removeGroupingConfiguration":{ "shape":"Boolean", - "documentation":"

    Whether the quick response is active.

    " - }, - "knowledgeBaseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the knowledge base. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", - "location":"uri", - "locationName":"knowledgeBaseId" - }, - "language":{ - "shape":"LanguageCode", - "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " - }, - "name":{ - "shape":"QuickResponseName", - "documentation":"

    The name of the quick response.

    " + "documentation":"

    Whether to remove the grouping configuration of the quick response.

    " }, - "quickResponseId":{ - "shape":"UuidOrArn", - "documentation":"

    The identifier of the quick response.

    ", - "location":"uri", - "locationName":"quickResponseId" + "description":{ + "shape":"QuickResponseDescription", + "documentation":"

    The updated description of the quick response.

    " }, "removeDescription":{ "shape":"Boolean", "documentation":"

    Whether to remove the description from the quick response.

    " }, - "removeGroupingConfiguration":{ - "shape":"Boolean", - "documentation":"

    Whether to remove the grouping configuration of the quick response.

    " + "shortcutKey":{ + "shape":"ShortCutKey", + "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " }, "removeShortcutKey":{ "shape":"Boolean", "documentation":"

    Whether to remove the shortcut key of the quick response.

    " }, - "shortcutKey":{ - "shape":"ShortCutKey", - "documentation":"

    The shortcut key of the quick response. The value should be unique across the knowledge base.

    " + "isActive":{ + "shape":"Boolean", + "documentation":"

    Whether the quick response is active.

    " + }, + "channels":{ + "shape":"Channels", + "documentation":"

    The Amazon Connect contact channels this quick response applies to. The supported contact channel types include Chat.

    " + }, + "language":{ + "shape":"LanguageCode", + "documentation":"

    The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW

    " } } }, @@ -10384,8 +10658,8 @@ "type":"structure", "required":[ "assistantId", - "data", - "sessionId" + "sessionId", + "data" ], "members":{ "assistantId":{ @@ -10394,39 +10668,31 @@ "location":"uri", "locationName":"assistantId" }, - "data":{ - "shape":"RuntimeSessionDataList", - "documentation":"

    The data stored on the Amazon Q in Connect Session.

    " - }, - "namespace":{ - "shape":"SessionDataNamespace", - "documentation":"

    The namespace into which the session data is stored. Supported namespaces are: Custom

    " - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"sessionId" + }, + "namespace":{ + "shape":"SessionDataNamespace", + "documentation":"

    The namespace into which the session data is stored. Supported namespaces are: Custom

    " + }, + "data":{ + "shape":"RuntimeSessionDataList", + "documentation":"

    The data stored on the Amazon Q in Connect Session.

    " } } }, "UpdateSessionDataResponse":{ "type":"structure", "required":[ - "data", - "namespace", "sessionArn", - "sessionId" + "sessionId", + "namespace", + "data" ], "members":{ - "data":{ - "shape":"RuntimeSessionDataList", - "documentation":"

    Data stored in the session.

    " - }, - "namespace":{ - "shape":"SessionDataNamespace", - "documentation":"

    The namespace into which the session data is stored. Supported namespaces are: Custom

    " - }, "sessionArn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the session.

    " @@ -10434,6 +10700,14 @@ "sessionId":{ "shape":"Uuid", "documentation":"

    The identifier of the session.

    " + }, + "namespace":{ + "shape":"SessionDataNamespace", + "documentation":"

    The namespace into which the session data is stored. Supported namespaces are: Custom

    " + }, + "data":{ + "shape":"RuntimeSessionDataList", + "documentation":"

    Data stored in the session.

    " } } }, @@ -10444,29 +10718,29 @@ "sessionId" ], "members":{ - "aiAgentConfiguration":{ - "shape":"AIAgentConfigurationMap", - "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " - }, "assistantId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"assistantId" }, - "description":{ - "shape":"Description", - "documentation":"

    The description.

    " - }, "sessionId":{ "shape":"UuidOrArn", "documentation":"

    The identifier of the session. Can be either the ID or the ARN. URLs cannot contain the ARN.

    ", "location":"uri", "locationName":"sessionId" }, + "description":{ + "shape":"Description", + "documentation":"

    The description.

    " + }, "tagFilter":{ "shape":"TagFilter", "documentation":"

    An object that can be used to specify Tag conditions.

    " + }, + "aiAgentConfiguration":{ + "shape":"AIAgentConfigurationMap", + "documentation":"

    The configuration of the AI Agents (mapped by AI Agent Type to AI Agent version) that should be used by Amazon Q in Connect for this Session.

    " } } }, @@ -10517,19 +10791,19 @@ }, "Uuid":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "UuidOrArn":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}" }, "UuidOrArnOrEitherWithQualifier":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$|^arn:[a-z-]*?:wisdom:[a-z0-9-]*?:[0-9]{12}:[a-z-]*?/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(?:/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}){0,2}(:[A-Z0-9_$]+){0,1}" }, "UuidWithQualifier":{ "type":"string", - "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}$" + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(:[A-Z0-9_$]+){0,1}" }, "ValidationException":{ "type":"structure", @@ -10578,25 +10852,25 @@ "type":"structure", "required":["urlConfiguration"], "members":{ + "urlConfiguration":{ + "shape":"UrlConfiguration", + "documentation":"

    The configuration of the URL/URLs for the web content that you want to crawl. You should be authorized to crawl the URLs.

    " + }, "crawlerLimits":{ "shape":"WebCrawlerLimits", "documentation":"

    The configuration of crawl limits for the web URLs.

    " }, - "exclusionFilters":{ - "shape":"UrlFilterList", - "documentation":"

    A list of one or more exclusion regular expression patterns to exclude certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

    " - }, "inclusionFilters":{ "shape":"UrlFilterList", "documentation":"

    A list of one or more inclusion regular expression patterns to include certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

    " }, + "exclusionFilters":{ + "shape":"UrlFilterList", + "documentation":"

    A list of one or more exclusion regular expression patterns to exclude certain URLs. If you specify an inclusion and exclusion filter/pattern and both match a URL, the exclusion filter takes precedence and the web content of the URL isn’t crawled.

    " + }, "scope":{ "shape":"WebScopeType", "documentation":"

    The scope of what is crawled for your URLs. You can choose to crawl only web pages that belong to the same host or primary domain. For example, only web pages that contain the seed URL https://docs.aws.amazon.com/bedrock/latest/userguide/ and no other domains. You can choose to include sub domains in addition to the host or primary domain. For example, web pages that contain aws.amazon.com can also include sub domain docs.aws.amazon.com.

    " - }, - "urlConfiguration":{ - "shape":"UrlConfiguration", - "documentation":"

    The configuration of the URL/URLs for the web content that you want to crawl. You should be authorized to crawl the URLs.

    " } }, "documentation":"

    The configuration details for the web data source.

    " @@ -10626,7 +10900,7 @@ }, "WebUrl":{ "type":"string", - "pattern":"^https?://[A-Za-z0-9][^\\s]*$" + "pattern":"https?://[A-Za-z0-9][^\\s]*" } }, "documentation":"

    Powered by Amazon Bedrock: Amazon Web Services implements automated abuse detection. Because Amazon Q in Connect is built on Amazon Bedrock, users can take full advantage of the controls implemented in Amazon Bedrock to enforce safety, security, and the responsible use of artificial intelligence (AI).

    Amazon Q in Connect is a generative AI customer service assistant. It is an LLM-enhanced evolution of Amazon Connect Wisdom that delivers real-time recommendations to help contact center agents resolve customer issues quickly and accurately.

    Amazon Q in Connect automatically detects customer intent during calls and chats using conversational analytics and natural language understanding (NLU). It then provides agents with immediate, real-time generative responses and suggested actions, and links to relevant documents and articles. Agents can also query Amazon Q in Connect directly using natural language or keywords to answer customer requests.

    Use the Amazon Q in Connect APIs to create an assistant and a knowledge base, for example, or manage content by uploading custom files.

    For more information, see Use Amazon Q in Connect for generative AI powered agent assistance in real-time in the Amazon Connect Administrator Guide.

    " diff -pruN 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/waiters-2.json 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/waiters-2.json --- 2.23.6-1/awscli/botocore/data/qconnect/2020-10-19/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qconnect/2020-10-19/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://qldb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://qldb-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://qldb.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://qldb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/paginators-1.json 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/paginators-1.json --- 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -{ - "pagination": {} -} diff -pruN 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/service-2.json 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/service-2.json --- 2.23.6-1/awscli/botocore/data/qldb/2019-01-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb/2019-01-02/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,1476 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2019-01-02", - "endpointPrefix":"qldb", - "jsonVersion":"1.0", - "protocol":"rest-json", - "serviceAbbreviation":"QLDB", - "serviceFullName":"Amazon QLDB", - "serviceId":"QLDB", - "signatureVersion":"v4", - "signingName":"qldb", - "uid":"qldb-2019-01-02" - }, - "operations":{ - "CancelJournalKinesisStream":{ - "name":"CancelJournalKinesisStream", - "http":{ - "method":"DELETE", - "requestUri":"/ledgers/{name}/journal-kinesis-streams/{streamId}" - }, - "input":{"shape":"CancelJournalKinesisStreamRequest"}, - "output":{"shape":"CancelJournalKinesisStreamResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Ends a given Amazon QLDB journal stream. Before a stream can be canceled, its current status must be ACTIVE.

    You can't restart a stream after you cancel it. Canceled QLDB stream resources are subject to a 7-day retention period, so they are automatically deleted after this limit expires.

    " - }, - "CreateLedger":{ - "name":"CreateLedger", - "http":{ - "method":"POST", - "requestUri":"/ledgers" - }, - "input":{"shape":"CreateLedgerRequest"}, - "output":{"shape":"CreateLedgerResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceAlreadyExistsException"}, - {"shape":"LimitExceededException"}, - {"shape":"ResourceInUseException"} - ], - "documentation":"

    Creates a new ledger in your Amazon Web Services account in the current Region.

    " - }, - "DeleteLedger":{ - "name":"DeleteLedger", - "http":{ - "method":"DELETE", - "requestUri":"/ledgers/{name}" - }, - "input":{"shape":"DeleteLedgerRequest"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceInUseException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Deletes a ledger and all of its contents. This action is irreversible.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "DescribeJournalKinesisStream":{ - "name":"DescribeJournalKinesisStream", - "http":{ - "method":"GET", - "requestUri":"/ledgers/{name}/journal-kinesis-streams/{streamId}" - }, - "input":{"shape":"DescribeJournalKinesisStreamRequest"}, - "output":{"shape":"DescribeJournalKinesisStreamResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Returns detailed information about a given Amazon QLDB journal stream. The output includes the Amazon Resource Name (ARN), stream name, current status, creation time, and the parameters of the original stream creation request.

    This action does not return any expired journal streams. For more information, see Expiration for terminal streams in the Amazon QLDB Developer Guide.

    " - }, - "DescribeJournalS3Export":{ - "name":"DescribeJournalS3Export", - "http":{ - "method":"GET", - "requestUri":"/ledgers/{name}/journal-s3-exports/{exportId}" - }, - "input":{"shape":"DescribeJournalS3ExportRequest"}, - "output":{"shape":"DescribeJournalS3ExportResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Returns information about a journal export job, including the ledger name, export ID, creation time, current status, and the parameters of the original export creation request.

    This action does not return any expired export jobs. For more information, see Export job expiration in the Amazon QLDB Developer Guide.

    If the export job with the given ExportId doesn't exist, then throws ResourceNotFoundException.

    If the ledger with the given Name doesn't exist, then throws ResourceNotFoundException.

    " - }, - "DescribeLedger":{ - "name":"DescribeLedger", - "http":{ - "method":"GET", - "requestUri":"/ledgers/{name}" - }, - "input":{"shape":"DescribeLedgerRequest"}, - "output":{"shape":"DescribeLedgerResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Returns information about a ledger, including its state, permissions mode, encryption at rest settings, and when it was created.

    " - }, - "ExportJournalToS3":{ - "name":"ExportJournalToS3", - "http":{ - "method":"POST", - "requestUri":"/ledgers/{name}/journal-s3-exports" - }, - "input":{"shape":"ExportJournalToS3Request"}, - "output":{"shape":"ExportJournalToS3Response"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Exports journal contents within a date and time range from a ledger into a specified Amazon Simple Storage Service (Amazon S3) bucket. A journal export job can write the data objects in either the text or binary representation of Amazon Ion format, or in JSON Lines text format.

    If the ledger with the given Name doesn't exist, then throws ResourceNotFoundException.

    If the ledger with the given Name is in CREATING status, then throws ResourcePreconditionNotMetException.

    You can initiate up to two concurrent journal export requests for each ledger. Beyond this limit, journal export requests throw LimitExceededException.

    " - }, - "GetBlock":{ - "name":"GetBlock", - "http":{ - "method":"POST", - "requestUri":"/ledgers/{name}/block" - }, - "input":{"shape":"GetBlockRequest"}, - "output":{"shape":"GetBlockResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Returns a block object at a specified address in a journal. Also returns a proof of the specified block for verification if DigestTipAddress is provided.

    For information about the data contents in a block, see Journal contents in the Amazon QLDB Developer Guide.

    If the specified ledger doesn't exist or is in DELETING status, then throws ResourceNotFoundException.

    If the specified ledger is in CREATING status, then throws ResourcePreconditionNotMetException.

    If no block exists with the specified address, then throws InvalidParameterException.

    " - }, - "GetDigest":{ - "name":"GetDigest", - "http":{ - "method":"POST", - "requestUri":"/ledgers/{name}/digest" - }, - "input":{"shape":"GetDigestRequest"}, - "output":{"shape":"GetDigestResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Returns the digest of a ledger at the latest committed block in the journal. The response includes a 256-bit hash value and a block address.

    " - }, - "GetRevision":{ - "name":"GetRevision", - "http":{ - "method":"POST", - "requestUri":"/ledgers/{name}/revision" - }, - "input":{"shape":"GetRevisionRequest"}, - "output":{"shape":"GetRevisionResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Returns a revision data object for a specified document ID and block address. Also returns a proof of the specified revision for verification if DigestTipAddress is provided.

    " - }, - "ListJournalKinesisStreamsForLedger":{ - "name":"ListJournalKinesisStreamsForLedger", - "http":{ - "method":"GET", - "requestUri":"/ledgers/{name}/journal-kinesis-streams" - }, - "input":{"shape":"ListJournalKinesisStreamsForLedgerRequest"}, - "output":{"shape":"ListJournalKinesisStreamsForLedgerResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Returns all Amazon QLDB journal streams for a given ledger.

    This action does not return any expired journal streams. For more information, see Expiration for terminal streams in the Amazon QLDB Developer Guide.

    This action returns a maximum of MaxResults items. It is paginated so that you can retrieve all the items by calling ListJournalKinesisStreamsForLedger multiple times.

    " - }, - "ListJournalS3Exports":{ - "name":"ListJournalS3Exports", - "http":{ - "method":"GET", - "requestUri":"/journal-s3-exports" - }, - "input":{"shape":"ListJournalS3ExportsRequest"}, - "output":{"shape":"ListJournalS3ExportsResponse"}, - "documentation":"

    Returns all journal export jobs for all ledgers that are associated with the current Amazon Web Services account and Region.

    This action returns a maximum of MaxResults items, and is paginated so that you can retrieve all the items by calling ListJournalS3Exports multiple times.

    This action does not return any expired export jobs. For more information, see Export job expiration in the Amazon QLDB Developer Guide.

    " - }, - "ListJournalS3ExportsForLedger":{ - "name":"ListJournalS3ExportsForLedger", - "http":{ - "method":"GET", - "requestUri":"/ledgers/{name}/journal-s3-exports" - }, - "input":{"shape":"ListJournalS3ExportsForLedgerRequest"}, - "output":{"shape":"ListJournalS3ExportsForLedgerResponse"}, - "documentation":"

    Returns all journal export jobs for a specified ledger.

    This action returns a maximum of MaxResults items, and is paginated so that you can retrieve all the items by calling ListJournalS3ExportsForLedger multiple times.

    This action does not return any expired export jobs. For more information, see Export job expiration in the Amazon QLDB Developer Guide.

    " - }, - "ListLedgers":{ - "name":"ListLedgers", - "http":{ - "method":"GET", - "requestUri":"/ledgers" - }, - "input":{"shape":"ListLedgersRequest"}, - "output":{"shape":"ListLedgersResponse"}, - "documentation":"

    Returns all ledgers that are associated with the current Amazon Web Services account and Region.

    This action returns a maximum of MaxResults items and is paginated so that you can retrieve all the items by calling ListLedgers multiple times.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Returns all tags for a specified Amazon QLDB resource.

    " - }, - "StreamJournalToKinesis":{ - "name":"StreamJournalToKinesis", - "http":{ - "method":"POST", - "requestUri":"/ledgers/{name}/journal-kinesis-streams" - }, - "input":{"shape":"StreamJournalToKinesisRequest"}, - "output":{"shape":"StreamJournalToKinesisResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ResourcePreconditionNotMetException"} - ], - "documentation":"

    Creates a journal stream for a given Amazon QLDB ledger. The stream captures every document revision that is committed to the ledger's journal and delivers the data to a specified Amazon Kinesis Data Streams resource.

    " - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Adds one or more tags to a specified Amazon QLDB resource.

    A resource can have up to 50 tags. If you try to create more than 50 tags for a resource, your request fails and returns an error.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Removes one or more tags from a specified Amazon QLDB resource. You can specify up to 50 tag keys to remove.

    " - }, - "UpdateLedger":{ - "name":"UpdateLedger", - "http":{ - "method":"PATCH", - "requestUri":"/ledgers/{name}" - }, - "input":{"shape":"UpdateLedgerRequest"}, - "output":{"shape":"UpdateLedgerResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates properties on a ledger.

    " - }, - "UpdateLedgerPermissionsMode":{ - "name":"UpdateLedgerPermissionsMode", - "http":{ - "method":"PATCH", - "requestUri":"/ledgers/{name}/permissions-mode" - }, - "input":{"shape":"UpdateLedgerPermissionsModeRequest"}, - "output":{"shape":"UpdateLedgerPermissionsModeResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    Updates the permissions mode of a ledger.

    Before you switch to the STANDARD permissions mode, you must first create all required IAM policies and table tags to avoid disruption to your users. To learn more, see Migrating to the standard permissions mode in the Amazon QLDB Developer Guide.

    " - } - }, - "shapes":{ - "Arn":{ - "type":"string", - "max":1600, - "min":20 - }, - "Boolean":{"type":"boolean"}, - "CancelJournalKinesisStreamRequest":{ - "type":"structure", - "required":[ - "LedgerName", - "StreamId" - ], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "StreamId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the QLDB journal stream to be canceled.

    ", - "location":"uri", - "locationName":"streamId" - } - } - }, - "CancelJournalKinesisStreamResponse":{ - "type":"structure", - "members":{ - "StreamId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (Base62-encoded text) of the canceled QLDB journal stream.

    " - } - } - }, - "CreateLedgerRequest":{ - "type":"structure", - "required":[ - "Name", - "PermissionsMode" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger that you want to create. The name must be unique among all of the ledgers in your Amazon Web Services account in the current Region.

    Naming constraints for ledger names are defined in Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.

    " - }, - "Tags":{ - "shape":"Tags", - "documentation":"

    The key-value pairs to add as tags to the ledger that you want to create. Tag keys are case sensitive. Tag values are case sensitive and can be null.

    " - }, - "PermissionsMode":{ - "shape":"PermissionsMode", - "documentation":"

    The permissions mode to assign to the ledger that you want to create. This parameter can have one of the following values:

    • ALLOW_ALL: A legacy permissions mode that enables access control with API-level granularity for ledgers.

      This mode allows users who have the SendCommand API permission for this ledger to run all PartiQL commands (hence, ALLOW_ALL) on any tables in the specified ledger. This mode disregards any table-level or command-level IAM permissions policies that you create for the ledger.

    • STANDARD: (Recommended) A permissions mode that enables access control with finer granularity for ledgers, tables, and PartiQL commands.

      By default, this mode denies all user requests to run any PartiQL commands on any tables in this ledger. To allow PartiQL commands to run, you must create IAM permissions policies for specific table resources and PartiQL actions, in addition to the SendCommand API permission for the ledger. For information, see Getting started with the standard permissions mode in the Amazon QLDB Developer Guide.

    We strongly recommend using the STANDARD permissions mode to maximize the security of your ledger data.

    " - }, - "DeletionProtection":{ - "shape":"DeletionProtection", - "documentation":"

    Specifies whether the ledger is protected from being deleted by any user. If not defined during ledger creation, this feature is enabled (true) by default.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "KmsKey":{ - "shape":"KmsKey", - "documentation":"

    The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see Encryption at rest in the Amazon QLDB Developer Guide.

    Use one of the following options to specify this parameter:

    • AWS_OWNED_KMS_KEY: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.

    • Undefined: By default, use an Amazon Web Services owned KMS key.

    • A valid symmetric customer managed KMS key: Use the specified symmetric encryption KMS key in your account that you create, own, and manage.

      Amazon QLDB does not support asymmetric keys. For more information, see Using symmetric and asymmetric keys in the Key Management Service Developer Guide.

    To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " - } - } - }, - "CreateLedgerResponse":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "Arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for the ledger.

    " - }, - "State":{ - "shape":"LedgerState", - "documentation":"

    The current status of the ledger.

    " - }, - "CreationDateTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the ledger was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - }, - "PermissionsMode":{ - "shape":"PermissionsMode", - "documentation":"

    The permissions mode of the ledger that you created.

    " - }, - "DeletionProtection":{ - "shape":"DeletionProtection", - "documentation":"

    Specifies whether the ledger is protected from being deleted by any user. If not defined during ledger creation, this feature is enabled (true) by default.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "KmsKeyArn":{ - "shape":"Arn", - "documentation":"

    The ARN of the customer managed KMS key that the ledger uses for encryption at rest. If this parameter is undefined, the ledger uses an Amazon Web Services owned KMS key for encryption.

    " - } - } - }, - "DeleteLedgerRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger that you want to delete.

    ", - "location":"uri", - "locationName":"name" - } - } - }, - "DeletionProtection":{"type":"boolean"}, - "DescribeJournalKinesisStreamRequest":{ - "type":"structure", - "required":[ - "LedgerName", - "StreamId" - ], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "StreamId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the QLDB journal stream to describe.

    ", - "location":"uri", - "locationName":"streamId" - } - } - }, - "DescribeJournalKinesisStreamResponse":{ - "type":"structure", - "members":{ - "Stream":{ - "shape":"JournalKinesisStreamDescription", - "documentation":"

    Information about the QLDB journal stream returned by a DescribeJournalS3Export request.

    " - } - } - }, - "DescribeJournalS3ExportRequest":{ - "type":"structure", - "required":[ - "Name", - "ExportId" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "ExportId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the journal export job to describe.

    ", - "location":"uri", - "locationName":"exportId" - } - } - }, - "DescribeJournalS3ExportResponse":{ - "type":"structure", - "required":["ExportDescription"], - "members":{ - "ExportDescription":{ - "shape":"JournalS3ExportDescription", - "documentation":"

    Information about the journal export job returned by a DescribeJournalS3Export request.

    " - } - } - }, - "DescribeLedgerRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger that you want to describe.

    ", - "location":"uri", - "locationName":"name" - } - } - }, - "DescribeLedgerResponse":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "Arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for the ledger.

    " - }, - "State":{ - "shape":"LedgerState", - "documentation":"

    The current status of the ledger.

    " - }, - "CreationDateTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the ledger was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - }, - "PermissionsMode":{ - "shape":"PermissionsMode", - "documentation":"

    The permissions mode of the ledger.

    " - }, - "DeletionProtection":{ - "shape":"DeletionProtection", - "documentation":"

    Specifies whether the ledger is protected from being deleted by any user. If not defined during ledger creation, this feature is enabled (true) by default.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "EncryptionDescription":{ - "shape":"LedgerEncryptionDescription", - "documentation":"

    Information about the encryption of data at rest in the ledger. This includes the current status, the KMS key, and when the key became inaccessible (in the case of an error). If this parameter is undefined, the ledger uses an Amazon Web Services owned KMS key for encryption.

    " - } - } - }, - "Digest":{ - "type":"blob", - "max":32, - "min":32 - }, - "EncryptionStatus":{ - "type":"string", - "enum":[ - "ENABLED", - "UPDATING", - "KMS_KEY_INACCESSIBLE" - ] - }, - "ErrorCause":{ - "type":"string", - "enum":[ - "KINESIS_STREAM_NOT_FOUND", - "IAM_PERMISSION_REVOKED" - ] - }, - "ErrorMessage":{"type":"string"}, - "ExportJournalToS3Request":{ - "type":"structure", - "required":[ - "Name", - "InclusiveStartTime", - "ExclusiveEndTime", - "S3ExportConfiguration", - "RoleArn" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "InclusiveStartTime":{ - "shape":"Timestamp", - "documentation":"

    The inclusive start date and time for the range of journal contents to export.

    The InclusiveStartTime must be in ISO 8601 date and time format and in Universal Coordinated Time (UTC). For example: 2019-06-13T21:36:34Z.

    The InclusiveStartTime must be before ExclusiveEndTime.

    If you provide an InclusiveStartTime that is before the ledger's CreationDateTime, Amazon QLDB defaults it to the ledger's CreationDateTime.

    " - }, - "ExclusiveEndTime":{ - "shape":"Timestamp", - "documentation":"

    The exclusive end date and time for the range of journal contents to export.

    The ExclusiveEndTime must be in ISO 8601 date and time format and in Universal Coordinated Time (UTC). For example: 2019-06-13T21:36:34Z.

    The ExclusiveEndTime must be less than or equal to the current UTC date and time.

    " - }, - "S3ExportConfiguration":{ - "shape":"S3ExportConfiguration", - "documentation":"

    The configuration settings of the Amazon S3 bucket destination for your export request.

    " - }, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:

    • Write objects into your Amazon S3 bucket.

    • (Optional) Use your customer managed key in Key Management Service (KMS) for server-side encryption of your exported data.

    To pass a role to QLDB when requesting a journal export, you must have permissions to perform the iam:PassRole action on the IAM role resource. This is required for all journal export requests.

    " - }, - "OutputFormat":{ - "shape":"OutputFormat", - "documentation":"

    The output format of your exported journal data. A journal export job can write the data objects in either the text or binary representation of Amazon Ion format, or in JSON Lines text format.

    Default: ION_TEXT

    In JSON Lines format, each journal block in an exported data object is a valid JSON object that is delimited by a newline. You can use this format to directly integrate JSON exports with analytics tools such as Amazon Athena and Glue because these services can parse newline-delimited JSON automatically.

    " - } - } - }, - "ExportJournalToS3Response":{ - "type":"structure", - "required":["ExportId"], - "members":{ - "ExportId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) that QLDB assigns to each journal export job.

    To describe your export request and check the status of the job, you can use ExportId to call DescribeJournalS3Export.

    " - } - } - }, - "ExportStatus":{ - "type":"string", - "enum":[ - "IN_PROGRESS", - "COMPLETED", - "CANCELLED" - ] - }, - "GetBlockRequest":{ - "type":"structure", - "required":[ - "Name", - "BlockAddress" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "BlockAddress":{ - "shape":"ValueHolder", - "documentation":"

    The location of the block that you want to request. An address is an Amazon Ion structure that has two fields: strandId and sequenceNo.

    For example: {strandId:\"BlFTjlSXze9BIh1KOszcE3\",sequenceNo:14}.

    " - }, - "DigestTipAddress":{ - "shape":"ValueHolder", - "documentation":"

    The latest block location covered by the digest for which to request a proof. An address is an Amazon Ion structure that has two fields: strandId and sequenceNo.

    For example: {strandId:\"BlFTjlSXze9BIh1KOszcE3\",sequenceNo:49}.

    " - } - } - }, - "GetBlockResponse":{ - "type":"structure", - "required":["Block"], - "members":{ - "Block":{ - "shape":"ValueHolder", - "documentation":"

    The block data object in Amazon Ion format.

    " - }, - "Proof":{ - "shape":"ValueHolder", - "documentation":"

    The proof object in Amazon Ion format returned by a GetBlock request. A proof contains the list of hash values required to recalculate the specified digest using a Merkle tree, starting with the specified block.

    " - } - } - }, - "GetDigestRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - } - } - }, - "GetDigestResponse":{ - "type":"structure", - "required":[ - "Digest", - "DigestTipAddress" - ], - "members":{ - "Digest":{ - "shape":"Digest", - "documentation":"

    The 256-bit hash value representing the digest returned by a GetDigest request.

    " - }, - "DigestTipAddress":{ - "shape":"ValueHolder", - "documentation":"

    The latest block location covered by the digest that you requested. An address is an Amazon Ion structure that has two fields: strandId and sequenceNo.

    " - } - } - }, - "GetRevisionRequest":{ - "type":"structure", - "required":[ - "Name", - "BlockAddress", - "DocumentId" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "BlockAddress":{ - "shape":"ValueHolder", - "documentation":"

    The block location of the document revision to be verified. An address is an Amazon Ion structure that has two fields: strandId and sequenceNo.

    For example: {strandId:\"BlFTjlSXze9BIh1KOszcE3\",sequenceNo:14}.

    " - }, - "DocumentId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the document to be verified.

    " - }, - "DigestTipAddress":{ - "shape":"ValueHolder", - "documentation":"

    The latest block location covered by the digest for which to request a proof. An address is an Amazon Ion structure that has two fields: strandId and sequenceNo.

    For example: {strandId:\"BlFTjlSXze9BIh1KOszcE3\",sequenceNo:49}.

    " - } - } - }, - "GetRevisionResponse":{ - "type":"structure", - "required":["Revision"], - "members":{ - "Proof":{ - "shape":"ValueHolder", - "documentation":"

    The proof object in Amazon Ion format returned by a GetRevision request. A proof contains the list of hash values that are required to recalculate the specified digest using a Merkle tree, starting with the specified document revision.

    " - }, - "Revision":{ - "shape":"ValueHolder", - "documentation":"

    The document revision data object in Amazon Ion format.

    " - } - } - }, - "InvalidParameterException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ParameterName":{ - "shape":"ParameterName", - "documentation":"

    The name of the invalid parameter.

    " - } - }, - "documentation":"

    One or more parameters in the request aren't valid.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "IonText":{ - "type":"string", - "max":1048576, - "min":1, - "sensitive":true - }, - "JournalKinesisStreamDescription":{ - "type":"structure", - "required":[ - "LedgerName", - "RoleArn", - "StreamId", - "Status", - "KinesisConfiguration", - "StreamName" - ], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "CreationTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the QLDB journal stream was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - }, - "InclusiveStartTime":{ - "shape":"Timestamp", - "documentation":"

    The inclusive start date and time from which to start streaming journal data.

    " - }, - "ExclusiveEndTime":{ - "shape":"Timestamp", - "documentation":"

    The exclusive date and time that specifies when the stream ends. If this parameter is undefined, the stream runs indefinitely until you cancel it.

    " - }, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal stream to write data records to a Kinesis Data Streams resource.

    " - }, - "StreamId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the QLDB journal stream.

    " - }, - "Arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the QLDB journal stream.

    " - }, - "Status":{ - "shape":"StreamStatus", - "documentation":"

    The current state of the QLDB journal stream.

    " - }, - "KinesisConfiguration":{ - "shape":"KinesisConfiguration", - "documentation":"

    The configuration settings of the Amazon Kinesis Data Streams destination for a QLDB journal stream.

    " - }, - "ErrorCause":{ - "shape":"ErrorCause", - "documentation":"

    The error message that describes the reason that a stream has a status of IMPAIRED or FAILED. This is not applicable to streams that have other status values.

    " - }, - "StreamName":{ - "shape":"StreamName", - "documentation":"

    The user-defined name of the QLDB journal stream.

    " - } - }, - "documentation":"

    Information about an Amazon QLDB journal stream, including the Amazon Resource Name (ARN), stream name, creation time, current status, and the parameters of the original stream creation request.

    " - }, - "JournalKinesisStreamDescriptionList":{ - "type":"list", - "member":{"shape":"JournalKinesisStreamDescription"} - }, - "JournalS3ExportDescription":{ - "type":"structure", - "required":[ - "LedgerName", - "ExportId", - "ExportCreationTime", - "Status", - "InclusiveStartTime", - "ExclusiveEndTime", - "S3ExportConfiguration", - "RoleArn" - ], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "ExportId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) of the journal export job.

    " - }, - "ExportCreationTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the export job was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - }, - "Status":{ - "shape":"ExportStatus", - "documentation":"

    The current state of the journal export job.

    " - }, - "InclusiveStartTime":{ - "shape":"Timestamp", - "documentation":"

    The inclusive start date and time for the range of journal contents that was specified in the original export request.

    " - }, - "ExclusiveEndTime":{ - "shape":"Timestamp", - "documentation":"

    The exclusive end date and time for the range of journal contents that was specified in the original export request.

    " - }, - "S3ExportConfiguration":{"shape":"S3ExportConfiguration"}, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:

    • Write objects into your Amazon Simple Storage Service (Amazon S3) bucket.

    • (Optional) Use your customer managed key in Key Management Service (KMS) for server-side encryption of your exported data.

    " - }, - "OutputFormat":{ - "shape":"OutputFormat", - "documentation":"

    The output format of the exported journal data.

    " - } - }, - "documentation":"

    Information about a journal export job, including the ledger name, export ID, creation time, current status, and the parameters of the original export creation request.

    " - }, - "JournalS3ExportList":{ - "type":"list", - "member":{"shape":"JournalS3ExportDescription"} - }, - "KinesisConfiguration":{ - "type":"structure", - "required":["StreamArn"], - "members":{ - "StreamArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the Kinesis Data Streams resource.

    " - }, - "AggregationEnabled":{ - "shape":"Boolean", - "documentation":"

    Enables QLDB to publish multiple data records in a single Kinesis Data Streams record, increasing the number of records sent per API call.

    Default: True

    Record aggregation has important implications for processing records and requires de-aggregation in your stream consumer. To learn more, see KPL Key Concepts and Consumer De-aggregation in the Amazon Kinesis Data Streams Developer Guide.

    " - } - }, - "documentation":"

    The configuration settings of the Amazon Kinesis Data Streams destination for an Amazon QLDB journal stream.

    " - }, - "KmsKey":{ - "type":"string", - "max":1600 - }, - "LedgerEncryptionDescription":{ - "type":"structure", - "required":[ - "KmsKeyArn", - "EncryptionStatus" - ], - "members":{ - "KmsKeyArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the customer managed KMS key that the ledger uses for encryption at rest. If this parameter is undefined, the ledger uses an Amazon Web Services owned KMS key for encryption. It will display AWS_OWNED_KMS_KEY when updating the ledger's encryption configuration to the Amazon Web Services owned KMS key.

    " - }, - "EncryptionStatus":{ - "shape":"EncryptionStatus", - "documentation":"

    The current state of encryption at rest for the ledger. This can be one of the following values:

    • ENABLED: Encryption is fully enabled using the specified key.

    • UPDATING: The ledger is actively processing the specified key change.

      Key changes in QLDB are asynchronous. The ledger is fully accessible without any performance impact while the key change is being processed. The amount of time it takes to update a key varies depending on the ledger size.

    • KMS_KEY_INACCESSIBLE: The specified customer managed KMS key is not accessible, and the ledger is impaired. Either the key was disabled or deleted, or the grants on the key were revoked. When a ledger is impaired, it is not accessible and does not accept any read or write requests.

      An impaired ledger automatically returns to an active state after you restore the grants on the key, or re-enable the key that was disabled. However, deleting a customer managed KMS key is irreversible. After a key is deleted, you can no longer access the ledgers that are protected with that key, and the data becomes unrecoverable permanently.

    " - }, - "InaccessibleKmsKeyDateTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the KMS key first became inaccessible, in the case of an error. (Epoch time format is the number of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)

    This parameter is undefined if the KMS key is accessible.

    " - } - }, - "documentation":"

    Information about the encryption of data at rest in an Amazon QLDB ledger. This includes the current status, the key in Key Management Service (KMS), and when the key became inaccessible (in the case of an error).

    For more information, see Encryption at rest in the Amazon QLDB Developer Guide.

    " - }, - "LedgerList":{ - "type":"list", - "member":{"shape":"LedgerSummary"} - }, - "LedgerName":{ - "type":"string", - "max":32, - "min":1, - "pattern":"(?!^.*--)(?!^[0-9]+$)(?!^-)(?!.*-$)^[A-Za-z0-9-]+$" - }, - "LedgerState":{ - "type":"string", - "enum":[ - "CREATING", - "ACTIVE", - "DELETING", - "DELETED" - ] - }, - "LedgerSummary":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "State":{ - "shape":"LedgerState", - "documentation":"

    The current status of the ledger.

    " - }, - "CreationDateTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the ledger was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - } - }, - "documentation":"

    Information about a ledger, including its name, state, and when it was created.

    " - }, - "LimitExceededException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " - } - }, - "documentation":"

    You have reached the limit on the maximum number of resources allowed.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ListJournalKinesisStreamsForLedgerRequest":{ - "type":"structure", - "required":["LedgerName"], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single ListJournalKinesisStreamsForLedger request. (The actual number of results returned might be fewer.)

    ", - "location":"querystring", - "locationName":"max_results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token, indicating that you want to retrieve the next page of results. If you received a value for NextToken in the response from a previous ListJournalKinesisStreamsForLedger call, you should use that value as input here.

    ", - "location":"querystring", - "locationName":"next_token" - } - } - }, - "ListJournalKinesisStreamsForLedgerResponse":{ - "type":"structure", - "members":{ - "Streams":{ - "shape":"JournalKinesisStreamDescriptionList", - "documentation":"

    The QLDB journal streams that are currently associated with the given ledger.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    • If NextToken is empty, the last page of results has been processed and there are no more results to be retrieved.

    • If NextToken is not empty, more results are available. To retrieve the next page of results, use the value of NextToken in a subsequent ListJournalKinesisStreamsForLedger call.

    " - } - } - }, - "ListJournalS3ExportsForLedgerRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single ListJournalS3ExportsForLedger request. (The actual number of results returned might be fewer.)

    ", - "location":"querystring", - "locationName":"max_results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token, indicating that you want to retrieve the next page of results. If you received a value for NextToken in the response from a previous ListJournalS3ExportsForLedger call, then you should use that value as input here.

    ", - "location":"querystring", - "locationName":"next_token" - } - } - }, - "ListJournalS3ExportsForLedgerResponse":{ - "type":"structure", - "members":{ - "JournalS3Exports":{ - "shape":"JournalS3ExportList", - "documentation":"

    The journal export jobs that are currently associated with the specified ledger.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    • If NextToken is empty, then the last page of results has been processed and there are no more results to be retrieved.

    • If NextToken is not empty, then there are more results available. To retrieve the next page of results, use the value of NextToken in a subsequent ListJournalS3ExportsForLedger call.

    " - } - } - }, - "ListJournalS3ExportsRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single ListJournalS3Exports request. (The actual number of results returned might be fewer.)

    ", - "location":"querystring", - "locationName":"max_results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token, indicating that you want to retrieve the next page of results. If you received a value for NextToken in the response from a previous ListJournalS3Exports call, then you should use that value as input here.

    ", - "location":"querystring", - "locationName":"next_token" - } - } - }, - "ListJournalS3ExportsResponse":{ - "type":"structure", - "members":{ - "JournalS3Exports":{ - "shape":"JournalS3ExportList", - "documentation":"

    The journal export jobs for all ledgers that are associated with the current Amazon Web Services account and Region.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    • If NextToken is empty, then the last page of results has been processed and there are no more results to be retrieved.

    • If NextToken is not empty, then there are more results available. To retrieve the next page of results, use the value of NextToken in a subsequent ListJournalS3Exports call.

    " - } - } - }, - "ListLedgersRequest":{ - "type":"structure", - "members":{ - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single ListLedgers request. (The actual number of results returned might be fewer.)

    ", - "location":"querystring", - "locationName":"max_results" - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token, indicating that you want to retrieve the next page of results. If you received a value for NextToken in the response from a previous ListLedgers call, then you should use that value as input here.

    ", - "location":"querystring", - "locationName":"next_token" - } - } - }, - "ListLedgersResponse":{ - "type":"structure", - "members":{ - "Ledgers":{ - "shape":"LedgerList", - "documentation":"

    The ledgers that are associated with the current Amazon Web Services account and Region.

    " - }, - "NextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token, indicating whether there are more results available:

    • If NextToken is empty, then the last page of results has been processed and there are no more results to be retrieved.

    • If NextToken is not empty, then there are more results available. To retrieve the next page of results, use the value of NextToken in a subsequent ListLedgers call.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["ResourceArn"], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for which to list the tags. For example:

    arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "Tags":{ - "shape":"Tags", - "documentation":"

    The tags that are currently associated with the specified Amazon QLDB resource.

    " - } - } - }, - "MaxResults":{ - "type":"integer", - "max":100, - "min":1 - }, - "NextToken":{ - "type":"string", - "max":1024, - "min":4, - "pattern":"^[A-Za-z-0-9+/=]+$" - }, - "OutputFormat":{ - "type":"string", - "enum":[ - "ION_BINARY", - "ION_TEXT", - "JSON" - ] - }, - "ParameterName":{"type":"string"}, - "PermissionsMode":{ - "type":"string", - "enum":[ - "ALLOW_ALL", - "STANDARD" - ] - }, - "ResourceAlreadyExistsException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " - }, - "ResourceName":{ - "shape":"ResourceName", - "documentation":"

    The name of the resource.

    " - } - }, - "documentation":"

    The specified resource already exists.

    ", - "error":{"httpStatusCode":409}, - "exception":true - }, - "ResourceInUseException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " - }, - "ResourceName":{ - "shape":"ResourceName", - "documentation":"

    The name of the resource.

    " - } - }, - "documentation":"

    The specified resource can't be modified at this time.

    ", - "error":{"httpStatusCode":409}, - "exception":true - }, - "ResourceName":{"type":"string"}, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " - }, - "ResourceName":{ - "shape":"ResourceName", - "documentation":"

    The name of the resource.

    " - } - }, - "documentation":"

    The specified resource doesn't exist.

    ", - "error":{"httpStatusCode":404}, - "exception":true - }, - "ResourcePreconditionNotMetException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"

    The type of resource.

    " - }, - "ResourceName":{ - "shape":"ResourceName", - "documentation":"

    The name of the resource.

    " - } - }, - "documentation":"

    The operation failed because a condition wasn't satisfied in advance.

    ", - "error":{"httpStatusCode":412}, - "exception":true - }, - "ResourceType":{"type":"string"}, - "S3Bucket":{ - "type":"string", - "max":255, - "min":3, - "pattern":"^[A-Za-z-0-9-_.]+$" - }, - "S3EncryptionConfiguration":{ - "type":"structure", - "required":["ObjectEncryptionType"], - "members":{ - "ObjectEncryptionType":{ - "shape":"S3ObjectEncryptionType", - "documentation":"

    The Amazon S3 object encryption type.

    To learn more about server-side encryption options in Amazon S3, see Protecting Data Using Server-Side Encryption in the Amazon S3 Developer Guide.

    " - }, - "KmsKeyArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of a symmetric encryption key in Key Management Service (KMS). Amazon S3 does not support asymmetric KMS keys.

    You must provide a KmsKeyArn if you specify SSE_KMS as the ObjectEncryptionType.

    KmsKeyArn is not required if you specify SSE_S3 as the ObjectEncryptionType.

    " - } - }, - "documentation":"

    The encryption settings that are used by a journal export job to write data in an Amazon Simple Storage Service (Amazon S3) bucket.

    " - }, - "S3ExportConfiguration":{ - "type":"structure", - "required":[ - "Bucket", - "Prefix", - "EncryptionConfiguration" - ], - "members":{ - "Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The Amazon S3 bucket name in which a journal export job writes the journal contents.

    The bucket name must comply with the Amazon S3 bucket naming conventions. For more information, see Bucket Restrictions and Limitations in the Amazon S3 Developer Guide.

    " - }, - "Prefix":{ - "shape":"S3Prefix", - "documentation":"

    The prefix for the Amazon S3 bucket in which a journal export job writes the journal contents.

    The prefix must comply with Amazon S3 key naming rules and restrictions. For more information, see Object Key and Metadata in the Amazon S3 Developer Guide.

    The following are examples of valid Prefix values:

    • JournalExports-ForMyLedger/Testing/

    • JournalExports

    • My:Tests/

    " - }, - "EncryptionConfiguration":{ - "shape":"S3EncryptionConfiguration", - "documentation":"

    The encryption settings that are used by a journal export job to write data in an Amazon S3 bucket.

    " - } - }, - "documentation":"

    The Amazon Simple Storage Service (Amazon S3) bucket location in which a journal export job writes the journal contents.

    " - }, - "S3ObjectEncryptionType":{ - "type":"string", - "enum":[ - "SSE_KMS", - "SSE_S3", - "NO_ENCRYPTION" - ] - }, - "S3Prefix":{ - "type":"string", - "max":128, - "min":0 - }, - "StreamJournalToKinesisRequest":{ - "type":"structure", - "required":[ - "LedgerName", - "RoleArn", - "InclusiveStartTime", - "KinesisConfiguration", - "StreamName" - ], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "RoleArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal stream to write data records to a Kinesis Data Streams resource.

    To pass a role to QLDB when requesting a journal stream, you must have permissions to perform the iam:PassRole action on the IAM role resource. This is required for all journal stream requests.

    " - }, - "Tags":{ - "shape":"Tags", - "documentation":"

    The key-value pairs to add as tags to the stream that you want to create. Tag keys are case sensitive. Tag values are case sensitive and can be null.

    " - }, - "InclusiveStartTime":{ - "shape":"Timestamp", - "documentation":"

    The inclusive start date and time from which to start streaming journal data. This parameter must be in ISO 8601 date and time format and in Universal Coordinated Time (UTC). For example: 2019-06-13T21:36:34Z.

    The InclusiveStartTime cannot be in the future and must be before ExclusiveEndTime.

    If you provide an InclusiveStartTime that is before the ledger's CreationDateTime, QLDB effectively defaults it to the ledger's CreationDateTime.

    " - }, - "ExclusiveEndTime":{ - "shape":"Timestamp", - "documentation":"

    The exclusive date and time that specifies when the stream ends. If you don't define this parameter, the stream runs indefinitely until you cancel it.

    The ExclusiveEndTime must be in ISO 8601 date and time format and in Universal Coordinated Time (UTC). For example: 2019-06-13T21:36:34Z.

    " - }, - "KinesisConfiguration":{ - "shape":"KinesisConfiguration", - "documentation":"

    The configuration settings of the Kinesis Data Streams destination for your stream request.

    " - }, - "StreamName":{ - "shape":"StreamName", - "documentation":"

    The name that you want to assign to the QLDB journal stream. User-defined names can help identify and indicate the purpose of a stream.

    Your stream name must be unique among other active streams for a given ledger. Stream names have the same naming constraints as ledger names, as defined in Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.

    " - } - } - }, - "StreamJournalToKinesisResponse":{ - "type":"structure", - "members":{ - "StreamId":{ - "shape":"UniqueId", - "documentation":"

    The UUID (represented in Base62-encoded text) that QLDB assigns to each QLDB journal stream.

    " - } - } - }, - "StreamName":{ - "type":"string", - "max":32, - "min":1, - "pattern":"(?!^.*--)(?!^[0-9]+$)(?!^-)(?!.*-$)^[A-Za-z0-9-]+$" - }, - "StreamStatus":{ - "type":"string", - "enum":[ - "ACTIVE", - "COMPLETED", - "CANCELED", - "FAILED", - "IMPAIRED" - ] - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1 - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"}, - "max":200, - "min":0 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "Tags" - ], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) to which you want to add the tags. For example:

    arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "Tags":{ - "shape":"Tags", - "documentation":"

    The key-value pairs to add as tags to the specified QLDB resource. Tag keys are case sensitive. If you specify a key that already exists for the resource, your request fails and returns an error. Tag values are case sensitive and can be null.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0 - }, - "Tags":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":200, - "min":0 - }, - "Timestamp":{"type":"timestamp"}, - "UniqueId":{ - "type":"string", - "max":22, - "min":22, - "pattern":"^[A-Za-z-0-9]+$" - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "ResourceArn", - "TagKeys" - ], - "members":{ - "ResourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) from which to remove the tags. For example:

    arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "TagKeys":{ - "shape":"TagKeyList", - "documentation":"

    The list of tag keys to remove.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateLedgerPermissionsModeRequest":{ - "type":"structure", - "required":[ - "Name", - "PermissionsMode" - ], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "PermissionsMode":{ - "shape":"PermissionsMode", - "documentation":"

    The permissions mode to assign to the ledger. This parameter can have one of the following values:

    • ALLOW_ALL: A legacy permissions mode that enables access control with API-level granularity for ledgers.

      This mode allows users who have the SendCommand API permission for this ledger to run all PartiQL commands (hence, ALLOW_ALL) on any tables in the specified ledger. This mode disregards any table-level or command-level IAM permissions policies that you create for the ledger.

    • STANDARD: (Recommended) A permissions mode that enables access control with finer granularity for ledgers, tables, and PartiQL commands.

      By default, this mode denies all user requests to run any PartiQL commands on any tables in this ledger. To allow PartiQL commands to run, you must create IAM permissions policies for specific table resources and PartiQL actions, in addition to the SendCommand API permission for the ledger. For information, see Getting started with the standard permissions mode in the Amazon QLDB Developer Guide.

    We strongly recommend using the STANDARD permissions mode to maximize the security of your ledger data.

    " - } - } - }, - "UpdateLedgerPermissionsModeResponse":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "Arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for the ledger.

    " - }, - "PermissionsMode":{ - "shape":"PermissionsMode", - "documentation":"

    The current permissions mode of the ledger.

    " - } - } - }, - "UpdateLedgerRequest":{ - "type":"structure", - "required":["Name"], - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    ", - "location":"uri", - "locationName":"name" - }, - "DeletionProtection":{ - "shape":"DeletionProtection", - "documentation":"

    Specifies whether the ledger is protected from being deleted by any user. If not defined during ledger creation, this feature is enabled (true) by default.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "KmsKey":{ - "shape":"KmsKey", - "documentation":"

    The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see Encryption at rest in the Amazon QLDB Developer Guide.

    Use one of the following options to specify this parameter:

    • AWS_OWNED_KMS_KEY: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.

    • Undefined: Make no changes to the KMS key of the ledger.

    • A valid symmetric customer managed KMS key: Use the specified symmetric encryption KMS key in your account that you create, own, and manage.

      Amazon QLDB does not support asymmetric keys. For more information, see Using symmetric and asymmetric keys in the Key Management Service Developer Guide.

    To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with \"alias/\". To specify a key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

    For more information, see Key identifiers (KeyId) in the Key Management Service Developer Guide.

    " - } - } - }, - "UpdateLedgerResponse":{ - "type":"structure", - "members":{ - "Name":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger.

    " - }, - "Arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for the ledger.

    " - }, - "State":{ - "shape":"LedgerState", - "documentation":"

    The current status of the ledger.

    " - }, - "CreationDateTime":{ - "shape":"Timestamp", - "documentation":"

    The date and time, in epoch time format, when the ledger was created. (Epoch time format is the number of seconds elapsed since 12:00:00 AM January 1, 1970 UTC.)

    " - }, - "DeletionProtection":{ - "shape":"DeletionProtection", - "documentation":"

    Specifies whether the ledger is protected from being deleted by any user. If not defined during ledger creation, this feature is enabled (true) by default.

    If deletion protection is enabled, you must first disable it before you can delete the ledger. You can disable it by calling the UpdateLedger operation to set this parameter to false.

    " - }, - "EncryptionDescription":{ - "shape":"LedgerEncryptionDescription", - "documentation":"

    Information about the encryption of data at rest in the ledger. This includes the current status, the KMS key, and when the key became inaccessible (in the case of an error).

    " - } - } - }, - "ValueHolder":{ - "type":"structure", - "members":{ - "IonText":{ - "shape":"IonText", - "documentation":"

    An Amazon Ion plaintext value contained in a ValueHolder structure.

    " - } - }, - "documentation":"

    A structure that can contain a value in multiple encoding formats.

    ", - "sensitive":true - } - }, - "documentation":"

    The resource management API for Amazon QLDB

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://session.qldb-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://session.qldb-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://session.qldb.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://session.qldb.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/paginators-1.json 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/paginators-1.json --- 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -{ - "pagination": {} -} diff -pruN 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/service-2.json 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/service-2.json --- 2.23.6-1/awscli/botocore/data/qldb-session/2019-07-11/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/qldb-session/2019-07-11/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,457 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2019-07-11", - "endpointPrefix":"session.qldb", - "jsonVersion":"1.0", - "protocol":"json", - "serviceAbbreviation":"QLDB Session", - "serviceFullName":"Amazon QLDB Session", - "serviceId":"QLDB Session", - "signatureVersion":"v4", - "signingName":"qldb", - "targetPrefix":"QLDBSession", - "uid":"qldb-session-2019-07-11" - }, - "operations":{ - "SendCommand":{ - "name":"SendCommand", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"SendCommandRequest"}, - "output":{"shape":"SendCommandResult"}, - "errors":[ - {"shape":"BadRequestException"}, - {"shape":"InvalidSessionException"}, - {"shape":"OccConflictException"}, - {"shape":"RateExceededException"}, - {"shape":"LimitExceededException"}, - {"shape":"CapacityExceededException"} - ], - "documentation":"

    Sends a command to an Amazon QLDB ledger.

    Instead of interacting directly with this API, we recommend using the QLDB driver or the QLDB shell to execute data transactions on a ledger.

    • If you are working with an AWS SDK, use the QLDB driver. The driver provides a high-level abstraction layer above this QLDB Session data plane and manages SendCommand API calls for you. For information and a list of supported programming languages, see Getting started with the driver in the Amazon QLDB Developer Guide.

    • If you are working with the AWS Command Line Interface (AWS CLI), use the QLDB shell. The shell is a command line interface that uses the QLDB driver to interact with a ledger. For information, see Accessing Amazon QLDB using the QLDB shell.

    " - } - }, - "shapes":{ - "AbortTransactionRequest":{ - "type":"structure", - "members":{ - }, - "documentation":"

    Contains the details of the transaction to abort.

    " - }, - "AbortTransactionResult":{ - "type":"structure", - "members":{ - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - } - }, - "documentation":"

    Contains the details of the aborted transaction.

    " - }, - "BadRequestException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "Code":{"shape":"ErrorCode"} - }, - "documentation":"

    Returned if the request is malformed or contains an error such as an invalid parameter value or a missing required parameter.

    ", - "exception":true - }, - "CapacityExceededException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"} - }, - "documentation":"

    Returned when the request exceeds the processing capacity of the ledger.

    ", - "exception":true - }, - "CommitDigest":{"type":"blob"}, - "CommitTransactionRequest":{ - "type":"structure", - "required":[ - "TransactionId", - "CommitDigest" - ], - "members":{ - "TransactionId":{ - "shape":"TransactionId", - "documentation":"

    Specifies the transaction ID of the transaction to commit.

    " - }, - "CommitDigest":{ - "shape":"CommitDigest", - "documentation":"

    Specifies the commit digest for the transaction to commit. For every active transaction, the commit digest must be passed. QLDB validates CommitDigest and rejects the commit with an error if the digest computed on the client does not match the digest computed by QLDB.

    The purpose of the CommitDigest parameter is to ensure that QLDB commits a transaction if and only if the server has processed the exact set of statements sent by the client, in the same order that client sent them, and with no duplicates.

    " - } - }, - "documentation":"

    Contains the details of the transaction to commit.

    " - }, - "CommitTransactionResult":{ - "type":"structure", - "members":{ - "TransactionId":{ - "shape":"TransactionId", - "documentation":"

    The transaction ID of the committed transaction.

    " - }, - "CommitDigest":{ - "shape":"CommitDigest", - "documentation":"

    The commit digest of the committed transaction.

    " - }, - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - }, - "ConsumedIOs":{ - "shape":"IOUsage", - "documentation":"

    Contains metrics about the number of I/O requests that were consumed.

    " - } - }, - "documentation":"

    Contains the details of the committed transaction.

    " - }, - "EndSessionRequest":{ - "type":"structure", - "members":{ - }, - "documentation":"

    Specifies a request to end the session.

    " - }, - "EndSessionResult":{ - "type":"structure", - "members":{ - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - } - }, - "documentation":"

    Contains the details of the ended session.

    " - }, - "ErrorCode":{"type":"string"}, - "ErrorMessage":{"type":"string"}, - "ExecuteStatementRequest":{ - "type":"structure", - "required":[ - "TransactionId", - "Statement" - ], - "members":{ - "TransactionId":{ - "shape":"TransactionId", - "documentation":"

    Specifies the transaction ID of the request.

    " - }, - "Statement":{ - "shape":"Statement", - "documentation":"

    Specifies the statement of the request.

    " - }, - "Parameters":{ - "shape":"StatementParameters", - "documentation":"

    Specifies the parameters for the parameterized statement in the request.

    " - } - }, - "documentation":"

    Specifies a request to execute a statement.

    " - }, - "ExecuteStatementResult":{ - "type":"structure", - "members":{ - "FirstPage":{ - "shape":"Page", - "documentation":"

    Contains the details of the first fetched page.

    " - }, - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - }, - "ConsumedIOs":{ - "shape":"IOUsage", - "documentation":"

    Contains metrics about the number of I/O requests that were consumed.

    " - } - }, - "documentation":"

    Contains the details of the executed statement.

    " - }, - "FetchPageRequest":{ - "type":"structure", - "required":[ - "TransactionId", - "NextPageToken" - ], - "members":{ - "TransactionId":{ - "shape":"TransactionId", - "documentation":"

    Specifies the transaction ID of the page to be fetched.

    " - }, - "NextPageToken":{ - "shape":"PageToken", - "documentation":"

    Specifies the next page token of the page to be fetched.

    " - } - }, - "documentation":"

    Specifies the details of the page to be fetched.

    " - }, - "FetchPageResult":{ - "type":"structure", - "members":{ - "Page":{ - "shape":"Page", - "documentation":"

    Contains details of the fetched page.

    " - }, - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - }, - "ConsumedIOs":{ - "shape":"IOUsage", - "documentation":"

    Contains metrics about the number of I/O requests that were consumed.

    " - } - }, - "documentation":"

    Contains the page that was fetched.

    " - }, - "IOUsage":{ - "type":"structure", - "members":{ - "ReadIOs":{ - "shape":"ReadIOs", - "documentation":"

    The number of read I/O requests that the command made.

    " - }, - "WriteIOs":{ - "shape":"WriteIOs", - "documentation":"

    The number of write I/O requests that the command made.

    " - } - }, - "documentation":"

    Contains I/O usage metrics for a command that was invoked.

    " - }, - "InvalidSessionException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"}, - "Code":{"shape":"ErrorCode"} - }, - "documentation":"

    Returned if the session doesn't exist anymore because it timed out or expired.

    ", - "exception":true - }, - "IonBinary":{ - "type":"blob", - "max":131072, - "min":1 - }, - "IonText":{ - "type":"string", - "max":1048576, - "min":1 - }, - "LedgerName":{ - "type":"string", - "max":32, - "min":1, - "pattern":"(?!^.*--)(?!^[0-9]+$)(?!^-)(?!.*-$)^[A-Za-z0-9-]+$" - }, - "LimitExceededException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"} - }, - "documentation":"

    Returned if a resource limit such as number of active sessions is exceeded.

    ", - "exception":true - }, - "OccConflictException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"} - }, - "documentation":"

    Returned when a transaction cannot be written to the journal due to a failure in the verification phase of optimistic concurrency control (OCC).

    ", - "exception":true - }, - "Page":{ - "type":"structure", - "members":{ - "Values":{ - "shape":"ValueHolders", - "documentation":"

    A structure that contains values in multiple encoding formats.

    " - }, - "NextPageToken":{ - "shape":"PageToken", - "documentation":"

    The token of the next page.

    " - } - }, - "documentation":"

    Contains details of the fetched page.

    " - }, - "PageToken":{ - "type":"string", - "max":1024, - "min":4, - "pattern":"^[A-Za-z-0-9+/=]+$" - }, - "ProcessingTimeMilliseconds":{"type":"long"}, - "RateExceededException":{ - "type":"structure", - "members":{ - "Message":{"shape":"ErrorMessage"} - }, - "documentation":"

    Returned when the rate of requests exceeds the allowed throughput.

    ", - "exception":true - }, - "ReadIOs":{"type":"long"}, - "SendCommandRequest":{ - "type":"structure", - "members":{ - "SessionToken":{ - "shape":"SessionToken", - "documentation":"

    Specifies the session token for the current command. A session token is constant throughout the life of the session.

    To obtain a session token, run the StartSession command. This SessionToken is required for every subsequent command that is issued during the current session.

    " - }, - "StartSession":{ - "shape":"StartSessionRequest", - "documentation":"

    Command to start a new session. A session token is obtained as part of the response.

    " - }, - "StartTransaction":{ - "shape":"StartTransactionRequest", - "documentation":"

    Command to start a new transaction.

    " - }, - "EndSession":{ - "shape":"EndSessionRequest", - "documentation":"

    Command to end the current session.

    " - }, - "CommitTransaction":{ - "shape":"CommitTransactionRequest", - "documentation":"

    Command to commit the specified transaction.

    " - }, - "AbortTransaction":{ - "shape":"AbortTransactionRequest", - "documentation":"

    Command to abort the current transaction.

    " - }, - "ExecuteStatement":{ - "shape":"ExecuteStatementRequest", - "documentation":"

    Command to execute a statement in the specified transaction.

    " - }, - "FetchPage":{ - "shape":"FetchPageRequest", - "documentation":"

    Command to fetch a page.

    " - } - } - }, - "SendCommandResult":{ - "type":"structure", - "members":{ - "StartSession":{ - "shape":"StartSessionResult", - "documentation":"

    Contains the details of the started session that includes a session token. This SessionToken is required for every subsequent command that is issued during the current session.

    " - }, - "StartTransaction":{ - "shape":"StartTransactionResult", - "documentation":"

    Contains the details of the started transaction.

    " - }, - "EndSession":{ - "shape":"EndSessionResult", - "documentation":"

    Contains the details of the ended session.

    " - }, - "CommitTransaction":{ - "shape":"CommitTransactionResult", - "documentation":"

    Contains the details of the committed transaction.

    " - }, - "AbortTransaction":{ - "shape":"AbortTransactionResult", - "documentation":"

    Contains the details of the aborted transaction.

    " - }, - "ExecuteStatement":{ - "shape":"ExecuteStatementResult", - "documentation":"

    Contains the details of the executed statement.

    " - }, - "FetchPage":{ - "shape":"FetchPageResult", - "documentation":"

    Contains the details of the fetched page.

    " - } - } - }, - "SessionToken":{ - "type":"string", - "max":1024, - "min":4, - "pattern":"^[A-Za-z-0-9+/=]+$" - }, - "StartSessionRequest":{ - "type":"structure", - "required":["LedgerName"], - "members":{ - "LedgerName":{ - "shape":"LedgerName", - "documentation":"

    The name of the ledger to start a new session against.

    " - } - }, - "documentation":"

    Specifies a request to start a new session.

    " - }, - "StartSessionResult":{ - "type":"structure", - "members":{ - "SessionToken":{ - "shape":"SessionToken", - "documentation":"

    Session token of the started session. This SessionToken is required for every subsequent command that is issued during the current session.

    " - }, - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - } - }, - "documentation":"

    Contains the details of the started session.

    " - }, - "StartTransactionRequest":{ - "type":"structure", - "members":{ - }, - "documentation":"

    Specifies a request to start a transaction.

    " - }, - "StartTransactionResult":{ - "type":"structure", - "members":{ - "TransactionId":{ - "shape":"TransactionId", - "documentation":"

    The transaction ID of the started transaction.

    " - }, - "TimingInformation":{ - "shape":"TimingInformation", - "documentation":"

    Contains server-side performance information for the command.

    " - } - }, - "documentation":"

    Contains the details of the started transaction.

    " - }, - "Statement":{ - "type":"string", - "max":100000, - "min":1 - }, - "StatementParameters":{ - "type":"list", - "member":{"shape":"ValueHolder"} - }, - "TimingInformation":{ - "type":"structure", - "members":{ - "ProcessingTimeMilliseconds":{ - "shape":"ProcessingTimeMilliseconds", - "documentation":"

    The amount of time that QLDB spent on processing the command, measured in milliseconds.

    " - } - }, - "documentation":"

    Contains server-side performance information for a command. Amazon QLDB captures timing information between the times when it receives the request and when it sends the corresponding response.

    " - }, - "TransactionId":{ - "type":"string", - "max":22, - "min":22, - "pattern":"^[A-Za-z-0-9]+$" - }, - "ValueHolder":{ - "type":"structure", - "members":{ - "IonBinary":{ - "shape":"IonBinary", - "documentation":"

    An Amazon Ion binary value contained in a ValueHolder structure.

    " - }, - "IonText":{ - "shape":"IonText", - "documentation":"

    An Amazon Ion plaintext value contained in a ValueHolder structure.

    " - } - }, - "documentation":"

    A structure that can contain a value in multiple encoding formats.

    " - }, - "ValueHolders":{ - "type":"list", - "member":{"shape":"ValueHolder"} - }, - "WriteIOs":{"type":"long"} - }, - "documentation":"

    The transactional data APIs for Amazon QLDB

    Instead of interacting directly with this API, we recommend using the QLDB driver or the QLDB shell to execute data transactions on a ledger.

    • If you are working with an AWS SDK, use the QLDB driver. The driver provides a high-level abstraction layer above this QLDB Session data plane and manages SendCommand API calls for you. For information and a list of supported programming languages, see Getting started with the driver in the Amazon QLDB Developer Guide.

    • If you are working with the AWS Command Line Interface (AWS CLI), use the QLDB shell. The shell is a command line interface that uses the QLDB driver to interact with a ledger. For information, see Accessing Amazon QLDB using the QLDB shell.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.json 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -209,6 +209,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "TopicSummaryList" + }, + "ListActionConnectors": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ActionConnectorSummaries" + }, + "ListFlows": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FlowSummaryList" + }, + "SearchActionConnectors": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ActionConnectorSummaries" + }, + "SearchFlows": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FlowSummaryList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.sdk-extras.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -209,6 +209,30 @@ "Status", "RequestId" ] + }, + "ListActionConnectors": { + "non_aggregate_keys": [ + "Status", + "RequestId" + ] + }, + "ListFlows": { + "non_aggregate_keys": [ + "Status", + "RequestId" + ] + }, + "SearchActionConnectors": { + "non_aggregate_keys": [ + "Status", + "RequestId" + ] + }, + "SearchFlows": { + "non_aggregate_keys": [ + "Status", + "RequestId" + ] } } } diff -pruN 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/service-2.json 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/service-2.json --- 2.23.6-1/awscli/botocore/data/quicksight/2018-04-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/quicksight/2018-04-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -84,7 +84,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Creates Amazon QuickSight customizations for the current Amazon Web Services Region. Currently, you can add a custom default theme by using the CreateAccountCustomization or UpdateAccountCustomization API operation. To further customize Amazon QuickSight by removing Amazon QuickSight sample assets and videos for all new users, see Customizing Amazon QuickSight in the Amazon QuickSight User Guide.

    You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a QuickSight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

    Before you use the CreateAccountCustomization API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the DescribeThemePermissions API operation. To share the theme, grant permissions by using the UpdateThemePermissions API operation.

    " + "documentation":"

    Creates Amazon Quick Sight customizations. Currently, you can add a custom default theme by using the CreateAccountCustomization or UpdateAccountCustomization API operation. To further customize Amazon Quick Sight by removing Amazon Quick Sight sample assets and videos for all new users, see Customizing Quick Sight in the Amazon Quick Sight User Guide.

    You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a Quick Sight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

    Before you use the CreateAccountCustomization API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the DescribeThemePermissions API operation. To share the theme, grant permissions by using the UpdateThemePermissions API operation.

    " }, "CreateAccountSubscription":{ "name":"CreateAccountSubscription", @@ -105,7 +105,27 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Creates an Amazon QuickSight account, or subscribes to Amazon QuickSight Q.

    The Amazon Web Services Region for the account is derived from what is configured in the CLI or SDK.

    Before you use this operation, make sure that you can connect to an existing Amazon Web Services account. If you don't have an Amazon Web Services account, see Sign up for Amazon Web Services in the Amazon QuickSight User Guide. The person who signs up for Amazon QuickSight needs to have the correct Identity and Access Management (IAM) permissions. For more information, see IAM Policy Examples for Amazon QuickSight in the Amazon QuickSight User Guide.

    If your IAM policy includes both the Subscribe and CreateAccountSubscription actions, make sure that both actions are set to Allow. If either action is set to Deny, the Deny action prevails and your API call fails.

    You can't pass an existing IAM role to access other Amazon Web Services services using this API operation. To pass your existing IAM role to Amazon QuickSight, see Passing IAM roles to Amazon QuickSight in the Amazon QuickSight User Guide.

    You can't set default resource access on the new account from the Amazon QuickSight API. Instead, add default resource access from the Amazon QuickSight console. For more information about setting default resource access to Amazon Web Services services, see Setting default resource access to Amazon Web Services services in the Amazon QuickSight User Guide.

    " + "documentation":"

    Creates an Amazon Quick Sight account, or subscribes to Amazon Quick Sight Q.

    The Amazon Web Services Region for the account is derived from what is configured in the CLI or SDK.

    Before you use this operation, make sure that you can connect to an existing Amazon Web Services account. If you don't have an Amazon Web Services account, see Sign up for Amazon Web Services in the Amazon Quick Sight User Guide. The person who signs up for Amazon Quick Sight needs to have the correct Identity and Access Management (IAM) permissions. For more information, see IAM Policy Examples for Amazon Quick Sight in the Amazon Quick Sight User Guide.

    If your IAM policy includes both the Subscribe and CreateAccountSubscription actions, make sure that both actions are set to Allow. If either action is set to Deny, the Deny action prevails and your API call fails.

    You can't pass an existing IAM role to access other Amazon Web Services services using this API operation. To pass your existing IAM role to Amazon Quick Sight, see Passing IAM roles to Amazon Quick Sight in the Amazon Quick Sight User Guide.

    You can't set default resource access on the new account from the Amazon Quick Sight API. Instead, add default resource access from the Amazon Quick Sight console. For more information about setting default resource access to Amazon Web Services services, see Setting default resource access to Amazon Web Services services in the Amazon Quick Sight User Guide.

    " + }, + "CreateActionConnector":{ + "name":"CreateActionConnector", + "http":{ + "method":"POST", + "requestUri":"/accounts/{AwsAccountId}/action-connectors", + "responseCode":200 + }, + "input":{"shape":"CreateActionConnectorRequest"}, + "output":{"shape":"CreateActionConnectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ResourceExistsException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Creates an action connector that enables Amazon Quick Sight to connect to external services and perform actions. Action connectors support various authentication methods and can be configured with specific actions from supported connector types like Amazon S3, Salesforce, JIRA.

    ", + "idempotent":true }, "CreateAnalysis":{ "name":"CreateAnalysis", @@ -125,7 +145,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Creates an analysis in Amazon QuickSight. Analyses can be created either from a template or from an AnalysisDefinition.

    " + "documentation":"

    Creates an analysis in Amazon Quick Sight. Analyses can be created either from a template or from an AnalysisDefinition.

    " }, "CreateBrand":{ "name":"CreateBrand", @@ -140,11 +160,11 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"LimitExceededException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates an Amazon QuickSight brand.

    " + "documentation":"

    Creates an Quick Sight brand.

    " }, "CreateCustomPermissions":{ "name":"CreateCustomPermissions", @@ -186,7 +206,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Creates a dashboard from either a template or directly with a DashboardDefinition. To first create a template, see the CreateTemplate API operation.

    A dashboard is an entity in Amazon QuickSight that identifies Amazon QuickSight reports, created from analyses. You can share Amazon QuickSight dashboards. With the right permissions, you can create scheduled email reports from them. If you have the correct permissions, you can create a dashboard from a template that exists in a different Amazon Web Services account.

    " + "documentation":"

    Creates a dashboard from either a template or directly with a DashboardDefinition. To first create a template, see the CreateTemplate API operation.

    A dashboard is an entity in Amazon Quick Sight that identifies Amazon Quick Sight reports, created from analyses. You can share Amazon Quick Sight dashboards. With the right permissions, you can create scheduled email reports from them. If you have the correct permissions, you can create a dashboard from a template that exists in a different Amazon Web Services account.

    " }, "CreateDataSet":{ "name":"CreateDataSet", @@ -205,6 +225,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"UnsupportedUserEditionException"}, + {"shape":"InvalidDataSetParameterValueException"}, {"shape":"InternalFailureException"} ], "documentation":"

    Creates a dataset. This operation doesn't support datasets that include uploaded files as a source.

    " @@ -290,7 +311,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Use the CreateGroup operation to create a group in Amazon QuickSight. You can create up to 10,000 groups in a namespace. If you want to create more than 10,000 groups in a namespace, contact Amazon Web Services Support.

    The permissions resource is arn:aws:quicksight:<your-region>:<relevant-aws-account-id>:group/default/<group-name> .

    The response is a group object.

    " + "documentation":"

    Use the CreateGroup operation to create a group in Quick Sight. You can create up to 10,000 groups in a namespace. If you want to create more than 10,000 groups in a namespace, contact Amazon Web Services Support.

    The permissions resource is arn:aws:quicksight:<your-region>:<relevant-aws-account-id>:group/default/<group-name> .

    The response is a group object.

    " }, "CreateGroupMembership":{ "name":"CreateGroupMembership", @@ -309,7 +330,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Adds an Amazon QuickSight user to an Amazon QuickSight group.

    " + "documentation":"

    Adds an Amazon Quick Sight user to an Amazon Quick Sight group.

    " }, "CreateIAMPolicyAssignment":{ "name":"CreateIAMPolicyAssignment", @@ -328,7 +349,7 @@ {"shape":"ConcurrentUpdatingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Creates an assignment with one specified IAM policy, identified by its Amazon Resource Name (ARN). This policy assignment is attached to the specified groups or users of Amazon QuickSight. Assignment names are unique per Amazon Web Services account. To avoid overwriting rules in other namespaces, use assignment names that are unique.

    " + "documentation":"

    Creates an assignment with one specified IAM policy, identified by its Amazon Resource Name (ARN). This policy assignment is attached to the specified groups or users of Amazon Quick Sight. Assignment names are unique per Amazon Web Services account. To avoid overwriting rules in other namespaces, use assignment names that are unique.

    " }, "CreateIngestion":{ "name":"CreateIngestion", @@ -369,7 +390,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    (Enterprise edition only) Creates a new namespace for you to use with Amazon QuickSight.

    A namespace allows you to isolate the Amazon QuickSight users and groups that are registered for that namespace. Users that access the namespace can share assets only with other users or groups in the same namespace. They can't see users and groups in other namespaces. You can create a namespace after your Amazon Web Services account is subscribed to Amazon QuickSight. The namespace must be unique within the Amazon Web Services account. By default, there is a limit of 100 namespaces per Amazon Web Services account. To increase your limit, create a ticket with Amazon Web Services Support.

    " + "documentation":"

    (Enterprise edition only) Creates a new namespace for you to use with Amazon Quick Sight.

    A namespace allows you to isolate the Quick Sight users and groups that are registered for that namespace. Users that access the namespace can share assets only with other users or groups in the same namespace. They can't see users and groups in other namespaces. You can create a namespace after your Amazon Web Services account is subscribed to Quick Sight. The namespace must be unique within the Amazon Web Services account. By default, there is a limit of 100 namespaces per Amazon Web Services account. To increase your limit, create a ticket with Amazon Web Services Support.

    " }, "CreateRefreshSchedule":{ "name":"CreateRefreshSchedule", @@ -408,7 +429,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Use CreateRoleMembership to add an existing Amazon QuickSight group to an existing role.

    " + "documentation":"

    Use CreateRoleMembership to add an existing Quick Sight group to an existing role.

    " }, "CreateTemplate":{ "name":"CreateTemplate", @@ -429,7 +450,7 @@ {"shape":"ConflictException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Creates a template either from a TemplateDefinition or from an existing Amazon QuickSight analysis or template. You can use the resulting template to create additional dashboards, templates, or analyses.

    A template is an entity in Amazon QuickSight that encapsulates the metadata required to create an analysis and that you can use to create s dashboard. A template adds a layer of abstraction by using placeholders to replace the dataset associated with the analysis. You can use templates to create dashboards by replacing dataset placeholders with datasets that follow the same schema that was used to create the source analysis and template.

    " + "documentation":"

    Creates a template either from a TemplateDefinition or from an existing Quick Sight analysis or template. You can use the resulting template to create additional dashboards, templates, or analyses.

    A template is an entity in Quick Sight that encapsulates the metadata required to create an analysis and that you can use to create s dashboard. A template adds a layer of abstraction by using placeholders to replace the dataset associated with the analysis. You can use templates to create dashboards by replacing dataset placeholders with datasets that follow the same schema that was used to create the source analysis and template.

    " }, "CreateTemplateAlias":{ "name":"CreateTemplateAlias", @@ -469,7 +490,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Creates a theme.

    A theme is set of configuration options for color and layout. Themes apply to analyses and dashboards. For more information, see Using Themes in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    Creates a theme.

    A theme is set of configuration options for color and layout. Themes apply to analyses and dashboards. For more information, see Using Themes in Amazon Quick Sight in the Amazon Quick Sight User Guide.

    " }, "CreateThemeAlias":{ "name":"CreateThemeAlias", @@ -551,6 +572,23 @@ ], "documentation":"

    Creates a new VPC connection.

    " }, + "DeleteAccountCustomPermission":{ + "name":"DeleteAccountCustomPermission", + "http":{ + "method":"DELETE", + "requestUri":"/accounts/{AwsAccountId}/custom-permission" + }, + "input":{"shape":"DeleteAccountCustomPermissionRequest"}, + "output":{"shape":"DeleteAccountCustomPermissionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Unapplies a custom permissions profile from an account.

    " + }, "DeleteAccountCustomization":{ "name":"DeleteAccountCustomization", "http":{ @@ -570,7 +608,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Deletes all Amazon QuickSight customizations in this Amazon Web Services Region for the specified Amazon Web Services account and Amazon QuickSight namespace.

    " + "documentation":"

    This API permanently deletes all Quick Sight customizations for the specified Amazon Web Services account and namespace. When you delete account customizations:

    • All customizations are removed including themes, branding, and visual settings

    • This action cannot be undone through the API

    • Users will see default Quick Sight styling after customizations are deleted

    Before proceeding: Ensure you have backups of any custom themes or branding elements you may want to recreate.

    Deletes all Amazon Quick Sight customizations for the specified Amazon Web Services account and Quick Sight namespace.

    " }, "DeleteAccountSubscription":{ "name":"DeleteAccountSubscription", @@ -589,7 +627,25 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Use the DeleteAccountSubscription operation to delete an Amazon QuickSight account. This operation will result in an error message if you have configured your account termination protection settings to True. To change this setting and delete your account, call the UpdateAccountSettings API and set the value of the TerminationProtectionEnabled parameter to False, then make another call to the DeleteAccountSubscription API.

    " + "documentation":"

    Deleting your Quick Sight account subscription has permanent, irreversible consequences across all Amazon Web Services regions:

    • Global deletion – Running this operation from any single region will delete your Quick Sight account and all data in every Amazon Web Services region where you have Quick Sight resources.

    • Complete data loss – All dashboards, analyses, datasets, data sources, and custom visuals will be permanently deleted across all regions.

    • Embedded content failure – All embedded dashboards and visuals in your applications will immediately stop working and display errors to end users.

    • Shared resources removed – All shared dashboards, folders, and resources will become inaccessible to other users and external recipients.

    • User access terminated – All Quick Sight users in your account will lose access immediately, including authors, readers, and administrators.

    • No recovery possible – Once deleted, your Quick Sight account and all associated data cannot be restored.

    Consider exporting critical dashboards and data before proceeding with account deletion.

    Use the DeleteAccountSubscription operation to delete an Quick Sight account. This operation will result in an error message if you have configured your account termination protection settings to True. To change this setting and delete your account, call the UpdateAccountSettings API and set the value of the TerminationProtectionEnabled parameter to False, then make another call to the DeleteAccountSubscription API.

    " + }, + "DeleteActionConnector":{ + "name":"DeleteActionConnector", + "http":{ + "method":"DELETE", + "requestUri":"/accounts/{AwsAccountId}/action-connectors/{ActionConnectorId}", + "responseCode":200 + }, + "input":{"shape":"DeleteActionConnectorRequest"}, + "output":{"shape":"DeleteActionConnectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Hard deletes an action connector, making it unrecoverable. This operation removes the connector and all its associated configurations. Any resources currently using this action connector will no longer be able to perform actions through it.

    " }, "DeleteAnalysis":{ "name":"DeleteAnalysis", @@ -607,7 +663,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Deletes an analysis from Amazon QuickSight. You can optionally include a recovery window during which you can restore the analysis. If you don't specify a recovery window value, the operation defaults to 30 days. Amazon QuickSight attaches a DeletionTime stamp to the response that specifies the end of the recovery window. At the end of the recovery window, Amazon QuickSight deletes the analysis permanently.

    At any time before recovery window ends, you can use the RestoreAnalysis API operation to remove the DeletionTime stamp and cancel the deletion of the analysis. The analysis remains visible in the API until it's deleted, so you can describe it but you can't make a template from it.

    An analysis that's scheduled for deletion isn't accessible in the Amazon QuickSight console. To access it in the console, restore it. Deleting an analysis doesn't delete the dashboards that you publish from it.

    " + "documentation":"

    Deletes an analysis from Amazon Quick Sight. You can optionally include a recovery window during which you can restore the analysis. If you don't specify a recovery window value, the operation defaults to 30 days. Amazon Quick Sight attaches a DeletionTime stamp to the response that specifies the end of the recovery window. At the end of the recovery window, Amazon Quick Sight deletes the analysis permanently.

    At any time before recovery window ends, you can use the RestoreAnalysis API operation to remove the DeletionTime stamp and cancel the deletion of the analysis. The analysis remains visible in the API until it's deleted, so you can describe it but you can't make a template from it.

    An analysis that's scheduled for deletion isn't accessible in the Amazon Quick Sight console. To access it in the console, restore it. Deleting an analysis doesn't delete the dashboards that you publish from it.

    " }, "DeleteBrand":{ "name":"DeleteBrand", @@ -622,11 +678,11 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Deletes an Amazon QuickSight brand.

    ", + "documentation":"

    This API permanently deletes the specified Quick Sight brand. When you delete a brand:

    • The brand and all its associated branding elements are permanently removed

    • Any applications or dashboards using this brand will revert to default styling

    • This action cannot be undone through the API

    Before proceeding: Verify that the brand is no longer needed and consider the impact on any applications currently using this brand.

    Deletes an Quick Sight brand.

    ", "idempotent":true }, "DeleteBrandAssignment":{ @@ -642,8 +698,8 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a brand assignment.

    ", @@ -756,7 +812,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Deletes a linked Amazon Q Business application from an Amazon QuickSight account

    " + "documentation":"

    Deletes a linked Amazon Q Business application from an Quick Sight account

    " }, "DeleteFolder":{ "name":"DeleteFolder", @@ -813,7 +869,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Removes a user group from Amazon QuickSight.

    " + "documentation":"

    Removes a user group from Amazon Quick Sight.

    " }, "DeleteGroupMembership":{ "name":"DeleteGroupMembership", @@ -868,7 +924,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Deletes all access scopes and authorized targets that are associated with a service from the Amazon QuickSight IAM Identity Center application.

    This operation is only supported for Amazon QuickSight accounts that use IAM Identity Center.

    " + "documentation":"

    Deletes all access scopes and authorized targets that are associated with a service from the Quick Sight IAM Identity Center application.

    This operation is only supported for Quick Sight accounts that use IAM Identity Center.

    " }, "DeleteNamespace":{ "name":"DeleteNamespace", @@ -1073,7 +1129,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Deletes the Amazon QuickSight user that is associated with the identity of the IAM user or role that's making the call. The IAM user isn't deleted as a result of this call.

    " + "documentation":"

    Deletes the Amazon Quick Sight user that is associated with the identity of the IAM user or role that's making the call. The IAM user isn't deleted as a result of this call.

    " }, "DeleteUserByPrincipalId":{ "name":"DeleteUserByPrincipalId", @@ -1133,6 +1189,23 @@ ], "documentation":"

    Deletes a VPC connection.

    " }, + "DescribeAccountCustomPermission":{ + "name":"DescribeAccountCustomPermission", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/custom-permission" + }, + "input":{"shape":"DescribeAccountCustomPermissionRequest"}, + "output":{"shape":"DescribeAccountCustomPermissionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Describes the custom permissions profile that is applied to an account.

    " + }, "DescribeAccountCustomization":{ "name":"DescribeAccountCustomization", "http":{ @@ -1149,7 +1222,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Describes the customizations associated with the provided Amazon Web Services account and Amazon Amazon QuickSight namespace in an Amazon Web Services Region. The Amazon QuickSight console evaluates which customizations to apply by running this API operation with the Resolved flag included.

    To determine what customizations display when you run this command, it can help to visualize the relationship of the entities involved.

    • Amazon Web Services account - The Amazon Web Services account exists at the top of the hierarchy. It has the potential to use all of the Amazon Web Services Regions and Amazon Web Services Services. When you subscribe to Amazon QuickSight, you choose one Amazon Web Services Region to use as your home Region. That's where your free SPICE capacity is located. You can use Amazon QuickSight in any supported Amazon Web Services Region.

    • Amazon Web Services Region - In each Amazon Web Services Region where you sign in to Amazon QuickSight at least once, Amazon QuickSight acts as a separate instance of the same service. If you have a user directory, it resides in us-east-1, which is the US East (N. Virginia). Generally speaking, these users have access to Amazon QuickSight in any Amazon Web Services Region, unless they are constrained to a namespace.

      To run the command in a different Amazon Web Services Region, you change your Region settings. If you're using the CLI, you can use one of the following options:

    • Namespace - A QuickSight namespace is a partition that contains users and assets (data sources, datasets, dashboards, and so on). To access assets that are in a specific namespace, users and groups must also be part of the same namespace. People who share a namespace are completely isolated from users and assets in other namespaces, even if they are in the same Amazon Web Services account and Amazon Web Services Region.

    • Applied customizations - Within an Amazon Web Services Region, a set of Amazon QuickSight customizations can apply to an Amazon Web Services account or to a namespace. Settings that you apply to a namespace override settings that you apply to an Amazon Web Services account. All settings are isolated to a single Amazon Web Services Region. To apply them in other Amazon Web Services Regions, run the CreateAccountCustomization command in each Amazon Web Services Region where you want to apply the same customizations.

    " + "documentation":"

    Describes the customizations associated with the provided Amazon Web Services account and Amazon Quick Sight namespace. The Quick Sight console evaluates which customizations to apply by running this API operation with the Resolved flag included.

    To determine what customizations display when you run this command, it can help to visualize the relationship of the entities involved.

    • Amazon Web Services account - The Amazon Web Services account exists at the top of the hierarchy. It has the potential to use all of the Amazon Web Services Regions and Amazon Web Services Services. When you subscribe to Quick Sight, you choose one Amazon Web Services Region to use as your home Region. That's where your free SPICE capacity is located. You can use Quick Sight in any supported Amazon Web Services Region.

    • Amazon Web Services Region - You can sign in to Quick Sight in any Amazon Web Services Region. If you have a user directory, it resides in us-east-1, which is US East (N. Virginia). Generally speaking, these users have access to Quick Sight in any Amazon Web Services Region, unless they are constrained to a namespace.

      To run the command in a different Amazon Web Services Region, you change your Region settings. If you're using the CLI, you can use one of the following options:

    • Namespace - A Quick Sight namespace is a partition that contains users and assets (data sources, datasets, dashboards, and so on). To access assets that are in a specific namespace, users and groups must also be part of the same namespace. People who share a namespace are completely isolated from users and assets in other namespaces, even if they are in the same Amazon Web Services account and Amazon Web Services Region.

    • Applied customizations - Quick Sight customizations can apply to an Amazon Web Services account or to a namespace. Settings that you apply to a namespace override settings that you apply to an Amazon Web Services account.

    " }, "DescribeAccountSettings":{ "name":"DescribeAccountSettings", @@ -1167,7 +1240,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Describes the settings that were used when your Amazon QuickSight subscription was first created in this Amazon Web Services account.

    " + "documentation":"

    Describes the settings that were used when your Quick Sight subscription was first created in this Amazon Web Services account.

    " }, "DescribeAccountSubscription":{ "name":"DescribeAccountSubscription", @@ -1185,7 +1258,45 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Use the DescribeAccountSubscription operation to receive a description of an Amazon QuickSight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.

    " + "documentation":"

    Use the DescribeAccountSubscription operation to receive a description of an Quick Sight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.

    " + }, + "DescribeActionConnector":{ + "name":"DescribeActionConnector", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/action-connectors/{ActionConnectorId}", + "responseCode":200 + }, + "input":{"shape":"DescribeActionConnectorRequest"}, + "output":{"shape":"DescribeActionConnectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves detailed information about an action connector, including its configuration, authentication settings, enabled actions, and current status.

    ", + "readonly":true + }, + "DescribeActionConnectorPermissions":{ + "name":"DescribeActionConnectorPermissions", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/action-connectors/{ActionConnectorId}/permissions", + "responseCode":200 + }, + "input":{"shape":"DescribeActionConnectorPermissionsRequest"}, + "output":{"shape":"DescribeActionConnectorPermissionsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves the permissions configuration for an action connector, showing which users, groups, and namespaces have access and what operations they can perform.

    ", + "readonly":true }, "DescribeAnalysis":{ "name":"DescribeAnalysis", @@ -1285,11 +1396,12 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes a brand.

    " + "documentation":"

    Describes a brand.

    ", + "readonly":true }, "DescribeBrandAssignment":{ "name":"DescribeBrandAssignment", @@ -1304,11 +1416,12 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes a brand assignment.

    " + "documentation":"

    Describes a brand assignment.

    ", + "readonly":true }, "DescribeBrandPublishedVersion":{ "name":"DescribeBrandPublishedVersion", @@ -1323,11 +1436,12 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Describes the published version of the brand.

    " + "documentation":"

    Describes the published version of the brand.

    ", + "readonly":true }, "DescribeCustomPermissions":{ "name":"DescribeCustomPermissions", @@ -1559,7 +1673,7 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Describes a Amazon Q Business application that is linked to an Amazon QuickSight account.

    " + "documentation":"

    Describes a Amazon Q Business application that is linked to an Quick Sight account.

    " }, "DescribeFolder":{ "name":"DescribeFolder", @@ -1634,7 +1748,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Returns an Amazon QuickSight group's description and Amazon Resource Name (ARN).

    " + "documentation":"

    Returns an Amazon Quick Sight group's description and Amazon Resource Name (ARN).

    " }, "DescribeGroupMembership":{ "name":"DescribeGroupMembership", @@ -1722,7 +1836,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Describes all customer managed key registrations in a Amazon QuickSight account.

    " + "documentation":"

    Describes all customer managed key registrations in a Quick Sight account.

    " }, "DescribeNamespace":{ "name":"DescribeNamespace", @@ -1776,7 +1890,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Describes the state of a Amazon QuickSight Q Search configuration.

    " + "documentation":"

    Describes the state of a Quick Sight Q Search configuration.

    " }, "DescribeRefreshSchedule":{ "name":"DescribeRefreshSchedule", @@ -2070,7 +2184,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Generates an embed URL that you can use to embed an Amazon QuickSight dashboard or visual in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

    The following rules apply to the generated URL:

    • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

    • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

    • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

    For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

    " + "documentation":"

    Generates an embed URL that you can use to embed an Amazon Quick Suite dashboard or visual in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

    The following rules apply to the generated URL:

    • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

    • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

    • You are charged only when the URL is used or there is interaction with Amazon Quick Suite.

    For more information, see Embedded Analytics in the Amazon Quick Suite User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon Quick Suite Developer Portal.

    " }, "GenerateEmbedUrlForRegisteredUser":{ "name":"GenerateEmbedUrlForRegisteredUser", @@ -2091,7 +2205,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user registered in an Amazon QuickSight account. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.

    The following rules apply to the generated URL:

    • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

    • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter.

      The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

    • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

    For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

    " + "documentation":"

    Generates an embed URL that you can use to embed an Amazon Quick Suite experience in your website. This action can be used for any type of user registered in an Amazon Quick Suite account. Before you use this action, make sure that you have configured the relevant Amazon Quick Suite resource and permissions.

    The following rules apply to the generated URL:

    • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

    • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter.

      The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

    • You are charged only when the URL is used or there is interaction with Amazon Quick Suite.

    For more information, see Embedded Analytics in the Amazon Quick Suite User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon Quick Suite Developer Portal.

    " }, "GenerateEmbedUrlForRegisteredUserWithIdentity":{ "name":"GenerateEmbedUrlForRegisteredUserWithIdentity", @@ -2112,7 +2226,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user that is registered in an Amazon QuickSight account that uses IAM Identity Center for authentication. This API requires identity-enhanced IAM Role sessions for the authenticated user that the API call is being made for.

    This API uses trusted identity propagation to ensure that an end user is authenticated and receives the embed URL that is specific to that user. The IAM Identity Center application that the user has logged into needs to have trusted Identity Propagation enabled for Amazon QuickSight with the scope value set to quicksight:read. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.

    " + "documentation":"

    Generates an embed URL that you can use to embed an Amazon Quick Sight experience in your website. This action can be used for any type of user that is registered in an Amazon Quick Sight account that uses IAM Identity Center for authentication. This API requires identity-enhanced IAM Role sessions for the authenticated user that the API call is being made for.

    This API uses trusted identity propagation to ensure that an end user is authenticated and receives the embed URL that is specific to that user. The IAM Identity Center application that the user has logged into needs to have trusted Identity Propagation enabled for Amazon Quick Sight with the scope value set to quicksight:read. Before you use this action, make sure that you have configured the relevant Amazon Quick Sight resource and permissions.

    " }, "GetDashboardEmbedUrl":{ "name":"GetDashboardEmbedUrl", @@ -2136,7 +2250,43 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Generates a temporary session URL and authorization code(bearer token) that you can use to embed an Amazon QuickSight read-only dashboard in your website or application. Before you use this command, make sure that you have configured the dashboards and permissions.

    Currently, you can use GetDashboardEmbedURL only from the server, not from the user's browser. The following rules apply to the generated URL:

    • They must be used together.

    • They can be used one time only.

    • They are valid for 5 minutes after you run this command.

    • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

    • The resulting user session is valid for 15 minutes (default) up to 10 hours (maximum). You can use the optional SessionLifetimeInMinutes parameter to customize session duration.

    For more information, see Embedding Analytics Using GetDashboardEmbedUrl in the Amazon QuickSight User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

    " + "documentation":"

    Generates a temporary session URL and authorization code(bearer token) that you can use to embed an Amazon Quick Sight read-only dashboard in your website or application. Before you use this command, make sure that you have configured the dashboards and permissions.

    Currently, you can use GetDashboardEmbedURL only from the server, not from the user's browser. The following rules apply to the generated URL:

    • They must be used together.

    • They can be used one time only.

    • They are valid for 5 minutes after you run this command.

    • You are charged only when the URL is used or there is interaction with Quick Suite.

    • The resulting user session is valid for 15 minutes (default) up to 10 hours (maximum). You can use the optional SessionLifetimeInMinutes parameter to customize session duration.

    For more information, see Embedding Analytics Using GetDashboardEmbedUrl in the Amazon Quick Suite User Guide.

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon Quick Suite Developer Portal.

    " + }, + "GetFlowMetadata":{ + "name":"GetFlowMetadata", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/flows/{FlowId}/metadata", + "responseCode":200 + }, + "input":{"shape":"GetFlowMetadataInput"}, + "output":{"shape":"GetFlowMetadataOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves the metadata of a flow, not including its definition specifying the steps.

    ", + "readonly":true + }, + "GetFlowPermissions":{ + "name":"GetFlowPermissions", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/flows/{FlowId}/permissions", + "responseCode":200 + }, + "input":{"shape":"GetFlowPermissionsInput"}, + "output":{"shape":"GetFlowPermissionsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Get permissions for a flow.

    ", + "readonly":true }, "GetSessionEmbedUrl":{ "name":"GetSessionEmbedUrl", @@ -2157,7 +2307,26 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Generates a session URL and authorization code that you can use to embed the Amazon Amazon QuickSight console in your web server code. Use GetSessionEmbedUrl where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon QuickSight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:

    " + "documentation":"

    Generates a session URL and authorization code that you can use to embed the Amazon Amazon Quick Sight console in your web server code. Use GetSessionEmbedUrl where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon Quick Sight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon Quick Suite User Guide:

    " + }, + "ListActionConnectors":{ + "name":"ListActionConnectors", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/action-connectors", + "responseCode":200 + }, + "input":{"shape":"ListActionConnectorsRequest"}, + "output":{"shape":"ListActionConnectorsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"InvalidNextTokenException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all action connectors in the specified Amazon Web Services account. Returns summary information for each connector including its name, type, creation time, and status.

    ", + "readonly":true }, "ListAnalyses":{ "name":"ListAnalyses", @@ -2173,7 +2342,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists Amazon QuickSight analyses that exist in the specified Amazon Web Services account.

    " + "documentation":"

    Lists Amazon Quick Sight analyses that exist in the specified Amazon Web Services account.

    " }, "ListAssetBundleExportJobs":{ "name":"ListAssetBundleExportJobs", @@ -2224,7 +2393,8 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists all brands in an Amazon QuickSight account.

    " + "documentation":"

    Lists all brands in an Quick Sight account.

    ", + "readonly":true }, "ListCustomPermissions":{ "name":"ListCustomPermissions", @@ -2261,7 +2431,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists all the versions of the dashboards in the Amazon QuickSight subscription.

    " + "documentation":"

    Lists all the versions of the dashboards in the Amazon Quick Sight subscription.

    " }, "ListDashboards":{ "name":"ListDashboards", @@ -2313,6 +2483,24 @@ ], "documentation":"

    Lists data sources in current Amazon Web Services Region that belong to this Amazon Web Services account.

    " }, + "ListFlows":{ + "name":"ListFlows", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/flows", + "responseCode":200 + }, + "input":{"shape":"ListFlowsInput"}, + "output":{"shape":"ListFlowsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists flows in an Amazon Web Services account.

    ", + "readonly":true + }, "ListFolderMembers":{ "name":"ListFolderMembers", "http":{ @@ -2408,7 +2596,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Lists all user groups in Amazon QuickSight.

    " + "documentation":"

    Lists all user groups in Amazon Quick Sight.

    " }, "ListIAMPolicyAssignments":{ "name":"ListIAMPolicyAssignments", @@ -2426,7 +2614,7 @@ {"shape":"InvalidNextTokenException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists the IAM policy assignments in the current Amazon QuickSight account.

    " + "documentation":"

    Lists the IAM policy assignments in the current Amazon Quick Sight account.

    " }, "ListIAMPolicyAssignmentsForUser":{ "name":"ListIAMPolicyAssignmentsForUser", @@ -2462,7 +2650,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists all services and authorized targets that the Amazon QuickSight IAM Identity Center application can access.

    This operation is only supported for Amazon QuickSight accounts that use IAM Identity Center.

    " + "documentation":"

    Lists all services and authorized targets that the Quick Sight IAM Identity Center application can access.

    This operation is only supported for Quick Sight accounts that use IAM Identity Center.

    " }, "ListIngestions":{ "name":"ListIngestions", @@ -2481,7 +2669,7 @@ {"shape":"InvalidNextTokenException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists the history of SPICE ingestions for a dataset.

    " + "documentation":"

    Lists the history of SPICE ingestions for a dataset. Limited to 5 TPS per user and 25 TPS per account.

    " }, "ListNamespaces":{ "name":"ListNamespaces", @@ -2592,7 +2780,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists all the versions of the templates in the current Amazon QuickSight account.

    " + "documentation":"

    Lists all the versions of the templates in the current Amazon Quick Sight account.

    " }, "ListTemplates":{ "name":"ListTemplates", @@ -2610,7 +2798,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Lists all the templates in the current Amazon QuickSight account.

    " + "documentation":"

    Lists all the templates in the current Amazon Quick Sight account.

    " }, "ListThemeAliases":{ "name":"ListThemeAliases", @@ -2740,7 +2928,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Lists the Amazon QuickSight groups that an Amazon QuickSight user is a member of.

    " + "documentation":"

    Lists the Amazon Quick Sight groups that an Amazon Quick Sight user is a member of.

    " }, "ListUsers":{ "name":"ListUsers", @@ -2760,7 +2948,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Returns a list of all of the Amazon QuickSight users belonging to this account.

    " + "documentation":"

    Returns a list of all of the Amazon Quick Sight users belonging to this account.

    " }, "ListVPCConnections":{ "name":"ListVPCConnections", @@ -2794,7 +2982,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Predicts existing visuals or generates new visuals to answer a given query.

    " + "documentation":"

    Predicts existing visuals or generates new visuals to answer a given query.

    This API uses trusted identity propagation to ensure that an end user is authenticated and receives the embed URL that is specific to that user. The IAM Identity Center application that the user has logged into needs to have trusted Identity Propagation enabled for Quick Suite with the scope value set to quicksight:read. Before you use this action, make sure that you have configured the relevant Quick Suite resource and permissions.

    We recommend enabling the QSearchStatus API to unlock the full potential of PredictQnA. When QSearchStatus is enabled, it first checks the specified dashboard for any existing visuals that match the question. If no matching visuals are found, PredictQnA uses generative Q&A to provide an answer. To update the QSearchStatus, see UpdateQuickSightQSearchConfiguration.

    " }, "PutDataSetRefreshProperties":{ "name":"PutDataSetRefreshProperties", @@ -2835,7 +3023,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Creates an Amazon QuickSight user whose identity is associated with the Identity and Access Management (IAM) identity or role specified in the request. When you register a new user from the Amazon QuickSight API, Amazon QuickSight generates a registration URL. The user accesses this registration URL to create their account. Amazon QuickSight doesn't send a registration email to users who are registered from the Amazon QuickSight API. If you want new users to receive a registration email, then add those users in the Amazon QuickSight console. For more information on registering a new user in the Amazon QuickSight console, see Inviting users to access Amazon QuickSight.

    " + "documentation":"

    Creates an Amazon Quick Sight user whose identity is associated with the Identity and Access Management (IAM) identity or role specified in the request. When you register a new user from the Quick Sight API, Quick Sight generates a registration URL. The user accesses this registration URL to create their account. Quick Sight doesn't send a registration email to users who are registered from the Quick Sight API. If you want new users to receive a registration email, then add those users in the Quick Sight console. For more information on registering a new user in the Quick Sight console, see Inviting users to access Quick Sight.

    " }, "RestoreAnalysis":{ "name":"RestoreAnalysis", @@ -2857,6 +3045,24 @@ ], "documentation":"

    Restores an analysis.

    " }, + "SearchActionConnectors":{ + "name":"SearchActionConnectors", + "http":{ + "method":"POST", + "requestUri":"/accounts/{AwsAccountId}/search/action-connectors", + "responseCode":200 + }, + "input":{"shape":"SearchActionConnectorsRequest"}, + "output":{"shape":"SearchActionConnectorsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InvalidNextTokenException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Searches for action connectors in the specified Amazon Web Services account using filters. You can search by connector name, type, or user permissions.

    ", + "readonly":true + }, "SearchAnalyses":{ "name":"SearchAnalyses", "http":{ @@ -2929,6 +3135,24 @@ ], "documentation":"

    Use the SearchDataSources operation to search for data sources that belong to an account.

    " }, + "SearchFlows":{ + "name":"SearchFlows", + "http":{ + "method":"POST", + "requestUri":"/accounts/{AwsAccountId}/flows/searchFlows", + "responseCode":200 + }, + "input":{"shape":"SearchFlowsInput"}, + "output":{"shape":"SearchFlowsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Search for the flows in an Amazon Web Services account.

    ", + "readonly":true + }, "SearchFolders":{ "name":"SearchFolders", "http":{ @@ -2967,7 +3191,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Use the SearchGroups operation to search groups in a specified Amazon QuickSight namespace using the supplied filters.

    " + "documentation":"

    Use the SearchGroups operation to search groups in a specified Quick Sight namespace using the supplied filters.

    " }, "SearchTopics":{ "name":"SearchTopics", @@ -2985,7 +3209,7 @@ {"shape":"InvalidNextTokenException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Searches for any Q topic that exists in an Amazon QuickSight account.

    " + "documentation":"

    Searches for any Q topic that exists in an Quick Suite account.

    " }, "StartAssetBundleExportJob":{ "name":"StartAssetBundleExportJob", @@ -3004,7 +3228,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Starts an Asset Bundle export job.

    An Asset Bundle export job exports specified Amazon QuickSight assets. You can also choose to export any asset dependencies in the same job. Export jobs run asynchronously and can be polled with a DescribeAssetBundleExportJob API call. When a job is successfully completed, a download URL that contains the exported assets is returned. The URL is valid for 5 minutes and can be refreshed with a DescribeAssetBundleExportJob API call. Each Amazon QuickSight account can run up to 5 export jobs concurrently.

    The API caller must have the necessary permissions in their IAM role to access each resource before the resources can be exported.

    " + "documentation":"

    Starts an Asset Bundle export job.

    An Asset Bundle export job exports specified Amazon Quick Sight assets. You can also choose to export any asset dependencies in the same job. Export jobs run asynchronously and can be polled with a DescribeAssetBundleExportJob API call. When a job is successfully completed, a download URL that contains the exported assets is returned. The URL is valid for 5 minutes and can be refreshed with a DescribeAssetBundleExportJob API call. Each Amazon Quick Sight account can run up to 5 export jobs concurrently.

    The API caller must have the necessary permissions in their IAM role to access each resource before the resources can be exported.

    " }, "StartAssetBundleImportJob":{ "name":"StartAssetBundleImportJob", @@ -3023,7 +3247,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Starts an Asset Bundle import job.

    An Asset Bundle import job imports specified Amazon QuickSight assets into an Amazon QuickSight account. You can also choose to import a naming prefix and specified configuration overrides. The assets that are contained in the bundle file that you provide are used to create or update a new or existing asset in your Amazon QuickSight account. Each Amazon QuickSight account can run up to 5 import jobs concurrently.

    The API caller must have the necessary \"create\", \"describe\", and \"update\" permissions in their IAM role to access each resource type that is contained in the bundle file before the resources can be imported.

    " + "documentation":"

    Starts an Asset Bundle import job.

    An Asset Bundle import job imports specified Amazon Quick Sight assets into an Amazon Quick Sight account. You can also choose to import a naming prefix and specified configuration overrides. The assets that are contained in the bundle file that you provide are used to create or update a new or existing asset in your Amazon Quick Sight account. Each Amazon Quick Sight account can run up to 5 import jobs concurrently.

    The API caller must have the necessary \"create\", \"describe\", and \"update\" permissions in their IAM role to access each resource type that is contained in the bundle file before the resources can be imported.

    " }, "StartDashboardSnapshotJob":{ "name":"StartDashboardSnapshotJob", @@ -3044,7 +3268,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Starts an asynchronous job that generates a snapshot of a dashboard's output. You can request one or several of the following format configurations in each API call.

    • 1 Paginated PDF

    • 1 Excel workbook that includes up to 5 table or pivot table visuals

    • 5 CSVs from table or pivot table visuals

    The status of a submitted job can be polled with the DescribeDashboardSnapshotJob API. When you call the DescribeDashboardSnapshotJob API, check the JobStatus field in the response. Once the job reaches a COMPLETED or FAILED status, use the DescribeDashboardSnapshotJobResult API to obtain the URLs for the generated files. If the job fails, the DescribeDashboardSnapshotJobResult API returns detailed information about the error that occurred.

    StartDashboardSnapshotJob API throttling

    Amazon QuickSight utilizes API throttling to create a more consistent user experience within a time span for customers when they call the StartDashboardSnapshotJob. By default, 12 jobs can run simlutaneously in one Amazon Web Services account and users can submit up 10 API requests per second before an account is throttled. If an overwhelming number of API requests are made by the same user in a short period of time, Amazon QuickSight throttles the API calls to maintin an optimal experience and reliability for all Amazon QuickSight users.

    Common throttling scenarios

    The following list provides information about the most commin throttling scenarios that can occur.

    • A large number of SnapshotExport API jobs are running simultaneously on an Amazon Web Services account. When a new StartDashboardSnapshotJob is created and there are already 12 jobs with the RUNNING status, the new job request fails and returns a LimitExceededException error. Wait for a current job to comlpete before you resubmit the new job.

    • A large number of API requests are submitted on an Amazon Web Services account. When a user makes more than 10 API calls to the Amazon QuickSight API in one second, a ThrottlingException is returned.

    If your use case requires a higher throttling limit, contact your account admin or Amazon Web ServicesSupport to explore options to tailor a more optimal expereince for your account.

    Best practices to handle throttling

    If your use case projects high levels of API traffic, try to reduce the degree of frequency and parallelism of API calls as much as you can to avoid throttling. You can also perform a timing test to calculate an estimate for the total processing time of your projected load that stays within the throttling limits of the Amazon QuickSight APIs. For example, if your projected traffic is 100 snapshot jobs before 12:00 PM per day, start 12 jobs in parallel and measure the amount of time it takes to proccess all 12 jobs. Once you obtain the result, multiply the duration by 9, for example (12 minutes * 9 = 108 minutes). Use the new result to determine the latest time at which the jobs need to be started to meet your target deadline.

    The time that it takes to process a job can be impacted by the following factors:

    • The dataset type (Direct Query or SPICE).

    • The size of the dataset.

    • The complexity of the calculated fields that are used in the dashboard.

    • The number of visuals that are on a sheet.

    • The types of visuals that are on the sheet.

    • The number of formats and snapshots that are requested in the job configuration.

    • The size of the generated snapshots.

    " + "documentation":"

    Starts an asynchronous job that generates a snapshot of a dashboard's output. You can request one or several of the following format configurations in each API call.

    • 1 Paginated PDF

    • 1 Excel workbook that includes up to 5 table or pivot table visuals

    • 5 CSVs from table or pivot table visuals

    The status of a submitted job can be polled with the DescribeDashboardSnapshotJob API. When you call the DescribeDashboardSnapshotJob API, check the JobStatus field in the response. Once the job reaches a COMPLETED or FAILED status, use the DescribeDashboardSnapshotJobResult API to obtain the URLs for the generated files. If the job fails, the DescribeDashboardSnapshotJobResult API returns detailed information about the error that occurred.

    StartDashboardSnapshotJob API throttling

    Quick Sight utilizes API throttling to create a more consistent user experience within a time span for customers when they call the StartDashboardSnapshotJob. By default, 12 jobs can run simlutaneously in one Amazon Web Services account and users can submit up 10 API requests per second before an account is throttled. If an overwhelming number of API requests are made by the same user in a short period of time, Quick Sight throttles the API calls to maintin an optimal experience and reliability for all Quick Sight users.

    Common throttling scenarios

    The following list provides information about the most commin throttling scenarios that can occur.

    • A large number of SnapshotExport API jobs are running simultaneously on an Amazon Web Services account. When a new StartDashboardSnapshotJob is created and there are already 12 jobs with the RUNNING status, the new job request fails and returns a LimitExceededException error. Wait for a current job to comlpete before you resubmit the new job.

    • A large number of API requests are submitted on an Amazon Web Services account. When a user makes more than 10 API calls to the Quick Sight API in one second, a ThrottlingException is returned.

    If your use case requires a higher throttling limit, contact your account admin or Amazon Web ServicesSupport to explore options to tailor a more optimal expereince for your account.

    Best practices to handle throttling

    If your use case projects high levels of API traffic, try to reduce the degree of frequency and parallelism of API calls as much as you can to avoid throttling. You can also perform a timing test to calculate an estimate for the total processing time of your projected load that stays within the throttling limits of the Quick Sight APIs. For example, if your projected traffic is 100 snapshot jobs before 12:00 PM per day, start 12 jobs in parallel and measure the amount of time it takes to proccess all 12 jobs. Once you obtain the result, multiply the duration by 9, for example (12 minutes * 9 = 108 minutes). Use the new result to determine the latest time at which the jobs need to be started to meet your target deadline.

    The time that it takes to process a job can be impacted by the following factors:

    • The dataset type (Direct Query or SPICE).

    • The size of the dataset.

    • The complexity of the calculated fields that are used in the dashboard.

    • The number of visuals that are on a sheet.

    • The types of visuals that are on the sheet.

    • The number of formats and snapshots that are requested in the job configuration.

    • The size of the generated snapshots.

    " }, "StartDashboardSnapshotJobSchedule":{ "name":"StartDashboardSnapshotJobSchedule", @@ -3063,7 +3287,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Starts an asynchronous job that runs an existing dashboard schedule and sends the dashboard snapshot through email.

    Only one job can run simultaneously in a given schedule. Repeated requests are skipped with a 202 HTTP status code.

    For more information, see Scheduling and sending Amazon QuickSight reports by email and Configuring email report settings for a Amazon QuickSight dashboard in the Amazon QuickSight User Guide.

    " + "documentation":"

    Starts an asynchronous job that runs an existing dashboard schedule and sends the dashboard snapshot through email.

    Only one job can run simultaneously in a given schedule. Repeated requests are skipped with a 202 HTTP status code.

    For more information, see Scheduling and sending Amazon Quick Sight reports by email and Configuring email report settings for a Amazon Quick Sight dashboard in the Amazon Quick Sight User Guide.

    " }, "TagResource":{ "name":"TagResource", @@ -3081,7 +3305,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource.

    Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the TagResource operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.

    You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, template, topic, and user.

    Tagging for Amazon QuickSight works in a similar way to tagging for other Amazon Web Services services, except for the following:

    • Tags are used to track costs for users in Amazon QuickSight. You can't tag other resources that Amazon QuickSight costs are based on, such as storage capacoty (SPICE), session usage, alert consumption, or reporting units.

    • Amazon QuickSight doesn't currently support the tag editor for Resource Groups.

    " + "documentation":"

    Assigns one or more tags (key-value pairs) to the specified Amazon Quick Sight resource.

    Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the TagResource operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.

    You can associate as many as 50 tags with a resource. Amazon Quick Sight supports tagging on data set, data source, dashboard, template, topic, and user.

    Tagging for Amazon Quick Sight works in a similar way to tagging for other Amazon Web Services services, except for the following:

    • Tags are used to track costs for users in Amazon Quick Sight. You can't tag other resources that Amazon Quick Sight costs are based on, such as storage capacoty (SPICE), session usage, alert consumption, or reporting units.

    • Amazon Quick Sight doesn't currently support the tag editor for Resource Groups.

    " }, "UntagResource":{ "name":"UntagResource", @@ -3100,6 +3324,23 @@ ], "documentation":"

    Removes a tag or tags from a resource.

    " }, + "UpdateAccountCustomPermission":{ + "name":"UpdateAccountCustomPermission", + "http":{ + "method":"PUT", + "requestUri":"/accounts/{AwsAccountId}/custom-permission" + }, + "input":{"shape":"UpdateAccountCustomPermissionRequest"}, + "output":{"shape":"UpdateAccountCustomPermissionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

    Applies a custom permissions profile to an account.

    " + }, "UpdateAccountCustomization":{ "name":"UpdateAccountCustomization", "http":{ @@ -3117,7 +3358,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Updates Amazon QuickSight customizations for the current Amazon Web Services Region. Currently, the only customization that you can use is a theme.

    You can use customizations for your Amazon Web Services account or, if you specify a namespace, for a Amazon QuickSight namespace instead. Customizations that apply to a namespace override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

    " + "documentation":"

    Updates Amazon Quick Sight customizations. Currently, the only customization that you can use is a theme.

    You can use customizations for your Amazon Web Services account or, if you specify a namespace, for a Quick Sight namespace instead. Customizations that apply to a namespace override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

    " }, "UpdateAccountSettings":{ "name":"UpdateAccountSettings", @@ -3135,7 +3376,48 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Updates the Amazon QuickSight settings in your Amazon Web Services account.

    " + "documentation":"

    Updates the Amazon Quick Sight settings in your Amazon Web Services account.

    " + }, + "UpdateActionConnector":{ + "name":"UpdateActionConnector", + "http":{ + "method":"PUT", + "requestUri":"/accounts/{AwsAccountId}/action-connectors/{ActionConnectorId}", + "responseCode":200 + }, + "input":{"shape":"UpdateActionConnectorRequest"}, + "output":{"shape":"UpdateActionConnectorResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Updates an existing action connector with new configuration details, authentication settings, or enabled actions. You can modify the connector's name, description, authentication configuration, and which actions are enabled. For more information, https://docs.aws.amazon.com/quicksuite/latest/userguide/quick-action-auth.html.

    ", + "idempotent":true + }, + "UpdateActionConnectorPermissions":{ + "name":"UpdateActionConnectorPermissions", + "http":{ + "method":"POST", + "requestUri":"/accounts/{AwsAccountId}/action-connectors/{ActionConnectorId}/permissions", + "responseCode":200 + }, + "input":{"shape":"UpdateActionConnectorPermissionsRequest"}, + "output":{"shape":"UpdateActionConnectorPermissionsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"UnsupportedUserEditionException"}, + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Updates the permissions for an action connector by granting or revoking access for specific users and groups. You can control who can view, use, or manage the action connector.

    " }, "UpdateAnalysis":{ "name":"UpdateAnalysis", @@ -3154,7 +3436,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates an analysis in Amazon QuickSight

    " + "documentation":"

    Updates an analysis in Amazon Quick Sight

    " }, "UpdateAnalysisPermissions":{ "name":"UpdateAnalysisPermissions", @@ -3192,7 +3474,7 @@ {"shape":"LimitExceededException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates an Amazon QuickSight application with a token exchange grant. This operation only supports Amazon QuickSight applications that are registered with IAM Identity Center.

    " + "documentation":"

    Updates an Quick Suite application with a token exchange grant. This operation only supports Quick Suite applications that are registered with IAM Identity Center.

    " }, "UpdateBrand":{ "name":"UpdateBrand", @@ -3207,8 +3489,8 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates a brand.

    ", @@ -3227,8 +3509,8 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates a brand assignment.

    ", @@ -3247,8 +3529,8 @@ {"shape":"ThrottlingException"}, {"shape":"InvalidRequestException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the published version of a brand.

    ", @@ -3383,6 +3665,7 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, {"shape":"UnsupportedUserEditionException"}, + {"shape":"InvalidDataSetParameterValueException"}, {"shape":"InternalFailureException"} ], "documentation":"

    Updates a dataset. This operation doesn't support datasets that include uploaded files as a source. Partial updates are not supported by this operation.

    " @@ -3458,7 +3741,25 @@ {"shape":"InvalidParameterValueException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates a Amazon Q Business application that is linked to a Amazon QuickSight account.

    " + "documentation":"

    Updates a Amazon Q Business application that is linked to a Quick Sight account.

    " + }, + "UpdateFlowPermissions":{ + "name":"UpdateFlowPermissions", + "http":{ + "method":"PUT", + "requestUri":"/accounts/{AwsAccountId}/flows/{FlowId}/permissions", + "responseCode":200 + }, + "input":{"shape":"UpdateFlowPermissionsInput"}, + "output":{"shape":"UpdateFlowPermissionsOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"InternalFailureException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Updates permissions against principals on a flow.

    ", + "idempotent":true }, "UpdateFolder":{ "name":"UpdateFolder", @@ -3552,7 +3853,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Adds or updates services and authorized targets to configure what the Amazon QuickSight IAM Identity Center application can access.

    This operation is only supported for Amazon QuickSight accounts using IAM Identity Center

    " + "documentation":"

    Adds or updates services and authorized targets to configure what the Quick Sight IAM Identity Center application can access.

    This operation is only supported for Quick Sight accounts using IAM Identity Center

    " }, "UpdateIpRestriction":{ "name":"UpdateIpRestriction", @@ -3586,7 +3887,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates a customer managed key in a Amazon QuickSight account.

    " + "documentation":"

    Updates a customer managed key in a Quick Sight account.

    " }, "UpdatePublicSharingSettings":{ "name":"UpdatePublicSharingSettings", @@ -3604,7 +3905,7 @@ {"shape":"UnsupportedPricingPlanException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Use the UpdatePublicSharingSettings operation to turn on or turn off the public sharing settings of an Amazon QuickSight dashboard.

    To use this operation, turn on session capacity pricing for your Amazon QuickSight account.

    Before you can turn on public sharing on your account, make sure to give public sharing permissions to an administrative user in the Identity and Access Management (IAM) console. For more information on using IAM with Amazon QuickSight, see Using Amazon QuickSight with IAM in the Amazon QuickSight User Guide.

    " + "documentation":"

    This API controls public sharing settings for your entire Quick Sight account, affecting data security and access. When you enable public sharing:

    • Dashboards can be shared publicly

    • This setting affects your entire Amazon Web Services account and all Quick Sight users

    Before proceeding: Ensure you understand the security implications and have proper IAM permissions configured.

    Use the UpdatePublicSharingSettings operation to turn on or turn off the public sharing settings of an Amazon Quick Sight dashboard.

    To use this operation, turn on session capacity pricing for your Amazon Quick Sight account.

    Before you can turn on public sharing on your account, make sure to give public sharing permissions to an administrative user in the Identity and Access Management (IAM) console. For more information on using IAM with Amazon Quick Sight, see Using Quick Suite with IAM in the Amazon Quick Sight User Guide.

    " }, "UpdateQPersonalizationConfiguration":{ "name":"UpdateQPersonalizationConfiguration", @@ -3641,7 +3942,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates the state of a Amazon QuickSight Q Search configuration.

    " + "documentation":"

    Updates the state of a Quick Sight Q Search configuration.

    " }, "UpdateRefreshSchedule":{ "name":"UpdateRefreshSchedule", @@ -3696,7 +3997,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates the SPICE capacity configuration for a Amazon QuickSight account.

    " + "documentation":"

    Updates the SPICE capacity configuration for a Quick Sight account.

    " }, "UpdateTemplate":{ "name":"UpdateTemplate", @@ -3716,7 +4017,7 @@ {"shape":"UnsupportedUserEditionException"}, {"shape":"InternalFailureException"} ], - "documentation":"

    Updates a template from an existing Amazon QuickSight analysis or another template.

    " + "documentation":"

    Updates a template from an existing Amazon Quick Sight analysis or another template.

    " }, "UpdateTemplateAlias":{ "name":"UpdateTemplateAlias", @@ -3890,7 +4191,7 @@ {"shape":"InternalFailureException"}, {"shape":"ResourceUnavailableException"} ], - "documentation":"

    Updates an Amazon QuickSight user.

    " + "documentation":"

    Updates an Amazon Quick Sight user.

    " }, "UpdateUserCustomPermission":{ "name":"UpdateUserCustomPermission", @@ -3934,6 +4235,32 @@ } }, "shapes":{ + "APIKey":{ + "type":"string", + "sensitive":true + }, + "APIKeyConnectionMetadata":{ + "type":"structure", + "required":[ + "BaseEndpoint", + "ApiKey" + ], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base URL endpoint for the external service.

    " + }, + "ApiKey":{ + "shape":"APIKey", + "documentation":"

    The API key used for authentication.

    " + }, + "Email":{ + "shape":"Email", + "documentation":"

    The email address associated with the API key, if required.

    " + } + }, + "documentation":"

    Configuration for API key-based authentication to external services.

    " + }, "AccessDeniedException":{ "type":"structure", "members":{ @@ -3943,7 +4270,7 @@ "documentation":"

    The Amazon Web Services request ID for this request.

    " } }, - "documentation":"

    You don't have access to this item. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Make sure that your account is authorized to use the Amazon QuickSight service, that your policies have the correct permissions, and that you are using the correct credentials.

    ", + "documentation":"

    You don't have access to this item. The provided credentials couldn't be validated. You might not be authorized to carry out the request. Make sure that your account is authorized to use the Amazon Quick Sight service, that your policies have the correct permissions, and that you are using the correct credentials.

    ", "error":{"httpStatusCode":401}, "exception":true }, @@ -3952,33 +4279,39 @@ "members":{ "DefaultTheme":{ "shape":"Arn", - "documentation":"

    The default theme for this Amazon QuickSight subscription.

    " + "documentation":"

    The default theme for this Quick Sight subscription.

    " }, "DefaultEmailCustomizationTemplate":{ "shape":"Arn", "documentation":"

    The default email customization template.

    " } }, - "documentation":"

    The Amazon QuickSight customizations associated with your Amazon Web Services account or a QuickSight namespace in a specific Amazon Web Services Region.

    " + "documentation":"

    The Quick Sight customizations associated with your Amazon Web Services account or a Quick Sight namespace in a specific Amazon Web Services Region.

    " + }, + "AccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]{12}" }, "AccountInfo":{ "type":"structure", "members":{ "AccountName":{ "shape":"String", - "documentation":"

    The account name that you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It's unique over all of Amazon Web Services, and it appears only when users sign in.

    " + "documentation":"

    The account name that you provided for the Amazon Quick Sight subscription in your Amazon Web Services account. You create this name when you sign up for Quick Suite. It's unique over all of Amazon Web Services, and it appears only when users sign in.

    " }, "Edition":{ "shape":"Edition", - "documentation":"

    The edition of your Amazon QuickSight account.

    " + "documentation":"

    The edition of your Quick Sight account.

    " }, "NotificationEmail":{ "shape":"String", - "documentation":"

    The email address that will be used for Amazon QuickSight to send notifications regarding your Amazon Web Services account or Amazon QuickSight subscription.

    " + "documentation":"

    The email address that will be used for Quick Sight to send notifications regarding your Amazon Web Services account or Quick Sight subscription.

    " }, "AuthenticationType":{ "shape":"String", - "documentation":"

    The way that your Amazon QuickSight account is authenticated.

    " + "documentation":"

    The way that your Amazon Quick Sight account is authenticated.

    " }, "AccountSubscriptionStatus":{ "shape":"String", @@ -3989,7 +4322,7 @@ "documentation":"

    The Amazon Resource Name (ARN) for the IAM Identity Center instance.

    " } }, - "documentation":"

    A structure that contains the following account information elements:

    • Your Amazon QuickSight account name.

    • The edition of Amazon QuickSight that your account is using.

    • The notification email address that is associated with the Amazon QuickSight account.

    • The authentication type of the Amazon QuickSight account.

    • The status of the Amazon QuickSight account's subscription.

    " + "documentation":"

    A structure that contains the following account information elements:

    • Your Quick Sight account name.

    • The edition of Quick Sight that your account is using.

    • The notification email address that is associated with the Quick Sight account.

    • The authentication type of the Quick Sight account.

    • The status of the Quick Sight account's subscription.

    " }, "AccountName":{ "type":"string", @@ -4002,30 +4335,256 @@ "members":{ "AccountName":{ "shape":"String", - "documentation":"

    The \"account name\" you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It is unique in all of Amazon Web Services and it appears only when users sign in.

    " + "documentation":"

    The \"account name\" you provided for the Quick Sight subscription in your Amazon Web Services account. You create this name when you sign up for Quick Sight. It is unique in all of Amazon Web Services and it appears only when users sign in.

    " }, "Edition":{ "shape":"Edition", - "documentation":"

    The edition of Amazon QuickSight that you're currently subscribed to: Enterprise edition or Standard edition.

    " + "documentation":"

    The edition of Quick Sight that you're currently subscribed to: Enterprise edition or Standard edition.

    " }, "DefaultNamespace":{ "shape":"Namespace", - "documentation":"

    The default Amazon QuickSight namespace for your Amazon Web Services account.

    " + "documentation":"

    The default Quick Sight namespace for your Amazon Web Services account.

    " }, "NotificationEmail":{ "shape":"String", - "documentation":"

    The main notification email for your Amazon QuickSight subscription.

    " + "documentation":"

    The main notification email for your Quick Sight subscription.

    " }, "PublicSharingEnabled":{ "shape":"Boolean", - "documentation":"

    A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account. For more information about turning on public sharing, see UpdatePublicSharingSettings.

    " + "documentation":"

    A Boolean value that indicates whether public sharing is turned on for an Quick Suite account. For more information about turning on public sharing, see UpdatePublicSharingSettings.

    " }, "TerminationProtectionEnabled":{ "shape":"Boolean", - "documentation":"

    A boolean value that determines whether or not an Amazon QuickSight account can be deleted. A True value doesn't allow the account to be deleted and results in an error message if a user tries to make a DeleteAccountSubsctiption request. A False value will allow the ccount to be deleted.

    " + "documentation":"

    A boolean value that determines whether or not an Quick Sight account can be deleted. A True value doesn't allow the account to be deleted and results in an error message if a user tries to make a DeleteAccountSubsctiption request. A False value will allow the ccount to be deleted.

    " } }, - "documentation":"

    The Amazon QuickSight settings associated with your Amazon Web Services account.

    " + "documentation":"

    The Quick Sight settings associated with your Amazon Web Services account.

    " + }, + "ActionConnector":{ + "type":"structure", + "required":[ + "Arn", + "ActionConnectorId", + "Type", + "Name", + "LastUpdatedTime" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector.

    " + }, + "Type":{ + "shape":"ActionConnectorType", + "documentation":"

    The type of action connector.

    " + }, + "Name":{ + "shape":"ActionConnectorName", + "documentation":"

    The name of the action connector.

    " + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the action connector was created.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the action connector was last updated.

    " + }, + "Status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the action connector.

    " + }, + "Error":{ + "shape":"ActionConnectorError", + "documentation":"

    Error information if the action connector is in an error state.

    " + }, + "Description":{ + "shape":"ActionConnectorDescription", + "documentation":"

    The description of the action connector.

    " + }, + "AuthenticationConfig":{ + "shape":"ReadAuthConfig", + "documentation":"

    The authentication configuration used to connect to the external service.

    " + }, + "EnabledActions":{ + "shape":"ActionIdList", + "documentation":"

    The list of actions that are enabled for this connector.

    " + }, + "VpcConnectionArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the VPC connection used for secure connectivity to the external service.

    " + } + }, + "documentation":"

    Contains detailed information about an action connector, including its configuration, status, and enabled actions.

    " + }, + "ActionConnectorDescription":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[A-Za-z0-9 _.,!?-]*", + "sensitive":true + }, + "ActionConnectorError":{ + "type":"structure", + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    The error message describing what went wrong with the action connector.

    " + }, + "Type":{ + "shape":"ActionConnectorErrorType", + "documentation":"

    The type or category of the error.

    " + } + }, + "documentation":"

    Contains error information for an action connector that is in an error state.

    " + }, + "ActionConnectorErrorType":{ + "type":"string", + "enum":["INTERNAL_FAILURE"] + }, + "ActionConnectorName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[A-Za-z0-9](?:[\\w- ]*[A-Za-z0-9])?", + "sensitive":true + }, + "ActionConnectorSearchFilter":{ + "type":"structure", + "required":[ + "Name", + "Operator", + "Value" + ], + "members":{ + "Name":{ + "shape":"ActionConnectorSearchFilterNameEnum", + "documentation":"

    The name of the filter attribute (e.g., ACTION_CONNECTOR_NAME, ACTION_CONNECTOR_TYPE, QUICKSIGHT_VIEWER_OR_OWNER).

    " + }, + "Operator":{ + "shape":"FilterOperator", + "documentation":"

    The comparison operator to use for the filter (e.g., StringEquals, StringLike).

    " + }, + "Value":{ + "shape":"String", + "documentation":"

    The value to compare against using the specified operator.

    " + } + }, + "documentation":"

    A filter used to search for action connectors based on specific criteria.

    " + }, + "ActionConnectorSearchFilterList":{ + "type":"list", + "member":{"shape":"ActionConnectorSearchFilter"}, + "max":1, + "min":0 + }, + "ActionConnectorSearchFilterNameEnum":{ + "type":"string", + "enum":[ + "ACTION_CONNECTOR_NAME", + "ACTION_CONNECTOR_TYPE", + "QUICKSIGHT_OWNER", + "QUICKSIGHT_VIEWER_OR_OWNER", + "DIRECT_QUICKSIGHT_SOLE_OWNER", + "DIRECT_QUICKSIGHT_OWNER", + "DIRECT_QUICKSIGHT_VIEWER_OR_OWNER" + ], + "min":1 + }, + "ActionConnectorSummary":{ + "type":"structure", + "required":[ + "Arn", + "ActionConnectorId", + "Type", + "Name", + "LastUpdatedTime" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector.

    " + }, + "Type":{ + "shape":"ActionConnectorType", + "documentation":"

    The type of action connector (e.g., SALESFORCE, JIRA, CUSTOM, BEDROCK).

    " + }, + "Name":{ + "shape":"ActionConnectorName", + "documentation":"

    The name of the action connector.

    " + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the action connector was created.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the action connector was last updated.

    " + }, + "Status":{ + "shape":"ResourceStatus", + "documentation":"

    The current status of the action connector.

    " + }, + "Error":{ + "shape":"ActionConnectorError", + "documentation":"

    Error information if the action connector is in an error state.

    " + } + }, + "documentation":"

    Contains summary information about an action connector, used in list and search operations.

    " + }, + "ActionConnectorSummaryList":{ + "type":"list", + "member":{"shape":"ActionConnectorSummary"} + }, + "ActionConnectorType":{ + "type":"string", + "enum":[ + "GENERIC_HTTP", + "SERVICENOW_NOW_PLATFORM", + "SALESFORCE_CRM", + "MICROSOFT_OUTLOOK", + "PAGERDUTY_ADVANCE", + "JIRA_CLOUD", + "ATLASSIAN_CONFLUENCE", + "AMAZON_S3", + "AMAZON_BEDROCK_AGENT_RUNTIME", + "AMAZON_BEDROCK_RUNTIME", + "AMAZON_BEDROCK_DATA_AUTOMATION_RUNTIME", + "AMAZON_TEXTRACT", + "AMAZON_COMPREHEND", + "AMAZON_COMPREHEND_MEDICAL", + "MICROSOFT_ONEDRIVE", + "MICROSOFT_SHAREPOINT", + "MICROSOFT_TEAMS", + "SAP_BUSINESSPARTNER", + "SAP_PRODUCTMASTERDATA", + "SAP_PHYSICALINVENTORY", + "SAP_BILLOFMATERIALS", + "SAP_MATERIALSTOCK", + "ZENDESK_SUITE", + "SMARTSHEET", + "SLACK", + "ASANA", + "BAMBOO_HR" + ] + }, + "ActionId":{ + "type":"string", + "pattern":"[\\w@:_.,!?+-/]+" + }, + "ActionIdList":{ + "type":"list", + "member":{"shape":"ActionId"}, + "max":100, + "min":0 }, "ActionList":{ "type":"list", @@ -4033,6 +4592,23 @@ "max":20, "min":1 }, + "ActionPassword":{ + "type":"string", + "sensitive":true + }, + "ActionUserName":{ + "type":"string", + "sensitive":true + }, + "ActionsList":{ + "type":"list", + "member":{"shape":"ActionsListMemberString"} + }, + "ActionsListMemberString":{ + "type":"string", + "max":64, + "min":1 + }, "ActiveIAMPolicyAssignment":{ "type":"structure", "members":{ @@ -4128,6 +4704,56 @@ "CUSTOM" ] }, + "AggregateOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "Aggregations" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for the aggregation.

    " + }, + "GroupByColumnNames":{ + "shape":"GroupByColumnNameList", + "documentation":"

    The list of column names to group by when performing the aggregation. Rows with the same values in these columns will be grouped together.

    " + }, + "Aggregations":{ + "shape":"AggregationList", + "documentation":"

    The list of aggregation functions to apply to the grouped data, such as SUM, COUNT, or AVERAGE.

    " + } + }, + "documentation":"

    A transform operation that groups rows by specified columns and applies aggregation functions to calculate summary values.

    " + }, + "Aggregation":{ + "type":"structure", + "required":[ + "AggregationFunction", + "NewColumnName", + "NewColumnId" + ], + "members":{ + "AggregationFunction":{ + "shape":"DataPrepAggregationFunction", + "documentation":"

    The aggregation function to apply, such as SUM, COUNT, AVERAGE, MIN, MAX

    " + }, + "NewColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name for the new column that will contain the aggregated values.

    " + }, + "NewColumnId":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the new column that will contain the aggregated values.

    " + } + }, + "documentation":"

    Defines an aggregation function to be applied to grouped data, creating a new column with the calculated result.

    " + }, "AggregationFunction":{ "type":"structure", "members":{ @@ -4155,6 +4781,12 @@ "key":{"shape":"LimitedString"}, "value":{"shape":"LimitedString"} }, + "AggregationList":{ + "type":"list", + "member":{"shape":"Aggregation"}, + "max":128, + "min":0 + }, "AggregationPartitionBy":{ "type":"structure", "members":{ @@ -4209,8 +4841,7 @@ }, "AllSheetsFilterScopeConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty object that represents that the AllSheets option is the chosen value for the FilterScopeConfiguration parameter. This structure applies the filter to all visuals on all sheets of an Analysis, Dashboard, or Template.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " }, "AltText":{ @@ -4241,6 +4872,38 @@ }, "documentation":"

    The parameters for OpenSearch.

    " }, + "AmazonQInQuickSightConsoleConfigurations":{ + "type":"structure", + "members":{ + "DataQnA":{ + "shape":"DataQnAConfigurations", + "documentation":"

    Adds generative Q&A capabilitiees to an embedded Quick Sight console.

    " + }, + "GenerativeAuthoring":{ + "shape":"GenerativeAuthoringConfigurations", + "documentation":"

    Adds the generative BI authoring experience to an embedded Quick Sight console.

    " + }, + "ExecutiveSummary":{ + "shape":"ExecutiveSummaryConfigurations", + "documentation":"

    Adds the executive summaries feature to an embedded Quick Sight console.

    " + }, + "DataStories":{ + "shape":"DataStoriesConfigurations", + "documentation":"

    Adds the data stories feature to an embedded Quick Sight console.

    " + } + }, + "documentation":"

    A collection of Amazon Q feature configurations in an embedded Quick Sight console.

    " + }, + "AmazonQInQuickSightDashboardConfigurations":{ + "type":"structure", + "members":{ + "ExecutiveSummary":{ + "shape":"ExecutiveSummaryConfigurations", + "documentation":"

    A generated executive summary of an embedded Quick Sight dashboard.

    " + } + }, + "documentation":"

    A collection of Amazon Q feature configurations in an embedded Quick Sight dashboard.

    " + }, "Analysis":{ "type":"structure", "members":{ @@ -4285,7 +4948,7 @@ "documentation":"

    A list of the associated sheets with the unique identifier and name of each sheet.

    " } }, - "documentation":"

    Metadata structure for an analysis in Amazon QuickSight

    " + "documentation":"

    Metadata structure for an analysis in Quick Sight

    " }, "AnalysisDefaults":{ "type":"structure", @@ -4316,11 +4979,11 @@ }, "ParameterDeclarations":{ "shape":"ParameterDeclarationList", - "documentation":"

    An array of parameter declarations for an analysis.

    Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    An array of parameter declarations for an analysis.

    Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "FilterGroups":{ "shape":"FilterGroupList", - "documentation":"

    Filter definitions for an analysis.

    For more information, see Filtering Data in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    Filter definitions for an analysis.

    For more information, see Filtering Data in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "ColumnConfigurations":{ "shape":"ColumnConfigurationList", @@ -4459,7 +5122,7 @@ }, "Name":{ "shape":"AnalysisName", - "documentation":"

    The name of the analysis. This name is displayed in the Amazon QuickSight console.

    " + "documentation":"

    The name of the analysis. This name is displayed in the Quick Sight console.

    " }, "Status":{ "shape":"ResourceStatus", @@ -4527,7 +5190,7 @@ "members":{ "InitialDashboardId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard.

    The Amazon Resource Name (ARN) of this dashboard must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " + "documentation":"

    The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon Quick Sight renders this dashboard.

    The Amazon Resource Name (ARN) of this dashboard must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " }, "EnabledFeatures":{ "shape":"AnonymousUserDashboardEmbeddingConfigurationEnabledFeatures", @@ -4576,7 +5239,7 @@ "members":{ "InitialDashboardVisualId":{ "shape":"DashboardVisualId", - "documentation":"

    The visual ID for the visual that you want the user to see. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this visual.

    The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " + "documentation":"

    The visual ID for the visual that you want the user to see. This ID is included in the output URL. When the URL in response is accessed, Amazon Quick Sight renders this visual.

    The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " } }, "documentation":"

    The experience that you are embedding. You can use this object to generate a url that embeds a visual into your application.

    " @@ -4586,11 +5249,11 @@ "members":{ "Dashboard":{ "shape":"AnonymousUserDashboardEmbeddingConfiguration", - "documentation":"

    The type of embedding experience. In this case, Amazon QuickSight dashboards.

    " + "documentation":"

    The type of embedding experience. In this case, Amazon Quick Sight dashboards.

    " }, "DashboardVisual":{ "shape":"AnonymousUserDashboardVisualEmbeddingConfiguration", - "documentation":"

    The type of embedding experience. In this case, Amazon QuickSight visuals.

    " + "documentation":"

    The type of embedding experience. In this case, Amazon Quick Sight visuals.

    " }, "QSearchBar":{ "shape":"AnonymousUserQSearchBarEmbeddingConfiguration", @@ -4601,7 +5264,7 @@ "documentation":"

    The Generative Q&A experience that you want to use for anonymous user embedding.

    " } }, - "documentation":"

    The type of experience you want to embed. For anonymous users, you can embed Amazon QuickSight dashboards.

    " + "documentation":"

    The type of experience you want to embed. For anonymous users, you can embed Quick Suite dashboards.

    " }, "AnonymousUserGenerativeQnAEmbeddingConfiguration":{ "type":"structure", @@ -4609,7 +5272,7 @@ "members":{ "InitialTopicId":{ "shape":"RestrictiveResourceId", - "documentation":"

    The Amazon QuickSight Q topic ID of the new reader experience topic that you want the anonymous user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders the Generative Q&A experience with this new reader experience topic pre selected.

    The Amazon Resource Name (ARN) of this Q new reader experience topic must be included in the AuthorizedResourceArns parameter. Otherwise, the request fails with an InvalidParameterValueException error.

    " + "documentation":"

    The Quick Sight Q topic ID of the new reader experience topic that you want the anonymous user to see first. This ID is included in the output URL. When the URL in response is accessed, Quick Sight renders the Generative Q&A experience with this new reader experience topic pre selected.

    The Amazon Resource Name (ARN) of this Q new reader experience topic must be included in the AuthorizedResourceArns parameter. Otherwise, the request fails with an InvalidParameterValueException error.

    " } }, "documentation":"

    The settings that you want to use for the Generative Q&A experience.

    " @@ -4620,7 +5283,7 @@ "members":{ "InitialTopicId":{ "shape":"RestrictiveResourceId", - "documentation":"

    The Amazon QuickSight Q topic ID of the legacy topic that you want the anonymous user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders the Q search bar with this legacy topic pre-selected.

    The Amazon Resource Name (ARN) of this Q legacy topic must be included in the AuthorizedResourceArns parameter. Otherwise, the request fails with an InvalidParameterValueException error.

    " + "documentation":"

    The Quick Sight Q topic ID of the legacy topic that you want the anonymous user to see first. This ID is included in the output URL. When the URL in response is accessed, Quick Sight renders the Q search bar with this legacy topic pre-selected.

    The Amazon Resource Name (ARN) of this Q legacy topic must be included in the AuthorizedResourceArns parameter. Otherwise, the request fails with an InvalidParameterValueException error.

    " } }, "documentation":"

    The settings that you want to use with the Q search bar.

    " @@ -4648,6 +5311,62 @@ "type":"list", "member":{"shape":"AnswerId"} }, + "AppendOperation":{ + "type":"structure", + "required":[ + "Alias", + "AppendedColumns" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "FirstSource":{ + "shape":"TransformOperationSource", + "documentation":"

    The first data source to be included in the append operation.

    " + }, + "SecondSource":{ + "shape":"TransformOperationSource", + "documentation":"

    The second data source to be appended to the first source.

    " + }, + "AppendedColumns":{ + "shape":"AppendedColumnList", + "documentation":"

    The list of columns to include in the appended result, mapping columns from both sources.

    " + } + }, + "documentation":"

    A transform operation that combines rows from two data sources by stacking them vertically (union operation).

    " + }, + "AppendedColumn":{ + "type":"structure", + "required":[ + "ColumnName", + "NewColumnId" + ], + "members":{ + "ColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the column to include in the appended result.

    " + }, + "NewColumnId":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the column in the appended result.

    " + } + }, + "documentation":"

    Represents a column that will be included in the result of an append operation, combining data from multiple sources.

    " + }, + "AppendedColumnList":{ + "type":"list", + "member":{"shape":"AppendedColumn"}, + "max":2048, + "min":0 + }, + "ApplicationArn":{ + "type":"string", + "max":1284, + "min":1, + "pattern":"^arn:[-a-z0-9]*:qbusiness:[-a-z0-9]*:[0-9]{12}:application/.+" + }, "ApplicationTheme":{ "type":"structure", "members":{ @@ -4655,6 +5374,10 @@ "shape":"BrandColorPalette", "documentation":"

    The color palette.

    " }, + "ContextualAccentPalette":{ + "shape":"ContextualAccentPalette", + "documentation":"

    The contextual accent palette.

    " + }, "BrandElementStyle":{ "shape":"BrandElementStyle", "documentation":"

    The element style.

    " @@ -4882,7 +5605,10 @@ }, "AssetBundleExportJobDataSetPropertyToOverride":{ "type":"string", - "enum":["Name"] + "enum":[ + "Name", + "RefreshFailureEmailAlertStatus" + ] }, "AssetBundleExportJobDataSetPropertyToOverrideList":{ "type":"list", @@ -5360,7 +6086,8 @@ "Name":{ "shape":"ResourceName", "documentation":"

    A new name for the dataset.

    " - } + }, + "DataSetRefreshProperties":{"shape":"DataSetRefreshProperties"} }, "documentation":"

    The override parameters for a single dataset that is being imported.

    " }, @@ -6008,7 +6735,7 @@ "documentation":"

    A list of link sharing permissions for the dashboards that you want to apply overrides to.

    " } }, - "documentation":"

    A structure that contains the configuration of a shared link to an Amazon QuickSight dashboard.

    " + "documentation":"

    A structure that contains the configuration of a shared link to an Amazon Quick Sight dashboard.

    " }, "AssetBundleResourcePermissions":{ "type":"structure", @@ -6048,6 +6775,18 @@ "WeekStart":{ "shape":"DayOfTheWeek", "documentation":"

    Determines the week start day for an analysis.

    " + }, + "QBusinessInsightsStatus":{ + "shape":"QBusinessInsightsStatus", + "documentation":"

    Determines whether insight summaries from Amazon Q Business are allowed in Dashboard Q&A.

    " + }, + "ExcludedDataSetArns":{ + "shape":"DataSetArnsList", + "documentation":"

    A list of dataset ARNS to exclude from Dashboard Q&A.

    " + }, + "CustomActionDefaults":{ + "shape":"VisualCustomActionDefaults", + "documentation":"

    A list of visual custom actions for the analysis.

    " } }, "documentation":"

    An array of analysis level configurations.

    " @@ -6070,6 +6809,10 @@ "RoleArn":{ "shape":"RoleArn", "documentation":"

    Use the RoleArn structure to override an account-wide role for a specific Athena data source. For example, say an account administrator has turned off all Athena access with an account-wide role. The administrator can then use RoleArn to bypass the account-wide role and allow Athena access for the single Athena data source that is specified in the structure, even if the account-wide role forbidding Athena access is still active.

    " + }, + "IdentityCenterConfiguration":{ + "shape":"IdentityCenterConfiguration", + "documentation":"

    An optional parameter that configures IAM Identity Center authentication to grant Quick Sight access to your workgroup.

    This parameter can only be specified if your Quick Sight account is configured with IAM Identity Center.

    " } }, "documentation":"

    Parameters for Amazon Athena.

    " @@ -6134,6 +6877,55 @@ }, "documentation":"

    Parameters for Amazon Aurora PostgreSQL-Compatible Edition.

    " }, + "AuthConfig":{ + "type":"structure", + "required":[ + "AuthenticationType", + "AuthenticationMetadata" + ], + "members":{ + "AuthenticationType":{ + "shape":"ConnectionAuthType", + "documentation":"

    The type of authentication method.

    " + }, + "AuthenticationMetadata":{ + "shape":"AuthenticationMetadata", + "documentation":"

    The authentication metadata containing the specific configuration for the chosen authentication type.

    " + } + }, + "documentation":"

    Authentication configuration for connecting to external services.

    " + }, + "AuthenticationMetadata":{ + "type":"structure", + "members":{ + "AuthorizationCodeGrantMetadata":{ + "shape":"AuthorizationCodeGrantMetadata", + "documentation":"

    OAuth 2.0 authorization code grant authentication metadata.

    " + }, + "ClientCredentialsGrantMetadata":{ + "shape":"ClientCredentialsGrantMetadata", + "documentation":"

    OAuth 2.0 client credentials grant authentication metadata.

    " + }, + "BasicAuthConnectionMetadata":{ + "shape":"BasicAuthConnectionMetadata", + "documentation":"

    Basic authentication metadata using username and password.

    " + }, + "ApiKeyConnectionMetadata":{ + "shape":"APIKeyConnectionMetadata", + "documentation":"

    API key authentication metadata.

    " + }, + "NoneConnectionMetadata":{ + "shape":"NoneConnectionMetadata", + "documentation":"

    No authentication metadata for services that don't require authentication.

    " + }, + "IamConnectionMetadata":{ + "shape":"IAMConnectionMetadata", + "documentation":"

    IAM role-based authentication metadata for Amazon Web Services services.

    " + } + }, + "documentation":"

    Union type containing authentication metadata for different authentication methods.

    ", + "union":true + }, "AuthenticationMethodOption":{ "type":"string", "enum":[ @@ -6172,6 +6964,75 @@ "type":"list", "member":{"shape":"AuthorSpecifiedAggregation"} }, + "AuthorizationCodeGrantCredentialsDetails":{ + "type":"structure", + "members":{ + "AuthorizationCodeGrantDetails":{ + "shape":"AuthorizationCodeGrantDetails", + "documentation":"

    The authorization code grant configuration details.

    " + } + }, + "documentation":"

    Details for OAuth 2.0 authorization code grant credentials.

    ", + "union":true + }, + "AuthorizationCodeGrantCredentialsSource":{ + "type":"string", + "enum":["PLAIN_CREDENTIALS"] + }, + "AuthorizationCodeGrantDetails":{ + "type":"structure", + "required":[ + "ClientId", + "ClientSecret", + "TokenEndpoint", + "AuthorizationEndpoint" + ], + "members":{ + "ClientId":{ + "shape":"ClientId", + "documentation":"

    The client ID for the OAuth application.

    " + }, + "ClientSecret":{ + "shape":"ClientSecret", + "documentation":"

    The client secret for the OAuth application.

    " + }, + "TokenEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The token endpoint URL for obtaining access tokens.

    " + }, + "AuthorizationEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The authorization endpoint URL for the OAuth flow.

    " + } + }, + "documentation":"

    Configuration details for OAuth 2.0 authorization code grant flow.

    " + }, + "AuthorizationCodeGrantMetadata":{ + "type":"structure", + "required":[ + "BaseEndpoint", + "RedirectUrl" + ], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base URL endpoint for the external service.

    " + }, + "RedirectUrl":{ + "shape":"Endpoint", + "documentation":"

    The redirect URL for the OAuth authorization flow.

    " + }, + "AuthorizationCodeGrantCredentialsSource":{ + "shape":"AuthorizationCodeGrantCredentialsSource", + "documentation":"

    The source of the authorization code grant credentials.

    " + }, + "AuthorizationCodeGrantCredentialsDetails":{ + "shape":"AuthorizationCodeGrantCredentialsDetails", + "documentation":"

    The detailed credentials configuration for authorization code grant.

    " + } + }, + "documentation":"

    Metadata for OAuth 2.0 authorization code grant authentication.

    " + }, "AuthorizedTargetsByService":{ "type":"structure", "members":{ @@ -6238,8 +7099,7 @@ }, "AxisDisplayDataDrivenRange":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The options that are saved for future extension.

    " }, "AxisDisplayMinMaxRange":{ @@ -6575,7 +7435,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A bar chart.

    The BarChartVisual structure describes a visual that is a member of the bar chart family. The following charts can be described using this structure:

    • Horizontal bar chart

    • Vertical bar chart

    • Horizontal stacked bar chart

    • Vertical stacked bar chart

    • Horizontal stacked 100% bar chart

    • Vertical stacked 100% bar chart

    For more information, see Using bar charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A bar chart.

    The BarChartVisual structure describes a visual that is a member of the bar chart family. The following charts can be described using this structure:

    • Horizontal bar chart

    • Vertical bar chart

    • Horizontal stacked bar chart

    • Vertical stacked bar chart

    • Horizontal stacked 100% bar chart

    • Vertical stacked 100% bar chart

    For more information, see Using bar charts in the Amazon Quick Suite User Guide.

    " }, "BarsArrangement":{ "type":"string", @@ -6594,6 +7454,29 @@ "IMAGERY" ] }, + "BasicAuthConnectionMetadata":{ + "type":"structure", + "required":[ + "BaseEndpoint", + "Username", + "Password" + ], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base URL endpoint for the external service.

    " + }, + "Username":{ + "shape":"ActionUserName", + "documentation":"

    The username for basic authentication.

    " + }, + "Password":{ + "shape":"ActionPassword", + "documentation":"

    The password for basic authentication.

    " + } + }, + "documentation":"

    Metadata for basic authentication using username and password.

    " + }, "BatchCreateTopicReviewedAnswerRequest":{ "type":"structure", "required":[ @@ -7081,7 +7964,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A box plot.

    For more information, see Using box plots in the Amazon QuickSight User Guide.

    " + "documentation":"

    A box plot.

    For more information, see Using box plots in the Amazon Quick Suite User Guide.

    " }, "BrandColorPalette":{ "type":"structure", @@ -7154,7 +8037,7 @@ "members":{ "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    " + "documentation":"

    The ID of the Quick Suite brand.

    " }, "Arn":{ "shape":"Arn", @@ -7220,7 +8103,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    " + "documentation":"

    The ID of the Quick Suite brand.

    " }, "BrandName":{ "shape":"Name", @@ -7275,7 +8158,7 @@ }, "ColumnId":{ "shape":"ColumnId", - "documentation":"

    A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column.

    " + "documentation":"

    A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Quick Sight preserves the existing calculated column.

    " }, "Expression":{ "shape":"DataSetCalculatedFieldExpression", @@ -7287,8 +8170,8 @@ "CalculatedColumnList":{ "type":"list", "member":{"shape":"CalculatedColumn"}, - "max":128, - "min":1 + "max":256, + "min":0 }, "CalculatedField":{ "type":"structure", @@ -7327,7 +8210,7 @@ "CalculatedFields":{ "type":"list", "member":{"shape":"CalculatedField"}, - "max":500 + "max":2000 }, "CalculatedMeasureField":{ "type":"structure", @@ -7402,11 +8285,19 @@ "members":{ "ExportToCsv":{ "shape":"CapabilityState", - "documentation":"

    The ability to export to CSV files.

    " + "documentation":"

    The ability to export to CSV files from the UI.

    " }, "ExportToExcel":{ "shape":"CapabilityState", - "documentation":"

    The ability to export to Excel files.

    " + "documentation":"

    The ability to export to Excel files from the UI.

    " + }, + "ExportToPdf":{ + "shape":"CapabilityState", + "documentation":"

    The ability to export to PDF files from the UI.

    " + }, + "PrintReports":{ + "shape":"CapabilityState", + "documentation":"

    The ability to print reports.

    " }, "CreateAndUpdateThemes":{ "shape":"CapabilityState", @@ -7467,9 +8358,81 @@ "CreateSPICEDataset":{ "shape":"CapabilityState", "documentation":"

    The ability to create a SPICE dataset.

    " + }, + "ExportToPdfInScheduledReports":{ + "shape":"CapabilityState", + "documentation":"

    The ability to export to PDF files in scheduled email reports.

    " + }, + "ExportToCsvInScheduledReports":{ + "shape":"CapabilityState", + "documentation":"

    The ability to export to CSV files in scheduled email reports.

    " + }, + "ExportToExcelInScheduledReports":{ + "shape":"CapabilityState", + "documentation":"

    The ability to export to Excel files in scheduled email reports.

    " + }, + "IncludeContentInScheduledReportsEmail":{ + "shape":"CapabilityState", + "documentation":"

    The ability to include content in scheduled email reports.

    " + }, + "Dashboard":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform dashboard-related actions.

    " + }, + "Analysis":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform analysis-related actions.

    " + }, + "Automate":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform automate-related actions.

    " + }, + "Flow":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform flow-related actions.

    " + }, + "PublishWithoutApproval":{ + "shape":"CapabilityState", + "documentation":"

    The ability to enable approvals for flow share.

    " + }, + "UseBedrockModels":{ + "shape":"CapabilityState", + "documentation":"

    The ability to use Bedrock models for general knowledge step in flows.

    " + }, + "PerformFlowUiTask":{ + "shape":"CapabilityState", + "documentation":"

    The ability to use UI Agent step to perform tasks on public websites.

    " + }, + "UseAgentWebSearch":{ + "shape":"CapabilityState", + "documentation":"

    The ability to use internet to enhance results in Chat Agents, Flows, and Quick Research. Web search queries will be processed securely in an Amazon Web Services region us-east-1.

    " + }, + "KnowledgeBase":{ + "shape":"CapabilityState", + "documentation":"

    The ability to use knowledge bases to specify content from external applications.

    " + }, + "Action":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform actions in external services through Action connectors. Actions allow users to interact with third-party systems.

    " + }, + "Space":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform space-related actions.

    " + }, + "ChatAgent":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform chat-related actions.

    " + }, + "CreateChatAgents":{ + "shape":"CapabilityState", + "documentation":"

    The ability to create chat agents.

    " + }, + "Research":{ + "shape":"CapabilityState", + "documentation":"

    The ability to perform research-related actions.

    " } }, - "documentation":"

    A set of actions that correspond to Amazon QuickSight permissions.

    " + "documentation":"

    A set of actions that correspond to Amazon Quick Sight permissions.

    " }, "CapabilityState":{ "type":"string", @@ -7525,11 +8488,40 @@ }, "Format":{ "shape":"TypeCastFormat", - "documentation":"

    When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.

    " + "documentation":"

    When casting a column from string to datetime type, you can supply a string in a format supported by Quick Sight to denote the source data format.

    " } }, "documentation":"

    A transform operation that casts a column to a different type.

    " }, + "CastColumnTypeOperationList":{ + "type":"list", + "member":{"shape":"CastColumnTypeOperation"}, + "max":2048, + "min":0 + }, + "CastColumnTypesOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "CastColumnTypeOperations" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for the type casting.

    " + }, + "CastColumnTypeOperations":{ + "shape":"CastColumnTypeOperationList", + "documentation":"

    The list of column type casting operations to perform.

    " + } + }, + "documentation":"

    A transform operation that changes the data types of one or more columns in the dataset.

    " + }, "Catalog":{ "type":"string", "max":128 @@ -7636,18 +8628,18 @@ "documentation":"

    The default configurations for the associated controls. This applies only for filters that are scoped to multiple sheets.

    " } }, - "documentation":"

    A CategoryFilter filters text values.

    For more information, see Adding text filters in the Amazon QuickSight User Guide.

    " + "documentation":"

    A CategoryFilter filters text values.

    For more information, see Adding text filters in the Amazon Quick Suite User Guide.

    " }, "CategoryFilterConfiguration":{ "type":"structure", "members":{ "FilterListConfiguration":{ "shape":"FilterListConfiguration", - "documentation":"

    A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.

    " + "documentation":"

    A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.

    " }, "CustomFilterListConfiguration":{ "shape":"CustomFilterListConfiguration", - "documentation":"

    A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.

    " + "documentation":"

    A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.

    " }, "CustomFilterConfiguration":{ "shape":"CustomFilterConfiguration", @@ -7708,6 +8700,11 @@ "member":{"shape":"CategoryValue"}, "max":100000 }, + "CellValue":{ + "type":"string", + "max":2047, + "min":0 + }, "CellValueSynonym":{ "type":"structure", "members":{ @@ -7744,6 +8741,74 @@ }, "documentation":"

    The label options for an axis on a chart.

    " }, + "ClientCredentialsDetails":{ + "type":"structure", + "members":{ + "ClientCredentialsGrantDetails":{ + "shape":"ClientCredentialsGrantDetails", + "documentation":"

    The OAuth2 client credentials grant configuration details for authentication.

    " + } + }, + "documentation":"

    Details for OAuth 2.0 client credentials grant authentication.

    ", + "union":true + }, + "ClientCredentialsGrantDetails":{ + "type":"structure", + "required":[ + "ClientId", + "ClientSecret", + "TokenEndpoint" + ], + "members":{ + "ClientId":{ + "shape":"ClientId", + "documentation":"

    The client identifier issued to the client during the registration process with the authorization server.

    " + }, + "ClientSecret":{ + "shape":"ClientSecret", + "documentation":"

    The client secret issued to the client during the registration process with the authorization server.

    " + }, + "TokenEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The authorization server endpoint used to obtain access tokens via the client credentials grant flow.

    " + } + }, + "documentation":"

    Configuration details for OAuth2 client credentials grant flow, including client ID, client secret, token endpoint, and optional scopes.

    " + }, + "ClientCredentialsGrantMetadata":{ + "type":"structure", + "required":["BaseEndpoint"], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for the external service.

    " + }, + "ClientCredentialsSource":{ + "shape":"ClientCredentialsSource", + "documentation":"

    The source of the client credentials configuration.

    " + }, + "ClientCredentialsDetails":{ + "shape":"ClientCredentialsDetails", + "documentation":"

    The detailed client credentials configuration including client ID, client secret, and token endpoint.

    " + } + }, + "documentation":"

    Configuration for OAuth 2.0 client credentials grant authentication, including client ID, client secret, token endpoint, and optional scopes.

    " + }, + "ClientCredentialsSource":{ + "type":"string", + "enum":["PLAIN_CREDENTIALS"] + }, + "ClientId":{ + "type":"string", + "max":1024, + "min":0 + }, + "ClientSecret":{ + "type":"string", + "max":2048, + "min":0, + "sensitive":true + }, "ClusterId":{ "type":"string", "max":64, @@ -7923,7 +8988,7 @@ "documentation":"

    Geospatial column group that denotes a hierarchy.

    " } }, - "documentation":"

    Groupings of columns that work together in certain Amazon QuickSight features. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " + "documentation":"

    Groupings of columns that work together in certain Quick Sight features. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " }, "ColumnGroupColumnSchema":{ "type":"structure", @@ -8021,15 +9086,20 @@ "members":{ "Principals":{ "shape":"PrincipalList", - "documentation":"

    An array of Amazon Resource Names (ARNs) for Amazon QuickSight users or groups.

    " + "documentation":"

    An array of Amazon Resource Names (ARNs) for Quick Sight users or groups.

    " }, "ColumnNames":{ - "shape":"ColumnNameList", + "shape":"ColumnLevelPermissionRuleColumnNameList", "documentation":"

    An array of column names.

    " } }, "documentation":"

    A rule defined to grant access on one or more restricted columns. Each dataset can have multiple rules. To create a restricted column, you add it to one or more rules. Each rule must contain at least one column and at least one user or group. To be able to see a restricted column, a user or group needs to be added to a rule for that column.

    " }, + "ColumnLevelPermissionRuleColumnNameList":{ + "type":"list", + "member":{"shape":"String"}, + "min":1 + }, "ColumnLevelPermissionRuleList":{ "type":"list", "member":{"shape":"ColumnLevelPermissionRule"}, @@ -8046,11 +9116,6 @@ "max":128, "min":1 }, - "ColumnNameList":{ - "type":"list", - "member":{"shape":"String"}, - "min":1 - }, "ColumnOrderingType":{ "type":"string", "enum":[ @@ -8139,6 +9204,26 @@ "type":"list", "member":{"shape":"ColumnTagName"} }, + "ColumnToUnpivot":{ + "type":"structure", + "members":{ + "ColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the column to unpivot from the source data.

    " + }, + "NewValue":{ + "shape":"CellValue", + "documentation":"

    The value to assign to this column in the unpivoted result, typically the column name or a descriptive label.

    " + } + }, + "documentation":"

    Specifies a column to be unpivoted, transforming it from a column into rows with associated values.

    " + }, + "ColumnToUnpivotList":{ + "type":"list", + "member":{"shape":"ColumnToUnpivot"}, + "max":100, + "min":0 + }, "ColumnTooltipItem":{ "type":"structure", "required":["Column"], @@ -8328,7 +9413,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A combo chart.

    The ComboChartVisual includes stacked bar combo charts and clustered bar combo charts

    For more information, see Using combo charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A combo chart.

    The ComboChartVisual includes stacked bar combo charts and clustered bar combo charts

    For more information, see Using combo charts in the Amazon Quick Suite User Guide.

    " }, "CommitMode":{ "type":"string", @@ -8626,6 +9711,28 @@ "error":{"httpStatusCode":409}, "exception":true }, + "ConfluenceParameters":{ + "type":"structure", + "required":["ConfluenceUrl"], + "members":{ + "ConfluenceUrl":{ + "shape":"SiteBaseUrl", + "documentation":"

    The URL of the Confluence site to connect to.

    " + } + }, + "documentation":"

    The parameters that are required to connect to a Confluence data source

    " + }, + "ConnectionAuthType":{ + "type":"string", + "enum":[ + "BASIC", + "API_KEY", + "OAUTH2_CLIENT_CREDENTIALS", + "NONE", + "IAM", + "OAUTH2_AUTHORIZATION_CODE" + ] + }, "ConstantType":{ "type":"string", "enum":[ @@ -8648,6 +9755,16 @@ }, "documentation":"

    The context menu options for a visual's interactions.

    " }, + "ContextualAccentPalette":{ + "type":"structure", + "members":{ + "Connection":{"shape":"Palette"}, + "Visualization":{"shape":"Palette"}, + "Insight":{"shape":"Palette"}, + "Automation":{"shape":"Palette"} + }, + "documentation":"

    The contextual accent palette.

    " + }, "ContributionAnalysisDefault":{ "type":"structure", "required":[ @@ -8737,19 +9854,19 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to customize Amazon QuickSight for.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to customize Quick Sight for.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that you want to add customizations to.

    ", + "documentation":"

    The Quick Sight namespace that you want to add customizations to.

    ", "location":"querystring", "locationName":"namespace" }, "AccountCustomization":{ "shape":"AccountCustomization", - "documentation":"

    The Amazon QuickSight customizations you're adding in the current Amazon Web Services Region. You can add these to an Amazon Web Services account and a QuickSight namespace.

    For example, you can add a default theme by setting AccountCustomization to the midnight theme: \"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight::aws:theme/MIDNIGHT\" }. Or, you can add a custom theme by specifying \"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight:us-west-2:111122223333:theme/bdb844d0-0fe9-4d9d-b520-0fe602d93639\" }.

    " + "documentation":"

    The Quick Sight customizations you're adding. You can add these to an Amazon Web Services account and a QuickSight namespace.

    For example, you can add a default theme by setting AccountCustomization to the midnight theme: \"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight::aws:theme/MIDNIGHT\" }. Or, you can add a custom theme by specifying \"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight:us-west-2:111122223333:theme/bdb844d0-0fe9-4d9d-b520-0fe602d93639\" }.

    " }, "Tags":{ "shape":"TagList", @@ -8766,7 +9883,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to customize Amazon QuickSight for.

    " + "documentation":"

    The ID for the Amazon Web Services account that you want to customize Quick Sight for.

    " }, "Namespace":{ "shape":"Namespace", @@ -8774,7 +9891,7 @@ }, "AccountCustomization":{ "shape":"AccountCustomization", - "documentation":"

    The Amazon QuickSight customizations you're adding in the current Amazon Web Services Region.

    " + "documentation":"

    The Quick Sight customizations you're adding.

    " }, "RequestId":{ "shape":"String", @@ -8798,77 +9915,77 @@ "members":{ "Edition":{ "shape":"Edition", - "documentation":"

    The edition of Amazon QuickSight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q.

    If you choose ENTERPRISE_AND_Q, the following parameters are required:

    • FirstName

    • LastName

    • EmailAddress

    • ContactNumber

    " + "documentation":"

    The edition of Amazon Quick Sight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q.

    If you choose ENTERPRISE_AND_Q, the following parameters are required:

    • FirstName

    • LastName

    • EmailAddress

    • ContactNumber

    " }, "AuthenticationMethod":{ "shape":"AuthenticationMethodOption", - "documentation":"

    The method that you want to use to authenticate your Amazon QuickSight account.

    If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup associated with your Active Directory.

    If you choose IAM_IDENTITY_CENTER, provide an AdminGroup associated with your IAM Identity Center account.

    " + "documentation":"

    The method that you want to use to authenticate your Quick Sight account.

    If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup associated with your Active Directory.

    If you choose IAM_IDENTITY_CENTER, provide an AdminGroup associated with your IAM Identity Center account.

    " }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The Amazon Web Services account ID of the account that you're using to create your Amazon QuickSight account.

    ", + "documentation":"

    The Amazon Web Services account ID of the account that you're using to create your Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, "AccountName":{ "shape":"AccountName", - "documentation":"

    The name of your Amazon QuickSight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in. You can't change AccountName value after the Amazon QuickSight account is created.

    " + "documentation":"

    The name of your Amazon Quick Sight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in. You can't change AccountName value after the Amazon Quick Sight account is created.

    " }, "NotificationEmail":{ "shape":"String", - "documentation":"

    The email address that you want Amazon QuickSight to send notifications to regarding your Amazon QuickSight account or Amazon QuickSight subscription.

    " + "documentation":"

    The email address that you want Quick Sight to send notifications to regarding your Quick Sight account or Quick Sight subscription.

    " }, "ActiveDirectoryName":{ "shape":"String", - "documentation":"

    The name of your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

    " + "documentation":"

    The name of your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Quick Sight account.

    " }, "Realm":{ "shape":"String", - "documentation":"

    The realm of the Active Directory that is associated with your Amazon QuickSight account. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

    " + "documentation":"

    The realm of the Active Directory that is associated with your Quick Sight account. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Quick Sight account.

    " }, "DirectoryId":{ "shape":"String", - "documentation":"

    The ID of the Active Directory that is associated with your Amazon QuickSight account.

    " + "documentation":"

    The ID of the Active Directory that is associated with your Quick Sight account.

    " }, "AdminGroup":{ "shape":"GroupsList", - "documentation":"

    The admin group associated with your Active Directory or IAM Identity Center account. Either this field or the AdminProGroup field is required if ACTIVE_DIRECTORY or IAM_IDENTITY_CENTER is the selected authentication method of the new Amazon QuickSight account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The admin group associated with your Active Directory or IAM Identity Center account. Either this field or the AdminProGroup field is required if ACTIVE_DIRECTORY or IAM_IDENTITY_CENTER is the selected authentication method of the new Quick Sight account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "AuthorGroup":{ "shape":"GroupsList", - "documentation":"

    The author group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The author group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "ReaderGroup":{ "shape":"GroupsList", - "documentation":"

    The reader group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The reader group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "AdminProGroup":{ "shape":"GroupsList", - "documentation":"

    The admin pro group associated with your Active Directory or IAM Identity Center account. Either this field or the AdminGroup field is required if ACTIVE_DIRECTORY or IAM_IDENTITY_CENTER is the selected authentication method of the new Amazon QuickSight account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The admin pro group associated with your Active Directory or IAM Identity Center account. Either this field or the AdminGroup field is required if ACTIVE_DIRECTORY or IAM_IDENTITY_CENTER is the selected authentication method of the new Quick Sight account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "AuthorProGroup":{ "shape":"GroupsList", - "documentation":"

    The author pro group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The author pro group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "ReaderProGroup":{ "shape":"GroupsList", - "documentation":"

    The reader pro group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon QuickSight, see Using IAM Identity Center with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

    " + "documentation":"

    The reader pro group associated with your Active Directory or IAM Identity Center account.

    For more information about using IAM Identity Center in Amazon Quick Sight, see Using IAM Identity Center with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide. For more information about using Active Directory in Amazon Quick Sight, see Using Active Directory with Amazon Quick Sight Enterprise Edition in the Amazon Quick Sight User Guide.

    " }, "FirstName":{ "shape":"String", - "documentation":"

    The first name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

    " + "documentation":"

    The first name of the author of the Amazon Quick Sight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon Quick Sight account.

    " }, "LastName":{ "shape":"String", - "documentation":"

    The last name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

    " + "documentation":"

    The last name of the author of the Amazon Quick Sight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon Quick Sight account.

    " }, "EmailAddress":{ "shape":"String", - "documentation":"

    The email address of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

    " + "documentation":"

    The email address of the author of the Amazon Quick Sight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon Quick Sight account.

    " }, "ContactNumber":{ "shape":"String", - "documentation":"

    A 10-digit phone number for the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

    " + "documentation":"

    A 10-digit phone number for the author of the Amazon Quick Sight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon Quick Sight account.

    " }, "IAMIdentityCenterInstanceArn":{ "shape":"String", @@ -8881,7 +9998,7 @@ "members":{ "SignupResponse":{ "shape":"SignupResponse", - "documentation":"

    A SignupResponse object that returns information about a newly created Amazon QuickSight account.

    " + "documentation":"

    A SignupResponse object that returns information about a newly created Quick Sight account.

    " }, "Status":{ "shape":"StatusCode", @@ -8894,6 +10011,82 @@ } } }, + "CreateActionConnectorRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId", + "Name", + "Type", + "AuthenticationConfig" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID associated with the action connector.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    A unique identifier for the action connector. This ID must be unique within the Amazon Web Services account. The ActionConnectorId must not start with the prefix quicksuite-

    " + }, + "Name":{ + "shape":"ActionConnectorName", + "documentation":"

    A descriptive name for the action connector.

    " + }, + "Type":{ + "shape":"ActionConnectorType", + "documentation":"

    The type of action connector.

    " + }, + "AuthenticationConfig":{ + "shape":"AuthConfig", + "documentation":"

    The authentication configuration for connecting to the external service. This includes the authentication type, base URL, and authentication metadata such as client credentials or API keys.

    " + }, + "Description":{ + "shape":"ActionConnectorDescription", + "documentation":"

    An optional description of the action connector.

    " + }, + "Permissions":{ + "shape":"ResourcePermissionList", + "documentation":"

    The permissions configuration that defines which users, groups, or namespaces can access this action connector and what operations they can perform.

    " + }, + "VpcConnectionArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the VPC connection to use for secure connectivity to the external service.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    A list of tags to apply to the action connector for resource management and organization.

    " + } + } + }, + "CreateActionConnectorResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the created action connector.

    " + }, + "CreationStatus":{ + "shape":"ResourceStatus", + "documentation":"

    The creation status of the action connector.

    " + }, + "ActionConnectorId":{ + "shape":"String", + "documentation":"

    The unique identifier of the created action connector.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, "CreateAnalysisRequest":{ "type":"structure", "required":[ @@ -8916,7 +10109,7 @@ }, "Name":{ "shape":"AnalysisName", - "documentation":"

    A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon QuickSight console.

    " + "documentation":"

    A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon Quick Sight console.

    " }, "Parameters":{ "shape":"Parameters", @@ -8932,7 +10125,7 @@ }, "ThemeArn":{ "shape":"Arn", - "documentation":"

    The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon QuickSight console, make sure that you have access to it.

    " + "documentation":"

    The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon Quick Sight console, make sure that you have access to it.

    " }, "Tags":{ "shape":"TagList", @@ -8948,7 +10141,7 @@ }, "FolderArns":{ "shape":"FolderArnList", - "documentation":"

    When you create the analysis, Amazon QuickSight adds the analysis to these folders.

    " + "documentation":"

    When you create the analysis, Amazon Quick Sight adds the analysis to these folders.

    " } } }, @@ -8993,7 +10186,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" }, @@ -9028,6 +10221,14 @@ "type":"structure", "required":["Columns"], "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for creating new calculated columns.

    " + }, "Columns":{ "shape":"CalculatedColumnList", "documentation":"

    Calculated columns to create.

    " @@ -9113,7 +10314,7 @@ }, "SourceEntity":{ "shape":"DashboardSourceEntity", - "documentation":"

    The entity that you are using as a source when you create the dashboard. In SourceEntity, you specify the type of object you're using as source. You can only create a dashboard from a template, so you use a SourceTemplate entity. If you need to create a dashboard from an analysis, first convert the analysis to a template by using the CreateTemplate API operation. For SourceTemplate, specify the Amazon Resource Name (ARN) of the source template. The SourceTemplateARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    Either a SourceEntity or a Definition must be provided in order for the request to be valid.

    " + "documentation":"

    The entity that you are using as a source when you create the dashboard. In SourceEntity, you specify the type of object you're using as source. You can only create a dashboard from a template, so you use a SourceTemplate entity. If you need to create a dashboard from an analysis, first convert the analysis to a template by using the CreateTemplate API operation. For SourceTemplate, specify the Amazon Resource Name (ARN) of the source template. The SourceTemplateARN can contain any Amazon Web Services account and any Amazon Quick Sight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    Either a SourceEntity or a Definition must be provided in order for the request to be valid.

    " }, "Tags":{ "shape":"TagList", @@ -9125,7 +10326,7 @@ }, "DashboardPublishOptions":{ "shape":"DashboardPublishOptions", - "documentation":"

    Options for publishing the dashboard when you create it:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    " + "documentation":"

    Options for publishing the dashboard when you create it:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    • AvailabilityStatus for QuickSuiteActionsOption - This status can be either ENABLED or DISABLED. Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to DISABLED. This option is DISABLED by default.

    • AvailabilityStatus for ExecutiveSummaryOption - This status can be either ENABLED or DISABLED. The option to build an executive summary is disabled when this is set to DISABLED. This option is ENABLED by default.

    • AvailabilityStatus for DataStoriesSharingOption - This status can be either ENABLED or DISABLED. The option to share a data story is disabled when this is set to DISABLED. This option is ENABLED by default.

    " }, "ThemeArn":{ "shape":"Arn", @@ -9141,7 +10342,7 @@ }, "FolderArns":{ "shape":"FolderArnList", - "documentation":"

    When you create the dashboard, Amazon QuickSight adds the dashboard to these folders.

    " + "documentation":"

    When you create the dashboard, Amazon Quick Sight adds the dashboard to these folders.

    " }, "LinkSharingConfiguration":{ "shape":"LinkSharingConfiguration", @@ -9213,7 +10414,10 @@ }, "LogicalTableMap":{ "shape":"LogicalTableMap", - "documentation":"

    Configures the combination and transformation of the data from the physical tables.

    " + "documentation":"

    Configures the combination and transformation of the data from the physical tables. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "ImportMode":{ "shape":"DataSetImportMode", @@ -9221,7 +10425,7 @@ }, "ColumnGroups":{ "shape":"ColumnGroupList", - "documentation":"

    Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

    " + "documentation":"

    Groupings of columns that work together in certain Amazon Quick Sight features. Currently, only geospatial hierarchy is supported.

    " }, "FieldFolders":{ "shape":"FieldFolderMap", @@ -9233,11 +10437,17 @@ }, "RowLevelPermissionDataSet":{ "shape":"RowLevelPermissionDataSet", - "documentation":"

    The row-level security configuration for the data that you want to create.

    " + "documentation":"

    The row-level security configuration for the data that you want to create. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "RowLevelPermissionTagConfiguration":{ "shape":"RowLevelPermissionTagConfiguration", - "documentation":"

    The configuration of tags on a dataset to set row-level security. Row-level security tags are currently supported for anonymous embedding only.

    " + "documentation":"

    The configuration of tags on a dataset to set row-level security. Row-level security tags are currently supported for anonymous embedding only. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "ColumnLevelPermissionRules":{ "shape":"ColumnLevelPermissionRuleList", @@ -9254,11 +10464,23 @@ }, "FolderArns":{ "shape":"FolderArnList", - "documentation":"

    When you create the dataset, Amazon QuickSight adds the dataset to these folders.

    " + "documentation":"

    When you create the dataset, Amazon Quick Sight adds the dataset to these folders.

    " }, "PerformanceConfiguration":{ "shape":"PerformanceConfiguration", "documentation":"

    The configuration for the performance optimization of the dataset that contains a UniqueKey configuration.

    " + }, + "UseAs":{ + "shape":"DataSetUseAs", + "documentation":"

    The usage of the dataset. RLS_RULES must be specified for RLS permission datasets.

    " + }, + "DataPrepConfiguration":{ + "shape":"DataPrepConfiguration", + "documentation":"

    The data preparation configuration for the dataset. This configuration defines the source tables, transformation steps, and destination tables used to prepare the data. Required when using the new data preparation experience.

    " + }, + "SemanticModelConfiguration":{ + "shape":"SemanticModelConfiguration", + "documentation":"

    The semantic model configuration for the dataset. This configuration defines how the prepared data is structured for an analysis, including table mappings and row-level security configurations. Required when using the new data preparation experience.

    " } } }, @@ -9321,11 +10543,11 @@ }, "DataSourceParameters":{ "shape":"DataSourceParameters", - "documentation":"

    The parameters that Amazon QuickSight uses to connect to your underlying source.

    " + "documentation":"

    The parameters that Amazon Quick Sight uses to connect to your underlying source.

    " }, "Credentials":{ "shape":"DataSourceCredentials", - "documentation":"

    The credentials Amazon QuickSight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.

    " + "documentation":"

    The credentials Amazon Quick Sight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.

    " }, "Permissions":{ "shape":"ResourcePermissionList", @@ -9333,11 +10555,11 @@ }, "VpcConnectionProperties":{ "shape":"VpcConnectionProperties", - "documentation":"

    Use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source.

    " + "documentation":"

    Use this parameter only when you want Amazon Quick Sight to use a VPC connection when connecting to your underlying source.

    " }, "SslProperties":{ "shape":"SslProperties", - "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.

    " + "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon Quick Sight connects to your underlying source.

    " }, "Tags":{ "shape":"TagList", @@ -9345,7 +10567,7 @@ }, "FolderArns":{ "shape":"FolderArnList", - "documentation":"

    When you create the data source, Amazon QuickSight adds the data source to these folders.

    " + "documentation":"

    When you create the data source, Amazon Quick Sight adds the data source to these folders.

    " } } }, @@ -9517,7 +10739,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9565,7 +10787,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9608,7 +10830,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon Web Services account where you want to assign an IAM policy to Amazon QuickSight users or groups.

    ", + "documentation":"

    The ID of the Amazon Web Services account where you want to assign an IAM policy to Amazon Quick Sight users or groups.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9622,11 +10844,11 @@ }, "PolicyArn":{ "shape":"Arn", - "documentation":"

    The ARN for the IAM policy to apply to the Amazon QuickSight users and groups specified in this assignment.

    " + "documentation":"

    The ARN for the IAM policy to apply to the Amazon Quick Sight users and groups specified in this assignment.

    " }, "Identities":{ "shape":"IdentityMap", - "documentation":"

    The Amazon QuickSight users, groups, or both that you want to assign the policy to.

    " + "documentation":"

    The Amazon Quick Sight users, groups, or both that you want to assign the policy to.

    " }, "Namespace":{ "shape":"Namespace", @@ -9653,11 +10875,11 @@ }, "PolicyArn":{ "shape":"Arn", - "documentation":"

    The ARN for the IAM policy that is applied to the Amazon QuickSight users and groups specified in this assignment.

    " + "documentation":"

    The ARN for the IAM policy that is applied to the Amazon Quick Sight users and groups specified in this assignment.

    " }, "Identities":{ "shape":"IdentityMap", - "documentation":"

    The Amazon QuickSight users, groups, or both that the IAM policy is assigned to.

    " + "documentation":"

    The Amazon Quick Sight users, groups, or both that the IAM policy is assigned to.

    " }, "RequestId":{ "shape":"String", @@ -9738,7 +10960,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create the Amazon QuickSight namespace in.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create the Quick Sight namespace in.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9761,7 +10983,7 @@ "members":{ "Arn":{ "shape":"Arn", - "documentation":"

    The ARN of the Amazon QuickSight namespace you created.

    " + "documentation":"

    The ARN of the Quick Sight namespace you created.

    " }, "Name":{ "shape":"Namespace", @@ -9855,7 +11077,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9910,7 +11132,7 @@ }, "AliasName":{ "shape":"AliasName", - "documentation":"

    The name that you want to give to the template alias that you're creating. Don't start the alias name with the $ character. Alias names that start with $ are reserved by Amazon QuickSight.

    ", + "documentation":"

    The name that you want to give to the template alias that you're creating. Don't start the alias name with the $ character. Alias names that start with $ are reserved by Quick Sight.

    ", "location":"uri", "locationName":"AliasName" }, @@ -9947,7 +11169,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. You use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. You use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -9967,7 +11189,7 @@ }, "SourceEntity":{ "shape":"TemplateSourceEntity", - "documentation":"

    The entity that you are using as a source when you create the template. In SourceEntity, you specify the type of object you're using as source: SourceTemplate for a template or SourceAnalysis for an analysis. Both of these require an Amazon Resource Name (ARN). For SourceTemplate, specify the ARN of the source template. For SourceAnalysis, specify the ARN of the source analysis. The SourceTemplate ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate or SourceAnalysis to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    Either a SourceEntity or a Definition must be provided in order for the request to be valid.

    " + "documentation":"

    The entity that you are using as a source when you create the template. In SourceEntity, you specify the type of object you're using as source: SourceTemplate for a template or SourceAnalysis for an analysis. Both of these require an Amazon Resource Name (ARN). For SourceTemplate, specify the ARN of the source template. For SourceAnalysis, specify the ARN of the source analysis. The SourceTemplate ARN can contain any Amazon Web Services account and any Quick Sight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate or SourceAnalysis to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    Either a SourceEntity or a Definition must be provided in order for the request to be valid.

    " }, "Tags":{ "shape":"TagList", @@ -10040,7 +11262,7 @@ }, "AliasName":{ "shape":"AliasName", - "documentation":"

    The name that you want to give to the theme alias that you are creating. The alias name can't begin with a $. Alias names that start with $ are reserved by Amazon QuickSight.

    ", + "documentation":"

    The name that you want to give to the theme alias that you are creating. The alias name can't begin with a $. Alias names that start with $ are reserved by Amazon Quick Sight.

    ", "location":"uri", "locationName":"AliasName" }, @@ -10096,7 +11318,7 @@ }, "BaseThemeId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use ListThemes or choose Themes from within an analysis.

    " + "documentation":"

    The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon Quick Sight. For a list of the starting themes, use ListThemes or choose Themes from within an analysis.

    " }, "VersionDescription":{ "shape":"VersionDescription", @@ -10236,6 +11458,10 @@ "FolderArns":{ "shape":"FolderArnList", "documentation":"

    The Folder ARN of the folder that you want the topic to reside in.

    " + }, + "CustomInstructions":{ + "shape":"CustomInstructions", + "documentation":"

    Custom instructions for the topic.

    " } } }, @@ -10540,6 +11766,16 @@ "member":{"shape":"CustomColor"}, "max":50 }, + "CustomConnectionParameters":{ + "type":"structure", + "members":{ + "ConnectionType":{ + "shape":"String", + "documentation":"

    The type of custom connector.

    " + } + }, + "documentation":"

    The parameters that are required to connect to a custom connection data source.

    " + }, "CustomContentConfiguration":{ "type":"structure", "members":{ @@ -10614,7 +11850,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A visual that contains custom content.

    For more information, see Using custom visual content in the Amazon QuickSight User Guide.

    " + "documentation":"

    A visual that contains custom content.

    For more information, see Using custom visual content in the Amazon Quick Suite User Guide.

    " }, "CustomFilterConfiguration":{ "type":"structure", @@ -10672,6 +11908,22 @@ }, "documentation":"

    A list of custom filter values.

    " }, + "CustomInstructions":{ + "type":"structure", + "required":["CustomInstructionsString"], + "members":{ + "CustomInstructionsString":{ + "shape":"CustomInstructionsString", + "documentation":"

    A text field for providing additional guidance or context for response generation.

    " + } + }, + "documentation":"

    Instructions that provide additional guidance and context for response generation.

    " + }, + "CustomInstructionsString":{ + "type":"string", + "max":5000, + "sensitive":true + }, "CustomLabel":{ "type":"string", "max":2048, @@ -10767,7 +12019,7 @@ }, "CustomSqlName":{ "type":"string", - "max":64, + "max":128, "min":1 }, "CustomValuesConfiguration":{ @@ -10791,7 +12043,7 @@ "documentation":"

    The Amazon Web Services request ID for this operation.

    " } }, - "documentation":"

    The customer managed key that is registered to your Amazon QuickSight account is unavailable.

    ", + "documentation":"

    The customer managed key that is registered to your Amazon Quick Sight account is unavailable.

    ", "error":{"httpStatusCode":400}, "exception":true }, @@ -10943,6 +12195,22 @@ "DataPointTooltipOption":{ "shape":"DataPointTooltipOption", "documentation":"

    The data point tool tip options of a dashboard.

    " + }, + "DataQAEnabledOption":{ + "shape":"DataQAEnabledOption", + "documentation":"

    Adds Q&A capabilities to an Quick Sight dashboard. If no topic is linked, Dashboard Q&A uses the data values that are rendered on the dashboard. End users can use Dashboard Q&A to ask for different slices of the data that they see on the dashboard. If a topic is linked, Topic Q&A is used.

    " + }, + "QuickSuiteActionsOption":{ + "shape":"QuickSuiteActionsOption", + "documentation":"

    Determines if Actions in Amazon Quick Suite are enabled in a dashboard.

    " + }, + "ExecutiveSummaryOption":{ + "shape":"ExecutiveSummaryOption", + "documentation":"

    Executive summary option.

    " + }, + "DataStoriesSharingOption":{ + "shape":"DataStoriesSharingOption", + "documentation":"

    Data stories sharing option.

    " } }, "documentation":"

    Dashboard publish options.

    " @@ -11110,11 +12378,11 @@ }, "ParameterDeclarations":{ "shape":"ParameterDeclarationList", - "documentation":"

    The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "FilterGroups":{ "shape":"FilterGroupList", - "documentation":"

    The filter definitions for a dashboard.

    For more information, see Filtering Data in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    The filter definitions for a dashboard.

    For more information, see Filtering Data in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "ColumnConfigurations":{ "shape":"ColumnConfigurationList", @@ -11177,18 +12445,18 @@ "members":{ "DashboardId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the dashboard that has the visual that you want to embed. The DashboardId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console. You can also get the DashboardId with a ListDashboards API operation.

    " + "documentation":"

    The ID of the dashboard that has the visual that you want to embed. The DashboardId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Quick Suite console. You can also get the DashboardId with a ListDashboards API operation.

    " }, "SheetId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the sheet that the has visual that you want to embed. The SheetId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console.

    " + "documentation":"

    The ID of the sheet that the has visual that you want to embed. The SheetId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Quick Suite console.

    " }, "VisualId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the visual that you want to embed. The VisualID can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console.

    " + "documentation":"

    The ID of the visual that you want to embed. The VisualID can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon Quick Sight console.

    " } }, - "documentation":"

    A structure that contains the following elements:

    • The DashboardId of the dashboard that has the visual that you want to embed.

    • The SheetId of the sheet that has the visual that you want to embed.

    • The VisualId of the visual that you want to embed.

    The DashboardId, SheetId, and VisualId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon QuickSight console. You can also get the DashboardId with a ListDashboards API operation.

    " + "documentation":"

    A structure that contains the following elements:

    • The DashboardId of the dashboard that has the visual that you want to embed.

    • The SheetId of the sheet that has the visual that you want to embed.

    • The VisualId of the visual that you want to embed.

    The DashboardId, SheetId, and VisualId can be found in the IDs for developers section of the Embed visual pane of the visual's on-visual menu of the Amazon Quick Sight console. You can also get the DashboardId with a ListDashboards API operation.

    " }, "DashboardVisualPublishOptions":{ "type":"structure", @@ -11566,6 +12834,112 @@ }, "documentation":"

    The data point tooltip options.

    " }, + "DataPrepAggregationFunction":{ + "type":"structure", + "members":{ + "SimpleAggregation":{ + "shape":"DataPrepSimpleAggregationFunction", + "documentation":"

    A simple aggregation function such as SUM, COUNT, AVERAGE, MIN, MAX, MEDIAN, VARIANCE, or STANDARD_DEVIATION.

    " + }, + "ListAggregation":{ + "shape":"DataPrepListAggregationFunction", + "documentation":"

    A list aggregation function that concatenates values from multiple rows into a single delimited string.

    " + } + }, + "documentation":"

    Defines the type of aggregation function to apply to data during data preparation, supporting simple and list aggregations.

    " + }, + "DataPrepConfiguration":{ + "type":"structure", + "required":[ + "SourceTableMap", + "TransformStepMap", + "DestinationTableMap" + ], + "members":{ + "SourceTableMap":{ + "shape":"SourceTableMap", + "documentation":"

    A map of source tables that provide information about underlying sources.

    " + }, + "TransformStepMap":{ + "shape":"TransformStepMap", + "documentation":"

    A map of transformation steps that process the data.

    " + }, + "DestinationTableMap":{ + "shape":"DestinationTableMap", + "documentation":"

    A map of destination tables that receive the final prepared data.

    " + } + }, + "documentation":"

    Configuration for data preparation operations, defining the complete pipeline from source tables through transformations to destination tables.

    " + }, + "DataPrepListAggregationFunction":{ + "type":"structure", + "required":[ + "Separator", + "Distinct" + ], + "members":{ + "InputColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the column containing values to be concatenated.

    " + }, + "Separator":{ + "shape":"Separator", + "documentation":"

    The string used to separate values in the concatenated result.

    " + }, + "Distinct":{ + "shape":"Boolean", + "documentation":"

    Whether to include only distinct values in the concatenated result, removing duplicates.

    " + } + }, + "documentation":"

    An aggregation function that concatenates values from multiple rows into a single string with a specified separator.

    " + }, + "DataPrepSimpleAggregationFunction":{ + "type":"structure", + "required":["FunctionType"], + "members":{ + "InputColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the column on which to perform the aggregation function.

    " + }, + "FunctionType":{ + "shape":"DataPrepSimpleAggregationFunctionType", + "documentation":"

    The type of aggregation function to perform, such as COUNT, SUM, AVERAGE, MIN, MAX, MEDIAN, VARIANCE, or STANDARD_DEVIATION.

    " + } + }, + "documentation":"

    A simple aggregation function that performs standard statistical operations on a column.

    " + }, + "DataPrepSimpleAggregationFunctionType":{ + "type":"string", + "enum":[ + "COUNT", + "DISTINCT_COUNT", + "SUM", + "AVERAGE", + "MAX", + "MIN" + ] + }, + "DataQAEnabledOption":{ + "type":"structure", + "members":{ + "AvailabilityStatus":{ + "shape":"DashboardBehavior", + "documentation":"

    The status of the Data Q&A option on the dashboard.

    " + } + }, + "documentation":"

    Adds Q&A capabilities to a dashboard. If no topic is linked, Dashboard Q&A uses the data values that are rendered on the dashboard. End users can use Dashboard Q&A to ask for different slices of the data that they see on the dashboard. If a topic is linked, Topic Q&A is enabled.

    " + }, + "DataQnAConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The generative Q&A settings of an embedded Quick Sight console.

    " + } + }, + "documentation":"

    The generative Q&A settings of an embedded Quick Sight console.

    " + }, "DataSet":{ "type":"structure", "members":{ @@ -11575,7 +12949,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID of the dataset.

    " + "documentation":"

    The ID of the dataset. Limited to 96 characters.

    " }, "Name":{ "shape":"ResourceName", @@ -11611,7 +12985,7 @@ }, "ColumnGroups":{ "shape":"ColumnGroupList", - "documentation":"

    Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

    " + "documentation":"

    Groupings of columns that work together in certain Quick Sight features. Currently, only geospatial hierarchy is supported.

    " }, "FieldFolders":{ "shape":"FieldFolderMap", @@ -11640,6 +13014,18 @@ "PerformanceConfiguration":{ "shape":"PerformanceConfiguration", "documentation":"

    The performance optimization configuration of a dataset.

    " + }, + "UseAs":{ + "shape":"DataSetUseAs", + "documentation":"

    The usage of the dataset.

    " + }, + "DataPrepConfiguration":{ + "shape":"DataPrepConfiguration", + "documentation":"

    The data preparation configuration associated with this dataset.

    " + }, + "SemanticModelConfiguration":{ + "shape":"SemanticModelConfiguration", + "documentation":"

    The semantic model configuration associated with this dataset.

    " } }, "documentation":"

    Dataset.

    " @@ -11655,6 +13041,30 @@ "min":1, "sensitive":true }, + "DataSetColumnIdMapping":{ + "type":"structure", + "required":[ + "SourceColumnId", + "TargetColumnId" + ], + "members":{ + "SourceColumnId":{ + "shape":"ColumnId", + "documentation":"

    Source column ID.

    " + }, + "TargetColumnId":{ + "shape":"ColumnId", + "documentation":"

    Target column ID.

    " + } + }, + "documentation":"

    Maps a source column identifier to a target column identifier during transform operations.

    " + }, + "DataSetColumnIdMappingList":{ + "type":"list", + "member":{"shape":"DataSetColumnIdMapping"}, + "max":2048, + "min":1 + }, "DataSetConfiguration":{ "type":"structure", "members":{ @@ -11678,6 +13088,88 @@ "member":{"shape":"DataSetConfiguration"}, "max":30 }, + "DataSetDateComparisonFilterCondition":{ + "type":"structure", + "required":["Operator"], + "members":{ + "Operator":{ + "shape":"DataSetDateComparisonFilterOperator", + "documentation":"

    The comparison operator to use, such as BEFORE, BEFORE_OR_EQUALS_TO, AFTER, or AFTER_OR_EQUALS_TO.

    " + }, + "Value":{ + "shape":"DataSetDateFilterValue", + "documentation":"

    The date value to compare against.

    " + } + }, + "documentation":"

    A filter condition that compares date values using operators like BEFORE, AFTER, or their inclusive variants.

    " + }, + "DataSetDateComparisonFilterOperator":{ + "type":"string", + "enum":[ + "BEFORE", + "BEFORE_OR_EQUALS_TO", + "AFTER", + "AFTER_OR_EQUALS_TO" + ] + }, + "DataSetDateFilterCondition":{ + "type":"structure", + "members":{ + "ColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the date column to filter.

    " + }, + "ComparisonFilterCondition":{ + "shape":"DataSetDateComparisonFilterCondition", + "documentation":"

    A comparison-based filter condition for the date column.

    " + }, + "RangeFilterCondition":{ + "shape":"DataSetDateRangeFilterCondition", + "documentation":"

    A range-based filter condition for the date column, filtering values between minimum and maximum dates.

    " + } + }, + "documentation":"

    A filter condition for date columns, supporting both comparison and range-based filtering.

    " + }, + "DataSetDateFilterValue":{ + "type":"structure", + "members":{ + "StaticValue":{ + "shape":"SensitiveTimestamp", + "documentation":"

    A static date value used for filtering.

    " + } + }, + "documentation":"

    Represents a date value used in filter conditions.

    " + }, + "DataSetDateRangeFilterCondition":{ + "type":"structure", + "members":{ + "RangeMinimum":{ + "shape":"DataSetDateFilterValue", + "documentation":"

    The minimum date value for the range filter.

    " + }, + "RangeMaximum":{ + "shape":"DataSetDateFilterValue", + "documentation":"

    The maximum date value for the range filter.

    " + }, + "IncludeMinimum":{ + "shape":"Boolean", + "documentation":"

    Whether to include the minimum value in the filter range.

    ", + "box":true + }, + "IncludeMaximum":{ + "shape":"Boolean", + "documentation":"

    Whether to include the maximum value in the filter range.

    ", + "box":true + } + }, + "documentation":"

    A filter condition that filters date values within a specified range.

    " + }, + "DataSetEntityResourceId":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[0-9a-zA-Z-]*" + }, "DataSetFilterAttribute":{ "type":"string", "enum":[ @@ -11730,6 +13222,85 @@ "max":128, "min":1 }, + "DataSetNumericComparisonFilterCondition":{ + "type":"structure", + "required":["Operator"], + "members":{ + "Operator":{ + "shape":"DataSetNumericComparisonFilterOperator", + "documentation":"

    The comparison operator to use, such as EQUALS, GREATER_THAN, LESS_THAN, or their variants.

    " + }, + "Value":{ + "shape":"DataSetNumericFilterValue", + "documentation":"

    The numeric value to compare against.

    " + } + }, + "documentation":"

    A filter condition that compares numeric values using operators like EQUALS, GREATER_THAN, or LESS_THAN.

    " + }, + "DataSetNumericComparisonFilterOperator":{ + "type":"string", + "enum":[ + "EQUALS", + "DOES_NOT_EQUAL", + "GREATER_THAN", + "GREATER_THAN_OR_EQUALS_TO", + "LESS_THAN", + "LESS_THAN_OR_EQUALS_TO" + ] + }, + "DataSetNumericFilterCondition":{ + "type":"structure", + "members":{ + "ColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the numeric column to filter.

    " + }, + "ComparisonFilterCondition":{ + "shape":"DataSetNumericComparisonFilterCondition", + "documentation":"

    A comparison-based filter condition for the numeric column.

    " + }, + "RangeFilterCondition":{ + "shape":"DataSetNumericRangeFilterCondition", + "documentation":"

    A range-based filter condition for the numeric column, filtering values between minimum and maximum numbers.

    " + } + }, + "documentation":"

    A filter condition for numeric columns, supporting both comparison and range-based filtering.

    " + }, + "DataSetNumericFilterValue":{ + "type":"structure", + "members":{ + "StaticValue":{ + "shape":"SensitiveDouble", + "documentation":"

    A static numeric value used for filtering.

    ", + "box":true + } + }, + "documentation":"

    Represents a numeric value used in filter conditions.

    " + }, + "DataSetNumericRangeFilterCondition":{ + "type":"structure", + "members":{ + "RangeMinimum":{ + "shape":"DataSetNumericFilterValue", + "documentation":"

    The minimum numeric value for the range filter.

    " + }, + "RangeMaximum":{ + "shape":"DataSetNumericFilterValue", + "documentation":"

    The maximum numeric value for the range filter.

    " + }, + "IncludeMinimum":{ + "shape":"Boolean", + "documentation":"

    Whether to include the minimum value in the filter range.

    ", + "box":true + }, + "IncludeMaximum":{ + "shape":"Boolean", + "documentation":"

    Whether to include the maximum value in the filter range.

    ", + "box":true + } + }, + "documentation":"

    A filter condition that filters numeric values within a specified range.

    " + }, "DataSetReference":{ "type":"structure", "required":[ @@ -11755,11 +13326,14 @@ }, "DataSetRefreshProperties":{ "type":"structure", - "required":["RefreshConfiguration"], "members":{ "RefreshConfiguration":{ "shape":"RefreshConfiguration", "documentation":"

    The refresh configuration for a dataset.

    " + }, + "FailureConfiguration":{ + "shape":"RefreshFailureConfiguration", + "documentation":"

    The failure configuration for a dataset.

    " } }, "documentation":"

    The refresh properties of a dataset.

    " @@ -11808,6 +13382,102 @@ "max":1, "min":1 }, + "DataSetStringComparisonFilterCondition":{ + "type":"structure", + "required":["Operator"], + "members":{ + "Operator":{ + "shape":"DataSetStringComparisonFilterOperator", + "documentation":"

    The comparison operator to use, such as EQUALS, CONTAINS, STARTS_WITH, ENDS_WITH, or their negations.

    " + }, + "Value":{ + "shape":"DataSetStringFilterValue", + "documentation":"

    The string value to compare against.

    " + } + }, + "documentation":"

    A filter condition that compares string values using operators like EQUALS, CONTAINS, or STARTS_WITH.

    " + }, + "DataSetStringComparisonFilterOperator":{ + "type":"string", + "enum":[ + "EQUALS", + "DOES_NOT_EQUAL", + "CONTAINS", + "DOES_NOT_CONTAIN", + "STARTS_WITH", + "ENDS_WITH" + ] + }, + "DataSetStringFilterCondition":{ + "type":"structure", + "members":{ + "ColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the string column to filter.

    " + }, + "ComparisonFilterCondition":{ + "shape":"DataSetStringComparisonFilterCondition", + "documentation":"

    A comparison-based filter condition for the string column.

    " + }, + "ListFilterCondition":{ + "shape":"DataSetStringListFilterCondition", + "documentation":"

    A list-based filter condition that includes or excludes values from a specified list.

    " + } + }, + "documentation":"

    A filter condition for string columns, supporting both comparison and list-based filtering.

    " + }, + "DataSetStringFilterStaticValue":{ + "type":"string", + "max":512, + "sensitive":true + }, + "DataSetStringFilterStaticValueList":{ + "type":"list", + "member":{"shape":"DataSetStringFilterStaticValue"}, + "max":1000 + }, + "DataSetStringFilterValue":{ + "type":"structure", + "members":{ + "StaticValue":{ + "shape":"DataSetStringFilterStaticValue", + "documentation":"

    A static string value used for filtering.

    " + } + }, + "documentation":"

    Represents a string value used in filter conditions.

    " + }, + "DataSetStringListFilterCondition":{ + "type":"structure", + "required":["Operator"], + "members":{ + "Operator":{ + "shape":"DataSetStringListFilterOperator", + "documentation":"

    The list operator to use, either INCLUDE to match values in the list or EXCLUDE to filter out values in the list.

    " + }, + "Values":{ + "shape":"DataSetStringListFilterValue", + "documentation":"

    The list of string values to include or exclude in the filter.

    " + } + }, + "documentation":"

    A filter condition that includes or excludes string values from a specified list.

    " + }, + "DataSetStringListFilterOperator":{ + "type":"string", + "enum":[ + "INCLUDE", + "EXCLUDE" + ] + }, + "DataSetStringListFilterValue":{ + "type":"structure", + "members":{ + "StaticValues":{ + "shape":"DataSetStringFilterStaticValueList", + "documentation":"

    A list of static string values used for filtering.

    " + } + }, + "documentation":"

    Represents a list of string values used in filter conditions.

    " + }, "DataSetSummary":{ "type":"structure", "members":{ @@ -11837,7 +13507,11 @@ }, "RowLevelPermissionDataSet":{ "shape":"RowLevelPermissionDataSet", - "documentation":"

    The row-level security configuration for the dataset.

    " + "documentation":"

    The row-level security configuration for the dataset in the legacy data preparation experience.

    " + }, + "RowLevelPermissionDataSetMap":{ + "shape":"RowLevelPermissionDataSetMap", + "documentation":"

    The row-level security configuration for the dataset in the new data preparation experience.

    " }, "RowLevelPermissionTagConfigurationApplied":{ "shape":"Boolean", @@ -11846,6 +13520,10 @@ "ColumnLevelPermissionRulesApplied":{ "shape":"Boolean", "documentation":"

    A value that indicates if the dataset has column level permission configured.

    " + }, + "UseAs":{ + "shape":"DataSetUseAs", + "documentation":"

    The usage of the dataset.

    " } }, "documentation":"

    Dataset summary.

    " @@ -11863,11 +13541,15 @@ }, "DisableUseAsImportedSource":{ "shape":"Boolean", - "documentation":"

    An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source.

    " + "documentation":"

    An option that controls whether a child dataset that's stored in Quick Sight can use this dataset as a source.

    " } }, "documentation":"

    The usage configuration to apply to child datasets that reference this dataset as a source.

    " }, + "DataSetUseAs":{ + "type":"string", + "enum":["RLS_RULES"] + }, "DataSource":{ "type":"structure", "members":{ @@ -11901,7 +13583,7 @@ }, "DataSourceParameters":{ "shape":"DataSourceParameters", - "documentation":"

    The parameters that Amazon QuickSight uses to connect to your underlying source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " + "documentation":"

    The parameters that Quick Sight uses to connect to your underlying source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " }, "AlternateDataSourceParameters":{ "shape":"DataSourceParametersList", @@ -11909,11 +13591,11 @@ }, "VpcConnectionProperties":{ "shape":"VpcConnectionProperties", - "documentation":"

    The VPC connection information. You need to use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source.

    " + "documentation":"

    The VPC connection information. You need to use this parameter only when you want Quick Sight to use a VPC connection when connecting to your underlying source.

    " }, "SslProperties":{ "shape":"SslProperties", - "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.

    " + "documentation":"

    Secure Socket Layer (SSL) properties that apply when Quick Sight connects to your underlying source.

    " }, "ErrorInfo":{ "shape":"DataSourceErrorInfo", @@ -11940,6 +13622,10 @@ "SecretArn":{ "shape":"SecretArn", "documentation":"

    The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager.

    " + }, + "WebProxyCredentials":{ + "shape":"WebProxyCredentials", + "documentation":"

    The credentials for connecting through a web proxy server.

    " } }, "documentation":"

    Data source credentials. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    ", @@ -12044,6 +13730,10 @@ "shape":"S3Parameters", "documentation":"

    The parameters for S3.

    " }, + "S3KnowledgeBaseParameters":{ + "shape":"S3KnowledgeBaseParameters", + "documentation":"

    The parameters for S3 Knowledge Base.

    " + }, "ServiceNowParameters":{ "shape":"ServiceNowParameters", "documentation":"

    The parameters for ServiceNow.

    " @@ -12091,9 +13781,29 @@ "BigQueryParameters":{ "shape":"BigQueryParameters", "documentation":"

    The parameters that are required to connect to a Google BigQuery data source.

    " + }, + "ImpalaParameters":{ + "shape":"ImpalaParameters", + "documentation":"

    The parameters for Impala.

    " + }, + "CustomConnectionParameters":{ + "shape":"CustomConnectionParameters", + "documentation":"

    The parameters for custom connectors.

    " + }, + "WebCrawlerParameters":{ + "shape":"WebCrawlerParameters", + "documentation":"

    The parameters for Web Crawler.

    " + }, + "ConfluenceParameters":{ + "shape":"ConfluenceParameters", + "documentation":"

    The parameters for Confluence.

    " + }, + "QBusinessParameters":{ + "shape":"QBusinessParameters", + "documentation":"

    The parameters for Amazon Q Business.

    " } }, - "documentation":"

    The parameters that Amazon QuickSight uses to connect to your underlying data source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " + "documentation":"

    The parameters that Quick Sight uses to connect to your underlying data source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " }, "DataSourceParametersList":{ "type":"list", @@ -12195,9 +13905,38 @@ "DATABRICKS", "STARBURST", "TRINO", - "BIGQUERY" + "BIGQUERY", + "GOOGLESHEETS", + "GOOGLE_DRIVE", + "CONFLUENCE", + "SHAREPOINT", + "ONE_DRIVE", + "WEB_CRAWLER", + "S3_KNOWLEDGE_BASE", + "QBUSINESS" ] }, + "DataStoriesConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The data story settings of an embedded Quick Sight console.

    " + } + }, + "documentation":"

    The data story settings of an embedded Quick Sight console.

    " + }, + "DataStoriesSharingOption":{ + "type":"structure", + "members":{ + "AvailabilityStatus":{ + "shape":"DashboardBehavior", + "documentation":"

    Availability status.

    " + } + }, + "documentation":"

    Executive summary option.

    " + }, "Database":{ "type":"string", "max":128, @@ -13077,19 +14816,44 @@ }, "documentation":"

    The default options that correspond to the TextField filter control type.

    " }, + "DeleteAccountCustomPermissionRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The ID of the Amazon Web Services account from which you want to unapply the custom permissions profile.

    ", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "DeleteAccountCustomPermissionResponse":{ + "type":"structure", + "members":{ + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    " + } + } + }, "DeleteAccountCustomizationRequest":{ "type":"structure", "required":["AwsAccountId"], "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to delete Amazon QuickSight customizations from in this Amazon Web Services Region.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to delete Quick Sight customizations from.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that you're deleting the customizations from.

    ", + "documentation":"

    The Quick Sight namespace that you're deleting the customizations from.

    ", "location":"querystring", "locationName":"namespace" } @@ -13135,6 +14899,49 @@ } } }, + "DeleteActionConnectorRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that contains the action connector to delete.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector to delete.

    ", + "location":"uri", + "locationName":"ActionConnectorId" + } + } + }, + "DeleteActionConnectorResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the deleted action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the deleted action connector.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, "DeleteAnalysisRequest":{ "type":"structure", "required":[ @@ -13156,7 +14963,7 @@ }, "RecoveryWindowInDays":{ "shape":"RecoveryWindowInDays", - "documentation":"

    A value that specifies the number of days that Amazon QuickSight waits before it deletes the analysis. You can't use this parameter with the ForceDeleteWithoutRecovery option in the same API call. The default value is 30.

    ", + "documentation":"

    A value that specifies the number of days that Amazon Quick Sight waits before it deletes the analysis. You can't use this parameter with the ForceDeleteWithoutRecovery option in the same API call. The default value is 30.

    ", "location":"querystring", "locationName":"recovery-window-in-days" }, @@ -13230,7 +15037,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" } @@ -13382,7 +15189,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", + "documentation":"

    The ID for the dataset that you want to delete. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", "location":"uri", "locationName":"DataSetId" } @@ -13397,7 +15204,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " + "documentation":"

    The ID for the dataset that you want to delete. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " }, "RequestId":{ "shape":"String", @@ -13459,13 +15266,13 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon QuickSight account that you want to disconnect from a Amazon Q Business application.

    ", + "documentation":"

    The ID of the Quick Sight account that you want to disconnect from a Amazon Q Business application.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that you want to delete a linked Amazon Q Business application from. If this field is left blank, the Amazon Q Business application is deleted from the default namespace. Currently, the default namespace is the only valid value for this parameter.

    ", + "documentation":"

    The Quick Sight namespace that you want to delete a linked Amazon Q Business application from. If this field is left blank, the Amazon Q Business application is deleted from the default namespace. Currently, the default namespace is the only valid value for this parameter.

    ", "location":"querystring", "locationName":"namespace" } @@ -13599,7 +15406,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -13641,7 +15448,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -13757,7 +15564,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to delete the Amazon QuickSight namespace from.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to delete the Quick Sight namespace from.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -13849,7 +15656,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -13897,7 +15704,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -14242,7 +16049,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -14327,7 +16134,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -14409,25 +16216,54 @@ "max":1, "min":1 }, + "DescribeAccountCustomPermissionRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The ID of the Amazon Web Services account for which you want to describe the applied custom permissions profile.

    ", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "DescribeAccountCustomPermissionResponse":{ + "type":"structure", + "members":{ + "CustomPermissionsName":{ + "shape":"CustomPermissionsName", + "documentation":"

    The name of the custom permissions profile.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    " + } + } + }, "DescribeAccountCustomizationRequest":{ "type":"structure", "required":["AwsAccountId"], "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to describe Amazon QuickSight customizations for.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to describe Quick Sight customizations for.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that you want to describe Amazon QuickSight customizations for.

    ", + "documentation":"

    The Quick Sight namespace that you want to describe Quick Sight customizations for.

    ", "location":"querystring", "locationName":"namespace" }, "Resolved":{ "shape":"boolean", - "documentation":"

    The Resolved flag works with the other parameters to determine which view of Amazon QuickSight customizations is returned. You can add this flag to your command to use the same view that Amazon QuickSight uses to identify which customizations to apply to the console. Omit this flag, or set it to no-resolved, to reveal customizations that are configured at different levels.

    ", + "documentation":"

    The Resolved flag works with the other parameters to determine which view of Quick Sight customizations is returned. You can add this flag to your command to use the same view that Quick Sight uses to identify which customizations to apply to the console. Omit this flag, or set it to no-resolved, to reveal customizations that are configured at different levels.

    ", "location":"querystring", "locationName":"resolved" } @@ -14446,11 +16282,11 @@ }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that you're describing.

    " + "documentation":"

    The Quick Sight namespace that you're describing.

    " }, "AccountCustomization":{ "shape":"AccountCustomization", - "documentation":"

    The Amazon QuickSight customizations that exist in the current Amazon Web Services Region.

    " + "documentation":"

    The Quick Sight customizations that exist.

    " }, "RequestId":{ "shape":"String", @@ -14480,7 +16316,7 @@ "members":{ "AccountSettings":{ "shape":"AccountSettings", - "documentation":"

    The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription.

    In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.

    " + "documentation":"

    The Amazon Quick Sight settings for this Amazon Web Services account. This information includes the edition of Amazon Quick Sight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon Quick Sight subscription.

    In the Quick Sight console, the Amazon Quick Sight subscription is sometimes referred to as a Quick Sight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon Quick Sight service for your Amazon Web Services account. The edition that you subscribe to applies to Quick Suite in every Amazon Web Services Region where you use it.

    " }, "RequestId":{ "shape":"String", @@ -14499,7 +16335,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The Amazon Web Services account ID associated with your Amazon QuickSight account.

    ", + "documentation":"

    The Amazon Web Services account ID associated with your Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" } @@ -14510,7 +16346,7 @@ "members":{ "AccountInfo":{ "shape":"AccountInfo", - "documentation":"

    A structure that contains the following elements:

    • Your Amazon QuickSight account name.

    • The edition of Amazon QuickSight that your account is using.

    • The notification email address that is associated with the Amazon QuickSight account.

    • The authentication type of the Amazon QuickSight account.

    • The status of the Amazon QuickSight account's subscription.

    " + "documentation":"

    A structure that contains the following elements:

    • Your Quick Sight account name.

    • The edition of Quick Sight that your account is using.

    • The notification email address that is associated with the Amazon Quick Sight account.

    • The authentication type of the Quick Sight account.

    • The status of the Quick Sight account's subscription.

    " }, "Status":{ "shape":"StatusCode", @@ -14523,6 +16359,92 @@ } } }, + "DescribeActionConnectorPermissionsRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that contains the action connector.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector whose permissions you want to describe.

    ", + "location":"uri", + "locationName":"ActionConnectorId" + } + } + }, + "DescribeActionConnectorPermissionsResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector.

    " + }, + "Permissions":{ + "shape":"ResourcePermissionList", + "documentation":"

    The list of permissions associated with the action connector, including the principals and their allowed actions.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, + "DescribeActionConnectorRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that contains the action connector.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector to describe.

    ", + "location":"uri", + "locationName":"ActionConnectorId" + } + } + }, + "DescribeActionConnectorResponse":{ + "type":"structure", + "members":{ + "ActionConnector":{ + "shape":"ActionConnector", + "documentation":"

    The detailed information about the action connector, including its configuration and current state.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, "DescribeAnalysisDefinitionRequest":{ "type":"structure", "required":[ @@ -14902,7 +16824,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" } @@ -14940,7 +16862,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" }, @@ -15078,7 +17000,7 @@ }, "DashboardPublishOptions":{ "shape":"DashboardPublishOptions", - "documentation":"

    Options for publishing the dashboard:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    " + "documentation":"

    Options for publishing the dashboard:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    • AvailabilityStatus for QuickSuiteActionsOption - This status can be either ENABLED or DISABLED. Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to DISABLED. This option is DISABLED by default.

    • AvailabilityStatus for ExecutiveSummaryOption - This status can be either ENABLED or DISABLED. The option to build an executive summary is disabled when this is set to DISABLED. This option is ENABLED by default.

    • AvailabilityStatus for DataStoriesSharingOption - This status can be either ENABLED or DISABLED. The option to share a data story is disabled when this is set to DISABLED. This option is ENABLED by default.

    " } } }, @@ -15372,7 +17294,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", + "documentation":"

    The ID for the dataset that you want to describe. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", "location":"uri", "locationName":"DataSetId" } @@ -15387,7 +17309,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " + "documentation":"

    The ID for the dataset that you want to describe. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " }, "Permissions":{ "shape":"ResourcePermissionList", @@ -15458,7 +17380,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", + "documentation":"

    The ID for the dataset that you want to describe. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    ", "location":"uri", "locationName":"DataSetId" } @@ -15574,13 +17496,13 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon QuickSight account that is linked to the Amazon Q Business application that you want described.

    ", + "documentation":"

    The ID of the Quick Sight account that is linked to the Amazon Q Business application that you want described.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that contains the linked Amazon Q Business application. If this field is left blank, the default namespace is used. Currently, the default namespace is the only valid value for this parameter.

    ", + "documentation":"

    The Quick Sight namespace that contains the linked Amazon Q Business application. If this field is left blank, the default namespace is used. Currently, the default namespace is the only valid value for this parameter.

    ", "location":"querystring", "locationName":"namespace" } @@ -15600,7 +17522,7 @@ }, "ApplicationId":{ "shape":"String", - "documentation":"

    The ID of the Amazon Q Business application that is linked to the Amazon QuickSight account.

    " + "documentation":"

    The ID of the Amazon Q Business application that is linked to the Quick Sight account.

    " } } }, @@ -15806,7 +17728,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -15849,7 +17771,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -16044,7 +17966,11 @@ }, "KeyRegistration":{ "shape":"KeyRegistration", - "documentation":"

    A list of RegisteredCustomerManagedKey objects in a Amazon QuickSight account.

    " + "documentation":"

    A list of RegisteredCustomerManagedKey objects in a Quick Sight account.

    " + }, + "QDataKey":{ + "shape":"QDataKey", + "documentation":"

    A list of QDataKey objects in a Quick Sight account.

    " }, "RequestId":{ "shape":"NonEmptyString", @@ -16065,7 +17991,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that contains the Amazon QuickSight namespace that you want to describe.

    ", + "documentation":"

    The ID for the Amazon Web Services account that contains the Quick Sight namespace that you want to describe.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -16131,7 +18057,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon Web Services account that contains the Amazon QuickSight Q Search configuration that the user wants described.

    ", + "documentation":"

    The ID of the Amazon Web Services account that contains the Quick Sight Q Search configuration that the user wants described.

    ", "location":"uri", "locationName":"AwsAccountId" } @@ -16142,7 +18068,7 @@ "members":{ "QSearchStatus":{ "shape":"QSearchStatus", - "documentation":"

    The status of Amazon QuickSight Q Search configuration.

    " + "documentation":"

    The status of Quick Sight Q Search configuration.

    " }, "RequestId":{ "shape":"String", @@ -16221,7 +18147,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -16804,6 +18730,10 @@ "shape":"StatusCode", "documentation":"

    The HTTP status of the request.

    ", "location":"statusCode" + }, + "CustomInstructions":{ + "shape":"CustomInstructions", + "documentation":"

    Custom instructions for the topic.

    " } } }, @@ -16823,7 +18753,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -16920,6 +18850,47 @@ }, "documentation":"

    The configuration of destination parameter values.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " }, + "DestinationTable":{ + "type":"structure", + "required":[ + "Alias", + "Source" + ], + "members":{ + "Alias":{ + "shape":"DestinationTableAlias", + "documentation":"

    Alias for the destination table.

    " + }, + "Source":{ + "shape":"DestinationTableSource", + "documentation":"

    The source configuration that specifies which transform operation provides data to this destination table.

    " + } + }, + "documentation":"

    Defines a destination table in data preparation that receives the final transformed data.

    " + }, + "DestinationTableAlias":{ + "type":"string", + "max":64, + "min":1 + }, + "DestinationTableMap":{ + "type":"map", + "key":{"shape":"DataSetEntityResourceId"}, + "value":{"shape":"DestinationTable"}, + "max":1, + "min":1 + }, + "DestinationTableSource":{ + "type":"structure", + "required":["TransformOperationId"], + "members":{ + "TransformOperationId":{ + "shape":"DataSetEntityResourceId", + "documentation":"

    The identifier of the transform operation that provides data to the destination table.

    " + } + }, + "documentation":"

    Specifies the source of data for a destination table, including the transform operation and column mappings.

    " + }, "DigitGroupingStyle":{ "type":"string", "enum":[ @@ -17034,7 +19005,7 @@ "documentation":"

    The Amazon Web Services request ID for this request.

    " } }, - "documentation":"

    The domain specified isn't on the allow list. All domains for embedded dashboards must be added to the approved list by an Amazon QuickSight admin.

    ", + "documentation":"

    The domain specified isn't on the allow list. All domains for embedded dashboards must be added to the approved list by an Amazon Quick Suite admin.

    ", "error":{"httpStatusCode":403}, "exception":true }, @@ -17043,7 +19014,7 @@ "members":{ "LabelVisibility":{ "shape":"Visibility", - "documentation":"

    Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called 'Show total'.

    " + "documentation":"

    Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called 'Show total'.

    " } }, "documentation":"

    The label options of the label that is displayed in the center of a donut chart. This option isn't available for pie charts.

    " @@ -17131,6 +19102,11 @@ "ENTERPRISE_AND_Q" ] }, + "Email":{ + "type":"string", + "pattern":"[\\w.%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}", + "sensitive":true + }, "EmbeddingIdentityType":{ "type":"string", "enum":[ @@ -17163,7 +19139,13 @@ "documentation":"

    The list of custom actions that are configured for a visual.

    " } }, - "documentation":"

    An empty visual.

    Empty visuals are used in layouts but have not been configured to show any data. A new visual created in the Amazon QuickSight console is considered an EmptyVisual until a visual type is selected.

    " + "documentation":"

    An empty visual.

    Empty visuals are used in layouts but have not been configured to show any data. A new visual created in the Quick Sight console is considered an EmptyVisual until a visual type is selected.

    " + }, + "Endpoint":{ + "type":"string", + "max":8192, + "min":1, + "pattern":"https://.*" }, "Entity":{ "type":"structure", @@ -17264,6 +19246,27 @@ }, "documentation":"

    The exclude period of TimeRangeFilter or RelativeDatesFilter.

    " }, + "ExecutiveSummaryConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The executive summary settings of an embedded Quick Sight console or dashboard.

    " + } + }, + "documentation":"

    The executive summary settings of an embedded Quick Sight console or dashboard.

    " + }, + "ExecutiveSummaryOption":{ + "type":"structure", + "members":{ + "AvailabilityStatus":{ + "shape":"DashboardBehavior", + "documentation":"

    Availability status.

    " + } + }, + "documentation":"

    Data stories sharing option.

    " + }, "ExplicitHierarchy":{ "type":"structure", "required":[ @@ -17357,7 +19360,7 @@ "documentation":"

    A boolean that indicates whether a FailedKeyRegistrationEntry resulted from user error. If the value of this property is True, the error was caused by user error. If the value of this property is False, the error occurred on the backend. If your job continues fail and with a False SenderFault value, contact Amazon Web Services Support.

    " } }, - "documentation":"

    An entry that appears when a KeyRegistration update to Amazon QuickSight fails.

    " + "documentation":"

    An entry that appears when a KeyRegistration update to Quick Sight fails.

    " }, "FieldBasedTooltip":{ "type":"structure", @@ -17424,6 +19427,16 @@ }, "documentation":"

    The field label type.

    " }, + "FieldName":{ + "type":"string", + "enum":[ + "assetName", + "assetDescription", + "DIRECT_QUICKSIGHT_OWNER", + "DIRECT_QUICKSIGHT_VIEWER_OR_OWNER", + "DIRECT_QUICKSIGHT_SOLE_OWNER" + ] + }, "FieldOrderList":{ "type":"list", "member":{"shape":"FieldId"}, @@ -17684,14 +19697,14 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A filled map.

    For more information, see Creating filled maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A filled map.

    For more information, see Creating filled maps in the Amazon Quick Suite User Guide.

    " }, "Filter":{ "type":"structure", "members":{ "CategoryFilter":{ "shape":"CategoryFilter", - "documentation":"

    A CategoryFilter filters text values.

    For more information, see Adding text filters in the Amazon QuickSight User Guide.

    " + "documentation":"

    A CategoryFilter filters text values.

    For more information, see Adding text filters in the Amazon Quick Suite User Guide.

    " }, "NumericRangeFilter":{ "shape":"NumericRangeFilter", @@ -17928,7 +19941,7 @@ "documentation":"

    The filter new feature which can apply filter group to all data sets. Choose one of the following options:

    • ALL_DATASETS

    • SINGLE_DATASET

    " } }, - "documentation":"

    A grouping of individual filters. Filter groups are applied to the same group of visuals.

    For more information, see Adding filter conditions (group filters) with AND and OR operators in the Amazon QuickSight User Guide.

    " + "documentation":"

    A grouping of individual filters. Filter groups are applied to the same group of visuals.

    For more information, see Adding filter conditions (group filters) with AND and OR operators in the Amazon Quick Suite User Guide.

    " }, "FilterGroupList":{ "type":"list", @@ -18012,15 +20025,32 @@ }, "FilterOperation":{ "type":"structure", - "required":["ConditionExpression"], "members":{ "ConditionExpression":{ "shape":"Expression", "documentation":"

    An expression that must evaluate to a Boolean value. Rows for which the expression evaluates to true are kept in the dataset.

    " + }, + "StringFilterCondition":{ + "shape":"DataSetStringFilterCondition", + "documentation":"

    A string-based filter condition within a filter operation.

    " + }, + "NumericFilterCondition":{ + "shape":"DataSetNumericFilterCondition", + "documentation":"

    A numeric-based filter condition within a filter operation.

    " + }, + "DateFilterCondition":{ + "shape":"DataSetDateFilterCondition", + "documentation":"

    A date-based filter condition within a filter operation.

    " } }, "documentation":"

    A transform operation that filters rows based on a condition.

    " }, + "FilterOperationList":{ + "type":"list", + "member":{"shape":"FilterOperation"}, + "max":128, + "min":0 + }, "FilterOperationSelectedFieldsConfiguration":{ "type":"structure", "members":{ @@ -18227,6 +20257,120 @@ "member":{"shape":"ShortRestrictiveResourceId"}, "max":50 }, + "FiltersOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "FilterOperations" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for filtering.

    " + }, + "FilterOperations":{ + "shape":"FilterOperationList", + "documentation":"

    The list of filter operations to apply.

    " + } + }, + "documentation":"

    A transform operation that applies one or more filter conditions.

    " + }, + "FlowDescription":{ + "type":"string", + "max":1024, + "min":0 + }, + "FlowId":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, + "FlowMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "FlowPublishState":{ + "type":"string", + "enum":[ + "PUBLISHED", + "DRAFT", + "PENDING_APPROVAL" + ] + }, + "FlowSummary":{ + "type":"structure", + "required":[ + "Arn", + "FlowId", + "Name", + "CreatedTime" + ], + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    " + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow.

    " + }, + "Name":{ + "shape":"Title", + "documentation":"

    The display name of the flow.

    " + }, + "Description":{ + "shape":"FlowDescription", + "documentation":"

    The description of the flow.

    " + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

    The time this flow was created.

    " + }, + "CreatedBy":{ + "shape":"String", + "documentation":"

    The identifier of the principal who created the flow.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The last time this flow was modified.

    " + }, + "LastUpdatedBy":{ + "shape":"String", + "documentation":"

    The identifier of the last principal who updated the flow.

    " + }, + "PublishState":{ + "shape":"FlowPublishState", + "documentation":"

    The publish state for the flow. The valid values are DRAFT, PUBLISHED, or PENDING_APPROVAL.

    " + }, + "RunCount":{ + "shape":"Integer", + "documentation":"

    The number of runs done for the flow.

    " + }, + "UserCount":{ + "shape":"Integer", + "documentation":"

    The number of users who have used the flow.

    " + }, + "LastPublishedBy":{ + "shape":"String", + "documentation":"

    The identifier of the last principal who published the flow.

    " + }, + "LastPublishedAt":{ + "shape":"Timestamp", + "documentation":"

    The last time this flow was published.

    " + } + }, + "documentation":"

    The basic information of the flow exluding its definition specifying the steps.

    " + }, + "FlowSummaryList":{ + "type":"list", + "member":{"shape":"FlowSummary"} + }, "Folder":{ "type":"structure", "members":{ @@ -18263,7 +20407,7 @@ "documentation":"

    The sharing scope of the folder.

    " } }, - "documentation":"

    A folder in Amazon QuickSight.

    " + "documentation":"

    A folder in Quick Sight.

    " }, "FolderArnList":{ "type":"list", @@ -18299,7 +20443,7 @@ "documentation":"

    The type of asset that it is.

    " } }, - "documentation":"

    An asset in a Amazon QuickSight folder, such as a dashboard, analysis, or dataset.

    " + "documentation":"

    An asset in a Quick Sight folder, such as a dashboard, analysis, or dataset.

    " }, "FolderMemberList":{ "type":"list", @@ -18327,7 +20471,7 @@ "documentation":"

    The value of the named item (in this example, PARENT_FOLDER_ARN), that you want to use as a filter. For example, \"Value\": \"arn:aws:quicksight:us-east-1:1:folder/folderId\".

    " } }, - "documentation":"

    A filter to use to search an Amazon QuickSight folder.

    " + "documentation":"

    A filter to use to search an Quick Sight folder.

    " }, "FolderSearchFilterList":{ "type":"list", @@ -18366,7 +20510,7 @@ "documentation":"

    The sharing scope of the folder.

    " } }, - "documentation":"

    A summary of information about an existing Amazon QuickSight folder.

    " + "documentation":"

    A summary of information about an existing Quick Sight folder.

    " }, "FolderSummaryList":{ "type":"list", @@ -18895,7 +21039,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A funnel chart.

    For more information, see Using funnel charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A funnel chart.

    For more information, see Using funnel charts in the Amazon Quick Suite User Guide.

    " }, "GaugeChartArcConditionalFormatting":{ "type":"structure", @@ -19071,7 +21215,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A gauge chart.

    For more information, see Using gauge charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A gauge chart.

    For more information, see Using gauge charts in the Amazon Quick Suite User Guide.

    " }, "GenerateEmbedUrlForAnonymousUserRequest":{ "type":"structure", @@ -19094,15 +21238,15 @@ }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that the anonymous user virtually belongs to. If you are not using an Amazon QuickSight custom namespace, set this to default.

    " + "documentation":"

    The Amazon Quick Sight namespace that the anonymous user virtually belongs to. If you are not using an Amazon Quick Suite custom namespace, set this to default.

    " }, "SessionTags":{ "shape":"SessionTagList", - "documentation":"

    The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

    These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tagsin the Amazon QuickSight User Guide.

    " + "documentation":"

    The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

    These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tagsin the Amazon Quick Sight User Guide.

    " }, "AuthorizedResourceArns":{ "shape":"ArnList", - "documentation":"

    The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session.

    If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view.

    If you want to make changes to the theme of your embedded content, pass a list of theme ARNs that the anonymous users need access to.

    Currently, you can pass up to 25 theme ARNs in each API call.

    " + "documentation":"

    The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.

    If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view.

    If you want to make changes to the theme of your embedded content, pass a list of theme ARNs that the anonymous users need access to.

    Currently, you can pass up to 25 theme ARNs in each API call.

    " }, "ExperienceConfiguration":{ "shape":"AnonymousUserEmbeddingExperienceConfiguration", @@ -19110,7 +21254,7 @@ }, "AllowedDomains":{ "shape":"StringList", - "documentation":"

    The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

    To include all subdomains under a specific domain to the allow list, use *. For example, https://*.sapp.amazon.com includes all subdomains under https://sapp.amazon.com.

    " + "documentation":"

    The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage Quick Sight menu in the Amazon Quick Sight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

    To include all subdomains under a specific domain to the allow list, use *. For example, https://*.sapp.amazon.com includes all subdomains under https://sapp.amazon.com.

    " } } }, @@ -19138,7 +21282,7 @@ }, "AnonymousUserArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) to use for the anonymous Amazon QuickSight user.

    " + "documentation":"

    The Amazon Resource Name (ARN) to use for the anonymous Amazon Quick Suite user.

    " } } }, @@ -19166,11 +21310,11 @@ }, "ExperienceConfiguration":{ "shape":"RegisteredUserEmbeddingExperienceConfiguration", - "documentation":"

    The experience that you want to embed. For registered users, you can embed Amazon QuickSight dashboards, Amazon QuickSight visuals, the Amazon QuickSight Q search bar, the Amazon QuickSight Generative Q&A experience, or the entire Amazon QuickSight console.

    " + "documentation":"

    The experience that you want to embed. For registered users, you can embed Quick Suite dashboards, Amazon Quick Sight visuals, the Amazon Quick Sight Q search bar, the Amazon Quick Sight Generative Q&A experience, or the entire Amazon Quick Sight console.

    " }, "AllowedDomains":{ "shape":"StringList", - "documentation":"

    The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

    To include all subdomains under a specific domain to the allow list, use *. For example, https://*.sapp.amazon.com includes all subdomains under https://sapp.amazon.com.

    " + "documentation":"

    The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage Quick Sight menu in the Amazon Quick Sight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

    To include all subdomains under a specific domain to the allow list, use *. For example, https://*.sapp.amazon.com includes all subdomains under https://sapp.amazon.com.

    " } } }, @@ -19184,7 +21328,7 @@ "members":{ "EmbedUrl":{ "shape":"EmbeddingUrl", - "documentation":"

    The embed URL for the Amazon QuickSight dashboard, visual, Q search bar, Generative Q&A experience, or console.

    " + "documentation":"

    The embed URL for the Amazon Quick Sight dashboard, visual, Q search bar, Generative Q&A experience, or console.

    " }, "Status":{ "shape":"StatusCode", @@ -19290,6 +21434,17 @@ "ANSWER_DOWNGRADE" ] }, + "GenerativeAuthoringConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The generative BI authoring settings of an embedded Quick Sight console.

    " + } + }, + "documentation":"

    The generative BI authoring settings of an embedded Quick Sight console.

    " + }, "GeoSpatialColumnGroup":{ "type":"structure", "required":[ @@ -19868,7 +22023,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A geospatial map or a points on map visual.

    For more information, see Creating point maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A geospatial map or a points on map visual.

    For more information, see Creating point maps in the Amazon Quick Suite User Guide.

    " }, "GeospatialNullDataSettings":{ "type":"structure", @@ -20079,25 +22234,25 @@ }, "StatePersistenceEnabled":{ "shape":"Boolean", - "documentation":"

    Adds persistence of state for the user session in an embedded dashboard. Persistence applies to the sheet and the parameter settings. These are control settings that the dashboard subscriber (Amazon QuickSight reader) chooses while viewing the dashboard. If this is set to TRUE, the settings are the same when the subscriber reopens the same dashboard URL. The state is stored in Amazon QuickSight, not in a browser cookie. If this is set to FALSE, the state of the user session is not persisted. The default is FALSE.

    ", + "documentation":"

    Adds persistence of state for the user session in an embedded dashboard. Persistence applies to the sheet and the parameter settings. These are control settings that the dashboard subscriber (Amazon Quick Sight reader) chooses while viewing the dashboard. If this is set to TRUE, the settings are the same when the subscriber reopens the same dashboard URL. The state is stored in Amazon Quick Sight, not in a browser cookie. If this is set to FALSE, the state of the user session is not persisted. The default is FALSE.

    ", "location":"querystring", "locationName":"state-persistence-enabled" }, "UserArn":{ "shape":"Arn", - "documentation":"

    The Amazon QuickSight user's Amazon Resource Name (ARN), for use with QUICKSIGHT identity type. You can use this for any Amazon QuickSight users in your account (readers, authors, or admins) authenticated as one of the following:

    • Active Directory (AD) users or group members

    • Invited nonfederated users

    • IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM federation.

    Omit this parameter for users in the third group – IAM users and IAM role-based sessions.

    ", + "documentation":"

    The Amazon Quick Suite user's Amazon Resource Name (ARN), for use with QUICKSIGHT identity type. You can use this for any Amazon Quick Suite users in your account (readers, authors, or admins) authenticated as one of the following:

    • Active Directory (AD) users or group members

    • Invited nonfederated users

    • IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM federation.

    Omit this parameter for users in the third group – IAM users and IAM role-based sessions.

    ", "location":"querystring", "locationName":"user-arn" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that contains the dashboard IDs in this request. If you're not using a custom namespace, set Namespace = default.

    ", + "documentation":"

    The Amazon Quick Sight namespace that contains the dashboard IDs in this request. If you're not using a custom namespace, set Namespace = default.

    ", "location":"querystring", "locationName":"namespace" }, "AdditionalDashboardIds":{ "shape":"AdditionalDashboardIdList", - "documentation":"

    A list of one or more dashboard IDs that you want anonymous users to have tempporary access to. Currently, the IdentityType parameter must be set to ANONYMOUS because other identity types authenticate as Amazon QuickSight or IAM users. For example, if you set \"--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS\", the session can access all three dashboards.

    ", + "documentation":"

    A list of one or more dashboard IDs that you want anonymous users to have tempporary access to. Currently, the IdentityType parameter must be set to ANONYMOUS because other identity types authenticate as Quick Suite or IAM users. For example, if you set \"--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS\", the session can access all three dashboards.

    ", "location":"querystring", "locationName":"additional-dashboard-ids" } @@ -20122,19 +22277,148 @@ }, "documentation":"

    Output returned from the GetDashboardEmbedUrl operation.

    " }, + "GetFlowMetadataInput":{ + "type":"structure", + "required":[ + "AwsAccountId", + "FlowId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that contains the flow that you are getting metadata for.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow.

    ", + "location":"uri", + "locationName":"FlowId" + } + } + }, + "GetFlowMetadataOutput":{ + "type":"structure", + "required":[ + "Arn", + "FlowId", + "Name", + "CreatedTime" + ], + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the flow.

    " + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow.

    " + }, + "Name":{ + "shape":"Title", + "documentation":"

    A display name for the flow.

    " + }, + "Description":{ + "shape":"FlowDescription", + "documentation":"

    The description for the flow.

    " + }, + "PublishState":{ + "shape":"FlowPublishState", + "documentation":"

    The publish state for the flow. Valid values are DRAFT, PUBLISHED, or PENDING_APPROVAL.

    " + }, + "UserCount":{ + "shape":"Integer", + "documentation":"

    The number of users who have used the flow.

    " + }, + "RunCount":{ + "shape":"Integer", + "documentation":"

    The number of runs done for the flow.

    " + }, + "CreatedTime":{ + "shape":"Timestamp", + "documentation":"

    The time this flow was created.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The last time this flow was modified.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    ", + "location":"statusCode" + } + } + }, + "GetFlowPermissionsInput":{ + "type":"structure", + "required":[ + "AwsAccountId", + "FlowId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that contains the flow that you are getting permissions for.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow to get permissions from.

    ", + "location":"uri", + "locationName":"FlowId" + } + } + }, + "GetFlowPermissionsOutput":{ + "type":"structure", + "required":[ + "Arn", + "FlowId", + "Permissions" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the flow you are getting permissions against.

    " + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow with permissions.

    " + }, + "Permissions":{ + "shape":"PermissionsList", + "documentation":"

    A structure that contains the permissions for the flow.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    ", + "location":"statusCode" + } + } + }, "GetSessionEmbedUrlRequest":{ "type":"structure", "required":["AwsAccountId"], "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account associated with your Amazon QuickSight subscription.

    ", + "documentation":"

    The ID for the Amazon Web Services account associated with your Amazon Quick Sight subscription.

    ", "location":"uri", "locationName":"AwsAccountId" }, "EntryPoint":{ "shape":"EntryPoint", - "documentation":"

    The URL you use to access the embedded session. The entry point URL is constrained to the following paths:

    • /start

    • /start/analyses

    • /start/dashboards

    • /start/favorites

    • /dashboards/DashboardId - where DashboardId is the actual ID key from the Amazon QuickSight console URL of the dashboard

    • /analyses/AnalysisId - where AnalysisId is the actual ID key from the Amazon QuickSight console URL of the analysis

    ", + "documentation":"

    The URL you use to access the embedded session. The entry point URL is constrained to the following paths:

    • /start

    • /start/analyses

    • /start/dashboards

    • /start/favorites

    • /dashboards/DashboardId - where DashboardId is the actual ID key from the Amazon Quick Sight console URL of the dashboard

    • /analyses/AnalysisId - where AnalysisId is the actual ID key from the Amazon Quick Sight console URL of the analysis

    ", "location":"querystring", "locationName":"entry-point" }, @@ -20146,7 +22430,7 @@ }, "UserArn":{ "shape":"Arn", - "documentation":"

    The Amazon QuickSight user's Amazon Resource Name (ARN), for use with QUICKSIGHT identity type. You can use this for any type of Amazon QuickSight users in your account (readers, authors, or admins). They need to be authenticated as one of the following:

    1. Active Directory (AD) users or group members

    2. Invited nonfederated users

    3. IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM federation

    Omit this parameter for users in the third group, IAM users and IAM role-based sessions.

    ", + "documentation":"

    The Amazon Quick Suite user's Amazon Resource Name (ARN), for use with QUICKSIGHT identity type. You can use this for any type of Amazon Quick Suite users in your account (readers, authors, or admins). They need to be authenticated as one of the following:

    1. Active Directory (AD) users or group members

    2. Invited nonfederated users

    3. IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM federation

    Omit this parameter for users in the third group, IAM users and IAM role-based sessions.

    ", "location":"querystring", "locationName":"user-arn" } @@ -20157,7 +22441,7 @@ "members":{ "EmbedUrl":{ "shape":"EmbeddingUrl", - "documentation":"

    A single-use URL that you can put into your server-side web page to embed your Amazon QuickSight session. This URL is valid for 5 minutes. The API operation provides the URL with an auth_code value that enables one (and only one) sign-on to a user session that is valid for 10 hours.

    " + "documentation":"

    A single-use URL that you can put into your server-side web page to embed your Quick Suite session. This URL is valid for 5 minutes. The API operation provides the URL with an auth_code value that enables one (and only one) sign-on to a user session that is valid for 10 hours.

    " }, "Status":{ "shape":"StatusCode", @@ -20308,7 +22592,7 @@ "members":{ "ResizeOption":{ "shape":"ResizeOption", - "documentation":"

    This value determines the layout behavior when the viewport is resized.

    • FIXED: A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called Classic.

    • RESPONSIVE: The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called Tiled.

    " + "documentation":"

    This value determines the layout behavior when the viewport is resized.

    • FIXED: A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called Classic.

    • RESPONSIVE: The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called Tiled.

    " }, "OptimizedViewPortWidth":{ "shape":"PixelLength", @@ -20338,7 +22622,13 @@ "documentation":"

    The principal ID of the group.

    " } }, - "documentation":"

    A group in Amazon QuickSight consists of a set of users. You can use groups to make it easier to manage access and security.

    " + "documentation":"

    A group in Quick Sight consists of a set of users. You can use groups to make it easier to manage access and security.

    " + }, + "GroupByColumnNameList":{ + "type":"list", + "member":{"shape":"ColumnName"}, + "max":128, + "min":0 }, "GroupDescription":{ "type":"string", @@ -20369,7 +22659,7 @@ "documentation":"

    The name of the group member (user).

    " } }, - "documentation":"

    A member of an Amazon QuickSight group. Currently, group members must be users. Groups can't be members of another group. .

    " + "documentation":"

    A member of an Quick Sight group. Currently, group members must be users. Groups can't be members of another group. .

    " }, "GroupMemberList":{ "type":"list", @@ -20518,10 +22808,18 @@ "shape":"HeatMapSortConfiguration", "documentation":"

    The sort configuration of a heat map.

    " }, + "RowAxisDisplayOptions":{ + "shape":"AxisDisplayOptions", + "documentation":"

    The options that determine the presentation of the row axis label.

    " + }, "RowLabelOptions":{ "shape":"ChartAxisLabelOptions", "documentation":"

    The label options of the row that is displayed in a heat map.

    " }, + "ColumnAxisDisplayOptions":{ + "shape":"AxisDisplayOptions", + "documentation":"

    The options that determine the presentation of the row axis label.

    " + }, "ColumnLabelOptions":{ "shape":"ChartAxisLabelOptions", "documentation":"

    The label options of the column that is displayed in a heat map.

    " @@ -20624,7 +22922,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A heat map.

    For more information, see Using heat maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A heat map.

    For more information, see Using heat maps in the Amazon Quick Suite User Guide.

    " }, "HexColor":{ "type":"string", @@ -20765,7 +23063,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A histogram.

    For more information, see Using histograms in the Amazon QuickSight User Guide.

    " + "documentation":"

    A histogram.

    For more information, see Using histograms in the Amazon Quick Suite User Guide.

    " }, "HorizontalTextAlignment":{ "type":"string", @@ -20781,6 +23079,17 @@ "max":256, "min":1 }, + "IAMConnectionMetadata":{ + "type":"structure", + "required":["RoleArn"], + "members":{ + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role to assume for authentication with Amazon Web Services services. This IAM role should be in the same account as Quick Sight.

    " + } + }, + "documentation":"

    Authentication metadata for IAM-based connections, used for first-party Amazon Web Services service integrations.

    " + }, "IAMPolicyAssignment":{ "type":"structure", "members":{ @@ -21105,6 +23414,66 @@ }, "documentation":"

    A static file that contains an image.

    " }, + "ImpalaParameters":{ + "type":"structure", + "required":[ + "Host", + "Port", + "SqlEndpointPath" + ], + "members":{ + "Host":{ + "shape":"Host", + "documentation":"

    The host name of the Impala data source.

    " + }, + "Port":{ + "shape":"Port", + "documentation":"

    The port of the Impala data source.

    " + }, + "Database":{ + "shape":"Database", + "documentation":"

    The database of the Impala data source.

    " + }, + "SqlEndpointPath":{ + "shape":"SqlEndpointPath", + "documentation":"

    The HTTP path of the Impala data source.

    " + } + }, + "documentation":"

    The parameters that are required to connect to a Impala data source.

    " + }, + "ImportTableOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"ImportTableOperationSource", + "documentation":"

    The source configuration that specifies which source table to import and any column mappings.

    " + } + }, + "documentation":"

    A transform operation that imports data from a source table.

    " + }, + "ImportTableOperationSource":{ + "type":"structure", + "required":["SourceTableId"], + "members":{ + "SourceTableId":{ + "shape":"DataSetEntityResourceId", + "documentation":"

    The identifier of the source table to import data from.

    " + }, + "ColumnIdMappings":{ + "shape":"DataSetColumnIdMappingList", + "documentation":"

    The mappings between source column identifiers and target column identifiers during the import.

    " + } + }, + "documentation":"

    Specifies the source table and column mappings for an import table operation.

    " + }, "IncludeFolderMembers":{ "type":"string", "enum":[ @@ -21311,6 +23680,10 @@ "shape":"ColumnName", "documentation":"

    The name of this column in the underlying data source.

    " }, + "Id":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the input column.

    " + }, "Type":{ "shape":"InputColumnDataType", "documentation":"

    The data type of the column.

    " @@ -21338,7 +23711,7 @@ "type":"list", "member":{"shape":"InputColumn"}, "max":2048, - "min":1 + "min":0 }, "InsightConfiguration":{ "type":"structure", @@ -21394,7 +23767,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    An insight visual.

    For more information, see Working with insights in the Amazon QuickSight User Guide.

    " + "documentation":"

    An insight visual.

    For more information, see Working with insights in the Amazon Quick Suite User Guide.

    " }, "InstanceId":{ "type":"string", @@ -21558,6 +23931,19 @@ "exception":true, "fault":true }, + "InvalidDataSetParameterValueException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"}, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this request.

    " + } + }, + "documentation":"

    An exception thrown when an invalid parameter value is provided for dataset operations.

    ", + "error":{"httpStatusCode":400}, + "exception":true + }, "InvalidNextTokenException":{ "type":"structure", "members":{ @@ -21692,12 +24078,79 @@ "members":{ "UniqueKey":{ "shape":"Boolean", - "documentation":"

    A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance.

    ", + "documentation":"

    A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick Sight to optimize query performance.

    ", "box":true } }, "documentation":"

    Properties associated with the columns participating in a join.

    " }, + "JoinOperandProperties":{ + "type":"structure", + "required":["OutputColumnNameOverrides"], + "members":{ + "OutputColumnNameOverrides":{ + "shape":"OutputColumnNameOverrideList", + "documentation":"

    A list of column name overrides to apply to the join operand's output columns.

    " + } + }, + "documentation":"

    Properties that control how columns are handled for a join operand, including column name overrides.

    " + }, + "JoinOperation":{ + "type":"structure", + "required":[ + "Alias", + "LeftOperand", + "RightOperand", + "Type", + "OnClause" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "LeftOperand":{ + "shape":"TransformOperationSource", + "documentation":"

    The left operand for the join operation.

    " + }, + "RightOperand":{ + "shape":"TransformOperationSource", + "documentation":"

    The right operand for the join operation.

    " + }, + "Type":{ + "shape":"JoinOperationType", + "documentation":"

    The type of join to perform, such as INNER, LEFT, RIGHT, or OUTER.

    " + }, + "OnClause":{ + "shape":"JoinOperationOnClause", + "documentation":"

    The join condition that specifies how to match rows between the left and right operands.

    " + }, + "LeftOperandProperties":{ + "shape":"JoinOperandProperties", + "documentation":"

    Properties that control how the left operand's columns are handled in the join result.

    " + }, + "RightOperandProperties":{ + "shape":"JoinOperandProperties", + "documentation":"

    Properties that control how the right operand's columns are handled in the join result.

    " + } + }, + "documentation":"

    A transform operation that combines data from two sources based on specified join conditions.

    " + }, + "JoinOperationOnClause":{ + "type":"string", + "max":512, + "min":1, + "sensitive":true + }, + "JoinOperationType":{ + "type":"string", + "enum":[ + "INNER", + "OUTER", + "LEFT", + "RIGHT" + ] + }, "JoinType":{ "type":"string", "enum":[ @@ -21955,7 +24408,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A key performance indicator (KPI).

    For more information, see Using KPIs in the Amazon QuickSight User Guide.

    " + "documentation":"

    A key performance indicator (KPI).

    For more information, see Using KPIs in the Amazon Quick Suite User Guide.

    " }, "KPIVisualLayoutOptions":{ "type":"structure", @@ -22114,7 +24567,7 @@ "documentation":"

    The configuration that determines what the type of layout for a sheet.

    " } }, - "documentation":"

    A Layout defines the placement of elements within a sheet.

    For more information, see Types of layout in the Amazon QuickSight User Guide.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " + "documentation":"

    A Layout defines the placement of elements within a sheet.

    For more information, see Types of layout in the Amazon Quick Suite User Guide.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " }, "LayoutConfiguration":{ "type":"structure", @@ -22491,7 +24944,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A line chart.

    For more information, see Using line charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A line chart.

    For more information, see Using line charts in the Amazon Quick Suite User Guide.

    " }, "LineInterpolation":{ "type":"string", @@ -22536,6 +24989,53 @@ }, "documentation":"

    A structure that contains the configuration of a shareable link to the dashboard.

    " }, + "ListActionConnectorsRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID for which to list action connectors.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of action connectors to return in a single response. Valid range is 1 to 100.

    ", + "location":"querystring", + "locationName":"max-results" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token to retrieve the next set of results. Use the token returned from a previous call to continue listing action connectors.

    ", + "location":"querystring", + "locationName":"next-token" + } + } + }, + "ListActionConnectorsResponse":{ + "type":"structure", + "required":["ActionConnectorSummaries"], + "members":{ + "ActionConnectorSummaries":{ + "shape":"ActionConnectorSummaryList", + "documentation":"

    A list of action connector summaries containing basic information about each connector.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token to retrieve the next set of results. If null, there are no more results to retrieve.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, "ListAnalysesRequest":{ "type":"structure", "required":["AwsAccountId"], @@ -23001,6 +25501,52 @@ } } }, + "ListFlowsInput":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that contains the flow list that you are getting.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token to request the next set of results, or null if you want to retrieve the first set.

    ", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"FlowMaxResults", + "documentation":"

    The maximum number of results to be returned per request.

    ", + "location":"querystring", + "locationName":"max-results" + } + } + }, + "ListFlowsOutput":{ + "type":"structure", + "members":{ + "FlowSummaryList":{ + "shape":"FlowSummaryList", + "documentation":"

    A structure that contains all of the flows in your Amazon Web Services account. This structure provides basic information about the flows.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token for the next set of results, or null if there are no more results.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    ", + "location":"statusCode" + } + } + }, "ListFolderMembersRequest":{ "type":"structure", "required":[ @@ -23189,7 +25735,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -23232,7 +25778,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -23434,7 +25980,7 @@ "members":{ "Services":{ "shape":"AuthorizedTargetsByServices", - "documentation":"

    A list of services and their authorized targets that the Amazon QuickSight IAM Identity Center application can access.

    " + "documentation":"

    A list of services and their authorized targets that the Quick Sight IAM Identity Center application can access.

    " }, "NextToken":{ "shape":"String", @@ -23518,7 +26064,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that contains the Amazon QuickSight namespaces that you want to list.

    ", + "documentation":"

    The ID for the Amazon Web Services account that contains the Quick Sight namespaces that you want to list.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -23627,7 +26173,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -23987,7 +26533,7 @@ }, "Type":{ "shape":"ThemeType", - "documentation":"

    The type of themes that you want to list. Valid options include the following:

    • ALL (default)- Display all existing themes.

    • CUSTOM - Display only the themes created by people using Amazon QuickSight.

    • QUICKSIGHT - Display only the starting themes defined by Amazon QuickSight.

    ", + "documentation":"

    The type of themes that you want to list. Valid options include the following:

    • ALL (default)- Display all existing themes.

    • CUSTOM - Display only the themes created by people using Amazon Quick Sight.

    • QUICKSIGHT - Display only the starting themes defined by Quick Sight.

    ", "location":"querystring", "locationName":"type" } @@ -24166,13 +26712,13 @@ "members":{ "UserName":{ "shape":"UserName", - "documentation":"

    The Amazon QuickSight user name that you want to list group memberships for.

    ", + "documentation":"

    The Amazon Quick Sight user name that you want to list group memberships for.

    ", "location":"uri", "locationName":"UserName" }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The Amazon Web Services account ID that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The Amazon Web Services account ID that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -24228,7 +26774,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -24721,6 +27267,11 @@ "TOPIC" ] }, + "MetadataFilesLocation":{ + "type":"string", + "max":1024, + "min":1 + }, "MetricComparisonComputation":{ "type":"structure", "required":["ComputationId"], @@ -24906,7 +27457,8 @@ "NUMERIC_EQUALITY_FILTER", "NUMERIC_RANGE_FILTER", "DATE_RANGE_FILTER", - "RELATIVE_DATE_FILTER" + "RELATIVE_DATE_FILTER", + "NULL_FILTER" ] }, "Namespace":{ @@ -25146,6 +27698,17 @@ "member":{"shape":"ShortRestrictiveResourceId"}, "max":20 }, + "NoneConnectionMetadata":{ + "type":"structure", + "required":["BaseEndpoint"], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for connections that do not require authentication.

    " + } + }, + "documentation":"

    Authentication metadata for connections that do not require authentication credentials.

    " + }, "NullFilterOption":{ "type":"string", "enum":[ @@ -25154,6 +27717,14 @@ "NULLS_ONLY" ] }, + "NullFilterType":{ + "type":"string", + "enum":[ + "ALL_VALUES", + "NON_NULLS_ONLY", + "NULLS_ONLY" + ] + }, "NullString":{ "type":"string", "max":128, @@ -25561,6 +28132,10 @@ "Database":{ "shape":"Database", "documentation":"

    The database.

    " + }, + "UseServiceName":{ + "shape":"Boolean", + "documentation":"

    A Boolean value that indicates whether the Database uses a service name or an SID. If this value is left blank, the default value is SID. If this value is set to false, the value is SID.

    " } }, "documentation":"

    The parameters for Oracle.

    " @@ -25579,6 +28154,10 @@ "shape":"ColumnName", "documentation":"

    The display name of the column..

    " }, + "Id":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the output column.

    " + }, "Description":{ "shape":"ColumnDescriptiveText", "documentation":"

    A description for a column.

    " @@ -25598,6 +28177,27 @@ "type":"list", "member":{"shape":"OutputColumn"} }, + "OutputColumnNameOverride":{ + "type":"structure", + "required":["OutputColumnName"], + "members":{ + "SourceColumnName":{ + "shape":"ColumnName", + "documentation":"

    The original name of the column from the source transform operation.

    " + }, + "OutputColumnName":{ + "shape":"ColumnName", + "documentation":"

    The new name to assign to the column in the output.

    " + } + }, + "documentation":"

    Specifies a mapping to override the name of an output column from a transform operation.

    " + }, + "OutputColumnNameOverrideList":{ + "type":"list", + "member":{"shape":"OutputColumnNameOverride"}, + "max":2048, + "min":1 + }, "OverrideDatasetParameterOperation":{ "type":"structure", "required":["ParameterName"], @@ -25824,7 +28424,7 @@ "documentation":"

    A parameter declaration for the DateTime data type.

    " } }, - "documentation":"

    The declaration definition of a parameter.

    For more information, see Parameters in Amazon QuickSight in the Amazon QuickSight User Guide.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " + "documentation":"

    The declaration definition of a parameter.

    For more information, see Parameters in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " }, "ParameterDeclarationList":{ "type":"list", @@ -26065,7 +28665,25 @@ "documentation":"

    The parameters that have a data type of date-time.

    " } }, - "documentation":"

    A list of Amazon QuickSight parameters and the list's override values.

    " + "documentation":"

    A list of Quick Sight parameters and the list's override values.

    " + }, + "ParentDataSet":{ + "type":"structure", + "required":[ + "DataSetArn", + "InputColumns" + ], + "members":{ + "DataSetArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the parent dataset.

    " + }, + "InputColumns":{ + "shape":"InputColumnList", + "documentation":"

    The list of input columns available from the parent dataset.

    " + } + }, + "documentation":"

    References a parent dataset that serves as a data source, including its columns and metadata.

    " }, "Password":{ "type":"string", @@ -26214,6 +28832,33 @@ "max":1000, "min":1 }, + "Permission":{ + "type":"structure", + "required":[ + "Actions", + "Principal" + ], + "members":{ + "Actions":{ + "shape":"ActionsList", + "documentation":"

    A list of actions that the principal can perform against the flow.

    The following are the list of values to set a principal as a flow owner:

    • quicksight:PublishFlow

    • quicksight:GetFlow

    • quicksight:UpdateFlowPermissions

    • quicksight:GetFlowSession

    • quicksight:StartFlowSession

    • quicksight:StopFlowSession

    • quicksight:UpdateFlowSession

    • quicksight:UnpublishFlow

    • quicksight:GetFlowStages

    • quicksight:DeleteFlow

    • quicksight:DescribeFlowPermissions

    • quicksight:UpdateFlow

    • quicksight:CreatePresignedUrl

    The following are the list of values to set a principal as a flow viewer:

    • quicksight:GetFlow

    • quicksight:UpdateFlowSession

    • quicksight:StartFlowSession

    • quicksight:StopFlowSession

    • quicksight:GetFlowSession

    • quicksight:CreatePresignedUrl

    • quicksight:GetFlowStages

    " + }, + "Principal":{ + "shape":"PermissionPrincipalString", + "documentation":"

    The Amazon Resource Name (ARN) of the principal. This can be an Amazon Quick Suite user, group or namespace associated with the flow. Namespace principal can only be set as a viewer and will grant everyone in the same namespace viewer permissions.

    " + } + }, + "documentation":"

    A structure that contains the permission information for one principal against one flow.

    " + }, + "PermissionPrincipalString":{ + "type":"string", + "max":256, + "min":1 + }, + "PermissionsList":{ + "type":"list", + "member":{"shape":"Permission"} + }, "PersonalizationMode":{ "type":"string", "enum":[ @@ -26235,6 +28880,10 @@ "S3Source":{ "shape":"S3Source", "documentation":"

    A physical table type for as S3 data source.

    " + }, + "SaaSTable":{ + "shape":"SaaSTable", + "documentation":"

    A physical table type for Software-as-a-Service (SaaS) sources.

    " } }, "documentation":"

    A view of a data source that contains information about the shape of the data in the underlying source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " @@ -26389,7 +29038,22 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A pie or donut chart.

    The PieChartVisual structure describes a visual that is a member of the pie chart family.

    The following charts can be described by using this structure:

    • Pie charts

    • Donut charts

    For more information, see Using pie charts in the Amazon QuickSight User Guide.

    For more information, see Using donut charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A pie or donut chart.

    The PieChartVisual structure describes a visual that is a member of the pie chart family.

    The following charts can be described by using this structure:

    • Pie charts

    • Donut charts

    For more information, see Using pie charts in the Amazon Quick Suite User Guide.

    For more information, see Using donut charts in the Amazon Quick Suite User Guide.

    " + }, + "PivotConfiguration":{ + "type":"structure", + "required":["PivotedLabels"], + "members":{ + "LabelColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name of the column that contains the labels to be pivoted into separate columns.

    " + }, + "PivotedLabels":{ + "shape":"PivotedLabelList", + "documentation":"

    The list of specific label values to pivot into separate columns.

    " + } + }, + "documentation":"

    Configuration for a pivot operation, specifying which column contains labels and how to pivot them.

    " }, "PivotFieldSortOptions":{ "type":"structure", @@ -26414,11 +29078,49 @@ "member":{"shape":"PivotFieldSortOptions"}, "max":200 }, + "PivotGroupByColumnNameList":{ + "type":"list", + "member":{"shape":"ColumnName"}, + "max":128, + "min":0 + }, "PivotMeasureFieldList":{ "type":"list", "member":{"shape":"MeasureField"}, "max":40 }, + "PivotOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "ValueColumnConfiguration", + "PivotConfiguration" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for pivoting.

    " + }, + "GroupByColumnNames":{ + "shape":"PivotGroupByColumnNameList", + "documentation":"

    The list of column names to group by when performing the pivot operation.

    " + }, + "ValueColumnConfiguration":{ + "shape":"ValueColumnConfiguration", + "documentation":"

    Configuration for how to aggregate values when multiple rows map to the same pivoted column.

    " + }, + "PivotConfiguration":{ + "shape":"PivotConfiguration", + "documentation":"

    Configuration that specifies which labels to pivot and how to structure the resulting columns.

    " + } + }, + "documentation":"

    A transform operation that pivots data by converting row values into columns.

    " + }, "PivotTableAggregatedFieldWells":{ "type":"structure", "members":{ @@ -26879,7 +29581,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A pivot table.

    For more information, see Using pivot tables in the Amazon QuickSight User Guide.

    " + "documentation":"

    A pivot table.

    For more information, see Using pivot tables in the Amazon Quick Suite User Guide.

    " }, "PivotTotalOptions":{ "type":"structure", @@ -26919,6 +29621,35 @@ }, "documentation":"

    The optional configuration of totals cells in a PivotTableVisual.

    " }, + "PivotedLabel":{ + "type":"structure", + "required":[ + "LabelName", + "NewColumnName", + "NewColumnId" + ], + "members":{ + "LabelName":{ + "shape":"CellValue", + "documentation":"

    The label value from the source data to be pivoted.

    " + }, + "NewColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name for the new column created from this pivoted label.

    " + }, + "NewColumnId":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the new column created from this pivoted label.

    " + } + }, + "documentation":"

    Specifies a label value to be pivoted into a separate column, including the new column name and identifier.

    " + }, + "PivotedLabelList":{ + "type":"list", + "member":{"shape":"PivotedLabel"}, + "max":100, + "min":0 + }, "PixelLength":{ "type":"string", "documentation":"String based length that is composed of value and unit in px" @@ -26944,12 +29675,16 @@ "shape":"PluginVisualConfiguration", "documentation":"

    A description of the plugin field wells and their persisted properties.

    " }, + "Actions":{ + "shape":"VisualCustomActionList", + "documentation":"

    The list of custom actions that are configured for a visual.

    " + }, "VisualContentAltText":{ "shape":"LongPlainText", "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A flexible visualization type that allows engineers to create new custom charts in Amazon QuickSight.

    " + "documentation":"

    A flexible visualization type that allows engineers to create new custom charts in Quick Sight.

    " }, "PluginVisualAxisName":{ "type":"string", @@ -27268,18 +30003,26 @@ "type":"structure", "required":["ProjectedColumns"], "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for column projection.

    " + }, "ProjectedColumns":{ - "shape":"ProjectedColumnList", + "shape":"ProjectedColumnNameList", "documentation":"

    Projected columns.

    " } }, "documentation":"

    A transform operation that projects columns. Operations that come after a projection can only refer to projected columns.

    " }, - "ProjectedColumnList":{ + "ProjectedColumnNameList":{ "type":"list", "member":{"shape":"String"}, - "max":2000, - "min":1 + "max":2048, + "min":0 }, "PropertyRole":{ "type":"string", @@ -27380,6 +30123,45 @@ "member":{"shape":"QAResult"} }, "QAUrl":{"type":"string"}, + "QBusinessInsightsStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "QBusinessParameters":{ + "type":"structure", + "required":["ApplicationArn"], + "members":{ + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Q Business application.

    " + } + }, + "documentation":"

    The parameters that are required to connect to an Amazon Q Business data source.

    " + }, + "QDataKey":{ + "type":"structure", + "members":{ + "QDataKeyArn":{ + "shape":"String", + "documentation":"

    The ARN of the KMS key that is registered to a Quick Sight account for encryption and decryption use as a QDataKey.

    " + }, + "QDataKeyType":{ + "shape":"QDataKeyType", + "documentation":"

    The type of QDataKey.

    " + } + }, + "documentation":"

    A structure that contains information about the QDataKey.

    " + }, + "QDataKeyType":{ + "type":"string", + "enum":[ + "AWS_OWNED", + "CMK" + ] + }, "QSearchStatus":{ "type":"string", "enum":[ @@ -27445,6 +30227,16 @@ "error":{"httpStatusCode":404}, "exception":true }, + "QuickSuiteActionsOption":{ + "type":"structure", + "members":{ + "AvailabilityStatus":{ + "shape":"DashboardBehavior", + "documentation":"

    Availability status.

    " + } + }, + "documentation":"

    Determines if Actions in Amazon Quick Suite are enabled in a dashboard..

    " + }, "RadarChartAggregatedFieldWells":{ "type":"structure", "members":{ @@ -27697,6 +30489,236 @@ }, "documentation":"

    The parameters for Amazon RDS.

    " }, + "ReadAPIKeyConnectionMetadata":{ + "type":"structure", + "required":["BaseEndpoint"], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for API key authentication.

    " + }, + "Email":{ + "shape":"Email", + "documentation":"

    The email address associated with the API key authentication.

    " + } + }, + "documentation":"

    Read-only authentication metadata for API key-based connections, containing non-sensitive configuration details.

    " + }, + "ReadAuthConfig":{ + "type":"structure", + "required":[ + "AuthenticationType", + "AuthenticationMetadata" + ], + "members":{ + "AuthenticationType":{ + "shape":"ConnectionAuthType", + "documentation":"

    The type of authentication being used (BASIC, API_KEY, OAUTH2_CLIENT_CREDENTIALS, or OAUTH2_AUTHORIZATION_CODE).

    " + }, + "AuthenticationMetadata":{ + "shape":"ReadAuthenticationMetadata", + "documentation":"

    The authentication metadata containing configuration details specific to the authentication type.

    " + } + }, + "documentation":"

    Read-only authentication configuration containing non-sensitive authentication details for action connectors.

    " + }, + "ReadAuthenticationMetadata":{ + "type":"structure", + "members":{ + "AuthorizationCodeGrantMetadata":{ + "shape":"ReadAuthorizationCodeGrantMetadata", + "documentation":"

    Read-only metadata for OAuth2 authorization code grant flow configuration.

    " + }, + "ClientCredentialsGrantMetadata":{ + "shape":"ReadClientCredentialsGrantMetadata", + "documentation":"

    Read-only metadata for OAuth2 client credentials grant flow configuration.

    " + }, + "BasicAuthConnectionMetadata":{ + "shape":"ReadBasicAuthConnectionMetadata", + "documentation":"

    Read-only metadata for basic authentication configuration.

    " + }, + "ApiKeyConnectionMetadata":{ + "shape":"ReadAPIKeyConnectionMetadata", + "documentation":"

    Read-only metadata for API key authentication configuration.

    " + }, + "NoneConnectionMetadata":{ + "shape":"ReadNoneConnectionMetadata", + "documentation":"

    Read-only metadata for connections that do not require authentication.

    " + }, + "IamConnectionMetadata":{ + "shape":"ReadIamConnectionMetadata", + "documentation":"

    Read-only metadata for IAM-based authentication configuration.

    " + } + }, + "documentation":"

    Read-only authentication metadata union containing non-sensitive configuration details for different authentication types.

    ", + "union":true + }, + "ReadAuthorizationCodeGrantCredentialsDetails":{ + "type":"structure", + "members":{ + "ReadAuthorizationCodeGrantDetails":{ + "shape":"ReadAuthorizationCodeGrantDetails", + "documentation":"

    The read-only authorization code grant configuration details.

    " + } + }, + "documentation":"

    Read-only credentials details for OAuth2 authorization code grant flow, containing non-sensitive configuration information.

    ", + "union":true + }, + "ReadAuthorizationCodeGrantDetails":{ + "type":"structure", + "required":[ + "ClientId", + "TokenEndpoint", + "AuthorizationEndpoint" + ], + "members":{ + "ClientId":{ + "shape":"ClientId", + "documentation":"

    The client identifier for the OAuth2 authorization code grant flow.

    " + }, + "TokenEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The authorization server endpoint used to obtain access tokens via the authorization code grant flow.

    " + }, + "AuthorizationEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The authorization server endpoint used to obtain authorization codes from the resource owner.

    " + } + }, + "documentation":"

    Read-only configuration details for OAuth2 authorization code grant flow, including endpoints and client information.

    " + }, + "ReadAuthorizationCodeGrantMetadata":{ + "type":"structure", + "required":[ + "BaseEndpoint", + "RedirectUrl" + ], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for the OAuth2 authorization code grant flow.

    " + }, + "RedirectUrl":{ + "shape":"Endpoint", + "documentation":"

    The redirect URL where the authorization server will send the user after authorization.

    " + }, + "ReadAuthorizationCodeGrantCredentialsDetails":{ + "shape":"ReadAuthorizationCodeGrantCredentialsDetails", + "documentation":"

    The read-only credentials details for the authorization code grant flow.

    " + }, + "AuthorizationCodeGrantCredentialsSource":{ + "shape":"AuthorizationCodeGrantCredentialsSource", + "documentation":"

    The source of credentials for the authorization code grant flow.

    " + } + }, + "documentation":"

    Read-only metadata for OAuth2 authorization code grant authentication configuration.

    " + }, + "ReadBasicAuthConnectionMetadata":{ + "type":"structure", + "required":[ + "BaseEndpoint", + "Username" + ], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for basic authentication.

    " + }, + "Username":{ + "shape":"ActionUserName", + "documentation":"

    The username used for basic authentication.

    " + } + }, + "documentation":"

    Read-only metadata for basic authentication connections, containing non-sensitive configuration details.

    " + }, + "ReadClientCredentialsDetails":{ + "type":"structure", + "members":{ + "ReadClientCredentialsGrantDetails":{ + "shape":"ReadClientCredentialsGrantDetails", + "documentation":"

    The read-only client credentials grant configuration details.

    " + } + }, + "documentation":"

    Read-only details for OAuth2 client credentials, containing non-sensitive configuration information.

    ", + "union":true + }, + "ReadClientCredentialsGrantDetails":{ + "type":"structure", + "required":[ + "ClientId", + "TokenEndpoint" + ], + "members":{ + "ClientId":{ + "shape":"ClientId", + "documentation":"

    The client identifier for the OAuth2 client credentials grant flow.

    " + }, + "TokenEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The authorization server endpoint used to obtain access tokens via the client credentials grant flow.

    " + } + }, + "documentation":"

    Read-only configuration details for OAuth2 client credentials grant flow, including client ID and token endpoint.

    " + }, + "ReadClientCredentialsGrantMetadata":{ + "type":"structure", + "required":["BaseEndpoint"], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for the OAuth2 client credentials grant flow.

    " + }, + "ReadClientCredentialsDetails":{ + "shape":"ReadClientCredentialsDetails", + "documentation":"

    The read-only client credentials configuration details.

    " + }, + "ClientCredentialsSource":{ + "shape":"ClientCredentialsSource", + "documentation":"

    The source of client credentials for the OAuth2 client credentials grant flow.

    " + } + }, + "documentation":"

    Read-only metadata for OAuth2 client credentials grant authentication configuration.

    " + }, + "ReadIamConnectionMetadata":{ + "type":"structure", + "required":[ + "RoleArn", + "SourceArn" + ], + "members":{ + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role to assume for authentication.

    " + }, + "SourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the source resource for IAM authentication.

    " + } + }, + "documentation":"

    Read-only metadata for IAM-based connections, containing role and source ARN information.

    " + }, + "ReadNoneConnectionMetadata":{ + "type":"structure", + "required":["BaseEndpoint"], + "members":{ + "BaseEndpoint":{ + "shape":"Endpoint", + "documentation":"

    The base endpoint URL for connections that do not require authentication.

    " + } + }, + "documentation":"

    Read-only metadata for connections that do not require authentication credentials.

    " + }, + "RecentSnapshotsConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The recent snapshots configuration for an embedded Quick Sight dashboard.

    " + } + }, + "documentation":"

    The recent snapshots configuration for an embedded Quick Sight dashboard.

    " + }, "RecoveryWindowInDays":{ "type":"long", "max":30, @@ -27708,22 +30730,22 @@ "members":{ "RoleArn":{ "shape":"RoleArn", - "documentation":"

    Use the RoleArn structure to allow Amazon QuickSight to call redshift:GetClusterCredentials on your cluster. The calling principal must have iam:PassRole access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.

    " + "documentation":"

    Use the RoleArn structure to allow Quick Sight to call redshift:GetClusterCredentials on your cluster. The calling principal must have iam:PassRole access to pass the role to Quick Sight. The role's trust policy must allow the Quick Sight service principal to assume the role.

    " }, "DatabaseUser":{ "shape":"DatabaseUser", - "documentation":"

    The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster. If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.

    " + "documentation":"

    The user whose permissions and group memberships will be used by Quick Sight to access the cluster. If this user already exists in your database, Amazon Quick Sight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.

    " }, "DatabaseGroups":{ "shape":"DatabaseGroupList", - "documentation":"

    A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster. These permissions are combined with the permissions granted to Amazon QuickSight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.

    " + "documentation":"

    A list of groups whose permissions will be granted to Quick Sight to access the cluster. These permissions are combined with the permissions granted to Quick Sight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.

    " }, "AutoCreateDatabaseUser":{ "shape":"Boolean", - "documentation":"

    Automatically creates a database user. If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Amazon QuickSight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user.

    " + "documentation":"

    Automatically creates a database user. If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Quick Sight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user.

    " } }, - "documentation":"

    A structure that grants Amazon QuickSight access to your cluster and make a call to the redshift:GetClusterCredentials API. For more information on the redshift:GetClusterCredentials API, see GetClusterCredentials .

    " + "documentation":"

    A structure that grants Quick Sight access to your cluster and make a call to the redshift:GetClusterCredentials API. For more information on the redshift:GetClusterCredentials API, see GetClusterCredentials .

    " }, "RedshiftParameters":{ "type":"structure", @@ -27747,11 +30769,11 @@ }, "IAMParameters":{ "shape":"RedshiftIAMParameters", - "documentation":"

    An optional parameter that uses IAM authentication to grant Amazon QuickSight access to your cluster. This parameter can be used instead of DataSourceCredentials.

    " + "documentation":"

    An optional parameter that uses IAM authentication to grant Quick Sight access to your cluster. This parameter can be used instead of DataSourceCredentials.

    " }, "IdentityCenterConfiguration":{ "shape":"IdentityCenterConfiguration", - "documentation":"

    An optional parameter that configures IAM Identity Center authentication to grant Amazon QuickSight access to your cluster.

    This parameter can only be specified if your Amazon QuickSight account is configured with IAM Identity Center.

    " + "documentation":"

    An optional parameter that configures IAM Identity Center authentication to grant Quick Sight access to your cluster.

    This parameter can only be specified if your Quick Sight account is configured with IAM Identity Center.

    " } }, "documentation":"

    The parameters for Amazon Redshift. The ClusterId field can be blank if Host and Port are both set. The Host and Port fields can be blank if the ClusterId field is set.

    " @@ -27956,6 +30978,33 @@ }, "documentation":"

    The refresh configuration of a dataset.

    " }, + "RefreshFailureAlertStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "RefreshFailureConfiguration":{ + "type":"structure", + "members":{ + "EmailAlert":{ + "shape":"RefreshFailureEmailAlert", + "documentation":"

    The email alert configuration for a dataset refresh failure.

    " + } + }, + "documentation":"

    The failure configuration of a dataset.

    " + }, + "RefreshFailureEmailAlert":{ + "type":"structure", + "members":{ + "AlertStatus":{ + "shape":"RefreshFailureAlertStatus", + "documentation":"

    The status value that determines if email alerts are sent.

    " + } + }, + "documentation":"

    The configuration settings for the email alerts that are sent when a dataset refresh fails.

    " + }, "RefreshFrequency":{ "type":"structure", "required":["Interval"], @@ -28012,7 +31061,7 @@ }, "RefreshType":{ "shape":"IngestionType", - "documentation":"

    The type of refresh that a datset undergoes. Valid values are as follows:

    • FULL_REFRESH: A complete refresh of a dataset.

    • INCREMENTAL_REFRESH: A partial refresh of some rows of a dataset, based on the time window specified.

    For more information on full and incremental refreshes, see Refreshing SPICE data in the Amazon QuickSight User Guide.

    " + "documentation":"

    The type of refresh that a datset undergoes. Valid values are as follows:

    • FULL_REFRESH: A complete refresh of a dataset.

    • INCREMENTAL_REFRESH: A partial refresh of some rows of a dataset, based on the time window specified.

    For more information on full and incremental refreshes, see Refreshing SPICE data in the Amazon Quick Suite User Guide.

    " }, "Arn":{ "shape":"Arn", @@ -28040,7 +31089,7 @@ "members":{ "IdentityType":{ "shape":"IdentityType", - "documentation":"

    The identity type that your Amazon QuickSight account uses to manage the identity of users.

    " + "documentation":"

    The identity type that your Quick Sight account uses to manage the identity of users.

    " }, "Email":{ "shape":"String", @@ -28048,19 +31097,19 @@ }, "UserRole":{ "shape":"UserRole", - "documentation":"

    The Amazon QuickSight role for the user. The user role can be one of the following:

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon QuickSight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Amazon QuickSight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Amazon QuickSight administrative settings. Admin Pro users are billed at Author Pro pricing.

    • RESTRICTED_READER: This role isn't currently available for use.

    • RESTRICTED_AUTHOR: This role isn't currently available for use.

    " + "documentation":"

    The Amazon Quick Sight role for the user. The user role can be one of the following:

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon Quick Sight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Quick Sight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Amazon Quick Sight administrative settings. Admin Pro users are billed at Author Pro pricing.

    • RESTRICTED_READER: This role isn't currently available for use.

    • RESTRICTED_AUTHOR: This role isn't currently available for use.

    " }, "IamArn":{ "shape":"String", - "documentation":"

    The ARN of the IAM user or role that you are registering with Amazon QuickSight.

    " + "documentation":"

    The ARN of the IAM user or role that you are registering with Amazon Quick Sight.

    " }, "SessionName":{ "shape":"RoleSessionName", - "documentation":"

    You need to use this parameter only when you register one or more users using an assumed IAM role. You don't need to provide the session name for other scenarios, for example when you are registering an IAM user or an Amazon QuickSight user. You can register multiple users using the same IAM role if each user has a different session name. For more information on assuming IAM roles, see assume-role in the CLI Reference.

    " + "documentation":"

    You need to use this parameter only when you register one or more users using an assumed IAM role. You don't need to provide the session name for other scenarios, for example when you are registering an IAM user or an Amazon Quick Sight user. You can register multiple users using the same IAM role if each user has a different session name. For more information on assuming IAM roles, see assume-role in the CLI Reference.

    " }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -28072,19 +31121,19 @@ }, "UserName":{ "shape":"UserName", - "documentation":"

    The Amazon QuickSight user name that you want to create for the user you are registering.

    " + "documentation":"

    The Amazon Quick Sight user name that you want to create for the user you are registering.

    " }, "CustomPermissionsName":{ "shape":"RoleName", - "documentation":"

    (Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

    • Create and update data sources

    • Create and update datasets

    • Create and update email reports

    • Subscribe to email reports

    To add custom permissions to an existing user, use UpdateUser instead.

    A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Amazon QuickSight user.

    Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader, admin pro, author pro, reader pro).

    This feature is available only to Amazon QuickSight Enterprise edition subscriptions.

    " + "documentation":"

    (Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

    • Create and update data sources

    • Create and update datasets

    • Create and update email reports

    • Subscribe to email reports

    To add custom permissions to an existing user, use UpdateUser instead.

    A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Quick Sight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Quick Sight user.

    Quick Sight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Quick Sight users to one of the default security cohorts in Quick Sight (admin, author, reader, admin pro, author pro, reader pro).

    This feature is available only to Quick Sight Enterprise edition subscriptions.

    " }, "ExternalLoginFederationProviderType":{ "shape":"String", - "documentation":"

    The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

    " + "documentation":"

    The type of supported external login provider that provides identity to let a user federate into Amazon Quick Sight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

    " }, "CustomFederationProviderUrl":{ "shape":"String", - "documentation":"

    The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

    " + "documentation":"

    The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Quick Sight with an associated Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

    " }, "ExternalLoginId":{ "shape":"String", @@ -28123,28 +31172,44 @@ "members":{ "KeyArn":{ "shape":"String", - "documentation":"

    The ARN of the KMS key that is registered to a Amazon QuickSight account for encryption and decryption use.

    " + "documentation":"

    The ARN of the KMS key that is registered to a Quick Sight account for encryption and decryption use.

    " }, "DefaultKey":{ "shape":"Boolean", "documentation":"

    Indicates whether a RegisteredCustomerManagedKey is set as the default key for encryption and decryption use.

    " } }, - "documentation":"

    A customer managed key structure that contains the information listed below:

    • KeyArn - The ARN of a KMS key that is registered to a Amazon QuickSight account for encryption and decryption use.

    • DefaultKey - Indicates whether the current key is set as the default key for encryption and decryption use.

    " + "documentation":"

    A customer managed key structure that contains the information listed below:

    • KeyArn - The ARN of a KMS key that is registered to a Quick Sight account for encryption and decryption use.

    • DefaultKey - Indicates whether the current key is set as the default key for encryption and decryption use.

    " }, "RegisteredUserConsoleFeatureConfigurations":{ "type":"structure", "members":{ "StatePersistence":{ "shape":"StatePersistenceConfigurations", - "documentation":"

    The state persistence configurations of an embedded Amazon QuickSight console.

    " + "documentation":"

    The state persistence configurations of an embedded Amazon Quick Sight console.

    " }, "SharedView":{ "shape":"SharedViewConfigurations", "documentation":"

    The shared view settings of an embedded dashboard.

    " + }, + "AmazonQInQuickSight":{ + "shape":"AmazonQInQuickSightConsoleConfigurations", + "documentation":"

    The Amazon Q configurations of an embedded Amazon Quick Sight console.

    " + }, + "Schedules":{ + "shape":"SchedulesConfigurations", + "documentation":"

    The schedules configuration for an embedded Quick Sight dashboard.

    " + }, + "RecentSnapshots":{ + "shape":"RecentSnapshotsConfigurations", + "documentation":"

    The recent snapshots configuration for an embedded Quick Sight dashboard.

    " + }, + "ThresholdAlerts":{ + "shape":"ThresholdAlertsConfigurations", + "documentation":"

    The threshold alerts configuration for an embedded Quick Sight dashboard.

    " } }, - "documentation":"

    The feature configurations of an embedded Amazon QuickSight console.

    " + "documentation":"

    The feature configurations of an embedded Amazon Quick Sight console.

    " }, "RegisteredUserDashboardEmbeddingConfiguration":{ "type":"structure", @@ -28152,11 +31217,11 @@ "members":{ "InitialDashboardId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard if the user has permissions to view it.

    If the user does not have permission to view this dashboard, they see a permissions error message.

    " + "documentation":"

    The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon Quick Sight renders this dashboard if the user has permissions to view it.

    If the user does not have permission to view this dashboard, they see a permissions error message.

    " }, "FeatureConfigurations":{ "shape":"RegisteredUserDashboardFeatureConfigurations", - "documentation":"

    The feature configurations of an embbedded Amazon QuickSight dashboard.

    " + "documentation":"

    The feature configurations of an embbedded Amazon Quick Sight dashboard.

    " } }, "documentation":"

    Information about the dashboard you want to embed.

    " @@ -28174,7 +31239,23 @@ }, "Bookmarks":{ "shape":"BookmarksConfigurations", - "documentation":"

    The bookmarks configuration for an embedded dashboard in Amazon QuickSight.

    " + "documentation":"

    The bookmarks configuration for an embedded dashboard in Amazon Quick Sight.

    " + }, + "AmazonQInQuickSight":{ + "shape":"AmazonQInQuickSightDashboardConfigurations", + "documentation":"

    The Amazon Q configurations of an embedded Amazon Quick Sight dashboard.

    " + }, + "Schedules":{ + "shape":"SchedulesConfigurations", + "documentation":"

    The schedules configuration for an embedded Quick Sight dashboard.

    " + }, + "RecentSnapshots":{ + "shape":"RecentSnapshotsConfigurations", + "documentation":"

    The recent snapshots configuration for an Quick Sight embedded dashboard

    " + }, + "ThresholdAlerts":{ + "shape":"ThresholdAlertsConfigurations", + "documentation":"

    The threshold alerts configuration for an Quick Sight embedded dashboard.

    " } }, "documentation":"

    The feature configuration for an embedded dashboard.

    " @@ -28185,7 +31266,7 @@ "members":{ "InitialDashboardVisualId":{ "shape":"DashboardVisualId", - "documentation":"

    The visual ID for the visual that you want the user to embed. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this visual.

    The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " + "documentation":"

    The visual ID for the visual that you want the user to embed. This ID is included in the output URL. When the URL in response is accessed, Amazon Quick Sight renders this visual.

    The Amazon Resource Name (ARN) of the dashboard that the visual belongs to must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

    " } }, "documentation":"

    The experience that you are embedding. You can use this object to generate a url that embeds a visual into your application.

    " @@ -28199,29 +31280,29 @@ }, "QuickSightConsole":{ "shape":"RegisteredUserQuickSightConsoleEmbeddingConfiguration", - "documentation":"

    The configuration details for providing each Amazon QuickSight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see Customizing Access to the Amazon QuickSight Console in the Amazon QuickSight User Guide.

    Use GenerateEmbedUrlForRegisteredUser where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon QuickSight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use the RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

    " + "documentation":"

    The configuration details for providing each Amazon Quick Sight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see Customizing Access to the Amazon Quick Sight Console in the Amazon Quick Suite User Guide.

    Use GenerateEmbedUrlForRegisteredUser where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon Quick Sight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use the RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon Quick Suite User Guide:

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon Quick Suite Developer Portal.

    " }, "QSearchBar":{ "shape":"RegisteredUserQSearchBarEmbeddingConfiguration", - "documentation":"

    The configuration details for embedding the Q search bar.

    For more information about embedding the Q search bar, see Embedding Overview in the Amazon QuickSight User Guide.

    " + "documentation":"

    The configuration details for embedding the Q search bar.

    For more information about embedding the Q search bar, see Embedding Overview in the Amazon Quick Sight User Guide.

    " }, "DashboardVisual":{ "shape":"RegisteredUserDashboardVisualEmbeddingConfiguration", - "documentation":"

    The type of embedding experience. In this case, Amazon QuickSight visuals.

    " + "documentation":"

    The type of embedding experience. In this case, Amazon Quick Sight visuals.

    " }, "GenerativeQnA":{ "shape":"RegisteredUserGenerativeQnAEmbeddingConfiguration", - "documentation":"

    The configuration details for embedding the Generative Q&A experience.

    For more information about embedding the Generative Q&A experience, see Embedding Overview in the Amazon QuickSight User Guide.

    " + "documentation":"

    The configuration details for embedding the Generative Q&A experience.

    For more information about embedding the Generative Q&A experience, see Embedding Overview in the Amazon Quick Sight User Guide.

    " } }, - "documentation":"

    The type of experience you want to embed. For registered users, you can embed Amazon QuickSight dashboards or the Amazon QuickSight console.

    Exactly one of the experience configurations is required. You can choose Dashboard or QuickSightConsole. You cannot choose more than one experience configuration.

    " + "documentation":"

    The type of experience you want to embed. For registered users, you can embed Quick Suite dashboards or the Amazon Quick Sight console.

    Exactly one of the experience configurations is required. You can choose Dashboard or QuickSightConsole. You cannot choose more than one experience configuration.

    " }, "RegisteredUserGenerativeQnAEmbeddingConfiguration":{ "type":"structure", "members":{ "InitialTopicId":{ "shape":"RestrictiveResourceId", - "documentation":"

    The ID of the new Q reader experience topic that you want to make the starting topic in the Generative Q&A experience. You can find a topic ID by navigating to the Topics pane in the Amazon QuickSight application and opening a topic. The ID is in the URL for the topic that you open.

    If you don't specify an initial topic or you specify a legacy topic, a list of all shared new reader experience topics is shown in the Generative Q&A experience for your readers. When you select an initial new reader experience topic, you can specify whether or not readers are allowed to select other new reader experience topics from the available ones in the list.

    " + "documentation":"

    The ID of the new Q reader experience topic that you want to make the starting topic in the Generative Q&A experience. You can find a topic ID by navigating to the Topics pane in the Quick Suite application and opening a topic. The ID is in the URL for the topic that you open.

    If you don't specify an initial topic or you specify a legacy topic, a list of all shared new reader experience topics is shown in the Generative Q&A experience for your readers. When you select an initial new reader experience topic, you can specify whether or not readers are allowed to select other new reader experience topics from the available ones in the list.

    " } }, "documentation":"

    An object that provides information about the configuration of a Generative Q&A experience.

    " @@ -28231,7 +31312,7 @@ "members":{ "InitialTopicId":{ "shape":"RestrictiveResourceId", - "documentation":"

    The ID of the legacy Q topic that you want to use as the starting topic in the Q search bar. To locate the topic ID of the topic that you want to use, open the Amazon QuickSight console, navigate to the Topics pane, and choose thre topic that you want to use. The TopicID is located in the URL of the topic that opens. When you select an initial topic, you can specify whether or not readers are allowed to select other topics from the list of available topics.

    If you don't specify an initial topic or if you specify a new reader experience topic, a list of all shared legacy topics is shown in the Q bar.

    " + "documentation":"

    The ID of the legacy Q topic that you want to use as the starting topic in the Q search bar. To locate the topic ID of the topic that you want to use, open the Quick Sight console, navigate to the Topics pane, and choose thre topic that you want to use. The TopicID is located in the URL of the topic that opens. When you select an initial topic, you can specify whether or not readers are allowed to select other topics from the list of available topics.

    If you don't specify an initial topic or if you specify a new reader experience topic, a list of all shared legacy topics is shown in the Q bar.

    " } }, "documentation":"

    Information about the Q search bar embedding experience.

    " @@ -28241,14 +31322,14 @@ "members":{ "InitialPath":{ "shape":"EntryPath", - "documentation":"

    The initial URL path for the Amazon QuickSight console. InitialPath is required.

    The entry point URL is constrained to the following paths:

    • /start

    • /start/analyses

    • /start/dashboards

    • /start/favorites

    • /dashboards/DashboardId. DashboardId is the actual ID key from the Amazon QuickSight console URL of the dashboard.

    • /analyses/AnalysisId. AnalysisId is the actual ID key from the Amazon QuickSight console URL of the analysis.

    " + "documentation":"

    The initial URL path for the Amazon Quick Sight console. InitialPath is required.

    The entry point URL is constrained to the following paths:

    • /start

    • /start/analyses

    • /start/dashboards

    • /start/favorites

    • /dashboards/DashboardId. DashboardId is the actual ID key from the Amazon Quick Sight console URL of the dashboard.

    • /analyses/AnalysisId. AnalysisId is the actual ID key from the Amazon Quick Sight console URL of the analysis.

    " }, "FeatureConfigurations":{ "shape":"RegisteredUserConsoleFeatureConfigurations", - "documentation":"

    The embedding configuration of an embedded Amazon QuickSight console.

    " + "documentation":"

    The embedding configuration of an embedded Amazon Quick Sight console.

    " } }, - "documentation":"

    Information about the Amazon QuickSight console that you want to embed.

    " + "documentation":"

    Information about the Amazon Quick Sight console that you want to embed.

    " }, "RelationalTable":{ "type":"structure", @@ -28409,6 +31490,35 @@ }, "documentation":"

    A transform operation that renames a column.

    " }, + "RenameColumnOperationList":{ + "type":"list", + "member":{"shape":"RenameColumnOperation"}, + "max":2048, + "min":0 + }, + "RenameColumnsOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "RenameColumnOperations" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for column renaming.

    " + }, + "RenameColumnOperations":{ + "shape":"RenameColumnOperationList", + "documentation":"

    The list of column rename operations to perform, specifying old and new column names.

    " + } + }, + "documentation":"

    A transform operation that renames one or more columns in the dataset.

    " + }, "ResizeOption":{ "type":"string", "enum":[ @@ -28416,6 +31526,7 @@ "RESPONSIVE" ] }, + "ResourceArn":{"type":"string"}, "ResourceExistsException":{ "type":"structure", "members":{ @@ -28465,7 +31576,7 @@ "members":{ "Principal":{ "shape":"Principal", - "documentation":"

    The Amazon Resource Name (ARN) of the principal. This can be one of the following:

    • The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)

    • The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)

    • The ARN of an Amazon Web Services account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across Amazon Web Services accounts. (This is less common.)

    " + "documentation":"

    The Amazon Resource Name (ARN) of the principal. This can be one of the following:

    • The ARN of an Quick Sight user or group associated with a data source or dataset. (This is common.)

    • The ARN of an Quick Sight user, group, or namespace associated with an analysis, dashboard, template, or theme. Namespace sharing is not supported for action connectors. (This is common.)

    • The ARN of an Amazon Web Services account root: This is an IAM ARN rather than a Quick Sight ARN. Use this option only to share resources (templates) across Amazon Web Services accounts. Account root sharing is not supported for action connectors. (This is less common.)

    " }, "Actions":{ "shape":"ActionList", @@ -28667,6 +31778,14 @@ }, "documentation":"

    Information about rows for a data set SPICE ingestion.

    " }, + "RowLevelPermissionConfiguration":{ + "type":"structure", + "members":{ + "TagConfiguration":{"shape":"RowLevelPermissionTagConfiguration"}, + "RowLevelPermissionDataSet":{"shape":"RowLevelPermissionDataSet"} + }, + "documentation":"

    Configuration for row level security.

    " + }, "RowLevelPermissionDataSet":{ "type":"structure", "required":[ @@ -28695,7 +31814,12 @@ "documentation":"

    The status of the row-level security permission dataset. If enabled, the status is ENABLED. If disabled, the status is DISABLED.

    " } }, - "documentation":"

    Information about a dataset that contains permissions for row-level security (RLS). The permissions dataset maps fields to users or groups. For more information, see Using Row-Level Security (RLS) to Restrict Access to a Dataset in the Amazon QuickSight User Guide.

    The option to deny permissions by setting PermissionPolicy to DENY_ACCESS is not supported for new RLS datasets.

    " + "documentation":"

    Information about a dataset that contains permissions for row-level security (RLS). The permissions dataset maps fields to users or groups. For more information, see Using Row-Level Security (RLS) to Restrict Access to a Dataset in the Quick Sight User Guide.

    The option to deny permissions by setting PermissionPolicy to DENY_ACCESS is not supported for new RLS datasets.

    " + }, + "RowLevelPermissionDataSetMap":{ + "type":"map", + "key":{"shape":"DataSetEntityResourceId"}, + "value":{"shape":"RowLevelPermissionDataSet"} }, "RowLevelPermissionFormatVersion":{ "type":"string", @@ -28809,20 +31933,39 @@ "documentation":"

    The region that the Amazon S3 bucket is located in. The bucket must be located in the same region that the StartDashboardSnapshotJob API call is made.

    " } }, - "documentation":"

    An optional structure that contains the Amazon S3 bucket configuration that the generated snapshots are stored in. If you don't provide this information, generated snapshots are stored in the default Amazon QuickSight bucket.

    " + "documentation":"

    An optional structure that contains the Amazon S3 bucket configuration that the generated snapshots are stored in. If you don't provide this information, generated snapshots are stored in the default Amazon Quick Sight bucket.

    " }, "S3Key":{ "type":"string", "max":1024, "min":1 }, + "S3KnowledgeBaseParameters":{ + "type":"structure", + "required":["BucketUrl"], + "members":{ + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

    Use the RoleArn structure to override an account-wide role for a specific S3 Knowledge Base data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use RoleArn to bypass the account-wide role and allow S3 access for the single S3 Knowledge Base data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active.

    " + }, + "BucketUrl":{ + "shape":"S3Bucket", + "documentation":"

    The URL of the S3 bucket that contains the knowledge base data.

    " + }, + "MetadataFilesLocation":{ + "shape":"MetadataFilesLocation", + "documentation":"

    The location of metadata files within the S3 bucket that describe the structure and content of the knowledge base.

    " + } + }, + "documentation":"

    The parameters that are required to connect to a S3 Knowledge Base data source.

    " + }, "S3Parameters":{ "type":"structure", "required":["ManifestFileLocation"], "members":{ "ManifestFileLocation":{ "shape":"ManifestFileLocation", - "documentation":"

    Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight.

    " + "documentation":"

    Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Quick Sight.

    " }, "RoleArn":{ "shape":"RoleArn", @@ -28857,6 +32000,29 @@ "type":"string", "pattern":"^(https|s3)://([^/]+)/?(.*)$" }, + "SaaSTable":{ + "type":"structure", + "required":[ + "DataSourceArn", + "TablePath", + "InputColumns" + ], + "members":{ + "DataSourceArn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the SaaS data source.

    " + }, + "TablePath":{ + "shape":"TablePathElementList", + "documentation":"

    The hierarchical path to the table within the SaaS data source.

    " + }, + "InputColumns":{ + "shape":"InputColumnList", + "documentation":"

    The list of input columns available from the SaaS table.

    " + } + }, + "documentation":"

    A table from a Software-as-a-Service (SaaS) data source, including connection details and column definitions.

    " + }, "SameSheetTargetVisualConfiguration":{ "type":"structure", "members":{ @@ -28968,7 +32134,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A sankey diagram.

    For more information, see Using Sankey diagrams in the Amazon QuickSight User Guide.

    " + "documentation":"

    A sankey diagram.

    For more information, see Using Sankey diagrams in the Amazon Quick Suite User Guide.

    " }, "ScatterPlotCategoricallyAggregatedFieldWells":{ "type":"structure", @@ -29126,7 +32292,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A scatter plot.

    For more information, see Using scatter plots in the Amazon QuickSight User Guide.

    " + "documentation":"

    A scatter plot.

    For more information, see Using scatter plots in the Amazon Quick Suite User Guide.

    " }, "ScheduleRefreshOnEntity":{ "type":"structure", @@ -29142,6 +32308,17 @@ }, "documentation":"

    The refresh on entity for weekly or monthly schedules.

    " }, + "SchedulesConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The schedules configuration for an embedded Quick Sight dashboard.

    " + } + }, + "documentation":"

    The schedules configuration for an embedded Quick Sight dashboard.

    " + }, "ScrollBarOptions":{ "type":"structure", "members":{ @@ -29156,6 +32333,64 @@ }, "documentation":"

    The visual display options for a data zoom scroll bar.

    " }, + "SearchActionConnectorsRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "Filters" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID in which to search for action connectors.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "MaxResults":{ + "shape":"SearchActionConnectorsRequestMaxResultsInteger", + "documentation":"

    The maximum number of action connectors to return in a single response. Valid range is 1 to 100.

    ", + "location":"querystring", + "locationName":"max-results" + }, + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token to retrieve the next set of results. Use the token returned from a previous call to continue searching.

    ", + "location":"querystring", + "locationName":"next-token" + }, + "Filters":{ + "shape":"ActionConnectorSearchFilterList", + "documentation":"

    The search filters to apply. You can filter by connector name, type, or user permissions. Maximum of one filter is supported.

    " + } + } + }, + "SearchActionConnectorsRequestMaxResultsInteger":{ + "type":"integer", + "max":100, + "min":0 + }, + "SearchActionConnectorsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    A pagination token to retrieve the next set of results. If null, there are no more results to retrieve.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + }, + "ActionConnectorSummaries":{ + "shape":"ActionConnectorSummaryList", + "documentation":"

    A list of action connector summaries that match the search criteria.

    " + } + } + }, "SearchAnalysesRequest":{ "type":"structure", "required":[ @@ -29356,6 +32591,90 @@ } } }, + "SearchFilterOperator":{ + "type":"string", + "enum":[ + "StringEquals", + "StringLike" + ] + }, + "SearchFlowsFilter":{ + "type":"structure", + "required":[ + "Name", + "Operator", + "Value" + ], + "members":{ + "Name":{ + "shape":"FieldName", + "documentation":"

    The name of the value that you want to use as a filter, for example \"Name\": \"DIRECT_QUICKSIGHT_SOLE_OWNER\".

    Valid values are defined as follows:

    • assetName: Any flows whose names have a substring match to this value will be returned.

    • assetDescription: Any flows whose descriptions have a substring match to this value will be returned.

    • DIRECT_QUICKSIGHT_SOLE_OWNER: Provide an ARN of a user or group, and any analyses with that ARN listed as the only owner of the analysis are returned. Implicit permissions from folders or groups are not considered.

    • DIRECT_QUICKSIGHT_OWNER: Provide an ARN of a user or group, and any analyses with that ARN listed as one of the owners of the analyses are returned. Implicit permissions from folders or groups are not considered.

    • DIRECT_QUICKSIGHT_VIEWER_OR_OWNER: Provide an ARN of a user or group, and any analyses with that ARN listed as one of the owners or viewers of the analyses are returned. Implicit permissions from folders or groups are not considered.

    " + }, + "Operator":{ + "shape":"SearchFilterOperator", + "documentation":"

    The comparison operator that you want to use as a filter, for example \"Operator\": \"StringEquals\". Valid values are \"StringEquals\" and \"StringLike\".

    " + }, + "Value":{ + "shape":"String", + "documentation":"

    The value of the named item, in this case DIRECT_QUICKSIGHT_SOLE_OWNER, that you want to use as a filter, for example \"Value\". An example is \"arn:aws:quicksight:us-east-1:1:user/default/UserName1\".

    " + } + }, + "documentation":"

    A structure that contains the filter information when searching flows.

    " + }, + "SearchFlowsFilterList":{ + "type":"list", + "member":{"shape":"SearchFlowsFilter"} + }, + "SearchFlowsInput":{ + "type":"structure", + "required":[ + "AwsAccountId", + "Filters" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account where you are searching for flows from.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "Filters":{ + "shape":"SearchFlowsFilterList", + "documentation":"

    The filters applied to the search when searching for flows in the Amazon Web Services account.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token to request the next set of results, or null if you want to retrieve the first set.

    " + }, + "MaxResults":{ + "shape":"FlowMaxResults", + "documentation":"

    The maximum number of results to be returned per request.

    " + } + } + }, + "SearchFlowsOutput":{ + "type":"structure", + "required":["FlowSummaryList"], + "members":{ + "FlowSummaryList":{ + "shape":"FlowSummaryList", + "documentation":"

    The list of flows found against the search.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The token for the next set of results, or null if there are no more results.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    ", + "location":"statusCode" + } + } + }, "SearchFoldersRequest":{ "type":"structure", "required":[ @@ -29416,7 +32735,7 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -29707,6 +33026,50 @@ }, "documentation":"

    A structure that represents a semantic entity type.

    " }, + "SemanticModelConfiguration":{ + "type":"structure", + "members":{ + "TableMap":{ + "shape":"SemanticTableMap", + "documentation":"

    A map of semantic tables that define the analytical structure.

    " + } + }, + "documentation":"

    Configuration for the semantic model that defines how prepared data is structured for analysis and reporting.

    " + }, + "SemanticTable":{ + "type":"structure", + "required":[ + "Alias", + "DestinationTableId" + ], + "members":{ + "Alias":{ + "shape":"SemanticTableAlias", + "documentation":"

    Alias for the semantic table.

    " + }, + "DestinationTableId":{ + "shape":"DataSetEntityResourceId", + "documentation":"

    The identifier of the destination table from data preparation that provides data to this semantic table.

    " + }, + "RowLevelPermissionConfiguration":{ + "shape":"RowLevelPermissionConfiguration", + "documentation":"

    Configuration for row level security that control data access for this semantic table.

    " + } + }, + "documentation":"

    A semantic table that represents the final analytical structure of the data.

    " + }, + "SemanticTableAlias":{ + "type":"string", + "max":64, + "min":1 + }, + "SemanticTableMap":{ + "type":"map", + "key":{"shape":"DataSetEntityResourceId"}, + "value":{"shape":"SemanticTable"}, + "max":1, + "min":1 + }, "SemanticType":{ "type":"structure", "members":{ @@ -29790,6 +33153,7 @@ "type":"list", "member":{"shape":"SensitiveTimestamp"} }, + "Separator":{"type":"string"}, "SeriesItem":{ "type":"structure", "members":{ @@ -29824,7 +33188,8 @@ "type":"string", "enum":[ "REDSHIFT", - "QBUSINESS" + "QBUSINESS", + "ATHENA" ] }, "SessionLifetimeInMinutes":{ @@ -29945,14 +33310,14 @@ }, "Name":{ "shape":"SheetName", - "documentation":"

    The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.

    " + "documentation":"

    The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.

    " }, "Images":{ "shape":"SheetImageList", "documentation":"

    A list of images on a sheet.

    " } }, - "documentation":"

    A sheet, which is an object that contains a set of visuals that are viewed together on one page in Amazon QuickSight. Every analysis and dashboard contains at least one sheet. Each sheet contains at least one visualization widget, for example a chart, pivot table, or narrative insight. Sheets can be associated with other components, such as controls, filters, and so on.

    " + "documentation":"

    A sheet, which is an object that contains a set of visuals that are viewed together on one page in Quick Sight. Every analysis and dashboard contains at least one sheet. Each sheet contains at least one visualization widget, for example a chart, pivot table, or narrative insight. Sheets can be associated with other components, such as controls, filters, and so on.

    " }, "SheetContentType":{ "type":"string", @@ -30061,15 +33426,15 @@ }, "Name":{ "shape":"SheetName", - "documentation":"

    The name of the sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.

    " + "documentation":"

    The name of the sheet. This name is displayed on the sheet's tab in the Quick Suite console.

    " }, "ParameterControls":{ "shape":"ParameterControlList", - "documentation":"

    The list of parameter controls that are on a sheet.

    For more information, see Using a Control with a Parameter in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    The list of parameter controls that are on a sheet.

    For more information, see Using a Control with a Parameter in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "FilterControls":{ "shape":"FilterControlList", - "documentation":"

    The list of filter controls that are on a sheet.

    For more information, see Adding filter controls to analysis sheets in the Amazon QuickSight User Guide.

    " + "documentation":"

    The list of filter controls that are on a sheet.

    For more information, see Adding filter controls to analysis sheets in the Amazon Quick Suite User Guide.

    " }, "Visuals":{ "shape":"VisualList", @@ -30085,7 +33450,7 @@ }, "Layouts":{ "shape":"LayoutList", - "documentation":"

    Layouts define how the components of a sheet are arranged.

    For more information, see Types of layout in the Amazon QuickSight User Guide.

    " + "documentation":"

    Layouts define how the components of a sheet are arranged.

    For more information, see Types of layout in the Amazon Quick Suite User Guide.

    " }, "SheetControlLayouts":{ "shape":"SheetControlLayoutList", @@ -30094,6 +33459,10 @@ "ContentType":{ "shape":"SheetContentType", "documentation":"

    The layout content type of the sheet. Choose one of the following options:

    • PAGINATED: Creates a sheet for a paginated report.

    • INTERACTIVE: Creates a sheet for an interactive dashboard.

    " + }, + "CustomActionDefaults":{ + "shape":"VisualCustomActionDefaults", + "documentation":"

    A list of visual custom actions for the sheet.

    " } }, "documentation":"

    A sheet is an object that contains a set of visuals that are viewed together on one page in a paginated report. Every analysis and dashboard must contain at least one sheet.

    " @@ -30294,6 +33663,10 @@ "Content":{ "shape":"SheetTextBoxContent", "documentation":"

    The content that is displayed in the text box.

    " + }, + "Interactions":{ + "shape":"TextBoxInteractionOptions", + "documentation":"

    The general textbox interactions setup for a textbox.

    " } }, "documentation":"

    A text box.

    " @@ -30375,19 +33748,19 @@ "members":{ "IAMUser":{ "shape":"Boolean", - "documentation":"

    A Boolean that is TRUE if the Amazon QuickSight uses IAM as an authentication method.

    " + "documentation":"

    A Boolean that is TRUE if the Amazon Quick Sight uses IAM as an authentication method.

    " }, "userLoginName":{ "shape":"String", - "documentation":"

    The user login name for your Amazon QuickSight account.

    " + "documentation":"

    The user login name for your Amazon Quick Sight account.

    " }, "accountName":{ "shape":"String", - "documentation":"

    The name of your Amazon QuickSight account.

    " + "documentation":"

    The name of your Quick Sight account.

    " }, "directoryType":{ "shape":"String", - "documentation":"

    The type of Active Directory that is being used to authenticate the Amazon QuickSight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD.

    " + "documentation":"

    The type of Active Directory that is being used to authenticate the Amazon Quick Sight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD.

    " } }, "documentation":"

    A SignupResponse object that contains a summary of a newly created account.

    " @@ -30548,7 +33921,7 @@ "members":{ "RowLevelPermissionTags":{ "shape":"SessionTagList", - "documentation":"

    The tags to be used for row-level security (RLS). Make sure that the relevant datasets have RLS tags configured before you start a snapshot export job. You can configure the RLS tags of a dataset with a DataSet$RowLevelPermissionTagConfiguration API call.

    These are not the tags that are used for Amazon Web Services resource tagging. For more information on row level security in Amazon QuickSight, see Using Row-Level Security (RLS) with Tagsin the Amazon QuickSight User Guide.

    " + "documentation":"

    The tags to be used for row-level security (RLS). Make sure that the relevant datasets have RLS tags configured before you start a snapshot export job. You can configure the RLS tags of a dataset with a DataSet$RowLevelPermissionTagConfiguration API call.

    These are not the tags that are used for Amazon Web Services resource tagging. For more information on row level security in Amazon Quick Sight, see Using Row-Level Security (RLS) with Tagsin the Amazon Quick Suite User Guide.

    " } }, "documentation":"

    A structure that contains information on the anonymous user configuration.

    " @@ -30848,7 +34221,7 @@ }, "OAuthParameters":{ "shape":"OAuthParameters", - "documentation":"

    An object that contains information needed to create a data source connection between an Amazon QuickSight account and Snowflake.

    " + "documentation":"

    An object that contains information needed to create a data source connection between an Quick Sight account and Snowflake.

    " } }, "documentation":"

    The parameters for Snowflake.

    " @@ -30860,6 +34233,27 @@ "DESC" ] }, + "SourceTable":{ + "type":"structure", + "members":{ + "PhysicalTableId":{ + "shape":"DataSetEntityResourceId", + "documentation":"

    The identifier of the physical table that serves as the data source.

    " + }, + "DataSet":{ + "shape":"ParentDataSet", + "documentation":"

    A parent dataset that serves as the data source instead of a physical table.

    " + } + }, + "documentation":"

    A source table that provides initial data from either a physical table or parent dataset.

    " + }, + "SourceTableMap":{ + "type":"map", + "key":{"shape":"DataSetEntityResourceId"}, + "value":{"shape":"SourceTable"}, + "max":32, + "min":1 + }, "Spacing":{ "type":"structure", "members":{ @@ -30931,7 +34325,8 @@ "SqlQuery":{ "type":"string", "max":168000, - "min":1 + "min":1, + "sensitive":true }, "SqlServerParameters":{ "type":"structure", @@ -30964,7 +34359,7 @@ "documentation":"

    A Boolean option to control whether SSL should be disabled.

    " } }, - "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying data source.

    " + "documentation":"

    Secure Socket Layer (SSL) properties that apply when Quick Sight connects to your underlying data source.

    " }, "StarburstParameters":{ "type":"structure", @@ -31000,7 +34395,7 @@ }, "OAuthParameters":{ "shape":"OAuthParameters", - "documentation":"

    An object that contains information needed to create a data source connection between an Amazon QuickSight account and Starburst.

    " + "documentation":"

    An object that contains information needed to create a data source connection between an Quick Sight account and Starburst.

    " } }, "documentation":"

    The parameters that are required to connect to a Starburst data source.

    " @@ -31119,7 +34514,7 @@ }, "FailureAction":{ "shape":"AssetBundleImportFailureAction", - "documentation":"

    The failure action for the import job.

    If you choose ROLLBACK, failed import jobs will attempt to undo any asset changes caused by the failed job.

    If you choose DO_NOTHING, failed import jobs will not attempt to roll back any asset changes caused by the failed job, possibly keeping the Amazon QuickSight account in an inconsistent state.

    " + "documentation":"

    The failure action for the import job.

    If you choose ROLLBACK, failed import jobs will attempt to undo any asset changes caused by the failed job.

    If you choose DO_NOTHING, failed import jobs will not attempt to roll back any asset changes caused by the failed job, possibly keeping the Amazon Quick Sight account in an inconsistent state.

    " }, "OverridePermissions":{ "shape":"AssetBundleImportJobOverridePermissions", @@ -31185,7 +34580,7 @@ }, "UserConfiguration":{ "shape":"SnapshotUserConfiguration", - "documentation":"

    A structure that contains information about the anonymous users that the generated snapshot is for. This API will not return information about registered Amazon QuickSight.

    " + "documentation":"

    A structure that contains information about the anonymous users that the generated snapshot is for. This API will not return information about registered Amazon Quick Sight.

    " }, "SnapshotConfiguration":{ "shape":"SnapshotConfiguration", @@ -31237,7 +34632,7 @@ }, "ScheduleId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the schedule that you want to start a snapshot job schedule for. The schedule ID can be found in the Amazon QuickSight console in the Schedules pane of the dashboard that the schedule is configured for.

    ", + "documentation":"

    The ID of the schedule that you want to start a snapshot job schedule for. The schedule ID can be found in the Amazon Quick Sight console in the Schedules pane of the dashboard that the schedule is configured for.

    ", "location":"uri", "locationName":"ScheduleId" } @@ -31263,7 +34658,7 @@ "members":{ "Enabled":{ "shape":"Boolean", - "documentation":"

    Determines if a Amazon QuickSight dashboard's state persistence settings are turned on or off.

    " + "documentation":"

    Determines if a Quick Sight dashboard's state persistence settings are turned on or off.

    " } }, "documentation":"

    The state perssitence configuration of an embedded dashboard.

    " @@ -31587,7 +34982,7 @@ "documentation":"

    The HTTP status of a SuccessfulKeyRegistrationEntry entry.

    " } }, - "documentation":"

    A success entry that occurs when a KeyRegistration job is successfully applied to the Amazon QuickSight account.

    " + "documentation":"

    A success entry that occurs when a KeyRegistration job is successfully applied to the Quick Sight account.

    " }, "Suffix":{ "type":"string", @@ -31903,6 +35298,10 @@ "PinnedFieldOptions":{ "shape":"TablePinnedFieldOptions", "documentation":"

    The settings for the pinned columns of a table visual.

    " + }, + "TransposedTableOptions":{ + "shape":"TransposedTableOptionList", + "documentation":"

    The TableOptions of a transposed table.

    " } }, "documentation":"

    The field options of a table visual.

    " @@ -31999,6 +35398,36 @@ }, "documentation":"

    The paginated report options for a table visual.

    " }, + "TablePathElement":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"TablePathElementName", + "documentation":"

    The name of the path element.

    " + }, + "Id":{ + "shape":"TablePathElementId", + "documentation":"

    The unique identifier of the path element.

    " + } + }, + "documentation":"

    An element in the hierarchical path to a table within a data source, containing both name and identifier.

    " + }, + "TablePathElementId":{ + "type":"string", + "max":256, + "min":1 + }, + "TablePathElementList":{ + "type":"list", + "member":{"shape":"TablePathElement"}, + "max":32, + "min":1 + }, + "TablePathElementName":{ + "type":"string", + "max":256, + "min":1 + }, "TablePinnedFieldOptions":{ "type":"structure", "members":{ @@ -32146,7 +35575,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A table visual.

    For more information, see Using tables as visuals in the Amazon QuickSight User Guide.

    " + "documentation":"

    A table visual.

    For more information, see Using tables as visuals in the Amazon Quick Suite User Guide.

    " }, "Tag":{ "type":"structure", @@ -32277,7 +35706,7 @@ "documentation":"

    Time when this was created.

    " } }, - "documentation":"

    A template object. A template is an entity in Amazon QuickSight that encapsulates the metadata required to create an analysis and that you can use to create a dashboard. A template adds a layer of abstraction by using placeholders to replace the dataset associated with an analysis. You can use templates to create dashboards by replacing dataset placeholders with datasets that follow the same schema that was used to create the source analysis and template.

    You can share templates across Amazon Web Services accounts by allowing users in other Amazon Web Services accounts to create a template or a dashboard from an existing template.

    " + "documentation":"

    A template object. A template is an entity in Quick Sight that encapsulates the metadata required to create an analysis and that you can use to create a dashboard. A template adds a layer of abstraction by using placeholders to replace the dataset associated with an analysis. You can use templates to create dashboards by replacing dataset placeholders with datasets that follow the same schema that was used to create the source analysis and template.

    You can share templates across Amazon Web Services accounts by allowing users in other Amazon Web Services accounts to create a template or a dashboard from an existing template.

    " }, "TemplateAlias":{ "type":"structure", @@ -32477,11 +35906,11 @@ }, "ParameterDeclarations":{ "shape":"ParameterDeclarationList", - "documentation":"

    An array of parameter declarations for a template.

    Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    An array of parameter declarations for a template.

    Parameters are named variables that can transfer a value for use by an action or an object.

    For more information, see Parameters in Amazon Quick Sight in the Amazon Quick Suite User Guide.

    " }, "FilterGroups":{ "shape":"FilterGroupList", - "documentation":"

    Filter definitions for a template.

    For more information, see Filtering Data in the Amazon QuickSight User Guide.

    " + "documentation":"

    Filter definitions for a template.

    For more information, see Filtering Data in the Amazon Quick Suite User Guide.

    " }, "ColumnConfigurations":{ "shape":"ColumnConfigurationList", @@ -32577,6 +36006,26 @@ }, "documentation":"

    The display options of a control.

    " }, + "TextBoxInteractionOptions":{ + "type":"structure", + "members":{ + "TextBoxMenuOption":{ + "shape":"TextBoxMenuOption", + "documentation":"

    The menu options for the textbox.

    " + } + }, + "documentation":"

    The general textbox interactions setup for textbox publish options.

    " + }, + "TextBoxMenuOption":{ + "type":"structure", + "members":{ + "AvailabilityStatus":{ + "shape":"DashboardBehavior", + "documentation":"

    The availability status of the textbox menu. If the value of this property is set to ENABLED, dashboard readers can interact with the textbox menu.

    " + } + }, + "documentation":"

    The menu options for the interactions of a textbox.

    " + }, "TextConditionalFormat":{ "type":"structure", "members":{ @@ -32798,7 +36247,7 @@ }, "BaseThemeId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The Amazon QuickSight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Amazon QuickSight theme.

    " + "documentation":"

    The Quick Sight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Quick Sight theme.

    " }, "CreatedTime":{ "shape":"Timestamp", @@ -32868,6 +36317,17 @@ }, "documentation":"

    The options that determine the thousands separator configuration.

    " }, + "ThresholdAlertsConfigurations":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    The threshold alerts configuration for an embedded Quick Sight dashboard.

    " + } + }, + "documentation":"

    The threshold alerts configuration for an embedded Quick Sight dashboard.

    " + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -33093,6 +36553,11 @@ "documentation":"

    The value of a time range filter.

    This is a union type structure. For this structure to be valid, only one of the attributes can be defined.

    " }, "Timestamp":{"type":"timestamp"}, + "Title":{ + "type":"string", + "max":128, + "min":1 + }, "TokenProviderUrl":{ "type":"string", "max":2048, @@ -33618,6 +37083,10 @@ "RelativeDateFilter":{ "shape":"TopicRelativeDateFilter", "documentation":"

    The relative date filter.

    " + }, + "NullFilter":{ + "shape":"TopicNullFilter", + "documentation":"

    The null filter.

    " } }, "documentation":"

    A structure that represents a filter used to select items for a topic.

    " @@ -33944,6 +37413,21 @@ }, "documentation":"

    A structure that represents a named entity.

    " }, + "TopicNullFilter":{ + "type":"structure", + "members":{ + "NullFilterType":{ + "shape":"NullFilterType", + "documentation":"

    The type of the null filter. Valid values for this type are NULLS_ONLY, NON_NULLS_ONLY, and ALL_VALUES.

    " + }, + "Constant":{"shape":"TopicSingularFilterConstant"}, + "Inverse":{ + "shape":"Boolean", + "documentation":"

    A Boolean value that indicates if the filter is inverse.

    " + } + }, + "documentation":"

    The structure that represents a null filter.

    " + }, "TopicNumericEqualityFilter":{ "type":"structure", "members":{ @@ -34431,12 +37915,121 @@ }, "documentation":"

    A data transformation on a logical table. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.

    " }, + "TransformOperationAlias":{ + "type":"string", + "max":64, + "min":1 + }, "TransformOperationList":{ "type":"list", "member":{"shape":"TransformOperation"}, "max":2048, "min":1 }, + "TransformOperationSource":{ + "type":"structure", + "required":["TransformOperationId"], + "members":{ + "TransformOperationId":{ + "shape":"DataSetEntityResourceId", + "documentation":"

    The identifier of the transform operation that provides input data.

    " + }, + "ColumnIdMappings":{ + "shape":"DataSetColumnIdMappingList", + "documentation":"

    The mappings between source column identifiers and target column identifiers for this transformation.

    " + } + }, + "documentation":"

    Specifies the source of data for a transform operation, including the source operation and column mappings.

    " + }, + "TransformStep":{ + "type":"structure", + "members":{ + "ImportTableStep":{ + "shape":"ImportTableOperation", + "documentation":"

    A transform step that brings data from a source table.

    " + }, + "ProjectStep":{"shape":"ProjectOperation"}, + "FiltersStep":{ + "shape":"FiltersOperation", + "documentation":"

    A transform step that applies filter conditions.

    " + }, + "CreateColumnsStep":{"shape":"CreateColumnsOperation"}, + "RenameColumnsStep":{ + "shape":"RenameColumnsOperation", + "documentation":"

    A transform step that changes the names of one or more columns.

    " + }, + "CastColumnTypesStep":{ + "shape":"CastColumnTypesOperation", + "documentation":"

    A transform step that changes the data types of one or more columns.

    " + }, + "JoinStep":{ + "shape":"JoinOperation", + "documentation":"

    A transform step that combines data from two sources based on specified join conditions.

    " + }, + "AggregateStep":{ + "shape":"AggregateOperation", + "documentation":"

    A transform step that groups data and applies aggregation functions to calculate summary values.

    " + }, + "PivotStep":{ + "shape":"PivotOperation", + "documentation":"

    A transform step that converts row values into columns to reshape the data structure.

    " + }, + "UnpivotStep":{ + "shape":"UnpivotOperation", + "documentation":"

    A transform step that converts columns into rows to normalize the data structure.

    " + }, + "AppendStep":{ + "shape":"AppendOperation", + "documentation":"

    A transform step that combines rows from multiple sources by stacking them vertically.

    " + } + }, + "documentation":"

    A step in data preparation that performs a specific operation on the data.

    " + }, + "TransformStepMap":{ + "type":"map", + "key":{"shape":"DataSetEntityResourceId"}, + "value":{"shape":"TransformStep"}, + "max":256, + "min":1 + }, + "TransposedColumnIndex":{ + "type":"integer", + "documentation":"

    The integer value of a column index in the transposed table.

    ", + "max":9999, + "min":0 + }, + "TransposedColumnType":{ + "type":"string", + "enum":[ + "ROW_HEADER_COLUMN", + "VALUE_COLUMN" + ] + }, + "TransposedTableOption":{ + "type":"structure", + "required":["ColumnType"], + "members":{ + "ColumnIndex":{ + "shape":"TransposedColumnIndex", + "documentation":"

    The index of a columns in a transposed table. The index range is 0-9999.

    " + }, + "ColumnWidth":{ + "shape":"PixelLength", + "documentation":"

    The width of a column in a transposed table.

    " + }, + "ColumnType":{ + "shape":"TransposedColumnType", + "documentation":"

    The column type of the column in a transposed table. Choose one of the following options:

    • ROW_HEADER_COLUMN: Refers to the leftmost column of the row header in the transposed table.

    • VALUE_COLUMN: Refers to all value columns in the transposed table.

    " + } + }, + "documentation":"

    The column option of the transposed table.

    " + }, + "TransposedTableOptionList":{ + "type":"list", + "member":{"shape":"TransposedTableOption"}, + "documentation":"

    A list of TransposedTableOption configurations.

    ", + "max":10001 + }, "TreeMapAggregatedFieldWells":{ "type":"structure", "members":{ @@ -34568,7 +38161,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A tree map.

    For more information, see Using tree maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A tree map.

    For more information, see Using tree maps in the Amazon Quick Suite User Guide.

    " }, "TrendArrowOptions":{ "type":"structure", @@ -34708,7 +38301,7 @@ "documentation":"

    The foreground color that applies to any text or other elements that appear over the measure color.

    " } }, - "documentation":"

    The theme colors that apply to UI and to charts, excluding data colors. The colors description is a hexadecimal color code that consists of six alphanumerical characters, prefixed with #, for example #37BFF5. For more information, see Using Themes in Amazon QuickSight in the Amazon QuickSight User Guide.

    " + "documentation":"

    The theme colors that apply to UI and to charts, excluding data colors. The colors description is a hexadecimal color code that consists of six alphanumerical characters, prefixed with #, for example #37BFF5. For more information, see Using Themes in Quick Sight in the Quick Sight User Guide.

    " }, "URLOperationTemplate":{ "type":"string", @@ -34807,6 +38400,49 @@ "type":"string", "documentation":"String based length that is composed of value and unit in px with Integer.MAX_VALUE as maximum value" }, + "UnpivotOperation":{ + "type":"structure", + "required":[ + "Alias", + "Source", + "ColumnsToUnpivot", + "UnpivotedLabelColumnName", + "UnpivotedLabelColumnId", + "UnpivotedValueColumnName", + "UnpivotedValueColumnId" + ], + "members":{ + "Alias":{ + "shape":"TransformOperationAlias", + "documentation":"

    Alias for this operation.

    " + }, + "Source":{ + "shape":"TransformOperationSource", + "documentation":"

    The source transform operation that provides input data for unpivoting.

    " + }, + "ColumnsToUnpivot":{ + "shape":"ColumnToUnpivotList", + "documentation":"

    The list of columns to unpivot from the source data.

    " + }, + "UnpivotedLabelColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name for the new column that will contain the unpivoted column names.

    " + }, + "UnpivotedLabelColumnId":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the new column that will contain the unpivoted column names.

    " + }, + "UnpivotedValueColumnName":{ + "shape":"ColumnName", + "documentation":"

    The name for the new column that will contain the unpivoted values.

    " + }, + "UnpivotedValueColumnId":{ + "shape":"ColumnId", + "documentation":"

    A unique identifier for the new column that will contain the unpivoted values.

    " + } + }, + "documentation":"

    A transform operation that converts columns into rows, normalizing the data structure.

    " + }, "UnsupportedPricingPlanException":{ "type":"structure", "members":{ @@ -34816,7 +38452,7 @@ "documentation":"

    The Amazon Web Services request ID for this request.

    " } }, - "documentation":"

    This error indicates that you are calling an embedding operation in Amazon QuickSight without the required pricing plan on your Amazon Web Services account. Before you can use embedding for anonymous users, a QuickSight administrator needs to add capacity pricing to Amazon QuickSight. You can do this on the Manage Amazon QuickSight page.

    After capacity pricing is added, you can use the GetDashboardEmbedUrl API operation with the --identity-type ANONYMOUS option.

    ", + "documentation":"

    This error indicates that you are calling an embedding operation in Amazon Quick Sight without the required pricing plan on your Amazon Web Services account. Before you can use embedding for anonymous users, a Quick Suite administrator needs to add capacity pricing to Quick Sight. You can do this on the Manage Quick Suite page.

    After capacity pricing is added, you can use the GetDashboardEmbedUrl API operation with the --identity-type ANONYMOUS option.

    ", "error":{"httpStatusCode":403}, "exception":true }, @@ -34829,7 +38465,7 @@ "documentation":"

    The Amazon Web Services request ID for this request.

    " } }, - "documentation":"

    This error indicates that you are calling an operation on an Amazon QuickSight subscription where the edition doesn't include support for that operation. Amazon Amazon QuickSight currently has Standard Edition and Enterprise Edition. Not every operation and capability is available in every edition.

    ", + "documentation":"

    This error indicates that you are calling an operation on an Amazon Quick Suite subscription where the edition doesn't include support for that operation. Amazon Quick Suite currently has Standard Edition and Enterprise Edition. Not every operation and capability is available in every edition.

    ", "error":{"httpStatusCode":403}, "exception":true }, @@ -34886,6 +38522,38 @@ } } }, + "UpdateAccountCustomPermissionRequest":{ + "type":"structure", + "required":[ + "CustomPermissionsName", + "AwsAccountId" + ], + "members":{ + "CustomPermissionsName":{ + "shape":"CustomPermissionsName", + "documentation":"

    The name of the custom permissions profile that you want to apply to an account.

    " + }, + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The ID of the Amazon Web Services account for which you want to apply a custom permissions profile.

    ", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "UpdateAccountCustomPermissionResponse":{ + "type":"structure", + "members":{ + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    " + } + } + }, "UpdateAccountCustomizationRequest":{ "type":"structure", "required":[ @@ -34895,19 +38563,19 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to update Amazon QuickSight customizations for.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to update Quick Sight customizations for.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The namespace that you want to update Amazon QuickSight customizations for.

    ", + "documentation":"

    The namespace that you want to update Quick Sight customizations for.

    ", "location":"querystring", "locationName":"namespace" }, "AccountCustomization":{ "shape":"AccountCustomization", - "documentation":"

    The Amazon QuickSight customizations you're updating in the current Amazon Web Services Region.

    " + "documentation":"

    The Quick Sight customizations you're updating.

    " } } }, @@ -34920,7 +38588,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to update Amazon QuickSight customizations for.

    " + "documentation":"

    The ID for the Amazon Web Services account that you want to update Quick Sight customizations for.

    " }, "Namespace":{ "shape":"Namespace", @@ -34928,7 +38596,7 @@ }, "AccountCustomization":{ "shape":"AccountCustomization", - "documentation":"

    The Amazon QuickSight customizations you're updating in the current Amazon Web Services Region.

    " + "documentation":"

    The Quick Sight customizations you're updating.

    " }, "RequestId":{ "shape":"String", @@ -34950,21 +38618,21 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that contains the Amazon QuickSight settings that you want to list.

    ", + "documentation":"

    The ID for the Amazon Web Services account that contains the Quick Sight settings that you want to list.

    ", "location":"uri", "locationName":"AwsAccountId" }, "DefaultNamespace":{ "shape":"Namespace", - "documentation":"

    The default namespace for this Amazon Web Services account. Currently, the default is default. IAM users that register for the first time with Amazon QuickSight provide an email address that becomes associated with the default namespace.

    " + "documentation":"

    The default namespace for this Amazon Web Services account. Currently, the default is default. IAM users that register for the first time with Amazon Quick Sight provide an email address that becomes associated with the default namespace.

    " }, "NotificationEmail":{ "shape":"String", - "documentation":"

    The email address that you want Amazon QuickSight to send notifications to regarding your Amazon Web Services account or Amazon QuickSight subscription.

    " + "documentation":"

    The email address that you want Quick Sight to send notifications to regarding your Amazon Web Services account or Quick Sight subscription.

    " }, "TerminationProtectionEnabled":{ "shape":"Boolean", - "documentation":"

    A boolean value that determines whether or not an Amazon QuickSight account can be deleted. A True value doesn't allow the account to be deleted and results in an error message if a user tries to make a DeleteAccountSubscription request. A False value will allow the account to be deleted.

    " + "documentation":"

    A boolean value that determines whether or not an Quick Sight account can be deleted. A True value doesn't allow the account to be deleted and results in an error message if a user tries to make a DeleteAccountSubscription request. A False value will allow the account to be deleted.

    " } } }, @@ -34982,6 +38650,126 @@ } } }, + "UpdateActionConnectorPermissionsRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that contains the action connector.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector whose permissions you want to update.

    ", + "location":"uri", + "locationName":"ActionConnectorId" + }, + "GrantPermissions":{ + "shape":"ResourcePermissionList", + "documentation":"

    The permissions to grant to users and groups for this action connector.

    " + }, + "RevokePermissions":{ + "shape":"ResourcePermissionList", + "documentation":"

    The permissions to revoke from users and groups for this action connector.

    " + } + } + }, + "UpdateActionConnectorPermissionsResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + }, + "Permissions":{ + "shape":"ResourcePermissionList", + "documentation":"

    The updated permissions configuration for the action connector.

    " + } + } + }, + "UpdateActionConnectorRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ActionConnectorId", + "Name", + "AuthenticationConfig" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

    The Amazon Web Services account ID that contains the action connector to update.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the action connector to update.

    ", + "location":"uri", + "locationName":"ActionConnectorId" + }, + "Name":{ + "shape":"ActionConnectorName", + "documentation":"

    The new name for the action connector.

    " + }, + "AuthenticationConfig":{ + "shape":"AuthConfig", + "documentation":"

    The updated authentication configuration for connecting to the external service.

    " + }, + "Description":{ + "shape":"ActionConnectorDescription", + "documentation":"

    The updated description of the action connector.

    " + }, + "VpcConnectionArn":{ + "shape":"Arn", + "documentation":"

    The updated ARN of the VPC connection to use for secure connectivity.

    " + } + } + }, + "UpdateActionConnectorResponse":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the updated action connector.

    " + }, + "ActionConnectorId":{ + "shape":"ShortRestrictiveResourceId", + "documentation":"

    The unique identifier of the updated action connector.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "UpdateStatus":{ + "shape":"ResourceStatus", + "documentation":"

    The status of the update operation.

    " + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status code of the request.

    ", + "location":"statusCode" + } + } + }, "UpdateAnalysisPermissionsRequest":{ "type":"structure", "required":[ @@ -35059,7 +38847,7 @@ }, "Name":{ "shape":"AnalysisName", - "documentation":"

    A descriptive name for the analysis that you're updating. This name displays for the analysis in the Amazon QuickSight console.

    " + "documentation":"

    A descriptive name for the analysis that you're updating. This name displays for the analysis in the Amazon Quick Sight console.

    " }, "Parameters":{ "shape":"Parameters", @@ -35071,7 +38859,7 @@ }, "ThemeArn":{ "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) for the theme to apply to the analysis that you're creating. To see the theme in the Amazon QuickSight console, make sure that you have access to it.

    " + "documentation":"

    The Amazon Resource Name (ARN) for the theme to apply to the analysis that you're creating. To see the theme in the Amazon Quick Sight console, make sure that you have access to it.

    " }, "Definition":{ "shape":"AnalysisDefinition", @@ -35124,7 +38912,7 @@ }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The namespace of the Amazon QuickSight application.

    ", + "documentation":"

    The namespace of the Quick Suite application.

    ", "location":"querystring", "locationName":"namespace" } @@ -35192,7 +38980,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" }, @@ -35230,7 +39018,7 @@ }, "BrandId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The ID of the Amazon QuickSight brand.

    ", + "documentation":"

    The ID of the Quick Suite brand.

    ", "location":"uri", "locationName":"BrandId" }, @@ -35410,7 +39198,7 @@ }, "LinkSharingConfiguration":{ "shape":"LinkSharingConfiguration", - "documentation":"

    Updates the permissions of a shared link to an Amazon QuickSight dashboard.

    " + "documentation":"

    Updates the permissions of a shared link to an Quick Sight dashboard.

    " } } }, @@ -35490,7 +39278,7 @@ }, "SourceEntity":{ "shape":"DashboardSourceEntity", - "documentation":"

    The entity that you are using as a source when you update the dashboard. In SourceEntity, you specify the type of object you're using as source. You can only update a dashboard from a template, so you use a SourceTemplate entity. If you need to update a dashboard from an analysis, first convert the analysis to a template by using the CreateTemplate API operation. For SourceTemplate, specify the Amazon Resource Name (ARN) of the source template. The SourceTemplate ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    " + "documentation":"

    The entity that you are using as a source when you update the dashboard. In SourceEntity, you specify the type of object you're using as source. You can only update a dashboard from a template, so you use a SourceTemplate entity. If you need to update a dashboard from an analysis, first convert the analysis to a template by using the CreateTemplate API operation. For SourceTemplate, specify the Amazon Resource Name (ARN) of the source template. The SourceTemplate ARN can contain any Amazon Web Services account and any Amazon Quick Sight-supported Amazon Web Services Region.

    Use the DataSetReferences entity within SourceTemplate to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    " }, "Parameters":{ "shape":"Parameters", @@ -35502,7 +39290,7 @@ }, "DashboardPublishOptions":{ "shape":"DashboardPublishOptions", - "documentation":"

    Options for publishing the dashboard when you create it:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    " + "documentation":"

    Options for publishing the dashboard when you create it:

    • AvailabilityStatus for AdHocFilteringOption - This status can be either ENABLED or DISABLED. When this is set to DISABLED, Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is ENABLED by default.

    • AvailabilityStatus for ExportToCSVOption - This status can be either ENABLED or DISABLED. The visual option to export data to .CSV format isn't enabled when this is set to DISABLED. This option is ENABLED by default.

    • VisibilityState for SheetControlsOption - This visibility state can be either COLLAPSED or EXPANDED. This option is COLLAPSED by default.

    • AvailabilityStatus for QuickSuiteActionsOption - This status can be either ENABLED or DISABLED. Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to DISABLED. This option is DISABLED by default.

    • AvailabilityStatus for ExecutiveSummaryOption - This status can be either ENABLED or DISABLED. The option to build an executive summary is disabled when this is set to DISABLED. This option is ENABLED by default.

    • AvailabilityStatus for DataStoriesSharingOption - This status can be either ENABLED or DISABLED. The option to share a data story is disabled when this is set to DISABLED. This option is ENABLED by default.

    " }, "ThemeArn":{ "shape":"Arn", @@ -35667,7 +39455,10 @@ }, "LogicalTableMap":{ "shape":"LogicalTableMap", - "documentation":"

    Configures the combination and transformation of the data from the physical tables.

    " + "documentation":"

    Configures the combination and transformation of the data from the physical tables. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "ImportMode":{ "shape":"DataSetImportMode", @@ -35675,7 +39466,7 @@ }, "ColumnGroups":{ "shape":"ColumnGroupList", - "documentation":"

    Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

    " + "documentation":"

    Groupings of columns that work together in certain Amazon Quick Sight features. Currently, only geospatial hierarchy is supported.

    " }, "FieldFolders":{ "shape":"FieldFolderMap", @@ -35683,11 +39474,17 @@ }, "RowLevelPermissionDataSet":{ "shape":"RowLevelPermissionDataSet", - "documentation":"

    The row-level security configuration for the data you want to create.

    " + "documentation":"

    The row-level security configuration for the data you want to create. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "RowLevelPermissionTagConfiguration":{ "shape":"RowLevelPermissionTagConfiguration", - "documentation":"

    The configuration of tags on a dataset to set row-level security. Row-level security tags are currently supported for anonymous embedding only.

    " + "documentation":"

    The configuration of tags on a dataset to set row-level security. Row-level security tags are currently supported for anonymous embedding only. This parameter is used with the legacy data preparation experience.

    ", + "deprecated":true, + "deprecatedMessage":"Only used in the legacy data preparation experience.", + "deprecatedSince":"2025-10-23" }, "ColumnLevelPermissionRules":{ "shape":"ColumnLevelPermissionRuleList", @@ -35701,6 +39498,14 @@ "PerformanceConfiguration":{ "shape":"PerformanceConfiguration", "documentation":"

    The configuration for the performance optimization of the dataset that contains a UniqueKey configuration.

    " + }, + "DataPrepConfiguration":{ + "shape":"DataPrepConfiguration", + "documentation":"

    The data preparation configuration for the dataset. This configuration defines the source tables, transformation steps, and destination tables used to prepare the data. Required when using the new data preparation experience.

    " + }, + "SemanticModelConfiguration":{ + "shape":"SemanticModelConfiguration", + "documentation":"

    The semantic model configuration for the dataset. This configuration defines how the prepared data is structured for an analysis, including table mappings and row-level security configurations. Required when using the new data preparation experience.

    " } } }, @@ -35713,7 +39518,7 @@ }, "DataSetId":{ "shape":"ResourceId", - "documentation":"

    The ID for the dataset that you want to create. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " + "documentation":"

    The ID for the dataset that you want to update. This ID is unique per Amazon Web Services Region for each Amazon Web Services account.

    " }, "IngestionArn":{ "shape":"Arn", @@ -35811,19 +39616,19 @@ }, "DataSourceParameters":{ "shape":"DataSourceParameters", - "documentation":"

    The parameters that Amazon QuickSight uses to connect to your underlying source.

    " + "documentation":"

    The parameters that Amazon Quick Sight uses to connect to your underlying source.

    " }, "Credentials":{ "shape":"DataSourceCredentials", - "documentation":"

    The credentials that Amazon QuickSight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.

    " + "documentation":"

    The credentials that Amazon Quick Sight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.

    " }, "VpcConnectionProperties":{ "shape":"VpcConnectionProperties", - "documentation":"

    Use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source.

    " + "documentation":"

    Use this parameter only when you want Amazon Quick Sight to use a VPC connection when connecting to your underlying source.

    " }, "SslProperties":{ "shape":"SslProperties", - "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.

    " + "documentation":"

    Secure Socket Layer (SSL) properties that apply when Amazon Quick Sight connects to your underlying source.

    " } } }, @@ -35862,13 +39667,13 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon QuickSight account that is connected to the Amazon Q Business application that you want to update.

    ", + "documentation":"

    The ID of the Quick Sight account that is connected to the Amazon Q Business application that you want to update.

    ", "location":"uri", "locationName":"AwsAccountId" }, "Namespace":{ "shape":"Namespace", - "documentation":"

    The Amazon QuickSight namespace that contains the linked Amazon Q Business application. If this field is left blank, the default namespace is used. Currently, the default namespace is the only valid value for this parameter.

    ", + "documentation":"

    The Quick Sight namespace that contains the linked Amazon Q Business application. If this field is left blank, the default namespace is used. Currently, the default namespace is the only valid value for this parameter.

    ", "location":"querystring", "locationName":"namespace" }, @@ -35892,6 +39697,79 @@ } } }, + "UpdateFlowPermissionsInput":{ + "type":"structure", + "required":[ + "AwsAccountId", + "FlowId" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that contains the flow you are updating permissions against.

    ", + "location":"uri", + "locationName":"AwsAccountId" + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow to update permissions for.

    ", + "location":"uri", + "locationName":"FlowId" + }, + "GrantPermissions":{ + "shape":"UpdateFlowPermissionsInputGrantPermissionsList", + "documentation":"

    The permissions that you want to grant on this flow.

    " + }, + "RevokePermissions":{ + "shape":"UpdateFlowPermissionsInputRevokePermissionsList", + "documentation":"

    The permissions that you want to revoke from this flow.

    " + } + } + }, + "UpdateFlowPermissionsInputGrantPermissionsList":{ + "type":"list", + "member":{"shape":"Permission"}, + "max":100, + "min":0 + }, + "UpdateFlowPermissionsInputRevokePermissionsList":{ + "type":"list", + "member":{"shape":"Permission"}, + "max":100, + "min":0 + }, + "UpdateFlowPermissionsOutput":{ + "type":"structure", + "required":[ + "Arn", + "Permissions", + "RequestId", + "FlowId" + ], + "members":{ + "Status":{ + "shape":"StatusCode", + "documentation":"

    The HTTP status of the request.

    ", + "location":"statusCode" + }, + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the flow you are updating permissions against.

    " + }, + "Permissions":{ + "shape":"PermissionsList", + "documentation":"

    The permissions on the flow after they are updated.

    " + }, + "RequestId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services request ID for this operation.

    " + }, + "FlowId":{ + "shape":"FlowId", + "documentation":"

    The unique identifier of the flow with updated permissions.

    " + } + } + }, "UpdateFolderPermissionsRequest":{ "type":"structure", "required":[ @@ -36014,7 +39892,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the group is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -36076,11 +39954,11 @@ }, "PolicyArn":{ "shape":"Arn", - "documentation":"

    The ARN for the IAM policy to apply to the Amazon QuickSight users and groups specified in this assignment.

    " + "documentation":"

    The ARN for the IAM policy to apply to the Amazon Quick Sight users and groups specified in this assignment.

    " }, "Identities":{ "shape":"IdentityMap", - "documentation":"

    The Amazon QuickSight users, groups, or both that you want to assign the policy to.

    " + "documentation":"

    The Amazon Quick Sight users, groups, or both that you want to assign the policy to.

    " } } }, @@ -36097,11 +39975,11 @@ }, "PolicyArn":{ "shape":"Arn", - "documentation":"

    The ARN for the IAM policy applied to the Amazon QuickSight users and groups specified in this assignment.

    " + "documentation":"

    The ARN for the IAM policy applied to the Amazon Quick Sight users and groups specified in this assignment.

    " }, "Identities":{ "shape":"IdentityMap", - "documentation":"

    The Amazon QuickSight users, groups, or both that the IAM policy is assigned to.

    " + "documentation":"

    The Amazon Quick Sight users, groups, or both that the IAM policy is assigned to.

    " }, "AssignmentStatus":{ "shape":"AssignmentStatus", @@ -36218,7 +40096,7 @@ }, "KeyRegistration":{ "shape":"KeyRegistration", - "documentation":"

    A list of RegisteredCustomerManagedKey objects to be updated to the Amazon QuickSight account.

    " + "documentation":"

    A list of RegisteredCustomerManagedKey objects to be updated to the Quick Sight account.

    " } } }, @@ -36250,13 +40128,13 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The Amazon Web Services account ID associated with your Amazon QuickSight subscription.

    ", + "documentation":"

    The Amazon Web Services account ID associated with your Amazon Quick Sight subscription.

    ", "location":"uri", "locationName":"AwsAccountId" }, "PublicSharingEnabled":{ "shape":"Boolean", - "documentation":"

    A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account.

    " + "documentation":"

    A Boolean value that indicates whether public sharing is turned on for an Quick Suite account.

    " } } }, @@ -36289,7 +40167,7 @@ }, "PersonalizationMode":{ "shape":"PersonalizationMode", - "documentation":"

    An option to allow Amazon QuickSight to customize data stories with user specific metadata, specifically location and job information, in your IAM Identity Center instance.

    " + "documentation":"

    An option to allow Amazon Quick Sight to customize data stories with user specific metadata, specifically location and job information, in your IAM Identity Center instance.

    " } } }, @@ -36320,13 +40198,13 @@ "members":{ "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID of the Amazon Web Services account that contains the Amazon QuickSight Q Search configuration that you want to update.

    ", + "documentation":"

    The ID of the Amazon Web Services account that contains the Quick Sight Q Search configuration that you want to update.

    ", "location":"uri", "locationName":"AwsAccountId" }, "QSearchStatus":{ "shape":"QSearchStatus", - "documentation":"

    The status of the Amazon QuickSight Q Search configuration that the user wants to update.

    " + "documentation":"

    The status of the Quick Sight Q Search configuration that the user wants to update.

    " } } }, @@ -36335,7 +40213,7 @@ "members":{ "QSearchStatus":{ "shape":"QSearchStatus", - "documentation":"

    The status of the Amazon QuickSight Q Search configuration.

    " + "documentation":"

    The status of the Quick Sight Q Search configuration.

    " }, "RequestId":{ "shape":"String", @@ -36422,7 +40300,7 @@ }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that you want to create a group in. The Amazon Web Services account ID that you provide must be the same Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -36607,7 +40485,7 @@ }, "SourceEntity":{ "shape":"TemplateSourceEntity", - "documentation":"

    The entity that you are using as a source when you update the template. In SourceEntity, you specify the type of object you're using as source: SourceTemplate for a template or SourceAnalysis for an analysis. Both of these require an Amazon Resource Name (ARN). For SourceTemplate, specify the ARN of the source template. For SourceAnalysis, specify the ARN of the source analysis. The SourceTemplate ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region;.

    Use the DataSetReferences entity within SourceTemplate or SourceAnalysis to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    " + "documentation":"

    The entity that you are using as a source when you update the template. In SourceEntity, you specify the type of object you're using as source: SourceTemplate for a template or SourceAnalysis for an analysis. Both of these require an Amazon Resource Name (ARN). For SourceTemplate, specify the ARN of the source template. For SourceAnalysis, specify the ARN of the source analysis. The SourceTemplate ARN can contain any Amazon Web Services account and any Quick Sight-supported Amazon Web Services Region;.

    Use the DataSetReferences entity within SourceTemplate or SourceAnalysis to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.

    " }, "VersionDescription":{ "shape":"VersionDescription", @@ -36789,7 +40667,7 @@ }, "BaseThemeId":{ "shape":"ShortRestrictiveResourceId", - "documentation":"

    The theme ID, defined by Amazon QuickSight, that a custom theme inherits from. All themes initially inherit from a default Amazon QuickSight theme.

    " + "documentation":"

    The theme ID, defined by Amazon Quick Sight, that a custom theme inherits from. All themes initially inherit from a default Quick Sight theme.

    " }, "VersionDescription":{ "shape":"VersionDescription", @@ -36968,6 +40846,10 @@ "Topic":{ "shape":"TopicDetails", "documentation":"

    The definition of the topic that you want to update.

    " + }, + "CustomInstructions":{ + "shape":"CustomInstructions", + "documentation":"

    Custom instructions for the topic.

    " } } }, @@ -37056,13 +40938,13 @@ "members":{ "UserName":{ "shape":"UserName", - "documentation":"

    The Amazon QuickSight user name that you want to update.

    ", + "documentation":"

    The Amazon Quick Sight user name that you want to update.

    ", "location":"uri", "locationName":"UserName" }, "AwsAccountId":{ "shape":"AwsAccountId", - "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon QuickSight account.

    ", + "documentation":"

    The ID for the Amazon Web Services account that the user is in. Currently, you use the ID for the Amazon Web Services account that contains your Amazon Quick Sight account.

    ", "location":"uri", "locationName":"AwsAccountId" }, @@ -37078,11 +40960,11 @@ }, "Role":{ "shape":"UserRole", - "documentation":"

    The Amazon QuickSight role of the user. The role can be one of the following default security cohorts:

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon QuickSight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Amazon QuickSight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Amazon QuickSight administrative settings. Admin Pro users are billed at Author Pro pricing.

    The name of the Amazon QuickSight role is invisible to the user except for the console screens dealing with permissions.

    " + "documentation":"

    The Amazon Quick Sight role of the user. The role can be one of the following default security cohorts:

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon Quick Sight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Quick Sight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Amazon Quick Sight administrative settings. Admin Pro users are billed at Author Pro pricing.

    The name of the Quick Sight role is invisible to the user except for the console screens dealing with permissions.

    " }, "CustomPermissionsName":{ "shape":"RoleName", - "documentation":"

    (Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

    • Create and update data sources

    • Create and update datasets

    • Create and update email reports

    • Subscribe to email reports

    A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Amazon QuickSight user.

    Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).

    This feature is available only to Amazon QuickSight Enterprise edition subscriptions.

    " + "documentation":"

    (Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:

    • Create and update data sources

    • Create and update datasets

    • Create and update email reports

    • Subscribe to email reports

    A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Quick Sight console. Then, you use the RegisterUser API operation to assign the named set of permissions to a Quick Sight user.

    Quick Sight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Quick Sight users to one of the default security cohorts in Quick Sight (admin, author, reader).

    This feature is available only to Quick Sight Enterprise edition subscriptions.

    " }, "UnapplyCustomPermissions":{ "shape":"Boolean", @@ -37090,11 +40972,11 @@ }, "ExternalLoginFederationProviderType":{ "shape":"String", - "documentation":"

    The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

    • NONE: This clears all the previously saved external login information for a user. Use the DescribeUser API operation to check the external login information.

    " + "documentation":"

    The type of supported external login provider that provides identity to let a user federate into Quick Sight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the COGNITO provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider. When choosing CUSTOM_OIDC type, use the CustomFederationProviderUrl parameter to provide the custom OIDC provider URL.

    • NONE: This clears all the previously saved external login information for a user. Use the DescribeUser API operation to check the external login information.

    " }, "CustomFederationProviderUrl":{ "shape":"String", - "documentation":"

    The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

    " + "documentation":"

    The URL of the custom OpenID Connect (OIDC) provider that provides identity to let a user federate into Quick Sight with an associated Identity and Access Management(IAM) role. This parameter should only be used when ExternalLoginFederationProviderType parameter is set to CUSTOM_OIDC.

    " }, "ExternalLoginId":{ "shape":"String", @@ -37107,7 +40989,7 @@ "members":{ "User":{ "shape":"User", - "documentation":"

    The Amazon QuickSight user.

    " + "documentation":"

    The Amazon Quick Sight user.

    " }, "RequestId":{ "shape":"String", @@ -37219,6 +41101,10 @@ "Delimiter":{ "shape":"Delimiter", "documentation":"

    The delimiter between values in the file.

    " + }, + "CustomCellAddressRange":{ + "shape":"String", + "documentation":"

    A custom cell address range for Excel files, specifying which cells to import from the spreadsheet.

    " } }, "documentation":"

    Information about the format for a source file or files.

    " @@ -37232,7 +41118,7 @@ }, "UserName":{ "shape":"UserName", - "documentation":"

    The user's user name. This value is required if you are registering a user that will be managed in Amazon QuickSight. In the output, the value for UserName is N/A when the value for IdentityType is IAM and the corresponding IAM user is deleted.

    " + "documentation":"

    The user's user name. This value is required if you are registering a user that will be managed in Quick Sight. In the output, the value for UserName is N/A when the value for IdentityType is IAM and the corresponding IAM user is deleted.

    " }, "Email":{ "shape":"String", @@ -37240,7 +41126,7 @@ }, "Role":{ "shape":"UserRole", - "documentation":"

    The Amazon QuickSight role for the user. The user role can be one of the following:.

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon Amazon QuickSight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Amazon QuickSight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Amazon QuickSight administrative settings. Admin Pro users are billed at Author Pro pricing.

    • RESTRICTED_READER: This role isn't currently available for use.

    • RESTRICTED_AUTHOR: This role isn't currently available for use.

    " + "documentation":"

    The Quick Sight role for the user. The user role can be one of the following:.

    • READER: A user who has read-only access to dashboards.

    • AUTHOR: A user who can create data sources, datasets, analyses, and dashboards.

    • ADMIN: A user who is an author, who can also manage Amazon Quick Sight settings.

    • READER_PRO: Reader Pro adds Generative BI capabilities to the Reader role. Reader Pros have access to Amazon Q in Quick Sight, can build stories with Amazon Q, and can generate executive summaries from dashboards.

    • AUTHOR_PRO: Author Pro adds Generative BI capabilities to the Author role. Author Pros can author dashboards with natural language with Amazon Q, build stories with Amazon Q, create Topics for Q&A, and generate executive summaries from dashboards.

    • ADMIN_PRO: Admin Pros are Author Pros who can also manage Quick Sight administrative settings. Admin Pro users are billed at Author Pro pricing.

    • RESTRICTED_READER: This role isn't currently available for use.

    • RESTRICTED_AUTHOR: This role isn't currently available for use.

    " }, "IdentityType":{ "shape":"IdentityType", @@ -37248,7 +41134,7 @@ }, "Active":{ "shape":"Boolean", - "documentation":"

    The active status of user. When you create an Amazon QuickSight user that's not an IAM user or an Active Directory user, that user is inactive until they sign in and provide a password.

    " + "documentation":"

    The active status of user. When you create an Quick Sight user that's not an IAM user or an Active Directory user, that user is inactive until they sign in and provide a password.

    " }, "PrincipalId":{ "shape":"String", @@ -37260,7 +41146,7 @@ }, "ExternalLoginFederationProviderType":{ "shape":"String", - "documentation":"

    The type of supported external login provider that provides identity to let the user federate into Amazon QuickSight with an associated IAM role. The type can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider.

    " + "documentation":"

    The type of supported external login provider that provides identity to let the user federate into Quick Sight with an associated IAM role. The type can be one of the following.

    • COGNITO: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com.

    • CUSTOM_OIDC: Custom OpenID Connect (OIDC) provider.

    " }, "ExternalLoginFederationProviderUrl":{ "shape":"String", @@ -37271,7 +41157,7 @@ "documentation":"

    The identity ID for the user in the external login provider.

    " } }, - "documentation":"

    A registered user of Amazon QuickSight.

    " + "documentation":"

    A registered user of Quick Sight.

    " }, "UserList":{ "type":"list", @@ -37458,6 +41344,16 @@ "LENIENT" ] }, + "ValueColumnConfiguration":{ + "type":"structure", + "members":{ + "AggregationFunction":{ + "shape":"DataPrepAggregationFunction", + "documentation":"

    The aggregation function to apply when multiple values map to the same pivoted cell.

    " + } + }, + "documentation":"

    Configuration for how to handle value columns in pivot operations, including aggregation settings.

    " + }, "ValueWhenUnsetOption":{ "type":"string", "enum":[ @@ -37515,47 +41411,47 @@ "members":{ "TableVisual":{ "shape":"TableVisual", - "documentation":"

    A table visual.

    For more information, see Using tables as visuals in the Amazon QuickSight User Guide.

    " + "documentation":"

    A table visual.

    For more information, see Using tables as visuals in the Amazon Quick Suite User Guide.

    " }, "PivotTableVisual":{ "shape":"PivotTableVisual", - "documentation":"

    A pivot table.

    For more information, see Using pivot tables in the Amazon QuickSight User Guide.

    " + "documentation":"

    A pivot table.

    For more information, see Using pivot tables in the Amazon Quick Suite User Guide.

    " }, "BarChartVisual":{ "shape":"BarChartVisual", - "documentation":"

    A bar chart.

    For more information, see Using bar charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A bar chart.

    For more information, see Using bar charts in the Amazon Quick Suite User Guide.

    " }, "KPIVisual":{ "shape":"KPIVisual", - "documentation":"

    A key performance indicator (KPI).

    For more information, see Using KPIs in the Amazon QuickSight User Guide.

    " + "documentation":"

    A key performance indicator (KPI).

    For more information, see Using KPIs in the Amazon Quick Suite User Guide.

    " }, "PieChartVisual":{ "shape":"PieChartVisual", - "documentation":"

    A pie or donut chart.

    For more information, see Using pie charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A pie or donut chart.

    For more information, see Using pie charts in the Amazon Quick Suite User Guide.

    " }, "GaugeChartVisual":{ "shape":"GaugeChartVisual", - "documentation":"

    A gauge chart.

    For more information, see Using gauge charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A gauge chart.

    For more information, see Using gauge charts in the Amazon Quick Suite User Guide.

    " }, "LineChartVisual":{ "shape":"LineChartVisual", - "documentation":"

    A line chart.

    For more information, see Using line charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A line chart.

    For more information, see Using line charts in the Amazon Quick Suite User Guide.

    " }, "HeatMapVisual":{ "shape":"HeatMapVisual", - "documentation":"

    A heat map.

    For more information, see Using heat maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A heat map.

    For more information, see Using heat maps in the Amazon Quick Suite User Guide.

    " }, "TreeMapVisual":{ "shape":"TreeMapVisual", - "documentation":"

    A tree map.

    For more information, see Using tree maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A tree map.

    For more information, see Using tree maps in the Amazon Quick Suite User Guide.

    " }, "GeospatialMapVisual":{ "shape":"GeospatialMapVisual", - "documentation":"

    A geospatial map or a points on map visual.

    For more information, see Creating point maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A geospatial map or a points on map visual.

    For more information, see Creating point maps in the Amazon Quick Suite User Guide.

    " }, "FilledMapVisual":{ "shape":"FilledMapVisual", - "documentation":"

    A filled map.

    For more information, see Creating filled maps in the Amazon QuickSight User Guide.

    " + "documentation":"

    A filled map.

    For more information, see Creating filled maps in the Amazon Quick Suite User Guide.

    " }, "LayerMapVisual":{ "shape":"LayerMapVisual", @@ -37563,43 +41459,43 @@ }, "FunnelChartVisual":{ "shape":"FunnelChartVisual", - "documentation":"

    A funnel chart.

    For more information, see Using funnel charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A funnel chart.

    For more information, see Using funnel charts in the Amazon Quick Suite User Guide.

    " }, "ScatterPlotVisual":{ "shape":"ScatterPlotVisual", - "documentation":"

    A scatter plot.

    For more information, see Using scatter plots in the Amazon QuickSight User Guide.

    " + "documentation":"

    A scatter plot.

    For more information, see Using scatter plots in the Amazon Quick Suite User Guide.

    " }, "ComboChartVisual":{ "shape":"ComboChartVisual", - "documentation":"

    A combo chart.

    For more information, see Using combo charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A combo chart.

    For more information, see Using combo charts in the Amazon Quick Suite User Guide.

    " }, "BoxPlotVisual":{ "shape":"BoxPlotVisual", - "documentation":"

    A box plot.

    For more information, see Using box plots in the Amazon QuickSight User Guide.

    " + "documentation":"

    A box plot.

    For more information, see Using box plots in the Amazon Quick Suite User Guide.

    " }, "WaterfallVisual":{ "shape":"WaterfallVisual", - "documentation":"

    A waterfall chart.

    For more information, see Using waterfall charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A waterfall chart.

    For more information, see Using waterfall charts in the Amazon Quick Suite User Guide.

    " }, "HistogramVisual":{ "shape":"HistogramVisual", - "documentation":"

    A histogram.

    For more information, see Using histograms in the Amazon QuickSight User Guide.

    " + "documentation":"

    A histogram.

    For more information, see Using histograms in the Amazon Quick Suite User Guide.

    " }, "WordCloudVisual":{ "shape":"WordCloudVisual", - "documentation":"

    A word cloud.

    For more information, see Using word clouds in the Amazon QuickSight User Guide.

    " + "documentation":"

    A word cloud.

    For more information, see Using word clouds in the Amazon Quick Suite User Guide.

    " }, "InsightVisual":{ "shape":"InsightVisual", - "documentation":"

    An insight visual.

    For more information, see Working with insights in the Amazon QuickSight User Guide.

    " + "documentation":"

    An insight visual.

    For more information, see Working with insights in the Amazon Quick Suite User Guide.

    " }, "SankeyDiagramVisual":{ "shape":"SankeyDiagramVisual", - "documentation":"

    A sankey diagram.

    For more information, see Using Sankey diagrams in the Amazon QuickSight User Guide.

    " + "documentation":"

    A sankey diagram.

    For more information, see Using Sankey diagrams in the Amazon Quick Suite User Guide.

    " }, "CustomContentVisual":{ "shape":"CustomContentVisual", - "documentation":"

    A visual that contains custom content.

    For more information, see Using custom visual content in the Amazon QuickSight User Guide.

    " + "documentation":"

    A visual that contains custom content.

    For more information, see Using custom visual content in the Amazon Quick Suite User Guide.

    " }, "EmptyVisual":{ "shape":"EmptyVisual", @@ -37607,7 +41503,7 @@ }, "RadarChartVisual":{ "shape":"RadarChartVisual", - "documentation":"

    A radar chart visual.

    For more information, see Using radar charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A radar chart visual.

    For more information, see Using radar charts in the Amazon Quick Suite User Guide.

    " }, "PluginVisual":{ "shape":"PluginVisual", @@ -37658,6 +41554,16 @@ }, "documentation":"

    A custom action defined on a visual.

    " }, + "VisualCustomActionDefaults":{ + "type":"structure", + "members":{ + "highlightOperation":{ + "shape":"VisualHighlightOperation", + "documentation":"

    A list of highlight operations available for visuals in an analysis or sheet.

    " + } + }, + "documentation":"

    A list of custom actions applied to visuals in an analysis or sheet.

    " + }, "VisualCustomActionList":{ "type":"list", "member":{"shape":"VisualCustomAction"}, @@ -37703,6 +41609,25 @@ "DATA_POINT_MENU" ] }, + "VisualHighlightOperation":{ + "type":"structure", + "required":["Trigger"], + "members":{ + "Trigger":{ + "shape":"VisualHighlightTrigger", + "documentation":"

    Specifies whether a highlight operation is initiated by a click or hover, or whether it's disabled.

    " + } + }, + "documentation":"

    Defines what initiates a highlight operation on a visual, such as a click or hover.

    " + }, + "VisualHighlightTrigger":{ + "type":"string", + "enum":[ + "DATA_POINT_CLICK", + "DATA_POINT_HOVER", + "NONE" + ] + }, "VisualInteractionOptions":{ "type":"structure", "members":{ @@ -38018,7 +41943,73 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A waterfall chart.

    For more information, see Using waterfall charts in the Amazon QuickSight User Guide.

    " + "documentation":"

    A waterfall chart.

    For more information, see Using waterfall charts in the Amazon Quick Suite User Guide.

    " + }, + "WebCrawlerAuthType":{ + "type":"string", + "enum":[ + "NO_AUTH", + "BASIC_AUTH", + "FORM", + "SAML" + ] + }, + "WebCrawlerParameters":{ + "type":"structure", + "required":["WebCrawlerAuthType"], + "members":{ + "WebCrawlerAuthType":{ + "shape":"WebCrawlerAuthType", + "documentation":"

    The authentication type for the web crawler. The type can be one of the following:

    • NO_AUTH: No authentication required.

    • BASIC_AUTH: Basic authentication using username and password.

    • SAML: SAML-based authentication.

    • FORM: Form-based authentication.

    " + }, + "UsernameFieldXpath":{ + "shape":"XpathFields", + "documentation":"

    The XPath expression for locating the username field on the login page.

    " + }, + "PasswordFieldXpath":{ + "shape":"XpathFields", + "documentation":"

    The XPath expression for locating the password field on the login page.

    " + }, + "UsernameButtonXpath":{ + "shape":"XpathFields", + "documentation":"

    The XPath expression for locating the username submit button on the login page.

    " + }, + "PasswordButtonXpath":{ + "shape":"XpathFields", + "documentation":"

    The XPath expression for locating the password submit button on the login page.

    " + }, + "LoginPageUrl":{ + "shape":"SiteBaseUrl", + "documentation":"

    The URL of the login page for the web crawler to authenticate.

    " + }, + "WebProxyHostName":{ + "shape":"Host", + "documentation":"

    The hostname of the web proxy server for the web crawler.

    " + }, + "WebProxyPortNumber":{ + "shape":"OptionalPort", + "documentation":"

    The port number of the web proxy server for the web crawler.

    " + } + }, + "documentation":"

    The parameters for a web crawler data source.

    " + }, + "WebProxyCredentials":{ + "type":"structure", + "required":[ + "WebProxyUsername", + "WebProxyPassword" + ], + "members":{ + "WebProxyUsername":{ + "shape":"DbUsername", + "documentation":"

    The username for authenticating with the web proxy server.

    " + }, + "WebProxyPassword":{ + "shape":"Password", + "documentation":"

    The password for authenticating with the web proxy server.

    " + } + }, + "documentation":"

    The credentials for authenticating with a web proxy server.

    " }, "WhatIfPointScenario":{ "type":"structure", @@ -38217,7 +42208,7 @@ "documentation":"

    The alt text for the visual.

    " } }, - "documentation":"

    A word cloud.

    For more information, see Using word clouds in the Amazon QuickSight User Guide.

    " + "documentation":"

    A word cloud.

    For more information, see Using word clouds in the Amazon Quick Suite User Guide.

    " }, "WordCloudWordCasing":{ "type":"string", @@ -38254,6 +42245,11 @@ "max":128, "min":1 }, + "XpathFields":{ + "type":"string", + "max":1024, + "min":1 + }, "YAxisOptions":{ "type":"structure", "required":["YAxis"], @@ -38267,5 +42263,5 @@ }, "boolean":{"type":"boolean"} }, - "documentation":"Amazon QuickSight API Reference

    Amazon QuickSight is a fully managed, serverless business intelligence service for the Amazon Web Services Cloud that makes it easy to extend data and insights to every user in your organization. This API reference contains documentation for a programming interface that you can use to manage Amazon QuickSight.

    " + "documentation":"Amazon Quick Suite API Reference

    Amazon Quick Sight is a fully managed, serverless business intelligence service for the Amazon Web Services Cloud that makes it easy to extend data and insights to every user in your organization. This API reference contains documentation for a programming interface that you can use to manage Amazon Quick Sight.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/ram/2018-01-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ram/2018-01-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ram/2018-01-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ram/2018-01-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/ram/2018-01-04/service-2.json 2.31.35-1/awscli/botocore/data/ram/2018-01-04/service-2.json --- 2.23.6-1/awscli/botocore/data/ram/2018-01-04/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ram/2018-01-04/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"ram", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"RAM", "serviceFullName":"AWS Resource Access Manager", "serviceId":"RAM", "signatureVersion":"v4", - "uid":"ram-2018-01-04" + "uid":"ram-2018-01-04", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptResourceShareInvitation":{ @@ -1142,8 +1144,7 @@ }, "EnableSharingWithAwsOrganizationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableSharingWithAwsOrganizationResponse":{ "type":"structure", @@ -2719,8 +2720,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{"type":"string"}, "TagValueList":{ @@ -2777,8 +2777,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResourceShareRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/rbin/2021-06-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rbin/2021-06-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rbin/2021-06-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rbin/2021-06-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/rbin/2021-06-15/service-2.json 2.31.35-1/awscli/botocore/data/rbin/2021-06-15/service-2.json --- 2.23.6-1/awscli/botocore/data/rbin/2021-06-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rbin/2021-06-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -295,8 +295,7 @@ }, "DeleteRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Description":{ "type":"string", @@ -734,8 +733,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -852,8 +850,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRuleRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/rds/2014-10-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rds/2014-10-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rds/2014-10-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rds/2014-10-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/rds/2014-10-31/paginators-1.json 2.31.35-1/awscli/botocore/data/rds/2014-10-31/paginators-1.json --- 2.23.6-1/awscli/botocore/data/rds/2014-10-31/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rds/2014-10-31/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -240,6 +240,12 @@ "limit_key": "MaxRecords", "output_token": "Marker", "result_key": "DBRecommendations" + }, + "DescribeDBMajorEngineVersions": { + "input_token": "Marker", + "limit_key": "MaxRecords", + "output_token": "Marker", + "result_key": "DBMajorEngineVersions" } } } diff -pruN 2.23.6-1/awscli/botocore/data/rds/2014-10-31/service-2.json 2.31.35-1/awscli/botocore/data/rds/2014-10-31/service-2.json --- 2.23.6-1/awscli/botocore/data/rds/2014-10-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rds/2014-10-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -73,11 +73,16 @@ {"shape":"DBClusterNotFoundFault"}, {"shape":"DBSnapshotNotFoundFault"}, {"shape":"DBProxyNotFoundFault"}, + {"shape":"DBProxyEndpointNotFoundFault"}, {"shape":"DBProxyTargetGroupNotFoundFault"}, {"shape":"BlueGreenDeploymentNotFoundFault"}, - {"shape":"IntegrationNotFoundFault"}, {"shape":"TenantDatabaseNotFoundFault"}, - {"shape":"DBSnapshotTenantDatabaseNotFoundFault"} + {"shape":"DBSnapshotTenantDatabaseNotFoundFault"}, + {"shape":"IntegrationNotFoundFault"}, + {"shape":"DBShardGroupNotFoundFault"}, + {"shape":"InvalidDBClusterStateFault"}, + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"InvalidDBClusterEndpointStateFault"} ], "documentation":"

    Adds metadata tags to an Amazon RDS resource. These tags can also be used with cost allocation reporting to track cost associated with Amazon RDS resources, or used in a Condition statement in an IAM policy for Amazon RDS.

    For an overview on tagging your relational database resources, see Tagging Amazon RDS Resources or Tagging Amazon Aurora and Amazon RDS Resources.

    " }, @@ -269,6 +274,7 @@ {"shape":"DBClusterParameterGroupNotFoundFault"}, {"shape":"InstanceQuotaExceededFault"}, {"shape":"DBClusterQuotaExceededFault"}, + {"shape":"StorageQuotaExceededFault"}, {"shape":"InvalidDBInstanceStateFault"}, {"shape":"InvalidDBClusterStateFault"} ], @@ -288,9 +294,11 @@ "errors":[ {"shape":"CustomDBEngineVersionAlreadyExistsFault"}, {"shape":"CustomDBEngineVersionQuotaExceededFault"}, - {"shape":"Ec2ImagePropertiesNotSupportedFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"CreateCustomDBEngineVersionFault"} + {"shape":"Ec2ImagePropertiesNotSupportedFault"}, + {"shape":"CreateCustomDBEngineVersionFault"}, + {"shape":"CustomDBEngineVersionNotFoundFault"}, + {"shape":"InvalidCustomDBEngineVersionStateFault"} ], "documentation":"

    Creates a custom DB engine version (CEV).

    " }, @@ -325,7 +333,9 @@ {"shape":"DBSubnetGroupDoesNotCoverEnoughAZs"}, {"shape":"GlobalClusterNotFoundFault"}, {"shape":"InvalidGlobalClusterStateFault"}, + {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, + {"shape":"StorageTypeNotSupportedFault"}, {"shape":"OptionGroupNotFoundFault"} ], "documentation":"

    Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster.

    If you create an Aurora DB cluster, the request creates an empty cluster. You must explicitly create the writer instance for your DB cluster using the CreateDBInstance operation. If you create a Multi-AZ DB cluster, the request creates a writer and two reader DB instances for you, each in a different Availability Zone.

    You can use the ReplicationSourceIdentifier parameter to create an Amazon Aurora DB cluster as a read replica of another DB cluster or Amazon RDS for MySQL or PostgreSQL DB instance. For more information about Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    You can also use the ReplicationSourceIdentifier parameter to create a Multi-AZ DB cluster read replica with an RDS for MySQL or PostgreSQL DB instance as the source. For more information about Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " @@ -418,8 +428,8 @@ {"shape":"AuthorizationNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"DomainNotFoundFault"}, - {"shape":"BackupPolicyNotFoundFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"BackupPolicyNotFoundFault"}, {"shape":"CertificateNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"} ], @@ -457,12 +467,12 @@ {"shape":"InvalidDBSubnetGroupFault"}, {"shape":"StorageTypeNotSupportedFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"DomainNotFoundFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"DomainNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"}, {"shape":"CertificateNotFoundFault"} ], - "documentation":"

    Creates a new DB instance that acts as a read replica for an existing source DB instance or Multi-AZ DB cluster. You can create a read replica for a DB instance running Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server. You can create a read replica for a Multi-AZ DB cluster running MySQL or PostgreSQL. For more information, see Working with read replicas and Migrating from a Multi-AZ DB cluster to a DB instance using a read replica in the Amazon RDS User Guide.

    Amazon Aurora doesn't support this operation. To create a DB instance for an Aurora DB cluster, use the CreateDBInstance operation.

    All read replica DB instances are created with backups disabled. All other attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance or cluster, except as specified.

    Your source DB instance or cluster must have backup retention enabled.

    " + "documentation":"

    Creates a new DB instance that acts as a read replica for an existing source DB instance or Multi-AZ DB cluster. You can create a read replica for a DB instance running Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server. You can create a read replica for a Multi-AZ DB cluster running MySQL or PostgreSQL. For more information, see Working with read replicas and Migrating from a Multi-AZ DB cluster to a DB instance using a read replica in the Amazon RDS User Guide.

    Amazon Aurora doesn't support this operation. To create a DB instance for an Aurora DB cluster, use the CreateDBInstance operation.

    RDS creates read replicas with backups disabled. All other attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance or cluster, except as specified.

    Your source DB instance or cluster must have backup retention enabled.

    " }, "CreateDBParameterGroup":{ "name":"CreateDBParameterGroup", @@ -479,7 +489,7 @@ {"shape":"DBParameterGroupQuotaExceededFault"}, {"shape":"DBParameterGroupAlreadyExistsFault"} ], - "documentation":"

    Creates a new DB parameter group.

    A DB parameter group is initially created with the default parameters for the database engine used by the DB instance. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBParameterGroup. Once you've created a DB parameter group, you need to associate it with your DB instance using ModifyDBInstance. When you associate a new DB parameter group with a running DB instance, you need to reboot the DB instance without failover for the new DB parameter group and associated settings to take effect.

    This command doesn't apply to RDS Custom.

    After you create a DB parameter group, you should wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB instance. This is especially important for parameters that are critical when creating the default database for a DB instance, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBParameters command to verify that your DB parameter group has been created or modified.

    " + "documentation":"

    Creates a new DB parameter group.

    A DB parameter group is initially created with the default parameters for the database engine used by the DB instance. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBParameterGroup. Once you've created a DB parameter group, you need to associate it with your DB instance using ModifyDBInstance. When you associate a new DB parameter group with a running DB instance, you need to reboot the DB instance without failover for the new DB parameter group and associated settings to take effect.

    This command doesn't apply to RDS Custom.

    " }, "CreateDBProxy":{ "name":"CreateDBProxy", @@ -635,7 +645,9 @@ {"shape":"GlobalClusterAlreadyExistsFault"}, {"shape":"GlobalClusterQuotaExceededFault"}, {"shape":"InvalidDBClusterStateFault"}, - {"shape":"DBClusterNotFoundFault"} + {"shape":"DBClusterNotFoundFault"}, + {"shape":"InvalidDBShardGroupStateFault"}, + {"shape":"ResourceNotFoundFault"} ], "documentation":"

    Creates an Aurora global database spread across multiple Amazon Web Services Regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.

    You can create a global database that is initially empty, and then create the primary and secondary DB clusters in the global database. Or you can specify an existing Aurora cluster during the create operation, and this cluster becomes the primary cluster of the global database.

    This operation applies only to Aurora DB clusters.

    " }, @@ -692,7 +704,8 @@ {"shape":"DBInstanceNotFoundFault"}, {"shape":"InvalidDBInstanceStateFault"}, {"shape":"TenantDatabaseAlreadyExistsFault"}, - {"shape":"TenantDatabaseQuotaExceededFault"} + {"shape":"TenantDatabaseQuotaExceededFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    Creates a tenant database in a DB instance that uses the multi-tenant configuration. Only RDS for Oracle container database (CDB) instances are supported.

    " }, @@ -744,10 +757,12 @@ "errors":[ {"shape":"DBClusterNotFoundFault"}, {"shape":"InvalidDBClusterStateFault"}, + {"shape":"InvalidGlobalClusterStateFault"}, {"shape":"DBClusterSnapshotAlreadyExistsFault"}, {"shape":"SnapshotQuotaExceededFault"}, {"shape":"InvalidDBClusterSnapshotStateFault"}, - {"shape":"DBClusterAutomatedBackupQuotaExceededFault"} + {"shape":"DBClusterAutomatedBackupQuotaExceededFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    The DeleteDBCluster action deletes a previously provisioned DB cluster. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the specified DB cluster are not deleted.

    If you're deleting a Multi-AZ DB cluster with read replicas, all cluster members are terminated and read replicas are promoted to standalone instances.

    For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " }, @@ -833,7 +848,8 @@ {"shape":"DBSnapshotAlreadyExistsFault"}, {"shape":"SnapshotQuotaExceededFault"}, {"shape":"InvalidDBClusterStateFault"}, - {"shape":"DBInstanceAutomatedBackupQuotaExceededFault"} + {"shape":"DBInstanceAutomatedBackupQuotaExceededFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    Deletes a previously provisioned DB instance. When you delete a DB instance, all automated backups for that instance are deleted and can't be recovered. However, manual DB snapshots of the DB instance aren't deleted.

    If you request a final DB snapshot, the status of the Amazon RDS DB instance is deleting until the DB snapshot is created. This operation can't be canceled or reverted after it begins. To monitor the status of this operation, use DescribeDBInstance.

    When a DB instance is in a failure state and has a status of failed, incompatible-restore, or incompatible-network, you can only delete it when you skip creation of the final snapshot with the SkipFinalSnapshot parameter.

    If the specified DB instance is part of an Amazon Aurora DB cluster, you can't delete the DB instance if both of the following conditions are true:

    • The DB cluster is a read replica of another Amazon Aurora DB cluster.

    • The DB instance is the only instance in the DB cluster.

    To delete a DB instance in this case, first use the PromoteReadReplicaDBCluster operation to promote the DB cluster so that it's no longer a read replica. After the promotion completes, use the DeleteDBInstance operation to delete the final instance in the DB cluster.

    For RDS Custom DB instances, deleting the DB instance permanently deletes the EC2 instance and the associated EBS volumes. Make sure that you don't terminate or delete these resources before you delete the DB instance. Otherwise, deleting the DB instance and creation of the final snapshot might fail.

    " }, @@ -1042,7 +1058,8 @@ "errors":[ {"shape":"DBInstanceNotFoundFault"}, {"shape":"TenantDatabaseNotFoundFault"}, - {"shape":"InvalidDBInstanceStateFault"} + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"DBSnapshotAlreadyExistsFault"} ], "documentation":"

    Deletes a tenant database from your DB instance. This command only applies to RDS for Oracle container database (CDB) instances.

    You can't delete a tenant database when it is the only tenant in the DB instance.

    " }, @@ -1076,6 +1093,7 @@ "shape":"AccountAttributesMessage", "resultWrapper":"DescribeAccountAttributesResult" }, + "errors":[], "documentation":"

    Lists all of the attributes for a customer account. The attributes include Amazon RDS quotas for the account, such as the number of DB instances allowed. The description for a quota includes the quota name, current usage toward that quota, and the quota's maximum value.

    This command doesn't take any parameters.

    " }, "DescribeBlueGreenDeployments":{ @@ -1250,6 +1268,7 @@ "shape":"DBEngineVersionMessage", "resultWrapper":"DescribeDBEngineVersionsResult" }, + "errors":[], "documentation":"

    Describes the properties of specific versions of DB engines.

    " }, "DescribeDBInstanceAutomatedBackups":{ @@ -1301,6 +1320,20 @@ ], "documentation":"

    Returns a list of DB log files for the DB instance.

    This command doesn't apply to RDS Custom.

    " }, + "DescribeDBMajorEngineVersions":{ + "name":"DescribeDBMajorEngineVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeDBMajorEngineVersionsRequest"}, + "output":{ + "shape":"DescribeDBMajorEngineVersionsResponse", + "resultWrapper":"DescribeDBMajorEngineVersionsResult" + }, + "errors":[], + "documentation":"

    Describes the properties of specific major versions of DB engines.

    " + }, "DescribeDBParameterGroups":{ "name":"DescribeDBParameterGroups", "http":{ @@ -1414,6 +1447,7 @@ "shape":"DBRecommendationsMessage", "resultWrapper":"DescribeDBRecommendationsResult" }, + "errors":[], "documentation":"

    Describes the recommendations to resolve the issues for your DB instances, DB clusters, and DB parameter groups.

    " }, "DescribeDBSecurityGroups":{ @@ -1524,6 +1558,7 @@ "shape":"DescribeEngineDefaultClusterParametersResult", "resultWrapper":"DescribeEngineDefaultClusterParametersResult" }, + "errors":[], "documentation":"

    Returns the default engine and system parameter information for the cluster database engine.

    For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    " }, "DescribeEngineDefaultParameters":{ @@ -1537,6 +1572,7 @@ "shape":"DescribeEngineDefaultParametersResult", "resultWrapper":"DescribeEngineDefaultParametersResult" }, + "errors":[], "documentation":"

    Returns the default engine and system parameter information for the specified database engine.

    " }, "DescribeEventCategories":{ @@ -1550,6 +1586,7 @@ "shape":"EventCategoriesMessage", "resultWrapper":"DescribeEventCategoriesResult" }, + "errors":[], "documentation":"

    Displays a list of categories for all event source types, or, if specified, for a specified source type. You can also see this list in the \"Amazon RDS event categories and event messages\" section of the Amazon RDS User Guide or the Amazon Aurora User Guide .

    " }, "DescribeEventSubscriptions":{ @@ -1579,6 +1616,7 @@ "shape":"EventsMessage", "resultWrapper":"DescribeEventsResult" }, + "errors":[], "documentation":"

    Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days. Events specific to a particular DB instance, DB cluster, DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, or RDS Proxy can be obtained by providing the name as a parameter.

    For more information on working with events, see Monitoring Amazon RDS events in the Amazon RDS User Guide and Monitoring Amazon Aurora events in the Amazon Aurora User Guide.

    By default, RDS returns events that were generated in the past hour.

    " }, "DescribeExportTasks":{ @@ -1640,6 +1678,7 @@ "shape":"OptionGroupOptionsMessage", "resultWrapper":"DescribeOptionGroupOptionsResult" }, + "errors":[], "documentation":"

    Describes all available options for the specified engine.

    " }, "DescribeOptionGroups":{ @@ -1669,6 +1708,7 @@ "shape":"OrderableDBInstanceOptionsMessage", "resultWrapper":"DescribeOrderableDBInstanceOptionsResult" }, + "errors":[], "documentation":"

    Describes the orderable DB instance options for a specified DB engine.

    " }, "DescribePendingMaintenanceActions":{ @@ -1730,6 +1770,7 @@ "shape":"SourceRegionMessage", "resultWrapper":"DescribeSourceRegionsResult" }, + "errors":[], "documentation":"

    Returns a list of the source Amazon Web Services Regions where the current Amazon Web Services Region can create a read replica, copy a DB snapshot from, or replicate automated backups from.

    Use this operation to determine whether cross-Region features are supported between other Regions and your current Region. This operation supports pagination.

    To return information about the Regions that are enabled for your account, or all Regions, use the EC2 operation DescribeRegions. For more information, see DescribeRegions in the Amazon EC2 API Reference.

    " }, "DescribeTenantDatabases":{ @@ -1798,7 +1839,7 @@ {"shape":"DBInstanceNotReadyFault"}, {"shape":"DBLogFileNotFoundFault"} ], - "documentation":"

    Downloads all or a portion of the specified log file, up to 1 MB in size.

    This command doesn't apply to RDS Custom.

    " + "documentation":"

    Downloads all or a portion of the specified log file, up to 1 MB in size.

    This command doesn't apply to RDS Custom.

    This operation uses resources on database instances. Because of this, we recommend publishing database logs to CloudWatch and then using the GetLogEvents operation. For more information, see GetLogEvents in the Amazon CloudWatch Logs API Reference.

    " }, "EnableHttpEndpoint":{ "name":"EnableHttpEndpoint", @@ -1871,10 +1912,12 @@ {"shape":"DBClusterNotFoundFault"}, {"shape":"DBProxyNotFoundFault"}, {"shape":"DBProxyTargetGroupNotFoundFault"}, + {"shape":"DBProxyEndpointNotFoundFault"}, {"shape":"BlueGreenDeploymentNotFoundFault"}, - {"shape":"IntegrationNotFoundFault"}, {"shape":"TenantDatabaseNotFoundFault"}, - {"shape":"DBSnapshotTenantDatabaseNotFoundFault"} + {"shape":"DBSnapshotTenantDatabaseNotFoundFault"}, + {"shape":"IntegrationNotFoundFault"}, + {"shape":"DBShardGroupNotFoundFault"} ], "documentation":"

    Lists all tags on an Amazon RDS resource.

    For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources in the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS Resources in the Amazon Aurora User Guide.

    " }, @@ -1967,13 +2010,18 @@ {"shape":"InvalidDBSubnetGroupStateFault"}, {"shape":"InvalidSubnet"}, {"shape":"DBClusterParameterGroupNotFoundFault"}, + {"shape":"DBParameterGroupNotFoundFault"}, {"shape":"InvalidDBSecurityGroupStateFault"}, {"shape":"InvalidDBInstanceStateFault"}, {"shape":"DBClusterAlreadyExistsFault"}, {"shape":"DBInstanceAlreadyExistsFault"}, + {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, + {"shape":"InvalidGlobalClusterStateFault"}, + {"shape":"StorageTypeNotSupportedFault"}, {"shape":"StorageTypeNotAvailableFault"}, - {"shape":"OptionGroupNotFoundFault"} + {"shape":"OptionGroupNotFoundFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    Modifies the settings of an Amazon Aurora DB cluster or a Multi-AZ DB cluster. You can change one or more settings by specifying these parameters and the new values in the request.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " }, @@ -2012,7 +2060,7 @@ {"shape":"DBParameterGroupNotFoundFault"}, {"shape":"InvalidDBParameterGroupStateFault"} ], - "documentation":"

    Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.

    After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create operation before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters operation to verify that your DB cluster parameter group has been created or modified.

    If the modified DB cluster parameter group is used by an Aurora Serverless v1 cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " + "documentation":"

    Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.

    There are two types of parameters - dynamic parameters and static parameters. Changes to dynamic parameters are applied to the DB cluster immediately without a reboot. Changes to static parameters are applied only after the DB cluster is rebooted, which can be done using RebootDBCluster operation. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters operation to verify that your DB cluster parameter group has been created or modified.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " }, "ModifyDBClusterSnapshotAttribute":{ "name":"ModifyDBClusterSnapshotAttribute", @@ -2062,8 +2110,8 @@ {"shape":"DomainNotFoundFault"}, {"shape":"BackupPolicyNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"InvalidDBClusterStateFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"InvalidDBClusterStateFault"}, {"shape":"TenantDatabaseQuotaExceededFault"} ], "documentation":"

    Modifies settings for a DB instance. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. To learn what modifications you can make to your DB instance, call DescribeValidDBInstanceModifications before you call ModifyDBInstance.

    " @@ -2184,9 +2232,11 @@ "resultWrapper":"ModifyDBSnapshotResult" }, "errors":[ - {"shape":"DBSnapshotNotFoundFault"} + {"shape":"DBSnapshotNotFoundFault"}, + {"shape":"InvalidDBSnapshotStateFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], - "documentation":"

    Updates a manual DB snapshot with a new engine version. The snapshot can be encrypted or unencrypted, but not shared or public.

    Amazon RDS supports upgrading DB snapshots for MySQL, PostgreSQL, and Oracle. This operation doesn't apply to RDS Custom or RDS for Db2.

    " + "documentation":"

    Updates a manual DB snapshot with a new engine version. The snapshot can be encrypted or unencrypted, but not shared or public.

    Amazon RDS supports upgrading DB snapshots for MariaDB, MySQL, PostgreSQL, and Oracle. This operation doesn't apply to RDS Custom or RDS for Db2.

    " }, "ModifyDBSnapshotAttribute":{ "name":"ModifyDBSnapshotAttribute", @@ -2222,6 +2272,7 @@ {"shape":"DBSubnetQuotaExceededFault"}, {"shape":"SubnetAlreadyInUse"}, {"shape":"DBSubnetGroupDoesNotCoverEnoughAZs"}, + {"shape":"InvalidDBSubnetGroupStateFault"}, {"shape":"InvalidSubnet"} ], "documentation":"

    Modifies an existing DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in the Amazon Web Services Region.

    " @@ -2283,7 +2334,7 @@ {"shape":"InvalidIntegrationStateFault"}, {"shape":"IntegrationConflictOperationFault"} ], - "documentation":"

    Modifies a zero-ETL integration with Amazon Redshift.

    Currently, you can only modify integrations that have Aurora MySQL source DB clusters. Integrations with Aurora PostgreSQL and RDS sources currently don't support modifying the integration.

    " + "documentation":"

    Modifies a zero-ETL integration with Amazon Redshift.

    " }, "ModifyOptionGroup":{ "name":"ModifyOptionGroup", @@ -2317,7 +2368,8 @@ {"shape":"DBInstanceNotFoundFault"}, {"shape":"TenantDatabaseNotFoundFault"}, {"shape":"TenantDatabaseAlreadyExistsFault"}, - {"shape":"InvalidDBInstanceStateFault"} + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    Modifies an existing tenant database in a DB instance. You can change the tenant database name or the master user password. This operation is supported only for RDS for Oracle CDB instances using the multi-tenant configuration.

    " }, @@ -2404,7 +2456,8 @@ }, "errors":[ {"shape":"InvalidDBInstanceStateFault"}, - {"shape":"DBInstanceNotFoundFault"} + {"shape":"DBInstanceNotFoundFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    You might need to reboot your DB instance, usually for maintenance reasons. For example, if you make certain modifications, or if you change the DB parameter group associated with the DB instance, you must reboot the instance for the changes to take effect.

    Rebooting a DB instance restarts the database engine service. Rebooting a DB instance results in a momentary outage, during which the DB instance status is set to rebooting.

    For more information about rebooting, see Rebooting a DB Instance in the Amazon RDS User Guide.

    This command doesn't apply to RDS Custom.

    If your DB instance is part of a Multi-AZ DB cluster, you can reboot the DB cluster with the RebootDBCluster operation.

    " }, @@ -2463,6 +2516,7 @@ "errors":[ {"shape":"GlobalClusterNotFoundFault"}, {"shape":"InvalidGlobalClusterStateFault"}, + {"shape":"InvalidDBClusterStateFault"}, {"shape":"DBClusterNotFoundFault"} ], "documentation":"

    Detaches an Aurora secondary cluster from an Aurora global database cluster. The cluster becomes a standalone cluster with read-write capability instead of being read-only and receiving data from a primary cluster in a different Region.

    This operation only applies to Aurora DB clusters.

    " @@ -2524,11 +2578,16 @@ {"shape":"DBSnapshotNotFoundFault"}, {"shape":"DBClusterNotFoundFault"}, {"shape":"DBProxyNotFoundFault"}, + {"shape":"DBProxyEndpointNotFoundFault"}, {"shape":"DBProxyTargetGroupNotFoundFault"}, {"shape":"BlueGreenDeploymentNotFoundFault"}, - {"shape":"IntegrationNotFoundFault"}, {"shape":"TenantDatabaseNotFoundFault"}, - {"shape":"DBSnapshotTenantDatabaseNotFoundFault"} + {"shape":"DBSnapshotTenantDatabaseNotFoundFault"}, + {"shape":"IntegrationNotFoundFault"}, + {"shape":"DBShardGroupNotFoundFault"}, + {"shape":"InvalidDBClusterStateFault"}, + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"InvalidDBClusterEndpointStateFault"} ], "documentation":"

    Removes metadata tags from an Amazon RDS resource.

    For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources in the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS Resources in the Amazon Aurora User Guide.

    " }, @@ -2590,6 +2649,7 @@ {"shape":"DBClusterParameterGroupNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"DBClusterNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, {"shape":"InsufficientStorageClusterCapacityFault"}, {"shape":"StorageTypeNotSupportedFault"} @@ -2626,8 +2686,10 @@ {"shape":"InvalidSubnet"}, {"shape":"OptionGroupNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, + {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, {"shape":"DBClusterParameterGroupNotFoundFault"}, + {"shape":"StorageTypeNotSupportedFault"}, {"shape":"InvalidDBInstanceStateFault"}, {"shape":"InsufficientDBInstanceCapacityFault"} ], @@ -2661,12 +2723,14 @@ {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"OptionGroupNotFoundFault"}, {"shape":"StorageQuotaExceededFault"}, + {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, {"shape":"DBClusterParameterGroupNotFoundFault"}, + {"shape":"StorageTypeNotSupportedFault"}, {"shape":"DBClusterAutomatedBackupNotFoundFault"}, {"shape":"InsufficientDBInstanceCapacityFault"} ], - "documentation":"

    Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group.

    For Aurora, this operation only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance operation to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterToPointInTime operation has completed and the DB cluster is available.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " + "documentation":"

    Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group. Unless the RestoreType is set to copy-on-write, the restore may occur in a different Availability Zone (AZ) from the original DB cluster. The AZ where RDS restores the DB cluster depends on the AZs in the specified subnet group.

    For Aurora, this operation only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance operation to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterToPointInTime operation has completed and the DB cluster is available.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    " }, "RestoreDBInstanceFromDBSnapshot":{ "name":"RestoreDBInstanceFromDBSnapshot", @@ -2699,8 +2763,8 @@ {"shape":"DBSecurityGroupNotFoundFault"}, {"shape":"DomainNotFoundFault"}, {"shape":"DBParameterGroupNotFoundFault"}, - {"shape":"BackupPolicyNotFoundFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"BackupPolicyNotFoundFault"}, {"shape":"DBClusterSnapshotNotFoundFault"}, {"shape":"CertificateNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"} @@ -2735,11 +2799,11 @@ {"shape":"StorageTypeNotSupportedFault"}, {"shape":"AuthorizationNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"BackupPolicyNotFoundFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"BackupPolicyNotFoundFault"}, {"shape":"CertificateNotFoundFault"} ], - "documentation":"

    Amazon Relational Database Service (Amazon RDS) supports importing MySQL databases by using backup files. You can create a backup of your on-premises database, store it on Amazon Simple Storage Service (Amazon S3), and then restore the backup file onto a new Amazon RDS DB instance running MySQL. For more information, see Importing Data into an Amazon RDS MySQL DB Instance in the Amazon RDS User Guide.

    This operation doesn't apply to RDS Custom.

    " + "documentation":"

    Amazon Relational Database Service (Amazon RDS) supports importing MySQL databases by using backup files. You can create a backup of your on-premises database, store it on Amazon Simple Storage Service (Amazon S3), and then restore the backup file onto a new Amazon RDS DB instance running MySQL. For more information, see Restoring a backup into an Amazon RDS for MySQL DB instance in the Amazon RDS User Guide.

    This operation doesn't apply to RDS Custom.

    " }, "RestoreDBInstanceToPointInTime":{ "name":"RestoreDBInstanceToPointInTime", @@ -2774,8 +2838,8 @@ {"shape":"DomainNotFoundFault"}, {"shape":"BackupPolicyNotFoundFault"}, {"shape":"DBParameterGroupNotFoundFault"}, - {"shape":"DBInstanceAutomatedBackupNotFoundFault"}, {"shape":"NetworkTypeNotSupported"}, + {"shape":"DBInstanceAutomatedBackupNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"}, {"shape":"CertificateNotFoundFault"} ], @@ -2834,7 +2898,9 @@ "errors":[ {"shape":"DBClusterNotFoundFault"}, {"shape":"InvalidDBClusterStateFault"}, - {"shape":"InvalidDBInstanceStateFault"} + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"InvalidDBShardGroupStateFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"

    Starts an Amazon Aurora DB cluster that was stopped using the Amazon Web Services console, the stop-db-cluster CLI command, or the StopDBCluster operation.

    For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.

    This operation only applies to Aurora DB clusters.

    " }, @@ -2879,6 +2945,7 @@ {"shape":"DBInstanceNotFoundFault"}, {"shape":"InvalidDBInstanceStateFault"}, {"shape":"KMSKeyNotAccessibleFault"}, + {"shape":"InvalidDBInstanceAutomatedBackupStateFault"}, {"shape":"DBInstanceAutomatedBackupQuotaExceededFault"}, {"shape":"StorageTypeNotSupportedFault"} ], @@ -2907,7 +2974,7 @@ {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"InvalidExportSourceStateFault"} ], - "documentation":"

    Starts an export of DB snapshot or DB cluster data to Amazon S3. The provided IAM role must have access to the S3 bucket.

    You can't export snapshot data from Db2 or RDS Custom DB instances.

    For more information on exporting DB snapshot data, see Exporting DB snapshot data to Amazon S3 in the Amazon RDS User Guide or Exporting DB cluster snapshot data to Amazon S3 in the Amazon Aurora User Guide.

    For more information on exporting DB cluster data, see Exporting DB cluster data to Amazon S3 in the Amazon Aurora User Guide.

    " + "documentation":"

    Starts an export of DB snapshot or DB cluster data to Amazon S3. The provided IAM role must have access to the S3 bucket.

    You can't export snapshot data from RDS Custom DB instances. For more information, see Supported Regions and DB engines for exporting snapshots to S3 in Amazon RDS.

    For more information on exporting DB snapshot data, see Exporting DB snapshot data to Amazon S3 in the Amazon RDS User Guide or Exporting DB cluster snapshot data to Amazon S3 in the Amazon Aurora User Guide.

    For more information on exporting DB cluster data, see Exporting DB cluster data to Amazon S3 in the Amazon Aurora User Guide.

    " }, "StopActivityStream":{ "name":"StopActivityStream", @@ -2943,7 +3010,8 @@ "errors":[ {"shape":"DBClusterNotFoundFault"}, {"shape":"InvalidDBClusterStateFault"}, - {"shape":"InvalidDBInstanceStateFault"} + {"shape":"InvalidDBInstanceStateFault"}, + {"shape":"InvalidDBShardGroupStateFault"} ], "documentation":"

    Stops an Amazon Aurora DB cluster. When you stop a DB cluster, Aurora retains the DB cluster's metadata, including its endpoints and DB parameter groups. Aurora also retains the transaction logs so you can do a point-in-time restore if necessary.

    For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.

    This operation only applies to Aurora DB clusters.

    " }, @@ -2965,7 +3033,7 @@ {"shape":"SnapshotQuotaExceededFault"}, {"shape":"InvalidDBClusterStateFault"} ], - "documentation":"

    Stops an Amazon RDS DB instance. When you stop a DB instance, Amazon RDS retains the DB instance's metadata, including its endpoint, DB parameter group, and option group membership. Amazon RDS also retains the transaction logs so you can do a point-in-time restore if necessary.

    For more information, see Stopping an Amazon RDS DB Instance Temporarily in the Amazon RDS User Guide.

    This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora clusters, use StopDBCluster instead.

    " + "documentation":"

    Stops an Amazon RDS DB instance temporarily. When you stop a DB instance, Amazon RDS retains the DB instance's metadata, including its endpoint, DB parameter group, and option group membership. Amazon RDS also retains the transaction logs so you can do a point-in-time restore if necessary. The instance restarts automatically after 7 days.

    For more information, see Stopping an Amazon RDS DB Instance Temporarily in the Amazon RDS User Guide.

    This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora clusters, use StopDBCluster instead.

    " }, "StopDBInstanceAutomatedBackupsReplication":{ "name":"StopDBInstanceAutomatedBackupsReplication", @@ -3248,10 +3316,14 @@ "type":"string", "enum":["SECRETS"] }, + "AuthUserName":{ + "type":"string", + "max":128, + "min":1 + }, "AuthorizationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified CIDR IP range or Amazon EC2 security group is already authorized for the specified DB security group.

    ", "error":{ "code":"AuthorizationAlreadyExists", @@ -3262,8 +3334,7 @@ }, "AuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified CIDR IP range or Amazon EC2 security group might not be authorized for the specified DB security group.

    Or, RDS might not be authorized to perform necessary actions using IAM on your behalf.

    ", "error":{ "code":"AuthorizationNotFound", @@ -3274,8 +3345,7 @@ }, "AuthorizationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB security group authorization quota has been reached.

    ", "error":{ "code":"AuthorizationQuotaExceeded", @@ -3408,8 +3478,7 @@ }, "BackupPolicyNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true, "deprecatedMessage":"Please avoid using this fault", "error":{ @@ -3468,8 +3537,7 @@ }, "BlueGreenDeploymentAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A blue/green deployment with the specified name already exists.

    ", "error":{ "code":"BlueGreenDeploymentAlreadyExistsFault", @@ -3492,12 +3560,11 @@ "type":"string", "max":60, "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" }, "BlueGreenDeploymentNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    BlueGreenDeploymentIdentifier doesn't refer to an existing blue/green deployment.

    ", "error":{ "code":"BlueGreenDeploymentNotFoundFault", @@ -3630,8 +3697,7 @@ }, "CertificateNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    CertificateIdentifier doesn't refer to an existing certificate.

    ", "error":{ "code":"CertificateNotFound", @@ -3687,7 +3753,7 @@ "documentation":"

    The DBClusterIdentifier value for the DB cluster.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The master credentials for the DB cluster.

    " }, "IAMDatabaseAuthenticationEnabled":{ @@ -3702,6 +3768,10 @@ "shape":"IntegerOptional", "documentation":"

    The number of days for which automatic DB snapshots are retained.

    " }, + "StorageType":{ + "shape":"String", + "documentation":"

    The storage type for the DB cluster.

    " + }, "AllocatedStorage":{ "shape":"IntegerOptional", "documentation":"

    The allocated storage size in gibibytes (GiB) for all database engines except Amazon Aurora. For Aurora, AllocatedStorage always returns 1, because Aurora DB cluster storage size isn't fixed, but instead automatically adjusts as needed.

    " @@ -3714,10 +3784,6 @@ "shape":"IntegerOptional", "documentation":"

    The Provisioned IOPS (I/O operations per second) value. This setting is only for non-Aurora Multi-AZ DB clusters.

    " }, - "StorageType":{ - "shape":"String", - "documentation":"

    The storage type for the DB cluster.

    " - }, "CertificateDetails":{"shape":"CertificateDetails"} }, "documentation":"

    This data type is used as a response element in the ModifyDBCluster operation and contains changes that will be applied during the next maintenance window.

    " @@ -3726,7 +3792,8 @@ "type":"string", "enum":[ "standard", - "limitless" + "limitless", + "scaleout" ] }, "ConnectionPoolConfiguration":{ @@ -3742,7 +3809,7 @@ }, "ConnectionBorrowTimeout":{ "shape":"IntegerOptional", - "documentation":"

    The number of seconds for a proxy to wait for a connection to become available in the connection pool. This setting only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.

    Default: 120

    Constraints:

    • Must be between 0 and 3600.

    " + "documentation":"

    The number of seconds for a proxy to wait for a connection to become available in the connection pool. This setting only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.

    Default: 120

    Constraints:

    • Must be between 0 and 300.

    " }, "SessionPinningFilters":{ "shape":"StringList", @@ -3750,7 +3817,7 @@ }, "InitQuery":{ "shape":"String", - "documentation":"

    One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2.

    Default: no initialization query

    " + "documentation":"

    Add an initialization query, or modify the current one. You can specify one or more SQL statements for the proxy to run when opening each new database connection. The setting is typically used with SET statements to make sure that each connection has identical settings. Make sure the query added here is valid. This is an optional field, so you can choose to leave it empty. For including multiple variables in a single SET statement, use a comma separator.

    For example: SET variable1=value1, variable2=value2

    Default: no initialization query

    Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.

    " } }, "documentation":"

    Specifies the settings that control the size and behavior of the connection pool associated with a DBProxyTargetGroup.

    " @@ -3776,7 +3843,7 @@ }, "InitQuery":{ "shape":"String", - "documentation":"

    One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2.

    " + "documentation":"

    One or more SQL statements for the proxy to run when opening each new database connection. The setting is typically used with SET statements to make sure that each connection has identical settings. The query added here must be valid. For including multiple variables in a single SET statement, use a comma separator. This is an optional field.

    For example: SET variable1=value1, variable2=value2

    Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.

    " } }, "documentation":"

    Displays the settings that control the size and behavior of the connection pool associated with a DBProxyTarget.

    " @@ -3837,7 +3904,7 @@ "members":{ "SourceDBClusterSnapshotIdentifier":{ "shape":"String", - "documentation":"

    The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive.

    You can't copy an encrypted, shared DB cluster snapshot from one Amazon Web Services Region to another.

    Constraints:

    • Must specify a valid system snapshot in the \"available\" state.

    • If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier.

    • If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB cluster snapshot ARN. For more information, go to Copying Snapshots Across Amazon Web Services Regions in the Amazon Aurora User Guide.

    Example: my-cluster-snapshot1

    " + "documentation":"

    The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive.

    Constraints:

    • Must specify a valid source snapshot in the \"available\" state.

    • If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier.

    • If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB cluster snapshot ARN. You can also specify an ARN of a snapshot that is in a different account and a different Amazon Web Services Region. For more information, go to Copying Snapshots Across Amazon Web Services Regions in the Amazon Aurora User Guide.

    Example: my-cluster-snapshot1

    " }, "TargetDBClusterSnapshotIdentifier":{ "shape":"String", @@ -3848,7 +3915,7 @@ "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS key.

    If you copy an encrypted DB cluster snapshot from your Amazon Web Services account, you can specify a value for KmsKeyId to encrypt the copy with a new KMS key. If you don't specify a value for KmsKeyId, then the copy of the DB cluster snapshot is encrypted with the same KMS key as the source DB cluster snapshot.

    If you copy an encrypted DB cluster snapshot that is shared from another Amazon Web Services account, then you must specify a value for KmsKeyId.

    To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, you must set KmsKeyId to the Amazon Web Services KMS key identifier you want to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

    If you copy an unencrypted DB cluster snapshot and specify a value for the KmsKeyId parameter, an error is returned.

    " }, "PreSignedUrl":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    When you are copying a DB cluster snapshot from one Amazon Web Services GovCloud (US) Region to another, the URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot API operation in the Amazon Web Services Region that contains the source DB cluster snapshot to copy. Use the PreSignedUrl parameter when copying an encrypted DB cluster snapshot from another Amazon Web Services Region. Don't specify PreSignedUrl when copying an encrypted DB cluster snapshot in the same Amazon Web Services Region.

    This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

    The presigned URL must be a valid request for the CopyDBClusterSnapshot API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to copy. The presigned URL request must contain the following parameter values:

    • KmsKeyId - The KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.

    • DestinationRegion - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.

    • SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

    If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

    " }, "CopyTags":{ @@ -3904,7 +3971,7 @@ "members":{ "SourceDBSnapshotIdentifier":{ "shape":"String", - "documentation":"

    The identifier for the source DB snapshot.

    If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805.

    If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB snapshot ARN. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805.

    If you are copying from a shared manual DB snapshot, this parameter must be the Amazon Resource Name (ARN) of the shared DB snapshot.

    If you are copying an encrypted snapshot this parameter must be in the ARN format for the source Amazon Web Services Region.

    Constraints:

    • Must specify a valid system snapshot in the \"available\" state.

    Example: rds:mydb-2012-04-02-00-01

    Example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805

    " + "documentation":"

    The identifier for the source DB snapshot.

    If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805.

    If you are copying from a shared manual DB snapshot, this parameter must be the Amazon Resource Name (ARN) of the shared DB snapshot.

    If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB snapshot ARN. You can also specify an ARN of a snapshot that is in a different account and a different Amazon Web Services Region. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805.

    Constraints:

    • Must specify a valid source snapshot in the \"available\" state.

    Example: rds:mydb-2012-04-02-00-01

    Example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805

    " }, "TargetDBSnapshotIdentifier":{ "shape":"String", @@ -3920,7 +3987,7 @@ "documentation":"

    Specifies whether to copy all tags from the source DB snapshot to the target DB snapshot. By default, tags aren't copied.

    " }, "PreSignedUrl":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    When you are copying a snapshot from one Amazon Web Services GovCloud (US) Region to another, the URL that contains a Signature Version 4 signed request for the CopyDBSnapshot API operation in the source Amazon Web Services Region that contains the source DB snapshot to copy.

    This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

    You must specify this parameter when you copy an encrypted DB snapshot from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon Web Services Region.

    The presigned URL must be a valid request for the CopyDBClusterSnapshot API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to copy. The presigned URL request must contain the following parameter values:

    • DestinationRegion - The Amazon Web Services Region that the encrypted DB snapshot is copied to. This Amazon Web Services Region is the same one where the CopyDBSnapshot operation is called that contains this presigned URL.

      For example, if you copy an encrypted DB snapshot from the us-west-2 Amazon Web Services Region to the us-east-1 Amazon Web Services Region, then you call the CopyDBSnapshot operation in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CopyDBSnapshot operation in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.

    • KmsKeyId - The KMS key identifier for the KMS key to use to encrypt the copy of the DB snapshot in the destination Amazon Web Services Region. This is the same identifier for both the CopyDBSnapshot operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.

    • SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBSnapshotIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

    If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

    " }, "OptionGroupName":{ @@ -3931,9 +3998,17 @@ "shape":"String", "documentation":"

    The external custom Availability Zone (CAZ) identifier for the target CAZ.

    Example: rds-caz-aiqhTgQv.

    " }, + "SnapshotTarget":{ + "shape":"String", + "documentation":"

    Configures the location where RDS will store copied snapshots.

    Valid Values:

    • local (Dedicated Local Zone)

    • outposts (Amazon Web Services Outposts)

    • region (Amazon Web Services Region)

    " + }, "CopyOptionGroup":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to copy the DB option group associated with the source DB snapshot to the target Amazon Web Services account and associate with the target DB snapshot. The associated option group can be copied only with cross-account snapshot copy calls.

    " + }, + "SnapshotAvailabilityZone":{ + "shape":"String", + "documentation":"

    Specifies the name of the Availability Zone where RDS stores the DB snapshot. This value is valid only for snapshots that RDS stores on a Dedicated Local Zone.

    " } }, "documentation":"

    " @@ -4039,8 +4114,7 @@ }, "CreateCustomDBEngineVersionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred while trying to create the CEV.

    ", "error":{ "code":"CreateCustomDBEngineVersionFault", @@ -4080,6 +4154,14 @@ "shape":"KmsKeyIdOrArn", "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted CEV. A symmetric encryption KMS key is required for RDS Custom, but optional for Amazon RDS.

    If you have an existing symmetric encryption KMS key in your account, you can use it with RDS Custom. No further action is necessary. If you don't already have a symmetric encryption KMS key in your account, follow the instructions in Creating a symmetric encryption KMS key in the Amazon Web Services Key Management Service Developer Guide.

    You can choose the same symmetric encryption key when you create a CEV and a DB instance, or choose different keys.

    " }, + "SourceCustomDbEngineVersionIdentifier":{ + "shape":"String255", + "documentation":"

    The ARN of a CEV to use as a source for creating a new CEV. You can specify a different Amazon Machine Imagine (AMI) by using either Source or UseAwsProvidedLatestImage. You can't specify a different JSON manifest when you specify SourceCustomDbEngineVersionIdentifier.

    " + }, + "UseAwsProvidedLatestImage":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to use the latest service-provided Amazon Machine Image (AMI) for the CEV. If you specify UseAwsProvidedLatestImage, you can't also specify ImageId.

    " + }, "Description":{ "shape":"Description", "documentation":"

    An optional description of your CEV.

    " @@ -4088,15 +4170,7 @@ "shape":"CustomDBEngineVersionManifest", "documentation":"

    The CEV manifest, which is a JSON document that describes the installation .zip files stored in Amazon S3. Specify the name/value pairs in a file or a quoted string. RDS Custom applies the patches in the order in which they are listed.

    The following JSON fields are valid:

    MediaImportTemplateVersion

    Version of the CEV manifest. The date is in the format YYYY-MM-DD.

    databaseInstallationFileNames

    Ordered list of installation files for the CEV.

    opatchFileNames

    Ordered list of OPatch installers used for the Oracle DB engine.

    psuRuPatchFileNames

    The PSU and RU patches for this CEV.

    OtherPatchFileNames

    The patches that are not in the list of PSU and RU patches. Amazon RDS applies these patches after applying the PSU and RU patches.

    For more information, see Creating the CEV manifest in the Amazon RDS User Guide.

    " }, - "Tags":{"shape":"TagList"}, - "SourceCustomDbEngineVersionIdentifier":{ - "shape":"String255", - "documentation":"

    The ARN of a CEV to use as a source for creating a new CEV. You can specify a different Amazon Machine Imagine (AMI) by using either Source or UseAwsProvidedLatestImage. You can't specify a different JSON manifest when you specify SourceCustomDbEngineVersionIdentifier.

    " - }, - "UseAwsProvidedLatestImage":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether to use the latest service-provided Amazon Machine Image (AMI) for the CEV. If you specify UseAwsProvidedLatestImage, you can't also specify ImageId.

    " - } + "Tags":{"shape":"TagList"} } }, "CreateDBClusterEndpointMessage":{ @@ -4142,7 +4216,7 @@ "members":{ "AvailabilityZones":{ "shape":"AvailabilityZones", - "documentation":"

    A list of Availability Zones (AZs) where you specifically want to create DB instances in the DB cluster.

    For information on AZs, see Availability Zones in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Constraints:

    • Can't specify more than three AZs.

    " + "documentation":"

    A list of Availability Zones (AZs) where you specifically want to create DB instances in the DB cluster.

    For the first three DB instances that you create, RDS distributes each DB instance to a different AZ that you specify. For additional DB instances that you create, RDS randomly distributes them to the AZs that you specified. For example, if you create a DB cluster with one writer instance and three reader instances, RDS might distribute the writer instance to AZ 1, the first reader instance to AZ 2, the second reader instance to AZ 3, and the third reader instance to either AZ 1, AZ 2, or AZ 3.

    For more information, see Availability Zones and High availability for Aurora DB instances in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Constraints:

    • Can't specify more than three AZs.

    " }, "BackupRetentionPeriod":{ "shape":"IntegerOptional", @@ -4189,7 +4263,7 @@ "documentation":"

    The name of the master user for the DB cluster.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Constraints:

    • Must be 1 to 16 letters or numbers.

    • First character must be a letter.

    • Can't be a reserved word for the chosen database engine.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the master database user.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Constraints:

    • Must contain from 8 to 41 characters.

    • Can contain any printable ASCII character except \"/\", \"\"\", or \"@\".

    • Can't be specified if ManageMasterUserPassword is turned on.

    " }, "OptionGroupName":{ @@ -4221,7 +4295,7 @@ "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted DB cluster.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    When a KMS key isn't specified in KmsKeyId:

    • If ReplicationSourceIdentifier identifies an encrypted source, then Amazon RDS uses the KMS key used to encrypt the source. Otherwise, Amazon RDS uses your default KMS key.

    • If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier isn't specified, then Amazon RDS uses your default KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, make sure to set KmsKeyId to a KMS key identifier that is valid in the destination Amazon Web Services Region. This KMS key is used to encrypt the read replica in that Amazon Web Services Region.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " }, "PreSignedUrl":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    When you are replicating a DB cluster from one Amazon Web Services GovCloud (US) Region to another, an URL that contains a Signature Version 4 signed request for the CreateDBCluster operation to be called in the source Amazon Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl only when you are performing cross-Region replication from an encrypted DB cluster.

    The presigned URL must be a valid request for the CreateDBCluster API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster to copy.

    The presigned URL request must contain the following parameter values:

    • KmsKeyId - The KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster in the destination Amazon Web Services Region. This should refer to the same KMS key for both the CreateDBCluster operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.

    • DestinationRegion - The name of the Amazon Web Services Region that Aurora read replica will be created in.

    • ReplicationSourceIdentifier - The DB cluster identifier for the encrypted DB cluster to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster from the us-west-2 Amazon Web Services Region, then your ReplicationSourceIdentifier would look like Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

    If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

    Valid for Cluster Type: Aurora DB clusters only

    " }, "EnableIAMDatabaseAuthentication":{ @@ -4234,7 +4308,7 @@ }, "EnableCloudwatchLogsExports":{ "shape":"LogTypeList", - "documentation":"

    The list of log types that need to be enabled for exporting to CloudWatch Logs.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | slowquery

    • Aurora PostgreSQL - postgresql

    • RDS for MySQL - error | general | slowquery

    • RDS for PostgreSQL - postgresql | upgrade

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " + "documentation":"

    The list of log types that need to be enabled for exporting to CloudWatch Logs.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | instance | slowquery | iam-db-auth-error

    • Aurora PostgreSQL - instance | postgresql | iam-db-auth-error

    • RDS for MySQL - error | general | slowquery | iam-db-auth-error

    • RDS for PostgreSQL - postgresql | upgrade | iam-db-auth-error

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " }, "EngineMode":{ "shape":"String", @@ -4248,12 +4322,36 @@ "shape":"RdsCustomClusterConfiguration", "documentation":"

    Reserved for future use.

    " }, + "DBClusterInstanceClass":{ + "shape":"String", + "documentation":"

    The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.

    For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.

    This setting is required to create a Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    " + }, + "AllocatedStorage":{ + "shape":"IntegerOptional", + "documentation":"

    The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    This setting is required to create a Multi-AZ DB cluster.

    " + }, + "StorageType":{ + "shape":"String", + "documentation":"

    The storage type to associate with the DB cluster.

    For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.

    This setting is required to create a Multi-AZ DB cluster.

    When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values:

    • Aurora DB clusters - aurora | aurora-iopt1

    • Multi-AZ DB clusters - io1 | io2 | gp3

    Default:

    • Aurora DB clusters - aurora

    • Multi-AZ DB clusters - io1

    When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.

    " + }, + "Iops":{ + "shape":"IntegerOptional", + "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

    For information about valid IOPS values, see Provisioned IOPS storage in the Amazon RDS User Guide.

    This setting is required to create a Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    Constraints:

    • Must be a multiple between .5 and 50 of the storage amount for the DB cluster.

    " + }, + "PubliclyAccessible":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether the DB cluster is publicly accessible.

    When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

    Valid for Cluster Type: Multi-AZ DB clusters only

    Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

    If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

    • If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.

    If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

    • If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.

    " + }, + "AutoMinorVersionUpgrade":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " + }, "DeletionProtection":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " }, "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The global cluster ID of an Aurora cluster that becomes the primary cluster in the new global database cluster.

    Valid for Cluster Type: Aurora DB clusters only

    " }, "EnableHttpEndpoint":{ @@ -4276,30 +4374,11 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.

    You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster, and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by a global cluster API operation, but it does nothing until then.

    Valid for Cluster Type: Aurora DB clusters only

    " }, - "DBClusterInstanceClass":{ - "shape":"String", - "documentation":"

    The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.

    For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.

    This setting is required to create a Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    " - }, - "AllocatedStorage":{ - "shape":"IntegerOptional", - "documentation":"

    The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    This setting is required to create a Multi-AZ DB cluster.

    " - }, - "StorageType":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The storage type to associate with the DB cluster.

    For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.

    This setting is required to create a Multi-AZ DB cluster.

    When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values:

    • Aurora DB clusters - aurora | aurora-iopt1

    • Multi-AZ DB clusters - io1 | io2 | gp3

    Default:

    • Aurora DB clusters - aurora

    • Multi-AZ DB clusters - io1

    When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.

    " - }, - "Iops":{ - "shape":"IntegerOptional", - "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

    For information about valid IOPS values, see Provisioned IOPS storage in the Amazon RDS User Guide.

    This setting is required to create a Multi-AZ DB cluster.

    Valid for Cluster Type: Multi-AZ DB clusters only

    Constraints:

    • Must be a multiple between .5 and 50 of the storage amount for the DB cluster.

    " - }, - "PubliclyAccessible":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether the DB cluster is publicly accessible.

    When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

    Valid for Cluster Type: Multi-AZ DB clusters only

    Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

    If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

    • If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.

    If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

    • If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.

    " - }, - "AutoMinorVersionUpgrade":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster

    " + "documentation":"

    The network type of the DB cluster.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Valid Values: IPV4 | DUAL

    " }, + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "MonitoringInterval":{ "shape":"IntegerOptional", "documentation":"

    The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0.

    If MonitoringRoleArn is specified, also set MonitoringInterval to a value other than 0.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60

    Default: 0

    " @@ -4310,7 +4389,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    The mode of Database Insights to enable for the DB cluster.

    If you set this value to advanced, you must also set the PerformanceInsightsEnabled parameter to true and the PerformanceInsightsRetentionPeriod parameter to 465.

    Valid for Cluster Type: Aurora DB clusters only

    " + "documentation":"

    The mode of Database Insights to enable for the DB cluster.

    If you set this value to advanced, you must also set the PerformanceInsightsEnabled parameter to true and the PerformanceInsightsRetentionPeriod parameter to 465.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -4328,11 +4407,6 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable Aurora Limitless Database. You must enable Aurora Limitless Database to create a DB shard group.

    Valid for: Aurora DB clusters only

    This setting is no longer used. Instead use the ClusterScalabilityType setting.

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, - "NetworkType":{ - "shape":"String", - "documentation":"

    The network type of the DB cluster.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Valid Values: IPV4 | DUAL

    " - }, "ClusterScalabilityType":{ "shape":"ClusterScalabilityType", "documentation":"

    Specifies the scalability mode of the Aurora DB cluster. When set to limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation.

    Valid for: Aurora DB clusters only

    You can't modify this setting after you create the DB cluster.

    " @@ -4345,21 +4419,25 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " }, - "MasterUserSecretKmsKeyId":{ - "shape":"String", - "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " - }, "EnableLocalWriteForwarding":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.

    Valid for: Aurora DB clusters only

    " }, + "MasterUserSecretKmsKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " + }, "CACertificateIdentifier":{ "shape":"String", "documentation":"

    The CA certificate identifier to use for the DB cluster's server certificate.

    For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide.

    Valid for Cluster Type: Multi-AZ DB clusters

    " }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + }, + "MasterUserAuthenticationType":{ + "shape":"MasterUserAuthenticationType", + "documentation":"

    Specifies the authentication type for the master user. With IAM master user authentication, you can configure the master DB user with IAM database authentication when you create a DB cluster.

    You can specify one of the following values:

    • password - Use standard database authentication with a password.

    • iam-db-auth - Use IAM database authentication for the master user.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL engines.

    " } }, "documentation":"

    " @@ -4464,7 +4542,7 @@ "documentation":"

    The name for the master user.

    This setting doesn't apply to Amazon Aurora DB instances. The name for the master user is managed by the DB cluster.

    This setting is required for RDS DB instances.

    Constraints:

    • Must be 1 to 16 letters, numbers, or underscores.

    • First character must be a letter.

    • Can't be a reserved word for the chosen database engine.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the master user.

    This setting doesn't apply to Amazon Aurora DB instances. The password for the master user is managed by the DB cluster.

    Constraints:

    • Can't be specified if ManageMasterUserPassword is turned on.

    • Can include any printable ASCII character except \"/\", \"\"\", or \"@\". For RDS for Oracle, can't include the \"&\" (ampersand) or the \"'\" (single quotes) character.

    Length Constraints:

    • RDS for Db2 - Must contain from 8 to 255 characters.

    • RDS for MariaDB - Must contain from 8 to 41 characters.

    • RDS for Microsoft SQL Server - Must contain from 8 to 128 characters.

    • RDS for MySQL - Must contain from 8 to 41 characters.

    • RDS for Oracle - Must contain from 8 to 30 characters.

    • RDS for PostgreSQL - Must contain from 8 to 128 characters.

    " }, "DBSecurityGroups":{ @@ -4505,7 +4583,7 @@ }, "MultiAZ":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

    This setting doesn't apply to the following DB instances:

    • Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.)

    • RDS Custom

    " + "documentation":"

    Specifies whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

    This setting doesn't apply to Amazon Aurora because the DB instance Availability Zones (AZs) are managed by the DB cluster.

    " }, "EngineVersion":{ "shape":"String", @@ -4513,16 +4591,20 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.

    If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade to false.

    " + "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.

    If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade to false.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "LicenseModel":{ "shape":"String", - "documentation":"

    The license model information for this DB instance.

    License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    The default for RDS for Db2 is bring-your-own-license.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    " + "documentation":"

    The license model information for this DB instance.

    License models for RDS for Db2 require additional configuration. The bring your own license (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    The default for RDS for Db2 is bring-your-own-license.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    " }, "Iops":{ "shape":"IntegerOptional", "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to initially allocate for the DB instance. For information about valid IOPS values, see Amazon RDS DB instance storage in the Amazon RDS User Guide.

    This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.

    Constraints:

    • For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance.

    • For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput value, in mebibyte per second (MiBps), for the DB instance.

    This setting applies only to the gp3 storage type.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The option group to associate the DB instance with.

    Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " @@ -4549,14 +4631,14 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type to associate with the DB instance.

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1, if the Iops parameter is specified. Otherwise, gp2.

    " + "documentation":"

    The storage type to associate with the DB instance.

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1, if the Iops parameter is specified. Otherwise, gp3.

    " }, "TdeCredentialArn":{ "shape":"String", "documentation":"

    The ARN from the key store with which to associate the instance for TDE encryption.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " }, "TdeCredentialPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the given ARN from the key store in order to access the device.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "StorageEncrypted":{ @@ -4617,7 +4699,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    The mode of Database Insights to enable for the DB instance.

    This setting only applies to Amazon Aurora DB instances.

    Currently, this value is inherited from the DB cluster and can't be changed.

    " + "documentation":"

    The mode of Database Insights to enable for the DB instance.

    Aurora DB instances inherit this value from the DB cluster, so you can't change this value.

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -4633,7 +4715,7 @@ }, "EnableCloudwatchLogsExports":{ "shape":"LogTypeList", - "documentation":"

    The list of log types to enable for exporting to CloudWatch Logs. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    This setting doesn't apply to the following DB instances:

    • Amazon Aurora (CloudWatch Logs exports are managed by the DB cluster.)

    • RDS Custom

    The following values are valid for each DB engine:

    • RDS for Db2 - diag.log | notify.log

    • RDS for MariaDB - audit | error | general | slowquery

    • RDS for Microsoft SQL Server - agent | error

    • RDS for MySQL - audit | error | general | slowquery

    • RDS for Oracle - alert | audit | listener | trace | oemagent

    • RDS for PostgreSQL - postgresql | upgrade

    " + "documentation":"

    The list of log types to enable for exporting to CloudWatch Logs. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    This setting doesn't apply to the following DB instances:

    • Amazon Aurora (CloudWatch Logs exports are managed by the DB cluster.)

    • RDS Custom

    The following values are valid for each DB engine:

    • RDS for Db2 - diag.log | notify.log | iam-db-auth-error

    • RDS for MariaDB - audit | error | general | slowquery | iam-db-auth-error

    • RDS for Microsoft SQL Server - agent | error

    • RDS for MySQL - audit | error | general | slowquery | iam-db-auth-error

    • RDS for Oracle - alert | audit | listener | trace | oemagent

    • RDS for PostgreSQL - postgresql | upgrade | iam-db-auth-error

    " }, "ProcessorFeatures":{ "shape":"ProcessorFeatureList", @@ -4651,21 +4733,25 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " }, - "CustomIamInstanceProfile":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.

    This setting is required for RDS Custom.

    Constraints:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    " + "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    Valid Values: IPV4 | DUAL

    " }, "BackupTarget":{ "shape":"String", - "documentation":"

    The location for storing automated backups and manual snapshots.

    Valid Values:

    • outposts (Amazon Web Services Outposts)

    • region (Amazon Web Services Region)

    Default: region

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " + "documentation":"

    The location for storing automated backups and manual snapshots.

    Valid Values:

    • local (Dedicated Local Zone)

    • outposts (Amazon Web Services Outposts)

    • region (Amazon Web Services Region)

    Default: region

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " }, - "NetworkType":{ + "CustomIamInstanceProfile":{ "shape":"String", - "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    Valid Values: IPV4 | DUAL

    " + "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.

    This setting is required for RDS Custom.

    Constraints:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput value for the DB instance.

    This setting applies only to the gp3 storage type.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " + "DBSystemId":{ + "shape":"String", + "documentation":"

    The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term \"Oracle database instance\" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to RDSCDB. The Oracle SID is also the name of your CDB.

    " + }, + "CACertificateIdentifier":{ + "shape":"String", + "documentation":"

    The CA certificate identifier to use for the DB instance's server certificate.

    This setting doesn't apply to RDS Custom DB instances.

    For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.

    " }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", @@ -4675,25 +4761,21 @@ "shape":"String", "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " }, - "CACertificateIdentifier":{ - "shape":"String", - "documentation":"

    The CA certificate identifier to use for the DB instance's server certificate.

    This setting doesn't apply to RDS Custom DB instances.

    For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.

    " - }, - "DBSystemId":{ - "shape":"String", - "documentation":"

    The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term \"Oracle database instance\" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to RDSCDB. The Oracle SID is also the name of your CDB.

    " + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to use the multi-tenant configuration or the single-tenant configuration (default). This parameter only applies to RDS for Oracle container database (CDB) engines.

    Note the following restrictions:

    • The DB engine that you specify in the request must support the multi-tenant configuration. If you attempt to enable the multi-tenant configuration on a DB engine that doesn't support it, the request fails.

    • If you specify the multi-tenant configuration when you create your DB instance, you can't later modify this DB instance to use the single-tenant configuration.

    " }, "DedicatedLogVolume":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.

    " }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether to use the multi-tenant configuration or the single-tenant configuration (default). This parameter only applies to RDS for Oracle container database (CDB) engines.

    Note the following restrictions:

    • The DB engine that you specify in the request must support the multi-tenant configuration. If you attempt to enable the multi-tenant configuration on a DB engine that doesn't support it, the request fails.

    • If you specify the multi-tenant configuration when you create your DB instance, you can't later modify this DB instance to use the single-tenant configuration.

    " - }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB instance will fail if the DB major version is past its end of standard support date.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the DB instance will fail if the DB major version is past its end of standard support date.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Amazon RDS Extended Support with Amazon RDS in the Amazon RDS User Guide.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + }, + "MasterUserAuthenticationType":{ + "shape":"MasterUserAuthenticationType", + "documentation":"

    Specifies the authentication type for the master user. With IAM master user authentication, you can configure the master DB user with IAM database authentication when you create a DB instance.

    You can specify one of the following values:

    • password - Use standard database authentication with a password.

    • iam-db-auth - Use IAM database authentication for the master user.

    This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL engines.

    " } }, "documentation":"

    " @@ -4708,7 +4790,7 @@ }, "SourceDBInstanceIdentifier":{ "shape":"String", - "documentation":"

    The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to 15 read replicas, with the exception of Oracle and SQL Server, which can have up to five.

    Constraints:

    • Must be the identifier of an existing Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server DB instance.

    • Can't be specified if the SourceDBClusterIdentifier parameter is also specified.

    • For the limitations of Oracle read replicas, see Version and licensing considerations for RDS for Oracle replicas in the Amazon RDS User Guide.

    • For the limitations of SQL Server read replicas, see Read replica limitations with SQL Server in the Amazon RDS User Guide.

    • The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.

    • If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.

    • If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.

    " + "documentation":"

    The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to 15 read replicas, except for the following engines:

    • Db2 - Can have up to three replicas.

    • Oracle - Can have up to five read replicas.

    • SQL Server - Can have up to five read replicas.

    Constraints:

    • Must be the identifier of an existing Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server DB instance.

    • Can't be specified if the SourceDBClusterIdentifier parameter is also specified.

    • For the limitations of Oracle read replicas, see Version and licensing considerations for RDS for Oracle replicas in the Amazon RDS User Guide.

    • For the limitations of SQL Server read replicas, see Read replica limitations with SQL Server in the Amazon RDS User Guide.

    • The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.

    • If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.

    • If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.

    " }, "DBInstanceClass":{ "shape":"String", @@ -4728,19 +4810,23 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to automatically apply minor engine upgrades to the read replica during the maintenance window.

    This setting doesn't apply to RDS Custom DB instances.

    Default: Inherits the value from the source DB instance.

    " + "documentation":"

    Specifies whether to automatically apply minor engine upgrades to the read replica during the maintenance window.

    This setting doesn't apply to RDS Custom DB instances.

    Default: Inherits the value from the source DB instance.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "Iops":{ "shape":"IntegerOptional", "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to initially allocate for the DB instance.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    Specifies the storage throughput value for the read replica.

    This setting doesn't apply to RDS Custom or Amazon Aurora DB instances.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The option group to associate the DB instance with. If not specified, RDS uses the option group associated with the source DB instance or cluster.

    For SQL Server, you must use the option group associated with the source.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "DBParameterGroupName":{ "shape":"String", - "documentation":"

    The name of the DB parameter group to associate with this read replica DB instance.

    For Single-AZ or Multi-AZ DB instance read replica instances, if you don't specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of the source DB instance for a same Region read replica, or the default DBParameterGroup for the specified DB engine for a cross-Region read replica.

    For Multi-AZ DB cluster same Region read replica instances, if you don't specify a value for DBParameterGroupName, then Amazon RDS uses the default DBParameterGroup.

    Specifying a parameter group for this operation is only supported for MySQL DB instances for cross-Region read replicas, for Multi-AZ DB cluster read replica instances, and for Oracle DB instances. It isn't supported for MySQL DB instances for same Region read replicas or for RDS Custom.

    Constraints:

    • Must be 1 to 255 letters, numbers, or hyphens.

    • First character must be a letter.

    • Can't end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The name of the DB parameter group to associate with this read replica DB instance.

    For the Db2 DB engine, if your source DB instance uses the bring your own license (BYOL) model, then a custom parameter group must be associated with the replica. For a same Amazon Web Services Region replica, if you don't specify a custom parameter group, Amazon RDS associates the custom parameter group associated with the source DB instance. For a cross-Region replica, you must specify a custom parameter group. This custom parameter group must include your IBM Site ID and IBM Customer ID. For more information, see IBM IDs for bring your own license (BYOL) for Db2.

    For Single-AZ or Multi-AZ DB instance read replica instances, if you don't specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of the source DB instance for a same Region read replica, or the default DBParameterGroup for the specified DB engine for a cross-Region read replica.

    For Multi-AZ DB cluster same Region read replica instances, if you don't specify a value for DBParameterGroupName, then Amazon RDS uses the default DBParameterGroup.

    Specifying a parameter group for this operation is only supported for MySQL DB instances for cross-Region read replicas, for Multi-AZ DB cluster read replica instances, for Db2 DB instances, and for Oracle DB instances. It isn't supported for MySQL DB instances for same Region read replicas or for RDS Custom.

    Constraints:

    • Must be 1 to 255 letters, numbers, or hyphens.

    • First character must be a letter.

    • Can't end with a hyphen or contain two consecutive hyphens.

    " }, "PubliclyAccessible":{ "shape":"BooleanOptional", @@ -4757,7 +4843,7 @@ }, "StorageType":{ "shape":"String", - "documentation":"

    The storage type to associate with the read replica.

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1 if the Iops parameter is specified. Otherwise, gp2.

    " + "documentation":"

    The storage type to associate with the read replica.

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1 if the Iops parameter is specified. Otherwise, gp3.

    " }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", @@ -4776,7 +4862,7 @@ "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted read replica.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

    If you create an encrypted read replica in the same Amazon Web Services Region as the source DB instance or Multi-AZ DB cluster, don't specify a value for this parameter. A read replica in the same Amazon Web Services Region is always encrypted with the same KMS key as the source DB instance or cluster.

    If you create an encrypted read replica in a different Amazon Web Services Region, then you must specify a KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

    You can't create an encrypted read replica from an unencrypted DB instance or Multi-AZ DB cluster.

    This setting doesn't apply to RDS Custom, which uses the same KMS key as the primary replica.

    " }, "PreSignedUrl":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    When you are creating a read replica from one Amazon Web Services GovCloud (US) Region to another or from one China Amazon Web Services Region to another, the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API operation in the source Amazon Web Services Region that contains the source DB instance.

    This setting applies only to Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions. It's ignored in other Amazon Web Services Regions.

    This setting applies only when replicating from a source DB instance. Source DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions.

    You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.

    The presigned URL must be a valid request for the CreateDBInstanceReadReplica API operation that can run in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:

    • DestinationRegion - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the CreateDBInstanceReadReplica operation is called that contains this presigned URL.

      For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica operation in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica operation in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.

    • KmsKeyId - The KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the CreateDBInstanceReadReplica operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.

    • SourceDBInstanceIdentifier - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

    If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "EnableIAMDatabaseAuthentication":{ @@ -4785,7 +4871,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    The mode of Database Insights to enable for the read replica.

    Currently, this setting is not supported.

    " + "documentation":"

    The mode of Database Insights to enable for the read replica.

    This setting isn't supported.

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -4841,27 +4927,27 @@ }, "ReplicaMode":{ "shape":"ReplicaMode", - "documentation":"

    The open mode of the replica database: mounted or read-only.

    This parameter is only supported for Oracle DB instances.

    Mounted DB replicas are included in Oracle Database Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.

    You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.

    For RDS Custom, you must specify this parameter and set it to mounted. The value won't be set by default. After replica creation, you can manage the open mode manually.

    " - }, - "MaxAllocatedStorage":{ - "shape":"IntegerOptional", - "documentation":"

    The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

    For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

    " + "documentation":"

    The open mode of the replica database.

    This parameter is only supported for Db2 DB instances and Oracle DB instances.

    Db2

    Standby DB replicas are included in Db2 Advanced Edition (AE) and Db2 Standard Edition (SE). The main use case for standby replicas is cross-Region disaster recovery. Because it doesn't accept user connections, a standby replica can't serve a read-only workload.

    You can create a combination of standby and read-only DB replicas for the same primary DB instance. For more information, see Working with replicas for Amazon RDS for Db2 in the Amazon RDS User Guide.

    To create standby DB replicas for RDS for Db2, set this parameter to mounted.

    Oracle

    Mounted DB replicas are included in Oracle Database Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.

    You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with read replicas for Amazon RDS for Oracle in the Amazon RDS User Guide.

    For RDS Custom, you must specify this parameter and set it to mounted. The value won't be set by default. After replica creation, you can manage the open mode manually.

    " }, - "CustomIamInstanceProfile":{ - "shape":"String", - "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom DB instances.

    " + "EnableCustomerOwnedIp":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts read replica.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the read replica from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " }, "NetworkType":{ "shape":"String", "documentation":"

    The network type of the DB instance.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for read replica. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    " }, - "StorageThroughput":{ + "MaxAllocatedStorage":{ "shape":"IntegerOptional", - "documentation":"

    Specifies the storage throughput value for the read replica.

    This setting doesn't apply to RDS Custom or Amazon Aurora DB instances.

    " + "documentation":"

    The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

    For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

    " }, - "EnableCustomerOwnedIp":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts read replica.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the read replica from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " + "BackupTarget":{ + "shape":"String", + "documentation":"

    The location where RDS stores automated backups and manual snapshots.

    Valid Values:

    • local for Dedicated Local Zones

    • region for Amazon Web Services Region

    " + }, + "CustomIamInstanceProfile":{ + "shape":"String", + "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom DB instances.

    " }, "AllocatedStorage":{ "shape":"IntegerOptional", @@ -4958,7 +5044,11 @@ "shape":"DBProxyEndpointTargetRole", "documentation":"

    The role of the DB proxy endpoint. The role determines whether the endpoint can be used for read/write or only read operations. The default is READ_WRITE. The only role that proxies for RDS for Microsoft SQL Server support is READ_WRITE.

    " }, - "Tags":{"shape":"TagList"} + "Tags":{"shape":"TagList"}, + "EndpointNetworkType":{ + "shape":"EndpointNetworkType", + "documentation":"

    The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.

    Valid values:

    • IPV4 - The proxy endpoint supports IPv4 only.

    • IPV6 - The proxy endpoint supports IPv6 only.

    • DUAL - The proxy endpoint supports both IPv4 and IPv6.

    Default: IPV4

    Constraints:

    • If you specify IPV6 or DUAL, the VPC and all subnets must have an IPv6 CIDR block.

    • If you specify IPV6 or DUAL, the VPC tenancy cannot be dedicated.

    " + } } }, "CreateDBProxyEndpointResponse":{ @@ -4975,25 +5065,28 @@ "required":[ "DBProxyName", "EngineFamily", - "Auth", "RoleArn", "VpcSubnetIds" ], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier for the proxy. This name must be unique for all proxies owned by your Amazon Web Services account in the specified Amazon Web Services Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

    " }, "EngineFamily":{ "shape":"EngineFamily", "documentation":"

    The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, specify SQLSERVER.

    " }, + "DefaultAuthScheme":{ + "shape":"DefaultAuthScheme", + "documentation":"

    The default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. When set to IAM_AUTH, the proxy uses end-to-end IAM authentication to connect to the database. If you don't specify DefaultAuthScheme or specify this parameter as NONE, you must specify the Auth option.

    " + }, "Auth":{ "shape":"UserAuthConfigList", "documentation":"

    The authorization mechanism that the proxy uses.

    " }, "RoleArn":{ - "shape":"String", + "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in Amazon Web Services Secrets Manager.

    " }, "VpcSubnetIds":{ @@ -5014,11 +5107,19 @@ }, "DebugLogging":{ "shape":"Boolean", - "documentation":"

    Specifies whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.

    " + "documentation":"

    Specifies whether the proxy logs detailed connection and query information. When you enable DebugLogging, the proxy captures connection details and connection pool behavior from your queries. Debug logging increases CloudWatch costs and can impact proxy performance. Enable this option only when you need to troubleshoot connection or performance issues.

    " }, "Tags":{ "shape":"TagList", "documentation":"

    An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy.

    " + }, + "EndpointNetworkType":{ + "shape":"EndpointNetworkType", + "documentation":"

    The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.

    Valid values:

    • IPV4 - The proxy endpoint supports IPv4 only.

    • IPV6 - The proxy endpoint supports IPv6 only.

    • DUAL - The proxy endpoint supports both IPv4 and IPv6.

    Default: IPV4

    Constraints:

    • If you specify IPV6 or DUAL, the VPC and all subnets must have an IPv6 CIDR block.

    • If you specify IPV6 or DUAL, the VPC tenancy cannot be dedicated.

    " + }, + "TargetConnectionNetworkType":{ + "shape":"TargetConnectionNetworkType", + "documentation":"

    The network type that the proxy uses to connect to the target database. The network type determines the IP version that the proxy uses for connections to the database.

    Valid values:

    • IPV4 - The proxy connects to the database using IPv4 only.

    • IPV6 - The proxy connects to the database using IPv6 only.

    Default: IPV4

    Constraints:

    • If you specify IPV6, the database must support dual-stack mode. RDS doesn't support IPv6-only databases.

    • All targets registered with the proxy must be compatible with the specified network type.

    " } } }, @@ -5077,7 +5178,7 @@ }, "ComputeRedundancy":{ "shape":"IntegerOptional", - "documentation":"

    Specifies whether to create standby DB shard groups for the DB shard group. Valid values are the following:

    • 0 - Creates a DB shard group without a standby DB shard group. This is the default value.

    • 1 - Creates a DB shard group with a standby DB shard group in a different Availability Zone (AZ).

    • 2 - Creates a DB shard group with two standby DB shard groups in two different AZs.

    " + "documentation":"

    Specifies whether to create standby standby DB data access shard for the DB shard group. Valid values are the following:

    • 0 - Creates a DB shard group without a standby DB data access shard. This is the default value.

    • 1 - Creates a DB shard group with a standby DB data access shard in a different Availability Zone (AZ).

    • 2 - Creates a DB shard group with two standby DB data access shard in two different AZs.

    " }, "MaxACU":{ "shape":"DoubleOptional", @@ -5195,9 +5296,10 @@ }, "CreateGlobalClusterMessage":{ "type":"structure", + "required":["GlobalClusterIdentifier"], "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The cluster identifier for this global database cluster. This parameter is stored as a lowercase string.

    " }, "SourceDBClusterIdentifier":{ @@ -5214,7 +5316,7 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this global database cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your global cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the global cluster will fail if the DB major version is past its end of standard support date.

    This setting only applies to Aurora PostgreSQL-based global databases.

    You can use this setting to enroll your global cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your global cluster past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon Aurora User Guide.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this global database cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your global cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, creating the global cluster will fail if the DB major version is past its end of standard support date.

    This setting only applies to Aurora PostgreSQL-based global databases.

    You can use this setting to enroll your global cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your global cluster past the end of standard support for that engine version. For more information, see Amazon RDS Extended Support with Amazon Aurora in the Amazon Aurora User Guide.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " }, "DeletionProtection":{ "shape":"BooleanOptional", @@ -5271,7 +5373,7 @@ "Tags":{"shape":"TagList"}, "DataFilter":{ "shape":"DataFilter", - "documentation":"

    Data filtering options for the integration. For more information, see Data filtering for Aurora zero-ETL integrations with Amazon Redshift.

    Valid for: Integrations with Aurora MySQL source DB clusters only

    " + "documentation":"

    Data filtering options for the integration. For more information, see Data filtering for Aurora zero-ETL integrations with Amazon Redshift or Data filtering for Amazon RDS zero-ETL integrations with Amazon Redshift.

    " }, "Description":{ "shape":"IntegrationDescription", @@ -5322,8 +5424,7 @@ "required":[ "DBInstanceIdentifier", "TenantDBName", - "MasterUsername", - "MasterUserPassword" + "MasterUsername" ], "members":{ "DBInstanceIdentifier":{ @@ -5340,7 +5441,7 @@ }, "MasterUserPassword":{ "shape":"SensitiveString", - "documentation":"

    The password for the master user in your tenant database.

    Constraints:

    • Must be 8 to 30 characters.

    • Can include any printable ASCII character except forward slash (/), double quote (\"), at symbol (@), ampersand (&), or single quote (').

    " + "documentation":"

    The password for the master user in your tenant database.

    Constraints:

    • Must be 8 to 30 characters.

    • Can include any printable ASCII character except forward slash (/), double quote (\"), at symbol (@), ampersand (&), or single quote (').

    • Can't be specified when ManageMasterUserPassword is enabled.

    " }, "CharacterSetName":{ "shape":"String", @@ -5350,6 +5451,14 @@ "shape":"String", "documentation":"

    The NCHAR value for the tenant database.

    " }, + "ManageMasterUserPassword":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " + }, + "MasterUserSecretKmsKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " + }, "Tags":{"shape":"TagList"} } }, @@ -5361,8 +5470,7 @@ }, "CustomAvailabilityZoneNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    CustomAvailabilityZoneId doesn't refer to an existing custom Availability Zone identifier.

    ", "error":{ "code":"CustomAvailabilityZoneNotFound", @@ -5387,8 +5495,7 @@ }, "CustomDBEngineVersionAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A CEV with the specified name already exists.

    ", "error":{ "code":"CustomDBEngineVersionAlreadyExistsFault", @@ -5405,8 +5512,7 @@ }, "CustomDBEngineVersionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified CEV was not found.

    ", "error":{ "code":"CustomDBEngineVersionNotFoundFault", @@ -5417,8 +5523,7 @@ }, "CustomDBEngineVersionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded your CEV quota.

    ", "error":{ "code":"CustomDBEngineVersionQuotaExceededFault", @@ -5452,7 +5557,7 @@ "members":{ "AllocatedStorage":{ "shape":"IntegerOptional", - "documentation":"

    For all database engines except Amazon Aurora, AllocatedStorage specifies the allocated storage size in gibibytes (GiB). For Aurora, AllocatedStorage always returns 1, because Aurora DB cluster storage size isn't fixed, but instead automatically adjusts as needed.

    " + "documentation":"

    AllocatedStorage specifies the allocated storage size in gibibytes (GiB). For Aurora, AllocatedStorage can vary because Aurora DB cluster storage size adjusts as needed.

    " }, "AvailabilityZones":{ "shape":"AvailabilityZones", @@ -5486,10 +5591,6 @@ "shape":"String", "documentation":"

    The current state of this DB cluster.

    " }, - "AutomaticRestartTime":{ - "shape":"TStamp", - "documentation":"

    The time when a stopped DB cluster is restarted automatically.

    " - }, "PercentProgress":{ "shape":"String", "documentation":"

    The progress of the operation as a percentage.

    " @@ -5596,7 +5697,7 @@ }, "CloneGroupId":{ "shape":"String", - "documentation":"

    The ID of the clone group with which the DB cluster is associated.

    " + "documentation":"

    The ID of the clone group with which the DB cluster is associated. For newly created clusters, the ID is typically null.

    If you clone a DB cluster when the ID is null, the operation populates the ID value for the source cluster and the clone because both clusters become part of the same clone group. Even if you delete the clone cluster, the clone group ID remains for the lifetime of the source cluster to show that it was used in a cloning operation.

    For PITR, the clone group ID is inherited from the source cluster. For snapshot restore operations, the clone group ID isn't inherited from the source cluster.

    " }, "ClusterCreateTime":{ "shape":"TStamp", @@ -5622,6 +5723,10 @@ "shape":"IntegerOptional", "documentation":"

    The current capacity of an Aurora Serverless v1 DB cluster. The capacity is 0 (zero) when the cluster is paused.

    For more information about Aurora Serverless v1, see Using Amazon Aurora Serverless v1 in the Amazon Aurora User Guide.

    " }, + "PendingModifiedValues":{ + "shape":"ClusterPendingModifiedValues", + "documentation":"

    Information about pending changes to the DB cluster. This information is returned only when there are pending changes. Specific changes are identified by subelements.

    " + }, "EngineMode":{ "shape":"String", "documentation":"

    The DB engine mode of the DB cluster, either provisioned or serverless.

    For more information, see CreateDBCluster.

    " @@ -5631,6 +5736,34 @@ "shape":"RdsCustomClusterConfiguration", "documentation":"

    Reserved for future use.

    " }, + "DBClusterInstanceClass":{ + "shape":"String", + "documentation":"

    The name of the compute and memory capacity class of the DB instance.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, + "StorageType":{ + "shape":"String", + "documentation":"

    The storage type associated with the DB cluster.

    " + }, + "Iops":{ + "shape":"IntegerOptional", + "documentation":"

    The Provisioned IOPS (I/O operations per second) value.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput for the DB cluster. The throughput is automatically set based on the IOPS that you provision, and is not configurable.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, + "IOOptimizedNextAllowedModificationTime":{ + "shape":"TStamp", + "documentation":"

    The next time you can modify the DB cluster to use the aurora-iopt1 storage type.

    This setting is only for Aurora DB clusters.

    " + }, + "PubliclyAccessible":{ + "shape":"BooleanOptional", + "documentation":"

    Indicates whether the DB cluster is publicly accessible.

    When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

    For more information, see CreateDBCluster.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, + "AutoMinorVersionUpgrade":{ + "shape":"Boolean", + "documentation":"

    Indicates whether minor version patches are applied automatically.

    This setting is for Aurora DB clusters and Multi-AZ DB clusters.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " + }, "DeletionProtection":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled.

    " @@ -5668,6 +5801,10 @@ "documentation":"

    The Active Directory Domain membership records associated with the DB cluster.

    " }, "TagList":{"shape":"TagList"}, + "GlobalClusterIdentifier":{ + "shape":"GlobalClusterIdentifier", + "documentation":"

    Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster.

    " + }, "GlobalWriteForwardingStatus":{ "shape":"WriteForwardingStatus", "documentation":"

    The status of write forwarding for a secondary cluster in an Aurora global database.

    " @@ -5676,29 +5813,18 @@ "shape":"BooleanOptional", "documentation":"

    Indicates whether write forwarding is enabled for a secondary cluster in an Aurora global database. Because write forwarding takes time to enable, check the value of GlobalWriteForwardingStatus to confirm that the request has completed before using the write forwarding feature for this cluster.

    " }, - "PendingModifiedValues":{ - "shape":"ClusterPendingModifiedValues", - "documentation":"

    Information about pending changes to the DB cluster. This information is returned only when there are pending changes. Specific changes are identified by subelements.

    " - }, - "DBClusterInstanceClass":{ - "shape":"String", - "documentation":"

    The name of the compute and memory capacity class of the DB instance.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " - }, - "StorageType":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The storage type associated with the DB cluster.

    " - }, - "Iops":{ - "shape":"IntegerOptional", - "documentation":"

    The Provisioned IOPS (I/O operations per second) value.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    This setting is only for Aurora DB clusters.

    Valid Values: IPV4 | DUAL

    " }, - "PubliclyAccessible":{ - "shape":"BooleanOptional", - "documentation":"

    Indicates whether the DB cluster is publicly accessible.

    When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

    For more information, see CreateDBCluster.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + "AutomaticRestartTime":{ + "shape":"TStamp", + "documentation":"

    The time when a stopped DB cluster is restarted automatically.

    " }, - "AutoMinorVersionUpgrade":{ - "shape":"Boolean", - "documentation":"

    Indicates whether minor version patches are applied automatically.

    This setting is for Aurora DB clusters and Multi-AZ DB clusters.

    " + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfigurationInfo"}, + "ServerlessV2PlatformVersion":{ + "shape":"String", + "documentation":"

    The version of the Aurora Serverless V2 platform used by the DB cluster. For more information, see Using Aurora Serverless v2 in the Amazon Aurora User Guide.

    " }, "MonitoringInterval":{ "shape":"IntegerOptional", @@ -5724,11 +5850,6 @@ "shape":"IntegerOptional", "documentation":"

    The number of days to retain Performance Insights data.

    This setting is only for Aurora DB clusters and Multi-AZ DB clusters.

    Valid Values:

    • 7

    • month * 31, where month is a number of months from 1-23. Examples: 93 (3 months * 31), 341 (11 months * 31), 589 (19 months * 31)

    • 731

    Default: 7 days

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfigurationInfo"}, - "NetworkType":{ - "shape":"String", - "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    This setting is only for Aurora DB clusters.

    Valid Values: IPV4 | DUAL

    " - }, "DBSystemId":{ "shape":"String", "documentation":"

    Reserved for future use.

    " @@ -5737,10 +5858,6 @@ "shape":"MasterUserSecret", "documentation":"

    The secret managed by RDS in Amazon Web Services Secrets Manager for the master user password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

    " }, - "IOOptimizedNextAllowedModificationTime":{ - "shape":"TStamp", - "documentation":"

    The next time you can modify the DB cluster to use the aurora-iopt1 storage type.

    This setting is only for Aurora DB clusters.

    " - }, "LocalWriteForwardingStatus":{ "shape":"LocalWriteForwardingStatus", "documentation":"

    Indicates whether an Aurora DB cluster has in-cluster write forwarding enabled, not enabled, requested, or is in the process of enabling it.

    " @@ -5753,10 +5870,6 @@ "shape":"LimitlessDatabase", "documentation":"

    The details for Aurora Limitless Database.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput for the DB cluster. The throughput is automatically set based on the IOPS that you provision, and is not configurable.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " - }, "ClusterScalabilityType":{ "shape":"ClusterScalabilityType", "documentation":"

    The scalability mode of the Aurora DB cluster. When set to limitless, the cluster operates as an Aurora Limitless Database. When set to standard (the default), the cluster uses normal DB instance creation.

    " @@ -5764,16 +5877,15 @@ "CertificateDetails":{"shape":"CertificateDetails"}, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for the DB cluster.

    For more information, see CreateDBCluster.

    " + "documentation":"

    The lifecycle type for the DB cluster.

    For more information, see CreateDBCluster.

    " } }, - "documentation":"

    Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster.

    For an Amazon Aurora DB cluster, this data type is used as a response element in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster.

    For a Multi-AZ DB cluster, this data type is used as a response element in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

    ", + "documentation":"

    Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster.

    For an Amazon Aurora DB cluster, this data type is used as a response element in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster.

    For a Multi-AZ DB cluster, this data type is used as a response element in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime.

    For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

    For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

    ", "wrapper":true }, "DBClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The user already has a DB cluster with the given identifier.

    ", "error":{ "code":"DBClusterAlreadyExistsFault", @@ -5874,13 +5986,13 @@ "shape":"IntegerOptional", "documentation":"

    The IOPS (I/O operations per second) value for the automated backup.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " }, - "AwsBackupRecoveryPointArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    " - }, "StorageThroughput":{ "shape":"IntegerOptional", "documentation":"

    The storage throughput for the automated backup. The throughput is automatically set based on the IOPS that you provision, and is not configurable.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, + "AwsBackupRecoveryPointArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    " } }, "documentation":"

    An automated backup of a DB cluster. It consists of system backups, transaction logs, and the database cluster properties that existed at the time you deleted the source cluster.

    ", @@ -5908,8 +6020,7 @@ }, "DBClusterAutomatedBackupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    No automated backup for this DB cluster was found.

    ", "error":{ "code":"DBClusterAutomatedBackupNotFoundFault", @@ -5920,8 +6031,7 @@ }, "DBClusterAutomatedBackupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota for retained automated backups was exceeded. This prevents you from retaining any additional automated backups. The retained automated backups quota is the same as your DB cluster quota.

    ", "error":{ "code":"DBClusterAutomatedBackupQuotaExceededFault", @@ -5983,8 +6093,7 @@ }, "DBClusterBacktrackNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    BacktrackIdentifier doesn't refer to an existing backtrack.

    ", "error":{ "code":"DBClusterBacktrackNotFoundFault", @@ -6066,8 +6175,7 @@ }, "DBClusterEndpointAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified custom endpoint can't be created because it already exists.

    ", "error":{ "code":"DBClusterEndpointAlreadyExistsFault", @@ -6098,8 +6206,7 @@ }, "DBClusterEndpointNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified custom endpoint doesn't exist.

    ", "error":{ "code":"DBClusterEndpointNotFoundFault", @@ -6110,8 +6217,7 @@ }, "DBClusterEndpointQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster already has the maximum number of custom endpoints.

    ", "error":{ "code":"DBClusterEndpointQuotaExceededFault", @@ -6179,8 +6285,7 @@ }, "DBClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterIdentifier doesn't refer to an existing DB cluster.

    ", "error":{ "code":"DBClusterNotFoundFault", @@ -6266,8 +6371,7 @@ }, "DBClusterParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterParameterGroupName doesn't refer to an existing DB cluster parameter group.

    ", "error":{ "code":"DBClusterParameterGroupNotFound", @@ -6292,8 +6396,7 @@ }, "DBClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The user attempted to create a new DB cluster and the user has already reached the maximum allowed DB cluster quota.

    ", "error":{ "code":"DBClusterQuotaExceededFault", @@ -6322,8 +6425,7 @@ }, "DBClusterRoleAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified IAM role Amazon Resource Name (ARN) is already associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleAlreadyExists", @@ -6334,8 +6436,7 @@ }, "DBClusterRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified IAM role Amazon Resource Name (ARN) isn't associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleNotFound", @@ -6346,8 +6447,7 @@ }, "DBClusterRoleQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the maximum number of IAM roles that can be associated with the specified DB cluster.

    ", "error":{ "code":"DBClusterRoleQuotaExceeded", @@ -6451,21 +6551,21 @@ "documentation":"

    Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.

    " }, "TagList":{"shape":"TagList"}, - "DBSystemId":{ - "shape":"String", - "documentation":"

    Reserved for future use.

    " - }, "StorageType":{ "shape":"String", "documentation":"

    The storage type associated with the DB cluster snapshot.

    This setting is only for Aurora DB clusters.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput for the DB cluster snapshot. The throughput is automatically set based on the IOPS that you provision, and is not configurable.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + }, "DbClusterResourceId":{ "shape":"String", "documentation":"

    The resource ID of the DB cluster that this DB cluster snapshot was created from.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput for the DB cluster snapshot. The throughput is automatically set based on the IOPS that you provision, and is not configurable.

    This setting is only for non-Aurora Multi-AZ DB clusters.

    " + "DBSystemId":{ + "shape":"String", + "documentation":"

    Reserved for future use.

    " } }, "documentation":"

    Contains the details for an Amazon RDS DB cluster snapshot

    This data type is used as a response element in the DescribeDBClusterSnapshots action.

    ", @@ -6473,8 +6573,7 @@ }, "DBClusterSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The user already has a DB cluster snapshot with the given identifier.

    ", "error":{ "code":"DBClusterSnapshotAlreadyExistsFault", @@ -6542,8 +6641,7 @@ }, "DBClusterSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBClusterSnapshotIdentifier doesn't refer to an existing DB cluster snapshot.

    ", "error":{ "code":"DBClusterSnapshotNotFoundFault", @@ -6588,10 +6686,26 @@ "shape":"String", "documentation":"

    The name of the database engine.

    " }, + "MajorEngineVersion":{ + "shape":"String", + "documentation":"

    The major engine version of the CEV.

    " + }, "EngineVersion":{ "shape":"String", "documentation":"

    The version number of the database engine.

    " }, + "DatabaseInstallationFilesS3BucketName":{ + "shape":"String", + "documentation":"

    The name of the Amazon S3 bucket that contains your database installation files.

    " + }, + "DatabaseInstallationFilesS3Prefix":{ + "shape":"String", + "documentation":"

    The Amazon S3 directory that contains the database installation files. If not specified, then no prefix is assumed.

    " + }, + "CustomDBEngineVersionManifest":{ + "shape":"CustomDBEngineVersionManifest", + "documentation":"

    JSON string that lists the installation files and parameters that RDS Custom uses to create a custom engine version (CEV). RDS Custom applies the patches in the order in which they're listed in the manifest. You can set the Oracle home, Oracle base, and UNIX/Linux user and group using the installation parameters. For more information, see JSON fields in the CEV manifest in the Amazon RDS User Guide.

    " + }, "DBParameterGroupFamily":{ "shape":"String", "documentation":"

    The name of the DB parameter group family for the database engine.

    " @@ -6600,6 +6714,10 @@ "shape":"String", "documentation":"

    The description of the database engine.

    " }, + "DBEngineVersionArn":{ + "shape":"String", + "documentation":"

    The ARN of the custom engine version.

    " + }, "DBEngineVersionDescription":{ "shape":"String", "documentation":"

    The description of the database engine version.

    " @@ -6616,6 +6734,14 @@ "shape":"String", "documentation":"

    A value that indicates the source media provider of the AMI based on the usage operation. Applicable for RDS Custom for SQL Server.

    " }, + "KMSKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter is required for RDS Custom, but optional for Amazon RDS.

    " + }, + "CreateTime":{ + "shape":"TStamp", + "documentation":"

    The creation time of the DB engine version.

    " + }, "SupportedCharacterSets":{ "shape":"SupportedCharacterSetsList", "documentation":"

    A list of the character sets supported by this engine for the CharacterSetName parameter of the CreateDBInstance operation.

    " @@ -6664,39 +6790,11 @@ "shape":"Boolean", "documentation":"

    Indicates whether you can use Aurora global databases with a specific DB engine version.

    " }, - "MajorEngineVersion":{ - "shape":"String", - "documentation":"

    The major engine version of the CEV.

    " - }, - "DatabaseInstallationFilesS3BucketName":{ - "shape":"String", - "documentation":"

    The name of the Amazon S3 bucket that contains your database installation files.

    " - }, - "DatabaseInstallationFilesS3Prefix":{ - "shape":"String", - "documentation":"

    The Amazon S3 directory that contains the database installation files. If not specified, then no prefix is assumed.

    " - }, - "DBEngineVersionArn":{ - "shape":"String", - "documentation":"

    The ARN of the custom engine version.

    " - }, - "KMSKeyId":{ - "shape":"String", - "documentation":"

    The Amazon Web Services KMS key identifier for an encrypted CEV. This parameter is required for RDS Custom, but optional for Amazon RDS.

    " - }, - "CreateTime":{ - "shape":"TStamp", - "documentation":"

    The creation time of the DB engine version.

    " - }, "TagList":{"shape":"TagList"}, "SupportsBabelfish":{ "shape":"Boolean", "documentation":"

    Indicates whether the engine version supports Babelfish for Aurora PostgreSQL.

    " }, - "CustomDBEngineVersionManifest":{ - "shape":"CustomDBEngineVersionManifest", - "documentation":"

    JSON string that lists the installation files and parameters that RDS Custom uses to create a custom engine version (CEV). RDS Custom applies the patches in the order in which they're listed in the manifest. You can set the Oracle home, Oracle base, and UNIX/Linux user and group using the installation parameters. For more information, see JSON fields in the CEV manifest in the Amazon RDS User Guide.

    " - }, "SupportsLimitlessDatabase":{ "shape":"Boolean", "documentation":"

    Indicates whether the DB engine version supports Aurora Limitless Database.

    " @@ -6764,10 +6862,6 @@ "shape":"String", "documentation":"

    The current state of this database.

    For information about DB instance statuses, see Viewing DB instance status in the Amazon RDS User Guide.

    " }, - "AutomaticRestartTime":{ - "shape":"TStamp", - "documentation":"

    The time when a stopped DB instance is restarted automatically.

    " - }, "MasterUsername":{ "shape":"String", "documentation":"

    The master username for the DB instance.

    " @@ -6838,7 +6932,7 @@ }, "AutoMinorVersionUpgrade":{ "shape":"Boolean", - "documentation":"

    Indicates whether minor version patches are applied automatically.

    " + "documentation":"

    Indicates whether minor version patches are applied automatically.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "ReadReplicaSourceDBInstanceIdentifier":{ "shape":"String", @@ -6854,7 +6948,7 @@ }, "ReplicaMode":{ "shape":"ReplicaMode", - "documentation":"

    The open mode of an Oracle read replica. The default is open-read-only. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.

    This attribute is only supported in RDS for Oracle.

    " + "documentation":"

    The open mode of a Db2 or an Oracle read replica. The default is open-read-only. For more information, see Working with replicas for Amazon RDS for Db2 and Working with read replicas for Amazon RDS for Oracle in the Amazon RDS User Guide.

    This attribute is only supported in RDS for Db2, RDS for Oracle, and RDS Custom for Oracle.

    " }, "LicenseModel":{ "shape":"String", @@ -6864,6 +6958,10 @@ "shape":"IntegerOptional", "documentation":"

    The Provisioned IOPS (I/O operations per second) value for the DB instance.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput for the DB instance.

    This setting applies only to the gp3 storage type.

    " + }, "OptionGroupMemberships":{ "shape":"OptionGroupMembershipList", "documentation":"

    The list of option group memberships for this DB instance.

    " @@ -6997,17 +7095,21 @@ "documentation":"

    The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

    " }, "TagList":{"shape":"TagList"}, - "DBInstanceAutomatedBackupsReplications":{ - "shape":"DBInstanceAutomatedBackupsReplicationList", - "documentation":"

    The list of replicated automated backups associated with the DB instance.

    " + "AutomationMode":{ + "shape":"AutomationMode", + "documentation":"

    The automation mode of the RDS Custom DB instance: full or all paused. If full, the DB instance automates monitoring and instance recovery. If all paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.

    " + }, + "ResumeFullAutomationModeTime":{ + "shape":"TStamp", + "documentation":"

    The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.

    " }, "CustomerOwnedIpEnabled":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether a customer-owned IP address (CoIP) is enabled for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " }, - "AwsBackupRecoveryPointArn":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    " + "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide and Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid Values: IPV4 | DUAL

    " }, "ActivityStreamStatus":{ "shape":"ActivityStreamStatus", @@ -7029,33 +7131,33 @@ "shape":"BooleanOptional", "documentation":"

    Indicates whether engine-native audit fields are included in the database activity stream.

    " }, - "AutomationMode":{ - "shape":"AutomationMode", - "documentation":"

    The automation mode of the RDS Custom DB instance: full or all paused. If full, the DB instance automates monitoring and instance recovery. If all paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.

    " - }, - "ResumeFullAutomationModeTime":{ - "shape":"TStamp", - "documentation":"

    The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.

    " - }, - "CustomIamInstanceProfile":{ + "AwsBackupRecoveryPointArn":{ "shape":"String", - "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    " + }, + "DBInstanceAutomatedBackupsReplications":{ + "shape":"DBInstanceAutomatedBackupsReplicationList", + "documentation":"

    The list of replicated automated backups associated with the DB instance.

    " }, "BackupTarget":{ "shape":"String", - "documentation":"

    The location where automated backups and manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.

    " + "documentation":"

    The location where automated backups and manual snapshots are stored: Dedicated Local Zones, Amazon Web Services Outposts or the Amazon Web Services Region.

    " }, - "NetworkType":{ + "AutomaticRestartTime":{ + "shape":"TStamp", + "documentation":"

    The time when a stopped DB instance is restarted automatically.

    " + }, + "CustomIamInstanceProfile":{ "shape":"String", - "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide and Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid Values: IPV4 | DUAL

    " + "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    " }, "ActivityStreamPolicyStatus":{ "shape":"ActivityStreamPolicyStatus", "documentation":"

    The status of the policy state of the activity stream.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput for the DB instance.

    This setting applies only to the gp3 storage type.

    " + "CertificateDetails":{ + "shape":"CertificateDetails", + "documentation":"

    The details of the DB instance's server certificate.

    " }, "DBSystemId":{ "shape":"String", @@ -7065,10 +7167,6 @@ "shape":"MasterUserSecret", "documentation":"

    The secret managed by RDS in Amazon Web Services Secrets Manager for the master user password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    " }, - "CertificateDetails":{ - "shape":"CertificateDetails", - "documentation":"

    The details of the DB instance's server certificate.

    " - }, "ReadReplicaSourceDBClusterIdentifier":{ "shape":"String", "documentation":"

    The identifier of the source DB cluster if this DB instance is a read replica.

    " @@ -7077,6 +7175,10 @@ "shape":"String", "documentation":"

    The progress of the storage optimization operation as a percentage.

    " }, + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether the DB instance is in the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " + }, "DedicatedLogVolume":{ "shape":"Boolean", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.

    " @@ -7085,13 +7187,9 @@ "shape":"BooleanOptional", "documentation":"

    Indicates whether an upgrade is recommended for the storage file system configuration on the DB instance. To migrate to the preferred configuration, you can either create a blue/green deployment, or create a read replica from the DB instance. For more information, see Upgrading the storage file system for a DB instance.

    " }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether the DB instance is in the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " - }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for the DB instance.

    For more information, see CreateDBInstance.

    " + "documentation":"

    The lifecycle type for the DB instance.

    For more information, see CreateDBInstance.

    " } }, "documentation":"

    Contains the details of an Amazon RDS DB instance.

    This data type is used as a response element in the operations CreateDBInstance, CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance.

    ", @@ -7099,8 +7197,7 @@ }, "DBInstanceAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The user already has a DB instance with the given identifier.

    ", "error":{ "code":"DBInstanceAlreadyExists", @@ -7176,6 +7273,10 @@ "shape":"IntegerOptional", "documentation":"

    The IOPS (I/O operations per second) value for the automated backup.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput for the automated backup.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The option group the automated backup is associated with. If omitted, the default option group for the engine specified is used.

    " @@ -7218,11 +7319,11 @@ }, "BackupTarget":{ "shape":"String", - "documentation":"

    The location where automated backups are stored: Amazon Web Services Outposts or the Amazon Web Services Region.

    " + "documentation":"

    The location where automated backups are stored: Dedicated Local Zones, Amazon Web Services Outposts or the Amazon Web Services Region.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput for the automated backup.

    " + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether the automatic backup is for a DB instance in the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " }, "AwsBackupRecoveryPointArn":{ "shape":"String", @@ -7231,10 +7332,6 @@ "DedicatedLogVolume":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.

    " - }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether the automatic backup is for a DB instance in the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " } }, "documentation":"

    An automated backup of a DB instance. It consists of system backups, transaction logs, and the database instance properties that existed at the time you deleted the source instance.

    ", @@ -7263,8 +7360,7 @@ }, "DBInstanceAutomatedBackupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    No automated backup for this DB instance was found.

    ", "error":{ "code":"DBInstanceAutomatedBackupNotFound", @@ -7275,8 +7371,7 @@ }, "DBInstanceAutomatedBackupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota for retained automated backups was exceeded. This prevents you from retaining any additional automated backups. The retained automated backups quota is the same as your DB instance quota.

    ", "error":{ "code":"DBInstanceAutomatedBackupQuotaExceeded", @@ -7325,8 +7420,7 @@ }, "DBInstanceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBInstanceIdentifier doesn't refer to an existing DB instance.

    ", "error":{ "code":"DBInstanceNotFound", @@ -7337,12 +7431,12 @@ }, "DBInstanceNotReadyFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An attempt to download or examine log files didn't succeed because an Aurora Serverless v2 instance was paused.

    ", "error":{ "code":"DBInstanceNotReady", - "httpStatusCode":503 + "httpStatusCode":400, + "senderFault":true }, "exception":true }, @@ -7366,8 +7460,7 @@ }, "DBInstanceRoleAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified RoleArn or FeatureName value is already associated with the DB instance.

    ", "error":{ "code":"DBInstanceRoleAlreadyExists", @@ -7378,8 +7471,7 @@ }, "DBInstanceRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified RoleArn value doesn't match the specified feature for the DB instance.

    ", "error":{ "code":"DBInstanceRoleNotFound", @@ -7390,8 +7482,7 @@ }, "DBInstanceRoleQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't associate any more Amazon Web Services Identity and Access Management (IAM) roles with the DB instance because the quota has been reached.

    ", "error":{ "code":"DBInstanceRoleQuotaExceeded", @@ -7438,8 +7529,7 @@ }, "DBLogFileNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    LogFileName doesn't refer to an existing DB log file.

    ", "error":{ "code":"DBLogFileNotFoundFault", @@ -7448,6 +7538,31 @@ }, "exception":true }, + "DBMajorEngineVersion":{ + "type":"structure", + "members":{ + "Engine":{ + "shape":"String", + "documentation":"

    The name of the database engine.

    " + }, + "MajorEngineVersion":{ + "shape":"String", + "documentation":"

    The major version number of the database engine.

    " + }, + "SupportedEngineLifecycles":{ + "shape":"SupportedEngineLifecycleList", + "documentation":"

    A list of the lifecycles supported by this engine for the DescribeDBMajorEngineVersions operation.

    " + } + }, + "documentation":"

    This data type is used as a response element in the operation DescribeDBMajorEngineVersions.

    " + }, + "DBMajorEngineVersionsList":{ + "type":"list", + "member":{ + "shape":"DBMajorEngineVersion", + "locationName":"DBMajorEngineVersion" + } + }, "DBParameterGroup":{ "type":"structure", "members":{ @@ -7473,8 +7588,7 @@ }, "DBParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A DB parameter group with the same name exists.

    ", "error":{ "code":"DBParameterGroupAlreadyExists", @@ -7516,8 +7630,7 @@ }, "DBParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBParameterGroupName doesn't refer to an existing DB parameter group.

    ", "error":{ "code":"DBParameterGroupNotFound", @@ -7528,8 +7641,7 @@ }, "DBParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of DB parameter groups.

    ", "error":{ "code":"DBParameterGroupQuotaExceeded", @@ -7604,6 +7716,10 @@ "shape":"StringList", "documentation":"

    The EC2 subnet IDs for the proxy.

    " }, + "DefaultAuthScheme":{ + "shape":"String", + "documentation":"

    The default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. When set to IAM_AUTH, the proxy uses end-to-end IAM authentication to connect to the database.

    " + }, "Auth":{ "shape":"UserAuthConfigInfoList", "documentation":"

    One or more data structures specifying the authorization mechanism to connect to the associated RDS DB instance or Aurora DB cluster.

    " @@ -7626,7 +7742,7 @@ }, "DebugLogging":{ "shape":"Boolean", - "documentation":"

    Indicates whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.

    " + "documentation":"

    Specifies whether the proxy logs detailed connection and query information. When you enable DebugLogging, the proxy captures connection details and connection pool behavior from your queries. Debug logging increases CloudWatch costs and can impact proxy performance. Enable this option only when you need to troubleshoot connection or performance issues.

    " }, "CreatedDate":{ "shape":"TStamp", @@ -7635,14 +7751,21 @@ "UpdatedDate":{ "shape":"TStamp", "documentation":"

    The date and time when the proxy was last updated.

    " + }, + "EndpointNetworkType":{ + "shape":"EndpointNetworkType", + "documentation":"

    The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.

    Valid values:

    • IPV4 - The proxy endpoint supports IPv4 only.

    • IPV6 - The proxy endpoint supports IPv6 only.

    • DUAL - The proxy endpoint supports both IPv4 and IPv6.

    " + }, + "TargetConnectionNetworkType":{ + "shape":"TargetConnectionNetworkType", + "documentation":"

    The network type that the proxy uses to connect to the target database. The network type determines the IP version that the proxy uses for connections to the database.

    Valid values:

    • IPV4 - The proxy connects to the database using IPv4 only.

    • IPV6 - The proxy connects to the database using IPv6 only.

    " } }, "documentation":"

    The data structure representing a proxy managed by the RDS Proxy.

    This data type is used as a response element in the DescribeDBProxies action.

    " }, "DBProxyAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified proxy name must be unique for all proxies owned by your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyAlreadyExistsFault", @@ -7697,14 +7820,17 @@ "IsDefault":{ "shape":"Boolean", "documentation":"

    Indicates whether this endpoint is the default endpoint for the associated DB proxy. Default DB proxy endpoints always have read/write capability. Other endpoints that you associate with the DB proxy can be either read/write or read-only.

    " + }, + "EndpointNetworkType":{ + "shape":"EndpointNetworkType", + "documentation":"

    The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.

    Valid values:

    • IPV4 - The proxy endpoint supports IPv4 only.

    • IPV6 - The proxy endpoint supports IPv6 only.

    • DUAL - The proxy endpoint supports both IPv4 and IPv6.

    " } }, "documentation":"

    The data structure representing an endpoint associated with a DB proxy. RDS automatically creates one endpoint for each DB proxy. For Aurora DB clusters, you can associate additional endpoints with the same DB proxy. These endpoints can be read/write or read-only. They can also reside in different VPCs than the associated DB proxy.

    This data type is used as a response element in the DescribeDBProxyEndpoints operation.

    " }, "DBProxyEndpointAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB proxy endpoint name must be unique for all DB proxy endpoints owned by your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyEndpointAlreadyExistsFault", @@ -7721,12 +7847,11 @@ "type":"string", "max":63, "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" }, "DBProxyEndpointNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB proxy endpoint doesn't exist.

    ", "error":{ "code":"DBProxyEndpointNotFoundFault", @@ -7737,8 +7862,7 @@ }, "DBProxyEndpointQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB proxy already has the maximum number of endpoints.

    ", "error":{ "code":"DBProxyEndpointQuotaExceededFault", @@ -7773,12 +7897,11 @@ "type":"string", "max":63, "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" }, "DBProxyNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified proxy name doesn't correspond to a proxy owned by your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyNotFoundFault", @@ -7789,8 +7912,7 @@ }, "DBProxyQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Your Amazon Web Services account already has the maximum number of proxies in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyQuotaExceededFault", @@ -7853,8 +7975,7 @@ }, "DBProxyTargetAlreadyRegisteredFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The proxy is already associated with the specified RDS DB instance or Aurora DB cluster.

    ", "error":{ "code":"DBProxyTargetAlreadyRegisteredFault", @@ -7901,10 +8022,15 @@ }, "documentation":"

    Represents a set of RDS DB instances, Aurora DB clusters, or both that a proxy can connect to. Currently, each target group is associated with exactly one RDS DB instance or Aurora DB cluster.

    This data type is used as a response element in the DescribeDBProxyTargetGroups action.

    " }, + "DBProxyTargetGroupName":{ + "type":"string", + "max":63, + "min":1, + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" + }, "DBProxyTargetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified target group isn't available for a proxy owned by your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyTargetGroupNotFoundFault", @@ -7915,8 +8041,7 @@ }, "DBProxyTargetNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified RDS DB instance or Aurora DB cluster isn't available for a proxy owned by your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBProxyTargetNotFoundFault", @@ -8071,8 +8196,7 @@ }, "DBSecurityGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A DB security group with the name specified in DBSecurityGroupName already exists.

    ", "error":{ "code":"DBSecurityGroupAlreadyExists", @@ -8125,8 +8249,7 @@ }, "DBSecurityGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSecurityGroupName doesn't refer to an existing DB security group.

    ", "error":{ "code":"DBSecurityGroupNotFound", @@ -8137,8 +8260,7 @@ }, "DBSecurityGroupNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A DB security group isn't allowed for this action.

    ", "error":{ "code":"DBSecurityGroupNotSupported", @@ -8149,8 +8271,7 @@ }, "DBSecurityGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of DB security groups.

    ", "error":{ "code":"QuotaExceeded.DBSecurityGroup", @@ -8215,8 +8336,7 @@ }, "DBShardGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB shard group name must be unique in your Amazon Web Services account in the specified Amazon Web Services Region.

    ", "error":{ "code":"DBShardGroupAlreadyExists", @@ -8229,12 +8349,11 @@ "type":"string", "max":63, "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" }, "DBShardGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB shard group name wasn't found.

    ", "error":{ "code":"DBShardGroupNotFound", @@ -8313,6 +8432,10 @@ "shape":"IntegerOptional", "documentation":"

    Specifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    Specifies the storage throughput for the DB snapshot.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    Provides the option group name for the DB snapshot.

    " @@ -8366,6 +8489,10 @@ "documentation":"

    The identifier for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.

    " }, "TagList":{"shape":"TagList"}, + "SnapshotTarget":{ + "shape":"String", + "documentation":"

    Specifies where manual snapshots are stored: Dedicated Local Zones, Amazon Web Services Outposts or the Amazon Web Services Region.

    " + }, "OriginalSnapshotCreateTime":{ "shape":"TStamp", "documentation":"

    Specifies the time of the CreateDBSnapshot operation in Coordinated Universal Time (UTC). Doesn't change when the snapshot is copied.

    " @@ -8374,25 +8501,21 @@ "shape":"TStamp", "documentation":"

    The timestamp of the most recent transaction applied to the database that you're backing up. Thus, if you restore a snapshot, SnapshotDatabaseTime is the most recent transaction in the restored DB instance. In contrast, originalSnapshotCreateTime specifies the system time that the snapshot completed.

    If you back up a read replica, you can determine the replica lag by comparing SnapshotDatabaseTime with originalSnapshotCreateTime. For example, if originalSnapshotCreateTime is two hours later than SnapshotDatabaseTime, then the replica lag is two hours.

    " }, - "SnapshotTarget":{ - "shape":"String", - "documentation":"

    Specifies where manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.

    " - }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    Specifies the storage throughput for the DB snapshot.

    " - }, "DBSystemId":{ "shape":"String", "documentation":"

    The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. The Oracle SID is also the name of your CDB.

    " }, + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Indicates whether the snapshot is of a DB instance using the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " + }, "DedicatedLogVolume":{ "shape":"Boolean", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.

    " }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Indicates whether the snapshot is of a DB instance using the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " + "SnapshotAvailabilityZone":{ + "shape":"String", + "documentation":"

    Specifies the name of the Availability Zone where RDS stores the DB snapshot. This value is valid only for snapshots that RDS stores on a Dedicated Local Zone.

    " } }, "documentation":"

    Contains the details of an Amazon RDS DB snapshot.

    This data type is used as a response element in the DescribeDBSnapshots action.

    ", @@ -8400,8 +8523,7 @@ }, "DBSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSnapshotIdentifier is already used by an existing snapshot.

    ", "error":{ "code":"DBSnapshotAlreadyExists", @@ -8470,8 +8592,7 @@ }, "DBSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSnapshotIdentifier doesn't refer to an existing DB snapshot.

    ", "error":{ "code":"DBSnapshotNotFound", @@ -8538,8 +8659,7 @@ }, "DBSnapshotTenantDatabaseNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified snapshot tenant database wasn't found.

    ", "error":{ "code":"DBSnapshotTenantDatabaseNotFoundFault", @@ -8589,7 +8709,7 @@ }, "Subnets":{ "shape":"SubnetList", - "documentation":"

    Contains a list of Subnet elements.

    " + "documentation":"

    Contains a list of Subnet elements. The list of subnets shown here might not reflect the current state of your VPC. For the most up-to-date information, we recommend checking your VPC configuration directly.

    " }, "DBSubnetGroupArn":{ "shape":"String", @@ -8605,8 +8725,7 @@ }, "DBSubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSubnetGroupName is already used by an existing DB subnet group.

    ", "error":{ "code":"DBSubnetGroupAlreadyExists", @@ -8617,8 +8736,7 @@ }, "DBSubnetGroupDoesNotCoverEnoughAZs":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Subnets in the DB subnet group should cover at least two Availability Zones unless there is only one Availability Zone.

    ", "error":{ "code":"DBSubnetGroupDoesNotCoverEnoughAZs", @@ -8643,8 +8761,7 @@ }, "DBSubnetGroupNotAllowedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DBSubnetGroup shouldn't be specified while creating read replicas that lie in the same region as the source instance.

    ", "error":{ "code":"DBSubnetGroupNotAllowedFault", @@ -8655,8 +8772,7 @@ }, "DBSubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    DBSubnetGroupName doesn't refer to an existing DB subnet group.

    ", "error":{ "code":"DBSubnetGroupNotFoundFault", @@ -8667,8 +8783,7 @@ }, "DBSubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of DB subnet groups.

    ", "error":{ "code":"DBSubnetGroupQuotaExceeded", @@ -8686,8 +8801,7 @@ }, "DBSubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of subnets in a DB subnet groups.

    ", "error":{ "code":"DBSubnetQuotaExceededFault", @@ -8698,8 +8812,7 @@ }, "DBUpgradeDependencyFailureFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB upgrade failed because a resource the DB depends on can't be modified.

    ", "error":{ "code":"DBUpgradeDependencyFailure", @@ -8727,6 +8840,13 @@ "advanced" ] }, + "DefaultAuthScheme":{ + "type":"string", + "enum":[ + "IAM_AUTH", + "NONE" + ] + }, "DeleteBlueGreenDeploymentRequest":{ "type":"structure", "required":["BlueGreenDeploymentIdentifier"], @@ -8808,7 +8928,7 @@ }, "DeleteAutomatedBackups":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to remove automated backups immediately after the DB cluster is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB cluster is deleted.

    " + "documentation":"

    Specifies whether to remove automated backups immediately after the DB cluster is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB cluster is deleted, unless the Amazon Web Services Backup policy specifies a point-in-time restore rule.

    " } }, "documentation":"

    " @@ -8931,7 +9051,7 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The name of the DB proxy to delete.

    " } } @@ -9016,7 +9136,7 @@ "required":["GlobalClusterIdentifier"], "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The cluster identifier of the global database cluster being deleted.

    " } } @@ -9084,11 +9204,11 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier of the DBProxy that is associated with the DBProxyTargetGroup.

    " }, "TargetGroupName":{ - "shape":"String", + "shape":"DBProxyTargetGroupName", "documentation":"

    The identifier of the DBProxyTargetGroup.

    " }, "DBInstanceIdentifiers":{ @@ -9103,13 +9223,11 @@ }, "DeregisterDBProxyTargetsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountAttributesMessage":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    " }, "DescribeBlueGreenDeploymentsRequest":{ @@ -9550,6 +9668,40 @@ }, "documentation":"

    The response from a call to DescribeDBLogFiles.

    " }, + "DescribeDBMajorEngineVersionsRequest":{ + "type":"structure", + "members":{ + "Engine":{ + "shape":"Engine", + "documentation":"

    The database engine to return major version details for.

    Valid Values:

    • aurora-mysql

    • aurora-postgresql

    • custom-sqlserver-ee

    • custom-sqlserver-se

    • custom-sqlserver-web

    • db2-ae

    • db2-se

    • mariadb

    • mysql

    • oracle-ee

    • oracle-ee-cdb

    • oracle-se2

    • oracle-se2-cdb

    • postgres

    • sqlserver-ee

    • sqlserver-se

    • sqlserver-ex

    • sqlserver-web

    " + }, + "MajorEngineVersion":{ + "shape":"MajorEngineVersion", + "documentation":"

    A specific database major engine version to return details for.

    Example: 8.4

    " + }, + "Marker":{ + "shape":"Marker", + "documentation":"

    An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " + }, + "MaxRecords":{ + "shape":"MaxRecords", + "documentation":"

    The maximum number of records to include in the response. If more than the MaxRecords value is available, a pagination token called a marker is included in the response so you can retrieve the remaining results.

    Default: 100

    " + } + } + }, + "DescribeDBMajorEngineVersionsResponse":{ + "type":"structure", + "members":{ + "DBMajorEngineVersions":{ + "shape":"DBMajorEngineVersionsList", + "documentation":"

    A list of DBMajorEngineVersion elements.

    " + }, + "Marker":{ + "shape":"String", + "documentation":"

    An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

    " + } + } + }, "DescribeDBParameterGroupsMessage":{ "type":"structure", "members":{ @@ -9602,7 +9754,7 @@ "type":"structure", "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The name of the DB proxy. If you omit this parameter, the output includes information about all DB proxies owned by your Amazon Web Services account ID.

    " }, "Filters":{ @@ -9675,11 +9827,11 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier of the DBProxy associated with the target group.

    " }, "TargetGroupName":{ - "shape":"String", + "shape":"DBProxyTargetGroupName", "documentation":"

    The identifier of the DBProxyTargetGroup to describe.

    " }, "Filters":{ @@ -9714,11 +9866,11 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier of the DBProxyTarget to describe.

    " }, "TargetGroupName":{ - "shape":"String", + "shape":"DBProxyTargetGroupName", "documentation":"

    The identifier of the DBProxyTargetGroup to describe.

    " }, "Filters":{ @@ -10116,7 +10268,7 @@ "type":"structure", "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The user-supplied DB cluster identifier. If this parameter is specified, information from only the specific DB cluster is returned. This parameter isn't case-sensitive.

    Constraints:

    • If supplied, must match an existing DBClusterIdentifier.

    " }, "Filters":{ @@ -10535,8 +10687,7 @@ }, "DomainNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Domain doesn't refer to an existing Active Directory domain.

    ", "error":{ "code":"DomainNotFoundFault", @@ -10572,7 +10723,7 @@ "type":"structure", "members":{ "LogFileData":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    Entries from the specified log file.

    " }, "Marker":{ @@ -10643,8 +10794,7 @@ }, "Ec2ImagePropertiesNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The AMI configuration prerequisite has not been met.

    ", "error":{ "code":"Ec2ImagePropertiesNotSupportedFault", @@ -10699,6 +10849,19 @@ }, "documentation":"

    This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions:

    • CreateDBInstance

    • DescribeDBInstances

    • DeleteDBInstance

    For the data structure that represents Amazon Aurora DB cluster endpoints, see DBClusterEndpoint.

    " }, + "EndpointNetworkType":{ + "type":"string", + "enum":[ + "IPV4", + "IPV6", + "DUAL" + ] + }, + "Engine":{ + "type":"string", + "max":50, + "min":1 + }, "EngineDefaults":{ "type":"structure", "members":{ @@ -10855,8 +11018,7 @@ }, "EventSubscriptionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have reached the maximum number of event subscriptions.

    ", "error":{ "code":"EventSubscriptionQuotaExceeded", @@ -10979,8 +11141,7 @@ }, "ExportTaskAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't start an export task that's already running.

    ", "error":{ "code":"ExportTaskAlreadyExists", @@ -10991,8 +11152,7 @@ }, "ExportTaskNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The export task doesn't exist.

    ", "error":{ "code":"ExportTaskNotFound", @@ -11144,12 +11304,12 @@ "type":"structure", "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    Contains a user-supplied global database cluster identifier. This identifier is the unique key that identifies a global database cluster.

    " }, "GlobalClusterResourceId":{ "shape":"String", - "documentation":"

    The Amazon Web Services Region-unique, immutable identifier for the global database cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS key for the DB cluster is accessed.

    " + "documentation":"

    The Amazon Web Services partition-unique, immutable identifier for the global database cluster. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS key for the DB cluster is accessed.

    " }, "GlobalClusterArn":{ "shape":"String", @@ -11169,7 +11329,7 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for the global cluster.

    For more information, see CreateGlobalCluster.

    " + "documentation":"

    The lifecycle type for the global cluster.

    For more information, see CreateGlobalCluster.

    " }, "DatabaseName":{ "shape":"String", @@ -11202,8 +11362,7 @@ }, "GlobalClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The GlobalClusterIdentifier already exists. Specify a new global database identifier (unique name) to create a new global database cluster or to rename an existing one.

    ", "error":{ "code":"GlobalClusterAlreadyExistsFault", @@ -11268,8 +11427,7 @@ }, "GlobalClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The GlobalClusterIdentifier doesn't refer to an existing global database cluster.

    ", "error":{ "code":"GlobalClusterNotFoundFault", @@ -11280,8 +11438,7 @@ }, "GlobalClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of global database clusters for this account is already at the maximum allowed.

    ", "error":{ "code":"GlobalClusterQuotaExceededFault", @@ -11334,8 +11491,7 @@ }, "IamRoleMissingPermissionsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The IAM role requires additional permissions to export to an Amazon S3 bucket.

    ", "error":{ "code":"IamRoleMissingPermissions", @@ -11346,8 +11502,7 @@ }, "IamRoleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The IAM role is missing for exporting to an Amazon S3 bucket.

    ", "error":{ "code":"IamRoleNotFound", @@ -11358,8 +11513,7 @@ }, "InstanceQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of DB instances.

    ", "error":{ "code":"InstanceQuotaExceeded", @@ -11370,8 +11524,7 @@ }, "InsufficientAvailableIPsInSubnetFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation can't be performed because there aren't enough available IP addresses in the proxy's subnets. Add more CIDR blocks to the VPC or remove IP address that aren't required from the subnets.

    ", "error":{ "code":"InsufficientAvailableIPsInSubnetFault", @@ -11382,8 +11535,7 @@ }, "InsufficientDBClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB cluster doesn't have enough capacity for the current operation.

    ", "error":{ "code":"InsufficientDBClusterCapacityFault", @@ -11394,8 +11546,7 @@ }, "InsufficientDBInstanceCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB instance class isn't available in the specified Availability Zone.

    ", "error":{ "code":"InsufficientDBInstanceCapacity", @@ -11406,8 +11557,7 @@ }, "InsufficientStorageClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is insufficient storage available for the current action. You might be able to resolve this error by updating your subnet group to use different Availability Zones that have more storage available.

    ", "error":{ "code":"InsufficientStorageClusterCapacity", @@ -11450,14 +11600,6 @@ "documentation":"

    The current status of the integration.

    " }, "Tags":{"shape":"TagList"}, - "CreateTime":{ - "shape":"TStamp", - "documentation":"

    The time when the integration was created, in Universal Coordinated Time (UTC).

    " - }, - "Errors":{ - "shape":"IntegrationErrorList", - "documentation":"

    Any errors associated with the integration.

    " - }, "DataFilter":{ "shape":"DataFilter", "documentation":"

    Data filters for the integration. These filters determine which tables from the source database are sent to the target Amazon Redshift data warehouse.

    " @@ -11465,14 +11607,21 @@ "Description":{ "shape":"IntegrationDescription", "documentation":"

    A description of the integration.

    " + }, + "CreateTime":{ + "shape":"TStamp", + "documentation":"

    The time when the integration was created, in Universal Coordinated Time (UTC).

    " + }, + "Errors":{ + "shape":"IntegrationErrorList", + "documentation":"

    Any errors associated with the integration.

    " } }, "documentation":"

    A zero-ETL integration with Amazon Redshift.

    " }, "IntegrationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The integration you are trying to create already exists.

    ", "error":{ "code":"IntegrationAlreadyExistsFault", @@ -11489,8 +11638,7 @@ }, "IntegrationConflictOperationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A conflicting conditional operation is currently in progress against this resource. Typically occurs when there are multiple requests being made to the same resource at the same time, and these requests conflict with each other.

    ", "error":{ "code":"IntegrationConflictOperationFault", @@ -11544,12 +11692,11 @@ "type":"string", "max":63, "min":1, - "pattern":"[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + "pattern":"[a-zA-Z](?:-?[a-zA-Z0-9]+)*" }, "IntegrationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified integration could not be found.

    ", "error":{ "code":"IntegrationNotFoundFault", @@ -11560,8 +11707,7 @@ }, "IntegrationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't crate any more zero-ETL integrations because the quota has been reached.

    ", "error":{ "code":"IntegrationQuotaExceededFault", @@ -11584,8 +11730,7 @@ }, "InvalidBlueGreenDeploymentStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The blue/green deployment can't be switched over or deleted because there is an invalid configuration in the green environment.

    ", "error":{ "code":"InvalidBlueGreenDeploymentStateFault", @@ -11596,8 +11741,7 @@ }, "InvalidCustomDBEngineVersionStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't delete the CEV.

    ", "error":{ "code":"InvalidCustomDBEngineVersionStateFault", @@ -11608,8 +11752,7 @@ }, "InvalidDBClusterAutomatedBackupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The automated backup is in an invalid state. For example, this automated backup is associated with an active cluster.

    ", "error":{ "code":"InvalidDBClusterAutomatedBackupStateFault", @@ -11620,8 +11763,7 @@ }, "InvalidDBClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Capacity isn't a valid Aurora Serverless DB cluster capacity. Valid capacity values are 2, 4, 8, 16, 32, 64, 128, and 256.

    ", "error":{ "code":"InvalidDBClusterCapacityFault", @@ -11632,8 +11774,7 @@ }, "InvalidDBClusterEndpointStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation can't be performed on the endpoint while the endpoint is in this state.

    ", "error":{ "code":"InvalidDBClusterEndpointStateFault", @@ -11644,8 +11785,7 @@ }, "InvalidDBClusterSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The supplied value isn't a valid DB cluster snapshot state.

    ", "error":{ "code":"InvalidDBClusterSnapshotStateFault", @@ -11656,8 +11796,7 @@ }, "InvalidDBClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation can't be performed while the cluster is in this state.

    ", "error":{ "code":"InvalidDBClusterStateFault", @@ -11668,8 +11807,7 @@ }, "InvalidDBInstanceAutomatedBackupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The automated backup is in an invalid state. For example, this automated backup is associated with an active instance.

    ", "error":{ "code":"InvalidDBInstanceAutomatedBackupState", @@ -11680,8 +11818,7 @@ }, "InvalidDBInstanceStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB instance isn't in a valid state.

    ", "error":{ "code":"InvalidDBInstanceState", @@ -11692,8 +11829,7 @@ }, "InvalidDBParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB parameter group is in use or is in an invalid state. If you are attempting to delete the parameter group, you can't delete it when the parameter group is in this state.

    ", "error":{ "code":"InvalidDBParameterGroupState", @@ -11704,8 +11840,7 @@ }, "InvalidDBProxyEndpointStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't perform this operation while the DB proxy endpoint is in a particular state.

    ", "error":{ "code":"InvalidDBProxyEndpointStateFault", @@ -11716,8 +11851,7 @@ }, "InvalidDBProxyStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation can't be performed while the proxy is in this state.

    ", "error":{ "code":"InvalidDBProxyStateFault", @@ -11728,8 +11862,7 @@ }, "InvalidDBSecurityGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the DB security group doesn't allow deletion.

    ", "error":{ "code":"InvalidDBSecurityGroupState", @@ -11740,8 +11873,7 @@ }, "InvalidDBShardGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB shard group must be in the available state.

    ", "error":{ "code":"InvalidDBShardGroupState", @@ -11752,8 +11884,7 @@ }, "InvalidDBSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the DB snapshot doesn't allow deletion.

    ", "error":{ "code":"InvalidDBSnapshotState", @@ -11764,8 +11895,7 @@ }, "InvalidDBSubnetGroupFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DBSubnetGroup doesn't belong to the same VPC as that of an existing cross-region read replica of the same source instance.

    ", "error":{ "code":"InvalidDBSubnetGroupFault", @@ -11776,8 +11906,7 @@ }, "InvalidDBSubnetGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet group cannot be deleted because it's in use.

    ", "error":{ "code":"InvalidDBSubnetGroupStateFault", @@ -11788,8 +11917,7 @@ }, "InvalidDBSubnetStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet isn't in the available state.

    ", "error":{ "code":"InvalidDBSubnetStateFault", @@ -11800,8 +11928,7 @@ }, "InvalidEventSubscriptionStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This error can occur if someone else is modifying a subscription. You should retry the action.

    ", "error":{ "code":"InvalidEventSubscriptionState", @@ -11812,8 +11939,7 @@ }, "InvalidExportOnlyFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The export is invalid for exporting to an Amazon S3 bucket.

    ", "error":{ "code":"InvalidExportOnly", @@ -11824,8 +11950,7 @@ }, "InvalidExportSourceStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the export snapshot is invalid for exporting to an Amazon S3 bucket.

    ", "error":{ "code":"InvalidExportSourceState", @@ -11836,8 +11961,7 @@ }, "InvalidExportTaskStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't cancel an export task that has completed.

    ", "error":{ "code":"InvalidExportTaskStateFault", @@ -11848,8 +11972,7 @@ }, "InvalidGlobalClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The global cluster is in an invalid state and can't perform the requested operation.

    ", "error":{ "code":"InvalidGlobalClusterStateFault", @@ -11860,8 +11983,7 @@ }, "InvalidIntegrationStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The integration is in an invalid state and can't perform the requested operation.

    ", "error":{ "code":"InvalidIntegrationStateFault", @@ -11872,8 +11994,7 @@ }, "InvalidOptionGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The option group isn't in the available state.

    ", "error":{ "code":"InvalidOptionGroupStateFault", @@ -11884,8 +12005,7 @@ }, "InvalidResourceStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation can't be performed because another operation is in progress.

    ", "error":{ "code":"InvalidResourceStateFault", @@ -11896,8 +12016,7 @@ }, "InvalidRestoreFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Cannot restore from VPC backup to non-VPC DB instance.

    ", "error":{ "code":"InvalidRestoreFault", @@ -11908,8 +12027,7 @@ }, "InvalidS3BucketFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified Amazon S3 bucket name can't be found or Amazon RDS isn't authorized to access the specified Amazon S3 bucket. Verify the SourceS3BucketName and S3IngestionRoleArn values and try again.

    ", "error":{ "code":"InvalidS3BucketFault", @@ -11920,8 +12038,7 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested subnet is invalid, or multiple subnets were requested that are not all in a common VPC.

    ", "error":{ "code":"InvalidSubnet", @@ -11932,8 +12049,7 @@ }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet group doesn't cover all Availability Zones after it's created because of users' change.

    ", "error":{ "code":"InvalidVPCNetworkStateFault", @@ -11954,8 +12070,7 @@ }, "KMSKeyNotAccessibleFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred accessing an Amazon Web Services KMS key.

    ", "error":{ "code":"KMSKeyNotAccessibleFault", @@ -11974,6 +12089,13 @@ "min":1, "pattern":"[a-zA-Z0-9_:\\-\\/]+" }, + "LifecycleSupportName":{ + "type":"string", + "enum":[ + "open-source-rds-standard-support", + "open-source-rds-extended-support" + ] + }, "LimitlessDatabase":{ "type":"structure", "members":{ @@ -12032,11 +12154,23 @@ }, "Long":{"type":"long"}, "LongOptional":{"type":"long"}, + "MajorEngineVersion":{ + "type":"string", + "max":50, + "min":1 + }, "Marker":{ "type":"string", "max":340, "min":1 }, + "MasterUserAuthenticationType":{ + "type":"string", + "enum":[ + "password", + "iam-db-auth" + ] + }, "MasterUserSecret":{ "type":"structure", "members":{ @@ -12057,8 +12191,7 @@ }, "MaxDBShardGroupLimitReached":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The maximum number of DB shard groups for your Amazon Web Services account in the specified Amazon Web Services Region has been reached.

    ", "error":{ "code":"MaxDBShardGroupLimitReached", @@ -12310,7 +12443,7 @@ "documentation":"

    The port number on which the DB cluster accepts connections.

    Valid for Cluster Type: Aurora DB clusters only

    Valid Values: 1150-65535

    Default: The same port as the original DB cluster.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The new password for the master database user.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Constraints:

    • Must contain from 8 to 41 characters.

    • Can contain any printable ASCII character except \"/\", \"\"\", or \"@\".

    • Can't be specified if ManageMasterUserPassword is turned on.

    " }, "OptionGroupName":{ @@ -12335,7 +12468,7 @@ }, "CloudwatchLogsExportConfiguration":{ "shape":"CloudwatchLogsExportConfiguration", - "documentation":"

    The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | slowquery

    • Aurora PostgreSQL - postgresql

    • RDS for MySQL - error | general | slowquery

    • RDS for PostgreSQL - postgresql | upgrade

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " + "documentation":"

    The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | instance | slowquery | iam-db-auth-error

    • Aurora PostgreSQL - instance | postgresql | iam-db-auth-error

    • RDS for MySQL - error | general | slowquery | iam-db-auth-error

    • RDS for PostgreSQL - postgresql | upgrade | iam-db-auth-error

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " }, "EngineVersion":{ "shape":"String", @@ -12395,8 +12528,13 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " + "documentation":"

    Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " + }, + "NetworkType":{ + "shape":"String", + "documentation":"

    The network type of the DB cluster.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Valid Values: IPV4 | DUAL

    " }, + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "MonitoringInterval":{ "shape":"IntegerOptional", "documentation":"

    The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0.

    If MonitoringRoleArn is specified, also set MonitoringInterval to a value other than 0.

    Valid for Cluster Type: Multi-AZ DB clusters only

    Valid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60

    Default: 0

    " @@ -12407,7 +12545,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    Specifies the mode of Database Insights to enable for the DB cluster.

    If you change the value from standard to advanced, you must set the PerformanceInsightsEnabled parameter to true and the PerformanceInsightsRetentionPeriod parameter to 465.

    If you change the value from advanced to standard, you must set the PerformanceInsightsEnabled parameter to false.

    Valid for Cluster Type: Aurora DB clusters only

    " + "documentation":"

    Specifies the mode of Database Insights to enable for the DB cluster.

    If you change the value from standard to advanced, you must set the PerformanceInsightsEnabled parameter to true and the PerformanceInsightsRetentionPeriod parameter to 465.

    If you change the value from advanced to standard, you can set the PerformanceInsightsEnabled parameter to true to collect detailed database counter and per-query metrics.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -12421,11 +12559,6 @@ "shape":"IntegerOptional", "documentation":"

    The number of days to retain Performance Insights data.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values:

    • 7

    • month * 31, where month is a number of months from 1-23. Examples: 93 (3 months * 31), 341 (11 months * 31), 589 (19 months * 31)

    • 731

    Default: 7 days

    If you specify a retention period that isn't valid, such as 94, Amazon RDS issues an error.

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, - "NetworkType":{ - "shape":"String", - "documentation":"

    The network type of the DB cluster.

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters only

    Valid Values: IPV4 | DUAL

    " - }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    If the DB cluster doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword.

    If the DB cluster already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, RDS deletes the secret and uses the new password for the master user specified by MasterUserPassword.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " @@ -12434,6 +12567,10 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster. The secret value contains the updated password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Constraints:

    • You must apply the change immediately when rotating the master user password.

    " }, + "EnableLocalWriteForwarding":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.

    Valid for: Aurora DB clusters only

    " + }, "MasterUserSecretKmsKeyId":{ "shape":"String", "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if both of the following conditions are met:

    • The DB cluster doesn't manage the master user password in Amazon Web Services Secrets Manager.

      If the DB cluster already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key that is used to encrypt the secret.

    • You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.

      If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    " @@ -12446,10 +12583,6 @@ "shape":"Boolean", "documentation":"

    Specifies whether engine mode changes from serverless to provisioned are allowed.

    Valid for Cluster Type: Aurora Serverless v1 DB clusters only

    Constraints:

    • You must allow engine mode changes when specifying a different value for the EngineMode parameter from the DB cluster's current engine mode.

    " }, - "EnableLocalWriteForwarding":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.

    Valid for: Aurora DB clusters only

    " - }, "AwsBackupRecoveryPointArn":{ "shape":"AwsBackupRecoveryPointArn", "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    " @@ -12461,6 +12594,10 @@ "CACertificateIdentifier":{ "shape":"String", "documentation":"

    The CA certificate identifier to use for the DB cluster's server certificate.

    For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide.

    Valid for Cluster Type: Multi-AZ DB clusters

    " + }, + "MasterUserAuthenticationType":{ + "shape":"MasterUserAuthenticationType", + "documentation":"

    Specifies the authentication type for the master user. With IAM master user authentication, you can change the master DB user to use IAM database authentication.

    You can specify one of the following values:

    • password - Use standard database authentication with a password.

    • iam-db-auth - Use IAM database authentication for the master user.

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL engines.

    " } }, "documentation":"

    " @@ -12554,8 +12691,8 @@ "documentation":"

    Specifies whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow setting for the DB instance. By default, this parameter is disabled.

    If this parameter is disabled, changes to the DB instance are applied during the next maintenance window. Some parameter changes can cause an outage and are applied on the next call to RebootDBInstance, or the next failure reboot. Review the table of parameters in Modifying a DB Instance in the Amazon RDS User Guide to see the impact of enabling or disabling ApplyImmediately for each modified parameter and to determine when the changes are applied.

    " }, "MasterUserPassword":{ - "shape":"String", - "documentation":"

    The new password for the master user.

    Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

    Amazon RDS API operations never return the password, so this operation provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.

    This setting doesn't apply to the following DB instances:

    • Amazon Aurora (The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.)

    • RDS Custom

    Default: Uses existing setting

    Constraints:

    • Can't be specified if ManageMasterUserPassword is turned on.

    • Can include any printable ASCII character except \"/\", \"\"\", or \"@\". For RDS for Oracle, can't include the \"&\" (ampersand) or the \"'\" (single quotes) character.

    Length Constraints:

    • RDS for Db2 - Must contain from 8 to 255 characters.

    • RDS for MariaDB - Must contain from 8 to 41 characters.

    • RDS for Microsoft SQL Server - Must contain from 8 to 128 characters.

    • RDS for MySQL - Must contain from 8 to 41 characters.

    • RDS for Oracle - Must contain from 8 to 30 characters.

    • RDS for PostgreSQL - Must contain from 8 to 128 characters.

    " + "shape":"SensitiveString", + "documentation":"

    The new password for the master user.

    Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

    Amazon RDS API operations never return the password, so this operation provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.

    This setting doesn't apply to the following DB instances:

    • Amazon Aurora

      The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.

    • RDS Custom

    • RDS for Oracle CDBs in the multi-tenant configuration

      Specify the master password in ModifyTenantDatabase instead.

    Default: Uses existing setting

    Constraints:

    • Can't be specified if ManageMasterUserPassword is turned on.

    • Can include any printable ASCII character except \"/\", \"\"\", or \"@\". For RDS for Oracle, can't include the \"&\" (ampersand) or the \"'\" (single quotes) character.

    Length Constraints:

    • RDS for Db2 - Must contain from 8 to 255 characters.

    • RDS for MariaDB - Must contain from 8 to 41 characters.

    • RDS for Microsoft SQL Server - Must contain from 8 to 128 characters.

    • RDS for MySQL - Must contain from 8 to 41 characters.

    • RDS for Oracle - Must contain from 8 to 30 characters.

    • RDS for PostgreSQL - Must contain from 8 to 128 characters.

    " }, "DBParameterGroupName":{ "shape":"String", @@ -12587,7 +12724,7 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether minor version upgrades are applied automatically to the DB instance during the maintenance window. An outage occurs when all the following conditions are met:

    • The automatic upgrade is enabled for the maintenance window.

    • A newer minor version is available.

    • RDS has enabled automatic patching for the engine version.

    If any of the preceding conditions isn't met, Amazon RDS applies the change as soon as possible and doesn't cause an outage.

    For an RDS Custom DB instance, don't enable this setting. Otherwise, the operation returns an error.

    " + "documentation":"

    Specifies whether minor version upgrades are applied automatically to the DB instance during the maintenance window. An outage occurs when all the following conditions are met:

    • The automatic upgrade is enabled for the maintenance window.

    • A newer minor version is available.

    • RDS has enabled automatic patching for the engine version.

    If any of the preceding conditions isn't met, Amazon RDS applies the change as soon as possible and doesn't cause an outage.

    For an RDS Custom DB instance, don't enable this setting. Otherwise, the operation returns an error.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "LicenseModel":{ "shape":"String", @@ -12597,6 +12734,10 @@ "shape":"IntegerOptional", "documentation":"

    The new Provisioned IOPS (I/O operations per second) value for the RDS instance.

    Changing this setting doesn't result in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you are migrating from Provisioned IOPS to standard storage, set this value to 0. The DB instance will require a reboot for the change in storage type to take effect.

    If you choose to migrate your DB instance from using standard storage to Provisioned IOPS (io1), or from Provisioned IOPS to standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.

    Constraints:

    • For RDS for MariaDB, RDS for MySQL, RDS for Oracle, and RDS for PostgreSQL - The value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.

    • When you increase the Provisioned IOPS, you must also specify the AllocatedStorage parameter. You can use the current value for AllocatedStorage.

    Default: Uses existing setting

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput value for the DB instance.

    This setting applies only to the gp3 storage type.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The option group to associate the DB instance with.

    Changing this parameter doesn't result in an outage, with one exception. If the parameter change results in an option group that enables OEM, it can cause a brief period, lasting less than a second, during which new connections are rejected but existing connections aren't interrupted.

    The change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request.

    Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.

    This setting doesn't apply to RDS Custom DB instances.

    " @@ -12614,7 +12755,7 @@ "documentation":"

    The ARN from the key store with which to associate the instance for TDE encryption.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "TdeCredentialPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the given ARN from the key store in order to access the device.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "CACertificateIdentifier":{ @@ -12641,6 +12782,10 @@ "shape":"StringList", "documentation":"

    The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers.

    Constraints:

    • Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list.

    Example: 123.124.125.126,234.235.236.237

    " }, + "DisableDomain":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to remove the DB instance from the Active Directory domain.

    " + }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to copy all tags from the DB instance to snapshots of the DB instance. By default, tags aren't copied.

    This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. For more information, see ModifyDBCluster.

    " @@ -12665,10 +12810,6 @@ "shape":"String", "documentation":"

    The name of the IAM role to use when making API calls to the Directory Service.

    This setting doesn't apply to RDS Custom DB instances.

    " }, - "DisableDomain":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether to remove the DB instance from the Active Directory domain.

    " - }, "PromotionTier":{ "shape":"IntegerOptional", "documentation":"

    The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.

    This setting doesn't apply to RDS Custom DB instances.

    Default: 1

    Valid Values: 0 - 15

    " @@ -12679,7 +12820,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    Specifies the mode of Database Insights to enable for the DB instance.

    This setting only applies to Amazon Aurora DB instances.

    Currently, this value is inherited from the DB cluster and can't be changed.

    " + "documentation":"

    Specifies the mode of Database Insights to enable for the DB instance.

    Aurora DB instances inherit this value from the DB cluster, so you can't change this value.

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -12695,7 +12836,7 @@ }, "CloudwatchLogsExportConfiguration":{ "shape":"CloudwatchLogsExportConfiguration", - "documentation":"

    The log types to be enabled for export to CloudWatch Logs for a specific DB instance.

    A change to the CloudwatchLogsExportConfiguration parameter is always applied to the DB instance immediately. Therefore, the ApplyImmediately parameter has no effect.

    This setting doesn't apply to RDS Custom DB instances.

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | slowquery

    • Aurora PostgreSQL - postgresql

    • RDS for MySQL - error | general | slowquery

    • RDS for PostgreSQL - postgresql | upgrade

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " + "documentation":"

    The log types to be enabled for export to CloudWatch Logs for a specific DB instance.

    A change to the CloudwatchLogsExportConfiguration parameter is always applied to the DB instance immediately. Therefore, the ApplyImmediately parameter has no effect.

    This setting doesn't apply to RDS Custom DB instances.

    The following values are valid for each DB engine:

    • Aurora MySQL - audit | error | general | slowquery | iam-db-auth-error

    • Aurora PostgreSQL - postgresql | iam-db-auth-error

    • RDS for MySQL - error | general | slowquery | iam-db-auth-error

    • RDS for PostgreSQL - postgresql | upgrade | iam-db-auth-error

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " }, "ProcessorFeatures":{ "shape":"ProcessorFeatureList", @@ -12719,15 +12860,7 @@ }, "ReplicaMode":{ "shape":"ReplicaMode", - "documentation":"

    A value that sets the open mode of a replica database to either mounted or read-only.

    Currently, this parameter is only supported for Oracle DB instances.

    Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.

    This setting doesn't apply to RDS Custom DB instances.

    " - }, - "EnableCustomerOwnedIp":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " - }, - "AwsBackupRecoveryPointArn":{ - "shape":"AwsBackupRecoveryPointArn", - "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    This setting doesn't apply to RDS Custom DB instances.

    " + "documentation":"

    The open mode of a replica database.

    This parameter is only supported for Db2 DB instances and Oracle DB instances.

    Db2

    Standby DB replicas are included in Db2 Advanced Edition (AE) and Db2 Standard Edition (SE). The main use case for standby replicas is cross-Region disaster recovery. Because it doesn't accept user connections, a standby replica can't serve a read-only workload.

    You can create a combination of standby and read-only DB replicas for the same primary DB instance. For more information, see Working with replicas for Amazon RDS for Db2 in the Amazon RDS User Guide.

    To create standby DB replicas for RDS for Db2, set this parameter to mounted.

    Oracle

    Mounted DB replicas are included in Oracle Database Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.

    You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with read replicas for Amazon RDS for Oracle in the Amazon RDS User Guide.

    For RDS Custom, you must specify this parameter and set it to mounted. The value won't be set by default. After replica creation, you can manage the open mode manually.

    " }, "AutomationMode":{ "shape":"AutomationMode", @@ -12737,37 +12870,45 @@ "shape":"IntegerOptional", "documentation":"

    The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation.

    Default: 60

    Constraints:

    • Must be at least 60.

    • Must be no more than 1,440.

    " }, + "EnableCustomerOwnedIp":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " + }, "NetworkType":{ "shape":"String", "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    Valid Values: IPV4 | DUAL

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput value for the DB instance.

    This setting applies only to the gp3 storage type.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    " + "AwsBackupRecoveryPointArn":{ + "shape":"AwsBackupRecoveryPointArn", + "documentation":"

    The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup.

    This setting doesn't apply to RDS Custom DB instances.

    " }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    If the DB instance doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword.

    If the DB instance already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, Amazon RDS deletes the secret and uses the new password for the master user specified by MasterUserPassword.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " + "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    If the DB instance doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword.

    If the DB instance already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, Amazon RDS deletes the secret and uses the new password for the master user specified by MasterUserPassword.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    • Can't specify for RDS for Oracle CDB instances in the multi-tenant configuration. Use ModifyTenantDatabase instead.

    • Can't specify the parameters ManageMasterUserPassword and MultiTenant in the same operation.

    " }, "RotateMasterUserPassword":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster. The secret value contains the updated password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • You must apply the change immediately when rotating the master user password.

    " + "documentation":"

    Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance. The secret value contains the updated password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • You must apply the change immediately when rotating the master user password.

    " }, "MasterUserSecretKmsKeyId":{ "shape":"String", "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if both of the following conditions are met:

    • The DB instance doesn't manage the master user password in Amazon Web Services Secrets Manager.

      If the DB instance already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.

    • You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.

      If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " }, - "Engine":{ - "shape":"String", - "documentation":"

    The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle Database 21c CDB.

    Note the following requirements:

    • Make sure that you specify oracle-ee-cdb or oracle-se2-cdb.

    • Make sure that your DB engine runs Oracle Database 19c with an April 2021 or later RU.

    Note the following limitations:

    • You can't convert a CDB to a non-CDB.

    • You can't convert a replica database.

    • You can't convert a non-CDB to a CDB and upgrade the engine version in the same command.

    • You can't convert the existing custom parameter or option group when it has options or parameters that are permanent or persistent. In this situation, the DB instance reverts to the default option and parameter group. To avoid reverting to the default, specify a new parameter group with --db-parameter-group-name and a new option group with --option-group-name.

    " + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether the to convert your DB instance from the single-tenant configuration to the multi-tenant configuration. This parameter is supported only for RDS for Oracle CDB instances.

    During the conversion, RDS creates an initial tenant database and associates the DB name, master user name, character set, and national character set metadata with this database. The tags associated with the instance also propagate to the initial tenant database. You can add more tenant databases to your DB instance by using the CreateTenantDatabase operation.

    The conversion to the multi-tenant configuration is permanent and irreversible, so you can't later convert back to the single-tenant configuration. When you specify this parameter, you must also specify ApplyImmediately.

    " }, "DedicatedLogVolume":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.

    " }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Specifies whether the to convert your DB instance from the single-tenant configuration to the multi-tenant configuration. This parameter is supported only for RDS for Oracle CDB instances.

    During the conversion, RDS creates an initial tenant database and associates the DB name, master user name, character set, and national character set metadata with this database. The tags associated with the instance also propagate to the initial tenant database. You can add more tenant databases to your DB instance by using the CreateTenantDatabase operation.

    The conversion to the multi-tenant configuration is permanent and irreversible, so you can't later convert back to the single-tenant configuration. When you specify this parameter, you must also specify ApplyImmediately.

    " + "Engine":{ + "shape":"String", + "documentation":"

    The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle Database 21c CDB.

    Note the following requirements:

    • Make sure that you specify oracle-ee-cdb or oracle-se2-cdb.

    • Make sure that your DB engine runs Oracle Database 19c with an April 2021 or later RU.

    Note the following limitations:

    • You can't convert a CDB to a non-CDB.

    • You can't convert a replica database.

    • You can't convert a non-CDB to a CDB and upgrade the engine version in the same command.

    • You can't convert the existing custom parameter or option group when it has options or parameters that are permanent or persistent. In this situation, the DB instance reverts to the default option and parameter group. To avoid reverting to the default, specify a new parameter group with --db-parameter-group-name and a new option group with --option-group-name.

    " + }, + "MasterUserAuthenticationType":{ + "shape":"MasterUserAuthenticationType", + "documentation":"

    Specifies the authentication type for the master user. With IAM master user authentication, you can change the master DB user to use IAM database authentication.

    You can specify one of the following values:

    • password - Use standard database authentication with a password.

    • iam-db-auth - Use IAM database authentication for the master user.

    This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL engines.

    " } }, "documentation":"

    " @@ -12828,13 +12969,17 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier for the DBProxy to modify.

    " }, "NewDBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The new identifier for the DBProxy. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

    " }, + "DefaultAuthScheme":{ + "shape":"DefaultAuthScheme", + "documentation":"

    The default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are NONE and IAM_AUTH. When set to IAM_AUTH, the proxy uses end-to-end IAM authentication to connect to the database.

    " + }, "Auth":{ "shape":"UserAuthConfigList", "documentation":"

    The new authentication settings for the DBProxy.

    " @@ -12849,10 +12994,10 @@ }, "DebugLogging":{ "shape":"BooleanOptional", - "documentation":"

    Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.

    " + "documentation":"

    Specifies whether the proxy logs detailed connection and query information. When you enable DebugLogging, the proxy captures connection details and connection pool behavior from your queries. Debug logging increases CloudWatch costs and can impact proxy performance. Enable this option only when you need to troubleshoot connection or performance issues.

    " }, "RoleArn":{ - "shape":"String", + "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in Amazon Web Services Secrets Manager.

    " }, "SecurityGroups":{ @@ -12878,11 +13023,11 @@ ], "members":{ "TargetGroupName":{ - "shape":"String", + "shape":"DBProxyTargetGroupName", "documentation":"

    The name of the target group to modify.

    " }, "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The name of the proxy.

    " }, "ConnectionPoolConfig":{ @@ -12891,7 +13036,7 @@ }, "NewName":{ "shape":"String", - "documentation":"

    The new name for the modified DBProxyTarget. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

    " + "documentation":"

    The new name for the modified DBProxyTarget. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

    You can't rename the default target group.

    " } } }, @@ -12990,7 +13135,7 @@ }, "EngineVersion":{ "shape":"String", - "documentation":"

    The engine version to upgrade the DB snapshot to.

    The following are the database engines and engine versions that are available when you upgrade a DB snapshot.

    MySQL

    For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading a MySQL DB snapshot engine version in the Amazon RDS User Guide.

    Oracle

    • 19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots)

    • 19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots)

    • 12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)

    • 11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)

    • 11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)

    PostgreSQL

    For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading a PostgreSQL DB snapshot engine version in the Amazon RDS User Guide.

    " + "documentation":"

    The engine version to upgrade the DB snapshot to.

    The following are the database engines and engine versions that are available when you upgrade a DB snapshot.

    MariaDB

    For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading a MariaDB DB snapshot engine version in the Amazon RDS User Guide.

    MySQL

    For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading a MySQL DB snapshot engine version in the Amazon RDS User Guide.

    Oracle

    • 21.0.0.0.ru-2025-04.rur-2025-04.r1 (supported for 21.0.0.0.ru-2022-01.rur-2022-01.r1, 21.0.0.0.ru-2022-04.rur-2022-04.r1, 21.0.0.0.ru-2022-07.rur-2022-07.r1, 21.0.0.0.ru-2022-10.rur-2022-10.r1, 21.0.0.0.ru-2023-01.rur-2023-01.r1 and 21.0.0.0.ru-2023-01.rur-2023-01.r2 DB snapshots)

    • 19.0.0.0.ru-2025-04.rur-2025-04.r1 (supported for 19.0.0.0.ru-2019-07.rur-2019-07.r1, 19.0.0.0.ru-2019-10.rur-2019-10.r1 and 0.0.0.ru-2020-01.rur-2020-01.r1 DB snapshots)

    • 19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots)

    • 19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots)

    • 12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)

    • 11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)

    • 11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)

    PostgreSQL

    For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading a PostgreSQL DB snapshot engine version in the Amazon RDS User Guide.

    " }, "OptionGroupName":{ "shape":"String", @@ -13067,13 +13212,14 @@ }, "ModifyGlobalClusterMessage":{ "type":"structure", + "required":["GlobalClusterIdentifier"], "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The cluster identifier for the global cluster to modify. This parameter isn't case-sensitive.

    Constraints:

    • Must match the identifier of an existing global database cluster.

    " }, "NewGlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The new cluster identifier for the global database cluster. This value is stored as a lowercase string.

    Constraints:

    • Must contain from 1 to 63 letters, numbers, or hyphens.

    • The first character must be a letter.

    • Can't end with a hyphen or contain two consecutive hyphens.

    Example: my-cluster2

    " }, "DeletionProtection":{ @@ -13110,7 +13256,7 @@ }, "DataFilter":{ "shape":"DataFilter", - "documentation":"

    A new data filter for the integration. For more information, see Data filtering for Aurora zero-ETL integrations with Amazon Redshift.

    " + "documentation":"

    A new data filter for the integration. For more information, see Data filtering for Aurora zero-ETL integrations with Amazon Redshift or Data filtering for Amazon RDS zero-ETL integrations with Amazon Redshift.

    " }, "Description":{ "shape":"IntegrationDescription", @@ -13169,6 +13315,18 @@ "NewTenantDBName":{ "shape":"String", "documentation":"

    The new name of the tenant database when renaming a tenant database. This parameter isn’t case-sensitive.

    Constraints:

    • Can't be the string null or any other reserved word.

    • Can't be longer than 8 characters.

    " + }, + "ManageMasterUserPassword":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    If the tenant database doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword.

    If the tenant database already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, Amazon RDS deletes the secret and uses the new password for the master user specified by MasterUserPassword.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " + }, + "RotateMasterUserPassword":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance. The secret value contains the updated password.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • You must apply the change immediately when rotating the master user password.

    " + }, + "MasterUserSecretKmsKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if both of the following conditions are met:

    • The tenant database doesn't manage the master user password in Amazon Web Services Secrets Manager.

      If the tenant database already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.

    • You're turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.

      If you're turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a self-managed KMS key.

    The Amazon Web Services KMS key identifier is any of the following:

    • Key ARN

    • Key ID

    • Alias ARN

    • Alias name for the KMS key

    To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    A default KMS key exists for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " } } }, @@ -13180,8 +13338,7 @@ }, "NetworkTypeNotSupported":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The network type is invalid for the DB instance. Valid nework type values are IPV4 and DUAL.

    ", "error":{ "code":"NetworkTypeNotSupported", @@ -13323,8 +13480,7 @@ }, "OptionGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The option group you are trying to create already exists.

    ", "error":{ "code":"OptionGroupAlreadyExistsFault", @@ -13356,8 +13512,7 @@ }, "OptionGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified option group could not be found.

    ", "error":{ "code":"OptionGroupNotFoundFault", @@ -13513,8 +13668,7 @@ }, "OptionGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota of 20 option groups was exceeded for this Amazon Web Services account.

    ", "error":{ "code":"OptionGroupQuotaExceededFault", @@ -13556,7 +13710,7 @@ "documentation":"

    The name of the option that has settings that you can set.

    " }, "Value":{ - "shape":"String", + "shape":"PotentiallySensitiveOptionSettingValue", "documentation":"

    The current value of the option setting.

    " }, "DefaultValue":{ @@ -13690,6 +13844,10 @@ "shape":"Boolean", "documentation":"

    Indicates whether a DB instance supports provisioned IOPS.

    " }, + "SupportsStorageThroughput":{ + "shape":"Boolean", + "documentation":"

    Indicates whether a DB instance supports storage throughput.

    " + }, "SupportsEnhancedMonitoring":{ "shape":"Boolean", "documentation":"

    Indicates whether a DB instance supports Enhanced Monitoring at intervals from 1 to 60 seconds.

    " @@ -13726,6 +13884,22 @@ "shape":"DoubleOptional", "documentation":"

    Maximum provisioned IOPS per GiB for a DB instance.

    " }, + "MinStorageThroughputPerDbInstance":{ + "shape":"IntegerOptional", + "documentation":"

    Minimum storage throughput for a DB instance.

    " + }, + "MaxStorageThroughputPerDbInstance":{ + "shape":"IntegerOptional", + "documentation":"

    Maximum storage throughput for a DB instance.

    " + }, + "MinStorageThroughputPerIops":{ + "shape":"DoubleOptional", + "documentation":"

    Minimum storage throughput to provisioned IOPS ratio for a DB instance.

    " + }, + "MaxStorageThroughputPerIops":{ + "shape":"DoubleOptional", + "documentation":"

    Maximum storage throughput to provisioned IOPS ratio for a DB instance.

    " + }, "AvailableProcessorFeatures":{ "shape":"AvailableProcessorFeatureList", "documentation":"

    A list of the available processor features for the DB instance class of a DB instance.

    " @@ -13754,37 +13928,21 @@ "shape":"Boolean", "documentation":"

    Indicates whether you can use Aurora global databases with a specific combination of other DB engine attributes.

    " }, - "SupportsClusters":{ - "shape":"Boolean", - "documentation":"

    Indicates whether DB instances can be configured as a Multi-AZ DB cluster.

    For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

    " - }, "SupportedNetworkTypes":{ "shape":"StringList", "documentation":"

    The network types supported by the DB instance (IPV4 or DUAL).

    A DB instance can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    " }, - "SupportsStorageThroughput":{ + "SupportsClusters":{ "shape":"Boolean", - "documentation":"

    Indicates whether a DB instance supports storage throughput.

    " - }, - "MinStorageThroughputPerDbInstance":{ - "shape":"IntegerOptional", - "documentation":"

    Minimum storage throughput for a DB instance.

    " - }, - "MaxStorageThroughputPerDbInstance":{ - "shape":"IntegerOptional", - "documentation":"

    Maximum storage throughput for a DB instance.

    " - }, - "MinStorageThroughputPerIops":{ - "shape":"DoubleOptional", - "documentation":"

    Minimum storage throughput to provisioned IOPS ratio for a DB instance.

    " - }, - "MaxStorageThroughputPerIops":{ - "shape":"DoubleOptional", - "documentation":"

    Maximum storage throughput to provisioned IOPS ratio for a DB instance.

    " + "documentation":"

    Indicates whether DB instances can be configured as a Multi-AZ DB cluster.

    For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

    " }, "SupportsDedicatedLogVolume":{ "shape":"Boolean", "documentation":"

    Indicates whether a DB instance supports using a dedicated log volume (DLV).

    " + }, + "SupportsHttpEndpoint":{ + "shape":"Boolean", + "documentation":"

    Indicates whether a DB instance supports HTTP endpoints.

    " } }, "documentation":"

    Contains a list of available options for a DB instance.

    This data type is used as a response element in the DescribeOrderableDBInstanceOptions action.

    ", @@ -13829,7 +13987,7 @@ "documentation":"

    The name of the parameter.

    " }, "ParameterValue":{ - "shape":"String", + "shape":"PotentiallySensitiveParameterValue", "documentation":"

    The value of the parameter.

    " }, "Description":{ @@ -13962,7 +14120,7 @@ "documentation":"

    The allocated storage size for the DB instance specified in gibibytes (GiB).

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The master credentials for the DB instance.

    " }, "Port":{ @@ -13989,6 +14147,10 @@ "shape":"IntegerOptional", "documentation":"

    The Provisioned IOPS value for the DB instance.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput of the DB instance.

    " + }, "DBInstanceIdentifier":{ "shape":"String", "documentation":"

    The database identifier for the DB instance.

    " @@ -14010,10 +14172,6 @@ "shape":"ProcessorFeatureList", "documentation":"

    The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

    " }, - "IAMDatabaseAuthenticationEnabled":{ - "shape":"BooleanOptional", - "documentation":"

    Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.

    " - }, "AutomationMode":{ "shape":"AutomationMode", "documentation":"

    The automation mode of the RDS Custom DB instance: full or all-paused. If full, the DB instance automates monitoring and instance recovery. If all-paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.

    " @@ -14022,21 +14180,21 @@ "shape":"TStamp", "documentation":"

    The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput of the DB instance.

    " + "MultiTenant":{ + "shape":"BooleanOptional", + "documentation":"

    Indicates whether the DB instance will change to the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " }, - "Engine":{ - "shape":"String", - "documentation":"

    The database engine of the DB instance.

    " + "IAMDatabaseAuthenticationEnabled":{ + "shape":"BooleanOptional", + "documentation":"

    Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.

    " }, "DedicatedLogVolume":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether the DB instance has a dedicated log volume (DLV) enabled.>

    " }, - "MultiTenant":{ - "shape":"BooleanOptional", - "documentation":"

    Indicates whether the DB instance will change to the multi-tenant configuration (TRUE) or the single-tenant configuration (FALSE).

    " + "Engine":{ + "shape":"String", + "documentation":"

    The database engine of the DB instance.

    " } }, "documentation":"

    This data type is used as a response element in the ModifyDBInstance operation and contains changes that will be applied during the next maintenance window.

    " @@ -14097,8 +14255,7 @@ }, "PointInTimeRestoreNotEnabledFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    SourceDBInstanceIdentifier refers to a DB instance with BackupRetentionPeriod equal to 0.

    ", "error":{ "code":"PointInTimeRestoreNotEnabled", @@ -14107,6 +14264,11 @@ }, "exception":true }, + "PotentiallySensitiveOptionSettingValue":{ + "type":"string", + "sensitive":true + }, + "PotentiallySensitiveParameterValue":{"type":"string"}, "ProcessorFeature":{ "type":"structure", "members":{ @@ -14172,8 +14334,7 @@ }, "ProvisionedIopsNotAvailableInAZFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Provisioned IOPS not available in the specified Availability Zone.

    ", "error":{ "code":"ProvisionedIopsNotAvailableInAZFault", @@ -14446,11 +14607,11 @@ "required":["DBProxyName"], "members":{ "DBProxyName":{ - "shape":"String", + "shape":"DBProxyName", "documentation":"

    The identifier of the DBProxy that is associated with the DBProxyTargetGroup.

    " }, "TargetGroupName":{ - "shape":"String", + "shape":"DBProxyTargetGroupName", "documentation":"

    The identifier of the DBProxyTargetGroup.

    " }, "DBInstanceIdentifiers":{ @@ -14474,9 +14635,13 @@ }, "RemoveFromGlobalClusterMessage":{ "type":"structure", + "required":[ + "GlobalClusterIdentifier", + "DbClusterIdentifier" + ], "members":{ "GlobalClusterIdentifier":{ - "shape":"String", + "shape":"GlobalClusterIdentifier", "documentation":"

    The cluster identifier to detach from the Aurora global database cluster.

    " }, "DbClusterIdentifier":{ @@ -14656,8 +14821,7 @@ }, "ReservedDBInstanceAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User already has a reservation with the given identifier.

    ", "error":{ "code":"ReservedDBInstanceAlreadyExists", @@ -14689,8 +14853,7 @@ }, "ReservedDBInstanceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified reserved DB Instance not found.

    ", "error":{ "code":"ReservedDBInstanceNotFound", @@ -14701,8 +14864,7 @@ }, "ReservedDBInstanceQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would exceed the user's DB Instance quota.

    ", "error":{ "code":"ReservedDBInstanceQuotaExceeded", @@ -14781,8 +14943,7 @@ }, "ReservedDBInstancesOfferingNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specified offering does not exist.

    ", "error":{ "code":"ReservedDBInstancesOfferingNotFound", @@ -14831,8 +14992,7 @@ }, "ResourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource ID was not found.

    ", "error":{ "code":"ResourceNotFoundFault", @@ -14917,7 +15077,7 @@ "documentation":"

    The name of the master user for the restored DB cluster.

    Constraints:

    • Must be 1 to 16 letters or numbers.

    • First character must be a letter.

    • Can't be a reserved word for the chosen database engine.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".

    Constraints:

    • Must contain from 8 to 41 characters.

    • Can't be specified if ManageMasterUserPassword is turned on.

    " }, "OptionGroupName":{ @@ -14971,7 +15131,7 @@ }, "EnableCloudwatchLogsExports":{ "shape":"LogTypeList", - "documentation":"

    The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

    Aurora MySQL

    Possible values are audit, error, general, and slowquery.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " + "documentation":"

    The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

    Aurora MySQL

    Possible values are audit, error, general, instance, slowquery, and iam-db-auth-error.

    Aurora PostgreSQL

    Possible value are instance, postgresql, and iam-db-auth-error.

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    " }, "DeletionProtection":{ "shape":"BooleanOptional", @@ -14989,11 +15149,15 @@ "shape":"String", "documentation":"

    Specify the name of the IAM role to be used when making API calls to the Directory Service.

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, + "StorageType":{ + "shape":"String", + "documentation":"

    Specifies the storage type to be associated with the DB cluster.

    Valid Values: aurora, aurora-iopt1

    Default: aurora

    Valid for: Aurora DB clusters only

    " + }, "NetworkType":{ "shape":"String", "documentation":"

    The network type of the DB cluster.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    " }, + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "ManageMasterUserPassword":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " @@ -15002,13 +15166,9 @@ "shape":"String", "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " }, - "StorageType":{ - "shape":"String", - "documentation":"

    Specifies the storage type to be associated with the DB cluster.

    Valid Values: aurora, aurora-iopt1

    Default: aurora

    Valid for: Aurora DB clusters only

    " - }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " } } }, @@ -15084,7 +15244,7 @@ }, "EnableCloudwatchLogsExports":{ "shape":"LogTypeList", - "documentation":"

    The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used.

    RDS for MySQL

    Possible values are error, general, and slowquery.

    RDS for PostgreSQL

    Possible values are postgresql and upgrade.

    Aurora MySQL

    Possible values are audit, error, general, and slowquery.

    Aurora PostgreSQL

    Possible value is postgresql.

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters and Multi-AZ DB clusters

    " + "documentation":"

    The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used.

    RDS for MySQL

    Possible values are error, general, slowquery, and iam-db-auth-error.

    RDS for PostgreSQL

    Possible values are postgresql, upgrade, and iam-db-auth-error.

    Aurora MySQL

    Possible values are audit, error, general, instance, slowquery, and iam-db-auth-error.

    Aurora PostgreSQL

    Possible value are instance, postgresql, and iam-db-auth-error.

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters and Multi-AZ DB clusters

    " }, "EngineMode":{ "shape":"String", @@ -15130,11 +15290,11 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether the DB cluster is publicly accessible.

    When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB cluster doesn't permit it.

    When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

    Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

    If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

    • If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.

    If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

    • If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.

    • If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.

    Valid for: Aurora DB clusters and Multi-AZ DB clusters

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "NetworkType":{ "shape":"String", "documentation":"

    The network type of the DB cluster.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters only

    " }, + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "RdsCustomClusterConfiguration":{ "shape":"RdsCustomClusterConfiguration", "documentation":"

    Reserved for future use.

    " @@ -15161,7 +15321,7 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " } }, "documentation":"

    " @@ -15227,7 +15387,7 @@ }, "EnableCloudwatchLogsExports":{ "shape":"LogTypeList", - "documentation":"

    The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

    RDS for MySQL

    Possible values are error, general, and slowquery.

    RDS for PostgreSQL

    Possible values are postgresql and upgrade.

    Aurora MySQL

    Possible values are audit, error, general, and slowquery.

    Aurora PostgreSQL

    Possible value is postgresql.

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters and Multi-AZ DB clusters

    " + "documentation":"

    The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

    RDS for MySQL

    Possible values are error, general, slowquery, and iam-db-auth-error.

    RDS for PostgreSQL

    Possible values are postgresql, upgrade, and iam-db-auth-error.

    Aurora MySQL

    Possible values are audit, error, general, instance, slowquery, and iam-db-auth-error.

    Aurora PostgreSQL

    Possible value are instance, postgresql, and iam-db-auth-error.

    For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

    For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters and Multi-AZ DB clusters

    " }, "DBClusterParameterGroupName":{ "shape":"String", @@ -15249,14 +15409,6 @@ "shape":"String", "documentation":"

    The name of the IAM role to be used when making API calls to the Directory Service.

    Valid for: Aurora DB clusters only

    " }, - "ScalingConfiguration":{ - "shape":"ScalingConfiguration", - "documentation":"

    For DB clusters in serverless DB engine mode, the scaling properties of the DB cluster.

    Valid for: Aurora DB clusters only

    " - }, - "EngineMode":{ - "shape":"String", - "documentation":"

    The engine mode of the new cluster. Specify provisioned or serverless, depending on the type of the cluster you are creating. You can create an Aurora Serverless v1 clone from a provisioned cluster, or a provisioned clone from an Aurora Serverless v1 cluster. To create a clone that is an Aurora Serverless v1 cluster, the original cluster must be an Aurora Serverless v1 cluster or an encrypted provisioned cluster. To create a full copy that is an Aurora Serverless v1 cluster, specify the engine mode serverless.

    Valid for: Aurora DB clusters only

    " - }, "DBClusterInstanceClass":{ "shape":"String", "documentation":"

    The compute and memory capacity of the each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.

    For the full list of DB instance classes, and availability for your engine, see DB instance class in the Amazon RDS User Guide.

    Valid for: Multi-AZ DB clusters only

    " @@ -15273,7 +15425,6 @@ "shape":"IntegerOptional", "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

    For information about valid IOPS values, see Amazon RDS Provisioned IOPS storage in the Amazon RDS User Guide.

    Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB instance.

    Valid for: Multi-AZ DB clusters only

    " }, - "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, "NetworkType":{ "shape":"String", "documentation":"

    The network type of the DB cluster.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

    Valid for: Aurora DB clusters only

    " @@ -15282,6 +15433,15 @@ "shape":"String", "documentation":"

    The resource ID of the source DB cluster from which to restore.

    " }, + "ServerlessV2ScalingConfiguration":{"shape":"ServerlessV2ScalingConfiguration"}, + "ScalingConfiguration":{ + "shape":"ScalingConfiguration", + "documentation":"

    For DB clusters in serverless DB engine mode, the scaling properties of the DB cluster.

    Valid for: Aurora DB clusters only

    " + }, + "EngineMode":{ + "shape":"String", + "documentation":"

    The engine mode of the new cluster. Specify provisioned or serverless, depending on the type of the cluster you are creating. You can create an Aurora Serverless v1 clone from a provisioned cluster, or a provisioned clone from an Aurora Serverless v1 cluster. To create a clone that is an Aurora Serverless v1 cluster, the original cluster must be an Aurora Serverless v1 cluster or an encrypted provisioned cluster. To create a full copy that is an Aurora Serverless v1 cluster, specify the engine mode serverless.

    Valid for: Aurora DB clusters only

    " + }, "RdsCustomClusterConfiguration":{ "shape":"RdsCustomClusterConfiguration", "documentation":"

    Reserved for future use.

    " @@ -15308,7 +15468,7 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB cluster.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

    Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " } }, "documentation":"

    " @@ -15357,11 +15517,11 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to automatically apply minor version upgrades to the DB instance during the maintenance window.

    If you restore an RDS Custom DB instance, you must disable this parameter.

    " + "documentation":"

    Specifies whether to automatically apply minor version upgrades to the DB instance during the maintenance window.

    If you restore an RDS Custom DB instance, you must disable this parameter.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "LicenseModel":{ "shape":"String", - "documentation":"

    License model information for the restored DB instance.

    License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    Default: Same as the source.

    " + "documentation":"

    License model information for the restored DB instance.

    License models for RDS for Db2 require additional configuration. The bring your own license (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    Default: Same as the source.

    " }, "DBName":{ "shape":"String", @@ -15375,6 +15535,10 @@ "shape":"IntegerOptional", "documentation":"

    Specifies the amount of provisioned IOPS for the DB instance, expressed in I/O operations per second. If this parameter isn't specified, the IOPS value is taken from the backup. If this parameter is set to 0, the new instance is converted to a non-PIOPS instance. The conversion takes additional time, though your DB instance is available for connections before the conversion starts.

    The provisioned IOPS value must follow the requirements for your database engine. For more information, see Amazon RDS Provisioned IOPS storage in the Amazon RDS User Guide.

    Constraints: Must be an integer greater than 1000.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    Specifies the storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The name of the option group to be used for the restored DB instance.

    Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.

    This setting doesn't apply to RDS Custom.

    " @@ -15382,14 +15546,14 @@ "Tags":{"shape":"TagList"}, "StorageType":{ "shape":"String", - "documentation":"

    Specifies the storage type to be associated with the DB instance.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    Default: io1 if the Iops parameter is specified, otherwise gp2

    " + "documentation":"

    Specifies the storage type to be associated with the DB instance.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    Default: io1 if the Iops parameter is specified, otherwise gp3

    " }, "TdeCredentialArn":{ "shape":"String", "documentation":"

    The ARN from the key store with which to associate the instance for TDE encryption.

    This setting doesn't apply to RDS Custom.

    " }, "TdeCredentialPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the given ARN from the key store in order to access the device.

    This setting doesn't apply to RDS Custom.

    " }, "VpcSecurityGroupIds":{ @@ -15452,30 +15616,26 @@ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    This setting doesn't apply to RDS Custom.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " }, - "CustomIamInstanceProfile":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom.

    " + "documentation":"

    The network type of the DB instance.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    " }, "BackupTarget":{ "shape":"String", - "documentation":"

    Specifies where automated backups and manual snapshots are stored for the restored DB instance.

    Possible values are outposts (Amazon Web Services Outposts) and region (Amazon Web Services Region). The default is region.

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " + "documentation":"

    Specifies where automated backups and manual snapshots are stored for the restored DB instance.

    Possible values are local (Dedicated Local Zone), outposts (Amazon Web Services Outposts), and region (Amazon Web Services Region). The default is region.

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " }, - "NetworkType":{ + "CustomIamInstanceProfile":{ "shape":"String", - "documentation":"

    The network type of the DB instance.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    " + "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom.

    " }, - "StorageThroughput":{ + "AllocatedStorage":{ "shape":"IntegerOptional", - "documentation":"

    Specifies the storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " + "documentation":"

    The amount of storage (in gibibytes) to allocate initially for the DB instance. Follow the allocation rules specified in CreateDBInstance.

    This setting isn't valid for RDS for SQL Server.

    Be sure to allocate enough storage for your new DB instance so that the restore operation can succeed. You can also allocate additional storage for future growth.

    " }, "DBClusterSnapshotIdentifier":{ "shape":"String", "documentation":"

    The identifier for the Multi-AZ DB cluster snapshot to restore from.

    For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.

    Constraints:

    • Must match the identifier of an existing Multi-AZ DB cluster snapshot.

    • Can't be specified when DBSnapshotIdentifier is specified.

    • Must be specified when DBSnapshotIdentifier isn't specified.

    • If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot.

    • Can't be the identifier of an Aurora DB cluster snapshot.

    " }, - "AllocatedStorage":{ - "shape":"IntegerOptional", - "documentation":"

    The amount of storage (in gibibytes) to allocate initially for the DB instance. Follow the allocation rules specified in CreateDBInstance.

    This setting isn't valid for RDS for SQL Server.

    Be sure to allocate enough storage for your new DB instance so that the restore operation can succeed. You can also allocate additional storage for future growth.

    " - }, "DedicatedLogVolume":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable a dedicated log volume (DLV) for the DB instance.

    " @@ -15486,7 +15646,15 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Amazon RDS Extended Support with Amazon RDS in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + }, + "ManageMasterUserPassword":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager in the restored DB instance.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Applies to RDS for Oracle only.

    " + }, + "MasterUserSecretKmsKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " } }, "documentation":"

    " @@ -15534,7 +15702,7 @@ "documentation":"

    The name for the master user.

    Constraints:

    • Must be 1 to 16 letters or numbers.

    • First character must be a letter.

    • Can't be a reserved word for the chosen database engine.

    " }, "MasterUserPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the master user.

    Constraints:

    • Can't be specified if ManageMasterUserPassword is turned on.

    • Can include any printable ASCII character except \"/\", \"\"\", or \"@\". For RDS for Oracle, can't include the \"&\" (ampersand) or the \"'\" (single quotes) character.

    Length Constraints:

    • RDS for Db2 - Must contain from 8 to 128 characters.

    • RDS for MariaDB - Must contain from 8 to 41 characters.

    • RDS for Microsoft SQL Server - Must contain from 8 to 128 characters.

    • RDS for MySQL - Must contain from 8 to 41 characters.

    • RDS for Oracle - Must contain from 8 to 30 characters.

    • RDS for PostgreSQL - Must contain from 8 to 128 characters.

    " }, "DBSecurityGroups":{ @@ -15583,7 +15751,7 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether to automatically apply minor engine upgrades to the DB instance during the maintenance window. By default, minor engine upgrades are not applied automatically.

    " + "documentation":"

    Specifies whether to automatically apply minor engine upgrades to the DB instance during the maintenance window. By default, minor engine upgrades are not applied automatically.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "LicenseModel":{ "shape":"String", @@ -15593,6 +15761,10 @@ "shape":"IntegerOptional", "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to allocate initially for the DB instance. For information about valid IOPS values, see Amazon RDS Provisioned IOPS storage in the Amazon RDS User Guide.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    Specifies the storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The name of the option group to associate with this DB instance. If this argument is omitted, the default option group for the specified engine is used.

    " @@ -15655,7 +15827,7 @@ }, "DatabaseInsightsMode":{ "shape":"DatabaseInsightsMode", - "documentation":"

    Specifies the mode of Database Insights to enable for the DB instance.

    This setting only applies to Amazon Aurora DB instances.

    Currently, this value is inherited from the DB cluster and can't be changed.

    " + "documentation":"

    Specifies the mode of Database Insights to enable for the DB instance.

    Aurora DB instances inherit this value from the DB cluster, so you can't change this value.

    " }, "EnablePerformanceInsights":{ "shape":"BooleanOptional", @@ -15693,10 +15865,6 @@ "shape":"String", "documentation":"

    The network type of the DB instance.

    Valid Values:

    • IPV4

    • DUAL

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    Specifies the storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " - }, "ManageMasterUserPassword":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Can't manage the master user password with Amazon Web Services Secrets Manager if MasterUserPassword is specified.

    " @@ -15715,7 +15883,7 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Amazon RDS Extended Support Amazon RDS in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " } } }, @@ -15771,11 +15939,11 @@ }, "AutoMinorVersionUpgrade":{ "shape":"BooleanOptional", - "documentation":"

    Specifies whether minor version upgrades are applied automatically to the DB instance during the maintenance window.

    This setting doesn't apply to RDS Custom.

    " + "documentation":"

    Specifies whether minor version upgrades are applied automatically to the DB instance during the maintenance window.

    This setting doesn't apply to RDS Custom.

    For more information about automatic minor version upgrades, see Automatically upgrading the minor engine version.

    " }, "LicenseModel":{ "shape":"String", - "documentation":"

    The license model information for the restored DB instance.

    License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    Default: Same as the source.

    " + "documentation":"

    The license model information for the restored DB instance.

    License models for RDS for Db2 require additional configuration. The bring your own license (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    Valid Values:

    • RDS for Db2 - bring-your-own-license | marketplace-license

    • RDS for MariaDB - general-public-license

    • RDS for Microsoft SQL Server - license-included

    • RDS for MySQL - general-public-license

    • RDS for Oracle - bring-your-own-license | license-included

    • RDS for PostgreSQL - postgresql-license

    Default: Same as the source.

    " }, "DBName":{ "shape":"String", @@ -15789,6 +15957,10 @@ "shape":"IntegerOptional", "documentation":"

    The amount of Provisioned IOPS (input/output operations per second) to initially allocate for the DB instance.

    This setting doesn't apply to SQL Server.

    Constraints:

    • Must be an integer greater than 1000.

    " }, + "StorageThroughput":{ + "shape":"IntegerOptional", + "documentation":"

    The storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " + }, "OptionGroupName":{ "shape":"String", "documentation":"

    The name of the option group to use for the restored DB instance.

    Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance

    This setting doesn't apply to RDS Custom.

    " @@ -15800,14 +15972,14 @@ "Tags":{"shape":"TagList"}, "StorageType":{ "shape":"String", - "documentation":"

    The storage type to associate with the DB instance.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1, if the Iops parameter is specified. Otherwise, gp2.

    Constraints:

    • If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    " + "documentation":"

    The storage type to associate with the DB instance.

    Valid Values: gp2 | gp3 | io1 | io2 | standard

    Default: io1, if the Iops parameter is specified. Otherwise, gp3.

    Constraints:

    • If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.

    " }, "TdeCredentialArn":{ "shape":"String", "documentation":"

    The ARN from the key store with which to associate the instance for TDE encryption.

    This setting doesn't apply to RDS Custom.

    " }, "TdeCredentialPassword":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    The password for the given ARN from the key store in order to access the device.

    This setting doesn't apply to RDS Custom.

    " }, "VpcSecurityGroupIds":{ @@ -15870,29 +16042,25 @@ "shape":"IntegerOptional", "documentation":"

    The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

    For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

    This setting doesn't apply to RDS Custom.

    " }, - "SourceDBInstanceAutomatedBackupsArn":{ - "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.

    This setting doesn't apply to RDS Custom.

    " - }, "EnableCustomerOwnedIp":{ "shape":"BooleanOptional", "documentation":"

    Specifies whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

    A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

    This setting doesn't apply to RDS Custom.

    For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

    " }, - "CustomIamInstanceProfile":{ + "NetworkType":{ "shape":"String", - "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom.

    " + "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    Valid Values:

    • IPV4

    • DUAL

    " }, - "BackupTarget":{ + "SourceDBInstanceAutomatedBackupsArn":{ "shape":"String", - "documentation":"

    The location for storing automated backups and manual snapshots for the restored DB instance.

    Valid Values:

    • outposts (Amazon Web Services Outposts)

    • region (Amazon Web Services Region)

    Default: region

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.

    This setting doesn't apply to RDS Custom.

    " }, - "NetworkType":{ + "BackupTarget":{ "shape":"String", - "documentation":"

    The network type of the DB instance.

    The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

    For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

    Valid Values:

    • IPV4

    • DUAL

    " + "documentation":"

    The location for storing automated backups and manual snapshots for the restored DB instance.

    Valid Values:

    • local (Dedicated Local Zone)

    • outposts (Amazon Web Services Outposts)

    • region (Amazon Web Services Region)

    Default: region

    For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

    " }, - "StorageThroughput":{ - "shape":"IntegerOptional", - "documentation":"

    The storage throughput value for the DB instance.

    This setting doesn't apply to RDS Custom or Amazon Aurora.

    " + "CustomIamInstanceProfile":{ + "shape":"String", + "documentation":"

    The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

    • The profile must exist in your account.

    • The profile must have an IAM role that Amazon EC2 has permissions to assume.

    • The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

    For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

    This setting is required for RDS Custom.

    " }, "AllocatedStorage":{ "shape":"IntegerOptional", @@ -15908,7 +16076,15 @@ }, "EngineLifecycleSupport":{ "shape":"String", - "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Using Amazon RDS Extended Support in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + "documentation":"

    The life cycle type for this DB instance.

    By default, this value is set to open-source-rds-extended-support, which enrolls your DB instance into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB instance to a higher engine version, if the major engine version is past its end of standard support date.

    You can use this setting to enroll your DB instance into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB instance past the end of standard support for that engine version. For more information, see Amazon RDS Extended Support with Amazon RDS in the Amazon RDS User Guide.

    This setting applies only to RDS for MySQL and RDS for PostgreSQL. For Amazon Aurora DB instances, the life cycle type is managed by the DB cluster.

    Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

    Default: open-source-rds-extended-support

    " + }, + "ManageMasterUserPassword":{ + "shape":"BooleanOptional", + "documentation":"

    Specifies whether to manage the master user password with Amazon Web Services Secrets Manager in the restored DB instance.

    For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide.

    Constraints:

    • Applies to RDS for Oracle only.

    " + }, + "MasterUserSecretKmsKeyId":{ + "shape":"String", + "documentation":"

    The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

    This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB instance.

    The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

    If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

    There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

    " } }, "documentation":"

    " @@ -15968,8 +16144,7 @@ }, "SNSInvalidTopicFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    SNS has responded that there is a problem with the SNS topic specified.

    ", "error":{ "code":"SNSInvalidTopic", @@ -15980,8 +16155,7 @@ }, "SNSNoAuthorizationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You do not have permission to publish to the SNS topic ARN.

    ", "error":{ "code":"SNSNoAuthorization", @@ -15992,8 +16166,7 @@ }, "SNSTopicArnNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The SNS topic ARN does not exist.

    ", "error":{ "code":"SNSTopicArnNotFound", @@ -16081,14 +16254,14 @@ "members":{ "MinCapacity":{ "shape":"DoubleOptional", - "documentation":"

    If the minimum capacity is 0 ACUs, the engine version supports the automatic pause/resume feature of Aurora Serverless v2.

    " + "documentation":"

    If the minimum capacity is 0 ACUs, the engine version or platform version supports the automatic pause/resume feature of Aurora Serverless v2.

    " }, "MaxCapacity":{ "shape":"DoubleOptional", - "documentation":"

    Specifies the upper Aurora Serverless v2 capacity limit for a particular engine version. Depending on the engine version, the maximum capacity for an Aurora Serverless v2 cluster might be 256 or 128.

    " + "documentation":"

    Specifies the upper Aurora Serverless v2 capacity limit for a particular engine version or platform version. Depending on the engine version, the maximum capacity for an Aurora Serverless v2 cluster might be 256 or 128.

    " } }, - "documentation":"

    Specifies any Aurora Serverless v2 properties or limits that differ between Aurora engine versions. You can test the values of this attribute when deciding which Aurora version to use in a new or upgraded DB cluster. You can also retrieve the version of an existing DB cluster and check whether that version supports certain Aurora Serverless v2 features before you attempt to use those features.

    " + "documentation":"

    Specifies any Aurora Serverless v2 properties or limits that differ between Aurora engine versions and platform versions. You can test the values of this attribute when deciding which Aurora version to use in a new or upgraded DB cluster. You can also retrieve the version of an existing DB cluster and check whether that version supports certain Aurora Serverless v2 features before you attempt to use those features.

    " }, "ServerlessV2ScalingConfiguration":{ "type":"structure", @@ -16099,7 +16272,7 @@ }, "MaxCapacity":{ "shape":"DoubleOptional", - "documentation":"

    The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 32, 32.5, 33, and so on. The largest value that you can use is 256 for recent Aurora versions, or 128 for older versions.

    " + "documentation":"

    The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 32, 32.5, 33, and so on. The largest value that you can use is 256 for recent Aurora versions, or 128 for older versions. You can check the attributes of your engine version or platform version to determine the specific maximum capacity supported.

    " }, "SecondsUntilAutoPause":{ "shape":"IntegerOptional", @@ -16117,7 +16290,7 @@ }, "MaxCapacity":{ "shape":"DoubleOptional", - "documentation":"

    The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 32, 32.5, 33, and so on. The largest value that you can use is 256 for recent Aurora versions, or 128 for older versions.

    " + "documentation":"

    The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 32, 32.5, 33, and so on. The largest value that you can use is 256 for recent Aurora versions, or 128 for older versions. You can check the attributes of your engine version or platform version to determine the specific maximum capacity supported.

    " }, "SecondsUntilAutoPause":{ "shape":"IntegerOptional", @@ -16128,8 +16301,7 @@ }, "SharedSnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the maximum number of accounts that you can share a manual DB snapshot with.

    ", "error":{ "code":"SharedSnapshotQuotaExceeded", @@ -16140,8 +16312,7 @@ }, "SnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of DB snapshots.

    ", "error":{ "code":"SnapshotQuotaExceeded", @@ -16158,8 +16329,7 @@ }, "SourceClusterNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The source DB cluster isn't supported for a blue/green deployment.

    ", "error":{ "code":"SourceClusterNotSupportedFault", @@ -16170,8 +16340,7 @@ }, "SourceDatabaseNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The source DB instance isn't supported for a blue/green deployment.

    ", "error":{ "code":"SourceDatabaseNotSupportedFault", @@ -16189,8 +16358,7 @@ }, "SourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested source could not be found.

    ", "error":{ "code":"SourceNotFound", @@ -16253,7 +16421,9 @@ "db-cluster-snapshot", "custom-engine-version", "db-proxy", - "blue-green-deployment" + "blue-green-deployment", + "db-shard-group", + "zero-etl" ] }, "StartActivityStreamRequest":{ @@ -16305,13 +16475,13 @@ "shape":"ActivityStreamMode", "documentation":"

    The mode of the database activity stream.

    " }, - "ApplyImmediately":{ - "shape":"Boolean", - "documentation":"

    Indicates whether or not the database activity stream will start as soon as possible, regardless of the maintenance window for the database.

    " - }, "EngineNativeAuditFieldsIncluded":{ "shape":"BooleanOptional", "documentation":"

    Indicates whether engine-native audit fields are included in the database activity stream.

    " + }, + "ApplyImmediately":{ + "shape":"Boolean", + "documentation":"

    Indicates whether or not the database activity stream will start as soon as possible, regardless of the maintenance window for the database.

    " } } }, @@ -16348,7 +16518,7 @@ "documentation":"

    The Amazon Web Services KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination Amazon Web Services Region, for example, arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE.

    " }, "PreSignedUrl":{ - "shape":"String", + "shape":"SensitiveString", "documentation":"

    In an Amazon Web Services GovCloud (US) Region, an URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication operation to call in the Amazon Web Services Region of the source DB instance. The presigned URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication API operation that can run in the Amazon Web Services Region that contains the source DB instance.

    This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

    If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

    " } } @@ -16403,7 +16573,7 @@ }, "KmsKeyId":{ "shape":"String", - "documentation":"

    The ID of the Amazon Web Services KMS key to use to encrypt the data exported to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. The caller of this operation must be authorized to run the following operations. These can be set in the Amazon Web Services KMS key policy:

    • kms:Encrypt

    • kms:Decrypt

    • kms:GenerateDataKey

    • kms:GenerateDataKeyWithoutPlaintext

    • kms:ReEncryptFrom

    • kms:ReEncryptTo

    • kms:CreateGrant

    • kms:DescribeKey

    • kms:RetireGrant

    " + "documentation":"

    The ID of the Amazon Web Services KMS key to use to encrypt the data exported to Amazon S3. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. The caller of this operation must be authorized to run the following operations. These can be set in the Amazon Web Services KMS key policy:

    • kms:CreateGrant

    • kms:DescribeKey

    " }, "S3Prefix":{ "shape":"String", @@ -16500,8 +16670,7 @@ }, "StorageQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed amount of storage available across all DB instances.

    ", "error":{ "code":"StorageQuotaExceeded", @@ -16512,8 +16681,7 @@ }, "StorageTypeNotAvailableFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The aurora-iopt1 storage type isn't available, because you modified the DB cluster to use this storage type less than one month ago.

    ", "error":{ "code":"StorageTypeNotAvailableFault", @@ -16524,8 +16692,7 @@ }, "StorageTypeNotSupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified StorageType can't be associated with the DB instance.

    ", "error":{ "code":"StorageTypeNotSupported", @@ -16566,8 +16733,7 @@ }, "SubnetAlreadyInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The DB subnet is already in use in the Availability Zone.

    ", "error":{ "code":"SubnetAlreadyInUse", @@ -16592,8 +16758,7 @@ }, "SubscriptionAlreadyExistFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The supplied subscription name already exists.

    ", "error":{ "code":"SubscriptionAlreadyExist", @@ -16604,8 +16769,7 @@ }, "SubscriptionCategoryNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The supplied category does not exist.

    ", "error":{ "code":"SubscriptionCategoryNotFound", @@ -16616,8 +16780,7 @@ }, "SubscriptionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The subscription name does not exist.

    ", "error":{ "code":"SubscriptionNotFound", @@ -16633,6 +16796,36 @@ "locationName":"CharacterSet" } }, + "SupportedEngineLifecycle":{ + "type":"structure", + "required":[ + "LifecycleSupportName", + "LifecycleSupportStartDate", + "LifecycleSupportEndDate" + ], + "members":{ + "LifecycleSupportName":{ + "shape":"LifecycleSupportName", + "documentation":"

    The type of lifecycle support that the engine version is in.

    This parameter returns the following values:

    • open-source-rds-standard-support - Indicates RDS standard support or Aurora standard support.

    • open-source-rds-extended-support - Indicates Amazon RDS Extended Support.

    For Amazon RDS for MySQL, Amazon RDS for PostgreSQL, Aurora MySQL, and Aurora PostgreSQL, this parameter returns both open-source-rds-standard-support and open-source-rds-extended-support.

    For Amazon RDS for MariaDB, this parameter only returns the value open-source-rds-standard-support.

    For information about Amazon RDS Extended Support, see Amazon RDS Extended Support with Amazon RDS in the Amazon RDS User Guide and Amazon RDS Extended Support with Amazon Aurora in the Amazon Aurora User Guide.

    " + }, + "LifecycleSupportStartDate":{ + "shape":"TStamp", + "documentation":"

    The start date for the type of support returned by LifecycleSupportName.

    " + }, + "LifecycleSupportEndDate":{ + "shape":"TStamp", + "documentation":"

    The end date for the type of support returned by LifecycleSupportName.

    " + } + }, + "documentation":"

    This data type is used as a response element in the operation DescribeDBMajorEngineVersions.

    You can use the information that this data type returns to plan for upgrades.

    This data type only returns information for the open source engines Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL, Aurora MySQL, and Aurora PostgreSQL.

    " + }, + "SupportedEngineLifecycleList":{ + "type":"list", + "member":{ + "shape":"SupportedEngineLifecycle", + "locationName":"SupportedEngineLifecycle" + } + }, "SupportedTimezonesList":{ "type":"list", "member":{ @@ -16759,6 +16952,13 @@ }, "documentation":"

    " }, + "TargetConnectionNetworkType":{ + "type":"string", + "enum":[ + "IPV4", + "IPV6" + ] + }, "TargetDBClusterParameterGroupName":{ "type":"string", "max":255, @@ -16812,7 +17012,8 @@ "CONNECTION_FAILED", "AUTH_FAILURE", "PENDING_PROXY_CAPACITY", - "INVALID_REPLICATION_STATE" + "INVALID_REPLICATION_STATE", + "PROMOTED" ] }, "TargetList":{ @@ -16832,7 +17033,8 @@ "enum":[ "REGISTERING", "AVAILABLE", - "UNAVAILABLE" + "UNAVAILABLE", + "UNUSED" ] }, "TargetStorageType":{"type":"string"}, @@ -16895,6 +17097,7 @@ "shape":"TenantDatabasePendingModifiedValues", "documentation":"

    Information about pending changes for a tenant database.

    " }, + "MasterUserSecret":{"shape":"MasterUserSecret"}, "TagList":{"shape":"TagList"} }, "documentation":"

    A tenant database in the DB instance. This data type is an element in the response to the DescribeTenantDatabases action.

    ", @@ -16902,8 +17105,7 @@ }, "TenantDatabaseAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You attempted to either create a tenant database that already exists or modify a tenant database to use the name of an existing tenant database.

    ", "error":{ "code":"TenantDatabaseAlreadyExists", @@ -16914,8 +17116,7 @@ }, "TenantDatabaseNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified tenant database wasn't found in the DB instance.

    ", "error":{ "code":"TenantDatabaseNotFound", @@ -16940,8 +17141,7 @@ }, "TenantDatabaseQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You attempted to create more tenant databases than are permitted in your Amazon Web Services account.

    ", "error":{ "code":"TenantDatabaseQuotaExceeded", @@ -16982,8 +17182,7 @@ }, "UnsupportedDBEngineVersionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified DB engine version isn't supported for Aurora Limitless Database.

    ", "error":{ "code":"UnsupportedDBEngineVersion", @@ -17050,11 +17249,11 @@ "type":"structure", "members":{ "Description":{ - "shape":"String", + "shape":"Description", "documentation":"

    A user-specified description about the authentication used by a proxy to log in as a specific database user.

    " }, "UserName":{ - "shape":"String", + "shape":"AuthUserName", "documentation":"

    The name of the database user to which the proxy connects.

    " }, "AuthScheme":{ @@ -17062,7 +17261,7 @@ "documentation":"

    The type of authentication that the proxy uses for connections from the proxy to the underlying database.

    " }, "SecretArn":{ - "shape":"String", + "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager.

    " }, "IAMAuth":{ @@ -17071,7 +17270,7 @@ }, "ClientPasswordAuthType":{ "shape":"ClientPasswordAuthType", - "documentation":"

    The type of authentication the proxy uses for connections from clients.

    " + "documentation":"

    The type of authentication the proxy uses for connections from clients. The following values are defaults for the corresponding engines:

    • RDS for MySQL: MYSQL_CACHING_SHA2_PASSWORD

    • RDS for SQL Server: SQL_SERVER_AUTHENTICATION

    • RDS for PostgreSQL: POSTGRES_SCRAM_SHA2_256

    " } }, "documentation":"

    Specifies the details of authentication used by a proxy to log in as a specific database user.

    " @@ -17097,7 +17296,7 @@ }, "IAMAuth":{ "shape":"IAMAuthMode", - "documentation":"

    Whether to require or disallow Amazon Web Services Identity and Access Management (IAM) authentication for connections to the proxy. The ENABLED value is valid only for proxies with RDS for Microsoft SQL Server.

    " + "documentation":"

    Whether to require or disallow Amazon Web Services Identity and Access Management (IAM) authentication for connections to the proxy.

    " }, "ClientPasswordAuthType":{ "shape":"ClientPasswordAuthType", @@ -17112,7 +17311,9 @@ }, "UserAuthConfigList":{ "type":"list", - "member":{"shape":"UserAuthConfig"} + "member":{"shape":"UserAuthConfig"}, + "max":200, + "min":0 }, "ValidDBInstanceModificationsMessage":{ "type":"structure", @@ -17152,10 +17353,6 @@ "shape":"DoubleRangeList", "documentation":"

    The valid range of Provisioned IOPS to gibibytes of storage multiplier. For example, 3-10, which means that provisioned IOPS can be between 3 and 10 times storage.

    " }, - "SupportsStorageAutoscaling":{ - "shape":"Boolean", - "documentation":"

    Indicates whether or not Amazon RDS can automatically scale storage for DB instances that use the new instance class.

    " - }, "ProvisionedStorageThroughput":{ "shape":"RangeList", "documentation":"

    The valid range of provisioned storage throughput. For example, 500-4,000 mebibytes per second (MiBps).

    " @@ -17163,6 +17360,10 @@ "StorageThroughputToIopsRatio":{ "shape":"DoubleRangeList", "documentation":"

    The valid range of storage throughput to provisioned IOPS ratios. For example, 0-0.25.

    " + }, + "SupportsStorageAutoscaling":{ + "shape":"Boolean", + "documentation":"

    Indicates whether or not Amazon RDS can automatically scale storage for DB instances that use the new instance class.

    " } }, "documentation":"

    Information about valid modifications that you can make to your DB instance. Contains the result of a successful call to the DescribeValidDBInstanceModifications action.

    " diff -pruN 2.23.6-1/awscli/botocore/data/rds-data/2018-08-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rds-data/2018-08-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rds-data/2018-08-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rds-data/2018-08-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/rds-data/2018-08-01/service-2.json 2.31.35-1/awscli/botocore/data/rds-data/2018-08-01/service-2.json --- 2.23.6-1/awscli/botocore/data/rds-data/2018-08-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rds-data/2018-08-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,6 +30,7 @@ {"shape":"DatabaseUnavailableException"}, {"shape":"TransactionNotFoundException"}, {"shape":"InvalidSecretException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableError"}, {"shape":"ForbiddenException"}, {"shape":"DatabaseNotFoundException"}, @@ -57,6 +58,7 @@ {"shape":"DatabaseUnavailableException"}, {"shape":"TransactionNotFoundException"}, {"shape":"InvalidSecretException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableError"}, {"shape":"ForbiddenException"}, {"shape":"DatabaseNotFoundException"}, @@ -83,6 +85,7 @@ {"shape":"DatabaseUnavailableException"}, {"shape":"TransactionNotFoundException"}, {"shape":"InvalidSecretException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableError"}, {"shape":"ForbiddenException"}, {"shape":"DatabaseNotFoundException"}, @@ -132,6 +135,7 @@ {"shape":"DatabaseUnavailableException"}, {"shape":"TransactionNotFoundException"}, {"shape":"InvalidSecretException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableError"}, {"shape":"ForbiddenException"}, {"shape":"DatabaseNotFoundException"}, @@ -159,6 +163,7 @@ {"shape":"DatabaseUnavailableException"}, {"shape":"TransactionNotFoundException"}, {"shape":"InvalidSecretException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableError"}, {"shape":"ForbiddenException"}, {"shape":"DatabaseNotFoundException"}, @@ -476,7 +481,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

    A request was canceled because the Aurora Serverless v2 DB instance was in a paused state. The Data API request automatically causes the DB instance to begin resuming. Wait a few seconds and try again.

    ", + "documentation":"

    A request was cancelled because the Aurora Serverless v2 DB instance was paused. The Data API request automatically resumes the DB instance. Wait a few seconds and try again.

    ", "error":{ "httpStatusCode":400, "senderFault":true @@ -714,6 +719,18 @@ "exception":true, "fault":true }, + "InvalidResourceStateException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The resource is in an invalid state.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "InvalidSecretException":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/redshift/2012-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/redshift/2012-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/redshift/2012-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift/2012-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/redshift/2012-12-01/service-2.json 2.31.35-1/awscli/botocore/data/redshift/2012-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/redshift/2012-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift/2012-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -510,7 +510,9 @@ {"shape":"DependentServiceUnavailableFault"}, {"shape":"UnsupportedOperationFault"}, {"shape":"DependentServiceAccessDeniedFault"}, - {"shape":"RedshiftIdcApplicationQuotaExceededFault"} + {"shape":"RedshiftIdcApplicationQuotaExceededFault"}, + {"shape":"TagLimitExceededFault"}, + {"shape":"InvalidTagFault"} ], "documentation":"

    Creates an Amazon Redshift application for use with IAM Identity Center.

    " }, @@ -1778,6 +1780,25 @@ ], "documentation":"

    Returns a database user name and temporary password with temporary authorization to log in to an Amazon Redshift database. The database user is mapped 1:1 to the source Identity and Access Management (IAM) identity. For more information about IAM identities, see IAM Identities (users, user groups, and roles) in the Amazon Web Services Identity and Access Management User Guide.

    The Identity and Access Management (IAM) identity that runs this operation must have an IAM policy attached that allows access to all necessary actions and resources. For more information about permissions, see Using identity-based policies (IAM policies) in the Amazon Redshift Cluster Management Guide.

    " }, + "GetIdentityCenterAuthToken":{ + "name":"GetIdentityCenterAuthToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIdentityCenterAuthTokenRequest"}, + "output":{ + "shape":"GetIdentityCenterAuthTokenResponse", + "resultWrapper":"GetIdentityCenterAuthTokenResult" + }, + "errors":[ + {"shape":"ClusterNotFoundFault"}, + {"shape":"InvalidClusterStateFault"}, + {"shape":"UnsupportedOperationFault"}, + {"shape":"RedshiftInvalidParameterFault"} + ], + "documentation":"

    Generates an encrypted authentication token that propagates the caller's Amazon Web Services IAM Identity Center identity to Amazon Redshift clusters. This API extracts the Amazon Web Services IAM Identity Center identity from enhanced credentials and creates a secure token that Amazon Redshift drivers can use for authentication.

    The token is encrypted using Key Management Service (KMS) and can only be decrypted by the specified Amazon Redshift clusters. The token contains the caller's Amazon Web Services IAM Identity Center identity information and is valid for a limited time period.

    This API is exclusively for use with Amazon Web Services IAM Identity Center enhanced credentials. If the caller is not using enhanced credentials with embedded Amazon Web Services IAM Identity Center identity, the API will return an error.

    " + }, "GetReservedNodeExchangeConfigurationOptions":{ "name":"GetReservedNodeExchangeConfigurationOptions", "http":{ @@ -2604,8 +2625,7 @@ }, "AccessToClusterDeniedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You are not authorized to access the cluster.

    ", "error":{ "code":"AccessToClusterDenied", @@ -2616,8 +2636,7 @@ }, "AccessToSnapshotDeniedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The owner of the specified snapshot has not authorized your account to access the snapshot.

    ", "error":{ "code":"AccessToSnapshotDenied", @@ -2814,8 +2833,7 @@ }, "AuthenticationProfileAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authentication profile already exists.

    ", "error":{ "code":"AuthenticationProfileAlreadyExistsFault", @@ -2835,8 +2853,7 @@ }, "AuthenticationProfileNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authentication profile can't be found.

    ", "error":{ "code":"AuthenticationProfileNotFoundFault", @@ -2847,8 +2864,7 @@ }, "AuthenticationProfileQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The size or number of authentication profiles has exceeded the quota. The maximum length of the JSON string and maximum number of authentication profiles is determined by a quota for your account.

    ", "error":{ "code":"AuthenticationProfileQuotaExceededFault", @@ -2859,8 +2875,7 @@ }, "AuthorizationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified CIDR block or EC2 security group is already authorized for the specified cluster security group.

    ", "error":{ "code":"AuthorizationAlreadyExists", @@ -2871,8 +2886,7 @@ }, "AuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified CIDR IP range or EC2 security group is not authorized for the specified cluster security group.

    ", "error":{ "code":"AuthorizationNotFound", @@ -2883,8 +2897,7 @@ }, "AuthorizationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authorization quota for the cluster security group has been reached.

    ", "error":{ "code":"AuthorizationQuotaExceeded", @@ -3066,8 +3079,7 @@ }, "BatchDeleteRequestSizeExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The maximum number for a batch delete of snapshots has been reached. The limit is 100.

    ", "error":{ "code":"BatchDeleteRequestSizeExceeded", @@ -3078,8 +3090,7 @@ }, "BatchModifyClusterSnapshotsLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The maximum number for snapshot identifiers has been reached. The limit is 100.

    ", "error":{ "code":"BatchModifyClusterSnapshotsLimitExceededFault", @@ -3137,8 +3148,7 @@ "BooleanOptional":{"type":"boolean"}, "BucketNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Could not find the specified S3 bucket.

    ", "error":{ "code":"BucketNotFoundFault", @@ -3427,8 +3437,7 @@ }, "ClusterAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The account already has a cluster with the given identifier.

    ", "error":{ "code":"ClusterAlreadyExists", @@ -3553,6 +3562,13 @@ "locationName":"ClusterIamRole" } }, + "ClusterIdentifierList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"ClusterIdentifier" + } + }, "ClusterList":{ "type":"list", "member":{ @@ -3584,8 +3600,7 @@ }, "ClusterNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The ClusterIdentifier parameter does not refer to an existing cluster.

    ", "error":{ "code":"ClusterNotFound", @@ -3596,8 +3611,7 @@ }, "ClusterOnLatestRevisionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Cluster is already on the latest database revision.

    ", "error":{ "code":"ClusterOnLatestRevision", @@ -3631,8 +3645,7 @@ }, "ClusterParameterGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A cluster parameter group with the same name already exists.

    ", "error":{ "code":"ClusterParameterGroupAlreadyExists", @@ -3671,8 +3684,7 @@ }, "ClusterParameterGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The parameter group name does not refer to an existing parameter group.

    ", "error":{ "code":"ClusterParameterGroupNotFound", @@ -3683,8 +3695,7 @@ }, "ClusterParameterGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of cluster parameter groups. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"ClusterParameterGroupQuotaExceeded", @@ -3756,8 +3767,7 @@ }, "ClusterQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would exceed the allowed number of cluster instances for this account. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"ClusterQuotaExceeded", @@ -3795,8 +3805,7 @@ }, "ClusterSecurityGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A cluster security group with the same name already exists.

    ", "error":{ "code":"ClusterSecurityGroupAlreadyExists", @@ -3849,8 +3858,7 @@ }, "ClusterSecurityGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster security group name does not refer to an existing cluster security group.

    ", "error":{ "code":"ClusterSecurityGroupNotFound", @@ -3861,8 +3869,7 @@ }, "ClusterSecurityGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of cluster security groups. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"QuotaExceeded.ClusterSecurityGroup", @@ -3880,8 +3887,7 @@ }, "ClusterSnapshotAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The value specified as a snapshot identifier is already used by an existing snapshot.

    ", "error":{ "code":"ClusterSnapshotAlreadyExists", @@ -3914,8 +3920,7 @@ }, "ClusterSnapshotNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The snapshot identifier does not refer to an existing cluster snapshot.

    ", "error":{ "code":"ClusterSnapshotNotFound", @@ -3926,8 +3931,7 @@ }, "ClusterSnapshotQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in the user exceeding the allowed number of cluster snapshots.

    ", "error":{ "code":"ClusterSnapshotQuotaExceeded", @@ -3973,8 +3977,7 @@ }, "ClusterSubnetGroupAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A ClusterSubnetGroupName is already used by an existing cluster subnet group.

    ", "error":{ "code":"ClusterSubnetGroupAlreadyExists", @@ -3999,8 +4002,7 @@ }, "ClusterSubnetGroupNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster subnet group name does not refer to an existing cluster subnet group.

    ", "error":{ "code":"ClusterSubnetGroupNotFoundFault", @@ -4011,8 +4013,7 @@ }, "ClusterSubnetGroupQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in user exceeding the allowed number of cluster subnet groups. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"ClusterSubnetGroupQuotaExceeded", @@ -4030,8 +4031,7 @@ }, "ClusterSubnetQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would result in user exceeding the allowed number of subnets in a cluster subnet groups. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"ClusterSubnetQuotaExceededFault", @@ -4095,8 +4095,7 @@ }, "ConflictPolicyUpdateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is a conflict while updating the resource policy.

    ", "error":{ "code":"ConflictPolicyUpdateFault", @@ -4145,8 +4144,7 @@ }, "CopyToRegionDisabledFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Cross-region snapshot copy was temporarily disabled. Try your request again.

    ", "error":{ "code":"CopyToRegionDisabledFault", @@ -4747,6 +4745,14 @@ "ServiceIntegrations":{ "shape":"ServiceIntegrationList", "documentation":"

    A collection of service integrations for the Redshift IAM Identity Center application.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    A list of tags.

    " + }, + "SsoTagKeys":{ + "shape":"TagKeyList", + "documentation":"

    A list of tags keys that Redshift Identity Center applications copy to IAM Identity Center. For each input key, the tag corresponding to the key-value pair is propagated.

    " } } }, @@ -4912,8 +4918,7 @@ }, "CustomCnameAssociationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred when an attempt was made to change the custom domain association.

    ", "error":{ "code":"CustomCnameAssociationFault", @@ -4924,8 +4929,7 @@ }, "CustomDomainAssociationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An error occurred. The custom domain name couldn't be found.

    ", "error":{ "code":"CustomDomainAssociationNotFoundFault", @@ -5433,8 +5437,7 @@ }, "DependentServiceAccessDeniedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A dependent service denied access for the integration.

    ", "error":{ "code":"DependentServiceAccessDenied", @@ -5445,8 +5448,7 @@ }, "DependentServiceRequestThrottlingFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request cannot be completed because a dependent service is throttling requests made by Amazon Redshift on your behalf. Wait and retry the request.

    ", "error":{ "code":"DependentServiceRequestThrottlingFault", @@ -5457,8 +5459,7 @@ }, "DependentServiceUnavailableFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Your request cannot be completed because a dependent internal service is temporarily unavailable. Wait 30 to 60 seconds and try again.

    ", "error":{ "code":"DependentServiceUnavailableFault", @@ -6827,8 +6828,7 @@ }, "EndpointAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The account already has a Redshift-managed VPC endpoint with the given identifier.

    ", "error":{ "code":"EndpointAlreadyExists", @@ -6881,8 +6881,7 @@ }, "EndpointAuthorizationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authorization already exists for this endpoint.

    ", "error":{ "code":"EndpointAuthorizationAlreadyExists", @@ -6906,8 +6905,7 @@ }, "EndpointAuthorizationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authorization for this endpoint can't be found.

    ", "error":{ "code":"EndpointAuthorizationNotFound", @@ -6922,8 +6920,7 @@ }, "EndpointAuthorizationsPerClusterLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of endpoint authorizations per cluster has exceeded its limit.

    ", "error":{ "code":"EndpointAuthorizationsPerClusterLimitExceeded", @@ -6934,8 +6931,7 @@ }, "EndpointNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The endpoint name doesn't refer to an existing endpoint.

    ", "error":{ "code":"EndpointNotFound", @@ -6946,8 +6942,7 @@ }, "EndpointsPerAuthorizationLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of Redshift-managed VPC endpoints per authorization has exceeded its limit.

    ", "error":{ "code":"EndpointsPerAuthorizationLimitExceeded", @@ -6958,8 +6953,7 @@ }, "EndpointsPerClusterLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of Redshift-managed VPC endpoints per cluster has exceeded its limit.

    ", "error":{ "code":"EndpointsPerClusterLimitExceeded", @@ -7131,8 +7125,7 @@ }, "EventSubscriptionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request would exceed the allowed number of event subscriptions for this account. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"EventSubscriptionQuotaExceeded", @@ -7248,6 +7241,31 @@ } } }, + "GetIdentityCenterAuthTokenRequest":{ + "type":"structure", + "required":["ClusterIds"], + "members":{ + "ClusterIds":{ + "shape":"ClusterIdentifierList", + "documentation":"

    A list of cluster identifiers that the generated token can be used with. The token will be scoped to only allow authentication to the specified clusters.

    Constraints:

    • ClusterIds must contain at least 1 cluster identifier.

    • ClusterIds can hold a maximum of 20 cluster identifiers.

    • Cluster identifiers must be 1 to 63 characters in length.

    • The characters accepted for cluster identifiers are the following:

      • Alphanumeric characters

      • Hyphens

    • Cluster identifiers must start with a letter.

    • Cluster identifiers can't end with a hyphen or contain two consecutive hyphens.

    " + } + }, + "documentation":"

    The request parameters for GetIdentityCenterAuthToken.

    " + }, + "GetIdentityCenterAuthTokenResponse":{ + "type":"structure", + "members":{ + "Token":{ + "shape":"SensitiveString", + "documentation":"

    The encrypted authentication token containing the caller's Amazon Web Services IAM Identity Center identity information. This token is encrypted using Key Management Service and can only be decrypted by the specified Amazon Redshift clusters. Use this token with Amazon Redshift drivers to authenticate using your Amazon Web Services IAM Identity Center identity.

    " + }, + "ExpirationTime":{ + "shape":"TStamp", + "documentation":"

    The time (UTC) when the token expires. After this timestamp, the token will no longer be valid for authentication.

    " + } + }, + "documentation":"

    The response from GetIdentityCenterAuthToken containing the encrypted authentication token and expiration time.

    " + }, "GetReservedNodeExchangeConfigurationOptionsInputMessage":{ "type":"structure", "required":["ActionType"], @@ -7359,8 +7377,7 @@ }, "HsmClientCertificateAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is already an existing Amazon Redshift HSM client certificate with the specified identifier.

    ", "error":{ "code":"HsmClientCertificateAlreadyExistsFault", @@ -7392,8 +7409,7 @@ }, "HsmClientCertificateNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is no Amazon Redshift HSM client certificate with the specified identifier.

    ", "error":{ "code":"HsmClientCertificateNotFoundFault", @@ -7404,8 +7420,7 @@ }, "HsmClientCertificateQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota for HSM client certificates has been reached. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"HsmClientCertificateQuotaExceededFault", @@ -7443,8 +7458,7 @@ }, "HsmConfigurationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is already an existing Amazon Redshift HSM configuration with the specified identifier.

    ", "error":{ "code":"HsmConfigurationAlreadyExistsFault", @@ -7476,8 +7490,7 @@ }, "HsmConfigurationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is no Amazon Redshift HSM configuration with the specified identifier.

    ", "error":{ "code":"HsmConfigurationNotFoundFault", @@ -7488,8 +7501,7 @@ }, "HsmConfigurationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota for HSM configurations has been reached. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"HsmConfigurationQuotaExceededFault", @@ -7582,8 +7594,7 @@ }, "InProgressTableRestoreQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the allowed number of table restore requests. Wait for your current table restore requests to complete before making a new request.

    ", "error":{ "code":"InProgressTableRestoreQuotaExceededFault", @@ -7650,8 +7661,7 @@ }, "IncompatibleOrderableOptions":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified options are incompatible.

    ", "error":{ "code":"IncompatibleOrderableOptions", @@ -7662,8 +7672,7 @@ }, "InsufficientClusterCapacityFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of nodes specified exceeds the allotted capacity of the cluster.

    ", "error":{ "code":"InsufficientClusterCapacity", @@ -7674,8 +7683,7 @@ }, "InsufficientS3BucketPolicyFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster does not have read bucket or put object permissions on the S3 bucket specified when enabling logging.

    ", "error":{ "code":"InsufficientS3BucketPolicyFault", @@ -7737,8 +7745,7 @@ }, "IntegrationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The integration you are trying to create already exists.

    ", "error":{ "code":"IntegrationAlreadyExistsFault", @@ -7755,8 +7762,7 @@ }, "IntegrationConflictOperationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A conflicting conditional operation is currently in progress against this resource. This typically occurs when there are multiple requests being made to the same resource at the same time, and these requests conflict with each other.

    ", "error":{ "code":"IntegrationConflictOperationFault", @@ -7767,8 +7773,7 @@ }, "IntegrationConflictStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The integration is in an invalid state and can't perform the requested operation.

    ", "error":{ "code":"IntegrationConflictStateFault", @@ -7820,8 +7825,7 @@ }, "IntegrationNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The integration can't be found.

    ", "error":{ "code":"IntegrationNotFoundFault", @@ -7832,8 +7836,7 @@ }, "IntegrationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't create any more zero-ETL or S3 event integrations because the quota has been reached.

    ", "error":{ "code":"IntegrationQuotaExceededFault", @@ -7844,8 +7847,7 @@ }, "IntegrationSourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified integration source can't be found.

    ", "error":{ "code":"IntegrationSourceNotFoundFault", @@ -7856,8 +7858,7 @@ }, "IntegrationTargetNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified integration target can't be found.

    ", "error":{ "code":"IntegrationTargetNotFoundFault", @@ -7881,8 +7882,7 @@ }, "InvalidAuthenticationProfileRequestFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The authentication profile request is not valid. The profile name can't be null or empty. The authentication profile API operation must be available in the Amazon Web Services Region.

    ", "error":{ "code":"InvalidAuthenticationProfileRequestFault", @@ -7893,8 +7893,7 @@ }, "InvalidAuthorizationStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The status of the authorization is not valid.

    ", "error":{ "code":"InvalidAuthorizationState", @@ -7905,8 +7904,7 @@ }, "InvalidClusterParameterGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster parameter group action can not be completed because another task is in progress that involves the parameter group. Wait a few moments and try the operation again.

    ", "error":{ "code":"InvalidClusterParameterGroupState", @@ -7917,8 +7915,7 @@ }, "InvalidClusterSecurityGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the cluster security group is not available.

    ", "error":{ "code":"InvalidClusterSecurityGroupState", @@ -7929,8 +7926,7 @@ }, "InvalidClusterSnapshotScheduleStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster snapshot schedule state is not valid.

    ", "error":{ "code":"InvalidClusterSnapshotScheduleState", @@ -7941,8 +7937,7 @@ }, "InvalidClusterSnapshotStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified cluster snapshot is not in the available state, or other accounts are authorized to access the snapshot.

    ", "error":{ "code":"InvalidClusterSnapshotState", @@ -7953,8 +7948,7 @@ }, "InvalidClusterStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified cluster is not in the available state.

    ", "error":{ "code":"InvalidClusterState", @@ -7965,8 +7959,7 @@ }, "InvalidClusterSubnetGroupStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster subnet group cannot be deleted because it is in use.

    ", "error":{ "code":"InvalidClusterSubnetGroupStateFault", @@ -7977,8 +7970,7 @@ }, "InvalidClusterSubnetStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The state of the subnet is invalid.

    ", "error":{ "code":"InvalidClusterSubnetStateFault", @@ -7989,8 +7981,7 @@ }, "InvalidClusterTrackFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The provided cluster track name is not valid.

    ", "error":{ "code":"InvalidClusterTrack", @@ -8001,8 +7992,7 @@ }, "InvalidDataShareFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is an error with the datashare.

    ", "error":{ "code":"InvalidDataShareFault", @@ -8013,8 +8003,7 @@ }, "InvalidElasticIpFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The Elastic IP (EIP) is invalid or cannot be found.

    ", "error":{ "code":"InvalidElasticIpFault", @@ -8025,8 +8014,7 @@ }, "InvalidEndpointStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The status of the endpoint is not valid.

    ", "error":{ "code":"InvalidEndpointState", @@ -8037,8 +8025,7 @@ }, "InvalidHsmClientCertificateStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified HSM client certificate is not in the available state, or it is still in use by one or more Amazon Redshift clusters.

    ", "error":{ "code":"InvalidHsmClientCertificateStateFault", @@ -8049,8 +8036,7 @@ }, "InvalidHsmConfigurationStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified HSM configuration is not in the available state, or it is still in use by one or more Amazon Redshift clusters.

    ", "error":{ "code":"InvalidHsmConfigurationStateFault", @@ -8061,8 +8047,7 @@ }, "InvalidNamespaceFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The namespace isn't valid because the namespace doesn't exist. Provide a valid namespace.

    ", "error":{ "code":"InvalidNamespaceFault", @@ -8073,8 +8058,7 @@ }, "InvalidPolicyFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource policy isn't valid.

    ", "error":{ "code":"InvalidPolicyFault", @@ -8085,8 +8069,7 @@ }, "InvalidReservedNodeStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the Reserved Node being exchanged is not in an active state.

    ", "error":{ "code":"InvalidReservedNodeState", @@ -8097,8 +8080,7 @@ }, "InvalidRestoreFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The restore is invalid.

    ", "error":{ "code":"InvalidRestore", @@ -8109,8 +8091,7 @@ }, "InvalidRetentionPeriodFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The retention period specified is either in the past or is not a valid value.

    The value must be either -1 or an integer between 1 and 3,653.

    ", "error":{ "code":"InvalidRetentionPeriodFault", @@ -8121,8 +8102,7 @@ }, "InvalidS3BucketNameFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The S3 bucket name is invalid. For more information about naming rules, go to Bucket Restrictions and Limitations in the Amazon Simple Storage Service (S3) Developer Guide.

    ", "error":{ "code":"InvalidS3BucketNameFault", @@ -8133,8 +8113,7 @@ }, "InvalidS3KeyPrefixFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The string specified for the logging S3 key prefix does not comply with the documented constraints.

    ", "error":{ "code":"InvalidS3KeyPrefixFault", @@ -8145,8 +8124,7 @@ }, "InvalidScheduleFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The schedule you submitted isn't valid.

    ", "error":{ "code":"InvalidSchedule", @@ -8157,8 +8135,7 @@ }, "InvalidScheduledActionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The scheduled action is not valid.

    ", "error":{ "code":"InvalidScheduledAction", @@ -8169,8 +8146,7 @@ }, "InvalidSnapshotCopyGrantStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The snapshot copy grant can't be deleted because it is used by one or more clusters.

    ", "error":{ "code":"InvalidSnapshotCopyGrantStateFault", @@ -8181,8 +8157,7 @@ }, "InvalidSubnet":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested subnet is not valid, or not all of the subnets are in the same VPC.

    ", "error":{ "code":"InvalidSubnet", @@ -8193,8 +8168,7 @@ }, "InvalidSubscriptionStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The subscription request is invalid because it is a duplicate request. This subscription request is already in progress.

    ", "error":{ "code":"InvalidSubscriptionStateFault", @@ -8205,8 +8179,7 @@ }, "InvalidTableRestoreArgumentFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The value specified for the sourceDatabaseName, sourceSchemaName, or sourceTableName parameter, or a combination of these, doesn't exist in the snapshot.

    ", "error":{ "code":"InvalidTableRestoreArgument", @@ -8217,8 +8190,7 @@ }, "InvalidTagFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The tag is invalid.

    ", "error":{ "code":"InvalidTagFault", @@ -8229,8 +8201,7 @@ }, "InvalidUsageLimitFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The usage limit is not valid.

    ", "error":{ "code":"InvalidUsageLimit", @@ -8241,8 +8212,7 @@ }, "InvalidVPCNetworkStateFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster subnet group does not cover all Availability Zones.

    ", "error":{ "code":"InvalidVPCNetworkStateFault", @@ -8253,8 +8223,7 @@ }, "Ipv6CidrBlockNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There are no subnets in your VPC with associated IPv6 CIDR blocks. To use dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC.

    ", "error":{ "code":"Ipv6CidrBlockNotFoundFault", @@ -8291,8 +8260,7 @@ }, "LimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The encryption key has exceeded its grant limit in Amazon Web Services KMS.

    ", "error":{ "code":"LimitExceededFault", @@ -9156,8 +9124,7 @@ }, "NumberOfNodesPerClusterLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation would exceed the number of nodes allowed for a cluster.

    ", "error":{ "code":"NumberOfNodesPerClusterLimitExceeded", @@ -9168,8 +9135,7 @@ }, "NumberOfNodesQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation would exceed the number of nodes allotted to the account. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"NumberOfNodesQuotaExceeded", @@ -9411,8 +9377,7 @@ }, "PartnerNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The name of the partner was not found.

    ", "error":{ "code":"PartnerNotFound", @@ -9739,6 +9704,14 @@ "ServiceIntegrations":{ "shape":"ServiceIntegrationList", "documentation":"

    A list of service integrations for the Redshift IAM Identity Center application.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    A list of tags.

    " + }, + "SsoTagKeys":{ + "shape":"TagKeyList", + "documentation":"

    A list of tags keys that Redshift Identity Center applications copy to IAM Identity Center. For each input key, the tag corresponding to the key-value pair is propagated.

    " } }, "documentation":"

    Contains properties for the Redshift IDC application.

    ", @@ -9746,8 +9719,7 @@ }, "RedshiftIdcApplicationAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The application you attempted to add already exists.

    ", "error":{ "code":"RedshiftIdcApplicationAlreadyExists", @@ -9768,8 +9740,7 @@ }, "RedshiftIdcApplicationNotExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The application you attempted to find doesn't exist.

    ", "error":{ "code":"RedshiftIdcApplicationNotExists", @@ -9780,8 +9751,7 @@ }, "RedshiftIdcApplicationQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The maximum number of Redshift IAM Identity Center applications was exceeded.

    ", "error":{ "code":"RedshiftIdcApplicationQuotaExceeded", @@ -9790,6 +9760,17 @@ }, "exception":true }, + "RedshiftInvalidParameterFault":{ + "type":"structure", + "members":{}, + "documentation":"

    The request contains one or more invalid parameters. This error occurs when required parameters are missing, parameter values are outside acceptable ranges, or parameter formats are incorrect.

    ", + "error":{ + "code":"RedshiftInvalidParameter", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "ReferenceLink":{ "type":"structure", "members":{ @@ -9908,8 +9889,7 @@ }, "ReservedNodeAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    User already has a reservation with the given identifier.

    ", "error":{ "code":"ReservedNodeAlreadyExists", @@ -9920,8 +9900,7 @@ }, "ReservedNodeAlreadyMigratedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the reserved node has already been exchanged.

    ", "error":{ "code":"ReservedNodeAlreadyMigrated", @@ -9959,8 +9938,7 @@ }, "ReservedNodeExchangeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The reserved-node exchange status wasn't found.

    ", "error":{ "code":"ReservedNodeExchangeNotFond", @@ -10039,8 +10017,7 @@ }, "ReservedNodeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified reserved compute node not found.

    ", "error":{ "code":"ReservedNodeNotFound", @@ -10101,8 +10078,7 @@ }, "ReservedNodeOfferingNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specified offering does not exist.

    ", "error":{ "code":"ReservedNodeOfferingNotFound", @@ -10134,8 +10110,7 @@ }, "ReservedNodeQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request would exceed the user's compute node quota. For information about increasing your quota, go to Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

    ", "error":{ "code":"ReservedNodeQuotaExceeded", @@ -10234,8 +10209,7 @@ }, "ResizeNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A resize operation for the specified cluster is not found.

    ", "error":{ "code":"ResizeNotFound", @@ -10316,8 +10290,7 @@ }, "ResourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource could not be found.

    ", "error":{ "code":"ResourceNotFoundFault", @@ -10753,8 +10726,7 @@ }, "SNSInvalidTopicFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon SNS has responded that there is a problem with the specified Amazon SNS topic.

    ", "error":{ "code":"SNSInvalidTopic", @@ -10765,8 +10737,7 @@ }, "SNSNoAuthorizationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You do not have permission to publish to the specified Amazon SNS topic.

    ", "error":{ "code":"SNSNoAuthorization", @@ -10777,8 +10748,7 @@ }, "SNSTopicArnNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An Amazon SNS topic with the specified Amazon Resource Name (ARN) does not exist.

    ", "error":{ "code":"SNSTopicArnNotFound", @@ -10796,8 +10766,7 @@ }, "ScheduleDefinitionTypeUnsupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The definition you submitted is not supported.

    ", "error":{ "code":"ScheduleDefinitionTypeUnsupported", @@ -10858,8 +10827,7 @@ }, "ScheduledActionAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The scheduled action already exists.

    ", "error":{ "code":"ScheduledActionAlreadyExists", @@ -10909,8 +10877,7 @@ }, "ScheduledActionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The scheduled action cannot be found.

    ", "error":{ "code":"ScheduledActionNotFound", @@ -10921,8 +10888,7 @@ }, "ScheduledActionQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The quota for scheduled actions exceeded.

    ", "error":{ "code":"ScheduledActionQuotaExceeded", @@ -10965,8 +10931,7 @@ }, "ScheduledActionTypeUnsupportedFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The action type specified for a scheduled action is not supported.

    ", "error":{ "code":"ScheduledActionTypeUnsupported", @@ -11230,8 +11195,7 @@ }, "SnapshotCopyAlreadyDisabledFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster already has cross-region snapshot copy disabled.

    ", "error":{ "code":"SnapshotCopyAlreadyDisabledFault", @@ -11242,8 +11206,7 @@ }, "SnapshotCopyAlreadyEnabledFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The cluster already has cross-region snapshot copy enabled.

    ", "error":{ "code":"SnapshotCopyAlreadyEnabledFault", @@ -11254,8 +11217,7 @@ }, "SnapshotCopyDisabledFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Cross-region snapshot copy was temporarily disabled. Try your request again.

    ", "error":{ "code":"SnapshotCopyDisabledFault", @@ -11285,8 +11247,7 @@ }, "SnapshotCopyGrantAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The snapshot copy grant can't be created because a grant with the same name already exists.

    ", "error":{ "code":"SnapshotCopyGrantAlreadyExistsFault", @@ -11318,8 +11279,7 @@ }, "SnapshotCopyGrantNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified snapshot copy grant can't be found. Make sure that the name is typed correctly and that the grant exists in the destination region.

    ", "error":{ "code":"SnapshotCopyGrantNotFoundFault", @@ -11330,8 +11290,7 @@ }, "SnapshotCopyGrantQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The Amazon Web Services account has exceeded the maximum number of snapshot copy grants in this region.

    ", "error":{ "code":"SnapshotCopyGrantQuotaExceededFault", @@ -11426,8 +11385,7 @@ }, "SnapshotScheduleAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified snapshot schedule already exists.

    ", "error":{ "code":"SnapshotScheduleAlreadyExists", @@ -11445,8 +11403,7 @@ }, "SnapshotScheduleNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    We could not find the specified snapshot schedule.

    ", "error":{ "code":"SnapshotScheduleNotFound", @@ -11457,8 +11414,7 @@ }, "SnapshotScheduleQuotaExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the quota of snapshot schedules.

    ", "error":{ "code":"SnapshotScheduleQuotaExceeded", @@ -11469,8 +11425,7 @@ }, "SnapshotScheduleUpdateInProgressFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified snapshot schedule is already being updated.

    ", "error":{ "code":"SnapshotScheduleUpdateInProgress", @@ -11523,8 +11478,7 @@ }, "SourceNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified Amazon Redshift event source could not be found.

    ", "error":{ "code":"SourceNotFound", @@ -11567,8 +11521,7 @@ }, "SubnetAlreadyInUse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A specified subnet is already in use by another cluster.

    ", "error":{ "code":"SubnetAlreadyInUse", @@ -11593,8 +11546,7 @@ }, "SubscriptionAlreadyExistFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There is already an existing event notification subscription with the specified name.

    ", "error":{ "code":"SubscriptionAlreadyExist", @@ -11605,8 +11557,7 @@ }, "SubscriptionCategoryNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The value specified for the event category was not one of the allowed values, or it specified a category that does not apply to the specified source type. The allowed values are Configuration, Management, Monitoring, and Security.

    ", "error":{ "code":"SubscriptionCategoryNotFound", @@ -11617,8 +11568,7 @@ }, "SubscriptionEventIdNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An Amazon Redshift event with the specified event ID does not exist.

    ", "error":{ "code":"SubscriptionEventIdNotFound", @@ -11629,8 +11579,7 @@ }, "SubscriptionNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An Amazon Redshift event notification subscription with the specified name does not exist.

    ", "error":{ "code":"SubscriptionNotFound", @@ -11641,8 +11590,7 @@ }, "SubscriptionSeverityNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The value specified for the event severity was not one of the allowed values, or it specified a severity that does not apply to the specified source type. The allowed values are ERROR and INFO.

    ", "error":{ "code":"SubscriptionSeverityNotFound", @@ -11689,8 +11637,7 @@ "TStamp":{"type":"timestamp"}, "TableLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of tables in the cluster exceeds the limit for the requested new cluster node type.

    ", "error":{ "code":"TableLimitExceeded", @@ -11701,8 +11648,7 @@ }, "TableRestoreNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified TableRestoreRequestId value was not found.

    ", "error":{ "code":"TableRestoreNotFoundFault", @@ -11828,8 +11774,7 @@ }, "TagLimitExceededFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have exceeded the number of tags allowed.

    ", "error":{ "code":"TagLimitExceededFault", @@ -11919,8 +11864,7 @@ }, "UnauthorizedOperation":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Your account is not authorized to perform the requested operation.

    ", "error":{ "code":"UnauthorizedOperation", @@ -11931,8 +11875,7 @@ }, "UnauthorizedPartnerIntegrationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The partner integration is not authorized.

    ", "error":{ "code":"UnauthorizedPartnerIntegration", @@ -11943,8 +11886,7 @@ }, "UnknownSnapshotCopyRegionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified region is incorrect or does not exist.

    ", "error":{ "code":"UnknownSnapshotCopyRegionFault", @@ -11955,8 +11897,7 @@ }, "UnsupportedOperationFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested operation isn't supported.

    ", "error":{ "code":"UnsupportedOperation", @@ -11967,8 +11908,7 @@ }, "UnsupportedOptionFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A request option was specified that is not supported.

    ", "error":{ "code":"UnsupportedOptionFault", @@ -12071,8 +12011,7 @@ }, "UsageLimitAlreadyExistsFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The usage limit already exists.

    ", "error":{ "code":"UsageLimitAlreadyExists", @@ -12119,8 +12058,7 @@ }, "UsageLimitNotFoundFault":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The usage limit identifier can't be found.

    ", "error":{ "code":"UsageLimitNotFound", diff -pruN 2.23.6-1/awscli/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/redshift-data/2019-12-20/service-2.json 2.31.35-1/awscli/botocore/data/redshift-data/2019-12-20/service-2.json --- 2.23.6-1/awscli/botocore/data/redshift-data/2019-12-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift-data/2019-12-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -170,7 +170,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    List of SQL statements. By default, only finished statements are shown. A token is returned to page through the statement list.

    For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.

    " + "documentation":"

    List of SQL statements. By default, only finished statements are shown. A token is returned to page through the statement list.

    When you use identity-enhanced role sessions to list statements, you must provide either the cluster-identifier or workgroup-name parameter. This ensures that the IdC user can only access the Amazon Redshift IdC applications they are assigned. For more information, see Trusted identity propagation overview.

    For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.

    " }, "ListTables":{ "name":"ListTables", @@ -971,6 +971,14 @@ "ListStatementsRequest":{ "type":"structure", "members":{ + "ClusterIdentifier":{ + "shape":"ClusterIdentifierString", + "documentation":"

    The cluster identifier. Only statements that ran on this cluster are returned. When providing ClusterIdentifier, then WorkgroupName can't be specified.

    " + }, + "Database":{ + "shape":"String", + "documentation":"

    The name of the database when listing statements run against a ClusterIdentifier or WorkgroupName.

    " + }, "MaxResults":{ "shape":"ListStatementsLimit", "documentation":"

    The maximum number of SQL statements to return in the response. If more SQL statements exist than fit in one response, then NextToken is returned to page through the results.

    " @@ -990,6 +998,10 @@ "Status":{ "shape":"StatusString", "documentation":"

    The status of the SQL statement to list. Status values are defined as follows:

    • ABORTED - The query run was stopped by the user.

    • ALL - A status value that includes all query statuses. This value can be used to filter results.

    • FAILED - The query run failed.

    • FINISHED - The query has finished running.

    • PICKED - The query has been chosen to be run.

    • STARTED - The query run has started.

    • SUBMITTED - The query was submitted, but not yet processed.

    " + }, + "WorkgroupName":{ + "shape":"WorkgroupNameString", + "documentation":"

    The serverless workgroup name or Amazon Resource Name (ARN). Only statements that ran on this workgroup are returned. When providing WorkgroupName, then ClusterIdentifier can't be specified.

    " } } }, @@ -1359,7 +1371,7 @@ "type":"string", "max":128, "min":3, - "pattern":"^(([a-z0-9-]+)|(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}))$" + "pattern":"^(([a-z0-9-]+)|(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov|(-iso[a-z]?))?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}))$" }, "bool":{"type":"boolean"} }, diff -pruN 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/paginators-1.json 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/paginators-1.json --- 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -65,6 +65,24 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "managedWorkgroups" + }, + "ListTracks": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "tracks" + }, + "ListReservationOfferings": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "reservationOfferingsList" + }, + "ListReservations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "reservationsList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json --- 2.23.6-1/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -31,7 +31,7 @@ {"shape":"TooManyTagsException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Converts a recovery point to a snapshot. For more information about recovery points and snapshots, see Working with snapshots and recovery points.

    " + "documentation":"

    Converts a recovery point to a snapshot. For more information about recovery points and snapshots, see Working with snapshots and recovery points.

    " }, "CreateCustomDomainAssociation":{ "name":"CreateCustomDomainAssociation", @@ -87,6 +87,26 @@ "documentation":"

    Creates a namespace in Amazon Redshift Serverless.

    ", "idempotent":true }, + "CreateReservation":{ + "name":"CreateReservation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateReservationRequest"}, + "output":{"shape":"CreateReservationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"TooManyTagsException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates an Amazon Redshift Serverless reservation, which gives you the option to commit to a specified number of Redshift Processing Units (RPUs) for a year at a discount from Serverless on-demand (OD) rates.

    ", + "idempotent":true + }, "CreateScheduledAction":{ "name":"CreateScheduledAction", "http":{ @@ -120,7 +140,7 @@ {"shape":"TooManyTagsException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Creates a snapshot of all databases in a namespace. For more information about snapshots, see Working with snapshots and recovery points.

    ", + "documentation":"

    Creates a snapshot of all databases in a namespace. For more information about snapshots, see Working with snapshots and recovery points.

    ", "idempotent":true }, "CreateSnapshotCopyConfiguration":{ @@ -412,6 +432,38 @@ ], "documentation":"

    Returns information about a recovery point.

    " }, + "GetReservation":{ + "name":"GetReservation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetReservationRequest"}, + "output":{"shape":"GetReservationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Gets an Amazon Redshift Serverless reservation. A reservation gives you the option to commit to a specified number of Redshift Processing Units (RPUs) for a year at a discount from Serverless on-demand (OD) rates.

    " + }, + "GetReservationOffering":{ + "name":"GetReservationOffering", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetReservationOfferingRequest"}, + "output":{"shape":"GetReservationOfferingResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the reservation offering. The offering determines the payment schedule for the reservation.

    " + }, "GetResourcePolicy":{ "name":"GetResourcePolicy", "http":{ @@ -471,6 +523,24 @@ ], "documentation":"

    Returns information about a TableRestoreStatus object.

    " }, + "GetTrack":{ + "name":"GetTrack", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTrackRequest"}, + "output":{"shape":"GetTrackResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Get the Redshift Serverless version for a specified track.

    " + }, "GetUsageLimit":{ "name":"GetUsageLimit", "http":{ @@ -577,6 +647,36 @@ ], "documentation":"

    Returns an array of recovery points.

    " }, + "ListReservationOfferings":{ + "name":"ListReservationOfferings", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListReservationOfferingsRequest"}, + "output":{"shape":"ListReservationOfferingsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns the current reservation offerings in your account.

    " + }, + "ListReservations":{ + "name":"ListReservations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListReservationsRequest"}, + "output":{"shape":"ListReservationsResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of Reservation objects.

    " + }, "ListScheduledActions":{ "name":"ListScheduledActions", "http":{ @@ -656,6 +756,23 @@ ], "documentation":"

    Lists the tags assigned to a resource.

    " }, + "ListTracks":{ + "name":"ListTracks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTracksRequest"}, + "output":{"shape":"ListTracksResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"InvalidPaginationException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    List the Amazon Redshift Serverless versions.

    " + }, "ListUsageLimits":{ "name":"ListUsageLimits", "http":{ @@ -988,6 +1105,8 @@ "type":"boolean", "box":true }, + "Capacity":{"type":"integer"}, + "Charge":{"type":"double"}, "ConfigParameter":{ "type":"structure", "members":{ @@ -1194,6 +1313,42 @@ } } }, + "CreateReservationRequest":{ + "type":"structure", + "required":[ + "capacity", + "offeringId" + ], + "members":{ + "capacity":{ + "shape":"Capacity", + "documentation":"

    The number of Redshift Processing Units (RPUs) to reserve.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. This token must be a valid UUIDv4 value. For more information about idempotency, see Making retries safe with idempotent APIs .

    ", + "idempotencyToken":true + }, + "offeringId":{ + "shape":"CreateReservationRequestOfferingIdString", + "documentation":"

    The ID of the offering associated with the reservation. The offering determines the payment schedule for the reservation.

    " + } + } + }, + "CreateReservationRequestOfferingIdString":{ + "type":"string", + "max":64, + "min":1 + }, + "CreateReservationResponse":{ + "type":"structure", + "members":{ + "reservation":{ + "shape":"Reservation", + "documentation":"

    The reservation object that the CreateReservation action created.

    " + } + } + }, "CreateScheduledActionRequest":{ "type":"structure", "required":[ @@ -1437,6 +1592,10 @@ "shape":"TagList", "documentation":"

    A array of tag instances.

    " }, + "trackName":{ + "shape":"TrackName", + "documentation":"

    An optional parameter for the name of the track for the workgroup. If you don't provide a track name, the workgroup is assigned to the current track.

    " + }, "workgroupName":{ "shape":"WorkgroupName", "documentation":"

    The name of the created workgroup.

    " @@ -1452,6 +1611,7 @@ } } }, + "CurrencyCode":{"type":"string"}, "CustomDomainCertificateArnString":{ "type":"string", "max":2048, @@ -1658,6 +1818,7 @@ "type":"double", "box":true }, + "Duration":{"type":"integer"}, "Endpoint":{ "type":"structure", "members":{ @@ -1864,6 +2025,56 @@ } } }, + "GetReservationOfferingRequest":{ + "type":"structure", + "required":["offeringId"], + "members":{ + "offeringId":{ + "shape":"GetReservationOfferingRequestOfferingIdString", + "documentation":"

    The identifier for the offering..

    " + } + } + }, + "GetReservationOfferingRequestOfferingIdString":{ + "type":"string", + "max":64, + "min":1 + }, + "GetReservationOfferingResponse":{ + "type":"structure", + "required":["reservationOffering"], + "members":{ + "reservationOffering":{ + "shape":"ReservationOffering", + "documentation":"

    The returned reservation offering. The offering determines the payment schedule for the reservation.

    " + } + } + }, + "GetReservationRequest":{ + "type":"structure", + "required":["reservationId"], + "members":{ + "reservationId":{ + "shape":"GetReservationRequestReservationIdString", + "documentation":"

    The ID of the reservation to retrieve.

    " + } + } + }, + "GetReservationRequestReservationIdString":{ + "type":"string", + "max":64, + "min":1 + }, + "GetReservationResponse":{ + "type":"structure", + "required":["reservation"], + "members":{ + "reservation":{ + "shape":"Reservation", + "documentation":"

    The returned reservation object.

    " + } + } + }, "GetResourcePolicyRequest":{ "type":"structure", "required":["resourceArn"], @@ -1947,6 +2158,25 @@ } } }, + "GetTrackRequest":{ + "type":"structure", + "required":["trackName"], + "members":{ + "trackName":{ + "shape":"TrackName", + "documentation":"

    The name of the track of which its version is fetched.

    " + } + } + }, + "GetTrackResponse":{ + "type":"structure", + "members":{ + "track":{ + "shape":"ServerlessTrack", + "documentation":"

    The version of the specified track.

    " + } + } + }, "GetUsageLimitRequest":{ "type":"structure", "required":["usageLimitId"], @@ -2241,6 +2471,72 @@ } } }, + "ListReservationOfferingsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListReservationOfferingsRequestMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The token for the next set of items to return. (You received this token from a previous call.)

    " + } + } + }, + "ListReservationOfferingsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListReservationOfferingsResponse":{ + "type":"structure", + "required":["reservationOfferingsList"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The token to use when requesting the next set of items.

    " + }, + "reservationOfferingsList":{ + "shape":"ReservationOfferingsList", + "documentation":"

    The returned list of reservation offerings.

    " + } + } + }, + "ListReservationsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListReservationsRequestMaxResultsInteger", + "documentation":"

    The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The token for the next set of items to return. (You received this token from a previous call.)

    " + } + } + }, + "ListReservationsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListReservationsResponse":{ + "type":"structure", + "required":["reservationsList"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The token to use when requesting the next set of items.

    " + }, + "reservationsList":{ + "shape":"ReservationsList", + "documentation":"

    The serverless reservations returned by the request.

    " + } + } + }, "ListScheduledActionsRequest":{ "type":"structure", "members":{ @@ -2425,6 +2721,38 @@ } } }, + "ListTracksRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListTracksRequestMaxResultsInteger", + "documentation":"

    The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    If your initial ListTracksRequest operation returns a nextToken, you can include the returned nextToken in following ListTracksRequest operations, which returns results in the next page.

    " + } + } + }, + "ListTracksRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListTracksResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page.

    " + }, + "tracks":{ + "shape":"TrackList", + "documentation":"

    The returned tracks.

    " + } + } + }, "ListUsageLimitsRequest":{ "type":"structure", "members":{ @@ -2676,6 +3004,18 @@ "type":"list", "member":{"shape":"Timestamp"} }, + "OfferingId":{ + "type":"string", + "max":64, + "min":1 + }, + "OfferingType":{ + "type":"string", + "enum":[ + "ALL_UPFRONT", + "NO_UPFRONT" + ] + }, "OwnerAccount":{ "type":"string", "max":12, @@ -2781,6 +3121,88 @@ "max":1024, "min":1 }, + "Reservation":{ + "type":"structure", + "members":{ + "capacity":{ + "shape":"Capacity", + "documentation":"

    The number of Redshift Processing Units (RPUs) to reserve.

    " + }, + "endDate":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The end date for the serverless reservation. This date is one year after the start date that you specify.

    " + }, + "offering":{ + "shape":"ReservationOffering", + "documentation":"

    The type of offering for the reservation. The offering class determines the payment schedule for the reservation.

    " + }, + "reservationArn":{ + "shape":"ReservationArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the serverless reservation.

    " + }, + "reservationId":{ + "shape":"ReservationId", + "documentation":"

    The identifier that uniquely identifies the serverless reservation.

    " + }, + "startDate":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The start date for the serverless reservation. This is the date you specified for the reservation to start when you created the reservation.

    " + }, + "status":{ + "shape":"Status", + "documentation":"

    The status of the reservation. Possible values include the following:

    • payment-pending

    • active

    • payment-failed

    • retired

    " + } + }, + "documentation":"

    Represents an Amazon Redshift Serverless reservation, which gives you the option to commit to a specified number of Redshift Processing Units (RPUs) for a year at a discount from Serverless on-demand (OD) rates.

    " + }, + "ReservationArn":{ + "type":"string", + "max":128, + "min":1 + }, + "ReservationId":{ + "type":"string", + "max":64, + "min":1 + }, + "ReservationOffering":{ + "type":"structure", + "members":{ + "currencyCode":{ + "shape":"CurrencyCode", + "documentation":"

    The currency code for the offering.

    " + }, + "duration":{ + "shape":"Duration", + "documentation":"

    The duration, in seconds, for which the reservation reserves the RPUs.

    " + }, + "hourlyCharge":{ + "shape":"Charge", + "documentation":"

    The rate you are charged for each hour the reservation is active.

    " + }, + "offeringId":{ + "shape":"OfferingId", + "documentation":"

    The offering identifier.

    " + }, + "offeringType":{ + "shape":"OfferingType", + "documentation":"

    Determines the payment schedule for the reservation.

    " + }, + "upfrontCharge":{ + "shape":"Charge", + "documentation":"

    The up-front price you are charged for the reservation.

    " + } + }, + "documentation":"

    The class of offering for the reservation. The offering class determines the payment schedule for the reservation.

    " + }, + "ReservationOfferingsList":{ + "type":"list", + "member":{"shape":"ReservationOffering"} + }, + "ReservationsList":{ + "type":"list", + "member":{"shape":"Reservation"} + }, "ResourceNotFoundException":{ "type":"structure", "required":["message"], @@ -2868,7 +3290,7 @@ }, "snapshotArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the snapshot to restore from. Required if restoring from Amazon Redshift Serverless to a provisioned cluster. Must not be specified at the same time as snapshotName.

    The format of the ARN is arn:aws:redshift:<region>:<account_id>:snapshot:<cluster_identifier>/<snapshot_identifier>.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the snapshot to restore from. Required if restoring from a provisioned cluster to Amazon Redshift Serverless. Must not be specified at the same time as snapshotName.

    The format of the ARN is arn:aws:redshift:<region>:<account_id>:snapshot:<cluster_identifier>/<snapshot_identifier>.

    " }, "snapshotName":{ "shape":"String", @@ -3106,6 +3528,24 @@ "type":"list", "member":{"shape":"SecurityGroupId"} }, + "ServerlessTrack":{ + "type":"structure", + "members":{ + "trackName":{ + "shape":"TrackName", + "documentation":"

    The name of the track. Valid values are current and trailing.

    " + }, + "updateTargets":{ + "shape":"UpdateTargetsList", + "documentation":"

    An array of UpdateTarget objects to update with the track.

    " + }, + "workgroupVersion":{ + "shape":"String", + "documentation":"

    The workgroup version number for the workgroup release.

    " + } + }, + "documentation":"

    Defines a track that determines which Amazon Redshift version to apply after a new version is released. If the value for ServerlessTrack is current, the workgroup is updated to the most recently certified release. If the value is trailing, the workgroup is updated to the previously certified release.

    " + }, "ServiceQuotaExceededException":{ "type":"structure", "required":["message"], @@ -3276,6 +3716,11 @@ "DISABLED" ] }, + "Status":{ + "type":"string", + "max":16, + "min":1 + }, "String":{"type":"string"}, "SubnetId":{"type":"string"}, "SubnetIdList":{ @@ -3453,6 +3898,16 @@ "documentation":"

    The request exceeded the number of tags allowed for a resource.

    ", "exception":true }, + "TrackList":{ + "type":"list", + "member":{"shape":"ServerlessTrack"} + }, + "TrackName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^[a-zA-Z0-9_]+$" + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -3684,6 +4139,24 @@ } } }, + "UpdateTarget":{ + "type":"structure", + "members":{ + "trackName":{ + "shape":"TrackName", + "documentation":"

    The name of the new track.

    " + }, + "workgroupVersion":{ + "shape":"String", + "documentation":"

    The workgroup version for the new track.

    " + } + }, + "documentation":"

    A track that you can switch the current track to.

    " + }, + "UpdateTargetsList":{ + "type":"list", + "member":{"shape":"UpdateTarget"} + }, "UpdateUsageLimitRequest":{ "type":"structure", "required":["usageLimitId"], @@ -3755,6 +4228,10 @@ "shape":"SubnetIdList", "documentation":"

    An array of VPC subnet IDs to associate with the workgroup.

    " }, + "trackName":{ + "shape":"TrackName", + "documentation":"

    An optional parameter for the name of the track for the workgroup. If you don't provide a track name, the workgroup is assigned to the current track.

    " + }, "workgroupName":{ "shape":"WorkgroupName", "documentation":"

    The name of the workgroup to update. You can't update the name of a workgroup once it is created.

    " @@ -3947,6 +4424,10 @@ "shape":"String", "documentation":"

    The patch version of your Amazon Redshift Serverless workgroup. For more information about patch versions, see Cluster versions for Amazon Redshift.

    " }, + "pendingTrackName":{ + "shape":"TrackName", + "documentation":"

    The name for the track that you want to assign to the workgroup. When the track changes, the workgroup is switched to the latest workgroup release available for the track. At this point, the track name is applied.

    " + }, "port":{ "shape":"Integer", "documentation":"

    The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439.

    " @@ -3971,6 +4452,10 @@ "shape":"SubnetIdList", "documentation":"

    An array of subnet IDs the workgroup is associated with.

    " }, + "trackName":{ + "shape":"TrackName", + "documentation":"

    The name of the track for the workgroup.

    " + }, "workgroupArn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) that links to the workgroup.

    " diff -pruN 2.23.6-1/awscli/botocore/data/rekognition/2016-06-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rekognition/2016-06-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rekognition/2016-06-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rekognition/2016-06-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/rekognition/2016-06-27/service-2.json 2.31.35-1/awscli/botocore/data/rekognition/2016-06-27/service-2.json --- 2.23.6-1/awscli/botocore/data/rekognition/2016-06-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rekognition/2016-06-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -33,7 +33,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

    Associates one or more faces with an existing UserID. Takes an array of FaceIds. Each FaceId that are present in the FaceIds list is associated with the provided UserID. The maximum number of total FaceIds per UserID is 100.

    The UserMatchThreshold parameter specifies the minimum user match confidence required for the face to be associated with a UserID that has at least one FaceID already associated. This ensures that the FaceIds are associated with the right UserID. The value ranges from 0-100 and default value is 75.

    If successful, an array of AssociatedFace objects containing the associated FaceIds is returned. If a given face is already associated with the given UserID, it will be ignored and will not be returned in the response. If a given face is already associated to a different UserID, isn't found in the collection, doesn’t meet the UserMatchThreshold, or there are already 100 faces associated with the UserID, it will be returned as part of an array of UnsuccessfulFaceAssociations.

    The UserStatus reflects the status of an operation which updates a UserID representation with a list of given faces. The UserStatus can be:

    • ACTIVE - All associations or disassociations of FaceID(s) for a UserID are complete.

    • CREATED - A UserID has been created, but has no FaceID(s) associated with it.

    • UPDATING - A UserID is being updated and there are current associations or disassociations of FaceID(s) taking place.

    " + "documentation":"

    Associates one or more faces with an existing UserID. Takes an array of FaceIds. Each FaceId that are present in the FaceIds list is associated with the provided UserID. The number of FaceIds that can be used as input in a single request is limited to 100.

    Note that the total number of faces that can be associated with a single UserID is also limited to 100. Once a UserID has 100 faces associated with it, no additional faces can be added. If more API calls are made after the limit is reached, a ServiceQuotaExceededException will result.

    The UserMatchThreshold parameter specifies the minimum user match confidence required for the face to be associated with a UserID that has at least one FaceID already associated. This ensures that the FaceIds are associated with the right UserID. The value ranges from 0-100 and default value is 75.

    If successful, an array of AssociatedFace objects containing the associated FaceIds is returned. If a given face is already associated with the given UserID, it will be ignored and will not be returned in the response. If a given face is already associated to a different UserID, isn't found in the collection, doesn’t meet the UserMatchThreshold, or there are already 100 faces associated with the UserID, it will be returned as part of an array of UnsuccessfulFaceAssociations.

    The UserStatus reflects the status of an operation which updates a UserID representation with a list of given faces. The UserStatus can be:

    • ACTIVE - All associations or disassociations of FaceID(s) for a UserID are complete.

    • CREATED - A UserID has been created, but has no FaceID(s) associated with it.

    • UPDATING - A UserID is being updated and there are current associations or disassociations of FaceID(s) taking place.

    " }, "CompareFaces":{ "name":"CompareFaces", @@ -479,7 +479,7 @@ {"shape":"ProvisionedThroughputExceededException"}, {"shape":"InvalidImageFormatException"} ], - "documentation":"

    This operation applies only to Amazon Rekognition Custom Labels.

    Detects custom labels in a supplied image by using an Amazon Rekognition Custom Labels model.

    You specify which version of a model version to use by using the ProjectVersionArn input parameter.

    You pass the input image as base64-encoded image bytes or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes is not supported. The image must be either a PNG or JPEG formatted file.

    For each object that the model version detects on an image, the API returns a (CustomLabel) object in an array (CustomLabels). Each CustomLabel object provides the label name (Name), the level of confidence that the image contains the object (Confidence), and object location information, if it exists, for the label on the image (Geometry). Note that for the DetectCustomLabelsLabels operation, Polygons are not returned in the Geometry section of the response.

    To filter labels that are returned, specify a value for MinConfidence. DetectCustomLabelsLabels only returns labels with a confidence that's higher than the specified value. The value of MinConfidence maps to the assumed threshold values created during training. For more information, see Assumed threshold in the Amazon Rekognition Custom Labels Developer Guide. Amazon Rekognition Custom Labels metrics expresses an assumed threshold as a floating point value between 0-1. The range of MinConfidence normalizes the threshold value to a percentage value (0-100). Confidence responses from DetectCustomLabels are also returned as a percentage. You can use MinConfidence to change the precision and recall or your model. For more information, see Analyzing an image in the Amazon Rekognition Custom Labels Developer Guide.

    If you don't specify a value for MinConfidence, DetectCustomLabels returns labels based on the assumed threshold of each label.

    This is a stateless API operation. That is, the operation does not persist any data.

    This operation requires permissions to perform the rekognition:DetectCustomLabels action.

    For more information, see Analyzing an image in the Amazon Rekognition Custom Labels Developer Guide.

    " + "documentation":"

    This operation applies only to Amazon Rekognition Custom Labels.

    Detects custom labels in a supplied image by using an Amazon Rekognition Custom Labels model.

    You specify which version of a model version to use by using the ProjectVersionArn input parameter.

    You pass the input image as base64-encoded image bytes or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes is not supported. The image must be either a PNG or JPEG formatted file.

    For each object that the model version detects on an image, the API returns a (CustomLabel) object in an array (CustomLabels). Each CustomLabel object provides the label name (Name), the level of confidence that the image contains the object (Confidence), and object location information, if it exists, for the label on the image (Geometry).

    To filter labels that are returned, specify a value for MinConfidence. DetectCustomLabelsLabels only returns labels with a confidence that's higher than the specified value. The value of MinConfidence maps to the assumed threshold values created during training. For more information, see Assumed threshold in the Amazon Rekognition Custom Labels Developer Guide. Amazon Rekognition Custom Labels metrics expresses an assumed threshold as a floating point value between 0-1. The range of MinConfidence normalizes the threshold value to a percentage value (0-100). Confidence responses from DetectCustomLabels are also returned as a percentage. You can use MinConfidence to change the precision and recall or your model. For more information, see Analyzing an image in the Amazon Rekognition Custom Labels Developer Guide.

    If you don't specify a value for MinConfidence, DetectCustomLabels returns labels based on the assumed threshold of each label.

    This is a stateless API operation. That is, the operation does not persist any data.

    This operation requires permissions to perform the rekognition:DetectCustomLabels action.

    For more information, see Analyzing an image in the Amazon Rekognition Custom Labels Developer Guide.

    " }, "DetectFaces":{ "name":"DetectFaces", @@ -789,7 +789,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Gets the path tracking results of a Amazon Rekognition Video analysis started by StartPersonTracking.

    The person path tracking operation is started by a call to StartPersonTracking which returns a job identifier (JobId). When the operation finishes, Amazon Rekognition Video publishes a completion status to the Amazon Simple Notification Service topic registered in the initial call to StartPersonTracking.

    To get the results of the person path tracking operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetPersonTracking and pass the job identifier (JobId) from the initial call to StartPersonTracking.

    GetPersonTracking returns an array, Persons, of tracked persons and the time(s) their paths were tracked in the video.

    GetPersonTracking only returns the default facial attributes (BoundingBox, Confidence, Landmarks, Pose, and Quality). The other facial attributes listed in the Face object of the following response syntax are not returned.

    For more information, see FaceDetail in the Amazon Rekognition Developer Guide.

    By default, the array is sorted by the time(s) a person's path is tracked in the video. You can sort by tracked persons by specifying INDEX for the SortBy input parameter.

    Use the MaxResults parameter to limit the number of items returned. If there are more results than specified in MaxResults, the value of NextToken in the operation response contains a pagination token for getting the next set of results. To get the next page of results, call GetPersonTracking and populate the NextToken request parameter with the token value returned from the previous call to GetPersonTracking.

    " + "documentation":"

    End of support notice: On October 31, 2025, AWS will discontinue support for Amazon Rekognition People Pathing. After October 31, 2025, you will no longer be able to use the Rekognition People Pathing capability. For more information, visit this blog post.

    Gets the path tracking results of a Amazon Rekognition Video analysis started by StartPersonTracking.

    The person path tracking operation is started by a call to StartPersonTracking which returns a job identifier (JobId). When the operation finishes, Amazon Rekognition Video publishes a completion status to the Amazon Simple Notification Service topic registered in the initial call to StartPersonTracking.

    To get the results of the person path tracking operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetPersonTracking and pass the job identifier (JobId) from the initial call to StartPersonTracking.

    GetPersonTracking returns an array, Persons, of tracked persons and the time(s) their paths were tracked in the video.

    GetPersonTracking only returns the default facial attributes (BoundingBox, Confidence, Landmarks, Pose, and Quality). The other facial attributes listed in the Face object of the following response syntax are not returned.

    For more information, see FaceDetail in the Amazon Rekognition Developer Guide.

    By default, the array is sorted by the time(s) a person's path is tracked in the video. You can sort by tracked persons by specifying INDEX for the SortBy input parameter.

    Use the MaxResults parameter to limit the number of items returned. If there are more results than specified in MaxResults, the value of NextToken in the operation response contains a pagination token for getting the next set of results. To get the next page of results, call GetPersonTracking and populate the NextToken request parameter with the token value returned from the previous call to GetPersonTracking.

    " }, "GetSegmentDetection":{ "name":"GetSegmentDetection", @@ -1299,7 +1299,7 @@ {"shape":"LimitExceededException"}, {"shape":"ThrottlingException"} ], - "documentation":"

    Starts the asynchronous tracking of a person's path in a stored video.

    Amazon Rekognition Video can track the path of people in a video stored in an Amazon S3 bucket. Use Video to specify the bucket name and the filename of the video. StartPersonTracking returns a job identifier (JobId) which you use to get the results of the operation. When label detection is finished, Amazon Rekognition publishes a completion status to the Amazon Simple Notification Service topic that you specify in NotificationChannel.

    To get the results of the person detection operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetPersonTracking and pass the job identifier (JobId) from the initial call to StartPersonTracking.

    ", + "documentation":"

    End of support notice: On October 31, 2025, AWS will discontinue support for Amazon Rekognition People Pathing. After October 31, 2025, you will no longer be able to use the Rekognition People Pathing capability. For more information, visit this blog post.

    Starts the asynchronous tracking of a person's path in a stored video.

    Amazon Rekognition Video can track the path of people in a video stored in an Amazon S3 bucket. Use Video to specify the bucket name and the filename of the video. StartPersonTracking returns a job identifier (JobId) which you use to get the results of the operation. When label detection is finished, Amazon Rekognition publishes a completion status to the Amazon Simple Notification Service topic that you specify in NotificationChannel.

    To get the results of the person detection operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetPersonTracking and pass the job identifier (JobId) from the initial call to StartPersonTracking.

    ", "idempotent":true }, "StartProjectVersion":{ @@ -1503,8 +1503,7 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You are not authorized to perform the action.

    ", "exception":true }, @@ -1831,6 +1830,50 @@ "type":"list", "member":{"shape":"CelebrityRecognition"} }, + "Challenge":{ + "type":"structure", + "required":[ + "Type", + "Version" + ], + "members":{ + "Type":{ + "shape":"ChallengeType", + "documentation":"

    The type of the challenge being used for the Face Liveness session.

    " + }, + "Version":{ + "shape":"Version", + "documentation":"

    The version of the challenge being used for the Face Liveness session.

    " + } + }, + "documentation":"

    Describes the type and version of the challenge being used for the Face Liveness session.

    " + }, + "ChallengePreference":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"ChallengeType", + "documentation":"

    The types of challenges that have been selected for the Face Liveness session.

    " + }, + "Versions":{ + "shape":"Versions", + "documentation":"

    The version of the challenges that have been selected for the Face Liveness session.

    " + } + }, + "documentation":"

    An ordered list of preferred challenge type and versions.

    " + }, + "ChallengePreferences":{ + "type":"list", + "member":{"shape":"ChallengePreference"} + }, + "ChallengeType":{ + "type":"string", + "enum":[ + "FaceMovementAndLightChallenge", + "FaceMovementChallenge" + ] + }, "ClientRequestToken":{ "type":"string", "max":64, @@ -1973,8 +2016,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A User with the same Id already exists within the collection, or the update or deletion of the User caused an inconsistent state. **

    ", "exception":true }, @@ -2249,6 +2291,10 @@ "AuditImagesLimit":{ "shape":"AuditImagesLimit", "documentation":"

    Number of audit images to be returned back. Takes an integer between 0-4. Any integer less than 0 will return 0, any integer above 4 will return 4 images in the response. By default, it is set to 0. The limit is best effort and is based on the actual duration of the selfie-video.

    " + }, + "ChallengePreferences":{ + "shape":"ChallengePreferences", + "documentation":"

    Indicates preferred challenge types and versions for the Face Liveness session to be created.

    " } }, "documentation":"

    A session settings object. It contains settings for the operation to be performed. It accepts arguments for OutputConfig and AuditImagesLimit.

    " @@ -2431,8 +2477,7 @@ }, "CreateUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomLabel":{ "type":"structure", @@ -2721,8 +2766,7 @@ }, "DeleteDatasetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFacesRequest":{ "type":"structure", @@ -2777,8 +2821,7 @@ }, "DeleteProjectPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProjectRequest":{ "type":"structure", @@ -2830,8 +2873,7 @@ }, "DeleteStreamProcessorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserRequest":{ "type":"structure", @@ -2857,8 +2899,7 @@ }, "DeleteUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeCollectionRequest":{ "type":"structure", @@ -3483,8 +3524,7 @@ }, "DistributeDatasetEntriesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DistributeDatasetMetadataList":{ "type":"list", @@ -3542,7 +3582,7 @@ "documentation":"

    Level of confidence in the determination.

    " } }, - "documentation":"

    The emotions that appear to be expressed on the face, and the confidence level in the determination. The API is only making a determination of the physical appearance of a person's face. It is not a determination of the person’s internal emotional state and should not be used in such a way. For example, a person pretending to have a sad face might not be sad emotionally.

    " + "documentation":"

    The API returns a prediction of an emotion based on a person's facial expressions, along with the confidence level for the predicted emotion. It is not a determination of the person’s internal emotional state and should not be used in such a way. For example, a person pretending to have a sad face might not be sad emotionally. The API is not intended to be used, and you may not use it, in a manner that violates the EU Artificial Intelligence Act or any other applicable law.

    " }, "EmotionName":{ "type":"string", @@ -4211,6 +4251,10 @@ "AuditImages":{ "shape":"AuditImages", "documentation":"

    A set of images from the Face Liveness video that can be used for audit purposes. It includes a bounding box of the face and the Base64-encoded bytes that return an image. If the CreateFaceLivenessSession request included an OutputConfig argument, the image will be uploaded to an S3Object specified in the output configuration. If no Amazon S3 bucket is defined, raw bytes are sent instead.

    " + }, + "Challenge":{ + "shape":"Challenge", + "documentation":"

    Contains information regarding the challenge type used for the Face Liveness check.

    " } } }, @@ -4697,8 +4741,7 @@ }, "IdempotentParameterMismatchException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A ClientRequestToken input parameter was reused with an operation, but at least one of the other input parameters is different from the previous call to the operation.

    ", "exception":true }, @@ -4741,8 +4784,7 @@ }, "ImageTooLargeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The input image size exceeds the allowed limit. If you are calling DetectProtectiveEquipment, the image size or resolution exceeds the allowed limit. For more information, see Guidelines and quotas in Amazon Rekognition in the Amazon Rekognition Developer Guide.

    ", "exception":true }, @@ -4832,51 +4874,44 @@ }, "InternalServerError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Rekognition experienced a service issue. Try your call again.

    ", "exception":true, "fault":true }, "InvalidImageFormatException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The provided image format is not supported.

    ", "exception":true }, "InvalidManifestException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that a provided manifest file is empty or larger than the allowed limit.

    ", "exception":true }, "InvalidPaginationTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Pagination token in the request is not valid.

    ", "exception":true }, "InvalidParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Input parameter violated a constraint. Validate your parameter before calling the API operation again.

    ", "exception":true }, "InvalidPolicyRevisionIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The supplied revision id for the project policy is invalid.

    ", "exception":true }, "InvalidS3ObjectException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Rekognition is unable to access the S3 object specified in the request.

    ", "exception":true }, @@ -5149,8 +5184,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An Amazon Rekognition service limit was exceeded. For example, if you start too many jobs concurrently, subsequent calls to start operations (ex: StartLabelDetection) will raise a LimitExceededException exception (HTTP status code: 400) until the number of concurrently running jobs is below the Amazon Rekognition service limit.

    ", "exception":true }, @@ -5503,8 +5537,7 @@ }, "MalformedPolicyDocumentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The format of the project policy document that you supplied to PutProjectPolicy is incorrect.

    ", "exception":true }, @@ -6319,8 +6352,7 @@ }, "ProvisionedThroughputExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of requests exceeded your throughput limit. If you want to increase this limit, contact Amazon Rekognition.

    ", "exception":true }, @@ -6444,8 +6476,7 @@ }, "ResourceAlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A resource with the specified ID already exists.

    ", "exception":true }, @@ -6456,22 +6487,19 @@ }, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource is already being used.

    ", "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource specified in the request cannot be found.

    ", "exception":true }, "ResourceNotReadyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested resource isn't ready. For example, this exception occurs when you call DetectCustomLabels with a model version that isn't deployed.

    ", "exception":true }, @@ -6843,15 +6871,13 @@ }, "ServiceQuotaExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The size of the collection exceeds the allowed limit. For more information, see Guidelines and quotas in Amazon Rekognition in the Amazon Rekognition Developer Guide.

    ", "exception":true }, "SessionNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Occurs when a given sessionId is not found.

    ", "exception":true }, @@ -7355,8 +7381,7 @@ }, "StopStreamProcessorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StreamProcessingStartSelector":{ "type":"structure", @@ -7555,8 +7580,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -7683,8 +7707,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Rekognition is temporarily unable to process the request. Try your call again.

    ", "exception":true, "fault":true @@ -7906,8 +7929,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatasetEntriesRequest":{ "type":"structure", @@ -7928,8 +7950,7 @@ }, "UpdateDatasetEntriesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStreamProcessorRequest":{ "type":"structure", @@ -7959,8 +7980,7 @@ }, "UpdateStreamProcessorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{"type":"string"}, "Urls":{ @@ -8038,6 +8058,12 @@ }, "documentation":"

    Contains the Amazon S3 bucket location of the validation data for a model training job.

    The validation data includes error information for individual JSON Lines in the dataset. For more information, see Debugging a Failed Model Training in the Amazon Rekognition Custom Labels Developer Guide.

    You get the ValidationData object for the training dataset (TrainingDataResult) and the test dataset (TestingDataResult) by calling DescribeProjectVersions.

    The assets array contains a single Asset object. The GroundTruthManifest field of the Asset object contains the S3 bucket location of the validation data.

    " }, + "Version":{ + "type":"string", + "max":11, + "min":5, + "pattern":"^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$" + }, "VersionDescription":{ "type":"string", "max":255, @@ -8056,6 +8082,20 @@ "max":10, "min":1 }, + "Versions":{ + "type":"structure", + "members":{ + "Minimum":{ + "shape":"Version", + "documentation":"

    The desired minimum version for the challenge.

    " + }, + "Maximum":{ + "shape":"Version", + "documentation":"

    The desired maximum version for the challenge.

    " + } + }, + "documentation":"

    Object specifying the acceptable range of challenge versions.

    " + }, "Video":{ "type":"structure", "members":{ @@ -8121,8 +8161,7 @@ }, "VideoTooLargeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The file size or duration of the supplied media is too large. The maximum file size is 10GB. The maximum duration is 6 hours.

    ", "exception":true } diff -pruN 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/paginators-1.json 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/paginators-1.json --- 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "spaces" + }, + "ListChannels": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "channels" } } } diff -pruN 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/service-2.json 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/service-2.json --- 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,18 +2,36 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-05-13", + "auth":["aws.auth#sigv4"], "endpointPrefix":"repostspace", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS re:Post Private", "serviceId":"repostspace", "signatureVersion":"v4", "signingName":"repostspace", - "uid":"repostspace-2022-05-13", - "auth":["aws.auth#sigv4"] + "uid":"repostspace-2022-05-13" }, "operations":{ + "BatchAddChannelRoleToAccessors":{ + "name":"BatchAddChannelRoleToAccessors", + "http":{ + "method":"POST", + "requestUri":"/spaces/{spaceId}/channels/{channelId}/roles", + "responseCode":200 + }, + "input":{"shape":"BatchAddChannelRoleToAccessorsInput"}, + "output":{"shape":"BatchAddChannelRoleToAccessorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Add role to multiple users or groups in a private re:Post channel.

    ", + "idempotent":true + }, "BatchAddRole":{ "name":"BatchAddRole", "http":{ @@ -24,13 +42,32 @@ "input":{"shape":"BatchAddRoleInput"}, "output":{"shape":"BatchAddRoleOutput"}, "errors":[ + {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Add a role to multiple users or groups in a private re:Post.

    ", + "idempotent":true + }, + "BatchRemoveChannelRoleFromAccessors":{ + "name":"BatchRemoveChannelRoleFromAccessors", + "http":{ + "method":"PATCH", + "requestUri":"/spaces/{spaceId}/channels/{channelId}/roles", + "responseCode":200 + }, + "input":{"shape":"BatchRemoveChannelRoleFromAccessorsInput"}, + "output":{"shape":"BatchRemoveChannelRoleFromAccessorsOutput"}, + "errors":[ {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Add role to multiple users or groups in a private re:Post.

    ", + "documentation":"

    Remove a role from multiple users or groups in a private re:Post channel.

    ", "idempotent":true }, "BatchRemoveRole":{ @@ -43,13 +80,34 @@ "input":{"shape":"BatchRemoveRoleInput"}, "output":{"shape":"BatchRemoveRoleOutput"}, "errors":[ + {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Remove a role from multiple users or groups in a private re:Post.

    ", + "idempotent":true + }, + "CreateChannel":{ + "name":"CreateChannel", + "http":{ + "method":"POST", + "requestUri":"/spaces/{spaceId}/channels", + "responseCode":200 + }, + "input":{"shape":"CreateChannelInput"}, + "output":{"shape":"CreateChannelOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Remove role from multiple users or groups in a private re:Post.

    ", + "documentation":"

    Creates a channel in an AWS re:Post Private private re:Post.

    ", "idempotent":true }, "CreateSpace":{ @@ -63,9 +121,9 @@ "output":{"shape":"CreateSpaceOutput"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, - {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -82,8 +140,8 @@ }, "input":{"shape":"DeleteSpaceInput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -100,8 +158,8 @@ }, "input":{"shape":"DeregisterAdminInput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -109,6 +167,24 @@ "documentation":"

    Removes the user or group from the list of administrators of the private re:Post.

    ", "idempotent":true }, + "GetChannel":{ + "name":"GetChannel", + "http":{ + "method":"GET", + "requestUri":"/spaces/{spaceId}/channels/{channelId}", + "responseCode":200 + }, + "input":{"shape":"GetChannelInput"}, + "output":{"shape":"GetChannelOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Displays information about a channel in a private re:Post.

    " + }, "GetSpace":{ "name":"GetSpace", "http":{ @@ -119,14 +195,31 @@ "input":{"shape":"GetSpaceInput"}, "output":{"shape":"GetSpaceOutput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Displays information about the AWS re:Post Private private re:Post.

    " }, + "ListChannels":{ + "name":"ListChannels", + "http":{ + "method":"GET", + "requestUri":"/spaces/{spaceId}/channels", + "responseCode":200 + }, + "input":{"shape":"ListChannelsInput"}, + "output":{"shape":"ListChannelsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns the list of channel within a private re:Post with some information about each channel.

    " + }, "ListSpaces":{ "name":"ListSpaces", "http":{ @@ -137,8 +230,8 @@ "input":{"shape":"ListSpacesInput"}, "output":{"shape":"ListSpacesOutput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], @@ -154,8 +247,8 @@ "input":{"shape":"ListTagsForResourceRequest"}, "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -171,8 +264,8 @@ }, "input":{"shape":"RegisterAdminInput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -189,10 +282,10 @@ }, "input":{"shape":"SendInvitesInput"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, - {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], "documentation":"

    Sends an invitation email to selected users and groups.

    ", @@ -208,8 +301,8 @@ "input":{"shape":"TagResourceRequest"}, "output":{"shape":"TagResourceResponse"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -227,8 +320,8 @@ "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResponse"}, "errors":[ - {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -236,6 +329,26 @@ "documentation":"

    Removes the association of the tag with the AWS re:Post Private resource.

    ", "idempotent":true }, + "UpdateChannel":{ + "name":"UpdateChannel", + "http":{ + "method":"PUT", + "requestUri":"/spaces/{spaceId}/channels/{channelId}", + "responseCode":200 + }, + "input":{"shape":"UpdateChannelInput"}, + "output":{"shape":"UpdateChannelOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Modifies an existing channel.

    ", + "idempotent":true + }, "UpdateSpace":{ "name":"UpdateSpace", "http":{ @@ -245,9 +358,9 @@ }, "input":{"shape":"UpdateSpaceInput"}, "errors":[ + {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, {"shape":"ConflictException"}, - {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -278,32 +391,86 @@ "min":0 }, "AdminId":{"type":"string"}, + "AllowedDomainsList":{ + "type":"list", + "member":{"shape":"EmailDomain"}, + "max":10, + "min":1 + }, "Arn":{ "type":"string", "max":2048, "min":20 }, - "BatchAddRoleInput":{ + "BatchAddChannelRoleToAccessorsInput":{ "type":"structure", "required":[ + "spaceId", + "channelId", "accessorIds", - "role", - "spaceId" + "channelRole" ], "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" + }, + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    ", + "location":"uri", + "locationName":"channelId" + }, "accessorIds":{ "shape":"AccessorIdList", - "documentation":"

    The user or group accessor identifiers to add the role to.

    " + "documentation":"

    The user or group identifiers to add the role to.

    " }, - "role":{ - "shape":"Role", - "documentation":"

    The role to add to the users or groups.

    " + "channelRole":{ + "shape":"ChannelRole", + "documentation":"

    The channel role to add to the users or groups.

    " + } + } + }, + "BatchAddChannelRoleToAccessorsOutput":{ + "type":"structure", + "required":[ + "addedAccessorIds", + "errors" + ], + "members":{ + "addedAccessorIds":{ + "shape":"AccessorIdList", + "documentation":"

    An array of successfully updated identifiers.

    " }, + "errors":{ + "shape":"BatchErrorList", + "documentation":"

    An array of errors that occurred when roles were added.

    " + } + } + }, + "BatchAddRoleInput":{ + "type":"structure", + "required":[ + "spaceId", + "accessorIds", + "role" + ], + "members":{ "spaceId":{ "shape":"SpaceId", "documentation":"

    The unique ID of the private re:Post.

    ", "location":"uri", "locationName":"spaceId" + }, + "accessorIds":{ + "shape":"AccessorIdList", + "documentation":"

    The user or group accessor identifiers to add the role to.

    " + }, + "role":{ + "shape":"Role", + "documentation":"

    The role to add to the users or groups.

    " } } }, @@ -351,47 +518,196 @@ "type":"list", "member":{"shape":"BatchError"} }, - "BatchRemoveRoleInput":{ + "BatchRemoveChannelRoleFromAccessorsInput":{ "type":"structure", "required":[ + "spaceId", + "channelId", "accessorIds", - "role", - "spaceId" + "channelRole" ], "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" + }, + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    ", + "location":"uri", + "locationName":"channelId" + }, "accessorIds":{ "shape":"AccessorIdList", - "documentation":"

    The user or group accessor identifiers to remove the role from.

    " + "documentation":"

    The users or groups identifiers to remove the role from.

    " }, - "role":{ - "shape":"Role", - "documentation":"

    The role to remove from the users or groups.

    " + "channelRole":{ + "shape":"ChannelRole", + "documentation":"

    The channel role to remove from the users or groups.

    " + } + } + }, + "BatchRemoveChannelRoleFromAccessorsOutput":{ + "type":"structure", + "required":[ + "removedAccessorIds", + "errors" + ], + "members":{ + "removedAccessorIds":{ + "shape":"AccessorIdList", + "documentation":"

    An array of successfully updated identifiers.

    " }, + "errors":{ + "shape":"BatchErrorList", + "documentation":"

    An array of errors that occurred when roles were removed.

    " + } + } + }, + "BatchRemoveRoleInput":{ + "type":"structure", + "required":[ + "spaceId", + "accessorIds", + "role" + ], + "members":{ "spaceId":{ "shape":"SpaceId", "documentation":"

    The unique ID of the private re:Post.

    ", "location":"uri", "locationName":"spaceId" + }, + "accessorIds":{ + "shape":"AccessorIdList", + "documentation":"

    The user or group accessor identifiers to remove the role from.

    " + }, + "role":{ + "shape":"Role", + "documentation":"

    The role to remove from the users or groups.

    " } } }, "BatchRemoveRoleOutput":{ "type":"structure", "required":[ - "errors", - "removedAccessorIds" + "removedAccessorIds", + "errors" ], "members":{ - "errors":{ - "shape":"BatchErrorList", - "documentation":"

    An array of errors that occurred when roles were removed.

    " - }, "removedAccessorIds":{ "shape":"AccessorIdList", "documentation":"

    An array of successfully updated accessor identifiers.

    " + }, + "errors":{ + "shape":"BatchErrorList", + "documentation":"

    An array of errors that occurred when roles were removed.

    " } } }, + "ChannelData":{ + "type":"structure", + "required":[ + "spaceId", + "channelId", + "channelName", + "createDateTime", + "channelStatus", + "userCount", + "groupCount" + ], + "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    " + }, + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    " + }, + "channelName":{ + "shape":"ChannelName", + "documentation":"

    The name for the channel. This must be unique per private re:Post.

    " + }, + "channelDescription":{ + "shape":"ChannelDescription", + "documentation":"

    A description for the channel. This is used only to help you identify this channel.

    " + }, + "createDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the channel was created.

    " + }, + "deleteDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the channel was deleted.

    " + }, + "channelStatus":{ + "shape":"ChannelStatus", + "documentation":"

    The status pf the channel.

    " + }, + "userCount":{ + "shape":"UserCount", + "documentation":"

    The number of users that are part of the channel.

    " + }, + "groupCount":{ + "shape":"GroupCount", + "documentation":"

    The number of groups that are part of the channel.

    " + } + }, + "documentation":"

    A structure that contains some information about a channel in a private re:Post.

    " + }, + "ChannelDescription":{ + "type":"string", + "max":255, + "min":1, + "sensitive":true + }, + "ChannelId":{ + "type":"string", + "max":24, + "min":24 + }, + "ChannelName":{ + "type":"string", + "max":64, + "min":1, + "sensitive":true + }, + "ChannelRole":{ + "type":"string", + "enum":[ + "ASKER", + "EXPERT", + "MODERATOR", + "SUPPORTREQUESTOR" + ] + }, + "ChannelRoleList":{ + "type":"list", + "member":{"shape":"ChannelRole"} + }, + "ChannelRoles":{ + "type":"map", + "key":{"shape":"AccessorId"}, + "value":{"shape":"ChannelRoleList"} + }, + "ChannelStatus":{ + "type":"string", + "enum":[ + "CREATED", + "CREATING", + "CREATE_FAILED", + "DELETED", + "DELETING", + "DELETE_FAILED" + ] + }, + "ChannelsList":{ + "type":"list", + "member":{"shape":"ChannelData"} + }, "ClientId":{"type":"string"}, "ConfigurationStatus":{ "type":"string", @@ -429,6 +745,39 @@ "type":"long", "box":true }, + "CreateChannelInput":{ + "type":"structure", + "required":[ + "spaceId", + "channelName" + ], + "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" + }, + "channelName":{ + "shape":"ChannelName", + "documentation":"

    The name for the channel. This must be unique per private re:Post.

    " + }, + "channelDescription":{ + "shape":"ChannelDescription", + "documentation":"

    A description for the channel. This is used only to help you identify this channel.

    " + } + } + }, + "CreateChannelOutput":{ + "type":"structure", + "required":["channelId"], + "members":{ + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    " + } + } + }, "CreateSpaceInput":{ "type":"structure", "required":[ @@ -437,33 +786,37 @@ "tier" ], "members":{ - "description":{ - "shape":"SpaceDescription", - "documentation":"

    A description for the private re:Post. This is used only to help you identify this private re:Post.

    " - }, "name":{ "shape":"SpaceName", "documentation":"

    The name for the private re:Post. This must be unique in your account.

    " }, - "roleArn":{ - "shape":"Arn", - "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " - }, "subdomain":{ "shape":"SpaceSubdomain", "documentation":"

    The subdomain that you use to access your AWS re:Post Private private re:Post. All custom subdomains must be approved by AWS before use. In addition to your custom subdomain, all private re:Posts are issued an AWS generated subdomain for immediate use.

    " }, - "tags":{ - "shape":"Tags", - "documentation":"

    The list of tags associated with the private re:Post.

    " - }, "tier":{ "shape":"TierLevel", "documentation":"

    The pricing tier for the private re:Post.

    " }, + "description":{ + "shape":"SpaceDescription", + "documentation":"

    A description for the private re:Post. This is used only to help you identify this private re:Post.

    " + }, "userKMSKey":{ "shape":"KMSKey", "documentation":"

    The AWS KMS key ARN that’s used for the AWS KMS encryption. If you don't provide a key, your data is encrypted by default with a key that AWS owns and manages for you.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The list of tags associated with the private re:Post.

    " + }, + "roleArn":{ + "shape":"Arn", + "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " + }, + "supportedEmailDomains":{ + "shape":"SupportedEmailDomainsParameters", + "documentation":"

    " } } }, @@ -492,29 +845,115 @@ "DeregisterAdminInput":{ "type":"structure", "required":[ - "adminId", - "spaceId" + "spaceId", + "adminId" ], "members":{ - "adminId":{ - "shape":"AdminId", - "documentation":"

    The ID of the admin to remove.

    ", - "location":"uri", - "locationName":"adminId" - }, "spaceId":{ "shape":"SpaceId", "documentation":"

    The ID of the private re:Post to remove the admin from.

    ", "location":"uri", "locationName":"spaceId" + }, + "adminId":{ + "shape":"AdminId", + "documentation":"

    The ID of the admin to remove.

    ", + "location":"uri", + "locationName":"adminId" } } }, + "EmailDomain":{ + "type":"string", + "max":255, + "min":1, + "sensitive":true + }, "ErrorCode":{ "type":"integer", "box":true }, "ErrorMessage":{"type":"string"}, + "FeatureEnableParameter":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "FeatureEnableStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED", + "NOT_ALLOWED" + ] + }, + "GetChannelInput":{ + "type":"structure", + "required":[ + "spaceId", + "channelId" + ], + "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" + }, + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    ", + "location":"uri", + "locationName":"channelId" + } + } + }, + "GetChannelOutput":{ + "type":"structure", + "required":[ + "spaceId", + "channelId", + "channelName", + "createDateTime", + "channelStatus" + ], + "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    " + }, + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    " + }, + "channelName":{ + "shape":"ChannelName", + "documentation":"

    The name for the channel. This must be unique per private re:Post.

    " + }, + "channelDescription":{ + "shape":"ChannelDescription", + "documentation":"

    A description for the channel. This is used only to help you identify this channel.

    " + }, + "createDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the channel was created.

    " + }, + "deleteDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the channel was deleted.

    " + }, + "channelRoles":{ + "shape":"ChannelRoles", + "documentation":"

    The channel roles associated to the users and groups of the channel.

    " + }, + "channelStatus":{ + "shape":"ChannelStatus", + "documentation":"

    The status pf the channel.

    " + } + } + }, "GetSpaceInput":{ "type":"structure", "required":["spaceId"], @@ -530,107 +969,119 @@ "GetSpaceOutput":{ "type":"structure", "required":[ + "spaceId", "arn", - "clientId", - "configurationStatus", - "createDateTime", "name", - "randomDomain", - "spaceId", "status", - "storageLimit", - "tier", + "configurationStatus", + "clientId", + "vanityDomainStatus", "vanityDomain", - "vanityDomainStatus" + "randomDomain", + "createDateTime", + "tier", + "storageLimit" ], "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    " + }, "arn":{ "shape":"Arn", "documentation":"

    The ARN of the private re:Post.

    " }, - "clientId":{ - "shape":"ClientId", - "documentation":"

    The Identity Center identifier for the Application Instance.

    " + "name":{ + "shape":"SpaceName", + "documentation":"

    The name of the private re:Post.

    " + }, + "status":{ + "shape":"ProvisioningStatus", + "documentation":"

    The creation or deletion status of the private re:Post.

    " }, "configurationStatus":{ "shape":"ConfigurationStatus", "documentation":"

    The configuration status of the private re:Post.

    " }, - "contentSize":{ - "shape":"ContentSize", - "documentation":"

    The content size of the private re:Post.

    " + "clientId":{ + "shape":"ClientId", + "documentation":"

    The Identity Center identifier for the Application Instance.

    " }, - "createDateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date when the private re:Post was created.

    " + "identityStoreId":{ + "shape":"IdentityStoreId", + "documentation":"

    " }, - "customerRoleArn":{ + "applicationArn":{ "shape":"Arn", - "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " - }, - "deleteDateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date when the private re:Post was deleted.

    " + "documentation":"

    " }, "description":{ "shape":"SpaceDescription", "documentation":"

    The description of the private re:Post.

    " }, - "groupAdmins":{ - "shape":"GroupAdmins", - "documentation":"

    The list of groups that are administrators of the private re:Post.

    ", - "deprecated":true, - "deprecatedMessage":"This property has been depracted and will be replaced by the roles property." + "vanityDomainStatus":{ + "shape":"VanityDomainStatus", + "documentation":"

    The approval status of the custom subdomain.

    " }, - "name":{ - "shape":"SpaceName", - "documentation":"

    The name of the private re:Post.

    " + "vanityDomain":{ + "shape":"Url", + "documentation":"

    The custom subdomain that you use to access your private re:Post. All custom subdomains must be approved by AWS before use.

    " }, "randomDomain":{ "shape":"Url", "documentation":"

    The AWS generated subdomain of the private re:Post

    " }, - "roles":{ - "shape":"Roles", - "documentation":"

    A map of accessor identifiers and their roles.

    " - }, - "spaceId":{ - "shape":"SpaceId", - "documentation":"

    The unique ID of the private re:Post.

    " + "customerRoleArn":{ + "shape":"Arn", + "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " }, - "status":{ - "shape":"ProvisioningStatus", - "documentation":"

    The creation or deletion status of the private re:Post.

    " + "createDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the private re:Post was created.

    " }, - "storageLimit":{ - "shape":"StorageLimit", - "documentation":"

    The storage limit of the private re:Post.

    " + "deleteDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the private re:Post was deleted.

    " }, "tier":{ "shape":"TierLevel", "documentation":"

    The pricing tier of the private re:Post.

    " }, + "storageLimit":{ + "shape":"StorageLimit", + "documentation":"

    The storage limit of the private re:Post.

    " + }, "userAdmins":{ "shape":"UserAdmins", "documentation":"

    The list of users that are administrators of the private re:Post.

    ", "deprecated":true, "deprecatedMessage":"This property has been depracted and will be replaced by the roles property." }, - "userCount":{ - "shape":"UserCount", - "documentation":"

    The number of users that have onboarded to the private re:Post.

    " + "groupAdmins":{ + "shape":"GroupAdmins", + "documentation":"

    The list of groups that are administrators of the private re:Post.

    ", + "deprecated":true, + "deprecatedMessage":"This property has been depracted and will be replaced by the roles property." + }, + "roles":{ + "shape":"Roles", + "documentation":"

    A map of accessor identifiers and their roles.

    " }, "userKMSKey":{ "shape":"KMSKey", "documentation":"

    The custom AWS KMS key ARN that’s used for the AWS KMS encryption.

    " }, - "vanityDomain":{ - "shape":"Url", - "documentation":"

    The custom subdomain that you use to access your private re:Post. All custom subdomains must be approved by AWS before use.

    " + "userCount":{ + "shape":"UserCount", + "documentation":"

    The number of users that have onboarded to the private re:Post.

    " }, - "vanityDomainStatus":{ - "shape":"VanityDomainStatus", - "documentation":"

    The approval status of the custom subdomain.

    " + "contentSize":{ + "shape":"ContentSize", + "documentation":"

    The content size of the private re:Post.

    " + }, + "supportedEmailDomains":{ + "shape":"SupportedEmailDomainsStatus", + "documentation":"

    " } } }, @@ -638,6 +1089,11 @@ "type":"list", "member":{"shape":"AdminId"} }, + "GroupCount":{ + "type":"integer", + "box":true + }, + "IdentityStoreId":{"type":"string"}, "Integer":{ "type":"integer", "box":true @@ -673,20 +1129,64 @@ "sensitive":true }, "KMSKey":{"type":"string"}, - "ListSpacesInput":{ + "ListChannelsInput":{ "type":"structure", + "required":["spaceId"], "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" + }, + "nextToken":{ + "shape":"String", + "documentation":"

    The token for the next set of channel to return. You receive this token from a previous ListChannels operation.

    ", + "location":"querystring", + "locationName":"nextToken" + }, "maxResults":{ - "shape":"ListSpacesLimit", - "documentation":"

    The maximum number of private re:Posts to include in the results.

    ", + "shape":"ListChannelsLimit", + "documentation":"

    The maximum number of channels to include in the results.

    ", "location":"querystring", "locationName":"maxResults" + } + } + }, + "ListChannelsLimit":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListChannelsOutput":{ + "type":"structure", + "required":["channels"], + "members":{ + "channels":{ + "shape":"ChannelsList", + "documentation":"

    An array of structures that contain some information about the channels in the private re:Post.

    " }, "nextToken":{ "shape":"String", + "documentation":"

    The token that you use when you request the next set of channels.

    " + } + } + }, + "ListSpacesInput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", "documentation":"

    The token for the next set of private re:Posts to return. You receive this token from a previous ListSpaces operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListSpacesLimit", + "documentation":"

    The maximum number of private re:Posts to include in the results.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -700,13 +1200,13 @@ "type":"structure", "required":["spaces"], "members":{ - "nextToken":{ - "shape":"String", - "documentation":"

    The token that you use when you request the next set of private re:Posts.

    " - }, "spaces":{ "shape":"SpacesList", "documentation":"

    An array of structures that contain some information about the private re:Posts in the account.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    The token that you use when you request the next set of private re:Posts.

    " } } }, @@ -739,21 +1239,21 @@ "RegisterAdminInput":{ "type":"structure", "required":[ - "adminId", - "spaceId" + "spaceId", + "adminId" ], "members":{ - "adminId":{ - "shape":"AdminId", - "documentation":"

    The ID of the administrator.

    ", - "location":"uri", - "locationName":"adminId" - }, "spaceId":{ "shape":"SpaceId", "documentation":"

    The ID of the private re:Post.

    ", "location":"uri", "locationName":"spaceId" + }, + "adminId":{ + "shape":"AdminId", + "documentation":"

    The ID of the administrator.

    ", + "location":"uri", + "locationName":"adminId" } } }, @@ -803,29 +1303,29 @@ "SendInvitesInput":{ "type":"structure", "required":[ - "accessorIds", - "body", "spaceId", - "title" + "accessorIds", + "title", + "body" ], "members":{ - "accessorIds":{ - "shape":"AccessorIdList", - "documentation":"

    The array of identifiers for the users and groups.

    " - }, - "body":{ - "shape":"InviteBody", - "documentation":"

    The body of the invite.

    " - }, "spaceId":{ "shape":"SpaceId", "documentation":"

    The ID of the private re:Post.

    ", "location":"uri", "locationName":"spaceId" }, + "accessorIds":{ + "shape":"AccessorIdList", + "documentation":"

    The array of identifiers for the users and groups.

    " + }, "title":{ "shape":"InviteTitle", "documentation":"

    The title of the invite.

    " + }, + "body":{ + "shape":"InviteBody", + "documentation":"

    The body of the invite.

    " } } }, @@ -833,17 +1333,13 @@ "type":"structure", "required":[ "message", - "quotaCode", "resourceId", "resourceType", - "serviceCode" + "serviceCode", + "quotaCode" ], "members":{ "message":{"shape":"String"}, - "quotaCode":{ - "shape":"String", - "documentation":"

    The code to identify the quota.

    " - }, "resourceId":{ "shape":"String", "documentation":"

    The id of the resource.

    " @@ -855,6 +1351,10 @@ "serviceCode":{ "shape":"String", "documentation":"

    The code to identify the service.

    " + }, + "quotaCode":{ + "shape":"String", + "documentation":"

    The code to identify the quota.

    " } }, "documentation":"

    Request would cause a service quota to be exceeded.

    ", @@ -867,82 +1367,86 @@ "SpaceData":{ "type":"structure", "required":[ + "spaceId", "arn", - "configurationStatus", - "createDateTime", "name", - "randomDomain", - "spaceId", "status", - "storageLimit", - "tier", + "configurationStatus", + "vanityDomainStatus", "vanityDomain", - "vanityDomainStatus" + "randomDomain", + "tier", + "storageLimit", + "createDateTime" ], "members":{ + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    " + }, "arn":{ "shape":"Arn", "documentation":"

    The ARN of the private re:Post.

    " }, - "configurationStatus":{ - "shape":"ConfigurationStatus", - "documentation":"

    The configuration status of the private re:Post.

    " - }, - "contentSize":{ - "shape":"ContentSize", - "documentation":"

    The content size of the private re:Post.

    " - }, - "createDateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date when the private re:Post was created.

    " - }, - "deleteDateTime":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date when the private re:Post was deleted.

    " + "name":{ + "shape":"SpaceName", + "documentation":"

    The name for the private re:Post.

    " }, "description":{ "shape":"SpaceDescription", "documentation":"

    The description for the private re:Post. This is used only to help you identify this private re:Post.

    " }, - "name":{ - "shape":"SpaceName", - "documentation":"

    The name for the private re:Post.

    " + "status":{ + "shape":"ProvisioningStatus", + "documentation":"

    The creation/deletion status of the private re:Post.

    " + }, + "configurationStatus":{ + "shape":"ConfigurationStatus", + "documentation":"

    The configuration status of the private re:Post.

    " + }, + "vanityDomainStatus":{ + "shape":"VanityDomainStatus", + "documentation":"

    This approval status of the custom subdomain.

    " + }, + "vanityDomain":{ + "shape":"Url", + "documentation":"

    This custom subdomain that you use to access your private re:Post. All custom subdomains must be approved by AWS before use.

    " }, "randomDomain":{ "shape":"Url", "documentation":"

    The AWS generated subdomain of the private re:Post.

    " }, - "spaceId":{ - "shape":"SpaceId", - "documentation":"

    The unique ID of the private re:Post.

    " - }, - "status":{ - "shape":"ProvisioningStatus", - "documentation":"

    The creation/deletion status of the private re:Post.

    " + "tier":{ + "shape":"TierLevel", + "documentation":"

    The pricing tier of the private re:Post.

    " }, "storageLimit":{ "shape":"StorageLimit", "documentation":"

    The storage limit of the private re:Post.

    " }, - "tier":{ - "shape":"TierLevel", - "documentation":"

    The pricing tier of the private re:Post.

    " + "createDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the private re:Post was created.

    " }, - "userCount":{ - "shape":"UserCount", - "documentation":"

    The number of onboarded users to the private re:Post.

    " + "deleteDateTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date when the private re:Post was deleted.

    " }, "userKMSKey":{ "shape":"KMSKey", "documentation":"

    The custom AWS KMS key ARN that’s used for the AWS KMS encryption.

    " }, - "vanityDomain":{ - "shape":"Url", - "documentation":"

    This custom subdomain that you use to access your private re:Post. All custom subdomains must be approved by AWS before use.

    " + "userCount":{ + "shape":"UserCount", + "documentation":"

    The number of onboarded users to the private re:Post.

    " }, - "vanityDomainStatus":{ - "shape":"VanityDomainStatus", - "documentation":"

    This approval status of the custom subdomain.

    " + "contentSize":{ + "shape":"ContentSize", + "documentation":"

    The content size of the private re:Post.

    " + }, + "supportedEmailDomains":{ + "shape":"SupportedEmailDomainsStatus", + "documentation":"

    " } }, "documentation":"

    A structure that contains some information about a private re:Post in the account.

    " @@ -974,6 +1478,34 @@ "box":true }, "String":{"type":"string"}, + "SupportedEmailDomainsParameters":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"FeatureEnableParameter", + "documentation":"

    " + }, + "allowedDomains":{ + "shape":"AllowedDomainsList", + "documentation":"

    " + } + }, + "documentation":"

    " + }, + "SupportedEmailDomainsStatus":{ + "type":"structure", + "members":{ + "enabled":{ + "shape":"FeatureEnableStatus", + "documentation":"

    " + }, + "allowedDomains":{ + "shape":"AllowedDomainsList", + "documentation":"

    " + } + }, + "documentation":"

    " + }, "SyntheticTimestamp_date_time":{ "type":"timestamp", "timestampFormat":"iso8601" @@ -982,7 +1514,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" + "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" }, "TagKeyList":{ "type":"list", @@ -1030,6 +1562,10 @@ "required":["message"], "members":{ "message":{"shape":"String"}, + "serviceCode":{ + "shape":"String", + "documentation":"

    The code to identify the service.

    " + }, "quotaCode":{ "shape":"String", "documentation":"

    The code to identify the quota.

    " @@ -1039,10 +1575,6 @@ "documentation":"

    Advice to clients on when the call can be safely retried.

    ", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"String", - "documentation":"

    The code to identify the service.

    " } }, "documentation":"

    Request was denied due to request throttling.

    ", @@ -1086,27 +1618,66 @@ "members":{ } }, - "UpdateSpaceInput":{ + "UpdateChannelInput":{ "type":"structure", - "required":["spaceId"], + "required":[ + "spaceId", + "channelId", + "channelName" + ], "members":{ - "description":{ - "shape":"SpaceDescription", - "documentation":"

    A description for the private re:Post. This is used only to help you identify this private re:Post.

    " + "spaceId":{ + "shape":"SpaceId", + "documentation":"

    The unique ID of the private re:Post.

    ", + "location":"uri", + "locationName":"spaceId" }, - "roleArn":{ - "shape":"Arn", - "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " + "channelId":{ + "shape":"ChannelId", + "documentation":"

    The unique ID of the private re:Post channel.

    ", + "location":"uri", + "locationName":"channelId" + }, + "channelName":{ + "shape":"ChannelName", + "documentation":"

    The name for the channel. This must be unique per private re:Post.

    " }, + "channelDescription":{ + "shape":"ChannelDescription", + "documentation":"

    A description for the channel. This is used only to help you identify this channel.

    " + } + } + }, + "UpdateChannelOutput":{ + "type":"structure", + "members":{ + } + }, + "UpdateSpaceInput":{ + "type":"structure", + "required":["spaceId"], + "members":{ "spaceId":{ "shape":"SpaceId", "documentation":"

    The unique ID of this private re:Post.

    ", "location":"uri", "locationName":"spaceId" }, + "description":{ + "shape":"SpaceDescription", + "documentation":"

    A description for the private re:Post. This is used only to help you identify this private re:Post.

    " + }, "tier":{ "shape":"TierLevel", "documentation":"

    The pricing tier of this private re:Post.

    " + }, + "roleArn":{ + "shape":"Arn", + "documentation":"

    The IAM role that grants permissions to the private re:Post to convert unanswered questions into AWS support tickets.

    " + }, + "supportedEmailDomains":{ + "shape":"SupportedEmailDomainsParameters", + "documentation":"

    " } } }, @@ -1126,14 +1697,14 @@ "reason" ], "members":{ - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

    The field that caused the error, if applicable.

    " - }, "message":{"shape":"String"}, "reason":{ "shape":"ValidationExceptionReason", "documentation":"

    The reason why the request failed validation.

    " + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    The field that caused the error, if applicable.

    " } }, "documentation":"

    The input fails to satisfy the constraints specified by an AWS service.

    ", @@ -1146,17 +1717,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

    The name of the field.

    " - }, "name":{ "shape":"String", "documentation":"

    Message describing why the field failed validation.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    The name of the field.

    " } }, "documentation":"

    Stores information about a field that’s passed inside a request that resulted in an exception.

    " diff -pruN 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/waiters-2.json 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/waiters-2.json --- 2.23.6-1/awscli/botocore/data/repostspace/2022-05-13/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/repostspace/2022-05-13/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,97 @@ +{ + "version" : 2, + "waiters" : { + "ChannelCreated" : { + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetChannel", + "acceptors" : [ { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "success", + "expected" : "CREATED" + }, { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "failure", + "expected" : "CREATE_FAILED" + }, { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "retry", + "expected" : "CREATING" + } ] + }, + "ChannelDeleted" : { + "delay" : 2, + "maxAttempts" : 60, + "operation" : "GetChannel", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + }, { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "success", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "failure", + "expected" : "DELETE_FAILED" + }, { + "matcher" : "path", + "argument" : "channelStatus", + "state" : "retry", + "expected" : "DELETING" + } ] + }, + "SpaceCreated" : { + "delay" : 300, + "maxAttempts" : 24, + "operation" : "GetSpace", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "CREATED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "CREATE_FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "retry", + "expected" : "CREATING" + } ] + }, + "SpaceDeleted" : { + "delay" : 300, + "maxAttempts" : 24, + "operation" : "GetSpace", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETE_FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "retry", + "expected" : "DELETING" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/resiliencehub/2020-04-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/resiliencehub/2020-04-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/resiliencehub/2020-04-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resiliencehub/2020-04-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/paginators-1.json 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/paginators-1.json --- 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -41,6 +41,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "ManagedViews" + }, + "GetResourceExplorerSetup": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Regions" + }, + "ListServiceIndexes": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Indexes" + }, + "ListServiceViews": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ServiceViews" + }, + "ListStreamingAccessForServices": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "StreamingAccessForServices" } } } diff -pruN 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/service-2.json 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/service-2.json --- 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-07-28", + "auth":["aws.auth#sigv4"], "endpointPrefix":"resource-explorer-2", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"AWS Resource Explorer", "serviceId":"Resource Explorer 2", "signatureVersion":"v4", "signingName":"resource-explorer-2", - "uid":"resource-explorer-2-2022-07-28", - "auth":["aws.auth#sigv4"] + "uid":"resource-explorer-2-2022-07-28" }, "operations":{ "AssociateDefaultView":{ @@ -49,7 +48,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves details about a list of views.

    " + "documentation":"

    Retrieves details about a list of views.

    ", + "readonly":true }, "CreateIndex":{ "name":"CreateIndex", @@ -70,6 +70,25 @@ "documentation":"

    Turns on Amazon Web Services Resource Explorer in the Amazon Web Services Region in which you called this operation by creating an index. Resource Explorer begins discovering the resources in this Region and stores the details about the resources in the index so that they can be queried by using the Search operation. You can create only one index in a Region.

    This operation creates only a local index. To promote the local index in one Amazon Web Services Region into the aggregator index for the Amazon Web Services account, use the UpdateIndexType operation. For more information, see Turning on cross-Region search by creating an aggregator index in the Amazon Web Services Resource Explorer User Guide.

    For more details about what happens when you turn on Resource Explorer in an Amazon Web Services Region, see Turn on Resource Explorer to index your resources in an Amazon Web Services Region in the Amazon Web Services Resource Explorer User Guide.

    If this is the first Amazon Web Services Region in which you've created an index for Resource Explorer, then this operation also creates a service-linked role in your Amazon Web Services account that allows Resource Explorer to enumerate your resources to populate the index.

    • Action: resource-explorer-2:CreateIndex

      Resource: The ARN of the index (as it will exist after the operation completes) in the Amazon Web Services Region and account in which you're trying to create the index. Use the wildcard character (*) at the end of the string to match the eventual UUID. For example, the following Resource element restricts the role or user to creating an index in only the us-east-2 Region of the specified account.

      \"Resource\": \"arn:aws:resource-explorer-2:us-west-2:<account-id>:index/*\"

      Alternatively, you can use \"Resource\": \"*\" to allow the role or user to create an index in any Region.

    • Action: iam:CreateServiceLinkedRole

      Resource: No specific resource (*).

      This permission is required only the first time you create an index to turn on Resource Explorer in the account. Resource Explorer uses this to create the service-linked role needed to index the resources in your account. Resource Explorer uses the same service-linked role for all additional indexes you create afterwards.

    ", "idempotent":true }, + "CreateResourceExplorerSetup":{ + "name":"CreateResourceExplorerSetup", + "http":{ + "method":"POST", + "requestUri":"/CreateResourceExplorerSetup", + "responseCode":200 + }, + "input":{"shape":"CreateResourceExplorerSetupInput"}, + "output":{"shape":"CreateResourceExplorerSetupOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Creates a Resource Explorer setup configuration across multiple Amazon Web Services Regions. This operation sets up indexes and views in the specified Regions. This operation can also be used to set an aggregator Region for cross-Region resource search.

    ", + "idempotent":true + }, "CreateView":{ "name":"CreateView", "http":{ @@ -109,6 +128,25 @@ "documentation":"

    Deletes the specified index and turns off Amazon Web Services Resource Explorer in the specified Amazon Web Services Region. When you delete an index, Resource Explorer stops discovering and indexing resources in that Region. Resource Explorer also deletes all views in that Region. These actions occur as asynchronous background tasks. You can check to see when the actions are complete by using the GetIndex operation and checking the Status response value.

    If the index you delete is the aggregator index for the Amazon Web Services account, you must wait 24 hours before you can promote another local index to be the aggregator index for the account. Users can't perform account-wide searches using Resource Explorer until another aggregator index is configured.

    ", "idempotent":true }, + "DeleteResourceExplorerSetup":{ + "name":"DeleteResourceExplorerSetup", + "http":{ + "method":"POST", + "requestUri":"/DeleteResourceExplorerSetup", + "responseCode":200 + }, + "input":{"shape":"DeleteResourceExplorerSetupInput"}, + "output":{"shape":"DeleteResourceExplorerSetupOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes a Resource Explorer setup configuration. This operation removes indexes and views from the specified Regions or all Regions where Resource Explorer is configured.

    ", + "idempotent":true + }, "DeleteView":{ "name":"DeleteView", "http":{ @@ -160,7 +198,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves the status of your account's Amazon Web Services service access, and validates the service linked role required to access the multi-account search feature. Only the management account can invoke this API call.

    " + "documentation":"

    Retrieves the status of your account's Amazon Web Services service access, and validates the service linked role required to access the multi-account search feature. Only the management account can invoke this API call.

    ", + "readonly":true }, "GetDefaultView":{ "name":"GetDefaultView", @@ -177,7 +216,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves the Amazon Resource Name (ARN) of the view that is the default for the Amazon Web Services Region in which you call this operation. You can then call GetView to retrieve the details of that view.

    " + "documentation":"

    Retrieves the Amazon Resource Name (ARN) of the view that is the default for the Amazon Web Services Region in which you call this operation. You can then call GetView to retrieve the details of that view.

    ", + "readonly":true }, "GetIndex":{ "name":"GetIndex", @@ -213,7 +253,64 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves details of the specified Amazon Web Services-managed view.

    " + "documentation":"

    Retrieves details of the specified Amazon Web Services-managed view.

    ", + "readonly":true + }, + "GetResourceExplorerSetup":{ + "name":"GetResourceExplorerSetup", + "http":{ + "method":"POST", + "requestUri":"/GetResourceExplorerSetup", + "responseCode":200 + }, + "input":{"shape":"GetResourceExplorerSetupInput"}, + "output":{"shape":"GetResourceExplorerSetupOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves the status and details of a Resource Explorer setup operation. This operation returns information about the progress of creating or deleting Resource Explorer configurations across Regions.

    ", + "readonly":true + }, + "GetServiceIndex":{ + "name":"GetServiceIndex", + "http":{ + "method":"POST", + "requestUri":"/GetServiceIndex", + "responseCode":200 + }, + "output":{"shape":"GetServiceIndexOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves information about the Resource Explorer index in the current Amazon Web Services Region. This operation returns the ARN and type of the index if one exists.

    ", + "readonly":true + }, + "GetServiceView":{ + "name":"GetServiceView", + "http":{ + "method":"POST", + "requestUri":"/GetServiceView", + "responseCode":200 + }, + "input":{"shape":"GetServiceViewInput"}, + "output":{"shape":"GetServiceViewOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Retrieves details about a specific Resource Explorer service view. This operation returns the configuration and properties of the specified view.

    ", + "readonly":true }, "GetView":{ "name":"GetView", @@ -232,7 +329,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves details of the specified view.

    " + "documentation":"

    Retrieves details of the specified view.

    ", + "readonly":true }, "ListIndexes":{ "name":"ListIndexes", @@ -249,7 +347,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of all of the indexes in Amazon Web Services Regions that are currently collecting resource information for Amazon Web Services Resource Explorer.

    " + "documentation":"

    Retrieves a list of all of the indexes in Amazon Web Services Regions that are currently collecting resource information for Amazon Web Services Resource Explorer.

    ", + "readonly":true }, "ListIndexesForMembers":{ "name":"ListIndexesForMembers", @@ -266,7 +365,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of a member's indexes in all Amazon Web Services Regions that are currently collecting resource information for Amazon Web Services Resource Explorer. Only the management account or a delegated administrator with service access enabled can invoke this API call.

    " + "documentation":"

    Retrieves a list of a member's indexes in all Amazon Web Services Regions that are currently collecting resource information for Amazon Web Services Resource Explorer. Only the management account or a delegated administrator with service access enabled can invoke this API call.

    ", + "readonly":true }, "ListManagedViews":{ "name":"ListManagedViews", @@ -303,7 +403,60 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Returns a list of resources and their details that match the specified criteria. This query must use a view. If you don’t explicitly specify a view, then Resource Explorer uses the default view for the Amazon Web Services Region in which you call this operation.

    " + "documentation":"

    Returns a list of resources and their details that match the specified criteria. This query must use a view. If you don’t explicitly specify a view, then Resource Explorer uses the default view for the Amazon Web Services Region in which you call this operation.

    ", + "readonly":true + }, + "ListServiceIndexes":{ + "name":"ListServiceIndexes", + "http":{ + "method":"POST", + "requestUri":"/ListServiceIndexes", + "responseCode":200 + }, + "input":{"shape":"ListServiceIndexesInput"}, + "output":{"shape":"ListServiceIndexesOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all Resource Explorer indexes across the specified Amazon Web Services Regions. This operation returns information about indexes including their ARNs, types, and Regions.

    ", + "readonly":true + }, + "ListServiceViews":{ + "name":"ListServiceViews", + "http":{ + "method":"POST", + "requestUri":"/ListServiceViews", + "responseCode":200 + }, + "input":{"shape":"ListServiceViewsInput"}, + "output":{"shape":"ListServiceViewsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Lists all Resource Explorer service views available in the current Amazon Web Services account. This operation returns the ARNs of available service views.

    ", + "readonly":true + }, + "ListStreamingAccessForServices":{ + "name":"ListStreamingAccessForServices", + "http":{ + "method":"POST", + "requestUri":"/ListStreamingAccessForServices", + "responseCode":200 + }, + "input":{"shape":"ListStreamingAccessForServicesInput"}, + "output":{"shape":"ListStreamingAccessForServicesOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Returns a list of Amazon Web Services services that have been granted streaming access to your Resource Explorer data. Streaming access allows Amazon Web Services services to receive real-time updates about your resources as they are indexed by Resource Explorer.

    " }, "ListSupportedResourceTypes":{ "name":"ListSupportedResourceTypes", @@ -320,7 +473,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Retrieves a list of all resource types currently supported by Amazon Web Services Resource Explorer.

    " + "documentation":"

    Retrieves a list of all resource types currently supported by Amazon Web Services Resource Explorer.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -339,7 +493,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Lists the tags that are attached to the specified resource.

    " + "documentation":"

    Lists the tags that are attached to the specified resource.

    ", + "readonly":true }, "ListViews":{ "name":"ListViews", @@ -356,7 +511,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Lists the Amazon resource names (ARNs) of the views available in the Amazon Web Services Region in which you call this operation.

    Always check the NextToken response parameter for a null value when calling a paginated operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    " + "documentation":"

    Lists the Amazon resource names (ARNs) of the views available in the Amazon Web Services Region in which you call this operation.

    Always check the NextToken response parameter for a null value when calling a paginated operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

    ", + "readonly":true }, "Search":{ "name":"Search", @@ -375,7 +531,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Searches for resources and displays details about all resources that match the specified criteria. You must specify a query string.

    All search queries must use a view. If you don't explicitly specify a view, then Amazon Web Services Resource Explorer uses the default view for the Amazon Web Services Region in which you call this operation. The results are the logical intersection of the results that match both the QueryString parameter supplied to this operation and the SearchFilter parameter attached to the view.

    For the complete syntax supported by the QueryString parameter, see Search query syntax reference for Resource Explorer.

    If your search results are empty, or are missing results that you think should be there, see Troubleshooting Resource Explorer search.

    " + "documentation":"

    Searches for resources and displays details about all resources that match the specified criteria. You must specify a query string.

    All search queries must use a view. If you don't explicitly specify a view, then Amazon Web Services Resource Explorer uses the default view for the Amazon Web Services Region in which you call this operation. The results are the logical intersection of the results that match both the QueryString parameter supplied to this operation and the SearchFilter parameter attached to the view.

    For the complete syntax supported by the QueryString parameter, see Search query syntax reference for Resource Explorer.

    If your search results are empty, or are missing results that you think should be there, see Troubleshooting Resource Explorer search.

    ", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -508,17 +665,17 @@ "BatchGetViewError":{ "type":"structure", "required":[ - "ErrorMessage", - "ViewArn" + "ViewArn", + "ErrorMessage" ], "members":{ - "ErrorMessage":{ - "shape":"String", - "documentation":"

    The description of the error for the specified view.

    " - }, "ViewArn":{ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the view for which Resource Explorer failed to retrieve details.

    " + }, + "ErrorMessage":{ + "shape":"String", + "documentation":"

    The description of the error for the specified view.

    " } }, "documentation":"

    A collection of error messages for any views that Amazon Web Services Resource Explorer couldn't retrieve details.

    " @@ -545,13 +702,13 @@ "BatchGetViewOutput":{ "type":"structure", "members":{ - "Errors":{ - "shape":"BatchGetViewErrors", - "documentation":"

    If any of the specified ARNs result in an error, then this structure describes the error.

    " - }, "Views":{ "shape":"ViewList", "documentation":"

    A structure with a list of objects with details for each of the specified views.

    " + }, + "Errors":{ + "shape":"BatchGetViewErrors", + "documentation":"

    If any of the specified ARNs result in an error, then this structure describes the error.

    " } } }, @@ -593,16 +750,74 @@ "shape":"String", "documentation":"

    The ARN of the new local index for the Region. You can reference this ARN in IAM permission policies to authorize the following operations: DeleteIndex | GetIndex | UpdateIndexType | CreateView

    " }, + "State":{ + "shape":"IndexState", + "documentation":"

    Indicates the current state of the index. You can check for changes to the state for asynchronous operations by calling the GetIndex operation.

    The state can remain in the CREATING or UPDATING state for several hours as Resource Explorer discovers the information about your resources and populates the index.

    " + }, "CreatedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and timestamp when the index was created.

    " + } + } + }, + "CreateResourceExplorerSetupInput":{ + "type":"structure", + "required":[ + "RegionList", + "ViewName" + ], + "members":{ + "RegionList":{ + "shape":"CreateResourceExplorerSetupInputRegionListList", + "documentation":"

    A list of Amazon Web Services Regions where Resource Explorer should be configured. Each Region in the list will have a user-owned index created.

    " }, - "State":{ - "shape":"IndexState", - "documentation":"

    Indicates the current state of the index. You can check for changes to the state for asynchronous operations by calling the GetIndex operation.

    The state can remain in the CREATING or UPDATING state for several hours as Resource Explorer discovers the information about your resources and populates the index.

    " + "AggregatorRegions":{ + "shape":"CreateResourceExplorerSetupInputAggregatorRegionsList", + "documentation":"

    A list of Amazon Web Services Regions that should be configured as aggregator Regions. Aggregator Regions receive replicated index information from all other Regions where there is a user-owned index.

    " + }, + "ViewName":{ + "shape":"CreateResourceExplorerSetupInputViewNameString", + "documentation":"

    The name for the view to be created as part of the Resource Explorer setup. The view name must be unique within the Amazon Web Services account and Region.

    " } } }, + "CreateResourceExplorerSetupInputAggregatorRegionsList":{ + "type":"list", + "member":{"shape":"CreateResourceExplorerSetupInputAggregatorRegionsListMemberString"}, + "max":1, + "min":0 + }, + "CreateResourceExplorerSetupInputAggregatorRegionsListMemberString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" + }, + "CreateResourceExplorerSetupInputRegionListList":{ + "type":"list", + "member":{"shape":"CreateResourceExplorerSetupInputRegionListListMemberString"}, + "min":1 + }, + "CreateResourceExplorerSetupInputRegionListListMemberString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" + }, + "CreateResourceExplorerSetupInputViewNameString":{ + "type":"string", + "pattern":"[a-zA-Z0-9-]{1,64}" + }, + "CreateResourceExplorerSetupOutput":{ + "type":"structure", + "required":["TaskId"], + "members":{ + "TaskId":{ + "shape":"CreateResourceExplorerSetupOutputTaskIdString", + "documentation":"

    The unique identifier for the setup task. Use this ID with GetResourceExplorerSetup to monitor the progress of the configuration operation.

    " + } + } + }, + "CreateResourceExplorerSetupOutputTaskIdString":{ + "type":"string", + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, "CreateViewInput":{ "type":"structure", "required":["ViewName"], @@ -612,9 +827,9 @@ "documentation":"

    This value helps ensure idempotency. Resource Explorer uses this value to prevent the accidental creation of duplicate versions. We recommend that you generate a UUID-type value to ensure the uniqueness of your views.

    ", "idempotencyToken":true }, - "Filters":{ - "shape":"SearchFilter", - "documentation":"

    An array of strings that specify which resources are included in the results of queries made using this view. When you use this view in a Search operation, the filter string is combined with the search's QueryString parameter using a logical AND operator.

    For information about the supported syntax, see Search query reference for Resource Explorer in the Amazon Web Services Resource Explorer User Guide.

    This query string in the context of this operation supports only filter prefixes with optional operators. It doesn't support free-form text. For example, the string region:us* service:ec2 -tag:stage=prod includes all Amazon EC2 resources in any Amazon Web Services Region that begins with the letters us and is not tagged with a key Stage that has the value prod.

    " + "ViewName":{ + "shape":"ViewName", + "documentation":"

    The name of the new view. This name appears in the list of views in Resource Explorer.

    The name must be no more than 64 characters long, and can include letters, digits, and the dash (-) character. The name must be unique within its Amazon Web Services Region.

    " }, "IncludedProperties":{ "shape":"IncludedPropertyList", @@ -624,13 +839,13 @@ "shape":"CreateViewInputScopeString", "documentation":"

    The root ARN of the account, an organizational unit (OU), or an organization ARN. If left empty, the default is account.

    " }, + "Filters":{ + "shape":"SearchFilter", + "documentation":"

    An array of strings that specify which resources are included in the results of queries made using this view. When you use this view in a Search operation, the filter string is combined with the search's QueryString parameter using a logical AND operator.

    For information about the supported syntax, see Search query reference for Resource Explorer in the Amazon Web Services Resource Explorer User Guide.

    This query string in the context of this operation supports only filter prefixes with optional operators. It doesn't support free-form text. For example, the string region:us* service:ec2 -tag:stage=prod includes all Amazon EC2 resources in any Amazon Web Services Region that begins with the letters us and is not tagged with a key Stage that has the value prod.

    " + }, "Tags":{ "shape":"TagMap", "documentation":"

    Tag key and value pairs that are attached to the view.

    " - }, - "ViewName":{ - "shape":"ViewName", - "documentation":"

    The name of the new view. This name appears in the list of views in Resource Explorer.

    The name must be no more than 64 characters long, and can include letters, digits, and the dash (-) character. The name must be unique within its Amazon Web Services Region.

    " } } }, @@ -670,16 +885,43 @@ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the index that you successfully started the deletion process.

    This operation is asynchronous. To check its status, call the GetIndex operation.

    " }, + "State":{ + "shape":"IndexState", + "documentation":"

    Indicates the current state of the index.

    " + }, "LastUpdatedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time when you last updated this index.

    " + } + } + }, + "DeleteResourceExplorerSetupInput":{ + "type":"structure", + "members":{ + "RegionList":{ + "shape":"RegionList", + "documentation":"

    A list of Amazon Web Services Regions from which to delete the Resource Explorer configuration. If not specified, the operation uses the DeleteInAllRegions parameter to determine scope.

    " }, - "State":{ - "shape":"IndexState", - "documentation":"

    Indicates the current state of the index.

    " + "DeleteInAllRegions":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to delete Resource Explorer configuration from all Regions where it is currently enabled. If this parameter is set to true, a value for RegionList must not be provided. Otherwise, the operation fails with a ValidationException error.

    " } } }, + "DeleteResourceExplorerSetupOutput":{ + "type":"structure", + "required":["TaskId"], + "members":{ + "TaskId":{ + "shape":"DeleteResourceExplorerSetupOutputTaskIdString", + "documentation":"

    The unique identifier for the deletion task. Use this ID with GetResourceExplorerSetup to monitor the progress of the deletion operation.

    " + } + } + }, + "DeleteResourceExplorerSetupOutputTaskIdString":{ + "type":"string", + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, "DeleteViewInput":{ "type":"structure", "required":["ViewArn"], @@ -706,9 +948,22 @@ }, "Document":{ "type":"structure", + "members":{}, + "document":true + }, + "ErrorDetails":{ + "type":"structure", "members":{ + "Code":{ + "shape":"String", + "documentation":"

    The error code that identifies the type of error that occurred.

    " + }, + "Message":{ + "shape":"String", + "documentation":"

    A human-readable description of the error that occurred.

    " + } }, - "document":true + "documentation":"

    Contains information about an error that occurred during a Resource Explorer setup operation.

    " }, "GetAccountLevelServiceConfigurationOutput":{ "type":"structure", @@ -735,13 +990,13 @@ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the index.

    " }, - "CreatedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date and time when the index was originally created.

    " + "Type":{ + "shape":"IndexType", + "documentation":"

    The type of the index in this Region. For information about the aggregator index and how it differs from a local index, see Turning on cross-Region search by creating an aggregator index.

    " }, - "LastUpdatedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date and time when the index was last updated.

    " + "State":{ + "shape":"IndexState", + "documentation":"

    The current state of the index in this Amazon Web Services Region.

    " }, "ReplicatingFrom":{ "shape":"RegionList", @@ -751,17 +1006,17 @@ "shape":"RegionList", "documentation":"

    This response value is present only if this index is Type=LOCAL.

    The Amazon Web Services Region that contains the aggregator index, if one exists. If an aggregator index does exist then the Region in which you called this operation replicates its index information to the Region specified in this response value.

    " }, - "State":{ - "shape":"IndexState", - "documentation":"

    The current state of the index in this Amazon Web Services Region.

    " + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the index was originally created.

    " + }, + "LastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when the index was last updated.

    " }, "Tags":{ "shape":"TagMap", "documentation":"

    Tag key and value pairs that are attached to the index.

    " - }, - "Type":{ - "shape":"IndexType", - "documentation":"

    The type of the index in this Region. For information about the aggregator index and how it differs from a local index, see Turning on cross-Region search by creating an aggregator index.

    " } } }, @@ -789,6 +1044,95 @@ } } }, + "GetResourceExplorerSetupInput":{ + "type":"structure", + "required":["TaskId"], + "members":{ + "TaskId":{ + "shape":"GetResourceExplorerSetupInputTaskIdString", + "documentation":"

    The unique identifier of the setup task to retrieve status information for. This ID is returned by CreateResourceExplorerSetup or DeleteResourceExplorerSetup operations.

    " + }, + "MaxResults":{ + "shape":"GetResourceExplorerSetupInputMaxResultsInteger", + "documentation":"

    The maximum number of Region status results to return in a single response. Valid values are between 1 and 100.

    " + }, + "NextToken":{ + "shape":"GetResourceExplorerSetupInputNextTokenString", + "documentation":"

    The pagination token from a previous GetResourceExplorerSetup response. Use this token to retrieve the next set of results.

    " + } + } + }, + "GetResourceExplorerSetupInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "GetResourceExplorerSetupInputNextTokenString":{ + "type":"string", + "max":2048, + "min":1 + }, + "GetResourceExplorerSetupInputTaskIdString":{ + "type":"string", + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, + "GetResourceExplorerSetupOutput":{ + "type":"structure", + "members":{ + "Regions":{ + "shape":"RegionStatusList", + "documentation":"

    A list of Region status objects that describe the current state of Resource Explorer configuration in each Region.

    " + }, + "NextToken":{ + "shape":"GetResourceExplorerSetupOutputNextTokenString", + "documentation":"

    The pagination token to use in a subsequent GetResourceExplorerSetup request to retrieve the next set of results.

    " + } + } + }, + "GetResourceExplorerSetupOutputNextTokenString":{ + "type":"string", + "max":2048, + "min":1 + }, + "GetServiceIndexOutput":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the Resource Explorer index in the current Region.

    " + }, + "Type":{ + "shape":"IndexType", + "documentation":"

    The type of the index. Valid values are LOCAL (contains resources from the current Region only) or AGGREGATOR (contains replicated resource information from all Regions).

    " + } + } + }, + "GetServiceViewInput":{ + "type":"structure", + "required":["ServiceViewArn"], + "members":{ + "ServiceViewArn":{ + "shape":"GetServiceViewInputServiceViewArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the service view to retrieve details for.

    " + } + } + }, + "GetServiceViewInputServiceViewArnString":{ + "type":"string", + "max":1011, + "min":1 + }, + "GetServiceViewOutput":{ + "type":"structure", + "required":["View"], + "members":{ + "View":{ + "shape":"ServiceView", + "documentation":"

    A ServiceView object that contains the details and configuration of the requested service view.

    " + } + } + }, "GetViewInput":{ "type":"structure", "required":["ViewArn"], @@ -807,13 +1151,13 @@ "GetViewOutput":{ "type":"structure", "members":{ - "Tags":{ - "shape":"TagMap", - "documentation":"

    Tag key and value pairs that are attached to the view.

    " - }, "View":{ "shape":"View", "documentation":"

    A structure that contains the details for the requested view.

    " + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    Tag key and value pairs that are attached to the view.

    " } } }, @@ -823,7 +1167,7 @@ "members":{ "Name":{ "shape":"IncludedPropertyNameString", - "documentation":"

    The name of the property that is included in this view.

    You can specify the following property names for this field:

    • Tags

    " + "documentation":"

    The name of the property that is included in this view.

    You can specify the following property names for this field:

    • tags

    " } }, "documentation":"

    Information about an additional property that describes a resource, that you can optionally include in the view. This lets you view that property in search results, and filter your search results based on the value of the property.

    " @@ -840,14 +1184,14 @@ "Index":{ "type":"structure", "members":{ - "Arn":{ - "shape":"String", - "documentation":"

    The Amazon resource name (ARN) of the index.

    " - }, "Region":{ "shape":"String", "documentation":"

    The Amazon Web Services Region in which the index exists.

    " }, + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon resource name (ARN) of the index.

    " + }, "Type":{ "shape":"IndexType", "documentation":"

    The type of index. It can be one of the following values:

    • LOCAL – The index contains information about resources from only the same Amazon Web Services Region.

    • AGGREGATOR – Resource Explorer replicates copies of the indexed information about resources in all other Amazon Web Services Regions to the aggregator index. This lets search results in the Region with the aggregator index to include resources from all Regions in the account where Resource Explorer is turned on.

    " @@ -869,6 +1213,21 @@ "UPDATING" ] }, + "IndexStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"OperationStatus", + "documentation":"

    The current status of the index operation. Valid values are SUCCEEDED, FAILED, IN_PROGRESS, or SKIPPED.

    " + }, + "Index":{"shape":"Index"}, + "ErrorDetails":{ + "shape":"ErrorDetails", + "documentation":"

    Details about any error that occurred during the index operation.

    " + } + }, + "documentation":"

    Contains information about the status of a Resource Explorer index operation in a specific Region.

    " + }, "IndexType":{ "type":"string", "enum":[ @@ -937,6 +1296,14 @@ "ListIndexesInput":{ "type":"structure", "members":{ + "Type":{ + "shape":"IndexType", + "documentation":"

    If specified, limits the output to only indexes of the specified Type, either LOCAL or AGGREGATOR.

    Use this option to discover the aggregator index for your account.

    " + }, + "Regions":{ + "shape":"ListIndexesInputRegionsList", + "documentation":"

    If specified, limits the response to only information about the index in the specified list of Amazon Web Services Regions.

    " + }, "MaxResults":{ "shape":"ListIndexesInputMaxResultsInteger", "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " @@ -944,14 +1311,6 @@ "NextToken":{ "shape":"ListIndexesInputNextTokenString", "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " - }, - "Regions":{ - "shape":"ListIndexesInputRegionsList", - "documentation":"

    If specified, limits the response to only information about the index in the specified list of Amazon Web Services Regions.

    " - }, - "Type":{ - "shape":"IndexType", - "documentation":"

    If specified, limits the output to only indexes of the specified Type, either LOCAL or AGGREGATOR.

    Use this option to discover the aggregator index for your account.

    " } } }, @@ -968,10 +1327,14 @@ }, "ListIndexesInputRegionsList":{ "type":"list", - "member":{"shape":"String"}, + "member":{"shape":"ListIndexesInputRegionsListMemberString"}, "max":20, "min":0 }, + "ListIndexesInputRegionsListMemberString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" + }, "ListIndexesOutput":{ "type":"structure", "members":{ @@ -1021,31 +1384,34 @@ "ListManagedViewsOutput":{ "type":"structure", "members":{ - "ManagedViews":{ - "shape":"ManagedViewArnList", - "documentation":"

    The list of managed views available in the Amazon Web Services Region in which you called this operation.

    " - }, "NextToken":{ "shape":"String", "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " + }, + "ManagedViews":{ + "shape":"ManagedViewArnList", + "documentation":"

    The list of managed views available in the Amazon Web Services Region in which you called this operation.

    " } } }, "ListResourcesInput":{ "type":"structure", "members":{ - "Filters":{"shape":"SearchFilter"}, + "Filters":{ + "shape":"SearchFilter", + "documentation":"

    An array of strings that specify which resources are included in the results of queries made using this view. When you use this view in a Search operation, the filter string is combined with the search's QueryString parameter using a logical AND operator.

    For information about the supported syntax, see Search query reference for Resource Explorer in the Amazon Web Services Resource Explorer User Guide.

    This query string in the context of this operation supports only filter prefixes with optional operators. It doesn't support free-form text. For example, the string region:us* service:ec2 -tag:stage=prod includes all Amazon EC2 resources in any Amazon Web Services Region that begins with the letters us and is not tagged with a key Stage that has the value prod.

    " + }, "MaxResults":{ "shape":"ListResourcesInputMaxResultsInteger", "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " }, - "NextToken":{ - "shape":"ListResourcesInputNextTokenString", - "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " - }, "ViewArn":{ "shape":"ListResourcesInputViewArnString", "documentation":"

    Specifies the Amazon resource name (ARN) of the view to use for the query. If you don't specify a value for this parameter, then the operation automatically uses the default view for the Amazon Web Services Region in which you called this operation. If the Region either doesn't have a default view or if you don't have permission to use the default view, then the operation fails with a 401 Unauthorized exception.

    " + }, + "NextToken":{ + "shape":"ListResourcesInputNextTokenString", + "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    The ListResources operation does not generate a NextToken if you set MaxResults to 1000.

    " } } }, @@ -1068,14 +1434,14 @@ "ListResourcesOutput":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"ListResourcesOutputNextTokenString", - "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " - }, "Resources":{ "shape":"ResourceList", "documentation":"

    The list of structures that describe the resources that match the query.

    " }, + "NextToken":{ + "shape":"ListResourcesOutputNextTokenString", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " + }, "ViewArn":{ "shape":"ListResourcesOutputViewArnString", "documentation":"

    The Amazon resource name (ARN) of the view that this operation used to perform the search.

    " @@ -1092,12 +1458,95 @@ "max":1011, "min":1 }, - "ListSupportedResourceTypesInput":{ + "ListServiceIndexesInput":{ + "type":"structure", + "members":{ + "Regions":{ + "shape":"ListServiceIndexesInputRegionsList", + "documentation":"

    A list of Amazon Web Services Regions to include in the search for indexes. If not specified, indexes from all Regions are returned.

    " + }, + "MaxResults":{ + "shape":"ListServiceIndexesInputMaxResultsInteger", + "documentation":"

    The maximum number of index results to return in a single response. Valid values are between 1 and 100.

    " + }, + "NextToken":{ + "shape":"ListServiceIndexesInputNextTokenString", + "documentation":"

    The pagination token from a previous ListServiceIndexes response. Use this token to retrieve the next set of results.

    " + } + } + }, + "ListServiceIndexesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListServiceIndexesInputNextTokenString":{ + "type":"string", + "max":2048, + "min":1 + }, + "ListServiceIndexesInputRegionsList":{ + "type":"list", + "member":{"shape":"ListServiceIndexesInputRegionsListMemberString"}, + "max":20, + "min":0 + }, + "ListServiceIndexesInputRegionsListMemberString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" + }, + "ListServiceIndexesOutput":{ + "type":"structure", + "members":{ + "Indexes":{ + "shape":"IndexList", + "documentation":"

    A list of Index objects that describe the Resource Explorer indexes found in the specified Regions.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The pagination token to use in a subsequent ListServiceIndexes request to retrieve the next set of results.

    " + } + } + }, + "ListServiceViewsInput":{ "type":"structure", "members":{ "MaxResults":{ - "shape":"ListSupportedResourceTypesInputMaxResultsInteger", - "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " + "shape":"ListServiceViewsInputMaxResultsInteger", + "documentation":"

    The maximum number of service view results to return in a single response. Valid values are between 1 and 50.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    The pagination token from a previous ListServiceViews response. Use this token to retrieve the next set of results.

    " + } + } + }, + "ListServiceViewsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, + "ListServiceViewsOutput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    The pagination token to use in a subsequent ListServiceViews request to retrieve the next set of results.

    " + }, + "ServiceViews":{ + "shape":"ServiceViewArnList", + "documentation":"

    A list of Amazon Resource Names (ARNs) for the service views available in the current Amazon Web Services account.

    " + } + } + }, + "ListStreamingAccessForServicesInput":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"ListStreamingAccessForServicesInputMaxResultsInteger", + "documentation":"

    The maximum number of streaming access entries to return in the response. If there are more results available, the response includes a NextToken value that you can use in a subsequent call to get the next set of results. The value must be between 1 and 50. If you don't specify a value, the default is 50.

    " }, "NextToken":{ "shape":"String", @@ -1105,22 +1554,55 @@ } } }, - "ListSupportedResourceTypesInputMaxResultsInteger":{ + "ListStreamingAccessForServicesInputMaxResultsInteger":{ "type":"integer", "box":true, - "max":1000, + "max":50, "min":1 }, - "ListSupportedResourceTypesOutput":{ + "ListStreamingAccessForServicesOutput":{ "type":"structure", + "required":["StreamingAccessForServices"], "members":{ + "StreamingAccessForServices":{ + "shape":"StreamingAccessDetailsList", + "documentation":"

    A list of Amazon Web Services services that have streaming access to your Resource Explorer data, including details about when the access was granted.

    " + }, "NextToken":{ "shape":"String", "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " + } + } + }, + "ListSupportedResourceTypesInput":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " }, + "MaxResults":{ + "shape":"ListSupportedResourceTypesInputMaxResultsInteger", + "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " + } + } + }, + "ListSupportedResourceTypesInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListSupportedResourceTypesOutput":{ + "type":"structure", + "members":{ "ResourceTypes":{ "shape":"ResourceTypeList", "documentation":"

    The list of resource types supported by Resource Explorer.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " } } }, @@ -1148,13 +1630,13 @@ "ListViewsInput":{ "type":"structure", "members":{ - "MaxResults":{ - "shape":"ListViewsInputMaxResultsInteger", - "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " - }, "NextToken":{ "shape":"String", "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " + }, + "MaxResults":{ + "shape":"ListViewsInputMaxResultsInteger", + "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " } } }, @@ -1167,13 +1649,13 @@ "ListViewsOutput":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"String", - "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " - }, "Views":{ "shape":"ViewArnList", "documentation":"

    The list of views available in the Amazon Web Services Region in which you called this operation.

    " + }, + "NextToken":{ + "shape":"String", + "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " } } }, @@ -1184,15 +1666,6 @@ "ManagedView":{ "type":"structure", "members":{ - "Filters":{"shape":"SearchFilter"}, - "IncludedProperties":{ - "shape":"IncludedPropertyList", - "documentation":"

    A structure that contains additional information about the managed view.

    " - }, - "LastUpdatedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date and time when this managed view was last modified.

    " - }, "ManagedViewArn":{ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the managed view.

    " @@ -1201,21 +1674,30 @@ "shape":"String", "documentation":"

    The name of the managed view.

    " }, - "Owner":{ + "TrustedService":{ "shape":"String", - "documentation":"

    The Amazon Web Services account that owns this managed view.

    " + "documentation":"

    The service principal of the Amazon Web Services service that created and manages the managed view.

    " }, - "ResourcePolicy":{ + "LastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when this managed view was last modified.

    " + }, + "Owner":{ "shape":"String", - "documentation":"

    The resource policy that defines access to the managed view. To learn more about this policy, review Managed views.

    " + "documentation":"

    The Amazon Web Services account that owns this managed view.

    " }, "Scope":{ "shape":"String", "documentation":"

    An Amazon resource name (ARN) of an Amazon Web Services account or organization that specifies whether this managed view includes resources from only the specified Amazon Web Services account or all accounts in the specified organization.

    " }, - "TrustedService":{ + "IncludedProperties":{ + "shape":"IncludedPropertyList", + "documentation":"

    A structure that contains additional information about the managed view.

    " + }, + "Filters":{"shape":"SearchFilter"}, + "ResourcePolicy":{ "shape":"String", - "documentation":"

    The service principal of the Amazon Web Services service that created and manages the managed view.

    " + "documentation":"

    The resource policy that defines access to the managed view. To learn more about this policy, review Managed views.

    " }, "Version":{ "shape":"String", @@ -1235,14 +1717,14 @@ "shape":"String", "documentation":"

    The account ID for the index.

    " }, - "Arn":{ - "shape":"String", - "documentation":"

    The Amazon resource name (ARN) of the index.

    " - }, "Region":{ "shape":"String", "documentation":"

    The Amazon Web Services Region in which the index exists.

    " }, + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon resource name (ARN) of the index.

    " + }, "Type":{ "shape":"IndexType", "documentation":"

    The type of index. It can be one of the following values:

    • LOCAL – The index contains information about resources from only the same Amazon Web Services Region.

    • AGGREGATOR – Resource Explorer replicates copies of the indexed information about resources in all other Amazon Web Services Regions to the aggregator index. This lets search results in the Region with the aggregator index to include resources from all Regions in the account where Resource Explorer is turned on.

    " @@ -1254,6 +1736,15 @@ "type":"list", "member":{"shape":"MemberIndex"} }, + "OperationStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "FAILED", + "IN_PROGRESS", + "SKIPPED" + ] + }, "OrgConfiguration":{ "type":"structure", "required":["AWSServiceAccessStatus"], @@ -1277,7 +1768,37 @@ }, "RegionList":{ "type":"list", - "member":{"shape":"String"} + "member":{"shape":"RegionListMemberString"} + }, + "RegionListMemberString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" + }, + "RegionStatus":{ + "type":"structure", + "members":{ + "Region":{ + "shape":"RegionStatusRegionString", + "documentation":"

    The Amazon Web Services Region for which this status information applies.

    " + }, + "Index":{ + "shape":"IndexStatus", + "documentation":"

    The status information for the Resource Explorer index in this Region.

    " + }, + "View":{ + "shape":"ViewStatus", + "documentation":"

    The status information for the Resource Explorer view in this Region.

    " + } + }, + "documentation":"

    Contains information about the status of Resource Explorer configuration in a specific Amazon Web Services Region.

    " + }, + "RegionStatusList":{ + "type":"list", + "member":{"shape":"RegionStatus"} + }, + "RegionStatusRegionString":{ + "type":"string", + "pattern":"[a-z-]+-[a-z]+-[0-9]" }, "Resource":{ "type":"structure", @@ -1286,18 +1807,10 @@ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the resource.

    " }, - "LastReportedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date and time that Resource Explorer last queried this resource and updated the index with the latest information about the resource.

    " - }, "OwningAccountId":{ "shape":"String", "documentation":"

    The Amazon Web Services account that owns the resource.

    " }, - "Properties":{ - "shape":"ResourcePropertyList", - "documentation":"

    A structure with additional type-specific details about the resource. These properties can be added by turning on integration between Resource Explorer and other Amazon Web Services services.

    " - }, "Region":{ "shape":"String", "documentation":"

    The Amazon Web Services Region in which the resource was created and exists.

    " @@ -1309,6 +1822,14 @@ "Service":{ "shape":"String", "documentation":"

    The Amazon Web Services service that owns the resource and is responsible for creating and updating it.

    " + }, + "LastReportedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time that Resource Explorer last queried this resource and updated the index with the latest information about the resource.

    " + }, + "Properties":{ + "shape":"ResourcePropertyList", + "documentation":"

    A structure with additional type-specific details about the resource. These properties can be added by turning on integration between Resource Explorer and other Amazon Web Services services.

    " } }, "documentation":"

    A resource in Amazon Web Services that Amazon Web Services Resource Explorer has discovered, and for which it has stored information in the index of the Amazon Web Services Region that contains the resource.

    " @@ -1316,13 +1837,13 @@ "ResourceCount":{ "type":"structure", "members":{ - "Complete":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the TotalResources value represents an exhaustive count of search results.

    • If True, it indicates that the search was exhaustive. Every resource that matches the query was counted.

    • If False, then the search reached the limit of 1,000 matching results, and stopped counting.

    " - }, "TotalResources":{ "shape":"Long", "documentation":"

    The number of resources that match the search query. This value can't exceed 1,000. If there are more than 1,000 resources that match the query, then only 1,000 are counted and the Complete field is set to false. We recommend that you refine your query to return a smaller number of results.

    " + }, + "Complete":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the TotalResources value represents an exhaustive count of search results.

    • If True, it indicates that the search was exhaustive. Every resource that matches the query was counted.

    • If False, then the search reached the limit of 1,000 matching results, and stopped counting.

    " } }, "documentation":"

    Information about the number of results that match the query. At this time, Amazon Web Services Resource Explorer doesn't count more than 1,000 matches for any query. This structure provides information about whether the query exceeded this limit.

    This field is included in every page when you paginate the results.

    " @@ -1346,17 +1867,17 @@ "ResourceProperty":{ "type":"structure", "members":{ - "Data":{ - "shape":"Document", - "documentation":"

    Details about this property. The content of this field is a JSON object that varies based on the resource type.

    " + "Name":{ + "shape":"String", + "documentation":"

    The name of this property of the resource.

    " }, "LastReportedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time that the information about this resource property was last updated.

    " }, - "Name":{ - "shape":"String", - "documentation":"

    The name of this property of the resource.

    " + "Data":{ + "shape":"Document", + "documentation":"

    Details about this property. The content of this field is a JSON object that varies based on the resource type.

    " } }, "documentation":"

    A structure that describes a property of a resource.

    " @@ -1390,21 +1911,21 @@ "type":"structure", "required":["QueryString"], "members":{ - "MaxResults":{ - "shape":"SearchInputMaxResultsInteger", - "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " - }, - "NextToken":{ - "shape":"SearchInputNextTokenString", - "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " - }, "QueryString":{ "shape":"QueryString", "documentation":"

    A string that includes keywords and filters that specify the resources that you want to include in the results.

    For the complete syntax supported by the QueryString parameter, see Search query syntax reference for Resource Explorer.

    The search is completely case insensitive. You can specify an empty string to return all results up to the limit of 1,000 total results.

    The operation can return only the first 1,000 results. If the resource you want is not included, then use a different value for QueryString to refine the results.

    " }, + "MaxResults":{ + "shape":"SearchInputMaxResultsInteger", + "documentation":"

    The maximum number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value appropriate to the operation. If additional items exist beyond those included in the current response, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results.

    An API operation can return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " + }, "ViewArn":{ "shape":"SearchInputViewArnString", "documentation":"

    Specifies the Amazon resource name (ARN) of the view to use for the query. If you don't specify a value for this parameter, then the operation automatically uses the default view for the Amazon Web Services Region in which you called this operation. If the Region either doesn't have a default view or if you don't have permission to use the default view, then the operation fails with a 401 Unauthorized exception.

    " + }, + "NextToken":{ + "shape":"SearchInputNextTokenString", + "documentation":"

    The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from. The pagination tokens expire after 24 hours.

    " } } }, @@ -1427,21 +1948,21 @@ "SearchOutput":{ "type":"structure", "members":{ - "Count":{ - "shape":"ResourceCount", - "documentation":"

    The number of resources that match the query.

    " + "Resources":{ + "shape":"ResourceList", + "documentation":"

    The list of structures that describe the resources that match the query.

    " }, "NextToken":{ "shape":"SearchOutputNextTokenString", "documentation":"

    If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. The pagination tokens expire after 24 hours.

    " }, - "Resources":{ - "shape":"ResourceList", - "documentation":"

    The list of structures that describe the resources that match the query.

    " - }, "ViewArn":{ "shape":"SearchOutputViewArnString", "documentation":"

    The Amazon resource name (ARN) of the view that this operation used to perform the search.

    " + }, + "Count":{ + "shape":"ResourceCount", + "documentation":"

    The number of resources that match the query.

    " } } }, @@ -1480,6 +2001,56 @@ }, "exception":true }, + "ServiceView":{ + "type":"structure", + "required":["ServiceViewArn"], + "members":{ + "ServiceViewArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the service view.

    " + }, + "Filters":{"shape":"SearchFilter"}, + "IncludedProperties":{ + "shape":"IncludedPropertyList", + "documentation":"

    A list of additional resource properties that are included in this view for search and filtering purposes.

    " + }, + "StreamingAccessForService":{ + "shape":"String", + "documentation":"

    The Amazon Web Services service that has streaming access to this view's data.

    " + }, + "ScopeType":{ + "shape":"String", + "documentation":"

    The scope type of the service view, which determines what resources are included.

    " + } + }, + "documentation":"

    Contains the configuration and properties of a Resource Explorer service view.

    " + }, + "ServiceViewArnList":{ + "type":"list", + "member":{"shape":"String"} + }, + "StreamingAccessDetails":{ + "type":"structure", + "required":[ + "ServicePrincipal", + "CreatedAt" + ], + "members":{ + "ServicePrincipal":{ + "shape":"String", + "documentation":"

    The service principal of the Amazon Web Services service that has streaming access to your Resource Explorer data. A service principal is a unique identifier for an Amazon Web Services service.

    " + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and time when streaming access was granted to the Amazon Web Services service, in ISO 8601 format.

    " + } + }, + "documentation":"

    Contains information about an Amazon Web Services service that has been granted streaming access to your Resource Explorer data.

    " + }, + "StreamingAccessDetailsList":{ + "type":"list", + "member":{"shape":"StreamingAccessDetails"} + }, "String":{"type":"string"}, "StringList":{ "type":"list", @@ -1489,13 +2060,13 @@ "SupportedResourceType":{ "type":"structure", "members":{ - "ResourceType":{ - "shape":"String", - "documentation":"

    The unique identifier of the resource type.

    " - }, "Service":{ "shape":"String", "documentation":"

    The Amazon Web Services service that is associated with the resource type. This is the primary service that lets you create and interact with resources of this type.

    " + }, + "ResourceType":{ + "shape":"String", + "documentation":"

    The unique identifier of the resource type.

    " } }, "documentation":"

    A structure that describes a resource type supported by Amazon Web Services Resource Explorer.

    " @@ -1514,22 +2085,21 @@ "type":"structure", "required":["resourceArn"], "members":{ - "Tags":{ - "shape":"TagMap", - "documentation":"

    A list of tag key and value pairs that you want to attach to the specified view or index.

    " - }, "resourceArn":{ "shape":"String", "documentation":"

    The Amazon Resource Name (ARN) of the view or index that you want to attach tags to.

    ", "location":"uri", "locationName":"resourceArn" + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    A list of tag key and value pairs that you want to attach to the specified view or index.

    " } } }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "ThrottlingException":{ "type":"structure", @@ -1578,8 +2148,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIndexTypeInput":{ "type":"structure", @@ -1605,17 +2174,17 @@ "shape":"String", "documentation":"

    The Amazon resource name (ARN) of the index that you updated.

    " }, - "LastUpdatedAt":{ - "shape":"SyntheticTimestamp_date_time", - "documentation":"

    The date and timestamp when the index was last updated.

    " + "Type":{ + "shape":"IndexType", + "documentation":"

    Specifies the type of the specified index after the operation completes.

    " }, "State":{ "shape":"IndexState", "documentation":"

    Indicates the state of the request to update the index. This operation is asynchronous. Call the GetIndex operation to check for changes.

    " }, - "Type":{ - "shape":"IndexType", - "documentation":"

    Specifies the type of the specified index after the operation completes.

    " + "LastUpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"

    The date and timestamp when the index was last updated.

    " } } }, @@ -1623,17 +2192,17 @@ "type":"structure", "required":["ViewArn"], "members":{ - "Filters":{ - "shape":"SearchFilter", - "documentation":"

    An array of strings that specify which resources are included in the results of queries made using this view. When you use this view in a Search operation, the filter string is combined with the search's QueryString parameter using a logical AND operator.

    For information about the supported syntax, see Search query reference for Resource Explorer in the Amazon Web Services Resource Explorer User Guide.

    This query string in the context of this operation supports only filter prefixes with optional operators. It doesn't support free-form text. For example, the string region:us* service:ec2 -tag:stage=prod includes all Amazon EC2 resources in any Amazon Web Services Region that begins with the letters us and is not tagged with a key Stage that has the value prod.

    " + "ViewArn":{ + "shape":"UpdateViewInputViewArnString", + "documentation":"

    The Amazon resource name (ARN) of the view that you want to modify.

    " }, "IncludedProperties":{ "shape":"IncludedPropertyList", "documentation":"

    Specifies optional fields that you want included in search results from this view. It is a list of objects that each describe a field to include.

    The default is an empty list, with no optional fields included in the results.

    " }, - "ViewArn":{ - "shape":"UpdateViewInputViewArnString", - "documentation":"

    The Amazon resource name (ARN) of the view that you want to modify.

    " + "Filters":{ + "shape":"SearchFilter", + "documentation":"

    An array of strings that specify which resources are included in the results of queries made using this view. When you use this view in a Search operation, the filter string is combined with the search's QueryString parameter using a logical AND operator.

    For information about the supported syntax, see Search query reference for Resource Explorer in the Amazon Web Services Resource Explorer User Guide.

    This query string in the context of this operation supports only filter prefixes with optional operators. It doesn't support free-form text. For example, the string region:us* service:ec2 -tag:stage=prod includes all Amazon EC2 resources in any Amazon Web Services Region that begins with the letters us and is not tagged with a key Stage that has the value prod.

    " } } }, @@ -1655,11 +2224,11 @@ "type":"structure", "required":["Message"], "members":{ + "Message":{"shape":"String"}, "FieldList":{ "shape":"ValidationExceptionFieldList", "documentation":"

    An array of the request fields that had validation errors.

    " - }, - "Message":{"shape":"String"} + } }, "documentation":"

    You provided an invalid value for one of the operation's parameters. Check the syntax for the operation, and try again.

    ", "error":{ @@ -1693,29 +2262,29 @@ "View":{ "type":"structure", "members":{ - "Filters":{ - "shape":"SearchFilter", - "documentation":"

    An array of SearchFilter objects that specify which resources can be included in the results of queries made using this view.

    " + "ViewArn":{ + "shape":"String", + "documentation":"

    The Amazon resource name (ARN) of the view.

    " }, - "IncludedProperties":{ - "shape":"IncludedPropertyList", - "documentation":"

    A structure that contains additional information about the view.

    " + "Owner":{ + "shape":"String", + "documentation":"

    The Amazon Web Services account that owns this view.

    " }, "LastUpdatedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time when this view was last modified.

    " }, - "Owner":{ - "shape":"String", - "documentation":"

    The Amazon Web Services account that owns this view.

    " - }, "Scope":{ "shape":"String", "documentation":"

    An Amazon resource name (ARN) of an Amazon Web Services account, an organization, or an organizational unit (OU) that specifies whether this view includes resources from only the specified Amazon Web Services account, all accounts in the specified organization, or all accounts in the specified OU.

    If not specified, the value defaults to the Amazon Web Services account used to call this operation.

    " }, - "ViewArn":{ - "shape":"String", - "documentation":"

    The Amazon resource name (ARN) of the view.

    " + "IncludedProperties":{ + "shape":"IncludedPropertyList", + "documentation":"

    A structure that contains additional information about the view.

    " + }, + "Filters":{ + "shape":"SearchFilter", + "documentation":"

    An array of SearchFilter objects that specify which resources can be included in the results of queries made using this view.

    " } }, "documentation":"

    A view is a structure that defines a set of filters that provide a view into the information in the Amazon Web Services Resource Explorer index. The filters specify which information from the index is visible to the users of the view. For example, you can specify filters that include only resources that are tagged with the key \"ENV\" and the value \"DEVELOPMENT\" in the results returned by this view. You could also create a second view that includes only resources that are tagged with \"ENV\" and \"PRODUCTION\".

    " @@ -1730,7 +2299,22 @@ }, "ViewName":{ "type":"string", - "pattern":"^[a-zA-Z0-9\\-]{1,64}$" + "pattern":"[a-zA-Z0-9\\-]{1,64}" + }, + "ViewStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"OperationStatus", + "documentation":"

    The current status of the view operation. Valid values are SUCCEEDED, FAILED, IN_PROGRESS, or SKIPPED.

    " + }, + "View":{"shape":"View"}, + "ErrorDetails":{ + "shape":"ErrorDetails", + "documentation":"

    Details about any error that occurred during the view operation.

    " + } + }, + "documentation":"

    Contains information about the status of a Resource Explorer view operation in a specific Region.

    " } }, "documentation":"

    Amazon Web Services Resource Explorer is a resource search and discovery service. By using Resource Explorer, you can explore your resources using an internet search engine-like experience. Examples of resources include Amazon Relational Database Service (Amazon RDS) instances, Amazon Simple Storage Service (Amazon S3) buckets, or Amazon DynamoDB tables. You can search for your resources using resource metadata like names, tags, and IDs. Resource Explorer can search across all of the Amazon Web Services Regions in your account in which you turn the service on, to simplify your cross-Region workloads.

    Resource Explorer scans the resources in each of the Amazon Web Services Regions in your Amazon Web Services account in which you turn on Resource Explorer. Resource Explorer creates and maintains an index in each Region, with the details of that Region's resources.

    You can search across all of the indexed Regions in your account by designating one of your Amazon Web Services Regions to contain the aggregator index for the account. When you promote a local index in a Region to become the aggregator index for the account, Resource Explorer automatically replicates the index information from all local indexes in the other Regions to the aggregator index. Therefore, the Region with the aggregator index has a copy of all resource information for all Regions in the account where you turned on Resource Explorer. As a result, views in the aggregator index Region include resources from all of the indexed Regions in your account.

    For more information about Amazon Web Services Resource Explorer, including how to enable and configure the service, see the Amazon Web Services Resource Explorer User Guide.

    " diff -pruN 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/waiters-2.json 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/waiters-2.json --- 2.23.6-1/awscli/botocore/data/resource-explorer-2/2022-07-28/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-explorer-2/2022-07-28/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/resource-groups/2017-11-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/resource-groups/2017-11-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/resource-groups/2017-11-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-groups/2017-11-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/resource-groups/2017-11-27/service-2.json 2.31.35-1/awscli/botocore/data/resource-groups/2017-11-27/service-2.json --- 2.23.6-1/awscli/botocore/data/resource-groups/2017-11-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resource-groups/2017-11-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -316,7 +316,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"

    Creates a new tag-sync task to onboard and sync resources tagged with a specific tag key-value pair to an application.

    Minimum permissions

    To run this command, you must have the following permissions:

    • resource-groups:StartTagSyncTask on the application group

    • resource-groups:CreateGroup

    • iam:PassRole on the role provided in the request

    " + "documentation":"

    Creates a new tag-sync task to onboard and sync resources tagged with a specific tag key-value pair to an application. To start a tag-sync task, you need a resource tagging role. The resource tagging role grants permissions to tag and untag applications resources and must include a trust policy that allows Resource Groups to assume the role and perform resource tagging tasks on your behalf.

    For instructions on creating a tag-sync task, see Create a tag-sync using the Resource Groups API in the Amazon Web Services Service Catalog AppRegistry Administrator Guide.

    Minimum permissions

    To run this command, you must have the following permissions:

    • resource-groups:StartTagSyncTask on the application group

    • resource-groups:CreateGroup

    • iam:PassRole on the role provided in the request

    " }, "Tag":{ "name":"Tag", @@ -733,6 +733,7 @@ "shape":"TagValue", "documentation":"

    The tag value.

    " }, + "ResourceQuery":{"shape":"ResourceQuery"}, "RoleArn":{ "shape":"RoleArn", "documentation":"

    The Amazon resource name (ARN) of the role assumed by Resource Groups to tag and untag resources on your behalf.

    For more information about this role, review Tag-sync required permissions.

    " @@ -1297,7 +1298,7 @@ "members":{ "Filters":{ "shape":"GroupFilterList", - "documentation":"

    Filters, formatted as GroupFilter objects, that you want to apply to a ListGroups operation.

    • resource-type - Filter the results to include only those resource groups that have the specified resource type in their ResourceTypeFilter. For example, AWS::EC2::Instance would return any resource group with a ResourceTypeFilter that includes AWS::EC2::Instance.

    • configuration-type - Filter the results to include only those groups that have the specified configuration types attached. The current supported values are:

      • AWS::ResourceGroups::ApplicationGroup

      • AWS::AppRegistry::Application

      • AWS::AppRegistry::ApplicationResourceGroups

      • AWS::CloudFormation::Stack

      • AWS::EC2::CapacityReservationPool

      • AWS::EC2::HostManagement

      • AWS::NetworkFirewall::RuleGroup

    " + "documentation":"

    Filters, formatted as GroupFilter objects, that you want to apply to a ListGroups operation.

    • resource-type - Filter the results to include only those resource groups that have the specified resource type in their ResourceTypeFilter. For example, AWS::EC2::Instance would return any resource group with a ResourceTypeFilter that includes AWS::EC2::Instance.

    • configuration-type - Filter the results to include only those groups that have the specified configuration types attached. The current supported values are:

      • AWS::ResourceGroups::ApplicationGroup

      • AWS::AppRegistry::Application

      • AWS::AppRegistry::ApplicationResourceGroup

      • AWS::CloudFormation::Stack

      • AWS::EC2::CapacityReservationPool

      • AWS::EC2::HostManagement

      • AWS::NetworkFirewall::RuleGroup

    " }, "MaxResults":{ "shape":"MaxResults", @@ -1444,8 +1445,7 @@ }, "PutGroupConfigurationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Query":{ "type":"string", @@ -1637,8 +1637,6 @@ "type":"structure", "required":[ "Group", - "TagKey", - "TagValue", "RoleArn" ], "members":{ @@ -1648,11 +1646,15 @@ }, "TagKey":{ "shape":"TagKey", - "documentation":"

    The tag key. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.

    " + "documentation":"

    The tag key. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.

    When using the TagKey parameter, you must also specify the TagValue parameter. If you specify a tag key-value pair, you can't use the ResourceQuery parameter.

    " }, "TagValue":{ "shape":"TagValue", - "documentation":"

    The tag value. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.

    " + "documentation":"

    The tag value. Resources tagged with this tag key-value pair will be added to the application. If a resource with this tag is later untagged, the tag-sync task removes the resource from the application.

    When using the TagValue parameter, you must also specify the TagKey parameter. If you specify a tag key-value pair, you can't use the ResourceQuery parameter.

    " + }, + "ResourceQuery":{ + "shape":"ResourceQuery", + "documentation":"

    The query you can use to create the tag-sync task. With this method, all resources matching the query are added to the specified application group. A ResourceQuery specifies both a query Type and a Query string as JSON string objects. For more information on defining a resource query for a tag-sync task, see the tag-based query type in Types of resource group queries in Resource Groups User Guide.

    When using the ResourceQuery parameter, you cannot use the TagKey and TagValue parameters.

    When you combine all of the elements together into a single string, any double quotes that are embedded inside another double quote pair must be escaped by preceding the embedded double quote with a backslash character (\\). For example, a complete ResourceQuery parameter must be formatted like the following CLI parameter example:

    --resource-query '{\"Type\":\"TAG_FILTERS_1_0\",\"Query\":\"{\\\"ResourceTypeFilters\\\":[\\\"AWS::AllSupported\\\"],\\\"TagFilters\\\":[{\\\"Key\\\":\\\"Stage\\\",\\\"Values\\\":[\\\"Test\\\"]}]}\"}'

    In the preceding example, all of the double quote characters in the value part of the Query element must be escaped because the value itself is surrounded by double quotes. For more information, see Quoting strings in the Command Line Interface User Guide.

    For the complete list of resource types that you can use in the array value for ResourceTypeFilters, see Resources you can use with Resource Groups and Tag Editor in the Resource Groups User Guide. For example:

    \"ResourceTypeFilters\":[\"AWS::S3::Bucket\", \"AWS::EC2::Instance\"]

    " }, "RoleArn":{ "shape":"RoleArn", @@ -1683,6 +1685,7 @@ "shape":"TagValue", "documentation":"

    The tag value of the tag-sync task.

    " }, + "ResourceQuery":{"shape":"ResourceQuery"}, "RoleArn":{ "shape":"RoleArn", "documentation":"

    The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf.

    " @@ -1760,6 +1763,7 @@ "shape":"TagValue", "documentation":"

    The tag value.

    " }, + "ResourceQuery":{"shape":"ResourceQuery"}, "RoleArn":{ "shape":"RoleArn", "documentation":"

    The Amazon resource name (ARN) of the role assumed by the service to tag and untag resources on your behalf.

    " diff -pruN 2.23.6-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json 2.31.35-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json --- 2.23.6-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"tagging", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Resource Groups Tagging API", "serviceId":"Resource Groups Tagging API", "signatureVersion":"v4", "targetPrefix":"ResourceGroupsTaggingAPI_20170126", - "uid":"resourcegroupstaggingapi-2017-01-26" + "uid":"resourcegroupstaggingapi-2017-01-26", + "auth":["aws.auth#sigv4"] }, "operations":{ "DescribeReportCreation":{ @@ -184,8 +186,7 @@ }, "DescribeReportCreationInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeReportCreationOutput":{ "type":"structure", @@ -513,8 +514,7 @@ }, "StartReportCreationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Status":{"type":"string"}, "StatusCode":{"type":"integer"}, diff -pruN 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,314 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://robomaker-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - }, - true - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://robomaker-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://robomaker.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://robomaker.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/paginators-1.json 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/paginators-1.json --- 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,70 +0,0 @@ -{ - "pagination": { - "ListDeploymentJobs": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "deploymentJobs" - }, - "ListFleets": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "fleetDetails" - }, - "ListRobotApplications": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "robotApplicationSummaries" - }, - "ListRobots": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "robots" - }, - "ListSimulationApplications": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "simulationApplicationSummaries" - }, - "ListSimulationJobs": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "simulationJobSummaries" - }, - "ListSimulationJobBatches": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "simulationJobBatchSummaries" - }, - "ListWorldExportJobs": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "worldExportJobSummaries" - }, - "ListWorldGenerationJobs": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "worldGenerationJobSummaries" - }, - "ListWorldTemplates": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "templateSummaries" - }, - "ListWorlds": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "worldSummaries" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/service-2.json 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/service-2.json --- 2.23.6-1/awscli/botocore/data/robomaker/2018-06-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/robomaker/2018-06-29/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,5493 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2018-06-29", - "endpointPrefix":"robomaker", - "jsonVersion":"1.1", - "protocol":"rest-json", - "protocols":["rest-json"], - "serviceAbbreviation":"RoboMaker", - "serviceFullName":"AWS RoboMaker", - "serviceId":"RoboMaker", - "signatureVersion":"v4", - "signingName":"robomaker", - "uid":"robomaker-2018-06-29", - "auth":["aws.auth#sigv4"] - }, - "operations":{ - "BatchDeleteWorlds":{ - "name":"BatchDeleteWorlds", - "http":{ - "method":"POST", - "requestUri":"/batchDeleteWorlds" - }, - "input":{"shape":"BatchDeleteWorldsRequest"}, - "output":{"shape":"BatchDeleteWorldsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Deletes one or more worlds in a batch operation.

    " - }, - "BatchDescribeSimulationJob":{ - "name":"BatchDescribeSimulationJob", - "http":{ - "method":"POST", - "requestUri":"/batchDescribeSimulationJob" - }, - "input":{"shape":"BatchDescribeSimulationJobRequest"}, - "output":{"shape":"BatchDescribeSimulationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes one or more simulation jobs.

    " - }, - "CancelDeploymentJob":{ - "name":"CancelDeploymentJob", - "http":{ - "method":"POST", - "requestUri":"/cancelDeploymentJob" - }, - "input":{"shape":"CancelDeploymentJobRequest"}, - "output":{"shape":"CancelDeploymentJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Cancels the specified deployment job.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CancelSimulationJob":{ - "name":"CancelSimulationJob", - "http":{ - "method":"POST", - "requestUri":"/cancelSimulationJob" - }, - "input":{"shape":"CancelSimulationJobRequest"}, - "output":{"shape":"CancelSimulationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Cancels the specified simulation job.

    " - }, - "CancelSimulationJobBatch":{ - "name":"CancelSimulationJobBatch", - "http":{ - "method":"POST", - "requestUri":"/cancelSimulationJobBatch" - }, - "input":{"shape":"CancelSimulationJobBatchRequest"}, - "output":{"shape":"CancelSimulationJobBatchResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Cancels a simulation job batch. When you cancel a simulation job batch, you are also cancelling all of the active simulation jobs created as part of the batch.

    " - }, - "CancelWorldExportJob":{ - "name":"CancelWorldExportJob", - "http":{ - "method":"POST", - "requestUri":"/cancelWorldExportJob" - }, - "input":{"shape":"CancelWorldExportJobRequest"}, - "output":{"shape":"CancelWorldExportJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Cancels the specified export job.

    " - }, - "CancelWorldGenerationJob":{ - "name":"CancelWorldGenerationJob", - "http":{ - "method":"POST", - "requestUri":"/cancelWorldGenerationJob" - }, - "input":{"shape":"CancelWorldGenerationJobRequest"}, - "output":{"shape":"CancelWorldGenerationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Cancels the specified world generator job.

    " - }, - "CreateDeploymentJob":{ - "name":"CreateDeploymentJob", - "http":{ - "method":"POST", - "requestUri":"/createDeploymentJob" - }, - "input":{"shape":"CreateDeploymentJobRequest"}, - "output":{"shape":"CreateDeploymentJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"ConcurrentDeploymentException"}, - {"shape":"IdempotentParameterMismatchException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported and will throw an error if used. For more information, see the January 31, 2022 update in the Support policy page.

    Deploys a specific version of a robot application to robots in a fleet.

    The robot application must have a numbered applicationVersion for consistency reasons. To create a new version, use CreateRobotApplicationVersion or see Creating a Robot Application Version.

    After 90 days, deployment jobs expire and will be deleted. They will no longer be accessible.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateFleet":{ - "name":"CreateFleet", - "http":{ - "method":"POST", - "requestUri":"/createFleet" - }, - "input":{"shape":"CreateFleetRequest"}, - "output":{"shape":"CreateFleetResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported and will throw an error if used. For more information, see the January 31, 2022 update in the Support policy page.

    Creates a fleet, a logical group of robots running the same robot application.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateRobot":{ - "name":"CreateRobot", - "http":{ - "method":"POST", - "requestUri":"/createRobot" - }, - "input":{"shape":"CreateRobotRequest"}, - "output":{"shape":"CreateRobotResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"ResourceAlreadyExistsException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported and will throw an error if used. For more information, see the January 31, 2022 update in the Support policy page.

    Creates a robot.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateRobotApplication":{ - "name":"CreateRobotApplication", - "http":{ - "method":"POST", - "requestUri":"/createRobotApplication" - }, - "input":{"shape":"CreateRobotApplicationRequest"}, - "output":{"shape":"CreateRobotApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceAlreadyExistsException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"IdempotentParameterMismatchException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a robot application.

    " - }, - "CreateRobotApplicationVersion":{ - "name":"CreateRobotApplicationVersion", - "http":{ - "method":"POST", - "requestUri":"/createRobotApplicationVersion" - }, - "input":{"shape":"CreateRobotApplicationVersionRequest"}, - "output":{"shape":"CreateRobotApplicationVersionResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a version of a robot application.

    " - }, - "CreateSimulationApplication":{ - "name":"CreateSimulationApplication", - "http":{ - "method":"POST", - "requestUri":"/createSimulationApplication" - }, - "input":{"shape":"CreateSimulationApplicationRequest"}, - "output":{"shape":"CreateSimulationApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceAlreadyExistsException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, - {"shape":"IdempotentParameterMismatchException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a simulation application.

    " - }, - "CreateSimulationApplicationVersion":{ - "name":"CreateSimulationApplicationVersion", - "http":{ - "method":"POST", - "requestUri":"/createSimulationApplicationVersion" - }, - "input":{"shape":"CreateSimulationApplicationVersionRequest"}, - "output":{"shape":"CreateSimulationApplicationVersionResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a simulation application with a specific revision id.

    " - }, - "CreateSimulationJob":{ - "name":"CreateSimulationJob", - "http":{ - "method":"POST", - "requestUri":"/createSimulationJob" - }, - "input":{"shape":"CreateSimulationJobRequest"}, - "output":{"shape":"CreateSimulationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"ServiceUnavailableException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a simulation job.

    After 90 days, simulation jobs expire and will be deleted. They will no longer be accessible.

    " - }, - "CreateWorldExportJob":{ - "name":"CreateWorldExportJob", - "http":{ - "method":"POST", - "requestUri":"/createWorldExportJob" - }, - "input":{"shape":"CreateWorldExportJobRequest"}, - "output":{"shape":"CreateWorldExportJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"ServiceUnavailableException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a world export job.

    " - }, - "CreateWorldGenerationJob":{ - "name":"CreateWorldGenerationJob", - "http":{ - "method":"POST", - "requestUri":"/createWorldGenerationJob" - }, - "input":{"shape":"CreateWorldGenerationJobRequest"}, - "output":{"shape":"CreateWorldGenerationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"ServiceUnavailableException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates worlds using the specified template.

    " - }, - "CreateWorldTemplate":{ - "name":"CreateWorldTemplate", - "http":{ - "method":"POST", - "requestUri":"/createWorldTemplate" - }, - "input":{"shape":"CreateWorldTemplateRequest"}, - "output":{"shape":"CreateWorldTemplateResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceAlreadyExistsException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Creates a world template.

    " - }, - "DeleteFleet":{ - "name":"DeleteFleet", - "http":{ - "method":"POST", - "requestUri":"/deleteFleet" - }, - "input":{"shape":"DeleteFleetRequest"}, - "output":{"shape":"DeleteFleetResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Deletes a fleet.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteRobot":{ - "name":"DeleteRobot", - "http":{ - "method":"POST", - "requestUri":"/deleteRobot" - }, - "input":{"shape":"DeleteRobotRequest"}, - "output":{"shape":"DeleteRobotResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Deletes a robot.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteRobotApplication":{ - "name":"DeleteRobotApplication", - "http":{ - "method":"POST", - "requestUri":"/deleteRobotApplication" - }, - "input":{"shape":"DeleteRobotApplicationRequest"}, - "output":{"shape":"DeleteRobotApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Deletes a robot application.

    " - }, - "DeleteSimulationApplication":{ - "name":"DeleteSimulationApplication", - "http":{ - "method":"POST", - "requestUri":"/deleteSimulationApplication" - }, - "input":{"shape":"DeleteSimulationApplicationRequest"}, - "output":{"shape":"DeleteSimulationApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Deletes a simulation application.

    " - }, - "DeleteWorldTemplate":{ - "name":"DeleteWorldTemplate", - "http":{ - "method":"POST", - "requestUri":"/deleteWorldTemplate" - }, - "input":{"shape":"DeleteWorldTemplateRequest"}, - "output":{"shape":"DeleteWorldTemplateResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Deletes a world template.

    " - }, - "DeregisterRobot":{ - "name":"DeregisterRobot", - "http":{ - "method":"POST", - "requestUri":"/deregisterRobot" - }, - "input":{"shape":"DeregisterRobotRequest"}, - "output":{"shape":"DeregisterRobotResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Deregisters a robot.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeDeploymentJob":{ - "name":"DescribeDeploymentJob", - "http":{ - "method":"POST", - "requestUri":"/describeDeploymentJob" - }, - "input":{"shape":"DescribeDeploymentJobRequest"}, - "output":{"shape":"DescribeDeploymentJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Describes a deployment job.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeFleet":{ - "name":"DescribeFleet", - "http":{ - "method":"POST", - "requestUri":"/describeFleet" - }, - "input":{"shape":"DescribeFleetRequest"}, - "output":{"shape":"DescribeFleetResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Describes a fleet.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeRobot":{ - "name":"DescribeRobot", - "http":{ - "method":"POST", - "requestUri":"/describeRobot" - }, - "input":{"shape":"DescribeRobotRequest"}, - "output":{"shape":"DescribeRobotResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Describes a robot.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeRobotApplication":{ - "name":"DescribeRobotApplication", - "http":{ - "method":"POST", - "requestUri":"/describeRobotApplication" - }, - "input":{"shape":"DescribeRobotApplicationRequest"}, - "output":{"shape":"DescribeRobotApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a robot application.

    " - }, - "DescribeSimulationApplication":{ - "name":"DescribeSimulationApplication", - "http":{ - "method":"POST", - "requestUri":"/describeSimulationApplication" - }, - "input":{"shape":"DescribeSimulationApplicationRequest"}, - "output":{"shape":"DescribeSimulationApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a simulation application.

    " - }, - "DescribeSimulationJob":{ - "name":"DescribeSimulationJob", - "http":{ - "method":"POST", - "requestUri":"/describeSimulationJob" - }, - "input":{"shape":"DescribeSimulationJobRequest"}, - "output":{"shape":"DescribeSimulationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a simulation job.

    " - }, - "DescribeSimulationJobBatch":{ - "name":"DescribeSimulationJobBatch", - "http":{ - "method":"POST", - "requestUri":"/describeSimulationJobBatch" - }, - "input":{"shape":"DescribeSimulationJobBatchRequest"}, - "output":{"shape":"DescribeSimulationJobBatchResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a simulation job batch.

    " - }, - "DescribeWorld":{ - "name":"DescribeWorld", - "http":{ - "method":"POST", - "requestUri":"/describeWorld" - }, - "input":{"shape":"DescribeWorldRequest"}, - "output":{"shape":"DescribeWorldResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a world.

    " - }, - "DescribeWorldExportJob":{ - "name":"DescribeWorldExportJob", - "http":{ - "method":"POST", - "requestUri":"/describeWorldExportJob" - }, - "input":{"shape":"DescribeWorldExportJobRequest"}, - "output":{"shape":"DescribeWorldExportJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a world export job.

    " - }, - "DescribeWorldGenerationJob":{ - "name":"DescribeWorldGenerationJob", - "http":{ - "method":"POST", - "requestUri":"/describeWorldGenerationJob" - }, - "input":{"shape":"DescribeWorldGenerationJobRequest"}, - "output":{"shape":"DescribeWorldGenerationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a world generation job.

    " - }, - "DescribeWorldTemplate":{ - "name":"DescribeWorldTemplate", - "http":{ - "method":"POST", - "requestUri":"/describeWorldTemplate" - }, - "input":{"shape":"DescribeWorldTemplateRequest"}, - "output":{"shape":"DescribeWorldTemplateResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Describes a world template.

    " - }, - "GetWorldTemplateBody":{ - "name":"GetWorldTemplateBody", - "http":{ - "method":"POST", - "requestUri":"/getWorldTemplateBody" - }, - "input":{"shape":"GetWorldTemplateBodyRequest"}, - "output":{"shape":"GetWorldTemplateBodyResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Gets the world template body.

    " - }, - "ListDeploymentJobs":{ - "name":"ListDeploymentJobs", - "http":{ - "method":"POST", - "requestUri":"/listDeploymentJobs" - }, - "input":{"shape":"ListDeploymentJobsRequest"}, - "output":{"shape":"ListDeploymentJobsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Returns a list of deployment jobs for a fleet. You can optionally provide filters to retrieve specific deployment jobs.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListFleets":{ - "name":"ListFleets", - "http":{ - "method":"POST", - "requestUri":"/listFleets" - }, - "input":{"shape":"ListFleetsRequest"}, - "output":{"shape":"ListFleetsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Returns a list of fleets. You can optionally provide filters to retrieve specific fleets.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListRobotApplications":{ - "name":"ListRobotApplications", - "http":{ - "method":"POST", - "requestUri":"/listRobotApplications" - }, - "input":{"shape":"ListRobotApplicationsRequest"}, - "output":{"shape":"ListRobotApplicationsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Returns a list of robot application. You can optionally provide filters to retrieve specific robot applications.

    " - }, - "ListRobots":{ - "name":"ListRobots", - "http":{ - "method":"POST", - "requestUri":"/listRobots" - }, - "input":{"shape":"ListRobotsRequest"}, - "output":{"shape":"ListRobotsResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Returns a list of robots. You can optionally provide filters to retrieve specific robots.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListSimulationApplications":{ - "name":"ListSimulationApplications", - "http":{ - "method":"POST", - "requestUri":"/listSimulationApplications" - }, - "input":{"shape":"ListSimulationApplicationsRequest"}, - "output":{"shape":"ListSimulationApplicationsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Returns a list of simulation applications. You can optionally provide filters to retrieve specific simulation applications.

    " - }, - "ListSimulationJobBatches":{ - "name":"ListSimulationJobBatches", - "http":{ - "method":"POST", - "requestUri":"/listSimulationJobBatches" - }, - "input":{"shape":"ListSimulationJobBatchesRequest"}, - "output":{"shape":"ListSimulationJobBatchesResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Returns a list simulation job batches. You can optionally provide filters to retrieve specific simulation batch jobs.

    " - }, - "ListSimulationJobs":{ - "name":"ListSimulationJobs", - "http":{ - "method":"POST", - "requestUri":"/listSimulationJobs" - }, - "input":{"shape":"ListSimulationJobsRequest"}, - "output":{"shape":"ListSimulationJobsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Returns a list of simulation jobs. You can optionally provide filters to retrieve specific simulation jobs.

    " - }, - "ListTagsForResource":{ - "name":"ListTagsForResource", - "http":{ - "method":"GET", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"ListTagsForResourceRequest"}, - "output":{"shape":"ListTagsForResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Lists all tags on a AWS RoboMaker resource.

    " - }, - "ListWorldExportJobs":{ - "name":"ListWorldExportJobs", - "http":{ - "method":"POST", - "requestUri":"/listWorldExportJobs" - }, - "input":{"shape":"ListWorldExportJobsRequest"}, - "output":{"shape":"ListWorldExportJobsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Lists world export jobs.

    " - }, - "ListWorldGenerationJobs":{ - "name":"ListWorldGenerationJobs", - "http":{ - "method":"POST", - "requestUri":"/listWorldGenerationJobs" - }, - "input":{"shape":"ListWorldGenerationJobsRequest"}, - "output":{"shape":"ListWorldGenerationJobsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Lists world generator jobs.

    " - }, - "ListWorldTemplates":{ - "name":"ListWorldTemplates", - "http":{ - "method":"POST", - "requestUri":"/listWorldTemplates" - }, - "input":{"shape":"ListWorldTemplatesRequest"}, - "output":{"shape":"ListWorldTemplatesResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Lists world templates.

    " - }, - "ListWorlds":{ - "name":"ListWorlds", - "http":{ - "method":"POST", - "requestUri":"/listWorlds" - }, - "input":{"shape":"ListWorldsRequest"}, - "output":{"shape":"ListWorldsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Lists worlds.

    " - }, - "RegisterRobot":{ - "name":"RegisterRobot", - "http":{ - "method":"POST", - "requestUri":"/registerRobot" - }, - "input":{"shape":"RegisterRobotRequest"}, - "output":{"shape":"RegisterRobotResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"ResourceNotFoundException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Registers a robot with a fleet.

    This API is no longer supported and will throw an error if used. For more information, see the January 31, 2022 update in the Support policy page.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "RestartSimulationJob":{ - "name":"RestartSimulationJob", - "http":{ - "method":"POST", - "requestUri":"/restartSimulationJob" - }, - "input":{"shape":"RestartSimulationJobRequest"}, - "output":{"shape":"RestartSimulationJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Restarts a running simulation job.

    " - }, - "StartSimulationJobBatch":{ - "name":"StartSimulationJobBatch", - "http":{ - "method":"POST", - "requestUri":"/startSimulationJobBatch" - }, - "input":{"shape":"StartSimulationJobBatchRequest"}, - "output":{"shape":"StartSimulationJobBatchResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"IdempotentParameterMismatchException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Starts a new simulation job batch. The batch is defined using one or more SimulationJobRequest objects.

    " - }, - "SyncDeploymentJob":{ - "name":"SyncDeploymentJob", - "http":{ - "method":"POST", - "requestUri":"/syncDeploymentJob" - }, - "input":{"shape":"SyncDeploymentJobRequest"}, - "output":{"shape":"SyncDeploymentJobResponse"}, - "errors":[ - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"InternalServerException"}, - {"shape":"ThrottlingException"}, - {"shape":"LimitExceededException"}, - {"shape":"ConcurrentDeploymentException"}, - {"shape":"IdempotentParameterMismatchException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    This API is no longer supported. For more information, see the May 2, 2022 update in the Support policy page.

    Syncrhonizes robots in a fleet to the latest deployment. This is helpful if robots were added after a deployment.

    ", - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "TagResource":{ - "name":"TagResource", - "http":{ - "method":"POST", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"TagResourceRequest"}, - "output":{"shape":"TagResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Adds or edits tags for a AWS RoboMaker resource.

    Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty strings.

    For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the AWS Billing and Cost Management User Guide.

    " - }, - "UntagResource":{ - "name":"UntagResource", - "http":{ - "method":"DELETE", - "requestUri":"/tags/{resourceArn}" - }, - "input":{"shape":"UntagResourceRequest"}, - "output":{"shape":"UntagResourceResponse"}, - "errors":[ - {"shape":"InternalServerException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"InvalidParameterException"}, - {"shape":"ThrottlingException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Removes the specified tags from the specified AWS RoboMaker resource.

    To remove a tag, specify the tag key. To change the tag value of an existing tag key, use TagResource .

    " - }, - "UpdateRobotApplication":{ - "name":"UpdateRobotApplication", - "http":{ - "method":"POST", - "requestUri":"/updateRobotApplication" - }, - "input":{"shape":"UpdateRobotApplicationRequest"}, - "output":{"shape":"UpdateRobotApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Updates a robot application.

    " - }, - "UpdateSimulationApplication":{ - "name":"UpdateSimulationApplication", - "http":{ - "method":"POST", - "requestUri":"/updateSimulationApplication" - }, - "input":{"shape":"UpdateSimulationApplicationRequest"}, - "output":{"shape":"UpdateSimulationApplicationResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"LimitExceededException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Updates a simulation application.

    " - }, - "UpdateWorldTemplate":{ - "name":"UpdateWorldTemplate", - "http":{ - "method":"POST", - "requestUri":"/updateWorldTemplate" - }, - "input":{"shape":"UpdateWorldTemplateRequest"}, - "output":{"shape":"UpdateWorldTemplateResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"} - ], - "documentation":"

    End of support notice: On September 10, 2025, Amazon Web Services will discontinue support for Amazon Web Services RoboMaker. After September 10, 2025, you will no longer be able to access the Amazon Web Services RoboMaker console or Amazon Web Services RoboMaker resources. For more information on transitioning to Batch to help run containerized simulations, visit https://aws.amazon.com/blogs/hpc/run-simulations-using-multiple-containers-in-a-single-aws-batch-job/.

    Updates a world template.

    " - } - }, - "shapes":{ - "Architecture":{ - "type":"string", - "enum":[ - "X86_64", - "ARM64", - "ARMHF" - ] - }, - "Arn":{ - "type":"string", - "max":1224, - "min":1, - "pattern":"arn:.*" - }, - "Arns":{ - "type":"list", - "member":{"shape":"Arn"}, - "max":100, - "min":1 - }, - "BatchDeleteWorldsRequest":{ - "type":"structure", - "required":["worlds"], - "members":{ - "worlds":{ - "shape":"Arns", - "documentation":"

    A list of Amazon Resource Names (arns) that correspond to worlds to delete.

    " - } - } - }, - "BatchDeleteWorldsResponse":{ - "type":"structure", - "members":{ - "unprocessedWorlds":{ - "shape":"Arns", - "documentation":"

    A list of unprocessed worlds associated with the call. These worlds were not deleted.

    " - } - } - }, - "BatchDescribeSimulationJobRequest":{ - "type":"structure", - "required":["jobs"], - "members":{ - "jobs":{ - "shape":"Arns", - "documentation":"

    A list of Amazon Resource Names (ARNs) of simulation jobs to describe.

    " - } - } - }, - "BatchDescribeSimulationJobResponse":{ - "type":"structure", - "members":{ - "jobs":{ - "shape":"SimulationJobs", - "documentation":"

    A list of simulation jobs.

    " - }, - "unprocessedJobs":{ - "shape":"Arns", - "documentation":"

    A list of unprocessed simulation job Amazon Resource Names (ARNs).

    " - } - } - }, - "BatchPolicy":{ - "type":"structure", - "members":{ - "timeoutInSeconds":{ - "shape":"BatchTimeoutInSeconds", - "documentation":"

    The amount of time, in seconds, to wait for the batch to complete.

    If a batch times out, and there are pending requests that were failing due to an internal failure (like InternalServiceError), they will be moved to the failed list and the batch status will be Failed. If the pending requests were failing for any other reason, the failed pending requests will be moved to the failed list and the batch status will be TimedOut.

    " - }, - "maxConcurrency":{ - "shape":"MaxConcurrency", - "documentation":"

    The number of active simulation jobs create as part of the batch that can be in an active state at the same time.

    Active states include: Pending,Preparing, Running, Restarting, RunningFailed and Terminating. All other states are terminal states.

    " - } - }, - "documentation":"

    Information about the batch policy.

    " - }, - "BatchTimeoutInSeconds":{"type":"long"}, - "Boolean":{"type":"boolean"}, - "BoxedBoolean":{"type":"boolean"}, - "CancelDeploymentJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The deployment job ARN to cancel.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CancelDeploymentJobResponse":{ - "type":"structure", - "members":{ - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CancelSimulationJobBatchRequest":{ - "type":"structure", - "required":["batch"], - "members":{ - "batch":{ - "shape":"Arn", - "documentation":"

    The id of the batch to cancel.

    " - } - } - }, - "CancelSimulationJobBatchResponse":{ - "type":"structure", - "members":{ - } - }, - "CancelSimulationJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The simulation job ARN to cancel.

    " - } - } - }, - "CancelSimulationJobResponse":{ - "type":"structure", - "members":{ - } - }, - "CancelWorldExportJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world export job to cancel.

    " - } - } - }, - "CancelWorldExportJobResponse":{ - "type":"structure", - "members":{ - } - }, - "CancelWorldGenerationJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world generator job to cancel.

    " - } - } - }, - "CancelWorldGenerationJobResponse":{ - "type":"structure", - "members":{ - } - }, - "ClientRequestToken":{ - "type":"string", - "max":64, - "min":1, - "pattern":"[a-zA-Z0-9_\\-=]*" - }, - "Command":{ - "type":"string", - "max":1024, - "min":1, - "pattern":"[a-zA-Z0-9_.\\-]*" - }, - "CommandList":{ - "type":"list", - "member":{"shape":"NonEmptyString"} - }, - "Compute":{ - "type":"structure", - "members":{ - "simulationUnitLimit":{ - "shape":"SimulationUnit", - "documentation":"

    The simulation unit limit. Your simulation is allocated CPU and memory proportional to the supplied simulation unit limit. A simulation unit is 1 vcpu and 2GB of memory. You are only billed for the SU utilization you consume up to the maximum value provided. The default is 15.

    " - }, - "computeType":{ - "shape":"ComputeType", - "documentation":"

    Compute type information for the simulation job.

    " - }, - "gpuUnitLimit":{ - "shape":"GPUUnit", - "documentation":"

    Compute GPU unit limit for the simulation job. It is the same as the number of GPUs allocated to the SimulationJob.

    " - } - }, - "documentation":"

    Compute information for the simulation job.

    " - }, - "ComputeResponse":{ - "type":"structure", - "members":{ - "simulationUnitLimit":{ - "shape":"SimulationUnit", - "documentation":"

    The simulation unit limit. Your simulation is allocated CPU and memory proportional to the supplied simulation unit limit. A simulation unit is 1 vcpu and 2GB of memory. You are only billed for the SU utilization you consume up to the maximum value provided. The default is 15.

    " - }, - "computeType":{ - "shape":"ComputeType", - "documentation":"

    Compute type response information for the simulation job.

    " - }, - "gpuUnitLimit":{ - "shape":"GPUUnit", - "documentation":"

    Compute GPU unit limit for the simulation job. It is the same as the number of GPUs allocated to the SimulationJob.

    " - } - }, - "documentation":"

    Compute information for the simulation job

    " - }, - "ComputeType":{ - "type":"string", - "enum":[ - "CPU", - "GPU_AND_CPU" - ] - }, - "ConcurrentDeploymentException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The failure percentage threshold percentage was met.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "CreateDeploymentJobRequest":{ - "type":"structure", - "required":[ - "clientRequestToken", - "fleet", - "deploymentApplicationConfigs" - ], - "members":{ - "deploymentConfig":{ - "shape":"DeploymentConfig", - "documentation":"

    The requested deployment configuration.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet to deploy.

    " - }, - "deploymentApplicationConfigs":{ - "shape":"DeploymentApplicationConfigs", - "documentation":"

    The deployment application configuration.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the deployment job.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateDeploymentJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the deployment job.

    " - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The target fleet for the deployment job.

    " - }, - "status":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the deployment job.

    " - }, - "deploymentApplicationConfigs":{ - "shape":"DeploymentApplicationConfigs", - "documentation":"

    The deployment application configuration.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The failure reason of the deployment job if it failed.

    " - }, - "failureCode":{ - "shape":"DeploymentJobErrorCode", - "documentation":"

    The failure code of the simulation job if it failed:

    BadPermissionError

    AWS Greengrass requires a service-level role permission to access other services. The role must include the AWSGreengrassResourceAccessRolePolicy managed policy.

    ExtractingBundleFailure

    The robot application could not be extracted from the bundle.

    FailureThresholdBreached

    The percentage of robots that could not be updated exceeded the percentage set for the deployment.

    GreengrassDeploymentFailed

    The robot application could not be deployed to the robot.

    GreengrassGroupVersionDoesNotExist

    The AWS Greengrass group or version associated with a robot is missing.

    InternalServerError

    An internal error has occurred. Retry your request, but if the problem persists, contact us with details.

    MissingRobotApplicationArchitecture

    The robot application does not have a source that matches the architecture of the robot.

    MissingRobotDeploymentResource

    One or more of the resources specified for the robot application are missing. For example, does the robot application have the correct launch package and launch file?

    PostLaunchFileFailure

    The post-launch script failed.

    PreLaunchFileFailure

    The pre-launch script failed.

    ResourceNotFound

    One or more deployment resources are missing. For example, do robot application source bundles still exist?

    RobotDeploymentNoResponse

    There is no response from the robot. It might not be powered on or connected to the internet.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the fleet was created.

    " - }, - "deploymentConfig":{ - "shape":"DeploymentConfig", - "documentation":"

    The deployment configuration.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the deployment job.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateFleetRequest":{ - "type":"structure", - "required":["name"], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the fleet.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the fleet.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateFleetResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the fleet.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the fleet was created.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the fleet.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateRobotApplicationRequest":{ - "type":"structure", - "required":[ - "name", - "robotSoftwareSuite" - ], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "sources":{ - "shape":"SourceConfigs", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains that URI of the Docker image that you use for your robot application.

    " - } - } - }, - "CreateRobotApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the robot application.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    An object that contains the Docker image URI used to a create your robot application.

    " - } - } - }, - "CreateRobotApplicationVersionRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the robot application.

    " - }, - "currentRevisionId":{ - "shape":"RevisionId", - "documentation":"

    The current revision id for the robot application. If you provide a value and it matches the latest revision ID, a new version will be created.

    " - }, - "s3Etags":{ - "shape":"S3Etags", - "documentation":"

    The Amazon S3 identifier for the zip file bundle that you use for your robot application.

    " - }, - "imageDigest":{ - "shape":"ImageDigest", - "documentation":"

    A SHA256 identifier for the Docker image that you use for your robot application.

    " - } - } - }, - "CreateRobotApplicationVersionResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used to create your robot application.

    " - } - } - }, - "CreateRobotRequest":{ - "type":"structure", - "required":[ - "name", - "architecture", - "greengrassGroupId" - ], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name for the robot.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The target architecture of the robot.

    " - }, - "greengrassGroupId":{ - "shape":"Id", - "documentation":"

    The Greengrass group id.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateRobotResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot was created.

    " - }, - "greengrassGroupId":{ - "shape":"Id", - "documentation":"

    The Amazon Resource Name (ARN) of the Greengrass group associated with the robot.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The target architecture of the robot.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "CreateSimulationApplicationRequest":{ - "type":"structure", - "required":[ - "name", - "simulationSoftwareSuite", - "robotSoftwareSuite" - ], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "sources":{ - "shape":"SourceConfigs", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the simulation application.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the simulation application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used to create your simulation application.

    " - } - } - }, - "CreateSimulationApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the simulation application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about the robot software suite.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the simulation application.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the simulation application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI that you used to create your simulation application.

    " - } - } - }, - "CreateSimulationApplicationVersionRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the simulation application.

    " - }, - "currentRevisionId":{ - "shape":"RevisionId", - "documentation":"

    The current revision id for the simulation application. If you provide a value and it matches the latest revision ID, a new version will be created.

    " - }, - "s3Etags":{ - "shape":"S3Etags", - "documentation":"

    The Amazon S3 eTag identifier for the zip file bundle that you use to create the simulation application.

    " - }, - "imageDigest":{ - "shape":"ImageDigest", - "documentation":"

    The SHA256 digest used to identify the Docker image URI used to created the simulation application.

    " - } - } - }, - "CreateSimulationApplicationVersionResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the simulation application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about the robot software suite.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision ID of the simulation application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used to create the simulation application.

    " - } - } - }, - "CreateSimulationJobRequest":{ - "type":"structure", - "required":[ - "maxJobDurationInSeconds", - "iamRole" - ], - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "outputLocation":{ - "shape":"OutputLocation", - "documentation":"

    Location for output files generated by the simulation job.

    " - }, - "loggingConfig":{ - "shape":"LoggingConfig", - "documentation":"

    The logging configuration.

    " - }, - "maxJobDurationInSeconds":{ - "shape":"JobDuration", - "documentation":"

    The maximum simulation job duration in seconds (up to 14 days or 1,209,600 seconds. When maxJobDurationInSeconds is reached, the simulation job will status will transition to Completed.

    " - }, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role name that allows the simulation instance to call the AWS APIs that are specified in its associated policies on your behalf. This is how credentials are passed in to your simulation job.

    " - }, - "failureBehavior":{ - "shape":"FailureBehavior", - "documentation":"

    The failure behavior the simulation job.

    Continue

    Leaves the instance running for its maximum timeout duration after a 4XX error code.

    Fail

    Stop the simulation job and terminate the instance.

    " - }, - "robotApplications":{ - "shape":"RobotApplicationConfigs", - "documentation":"

    The robot application to use in the simulation job.

    " - }, - "simulationApplications":{ - "shape":"SimulationApplicationConfigs", - "documentation":"

    The simulation application to use in the simulation job.

    " - }, - "dataSources":{ - "shape":"DataSourceConfigs", - "documentation":"

    Specify data sources to mount read-only files from S3 into your simulation. These files are available under /opt/robomaker/datasources/data_source_name.

    There is a limit of 100 files and a combined size of 25GB for all DataSourceConfig objects.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the simulation job.

    " - }, - "vpcConfig":{ - "shape":"VPCConfig", - "documentation":"

    If your simulation job accesses resources in a VPC, you provide this parameter identifying the list of security group IDs and subnet IDs. These must belong to the same VPC. You must provide at least one security group and one subnet ID.

    " - }, - "compute":{ - "shape":"Compute", - "documentation":"

    Compute information for the simulation job.

    " - } - } - }, - "CreateSimulationJobRequests":{ - "type":"list", - "member":{"shape":"SimulationJobRequest"}, - "max":1000, - "min":1 - }, - "CreateSimulationJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job.

    " - }, - "status":{ - "shape":"SimulationJobStatus", - "documentation":"

    The status of the simulation job.

    " - }, - "lastStartedAt":{ - "shape":"LastStartedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last started.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last updated.

    " - }, - "failureBehavior":{ - "shape":"FailureBehavior", - "documentation":"

    the failure behavior for the simulation job.

    " - }, - "failureCode":{ - "shape":"SimulationJobErrorCode", - "documentation":"

    The failure code of the simulation job if it failed:

    InternalServiceError

    Internal service error.

    RobotApplicationCrash

    Robot application exited abnormally.

    SimulationApplicationCrash

    Simulation application exited abnormally.

    BadPermissionsRobotApplication

    Robot application bundle could not be downloaded.

    BadPermissionsSimulationApplication

    Simulation application bundle could not be downloaded.

    BadPermissionsS3Output

    Unable to publish outputs to customer-provided S3 bucket.

    BadPermissionsCloudwatchLogs

    Unable to publish logs to customer-provided CloudWatch Logs resource.

    SubnetIpLimitExceeded

    Subnet IP limit exceeded.

    ENILimitExceeded

    ENI limit exceeded.

    BadPermissionsUserCredentials

    Unable to use the Role provided.

    InvalidBundleRobotApplication

    Robot bundle cannot be extracted (invalid format, bundling error, or other issue).

    InvalidBundleSimulationApplication

    Simulation bundle cannot be extracted (invalid format, bundling error, or other issue).

    RobotApplicationVersionMismatchedEtag

    Etag for RobotApplication does not match value during version creation.

    SimulationApplicationVersionMismatchedEtag

    Etag for SimulationApplication does not match value during version creation.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "outputLocation":{ - "shape":"OutputLocation", - "documentation":"

    Simulation job output files location.

    " - }, - "loggingConfig":{ - "shape":"LoggingConfig", - "documentation":"

    The logging configuration.

    " - }, - "maxJobDurationInSeconds":{ - "shape":"JobDuration", - "documentation":"

    The maximum simulation job duration in seconds.

    " - }, - "simulationTimeMillis":{ - "shape":"SimulationTimeMillis", - "documentation":"

    The simulation job execution duration in milliseconds.

    " - }, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that allows the simulation job to call the AWS APIs that are specified in its associated policies on your behalf.

    " - }, - "robotApplications":{ - "shape":"RobotApplicationConfigs", - "documentation":"

    The robot application used by the simulation job.

    " - }, - "simulationApplications":{ - "shape":"SimulationApplicationConfigs", - "documentation":"

    The simulation application used by the simulation job.

    " - }, - "dataSources":{ - "shape":"DataSources", - "documentation":"

    The data sources for the simulation job.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the simulation job.

    " - }, - "vpcConfig":{ - "shape":"VPCConfigResponse", - "documentation":"

    Information about the vpc configuration.

    " - }, - "compute":{ - "shape":"ComputeResponse", - "documentation":"

    Compute information for the simulation job.

    " - } - } - }, - "CreateWorldExportJobRequest":{ - "type":"structure", - "required":[ - "worlds", - "outputLocation", - "iamRole" - ], - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "worlds":{ - "shape":"Arns", - "documentation":"

    A list of Amazon Resource Names (arns) that correspond to worlds to export.

    " - }, - "outputLocation":{"shape":"OutputLocation"}, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that the world export process uses to access the Amazon S3 bucket and put the export.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world export job.

    " - } - } - }, - "CreateWorldExportJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world export job.

    " - }, - "status":{ - "shape":"WorldExportJobStatus", - "documentation":"

    The status of the world export job.

    Pending

    The world export job request is pending.

    Running

    The world export job is running.

    Completed

    The world export job completed.

    Failed

    The world export job failed. See failureCode for more information.

    Canceled

    The world export job was cancelled.

    Canceling

    The world export job is being cancelled.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world export job was created.

    " - }, - "failureCode":{ - "shape":"WorldExportJobErrorCode", - "documentation":"

    The failure code of the world export job if it failed:

    InternalServiceError

    Internal service error.

    LimitExceeded

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ResourceNotFound

    The specified resource could not be found.

    RequestThrottled

    The request was throttled.

    InvalidInput

    An input parameter in the request is not valid.

    AllWorldGenerationFailed

    All of the worlds in the world generation job failed. This can happen if your worldCount is greater than 50 or less than 1.

    For more information about troubleshooting WorldForge, see Troubleshooting Simulation WorldForge.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "outputLocation":{"shape":"OutputLocation"}, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that the world export process uses to access the Amazon S3 bucket and put the export.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world export job.

    " - } - } - }, - "CreateWorldGenerationJobRequest":{ - "type":"structure", - "required":[ - "template", - "worldCount" - ], - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template describing the worlds you want to create.

    " - }, - "worldCount":{ - "shape":"WorldCount", - "documentation":"

    Information about the world count.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world generator job.

    " - }, - "worldTags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the generated worlds.

    " - } - } - }, - "CreateWorldGenerationJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world generator job.

    " - }, - "status":{ - "shape":"WorldGenerationJobStatus", - "documentation":"

    The status of the world generator job.

    Pending

    The world generator job request is pending.

    Running

    The world generator job is running.

    Completed

    The world generator job completed.

    Failed

    The world generator job failed. See failureCode for more information.

    PartialFailed

    Some worlds did not generate.

    Canceled

    The world generator job was cancelled.

    Canceling

    The world generator job is being cancelled.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world generator job was created.

    " - }, - "failureCode":{ - "shape":"WorldGenerationJobErrorCode", - "documentation":"

    The failure code of the world generator job if it failed:

    InternalServiceError

    Internal service error.

    LimitExceeded

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ResourceNotFound

    The specified resource could not be found.

    RequestThrottled

    The request was throttled.

    InvalidInput

    An input parameter in the request is not valid.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - }, - "worldCount":{ - "shape":"WorldCount", - "documentation":"

    Information about the world count.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world generator job.

    " - }, - "worldTags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the generated worlds.

    " - } - } - }, - "CreateWorldTemplateRequest":{ - "type":"structure", - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the world template.

    " - }, - "templateBody":{ - "shape":"Json", - "documentation":"

    The world template body.

    " - }, - "templateLocation":{ - "shape":"TemplateLocation", - "documentation":"

    The location of the world template.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world template.

    " - } - } - }, - "CreateWorldTemplateResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world template.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world template was created.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the world template.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world template.

    " - } - } - }, - "CreatedAt":{"type":"timestamp"}, - "DataSource":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the data source.

    " - }, - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The S3 bucket where the data files are located.

    " - }, - "s3Keys":{ - "shape":"S3KeyOutputs", - "documentation":"

    The list of S3 keys identifying the data source files.

    " - }, - "type":{ - "shape":"DataSourceType", - "documentation":"

    The data type for the data source that you're using for your container image or simulation job. You can use this field to specify whether your data source is an Archive, an Amazon S3 prefix, or a file.

    If you don't specify a field, the default value is File.

    " - }, - "destination":{ - "shape":"Path", - "documentation":"

    The location where your files are mounted in the container image.

    If you've specified the type of the data source as an Archive, you must provide an Amazon S3 object key to your archive. The object key must point to either a .zip or .tar.gz file.

    If you've specified the type of the data source as a Prefix, you provide the Amazon S3 prefix that points to the files that you are using for your data source.

    If you've specified the type of the data source as a File, you provide the Amazon S3 path to the file that you're using as your data source.

    " - } - }, - "documentation":"

    Information about a data source.

    " - }, - "DataSourceConfig":{ - "type":"structure", - "required":[ - "name", - "s3Bucket", - "s3Keys" - ], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the data source.

    " - }, - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The S3 bucket where the data files are located.

    " - }, - "s3Keys":{ - "shape":"S3KeysOrPrefixes", - "documentation":"

    The list of S3 keys identifying the data source files.

    " - }, - "type":{ - "shape":"DataSourceType", - "documentation":"

    The data type for the data source that you're using for your container image or simulation job. You can use this field to specify whether your data source is an Archive, an Amazon S3 prefix, or a file.

    If you don't specify a field, the default value is File.

    " - }, - "destination":{ - "shape":"Path", - "documentation":"

    The location where your files are mounted in the container image.

    If you've specified the type of the data source as an Archive, you must provide an Amazon S3 object key to your archive. The object key must point to either a .zip or .tar.gz file.

    If you've specified the type of the data source as a Prefix, you provide the Amazon S3 prefix that points to the files that you are using for your data source.

    If you've specified the type of the data source as a File, you provide the Amazon S3 path to the file that you're using as your data source.

    " - } - }, - "documentation":"

    Information about a data source.

    " - }, - "DataSourceConfigs":{ - "type":"list", - "member":{"shape":"DataSourceConfig"}, - "max":6, - "min":1 - }, - "DataSourceNames":{ - "type":"list", - "member":{"shape":"Name"} - }, - "DataSourceType":{ - "type":"string", - "enum":[ - "Prefix", - "Archive", - "File" - ] - }, - "DataSources":{ - "type":"list", - "member":{"shape":"DataSource"} - }, - "DeleteFleetRequest":{ - "type":"structure", - "required":["fleet"], - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteFleetResponse":{ - "type":"structure", - "members":{ - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteRobotApplicationRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the the robot application.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the robot application to delete.

    " - } - } - }, - "DeleteRobotApplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteRobotRequest":{ - "type":"structure", - "required":["robot"], - "members":{ - "robot":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteRobotResponse":{ - "type":"structure", - "members":{ - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeleteSimulationApplicationRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the simulation application to delete.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the simulation application to delete.

    " - } - } - }, - "DeleteSimulationApplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteWorldTemplateRequest":{ - "type":"structure", - "required":["template"], - "members":{ - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template you want to delete.

    " - } - } - }, - "DeleteWorldTemplateResponse":{ - "type":"structure", - "members":{ - } - }, - "DeploymentApplicationConfig":{ - "type":"structure", - "required":[ - "application", - "applicationVersion", - "launchConfig" - ], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot application.

    " - }, - "applicationVersion":{ - "shape":"DeploymentVersion", - "documentation":"

    The version of the application.

    " - }, - "launchConfig":{ - "shape":"DeploymentLaunchConfig", - "documentation":"

    The launch configuration.

    " - } - }, - "documentation":"

    Information about a deployment application configuration.

    " - }, - "DeploymentApplicationConfigs":{ - "type":"list", - "member":{"shape":"DeploymentApplicationConfig"}, - "max":1, - "min":1 - }, - "DeploymentConfig":{ - "type":"structure", - "members":{ - "concurrentDeploymentPercentage":{ - "shape":"Percentage", - "documentation":"

    The percentage of robots receiving the deployment at the same time.

    " - }, - "failureThresholdPercentage":{ - "shape":"Percentage", - "documentation":"

    The percentage of deployments that need to fail before stopping deployment.

    " - }, - "robotDeploymentTimeoutInSeconds":{ - "shape":"DeploymentTimeout", - "documentation":"

    The amount of time, in seconds, to wait for deployment to a single robot to complete. Choose a time between 1 minute and 7 days. The default is 5 hours.

    " - }, - "downloadConditionFile":{ - "shape":"S3Object", - "documentation":"

    The download condition file.

    " - } - }, - "documentation":"

    Information about a deployment configuration.

    " - }, - "DeploymentJob":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the deployment job.

    " - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "status":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the deployment job.

    " - }, - "deploymentApplicationConfigs":{ - "shape":"DeploymentApplicationConfigs", - "documentation":"

    The deployment application configuration.

    " - }, - "deploymentConfig":{ - "shape":"DeploymentConfig", - "documentation":"

    The deployment configuration.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    A short description of the reason why the deployment job failed.

    " - }, - "failureCode":{ - "shape":"DeploymentJobErrorCode", - "documentation":"

    The deployment job failure code.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the deployment job was created.

    " - } - }, - "documentation":"

    Information about a deployment job.

    " - }, - "DeploymentJobErrorCode":{ - "type":"string", - "enum":[ - "ResourceNotFound", - "EnvironmentSetupError", - "EtagMismatch", - "FailureThresholdBreached", - "RobotDeploymentAborted", - "RobotDeploymentNoResponse", - "RobotAgentConnectionTimeout", - "GreengrassDeploymentFailed", - "InvalidGreengrassGroup", - "MissingRobotArchitecture", - "MissingRobotApplicationArchitecture", - "MissingRobotDeploymentResource", - "GreengrassGroupVersionDoesNotExist", - "LambdaDeleted", - "ExtractingBundleFailure", - "PreLaunchFileFailure", - "PostLaunchFileFailure", - "BadPermissionError", - "DownloadConditionFailed", - "BadLambdaAssociated", - "InternalServerError", - "RobotApplicationDoesNotExist", - "DeploymentFleetDoesNotExist", - "FleetDeploymentTimeout" - ] - }, - "DeploymentJobs":{ - "type":"list", - "member":{"shape":"DeploymentJob"}, - "max":200, - "min":0 - }, - "DeploymentLaunchConfig":{ - "type":"structure", - "required":[ - "packageName", - "launchFile" - ], - "members":{ - "packageName":{ - "shape":"Command", - "documentation":"

    The package name.

    " - }, - "preLaunchFile":{ - "shape":"Path", - "documentation":"

    The deployment pre-launch file. This file will be executed prior to the launch file.

    " - }, - "launchFile":{ - "shape":"Command", - "documentation":"

    The launch file name.

    " - }, - "postLaunchFile":{ - "shape":"Path", - "documentation":"

    The deployment post-launch file. This file will be executed after the launch file.

    " - }, - "environmentVariables":{ - "shape":"EnvironmentVariableMap", - "documentation":"

    An array of key/value pairs specifying environment variables for the robot application

    " - } - }, - "documentation":"

    Configuration information for a deployment launch.

    " - }, - "DeploymentStatus":{ - "type":"string", - "enum":[ - "Pending", - "Preparing", - "InProgress", - "Failed", - "Succeeded", - "Canceled" - ] - }, - "DeploymentTimeout":{"type":"long"}, - "DeploymentVersion":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[0-9]*" - }, - "DeregisterRobotRequest":{ - "type":"structure", - "required":[ - "fleet", - "robot" - ], - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "robot":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DeregisterRobotResponse":{ - "type":"structure", - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "robot":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeDeploymentJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the deployment job.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeDeploymentJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the deployment job.

    " - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "status":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the deployment job.

    " - }, - "deploymentConfig":{ - "shape":"DeploymentConfig", - "documentation":"

    The deployment configuration.

    " - }, - "deploymentApplicationConfigs":{ - "shape":"DeploymentApplicationConfigs", - "documentation":"

    The deployment application configuration.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    A short description of the reason why the deployment job failed.

    " - }, - "failureCode":{ - "shape":"DeploymentJobErrorCode", - "documentation":"

    The deployment job failure code.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the deployment job was created.

    " - }, - "robotDeploymentSummary":{ - "shape":"RobotDeploymentSummary", - "documentation":"

    A list of robot deployment summaries.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified deployment job.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeFleetRequest":{ - "type":"structure", - "required":["fleet"], - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeFleetResponse":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the fleet.

    " - }, - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "robots":{ - "shape":"Robots", - "documentation":"

    A list of robots.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the fleet was created.

    " - }, - "lastDeploymentStatus":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the last deployment.

    " - }, - "lastDeploymentJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the last deployment job.

    " - }, - "lastDeploymentTime":{ - "shape":"CreatedAt", - "documentation":"

    The time of the last deployment.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified fleet.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeRobotApplicationRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot application.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the robot application to describe.

    " - } - } - }, - "DescribeRobotApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the robot application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot application was last updated.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used to create the robot application.

    " - }, - "imageDigest":{ - "shape":"ImageDigest", - "documentation":"

    A SHA256 identifier for the Docker image that you use for your robot application.

    " - } - } - }, - "DescribeRobotRequest":{ - "type":"structure", - "required":["robot"], - "members":{ - "robot":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot to be described.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeRobotResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot.

    " - }, - "fleetArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "status":{ - "shape":"RobotStatus", - "documentation":"

    The status of the fleet.

    " - }, - "greengrassGroupId":{ - "shape":"Id", - "documentation":"

    The Greengrass group id.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot was created.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The target architecture of the robot application.

    " - }, - "lastDeploymentJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the last deployment job.

    " - }, - "lastDeploymentTime":{ - "shape":"CreatedAt", - "documentation":"

    The time of the last deployment job.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "DescribeSimulationApplicationRequest":{ - "type":"structure", - "required":["application"], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the simulation application.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the simulation application to describe.

    " - } - } - }, - "DescribeSimulationApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot simulation application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the simulation application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about the robot software suite.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the simulation application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation application was last updated.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified simulation application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used to create the simulation application.

    " - }, - "imageDigest":{ - "shape":"ImageDigest", - "documentation":"

    A SHA256 identifier for the Docker image that you use for your simulation application.

    " - } - } - }, - "DescribeSimulationJobBatchRequest":{ - "type":"structure", - "required":["batch"], - "members":{ - "batch":{ - "shape":"Arn", - "documentation":"

    The id of the batch to describe.

    " - } - } - }, - "DescribeSimulationJobBatchResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the batch.

    " - }, - "status":{ - "shape":"SimulationJobBatchStatus", - "documentation":"

    The status of the batch.

    Pending

    The simulation job batch request is pending.

    InProgress

    The simulation job batch is in progress.

    Failed

    The simulation job batch failed. One or more simulation job requests could not be completed due to an internal failure (like InternalServiceError). See failureCode and failureReason for more information.

    Completed

    The simulation batch job completed. A batch is complete when (1) there are no pending simulation job requests in the batch and none of the failed simulation job requests are due to InternalServiceError and (2) when all created simulation jobs have reached a terminal state (for example, Completed or Failed).

    Canceled

    The simulation batch job was cancelled.

    Canceling

    The simulation batch job is being cancelled.

    Completing

    The simulation batch job is completing.

    TimingOut

    The simulation job batch is timing out.

    If a batch timing out, and there are pending requests that were failing due to an internal failure (like InternalServiceError), the batch status will be Failed. If there are no such failing request, the batch status will be TimedOut.

    TimedOut

    The simulation batch job timed out.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch was last updated.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch was created.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "batchPolicy":{ - "shape":"BatchPolicy", - "documentation":"

    The batch policy.

    " - }, - "failureCode":{ - "shape":"SimulationJobBatchErrorCode", - "documentation":"

    The failure code of the simulation job batch.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The reason the simulation job batch failed.

    " - }, - "failedRequests":{ - "shape":"FailedCreateSimulationJobRequests", - "documentation":"

    A list of failed create simulation job requests. The request failed to be created into a simulation job. Failed requests do not have a simulation job ID.

    " - }, - "pendingRequests":{ - "shape":"CreateSimulationJobRequests", - "documentation":"

    A list of pending simulation job requests. These requests have not yet been created into simulation jobs.

    " - }, - "createdRequests":{ - "shape":"SimulationJobSummaries", - "documentation":"

    A list of created simulation job summaries.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the simulation job batch.

    " - } - } - }, - "DescribeSimulationJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job to be described.

    " - } - } - }, - "DescribeSimulationJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation job.

    " - }, - "status":{ - "shape":"SimulationJobStatus", - "documentation":"

    The status of the simulation job.

    " - }, - "lastStartedAt":{ - "shape":"LastStartedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last started.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last updated.

    " - }, - "failureBehavior":{ - "shape":"FailureBehavior", - "documentation":"

    The failure behavior for the simulation job.

    " - }, - "failureCode":{ - "shape":"SimulationJobErrorCode", - "documentation":"

    The failure code of the simulation job if it failed:

    InternalServiceError

    Internal service error.

    RobotApplicationCrash

    Robot application exited abnormally.

    SimulationApplicationCrash

    Simulation application exited abnormally.

    BadPermissionsRobotApplication

    Robot application bundle could not be downloaded.

    BadPermissionsSimulationApplication

    Simulation application bundle could not be downloaded.

    BadPermissionsS3Output

    Unable to publish outputs to customer-provided S3 bucket.

    BadPermissionsCloudwatchLogs

    Unable to publish logs to customer-provided CloudWatch Logs resource.

    SubnetIpLimitExceeded

    Subnet IP limit exceeded.

    ENILimitExceeded

    ENI limit exceeded.

    BadPermissionsUserCredentials

    Unable to use the Role provided.

    InvalidBundleRobotApplication

    Robot bundle cannot be extracted (invalid format, bundling error, or other issue).

    InvalidBundleSimulationApplication

    Simulation bundle cannot be extracted (invalid format, bundling error, or other issue).

    RobotApplicationVersionMismatchedEtag

    Etag for RobotApplication does not match value during version creation.

    SimulationApplicationVersionMismatchedEtag

    Etag for SimulationApplication does not match value during version creation.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    Details about why the simulation job failed. For more information about troubleshooting, see Troubleshooting.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "outputLocation":{ - "shape":"OutputLocation", - "documentation":"

    Location for output files generated by the simulation job.

    " - }, - "loggingConfig":{ - "shape":"LoggingConfig", - "documentation":"

    The logging configuration.

    " - }, - "maxJobDurationInSeconds":{ - "shape":"JobDuration", - "documentation":"

    The maximum job duration in seconds. The value must be 8 days (691,200 seconds) or less.

    " - }, - "simulationTimeMillis":{ - "shape":"SimulationTimeMillis", - "documentation":"

    The simulation job execution duration in milliseconds.

    " - }, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that allows the simulation instance to call the AWS APIs that are specified in its associated policies on your behalf.

    " - }, - "robotApplications":{ - "shape":"RobotApplicationConfigs", - "documentation":"

    A list of robot applications.

    " - }, - "simulationApplications":{ - "shape":"SimulationApplicationConfigs", - "documentation":"

    A list of simulation applications.

    " - }, - "dataSources":{ - "shape":"DataSources", - "documentation":"

    The data sources for the simulation job.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified simulation job.

    " - }, - "vpcConfig":{ - "shape":"VPCConfigResponse", - "documentation":"

    The VPC configuration.

    " - }, - "networkInterface":{ - "shape":"NetworkInterface", - "documentation":"

    The network interface information for the simulation job.

    " - }, - "compute":{ - "shape":"ComputeResponse", - "documentation":"

    Compute information for the simulation job.

    " - } - } - }, - "DescribeWorldExportJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world export job to describe.

    " - } - } - }, - "DescribeWorldExportJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world export job.

    " - }, - "status":{ - "shape":"WorldExportJobStatus", - "documentation":"

    The status of the world export job.

    Pending

    The world export job request is pending.

    Running

    The world export job is running.

    Completed

    The world export job completed.

    Failed

    The world export job failed. See failureCode and failureReason for more information.

    Canceled

    The world export job was cancelled.

    Canceling

    The world export job is being cancelled.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world export job was created.

    " - }, - "failureCode":{ - "shape":"WorldExportJobErrorCode", - "documentation":"

    The failure code of the world export job if it failed:

    InternalServiceError

    Internal service error.

    LimitExceeded

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ResourceNotFound

    The specified resource could not be found.

    RequestThrottled

    The request was throttled.

    InvalidInput

    An input parameter in the request is not valid.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The reason why the world export job failed.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "worlds":{ - "shape":"Arns", - "documentation":"

    A list of Amazon Resource Names (arns) that correspond to worlds to be exported.

    " - }, - "outputLocation":{"shape":"OutputLocation"}, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that the world export process uses to access the Amazon S3 bucket and put the export.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world export job.

    " - } - } - }, - "DescribeWorldGenerationJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world generation job to describe.

    " - } - } - }, - "DescribeWorldGenerationJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world generation job.

    " - }, - "status":{ - "shape":"WorldGenerationJobStatus", - "documentation":"

    The status of the world generation job:

    Pending

    The world generation job request is pending.

    Running

    The world generation job is running.

    Completed

    The world generation job completed.

    Failed

    The world generation job failed. See failureCode for more information.

    PartialFailed

    Some worlds did not generate.

    Canceled

    The world generation job was cancelled.

    Canceling

    The world generation job is being cancelled.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world generation job was created.

    " - }, - "failureCode":{ - "shape":"WorldGenerationJobErrorCode", - "documentation":"

    The failure code of the world generation job if it failed:

    InternalServiceError

    Internal service error.

    LimitExceeded

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ResourceNotFound

    The specified resource could not be found.

    RequestThrottled

    The request was throttled.

    InvalidInput

    An input parameter in the request is not valid.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The reason why the world generation job failed.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - }, - "worldCount":{ - "shape":"WorldCount", - "documentation":"

    Information about the world count.

    " - }, - "finishedWorldsSummary":{ - "shape":"FinishedWorldsSummary", - "documentation":"

    Summary information about finished worlds.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world generation job.

    " - }, - "worldTags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the generated worlds.

    " - } - } - }, - "DescribeWorldRequest":{ - "type":"structure", - "required":["world"], - "members":{ - "world":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world you want to describe.

    " - } - } - }, - "DescribeWorldResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world.

    " - }, - "generationJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world generation job that generated the world.

    " - }, - "template":{ - "shape":"Arn", - "documentation":"

    The world template.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world was created.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world.

    " - }, - "worldDescriptionBody":{ - "shape":"Json", - "documentation":"

    Returns the JSON formatted string that describes the contents of your world.

    " - } - } - }, - "DescribeWorldTemplateRequest":{ - "type":"structure", - "required":["template"], - "members":{ - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template you want to describe.

    " - } - } - }, - "DescribeWorldTemplateResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world template.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the world template.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world template was created.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world template was last updated.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the world template.

    " - }, - "version":{ - "shape":"GenericString", - "documentation":"

    The version of the world template that you're using.

    " - } - } - }, - "Environment":{ - "type":"structure", - "members":{ - "uri":{ - "shape":"RepositoryUrl", - "documentation":"

    The Docker image URI for either your robot or simulation applications.

    " - } - }, - "documentation":"

    The object that contains the Docker image URI for either your robot or simulation applications.

    " - }, - "EnvironmentVariableKey":{ - "type":"string", - "max":1024, - "min":1, - "pattern":"[A-Z_][A-Z0-9_]*" - }, - "EnvironmentVariableMap":{ - "type":"map", - "key":{"shape":"EnvironmentVariableKey"}, - "value":{"shape":"EnvironmentVariableValue"}, - "max":20, - "min":0 - }, - "EnvironmentVariableValue":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".*" - }, - "ExitBehavior":{ - "type":"string", - "enum":[ - "FAIL", - "RESTART" - ] - }, - "FailedAt":{"type":"timestamp"}, - "FailedCreateSimulationJobRequest":{ - "type":"structure", - "members":{ - "request":{ - "shape":"SimulationJobRequest", - "documentation":"

    The simulation job request.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The failure reason of the simulation job request.

    " - }, - "failureCode":{ - "shape":"SimulationJobErrorCode", - "documentation":"

    The failure code.

    " - }, - "failedAt":{ - "shape":"FailedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch failed.

    " - } - }, - "documentation":"

    Information about a failed create simulation job request.

    " - }, - "FailedCreateSimulationJobRequests":{ - "type":"list", - "member":{"shape":"FailedCreateSimulationJobRequest"} - }, - "FailureBehavior":{ - "type":"string", - "enum":[ - "Fail", - "Continue" - ] - }, - "FailureSummary":{ - "type":"structure", - "members":{ - "totalFailureCount":{ - "shape":"Integer", - "documentation":"

    The total number of failures.

    " - }, - "failures":{ - "shape":"WorldFailures", - "documentation":"

    The worlds that failed.

    " - } - }, - "documentation":"

    Information about worlds that failed.

    " - }, - "Filter":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the filter.

    " - }, - "values":{ - "shape":"FilterValues", - "documentation":"

    A list of values.

    " - } - }, - "documentation":"

    Information about a filter.

    " - }, - "FilterValues":{ - "type":"list", - "member":{"shape":"Name"}, - "max":1, - "min":1 - }, - "Filters":{ - "type":"list", - "member":{"shape":"Filter"}, - "max":1, - "min":1 - }, - "FinishedWorldsSummary":{ - "type":"structure", - "members":{ - "finishedCount":{ - "shape":"Integer", - "documentation":"

    The total number of finished worlds.

    " - }, - "succeededWorlds":{ - "shape":"Arns", - "documentation":"

    A list of worlds that succeeded.

    " - }, - "failureSummary":{ - "shape":"FailureSummary", - "documentation":"

    Information about worlds that failed.

    " - } - }, - "documentation":"

    Information about worlds that finished.

    " - }, - "Fleet":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the fleet.

    " - }, - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the fleet was created.

    " - }, - "lastDeploymentStatus":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the last fleet deployment.

    " - }, - "lastDeploymentJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the last deployment job.

    " - }, - "lastDeploymentTime":{ - "shape":"CreatedAt", - "documentation":"

    The time of the last deployment.

    " - } - }, - "documentation":"

    Information about a fleet.

    " - }, - "Fleets":{ - "type":"list", - "member":{"shape":"Fleet"}, - "max":200, - "min":0 - }, - "FloorplanCount":{"type":"integer"}, - "GPUUnit":{ - "type":"integer", - "max":1, - "min":0 - }, - "GenericInteger":{"type":"integer"}, - "GenericString":{ - "type":"string", - "max":1024, - "min":0, - "pattern":".*" - }, - "GetWorldTemplateBodyRequest":{ - "type":"structure", - "members":{ - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - }, - "generationJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world generator job.

    " - } - } - }, - "GetWorldTemplateBodyResponse":{ - "type":"structure", - "members":{ - "templateBody":{ - "shape":"Json", - "documentation":"

    The world template body.

    " - } - } - }, - "IamRole":{ - "type":"string", - "max":255, - "min":1, - "pattern":"arn:aws:iam::\\w+:role/.*" - }, - "Id":{ - "type":"string", - "max":1224, - "min":1, - "pattern":".*" - }, - "IdempotentParameterMismatchException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ImageDigest":{ - "type":"string", - "max":72, - "min":0, - "pattern":"[Ss][Hh][Aa]256:[0-9a-fA-F]{64}" - }, - "Integer":{"type":"integer"}, - "InteriorCountPerFloorplan":{"type":"integer"}, - "InternalServerException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    AWS RoboMaker experienced a service issue. Try your call again.

    ", - "error":{"httpStatusCode":500}, - "exception":true - }, - "InvalidParameterException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    A parameter specified in a request is not valid, is unsupported, or cannot be used. The returned message provides an explanation of the error value.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "JobDuration":{"type":"long"}, - "Json":{ - "type":"string", - "max":262144, - "min":1, - "pattern":"[\\S\\s]+" - }, - "LastStartedAt":{"type":"timestamp"}, - "LastUpdatedAt":{"type":"timestamp"}, - "LaunchConfig":{ - "type":"structure", - "members":{ - "packageName":{ - "shape":"Command", - "documentation":"

    The package name.

    " - }, - "launchFile":{ - "shape":"Command", - "documentation":"

    The launch file name.

    " - }, - "environmentVariables":{ - "shape":"EnvironmentVariableMap", - "documentation":"

    The environment variables for the application launch.

    " - }, - "portForwardingConfig":{ - "shape":"PortForwardingConfig", - "documentation":"

    The port forwarding configuration.

    " - }, - "streamUI":{ - "shape":"Boolean", - "documentation":"

    Boolean indicating whether a streaming session will be configured for the application. If True, AWS RoboMaker will configure a connection so you can interact with your application as it is running in the simulation. You must configure and launch the component. It must have a graphical user interface.

    " - }, - "command":{ - "shape":"CommandList", - "documentation":"

    If you've specified General as the value for your RobotSoftwareSuite, you can use this field to specify a list of commands for your container image.

    If you've specified SimulationRuntime as the value for your SimulationSoftwareSuite, you can use this field to specify a list of commands for your container image.

    " - } - }, - "documentation":"

    Information about a launch configuration.

    " - }, - "LimitExceededException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ListDeploymentJobsRequest":{ - "type":"structure", - "members":{ - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    The filter names status and fleetName are supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters, but they must be for the same named item. For example, if you are looking for items with the status InProgress or the status Pending.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListDeploymentJobs again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListDeploymentJobs only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListDeploymentJobs request with the returned nextToken value. This value can be between 1 and 200. If this parameter is not used, then ListDeploymentJobs returns up to 200 results and a nextToken value if applicable.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListDeploymentJobsResponse":{ - "type":"structure", - "members":{ - "deploymentJobs":{ - "shape":"DeploymentJobs", - "documentation":"

    A list of deployment jobs that meet the criteria of the request.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListDeploymentJobs again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListFleetsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListFleets again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListFleets only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListFleets request with the returned nextToken value. This value can be between 1 and 200. If this parameter is not used, then ListFleets returns up to 200 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    The filter name name is supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListFleetsResponse":{ - "type":"structure", - "members":{ - "fleetDetails":{ - "shape":"Fleets", - "documentation":"

    A list of fleet details meeting the request criteria.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListFleets again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListRobotApplicationsRequest":{ - "type":"structure", - "members":{ - "versionQualifier":{ - "shape":"VersionQualifier", - "documentation":"

    The version qualifier of the robot application.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListRobotApplications again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListRobotApplications only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListRobotApplications request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListRobotApplications returns up to 100 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    The filter name name is supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters.

    " - } - } - }, - "ListRobotApplicationsResponse":{ - "type":"structure", - "members":{ - "robotApplicationSummaries":{ - "shape":"RobotApplicationSummaries", - "documentation":"

    A list of robot application summaries that meet the criteria of the request.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListRobotApplications again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListRobotsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListRobots again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListRobots only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListRobots request with the returned nextToken value. This value can be between 1 and 200. If this parameter is not used, then ListRobots returns up to 200 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    The filter names status and fleetName are supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters, but they must be for the same named item. For example, if you are looking for items with the status Registered or the status Available.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListRobotsResponse":{ - "type":"structure", - "members":{ - "robots":{ - "shape":"Robots", - "documentation":"

    A list of robots that meet the criteria of the request.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListRobots again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "ListSimulationApplicationsRequest":{ - "type":"structure", - "members":{ - "versionQualifier":{ - "shape":"VersionQualifier", - "documentation":"

    The version qualifier of the simulation application.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationApplications again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListSimulationApplications only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListSimulationApplications request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListSimulationApplications returns up to 100 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional list of filters to limit results.

    The filter name name is supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters.

    " - } - } - }, - "ListSimulationApplicationsResponse":{ - "type":"structure", - "members":{ - "simulationApplicationSummaries":{ - "shape":"SimulationApplicationSummaries", - "documentation":"

    A list of simulation application summaries that meet the criteria of the request.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationApplications again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListSimulationJobBatchesRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationJobBatches again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListSimulationJobBatches only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListSimulationJobBatches request with the returned nextToken value.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    " - } - } - }, - "ListSimulationJobBatchesResponse":{ - "type":"structure", - "members":{ - "simulationJobBatchSummaries":{ - "shape":"SimulationJobBatchSummaries", - "documentation":"

    A list of simulation job batch summaries.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationJobBatches again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListSimulationJobsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationJobs again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListSimulationJobs only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListSimulationJobs request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then ListSimulationJobs returns up to 1000 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results.

    The filter names status and simulationApplicationName and robotApplicationName are supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters, but they must be for the same named item. For example, if you are looking for items with the status Preparing or the status Running.

    " - } - } - }, - "ListSimulationJobsResponse":{ - "type":"structure", - "required":["simulationJobSummaries"], - "members":{ - "simulationJobSummaries":{ - "shape":"SimulationJobSummaries", - "documentation":"

    A list of simulation job summaries that meet the criteria of the request.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListSimulationJobs again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListTagsForResourceRequest":{ - "type":"structure", - "required":["resourceArn"], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The AWS RoboMaker Amazon Resource Name (ARN) with tags to be listed.

    ", - "location":"uri", - "locationName":"resourceArn" - } - } - }, - "ListTagsForResourceResponse":{ - "type":"structure", - "members":{ - "tags":{ - "shape":"TagMap", - "documentation":"

    The list of all tags added to the specified resource.

    " - } - } - }, - "ListWorldExportJobsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldExportJobs again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListWorldExportJobs only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListWorldExportJobs request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListWorldExportJobs returns up to 100 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results. You can use generationJobId and templateId.

    " - } - } - }, - "ListWorldExportJobsResponse":{ - "type":"structure", - "required":["worldExportJobSummaries"], - "members":{ - "worldExportJobSummaries":{ - "shape":"WorldExportJobSummaries", - "documentation":"

    Summary information for world export jobs.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldExportJobsRequest again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListWorldGenerationJobsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldGenerationJobsRequest again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListWorldGeneratorJobs only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListWorldGeneratorJobs request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListWorldGeneratorJobs returns up to 100 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results. You can use status and templateId.

    " - } - } - }, - "ListWorldGenerationJobsResponse":{ - "type":"structure", - "required":["worldGenerationJobSummaries"], - "members":{ - "worldGenerationJobSummaries":{ - "shape":"WorldGenerationJobSummaries", - "documentation":"

    Summary information for world generator jobs.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldGeneratorJobsRequest again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListWorldTemplatesRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldTemplates again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListWorldTemplates only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListWorldTemplates request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListWorldTemplates returns up to 100 results and a nextToken value if applicable.

    " - } - } - }, - "ListWorldTemplatesResponse":{ - "type":"structure", - "members":{ - "templateSummaries":{ - "shape":"TemplateSummaries", - "documentation":"

    Summary information for templates.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorldTemplates again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "ListWorldsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorlds again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    When this parameter is used, ListWorlds only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListWorlds request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, then ListWorlds returns up to 100 results and a nextToken value if applicable.

    " - }, - "filters":{ - "shape":"Filters", - "documentation":"

    Optional filters to limit results. You can use status.

    " - } - } - }, - "ListWorldsResponse":{ - "type":"structure", - "members":{ - "worldSummaries":{ - "shape":"WorldSummaries", - "documentation":"

    Summary information for worlds.

    " - }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    If the previous paginated request did not return all of the remaining results, the response object's nextToken parameter value is set to a token. To retrieve the next set of results, call ListWorlds again and assign that token to the request object's nextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

    " - } - } - }, - "LoggingConfig":{ - "type":"structure", - "members":{ - "recordAllRosTopics":{ - "shape":"BoxedBoolean", - "documentation":"

    A boolean indicating whether to record all ROS topics.

    This API is no longer supported and will throw an error if used.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is ending support for ROS software suite. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/software-support-policy.html." - } - }, - "documentation":"

    The logging configuration.

    " - }, - "MaxConcurrency":{"type":"integer"}, - "MaxResults":{"type":"integer"}, - "Name":{ - "type":"string", - "max":255, - "min":1, - "pattern":"[a-zA-Z0-9_\\-]*" - }, - "NetworkInterface":{ - "type":"structure", - "members":{ - "networkInterfaceId":{ - "shape":"GenericString", - "documentation":"

    The ID of the network interface.

    " - }, - "privateIpAddress":{ - "shape":"GenericString", - "documentation":"

    The IPv4 address of the network interface within the subnet.

    " - }, - "publicIpAddress":{ - "shape":"GenericString", - "documentation":"

    The IPv4 public address of the network interface.

    " - } - }, - "documentation":"

    Describes a network interface.

    " - }, - "NonEmptyString":{ - "type":"string", - "max":255, - "min":1, - "pattern":".+" - }, - "NonSystemPort":{ - "type":"integer", - "max":65535, - "min":1024 - }, - "OutputLocation":{ - "type":"structure", - "members":{ - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The S3 bucket for output.

    " - }, - "s3Prefix":{ - "shape":"S3Key", - "documentation":"

    The S3 folder in the s3Bucket where output files will be placed.

    " - } - }, - "documentation":"

    The output location.

    " - }, - "PaginationToken":{ - "type":"string", - "max":2048, - "min":1, - "pattern":"[a-zA-Z0-9_.\\-\\/+=]*" - }, - "Path":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".*" - }, - "PercentDone":{ - "type":"float", - "max":100.0, - "min":0.0 - }, - "Percentage":{ - "type":"integer", - "max":100, - "min":1 - }, - "Port":{ - "type":"integer", - "max":65535, - "min":1 - }, - "PortForwardingConfig":{ - "type":"structure", - "members":{ - "portMappings":{ - "shape":"PortMappingList", - "documentation":"

    The port mappings for the configuration.

    " - } - }, - "documentation":"

    Configuration information for port forwarding.

    " - }, - "PortMapping":{ - "type":"structure", - "required":[ - "jobPort", - "applicationPort" - ], - "members":{ - "jobPort":{ - "shape":"Port", - "documentation":"

    The port number on the simulation job instance to use as a remote connection point.

    " - }, - "applicationPort":{ - "shape":"NonSystemPort", - "documentation":"

    The port number on the application.

    " - }, - "enableOnPublicIp":{ - "shape":"Boolean", - "documentation":"

    A Boolean indicating whether to enable this port mapping on public IP.

    " - } - }, - "documentation":"

    An object representing a port mapping.

    " - }, - "PortMappingList":{ - "type":"list", - "member":{"shape":"PortMapping"}, - "max":10, - "min":0 - }, - "ProgressDetail":{ - "type":"structure", - "members":{ - "currentProgress":{ - "shape":"RobotDeploymentStep", - "documentation":"

    The current progress status.

    Validating

    Validating the deployment.

    DownloadingExtracting

    Downloading and extracting the bundle on the robot.

    ExecutingPreLaunch

    Executing pre-launch script(s) if provided.

    Launching

    Launching the robot application.

    ExecutingPostLaunch

    Executing post-launch script(s) if provided.

    Finished

    Deployment is complete.

    " - }, - "percentDone":{ - "shape":"PercentDone", - "documentation":"

    Precentage of the step that is done. This currently only applies to the Downloading/Extracting step of the deployment. It is empty for other steps.

    " - }, - "estimatedTimeRemainingSeconds":{ - "shape":"GenericInteger", - "documentation":"

    Estimated amount of time in seconds remaining in the step. This currently only applies to the Downloading/Extracting step of the deployment. It is empty for other steps.

    " - }, - "targetResource":{ - "shape":"GenericString", - "documentation":"

    The Amazon Resource Name (ARN) of the deployment job.

    " - } - }, - "documentation":"

    Information about the progress of a deployment job.

    " - }, - "RegisterRobotRequest":{ - "type":"structure", - "required":[ - "fleet", - "robot" - ], - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "robot":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "RegisterRobotResponse":{ - "type":"structure", - "members":{ - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet that the robot will join.

    " - }, - "robot":{ - "shape":"Arn", - "documentation":"

    Information about the robot registration.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "RenderingEngine":{ - "type":"structure", - "members":{ - "name":{ - "shape":"RenderingEngineType", - "documentation":"

    The name of the rendering engine.

    " - }, - "version":{ - "shape":"RenderingEngineVersionType", - "documentation":"

    The version of the rendering engine.

    " - } - }, - "documentation":"

    Information about a rendering engine.

    " - }, - "RenderingEngineType":{ - "type":"string", - "enum":["OGRE"] - }, - "RenderingEngineVersionType":{ - "type":"string", - "max":4, - "min":1, - "pattern":"1.x" - }, - "RepositoryUrl":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".+" - }, - "ResourceAlreadyExistsException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The specified resource already exists.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "ResourceNotFoundException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The specified resource does not exist.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "RestartSimulationJobRequest":{ - "type":"structure", - "required":["job"], - "members":{ - "job":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job.

    " - } - } - }, - "RestartSimulationJobResponse":{ - "type":"structure", - "members":{ - } - }, - "RevisionId":{ - "type":"string", - "max":40, - "min":1, - "pattern":"[a-zA-Z0-9_.\\-]*" - }, - "Robot":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot.

    " - }, - "fleetArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "status":{ - "shape":"RobotStatus", - "documentation":"

    The status of the robot.

    " - }, - "greenGrassGroupId":{ - "shape":"Id", - "documentation":"

    The Greengrass group associated with the robot.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot was created.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The architecture of the robot.

    " - }, - "lastDeploymentJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the last deployment job.

    " - }, - "lastDeploymentTime":{ - "shape":"CreatedAt", - "documentation":"

    The time of the last deployment.

    " - } - }, - "documentation":"

    Information about a robot.

    " - }, - "RobotApplicationConfig":{ - "type":"structure", - "required":[ - "application", - "launchConfig" - ], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the robot application.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "launchConfig":{ - "shape":"LaunchConfig", - "documentation":"

    The launch configuration for the robot application.

    " - }, - "uploadConfigurations":{ - "shape":"UploadConfigurations", - "documentation":"

    The upload configurations for the robot application.

    " - }, - "useDefaultUploadConfigurations":{ - "shape":"BoxedBoolean", - "documentation":"

    A Boolean indicating whether to use default upload configurations. By default, .ros and .gazebo files are uploaded when the application terminates and all ROS topics will be recorded.

    If you set this value, you must specify an outputLocation.

    This API is no longer supported and will throw an error if used.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is ending support for ROS software suite. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/software-support-policy.html." - }, - "tools":{ - "shape":"Tools", - "documentation":"

    Information about tools configured for the robot application.

    " - }, - "useDefaultTools":{ - "shape":"BoxedBoolean", - "documentation":"

    A Boolean indicating whether to use default robot application tools. The default tools are rviz, rqt, terminal and rosbag record. The default is False.

    This API is no longer supported and will throw an error if used.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is ending support for ROS software suite. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/software-support-policy.html." - } - }, - "documentation":"

    Application configuration information for a robot.

    " - }, - "RobotApplicationConfigs":{ - "type":"list", - "member":{"shape":"RobotApplicationConfig"}, - "max":1, - "min":1 - }, - "RobotApplicationNames":{ - "type":"list", - "member":{"shape":"Name"} - }, - "RobotApplicationSummaries":{ - "type":"list", - "member":{"shape":"RobotApplicationSummary"}, - "max":100, - "min":0 - }, - "RobotApplicationSummary":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the robot.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot application was last updated.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about a robot software suite.

    " - } - }, - "documentation":"

    Summary information for a robot application.

    " - }, - "RobotDeployment":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The robot deployment Amazon Resource Name (ARN).

    " - }, - "deploymentStartTime":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the deployment was started.

    " - }, - "deploymentFinishTime":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the deployment finished.

    " - }, - "status":{ - "shape":"RobotStatus", - "documentation":"

    The status of the robot deployment.

    " - }, - "progressDetail":{ - "shape":"ProgressDetail", - "documentation":"

    Information about how the deployment is progressing.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    A short description of the reason why the robot deployment failed.

    " - }, - "failureCode":{ - "shape":"DeploymentJobErrorCode", - "documentation":"

    The robot deployment failure code.

    " - } - }, - "documentation":"

    Information about a robot deployment.

    " - }, - "RobotDeploymentStep":{ - "type":"string", - "enum":[ - "Validating", - "DownloadingExtracting", - "ExecutingDownloadCondition", - "ExecutingPreLaunch", - "Launching", - "ExecutingPostLaunch", - "Finished" - ] - }, - "RobotDeploymentSummary":{ - "type":"list", - "member":{"shape":"RobotDeployment"} - }, - "RobotSoftwareSuite":{ - "type":"structure", - "members":{ - "name":{ - "shape":"RobotSoftwareSuiteType", - "documentation":"

    The name of the robot software suite. General is the only supported value.

    " - }, - "version":{ - "shape":"RobotSoftwareSuiteVersionType", - "documentation":"

    The version of the robot software suite. Not applicable for General software suite.

    " - } - }, - "documentation":"

    Information about a robot software suite.

    " - }, - "RobotSoftwareSuiteType":{ - "type":"string", - "enum":[ - "ROS", - "ROS2", - "General" - ] - }, - "RobotSoftwareSuiteVersionType":{ - "type":"string", - "enum":[ - "Kinetic", - "Melodic", - "Dashing", - "Foxy" - ] - }, - "RobotStatus":{ - "type":"string", - "enum":[ - "Available", - "Registered", - "PendingNewDeployment", - "Deploying", - "Failed", - "InSync", - "NoResponse" - ] - }, - "Robots":{ - "type":"list", - "member":{"shape":"Robot"}, - "max":1000, - "min":0 - }, - "S3Bucket":{ - "type":"string", - "max":63, - "min":3, - "pattern":"[a-z0-9][a-z0-9.\\-]*[a-z0-9]" - }, - "S3Etag":{"type":"string"}, - "S3Etags":{ - "type":"list", - "member":{"shape":"S3Etag"} - }, - "S3Key":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".*" - }, - "S3KeyOrPrefix":{ - "type":"string", - "max":1024, - "min":0, - "pattern":".*" - }, - "S3KeyOutput":{ - "type":"structure", - "members":{ - "s3Key":{ - "shape":"S3KeyOrPrefix", - "documentation":"

    The S3 key.

    " - }, - "etag":{ - "shape":"S3Etag", - "documentation":"

    The etag for the object.

    " - } - }, - "documentation":"

    Information about S3 keys.

    " - }, - "S3KeyOutputs":{ - "type":"list", - "member":{"shape":"S3KeyOutput"} - }, - "S3KeysOrPrefixes":{ - "type":"list", - "member":{"shape":"S3KeyOrPrefix"}, - "max":100, - "min":1 - }, - "S3Object":{ - "type":"structure", - "required":[ - "bucket", - "key" - ], - "members":{ - "bucket":{ - "shape":"S3Bucket", - "documentation":"

    The bucket containing the object.

    " - }, - "key":{ - "shape":"S3Key", - "documentation":"

    The key of the object.

    " - }, - "etag":{ - "shape":"S3Etag", - "documentation":"

    The etag of the object.

    " - } - }, - "documentation":"

    Information about an S3 object.

    " - }, - "SecurityGroups":{ - "type":"list", - "member":{"shape":"NonEmptyString"}, - "max":5, - "min":1 - }, - "ServiceUnavailableException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    The request has failed due to a temporary failure of the server.

    ", - "error":{"httpStatusCode":503}, - "exception":true - }, - "SimulationApplicationConfig":{ - "type":"structure", - "required":[ - "application", - "launchConfig" - ], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the simulation application.

    " - }, - "applicationVersion":{ - "shape":"Version", - "documentation":"

    The version of the simulation application.

    " - }, - "launchConfig":{ - "shape":"LaunchConfig", - "documentation":"

    The launch configuration for the simulation application.

    " - }, - "uploadConfigurations":{ - "shape":"UploadConfigurations", - "documentation":"

    Information about upload configurations for the simulation application.

    " - }, - "worldConfigs":{ - "shape":"WorldConfigs", - "documentation":"

    A list of world configurations.

    This API is no longer supported and will throw an error if used.

    " - }, - "useDefaultUploadConfigurations":{ - "shape":"BoxedBoolean", - "documentation":"

    A Boolean indicating whether to use default upload configurations. By default, .ros and .gazebo files are uploaded when the application terminates and all ROS topics will be recorded.

    If you set this value, you must specify an outputLocation.

    This API is no longer supported and will throw an error if used.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is ending support for ROS software suite. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/software-support-policy.html." - }, - "tools":{ - "shape":"Tools", - "documentation":"

    Information about tools configured for the simulation application.

    " - }, - "useDefaultTools":{ - "shape":"BoxedBoolean", - "documentation":"

    A Boolean indicating whether to use default simulation application tools. The default tools are rviz, rqt, terminal and rosbag record. The default is False.

    This API is no longer supported and will throw an error if used.

    ", - "deprecated":true, - "deprecatedMessage":"AWS RoboMaker is ending support for ROS software suite. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/software-support-policy.html." - } - }, - "documentation":"

    Information about a simulation application configuration.

    " - }, - "SimulationApplicationConfigs":{ - "type":"list", - "member":{"shape":"SimulationApplicationConfig"}, - "max":1, - "min":1 - }, - "SimulationApplicationNames":{ - "type":"list", - "member":{"shape":"Name"} - }, - "SimulationApplicationSummaries":{ - "type":"list", - "member":{"shape":"SimulationApplicationSummary"}, - "max":100, - "min":0 - }, - "SimulationApplicationSummary":{ - "type":"structure", - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the simulation application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation application was last updated.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about a robot software suite.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    Information about a simulation software suite.

    " - } - }, - "documentation":"

    Summary information for a simulation application.

    " - }, - "SimulationJob":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation job.

    " - }, - "status":{ - "shape":"SimulationJobStatus", - "documentation":"

    Status of the simulation job.

    " - }, - "lastStartedAt":{ - "shape":"LastStartedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last started.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last updated.

    " - }, - "failureBehavior":{ - "shape":"FailureBehavior", - "documentation":"

    The failure behavior the simulation job.

    Continue

    Leaves the host running for its maximum timeout duration after a 4XX error code.

    Fail

    Stop the simulation job and terminate the instance.

    " - }, - "failureCode":{ - "shape":"SimulationJobErrorCode", - "documentation":"

    The failure code of the simulation job if it failed.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The reason why the simulation job failed.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    A unique identifier for this SimulationJob request.

    " - }, - "outputLocation":{ - "shape":"OutputLocation", - "documentation":"

    Location for output files generated by the simulation job.

    " - }, - "loggingConfig":{ - "shape":"LoggingConfig", - "documentation":"

    The logging configuration.

    " - }, - "maxJobDurationInSeconds":{ - "shape":"JobDuration", - "documentation":"

    The maximum simulation job duration in seconds. The value must be 8 days (691,200 seconds) or less.

    " - }, - "simulationTimeMillis":{ - "shape":"SimulationTimeMillis", - "documentation":"

    The simulation job execution duration in milliseconds.

    " - }, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role that allows the simulation instance to call the AWS APIs that are specified in its associated policies on your behalf. This is how credentials are passed in to your simulation job.

    " - }, - "robotApplications":{ - "shape":"RobotApplicationConfigs", - "documentation":"

    A list of robot applications.

    " - }, - "simulationApplications":{ - "shape":"SimulationApplicationConfigs", - "documentation":"

    A list of simulation applications.

    " - }, - "dataSources":{ - "shape":"DataSources", - "documentation":"

    The data sources for the simulation job.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the simulation job.

    " - }, - "vpcConfig":{ - "shape":"VPCConfigResponse", - "documentation":"

    VPC configuration information.

    " - }, - "networkInterface":{ - "shape":"NetworkInterface", - "documentation":"

    Information about a network interface.

    " - }, - "compute":{ - "shape":"ComputeResponse", - "documentation":"

    Compute information for the simulation job

    " - } - }, - "documentation":"

    Information about a simulation job.

    " - }, - "SimulationJobBatchErrorCode":{ - "type":"string", - "enum":["InternalServiceError"] - }, - "SimulationJobBatchStatus":{ - "type":"string", - "enum":[ - "Pending", - "InProgress", - "Failed", - "Completed", - "Canceled", - "Canceling", - "Completing", - "TimingOut", - "TimedOut" - ] - }, - "SimulationJobBatchSummaries":{ - "type":"list", - "member":{"shape":"SimulationJobBatchSummary"} - }, - "SimulationJobBatchSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the batch.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch was last updated.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch was created.

    " - }, - "status":{ - "shape":"SimulationJobBatchStatus", - "documentation":"

    The status of the simulation job batch.

    Pending

    The simulation job batch request is pending.

    InProgress

    The simulation job batch is in progress.

    Failed

    The simulation job batch failed. One or more simulation job requests could not be completed due to an internal failure (like InternalServiceError). See failureCode and failureReason for more information.

    Completed

    The simulation batch job completed. A batch is complete when (1) there are no pending simulation job requests in the batch and none of the failed simulation job requests are due to InternalServiceError and (2) when all created simulation jobs have reached a terminal state (for example, Completed or Failed).

    Canceled

    The simulation batch job was cancelled.

    Canceling

    The simulation batch job is being cancelled.

    Completing

    The simulation batch job is completing.

    TimingOut

    The simulation job batch is timing out.

    If a batch timing out, and there are pending requests that were failing due to an internal failure (like InternalServiceError), the batch status will be Failed. If there are no such failing request, the batch status will be TimedOut.

    TimedOut

    The simulation batch job timed out.

    " - }, - "failedRequestCount":{ - "shape":"Integer", - "documentation":"

    The number of failed simulation job requests.

    " - }, - "pendingRequestCount":{ - "shape":"Integer", - "documentation":"

    The number of pending simulation job requests.

    " - }, - "createdRequestCount":{ - "shape":"Integer", - "documentation":"

    The number of created simulation job requests.

    " - } - }, - "documentation":"

    Information about a simulation job batch.

    " - }, - "SimulationJobErrorCode":{ - "type":"string", - "enum":[ - "InternalServiceError", - "RobotApplicationCrash", - "SimulationApplicationCrash", - "RobotApplicationHealthCheckFailure", - "SimulationApplicationHealthCheckFailure", - "BadPermissionsRobotApplication", - "BadPermissionsSimulationApplication", - "BadPermissionsS3Object", - "BadPermissionsS3Output", - "BadPermissionsCloudwatchLogs", - "SubnetIpLimitExceeded", - "ENILimitExceeded", - "BadPermissionsUserCredentials", - "InvalidBundleRobotApplication", - "InvalidBundleSimulationApplication", - "InvalidS3Resource", - "ThrottlingError", - "LimitExceeded", - "MismatchedEtag", - "RobotApplicationVersionMismatchedEtag", - "SimulationApplicationVersionMismatchedEtag", - "ResourceNotFound", - "RequestThrottled", - "BatchTimedOut", - "BatchCanceled", - "InvalidInput", - "WrongRegionS3Bucket", - "WrongRegionS3Output", - "WrongRegionRobotApplication", - "WrongRegionSimulationApplication", - "UploadContentMismatchError" - ] - }, - "SimulationJobRequest":{ - "type":"structure", - "required":["maxJobDurationInSeconds"], - "members":{ - "outputLocation":{"shape":"OutputLocation"}, - "loggingConfig":{"shape":"LoggingConfig"}, - "maxJobDurationInSeconds":{ - "shape":"JobDuration", - "documentation":"

    The maximum simulation job duration in seconds. The value must be 8 days (691,200 seconds) or less.

    " - }, - "iamRole":{ - "shape":"IamRole", - "documentation":"

    The IAM role name that allows the simulation instance to call the AWS APIs that are specified in its associated policies on your behalf. This is how credentials are passed in to your simulation job.

    " - }, - "failureBehavior":{ - "shape":"FailureBehavior", - "documentation":"

    The failure behavior the simulation job.

    Continue

    Leaves the host running for its maximum timeout duration after a 4XX error code.

    Fail

    Stop the simulation job and terminate the instance.

    " - }, - "useDefaultApplications":{ - "shape":"BoxedBoolean", - "documentation":"

    A Boolean indicating whether to use default applications in the simulation job. Default applications include Gazebo, rqt, rviz and terminal access.

    " - }, - "robotApplications":{ - "shape":"RobotApplicationConfigs", - "documentation":"

    The robot applications to use in the simulation job.

    " - }, - "simulationApplications":{ - "shape":"SimulationApplicationConfigs", - "documentation":"

    The simulation applications to use in the simulation job.

    " - }, - "dataSources":{ - "shape":"DataSourceConfigs", - "documentation":"

    Specify data sources to mount read-only files from S3 into your simulation. These files are available under /opt/robomaker/datasources/data_source_name.

    There is a limit of 100 files and a combined size of 25GB for all DataSourceConfig objects.

    " - }, - "vpcConfig":{"shape":"VPCConfig"}, - "compute":{ - "shape":"Compute", - "documentation":"

    Compute information for the simulation job

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the simulation job request.

    " - } - }, - "documentation":"

    Information about a simulation job request.

    " - }, - "SimulationJobStatus":{ - "type":"string", - "enum":[ - "Pending", - "Preparing", - "Running", - "Restarting", - "Completed", - "Failed", - "RunningFailed", - "Terminating", - "Terminated", - "Canceled" - ] - }, - "SimulationJobSummaries":{ - "type":"list", - "member":{"shape":"SimulationJobSummary"}, - "max":100, - "min":0 - }, - "SimulationJobSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the simulation job.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job was last updated.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation job.

    " - }, - "status":{ - "shape":"SimulationJobStatus", - "documentation":"

    The status of the simulation job.

    " - }, - "simulationApplicationNames":{ - "shape":"SimulationApplicationNames", - "documentation":"

    A list of simulation job simulation application names.

    " - }, - "robotApplicationNames":{ - "shape":"RobotApplicationNames", - "documentation":"

    A list of simulation job robot application names.

    " - }, - "dataSourceNames":{ - "shape":"DataSourceNames", - "documentation":"

    The names of the data sources.

    " - }, - "computeType":{ - "shape":"ComputeType", - "documentation":"

    The compute type for the simulation job summary.

    " - } - }, - "documentation":"

    Summary information for a simulation job.

    " - }, - "SimulationJobs":{ - "type":"list", - "member":{"shape":"SimulationJob"} - }, - "SimulationSoftwareSuite":{ - "type":"structure", - "members":{ - "name":{ - "shape":"SimulationSoftwareSuiteType", - "documentation":"

    The name of the simulation software suite. SimulationRuntime is the only supported value.

    " - }, - "version":{ - "shape":"SimulationSoftwareSuiteVersionType", - "documentation":"

    The version of the simulation software suite. Not applicable for SimulationRuntime.

    " - } - }, - "documentation":"

    Information about a simulation software suite.

    " - }, - "SimulationSoftwareSuiteType":{ - "type":"string", - "enum":[ - "Gazebo", - "RosbagPlay", - "SimulationRuntime" - ] - }, - "SimulationSoftwareSuiteVersionType":{ - "type":"string", - "max":1024, - "min":0, - "pattern":"7|9|11|Kinetic|Melodic|Dashing|Foxy" - }, - "SimulationTimeMillis":{"type":"long"}, - "SimulationUnit":{ - "type":"integer", - "max":15, - "min":1 - }, - "Source":{ - "type":"structure", - "members":{ - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The s3 bucket name.

    " - }, - "s3Key":{ - "shape":"S3Key", - "documentation":"

    The s3 object key.

    " - }, - "etag":{ - "shape":"S3Etag", - "documentation":"

    A hash of the object specified by s3Bucket and s3Key.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The taget processor architecture for the application.

    " - } - }, - "documentation":"

    Information about a source.

    " - }, - "SourceConfig":{ - "type":"structure", - "members":{ - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The Amazon S3 bucket name.

    " - }, - "s3Key":{ - "shape":"S3Key", - "documentation":"

    The s3 object key.

    " - }, - "architecture":{ - "shape":"Architecture", - "documentation":"

    The target processor architecture for the application.

    " - } - }, - "documentation":"

    Information about a source configuration.

    " - }, - "SourceConfigs":{ - "type":"list", - "member":{"shape":"SourceConfig"} - }, - "Sources":{ - "type":"list", - "member":{"shape":"Source"} - }, - "StartSimulationJobBatchRequest":{ - "type":"structure", - "required":["createSimulationJobRequests"], - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "batchPolicy":{ - "shape":"BatchPolicy", - "documentation":"

    The batch policy.

    " - }, - "createSimulationJobRequests":{ - "shape":"CreateSimulationJobRequests", - "documentation":"

    A list of simulation job requests to create in the batch.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the deployment job batch.

    " - } - } - }, - "StartSimulationJobBatchResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the batch.

    " - }, - "status":{ - "shape":"SimulationJobBatchStatus", - "documentation":"

    The status of the simulation job batch.

    Pending

    The simulation job batch request is pending.

    InProgress

    The simulation job batch is in progress.

    Failed

    The simulation job batch failed. One or more simulation job requests could not be completed due to an internal failure (like InternalServiceError). See failureCode and failureReason for more information.

    Completed

    The simulation batch job completed. A batch is complete when (1) there are no pending simulation job requests in the batch and none of the failed simulation job requests are due to InternalServiceError and (2) when all created simulation jobs have reached a terminal state (for example, Completed or Failed).

    Canceled

    The simulation batch job was cancelled.

    Canceling

    The simulation batch job is being cancelled.

    Completing

    The simulation batch job is completing.

    TimingOut

    The simulation job batch is timing out.

    If a batch timing out, and there are pending requests that were failing due to an internal failure (like InternalServiceError), the batch status will be Failed. If there are no such failing request, the batch status will be TimedOut.

    TimedOut

    The simulation batch job timed out.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation job batch was created.

    " - }, - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    " - }, - "batchPolicy":{ - "shape":"BatchPolicy", - "documentation":"

    The batch policy.

    " - }, - "failureCode":{ - "shape":"SimulationJobBatchErrorCode", - "documentation":"

    The failure code if the simulation job batch failed.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The reason the simulation job batch failed.

    " - }, - "failedRequests":{ - "shape":"FailedCreateSimulationJobRequests", - "documentation":"

    A list of failed simulation job requests. The request failed to be created into a simulation job. Failed requests do not have a simulation job ID.

    " - }, - "pendingRequests":{ - "shape":"CreateSimulationJobRequests", - "documentation":"

    A list of pending simulation job requests. These requests have not yet been created into simulation jobs.

    " - }, - "createdRequests":{ - "shape":"SimulationJobSummaries", - "documentation":"

    A list of created simulation job request summaries.

    " - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the deployment job batch.

    " - } - } - }, - "Subnets":{ - "type":"list", - "member":{"shape":"NonEmptyString"}, - "max":16, - "min":1 - }, - "SyncDeploymentJobRequest":{ - "type":"structure", - "required":[ - "clientRequestToken", - "fleet" - ], - "members":{ - "clientRequestToken":{ - "shape":"ClientRequestToken", - "documentation":"

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    ", - "idempotencyToken":true - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The target fleet for the synchronization.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "SyncDeploymentJobResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the synchronization request.

    " - }, - "fleet":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the fleet.

    " - }, - "status":{ - "shape":"DeploymentStatus", - "documentation":"

    The status of the synchronization job.

    " - }, - "deploymentConfig":{ - "shape":"DeploymentConfig", - "documentation":"

    Information about the deployment configuration.

    " - }, - "deploymentApplicationConfigs":{ - "shape":"DeploymentApplicationConfigs", - "documentation":"

    Information about the deployment application configurations.

    " - }, - "failureReason":{ - "shape":"GenericString", - "documentation":"

    The failure reason if the job fails.

    " - }, - "failureCode":{ - "shape":"DeploymentJobErrorCode", - "documentation":"

    The failure code if the job fails:

    InternalServiceError

    Internal service error.

    RobotApplicationCrash

    Robot application exited abnormally.

    SimulationApplicationCrash

    Simulation application exited abnormally.

    BadPermissionsRobotApplication

    Robot application bundle could not be downloaded.

    BadPermissionsSimulationApplication

    Simulation application bundle could not be downloaded.

    BadPermissionsS3Output

    Unable to publish outputs to customer-provided S3 bucket.

    BadPermissionsCloudwatchLogs

    Unable to publish logs to customer-provided CloudWatch Logs resource.

    SubnetIpLimitExceeded

    Subnet IP limit exceeded.

    ENILimitExceeded

    ENI limit exceeded.

    BadPermissionsUserCredentials

    Unable to use the Role provided.

    InvalidBundleRobotApplication

    Robot bundle cannot be extracted (invalid format, bundling error, or other issue).

    InvalidBundleSimulationApplication

    Simulation bundle cannot be extracted (invalid format, bundling error, or other issue).

    RobotApplicationVersionMismatchedEtag

    Etag for RobotApplication does not match value during version creation.

    SimulationApplicationVersionMismatchedEtag

    Etag for SimulationApplication does not match value during version creation.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the fleet was created.

    " - } - }, - "deprecated":true, - "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html." - }, - "TagKey":{ - "type":"string", - "max":128, - "min":1, - "pattern":"[a-zA-Z0-9 _.\\-\\/+=:]*" - }, - "TagKeyList":{ - "type":"list", - "member":{"shape":"TagKey"} - }, - "TagMap":{ - "type":"map", - "key":{"shape":"TagKey"}, - "value":{"shape":"TagValue"}, - "max":50, - "min":0 - }, - "TagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tags" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS RoboMaker resource you are tagging.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tags":{ - "shape":"TagMap", - "documentation":"

    A map that contains tag keys and tag values that are attached to the resource.

    " - } - } - }, - "TagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "TagValue":{ - "type":"string", - "max":256, - "min":0, - "pattern":"[a-zA-Z0-9 _.\\-\\/+=:]*" - }, - "TemplateLocation":{ - "type":"structure", - "required":[ - "s3Bucket", - "s3Key" - ], - "members":{ - "s3Bucket":{ - "shape":"S3Bucket", - "documentation":"

    The Amazon S3 bucket name.

    " - }, - "s3Key":{ - "shape":"S3Key", - "documentation":"

    The list of S3 keys identifying the data source files.

    " - } - }, - "documentation":"

    Information about a template location.

    " - }, - "TemplateName":{ - "type":"string", - "max":255, - "min":0, - "pattern":".*" - }, - "TemplateSummaries":{ - "type":"list", - "member":{"shape":"TemplateSummary"} - }, - "TemplateSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the template.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the template was created.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the template was last updated.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the template.

    " - }, - "version":{ - "shape":"GenericString", - "documentation":"

    The version of the template that you're using.

    " - } - }, - "documentation":"

    Summary information for a template.

    " - }, - "ThrottlingException":{ - "type":"structure", - "members":{ - "message":{"shape":"errorMessage"} - }, - "documentation":"

    AWS RoboMaker is temporarily unable to process the request. Try your call again.

    ", - "error":{"httpStatusCode":400}, - "exception":true - }, - "Tool":{ - "type":"structure", - "required":[ - "name", - "command" - ], - "members":{ - "streamUI":{ - "shape":"BoxedBoolean", - "documentation":"

    Boolean indicating whether a streaming session will be configured for the tool. If True, AWS RoboMaker will configure a connection so you can interact with the tool as it is running in the simulation. It must have a graphical user interface. The default is False.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the tool.

    " - }, - "command":{ - "shape":"UnrestrictedCommand", - "documentation":"

    Command-line arguments for the tool. It must include the tool executable name.

    " - }, - "streamOutputToCloudWatch":{ - "shape":"BoxedBoolean", - "documentation":"

    Boolean indicating whether logs will be recorded in CloudWatch for the tool. The default is False.

    " - }, - "exitBehavior":{ - "shape":"ExitBehavior", - "documentation":"

    Exit behavior determines what happens when your tool quits running. RESTART will cause your tool to be restarted. FAIL will cause your job to exit. The default is RESTART.

    " - } - }, - "documentation":"

    Information about a tool. Tools are used in a simulation job.

    " - }, - "Tools":{ - "type":"list", - "member":{"shape":"Tool"}, - "max":10, - "min":0 - }, - "UnrestrictedCommand":{ - "type":"string", - "max":1024, - "min":1, - "pattern":".*" - }, - "UntagResourceRequest":{ - "type":"structure", - "required":[ - "resourceArn", - "tagKeys" - ], - "members":{ - "resourceArn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the AWS RoboMaker resource you are removing tags.

    ", - "location":"uri", - "locationName":"resourceArn" - }, - "tagKeys":{ - "shape":"TagKeyList", - "documentation":"

    A map that contains tag keys and tag values that will be unattached from the resource.

    ", - "location":"querystring", - "locationName":"tagKeys" - } - } - }, - "UntagResourceResponse":{ - "type":"structure", - "members":{ - } - }, - "UpdateRobotApplicationRequest":{ - "type":"structure", - "required":[ - "application", - "robotSoftwareSuite" - ], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the robot application.

    " - }, - "sources":{ - "shape":"SourceConfigs", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "currentRevisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id for the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI for your robot application.

    " - } - } - }, - "UpdateRobotApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the updated robot application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the robot application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the robot application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    The robot software suite used by the robot application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the robot application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI for your robot application.

    " - } - } - }, - "UpdateSimulationApplicationRequest":{ - "type":"structure", - "required":[ - "application", - "simulationSoftwareSuite", - "robotSoftwareSuite" - ], - "members":{ - "application":{ - "shape":"Arn", - "documentation":"

    The application information for the simulation application.

    " - }, - "sources":{ - "shape":"SourceConfigs", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about the robot software suite.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "currentRevisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id for the robot application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI for your simulation application.

    " - } - } - }, - "UpdateSimulationApplicationResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the updated simulation application.

    " - }, - "name":{ - "shape":"Name", - "documentation":"

    The name of the simulation application.

    " - }, - "version":{ - "shape":"Version", - "documentation":"

    The version of the robot application.

    " - }, - "sources":{ - "shape":"Sources", - "documentation":"

    The sources of the simulation application.

    " - }, - "simulationSoftwareSuite":{ - "shape":"SimulationSoftwareSuite", - "documentation":"

    The simulation software suite used by the simulation application.

    " - }, - "robotSoftwareSuite":{ - "shape":"RobotSoftwareSuite", - "documentation":"

    Information about the robot software suite.

    " - }, - "renderingEngine":{ - "shape":"RenderingEngine", - "documentation":"

    The rendering engine for the simulation application.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the simulation application was last updated.

    " - }, - "revisionId":{ - "shape":"RevisionId", - "documentation":"

    The revision id of the simulation application.

    " - }, - "environment":{ - "shape":"Environment", - "documentation":"

    The object that contains the Docker image URI used for your simulation application.

    " - } - } - }, - "UpdateWorldTemplateRequest":{ - "type":"structure", - "required":["template"], - "members":{ - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template to update.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the template.

    " - }, - "templateBody":{ - "shape":"Json", - "documentation":"

    The world template body.

    " - }, - "templateLocation":{ - "shape":"TemplateLocation", - "documentation":"

    The location of the world template.

    " - } - } - }, - "UpdateWorldTemplateResponse":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - }, - "name":{ - "shape":"TemplateName", - "documentation":"

    The name of the world template.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world template was created.

    " - }, - "lastUpdatedAt":{ - "shape":"LastUpdatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world template was last updated.

    " - } - } - }, - "UploadBehavior":{ - "type":"string", - "enum":[ - "UPLOAD_ON_TERMINATE", - "UPLOAD_ROLLING_AUTO_REMOVE" - ] - }, - "UploadConfiguration":{ - "type":"structure", - "required":[ - "name", - "path", - "uploadBehavior" - ], - "members":{ - "name":{ - "shape":"Name", - "documentation":"

    A prefix that specifies where files will be uploaded in Amazon S3. It is appended to the simulation output location to determine the final path.

    For example, if your simulation output location is s3://amzn-s3-demo-bucket and your upload configuration name is robot-test, your files will be uploaded to s3://amzn-s3-demo-bucket/<simid>/<runid>/robot-test.

    " - }, - "path":{ - "shape":"Path", - "documentation":"

    Specifies the path of the file(s) to upload. Standard Unix glob matching rules are accepted, with the addition of ** as a super asterisk. For example, specifying /var/log/**.log causes all .log files in the /var/log directory tree to be collected. For more examples, see Glob Library.

    " - }, - "uploadBehavior":{ - "shape":"UploadBehavior", - "documentation":"

    Specifies when to upload the files:

    UPLOAD_ON_TERMINATE

    Matching files are uploaded once the simulation enters the TERMINATING state. Matching files are not uploaded until all of your code (including tools) have stopped.

    If there is a problem uploading a file, the upload is retried. If problems persist, no further upload attempts will be made.

    UPLOAD_ROLLING_AUTO_REMOVE

    Matching files are uploaded as they are created. They are deleted after they are uploaded. The specified path is checked every 5 seconds. A final check is made when all of your code (including tools) have stopped.

    " - } - }, - "documentation":"

    Provides upload configuration information. Files are uploaded from the simulation job to a location you specify.

    " - }, - "UploadConfigurations":{ - "type":"list", - "member":{"shape":"UploadConfiguration"}, - "max":10, - "min":0 - }, - "VPCConfig":{ - "type":"structure", - "required":["subnets"], - "members":{ - "subnets":{ - "shape":"Subnets", - "documentation":"

    A list of one or more subnet IDs in your VPC.

    " - }, - "securityGroups":{ - "shape":"SecurityGroups", - "documentation":"

    A list of one or more security groups IDs in your VPC.

    " - }, - "assignPublicIp":{ - "shape":"Boolean", - "documentation":"

    A boolean indicating whether to assign a public IP address.

    " - } - }, - "documentation":"

    If your simulation job accesses resources in a VPC, you provide this parameter identifying the list of security group IDs and subnet IDs. These must belong to the same VPC. You must provide at least one security group and two subnet IDs.

    " - }, - "VPCConfigResponse":{ - "type":"structure", - "members":{ - "subnets":{ - "shape":"Subnets", - "documentation":"

    A list of subnet IDs associated with the simulation job.

    " - }, - "securityGroups":{ - "shape":"SecurityGroups", - "documentation":"

    A list of security group IDs associated with the simulation job.

    " - }, - "vpcId":{ - "shape":"GenericString", - "documentation":"

    The VPC ID associated with your simulation job.

    " - }, - "assignPublicIp":{ - "shape":"Boolean", - "documentation":"

    A boolean indicating if a public IP was assigned.

    " - } - }, - "documentation":"

    VPC configuration associated with your simulation job.

    " - }, - "Version":{ - "type":"string", - "max":255, - "min":1, - "pattern":"(\\$LATEST)|[0-9]*" - }, - "VersionQualifier":{ - "type":"string", - "max":255, - "min":1, - "pattern":"ALL" - }, - "WorldConfig":{ - "type":"structure", - "members":{ - "world":{ - "shape":"Arn", - "documentation":"

    The world generated by Simulation WorldForge.

    " - } - }, - "documentation":"

    Configuration information for a world.

    " - }, - "WorldConfigs":{ - "type":"list", - "member":{"shape":"WorldConfig"}, - "max":1, - "min":0 - }, - "WorldCount":{ - "type":"structure", - "members":{ - "floorplanCount":{ - "shape":"FloorplanCount", - "documentation":"

    The number of unique floorplans.

    " - }, - "interiorCountPerFloorplan":{ - "shape":"InteriorCountPerFloorplan", - "documentation":"

    The number of unique interiors per floorplan.

    " - } - }, - "documentation":"

    The number of worlds that will be created. You can configure the number of unique floorplans and the number of unique interiors for each floor plan. For example, if you want 1 world with 20 unique interiors, you set floorplanCount = 1 and interiorCountPerFloorplan = 20. This will result in 20 worlds (floorplanCount * interiorCountPerFloorplan).

    If you set floorplanCount = 4 and interiorCountPerFloorplan = 5, there will be 20 worlds with 5 unique floor plans.

    " - }, - "WorldExportJobErrorCode":{ - "type":"string", - "enum":[ - "InternalServiceError", - "LimitExceeded", - "ResourceNotFound", - "RequestThrottled", - "InvalidInput", - "AccessDenied" - ] - }, - "WorldExportJobStatus":{ - "type":"string", - "enum":[ - "Pending", - "Running", - "Completed", - "Failed", - "Canceling", - "Canceled" - ] - }, - "WorldExportJobSummaries":{ - "type":"list", - "member":{"shape":"WorldExportJobSummary"}, - "max":100, - "min":0 - }, - "WorldExportJobSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world export job.

    " - }, - "status":{ - "shape":"WorldExportJobStatus", - "documentation":"

    The status of the world export job.

    Pending

    The world export job request is pending.

    Running

    The world export job is running.

    Completed

    The world export job completed.

    Failed

    The world export job failed. See failureCode for more information.

    Canceled

    The world export job was cancelled.

    Canceling

    The world export job is being cancelled.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world export job was created.

    " - }, - "worlds":{ - "shape":"Arns", - "documentation":"

    A list of worlds.

    " - }, - "outputLocation":{"shape":"OutputLocation"} - }, - "documentation":"

    Information about a world export job.

    " - }, - "WorldFailure":{ - "type":"structure", - "members":{ - "failureCode":{ - "shape":"WorldGenerationJobErrorCode", - "documentation":"

    The failure code of the world export job if it failed:

    InternalServiceError

    Internal service error.

    LimitExceeded

    The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed.

    ResourceNotFound

    The specified resource could not be found.

    RequestThrottled

    The request was throttled.

    InvalidInput

    An input parameter in the request is not valid.

    " - }, - "sampleFailureReason":{ - "shape":"GenericString", - "documentation":"

    The sample reason why the world failed. World errors are aggregated. A sample is used as the sampleFailureReason.

    " - }, - "failureCount":{ - "shape":"Integer", - "documentation":"

    The number of failed worlds.

    " - } - }, - "documentation":"

    Information about a failed world.

    " - }, - "WorldFailures":{ - "type":"list", - "member":{"shape":"WorldFailure"}, - "max":100, - "min":0 - }, - "WorldGenerationJobErrorCode":{ - "type":"string", - "enum":[ - "InternalServiceError", - "LimitExceeded", - "ResourceNotFound", - "RequestThrottled", - "InvalidInput", - "AllWorldGenerationFailed" - ] - }, - "WorldGenerationJobStatus":{ - "type":"string", - "enum":[ - "Pending", - "Running", - "Completed", - "Failed", - "PartialFailed", - "Canceling", - "Canceled" - ] - }, - "WorldGenerationJobSummaries":{ - "type":"list", - "member":{"shape":"WorldGenerationJobSummary"}, - "max":100, - "min":0 - }, - "WorldGenerationJobSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world generator job.

    " - }, - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world generator job was created.

    " - }, - "status":{ - "shape":"WorldGenerationJobStatus", - "documentation":"

    The status of the world generator job:

    Pending

    The world generator job request is pending.

    Running

    The world generator job is running.

    Completed

    The world generator job completed.

    Failed

    The world generator job failed. See failureCode for more information.

    PartialFailed

    Some worlds did not generate.

    Canceled

    The world generator job was cancelled.

    Canceling

    The world generator job is being cancelled.

    " - }, - "worldCount":{ - "shape":"WorldCount", - "documentation":"

    Information about the world count.

    " - }, - "succeededWorldCount":{ - "shape":"Integer", - "documentation":"

    The number of worlds that were generated.

    " - }, - "failedWorldCount":{ - "shape":"Integer", - "documentation":"

    The number of worlds that failed.

    " - } - }, - "documentation":"

    Information about a world generator job.

    " - }, - "WorldSummaries":{ - "type":"list", - "member":{"shape":"WorldSummary"} - }, - "WorldSummary":{ - "type":"structure", - "members":{ - "arn":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (ARN) of the world.

    " - }, - "createdAt":{ - "shape":"CreatedAt", - "documentation":"

    The time, in milliseconds since the epoch, when the world was created.

    " - }, - "generationJob":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world generation job.

    " - }, - "template":{ - "shape":"Arn", - "documentation":"

    The Amazon Resource Name (arn) of the world template.

    " - } - }, - "documentation":"

    Information about a world.

    " - }, - "errorMessage":{"type":"string"} - }, - "documentation":"

    This section provides documentation for the AWS RoboMaker API operations.

    " -} diff -pruN 2.23.6-1/awscli/botocore/data/rolesanywhere/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rolesanywhere/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rolesanywhere/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rolesanywhere/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -565,6 +565,57 @@ } ] }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://route53.amazonaws.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "route53", + "signingRegion": "eusc-de-east-1" + } + ] + }, "headers": {} }, "type": "endpoint" diff -pruN 2.23.6-1/awscli/botocore/data/route53/2013-04-01/service-2.json 2.31.35-1/awscli/botocore/data/route53/2013-04-01/service-2.json --- 2.23.6-1/awscli/botocore/data/route53/2013-04-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53/2013-04-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -412,7 +412,7 @@ {"shape":"InvalidInput"}, {"shape":"InvalidDomainName"} ], - "documentation":"

    Deletes a hosted zone.

    If the hosted zone was created by another service, such as Cloud Map, see Deleting Public Hosted Zones That Were Created by Another Service in the Amazon Route 53 Developer Guide for information about how to delete it. (The process is the same for public and private hosted zones that were created by another service.)

    If you want to keep your domain registration but you want to stop routing internet traffic to your website or web application, we recommend that you delete resource record sets in the hosted zone instead of deleting the hosted zone.

    If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect. (If you delegated responsibility for a subdomain to a hosted zone and you delete the child hosted zone, you must update the name servers in the parent hosted zone.) In addition, if you delete a hosted zone, someone could hijack the domain and route traffic to their own resources using your domain name.

    If you want to avoid the monthly charge for the hosted zone, you can transfer DNS service for the domain to a free DNS service. When you transfer DNS service, you have to update the name servers for the domain registration. If the domain is registered with Route 53, see UpdateDomainNameservers for information about how to replace Route 53 name servers with name servers for the new DNS service. If the domain is registered with another registrar, use the method provided by the registrar to update name servers for the domain registration. For more information, perform an internet search on \"free DNS service.\"

    You can delete a hosted zone only if it contains only the default SOA record and NS resource record sets. If the hosted zone contains other resource record sets, you must delete them before you can delete the hosted zone. If you try to delete a hosted zone that contains other resource record sets, the request fails, and Route 53 returns a HostedZoneNotEmpty error. For information about deleting records from your hosted zone, see ChangeResourceRecordSets.

    To verify that the hosted zone has been deleted, do one of the following:

    • Use the GetHostedZone action to request information about the hosted zone.

    • Use the ListHostedZones action to get a list of the hosted zones associated with the current Amazon Web Services account.

    " + "documentation":"

    Deletes a hosted zone.

    If the hosted zone was created by another service, such as Cloud Map, see Deleting Public Hosted Zones That Were Created by Another Service in the Amazon Route 53 Developer Guide for information about how to delete it. (The process is the same for public and private hosted zones that were created by another service.)

    If you want to keep your domain registration but you want to stop routing internet traffic to your website or web application, we recommend that you delete resource record sets in the hosted zone instead of deleting the hosted zone.

    If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect. (If you delegated responsibility for a subdomain to a hosted zone and you delete the child hosted zone, you must update the name servers in the parent hosted zone.) In addition, if you delete a hosted zone, someone could hijack the domain and route traffic to their own resources using your domain name.

    If you want to avoid the monthly charge for the hosted zone, you can transfer DNS service for the domain to a free DNS service. When you transfer DNS service, you have to update the name servers for the domain registration. If the domain is registered with Route 53, see UpdateDomainNameservers for information about how to replace Route 53 name servers with name servers for the new DNS service. If the domain is registered with another registrar, use the method provided by the registrar to update name servers for the domain registration. For more information, perform an internet search on \"free DNS service.\"

    You can delete a hosted zone only if it contains only the default SOA and NS records and has DNSSEC signing disabled. If the hosted zone contains other records or has DNSSEC enabled, you must delete the records and disable DNSSEC before deletion. Attempting to delete a hosted zone with additional records or DNSSEC enabled returns a HostedZoneNotEmpty error. For information about deleting records, see ChangeResourceRecordSets.

    To verify that the hosted zone has been deleted, do one of the following:

    • Use the GetHostedZone action to request information about the hosted zone.

    • Use the ListHostedZones action to get a list of the hosted zones associated with the current Amazon Web Services account.

    " }, "DeleteKeySigningKey":{ "name":"DeleteKeySigningKey", @@ -958,7 +958,7 @@ {"shape":"NoSuchHostedZone"}, {"shape":"InvalidInput"} ], - "documentation":"

    Lists the resource record sets in a specified hosted zone.

    ListResourceRecordSets returns up to 300 resource record sets at a time in ASCII order, beginning at a position specified by the name and type elements.

    Sort order

    ListResourceRecordSets sorts results first by DNS name with the labels reversed, for example:

    com.example.www.

    Note the trailing dot, which can change the sort order when the record name contains characters that appear before . (decimal 46) in the ASCII table. These characters include the following: ! \" # $ % & ' ( ) * + , -

    When multiple records have the same DNS name, ListResourceRecordSets sorts results by the record type.

    Specifying where to start listing records

    You can use the name and type elements to specify the resource record set that the list begins with:

    If you do not specify Name or Type

    The results begin with the first resource record set that the hosted zone contains.

    If you specify Name but not Type

    The results begin with the first resource record set in the list whose name is greater than or equal to Name.

    If you specify Type but not Name

    Amazon Route 53 returns the InvalidInput error.

    If you specify both Name and Type

    The results begin with the first resource record set in the list whose name is greater than or equal to Name, and whose type is greater than or equal to Type.

    Resource record sets that are PENDING

    This action returns the most current version of the records. This includes records that are PENDING, and that are not yet available on all Route 53 DNS servers.

    Changing resource record sets

    To ensure that you get an accurate listing of the resource record sets for a hosted zone at a point in time, do not submit a ChangeResourceRecordSets request while you're paging through the results of a ListResourceRecordSets request. If you do, some pages may display results without the latest changes while other pages display results with the latest changes.

    Displaying the next page of results

    If a ListResourceRecordSets command returns more than one page of results, the value of IsTruncated is true. To display the next page of results, get the values of NextRecordName, NextRecordType, and NextRecordIdentifier (if any) from the response. Then submit another ListResourceRecordSets request, and specify those values for StartRecordName, StartRecordType, and StartRecordIdentifier.

    " + "documentation":"

    Lists the resource record sets in a specified hosted zone.

    ListResourceRecordSets returns up to 300 resource record sets at a time in ASCII order, beginning at a position specified by the name and type elements.

    Sort order

    ListResourceRecordSets sorts results first by DNS name with the labels reversed, for example:

    com.example.www.

    Note the trailing dot, which can change the sort order when the record name contains characters that appear before . (decimal 46) in the ASCII table. These characters include the following: ! \" # $ % & ' ( ) * + , -

    When multiple records have the same DNS name, ListResourceRecordSets sorts results by the record type.

    Specifying where to start listing records

    You can use the name and type elements to specify the resource record set that the list begins with:

    If you do not specify Name or Type

    The results begin with the first resource record set that the hosted zone contains.

    If you specify Name but not Type

    The results begin with the first resource record set in the list whose name is greater than or equal to Name.

    If you specify Type but not Name

    Amazon Route 53 returns the InvalidInput error.

    If you specify both Name and Type

    The results begin with the first resource record set in the list whose name is greater than or equal to Name, and whose type is greater than or equal to Type.

    Type is only used to sort between records with the same record Name.

    Resource record sets that are PENDING

    This action returns the most current version of the records. This includes records that are PENDING, and that are not yet available on all Route 53 DNS servers.

    Changing resource record sets

    To ensure that you get an accurate listing of the resource record sets for a hosted zone at a point in time, do not submit a ChangeResourceRecordSets request while you're paging through the results of a ListResourceRecordSets request. If you do, some pages may display results without the latest changes while other pages display results with the latest changes.

    Displaying the next page of results

    If a ListResourceRecordSets command returns more than one page of results, the value of IsTruncated is true. To display the next page of results, get the values of NextRecordName, NextRecordType, and NextRecordIdentifier (if any) from the response. Then submit another ListResourceRecordSets request, and specify those values for StartRecordName, StartRecordType, and StartRecordIdentifier.

    " }, "ListReusableDelegationSets":{ "name":"ListReusableDelegationSets", @@ -1301,7 +1301,7 @@ }, "EvaluateTargetHealth":{ "shape":"AliasHealthEnabled", - "documentation":"

    Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets: When EvaluateTargetHealth is true, an alias resource record set inherits the health of the referenced Amazon Web Services resource, such as an ELB load balancer or another resource record set in the hosted zone.

    Note the following:

    CloudFront distributions

    You can't set EvaluateTargetHealth to true when the alias target is a CloudFront distribution.

    Elastic Beanstalk environments that have regionalized subdomains

    If you specify an Elastic Beanstalk environment in DNSName and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set EvaluateTargetHealth to true and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.

    If the environment contains a single Amazon EC2 instance, there are no special requirements.

    ELB load balancers

    Health checking behavior depends on the type of load balancer:

    • Classic Load Balancers: If you specify an ELB Classic Load Balancer in DNSName, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set EvaluateTargetHealth to true and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.

    • Application and Network Load Balancers: If you specify an ELB Application or Network Load Balancer and you set EvaluateTargetHealth to true, Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:

      • For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.

      • A target group that has no registered targets is considered unhealthy.

    When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.

    S3 buckets

    There are no special requirements for setting EvaluateTargetHealth to true when the alias target is an S3 bucket.

    Other records in the same hosted zone

    If the Amazon Web Services resource that you specify in DNSName is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see What Happens When You Omit Health Checks? in the Amazon Route 53 Developer Guide.

    For more information and examples, see Amazon Route 53 Health Checks and DNS Failover in the Amazon Route 53 Developer Guide.

    " + "documentation":"

    Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets: When EvaluateTargetHealth is true, an alias resource record set inherits the health of the referenced Amazon Web Services resource, such as an ELB load balancer or another resource record set in the hosted zone.

    Note the following:

    CloudFront distributions

    You can't set EvaluateTargetHealth to true when the alias target is a CloudFront distribution.

    Elastic Beanstalk environments that have regionalized subdomains

    If you specify an Elastic Beanstalk environment in DNSName and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set EvaluateTargetHealth to true and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.

    If the environment contains a single Amazon EC2 instance, there are no special requirements.

    ELB load balancers

    Health checking behavior depends on the type of load balancer:

    • Classic Load Balancers: If you specify an ELB Classic Load Balancer in DNSName, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set EvaluateTargetHealth to true and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.

    • Application and Network Load Balancers: If you specify an ELB Application or Network Load Balancer and you set EvaluateTargetHealth to true, Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:

      • For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.

      • A target group that has no registered targets is considered unhealthy.

    When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.

    API Gateway APIs

    There are no special requirements for setting EvaluateTargetHealth to true when the alias target is an API Gateway API. However, because API Gateway is highly available by design, EvaluateTargetHealth provides no operational benefit and Route 53 health checks are recommended instead for failover scenarios.

    S3 buckets

    There are no special requirements for setting EvaluateTargetHealth to true when the alias target is an S3 bucket. However, because S3 buckets are highly available by design, EvaluateTargetHealth provides no operational benefit and Route 53 health checks are recommended instead for failover scenarios.

    VPC interface endpoints

    There are no special requirements for setting EvaluateTargetHealth to true when the alias target is a VPC interface endpoint. However, because VPC interface endpoints are highly available by design, EvaluateTargetHealth provides no operational benefit and Route 53 health checks are recommended instead for failover scenarios.

    Other records in the same hosted zone

    If the Amazon Web Services resource that you specify in DNSName is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see What Happens When You Omit Health Checks? in the Amazon Route 53 Developer Guide.

    While EvaluateTargetHealth can be set to true for highly available Amazon Web Services services (such as S3 buckets, VPC interface endpoints, and API Gateway), these services are designed for high availability and rarely experience outages that would be detected by this feature. For failover scenarios with these services, consider using Route 53 health checks that monitor your application's ability to access the service instead.

    For more information and examples, see Amazon Route 53 Health Checks and DNS Failover in the Amazon Route 53 Developer Guide.

    " } }, "documentation":"

    Alias resource record sets only: Information about the Amazon Web Services resource, such as a CloudFront distribution or an Amazon S3 bucket, that you want to route traffic to.

    When creating resource record sets for a private hosted zone, note the following:

    " @@ -1523,8 +1523,7 @@ }, "ChangeTagsForResourceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Empty response for the request.

    " }, "Changes":{ @@ -1798,7 +1797,13 @@ "ca-west-1", "ap-southeast-5", "mx-central-1", - "ap-southeast-7" + "us-isof-south-1", + "us-isof-east-1", + "ap-southeast-7", + "ap-east-2", + "eu-isoe-west-1", + "ap-southeast-6", + "us-isob-west-1" ], "max":64, "min":1 @@ -1939,7 +1944,7 @@ "members":{ "CallerReference":{ "shape":"HealthCheckNonce", - "documentation":"

    A unique string that identifies the request and that allows you to retry a failed CreateHealthCheck request without the risk of creating two identical health checks:

    • If you send a CreateHealthCheck request with the same CallerReference and settings as a previous request, and if the health check doesn't exist, Amazon Route 53 creates the health check. If the health check does exist, Route 53 returns the settings for the existing health check.

    • If you send a CreateHealthCheck request with the same CallerReference as a deleted health check, regardless of the settings, Route 53 returns a HealthCheckAlreadyExists error.

    • If you send a CreateHealthCheck request with the same CallerReference as an existing health check but with different settings, Route 53 returns a HealthCheckAlreadyExists error.

    • If you send a CreateHealthCheck request with a unique CallerReference but settings identical to an existing health check, Route 53 creates the health check.

    Route 53 does not store the CallerReference for a deleted health check indefinitely. The CallerReference for a deleted health check will be deleted after a number of days.

    " + "documentation":"

    A unique string that identifies the request and that allows you to retry a failed CreateHealthCheck request without the risk of creating two identical health checks:

    • If you send a CreateHealthCheck request with the same CallerReference and settings as a previous request, and if the health check doesn't exist, Amazon Route 53 creates the health check. If the health check does exist, Route 53 returns the health check configuration in the response.

    • If you send a CreateHealthCheck request with the same CallerReference as a deleted health check, regardless of the settings, Route 53 returns a HealthCheckAlreadyExists error.

    • If you send a CreateHealthCheck request with the same CallerReference as an existing health check but with different settings, Route 53 returns a HealthCheckAlreadyExists error.

    • If you send a CreateHealthCheck request with a unique CallerReference but settings identical to an existing health check, Route 53 creates the health check.

    Route 53 does not store the CallerReference for a deleted health check indefinitely. The CallerReference for a deleted health check will be deleted after a number of days.

    " }, "HealthCheckConfig":{ "shape":"HealthCheckConfig", @@ -2490,8 +2495,7 @@ }, "DeleteCidrCollectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteHealthCheckRequest":{ "type":"structure", @@ -2508,8 +2512,7 @@ }, "DeleteHealthCheckResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element.

    " }, "DeleteHostedZoneRequest":{ @@ -2578,8 +2581,7 @@ }, "DeleteQueryLoggingConfigResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteReusableDelegationSetRequest":{ "type":"structure", @@ -2596,8 +2598,7 @@ }, "DeleteReusableDelegationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element.

    " }, "DeleteTrafficPolicyInstanceRequest":{ @@ -2615,8 +2616,7 @@ }, "DeleteTrafficPolicyInstanceResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element.

    " }, "DeleteTrafficPolicyRequest":{ @@ -2643,8 +2643,7 @@ }, "DeleteTrafficPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element.

    " }, "DeleteVPCAssociationAuthorizationRequest":{ @@ -2669,8 +2668,7 @@ }, "DeleteVPCAssociationAuthorizationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Empty response for the request.

    " }, "Dimension":{ @@ -2965,8 +2963,7 @@ }, "GetCheckerIpRangesRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Empty request.

    " }, "GetCheckerIpRangesResponse":{ @@ -3046,8 +3043,7 @@ }, "GetHealthCheckCountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A request for the number of health checks that are associated with the current Amazon Web Services account.

    " }, "GetHealthCheckCountResponse":{ @@ -3135,8 +3131,7 @@ }, "GetHostedZoneCountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A request to retrieve a count of all the hosted zones that are associated with the current Amazon Web Services account.

    " }, "GetHostedZoneCountResponse":{ @@ -3310,8 +3305,7 @@ }, "GetTrafficPolicyInstanceCountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Request to get the number of traffic policy instances that are associated with the current Amazon Web Services account.

    " }, "GetTrafficPolicyInstanceCountResponse":{ @@ -5566,7 +5560,11 @@ "ca-west-1", "ap-southeast-5", "mx-central-1", - "ap-southeast-7" + "ap-southeast-7", + "us-gov-east-1", + "us-gov-west-1", + "ap-east-2", + "ap-southeast-6" ], "max":64, "min":1 @@ -6211,7 +6209,7 @@ }, "Disabled":{ "shape":"Disabled", - "documentation":"

    Stops Route 53 from performing health checks. When you disable a health check, here's what happens:

    • Health checks that check the health of endpoints: Route 53 stops submitting requests to your application, server, or other resource.

    • Calculated health checks: Route 53 stops aggregating the status of the referenced health checks.

    • Health checks that monitor CloudWatch alarms: Route 53 stops monitoring the corresponding CloudWatch metrics.

    After you disable a health check, Route 53 considers the status of the health check to always be healthy. If you configured DNS failover, Route 53 continues to route traffic to the corresponding resources. If you want to stop routing traffic to a resource, change the value of Inverted.

    Charges for a health check still apply when the health check is disabled. For more information, see Amazon Route 53 Pricing.

    " + "documentation":"

    Stops Route 53 from performing health checks. When you disable a health check, here's what happens:

    • Health checks that check the health of endpoints: Route 53 stops submitting requests to your application, server, or other resource.

    • Calculated health checks: Route 53 stops aggregating the status of the referenced health checks.

    • Health checks that monitor CloudWatch alarms: Route 53 stops monitoring the corresponding CloudWatch metrics.

    After you disable a health check, Route 53 considers the status of the health check to always be healthy. If you configured DNS failover, Route 53 continues to route traffic to the corresponding resources. Additionally, in disabled state, you can also invert the status of the health check to route traffic differently. For more information, see Inverted.

    Charges for a health check still apply when the health check is disabled. For more information, see Amazon Route 53 Pricing.

    " }, "HealthThreshold":{ "shape":"HealthThreshold", @@ -6447,7 +6445,13 @@ "ca-west-1", "ap-southeast-5", "mx-central-1", - "ap-southeast-7" + "us-isof-south-1", + "us-isof-east-1", + "ap-southeast-7", + "ap-east-2", + "eu-isoe-west-1", + "ap-southeast-6", + "us-isob-west-1" ], "max":64, "min":1 diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/service-2.json 2.31.35-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-cluster/2019-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"route53-recovery-cluster", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceFullName":"Route53 Recovery Cluster", "serviceId":"Route53 Recovery Cluster", "signatureVersion":"v4", "signingName":"route53-recovery-cluster", "targetPrefix":"ToggleCustomerAPI", - "uid":"route53-recovery-cluster-2019-12-02" + "uid":"route53-recovery-cluster-2019-12-02", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetRoutingControlState":{ @@ -395,8 +397,7 @@ }, "UpdateRoutingControlStateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRoutingControlStatesRequest":{ "type":"structure", @@ -414,8 +415,7 @@ }, "UpdateRoutingControlStatesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,161 +57,184 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://route53-recovery-control-config.us-west-2.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://route53-recovery-control-config-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://arc-recovery-control-config.us-west-2.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-west-2" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseDualStack" }, true ] @@ -219,123 +242,231 @@ ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53-recovery-control-config-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://route53-recovery-control-config-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53-recovery-control-config-fips.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53-recovery-control-config.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://route53-recovery-control-config.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" + "endpoint": { + "url": "https://route53-recovery-control-config.{PartitionResult#implicitGlobalRegion}.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] }, - "aws-global" - ] + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://route53-recovery-control-config.us-west-2.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "route53-recovery-control-config", - "signingRegion": "us-west-2" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://route53-recovery-control-config.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json 2.31.35-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -8,7 +8,10 @@ "protocol": "rest-json", "jsonVersion": "1.1", "uid": "route53-recovery-control-config-2020-11-02", - "signatureVersion": "v4" + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, "operations": { "CreateCluster": { @@ -781,6 +784,48 @@ ], "documentation": "

    Removes a tag from a resource.

    " }, + "UpdateCluster": { + "name": "UpdateCluster", + "http": { + "method": "PUT", + "requestUri": "/cluster", + "responseCode": 200 + }, + "input": { + "shape": "UpdateClusterRequest" + }, + "output": { + "shape": "UpdateClusterResponse", + "documentation": "

    200 response - Success.

    " + }, + "errors": [ + { + "shape": "ValidationException", + "documentation": "

    400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you used parameters together incorrectly.

    " + }, + { + "shape": "InternalServerException", + "documentation": "

    500 response - InternalServiceError. Temporary service error. Retry the request.

    " + }, + { + "shape": "AccessDeniedException", + "documentation": "

    403 response - AccessDeniedException. You do not have sufficient access to perform this action.

    " + }, + { + "shape": "ResourceNotFoundException", + "documentation": "

    404 response - MalformedQueryString. The query string contains a syntax error or resource not found.

    " + }, + { + "shape": "ThrottlingException", + "documentation": "

    429 response - LimitExceededException or TooManyRequestsException.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    409 response - ConflictException. You might be using a predefined variable.

    " + } + ], + "documentation": "

    Updates an existing cluster. You can only update the network type of a cluster.

    " + }, "UpdateControlPanel": { "name": "UpdateControlPanel", "http": { @@ -1006,6 +1051,10 @@ "Owner": { "shape": "__stringMin12Max12PatternD12", "documentation": "

    The Amazon Web Services account ID of the cluster owner.

    " + }, + "NetworkType": { + "shape": "NetworkType", + "documentation": "

    The network type of the cluster. NetworkType can be one of the following: IPV4, DUALSTACK.

    " } }, "documentation": "

    A set of five redundant Regional endpoints against which you can execute API calls to update or get the state of routing controls. You can host multiple control panels and routing controls on one cluster.

    " @@ -1090,6 +1139,10 @@ "Tags": { "shape": "__mapOf__stringMin0Max256PatternS", "documentation": "

    The tags associated with the cluster.

    " + }, + "NetworkType": { + "shape": "NetworkType", + "documentation": "

    The network type of the cluster. NetworkType can be one of the following: IPV4, DUALSTACK.

    " } }, "documentation": "

    Creates a cluster.

    ", @@ -1708,6 +1761,14 @@ "min": 1, "max": 1000 }, + "NetworkType": { + "type": "string", + "documentation": "

    The network type of a cluster. NetworkType can be one of the following:

    IPV4: Cluster endpoints support IPv4 only.

    DUALSTACK: Cluster endpoints support both IPv4 and IPv6.

    ", + "enum": [ + "IPV4", + "DUALSTACK" + ] + }, "NewAssertionRule": { "type": "structure", "members": { @@ -1960,6 +2021,33 @@ "type": "structure", "members": {} }, + "UpdateClusterRequest": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__stringMin1Max256PatternAZaZ09", + "documentation": "

    The Amazon Resource Name (ARN) of the cluster.

    " + }, + "NetworkType": { + "shape": "NetworkType", + "documentation": "

    The network type of the cluster. NetworkType can be one of the following: IPV4, DUALSTACK.

    " + } + }, + "documentation": "

    The details of the cluster that you're updating.

    ", + "required": [ + "ClusterArn", + "NetworkType" + ] + }, + "UpdateClusterResponse": { + "type": "structure", + "members": { + "Cluster": { + "shape": "Cluster", + "documentation": "

    The cluster that was updated.

    " + } + } + }, "UpdateControlPanelRequest": { "type": "structure", "members": { @@ -2193,4 +2281,4 @@ } }, "documentation": "

    Recovery Control Configuration API Reference for Amazon Route 53 Application Recovery Controller

    " -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json 2.31.35-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -8,7 +8,10 @@ "protocol": "rest-json", "jsonVersion": "1.1", "uid": "route53-recovery-readiness-2019-12-02", - "signatureVersion": "v4" + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, "operations": { "CreateCell": { @@ -2914,4 +2917,4 @@ } }, "documentation": "

    Recovery readiness

    " -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/route53domains/2014-05-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53domains/2014-05-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53domains/2014-05-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53domains/2014-05-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/route53domains/2014-05-15/service-2.json 2.31.35-1/awscli/botocore/data/route53domains/2014-05-15/service-2.json --- 2.23.6-1/awscli/botocore/data/route53domains/2014-05-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53domains/2014-05-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1113,8 +1113,7 @@ }, "DeleteTagsForDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableDomainAutoRenewRequest":{ "type":"structure", @@ -1128,8 +1127,7 @@ }, "DisableDomainAutoRenewResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableDomainTransferLockRequest":{ "type":"structure", @@ -1413,8 +1411,7 @@ }, "EnableDomainAutoRenewResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableDomainTransferLockRequest":{ "type":"structure", @@ -1493,7 +1490,10 @@ "UK_CONTACT_TYPE", "UK_COMPANY_NUMBER", "EU_COUNTRY_OF_CITIZENSHIP", - "AU_PRIORITY_TOKEN" + "AU_PRIORITY_TOKEN", + "AU_ELIGIBILITY_TYPE", + "AU_POLICY_REASON", + "AU_REGISTRANT_NAME" ] }, "ExtraParamValue":{ @@ -2663,8 +2663,7 @@ }, "UpdateTagsForDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Value":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/route53profiles/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53profiles/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53profiles/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53profiles/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/route53resolver/2018-04-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/route53resolver/2018-04-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/route53resolver/2018-04-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53resolver/2018-04-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/route53resolver/2018-04-01/service-2.json 2.31.35-1/awscli/botocore/data/route53resolver/2018-04-01/service-2.json --- 2.23.6-1/awscli/botocore/data/route53resolver/2018-04-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/route53resolver/2018-04-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1648,7 +1648,7 @@ }, "Direction":{ "shape":"ResolverEndpointDirection", - "documentation":"

    Specify the applicable value:

    • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network

    • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network

    " + "documentation":"

    Specify the applicable value:

    • INBOUND: Resolver forwards DNS queries to the DNS service for a VPC from your network.

    • OUTBOUND: Resolver forwards DNS queries from the DNS service for a VPC to your network.

    • INBOUND_DELEGATION: Resolver delegates queries to Route 53 private hosted zones from your network.

    " }, "IpAddresses":{ "shape":"IpAddressesRequest", @@ -1676,7 +1676,7 @@ }, "Protocols":{ "shape":"ProtocolList", - "documentation":"

    The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

    For an inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    ", + "documentation":"

    The protocols you want to use for the endpoint. DoH-FIPS is applicable for default inbound endpoints only.

    For a default inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For a delegation inbound endpoint you can use Do53 only.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    ", "box":true } } @@ -1744,7 +1744,7 @@ }, "RuleType":{ "shape":"RuleTypeOption", - "documentation":"

    When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

    When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

    For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

    Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

    " + "documentation":"

    When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD or DELEGATE.

    When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

    For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

    Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

    " }, "DomainName":{ "shape":"DomainName", @@ -1765,6 +1765,11 @@ "shape":"TagList", "documentation":"

    A list of the tag keys and values that you want to associate with the endpoint.

    ", "box":true + }, + "DelegationRecord":{ + "shape":"DelegationRecord", + "documentation":"

    DNS queries with the delegation records that match this domain name are forwarded to the resolvers on your network.

    ", + "box":true } } }, @@ -1782,6 +1787,11 @@ "max":255, "min":1 }, + "DelegationRecord":{ + "type":"string", + "max":256, + "min":1 + }, "DeleteFirewallDomainListRequest":{ "type":"structure", "required":["FirewallDomainListId"], @@ -2934,7 +2944,8 @@ "DELETING", "DELETE_FAILED_FAS_EXPIRED", "UPDATING", - "UPDATE_FAILED" + "UPDATE_FAILED", + "ISOLATED" ] }, "IpAddressUpdate":{ @@ -3812,7 +3823,7 @@ }, "ResourceId":{ "shape":"ResourceId", - "documentation":"

    The ID of the Amazon Virtual Private Cloud VPC that you're configuring Resolver for.

    " + "documentation":"

    The ID of the Amazon Virtual Private Cloud VPC or a Route 53 Profile that you're configuring Resolver for.

    " }, "OwnerId":{ "shape":"AccountId", @@ -3891,7 +3902,7 @@ }, "Direction":{ "shape":"ResolverEndpointDirection", - "documentation":"

    Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

    • INBOUND: allows DNS queries to your VPC from your network

    • OUTBOUND: allows DNS queries from your VPC to your network

    " + "documentation":"

    Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:

    • INBOUND: allows DNS queries to your VPC from your network

    • OUTBOUND: allows DNS queries from your VPC to your network

    • INBOUND_DELEGATION: Resolver delegates queries to Route 53 private hosted zones from your network.

    " }, "IpAddressCount":{ "shape":"IpAddressCount", @@ -3931,7 +3942,7 @@ }, "Protocols":{ "shape":"ProtocolList", - "documentation":"

    Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

    For an inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    " + "documentation":"

    Protocols used for the endpoint. DoH-FIPS is applicable for a default inbound endpoints only.

    For an inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For a delegation inbound endpoint you can use Do53 only.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    " } }, "documentation":"

    In the response to a CreateResolverEndpoint, DeleteResolverEndpoint, GetResolverEndpoint, Updates the name, or ResolverEndpointType for an endpoint, or UpdateResolverEndpoint request, a complex type that contains settings for an existing inbound or outbound Resolver endpoint.

    " @@ -3940,7 +3951,8 @@ "type":"string", "enum":[ "INBOUND", - "OUTBOUND" + "OUTBOUND", + "INBOUND_DELEGATION" ] }, "ResolverEndpointStatus":{ @@ -4122,7 +4134,7 @@ }, "RuleType":{ "shape":"RuleTypeOption", - "documentation":"

    When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD.

    When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

    For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

    Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

    " + "documentation":"

    When you want to forward DNS queries for specified domain name to resolvers on your network, specify FORWARD or DELEGATE. If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com).

    When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify SYSTEM.

    For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify FORWARD for RuleType. To then have Resolver process queries for apex.example.com, you create a rule and specify SYSTEM for RuleType.

    Currently, only Resolver can create rules that have a value of RECURSIVE for RuleType.

    " }, "Name":{ "shape":"Name", @@ -4151,6 +4163,10 @@ "ModificationTime":{ "shape":"Rfc3339TimeString", "documentation":"

    The date and time that the Resolver rule was last updated, in Unix time format and Coordinated Universal Time (UTC).

    " + }, + "DelegationRecord":{ + "shape":"DelegationRecord", + "documentation":"

    DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.

    " } }, "documentation":"

    For queries that originate in your VPC, detailed information about a Resolver rule, which specifies how to route DNS queries out of the VPC. The ResolverRule parameter appears in the response to a CreateResolverRule, DeleteResolverRule, GetResolverRule, ListResolverRules, or UpdateResolverRule request.

    " @@ -4297,7 +4313,8 @@ "enum":[ "FORWARD", "SYSTEM", - "RECURSIVE" + "RECURSIVE", + "DELEGATE" ] }, "SecurityGroupIds":{ @@ -4404,8 +4421,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4484,8 +4500,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateFirewallConfigRequest":{ "type":"structure", @@ -4740,7 +4755,7 @@ "members":{ "ResourceId":{ "shape":"ResourceId", - "documentation":"

    Resource ID of the Amazon VPC that you want to update the Resolver configuration for.

    " + "documentation":"

    The ID of the Amazon Virtual Private Cloud VPC or a Route 53 Profile that you're configuring Resolver for.

    " }, "AutodefinedReverseFlag":{ "shape":"AutodefinedReverseFlag", @@ -4808,7 +4823,7 @@ }, "Protocols":{ "shape":"ProtocolList", - "documentation":"

    The protocols you want to use for the endpoint. DoH-FIPS is applicable for inbound endpoints only.

    For an inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    You can't change the protocol of an inbound endpoint directly from only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming traffic that relies on Do53. To change the protocol from Do53 to DoH, or DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming traffic has transferred to using the DoH protocol, or DoH-FIPS, and then remove the Do53.

    ", + "documentation":"

    The protocols you want to use for the endpoint. DoH-FIPS is applicable for default inbound endpoints only.

    For a default inbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 and DoH-FIPS in combination.

    • Do53 alone.

    • DoH alone.

    • DoH-FIPS alone.

    • None, which is treated as Do53.

    For a delegation inbound endpoint you can use Do53 only.

    For an outbound endpoint you can apply the protocols as follows:

    • Do53 and DoH in combination.

    • Do53 alone.

    • DoH alone.

    • None, which is treated as Do53.

    You can't change the protocol of an inbound endpoint directly from only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden disruption to incoming traffic that relies on Do53. To change the protocol from Do53 to DoH, or DoH-FIPS, you must first enable both Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming traffic has transferred to using the DoH protocol, or DoH-FIPS, and then remove the Do53.

    ", "box":true } } diff -pruN 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,344 @@ +{ + "version": "1.0", + "parameters": { + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rtbfabric-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rtbfabric-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://rtbfabric.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://rtbfabric.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/paginators-1.json 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListLinks": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "links" + }, + "ListRequesterGateways": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "gatewayIds" + }, + "ListResponderGateways": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "gatewayIds" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/service-2.json 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/service-2.json --- 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,2843 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2023-05-15", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"rtbfabric", + "jsonVersion":"1.1", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceAbbreviation":"RTBFabric", + "serviceFullName":"RTBFabric", + "serviceId":"RTBFabric", + "signatureVersion":"v4", + "signingName":"rtbfabric", + "uid":"rtbfabric-2023-05-15" + }, + "operations":{ + "AcceptLink":{ + "name":"AcceptLink", + "http":{ + "method":"POST", + "requestUri":"/gateway/{gatewayId}/link/{linkId}/accept", + "responseCode":200 + }, + "input":{"shape":"AcceptLinkRequest"}, + "output":{"shape":"AcceptLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Accepts a link request between gateways.

    When a requester gateway requests to link with a responder gateway, the responder can use this operation to accept the link request and establish the connection.

    ", + "idempotent":true + }, + "CreateInboundExternalLink":{ + "name":"CreateInboundExternalLink", + "http":{ + "method":"POST", + "requestUri":"/responder-gateway/{gatewayId}/inbound-external-link", + "responseCode":200 + }, + "input":{"shape":"CreateInboundExternalLinkRequest"}, + "output":{"shape":"CreateInboundExternalLinkResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates an inbound external link.

    ", + "idempotent":true + }, + "CreateLink":{ + "name":"CreateLink", + "http":{ + "method":"POST", + "requestUri":"/gateway/{gatewayId}/create-link", + "responseCode":200 + }, + "input":{"shape":"CreateLinkRequest"}, + "output":{"shape":"CreateLinkResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates a new link between gateways.

    Establishes a connection that allows gateways to communicate and exchange bid requests and responses.

    ", + "idempotent":true + }, + "CreateOutboundExternalLink":{ + "name":"CreateOutboundExternalLink", + "http":{ + "method":"POST", + "requestUri":"/requester-gateway/{gatewayId}/outbound-external-link", + "responseCode":200 + }, + "input":{"shape":"CreateOutboundExternalLinkRequest"}, + "output":{"shape":"CreateOutboundExternalLinkResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates an outbound external link.

    ", + "idempotent":true + }, + "CreateRequesterGateway":{ + "name":"CreateRequesterGateway", + "http":{ + "method":"POST", + "requestUri":"/requester-gateway", + "responseCode":200 + }, + "input":{"shape":"CreateRequesterGatewayRequest"}, + "output":{"shape":"CreateRequesterGatewayResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates a requester gateway.

    ", + "idempotent":true + }, + "CreateResponderGateway":{ + "name":"CreateResponderGateway", + "http":{ + "method":"POST", + "requestUri":"/responder-gateway", + "responseCode":200 + }, + "input":{"shape":"CreateResponderGatewayRequest"}, + "output":{"shape":"CreateResponderGatewayResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Creates a responder gateway.

    A domain name or managed endpoint is required.

    ", + "idempotent":true + }, + "DeleteInboundExternalLink":{ + "name":"DeleteInboundExternalLink", + "http":{ + "method":"DELETE", + "requestUri":"/responder-gateway/{gatewayId}/inbound-external-link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"DeleteInboundExternalLinkRequest"}, + "output":{"shape":"DeleteInboundExternalLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes an inbound external link.

    ", + "idempotent":true + }, + "DeleteLink":{ + "name":"DeleteLink", + "http":{ + "method":"DELETE", + "requestUri":"/gateway/{gatewayId}/link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"DeleteLinkRequest"}, + "output":{"shape":"DeleteLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes a link between gateways.

    Permanently removes the connection between gateways. This action cannot be undone.

    ", + "idempotent":true + }, + "DeleteOutboundExternalLink":{ + "name":"DeleteOutboundExternalLink", + "http":{ + "method":"DELETE", + "requestUri":"/requester-gateway/{gatewayId}/outbound-external-link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"DeleteOutboundExternalLinkRequest"}, + "output":{"shape":"DeleteOutboundExternalLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes an outbound external link.

    ", + "idempotent":true + }, + "DeleteRequesterGateway":{ + "name":"DeleteRequesterGateway", + "http":{ + "method":"DELETE", + "requestUri":"/requester-gateway/{gatewayId}", + "responseCode":200 + }, + "input":{"shape":"DeleteRequesterGatewayRequest"}, + "output":{"shape":"DeleteRequesterGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes a requester gateway.

    ", + "idempotent":true + }, + "DeleteResponderGateway":{ + "name":"DeleteResponderGateway", + "http":{ + "method":"DELETE", + "requestUri":"/responder-gateway/{gatewayId}", + "responseCode":200 + }, + "input":{"shape":"DeleteResponderGatewayRequest"}, + "output":{"shape":"DeleteResponderGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Deletes a responder gateway.

    ", + "idempotent":true + }, + "GetInboundExternalLink":{ + "name":"GetInboundExternalLink", + "http":{ + "method":"GET", + "requestUri":"/responder-gateway/{gatewayId}/inbound-external-link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"GetInboundExternalLinkRequest"}, + "output":{"shape":"GetInboundExternalLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about an inbound external link.

    ", + "readonly":true + }, + "GetLink":{ + "name":"GetLink", + "http":{ + "method":"GET", + "requestUri":"/gateway/{gatewayId}/link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"GetLinkRequest"}, + "output":{"shape":"GetLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about a link between gateways.

    Returns detailed information about the link configuration, status, and associated gateways.

    ", + "readonly":true + }, + "GetOutboundExternalLink":{ + "name":"GetOutboundExternalLink", + "http":{ + "method":"GET", + "requestUri":"/requester-gateway/{gatewayId}/outbound-external-link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"GetOutboundExternalLinkRequest"}, + "output":{"shape":"GetOutboundExternalLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about an outbound external link.

    ", + "readonly":true + }, + "GetRequesterGateway":{ + "name":"GetRequesterGateway", + "http":{ + "method":"GET", + "requestUri":"/requester-gateway/{gatewayId}", + "responseCode":200 + }, + "input":{"shape":"GetRequesterGatewayRequest"}, + "output":{"shape":"GetRequesterGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about a requester gateway.

    ", + "readonly":true + }, + "GetResponderGateway":{ + "name":"GetResponderGateway", + "http":{ + "method":"GET", + "requestUri":"/responder-gateway/{gatewayId}", + "responseCode":200 + }, + "input":{"shape":"GetResponderGatewayRequest"}, + "output":{"shape":"GetResponderGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves information about a responder gateway.

    ", + "readonly":true + }, + "ListLinks":{ + "name":"ListLinks", + "http":{ + "method":"GET", + "requestUri":"/gateway/{gatewayId}/links/", + "responseCode":200 + }, + "input":{"shape":"ListLinksRequest"}, + "output":{"shape":"ListLinksResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Lists links associated with gateways.

    Returns a list of all links for the specified gateways, including their status and configuration details.

    ", + "readonly":true + }, + "ListRequesterGateways":{ + "name":"ListRequesterGateways", + "http":{ + "method":"GET", + "requestUri":"/requester-gateways", + "responseCode":200 + }, + "input":{"shape":"ListRequesterGatewaysRequest"}, + "output":{"shape":"ListRequesterGatewaysResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Lists requester gateways.

    ", + "readonly":true + }, + "ListResponderGateways":{ + "name":"ListResponderGateways", + "http":{ + "method":"GET", + "requestUri":"/responder-gateways", + "responseCode":200 + }, + "input":{"shape":"ListResponderGatewaysRequest"}, + "output":{"shape":"ListResponderGatewaysResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Lists reponder gateways.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tags/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Lists tags for a resource.

    ", + "readonly":true + }, + "RejectLink":{ + "name":"RejectLink", + "http":{ + "method":"POST", + "requestUri":"/gateway/{gatewayId}/link/{linkId}/reject", + "responseCode":200 + }, + "input":{"shape":"RejectLinkRequest"}, + "output":{"shape":"RejectLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Rejects a link request between gateways.

    When a requester gateway requests to link with a responder gateway, the responder can use this operation to decline the link request.

    ", + "idempotent":true + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tags/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Assigns one or more tags (key-value pairs) to the specified resource.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Removes a tag or tags from a resource.

    ", + "idempotent":true + }, + "UpdateLink":{ + "name":"UpdateLink", + "http":{ + "method":"PATCH", + "requestUri":"/gateway/{gatewayId}/link/{linkId}", + "responseCode":200 + }, + "input":{"shape":"UpdateLinkRequest"}, + "output":{"shape":"UpdateLinkResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates the configuration of a link between gateways.

    Allows you to modify settings and parameters for an existing link.

    ", + "idempotent":true + }, + "UpdateLinkModuleFlow":{ + "name":"UpdateLinkModuleFlow", + "http":{ + "method":"POST", + "requestUri":"/gateway/{gatewayId}/link/{linkId}/module-flow", + "responseCode":200 + }, + "input":{"shape":"UpdateLinkModuleFlowRequest"}, + "output":{"shape":"UpdateLinkModuleFlowResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates a link module flow.

    ", + "idempotent":true + }, + "UpdateRequesterGateway":{ + "name":"UpdateRequesterGateway", + "http":{ + "method":"POST", + "requestUri":"/requester-gateway/{gatewayId}/update", + "responseCode":200 + }, + "input":{"shape":"UpdateRequesterGatewayRequest"}, + "output":{"shape":"UpdateRequesterGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates a requester gateway.

    ", + "idempotent":true + }, + "UpdateResponderGateway":{ + "name":"UpdateResponderGateway", + "http":{ + "method":"POST", + "requestUri":"/responder-gateway/{gatewayId}/update", + "responseCode":200 + }, + "input":{"shape":"UpdateResponderGatewayRequest"}, + "output":{"shape":"UpdateResponderGatewayResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates a responder gateway.

    ", + "idempotent":true + } + }, + "shapes":{ + "AcceptLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "logSettings" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "logSettings":{ + "shape":"LinkLogSettings", + "documentation":"

    Settings for the application logs.

    " + } + } + }, + "AcceptLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "status", + "createdAt", + "updatedAt", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was updated.

    " + }, + "direction":{ + "shape":"LinkDirection", + "documentation":"

    The direction of the link.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + } + } + }, + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because you do not have sufficient access to perform this action.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "Action":{ + "type":"structure", + "members":{ + "noBid":{ + "shape":"NoBidAction", + "documentation":"

    Describes a no bid action.

    " + }, + "headerTag":{ + "shape":"HeaderTagAction", + "documentation":"

    Describes the header tag for a bid action.

    " + } + }, + "documentation":"

    Describes a bid action.

    ", + "union":true + }, + "AutoScalingGroupName":{"type":"string"}, + "AutoScalingGroupNameList":{ + "type":"list", + "member":{"shape":"AutoScalingGroupName"} + }, + "AutoScalingGroupsConfiguration":{ + "type":"structure", + "required":[ + "autoScalingGroupNames", + "roleArn" + ], + "members":{ + "autoScalingGroupNames":{ + "shape":"AutoScalingGroupNameList", + "documentation":"

    The names of the auto scaling group.

    " + }, + "roleArn":{ + "shape":"String", + "documentation":"

    The role ARN of the auto scaling group.

    " + } + }, + "documentation":"

    Describes the configuration of an auto scaling group.

    " + }, + "Base64EncodedCertificateChain":{ + "type":"string", + "max":2097152, + "min":1, + "sensitive":true + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CertificateAuthorityCertificates":{ + "type":"list", + "member":{"shape":"Base64EncodedCertificateChain"}, + "max":2, + "min":0 + }, + "ConflictException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because of a conflict in the current state of the resource.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateInboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "clientToken", + "gatewayId", + "logSettings" + ], + "members":{ + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "logSettings":{"shape":"LinkLogSettings"}, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + } + }, + "CreateInboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "status", + "domainName" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name.

    " + } + } + }, + "CreateLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "logSettings" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "httpResponderAllowed":{ + "shape":"Boolean", + "documentation":"

    Boolean to specify if an HTTP responder is allowed.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + }, + "logSettings":{ + "shape":"LinkLogSettings", + "documentation":"

    Settings for the application logs.

    " + } + } + }, + "CreateLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "status", + "createdAt", + "updatedAt", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was updated.

    " + }, + "direction":{ + "shape":"LinkDirection", + "documentation":"

    The direction of the link.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "customerProvidedId":{ + "shape":"CreateLinkResponseCustomerProvidedIdString", + "documentation":"

    The customer-provided unique identifier of the link.

    " + } + } + }, + "CreateLinkResponseCustomerProvidedIdString":{ + "type":"string", + "pattern":"[a-zA-Z0-9_-]{5,50}" + }, + "CreateOutboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "clientToken", + "gatewayId", + "publicEndpoint", + "logSettings" + ], + "members":{ + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "attributes":{"shape":"LinkAttributes"}, + "publicEndpoint":{ + "shape":"URL", + "documentation":"

    The public endpoint of the link.

    " + }, + "logSettings":{"shape":"LinkLogSettings"}, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + } + }, + "CreateOutboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "CreateRequesterGatewayRequest":{ + "type":"structure", + "required":[ + "vpcId", + "subnetIds", + "securityGroupIds", + "clientToken" + ], + "members":{ + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the Virtual Private Cloud (VPC).

    " + }, + "subnetIds":{ + "shape":"CreateRequesterGatewayRequestSubnetIdsList", + "documentation":"

    The unique identifiers of the subnets.

    " + }, + "securityGroupIds":{ + "shape":"CreateRequesterGatewayRequestSecurityGroupIdsList", + "documentation":"

    The unique identifiers of the security groups.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "description":{ + "shape":"CreateRequesterGatewayRequestDescriptionString", + "documentation":"

    An optional description for the requester gateway.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + } + }, + "CreateRequesterGatewayRequestDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "CreateRequesterGatewayRequestSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "min":1 + }, + "CreateRequesterGatewayRequestSubnetIdsList":{ + "type":"list", + "member":{"shape":"SubnetId"}, + "min":1 + }, + "CreateRequesterGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "domainName", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name of the requester gateway.

    " + }, + "status":{ + "shape":"RequesterGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "CreateResponderGatewayRequest":{ + "type":"structure", + "required":[ + "vpcId", + "subnetIds", + "securityGroupIds", + "port", + "protocol", + "clientToken" + ], + "members":{ + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the Virtual Private Cloud (VPC).

    " + }, + "subnetIds":{ + "shape":"CreateResponderGatewayRequestSubnetIdsList", + "documentation":"

    The unique identifiers of the subnets.

    " + }, + "securityGroupIds":{ + "shape":"CreateResponderGatewayRequestSecurityGroupIdsList", + "documentation":"

    The unique identifiers of the security groups.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name for the responder gateway.

    " + }, + "port":{ + "shape":"CreateResponderGatewayRequestPortInteger", + "documentation":"

    The networking port to use.

    " + }, + "protocol":{ + "shape":"Protocol", + "documentation":"

    The networking protocol to use.

    " + }, + "trustStoreConfiguration":{ + "shape":"TrustStoreConfiguration", + "documentation":"

    The configuration of the trust store.

    " + }, + "managedEndpointConfiguration":{ + "shape":"ManagedEndpointConfiguration", + "documentation":"

    The configuration for the managed endpoint.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "description":{ + "shape":"CreateResponderGatewayRequestDescriptionString", + "documentation":"

    An optional description for the responder gateway.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + } + }, + "CreateResponderGatewayRequestDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "CreateResponderGatewayRequestPortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":1 + }, + "CreateResponderGatewayRequestSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "min":1 + }, + "CreateResponderGatewayRequestSubnetIdsList":{ + "type":"list", + "member":{"shape":"SubnetId"}, + "min":1 + }, + "CreateResponderGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "status":{ + "shape":"ResponderGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "CustomerProvidedId":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9_-]+" + }, + "DeleteInboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "DeleteInboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "linkId", + "status" + ], + "members":{ + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "DeleteLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "DeleteLinkResponse":{ + "type":"structure", + "required":[ + "linkId", + "status" + ], + "members":{ + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the link.

    " + } + } + }, + "DeleteOutboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "DeleteOutboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "linkId", + "status" + ], + "members":{ + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "DeleteRequesterGatewayRequest":{ + "type":"structure", + "required":["gatewayId"], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + } + } + }, + "DeleteRequesterGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "status":{ + "shape":"RequesterGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "DeleteResponderGatewayRequest":{ + "type":"structure", + "required":["gatewayId"], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + } + } + }, + "DeleteResponderGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "status":{ + "shape":"ResponderGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "DomainName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"(?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?)(?:\\.(?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?))+" + }, + "EksEndpointsConfiguration":{ + "type":"structure", + "required":[ + "endpointsResourceName", + "endpointsResourceNamespace", + "clusterApiServerEndpointUri", + "clusterApiServerCaCertificateChain", + "clusterName", + "roleArn" + ], + "members":{ + "endpointsResourceName":{ + "shape":"KubernetesEndpointsResourceName", + "documentation":"

    The name of the endpoint resource.

    " + }, + "endpointsResourceNamespace":{ + "shape":"KubernetesNamespace", + "documentation":"

    The namespace of the endpoint resource.

    " + }, + "clusterApiServerEndpointUri":{ + "shape":"URI", + "documentation":"

    The URI of the cluster API server endpoint.

    " + }, + "clusterApiServerCaCertificateChain":{ + "shape":"Base64EncodedCertificateChain", + "documentation":"

    The CA certificate chain of the cluster API server.

    " + }, + "clusterName":{ + "shape":"KubernetesClusterName", + "documentation":"

    The name of the cluster.

    " + }, + "roleArn":{ + "shape":"String", + "documentation":"

    The role ARN for the cluster.

    " + } + }, + "documentation":"

    Describes the configuration of an Amazon Elastic Kubernetes Service endpoint.

    " + }, + "Filter":{ + "type":"structure", + "required":["criteria"], + "members":{ + "criteria":{ + "shape":"FilterCriteria", + "documentation":"

    Describes the criteria for a filter.

    " + } + }, + "documentation":"

    Describes the configuration of a filter.

    " + }, + "FilterConfiguration":{ + "type":"list", + "member":{"shape":"Filter"} + }, + "FilterCriteria":{ + "type":"list", + "member":{"shape":"FilterCriterion"} + }, + "FilterCriterion":{ + "type":"structure", + "required":[ + "path", + "values" + ], + "members":{ + "path":{ + "shape":"String", + "documentation":"

    The path to filter.

    " + }, + "values":{ + "shape":"FilterCriterionValuesList", + "documentation":"

    The value to filter.

    " + } + }, + "documentation":"

    Describes the criteria for a filter.

    " + }, + "FilterCriterionValuesList":{ + "type":"list", + "member":{"shape":"String"}, + "min":1 + }, + "FilterType":{ + "type":"string", + "enum":[ + "INCLUDE", + "EXCLUDE" + ] + }, + "Float":{ + "type":"float", + "box":true + }, + "FlowModuleName":{ + "type":"string", + "max":255, + "min":0, + "pattern":"[A-Za-z0-9 -]+" + }, + "FlowModuleNameList":{ + "type":"list", + "member":{"shape":"FlowModuleName"} + }, + "GatewayId":{ + "type":"string", + "pattern":"rtb-gw-[a-z0-9-]{1,25}" + }, + "GatewayIdList":{ + "type":"list", + "member":{"shape":"GatewayId"} + }, + "GetInboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "GetInboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "status", + "domainName" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the inbound external link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the inbound external link was updated.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + }, + "logSettings":{"shape":"LinkLogSettings"} + } + }, + "GetLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "GetLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "status", + "createdAt", + "updatedAt", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was updated.

    " + }, + "direction":{ + "shape":"LinkDirection", + "documentation":"

    The direction of the link.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + }, + "logSettings":{ + "shape":"LinkLogSettings", + "documentation":"

    Settings for the application logs.

    " + } + } + }, + "GetOutboundExternalLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "GetOutboundExternalLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "status", + "publicEndpoint" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + }, + "publicEndpoint":{ + "shape":"URL", + "documentation":"

    The public endpoint for the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the outbound external link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the outbound external link was updated.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + }, + "logSettings":{"shape":"LinkLogSettings"} + } + }, + "GetRequesterGatewayRequest":{ + "type":"structure", + "required":["gatewayId"], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + } + } + }, + "GetRequesterGatewayResponse":{ + "type":"structure", + "required":[ + "status", + "domainName", + "vpcId", + "subnetIds", + "securityGroupIds", + "gatewayId" + ], + "members":{ + "status":{ + "shape":"RequesterGatewayStatus", + "documentation":"

    The status of the request.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name of the requester gateway.

    " + }, + "description":{ + "shape":"GetRequesterGatewayResponseDescriptionString", + "documentation":"

    The description of the requester gateway.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the requester gateway was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the requester gateway was updated.

    " + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the Virtual Private Cloud (VPC).

    " + }, + "subnetIds":{ + "shape":"GetRequesterGatewayResponseSubnetIdsList", + "documentation":"

    The unique identifiers of the subnets.

    " + }, + "securityGroupIds":{ + "shape":"GetRequesterGatewayResponseSecurityGroupIdsList", + "documentation":"

    The unique identifiers of the security groups.

    " + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + }, + "activeLinksCount":{ + "shape":"Integer", + "documentation":"

    The count of active links for the requester gateway.

    " + }, + "totalLinksCount":{ + "shape":"Integer", + "documentation":"

    The total count of links for the requester gateway.

    " + } + } + }, + "GetRequesterGatewayResponseDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "GetRequesterGatewayResponseSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "min":1 + }, + "GetRequesterGatewayResponseSubnetIdsList":{ + "type":"list", + "member":{"shape":"SubnetId"}, + "min":1 + }, + "GetResponderGatewayRequest":{ + "type":"structure", + "required":["gatewayId"], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + } + } + }, + "GetResponderGatewayResponse":{ + "type":"structure", + "required":[ + "vpcId", + "subnetIds", + "securityGroupIds", + "status", + "port", + "protocol", + "gatewayId" + ], + "members":{ + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The unique identifier of the Virtual Private Cloud (VPC).

    " + }, + "subnetIds":{ + "shape":"GetResponderGatewayResponseSubnetIdsList", + "documentation":"

    The unique identifiers of the subnets.

    " + }, + "securityGroupIds":{ + "shape":"GetResponderGatewayResponseSecurityGroupIdsList", + "documentation":"

    The unique identifiers of the security groups.

    " + }, + "status":{ + "shape":"ResponderGatewayStatus", + "documentation":"

    The status of the request.

    " + }, + "description":{ + "shape":"GetResponderGatewayResponseDescriptionString", + "documentation":"

    The description of the responder gateway.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the responder gateway was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the responder gateway was updated.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name of the responder gateway.

    " + }, + "port":{ + "shape":"GetResponderGatewayResponsePortInteger", + "documentation":"

    The networking port.

    " + }, + "protocol":{ + "shape":"Protocol", + "documentation":"

    The networking protocol.

    " + }, + "trustStoreConfiguration":{ + "shape":"TrustStoreConfiguration", + "documentation":"

    The configuration of the trust store.

    " + }, + "managedEndpointConfiguration":{ + "shape":"ManagedEndpointConfiguration", + "documentation":"

    The configuration of the managed endpoint.

    " + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + }, + "activeLinksCount":{ + "shape":"Integer", + "documentation":"

    The count of active links for the responder gateway.

    " + }, + "totalLinksCount":{ + "shape":"Integer", + "documentation":"

    The total count of links for the responder gateway.

    " + }, + "inboundLinksCount":{ + "shape":"Integer", + "documentation":"

    The count of inbound links for the responder gateway.

    " + } + } + }, + "GetResponderGatewayResponseDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "GetResponderGatewayResponsePortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":1 + }, + "GetResponderGatewayResponseSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"SecurityGroupId"}, + "min":1 + }, + "GetResponderGatewayResponseSubnetIdsList":{ + "type":"list", + "member":{"shape":"SubnetId"}, + "min":1 + }, + "HeaderTagAction":{ + "type":"structure", + "required":[ + "name", + "value" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

    The name of the bid action.

    " + }, + "value":{ + "shape":"String", + "documentation":"

    The value of the bid action.

    " + } + }, + "documentation":"

    Describes the header tag for a bid action.

    " + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because of an internal server error. Try your call again.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "KubernetesClusterName":{ + "type":"string", + "pattern":"[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]" + }, + "KubernetesEndpointsResourceName":{ + "type":"string", + "pattern":"[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]" + }, + "KubernetesNamespace":{ + "type":"string", + "pattern":"[A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]" + }, + "LinkApplicationLogConfiguration":{ + "type":"structure", + "required":["sampling"], + "members":{ + "sampling":{ + "shape":"LinkApplicationLogSampling", + "documentation":"

    Describes a link application log sample.

    " + } + }, + "documentation":"

    Describes the configuration of a link application log.

    " + }, + "LinkApplicationLogSampling":{ + "type":"structure", + "required":[ + "errorLog", + "filterLog" + ], + "members":{ + "errorLog":{ + "shape":"LinkApplicationLogSamplingErrorLogDouble", + "documentation":"

    An error log entry.

    " + }, + "filterLog":{ + "shape":"LinkApplicationLogSamplingFilterLogDouble", + "documentation":"

    A filter log entry.

    " + } + }, + "documentation":"

    Describes a link application log sample.

    " + }, + "LinkApplicationLogSamplingErrorLogDouble":{ + "type":"double", + "box":true, + "max":100.0, + "min":0.0 + }, + "LinkApplicationLogSamplingFilterLogDouble":{ + "type":"double", + "box":true, + "max":100.0, + "min":0.0 + }, + "LinkAttributes":{ + "type":"structure", + "members":{ + "responderErrorMasking":{ + "shape":"ResponderErrorMasking", + "documentation":"

    Describes the masking for HTTP error codes.

    " + }, + "customerProvidedId":{ + "shape":"CustomerProvidedId", + "documentation":"

    The customer-provided unique identifier of the link.

    " + } + }, + "documentation":"

    Describes the attributes of a link.

    " + }, + "LinkDirection":{ + "type":"string", + "enum":[ + "RESPONSE", + "REQUEST" + ] + }, + "LinkId":{ + "type":"string", + "pattern":"link-[a-z0-9-]{1,25}" + }, + "LinkList":{ + "type":"list", + "member":{"shape":"ListLinksResponseStructure"} + }, + "LinkLogSettings":{ + "type":"structure", + "required":["applicationLogs"], + "members":{ + "applicationLogs":{ + "shape":"LinkApplicationLogConfiguration", + "documentation":"

    Describes the configuration of a link application log.

    " + } + }, + "documentation":"

    Describes the settings for a link log.

    " + }, + "LinkStatus":{ + "type":"string", + "enum":[ + "PENDING_CREATION", + "PENDING_REQUEST", + "REQUESTED", + "ACCEPTED", + "ACTIVE", + "REJECTED", + "FAILED", + "PENDING_DELETION", + "DELETED", + "PENDING_UPDATE", + "PENDING_ISOLATION", + "ISOLATED", + "PENDING_RESTORATION" + ] + }, + "ListLinksRequest":{ + "type":"structure", + "required":["gatewayId"], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"Integer", + "documentation":"

    The maximum number of results that are returned per call. You can use nextToken to obtain further pages of results.

    This is only an upper limit. The actual number of results returned per call might be fewer than the specified maximum.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListLinksResponse":{ + "type":"structure", + "members":{ + "links":{ + "shape":"LinkList", + "documentation":"

    Information about created links.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    " + } + } + }, + "ListLinksResponseStructure":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "status", + "createdAt", + "updatedAt", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was updated.

    " + }, + "direction":{ + "shape":"LinkDirection", + "documentation":"

    The direction of the link.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    Describes the configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    Describes the configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Describes attributes of a link.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + }, + "documentation":"

    Describes a link.

    " + }, + "ListRequesterGatewaysRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListRequesterGatewaysRequestMaxResultsInteger", + "documentation":"

    The maximum number of results that are returned per call. You can use nextToken to obtain further pages of results.

    This is only an upper limit. The actual number of results returned per call might be fewer than the specified maximum.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListRequesterGatewaysRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "ListRequesterGatewaysResponse":{ + "type":"structure", + "members":{ + "gatewayIds":{ + "shape":"GatewayIdList", + "documentation":"

    The unique identifier of the gateways.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    " + } + } + }, + "ListResponderGatewaysRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListResponderGatewaysRequestMaxResultsInteger", + "documentation":"

    The maximum number of results that are returned per call. You can use nextToken to obtain further pages of results.

    This is only an upper limit. The actual number of results returned per call might be fewer than the specified maximum.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    ", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListResponderGatewaysRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":1 + }, + "ListResponderGatewaysResponse":{ + "type":"structure", + "members":{ + "gatewayIds":{ + "shape":"GatewayIdList", + "documentation":"

    The unique identifier of the gateways.

    " + }, + "nextToken":{ + "shape":"String", + "documentation":"

    If nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. Using an expired pagination token will return an HTTP 400 InvalidToken error.

    " + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"RtbTaggableResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource for which you want to retrieve tags.

    ", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs for the tag or tags assigned to the specified resource.

    " + } + } + }, + "ManagedEndpointConfiguration":{ + "type":"structure", + "members":{ + "autoScalingGroups":{ + "shape":"AutoScalingGroupsConfiguration", + "documentation":"

    Describes the configuration of an auto scaling group.

    " + }, + "eksEndpoints":{ + "shape":"EksEndpointsConfiguration", + "documentation":"

    Describes the configuration of an Amazon Elastic Kubernetes Service endpoint.

    " + } + }, + "documentation":"

    Describes the configuration of a managed endpoint.

    ", + "union":true + }, + "ModuleConfiguration":{ + "type":"structure", + "required":["name"], + "members":{ + "version":{ + "shape":"Version", + "documentation":"

    The version of the module.

    " + }, + "name":{ + "shape":"FlowModuleName", + "documentation":"

    The name of the module.

    " + }, + "dependsOn":{ + "shape":"FlowModuleNameList", + "documentation":"

    The dependencies of the module.

    " + }, + "moduleParameters":{ + "shape":"ModuleParameters", + "documentation":"

    Describes the parameters of a module.

    " + } + }, + "documentation":"

    Describes the configuration of a module.

    " + }, + "ModuleConfigurationList":{ + "type":"list", + "member":{"shape":"ModuleConfiguration"} + }, + "ModuleParameters":{ + "type":"structure", + "members":{ + "noBid":{ + "shape":"NoBidModuleParameters", + "documentation":"

    Describes the parameters of a no bid module.

    " + }, + "openRtbAttribute":{ + "shape":"OpenRtbAttributeModuleParameters", + "documentation":"

    Describes the parameters of an open RTB attribute module.

    " + }, + "rateLimiter":{ + "shape":"RateLimiterModuleParameters", + "documentation":"

    Describes the parameters of a rate limit.

    " + } + }, + "documentation":"

    Describes the parameters of a module.

    ", + "union":true + }, + "NoBidAction":{ + "type":"structure", + "members":{ + "noBidReasonCode":{ + "shape":"NoBidActionNoBidReasonCodeInteger", + "documentation":"

    The reason code for the no bid action.

    " + } + }, + "documentation":"

    Describes a no bid action.

    " + }, + "NoBidActionNoBidReasonCodeInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "NoBidModuleParameters":{ + "type":"structure", + "members":{ + "reason":{ + "shape":"NoBidModuleParametersReasonString", + "documentation":"

    The reason description.

    " + }, + "reasonCode":{ + "shape":"NoBidModuleParametersReasonCodeInteger", + "documentation":"

    The reason code.

    " + }, + "passThroughPercentage":{ + "shape":"NoBidModuleParametersPassThroughPercentageFloat", + "documentation":"

    The pass through percentage.

    " + } + }, + "documentation":"

    Describes the parameters of a no bid module.

    " + }, + "NoBidModuleParametersPassThroughPercentageFloat":{ + "type":"float", + "box":true, + "max":100, + "min":0 + }, + "NoBidModuleParametersReasonCodeInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":0 + }, + "NoBidModuleParametersReasonString":{ + "type":"string", + "max":50, + "min":1, + "pattern":"[a-zA-Z0-9]*" + }, + "OpenRtbAttributeModuleParameters":{ + "type":"structure", + "required":[ + "filterType", + "filterConfiguration", + "action", + "holdbackPercentage" + ], + "members":{ + "filterType":{ + "shape":"FilterType", + "documentation":"

    The filter type.

    " + }, + "filterConfiguration":{ + "shape":"FilterConfiguration", + "documentation":"

    Describes the configuration of a filter.

    " + }, + "action":{ + "shape":"Action", + "documentation":"

    Describes a bid action.

    " + }, + "holdbackPercentage":{ + "shape":"OpenRtbAttributeModuleParametersHoldbackPercentageFloat", + "documentation":"

    The hold back percentage.

    " + } + }, + "documentation":"

    Describes the parameters of an open RTB attribute module.

    " + }, + "OpenRtbAttributeModuleParametersHoldbackPercentageFloat":{ + "type":"float", + "box":true, + "max":100, + "min":0 + }, + "Protocol":{ + "type":"string", + "enum":[ + "HTTP", + "HTTPS" + ] + }, + "RateLimiterModuleParameters":{ + "type":"structure", + "members":{ + "tps":{ + "shape":"Float", + "documentation":"

    The transactions per second rate limit.

    " + } + }, + "documentation":"

    Describes the parameters of a rate limit.

    " + }, + "RejectLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + } + } + }, + "RejectLinkResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "peerGatewayId", + "status", + "createdAt", + "updatedAt", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "peerGatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the peer gateway.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the link.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was created.

    " + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp of when the link was updated.

    " + }, + "direction":{ + "shape":"LinkDirection", + "documentation":"

    The direction of the link.

    " + }, + "flowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of flow modules.

    " + }, + "pendingFlowModules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of pending flow modules.

    " + }, + "attributes":{ + "shape":"LinkAttributes", + "documentation":"

    Attributes of the link.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + } + } + }, + "RequesterGatewayStatus":{ + "type":"string", + "enum":[ + "PENDING_CREATION", + "ACTIVE", + "PENDING_DELETION", + "DELETED", + "ERROR", + "PENDING_UPDATE", + "ISOLATED", + "PENDING_ISOLATION", + "PENDING_RESTORATION" + ] + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because the resource does not exist.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "ResponderErrorMasking":{ + "type":"list", + "member":{"shape":"ResponderErrorMaskingForHttpCode"}, + "max":200, + "min":1 + }, + "ResponderErrorMaskingAction":{ + "type":"string", + "enum":[ + "NO_BID", + "PASSTHROUGH" + ] + }, + "ResponderErrorMaskingForHttpCode":{ + "type":"structure", + "required":[ + "httpCode", + "action", + "loggingTypes" + ], + "members":{ + "httpCode":{ + "shape":"ResponderErrorMaskingForHttpCodeHttpCodeString", + "documentation":"

    The HTTP error code.

    " + }, + "action":{ + "shape":"ResponderErrorMaskingAction", + "documentation":"

    The action for the error..

    " + }, + "loggingTypes":{ + "shape":"ResponderErrorMaskingLoggingTypes", + "documentation":"

    The error log type.

    " + }, + "responseLoggingPercentage":{ + "shape":"ResponderErrorMaskingForHttpCodeResponseLoggingPercentageFloat", + "documentation":"

    The percentage of response logging.

    " + } + }, + "documentation":"

    Describes the masking for HTTP error codes.

    " + }, + "ResponderErrorMaskingForHttpCodeHttpCodeString":{ + "type":"string", + "max":7, + "min":3, + "pattern":"DEFAULT|4XX|5XX|\\d{3}" + }, + "ResponderErrorMaskingForHttpCodeResponseLoggingPercentageFloat":{ + "type":"float", + "box":true, + "max":100, + "min":0 + }, + "ResponderErrorMaskingLoggingType":{ + "type":"string", + "enum":[ + "NONE", + "METRIC", + "RESPONSE" + ] + }, + "ResponderErrorMaskingLoggingTypes":{ + "type":"list", + "member":{"shape":"ResponderErrorMaskingLoggingType"}, + "max":2, + "min":1 + }, + "ResponderGatewayStatus":{ + "type":"string", + "enum":[ + "PENDING_CREATION", + "ACTIVE", + "PENDING_DELETION", + "DELETED", + "ERROR", + "PENDING_UPDATE", + "ISOLATED", + "PENDING_ISOLATION", + "PENDING_RESTORATION" + ] + }, + "RtbTaggableResourceArn":{ + "type":"string", + "max":1600, + "min":1, + "pattern":"arn:aws:rtbfabric:[a-zA-Z0-9_-]+:[0-9]{12}:gateway/[a-zA-Z0-9-]+(/link/[a-zA-Z0-9-]+)?" + }, + "SecurityGroupId":{ + "type":"string", + "pattern":"sg-[0-9a-f]{8,40}" + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because you exceeded a service quota.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "String":{"type":"string"}, + "SubnetId":{ + "type":"string", + "pattern":"subnet-\\w{8,17}" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"(resourceArn|internalId|(?!aws:)[a-zA-Z0-9+\\-=._:/@]+)" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":1 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"RtbTaggableResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource that you want to tag.

    ", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"

    A map of the key-value pairs of the tag or tags to assign to the resource.

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":1600, + "min":0 + }, + "TagsMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "Timestamp":{"type":"timestamp"}, + "TrustStoreConfiguration":{ + "type":"structure", + "required":["certificateAuthorityCertificates"], + "members":{ + "certificateAuthorityCertificates":{ + "shape":"CertificateAuthorityCertificates", + "documentation":"

    The certificate authority certificate.

    " + } + }, + "documentation":"

    Describes the configuration of a trust store.

    " + }, + "URI":{ + "type":"string", + "max":255, + "min":0, + "pattern":"(https|http)://(?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?)(?:\\.(?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?))+" + }, + "URL":{ + "type":"string", + "max":255, + "min":0, + "pattern":"(https|http)://.+" + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"RtbTaggableResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource that you want to untag.

    ", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"

    The keys of the key-value pairs for the tag or tags you want to remove from the specified resource.

    ", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateLinkModuleFlowRequest":{ + "type":"structure", + "required":[ + "clientToken", + "gatewayId", + "linkId", + "modules" + ], + "members":{ + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + }, + "modules":{ + "shape":"ModuleConfigurationList", + "documentation":"

    The configuration of a module.

    " + } + } + }, + "UpdateLinkModuleFlowResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "UpdateLinkRequest":{ + "type":"structure", + "required":[ + "gatewayId", + "linkId" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    ", + "location":"uri", + "locationName":"linkId" + }, + "logSettings":{ + "shape":"LinkLogSettings", + "documentation":"

    Settings for the application logs.

    " + } + } + }, + "UpdateLinkResponse":{ + "type":"structure", + "required":[ + "linkId", + "status" + ], + "members":{ + "linkId":{ + "shape":"LinkId", + "documentation":"

    The unique identifier of the link.

    " + }, + "status":{ + "shape":"LinkStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "UpdateRequesterGatewayRequest":{ + "type":"structure", + "required":[ + "clientToken", + "gatewayId" + ], + "members":{ + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "description":{ + "shape":"UpdateRequesterGatewayRequestDescriptionString", + "documentation":"

    An optional description for the requester gateway.

    " + } + } + }, + "UpdateRequesterGatewayRequestDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "UpdateRequesterGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "status":{ + "shape":"RequesterGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "UpdateResponderGatewayRequest":{ + "type":"structure", + "required":[ + "port", + "protocol", + "clientToken", + "gatewayId" + ], + "members":{ + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name for the responder gateway.

    " + }, + "port":{ + "shape":"UpdateResponderGatewayRequestPortInteger", + "documentation":"

    The networking port to use.

    " + }, + "protocol":{ + "shape":"Protocol", + "documentation":"

    The networking protocol to use.

    " + }, + "trustStoreConfiguration":{ + "shape":"TrustStoreConfiguration", + "documentation":"

    The configuration of the trust store.

    " + }, + "managedEndpointConfiguration":{ + "shape":"ManagedEndpointConfiguration", + "documentation":"

    The configuration for the managed endpoint.

    " + }, + "clientToken":{ + "shape":"String", + "documentation":"

    The unique client token.

    ", + "idempotencyToken":true + }, + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    ", + "location":"uri", + "locationName":"gatewayId" + }, + "description":{ + "shape":"UpdateResponderGatewayRequestDescriptionString", + "documentation":"

    An optional description for the responder gateway.

    " + } + } + }, + "UpdateResponderGatewayRequestDescriptionString":{ + "type":"string", + "pattern":"[A-Za-z0-9 ]+" + }, + "UpdateResponderGatewayRequestPortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":1 + }, + "UpdateResponderGatewayResponse":{ + "type":"structure", + "required":[ + "gatewayId", + "status" + ], + "members":{ + "gatewayId":{ + "shape":"GatewayId", + "documentation":"

    The unique identifier of the gateway.

    " + }, + "status":{ + "shape":"ResponderGatewayStatus", + "documentation":"

    The status of the request.

    " + } + } + }, + "ValidationException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The request could not be completed because it fails satisfy the constraints specified by the service.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "Version":{ + "type":"string", + "pattern":"[a-z0-9-]{1,25}" + }, + "VpcId":{ + "type":"string", + "pattern":"vpc-[a-f0-9]{8,17}" + } + }, + "documentation":"

    Amazon Web Services RTB Fabric provides secure, low-latency infrastructure for connecting real-time bidding (RTB) applications. Rather than hosting applications directly, RTB Fabric acts as the connecting fabric that enables your applications to communicate efficiently over private networks instead of the public internet. You maintain complete control over your applications, data, and bidding decisions, while RTB Fabric provides the underlying infrastructure for secure, reliable connectivity.

    You can use these APIs to complete RTB Fabric tasks, such as setting up audit log ingestions or viewing user access. For more information about RTB Fabric, including the required permissions to use the service, see the Amazon Web Services RTB Fabric User Guide.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/waiters-2.json 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/waiters-2.json --- 2.23.6-1/awscli/botocore/data/rtbfabric/2023-05-15/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rtbfabric/2023-05-15/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,193 @@ +{ + "version" : 2, + "waiters" : { + "InboundExternalLinkActive" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetInboundExternalLink", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "REJECTED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ISOLATED" + } ] + }, + "LinkAccepted" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetLink", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACCEPTED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "REJECTED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + } ] + }, + "LinkActive" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetLink", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "REJECTED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + } ] + }, + "OutboundExternalLinkActive" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetOutboundExternalLink", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "REJECTED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "FAILED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ISOLATED" + } ] + }, + "RequesterGatewayActive" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetRequesterGateway", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "RequesterGatewayDeleted" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetRequesterGateway", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "ResponderGatewayActive" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetResponderGateway", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "ResponderGatewayDeleted" : { + "delay" : 30, + "maxAttempts" : 5, + "operation" : "GetResponderGateway", + "acceptors" : [ { + "matcher" : "path", + "argument" : "status", + "state" : "success", + "expected" : "DELETED" + }, { + "matcher" : "path", + "argument" : "status", + "state" : "failure", + "expected" : "ERROR" + } ] + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/rum/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/rum/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/rum/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rum/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/rum/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/rum/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/rum/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/rum/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"rum", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"CloudWatch RUM", "serviceId":"RUM", "signatureVersion":"v4", "signingName":"rum", - "uid":"rum-2018-05-10" + "uid":"rum-2018-05-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchCreateRumMetricDefinitions":{ @@ -111,6 +113,28 @@ "documentation":"

    Deletes an existing app monitor. This immediately stops the collection of data.

    ", "idempotent":true }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy", + "http":{ + "method":"DELETE", + "requestUri":"/appmonitor/{Name}/policy", + "responseCode":200 + }, + "input":{"shape":"DeleteResourcePolicyRequest"}, + "output":{"shape":"DeleteResourcePolicyResponse"}, + "errors":[ + {"shape":"InvalidPolicyRevisionIdException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"PolicyNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Removes the association of a resource-based policy from an app monitor.

    ", + "idempotent":true + }, "DeleteRumMetricsDestination":{ "name":"DeleteRumMetricsDestination", "http":{ @@ -167,6 +191,26 @@ ], "documentation":"

    Retrieves the raw performance events that RUM has collected from your web application, so that you can do your own processing or analysis of this data.

    " }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"GET", + "requestUri":"/appmonitor/{Name}/policy", + "responseCode":200 + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"PolicyNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Use this operation to retrieve information about a resource-based policy that is attached to an app monitor.

    " + }, "ListAppMonitors":{ "name":"ListAppMonitors", "http":{ @@ -217,6 +261,29 @@ ], "documentation":"

    Displays the tags associated with a CloudWatch RUM resource.

    " }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy", + "http":{ + "method":"PUT", + "requestUri":"/appmonitor/{Name}/policy", + "responseCode":200 + }, + "input":{"shape":"PutResourcePolicyRequest"}, + "output":{"shape":"PutResourcePolicyResponse"}, + "errors":[ + {"shape":"PolicySizeLimitExceededException"}, + {"shape":"InvalidPolicyRevisionIdException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"MalformedPolicyDocumentException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Use this operation to assign a resource-based policy to a CloudWatch RUM app monitor to control access to it. Each app monitor can have one resource-based policy. The maximum size of the policy is 4 KB. To learn more about using resource policies with RUM, see Using resource-based policies with CloudWatch RUM.

    ", + "idempotent":true + }, "PutRumEvents":{ "name":"PutRumEvents", "http":{ @@ -345,6 +412,11 @@ }, "exception":true }, + "Alias":{ + "type":"string", + "max":255, + "min":1 + }, "AppMonitor":{ "type":"structure", "members":{ @@ -364,10 +436,18 @@ "shape":"DataStorage", "documentation":"

    A structure that contains information about whether this app monitor stores a copy of the telemetry data that RUM collects using CloudWatch Logs.

    " }, + "DeobfuscationConfiguration":{ + "shape":"DeobfuscationConfiguration", + "documentation":"

    A structure that contains the configuration for how an app monitor can deobfuscate stack traces.

    " + }, "Domain":{ "shape":"AppMonitorDomain", "documentation":"

    The top-level internet domain name for which your application has administrative authority.

    " }, + "DomainList":{ + "shape":"AppMonitorDomainList", + "documentation":"

    List the domain names for which your application has administrative authority.

    " + }, "Id":{ "shape":"AppMonitorId", "documentation":"

    The unique ID of this app monitor.

    " @@ -455,7 +535,13 @@ "type":"string", "max":253, "min":1, - "pattern":"^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))" + "pattern":"^(localhost)$|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|(?=^[a-zA-Z0-9\\.\\*-]{4,253}$)(?!.*\\.-)(?!.*-\\.)(?!.*\\.\\.)(?!.*[^\\.]{64,})^(\\*\\.)?(?![-\\.\\*])[^\\*]{1,}\\.(\\*|(?!.*--)(?=.*[a-zA-Z])[^\\*]{1,}[^\\*-])$" + }, + "AppMonitorDomainList":{ + "type":"list", + "member":{"shape":"AppMonitorDomain"}, + "max":5, + "min":1 }, "AppMonitorId":{ "type":"string", @@ -729,10 +815,7 @@ }, "CreateAppMonitorRequest":{ "type":"structure", - "required":[ - "Domain", - "Name" - ], + "required":["Name"], "members":{ "AppMonitorConfiguration":{ "shape":"AppMonitorConfiguration", @@ -746,10 +829,18 @@ "shape":"Boolean", "documentation":"

    Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.

    If you omit this parameter, the default is false.

    " }, + "DeobfuscationConfiguration":{ + "shape":"DeobfuscationConfiguration", + "documentation":"

    A structure that contains the configuration for how an app monitor can deobfuscate stack traces.

    " + }, "Domain":{ "shape":"AppMonitorDomain", "documentation":"

    The top-level internet domain name for which your application has administrative authority.

    " }, + "DomainList":{ + "shape":"AppMonitorDomainList", + "documentation":"

    List the domain names for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.

    " + }, "Name":{ "shape":"AppMonitorName", "documentation":"

    A name for the app monitor.

    " @@ -827,6 +918,33 @@ "members":{ } }, + "DeleteResourcePolicyRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"AppMonitorName", + "documentation":"

    The app monitor that you want to remove the resource policy from.

    ", + "location":"uri", + "locationName":"Name" + }, + "PolicyRevisionId":{ + "shape":"PolicyRevisionId", + "documentation":"

    Specifies a specific policy revision to delete. Provide a PolicyRevisionId to ensure an atomic delete operation. If the revision ID that you provide doesn't match the latest policy revision ID, the request will be rejected with an InvalidPolicyRevisionIdException error.

    ", + "location":"querystring", + "locationName":"policyRevisionId" + } + } + }, + "DeleteResourcePolicyResponse":{ + "type":"structure", + "members":{ + "PolicyRevisionId":{ + "shape":"PolicyRevisionId", + "documentation":"

    The revision ID of the policy that was removed, if it had one.

    " + } + } + }, "DeleteRumMetricsDestinationRequest":{ "type":"structure", "required":[ @@ -859,6 +977,29 @@ "members":{ } }, + "DeobfuscationConfiguration":{ + "type":"structure", + "members":{ + "JavaScriptSourceMaps":{ + "shape":"JavaScriptSourceMaps", + "documentation":"

    A structure that contains the configuration for how an app monitor can unminify JavaScript error stack traces using source maps.

    " + } + }, + "documentation":"

    A structure that contains the configuration for how an app monitor can deobfuscate stack traces.

    " + }, + "DeobfuscationS3Uri":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^s3://[a-z0-9][-.a-z0-9]{1,61}(?:/[-!_*'().a-z0-9A-Z]+(?:/[-!_*'().a-z0-9A-Z]+)*)?/?$" + }, + "DeobfuscationStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "DestinationArn":{ "type":"string", "max":2048, @@ -964,6 +1105,31 @@ } } }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"AppMonitorName", + "documentation":"

    The name of the app monitor that is associated with the resource-based policy that you want to view.

    ", + "location":"uri", + "locationName":"Name" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "members":{ + "PolicyDocument":{ + "shape":"String", + "documentation":"

    The JSON policy document that you requested.

    " + }, + "PolicyRevisionId":{ + "shape":"PolicyRevisionId", + "documentation":"

    The revision ID information for this version of the policy document that you requested.

    " + } + } + }, "ISOTimestampString":{ "type":"string", "max":19, @@ -1001,6 +1167,34 @@ "fault":true, "retryable":{"throttling":false} }, + "InvalidPolicyRevisionIdException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The policy revision ID that you provided doeesn't match the latest policy revision ID.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "JavaScriptSourceMaps":{ + "type":"structure", + "required":["Status"], + "members":{ + "S3Uri":{ + "shape":"DeobfuscationS3Uri", + "documentation":"

    The S3Uri of the bucket or folder that stores the source map files. It is required if status is ENABLED.

    " + }, + "Status":{ + "shape":"DeobfuscationStatus", + "documentation":"

    Specifies whether JavaScript error stack traces should be unminified for this app monitor. The default is for JavaScript error stack trace unminification to be DISABLED.

    " + } + }, + "documentation":"

    A structure that contains the configuration for how an app monitor can unminify JavaScript error stack traces using source maps.

    " + }, "JsonValue":{"type":"string"}, "ListAppMonitorsRequest":{ "type":"structure", @@ -1098,6 +1292,19 @@ } } }, + "MalformedPolicyDocumentException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The policy document that you specified is not formatted correctly.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "MaxQueryResults":{ "type":"integer", "max":100, @@ -1241,6 +1448,73 @@ "max":50, "min":0 }, + "PolicyNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The resource-based policy doesn't exist on this app monitor.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "PolicyRevisionId":{ + "type":"string", + "max":255, + "min":1 + }, + "PolicySizeLimitExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The policy document is too large. The limit is 4 KB.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "PutResourcePolicyRequest":{ + "type":"structure", + "required":[ + "Name", + "PolicyDocument" + ], + "members":{ + "Name":{ + "shape":"AppMonitorName", + "documentation":"

    The name of the app monitor that you want to apply this resource-based policy to. To find the names of your app monitors, you can use the ListAppMonitors operation.

    ", + "location":"uri", + "locationName":"Name" + }, + "PolicyDocument":{ + "shape":"String", + "documentation":"

    The JSON to use as the resource policy. The document can be up to 4 KB in size. For more information about the contents and syntax for this policy, see Using resource-based policies with CloudWatch RUM.

    " + }, + "PolicyRevisionId":{ + "shape":"PolicyRevisionId", + "documentation":"

    A string value that you can use to conditionally update your policy. You can provide the revision ID of your existing policy to make mutating requests against that policy.

    When you assign a policy revision ID, then later requests about that policy will be rejected with an InvalidPolicyRevisionIdException error if they don't provide the correct current revision ID.

    " + } + } + }, + "PutResourcePolicyResponse":{ + "type":"structure", + "members":{ + "PolicyDocument":{ + "shape":"String", + "documentation":"

    The JSON policy document that you specified.

    " + }, + "PolicyRevisionId":{ + "shape":"PolicyRevisionId", + "documentation":"

    The policy revision ID information that you specified.

    " + } + } + }, "PutRumEventsRequest":{ "type":"structure", "required":[ @@ -1251,6 +1525,10 @@ "UserDetails" ], "members":{ + "Alias":{ + "shape":"Alias", + "documentation":"

    If the app monitor uses a resource-based policy that requires PutRumEvents requests to specify a certain alias, specify that alias here. This alias will be compared to the rum:alias context key in the resource-based policy. For more information, see Using resource-based policies with CloudWatch RUM.

    " + }, "AppMonitorDetails":{ "shape":"AppMonitorDetails", "documentation":"

    A structure that contains information about the app monitor that collected this telemetry information.

    " @@ -1594,10 +1872,18 @@ "shape":"Boolean", "documentation":"

    Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.

    " }, + "DeobfuscationConfiguration":{ + "shape":"DeobfuscationConfiguration", + "documentation":"

    A structure that contains the configuration for how an app monitor can deobfuscate stack traces.

    " + }, "Domain":{ "shape":"AppMonitorDomain", "documentation":"

    The top-level internet domain name for which your application has administrative authority.

    " }, + "DomainList":{ + "shape":"AppMonitorDomainList", + "documentation":"

    List the domain names for which your application has administrative authority. The UpdateAppMonitor allows either the domain or the domain list.

    " + }, "Name":{ "shape":"AppMonitorName", "documentation":"

    The name of the app monitor to update.

    ", diff -pruN 2.23.6-1/awscli/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,102 +4,102 @@ "Bucket": { "required": false, "documentation": "The S3 bucket used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 bucket.", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "ForcePathStyle": { "builtIn": "AWS::S3::ForcePathStyle", "required": true, "default": false, "documentation": "When true, force a path-style endpoint to be used where the bucket name is part of the path.", - "type": "Boolean" + "type": "boolean" }, "Accelerate": { "builtIn": "AWS::S3::Accelerate", "required": true, "default": false, "documentation": "When true, use S3 Accelerate. NOTE: Not all regions support S3 accelerate.", - "type": "Boolean" + "type": "boolean" }, "UseGlobalEndpoint": { "builtIn": "AWS::S3::UseGlobalEndpoint", "required": true, "default": false, "documentation": "Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.", - "type": "Boolean" + "type": "boolean" }, "UseObjectLambdaEndpoint": { "required": false, "documentation": "Internal parameter to use object lambda endpoint for an operation (eg: WriteGetObjectResponse)", - "type": "Boolean" + "type": "boolean" }, "Key": { "required": false, "documentation": "The S3 Key used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 Key.", - "type": "String" + "type": "string" }, "Prefix": { "required": false, "documentation": "The S3 Prefix used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 Prefix.", - "type": "String" + "type": "string" }, "CopySource": { "required": false, "documentation": "The Copy Source used for Copy Object request. This is an optional parameter that will be set automatically for operations that are scoped to Copy Source.", - "type": "String" + "type": "string" }, "DisableAccessPoints": { "required": false, "documentation": "Internal parameter to disable Access Point Buckets", - "type": "Boolean" + "type": "boolean" }, "DisableMultiRegionAccessPoints": { "builtIn": "AWS::S3::DisableMultiRegionAccessPoints", "required": true, "default": false, "documentation": "Whether multi-region access points (MRAP) should be disabled.", - "type": "Boolean" + "type": "boolean" }, "UseArnRegion": { "builtIn": "AWS::S3::UseArnRegion", "required": false, "documentation": "When an Access Point ARN is provided and this flag is enabled, the SDK MUST use the ARN's region when constructing the endpoint instead of the client's configured region.", - "type": "Boolean" + "type": "boolean" }, "UseS3ExpressControlEndpoint": { "required": false, "documentation": "Internal parameter to indicate whether S3Express operation should use control plane, (ex. CreateBucket)", - "type": "Boolean" + "type": "boolean" }, "DisableS3ExpressSessionAuth": { "required": false, "documentation": "Parameter to indicate whether S3Express session auth should be disabled", - "type": "Boolean" + "type": "boolean" } }, "rules": [ @@ -286,21 +286,6 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "S3Express does not support Dual-stack.", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { "ref": "Accelerate" }, true @@ -576,76 +561,196 @@ { "conditions": [ { - "fn": "uriEncode", + "fn": "aws.partition", "argv": [ { - "ref": "Bucket" + "ref": "Region" } ], - "assign": "uri_encoded_bucket" - }, - { - "fn": "not", - "argv": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ] + "assign": "partitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "uriEncode", "argv": [ { - "ref": "UseFIPS" - }, - true + "ref": "Bucket" + } + ], + "assign": "uri_encoded_bucket" + }, + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } ] } ], - "endpoint": { - "url": "https://s3express-control-fips.{Region}.amazonaws.com/{uri_encoded_bucket}", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "rules": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://s3express-control-fips.dualstack.{Region}.{partitionResult#dnsSuffix}/{uri_encoded_bucket}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://s3express-control.{Region}.amazonaws.com/{uri_encoded_bucket}", - "properties": { - "backend": "S3Express", - "authSchemes": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}/{uri_encoded_bucket}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control.dualstack.{Region}.{partitionResult#dnsSuffix}/{uri_encoded_bucket}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}/{uri_encoded_bucket}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" } ], "type": "tree" @@ -669,27 +774,1008 @@ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { - "ref": "DisableS3ExpressSessionAuth" + "ref": "Region" } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "DisableS3ExpressSessionAuth" - }, - true - ] + ], + "assign": "partitionResult" } ], "rules": [ { "conditions": [ { + "fn": "isSet", + "argv": [ + { + "ref": "DisableS3ExpressSessionAuth" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "DisableS3ExpressSessionAuth" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 14, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 14, + 16, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 15, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 15, + 17, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 19, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 19, + 21, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 6, + 26, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 26, + 28, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Unrecognized S3Express bucket name format.", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { "fn": "substring", "argv": [ { @@ -734,16 +1820,25 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -754,15 +1849,110 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -822,16 +2012,25 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -842,15 +2041,110 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -910,16 +2204,25 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -930,15 +2233,110 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -998,16 +2396,25 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -1018,15 +2425,110 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -1086,16 +2588,63 @@ }, true ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -1106,15 +2655,72 @@ "type": "endpoint" }, { - "conditions": [], + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", "properties": { "backend": "S3Express", "authSchemes": [ { "disableDoubleEncoding": true, - "name": "sigv4", + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", "signingName": "s3express", "signingRegion": "{Region}" } @@ -1134,40 +2740,104 @@ } ], "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "S3Express bucket name is not a valid virtual hostable name.", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Bucket" + } + ] + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" }, + 0, + 7, + true + ], + "assign": "accessPointSuffix" + }, + { + "fn": "stringEquals", + "argv": [ { - "conditions": [ + "ref": "accessPointSuffix" + }, + "--xa-s3" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ { - "fn": "substring", - "argv": [ - { - "ref": "Bucket" - }, - 6, - 14, - true - ], - "assign": "s3expressAvailabilityZoneId" + "ref": "Accelerate" }, + true + ] + } + ], + "error": "S3Express does not support S3 Accelerate.", + "type": "error" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ { - "fn": "substring", + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", "argv": [ { - "ref": "Bucket" - }, - 14, - 16, - true - ], - "assign": "s3expressAvailabilityZoneDelim" + "ref": "DisableS3ExpressSessionAuth" + } + ] }, { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ { - "ref": "s3expressAvailabilityZoneDelim" + "ref": "DisableS3ExpressSessionAuth" }, - "--" + true ] } ], @@ -1178,47 +2848,96 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "fn": "getAttr", + "argv": [ + { + "ref": "url" + }, + "isIp" + ] }, true ] } ], - "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "rules": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "uriEncode", + "argv": [ + { + "ref": "Bucket" + } + ], + "assign": "uri_encoded_bucket" } - ] - }, - "headers": {} - }, - "type": "endpoint" + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "{url#scheme}://{url#authority}/{uri_encoded_bucket}{url#path}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" }, { - "conditions": [], - "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "conditions": [ + { + "fn": "aws.isVirtualHostableS3Bucket", + "argv": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" - } + "ref": "Bucket" + }, + false ] - }, - "headers": {} - }, - "type": "endpoint" + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "{url#scheme}://{Bucket}.{url#authority}{url#path}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "S3Express bucket name is not a valid virtual hostable name.", + "type": "error" } ], "type": "tree" @@ -1226,36 +2945,18 @@ { "conditions": [ { - "fn": "substring", - "argv": [ - { - "ref": "Bucket" - }, - 6, - 15, - true - ], - "assign": "s3expressAvailabilityZoneId" - }, - { - "fn": "substring", + "fn": "booleanEquals", "argv": [ { - "ref": "Bucket" + "fn": "getAttr", + "argv": [ + { + "ref": "url" + }, + "isIp" + ] }, - 15, - 17, true - ], - "assign": "s3expressAvailabilityZoneDelim" - }, - { - "fn": "stringEquals", - "argv": [ - { - "ref": "s3expressAvailabilityZoneDelim" - }, - "--" ] } ], @@ -1263,36 +2964,58 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "uriEncode", "argv": [ { - "ref": "UseFIPS" + "ref": "Bucket" + } + ], + "assign": "uri_encoded_bucket" + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "{url#scheme}://{url#authority}/{uri_encoded_bucket}{url#path}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] }, - true - ] + "headers": {} + }, + "type": "endpoint" } ], - "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ - { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" - } - ] + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "aws.isVirtualHostableS3Bucket", + "argv": [ + { + "ref": "Bucket" }, - "headers": {} - }, - "type": "endpoint" - }, + false + ] + } + ], + "rules": [ { "conditions": [], "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", + "url": "{url#scheme}://{Bucket}.{url#authority}{url#path}", "properties": { "backend": "S3Express", "authSchemes": [ @@ -1312,273 +3035,1995 @@ "type": "tree" }, { - "conditions": [ + "conditions": [], + "error": "S3Express bucket name is not a valid virtual hostable name.", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "aws.isVirtualHostableS3Bucket", + "argv": [ { - "fn": "substring", - "argv": [ - { - "ref": "Bucket" - }, - 6, - 19, - true - ], - "assign": "s3expressAvailabilityZoneId" + "ref": "Bucket" }, + false + ] + } + ], + "rules": [ + { + "conditions": [ { - "fn": "substring", + "fn": "aws.partition", "argv": [ { - "ref": "Bucket" - }, - 19, - 21, - true + "ref": "Region" + } ], - "assign": "s3expressAvailabilityZoneDelim" - }, - { - "fn": "stringEquals", - "argv": [ - { - "ref": "s3expressAvailabilityZoneDelim" - }, - "--" - ] + "assign": "partitionResult" } ], "rules": [ { "conditions": [ { + "fn": "isSet", + "argv": [ + { + "ref": "DisableS3ExpressSessionAuth" + } + ] + }, + { "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "DisableS3ExpressSessionAuth" }, true ] } ], - "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "rules": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 15, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 15, + 17, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] } - ] + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 16, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 16, + 18, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] } - ] + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "substring", - "argv": [ { - "ref": "Bucket" + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, - 6, - 20, - true + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 21, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 21, + 23, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 27, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 27, + 29, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Unrecognized S3Express bucket name format.", + "type": "error" + } ], - "assign": "s3expressAvailabilityZoneId" + "type": "tree" }, { - "fn": "substring", - "argv": [ + "conditions": [ { - "ref": "Bucket" + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 15, + true + ], + "assign": "s3expressAvailabilityZoneId" }, - 20, - 22, - true + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 15, + 17, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } ], - "assign": "s3expressAvailabilityZoneDelim" - }, - { - "fn": "stringEquals", - "argv": [ + "rules": [ { - "ref": "s3expressAvailabilityZoneDelim" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "--" - ] - } - ], - "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "substring", "argv": [ { - "ref": "UseFIPS" + "ref": "Bucket" }, + 7, + 16, true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 16, + 18, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" ] } ], - "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "rules": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "substring", - "argv": [ { - "ref": "Bucket" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - 6, - 26, - true + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } ], - "assign": "s3expressAvailabilityZoneId" + "type": "tree" }, { - "fn": "substring", - "argv": [ + "conditions": [ { - "ref": "Bucket" + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 7, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" }, - 26, - 28, - true + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } ], - "assign": "s3expressAvailabilityZoneDelim" - }, - { - "fn": "stringEquals", - "argv": [ + "rules": [ { - "ref": "s3expressAvailabilityZoneDelim" + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "--" - ] - } - ], - "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [ { - "fn": "booleanEquals", + "fn": "substring", "argv": [ { - "ref": "UseFIPS" + "ref": "Bucket" }, + 7, + 21, true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 21, + 23, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" ] } ], - "endpoint": { - "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "rules": [ + { + "conditions": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { - "conditions": [], - "endpoint": { - "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ + "conditions": [ + { + "fn": "substring", + "argv": [ { - "disableDoubleEncoding": true, - "name": "sigv4-s3express", - "signingName": "s3express", - "signingRegion": "{Region}" - } + "ref": "Bucket" + }, + 7, + 27, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "Bucket" + }, + 27, + 29, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-fips-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Bucket}.s3express-{s3expressAvailabilityZoneId}.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4-s3express", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Unrecognized S3Express bucket name format.", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Unrecognized S3Express bucket name format.", - "type": "error" } ], "type": "tree" @@ -1628,87 +5073,207 @@ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { - "ref": "Endpoint" + "ref": "Region" } - ] - }, + ], + "assign": "partitionResult" + } + ], + "rules": [ { - "fn": "parseURL", - "argv": [ + "conditions": [ { - "ref": "Endpoint" + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" } ], - "assign": "url" - } - ], - "endpoint": { - "url": "{url#scheme}://{url#authority}{url#path}", - "properties": { - "backend": "S3Express", - "authSchemes": [ - { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3express", - "signingRegion": "{Region}" + "endpoint": { + "url": "{url#scheme}://{url#authority}{url#path}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://s3express-control-fips.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "endpoint": { - "url": "https://s3express-control-fips.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ - { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3express", - "signingRegion": "{Region}" + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://s3express-control.{Region}.amazonaws.com", - "properties": { - "backend": "S3Express", - "authSchemes": [ - { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3express", - "signingRegion": "{Region}" + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://s3express-control.dualstack.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "backend": "S3Express", + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" } ], "type": "tree" diff -pruN 2.23.6-1/awscli/botocore/data/s3/2006-03-01/service-2.json 2.31.35-1/awscli/botocore/data/s3/2006-03-01/service-2.json --- 2.23.6-1/awscli/botocore/data/s3/2006-03-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3/2006-03-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -27,8 +27,7 @@ "errors":[ {"shape":"NoSuchUpload"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadAbort.html", - "documentation":"

    This operation aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

    To verify that all parts have been removed and prevent getting charged for the part storage, you should call the ListParts API operation and ensure that the parts list is empty.

    • Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload, see Multipart Upload and Permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to AbortMultipartUpload:

    " + "documentation":"

    This operation aborts a multipart upload. After a multipart upload is aborted, no additional parts can be uploaded using that upload ID. The storage consumed by any previously uploaded parts will be freed. However, if any part uploads are currently in progress, those part uploads might or might not succeed. As a result, it might be necessary to abort a given multipart upload multiple times in order to completely free all storage consumed by all parts.

    To verify that all parts have been removed and prevent getting charged for the part storage, you should call the ListParts API operation and ensure that the parts list is empty.

    • Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload, see Multipart Upload and Permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to AbortMultipartUpload:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "CompleteMultipartUpload":{ "name":"CompleteMultipartUpload", @@ -38,8 +37,7 @@ }, "input":{"shape":"CompleteMultipartUploadRequest"}, "output":{"shape":"CompleteMultipartUploadOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadComplete.html", - "documentation":"

    Completes a multipart upload by assembling previously uploaded parts.

    You first initiate the multipart upload and then upload all parts using the UploadPart operation or the UploadPartCopy operation. After successfully uploading all relevant parts of an upload, you call this CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the PartNumber value and the ETag value that are returned after that part was uploaded.

    The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. The error response might be embedded in the 200 OK response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).

    Note that if CompleteMultipartUpload fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best Practices.

    You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload can still return a 200 OK response.

    For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

      If you provide an additional checksum value in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Special errors

    • Error Code: EntityTooSmall

      • Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.

      • HTTP Status Code: 400 Bad Request

    • Error Code: InvalidPart

      • Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified ETag might not have matched the uploaded part's ETag.

      • HTTP Status Code: 400 Bad Request

    • Error Code: InvalidPartOrder

      • Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.

      • HTTP Status Code: 400 Bad Request

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to CompleteMultipartUpload:

    " + "documentation":"

    Completes a multipart upload by assembling previously uploaded parts.

    You first initiate the multipart upload and then upload all parts using the UploadPart operation or the UploadPartCopy operation. After successfully uploading all relevant parts of an upload, you call this CompleteMultipartUpload operation to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the CompleteMultipartUpload request, you must provide the parts list and ensure that the parts list is complete. The CompleteMultipartUpload API operation concatenates the parts that you provide in the list. For each part in the list, you must provide the PartNumber value and the ETag value that are returned after that part was uploaded.

    The processing of a CompleteMultipartUpload request could take several minutes to finalize. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. A request could fail after the initial 200 OK response has been sent. This means that a 200 OK response can contain either a success or an error. The error response might be embedded in the 200 OK response. If you call this API operation directly, make sure to design your application to parse the contents of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).

    Note that if CompleteMultipartUpload fails, applications should be prepared to retry any failed requests (including 500 error responses). For more information, see Amazon S3 Error Best Practices.

    You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload can still return a 200 OK response.

    For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

      If you provide an additional checksum value in your MultipartUpload requests and the object is encrypted with Key Management Service, you must have permission to use the kms:Decrypt action for the CompleteMultipartUpload request to succeed.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Special errors

    • Error Code: EntityTooSmall

      • Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.

      • HTTP Status Code: 400 Bad Request

    • Error Code: InvalidPart

      • Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified ETag might not have matched the uploaded part's ETag.

      • HTTP Status Code: 400 Bad Request

    • Error Code: InvalidPartOrder

      • Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.

      • HTTP Status Code: 400 Bad Request

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to CompleteMultipartUpload:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "CopyObject":{ "name":"CopyObject", @@ -52,9 +50,7 @@ "errors":[ {"shape":"ObjectNotInActiveTierError"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectCOPY.html", - "documentation":"

    Creates a copy of an object that is already stored in Amazon S3.

    You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.

    You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.

    • Amazon S3 supports copy operations using Multi-Region Access Points only as a destination when using the Multi-Region Access Point ARN.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    • VPC endpoints don't support cross-Region requests (including copies). If you're using VPC endpoints, your source and destination buckets should be in the same Amazon Web Services Region as your VPC endpoint.

    Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.

    Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
    Authentication and authorization

    All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    You must have read access to the source object and write access to the destination bucket.

    • General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.

      • If the source object is in a general purpose bucket, you must have s3:GetObject permission to read the source object that is being copied.

      • If the destination bucket is a general purpose bucket, you must have s3:PutObject permission to write the object copy to the destination bucket.

    • Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.

      • If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.

      • If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

      For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    Response and special errors

    When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.

    • If the copy is successful, you receive a response with information about the copied object.

    • A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.

      • If the error occurs before the copy action starts, you receive a standard Amazon S3 error.

      • If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed.

        If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).

    Charge

    The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to CopyObject:

    ", - "alias":"PutObjectCopy", + "documentation":"

    Creates a copy of an object that is already stored in Amazon S3.

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.

    You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.

    • Amazon S3 supports copy operations using Multi-Region Access Points only as a destination when using the Multi-Region Access Point ARN.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    • VPC endpoints don't support cross-Region requests (including copies). If you're using VPC endpoints, your source and destination buckets should be in the same Amazon Web Services Region as your VPC endpoint.

    Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.

    Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.
    Authentication and authorization

    All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    You must have read access to the source object and write access to the destination bucket.

    • General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.

      • If the source object is in a general purpose bucket, you must have s3:GetObject permission to read the source object that is being copied.

      • If the destination bucket is a general purpose bucket, you must have s3:PutObject permission to write the object copy to the destination bucket.

    • Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.

      • If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.

      • If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

      For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    Response and special errors

    When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.

    • If the copy is successful, you receive a response with information about the copied object.

    • A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.

      • If the error occurs before the copy action starts, you receive a standard Amazon S3 error.

      • If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed.

        If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).

    Charge

    The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.

    HTTP Host header syntax

    • Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    • Amazon S3 on Outposts - When you use this action with S3 on Outposts through the REST API, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. The hostname isn't required when you use the Amazon Web Services CLI or SDKs.

    The following operations are related to CopyObject:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "DisableS3ExpressSessionAuth":{"value":true} } @@ -71,14 +67,28 @@ {"shape":"BucketAlreadyExists"}, {"shape":"BucketAlreadyOwnedByYou"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html", - "documentation":"

    This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see CreateBucket .

    Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

    There are two types of buckets: general purpose buckets and directory buckets. For more information about these bucket types, see Creating, configuring, and working with Amazon S3 buckets in the Amazon S3 User Guide.

    • General purpose buckets - If you send your CreateBucket request to the s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - In addition to the s3:CreateBucket permission, the following permissions are required in a policy when your CreateBucket request includes specific headers:

      • Access control lists (ACLs) - In your CreateBucket request, if you specify an access control list (ACL) and set it to public-read, public-read-write, authenticated-read, or if you explicitly specify any other custom ACLs, both s3:CreateBucket and s3:PutBucketAcl permissions are required. In your CreateBucket request, if you set the ACL to private, or if you don't specify any ACLs, only the s3:CreateBucket permission is required.

      • Object Lock - In your CreateBucket request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.

      • S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership header, then the s3:PutBucketOwnershipControls permission is required.

        To set an ACL on a bucket as part of a CreateBucket request, you must explicitly set S3 Object Ownership for the bucket to a different value than the default, BucketOwnerEnforced. Additionally, if your desired bucket ACL grants public access, you must first create the bucket (without the bucket ACL) and then explicitly disable Block Public Access on the bucket before using PutBucketAcl to set the ACL. If you try to create a bucket with a public ACL, the request will fail.

        For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can use bucket policies as needed. For more information, see Controlling ownership of objects and disabling ACLs for your bucket and Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

      • S3 Block Public Access - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access enabled, then separately call the DeletePublicAccessBlock API. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about S3 Block Public Access, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

    • Directory bucket permissions - You must have the s3express:CreateBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

      The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified.

      For more information about permissions for creating and working with directory buckets, see Directory buckets in the Amazon S3 User Guide. For more information about supported S3 features for directory buckets, see Features of S3 Express One Zone in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to CreateBucket:

    ", - "alias":"PutBucket", + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see CreateBucket .

    Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.

    There are two types of buckets: general purpose buckets and directory buckets. For more information about these bucket types, see Creating, configuring, and working with Amazon S3 buckets in the Amazon S3 User Guide.

    • General purpose buckets - If you send your CreateBucket request to the s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see Virtual hosting of buckets in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - In addition to the s3:CreateBucket permission, the following permissions are required in a policy when your CreateBucket request includes specific headers:

      • Access control lists (ACLs) - In your CreateBucket request, if you specify an access control list (ACL) and set it to public-read, public-read-write, authenticated-read, or if you explicitly specify any other custom ACLs, both s3:CreateBucket and s3:PutBucketAcl permissions are required. In your CreateBucket request, if you set the ACL to private, or if you don't specify any ACLs, only the s3:CreateBucket permission is required.

      • Object Lock - In your CreateBucket request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are required.

      • S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership header, then the s3:PutBucketOwnershipControls permission is required.

        To set an ACL on a bucket as part of a CreateBucket request, you must explicitly set S3 Object Ownership for the bucket to a different value than the default, BucketOwnerEnforced. Additionally, if your desired bucket ACL grants public access, you must first create the bucket (without the bucket ACL) and then explicitly disable Block Public Access on the bucket before using PutBucketAcl to set the ACL. If you try to create a bucket with a public ACL, the request will fail.

        For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can use bucket policies as needed. For more information, see Controlling ownership of objects and disabling ACLs for your bucket and Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

      • S3 Block Public Access - If your specific use case requires granting public access to your S3 resources, you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access enabled, then separately call the DeletePublicAccessBlock API. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about S3 Block Public Access, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

    • Directory bucket permissions - You must have the s3express:CreateBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

      The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified.

      For more information about permissions for creating and working with directory buckets, see Directory buckets in the Amazon S3 User Guide. For more information about supported S3 features for directory buckets, see Features of S3 Express One Zone in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to CreateBucket:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "DisableAccessPoints":{"value":true}, "UseS3ExpressControlEndpoint":{"value":true} } }, + "CreateBucketMetadataConfiguration":{ + "name":"CreateBucketMetadataConfiguration", + "http":{ + "method":"POST", + "requestUri":"/{Bucket}?metadataConfiguration" + }, + "input":{"shape":"CreateBucketMetadataConfigurationRequest"}, + "documentation":"

    Creates an S3 Metadata V2 metadata configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the following permissions. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you want to encrypt your metadata tables with server-side encryption with Key Management Service (KMS) keys (SSE-KMS), you need additional permissions in your KMS key policy. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you also want to integrate your table bucket with Amazon Web Services analytics services so that you can query your metadata table, you need additional permissions. For more information, see Integrating Amazon S3 Tables with Amazon Web Services analytics services in the Amazon S3 User Guide.

    To query your metadata tables, you need additional permissions. For more information, see Permissions for querying metadata tables in the Amazon S3 User Guide.

    • s3:CreateBucketMetadataTableConfiguration

      The IAM policy action name is the same for the V1 and V2 API operations.

    • s3tables:CreateTableBucket

    • s3tables:CreateNamespace

    • s3tables:GetTable

    • s3tables:CreateTable

    • s3tables:PutTablePolicy

    • s3tables:PutTableEncryption

    • kms:DescribeKey

    The following operations are related to CreateBucketMetadataConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "httpChecksum":{ + "requestAlgorithmMember":"ChecksumAlgorithm", + "requestChecksumRequired":true + }, + "staticContextParams":{ + "UseS3ExpressControlEndpoint":{"value":true} + } + }, "CreateBucketMetadataTableConfiguration":{ "name":"CreateBucketMetadataTableConfiguration", "http":{ @@ -86,7 +96,7 @@ "requestUri":"/{Bucket}?metadataTable" }, "input":{"shape":"CreateBucketMetadataTableConfigurationRequest"}, - "documentation":"

    Creates a metadata table configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the following permissions. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you also want to integrate your table bucket with Amazon Web Services analytics services so that you can query your metadata table, you need additional permissions. For more information, see Integrating Amazon S3 Tables with Amazon Web Services analytics services in the Amazon S3 User Guide.

    • s3:CreateBucketMetadataTableConfiguration

    • s3tables:CreateNamespace

    • s3tables:GetTable

    • s3tables:CreateTable

    • s3tables:PutTablePolicy

    The following operations are related to CreateBucketMetadataTableConfiguration:

    ", + "documentation":"

    We recommend that you create your S3 Metadata configurations by using the V2 CreateBucketMetadataConfiguration API operation. We no longer recommend using the V1 CreateBucketMetadataTableConfiguration API operation.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    Creates a V1 S3 Metadata configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the following permissions. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you want to encrypt your metadata tables with server-side encryption with Key Management Service (KMS) keys (SSE-KMS), you need additional permissions. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you also want to integrate your table bucket with Amazon Web Services analytics services so that you can query your metadata table, you need additional permissions. For more information, see Integrating Amazon S3 Tables with Amazon Web Services analytics services in the Amazon S3 User Guide.

    • s3:CreateBucketMetadataTableConfiguration

    • s3tables:CreateNamespace

    • s3tables:GetTable

    • s3tables:CreateTable

    • s3tables:PutTablePolicy

    The following operations are related to CreateBucketMetadataTableConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -103,9 +113,7 @@ }, "input":{"shape":"CreateMultipartUploadRequest"}, "output":{"shape":"CreateMultipartUploadOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadInitiate.html", - "documentation":"

    This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.

    After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stops charging you for storing them only after you either complete or abort a multipart upload.

    If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart upload must be completed within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.

    • Directory buckets - S3 Lifecycle is not supported by directory buckets.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Request signing

    For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.

    Permissions

    • General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service (KMS) KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Encryption

    • General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.

      • Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.

        • x-amz-server-side-encryption

        • x-amz-server-side-encryption-aws-kms-key-id

        • x-amz-server-side-encryption-context

        • If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to protect the data.

        • To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

        • If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key policy and your IAM user or role.

        • All GET and PUT requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.

        For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.

      • Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request.

        • x-amz-server-side-encryption-customer-algorithm

        • x-amz-server-side-encryption-customer-key

        • x-amz-server-side-encryption-customer-key-MD5

        For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

      For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to CreateMultipartUpload:

    ", - "alias":"InitiateMultipartUpload" + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    This action initiates a multipart upload and returns an upload ID. This upload ID is used to associate all of the parts in the specific multipart upload. You specify this upload ID in each of your subsequent upload part requests (see UploadPart). You also include this upload ID in the final request to either complete or abort the multipart upload request. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.

    After you initiate a multipart upload and upload one or more parts, to stop being charged for storing the uploaded parts, you must either complete or abort the multipart upload. Amazon S3 frees up the space used to store the parts and stops charging you for storing them only after you either complete or abort a multipart upload.

    If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart upload must be completed within the number of days specified in the bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort action and Amazon S3 aborts the multipart upload. For more information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration.

    • Directory buckets - S3 Lifecycle is not supported by directory buckets.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Request signing

    For request signing, multipart upload is just a series of regular requests. You initiate a multipart upload, send one or more requests to upload parts, and then complete the multipart upload process. You sign each request individually. There is nothing special about signing multipart upload requests. For more information about signing, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 User Guide.

    Permissions

    • General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service (KMS) KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Encryption

    • General purpose buckets - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. Amazon S3 automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a multipart upload, if you don't specify encryption information in your request, the encryption setting of the uploaded parts is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a default encryption configuration that uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded parts. When you perform a CreateMultipartUpload operation, if you want to use a different type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence. If you choose to provide your own encryption key, the request headers you provide in UploadPart and UploadPartCopy requests must match the headers you used in the CreateMultipartUpload request.

      • Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key (aws/s3) and KMS customer managed keys stored in Key Management Service (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data, specify the following headers in the request.

        • x-amz-server-side-encryption

        • x-amz-server-side-encryption-aws-kms-key-id

        • x-amz-server-side-encryption-context

        • If you specify x-amz-server-side-encryption:aws:kms, but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3 key) in KMS to protect the data.

        • To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information, see Multipart upload API and permissions and Protecting data using server-side encryption with Amazon Web Services KMS in the Amazon S3 User Guide.

        • If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key, then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key policy and your IAM user or role.

        • All GET and PUT requests for an object protected by KMS fail if you don't make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version 4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.

        For more information about server-side encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption with KMS keys in the Amazon S3 User Guide.

      • Use customer-provided encryption keys (SSE-C) – If you want to manage your own encryption keys, provide all the following headers in the request.

        • x-amz-server-side-encryption-customer-algorithm

        • x-amz-server-side-encryption-customer-key

        • x-amz-server-side-encryption-customer-key-MD5

        For more information about server-side encryption with customer-provided encryption keys (SSE-C), see Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

      For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to CreateMultipartUpload:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "CreateSession":{ "name":"CreateSession", @@ -118,7 +126,7 @@ "errors":[ {"shape":"NoSuchBucket"} ], - "documentation":"

    Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see S3 Express One Zone APIs in the Amazon S3 User Guide.

    To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.

    If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see Performance guidelines and design patterns in the Amazon S3 User Guide.

    • You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    • CopyObject API operation - Unlike other Zonal endpoint API operations, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see CopyObject.

    • HeadBucket API operation - Unlike other Zonal endpoint API operations, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see HeadBucket.
    Permissions

    To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode . For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the s3express:CreateSession permission.

    If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.

    Encryption

    For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

    For Zonal endpoint (object-level) API operations except CopyObject and UploadPartCopy, you authenticate and authorize requests through CreateSession for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session.

    Only 1 customer managed key is supported per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration.

    In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

    When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. Also, in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), it's not supported to override the values of the encryption settings from the CreateSession request.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    ", + "documentation":"

    Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see S3 Express One Zone APIs in the Amazon S3 User Guide.

    To make Zonal endpoint API requests on a directory bucket, use the CreateSession API operation. Specifically, you grant s3express:CreateSession permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.

    If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see Performance guidelines and design patterns in the Amazon S3 User Guide.

    • You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    • CopyObject API operation - Unlike other Zonal endpoint API operations, the CopyObject API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the CopyObject API operation on directory buckets, see CopyObject.

    • HeadBucket API operation - Unlike other Zonal endpoint API operations, the HeadBucket API operation doesn't use the temporary security credentials returned from the CreateSession API operation for authentication and authorization. For information about authentication and authorization of the HeadBucket API operation on directory buckets, see HeadBucket.
    Permissions

    To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants s3express:CreateSession permission to the bucket. In a policy, you can have the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. For more information about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode . For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the s3express:CreateSession permission.

    If you want to encrypt objects with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.

    Encryption

    For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

    For Zonal endpoint (object-level) API operations except CopyObject and UploadPartCopy, you authenticate and authorize requests through CreateSession for low latency. To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session.

    Only 1 customer managed key is supported per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported. After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration.

    In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, you can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) from the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

    When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. Also, in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), it's not supported to override the values of the encryption settings from the CreateSession request.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "DisableS3ExpressSessionAuth":{"value":true} } @@ -131,8 +139,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETE.html", - "documentation":"

    Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted.

    • Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - You must have the s3:DeleteBucket permission on the specified bucket in a policy.

    • Directory bucket permissions - You must have the s3express:DeleteBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucket:

    ", + "documentation":"

    Deletes the S3 bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted.

    • Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - You must have the s3:DeleteBucket permission on the specified bucket in a policy.

    • Directory bucket permissions - You must have the s3express:DeleteBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucket:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -145,7 +152,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketAnalyticsConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).

    To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

    The following operations are related to DeleteBucketAnalyticsConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes an analytics configuration for the bucket (specified by the analytics configuration ID).

    To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

    The following operations are related to DeleteBucketAnalyticsConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -158,8 +165,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketCorsRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEcors.html", - "documentation":"

    This operation is not supported for directory buckets.

    Deletes the cors configuration information set for the bucket.

    To use this operation, you must have permission to perform the s3:PutBucketCORS action. The bucket owner has this permission by default and can grant this permission to others.

    For information about cors, see Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.

    Related Resources

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes the cors configuration information set for the bucket.

    To use this operation, you must have permission to perform the s3:PutBucketCORS action. The bucket owner has this permission by default and can grant this permission to others.

    For information about cors, see Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.

    Related Resources

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -172,7 +178,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketEncryptionRequest"}, - "documentation":"

    This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).

    Permissions

    • General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucketEncryption:

    ", + "documentation":"

    This implementation of the DELETE action resets the default encryption for the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3).

    Permissions

    • General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucketEncryption:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -185,7 +191,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketIntelligentTieringConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Deletes the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to DeleteBucketIntelligentTieringConfiguration include:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to DeleteBucketIntelligentTieringConfiguration include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -198,7 +204,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketInventoryConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Deletes an inventory configuration (identified by the inventory ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

    Operations related to DeleteBucketInventoryConfiguration include:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes an S3 Inventory configuration (identified by the inventory ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

    Operations related to DeleteBucketInventoryConfiguration include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -211,8 +217,20 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketLifecycleRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETElifecycle.html", - "documentation":"

    Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.

    Permissions

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.

      For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    For more information about the object expiration, see Elements to Describe Lifecycle Actions.

    Related actions include:

    ", + "documentation":"

    Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration.

    Permissions

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.

      For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    For more information about the object expiration, see Elements to Describe Lifecycle Actions.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "UseS3ExpressControlEndpoint":{"value":true} + } + }, + "DeleteBucketMetadataConfiguration":{ + "name":"DeleteBucketMetadataConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/{Bucket}?metadataConfiguration", + "responseCode":204 + }, + "input":{"shape":"DeleteBucketMetadataConfigurationRequest"}, + "documentation":"

    Deletes an S3 Metadata configuration from a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    You can use the V2 DeleteBucketMetadataConfiguration API operation with V1 or V2 metadata configurations. However, if you try to use the V1 DeleteBucketMetadataTableConfiguration API operation with V2 configurations, you will receive an HTTP 405 Method Not Allowed error.
    Permissions

    To use this operation, you must have the s3:DeleteBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The IAM policy action name is the same for the V1 and V2 API operations.

    The following operations are related to DeleteBucketMetadataConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -225,7 +243,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketMetadataTableConfigurationRequest"}, - "documentation":"

    Deletes a metadata table configuration from a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the s3:DeleteBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketMetadataTableConfiguration:

    ", + "documentation":"

    We recommend that you delete your S3 Metadata configurations by using the V2 DeleteBucketMetadataTableConfiguration API operation. We no longer recommend using the V1 DeleteBucketMetadataTableConfiguration API operation.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    Deletes a V1 S3 Metadata configuration from a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    You can use the V2 DeleteBucketMetadataConfiguration API operation with V1 or V2 metadata table configurations. However, if you try to use the V1 DeleteBucketMetadataTableConfiguration API operation with V2 configurations, you will receive an HTTP 405 Method Not Allowed error.

    Make sure that you update your processes to use the new V2 API operations (CreateBucketMetadataConfiguration, GetBucketMetadataConfiguration, and DeleteBucketMetadataConfiguration) instead of the V1 API operations.

    Permissions

    To use this operation, you must have the s3:DeleteBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketMetadataTableConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -238,7 +256,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketMetricsConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Deletes a metrics configuration for the Amazon CloudWatch request metrics (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

    To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to DeleteBucketMetricsConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes a metrics configuration for the Amazon CloudWatch request metrics (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

    To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to DeleteBucketMetricsConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -251,7 +269,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketOwnershipControlsRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Removes OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    For information about Amazon S3 Object Ownership, see Using Object Ownership.

    The following operations are related to DeleteBucketOwnershipControls:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Removes OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    For information about Amazon S3 Object Ownership, see Using Object Ownership.

    The following operations are related to DeleteBucketOwnershipControls:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -264,8 +282,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketPolicyRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEpolicy.html", - "documentation":"

    Deletes the policy of a specified bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the DeleteBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:DeleteBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucketPolicy

    ", + "documentation":"

    Deletes the policy of a specified bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the DeleteBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:DeleteBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to DeleteBucketPolicy

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -278,7 +295,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketReplicationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Deletes the replication configuration from the bucket.

    To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    It can take a while for the deletion of a replication configuration to fully propagate.

    For information about replication configuration, see Replication in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketReplication:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes the replication configuration from the bucket.

    To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration action. The bucket owner has these permissions by default and can grant it to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    It can take a while for the deletion of a replication configuration to fully propagate.

    For information about replication configuration, see Replication in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketReplication:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -291,8 +308,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketTaggingRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEtagging.html", - "documentation":"

    This operation is not supported for directory buckets.

    Deletes the tags from the bucket.

    To use this operation, you must have permission to perform the s3:PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    The following operations are related to DeleteBucketTagging:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Deletes the tags from the bucket.

    To use this operation, you must have permission to perform the s3:PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    The following operations are related to DeleteBucketTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -305,8 +321,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketWebsiteRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketDELETEwebsite.html", - "documentation":"

    This operation is not supported for directory buckets.

    This action removes the website configuration for a bucket. Amazon S3 returns a 200 OK response upon successfully deleting a website configuration on the specified bucket. You will get a 200 OK response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a 404 response if the bucket specified in the request does not exist.

    This DELETE action requires the S3:DeleteBucketWebsite permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite permission.

    For more information about hosting websites, see Hosting Websites on Amazon S3.

    The following operations are related to DeleteBucketWebsite:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    This action removes the website configuration for a bucket. Amazon S3 returns a 200 OK response upon successfully deleting a website configuration on the specified bucket. You will get a 200 OK response if the website configuration you are trying to delete does not exist on the bucket. Amazon S3 returns a 404 response if the bucket specified in the request does not exist.

    This DELETE action requires the S3:DeleteBucketWebsite permission. By default, only the bucket owner can delete the website configuration attached to a bucket. However, bucket owners can grant other users permission to delete the website configuration by writing a bucket policy granting them the S3:DeleteBucketWebsite permission.

    For more information about hosting websites, see Hosting Websites on Amazon S3.

    The following operations are related to DeleteBucketWebsite:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -320,8 +335,7 @@ }, "input":{"shape":"DeleteObjectRequest"}, "output":{"shape":"DeleteObjectOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectDELETE.html", - "documentation":"

    Removes an object from a bucket. The behavior depends on the bucket's versioning state:

    • If bucket versioning is not enabled, the operation permanently deletes the object.

    • If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s versionId in the request. For more information about versioning-enabled buckets, see Deleting object versions from a versioning-enabled bucket.

    • If bucket versioning is suspended, the operation removes the object that has a null versionId, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null versionId, and all versions of the object have a versionId, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a versionId, you must include the object’s versionId in the request. For more information about versioning-suspended buckets, see Deleting objects from versioning-suspended buckets.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true.

    If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA Delete, see Using MFA Delete in the Amazon S3 User Guide. To see sample requests that use versioning, see Sample Request.

    Directory buckets - MFA delete is not supported by directory buckets.

    You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.

    Directory buckets - S3 Lifecycle is not supported by directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.

      • s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.

      • s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following action is related to DeleteObject:

    " + "documentation":"

    Removes an object from a bucket. The behavior depends on the bucket's versioning state:

    • If bucket versioning is not enabled, the operation permanently deletes the object.

    • If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s versionId in the request. For more information about versioning-enabled buckets, see Deleting object versions from a versioning-enabled bucket.

    • If bucket versioning is suspended, the operation removes the object that has a null versionId, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null versionId, and all versions of the object have a versionId, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a versionId, you must include the object’s versionId in the request. For more information about versioning-suspended buckets, see Deleting objects from versioning-suspended buckets.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true.

    If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA Delete, see Using MFA Delete in the Amazon S3 User Guide. To see sample requests that use versioning, see Sample Request.

    Directory buckets - MFA delete is not supported by directory buckets.

    You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.

    Directory buckets - S3 Lifecycle is not supported by directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.

      • s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.

      • s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following action is related to DeleteObject:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    The If-Match header is supported for both general purpose and directory buckets. IfMatchLastModifiedTime and IfMatchSize is only supported for directory buckets.

    " }, "DeleteObjectTagging":{ "name":"DeleteObjectTagging", @@ -332,7 +346,7 @@ }, "input":{"shape":"DeleteObjectTaggingRequest"}, "output":{"shape":"DeleteObjectTaggingOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.

    To use this operation, you must have permission to perform the s3:DeleteObjectTagging action.

    To delete tags of a specific object version, add the versionId query parameter in the request. You will need permission for the s3:DeleteObjectVersionTagging action.

    The following operations are related to DeleteObjectTagging:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Removes the entire tag set from the specified object. For more information about managing object tags, see Object Tagging.

    To use this operation, you must have permission to perform the s3:DeleteObjectTagging action.

    To delete tags of a specific object version, add the versionId query parameter in the request. You will need permission for the s3:DeleteObjectVersionTagging action.

    The following operations are related to DeleteObjectTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "DeleteObjects":{ "name":"DeleteObjects", @@ -342,9 +356,7 @@ }, "input":{"shape":"DeleteObjectsRequest"}, "output":{"shape":"DeleteObjectsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/multiobjectdeleteapi.html", - "documentation":"

    This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

    The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.

    When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.

    Directory buckets - MFA delete is not supported by directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.

      • s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.

      • s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Content-MD5 request header

    • General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.

    • Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to DeleteObjects:

    ", - "alias":"DeleteMultipleObjects", + "documentation":"

    This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.

    The request can contain a list of up to 1,000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. If the object specified in the request isn't found, Amazon S3 confirms the deletion by returning the result as deleted.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.

    When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.

    Directory buckets - MFA delete is not supported by directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.

      • s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.

      • s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Content-MD5 request header

    • General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.

    • Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to DeleteObjects:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -358,7 +370,7 @@ "responseCode":204 }, "input":{"shape":"DeletePublicAccessBlockRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    The following operations are related to DeletePublicAccessBlock:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    The following operations are related to DeletePublicAccessBlock:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -371,7 +383,7 @@ }, "input":{"shape":"GetBucketAccelerateConfigurationRequest"}, "output":{"shape":"GetBucketAccelerateConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the GET action uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to and from Amazon S3.

    To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.

    You set the Transfer Acceleration state of an existing bucket to Enabled or Suspended by using the PutBucketAccelerateConfiguration operation.

    A GET accelerate request does not return a state value for a bucket that has no transfer acceleration state. A bucket has no Transfer Acceleration state if a state has never been set on the bucket.

    For more information about transfer acceleration, see Transfer Acceleration in the Amazon S3 User Guide.

    The following operations are related to GetBucketAccelerateConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the GET action uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to and from Amazon S3.

    To use this operation, you must have permission to perform the s3:GetAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.

    You set the Transfer Acceleration state of an existing bucket to Enabled or Suspended by using the PutBucketAccelerateConfiguration operation.

    A GET accelerate request does not return a state value for a bucket that has no transfer acceleration state. A bucket has no Transfer Acceleration state if a state has never been set on the bucket.

    For more information about transfer acceleration, see Transfer Acceleration in the Amazon S3 User Guide.

    The following operations are related to GetBucketAccelerateConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -384,8 +396,7 @@ }, "input":{"shape":"GetBucketAclRequest"}, "output":{"shape":"GetBucketAclOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html", - "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the GET action uses the acl subresource to return the access control list (ACL) of a bucket. To use GET to return the ACL of the bucket, you must have the READ_ACP access to the bucket. If READ_ACP permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

    The following operations are related to GetBucketAcl:

    ", + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    This implementation of the GET action uses the acl subresource to return the access control list (ACL) of a bucket. To use GET to return the ACL of the bucket, you must have the READ_ACP access to the bucket. If READ_ACP permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    The following operations are related to GetBucketAcl:

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -398,7 +409,7 @@ }, "input":{"shape":"GetBucketAnalyticsConfigurationRequest"}, "output":{"shape":"GetBucketAnalyticsConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the GET action returns an analytics configuration (identified by the analytics configuration ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis in the Amazon S3 User Guide.

    The following operations are related to GetBucketAnalyticsConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the GET action returns an analytics configuration (identified by the analytics configuration ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis in the Amazon S3 User Guide.

    The following operations are related to GetBucketAnalyticsConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -411,8 +422,7 @@ }, "input":{"shape":"GetBucketCorsRequest"}, "output":{"shape":"GetBucketCorsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETcors.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.

    To use this operation, you must have permission to perform the s3:GetBucketCORS action. By default, the bucket owner has this permission and can grant it to others.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    For more information about CORS, see Enabling Cross-Origin Resource Sharing.

    The following operations are related to GetBucketCors:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the Cross-Origin Resource Sharing (CORS) configuration information set for the bucket.

    To use this operation, you must have permission to perform the s3:GetBucketCORS action. By default, the bucket owner has this permission and can grant it to others.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    For more information about CORS, see Enabling Cross-Origin Resource Sharing.

    The following operations are related to GetBucketCors:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -425,7 +435,7 @@ }, "input":{"shape":"GetBucketEncryptionRequest"}, "output":{"shape":"GetBucketEncryptionOutput"}, - "documentation":"

    Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).

    Permissions

    • General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to GetBucketEncryption:

    ", + "documentation":"

    Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).

    Permissions

    • General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to GetBucketEncryption:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -438,7 +448,7 @@ }, "input":{"shape":"GetBucketIntelligentTieringConfigurationRequest"}, "output":{"shape":"GetBucketIntelligentTieringConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Gets the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to GetBucketIntelligentTieringConfiguration include:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Gets the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to GetBucketIntelligentTieringConfiguration include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -451,7 +461,7 @@ }, "input":{"shape":"GetBucketInventoryConfigurationRequest"}, "output":{"shape":"GetBucketInventoryConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Returns an inventory configuration (identified by the inventory configuration ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

    The following operations are related to GetBucketInventoryConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns an S3 Inventory configuration (identified by the inventory configuration ID) from the bucket.

    To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory.

    The following operations are related to GetBucketInventoryConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -464,8 +474,7 @@ }, "input":{"shape":"GetBucketLifecycleRequest"}, "output":{"shape":"GetBucketLifecycleOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlifecycle.html", - "documentation":"

    For an updated version of this API, see GetBucketLifecycleConfiguration. If you configured a bucket lifecycle using the filter element, you should see the updated version of this topic. This topic is provided for backward compatibility.

    This operation is not supported for directory buckets.

    Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

    To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    GetBucketLifecycle has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following operations are related to GetBucketLifecycle:

    ", + "documentation":"

    For an updated version of this API, see GetBucketLifecycleConfiguration. If you configured a bucket lifecycle using the filter element, you should see the updated version of this topic. This topic is provided for backward compatibility.

    This operation is not supported for directory buckets.

    Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

    To use this operation, you must have permission to perform the s3:GetLifecycleConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    GetBucketLifecycle has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following operations are related to GetBucketLifecycle:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "deprecated":true, "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} @@ -479,7 +488,7 @@ }, "input":{"shape":"GetBucketLifecycleConfigurationRequest"}, "output":{"shape":"GetBucketLifecycleConfigurationOutput"}, - "documentation":"

    Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

    Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API, which is compatible with the new functionality. The previous version of the API supported filtering based only on an object key name prefix, which is supported for general purpose buckets for backward compatibility. For the related API description, see GetBucketLifecycle.

    Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects, transitions and tag filters are not supported.
    Permissions

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:GetLifecycleConfiguration permission.

      For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - You must have the s3express:GetLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    GetBucketLifecycleConfiguration has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following operations are related to GetBucketLifecycleConfiguration:

    ", + "documentation":"

    Returns the lifecycle configuration information set on the bucket. For information about lifecycle configuration, see Object Lifecycle Management.

    Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API, which is compatible with the new functionality. The previous version of the API supported filtering based only on an object key name prefix, which is supported for general purpose buckets for backward compatibility. For the related API description, see GetBucketLifecycle.

    Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects, transitions and tag filters are not supported.
    Permissions

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:GetLifecycleConfiguration permission.

      For more information about permissions, see Managing Access Permissions to Your Amazon S3 Resources.

    • Directory bucket permissions - You must have the s3express:GetLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    GetBucketLifecycleConfiguration has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following operations are related to GetBucketLifecycleConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -492,8 +501,7 @@ }, "input":{"shape":"GetBucketLocationRequest"}, "output":{"shape":"GetBucketLocationOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlocation.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    We recommend that you use HeadBucket to return the Region that a bucket resides in. For backward compatibility, Amazon S3 continues to support GetBucketLocation.

    The following operations are related to GetBucketLocation:

    ", + "documentation":"

    Using the GetBucketLocation operation is no longer a best practice. To return the Region that a bucket resides in, we recommend that you use the HeadBucket operation instead. For backward compatibility, Amazon S3 continues to support the GetBucketLocation operation.

    Returns the Region the bucket resides in. You set the bucket's Region using the LocationConstraint request parameter in a CreateBucket request. For more information, see CreateBucket.

    In a bucket's home Region, calls to the GetBucketLocation operation are governed by the bucket's policy. In other Regions, the bucket policy doesn't apply, which means that cross-account access won't be authorized. However, calls to the HeadBucket operation always return the bucket’s location through an HTTP response header, whether access to the bucket is authorized or not. Therefore, we recommend using the HeadBucket operation for bucket Region discovery and to avoid using the GetBucketLocation operation.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    This operation is not supported for directory buckets.

    The following operations are related to GetBucketLocation:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -506,8 +514,20 @@ }, "input":{"shape":"GetBucketLoggingRequest"}, "output":{"shape":"GetBucketLoggingOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETlogging.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the logging status of a bucket and the permissions users have to view and modify that status.

    The following operations are related to GetBucketLogging:

    ", + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    Returns the logging status of a bucket and the permissions users have to view and modify that status.

    The following operations are related to GetBucketLogging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "UseS3ExpressControlEndpoint":{"value":true} + } + }, + "GetBucketMetadataConfiguration":{ + "name":"GetBucketMetadataConfiguration", + "http":{ + "method":"GET", + "requestUri":"/{Bucket}?metadataConfiguration" + }, + "input":{"shape":"GetBucketMetadataConfigurationRequest"}, + "output":{"shape":"GetBucketMetadataConfigurationOutput"}, + "documentation":"

    Retrieves the S3 Metadata configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    You can use the V2 GetBucketMetadataConfiguration API operation with V1 or V2 metadata configurations. However, if you try to use the V1 GetBucketMetadataTableConfiguration API operation with V2 configurations, you will receive an HTTP 405 Method Not Allowed error.
    Permissions

    To use this operation, you must have the s3:GetBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The IAM policy action name is the same for the V1 and V2 API operations.

    The following operations are related to GetBucketMetadataConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -520,7 +540,7 @@ }, "input":{"shape":"GetBucketMetadataTableConfigurationRequest"}, "output":{"shape":"GetBucketMetadataTableConfigurationOutput"}, - "documentation":"

    Retrieves the metadata table configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the s3:GetBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The following operations are related to GetBucketMetadataTableConfiguration:

    ", + "documentation":"

    We recommend that you retrieve your S3 Metadata configurations by using the V2 GetBucketMetadataTableConfiguration API operation. We no longer recommend using the V1 GetBucketMetadataTableConfiguration API operation.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    Retrieves the V1 S3 Metadata configuration for a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    You can use the V2 GetBucketMetadataConfiguration API operation with V1 or V2 metadata table configurations. However, if you try to use the V1 GetBucketMetadataTableConfiguration API operation with V2 configurations, you will receive an HTTP 405 Method Not Allowed error.

    Make sure that you update your processes to use the new V2 API operations (CreateBucketMetadataConfiguration, GetBucketMetadataConfiguration, and DeleteBucketMetadataConfiguration) instead of the V1 API operations.

    Permissions

    To use this operation, you must have the s3:GetBucketMetadataTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The following operations are related to GetBucketMetadataTableConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -533,7 +553,7 @@ }, "input":{"shape":"GetBucketMetricsConfigurationRequest"}, "output":{"shape":"GetBucketMetricsConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Gets a metrics configuration (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

    To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to GetBucketMetricsConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Gets a metrics configuration (specified by the metrics configuration ID) from the bucket. Note that this doesn't include the daily storage metrics.

    To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to GetBucketMetricsConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -546,7 +566,6 @@ }, "input":{"shape":"GetBucketNotificationConfigurationRequest"}, "output":{"shape":"NotificationConfigurationDeprecated"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETnotification.html", "documentation":"

    This operation is not supported for directory buckets.

    No longer used, see GetBucketNotificationConfiguration.

    ", "deprecated":true, "staticContextParams":{ @@ -561,7 +580,7 @@ }, "input":{"shape":"GetBucketNotificationConfigurationRequest"}, "output":{"shape":"NotificationConfiguration"}, - "documentation":"

    This operation is not supported for directory buckets.

    Returns the notification configuration of a bucket.

    If notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration element.

    By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the s3:GetBucketNotification permission.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.

    The following action is related to GetBucketNotification:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the notification configuration of a bucket.

    If notifications are not enabled on the bucket, the action returns an empty NotificationConfiguration element.

    By default, you must be the bucket owner to read the notification configuration of a bucket. However, the bucket owner can use a bucket policy to grant permission to other users to read this configuration with the s3:GetBucketNotification permission.

    When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    For more information about setting and reading the notification configuration on a bucket, see Setting Up Notification of Bucket Events. For more information about bucket policies, see Using Bucket Policies.

    The following action is related to GetBucketNotification:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -574,7 +593,7 @@ }, "input":{"shape":"GetBucketOwnershipControlsRequest"}, "output":{"shape":"GetBucketOwnershipControlsOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

    For information about Amazon S3 Object Ownership, see Using Object Ownership.

    The following operations are related to GetBucketOwnershipControls:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

    A bucket doesn't have OwnershipControls settings in the following cases:

    • The bucket was created before the BucketOwnerEnforced ownership setting was introduced and you've never explicitly applied this value

    • You've manually deleted the bucket ownership control value using the DeleteBucketOwnershipControls API operation.

    By default, Amazon S3 sets OwnershipControls for all newly created buckets.

    For information about Amazon S3 Object Ownership, see Using Object Ownership.

    The following operations are related to GetBucketOwnershipControls:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -587,8 +606,7 @@ }, "input":{"shape":"GetBucketPolicyRequest"}, "output":{"shape":"GetBucketPolicyOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETpolicy.html", - "documentation":"

    Returns the policy of a specified bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:GetBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    Example bucket policies

    General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.

    Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following action is related to GetBucketPolicy:

    ", + "documentation":"

    Returns the policy of a specified bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:GetBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    Example bucket policies

    General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.

    Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following action is related to GetBucketPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -601,7 +619,7 @@ }, "input":{"shape":"GetBucketPolicyStatusRequest"}, "output":{"shape":"GetBucketPolicyStatusOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    For more information about when Amazon S3 considers a bucket public, see The Meaning of \"Public\".

    The following operations are related to GetBucketPolicyStatus:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Retrieves the policy status for an Amazon S3 bucket, indicating whether the bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    For more information about when Amazon S3 considers a bucket public, see The Meaning of \"Public\".

    The following operations are related to GetBucketPolicyStatus:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -614,7 +632,7 @@ }, "input":{"shape":"GetBucketReplicationRequest"}, "output":{"shape":"GetBucketReplicationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Returns the replication configuration of a bucket.

    It can take a while to propagate the put or delete a replication configuration to all Amazon S3 systems. Therefore, a get request soon after put or delete can return a wrong result.

    For information about replication configuration, see Replication in the Amazon S3 User Guide.

    This action requires permissions for the s3:GetReplicationConfiguration action. For more information about permissions, see Using Bucket Policies and User Policies.

    If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication and Priority elements. The response also returns those elements.

    For information about GetBucketReplication errors, see List of replication-related error codes

    The following operations are related to GetBucketReplication:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the replication configuration of a bucket.

    It can take a while to propagate the put or delete a replication configuration to all Amazon S3 systems. Therefore, a get request soon after put or delete can return a wrong result.

    For information about replication configuration, see Replication in the Amazon S3 User Guide.

    This action requires permissions for the s3:GetReplicationConfiguration action. For more information about permissions, see Using Bucket Policies and User Policies.

    If you include the Filter element in a replication configuration, you must also include the DeleteMarkerReplication and Priority elements. The response also returns those elements.

    For information about GetBucketReplication errors, see List of replication-related error codes

    The following operations are related to GetBucketReplication:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -627,8 +645,7 @@ }, "input":{"shape":"GetBucketRequestPaymentRequest"}, "output":{"shape":"GetBucketRequestPaymentOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentGET.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see Requester Pays Buckets.

    The following operations are related to GetBucketRequestPayment:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the request payment configuration of a bucket. To use this version of the operation, you must be the bucket owner. For more information, see Requester Pays Buckets.

    The following operations are related to GetBucketRequestPayment:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -641,8 +658,7 @@ }, "input":{"shape":"GetBucketTaggingRequest"}, "output":{"shape":"GetBucketTaggingOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETtagging.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the tag set associated with the bucket.

    To use this operation, you must have permission to perform the s3:GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    GetBucketTagging has the following special error:

    • Error code: NoSuchTagSet

      • Description: There is no tag set associated with the bucket.

    The following operations are related to GetBucketTagging:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the tag set associated with the bucket.

    To use this operation, you must have permission to perform the s3:GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    GetBucketTagging has the following special error:

    • Error code: NoSuchTagSet

      • Description: There is no tag set associated with the bucket.

    The following operations are related to GetBucketTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -655,8 +671,7 @@ }, "input":{"shape":"GetBucketVersioningRequest"}, "output":{"shape":"GetBucketVersioningOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETversioningStatus.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the versioning state of a bucket.

    To retrieve the versioning state of a bucket, you must be the bucket owner.

    This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is enabled, the bucket owner must use an authentication device to change the versioning state of the bucket.

    The following operations are related to GetBucketVersioning:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the versioning state of a bucket.

    To retrieve the versioning state of a bucket, you must be the bucket owner.

    This implementation also returns the MFA Delete status of the versioning state. If the MFA Delete status is enabled, the bucket owner must use an authentication device to change the versioning state of the bucket.

    The following operations are related to GetBucketVersioning:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -669,8 +684,7 @@ }, "input":{"shape":"GetBucketWebsiteRequest"}, "output":{"shape":"GetBucketWebsiteOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETwebsite.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see Hosting Websites on Amazon S3.

    This GET action requires the S3:GetBucketWebsite permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the S3:GetBucketWebsite permission.

    The following operations are related to GetBucketWebsite:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns the website configuration for a bucket. To host website on Amazon S3, you can configure a bucket as website by adding a website configuration. For more information about hosting websites, see Hosting Websites on Amazon S3.

    This GET action requires the S3:GetBucketWebsite permission. By default, only the bucket owner can read the bucket website configuration. However, bucket owners can allow other users to read the website configuration by writing a bucket policy granting them the S3:GetBucketWebsite permission.

    The following operations are related to GetBucketWebsite:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -687,8 +701,7 @@ {"shape":"NoSuchKey"}, {"shape":"InvalidObjectState"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html", - "documentation":"

    Retrieves an object from Amazon S3.

    In the GetObject request, specify the full key name for the object.

    General purpose buckets - Both the virtual-hosted-style requests and the path-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the object key name as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification in the Amazon S3 User Guide.

    Directory buckets - Only virtual-hosted-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket--use1-az5--x-s3, specify the object key name as /photos/2006/February/sample.jpg. Also, when you make requests to this API operation, your requests are sent to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    Permissions

    • General purpose bucket permissions - You must have the required permissions in a policy. To use GetObject, you must have the READ access to the object (or version). If you grant READ access to the anonymous user, the GetObject operation returns the object without using an authorization header. For more information, see Specifying permissions in a policy in the Amazon S3 User Guide.

      If you include a versionId in your request header, you must have the s3:GetObjectVersion permission to access a specific version of an object. The s3:GetObject permission is not required in this scenario.

      If you request the current version of an object without a specific versionId in the request header, only the s3:GetObject permission is required. The s3:GetObjectVersion permission is not required in this scenario.

      If the object that you request doesn’t exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.

      • If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Access Denied error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Storage classes

    If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see Restoring Archived Objects in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error.

    Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    Overriding response header values through the request

    There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request.

    You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object.

    The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires.

    To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request.

    • response-cache-control

    • response-content-disposition

    • response-content-encoding

    • response-content-language

    • response-content-type

    • response-expires

    When you use these parameters, you must sign the request by using either an Authorization header or a presigned URL. These parameters cannot be used with an unsigned (anonymous) request.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to GetObject:

    ", + "documentation":"

    Retrieves an object from Amazon S3.

    In the GetObject request, specify the full key name for the object.

    General purpose buckets - Both the virtual-hosted-style requests and the path-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg, specify the object key name as /photos/2006/February/sample.jpg. For a path-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. For more information about request types, see HTTP Host Header Bucket Specification in the Amazon S3 User Guide.

    Directory buckets - Only virtual-hosted-style requests are supported. For a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg in the bucket named amzn-s3-demo-bucket--usw2-az1--x-s3, specify the object key name as /photos/2006/February/sample.jpg. Also, when you make requests to this API operation, your requests are sent to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    Permissions

    • General purpose bucket permissions - You must have the required permissions in a policy. To use GetObject, you must have the READ access to the object (or version). If you grant READ access to the anonymous user, the GetObject operation returns the object without using an authorization header. For more information, see Specifying permissions in a policy in the Amazon S3 User Guide.

      If you include a versionId in your request header, you must have the s3:GetObjectVersion permission to access a specific version of an object. The s3:GetObject permission is not required in this scenario.

      If you request the current version of an object without a specific versionId in the request header, only the s3:GetObject permission is required. The s3:GetObjectVersion permission is not required in this scenario.

      If the object that you request doesn’t exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.

      • If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Access Denied error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted using SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Storage classes

    If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can retrieve the object you must first restore a copy using RestoreObject. Otherwise, this operation returns an InvalidObjectState error. For information about restoring archived objects, see Restoring Archived Objects in the Amazon S3 User Guide.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for the GetObject requests, if your object uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject requests for the object that uses these types of keys, you’ll get an HTTP 400 Bad Request error.

    Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    Overriding response header values through the request

    There are times when you want to override certain response header values of a GetObject response. For example, you might override the Content-Disposition response header value through your GetObject request.

    You can override values for a set of response headers. These modified response header values are included only in a successful response, that is, when the HTTP status code 200 OK is returned. The headers you can override using the following query parameters in the request are a subset of the headers that Amazon S3 accepts when you create an object.

    The response headers that you can override for the GetObject response are Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, and Expires.

    To override values for a set of response headers in the GetObject response, you can use the following query parameters in the request.

    • response-cache-control

    • response-content-disposition

    • response-content-encoding

    • response-content-language

    • response-content-type

    • response-expires

    When you use these parameters, you must sign the request by using either an Authorization header or a presigned URL. These parameters cannot be used with an unsigned (anonymous) request.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to GetObject:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestValidationModeMember":"ChecksumMode", "responseAlgorithms":[ @@ -711,8 +724,7 @@ "errors":[ {"shape":"NoSuchKey"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETacl.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns the access control list (ACL) of an object. To use this operation, you must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more information, see Mapping of ACL permissions and access policy permissions in the Amazon S3 User Guide

    This functionality is not supported for Amazon S3 on Outposts.

    By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

    The following operations are related to GetObjectAcl:

    " + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    Returns the access control list (ACL) of an object. To use this operation, you must have s3:GetObjectAcl permissions or READ_ACP access to the object. For more information, see Mapping of ACL permissions and access policy permissions in the Amazon S3 User Guide

    This functionality is not supported for Amazon S3 on Outposts.

    By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the bucket-owner-full-control ACL with the owner being the account that created the bucket. For more information, see Controlling object ownership and disabling ACLs in the Amazon S3 User Guide.

    The following operations are related to GetObjectAcl:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectAttributes":{ "name":"GetObjectAttributes", @@ -725,7 +737,7 @@ "errors":[ {"shape":"NoSuchKey"} ], - "documentation":"

    Retrieves all the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.

    GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with each of those individual calls can be returned with a single call to GetObjectAttributes.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object. The permissions that you need to use this operation depend on whether the bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this operation. If the bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes permissions. For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide. If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.

      • If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a GET request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.

    If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

    Directory bucket permissions - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
    Versioning

    Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.

    Conditional request headers

    Consider the following when using request headers:

    • If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:

      • If-Match condition evaluates to true.

      • If-Unmodified-Since condition evaluates to false.

      For more information about conditional requests, see RFC 7232.

    • If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:

      • If-None-Match condition evaluates to false.

      • If-Modified-Since condition evaluates to true.

      For more information about conditional requests, see RFC 7232.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following actions are related to GetObjectAttributes:

    " + "documentation":"

    Retrieves all of the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.

    GetObjectAttributes combines the functionality of HeadObject and ListParts. All of the data returned with both of those individual calls can be returned with a single call to GetObjectAttributes.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To use GetObjectAttributes, you must have READ access to the object.

      The other permissions that you need to use this operation depend on whether the bucket is versioned and if a version ID is passed in the GetObjectAttributes request.

      • If you pass a version ID in your request, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions.

      • If you do not pass a version ID in your request, you need the s3:GetObject and s3:GetObjectAttributes permissions.

      For more information, see Specifying Permissions in a Policy in the Amazon S3 User Guide.

      If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found (\"no such key\") error.

      • If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden (\"access denied\") error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a GET request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.

    If you encrypted an object when you stored the object in Amazon S3 by using server-side encryption with customer-provided encryption keys (SSE-C), then when you retrieve the metadata from the object, you must use the following headers. These headers provide the server with the encryption key required to retrieve the object's metadata. The headers are:

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

    Directory bucket permissions - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
    Versioning

    Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.

    Conditional request headers

    Consider the following when using request headers:

    • If both of the If-Match and If-Unmodified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 200 OK and the data requested:

      • If-Match condition evaluates to true.

      • If-Unmodified-Since condition evaluates to false.

      For more information about conditional requests, see RFC 7232.

    • If both of the If-None-Match and If-Modified-Since headers are present in the request as follows, then Amazon S3 returns the HTTP status code 304 Not Modified:

      • If-None-Match condition evaluates to false.

      • If-Modified-Since condition evaluates to true.

      For more information about conditional requests, see RFC 7232.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following actions are related to GetObjectAttributes:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectLegalHold":{ "name":"GetObjectLegalHold", @@ -735,7 +747,7 @@ }, "input":{"shape":"GetObjectLegalHoldRequest"}, "output":{"shape":"GetObjectLegalHoldOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Gets an object's current legal hold status. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectLegalHold:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Gets an object's current legal hold status. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectLegalHold:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectLockConfiguration":{ "name":"GetObjectLockConfiguration", @@ -745,7 +757,7 @@ }, "input":{"shape":"GetObjectLockConfigurationRequest"}, "output":{"shape":"GetObjectLockConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

    The following action is related to GetObjectLockConfiguration:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Gets the Object Lock configuration for a bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

    The following action is related to GetObjectLockConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectRetention":{ "name":"GetObjectRetention", @@ -755,7 +767,7 @@ }, "input":{"shape":"GetObjectRetentionRequest"}, "output":{"shape":"GetObjectRetentionOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Retrieves an object's retention settings. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectRetention:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Retrieves an object's retention settings. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectRetention:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectTagging":{ "name":"GetObjectTagging", @@ -765,7 +777,7 @@ }, "input":{"shape":"GetObjectTaggingRequest"}, "output":{"shape":"GetObjectTaggingOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.

    To use this operation, you must have permission to perform the s3:GetObjectTagging action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the s3:GetObjectVersionTagging action.

    By default, the bucket owner has this permission and can grant this permission to others.

    For information about the Amazon S3 object tagging feature, see Object Tagging.

    The following actions are related to GetObjectTagging:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Returns the tag-set of an object. You send the GET request against the tagging subresource associated with the object.

    To use this operation, you must have permission to perform the s3:GetObjectTagging action. By default, the GET action returns information about current version of an object. For a versioned bucket, you can have multiple versions of an object in your bucket. To retrieve tags of any other version, use the versionId query parameter. You also need permission for the s3:GetObjectVersionTagging action.

    By default, the bucket owner has this permission and can grant this permission to others.

    For information about the Amazon S3 object tagging feature, see Object Tagging.

    The following actions are related to GetObjectTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetObjectTorrent":{ "name":"GetObjectTorrent", @@ -775,8 +787,7 @@ }, "input":{"shape":"GetObjectTorrentRequest"}, "output":{"shape":"GetObjectTorrentOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETtorrent.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files.

    You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.

    To use GET, you must have READ access to the object.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectTorrent:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Returns torrent files from a bucket. BitTorrent can save you bandwidth when you're distributing large files.

    You can get torrent only for objects that are less than 5 GB in size, and that are not encrypted using server-side encryption with a customer-provided encryption key.

    To use GET, you must have READ access to the object.

    This functionality is not supported for Amazon S3 on Outposts.

    The following action is related to GetObjectTorrent:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "GetPublicAccessBlock":{ "name":"GetPublicAccessBlock", @@ -786,7 +797,7 @@ }, "input":{"shape":"GetPublicAccessBlockRequest"}, "output":{"shape":"GetPublicAccessBlockOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock settings are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.

    For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".

    The following operations are related to GetPublicAccessBlock:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:GetBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock settings are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.

    For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".

    The following operations are related to GetPublicAccessBlock:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -802,8 +813,7 @@ "errors":[ {"shape":"NoSuchBucket"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketHEAD.html", - "documentation":"

    You can use this operation to determine if a bucket exists and if you have permission to access it. The action returns a 200 OK if the bucket exists and you have permission to access it.

    If the bucket does not exist or you do not have permission to access it, the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 Not Found code. A message body is not included, so you cannot determine the exception beyond these HTTP response codes.
    Authentication and authorization

    General purpose buckets - Request to public buckets that grant the s3:ListBucket permission publicly do not need to be signed. All other HeadBucket requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use IAM credentials to authenticate and authorize your access to the HeadBucket API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    " + "documentation":"

    You can use this operation to determine if a bucket exists and if you have permission to access it. The action returns a 200 OK HTTP status code if the bucket exists and you have permission to access it. You can make a HeadBucket call on any bucket name to any Region in the partition, and regardless of the permissions on the bucket, you will receive a response header with the correct bucket location so that you can then make a proper, signed request to the appropriate Regional endpoint.

    If the bucket doesn't exist or you don't have permission to access it, the HEAD request returns a generic 400 Bad Request, 403 Forbidden, or 404 Not Found HTTP status code. A message body isn't included, so you can't determine the exception beyond these HTTP response codes.
    Authentication and authorization

    General purpose buckets - Request to public buckets that grant the s3:ListBucket permission publicly do not need to be signed. All other HeadBucket requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use IAM credentials to authenticate and authorize your access to the HeadBucket API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "HeadObject":{ "name":"HeadObject", @@ -816,8 +826,7 @@ "errors":[ {"shape":"NoSuchKey"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectHEAD.html", - "documentation":"

    The HEAD operation retrieves metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.

    A HEAD request has the same options as a GET operation on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not possible to retrieve the exact exception of these error codes.

    Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

    Permissions

    • General purpose bucket permissions - To use HEAD, you must have the s3:GetObject permission. You need the relevant read object (or version) permission for this operation. For more information, see Actions, resources, and condition keys for Amazon S3 in the Amazon S3 User Guide. For more information about the permissions to S3 API operations by S3 resource types, see Required permissions for Amazon S3 API operations in the Amazon S3 User Guide.

      If the object you request doesn't exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.

      • If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If you enable x-amz-checksum-mode in the request and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a HEAD request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.

    If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

    Directory bucket - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    Versioning

    • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.

    • If the specified version is a delete marker, the response returns a 405 Method Not Allowed error and the Last-Modified: timestamp response header.

    • Directory buckets - Delete marker is not supported for directory buckets.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    The following actions are related to HeadObject:

    " + "documentation":"

    The HEAD operation retrieves metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.

    A HEAD request has the same options as a GET operation on an object. The response is identical to the GET response except that there is no response body. Because of this, if the HEAD request generates an error, it returns a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not possible to retrieve the exact exception of these error codes.

    Request headers are limited to 8 KB in size. For more information, see Common Request Headers.

    Permissions

    • General purpose bucket permissions - To use HEAD, you must have the s3:GetObject permission. You need the relevant read object (or version) permission for this operation. For more information, see Actions, resources, and condition keys for Amazon S3 in the Amazon S3 User Guide. For more information about the permissions to S3 API operations by S3 resource types, see Required permissions for Amazon S3 API operations in the Amazon S3 User Guide.

      If the object you request doesn't exist, the error that Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

      • If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code 404 Not Found error.

      • If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP status code 403 Forbidden error.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If you enable x-amz-checksum-mode in the request and the object is encrypted with Amazon Web Services Key Management Service (Amazon Web Services KMS), you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key to retrieve the checksum of the object.

    Encryption

    Encryption request headers, like x-amz-server-side-encryption, should not be sent for HEAD requests if your object uses server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption header is used when you PUT an object to S3 and want to specify the encryption method. If you include this header in a HEAD request for an object that uses these types of keys, you’ll get an HTTP 400 Bad Request error. It's because the encryption method can't be changed when you retrieve the object.

    If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you retrieve the metadata from the object, you must use the following headers to provide the encryption key for the server to be able to retrieve the object's metadata. The headers are:

    • x-amz-server-side-encryption-customer-algorithm

    • x-amz-server-side-encryption-customer-key

    • x-amz-server-side-encryption-customer-key-MD5

    For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

    Directory bucket - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. SSE-C isn't supported. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    Versioning

    • If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes x-amz-delete-marker: true in the response.

    • If the specified version is a delete marker, the response returns a 405 Method Not Allowed error and the Last-Modified: timestamp response header.

    • Directory buckets - Delete marker is not supported for directory buckets.

    • Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    The following actions are related to HeadObject:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListBucketAnalyticsConfigurations":{ "name":"ListBucketAnalyticsConfigurations", @@ -827,7 +836,7 @@ }, "input":{"shape":"ListBucketAnalyticsConfigurationsRequest"}, "output":{"shape":"ListBucketAnalyticsConfigurationsOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Lists the analytics configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. You should always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there will be a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

    The following operations are related to ListBucketAnalyticsConfigurations:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Lists the analytics configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. You should always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there will be a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about Amazon S3 analytics feature, see Amazon S3 Analytics – Storage Class Analysis.

    The following operations are related to ListBucketAnalyticsConfigurations:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -840,7 +849,7 @@ }, "input":{"shape":"ListBucketIntelligentTieringConfigurationsRequest"}, "output":{"shape":"ListBucketIntelligentTieringConfigurationsOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Lists the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to ListBucketIntelligentTieringConfigurations include:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Lists the S3 Intelligent-Tiering configuration from the specified bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to ListBucketIntelligentTieringConfigurations include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -853,7 +862,7 @@ }, "input":{"shape":"ListBucketInventoryConfigurationsRequest"}, "output":{"shape":"ListBucketInventoryConfigurationsOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Returns a list of inventory configurations for the bucket. You can have up to 1,000 analytics configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory

    The following operations are related to ListBucketInventoryConfigurations:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Returns a list of S3 Inventory configurations for the bucket. You can have up to 1,000 inventory configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetInventoryConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about the Amazon S3 inventory feature, see Amazon S3 Inventory

    The following operations are related to ListBucketInventoryConfigurations:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -866,7 +875,7 @@ }, "input":{"shape":"ListBucketMetricsConfigurationsRequest"}, "output":{"shape":"ListBucketMetricsConfigurationsOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Lists the metrics configurations for the bucket. The metrics configurations are only for the request metrics of the bucket and do not provide information on daily storage metrics. You can have up to 1,000 configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For more information about metrics configurations and CloudWatch request metrics, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to ListBucketMetricsConfigurations:

    " + "documentation":"

    This operation is not supported for directory buckets.

    Lists the metrics configurations for the bucket. The metrics configurations are only for the request metrics of the bucket and do not provide information on daily storage metrics. You can have up to 1,000 configurations per bucket.

    This action supports list pagination and does not return more than 100 configurations at a time. Always check the IsTruncated element in the response. If there are no more configurations to list, IsTruncated is set to false. If there are more configurations to list, IsTruncated is set to true, and there is a value in NextContinuationToken. You use the NextContinuationToken value to continue the pagination of the list by passing the value in continuation-token in the request to GET the next page.

    To use this operation, you must have permissions to perform the s3:GetMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For more information about metrics configurations and CloudWatch request metrics, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to ListBucketMetricsConfigurations:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListBuckets":{ "name":"ListBuckets", @@ -876,9 +885,7 @@ }, "input":{"shape":"ListBucketsRequest"}, "output":{"shape":"ListBucketsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTServiceGET.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns a list of all buckets owned by the authenticated sender of the request. To grant IAM permission to use this operation, you must add the s3:ListAllMyBuckets policy action.

    For information about Amazon S3 buckets, see Creating, configuring, and working with Amazon S3 buckets.

    We strongly recommend using only paginated ListBuckets requests. Unpaginated ListBuckets requests are only supported for Amazon Web Services accounts set to the default general purpose bucket quota of 10,000. If you have an approved general purpose bucket quota above 10,000, you must send paginated ListBuckets requests to list your account’s buckets. All unpaginated ListBuckets requests will be rejected for Amazon Web Services accounts with a general purpose bucket quota greater than 10,000.

    ", - "alias":"GetService" + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    Returns a list of all buckets owned by the authenticated sender of the request. To grant IAM permission to use this operation, you must add the s3:ListAllMyBuckets policy action.

    For information about Amazon S3 buckets, see Creating, configuring, and working with Amazon S3 buckets.

    We strongly recommend using only paginated ListBuckets requests. Unpaginated ListBuckets requests are only supported for Amazon Web Services accounts set to the default general purpose bucket quota of 10,000. If you have an approved general purpose bucket quota above 10,000, you must send paginated ListBuckets requests to list your account’s buckets. All unpaginated ListBuckets requests will be rejected for Amazon Web Services accounts with a general purpose bucket quota greater than 10,000.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListDirectoryBuckets":{ "name":"ListDirectoryBuckets", @@ -888,7 +895,7 @@ }, "input":{"shape":"ListDirectoryBucketsRequest"}, "output":{"shape":"ListDirectoryBucketsOutput"}, - "documentation":"

    Returns a list of all Amazon S3 directory buckets owned by the authenticated sender of the request. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    The BucketRegion response element is not part of the ListDirectoryBuckets Response Syntax.

    ", + "documentation":"

    Returns a list of all Amazon S3 directory buckets owned by the authenticated sender of the request. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    The BucketRegion response element is not part of the ListDirectoryBuckets Response Syntax.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -901,8 +908,7 @@ }, "input":{"shape":"ListMultipartUploadsRequest"}, "output":{"shape":"ListMultipartUploadsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListMPUpload.html", - "documentation":"

    This operation lists in-progress multipart uploads in a bucket. An in-progress multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload request, but has not yet been completed or aborted.

    Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.

    The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads request parameter. If there are more than 1,000 multipart uploads that satisfy your ListMultipartUploads request, the response returns an IsTruncated element with the value of true, a NextKeyMarker element, and a NextUploadIdMarker element. To list the remaining multipart uploads, you need to make subsequent ListMultipartUploads requests. In these requests, include two query parameters: key-marker and upload-id-marker. Set the value of key-marker to the NextKeyMarker value from the previous response. Similarly, set the value of upload-id-marker to the NextUploadIdMarker value from the previous response.

    Directory buckets - The upload-id-marker element and the NextUploadIdMarker element aren't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of key-marker to the NextKeyMarker value from the previous response.

    For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Sorting of multipart uploads in response

    • General purpose bucket - In the ListMultipartUploads response, the multipart uploads are sorted based on two criteria:

      • Key-based sorting - Multipart uploads are initially sorted in ascending order based on their object keys.

      • Time-based sorting - For uploads that share the same object key, they are further sorted in ascending order based on the upload initiation time. Among uploads with the same key, the one that was initiated first will appear before the ones that were initiated later.

    • Directory bucket - In the ListMultipartUploads response, the multipart uploads aren't sorted lexicographically based on the object keys.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to ListMultipartUploads:

    " + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation lists in-progress multipart uploads in a bucket. An in-progress multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload request, but has not yet been completed or aborted.

    Directory buckets - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed. To delete these in-progress multipart uploads, use the ListMultipartUploads operation to list the in-progress multipart uploads in the bucket and use the AbortMultipartUpload operation to abort all the in-progress multipart uploads.

    The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is also the default value. You can further limit the number of uploads in a response by specifying the max-uploads request parameter. If there are more than 1,000 multipart uploads that satisfy your ListMultipartUploads request, the response returns an IsTruncated element with the value of true, a NextKeyMarker element, and a NextUploadIdMarker element. To list the remaining multipart uploads, you need to make subsequent ListMultipartUploads requests. In these requests, include two query parameters: key-marker and upload-id-marker. Set the value of key-marker to the NextKeyMarker value from the previous response. Similarly, set the value of upload-id-marker to the NextUploadIdMarker value from the previous response.

    Directory buckets - The upload-id-marker element and the NextUploadIdMarker element aren't supported by directory buckets. To list the additional multipart uploads, you only need to set the value of key-marker to the NextKeyMarker value from the previous response.

    For more information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Sorting of multipart uploads in response

    • General purpose bucket - In the ListMultipartUploads response, the multipart uploads are sorted based on two criteria:

      • Key-based sorting - Multipart uploads are initially sorted in ascending order based on their object keys.

      • Time-based sorting - For uploads that share the same object key, they are further sorted in ascending order based on the upload initiation time. Among uploads with the same key, the one that was initiated first will appear before the ones that were initiated later.

    • Directory bucket - In the ListMultipartUploads response, the multipart uploads aren't sorted lexicographically based on the object keys.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to ListMultipartUploads:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListObjectVersions":{ "name":"ListObjectVersions", @@ -912,9 +918,7 @@ }, "input":{"shape":"ListObjectVersionsRequest"}, "output":{"shape":"ListObjectVersionsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETVersion.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.

    To use this operation, you must have permission to perform the s3:ListBucketVersions action. Be aware of the name difference.

    A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.

    To use this operation, you must have READ access to the bucket.

    The following operations are related to ListObjectVersions:

    ", - "alias":"GetBucketObjectVersions" + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    Returns metadata about all versions of the objects in a bucket. You can also use request parameters as selection criteria to return metadata about a subset of all the object versions.

    To use this operation, you must have permission to perform the s3:ListBucketVersions action. Be aware of the name difference.

    A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately.

    To use this operation, you must have READ access to the bucket.

    The following operations are related to ListObjectVersions:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListObjects":{ "name":"ListObjects", @@ -927,9 +931,7 @@ "errors":[ {"shape":"NoSuchBucket"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGET.html", - "documentation":"

    This operation is not supported for directory buckets.

    Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

    This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support ListObjects.

    The following operations are related to ListObjects:

    ", - "alias":"GetBucket" + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    This operation is not supported for directory buckets.

    Returns some or all (up to 1,000) of the objects in a bucket. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Be sure to design your application to parse the contents of the response and handle it appropriately.

    This action has been revised. We recommend that you use the newer version, ListObjectsV2, when developing applications. For backward compatibility, Amazon S3 continues to support ListObjects.

    The following operations are related to ListObjects:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListObjectsV2":{ "name":"ListObjectsV2", @@ -942,7 +944,7 @@ "errors":[ {"shape":"NoSuchBucket"} ], - "documentation":"

    Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. For more information about listing objects, see Listing object keys programmatically in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets.

    • General purpose bucket - For general purpose buckets, ListObjectsV2 doesn't return prefixes that are related only to in-progress multipart uploads.

    • Directory buckets - For directory buckets, ListObjectsV2 response includes the prefixes that are related only to in-progress multipart uploads.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To use this operation, you must have READ access to the bucket. You must have permission to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Sorting order of returned objects

    • General purpose bucket - For general purpose buckets, ListObjectsV2 returns objects in lexicographical order based on their key names.

    • Directory bucket - For directory buckets, ListObjectsV2 does not return objects in lexicographical order.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    This section describes the latest revision of this action. We recommend that you use this revised API operation for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API operation, ListObjects.

    The following operations are related to ListObjectsV2:

    " + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    Returns some or all (up to 1,000) of the objects in a bucket with each request. You can use the request parameters as selection criteria to return a subset of the objects in a bucket. A 200 OK response can contain valid or invalid XML. Make sure to design your application to parse the contents of the response and handle it appropriately. For more information about listing objects, see Listing object keys programmatically in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets.

    • General purpose bucket - For general purpose buckets, ListObjectsV2 doesn't return prefixes that are related only to in-progress multipart uploads.

    • Directory buckets - For directory buckets, ListObjectsV2 response includes the prefixes that are related only to in-progress multipart uploads.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To use this operation, you must have READ access to the bucket. You must have permission to perform the s3:ListBucket action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    Sorting order of returned objects

    • General purpose bucket - For general purpose buckets, ListObjectsV2 returns objects in lexicographical order based on their key names.

    • Directory bucket - For directory buckets, ListObjectsV2 does not return objects in lexicographical order.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    This section describes the latest revision of this action. We recommend that you use this revised API operation for application development. For backward compatibility, Amazon S3 continues to support the prior version of this API operation, ListObjects.

    The following operations are related to ListObjectsV2:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "ListParts":{ "name":"ListParts", @@ -952,8 +954,7 @@ }, "input":{"shape":"ListPartsRequest"}, "output":{"shape":"ListPartsOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadListParts.html", - "documentation":"

    Lists the parts that have been uploaded for a specific multipart upload.

    To use this operation, you must provide the upload ID in the request. You obtain this uploadID by sending the initiate multipart upload request through CreateMultipartUpload.

    The ListParts request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. To list remaining uploaded parts, in subsequent ListParts requests, include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.

    For more information on multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

      If the upload was created using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must have permission to the kms:Decrypt action for the ListParts request to succeed.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to ListParts:

    " + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    Lists the parts that have been uploaded for a specific multipart upload.

    To use this operation, you must provide the upload ID in the request. You obtain this uploadID by sending the initiate multipart upload request through CreateMultipartUpload.

    The ListParts request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. To list remaining uploaded parts, in subsequent ListParts requests, include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.

    For more information on multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.

      If the upload was created using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must have permission to the kms:Decrypt action for the ListParts request to succeed.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to ListParts:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " }, "PutBucketAccelerateConfiguration":{ "name":"PutBucketAccelerateConfiguration", @@ -962,7 +963,7 @@ "requestUri":"/{Bucket}?accelerate" }, "input":{"shape":"PutBucketAccelerateConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to Amazon S3.

    To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    The Transfer Acceleration state of a bucket can be set to one of the following two values:

    • Enabled – Enables accelerated data transfers to the bucket.

    • Suspended – Disables accelerated data transfers to the bucket.

    The GetBucketAccelerateConfiguration action returns the transfer acceleration state of a bucket.

    After setting the Transfer Acceleration state of a bucket to Enabled, it might take up to thirty minutes before the data transfer rates to the bucket increase.

    The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods (\".\").

    For more information about transfer acceleration, see Transfer Acceleration.

    The following operations are related to PutBucketAccelerateConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer Acceleration is a bucket-level feature that enables you to perform faster data transfers to Amazon S3.

    To use this operation, you must have permission to perform the s3:PutAccelerateConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    The Transfer Acceleration state of a bucket can be set to one of the following two values:

    • Enabled – Enables accelerated data transfers to the bucket.

    • Suspended – Disables accelerated data transfers to the bucket.

    The GetBucketAccelerateConfiguration action returns the transfer acceleration state of a bucket.

    After setting the Transfer Acceleration state of a bucket to Enabled, it might take up to thirty minutes before the data transfer rates to the bucket increase.

    The name of the bucket used for Transfer Acceleration must be DNS-compliant and must not contain periods (\".\").

    For more information about transfer acceleration, see Transfer Acceleration.

    The following operations are related to PutBucketAccelerateConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":false @@ -978,8 +979,7 @@ "requestUri":"/{Bucket}?acl" }, "input":{"shape":"PutBucketAclRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html", - "documentation":"

    This operation is not supported for directory buckets.

    Sets the permissions on an existing bucket using access control lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have the WRITE_ACP permission.

    You can use one of the following two ways to set a bucket's permissions:

    • Specify the ACL in the request body

    • Specify permissions using request headers

    You cannot specify access permission using both the body and the request headers.

    Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
    Permissions

    You can set access permissions by using one of the following methods:

    • Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.

    • Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

      You specify each grantee as a type=value pair, where the type is one of the following:

      • id – if the value specified is the canonical user ID of an Amazon Web Services account

      • uri – if you are granting permissions to a predefined group

      • emailAddress – if the value specified is the email address of an Amazon Web Services account

        Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

        • US East (N. Virginia)

        • US West (N. California)

        • US West (Oregon)

        • Asia Pacific (Singapore)

        • Asia Pacific (Sydney)

        • Asia Pacific (Tokyo)

        • Europe (Ireland)

        • South America (São Paulo)

        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      For example, the following x-amz-grant-write header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.

      x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\"

    You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>&</Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    The following operations are related to PutBucketAcl:

    ", + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    This operation is not supported for directory buckets.

    Sets the permissions on an existing bucket using access control lists (ACL). For more information, see Using ACLs. To set the ACL of a bucket, you must have the WRITE_ACP permission.

    You can use one of the following two ways to set a bucket's permissions:

    • Specify the ACL in the request body

    • Specify permissions using request headers

    You cannot specify access permission using both the body and the request headers.

    Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
    Permissions

    You can set access permissions by using one of the following methods:

    • Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.

    • Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

      You specify each grantee as a type=value pair, where the type is one of the following:

      • id – if the value specified is the canonical user ID of an Amazon Web Services account

      • uri – if you are granting permissions to a predefined group

      • emailAddress – if the value specified is the email address of an Amazon Web Services account

        Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

        • US East (N. Virginia)

        • US West (N. California)

        • US West (Oregon)

        • Asia Pacific (Singapore)

        • Asia Pacific (Sydney)

        • Asia Pacific (Tokyo)

        • Europe (Ireland)

        • South America (São Paulo)

        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      For example, the following x-amz-grant-write header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.

      x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\"

    You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the Amazon Web Services CLI example in Enabling Amazon S3 server access logging in the Amazon S3 User Guide.

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>&</Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

    The following operations are related to PutBucketAcl:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -995,7 +995,7 @@ "requestUri":"/{Bucket}?analytics" }, "input":{"shape":"PutBucketAnalyticsConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Sets an analytics configuration for the bucket (specified by the analytics configuration ID). You can have up to 1,000 analytics configurations per bucket.

    You can choose to have storage class analysis export analysis reports sent to a comma-separated values (CSV) flat file. See the DataExport request element. Reports are updated daily and are based on the object filters that you configure. When selecting data export, you specify a destination bucket and an optional destination prefix where the file is written. You can export the data to a destination bucket in a different account. However, the destination bucket must be in the same Region as the bucket that you are making the PUT analytics configuration to. For more information, see Amazon S3 Analytics – Storage Class Analysis.

    You must create a bucket policy on the destination bucket where the exported file is written to grant permissions to Amazon S3 to write objects to the bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

    To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    PutBucketAnalyticsConfiguration has the following special errors:

      • HTTP Error: HTTP 400 Bad Request

      • Code: InvalidArgument

      • Cause: Invalid argument.

      • HTTP Error: HTTP 400 Bad Request

      • Code: TooManyConfigurations

      • Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

      • HTTP Error: HTTP 403 Forbidden

      • Code: AccessDenied

      • Cause: You are not the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to set the configuration on the bucket.

    The following operations are related to PutBucketAnalyticsConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets an analytics configuration for the bucket (specified by the analytics configuration ID). You can have up to 1,000 analytics configurations per bucket.

    You can choose to have storage class analysis export analysis reports sent to a comma-separated values (CSV) flat file. See the DataExport request element. Reports are updated daily and are based on the object filters that you configure. When selecting data export, you specify a destination bucket and an optional destination prefix where the file is written. You can export the data to a destination bucket in a different account. However, the destination bucket must be in the same Region as the bucket that you are making the PUT analytics configuration to. For more information, see Amazon S3 Analytics – Storage Class Analysis.

    You must create a bucket policy on the destination bucket where the exported file is written to grant permissions to Amazon S3 to write objects to the bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.

    To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    PutBucketAnalyticsConfiguration has the following special errors:

      • HTTP Error: HTTP 400 Bad Request

      • Code: InvalidArgument

      • Cause: Invalid argument.

      • HTTP Error: HTTP 400 Bad Request

      • Code: TooManyConfigurations

      • Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

      • HTTP Error: HTTP 403 Forbidden

      • Code: AccessDenied

      • Cause: You are not the owner of the specified bucket, or you do not have the s3:PutAnalyticsConfiguration bucket permission to set the configuration on the bucket.

    The following operations are related to PutBucketAnalyticsConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1007,8 +1007,7 @@ "requestUri":"/{Bucket}?cors" }, "input":{"shape":"PutBucketCorsRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTcors.html", - "documentation":"

    This operation is not supported for directory buckets.

    Sets the cors configuration for your bucket. If the configuration exists, Amazon S3 replaces it.

    To use this operation, you must be allowed to perform the s3:PutBucketCORS action. By default, the bucket owner has this permission and can grant it to others.

    You set this configuration on a bucket so that the bucket can service cross-origin requests. For example, you might want to enable a request whose origin is http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com by using the browser's XMLHttpRequest capability.

    To enable cross-origin resource sharing (CORS) on a bucket, you add the cors subresource to the bucket. The cors subresource is an XML document in which you configure rules that identify origins and the HTTP methods that can be executed on your bucket. The document is limited to 64 KB in size.

    When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a bucket, it evaluates the cors configuration on the bucket and uses the first CORSRule rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met:

    • The request's Origin header must match AllowedOrigin elements.

    • The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method header in case of a pre-flight OPTIONS request must be one of the AllowedMethod elements.

    • Every header specified in the Access-Control-Request-Headers request header of a pre-flight request must match an AllowedHeader element.

    For more information about CORS, go to Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.

    The following operations are related to PutBucketCors:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the cors configuration for your bucket. If the configuration exists, Amazon S3 replaces it.

    To use this operation, you must be allowed to perform the s3:PutBucketCORS action. By default, the bucket owner has this permission and can grant it to others.

    You set this configuration on a bucket so that the bucket can service cross-origin requests. For example, you might want to enable a request whose origin is http://www.example.com to access your Amazon S3 bucket at my.example.bucket.com by using the browser's XMLHttpRequest capability.

    To enable cross-origin resource sharing (CORS) on a bucket, you add the cors subresource to the bucket. The cors subresource is an XML document in which you configure rules that identify origins and the HTTP methods that can be executed on your bucket. The document is limited to 64 KB in size.

    When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a bucket, it evaluates the cors configuration on the bucket and uses the first CORSRule rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met:

    • The request's Origin header must match AllowedOrigin elements.

    • The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method header in case of a pre-flight OPTIONS request must be one of the AllowedMethod elements.

    • Every header specified in the Access-Control-Request-Headers request header of a pre-flight request must match an AllowedHeader element.

    For more information about CORS, go to Enabling Cross-Origin Resource Sharing in the Amazon S3 User Guide.

    The following operations are related to PutBucketCors:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1024,7 +1023,7 @@ "requestUri":"/{Bucket}?encryption" }, "input":{"shape":"PutBucketEncryptionRequest"}, - "documentation":"

    This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).

    • General purpose buckets

      • You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.

      • If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.

    • Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).

      • We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      • Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

      • S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

      • When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

      • For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.

    If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

    Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).

    Permissions

    • General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

      To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to PutBucketEncryption:

    ", + "documentation":"

    This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).

    • General purpose buckets

      • You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.

      • If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.

    • Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).

      • We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      • Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported.

      • S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

      • When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

      • For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.

    If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

    Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).

    Permissions

    • General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

      To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to PutBucketEncryption:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1040,7 +1039,7 @@ "requestUri":"/{Bucket}?intelligent-tiering" }, "input":{"shape":"PutBucketIntelligentTieringConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to PutBucketIntelligentTieringConfiguration include:

    You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier.

    PutBucketIntelligentTieringConfiguration has the following special errors:

    HTTP 400 Bad Request Error

    Code: InvalidArgument

    Cause: Invalid Argument

    HTTP 400 Bad Request Error

    Code: TooManyConfigurations

    Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    HTTP 403 Forbidden Error

    Cause: You are not the owner of the specified bucket, or you do not have the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration on the bucket.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.

    The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.

    The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.

    For more information, see Storage class for automatically optimizing frequently and infrequently accessed objects.

    Operations related to PutBucketIntelligentTieringConfiguration include:

    You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier.

    PutBucketIntelligentTieringConfiguration has the following special errors:

    HTTP 400 Bad Request Error

    Code: InvalidArgument

    Cause: Invalid Argument

    HTTP 400 Bad Request Error

    Code: TooManyConfigurations

    Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    HTTP 403 Forbidden Error

    Cause: You are not the owner of the specified bucket, or you do not have the s3:PutIntelligentTieringConfiguration bucket permission to set the configuration on the bucket.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1052,7 +1051,7 @@ "requestUri":"/{Bucket}?inventory" }, "input":{"shape":"PutBucketInventoryConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the PUT action adds an inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.

    Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.

    When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.

    You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
    Permissions

    To use this operation, you must have permission to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others.

    The s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory report that includes all object metadata fields available and to specify the destination bucket to store the inventory. A user with read access to objects in the destination bucket can also access all object metadata fields that are available in the inventory report.

    To restrict access to an inventory report, see Restricting access to an Amazon S3 Inventory report in the Amazon S3 User Guide. For more information about the metadata fields available in S3 Inventory, see Amazon S3 Inventory lists in the Amazon S3 User Guide. For more information about permissions, see Permissions related to bucket subresource operations and Identity and access management in Amazon S3 in the Amazon S3 User Guide.

    PutBucketInventoryConfiguration has the following special errors:

    HTTP 400 Bad Request Error

    Code: InvalidArgument

    Cause: Invalid Argument

    HTTP 400 Bad Request Error

    Code: TooManyConfigurations

    Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    HTTP 403 Forbidden Error

    Cause: You are not the owner of the specified bucket, or you do not have the s3:PutInventoryConfiguration bucket permission to set the configuration on the bucket.

    The following operations are related to PutBucketInventoryConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    This implementation of the PUT action adds an S3 Inventory configuration (identified by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations per bucket.

    Amazon S3 inventory generates inventories of the objects in the bucket on a daily or weekly basis, and the results are published to a flat file. The bucket that is inventoried is called the source bucket, and the bucket where the inventory flat file is stored is called the destination bucket. The destination bucket must be in the same Amazon Web Services Region as the source bucket.

    When you configure an inventory for a source bucket, you specify the destination bucket where you want the inventory to be stored, and whether to generate the inventory daily or weekly. You can also configure what object metadata to include and whether to inventory all object versions or only current versions. For more information, see Amazon S3 Inventory in the Amazon S3 User Guide.

    You must create a bucket policy on the destination bucket to grant permissions to Amazon S3 to write objects to the bucket in the defined location. For an example policy, see Granting Permissions for Amazon S3 Inventory and Storage Class Analysis.
    Permissions

    To use this operation, you must have permission to perform the s3:PutInventoryConfiguration action. The bucket owner has this permission by default and can grant this permission to others.

    The s3:PutInventoryConfiguration permission allows a user to create an S3 Inventory report that includes all object metadata fields available and to specify the destination bucket to store the inventory. A user with read access to objects in the destination bucket can also access all object metadata fields that are available in the inventory report.

    To restrict access to an inventory report, see Restricting access to an Amazon S3 Inventory report in the Amazon S3 User Guide. For more information about the metadata fields available in S3 Inventory, see Amazon S3 Inventory lists in the Amazon S3 User Guide. For more information about permissions, see Permissions related to bucket subresource operations and Identity and access management in Amazon S3 in the Amazon S3 User Guide.

    PutBucketInventoryConfiguration has the following special errors:

    HTTP 400 Bad Request Error

    Code: InvalidArgument

    Cause: Invalid Argument

    HTTP 400 Bad Request Error

    Code: TooManyConfigurations

    Cause: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

    HTTP 403 Forbidden Error

    Cause: You are not the owner of the specified bucket, or you do not have the s3:PutInventoryConfiguration bucket permission to set the configuration on the bucket.

    The following operations are related to PutBucketInventoryConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1064,8 +1063,7 @@ "requestUri":"/{Bucket}?lifecycle" }, "input":{"shape":"PutBucketLifecycleRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html", - "documentation":"

    This operation is not supported for directory buckets.

    For an updated version of this API, see PutBucketLifecycleConfiguration. This version has been deprecated. Existing lifecycle configurations will work. For new lifecycle configurations, use the updated API.

    This operation is not supported for directory buckets.

    Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Object Lifecycle Management in the Amazon S3 User Guide.

    By default, all Amazon S3 resources, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration) are private. Only the resource owner, the Amazon Web Services account that created the resource, can access it. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, users must get the s3:PutLifecycleConfiguration permission.

    You can also explicitly deny permissions. Explicit denial also supersedes any other permissions. If you want to prevent users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

    • s3:DeleteObject

    • s3:DeleteObjectVersion

    • s3:PutLifecycleConfiguration

    For more information about permissions, see Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.

    For more examples of transitioning objects to storage classes such as STANDARD_IA or ONEZONE_IA, see Examples of Lifecycle Configuration.

    The following operations are related to PutBucketLifecycle:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    For an updated version of this API, see PutBucketLifecycleConfiguration. This version has been deprecated. Existing lifecycle configurations will work. For new lifecycle configurations, use the updated API.

    This operation is not supported for directory buckets.

    Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. For information about lifecycle configuration, see Object Lifecycle Management in the Amazon S3 User Guide.

    By default, all Amazon S3 resources, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration) are private. Only the resource owner, the Amazon Web Services account that created the resource, can access it. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, users must get the s3:PutLifecycleConfiguration permission.

    You can also explicitly deny permissions. Explicit denial also supersedes any other permissions. If you want to prevent users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

    • s3:DeleteObject

    • s3:DeleteObjectVersion

    • s3:PutLifecycleConfiguration

    For more information about permissions, see Managing Access Permissions to your Amazon S3 Resources in the Amazon S3 User Guide.

    For more examples of transitioning objects to storage classes such as STANDARD_IA or ONEZONE_IA, see Examples of Lifecycle Configuration.

    The following operations are related to PutBucketLifecycle:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "deprecated":true, "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", @@ -1083,7 +1081,7 @@ }, "input":{"shape":"PutBucketLifecycleConfigurationRequest"}, "output":{"shape":"PutBucketLifecycleConfigurationOutput"}, - "documentation":"

    Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

    Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.
    Rules
    Permissions
    HTTP Host header syntax

    You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable.

    Bucket lifecycle configuration supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility for general purpose buckets. For the related API description, see PutBucketLifecycle.

    Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects,transitions and tag filters are not supported.

    A lifecycle rule consists of the following:

    • A filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, object size, or any combination of these.

    • A status indicating whether the rule is in effect.

    • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

    For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.

      You can also explicitly deny permissions. An explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

    • Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    The following operations are related to PutBucketLifecycleConfiguration:

    ", + "documentation":"

    Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration. Keep in mind that this will overwrite an existing lifecycle configuration, so if you want to retain any configuration details, they must be included in the new lifecycle configuration. For information about lifecycle configuration, see Managing your storage lifecycle.

    Bucket lifecycle configuration now supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility. For the related API description, see PutBucketLifecycle.
    Rules
    Permissions
    HTTP Host header syntax

    You specify the lifecycle configuration in your request body. The lifecycle configuration is specified as XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not adjustable.

    Bucket lifecycle configuration supports specifying a lifecycle rule using an object key name prefix, one or more object tags, object size, or any combination of these. Accordingly, this section describes the latest API. The previous version of the API supported filtering based only on an object key name prefix, which is supported for backward compatibility for general purpose buckets. For the related API description, see PutBucketLifecycle.

    Lifecyle configurations for directory buckets only support expiring objects and cancelling multipart uploads. Expiring of versioned objects,transitions and tag filters are not supported.

    A lifecycle rule consists of the following:

    • A filter identifying a subset of objects to which the rule applies. The filter can be based on a key name prefix, object tags, object size, or any combination of these.

    • A status indicating whether the rule is in effect.

    • One or more lifecycle transition and expiration actions that you want Amazon S3 to perform on the objects identified by the filter. If the state of your bucket is versioning-enabled or versioning-suspended, you can have many versions of the same object (one current version and zero or more noncurrent versions). Amazon S3 provides predefined actions that you can specify for current and noncurrent object versions.

    For more information, see Object Lifecycle Management and Lifecycle Configuration Elements.

    • General purpose bucket permissions - By default, all Amazon S3 resources are private, including buckets, objects, and related subresources (for example, lifecycle configuration and website configuration). Only the resource owner (that is, the Amazon Web Services account that created it) can access the resource. The resource owner can optionally grant access permissions to others by writing an access policy. For this operation, a user must have the s3:PutLifecycleConfiguration permission.

      You can also explicitly deny permissions. An explicit deny also supersedes any other permissions. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them permissions for the following actions:

    • Directory bucket permissions - You must have the s3express:PutLifecycleConfiguration permission in an IAM identity-based policy to use this operation. Cross-account access to this API operation isn't supported. The resource owner can optionally grant access permissions to others by creating a role or user for them as long as they are within the same account as the owner and resource.

      For more information about directory bucket policies and permissions, see Authorizing Regional endpoint APIs with IAM in the Amazon S3 User Guide.

      Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    The following operations are related to PutBucketLifecycleConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1099,8 +1097,7 @@ "requestUri":"/{Bucket}?logging" }, "input":{"shape":"PutBucketLoggingRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlogging.html", - "documentation":"

    This operation is not supported for directory buckets.

    Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.

    The bucket owner is automatically granted FULL_CONTROL to all logs. You use the Grantee request element to grant access to other people. The Permissions request element specifies the kind of access the grantee has to the logs.

    If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the Grantee request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (by using request elements) in the following ways:

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request.

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl request, appears as the CanonicalUser.

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:

    <BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\" />

    For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.

    For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.

    The following operations are related to PutBucketLogging:

    ", + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    This operation is not supported for directory buckets.

    Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.

    The bucket owner is automatically granted FULL_CONTROL to all logs. You use the Grantee request element to grant access to other people. The Permissions request element specifies the kind of access the grantee has to the logs.

    If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the Grantee request element to grant access to others. Permissions can only be granted using policies. For more information, see Permissions for server access log delivery in the Amazon S3 User Guide.
    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (by using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the Amazon Web Services CLI example in Enabling Amazon S3 server access logging in the Amazon S3 User Guide.

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request.

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress></Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GETObjectAcl request, appears as the CanonicalUser.

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:

    <BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\" />

    For more information about server access logging, see Server Access Logging in the Amazon S3 User Guide.

    For more information about creating a bucket, see CreateBucket. For more information about returning the logging status of a bucket, see GetBucketLogging.

    The following operations are related to PutBucketLogging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1116,7 +1113,7 @@ "requestUri":"/{Bucket}?metrics" }, "input":{"shape":"PutBucketMetricsConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased.

    To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to PutBucketMetricsConfiguration:

    PutBucketMetricsConfiguration has the following special error:

    • Error code: TooManyConfigurations

      • Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

      • HTTP Status Code: HTTP 400 Bad Request

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets a metrics configuration (specified by the metrics configuration ID) for the bucket. You can have up to 1,000 metrics configurations per bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased.

    To use this operation, you must have permissions to perform the s3:PutMetricsConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    For information about CloudWatch request metrics for Amazon S3, see Monitoring Metrics with Amazon CloudWatch.

    The following operations are related to PutBucketMetricsConfiguration:

    PutBucketMetricsConfiguration has the following special error:

    • Error code: TooManyConfigurations

      • Description: You are attempting to create a new configuration but have already reached the 1,000-configuration limit.

      • HTTP Status Code: HTTP 400 Bad Request

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1128,7 +1125,6 @@ "requestUri":"/{Bucket}?notification" }, "input":{"shape":"PutBucketNotificationRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTnotification.html", "documentation":"

    This operation is not supported for directory buckets.

    No longer used, see the PutBucketNotificationConfiguration operation.

    ", "deprecated":true, "httpChecksum":{ @@ -1146,7 +1142,7 @@ "requestUri":"/{Bucket}?notification" }, "input":{"shape":"PutBucketNotificationConfigurationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications.

    Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type.

    By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty NotificationConfiguration.

    <NotificationConfiguration>

    </NotificationConfiguration>

    This action replaces the existing notification configuration with the configuration you include in the request body.

    After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see Configuring Notifications for Amazon S3 Events.

    You can disable notifications by adding the empty NotificationConfiguration element.

    For more information about the number of event notification configurations that you can create per bucket, see Amazon S3 service quotas in Amazon Web Services General Reference.

    By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with the required s3:PutBucketNotification permission.

    The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket.

    If the configuration in the request body includes only one TopicConfiguration specifying only the s3:ReducedRedundancyLostObject event type, the response will also include the x-amz-sns-test-message-id header containing the message ID of the test notification sent to the topic.

    The following action is related to PutBucketNotificationConfiguration:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Enables notifications of specified events for a bucket. For more information about event notifications, see Configuring Event Notifications.

    Using this API, you can replace an existing notification configuration. The configuration is an XML file that defines the event types that you want Amazon S3 to publish and the destination where you want Amazon S3 to publish an event notification when it detects an event of the specified type.

    By default, your bucket has no event notifications configured. That is, the notification configuration will be an empty NotificationConfiguration.

    <NotificationConfiguration>

    </NotificationConfiguration>

    This action replaces the existing notification configuration with the configuration you include in the request body.

    After Amazon S3 receives this request, it first verifies that any Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) destination exists, and that the bucket owner has permission to publish to it by sending a test notification. In the case of Lambda destinations, Amazon S3 verifies that the Lambda function permissions grant Amazon S3 permission to invoke the function from the Amazon S3 bucket. For more information, see Configuring Notifications for Amazon S3 Events.

    You can disable notifications by adding the empty NotificationConfiguration element.

    For more information about the number of event notification configurations that you can create per bucket, see Amazon S3 service quotas in Amazon Web Services General Reference.

    By default, only the bucket owner can configure notifications on a bucket. However, bucket owners can use a bucket policy to grant permission to other users to set this configuration with the required s3:PutBucketNotification permission.

    The PUT notification is an atomic operation. For example, suppose your notification configuration includes SNS topic, SQS queue, and Lambda function configurations. When you send a PUT request with this configuration, Amazon S3 sends test messages to your SNS topic. If the message fails, the entire PUT action will fail, and Amazon S3 will not add the configuration to your bucket.

    If the configuration in the request body includes only one TopicConfiguration specifying only the s3:ReducedRedundancyLostObject event type, the response will also include the x-amz-sns-test-message-id header containing the message ID of the test notification sent to the topic.

    The following action is related to PutBucketNotificationConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1158,8 +1154,11 @@ "requestUri":"/{Bucket}?ownershipControls" }, "input":{"shape":"PutBucketOwnershipControlsRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

    For information about Amazon S3 Object Ownership, see Using object ownership.

    The following operations are related to PutBucketOwnershipControls:

    ", - "httpChecksum":{"requestChecksumRequired":true}, + "documentation":"

    This operation is not supported for directory buckets.

    Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketOwnershipControls permission. For more information about Amazon S3 permissions, see Specifying permissions in a policy.

    For information about Amazon S3 Object Ownership, see Using object ownership.

    The following operations are related to PutBucketOwnershipControls:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "httpChecksum":{ + "requestAlgorithmMember":"ChecksumAlgorithm", + "requestChecksumRequired":true + }, "staticContextParams":{ "UseS3ExpressControlEndpoint":{"value":true} } @@ -1171,8 +1170,7 @@ "requestUri":"/{Bucket}?policy" }, "input":{"shape":"PutBucketPolicyRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTpolicy.html", - "documentation":"

    Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:PutBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    Example bucket policies

    General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.

    Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to PutBucketPolicy:

    ", + "documentation":"

    Applies an Amazon S3 bucket policy to an Amazon S3 bucket.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must both have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

    If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Amazon Web Services account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access. Bucket owner root principals can only be blocked from performing these API actions by VPC endpoint policies and Amazon Web Services Organizations policies.

    • General purpose bucket permissions - The s3:PutBucketPolicy permission is required in a policy. For more information about general purpose buckets bucket policies, see Using Bucket Policies and User Policies in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutBucketPolicy permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    Example bucket policies

    General purpose buckets example bucket policies - See Bucket policy examples in the Amazon S3 User Guide.

    Directory bucket example bucket policies - See Example bucket policies for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.

    The following operations are related to PutBucketPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1188,7 +1186,7 @@ "requestUri":"/{Bucket}?replication" }, "input":{"shape":"PutBucketReplicationRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.

    Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information. You can invoke this request for a specific Amazon Web Services Region by using the aws:RequestedRegion condition key.

    A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

    To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

    If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

    For information about enabling versioning on a bucket, see Using Versioning.

    Handling Replication of Encrypted Objects

    By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects, Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication configuration, see Replicating Objects Created with SSE Using KMS keys.

    For information on PutBucketReplication errors, see List of replication-related error codes

    Permissions

    To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration permissions for the bucket.

    By default, a resource owner, in this case the Amazon Web Services account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

    To perform this operation, the user or role performing the action must have the iam:PassRole permission.

    The following operations are related to PutBucketReplication:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.

    Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information. You can invoke this request for a specific Amazon Web Services Region by using the aws:RequestedRegion condition key.

    A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

    To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

    If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

    For information about enabling versioning on a bucket, see Using Versioning.

    Handling Replication of Encrypted Objects

    By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with KMS keys. To replicate Amazon Web Services KMS-encrypted objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects, Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication configuration, see Replicating Objects Created with SSE Using KMS keys.

    For information on PutBucketReplication errors, see List of replication-related error codes

    Permissions

    To create a PutBucketReplication request, you must have s3:PutReplicationConfiguration permissions for the bucket.

    By default, a resource owner, in this case the Amazon Web Services account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

    To perform this operation, the user or role performing the action must have the iam:PassRole permission.

    The following operations are related to PutBucketReplication:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1204,8 +1202,7 @@ "requestUri":"/{Bucket}?requestPayment" }, "input":{"shape":"PutBucketRequestPaymentRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTrequestPaymentPUT.html", - "documentation":"

    This operation is not supported for directory buckets.

    Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download. For more information, see Requester Pays Buckets.

    The following operations are related to PutBucketRequestPayment:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person requesting the download will be charged for the download. For more information, see Requester Pays Buckets.

    The following operations are related to PutBucketRequestPayment:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1221,8 +1218,7 @@ "requestUri":"/{Bucket}?tagging" }, "input":{"shape":"PutBucketTaggingRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTtagging.html", - "documentation":"

    This operation is not supported for directory buckets.

    Sets the tags for a bucket.

    Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

    When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

    To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    PutBucketTagging has the following special errors. For more Amazon S3 errors see, Error Responses.

    • InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Using Cost Allocation in Amazon S3 Bucket Tags.

    • MalformedXML - The XML provided does not match the schema.

    • OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.

    • InternalError - The service was unable to apply the provided tag to the bucket.

    The following operations are related to PutBucketTagging:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the tags for a bucket.

    Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.

    When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.

    To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    PutBucketTagging has the following special errors. For more Amazon S3 errors see, Error Responses.

    • InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Using Cost Allocation in Amazon S3 Bucket Tags.

    • MalformedXML - The XML provided does not match the schema.

    • OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.

    • InternalError - The service was unable to apply the provided tag to the bucket.

    The following operations are related to PutBucketTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1238,8 +1234,7 @@ "requestUri":"/{Bucket}?versioning" }, "input":{"shape":"PutBucketVersioningRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html", - "documentation":"

    This operation is not supported for directory buckets.

    When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. While this change is propagating, you might encounter intermittent HTTP 404 NoSuchKey errors for requests to objects created or updated after enabling versioning. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (PUT or DELETE) on objects in the bucket.

    Sets the versioning state of an existing bucket.

    You can set the versioning state with one of the following values:

    Enabled—Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

    Suspended—Disables versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

    If the versioning state has never been set on a bucket, it has no versioning state; a GetBucketVersioning request does not return a versioning state value.

    In order to enable MFA Delete, you must be the bucket owner. If you are the bucket owner and want to enable MFA Delete in the bucket versioning configuration, you must include the x-amz-mfa request header and the Status and the MfaDelete request elements in a request to set the versioning state of the bucket.

    If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.) For more information, see Lifecycle and Versioning.

    The following operations are related to PutBucketVersioning:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    When you enable versioning on a bucket for the first time, it might take a short amount of time for the change to be fully propagated. While this change is propagating, you might encounter intermittent HTTP 404 NoSuchKey errors for requests to objects created or updated after enabling versioning. We recommend that you wait for 15 minutes after enabling versioning before issuing write operations (PUT or DELETE) on objects in the bucket.

    Sets the versioning state of an existing bucket.

    You can set the versioning state with one of the following values:

    Enabled—Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

    Suspended—Disables versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

    If the versioning state has never been set on a bucket, it has no versioning state; a GetBucketVersioning request does not return a versioning state value.

    In order to enable MFA Delete, you must be the bucket owner. If you are the bucket owner and want to enable MFA Delete in the bucket versioning configuration, you must include the x-amz-mfa request header and the Status and the MfaDelete request elements in a request to set the versioning state of the bucket.

    If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. (A version-enabled bucket maintains one current and zero or more noncurrent object versions.) For more information, see Lifecycle and Versioning.

    The following operations are related to PutBucketVersioning:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1255,8 +1250,7 @@ "requestUri":"/{Bucket}?website" }, "input":{"shape":"PutBucketWebsiteRequest"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTwebsite.html", - "documentation":"

    This operation is not supported for directory buckets.

    Sets the configuration of the website that is specified in the website subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see Hosting Websites on Amazon S3.

    This PUT action requires the S3:PutBucketWebsite permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the S3:PutBucketWebsite permission.

    To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket.

    • WebsiteConfiguration

    • RedirectAllRequestsTo

    • HostName

    • Protocol

    If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected.

    • WebsiteConfiguration

    • IndexDocument

    • Suffix

    • ErrorDocument

    • Key

    • RoutingRules

    • RoutingRule

    • Condition

    • HttpErrorCodeReturnedEquals

    • KeyPrefixEquals

    • Redirect

    • Protocol

    • HostName

    • ReplaceKeyPrefixWith

    • ReplaceKeyWith

    • HttpRedirectCode

    Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see Configuring an Object Redirect in the Amazon S3 User Guide.

    The maximum request length is limited to 128 KB.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the configuration of the website that is specified in the website subresource. To configure a bucket as a website, you can add this subresource on the bucket with website configuration information such as the file name of the index document and any redirect rules. For more information, see Hosting Websites on Amazon S3.

    This PUT action requires the S3:PutBucketWebsite permission. By default, only the bucket owner can configure the website attached to a bucket; however, bucket owners can allow other users to set the website configuration by writing a bucket policy that grants them the S3:PutBucketWebsite permission.

    To redirect all website requests sent to the bucket's website endpoint, you add a website configuration with the following elements. Because all requests are sent to another website, you don't need to provide index document name for the bucket.

    • WebsiteConfiguration

    • RedirectAllRequestsTo

    • HostName

    • Protocol

    If you want granular control over redirects, you can use the following elements to add routing rules that describe conditions for redirecting requests and information about the redirect destination. In this case, the website configuration must provide an index document for the bucket, because some requests might not be redirected.

    • WebsiteConfiguration

    • IndexDocument

    • Suffix

    • ErrorDocument

    • Key

    • RoutingRules

    • RoutingRule

    • Condition

    • HttpErrorCodeReturnedEquals

    • KeyPrefixEquals

    • Redirect

    • Protocol

    • HostName

    • ReplaceKeyPrefixWith

    • ReplaceKeyWith

    • HttpRedirectCode

    Amazon S3 has a limitation of 50 routing rules per website configuration. If you require more than 50 routing rules, you can use object redirect. For more information, see Configuring an Object Redirect in the Amazon S3 User Guide.

    The maximum request length is limited to 128 KB.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1279,8 +1273,7 @@ {"shape":"TooManyParts"}, {"shape":"EncryptionTypeMismatch"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUT.html", - "documentation":"

    Adds an object to a bucket.

    • Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use PutObject to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.

    • If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.

    Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:

    • S3 Object Lock - To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock in the Amazon S3 User Guide.

      This functionality is not supported for directory buckets.

    • S3 Versioning - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see Adding Objects to Versioning-Enabled Buckets in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see GetBucketVersioning.

      This functionality is not supported for directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your PutObject request includes specific headers.

      • s3:PutObject - To successfully complete the PutObject request, you must always have the s3:PutObject permission on a bucket to add an object to it.

      • s3:PutObjectAcl - To successfully change the objects ACL of your PutObject request, you must have the s3:PutObjectAcl.

      • s3:PutObjectTagging - To successfully set the tag-set with your PutObject request, you must have the s3:PutObjectTagging.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Data integrity with Content-MD5

    • General purpose bucket - To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to the calculated MD5 value.

    • Directory bucket - This functionality is not supported for directory buckets.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    For more information about related Amazon S3 APIs, see the following:

    ", + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    Adds an object to a bucket.

    • Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket. You cannot use PutObject to only update a single piece of metadata for an existing object. You must put the entire object with updated metadata if you want to update some values.

    • If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All objects written to the bucket by any account will be owned by the bucket owner.

    • Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.

    Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:

    • S3 Object Lock - To prevent objects from being deleted or overwritten, you can use Amazon S3 Object Lock in the Amazon S3 User Guide.

      This functionality is not supported for directory buckets.

    • If-None-Match - Uploads the object only if the object key name does not already exist in the specified bucket. Otherwise, Amazon S3 returns a 412 Precondition Failed error. If a conflicting operation occurs during the upload, S3 returns a 409 ConditionalRequestConflict response. On a 409 failure, retry the upload.

      Expects the * character (asterisk).

      For more information, see Add preconditions to S3 operations with conditional requests in the Amazon S3 User Guide or RFC 7232.

      This functionality is not supported for S3 on Outposts.

    • S3 Versioning - When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID of that object being stored in Amazon S3. You can retrieve, replace, or delete any version of the object. For more information about versioning, see Adding Objects to Versioning-Enabled Buckets in the Amazon S3 User Guide. For information about returning the versioning state of a bucket, see GetBucketVersioning.

      This functionality is not supported for directory buckets.
    Permissions

    • General purpose bucket permissions - The following permissions are required in your policies when your PutObject request includes specific headers.

      • s3:PutObject - To successfully complete the PutObject request, you must always have the s3:PutObject permission on a bucket to add an object to it.

      • s3:PutObjectAcl - To successfully change the objects ACL of your PutObject request, you must have the s3:PutObjectAcl.

      • s3:PutObjectTagging - To successfully set the tag-set with your PutObject request, you must have the s3:PutObjectTagging.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Data integrity with Content-MD5

    • General purpose bucket - To ensure that data is not corrupted traversing the network, use the Content-MD5 header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to the calculated MD5 value.

    • Directory bucket - This functionality is not supported for directory buckets.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    For more information about related Amazon S3 APIs, see the following:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":false @@ -1297,8 +1290,7 @@ "errors":[ {"shape":"NoSuchKey"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUTacl.html", - "documentation":"

    This operation is not supported for directory buckets.

    Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have the WRITE_ACP permission to set the ACL of an object. For more information, see What permissions can I grant? in the Amazon S3 User Guide.

    This functionality is not supported for Amazon S3 on Outposts.

    Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see Access Control List (ACL) Overview in the Amazon S3 User Guide.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
    Permissions

    You can set access permissions using one of the following methods:

    • Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.

    • Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

      You specify each grantee as a type=value pair, where the type is one of the following:

      • id – if the value specified is the canonical user ID of an Amazon Web Services account

      • uri – if you are granting permissions to a predefined group

      • emailAddress – if the value specified is the email address of an Amazon Web Services account

        Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

        • US East (N. Virginia)

        • US West (N. California)

        • US West (Oregon)

        • Asia Pacific (Singapore)

        • Asia Pacific (Sydney)

        • Asia Pacific (Tokyo)

        • Europe (Ireland)

        • South America (São Paulo)

        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      For example, the following x-amz-grant-read header grants list objects permission to the two Amazon Web Services accounts identified by their email addresses.

      x-amz-grant-read: emailAddress=\"xyz@amazon.com\", emailAddress=\"abc@amazon.com\"

    You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request.

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
    Versioning

    The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the versionId subresource.

    The following operations are related to PutObjectAcl:

    ", + "documentation":"

    End of support notice: As of October 1, 2025, Amazon S3 has discontinued support for Email Grantee Access Control Lists (ACLs). If you attempt to use an Email Grantee ACL in a request after October 1, 2025, the request will receive an HTTP 405 (Method Not Allowed) error.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Ireland), and South America (São Paulo).

    This operation is not supported for directory buckets.

    Uses the acl subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have the WRITE_ACP permission to set the ACL of an object. For more information, see What permissions can I grant? in the Amazon S3 User Guide.

    This functionality is not supported for Amazon S3 on Outposts.

    Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see Access Control List (ACL) Overview in the Amazon S3 User Guide.

    If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.
    Permissions

    You can set access permissions using one of the following methods:

    • Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. If you use this header, you cannot use other access control-specific headers in your request. For more information, see Canned ACL.

    • Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use x-amz-acl header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see Access Control List (ACL) Overview.

      You specify each grantee as a type=value pair, where the type is one of the following:

      • id – if the value specified is the canonical user ID of an Amazon Web Services account

      • uri – if you are granting permissions to a predefined group

      • emailAddress – if the value specified is the email address of an Amazon Web Services account

        Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

        • US East (N. Virginia)

        • US West (N. California)

        • US West (Oregon)

        • Asia Pacific (Singapore)

        • Asia Pacific (Sydney)

        • Asia Pacific (Tokyo)

        • Europe (Ireland)

        • South America (São Paulo)

        For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.

      For example, the following x-amz-grant-read header grants list objects permission to the two Amazon Web Services accounts identified by their email addresses.

      x-amz-grant-read: emailAddress=\"xyz@amazon.com\", emailAddress=\"abc@amazon.com\"

    You can use either a canned ACL or specify access permissions explicitly. You cannot do both.

    Grantee Values

    You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways. For examples of how to specify these grantee values in JSON format, see the Amazon Web Services CLI example in Enabling Amazon S3 server access logging in the Amazon S3 User Guide.

    • By the person's ID:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> </Grantee>

      DisplayName is optional and ignored in the request.

    • By URI:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee>

    • By Email address:

      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee>

      The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.

      Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions:

      • US East (N. Virginia)

      • US West (N. California)

      • US West (Oregon)

      • Asia Pacific (Singapore)

      • Asia Pacific (Sydney)

      • Asia Pacific (Tokyo)

      • Europe (Ireland)

      • South America (São Paulo)

      For a list of all the Amazon S3 supported Regions and endpoints, see Regions and Endpoints in the Amazon Web Services General Reference.
    Versioning

    The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the versionId subresource.

    The following operations are related to PutObjectAcl:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1312,7 +1304,7 @@ }, "input":{"shape":"PutObjectLegalHoldRequest"}, "output":{"shape":"PutObjectLegalHoldOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Applies a legal hold configuration to the specified object. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Applies a legal hold configuration to the specified object. For more information, see Locking Objects.

    This functionality is not supported for Amazon S3 on Outposts.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1326,7 +1318,7 @@ }, "input":{"shape":"PutObjectLockConfigurationRequest"}, "output":{"shape":"PutObjectLockConfigurationOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

    • The DefaultRetention settings require both a mode and a period.

    • The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.

    • You can enable Object Lock for new or existing buckets. For more information, see Configuring Object Lock.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see Locking Objects.

    • The DefaultRetention settings require both a mode and a period.

    • The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.

    • You can enable Object Lock for new or existing buckets. For more information, see Configuring Object Lock.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1340,7 +1332,7 @@ }, "input":{"shape":"PutObjectRetentionRequest"}, "output":{"shape":"PutObjectRetentionOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the s3:PutObjectRetention permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention permission.

    This functionality is not supported for Amazon S3 on Outposts.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Places an Object Retention configuration on an object. For more information, see Locking Objects. Users or accounts require the s3:PutObjectRetention permission in order to place an Object Retention configuration on objects. Bypassing a Governance Retention configuration requires the s3:BypassGovernanceRetention permission.

    This functionality is not supported for Amazon S3 on Outposts.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1354,7 +1346,7 @@ }, "input":{"shape":"PutObjectTaggingRequest"}, "output":{"shape":"PutObjectTaggingOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    Sets the supplied tag-set to an object that already exists in a bucket. A tag is a key-value pair. For more information, see Object Tagging.

    You can associate tags with an object by sending a PUT request against the tagging subresource that is associated with the object. You can retrieve tags by sending a GET request. For more information, see GetObjectTagging.

    For tagging-related restrictions related to characters and encodings, see Tag Restrictions. Note that Amazon S3 limits the maximum number of tags to 10 tags per object.

    To use this operation, you must have permission to perform the s3:PutObjectTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    To put tags of any other version, use the versionId query parameter. You also need permission for the s3:PutObjectVersionTagging action.

    PutObjectTagging has the following special errors. For more Amazon S3 errors see, Error Responses.

    • InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Object Tagging.

    • MalformedXML - The XML provided does not match the schema.

    • OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.

    • InternalError - The service was unable to apply the provided tag to the object.

    The following operations are related to PutObjectTagging:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Sets the supplied tag-set to an object that already exists in a bucket. A tag is a key-value pair. For more information, see Object Tagging.

    You can associate tags with an object by sending a PUT request against the tagging subresource that is associated with the object. You can retrieve tags by sending a GET request. For more information, see GetObjectTagging.

    For tagging-related restrictions related to characters and encodings, see Tag Restrictions. Note that Amazon S3 limits the maximum number of tags to 10 tags per object.

    To use this operation, you must have permission to perform the s3:PutObjectTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    To put tags of any other version, use the versionId query parameter. You also need permission for the s3:PutObjectVersionTagging action.

    PutObjectTagging has the following special errors. For more Amazon S3 errors see, Error Responses.

    • InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Object Tagging.

    • MalformedXML - The XML provided does not match the schema.

    • OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.

    • InternalError - The service was unable to apply the provided tag to the object.

    The following operations are related to PutObjectTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1367,7 +1359,7 @@ "requestUri":"/{Bucket}?publicAccessBlock" }, "input":{"shape":"PutPublicAccessBlockRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.

    For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".

    The following operations are related to PutPublicAccessBlock:

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.

    When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.

    For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of \"Public\".

    The following operations are related to PutPublicAccessBlock:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":true @@ -1376,6 +1368,19 @@ "UseS3ExpressControlEndpoint":{"value":true} } }, + "RenameObject":{ + "name":"RenameObject", + "http":{ + "method":"PUT", + "requestUri":"/{Bucket}/{Key+}?renameObject" + }, + "input":{"shape":"RenameObjectRequest"}, + "output":{"shape":"RenameObjectOutput"}, + "errors":[ + {"shape":"IdempotencyParameterMismatch"} + ], + "documentation":"

    Renames an existing object in a directory bucket that uses the S3 Express One Zone storage class. You can use RenameObject by specifying an existing object’s name as the source and the new name of the object as the destination within the same directory bucket.

    RenameObject is only supported for objects stored in the S3 Express One Zone storage class.

    To prevent overwriting an object, you can use the If-None-Match conditional header.

    • If-None-Match - Renames the object only if an object with the specified name does not already exist in the directory bucket. If you don't want to overwrite an existing object, you can add the If-None-Match conditional header with the value ‘*’ in the RenameObject request. Amazon S3 then returns a 412 Precondition Failed error if the object with the specified name already exists. For more information, see RFC 7232.

    Permissions

    To grant access to the RenameObject operation on a directory bucket, we recommend that you use the CreateSession operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the directory bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. The Amazon Web Services CLI and SDKs will create and manage your session including refreshing the session token automatically to avoid service interruptions when a session expires. In your bucket policy, you can specify the s3express:SessionMode condition key to control who can create a ReadWrite or ReadOnly session. A ReadWrite session is required for executing all the Zonal endpoint API operations, including RenameObject. For more information about authorization, see CreateSession . To learn more about Zonal endpoint API operations, see Authorizing Zonal endpoint API operations with CreateSession in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " + }, "RestoreObject":{ "name":"RestoreObject", "http":{ @@ -1387,9 +1392,7 @@ "errors":[ {"shape":"ObjectAlreadyInActiveTierError"} ], - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectRestore.html", - "documentation":"

    This operation is not supported for directory buckets.

    Restores an archived copy of an object back into Amazon S3

    This functionality is not supported for Amazon S3 on Outposts.

    This action performs the following types of requests:

    • restore an archive - Restore an archived object

    For more information about the S3 structure in the request body, see the following:

    Permissions

    To use this operation, you must have permissions to perform the s3:RestoreObject action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    Restoring objects

    Objects that you archive to the S3 Glacier Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the S3 Glacier Flexible Retrieval Flexible Retrieval or S3 Glacier Deep Archive storage classes, you must first initiate a restore request, and then wait until a temporary copy of the object is available. If you want a permanent copy of the object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket. To access an archived object, you must restore the object for the duration (number of days) that you specify. For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier.

    To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.

    When restoring an archived object, you can specify one of the following data access tier options in the Tier element of the request body:

    • Expedited - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for restoring archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.

    • Standard - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.

    • Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost retrieval option when restoring objects from S3 Glacier Deep Archive. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.

    For more information about archive retrieval options and provisioned capacity for Expedited data access, see Restoring Archived Objects in the Amazon S3 User Guide.

    You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.

    To get the status of object restoration, you can send a HEAD request. Operations return the x-amz-restore header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.

    After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.

    If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

    Responses

    A successful action returns either the 200 OK or 202 Accepted status code.

    • If the object is not previously restored, then Amazon S3 returns 202 Accepted in the response.

    • If the object is previously restored, Amazon S3 returns 200 OK in the response.

    • Special errors:

      • Code: RestoreAlreadyInProgress

      • Cause: Object restore is already in progress.

      • HTTP Status Code: 409 Conflict

      • SOAP Fault Code Prefix: Client

      • Code: GlacierExpeditedRetrievalNotAvailable

      • Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)

      • HTTP Status Code: 503

      • SOAP Fault Code Prefix: N/A

    The following operations are related to RestoreObject:

    ", - "alias":"PostObjectRestore", + "documentation":"

    This operation is not supported for directory buckets.

    Restores an archived copy of an object back into Amazon S3

    This functionality is not supported for Amazon S3 on Outposts.

    This action performs the following types of requests:

    • restore an archive - Restore an archived object

    For more information about the S3 structure in the request body, see the following:

    Permissions

    To use this operation, you must have permissions to perform the s3:RestoreObject action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

    Restoring objects

    Objects that you archive to the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage class, and S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, are not accessible in real time. For objects in the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes, you must first initiate a restore request, and then wait until a temporary copy of the object is available. If you want a permanent copy of the object, create a copy of it in the Amazon S3 Standard storage class in your S3 bucket. To access an archived object, you must restore the object for the duration (number of days) that you specify. For objects in the Archive Access or Deep Archive Access tiers of S3 Intelligent-Tiering, you must first initiate a restore request, and then wait until the object is moved into the Frequent Access tier.

    To restore a specific object version, you can provide a version ID. If you don't provide a version ID, Amazon S3 restores the current version.

    When restoring an archived object, you can specify one of the following data access tier options in the Tier element of the request body:

    • Expedited - Expedited retrievals allow you to quickly access your data stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier when occasional urgent requests for restoring archives are required. For all but the largest archived objects (250 MB+), data accessed using Expedited retrievals is typically made available within 1–5 minutes. Provisioned capacity ensures that retrieval capacity for Expedited retrievals is available when you need it. Expedited retrievals and provisioned capacity are not available for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.

    • Standard - Standard retrievals allow you to access any of your archived objects within several hours. This is the default option for retrieval requests that do not specify the retrieval option. Standard retrievals typically finish within 3–5 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. They typically finish within 12 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier. Standard retrievals are free for objects stored in S3 Intelligent-Tiering.

    • Bulk - Bulk retrievals free for objects stored in the S3 Glacier Flexible Retrieval and S3 Intelligent-Tiering storage classes, enabling you to retrieve large amounts, even petabytes, of data at no cost. Bulk retrievals typically finish within 5–12 hours for objects stored in the S3 Glacier Flexible Retrieval storage class or S3 Intelligent-Tiering Archive tier. Bulk retrievals are also the lowest-cost retrieval option when restoring objects from S3 Glacier Deep Archive. They typically finish within 48 hours for objects stored in the S3 Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep Archive tier.

    For more information about archive retrieval options and provisioned capacity for Expedited data access, see Restoring Archived Objects in the Amazon S3 User Guide.

    You can use Amazon S3 restore speed upgrade to change the restore speed to a faster speed while it is in progress. For more information, see Upgrading the speed of an in-progress restore in the Amazon S3 User Guide.

    To get the status of object restoration, you can send a HEAD request. Operations return the x-amz-restore header, which provides information about the restoration status, in the response. You can use Amazon S3 event notifications to notify you when a restore is initiated or completed. For more information, see Configuring Amazon S3 Event Notifications in the Amazon S3 User Guide.

    After restoring an archived object, you can update the restoration period by reissuing the request with a new period. Amazon S3 updates the restoration period relative to the current time and charges only for the request-there are no data transfer charges. You cannot update the restoration period when Amazon S3 is actively processing your current restore request for the object.

    If your bucket has a lifecycle configuration with a rule that includes an expiration action, the object expiration overrides the life span that you specify in a restore request. For example, if you restore an object copy for 10 days, but the object is scheduled to expire in 3 days, Amazon S3 deletes the object in 3 days. For more information about lifecycle configuration, see PutBucketLifecycleConfiguration and Object Lifecycle Management in Amazon S3 User Guide.

    Responses

    A successful action returns either the 200 OK or 202 Accepted status code.

    • If the object is not previously restored, then Amazon S3 returns 202 Accepted in the response.

    • If the object is previously restored, Amazon S3 returns 200 OK in the response.

    • Special errors:

      • Code: RestoreAlreadyInProgress

      • Cause: Object restore is already in progress.

      • HTTP Status Code: 409 Conflict

      • SOAP Fault Code Prefix: Client

      • Code: GlacierExpeditedRetrievalNotAvailable

      • Cause: expedited retrievals are currently not available. Try again later. (Returned if there is insufficient capacity to process the Expedited request. This error applies only to Expedited retrievals and not to S3 Standard or Bulk retrievals.)

      • HTTP Status Code: 503

      • SOAP Fault Code Prefix: N/A

    The following operations are related to RestoreObject:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":false @@ -1407,7 +1410,39 @@ "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} }, "output":{"shape":"SelectObjectContentOutput"}, - "documentation":"

    This operation is not supported for directory buckets.

    This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.

    This functionality is not supported for Amazon S3 on Outposts.

    For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.

    Permissions

    You must have the s3:GetObject permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see Specifying Permissions in a Policy in the Amazon S3 User Guide.

    Object Data Formats

    You can use Amazon S3 Select to query objects that have the following format properties:

    • CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.

    • UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.

    • GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.

    • Server-side encryption - Amazon S3 Select supports querying objects that are protected with server-side encryption.

      For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

      For objects that are encrypted with Amazon S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User Guide.

    Working with the Response Body

    Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a Transfer-Encoding header with chunked as its value in the response. For more information, see Appendix: SelectObjectContent Response.

    GetObject Support

    The SelectObjectContent action does not support the following GetObject functionality. For more information, see GetObject.

    • Range: Although you can specify a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you cannot specify the range of bytes of an object to return.

    • The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage class. For more information about storage classes, see Using Amazon S3 storage classes in the Amazon S3 User Guide.

    Special Errors

    For a list of special errors for this operation, see List of SELECT Object Content Error Codes

    The following operations are related to SelectObjectContent:

    " + "documentation":"

    This operation is not supported for directory buckets.

    This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.

    This functionality is not supported for Amazon S3 on Outposts.

    For more information about Amazon S3 Select, see Selecting Content from Objects and SELECT Command in the Amazon S3 User Guide.

    Permissions

    You must have the s3:GetObject permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see Specifying Permissions in a Policy in the Amazon S3 User Guide.

    Object Data Formats

    You can use Amazon S3 Select to query objects that have the following format properties:

    • CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format.

    • UTF-8 - UTF-8 is the only encoding type Amazon S3 Select supports.

    • GZIP or BZIP2 - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.

    • Server-side encryption - Amazon S3 Select supports querying objects that are protected with server-side encryption.

      For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the GetObject. For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided Encryption Keys) in the Amazon S3 User Guide.

      For objects that are encrypted with Amazon S3 managed keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see Protecting Data Using Server-Side Encryption in the Amazon S3 User Guide.

    Working with the Response Body

    Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a Transfer-Encoding header with chunked as its value in the response. For more information, see Appendix: SelectObjectContent Response.

    GetObject Support

    The SelectObjectContent action does not support the following GetObject functionality. For more information, see GetObject.

    • Range: Although you can specify a scan range for an Amazon S3 Select request (see SelectObjectContentRequest - ScanRange in the request parameters), you cannot specify the range of bytes of an object to return.

    • The GLACIER, DEEP_ARCHIVE, and REDUCED_REDUNDANCY storage classes, or the ARCHIVE_ACCESS and DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage class: You cannot query objects in the GLACIER, DEEP_ARCHIVE, or REDUCED_REDUNDANCY storage classes, nor objects in the ARCHIVE_ACCESS or DEEP_ARCHIVE_ACCESS access tiers of the INTELLIGENT_TIERING storage class. For more information about storage classes, see Using Amazon S3 storage classes in the Amazon S3 User Guide.

    Special Errors

    For a list of special errors for this operation, see List of SELECT Object Content Error Codes

    The following operations are related to SelectObjectContent:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    " + }, + "UpdateBucketMetadataInventoryTableConfiguration":{ + "name":"UpdateBucketMetadataInventoryTableConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/{Bucket}?metadataInventoryTable" + }, + "input":{"shape":"UpdateBucketMetadataInventoryTableConfigurationRequest"}, + "documentation":"

    Enables or disables a live inventory table for an S3 Metadata configuration on a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the following permissions. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    If you want to encrypt your inventory table with server-side encryption with Key Management Service (KMS) keys (SSE-KMS), you need additional permissions in your KMS key policy. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    • s3:UpdateBucketMetadataInventoryTableConfiguration

    • s3tables:CreateTableBucket

    • s3tables:CreateNamespace

    • s3tables:GetTable

    • s3tables:CreateTable

    • s3tables:PutTablePolicy

    • s3tables:PutTableEncryption

    • kms:DescribeKey

    The following operations are related to UpdateBucketMetadataInventoryTableConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "httpChecksum":{ + "requestAlgorithmMember":"ChecksumAlgorithm", + "requestChecksumRequired":true + }, + "staticContextParams":{ + "UseS3ExpressControlEndpoint":{"value":true} + } + }, + "UpdateBucketMetadataJournalTableConfiguration":{ + "name":"UpdateBucketMetadataJournalTableConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/{Bucket}?metadataJournalTable" + }, + "input":{"shape":"UpdateBucketMetadataJournalTableConfigurationRequest"}, + "documentation":"

    Enables or disables journal table record expiration for an S3 Metadata configuration on a general purpose bucket. For more information, see Accelerating data discovery with S3 Metadata in the Amazon S3 User Guide.

    Permissions

    To use this operation, you must have the s3:UpdateBucketMetadataJournalTableConfiguration permission. For more information, see Setting up permissions for configuring metadata tables in the Amazon S3 User Guide.

    The following operations are related to UpdateBucketMetadataJournalTableConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "httpChecksum":{ + "requestAlgorithmMember":"ChecksumAlgorithm", + "requestChecksumRequired":true + }, + "staticContextParams":{ + "UseS3ExpressControlEndpoint":{"value":true} + } }, "UploadPart":{ "name":"UploadPart", @@ -1417,8 +1452,7 @@ }, "input":{"shape":"UploadPartRequest"}, "output":{"shape":"UploadPartOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPart.html", - "documentation":"

    Uploads a part in a multipart upload.

    In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.

    You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.

    Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.

    For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

    After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.

    For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.

      These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Data integrity

    General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).

    Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
    Encryption

    • General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).

      Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.

      If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.

      • x-amz-server-side-encryption-customer-algorithm

      • x-amz-server-side-encryption-customer-key

      • x-amz-server-side-encryption-customer-key-MD5

      For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).

    Special errors

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to UploadPart:

    ", + "documentation":"

    Uploads a part in a multipart upload.

    In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.

    You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.

    Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.

    For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

    After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.

    For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Permissions

    • General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.

      These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

    Data integrity

    General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).

    Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
    Encryption

    • General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).

      Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.

      If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.

      • x-amz-server-side-encryption-customer-algorithm

      • x-amz-server-side-encryption-customer-key

      • x-amz-server-side-encryption-customer-key-MD5

      For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).

    Special errors

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to UploadPart:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "httpChecksum":{ "requestAlgorithmMember":"ChecksumAlgorithm", "requestChecksumRequired":false @@ -1432,8 +1466,7 @@ }, "input":{"shape":"UploadPartCopyRequest"}, "output":{"shape":"UploadPartCopyOutput"}, - "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadUploadPartCopy.html", - "documentation":"

    Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.

    For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

    Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.

    You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.

    For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Available Local Zone for directory buckets in the Amazon S3 User Guide.
    Authentication and authorization

    All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    You must have READ access to the source object and WRITE access to the destination bucket.

    • General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.

      • If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.

      • If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.

      • To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.

      • If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.

      • If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

      For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    Encryption

    • General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

      For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.

      S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

    Special errors

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

    • Error Code: InvalidRequest

      • Description: The specified copy source is not supported as a byte-range copy source.

      • HTTP Status Code: 400 Bad Request

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to UploadPartCopy:

    ", + "documentation":"

    Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.

    For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.

    Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.

    You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.

    For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.

    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
    Authentication and authorization

    All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.

    Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.

    Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.

    Permissions

    You must have READ access to the source object and WRITE access to the destination bucket.

    • General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.

      • If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.

      • If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.

      • To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.

    • Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.

      • If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.

      • If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.

      If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.

      For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.

    Encryption

    • General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

      For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.

      S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

    Special errors

    • Error Code: NoSuchUpload

      • Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.

      • HTTP Status Code: 404 Not Found

    • Error Code: InvalidRequest

      • Description: The specified copy source is not supported as a byte-range copy source.

      • HTTP Status Code: 400 Bad Request

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.

    The following operations are related to UploadPartCopy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "staticContextParams":{ "DisableS3ExpressSessionAuth":{"value":true} } @@ -1445,7 +1478,7 @@ "requestUri":"/WriteGetObjectResponse" }, "input":{"shape":"WriteGetObjectResponseRequest"}, - "documentation":"

    This operation is not supported for directory buckets.

    Passes transformed objects to a GetObject operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide.

    This operation supports metadata that can be returned by GetObject, in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. The GetObject response metadata is supported so that the WriteGetObjectResponse caller, typically an Lambda function, can provide the same metadata when it internally invokes GetObject. When WriteGetObjectResponse is called by a customer-owned Lambda function, the metadata returned to the end user GetObject call might differ from what Amazon S3 would normally return.

    You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header: MyCustomValue. The primary use case for this is to forward GetObject metadata.

    Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda access point.

    Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

    Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

    Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

    For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported for directory buckets.

    Passes transformed objects to a GetObject operation when using Object Lambda access points. For information about Object Lambda access points, see Transforming objects with Object Lambda access points in the Amazon S3 User Guide.

    This operation supports metadata that can be returned by GetObject, in addition to RequestRoute, RequestToken, StatusCode, ErrorCode, and ErrorMessage. The GetObject response metadata is supported so that the WriteGetObjectResponse caller, typically an Lambda function, can provide the same metadata when it internally invokes GetObject. When WriteGetObjectResponse is called by a customer-owned Lambda function, the metadata returned to the end user GetObject call might differ from what Amazon S3 would normally return.

    You can include any number of metadata headers. When including a metadata header, it should be prefaced with x-amz-meta. For example, x-amz-meta-my-custom-header: MyCustomValue. The primary use case for this is to forward GetObject metadata.

    Amazon Web Services provides some prebuilt Lambda functions that you can use with S3 Object Lambda to detect and redact personally identifiable information (PII) and decompress S3 objects. These Lambda functions are available in the Amazon Web Services Serverless Application Repository, and can be selected through the Amazon Web Services Management Console when you create your Object Lambda access point.

    Example 1: PII Access Control - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically detects personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

    Example 2: PII Redaction - This Lambda function uses Amazon Comprehend, a natural language processing (NLP) service using machine learning to find insights and relationships in text. It automatically redacts personally identifiable information (PII) such as names, addresses, dates, credit card numbers, and social security numbers from documents in your Amazon S3 bucket.

    Example 3: Decompression - The Lambda function S3ObjectLambdaDecompression, is equipped to decompress objects stored in S3 in one of six compressed file formats including bzip2, gzip, snappy, zlib, zstandard and ZIP.

    For information on how to view and use these functions, see Using Amazon Web Services built Lambda functions in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "authtype":"v4-unsigned-body", "endpoint":{ "hostPrefix":"{RequestRoute}." @@ -1488,7 +1521,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name to which the upload was taking place.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name to which the upload was taking place.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -1717,6 +1750,10 @@ "BucketRegion":{ "shape":"BucketRegion", "documentation":"

    BucketRegion indicates the Amazon Web Services region where the bucket is located. If the request contains at least one valid parameter, it is included in the response.

    " + }, + "BucketArn":{ + "shape":"S3RegionalOrS3ExpressBucketArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify Amazon Web Services resources across all of Amazon Web Services.

    This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.

    " } }, "documentation":"

    In terms of implementation, a Bucket is a resource.

    " @@ -1730,16 +1767,14 @@ }, "BucketAlreadyExists":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested bucket name is not available. The bucket namespace is shared by all users of the system. Select a different name and try again.

    ", "error":{"httpStatusCode":409}, "exception":true }, "BucketAlreadyOwnedByYou":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The bucket you tried to create already exists, and you own it. Amazon S3 returns this error in all Amazon Web Services Regions except in the North Virginia Region. For legacy compatibility, if you re-create an existing bucket that you already own in the North Virginia Region, Amazon S3 returns 200 OK and resets the bucket access control lists (ACLs).

    ", "error":{"httpStatusCode":409}, "exception":true @@ -1796,17 +1831,22 @@ "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", + "ap-southeast-4", + "ap-southeast-5", "ca-central-1", "cn-north-1", "cn-northwest-1", "EU", "eu-central-1", + "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", + "il-central-1", + "me-central-1", "me-south-1", "sa-east-1", "us-east-2", @@ -1989,23 +2029,23 @@ "members":{ "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only be present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the object. This checksum is present if the object was uploaded with the CRC-64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC-64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the object. This checksum is present if the object was uploaded with the CRC64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumType":{ "shape":"ChecksumType", @@ -2045,6 +2085,7 @@ "FULL_OBJECT" ] }, + "ClientToken":{"type":"string"}, "CloudFunction":{"type":"string"}, "CloudFunctionConfiguration":{ "type":"structure", @@ -2115,23 +2156,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only be present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the object. The CRC-64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumType":{ "shape":"ChecksumType", @@ -2139,7 +2180,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).

    ", + "documentation":"

    The server-side encryption algorithm used when storing this object in Amazon S3.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -2178,7 +2219,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    Name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    Name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -2204,31 +2245,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the object. The CRC-64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA-1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA-256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -2308,23 +2349,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the part. This checksum is present if the multipart upload request was created with the CRC-32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the part. This checksum is present if the multipart upload request was created with the CRC32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the part. This checksum is present if the multipart upload request was created with the CRC-32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the part. This checksum is present if the multipart upload request was created with the CRC32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC-64NVME checksum algorithm to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC64NVME checksum algorithm to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 checksum of the part. This checksum is present if the multipart upload request was created with the SHA-1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present if the multipart upload request was created with the SHA1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 checksum of the part. This checksum is present if the multipart upload request was created with the SHA-256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 checksum of the part. This checksum is present if the multipart upload request was created with the SHA256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "PartNumber":{ "shape":"PartNumber", @@ -2373,8 +2414,7 @@ "ContentType":{"type":"string"}, "ContinuationEvent":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    ", "event":true }, @@ -2405,7 +2445,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse).

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -2463,7 +2503,7 @@ }, "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the destination bucket.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the destination bucket.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must use the Outpost bucket access point ARN or the access point alias for the destination bucket. You can only copy objects within the same Outpost bucket. It's not supported to copy objects across different Amazon Web Services Outposts, between buckets on the same Outposts, or between Outposts buckets and any other bucket types. For more information about S3 on Outposts, see What is S3 on Outposts? in the S3 on Outposts guide. When you use this action with S3 on Outposts through the REST API, you must direct requests to the S3 on Outposts hostname, in the format AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. The hostname isn't required when you use the Amazon Web Services CLI or SDKs.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -2565,6 +2605,18 @@ "location":"header", "locationName":"x-amz-grant-write-acp" }, + "IfMatch":{ + "shape":"IfMatch", + "documentation":"

    Copies the object if the entity tag (ETag) of the destination object matches the specified tag. If the ETag values do not match, the operation returns a 412 Precondition Failed error. If a concurrent operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should fetch the object's ETag and retry the upload.

    Expects the ETag value as a string.

    For more information about conditional requests, see RFC 7232.

    ", + "location":"header", + "locationName":"If-Match" + }, + "IfNoneMatch":{ + "shape":"IfNoneMatch", + "documentation":"

    Copies the object only if the object key name at the destination does not already exist in the bucket specified. Otherwise, Amazon S3 returns a 412 Precondition Failed error. If a concurrent operation occurs during the upload S3 returns a 409 ConditionalRequestConflict response. On a 409 failure you should retry the upload.

    Expects the '*' (asterisk) character.

    For more information about conditional requests, see RFC 7232.

    ", + "location":"header", + "locationName":"If-None-Match" + }, "Key":{ "shape":"ObjectKey", "documentation":"

    The key of the destination object.

    ", @@ -2592,13 +2644,13 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when storing this object in Amazon S3. Unrecognized or unsupported values won’t write a destination object and will receive a 400 Bad Request response.

    Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy.

    With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption in the Amazon S3 User Guide.

    General purpose buckets

    • For general purpose buckets, there are the following supported options for server-side encryption: server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy.

    • When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence.

    Directory buckets

    • For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

    • To encrypt new object copies to a directory bucket with SSE-KMS, we recommend you specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). The Amazon Web Services managed key (aws/s3) isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you perform a CopyObject operation and want to specify server-side encryption settings for new object copies with SSE-KMS in the encryption-related request headers, you must ensure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration.

    ", + "documentation":"

    The server-side encryption algorithm used when storing this object in Amazon S3. Unrecognized or unsupported values won’t write a destination object and will receive a 400 Bad Request response.

    Amazon S3 automatically encrypts all new objects that are copied to an S3 bucket. When copying an object, if you don't specify encryption information in your copy request, the encryption setting of the target object is set to the default encryption configuration of the destination bucket. By default, all buckets have a base level of encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a different default encryption configuration, Amazon S3 uses the corresponding encryption key to encrypt the target object copy.

    With server-side encryption, Amazon S3 encrypts your data as it writes your data to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see Using Server-Side Encryption in the Amazon S3 User Guide.

    General purpose buckets

    • For general purpose buckets, there are the following supported options for server-side encryption: server-side encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the target object copy.

    • When you perform a CopyObject operation, if you want to use a different type of encryption setting for the target object, you can specify appropriate encryption-related headers to encrypt the target object with an Amazon S3 managed key, a KMS key, or a customer-provided key. If the encryption setting in your request is different from the default encryption configuration of the destination bucket, the encryption setting in your request takes precedence.

    Directory buckets

    • For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

    • To encrypt new object copies to a directory bucket with SSE-KMS, we recommend you specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a customer managed key). The Amazon Web Services managed key (aws/s3) isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. After you specify a customer managed key for SSE-KMS, you can't override the customer managed key for the bucket's SSE-KMS configuration. Then, when you perform a CopyObject operation and want to specify server-side encryption settings for new object copies with SSE-KMS in the encryption-related request headers, you must ensure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration.

    • S3 access points for Amazon FSx - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    If the x-amz-storage-class header is not used, the copied object will be stored in the STANDARD Storage Class by default. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class.

    • Directory buckets - For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.

    • Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage Class.

    You can use the CopyObject action to change the storage class of an object that is already stored in Amazon S3 by using the x-amz-storage-class header. For more information, see Storage Classes in the Amazon S3 User Guide.

    Before using an object as a source object for the copy operation, you must restore a copy of it if it meets any of the following conditions:

    • The storage class of the source object is GLACIER or DEEP_ARCHIVE.

    • The storage class of the source object is INTELLIGENT_TIERING and it's S3 Intelligent-Tiering access tier is Archive Access or Deep Archive Access.

    For more information, see RestoreObject and Copying Objects in the Amazon S3 User Guide.

    ", + "documentation":"

    If the x-amz-storage-class header is not used, the copied object will be stored in the STANDARD Storage Class by default. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class.

    • Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones. Unsupported storage class values won't write a destination object and will respond with the HTTP status code 400 Bad Request.

    • Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage Class.

    You can use the CopyObject action to change the storage class of an object that is already stored in Amazon S3 by using the x-amz-storage-class header. For more information, see Storage Classes in the Amazon S3 User Guide.

    Before using an object as a source object for the copy operation, you must restore a copy of it if it meets any of the following conditions:

    • The storage class of the source object is GLACIER or DEEP_ARCHIVE.

    • The storage class of the source object is INTELLIGENT_TIERING and it's S3 Intelligent-Tiering access tier is Archive Access or Deep Archive Access.

    For more information, see RestoreObject and Copying Objects in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-storage-class" }, @@ -2628,7 +2680,7 @@ }, "SSEKMSKeyId":{ "shape":"SSEKMSKeyId", - "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.

    Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that's configured for your directory bucket's default encryption setting. If you want to specify the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that's configured for your directory bucket's default encryption setting. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

    ", + "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. All GET and PUT requests for an object protected by KMS will fail if they're not made via SSL or using SigV4. For information about configuring any of the officially supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version in Request Authentication in the Amazon S3 User Guide.

    Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify the x-amz-server-side-encryption header to aws:kms. Then, the x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported. Incorrect key specification results in an HTTP 400 Bad Request error.

    ", "location":"header", "locationName":"x-amz-server-side-encryption-aws-kms-key-id" }, @@ -2722,23 +2774,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the object. This checksum is present if the object being copied was uploaded with the CRC-64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC-64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the object. This checksum is present if the object being copied was uploaded with the CRC64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " } }, "documentation":"

    Container for all response elements.

    " @@ -2756,23 +2808,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32C checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32C checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC-64NVME checksum algorithm to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC64NVME checksum algorithm to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA-1 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA1 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA-256 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA256 checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " } }, "documentation":"

    Container for all response elements.

    " @@ -2798,19 +2850,64 @@ "members":{ "LocationConstraint":{ "shape":"BucketLocationConstraint", - "documentation":"

    Specifies the Region where the bucket will be created. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see Accessing a bucket in the Amazon S3 User Guide.

    If you don't specify a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1) by default.

    This functionality is not supported for directory buckets.

    " + "documentation":"

    Specifies the Region where the bucket will be created. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region.

    If you don't specify a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1) by default. Configurations using the value EU will create a bucket in eu-west-1.

    For a list of the valid values for all of the Amazon Web Services Regions, see Regions and Endpoints.

    This functionality is not supported for directory buckets.

    " }, "Location":{ "shape":"LocationInfo", - "documentation":"

    Specifies the location where the bucket will be created.

    Directory buckets - The location type is Availability Zone or Local Zone. When the location type is Local Zone, your Local Zone must be in opt-in status. Otherwise, you get an HTTP 400 Bad Request error with the error code Access denied. To learn more about opt-in Local Zones, see Opt-in Dedicated Local Zonesin the Amazon S3 User Guide.

    This functionality is only supported by directory buckets.

    " + "documentation":"

    Specifies the location where the bucket will be created.

    Directory buckets - The location type is Availability Zone or Local Zone. To use the Local Zone location type, your account must be enabled for Local Zones. Otherwise, you get an HTTP 403 Forbidden error with the error code AccessDenied. To learn more, see Enable accounts for Local Zones in the Amazon S3 User Guide.

    This functionality is only supported by directory buckets.

    " }, "Bucket":{ "shape":"BucketInfo", "documentation":"

    Specifies the information about the bucket that will be created.

    This functionality is only supported by directory buckets.

    " + }, + "Tags":{ + "shape":"TagSet", + "documentation":"

    An array of tags that you can apply to the bucket that you're creating. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access.

    • This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.

    • You must have the s3express:TagResource permission to create a directory bucket with tags.

    " } }, "documentation":"

    The configuration information for the bucket.

    " }, + "CreateBucketMetadataConfigurationRequest":{ + "type":"structure", + "required":[ + "Bucket", + "MetadataConfiguration" + ], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The general purpose bucket that you want to create the metadata configuration for.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ContentMD5":{ + "shape":"ContentMD5", + "documentation":"

    The Content-MD5 header for the metadata configuration.

    ", + "location":"header", + "locationName":"Content-MD5" + }, + "ChecksumAlgorithm":{ + "shape":"ChecksumAlgorithm", + "documentation":"

    The checksum algorithm to use with your metadata configuration.

    ", + "location":"header", + "locationName":"x-amz-sdk-checksum-algorithm" + }, + "MetadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

    The contents of your metadata configuration.

    ", + "locationName":"MetadataConfiguration", + "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The expected owner of the general purpose bucket that corresponds to your metadata configuration.

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + }, + "payload":"MetadataConfiguration" + }, "CreateBucketMetadataTableConfigurationRequest":{ "type":"structure", "required":[ @@ -2820,7 +2917,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The general purpose bucket that you want to create the metadata table configuration in.

    ", + "documentation":"

    The general purpose bucket that you want to create the metadata table configuration for.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -2845,7 +2942,7 @@ }, "ExpectedBucketOwner":{ "shape":"AccountId", - "documentation":"

    The expected owner of the general purpose bucket that contains your metadata table configuration.

    ", + "documentation":"

    The expected owner of the general purpose bucket that corresponds to your metadata table configuration.

    ", "location":"header", "locationName":"x-amz-expected-bucket-owner" } @@ -2860,6 +2957,12 @@ "documentation":"

    A forward slash followed by the name of the bucket.

    ", "location":"header", "locationName":"Location" + }, + "BucketArn":{ + "shape":"S3RegionalOrS3ExpressBucketArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify Amazon Web Services resources across all of Amazon Web Services.

    This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.

    ", + "location":"header", + "locationName":"x-amz-bucket-arn" } } }, @@ -2960,7 +3063,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms).

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -3028,7 +3131,7 @@ }, "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket where the multipart upload is initiated and where the object is uploaded.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket where the multipart upload is initiated and where the object is uploaded.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -3108,13 +3211,13 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms).

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

    • S3 access points for Amazon FSx - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

    • For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects.

    • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

    ", + "documentation":"

    By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

    • Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

    ", "location":"header", "locationName":"x-amz-storage-class" }, @@ -3144,7 +3247,7 @@ }, "SSEKMSKeyId":{ "shape":"SSEKMSKeyId", - "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

    General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data.

    Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that's configured for your directory bucket's default encryption setting. If you want to specify the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that's configured for your directory bucket's default encryption setting. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

    ", + "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

    General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data.

    Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify the x-amz-server-side-encryption header to aws:kms. Then, the x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported. Incorrect key specification results in an HTTP 400 Bad Request error.

    ", "location":"header", "locationName":"x-amz-server-side-encryption-aws-kms-key-id" }, @@ -3215,7 +3318,7 @@ "members":{ "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store objects in the directory bucket.

    ", + "documentation":"

    The server-side encryption algorithm used when you store objects in the directory bucket.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -3263,13 +3366,13 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm to use when you store objects in the directory bucket.

    For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). By default, Amazon S3 encrypts data with SSE-S3. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    ", + "documentation":"

    The server-side encryption algorithm to use when you store objects in the directory bucket.

    For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). By default, Amazon S3 encrypts data with SSE-S3. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.

    S3 access points for Amazon FSx - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, "SSEKMSKeyId":{ "shape":"SSEKMSKeyId", - "documentation":"

    If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Also, if the KMS key doesn't exist in the same account that't issuing the command, you must use the full Key ARN not the Key ID.

    Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

    ", + "documentation":"

    If you specify x-amz-server-side-encryption with aws:kms, you must specify the x-amz-server-side-encryption-aws-kms-key-id header with the ID (Key ID or Key ARN) of the KMS symmetric encryption customer managed key to use. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Also, if the KMS key doesn't exist in the same account that't issuing the command, you must use the full Key ARN not the Key ID.

    Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported.

    ", "location":"header", "locationName":"x-amz-server-side-encryption-aws-kms-key-id" }, @@ -3426,6 +3529,12 @@ "documentation":"

    The ID used to identify the S3 Intelligent-Tiering configuration.

    ", "location":"querystring", "locationName":"id" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" } } }, @@ -3476,6 +3585,25 @@ } } }, + "DeleteBucketMetadataConfigurationRequest":{ + "type":"structure", + "required":["Bucket"], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The general purpose bucket that you want to remove the metadata configuration from.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The expected bucket owner of the general purpose bucket that you want to remove the metadata table configuration from.

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + } + }, "DeleteBucketMetadataTableConfigurationRequest":{ "type":"structure", "required":["Bucket"], @@ -3643,7 +3771,7 @@ "members":{ "Owner":{ "shape":"Owner", - "documentation":"

    The account that created the delete marker.>

    " + "documentation":"

    The account that created the delete marker.

    " }, "Key":{ "shape":"ObjectKey", @@ -3655,7 +3783,7 @@ }, "IsLatest":{ "shape":"IsLatest", - "documentation":"

    Specifies whether the object is (true) or is not (false) the latest version of an object.

    " + "documentation":"

    Specifies whether the object is (true) or is not (false) the latest version of an object.

    " }, "LastModified":{ "shape":"LastModified", @@ -3692,7 +3820,7 @@ "members":{ "DeleteMarker":{ "shape":"DeleteMarker", - "documentation":"

    Indicates whether the specified object version that was permanently deleted was (true) or was not (false) a delete marker before deletion. In a simple DELETE, this header indicates whether (true) or not (false) the current version of the object is a delete marker.

    This functionality is not supported for directory buckets.

    ", + "documentation":"

    Indicates whether the specified object version that was permanently deleted was (true) or was not (false) a delete marker before deletion. In a simple DELETE, this header indicates whether (true) or not (false) the current version of the object is a delete marker. To learn more about delete markers, see Working with delete markers.

    This functionality is not supported for directory buckets.

    ", "location":"header", "locationName":"x-amz-delete-marker" }, @@ -3718,7 +3846,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name of the bucket containing the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name of the bucket containing the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -3761,7 +3889,7 @@ }, "IfMatch":{ "shape":"IfMatch", - "documentation":"

    The If-Match header field makes the request method conditional on ETags. If the ETag value does not match, the operation returns a 412 Precondition Failed error. If the ETag matches or if the object doesn't exist, the operation will return a 204 Success (No Content) response.

    For more information about conditional requests, see RFC 7232.

    This functionality is only supported for directory buckets.

    ", + "documentation":"

    Deletes the object if the ETag (entity tag) value provided during the delete operation matches the ETag of the object in S3. If the ETag values do not match, the operation returns a 412 Precondition Failed error.

    Expects the ETag value as a string. If-Match does accept a string value of an '*' (asterisk) character to denote a match of any ETag.

    For more information about conditional requests, see RFC 7232.

    ", "location":"header", "locationName":"If-Match" }, @@ -3799,7 +3927,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the objects from which to remove the tags.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the objects from which to remove the tags.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -3852,7 +3980,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the objects to delete.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the objects to delete.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -3888,7 +4016,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC-32

    • CRC-32C

    • CRC-64NVME

    • SHA-1

    • SHA-256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC32

    • CRC32C

    • CRC64NVME

    • SHA1

    • SHA256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" } @@ -3927,7 +4055,7 @@ }, "DeleteMarker":{ "shape":"DeleteMarker", - "documentation":"

    Indicates whether the specified object version that was permanently deleted was (true) or was not (false) a delete marker before deletion. In a simple DELETE, this header indicates whether (true) or not (false) the current version of the object is a delete marker.

    This functionality is not supported for directory buckets.

    " + "documentation":"

    Indicates whether the specified object version that was permanently deleted was (true) or was not (false) a delete marker before deletion. In a simple DELETE, this header indicates whether (true) or not (false) the current version of the object is a delete marker. To learn more about delete markers, see Working with delete markers.

    This functionality is not supported for directory buckets.

    " }, "DeleteMarkerVersionId":{ "shape":"DeleteMarkerVersionId", @@ -3957,7 +4085,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    For valid values, see the StorageClass element of the PUT Bucket replication action in the Amazon S3 API Reference.

    " + "documentation":"

    The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    For valid values, see the StorageClass element of the PUT Bucket replication action in the Amazon S3 API Reference.

    FSX_OPENZFS is not an accepted value when replicating objects.

    " }, "AccessControlTranslation":{ "shape":"AccessControlTranslation", @@ -3978,6 +4106,24 @@ }, "documentation":"

    Specifies information about where to publish analysis or configuration results for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC).

    " }, + "DestinationResult":{ + "type":"structure", + "members":{ + "TableBucketType":{ + "shape":"S3TablesBucketType", + "documentation":"

    The type of the table bucket where the metadata configuration is stored. The aws value indicates an Amazon Web Services managed table bucket, and the customer value indicates a customer-managed table bucket. V2 metadata configurations are stored in Amazon Web Services managed table buckets, and V1 metadata configurations are stored in customer-managed table buckets.

    " + }, + "TableBucketArn":{ + "shape":"S3TablesBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket where the metadata configuration is stored.

    " + }, + "TableNamespace":{ + "shape":"S3TablesNamespace", + "documentation":"

    The namespace in the table bucket where the metadata tables for a metadata configuration are stored.

    " + } + }, + "documentation":"

    The destination information for the S3 Metadata configuration.

    " + }, "DirectoryBucketToken":{ "type":"string", "max":1024, @@ -4026,8 +4172,7 @@ }, "EncryptionTypeMismatch":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The existing object was created with a different encryption type. Subsequent write requests must include the appropriate encryption parameters in the request or while creating the session.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -4038,8 +4183,7 @@ }, "EndEvent":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A message that indicates the request is complete and no more messages will be sent. You should not assume that the request is complete until the client receives an EndEvent.

    ", "event":true }, @@ -4071,14 +4215,14 @@ "members":{ "ErrorCode":{ "shape":"ErrorCode", - "documentation":"

    If the CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable and s3tables:PutTablePolicy permissions, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableAlreadyExists - The table that you specified already exists in the table bucket's namespace. Specify a different table name. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableBucketNotFound - The table bucket that you specified doesn't exist in this Amazon Web Services Region and account. Create or choose a different table bucket. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    " + "documentation":"

    If the V1 CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable and s3tables:PutTablePolicy permissions, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableAlreadyExists - The table that you specified already exists in the table bucket's namespace. Specify a different table name. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableBucketNotFound - The table bucket that you specified doesn't exist in this Amazon Web Services Region and account. Create or choose a different table bucket. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    If the V2 CreateBucketMetadataConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateTableBucket, s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable, s3tables:PutTablePolicy, kms:DescribeKey, and s3tables:PutTableEncryption permissions. Additionally, ensure that the KMS key used to encrypt the table still exists, is active and has a resource policy granting access to the S3 service principals 'maintenance.s3tables.amazonaws.com' and 'metadata.s3.amazonaws.com'. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • JournalTableAlreadyExists - A journal table already exists in the Amazon Web Services managed table bucket's namespace. Delete the journal table, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • InventoryTableAlreadyExists - An inventory table already exists in the Amazon Web Services managed table bucket's namespace. Delete the inventory table, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • JournalTableNotAvailable - The journal table that the inventory table relies on has a FAILED status. An inventory table requires a journal table with an ACTIVE status. To create a new journal or inventory table, you must delete the metadata configuration for this bucket, along with any journal or inventory tables, and then create a new metadata configuration.

    • NoSuchBucket - The specified general purpose bucket does not exist.

    " }, "ErrorMessage":{ "shape":"ErrorMessage", - "documentation":"

    If the CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error message. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable and s3tables:PutTablePolicy permissions, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableAlreadyExists - The table that you specified already exists in the table bucket's namespace. Specify a different table name. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableBucketNotFound - The table bucket that you specified doesn't exist in this Amazon Web Services Region and account. Create or choose a different table bucket. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    " + "documentation":"

    If the V1 CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error message. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable and s3tables:PutTablePolicy permissions, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableAlreadyExists - The table that you specified already exists in the table bucket's namespace. Specify a different table name. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • TableBucketNotFound - The table bucket that you specified doesn't exist in this Amazon Web Services Region and account. Create or choose a different table bucket. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    If the V2 CreateBucketMetadataConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code. The possible error codes and error messages are as follows:

    • AccessDeniedCreatingResources - You don't have sufficient permissions to create the required resources. Make sure that you have s3tables:CreateTableBucket, s3tables:CreateNamespace, s3tables:CreateTable, s3tables:GetTable, s3tables:PutTablePolicy, kms:DescribeKey, and s3tables:PutTableEncryption permissions. Additionally, ensure that the KMS key used to encrypt the table still exists, is active and has a resource policy granting access to the S3 service principals 'maintenance.s3tables.amazonaws.com' and 'metadata.s3.amazonaws.com'. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • AccessDeniedWritingToTable - Unable to write to the metadata table because of missing resource permissions. To fix the resource policy, Amazon S3 needs to create a new metadata table. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • DestinationTableNotFound - The destination table doesn't exist. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • ServerInternalError - An internal error has occurred. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • JournalTableAlreadyExists - A journal table already exists in the Amazon Web Services managed table bucket's namespace. Delete the journal table, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • InventoryTableAlreadyExists - An inventory table already exists in the Amazon Web Services managed table bucket's namespace. Delete the inventory table, and then try again. To create a new metadata table, you must delete the metadata configuration for this bucket, and then create a new metadata configuration.

    • JournalTableNotAvailable - The journal table that the inventory table relies on has a FAILED status. An inventory table requires a journal table with an ACTIVE status. To create a new journal or inventory table, you must delete the metadata configuration for this bucket, along with any journal or inventory tables, and then create a new metadata configuration.

    • NoSuchBucket - The specified general purpose bucket does not exist.

    " } }, - "documentation":"

    If the CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code and error message.

    " + "documentation":"

    If an S3 Metadata V1 CreateBucketMetadataTableConfiguration or V2 CreateBucketMetadataConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code and error message.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " }, "ErrorDocument":{ "type":"structure", @@ -4132,8 +4276,7 @@ }, "EventBridgeConfiguration":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A container for specifying the configuration for Amazon EventBridge.

    " }, "EventList":{ @@ -4160,6 +4303,13 @@ ] }, "Expiration":{"type":"string"}, + "ExpirationState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "ExpirationStatus":{ "type":"string", "enum":[ @@ -4171,7 +4321,7 @@ "type":"boolean", "box":true }, - "Expires":{"type":"timestamp"}, + "Expires":{"type":"string"}, "ExposeHeader":{"type":"string"}, "ExposeHeaders":{ "type":"list", @@ -4417,6 +4567,12 @@ "documentation":"

    The ID used to identify the S3 Intelligent-Tiering configuration.

    ", "location":"querystring", "locationName":"id" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" } } }, @@ -4527,7 +4683,7 @@ "members":{ "LocationConstraint":{ "shape":"BucketLocationConstraint", - "documentation":"

    Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see Regions and Endpoints. Buckets in Region us-east-1 have a LocationConstraint of null.

    " + "documentation":"

    Specifies the Region where the bucket resides. For a list of all the Amazon S3 supported location constraints by Region, see Regions and Endpoints.

    Buckets in Region us-east-1 have a LocationConstraint of null. Buckets with a LocationConstraint of EU reside in eu-west-1.

    " } } }, @@ -4575,6 +4731,46 @@ } } }, + "GetBucketMetadataConfigurationOutput":{ + "type":"structure", + "members":{ + "GetBucketMetadataConfigurationResult":{ + "shape":"GetBucketMetadataConfigurationResult", + "documentation":"

    The metadata configuration for the general purpose bucket.

    " + } + }, + "payload":"GetBucketMetadataConfigurationResult" + }, + "GetBucketMetadataConfigurationRequest":{ + "type":"structure", + "required":["Bucket"], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The general purpose bucket that corresponds to the metadata configuration that you want to retrieve.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The expected owner of the general purpose bucket that you want to retrieve the metadata table configuration for.

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + } + }, + "GetBucketMetadataConfigurationResult":{ + "type":"structure", + "required":["MetadataConfigurationResult"], + "members":{ + "MetadataConfigurationResult":{ + "shape":"MetadataConfigurationResult", + "documentation":"

    The metadata configuration for a general purpose bucket.

    " + } + }, + "documentation":"

    The S3 Metadata configuration for a general purpose bucket.

    " + }, "GetBucketMetadataTableConfigurationOutput":{ "type":"structure", "members":{ @@ -4591,14 +4787,14 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The general purpose bucket that contains the metadata table configuration that you want to retrieve.

    ", + "documentation":"

    The general purpose bucket that corresponds to the metadata table configuration that you want to retrieve.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" }, "ExpectedBucketOwner":{ "shape":"AccountId", - "documentation":"

    The expected owner of the general purpose bucket that you want to retrieve the metadata table configuration from.

    ", + "documentation":"

    The expected owner of the general purpose bucket that you want to retrieve the metadata table configuration for.

    ", "location":"header", "locationName":"x-amz-expected-bucket-owner" } @@ -4613,18 +4809,18 @@ "members":{ "MetadataTableConfigurationResult":{ "shape":"MetadataTableConfigurationResult", - "documentation":"

    The metadata table configuration for a general purpose bucket.

    " + "documentation":"

    The V1 S3 Metadata configuration for a general purpose bucket.

    " }, "Status":{ "shape":"MetadataTableStatus", - "documentation":"

    The status of the metadata table. The status values are:

    • CREATING - The metadata table is in the process of being created in the specified table bucket.

    • ACTIVE - The metadata table has been created successfully and records are being delivered to the table.

    • FAILED - Amazon S3 is unable to create the metadata table, or Amazon S3 is unable to deliver records. See ErrorDetails for details.

    " + "documentation":"

    The status of the metadata table. The status values are:

    • CREATING - The metadata table is in the process of being created in the specified table bucket.

    • ACTIVE - The metadata table has been created successfully, and records are being delivered to the table.

    • FAILED - Amazon S3 is unable to create the metadata table, or Amazon S3 is unable to deliver records. See ErrorDetails for details.

    " }, "Error":{ "shape":"ErrorDetails", "documentation":"

    If the CreateBucketMetadataTableConfiguration request succeeds, but S3 Metadata was unable to create the table, this structure contains the error code and error message.

    " } }, - "documentation":"

    The metadata table configuration for a general purpose bucket.

    " + "documentation":"

    The V1 S3 Metadata configuration for a general purpose bucket.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " }, "GetBucketMetricsConfigurationOutput":{ "type":"structure", @@ -4728,7 +4924,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name to get the bucket policy for.

    Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide

    Access points - When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    Access points and Object Lambda access points are not supported by directory buckets.

    ", + "documentation":"

    The bucket name to get the bucket policy for.

    Directory buckets - When you use this operation with a directory bucket, you must use path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must also follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide

    Access points - When you use this API operation with an access point, provide the alias of the access point in place of the bucket name.

    Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    Object Lambda access points are not supported by directory buckets.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -4954,7 +5150,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name that contains the object for which to get the ACL information.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name that contains the object for which to get the ACL information.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -4990,7 +5186,7 @@ "members":{ "DeleteMarker":{ "shape":"DeleteMarker", - "documentation":"

    Specifies whether the object retrieved was (true) or was not (false) a delete marker. If false, this response header does not appear in the response.

    This functionality is not supported for directory buckets.

    ", + "documentation":"

    Specifies whether the object retrieved was (true) or was not (false) a delete marker. If false, this response header does not appear in the response. To learn more about delete markers, see Working with delete markers.

    This functionality is not supported for directory buckets.

    ", "location":"header", "locationName":"x-amz-delete-marker" }, @@ -5025,7 +5221,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    Provides the storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    For more information, see Storage Classes.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    Provides the storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    For more information, see Storage Classes.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " }, "ObjectSize":{ "shape":"ObjectSize", @@ -5059,7 +5255,7 @@ }, "Parts":{ "shape":"PartsList", - "documentation":"

    A container for elements related to a particular part. A response can contain zero or more Parts elements.

    • General purpose buckets - For GetObjectAttributes, if a additional checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) isn't applied to the object specified in the request, the response doesn't return Part.

    • Directory buckets - For GetObjectAttributes, no matter whether a additional checksum is applied to the object specified in the request, the response returns Part.

    ", + "documentation":"

    A container for elements related to a particular part. A response can contain zero or more Parts elements.

    • General purpose buckets - For GetObjectAttributes, if an additional checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) isn't applied to the object specified in the request, the response doesn't return the Part element.

    • Directory buckets - For GetObjectAttributes, regardless of whether an additional checksum is applied to the object specified in the request, the response returns the Part element.

    ", "locationName":"Part" } }, @@ -5075,7 +5271,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket that contains the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket that contains the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5094,13 +5290,13 @@ }, "MaxParts":{ "shape":"MaxParts", - "documentation":"

    Sets the maximum number of parts to return.

    ", + "documentation":"

    Sets the maximum number of parts to return. For more information, see Uploading and copying objects using multipart upload in Amazon S3 in the Amazon Simple Storage Service user guide.

    ", "location":"header", "locationName":"x-amz-max-parts" }, "PartNumberMarker":{ "shape":"PartNumberMarker", - "documentation":"

    Specifies the part after which listing should begin. Only parts with higher part numbers will be listed.

    ", + "documentation":"

    Specifies the part after which listing should begin. Only parts with higher part numbers will be listed. For more information, see Uploading and copying objects using multipart upload in Amazon S3 in the Amazon Simple Storage Service user guide.

    ", "location":"header", "locationName":"x-amz-part-number-marker" }, @@ -5161,7 +5357,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object whose legal hold status you want to retrieve.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object whose legal hold status you want to retrieve.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5207,7 +5403,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket whose Object Lock configuration you want to retrieve.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket whose Object Lock configuration you want to retrieve.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5248,7 +5444,7 @@ }, "Restore":{ "shape":"Restore", - "documentation":"

    Provides information about object restoration action and expiration time of the restored object copy.

    This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    ", + "documentation":"

    Provides information about object restoration action and expiration time of the restored object copy.

    This functionality is not supported for directory buckets. Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    ", "location":"header", "locationName":"x-amz-restore" }, @@ -5272,31 +5468,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -5368,7 +5564,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3.

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -5404,7 +5600,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    ", + "documentation":"

    Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    ", "location":"header", "locationName":"x-amz-storage-class" }, @@ -5461,7 +5657,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points - When you use this action with an Object Lambda access point, you must direct requests to the Object Lambda access point hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5582,7 +5778,7 @@ }, "ChecksumMode":{ "shape":"ChecksumMode", - "documentation":"

    To retrieve the checksum, this mode must be enabled.

    General purpose buckets - In addition, if you enable checksum mode and the object is uploaded with a checksum and encrypted with an Key Management Service (KMS) key, you must have permission to use the kms:Decrypt action to retrieve the checksum.

    ", + "documentation":"

    To retrieve the checksum, this mode must be enabled.

    ", "location":"header", "locationName":"x-amz-checksum-mode" } @@ -5612,7 +5808,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object whose retention settings you want to retrieve.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object whose retention settings you want to retrieve.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5667,7 +5863,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object for which to get the tagging information.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object for which to get the tagging information.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5832,7 +6028,7 @@ "documentation":"

    URI of the grantee group.

    " } }, - "documentation":"

    Container for the person being granted permissions.

    ", + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    Container for the person being granted permissions.

    ", "xmlNamespace":{ "prefix":"xsi", "uri":"http://www.w3.org/2001/XMLSchema-instance" @@ -5848,6 +6044,12 @@ "HeadBucketOutput":{ "type":"structure", "members":{ + "BucketArn":{ + "shape":"S3RegionalOrS3ExpressBucketArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 bucket. ARNs uniquely identify Amazon Web Services resources across all of Amazon Web Services.

    This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.

    ", + "location":"header", + "locationName":"x-amz-bucket-arn" + }, "BucketLocationType":{ "shape":"LocationType", "documentation":"

    The type of location where the bucket is created.

    This functionality is only supported by directory buckets.

    ", @@ -5880,7 +6082,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points - When you use this API operation with an Object Lambda access point, provide the alias of the Object Lambda access point in place of the bucket name. If the Object Lambda access point alias in a request is not valid, the error code InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, see List of Error Codes.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -5916,7 +6118,7 @@ }, "Restore":{ "shape":"Restore", - "documentation":"

    If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see RestoreObject or an archive copy is already restored.

    If an archive copy is already restored, the header value indicates when Amazon S3 is scheduled to delete the object copy. For example:

    x-amz-restore: ongoing-request=\"false\", expiry-date=\"Fri, 21 Dec 2012 00:00:00 GMT\"

    If the object restoration is in progress, the header returns the value ongoing-request=\"true\".

    For more information about archiving objects, see Transitioning Objects: General Considerations.

    This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    ", + "documentation":"

    If the object is an archived object (an object whose storage class is GLACIER), the response includes this header if either the archive restoration is in progress (see RestoreObject or an archive copy is already restored.

    If an archive copy is already restored, the header value indicates when Amazon S3 is scheduled to delete the object copy. For example:

    x-amz-restore: ongoing-request=\"false\", expiry-date=\"Fri, 21 Dec 2012 00:00:00 GMT\"

    If the object restoration is in progress, the header returns the value ongoing-request=\"true\".

    For more information about archiving objects, see Transitioning Objects: General Considerations.

    This functionality is not supported for directory buckets. Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    ", "location":"header", "locationName":"x-amz-restore" }, @@ -5940,31 +6142,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only be present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -6022,6 +6224,12 @@ "location":"header", "locationName":"Content-Type" }, + "ContentRange":{ + "shape":"ContentRange", + "documentation":"

    The portion of the object returned in the response for a GET request.

    ", + "location":"header", + "locationName":"Content-Range" + }, "Expires":{ "shape":"Expires", "documentation":"

    The date and time at which the object is no longer cacheable.

    ", @@ -6036,7 +6244,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse).

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -6072,7 +6280,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    For more information, see Storage Classes.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    ", + "documentation":"

    Provides storage class information of the object. Amazon S3 returns this header for all objects except for S3 Standard storage class objects.

    For more information, see Storage Classes.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    ", "location":"header", "locationName":"x-amz-storage-class" }, @@ -6093,6 +6301,12 @@ "location":"header", "locationName":"x-amz-mp-parts-count" }, + "TagCount":{ + "shape":"TagCount", + "documentation":"

    The number of tags, if any, on the object, when you have the relevant permission to read object tags.

    You can use GetObjectTagging to retrieve the tag set associated with an object.

    This functionality is not supported for directory buckets.

    ", + "location":"header", + "locationName":"x-amz-tagging-count" + }, "ObjectLockMode":{ "shape":"ObjectLockMode", "documentation":"

    The Object Lock mode, if any, that's in effect for this object. This header is only returned if the requester has the s3:GetObjectRetention permission. For more information about S3 Object Lock, see Object Lock.

    This functionality is not supported for directory buckets.

    ", @@ -6122,7 +6336,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket that contains the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket that contains the object.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -6253,6 +6467,13 @@ "HttpErrorCodeReturnedEquals":{"type":"string"}, "HttpRedirectCode":{"type":"string"}, "ID":{"type":"string"}, + "IdempotencyParameterMismatch":{ + "type":"structure", + "members":{}, + "documentation":"

    Parameters on this idempotent request are inconsistent with parameters used in previous request(s).

    For a list of error codes and more information on Amazon S3 errors, see Error codes.

    Idempotency ensures that an API request completes no more than one time. With an idempotent request, if the original request completes successfully, any subsequent retries complete successfully without performing any further actions.

    ", + "error":{"httpStatusCode":400}, + "exception":true + }, "IfMatch":{"type":"string"}, "IfMatchInitiatedTime":{ "type":"timestamp", @@ -6412,16 +6633,14 @@ }, "InvalidRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You may receive this error in multiple cases. Depending on the reason for the error, you may receive one of the messages below:

    • Cannot specify both a write offset value and user-defined object metadata for existing objects.

    • Checksum Type mismatch occurred, expected checksum Type: sha1, actual checksum Type: crc32c.

    • Request body cannot be empty when 'write offset' is specified.

    ", "error":{"httpStatusCode":400}, "exception":true }, "InvalidWriteOffset":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The write offset value that you specified does not match the current object size.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -6465,13 +6684,20 @@ "documentation":"

    Specifies the schedule for generating inventory results.

    " } }, - "documentation":"

    Specifies the inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference.

    " + "documentation":"

    Specifies the S3 Inventory configuration for an Amazon S3 bucket. For more information, see GET Bucket inventory in the Amazon S3 API Reference.

    " }, "InventoryConfigurationList":{ "type":"list", "member":{"shape":"InventoryConfiguration"}, "flattened":true }, + "InventoryConfigurationState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "InventoryDestination":{ "type":"structure", "required":["S3BucketDestination"], @@ -6481,7 +6707,7 @@ "documentation":"

    Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.

    " } }, - "documentation":"

    Specifies the inventory configuration for an Amazon S3 bucket.

    " + "documentation":"

    Specifies the S3 Inventory configuration for an Amazon S3 bucket.

    " }, "InventoryEncryption":{ "type":"structure", @@ -6497,7 +6723,7 @@ "locationName":"SSE-KMS" } }, - "documentation":"

    Contains the type of server-side encryption used to encrypt the inventory results.

    " + "documentation":"

    Contains the type of server-side encryption used to encrypt the S3 Inventory results.

    " }, "InventoryFilter":{ "type":"structure", @@ -6508,7 +6734,7 @@ "documentation":"

    The prefix that an object must have to be included in the inventory results.

    " } }, - "documentation":"

    Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria.

    " + "documentation":"

    Specifies an S3 Inventory filter. The inventory only includes objects that meet the filter's criteria.

    " }, "InventoryFormat":{ "type":"string", @@ -6588,7 +6814,7 @@ "documentation":"

    Contains the type of server-side encryption used to encrypt the inventory results.

    " } }, - "documentation":"

    Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where inventory results are published.

    " + "documentation":"

    Contains the bucket name, file format, bucket owner (optional), and prefix (optional) where S3 Inventory results are published.

    " }, "InventorySchedule":{ "type":"structure", @@ -6599,7 +6825,61 @@ "documentation":"

    Specifies how frequently inventory results are produced.

    " } }, - "documentation":"

    Specifies the schedule for generating inventory results.

    " + "documentation":"

    Specifies the schedule for generating S3 Inventory results.

    " + }, + "InventoryTableConfiguration":{ + "type":"structure", + "required":["ConfigurationState"], + "members":{ + "ConfigurationState":{ + "shape":"InventoryConfigurationState", + "documentation":"

    The configuration state of the inventory table, indicating whether the inventory table is enabled or disabled.

    " + }, + "EncryptionConfiguration":{ + "shape":"MetadataTableEncryptionConfiguration", + "documentation":"

    The encryption configuration for the inventory table.

    " + } + }, + "documentation":"

    The inventory table configuration for an S3 Metadata configuration.

    " + }, + "InventoryTableConfigurationResult":{ + "type":"structure", + "required":["ConfigurationState"], + "members":{ + "ConfigurationState":{ + "shape":"InventoryConfigurationState", + "documentation":"

    The configuration state of the inventory table, indicating whether the inventory table is enabled or disabled.

    " + }, + "TableStatus":{ + "shape":"MetadataTableStatus", + "documentation":"

    The status of the inventory table. The status values are:

    • CREATING - The inventory table is in the process of being created in the specified Amazon Web Services managed table bucket.

    • BACKFILLING - The inventory table is in the process of being backfilled. When you enable the inventory table for your metadata configuration, the table goes through a process known as backfilling, during which Amazon S3 scans your general purpose bucket to retrieve the initial metadata for all objects in the bucket. Depending on the number of objects in your bucket, this process can take several hours. When the backfilling process is finished, the status of your inventory table changes from BACKFILLING to ACTIVE. After backfilling is completed, updates to your objects are reflected in the inventory table within one hour.

    • ACTIVE - The inventory table has been created successfully, and records are being delivered to the table.

    • FAILED - Amazon S3 is unable to create the inventory table, or Amazon S3 is unable to deliver records.

    " + }, + "Error":{"shape":"ErrorDetails"}, + "TableName":{ + "shape":"S3TablesName", + "documentation":"

    The name of the inventory table.

    " + }, + "TableArn":{ + "shape":"S3TablesArn", + "documentation":"

    The Amazon Resource Name (ARN) for the inventory table.

    " + } + }, + "documentation":"

    The inventory table configuration for an S3 Metadata configuration.

    " + }, + "InventoryTableConfigurationUpdates":{ + "type":"structure", + "required":["ConfigurationState"], + "members":{ + "ConfigurationState":{ + "shape":"InventoryConfigurationState", + "documentation":"

    The configuration state of the inventory table, indicating whether the inventory table is enabled or disabled.

    " + }, + "EncryptionConfiguration":{ + "shape":"MetadataTableEncryptionConfiguration", + "documentation":"

    The encryption configuration for the inventory table.

    " + } + }, + "documentation":"

    The specified updates to the S3 Metadata inventory table configuration.

    " }, "IsEnabled":{ "type":"boolean", @@ -6648,10 +6928,65 @@ "LINES" ] }, + "JournalTableConfiguration":{ + "type":"structure", + "required":["RecordExpiration"], + "members":{ + "RecordExpiration":{ + "shape":"RecordExpiration", + "documentation":"

    The journal table record expiration settings for the journal table.

    " + }, + "EncryptionConfiguration":{ + "shape":"MetadataTableEncryptionConfiguration", + "documentation":"

    The encryption configuration for the journal table.

    " + } + }, + "documentation":"

    The journal table configuration for an S3 Metadata configuration.

    " + }, + "JournalTableConfigurationResult":{ + "type":"structure", + "required":[ + "TableStatus", + "TableName", + "RecordExpiration" + ], + "members":{ + "TableStatus":{ + "shape":"MetadataTableStatus", + "documentation":"

    The status of the journal table. The status values are:

    • CREATING - The journal table is in the process of being created in the specified table bucket.

    • ACTIVE - The journal table has been created successfully, and records are being delivered to the table.

    • FAILED - Amazon S3 is unable to create the journal table, or Amazon S3 is unable to deliver records.

    " + }, + "Error":{"shape":"ErrorDetails"}, + "TableName":{ + "shape":"S3TablesName", + "documentation":"

    The name of the journal table.

    " + }, + "TableArn":{ + "shape":"S3TablesArn", + "documentation":"

    The Amazon Resource Name (ARN) for the journal table.

    " + }, + "RecordExpiration":{ + "shape":"RecordExpiration", + "documentation":"

    The journal table record expiration settings for the journal table.

    " + } + }, + "documentation":"

    The journal table configuration for the S3 Metadata configuration.

    " + }, + "JournalTableConfigurationUpdates":{ + "type":"structure", + "required":["RecordExpiration"], + "members":{ + "RecordExpiration":{ + "shape":"RecordExpiration", + "documentation":"

    The journal table record expiration settings for the journal table.

    " + } + }, + "documentation":"

    The specified updates to the S3 Metadata journal table configuration.

    " + }, "KMSContext":{"type":"string"}, "KeyCount":{"type":"integer"}, "KeyMarker":{"type":"string"}, "KeyPrefixEquals":{"type":"string"}, + "KmsKeyArn":{"type":"string"}, "LambdaFunctionArn":{"type":"string"}, "LambdaFunctionConfiguration":{ "type":"structure", @@ -6729,12 +7064,12 @@ }, "Prefix":{ "shape":"Prefix", - "documentation":"

    Prefix identifying one or more objects to which the rule applies. This is no longer used; use Filter instead.

    Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

    ", + "documentation":"

    The general purpose bucket prefix that identifies one or more objects to which the rule applies. We recommend using Filter instead of Prefix for new PUTs. Previous configurations where a prefix is defined will continue to operate as before.

    Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

    ", "deprecated":true }, "Filter":{ "shape":"LifecycleRuleFilter", - "documentation":"

    The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix, Tag, or And specified. Filter is required if the LifecycleRule does not contain a Prefix element.

    Tag filters are not supported for directory buckets.

    " + "documentation":"

    The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix, Tag, ObjectSizeGreaterThan, ObjectSizeLessThan, or And specified. Filter is required if the LifecycleRule does not contain a Prefix element.

    For more information about Tag filters, see Adding filters to Lifecycle rules in the Amazon S3 User Guide.

    Tag filters are not supported for directory buckets.

    " }, "Status":{ "shape":"ExpirationStatus", @@ -6892,6 +7227,12 @@ "documentation":"

    The ContinuationToken that represents a placeholder from where this request should begin.

    ", "location":"querystring", "locationName":"continuation-token" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" } } }, @@ -7134,14 +7475,14 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" }, "Delimiter":{ "shape":"Delimiter", - "documentation":"

    Character you use to group keys.

    All keys that contain the same string between the prefix, if specified, and the first occurrence of the delimiter after the prefix are grouped under a single result element, CommonPrefixes. If you don't specify the prefix parameter, then the substring starts at the beginning of the key. The keys that are grouped under CommonPrefixes result element are not returned elsewhere in the response.

    Directory buckets - For directory buckets, / is the only supported delimiter.

    ", + "documentation":"

    Character you use to group keys.

    All keys that contain the same string between the prefix, if specified, and the first occurrence of the delimiter after the prefix are grouped under a single result element, CommonPrefixes. If you don't specify the prefix parameter, then the substring starts at the beginning of the key. The keys that are grouped under CommonPrefixes result element are not returned elsewhere in the response.

    CommonPrefixes is filtered out from results if it is not lexicographically greater than the key-marker.

    Directory buckets - For directory buckets, / is the only supported delimiter.

    ", "location":"querystring", "locationName":"delimiter" }, @@ -7218,7 +7559,7 @@ }, "DeleteMarkers":{ "shape":"DeleteMarkers", - "documentation":"

    Container for an object that is a delete marker.

    ", + "documentation":"

    Container for an object that is a delete marker. To learn more about delete markers, see Working with delete markers.

    ", "locationName":"DeleteMarker" }, "Name":{ @@ -7265,7 +7606,7 @@ }, "Delimiter":{ "shape":"Delimiter", - "documentation":"

    A delimiter is a character that you specify to group keys. All keys that contain the same string between the prefix and the first occurrence of the delimiter are grouped under a single result element in CommonPrefixes. These groups are counted as one result against the max-keys limitation. These keys are not returned elsewhere in the response.

    ", + "documentation":"

    A delimiter is a character that you specify to group keys. All keys that contain the same string between the prefix and the first occurrence of the delimiter are grouped under a single result element in CommonPrefixes. These groups are counted as one result against the max-keys limitation. These keys are not returned elsewhere in the response.

    CommonPrefixes is filtered out from results if it is not lexicographically greater than the key-marker.

    ", "location":"querystring", "locationName":"delimiter" }, @@ -7374,14 +7715,14 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket containing the objects.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket containing the objects.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" }, "Delimiter":{ "shape":"Delimiter", - "documentation":"

    A delimiter is a character that you use to group keys.

    ", + "documentation":"

    A delimiter is a character that you use to group keys.

    CommonPrefixes is filtered out from results if it is not lexicographically greater than the key-marker.

    ", "location":"querystring", "locationName":"delimiter" }, @@ -7470,7 +7811,7 @@ }, "ContinuationToken":{ "shape":"Token", - "documentation":"

    If ContinuationToken was sent with the request, it is included in the response. You can use the returned ContinuationToken for pagination of the list response. You can use this ContinuationToken for pagination of the list results.

    " + "documentation":"

    If ContinuationToken was sent with the request, it is included in the response. You can use the returned ContinuationToken for pagination of the list response.

    " }, "NextContinuationToken":{ "shape":"NextToken", @@ -7493,14 +7834,14 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" }, "Delimiter":{ "shape":"Delimiter", - "documentation":"

    A delimiter is a character that you use to group keys.

    • Directory buckets - For directory buckets, / is the only supported delimiter.

    • Directory buckets - When you query ListObjectsV2 with a delimiter during in-progress multipart uploads, the CommonPrefixes response parameter contains the prefixes that are associated with the in-progress multipart uploads. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.

    ", + "documentation":"

    A delimiter is a character that you use to group keys.

    CommonPrefixes is filtered out from results if it is not lexicographically greater than the StartAfter value.

    • Directory buckets - For directory buckets, / is the only supported delimiter.

    • Directory buckets - When you query ListObjectsV2 with a delimiter during in-progress multipart uploads, the CommonPrefixes response parameter contains the prefixes that are associated with the in-progress multipart uploads. For more information about multipart uploads, see Multipart Upload Overview in the Amazon S3 User Guide.

    ", "location":"querystring", "locationName":"delimiter" }, @@ -7619,7 +7960,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    The class of storage used to store the uploaded object.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    The class of storage used to store the uploaded object.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " }, "RequestCharged":{ "shape":"RequestCharged", @@ -7646,7 +7987,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket to which the parts are being uploaded.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket to which the parts are being uploaded.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -7720,7 +8061,7 @@ "documentation":"

    The name of the location where the bucket will be created.

    For directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is usw2-az1.

    " } }, - "documentation":"

    Specifies the location where the bucket will be created.

    For directory buckets, the location type is Availability Zone or Local Zone. For more information about directory buckets, see Directory buckets in the Amazon S3 User Guide.

    This functionality is only supported by directory buckets.

    " + "documentation":"

    Specifies the location where the bucket will be created.

    For directory buckets, the location type is Availability Zone or Local Zone. For more information about directory buckets, see Working with directory buckets in the Amazon S3 User Guide.

    This functionality is only supported by directory buckets.

    " }, "LocationNameAsString":{"type":"string"}, "LocationPrefix":{"type":"string"}, @@ -7798,6 +8139,40 @@ "key":{"shape":"MetadataKey"}, "value":{"shape":"MetadataValue"} }, + "MetadataConfiguration":{ + "type":"structure", + "required":["JournalTableConfiguration"], + "members":{ + "JournalTableConfiguration":{ + "shape":"JournalTableConfiguration", + "documentation":"

    The journal table configuration for a metadata configuration.

    " + }, + "InventoryTableConfiguration":{ + "shape":"InventoryTableConfiguration", + "documentation":"

    The inventory table configuration for a metadata configuration.

    " + } + }, + "documentation":"

    The S3 Metadata configuration for a general purpose bucket.

    " + }, + "MetadataConfigurationResult":{ + "type":"structure", + "required":["DestinationResult"], + "members":{ + "DestinationResult":{ + "shape":"DestinationResult", + "documentation":"

    The destination settings for a metadata configuration.

    " + }, + "JournalTableConfigurationResult":{ + "shape":"JournalTableConfigurationResult", + "documentation":"

    The journal table configuration for a metadata configuration.

    " + }, + "InventoryTableConfigurationResult":{ + "shape":"InventoryTableConfigurationResult", + "documentation":"

    The inventory table configuration for a metadata configuration.

    " + } + }, + "documentation":"

    The S3 Metadata configuration for a general purpose bucket.

    " + }, "MetadataDirective":{ "type":"string", "enum":[ @@ -7829,7 +8204,7 @@ "documentation":"

    The destination information for the metadata table configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " } }, - "documentation":"

    The metadata table configuration for a general purpose bucket.

    " + "documentation":"

    The V1 S3 Metadata configuration for a general purpose bucket.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " }, "MetadataTableConfigurationResult":{ "type":"structure", @@ -7840,7 +8215,22 @@ "documentation":"

    The destination information for the metadata table configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " } }, - "documentation":"

    The metadata table configuration for a general purpose bucket. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " + "documentation":"

    The V1 S3 Metadata configuration for a general purpose bucket. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " + }, + "MetadataTableEncryptionConfiguration":{ + "type":"structure", + "required":["SseAlgorithm"], + "members":{ + "SseAlgorithm":{ + "shape":"TableSseAlgorithm", + "documentation":"

    The encryption type specified for a metadata table. To specify server-side encryption with Key Management Service (KMS) keys (SSE-KMS), use the aws:kms value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the AES256 value.

    " + }, + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    If server-side encryption with Key Management Service (KMS) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.

    " + } + }, + "documentation":"

    The encryption settings for an S3 Metadata journal table or inventory table configuration.

    " }, "MetadataTableStatus":{"type":"string"}, "MetadataValue":{"type":"string"}, @@ -7934,7 +8324,7 @@ "box":true }, "MissingMeta":{"type":"integer"}, - "MpuObjectSize":{"type":"integer"}, + "MpuObjectSize":{"type":"long"}, "MultipartUpload":{ "type":"structure", "members":{ @@ -7952,7 +8342,7 @@ }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    The class of storage used to store the object.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    The class of storage used to store the object.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " }, "Owner":{ "shape":"Owner", @@ -7990,24 +8380,21 @@ "NextVersionIdMarker":{"type":"string"}, "NoSuchBucket":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified bucket does not exist.

    ", "error":{"httpStatusCode":404}, "exception":true }, "NoSuchKey":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified key does not exist.

    ", "error":{"httpStatusCode":404}, "exception":true }, "NoSuchUpload":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified multipart upload does not exist.

    ", "error":{"httpStatusCode":404}, "exception":true @@ -8134,7 +8521,7 @@ }, "StorageClass":{ "shape":"ObjectStorageClass", - "documentation":"

    The class of storage used to store the object.

    Directory buckets - Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    The class of storage used to store the object.

    Directory buckets - Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " }, "Owner":{ "shape":"Owner", @@ -8142,15 +8529,14 @@ }, "RestoreStatus":{ "shape":"RestoreStatus", - "documentation":"

    Specifies the restoration status of an object. Objects in certain storage classes must be restored before they can be retrieved. For more information about these storage classes and how to work with archived objects, see Working with archived objects in the Amazon S3 User Guide.

    This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    Specifies the restoration status of an object. Objects in certain storage classes must be restored before they can be retrieved. For more information about these storage classes and how to work with archived objects, see Working with archived objects in the Amazon S3 User Guide.

    This functionality is not supported for directory buckets. Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " } }, "documentation":"

    An object consists of data and its descriptive metadata.

    " }, "ObjectAlreadyInActiveTierError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    This action is not allowed against this storage tier.

    ", "error":{"httpStatusCode":403}, "exception":true @@ -8306,8 +8692,7 @@ "ObjectLockToken":{"type":"string"}, "ObjectNotInActiveTierError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The source object of the COPY action is not in the active tier and is only stored in Amazon S3 Glacier.

    ", "error":{"httpStatusCode":403}, "exception":true @@ -8334,23 +8719,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the part. This checksum is present if the multipart upload request was created with the CRC-32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the part. This checksum is present if the multipart upload request was created with the CRC32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the part. This checksum is present if the multipart upload request was created with the CRC-32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the part. This checksum is present if the multipart upload request was created with the CRC32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC-64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC-64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 checksum of the part. This checksum is present if the multipart upload request was created with the SHA-1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present if the multipart upload request was created with the SHA1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 checksum of the part. This checksum is present if the multipart upload request was created with the SHA-256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 checksum of the part. This checksum is present if the multipart upload request was created with the SHA256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " } }, "documentation":"

    A container for elements related to an individual part.

    " @@ -8380,7 +8765,8 @@ "OUTPOSTS", "GLACIER_IR", "SNOW", - "EXPRESS_ONEZONE" + "EXPRESS_ONEZONE", + "FSX_OPENZFS" ] }, "ObjectVersion":{ @@ -8487,7 +8873,7 @@ "documentation":"

    Container for the ID of the owner.

    " } }, - "documentation":"

    Container for the owner's display name and ID.

    " + "documentation":"

    End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.

    This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.

    Container for the owner's display name and ID.

    " }, "OwnerOverride":{ "type":"string", @@ -8520,8 +8906,7 @@ }, "ParquetInput":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Container for Parquet.

    " }, "Part":{ @@ -8545,23 +8930,23 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the part. This checksum is present if the object was uploaded with the CRC-32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the part. This checksum is present if the object was uploaded with the CRC32 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the part. This checksum is present if the object was uploaded with the CRC-32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the part. This checksum is present if the object was uploaded with the CRC32C checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC-64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC-64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is present if the multipart upload request was created with the CRC64NVME checksum algorithm, or if the object was uploaded without a checksum (and Amazon S3 added the default checksum, CRC64NVME, to the uploaded object). For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 checksum of the part. This checksum is present if the object was uploaded with the SHA-1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present if the object was uploaded with the SHA1 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 checksum of the part. This checksum is present if the object was uploaded with the SHA-256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + "documentation":"

    The Base64 encoded, 256-bit SHA256 checksum of the part. This checksum is present if the object was uploaded with the SHA256 checksum algorithm. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " } }, "documentation":"

    Container for elements related to a part.

    " @@ -8725,7 +9110,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" } @@ -8763,7 +9148,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -8870,7 +9255,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -8905,7 +9290,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -8944,6 +9329,12 @@ "location":"querystring", "locationName":"id" }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code 403 Forbidden (access denied).

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + }, "IntelligentTieringConfiguration":{ "shape":"IntelligentTieringConfiguration", "documentation":"

    Container for S3 Intelligent-Tiering configuration.

    ", @@ -9013,7 +9404,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9057,7 +9448,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9104,7 +9495,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9209,7 +9600,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9259,6 +9650,12 @@ "documentation":"

    The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) that you want to apply to this Amazon S3 bucket.

    ", "locationName":"OwnershipControls", "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} + }, + "ChecksumAlgorithm":{ + "shape":"ChecksumAlgorithm", + "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "location":"header", + "locationName":"x-amz-sdk-checksum-algorithm" } }, "payload":"OwnershipControls" @@ -9285,7 +9682,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC-32

    • CRC-32C

    • CRC-64NVME

    • SHA-1

    • SHA-256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC32

    • CRC32C

    • CRC64NVME

    • SHA1

    • SHA256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9330,7 +9727,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9376,7 +9773,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9417,7 +9814,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9458,13 +9855,13 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, "MFA":{ "shape":"MFA", - "documentation":"

    The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device.

    ", + "documentation":"

    The concatenation of the authentication device's serial number, a space, and the value that is displayed on your authentication device. The serial number is the number that uniquely identifies the MFA device. For physical MFA devices, this is the unique serial number that's provided with the device. For virtual MFA devices, the serial number is the device ARN. For more information, see Enabling versioning on buckets and Configuring MFA delete in the Amazon Simple Storage Service User Guide.

    ", "location":"header", "locationName":"x-amz-mfa" }, @@ -9505,7 +9902,7 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the request when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

    If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, @@ -9555,7 +9952,7 @@ }, "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name that contains the object to which you want to attach the ACL.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name that contains the object to which you want to attach the ACL.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -9648,7 +10045,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object that you want to place a legal hold on.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object that you want to place a legal hold on.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -9773,31 +10170,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only be present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    The Base64 encoded, 64-bit CRC-64NVME checksum of the object. This header is present if the object was uploaded with the CRC-64NVME checksum algorithm, or if it was uploaded without a checksum (and Amazon S3 added the default checksum, CRC-64NVME, to the uploaded object). For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 64-bit CRC64NVME checksum of the object. This header is present if the object was uploaded with the CRC64NVME checksum algorithm, or if it was uploaded without a checksum (and Amazon S3 added the default checksum, CRC64NVME, to the uploaded object). For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -9809,7 +10206,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3.

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -9882,7 +10279,7 @@ }, "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name to which the PUT action was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name to which the PUT action was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -9931,37 +10328,37 @@ }, "ChecksumAlgorithm":{ "shape":"ChecksumAlgorithm", - "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC-32

    • CRC-32C

    • CRC-64NVME

    • SHA-1

    • SHA-256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see Uploading objects to an Object Lock enabled bucket in the Amazon S3 User Guide.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", + "documentation":"

    Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request.

    For the x-amz-checksum-algorithm header, replace algorithm with the supported algorithm from the following list:

    • CRC32

    • CRC32C

    • CRC64NVME

    • SHA1

    • SHA256

    For more information, see Checking object integrity in the Amazon S3 User Guide.

    If the individual checksum value you provide through x-amz-checksum-algorithm doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, Amazon S3 fails the request with a BadDigest error.

    The Content-MD5 or x-amz-sdk-checksum-algorithm header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information, see Uploading objects to an Object Lock enabled bucket in the Amazon S3 User Guide.

    For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's used for performance.

    ", "location":"header", "locationName":"x-amz-sdk-checksum-algorithm" }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the object. The CRC-64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum is always a full object checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA-1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA-256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -10028,13 +10425,13 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse).

    • General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

    ", + "documentation":"

    The server-side encryption algorithm that was used when you store this object in Amazon S3 or Amazon FSx.

    • General purpose buckets - You have four mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest by using server-side encryption with other key options. For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.

      In the Zonal endpoint API calls (except CopyObject and UploadPartCopy) using the REST API, the encryption request headers must match the encryption settings that are specified in the CreateSession request. You can't override the values of the encryption settings (x-amz-server-side-encryption, x-amz-server-side-encryption-aws-kms-key-id, x-amz-server-side-encryption-context, and x-amz-server-side-encryption-bucket-key-enabled) that are specified in the CreateSession request. You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and Amazon S3 will use the encryption settings values from the CreateSession request to protect new objects in the directory bucket.

      When you use the CLI or the Amazon Web Services SDKs, for CreateSession, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the CreateSession request. It's not supported to override the encryption settings values in the CreateSession request. So in the Zonal endpoint API calls (except CopyObject and UploadPartCopy), the encryption request headers must match the default encryption configuration of the directory bucket.

    • S3 access points for Amazon FSx - When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx. All Amazon FSx file systems have encryption configured by default and are encrypted at rest. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. These processes are handled transparently by Amazon FSx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, "StorageClass":{ "shape":"StorageClass", - "documentation":"

    By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

    • For directory buckets, only the S3 Express One Zone storage class is supported to store newly created objects.

    • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

    ", + "documentation":"

    By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. For more information, see Storage Classes in the Amazon S3 User Guide.

    • Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    • Amazon S3 on Outposts only uses the OUTPOSTS Storage Class.

    ", "location":"header", "locationName":"x-amz-storage-class" }, @@ -10064,7 +10461,7 @@ }, "SSEKMSKeyId":{ "shape":"SSEKMSKeyId", - "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

    General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data.

    Directory buckets - If you specify x-amz-server-side-encryption with aws:kms, the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned the ID of the KMS symmetric encryption customer managed key that's configured for your directory bucket's default encryption setting. If you want to specify the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only specify it with the ID (Key ID or Key ARN) of the KMS customer managed key that's configured for your directory bucket's default encryption setting. Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

    ", + "documentation":"

    Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same account that's issuing the command, you must use the full Key ARN not the Key ID.

    General purpose buckets - If you specify x-amz-server-side-encryption with aws:kms or aws:kms:dsse, this header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key to use. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, but do not provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon Web Services managed key (aws/s3) to protect the data.

    Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify the x-amz-server-side-encryption header to aws:kms. Then, the x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's default KMS customer managed key ID. If you want to explicitly set the x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's default customer managed key (using key ID or ARN, not alias). Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported. Incorrect key specification results in an HTTP 400 Bad Request error.

    ", "location":"header", "locationName":"x-amz-server-side-encryption-aws-kms-key-id" }, @@ -10137,7 +10534,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name that contains the object you want to apply this Object Retention configuration to.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name that contains the object you want to apply this Object Retention configuration to.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -10213,7 +10610,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -10256,6 +10653,7 @@ }, "RequestPayer":{ "shape":"RequestPayer", + "documentation":"

    Confirms that the requester knows that she or he will be charged for the tagging object request. Bucket owners need not specify this parameter in their requests.

    ", "location":"header", "locationName":"x-amz-request-payer" } @@ -10366,12 +10764,29 @@ }, "Range":{"type":"string"}, "RecordDelimiter":{"type":"string"}, + "RecordExpiration":{ + "type":"structure", + "required":["Expiration"], + "members":{ + "Expiration":{ + "shape":"ExpirationState", + "documentation":"

    Specifies whether journal table record expiration is enabled or disabled.

    " + }, + "Days":{ + "shape":"RecordExpirationDays", + "documentation":"

    If you enable journal table record expiration, you can set the number of days to retain your journal table records. Journal table records must be retained for a minimum of 7 days. To set this value, specify any whole number from 7 to 2147483647. For example, to retain your journal table records for one year, set this value to 365.

    ", + "box":true + } + }, + "documentation":"

    The journal table record expiration settings for a journal table in an S3 Metadata configuration.

    " + }, + "RecordExpirationDays":{"type":"integer"}, "RecordsEvent":{ "type":"structure", "members":{ "Payload":{ "shape":"Body", - "documentation":"

    The byte array of partial, one or more result records. S3 Select doesn't guarantee that a record will be self-contained in one record frame. To ensure continuous streaming of data, S3 Select might split the same record across multiple record frames instead of aggregating the results in memory. Some S3 clients (for example, the SDK for Java) handle this behavior by creating a ByteStream out of the response by default. Other clients might not handle this behavior by default. In those cases, you must aggregate the results on the client side and parse the response.

    ", + "documentation":"

    The byte array of partial, one or more result records. S3 Select doesn't guarantee that a record will be self-contained in one record frame. To ensure continuous streaming of data, S3 Select might split the same record across multiple record frames instead of aggregating the results in memory. Some S3 clients (for example, the SDKforJava) handle this behavior by creating a ByteStream out of the response by default. Other clients might not handle this behavior by default. In those cases, you must aggregate the results on the client side and parse the response.

    ", "eventpayload":true } }, @@ -10424,6 +10839,109 @@ "max":20, "min":0 }, + "RenameObjectOutput":{ + "type":"structure", + "members":{} + }, + "RenameObjectRequest":{ + "type":"structure", + "required":[ + "Bucket", + "Key", + "RenameSource" + ], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The bucket name of the directory bucket containing the object.

    You must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Availability Zone. Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "Key":{ + "shape":"ObjectKey", + "documentation":"

    Key name of the object to rename.

    ", + "contextParam":{"name":"Key"}, + "location":"uri", + "locationName":"Key" + }, + "RenameSource":{ + "shape":"RenameSource", + "documentation":"

    Specifies the source for the rename operation. The value must be URL encoded.

    ", + "location":"header", + "locationName":"x-amz-rename-source" + }, + "DestinationIfMatch":{ + "shape":"IfMatch", + "documentation":"

    Renames the object only if the ETag (entity tag) value provided during the operation matches the ETag of the object in S3. The If-Match header field makes the request method conditional on ETags. If the ETag values do not match, the operation returns a 412 Precondition Failed error.

    Expects the ETag value as a string.

    ", + "location":"header", + "locationName":"If-Match" + }, + "DestinationIfNoneMatch":{ + "shape":"IfNoneMatch", + "documentation":"

    Renames the object only if the destination does not already exist in the specified directory bucket. If the object does exist when you send a request with If-None-Match:*, the S3 API will return a 412 Precondition Failed error, preventing an overwrite. The If-None-Match header prevents overwrites of existing data by validating that there's not an object with the same key name already in your directory bucket.

    Expects the * character (asterisk).

    ", + "location":"header", + "locationName":"If-None-Match" + }, + "DestinationIfModifiedSince":{ + "shape":"IfModifiedSince", + "documentation":"

    Renames the object if the destination exists and if it has been modified since the specified time.

    ", + "location":"header", + "locationName":"If-Modified-Since" + }, + "DestinationIfUnmodifiedSince":{ + "shape":"IfUnmodifiedSince", + "documentation":"

    Renames the object if it hasn't been modified since the specified time.

    ", + "location":"header", + "locationName":"If-Unmodified-Since" + }, + "SourceIfMatch":{ + "shape":"RenameSourceIfMatch", + "documentation":"

    Renames the object if the source exists and if its entity tag (ETag) matches the specified ETag.

    ", + "location":"header", + "locationName":"x-amz-rename-source-if-match" + }, + "SourceIfNoneMatch":{ + "shape":"RenameSourceIfNoneMatch", + "documentation":"

    Renames the object if the source exists and if its entity tag (ETag) is different than the specified ETag. If an asterisk (*) character is provided, the operation will fail and return a 412 Precondition Failed error.

    ", + "location":"header", + "locationName":"x-amz-rename-source-if-none-match" + }, + "SourceIfModifiedSince":{ + "shape":"RenameSourceIfModifiedSince", + "documentation":"

    Renames the object if the source exists and if it has been modified since the specified time.

    ", + "location":"header", + "locationName":"x-amz-rename-source-if-modified-since" + }, + "SourceIfUnmodifiedSince":{ + "shape":"RenameSourceIfUnmodifiedSince", + "documentation":"

    Renames the object if the source exists and hasn't been modified since the specified time.

    ", + "location":"header", + "locationName":"x-amz-rename-source-if-unmodified-since" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique string with a max of 64 ASCII characters in the ASCII range of 33 - 126.

    RenameObject supports idempotency using a client token. To make an idempotent API request using RenameObject, specify a client token in the request. You should not reuse the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, the retry fails and an IdempotentParameterMismatch error is returned.

    ", + "idempotencyToken":true, + "location":"header", + "locationName":"x-amz-client-token" + } + } + }, + "RenameSource":{ + "type":"string", + "pattern":"\\/?.+\\/.+" + }, + "RenameSourceIfMatch":{"type":"string"}, + "RenameSourceIfModifiedSince":{ + "type":"timestamp", + "timestampFormat":"rfc822" + }, + "RenameSourceIfNoneMatch":{"type":"string"}, + "RenameSourceIfUnmodifiedSince":{ + "type":"timestamp", + "timestampFormat":"rfc822" + }, "ReplaceKeyPrefixWith":{"type":"string"}, "ReplaceKeyWith":{"type":"string"}, "ReplicaKmsKeyID":{"type":"string"}, @@ -10598,7 +11116,7 @@ }, "RequestCharged":{ "type":"string", - "documentation":"

    If present, indicates that the requester was successfully charged for the request.

    This functionality is not supported for directory buckets.

    ", + "documentation":"

    If present, indicates that the requester was successfully charged for the request. For more information, see Using Requester Pays buckets for storage transfers and usage in the Amazon Simple Storage Service user guide.

    This functionality is not supported for directory buckets.

    ", "enum":["requester"] }, "RequestPayer":{ @@ -10665,7 +11183,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name containing the object to restore.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name containing the object to restore.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -10758,7 +11276,7 @@ "documentation":"

    Indicates when the restored copy will expire. This value is populated only if the object has already been restored. For example:

    x-amz-optional-object-attributes: IsRestoreInProgress=\"false\", RestoreExpiryDate=\"2012-12-21T00:00:00.000Z\"

    " } }, - "documentation":"

    Specifies the restoration status of an object. Objects in certain storage classes must be restored before they can be retrieved. For more information about these storage classes and how to work with archived objects, see Working with archived objects in the Amazon S3 User Guide.

    This functionality is not supported for directory buckets. Only the S3 Express One Zone storage class is supported by directory buckets to store objects.

    " + "documentation":"

    Specifies the restoration status of an object. Objects in certain storage classes must be restored before they can be retrieved. For more information about these storage classes and how to work with archived objects, see Working with archived objects in the Amazon S3 User Guide.

    This functionality is not supported for directory buckets. Directory buckets only support EXPRESS_ONEZONE (the S3 Express One Zone storage class) in Availability Zones and ONEZONE_IA (the S3 One Zone-Infrequent Access storage class) in Dedicated Local Zones.

    " }, "Role":{"type":"string"}, "RoutingRule":{ @@ -10870,8 +11388,21 @@ }, "documentation":"

    Describes an Amazon S3 location that will receive the results of the restore request.

    " }, + "S3RegionalOrS3ExpressBucketArnString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"arn:[^:]+:(s3|s3express):.*" + }, "S3TablesArn":{"type":"string"}, "S3TablesBucketArn":{"type":"string"}, + "S3TablesBucketType":{ + "type":"string", + "enum":[ + "aws", + "customer" + ] + }, "S3TablesDestination":{ "type":"structure", "required":[ @@ -10888,7 +11419,7 @@ "documentation":"

    The name for the metadata table in your metadata table configuration. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " } }, - "documentation":"

    The destination information for the metadata table configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " + "documentation":"

    The destination information for a V1 S3 Metadata configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " }, "S3TablesDestinationResult":{ "type":"structure", @@ -10916,7 +11447,7 @@ "documentation":"

    The table bucket namespace for the metadata table in your metadata table configuration. This value is always aws_s3_metadata.

    " } }, - "documentation":"

    The destination information for the metadata table configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    " + "documentation":"

    The destination information for a V1 S3 Metadata configuration. The destination table bucket must be in the same Region and Amazon Web Services account as the general purpose bucket. The specified metadata table name must be unique within the aws_s3_metadata namespace in the destination table bucket.

    If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using CreateBucketMetadataConfiguration so that you can expire journal table records and create a live inventory table.

    " }, "S3TablesName":{"type":"string"}, "S3TablesNamespace":{"type":"string"}, @@ -10948,8 +11479,7 @@ }, "SSES3":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies the use of SSE-S3 to encrypt delivered inventory reports.

    ", "locationName":"SSE-S3" }, @@ -11111,6 +11641,7 @@ "type":"string", "enum":[ "AES256", + "aws:fsx", "aws:kms", "aws:kms:dsse" ] @@ -11128,7 +11659,7 @@ "documentation":"

    Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the default encryption.

    • General purpose buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse.

    • Directory buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.

    You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Key Alias: alias/alias-name

    If you are using encryption with cross-account or Amazon Web Services service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations.

    • General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.

    • Directory buckets - When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

    Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.

    " } }, - "documentation":"

    Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption.

    • General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key (aws/s3) in your Amazon Web Services account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.

    • Directory buckets - Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The Amazon Web Services managed key (aws/s3) isn't supported.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

    " + "documentation":"

    Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption.

    • General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key (aws/s3) in your Amazon Web Services account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.

    • Directory buckets - Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported.

    • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

    " }, "ServerSideEncryptionConfiguration":{ "type":"structure", @@ -11211,8 +11742,7 @@ }, "SimplePrefix":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    To use simple format for S3 keys for log objects, set SimplePrefix to an empty object.

    [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]

    ", "locationName":"SimplePrefix" }, @@ -11304,7 +11834,8 @@ "OUTPOSTS", "GLACIER_IR", "SNOW", - "EXPRESS_ONEZONE" + "EXPRESS_ONEZONE", + "FSX_OPENZFS" ] }, "StorageClassAnalysis":{ @@ -11340,6 +11871,13 @@ "enum":["V_1"] }, "Suffix":{"type":"string"}, + "TableSseAlgorithm":{ + "type":"string", + "enum":[ + "aws:kms", + "AES256" + ] + }, "Tag":{ "type":"structure", "required":[ @@ -11461,8 +11999,7 @@ "Token":{"type":"string"}, "TooManyParts":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You have attempted to add more parts than the maximum of 10000 that are allowed for this object. You can use the CopyObject operation to copy this object to another and then add more data to the newly copied object.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -11525,7 +12062,7 @@ }, "Days":{ "shape":"Days", - "documentation":"

    Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.

    " + "documentation":"

    Indicates the number of days after creation when objects are transitioned to the specified storage class. If the specified storage class is INTELLIGENT_TIERING, GLACIER_IR, GLACIER, or DEEP_ARCHIVE, valid values are 0 or positive integers. If the specified storage class is STANDARD_IA or ONEZONE_IA, valid values are positive integers greater than 30. Be aware that some storage classes have a minimum storage duration and that you're charged for transitioning objects before their minimum storage duration. For more information, see Constraints and considerations for transitions in the Amazon S3 User Guide.

    " }, "StorageClass":{ "shape":"TransitionStorageClass", @@ -11566,6 +12103,88 @@ ] }, "URI":{"type":"string"}, + "UpdateBucketMetadataInventoryTableConfigurationRequest":{ + "type":"structure", + "required":[ + "Bucket", + "InventoryTableConfiguration" + ], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The general purpose bucket that corresponds to the metadata configuration that you want to enable or disable an inventory table for.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ContentMD5":{ + "shape":"ContentMD5", + "documentation":"

    The Content-MD5 header for the inventory table configuration.

    ", + "location":"header", + "locationName":"Content-MD5" + }, + "ChecksumAlgorithm":{ + "shape":"ChecksumAlgorithm", + "documentation":"

    The checksum algorithm to use with your inventory table configuration.

    ", + "location":"header", + "locationName":"x-amz-sdk-checksum-algorithm" + }, + "InventoryTableConfiguration":{ + "shape":"InventoryTableConfigurationUpdates", + "documentation":"

    The contents of your inventory table configuration.

    ", + "locationName":"InventoryTableConfiguration", + "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The expected owner of the general purpose bucket that corresponds to the metadata table configuration that you want to enable or disable an inventory table for.

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + }, + "payload":"InventoryTableConfiguration" + }, + "UpdateBucketMetadataJournalTableConfigurationRequest":{ + "type":"structure", + "required":[ + "Bucket", + "JournalTableConfiguration" + ], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"

    The general purpose bucket that corresponds to the metadata configuration that you want to enable or disable journal table record expiration for.

    ", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ContentMD5":{ + "shape":"ContentMD5", + "documentation":"

    The Content-MD5 header for the journal table configuration.

    ", + "location":"header", + "locationName":"Content-MD5" + }, + "ChecksumAlgorithm":{ + "shape":"ChecksumAlgorithm", + "documentation":"

    The checksum algorithm to use with your journal table configuration.

    ", + "location":"header", + "locationName":"x-amz-sdk-checksum-algorithm" + }, + "JournalTableConfiguration":{ + "shape":"JournalTableConfigurationUpdates", + "documentation":"

    The contents of your journal table configuration.

    ", + "locationName":"JournalTableConfiguration", + "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    The expected owner of the general purpose bucket that corresponds to the metadata table configuration that you want to enable or disable journal table record expiration for.

    ", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + }, + "payload":"JournalTableConfiguration" + }, "UploadIdMarker":{"type":"string"}, "UploadPartCopyOutput":{ "type":"structure", @@ -11582,7 +12201,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms).

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -11630,7 +12249,7 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"

    The bucket name.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The bucket name.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -11749,7 +12368,7 @@ "members":{ "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 (for example, AES256, aws:kms).

    ", + "documentation":"

    The server-side encryption algorithm used when you store this object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-server-side-encryption" }, @@ -11761,31 +12380,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    The Base64 encoded, 32-bit CRC-32 checksum of the object. This checksum is only be present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    The Base64 encoded, 32-bit CRC-32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    The Base64 encoded, 160-bit SHA-1 digest of the object. This will only be present if the object was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use the API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    The Base64 encoded, 256-bit SHA-256 digest of the object. This will only be present if the object was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only present if the checksum was uploaded with the object. When you use an API operation on an object that was uploaded using multipart uploads, this value may not be a direct checksum value of the full object. Instead, it's a calculation based on the checksum values of each individual part. For more information about how checksums are calculated with multipart uploads, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -11836,7 +12455,7 @@ }, "Bucket":{ "shape":"BucketName", - "documentation":"

    The name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Access points and Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. For more information about S3 on Outposts ARNs, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", + "documentation":"

    The name of the bucket to which the multipart upload was initiated.

    Directory buckets - When you use this operation with a directory bucket, you must use virtual-hosted-style requests in the format Bucket-name.s3express-zone-id.region-code.amazonaws.com. Path-style requests are not supported. Directory bucket names must be unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must follow the format bucket-base-name--zone-id--x-s3 (for example, amzn-s3-demo-bucket--usw2-az1--x-s3). For information about bucket naming restrictions, see Directory bucket naming rules in the Amazon S3 User Guide.

    Access points - When you use this action with an access point for general purpose buckets, you must provide the alias of the access point in place of the bucket name or specify the access point ARN. When you use this action with an access point for directory buckets, you must provide the access point name in place of the bucket name. When using the access point ARN, you must direct requests to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. For more information about access point ARNs, see Using access points in the Amazon S3 User Guide.

    Object Lambda access points are not supported by directory buckets.

    S3 on Outposts - When you use this action with S3 on Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When you use this action with S3 on Outposts, the destination bucket must be the Outposts access point ARN or the access point alias. For more information about S3 on Outposts, see What is S3 on Outposts? in the Amazon S3 User Guide.

    ", "contextParam":{"name":"Bucket"}, "location":"uri", "locationName":"Bucket" @@ -11861,31 +12480,31 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32 checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC-32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 32-bit CRC32C checksum of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA-1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 160-bit SHA1 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA-256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 256-bit SHA256 digest of the object. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-checksum-sha256" }, @@ -12084,37 +12703,37 @@ }, "ChecksumCRC32":{ "shape":"ChecksumCRC32", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit CRC-32 checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit CRC32 checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-checksum-crc32" }, "ChecksumCRC32C":{ "shape":"ChecksumCRC32C", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit CRC-32C checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 32-bit CRC32C checksum of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-checksum-crc32c" }, "ChecksumCRC64NVME":{ "shape":"ChecksumCRC64NVME", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC-64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This header specifies the Base64 encoded, 64-bit CRC64NVME checksum of the part. For more information, see Checking object integrity in the Amazon S3 User Guide.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-checksum-crc64nvme" }, "ChecksumSHA1":{ "shape":"ChecksumSHA1", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 160-bit SHA-1 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 160-bit SHA1 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-checksum-sha1" }, "ChecksumSHA256":{ "shape":"ChecksumSHA256", - "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 256-bit SHA-256 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", + "documentation":"

    This header can be used as a data integrity check to verify that the data received is the same data that was originally sent. This specifies the Base64 encoded, 256-bit SHA256 digest of the object returned by the Object Lambda function. This may not match the checksum for the object stored in Amazon S3. Amazon S3 will perform validation of the checksum values only when the original GetObject request required checksum validation. For more information about checksums, see Checking object integrity in the Amazon S3 User Guide.

    Only one checksum header can be specified at a time. If you supply multiple checksum headers, this request will fail.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-checksum-sha256" }, "DeleteMarker":{ "shape":"DeleteMarker", - "documentation":"

    Specifies whether an object stored in Amazon S3 is (true) or is not (false) a delete marker.

    ", + "documentation":"

    Specifies whether an object stored in Amazon S3 is (true) or is not (false) a delete marker. To learn more about delete markers, see Working with delete markers.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-delete-marker" }, @@ -12197,7 +12816,7 @@ }, "ServerSideEncryption":{ "shape":"ServerSideEncryption", - "documentation":"

    The server-side encryption algorithm used when storing requested object in Amazon S3 (for example, AES256, aws:kms).

    ", + "documentation":"

    The server-side encryption algorithm used when storing requested object in Amazon S3 or Amazon FSx.

    When accessing data stored in Amazon FSx file systems using S3 access points, the only valid server side encryption option is aws:fsx.

    ", "location":"header", "locationName":"x-amz-fwd-header-x-amz-server-side-encryption" }, diff -pruN 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,58 +5,68 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "AccountId": { "required": false, "documentation": "The Account ID used to send the request. This is an optional parameter that will be set automatically for operations that require it.", - "type": "String" + "type": "string" }, "RequiresAccountId": { "required": false, "documentation": "Internal parameter for operations that require account id host prefix.", - "type": "Boolean" + "type": "boolean" }, "OutpostId": { "required": false, "documentation": "The Outpost ID. Some operations have an optional OutpostId which should be used in endpoint construction.", - "type": "String" + "type": "string" }, "Bucket": { "required": false, "documentation": "The S3 bucket used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 bucket.", - "type": "String" + "type": "string" }, "AccessPointName": { "required": false, "documentation": "The S3 AccessPointName used to send the request. This is an optional parameter that will be set automatically for operations that are scoped to an S3 AccessPoint.", - "type": "String" + "type": "string" }, "UseArnRegion": { "builtIn": "AWS::S3Control::UseArnRegion", "required": false, "documentation": "When an Access Point ARN is provided and this flag is enabled, the SDK MUST use the ARN's region when constructing the endpoint instead of the client's configured region.", - "type": "Boolean" + "type": "boolean" + }, + "ResourceArn": { + "required": false, + "documentation": "The resource ARN included in the request. Only set on TagResource, UntagResourceand ListTagsForResource", + "type": "string" + }, + "UseS3ExpressControlEndpoint": { + "required": false, + "documentation": "Internal parameter to indicate whether S3Express operation should use control plane, (ex. ListDirectoryAccessPoints)", + "type": "boolean" } }, "rules": [ @@ -75,99 +85,41 @@ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" + "ref": "UseFIPS" }, - "snow" + true ] }, { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { - "ref": "Endpoint" + "ref": "Region" } - ] + ], + "assign": "partitionResult" }, { - "fn": "parseURL", + "fn": "stringEquals", "argv": [ { - "ref": "Endpoint" - } - ], - "assign": "url" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", + "fn": "getAttr", "argv": [ { - "ref": "Region" - } - ], - "assign": "partitionResult" - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "S3 Snow does not support DualStack", - "type": "error" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "S3 Snow does not support FIPS", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": "{url#scheme}://{url#authority}", - "properties": { - "authSchemes": [ - { - "disableDoubleEncoding": true, - "name": "sigv4", - "signingName": "s3", - "signingRegion": "{Region}" - } - ] + "ref": "partitionResult" }, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" + "name" + ] + }, + "aws-cn" + ] } ], - "type": "tree" + "error": "Partition does not support FIPS", + "type": "error" }, { "conditions": [ @@ -197,36 +149,6 @@ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "partitionResult" - }, - "name" - ] - }, - "aws-cn" - ] - } - ], - "error": "Partition does not support FIPS", - "type": "error" - }, - { - "conditions": [ - { "fn": "isSet", "argv": [ { @@ -511,6 +433,1099 @@ "fn": "isSet", "argv": [ { + "ref": "ResourceArn" + } + ] + }, + { + "fn": "aws.parseArn", + "argv": [ + { + "ref": "ResourceArn" + } + ], + "assign": "resourceArn" + }, + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "resourceArn" + }, + "service" + ] + }, + "s3express" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "partitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "resourceArn" + }, + "region" + ] + } + ], + "assign": "arnPartition" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "arnPartition" + }, + "name" + ] + }, + { + "fn": "getAttr", + "argv": [ + { + "ref": "partitionResult" + }, + "name" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "UseArnRegion" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseArnRegion" + }, + false + ] + }, + { + "fn": "not", + "argv": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "resourceArn" + }, + "region" + ] + }, + "{Region}" + ] + } + ] + } + ], + "error": "Invalid configuration: region from ARN `{resourceArn#region}` does not match client region `{Region}` and UseArnRegion is `false`", + "type": "error" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: DualStack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "S3Express does not support Dual-stack.", + "type": "error" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "endpoint": { + "url": "{url#scheme}://{url#authority}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Client was configured for partition `{partitionResult#name}` but ARN has `{arnPartition#name}`", + "type": "error" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "AccessPointName" + } + ] + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 0, + 7, + true + ], + "assign": "accessPointSuffix" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "accessPointSuffix" + }, + "--xa-s3" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "partitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: DualStack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "S3Express does not support Dual-stack.", + "type": "error" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "endpoint": { + "url": "{url#scheme}://{url#authority}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 7, + 15, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 15, + 17, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 7, + 16, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 16, + 18, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 7, + 20, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 20, + 22, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 7, + 21, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 21, + 23, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 7, + 27, + true + ], + "assign": "s3expressAvailabilityZoneId" + }, + { + "fn": "substring", + "argv": [ + { + "ref": "AccessPointName" + }, + 27, + 29, + true + ], + "assign": "s3expressAvailabilityZoneDelim" + }, + { + "fn": "stringEquals", + "argv": [ + { + "ref": "s3expressAvailabilityZoneDelim" + }, + "--" + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Unrecognized S3Express Access Point name format.", + "type": "error" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "UseS3ExpressControlEndpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseS3ExpressControlEndpoint" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "partitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: DualStack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "S3Express does not support Dual-stack.", + "type": "error" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "endpoint": { + "url": "{url#scheme}://{url#authority}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3express-control-fips.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3express-control.{Region}.{partitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3express", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "snow" + ] + }, + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + }, + { + "fn": "parseURL", + "argv": [ + { + "ref": "Endpoint" + } + ], + "assign": "url" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "partitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "S3 Snow does not support DualStack", + "type": "error" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "S3 Snow does not support FIPS", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": "{url#scheme}://{url#authority}", + "properties": { + "authSchemes": [ + { + "disableDoubleEncoding": true, + "name": "sigv4", + "signingName": "s3", + "signingRegion": "{Region}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { "ref": "AccessPointName" } ] @@ -1784,36 +2799,6 @@ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "partitionResult" - }, - "name" - ] - }, - "aws-cn" - ] - } - ], - "error": "Partition does not support FIPS", - "type": "error" - }, - { - "conditions": [ - { "fn": "isSet", "argv": [ { diff -pruN 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/paginators-1.json 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/paginators-1.json --- 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "CallerAccessGrantsList" + }, + "ListAccessPointsForDirectoryBuckets": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AccessPointList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/service-2.json 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/service-2.json --- 2.23.6-1/awscli/botocore/data/s3control/2018-08-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3control/2018-08-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,7 @@ "locationName":"AssociateAccessGrantsIdentityCenterRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.

    Permissions

    You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.

    Additional Permissions

    You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.

    ", + "documentation":"

    Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.

    Permissions

    You must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.

    Additional Permissions

    You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -45,7 +45,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateAccessGrantResult"}, - "documentation":"

    Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.

    Permissions

    You must have the s3:CreateAccessGrant permission to use this operation.

    Additional Permissions

    For any directory identity - sso:DescribeInstance and sso:DescribeApplication

    For directory users - identitystore:DescribeUser

    For directory groups - identitystore:DescribeGroup

    ", + "documentation":"

    Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.

    Permissions

    You must have the s3:CreateAccessGrant permission to use this operation.

    Additional Permissions

    For any directory identity - sso:DescribeInstance and sso:DescribeApplication

    For directory users - identitystore:DescribeUser

    For directory groups - identitystore:DescribeGroup

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -66,7 +66,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateAccessGrantsInstanceResult"}, - "documentation":"

    Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.

    Permissions

    You must have the s3:CreateAccessGrantsInstance permission to use this operation.

    Additional Permissions

    To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.

    ", + "documentation":"

    Creates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.

    Permissions

    You must have the s3:CreateAccessGrantsInstance permission to use this operation.

    Additional Permissions

    To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -87,7 +87,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateAccessGrantsLocationResult"}, - "documentation":"

    The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

    • The default S3 location s3://

    • A bucket - S3://<bucket-name>

    • A bucket and prefix - S3://<bucket-name>/<prefix>

    When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

    Permissions

    You must have the s3:CreateAccessGrantsLocation permission to use this operation.

    Additional Permissions

    You must also have the following permission for the specified IAM role: iam:PassRole

    ", + "documentation":"

    The S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:

    • The default S3 location s3://

    • A bucket - S3://<bucket-name>

    • A bucket and prefix - S3://<bucket-name>/<prefix>

    When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.

    Permissions

    You must have the s3:CreateAccessGrantsLocation permission to use this operation.

    Additional Permissions

    You must also have the following permission for the specified IAM role: iam:PassRole

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -108,7 +108,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateAccessPointResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon S3 User Guide.

    S3 on Outposts only supports VPC-style access points.

    For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to CreateAccessPoint:

    ", + "documentation":"

    Creates an access point and associates it to a specified bucket. For more information, see Managing access to shared datasets with access points or Managing access to shared datasets in directory buckets with access points in the Amazon S3 User Guide.

    To create an access point and attach it to a volume on an Amazon FSx file system, see CreateAndAttachS3AccessPoint in the Amazon FSx API Reference.

    S3 on Outposts only supports VPC-style access points.

    For more information, see Accessing Amazon S3 on Outposts using virtual private cloud (VPC) only access points in the Amazon S3 User Guide.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to CreateAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -128,7 +128,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateAccessPointForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

    The following actions are related to CreateAccessPointForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Creates an Object Lambda Access Point. For more information, see Transforming objects with Object Lambda Access Points in the Amazon S3 User Guide.

    The following actions are related to CreateAccessPointForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -169,7 +169,7 @@ {"shape":"IdempotencyException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    This operation creates an S3 Batch Operations job.

    You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.

    Related actions include:

    ", + "documentation":"

    This operation creates an S3 Batch Operations job.

    You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    For information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3 User Guide.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -189,7 +189,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"CreateMultiRegionAccessPointResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

    The following actions are related to CreateMultiRegionAccessPoint:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Creates a Multi-Region Access Point and associates it with the specified buckets. For more information about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

    The following actions are related to CreateMultiRegionAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -210,7 +210,7 @@ "locationName":"CreateStorageLensGroupRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.

    To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    ", + "documentation":"

    Creates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags, object size, object age, or a combination of these filters. For each Storage Lens group that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information about S3 Storage Lens groups, see Working with S3 Storage Lens groups.

    To use this operation, you must have the permission to perform the s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens group with Amazon Web Services resource tags, you must also have permission to perform the s3:TagResource action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -225,7 +225,7 @@ "requestUri":"/v20180820/accessgrantsinstance/grant/{id}" }, "input":{"shape":"DeleteAccessGrantRequest"}, - "documentation":"

    Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.

    Permissions

    You must have the s3:DeleteAccessGrant permission to use this operation.

    ", + "documentation":"

    Deletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.

    Permissions

    You must have the s3:DeleteAccessGrant permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -241,7 +241,7 @@ "requestUri":"/v20180820/accessgrantsinstance" }, "input":{"shape":"DeleteAccessGrantsInstanceRequest"}, - "documentation":"

    Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.

    Permissions

    You must have the s3:DeleteAccessGrantsInstance permission to use this operation.

    ", + "documentation":"

    Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.

    Permissions

    You must have the s3:DeleteAccessGrantsInstance permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -257,7 +257,7 @@ "requestUri":"/v20180820/accessgrantsinstance/resourcepolicy" }, "input":{"shape":"DeleteAccessGrantsInstanceResourcePolicyRequest"}, - "documentation":"

    Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.

    Permissions

    You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.

    ", + "documentation":"

    Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.

    Permissions

    You must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -273,7 +273,7 @@ "requestUri":"/v20180820/accessgrantsinstance/location/{id}" }, "input":{"shape":"DeleteAccessGrantsLocationRequest"}, - "documentation":"

    Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.

    Permissions

    You must have the s3:DeleteAccessGrantsLocation permission to use this operation.

    ", + "documentation":"

    Deregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.

    Permissions

    You must have the s3:DeleteAccessGrantsLocation permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -289,7 +289,7 @@ "requestUri":"/v20180820/accesspoint/{name}" }, "input":{"shape":"DeleteAccessPointRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteAccessPoint:

    ", + "documentation":"

    Deletes the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -304,7 +304,7 @@ "requestUri":"/v20180820/accesspointforobjectlambda/{name}" }, "input":{"shape":"DeleteAccessPointForObjectLambdaRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes the specified Object Lambda Access Point.

    The following actions are related to DeleteAccessPointForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Deletes the specified Object Lambda Access Point.

    The following actions are related to DeleteAccessPointForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -319,7 +319,7 @@ "requestUri":"/v20180820/accesspoint/{name}/policy" }, "input":{"shape":"DeleteAccessPointPolicyRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes the access point policy for the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteAccessPointPolicy:

    ", + "documentation":"

    Deletes the access point policy for the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteAccessPointPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -334,7 +334,7 @@ "requestUri":"/v20180820/accesspointforobjectlambda/{name}/policy" }, "input":{"shape":"DeleteAccessPointPolicyForObjectLambdaRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Removes the resource policy for an Object Lambda Access Point.

    The following actions are related to DeleteAccessPointPolicyForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Removes the resource policy for an Object Lambda Access Point.

    The following actions are related to DeleteAccessPointPolicyForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -342,6 +342,19 @@ "RequiresAccountId":{"value":true} } }, + "DeleteAccessPointScope":{ + "name":"DeleteAccessPointScope", + "http":{ + "method":"DELETE", + "requestUri":"/v20180820/accesspoint/{name}/scope" + }, + "input":{"shape":"DeleteAccessPointScopeRequest"}, + "documentation":"

    Deletes an existing access point scope for a directory bucket.

    When you delete the scope of an access point, all prefixes and permissions are deleted.

    To use this operation, you must have the permission to perform the s3express:DeleteAccessPointScope action.

    For information about REST API errors, see REST error responses.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "RequiresAccountId":{"value":true}, + "UseS3ExpressControlEndpoint":{"value":true} + } + }, "DeleteBucket":{ "name":"DeleteBucket", "http":{ @@ -364,7 +377,7 @@ "requestUri":"/v20180820/bucket/{name}/lifecycleconfiguration" }, "input":{"shape":"DeleteBucketLifecycleConfigurationRequest"}, - "documentation":"

    This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.

    Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    For more information about object expiration, see Elements to Describe Lifecycle Actions.

    Related actions include:

    ", + "documentation":"

    This action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.

    Deletes the lifecycle configuration from the specified Outposts bucket. Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer automatically deletes any objects on the basis of rules contained in the deleted lifecycle configuration. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    To use this operation, you must have permission to perform the s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner has this permission and the Outposts bucket owner can grant this permission to others.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    For more information about object expiration, see Elements to Describe Lifecycle Actions.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -379,7 +392,7 @@ "requestUri":"/v20180820/bucket/{name}/policy" }, "input":{"shape":"DeleteBucketPolicyRequest"}, - "documentation":"

    This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.

    This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

    For more information about bucket policies, see Using Bucket Policies and User Policies.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteBucketPolicy:

    ", + "documentation":"

    This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy, see DeleteBucketPolicy in the Amazon S3 API Reference.

    This implementation of the DELETE action uses the policy subresource to delete the policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account to use this action. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

    As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

    For more information about bucket policies, see Using Bucket Policies and User Policies.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteBucketPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -394,7 +407,7 @@ "requestUri":"/v20180820/bucket/{name}/replication" }, "input":{"shape":"DeleteBucketReplicationRequest"}, - "documentation":"

    This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.

    Deletes the replication configuration from the specified S3 on Outposts bucket.

    To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.

    It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketReplication:

    ", + "documentation":"

    This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.

    Deletes the replication configuration from the specified S3 on Outposts bucket.

    To use this operation, you must have permissions to perform the s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets in the Amazon S3 User Guide.

    It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that's returned by a GET request soon after a PUT or DELETE request might return a more recent result than what's on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.

    The following operations are related to DeleteBucketReplication:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -410,7 +423,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketTaggingRequest"}, - "documentation":"

    This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.

    Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteBucketTagging:

    ", + "documentation":"

    This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon S3 API Reference.

    Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon S3 User Guide.

    To use this action, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to DeleteBucketTagging:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -431,7 +444,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Removes the entire tag set from the specified S3 Batch Operations job.

    Permissions

    To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    Related actions include:

    ", + "documentation":"

    Removes the entire tag set from the specified S3 Batch Operations job.

    Permissions

    To use the DeleteJobTagging operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -451,7 +464,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"DeleteMultiRegionAccessPointResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

    The following actions are related to DeleteMultiRegionAccessPoint:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point, only the Multi-Region Access Point itself.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    This request is asynchronous, meaning that you might receive a response before the command has completed. When this request provides a response, it provides a token that you can use to monitor the status of the request with DescribeMultiRegionAccessPointOperation.

    The following actions are related to DeleteMultiRegionAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -467,7 +480,7 @@ "requestUri":"/v20180820/configuration/publicAccessBlock" }, "input":{"shape":"DeletePublicAccessBlockRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

    Related actions include:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -482,7 +495,7 @@ "requestUri":"/v20180820/storagelens/{storagelensid}" }, "input":{"shape":"DeleteStorageLensConfigurationRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -498,7 +511,7 @@ }, "input":{"shape":"DeleteStorageLensConfigurationTaggingRequest"}, "output":{"shape":"DeleteStorageLensConfigurationTaggingResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -514,7 +527,7 @@ "responseCode":204 }, "input":{"shape":"DeleteStorageLensGroupRequest"}, - "documentation":"

    Deletes an existing S3 Storage Lens group.

    To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    ", + "documentation":"

    Deletes an existing S3 Storage Lens group.

    To use this operation, you must have the permission to perform the s3:DeleteStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -536,7 +549,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.

    Related actions include:

    ", + "documentation":"

    Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -552,7 +565,7 @@ }, "input":{"shape":"DescribeMultiRegionAccessPointOperationRequest"}, "output":{"shape":"DescribeMultiRegionAccessPointOperationResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPoint:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -568,7 +581,7 @@ "requestUri":"/v20180820/accessgrantsinstance/identitycenter" }, "input":{"shape":"DissociateAccessGrantsIdentityCenterRequest"}, - "documentation":"

    Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.

    Permissions

    You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.

    Additional Permissions

    You must have the sso:DeleteApplication permission to use this operation.

    ", + "documentation":"

    Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.

    Permissions

    You must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.

    Additional Permissions

    You must have the sso:DeleteApplication permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -585,7 +598,7 @@ }, "input":{"shape":"GetAccessGrantRequest"}, "output":{"shape":"GetAccessGrantResult"}, - "documentation":"

    Get the details of an access grant from your S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrant permission to use this operation.

    ", + "documentation":"

    Get the details of an access grant from your S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrant permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -602,7 +615,7 @@ }, "input":{"shape":"GetAccessGrantsInstanceRequest"}, "output":{"shape":"GetAccessGrantsInstanceResult"}, - "documentation":"

    Retrieves the S3 Access Grants instance for a Region in your account.

    Permissions

    You must have the s3:GetAccessGrantsInstance permission to use this operation.

    GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

    ", + "documentation":"

    Retrieves the S3 Access Grants instance for a Region in your account.

    Permissions

    You must have the s3:GetAccessGrantsInstance permission to use this operation.

    GetAccessGrantsInstance is not supported for cross-account access. You can only call the API from the account that owns the S3 Access Grants instance.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -619,7 +632,7 @@ }, "input":{"shape":"GetAccessGrantsInstanceForPrefixRequest"}, "output":{"shape":"GetAccessGrantsInstanceForPrefixResult"}, - "documentation":"

    Retrieve the S3 Access Grants instance that contains a particular prefix.

    Permissions

    You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.

    Additional Permissions

    The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.

    ", + "documentation":"

    Retrieve the S3 Access Grants instance that contains a particular prefix.

    Permissions

    You must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.

    Additional Permissions

    The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -636,7 +649,7 @@ }, "input":{"shape":"GetAccessGrantsInstanceResourcePolicyRequest"}, "output":{"shape":"GetAccessGrantsInstanceResourcePolicyResult"}, - "documentation":"

    Returns the resource policy of the S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.

    ", + "documentation":"

    Returns the resource policy of the S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -653,7 +666,7 @@ }, "input":{"shape":"GetAccessGrantsLocationRequest"}, "output":{"shape":"GetAccessGrantsLocationResult"}, - "documentation":"

    Retrieves the details of a particular location registered in your S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrantsLocation permission to use this operation.

    ", + "documentation":"

    Retrieves the details of a particular location registered in your S3 Access Grants instance.

    Permissions

    You must have the s3:GetAccessGrantsLocation permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -670,7 +683,7 @@ }, "input":{"shape":"GetAccessPointRequest"}, "output":{"shape":"GetAccessPointResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration information about the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to GetAccessPoint:

    ", + "documentation":"

    Returns configuration information about the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to GetAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -686,7 +699,7 @@ }, "input":{"shape":"GetAccessPointConfigurationForObjectLambdaRequest"}, "output":{"shape":"GetAccessPointConfigurationForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration for an Object Lambda Access Point.

    The following actions are related to GetAccessPointConfigurationForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration for an Object Lambda Access Point.

    The following actions are related to GetAccessPointConfigurationForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -702,7 +715,7 @@ }, "input":{"shape":"GetAccessPointForObjectLambdaRequest"}, "output":{"shape":"GetAccessPointForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration information about the specified Object Lambda Access Point

    The following actions are related to GetAccessPointForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration information about the specified Object Lambda Access Point

    The following actions are related to GetAccessPointForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -718,7 +731,7 @@ }, "input":{"shape":"GetAccessPointPolicyRequest"}, "output":{"shape":"GetAccessPointPolicyResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns the access point policy associated with the specified access point.

    The following actions are related to GetAccessPointPolicy:

    ", + "documentation":"

    Returns the access point policy associated with the specified access point.

    The following actions are related to GetAccessPointPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -734,7 +747,7 @@ }, "input":{"shape":"GetAccessPointPolicyForObjectLambdaRequest"}, "output":{"shape":"GetAccessPointPolicyForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns the resource policy for an Object Lambda Access Point.

    The following actions are related to GetAccessPointPolicyForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns the resource policy for an Object Lambda Access Point.

    The following actions are related to GetAccessPointPolicyForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -750,7 +763,7 @@ }, "input":{"shape":"GetAccessPointPolicyStatusRequest"}, "output":{"shape":"GetAccessPointPolicyStatusResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Indicates whether the specified access point currently has a policy that allows public access. For more information about public access through access points, see Managing Data Access with Amazon S3 access points in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -766,7 +779,7 @@ }, "input":{"shape":"GetAccessPointPolicyStatusForObjectLambdaRequest"}, "output":{"shape":"GetAccessPointPolicyStatusForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns the status of the resource policy associated with an Object Lambda Access Point.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns the status of the resource policy associated with an Object Lambda Access Point.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -774,6 +787,20 @@ "RequiresAccountId":{"value":true} } }, + "GetAccessPointScope":{ + "name":"GetAccessPointScope", + "http":{ + "method":"GET", + "requestUri":"/v20180820/accesspoint/{name}/scope" + }, + "input":{"shape":"GetAccessPointScopeRequest"}, + "output":{"shape":"GetAccessPointScopeResult"}, + "documentation":"

    Returns the access point scope for a directory bucket.

    To use this operation, you must have the permission to perform the s3express:GetAccessPointScope action.

    For information about REST API errors, see REST error responses.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "RequiresAccountId":{"value":true}, + "UseS3ExpressControlEndpoint":{"value":true} + } + }, "GetBucket":{ "name":"GetBucket", "http":{ @@ -782,7 +809,7 @@ }, "input":{"shape":"GetBucketRequest"}, "output":{"shape":"GetBucketResult"}, - "documentation":"

    Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.

    If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

    The following actions are related to GetBucket for Amazon S3 on Outposts:

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    ", + "documentation":"

    Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    If you are using an identity other than the root user of the Amazon Web Services account that owns the Outposts bucket, the calling identity must have the s3-outposts:GetBucket permissions on the specified Outposts bucket and belong to the Outposts bucket owner's account in order to use this action. Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket.

    If you don't have s3-outposts:GetBucket permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

    The following actions are related to GetBucket for Amazon S3 on Outposts:

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -798,7 +825,7 @@ }, "input":{"shape":"GetBucketLifecycleConfigurationRequest"}, "output":{"shape":"GetBucketLifecycleConfigurationResult"}, - "documentation":"

    This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.

    Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    GetBucketLifecycleConfiguration has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following actions are related to GetBucketLifecycleConfiguration:

    ", + "documentation":"

    This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3 bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.

    Returns the lifecycle configuration information set on the Outposts bucket. For more information, see Using Amazon S3 on Outposts and for information about lifecycle configuration, see Object Lifecycle Management in Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner has this permission, by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    GetBucketLifecycleConfiguration has the following special error:

    • Error code: NoSuchLifecycleConfiguration

      • Description: The lifecycle configuration does not exist.

      • HTTP Status Code: 404 Not Found

      • SOAP Fault Code Prefix: Client

    The following actions are related to GetBucketLifecycleConfiguration:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -814,7 +841,7 @@ }, "input":{"shape":"GetBucketPolicyRequest"}, "output":{"shape":"GetBucketPolicyResult"}, - "documentation":"

    This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.

    Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.

    Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

    As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

    For more information about bucket policies, see Using Bucket Policies and User Policies.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to GetBucketPolicy:

    ", + "documentation":"

    This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for an S3 bucket, see GetBucketPolicy in the Amazon S3 API Reference.

    Returns the policy of a specified Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    If you are using an identity other than the root user of the Amazon Web Services account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this action.

    Only users from Outposts bucket owner account with the right permissions can perform actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy permissions or you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access Denied error.

    As a security precaution, the root user of the Amazon Web Services account that owns a bucket can always use this action, even if the policy explicitly denies the root user the ability to perform this action.

    For more information about bucket policies, see Using Bucket Policies and User Policies.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to GetBucketPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -878,7 +905,7 @@ }, "input":{"shape":"GetDataAccessRequest"}, "output":{"shape":"GetDataAccessResult"}, - "documentation":"

    Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.

    Permissions

    You must have the s3:GetDataAccess permission to use this operation.

    Additional Permissions

    The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.

    ", + "documentation":"

    Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.

    Permissions

    You must have the s3:GetDataAccess permission to use this operation.

    Additional Permissions

    The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -900,7 +927,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"NotFoundException"} ], - "documentation":"

    Returns the tags on an S3 Batch Operations job.

    Permissions

    To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    Related actions include:

    ", + "documentation":"

    Returns the tags on an S3 Batch Operations job.

    Permissions

    To use the GetJobTagging operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -916,7 +943,7 @@ }, "input":{"shape":"GetMultiRegionAccessPointRequest"}, "output":{"shape":"GetMultiRegionAccessPointResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration information about the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPoint:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns configuration information about the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -933,7 +960,7 @@ }, "input":{"shape":"GetMultiRegionAccessPointPolicyRequest"}, "output":{"shape":"GetMultiRegionAccessPointPolicyResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns the access control policy of the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPointPolicy:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns the access control policy of the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPointPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -950,7 +977,7 @@ }, "input":{"shape":"GetMultiRegionAccessPointPolicyStatusRequest"}, "output":{"shape":"GetMultiRegionAccessPointPolicyStatusResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPointPolicyStatus:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Indicates whether the specified Multi-Region Access Point has an access control policy that allows public access.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to GetMultiRegionAccessPointPolicyStatus:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -967,7 +994,7 @@ }, "input":{"shape":"GetMultiRegionAccessPointRoutesRequest"}, "output":{"shape":"GetMultiRegionAccessPointRoutesResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.

    To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

    • us-east-1

    • us-west-2

    • ap-southeast-2

    • ap-northeast-1

    • eu-west-1

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or passive.

    To obtain routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

    • us-east-1

    • us-west-2

    • ap-southeast-2

    • ap-northeast-1

    • eu-west-1

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -987,7 +1014,7 @@ "errors":[ {"shape":"NoSuchPublicAccessBlockConfiguration"} ], - "documentation":"

    This operation is not supported by directory buckets.

    Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

    Related actions include:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Retrieves the PublicAccessBlock configuration for an Amazon Web Services account. For more information, see Using Amazon S3 block public access.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1003,7 +1030,7 @@ }, "input":{"shape":"GetStorageLensConfigurationRequest"}, "output":{"shape":"GetStorageLensConfigurationResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1019,7 +1046,7 @@ }, "input":{"shape":"GetStorageLensConfigurationTaggingRequest"}, "output":{"shape":"GetStorageLensConfigurationTaggingResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1035,7 +1062,7 @@ }, "input":{"shape":"GetStorageLensGroupRequest"}, "output":{"shape":"GetStorageLensGroupResult"}, - "documentation":"

    Retrieves the Storage Lens group configuration details.

    To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    ", + "documentation":"

    Retrieves the Storage Lens group configuration details.

    To use this operation, you must have the permission to perform the s3:GetStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1051,7 +1078,7 @@ }, "input":{"shape":"ListAccessGrantsRequest"}, "output":{"shape":"ListAccessGrantsResult"}, - "documentation":"

    Returns the list of access grants in your S3 Access Grants instance.

    Permissions

    You must have the s3:ListAccessGrants permission to use this operation.

    ", + "documentation":"

    Returns the list of access grants in your S3 Access Grants instance.

    Permissions

    You must have the s3:ListAccessGrants permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1068,7 +1095,7 @@ }, "input":{"shape":"ListAccessGrantsInstancesRequest"}, "output":{"shape":"ListAccessGrantsInstancesResult"}, - "documentation":"

    Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.

    Permissions

    You must have the s3:ListAccessGrantsInstances permission to use this operation.

    ", + "documentation":"

    Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.

    Permissions

    You must have the s3:ListAccessGrantsInstances permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1085,7 +1112,7 @@ }, "input":{"shape":"ListAccessGrantsLocationsRequest"}, "output":{"shape":"ListAccessGrantsLocationsResult"}, - "documentation":"

    Returns a list of the locations registered in your S3 Access Grants instance.

    Permissions

    You must have the s3:ListAccessGrantsLocations permission to use this operation.

    ", + "documentation":"

    Returns a list of the locations registered in your S3 Access Grants instance.

    Permissions

    You must have the s3:ListAccessGrantsLocations permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1102,7 +1129,7 @@ }, "input":{"shape":"ListAccessPointsRequest"}, "output":{"shape":"ListAccessPointsResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of the access points that are owned by the current account that's associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to ListAccessPoints:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of the access points. You can retrieve up to 1,000 access points per call. If the call returns more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

    Returns only access points attached to S3 buckets by default. To return all access points specify DataSourceType as ALL.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to ListAccessPoints:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1110,6 +1137,20 @@ "RequiresAccountId":{"value":true} } }, + "ListAccessPointsForDirectoryBuckets":{ + "name":"ListAccessPointsForDirectoryBuckets", + "http":{ + "method":"GET", + "requestUri":"/v20180820/accesspointfordirectory" + }, + "input":{"shape":"ListAccessPointsForDirectoryBucketsRequest"}, + "output":{"shape":"ListAccessPointsForDirectoryBucketsResult"}, + "documentation":"

    Returns a list of the access points that are owned by the Amazon Web Services account and that are associated with the specified directory bucket.

    To list access points for general purpose buckets, see ListAccesspoints.

    To use this operation, you must have the permission to perform the s3express:ListAccessPointsForDirectoryBuckets action.

    For information about REST API errors, see REST error responses.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "RequiresAccountId":{"value":true}, + "UseS3ExpressControlEndpoint":{"value":true} + } + }, "ListAccessPointsForObjectLambda":{ "name":"ListAccessPointsForObjectLambda", "http":{ @@ -1118,7 +1159,7 @@ }, "input":{"shape":"ListAccessPointsForObjectLambdaRequest"}, "output":{"shape":"ListAccessPointsForObjectLambdaResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.

    The following actions are related to ListAccessPointsForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.

    The following actions are related to ListAccessPointsForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1134,7 +1175,7 @@ }, "input":{"shape":"ListCallerAccessGrantsRequest"}, "output":{"shape":"ListCallerAccessGrantsResult"}, - "documentation":"

    Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by GrantScope, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the AllowedByApplication filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (ALL). For more information, see List the caller's access grants in the Amazon S3 User Guide.

    Permissions

    You must have the s3:ListCallerAccessGrants permission to use this operation.

    ", + "documentation":"

    Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by GrantScope, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the AllowedByApplication filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (ALL). For more information, see List the caller's access grants in the Amazon S3 User Guide.

    Permissions

    You must have the s3:ListCallerAccessGrants permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1156,7 +1197,7 @@ {"shape":"InternalServiceException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.

    Related actions include:

    ", + "documentation":"

    Lists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90 days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the ListJobs operation, you must have permission to perform the s3:ListJobs action.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1172,7 +1213,7 @@ }, "input":{"shape":"ListMultiRegionAccessPointsRequest"}, "output":{"shape":"ListMultiRegionAccessPointsResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to ListMultiRegionAccessPoint:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account. Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be associated with a single account.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to ListMultiRegionAccessPoint:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1189,7 +1230,7 @@ }, "input":{"shape":"ListRegionalBucketsRequest"}, "output":{"shape":"ListRegionalBucketsResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon S3 User Guide.

    For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1205,7 +1246,7 @@ }, "input":{"shape":"ListStorageLensConfigurationsRequest"}, "output":{"shape":"ListStorageLensConfigurationsResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1221,7 +1262,7 @@ }, "input":{"shape":"ListStorageLensGroupsRequest"}, "output":{"shape":"ListStorageLensGroupsResult"}, - "documentation":"

    Lists all the Storage Lens groups in the specified home Region.

    To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    ", + "documentation":"

    Lists all the Storage Lens groups in the specified home Region.

    To use this operation, you must have the permission to perform the s3:ListStorageLensGroups action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1237,7 +1278,7 @@ }, "input":{"shape":"ListTagsForResourceRequest"}, "output":{"shape":"ListTagsForResourceResult"}, - "documentation":"

    This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

    Permissions

    You must have the s3:ListTagsForResource permission to use this operation.

    This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    ", + "documentation":"

    This operation allows you to list all of the tags for a specified resource. Each tag is a label consisting of a key and value. Tags can help you organize, track costs for, and control access to resources.

    This operation is only supported for the following Amazon S3 resources:
    Permissions

    For Storage Lens groups and S3 Access Grants, you must have the s3:ListTagsForResource permission to use this operation.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    Directory bucket permissions

    For directory buckets and access points for directory buckets, you must have the s3express:ListTagsForResource permission to use this operation. For more information about directory buckets policies and permissions, see Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1257,7 +1298,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"PutAccessGrantsInstanceResourcePolicyResult"}, - "documentation":"

    Updates the resource policy of the S3 Access Grants instance.

    Permissions

    You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.

    ", + "documentation":"

    Updates the resource policy of the S3 Access Grants instance.

    Permissions

    You must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1277,7 +1318,7 @@ "locationName":"PutAccessPointConfigurationForObjectLambdaRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    This operation is not supported by directory buckets.

    Replaces configuration for an Object Lambda Access Point.

    The following actions are related to PutAccessPointConfigurationForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Replaces configuration for an Object Lambda Access Point.

    The following actions are related to PutAccessPointConfigurationForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1296,7 +1337,7 @@ "locationName":"PutAccessPointPolicyRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    This operation is not supported by directory buckets.

    Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to PutAccessPointPolicy:

    ", + "documentation":"

    Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following actions are related to PutAccessPointPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1315,7 +1356,7 @@ "locationName":"PutAccessPointPolicyForObjectLambdaRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    This operation is not supported by directory buckets.

    Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.

    The following actions are related to PutAccessPointPolicyForObjectLambda:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Creates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.

    The following actions are related to PutAccessPointPolicyForObjectLambda:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1323,6 +1364,23 @@ "RequiresAccountId":{"value":true} } }, + "PutAccessPointScope":{ + "name":"PutAccessPointScope", + "http":{ + "method":"PUT", + "requestUri":"/v20180820/accesspoint/{name}/scope" + }, + "input":{ + "shape":"PutAccessPointScopeRequest", + "locationName":"PutAccessPointScopeRequest", + "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} + }, + "documentation":"

    Creates or replaces the access point scope for a directory bucket. You can use the access point scope to restrict access to specific prefixes, API operations, or a combination of both.

    You can specify any amount of prefixes, but the total length of characters of all prefixes must be less than 256 bytes in size.

    To use this operation, you must have the permission to perform the s3express:PutAccessPointScope action.

    For information about REST API errors, see REST error responses.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", + "staticContextParams":{ + "RequiresAccountId":{"value":true}, + "UseS3ExpressControlEndpoint":{"value":true} + } + }, "PutBucketLifecycleConfiguration":{ "name":"PutBucketLifecycleConfiguration", "http":{ @@ -1398,7 +1456,7 @@ "requestUri":"/v20180820/bucket/{name}/versioning" }, "input":{"shape":"PutBucketVersioningRequest"}, - "documentation":"

    This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.

    Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

    You can set the versioning state to one of the following:

    • Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

    • Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

    If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.

    When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.

    If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following operations are related to PutBucketVersioning for S3 on Outposts.

    ", + "documentation":"

    This operation sets the versioning state for S3 on Outposts buckets only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.

    Sets the versioning state for an S3 on Outposts bucket. With S3 Versioning, you can save multiple distinct copies of your objects and recover from unintended user actions and application failures.

    You can set the versioning state to one of the following:

    • Enabled - Enables versioning for the objects in the bucket. All objects added to the bucket receive a unique version ID.

    • Suspended - Suspends versioning for the objects in the bucket. All objects added to the bucket receive the version ID null.

    If you've never set versioning on your bucket, it has no versioning state. In that case, a GetBucketVersioning request does not return a versioning state value.

    When you enable S3 Versioning, for each object in your bucket, you have a current version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle rules to expire noncurrent versions after a specified time period. For more information, see Creating and managing a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3 User Guide.

    If you have an object expiration lifecycle configuration in your non-versioned bucket and you want to maintain the same permanent delete behavior when you enable versioning, you must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage the deletes of the noncurrent object versions in the version-enabled bucket. For more information, see Versioning in the Amazon S3 User Guide.

    All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

    The following operations are related to PutBucketVersioning for S3 on Outposts.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1425,7 +1483,7 @@ {"shape":"NotFoundException"}, {"shape":"TooManyTagsException"} ], - "documentation":"

    Sets the supplied tag-set on an S3 Batch Operations job.

    A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    • If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.

    • For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.

    • A few things to consider about using tags:

      • Amazon S3 limits the maximum number of tags to 50 tags per job.

      • You can associate up to 50 tags with a job as long as they have unique tag keys.

      • A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.

      • The key and values are case sensitive.

      • For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
    Permissions

    To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.

    Related actions include:

    ", + "documentation":"

    Sets the supplied tag-set on an S3 Batch Operations job.

    A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon S3 User Guide.

    • If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.

    • For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.

    • A few things to consider about using tags:

      • Amazon S3 limits the maximum number of tags to 50 tags per job.

      • You can associate up to 50 tags with a job as long as they have unique tag keys.

      • A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.

      • The key and values are case sensitive.

      • For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
    Permissions

    To use the PutJobTagging operation, you must have permission to perform the s3:PutJobTagging action.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1445,7 +1503,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"PutMultiRegionAccessPointPolicyResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to PutMultiRegionAccessPointPolicy:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Associates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only one policy, so a request made to this action replaces any existing policy that is associated with the specified Multi-Region Access Point.

    This action will always be routed to the US West (Oregon) Region. For more information about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point restrictions and limitations in the Amazon S3 User Guide.

    The following actions are related to PutMultiRegionAccessPointPolicy:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1461,7 +1519,7 @@ "requestUri":"/v20180820/configuration/publicAccessBlock" }, "input":{"shape":"PutPublicAccessBlockRequest"}, - "documentation":"

    This operation is not supported by directory buckets.

    Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.

    Related actions include:

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Creates or modifies the PublicAccessBlock configuration for an Amazon Web Services account. For this operation, users must have the s3:PutAccountPublicAccessBlock permission. For more information, see Using Amazon S3 block public access.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1480,7 +1538,7 @@ "locationName":"PutStorageLensConfigurationRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    This operation is not supported by directory buckets.

    Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1500,7 +1558,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"PutStorageLensConfigurationTaggingResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon S3 User Guide.

    To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon S3 User Guide.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1520,7 +1578,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"SubmitMultiRegionAccessPointRoutesResult"}, - "documentation":"

    This operation is not supported by directory buckets.

    Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.

    When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.

    Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.

    To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

    • us-east-1

    • us-west-2

    • ap-southeast-2

    • ap-northeast-1

    • eu-west-1

    ", + "documentation":"

    This operation is not supported by directory buckets.

    Submits an updated route configuration for a Multi-Region Access Point. This API operation updates the routing status for the specified Regions from active to passive, or from passive to active. A value of 0 indicates a passive status, which means that traffic won't be routed to the specified Region. A value of 100 indicates an active status, which means that traffic will be routed to the specified Region. At least one Region must be active at all times.

    When the routing configuration is changed, any in-progress operations (uploads, copies, deletes, and so on) to formerly active Regions will continue to run to their final completion state (success or failure). The routing configurations of any Regions that aren’t specified remain unchanged.

    Updated routing configurations might not be immediately applied. It can take up to 2 minutes for your changes to take effect.

    To submit routing control changes and failover requests, use the Amazon S3 failover control infrastructure endpoints in these five Amazon Web Services Regions:

    • us-east-1

    • us-west-2

    • ap-southeast-2

    • ap-northeast-1

    • eu-west-1

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1542,7 +1600,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"TagResourceResult"}, - "documentation":"

    Creates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.

    This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    Permissions

    You must have the s3:TagResource permission to use this operation.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    ", + "documentation":"

    Creates a new user-defined tag or updates an existing tag. Each tag is a label consisting of a key and value that is applied to your resource. Tags can help you organize, track costs for, and control access to your resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.

    This operation is only supported for the following Amazon S3 resource:

    This operation is only supported for the following Amazon S3 resource:
    Permissions

    For Storage Lens groups and S3 Access Grants, you must have the s3:TagResource permission to use this operation.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    Directory bucket permissions

    For directory buckets and access points for directory buckets, you must have the s3express:TagResource permission to use this operation. For more information about directory buckets policies and permissions, see Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1559,7 +1617,7 @@ }, "input":{"shape":"UntagResourceRequest"}, "output":{"shape":"UntagResourceResult"}, - "documentation":"

    This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.

    This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    Permissions

    You must have the s3:UntagResource permission to use this operation.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    ", + "documentation":"

    This operation removes the specified user-defined tags from an S3 resource. You can pass one or more tag keys.

    This operation is only supported for the following Amazon S3 resources:
    Permissions

    For Storage Lens groups and S3 Access Grants, you must have the s3:UntagResource permission to use this operation.

    For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    Directory bucket permissions

    For directory buckets and access points for directory buckets, you must have the s3express:UntagResource permission to use this operation. For more information about directory buckets policies and permissions, see Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.

    HTTP Host header syntax

    Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.

    For information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1579,7 +1637,7 @@ "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, "output":{"shape":"UpdateAccessGrantsLocationResult"}, - "documentation":"

    Updates the IAM role of a registered location in your S3 Access Grants instance.

    Permissions

    You must have the s3:UpdateAccessGrantsLocation permission to use this operation.

    Additional Permissions

    You must also have the following permission: iam:PassRole

    ", + "documentation":"

    Updates the IAM role of a registered location in your S3 Access Grants instance.

    Permissions

    You must have the s3:UpdateAccessGrantsLocation permission to use this operation.

    Additional Permissions

    You must also have the following permission: iam:PassRole

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1602,7 +1660,7 @@ {"shape":"NotFoundException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.

    Related actions include:

    ", + "documentation":"

    Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the UpdateJobPriority operation, you must have permission to perform the s3:UpdateJobPriority action.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1625,7 +1683,7 @@ {"shape":"JobStatusException"}, {"shape":"InternalServiceException"} ], - "documentation":"

    Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.

    Related actions include:

    ", + "documentation":"

    Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.

    Permissions

    To use the UpdateJobStatus operation, you must have permission to perform the s3:UpdateJobStatus action.

    Related actions include:

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1645,7 +1703,7 @@ "locationName":"UpdateStorageLensGroupRequest", "xmlNamespace":{"uri":"http://awss3control.amazonaws.com/doc/2018-08-20/"} }, - "documentation":"

    Updates the existing Storage Lens group.

    To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    ", + "documentation":"

    Updates the existing Storage Lens group.

    To use this operation, you must have the permission to perform the s3:UpdateStorageLensGroup action. For more information about the required Storage Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.

    For information about Storage Lens groups errors, see List of Amazon S3 Storage Lens error codes.

    You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.

    ", "endpoint":{ "hostPrefix":"{AccountId}." }, @@ -1768,7 +1826,7 @@ "documentation":"

    The virtual private cloud (VPC) configuration for this access point, if one exists.

    This element is empty if this access point is an Amazon S3 on Outposts access point that is used by other Amazon Web Services services.

    " }, "Bucket":{ - "shape":"BucketName", + "shape":"AccessPointBucketName", "documentation":"

    The name of the bucket associated with this access point.

    " }, "AccessPointArn":{ @@ -1782,10 +1840,22 @@ "BucketAccountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

    " + }, + "DataSourceId":{ + "shape":"DataSourceId", + "documentation":"

    A unique identifier for the data source of the access point.

    " + }, + "DataSourceType":{ + "shape":"DataSourceType", + "documentation":"

    The type of the data source that the access point is attached to.

    " } }, "documentation":"

    An access point used to access a bucket.

    " }, + "AccessPointBucketName":{ + "type":"string", + "max":255 + }, "AccessPointList":{ "type":"list", "member":{ @@ -2023,15 +2093,13 @@ "Boolean":{"type":"boolean"}, "BucketAlreadyExists":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The requested Outposts bucket name is not available. The bucket namespace is shared by all users of the Outposts in this Region. Select a different name and try again.

    ", "exception":true }, "BucketAlreadyOwnedByYou":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The Outposts bucket you tried to create already exists, and you own it.

    ", "exception":true }, @@ -2124,6 +2192,24 @@ }, "documentation":"

    A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.

    For more information about publishing S3 Storage Lens metrics to CloudWatch, see Monitor S3 Storage Lens metrics in CloudWatch in the Amazon S3 User Guide.

    " }, + "ComputeObjectChecksumAlgorithm":{ + "type":"string", + "enum":[ + "CRC32", + "CRC32C", + "CRC64NVME", + "MD5", + "SHA1", + "SHA256" + ] + }, + "ComputeObjectChecksumType":{ + "type":"string", + "enum":[ + "FULL_OBJECT", + "COMPOSITE" + ] + }, "ConfigId":{ "type":"string", "max":64, @@ -2388,7 +2474,8 @@ }, "Name":{ "shape":"AccessPointName", - "documentation":"

    The name you want to assign to this access point.

    ", + "documentation":"

    The name you want to assign to this access point.

    For directory buckets, the access point name must consist of a base name that you provide and suffix that includes the ZoneID (Amazon Web Services Availability Zone or Local Zone) of your bucket location, followed by --xa-s3. For more information, see Managing access to shared datasets in directory buckets with access points in the Amazon S3 User Guide.

    ", + "contextParam":{"name":"AccessPointName"}, "location":"uri", "locationName":"name" }, @@ -2408,6 +2495,14 @@ "BucketAccountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

    For same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.

    " + }, + "Scope":{ + "shape":"Scope", + "documentation":"

    For directory buckets, you can filter access control to specific prefixes, API operations, or a combination of both. For more information, see Managing access to shared datasets in directory buckets with access points in the Amazon S3 User Guide.

    Scope is only supported for access points attached to directory buckets.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of tags that you can apply to an access point. Tags are key-value pairs of metadata used to control access to your access points. For more information about tags, see Using tags with Amazon S3. For information about tagging access points, see Using tags for attribute-based access control (ABAC).

    • You must have the s3:TagResource permission to create an access point with tags for a general purpose bucket.

    • You must have the s3express:TagResource permission to create an access point with tags for a directory bucket.

    " } } }, @@ -2696,6 +2791,22 @@ "documentation":"

    The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.

    ", "sensitive":true }, + "DSSEKMSFilter":{ + "type":"structure", + "members":{ + "KmsKeyArn":{ + "shape":"NonEmptyKmsKeyArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the customer managed KMS key to use for the filter to return objects that are encrypted by the specified key. For best performance, we recommend using the KMSKeyArn filter in conjunction with other object metadata filters, like MatchAnyPrefix, CreatedAfter, or MatchAnyStorageClass.

    You must provide the full KMS Key ARN. You can't use an alias name or alias ARN. For more information, see KMS keys in the Amazon Web Services Key Management Service Developer Guide.

    ", + "box":true + } + }, + "documentation":"

    A filter that returns objects that are encrypted by dual-layer server-side encryption with Amazon Web Services Key Management Service (KMS) keys (DSSE-KMS). You can further refine your filtering by optionally providing a KMS Key ARN to create an object list of DSSE-KMS objects with that specific KMS Key ARN.

    " + }, + "DataSourceId":{ + "type":"string", + "max":191 + }, + "DataSourceType":{"type":"string"}, "Date":{"type":"timestamp"}, "Days":{"type":"integer"}, "DaysAfterInitiation":{"type":"integer"}, @@ -2867,6 +2978,30 @@ } } }, + "DeleteAccessPointScopeRequest":{ + "type":"structure", + "required":[ + "AccountId", + "Name" + ], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the access point with the scope that you want to delete.

    ", + "contextParam":{"name":"AccountId"}, + "hostLabel":true, + "location":"header", + "locationName":"x-amz-account-id" + }, + "Name":{ + "shape":"AccessPointName", + "documentation":"

    The name of the access point with the scope that you want to delete.

    ", + "contextParam":{"name":"AccessPointName"}, + "location":"uri", + "locationName":"name" + } + } + }, "DeleteBucketLifecycleConfigurationRequest":{ "type":"structure", "required":[ @@ -3012,8 +3147,7 @@ }, "DeleteJobTaggingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMarkerReplication":{ "type":"structure", @@ -3142,8 +3276,7 @@ }, "DeleteStorageLensConfigurationTaggingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStorageLensGroupRequest":{ "type":"structure", @@ -3380,7 +3513,7 @@ "type":"string", "max":1024, "min":1, - "pattern":"(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?" + "pattern":"(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?" }, "GeneratedManifestEncryption":{ "type":"structure", @@ -3861,7 +3994,7 @@ "documentation":"

    The name of the specified access point.

    " }, "Bucket":{ - "shape":"BucketName", + "shape":"AccessPointBucketName", "documentation":"

    The name of the bucket associated with the specified access point.

    " }, "NetworkOrigin":{ @@ -3892,6 +4025,47 @@ "BucketAccountId":{ "shape":"AccountId", "documentation":"

    The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

    " + }, + "DataSourceId":{ + "shape":"DataSourceId", + "documentation":"

    The unique identifier for the data source of the access point.

    " + }, + "DataSourceType":{ + "shape":"DataSourceType", + "documentation":"

    The type of the data source that the access point is attached to.

    " + } + } + }, + "GetAccessPointScopeRequest":{ + "type":"structure", + "required":[ + "AccountId", + "Name" + ], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the access point with the scope that you want to retrieve.

    ", + "contextParam":{"name":"AccountId"}, + "hostLabel":true, + "location":"header", + "locationName":"x-amz-account-id" + }, + "Name":{ + "shape":"AccessPointName", + "documentation":"

    The name of the access point with the scope you want to retrieve.

    ", + "contextParam":{"name":"AccessPointName"}, + "location":"uri", + "locationName":"name" + } + } + }, + "GetAccessPointScopeResult":{ + "type":"structure", + "members":{ + "Scope":{ + "shape":"Scope", + "documentation":"

    The contents of the access point scope.

    " } } }, @@ -4165,6 +4339,10 @@ "MatchedGrantTarget":{ "shape":"S3Prefix", "documentation":"

    The S3 URI path of the data to which you are being granted temporary access credentials.

    " + }, + "Grantee":{ + "shape":"Grantee", + "documentation":"

    The user, group, or role that was granted access to the S3 location scope. For directory identities, this API also returns the grants of the IAM role used for the identity-aware request. For more information on identity-aware sessions, see Granting permissions to use identity-aware console sessions.

    " } } }, @@ -4811,6 +4989,10 @@ "MatchAnyStorageClass":{ "shape":"StorageClassList", "documentation":"

    If provided, the generated manifest includes only source bucket objects that are stored with the specified storage class.

    " + }, + "MatchAnyObjectEncryption":{ + "shape":"ObjectEncryptionFilterList", + "documentation":"

    If provided, the generated object list includes only source bucket objects with the indicated server-side encryption type (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C, or NOT-SSE). If you select SSE-KMS or DSSE-KMS, you can optionally further filter your results by specifying a specific KMS Key ARN. If you select SSE-KMS, you can also optionally further filter your results by Bucket Key enabled status.

    " } }, "documentation":"

    The filter used to describe a set of objects for the job's manifest.

    " @@ -4907,6 +5089,11 @@ "shape":"S3ReplicateObjectOperation", "documentation":"

    Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

    This functionality is not supported by directory buckets.

    ", "box":true + }, + "S3ComputeObjectChecksum":{ + "shape":"S3ComputeObjectChecksumOperation", + "documentation":"

    Directs the specified job to compute checksum values for every object in the manifest.

    ", + "box":true } }, "documentation":"

    The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see Operations in the Amazon S3 User Guide.

    " @@ -4968,6 +5155,11 @@ "shape":"JobReportScope", "documentation":"

    Indicates whether the job-completion report will include details of all tasks or only failed tasks.

    ", "box":true + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"

    Lists the Amazon Web Services account ID that owns the target bucket, where the completion report is received.

    ", + "box":true } }, "documentation":"

    Contains the configuration parameters for a job-completion report.

    " @@ -5102,7 +5294,7 @@ }, "ExpiredObjectDeleteMarker":{ "shape":"ExpiredObjectDeleteMarker", - "documentation":"

    Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.

    " + "documentation":"

    Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired. If set to false, the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. To learn more about delete markers, see Working with delete markers.

    " } }, "documentation":"

    The container of the Outposts bucket lifecycle expiration.

    " @@ -5133,7 +5325,7 @@ }, "NoncurrentVersionTransitions":{ "shape":"NoncurrentVersionTransitionList", - "documentation":"

    Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

    This is not supported by Amazon S3 on Outposts buckets.

    " + "documentation":"

    Specifies the transition rule for the lifecycle rule that describes when non-current objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.

    This is not supported by Amazon S3 on Outposts buckets.

    " }, "NoncurrentVersionExpiration":{ "shape":"NoncurrentVersionExpiration", @@ -5455,6 +5647,51 @@ } } }, + "ListAccessPointsForDirectoryBucketsRequest":{ + "type":"structure", + "required":["AccountId"], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the access points.

    ", + "contextParam":{"name":"AccountId"}, + "hostLabel":true, + "location":"header", + "locationName":"x-amz-account-id" + }, + "DirectoryBucket":{ + "shape":"BucketName", + "documentation":"

    The name of the directory bucket associated with the access points you want to list.

    ", + "location":"querystring", + "locationName":"directoryBucket" + }, + "NextToken":{ + "shape":"NonEmptyMaxLength1024String", + "documentation":"

    If NextToken is returned, there are more access points available than requested in the maxResults value. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of access points that you would like returned in the ListAccessPointsForDirectoryBuckets response. If the directory bucket is associated with more than this number of access points, the results include the pagination token NextToken. Make another call using the NextToken to retrieve more results.

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListAccessPointsForDirectoryBucketsResult":{ + "type":"structure", + "members":{ + "AccessPointList":{ + "shape":"AccessPointList", + "documentation":"

    Contains identification and configuration information for one or more access points associated with the directory bucket.

    " + }, + "NextToken":{ + "shape":"NonEmptyMaxLength1024String", + "documentation":"

    If NextToken is returned, there are more access points available than requested in the maxResults value. The value of NextToken is a unique pagination token for each page. Make the call again using the returned token to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours.

    " + } + } + }, "ListAccessPointsForObjectLambdaRequest":{ "type":"structure", "required":["AccountId"], @@ -5524,6 +5761,18 @@ "documentation":"

    The maximum number of access points that you want to include in the list. If the specified bucket has more than this number of access points, then the response will include a continuation token in the NextToken field that you can use to retrieve the next page of access points.

    ", "location":"querystring", "locationName":"maxResults" + }, + "DataSourceId":{ + "shape":"DataSourceId", + "documentation":"

    The unique identifier for the data source of the access point.

    ", + "location":"querystring", + "locationName":"dataSourceId" + }, + "DataSourceType":{ + "shape":"DataSourceType", + "documentation":"

    The type of the data source that the access point is attached to. Returns only access points attached to S3 buckets by default. To return all access points specify DataSourceType as ALL.

    ", + "location":"querystring", + "locationName":"dataSourceType" } } }, @@ -5876,7 +6125,8 @@ }, "ResourceArn":{ "shape":"S3ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you want to list tags for. The tagged resource can be a directory bucket, S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    ", + "contextParam":{"name":"ResourceArn"}, "location":"uri", "locationName":"resourceArn" } @@ -6144,6 +6394,12 @@ "exception":true }, "NoSuchPublicAccessBlockConfigurationMessage":{"type":"string"}, + "NonEmptyKmsKeyArnString":{ + "type":"string", + "max":2000, + "min":1, + "pattern":"arn:aws[a-zA-Z0-9-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-zA-Z0-9-]+" + }, "NonEmptyMaxLength1024String":{ "type":"string", "max":1024, @@ -6213,8 +6469,54 @@ "documentation":"

    ", "exception":true }, + "NotSSEFilter":{ + "type":"structure", + "members":{}, + "documentation":"

    A filter that returns objects that aren't server-side encrypted.

    " + }, "ObjectAgeValue":{"type":"integer"}, "ObjectCreationTime":{"type":"timestamp"}, + "ObjectEncryptionFilter":{ + "type":"structure", + "members":{ + "SSES3":{ + "shape":"SSES3Filter", + "documentation":"

    Filters for objects that are encrypted by server-side encryption with Amazon S3 managed keys (SSE-S3).

    ", + "locationName":"SSE-S3" + }, + "SSEKMS":{ + "shape":"SSEKMSFilter", + "documentation":"

    Filters for objects that are encrypted by server-side encryption with Amazon Web Services Key Management Service (KMS) keys (SSE-KMS).

    ", + "locationName":"SSE-KMS" + }, + "DSSEKMS":{ + "shape":"DSSEKMSFilter", + "documentation":"

    Filters for objects that are encrypted by dual-layer server-side encryption with Amazon Web Services Key Management Service (KMS) keys (DSSE-KMS).

    ", + "locationName":"DSSE-KMS" + }, + "SSEC":{ + "shape":"SSECFilter", + "documentation":"

    Filters for objects that are encrypted by server-side encryption with customer-provided keys (SSE-C).

    ", + "locationName":"SSE-C" + }, + "NOTSSE":{ + "shape":"NotSSEFilter", + "documentation":"

    Filters for objects that are not encrypted by server-side encryption.

    ", + "locationName":"NOT-SSE" + } + }, + "documentation":"

    An optional filter for the S3JobManifestGenerator that identifies the subset of objects by encryption type. This filter is used to create an object list for S3 Batch Operations jobs. If provided, this filter will generate an object list that only includes objects with the specified encryption type.

    ", + "union":true + }, + "ObjectEncryptionFilterList":{ + "type":"list", + "member":{ + "shape":"ObjectEncryptionFilter", + "locationName":"ObjectEncryption" + }, + "max":1, + "min":1 + }, "ObjectLambdaAccessPoint":{ "type":"structure", "required":["Name"], @@ -6398,7 +6700,8 @@ "S3InitiateRestoreObject", "S3PutObjectLegalHold", "S3PutObjectRetention", - "S3ReplicateObject" + "S3ReplicateObject", + "S3ComputeObjectChecksum" ] }, "Organization":{ @@ -6463,6 +6766,13 @@ }, "documentation":"

    A container for the prefix-level storage metrics for S3 Storage Lens.

    " }, + "PrefixesList":{ + "type":"list", + "member":{ + "shape":"Prefix", + "locationName":"Prefix" + } + }, "Priority":{"type":"integer"}, "Privilege":{ "type":"string", @@ -6631,7 +6941,36 @@ }, "Policy":{ "shape":"Policy", - "documentation":"

    The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

    " + "documentation":"

    The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points or Managing access to shared datasets in directory buckets with access points in the Amazon S3 User Guide.

    " + } + } + }, + "PutAccessPointScopeRequest":{ + "type":"structure", + "required":[ + "AccountId", + "Name", + "Scope" + ], + "members":{ + "AccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID that owns the access point with scope that you want to create or replace.

    ", + "contextParam":{"name":"AccountId"}, + "hostLabel":true, + "location":"header", + "locationName":"x-amz-account-id" + }, + "Name":{ + "shape":"AccessPointName", + "documentation":"

    The name of the access point with the scope that you want to create or replace.

    ", + "contextParam":{"name":"AccessPointName"}, + "location":"uri", + "locationName":"name" + }, + "Scope":{ + "shape":"Scope", + "documentation":"

    Object prefixes, API operations, or a combination of both.

    " } } }, @@ -6833,8 +7172,7 @@ }, "PutJobTaggingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutMultiRegionAccessPointPolicyInput":{ "type":"structure", @@ -6976,8 +7314,7 @@ }, "PutStorageLensConfigurationTaggingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Region":{ "type":"structure", @@ -7399,6 +7736,20 @@ "CRC64NVME" ] }, + "S3ComputeObjectChecksumOperation":{ + "type":"structure", + "members":{ + "ChecksumAlgorithm":{ + "shape":"ComputeObjectChecksumAlgorithm", + "documentation":"

    Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + }, + "ChecksumType":{ + "shape":"ComputeObjectChecksumType", + "documentation":"

    Indicates the checksum type that you want Amazon S3 to use to calculate the object’s checksum value. For more information, see Checking object integrity in the Amazon S3 User Guide.

    " + } + }, + "documentation":"

    Directs the specified job to invoke the ComputeObjectChecksum operation on every object listed in the job's manifest.

    " + }, "S3ContentLength":{ "type":"long", "min":0 @@ -7408,7 +7759,7 @@ "members":{ "TargetResource":{ "shape":"S3RegionalOrS3ExpressBucketArnString", - "documentation":"

    Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

    • General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.

    • Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.

    " + "documentation":"

    Specifies the destination bucket Amazon Resource Name (ARN) for the batch copy operation.

    • General purpose buckets - For example, to copy objects to a general purpose bucket named destinationBucket, set the TargetResource property to arn:aws:s3:::destinationBucket.

    • Directory buckets - For example, to copy objects to a directory bucket named destinationBucket in the Availability Zone identified by the AZ ID usw2-az1, set the TargetResource property to arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3. A directory bucket as a destination bucket can be in Availability Zone or Local Zone.

      Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise, you get an HTTP 400 Bad Request error with the error code InvalidRequest.
    " }, "CannedAccessControlList":{ "shape":"S3CannedAccessControlList", @@ -7485,8 +7836,7 @@ }, "S3DeleteObjectTaggingOperation":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Contains no configuration parameters because the DELETE Object tagging (DeleteObjectTagging) API operation accepts only the bucket name and key name as parameters, which are defined in the job's manifest.

    " }, "S3ExpirationInDays":{ @@ -7779,14 +8129,13 @@ }, "S3ReplicateObjectOperation":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Directs the specified job to invoke ReplicateObject on every object in the job's manifest.

    " }, "S3ResourceArn":{ "type":"string", "max":1011, - "pattern":"arn:[^:]+:s3:[^:].*" + "pattern":"arn:[^:]+:s3(express)?:[^:].*" }, "S3Retention":{ "type":"structure", @@ -7896,6 +8245,11 @@ "value":{"shape":"MaxLength1024String"}, "max":8192 }, + "SSECFilter":{ + "type":"structure", + "members":{}, + "documentation":"

    A filter that returns objects that are encrypted by server-side encryption with customer-provided keys (SSE-C).

    " + }, "SSEKMS":{ "type":"structure", "required":["KeyId"], @@ -7920,21 +8274,76 @@ "documentation":"

    Configuration for the use of SSE-KMS to encrypt generated manifest objects.

    ", "locationName":"SSE-KMS" }, - "SSEKMSKeyId":{"type":"string"}, - "SSES3":{ + "SSEKMSFilter":{ "type":"structure", "members":{ + "KmsKeyArn":{ + "shape":"NonEmptyKmsKeyArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the customer managed KMS key to use for the filter to return objects that are encrypted by the specified key. For best performance, we recommend using the KMSKeyArn filter in conjunction with other object metadata filters, like MatchAnyPrefix, CreatedAfter, or MatchAnyStorageClass.

    You must provide the full KMS Key ARN. You can't use an alias name or alias ARN. For more information, see KMS keys in the Amazon Web Services Key Management Service Developer Guide.

    ", + "box":true + }, + "BucketKeyEnabled":{ + "shape":"Boolean", + "documentation":"

    Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Web Services Key Management Service (Amazon Web Services KMS) keys (SSE-KMS). If specified, will filter SSE-KMS encrypted objects by S3 Bucket Key status. For more information, see Reducing the cost of SSE-KMS with Amazon S3 Bucket Keys in the Amazon S3 User Guide.

    ", + "box":true + } }, + "documentation":"

    A filter that returns objects that are encrypted by server-side encryption with Amazon Web Services KMS (SSE-KMS).

    " + }, + "SSEKMSKeyId":{"type":"string"}, + "SSES3":{ + "type":"structure", + "members":{}, "documentation":"

    ", "locationName":"SSE-S3" }, "SSES3Encryption":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Configuration for the use of SSE-S3 to encrypt generated manifest objects.

    ", "locationName":"SSE-S3" }, + "SSES3Filter":{ + "type":"structure", + "members":{}, + "documentation":"

    A filter that returns objects that are encrypted by server-side encryption with Amazon S3 managed keys (SSE-S3).

    " + }, + "Scope":{ + "type":"structure", + "members":{ + "Prefixes":{ + "shape":"PrefixesList", + "documentation":"

    You can specify any amount of prefixes, but the total length of characters of all prefixes must be less than 256 bytes in size.

    ", + "locationName":"Prefixes" + }, + "Permissions":{ + "shape":"ScopePermissionList", + "documentation":"

    You can include one or more API operations as permissions.

    ", + "locationName":"Permissions" + } + }, + "documentation":"

    You can use the access point scope to restrict access to specific prefixes, API operations, or a combination of both.

    For more information, see Manage the scope of your access points for directory buckets.

    " + }, + "ScopePermission":{ + "type":"string", + "enum":[ + "GetObject", + "GetObjectAttributes", + "ListMultipartUploadParts", + "ListBucket", + "ListBucketMultipartUploads", + "PutObject", + "DeleteObject", + "AbortMultipartUpload" + ] + }, + "ScopePermissionList":{ + "type":"list", + "member":{ + "shape":"ScopePermission", + "locationName":"Permission" + } + }, "SecretAccessKey":{ "type":"string", "sensitive":true @@ -8332,8 +8741,7 @@ }, "SubmitMultiRegionAccessPointRoutesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Suffix":{"type":"string"}, "SuspendedCause":{ @@ -8358,7 +8766,7 @@ "documentation":"

    The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.

    " } }, - "documentation":"

    An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.

    This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    " + "documentation":"

    A key-value pair that you use to label your resources. You can add tags to new resources when you create them, or you can add tags to existing resources. Tags can help you organize, track costs for, and control access to resources.

    " }, "TagKeyList":{ "type":"list", @@ -8399,7 +8807,8 @@ }, "ResourceArn":{ "shape":"S3ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you're applying tags to. The tagged resource can be a directory bucket, S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    ", + "contextParam":{"name":"ResourceArn"}, "location":"uri", "locationName":"resourceArn" }, @@ -8411,8 +8820,7 @@ }, "TagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValueString":{ "type":"string", @@ -8506,7 +8914,8 @@ }, "ResourceArn":{ "shape":"S3ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the S3 resource that you're removing tags from. The tagged resource can be a directory bucket, S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.

    ", + "contextParam":{"name":"ResourceArn"}, "location":"uri", "locationName":"resourceArn" }, @@ -8520,8 +8929,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccessGrantsLocationRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/s3outposts/2017-07-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/s3outposts/2017-07-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/s3outposts/2017-07-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3outposts/2017-07-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/s3outposts/2017-07-25/service-2.json 2.31.35-1/awscli/botocore/data/s3outposts/2017-07-25/service-2.json --- 2.23.6-1/awscli/botocore/data/s3outposts/2017-07-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3outposts/2017-07-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"s3-outposts", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Amazon S3 Outposts", "serviceFullName":"Amazon S3 on Outposts", "serviceId":"S3Outposts", "signatureVersion":"v4", "signingName":"s3-outposts", - "uid":"s3outposts-2017-07-25" + "uid":"s3outposts-2017-07-25", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateEndpoint":{ diff -pruN 2.23.6-1/awscli/botocore/data/s3tables/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/s3tables/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/s3tables/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3tables/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/s3tables/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/s3tables/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/s3tables/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3tables/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a namespace. A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see Table namespaces.

    " + "documentation":"

    Creates a namespace. A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see Create a namespace in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:CreateNamespace permission to use this operation.

    " }, "CreateTable":{ "name":"CreateTable", @@ -49,7 +49,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a new table associated with the given namespace in a table bucket.

    " + "documentation":"

    Creates a new table associated with the given namespace in a table bucket. For more information, see Creating an Amazon S3 table in the Amazon Simple Storage Service User Guide.

    Permissions

    • You must have the s3tables:CreateTable permission to use this operation.

    • If you use this operation with the optional metadata request parameter you must have the s3tables:PutTableData permission.

    • If you use this operation with the optional encryptionConfiguration request parameter you must have the s3tables:PutTableEncryption permission.

    • You must have the s3tables:TagResource permission in addition to s3tables:CreateTable permission to create a table with tags.

    Additionally, If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.

    " }, "CreateTableBucket":{ "name":"CreateTableBucket", @@ -68,7 +68,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a table bucket.

    " + "documentation":"

    Creates a table bucket. For more information, see Creating a table bucket in the Amazon Simple Storage Service User Guide.

    Permissions

    • You must have the s3tables:CreateTableBucket permission to use this operation.

    • If you use this operation with the optional encryptionConfiguration parameter you must have the s3tables:PutTableBucketEncryption permission.

    • You must have the s3tables:TagResource permission in addition to s3tables:CreateTableBucket permission to create a table bucket with tags.

    " }, "DeleteNamespace":{ "name":"DeleteNamespace", @@ -86,7 +86,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Deletes a namespace.

    ", + "documentation":"

    Deletes a namespace. For more information, see Delete a namespace in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:DeleteNamespace permission to use this operation.

    ", "idempotent":true }, "DeleteTable":{ @@ -105,7 +105,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Deletes a table.

    ", + "documentation":"

    Deletes a table. For more information, see Deleting an Amazon S3 table in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:DeleteTable permission to use this operation.

    ", "idempotent":true }, "DeleteTableBucket":{ @@ -124,7 +124,45 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Deletes a table bucket.

    ", + "documentation":"

    Deletes a table bucket. For more information, see Deleting a table bucket in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:DeleteTableBucket permission to use this operation.

    ", + "idempotent":true + }, + "DeleteTableBucketEncryption":{ + "name":"DeleteTableBucketEncryption", + "http":{ + "method":"DELETE", + "requestUri":"/buckets/{tableBucketARN}/encryption", + "responseCode":204 + }, + "input":{"shape":"DeleteTableBucketEncryptionRequest"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Deletes the encryption configuration for a table bucket.

    Permissions

    You must have the s3tables:DeleteTableBucketEncryption permission to use this operation.

    ", + "idempotent":true + }, + "DeleteTableBucketMetricsConfiguration":{ + "name":"DeleteTableBucketMetricsConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/buckets/{tableBucketARN}/metrics", + "responseCode":204 + }, + "input":{"shape":"DeleteTableBucketMetricsConfigurationRequest"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Deletes the metrics configuration for a table bucket.

    Permissions

    You must have the s3tables:DeleteTableBucketMetricsConfiguration permission to use this operation.

    ", "idempotent":true }, "DeleteTableBucketPolicy":{ @@ -143,7 +181,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Deletes a table bucket policy.

    ", + "documentation":"

    Deletes a table bucket policy. For more information, see Deleting a table bucket policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:DeleteTableBucketPolicy permission to use this operation.

    ", "idempotent":true }, "DeleteTablePolicy":{ @@ -162,7 +200,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Deletes a table policy.

    ", + "documentation":"

    Deletes a table policy. For more information, see Deleting a table policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:DeleteTablePolicy permission to use this operation.

    ", "idempotent":true }, "GetNamespace":{ @@ -183,13 +221,14 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about a namespace.

    " + "documentation":"

    Gets details about a namespace. For more information, see Table namespaces in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetNamespace permission to use this operation.

    ", + "readonly":true }, "GetTable":{ "name":"GetTable", "http":{ "method":"GET", - "requestUri":"/tables/{tableBucketARN}/{namespace}/{name}", + "requestUri":"/get-table", "responseCode":200 }, "input":{"shape":"GetTableRequest"}, @@ -203,7 +242,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about a table.

    " + "documentation":"

    Gets details about a table. For more information, see S3 Tables in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTable permission to use this operation.

    ", + "readonly":true }, "GetTableBucket":{ "name":"GetTableBucket", @@ -223,7 +263,28 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details on a table bucket.

    " + "documentation":"

    Gets details on a table bucket. For more information, see Viewing details about an Amazon S3 table bucket in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTableBucket permission to use this operation.

    ", + "readonly":true + }, + "GetTableBucketEncryption":{ + "name":"GetTableBucketEncryption", + "http":{ + "method":"GET", + "requestUri":"/buckets/{tableBucketARN}/encryption", + "responseCode":200 + }, + "input":{"shape":"GetTableBucketEncryptionRequest"}, + "output":{"shape":"GetTableBucketEncryptionResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Gets the encryption configuration for a table bucket.

    Permissions

    You must have the s3tables:GetTableBucketEncryption permission to use this operation.

    ", + "readonly":true }, "GetTableBucketMaintenanceConfiguration":{ "name":"GetTableBucketMaintenanceConfiguration", @@ -242,7 +303,28 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about a maintenance configuration for a given table bucket.

    " + "documentation":"

    Gets details about a maintenance configuration for a given table bucket. For more information, see Amazon S3 table bucket maintenance in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTableBucketMaintenanceConfiguration permission to use this operation.

    ", + "readonly":true + }, + "GetTableBucketMetricsConfiguration":{ + "name":"GetTableBucketMetricsConfiguration", + "http":{ + "method":"GET", + "requestUri":"/buckets/{tableBucketARN}/metrics", + "responseCode":200 + }, + "input":{"shape":"GetTableBucketMetricsConfigurationRequest"}, + "output":{"shape":"GetTableBucketMetricsConfigurationResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Gets the metrics configuration for a table bucket.

    Permissions

    You must have the s3tables:GetTableBucketMetricsConfiguration permission to use this operation.

    ", + "readonly":true }, "GetTableBucketPolicy":{ "name":"GetTableBucketPolicy", @@ -261,7 +343,28 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about a table bucket policy.

    " + "documentation":"

    Gets details about a table bucket policy. For more information, see Viewing a table bucket policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTableBucketPolicy permission to use this operation.

    ", + "readonly":true + }, + "GetTableEncryption":{ + "name":"GetTableEncryption", + "http":{ + "method":"GET", + "requestUri":"/tables/{tableBucketARN}/{namespace}/{name}/encryption", + "responseCode":200 + }, + "input":{"shape":"GetTableEncryptionRequest"}, + "output":{"shape":"GetTableEncryptionResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Gets the encryption configuration for a table.

    Permissions

    You must have the s3tables:GetTableEncryption permission to use this operation.

    ", + "readonly":true }, "GetTableMaintenanceConfiguration":{ "name":"GetTableMaintenanceConfiguration", @@ -280,7 +383,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about the maintenance configuration of a table.

    " + "documentation":"

    Gets details about the maintenance configuration of a table. For more information, see S3 Tables maintenance in the Amazon Simple Storage Service User Guide.

    Permissions

    • You must have the s3tables:GetTableMaintenanceConfiguration permission to use this operation.

    • You must have the s3tables:GetTableData permission to use set the compaction strategy to sort or zorder.

    ", + "readonly":true }, "GetTableMaintenanceJobStatus":{ "name":"GetTableMaintenanceJobStatus", @@ -299,7 +403,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets the status of a maintenance job for a table.

    " + "documentation":"

    Gets the status of a maintenance job for a table. For more information, see S3 Tables maintenance in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTableMaintenanceJobStatus permission to use this operation.

    ", + "readonly":true }, "GetTableMetadataLocation":{ "name":"GetTableMetadataLocation", @@ -318,7 +423,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets the location of the table metadata.

    " + "documentation":"

    Gets the location of the table metadata.

    Permissions

    You must have the s3tables:GetTableMetadataLocation permission to use this operation.

    ", + "readonly":true }, "GetTablePolicy":{ "name":"GetTablePolicy", @@ -337,7 +443,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Gets details about a table policy.

    " + "documentation":"

    Gets details about a table policy. For more information, see Viewing a table policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:GetTablePolicy permission to use this operation.

    ", + "readonly":true }, "ListNamespaces":{ "name":"ListNamespaces", @@ -357,7 +464,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Lists the namespaces within a table bucket.

    " + "documentation":"

    Lists the namespaces within a table bucket. For more information, see Table namespaces in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:ListNamespaces permission to use this operation.

    ", + "readonly":true }, "ListTableBuckets":{ "name":"ListTableBuckets", @@ -377,7 +485,8 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Lists table buckets for your account.

    " + "documentation":"

    Lists table buckets for your account. For more information, see S3 Table buckets in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:ListTableBuckets permission to use this operation.

    ", + "readonly":true }, "ListTables":{ "name":"ListTables", @@ -396,7 +505,47 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    List tables in the given table bucket.

    " + "documentation":"

    List tables in the given table bucket. For more information, see S3 Tables in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:ListTables permission to use this operation.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/tag/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Lists all of the tags applied to a specified Amazon S3 Tables resource. Each tag is a label consisting of a key and value pair. Tags can help you organize, track costs for, and control access to resources.

    For a list of S3 resources that support tagging, see Managing tags for Amazon S3 resources.
    Permissions

    For tables and table buckets, you must have the s3tables:ListTagsForResource permission to use this operation.

    ", + "idempotent":true + }, + "PutTableBucketEncryption":{ + "name":"PutTableBucketEncryption", + "http":{ + "method":"PUT", + "requestUri":"/buckets/{tableBucketARN}/encryption", + "responseCode":200 + }, + "input":{"shape":"PutTableBucketEncryptionRequest"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Sets the encryption configuration for a table bucket.

    Permissions

    You must have the s3tables:PutTableBucketEncryption permission to use this operation.

    If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption in the Amazon Simple Storage Service User Guide.
    ", + "idempotent":true }, "PutTableBucketMaintenanceConfiguration":{ "name":"PutTableBucketMaintenanceConfiguration", @@ -414,7 +563,26 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a new maintenance configuration or replaces an existing maintenance configuration for a table bucket.

    " + "documentation":"

    Creates a new maintenance configuration or replaces an existing maintenance configuration for a table bucket. For more information, see Amazon S3 table bucket maintenance in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:PutTableBucketMaintenanceConfiguration permission to use this operation.

    " + }, + "PutTableBucketMetricsConfiguration":{ + "name":"PutTableBucketMetricsConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/buckets/{tableBucketARN}/metrics", + "responseCode":204 + }, + "input":{"shape":"PutTableBucketMetricsConfigurationRequest"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Sets the metrics configuration for a table bucket.

    Permissions

    You must have the s3tables:PutTableBucketMetricsConfiguration permission to use this operation.

    ", + "idempotent":true }, "PutTableBucketPolicy":{ "name":"PutTableBucketPolicy", @@ -432,7 +600,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a new maintenance configuration or replaces an existing table bucket policy for a table bucket.

    ", + "documentation":"

    Creates a new table bucket policy or replaces an existing table bucket policy for a table bucket. For more information, see Adding a table bucket policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:PutTableBucketPolicy permission to use this operation.

    ", "idempotent":true }, "PutTableMaintenanceConfiguration":{ @@ -451,7 +619,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a new maintenance configuration or replaces an existing maintenance configuration for a table.

    " + "documentation":"

    Creates a new maintenance configuration or replaces an existing maintenance configuration for a table. For more information, see S3 Tables maintenance in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:PutTableMaintenanceConfiguration permission to use this operation.

    " }, "PutTablePolicy":{ "name":"PutTablePolicy", @@ -469,7 +637,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Creates a new maintenance configuration or replaces an existing table policy for a table.

    ", + "documentation":"

    Creates a new table policy or replaces an existing table policy for a table. For more information, see Adding a table policy in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:PutTablePolicy permission to use this operation.

    ", "idempotent":true }, "RenameTable":{ @@ -488,7 +656,47 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Renames a table or a namespace.

    " + "documentation":"

    Renames a table or a namespace. For more information, see S3 Tables in the Amazon Simple Storage Service User Guide.

    Permissions

    You must have the s3tables:RenameTable permission to use this operation.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/tag/{resourceArn}", + "responseCode":200 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Applies one or more user-defined tags to an Amazon S3 Tables resource or updates existing tags. Each tag is a label consisting of a key and value pair. Tags can help you organize, track costs for, and control access to your resources. You can add up to 50 tags for each S3 resource.

    For a list of S3 resources that support tagging, see Managing tags for Amazon S3 resources.
    Permissions

    For tables and table buckets, you must have the s3tables:TagResource permission to use this operation.

    ", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/tag/{resourceArn}", + "responseCode":204 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"InternalServerErrorException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Removes the specified user-defined tags from an Amazon S3 Tables resource. You can pass one or more tag keys.

    For a list of S3 resources that support tagging, see Managing tags for Amazon S3 resources.
    Permissions

    For tables and table buckets, you must have the s3tables:UntagResource permission to use this operation.

    ", + "idempotent":true }, "UpdateTableMetadataLocation":{ "name":"UpdateTableMetadataLocation", @@ -507,7 +715,7 @@ {"shape":"ConflictException"}, {"shape":"BadRequestException"} ], - "documentation":"

    Updates the metadata location for a table.

    " + "documentation":"

    Updates the metadata location for a table. The metadata location of a table must be an S3 URI that begins with the table's warehouse location. The metadata location for an Apache Iceberg table must end with .metadata.json, or if the metadata file is Gzip-compressed, .metadata.json.gz.

    Permissions

    You must have the s3tables:UpdateTableMetadataLocation permission to use this operation.

    " } }, "shapes":{ @@ -541,6 +749,10 @@ }, "exception":true }, + "Boolean":{ + "type":"boolean", + "box":true + }, "ConflictException":{ "type":"structure", "members":{ @@ -602,6 +814,14 @@ "name":{ "shape":"TableBucketName", "documentation":"

    The name for the table bucket.

    " + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration to use for the table bucket. This configuration specifies the default encryption settings that will be applied to all tables created in this bucket unless overridden at the table level. The configuration includes the encryption algorithm and, if using SSE-KMS, the KMS key to use.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    A map of user-defined tags that you would like to apply to the table bucket that you are creating. A tag is a key-value pair that you apply to your resources. Tags can help you organize and control access to resources. For more information, see Tagging for cost allocation or attribute-based access control (ABAC).

    You must have the s3tables:TagResource permission in addition to s3tables:CreateTableBucket permisson to create a table bucket with tags.

    " } } }, @@ -643,6 +863,18 @@ "format":{ "shape":"OpenTableFormat", "documentation":"

    The format for the table.

    " + }, + "metadata":{ + "shape":"TableMetadata", + "documentation":"

    The metadata for the table.

    " + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration to use for the table. This configuration specifies the encryption algorithm and, if using SSE-KMS, the KMS key to use for encrypting the table.

    If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.

    " + }, + "tags":{ + "shape":"Tags", + "documentation":"

    A map of user-defined tags that you would like to apply to the table that you are creating. A tag is a key-value pair that you apply to your resources. Tags can help you organize, track costs for, and control access to resources. For more information, see Tagging for cost allocation or attribute-based access control (ABAC).

    You must have the s3tables:TagResource permission in addition to s3tables:CreateTable permission to create a table with tags.

    " } } }, @@ -684,13 +916,37 @@ } } }, + "DeleteTableBucketEncryptionRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, + "DeleteTableBucketMetricsConfigurationRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, "DeleteTableBucketPolicyRequest":{ "type":"structure", "required":["tableBucketARN"], "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", "location":"uri", "locationName":"tableBucketARN" } @@ -718,7 +974,7 @@ "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket that contains the table.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket that contains the table.

    ", "location":"uri", "locationName":"tableBucketARN" }, @@ -770,6 +1026,27 @@ } } }, + "EncryptionConfiguration":{ + "type":"structure", + "required":["sseAlgorithm"], + "members":{ + "sseAlgorithm":{ + "shape":"SSEAlgorithm", + "documentation":"

    The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon Web Services KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.

    " + }, + "kmsKeyArn":{ + "shape":"EncryptionConfigurationKmsKeyArnString", + "documentation":"

    The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.

    " + } + }, + "documentation":"

    Configuration specifying how data should be encrypted. This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.

    " + }, + "EncryptionConfigurationKmsKeyArnString":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+)" + }, "ErrorMessage":{"type":"string"}, "ForbiddenException":{ "type":"structure", @@ -828,6 +1105,36 @@ "ownerAccountId":{ "shape":"AccountId", "documentation":"

    The ID of the account that owns the namespcace.

    " + }, + "namespaceId":{ + "shape":"NamespaceId", + "documentation":"

    The unique identifier of the namespace.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The unique identifier of the table bucket containing this namespace.

    " + } + } + }, + "GetTableBucketEncryptionRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, + "GetTableBucketEncryptionResponse":{ + "type":"structure", + "required":["encryptionConfiguration"], + "members":{ + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration for the table bucket.

    " } } }, @@ -860,13 +1167,39 @@ } } }, + "GetTableBucketMetricsConfigurationRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, + "GetTableBucketMetricsConfigurationResponse":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    " + }, + "id":{ + "shape":"String", + "documentation":"

    The unique identifier of the metrics configuration.

    " + } + } + }, "GetTableBucketPolicyRequest":{ "type":"structure", "required":["tableBucketARN"], "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", "location":"uri", "locationName":"tableBucketARN" } @@ -878,7 +1211,7 @@ "members":{ "resourcePolicy":{ "shape":"ResourcePolicy", - "documentation":"

    The name of the resource policy.

    " + "documentation":"

    The JSON that defines the policy.

    " } } }, @@ -918,6 +1251,52 @@ "createdAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time the table bucket was created.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The unique identifier of the table bucket.

    " + }, + "type":{ + "shape":"TableBucketType", + "documentation":"

    The type of the table bucket.

    " + } + } + }, + "GetTableEncryptionRequest":{ + "type":"structure", + "required":[ + "tableBucketARN", + "namespace", + "name" + ], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket containing the table.

    ", + "location":"uri", + "locationName":"tableBucketARN" + }, + "namespace":{ + "shape":"NamespaceName", + "documentation":"

    The namespace associated with the table.

    ", + "location":"uri", + "locationName":"namespace" + }, + "name":{ + "shape":"TableName", + "documentation":"

    The name of the table.

    ", + "location":"uri", + "locationName":"name" + } + } + }, + "GetTableEncryptionResponse":{ + "type":"structure", + "required":["encryptionConfiguration"], + "members":{ + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration for the table.

    " } } }, @@ -982,13 +1361,13 @@ }, "namespace":{ "shape":"NamespaceName", - "documentation":"

    The name of the namespace the table is associated with. 

    </p>
    ", + "documentation":"

    The name of the namespace the table is associated with.

    ", "location":"uri", "locationName":"namespace" }, "name":{ "shape":"TableName", - "documentation":"

    The name of the maintenance job.

    ", + "documentation":"

    The name of the table containing the maintenance job status you want to check.

    ", "location":"uri", "locationName":"name" } @@ -1070,7 +1449,7 @@ "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket that contains the table.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket that contains the table.

    ", "location":"uri", "locationName":"tableBucketARN" }, @@ -1094,35 +1473,36 @@ "members":{ "resourcePolicy":{ "shape":"ResourcePolicy", - "documentation":"

    The name of the resource policy.

    " + "documentation":"

    The JSON that defines the policy.

    " } } }, "GetTableRequest":{ "type":"structure", - "required":[ - "tableBucketARN", - "namespace", - "name" - ], "members":{ "tableBucketARN":{ "shape":"TableBucketARN", "documentation":"

    The Amazon Resource Name (ARN) of the table bucket associated with the table.

    ", - "location":"uri", + "location":"querystring", "locationName":"tableBucketARN" }, "namespace":{ "shape":"NamespaceName", "documentation":"

    The name of the namespace the table is associated with.

    ", - "location":"uri", + "location":"querystring", "locationName":"namespace" }, "name":{ "shape":"TableName", "documentation":"

    The name of the table.

    ", - "location":"uri", + "location":"querystring", "locationName":"name" + }, + "tableArn":{ + "shape":"TableARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table.

    ", + "location":"querystring", + "locationName":"tableArn" } } }, @@ -1159,6 +1539,10 @@ "shape":"NamespaceList", "documentation":"

    The namespace associated with the table.

    " }, + "namespaceId":{ + "shape":"NamespaceId", + "documentation":"

    The unique identifier of the namespace containing this table.

    " + }, "versionToken":{ "shape":"VersionToken", "documentation":"

    The version token of the table.

    " @@ -1198,6 +1582,10 @@ "format":{ "shape":"OpenTableFormat", "documentation":"

    The format of the table.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The unique identifier of the table bucket containing this table.

    " } } }, @@ -1207,9 +1595,44 @@ "targetFileSizeMB":{ "shape":"PositiveInteger", "documentation":"

    The target file size for the table in MB.

    " + }, + "strategy":{ + "shape":"IcebergCompactionStrategy", + "documentation":"

    The compaction strategy to use for the table. This determines how files are selected and combined during compaction operations.

    " + } + }, + "documentation":"

    Contains details about the compaction settings for an Iceberg table.

    " + }, + "IcebergCompactionStrategy":{ + "type":"string", + "enum":[ + "auto", + "binpack", + "sort", + "z-order" + ] + }, + "IcebergMetadata":{ + "type":"structure", + "required":["schema"], + "members":{ + "schema":{ + "shape":"IcebergSchema", + "documentation":"

    The schema for an Iceberg table.

    " } }, - "documentation":"

    Contains details about the compaction settings for an Iceberg table.

    " + "documentation":"

    Contains details about the metadata for an Iceberg table.

    " + }, + "IcebergSchema":{ + "type":"structure", + "required":["fields"], + "members":{ + "fields":{ + "shape":"SchemaFieldList", + "documentation":"

    The schema fields for the table

    " + } + }, + "documentation":"

    Contains details about the schema for an Iceberg table.

    " }, "IcebergSnapshotManagementSettings":{ "type":"structure", @@ -1223,21 +1646,21 @@ "documentation":"

    The maximum age of a snapshot before it can be expired.

    " } }, - "documentation":"

    Contains details about the snapshot management settings for an Iceberg table. The oldest snapshot expires when its age exceeds the maxSnapshotAgeHours and the total number of snapshots exceeds the value for the minimum number of snapshots to keep minSnapshotsToKeep.

    " + "documentation":"

    Contains details about the snapshot management settings for an Iceberg table. The oldest snapshot expires when its age exceeds the maxSnapshotAgeHours and the total number of snapshots exceeds the value for the minimum number of snapshots to keep minSnapshotsToKeep.

    " }, "IcebergUnreferencedFileRemovalSettings":{ "type":"structure", "members":{ "unreferencedDays":{ "shape":"PositiveInteger", - "documentation":"

    The number of days an object has to be unreferenced before it is marked as non-current. 

     </p>
    " + "documentation":"

    The number of days an object has to be unreferenced before it is marked as non-current.

    " }, "nonCurrentDays":{ "shape":"PositiveInteger", - "documentation":"

    The number of days an object has to be non-current before it is deleted. 

    </p>
    " + "documentation":"

    The number of days an object has to be non-current before it is deleted.

    " } }, - "documentation":"

    Contains details about the unreferenced file removal settings for an Iceberg table bucket.

    " + "documentation":"

    Contains details about the unreferenced file removal settings for an Iceberg table bucket.

    " }, "InternalServerErrorException":{ "type":"structure", @@ -1339,6 +1762,12 @@ "documentation":"

    The maximum number of table buckets to return in the list.

    ", "location":"querystring", "locationName":"maxBuckets" + }, + "type":{ + "shape":"TableBucketType", + "documentation":"

    The type of table buckets to filter by in the list.

    ", + "location":"querystring", + "locationName":"type" } } }, @@ -1373,7 +1802,7 @@ "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon resource Number (ARN) of the table bucket.

    ", + "documentation":"

    The Amazon resource Name (ARN) of the table bucket.

    ", "location":"uri", "locationName":"tableBucketARN" }, @@ -1422,6 +1851,27 @@ } } }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon S3 Tables resource that you want to list tags for. The tagged resource can be a table bucket or a table. For a list of all S3 resources that support tagging, see Managing tags for Amazon S3 resources.

    ", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"Tags", + "documentation":"

    The user-defined tags that are applied to the resource. For more information, see Tagging for cost allocation or attribute-based access control (ABAC).

    " + } + } + }, "MaintenanceStatus":{ "type":"string", "enum":[ @@ -1434,6 +1884,7 @@ "max":2048, "min":1 }, + "NamespaceId":{"type":"string"}, "NamespaceList":{ "type":"list", "member":{"shape":"NamespaceName"} @@ -1468,6 +1919,14 @@ "ownerAccountId":{ "shape":"AccountId", "documentation":"

    The ID of the account that owns the namespace.

    " + }, + "namespaceId":{ + "shape":"NamespaceId", + "documentation":"

    The system-assigned unique identifier for the namespace.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The system-assigned unique identifier for the table bucket that contains this namespace.

    " } }, "documentation":"

    Contains details about a namespace.

    " @@ -1503,6 +1962,25 @@ "max":2147483647, "min":1 }, + "PutTableBucketEncryptionRequest":{ + "type":"structure", + "required":[ + "tableBucketARN", + "encryptionConfiguration" + ], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration to apply to the table bucket.

    " + } + } + }, "PutTableBucketMaintenanceConfigurationRequest":{ "type":"structure", "required":[ @@ -1529,6 +2007,18 @@ } } }, + "PutTableBucketMetricsConfigurationRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, "PutTableBucketPolicyRequest":{ "type":"structure", "required":[ @@ -1538,13 +2028,13 @@ "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    ", "location":"uri", "locationName":"tableBucketARN" }, "resourcePolicy":{ "shape":"ResourcePolicy", - "documentation":"

    The name of the resource policy.

    " + "documentation":"

    The JSON that defines the policy.

    " } } }, @@ -1572,7 +2062,7 @@ }, "name":{ "shape":"TableName", - "documentation":"

    The name of the maintenance configuration.

    ", + "documentation":"

    The name of the table.

    ", "location":"uri", "locationName":"name" }, @@ -1599,7 +2089,7 @@ "members":{ "tableBucketARN":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket that contains the table.

    ", + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket that contains the table.

    ", "location":"uri", "locationName":"tableBucketARN" }, @@ -1617,7 +2107,7 @@ }, "resourcePolicy":{ "shape":"ResourcePolicy", - "documentation":"

    The name of the resource policy.

    " + "documentation":"

    The JSON that defines the policy.

    " } } }, @@ -1661,11 +2151,50 @@ } } }, + "ResourceArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/.+" + }, "ResourcePolicy":{ "type":"string", "max":20480, "min":1 }, + "SSEAlgorithm":{ + "type":"string", + "enum":[ + "AES256", + "aws:kms" + ] + }, + "SchemaField":{ + "type":"structure", + "required":[ + "name", + "type" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"

    The name of the field.

    " + }, + "type":{ + "shape":"String", + "documentation":"

    The field type. S3 Tables supports all Apache Iceberg primitive types. For more information, see the Apache Iceberg documentation.

    " + }, + "required":{ + "shape":"Boolean", + "documentation":"

    A Boolean value that specifies whether values are required for each row in this field. By default, this is false and null values are allowed in the field. If this is true the field does not allow null values.

    " + } + }, + "documentation":"

    Contains details about a schema field.

    " + }, + "SchemaFieldList":{ + "type":"list", + "member":{"shape":"SchemaField"} + }, "String":{"type":"string"}, "SyntheticTimestamp_date_time":{ "type":"timestamp", @@ -1681,6 +2210,7 @@ "type":"string", "pattern":"(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-z0-9_-]{3,63})" }, + "TableBucketId":{"type":"string"}, "TableBucketMaintenanceConfiguration":{ "type":"map", "key":{"shape":"TableBucketMaintenanceType"}, @@ -1732,7 +2262,7 @@ "members":{ "arn":{ "shape":"TableBucketARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table bucket.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the table bucket.

    " }, "name":{ "shape":"TableBucketName", @@ -1745,6 +2275,14 @@ "createdAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time the table bucket was created at.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The system-assigned unique identifier for the table bucket.

    " + }, + "type":{ + "shape":"TableBucketType", + "documentation":"

    The type of the table bucket.

    " } }, "documentation":"

    Contains details about a table bucket.

    " @@ -1753,6 +2291,13 @@ "type":"list", "member":{"shape":"TableBucketSummary"} }, + "TableBucketType":{ + "type":"string", + "enum":[ + "customer", + "aws" + ] + }, "TableMaintenanceConfiguration":{ "type":"map", "key":{"shape":"TableMaintenanceType"}, @@ -1826,6 +2371,17 @@ "icebergSnapshotManagement" ] }, + "TableMetadata":{ + "type":"structure", + "members":{ + "iceberg":{ + "shape":"IcebergMetadata", + "documentation":"

    Contains details about the metadata of an Iceberg table.

    " + } + }, + "documentation":"

    Contains details about the table metadata.

    ", + "union":true + }, "TableName":{ "type":"string", "max":255, @@ -1857,7 +2413,7 @@ }, "tableARN":{ "shape":"TableARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the table.

    " }, "createdAt":{ "shape":"SyntheticTimestamp_date_time", @@ -1866,6 +2422,14 @@ "modifiedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"

    The date and time the table was last modified at.

    " + }, + "namespaceId":{ + "shape":"NamespaceId", + "documentation":"

    The unique identifier for the namespace that contains this table.

    " + }, + "tableBucketId":{ + "shape":"TableBucketId", + "documentation":"

    The unique identifier for the table bucket that contains this table.

    " } }, "documentation":"

    Contains details about a table.

    " @@ -1881,6 +2445,48 @@ "aws" ] }, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"} + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon S3 Tables resource that you're applying tags to. The tagged resource can be a table bucket or a table. For a list of all S3 resources that support tagging, see Managing tags for Amazon S3 resources.

    ", + "location":"uri", + "locationName":"resourceArn" + }, + "tags":{ + "shape":"Tags", + "documentation":"

    The user-defined tag that you want to add to the specified S3 Tables resource. For more information, see Tagging for cost allocation or attribute-based access control (ABAC).

    " + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + }, "TooManyRequestsException":{ "type":"structure", "members":{ @@ -1893,6 +2499,31 @@ }, "exception":true }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the Amazon S3 Tables resource that you're removing tags from. The tagged resource can be a table bucket or a table. For a list of all S3 resources that support tagging, see Managing tags for Amazon S3 resources.

    ", + "location":"uri", + "locationName":"resourceArn" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"

    The array of tag keys that you're removing from the S3 Tables resource. For more information, see Tagging for cost allocation or attribute-based access control (ABAC).

    ", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, "UpdateTableMetadataLocationRequest":{ "type":"structure", "required":[ @@ -1947,7 +2578,7 @@ }, "tableARN":{ "shape":"TableARN", - "documentation":"

    The Amazon Resource Number (ARN) of the table.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the table.

    " }, "namespace":{ "shape":"NamespaceList", @@ -1974,5 +2605,5 @@ "min":1 } }, - "documentation":"

    An Amazon S3 table represents a structured dataset consisting of tabular data in Apache Parquet format and related metadata. This data is stored inside an S3 table as a subresource. All tables in a table bucket are stored in the Apache Iceberg table format. Through integration with the AWS Glue Data Catalog you can interact with your tables using AWS analytics services, such as Amazon Athena and Amazon Redshift. Amazon S3 manages maintenance of your tables through automatic file compaction and snapshot management. For more information, see Amazon S3 table buckets.

    " + "documentation":"

    An Amazon S3 table represents a structured dataset consisting of tabular data in Apache Parquet format and related metadata. This data is stored inside an S3 table as a subresource. All tables in a table bucket are stored in the Apache Iceberg table format. Through integration with the Amazon Web Services Glue Data Catalog you can interact with your tables using Amazon Web Services analytics services, such as Amazon Athena and Amazon Redshift. Amazon S3 manages maintenance of your tables through automatic file compaction and snapshot management. For more information, see Amazon S3 table buckets.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://s3vectors-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://s3vectors.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/paginators-1.json 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/paginators-1.json --- 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListIndexes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "indexes" + }, + "ListVectorBuckets": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "vectorBuckets" + }, + "ListVectors": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "vectors" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/service-2.json 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/service-2.json --- 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,1488 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2025-07-15", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"s3vectors", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"Amazon S3 Vectors", + "serviceId":"S3Vectors", + "signatureVersion":"v4", + "signingName":"s3vectors", + "uid":"s3vectors-2025-07-15" + }, + "operations":{ + "CreateIndex":{ + "name":"CreateIndex", + "http":{ + "method":"POST", + "requestUri":"/CreateIndex", + "responseCode":200 + }, + "input":{"shape":"CreateIndexInput"}, + "output":{"shape":"CreateIndexOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Creates a vector index within a vector bucket. To specify the vector bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:CreateIndex permission to use this operation.

    ", + "idempotent":true + }, + "CreateVectorBucket":{ + "name":"CreateVectorBucket", + "http":{ + "method":"POST", + "requestUri":"/CreateVectorBucket", + "responseCode":200 + }, + "input":{"shape":"CreateVectorBucketInput"}, + "output":{"shape":"CreateVectorBucketOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Creates a vector bucket in the Amazon Web Services Region that you want your bucket to be in.

    Permissions

    You must have the s3vectors:CreateVectorBucket permission to use this operation.

    ", + "idempotent":true + }, + "DeleteIndex":{ + "name":"DeleteIndex", + "http":{ + "method":"POST", + "requestUri":"/DeleteIndex", + "responseCode":200 + }, + "input":{"shape":"DeleteIndexInput"}, + "output":{"shape":"DeleteIndexOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Deletes a vector index. To specify the vector index, you can either use both the vector bucket name and vector index name, or use the vector index Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:DeleteIndex permission to use this operation.

    ", + "idempotent":true + }, + "DeleteVectorBucket":{ + "name":"DeleteVectorBucket", + "http":{ + "method":"POST", + "requestUri":"/DeleteVectorBucket", + "responseCode":200 + }, + "input":{"shape":"DeleteVectorBucketInput"}, + "output":{"shape":"DeleteVectorBucketOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Deletes a vector bucket. All vector indexes in the vector bucket must be deleted before the vector bucket can be deleted. To perform this operation, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:DeleteVectorBucket permission to use this operation.

    ", + "idempotent":true + }, + "DeleteVectorBucketPolicy":{ + "name":"DeleteVectorBucketPolicy", + "http":{ + "method":"POST", + "requestUri":"/DeleteVectorBucketPolicy", + "responseCode":200 + }, + "input":{"shape":"DeleteVectorBucketPolicyInput"}, + "output":{"shape":"DeleteVectorBucketPolicyOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Deletes a vector bucket policy. To specify the bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:DeleteVectorBucketPolicy permission to use this operation.

    ", + "idempotent":true + }, + "DeleteVectors":{ + "name":"DeleteVectors", + "http":{ + "method":"POST", + "requestUri":"/DeleteVectors", + "responseCode":200 + }, + "input":{"shape":"DeleteVectorsInput"}, + "output":{"shape":"DeleteVectorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"KmsInvalidKeyUsageException"}, + {"shape":"InternalServerException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"KmsNotFoundException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"}, + {"shape":"KmsDisabledException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Deletes one or more vectors in a vector index. To specify the vector index, you can either use both the vector bucket name and vector index name, or use the vector index Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:DeleteVectors permission to use this operation.

    ", + "idempotent":true + }, + "GetIndex":{ + "name":"GetIndex", + "http":{ + "method":"POST", + "requestUri":"/GetIndex", + "responseCode":200 + }, + "input":{"shape":"GetIndexInput"}, + "output":{"shape":"GetIndexOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Returns vector index attributes. To specify the vector index, you can either use both the vector bucket name and the vector index name, or use the vector index Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:GetIndex permission to use this operation.

    ", + "readonly":true + }, + "GetVectorBucket":{ + "name":"GetVectorBucket", + "http":{ + "method":"POST", + "requestUri":"/GetVectorBucket", + "responseCode":200 + }, + "input":{"shape":"GetVectorBucketInput"}, + "output":{"shape":"GetVectorBucketOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Returns vector bucket attributes. To specify the bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:GetVectorBucket permission to use this operation.

    ", + "readonly":true + }, + "GetVectorBucketPolicy":{ + "name":"GetVectorBucketPolicy", + "http":{ + "method":"POST", + "requestUri":"/GetVectorBucketPolicy", + "responseCode":200 + }, + "input":{"shape":"GetVectorBucketPolicyInput"}, + "output":{"shape":"GetVectorBucketPolicyOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Gets details about a vector bucket policy. To specify the bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:GetVectorBucketPolicy permission to use this operation.

    ", + "readonly":true + }, + "GetVectors":{ + "name":"GetVectors", + "http":{ + "method":"POST", + "requestUri":"/GetVectors", + "responseCode":200 + }, + "input":{"shape":"GetVectorsInput"}, + "output":{"shape":"GetVectorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"KmsInvalidKeyUsageException"}, + {"shape":"InternalServerException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"KmsNotFoundException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"}, + {"shape":"KmsDisabledException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Returns vector attributes. To specify the vector index, you can either use both the vector bucket name and the vector index name, or use the vector index Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:GetVectors permission to use this operation.

    ", + "readonly":true + }, + "ListIndexes":{ + "name":"ListIndexes", + "http":{ + "method":"POST", + "requestUri":"/ListIndexes", + "responseCode":200 + }, + "input":{"shape":"ListIndexesInput"}, + "output":{"shape":"ListIndexesOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Returns a list of all the vector indexes within the specified vector bucket. To specify the bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:ListIndexes permission to use this operation.

    ", + "readonly":true + }, + "ListVectorBuckets":{ + "name":"ListVectorBuckets", + "http":{ + "method":"POST", + "requestUri":"/ListVectorBuckets", + "responseCode":200 + }, + "input":{"shape":"ListVectorBucketsInput"}, + "output":{"shape":"ListVectorBucketsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Returns a list of all the vector buckets that are owned by the authenticated sender of the request.

    Permissions

    You must have the s3vectors:ListVectorBuckets permission to use this operation.

    ", + "readonly":true + }, + "ListVectors":{ + "name":"ListVectors", + "http":{ + "method":"POST", + "requestUri":"/ListVectors", + "responseCode":200 + }, + "input":{"shape":"ListVectorsInput"}, + "output":{"shape":"ListVectorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    List vectors in the specified vector index. To specify the vector index, you can either use both the vector bucket name and the vector index name, or use the vector index Amazon Resource Name (ARN).

    ListVectors operations proceed sequentially; however, for faster performance on a large number of vectors in a vector index, applications can request a parallel ListVectors operation by providing the segmentCount and segmentIndex parameters.

    Permissions

    You must have the s3vectors:ListVectors permission to use this operation. Additional permissions are required based on the request parameters you specify:

    • With only s3vectors:ListVectors permission, you can list vector keys when returnData and returnMetadata are both set to false or not specified..

    • If you set returnData or returnMetadata to true, you must have both s3vectors:ListVectors and s3vectors:GetVectors permissions. The request fails with a 403 Forbidden error if you request vector data or metadata without the s3vectors:GetVectors permission.

    ", + "readonly":true + }, + "PutVectorBucketPolicy":{ + "name":"PutVectorBucketPolicy", + "http":{ + "method":"POST", + "requestUri":"/PutVectorBucketPolicy", + "responseCode":200 + }, + "input":{"shape":"PutVectorBucketPolicyInput"}, + "output":{"shape":"PutVectorBucketPolicyOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Creates a bucket policy for a vector bucket. To specify the bucket, you must use either the vector bucket name or the vector bucket Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:PutVectorBucketPolicy permission to use this operation.

    ", + "idempotent":true + }, + "PutVectors":{ + "name":"PutVectors", + "http":{ + "method":"POST", + "requestUri":"/PutVectors", + "responseCode":200 + }, + "input":{"shape":"PutVectorsInput"}, + "output":{"shape":"PutVectorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"KmsInvalidKeyUsageException"}, + {"shape":"InternalServerException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"KmsNotFoundException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"KmsDisabledException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Adds one or more vectors to a vector index. To specify the vector index, you can either use both the vector bucket name and the vector index name, or use the vector index Amazon Resource Name (ARN).

    For more information about limits, see Limitations and restrictions in the Amazon S3 User Guide.

    When inserting vector data into your vector index, you must provide the vector data as float32 (32-bit floating point) values. If you pass higher-precision values to an Amazon Web Services SDK, S3 Vectors converts the values to 32-bit floating point before storing them, and GetVectors, ListVectors, and QueryVectors operations return the float32 values. Different Amazon Web Services SDKs may have different default numeric types, so ensure your vectors are properly formatted as float32 values regardless of which SDK you're using. For example, in Python, use numpy.float32 or explicitly cast your values.
    Permissions

    You must have the s3vectors:PutVectors permission to use this operation.

    ", + "idempotent":true + }, + "QueryVectors":{ + "name":"QueryVectors", + "http":{ + "method":"POST", + "requestUri":"/QueryVectors", + "responseCode":200 + }, + "input":{"shape":"QueryVectorsInput"}, + "output":{"shape":"QueryVectorsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"KmsInvalidKeyUsageException"}, + {"shape":"InternalServerException"}, + {"shape":"KmsInvalidStateException"}, + {"shape":"AccessDeniedException"}, + {"shape":"KmsNotFoundException"}, + {"shape":"RequestTimeoutException"}, + {"shape":"NotFoundException"}, + {"shape":"KmsDisabledException"} + ], + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Performs an approximate nearest neighbor search query in a vector index using a query vector. By default, it returns the keys of approximate nearest neighbors. You can optionally include the computed distance (between the query vector and each vector in the response), the vector data, and metadata of each vector in the response.

    To specify the vector index, you can either use both the vector bucket name and the vector index name, or use the vector index Amazon Resource Name (ARN).

    Permissions

    You must have the s3vectors:QueryVectors permission to use this operation. Additional permissions are required based on the request parameters you specify:

    • With only s3vectors:QueryVectors permission, you can retrieve vector keys of approximate nearest neighbors and computed distances between these vectors. This permission is sufficient only when you don't set any metadata filters and don't request vector data or metadata (by keeping the returnMetadata parameter set to false or not specified).

    • If you specify a metadata filter or set returnMetadata to true, you must have both s3vectors:QueryVectors and s3vectors:GetVectors permissions. The request fails with a 403 Forbidden error if you request metadata filtering, vector data, or metadata without the s3vectors:GetVectors permission.

    ", + "readonly":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    Access denied.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "ConflictException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request failed because a vector bucket name or a vector index name already exists. Vector bucket names must be unique within your Amazon Web Services account for each Amazon Web Services Region. Vector index names must be unique within your vector bucket. Choose a different vector bucket name or vector index name, and try again.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateIndexInput":{ + "type":"structure", + "required":[ + "indexName", + "dataType", + "dimension", + "distanceMetric" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket to create the vector index in.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector bucket to create the vector index in.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index to create.

    " + }, + "dataType":{ + "shape":"DataType", + "documentation":"

    The data type of the vectors to be inserted into the vector index.

    " + }, + "dimension":{ + "shape":"Dimension", + "documentation":"

    The dimensions of the vectors to be inserted into the vector index.

    " + }, + "distanceMetric":{ + "shape":"DistanceMetric", + "documentation":"

    The distance metric to be used for similarity search.

    " + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

    The metadata configuration for the vector index.

    " + } + } + }, + "CreateIndexOutput":{ + "type":"structure", + "required":["indexArn"], + "members":{ + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The Amazon Resource Name (ARN) of the newly created vector index.

    " + } + } + }, + "CreateVectorBucketInput":{ + "type":"structure", + "required":["vectorBucketName"], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket to create.

    " + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration for the vector bucket. By default, if you don't specify, all new vectors in Amazon S3 vector buckets use server-side encryption with Amazon S3 managed keys (SSE-S3), specifically AES256.

    " + } + } + }, + "CreateVectorBucketOutput":{ + "type":"structure", + "required":["vectorBucketArn"], + "members":{ + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the newly created vector bucket.

    " + } + } + }, + "DataType":{ + "type":"string", + "enum":["float32"] + }, + "DeleteIndexInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index to delete.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index to delete.

    " + } + } + }, + "DeleteIndexOutput":{ + "type":"structure", + "members":{} + }, + "DeleteVectorBucketInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket to delete.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The ARN of the vector bucket to delete.

    " + } + } + }, + "DeleteVectorBucketOutput":{ + "type":"structure", + "members":{} + }, + "DeleteVectorBucketPolicyInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket to delete the policy from.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The ARN of the vector bucket to delete the policy from.

    " + } + } + }, + "DeleteVectorBucketPolicyOutput":{ + "type":"structure", + "members":{} + }, + "DeleteVectorsInput":{ + "type":"structure", + "required":["keys"], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index that contains a vector you want to delete.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index that contains a vector you want to delete.

    " + }, + "keys":{ + "shape":"DeleteVectorsInputList", + "documentation":"

    The keys of the vectors to delete.

    " + } + } + }, + "DeleteVectorsInputList":{ + "type":"list", + "member":{"shape":"VectorKey"}, + "max":500, + "min":1 + }, + "DeleteVectorsOutput":{ + "type":"structure", + "members":{} + }, + "Dimension":{ + "type":"integer", + "box":true, + "max":4096, + "min":1 + }, + "DistanceMetric":{ + "type":"string", + "enum":[ + "euclidean", + "cosine" + ] + }, + "Document":{ + "type":"structure", + "members":{}, + "document":true + }, + "EncryptionConfiguration":{ + "type":"structure", + "members":{ + "sseType":{ + "shape":"SseType", + "documentation":"

    The server-side encryption type to use for the encryption configuration of the vector bucket. By default, if you don't specify, all new vectors in Amazon S3 vector buckets use server-side encryption with Amazon S3 managed keys (SSE-S3), specifically AES256.

    " + }, + "kmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the encryption configuration. This parameter is allowed if and only if sseType is set to aws:kms.

    To specify the KMS key, you must use the format of the KMS key Amazon Resource Name (ARN).

    For example, specify Key ARN in the following format: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The encryption configuration for a vector bucket. By default, if you don't specify, all new vectors in Amazon S3 vector buckets use server-side encryption with Amazon S3 managed keys (SSE-S3), specifically AES256.

    " + }, + "ExceptionMessage":{"type":"string"}, + "Float":{ + "type":"float", + "box":true + }, + "Float32VectorData":{ + "type":"list", + "member":{"shape":"Float"} + }, + "GetIndexInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index.

    " + } + } + }, + "GetIndexOutput":{ + "type":"structure", + "required":["index"], + "members":{ + "index":{ + "shape":"Index", + "documentation":"

    The attributes of the vector index.

    " + } + } + }, + "GetOutputVector":{ + "type":"structure", + "required":["key"], + "members":{ + "key":{ + "shape":"VectorKey", + "documentation":"

    The name of the vector.

    " + }, + "data":{ + "shape":"VectorData", + "documentation":"

    The vector data of the vector.

    " + }, + "metadata":{ + "shape":"VectorMetadata", + "documentation":"

    Metadata about the vector.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector returned by the GetVectors operation.

    " + }, + "GetVectorBucketInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket to retrieve information about.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The ARN of the vector bucket to retrieve information about.

    " + } + } + }, + "GetVectorBucketOutput":{ + "type":"structure", + "required":["vectorBucket"], + "members":{ + "vectorBucket":{ + "shape":"VectorBucket", + "documentation":"

    The attributes of the vector bucket.

    " + } + } + }, + "GetVectorBucketPolicyInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The ARN of the vector bucket.

    " + } + } + }, + "GetVectorBucketPolicyOutput":{ + "type":"structure", + "members":{ + "policy":{ + "shape":"VectorBucketPolicy", + "documentation":"

    The JSON that defines the policy.

    " + } + } + }, + "GetVectorsInput":{ + "type":"structure", + "required":["keys"], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index.

    " + }, + "keys":{ + "shape":"GetVectorsInputList", + "documentation":"

    The names of the vectors you want to return attributes for.

    " + }, + "returnData":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to include the vector data in the response. The default value is false.

    " + }, + "returnMetadata":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to include metadata in the response. The default value is false.

    " + } + } + }, + "GetVectorsInputList":{ + "type":"list", + "member":{"shape":"VectorKey"}, + "max":100, + "min":1 + }, + "GetVectorsOutput":{ + "type":"structure", + "required":["vectors"], + "members":{ + "vectors":{ + "shape":"GetVectorsOutputList", + "documentation":"

    The attributes of the vectors.

    " + } + } + }, + "GetVectorsOutputList":{ + "type":"list", + "member":{"shape":"GetOutputVector"} + }, + "Index":{ + "type":"structure", + "required":[ + "vectorBucketName", + "indexName", + "indexArn", + "creationTime", + "dataType", + "dimension", + "distanceMetric" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector index.

    " + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    Date and time when the vector index was created.

    " + }, + "dataType":{ + "shape":"DataType", + "documentation":"

    The data type of the vectors inserted into the vector index.

    " + }, + "dimension":{ + "shape":"Dimension", + "documentation":"

    The number of values in the vectors that are inserted into the vector index.

    " + }, + "distanceMetric":{ + "shape":"DistanceMetric", + "documentation":"

    The distance metric to be used for similarity search.

    " + }, + "metadataConfiguration":{ + "shape":"MetadataConfiguration", + "documentation":"

    The metadata configuration for the vector index.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector index.

    " + }, + "IndexArn":{"type":"string"}, + "IndexName":{ + "type":"string", + "max":63, + "min":3 + }, + "IndexSummary":{ + "type":"structure", + "required":[ + "vectorBucketName", + "indexName", + "indexArn", + "creationTime" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector index.

    " + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    Date and time when the vector index was created.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Summary information about a vector index.

    " + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request failed due to an internal server error.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "KmsDisabledException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The specified Amazon Web Services KMS key isn't enabled.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "KmsInvalidKeyUsageException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request was rejected for one of the following reasons:

    • The KeyUsage value of the KMS key is incompatible with the API operation.

    • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

    For more information, see InvalidKeyUsageException in the Amazon Web Services Key Management Service API Reference.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "KmsInvalidStateException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The key state of the KMS key isn't compatible with the operation.

    For more information, see KMSInvalidStateException in the Amazon Web Services Key Management Service API Reference.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "KmsKeyArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"(arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+)" + }, + "KmsNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The KMS key can't be found.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ListIndexesInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector indexes.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The ARN of the vector bucket that contains the vector indexes.

    " + }, + "maxResults":{ + "shape":"ListIndexesMaxResults", + "documentation":"

    The maximum number of items to be returned in the response.

    " + }, + "nextToken":{ + "shape":"ListIndexesNextToken", + "documentation":"

    The previous pagination token.

    " + }, + "prefix":{ + "shape":"ListIndexesPrefix", + "documentation":"

    Limits the response to vector indexes that begin with the specified prefix.

    " + } + } + }, + "ListIndexesMaxResults":{ + "type":"integer", + "box":true, + "max":500, + "min":1 + }, + "ListIndexesNextToken":{ + "type":"string", + "max":512, + "min":1 + }, + "ListIndexesOutput":{ + "type":"structure", + "required":["indexes"], + "members":{ + "nextToken":{ + "shape":"ListIndexesNextToken", + "documentation":"

    The next pagination token.

    " + }, + "indexes":{ + "shape":"ListIndexesOutputList", + "documentation":"

    The attributes of the vector indexes

    " + } + } + }, + "ListIndexesOutputList":{ + "type":"list", + "member":{"shape":"IndexSummary"} + }, + "ListIndexesPrefix":{ + "type":"string", + "max":63, + "min":1 + }, + "ListOutputVector":{ + "type":"structure", + "required":["key"], + "members":{ + "key":{ + "shape":"VectorKey", + "documentation":"

    The name of the vector.

    " + }, + "data":{ + "shape":"VectorData", + "documentation":"

    The vector data of the vector.

    " + }, + "metadata":{ + "shape":"VectorMetadata", + "documentation":"

    Metadata about the vector.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector returned by the ListVectors operation.

    " + }, + "ListVectorBucketsInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListVectorBucketsMaxResults", + "documentation":"

    The maximum number of vector buckets to be returned in the response.

    " + }, + "nextToken":{ + "shape":"ListVectorBucketsNextToken", + "documentation":"

    The previous pagination token.

    " + }, + "prefix":{ + "shape":"ListVectorBucketsPrefix", + "documentation":"

    Limits the response to vector buckets that begin with the specified prefix.

    " + } + } + }, + "ListVectorBucketsMaxResults":{ + "type":"integer", + "box":true, + "max":500, + "min":1 + }, + "ListVectorBucketsNextToken":{ + "type":"string", + "max":512, + "min":1 + }, + "ListVectorBucketsOutput":{ + "type":"structure", + "required":["vectorBuckets"], + "members":{ + "nextToken":{ + "shape":"ListVectorBucketsNextToken", + "documentation":"

    The element is included in the response when there are more buckets to be listed with pagination.

    " + }, + "vectorBuckets":{ + "shape":"ListVectorBucketsOutputList", + "documentation":"

    The list of vector buckets owned by the requester.

    " + } + } + }, + "ListVectorBucketsOutputList":{ + "type":"list", + "member":{"shape":"VectorBucketSummary"} + }, + "ListVectorBucketsPrefix":{ + "type":"string", + "max":63, + "min":1 + }, + "ListVectorsInput":{ + "type":"structure", + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The Amazon resource Name (ARN) of the vector index.

    " + }, + "maxResults":{ + "shape":"ListVectorsMaxResults", + "documentation":"

    The maximum number of vectors to return on a page.

    If you don't specify maxResults, the ListVectors operation uses a default value of 500.

    If the processed dataset size exceeds 1 MB before reaching the maxResults value, the operation stops and returns the vectors that are retrieved up to that point, along with a nextToken that you can use in a subsequent request to retrieve the next set of results.

    " + }, + "nextToken":{ + "shape":"ListVectorsNextToken", + "documentation":"

    Pagination token from a previous request. The value of this field is empty for an initial request.

    " + }, + "segmentCount":{ + "shape":"ListVectorsSegmentCount", + "documentation":"

    For a parallel ListVectors request, segmentCount represents the total number of vector segments into which the ListVectors operation will be divided. The value of segmentCount corresponds to the number of application workers that will perform the parallel ListVectors operation. For example, if you want to use four application threads to list vectors in a vector index, specify a segmentCount value of 4.

    If you specify a segmentCount value of 1, the ListVectors operation will be sequential rather than parallel.

    If you specify segmentCount, you must also specify segmentIndex.

    " + }, + "segmentIndex":{ + "shape":"ListVectorsSegmentIndex", + "documentation":"

    For a parallel ListVectors request, segmentIndex is the index of the segment from which to list vectors in the current request. It identifies an individual segment to be listed by an application worker.

    Segment IDs are zero-based, so the first segment is always 0. For example, if you want to use four application threads to list vectors in a vector index, then the first thread specifies a segmentIndex value of 0, the second thread specifies 1, and so on.

    The value of segmentIndex must be less than the value provided for segmentCount.

    If you provide segmentIndex, you must also provide segmentCount.

    " + }, + "returnData":{ + "shape":"Boolean", + "documentation":"

    If true, the vector data of each vector will be included in the response. The default value is false.

    " + }, + "returnMetadata":{ + "shape":"Boolean", + "documentation":"

    If true, the metadata associated with each vector will be included in the response. The default value is false.

    " + } + } + }, + "ListVectorsMaxResults":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListVectorsNextToken":{ + "type":"string", + "max":2048, + "min":1 + }, + "ListVectorsOutput":{ + "type":"structure", + "required":["vectors"], + "members":{ + "nextToken":{ + "shape":"ListVectorsNextToken", + "documentation":"

    Pagination token to be used in the subsequent request. The field is empty if no further pagination is required.

    " + }, + "vectors":{ + "shape":"ListVectorsOutputList", + "documentation":"

    Vectors in the current segment.

    " + } + } + }, + "ListVectorsOutputList":{ + "type":"list", + "member":{"shape":"ListOutputVector"} + }, + "ListVectorsSegmentCount":{ + "type":"integer", + "box":true, + "max":16, + "min":1 + }, + "ListVectorsSegmentIndex":{ + "type":"integer", + "box":true, + "max":15, + "min":0 + }, + "MetadataConfiguration":{ + "type":"structure", + "required":["nonFilterableMetadataKeys"], + "members":{ + "nonFilterableMetadataKeys":{ + "shape":"NonFilterableMetadataKeys", + "documentation":"

    Non-filterable metadata keys allow you to enrich vectors with additional context during storage and retrieval. Unlike default metadata keys, these keys can’t be used as query filters. Non-filterable metadata keys can be retrieved but can’t be searched, queried, or filtered. You can access non-filterable metadata keys of your vectors after finding the vectors. For more information about non-filterable metadata keys, see Vectors and Limitations and restrictions in the Amazon S3 User Guide.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The metadata configuration for a vector index.

    " + }, + "MetadataKey":{ + "type":"string", + "max":63, + "min":1 + }, + "NonFilterableMetadataKeys":{ + "type":"list", + "member":{"shape":"MetadataKey"}, + "max":10, + "min":1 + }, + "NotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request was rejected because the specified resource can't be found.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "PutInputVector":{ + "type":"structure", + "required":[ + "key", + "data" + ], + "members":{ + "key":{ + "shape":"VectorKey", + "documentation":"

    The name of the vector. The key uniquely identifies the vector in a vector index.

    " + }, + "data":{ + "shape":"VectorData", + "documentation":"

    The vector data of the vector.

    Vector dimensions must match the dimension count that's configured for the vector index.

    • For the cosine distance metric, zero vectors (vectors containing all zeros) aren't allowed.

    • For both cosine and euclidean distance metrics, vector data must contain only valid floating-point values. Invalid values such as NaN (Not a Number) or Infinity aren't allowed.

    " + }, + "metadata":{ + "shape":"VectorMetadata", + "documentation":"

    Metadata about the vector. All metadata entries undergo validation to ensure they meet the format requirements for size and data types.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector to add to a vector index.

    " + }, + "PutVectorBucketPolicyInput":{ + "type":"structure", + "required":["policy"], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector bucket.

    " + }, + "policy":{ + "shape":"VectorBucketPolicy", + "documentation":"

    The JSON that defines the policy. For more information about bucket policies for S3 Vectors, see Managing vector bucket policies in the Amazon S3 User Guide.

    " + } + } + }, + "PutVectorBucketPolicyOutput":{ + "type":"structure", + "members":{} + }, + "PutVectorsInput":{ + "type":"structure", + "required":["vectors"], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index where you want to write vectors.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index where you want to write vectors.

    " + }, + "vectors":{ + "shape":"PutVectorsInputList", + "documentation":"

    The vectors to add to a vector index. The number of vectors in a single request must not exceed the resource capacity, otherwise the request will be rejected with the error ServiceUnavailableException with the error message \"Currently unable to handle the request\".

    " + } + } + }, + "PutVectorsInputList":{ + "type":"list", + "member":{"shape":"PutInputVector"}, + "max":500, + "min":1 + }, + "PutVectorsOutput":{ + "type":"structure", + "members":{} + }, + "QueryOutputVector":{ + "type":"structure", + "required":["key"], + "members":{ + "key":{ + "shape":"VectorKey", + "documentation":"

    The key of the vector in the approximate nearest neighbor search.

    " + }, + "data":{ + "shape":"VectorData", + "documentation":"

    The vector data associated with the vector, if requested.

    " + }, + "metadata":{ + "shape":"VectorMetadata", + "documentation":"

    The metadata associated with the vector, if requested.

    " + }, + "distance":{ + "shape":"Float", + "documentation":"

    The measure of similarity between the vector in the response and the query vector.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector in the approximate nearest neighbor search.

    " + }, + "QueryVectorsInput":{ + "type":"structure", + "required":[ + "topK", + "queryVector" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket that contains the vector index.

    " + }, + "indexName":{ + "shape":"IndexName", + "documentation":"

    The name of the vector index that you want to query.

    " + }, + "indexArn":{ + "shape":"IndexArn", + "documentation":"

    The ARN of the vector index that you want to query.

    " + }, + "topK":{ + "shape":"TopK", + "documentation":"

    The number of results to return for each query.

    " + }, + "queryVector":{ + "shape":"VectorData", + "documentation":"

    The query vector. Ensure that the query vector has the same dimension as the dimension of the vector index that's being queried. For example, if your vector index contains vectors with 384 dimensions, your query vector must also have 384 dimensions.

    " + }, + "filter":{ + "shape":"Document", + "documentation":"

    Metadata filter to apply during the query. For more information about metadata keys, see Metadata filtering in the Amazon S3 User Guide.

    " + }, + "returnMetadata":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to include metadata in the response. The default value is false.

    " + }, + "returnDistance":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to include the computed distance in the response. The default value is false.

    " + } + } + }, + "QueryVectorsOutput":{ + "type":"structure", + "required":[ + "vectors", + "distanceMetric" + ], + "members":{ + "vectors":{ + "shape":"QueryVectorsOutputList", + "documentation":"

    The vectors in the approximate nearest neighbor search.

    " + }, + "distanceMetric":{ + "shape":"DistanceMetric", + "documentation":"

    The distance metric that was used for the similarity search calculation. This is the same distance metric that was configured for the vector index when it was created.

    " + } + } + }, + "QueryVectorsOutputList":{ + "type":"list", + "member":{"shape":"QueryOutputVector"} + }, + "RequestTimeoutException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request timed out. Retry your request.

    ", + "error":{ + "httpStatusCode":408, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":false} + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    Your request exceeds a service quota.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "ServiceUnavailableException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The service is unavailable. Wait briefly and retry your request. If it continues to fail, increase your waiting time between retries.

    ", + "error":{"httpStatusCode":503}, + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "SseType":{ + "type":"string", + "enum":[ + "AES256", + "aws:kms" + ] + }, + "String":{"type":"string"}, + "Timestamp":{"type":"timestamp"}, + "TooManyRequestsException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true, + "retryable":{"throttling":true} + }, + "TopK":{ + "type":"integer", + "box":true, + "min":1 + }, + "ValidationException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"}, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    A list of specific validation failures that are encountered during input processing. Each entry in the list contains a path to the field that failed validation and a detailed message that explains why the validation failed. To satisfy multiple constraints, a field can appear multiple times in this list if it failed. You can use the information to identify and fix the specific validation issues in your request.

    " + } + }, + "documentation":"

    The requested action isn't valid.

    ", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "path", + "message" + ], + "members":{ + "path":{ + "shape":"String", + "documentation":"

    A path about the validation exception.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    A message about the validation exception.

    " + } + }, + "documentation":"

    Contains information about a validation exception.

    " + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "VectorBucket":{ + "type":"structure", + "required":[ + "vectorBucketName", + "vectorBucketArn", + "creationTime" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector bucket.

    " + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    Date and time when the vector bucket was created.

    " + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    The encryption configuration for the vector bucket.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The attributes of a vector bucket.

    " + }, + "VectorBucketArn":{"type":"string"}, + "VectorBucketName":{ + "type":"string", + "max":63, + "min":3 + }, + "VectorBucketPolicy":{"type":"string"}, + "VectorBucketSummary":{ + "type":"structure", + "required":[ + "vectorBucketName", + "vectorBucketArn", + "creationTime" + ], + "members":{ + "vectorBucketName":{ + "shape":"VectorBucketName", + "documentation":"

    The name of the vector bucket.

    " + }, + "vectorBucketArn":{ + "shape":"VectorBucketArn", + "documentation":"

    The Amazon Resource Name (ARN) of the vector bucket.

    " + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"

    Date and time when the vector bucket was created.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    Summary information about a vector bucket.

    " + }, + "VectorData":{ + "type":"structure", + "members":{ + "float32":{ + "shape":"Float32VectorData", + "documentation":"

    The vector data as 32-bit floating point numbers. The number of elements in this array must exactly match the dimension of the vector index where the operation is being performed.

    " + } + }, + "documentation":"

    Amazon S3 Vectors is in preview release for Amazon S3 and is subject to change.

    The vector data in different formats.

    ", + "union":true + }, + "VectorKey":{ + "type":"string", + "max":1024, + "min":1 + }, + "VectorMetadata":{ + "type":"structure", + "members":{}, + "document":true + } + }, + "documentation":"

    Amazon S3 vector buckets are a bucket type to store and search vectors with sub-second search times. They are designed to provide dedicated API operations for you to interact with vectors to do similarity search. Within a vector bucket, you use a vector index to organize and logically group your vector data. When you make a write or read request, you direct it to a single vector index. You store your vector data as vectors. A vector contains a key (a name that you assign), a multi-dimensional vector, and, optionally, metadata that describes a vector. The key uniquely identifies the vector in a vector index.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/waiters-2.json 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/waiters-2.json --- 2.23.6-1/awscli/botocore/data/s3vectors/2025-07-15/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/s3vectors/2025-07-15/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -262,7 +262,7 @@ } ], "endpoint": { - "url": "https://api.sagemaker.{Region}.amazonaws.com", + "url": "https://api-fips.sagemaker.{Region}.amazonaws.com", "properties": {}, "headers": {} }, diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.json 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -467,6 +467,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "TrainingPlanSummaries" + }, + "CreateHubContentPresignedUrls": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AuthorizedUrlConfigs" + }, + "ListPipelineVersions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "PipelineVersionSummaries" + }, + "ListClusterEvents": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Events" + }, + "ListUltraServersByReservedCapacity": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "UltraServers" } } } diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "Search": { + "non_aggregate_keys": [ + "TotalHits" + ] + } + } + } +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/service-2.json 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/service-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2017-07-24", + "auth":["aws.auth#sigv4"], "endpointPrefix":"api.sagemaker", "jsonVersion":"1.1", "protocol":"json", @@ -12,8 +13,7 @@ "signatureVersion":"v4", "signingName":"sagemaker", "targetPrefix":"SageMaker", - "uid":"sagemaker-2017-07-24", - "auth":["aws.auth#sigv4"] + "uid":"sagemaker-2017-07-24" }, "operations":{ "AddAssociation":{ @@ -54,6 +54,33 @@ ], "documentation":"

    Associates a trial component with a trial. A trial component can be associated with multiple trials. To disassociate a trial component from a trial, call the DisassociateTrialComponent API.

    " }, + "AttachClusterNodeVolume":{ + "name":"AttachClusterNodeVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AttachClusterNodeVolumeRequest"}, + "output":{"shape":"AttachClusterNodeVolumeResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Attaches your Amazon Elastic Block Store (Amazon EBS) volume to a node in your EKS orchestrated HyperPod cluster.

    This API works with the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver to manage the lifecycle of persistent storage in your HyperPod EKS clusters.

    " + }, + "BatchAddClusterNodes":{ + "name":"BatchAddClusterNodes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"BatchAddClusterNodesRequest"}, + "output":{"shape":"BatchAddClusterNodesResponse"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceLimitExceeded"} + ], + "documentation":"

    Adds nodes to a HyperPod cluster by incrementing the target count for one or more instance groups. This operation returns a unique NodeLogicalId for each node being added, which can be used to track the provisioning status of the node. This API provides a safer alternative to UpdateCluster for scaling operations by avoiding unintended configuration changes.

    This API is only supported for clusters using Continuous as the NodeProvisioningMode.

    " + }, "BatchDeleteClusterNodes":{ "name":"BatchDeleteClusterNodes", "http":{ @@ -109,8 +136,8 @@ "input":{"shape":"CreateAppRequest"}, "output":{"shape":"CreateAppResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a running app for the specified UserProfile. This operation is automatically invoked by Amazon SageMaker AI upon access to the associated Domain, and when new kernel configurations are selected by the user. A user may have multiple Apps active simultaneously.

    " }, @@ -177,8 +204,8 @@ "input":{"shape":"CreateClusterRequest"}, "output":{"shape":"CreateClusterResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a SageMaker HyperPod cluster. SageMaker HyperPod is a capability of SageMaker for creating and managing persistent clusters for developing large machine learning models, such as large language models (LLMs) and diffusion models. To learn more, see Amazon SageMaker HyperPod in the Amazon SageMaker Developer Guide.

    " }, @@ -191,8 +218,8 @@ "input":{"shape":"CreateClusterSchedulerConfigRequest"}, "output":{"shape":"CreateClusterSchedulerConfigResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Create cluster policy configuration. This policy is used for task prioritization and fair-share allocation of idle compute. This helps prioritize critical workloads and distributes idle compute across entities.

    " }, @@ -229,8 +256,8 @@ "input":{"shape":"CreateComputeQuotaRequest"}, "output":{"shape":"CreateComputeQuotaResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Create compute allocation definition. This defines how compute is allocated, shared, and borrowed for specified entities. Specifically, how to lend and borrow idle compute and assign a fair-share weight to the specified entities.

    " }, @@ -256,8 +283,8 @@ "input":{"shape":"CreateDataQualityJobDefinitionRequest"}, "output":{"shape":"CreateDataQualityJobDefinitionResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a definition for a job that monitors data quality and drift. For information about model monitor, see Amazon SageMaker AI Model Monitor.

    " }, @@ -283,8 +310,8 @@ "input":{"shape":"CreateDomainRequest"}, "output":{"shape":"CreateDomainResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a Domain. A domain consists of an associated Amazon Elastic File System volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. Users within a domain can share notebook files and other artifacts with each other.

    EFS storage

    When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.

    SageMaker AI uses the Amazon Web Services Key Management Service (Amazon Web Services KMS) to encrypt the EFS volume attached to the domain with an Amazon Web Services managed key by default. For more control, you can specify a customer managed key. For more information, see Protect Data at Rest Using Encryption.

    VPC configuration

    All traffic between the domain and the Amazon EFS volume is through the specified VPC and subnets. For other traffic, you can specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the network access type that you choose when you onboard to the domain. The following options are available:

    • PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker AI, which allows internet access. This is the default value.

    • VpcOnly - All traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.

      When internet access is disabled, you won't be able to run a Amazon SageMaker AI Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker AI API and runtime or a NAT gateway and your security groups allow outbound connections.

    NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a Amazon SageMaker AI Studio app successfully.

    For more information, see Connect Amazon SageMaker AI Studio Notebooks to Resources in a VPC.

    " }, @@ -387,8 +414,8 @@ "input":{"shape":"CreateFlowDefinitionRequest"}, "output":{"shape":"CreateFlowDefinitionResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a flow definition.

    " }, @@ -406,6 +433,16 @@ ], "documentation":"

    Create a hub.

    " }, + "CreateHubContentPresignedUrls":{ + "name":"CreateHubContentPresignedUrls", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateHubContentPresignedUrlsRequest"}, + "output":{"shape":"CreateHubContentPresignedUrlsResponse"}, + "documentation":"

    Creates presigned URLs for accessing hub content artifacts. This operation generates time-limited, secure URLs that allow direct download of model artifacts and associated files from Amazon SageMaker hub content, including gated models that require end-user license agreement acceptance.

    " + }, "CreateHubContentReference":{ "name":"CreateHubContentReference", "http":{ @@ -430,8 +467,8 @@ "input":{"shape":"CreateHumanTaskUiRequest"}, "output":{"shape":"CreateHumanTaskUiResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Defines the settings you will use for the human review workflow user interface. Reviewers will see a three-panel interface with an instruction area, the item to review, and an input area.

    " }, @@ -447,7 +484,7 @@ {"shape":"ResourceInUse"}, {"shape":"ResourceLimitExceeded"} ], - "documentation":"

    Starts a hyperparameter tuning job. A hyperparameter tuning job finds the best version of a model by running many training jobs on your dataset using the algorithm you choose and values for hyperparameters within ranges that you specify. It then chooses the hyperparameter values that result in a model that performs the best, as measured by an objective metric that you choose.

    A hyperparameter tuning job automatically creates Amazon SageMaker experiments, trials, and trial components for each training job that it runs. You can view these entities in Amazon SageMaker Studio. For more information, see View Experiments, Trials, and Trial Components.

    Do not include any security-sensitive information including account access IDs, secrets or tokens in any hyperparameter field. If the use of security-sensitive credentials are detected, SageMaker will reject your training job request and return an exception error.

    " + "documentation":"

    Starts a hyperparameter tuning job. A hyperparameter tuning job finds the best version of a model by running many training jobs on your dataset using the algorithm you choose and values for hyperparameters within ranges that you specify. It then chooses the hyperparameter values that result in a model that performs the best, as measured by an objective metric that you choose.

    A hyperparameter tuning job automatically creates Amazon SageMaker experiments, trials, and trial components for each training job that it runs. You can view these entities in Amazon SageMaker Studio. For more information, see View Experiments, Trials, and Trial Components.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any hyperparameter fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by any security-sensitive information included in the request hyperparameter variable or plain text fields..

    " }, "CreateImage":{ "name":"CreateImage", @@ -472,9 +509,9 @@ "input":{"shape":"CreateImageVersionRequest"}, "output":{"shape":"CreateImageVersionResponse"}, "errors":[ + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a version of the SageMaker AI image specified by ImageName. The version represents the Amazon ECR container image specified by BaseImage.

    " }, @@ -568,8 +605,8 @@ "input":{"shape":"CreateModelBiasJobDefinitionRequest"}, "output":{"shape":"CreateModelBiasJobDefinitionResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates the definition for a model bias job.

    " }, @@ -582,8 +619,8 @@ "input":{"shape":"CreateModelCardRequest"}, "output":{"shape":"CreateModelCardResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates an Amazon SageMaker Model Card.

    For information about how to use model cards, see Amazon SageMaker Model Card.

    " }, @@ -596,9 +633,9 @@ "input":{"shape":"CreateModelCardExportJobRequest"}, "output":{"shape":"CreateModelCardExportJobResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates an Amazon SageMaker Model Card export job.

    " }, @@ -611,8 +648,8 @@ "input":{"shape":"CreateModelExplainabilityJobDefinitionRequest"}, "output":{"shape":"CreateModelExplainabilityJobDefinitionResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates the definition for a model explainability job.

    " }, @@ -652,8 +689,8 @@ "input":{"shape":"CreateModelQualityJobDefinitionRequest"}, "output":{"shape":"CreateModelQualityJobDefinitionResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a definition for a job that monitors model quality and drift. For information about model monitor, see Amazon SageMaker AI Model Monitor.

    " }, @@ -666,8 +703,8 @@ "input":{"shape":"CreateMonitoringScheduleRequest"}, "output":{"shape":"CreateMonitoringScheduleResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a schedule that regularly starts Amazon SageMaker AI Processing Jobs to monitor the data captured for an Amazon SageMaker AI Endpoint.

    " }, @@ -720,8 +757,8 @@ "input":{"shape":"CreatePartnerAppRequest"}, "output":{"shape":"CreatePartnerAppResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates an Amazon SageMaker Partner AI App.

    " }, @@ -747,9 +784,9 @@ "input":{"shape":"CreatePipelineRequest"}, "output":{"shape":"CreatePipelineResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a pipeline using a JSON pipeline definition.

    " }, @@ -798,9 +835,9 @@ "input":{"shape":"CreateProcessingJobRequest"}, "output":{"shape":"CreateProcessingJobResponse"}, "errors":[ + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a processing job.

    " }, @@ -826,8 +863,8 @@ "input":{"shape":"CreateSpaceRequest"}, "output":{"shape":"CreateSpaceResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a private space or a space used for real time collaboration in a domain.

    " }, @@ -853,11 +890,11 @@ "input":{"shape":"CreateTrainingJobRequest"}, "output":{"shape":"CreateTrainingJobResponse"}, "errors":[ + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], - "documentation":"

    Starts a model training job. After training completes, SageMaker saves the resulting model artifacts to an Amazon S3 location that you specify.

    If you choose to host your model using SageMaker hosting services, you can use the resulting model artifacts as part of the model. You can also use the artifacts in a machine learning service other than SageMaker, provided that you know how to use them for inference.

    In the request body, you provide the following:

    • AlgorithmSpecification - Identifies the training algorithm to use.

    • HyperParameters - Specify these algorithm-specific parameters to enable the estimation of model parameters during training. Hyperparameters can be tuned to optimize this learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.

      Do not include any security-sensitive information including account access IDs, secrets or tokens in any hyperparameter field. If the use of security-sensitive credentials are detected, SageMaker will reject your training job request and return an exception error.

    • InputDataConfig - Describes the input required by the training job and the Amazon S3, EFS, or FSx location where it is stored.

    • OutputDataConfig - Identifies the Amazon S3 bucket where you want SageMaker to save the results of model training.

    • ResourceConfig - Identifies the resources, ML compute instances, and ML storage volumes to deploy for model training. In distributed training, you specify more than one instance.

    • EnableManagedSpotTraining - Optimize the cost of training machine learning models by up to 80% by using Amazon EC2 Spot instances. For more information, see Managed Spot Training.

    • RoleArn - The Amazon Resource Name (ARN) that SageMaker assumes to perform tasks on your behalf during model training. You must grant this role the necessary permissions so that SageMaker can successfully complete model training.

    • StoppingCondition - To help cap training costs, use MaxRuntimeInSeconds to set a time limit for training. Use MaxWaitTimeInSeconds to specify how long a managed spot training job has to complete.

    • Environment - The environment variables to set in the Docker container.

    • RetryStrategy - The number of times to retry the job when the job fails due to an InternalServerError.

    For more information about SageMaker, see How It Works.

    " + "documentation":"

    Starts a model training job. After training completes, SageMaker saves the resulting model artifacts to an Amazon S3 location that you specify.

    If you choose to host your model using SageMaker hosting services, you can use the resulting model artifacts as part of the model. You can also use the artifacts in a machine learning service other than SageMaker, provided that you know how to use them for inference.

    In the request body, you provide the following:

    • AlgorithmSpecification - Identifies the training algorithm to use.

    • HyperParameters - Specify these algorithm-specific parameters to enable the estimation of model parameters during training. Hyperparameters can be tuned to optimize this learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.

      Do not include any security-sensitive information including account access IDs, secrets, or tokens in any hyperparameter fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request hyperparameter variable or plain text fields.

    • InputDataConfig - Describes the input required by the training job and the Amazon S3, EFS, or FSx location where it is stored.

    • OutputDataConfig - Identifies the Amazon S3 bucket where you want SageMaker to save the results of model training.

    • ResourceConfig - Identifies the resources, ML compute instances, and ML storage volumes to deploy for model training. In distributed training, you specify more than one instance.

    • EnableManagedSpotTraining - Optimize the cost of training machine learning models by up to 80% by using Amazon EC2 Spot instances. For more information, see Managed Spot Training.

    • RoleArn - The Amazon Resource Name (ARN) that SageMaker assumes to perform tasks on your behalf during model training. You must grant this role the necessary permissions so that SageMaker can successfully complete model training.

    • StoppingCondition - To help cap training costs, use MaxRuntimeInSeconds to set a time limit for training. Use MaxWaitTimeInSeconds to specify how long a managed spot training job has to complete.

    • Environment - The environment variables to set in the Docker container.

      Do not include any security-sensitive information including account access IDs, secrets, or tokens in any environment fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request environment variable or plain text fields.

    • RetryStrategy - The number of times to retry the job when the job fails due to an InternalServerError.

    For more information about SageMaker, see How It Works.

    " }, "CreateTrainingPlan":{ "name":"CreateTrainingPlan", @@ -868,9 +905,9 @@ "input":{"shape":"CreateTrainingPlanRequest"}, "output":{"shape":"CreateTrainingPlanResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a new training plan in SageMaker to reserve compute capacity.

    Amazon SageMaker Training Plan is a capability within SageMaker that allows customers to reserve and manage GPU capacity for large-scale AI model training. It provides a way to secure predictable access to computational resources within specific timelines and budgets, without the need to manage underlying infrastructure.

    How it works

    Plans can be created for specific resources such as SageMaker Training Jobs or SageMaker HyperPod clusters, automatically provisioning resources, setting up infrastructure, executing workloads, and handling infrastructure failures.

    Plan creation workflow

    • Users search for available plan offerings based on their requirements (e.g., instance type, count, start time, duration) using the SearchTrainingPlanOfferings API operation.

    • They create a plan that best matches their needs using the ID of the plan offering they want to use.

    • After successful upfront payment, the plan's status becomes Scheduled.

    • The plan can be used to:

      • Queue training jobs.

      • Allocate to an instance group of a SageMaker HyperPod cluster.

    • When the plan start date arrives, it becomes Active. Based on available reserved capacity:

      • Training jobs are launched.

      • Instance groups are provisioned.

    Plan composition

    A plan can consist of one or more Reserved Capacities, each defined by a specific instance type, quantity, Availability Zone, duration, and start and end times. For more information about Reserved Capacity, see ReservedCapacitySummary .

    " }, @@ -883,11 +920,11 @@ "input":{"shape":"CreateTransformJobRequest"}, "output":{"shape":"CreateTransformJobResponse"}, "errors":[ + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], - "documentation":"

    Starts a transform job. A transform job uses a trained model to get inferences on a dataset and saves these results to an Amazon S3 location that you specify.

    To perform batch transformations, you create a transform job and use the data that you have readily available.

    In the request body, you provide the following:

    • TransformJobName - Identifies the transform job. The name must be unique within an Amazon Web Services Region in an Amazon Web Services account.

    • ModelName - Identifies the model to use. ModelName must be the name of an existing Amazon SageMaker model in the same Amazon Web Services Region and Amazon Web Services account. For information on creating a model, see CreateModel.

    • TransformInput - Describes the dataset to be transformed and the Amazon S3 location where it is stored.

    • TransformOutput - Identifies the Amazon S3 location where you want Amazon SageMaker to save the results from the transform job.

    • TransformResources - Identifies the ML compute instances for the transform job.

    For more information about how batch transformation works, see Batch Transform.

    " + "documentation":"

    Starts a transform job. A transform job uses a trained model to get inferences on a dataset and saves these results to an Amazon S3 location that you specify.

    To perform batch transformations, you create a transform job and use the data that you have readily available.

    In the request body, you provide the following:

    • TransformJobName - Identifies the transform job. The name must be unique within an Amazon Web Services Region in an Amazon Web Services account.

    • ModelName - Identifies the model to use. ModelName must be the name of an existing Amazon SageMaker model in the same Amazon Web Services Region and Amazon Web Services account. For information on creating a model, see CreateModel.

    • TransformInput - Describes the dataset to be transformed and the Amazon S3 location where it is stored.

    • TransformOutput - Identifies the Amazon S3 location where you want Amazon SageMaker to save the results from the transform job.

    • TransformResources - Identifies the ML compute instances and AMI image versions for the transform job.

    For more information about how batch transformation works, see Batch Transform.

    " }, "CreateTrial":{ "name":"CreateTrial", @@ -925,8 +962,8 @@ "input":{"shape":"CreateUserProfileRequest"}, "output":{"shape":"CreateUserProfileResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceInUse"} + {"shape":"ResourceInUse"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Creates a user profile. A user profile represents a single user within a domain, and is the main way to reference a \"person\" for the purposes of sharing, reporting, and other user-oriented features. This entity is created when a user onboards to a domain. If an administrator invites a person by email or imports them from IAM Identity Center, a user profile is automatically created. A user profile is the primary holder of settings for an individual user and has a reference to the user's private Amazon Elastic File System home directory.

    " }, @@ -987,8 +1024,8 @@ }, "input":{"shape":"DeleteAppRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Used to stop and delete an app.

    " }, @@ -1039,8 +1076,8 @@ "input":{"shape":"DeleteClusterRequest"}, "output":{"shape":"DeleteClusterResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Delete a SageMaker HyperPod cluster.

    " }, @@ -1134,8 +1171,8 @@ }, "input":{"shape":"DeleteDomainRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Used to delete a domain. If you onboarded with IAM mode, you will need to delete your domain to onboard again using IAM Identity Center. Use with caution. All of the members of the domain will lose access to their EFS volume, including data, notebooks, and other artifacts.

    " }, @@ -1215,8 +1252,8 @@ "input":{"shape":"DeleteFlowDefinitionRequest"}, "output":{"shape":"DeleteFlowDefinitionResponse"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Deletes the specified flow definition.

    " }, @@ -1228,8 +1265,8 @@ }, "input":{"shape":"DeleteHubRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Delete a hub.

    " }, @@ -1241,8 +1278,8 @@ }, "input":{"shape":"DeleteHubContentRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Delete the contents of a hub.

    " }, @@ -1289,8 +1326,8 @@ "input":{"shape":"DeleteImageRequest"}, "output":{"shape":"DeleteImageResponse"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Deletes a SageMaker AI image and all versions of the image. The container images aren't deleted.

    " }, @@ -1303,8 +1340,8 @@ "input":{"shape":"DeleteImageVersionRequest"}, "output":{"shape":"DeleteImageVersionResponse"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Deletes a version of a SageMaker AI image. The container image the version represents isn't deleted.

    " }, @@ -1373,8 +1410,8 @@ }, "input":{"shape":"DeleteModelCardRequest"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Deletes an Amazon SageMaker Model Card.

    " }, @@ -1486,8 +1523,8 @@ "input":{"shape":"DeletePartnerAppRequest"}, "output":{"shape":"DeletePartnerAppResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Deletes a SageMaker Partner AI App.

    " }, @@ -1500,11 +1537,24 @@ "input":{"shape":"DeletePipelineRequest"}, "output":{"shape":"DeletePipelineResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Deletes a pipeline if there are no running instances of the pipeline. To delete a pipeline, you must stop all running instances of the pipeline using the StopPipelineExecution API. When you delete a pipeline, all instances of the pipeline are deleted.

    " }, + "DeleteProcessingJob":{ + "name":"DeleteProcessingJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteProcessingJobRequest"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} + ], + "documentation":"

    Deletes a processing job. After Amazon SageMaker deletes a processing job, all of the metadata for the processing job is lost. You can delete only processing jobs that are in a terminal state (Stopped, Failed, or Completed). You cannot delete a job that is in the InProgress or Stopping state. After deleting the job, you can reuse its name to create another processing job.

    " + }, "DeleteProject":{ "name":"DeleteProject", "http":{ @@ -1525,8 +1575,8 @@ }, "input":{"shape":"DeleteSpaceRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Used to delete a space.

    " }, @@ -1553,6 +1603,19 @@ "output":{"shape":"DeleteTagsOutput"}, "documentation":"

    Deletes the specified tags from an SageMaker resource.

    To list a resource's tags, use the ListTags API.

    When you call this API to delete tags from a hyperparameter tuning job, the deleted tags are not removed from training jobs that the hyperparameter tuning job launched before you called this API.

    When you call this API to delete tags from a SageMaker Domain or User Profile, the deleted tags are not removed from Apps that the SageMaker Domain or User Profile launched before you called this API.

    " }, + "DeleteTrainingJob":{ + "name":"DeleteTrainingJob", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteTrainingJobRequest"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} + ], + "documentation":"

    Deletes a training job. After SageMaker deletes a training job, all of the metadata for the training job is lost. You can delete only training jobs that are in a terminal state (Stopped, Failed, or Completed) and don't retain an Available managed warm pool. You cannot delete a job that is in the InProgress or Stopping state. After deleting the job, you can reuse its name to create another training job.

    " + }, "DeleteTrial":{ "name":"DeleteTrial", "http":{ @@ -1587,8 +1650,8 @@ }, "input":{"shape":"DeleteUserProfileRequest"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Deletes a user profile. When a user profile is deleted, the user loses access to their EFS volume, including data, notebooks, and other artifacts.

    " }, @@ -1725,6 +1788,19 @@ ], "documentation":"

    Retrieves information of a SageMaker HyperPod cluster.

    " }, + "DescribeClusterEvent":{ + "name":"DescribeClusterEvent", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeClusterEventRequest"}, + "output":{"shape":"DescribeClusterEventResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Retrieves detailed information about a specific event for a given HyperPod cluster. This functionality is only supported when the NodeProvisioningMode is set to Continuous.

    " + }, "DescribeClusterNode":{ "name":"DescribeClusterNode", "http":{ @@ -2319,6 +2395,19 @@ "output":{"shape":"DescribeProjectOutput"}, "documentation":"

    Describes the details of a project.

    " }, + "DescribeReservedCapacity":{ + "name":"DescribeReservedCapacity", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeReservedCapacityRequest"}, + "output":{"shape":"DescribeReservedCapacityResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Retrieves details about a reserved capacity.

    " + }, "DescribeSpace":{ "name":"DescribeSpace", "http":{ @@ -2454,6 +2543,19 @@ "output":{"shape":"DescribeWorkteamResponse"}, "documentation":"

    Gets information about a specific work team. You can see information such as the creation date, the last updated date, membership information, and the work team's Amazon Resource Name (ARN).

    " }, + "DetachClusterNodeVolume":{ + "name":"DetachClusterNodeVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DetachClusterNodeVolumeRequest"}, + "output":{"shape":"DetachClusterNodeVolumeResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Detaches your Amazon Elastic Block Store (Amazon EBS) volume from a node in your EKS orchestrated SageMaker HyperPod cluster.

    This API works with the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver to manage the lifecycle of persistent storage in your HyperPod EKS clusters.

    " + }, "DisableSagemakerServicecatalogPortfolio":{ "name":"DisableSagemakerServicecatalogPortfolio", "http":{ @@ -2562,9 +2664,9 @@ "input":{"shape":"ImportHubContentRequest"}, "output":{"shape":"ImportHubContentResponse"}, "errors":[ + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Import hub content.

    " }, @@ -2673,6 +2775,19 @@ ], "documentation":"

    List the candidates created for the job.

    " }, + "ListClusterEvents":{ + "name":"ListClusterEvents", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListClusterEventsRequest"}, + "output":{"shape":"ListClusterEventsResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Retrieves a list of event summaries for a specified HyperPod cluster. The operation supports filtering, sorting, and pagination of results. This functionality is only supported when the NodeProvisioningMode is set to Continuous.

    " + }, "ListClusterNodes":{ "name":"ListClusterNodes", "http":{ @@ -3252,6 +3367,19 @@ ], "documentation":"

    Gets a list of parameters for a pipeline execution.

    " }, + "ListPipelineVersions":{ + "name":"ListPipelineVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListPipelineVersionsRequest"}, + "output":{"shape":"ListPipelineVersionsResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Gets a list of all versions of the pipeline.

    " + }, "ListPipelines":{ "name":"ListPipelines", "http":{ @@ -3414,6 +3542,19 @@ ], "documentation":"

    Lists the trials in your account. Specify an experiment name to limit the list to the trials that are part of that experiment. Specify a trial component name to limit the list to the trials that associated with that trial component. The list can be filtered to show only trials that were created in a specific time range. The list can be sorted by trial name or creation time.

    " }, + "ListUltraServersByReservedCapacity":{ + "name":"ListUltraServersByReservedCapacity", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListUltraServersByReservedCapacityRequest"}, + "output":{"shape":"ListUltraServersByReservedCapacityResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Lists all UltraServers that are part of a specified reserved capacity.

    " + }, "ListUserProfiles":{ "name":"ListUserProfiles", "http":{ @@ -3504,9 +3645,9 @@ "input":{"shape":"RetryPipelineExecutionRequest"}, "output":{"shape":"RetryPipelineExecutionResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Retry the execution of the pipeline.

    " }, @@ -3542,9 +3683,9 @@ "input":{"shape":"SendPipelineExecutionStepFailureRequest"}, "output":{"shape":"SendPipelineExecutionStepFailureResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Notifies the pipeline that the execution of a callback step failed, along with a message describing why. When a callback step is run, the pipeline generates a callback token and includes the token in a message sent to Amazon Simple Queue Service (Amazon SQS).

    " }, @@ -3557,9 +3698,9 @@ "input":{"shape":"SendPipelineExecutionStepSuccessRequest"}, "output":{"shape":"SendPipelineExecutionStepSuccessResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Notifies the pipeline that the execution of a callback step succeeded and provides a list of the step's output parameters. When a callback step is run, the pipeline generates a callback token and includes the token in a message sent to Amazon Simple Queue Service (Amazon SQS).

    " }, @@ -3595,8 +3736,8 @@ "input":{"shape":"StartMlflowTrackingServerRequest"}, "output":{"shape":"StartMlflowTrackingServerResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Programmatically start an MLflow Tracking Server.

    " }, @@ -3633,12 +3774,26 @@ "input":{"shape":"StartPipelineExecutionRequest"}, "output":{"shape":"StartPipelineExecutionResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Starts a pipeline execution.

    " }, + "StartSession":{ + "name":"StartSession", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartSessionRequest"}, + "output":{"shape":"StartSessionResponse"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceLimitExceeded"} + ], + "documentation":"

    Initiates a remote connection session between a local integrated development environments (IDEs) and a remote SageMaker space.

    " + }, "StopAutoMLJob":{ "name":"StopAutoMLJob", "http":{ @@ -3740,8 +3895,8 @@ "input":{"shape":"StopMlflowTrackingServerRequest"}, "output":{"shape":"StopMlflowTrackingServerResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Programmatically stop an MLflow Tracking Server.

    " }, @@ -3787,8 +3942,8 @@ "input":{"shape":"StopPipelineExecutionRequest"}, "output":{"shape":"StopPipelineExecutionResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Stops a pipeline execution.

    Callback Step

    A pipeline execution won't stop while a callback step is running. When you call StopPipelineExecution on a pipeline execution with a running callback step, SageMaker Pipelines sends an additional Amazon SQS message to the specified SQS queue. The body of the SQS message contains a \"Status\" field which is set to \"Stopping\".

    You should add logic to your Amazon SQS message consumer to take any needed action (for example, resource cleanup) upon receipt of the message followed by a call to SendPipelineExecutionStepSuccess or SendPipelineExecutionStepFailure.

    Only when SageMaker Pipelines receives one of these calls will it stop the pipeline execution.

    Lambda Step

    A pipeline execution can't be stopped while a lambda step is running because the Lambda function invoked by the lambda step can't be stopped. If you attempt to stop the execution while the Lambda function is running, the pipeline waits for the Lambda function to finish or until the timeout is hit, whichever occurs first, and then stops. If the Lambda function finishes, the pipeline execution status is Stopped. If the timeout is hit the pipeline execution status is Failed.

    " }, @@ -3878,9 +4033,9 @@ "input":{"shape":"UpdateClusterRequest"}, "output":{"shape":"UpdateClusterResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates a SageMaker HyperPod cluster.

    " }, @@ -3893,9 +4048,9 @@ "input":{"shape":"UpdateClusterSchedulerConfigRequest"}, "output":{"shape":"UpdateClusterSchedulerConfigResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Update the cluster policy configuration.

    " }, @@ -3908,8 +4063,8 @@ "input":{"shape":"UpdateClusterSoftwareRequest"}, "output":{"shape":"UpdateClusterSoftwareResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Updates the platform software of a SageMaker HyperPod cluster for security patching. To learn how to use this API, see Update the SageMaker HyperPod platform software of a cluster.

    The UpgradeClusterSoftware API call may impact your SageMaker HyperPod cluster uptime and availability. Plan accordingly to mitigate potential disruptions to your workloads.

    " }, @@ -3935,9 +4090,9 @@ "input":{"shape":"UpdateComputeQuotaRequest"}, "output":{"shape":"UpdateComputeQuotaResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Update the compute allocation definition.

    " }, @@ -3985,9 +4140,9 @@ "input":{"shape":"UpdateDomainRequest"}, "output":{"shape":"UpdateDomainResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates the default settings for new user profiles in the domain.

    " }, @@ -4070,6 +4225,34 @@ ], "documentation":"

    Update a hub.

    " }, + "UpdateHubContent":{ + "name":"UpdateHubContent", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateHubContentRequest"}, + "output":{"shape":"UpdateHubContentResponse"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} + ], + "documentation":"

    Updates SageMaker hub content (either a Model or Notebook resource).

    You can update the metadata that describes the resource. In addition to the required request fields, specify at least one of the following fields to update:

    • HubContentDescription

    • HubContentDisplayName

    • HubContentMarkdown

    • HubContentSearchKeywords

    • SupportStatus

    For more information about hubs, see Private curated hubs for foundation model access control in JumpStart.

    If you want to update a ModelReference resource in your hub, use the UpdateHubContentResource API instead.

    " + }, + "UpdateHubContentReference":{ + "name":"UpdateHubContentReference", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateHubContentReferenceRequest"}, + "output":{"shape":"UpdateHubContentReferenceResponse"}, + "errors":[ + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} + ], + "documentation":"

    Updates the contents of a SageMaker hub for a ModelReference resource. A ModelReference allows you to access public SageMaker JumpStart models from within your private hub.

    When using this API, you can update the MinVersion field for additional flexibility in the model version. You shouldn't update any additional fields when using this API, because the metadata in your private hub should match the public JumpStart model's metadata.

    If you want to update a Model or Notebook resource in your hub, use the UpdateHubContent API instead.

    For more information about adding model references to your hub, see Add models to a private hub.

    " + }, "UpdateImage":{ "name":"UpdateImage", "http":{ @@ -4079,8 +4262,8 @@ "input":{"shape":"UpdateImageRequest"}, "output":{"shape":"UpdateImageResponse"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Updates the properties of a SageMaker AI image. To change the image's tags, use the AddTags and DeleteTags APIs.

    " }, @@ -4093,8 +4276,8 @@ "input":{"shape":"UpdateImageVersionRequest"}, "output":{"shape":"UpdateImageVersionResponse"}, "errors":[ - {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceInUse"} ], "documentation":"

    Updates the properties of a SageMaker AI image version.

    " }, @@ -4147,9 +4330,9 @@ "input":{"shape":"UpdateMlflowTrackingServerRequest"}, "output":{"shape":"UpdateMlflowTrackingServerResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates properties of an existing MLflow Tracking Server.

    " }, @@ -4162,9 +4345,9 @@ "input":{"shape":"UpdateModelCardRequest"}, "output":{"shape":"UpdateModelCardResponse"}, "errors":[ + {"shape":"ConflictException"}, {"shape":"ResourceNotFound"}, - {"shape":"ResourceLimitExceeded"}, - {"shape":"ConflictException"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Update an Amazon SageMaker Model Card.

    You cannot update both model card content and model card status in a single call.

    " }, @@ -4190,8 +4373,8 @@ "input":{"shape":"UpdateMonitoringAlertRequest"}, "output":{"shape":"UpdateMonitoringAlertResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Update the parameters of a model monitor alert.

    " }, @@ -4204,8 +4387,8 @@ "input":{"shape":"UpdateMonitoringScheduleRequest"}, "output":{"shape":"UpdateMonitoringScheduleResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceNotFound"}, + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates a previously created schedule.

    " }, @@ -4244,8 +4427,8 @@ "input":{"shape":"UpdatePartnerAppRequest"}, "output":{"shape":"UpdatePartnerAppResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Updates all of the SageMaker Partner AI Apps in an account.

    " }, @@ -4258,8 +4441,8 @@ "input":{"shape":"UpdatePipelineRequest"}, "output":{"shape":"UpdatePipelineResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Updates a pipeline.

    " }, @@ -4272,11 +4455,25 @@ "input":{"shape":"UpdatePipelineExecutionRequest"}, "output":{"shape":"UpdatePipelineExecutionResponse"}, "errors":[ - {"shape":"ResourceNotFound"}, - {"shape":"ConflictException"} + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} ], "documentation":"

    Updates a pipeline execution.

    " }, + "UpdatePipelineVersion":{ + "name":"UpdatePipelineVersion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdatePipelineVersionRequest"}, + "output":{"shape":"UpdatePipelineVersionResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ResourceNotFound"} + ], + "documentation":"

    Updates a pipeline version.

    " + }, "UpdateProject":{ "name":"UpdateProject", "http":{ @@ -4299,9 +4496,9 @@ "input":{"shape":"UpdateSpaceRequest"}, "output":{"shape":"UpdateSpaceResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates the settings of a space.

    You can't edit the app type of a space in the SpaceSettings.

    " }, @@ -4356,9 +4553,9 @@ "input":{"shape":"UpdateUserProfileRequest"}, "output":{"shape":"UpdateUserProfileResponse"}, "errors":[ - {"shape":"ResourceLimitExceeded"}, + {"shape":"ResourceNotFound"}, {"shape":"ResourceInUse"}, - {"shape":"ResourceNotFound"} + {"shape":"ResourceLimitExceeded"} ], "documentation":"

    Updates a user profile.

    " }, @@ -4373,7 +4570,7 @@ "errors":[ {"shape":"ConflictException"} ], - "documentation":"

    Use this operation to update your workforce. You can use this operation to require that workers use specific IP addresses to work on tasks and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.

    The worker portal is now supported in VPC and public internet.

    Use SourceIpConfig to restrict worker access to tasks to a specific range of IP addresses. You specify allowed IP addresses by creating a list of up to ten CIDRs. By default, a workforce isn't restricted to specific IP addresses. If you specify a range of IP addresses, workers who attempt to access tasks using any IP address outside the specified range are denied and get a Not Found error message on the worker portal.

    To restrict access to all the workers in public internet, add the SourceIpConfig CIDR value as \"10.0.0.0/16\".

    Amazon SageMaker does not support Source Ip restriction for worker portals in VPC.

    Use OidcConfig to update the configuration of a workforce created using your own OIDC IdP.

    You can only update your OIDC IdP configuration when there are no work teams associated with your workforce. You can delete work teams using the DeleteWorkteam operation.

    After restricting access to a range of IP addresses or updating your OIDC IdP configuration with this operation, you can view details about your update workforce using the DescribeWorkforce operation.

    This operation only applies to private workforces.

    " + "documentation":"

    Use this operation to update your workforce. You can use this operation to require that workers use specific IP addresses to work on tasks and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.

    The worker portal is now supported in VPC and public internet.

    Use SourceIpConfig to restrict worker access to tasks to a specific range of IP addresses. You specify allowed IP addresses by creating a list of up to ten CIDRs. By default, a workforce isn't restricted to specific IP addresses. If you specify a range of IP addresses, workers who attempt to access tasks using any IP address outside the specified range are denied and get a Not Found error message on the worker portal.

    To restrict public internet access for all workers, configure the SourceIpConfig CIDR value. For example, when using SourceIpConfig with an IpAddressType of IPv4, you can restrict access to the IPv4 CIDR block \"10.0.0.0/16\". When using an IpAddressType of dualstack, you can specify both the IPv4 and IPv6 CIDR blocks, such as \"10.0.0.0/16\" for IPv4 only, \"2001:db8:1234:1a00::/56\" for IPv6 only, or \"10.0.0.0/16\" and \"2001:db8:1234:1a00::/56\" for dual stack.

    Amazon SageMaker does not support Source Ip restriction for worker portals in VPC.

    Use OidcConfig to update the configuration of a workforce created using your own OIDC IdP.

    You can only update your OIDC IdP configuration when there are no work teams associated with your workforce. You can delete work teams using the DeleteWorkteam operation.

    After restricting access to a range of IP addresses or updating your OIDC IdP configuration with this operation, you can view details about your update workforce using the DescribeWorkforce operation.

    This operation only applies to private workforces.

    " }, "UpdateWorkteam":{ "name":"UpdateWorkteam", @@ -4390,9 +4587,16 @@ } }, "shapes":{ + "AcceleratorsAmount":{ + "type":"integer", + "box":true, + "max":10000000, + "min":0 + }, "Accept":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "AcceptEula":{"type":"boolean"}, @@ -4400,11 +4604,12 @@ "type":"string", "max":12, "min":12, - "pattern":"^\\d+$" + "pattern":"\\d+" }, "ActionArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:action/.*" }, "ActionSource":{ @@ -4516,6 +4721,36 @@ } } }, + "AddClusterNodeSpecification":{ + "type":"structure", + "required":[ + "InstanceGroupName", + "IncrementTargetCountBy" + ], + "members":{ + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group to which you want to add nodes.

    " + }, + "IncrementTargetCountBy":{ + "shape":"AddClusterNodeSpecificationIncrementTargetCountByInteger", + "documentation":"

    The number of nodes to add to the specified instance group. The total number of nodes across all instance groups in a single request cannot exceed 50.

    " + } + }, + "documentation":"

    Specifies an instance group and the number of nodes to add to it.

    " + }, + "AddClusterNodeSpecificationIncrementTargetCountByInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, + "AddClusterNodeSpecificationList":{ + "type":"list", + "member":{"shape":"AddClusterNodeSpecification"}, + "max":5, + "min":1 + }, "AddTagsInput":{ "type":"structure", "required":[ @@ -4545,7 +4780,18 @@ "AdditionalCodeRepositoryNamesOrUrls":{ "type":"list", "member":{"shape":"CodeRepositoryNameOrUrl"}, - "max":3 + "max":3, + "min":0 + }, + "AdditionalEnis":{ + "type":"structure", + "members":{ + "EfaEnis":{ + "shape":"EfaEnis", + "documentation":"

    A list of Elastic Fabric Adapter (EFA) ENIs associated with the instance.

    " + } + }, + "documentation":"

    Information about additional Elastic Network Interfaces (ENIs) associated with an instance.

    " }, "AdditionalInferenceSpecificationDefinition":{ "type":"structure", @@ -4664,7 +4910,8 @@ }, "AgentCount":{ "shape":"Long", - "documentation":"

    The number of Edge Manager agents.

    " + "documentation":"

    The number of Edge Manager agents.

    ", + "box":true } }, "documentation":"

    Edge Manager agent version.

    " @@ -4700,6 +4947,17 @@ }, "documentation":"

    An Amazon CloudWatch alarm configured to monitor metrics on an endpoint.

    " }, + "AlarmDetails":{ + "type":"structure", + "required":["AlarmName"], + "members":{ + "AlarmName":{ + "shape":"AlarmName", + "documentation":"

    The name of the alarm.

    " + } + }, + "documentation":"

    The details of the alarm to monitor during the AMI update.

    " + }, "AlarmList":{ "type":"list", "member":{"shape":"Alarm"}, @@ -4710,17 +4968,18 @@ "type":"string", "max":255, "min":1, - "pattern":"^(?!\\s*$).+" + "pattern":"(?!\\s*$).+" }, "AlgorithmArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:algorithm/[\\S]{1,2048}$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:algorithm/[\\S]{1,2048}" }, "AlgorithmImage":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "AlgorithmSortBy":{ @@ -4749,7 +5008,8 @@ }, "EnableSageMakerMetricsTimeSeries":{ "shape":"Boolean", - "documentation":"

    To generate and save time-series metrics during training, set to true. The default is false and time-series metrics aren't generated except in the following cases:

    " + "documentation":"

    To generate and save time-series metrics during training, set to true. The default is false and time-series metrics aren't generated except in the following cases:

    ", + "box":true }, "ContainerEntrypoint":{ "shape":"TrainingContainerEntrypoint", @@ -4918,7 +5178,7 @@ "members":{ "AnnotationConsolidationLambdaArn":{ "shape":"LambdaFunctionArn", - "documentation":"

    The Amazon Resource Name (ARN) of a Lambda function implements the logic for annotation consolidation and to process output data.

    For built-in task types, use one of the following Amazon SageMaker Ground Truth Lambda function ARNs for AnnotationConsolidationLambdaArn. For custom labeling workflows, see Post-annotation Lambda.

    Bounding box - Finds the most similar boxes from different workers based on the Jaccard index of the boxes.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-BoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-BoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-BoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-BoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-BoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-BoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-BoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-BoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-BoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-BoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-BoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-BoundingBox

    Image classification - Uses a variant of the Expectation Maximization approach to estimate the true class of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-ImageMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-ImageMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-ImageMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-ImageMultiClass

    Multi-label image classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-ImageMultiClassMultiLabel

    Semantic segmentation - Treats each pixel in an image as a multi-class classification and treats pixel annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-SemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-SemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-SemanticSegmentation

    Text classification - Uses a variant of the Expectation Maximization approach to estimate the true class of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-TextMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-TextMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-TextMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-TextMultiClass

    Multi-label text classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-TextMultiClassMultiLabel

    Named entity recognition - Groups similar selections and calculates aggregate boundaries, resolving to most-assigned label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-NamedEntityRecognition

    Video Classification - Use this task type when you need workers to classify videos using predefined labels that you specify. Workers are shown videos and are asked to choose one label for each video.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoMultiClass

    Video Frame Object Detection - Use this task type to have workers identify and locate objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to identify and localize various objects in a series of video frames, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoObjectDetection

    Video Frame Object Tracking - Use this task type to have workers track the movement of objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to track the movement of objects, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoObjectTracking

    3D Point Cloud Object Detection - Use this task type when you want workers to classify objects in a 3D point cloud by drawing 3D cuboids around objects. For example, you can use this task type to ask workers to identify different types of objects in a point cloud, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudObjectDetection

    3D Point Cloud Object Tracking - Use this task type when you want workers to draw 3D cuboids around objects that appear in a sequence of 3D point cloud frames. For example, you can use this task type to ask workers to track the movement of vehicles across multiple point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation - Use this task type when you want workers to create a point-level semantic segmentation masks by painting objects in a 3D point cloud using different colors where each color is assigned to one of the classes you specify.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudSemanticSegmentation

    Use the following ARNs for Label Verification and Adjustment Jobs

    Use label verification and adjustment jobs to review and adjust labels. To learn more, see Verify and Adjust Labels .

    Semantic Segmentation Adjustment - Treats each pixel in an image as a multi-class classification and treats pixel adjusted annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentSemanticSegmentation

    Semantic Segmentation Verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgment for semantic segmentation labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VerificationSemanticSegmentation

    Bounding Box Adjustment - Finds the most similar boxes from different workers based on the Jaccard index of the adjusted annotations.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentBoundingBox

    Bounding Box Verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgement for bounding box labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VerificationBoundingBox

    Video Frame Object Detection Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to classify and localize objects in a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentVideoObjectDetection

    Video Frame Object Tracking Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to track object movement across a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentVideoObjectTracking

    3D Point Cloud Object Detection Adjustment - Use this task type when you want workers to adjust 3D cuboids around objects in a 3D point cloud.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudObjectDetection

    3D Point Cloud Object Tracking Adjustment - Use this task type when you want workers to adjust 3D cuboids around objects that appear in a sequence of 3D point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation Adjustment - Use this task type when you want workers to adjust a point-level semantic segmentation masks using a paint tool.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    " + "documentation":"

    The Amazon Resource Name (ARN) of a Lambda function implements the logic for annotation consolidation and to process output data.

    For built-in task types, use one of the following Amazon SageMaker Ground Truth Lambda function ARNs for AnnotationConsolidationLambdaArn. For custom labeling workflows, see Post-annotation Lambda.

    Bounding box - Finds the most similar boxes from different workers based on the Jaccard index of the boxes.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-BoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-BoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-BoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-BoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-BoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-BoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-BoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-BoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-BoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-BoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-BoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-BoundingBox

    Image classification - Uses a variant of the Expectation Maximization approach to estimate the true class of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-ImageMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-ImageMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-ImageMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-ImageMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-ImageMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-ImageMultiClass

    Multi-label image classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-ImageMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-ImageMultiClassMultiLabel

    Semantic segmentation - Treats each pixel in an image as a multi-class classification and treats pixel annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-SemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-SemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-SemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-SemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-SemanticSegmentation

    Text classification - Uses a variant of the Expectation Maximization approach to estimate the true class of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-TextMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-TextMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-TextMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-TextMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-TextMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-TextMultiClass

    Multi-label text classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-TextMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-TextMultiClassMultiLabel

    Named entity recognition - Groups similar selections and calculates aggregate boundaries, resolving to most-assigned label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-NamedEntityRecognition

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-NamedEntityRecognition

    Video Classification - Use this task type when you need workers to classify videos using predefined labels that you specify. Workers are shown videos and are asked to choose one label for each video.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoMultiClass

    Video Frame Object Detection - Use this task type to have workers identify and locate objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to identify and localize various objects in a series of video frames, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoObjectDetection

    Video Frame Object Tracking - Use this task type to have workers track the movement of objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to track the movement of objects, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VideoObjectTracking

    3D Point Cloud Object Detection - Use this task type when you want workers to classify objects in a 3D point cloud by drawing 3D cuboids around objects. For example, you can use this task type to ask workers to identify different types of objects in a point cloud, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudObjectDetection

    3D Point Cloud Object Tracking - Use this task type when you want workers to draw 3D cuboids around objects that appear in a sequence of 3D point cloud frames. For example, you can use this task type to ask workers to track the movement of vehicles across multiple point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation - Use this task type when you want workers to create a point-level semantic segmentation masks by painting objects in a 3D point cloud using different colors where each color is assigned to one of the classes you specify.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-3DPointCloudSemanticSegmentation

    Use the following ARNs for Label Verification and Adjustment Jobs

    Use label verification and adjustment jobs to review and adjust labels. To learn more, see Verify and Adjust Labels .

    Semantic Segmentation Adjustment - Treats each pixel in an image as a multi-class classification and treats pixel adjusted annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentSemanticSegmentation

    Semantic Segmentation Verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgment for semantic segmentation labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VerificationSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VerificationSemanticSegmentation

    Bounding Box Adjustment - Finds the most similar boxes from different workers based on the Jaccard index of the adjusted annotations.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentBoundingBox

    Bounding Box Verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgement for bounding box labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-VerificationBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-VerificationBoundingBox

    Video Frame Object Detection Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to classify and localize objects in a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentVideoObjectDetection

    Video Frame Object Tracking Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to track object movement across a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-AdjustmentVideoObjectTracking

    3D Point Cloud Object Detection Adjustment - Use this task type when you want workers to adjust 3D cuboids around objects in a 3D point cloud.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudObjectDetection

    3D Point Cloud Object Tracking Adjustment - Use this task type when you want workers to adjust 3D cuboids around objects that appear in a sequence of 3D point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation Adjustment - Use this task type when you want workers to adjust a point-level semantic segmentation masks using a paint tool.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-Adjustment3DPointCloudSemanticSegmentation

    Generative AI/Custom - Direct passthrough of output data without any transformation.

    • arn:aws:lambda:us-east-1:432418664414:function:ACS-PassThrough

    • arn:aws:lambda:us-east-2:266458841044:function:ACS-PassThrough

    • arn:aws:lambda:us-west-2:081040173940:function:ACS-PassThrough

    • arn:aws:lambda:eu-west-1:568282634449:function:ACS-PassThrough

    • arn:aws:lambda:ap-northeast-1:477331159723:function:ACS-PassThrough

    • arn:aws:lambda:ap-southeast-2:454466003867:function:ACS-PassThrough

    • arn:aws:lambda:ap-south-1:565803892007:function:ACS-PassThrough

    • arn:aws:lambda:eu-central-1:203001061592:function:ACS-PassThrough

    • arn:aws:lambda:ap-northeast-2:845288260483:function:ACS-PassThrough

    • arn:aws:lambda:eu-west-2:487402164563:function:ACS-PassThrough

    • arn:aws:lambda:ap-southeast-1:377565633583:function:ACS-PassThrough

    • arn:aws:lambda:ca-central-1:918755190332:function:ACS-PassThrough

    " } }, "documentation":"

    Configures how labels are consolidated across human workers and processes output data.

    " @@ -4926,6 +5186,7 @@ "AppArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:app/.*" }, "AppDetails":{ @@ -4966,6 +5227,7 @@ "AppImageConfigArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:app-image-config/.*" }, "AppImageConfigDetails":{ @@ -5009,7 +5271,8 @@ "AppImageConfigName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "AppImageConfigSortKey":{ "type":"string", @@ -5102,6 +5365,8 @@ "ml.trn1.32xlarge", "ml.trn1n.32xlarge", "ml.p5.48xlarge", + "ml.p5en.48xlarge", + "ml.p6-b200.48xlarge", "ml.m6i.large", "ml.m6i.xlarge", "ml.m6i.2xlarge", @@ -5203,7 +5468,8 @@ "AppName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "AppNetworkAccessType":{ "type":"string", @@ -5269,32 +5535,36 @@ "ApprovalDescription":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "ArnOrName":{ "type":"string", "max":170, "min":1, - "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:[a-z\\-]*\\/)?([a-zA-Z0-9]([a-zA-Z0-9-]){0,62})(? The Amazon Resource Name (ARN) of your SageMaker HyperPod cluster containing the target node. Your cluster must use EKS as the orchestration and be in the InService state.

    " + }, + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"

    The unique identifier of the cluster node to which you want to attach the volume. The node must belong to your specified HyperPod cluster and cannot be part of a Restricted Instance Group (RIG).

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The unique identifier of your EBS volume to attach. The volume must be in the available state.

    " + } + } + }, + "AttachClusterNodeVolumeResponse":{ + "type":"structure", + "required":[ + "ClusterArn", + "NodeId", + "VolumeId", + "AttachTime", + "Status", + "DeviceName" + ], + "members":{ + "ClusterArn":{ + "shape":"ClusterArn", + "documentation":"

    The Amazon Resource Name (ARN) of your SageMaker HyperPod cluster where the volume attachment operation was performed.

    " + }, + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"

    The unique identifier of the cluster node where your volume was attached.

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The unique identifier of your EBS volume that was attached.

    " + }, + "AttachTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the volume attachment operation was initiated by the SageMaker HyperPod service.

    " + }, + "Status":{ + "shape":"VolumeAttachmentStatus", + "documentation":"

    The current status of your volume attachment operation.

    " + }, + "DeviceName":{ + "shape":"VolumeDeviceName", + "documentation":"

    The device name assigned to your attached volume on the target instance.

    " + } + } + }, "AttributeName":{ "type":"string", "max":256, @@ -5639,7 +5970,8 @@ "AttributeNames":{ "type":"list", "member":{"shape":"AttributeName"}, - "max":16 + "max":16, + "min":0 }, "AuthMode":{ "type":"string", @@ -5652,18 +5984,39 @@ "type":"map", "key":{"shape":"AuthenticationRequestExtraParamsKey"}, "value":{"shape":"AuthenticationRequestExtraParamsValue"}, - "max":10 + "max":10, + "min":0 }, "AuthenticationRequestExtraParamsKey":{ "type":"string", "max":512, + "min":0, "pattern":".*" }, "AuthenticationRequestExtraParamsValue":{ "type":"string", "max":512, + "min":0, "pattern":".*" }, + "AuthorizedUrl":{ + "type":"structure", + "members":{ + "Url":{ + "shape":"LongS3Uri", + "documentation":"

    The presigned S3 URL that provides temporary, secure access to download the file. URLs expire within 15 minutes for security purposes.

    " + }, + "LocalPath":{ + "shape":"LocalPath", + "documentation":"

    The recommended local file path where the downloaded file should be stored to maintain proper directory structure and file organization.

    " + } + }, + "documentation":"

    Contains a presigned URL and its associated local file path for downloading hub content artifacts.

    " + }, + "AuthorizedUrlConfigs":{ + "type":"list", + "member":{"shape":"AuthorizedUrl"} + }, "AutoGenerateEndpointName":{"type":"boolean"}, "AutoMLAlgorithm":{ "type":"string", @@ -5699,12 +6052,14 @@ "AutoMLAlgorithms":{ "type":"list", "member":{"shape":"AutoMLAlgorithm"}, - "max":11 + "max":11, + "min":0 }, "AutoMLAlgorithmsConfig":{ "type":"list", "member":{"shape":"AutoMLAlgorithmConfig"}, - "max":1 + "max":1, + "min":0 }, "AutoMLCandidate":{ "type":"structure", @@ -5852,7 +6207,7 @@ "documentation":"

    The configuration for using EMR Serverless to run the AutoML job V2.

    To allow your AutoML job V2 to automatically initiate a remote job on EMR Serverless when additional compute resources are needed to process large datasets, you need to provide an EmrServerlessComputeConfig object, which includes an ExecutionRoleARN attribute, to the AutoMLComputeConfig of the AutoML job V2 input request.

    By seamlessly transitioning to EMR Serverless when required, the AutoML job can handle datasets that would otherwise exceed the initially provisioned resources, without any manual intervention from you.

    EMR Serverless is available for the tabular and time series problem types. We recommend setting up this option for tabular datasets larger than 5 GB and time series datasets larger than 30 GB.

    " } }, - "documentation":"

    This data type is intended for use exclusively by SageMaker Canvas and cannot be used in other contexts at the moment.

    Specifies the compute configuration for an AutoML job V2.

    " + "documentation":"

    This data type is intended for use exclusively by SageMaker Canvas and cannot be used in other contexts at the moment.

    Specifies the compute configuration for an AutoML job V2.

    " }, "AutoMLContainerDefinition":{ "type":"structure", @@ -5879,7 +6234,8 @@ "AutoMLContainerDefinitions":{ "type":"list", "member":{"shape":"AutoMLContainerDefinition"}, - "max":5 + "max":5, + "min":0 }, "AutoMLDataSource":{ "type":"structure", @@ -5904,7 +6260,8 @@ }, "AutoMLFailureReason":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "AutoMLInferenceContainerDefinitions":{ "type":"map", @@ -5917,7 +6274,8 @@ "documentation":"

    Information about the recommended inference container definitions.

    " }, "documentation":"

    The mapping of all supported processing unit (CPU, GPU, etc...) to inference container definitions for the candidate. This field is populated for the V2 API only (for example, for jobs created by calling CreateAutoMLJobV2).

    ", - "max":2 + "max":2, + "min":0 }, "AutoMLInputDataConfig":{ "type":"list", @@ -6021,7 +6379,7 @@ "type":"string", "max":32, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" }, "AutoMLJobObjective":{ "type":"structure", @@ -6213,6 +6571,7 @@ "AutoMLNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9\\-]+" }, "AutoMLOutputDataConfig":{ @@ -6352,7 +6711,8 @@ }, "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    Whether to use traffic encryption between the container layers.

    " + "documentation":"

    Whether to use traffic encryption between the container layers.

    ", + "box":true }, "VpcConfig":{ "shape":"VpcConfig", @@ -6408,6 +6768,12 @@ "max":100, "min":0 }, + "AutoRollbackAlarms":{ + "type":"list", + "member":{"shape":"AlarmDetails"}, + "max":10, + "min":1 + }, "AutoRollbackConfig":{ "type":"structure", "members":{ @@ -6441,6 +6807,12 @@ }, "AvailableInstanceCount":{ "type":"integer", + "box":true, + "min":0 + }, + "AvailableSpareInstanceCount":{ + "type":"integer", + "box":true, "min":0 }, "AwsManagedHumanLoopRequestSource":{ @@ -6458,7 +6830,95 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" + }, + "BatchAddClusterNodesError":{ + "type":"structure", + "required":[ + "InstanceGroupName", + "ErrorCode", + "FailedCount" + ], + "members":{ + "InstanceGroupName":{ + "shape":"InstanceGroupName", + "documentation":"

    The name of the instance group for which the error occurred.

    " + }, + "ErrorCode":{ + "shape":"BatchAddClusterNodesErrorCode", + "documentation":"

    The error code associated with the failure. Possible values include InstanceGroupNotFound and InvalidInstanceGroupState.

    " + }, + "FailedCount":{ + "shape":"BatchAddFailureCount", + "documentation":"

    The number of nodes that failed to be added to the specified instance group.

    " + }, + "Message":{ + "shape":"String", + "documentation":"

    A descriptive message providing additional details about the error.

    " + } + }, + "documentation":"

    Information about an error that occurred during the node addition operation.

    " + }, + "BatchAddClusterNodesErrorCode":{ + "type":"string", + "enum":[ + "InstanceGroupNotFound", + "InvalidInstanceGroupStatus" + ] + }, + "BatchAddClusterNodesErrorList":{ + "type":"list", + "member":{"shape":"BatchAddClusterNodesError"} + }, + "BatchAddClusterNodesRequest":{ + "type":"structure", + "required":[ + "ClusterName", + "NodesToAdd" + ], + "members":{ + "ClusterName":{ + "shape":"ClusterNameOrArn", + "documentation":"

    The name of the HyperPod cluster to which you want to add nodes.

    " + }, + "ClientToken":{ + "shape":"BatchAddClusterNodesRequestClientTokenString", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This token is valid for 8 hours. If you retry the request with the same client token within this timeframe and the same parameters, the API returns the same set of NodeLogicalIds with their latest status.

    ", + "idempotencyToken":true + }, + "NodesToAdd":{ + "shape":"AddClusterNodeSpecificationList", + "documentation":"

    A list of instance groups and the number of nodes to add to each. You can specify up to 5 instance groups in a single request, with a maximum of 50 nodes total across all instance groups.

    " + } + } + }, + "BatchAddClusterNodesRequestClientTokenString":{ + "type":"string", + "max":64, + "min":0, + "pattern":"[\\x21-\\x7E]+" + }, + "BatchAddClusterNodesResponse":{ + "type":"structure", + "required":[ + "Successful", + "Failed" + ], + "members":{ + "Successful":{ + "shape":"NodeAdditionResultList", + "documentation":"

    A list of NodeLogicalIDs that were successfully added to the cluster. The NodeLogicalID is unique per cluster and does not change between instance replacements. Each entry includes a NodeLogicalId that can be used to track the node's provisioning status (with DescribeClusterNode), the instance group name, and the current status of the node.

    " + }, + "Failed":{ + "shape":"BatchAddClusterNodesErrorList", + "documentation":"

    A list of errors that occurred during the node addition operation. Each entry includes the instance group name, error code, number of failed additions, and an error message.

    " + } + } + }, + "BatchAddFailureCount":{ + "type":"integer", + "box":true, + "min":1 }, "BatchDataCaptureConfig":{ "type":"structure", @@ -6474,11 +6934,41 @@ }, "GenerateInferenceId":{ "shape":"Boolean", - "documentation":"

    Flag that indicates whether to append inference id to the output.

    " + "documentation":"

    Flag that indicates whether to append inference id to the output.

    ", + "box":true } }, "documentation":"

    Configuration to control how SageMaker captures inference data for batch transform jobs.

    " }, + "BatchDeleteClusterNodeLogicalIdsError":{ + "type":"structure", + "required":[ + "Code", + "Message", + "NodeLogicalId" + ], + "members":{ + "Code":{ + "shape":"BatchDeleteClusterNodesErrorCode", + "documentation":"

    The error code associated with the failure. Possible values include NodeLogicalIdNotFound, InvalidNodeStatus, and InternalError.

    " + }, + "Message":{ + "shape":"String", + "documentation":"

    A descriptive message providing additional details about the error.

    " + }, + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"

    The NodeLogicalId of the node that could not be deleted.

    " + } + }, + "documentation":"

    Information about an error that occurred when attempting to delete a node identified by its NodeLogicalId.

    " + }, + "BatchDeleteClusterNodeLogicalIdsErrorList":{ + "type":"list", + "member":{"shape":"BatchDeleteClusterNodeLogicalIdsError"}, + "max":99, + "min":1 + }, "BatchDeleteClusterNodesError":{ "type":"structure", "required":[ @@ -6513,15 +7003,12 @@ "BatchDeleteClusterNodesErrorList":{ "type":"list", "member":{"shape":"BatchDeleteClusterNodesError"}, - "max":99, + "max":3000, "min":1 }, "BatchDeleteClusterNodesRequest":{ "type":"structure", - "required":[ - "ClusterName", - "NodeIds" - ], + "required":["ClusterName"], "members":{ "ClusterName":{ "shape":"ClusterNameOrArn", @@ -6529,7 +7016,11 @@ }, "NodeIds":{ "shape":"ClusterNodeIds", - "documentation":"

    A list of node IDs to be deleted from the specified cluster.

    For SageMaker HyperPod clusters using the Slurm workload manager, you cannot remove instances that are configured as Slurm controller nodes.

    " + "documentation":"

    A list of node IDs to be deleted from the specified cluster.

    • For SageMaker HyperPod clusters using the Slurm workload manager, you cannot remove instances that are configured as Slurm controller nodes.

    • If you need to delete more than 99 instances, contact Support for assistance.

    " + }, + "NodeLogicalIds":{ + "shape":"ClusterNodeLogicalIdList", + "documentation":"

    A list of NodeLogicalIds identifying the nodes to be deleted. You can specify up to 50 NodeLogicalIds. You must specify either NodeLogicalIds, InstanceIds, or both, with a combined maximum of 50 identifiers.

    " } } }, @@ -6543,6 +7034,14 @@ "Successful":{ "shape":"ClusterNodeIds", "documentation":"

    A list of node IDs that were successfully deleted from the specified cluster.

    " + }, + "FailedNodeLogicalIds":{ + "shape":"BatchDeleteClusterNodeLogicalIdsErrorList", + "documentation":"

    A list of NodeLogicalIds that could not be deleted, along with error information explaining why the deletion failed.

    " + }, + "SuccessfulNodeLogicalIds":{ + "shape":"ClusterNodeLogicalIdList", + "documentation":"

    A list of NodeLogicalIds that were successfully deleted from the cluster.

    " } } }, @@ -6730,11 +7229,13 @@ }, "BillableTimeInSeconds":{ "type":"integer", + "box":true, "min":1 }, "BlockedReason":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "BlueGreenUpdatePolicy":{ "type":"structure", @@ -6765,8 +7266,9 @@ }, "BorrowLimit":{ "type":"integer", + "box":true, "max":500, - "min":1 + "min":0 }, "Branch":{ "type":"string", @@ -6812,7 +7314,7 @@ "type":"string", "max":10, "min":10, - "pattern":"^[a-zA-Z0-9]+$" + "pattern":"[a-zA-Z0-9]+" }, "CandidateArtifactLocations":{ "type":"structure", @@ -6945,6 +7447,31 @@ }, "documentation":"

    The SageMaker Canvas application settings.

    " }, + "CapacityReservation":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the Capacity Reservation.

    " + }, + "Type":{ + "shape":"CapacityReservationType", + "documentation":"

    The type of Capacity Reservation. Valid values are ODCR (On-Demand Capacity Reservation) or CRG (Capacity Reservation Group).

    " + } + }, + "documentation":"

    Information about the Capacity Reservation used by an instance or instance group.

    " + }, + "CapacityReservationPreference":{ + "type":"string", + "enum":["capacity-reservations-only"] + }, + "CapacityReservationType":{ + "type":"string", + "enum":[ + "ODCR", + "CRG" + ] + }, "CapacitySize":{ "type":"structure", "required":[ @@ -6963,6 +7490,24 @@ }, "documentation":"

    Specifies the type and size of the endpoint capacity to activate for a blue/green deployment, a rolling deployment, or a rollback strategy. You can specify your batches as either instance count or the overall percentage or your fleet.

    For a rollback strategy, if you don't specify the fields in this object, or if you set the Value to 100%, then SageMaker uses a blue/green rollback strategy and rolls all traffic back to the blue fleet.

    " }, + "CapacitySizeConfig":{ + "type":"structure", + "required":[ + "Type", + "Value" + ], + "members":{ + "Type":{ + "shape":"NodeUnavailabilityType", + "documentation":"

    Specifies whether SageMaker should process the update by amount or percentage of instances.

    " + }, + "Value":{ + "shape":"NodeUnavailabilityValue", + "documentation":"

    Specifies the amount or percentage of instances SageMaker updates at a time.

    " + } + }, + "documentation":"

    The configuration of the size measurements of the AMI update. Using this configuration, you can specify whether SageMaker should update your instance group by an amount or percentage of instances.

    " + }, "CapacitySizeType":{ "type":"string", "enum":[ @@ -6972,10 +7517,12 @@ }, "CapacitySizeValue":{ "type":"integer", + "box":true, "min":1 }, "CapacityUnit":{ "type":"integer", + "box":true, "max":10000000, "min":0 }, @@ -7102,6 +7649,208 @@ "min":0 }, "CertifyForMarketplace":{"type":"boolean"}, + "CfnCreateTemplateProvider":{ + "type":"structure", + "required":[ + "TemplateName", + "TemplateURL" + ], + "members":{ + "TemplateName":{ + "shape":"CfnTemplateName", + "documentation":"

    A unique identifier for the template within the project.

    " + }, + "TemplateURL":{ + "shape":"CfnTemplateURL", + "documentation":"

    The Amazon S3 URL of the CloudFormation template.

    " + }, + "RoleARN":{ + "shape":"RoleArn", + "documentation":"

    The IAM role that CloudFormation assumes when creating the stack.

    " + }, + "Parameters":{ + "shape":"CfnStackCreateParameters", + "documentation":"

    An array of CloudFormation stack parameters.

    " + } + }, + "documentation":"

    The CloudFormation template provider configuration for creating infrastructure resources.

    " + }, + "CfnStackCreateParameter":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"CfnStackParameterKey", + "documentation":"

    The name of the CloudFormation parameter.

    " + }, + "Value":{ + "shape":"CfnStackParameterValue", + "documentation":"

    The value of the CloudFormation parameter.

    " + } + }, + "documentation":"

    A key-value pair that represents a parameter for the CloudFormation stack.

    " + }, + "CfnStackCreateParameters":{ + "type":"list", + "member":{"shape":"CfnStackCreateParameter"}, + "max":180, + "min":0 + }, + "CfnStackDetail":{ + "type":"structure", + "required":["StatusMessage"], + "members":{ + "Name":{ + "shape":"CfnStackName", + "documentation":"

    The name of the CloudFormation stack.

    " + }, + "Id":{ + "shape":"CfnStackId", + "documentation":"

    The unique identifier of the CloudFormation stack.

    " + }, + "StatusMessage":{ + "shape":"CfnStackStatusMessage", + "documentation":"

    A human-readable message about the stack's current status.

    " + } + }, + "documentation":"

    Details about the CloudFormation stack.

    " + }, + "CfnStackId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"(?=.{1,256}$)arn:aws[a-z\\-]*:cloudformation:[a-z0-9\\-]*:[0-9]{12}:stack/[a-zA-Z][a-zA-Z0-9-]{0,127}/.*" + }, + "CfnStackName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z][A-Za-z0-9-]{0,127}" + }, + "CfnStackParameter":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"CfnStackParameterKey", + "documentation":"

    The name of the CloudFormation parameter.

    " + }, + "Value":{ + "shape":"CfnStackParameterValue", + "documentation":"

    The value of the CloudFormation parameter.

    " + } + }, + "documentation":"

    A key-value pair representing a parameter used in the CloudFormation stack.

    " + }, + "CfnStackParameterKey":{ + "type":"string", + "max":255, + "min":1, + "pattern":".{1,255}" + }, + "CfnStackParameterValue":{ + "type":"string", + "max":4096, + "min":0, + "pattern":".{0,4096}" + }, + "CfnStackParameters":{ + "type":"list", + "member":{"shape":"CfnStackParameter"}, + "max":180, + "min":0 + }, + "CfnStackStatusMessage":{ + "type":"string", + "max":4096, + "min":1, + "pattern":".{1,4096}" + }, + "CfnStackUpdateParameter":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{ + "shape":"CfnStackParameterKey", + "documentation":"

    The name of the CloudFormation parameter.

    " + }, + "Value":{ + "shape":"CfnStackParameterValue", + "documentation":"

    The value of the CloudFormation parameter.

    " + } + }, + "documentation":"

    A key-value pair representing a parameter used in the CloudFormation stack.

    " + }, + "CfnStackUpdateParameters":{ + "type":"list", + "member":{"shape":"CfnStackUpdateParameter"}, + "max":180, + "min":0 + }, + "CfnTemplateName":{ + "type":"string", + "max":32, + "min":1, + "pattern":"(?=.{1,32}$)[a-zA-Z0-9](-*[a-zA-Z0-9])*" + }, + "CfnTemplateProviderDetail":{ + "type":"structure", + "required":[ + "TemplateName", + "TemplateURL" + ], + "members":{ + "TemplateName":{ + "shape":"CfnTemplateName", + "documentation":"

    The unique identifier of the template within the project.

    " + }, + "TemplateURL":{ + "shape":"CfnTemplateURL", + "documentation":"

    The Amazon S3 URL of the CloudFormation template.

    " + }, + "RoleARN":{ + "shape":"RoleArn", + "documentation":"

    The IAM role used by CloudFormation to create the stack.

    " + }, + "Parameters":{ + "shape":"CfnStackParameters", + "documentation":"

    An array of CloudFormation stack parameters.

    " + }, + "StackDetail":{ + "shape":"CfnStackDetail", + "documentation":"

    Information about the CloudFormation stack created by the template provider.

    " + } + }, + "documentation":"

    Details about a CloudFormation template provider configuration and associated provisioning information.

    " + }, + "CfnTemplateURL":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"(?=.{1,1024}$)(https)://([^/]+)/(.+)" + }, + "CfnUpdateTemplateProvider":{ + "type":"structure", + "required":[ + "TemplateName", + "TemplateURL" + ], + "members":{ + "TemplateName":{ + "shape":"CfnTemplateName", + "documentation":"

    The unique identifier of the template to update within the project.

    " + }, + "TemplateURL":{ + "shape":"CfnTemplateURL", + "documentation":"

    The Amazon S3 URL of the CloudFormation template.

    " + }, + "Parameters":{ + "shape":"CfnStackUpdateParameters", + "documentation":"

    An array of CloudFormation stack parameters.

    " + } + }, + "documentation":"

    Contains configuration details for updating an existing CloudFormation template provider in the project.

    " + }, "Channel":{ "type":"structure", "required":[ @@ -7164,7 +7913,8 @@ }, "IsRequired":{ "shape":"Boolean", - "documentation":"

    Indicates whether the channel is required by the algorithm.

    " + "documentation":"

    Indicates whether the channel is required by the algorithm.

    ", + "box":true }, "SupportedContentTypes":{ "shape":"ContentTypes", @@ -7241,11 +7991,13 @@ }, "SkipCheck":{ "shape":"Boolean", - "documentation":"

    This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to False, the previous baseline of the configured check type must be available.

    " + "documentation":"

    This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to False, the previous baseline of the configured check type must be available.

    ", + "box":true }, "RegisterNewBaseline":{ "shape":"Boolean", - "documentation":"

    This flag indicates if a newly calculated baseline can be accessed through step properties BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics. If it is set to False, the previous baseline of the configured check type must also be available. These can be accessed through the BaselineUsedForDriftCheckConstraints property.

    " + "documentation":"

    This flag indicates if a newly calculated baseline can be accessed through step properties BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics. If it is set to False, the previous baseline of the configured check type must also be available. These can be accessed through the BaselineUsedForDriftCheckConstraints property.

    ", + "box":true } }, "documentation":"

    The container for the metadata for the ClarifyCheck step. For more information, see the topic on ClarifyCheck step in the Amazon SageMaker Developer Guide.

    " @@ -7377,21 +8129,25 @@ }, "ClarifyLabelIndex":{ "type":"integer", + "box":true, "min":0 }, "ClarifyMaxPayloadInMB":{ "type":"integer", + "box":true, "max":25, "min":1 }, "ClarifyMaxRecordCount":{ "type":"integer", + "box":true, "min":1 }, "ClarifyMimeType":{ "type":"string", "max":255, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9+.])*" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9+.])*" }, "ClarifyProbabilityAttribute":{ "type":"string", @@ -7401,6 +8157,7 @@ }, "ClarifyProbabilityIndex":{ "type":"integer", + "box":true, "min":0 }, "ClarifyShapBaseline":{ @@ -7456,10 +8213,17 @@ }, "ClarifyShapNumberOfSamples":{ "type":"integer", + "box":true, "min":1 }, - "ClarifyShapSeed":{"type":"integer"}, - "ClarifyShapUseLogit":{"type":"boolean"}, + "ClarifyShapSeed":{ + "type":"integer", + "box":true + }, + "ClarifyShapUseLogit":{ + "type":"boolean", + "box":true + }, "ClarifyTextConfig":{ "type":"structure", "required":[ @@ -7568,39 +8332,232 @@ "type":"string", "max":36, "min":1, - "pattern":"^[a-zA-Z0-9-]+$" + "pattern":"[a-zA-Z0-9-]+" }, "ClusterArn":{ "type":"string", "max":256, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:cluster/[a-z0-9]{12}$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:cluster/[a-z0-9]{12}" + }, + "ClusterAutoScalerType":{ + "type":"string", + "enum":["Karpenter"] + }, + "ClusterAutoScalingConfig":{ + "type":"structure", + "required":["Mode"], + "members":{ + "Mode":{ + "shape":"ClusterAutoScalingMode", + "documentation":"

    Describes whether autoscaling is enabled or disabled for the cluster. Valid values are Enable and Disable.

    " + }, + "AutoScalerType":{ + "shape":"ClusterAutoScalerType", + "documentation":"

    The type of autoscaler to use. Currently supported value is Karpenter.

    " + } + }, + "documentation":"

    Specifies the autoscaling configuration for a HyperPod cluster.

    " + }, + "ClusterAutoScalingConfigOutput":{ + "type":"structure", + "required":[ + "Mode", + "Status" + ], + "members":{ + "Mode":{ + "shape":"ClusterAutoScalingMode", + "documentation":"

    Describes whether autoscaling is enabled or disabled for the cluster.

    " + }, + "AutoScalerType":{ + "shape":"ClusterAutoScalerType", + "documentation":"

    The type of autoscaler configured for the cluster.

    " + }, + "Status":{ + "shape":"ClusterAutoScalingStatus", + "documentation":"

    The current status of the autoscaling configuration. Valid values are InService, Failed, Creating, and Deleting.

    " + }, + "FailureMessage":{ + "shape":"String", + "documentation":"

    If the autoscaling status is Failed, this field contains a message describing the failure.

    " + } + }, + "documentation":"

    The autoscaling configuration and status information for a HyperPod cluster.

    " + }, + "ClusterAutoScalingMode":{ + "type":"string", + "enum":[ + "Enable", + "Disable" + ] + }, + "ClusterAutoScalingStatus":{ + "type":"string", + "enum":[ + "InService", + "Failed", + "Creating", + "Deleting" + ] }, "ClusterAvailabilityZone":{ "type":"string", - "pattern":"^[a-z]{2}-[a-z]+-\\d[a-z]$" + "pattern":"[a-z]{2}-[a-z]+-\\d[a-z]" }, "ClusterAvailabilityZoneId":{ "type":"string", - "pattern":"^[a-z]{3}\\d-az\\d$" + "pattern":"[a-z]{3}\\d-az\\d" + }, + "ClusterConfigMode":{ + "type":"string", + "enum":[ + "Enable", + "Disable" + ] }, "ClusterEbsVolumeConfig":{ "type":"structure", - "required":["VolumeSizeInGB"], "members":{ "VolumeSizeInGB":{ "shape":"ClusterEbsVolumeSizeInGB", "documentation":"

    The size in gigabytes (GB) of the additional EBS volume to be attached to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to /opt/sagemaker.

    " + }, + "VolumeKmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

    The ID of a KMS key to encrypt the Amazon EBS volume.

    " + }, + "RootVolume":{ + "shape":"Boolean", + "documentation":"

    Specifies whether the configuration is for the cluster's root or secondary Amazon EBS volume. You can specify two ClusterEbsVolumeConfig fields to configure both the root and secondary volumes. Set the value to True if you'd like to provide your own customer managed Amazon Web Services KMS key to encrypt the root volume. When True:

    • The configuration is applied to the root volume.

    • You can't specify the VolumeSizeInGB field. The size of the root volume is determined for you.

    • You must specify a KMS key ID for VolumeKmsKeyId to encrypt the root volume with your own KMS key instead of an Amazon Web Services owned KMS key.

    Otherwise, by default, the value is False, and the following applies:

    • The configuration is applied to the secondary volume, while the root volume is encrypted with an Amazon Web Services owned key.

    • You must specify the VolumeSizeInGB field.

    • You can optionally specify the VolumeKmsKeyId to encrypt the secondary volume with your own KMS key instead of an Amazon Web Services owned KMS key.

    ", + "box":true } }, "documentation":"

    Defines the configuration for attaching an additional Amazon Elastic Block Store (EBS) volume to each instance of the SageMaker HyperPod cluster instance group. To learn more, see SageMaker HyperPod release notes: June 20, 2024.

    " }, "ClusterEbsVolumeSizeInGB":{ "type":"integer", + "box":true, "max":16384, "min":1 }, + "ClusterEventDetail":{ + "type":"structure", + "required":[ + "EventId", + "ClusterArn", + "ClusterName", + "ResourceType", + "EventTime" + ], + "members":{ + "EventId":{ + "shape":"EventId", + "documentation":"

    The unique identifier (UUID) of the event.

    " + }, + "ClusterArn":{ + "shape":"ClusterArn", + "documentation":"

    The Amazon Resource Name (ARN) of the HyperPod cluster associated with the event.

    " + }, + "ClusterName":{ + "shape":"ClusterName", + "documentation":"

    The name of the HyperPod cluster associated with the event.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group associated with the event, if applicable.

    " + }, + "InstanceId":{ + "shape":"String", + "documentation":"

    The EC2 instance ID associated with the event, if applicable.

    " + }, + "ResourceType":{ + "shape":"ClusterEventResourceType", + "documentation":"

    The type of resource associated with the event. Valid values are Cluster, InstanceGroup, or Instance.

    " + }, + "EventTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the event occurred.

    " + }, + "EventDetails":{ + "shape":"EventDetails", + "documentation":"

    Additional details about the event, including event-specific metadata.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A human-readable description of the event.

    " + } + }, + "documentation":"

    Detailed information about a specific event in a HyperPod cluster.

    " + }, + "ClusterEventMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ClusterEventResourceType":{ + "type":"string", + "enum":[ + "Cluster", + "InstanceGroup", + "Instance" + ] + }, + "ClusterEventSummaries":{ + "type":"list", + "member":{"shape":"ClusterEventSummary"}, + "max":100, + "min":0 + }, + "ClusterEventSummary":{ + "type":"structure", + "required":[ + "EventId", + "ClusterArn", + "ClusterName", + "ResourceType", + "EventTime" + ], + "members":{ + "EventId":{ + "shape":"EventId", + "documentation":"

    The unique identifier (UUID) of the event.

    " + }, + "ClusterArn":{ + "shape":"ClusterArn", + "documentation":"

    The Amazon Resource Name (ARN) of the HyperPod cluster associated with the event.

    " + }, + "ClusterName":{ + "shape":"ClusterName", + "documentation":"

    The name of the HyperPod cluster associated with the event.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group associated with the event, if applicable.

    " + }, + "InstanceId":{ + "shape":"String", + "documentation":"

    The Amazon Elastic Compute Cloud (EC2) instance ID associated with the event, if applicable.

    " + }, + "ResourceType":{ + "shape":"ClusterEventResourceType", + "documentation":"

    The type of resource associated with the event. Valid values are Cluster, InstanceGroup, or Instance.

    " + }, + "EventTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the event occurred.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A brief, human-readable description of the event.

    " + } + }, + "documentation":"

    A summary of an event in a HyperPod cluster.

    " + }, "ClusterInstanceCount":{ "type":"integer", + "box":true, "max":6758, "min":0 }, @@ -7655,7 +8612,31 @@ "shape":"InstanceGroupTrainingPlanStatus", "documentation":"

    The current status of the training plan associated with this cluster instance group.

    " }, - "OverrideVpcConfig":{"shape":"VpcConfig"} + "OverrideVpcConfig":{ + "shape":"VpcConfig", + "documentation":"

    The customized Amazon VPC configuration at the instance group level that overrides the default Amazon VPC configuration of the SageMaker HyperPod cluster.

    " + }, + "ScheduledUpdateConfig":{ + "shape":"ScheduledUpdateConfig", + "documentation":"

    The configuration object of the schedule that SageMaker follows when updating the AMI.

    " + }, + "CurrentImageId":{ + "shape":"ImageId", + "documentation":"

    The ID of the Amazon Machine Image (AMI) currently in use by the instance group.

    " + }, + "DesiredImageId":{ + "shape":"ImageId", + "documentation":"

    The ID of the Amazon Machine Image (AMI) desired for the instance group.

    " + }, + "TargetStateCount":{ + "shape":"ClusterInstanceCount", + "documentation":"

    The number of nodes running a specific image ID since the last software update request.

    " + }, + "SoftwareUpdateStatus":{ + "shape":"SoftwareUpdateStatus", + "documentation":"

    Status of the last software udpate request.

    " + }, + "ActiveSoftwareUpdateConfig":{"shape":"DeploymentConfiguration"} }, "documentation":"

    Details of an instance group in a SageMaker HyperPod cluster.

    " }, @@ -7667,7 +8648,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "ClusterInstanceGroupSpecification":{ "type":"structure", @@ -7715,7 +8696,18 @@ "shape":"TrainingPlanArn", "documentation":"

    The Amazon Resource Name (ARN); of the training plan to use for this cluster instance group.

    For more information about how to reserve GPU capacity for your SageMaker HyperPod clusters using Amazon SageMaker Training Plan, see CreateTrainingPlan .

    " }, - "OverrideVpcConfig":{"shape":"VpcConfig"} + "OverrideVpcConfig":{ + "shape":"VpcConfig", + "documentation":"

    To configure multi-AZ deployments, customize the Amazon VPC configuration at the instance group level. You can specify different subnets and security groups across different AZs in the instance group specification to override a SageMaker HyperPod cluster's default Amazon VPC configuration. For more information about deploying a cluster in multiple AZs, see Setting up SageMaker HyperPod clusters across multiple AZs.

    When your Amazon VPC and subnets support IPv6, network communications differ based on the cluster orchestration platform:

    • Slurm-orchestrated clusters automatically configure nodes with dual IPv6 and IPv4 addresses, allowing immediate IPv6 network communications.

    • In Amazon EKS-orchestrated clusters, nodes receive dual-stack addressing, but pods can only use IPv6 when the Amazon EKS cluster is explicitly IPv6-enabled. For information about deploying an IPv6 Amazon EKS cluster, see Amazon EKS IPv6 Cluster Deployment.

    Additional resources for IPv6 configuration:

    " + }, + "ScheduledUpdateConfig":{ + "shape":"ScheduledUpdateConfig", + "documentation":"

    The configuration object of the schedule that SageMaker uses to update the AMI.

    " + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"

    When configuring your HyperPod cluster, you can specify an image ID using one of the following options:

    • HyperPodPublicAmiId: Use a HyperPod public AMI

    • CustomAmiId: Use your custom AMI

    • default: Use the default latest system image

    If you choose to use a custom AMI (CustomAmiId), ensure it meets the following requirements:

    • Encryption: The custom AMI must be unencrypted.

    • Ownership: The custom AMI must be owned by the same Amazon Web Services account that is creating the HyperPod cluster.

    • Volume support: Only the primary AMI snapshot volume is supported; additional AMI volumes are not supported.

    When updating the instance group's AMI through the UpdateClusterSoftware operation, if an instance group uses a custom AMI, you must provide an ImageId or use the default as input. Note that if you don't specify an instance group in your UpdateClusterSoftware request, then all of the instance groups are patched with the specified image.

    " + } }, "documentation":"

    The specifications of an instance group that you need to define.

    " }, @@ -7725,6 +8717,18 @@ "max":100, "min":1 }, + "ClusterInstanceGroupsToDelete":{ + "type":"list", + "member":{"shape":"ClusterInstanceGroupName"}, + "max":100, + "min":0 + }, + "ClusterInstanceMemoryAllocationPercentage":{ + "type":"integer", + "box":true, + "max":100, + "min":0 + }, "ClusterInstancePlacement":{ "type":"structure", "members":{ @@ -7747,7 +8751,8 @@ "Pending", "ShuttingDown", "SystemUpdating", - "DeepHealthCheckInProgress" + "DeepHealthCheckInProgress", + "NotFound" ] }, "ClusterInstanceStatusDetails":{ @@ -7779,7 +8784,8 @@ "ClusterInstanceStorageConfigs":{ "type":"list", "member":{"shape":"ClusterInstanceStorageConfig"}, - "max":1 + "max":2, + "min":0 }, "ClusterInstanceType":{ "type":"string", @@ -7787,6 +8793,7 @@ "ml.p4d.24xlarge", "ml.p4de.24xlarge", "ml.p5.48xlarge", + "ml.p6e-gb200.36xlarge", "ml.trn1.32xlarge", "ml.trn1n.32xlarge", "ml.g5.xlarge", @@ -7842,6 +8849,8 @@ "ml.g6e.48xlarge", "ml.p5e.48xlarge", "ml.p5en.48xlarge", + "ml.p6-b200.48xlarge", + "ml.trn2.3xlarge", "ml.trn2.48xlarge", "ml.c6i.large", "ml.c6i.xlarge", @@ -7869,7 +8878,32 @@ "ml.r6i.12xlarge", "ml.r6i.16xlarge", "ml.r6i.24xlarge", - "ml.r6i.32xlarge" + "ml.r6i.32xlarge", + "ml.i3en.large", + "ml.i3en.xlarge", + "ml.i3en.2xlarge", + "ml.i3en.3xlarge", + "ml.i3en.6xlarge", + "ml.i3en.12xlarge", + "ml.i3en.24xlarge", + "ml.m7i.large", + "ml.m7i.xlarge", + "ml.m7i.2xlarge", + "ml.m7i.4xlarge", + "ml.m7i.8xlarge", + "ml.m7i.12xlarge", + "ml.m7i.16xlarge", + "ml.m7i.24xlarge", + "ml.m7i.48xlarge", + "ml.r7i.large", + "ml.r7i.xlarge", + "ml.r7i.2xlarge", + "ml.r7i.4xlarge", + "ml.r7i.8xlarge", + "ml.r7i.12xlarge", + "ml.r7i.16xlarge", + "ml.r7i.24xlarge", + "ml.r7i.48xlarge" ] }, "ClusterLifeCycleConfig":{ @@ -7894,18 +8928,37 @@ "type":"string", "max":128, "min":1, - "pattern":"^[\\S\\s]+$" + "pattern":"[\\S\\s]+" + }, + "ClusterMetadata":{ + "type":"structure", + "members":{ + "FailureMessage":{ + "shape":"String", + "documentation":"

    An error message describing why the cluster level operation (such as creating, updating, or deleting) failed.

    " + }, + "EksRoleAccessEntries":{ + "shape":"EksRoleAccessEntries", + "documentation":"

    A list of Amazon EKS IAM role ARNs associated with the cluster. This is created by HyperPod on your behalf and only applies for EKS orchestrated clusters.

    " + }, + "SlrAccessEntry":{ + "shape":"String", + "documentation":"

    The Service-Linked Role (SLR) associated with the cluster. This is created by HyperPod on your behalf and only applies for EKS orchestrated clusters.

    " + } + }, + "documentation":"

    Metadata information about a HyperPod cluster showing information about the cluster level operations, such as creating, updating, and deleting.

    " }, "ClusterName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "ClusterNameOrArn":{ "type":"string", "max":256, - "pattern":"^(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:cluster/[a-z0-9]{12})|([a-zA-Z0-9](-*[a-zA-Z0-9]){0,62})$" + "min":0, + "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:cluster/[a-z0-9]{12})|([a-zA-Z0-9](-*[a-zA-Z0-9]){0,62})" }, "ClusterNodeDetails":{ "type":"structure", @@ -7918,6 +8971,10 @@ "shape":"String", "documentation":"

    The ID of the instance.

    " }, + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"

    A unique identifier for the node that persists throughout its lifecycle, from provisioning request to termination. This identifier can be used to track the node even before it has an assigned InstanceId.

    " + }, "InstanceStatus":{ "shape":"ClusterInstanceStatusDetails", "documentation":"

    The status of the instance.

    " @@ -7930,11 +8987,18 @@ "shape":"Timestamp", "documentation":"

    The time when the instance is launched.

    " }, + "LastSoftwareUpdateTime":{ + "shape":"Timestamp", + "documentation":"

    The time when the cluster was last updated.

    " + }, "LifeCycleConfig":{ "shape":"ClusterLifeCycleConfig", "documentation":"

    The LifeCycle configuration applied to the instance.

    " }, - "OverrideVpcConfig":{"shape":"VpcConfig"}, + "OverrideVpcConfig":{ + "shape":"VpcConfig", + "documentation":"

    The customized Amazon VPC configuration at the instance group level that overrides the default Amazon VPC configuration of the SageMaker HyperPod cluster.

    " + }, "ThreadsPerCore":{ "shape":"ClusterThreadsPerCore", "documentation":"

    The number of threads per CPU core you specified under CreateCluster.

    " @@ -7949,7 +9013,7 @@ }, "PrivatePrimaryIpv6":{ "shape":"ClusterPrivatePrimaryIpv6", - "documentation":"

    The private primary IPv6 address of the SageMaker HyperPod cluster node.

    " + "documentation":"

    The private primary IPv6 address of the SageMaker HyperPod cluster node when configured with an Amazon VPC that supports IPv6 and includes subnets with IPv6 addressing enabled in either the cluster Amazon VPC configuration or the instance group Amazon VPC configuration.

    " }, "PrivateDnsHostname":{ "shape":"ClusterPrivateDnsHostname", @@ -7958,6 +9022,18 @@ "Placement":{ "shape":"ClusterInstancePlacement", "documentation":"

    The placement details of the SageMaker HyperPod cluster node.

    " + }, + "CurrentImageId":{ + "shape":"ImageId", + "documentation":"

    The ID of the Amazon Machine Image (AMI) currently in use by the node.

    " + }, + "DesiredImageId":{ + "shape":"ImageId", + "documentation":"

    The ID of the Amazon Machine Image (AMI) desired for the node.

    " + }, + "UltraServerInfo":{ + "shape":"UltraServerInfo", + "documentation":"

    Contains information about the UltraServer.

    " } }, "documentation":"

    Details of an instance (also called a node interchangeably) in a SageMaker HyperPod cluster.

    " @@ -7966,14 +9042,30 @@ "type":"string", "max":256, "min":1, - "pattern":"^i-[a-f0-9]{8}(?:[a-f0-9]{9})?$" + "pattern":"i-[a-f0-9]{8}(?:[a-f0-9]{9})?" }, "ClusterNodeIds":{ "type":"list", "member":{"shape":"ClusterNodeId"}, + "max":3000, + "min":1 + }, + "ClusterNodeLogicalId":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9]" + }, + "ClusterNodeLogicalIdList":{ + "type":"list", + "member":{"shape":"ClusterNodeLogicalId"}, "max":99, "min":1 }, + "ClusterNodeProvisioningMode":{ + "type":"string", + "enum":["Continuous"] + }, "ClusterNodeRecovery":{ "type":"string", "enum":[ @@ -8003,6 +9095,10 @@ "shape":"String", "documentation":"

    The ID of the instance.

    " }, + "NodeLogicalId":{ + "shape":"String", + "documentation":"

    A unique identifier for the node that persists throughout its lifecycle, from provisioning request to termination. This identifier can be used to track the node even before it has an assigned InstanceId. This field is only included when IncludeNodeLogicalIds is set to True in the ListClusterNodes request.

    " + }, "InstanceType":{ "shape":"ClusterInstanceType", "documentation":"

    The type of the instance.

    " @@ -8011,15 +9107,24 @@ "shape":"Timestamp", "documentation":"

    The time when the instance is launched.

    " }, + "LastSoftwareUpdateTime":{ + "shape":"Timestamp", + "documentation":"

    The time when SageMaker last updated the software of the instances in the cluster.

    " + }, "InstanceStatus":{ "shape":"ClusterInstanceStatusDetails", "documentation":"

    The status of the instance.

    " + }, + "UltraServerInfo":{ + "shape":"UltraServerInfo", + "documentation":"

    Contains information about the UltraServer.

    " } }, "documentation":"

    Lists a summary of the properties of an instance (also called a node interchangeably) of a SageMaker HyperPod cluster.

    " }, "ClusterNonNegativeInstanceCount":{ "type":"integer", + "box":true, "min":0 }, "ClusterOrchestrator":{ @@ -8046,22 +9151,141 @@ }, "ClusterPrivateDnsHostname":{ "type":"string", - "pattern":"^ip-((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)-?\\b){4}\\..*$" + "pattern":"ip-((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)-?\\b){4}\\..*" }, "ClusterPrivatePrimaryIp":{ "type":"string", - "pattern":"^((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$" + "pattern":"((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}" }, "ClusterPrivatePrimaryIpv6":{"type":"string"}, + "ClusterRestrictedInstanceGroupDetails":{ + "type":"structure", + "members":{ + "CurrentCount":{ + "shape":"ClusterNonNegativeInstanceCount", + "documentation":"

    The number of instances that are currently in the restricted instance group of a SageMaker HyperPod cluster.

    " + }, + "TargetCount":{ + "shape":"ClusterInstanceCount", + "documentation":"

    The number of instances you specified to add to the restricted instance group of a SageMaker HyperPod cluster.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the restricted instance group of a SageMaker HyperPod cluster.

    " + }, + "InstanceType":{ + "shape":"ClusterInstanceType", + "documentation":"

    The instance type of the restricted instance group of a SageMaker HyperPod cluster.

    " + }, + "ExecutionRole":{ + "shape":"RoleArn", + "documentation":"

    The execution role for the restricted instance group to assume.

    " + }, + "ThreadsPerCore":{ + "shape":"ClusterThreadsPerCore", + "documentation":"

    The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading. For more information, see the reference table of CPU cores and threads per CPU core per instance type in the Amazon Elastic Compute Cloud User Guide.

    " + }, + "InstanceStorageConfigs":{ + "shape":"ClusterInstanceStorageConfigs", + "documentation":"

    The additional storage configurations for the instances in the SageMaker HyperPod cluster restricted instance group.

    " + }, + "OnStartDeepHealthChecks":{ + "shape":"OnStartDeepHealthChecks", + "documentation":"

    A flag indicating whether deep health checks should be performed when the cluster's restricted instance group is created or updated.

    " + }, + "Status":{ + "shape":"InstanceGroupStatus", + "documentation":"

    The current status of the cluster's restricted instance group.

    • InService: The restricted instance group is active and healthy.

    • Creating: The restricted instance group is being provisioned.

    • Updating: The restricted instance group is being updated.

    • Failed: The restricted instance group has failed to provision or is no longer healthy.

    • Degraded: The restricted instance group is degraded, meaning that some instances have failed to provision or are no longer healthy.

    • Deleting: The restricted instance group is being deleted.

    " + }, + "TrainingPlanArn":{ + "shape":"TrainingPlanArn", + "documentation":"

    The Amazon Resource Name (ARN) of the training plan to filter clusters by. For more information about reserving GPU capacity for your SageMaker HyperPod clusters using Amazon SageMaker Training Plan, see CreateTrainingPlan .

    " + }, + "TrainingPlanStatus":{ + "shape":"InstanceGroupTrainingPlanStatus", + "documentation":"

    The current status of the training plan associated with this cluster restricted instance group.

    " + }, + "OverrideVpcConfig":{"shape":"VpcConfig"}, + "ScheduledUpdateConfig":{"shape":"ScheduledUpdateConfig"}, + "EnvironmentConfig":{ + "shape":"EnvironmentConfigDetails", + "documentation":"

    The configuration for the restricted instance groups (RIG) environment.

    " + } + }, + "documentation":"

    The instance group details of the restricted instance group (RIG).

    " + }, + "ClusterRestrictedInstanceGroupDetailsList":{ + "type":"list", + "member":{"shape":"ClusterRestrictedInstanceGroupDetails"} + }, + "ClusterRestrictedInstanceGroupSpecification":{ + "type":"structure", + "required":[ + "InstanceCount", + "InstanceGroupName", + "InstanceType", + "ExecutionRole", + "EnvironmentConfig" + ], + "members":{ + "InstanceCount":{ + "shape":"ClusterInstanceCount", + "documentation":"

    Specifies the number of instances to add to the restricted instance group of a SageMaker HyperPod cluster.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    Specifies the name of the restricted instance group.

    " + }, + "InstanceType":{ + "shape":"ClusterInstanceType", + "documentation":"

    Specifies the instance type of the restricted instance group.

    " + }, + "ExecutionRole":{ + "shape":"RoleArn", + "documentation":"

    Specifies an IAM execution role to be assumed by the restricted instance group.

    " + }, + "ThreadsPerCore":{ + "shape":"ClusterThreadsPerCore", + "documentation":"

    The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading. For more information, see the reference table of CPU cores and threads per CPU core per instance type in the Amazon Elastic Compute Cloud User Guide.

    " + }, + "InstanceStorageConfigs":{ + "shape":"ClusterInstanceStorageConfigs", + "documentation":"

    Specifies the additional storage configurations for the instances in the SageMaker HyperPod cluster restricted instance group.

    " + }, + "OnStartDeepHealthChecks":{ + "shape":"OnStartDeepHealthChecks", + "documentation":"

    A flag indicating whether deep health checks should be performed when the cluster restricted instance group is created or updated.

    " + }, + "TrainingPlanArn":{ + "shape":"TrainingPlanArn", + "documentation":"

    The Amazon Resource Name (ARN) of the training plan to filter clusters by. For more information about reserving GPU capacity for your SageMaker HyperPod clusters using Amazon SageMaker Training Plan, see CreateTrainingPlan .

    " + }, + "OverrideVpcConfig":{"shape":"VpcConfig"}, + "ScheduledUpdateConfig":{"shape":"ScheduledUpdateConfig"}, + "EnvironmentConfig":{ + "shape":"EnvironmentConfig", + "documentation":"

    The configuration for the restricted instance groups (RIG) environment.

    " + } + }, + "documentation":"

    The specifications of a restricted instance group that you need to define.

    " + }, + "ClusterRestrictedInstanceGroupSpecifications":{ + "type":"list", + "member":{"shape":"ClusterRestrictedInstanceGroupSpecification"}, + "max":100, + "min":1 + }, "ClusterSchedulerConfigArn":{ "type":"string", "max":256, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:cluster-scheduler-config/[a-z0-9]{12}$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:cluster-scheduler-config/[a-z0-9]{12}" }, "ClusterSchedulerConfigId":{ "type":"string", "max":12, - "pattern":"^[a-z0-9]{12}$" + "min":0, + "pattern":"[a-z0-9]{12}" }, "ClusterSchedulerConfigSummary":{ "type":"structure", @@ -8083,7 +9307,8 @@ }, "ClusterSchedulerConfigVersion":{ "shape":"Integer", - "documentation":"

    Version of the cluster policy.

    " + "documentation":"

    Version of the cluster policy.

    ", + "box":true }, "Name":{ "shape":"EntityName", @@ -8116,7 +9341,7 @@ }, "ClusterSchedulerPriorityClassName":{ "type":"string", - "pattern":"^[a-z0-9]([-a-z0-9]*[a-z0-9]){0,39}?$" + "pattern":"[a-z0-9]([-a-z0-9]*[a-z0-9]){0,39}?" }, "ClusterSortBy":{ "type":"string", @@ -8175,9 +9400,25 @@ }, "ClusterThreadsPerCore":{ "type":"integer", + "box":true, "max":2, "min":1 }, + "ClusterTieredStorageConfig":{ + "type":"structure", + "required":["Mode"], + "members":{ + "Mode":{ + "shape":"ClusterConfigMode", + "documentation":"

    Specifies whether managed tier checkpointing is enabled or disabled for the HyperPod cluster. When set to Enable, the system installs a memory management daemon that provides disaggregated memory as a service for checkpoint storage. When set to Disable, the feature is turned off and the memory management daemon is removed from the cluster.

    " + }, + "InstanceMemoryAllocationPercentage":{ + "shape":"ClusterInstanceMemoryAllocationPercentage", + "documentation":"

    The percentage (int) of cluster memory to allocate for checkpointing.

    " + } + }, + "documentation":"

    Defines the configuration for managed tier checkpointing in a HyperPod cluster. Managed tier checkpointing uses multiple storage tiers, including cluster CPU memory, to provide faster checkpoint operations and improved fault tolerance for large-scale model training. The system automatically saves checkpoints at high frequency to memory and periodically persists them to durable storage, like Amazon S3.

    " + }, "CodeEditorAppImageConfig":{ "type":"structure", "members":{ @@ -8212,7 +9453,8 @@ "CodeRepositories":{ "type":"list", "member":{"shape":"CodeRepository"}, - "max":10 + "max":10, + "min":0 }, "CodeRepository":{ "type":"structure", @@ -8229,23 +9471,25 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:code-repository/[\\S]{1,2048}$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:code-repository/[\\S]{1,2048}" }, "CodeRepositoryContains":{ "type":"string", "max":1024, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "CodeRepositoryNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "CodeRepositoryNameOrUrl":{ "type":"string", "max":1024, "min":1, - "pattern":"^https://([^/]+)/?(.*)$|^[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "pattern":"https://([^/]+)/?(.*)$|^[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "CodeRepositorySortBy":{ "type":"string", @@ -8406,6 +9650,7 @@ "CompilationJobArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:compilation-job/.*" }, "CompilationJobStatus":{ @@ -8506,7 +9751,8 @@ "ComputeQuotaArn":{ "type":"string", "max":2048, - "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:compute-quota/[a-z0-9]{12}$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:compute-quota/[a-z0-9]{12}" }, "ComputeQuotaConfig":{ "type":"structure", @@ -8528,14 +9774,11 @@ }, "ComputeQuotaId":{ "type":"string", - "pattern":"^[a-z0-9]{12}$" + "pattern":"[a-z0-9]{12}" }, "ComputeQuotaResourceConfig":{ "type":"structure", - "required":[ - "InstanceType", - "Count" - ], + "required":["InstanceType"], "members":{ "InstanceType":{ "shape":"ClusterInstanceType", @@ -8544,6 +9787,18 @@ "Count":{ "shape":"InstanceCount", "documentation":"

    The number of instances to add to the instance group of a SageMaker HyperPod cluster.

    " + }, + "Accelerators":{ + "shape":"AcceleratorsAmount", + "documentation":"

    The number of accelerators to allocate. If you don't specify a value for vCPU and MemoryInGiB, SageMaker AI automatically allocates ratio-based values for those parameters based on the number of accelerators you provide. For example, if you allocate 16 out of 32 total accelerators, SageMaker AI uses the ratio of 0.5 and allocates values to vCPU and MemoryInGiB.

    " + }, + "VCpu":{ + "shape":"VCpuAmount", + "documentation":"

    The number of vCPU to allocate. If you specify a value only for vCPU, SageMaker AI automatically allocates ratio-based values for MemoryInGiB based on this vCPU parameter. For example, if you allocate 20 out of 40 total vCPU, SageMaker AI uses the ratio of 0.5 and allocates values to MemoryInGiB. Accelerators are set to 0.

    " + }, + "MemoryInGiB":{ + "shape":"MemoryInGiBAmount", + "documentation":"

    The amount of memory in GiB to allocate. If you specify a value only for this parameter, SageMaker AI automatically allocates a ratio-based value for vCPU based on this memory that you provide. For example, if you allocate 200 out of 400 total memory in GiB, SageMaker AI uses the ratio of 0.5 and allocates values to vCPU. Accelerators are set to 0.

    " } }, "documentation":"

    Configuration of the resources used for the compute allocation definition.

    " @@ -8579,7 +9834,8 @@ }, "ComputeQuotaVersion":{ "shape":"Integer", - "documentation":"

    Version of the compute allocation definition.

    " + "documentation":"

    Version of the compute allocation definition.

    ", + "box":true }, "Status":{ "shape":"SchedulerResourceStatus", @@ -8635,7 +9891,7 @@ }, "ComputeQuotaTargetTeamName":{ "type":"string", - "pattern":"^[a-z0-9]([-a-z0-9]*[a-z0-9]){0,39}?$" + "pattern":"[a-z0-9]([-a-z0-9]*[a-z0-9]){0,39}?" }, "ConditionOutcome":{ "type":"string", @@ -8663,8 +9919,14 @@ "ConfigValue":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, + "ConfiguredSpareInstanceCount":{ + "type":"integer", + "box":true, + "min":0 + }, "ConflictException":{ "type":"structure", "members":{ @@ -8676,6 +9938,7 @@ "ContainerArgument":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ContainerArguments":{ @@ -8755,7 +10018,8 @@ "ContainerDefinitionList":{ "type":"list", "member":{"shape":"ContainerDefinition"}, - "max":15 + "max":15, + "min":0 }, "ContainerEntrypoint":{ "type":"list", @@ -8766,16 +10030,19 @@ "ContainerEntrypointString":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ContainerHostname":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "ContainerImage":{ "type":"string", "max":255, + "min":0, "pattern":"[\\S]+" }, "ContainerMode":{ @@ -8795,7 +10062,8 @@ "ContentClassifiers":{ "type":"list", "member":{"shape":"ContentClassifier"}, - "max":256 + "max":256, + "min":0 }, "ContentColumn":{ "type":"string", @@ -8805,11 +10073,13 @@ "ContentDigest":{ "type":"string", "max":72, - "pattern":"^[Ss][Hh][Aa]256:[0-9a-fA-F]{64}$" + "min":0, + "pattern":"[Ss][Hh][Aa]256:[0-9a-fA-F]{64}" }, "ContentType":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ContentTypes":{ @@ -8819,13 +10089,14 @@ "ContextArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:context/.*" }, "ContextName":{ "type":"string", "max":120, "min":1, - "pattern":"^[a-zA-Z0-9]([-_]*[a-zA-Z0-9]){0,119}" + "pattern":"[a-zA-Z0-9]([-_]*[a-zA-Z0-9]){0,119}" }, "ContextNameOrArn":{ "type":"string", @@ -9030,7 +10301,8 @@ }, "CertifyForMarketplace":{ "shape":"CertifyForMarketplace", - "documentation":"

    Whether to certify the algorithm so that it can be listed in Amazon Web Services Marketplace.

    " + "documentation":"

    Whether to certify the algorithm so that it can be listed in Amazon Web Services Marketplace.

    ", + "box":true }, "Tags":{ "shape":"TagList", @@ -9118,6 +10390,11 @@ "ResourceSpec":{ "shape":"ResourceSpec", "documentation":"

    The instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance.

    The value of InstanceType passed as part of the ResourceSpec in the CreateApp call overrides the value passed as part of the ResourceSpec configured for the user profile or the domain. If InstanceType is not specified in any of those three ResourceSpec values for a KernelGateway app, the CreateApp call fails with a request validation error.

    " + }, + "RecoveryMode":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the application is launched in recovery mode.

    ", + "box":true } } }, @@ -9208,7 +10485,8 @@ }, "GenerateCandidateDefinitionsOnly":{ "shape":"GenerateCandidateDefinitionsOnly", - "documentation":"

    Generates possible candidates without training the models. A candidate is a combination of data preprocessors, algorithms, and algorithm parameter settings.

    " + "documentation":"

    Generates possible candidates without training the models. A candidate is a combination of data preprocessors, algorithms, and algorithm parameter settings.

    ", + "box":true }, "Tags":{ "shape":"TagList", @@ -9298,10 +10576,7 @@ }, "CreateClusterRequest":{ "type":"structure", - "required":[ - "ClusterName", - "InstanceGroups" - ], + "required":["ClusterName"], "members":{ "ClusterName":{ "shape":"ClusterName", @@ -9311,18 +10586,41 @@ "shape":"ClusterInstanceGroupSpecifications", "documentation":"

    The instance groups to be created in the SageMaker HyperPod cluster.

    " }, - "VpcConfig":{"shape":"VpcConfig"}, + "RestrictedInstanceGroups":{ + "shape":"ClusterRestrictedInstanceGroupSpecifications", + "documentation":"

    The specialized instance groups for training models like Amazon Nova to be created in the SageMaker HyperPod cluster.

    " + }, + "VpcConfig":{ + "shape":"VpcConfig", + "documentation":"

    Specifies the Amazon Virtual Private Cloud (VPC) that is associated with the Amazon SageMaker HyperPod cluster. You can control access to and from your resources by configuring your VPC. For more information, see Give SageMaker access to resources in your Amazon VPC.

    When your Amazon VPC and subnets support IPv6, network communications differ based on the cluster orchestration platform:

    • Slurm-orchestrated clusters automatically configure nodes with dual IPv6 and IPv4 addresses, allowing immediate IPv6 network communications.

    • In Amazon EKS-orchestrated clusters, nodes receive dual-stack addressing, but pods can only use IPv6 when the Amazon EKS cluster is explicitly IPv6-enabled. For information about deploying an IPv6 Amazon EKS cluster, see Amazon EKS IPv6 Cluster Deployment.

    Additional resources for IPv6 configuration:

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    Custom tags for managing the SageMaker HyperPod cluster as an Amazon Web Services resource. You can add tags to your cluster in the same way you add them in other Amazon Web Services services that support tagging. To learn more about tagging Amazon Web Services resources in general, see Tagging Amazon Web Services Resources User Guide.

    " }, "Orchestrator":{ "shape":"ClusterOrchestrator", - "documentation":"

    The type of orchestrator to use for the SageMaker HyperPod cluster. Currently, the only supported value is \"eks\", which is to use an Amazon Elastic Kubernetes Service (EKS) cluster as the orchestrator.

    " + "documentation":"

    The type of orchestrator to use for the SageMaker HyperPod cluster. Currently, the only supported value is \"eks\", which is to use an Amazon Elastic Kubernetes Service cluster as the orchestrator.

    " }, "NodeRecovery":{ "shape":"ClusterNodeRecovery", "documentation":"

    The node recovery mode for the SageMaker HyperPod cluster. When set to Automatic, SageMaker HyperPod will automatically reboot or replace faulty nodes when issues are detected. When set to None, cluster administrators will need to manually manage any faulty cluster instances.

    " + }, + "TieredStorageConfig":{ + "shape":"ClusterTieredStorageConfig", + "documentation":"

    The configuration for managed tier checkpointing on the HyperPod cluster. When enabled, this feature uses a multi-tier storage approach for storing model checkpoints, providing faster checkpoint operations and improved fault tolerance across cluster nodes.

    " + }, + "NodeProvisioningMode":{ + "shape":"ClusterNodeProvisioningMode", + "documentation":"

    The mode for provisioning nodes in the cluster. You can specify the following modes:

    • Continuous: Scaling behavior that enables 1) concurrent operation execution within instance groups, 2) continuous retry mechanisms for failed operations, 3) enhanced customer visibility into cluster events through detailed event streams, 4) partial provisioning capabilities. Your clusters and instance groups remain InService while scaling. This mode is only supported for EKS orchestrated clusters.

    " + }, + "ClusterRole":{ + "shape":"RoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that HyperPod assumes to perform cluster autoscaling operations. This role must have permissions for sagemaker:BatchAddClusterNodes and sagemaker:BatchDeleteClusterNodes. This is only required when autoscaling is enabled and when HyperPod is performing autoscaling operations.

    " + }, + "AutoScaling":{ + "shape":"ClusterAutoScalingConfig", + "documentation":"

    The autoscaling configuration for the cluster. Enables automatic scaling of cluster nodes based on workload demand using a Karpenter-based system.

    " } } }, @@ -9658,9 +10956,7 @@ "required":[ "DomainName", "AuthMode", - "DefaultUserSettings", - "SubnetIds", - "VpcId" + "DefaultUserSettings" ], "members":{ "DomainName":{ @@ -9681,11 +10977,11 @@ }, "SubnetIds":{ "shape":"Subnets", - "documentation":"

    The VPC subnets that the domain uses for communication.

    " + "documentation":"

    The VPC subnets that the domain uses for communication.

    The field is optional when the AppNetworkAccessType parameter is set to PublicInternetOnly for domains created from Amazon SageMaker Unified Studio.

    " }, "VpcId":{ "shape":"VpcId", - "documentation":"

    The ID of the Amazon Virtual Private Cloud (VPC) that the domain uses for communication.

    " + "documentation":"

    The ID of the Amazon Virtual Private Cloud (VPC) that the domain uses for communication.

    The field is optional when the AppNetworkAccessType parameter is set to PublicInternetOnly for domains created from Amazon SageMaker Unified Studio.

    " }, "Tags":{ "shape":"TagList", @@ -9726,6 +11022,10 @@ "shape":"DomainArn", "documentation":"

    The Amazon Resource Name (ARN) of the created domain.

    " }, + "DomainId":{ + "shape":"DomainId", + "documentation":"

    The ID of the created domain.

    " + }, "Url":{ "shape":"String1024", "documentation":"

    The URL to the created domain.

    " @@ -9877,7 +11177,8 @@ "VpcConfig":{"shape":"VpcConfig"}, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Sets whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.

    " + "documentation":"

    Sets whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.

    ", + "box":true } } }, @@ -10060,6 +11361,58 @@ } } }, + "CreateHubContentPresignedUrlsRequest":{ + "type":"structure", + "required":[ + "HubName", + "HubContentType", + "HubContentName" + ], + "members":{ + "HubName":{ + "shape":"HubNameOrArn", + "documentation":"

    The name or Amazon Resource Name (ARN) of the hub that contains the content. For public content, use SageMakerPublicHub.

    " + }, + "HubContentType":{ + "shape":"HubContentType", + "documentation":"

    The type of hub content to access. Valid values include Model, Notebook, and ModelReference.

    " + }, + "HubContentName":{ + "shape":"HubContentName", + "documentation":"

    The name of the hub content for which to generate presigned URLs. This identifies the specific model or content within the hub.

    " + }, + "HubContentVersion":{ + "shape":"HubContentVersion", + "documentation":"

    The version of the hub content. If not specified, the latest version is used.

    " + }, + "AccessConfig":{ + "shape":"PresignedUrlAccessConfig", + "documentation":"

    Configuration settings for accessing the hub content, including end-user license agreement acceptance for gated models and expected S3 URL validation.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of presigned URLs to return in the response. Default value is 100. Large models may contain hundreds of files, requiring pagination to retrieve all URLs.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token for pagination. Use this token to retrieve the next set of presigned URLs when the response is truncated.

    " + } + } + }, + "CreateHubContentPresignedUrlsResponse":{ + "type":"structure", + "required":["AuthorizedUrlConfigs"], + "members":{ + "AuthorizedUrlConfigs":{ + "shape":"AuthorizedUrlConfigs", + "documentation":"

    An array of authorized URL configurations, each containing a presigned URL and its corresponding local file path for proper file organization during download.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token for pagination. If present, indicates that more presigned URLs are available. Use this token in a subsequent request to retrieve additional URLs.

    " + } + } + }, "CreateHubContentReferenceRequest":{ "type":"structure", "required":[ @@ -10309,7 +11662,8 @@ }, "Horovod":{ "shape":"Horovod", - "documentation":"

    Indicates Horovod compatibility.

    " + "documentation":"

    Indicates Horovod compatibility.

    ", + "box":true }, "ReleaseNotes":{ "shape":"ReleaseNotes", @@ -10507,7 +11861,7 @@ }, "LabelAttributeName":{ "shape":"LabelAttributeName", - "documentation":"

    The attribute name to use for the label in the output manifest file. This is the key for the key/value pair formed with the label that a worker assigns to the object. The LabelAttributeName must meet the following requirements.

    • The name can't end with \"-metadata\".

    • If you are using one of the following built-in task types, the attribute name must end with \"-ref\". If the task type you are using is not listed below, the attribute name must not end with \"-ref\".

      • Image semantic segmentation (SemanticSegmentation), and adjustment (AdjustmentSemanticSegmentation) and verification (VerificationSemanticSegmentation) labeling jobs for this task type.

      • Video frame object detection (VideoObjectDetection), and adjustment and verification (AdjustmentVideoObjectDetection) labeling jobs for this task type.

      • Video frame object tracking (VideoObjectTracking), and adjustment and verification (AdjustmentVideoObjectTracking) labeling jobs for this task type.

      • 3D point cloud semantic segmentation (3DPointCloudSemanticSegmentation), and adjustment and verification (Adjustment3DPointCloudSemanticSegmentation) labeling jobs for this task type.

      • 3D point cloud object tracking (3DPointCloudObjectTracking), and adjustment and verification (Adjustment3DPointCloudObjectTracking) labeling jobs for this task type.

    If you are creating an adjustment or verification labeling job, you must use a different LabelAttributeName than the one used in the original labeling job. The original labeling job is the Ground Truth labeling job that produced the labels that you want verified or adjusted. To learn more about adjustment and verification labeling jobs, see Verify and Adjust Labels.

    " + "documentation":"

    The attribute name to use for the label in the output manifest file. This is the key for the key/value pair formed with the label that a worker assigns to the object. The LabelAttributeName must meet the following requirements.

    • The name can't end with \"-metadata\".

    • If you are using one of the built-in task types or one of the following, the attribute name must end with \"-ref\".

      • Image semantic segmentation (SemanticSegmentation) and adjustment (AdjustmentSemanticSegmentation) labeling jobs for this task type. One exception is that verification (VerificationSemanticSegmentation) must not end with -\"ref\".

      • Video frame object detection (VideoObjectDetection), and adjustment and verification (AdjustmentVideoObjectDetection) labeling jobs for this task type.

      • Video frame object tracking (VideoObjectTracking), and adjustment and verification (AdjustmentVideoObjectTracking) labeling jobs for this task type.

      • 3D point cloud semantic segmentation (3DPointCloudSemanticSegmentation), and adjustment and verification (Adjustment3DPointCloudSemanticSegmentation) labeling jobs for this task type.

      • 3D point cloud object tracking (3DPointCloudObjectTracking), and adjustment and verification (Adjustment3DPointCloudObjectTracking) labeling jobs for this task type.

    If you are creating an adjustment or verification labeling job, you must use a different LabelAttributeName than the one used in the original labeling job. The original labeling job is the Ground Truth labeling job that produced the labels that you want verified or adjusted. To learn more about adjustment and verification labeling jobs, see Verify and Adjust Labels.

    " }, "InputConfig":{ "shape":"LabelingJobInputConfig", @@ -10583,7 +11937,8 @@ }, "AutomaticModelRegistration":{ "shape":"Boolean", - "documentation":"

    Whether to enable or disable automatic registration of new MLflow models to the SageMaker Model Registry. To enable automatic model registration, set this value to True. To disable automatic model registration, set this value to False. If not specified, AutomaticModelRegistration defaults to False.

    " + "documentation":"

    Whether to enable or disable automatic registration of new MLflow models to the SageMaker Model Registry. To enable automatic model registration, set this value to True. To disable automatic model registration, set this value to False. If not specified, AutomaticModelRegistration defaults to False.

    ", + "box":true }, "WeeklyMaintenanceWindowStart":{ "shape":"WeeklyMaintenanceWindowStart", @@ -10672,7 +12027,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card to export. If a version is not provided, then the latest version of the model card is exported.

    " + "documentation":"

    The version of the model card to export. If a version is not provided, then the latest version of the model card is exported.

    ", + "box":true }, "ModelCardExportJobName":{ "shape":"EntityName", @@ -10822,7 +12178,8 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Isolates the model container. No inbound or outbound network calls can be made to or from the model container.

    " + "documentation":"

    Isolates the model container. No inbound or outbound network calls can be made to or from the model container.

    ", + "box":true } } }, @@ -10893,7 +12250,8 @@ }, "CertifyForMarketplace":{ "shape":"CertifyForMarketplace", - "documentation":"

    Whether to certify the model package for listing on Amazon Web Services Marketplace.

    This parameter is optional for unversioned models, and does not apply to versioned models.

    " + "documentation":"

    Whether to certify the model package for listing on Amazon Web Services Marketplace.

    This parameter is optional for unversioned models, and does not apply to versioned models.

    ", + "box":true }, "Tags":{ "shape":"TagList", @@ -11078,6 +12436,10 @@ "shape":"SecurityGroupIds", "documentation":"

    The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.

    " }, + "IpAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type for the notebook instance. Specify ipv4 for IPv4-only connectivity or dualstack for both IPv4 and IPv6 connectivity. When you specify dualstack, the subnet must support IPv6 CIDR blocks. If not specified, defaults to ipv4.

    " + }, "RoleArn":{ "shape":"RoleArn", "documentation":"

    When you send any requests to Amazon Web Services resources from the notebook instance, SageMaker AI assumes this role to perform tasks on your behalf. You must grant this role necessary permissions so SageMaker AI can perform these tasks. The policy must allow the SageMaker AI service principal (sagemaker.amazonaws.com) permissions to assume this role. For more information, see SageMaker AI Roles.

    To be able to pass this role to SageMaker AI, the caller of this API must have the iam:PassRole permission.

    " @@ -11120,7 +12482,7 @@ }, "PlatformIdentifier":{ "shape":"PlatformIdentifier", - "documentation":"

    The platform identifier of the notebook instance runtime environment.

    " + "documentation":"

    The platform identifier of the notebook instance runtime environment. The default value is notebook-al2-v2.

    " }, "InstanceMetadataServiceConfiguration":{ "shape":"InstanceMetadataServiceConfiguration", @@ -11143,6 +12505,10 @@ "OnStart":{ "shape":"NotebookInstanceLifecycleConfigList", "documentation":"

    A shell script that runs every time you start a notebook instance, including when you create the notebook instance. The shell script must be a base64-encoded string.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see Tagging Amazon Web Services Resources.

    " } } }, @@ -11274,6 +12640,10 @@ "shape":"RoleArn", "documentation":"

    The ARN of the IAM role that the partner application uses.

    " }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

    SageMaker Partner AI Apps uses Amazon Web Services KMS to encrypt data at rest using an Amazon Web Services managed key by default. For more control, specify a customer managed key.

    " + }, "MaintenanceConfig":{ "shape":"PartnerAppMaintenanceConfig", "documentation":"

    Maintenance configuration settings for the SageMaker Partner AI App.

    " @@ -11292,7 +12662,8 @@ }, "EnableIamSessionBasedIdentity":{ "shape":"Boolean", - "documentation":"

    When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.

    " + "documentation":"

    When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.

    ", + "box":true }, "ClientToken":{ "shape":"ClientToken", @@ -11497,7 +12868,7 @@ }, "Environment":{ "shape":"ProcessingEnvironmentMap", - "documentation":"

    The environment variables to set in the Docker container. Up to 100 key and values entries in the map are supported.

    " + "documentation":"

    The environment variables to set in the Docker container. Up to 100 key and values entries in the map are supported.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any environment fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request environment variable or plain text fields.

    " }, "NetworkConfig":{ "shape":"NetworkConfig", @@ -11509,7 +12880,7 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    (Optional) An array of key-value pairs. For more information, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

    " + "documentation":"

    (Optional) An array of key-value pairs. For more information, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any tags. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request tag variable or plain text fields.

    " }, "ExperimentConfig":{"shape":"ExperimentConfig"} } @@ -11526,10 +12897,7 @@ }, "CreateProjectInput":{ "type":"structure", - "required":[ - "ProjectName", - "ServiceCatalogProvisioningDetails" - ], + "required":["ProjectName"], "members":{ "ProjectName":{ "shape":"ProjectEntityName", @@ -11546,6 +12914,10 @@ "Tags":{ "shape":"TagList", "documentation":"

    An array of key-value pairs that you want to use to organize and track your Amazon Web Services resource costs. For more information, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference Guide.

    " + }, + "TemplateProviders":{ + "shape":"CreateTemplateProviderList", + "documentation":"

    An array of template provider configurations for creating infrastructure resources for the project.

    " } } }, @@ -11647,15 +13019,28 @@ } } }, + "CreateTemplateProvider":{ + "type":"structure", + "members":{ + "CfnTemplateProvider":{ + "shape":"CfnCreateTemplateProvider", + "documentation":"

    The CloudFormation template provider configuration for creating infrastructure resources.

    " + } + }, + "documentation":"

    Contains configuration details for a template provider. Only one type of template provider can be specified.

    " + }, + "CreateTemplateProviderList":{ + "type":"list", + "member":{"shape":"CreateTemplateProvider"}, + "max":1, + "min":1 + }, "CreateTrainingJobRequest":{ "type":"structure", "required":[ "TrainingJobName", - "AlgorithmSpecification", "RoleArn", - "OutputDataConfig", - "ResourceConfig", - "StoppingCondition" + "OutputDataConfig" ], "members":{ "TrainingJobName":{ @@ -11664,7 +13049,7 @@ }, "HyperParameters":{ "shape":"HyperParameters", - "documentation":"

    Algorithm-specific parameters that influence the quality of the model. You set hyperparameters before you start the learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.

    You can specify a maximum of 100 hyperparameters. Each hyperparameter is a key-value pair. Each key and value is limited to 256 characters, as specified by the Length Constraint.

    Do not include any security-sensitive information including account access IDs, secrets or tokens in any hyperparameter field. If the use of security-sensitive credentials are detected, SageMaker will reject your training job request and return an exception error.

    " + "documentation":"

    Algorithm-specific parameters that influence the quality of the model. You set hyperparameters before you start the learning process. For a list of hyperparameters for each training algorithm provided by SageMaker, see Algorithms.

    You can specify a maximum of 100 hyperparameters. Each hyperparameter is a key-value pair. Each key and value is limited to 256 characters, as specified by the Length Constraint.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any hyperparameter fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by any security-sensitive information included in the request hyperparameter variable or plain text fields.

    " }, "AlgorithmSpecification":{ "shape":"AlgorithmSpecification", @@ -11696,19 +13081,22 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see Tagging Amazon Web Services Resources.

    " + "documentation":"

    An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see Tagging Amazon Web Services Resources.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any tags. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by any security-sensitive information included in the request tag variable or plain text fields.

    " }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Isolates the training container. No inbound or outbound network calls can be made, except for calls between peers within a training cluster for distributed training. If you enable network isolation for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    " + "documentation":"

    Isolates the training container. No inbound or outbound network calls can be made, except for calls between peers within a training cluster for distributed training. If you enable network isolation for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    ", + "box":true }, "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training. For more information, see Protect Communications Between ML Compute Instances in a Distributed Training Job.

    " + "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training. For more information, see Protect Communications Between ML Compute Instances in a Distributed Training Job.

    ", + "box":true }, "EnableManagedSpotTraining":{ "shape":"Boolean", - "documentation":"

    To train models using managed spot training, choose True. Managed spot training provides a fully managed and scalable infrastructure for training machine learning models. this option is useful when training jobs can be interrupted and when there is flexibility when the training job is run.

    The complete and intermediate results of jobs are stored in an Amazon S3 bucket, and can be used as a starting point to train models incrementally. Amazon SageMaker provides metrics and logs in CloudWatch. They can be used to see when managed spot training jobs are running, interrupted, resumed, or completed.

    " + "documentation":"

    To train models using managed spot training, choose True. Managed spot training provides a fully managed and scalable infrastructure for training machine learning models. this option is useful when training jobs can be interrupted and when there is flexibility when the training job is run.

    The complete and intermediate results of jobs are stored in an Amazon S3 bucket, and can be used as a starting point to train models incrementally. Amazon SageMaker provides metrics and logs in CloudWatch. They can be used to see when managed spot training jobs are running, interrupted, resumed, or completed.

    ", + "box":true }, "CheckpointConfig":{ "shape":"CheckpointConfig", @@ -11728,7 +13116,7 @@ }, "Environment":{ "shape":"TrainingEnvironmentMap", - "documentation":"

    The environment variables to set in the Docker container.

    " + "documentation":"

    The environment variables to set in the Docker container.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any environment fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request environment variable or plain text fields.

    " }, "RetryStrategy":{ "shape":"RetryStrategy", @@ -11773,6 +13161,10 @@ "shape":"TrainingPlanOfferingId", "documentation":"

    The unique identifier of the training plan offering to use for creating this plan.

    " }, + "SpareInstanceCountPerUltraServer":{ + "shape":"SpareInstanceCountPerUltraServer", + "documentation":"

    Number of spare instances to reserve per UltraServer for enhanced resiliency. Default is 1.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    An array of key-value pairs to apply to this training plan.

    " @@ -12017,6 +13409,10 @@ "WorkforceVpcConfig":{ "shape":"WorkforceVpcConfigRequest", "documentation":"

    Use this parameter to configure a workforce using VPC.

    " + }, + "IpAddressType":{ + "shape":"WorkforceIpAddressType", + "documentation":"

    Use this parameter to specify whether you want IPv4 only or dualstack (IPv4 and IPv6) to support your labeling workforce.

    " } } }, @@ -12078,6 +13474,11 @@ } }, "CreationTime":{"type":"timestamp"}, + "CronScheduleExpression":{ + "type":"string", + "max":256, + "min":1 + }, "CrossAccountFilterOption":{ "type":"string", "enum":[ @@ -12089,7 +13490,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9.])*" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9.])*" }, "CsvContentTypes":{ "type":"list", @@ -12108,6 +13509,10 @@ "FSxLustreFileSystem":{ "shape":"FSxLustreFileSystem", "documentation":"

    A custom file system in Amazon FSx for Lustre.

    " + }, + "S3FileSystem":{ + "shape":"S3FileSystem", + "documentation":"

    A custom file system in Amazon S3. This is only supported in Amazon SageMaker Unified Studio.

    " } }, "documentation":"

    A file system, created by you, that you assign to a user profile or space for an Amazon SageMaker AI Domain. Permitted users can access this file system in Amazon SageMaker AI Studio.

    ", @@ -12123,6 +13528,10 @@ "FSxLustreFileSystemConfig":{ "shape":"FSxLustreFileSystemConfig", "documentation":"

    The settings for a custom Amazon FSx for Lustre file system.

    " + }, + "S3FileSystemConfig":{ + "shape":"S3FileSystemConfig", + "documentation":"

    Configuration settings for a custom Amazon S3 file system.

    " } }, "documentation":"

    The settings for assigning a custom file system to a user profile or space for an Amazon SageMaker AI Domain. Permitted users can access this file system in Amazon SageMaker AI Studio.

    ", @@ -12131,12 +13540,14 @@ "CustomFileSystemConfigs":{ "type":"list", "member":{"shape":"CustomFileSystemConfig"}, - "max":10 + "max":10, + "min":0 }, "CustomFileSystems":{ "type":"list", "member":{"shape":"CustomFileSystem"}, - "max":5 + "max":5, + "min":0 }, "CustomImage":{ "type":"structure", @@ -12151,8 +13562,7 @@ }, "ImageVersionNumber":{ "shape":"ImageVersionNumber", - "documentation":"

    The version number of the CustomImage.

    ", - "box":true + "documentation":"

    The version number of the CustomImage.

    " }, "AppImageConfigName":{ "shape":"AppImageConfigName", @@ -12164,23 +13574,27 @@ "CustomImageContainerArguments":{ "type":"list", "member":{"shape":"NonEmptyString64"}, - "max":50 + "max":50, + "min":0 }, "CustomImageContainerEntrypoint":{ "type":"list", "member":{"shape":"NonEmptyString256"}, - "max":1 + "max":1, + "min":0 }, "CustomImageContainerEnvironmentVariables":{ "type":"map", "key":{"shape":"NonEmptyString256"}, "value":{"shape":"String256"}, - "max":25 + "max":25, + "min":0 }, "CustomImages":{ "type":"list", "member":{"shape":"CustomImage"}, - "max":200 + "max":200, + "min":0 }, "CustomPosixUserConfig":{ "type":"structure", @@ -12204,7 +13618,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)${1,128}" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)${1,128}" }, "CustomerMetadataKeyList":{ "type":"list", @@ -12221,7 +13635,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)${1,256}" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)${1,256}" }, "CustomizedMetricSpecification":{ "type":"structure", @@ -12251,7 +13665,8 @@ "members":{ "EnableCapture":{ "shape":"EnableCapture", - "documentation":"

    Whether data capture should be enabled or disabled (defaults to enabled).

    " + "documentation":"

    Whether data capture should be enabled or disabled (defaults to enabled).

    ", + "box":true }, "InitialSamplingPercentage":{ "shape":"SamplingPercentage", @@ -12288,7 +13703,8 @@ "members":{ "EnableCapture":{ "shape":"EnableCapture", - "documentation":"

    Whether data capture is enabled or disabled.

    " + "documentation":"

    Whether data capture is enabled or disabled.

    ", + "box":true }, "CaptureStatus":{ "shape":"CaptureStatus", @@ -12520,7 +13936,8 @@ }, "VolumeSizeInGB":{ "shape":"OptionalVolumeSizeInGB", - "documentation":"

    The size, in GB, of the ML storage volume attached to the processing instance.

    " + "documentation":"

    The size, in GB, of the ML storage volume attached to the processing instance.

    ", + "box":true }, "RuleParameters":{ "shape":"RuleParameters", @@ -12957,8 +14374,7 @@ }, "DeleteFlowDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteHubContentReferenceRequest":{ "type":"structure", @@ -13031,8 +14447,7 @@ }, "DeleteHumanTaskUiResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteHyperParameterTuningJobRequest":{ "type":"structure", @@ -13056,8 +14471,7 @@ }, "DeleteImageResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImageVersionRequest":{ "type":"structure", @@ -13079,8 +14493,7 @@ }, "DeleteImageVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInferenceComponentInput":{ "type":"structure", @@ -13302,6 +14715,16 @@ } } }, + "DeleteProcessingJobRequest":{ + "type":"structure", + "required":["ProcessingJobName"], + "members":{ + "ProcessingJobName":{ + "shape":"ProcessingJobName", + "documentation":"

    The name of the processing job to delete.

    " + } + } + }, "DeleteProjectInput":{ "type":"structure", "required":["ProjectName"], @@ -13358,7 +14781,16 @@ }, "DeleteTagsOutput":{ "type":"structure", + "members":{} + }, + "DeleteTrainingJobRequest":{ + "type":"structure", + "required":["TrainingJobName"], "members":{ + "TrainingJobName":{ + "shape":"TrainingJobName", + "documentation":"

    The name of the training job to delete.

    " + } } }, "DeleteTrialComponentRequest":{ @@ -13428,8 +14860,7 @@ }, "DeleteWorkforceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkteamRequest":{ "type":"structure", @@ -13447,18 +14878,21 @@ "members":{ "Success":{ "shape":"Success", - "documentation":"

    Returns true if the work team was successfully deleted; otherwise, returns false.

    " + "documentation":"

    Returns true if the work team was successfully deleted; otherwise, returns false.

    ", + "box":true } } }, "DependencyCopyPath":{ "type":"string", "max":1023, + "min":0, "pattern":".*" }, "DependencyOriginPath":{ "type":"string", "max":1023, + "min":0, "pattern":".*" }, "DeployedImage":{ @@ -13501,6 +14935,24 @@ }, "documentation":"

    The deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations.

    " }, + "DeploymentConfiguration":{ + "type":"structure", + "members":{ + "RollingUpdatePolicy":{ + "shape":"RollingDeploymentPolicy", + "documentation":"

    The policy that SageMaker uses when updating the AMI versions of the cluster.

    " + }, + "WaitIntervalInSeconds":{ + "shape":"WaitTimeIntervalInSeconds", + "documentation":"

    The duration in seconds that SageMaker waits before updating more instances in the cluster.

    " + }, + "AutoRollbackConfiguration":{ + "shape":"AutoRollbackAlarms", + "documentation":"

    An array that contains the alarms that SageMaker monitors to know whether to roll back the AMI update.

    " + } + }, + "documentation":"

    The configuration to use when updating the AMI versions.

    " + }, "DeploymentRecommendation":{ "type":"structure", "required":["RecommendationStatus"], @@ -13726,7 +15178,8 @@ }, "CertifyForMarketplace":{ "shape":"CertifyForMarketplace", - "documentation":"

    Whether the algorithm is certified to be listed in Amazon Web Services Marketplace.

    " + "documentation":"

    Whether the algorithm is certified to be listed in Amazon Web Services Marketplace.

    ", + "box":true } } }, @@ -13834,6 +15287,15 @@ "shape":"AppStatus", "documentation":"

    The status.

    " }, + "EffectiveTrustedIdentityPropagationStatus":{ + "shape":"FeatureStatus", + "documentation":"

    The effective status of Trusted Identity Propagation (TIP) for this application. When enabled, user identities from IAM Identity Center are being propagated through the application to TIP enabled Amazon Web Services services. When disabled, standard IAM role-based access is used.

    " + }, + "RecoveryMode":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the application is launched in recovery mode.

    ", + "box":true + }, "LastHealthCheckTimestamp":{ "shape":"Timestamp", "documentation":"

    The timestamp of the last health check.

    " @@ -14000,7 +15462,8 @@ }, "GenerateCandidateDefinitionsOnly":{ "shape":"GenerateCandidateDefinitionsOnly", - "documentation":"

    Indicates whether the output for an AutoML job generates candidate definitions only.

    " + "documentation":"

    Indicates whether the output for an AutoML job generates candidate definitions only.

    ", + "box":true }, "AutoMLJobArtifacts":{ "shape":"AutoMLJobArtifacts", @@ -14135,13 +15598,36 @@ } } }, - "DescribeClusterNodeRequest":{ + "DescribeClusterEventRequest":{ "type":"structure", "required":[ - "ClusterName", - "NodeId" + "EventId", + "ClusterName" ], "members":{ + "EventId":{ + "shape":"EventId", + "documentation":"

    The unique identifier (UUID) of the event to describe. This ID can be obtained from the ListClusterEvents operation.

    " + }, + "ClusterName":{ + "shape":"ClusterNameOrArn", + "documentation":"

    The name or Amazon Resource Name (ARN) of the HyperPod cluster associated with the event.

    " + } + } + }, + "DescribeClusterEventResponse":{ + "type":"structure", + "members":{ + "EventDetails":{ + "shape":"ClusterEventDetail", + "documentation":"

    Detailed information about the requested cluster event, including event metadata for various resource types such as Cluster, InstanceGroup, Instance, and their associated attributes.

    " + } + } + }, + "DescribeClusterNodeRequest":{ + "type":"structure", + "required":["ClusterName"], + "members":{ "ClusterName":{ "shape":"ClusterNameOrArn", "documentation":"

    The string name or the Amazon Resource Name (ARN) of the SageMaker HyperPod cluster in which the node is.

    " @@ -14149,6 +15635,10 @@ "NodeId":{ "shape":"ClusterNodeId", "documentation":"

    The ID of the SageMaker HyperPod cluster node.

    " + }, + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"

    The logical identifier of the node to describe. You can specify either NodeLogicalId or InstanceId, but not both. NodeLogicalId can be used to describe nodes that are still being provisioned and don't yet have an InstanceId assigned.

    " } } }, @@ -14204,14 +15694,34 @@ "shape":"ClusterInstanceGroupDetailsList", "documentation":"

    The instance groups of the SageMaker HyperPod cluster.

    " }, + "RestrictedInstanceGroups":{ + "shape":"ClusterRestrictedInstanceGroupDetailsList", + "documentation":"

    The specialized instance groups for training models like Amazon Nova to be created in the SageMaker HyperPod cluster.

    " + }, "VpcConfig":{"shape":"VpcConfig"}, "Orchestrator":{ "shape":"ClusterOrchestrator", "documentation":"

    The type of orchestrator used for the SageMaker HyperPod cluster.

    " }, + "TieredStorageConfig":{ + "shape":"ClusterTieredStorageConfig", + "documentation":"

    The current configuration for managed tier checkpointing on the HyperPod cluster. For example, this shows whether the feature is enabled and the percentage of cluster memory allocated for checkpoint storage.

    " + }, "NodeRecovery":{ "shape":"ClusterNodeRecovery", "documentation":"

    The node recovery mode configured for the SageMaker HyperPod cluster.

    " + }, + "NodeProvisioningMode":{ + "shape":"ClusterNodeProvisioningMode", + "documentation":"

    The mode used for provisioning nodes in the cluster.

    " + }, + "ClusterRole":{ + "shape":"RoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that HyperPod uses for cluster autoscaling operations.

    " + }, + "AutoScaling":{ + "shape":"ClusterAutoScalingConfigOutput", + "documentation":"

    The current autoscaling configuration and status for the autoscaler.

    " } } }, @@ -14225,7 +15735,8 @@ }, "ClusterSchedulerConfigVersion":{ "shape":"Integer", - "documentation":"

    Version of the cluster policy.

    " + "documentation":"

    Version of the cluster policy.

    ", + "box":true } } }, @@ -14254,7 +15765,8 @@ }, "ClusterSchedulerConfigVersion":{ "shape":"Integer", - "documentation":"

    Version of the cluster policy.

    " + "documentation":"

    Version of the cluster policy.

    ", + "box":true }, "Status":{ "shape":"SchedulerResourceStatus", @@ -14439,7 +15951,8 @@ }, "ComputeQuotaVersion":{ "shape":"Integer", - "documentation":"

    Version of the compute allocation definition.

    " + "documentation":"

    Version of the compute allocation definition.

    ", + "box":true } } }, @@ -14473,7 +15986,8 @@ }, "ComputeQuotaVersion":{ "shape":"Integer", - "documentation":"

    Version of the compute allocation definition.

    " + "documentation":"

    Version of the compute allocation definition.

    ", + "box":true }, "Status":{ "shape":"SchedulerResourceStatus", @@ -14741,7 +16255,8 @@ }, "MaxModels":{ "shape":"Integer", - "documentation":"

    The maximum number of models.

    " + "documentation":"

    The maximum number of models.

    ", + "box":true }, "NextToken":{ "shape":"NextToken", @@ -14876,7 +16391,8 @@ }, "MaxResults":{ "shape":"DeploymentStageMaxResults", - "documentation":"

    The maximum number of results to select (50 by default).

    " + "documentation":"

    The maximum number of results to select (50 by default).

    ", + "box":true } } }, @@ -14908,15 +16424,18 @@ }, "EdgeDeploymentSuccess":{ "shape":"Integer", - "documentation":"

    The number of edge devices with the successful deployment.

    " + "documentation":"

    The number of edge devices with the successful deployment.

    ", + "box":true }, "EdgeDeploymentPending":{ "shape":"Integer", - "documentation":"

    The number of edge devices yet to pick up deployment, or in progress.

    " + "documentation":"

    The number of edge devices yet to pick up deployment, or in progress.

    ", + "box":true }, "EdgeDeploymentFailed":{ "shape":"Integer", - "documentation":"

    The number of edge devices that failed the deployment.

    " + "documentation":"

    The number of edge devices that failed the deployment.

    ", + "box":true }, "Stages":{ "shape":"DeploymentStageStatusSummaries", @@ -15075,7 +16594,8 @@ "VpcConfig":{"shape":"VpcConfig"}, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Indicates whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.

    " + "documentation":"

    Indicates whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.

    ", + "box":true } } }, @@ -15543,6 +17063,10 @@ "CreationTime":{ "shape":"Timestamp", "documentation":"

    The date and time that hub content was created.

    " + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The last modified time of the hub content.

    " } } }, @@ -15869,7 +17393,8 @@ }, "Horovod":{ "shape":"Horovod", - "documentation":"

    Indicates Horovod compatibility.

    " + "documentation":"

    Indicates Horovod compatibility.

    ", + "box":true }, "ReleaseNotes":{ "shape":"ReleaseNotes", @@ -15941,6 +17466,10 @@ "InferenceComponentStatus":{ "shape":"InferenceComponentStatus", "documentation":"

    The status of the inference component.

    " + }, + "LastDeploymentConfig":{ + "shape":"InferenceComponentDeploymentConfig", + "documentation":"

    The deployment and rollback settings that you assigned to the inference component.

    " } } }, @@ -16294,6 +17823,10 @@ "shape":"TrackingServerStatus", "documentation":"

    The current creation status of the described MLflow Tracking Server.

    " }, + "TrackingServerMaintenanceStatus":{ + "shape":"TrackingServerMaintenanceStatus", + "documentation":"

    The current maintenance status of the described MLflow Tracking Server.

    " + }, "IsActive":{ "shape":"IsTrackingServerActive", "documentation":"

    Whether the described MLflow Tracking Server is currently active.

    " @@ -16308,7 +17841,8 @@ }, "AutomaticModelRegistration":{ "shape":"Boolean", - "documentation":"

    Whether automatic registration of new MLflow models to the SageMaker Model Registry is enabled.

    " + "documentation":"

    Whether automatic registration of new MLflow models to the SageMaker Model Registry is enabled.

    ", + "box":true }, "CreationTime":{ "shape":"Timestamp", @@ -16423,7 +17957,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card that the model export job exports.

    " + "documentation":"

    The version of the model card that the model export job exports.

    ", + "box":true }, "OutputConfig":{ "shape":"ModelCardExportOutputConfig", @@ -16457,7 +17992,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card to describe. If a version is not provided, then the latest version of the model card is described.

    " + "documentation":"

    The version of the model card to describe. If a version is not provided, then the latest version of the model card is described.

    ", + "box":true } } }, @@ -16483,7 +18019,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card.

    " + "documentation":"

    The version of the model card.

    ", + "box":true }, "Content":{ "shape":"ModelCardContent", @@ -16625,7 +18162,8 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    If True, no inbound or outbound network calls can be made to or from the model container.

    " + "documentation":"

    If True, no inbound or outbound network calls can be made to or from the model container.

    ", + "box":true }, "DeploymentRecommendation":{ "shape":"DeploymentRecommendation", @@ -16742,7 +18280,8 @@ }, "CertifyForMarketplace":{ "shape":"CertifyForMarketplace", - "documentation":"

    Whether the model package is certified for listing on Amazon Web Services Marketplace.

    " + "documentation":"

    Whether the model package is certified for listing on Amazon Web Services Marketplace.

    ", + "box":true }, "ModelApprovalStatus":{ "shape":"ModelApprovalStatus", @@ -17008,6 +18547,10 @@ "shape":"InstanceType", "documentation":"

    The type of ML compute instance running on the notebook instance.

    " }, + "IpAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type configured for the notebook instance. Returns ipv4 for IPv4-only connectivity or dualstack for both IPv4 and IPv6 connectivity.

    " + }, "SubnetId":{ "shape":"SubnetId", "documentation":"

    The ID of the VPC subnet.

    " @@ -17194,16 +18737,24 @@ }, "Status":{ "shape":"PartnerAppStatus", - "documentation":"

    The status of the SageMaker Partner AI App.

    " + "documentation":"

    The status of the SageMaker Partner AI App.

    • Creating: SageMaker AI is creating the partner AI app. The partner AI app is not available during creation.

    • Updating: SageMaker AI is updating the partner AI app. The partner AI app is not available when updating.

    • Deleting: SageMaker AI is deleting the partner AI app. The partner AI app is not available during deletion.

    • Available: The partner AI app is provisioned and accessible.

    • Failed: The partner AI app is in a failed state and isn't available. SageMaker AI is investigating the issue. For further guidance, contact Amazon Web Services Support.

    • UpdateFailed: The partner AI app couldn't be updated but is available.

    • Deleted: The partner AI app is permanently deleted and not available.

    " }, "CreationTime":{ "shape":"Timestamp", "documentation":"

    The time that the SageMaker Partner AI App was created.

    " }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time that the SageMaker Partner AI App was last modified.

    " + }, "ExecutionRoleArn":{ "shape":"RoleArn", "documentation":"

    The ARN of the IAM role associated with the SageMaker Partner AI App.

    " }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

    The Amazon Web Services KMS customer managed key used to encrypt the data at rest associated with SageMaker Partner AI Apps.

    " + }, "BaseUrl":{ "shape":"String2048", "documentation":"

    The URL of the SageMaker Partner AI App that the Application SDK uses to support in-app calls for the user.

    " @@ -17230,7 +18781,8 @@ }, "EnableIamSessionBasedIdentity":{ "shape":"Boolean", - "documentation":"

    When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.

    " + "documentation":"

    When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.

    ", + "box":true }, "Error":{ "shape":"ErrorInfo", @@ -17316,6 +18868,10 @@ "SelectiveExecutionConfig":{ "shape":"SelectiveExecutionConfig", "documentation":"

    The selective execution configuration applied to the pipeline run.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version.

    " } } }, @@ -17326,6 +18882,10 @@ "PipelineName":{ "shape":"PipelineNameOrArn", "documentation":"

    The name or Amazon Resource Name (ARN) of the pipeline to describe.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version to describe.

    " } } }, @@ -17377,6 +18937,14 @@ "ParallelismConfiguration":{ "shape":"ParallelismConfiguration", "documentation":"

    Lists the parallelism configuration applied to the pipeline.

    " + }, + "PipelineVersionDisplayName":{ + "shape":"PipelineVersionName", + "documentation":"

    The display name of the pipeline version.

    " + }, + "PipelineVersionDescription":{ + "shape":"PipelineVersionDescription", + "documentation":"

    The description of the pipeline version.

    " } } }, @@ -17503,7 +19071,6 @@ "ProjectArn", "ProjectName", "ProjectId", - "ServiceCatalogProvisioningDetails", "ProjectStatus", "CreationTime" ], @@ -17536,6 +19103,10 @@ "shape":"ProjectStatus", "documentation":"

    The status of the project.

    " }, + "TemplateProviderDetails":{ + "shape":"TemplateProviderDetailList", + "documentation":"

    An array of template providers associated with the project.

    " + }, "CreatedBy":{"shape":"UserContext"}, "CreationTime":{ "shape":"Timestamp", @@ -17548,6 +19119,78 @@ "LastModifiedBy":{"shape":"UserContext"} } }, + "DescribeReservedCapacityRequest":{ + "type":"structure", + "required":["ReservedCapacityArn"], + "members":{ + "ReservedCapacityArn":{ + "shape":"ReservedCapacityArn", + "documentation":"

    ARN of the reserved capacity to describe.

    " + } + } + }, + "DescribeReservedCapacityResponse":{ + "type":"structure", + "required":[ + "ReservedCapacityArn", + "InstanceType", + "TotalInstanceCount" + ], + "members":{ + "ReservedCapacityArn":{ + "shape":"ReservedCapacityArn", + "documentation":"

    ARN of the reserved capacity.

    " + }, + "ReservedCapacityType":{ + "shape":"ReservedCapacityType", + "documentation":"

    The type of reserved capacity.

    " + }, + "Status":{ + "shape":"ReservedCapacityStatus", + "documentation":"

    The current status of the reserved capacity.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The Availability Zone where the reserved capacity is provisioned.

    " + }, + "DurationHours":{ + "shape":"ReservedCapacityDurationHours", + "documentation":"

    The total duration of the reserved capacity in hours.

    " + }, + "DurationMinutes":{ + "shape":"ReservedCapacityDurationMinutes", + "documentation":"

    The number of minutes for the duration of the reserved capacity. For example, if a reserved capacity starts at 08:55 and ends at 11:30, the minutes field would be 35.

    " + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the reserved capacity becomes active.

    " + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the reserved capacity expires.

    " + }, + "InstanceType":{ + "shape":"ReservedCapacityInstanceType", + "documentation":"

    The Amazon EC2 instance type used in the reserved capacity.

    " + }, + "TotalInstanceCount":{ + "shape":"TotalInstanceCount", + "documentation":"

    The total number of instances allocated to this reserved capacity.

    " + }, + "AvailableInstanceCount":{ + "shape":"AvailableInstanceCount", + "documentation":"

    The number of instances currently available for use in this reserved capacity.

    " + }, + "InUseInstanceCount":{ + "shape":"InUseInstanceCount", + "documentation":"

    The number of instances currently in use from this reserved capacity.

    " + }, + "UltraServerSummary":{ + "shape":"UltraServerSummary", + "documentation":"

    A summary of the UltraServer associated with this reserved capacity.

    " + } + } + }, "DescribeSpaceRequest":{ "type":"structure", "required":[ @@ -17699,8 +19342,6 @@ "ModelArtifacts", "TrainingJobStatus", "SecondaryStatus", - "AlgorithmSpecification", - "ResourceConfig", "StoppingCondition", "CreationTime" ], @@ -17803,15 +19444,18 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    If you want to allow inbound or outbound network calls, except for calls between peers within a training cluster for distributed training, choose True. If you enable network isolation for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    " + "documentation":"

    If you want to allow inbound or outbound network calls, except for calls between peers within a training cluster for distributed training, choose True. If you enable network isolation for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    ", + "box":true }, "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithms in distributed training.

    " + "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithms in distributed training.

    ", + "box":true }, "EnableManagedSpotTraining":{ "shape":"Boolean", - "documentation":"

    A Boolean indicating whether managed spot training is enabled (True) or not (False).

    " + "documentation":"

    A Boolean indicating whether managed spot training is enabled (True) or not (False).

    ", + "box":true }, "CheckpointConfig":{"shape":"CheckpointConfig"}, "TrainingTimeInSeconds":{ @@ -17848,7 +19492,7 @@ }, "Environment":{ "shape":"TrainingEnvironmentMap", - "documentation":"

    The environment variables to set in the Docker container.

    " + "documentation":"

    The environment variables to set in the Docker container.

    Do not include any security-sensitive information including account access IDs, secrets, or tokens in any environment fields. As part of the shared responsibility model, you are responsible for any potential exposure, unauthorized access, or compromise of your sensitive data if caused by security-sensitive information included in the request environment variable or plain text fields.

    " }, "RetryStrategy":{ "shape":"RetryStrategy", @@ -17934,6 +19578,18 @@ "shape":"InUseInstanceCount", "documentation":"

    The number of instances currently in use from this training plan.

    " }, + "UnhealthyInstanceCount":{ + "shape":"UnhealthyInstanceCount", + "documentation":"

    The number of instances in the training plan that are currently in an unhealthy state.

    " + }, + "AvailableSpareInstanceCount":{ + "shape":"AvailableSpareInstanceCount", + "documentation":"

    The number of available spare instances in the training plan.

    " + }, + "TotalUltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The total number of UltraServers reserved to this training plan.

    " + }, "TargetResources":{ "shape":"SageMakerResourceNames", "documentation":"

    The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod) that can use this training plan.

    Training plans are specific to their target resource.

    • A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.

    • A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.

    " @@ -18290,7 +19946,8 @@ }, "Description":{ "type":"string", - "max":128 + "max":128, + "min":0 }, "DesiredWeightAndCapacity":{ "type":"structure", @@ -18323,7 +19980,67 @@ "DestinationS3Uri":{ "type":"string", "max":512, - "pattern":"^(https|s3)://([^/])/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/])/?(.*)" + }, + "DetachClusterNodeVolumeRequest":{ + "type":"structure", + "required":[ + "ClusterArn", + "NodeId", + "VolumeId" + ], + "members":{ + "ClusterArn":{ + "shape":"ClusterArn", + "documentation":"

    The Amazon Resource Name (ARN) of your SageMaker HyperPod cluster containing the target node. Your cluster must use EKS as the orchestration and be in the InService state.

    " + }, + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"

    The unique identifier of the cluster node from which you want to detach the volume.

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The unique identifier of your EBS volume that you want to detach. Your volume must be currently attached to the specified node.

    " + } + } + }, + "DetachClusterNodeVolumeResponse":{ + "type":"structure", + "required":[ + "ClusterArn", + "NodeId", + "VolumeId", + "AttachTime", + "Status", + "DeviceName" + ], + "members":{ + "ClusterArn":{ + "shape":"ClusterArn", + "documentation":"

    The Amazon Resource Name (ARN) of your SageMaker HyperPod cluster where the volume detachment operation was performed.

    " + }, + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"

    The unique identifier of the cluster node from which your volume was detached.

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    The unique identifier of your EBS volume that was detached.

    " + }, + "AttachTime":{ + "shape":"Timestamp", + "documentation":"

    The original timestamp when your volume was initially attached to the node.

    " + }, + "Status":{ + "shape":"VolumeAttachmentStatus", + "documentation":"

    The current status of your volume detachment operation.

    " + }, + "DeviceName":{ + "shape":"VolumeDeviceName", + "documentation":"

    The device name assigned to your attached volume on the target instance.

    " + } + } }, "DetailedAlgorithmStatus":{ "type":"string", @@ -18366,7 +20083,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[a-z\\-]*:[a-z\\-]*:[a-z\\-]*:\\d{12}:[a-z\\-]*/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:[a-z\\-]*:[a-z\\-]*:\\d{12}:[a-z\\-]*/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "DeviceDeploymentStatus":{ "type":"string", @@ -18444,17 +20161,17 @@ "type":"string", "max":40, "min":1, - "pattern":"^[-a-zA-Z0-9_.,;:! ]*$" + "pattern":"[-a-zA-Z0-9_.,;:! ]*" }, "DeviceFleetArn":{ "type":"string", - "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:device-fleet/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:iam::\\d{12}:device-fleet/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "DeviceFleetDescription":{ "type":"string", "max":800, "min":1, - "pattern":"^[-a-zA-Z0-9_.,;:! ]*$" + "pattern":"[-a-zA-Z0-9_.,;:! ]*" }, "DeviceFleetSummaries":{ "type":"list", @@ -18490,7 +20207,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "DeviceNames":{ "type":"list", @@ -18506,7 +20223,8 @@ }, "Percentage":{ "shape":"Percentage", - "documentation":"

    Percentage of devices in the fleet to deploy to the current stage.

    " + "documentation":"

    Percentage of devices in the fleet to deploy to the current stage.

    ", + "box":true }, "DeviceNames":{ "shape":"DeviceNames", @@ -18528,11 +20246,13 @@ "members":{ "ConnectedDeviceCount":{ "shape":"Long", - "documentation":"

    The number of devices connected with a heartbeat.

    " + "documentation":"

    The number of devices connected with a heartbeat.

    ", + "box":true }, "RegisteredDeviceCount":{ "shape":"Long", - "documentation":"

    The number of registered devices.

    " + "documentation":"

    The number of registered devices.

    ", + "box":true } }, "documentation":"

    Status of devices.

    " @@ -18601,6 +20321,7 @@ }, "Dimension":{ "type":"integer", + "box":true, "max":8192, "min":1 }, @@ -18632,18 +20353,17 @@ "DirectoryPath":{ "type":"string", "max":4096, + "min":0, "pattern":".*" }, "DisableProfiler":{"type":"boolean"}, "DisableSagemakerServicecatalogPortfolioInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableSagemakerServicecatalogPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateAdditionalCodeRepositories":{"type":"boolean"}, "DisassociateDefaultCodeRepository":{"type":"boolean"}, @@ -18689,6 +20409,10 @@ "VpcOnlyTrustedAccounts":{ "shape":"VpcOnlyTrustedAccounts", "documentation":"

    The list of Amazon Web Services accounts that are trusted when the domain is created in VPC-only mode.

    " + }, + "RootlessDocker":{ + "shape":"FeatureStatus", + "documentation":"

    Indicates whether to use rootless Docker.

    " } }, "documentation":"

    A collection of settings that configure the domain's Docker interaction.

    " @@ -18697,7 +20421,7 @@ "type":"string", "max":14, "min":5, - "pattern":"^\\d{1,4}.\\d{1,4}.\\d{1,4}$" + "pattern":"\\d{1,4}.\\d{1,4}.\\d{1,4}" }, "Dollars":{ "type":"integer", @@ -18707,6 +20431,7 @@ "DomainArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:domain/.*" }, "DomainDetails":{ @@ -18746,7 +20471,8 @@ "DomainId":{ "type":"string", "max":63, - "pattern":"^d-(-*[a-z0-9]){1,61}" + "min":0, + "pattern":"d-(-*[a-z0-9]){1,61}" }, "DomainList":{ "type":"list", @@ -18755,12 +20481,14 @@ "DomainName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "DomainSecurityGroupIds":{ "type":"list", "member":{"shape":"SecurityGroupId"}, - "max":3 + "max":3, + "min":0 }, "DomainSettings":{ "type":"structure", @@ -18777,6 +20505,10 @@ "shape":"ExecutionRoleIdentityConfig", "documentation":"

    The configuration for attaching a SageMaker AI user profile name to the execution role as a sts:SourceIdentity key.

    " }, + "TrustedIdentityPropagationSettings":{ + "shape":"TrustedIdentityPropagationSettings", + "documentation":"

    The Trusted Identity Propagation (TIP) settings for the SageMaker domain. These settings determine how user identities from IAM Identity Center are propagated through the domain to TIP enabled Amazon Web Services services.

    " + }, "DockerSettings":{ "shape":"DockerSettings", "documentation":"

    A collection of settings that configure the domain's Docker interaction.

    " @@ -18784,6 +20516,14 @@ "AmazonQSettings":{ "shape":"AmazonQSettings", "documentation":"

    A collection of settings that configure the Amazon Q experience within the domain. The AuthMode that you use to create the domain must be SSO.

    " + }, + "UnifiedStudioSettings":{ + "shape":"UnifiedStudioSettings", + "documentation":"

    The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.

    " + }, + "IpAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type for the domain. Specify ipv4 for IPv4-only connectivity or dualstack for both IPv4 and IPv6 connectivity. When you specify dualstack, the subnet must support IPv6 CIDR blocks. If not specified, defaults to ipv4.

    " } }, "documentation":"

    A collection of settings that apply to the SageMaker Domain. These settings are specified through the CreateDomain API call.

    " @@ -18803,6 +20543,10 @@ "shape":"DomainSecurityGroupIds", "documentation":"

    The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps.

    " }, + "TrustedIdentityPropagationSettings":{ + "shape":"TrustedIdentityPropagationSettings", + "documentation":"

    The Trusted Identity Propagation (TIP) settings for the SageMaker domain. These settings determine how user identities from IAM Identity Center are propagated through the domain to TIP enabled Amazon Web Services services.

    " + }, "DockerSettings":{ "shape":"DockerSettings", "documentation":"

    A collection of settings that configure the domain's Docker interaction.

    " @@ -18810,6 +20554,14 @@ "AmazonQSettings":{ "shape":"AmazonQSettings", "documentation":"

    A collection of settings that configure the Amazon Q experience within the domain.

    " + }, + "UnifiedStudioSettings":{ + "shape":"UnifiedStudioSettings", + "documentation":"

    The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.

    " + }, + "IpAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type for the domain. Specify ipv4 for IPv4-only connectivity or dualstack for both IPv4 and IPv6 connectivity. When you specify dualstack, the subnet must support IPv6 CIDR blocks.

    " } }, "documentation":"

    A collection of Domain configuration settings to update.

    " @@ -18827,7 +20579,10 @@ ] }, "Double":{"type":"double"}, - "DoubleParameterValue":{"type":"double"}, + "DoubleParameterValue":{ + "type":"double", + "box":true + }, "DriftCheckBaselines":{ "type":"structure", "members":{ @@ -18915,19 +20670,23 @@ "members":{ "MinCapacity":{ "shape":"Integer", - "documentation":"

    The recommended minimum capacity to specify for your autoscaling policy.

    " + "documentation":"

    The recommended minimum capacity to specify for your autoscaling policy.

    ", + "box":true }, "MaxCapacity":{ "shape":"Integer", - "documentation":"

    The recommended maximum capacity to specify for your autoscaling policy.

    " + "documentation":"

    The recommended maximum capacity to specify for your autoscaling policy.

    ", + "box":true }, "ScaleInCooldown":{ "shape":"Integer", - "documentation":"

    The recommended scale in cooldown time for your autoscaling policy.

    " + "documentation":"

    The recommended scale in cooldown time for your autoscaling policy.

    ", + "box":true }, "ScaleOutCooldown":{ "shape":"Integer", - "documentation":"

    The recommended scale out cooldown time for your autoscaling policy.

    " + "documentation":"

    The recommended scale out cooldown time for your autoscaling policy.

    ", + "box":true }, "ScalingPolicies":{ "shape":"ScalingPolicies", @@ -18995,6 +20754,33 @@ }, "documentation":"

    A collection of EBS storage settings that apply to both private and shared spaces.

    " }, + "Ec2CapacityReservation":{ + "type":"structure", + "members":{ + "Ec2CapacityReservationId":{ + "shape":"Ec2CapacityReservationId", + "documentation":"

    The unique identifier for an EC2 capacity reservation that's part of the ML capacity reservation.

    " + }, + "TotalInstanceCount":{ + "shape":"TaskCount", + "documentation":"

    The number of instances that you allocated to the EC2 capacity reservation.

    " + }, + "AvailableInstanceCount":{ + "shape":"TaskCount", + "documentation":"

    The number of instances that are currently available in the EC2 capacity reservation.

    " + }, + "UsedByCurrentEndpoint":{ + "shape":"TaskCount", + "documentation":"

    The number of instances from the EC2 capacity reservation that are being used by the endpoint.

    " + } + }, + "documentation":"

    The EC2 capacity reservations that are shared to an ML capacity reservation.

    " + }, + "Ec2CapacityReservationId":{"type":"string"}, + "Ec2CapacityReservationsList":{ + "type":"list", + "member":{"shape":"Ec2CapacityReservation"} + }, "Edge":{ "type":"structure", "members":{ @@ -19050,7 +20836,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z\\-]*:\\d{12}:edge-deployment/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z\\-]*:\\d{12}:edge-deployment/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "EdgeDeploymentPlanSummaries":{ "type":"list", @@ -19081,15 +20867,18 @@ }, "EdgeDeploymentSuccess":{ "shape":"Integer", - "documentation":"

    The number of edge devices with the successful deployment.

    " + "documentation":"

    The number of edge devices with the successful deployment.

    ", + "box":true }, "EdgeDeploymentPending":{ "shape":"Integer", - "documentation":"

    The number of edge devices yet to pick up the deployment, or in progress.

    " + "documentation":"

    The number of edge devices yet to pick up the deployment, or in progress.

    ", + "box":true }, "EdgeDeploymentFailed":{ "shape":"Integer", - "documentation":"

    The number of edge devices that failed the deployment.

    " + "documentation":"

    The number of edge devices that failed the deployment.

    ", + "box":true }, "CreationTime":{ "shape":"Timestamp", @@ -19117,15 +20906,18 @@ }, "EdgeDeploymentSuccessInStage":{ "shape":"Integer", - "documentation":"

    The number of edge devices with the successful deployment in the current stage.

    " + "documentation":"

    The number of edge devices with the successful deployment in the current stage.

    ", + "box":true }, "EdgeDeploymentPendingInStage":{ "shape":"Integer", - "documentation":"

    The number of edge devices yet to pick up the deployment in current stage, or in progress.

    " + "documentation":"

    The number of edge devices yet to pick up the deployment in current stage, or in progress.

    ", + "box":true }, "EdgeDeploymentFailedInStage":{ "shape":"Integer", - "documentation":"

    The number of edge devices that failed the deployment in current stage.

    " + "documentation":"

    The number of edge devices that failed the deployment in current stage.

    ", + "box":true }, "EdgeDeploymentStatusMessage":{ "shape":"String", @@ -19185,19 +20977,23 @@ }, "OfflineDeviceCount":{ "shape":"Long", - "documentation":"

    The number of devices that have this model version and do not have a heart beat.

    " + "documentation":"

    The number of devices that have this model version and do not have a heart beat.

    ", + "box":true }, "ConnectedDeviceCount":{ "shape":"Long", - "documentation":"

    The number of devices that have this model version and have a heart beat.

    " + "documentation":"

    The number of devices that have this model version and have a heart beat.

    ", + "box":true }, "ActiveDeviceCount":{ "shape":"Long", - "documentation":"

    The number of devices that have this model version, a heart beat, and are currently running.

    " + "documentation":"

    The number of devices that have this model version, a heart beat, and are currently running.

    ", + "box":true }, "SamplingDeviceCount":{ "shape":"Long", - "documentation":"

    The number of devices with this model version and are producing sample data.

    " + "documentation":"

    The number of devices with this model version and are producing sample data.

    ", + "box":true } }, "documentation":"

    Status of edge devices with this model.

    " @@ -19259,7 +21055,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z\\-]*:\\d{12}:edge-packaging-job/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z\\-]*:\\d{12}:edge-packaging-job/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "EdgePackagingJobStatus":{ "type":"string", @@ -19368,16 +21164,25 @@ "type":"list", "member":{"shape":"Edge"} }, + "EfaEnis":{ + "type":"list", + "member":{"shape":"String"} + }, "EfsUid":{ "type":"string", "max":10, + "min":0, "pattern":"\\d+" }, "EksClusterArn":{ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[a-z\\-]*:eks:[a-z0-9\\-]*:[0-9]{12}:cluster\\/[0-9A-Za-z][A-Za-z0-9\\-_]{0,99}$" + "pattern":"arn:aws[a-z\\-]*:eks:[a-z0-9\\-]*:[0-9]{12}:cluster\\/[0-9A-Za-z][A-Za-z0-9\\-_]{0,99}" + }, + "EksRoleAccessEntries":{ + "type":"list", + "member":{"shape":"String"} }, "EmrServerlessComputeConfig":{ "type":"structure", @@ -19388,7 +21193,7 @@ "documentation":"

    The ARN of the IAM role granting the AutoML job V2 the necessary permissions access policies to list, connect to, or manage EMR Serverless jobs. For detailed information about the required permissions of this role, see \"How to configure AutoML to initiate a remote job on EMR Serverless for large datasets\" in Create a regression or classification job for tabular data using the AutoML API or Create an AutoML job for time-series forecasting using the API.

    " } }, - "documentation":"

    This data type is intended for use exclusively by SageMaker Canvas and cannot be used in other contexts at the moment.

    Specifies the compute configuration for the EMR Serverless job.

    " + "documentation":"

    This data type is intended for use exclusively by SageMaker Canvas and cannot be used in other contexts at the moment.

    Specifies the compute configuration for the EMR Serverless job.

    " }, "EmrServerlessSettings":{ "type":"structure", @@ -19418,21 +21223,32 @@ }, "documentation":"

    The configuration parameters that specify the IAM roles assumed by the execution role of SageMaker (assumable roles) and the cluster instances or job execution environments (execution roles or runtime roles) to manage and access resources required for running Amazon EMR clusters or Amazon EMR Serverless applications.

    " }, + "EnableCaching":{"type":"boolean"}, "EnableCapture":{"type":"boolean"}, - "EnableInfraCheck":{"type":"boolean"}, - "EnableIotRoleAlias":{"type":"boolean"}, - "EnableRemoteDebug":{"type":"boolean"}, + "EnableInfraCheck":{ + "type":"boolean", + "box":true + }, + "EnableIotRoleAlias":{ + "type":"boolean", + "box":true + }, + "EnableRemoteDebug":{ + "type":"boolean", + "box":true + }, "EnableSagemakerServicecatalogPortfolioInput":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableSagemakerServicecatalogPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} + }, + "EnableSessionTagChaining":{ + "type":"boolean", + "box":true }, - "EnableSessionTagChaining":{"type":"boolean"}, "EnabledOrDisabled":{ "type":"string", "enum":[ @@ -19514,11 +21330,13 @@ "EndpointConfigName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "EndpointConfigNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "EndpointConfigSortKey":{ @@ -19680,11 +21498,13 @@ "EndpointName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "EndpointNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "EndpointOutputConfiguration":{ @@ -19732,7 +21552,8 @@ "EndpointPerformances":{ "type":"list", "member":{"shape":"EndpointPerformance"}, - "max":1 + "max":1, + "min":0 }, "EndpointSortKey":{ "type":"string", @@ -19806,29 +21627,57 @@ "Endpoints":{ "type":"list", "member":{"shape":"EndpointInfo"}, - "max":1 + "max":1, + "min":0 }, "EntityDescription":{ "type":"string", "max":1024, + "min":0, "pattern":"[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]*" }, "EntityName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + }, + "EnvironmentConfig":{ + "type":"structure", + "members":{ + "FSxLustreConfig":{ + "shape":"FSxLustreConfig", + "documentation":"

    Configuration settings for an Amazon FSx for Lustre file system to be used with the cluster.

    " + } + }, + "documentation":"

    The configuration for the restricted instance groups (RIG) environment.

    " + }, + "EnvironmentConfigDetails":{ + "type":"structure", + "members":{ + "FSxLustreConfig":{ + "shape":"FSxLustreConfig", + "documentation":"

    Configuration settings for an Amazon FSx for Lustre file system to be used with the cluster.

    " + }, + "S3OutputPath":{ + "shape":"S3Uri", + "documentation":"

    The Amazon S3 path where output data from the restricted instance group (RIG) environment will be stored.

    " + } + }, + "documentation":"

    The configuration details for the restricted instance groups (RIG) environment.

    " }, "EnvironmentKey":{ "type":"string", "max":1024, + "min":0, "pattern":"[a-zA-Z_][a-zA-Z0-9_]*" }, "EnvironmentMap":{ "type":"map", "key":{"shape":"EnvironmentKey"}, "value":{"shape":"EnvironmentValue"}, - "max":100 + "max":100, + "min":0 }, "EnvironmentParameter":{ "type":"structure", @@ -19872,6 +21721,7 @@ "EnvironmentValue":{ "type":"string", "max":1024, + "min":0, "pattern":"[\\S\\s]*" }, "ErrorInfo":{ @@ -19888,14 +21738,57 @@ }, "documentation":"

    This is an error field object that contains the error code and the reason for an operation failure.

    " }, + "EventDetails":{ + "type":"structure", + "members":{ + "EventMetadata":{ + "shape":"EventMetadata", + "documentation":"

    Metadata specific to the event, which may include information about the cluster, instance group, or instance involved.

    " + } + }, + "documentation":"

    Detailed information about a specific event, including event metadata.

    " + }, + "EventId":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, + "EventMetadata":{ + "type":"structure", + "members":{ + "Cluster":{ + "shape":"ClusterMetadata", + "documentation":"

    Metadata specific to cluster-level events.

    " + }, + "InstanceGroup":{ + "shape":"InstanceGroupMetadata", + "documentation":"

    Metadata specific to instance group-level events.

    " + }, + "InstanceGroupScaling":{ + "shape":"InstanceGroupScalingMetadata", + "documentation":"

    Metadata related to instance group scaling events.

    " + }, + "Instance":{ + "shape":"InstanceMetadata", + "documentation":"

    Metadata specific to instance-level events.

    " + } + }, + "documentation":"

    Metadata associated with a cluster event, which may include details about various resource types.

    ", + "union":true + }, + "EventSortBy":{ + "type":"string", + "enum":["EventTime"] + }, "ExcludeFeaturesAttribute":{ "type":"string", - "max":100 + "max":100, + "min":0 }, "ExecutionRoleArns":{ "type":"list", "member":{"shape":"RoleArn"}, - "max":5 + "max":5, + "min":0 }, "ExecutionRoleIdentityConfig":{ "type":"string", @@ -19919,6 +21812,7 @@ "ExitMessage":{ "type":"string", "max":1024, + "min":0, "pattern":"[\\S\\s]*" }, "Experiment":{ @@ -19959,11 +21853,12 @@ "documentation":"

    The list of tags that are associated with the experiment. You can use Search API to search on the tags.

    " } }, - "documentation":"

    The properties of an experiment as returned by the Search API.

    " + "documentation":"

    The properties of an experiment as returned by the Search API. For information about experiments, see the CreateExperiment API.

    " }, "ExperimentArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:experiment/.*" }, "ExperimentConfig":{ @@ -19991,13 +21886,14 @@ "ExperimentDescription":{ "type":"string", "max":3072, + "min":0, "pattern":".*" }, "ExperimentEntityName":{ "type":"string", "max":120, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,119}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,119}" }, "ExperimentEntityNameOrArn":{ "type":"string", @@ -20023,6 +21919,7 @@ "ExperimentSourceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:.*" }, "ExperimentSummaries":{ @@ -20058,6 +21955,7 @@ }, "ExpiresInSeconds":{ "type":"integer", + "box":true, "max":300, "min":5 }, @@ -20085,6 +21983,24 @@ }, "documentation":"

    A parameter to activate explainers.

    " }, + "FSxLustreConfig":{ + "type":"structure", + "required":[ + "SizeInGiB", + "PerUnitStorageThroughput" + ], + "members":{ + "SizeInGiB":{ + "shape":"FSxLustreSizeInGiB", + "documentation":"

    The storage capacity of the Amazon FSx for Lustre file system, specified in gibibytes (GiB).

    " + }, + "PerUnitStorageThroughput":{ + "shape":"FSxLustrePerUnitStorageThroughput", + "documentation":"

    The throughput capacity of the Amazon FSx for Lustre file system, measured in MB/s per TiB of storage.

    " + } + }, + "documentation":"

    Configuration settings for an Amazon FSx for Lustre file system to be used with the cluster.

    " + }, "FSxLustreFileSystem":{ "type":"structure", "required":["FileSystemId"], @@ -20111,6 +22027,18 @@ }, "documentation":"

    The settings for assigning a custom Amazon FSx for Lustre file system to a user profile or space for an Amazon SageMaker Domain.

    " }, + "FSxLustrePerUnitStorageThroughput":{ + "type":"integer", + "box":true, + "max":1000, + "min":125 + }, + "FSxLustreSizeInGiB":{ + "type":"integer", + "box":true, + "max":100800, + "min":1200 + }, "FailStepMetadata":{ "type":"structure", "members":{ @@ -20130,7 +22058,8 @@ }, "FailureReason":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "FairShare":{ "type":"string", @@ -20141,6 +22070,7 @@ }, "FairShareWeight":{ "type":"integer", + "box":true, "max":100, "min":0 }, @@ -20252,10 +22182,12 @@ "FeatureGroupArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:feature-group/.*" }, "FeatureGroupMaxResults":{ "type":"integer", + "box":true, "max":100, "min":1 }, @@ -20263,7 +22195,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9]([_-]*[a-zA-Z0-9]){0,63}" + "pattern":"[a-zA-Z0-9]([_-]*[a-zA-Z0-9]){0,63}" }, "FeatureGroupNameContains":{ "type":"string", @@ -20379,7 +22311,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9]([-_]*[a-zA-Z0-9]){0,63}" + "pattern":"[a-zA-Z0-9]([-_]*[a-zA-Z0-9]){0,63}" }, "FeatureParameter":{ "type":"structure", @@ -20398,24 +22330,26 @@ "FeatureParameterAdditions":{ "type":"list", "member":{"shape":"FeatureParameter"}, - "max":25 + "max":25, + "min":0 }, "FeatureParameterKey":{ "type":"string", "max":255, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)" }, "FeatureParameterRemovals":{ "type":"list", "member":{"shape":"FeatureParameterKey"}, - "max":25 + "max":25, + "min":0 }, "FeatureParameterValue":{ "type":"string", "max":255, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)" }, "FeatureParameters":{ "type":"list", @@ -20516,13 +22450,13 @@ "type":"string", "max":21, "min":11, - "pattern":"^(fs-[0-9a-f]{8,})$" + "pattern":"(fs-[0-9a-f]{8,})" }, "FileSystemPath":{ "type":"string", "max":256, "min":1, - "pattern":"^\\/\\S*$" + "pattern":"\\/\\S*" }, "FileSystemType":{ "type":"string", @@ -20542,7 +22476,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9\\_\\-]+$" + "pattern":"[a-zA-Z0-9\\_\\-]+" }, "FillingTransformations":{ "type":"map", @@ -20612,7 +22546,8 @@ }, "Value":{ "shape":"MetricValue", - "documentation":"

    The value of the metric with the best result.

    " + "documentation":"

    The value of the metric with the best result.

    ", + "box":true }, "StandardMetricName":{ "shape":"AutoMLMetricEnum", @@ -20638,7 +22573,8 @@ }, "Value":{ "shape":"MetricValue", - "documentation":"

    The value of the objective metric.

    " + "documentation":"

    The value of the objective metric.

    ", + "box":true } }, "documentation":"

    Shows the latest objective metric emitted by a training job that was launched by a hyperparameter tuning job. You define the objective metric in the HyperParameterTuningJobObjective parameter of HyperParameterTuningJobConfig.

    " @@ -20660,13 +22596,14 @@ "FlowDefinitionArn":{ "type":"string", "max":1024, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]+:[0-9]{12}:flow-definition/.*" }, "FlowDefinitionName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-z0-9](-*[a-z0-9]){0,62}" + "pattern":"[a-z0-9](-*[a-z0-9]){0,62}" }, "FlowDefinitionOutputConfig":{ "type":"structure", @@ -20730,10 +22667,12 @@ }, "FlowDefinitionTaskAvailabilityLifetimeInSeconds":{ "type":"integer", + "box":true, "min":1 }, "FlowDefinitionTaskCount":{ "type":"integer", + "box":true, "max":3, "min":1 }, @@ -20747,7 +22686,7 @@ "type":"string", "max":30, "min":1, - "pattern":"^[A-Za-z0-9]+( [A-Za-z0-9]+)*$" + "pattern":"[A-Za-z0-9]+( [A-Za-z0-9]+)*" }, "FlowDefinitionTaskKeywords":{ "type":"list", @@ -20757,22 +22696,24 @@ }, "FlowDefinitionTaskTimeLimitInSeconds":{ "type":"integer", + "box":true, "min":30 }, "FlowDefinitionTaskTitle":{ "type":"string", "max":128, "min":1, - "pattern":"^[\\t\\n\\r -\\uD7FF\\uE000-\\uFFFD]*$" + "pattern":"[\\t\\n\\r -\\uD7FF\\uE000-\\uFFFD]*" }, "ForecastFrequency":{ "type":"string", "max":5, "min":1, - "pattern":"^1Y|Y|([1-9]|1[0-1])M|M|[1-4]W|W|[1-6]D|D|([1-9]|1[0-9]|2[0-3])H|H|([1-9]|[1-5][0-9])min$" + "pattern":"1Y|Y|([1-9]|1[0-1])M|M|[1-4]W|W|[1-6]D|D|([1-9]|1[0-9]|2[0-3])H|H|([1-9]|[1-5][0-9])min" }, "ForecastHorizon":{ "type":"integer", + "box":true, "min":1 }, "ForecastQuantile":{ @@ -20914,8 +22855,7 @@ }, "GetSagemakerServicecatalogPortfolioStatusInput":{ "type":"structure", - "members":{ - } + "members":{} }, "GetSagemakerServicecatalogPortfolioStatusOutput":{ "type":"structure", @@ -21010,6 +22950,7 @@ }, "Gid":{ "type":"long", + "box":true, "max":4000000, "min":1001 }, @@ -21046,7 +22987,7 @@ "type":"string", "max":1024, "min":11, - "pattern":"^https://([^/]+)/?.{3,1016}$" + "pattern":"https://([^/]+)/?.{3,1016}" }, "Group":{ "type":"string", @@ -21100,7 +23041,8 @@ "HiddenSageMakerImageVersionAliasesList":{ "type":"list", "member":{"shape":"HiddenSageMakerImage"}, - "max":5 + "max":5, + "min":0 }, "HolidayConfig":{ "type":"list", @@ -21126,14 +23068,27 @@ "min":0 }, "Horovod":{"type":"boolean"}, + "HubAccessConfig":{ + "type":"structure", + "required":["HubContentArn"], + "members":{ + "HubContentArn":{ + "shape":"HubContentArn", + "documentation":"

    The ARN of your private model hub content. This should be a ModelReference resource type that points to a SageMaker JumpStart public hub model.

    " + } + }, + "documentation":"

    The configuration for a private hub model reference that points to a public SageMaker JumpStart model.

    For more information about private hubs, see Private curated hubs for foundation model access control in JumpStart.

    " + }, "HubArn":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "HubContentArn":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "HubContentDependency":{ @@ -21153,21 +23108,25 @@ "HubContentDependencyList":{ "type":"list", "member":{"shape":"HubContentDependency"}, - "max":50 + "max":50, + "min":0 }, "HubContentDescription":{ "type":"string", "max":1023, + "min":0, "pattern":".*" }, "HubContentDisplayName":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "HubContentDocument":{ "type":"string", "max":65535, + "min":0, "pattern":".*" }, "HubContentInfo":{ @@ -21243,17 +23202,20 @@ }, "HubContentMarkdown":{ "type":"string", - "max":65535 + "max":65535, + "min":0 }, "HubContentName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "HubContentSearchKeywordList":{ "type":"list", "member":{"shape":"HubSearchKeyword"}, - "max":50 + "max":50, + "min":0 }, "HubContentSortBy":{ "type":"string", @@ -21277,7 +23239,8 @@ "type":"string", "enum":[ "Supported", - "Deprecated" + "Deprecated", + "Restricted" ] }, "HubContentType":{ @@ -21292,16 +23255,18 @@ "type":"string", "max":14, "min":5, - "pattern":"^\\d{1,4}.\\d{1,4}.\\d{1,4}$" + "pattern":"\\d{1,4}.\\d{1,4}.\\d{1,4}" }, "HubDescription":{ "type":"string", "max":1023, + "min":0, "pattern":".*" }, "HubDisplayName":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "HubInfo":{ @@ -21356,11 +23321,12 @@ "HubName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "HubNameOrArn":{ "type":"string", - "pattern":"^(arn:[a-z0-9-\\.]{1,63}:sagemaker:\\w+(?:-\\w+)+:(\\d{12}|aws):hub\\/)?[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"(arn:[a-z0-9-\\.]{1,63}:sagemaker:\\w+(?:-\\w+)+:(\\d{12}|aws):hub\\/)?[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "HubS3StorageConfig":{ "type":"structure", @@ -21375,12 +23341,14 @@ "HubSearchKeyword":{ "type":"string", "max":255, - "pattern":"^[^A-Z]*$" + "min":0, + "pattern":"[^A-Z]*" }, "HubSearchKeywordList":{ "type":"list", "member":{"shape":"HubSearchKeyword"}, - "max":50 + "max":50, + "min":0 }, "HubSortBy":{ "type":"string", @@ -21405,7 +23373,8 @@ }, "HumanLoopActivationConditions":{ "type":"string", - "max":10240 + "max":10240, + "min":0 }, "HumanLoopActivationConditionsConfig":{ "type":"structure", @@ -21508,7 +23477,7 @@ }, "PreHumanTaskLambdaArn":{ "shape":"LambdaFunctionArn", - "documentation":"

    The Amazon Resource Name (ARN) of a Lambda function that is run before a data object is sent to a human worker. Use this function to provide input to a custom labeling job.

    For built-in task types, use one of the following Amazon SageMaker Ground Truth Lambda function ARNs for PreHumanTaskLambdaArn. For custom labeling workflows, see Pre-annotation Lambda.

    Bounding box - Finds the most similar boxes from different workers based on the Jaccard index of the boxes.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-BoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-BoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-BoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-BoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-BoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-BoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-BoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-BoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-BoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-BoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-BoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-BoundingBox

    Image classification - Uses a variant of the Expectation Maximization approach to estimate the true class of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-ImageMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-ImageMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-ImageMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-ImageMultiClass

    Multi-label image classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-ImageMultiClassMultiLabel

    Semantic segmentation - Treats each pixel in an image as a multi-class classification and treats pixel annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-SemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-SemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-SemanticSegmentation

    Text classification - Uses a variant of the Expectation Maximization approach to estimate the true class of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-TextMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-TextMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-TextMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-TextMultiClass

    Multi-label text classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-TextMultiClassMultiLabel

    Named entity recognition - Groups similar selections and calculates aggregate boundaries, resolving to most-assigned label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-NamedEntityRecognition

    Video Classification - Use this task type when you need workers to classify videos using predefined labels that you specify. Workers are shown videos and are asked to choose one label for each video.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoMultiClass

    Video Frame Object Detection - Use this task type to have workers identify and locate objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to identify and localize various objects in a series of video frames, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoObjectDetection

    Video Frame Object Tracking - Use this task type to have workers track the movement of objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to track the movement of objects, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoObjectTracking

    3D Point Cloud Modalities

    Use the following pre-annotation lambdas for 3D point cloud labeling modality tasks. See 3D Point Cloud Task types to learn more.

    3D Point Cloud Object Detection - Use this task type when you want workers to classify objects in a 3D point cloud by drawing 3D cuboids around objects. For example, you can use this task type to ask workers to identify different types of objects in a point cloud, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudObjectDetection

    3D Point Cloud Object Tracking - Use this task type when you want workers to draw 3D cuboids around objects that appear in a sequence of 3D point cloud frames. For example, you can use this task type to ask workers to track the movement of vehicles across multiple point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation - Use this task type when you want workers to create a point-level semantic segmentation masks by painting objects in a 3D point cloud using different colors where each color is assigned to one of the classes you specify.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudSemanticSegmentation

    Use the following ARNs for Label Verification and Adjustment Jobs

    Use label verification and adjustment jobs to review and adjust labels. To learn more, see Verify and Adjust Labels .

    Bounding box verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgement for bounding box labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VerificationBoundingBox

    Bounding box adjustment - Finds the most similar boxes from different workers based on the Jaccard index of the adjusted annotations.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentBoundingBox

    Semantic segmentation verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgment for semantic segmentation labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VerificationSemanticSegmentation

    Semantic segmentation adjustment - Treats each pixel in an image as a multi-class classification and treats pixel adjusted annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentSemanticSegmentation

    Video Frame Object Detection Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to classify and localize objects in a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentVideoObjectDetection

    Video Frame Object Tracking Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to track object movement across a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentVideoObjectTracking

    3D point cloud object detection adjustment - Adjust 3D cuboids in a point cloud frame.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudObjectDetection

    3D point cloud object tracking adjustment - Adjust 3D cuboids across a sequence of point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudObjectTracking

    3D point cloud semantic segmentation adjustment - Adjust semantic segmentation masks in a 3D point cloud.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    " + "documentation":"

    The Amazon Resource Name (ARN) of a Lambda function that is run before a data object is sent to a human worker. Use this function to provide input to a custom labeling job.

    For built-in task types, use one of the following Amazon SageMaker Ground Truth Lambda function ARNs for PreHumanTaskLambdaArn. For custom labeling workflows, see Pre-annotation Lambda.

    Bounding box - Finds the most similar boxes from different workers based on the Jaccard index of the boxes.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-BoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-BoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-BoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-BoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-BoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-BoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-BoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-BoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-BoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-BoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-BoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-BoundingBox

    Image classification - Uses a variant of the Expectation Maximization approach to estimate the true class of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-ImageMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-ImageMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-ImageMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-ImageMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-ImageMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-ImageMultiClass

    Multi-label image classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of an image based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-ImageMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-ImageMultiClassMultiLabel

    Semantic segmentation - Treats each pixel in an image as a multi-class classification and treats pixel annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-SemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-SemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-SemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-SemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-SemanticSegmentation

    Text classification - Uses a variant of the Expectation Maximization approach to estimate the true class of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-TextMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-TextMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-TextMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-TextMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-TextMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-TextMultiClass

    Multi-label text classification - Uses a variant of the Expectation Maximization approach to estimate the true classes of text based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-TextMultiClassMultiLabel

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-TextMultiClassMultiLabel

    Named entity recognition - Groups similar selections and calculates aggregate boundaries, resolving to most-assigned label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-NamedEntityRecognition

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-NamedEntityRecognition

    Video Classification - Use this task type when you need workers to classify videos using predefined labels that you specify. Workers are shown videos and are asked to choose one label for each video.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoMultiClass

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoMultiClass

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoMultiClass

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoMultiClass

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoMultiClass

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoMultiClass

    Video Frame Object Detection - Use this task type to have workers identify and locate objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to identify and localize various objects in a series of video frames, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoObjectDetection

    Video Frame Object Tracking - Use this task type to have workers track the movement of objects in a sequence of video frames (images extracted from a video) using bounding boxes. For example, you can use this task to ask workers to track the movement of objects, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VideoObjectTracking

    3D Point Cloud Modalities

    Use the following pre-annotation lambdas for 3D point cloud labeling modality tasks. See 3D Point Cloud Task types to learn more.

    3D Point Cloud Object Detection - Use this task type when you want workers to classify objects in a 3D point cloud by drawing 3D cuboids around objects. For example, you can use this task type to ask workers to identify different types of objects in a point cloud, such as cars, bikes, and pedestrians.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudObjectDetection

    3D Point Cloud Object Tracking - Use this task type when you want workers to draw 3D cuboids around objects that appear in a sequence of 3D point cloud frames. For example, you can use this task type to ask workers to track the movement of vehicles across multiple point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudObjectTracking

    3D Point Cloud Semantic Segmentation - Use this task type when you want workers to create a point-level semantic segmentation masks by painting objects in a 3D point cloud using different colors where each color is assigned to one of the classes you specify.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-3DPointCloudSemanticSegmentation

    Use the following ARNs for Label Verification and Adjustment Jobs

    Use label verification and adjustment jobs to review and adjust labels. To learn more, see Verify and Adjust Labels .

    Bounding box verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgement for bounding box labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VerificationBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VerificationBoundingBox

    Bounding box adjustment - Finds the most similar boxes from different workers based on the Jaccard index of the adjusted annotations.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentBoundingBox

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentBoundingBox

    Semantic segmentation verification - Uses a variant of the Expectation Maximization approach to estimate the true class of verification judgment for semantic segmentation labels based on annotations from individual workers.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-VerificationSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-VerificationSemanticSegmentation

    Semantic segmentation adjustment - Treats each pixel in an image as a multi-class classification and treats pixel adjusted annotations from workers as \"votes\" for the correct label.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentSemanticSegmentation

    Video Frame Object Detection Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to classify and localize objects in a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentVideoObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentVideoObjectDetection

    Video Frame Object Tracking Adjustment - Use this task type when you want workers to adjust bounding boxes that workers have added to video frames to track object movement across a sequence of video frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-AdjustmentVideoObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-AdjustmentVideoObjectTracking

    3D point cloud object detection adjustment - Adjust 3D cuboids in a point cloud frame.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudObjectDetection

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudObjectDetection

    3D point cloud object tracking adjustment - Adjust 3D cuboids across a sequence of point cloud frames.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudObjectTracking

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudObjectTracking

    3D point cloud semantic segmentation adjustment - Adjust semantic segmentation masks in a 3D point cloud.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-Adjustment3DPointCloudSemanticSegmentation

    Generative AI/Custom - Direct passthrough of input data without any transformation.

    • arn:aws:lambda:us-east-1:432418664414:function:PRE-PassThrough

    • arn:aws:lambda:us-east-2:266458841044:function:PRE-PassThrough

    • arn:aws:lambda:us-west-2:081040173940:function:PRE-PassThrough

    • arn:aws:lambda:ca-central-1:918755190332:function:PRE-PassThrough

    • arn:aws:lambda:eu-west-1:568282634449:function:PRE-PassThrough

    • arn:aws:lambda:eu-west-2:487402164563:function:PRE-PassThrough

    • arn:aws:lambda:eu-central-1:203001061592:function:PRE-PassThrough

    • arn:aws:lambda:ap-northeast-1:477331159723:function:PRE-PassThrough

    • arn:aws:lambda:ap-northeast-2:845288260483:function:PRE-PassThrough

    • arn:aws:lambda:ap-south-1:565803892007:function:PRE-PassThrough

    • arn:aws:lambda:ap-southeast-1:377565633583:function:PRE-PassThrough

    • arn:aws:lambda:ap-southeast-2:454466003867:function:PRE-PassThrough

    " }, "TaskKeywords":{ "shape":"TaskKeywords", @@ -21552,13 +23521,14 @@ "HumanTaskUiArn":{ "type":"string", "max":1024, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]+:[0-9]{12}:human-task-ui/.*" }, "HumanTaskUiName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-z0-9](-*[a-z0-9])*" + "pattern":"[a-z0-9](-*[a-z0-9])*" }, "HumanTaskUiStatus":{ "type":"string", @@ -21617,6 +23587,7 @@ "HyperParameterKey":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "HyperParameterScalingType":{ @@ -21653,11 +23624,13 @@ }, "IsTunable":{ "shape":"Boolean", - "documentation":"

    Indicates whether this hyperparameter is tunable in a hyperparameter tuning job.

    " + "documentation":"

    Indicates whether this hyperparameter is tunable in a hyperparameter tuning job.

    ", + "box":true }, "IsRequired":{ "shape":"Boolean", - "documentation":"

    Indicates whether this hyperparameter is required.

    " + "documentation":"

    Indicates whether this hyperparameter is required.

    ", + "box":true }, "DefaultValue":{ "shape":"HyperParameterValue", @@ -21725,15 +23698,18 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Isolates the training container. No inbound or outbound network calls can be made, except for calls between peers within a training cluster for distributed training. If network isolation is used for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    " + "documentation":"

    Isolates the training container. No inbound or outbound network calls can be made, except for calls between peers within a training cluster for distributed training. If network isolation is used for training jobs that are configured to use a VPC, SageMaker downloads and uploads customer data and model artifacts through the specified VPC, but the training container does not have network access.

    ", + "box":true }, "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training.

    " + "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training.

    ", + "box":true }, "EnableManagedSpotTraining":{ "shape":"Boolean", - "documentation":"

    A Boolean indicating whether managed spot training is enabled (True) or not (False).

    " + "documentation":"

    A Boolean indicating whether managed spot training is enabled (True) or not (False).

    ", + "box":true }, "CheckpointConfig":{"shape":"CheckpointConfig"}, "RetryStrategy":{ @@ -21751,7 +23727,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" }, "HyperParameterTrainingJobDefinitions":{ "type":"list", @@ -21762,17 +23738,20 @@ "HyperParameterTrainingJobEnvironmentKey":{ "type":"string", "max":512, + "min":0, "pattern":"[a-zA-Z_][a-zA-Z0-9_]*" }, "HyperParameterTrainingJobEnvironmentMap":{ "type":"map", "key":{"shape":"HyperParameterTrainingJobEnvironmentKey"}, "value":{"shape":"HyperParameterTrainingJobEnvironmentValue"}, - "max":48 + "max":48, + "min":0 }, "HyperParameterTrainingJobEnvironmentValue":{ "type":"string", "max":512, + "min":0, "pattern":"[\\S\\s]*" }, "HyperParameterTrainingJobSummaries":{ @@ -21858,11 +23837,13 @@ }, "InstanceCount":{ "shape":"TrainingInstanceCount", - "documentation":"

    The number of instances of the type specified by InstanceType. Choose an instance count larger than 1 for distributed training algorithms. See Step 2: Launch a SageMaker Distributed Training Job Using the SageMaker Python SDK for more information.

    " + "documentation":"

    The number of instances of the type specified by InstanceType. Choose an instance count larger than 1 for distributed training algorithms. See Step 2: Launch a SageMaker Distributed Training Job Using the SageMaker Python SDK for more information.

    ", + "box":true }, "VolumeSizeInGB":{ "shape":"VolumeSizeInGB", - "documentation":"

    The volume size in GB of the data to be processed for hyperparameter optimization (optional).

    " + "documentation":"

    The volume size in GB of the data to be processed for hyperparameter optimization (optional).

    ", + "box":true } }, "documentation":"

    The configuration for hyperparameter tuning resources for use in training jobs launched by the tuning job. These resources include compute instances and storage volumes. Specify one or more compute instance configurations and allocation strategies to select resources (optional).

    " @@ -21876,6 +23857,7 @@ "HyperParameterTuningJobArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:hyper-parameter-tuning-job/.*" }, "HyperParameterTuningJobCompletionDetails":{ @@ -21883,7 +23865,8 @@ "members":{ "NumberOfTrainingJobsObjectiveNotImproving":{ "shape":"Integer", - "documentation":"

    The number of training jobs launched by a tuning job that are not improving (1% or less) as measured by model performance evaluated against an objective function.

    " + "documentation":"

    The number of training jobs launched by a tuning job that are not improving (1% or less) as measured by model performance evaluated against an objective function.

    ", + "box":true }, "ConvergenceDetectedTime":{ "shape":"Timestamp", @@ -21939,7 +23922,8 @@ "members":{ "RuntimeInSeconds":{ "shape":"Integer", - "documentation":"

    The wall clock runtime in seconds used by your hyperparameter tuning job.

    " + "documentation":"

    The wall clock runtime in seconds used by your hyperparameter tuning job.

    ", + "box":true } }, "documentation":"

    The total resources consumed by your hyperparameter tuning job.

    " @@ -21948,7 +23932,7 @@ "type":"string", "max":32, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" }, "HyperParameterTuningJobObjective":{ "type":"structure", @@ -22162,6 +24146,7 @@ }, "HyperParameterTuningMaxRuntimeInSeconds":{ "type":"integer", + "box":true, "max":15768000, "min":120 }, @@ -22174,11 +24159,13 @@ }, "InstanceCount":{ "shape":"TrainingInstanceCount", - "documentation":"

    The number of compute instances of type InstanceType to use. For distributed training, select a value greater than 1.

    " + "documentation":"

    The number of compute instances of type InstanceType to use. For distributed training, select a value greater than 1.

    ", + "box":true }, "VolumeSizeInGB":{ "shape":"OptionalVolumeSizeInGB", - "documentation":"

    The volume size in GB for the storage volume to be used in processing hyperparameter optimization jobs (optional). These volumes store model artifacts, incremental states and optionally, scratch space for training algorithms. Do not provide a value for this parameter if a value for InstanceConfigs is also specified.

    Some instance types have a fixed total local storage size. If you select one of these instances for training, VolumeSizeInGB cannot be greater than this total size. For a list of instance types with local instance storage and their sizes, see instance store volumes.

    SageMaker supports only the General Purpose SSD (gp2) storage volume type.

    " + "documentation":"

    The volume size in GB for the storage volume to be used in processing hyperparameter optimization jobs (optional). These volumes store model artifacts, incremental states and optionally, scratch space for training algorithms. Do not provide a value for this parameter if a value for InstanceConfigs is also specified.

    Some instance types have a fixed total local storage size. If you select one of these instances for training, VolumeSizeInGB cannot be greater than this total size. For a list of instance types with local instance storage and their sizes, see instance store volumes.

    SageMaker supports only the General Purpose SSD (gp2) storage volume type.

    ", + "box":true }, "VolumeKmsKeyId":{ "shape":"KmsKeyId", @@ -22198,6 +24185,7 @@ "HyperParameterValue":{ "type":"string", "max":2500, + "min":0, "pattern":".*" }, "HyperParameters":{ @@ -22223,12 +24211,21 @@ }, "HyperbandStrategyMaxResource":{ "type":"integer", + "box":true, "min":1 }, "HyperbandStrategyMinResource":{ "type":"integer", + "box":true, "min":1 }, + "IPAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "dualstack" + ] + }, "IamIdentity":{ "type":"structure", "members":{ @@ -22287,7 +24284,8 @@ "IdentityProviderOAuthSettings":{ "type":"list", "member":{"shape":"IdentityProviderOAuthSetting"}, - "max":20 + "max":20, + "min":0 }, "IdleSettings":{ "type":"structure", @@ -22313,6 +24311,7 @@ }, "IdleTimeoutInMinutes":{ "type":"integer", + "box":true, "max":525600, "min":60 }, @@ -22364,7 +24363,8 @@ "ImageArn":{ "type":"string", "max":256, - "pattern":"^arn:aws(-[\\w]+)*:sagemaker:.+:[0-9]{12}:image/[a-zA-Z0-9]([-.]?[a-zA-Z0-9])*$" + "min":0, + "pattern":"arn:aws(-[\\w]+)*:sagemaker:.+:[0-9]{12}:image/[a-zA-Z0-9]([-.]?[a-zA-Z0-9])*" }, "ImageBaseImage":{ "type":"string", @@ -22411,7 +24411,8 @@ "ImageDeletePropertyList":{ "type":"list", "member":{"shape":"ImageDeleteProperty"}, - "max":2 + "max":2, + "min":0 }, "ImageDescription":{ "type":"string", @@ -22422,24 +24423,32 @@ "ImageDigest":{ "type":"string", "max":72, - "pattern":"^[Ss][Hh][Aa]256:[0-9a-fA-F]{64}$" + "min":0, + "pattern":"[Ss][Hh][Aa]256:[0-9a-fA-F]{64}" }, "ImageDisplayName":{ "type":"string", "max":128, "min":1, - "pattern":"^\\S(.*\\S)?$" + "pattern":"\\S(.*\\S)?" + }, + "ImageId":{ + "type":"string", + "max":21, + "min":7, + "pattern":"ami-[0-9a-fA-F]{8,17}|default" }, "ImageName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9]([-.]?[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9]([-.]?[a-zA-Z0-9]){0,62}" }, "ImageNameContains":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9\\-.]+$" + "min":0, + "pattern":"[a-zA-Z0-9\\-.]+" }, "ImageSortBy":{ "type":"string", @@ -22471,6 +24480,7 @@ "ImageUri":{ "type":"string", "max":255, + "min":0, "pattern":".*" }, "ImageVersion":{ @@ -22525,15 +24535,17 @@ "type":"string", "max":128, "min":1, - "pattern":"^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$" + "pattern":"(0|[1-9]\\d*)\\.(0|[1-9]\\d*)" }, "ImageVersionArn":{ "type":"string", "max":256, - "pattern":"^(arn:aws(-[\\w]+)*:sagemaker:.+:[0-9]{12}:image-version/[a-z0-9]([-.]?[a-z0-9])*/[0-9]+|None)$" + "min":0, + "pattern":"(arn:aws(-[\\w]+)*:sagemaker:.+:[0-9]{12}:image-version/[a-z0-9]([-.]?[a-z0-9])*/[0-9]+|None)" }, "ImageVersionNumber":{ "type":"integer", + "box":true, "min":0 }, "ImageVersionSortBy":{ @@ -22615,6 +24627,10 @@ "shape":"HubContentDocument", "documentation":"

    The hub content document that describes information about the hub content such as type, associated containers, scripts, and more.

    " }, + "SupportStatus":{ + "shape":"HubContentSupportStatus", + "documentation":"

    The status of the hub content resource.

    " + }, "HubContentSearchKeywords":{ "shape":"HubContentSearchKeywordList", "documentation":"

    The searchable keywords of the hub content.

    " @@ -22644,13 +24660,43 @@ }, "InUseInstanceCount":{ "type":"integer", + "box":true, "min":0 }, + "IncludeNodeLogicalIdsBoolean":{ + "type":"boolean", + "box":true + }, "InferenceComponentArn":{ "type":"string", "max":2048, "min":20 }, + "InferenceComponentCapacitySize":{ + "type":"structure", + "required":[ + "Type", + "Value" + ], + "members":{ + "Type":{ + "shape":"InferenceComponentCapacitySizeType", + "documentation":"

    Specifies the endpoint capacity type.

    COPY_COUNT

    The endpoint activates based on the number of inference component copies.

    CAPACITY_PERCENT

    The endpoint activates based on the specified percentage of capacity.

    " + }, + "Value":{ + "shape":"CapacitySizeValue", + "documentation":"

    Defines the capacity size, either as a number of inference component copies or a capacity percentage.

    " + } + }, + "documentation":"

    Specifies the type and size of the endpoint capacity to activate for a rolling deployment or a rollback strategy. You can specify your batches as either of the following:

    • A count of inference component copies

    • The overall percentage or your fleet

    For a rollback strategy, if you don't specify the fields in this object, or if you set the Value parameter to 100%, then SageMaker AI uses a blue/green rollback strategy and rolls all traffic back to the blue fleet.

    " + }, + "InferenceComponentCapacitySizeType":{ + "type":"string", + "enum":[ + "COPY_COUNT", + "CAPACITY_PERCENT" + ] + }, "InferenceComponentComputeResourceRequirements":{ "type":"structure", "required":["MinMemoryRequiredInMb"], @@ -22709,18 +24755,83 @@ }, "InferenceComponentCopyCount":{ "type":"integer", + "box":true, "min":0 }, + "InferenceComponentDataCacheConfig":{ + "type":"structure", + "required":["EnableCaching"], + "members":{ + "EnableCaching":{ + "shape":"EnableCaching", + "documentation":"

    Sets whether the endpoint that hosts the inference component caches the model artifacts and container image.

    With caching enabled, the endpoint caches this data in each instance that it provisions for the inference component. That way, the inference component deploys faster during the auto scaling process. If caching isn't enabled, the inference component takes longer to deploy because of the time it spends downloading the data.

    ", + "box":true + } + }, + "documentation":"

    Settings that affect how the inference component caches data.

    " + }, + "InferenceComponentDataCacheConfigSummary":{ + "type":"structure", + "required":["EnableCaching"], + "members":{ + "EnableCaching":{ + "shape":"EnableCaching", + "documentation":"

    Indicates whether the inference component caches model artifacts as part of the auto scaling process.

    ", + "box":true + } + }, + "documentation":"

    Settings that affect how the inference component caches data.

    " + }, + "InferenceComponentDeploymentConfig":{ + "type":"structure", + "required":["RollingUpdatePolicy"], + "members":{ + "RollingUpdatePolicy":{ + "shape":"InferenceComponentRollingUpdatePolicy", + "documentation":"

    Specifies a rolling deployment strategy for updating a SageMaker AI endpoint.

    " + }, + "AutoRollbackConfiguration":{"shape":"AutoRollbackConfig"} + }, + "documentation":"

    The deployment configuration for an endpoint that hosts inference components. The configuration includes the desired deployment strategy and rollback settings.

    " + }, "InferenceComponentName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?$" + "min":0, + "pattern":"[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?" }, "InferenceComponentNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, + "InferenceComponentRollingUpdatePolicy":{ + "type":"structure", + "required":[ + "MaximumBatchSize", + "WaitIntervalInSeconds" + ], + "members":{ + "MaximumBatchSize":{ + "shape":"InferenceComponentCapacitySize", + "documentation":"

    The batch size for each rolling step in the deployment process. For each step, SageMaker AI provisions capacity on the new endpoint fleet, routes traffic to that fleet, and terminates capacity on the old endpoint fleet. The value must be between 5% to 50% of the copy count of the inference component.

    " + }, + "WaitIntervalInSeconds":{ + "shape":"WaitIntervalInSeconds", + "documentation":"

    The length of the baking period, during which SageMaker AI monitors alarms for each batch on the new fleet.

    " + }, + "MaximumExecutionTimeoutInSeconds":{ + "shape":"MaximumExecutionTimeoutInSeconds", + "documentation":"

    The time limit for the total deployment. Exceeding this limit causes a timeout.

    " + }, + "RollbackMaximumBatchSize":{ + "shape":"InferenceComponentCapacitySize", + "documentation":"

    The batch size for a rollback to the old endpoint fleet. If this field is absent, the value is set to the default, which is 100% of the total capacity. When the default is used, SageMaker AI provisions the entire capacity of the old fleet at once during rollback.

    " + } + }, + "documentation":"

    Specifies a rolling deployment strategy for updating a SageMaker AI inference component.

    " + }, "InferenceComponentRuntimeConfig":{ "type":"structure", "required":["CopyCount"], @@ -22776,6 +24887,10 @@ "BaseInferenceComponentName":{ "shape":"InferenceComponentName", "documentation":"

    The name of an existing inference component that is to contain the inference component that you're creating with your request.

    Specify this parameter only if your request is meant to create an adapter inference component. An adapter inference component contains the path to an adapter model. The purpose of the adapter model is to tailor the inference output of a base foundation model, which is hosted by the base inference component. The adapter inference component uses the compute resources that you assigned to the base inference component.

    When you create an adapter inference component, use the Container parameter to specify the location of the adapter artifacts. In the parameter value, use the ArtifactUrl parameter of the InferenceComponentContainerSpecification data type.

    Before you can create an adapter inference component, you must have an existing inference component that contains the foundation model that you want to adapt.

    " + }, + "DataCacheConfig":{ + "shape":"InferenceComponentDataCacheConfig", + "documentation":"

    Settings that affect how the inference component caches data.

    " } }, "documentation":"

    Details about the resources to deploy with this inference component, including the model, container, and compute resources.

    " @@ -22802,6 +24917,10 @@ "BaseInferenceComponentName":{ "shape":"InferenceComponentName", "documentation":"

    The name of the base inference component that contains this inference component.

    " + }, + "DataCacheConfig":{ + "shape":"InferenceComponentDataCacheConfigSummary", + "documentation":"

    Settings that affect how the inference component caches data.

    " } }, "documentation":"

    Details about the resources that are deployed with this inference component.

    " @@ -22902,6 +25021,7 @@ "InferenceExperimentArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:inference-experiment/.*" }, "InferenceExperimentDataStorageConfig":{ @@ -22923,6 +25043,7 @@ "InferenceExperimentDescription":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "InferenceExperimentList":{ @@ -22933,7 +25054,7 @@ "type":"string", "max":120, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,119}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,119}" }, "InferenceExperimentSchedule":{ "type":"structure", @@ -22965,6 +25086,7 @@ "InferenceExperimentStatusReason":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "InferenceExperimentStopDesiredState":{ @@ -23044,7 +25166,8 @@ }, "InferenceImage":{ "type":"string", - "max":256 + "max":256, + "min":0 }, "InferenceMetrics":{ "type":"structure", @@ -23055,11 +25178,13 @@ "members":{ "MaxInvocations":{ "shape":"Integer", - "documentation":"

    The expected maximum number of requests per minute for the instance.

    " + "documentation":"

    The expected maximum number of requests per minute for the instance.

    ", + "box":true }, "ModelLatency":{ "shape":"Integer", - "documentation":"

    The expected model latency at maximum invocations per minute for the instance.

    " + "documentation":"

    The expected model latency at maximum invocations per minute for the instance.

    ", + "box":true } }, "documentation":"

    The metrics for an existing endpoint compared in an Inference Recommender job.

    " @@ -23238,7 +25363,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "InfraCheckConfig":{ "type":"structure", @@ -23252,14 +25377,17 @@ }, "InitialInstanceCount":{ "type":"integer", + "box":true, "min":1 }, "InitialNumberOfUsers":{ "type":"integer", + "box":true, "min":1 }, "InitialTaskCount":{ "type":"integer", + "box":true, "min":1 }, "InputConfig":{ @@ -23308,7 +25436,9 @@ }, "InstanceCount":{ "type":"integer", - "min":1 + "box":true, + "max":10000000, + "min":0 }, "InstanceGroup":{ "type":"structure", @@ -23324,7 +25454,8 @@ }, "InstanceCount":{ "shape":"TrainingInstanceCount", - "documentation":"

    Specifies the number of instances of the instance group.

    " + "documentation":"

    Specifies the number of instances of the instance group.

    ", + "box":true }, "InstanceGroupName":{ "shape":"InstanceGroupName", @@ -23333,6 +25464,36 @@ }, "documentation":"

    Defines an instance group for heterogeneous cluster training. When requesting a training job using the CreateTrainingJob API, you can configure multiple instance groups .

    " }, + "InstanceGroupMetadata":{ + "type":"structure", + "members":{ + "FailureMessage":{ + "shape":"String", + "documentation":"

    An error message describing why the instance group level operation (such as creating, scaling, or deleting) failed.

    " + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"

    The ID of the Availability Zone where the instance group is located.

    " + }, + "CapacityReservation":{ + "shape":"CapacityReservation", + "documentation":"

    Information about the Capacity Reservation used by the instance group.

    " + }, + "SubnetId":{ + "shape":"String", + "documentation":"

    The ID of the subnet where the instance group is located.

    " + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    A list of security group IDs associated with the instance group.

    " + }, + "AmiOverride":{ + "shape":"String", + "documentation":"

    If you use a custom Amazon Machine Image (AMI) for the instance group, this field shows the ID of the custom AMI.

    " + } + }, + "documentation":"

    Metadata information about an instance group in a HyperPod cluster.

    " + }, "InstanceGroupName":{ "type":"string", "max":64, @@ -23342,7 +25503,26 @@ "InstanceGroupNames":{ "type":"list", "member":{"shape":"InstanceGroupName"}, - "max":5 + "max":5, + "min":0 + }, + "InstanceGroupScalingMetadata":{ + "type":"structure", + "members":{ + "InstanceCount":{ + "shape":"InstanceCount", + "documentation":"

    The current number of instances in the group.

    " + }, + "TargetCount":{ + "shape":"TargetCount", + "documentation":"

    The desired number of instances for the group after scaling.

    " + }, + "FailureMessage":{ + "shape":"String", + "documentation":"

    An error message describing why the scaling operation failed, if applicable.

    " + } + }, + "documentation":"

    Metadata information about scaling operations for an instance group.

    " }, "InstanceGroupStatus":{ "type":"string", @@ -23364,7 +25544,38 @@ "InstanceGroups":{ "type":"list", "member":{"shape":"InstanceGroup"}, - "max":5 + "max":5, + "min":0 + }, + "InstanceMetadata":{ + "type":"structure", + "members":{ + "CustomerEni":{ + "shape":"String", + "documentation":"

    The ID of the customer-managed Elastic Network Interface (ENI) associated with the instance.

    " + }, + "AdditionalEnis":{ + "shape":"AdditionalEnis", + "documentation":"

    Information about additional Elastic Network Interfaces (ENIs) associated with the instance.

    " + }, + "CapacityReservation":{ + "shape":"CapacityReservation", + "documentation":"

    Information about the Capacity Reservation used by the instance.

    " + }, + "FailureMessage":{ + "shape":"String", + "documentation":"

    An error message describing why the instance creation or update failed, if applicable.

    " + }, + "LcsExecutionState":{ + "shape":"String", + "documentation":"

    The execution state of the Lifecycle Script (LCS) for the instance.

    " + }, + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"

    The unique logical identifier of the node within the cluster. The ID used here is the same object as in the BatchAddClusterNodes API.

    " + } + }, + "documentation":"

    Metadata information about an instance in a HyperPod cluster.

    " }, "InstanceMetadataServiceConfiguration":{ "type":"structure", @@ -23377,6 +25588,21 @@ }, "documentation":"

    Information on the IMDS configuration of the notebook instance

    " }, + "InstancePlacementConfig":{ + "type":"structure", + "members":{ + "EnableMultipleJobs":{ + "shape":"Boolean", + "documentation":"

    If set to true, allows multiple jobs to share the same UltraServer instances. If set to false, ensures this job's instances are placed on an UltraServer exclusively, with no other jobs sharing the same UltraServer. Default is false.

    ", + "box":true + }, + "PlacementSpecifications":{ + "shape":"PlacementSpecifications", + "documentation":"

    A list of specifications for how instances should be placed on specific UltraServers. Maximum of 10 items is supported.

    " + } + }, + "documentation":"

    Configuration for how instances are placed and allocated within UltraServers. This is only applicable for UltraServer capacity.

    " + }, "InstanceType":{ "type":"string", "enum":[ @@ -23463,6 +25689,7 @@ "ml.p4d.24xlarge", "ml.p4de.24xlarge", "ml.p5.48xlarge", + "ml.p6-b200.48xlarge", "ml.m6i.large", "ml.m6i.xlarge", "ml.m6i.2xlarge", @@ -23610,17 +25837,19 @@ "InvocationStartTime":{"type":"timestamp"}, "InvocationsMaxRetries":{ "type":"integer", + "box":true, "max":3, "min":0 }, "InvocationsTimeoutInSeconds":{ "type":"integer", + "box":true, "max":3600, "min":1 }, "IotRoleAlias":{ "type":"string", - "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:rolealias/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:iam::\\d{12}:rolealias/?[a-zA-Z_0-9+=,.@\\-_/]+" }, "IsTrackingServerActive":{ "type":"string", @@ -23636,6 +25865,7 @@ }, "JobDurationInSeconds":{ "type":"integer", + "box":true, "min":1 }, "JobReferenceCode":{ @@ -23668,7 +25898,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9.])*" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*\\/[a-zA-Z0-9](-*[a-zA-Z0-9.])*" }, "JsonContentTypes":{ "type":"list", @@ -23740,7 +25970,8 @@ }, "KeepAlivePeriodInSeconds":{ "type":"integer", - "documentation":"Optional. Customer requested period in seconds for which the Training cluster is kept alive after the job is finished.", + "documentation":"

    Optional. Customer requested period in seconds for which the Training cluster is kept alive after the job is finished.

    ", + "box":true, "max":3600, "min":0 }, @@ -23756,7 +25987,8 @@ }, "KernelDisplayName":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "KernelGatewayAppSettings":{ "type":"structure", @@ -23767,7 +25999,7 @@ }, "CustomImages":{ "shape":"CustomImages", - "documentation":"

    A list of custom SageMaker AI images that are configured to run as a KernelGateway app.

    " + "documentation":"

    A list of custom SageMaker AI images that are configured to run as a KernelGateway app.

    The maximum number of custom images are as follows.

    • On a domain level: 200

    • On a space level: 5

    • On a user profile level: 5

    " }, "LifecycleConfigArns":{ "shape":"LifecycleConfigArns", @@ -23793,7 +26025,8 @@ }, "KernelName":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "KernelSpec":{ "type":"structure", @@ -23825,13 +26058,14 @@ "KmsKeyId":{ "type":"string", "max":2048, - "pattern":"^[a-zA-Z0-9:/_-]*$" + "min":0, + "pattern":"[a-zA-Z0-9:/_-]*" }, "LabelAttributeName":{ "type":"string", "max":127, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,126}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,126}" }, "LabelCounter":{ "type":"integer", @@ -23842,23 +26076,28 @@ "members":{ "TotalLabeled":{ "shape":"LabelCounter", - "documentation":"

    The total number of objects labeled.

    " + "documentation":"

    The total number of objects labeled.

    ", + "box":true }, "HumanLabeled":{ "shape":"LabelCounter", - "documentation":"

    The total number of objects labeled by a human worker.

    " + "documentation":"

    The total number of objects labeled by a human worker.

    ", + "box":true }, "MachineLabeled":{ "shape":"LabelCounter", - "documentation":"

    The total number of objects labeled by automated data labeling.

    " + "documentation":"

    The total number of objects labeled by automated data labeling.

    ", + "box":true }, "FailedNonRetryableError":{ "shape":"LabelCounter", - "documentation":"

    The total number of objects that could not be labeled due to an error.

    " + "documentation":"

    The total number of objects that could not be labeled due to an error.

    ", + "box":true }, "Unlabeled":{ "shape":"LabelCounter", - "documentation":"

    The total number of objects not yet labeled.

    " + "documentation":"

    The total number of objects not yet labeled.

    ", + "box":true } }, "documentation":"

    Provides a breakdown of the number of objects labeled.

    " @@ -23868,15 +26107,18 @@ "members":{ "HumanLabeled":{ "shape":"LabelCounter", - "documentation":"

    The total number of data objects labeled by a human worker.

    " + "documentation":"

    The total number of data objects labeled by a human worker.

    ", + "box":true }, "PendingHuman":{ "shape":"LabelCounter", - "documentation":"

    The total number of data objects that need to be labeled by a human worker.

    " + "documentation":"

    The total number of data objects that need to be labeled by a human worker.

    ", + "box":true }, "Total":{ "shape":"LabelCounter", - "documentation":"

    The total number of tasks in the labeling job.

    " + "documentation":"

    The total number of tasks in the labeling job.

    ", + "box":true } }, "documentation":"

    Provides counts for human-labeled tasks in the labeling job.

    " @@ -23884,6 +26126,7 @@ "LabelingJobAlgorithmSpecificationArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:.*" }, "LabelingJobAlgorithmsConfig":{ @@ -23908,6 +26151,7 @@ "LabelingJobArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:labeling-job/.*" }, "LabelingJobDataAttributes":{ @@ -23992,7 +26236,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "LabelingJobOutput":{ "type":"structure", @@ -24156,6 +26400,7 @@ "LambdaFunctionArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:aws[a-z\\-]*:lambda:[a-z0-9\\-]*:[0-9]{12}:function:.*" }, "LambdaStepMetadata":{ @@ -24174,7 +26419,8 @@ }, "LandingUri":{ "type":"string", - "max":1023 + "max":1023, + "min":0 }, "LastModifiedTime":{"type":"timestamp"}, "LastUpdateStatus":{ @@ -24215,11 +26461,13 @@ "type":"map", "key":{"shape":"StringParameterValue"}, "value":{"shape":"StringParameterValue"}, - "max":30 + "max":30, + "min":0 }, "LineageGroupArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:lineage-group/.*" }, "LineageGroupNameOrArn":{ @@ -24724,6 +26972,65 @@ } } }, + "ListClusterEventsRequest":{ + "type":"structure", + "required":["ClusterName"], + "members":{ + "ClusterName":{ + "shape":"ClusterNameOrArn", + "documentation":"

    The name or Amazon Resource Name (ARN) of the HyperPod cluster for which to list events.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group to filter events. If specified, only events related to this instance group are returned.

    " + }, + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"

    The EC2 instance ID to filter events. If specified, only events related to this instance are returned.

    " + }, + "EventTimeAfter":{ + "shape":"Timestamp", + "documentation":"

    The start of the time range for filtering events. Only events that occurred after this time are included in the results.

    " + }, + "EventTimeBefore":{ + "shape":"Timestamp", + "documentation":"

    The end of the time range for filtering events. Only events that occurred before this time are included in the results.

    " + }, + "SortBy":{ + "shape":"EventSortBy", + "documentation":"

    The field to use for sorting the event list. Currently, the only supported value is EventTime.

    " + }, + "SortOrder":{ + "shape":"SortOrder", + "documentation":"

    The order in which to sort the results. Valid values are Ascending or Descending (the default is Descending).

    " + }, + "ResourceType":{ + "shape":"ClusterEventResourceType", + "documentation":"

    The type of resource for which to filter events. Valid values are Cluster, InstanceGroup, or Instance.

    " + }, + "MaxResults":{ + "shape":"ClusterEventMaxResults", + "documentation":"

    The maximum number of events to return in the response. Valid range is 1 to 100.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token to retrieve the next set of results. This token is obtained from the output of a previous ListClusterEvents call.

    " + } + } + }, + "ListClusterEventsResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token to retrieve the next set of results. Include this token in subsequent ListClusterEvents calls to fetch more events.

    " + }, + "Events":{ + "shape":"ClusterEventSummaries", + "documentation":"

    A list of event summaries matching the specified criteria.

    " + } + } + }, "ListClusterNodesRequest":{ "type":"structure", "required":["ClusterName"], @@ -24759,15 +27066,16 @@ "SortOrder":{ "shape":"SortOrder", "documentation":"

    The sort order for results. The default value is Ascending.

    " + }, + "IncludeNodeLogicalIds":{ + "shape":"IncludeNodeLogicalIdsBoolean", + "documentation":"

    Specifies whether to include nodes that are still being provisioned in the response. When set to true, the response includes all nodes regardless of their provisioning status. When set to False (default), only nodes with assigned InstanceIds are returned.

    " } } }, "ListClusterNodesResponse":{ "type":"structure", - "required":[ - "NextToken", - "ClusterNodeSummaries" - ], + "required":["ClusterNodeSummaries"], "members":{ "NextToken":{ "shape":"NextToken", @@ -24846,7 +27154,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    Set the maximum number of SageMaker HyperPod clusters to list.

    " + "documentation":"

    Specifies the maximum number of clusters to evaluate for the operation (not necessarily the number of matching items). After SageMaker processes the number of clusters up to MaxResults, it stops the operation and returns the matching clusters up to that point. If all the matching clusters are desired, SageMaker will go through all the clusters until NextToken is empty.

    " }, "NameContains":{ "shape":"NameContains", @@ -24872,10 +27180,7 @@ }, "ListClustersResponse":{ "type":"structure", - "required":[ - "NextToken", - "ClusterSummaries" - ], + "required":["ClusterSummaries"], "members":{ "NextToken":{ "shape":"NextToken", @@ -24951,8 +27256,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of model compilation jobs to return in the response.

    ", - "box":true + "documentation":"

    The maximum number of model compilation jobs to return in the response.

    " }, "CreationTimeAfter":{ "shape":"CreationTime", @@ -25662,8 +27966,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The total number of items to return. If the total number of available items is more than the value specified in MaxResults, then a NextToken will be provided in the output that you can use to resume pagination.

    ", - "box":true + "documentation":"

    The total number of items to return. If the total number of available items is more than the value specified in MaxResults, then a NextToken will be provided in the output that you can use to resume pagination.

    " } } }, @@ -25888,8 +28191,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The total number of items to return. If the total number of available items is more than the value specified in MaxResults, then a NextToken will be provided in the output that you can use to resume pagination.

    ", - "box":true + "documentation":"

    The total number of items to return. If the total number of available items is more than the value specified in MaxResults, then a NextToken will be provided in the output that you can use to resume pagination.

    " } } }, @@ -25916,8 +28218,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of tuning jobs to return. The default value is 10.

    ", - "box":true + "documentation":"

    The maximum number of tuning jobs to return. The default value is 10.

    " }, "SortBy":{ "shape":"HyperParameterTuningJobSortByOptions", @@ -26594,7 +28895,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    List export jobs for the model card with the specified version.

    " + "documentation":"

    List export jobs for the model card with the specified version.

    ", + "box":true }, "CreationTimeAfter":{ "shape":"Timestamp", @@ -27405,8 +29707,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of optimization jobs to return in the response. The default is 50.

    ", - "box":true + "documentation":"

    The maximum number of optimization jobs to return in the response. The default is 50.

    " }, "CreationTimeAfter":{ "shape":"CreationTime", @@ -27606,6 +29907,49 @@ } } }, + "ListPipelineVersionsRequest":{ + "type":"structure", + "required":["PipelineName"], + "members":{ + "PipelineName":{ + "shape":"PipelineNameOrArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline.

    " + }, + "CreatedAfter":{ + "shape":"Timestamp", + "documentation":"

    A filter that returns the pipeline versions that were created after a specified time.

    " + }, + "CreatedBefore":{ + "shape":"Timestamp", + "documentation":"

    A filter that returns the pipeline versions that were created before a specified time.

    " + }, + "SortOrder":{ + "shape":"SortOrder", + "documentation":"

    The sort order for the results.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If the result of the previous ListPipelineVersions request was truncated, the response includes a NextToken. To retrieve the next set of pipeline versions, use this token in your next request.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of pipeline versions to return in the response.

    " + } + } + }, + "ListPipelineVersionsResponse":{ + "type":"structure", + "members":{ + "PipelineVersionSummaries":{ + "shape":"PipelineVersionSummaryList", + "documentation":"

    Contains a sorted list of pipeline version summary objects matching the specified filters. Each version summary includes the pipeline version ID, the creation date, and the last pipeline execution created from that version. This list can be empty.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If the result of the previous ListPipelineVersions request was truncated, the response includes a NextToken. To retrieve the next set of pipeline versions, use this token in your next request.

    " + } + } + }, "ListPipelinesRequest":{ "type":"structure", "members":{ @@ -27693,8 +30037,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of processing jobs to return in the response.

    ", - "box":true + "documentation":"

    The maximum number of processing jobs to return in the response.

    " } } }, @@ -27869,7 +30212,8 @@ }, "ExcludeDevicesDeployedInOtherStage":{ "shape":"Boolean", - "documentation":"

    Toggle for excluding devices deployed in other stages.

    " + "documentation":"

    Toggle for excluding devices deployed in other stages.

    ", + "box":true }, "StageName":{ "shape":"EntityName", @@ -27962,8 +30306,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of work teams to return in each page of the response.

    ", - "box":true + "documentation":"

    The maximum number of work teams to return in each page of the response.

    " } } }, @@ -28001,6 +30344,7 @@ }, "ListTagsMaxResults":{ "type":"integer", + "box":true, "min":50 }, "ListTagsOutput":{ @@ -28069,8 +30413,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of training jobs to return in the response.

    ", - "box":true + "documentation":"

    The maximum number of training jobs to return in the response.

    " }, "CreationTimeAfter":{ "shape":"Timestamp", @@ -28137,8 +30480,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in the response.

    ", - "box":true + "documentation":"

    The maximum number of results to return in the response.

    " }, "StartTimeAfter":{ "shape":"Timestamp", @@ -28217,8 +30559,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of transform jobs to return in the response. The default value is 10.

    ", - "box":true + "documentation":"

    The maximum number of transform jobs to return in the response. The default value is 10.

    " } } }, @@ -28344,6 +30685,38 @@ } } }, + "ListUltraServersByReservedCapacityRequest":{ + "type":"structure", + "required":["ReservedCapacityArn"], + "members":{ + "ReservedCapacityArn":{ + "shape":"ReservedCapacityArn", + "documentation":"

    The ARN of the reserved capacity to list UltraServers for.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of UltraServers to return in the response. The default value is 10.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If the previous response was truncated, you receive this token. Use it in your next request to receive the next set of results.

    " + } + } + }, + "ListUltraServersByReservedCapacityResponse":{ + "type":"structure", + "required":["UltraServers"], + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    If the response is truncated, SageMaker returns this token. Use it in the next request to retrieve the next set of UltraServers.

    " + }, + "UltraServers":{ + "shape":"UltraServers", + "documentation":"

    A list of UltraServers that are part of the specified reserved capacity.

    " + } + } + }, "ListUserProfilesRequest":{ "type":"structure", "members":{ @@ -28407,8 +30780,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of workforces returned in the response.

    ", - "box":true + "documentation":"

    The maximum number of workforces returned in the response.

    " } } }, @@ -28454,8 +30826,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of work teams to return in each page of the response.

    ", - "box":true + "documentation":"

    The maximum number of work teams to return in each page of the response.

    " } } }, @@ -28480,19 +30851,33 @@ "CreateDate" ] }, + "LocalPath":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"\\/.*" + }, "Long":{"type":"long"}, + "LongS3Uri":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" + }, "MLFramework":{ "type":"string", "max":128, "min":1, - "pattern":"^[a-zA-Z]+ ?\\d+\\.\\d+(\\.\\d+)?$" + "pattern":"[a-zA-Z]+ ?\\d+\\.\\d+(\\.\\d+)?" }, "ManagedInstanceScalingMaxInstanceCount":{ "type":"integer", + "box":true, "min":1 }, "ManagedInstanceScalingMinInstanceCount":{ "type":"integer", + "box":true, "min":0 }, "ManagedInstanceScalingStatus":{ @@ -28504,41 +30889,50 @@ }, "MaxAutoMLJobRuntimeInSeconds":{ "type":"integer", + "box":true, "min":1 }, "MaxCandidates":{ "type":"integer", + "box":true, "max":750, "min":1 }, "MaxConcurrentInvocationsPerInstance":{ "type":"integer", + "box":true, "max":1000, "min":1 }, "MaxConcurrentTaskCount":{ "type":"integer", + "box":true, "max":5000, "min":1 }, "MaxConcurrentTransforms":{ "type":"integer", + "box":true, "min":0 }, "MaxHumanLabeledObjectCount":{ "type":"integer", + "box":true, "min":1 }, "MaxNumberOfTests":{ "type":"integer", + "box":true, "min":1 }, "MaxNumberOfTrainingJobs":{ "type":"integer", + "box":true, "min":1 }, "MaxNumberOfTrainingJobsNotImproving":{ "type":"integer", + "box":true, "min":3 }, "MaxParallelExecutionSteps":{ @@ -28547,6 +30941,7 @@ }, "MaxParallelOfTests":{ "type":"integer", + "box":true, "min":1 }, "MaxParallelTrainingJobs":{ @@ -28555,21 +30950,25 @@ }, "MaxPayloadInMB":{ "type":"integer", + "box":true, "min":0 }, "MaxPendingTimeInSeconds":{ "type":"integer", - "documentation":"Maximum job scheduler pending time in seconds.", + "documentation":"

    Maximum job scheduler pending time in seconds.

    ", + "box":true, "max":2419200, "min":7200 }, "MaxPercentageOfInputDatasetLabeled":{ "type":"integer", + "box":true, "max":100, "min":1 }, "MaxResults":{ "type":"integer", + "box":true, "max":100, "min":1 }, @@ -28579,14 +30978,17 @@ }, "MaxRuntimePerTrainingJobInSeconds":{ "type":"integer", + "box":true, "min":1 }, "MaxWaitTimeInSeconds":{ "type":"integer", + "box":true, "min":1 }, "MaximumExecutionTimeoutInSeconds":{ "type":"integer", + "box":true, "max":28800, "min":600 }, @@ -28598,7 +31000,8 @@ "MediaType":{ "type":"string", "max":64, - "pattern":"^[-\\w]+\\/[-\\w+]+$" + "min":0, + "pattern":"[-\\w]+\\/[-\\w+]+" }, "MemberDefinition":{ "type":"structure", @@ -28620,8 +31023,15 @@ "max":10, "min":1 }, + "MemoryInGiBAmount":{ + "type":"float", + "box":true, + "max":10000000, + "min":0 + }, "MemoryInMb":{ "type":"integer", + "box":true, "min":128 }, "MetadataProperties":{ @@ -28649,6 +31059,7 @@ "MetadataPropertyValue":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "MetricData":{ @@ -28660,7 +31071,8 @@ }, "Value":{ "shape":"Float", - "documentation":"

    The value of the metric.

    " + "documentation":"

    The value of the metric.

    ", + "box":true }, "Timestamp":{ "shape":"Timestamp", @@ -28682,17 +31094,18 @@ "shape":"AutoMLMetricEnum", "documentation":"

    The name of the metric.

    " }, + "StandardMetricName":{ + "shape":"AutoMLMetricExtendedEnum", + "documentation":"

    The name of the standard metric.

    For definitions of the standard metrics, see Autopilot candidate metrics .

    " + }, "Value":{ "shape":"Float", - "documentation":"

    The value of the metric.

    " + "documentation":"

    The value of the metric.

    ", + "box":true }, "Set":{ "shape":"MetricSetSource", "documentation":"

    The dataset split from which the AutoML job produced the metric.

    " - }, - "StandardMetricName":{ - "shape":"AutoMLMetricExtendedEnum", - "documentation":"

    The name of the standard metric.

    For definitions of the standard metrics, see Autopilot candidate metrics .

    " } }, "documentation":"

    Information about the metric for a candidate produced by an AutoML job.

    " @@ -28782,8 +31195,15 @@ "MinimumInstanceMetadataServiceVersion":{ "type":"string", "max":1, + "min":0, "pattern":"1|2" }, + "MlReservationArn":{ + "type":"string", + "max":258, + "min":20, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:[a-z0-9\\-]{1,14}/.*" + }, "MlTools":{ "type":"string", "enum":[ @@ -28812,7 +31232,8 @@ "MlflowVersion":{ "type":"string", "max":16, - "pattern":"^[0-9]*.[0-9]*.[0-9]*" + "min":0, + "pattern":"[0-9]*.[0-9]*.[0-9]*" }, "Model":{ "type":"structure", @@ -28842,7 +31263,8 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Isolates the model container. No inbound or outbound network calls can be made to or from the model container.

    " + "documentation":"

    Isolates the model container. No inbound or outbound network calls can be made to or from the model container.

    ", + "box":true }, "Tags":{ "shape":"TagList", @@ -28861,7 +31283,8 @@ "members":{ "AcceptEula":{ "shape":"AcceptEula", - "documentation":"

    Specifies agreement to the model end-user license agreement (EULA). The AcceptEula value must be explicitly defined as True in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model.

    " + "documentation":"

    Specifies agreement to the model end-user license agreement (EULA). The AcceptEula value must be explicitly defined as True in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model.

    ", + "box":true } }, "documentation":"

    The access configuration file to control access to the ML model. You can explicitly accept the model end-user license agreement (EULA) within the ModelAccessConfig.

    " @@ -28960,7 +31383,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card.

    " + "documentation":"

    The version of the model card.

    ", + "box":true }, "Content":{ "shape":"ModelCardContent", @@ -29006,7 +31430,8 @@ "ModelCardArn":{ "type":"string", "max":256, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "ModelCardContent":{ "type":"string", @@ -29029,11 +31454,12 @@ "ModelCardExportJobArn":{ "type":"string", "max":256, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}/export-job/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-card/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}/export-job/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "ModelCardExportJobSortBy":{ "type":"string", - "documentation":"Attribute by which to sort returned export jobs.", + "documentation":"

    Attribute by which to sort returned export jobs.

    ", "enum":[ "Name", "CreationTime", @@ -29085,7 +31511,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The version of the model card that the export job exports.

    " + "documentation":"

    The version of the model card that the export job exports.

    ", + "box":true }, "CreatedAt":{ "shape":"Timestamp", @@ -29227,7 +31654,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    A version of the model card.

    " + "documentation":"

    A version of the model card.

    ", + "box":true }, "CreationTime":{ "shape":"Timestamp", @@ -29339,7 +31767,8 @@ "members":{ "Enabled":{ "shape":"Boolean", - "documentation":"

    Indicates whether the alert action is turned on.

    " + "documentation":"

    Indicates whether the alert action is turned on.

    ", + "box":true } }, "documentation":"

    An alert action taken to light up an icon on the Amazon SageMaker Model Dashboard when an alert goes into InAlert status.

    " @@ -29380,7 +31809,8 @@ }, "ModelCardVersion":{ "shape":"Integer", - "documentation":"

    The model card version.

    " + "documentation":"

    The model card version.

    ", + "box":true }, "ModelCardStatus":{ "shape":"ModelCardStatus", @@ -29493,7 +31923,8 @@ "members":{ "AutoGenerateEndpointName":{ "shape":"AutoGenerateEndpointName", - "documentation":"

    Set to True to automatically generate an endpoint name for a one-click Autopilot model deployment; set to False otherwise. The default value is False.

    If you set AutoGenerateEndpointName to True, do not specify the EndpointName; otherwise a 400 error is thrown.

    " + "documentation":"

    Set to True to automatically generate an endpoint name for a one-click Autopilot model deployment; set to False otherwise. The default value is False.

    If you set AutoGenerateEndpointName to True, do not specify the EndpointName; otherwise a 400 error is thrown.

    ", + "box":true }, "EndpointName":{ "shape":"EndpointName", @@ -29612,7 +32043,8 @@ }, "ValueInMilliseconds":{ "shape":"Integer", - "documentation":"

    The model latency percentile value in milliseconds.

    " + "documentation":"

    The model latency percentile value in milliseconds.

    ", + "box":true } }, "documentation":"

    The model latency threshold.

    " @@ -29750,11 +32182,13 @@ "ModelName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?" + "min":0, + "pattern":"[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?" }, "ModelNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "ModelPackage":{ @@ -29762,7 +32196,7 @@ "members":{ "ModelPackageName":{ "shape":"EntityName", - "documentation":"

    The name of the model.

    " + "documentation":"

    The name of the model package. The name can be as follows:

    • For a versioned model, the name is automatically generated by SageMaker Model Registry and follows the format 'ModelPackageGroupName/ModelPackageVersion'.

    • For an unversioned model, you must provide the name.

    " }, "ModelPackageGroupName":{ "shape":"EntityName", @@ -29806,7 +32240,8 @@ }, "CertifyForMarketplace":{ "shape":"CertifyForMarketplace", - "documentation":"

    Whether the model package is to be certified to be listed on Amazon Web Services Marketplace. For information about listing model packages on Amazon Web Services Marketplace, see List Your Algorithm or Model Package on Amazon Web Services Marketplace.

    " + "documentation":"

    Whether the model package is to be certified to be listed on Amazon Web Services Marketplace. For information about listing model packages on Amazon Web Services Marketplace, see List Your Algorithm or Model Package on Amazon Web Services Marketplace.

    ", + "box":true }, "ModelApprovalStatus":{ "shape":"ModelApprovalStatus", @@ -29879,13 +32314,13 @@ "documentation":"

    Indicates if you want to skip model validation.

    " } }, - "documentation":"

    A versioned model that can be deployed for SageMaker inference.

    " + "documentation":"

    A container for your trained model that can be deployed for SageMaker inference. This can include inference code, artifacts, and metadata. The model package type can be one of the following.

    • Versioned model: A part of a model package group in Model Registry.

    • Unversioned model: Not part of a model package group and used in Amazon Web Services Marketplace.

    For more information, see CreateModelPackage .

    " }, "ModelPackageArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}$" + "pattern":"arn:arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}" }, "ModelPackageArnList":{ "type":"list", @@ -29895,7 +32330,6 @@ }, "ModelPackageContainerDefinition":{ "type":"structure", - "required":["Image"], "members":{ "ContainerHostname":{ "shape":"ContainerHostname", @@ -29993,13 +32427,13 @@ "documentation":"

    A list of the tags associated with the model group. For more information, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference Guide.

    " } }, - "documentation":"

    A group of versioned models in the model registry.

    " + "documentation":"

    A group of versioned models in the Model Registry.

    " }, "ModelPackageGroupArn":{ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package-group/[\\S]{1,2048}$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package-group/[\\S]{1,2048}" }, "ModelPackageGroupSortBy":{ "type":"string", @@ -30188,7 +32622,8 @@ "ModelApprovalStatus":{ "shape":"ModelApprovalStatus", "documentation":"

    The approval status of the model. This can be one of the following values.

    • APPROVED - The model is approved

    • REJECTED - The model is rejected.

    • PENDING_MANUAL_APPROVAL - The model is waiting for manual approval.

    " - } + }, + "ModelLifeCycle":{"shape":"ModelLifeCycle"} }, "documentation":"

    Provides summary information about a model package.

    " }, @@ -30248,6 +32683,7 @@ }, "ModelPackageVersion":{ "type":"integer", + "box":true, "min":1 }, "ModelQuality":{ @@ -30356,6 +32792,7 @@ }, "ModelSetupTime":{ "type":"integer", + "box":true, "min":0 }, "ModelShardingConfig":{ @@ -30495,7 +32932,8 @@ "ModelVariantName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?" + "min":0, + "pattern":"[a-zA-Z0-9]([\\-a-zA-Z0-9]*[a-zA-Z0-9])?" }, "ModelVariantStatus":{ "type":"string", @@ -30560,7 +32998,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "MonitoringAlertStatus":{ "type":"string", @@ -30711,13 +33149,15 @@ "members":{ "Header":{ "shape":"Boolean", - "documentation":"

    Indicates if the CSV data has a header.

    " + "documentation":"

    Indicates if the CSV data has a header.

    ", + "box":true } }, "documentation":"

    Represents the CSV dataset format used when running a monitoring job.

    " }, "MonitoringDatapointsToAlert":{ "type":"integer", + "box":true, "max":100, "min":1 }, @@ -30743,10 +33183,12 @@ "type":"map", "key":{"shape":"ProcessingEnvironmentKey"}, "value":{"shape":"ProcessingEnvironmentValue"}, - "max":50 + "max":50, + "min":0 }, "MonitoringEvaluationPeriod":{ "type":"integer", + "box":true, "max":100, "min":1 }, @@ -30897,13 +33339,14 @@ "MonitoringJobDefinitionArn":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "MonitoringJobDefinitionName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "MonitoringJobDefinitionSortKey":{ "type":"string", @@ -30949,7 +33392,8 @@ "members":{ "Line":{ "shape":"Boolean", - "documentation":"

    Indicates if the file should be read as a JSON object per line.

    " + "documentation":"

    Indicates if the file should be read as a JSON object per line.

    ", + "box":true } }, "documentation":"

    Represents the JSON dataset format used when running a monitoring job.

    " @@ -30964,11 +33408,13 @@ "members":{ "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    Whether to encrypt all communications between the instances used for the monitoring jobs. Choose True to encrypt communications. Encryption provides greater security for distributed jobs, but the processing might take longer.

    " + "documentation":"

    Whether to encrypt all communications between the instances used for the monitoring jobs. Choose True to encrypt communications. Encryption provides greater security for distributed jobs, but the processing might take longer.

    ", + "box":true }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Whether to allow inbound and outbound network calls to and from the containers used for the monitoring job.

    " + "documentation":"

    Whether to allow inbound and outbound network calls to and from the containers used for the monitoring job.

    ", + "box":true }, "VpcConfig":{"shape":"VpcConfig"} }, @@ -31008,8 +33454,7 @@ }, "MonitoringParquetDatasetFormat":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Represents the Parquet dataset format used when running a monitoring job.

    " }, "MonitoringProblemType":{ @@ -31056,7 +33501,8 @@ "MonitoringS3Uri":{ "type":"string", "max":512, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "MonitoringSchedule":{ "type":"structure", @@ -31105,6 +33551,7 @@ "MonitoringScheduleArn":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "MonitoringScheduleConfig":{ @@ -31137,7 +33584,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "MonitoringScheduleSortKey":{ "type":"string", @@ -31212,7 +33659,8 @@ "members":{ "MaxRuntimeInSeconds":{ "shape":"MonitoringMaxRuntimeInSeconds", - "documentation":"

    The maximum runtime allowed in seconds.

    The MaxRuntimeInSeconds cannot exceed the frequency of the job. For data quality and model explainability, this can be up to 3600 seconds for an hourly schedule. For model bias and model quality hourly schedules, this can be up to 1800 seconds.

    " + "documentation":"

    The maximum runtime allowed in seconds.

    The MaxRuntimeInSeconds cannot exceed the frequency of the job. For data quality and model explainability, this can be up to 3600 seconds for an hourly schedule. For model bias and model quality hourly schedules, this can be up to 1800 seconds.

    ", + "box":true } }, "documentation":"

    A time limit for how long the monitoring job is allowed to run before stopping.

    " @@ -31221,7 +33669,7 @@ "type":"string", "max":15, "min":1, - "pattern":"^.?P.*" + "pattern":".?P.*" }, "MonitoringType":{ "type":"string", @@ -31235,7 +33683,8 @@ "MountPath":{ "type":"string", "max":1024, - "pattern":"^\\/.*" + "min":0, + "pattern":"\\/.*" }, "MultiModelConfig":{ "type":"structure", @@ -31250,6 +33699,7 @@ "NameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9\\-]+" }, "NeoVpcConfig":{ @@ -31273,6 +33723,7 @@ "NeoVpcSecurityGroupId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "NeoVpcSecurityGroupIds":{ @@ -31284,6 +33735,7 @@ "NeoVpcSubnetId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "NeoVpcSubnets":{ @@ -31321,11 +33773,13 @@ "members":{ "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    Whether to encrypt all communications between distributed processing jobs. Choose True to encrypt communications. Encryption provides greater security for distributed processing jobs, but the processing might take longer.

    " + "documentation":"

    Whether to encrypt all communications between distributed processing jobs. Choose True to encrypt communications. Encryption provides greater security for distributed processing jobs, but the processing might take longer.

    ", + "box":true }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    Whether to allow inbound and outbound network calls to and from the containers used for the processing job.

    " + "documentation":"

    Whether to allow inbound and outbound network calls to and from the containers used for the processing job.

    ", + "box":true }, "VpcConfig":{"shape":"VpcConfig"} }, @@ -31335,17 +33789,59 @@ "NextToken":{ "type":"string", "max":8192, + "min":0, "pattern":".*" }, + "NodeAdditionResult":{ + "type":"structure", + "required":[ + "NodeLogicalId", + "InstanceGroupName", + "Status" + ], + "members":{ + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"

    A unique identifier assigned to the node that can be used to track its provisioning status through the DescribeClusterNode operation.

    " + }, + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group to which the node was added.

    " + }, + "Status":{ + "shape":"ClusterInstanceStatus", + "documentation":"

    The current status of the node. Possible values include Pending, Running, Failed, ShuttingDown, SystemUpdating, DeepHealthCheckInProgress, and NotFound.

    " + } + }, + "documentation":"

    Information about a node that was successfully added to the cluster.

    " + }, + "NodeAdditionResultList":{ + "type":"list", + "member":{"shape":"NodeAdditionResult"} + }, + "NodeUnavailabilityType":{ + "type":"string", + "enum":[ + "INSTANCE_COUNT", + "CAPACITY_PERCENTAGE" + ] + }, + "NodeUnavailabilityValue":{ + "type":"integer", + "box":true, + "min":1 + }, "NonEmptyString256":{ "type":"string", "max":256, - "pattern":"^(?!\\s*$).+" + "min":0, + "pattern":"(?!\\s*$).+" }, "NonEmptyString64":{ "type":"string", "max":64, - "pattern":"^(?!\\s*$).+" + "min":0, + "pattern":"(?!\\s*$).+" }, "NotebookInstanceAcceleratorType":{ "type":"string", @@ -31364,11 +33860,13 @@ }, "NotebookInstanceArn":{ "type":"string", - "max":256 + "max":256, + "min":0 }, "NotebookInstanceLifecycleConfigArn":{ "type":"string", - "max":256 + "max":256, + "min":0 }, "NotebookInstanceLifecycleConfigContent":{ "type":"string", @@ -31379,16 +33877,19 @@ "NotebookInstanceLifecycleConfigList":{ "type":"list", "member":{"shape":"NotebookInstanceLifecycleHook"}, - "max":1 + "max":1, + "min":0 }, "NotebookInstanceLifecycleConfigName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "NotebookInstanceLifecycleConfigNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "NotebookInstanceLifecycleConfigSortKey":{ @@ -31449,11 +33950,13 @@ "NotebookInstanceName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "NotebookInstanceNameContains":{ "type":"string", "max":63, + "min":0, "pattern":"[a-zA-Z0-9-]+" }, "NotebookInstanceSortKey":{ @@ -31540,6 +34043,7 @@ "NotebookInstanceUrl":{"type":"string"}, "NotebookInstanceVolumeSizeInGB":{ "type":"integer", + "box":true, "max":16384, "min":5 }, @@ -31566,19 +34070,23 @@ }, "NumberOfAcceleratorDevices":{ "type":"float", + "box":true, "min":1 }, "NumberOfCpuCores":{ "type":"float", + "box":true, "min":0.25 }, "NumberOfHumanWorkersPerDataObject":{ "type":"integer", + "box":true, "max":9, "min":1 }, "NumberOfSteps":{ "type":"integer", + "box":true, "min":1 }, "ObjectiveStatus":{ @@ -31598,15 +34106,18 @@ "members":{ "Succeeded":{ "shape":"ObjectiveStatusCounter", - "documentation":"

    The number of training jobs whose final objective metric was evaluated by the hyperparameter tuning job and used in the hyperparameter tuning process.

    " + "documentation":"

    The number of training jobs whose final objective metric was evaluated by the hyperparameter tuning job and used in the hyperparameter tuning process.

    ", + "box":true }, "Pending":{ "shape":"ObjectiveStatusCounter", - "documentation":"

    The number of training jobs that are in progress and pending evaluation of their final objective metric.

    " + "documentation":"

    The number of training jobs that are in progress and pending evaluation of their final objective metric.

    ", + "box":true }, "Failed":{ "shape":"ObjectiveStatusCounter", - "documentation":"

    The number of training jobs whose final objective metric was not evaluated and used in the hyperparameter tuning process. This typically occurs when the training job failed or did not emit an objective metric.

    " + "documentation":"

    The number of training jobs whose final objective metric was not evaluated and used in the hyperparameter tuning process. This typically occurs when the training job failed or did not emit an objective metric.

    ", + "box":true } }, "documentation":"

    Specifies the number of training jobs that this hyperparameter tuning job launched, categorized by the status of their objective metric. The objective metric status shows whether the final objective metric for the training job has been evaluated by the tuning job and used in the hyperparameter tuning process.

    " @@ -31621,7 +34132,8 @@ }, "DisableGlueTableCreation":{ "shape":"Boolean", - "documentation":"

    Set to True to disable the automatic creation of an Amazon Web Services Glue table when configuring an OfflineStore. If set to False, Feature Store will name the OfflineStore Glue table following Athena's naming recommendations.

    The default value is False.

    " + "documentation":"

    Set to True to disable the automatic creation of an Amazon Web Services Glue table when configuring an OfflineStore. If set to False, Feature Store will name the OfflineStore Glue table following Athena's naming recommendations.

    The default value is False.

    ", + "box":true }, "DataCatalogConfig":{ "shape":"DataCatalogConfig", @@ -31758,6 +34270,7 @@ "OidcEndpoint":{ "type":"string", "max":500, + "min":0, "pattern":"https://\\S+" }, "OidcMemberDefinition":{ @@ -31785,7 +34298,8 @@ }, "EnableOnlineStore":{ "shape":"Boolean", - "documentation":"

    Turn OnlineStore off by specifying False for the EnableOnlineStore flag. Turn OnlineStore on by specifying True for the EnableOnlineStore flag.

    The default value is False.

    " + "documentation":"

    Turn OnlineStore off by specifying False for the EnableOnlineStore flag. Turn OnlineStore on by specifying True for the EnableOnlineStore flag.

    The default value is False.

    ", + "box":true }, "TtlDuration":{ "shape":"TtlDuration", @@ -31818,7 +34332,10 @@ }, "documentation":"

    The security configuration for OnlineStore.

    " }, - "OnlineStoreTotalSizeBytes":{"type":"long"}, + "OnlineStoreTotalSizeBytes":{ + "type":"long", + "box":true + }, "Operator":{ "type":"string", "enum":[ @@ -31856,16 +34373,19 @@ "OptimizationConfigs":{ "type":"list", "member":{"shape":"OptimizationConfig"}, - "max":10 + "max":10, + "min":0 }, "OptimizationContainerImage":{ "type":"string", "max":255, + "min":0, "pattern":"[\\S]+" }, "OptimizationJobArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:optimization-job/.*" }, "OptimizationJobDeploymentInstanceType":{ @@ -31890,6 +34410,14 @@ "ml.g6.16xlarge", "ml.g6.24xlarge", "ml.g6.48xlarge", + "ml.g6e.xlarge", + "ml.g6e.2xlarge", + "ml.g6e.4xlarge", + "ml.g6e.8xlarge", + "ml.g6e.12xlarge", + "ml.g6e.16xlarge", + "ml.g6e.24xlarge", + "ml.g6e.48xlarge", "ml.inf2.xlarge", "ml.inf2.8xlarge", "ml.inf2.24xlarge", @@ -31903,7 +34431,8 @@ "type":"map", "key":{"shape":"NonEmptyString256"}, "value":{"shape":"String256"}, - "max":25 + "max":25, + "min":0 }, "OptimizationJobModelSource":{ "type":"structure", @@ -32016,7 +34545,8 @@ "members":{ "AcceptEula":{ "shape":"OptimizationModelAcceptEula", - "documentation":"

    Specifies agreement to the model end-user license agreement (EULA). The AcceptEula value must be explicitly defined as True in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model.

    " + "documentation":"

    Specifies agreement to the model end-user license agreement (EULA). The AcceptEula value must be explicitly defined as True in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model.

    ", + "box":true } }, "documentation":"

    The access configuration settings for the source ML model for an optimization job, where you can accept the model end-user license agreement (EULA).

    " @@ -32057,6 +34587,7 @@ "OptimizationVpcSecurityGroupId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "OptimizationVpcSecurityGroupIds":{ @@ -32068,6 +34599,7 @@ "OptimizationVpcSubnetId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "OptimizationVpcSubnets":{ @@ -32076,8 +34608,14 @@ "max":16, "min":1 }, - "OptionalDouble":{"type":"double"}, - "OptionalInteger":{"type":"integer"}, + "OptionalDouble":{ + "type":"double", + "box":true + }, + "OptionalInteger":{ + "type":"integer", + "box":true + }, "OptionalVolumeSizeInGB":{ "type":"integer", "min":0 @@ -32190,6 +34728,7 @@ "PaginationToken":{ "type":"string", "max":8192, + "min":0, "pattern":".*" }, "ParallelismConfiguration":{ @@ -32198,7 +34737,8 @@ "members":{ "MaxParallelExecutionSteps":{ "shape":"MaxParallelExecutionSteps", - "documentation":"

    The max number of steps that can be executed in parallel.

    " + "documentation":"

    The max number of steps that can be executed in parallel.

    ", + "box":true } }, "documentation":"

    Configuration that controls the parallelism of the pipeline. By default, the parallelism configuration specified applies to all executions of the pipeline unless overridden.

    " @@ -32224,6 +34764,7 @@ "ParameterKey":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ParameterList":{ @@ -32235,6 +34776,7 @@ "ParameterName":{ "type":"string", "max":256, + "min":0, "pattern":"[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]*" }, "ParameterRange":{ @@ -32289,6 +34831,7 @@ "ParameterValue":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ParameterValues":{ @@ -32348,7 +34891,7 @@ "type":"string", "max":128, "min":1, - "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:partner-app\\/app-[A-Z0-9]{12}$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:partner-app\\/app-[A-Z0-9]{12}" }, "PartnerAppAuthType":{ "type":"string", @@ -32382,7 +34925,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9]+" + "pattern":"[a-zA-Z0-9]+" }, "PartnerAppStatus":{ "type":"string", @@ -32604,6 +35147,7 @@ "PipelineArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:pipeline/.*" }, "PipelineDefinition":{ @@ -32689,6 +35233,14 @@ "PipelineParameters":{ "shape":"ParameterList", "documentation":"

    Contains a list of pipeline parameters. This list can be empty.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version that started this execution.

    " + }, + "PipelineVersionDisplayName":{ + "shape":"PipelineVersionName", + "documentation":"

    The display name of the pipeline version that started this execution.

    " } }, "documentation":"

    An execution of a pipeline.

    " @@ -32696,7 +35248,8 @@ "PipelineExecutionArn":{ "type":"string", "max":2048, - "pattern":"^arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:pipeline\\/.*\\/execution\\/.*$" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:pipeline\\/.*\\/execution\\/.*" }, "PipelineExecutionDescription":{ "type":"string", @@ -32707,13 +35260,14 @@ "PipelineExecutionFailureReason":{ "type":"string", "max":1300, + "min":0, "pattern":".*" }, "PipelineExecutionName":{ "type":"string", "max":82, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,81}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,81}" }, "PipelineExecutionStatus":{ "type":"string", @@ -32766,7 +35320,8 @@ }, "AttemptCount":{ "shape":"Integer", - "documentation":"

    The current attempt of the execution step. For more information, see Retry Policy for SageMaker Pipelines steps.

    " + "documentation":"

    The current attempt of the execution step. For more information, see Retry Policy for SageMaker Pipelines steps.

    ", + "box":true }, "SelectiveExecutionResult":{ "shape":"SelectiveExecutionResult", @@ -32905,7 +35460,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}" }, "PipelineNameOrArn":{ "type":"string", @@ -32917,7 +35472,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[A-Za-z0-9\\-_]*$" + "pattern":"[A-Za-z0-9\\-_]*" }, "PipelineStatus":{ "type":"string", @@ -32970,10 +35525,130 @@ "max":100, "min":0 }, + "PipelineVersion":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version.

    " + }, + "PipelineVersionDisplayName":{ + "shape":"PipelineVersionName", + "documentation":"

    The display name of the pipeline version.

    " + }, + "PipelineVersionDescription":{ + "shape":"PipelineVersionDescription", + "documentation":"

    The description of the pipeline version.

    " + }, + "CreationTime":{ + "shape":"Timestamp", + "documentation":"

    The creation time of the pipeline version.

    " + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The time when the pipeline version was last modified.

    " + }, + "CreatedBy":{"shape":"UserContext"}, + "LastModifiedBy":{"shape":"UserContext"}, + "LastExecutedPipelineExecutionArn":{ + "shape":"PipelineExecutionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the most recent pipeline execution created from this pipeline version.

    " + }, + "LastExecutedPipelineExecutionDisplayName":{ + "shape":"PipelineExecutionName", + "documentation":"

    The display name of the most recent pipeline execution created from this pipeline version.

    " + }, + "LastExecutedPipelineExecutionStatus":{ + "shape":"PipelineExecutionStatus", + "documentation":"

    The status of the most recent pipeline execution created from this pipeline version.

    " + } + }, + "documentation":"

    The version of the pipeline.

    " + }, + "PipelineVersionDescription":{ + "type":"string", + "max":3072, + "min":0, + "pattern":".*" + }, + "PipelineVersionId":{ + "type":"long", + "box":true, + "min":1 + }, + "PipelineVersionName":{ + "type":"string", + "max":82, + "min":1, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,81}" + }, + "PipelineVersionSummary":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version.

    " + }, + "CreationTime":{ + "shape":"Timestamp", + "documentation":"

    The creation time of the pipeline version.

    " + }, + "PipelineVersionDescription":{ + "shape":"PipelineVersionDescription", + "documentation":"

    The description of the pipeline version.

    " + }, + "PipelineVersionDisplayName":{ + "shape":"PipelineVersionName", + "documentation":"

    The display name of the pipeline version.

    " + }, + "LastExecutionPipelineExecutionArn":{ + "shape":"PipelineExecutionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the most recent pipeline execution created from this pipeline version.

    " + } + }, + "documentation":"

    The summary of the pipeline version.

    " + }, + "PipelineVersionSummaryList":{ + "type":"list", + "member":{"shape":"PipelineVersionSummary"}, + "max":100, + "min":0 + }, + "PlacementSpecification":{ + "type":"structure", + "required":["InstanceCount"], + "members":{ + "UltraServerId":{ + "shape":"String256", + "documentation":"

    The unique identifier of the UltraServer where instances should be placed.

    " + }, + "InstanceCount":{ + "shape":"TrainingInstanceCount", + "documentation":"

    The number of ML compute instances required to be placed together on the same UltraServer. Minimum value of 1.

    ", + "box":true + } + }, + "documentation":"

    Specifies how instances should be placed on a specific UltraServer.

    " + }, + "PlacementSpecifications":{ + "type":"list", + "member":{"shape":"PlacementSpecification"}, + "max":10, + "min":0 + }, "PlatformIdentifier":{ "type":"string", - "max":15, - "pattern":"^(notebook-al1-v1|notebook-al2-v1|notebook-al2-v2|notebook-al2-v3)$" + "max":20, + "min":0, + "pattern":"(notebook-al1-v1|notebook-al2-v1|notebook-al2-v2|notebook-al2-v3|notebook-al2023-v1)" }, "PolicyString":{ "type":"string", @@ -32999,6 +35674,21 @@ ] }, "PresignedDomainUrl":{"type":"string"}, + "PresignedUrlAccessConfig":{ + "type":"structure", + "members":{ + "AcceptEula":{ + "shape":"Boolean", + "documentation":"

    Indicates acceptance of the End User License Agreement (EULA) for gated models. Set to true to acknowledge acceptance of the license terms required for accessing gated content.

    ", + "box":true + }, + "ExpectedS3Url":{ + "shape":"S3ModelUri", + "documentation":"

    The expected S3 URL prefix for validation purposes. This parameter helps ensure consistency between the resolved S3 URIs and the deployment configuration, reducing potential compatibility issues.

    " + } + }, + "documentation":"

    Configuration for accessing hub content through presigned URLs, including license agreement acceptance and URL validation settings.

    " + }, "PriorityClass":{ "type":"structure", "required":[ @@ -33025,10 +35715,14 @@ }, "PriorityWeight":{ "type":"integer", + "box":true, "max":100, "min":0 }, - "ProbabilityThresholdAttribute":{"type":"double"}, + "ProbabilityThresholdAttribute":{ + "type":"double", + "box":true + }, "ProblemType":{ "type":"string", "enum":[ @@ -33067,17 +35761,20 @@ "ProcessingEnvironmentKey":{ "type":"string", "max":256, + "min":0, "pattern":"[a-zA-Z_][a-zA-Z0-9_]*" }, "ProcessingEnvironmentMap":{ "type":"map", "key":{"shape":"ProcessingEnvironmentKey"}, "value":{"shape":"ProcessingEnvironmentValue"}, - "max":100 + "max":100, + "min":0 }, "ProcessingEnvironmentValue":{ "type":"string", "max":256, + "min":0, "pattern":"[\\S\\s]*" }, "ProcessingFeatureStoreOutput":{ @@ -33101,7 +35798,8 @@ }, "AppManaged":{ "shape":"AppManaged", - "documentation":"

    When True, input operations such as data download are managed natively by the processing job application. When False (default), input operations are managed by Amazon SageMaker.

    " + "documentation":"

    When True, input operations such as data download are managed natively by the processing job application. When False (default), input operations are managed by Amazon SageMaker.

    ", + "box":true }, "S3Input":{ "shape":"ProcessingS3Input", @@ -33122,6 +35820,7 @@ }, "ProcessingInstanceCount":{ "type":"integer", + "box":true, "max":100, "min":1 }, @@ -33187,7 +35886,68 @@ "ml.r5d.8xlarge", "ml.r5d.12xlarge", "ml.r5d.16xlarge", - "ml.r5d.24xlarge" + "ml.r5d.24xlarge", + "ml.g6.xlarge", + "ml.g6.2xlarge", + "ml.g6.4xlarge", + "ml.g6.8xlarge", + "ml.g6.12xlarge", + "ml.g6.16xlarge", + "ml.g6.24xlarge", + "ml.g6.48xlarge", + "ml.g6e.xlarge", + "ml.g6e.2xlarge", + "ml.g6e.4xlarge", + "ml.g6e.8xlarge", + "ml.g6e.12xlarge", + "ml.g6e.16xlarge", + "ml.g6e.24xlarge", + "ml.g6e.48xlarge", + "ml.m6i.large", + "ml.m6i.xlarge", + "ml.m6i.2xlarge", + "ml.m6i.4xlarge", + "ml.m6i.8xlarge", + "ml.m6i.12xlarge", + "ml.m6i.16xlarge", + "ml.m6i.24xlarge", + "ml.m6i.32xlarge", + "ml.c6i.xlarge", + "ml.c6i.2xlarge", + "ml.c6i.4xlarge", + "ml.c6i.8xlarge", + "ml.c6i.12xlarge", + "ml.c6i.16xlarge", + "ml.c6i.24xlarge", + "ml.c6i.32xlarge", + "ml.m7i.large", + "ml.m7i.xlarge", + "ml.m7i.2xlarge", + "ml.m7i.4xlarge", + "ml.m7i.8xlarge", + "ml.m7i.12xlarge", + "ml.m7i.16xlarge", + "ml.m7i.24xlarge", + "ml.m7i.48xlarge", + "ml.c7i.large", + "ml.c7i.xlarge", + "ml.c7i.2xlarge", + "ml.c7i.4xlarge", + "ml.c7i.8xlarge", + "ml.c7i.12xlarge", + "ml.c7i.16xlarge", + "ml.c7i.24xlarge", + "ml.c7i.48xlarge", + "ml.r7i.large", + "ml.r7i.xlarge", + "ml.r7i.2xlarge", + "ml.r7i.4xlarge", + "ml.r7i.8xlarge", + "ml.r7i.12xlarge", + "ml.r7i.16xlarge", + "ml.r7i.24xlarge", + "ml.r7i.48xlarge", + "ml.p5.4xlarge" ] }, "ProcessingJob":{ @@ -33269,13 +36029,14 @@ "ProcessingJobArn":{ "type":"string", "max":256, - "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:processing-job/.*" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:processing-job/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "ProcessingJobName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "ProcessingJobStatus":{ "type":"string", @@ -33348,6 +36109,7 @@ "ProcessingLocalPath":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "ProcessingMaxRuntimeInSeconds":{ @@ -33373,7 +36135,8 @@ }, "AppManaged":{ "shape":"AppManaged", - "documentation":"

    When True, output operations such as data upload are managed natively by the processing job application. When False (default), output operations are managed by Amazon SageMaker.

    " + "documentation":"

    When True, output operations such as data upload are managed natively by the processing job application. When False (default), output operations are managed by Amazon SageMaker.

    ", + "box":true } }, "documentation":"

    Describes the results of a processing job. The processing output must specify exactly one of either S3Output or FeatureStoreOutput types.

    " @@ -33388,7 +36151,7 @@ }, "KmsKeyId":{ "shape":"KmsKeyId", - "documentation":"

    The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that Amazon SageMaker uses to encrypt the processing job output. KmsKeyId can be an ID of a KMS key, ARN of a KMS key, alias of a KMS key, or alias of a KMS key. The KmsKeyId is applied to all outputs.

    " + "documentation":"

    The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that Amazon SageMaker uses to encrypt the processing job output. KmsKeyId can be an ID of a KMS key, ARN of a KMS key, or alias of a KMS key. The KmsKeyId is applied to all outputs.

    " } }, "documentation":"

    Configuration for uploading output from the processing container.

    " @@ -33456,7 +36219,7 @@ }, "S3DataDistributionType":{ "shape":"ProcessingS3DataDistributionType", - "documentation":"

    Whether to distribute the data from Amazon S3 to all processing instances with FullyReplicated, or whether the data from Amazon S3 is shared by Amazon S3 key, downloading one shard of data to each processing instance.

    " + "documentation":"

    Whether to distribute the data from Amazon S3 to all processing instances with FullyReplicated, or whether the data from Amazon S3 is sharded by Amazon S3 key, downloading one shard of data to each processing instance.

    " }, "S3CompressionType":{ "shape":"ProcessingS3CompressionType", @@ -33507,13 +36270,15 @@ "members":{ "MaxRuntimeInSeconds":{ "shape":"ProcessingMaxRuntimeInSeconds", - "documentation":"

    Specifies the maximum runtime in seconds.

    " + "documentation":"

    Specifies the maximum runtime in seconds.

    ", + "box":true } }, "documentation":"

    Configures conditions under which the processing job should be stopped, such as how long the processing job has been running. After the condition is met, the processing job is stopped.

    " }, "ProcessingVolumeSizeInGB":{ "type":"integer", + "box":true, "max":16384, "min":1 }, @@ -33527,7 +36292,8 @@ "ProductId":{ "type":"string", "max":256, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*$" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "ProductListings":{ "type":"list", @@ -33595,7 +36361,11 @@ }, "InferenceAmiVersion":{ "shape":"ProductionVariantInferenceAmiVersion", - "documentation":"

    Specifies an option from a collection of preconfigured Amazon Machine Image (AMI) images. Each image is configured by Amazon Web Services with a set of software and driver versions. Amazon Web Services optimizes these configurations for different machine learning workloads.

    By selecting an AMI version, you can ensure that your inference environment is compatible with specific software requirements, such as CUDA driver versions, Linux kernel versions, or Amazon Web Services Neuron driver versions.

    The AMI version names, and their configurations, are the following:

    al2-ami-sagemaker-inference-gpu-2

    • Accelerator: GPU

    • NVIDIA driver version: 535.54.03

    • CUDA driver version: 12.2

    • Supported instance types: ml.g4dn.*, ml.g5.*, ml.g6.*, ml.p3.*, ml.p4d.*, ml.p4de.*, ml.p5.*

    " + "documentation":"

    Specifies an option from a collection of preconfigured Amazon Machine Image (AMI) images. Each image is configured by Amazon Web Services with a set of software and driver versions. Amazon Web Services optimizes these configurations for different machine learning workloads.

    By selecting an AMI version, you can ensure that your inference environment is compatible with specific software requirements, such as CUDA driver versions, Linux kernel versions, or Amazon Web Services Neuron driver versions.

    The AMI version names, and their configurations, are the following:

    al2-ami-sagemaker-inference-gpu-2

    • Accelerator: GPU

    • NVIDIA driver version: 535

    • CUDA version: 12.2

    al2-ami-sagemaker-inference-gpu-2-1

    • Accelerator: GPU

    • NVIDIA driver version: 535

    • CUDA version: 12.2

    • NVIDIA Container Toolkit with disabled CUDA-compat mounting

    al2-ami-sagemaker-inference-gpu-3-1

    • Accelerator: GPU

    • NVIDIA driver version: 550

    • CUDA version: 12.4

    • NVIDIA Container Toolkit with disabled CUDA-compat mounting

    al2-ami-sagemaker-inference-neuron-2

    • Accelerator: Inferentia2 and Trainium

    • Neuron driver version: 2.19

    " + }, + "CapacityReservationConfig":{ + "shape":"ProductionVariantCapacityReservationConfig", + "documentation":"

    Settings for the capacity reservation for the compute instances that SageMaker AI reserves for an endpoint.

    " } }, "documentation":"

    Identifies a model that you want to host and the resources chosen to deploy for hosting it. If you are deploying multiple models, tell SageMaker how to distribute traffic among the models by specifying variant weights. For more information on production variants, check Production variants.

    " @@ -33611,8 +36381,53 @@ "ml.eia2.xlarge" ] }, + "ProductionVariantCapacityReservationConfig":{ + "type":"structure", + "members":{ + "CapacityReservationPreference":{ + "shape":"CapacityReservationPreference", + "documentation":"

    Options that you can choose for the capacity reservation. SageMaker AI supports the following options:

    capacity-reservations-only

    SageMaker AI launches instances only into an ML capacity reservation. If no capacity is available, the instances fail to launch.

    " + }, + "MlReservationArn":{ + "shape":"MlReservationArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the ML capacity reservation that SageMaker AI applies when it deploys the endpoint.

    " + } + }, + "documentation":"

    Settings for the capacity reservation for the compute instances that SageMaker AI reserves for an endpoint.

    " + }, + "ProductionVariantCapacityReservationSummary":{ + "type":"structure", + "members":{ + "MlReservationArn":{ + "shape":"MlReservationArn", + "documentation":"

    The Amazon Resource Name (ARN) that uniquely identifies the ML capacity reservation that SageMaker AI applies when it deploys the endpoint.

    " + }, + "CapacityReservationPreference":{ + "shape":"CapacityReservationPreference", + "documentation":"

    The option that you chose for the capacity reservation. SageMaker AI supports the following options:

    capacity-reservations-only

    SageMaker AI launches instances only into an ML capacity reservation. If no capacity is available, the instances fail to launch.

    " + }, + "TotalInstanceCount":{ + "shape":"TaskCount", + "documentation":"

    The number of instances that you allocated to the ML capacity reservation.

    " + }, + "AvailableInstanceCount":{ + "shape":"TaskCount", + "documentation":"

    The number of instances that are currently available in the ML capacity reservation.

    " + }, + "UsedByCurrentEndpoint":{ + "shape":"TaskCount", + "documentation":"

    The number of instances from the ML capacity reservation that are being used by the endpoint.

    " + }, + "Ec2CapacityReservations":{ + "shape":"Ec2CapacityReservationsList", + "documentation":"

    The EC2 capacity reservations that are shared to this ML capacity reservation, if any.

    " + } + }, + "documentation":"

    Details about an ML capacity reservation.

    " + }, "ProductionVariantContainerStartupHealthCheckTimeoutInSeconds":{ "type":"integer", + "box":true, "max":3600, "min":60 }, @@ -33633,7 +36448,12 @@ }, "ProductionVariantInferenceAmiVersion":{ "type":"string", - "enum":["al2-ami-sagemaker-inference-gpu-2"] + "enum":[ + "al2-ami-sagemaker-inference-gpu-2", + "al2-ami-sagemaker-inference-gpu-2-1", + "al2-ami-sagemaker-inference-gpu-3-1", + "al2-ami-sagemaker-inference-neuron-2" + ] }, "ProductionVariantInstanceType":{ "type":"string", @@ -33748,6 +36568,16 @@ "ml.g6.16xlarge", "ml.g6.24xlarge", "ml.g6.48xlarge", + "ml.r8g.medium", + "ml.r8g.large", + "ml.r8g.xlarge", + "ml.r8g.2xlarge", + "ml.r8g.4xlarge", + "ml.r8g.8xlarge", + "ml.r8g.12xlarge", + "ml.r8g.16xlarge", + "ml.r8g.24xlarge", + "ml.r8g.48xlarge", "ml.g6e.xlarge", "ml.g6e.2xlarge", "ml.g6e.4xlarge", @@ -33824,6 +36654,7 @@ "ml.inf2.48xlarge", "ml.p5.48xlarge", "ml.p5e.48xlarge", + "ml.p5en.48xlarge", "ml.m7i.large", "ml.m7i.xlarge", "ml.m7i.2xlarge", @@ -33850,7 +36681,47 @@ "ml.r7i.12xlarge", "ml.r7i.16xlarge", "ml.r7i.24xlarge", - "ml.r7i.48xlarge" + "ml.r7i.48xlarge", + "ml.c8g.medium", + "ml.c8g.large", + "ml.c8g.xlarge", + "ml.c8g.2xlarge", + "ml.c8g.4xlarge", + "ml.c8g.8xlarge", + "ml.c8g.12xlarge", + "ml.c8g.16xlarge", + "ml.c8g.24xlarge", + "ml.c8g.48xlarge", + "ml.r7gd.medium", + "ml.r7gd.large", + "ml.r7gd.xlarge", + "ml.r7gd.2xlarge", + "ml.r7gd.4xlarge", + "ml.r7gd.8xlarge", + "ml.r7gd.12xlarge", + "ml.r7gd.16xlarge", + "ml.m8g.medium", + "ml.m8g.large", + "ml.m8g.xlarge", + "ml.m8g.2xlarge", + "ml.m8g.4xlarge", + "ml.m8g.8xlarge", + "ml.m8g.12xlarge", + "ml.m8g.16xlarge", + "ml.m8g.24xlarge", + "ml.m8g.48xlarge", + "ml.c6in.large", + "ml.c6in.xlarge", + "ml.c6in.2xlarge", + "ml.c6in.4xlarge", + "ml.c6in.8xlarge", + "ml.c6in.12xlarge", + "ml.c6in.16xlarge", + "ml.c6in.24xlarge", + "ml.c6in.32xlarge", + "ml.p6-b200.48xlarge", + "ml.p6e-gb200.36xlarge", + "ml.p5.4xlarge" ] }, "ProductionVariantList":{ @@ -33879,6 +36750,7 @@ }, "ProductionVariantModelDataDownloadTimeoutInSeconds":{ "type":"integer", + "box":true, "max":3600, "min":60 }, @@ -33893,7 +36765,10 @@ }, "documentation":"

    Settings that control how the endpoint routes incoming traffic to the instances that the endpoint hosts.

    " }, - "ProductionVariantSSMAccess":{"type":"boolean"}, + "ProductionVariantSSMAccess":{ + "type":"boolean", + "box":true + }, "ProductionVariantServerlessConfig":{ "type":"structure", "required":[ @@ -34002,6 +36877,10 @@ "RoutingConfig":{ "shape":"ProductionVariantRoutingConfig", "documentation":"

    Settings that control how the endpoint routes incoming traffic to the instances that the endpoint hosts.

    " + }, + "CapacityReservationConfig":{ + "shape":"ProductionVariantCapacityReservationSummary", + "documentation":"

    Settings for the capacity reservation for the compute instances that SageMaker AI reserves for an endpoint.

    " } }, "documentation":"

    Describes weight and capacities for a production variant associated with an endpoint. If you sent a request to the UpdateEndpointWeightsAndCapacities API and the endpoint status is Updating, you get different desired and current values.

    " @@ -34013,6 +36892,7 @@ }, "ProductionVariantVolumeSizeInGB":{ "type":"integer", + "box":true, "max":512, "min":1 }, @@ -34033,7 +36913,8 @@ }, "DisableProfiler":{ "shape":"DisableProfiler", - "documentation":"

    Configuration to turn off Amazon SageMaker Debugger's system monitoring and profiling functionality. To turn it off, set to True.

    " + "documentation":"

    Configuration to turn off Amazon SageMaker Debugger's system monitoring and profiling functionality. To turn it off, set to True.

    ", + "box":true } }, "documentation":"

    Configuration information for Amazon SageMaker Debugger system monitoring, framework profiling, and storage paths.

    " @@ -34055,7 +36936,8 @@ }, "DisableProfiler":{ "shape":"DisableProfiler", - "documentation":"

    To turn off Amazon SageMaker Debugger monitoring and profiling while a training job is in progress, set to True.

    " + "documentation":"

    To turn off Amazon SageMaker Debugger monitoring and profiling while a training job is in progress, set to True.

    ", + "box":true } }, "documentation":"

    Configuration information for updating the Amazon SageMaker Debugger profile parameters, system and framework metrics configurations, and storage paths.

    " @@ -34089,7 +36971,8 @@ }, "VolumeSizeInGB":{ "shape":"OptionalVolumeSizeInGB", - "documentation":"

    The size, in GB, of the ML storage volume attached to the processing instance.

    " + "documentation":"

    The size, in GB, of the ML storage volume attached to the processing instance.

    ", + "box":true }, "RuleParameters":{ "shape":"RuleParameters", @@ -34136,7 +37019,10 @@ "max":20, "min":0 }, - "ProfilingIntervalInMilliseconds":{"type":"long"}, + "ProfilingIntervalInMilliseconds":{ + "type":"long", + "box":true + }, "ProfilingParameters":{ "type":"map", "key":{"shape":"ConfigKey"}, @@ -34155,7 +37041,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[a-zA-Z]+ ?\\d+\\.\\d+(\\.\\d+)?$" + "pattern":"[a-zA-Z]+ ?\\d+\\.\\d+(\\.\\d+)?" }, "Project":{ "type":"structure", @@ -34190,6 +37076,10 @@ "shape":"Timestamp", "documentation":"

    A timestamp specifying when the project was created.

    " }, + "TemplateProviderDetails":{ + "shape":"TemplateProviderDetailList", + "documentation":"

    An array of template providers associated with the project.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see Tagging Amazon Web Services Resources.

    " @@ -34206,19 +37096,19 @@ "type":"string", "max":2048, "min":1, - "pattern":"^arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:project/[\\S]{1,2048}$" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:project/[\\S]{1,2048}" }, "ProjectEntityName":{ "type":"string", "max":32, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,31}" }, "ProjectId":{ "type":"string", "max":20, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" }, "ProjectSortBy":{ "type":"string", @@ -34348,6 +37238,7 @@ "ProvisioningParameterValue":{ "type":"string", "max":4096, + "min":0, "pattern":".*" }, "ProvisioningParameters":{ @@ -34393,7 +37284,7 @@ }, "QProfileArn":{ "type":"string", - "pattern":"^arn:[-.a-z0-9]{1,63}:codewhisperer:([-.a-z0-9]{0,63}:){2}([a-zA-Z0-9-_:/]){1,1023}$" + "pattern":"arn:[-.a-z0-9]{1,63}:codewhisperer:([-.a-z0-9]{0,63}:){2}([a-zA-Z0-9-_:/]){1,1023}" }, "QualityCheckStepMetadata":{ "type":"structure", @@ -34432,11 +37323,13 @@ }, "SkipCheck":{ "shape":"Boolean", - "documentation":"

    This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to False, the previous baseline of the configured check type must be available.

    " + "documentation":"

    This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to False, the previous baseline of the configured check type must be available.

    ", + "box":true }, "RegisterNewBaseline":{ "shape":"Boolean", - "documentation":"

    This flag indicates if a newly calculated baseline can be accessed through step properties BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics. If it is set to False, the previous baseline of the configured check type must also be available. These can be accessed through the BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics properties.

    " + "documentation":"

    This flag indicates if a newly calculated baseline can be accessed through step properties BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics. If it is set to False, the previous baseline of the configured check type must also be available. These can be accessed through the BaselineUsedForDriftCheckConstraints and BaselineUsedForDriftCheckStatistics properties.

    ", + "box":true } }, "documentation":"

    Container for the metadata for a Quality check step. For more information, see the topic on QualityCheck step in the Amazon SageMaker Developer Guide.

    " @@ -34477,10 +37370,12 @@ }, "QueryLineageMaxDepth":{ "type":"integer", + "box":true, "max":10 }, "QueryLineageMaxResults":{ "type":"integer", + "box":true, "max":50 }, "QueryLineageRequest":{ @@ -34496,7 +37391,8 @@ }, "IncludeEdges":{ "shape":"Boolean", - "documentation":"

    Setting this value to True retrieves not only the entities of interest but also the Associations and lineage entities on the path. Set to False to only return lineage entities that match your query.

    " + "documentation":"

    Setting this value to True retrieves not only the entities of interest but also the Associations and lineage entities on the path. Set to False to only return lineage entities that match your query.

    ", + "box":true }, "Filters":{ "shape":"QueryFilters", @@ -34542,18 +37438,21 @@ "QueryLineageTypes":{ "type":"list", "member":{"shape":"LineageType"}, - "max":4 + "max":4, + "min":0 }, "QueryProperties":{ "type":"map", "key":{"shape":"String256"}, "value":{"shape":"String256"}, - "max":5 + "max":5, + "min":0 }, "QueryTypes":{ "type":"list", "member":{"shape":"String40"}, - "max":5 + "max":5, + "min":0 }, "RSessionAppSettings":{ "type":"structure", @@ -34636,6 +37535,7 @@ }, "RandomSeed":{ "type":"integer", + "box":true, "min":0 }, "RealTimeInferenceConfig":{ @@ -34692,13 +37592,14 @@ "RecommendationJobArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:inference-recommendations-job/.*" }, "RecommendationJobCompilationJobName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "RecommendationJobCompiledOutputConfig":{ "type":"structure", @@ -34764,7 +37665,8 @@ }, "RecommendationJobDescription":{ "type":"string", - "max":128 + "max":128, + "min":0 }, "RecommendationJobFrameworkVersion":{ "type":"string", @@ -34845,7 +37747,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" }, "RecommendationJobOutputConfig":{ "type":"structure", @@ -34907,7 +37809,8 @@ "members":{ "MaxInvocations":{ "shape":"Integer", - "documentation":"

    The maximum number of requests per minute expected for the endpoint.

    " + "documentation":"

    The maximum number of requests per minute expected for the endpoint.

    ", + "box":true }, "ModelLatencyThresholds":{ "shape":"ModelLatencyThresholds", @@ -34923,6 +37826,7 @@ "RecommendationJobSupportedContentType":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "RecommendationJobSupportedContentTypes":{ @@ -34943,7 +37847,8 @@ "RecommendationJobSupportedResponseMIMEType":{ "type":"string", "max":1024, - "pattern":"^[-\\w]+\\/.+$" + "min":0, + "pattern":"[-\\w]+\\/.+" }, "RecommendationJobSupportedResponseMIMETypes":{ "type":"list", @@ -34977,6 +37882,7 @@ "RecommendationJobVpcSecurityGroupId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "RecommendationJobVpcSecurityGroupIds":{ @@ -34988,6 +37894,7 @@ "RecommendationJobVpcSubnetId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "RecommendationJobVpcSubnets":{ @@ -35001,19 +37908,23 @@ "members":{ "CostPerHour":{ "shape":"Float", - "documentation":"

    Defines the cost per hour for the instance.

    " + "documentation":"

    Defines the cost per hour for the instance.

    ", + "box":true }, "CostPerInference":{ "shape":"Float", - "documentation":"

    Defines the cost per inference for the instance .

    " + "documentation":"

    Defines the cost per inference for the instance .

    ", + "box":true }, "MaxInvocations":{ "shape":"Integer", - "documentation":"

    The expected maximum number of requests per minute for the instance.

    " + "documentation":"

    The expected maximum number of requests per minute for the instance.

    ", + "box":true }, "ModelLatency":{ "shape":"Integer", - "documentation":"

    The expected model latency at maximum invocation per minute for the instance.

    " + "documentation":"

    The expected model latency at maximum invocation per minute for the instance.

    ", + "box":true }, "CpuUtilization":{ "shape":"UtilizationMetric", @@ -35134,7 +38045,12 @@ "type":"string", "max":14, "min":5, - "pattern":"^\\d{1,4}.\\d{1,4}.\\d{1,4}$" + "pattern":"\\d{1,4}.\\d{1,4}.\\d{1,4}" + }, + "RegionName":{ + "type":"string", + "max":24, + "min":1 }, "RegisterDevicesRequest":{ "type":"structure", @@ -35167,6 +38083,13 @@ }, "documentation":"

    Metadata for a register model job step.

    " }, + "Relation":{ + "type":"string", + "enum":[ + "EqualTo", + "GreaterThanOrEqualTo" + ] + }, "ReleaseNotes":{ "type":"string", "max":255, @@ -35295,7 +38218,8 @@ "RepositoryUrl":{ "type":"string", "max":1024, - "pattern":"^https://([.\\-_a-zA-Z0-9]+/?){3,1016}$" + "min":0, + "pattern":"https://([.\\-_a-zA-Z0-9]+/?){3,1016}" }, "ReservedCapacityArn":{ "type":"string", @@ -35305,18 +38229,20 @@ }, "ReservedCapacityDurationHours":{ "type":"long", + "box":true, "max":87600, "min":0 }, "ReservedCapacityDurationMinutes":{ "type":"long", + "box":true, "max":59, "min":0 }, "ReservedCapacityInstanceCount":{ "type":"integer", "max":256, - "min":1 + "min":0 }, "ReservedCapacityInstanceType":{ "type":"string", @@ -35326,7 +38252,11 @@ "ml.p5e.48xlarge", "ml.p5en.48xlarge", "ml.trn1.32xlarge", - "ml.trn2.48xlarge" + "ml.trn2.48xlarge", + "ml.p6-b200.48xlarge", + "ml.p4de.24xlarge", + "ml.p6e-gb200.36xlarge", + "ml.p5.4xlarge" ] }, "ReservedCapacityOffering":{ @@ -35336,13 +38266,26 @@ "InstanceCount" ], "members":{ + "ReservedCapacityType":{ + "shape":"ReservedCapacityType", + "documentation":"

    The type of reserved capacity offering.

    " + }, + "UltraServerType":{ + "shape":"UltraServerType", + "documentation":"

    The type of UltraServer included in this reserved capacity offering, such as ml.u-p6e-gb200x72.

    " + }, + "UltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The number of UltraServers included in this reserved capacity offering.

    " + }, "InstanceType":{ "shape":"ReservedCapacityInstanceType", "documentation":"

    The instance type for the reserved capacity offering.

    " }, "InstanceCount":{ "shape":"ReservedCapacityInstanceCount", - "documentation":"

    The number of instances in the reserved capacity offering.

    " + "documentation":"

    The number of instances in the reserved capacity offering.

    ", + "box":true }, "AvailabilityZone":{ "shape":"AvailabilityZone", @@ -35402,6 +38345,18 @@ "shape":"ReservedCapacityArn", "documentation":"

    The Amazon Resource Name (ARN); of the reserved capacity.

    " }, + "ReservedCapacityType":{ + "shape":"ReservedCapacityType", + "documentation":"

    The type of reserved capacity.

    " + }, + "UltraServerType":{ + "shape":"UltraServerType", + "documentation":"

    The type of UltraServer included in this reserved capacity, such as ml.u-p6e-gb200x72.

    " + }, + "UltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The number of UltraServers included in this reserved capacity.

    " + }, "InstanceType":{ "shape":"ReservedCapacityInstanceType", "documentation":"

    The instance type for the reserved capacity.

    " @@ -35437,6 +38392,13 @@ }, "documentation":"

    Details of a reserved capacity for the training plan.

    For more information about how to reserve GPU capacity for your SageMaker HyperPod clusters using Amazon SageMaker Training Plan, see CreateTrainingPlan .

    " }, + "ReservedCapacityType":{ + "type":"string", + "enum":[ + "UltraServer", + "Instance" + ] + }, "ResolvedAttributes":{ "type":"structure", "members":{ @@ -35452,6 +38414,7 @@ "ResourceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z-]*:sagemaker:[a-z0-9-]*:[0-9]{12}:.+" }, "ResourceCatalog":{ @@ -35485,11 +38448,13 @@ "ResourceCatalogArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:sagemaker-catalog/.*" }, "ResourceCatalogDescription":{ "type":"string", - "max":256 + "max":256, + "min":0 }, "ResourceCatalogList":{ "type":"list", @@ -35517,15 +38482,17 @@ "members":{ "InstanceType":{ "shape":"TrainingInstanceType", - "documentation":"

    The ML compute instance type.

    SageMaker Training on Amazon Elastic Compute Cloud (EC2) P4de instances is in preview release starting December 9th, 2022.

    Amazon EC2 P4de instances (currently in preview) are powered by 8 NVIDIA A100 GPUs with 80GB high-performance HBM2e GPU memory, which accelerate the speed of training ML models that need to be trained on large datasets of high-resolution data. In this preview release, Amazon SageMaker supports ML training jobs on P4de instances (ml.p4de.24xlarge) to reduce model training time. The ml.p4de.24xlarge instances are available in the following Amazon Web Services Regions.

    • US East (N. Virginia) (us-east-1)

    • US West (Oregon) (us-west-2)

    To request quota limit increase and start using P4de instances, contact the SageMaker Training service team through your account team.

    " + "documentation":"

    The ML compute instance type.

    " }, "InstanceCount":{ "shape":"TrainingInstanceCount", - "documentation":"

    The number of ML compute instances to use. For distributed training, provide a value greater than 1.

    " + "documentation":"

    The number of ML compute instances to use. For distributed training, provide a value greater than 1.

    ", + "box":true }, "VolumeSizeInGB":{ "shape":"VolumeSizeInGB", - "documentation":"

    The size of the ML storage volume that you want to provision.

    ML storage volumes store model artifacts and incremental states. Training algorithms might also use the ML storage volume for scratch space. If you want to store the training data in the ML storage volume, choose File as the TrainingInputMode in the algorithm specification.

    When using an ML instance with NVMe SSD volumes, SageMaker doesn't provision Amazon EBS General Purpose SSD (gp2) storage. Available storage is fixed to the NVMe-type instance's storage capacity. SageMaker configures storage paths for training datasets, checkpoints, model artifacts, and outputs to use the entire capacity of the instance storage. For example, ML instance families with the NVMe-type instance storage include ml.p4d, ml.g4dn, and ml.g5.

    When using an ML instance with the EBS-only storage option and without instance storage, you must define the size of EBS volume through VolumeSizeInGB in the ResourceConfig API. For example, ML instance families that use EBS volumes include ml.c5 and ml.p2.

    To look up instance types and their instance storage types and volumes, see Amazon EC2 Instance Types.

    To find the default local paths defined by the SageMaker training platform, see Amazon SageMaker Training Storage Folders for Training Datasets, Checkpoints, Model Artifacts, and Outputs.

    " + "documentation":"

    The size of the ML storage volume that you want to provision.

    ML storage volumes store model artifacts and incremental states. Training algorithms might also use the ML storage volume for scratch space. If you want to store the training data in the ML storage volume, choose File as the TrainingInputMode in the algorithm specification.

    When using an ML instance with NVMe SSD volumes, SageMaker doesn't provision Amazon EBS General Purpose SSD (gp2) storage. Available storage is fixed to the NVMe-type instance's storage capacity. SageMaker configures storage paths for training datasets, checkpoints, model artifacts, and outputs to use the entire capacity of the instance storage. For example, ML instance families with the NVMe-type instance storage include ml.p4d, ml.g4dn, and ml.g5.

    When using an ML instance with the EBS-only storage option and without instance storage, you must define the size of EBS volume through VolumeSizeInGB in the ResourceConfig API. For example, ML instance families that use EBS volumes include ml.c5 and ml.p2.

    To look up instance types and their instance storage types and volumes, see Amazon EC2 Instance Types.

    To find the default local paths defined by the SageMaker training platform, see Amazon SageMaker Training Storage Folders for Training Datasets, Checkpoints, Model Artifacts, and Outputs.

    ", + "box":true }, "VolumeKmsKeyId":{ "shape":"KmsKeyId", @@ -35542,6 +38509,10 @@ "TrainingPlanArn":{ "shape":"TrainingPlanArn", "documentation":"

    The Amazon Resource Name (ARN); of the training plan to use for this resource configuration.

    " + }, + "InstancePlacementConfig":{ + "shape":"InstancePlacementConfig", + "documentation":"

    Configuration for how training job instances are placed and allocated within UltraServers. Only applicable for UltraServer capacity.

    " } }, "documentation":"

    Describes the resources, including machine learning (ML) compute instances and ML storage volumes, to use for model training.

    " @@ -35559,7 +38530,14 @@ }, "ResourceId":{ "type":"string", - "max":32 + "max":32, + "min":0 + }, + "ResourceIdentifier":{ + "type":"string", + "max":256, + "min":1, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:.*\\/.*" }, "ResourceInUse":{ "type":"structure", @@ -35587,7 +38565,8 @@ }, "MaxParallelTrainingJobs":{ "shape":"MaxParallelTrainingJobs", - "documentation":"

    The maximum number of concurrent training jobs that a hyperparameter tuning job can launch.

    " + "documentation":"

    The maximum number of concurrent training jobs that a hyperparameter tuning job can launch.

    ", + "box":true }, "MaxRuntimeInSeconds":{ "shape":"HyperParameterTuningMaxRuntimeInSeconds", @@ -35607,6 +38586,7 @@ "ResourcePolicyString":{ "type":"string", "max":20480, + "min":0, "pattern":".*(?:[ \\r\\n\\t].*)*" }, "ResourcePropertyName":{ @@ -35617,7 +38597,8 @@ }, "ResourceRetainedBillableTimeInSeconds":{ "type":"integer", - "documentation":"Optional. Indicates how many seconds the resource stayed in ResourceRetained state. Populated only after resource reaches ResourceReused or ResourceReleased state.", + "documentation":"

    Optional. Indicates how many seconds the resource stayed in ResourceRetained state. Populated only after resource reaches ResourceReused or ResourceReleased state.

    ", + "box":true, "min":0 }, "ResourceSharingConfig":{ @@ -35652,7 +38633,7 @@ }, "SageMakerImageVersionArn":{ "shape":"ImageVersionArn", - "documentation":"

    The ARN of the image version created on the instance.

    " + "documentation":"

    The ARN of the image version created on the instance. To clear the value set for SageMakerImageVersionArn, pass None as the value.

    " }, "SageMakerImageVersionAlias":{ "shape":"ImageVersionAlias", @@ -35667,7 +38648,7 @@ "documentation":"

    The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource.

    " } }, - "documentation":"

    Specifies the ARN's of a SageMaker AI image and SageMaker AI image version, and the instance type that the version runs on.

    " + "documentation":"

    Specifies the ARN's of a SageMaker AI image and SageMaker AI image version, and the instance type that the version runs on.

    When both SageMakerImageVersionArn and SageMakerImageArn are passed, SageMakerImageVersionArn is used. Any updates to SageMakerImageArn will not take effect if SageMakerImageVersionArn already exists in the ResourceSpec because SageMakerImageVersionArn always takes precedence. To clear the value set for SageMakerImageVersionArn, pass None as the value.

    " }, "ResourceType":{ "type":"string", @@ -35688,13 +38669,15 @@ "ImageVersion", "Project", "HyperParameterTuningJob", - "ModelCard" + "ModelCard", + "PipelineVersion" ] }, "ResponseMIMEType":{ "type":"string", "max":1024, - "pattern":"^[-\\w]+\\/.+$" + "min":0, + "pattern":"[-\\w]+\\/.+" }, "ResponseMIMETypes":{ "type":"list", @@ -35754,7 +38737,8 @@ "members":{ "MaximumRetryAttempts":{ "shape":"MaximumRetryAttempts", - "documentation":"

    The number of times to retry the job. When the job is retried, it's SecondaryStatus is changed to STARTING.

    " + "documentation":"

    The number of times to retry the job. When the job is retried, it's SecondaryStatus is changed to STARTING.

    ", + "box":true } }, "documentation":"

    The retry strategy to use when a training job fails due to an InternalServerError. RetryStrategy is specified as part of the CreateTrainingJob and CreateHyperParameterTuningJob requests. You can add the StoppingCondition parameter to the request to limit the training time for the complete job.

    " @@ -35763,7 +38747,22 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$" + "pattern":"arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" + }, + "RollingDeploymentPolicy":{ + "type":"structure", + "required":["MaximumBatchSize"], + "members":{ + "MaximumBatchSize":{ + "shape":"CapacitySizeConfig", + "documentation":"

    The maximum amount of instances in the cluster that SageMaker can update at a time.

    " + }, + "RollbackMaximumBatchSize":{ + "shape":"CapacitySizeConfig", + "documentation":"

    The maximum amount of instances in the cluster that SageMaker can roll back at a time.

    " + } + }, + "documentation":"

    The configurations that SageMaker uses when updating the AMI versions.

    " }, "RollingUpdatePolicy":{ "type":"structure", @@ -35845,7 +38844,7 @@ "members":{ "S3DataType":{ "shape":"S3DataType", - "documentation":"

    If you choose S3Prefix, S3Uri identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training.

    If you choose ManifestFile, S3Uri identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training.

    If you choose AugmentedManifestFile, S3Uri identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. AugmentedManifestFile can only be used if the Channel's input mode is Pipe.

    " + "documentation":"

    If you choose S3Prefix, S3Uri identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training.

    If you choose ManifestFile, S3Uri identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training.

    If you choose AugmentedManifestFile, S3Uri identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. AugmentedManifestFile can only be used if the Channel's input mode is Pipe.

    If you choose Converse, S3Uri identifies an Amazon S3 location that contains data formatted according to Converse format. This format structures conversational messages with specific roles and content types used for training and fine-tuning foundational models.

    " }, "S3Uri":{ "shape":"S3Uri", @@ -35862,6 +38861,11 @@ "InstanceGroupNames":{ "shape":"InstanceGroupNames", "documentation":"

    A list of names of instance groups that get data from the S3 data source.

    " + }, + "ModelAccessConfig":{"shape":"ModelAccessConfig"}, + "HubAccessConfig":{ + "shape":"HubAccessConfig", + "documentation":"

    The configuration for a private hub model reference that points to a SageMaker JumpStart public hub model.

    " } }, "documentation":"

    Describes the S3 data source.

    Your input bucket must be in the same Amazon Web Services region as your training job.

    " @@ -35871,9 +38875,36 @@ "enum":[ "ManifestFile", "S3Prefix", - "AugmentedManifestFile" + "AugmentedManifestFile", + "Converse" ] }, + "S3FileSystem":{ + "type":"structure", + "required":["S3Uri"], + "members":{ + "S3Uri":{ + "shape":"S3SchemaUri", + "documentation":"

    The Amazon S3 URI that specifies the location in S3 where files are stored, which is mounted within the Studio environment. For example: s3://<bucket-name>/<prefix>/.

    " + } + }, + "documentation":"

    A custom file system in Amazon S3. This is only supported in Amazon SageMaker Unified Studio.

    " + }, + "S3FileSystemConfig":{ + "type":"structure", + "required":["S3Uri"], + "members":{ + "MountPath":{ + "shape":"String1024", + "documentation":"

    The file system path where the Amazon S3 storage location will be mounted within the Amazon SageMaker Studio environment.

    " + }, + "S3Uri":{ + "shape":"S3SchemaUri", + "documentation":"

    The Amazon S3 URI of the S3 file system configuration.

    " + } + }, + "documentation":"

    Configuration for the custom Amazon S3 file system.

    " + }, "S3ModelDataSource":{ "type":"structure", "required":[ @@ -35927,12 +38958,14 @@ "S3ModelUri":{ "type":"string", "max":1024, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "S3OutputPath":{ "type":"string", "max":1024, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "S3Presign":{ "type":"structure", @@ -35944,6 +38977,12 @@ }, "documentation":"

    This object defines the access restrictions to Amazon S3 resources that are included in custom worker task templates using the Liquid filter, grant_read_access.

    To learn more about how custom templates are created, see Create custom worker task templates.

    " }, + "S3SchemaUri":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"(s3)://([^/]+)/?(.*)" + }, "S3StorageConfig":{ "type":"structure", "required":["S3Uri"], @@ -35966,7 +39005,8 @@ "S3Uri":{ "type":"string", "max":1024, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "SageMakerImageName":{ "type":"string", @@ -35976,7 +39016,7 @@ "type":"string", "max":128, "min":1, - "pattern":"(?!^[.-])^([a-zA-Z0-9-_.]+)$" + "pattern":"(?!^[.-])^([a-zA-Z0-9-_.]+)" }, "SageMakerImageVersionAliases":{ "type":"list", @@ -35985,7 +39025,8 @@ "SageMakerPublicHubContentArn":{ "type":"string", "max":255, - "pattern":"^arn:[a-z0-9-\\.]{1,63}:sagemaker:\\w+(?:-\\w+)+:aws:hub-content\\/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}\\/Model\\/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}$" + "min":0, + "pattern":"arn:[a-z0-9-\\.]{1,63}:sagemaker:\\w+(?:-\\w+)+:aws:hub-content\\/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}\\/Model\\/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" }, "SageMakerResourceName":{ "type":"string", @@ -36010,10 +39051,11 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9_-]+$" + "pattern":"[a-zA-Z0-9_-]+" }, "SamplingPercentage":{ "type":"integer", + "box":true, "max":100, "min":0 }, @@ -36037,11 +39079,13 @@ "members":{ "InvocationsPerInstance":{ "shape":"Integer", - "documentation":"

    The number of invocations sent to a model, normalized by InstanceCount in each ProductionVariant. 1/numberOfInstances is sent as the value on each request, where numberOfInstances is the number of active instances for the ProductionVariant behind the endpoint at the time of the request.

    " + "documentation":"

    The number of invocations sent to a model, normalized by InstanceCount in each ProductionVariant. 1/numberOfInstances is sent as the value on each request, where numberOfInstances is the number of active instances for the ProductionVariant behind the endpoint at the time of the request.

    ", + "box":true }, "ModelLatency":{ "shape":"Integer", - "documentation":"

    The interval of time taken by a model to respond as viewed from SageMaker. This interval includes the local communication times taken to send the request and to fetch the response from the container of a model and the time taken to complete the inference in the container.

    " + "documentation":"

    The interval of time taken by a model to respond as viewed from SageMaker. This interval includes the local communication times taken to send the request and to fetch the response from the container of a model and the time taken to complete the inference in the container.

    ", + "box":true } }, "documentation":"

    The metric for a scaling policy.

    " @@ -36051,11 +39095,13 @@ "members":{ "MinInvocationsPerMinute":{ "shape":"Integer", - "documentation":"

    The minimum number of expected requests to your endpoint per minute.

    " + "documentation":"

    The minimum number of expected requests to your endpoint per minute.

    ", + "box":true }, "MaxInvocationsPerMinute":{ "shape":"Integer", - "documentation":"

    The maximum number of expected requests to your endpoint per minute.

    " + "documentation":"

    The maximum number of expected requests to your endpoint per minute.

    ", + "box":true } }, "documentation":"

    An object where you specify the anticipated traffic pattern for an endpoint.

    " @@ -36093,6 +39139,21 @@ "Stopped" ] }, + "ScheduledUpdateConfig":{ + "type":"structure", + "required":["ScheduleExpression"], + "members":{ + "ScheduleExpression":{ + "shape":"CronScheduleExpression", + "documentation":"

    A cron expression that specifies the schedule that SageMaker follows when updating the AMI.

    " + }, + "DeploymentConfig":{ + "shape":"DeploymentConfiguration", + "documentation":"

    The configuration to use when updating the AMI versions.

    " + } + }, + "documentation":"

    The configuration object of the schedule that SageMaker follows when updating the AMI.

    " + }, "SchedulerConfig":{ "type":"structure", "members":{ @@ -36127,7 +39188,8 @@ "Scope":{ "type":"string", "max":1024, - "pattern":"^[!#-\\[\\]-~]+( [!#-\\[\\]-~]+)*$" + "min":0, + "pattern":"[!#-\\[\\]-~]+( [!#-\\[\\]-~]+)*" }, "SearchExpression":{ "type":"structure", @@ -36181,6 +39243,10 @@ "ModelPackageGroup":{"shape":"ModelPackageGroup"}, "Pipeline":{"shape":"Pipeline"}, "PipelineExecution":{"shape":"PipelineExecution"}, + "PipelineVersion":{ + "shape":"PipelineVersion", + "documentation":"

    The version of the pipeline.

    " + }, "FeatureGroup":{"shape":"FeatureGroup"}, "FeatureMetadata":{ "shape":"FeatureMetadata", @@ -36228,8 +39294,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "box":true + "documentation":"

    The maximum number of results to return.

    " }, "CrossAccountFilterOption":{ "shape":"CrossAccountFilterOption", @@ -36251,6 +39316,10 @@ "NextToken":{ "shape":"NextToken", "documentation":"

    If the result of the previous Search request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request.

    " + }, + "TotalHits":{ + "shape":"TotalHits", + "documentation":"

    The total number of matching results.

    " } } }, @@ -36268,8 +39337,7 @@ "SearchTrainingPlanOfferingsRequest":{ "type":"structure", "required":[ - "InstanceType", - "InstanceCount", + "DurationHours", "TargetResources" ], "members":{ @@ -36279,7 +39347,16 @@ }, "InstanceCount":{ "shape":"ReservedCapacityInstanceCount", - "documentation":"

    The number of instances you want to reserve in the training plan offerings. This allows you to specify the quantity of compute resources needed for your SageMaker training jobs or SageMaker HyperPod clusters, helping you find reserved capacity offerings that match your requirements.

    " + "documentation":"

    The number of instances you want to reserve in the training plan offerings. This allows you to specify the quantity of compute resources needed for your SageMaker training jobs or SageMaker HyperPod clusters, helping you find reserved capacity offerings that match your requirements.

    ", + "box":true + }, + "UltraServerType":{ + "shape":"UltraServerType", + "documentation":"

    The type of UltraServer to search for, such as ml.u-p6e-gb200x72.

    " + }, + "UltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The number of UltraServers to search for.

    " }, "StartTimeAfter":{ "shape":"Timestamp", @@ -36370,12 +39447,14 @@ "SecurityGroupId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "SecurityGroupIds":{ "type":"list", "member":{"shape":"SecurityGroupId"}, - "max":5 + "max":5, + "min":0 }, "Seed":{"type":"long"}, "SelectedStep":{ @@ -36478,16 +39557,19 @@ }, "ServerlessMaxConcurrency":{ "type":"integer", + "box":true, "max":200, "min":1 }, "ServerlessMemorySizeInMB":{ "type":"integer", + "box":true, "max":6144, "min":1024 }, "ServerlessProvisionedConcurrency":{ "type":"integer", + "box":true, "max":200, "min":1 }, @@ -36495,7 +39577,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^[a-zA-Z0-9_\\-]*" + "pattern":"[a-zA-Z0-9_\\-]*" }, "ServiceCatalogProvisionedProductDetails":{ "type":"structure", @@ -36560,9 +39642,15 @@ }, "SessionExpirationDurationInSeconds":{ "type":"integer", + "box":true, "max":43200, "min":1800 }, + "SessionId":{ + "type":"string", + "max":256, + "min":1 + }, "ShadowModeConfig":{ "type":"structure", "required":[ @@ -36594,7 +39682,8 @@ }, "SamplingPercentage":{ "shape":"Percentage", - "documentation":"

    The percentage of inference requests that Amazon SageMaker replicates from the production variant to the shadow variant.

    " + "documentation":"

    The percentage of inference requests that Amazon SageMaker replicates from the production variant to the shadow variant.

    ", + "box":true } }, "documentation":"

    The name and sampling percentage of a shadow variant.

    " @@ -36636,14 +39725,15 @@ "members":{ "Seed":{ "shape":"Seed", - "documentation":"

    Determines the shuffling order in ShuffleConfig value.

    " + "documentation":"

    Determines the shuffling order in ShuffleConfig value.

    ", + "box":true } }, "documentation":"

    A configuration for a shuffle option for input data in a channel. If you use S3Prefix for S3DataType, the results of the S3 key prefix matches are shuffled. If you use ManifestFile, the order of the S3 object references in the ManifestFile is shuffled. If you use AugmentedManifestFile, the order of the JSON lines in the AugmentedManifestFile is shuffled. The shuffling order is determined using the Seed value.

    For Pipe input mode, when ShuffleConfig is specified shuffling is done at the start of every epoch. With large datasets, this ensures that the order of the training data is different for each epoch, and it helps reduce bias and possible overfitting. In a multi-node training job when ShuffleConfig is combined with S3DataDistributionType of ShardedByS3Key, the data is shuffled across nodes so that the content sent to a particular node on the first epoch might be sent to a different node on the second epoch.

    " }, "SingleSignOnApplicationArn":{ "type":"string", - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::[0-9]+:application\\/[a-zA-Z0-9-_.]+\\/apl-[a-zA-Z0-9]+$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::[0-9]+:application\\/[a-zA-Z0-9-_.]+\\/apl-[a-zA-Z0-9]+" }, "SingleSignOnUserIdentifier":{ "type":"string", @@ -36659,8 +39749,20 @@ "SnsTopicArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:aws[a-z\\-]*:sns:[a-z0-9\\-]*:[0-9]{12}:[a-zA-Z0-9_.-]+" }, + "SoftwareUpdateStatus":{ + "type":"string", + "enum":[ + "Pending", + "InProgress", + "Succeeded", + "Failed", + "RollbackInProgress", + "RollbackComplete" + ] + }, "SortActionsBy":{ "type":"string", "enum":[ @@ -36832,7 +39934,8 @@ }, "SourceType":{ "type":"string", - "max":128 + "max":128, + "min":0 }, "SourceUri":{ "type":"string", @@ -36853,6 +39956,7 @@ "SpaceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:space/.*" }, "SpaceCodeEditorAppSettings":{ @@ -36910,6 +40014,7 @@ }, "SpaceEbsVolumeSizeInGb":{ "type":"integer", + "box":true, "max":16384, "min":5 }, @@ -36945,7 +40050,8 @@ "SpaceName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "SpaceSettings":{ "type":"structure", @@ -36968,9 +40074,17 @@ "shape":"SpaceStorageSettings", "documentation":"

    The storage settings for a space.

    " }, + "SpaceManagedResources":{ + "shape":"FeatureStatus", + "documentation":"

    If you enable this option, SageMaker AI creates the following resources on your behalf when you create the space:

    • The user profile that possesses the space.

    • The app that the space contains.

    " + }, "CustomFileSystems":{ "shape":"CustomFileSystems", "documentation":"

    A file system, created by you, that you assign to a space for an Amazon SageMaker AI Domain. Permitted users can access this file system in Amazon SageMaker AI Studio.

    " + }, + "RemoteAccess":{ + "shape":"FeatureStatus", + "documentation":"

    A setting that enables or disables remote access for a SageMaker space. When enabled, this allows you to connect to the remote space from your local IDE.

    " } }, "documentation":"

    A collection of space settings.

    " @@ -36982,6 +40096,10 @@ "shape":"AppType", "documentation":"

    The type of app created within the space.

    " }, + "RemoteAccess":{ + "shape":"FeatureStatus", + "documentation":"

    A setting that enables or disables remote access for a SageMaker space. When enabled, this allows you to connect to the remote space from your local IDE.

    " + }, "SpaceStorageSettings":{ "shape":"SpaceStorageSettings", "documentation":"

    The storage settings for a space.

    " @@ -37039,8 +40157,14 @@ }, "documentation":"

    The storage settings for a space.

    " }, + "SpareInstanceCountPerUltraServer":{ + "type":"integer", + "box":true, + "min":0 + }, "SpawnRate":{ "type":"integer", + "box":true, "min":0 }, "SplitType":{ @@ -37056,7 +40180,7 @@ "type":"string", "max":1024, "min":0, - "pattern":"^.{0,1024}$" + "pattern":".{0,1024}" }, "StageStatus":{ "type":"string", @@ -37200,6 +40324,10 @@ "SelectiveExecutionConfig":{ "shape":"SelectiveExecutionConfig", "documentation":"

    The selective execution configuration applied to the pipeline run.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version to start execution from.

    " } } }, @@ -37212,6 +40340,33 @@ } } }, + "StartSessionRequest":{ + "type":"structure", + "required":["ResourceIdentifier"], + "members":{ + "ResourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to which the remote connection will be established. For example, this identifies the specific ARN space application you want to connect to from your local IDE.

    " + } + } + }, + "StartSessionResponse":{ + "type":"structure", + "members":{ + "SessionId":{ + "shape":"SessionId", + "documentation":"

    A unique identifier for the established remote connection session.

    " + }, + "StreamUrl":{ + "shape":"StreamUrl", + "documentation":"

    A WebSocket URL used to establish a SSH connection between the local IDE and remote SageMaker space.

    " + }, + "TokenValue":{ + "shape":"TokenValue", + "documentation":"

    An encrypted token value containing session and caller information.

    " + } + } + }, "Statistic":{ "type":"string", "enum":[ @@ -37225,6 +40380,7 @@ "StatusDetails":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "StatusMessage":{"type":"string"}, @@ -37243,7 +40399,8 @@ "StepName":{ "type":"string", "max":64, - "pattern":"^[A-Za-z0-9\\-_]*$" + "min":0, + "pattern":"[A-Za-z0-9\\-_]*" }, "StepStatus":{ "type":"string", @@ -37483,7 +40640,8 @@ "members":{ "MaxRuntimeInSeconds":{ "shape":"MaxRuntimeInSeconds", - "documentation":"

    The maximum length of time, in seconds, that a training or compilation job can run before it is stopped.

    For compilation jobs, if the job does not complete during this time, a TimeOut error is generated. We recommend starting with 900 seconds and increasing as necessary based on your model.

    For all other jobs, if the job does not complete during this time, SageMaker ends the job. When RetryStrategy is specified in the job request, MaxRuntimeInSeconds specifies the maximum time for all of the attempts in total, not each individual attempt. The default value is 1 day. The maximum value is 28 days.

    The maximum time that a TrainingJob can run in total, including any time spent publishing metrics or archiving and uploading models after it has been stopped, is 30 days.

    " + "documentation":"

    The maximum length of time, in seconds, that a training or compilation job can run before it is stopped.

    For compilation jobs, if the job does not complete during this time, a TimeOut error is generated. We recommend starting with 900 seconds and increasing as necessary based on your model.

    For all other jobs, if the job does not complete during this time, SageMaker ends the job. When RetryStrategy is specified in the job request, MaxRuntimeInSeconds specifies the maximum time for all of the attempts in total, not each individual attempt. The default value is 1 day. The maximum value is 28 days.

    The maximum time that a TrainingJob can run in total, including any time spent publishing metrics or archiving and uploading models after it has been stopped, is 30 days.

    ", + "box":true }, "MaxWaitTimeInSeconds":{ "shape":"MaxWaitTimeInSeconds", @@ -37491,7 +40649,7 @@ }, "MaxPendingTimeInSeconds":{ "shape":"MaxPendingTimeInSeconds", - "documentation":"

    The maximum length of time, in seconds, that a training or compilation job can be pending before it is stopped.

    " + "documentation":"

    The maximum length of time, in seconds, that a training or compilation job can be pending before it is stopped.

    When working with training jobs that use capacity from training plans, not all Pending job states count against the MaxPendingTimeInSeconds limit. The following scenarios do not increment the MaxPendingTimeInSeconds counter:

    • The plan is in a Scheduled state: Jobs queued (in Pending status) before a plan's start date (waiting for scheduled start time)

    • Between capacity reservations: Jobs temporarily back to Pending status between two capacity reservation periods

    MaxPendingTimeInSeconds only increments when jobs are actively waiting for capacity in an Active plan.

    " } }, "documentation":"

    Specifies a limit to how long a job can run. When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.

    To stop a training job, SageMaker sends the algorithm the SIGTERM signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.

    The training algorithms provided by SageMaker automatically save the intermediate results of a model training job when possible. This attempt to save artifacts is only a best effort case as model might not be in a state from which it can be saved. For example, if training has just started, the model might not be ready to save. When saved, this intermediate data is a valid model artifact. You can use it to create a model with CreateModel.

    The Neural Topic Model (NTM) currently does not support saving intermediate model artifacts. When training NTMs, make sure that the maximum runtime is sufficient for the training job to complete.

    " @@ -37503,14 +40661,17 @@ "InMemory" ] }, + "StreamUrl":{"type":"string"}, "String":{"type":"string"}, "String1024":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "String128":{ "type":"string", - "max":128 + "max":128, + "min":0 }, "String200":{ "type":"string", @@ -37520,31 +40681,38 @@ }, "String2048":{ "type":"string", - "max":2048 + "max":2048, + "min":0 }, "String256":{ "type":"string", - "max":256 + "max":256, + "min":0 }, "String3072":{ "type":"string", - "max":3072 + "max":3072, + "min":0 }, "String40":{ "type":"string", - "max":40 + "max":40, + "min":0 }, "String64":{ "type":"string", - "max":64 + "max":64, + "min":0 }, "String8192":{ "type":"string", - "max":8192 + "max":8192, + "min":0 }, "StringParameterValue":{ "type":"string", "max":2500, + "min":0, "pattern":".*" }, "StudioLifecycleConfigAppType":{ @@ -37559,7 +40727,8 @@ "StudioLifecycleConfigArn":{ "type":"string", "max":256, - "pattern":"^(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:studio-lifecycle-config/.*|None)$" + "min":0, + "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:studio-lifecycle-config/.*|None)" }, "StudioLifecycleConfigContent":{ "type":"string", @@ -37596,7 +40765,8 @@ "StudioLifecycleConfigName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "StudioLifecycleConfigSortKey":{ "type":"string", @@ -37642,6 +40812,7 @@ "SubnetId":{ "type":"string", "max":32, + "min":0, "pattern":"[-0-9a-zA-Z]+" }, "Subnets":{ @@ -37725,7 +40896,8 @@ }, "GenerateCandidateDefinitionsOnly":{ "shape":"GenerateCandidateDefinitionsOnly", - "documentation":"

    Generates possible candidates without training the models. A model candidate is a combination of data preprocessors, algorithms, and algorithm parameter settings.

    " + "documentation":"

    Generates possible candidates without training the models. A model candidate is a combination of data preprocessors, algorithms, and algorithm parameter settings.

    ", + "box":true }, "ProblemType":{ "shape":"ProblemType", @@ -37774,7 +40946,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TagKeyList":{ "type":"list", @@ -37799,12 +40971,17 @@ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TargetAttributeName":{ "type":"string", "min":1 }, + "TargetCount":{ + "type":"integer", + "box":true, + "min":0 + }, "TargetDevice":{ "type":"string", "enum":[ @@ -37852,7 +41029,10 @@ "max":256, "min":1 }, - "TargetObjectiveMetricValue":{"type":"float"}, + "TargetObjectiveMetricValue":{ + "type":"float", + "box":true + }, "TargetPlatform":{ "type":"structure", "required":[ @@ -37910,17 +41090,20 @@ }, "TargetValue":{ "shape":"Double", - "documentation":"

    The recommended target value to specify for the metric when creating a scaling policy.

    " + "documentation":"

    The recommended target value to specify for the metric when creating a scaling policy.

    ", + "box":true } }, "documentation":"

    A target tracking scaling policy. Includes support for predefined or customized metrics.

    When using the PutScalingPolicy API, this parameter is required when you are creating a policy with the policy type TargetTrackingScaling.

    " }, "TaskAvailabilityLifetimeInSeconds":{ "type":"integer", + "box":true, "min":60 }, "TaskCount":{ "type":"integer", + "box":true, "min":0 }, "TaskDescription":{ @@ -37939,7 +41122,7 @@ "type":"string", "max":30, "min":1, - "pattern":"^[A-Za-z0-9]+( [A-Za-z0-9]+)*$" + "pattern":"[A-Za-z0-9]+( [A-Za-z0-9]+)*" }, "TaskKeywords":{ "type":"list", @@ -37949,13 +41132,14 @@ }, "TaskTimeLimitInSeconds":{ "type":"integer", + "box":true, "min":30 }, "TaskTitle":{ "type":"string", "max":128, "min":1, - "pattern":"^[\\t\\n\\r -\\uD7FF\\uE000-\\uFFFD]*$" + "pattern":"[\\t\\n\\r -\\uD7FF\\uE000-\\uFFFD]*" }, "TemplateContent":{ "type":"string", @@ -37968,6 +41152,22 @@ "max":128000, "min":1 }, + "TemplateProviderDetail":{ + "type":"structure", + "members":{ + "CfnTemplateProviderDetail":{ + "shape":"CfnTemplateProviderDetail", + "documentation":"

    Details about a CloudFormation template provider configuration and associated provisioning information.

    " + } + }, + "documentation":"

    Details about a template provider configuration and associated provisioning information.

    " + }, + "TemplateProviderDetailList":{ + "type":"list", + "member":{"shape":"TemplateProviderDetail"}, + "max":1, + "min":1 + }, "TemplateUrl":{ "type":"string", "max":2048, @@ -38005,6 +41205,7 @@ }, "TerminationWaitInSeconds":{ "type":"integer", + "box":true, "max":3600, "min":0 }, @@ -38033,12 +41234,14 @@ "TextGenerationHyperParameterKey":{ "type":"string", "max":32, - "pattern":"^[a-zA-Z0-9._-]+$" + "min":0, + "pattern":"[a-zA-Z0-9._-]+" }, "TextGenerationHyperParameterValue":{ "type":"string", "max":16, - "pattern":"^[a-zA-Z0-9._-]+$" + "min":0, + "pattern":"[a-zA-Z0-9._-]+" }, "TextGenerationHyperParameters":{ "type":"map", @@ -38079,6 +41282,7 @@ "ThingName":{ "type":"string", "max":128, + "min":0, "pattern":"[a-zA-Z0-9:_-]+" }, "ThroughputConfig":{ @@ -38246,20 +41450,50 @@ "max":256, "min":1 }, + "TokenValue":{ + "type":"string", + "max":1024, + "min":0 + }, + "TotalHits":{ + "type":"structure", + "members":{ + "Value":{ + "shape":"Long", + "documentation":"

    The total number of matching results. This value may be exact or an estimate, depending on the Relation field.

    ", + "box":true + }, + "Relation":{ + "shape":"Relation", + "documentation":"

    Indicates the relationship between the returned Value and the actual total number of matching results. Possible values are:

    • EqualTo: The Value is the exact count of matching results.

    • GreaterThanOrEqualTo: The Value is a lower bound of the actual count of matching results.

    " + } + }, + "documentation":"

    Represents the total number of matching results and indicates how accurate that count is.

    The Value field provides the count, which may be exact or estimated. The Relation field indicates whether it's an exact figure or a lower bound. This helps understand the full scope of search results, especially when dealing with large result sets.

    " + }, "TotalInstanceCount":{ "type":"integer", + "box":true, "min":0 }, "TrackingServerArn":{ "type":"string", "max":2048, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:mlflow-tracking-server/.*" }, + "TrackingServerMaintenanceStatus":{ + "type":"string", + "enum":[ + "MaintenanceInProgress", + "MaintenanceComplete", + "MaintenanceFailed" + ] + }, "TrackingServerName":{ "type":"string", "max":256, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,255}" }, "TrackingServerSize":{ "type":"string", @@ -38333,10 +41567,12 @@ }, "TrackingServerUrl":{ "type":"string", - "max":2048 + "max":2048, + "min":0 }, "TrafficDurationInSeconds":{ "type":"integer", + "box":true, "min":1 }, "TrafficPattern":{ @@ -38401,6 +41637,7 @@ "TrainingContainerArgument":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "TrainingContainerArguments":{ @@ -38418,22 +41655,26 @@ "TrainingContainerEntrypointString":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "TrainingEnvironmentKey":{ "type":"string", "max":512, + "min":0, "pattern":"[a-zA-Z_][a-zA-Z0-9_]*" }, "TrainingEnvironmentMap":{ "type":"map", "key":{"shape":"TrainingEnvironmentKey"}, "value":{"shape":"TrainingEnvironmentValue"}, - "max":100 + "max":100, + "min":0 }, "TrainingEnvironmentValue":{ "type":"string", "max":512, + "min":0, "pattern":"[\\S\\s]*" }, "TrainingImageConfig":{ @@ -38574,7 +41815,37 @@ "ml.r5.8xlarge", "ml.r5.12xlarge", "ml.r5.16xlarge", - "ml.r5.24xlarge" + "ml.r5.24xlarge", + "ml.p6-b200.48xlarge", + "ml.m7i.large", + "ml.m7i.xlarge", + "ml.m7i.2xlarge", + "ml.m7i.4xlarge", + "ml.m7i.8xlarge", + "ml.m7i.12xlarge", + "ml.m7i.16xlarge", + "ml.m7i.24xlarge", + "ml.m7i.48xlarge", + "ml.c7i.large", + "ml.c7i.xlarge", + "ml.c7i.2xlarge", + "ml.c7i.4xlarge", + "ml.c7i.8xlarge", + "ml.c7i.12xlarge", + "ml.c7i.16xlarge", + "ml.c7i.24xlarge", + "ml.c7i.48xlarge", + "ml.r7i.large", + "ml.r7i.xlarge", + "ml.r7i.2xlarge", + "ml.r7i.4xlarge", + "ml.r7i.8xlarge", + "ml.r7i.12xlarge", + "ml.r7i.16xlarge", + "ml.r7i.24xlarge", + "ml.r7i.48xlarge", + "ml.p6e-gb200.36xlarge", + "ml.p5.4xlarge" ] }, "TrainingInstanceTypes":{ @@ -38678,15 +41949,18 @@ }, "EnableNetworkIsolation":{ "shape":"Boolean", - "documentation":"

    If the TrainingJob was created with network isolation, the value is set to true. If network isolation is enabled, nodes can't communicate beyond the VPC they run in.

    " + "documentation":"

    If the TrainingJob was created with network isolation, the value is set to true. If network isolation is enabled, nodes can't communicate beyond the VPC they run in.

    ", + "box":true }, "EnableInterContainerTrafficEncryption":{ "shape":"Boolean", - "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training.

    " + "documentation":"

    To encrypt all communications between ML compute instances in distributed training, choose True. Encryption provides greater security for distributed training, but training might take longer. How long it takes depends on the amount of communication between compute instances, especially if you use a deep learning algorithm in distributed training.

    ", + "box":true }, "EnableManagedSpotTraining":{ "shape":"Boolean", - "documentation":"

    When true, enables managed spot training using Amazon EC2 Spot instances to run training jobs instead of on-demand instances. For more information, see Managed Spot Training.

    " + "documentation":"

    When true, enables managed spot training using Amazon EC2 Spot instances to run training jobs instead of on-demand instances. For more information, see Managed Spot Training.

    ", + "box":true }, "CheckpointConfig":{"shape":"CheckpointConfig"}, "TrainingTimeInSeconds":{ @@ -38727,7 +42001,8 @@ "TrainingJobArn":{ "type":"string", "max":256, - "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:training-job/.*" + "min":0, + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:training-job/[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "TrainingJobDefinition":{ "type":"structure", @@ -38774,7 +42049,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "TrainingJobSortByOptions":{ "type":"string", @@ -38792,7 +42067,8 @@ "Completed", "Failed", "Stopping", - "Stopped" + "Stopped", + "Deleting" ] }, "TrainingJobStatusCounter":{ @@ -38804,23 +42080,28 @@ "members":{ "Completed":{ "shape":"TrainingJobStatusCounter", - "documentation":"

    The number of completed training jobs launched by the hyperparameter tuning job.

    " + "documentation":"

    The number of completed training jobs launched by the hyperparameter tuning job.

    ", + "box":true }, "InProgress":{ "shape":"TrainingJobStatusCounter", - "documentation":"

    The number of in-progress training jobs launched by a hyperparameter tuning job.

    " + "documentation":"

    The number of in-progress training jobs launched by a hyperparameter tuning job.

    ", + "box":true }, "RetryableError":{ "shape":"TrainingJobStatusCounter", - "documentation":"

    The number of training jobs that failed, but can be retried. A failed training job can be retried only if it failed because an internal service error occurred.

    " + "documentation":"

    The number of training jobs that failed, but can be retried. A failed training job can be retried only if it failed because an internal service error occurred.

    ", + "box":true }, "NonRetryableError":{ "shape":"TrainingJobStatusCounter", - "documentation":"

    The number of training jobs that failed and can't be retried. A failed training job can't be retried if it failed because a client error occurred.

    " + "documentation":"

    The number of training jobs that failed and can't be retried. A failed training job can't be retried if it failed because a client error occurred.

    ", + "box":true }, "Stopped":{ "shape":"TrainingJobStatusCounter", - "documentation":"

    The number of training jobs launched by a hyperparameter tuning job that were manually stopped.

    " + "documentation":"

    The number of training jobs launched by a hyperparameter tuning job that were manually stopped.

    ", + "box":true } }, "documentation":"

    The numbers of training jobs launched by a hyperparameter tuning job, categorized by status.

    " @@ -38899,16 +42180,19 @@ }, "TrainingPlanDurationHours":{ "type":"long", + "box":true, "max":87600, "min":0 }, "TrainingPlanDurationHoursInput":{ "type":"long", + "box":true, "max":87600, "min":1 }, "TrainingPlanDurationMinutes":{ "type":"long", + "box":true, "max":59, "min":0 }, @@ -38944,7 +42228,7 @@ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}" }, "TrainingPlanOffering":{ "type":"structure", @@ -38996,7 +42280,7 @@ "type":"string", "max":256, "min":1, - "pattern":"^[a-z0-9\\-]+$" + "pattern":"[a-z0-9\\-]+" }, "TrainingPlanOfferings":{ "type":"list", @@ -39097,6 +42381,10 @@ "shape":"InUseInstanceCount", "documentation":"

    The number of instances currently in use from this training plan.

    " }, + "TotalUltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The total number of UltraServers allocated to this training plan.

    " + }, "TargetResources":{ "shape":"SageMakerResourceNames", "documentation":"

    The target resources (e.g., training jobs, HyperPod clusters) that can use this training plan.

    Training plans are specific to their target resource.

    • A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.

    • A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.

    " @@ -39158,7 +42446,8 @@ }, "SupportsDistributedTraining":{ "shape":"Boolean", - "documentation":"

    Indicates whether the algorithm supports distributed training. If set to false, buyers can't request more than one instance during training.

    " + "documentation":"

    Indicates whether the algorithm supports distributed training. If set to false, buyers can't request more than one instance during training.

    ", + "box":true }, "MetricDefinitions":{ "shape":"MetricDefinitionList", @@ -39181,8 +42470,15 @@ }, "TrainingTimeInSeconds":{ "type":"integer", + "box":true, "min":1 }, + "TransformAmiVersion":{ + "type":"string", + "max":63, + "min":1, + "pattern":"[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*" + }, "TransformDataSource":{ "type":"structure", "required":["S3DataSource"], @@ -39197,17 +42493,20 @@ "TransformEnvironmentKey":{ "type":"string", "max":1024, + "min":0, "pattern":"[a-zA-Z_][a-zA-Z0-9_]{0,1023}" }, "TransformEnvironmentMap":{ "type":"map", "key":{"shape":"TransformEnvironmentKey"}, "value":{"shape":"TransformEnvironmentValue"}, - "max":16 + "max":16, + "min":0 }, "TransformEnvironmentValue":{ "type":"string", "max":10240, + "min":0, "pattern":"[\\S\\s]*" }, "TransformInput":{ @@ -39235,6 +42534,7 @@ }, "TransformInstanceCount":{ "type":"integer", + "box":true, "min":1 }, "TransformInstanceType":{ @@ -39339,7 +42639,15 @@ "ml.inf2.xlarge", "ml.inf2.8xlarge", "ml.inf2.24xlarge", - "ml.inf2.48xlarge" + "ml.inf2.48xlarge", + "ml.g6.xlarge", + "ml.g6.2xlarge", + "ml.g6.4xlarge", + "ml.g6.8xlarge", + "ml.g6.12xlarge", + "ml.g6.16xlarge", + "ml.g6.24xlarge", + "ml.g6.48xlarge" ] }, "TransformInstanceTypes":{ @@ -39423,6 +42731,7 @@ "TransformJobArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:transform-job/.*" }, "TransformJobDefinition":{ @@ -39468,7 +42777,7 @@ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "TransformJobStatus":{ "type":"string", @@ -39575,6 +42884,10 @@ "VolumeKmsKeyId":{ "shape":"KmsKeyId", "documentation":"

    The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that Amazon SageMaker uses to encrypt model data on the storage volume attached to the ML compute instance(s) that run the batch transform job.

    Certain Nitro-based instances include local storage, dependent on the instance type. Local storage volumes are encrypted using a hardware module on the instance. You can't request a VolumeKmsKeyId when using an instance type with local storage.

    For a list of instance types that support local instance storage, see Instance Store Volumes.

    For more information about local instance storage encryption, see SSD Instance Store Volumes.

    The VolumeKmsKeyId can be any of the following formats:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • Key ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    • Alias name: alias/ExampleAlias

    • Alias name ARN: arn:aws:kms:us-west-2:111122223333:alias/ExampleAlias

    " + }, + "TransformAmiVersion":{ + "shape":"TransformAmiVersion", + "documentation":"

    Specifies an option from a collection of preconfigured Amazon Machine Image (AMI) images. Each image is configured by Amazon Web Services with a set of software and driver versions.

    al2-ami-sagemaker-batch-gpu-470

    • Accelerator: GPU

    • NVIDIA driver version: 470

    al2-ami-sagemaker-batch-gpu-535

    • Accelerator: GPU

    • NVIDIA driver version: 535

    " } }, "documentation":"

    Describes the resources, including ML instance types and ML instance count, to use for transform job.

    " @@ -39650,6 +42963,7 @@ "TrialArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:experiment-trial/.*" }, "TrialComponent":{ @@ -39736,6 +43050,7 @@ "TrialComponentArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:experiment-trial-component/.*" }, "TrialComponentArtifact":{ @@ -39756,27 +43071,32 @@ "TrialComponentArtifactValue":{ "type":"string", "max":2048, + "min":0, "pattern":".*" }, "TrialComponentArtifacts":{ "type":"map", "key":{"shape":"TrialComponentKey128"}, "value":{"shape":"TrialComponentArtifact"}, - "max":60 + "max":60, + "min":0 }, "TrialComponentKey128":{ "type":"string", "max":128, + "min":0, "pattern":".*" }, "TrialComponentKey256":{ "type":"string", "max":256, + "min":0, "pattern":".*" }, "TrialComponentKey320":{ "type":"string", "max":320, + "min":0, "pattern":".*" }, "TrialComponentMetricSummaries":{ @@ -39843,7 +43163,8 @@ "type":"map", "key":{"shape":"TrialComponentKey320"}, "value":{"shape":"TrialComponentParameterValue"}, - "max":300 + "max":300, + "min":0 }, "TrialComponentPrimaryStatus":{ "type":"string", @@ -39897,6 +43218,7 @@ "TrialComponentSourceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:.*" }, "TrialComponentSourceDetail":{ @@ -39942,6 +43264,7 @@ "TrialComponentStatusMessage":{ "type":"string", "max":1024, + "min":0, "pattern":".*" }, "TrialComponentSummaries":{ @@ -40013,6 +43336,7 @@ "TrialSourceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:.*" }, "TrialSummaries":{ @@ -40046,6 +43370,17 @@ }, "documentation":"

    A summary of the properties of a trial. To get the complete set of properties, call the DescribeTrial API and provide the TrialName.

    " }, + "TrustedIdentityPropagationSettings":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"FeatureStatus", + "documentation":"

    The status of Trusted Identity Propagation (TIP) at the SageMaker domain level.

    When disabled, standard IAM role-based access is used.

    When enabled:

    • User identities from IAM Identity Center are propagated through the application to TIP enabled Amazon Web Services services.

    • New applications or existing applications that are automatically patched, will use the domain level configuration.

    " + } + }, + "documentation":"

    The Trusted Identity Propagation (TIP) settings for the SageMaker domain. These settings determine how user identities from IAM Identity Center are propagated through the domain to TIP enabled Amazon Web Services services.

    " + }, "TtlDuration":{ "type":"structure", "members":{ @@ -40072,6 +43407,7 @@ }, "TtlDurationValue":{ "type":"integer", + "box":true, "min":1 }, "TuningJobCompletionCriteria":{ @@ -40107,15 +43443,18 @@ "members":{ "Dollars":{ "shape":"Dollars", - "documentation":"

    The whole number of dollars in the amount.

    " + "documentation":"

    The whole number of dollars in the amount.

    ", + "box":true }, "Cents":{ "shape":"Cents", - "documentation":"

    The fractional portion, in cents, of the amount.

    " + "documentation":"

    The fractional portion, in cents, of the amount.

    ", + "box":true }, "TenthFractionsOfACent":{ "shape":"TenthFractionsOfACent", - "documentation":"

    Fractions of a cent, in tenths.

    " + "documentation":"

    Fractions of a cent, in tenths.

    ", + "box":true } }, "documentation":"

    Represents an amount of money in United States dollars.

    " @@ -40161,9 +43500,187 @@ }, "Uid":{ "type":"long", + "box":true, "max":4000000, "min":10000 }, + "UltraServer":{ + "type":"structure", + "required":[ + "UltraServerId", + "UltraServerType", + "AvailabilityZone", + "InstanceType", + "TotalInstanceCount" + ], + "members":{ + "UltraServerId":{ + "shape":"NonEmptyString256", + "documentation":"

    The unique identifier for the UltraServer.

    " + }, + "UltraServerType":{ + "shape":"UltraServerType", + "documentation":"

    The type of UltraServer, such as ml.u-p6e-gb200x72.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    The name of the Availability Zone where the UltraServer is provisioned.

    " + }, + "InstanceType":{ + "shape":"ReservedCapacityInstanceType", + "documentation":"

    The Amazon EC2 instance type used in the UltraServer.

    " + }, + "TotalInstanceCount":{ + "shape":"TotalInstanceCount", + "documentation":"

    The total number of instances in this UltraServer.

    " + }, + "ConfiguredSpareInstanceCount":{ + "shape":"ConfiguredSpareInstanceCount", + "documentation":"

    The number of spare instances configured for this UltraServer to provide enhanced resiliency.

    " + }, + "AvailableInstanceCount":{ + "shape":"AvailableInstanceCount", + "documentation":"

    The number of instances currently available for use in this UltraServer.

    " + }, + "InUseInstanceCount":{ + "shape":"InUseInstanceCount", + "documentation":"

    The number of instances currently in use in this UltraServer.

    " + }, + "AvailableSpareInstanceCount":{ + "shape":"AvailableSpareInstanceCount", + "documentation":"

    The number of available spare instances in the UltraServer.

    " + }, + "UnhealthyInstanceCount":{ + "shape":"UnhealthyInstanceCount", + "documentation":"

    The number of instances in this UltraServer that are currently in an unhealthy state.

    " + }, + "HealthStatus":{ + "shape":"UltraServerHealthStatus", + "documentation":"

    The overall health status of the UltraServer.

    " + } + }, + "documentation":"

    Represents a high-performance compute server used for distributed training in SageMaker AI. An UltraServer consists of multiple instances within a shared NVLink interconnect domain.

    " + }, + "UltraServerCount":{ + "type":"integer", + "box":true, + "min":1 + }, + "UltraServerHealthStatus":{ + "type":"string", + "enum":[ + "OK", + "Impaired", + "Insufficient-Data" + ] + }, + "UltraServerInfo":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"String", + "documentation":"

    The unique identifier of the UltraServer.

    " + } + }, + "documentation":"

    Contains information about the UltraServer object.

    " + }, + "UltraServerSummary":{ + "type":"structure", + "required":[ + "UltraServerType", + "InstanceType" + ], + "members":{ + "UltraServerType":{ + "shape":"UltraServerType", + "documentation":"

    The type of UltraServer, such as ml.u-p6e-gb200x72.

    " + }, + "InstanceType":{ + "shape":"ReservedCapacityInstanceType", + "documentation":"

    The Amazon EC2 instance type used in the UltraServer.

    " + }, + "UltraServerCount":{ + "shape":"UltraServerCount", + "documentation":"

    The number of UltraServers of this type.

    " + }, + "AvailableSpareInstanceCount":{ + "shape":"AvailableSpareInstanceCount", + "documentation":"

    The number of available spare instances in the UltraServers.

    " + }, + "UnhealthyInstanceCount":{ + "shape":"UnhealthyInstanceCount", + "documentation":"

    The total number of instances across all UltraServers of this type that are currently in an unhealthy state.

    " + } + }, + "documentation":"

    A summary of UltraServer resources and their current status.

    " + }, + "UltraServerType":{ + "type":"string", + "max":64, + "min":1, + "pattern":"ml.[a-z0-9\\-.]+" + }, + "UltraServers":{ + "type":"list", + "member":{"shape":"UltraServer"}, + "max":100, + "min":0 + }, + "UnhealthyInstanceCount":{ + "type":"integer", + "box":true, + "min":0 + }, + "UnifiedStudioDomainId":{ + "type":"string", + "pattern":"dzd[-_][a-zA-Z0-9_-]{1,36}" + }, + "UnifiedStudioEnvironmentId":{ + "type":"string", + "pattern":"[a-zA-Z0-9_-]{1,36}" + }, + "UnifiedStudioProjectId":{ + "type":"string", + "pattern":"[a-zA-Z0-9_-]{1,36}" + }, + "UnifiedStudioSettings":{ + "type":"structure", + "members":{ + "StudioWebPortalAccess":{ + "shape":"FeatureStatus", + "documentation":"

    Sets whether you can access the domain in Amazon SageMaker Studio:

    ENABLED

    You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.

    DISABLED

    You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.

    To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.

    " + }, + "DomainAccountId":{ + "shape":"AccountId", + "documentation":"

    The ID of the Amazon Web Services account that has the Amazon SageMaker Unified Studio domain. The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.

    " + }, + "DomainRegion":{ + "shape":"RegionName", + "documentation":"

    The Amazon Web Services Region where the domain is located in Amazon SageMaker Unified Studio. The default value, if you don't specify a Region, is the Region where the Amazon SageMaker AI domain is located.

    " + }, + "DomainId":{ + "shape":"UnifiedStudioDomainId", + "documentation":"

    The ID of the Amazon SageMaker Unified Studio domain associated with this domain.

    " + }, + "ProjectId":{ + "shape":"UnifiedStudioProjectId", + "documentation":"

    The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.

    " + }, + "EnvironmentId":{ + "shape":"UnifiedStudioEnvironmentId", + "documentation":"

    The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.

    " + }, + "ProjectS3Path":{ + "shape":"S3Uri", + "documentation":"

    The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.

    " + }, + "SingleSignOnApplicationArn":{ + "shape":"SingleSignOnApplicationArn", + "documentation":"

    The ARN of the Amazon DataZone application managed by Amazon SageMaker Unified Studio in the Amazon Web Services IAM Identity Center.

    " + } + }, + "documentation":"

    The settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.

    " + }, "UpdateActionRequest":{ "type":"structure", "required":["ActionName"], @@ -40263,10 +43780,7 @@ }, "UpdateClusterRequest":{ "type":"structure", - "required":[ - "ClusterName", - "InstanceGroups" - ], + "required":["ClusterName"], "members":{ "ClusterName":{ "shape":"ClusterNameOrArn", @@ -40276,9 +43790,33 @@ "shape":"ClusterInstanceGroupSpecifications", "documentation":"

    Specify the instance groups to update.

    " }, + "RestrictedInstanceGroups":{ + "shape":"ClusterRestrictedInstanceGroupSpecifications", + "documentation":"

    The specialized instance groups for training models like Amazon Nova to be created in the SageMaker HyperPod cluster.

    " + }, + "TieredStorageConfig":{ + "shape":"ClusterTieredStorageConfig", + "documentation":"

    Updates the configuration for managed tier checkpointing on the HyperPod cluster. For example, you can enable or disable the feature and modify the percentage of cluster memory allocated for checkpoint storage.

    " + }, "NodeRecovery":{ "shape":"ClusterNodeRecovery", "documentation":"

    The node recovery mode to be applied to the SageMaker HyperPod cluster.

    " + }, + "InstanceGroupsToDelete":{ + "shape":"ClusterInstanceGroupsToDelete", + "documentation":"

    Specify the names of the instance groups to delete. Use a single , as the separator between multiple names.

    " + }, + "NodeProvisioningMode":{ + "shape":"ClusterNodeProvisioningMode", + "documentation":"

    Determines how instance provisioning is handled during cluster operations. In Continuous mode, the cluster provisions available instances incrementally and retries until the target count is reached. The cluster becomes operational once cluster-level resources are ready. Use CurrentCount and TargetCount in DescribeCluster to track provisioning progress.

    " + }, + "ClusterRole":{ + "shape":"RoleArn", + "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that HyperPod assumes for cluster autoscaling operations. Cannot be updated while autoscaling is enabled.

    " + }, + "AutoScaling":{ + "shape":"ClusterAutoScalingConfig", + "documentation":"

    Updates the autoscaling configuration for the cluster. Use to enable or disable automatic node scaling.

    " } } }, @@ -40305,7 +43843,8 @@ }, "TargetVersion":{ "shape":"Integer", - "documentation":"

    Target version.

    " + "documentation":"

    Target version.

    ", + "box":true }, "SchedulerConfig":{ "shape":"SchedulerConfig", @@ -40330,10 +43869,28 @@ }, "ClusterSchedulerConfigVersion":{ "shape":"Integer", - "documentation":"

    Version of the cluster policy.

    " + "documentation":"

    Version of the cluster policy.

    ", + "box":true } } }, + "UpdateClusterSoftwareInstanceGroupSpecification":{ + "type":"structure", + "required":["InstanceGroupName"], + "members":{ + "InstanceGroupName":{ + "shape":"ClusterInstanceGroupName", + "documentation":"

    The name of the instance group to update.

    " + } + }, + "documentation":"

    The configuration that describes specifications of the instance groups to update.

    " + }, + "UpdateClusterSoftwareInstanceGroups":{ + "type":"list", + "member":{"shape":"UpdateClusterSoftwareInstanceGroupSpecification"}, + "max":100, + "min":1 + }, "UpdateClusterSoftwareRequest":{ "type":"structure", "required":["ClusterName"], @@ -40341,6 +43898,18 @@ "ClusterName":{ "shape":"ClusterNameOrArn", "documentation":"

    Specify the name or the Amazon Resource Name (ARN) of the SageMaker HyperPod cluster you want to update for security patching.

    " + }, + "InstanceGroups":{ + "shape":"UpdateClusterSoftwareInstanceGroups", + "documentation":"

    The array of instance groups for which to update AMI versions.

    " + }, + "DeploymentConfig":{ + "shape":"DeploymentConfiguration", + "documentation":"

    The configuration to use when updating the AMI versions.

    " + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"

    When configuring your HyperPod cluster, you can specify an image ID using one of the following options:

    • HyperPodPublicAmiId: Use a HyperPod public AMI

    • CustomAmiId: Use your custom AMI

    • default: Use the default latest system image

    If you choose to use a custom AMI (CustomAmiId), ensure it meets the following requirements:

    • Encryption: The custom AMI must be unencrypted.

    • Ownership: The custom AMI must be owned by the same Amazon Web Services account that is creating the HyperPod cluster.

    • Volume support: Only the primary AMI snapshot volume is supported; additional AMI volumes are not supported.

    When updating the instance group's AMI through the UpdateClusterSoftware operation, if an instance group uses a custom AMI, you must provide an ImageId or use the default as input. Note that if you don't specify an instance group in your UpdateClusterSoftware request, then all of the instance groups are patched with the specified image.

    " } } }, @@ -40391,7 +43960,8 @@ }, "TargetVersion":{ "shape":"Integer", - "documentation":"

    Target version.

    " + "documentation":"

    Target version.

    ", + "box":true }, "ComputeQuotaConfig":{ "shape":"ComputeQuotaConfig", @@ -40424,7 +43994,8 @@ }, "ComputeQuotaVersion":{ "shape":"Integer", - "documentation":"

    Version of the compute allocation definition.

    " + "documentation":"

    Version of the compute allocation definition.

    ", + "box":true } } }, @@ -40540,6 +44111,10 @@ "TagPropagation":{ "shape":"TagPropagation", "documentation":"

    Indicates whether custom tag propagation is supported for the domain. Defaults to DISABLED.

    " + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"

    The identifier for the VPC used by the domain for network communication. Use this field only when adding VPC configuration to a SageMaker AI domain used in Amazon SageMaker Unified Studio that was created without VPC settings. SageMaker AI doesn't automatically apply VPC updates to existing applications. Stop and restart your applications to apply the changes.

    " } } }, @@ -40569,7 +44144,8 @@ }, "RetainAllVariantProperties":{ "shape":"Boolean", - "documentation":"

    When updating endpoint resources, enables or disables the retention of variant properties, such as the instance count or the variant weight. To retain the variant properties of an endpoint when updating it, set RetainAllVariantProperties to true. To use the variant properties specified in a new EndpointConfig call when updating an endpoint, set RetainAllVariantProperties to false. The default is false.

    " + "documentation":"

    When updating endpoint resources, enables or disables the retention of variant properties, such as the instance count or the variant weight. To retain the variant properties of an endpoint when updating it, set RetainAllVariantProperties to true. To use the variant properties specified in a new EndpointConfig call when updating an endpoint, set RetainAllVariantProperties to false. The default is false.

    ", + "box":true }, "ExcludeRetainedVariantProperties":{ "shape":"VariantPropertyList", @@ -40581,7 +44157,8 @@ }, "RetainDeploymentConfig":{ "shape":"Boolean", - "documentation":"

    Specifies whether to reuse the last deployment configuration. The default value is false (the configuration is not reused).

    " + "documentation":"

    Specifies whether to reuse the last deployment configuration. The default value is false (the configuration is not reused).

    ", + "box":true } } }, @@ -40707,6 +44284,113 @@ } } }, + "UpdateHubContentReferenceRequest":{ + "type":"structure", + "required":[ + "HubName", + "HubContentName", + "HubContentType" + ], + "members":{ + "HubName":{ + "shape":"HubNameOrArn", + "documentation":"

    The name of the SageMaker hub that contains the hub content you want to update. You can optionally use the hub ARN instead.

    " + }, + "HubContentName":{ + "shape":"HubContentName", + "documentation":"

    The name of the hub content resource that you want to update.

    " + }, + "HubContentType":{ + "shape":"HubContentType", + "documentation":"

    The content type of the resource that you want to update. Only specify a ModelReference resource for this API. To update a Model or Notebook resource, use the UpdateHubContent API instead.

    " + }, + "MinVersion":{ + "shape":"HubContentVersion", + "documentation":"

    The minimum hub content version of the referenced model that you want to use. The minimum version must be older than the latest available version of the referenced model. To support all versions of a model, set the value to 1.0.0.

    " + } + } + }, + "UpdateHubContentReferenceResponse":{ + "type":"structure", + "required":[ + "HubArn", + "HubContentArn" + ], + "members":{ + "HubArn":{ + "shape":"HubArn", + "documentation":"

    The ARN of the private model hub that contains the updated hub content.

    " + }, + "HubContentArn":{ + "shape":"HubContentArn", + "documentation":"

    The ARN of the hub content resource that was updated.

    " + } + } + }, + "UpdateHubContentRequest":{ + "type":"structure", + "required":[ + "HubName", + "HubContentName", + "HubContentType", + "HubContentVersion" + ], + "members":{ + "HubName":{ + "shape":"HubNameOrArn", + "documentation":"

    The name of the SageMaker hub that contains the hub content you want to update. You can optionally use the hub ARN instead.

    " + }, + "HubContentName":{ + "shape":"HubContentName", + "documentation":"

    The name of the hub content resource that you want to update.

    " + }, + "HubContentType":{ + "shape":"HubContentType", + "documentation":"

    The content type of the resource that you want to update. Only specify a Model or Notebook resource for this API. To update a ModelReference, use the UpdateHubContentReference API instead.

    " + }, + "HubContentVersion":{ + "shape":"HubContentVersion", + "documentation":"

    The hub content version that you want to update. For example, if you have two versions of a resource in your hub, you can update the second version.

    " + }, + "HubContentDisplayName":{ + "shape":"HubContentDisplayName", + "documentation":"

    The display name of the hub content.

    " + }, + "HubContentDescription":{ + "shape":"HubContentDescription", + "documentation":"

    The description of the hub content.

    " + }, + "HubContentMarkdown":{ + "shape":"HubContentMarkdown", + "documentation":"

    A string that provides a description of the hub content. This string can include links, tables, and standard markdown formatting.

    " + }, + "HubContentSearchKeywords":{ + "shape":"HubContentSearchKeywordList", + "documentation":"

    The searchable keywords of the hub content.

    " + }, + "SupportStatus":{ + "shape":"HubContentSupportStatus", + "documentation":"

    Indicates the current status of the hub content resource.

    " + } + } + }, + "UpdateHubContentResponse":{ + "type":"structure", + "required":[ + "HubArn", + "HubContentArn" + ], + "members":{ + "HubArn":{ + "shape":"HubArn", + "documentation":"

    The ARN of the private model hub that contains the updated hub content.

    " + }, + "HubContentArn":{ + "shape":"HubContentArn", + "documentation":"

    The ARN of the hub content resource that was updated.

    " + } + } + }, "UpdateHubRequest":{ "type":"structure", "required":["HubName"], @@ -40820,7 +44504,8 @@ }, "Horovod":{ "shape":"Horovod", - "documentation":"

    Indicates Horovod compatibility.

    " + "documentation":"

    Indicates Horovod compatibility.

    ", + "box":true }, "ReleaseNotes":{ "shape":"ReleaseNotes", @@ -40852,6 +44537,10 @@ "RuntimeConfig":{ "shape":"InferenceComponentRuntimeConfig", "documentation":"

    Runtime settings for a model that is deployed with an inference component.

    " + }, + "DeploymentConfig":{ + "shape":"InferenceComponentDeploymentConfig", + "documentation":"

    The deployment configuration for the inference component. The configuration contains the desired deployment strategy and rollback settings.

    " } } }, @@ -40950,7 +44639,8 @@ }, "AutomaticModelRegistration":{ "shape":"Boolean", - "documentation":"

    Whether to enable or disable automatic registration of new MLflow models to the SageMaker Model Registry. To enable automatic model registration, set this value to True. To disable automatic model registration, set this value to False. If not specified, AutomaticModelRegistration defaults to False

    " + "documentation":"

    Whether to enable or disable automatic registration of new MLflow models to the SageMaker Model Registry. To enable automatic model registration, set this value to True. To disable automatic model registration, set this value to False. If not specified, AutomaticModelRegistration defaults to False

    ", + "box":true }, "WeeklyMaintenanceWindowStart":{ "shape":"WeeklyMaintenanceWindowStart", @@ -41135,6 +44825,14 @@ "shape":"InstanceType", "documentation":"

    The Amazon ML compute instance type.

    " }, + "IpAddressType":{ + "shape":"IPAddressType", + "documentation":"

    The IP address type for the notebook instance. Specify ipv4 for IPv4-only connectivity or dualstack for both IPv4 and IPv6 connectivity. The notebook instance must be stopped before updating this setting. When you specify dualstack, the subnet must support IPv6 addressing.

    " + }, + "PlatformIdentifier":{ + "shape":"PlatformIdentifier", + "documentation":"

    The platform identifier of the notebook instance runtime environment.

    " + }, "RoleArn":{ "shape":"RoleArn", "documentation":"

    The Amazon Resource Name (ARN) of the IAM role that SageMaker AI can assume to access the notebook instance. For more information, see SageMaker AI Roles.

    To be able to pass this role to SageMaker AI, the caller of this API must have the iam:PassRole permission.

    " @@ -41145,7 +44843,8 @@ }, "DisassociateLifecycleConfig":{ "shape":"DisassociateNotebookInstanceLifecycleConfig", - "documentation":"

    Set to true to remove the notebook instance lifecycle configuration currently associated with the notebook instance. This operation is idempotent. If you specify a lifecycle configuration that is not associated with the notebook instance when you call this method, it does not throw an error.

    " + "documentation":"

    Set to true to remove the notebook instance lifecycle configuration currently associated with the notebook instance. This operation is idempotent. If you specify a lifecycle configuration that is not associated with the notebook instance when you call this method, it does not throw an error.

    ", + "box":true }, "VolumeSizeInGB":{ "shape":"NotebookInstanceVolumeSizeInGB", @@ -41165,15 +44864,18 @@ }, "DisassociateAcceleratorTypes":{ "shape":"DisassociateNotebookInstanceAcceleratorTypes", - "documentation":"

    This parameter is no longer supported. Elastic Inference (EI) is no longer available.

    This parameter was used to specify a list of the EI instance types to remove from this notebook instance.

    " + "documentation":"

    This parameter is no longer supported. Elastic Inference (EI) is no longer available.

    This parameter was used to specify a list of the EI instance types to remove from this notebook instance.

    ", + "box":true }, "DisassociateDefaultCodeRepository":{ "shape":"DisassociateDefaultCodeRepository", - "documentation":"

    The name or URL of the default Git repository to remove from this notebook instance. This operation is idempotent. If you specify a Git repository that is not associated with the notebook instance when you call this method, it does not throw an error.

    " + "documentation":"

    The name or URL of the default Git repository to remove from this notebook instance. This operation is idempotent. If you specify a Git repository that is not associated with the notebook instance when you call this method, it does not throw an error.

    ", + "box":true }, "DisassociateAdditionalCodeRepositories":{ "shape":"DisassociateAdditionalCodeRepositories", - "documentation":"

    A list of names or URLs of the default Git repositories to remove from this notebook instance. This operation is idempotent. If you specify a Git repository that is not associated with the notebook instance when you call this method, it does not throw an error.

    " + "documentation":"

    A list of names or URLs of the default Git repositories to remove from this notebook instance. This operation is idempotent. If you specify a Git repository that is not associated with the notebook instance when you call this method, it does not throw an error.

    ", + "box":true }, "RootAccess":{ "shape":"RootAccess", @@ -41205,13 +44907,11 @@ }, "UpdateNotebookInstanceLifecycleConfigOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateNotebookInstanceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePartnerAppRequest":{ "type":"structure", @@ -41329,6 +45029,48 @@ "PipelineArn":{ "shape":"PipelineArn", "documentation":"

    The Amazon Resource Name (ARN) of the updated pipeline.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version.

    " + } + } + }, + "UpdatePipelineVersionRequest":{ + "type":"structure", + "required":[ + "PipelineArn", + "PipelineVersionId" + ], + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The pipeline version ID to update.

    " + }, + "PipelineVersionDisplayName":{ + "shape":"PipelineVersionName", + "documentation":"

    The display name of the pipeline version.

    " + }, + "PipelineVersionDescription":{ + "shape":"PipelineVersionDescription", + "documentation":"

    The description of the pipeline version.

    " + } + } + }, + "UpdatePipelineVersionResponse":{ + "type":"structure", + "members":{ + "PipelineArn":{ + "shape":"PipelineArn", + "documentation":"

    The Amazon Resource Name (ARN) of the pipeline.

    " + }, + "PipelineVersionId":{ + "shape":"PipelineVersionId", + "documentation":"

    The ID of the pipeline version.

    " } } }, @@ -41351,6 +45093,10 @@ "Tags":{ "shape":"TagList", "documentation":"

    An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see Tagging Amazon Web Services Resources. In addition, the project must have tag update constraints set in order to include this parameter in the request. For more information, see Amazon Web Services Service Catalog Tag Update Constraints.

    " + }, + "TemplateProvidersToUpdate":{ + "shape":"UpdateTemplateProviderList", + "documentation":"

    The template providers to update in the project.

    " } } }, @@ -41398,6 +45144,22 @@ } } }, + "UpdateTemplateProvider":{ + "type":"structure", + "members":{ + "CfnTemplateProvider":{ + "shape":"CfnUpdateTemplateProvider", + "documentation":"

    The CloudFormation template provider configuration to update.

    " + } + }, + "documentation":"

    Contains configuration details for updating an existing template provider in the project.

    " + }, + "UpdateTemplateProviderList":{ + "type":"list", + "member":{"shape":"UpdateTemplateProvider"}, + "max":1, + "min":1 + }, "UpdateTrainingJobRequest":{ "type":"structure", "required":["TrainingJobName"], @@ -41565,6 +45327,10 @@ "WorkforceVpcConfig":{ "shape":"WorkforceVpcConfigRequest", "documentation":"

    Use this parameter to update your VPC configuration for a workforce.

    " + }, + "IpAddressType":{ + "shape":"WorkforceIpAddressType", + "documentation":"

    Use this parameter to specify whether you want IPv4 only or dualstack (IPv4 and IPv6) to support your labeling workforce.

    " } } }, @@ -41617,7 +45383,8 @@ "Url":{ "type":"string", "max":1024, - "pattern":"^(https|s3)://([^/]+)/?(.*)$" + "min":0, + "pattern":"(https|s3)://([^/]+)/?(.*)" }, "UserContext":{ "type":"structure", @@ -41639,11 +45406,12 @@ "documentation":"

    The IAM Identity details associated with the user. These details are associated with model package groups, model packages, and project entities only.

    " } }, - "documentation":"

    Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card.

    " + "documentation":"

    Information about the user who created or modified a SageMaker resource.

    " }, "UserProfileArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:user-profile/.*" }, "UserProfileDetails":{ @@ -41679,7 +45447,8 @@ "UserProfileName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "UserProfileSortKey":{ "type":"string", @@ -41780,27 +45549,38 @@ }, "UsersPerStep":{ "type":"integer", + "box":true, "max":3, "min":1 }, "UtilizationMetric":{ "type":"float", + "box":true, "min":0.0 }, "UtilizationPercentagePerCore":{ "type":"integer", + "box":true, "max":100, "min":1 }, + "VCpuAmount":{ + "type":"float", + "box":true, + "max":10000000, + "min":0 + }, "ValidationFraction":{ "type":"float", + "box":true, "max":1, "min":0 }, "VariantName":{ "type":"string", "max":63, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "min":0, + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "VariantProperty":{ "type":"structure", @@ -41839,10 +45619,12 @@ }, "VariantStatusMessage":{ "type":"string", - "max":1024 + "max":1024, + "min":0 }, "VariantWeight":{ "type":"float", + "box":true, "min":0 }, "VectorConfig":{ @@ -41868,7 +45650,8 @@ "VersionAliasesList":{ "type":"list", "member":{"shape":"ImageVersionAliasPattern"}, - "max":20 + "max":20, + "min":0 }, "VersionId":{ "type":"string", @@ -41880,7 +45663,7 @@ "type":"string", "max":176, "min":1, - "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:[a-z\\-]*\\/)?([a-zA-Z0-9]([a-zA-Z0-9-]){0,62})(?The reason your workforce failed.

    " + }, + "IpAddressType":{ + "shape":"WorkforceIpAddressType", + "documentation":"

    The IP address type you specify - either IPv4 only or dualstack (IPv4 and IPv6) - to support your labeling workforce.

    " } }, "documentation":"

    A single private workforce, which is automatically created when you create your first private work team. You can create one private work force in each Amazon Web Services Region. By default, any workforce-related API operation used in a specific region will apply to the workforce created in that region. To learn how to create a private workforce, see Create a Private Workforce.

    " @@ -42084,6 +45904,7 @@ "WorkforceArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:workforce/.*" }, "WorkforceFailureReason":{ @@ -42092,16 +45913,24 @@ "min":1, "pattern":".+" }, + "WorkforceIpAddressType":{ + "type":"string", + "enum":[ + "ipv4", + "dualstack" + ] + }, "WorkforceName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9]([a-zA-Z0-9\\-]){0,62}$" + "pattern":"[a-zA-Z0-9]([a-zA-Z0-9\\-]){0,62}" }, "WorkforceSecurityGroupId":{ "type":"string", "max":32, - "pattern":"^sg-[0-9a-z]*$" + "min":0, + "pattern":"sg-[0-9a-z]*" }, "WorkforceSecurityGroupIds":{ "type":"list", @@ -42122,7 +45951,8 @@ "WorkforceSubnetId":{ "type":"string", "max":32, - "pattern":"^subnet-[0-9a-z]*$" + "min":0, + "pattern":"subnet-[0-9a-z]*" }, "WorkforceSubnets":{ "type":"list", @@ -42179,12 +46009,13 @@ "type":"string", "max":255, "min":1, - "pattern":"^vpce-[0-9a-z]*$" + "pattern":"vpce-[0-9a-z]*" }, "WorkforceVpcId":{ "type":"string", "max":32, - "pattern":"^vpc-[0-9a-z]*$" + "min":0, + "pattern":"vpc-[0-9a-z]*" }, "Workforces":{ "type":"list", @@ -42263,13 +46094,14 @@ "WorkteamArn":{ "type":"string", "max":256, + "min":0, "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:workteam/.*" }, "WorkteamName":{ "type":"string", "max":63, "min":1, - "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}" }, "Workteams":{ "type":"list", diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/waiters-2.json 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/waiters-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker/2017-07-24/waiters-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker/2017-07-24/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,311 +1,260 @@ { - "version": 2, - "waiters": { - "NotebookInstanceInService": { - "delay": 30, - "maxAttempts": 60, - "operation": "DescribeNotebookInstance", - "acceptors": [ - { - "expected": "InService", - "matcher": "path", - "state": "success", - "argument": "NotebookInstanceStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "NotebookInstanceStatus" - } - ] - }, - "NotebookInstanceStopped": { - "delay": 30, - "operation": "DescribeNotebookInstance", - "maxAttempts": 60, - "acceptors": [ - { - "expected": "Stopped", - "matcher": "path", - "state": "success", - "argument": "NotebookInstanceStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "NotebookInstanceStatus" - } - ] - }, - "NotebookInstanceDeleted": { - "delay": 30, - "maxAttempts": 60, - "operation": "DescribeNotebookInstance", - "acceptors": [ - { - "expected": "ValidationException", - "matcher": "error", - "state": "success" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "NotebookInstanceStatus" - } - ] - }, - "TrainingJobCompletedOrStopped": { - "delay": 120, - "maxAttempts": 180, - "operation": "DescribeTrainingJob", - "acceptors": [ - { - "expected": "Completed", - "matcher": "path", - "state": "success", - "argument": "TrainingJobStatus" - }, - { - "expected": "Stopped", - "matcher": "path", - "state": "success", - "argument": "TrainingJobStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "TrainingJobStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "EndpointInService": { - "delay": 30, - "maxAttempts": 120, - "operation": "DescribeEndpoint", - "acceptors": [ - { - "expected": "InService", - "matcher": "path", - "state": "success", - "argument": "EndpointStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "EndpointStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "EndpointDeleted": { - "delay": 30, - "maxAttempts": 60, - "operation": "DescribeEndpoint", - "acceptors": [ - { - "expected": "ValidationException", - "matcher": "error", - "state": "success" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "EndpointStatus" - } - ] - }, - "TransformJobCompletedOrStopped": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeTransformJob", - "acceptors": [ - { - "expected": "Completed", - "matcher": "path", - "state": "success", - "argument": "TransformJobStatus" - }, - { - "expected": "Stopped", - "matcher": "path", - "state": "success", - "argument": "TransformJobStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "TransformJobStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ProcessingJobCompletedOrStopped": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeProcessingJob", - "acceptors": [ - { - "expected": "Completed", - "matcher": "path", - "state": "success", - "argument": "ProcessingJobStatus" - }, - { - "expected": "Stopped", - "matcher": "path", - "state": "success", - "argument": "ProcessingJobStatus" - }, - { - "expected": "Failed", - "matcher": "path", - "state": "failure", - "argument": "ProcessingJobStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ImageCreated": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeImage", - "acceptors": [ - { - "expected": "CREATED", - "matcher": "path", - "state": "success", - "argument": "ImageStatus" - }, - { - "expected": "CREATE_FAILED", - "matcher": "path", - "state": "failure", - "argument": "ImageStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ImageUpdated": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeImage", - "acceptors": [ - { - "expected": "CREATED", - "matcher": "path", - "state": "success", - "argument": "ImageStatus" - }, - { - "expected": "UPDATE_FAILED", - "matcher": "path", - "state": "failure", - "argument": "ImageStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ImageDeleted": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeImage", - "acceptors": [ - { - "expected": "ResourceNotFoundException", - "matcher": "error", - "state": "success" - }, - { - "expected": "DELETE_FAILED", - "matcher": "path", - "state": "failure", - "argument": "ImageStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ImageVersionCreated": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeImageVersion", - "acceptors": [ - { - "expected": "CREATED", - "matcher": "path", - "state": "success", - "argument": "ImageVersionStatus" - }, - { - "expected": "CREATE_FAILED", - "matcher": "path", - "state": "failure", - "argument": "ImageVersionStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] - }, - "ImageVersionDeleted": { - "delay": 60, - "maxAttempts": 60, - "operation": "DescribeImageVersion", - "acceptors": [ - { - "expected": "ResourceNotFoundException", - "matcher": "error", - "state": "success" - }, - { - "expected": "DELETE_FAILED", - "matcher": "path", - "state": "failure", - "argument": "ImageVersionStatus" - }, - { - "expected": "ValidationException", - "matcher": "error", - "state": "failure" - } - ] + "version" : 2, + "waiters" : { + "EndpointDeleted" : { + "delay" : 30, + "maxAttempts" : 60, + "operation" : "DescribeEndpoint", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ValidationException" + }, { + "matcher" : "path", + "argument" : "EndpointStatus", + "state" : "failure", + "expected" : "Failed" + } ] + }, + "EndpointInService" : { + "delay" : 30, + "maxAttempts" : 120, + "operation" : "DescribeEndpoint", + "acceptors" : [ { + "matcher" : "path", + "argument" : "EndpointStatus", + "state" : "success", + "expected" : "InService" + }, { + "matcher" : "path", + "argument" : "EndpointStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "ImageCreated" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeImage", + "acceptors" : [ { + "matcher" : "path", + "argument" : "ImageStatus", + "state" : "success", + "expected" : "CREATED" + }, { + "matcher" : "path", + "argument" : "ImageStatus", + "state" : "failure", + "expected" : "CREATE_FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "ImageDeleted" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeImage", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + }, { + "matcher" : "path", + "argument" : "ImageStatus", + "state" : "failure", + "expected" : "DELETE_FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "ImageUpdated" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeImage", + "acceptors" : [ { + "matcher" : "path", + "argument" : "ImageStatus", + "state" : "success", + "expected" : "CREATED" + }, { + "matcher" : "path", + "argument" : "ImageStatus", + "state" : "failure", + "expected" : "UPDATE_FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "ImageVersionCreated" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeImageVersion", + "acceptors" : [ { + "matcher" : "path", + "argument" : "ImageVersionStatus", + "state" : "success", + "expected" : "CREATED" + }, { + "matcher" : "path", + "argument" : "ImageVersionStatus", + "state" : "failure", + "expected" : "CREATE_FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "ImageVersionDeleted" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeImageVersion", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ResourceNotFoundException" + }, { + "matcher" : "path", + "argument" : "ImageVersionStatus", + "state" : "failure", + "expected" : "DELETE_FAILED" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "NotebookInstanceDeleted" : { + "delay" : 30, + "maxAttempts" : 60, + "operation" : "DescribeNotebookInstance", + "acceptors" : [ { + "matcher" : "error", + "state" : "success", + "expected" : "ValidationException" + }, { + "matcher" : "path", + "argument" : "NotebookInstanceStatus", + "state" : "failure", + "expected" : "Failed" + } ] + }, + "NotebookInstanceInService" : { + "delay" : 30, + "maxAttempts" : 60, + "operation" : "DescribeNotebookInstance", + "acceptors" : [ { + "matcher" : "path", + "argument" : "NotebookInstanceStatus", + "state" : "success", + "expected" : "InService" + }, { + "matcher" : "path", + "argument" : "NotebookInstanceStatus", + "state" : "failure", + "expected" : "Failed" + } ] + }, + "NotebookInstanceStopped" : { + "delay" : 30, + "maxAttempts" : 60, + "operation" : "DescribeNotebookInstance", + "acceptors" : [ { + "matcher" : "path", + "argument" : "NotebookInstanceStatus", + "state" : "success", + "expected" : "Stopped" + }, { + "matcher" : "path", + "argument" : "NotebookInstanceStatus", + "state" : "failure", + "expected" : "Failed" + } ] + }, + "ProcessingJobCompletedOrStopped" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeProcessingJob", + "acceptors" : [ { + "matcher" : "path", + "argument" : "ProcessingJobStatus", + "state" : "success", + "expected" : "Completed" + }, { + "matcher" : "path", + "argument" : "ProcessingJobStatus", + "state" : "success", + "expected" : "Stopped" + }, { + "matcher" : "path", + "argument" : "ProcessingJobStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "TrainingJobCompletedOrStopped" : { + "delay" : 120, + "maxAttempts" : 180, + "operation" : "DescribeTrainingJob", + "acceptors" : [ { + "matcher" : "path", + "argument" : "TrainingJobStatus", + "state" : "success", + "expected" : "Completed" + }, { + "matcher" : "path", + "argument" : "TrainingJobStatus", + "state" : "success", + "expected" : "Stopped" + }, { + "matcher" : "path", + "argument" : "TrainingJobStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] + }, + "TransformJobCompletedOrStopped" : { + "delay" : 60, + "maxAttempts" : 60, + "operation" : "DescribeTransformJob", + "acceptors" : [ { + "matcher" : "path", + "argument" : "TransformJobStatus", + "state" : "success", + "expected" : "Completed" + }, { + "matcher" : "path", + "argument" : "TransformJobStatus", + "state" : "success", + "expected" : "Stopped" + }, { + "matcher" : "path", + "argument" : "TransformJobStatus", + "state" : "failure", + "expected" : "Failed" + }, { + "matcher" : "error", + "state" : "failure", + "expected" : "ValidationException" + } ] } } -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/service-2.json 2.31.35-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/service-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-a2i-runtime/2019-11-07/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -4,11 +4,13 @@ "apiVersion":"2019-11-07", "endpointPrefix":"a2i-runtime.sagemaker", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Augmented AI Runtime", "serviceId":"SageMaker A2I Runtime", "signatureVersion":"v4", "signingName":"sagemaker", - "uid":"sagemaker-a2i-runtime-2019-11-07" + "uid":"sagemaker-a2i-runtime-2019-11-07", + "auth":["aws.auth#sigv4"] }, "operations":{ "DeleteHumanLoop":{ @@ -129,8 +131,7 @@ }, "DeleteHumanLoopResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeHumanLoopRequest":{ "type":"structure", @@ -433,8 +434,7 @@ }, "StopHumanLoopResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{"type":"string"}, "ThrottlingException":{ diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-edge/2020-09-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-edge/2020-09-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-edge/2020-09-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-edge/2020-09-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-edge/2020-09-23/service-2.json 2.31.35-1/awscli/botocore/data/sagemaker-edge/2020-09-23/service-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker-edge/2020-09-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-edge/2020-09-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"edge.sagemaker", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon Sagemaker Edge Manager", "serviceId":"Sagemaker Edge", "signatureVersion":"v4", "signingName":"sagemaker", - "uid":"sagemaker-edge-2020-09-23" + "uid":"sagemaker-edge-2020-09-23", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetDeployments":{ diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/service-2.json 2.31.35-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/service-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-featurestore-runtime/2020-07-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"featurestore-runtime.sagemaker", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon SageMaker Feature Store Runtime", "serviceId":"SageMaker FeatureStore Runtime", "signatureVersion":"v4", "signingName":"sagemaker", - "uid":"sagemaker-featurestore-runtime-2020-07-01" + "uid":"sagemaker-featurestore-runtime-2020-07-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "BatchGetRecord":{ diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-geospatial/2020-05-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-geospatial/2020-05-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-geospatial/2020-05-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-geospatial/2020-05-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-metrics/2022-09-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-metrics/2022-09-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-metrics/2022-09-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-metrics/2022-09-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -57,65 +57,78 @@ "type": "error" }, { - "conditions": [], - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } ], - "type": "tree" + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "rules": [ @@ -124,90 +137,81 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } - ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://metrics.sagemaker-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, + ] + } + ], + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://metrics.sagemaker-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" }, { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { "conditions": [ { "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, true ] @@ -217,7 +221,7 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -225,105 +229,76 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, - true + "aws" ] } ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://metrics.sagemaker-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" + "endpoint": { + "url": "https://metrics-fips.sagemaker.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://metrics.sagemaker-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" }, { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } - ], - "rules": [ - { - "conditions": [], - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://metrics.sagemaker.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ], - "type": "tree" - } - ], - "type": "tree" - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + ] } ], - "type": "tree" - }, - { - "conditions": [], "rules": [ { "conditions": [], "endpoint": { - "url": "https://metrics.sagemaker.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://metrics.sagemaker.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, @@ -331,20 +306,34 @@ } ], "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://metrics.sagemaker.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/service-2.json 2.31.35-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/service-2.json --- 2.23.6-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sagemaker-runtime/2017-05-13/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -30,7 +30,7 @@ {"shape":"InternalDependencyException"}, {"shape":"ModelNotReadyException"} ], - "documentation":"

    After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint.

    For an overview of Amazon SageMaker, see How It Works.

    Amazon SageMaker strips all POST headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpoint are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    A customer's model containers must respond to requests within 60 seconds. The model itself can have a maximum processing time of 60 seconds before responding to invocations. If your model is going to take 50-60 seconds of processing time, the SDK socket timeout should be set to be 70 seconds.

    Endpoints are scoped to an individual account, and are not public. The URL does not contain the account ID, but Amazon SageMaker determines the account ID from the authentication token that is supplied by the caller.

    " + "documentation":"

    After you deploy a model into production using Amazon SageMaker AI hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint.

    For an overview of Amazon SageMaker AI, see How It Works.

    Amazon SageMaker AI strips all POST headers except those supported by the API. Amazon SageMaker AI might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpoint are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    A customer's model containers must respond to requests within 60 seconds. The model itself can have a maximum processing time of 60 seconds before responding to invocations. If your model is going to take 50-60 seconds of processing time, the SDK socket timeout should be set to be 70 seconds.

    Endpoints are scoped to an individual account, and are not public. The URL does not contain the account ID, but Amazon SageMaker AI determines the account ID from the authentication token that is supplied by the caller.

    " }, "InvokeEndpointAsync":{ "name":"InvokeEndpointAsync", @@ -46,7 +46,7 @@ {"shape":"ServiceUnavailable"}, {"shape":"ValidationError"} ], - "documentation":"

    After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint in an asynchronous manner.

    Inference requests sent to this API are enqueued for asynchronous processing. The processing of the inference request may or may not complete before you receive a response from this API. The response from this API will not contain the result of the inference request but contain information about where you can locate it.

    Amazon SageMaker strips all POST headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpointAsync are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    " + "documentation":"

    After you deploy a model into production using Amazon SageMaker AI hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint in an asynchronous manner.

    Inference requests sent to this API are enqueued for asynchronous processing. The processing of the inference request may or may not complete before you receive a response from this API. The response from this API will not contain the result of the inference request but contain information about where you can locate it.

    Amazon SageMaker AI strips all POST headers except those supported by the API. Amazon SageMaker AI might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpointAsync are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    " }, "InvokeEndpointWithResponseStream":{ "name":"InvokeEndpointWithResponseStream", @@ -64,7 +64,7 @@ {"shape":"ModelStreamError"}, {"shape":"InternalStreamFailure"} ], - "documentation":"

    Invokes a model at the specified endpoint to return the inference response as a stream. The inference stream provides the response payload incrementally as a series of parts. Before you can get an inference stream, you must have access to a model that's deployed using Amazon SageMaker hosting services, and the container for that model must support inference streaming.

    For more information that can help you use this API, see the following sections in the Amazon SageMaker Developer Guide:

    Before you can use this operation, your IAM permissions must allow the sagemaker:InvokeEndpoint action. For more information about Amazon SageMaker actions for IAM policies, see Actions, resources, and condition keys for Amazon SageMaker in the IAM Service Authorization Reference.

    Amazon SageMaker strips all POST headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpointWithResponseStream are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    " + "documentation":"

    Invokes a model at the specified endpoint to return the inference response as a stream. The inference stream provides the response payload incrementally as a series of parts. Before you can get an inference stream, you must have access to a model that's deployed using Amazon SageMaker AI hosting services, and the container for that model must support inference streaming.

    For more information that can help you use this API, see the following sections in the Amazon SageMaker AI Developer Guide:

    Before you can use this operation, your IAM permissions must allow the sagemaker:InvokeEndpoint action. For more information about Amazon SageMaker AI actions for IAM policies, see Actions, resources, and condition keys for Amazon SageMaker AI in the IAM Service Authorization Reference.

    Amazon SageMaker AI strips all POST headers except those supported by the API. Amazon SageMaker AI might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.

    Calls to InvokeEndpointWithResponseStream are authenticated by using Amazon Web Services Signature Version 4. For information, see Authenticating Requests (Amazon Web Services Signature Version 4) in the Amazon S3 API Reference.

    " } }, "shapes":{ @@ -177,13 +177,13 @@ }, "CustomAttributes":{ "shape":"CustomAttributesHeader", - "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.

    ", + "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker AI endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker AI Python SDK.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Custom-Attributes" }, "InferenceId":{ "shape":"InferenceId", - "documentation":"

    The identifier for the inference request. Amazon SageMaker will generate an identifier for you if none is specified.

    ", + "documentation":"

    The identifier for the inference request. Amazon SageMaker AI will generate an identifier for you if none is specified.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Inference-Id" }, @@ -212,7 +212,7 @@ "members":{ "InferenceId":{ "shape":"Header", - "documentation":"

    Identifier for an inference request. This will be the same as the InferenceId specified in the input. Amazon SageMaker will generate an identifier for you if you do not specify one.

    " + "documentation":"

    Identifier for an inference request. This will be the same as the InferenceId specified in the input. Amazon SageMaker AI will generate an identifier for you if you do not specify one.

    " }, "OutputLocation":{ "shape":"Header", @@ -243,7 +243,7 @@ }, "Body":{ "shape":"BodyBlob", - "documentation":"

    Provides input data, in the format specified in the ContentType request header. Amazon SageMaker passes all of the data in the body to the model.

    For information about the format of the request body, see Common Data Formats-Inference.

    " + "documentation":"

    Provides input data, in the format specified in the ContentType request header. Amazon SageMaker AI passes all of the data in the body to the model.

    For information about the format of the request body, see Common Data Formats-Inference.

    " }, "ContentType":{ "shape":"Header", @@ -259,7 +259,7 @@ }, "CustomAttributes":{ "shape":"CustomAttributesHeader", - "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.

    ", + "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker AI endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker AI Python SDK.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Custom-Attributes" }, @@ -301,7 +301,7 @@ }, "SessionId":{ "shape":"SessionIdOrNewSessionConstantHeader", - "documentation":"

    Creates a stateful session or identifies an existing one. You can do one of the following:

    • Create a stateful session by specifying the value NEW_SESSION.

    • Send your request to an existing stateful session by specifying the ID of that session.

    With a stateful session, you can send multiple requests to a stateful model. When you create a session with a stateful model, the model must create the session ID and set the expiration time. The model must also provide that information in the response to your request. You can get the ID and timestamp from the NewSessionId response parameter. For any subsequent request where you specify that session ID, SageMaker routes the request to the same instance that supports the session.

    ", + "documentation":"

    Creates a stateful session or identifies an existing one. You can do one of the following:

    • Create a stateful session by specifying the value NEW_SESSION.

    • Send your request to an existing stateful session by specifying the ID of that session.

    With a stateful session, you can send multiple requests to a stateful model. When you create a session with a stateful model, the model must create the session ID and set the expiration time. The model must also provide that information in the response to your request. You can get the ID and timestamp from the NewSessionId response parameter. For any subsequent request where you specify that session ID, SageMaker AI routes the request to the same instance that supports the session.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Session-Id" } @@ -330,7 +330,7 @@ }, "CustomAttributes":{ "shape":"CustomAttributesHeader", - "documentation":"

    Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the CustomAttributes header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back.

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.

    ", + "documentation":"

    Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker AI endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the CustomAttributes header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back.

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker AI Python SDK.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Custom-Attributes" }, @@ -364,7 +364,7 @@ }, "Body":{ "shape":"BodyBlob", - "documentation":"

    Provides input data, in the format specified in the ContentType request header. Amazon SageMaker passes all of the data in the body to the model.

    For information about the format of the request body, see Common Data Formats-Inference.

    " + "documentation":"

    Provides input data, in the format specified in the ContentType request header. Amazon SageMaker AI passes all of the data in the body to the model.

    For information about the format of the request body, see Common Data Formats-Inference.

    " }, "ContentType":{ "shape":"Header", @@ -380,7 +380,7 @@ }, "CustomAttributes":{ "shape":"CustomAttributesHeader", - "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.

    ", + "documentation":"

    Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker AI endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1).

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker AI Python SDK.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Custom-Attributes" }, @@ -436,7 +436,7 @@ }, "CustomAttributes":{ "shape":"CustomAttributesHeader", - "documentation":"

    Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the CustomAttributes header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back.

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.

    ", + "documentation":"

    Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker AI endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the CustomAttributes header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in Section 3.3.6. Field Value Components of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back.

    The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with Trace ID: in your post-processing function.

    This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker AI Python SDK.

    ", "location":"header", "locationName":"X-Amzn-SageMaker-Custom-Attributes" } @@ -485,10 +485,10 @@ "Message":{"shape":"Message"}, "ErrorCode":{ "shape":"ErrorCode", - "documentation":"

    This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    " + "documentation":"

    This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker AI.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    " } }, - "documentation":"

    An error occurred while streaming the response body. This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    ", + "documentation":"

    An error occurred while streaming the response body. This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker AI.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    ", "exception":true, "synthetic":true }, @@ -527,7 +527,7 @@ }, "ModelStreamError":{ "shape":"ModelStreamError", - "documentation":"

    An error occurred while streaming the response body. This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    " + "documentation":"

    An error occurred while streaming the response body. This error can have the following error codes:

    ModelInvocationTimeExceeded

    The model failed to finish sending the response within the timeout period allowed by Amazon SageMaker AI.

    StreamBroken

    The Transmission Control Protocol (TCP) connection between the client and the model was reset or closed.

    " }, "InternalStreamFailure":{ "shape":"InternalStreamFailure", @@ -586,5 +586,5 @@ "synthetic":true } }, - "documentation":"

    The Amazon SageMaker runtime API.

    " + "documentation":"

    The Amazon SageMaker AI runtime API.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/savingsplans/2019-06-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/savingsplans/2019-06-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/savingsplans/2019-06-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/savingsplans/2019-06-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,33 +5,195 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ { "conditions": [ { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + }, + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + } + ], + "endpoint": { + "url": "https://savingsplans.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "savingsplans", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://savingsplans.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "not", + "argv": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ] + } + ], + "endpoint": { + "url": "https://savingsplans.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingName": "savingsplans", + "signingRegion": "us-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [ + { "fn": "isSet", "argv": [ { diff -pruN 2.23.6-1/awscli/botocore/data/savingsplans/2019-06-28/service-2.json 2.31.35-1/awscli/botocore/data/savingsplans/2019-06-28/service-2.json --- 2.23.6-1/awscli/botocore/data/savingsplans/2019-06-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/savingsplans/2019-06-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,11 +6,13 @@ "globalEndpoint":"savingsplans.amazonaws.com", "jsonVersion":"1.0", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"AWSSavingsPlans", "serviceFullName":"AWS Savings Plans", "serviceId":"savingsplans", "signatureVersion":"v4", - "uid":"savingsplans-2019-06-28" + "uid":"savingsplans-2019-06-28", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateSavingsPlan":{ @@ -234,8 +236,7 @@ }, "DeleteQueuedSavingsPlanResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeSavingsPlanRatesRequest":{ "type":"structure", @@ -1173,8 +1174,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{"type":"string"}, "TermDurationInSeconds":{"type":"long"}, @@ -1205,8 +1205,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/scheduler/2021-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/scheduler/2021-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/scheduler/2021-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/scheduler/2021-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/schemas/2019-12-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/schemas/2019-12-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/schemas/2019-12-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/schemas/2019-12-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/schemas/2019-12-02/service-2.json 2.31.35-1/awscli/botocore/data/schemas/2019-12-02/service-2.json --- 2.23.6-1/awscli/botocore/data/schemas/2019-12-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/schemas/2019-12-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -8,7 +8,10 @@ "protocol": "rest-json", "jsonVersion": "1.1", "uid": "schemas-2019-12-02", - "signatureVersion": "v4" + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, "operations": { "CreateDiscoverer": { @@ -3442,4 +3445,4 @@ } }, "documentation": "

    Amazon EventBridge Schema Registry

    " -} +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/secretsmanager/2017-10-17/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/secretsmanager/2017-10-17/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/secretsmanager/2017-10-17/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/secretsmanager/2017-10-17/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/security-ir/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/security-ir/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/security-ir/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/security-ir/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,19 +6,19 @@ "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/security-ir/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/security-ir/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/security-ir/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/security-ir/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,12 +28,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to view an existing membership.

    " + "documentation":"

    Provides information on whether the supplied account IDs are associated with a membership.

    AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

    ", + "readonly":true }, "CancelMembership":{ "name":"CancelMembership", @@ -50,12 +51,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permissions to cancel an existing membership.

    ", + "documentation":"

    Cancels an existing membership.

    ", "idempotent":true }, "CloseCase":{ @@ -73,12 +74,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to close an existing case.

    " + "documentation":"

    Closes an existing case.

    " }, "CreateCase":{ "name":"CreateCase", @@ -95,12 +96,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to create a new case.

    ", + "documentation":"

    Creates a new case.

    ", "idempotent":true }, "CreateCaseComment":{ @@ -118,12 +119,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to add a comment to an existing case.

    ", + "documentation":"

    Adds a comment to an existing case.

    ", "idempotent":true }, "CreateMembership":{ @@ -141,12 +142,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permissions to create a new membership.

    ", + "documentation":"

    Creates a new membership.

    ", "idempotent":true }, "GetCase":{ @@ -164,12 +165,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grant permission to view a designated case.

    " + "documentation":"

    Returns the attributes of a case.

    ", + "readonly":true }, "GetCaseAttachmentDownloadUrl":{ "name":"GetCaseAttachmentDownloadUrl", @@ -186,12 +188,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to obtain an Amazon S3 presigned URL to download an attachment.

    " + "documentation":"

    Returns a Pre-Signed URL for uploading attachments into a case.

    ", + "readonly":true }, "GetCaseAttachmentUploadUrl":{ "name":"GetCaseAttachmentUploadUrl", @@ -208,12 +211,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to upload an attachment to a case.

    ", + "documentation":"

    Uploads an attachment to a case.

    ", "idempotent":true }, "GetMembership":{ @@ -231,12 +234,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to get details of a designated service membership.

    " + "documentation":"

    Returns the attributes of a membership.

    ", + "readonly":true }, "ListCaseEdits":{ "name":"ListCaseEdits", @@ -253,12 +257,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permissions to view the aidt log for edits made to a designated case.

    " + "documentation":"

    Views the case history for edits made to a designated case.

    ", + "readonly":true }, "ListCases":{ "name":"ListCases", @@ -275,12 +280,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to list all cases the requester has access to.

    " + "documentation":"

    Lists all cases the requester has access to.

    ", + "readonly":true }, "ListComments":{ "name":"ListComments", @@ -297,12 +303,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permissions to list and view comments for a designated case.

    " + "documentation":"

    Returns comments for a designated case.

    ", + "readonly":true }, "ListMemberships":{ "name":"ListMemberships", @@ -319,12 +326,13 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to query the memberships a principal has access to.

    " + "documentation":"

    Returns the memberships that the calling principal can access.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -342,11 +350,12 @@ {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to view currently configured tags on a resource.

    " + "documentation":"

    Returns currently configured tags on a resource.

    ", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -364,11 +373,11 @@ {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to add a tag(s) to a designated resource.

    " + "documentation":"

    Adds a tag(s) to a designated resource.

    " }, "UntagResource":{ "name":"UntagResource", @@ -386,11 +395,11 @@ {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to remove a tag(s) from a designate resource.

    ", + "documentation":"

    Removes a tag(s) from a designate resource.

    ", "idempotent":true }, "UpdateCase":{ @@ -408,12 +417,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to update an existing case.

    " + "documentation":"

    Updates an existing case.

    " }, "UpdateCaseComment":{ "name":"UpdateCaseComment", @@ -430,12 +439,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to update an existing case comment.

    ", + "documentation":"

    Updates an existing case comment.

    ", "idempotent":true }, "UpdateCaseStatus":{ @@ -453,12 +462,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to update the status for a designated cases. Options include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed.

    " + "documentation":"

    Updates the state transitions for a designated cases.

    Self-managed: the following states are available for self-managed cases.

    • Submitted → Detection and Analysis

    • Detection and Analysis → Containment, Eradication, and Recovery

    • Detection and Analysis → Post-incident Activities

    • Containment, Eradication, and Recovery → Detection and Analysis

    • Containment, Eradication, and Recovery → Post-incident Activities

    • Post-incident Activities → Containment, Eradication, and Recovery

    • Post-incident Activities → Detection and Analysis

    • Any → Closed

    AWS supported: You must use the CloseCase API to close.

    " }, "UpdateMembership":{ "name":"UpdateMembership", @@ -475,12 +484,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants access to UpdateMembership to change membership configuration.

    ", + "documentation":"

    Updates membership configuration.

    ", "idempotent":true }, "UpdateResolverType":{ @@ -498,12 +507,12 @@ {"shape":"ValidationException"}, {"shape":"SecurityIncidentResponseNotActiveException"}, {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"}, {"shape":"InvalidTokenException"} ], - "documentation":"

    Grants permission to update the resolver type for a case.

    This is a one-way action and cannot be reversed.

    Options include self-supported > AWS-supported.

    " + "documentation":"

    Updates the resolver type for a case.

    This is a one-way action and cannot be reversed.

    " } }, "shapes":{ @@ -523,7 +532,10 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"} + "message":{ + "shape":"String", + "documentation":"

    The ID of the resource which lead to the access denial.

    " + } }, "documentation":"

    ", "error":{ @@ -547,6 +559,7 @@ "enum":[ "af-south-1", "ap-east-1", + "ap-east-2", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", @@ -557,6 +570,8 @@ "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", + "ap-southeast-6", + "ap-southeast-7", "ca-central-1", "ca-west-1", "cn-north-1", @@ -572,6 +587,7 @@ "il-central-1", "me-central-1", "me-south-1", + "mx-central-1", "sa-east-1", "us-east-1", "us-east-2", @@ -582,7 +598,7 @@ "AwsService":{ "type":"string", "max":50, - "min":3, + "min":2, "pattern":"[a-zA-Z0-9 -.():]+" }, "BatchGetMemberAccountDetailsRequest":{ @@ -600,7 +616,7 @@ }, "accountIds":{ "shape":"AWSAccountIds", - "documentation":"

    Optional element to query the membership relationship status to a provided list of account IDs.

    " + "documentation":"

    Optional element to query the membership relationship status to a provided list of account IDs.

    AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

    " } } }, @@ -613,7 +629,7 @@ }, "errors":{ "shape":"GetMembershipAccountDetailErrors", - "documentation":"

    The response element providing errors messages for requests to GetMembershipAccountDetails.

    " + "documentation":"

    The response element providing error messages for requests to GetMembershipAccountDetails.

    " } } }, @@ -779,11 +795,11 @@ "members":{ "caseStatus":{ "shape":"CaseStatus", - "documentation":"

    A response element providing responses for requests to CloseCase. This element responds with the case status following the action.

    " + "documentation":"

    A response element providing responses for requests to CloseCase. This element responds Closed if successful.

    " }, "closedDate":{ "shape":"Timestamp", - "documentation":"

    A response element providing responses for requests to CloseCase. This element responds with the case closure date following the action.

    " + "documentation":"

    A response element providing responses for requests to CloseCase. This element responds with the ISO-8601 formatted timestamp of the moment when the case was closed.

    " } } }, @@ -808,6 +824,31 @@ "min":6, "pattern":"\\d{6}" }, + "CommunicationPreferences":{ + "type":"list", + "member":{"shape":"CommunicationType"} + }, + "CommunicationType":{ + "type":"string", + "enum":[ + "Case Created", + "Case Updated", + "Case Acknowledged", + "Case Closed", + "Case Updated To Service Managed", + "Case Status Updated", + "Case Pending Customer Action Reminder", + "Case Attachment Url Uploaded", + "Case Comment Added", + "Case Comment Updated", + "Membership Created", + "Membership Updated", + "Membership Cancelled", + "Register Delegated Administrator", + "Deregister Delegated Administrator", + "Disable AWS Service Access" + ] + }, "ConflictException":{ "type":"structure", "required":[ @@ -816,14 +857,17 @@ "resourceType" ], "members":{ - "message":{"shape":"String"}, + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + }, "resourceId":{ "shape":"String", - "documentation":"

    Element providing the ID of the resource affected.

    " + "documentation":"

    The ID of the conflicting resource.

    " }, "resourceType":{ "shape":"String", - "documentation":"

    Element providing the type of the resource affected.

    " + "documentation":"

    The type of the conflicting resource.

    " } }, "documentation":"

    ", @@ -854,7 +898,7 @@ }, "clientToken":{ "shape":"CreateCaseCommentRequestClientTokenString", - "documentation":"

    An optional element used in combination with CreateCaseComment.

    ", + "documentation":"

    The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

    ", "idempotencyToken":true }, "body":{ @@ -892,12 +936,12 @@ "members":{ "clientToken":{ "shape":"CreateCaseRequestClientTokenString", - "documentation":"

    Required element used in combination with CreateCase.

    ", + "documentation":"

    The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

    ", "idempotencyToken":true }, "resolverType":{ "shape":"ResolverType", - "documentation":"

    Required element used in combination with CreateCase to identify the resolver type. Available resolvers include self-supported | aws-supported.

    " + "documentation":"

    Required element used in combination with CreateCase to identify the resolver type.

    " }, "title":{ "shape":"CaseTitle", @@ -905,7 +949,7 @@ }, "description":{ "shape":"CaseDescription", - "documentation":"

    Required element used in combination with CreateCase to provide a description for the new case.

    " + "documentation":"

    Required element used in combination with CreateCase

    to provide a description for the new case.

    " }, "engagementType":{ "shape":"EngagementType", @@ -917,7 +961,7 @@ }, "impactedAccounts":{ "shape":"ImpactedAccounts", - "documentation":"

    Required element used in combination with CreateCase to provide a list of impacted accounts.

    " + "documentation":"

    Required element used in combination with CreateCase to provide a list of impacted accounts.

    AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

    " }, "watchers":{ "shape":"Watchers", @@ -965,16 +1009,16 @@ "members":{ "clientToken":{ "shape":"CreateMembershipRequestClientTokenString", - "documentation":"

    An optional element used in combination with CreateMembership.

    ", + "documentation":"

    The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

    ", "idempotencyToken":true }, "membershipName":{ "shape":"MembershipName", - "documentation":"

    Required element use in combination with CreateMembership to create a name for the membership.

    " + "documentation":"

    Required element used in combination with CreateMembership to create a name for the membership.

    " }, "incidentResponseTeam":{ "shape":"IncidentResponseTeam", - "documentation":"

    Required element use in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.

    " + "documentation":"

    Required element used in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.

    " }, "optInFeatures":{ "shape":"OptInFeatures", @@ -983,6 +1027,10 @@ "tags":{ "shape":"TagMap", "documentation":"

    Optional element for customer configured tags.

    " + }, + "coverEntireOrganization":{ + "shape":"Boolean", + "documentation":"

    The coverEntireOrganization parameter is a boolean flag that determines whether the membership should be applied to the entire Amazon Web Services Organization. When set to true, the membership will be created for all accounts within the organization. When set to false, the membership will only be created for specified accounts.

    This parameter is optional. If not specified, the default value is false.

    • If set to true: The membership will automatically include all existing and future accounts in the Amazon Web Services Organization.

    • If set to false: The membership will only apply to explicitly specified accounts.

    " } } }, @@ -1070,7 +1118,7 @@ "members":{ "caseId":{ "shape":"CaseId", - "documentation":"

    Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment to.

    ", + "documentation":"

    Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment.

    ", "location":"uri", "locationName":"caseId" }, @@ -1080,11 +1128,11 @@ }, "contentLength":{ "shape":"ContentLength", - "documentation":"

    Required element for GetCaseAttachmentUploadUrl to identify the size od the file attachment.

    " + "documentation":"

    Required element for GetCaseAttachmentUploadUrl to identify the size of the file attachment.

    " }, "clientToken":{ "shape":"GetCaseAttachmentUploadUrlRequestClientTokenString", - "documentation":"

    Optional element for customer provided token.

    ", + "documentation":"

    The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.

    ", "idempotencyToken":true } } @@ -1100,7 +1148,7 @@ "members":{ "attachmentPresignedUrl":{ "shape":"Url", - "documentation":"

    Response element providing the Amazon S3 presigned UTL to upload the attachment.

    " + "documentation":"

    Response element providing the Amazon S3 presigned URL to upload the attachment.

    " } } }, @@ -1157,7 +1205,7 @@ }, "pendingAction":{ "shape":"PendingAction", - "documentation":"

    Response element for GetCase that provides identifies the case is waiting on customer input.

    " + "documentation":"

    Response element for GetCase that identifies the case is waiting on customer input.

    " }, "impactedAccounts":{ "shape":"ImpactedAccounts", @@ -1181,7 +1229,7 @@ }, "resolverType":{ "shape":"ResolverType", - "documentation":"

    Response element for GetCase that provides the current resolver types. Options include self-supported | AWS-supported.

    " + "documentation":"

    Response element for GetCase that provides the current resolver types.

    " }, "impactedServices":{ "shape":"ImpactedServicesList", @@ -1272,11 +1320,11 @@ }, "accountId":{ "shape":"AWSAccountId", - "documentation":"

    Response element for GetMembership that provides the configured account for managing the membership.

    " + "documentation":"

    Response element for GetMembership that provides the account configured to manage the membership.

    " }, "region":{ "shape":"AwsRegion", - "documentation":"

    Response element for GetMembership that provides the configured region for managing the membership.

    " + "documentation":"

    Response element for GetMembership that provides the region configured to manage the membership.

    " }, "membershipName":{ "shape":"MembershipName", @@ -1313,6 +1361,10 @@ "optInFeatures":{ "shape":"OptInFeatures", "documentation":"

    Response element for GetMembership that provides the if opt-in features have been enabled.

    " + }, + "membershipAccountsConfigurations":{ + "shape":"MembershipAccountsConfigurations", + "documentation":"

    The membershipAccountsConfigurations field contains the configuration details for member accounts within the Amazon Web Services Organizations membership structure.

    This field returns a structure containing information about:

    • Account configurations for member accounts

    • Membership settings and preferences

    • Account-level permissions and roles

    " } } }, @@ -1369,6 +1421,10 @@ "email":{ "shape":"EmailAddress", "documentation":"

    " + }, + "communicationPreferences":{ + "shape":"CommunicationPreferences", + "documentation":"

    " } }, "documentation":"

    " @@ -1393,10 +1449,13 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"}, + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + }, "retryAfterSeconds":{ "shape":"Integer", - "documentation":"

    Element providing advice to clients on when the call can be safely retried.

    ", + "documentation":"

    The number of seconds after which to retry the request.

    ", "location":"header", "locationName":"Retry-After" } @@ -1411,7 +1470,10 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"} + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + } }, "documentation":"

    ", "error":{ @@ -1433,7 +1495,7 @@ "members":{ "nextToken":{ "shape":"ListCaseEditsRequestNextTokenString", - "documentation":"

    Optional element for a customer provided token.

    " + "documentation":"

    An optional string that, if supplied, must be copied from the output of a previous call to ListCaseEdits. When provided in this manner, the API fetches the next page of results.

    " }, "maxResults":{ "shape":"ListCaseEditsRequestMaxResultsInteger", @@ -1463,11 +1525,11 @@ "members":{ "nextToken":{ "shape":"String", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied on subsequent calls to ListCaseEdits, allows the API to fetch the next page of results.

    " }, "items":{ "shape":"CaseEditItems", - "documentation":"

    Response element for ListCaseEdits that includes the action, eventtimestamp, message, and principal for the response.

    " + "documentation":"

    Response element for ListCaseEdits that includes the action, event timestamp, message, and principal for the response.

    " }, "total":{ "shape":"Integer", @@ -1531,7 +1593,7 @@ "members":{ "nextToken":{ "shape":"ListCasesRequestNextTokenString", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied, must be copied from the output of a previous call to ListCases. When provided in this manner, the API fetches the next page of results.

    " }, "maxResults":{ "shape":"ListCasesRequestMaxResultsInteger", @@ -1555,7 +1617,7 @@ "members":{ "nextToken":{ "shape":"String", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied on subsequent calls to ListCases, allows the API to fetch the next page of results.

    " }, "items":{ "shape":"ListCasesItems", @@ -1608,7 +1670,7 @@ "members":{ "nextToken":{ "shape":"ListCommentsRequestNextTokenString", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied, must be copied from the output of a previous call to ListComments. When provided in this manner, the API fetches the next page of results.

    " }, "maxResults":{ "shape":"ListCommentsRequestMaxResultsInteger", @@ -1638,7 +1700,7 @@ "members":{ "nextToken":{ "shape":"String", - "documentation":"

    Optional request elements.

    " + "documentation":"

    An optional string that, if supplied on subsequent calls to ListComments, allows the API to fetch the next page of results.

    " }, "items":{ "shape":"ListCommentsItems", @@ -1686,7 +1748,7 @@ "members":{ "nextToken":{ "shape":"ListMembershipsRequestNextTokenString", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied, must be copied from the output of a previous call to ListMemberships. When provided in this manner, the API fetches the next page of results.

    " }, "maxResults":{ "shape":"ListMembershipsRequestMaxResultsInteger", @@ -1710,7 +1772,7 @@ "members":{ "nextToken":{ "shape":"String", - "documentation":"

    Optional element.

    " + "documentation":"

    An optional string that, if supplied on subsequent calls to ListMemberships, allows the API to fetch the next page of results.

    " }, "items":{ "shape":"ListMembershipItems", @@ -1748,12 +1810,60 @@ "type":"string", "enum":[ "Associated", - "Disassociated" + "Disassociated", + "Unassociated" ] }, "MembershipAccountRelationshipType":{ "type":"string", - "enum":["Organization"] + "enum":[ + "Organization", + "Unrelated" + ] + }, + "MembershipAccountsConfigurations":{ + "type":"structure", + "members":{ + "coverEntireOrganization":{ + "shape":"Boolean", + "documentation":"

    The coverEntireOrganization field is a boolean value that determines whether the membership configuration applies to all accounts within an Amazon Web Services Organization.

    When set to true, the configuration will be applied across all accounts in the organization. When set to false, the configuration will only apply to specifically designated accounts under the AWS Organizational Units specificied.

    " + }, + "organizationalUnits":{ + "shape":"OrganizationalUnits", + "documentation":"

    A list of organizational unit IDs that follow the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}. These IDs represent the organizational units within an Amazon Web Services Organizations structure that are covered by the membership.

    Each organizational unit ID in the list must:

    • Begin with the prefix 'ou-'

    • Contain between 4 and 32 alphanumeric characters in the first segment

    • Contain between 8 and 32 alphanumeric characters in the second segment

    " + } + }, + "documentation":"

    The MembershipAccountsConfigurations structure defines the configuration settings for managing membership accounts withinAmazon Web Services.

    This structure contains settings that determine how member accounts are configured and managed within your organization, including:

    • Account configuration preferences

    • Membership validation rules

    • Account access settings

    You can use this structure to define and maintain standardized configurations across multiple member accounts in your organization.

    " + }, + "MembershipAccountsConfigurationsUpdate":{ + "type":"structure", + "members":{ + "coverEntireOrganization":{ + "shape":"Boolean", + "documentation":"

    The coverEntireOrganization field is a boolean value that determines whether the membership configuration should be applied across the entire Amazon Web Services Organization.

    When set to true, the configuration will be applied to all accounts within the organization. When set to false, the configuration will only apply to specifically designated accounts.

    " + }, + "organizationalUnitsToAdd":{ + "shape":"MembershipAccountsConfigurationsUpdateOrganizationalUnitsToAddList", + "documentation":"

    A list of organizational unit IDs to add to the membership configuration. Each organizational unit ID must match the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}.

    The list must contain between 1 and 5 organizational unit IDs.

    " + }, + "organizationalUnitsToRemove":{ + "shape":"MembershipAccountsConfigurationsUpdateOrganizationalUnitsToRemoveList", + "documentation":"

    A list of organizational unit IDs to remove from the membership configuration. Each organizational unit ID must match the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}.

    The list must contain between 1 and 5 organizational unit IDs per invocation of the API request.

    " + } + }, + "documentation":"

    The MembershipAccountsConfigurationsUpdatestructure represents the configuration updates for member accounts within an Amazon Web Services organization.

    This structure is used to modify existing account configurations and settings for members in the organization. When applying updates, ensure all required fields are properly specified to maintain account consistency.

    Key considerations when using this structure:

    • All configuration changes are validated before being applied

    • Updates are processed asynchronously in the background

    • Configuration changes may take several minutes to propagate across all affected accounts

    " + }, + "MembershipAccountsConfigurationsUpdateOrganizationalUnitsToAddList":{ + "type":"list", + "member":{"shape":"OrganizationalUnitId"}, + "max":5, + "min":1 + }, + "MembershipAccountsConfigurationsUpdateOrganizationalUnitsToRemoveList":{ + "type":"list", + "member":{"shape":"OrganizationalUnitId"}, + "max":5, + "min":1 }, "MembershipArn":{ "type":"string", @@ -1809,6 +1919,14 @@ "max":2, "min":1 }, + "OrganizationalUnitId":{ + "type":"string", + "pattern":"ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}" + }, + "OrganizationalUnits":{ + "type":"list", + "member":{"shape":"OrganizationalUnitId"} + }, "PendingAction":{ "type":"string", "enum":[ @@ -1824,7 +1942,7 @@ }, "PrincipalId":{ "type":"string", - "pattern":".*(^internal:midway:([a-z]{3,8}|svc-mw-[0-9]{12}[a-zA-Z0-9-]{5,20})$)|(^external:aws:\\d{12}$).*" + "pattern":".*((^AWS Responder)|(^\\d{12}$)|(^arn:([^:]*aws[^:]*):(?:(?:iam)::\\d{12}:(?:user|role|group|root)(?:(?:/[^/]+)+)?|(?:sts)::\\d{12}:assumed-role/[^/]+/[^/]+)$)|(^security-ir.amazonaws.com)).*" }, "ResolverType":{ "type":"string", @@ -1837,7 +1955,10 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"} + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + } }, "documentation":"

    ", "error":{ @@ -1850,7 +1971,10 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"} + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + } }, "documentation":"

    ", "error":{ @@ -1878,22 +2002,25 @@ "quotaCode" ], "members":{ - "message":{"shape":"String"}, + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + }, "resourceId":{ "shape":"String", - "documentation":"

    Element that provides the ID of the resource affected.

    " + "documentation":"

    The ID of the requested resource which lead to the service quota exception.

    " }, "resourceType":{ "shape":"String", - "documentation":"

    Element that provides the type of the resource affected.

    " + "documentation":"

    The type of the requested resource which lead to the service quota exception.

    " }, "serviceCode":{ "shape":"String", - "documentation":"

    Element that provides the originating service who made the call.

    " + "documentation":"

    The service code of the quota.

    " }, "quotaCode":{ "shape":"String", - "documentation":"

    Element that provides the quota that was exceeded.

    " + "documentation":"

    The code of the quota.

    " } }, "documentation":"

    ", @@ -1941,8 +2068,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1974,18 +2100,21 @@ "type":"structure", "required":["message"], "members":{ - "message":{"shape":"String"}, + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + }, "serviceCode":{ "shape":"String", - "documentation":"

    Element providing the service code of the originating service.

    " + "documentation":"

    The service code of the exception.

    " }, "quotaCode":{ "shape":"String", - "documentation":"

    Element providing the quota of the originating service.

    " + "documentation":"

    The quota code of the exception.

    " }, "retryAfterSeconds":{ "shape":"Integer", - "documentation":"

    Element providing advice to clients on when the call can be safely retried.

    ", + "documentation":"

    The number of seconds after which to retry the request.

    ", "location":"header", "locationName":"Retry-After" } @@ -2022,8 +2151,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCaseCommentRequest":{ "type":"structure", @@ -2129,18 +2257,17 @@ }, "impactedAccountsToAdd":{ "shape":"ImpactedAccounts", - "documentation":"

    Optional element for UpdateCase to provide content to add accounts impacted.

    " + "documentation":"

    Optional element for UpdateCase to provide content to add accounts impacted.

    AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

    " }, "impactedAccountsToDelete":{ "shape":"ImpactedAccounts", - "documentation":"

    Optional element for UpdateCase to provide content to add accounts impacted.

    " + "documentation":"

    Optional element for UpdateCase to provide content to add accounts impacted.

    AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.

    " } } }, "UpdateCaseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCaseStatusRequest":{ "type":"structure", @@ -2191,13 +2318,20 @@ "optInFeatures":{ "shape":"OptInFeatures", "documentation":"

    Optional element for UpdateMembership to enable or disable opt-in features for the service.

    " + }, + "membershipAccountsConfigurationsUpdate":{ + "shape":"MembershipAccountsConfigurationsUpdate", + "documentation":"

    The membershipAccountsConfigurationsUpdate field in the UpdateMembershipRequest structure allows you to update the configuration settings for accounts within a membership.

    This field is optional and contains a structure of type MembershipAccountsConfigurationsUpdate that specifies the updated account configurations for the membership.

    " + }, + "undoMembershipCancellation":{ + "shape":"Boolean", + "documentation":"

    The undoMembershipCancellation parameter is a boolean flag that indicates whether to reverse a previously requested membership cancellation. When set to true, this will revoke the cancellation request and maintain the membership status.

    This parameter is optional and can be used in scenarios where you need to restore a membership that was marked for cancellation but hasn't been fully terminated yet.

    • If set to true, the cancellation request will be revoked

    • If set to false the service will throw a ValidationException.

    " } } }, "UpdateMembershipResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResolverTypeRequest":{ "type":"structure", @@ -2253,14 +2387,17 @@ "reason" ], "members":{ - "message":{"shape":"String"}, + "message":{ + "shape":"String", + "documentation":"

    The exception message.

    " + }, "reason":{ "shape":"ValidationExceptionReason", - "documentation":"

    Element that provides the reason the request failed validation.

    " + "documentation":"

    The reason for the exception.

    " }, "fieldList":{ "shape":"ValidationExceptionFieldList", - "documentation":"

    Element that provides the list of field(s) that caused the error, if applicable.

    " + "documentation":"

    The fields which lead to the exception.

    " } }, "documentation":"

    ", @@ -2327,5 +2464,5 @@ "min":0 } }, - "documentation":"

    This guide provides documents the action and response elements for customer use of the service.

    " + "documentation":"

    This guide documents the action and response elements for use of the service.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json --- 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -101,6 +101,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "ConfigurationPolicyAssociationSummaries" + }, + "DescribeProductsV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ProductsV2" + }, + "GetFindingsV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Findings" + }, + "GetResourcesV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Resources" + }, + "ListAggregatorsV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AggregatorsV2" } } } diff -pruN 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "ListOrganizationAdminAccounts": { + "non_aggregate_keys": [ + "Feature" + ] + } + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/service-2.json 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/service-2.json --- 2.23.6-1/awscli/botocore/data/securityhub/2018-10-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/securityhub/2018-10-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -167,7 +167,7 @@ {"shape":"InvalidAccessException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

    " + "documentation":"

    For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

    Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the association has a NOT_READY_FOR_UPDATES value for StandardsControlsUpdatable.

    " }, "BatchImportFindings":{ "name":"BatchImportFindings", @@ -216,7 +216,24 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidAccessException"} ], - "documentation":"

    Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

    Updates from BatchUpdateFindings don't affect the value of UpdatedAt for a finding.

    Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.

    • Confidence

    • Criticality

    • Note

    • RelatedFindings

    • Severity

    • Types

    • UserDefinedFields

    • VerificationState

    • Workflow

    You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.

    " + "documentation":"

    Used by Security Hub customers to update information about their investigation into one or more findings. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. A member account can update findings only for their own account. Administrator and member accounts can use this operation to update the following fields and objects for one or more findings:

    • Confidence

    • Criticality

    • Note

    • RelatedFindings

    • Severity

    • Types

    • UserDefinedFields

    • VerificationState

    • Workflow

    If you use this operation to update a finding, your updates don’t affect the value for the UpdatedAt field of the finding. Also note that it can take several minutes for Security Hub to process your request and update each finding specified in the request.

    You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. For more information see Configuring access to BatchUpdateFindings in the Security Hub User Guide.

    " + }, + "BatchUpdateFindingsV2":{ + "name":"BatchUpdateFindingsV2", + "http":{ + "method":"PATCH", + "requestUri":"/findingsv2/batchupdatev2" + }, + "input":{"shape":"BatchUpdateFindingsV2Request"}, + "output":{"shape":"BatchUpdateFindingsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Used by customers to update information about their investigation into a finding. Requested by delegated administrator accounts or member accounts. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account. BatchUpdateFindings and BatchUpdateFindingV2 both use securityhub:BatchUpdateFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:BatchUpdateFindings action. Updates from BatchUpdateFindingsV2 don't affect the value of finding_info.modified_time, finding_info.modified_time_dt, time, time_dt for a finding. This API is in public preview and subject to change.

    " }, "BatchUpdateStandardsControlAssociations":{ "name":"BatchUpdateStandardsControlAssociations", @@ -235,6 +252,24 @@ ], "documentation":"

    For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

    " }, + "ConnectorRegistrationsV2":{ + "name":"ConnectorRegistrationsV2", + "http":{ + "method":"POST", + "requestUri":"/connectorsv2/registrations" + }, + "input":{"shape":"ConnectorRegistrationsV2Request"}, + "output":{"shape":"ConnectorRegistrationsV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to complete the authorization based on input parameters. This API is in preview release and subject to change.

    " + }, "CreateActionTarget":{ "name":"CreateActionTarget", "http":{ @@ -252,6 +287,24 @@ ], "documentation":"

    Creates a custom action target in Security Hub.

    You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.

    " }, + "CreateAggregatorV2":{ + "name":"CreateAggregatorV2", + "http":{ + "method":"POST", + "requestUri":"/aggregatorv2/create" + }, + "input":{"shape":"CreateAggregatorV2Request"}, + "output":{"shape":"CreateAggregatorV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables aggregation across Amazon Web Services Regions. This API is in public preview and subject to change.

    " + }, "CreateAutomationRule":{ "name":"CreateAutomationRule", "http":{ @@ -269,6 +322,23 @@ ], "documentation":"

    Creates an automation rule based on input parameters.

    " }, + "CreateAutomationRuleV2":{ + "name":"CreateAutomationRuleV2", + "http":{ + "method":"POST", + "requestUri":"/automationrulesv2/create" + }, + "input":{"shape":"CreateAutomationRuleV2Request"}, + "output":{"shape":"CreateAutomationRuleV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Creates a V2 automation rule. This API is in public preview and subject to change.

    " + }, "CreateConfigurationPolicy":{ "name":"CreateConfigurationPolicy", "http":{ @@ -287,6 +357,24 @@ ], "documentation":"

    Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.

    " }, + "CreateConnectorV2":{ + "name":"CreateConnectorV2", + "http":{ + "method":"POST", + "requestUri":"/connectorsv2" + }, + "input":{"shape":"CreateConnectorV2Request"}, + "output":{"shape":"CreateConnectorV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to create a connectorV2 based on input parameters. This API is in preview release and subject to change.

    " + }, "CreateFindingAggregator":{ "name":"CreateFindingAggregator", "http":{ @@ -339,6 +427,24 @@ ], "documentation":"

    Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

    CreateMembers is always used to add accounts that are not organization members.

    For accounts that are managed using Organizations, CreateMembers is only used in the following cases:

    • Security Hub is not configured to automatically add new organization accounts.

    • The account was disassociated or deleted in Security Hub.

    This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

    For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.

    Accounts that are managed using Organizations don't receive an invitation. They automatically become a member account in Security Hub.

    • If the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.

    • For organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.

    A permissions policy is added that permits the administrator account to view the findings generated in the member account.

    To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

    " }, + "CreateTicketV2":{ + "name":"CreateTicketV2", + "http":{ + "method":"POST", + "requestUri":"/ticketsv2" + }, + "input":{"shape":"CreateTicketV2Request"}, + "output":{"shape":"CreateTicketV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID. This API is in preview release and subject to change.

    " + }, "DeclineInvitations":{ "name":"DeclineInvitations", "http":{ @@ -371,6 +477,42 @@ ], "documentation":"

    Deletes a custom action target from Security Hub.

    Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

    " }, + "DeleteAggregatorV2":{ + "name":"DeleteAggregatorV2", + "http":{ + "method":"DELETE", + "requestUri":"/aggregatorv2/delete/{AggregatorV2Arn+}" + }, + "input":{"shape":"DeleteAggregatorV2Request"}, + "output":{"shape":"DeleteAggregatorV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes the Aggregator V2. This API is in public preview and subject to change.

    " + }, + "DeleteAutomationRuleV2":{ + "name":"DeleteAutomationRuleV2", + "http":{ + "method":"DELETE", + "requestUri":"/automationrulesv2/{Identifier}" + }, + "input":{"shape":"DeleteAutomationRuleV2Request"}, + "output":{"shape":"DeleteAutomationRuleV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes a V2 automation rule. This API is in public preview and subject to change.

    " + }, "DeleteConfigurationPolicy":{ "name":"DeleteConfigurationPolicy", "http":{ @@ -390,6 +532,24 @@ ], "documentation":"

    Deletes a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the StartConfigurationPolicyDisassociation operation.

    " }, + "DeleteConnectorV2":{ + "name":"DeleteConnectorV2", + "http":{ + "method":"DELETE", + "requestUri":"/connectorsv2/{ConnectorId+}" + }, + "input":{"shape":"DeleteConnectorV2Request"}, + "output":{"shape":"DeleteConnectorV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to delete a connectorV2. This API is in preview release and subject to change.

    " + }, "DeleteFindingAggregator":{ "name":"DeleteFindingAggregator", "http":{ @@ -524,6 +684,39 @@ ], "documentation":"

    Returns information about product integrations in Security Hub.

    You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

    If you don't provide an integration ARN, then the results include all of the available product integrations.

    " }, + "DescribeProductsV2":{ + "name":"DescribeProductsV2", + "http":{ + "method":"GET", + "requestUri":"/productsV2" + }, + "input":{"shape":"DescribeProductsV2Request"}, + "output":{"shape":"DescribeProductsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Gets information about the product integration. This API is in public preview and subject to change.

    " + }, + "DescribeSecurityHubV2":{ + "name":"DescribeSecurityHubV2", + "http":{ + "method":"GET", + "requestUri":"/hubv2" + }, + "input":{"shape":"DescribeSecurityHubV2Request"}, + "output":{"shape":"DescribeSecurityHubV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Returns details about the service resource in your account. This API is in public preview and subject to change.

    " + }, "DescribeStandards":{ "name":"DescribeStandards", "http":{ @@ -553,7 +746,7 @@ {"shape":"InvalidAccessException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Returns a list of security standards controls.

    For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

    " + "documentation":"

    Returns a list of security standards controls.

    For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

    This operation returns an empty list for standard subscriptions where StandardsControlsUpdatable has value NOT_READY_FOR_UPDATES.

    " }, "DisableImportFindingsForProduct":{ "name":"DisableImportFindingsForProduct", @@ -606,6 +799,22 @@ ], "documentation":"

    Disables Security Hub in your account only in the current Amazon Web Services Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

    You can't disable Security Hub in an account that is currently the Security Hub administrator.

    When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.

    If you want to save your existing findings, you must export them before you disable Security Hub.

    " }, + "DisableSecurityHubV2":{ + "name":"DisableSecurityHubV2", + "http":{ + "method":"DELETE", + "requestUri":"/hubv2" + }, + "input":{"shape":"DisableSecurityHubV2Request"}, + "output":{"shape":"DisableSecurityHubV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Disable the service for the current Amazon Web Services Region or specified Amazon Web Services Region. This API is in public preview and subject to change.

    " + }, "DisassociateFromAdministratorAccount":{ "name":"DisassociateFromAdministratorAccount", "http":{ @@ -711,6 +920,22 @@ ], "documentation":"

    Enables Security Hub for your account in the current Region or the Region you specify in the request.

    When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other services that are integrated with Security Hub.

    When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the following standards:

    • Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.2.0

    • Amazon Web Services Foundational Security Best Practices

    Other standards are not automatically enabled.

    To opt out of automatically enabled standards, set EnableDefaultStandards to false.

    After you enable Security Hub, to enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.

    To learn more, see the setup information in the Security Hub User Guide.

    " }, + "EnableSecurityHubV2":{ + "name":"EnableSecurityHubV2", + "http":{ + "method":"POST", + "requestUri":"/hubv2" + }, + "input":{"shape":"EnableSecurityHubV2Request"}, + "output":{"shape":"EnableSecurityHubV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Enables the service in account for the current Amazon Web Services Region or specified Amazon Web Services Region. This API is in public preview and subject to change.

    " + }, "GetAdministratorAccount":{ "name":"GetAdministratorAccount", "http":{ @@ -728,6 +953,42 @@ ], "documentation":"

    Provides the details for the Security Hub administrator account for the current member account.

    Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

    " }, + "GetAggregatorV2":{ + "name":"GetAggregatorV2", + "http":{ + "method":"GET", + "requestUri":"/aggregatorv2/get/{AggregatorV2Arn+}" + }, + "input":{"shape":"GetAggregatorV2Request"}, + "output":{"shape":"GetAggregatorV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Returns the configuration of the specified Aggregator V2. This API is in public preview and subject to change.

    " + }, + "GetAutomationRuleV2":{ + "name":"GetAutomationRuleV2", + "http":{ + "method":"GET", + "requestUri":"/automationrulesv2/{Identifier}" + }, + "input":{"shape":"GetAutomationRuleV2Request"}, + "output":{"shape":"GetAutomationRuleV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Returns an automation rule for the V2 service. This API is in public preview and subject to change.

    " + }, "GetConfigurationPolicy":{ "name":"GetConfigurationPolicy", "http":{ @@ -764,6 +1025,24 @@ ], "documentation":"

    Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

    " }, + "GetConnectorV2":{ + "name":"GetConnectorV2", + "http":{ + "method":"GET", + "requestUri":"/connectorsv2/{ConnectorId+}" + }, + "input":{"shape":"GetConnectorV2Request"}, + "output":{"shape":"GetConnectorV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to retrieve details for a connectorV2 based on connector id. This API is in preview release and subject to change.

    " + }, "GetEnabledStandards":{ "name":"GetEnabledStandards", "http":{ @@ -812,7 +1091,24 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Returns history for a Security Hub finding in the last 90 days. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF).

    " + "documentation":"

    Returns the history of a Security Hub finding. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF) except top-level timestamp fields, such as the CreatedAt and UpdatedAt fields.

    This operation might return fewer results than the maximum number of results (MaxResults) specified in a request, even when more results are available. If this occurs, the response includes a NextToken value, which you should use to retrieve the next set of results in the response. The presence of a NextToken value in a response doesn't necessarily indicate that the results are incomplete. However, you should continue to specify a NextToken value until you receive a response that doesn't include this value.

    " + }, + "GetFindingStatisticsV2":{ + "name":"GetFindingStatisticsV2", + "http":{ + "method":"POST", + "requestUri":"/findingsv2/statistics" + }, + "input":{"shape":"GetFindingStatisticsV2Request"}, + "output":{"shape":"GetFindingStatisticsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns aggregated statistical data about findings. GetFindingStatisticsV2 use securityhub:GetAdhocInsightResults in the Action element of an IAM policy statement. You must have permission to perform the s action. This API is in public preview and subject to change.

    " }, "GetFindings":{ "name":"GetFindings", @@ -830,6 +1126,23 @@ ], "documentation":"

    Returns a list of findings that match the specified criteria.

    If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.

    " }, + "GetFindingsV2":{ + "name":"GetFindingsV2", + "http":{ + "method":"POST", + "requestUri":"/findingsv2" + }, + "input":{"shape":"GetFindingsV2Request"}, + "output":{"shape":"GetFindingsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Return a list of findings that match the specified criteria. GetFindings and GetFindingsV2 both use securityhub:GetFindings in the Action element of an IAM policy statement. You must have permission to perform the securityhub:GetFindings action. This API is in public preview and subject to change.

    " + }, "GetInsightResults":{ "name":"GetInsightResults", "http":{ @@ -916,6 +1229,42 @@ ], "documentation":"

    Returns the details for the Security Hub member accounts for the specified account IDs.

    An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually.

    The results include both member accounts that are managed using Organizations and accounts that were invited manually.

    " }, + "GetResourcesStatisticsV2":{ + "name":"GetResourcesStatisticsV2", + "http":{ + "method":"POST", + "requestUri":"/resourcesv2/statistics" + }, + "input":{"shape":"GetResourcesStatisticsV2Request"}, + "output":{"shape":"GetResourcesStatisticsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Retrieves statistical information about Amazon Web Services resources and their associated security findings. This API is in public preview and subject to change.

    " + }, + "GetResourcesV2":{ + "name":"GetResourcesV2", + "http":{ + "method":"POST", + "requestUri":"/resourcesv2" + }, + "input":{"shape":"GetResourcesV2Request"}, + "output":{"shape":"GetResourcesV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Returns a list of resources. This API is in public preview and subject to change.

    " + }, "GetSecurityControlDefinition":{ "name":"GetSecurityControlDefinition", "http":{ @@ -950,6 +1299,24 @@ ], "documentation":"

    We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

    Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.

    This operation is only used to invite accounts that don't belong to an Amazon Web Services organization. Organization accounts don't receive invitations.

    Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

    When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.

    " }, + "ListAggregatorsV2":{ + "name":"ListAggregatorsV2", + "http":{ + "method":"GET", + "requestUri":"/aggregatorv2/list" + }, + "input":{"shape":"ListAggregatorsV2Request"}, + "output":{"shape":"ListAggregatorsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Retrieves a list of V2 aggregators. This API is in public preview and subject to change.

    " + }, "ListAutomationRules":{ "name":"ListAutomationRules", "http":{ @@ -967,6 +1334,23 @@ ], "documentation":"

    A list of automation rules and their metadata for the calling account.

    " }, + "ListAutomationRulesV2":{ + "name":"ListAutomationRulesV2", + "http":{ + "method":"GET", + "requestUri":"/automationrulesv2/list" + }, + "input":{"shape":"ListAutomationRulesV2Request"}, + "output":{"shape":"ListAutomationRulesV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Returns a list of automation rules and metadata for the calling account. This API is in public preview and subject to change.

    " + }, "ListConfigurationPolicies":{ "name":"ListConfigurationPolicies", "http":{ @@ -1002,6 +1386,24 @@ ], "documentation":"

    Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

    " }, + "ListConnectorsV2":{ + "name":"ListConnectorsV2", + "http":{ + "method":"GET", + "requestUri":"/connectorsv2" + }, + "input":{"shape":"ListConnectorsV2Request"}, + "output":{"shape":"ListConnectorsV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account. This API is in preview release and subject to change.

    " + }, "ListEnabledProductsForImport":{ "name":"ListEnabledProductsForImport", "http":{ @@ -1112,7 +1514,7 @@ {"shape":"InvalidAccessException"}, {"shape":"InvalidInputException"} ], - "documentation":"

    Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

    " + "documentation":"

    Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

    This operation omits standards control associations for standard subscriptions where StandardsControlsUpdatable has value NOT_READY_FOR_UPDATES.

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1212,6 +1614,42 @@ ], "documentation":"

    Updates the name and description of a custom action target in Security Hub.

    " }, + "UpdateAggregatorV2":{ + "name":"UpdateAggregatorV2", + "http":{ + "method":"PATCH", + "requestUri":"/aggregatorv2/update/{AggregatorV2Arn+}" + }, + "input":{"shape":"UpdateAggregatorV2Request"}, + "output":{"shape":"UpdateAggregatorV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Udpates the configuration for the Aggregator V2. This API is in public preview and subject to change.

    " + }, + "UpdateAutomationRuleV2":{ + "name":"UpdateAutomationRuleV2", + "http":{ + "method":"PATCH", + "requestUri":"/automationrulesv2/{Identifier}" + }, + "input":{"shape":"UpdateAutomationRuleV2Request"}, + "output":{"shape":"UpdateAutomationRuleV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Updates a V2 automation rule. This API is in public preview and subject to change.

    " + }, "UpdateConfigurationPolicy":{ "name":"UpdateConfigurationPolicy", "http":{ @@ -1231,6 +1669,24 @@ ], "documentation":"

    Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

    " }, + "UpdateConnectorV2":{ + "name":"UpdateConnectorV2", + "http":{ + "method":"PATCH", + "requestUri":"/connectorsv2/{ConnectorId+}" + }, + "input":{"shape":"UpdateConnectorV2Request"}, + "output":{"shape":"UpdateConnectorV2Response"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Grants permission to update a connectorV2 based on its id and input parameters. This API is in preview release and subject to change.

    " + }, "UpdateFindingAggregator":{ "name":"UpdateFindingAggregator", "http":{ @@ -1356,7 +1812,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Used to control whether an individual security standard control is enabled or disabled.

    " + "documentation":"

    Used to control whether an individual security standard control is enabled or disabled.

    Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the control has StandardsControlsUpdatable value NOT_READY_FOR_UPDATES.

    " } }, "shapes":{ @@ -1379,8 +1835,7 @@ }, "AcceptAdministratorInvitationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AcceptInvitationRequest":{ "type":"structure", @@ -1401,8 +1856,7 @@ }, "AcceptInvitationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AccessDeniedException":{ "type":"structure", @@ -1690,6 +2144,27 @@ "max":10, "min":1 }, + "AggregatorV2":{ + "type":"structure", + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the aggregatorV2.

    " + } + }, + "documentation":"

    Specifies a cross-Region data aggregation configuration, including the aggregation Region and any linked Regions.

    " + }, + "AggregatorV2List":{ + "type":"list", + "member":{"shape":"AggregatorV2"} + }, + "AllowedOperators":{ + "type":"string", + "enum":[ + "AND", + "OR" + ] + }, "AlphaNumericNonEmptyString":{ "type":"string", "pattern":"^([^\\u0000-\\u007F]|[-_ a-zA-Z0-9])+$" @@ -1813,10 +2288,56 @@ }, "documentation":"

    One or more actions that Security Hub takes when a finding matches the defined criteria of a rule.

    " }, + "AutomationRulesActionListV2":{ + "type":"list", + "member":{"shape":"AutomationRulesActionV2"}, + "max":1, + "min":1 + }, "AutomationRulesActionType":{ "type":"string", "enum":["FINDING_FIELDS_UPDATE"] }, + "AutomationRulesActionTypeListV2":{ + "type":"list", + "member":{"shape":"AutomationRulesActionTypeObjectV2"} + }, + "AutomationRulesActionTypeObjectV2":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"AutomationRulesActionTypeV2", + "documentation":"

    The category of action to be executed by the automation rule.

    " + } + }, + "documentation":"

    Allows you to customize security response workflows.

    " + }, + "AutomationRulesActionTypeV2":{ + "type":"string", + "enum":[ + "FINDING_FIELDS_UPDATE", + "EXTERNAL_INTEGRATION" + ] + }, + "AutomationRulesActionV2":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"AutomationRulesActionTypeV2", + "documentation":"

    The category of action to be executed by the automation rule.

    " + }, + "FindingFieldsUpdate":{ + "shape":"AutomationRulesFindingFieldsUpdateV2", + "documentation":"

    The changes to be applied to fields in a security finding when an automation rule is triggered.

    " + }, + "ExternalIntegrationConfiguration":{ + "shape":"ExternalIntegrationConfiguration", + "documentation":"

    The settings for integrating automation rule actions with external systems or service.

    " + } + }, + "documentation":"

    Allows you to configure automated responses.

    " + }, "AutomationRulesArnsList":{ "type":"list", "member":{"shape":"NonEmptyString"}, @@ -1910,6 +2431,24 @@ }, "documentation":"

    Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria.

    " }, + "AutomationRulesFindingFieldsUpdateV2":{ + "type":"structure", + "members":{ + "SeverityId":{ + "shape":"Integer", + "documentation":"

    The severity level to be assigned to findings that match the automation rule criteria.

    " + }, + "Comment":{ + "shape":"NonEmptyString", + "documentation":"

    Notes or contextual information for findings that are modified by the automation rule.

    " + }, + "StatusId":{ + "shape":"Integer", + "documentation":"

    The status to be applied to findings that match automation rule criteria.

    " + } + }, + "documentation":"

    Allows you to define the structure for modifying specific fields in security findings.

    " + }, "AutomationRulesFindingFilters":{ "type":"structure", "members":{ @@ -2114,6 +2653,52 @@ "type":"list", "member":{"shape":"AutomationRulesMetadata"} }, + "AutomationRulesMetadataListV2":{ + "type":"list", + "member":{"shape":"AutomationRulesMetadataV2"} + }, + "AutomationRulesMetadataV2":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the automation rule.

    " + }, + "RuleId":{ + "shape":"NonEmptyString", + "documentation":"

    The ID of the automation rule.

    " + }, + "RuleOrder":{ + "shape":"RuleOrderValueV2", + "documentation":"

    The value for the rule priority.

    " + }, + "RuleName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the automation rule.

    " + }, + "RuleStatus":{ + "shape":"RuleStatusV2", + "documentation":"

    The status of the automation rule.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    An explanation for the purpose and funcitonality of the automation rule.

    " + }, + "Actions":{ + "shape":"AutomationRulesActionTypeListV2", + "documentation":"

    The list of action to be performed when the rule criteria is met.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp for when the automation rule was created.

    " + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp for the most recent modification to the automation rule.

    " + } + }, + "documentation":"

    Includes essential metadata information about automation rules.

    " + }, "AvailabilityZone":{ "type":"structure", "members":{ @@ -15733,13 +16318,108 @@ "type":"list", "member":{"shape":"BatchUpdateFindingsUnprocessedFinding"} }, + "BatchUpdateFindingsV2ProcessedFinding":{ + "type":"structure", + "members":{ + "FindingIdentifier":{ + "shape":"OcsfFindingIdentifier", + "documentation":"

    The finding identifier of a processed finding.

    " + }, + "MetadataUid":{ + "shape":"NonEmptyString", + "documentation":"

    The metadata.uid of a processed finding.

    " + } + }, + "documentation":"

    The list of findings that were updated.

    " + }, + "BatchUpdateFindingsV2ProcessedFindingsList":{ + "type":"list", + "member":{"shape":"BatchUpdateFindingsV2ProcessedFinding"} + }, + "BatchUpdateFindingsV2Request":{ + "type":"structure", + "members":{ + "MetadataUids":{ + "shape":"MetadataUidList", + "documentation":"

    The list of finding metadata.uid to indicate findings to update. Finding metadata.uid is a globally unique identifier associated with the finding. Customers cannot use MetadataUids together with FindingIdentifiers.

    " + }, + "FindingIdentifiers":{ + "shape":"OcsfFindingIdentifierList", + "documentation":"

    Provides information to identify a specific V2 finding.

    " + }, + "Comment":{ + "shape":"NonEmptyString", + "documentation":"

    The updated value for a user provided comment about the finding. Minimum character length 1. Maximum character length 512.

    " + }, + "SeverityId":{ + "shape":"Integer", + "documentation":"

    The updated value for the normalized severity identifier. The severity ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 99]. When customer provides the updated severity ID, the string sibling severity will automatically be updated in the finding.

    " + }, + "StatusId":{ + "shape":"Integer", + "documentation":"

    The updated value for the normalized status identifier. The status ID is an integer with the allowed enum values [0, 1, 2, 3, 4, 5, 6, 99]. When customer provides the updated status ID, the string sibling status will automatically be updated in the finding.

    " + } + } + }, + "BatchUpdateFindingsV2Response":{ + "type":"structure", + "required":[ + "ProcessedFindings", + "UnprocessedFindings" + ], + "members":{ + "ProcessedFindings":{ + "shape":"BatchUpdateFindingsV2ProcessedFindingsList", + "documentation":"

    The list of findings that were updated successfully.

    " + }, + "UnprocessedFindings":{ + "shape":"BatchUpdateFindingsV2UnprocessedFindingsList", + "documentation":"

    The list of V2 findings that were not updated.

    " + } + } + }, + "BatchUpdateFindingsV2UnprocessedFinding":{ + "type":"structure", + "members":{ + "FindingIdentifier":{ + "shape":"OcsfFindingIdentifier", + "documentation":"

    The finding identifier of an unprocessed finding.

    " + }, + "MetadataUid":{ + "shape":"NonEmptyString", + "documentation":"

    The metadata.uid of an unprocessed finding.

    " + }, + "ErrorCode":{ + "shape":"BatchUpdateFindingsV2UnprocessedFindingErrorCode", + "documentation":"

    Indicates the specific type of error preventing successful processing of a finding during a batch update operation.

    " + }, + "ErrorMessage":{ + "shape":"NonEmptyString", + "documentation":"

    A detailed description of why a finding could not be processed during a batch update operation.

    " + } + }, + "documentation":"

    The list of findings that were not updated.

    " + }, + "BatchUpdateFindingsV2UnprocessedFindingErrorCode":{ + "type":"string", + "enum":[ + "ResourceNotFoundException", + "ValidationException", + "InternalServerException", + "ConflictException" + ] + }, + "BatchUpdateFindingsV2UnprocessedFindingsList":{ + "type":"list", + "member":{"shape":"BatchUpdateFindingsV2UnprocessedFinding"} + }, "BatchUpdateStandardsControlAssociationsRequest":{ "type":"structure", "required":["StandardsControlAssociationUpdates"], "members":{ "StandardsControlAssociationUpdates":{ "shape":"StandardsControlAssociationUpdates", - "documentation":"

    Updates the enablement status of a security control in a specified standard.

    " + "documentation":"

    Updates the enablement status of a security control in a specified standard.

    Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the control has StandardsControlsUpdatable value NOT_READY_FOR_UPDATES.

    " } } }, @@ -15883,6 +16563,12 @@ }, "documentation":"

    Provides details about the current status of the sensitive data detection.

    " }, + "ClientToken":{ + "type":"string", + "max":63, + "min":1, + "pattern":"^[\\x21-\\x7E]{1,64}$" + }, "CloudWatchLogsLogGroupArnConfigDetails":{ "type":"structure", "members":{ @@ -15901,6 +16587,24 @@ }, "documentation":"

    The Amazon Resource Name (ARN) and other details of the Amazon CloudWatch Logs log group that Amazon Route 53 is publishing logs to.

    " }, + "CodeRepositoryDetails":{ + "type":"structure", + "members":{ + "ProviderType":{ + "shape":"NonEmptyString", + "documentation":"

    The type of repository provider.

    " + }, + "ProjectName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the project in the code repository.

    " + }, + "CodeSecurityIntegrationArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of the code security integration associated with the repository.

    " + } + }, + "documentation":"

    Details about an external code repository with which you can connect your Amazon Web Services resources. The connection is established through Amazon Inspector.

    " + }, "CodeVulnerabilitiesFilePath":{ "type":"structure", "members":{ @@ -15962,6 +16666,48 @@ "NOT_AVAILABLE" ] }, + "CompositeFilter":{ + "type":"structure", + "members":{ + "StringFilters":{ + "shape":"OcsfStringFilterList", + "documentation":"

    Enables filtering based on string field values.

    " + }, + "DateFilters":{ + "shape":"OcsfDateFilterList", + "documentation":"

    Enables filtering based on date and timestamp fields.

    " + }, + "BooleanFilters":{ + "shape":"OcsfBooleanFilterList", + "documentation":"

    Enables filtering based on boolean field values.

    " + }, + "NumberFilters":{ + "shape":"OcsfNumberFilterList", + "documentation":"

    Enables filtering based on numerical field values.

    " + }, + "MapFilters":{ + "shape":"OcsfMapFilterList", + "documentation":"

    Enables filtering based on map field values.

    " + }, + "IpFilters":{ + "shape":"OcsfIpFilterList", + "documentation":"

    A list of IP address filters that allowing you to filter findings based on IP address properties.

    " + }, + "NestedCompositeFilters":{ + "shape":"CompositeFilterList", + "documentation":"

    Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a CompositeFilters array with a CompositeOperator (AND/OR). The second layer is a CompositeFilter object that contains direct filters and NestedCompositeFilters. The third layer is NestedCompositeFilters, which contains additional filter conditions.

    " + }, + "Operator":{ + "shape":"AllowedOperators", + "documentation":"

    The logical operator used to combine multiple filter conditions.

    " + } + }, + "documentation":"

    Enables the creation of filtering criteria for security findings.

    " + }, + "CompositeFilterList":{ + "type":"list", + "member":{"shape":"CompositeFilter"} + }, "ConfigurationOptions":{ "type":"structure", "members":{ @@ -16099,6 +16845,16 @@ "type":"list", "member":{"shape":"ConfigurationPolicySummary"} }, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"NonEmptyString"}, + "Code":{"shape":"NonEmptyString"} + }, + "documentation":"

    The request causes conflict with the current state of the service resource.

    ", + "error":{"httpStatusCode":409}, + "exception":true + }, "ConnectionDirection":{ "type":"string", "enum":[ @@ -16106,6 +16862,100 @@ "OUTBOUND" ] }, + "ConnectorAuthStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "FAILED" + ] + }, + "ConnectorProviderName":{ + "type":"string", + "enum":[ + "JIRA_CLOUD", + "SERVICENOW" + ] + }, + "ConnectorRegistrationsV2Request":{ + "type":"structure", + "required":[ + "AuthCode", + "AuthState" + ], + "members":{ + "AuthCode":{ + "shape":"NonEmptyString", + "documentation":"

    The authCode retrieved from authUrl to complete the OAuth 2.0 authorization code flow.

    " + }, + "AuthState":{ + "shape":"NonEmptyString", + "documentation":"

    The authState retrieved from authUrl to complete the OAuth 2.0 authorization code flow.

    " + } + } + }, + "ConnectorRegistrationsV2Response":{ + "type":"structure", + "required":["ConnectorId"], + "members":{ + "ConnectorArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of the connectorV2.

    " + }, + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    " + } + } + }, + "ConnectorStatus":{ + "type":"string", + "enum":[ + "CONNECTED", + "FAILED_TO_CONNECT", + "PENDING_CONFIGURATION", + "PENDING_AUTHORIZATION" + ] + }, + "ConnectorSummary":{ + "type":"structure", + "required":[ + "ConnectorId", + "Name", + "ProviderSummary", + "CreatedAt" + ], + "members":{ + "ConnectorArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of the connectorV2.

    " + }, + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    " + }, + "Name":{ + "shape":"NonEmptyString", + "documentation":"

    The Name field contains the user-defined name assigned to the integration connector. This helps identify and manage multiple connectors within Security Hub.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    The description of the connectorV2.

    " + }, + "ProviderSummary":{ + "shape":"ProviderSummary", + "documentation":"

    The connectorV2 third party provider configuration summary.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    ISO 8601 UTC timestamp for the time create the connectorV2.

    " + } + }, + "documentation":"

    A condensed overview of the connectorV2..

    " + }, + "ConnectorSummaryList":{ + "type":"list", + "member":{"shape":"ConnectorSummary"} + }, "ContainerDetails":{ "type":"structure", "members":{ @@ -16200,6 +17050,50 @@ } } }, + "CreateAggregatorV2Request":{ + "type":"structure", + "required":["RegionLinkingMode"], + "members":{ + "RegionLinkingMode":{ + "shape":"NonEmptyString", + "documentation":"

    Determines how Regions are linked to an Aggregator V2.

    " + }, + "LinkedRegions":{ + "shape":"StringList", + "documentation":"

    The list of Regions that are linked to the aggregation Region.

    " + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    A list of key-value pairs to be applied to the AggregatorV2.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier used to ensure idempotency.

    ", + "idempotencyToken":true + } + } + }, + "CreateAggregatorV2Response":{ + "type":"structure", + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the AggregatorV2.

    " + }, + "AggregationRegion":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services Region where data is aggregated.

    " + }, + "RegionLinkingMode":{ + "shape":"NonEmptyString", + "documentation":"

    Determines how Regions are linked to an Aggregator V2.

    " + }, + "LinkedRegions":{ + "shape":"StringList", + "documentation":"

    The list of Regions that are linked to the aggregation Region.

    " + } + } + }, "CreateAutomationRuleRequest":{ "type":"structure", "required":[ @@ -16253,6 +17147,64 @@ } } }, + "CreateAutomationRuleV2Request":{ + "type":"structure", + "required":[ + "RuleName", + "Description", + "RuleOrder", + "Criteria", + "Actions" + ], + "members":{ + "RuleName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the V2 automation rule.

    " + }, + "RuleStatus":{ + "shape":"RuleStatusV2", + "documentation":"

    The status of the V2 automation rule.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    A description of the V2 automation rule.

    " + }, + "RuleOrder":{ + "shape":"RuleOrderValueV2", + "documentation":"

    The value for the rule priority.

    " + }, + "Criteria":{ + "shape":"Criteria", + "documentation":"

    The filtering type and configuration of the automation rule.

    " + }, + "Actions":{ + "shape":"AutomationRulesActionListV2", + "documentation":"

    A list of actions to be performed when the rule criteria is met.

    " + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    A list of key-value pairs associated with the V2 automation rule.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier used to ensure idempotency.

    ", + "idempotencyToken":true + } + } + }, + "CreateAutomationRuleV2Response":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the V2 automation rule.

    " + }, + "RuleId":{ + "shape":"NonEmptyString", + "documentation":"

    The ID of the V2 automation rule.

    " + } + } + }, "CreateConfigurationPolicyRequest":{ "type":"structure", "required":[ @@ -16311,6 +17263,58 @@ } } }, + "CreateConnectorV2Request":{ + "type":"structure", + "required":[ + "Name", + "Provider" + ], + "members":{ + "Name":{ + "shape":"NonEmptyString", + "documentation":"

    The unique name of the connectorV2.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    The description of the connectorV2.

    " + }, + "Provider":{ + "shape":"ProviderConfiguration", + "documentation":"

    The third-party provider’s service configuration.

    " + }, + "KmsKeyArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of KMS key used to encrypt secrets for the connectorV2.

    " + }, + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags to add to the connectorV2 when you create.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier used to ensure idempotency.

    ", + "idempotencyToken":true + } + } + }, + "CreateConnectorV2Response":{ + "type":"structure", + "required":["ConnectorId"], + "members":{ + "ConnectorArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of the connectorV2.

    " + }, + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    " + }, + "AuthUrl":{ + "shape":"NonEmptyString", + "documentation":"

    The Url provide to customers for OAuth auth code flow.

    " + } + } + }, "CreateFindingAggregatorRequest":{ "type":"structure", "required":["RegionLinkingMode"], @@ -16397,6 +17401,53 @@ } } }, + "CreateTicketV2Request":{ + "type":"structure", + "required":[ + "ConnectorId", + "FindingMetadataUid" + ], + "members":{ + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    " + }, + "FindingMetadataUid":{ + "shape":"NonEmptyString", + "documentation":"

    The the unique ID for the finding.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    The client idempotency token.

    ", + "idempotencyToken":true + } + } + }, + "CreateTicketV2Response":{ + "type":"structure", + "required":["TicketId"], + "members":{ + "TicketId":{ + "shape":"NonEmptyString", + "documentation":"

    The ID for the ticketv2.

    " + }, + "TicketSrcUrl":{ + "shape":"NonEmptyString", + "documentation":"

    The url to the created ticket.

    " + } + } + }, + "Criteria":{ + "type":"structure", + "members":{ + "OcsfFindingCriteria":{ + "shape":"OcsfFindingFilters", + "documentation":"

    The filtering conditions that align with OCSF standards.

    " + } + }, + "documentation":"

    Defines the parameters and conditions used to evaluate and filter security findings.

    ", + "union":true + }, "CrossAccountMaxResults":{ "type":"integer", "max":50, @@ -16571,6 +17622,38 @@ } } }, + "DeleteAggregatorV2Request":{ + "type":"structure", + "required":["AggregatorV2Arn"], + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the Aggregator V2.

    ", + "location":"uri", + "locationName":"AggregatorV2Arn" + } + } + }, + "DeleteAggregatorV2Response":{ + "type":"structure", + "members":{} + }, + "DeleteAutomationRuleV2Request":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the V2 automation rule.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "DeleteAutomationRuleV2Response":{ + "type":"structure", + "members":{} + }, "DeleteConfigurationPolicyRequest":{ "type":"structure", "required":["Identifier"], @@ -16585,9 +17668,24 @@ }, "DeleteConfigurationPolicyResponse":{ "type":"structure", + "members":{} + }, + "DeleteConnectorV2Request":{ + "type":"structure", + "required":["ConnectorId"], "members":{ + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    ", + "location":"uri", + "locationName":"ConnectorId" + } } }, + "DeleteConnectorV2Response":{ + "type":"structure", + "members":{} + }, "DeleteFindingAggregatorRequest":{ "type":"structure", "required":["FindingAggregatorArn"], @@ -16602,8 +17700,7 @@ }, "DeleteFindingAggregatorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInsightRequest":{ "type":"structure", @@ -16730,8 +17827,7 @@ }, "DescribeOrganizationConfigurationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeOrganizationConfigurationResponse":{ "type":"structure", @@ -16788,6 +17884,54 @@ } } }, + "DescribeProductsV2Request":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "DescribeProductsV2Response":{ + "type":"structure", + "required":["ProductsV2"], + "members":{ + "ProductsV2":{ + "shape":"ProductsV2List", + "documentation":"

    Gets information about the product integration.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + } + } + }, + "DescribeSecurityHubV2Request":{ + "type":"structure", + "members":{} + }, + "DescribeSecurityHubV2Response":{ + "type":"structure", + "members":{ + "HubV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the service resource.

    " + }, + "SubscribedAt":{ + "shape":"NonEmptyString", + "documentation":"

    The date and time when the service was enabled in the account.

    " + } + } + }, "DescribeStandardsControlsRequest":{ "type":"structure", "required":["StandardsSubscriptionArn"], @@ -16879,8 +18023,7 @@ }, "DisableImportFindingsForProductResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableOrganizationAdminAccountRequest":{ "type":"structure", @@ -16889,23 +18032,32 @@ "AdminAccountId":{ "shape":"NonEmptyString", "documentation":"

    The Amazon Web Services account identifier of the Security Hub administrator account.

    " + }, + "Feature":{ + "shape":"SecurityHubFeature", + "documentation":"

    The feature for which the delegated admin account is disabled. Defaults to Security Hub if not specified.

    " } } }, "DisableOrganizationAdminAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableSecurityHubRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableSecurityHubResponse":{ "type":"structure", - "members":{ - } + "members":{} + }, + "DisableSecurityHubV2Request":{ + "type":"structure", + "members":{} + }, + "DisableSecurityHubV2Response":{ + "type":"structure", + "members":{} }, "DisabledSecurityControlIdentifierList":{ "type":"list", @@ -16913,23 +18065,19 @@ }, "DisassociateFromAdministratorAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFromAdministratorAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFromMasterAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateFromMasterAccountResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateMembersRequest":{ "type":"structure", @@ -16943,8 +18091,7 @@ }, "DisassociateMembersResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DnsRequestAction":{ "type":"structure", @@ -17009,12 +18156,24 @@ "AdminAccountId":{ "shape":"NonEmptyString", "documentation":"

    The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account.

    " + }, + "Feature":{ + "shape":"SecurityHubFeature", + "documentation":"

    The feature for which the delegated admin account is enabled. Defaults to Security Hub if not specified.

    " } } }, "EnableOrganizationAdminAccountResponse":{ "type":"structure", "members":{ + "AdminAccountId":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account.

    " + }, + "Feature":{ + "shape":"SecurityHubFeature", + "documentation":"

    The feature where the delegated administrator is enabled. The default is Security Hub CSPM if no delegated administrator is specified in the request.

    " + } } }, "EnableSecurityHubRequest":{ @@ -17036,7 +18195,24 @@ }, "EnableSecurityHubResponse":{ "type":"structure", + "members":{} + }, + "EnableSecurityHubV2Request":{ + "type":"structure", "members":{ + "Tags":{ + "shape":"TagMap", + "documentation":"

    The tags to add to the hub V2 resource when you enable Security Hub.

    " + } + } + }, + "EnableSecurityHubV2Response":{ + "type":"structure", + "members":{ + "HubV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the V2 resource that was created.

    " + } } }, "EnabledSecurityControlIdentifierList":{ @@ -17079,6 +18255,16 @@ }, "documentation":"

    The options for customizing a security control parameter that is a list of enums.

    " }, + "ExternalIntegrationConfiguration":{ + "type":"structure", + "members":{ + "ConnectorArn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the connector that establishes the integration.

    " + } + }, + "documentation":"

    Defines the settings and parameters required for integrating external security tools and services.

    " + }, "FieldMap":{ "type":"map", "key":{"shape":"NonEmptyString"}, @@ -17348,8 +18534,7 @@ }, "GetAdministratorAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAdministratorAccountResponse":{ "type":"structure", @@ -17357,6 +18542,96 @@ "Administrator":{"shape":"Invitation"} } }, + "GetAggregatorV2Request":{ + "type":"structure", + "required":["AggregatorV2Arn"], + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the Aggregator V2.

    ", + "location":"uri", + "locationName":"AggregatorV2Arn" + } + } + }, + "GetAggregatorV2Response":{ + "type":"structure", + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the Aggregator V2.

    " + }, + "AggregationRegion":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services Region where data is aggregated.

    " + }, + "RegionLinkingMode":{ + "shape":"NonEmptyString", + "documentation":"

    Determines how Regions are linked to an Aggregator V2.

    " + }, + "LinkedRegions":{ + "shape":"StringList", + "documentation":"

    The list of Regions that are linked to the aggregation Region.

    " + } + } + }, + "GetAutomationRuleV2Request":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the V2 automation rule.

    ", + "location":"uri", + "locationName":"Identifier" + } + } + }, + "GetAutomationRuleV2Response":{ + "type":"structure", + "members":{ + "RuleArn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the V2 automation rule.

    " + }, + "RuleId":{ + "shape":"NonEmptyString", + "documentation":"

    The ID of the V2 automation rule.

    " + }, + "RuleOrder":{ + "shape":"RuleOrderValueV2", + "documentation":"

    The value for the rule priority.

    " + }, + "RuleName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the V2 automation rule.

    " + }, + "RuleStatus":{ + "shape":"RuleStatusV2", + "documentation":"

    The status of the V2 automation automation rule.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    A description of the automation rule.

    " + }, + "Criteria":{ + "shape":"Criteria", + "documentation":"

    The filtering type and configuration of the V2 automation rule.

    " + }, + "Actions":{ + "shape":"AutomationRulesActionListV2", + "documentation":"

    A list of actions performed when the rule criteria is met.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the V2 automation rule was created.

    " + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the V2 automation rule was updated.

    " + } + } + }, "GetConfigurationPolicyAssociationRequest":{ "type":"structure", "required":["Target"], @@ -17445,6 +18720,67 @@ } } }, + "GetConnectorV2Request":{ + "type":"structure", + "required":["ConnectorId"], + "members":{ + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    ", + "location":"uri", + "locationName":"ConnectorId" + } + } + }, + "GetConnectorV2Response":{ + "type":"structure", + "required":[ + "ConnectorId", + "Name", + "CreatedAt", + "LastUpdatedAt", + "Health", + "ProviderDetail" + ], + "members":{ + "ConnectorArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of the connectorV2.

    " + }, + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    " + }, + "Name":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the connectorV2.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    The description of the connectorV2.

    " + }, + "KmsKeyArn":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Resource Name (ARN) of KMS key used for the connectorV2.

    " + }, + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"

    ISO 8601 UTC timestamp for the time create the connectorV2.

    " + }, + "LastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    ISO 8601 UTC timestamp for the time update the connectorV2 connectorStatus.

    " + }, + "Health":{ + "shape":"HealthCheck", + "documentation":"

    The current health status for connectorV2

    " + }, + "ProviderDetail":{ + "shape":"ProviderDetail", + "documentation":"

    The third-party provider detail for a service configuration.

    " + } + } + }, "GetEnabledStandardsRequest":{ "type":"structure", "members":{ @@ -17515,11 +18851,11 @@ "FindingIdentifier":{"shape":"AwsSecurityFindingIdentifier"}, "StartTime":{ "shape":"Timestamp", - "documentation":"

    A timestamp that indicates the start time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    " + "documentation":"

    A timestamp that indicates the start time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    " }, "EndTime":{ "shape":"Timestamp", - "documentation":"

    An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    " + "documentation":"

    An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    " }, "NextToken":{ "shape":"NextToken", @@ -17544,6 +18880,33 @@ } } }, + "GetFindingStatisticsV2Request":{ + "type":"structure", + "required":["GroupByRules"], + "members":{ + "GroupByRules":{ + "shape":"GroupByRules", + "documentation":"

    Specifies how security findings should be aggregated and organized in the statistical analysis. It can accept up to 5 groupBy fields in a single call.

    " + }, + "SortOrder":{ + "shape":"SortOrder", + "documentation":"

    Orders the aggregation count in descending or ascending order. Descending order is the default.

    " + }, + "MaxStatisticResults":{ + "shape":"MaxStatisticResults", + "documentation":"

    The maximum number of results to be returned.

    " + } + } + }, + "GetFindingStatisticsV2Response":{ + "type":"structure", + "members":{ + "GroupByResults":{ + "shape":"GroupByResults", + "documentation":"

    Aggregated statistics about security findings based on specified grouping criteria.

    " + } + } + }, "GetFindingsRequest":{ "type":"structure", "members":{ @@ -17579,6 +18942,40 @@ } } }, + "GetFindingsV2Request":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"OcsfFindingFilters", + "documentation":"

    The finding attributes used to define a condition to filter the returned OCSF findings. You can filter up to 10 composite filters. For each filter type inside of a composite filter, you can provide up to 20 filters.

    " + }, + "SortCriteria":{ + "shape":"SortCriteria", + "documentation":"

    The finding attributes used to sort the list of returned findings.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    " + } + } + }, + "GetFindingsV2Response":{ + "type":"structure", + "members":{ + "Findings":{ + "shape":"OcsfFindingsList", + "documentation":"

    An array of security findings returned by the operation.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + } + } + }, "GetInsightResultsRequest":{ "type":"structure", "required":["InsightArn"], @@ -17634,8 +19031,7 @@ }, "GetInvitationsCountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetInvitationsCountResponse":{ "type":"structure", @@ -17648,8 +19044,7 @@ }, "GetMasterAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetMasterAccountResponse":{ "type":"structure", @@ -17683,6 +19078,69 @@ } } }, + "GetResourcesStatisticsV2Request":{ + "type":"structure", + "required":["GroupByRules"], + "members":{ + "GroupByRules":{ + "shape":"ResourceGroupByRules", + "documentation":"

    How resource statistics should be aggregated and organized in the response.

    " + }, + "SortOrder":{ + "shape":"SortOrder", + "documentation":"

    Sorts aggregated statistics.

    " + }, + "MaxStatisticResults":{ + "shape":"MaxStatisticResults", + "documentation":"

    The maximum number of results to be returned.

    " + } + } + }, + "GetResourcesStatisticsV2Response":{ + "type":"structure", + "required":["GroupByResults"], + "members":{ + "GroupByResults":{ + "shape":"GroupByResults", + "documentation":"

    The aggregated statistics about resources based on the specified grouping rule.

    " + } + } + }, + "GetResourcesV2Request":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"ResourcesFilters", + "documentation":"

    Filters resources based on a set of criteria.

    " + }, + "SortCriteria":{ + "shape":"SortCriteria", + "documentation":"

    The finding attributes used to sort the list of returned findings.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    " + } + } + }, + "GetResourcesV2Response":{ + "type":"structure", + "required":["Resources"], + "members":{ + "Resources":{ + "shape":"Resources", + "documentation":"

    Filters resources based on a set of criteria.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + } + } + }, "GetSecurityControlDefinitionRequest":{ "type":"structure", "required":["SecurityControlId"], @@ -17702,6 +19160,109 @@ "SecurityControlDefinition":{"shape":"SecurityControlDefinition"} } }, + "GroupByField":{ + "type":"string", + "enum":[ + "activity_name", + "cloud.account.uid", + "cloud.provider", + "cloud.region", + "compliance.assessments.name", + "compliance.status", + "compliance.control", + "finding_info.title", + "finding_info.types", + "metadata.product.name", + "metadata.product.uid", + "resources.type", + "resources.uid", + "severity", + "status", + "vulnerabilities.fix_coverage", + "class_name", + "vulnerabilities.affected_packages.name", + "finding_info.analytic.name", + "compliance.standards", + "cloud.account.name" + ] + }, + "GroupByResult":{ + "type":"structure", + "members":{ + "GroupByField":{ + "shape":"NonEmptyString", + "documentation":"

    The attribute by which filtered security findings should be grouped.

    " + }, + "GroupByValues":{ + "shape":"GroupByValues", + "documentation":"

    An array of grouped values and their respective counts for each GroupByField.

    " + } + }, + "documentation":"

    Represents finding statistics grouped by GroupedByField.

    " + }, + "GroupByResults":{ + "type":"list", + "member":{"shape":"GroupByResult"} + }, + "GroupByRule":{ + "type":"structure", + "required":["GroupByField"], + "members":{ + "Filters":{ + "shape":"OcsfFindingFilters", + "documentation":"

    The criteria used to select which security findings should be included in the grouping operation.

    " + }, + "GroupByField":{ + "shape":"GroupByField", + "documentation":"

    The attribute by which filtered findings should be grouped.

    " + } + }, + "documentation":"

    Defines the how the finding attribute should be grouped.

    " + }, + "GroupByRules":{ + "type":"list", + "member":{"shape":"GroupByRule"} + }, + "GroupByValue":{ + "type":"structure", + "members":{ + "FieldValue":{ + "shape":"NonEmptyString", + "documentation":"

    The value of the field by which findings are grouped.

    " + }, + "Count":{ + "shape":"Integer", + "documentation":"

    The number of findings for a specific FieldValue and GroupByField.

    " + } + }, + "documentation":"

    Represents individual aggregated results when grouping security findings for each GroupByField.

    " + }, + "GroupByValues":{ + "type":"list", + "member":{"shape":"GroupByValue"} + }, + "HealthCheck":{ + "type":"structure", + "required":[ + "ConnectorStatus", + "LastCheckedAt" + ], + "members":{ + "ConnectorStatus":{ + "shape":"ConnectorStatus", + "documentation":"

    The status of the connectorV2.

    " + }, + "Message":{ + "shape":"NonEmptyString", + "documentation":"

    The message for the reason of connectorStatus change.

    " + }, + "LastCheckedAt":{ + "shape":"Timestamp", + "documentation":"

    ISO 8601 UTC timestamp for the time check the health status of the connectorV2.

    " + } + }, + "documentation":"

    Information about the operational status and health of a connectorV2.

    " + }, "IcmpTypeCode":{ "type":"structure", "members":{ @@ -17905,6 +19466,18 @@ "type":"list", "member":{"shape":"IntegrationType"} }, + "IntegrationV2Type":{ + "type":"string", + "enum":[ + "SEND_FINDINGS_TO_SECURITY_HUB", + "RECEIVE_FINDINGS_FROM_SECURITY_HUB", + "UPDATE_FINDINGS_IN_SECURITY_HUB" + ] + }, + "IntegrationV2TypeList":{ + "type":"list", + "member":{"shape":"IntegrationV2Type"} + }, "InternalException":{ "type":"structure", "members":{ @@ -17915,6 +19488,16 @@ "error":{"httpStatusCode":500}, "exception":true }, + "InternalServerException":{ + "type":"structure", + "members":{ + "Message":{"shape":"NonEmptyString"}, + "Code":{"shape":"NonEmptyString"} + }, + "documentation":"

    The request has failed due to an internal failure of the service.

    ", + "error":{"httpStatusCode":500}, + "exception":true + }, "InvalidAccessException":{ "type":"structure", "members":{ @@ -18038,6 +19621,53 @@ "type":"list", "member":{"shape":"Ipv6CidrBlockAssociation"} }, + "JiraCloudDetail":{ + "type":"structure", + "members":{ + "CloudId":{ + "shape":"NonEmptyString", + "documentation":"

    The cloud id of the Jira Cloud.

    " + }, + "ProjectKey":{ + "shape":"NonEmptyString", + "documentation":"

    The projectKey of Jira Cloud.

    " + }, + "Domain":{ + "shape":"NonEmptyString", + "documentation":"

    The URL domain of your Jira Cloud instance.

    " + }, + "AuthUrl":{ + "shape":"NonEmptyString", + "documentation":"

    The URL to provide to customers for OAuth auth code flow.

    " + }, + "AuthStatus":{ + "shape":"ConnectorAuthStatus", + "documentation":"

    The status of the authorization between Jira Cloud and the service.

    " + } + }, + "documentation":"

    Information about the configuration and status of a Jira Cloud integration.

    " + }, + "JiraCloudProviderConfiguration":{ + "type":"structure", + "members":{ + "ProjectKey":{ + "shape":"NonEmptyString", + "documentation":"

    The project key for a JiraCloud instance.

    " + } + }, + "documentation":"

    The initial configuration settings required to establish an integration between Security Hub and Jira Cloud.

    " + }, + "JiraCloudUpdateConfiguration":{ + "type":"structure", + "required":["ProjectKey"], + "members":{ + "ProjectKey":{ + "shape":"NonEmptyString", + "documentation":"

    The project key for a JiraCloud instance.

    " + } + }, + "documentation":"

    The parameters used to modify an existing Jira Cloud integration.

    " + }, "KeywordFilter":{ "type":"structure", "members":{ @@ -18062,6 +19692,36 @@ "error":{"httpStatusCode":429}, "exception":true }, + "ListAggregatorsV2Request":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListAggregatorsV2Response":{ + "type":"structure", + "members":{ + "AggregatorsV2":{ + "shape":"AggregatorV2List", + "documentation":"

    An array of aggregators.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + } + } + }, "ListAutomationRulesRequest":{ "type":"structure", "members":{ @@ -18092,6 +19752,36 @@ } } }, + "ListAutomationRulesV2Request":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token required for pagination. On your first call, set the value of this parameter to NULL. For subsequent calls, to continue listing data, set the value of this parameter to the value returned in the previous response.

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    ", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListAutomationRulesV2Response":{ + "type":"structure", + "members":{ + "Rules":{ + "shape":"AutomationRulesMetadataListV2", + "documentation":"

    An array of automation rules.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + } + } + }, "ListConfigurationPoliciesRequest":{ "type":"structure", "members":{ @@ -18152,6 +19842,49 @@ } } }, + "ListConnectorsV2Request":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token per the Amazon Web Services Pagination standard

    ", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be returned.

    ", + "location":"querystring", + "locationName":"MaxResults" + }, + "ProviderName":{ + "shape":"ConnectorProviderName", + "documentation":"

    The name of the third-party provider.

    ", + "location":"querystring", + "locationName":"ProviderName" + }, + "ConnectorStatus":{ + "shape":"ConnectorStatus", + "documentation":"

    The status for the connectorV2.

    ", + "location":"querystring", + "locationName":"ConnectorStatus" + } + } + }, + "ListConnectorsV2Response":{ + "type":"structure", + "required":["Connectors"], + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token to use to request the next page of results. Otherwise, this parameter is null.

    " + }, + "Connectors":{ + "shape":"ConnectorSummaryList", + "documentation":"

    An array of connectorV2 summaries.

    " + } + } + }, "ListEnabledProductsForImportRequest":{ "type":"structure", "members":{ @@ -18292,6 +20025,12 @@ "documentation":"

    The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    ", "location":"querystring", "locationName":"NextToken" + }, + "Feature":{ + "shape":"SecurityHubFeature", + "documentation":"

    The feature where the delegated administrator account is listed. Defaults to Security Hub if not specified.

    ", + "location":"querystring", + "locationName":"Feature" } } }, @@ -18305,6 +20044,10 @@ "NextToken":{ "shape":"NextToken", "documentation":"

    The pagination token to use to request the next page of results.

    " + }, + "Feature":{ + "shape":"SecurityHubFeature", + "documentation":"

    The feature where the delegated administrator account is listed. Defaults to Security Hub CSPM if not specified.

    " } } }, @@ -18510,6 +20253,11 @@ "max":100, "min":1 }, + "MaxStatisticResults":{ + "type":"integer", + "max":400, + "min":1 + }, "Member":{ "type":"structure", "members":{ @@ -18550,6 +20298,12 @@ "type":"list", "member":{"shape":"Member"} }, + "MetadataUidList":{ + "type":"list", + "member":{"shape":"NonEmptyString"}, + "max":100, + "min":0 + }, "Network":{ "type":"structure", "members":{ @@ -18891,6 +20645,275 @@ }, "documentation":"

    The detected occurrences of sensitive data.

    " }, + "OcsfBooleanField":{ + "type":"string", + "enum":[ + "compliance.assessments.meets_criteria", + "vulnerabilities.is_exploit_available", + "vulnerabilities.is_fix_available" + ] + }, + "OcsfBooleanFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfBooleanField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"BooleanFilter"} + }, + "documentation":"

    Enables filtering of security findings based on boolean field values in OCSF.

    " + }, + "OcsfBooleanFilterList":{ + "type":"list", + "member":{"shape":"OcsfBooleanFilter"} + }, + "OcsfDateField":{ + "type":"string", + "enum":[ + "finding_info.created_time_dt", + "finding_info.first_seen_time_dt", + "finding_info.last_seen_time_dt", + "finding_info.modified_time_dt", + "resources.image.created_time_dt", + "resources.image.last_used_time_dt", + "resources.modified_time_dt" + ] + }, + "OcsfDateFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfDateField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"DateFilter"} + }, + "documentation":"

    Enables filtering of security findings based on date and timestamp fields in OCSF.

    " + }, + "OcsfDateFilterList":{ + "type":"list", + "member":{"shape":"OcsfDateFilter"} + }, + "OcsfFinding":{ + "type":"structure", + "members":{}, + "document":true + }, + "OcsfFindingFilters":{ + "type":"structure", + "members":{ + "CompositeFilters":{ + "shape":"CompositeFilterList", + "documentation":"

    Enables the creation of complex filtering conditions by combining filter criteria.

    " + }, + "CompositeOperator":{ + "shape":"AllowedOperators", + "documentation":"

    The logical operators used to combine the filtering on multiple CompositeFilters.

    " + } + }, + "documentation":"

    Specifies the filtering criteria for security findings using OCSF.

    " + }, + "OcsfFindingIdentifier":{ + "type":"structure", + "required":[ + "CloudAccountUid", + "FindingInfoUid", + "MetadataProductUid" + ], + "members":{ + "CloudAccountUid":{ + "shape":"NonEmptyString", + "documentation":"

    Finding cloud.account.uid, which is a unique identifier in the Amazon Web Services account..

    " + }, + "FindingInfoUid":{ + "shape":"NonEmptyString", + "documentation":"

    Finding finding_info.uid, which is a unique identifier for the finding from the finding provider.

    " + }, + "MetadataProductUid":{ + "shape":"NonEmptyString", + "documentation":"

    Finding metadata.product.uid, which is a unique identifier for the product.

    " + } + }, + "documentation":"

    Provides a standard to identify security findings using OCSF.

    " + }, + "OcsfFindingIdentifierList":{ + "type":"list", + "member":{"shape":"OcsfFindingIdentifier"}, + "max":100, + "min":0 + }, + "OcsfFindingsList":{ + "type":"list", + "member":{"shape":"OcsfFinding"} + }, + "OcsfIpField":{ + "type":"string", + "enum":[ + "evidences.dst_endpoint.ip", + "evidences.src_endpoint.ip" + ] + }, + "OcsfIpFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfIpField", + "documentation":"

    The name of the IP address field to filter on.

    " + }, + "Filter":{"shape":"IpFilter"} + }, + "documentation":"

    The structure for filtering findings based on IP address attributes.

    " + }, + "OcsfIpFilterList":{ + "type":"list", + "member":{"shape":"OcsfIpFilter"} + }, + "OcsfMapField":{ + "type":"string", + "enum":[ + "resources.tags", + "compliance.control_parameters", + "databucket.tags", + "finding_info.tags" + ] + }, + "OcsfMapFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfMapField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"MapFilter"} + }, + "documentation":"

    Enables filtering of security findings based on map field values in OCSF.

    " + }, + "OcsfMapFilterList":{ + "type":"list", + "member":{"shape":"OcsfMapFilter"} + }, + "OcsfNumberField":{ + "type":"string", + "enum":[ + "activity_id", + "compliance.status_id", + "confidence_score", + "severity_id", + "status_id", + "finding_info.related_events_count", + "evidences.api.response.code", + "evidences.dst_endpoint.autonomous_system.number", + "evidences.dst_endpoint.port", + "evidences.src_endpoint.autonomous_system.number", + "evidences.src_endpoint.port", + "resources.image.in_use_count" + ] + }, + "OcsfNumberFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfNumberField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"NumberFilter"} + }, + "documentation":"

    Enables filtering of security findings based on numerical field values in OCSF.

    " + }, + "OcsfNumberFilterList":{ + "type":"list", + "member":{"shape":"OcsfNumberFilter"} + }, + "OcsfStringField":{ + "type":"string", + "enum":[ + "metadata.uid", + "activity_name", + "cloud.account.uid", + "cloud.provider", + "cloud.region", + "compliance.assessments.category", + "compliance.assessments.name", + "compliance.control", + "compliance.status", + "compliance.standards", + "finding_info.desc", + "finding_info.src_url", + "finding_info.title", + "finding_info.types", + "finding_info.uid", + "finding_info.related_events.uid", + "finding_info.related_events.product.uid", + "finding_info.related_events.title", + "metadata.product.name", + "metadata.product.uid", + "metadata.product.vendor_name", + "remediation.desc", + "remediation.references", + "resources.cloud_partition", + "resources.region", + "resources.type", + "resources.uid", + "severity", + "status", + "comment", + "vulnerabilities.fix_coverage", + "class_name", + "databucket.encryption_details.algorithm", + "databucket.encryption_details.key_uid", + "databucket.file.data_classifications.classifier_details.type", + "evidences.actor.user.account.uid", + "evidences.api.operation", + "evidences.api.response.error_message", + "evidences.api.service.name", + "evidences.connection_info.direction", + "evidences.connection_info.protocol_name", + "evidences.dst_endpoint.autonomous_system.name", + "evidences.dst_endpoint.location.city", + "evidences.dst_endpoint.location.country", + "evidences.src_endpoint.autonomous_system.name", + "evidences.src_endpoint.hostname", + "evidences.src_endpoint.location.city", + "evidences.src_endpoint.location.country", + "finding_info.analytic.name", + "malware.name", + "malware_scan_info.uid", + "malware.severity", + "resources.cloud_function.layers.uid_alt", + "resources.cloud_function.runtime", + "resources.cloud_function.user.uid", + "resources.device.encryption_details.key_uid", + "resources.device.image.uid", + "resources.image.architecture", + "resources.image.registry_uid", + "resources.image.repository_name", + "resources.image.uid", + "resources.subnet_info.uid", + "resources.vpc_uid", + "vulnerabilities.affected_code.file.path", + "vulnerabilities.affected_packages.name", + "vulnerabilities.cve.epss.score", + "vulnerabilities.cve.uid", + "vulnerabilities.related_vulnerabilities", + "cloud.account.name" + ] + }, + "OcsfStringFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"OcsfStringField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"StringFilter"} + }, + "documentation":"

    Enables filtering of security findings based on string field values in OCSF.

    " + }, + "OcsfStringFilterList":{ + "type":"list", + "member":{"shape":"OcsfStringFilter"} + }, "OrganizationConfiguration":{ "type":"structure", "members":{ @@ -19250,10 +21273,48 @@ "type":"list", "member":{"shape":"NonEmptyString"} }, + "ProductV2":{ + "type":"structure", + "members":{ + "ProductV2Name":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the productV2.

    " + }, + "CompanyName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the organization or vendor that provides the productV2.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    Detailed information about the productV2.

    " + }, + "Categories":{ + "shape":"CategoryList", + "documentation":"

    The domains or functional areas the productV2 addresses.

    " + }, + "IntegrationV2Types":{ + "shape":"IntegrationV2TypeList", + "documentation":"

    The type of integration.

    " + }, + "MarketplaceUrl":{ + "shape":"NonEmptyString", + "documentation":"

    The console URL where you can purchase or subscribe to products.

    " + }, + "ActivationUrl":{ + "shape":"NonEmptyString", + "documentation":"

    The URL to the serviceV@ or productV2 documentation about the integration, which includes how to activate the integration.

    " + } + }, + "documentation":"

    Defines the structure for the productV2.

    " + }, "ProductsList":{ "type":"list", "member":{"shape":"Product"} }, + "ProductsV2List":{ + "type":"list", + "member":{"shape":"ProductV2"} + }, "PropagatingVgwSetDetails":{ "type":"structure", "members":{ @@ -19268,6 +21329,61 @@ "type":"list", "member":{"shape":"PropagatingVgwSetDetails"} }, + "ProviderConfiguration":{ + "type":"structure", + "members":{ + "JiraCloud":{ + "shape":"JiraCloudProviderConfiguration", + "documentation":"

    The configuration settings required to establish an integration with Jira Cloud.

    " + }, + "ServiceNow":{ + "shape":"ServiceNowProviderConfiguration", + "documentation":"

    The configuration settings required to establish an integration with ServiceNow ITSM.

    " + } + }, + "documentation":"

    The initial configuration settings required to establish an integration between Security Hub and third-party provider.

    ", + "union":true + }, + "ProviderDetail":{ + "type":"structure", + "members":{ + "JiraCloud":{ + "shape":"JiraCloudDetail", + "documentation":"

    Details about a Jira Cloud integration.

    " + }, + "ServiceNow":{ + "shape":"ServiceNowDetail", + "documentation":"

    Details about a ServiceNow ITSM integration.

    " + } + }, + "documentation":"

    The third-party provider detail for a service configuration.

    ", + "union":true + }, + "ProviderSummary":{ + "type":"structure", + "members":{ + "ProviderName":{ + "shape":"ConnectorProviderName", + "documentation":"

    The name of the provider.

    " + }, + "ConnectorStatus":{ + "shape":"ConnectorStatus", + "documentation":"

    The status for the connectorV2.

    " + } + }, + "documentation":"

    The connectorV2 third-party provider configuration summary.

    " + }, + "ProviderUpdateConfiguration":{ + "type":"structure", + "members":{ + "JiraCloud":{ + "shape":"JiraCloudUpdateConfiguration", + "documentation":"

    The parameters required to update the configuration for a Jira Cloud integration.

    " + } + }, + "documentation":"

    The parameters required to update the configuration of an integration provider.

    ", + "union":true + }, "Range":{ "type":"structure", "members":{ @@ -19431,6 +21547,24 @@ "type":"string", "pattern":"^arn:aws:securityhub:.*" }, + "ResourceCategory":{ + "type":"string", + "enum":[ + "Compute", + "Database", + "Storage", + "Code", + "AI/ML", + "Identity", + "Network", + "Other" + ] + }, + "ResourceConfig":{ + "type":"structure", + "members":{}, + "document":true + }, "ResourceConflictException":{ "type":"structure", "members":{ @@ -19827,10 +21961,75 @@ "AwsEc2ClientVpnEndpoint":{ "shape":"AwsEc2ClientVpnEndpointDetails", "documentation":"

    Provides details about an Client VPN endpoint. A Client VPN endpoint is the resource that you create and configure to enable and manage client VPN sessions. It's the termination point for all client VPN sessions.

    " + }, + "CodeRepository":{ + "shape":"CodeRepositoryDetails", + "documentation":"

    Details about an external code repository with which you can connect your Amazon Web Services resources. The connection is established through Amazon Inspector.

    " } }, "documentation":"

    Additional details about a resource related to a finding.

    To provide the details, use the object that corresponds to the resource type. For example, if the resource type is AwsEc2Instance, then you use the AwsEc2Instance object to provide the details.

    If the type-specific object does not contain all of the fields you want to populate, then you use the Other object to populate those additional fields.

    You also use the Other object to populate the details when the selected type does not have a corresponding object.

    " }, + "ResourceFindingsSummary":{ + "type":"structure", + "required":[ + "FindingType", + "ProductName", + "TotalFindings" + ], + "members":{ + "FindingType":{ + "shape":"NonEmptyString", + "documentation":"

    The category or classification of the security finding.

    " + }, + "ProductName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the product associated with the security finding.

    " + }, + "TotalFindings":{ + "shape":"Integer", + "documentation":"

    The total count of security findings.

    " + }, + "Severities":{ + "shape":"ResourceSeverityBreakdown", + "documentation":"

    A breakdown of security findings by their severity levels.

    " + } + }, + "documentation":"

    A list of summaries for all finding types on a resource.

    " + }, + "ResourceFindingsSummaryList":{ + "type":"list", + "member":{"shape":"ResourceFindingsSummary"} + }, + "ResourceGroupByField":{ + "type":"string", + "enum":[ + "AccountId", + "Region", + "ResourceCategory", + "ResourceType", + "ResourceName", + "FindingsSummary.FindingType" + ] + }, + "ResourceGroupByRule":{ + "type":"structure", + "required":["GroupByField"], + "members":{ + "GroupByField":{ + "shape":"ResourceGroupByField", + "documentation":"

    Specifies the attribute that resources should be grouped by.

    " + }, + "Filters":{ + "shape":"ResourcesFilters", + "documentation":"

    The criteria used to select resources and associated security findings.

    " + } + }, + "documentation":"

    Defines the configuration for organizing and categorizing Amazon Web Services resources based on associated security findings.

    " + }, + "ResourceGroupByRules":{ + "type":"list", + "member":{"shape":"ResourceGroupByRule"} + }, "ResourceInUseException":{ "type":"structure", "members":{ @@ -19855,6 +22054,278 @@ "error":{"httpStatusCode":404}, "exception":true }, + "ResourceResult":{ + "type":"structure", + "required":[ + "ResourceId", + "AccountId", + "Region", + "ResourceDetailCaptureTimeDt", + "ResourceConfig" + ], + "members":{ + "ResourceGuid":{ + "shape":"NonEmptyString", + "documentation":"

    The global identifier used to identify a resource.

    " + }, + "ResourceId":{ + "shape":"NonEmptyString", + "documentation":"

    The unique identifier for a resource.

    " + }, + "AccountId":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services account that owns the resource.

    " + }, + "Region":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services Region where the resource is located.

    " + }, + "ResourceCategory":{ + "shape":"ResourceCategory", + "documentation":"

    The grouping where the resource belongs.

    " + }, + "ResourceType":{ + "shape":"NonEmptyString", + "documentation":"

    The type of resource.

    " + }, + "ResourceName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the resource.

    " + }, + "ResourceCreationTimeDt":{ + "shape":"NonEmptyString", + "documentation":"

    The time when the resource was created.

    " + }, + "ResourceDetailCaptureTimeDt":{ + "shape":"NonEmptyString", + "documentation":"

    The timestamp when information about the resource was captured.

    " + }, + "FindingsSummary":{ + "shape":"ResourceFindingsSummaryList", + "documentation":"

    An aggregated view of security findings associated with a resource.

    " + }, + "ResourceTags":{ + "shape":"ResourceTagList", + "documentation":"

    The key-value pairs associated with a resource.

    " + }, + "ResourceConfig":{ + "shape":"ResourceConfig", + "documentation":"

    The configuration details of a resource.

    " + } + }, + "documentation":"

    Provides comprehensive details about an Amazon Web Services resource and its associated security findings.

    " + }, + "ResourceSeverityBreakdown":{ + "type":"structure", + "members":{ + "Other":{ + "shape":"Integer", + "documentation":"

    The number of findings not in any of the severity categories.

    " + }, + "Fatal":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level of fatal.

    " + }, + "Critical":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level of critical.

    " + }, + "High":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level of high.

    " + }, + "Medium":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level of medium.

    " + }, + "Low":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level of low.

    " + }, + "Informational":{ + "shape":"Integer", + "documentation":"

    The number of findings that provide security-related information.

    " + }, + "Unknown":{ + "shape":"Integer", + "documentation":"

    The number of findings with a severity level cannot be determined.

    " + } + }, + "documentation":"

    A comprehensive distribution of security findings by severity level for Amazon Web Services resources.

    " + }, + "ResourceTag":{ + "type":"structure", + "required":[ + "Key", + "Value" + ], + "members":{ + "Key":{ + "shape":"NonEmptyString", + "documentation":"

    The identifier or name of the tag.

    " + }, + "Value":{ + "shape":"NonEmptyString", + "documentation":"

    The data associated with the tag key.

    " + } + }, + "documentation":"

    Represents tag information associated with Amazon Web Services resources.

    " + }, + "ResourceTagList":{ + "type":"list", + "member":{"shape":"ResourceTag"} + }, + "Resources":{ + "type":"list", + "member":{"shape":"ResourceResult"} + }, + "ResourcesCompositeFilter":{ + "type":"structure", + "members":{ + "StringFilters":{ + "shape":"ResourcesStringFilterList", + "documentation":"

    Enables filtering based on string field values.

    " + }, + "DateFilters":{ + "shape":"ResourcesDateFilterList", + "documentation":"

    Enables filtering based on date and timestamp field values.

    " + }, + "NumberFilters":{ + "shape":"ResourcesNumberFilterList", + "documentation":"

    Enables filtering based on numerical field values.

    " + }, + "MapFilters":{ + "shape":"ResourcesMapFilterList", + "documentation":"

    Enables filtering based on map-based field values.

    " + }, + "NestedCompositeFilters":{ + "shape":"ResourcesCompositeFilterList", + "documentation":"

    Provides an additional level of filtering, creating a three-layer nested structure. The first layer is a CompositeFilters array with a CompositeOperator (AND/OR). The second layer is a CompositeFilter object that contains direct filters and NestedCompositeFilters. The third layer is NestedCompositeFilters, which contains additional filter conditions.

    " + }, + "Operator":{ + "shape":"AllowedOperators", + "documentation":"

    The logical operator used to combine multiple filter conditions.

    " + } + }, + "documentation":"

    Enables the creation of criteria for Amazon Web Services resources in Security Hub.

    " + }, + "ResourcesCompositeFilterList":{ + "type":"list", + "member":{"shape":"ResourcesCompositeFilter"} + }, + "ResourcesDateField":{ + "type":"string", + "enum":[ + "ResourceDetailCaptureTime", + "ResourceCreationTime" + ] + }, + "ResourcesDateFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"ResourcesDateField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"DateFilter"} + }, + "documentation":"

    Enables the filtering of Amazon Web Services resources based on date and timestamp attributes.

    " + }, + "ResourcesDateFilterList":{ + "type":"list", + "member":{"shape":"ResourcesDateFilter"} + }, + "ResourcesFilters":{ + "type":"structure", + "members":{ + "CompositeFilters":{ + "shape":"ResourcesCompositeFilterList", + "documentation":"

    A collection of complex filtering conditions that can be applied to Amazon Web Services resources.

    " + }, + "CompositeOperator":{ + "shape":"AllowedOperators", + "documentation":"

    The logical operator used to combine multiple filter conditions in the structure.

    " + } + }, + "documentation":"

    Enables filtering of Amazon Web Services resources based on data.

    " + }, + "ResourcesMapField":{ + "type":"string", + "enum":["ResourceTags"] + }, + "ResourcesMapFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"ResourcesMapField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"MapFilter"} + }, + "documentation":"

    Enables filtering of Amazon Web Services resources based on key-value map attributes.

    " + }, + "ResourcesMapFilterList":{ + "type":"list", + "member":{"shape":"ResourcesMapFilter"} + }, + "ResourcesNumberField":{ + "type":"string", + "enum":[ + "FindingsSummary.TotalFindings", + "FindingsSummary.Severities.Other", + "FindingsSummary.Severities.Fatal", + "FindingsSummary.Severities.Critical", + "FindingsSummary.Severities.High", + "FindingsSummary.Severities.Medium", + "FindingsSummary.Severities.Low", + "FindingsSummary.Severities.Informational", + "FindingsSummary.Severities.Unknown" + ] + }, + "ResourcesNumberFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"ResourcesNumberField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"NumberFilter"} + }, + "documentation":"

    Enables filtering of Amazon Web Services resources based on numerical values.

    " + }, + "ResourcesNumberFilterList":{ + "type":"list", + "member":{"shape":"ResourcesNumberFilter"} + }, + "ResourcesStringField":{ + "type":"string", + "enum":[ + "ResourceGuid", + "ResourceId", + "AccountId", + "Region", + "ResourceCategory", + "ResourceType", + "ResourceName", + "FindingsSummary.FindingType", + "FindingsSummary.ProductName" + ] + }, + "ResourcesStringFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"ResourcesStringField", + "documentation":"

    The name of the field.

    " + }, + "Filter":{"shape":"StringFilter"} + }, + "documentation":"

    Enables filtering of Amazon Web Services resources based on string field values.

    " + }, + "ResourcesStringFilterList":{ + "type":"list", + "member":{"shape":"ResourcesStringFilter"} + }, "Result":{ "type":"structure", "members":{ @@ -20294,6 +22765,11 @@ "max":1000, "min":1 }, + "RuleOrderValueV2":{ + "type":"float", + "max":1000.0, + "min":1.0 + }, "RuleStatus":{ "type":"string", "enum":[ @@ -20301,6 +22777,13 @@ "DISABLED" ] }, + "RuleStatusV2":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "SecurityControl":{ "type":"structure", "required":[ @@ -20472,6 +22955,13 @@ "type":"list", "member":{"shape":"NonEmptyString"} }, + "SecurityHubFeature":{ + "type":"string", + "enum":[ + "SecurityHub", + "SecurityHubV2" + ] + }, "SecurityHubPolicy":{ "type":"structure", "members":{ @@ -20534,6 +23024,11 @@ "type":"list", "member":{"shape":"SensitiveDataResult"} }, + "SensitiveNonEmptyString":{ + "type":"string", + "pattern":".*\\S.*", + "sensitive":true + }, "Sequence":{ "type":"structure", "members":{ @@ -20560,6 +23055,48 @@ }, "documentation":"

    Contains information about an Amazon GuardDuty Extended Threat Detection attack sequence finding. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

    " }, + "ServiceNowDetail":{ + "type":"structure", + "required":["AuthStatus"], + "members":{ + "InstanceName":{ + "shape":"NonEmptyString", + "documentation":"

    The instanceName of ServiceNow ITSM.

    " + }, + "ClientId":{ + "shape":"NonEmptyString", + "documentation":"

    The clientId of ServiceNow ITSM.

    " + }, + "AuthStatus":{ + "shape":"ConnectorAuthStatus", + "documentation":"

    The status of the authorization between Jira Cloud and the service.

    " + } + }, + "documentation":"

    Information about a ServiceNow ITSM integration.

    " + }, + "ServiceNowProviderConfiguration":{ + "type":"structure", + "required":[ + "InstanceName", + "ClientId", + "ClientSecret" + ], + "members":{ + "InstanceName":{ + "shape":"NonEmptyString", + "documentation":"

    The instance name of ServiceNow ITSM.

    " + }, + "ClientId":{ + "shape":"NonEmptyString", + "documentation":"

    The client ID of ServiceNow ITSM.

    " + }, + "ClientSecret":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

    The client secret of ServiceNow ITSM.

    " + } + }, + "documentation":"

    The initial configuration settings required to establish an integration between Security Hub and ServiceNow ITSM.

    " + }, "Severity":{ "type":"structure", "members":{ @@ -20776,7 +23313,7 @@ "members":{ "StandardsArn":{ "shape":"NonEmptyString", - "documentation":"

    The ARN of a standard.

    " + "documentation":"

    The ARN of the standard.

    " }, "Name":{ "shape":"NonEmptyString", @@ -21016,6 +23553,13 @@ "type":"list", "member":{"shape":"StandardsControl"} }, + "StandardsControlsUpdatable":{ + "type":"string", + "enum":[ + "READY_FOR_UPDATES", + "NOT_READY_FOR_UPDATES" + ] + }, "StandardsInputParameterMap":{ "type":"map", "key":{"shape":"NonEmptyString"}, @@ -21054,7 +23598,7 @@ "documentation":"

    The reason code that represents the reason for the current status of a standard subscription.

    " } }, - "documentation":"

    The reason for the current status of a standard subscription.

    " + "documentation":"

    The reason for the current status of your subscription to the standard.

    " }, "StandardsSubscription":{ "type":"structure", @@ -21067,11 +23611,11 @@ "members":{ "StandardsSubscriptionArn":{ "shape":"NonEmptyString", - "documentation":"

    The ARN of a resource that represents your subscription to a supported standard.

    " + "documentation":"

    The ARN of the resource that represents your subscription to the standard.

    " }, "StandardsArn":{ "shape":"NonEmptyString", - "documentation":"

    The ARN of a standard.

    " + "documentation":"

    The ARN of the standard.

    " }, "StandardsInput":{ "shape":"StandardsInputParameterMap", @@ -21079,7 +23623,11 @@ }, "StandardsStatus":{ "shape":"StandardsStatus", - "documentation":"

    The status of the standard subscription.

    The status values are as follows:

    • PENDING - Standard is in the process of being enabled.

    • READY - Standard is enabled.

    • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

    • DELETING - Standard is in the process of being disabled.

    • FAILED - Standard could not be disabled.

    " + "documentation":"

    The status of your subscription to the standard. Possible values are:

    • PENDING - The standard is in the process of being enabled. Or the standard is already enabled and Security Hub is adding new controls to the standard.

    • READY - The standard is enabled.

    • INCOMPLETE - The standard could not be enabled completely. One or more errors (StandardsStatusReason) occurred when Security Hub attempted to enable the standard.

    • DELETING - The standard is in the process of being disabled.

    • FAILED - The standard could not be disabled. One or more errors (StandardsStatusReason) occurred when Security Hub attempted to disable the standard.

    " + }, + "StandardsControlsUpdatable":{ + "shape":"StandardsControlsUpdatable", + "documentation":"

    Specifies whether you can retrieve information about and configure individual controls that apply to the standard. Possible values are:

    • READY_FOR_UPDATES - Controls in the standard can be retrieved and configured.

    • NOT_READY_FOR_UPDATES - Controls in the standard cannot be retrieved or configured.

    " }, "StandardsStatusReason":{ "shape":"StandardsStatusReason", @@ -21185,8 +23733,7 @@ }, "StartConfigurationPolicyDisassociationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StatelessCustomActionDefinition":{ "type":"structure", @@ -21241,6 +23788,7 @@ "type":"string", "enum":[ "NO_AVAILABLE_CONFIGURATION_RECORDER", + "MAXIMUM_NUMBER_OF_CONFIG_RULES_EXCEEDED", "INTERNAL_ERROR" ] }, @@ -21275,7 +23823,7 @@ }, "Comparison":{ "shape":"StringFilterComparison", - "documentation":"

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS. For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.

    • To search for values that exactly match the filter value, use EQUALS. For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012.

    • To search for values that start with the filter value, use PREFIX. For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us. A ResourceRegion that starts with a different value, such as af, ap, or ca, doesn't match.

    CONTAINS, EQUALS, and PREFIX filters on the same field are joined by OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront, CloudWatch, or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS. For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.

    • To search for values other than the filter value, use NOT_EQUALS. For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012.

    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS. For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us.

    NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2. It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

    • ResourceType PREFIX AwsIam

    • ResourceType PREFIX AwsEc2

    • ResourceType NOT_EQUALS AwsIamPolicy

    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the Security Hub User Guide.

    " + "documentation":"

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS. For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.

    • To search for values that exactly match the filter value, use EQUALS. For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012.

    • To search for values that start with the filter value, use PREFIX. For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us. A ResourceRegion that starts with a different value, such as af, ap, or ca, doesn't match.

    CONTAINS, EQUALS, and PREFIX filters on the same field are joined by OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront, CloudWatch, or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS. For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.

    • To search for values other than the filter value, use NOT_EQUALS. For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012.

    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS. For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us.

    NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2. It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

    • ResourceType PREFIX AwsIam

    • ResourceType PREFIX AwsEc2

    • ResourceType NOT_EQUALS AwsIamPolicy

    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules V1. CONTAINS_WORD operator is only supported in GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2, and GetResourceStatisticsV2 APIs. For more information, see Automation rules in the Security Hub User Guide.

    " } }, "documentation":"

    A string filter for filtering Security Hub findings.

    " @@ -21288,7 +23836,8 @@ "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", - "NOT_CONTAINS" + "NOT_CONTAINS", + "CONTAINS_WORD" ] }, "StringFilterList":{ @@ -21361,8 +23910,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -21482,6 +24030,16 @@ "type":"list", "member":{"shape":"Threat"} }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "Message":{"shape":"NonEmptyString"}, + "Code":{"shape":"NonEmptyString"} + }, + "documentation":"

    The limit on the number of requests per second was exceeded.

    ", + "error":{"httpStatusCode":429}, + "exception":true + }, "Timestamp":{ "type":"timestamp", "timestampFormat":"iso8601" @@ -21540,6 +24098,7 @@ "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", + "RESOURCE_NOT_FOUND", "LIMIT_EXCEEDED" ] }, @@ -21556,7 +24115,7 @@ }, "ErrorCode":{ "shape":"UnprocessedErrorCode", - "documentation":"

    The error code for the unprocessed security control.

    " + "documentation":"

    The error code for the unprocessed security control. The NOT_FOUND value has been deprecated and replaced by the RESOURCE_NOT_FOUND value.

    " }, "ErrorReason":{ "shape":"NonEmptyString", @@ -21582,7 +24141,7 @@ }, "ErrorCode":{ "shape":"UnprocessedErrorCode", - "documentation":"

    The error code for the unprocessed standard and control association.

    " + "documentation":"

    The error code for the unprocessed standard and control association. The NOT_FOUND value has been deprecated and replaced by the RESOURCE_NOT_FOUND value.

    " }, "ErrorReason":{ "shape":"NonEmptyString", @@ -21604,7 +24163,7 @@ }, "ErrorCode":{ "shape":"UnprocessedErrorCode", - "documentation":"

    The error code for the unprocessed update of the control's enablement status in the specified standard.

    " + "documentation":"

    The error code for the unprocessed update of the control's enablement status in the specified standard. The NOT_FOUND value has been deprecated and replaced by the RESOURCE_NOT_FOUND value.

    " }, "ErrorReason":{ "shape":"NonEmptyString", @@ -21644,8 +24203,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateActionTargetRequest":{ "type":"structure", @@ -21669,9 +24227,92 @@ }, "UpdateActionTargetResponse":{ "type":"structure", + "members":{} + }, + "UpdateAggregatorV2Request":{ + "type":"structure", + "required":[ + "AggregatorV2Arn", + "RegionLinkingMode" + ], "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the Aggregator V2.

    ", + "location":"uri", + "locationName":"AggregatorV2Arn" + }, + "RegionLinkingMode":{ + "shape":"NonEmptyString", + "documentation":"

    Determines how Amazon Web Services Regions should be linked to the Aggregator V2.

    " + }, + "LinkedRegions":{ + "shape":"StringList", + "documentation":"

    A list of Amazon Web Services Regions linked to the aggegation Region.

    " + } + } + }, + "UpdateAggregatorV2Response":{ + "type":"structure", + "members":{ + "AggregatorV2Arn":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the Aggregator V2.

    " + }, + "AggregationRegion":{ + "shape":"NonEmptyString", + "documentation":"

    The Amazon Web Services Region where data is aggregated.

    " + }, + "RegionLinkingMode":{ + "shape":"NonEmptyString", + "documentation":"

    Determines how Amazon Web Services Regions should be linked to the Aggregator V2.

    " + }, + "LinkedRegions":{ + "shape":"StringList", + "documentation":"

    A list of Amazon Web Services Regions linked to the aggegation Region.

    " + } } }, + "UpdateAutomationRuleV2Request":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"

    The ARN of the automation rule.

    ", + "location":"uri", + "locationName":"Identifier" + }, + "RuleStatus":{ + "shape":"RuleStatusV2", + "documentation":"

    The status of the automation rule.

    " + }, + "RuleOrder":{ + "shape":"RuleOrderValueV2", + "documentation":"

    Represents a value for the rule priority.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    A description of the automation rule.

    " + }, + "RuleName":{ + "shape":"NonEmptyString", + "documentation":"

    The name of the automation rule.

    " + }, + "Criteria":{ + "shape":"Criteria", + "documentation":"

    The filtering type and configuration of the automation rule.

    " + }, + "Actions":{ + "shape":"AutomationRulesActionListV2", + "documentation":"

    A list of actions to be performed when the rule criteria is met.

    " + } + } + }, + "UpdateAutomationRuleV2Response":{ + "type":"structure", + "members":{} + }, "UpdateAutomationRulesRequestItem":{ "type":"structure", "required":["RuleArn"], @@ -21778,6 +24419,34 @@ } } }, + "UpdateConnectorV2Request":{ + "type":"structure", + "required":["ConnectorId"], + "members":{ + "ConnectorId":{ + "shape":"NonEmptyString", + "documentation":"

    The UUID of the connectorV2 to identify connectorV2 resource.

    ", + "location":"uri", + "locationName":"ConnectorId" + }, + "ClientSecret":{ + "shape":"SensitiveNonEmptyString", + "documentation":"

    The clientSecret of ServiceNow.

    " + }, + "Description":{ + "shape":"NonEmptyString", + "documentation":"

    The description of the connectorV2.

    " + }, + "Provider":{ + "shape":"ProviderUpdateConfiguration", + "documentation":"

    The third-party provider’s service configuration.

    " + } + } + }, + "UpdateConnectorV2Response":{ + "type":"structure", + "members":{} + }, "UpdateFindingAggregatorRequest":{ "type":"structure", "required":[ @@ -21840,8 +24509,7 @@ }, "UpdateFindingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateInsightRequest":{ "type":"structure", @@ -21869,8 +24537,7 @@ }, "UpdateInsightResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOrganizationConfigurationRequest":{ "type":"structure", @@ -21889,8 +24556,7 @@ }, "UpdateOrganizationConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSecurityControlRequest":{ "type":"structure", @@ -21915,8 +24581,7 @@ }, "UpdateSecurityControlResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSecurityHubConfigurationRequest":{ "type":"structure", @@ -21933,8 +24598,7 @@ }, "UpdateSecurityHubConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStandardsControlRequest":{ "type":"structure", @@ -21958,8 +24622,7 @@ }, "UpdateStandardsControlResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStatus":{ "type":"string", @@ -21982,6 +24645,16 @@ }, "documentation":"

    Provides Amazon Web Services account information of the user involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

    " }, + "ValidationException":{ + "type":"structure", + "members":{ + "Message":{"shape":"NonEmptyString"}, + "Code":{"shape":"NonEmptyString"} + }, + "documentation":"

    The request has failed validation because it's missing required fields or has invalid inputs.

    ", + "error":{"httpStatusCode":400}, + "exception":true + }, "VerificationState":{ "type":"string", "enum":[ diff -pruN 2.23.6-1/awscli/botocore/data/securitylake/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/securitylake/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/securitylake/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/securitylake/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/serverlessrepo/2017-09-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/serverlessrepo/2017-09-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/serverlessrepo/2017-09-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/serverlessrepo/2017-09-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/serverlessrepo/2017-09-08/service-2.json 2.31.35-1/awscli/botocore/data/serverlessrepo/2017-09-08/service-2.json --- 2.23.6-1/awscli/botocore/data/serverlessrepo/2017-09-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/serverlessrepo/2017-09-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,2248 +1,2446 @@ { - "metadata" : { - "apiVersion" : "2017-09-08", - "endpointPrefix" : "serverlessrepo", - "signingName" : "serverlessrepo", - "serviceFullName" : "AWSServerlessApplicationRepository", - "serviceId" : "ServerlessApplicationRepository", - "protocol" : "rest-json", - "jsonVersion" : "1.1", - "uid" : "serverlessrepo-2017-09-08", - "signatureVersion" : "v4" + "metadata": { + "apiVersion": "2017-09-08", + "endpointPrefix": "serverlessrepo", + "signingName": "serverlessrepo", + "serviceFullName": "AWSServerlessApplicationRepository", + "serviceId": "ServerlessApplicationRepository", + "protocol": "rest-json", + "jsonVersion": "1.1", + "uid": "serverlessrepo-2017-09-08", + "signatureVersion": "v4", + "auth": [ + "aws.auth#sigv4" + ] }, - "operations" : { - "CreateApplication" : { - "name" : "CreateApplication", - "http" : { - "method" : "POST", - "requestUri" : "/applications", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateApplicationRequest" - }, - "output" : { - "shape" : "CreateApplicationResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ConflictException", - "documentation" : "

    The resource already exists.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Creates an application, optionally including an AWS SAM file to create the first application version in the same call.

    " - }, - "CreateApplicationVersion" : { - "name" : "CreateApplicationVersion", - "http" : { - "method" : "PUT", - "requestUri" : "/applications/{applicationId}/versions/{semanticVersion}", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateApplicationVersionRequest" - }, - "output" : { - "shape" : "CreateApplicationVersionResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ConflictException", - "documentation" : "

    The resource already exists.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Creates an application version.

    " - }, - "CreateCloudFormationChangeSet" : { - "name" : "CreateCloudFormationChangeSet", - "http" : { - "method" : "POST", - "requestUri" : "/applications/{applicationId}/changesets", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateCloudFormationChangeSetRequest" - }, - "output" : { - "shape" : "CreateCloudFormationChangeSetResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Creates an AWS CloudFormation change set for the given application.

    " - }, - "CreateCloudFormationTemplate" : { - "name" : "CreateCloudFormationTemplate", - "http" : { - "method" : "POST", - "requestUri" : "/applications/{applicationId}/templates", - "responseCode" : 201 - }, - "input" : { - "shape" : "CreateCloudFormationTemplateRequest" - }, - "output" : { - "shape" : "CreateCloudFormationTemplateResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Creates an AWS CloudFormation template.

    " - }, - "DeleteApplication" : { - "name" : "DeleteApplication", - "http" : { - "method" : "DELETE", - "requestUri" : "/applications/{applicationId}", - "responseCode" : 204 - }, - "input" : { - "shape" : "DeleteApplicationRequest" - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - }, { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "ConflictException", - "documentation" : "

    The resource already exists.

    " - } ], - "documentation" : "

    Deletes the specified application.

    " - }, - "GetApplication" : { - "name" : "GetApplication", - "http" : { - "method" : "GET", - "requestUri" : "/applications/{applicationId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApplicationRequest" - }, - "output" : { - "shape" : "GetApplicationResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Gets the specified application.

    " - }, - "GetApplicationPolicy" : { - "name" : "GetApplicationPolicy", - "http" : { - "method" : "GET", - "requestUri" : "/applications/{applicationId}/policy", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetApplicationPolicyRequest" - }, - "output" : { - "shape" : "GetApplicationPolicyResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Retrieves the policy for the application.

    " - }, - "GetCloudFormationTemplate" : { - "name" : "GetCloudFormationTemplate", - "http" : { - "method" : "GET", - "requestUri" : "/applications/{applicationId}/templates/{templateId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "GetCloudFormationTemplateRequest" - }, - "output" : { - "shape" : "GetCloudFormationTemplateResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Gets the specified AWS CloudFormation template.

    " - }, - "ListApplicationDependencies" : { - "name" : "ListApplicationDependencies", - "http" : { - "method" : "GET", - "requestUri" : "/applications/{applicationId}/dependencies", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListApplicationDependenciesRequest" - }, - "output" : { - "shape" : "ListApplicationDependenciesResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Retrieves the list of applications nested in the containing application.

    " - }, - "ListApplicationVersions" : { - "name" : "ListApplicationVersions", - "http" : { - "method" : "GET", - "requestUri" : "/applications/{applicationId}/versions", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListApplicationVersionsRequest" - }, - "output" : { - "shape" : "ListApplicationVersionsResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Lists versions for the specified application.

    " - }, - "ListApplications" : { - "name" : "ListApplications", - "http" : { - "method" : "GET", - "requestUri" : "/applications", - "responseCode" : 200 - }, - "input" : { - "shape" : "ListApplicationsRequest" - }, - "output" : { - "shape" : "ListApplicationsResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Lists applications owned by the requester.

    " - }, - "PutApplicationPolicy" : { - "name" : "PutApplicationPolicy", - "http" : { - "method" : "PUT", - "requestUri" : "/applications/{applicationId}/policy", - "responseCode" : 200 - }, - "input" : { - "shape" : "PutApplicationPolicyRequest" - }, - "output" : { - "shape" : "PutApplicationPolicyResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Sets the permission policy for an application. For the list of actions supported for this operation, see\n Application \n Permissions\n .

    " - }, - "UnshareApplication" : { - "name" : "UnshareApplication", - "http" : { - "method" : "POST", - "requestUri" : "/applications/{applicationId}/unshare", - "responseCode" : 204 - }, - "input" : { - "shape" : "UnshareApplicationRequest" - }, - "errors" : [ { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - } ], - "documentation" : "

    Unshares an application from an AWS Organization.

    This operation can be called only from the organization's master account.

    " - }, - "UpdateApplication" : { - "name" : "UpdateApplication", - "http" : { - "method" : "PATCH", - "requestUri" : "/applications/{applicationId}", - "responseCode" : 200 - }, - "input" : { - "shape" : "UpdateApplicationRequest" - }, - "output" : { - "shape" : "UpdateApplicationResponse", - "documentation" : "

    Success

    " - }, - "errors" : [ { - "shape" : "BadRequestException", - "documentation" : "

    One of the parameters in the request is invalid.

    " - }, { - "shape" : "InternalServerErrorException", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - }, { - "shape" : "ForbiddenException", - "documentation" : "

    The client is not authenticated.

    " - }, { - "shape" : "NotFoundException", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - }, { - "shape" : "TooManyRequestsException", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - }, { - "shape" : "ConflictException", - "documentation" : "

    The resource already exists.

    " - } ], - "documentation" : "

    Updates the specified application.

    " + "operations": { + "CreateApplication": { + "name": "CreateApplication", + "http": { + "method": "POST", + "requestUri": "/applications", + "responseCode": 201 + }, + "input": { + "shape": "CreateApplicationRequest" + }, + "output": { + "shape": "CreateApplicationResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    The resource already exists.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Creates an application, optionally including an AWS SAM file to create the first application version in the same call.

    " + }, + "CreateApplicationVersion": { + "name": "CreateApplicationVersion", + "http": { + "method": "PUT", + "requestUri": "/applications/{applicationId}/versions/{semanticVersion}", + "responseCode": 201 + }, + "input": { + "shape": "CreateApplicationVersionRequest" + }, + "output": { + "shape": "CreateApplicationVersionResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    The resource already exists.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Creates an application version.

    " + }, + "CreateCloudFormationChangeSet": { + "name": "CreateCloudFormationChangeSet", + "http": { + "method": "POST", + "requestUri": "/applications/{applicationId}/changesets", + "responseCode": 201 + }, + "input": { + "shape": "CreateCloudFormationChangeSetRequest" + }, + "output": { + "shape": "CreateCloudFormationChangeSetResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Creates an AWS CloudFormation change set for the given application.

    " + }, + "CreateCloudFormationTemplate": { + "name": "CreateCloudFormationTemplate", + "http": { + "method": "POST", + "requestUri": "/applications/{applicationId}/templates", + "responseCode": 201 + }, + "input": { + "shape": "CreateCloudFormationTemplateRequest" + }, + "output": { + "shape": "CreateCloudFormationTemplateResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Creates an AWS CloudFormation template.

    " + }, + "DeleteApplication": { + "name": "DeleteApplication", + "http": { + "method": "DELETE", + "requestUri": "/applications/{applicationId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteApplicationRequest" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + }, + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    The resource already exists.

    " + } + ], + "documentation": "

    Deletes the specified application.

    " + }, + "GetApplication": { + "name": "GetApplication", + "http": { + "method": "GET", + "requestUri": "/applications/{applicationId}", + "responseCode": 200 + }, + "input": { + "shape": "GetApplicationRequest" + }, + "output": { + "shape": "GetApplicationResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Gets the specified application.

    " + }, + "GetApplicationPolicy": { + "name": "GetApplicationPolicy", + "http": { + "method": "GET", + "requestUri": "/applications/{applicationId}/policy", + "responseCode": 200 + }, + "input": { + "shape": "GetApplicationPolicyRequest" + }, + "output": { + "shape": "GetApplicationPolicyResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Retrieves the policy for the application.

    " + }, + "GetCloudFormationTemplate": { + "name": "GetCloudFormationTemplate", + "http": { + "method": "GET", + "requestUri": "/applications/{applicationId}/templates/{templateId}", + "responseCode": 200 + }, + "input": { + "shape": "GetCloudFormationTemplateRequest" + }, + "output": { + "shape": "GetCloudFormationTemplateResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Gets the specified AWS CloudFormation template.

    " + }, + "ListApplicationDependencies": { + "name": "ListApplicationDependencies", + "http": { + "method": "GET", + "requestUri": "/applications/{applicationId}/dependencies", + "responseCode": 200 + }, + "input": { + "shape": "ListApplicationDependenciesRequest" + }, + "output": { + "shape": "ListApplicationDependenciesResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Retrieves the list of applications nested in the containing application.

    " + }, + "ListApplicationVersions": { + "name": "ListApplicationVersions", + "http": { + "method": "GET", + "requestUri": "/applications/{applicationId}/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListApplicationVersionsRequest" + }, + "output": { + "shape": "ListApplicationVersionsResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Lists versions for the specified application.

    " + }, + "ListApplications": { + "name": "ListApplications", + "http": { + "method": "GET", + "requestUri": "/applications", + "responseCode": 200 + }, + "input": { + "shape": "ListApplicationsRequest" + }, + "output": { + "shape": "ListApplicationsResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Lists applications owned by the requester.

    " + }, + "PutApplicationPolicy": { + "name": "PutApplicationPolicy", + "http": { + "method": "PUT", + "requestUri": "/applications/{applicationId}/policy", + "responseCode": 200 + }, + "input": { + "shape": "PutApplicationPolicyRequest" + }, + "output": { + "shape": "PutApplicationPolicyResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Sets the permission policy for an application. For the list of actions supported for this operation, see\n Application \n Permissions\n .

    " + }, + "UnshareApplication": { + "name": "UnshareApplication", + "http": { + "method": "POST", + "requestUri": "/applications/{applicationId}/unshare", + "responseCode": 204 + }, + "input": { + "shape": "UnshareApplicationRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + } + ], + "documentation": "

    Unshares an application from an AWS Organization.

    This operation can be called only from the organization's master account.

    " + }, + "UpdateApplication": { + "name": "UpdateApplication", + "http": { + "method": "PATCH", + "requestUri": "/applications/{applicationId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateApplicationRequest" + }, + "output": { + "shape": "UpdateApplicationResponse", + "documentation": "

    Success

    " + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "

    One of the parameters in the request is invalid.

    " + }, + { + "shape": "InternalServerErrorException", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + }, + { + "shape": "ForbiddenException", + "documentation": "

    The client is not authenticated.

    " + }, + { + "shape": "NotFoundException", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + }, + { + "shape": "TooManyRequestsException", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + }, + { + "shape": "ConflictException", + "documentation": "

    The resource already exists.

    " + } + ], + "documentation": "

    Updates the specified application.

    " } }, - "shapes" : { - "Application" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "IsVerifiedAuthor" : { - "shape" : "__boolean", - "locationName" : "isVerifiedAuthor", - "documentation" : "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "VerifiedAuthorUrl" : { - "shape" : "__string", - "locationName" : "verifiedAuthorUrl", - "documentation" : "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " - }, - "Version" : { - "shape" : "Version", - "locationName" : "version", - "documentation" : "

    Version information about the application.

    " - } - }, - "documentation" : "

    Details about the application.

    ", - "required" : [ "Description", "Author", "ApplicationId", "Name" ] - }, - "ApplicationDependencyPage" : { - "type" : "structure", - "members" : { - "Dependencies" : { - "shape" : "__listOfApplicationDependencySummary", - "locationName" : "dependencies", - "documentation" : "

    An array of application summaries nested in the application.

    " - }, - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - } - }, - "documentation" : "

    A list of application summaries nested in the application.

    ", - "required" : [ "Dependencies" ] - }, - "ApplicationDependencySummary" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the nested application.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the nested application.

    " - } - }, - "documentation" : "

    A nested application summary.

    ", - "required" : [ "ApplicationId", "SemanticVersion" ] - }, - "ApplicationPage" : { - "type" : "structure", - "members" : { - "Applications" : { - "shape" : "__listOfApplicationSummary", - "locationName" : "applications", - "documentation" : "

    An array of application summaries.

    " - }, - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - } - }, - "documentation" : "

    A list of application details.

    ", - "required" : [ "Applications" ] - }, - "ApplicationPolicy" : { - "type" : "structure", - "members" : { - "Statements" : { - "shape" : "__listOfApplicationPolicyStatement", - "locationName" : "statements", - "documentation" : "

    An array of policy statements applied to the application.

    " - } - }, - "documentation" : "

    Policy statements applied to the application.

    ", - "required" : [ "Statements" ] - }, - "ApplicationPolicyStatement" : { - "type" : "structure", - "members" : { - "Actions" : { - "shape" : "__listOf__string", - "locationName" : "actions", - "documentation" : "

    For the list of actions supported for this operation, see Application \n Permissions.

    " - }, - "PrincipalOrgIDs" : { - "shape" : "__listOf__string", - "locationName" : "principalOrgIDs", - "documentation" : "

    An array of PrinciplalOrgIDs, which corresponds to AWS IAM aws:PrincipalOrgID global condition key.

    " - }, - "Principals" : { - "shape" : "__listOf__string", - "locationName" : "principals", - "documentation" : "

    An array of AWS account IDs, or * to make the application public.

    " - }, - "StatementId" : { - "shape" : "__string", - "locationName" : "statementId", - "documentation" : "

    A unique ID for the statement.

    " - } - }, - "documentation" : "

    Policy statement applied to the application.

    ", - "required" : [ "Principals", "Actions" ] - }, - "ApplicationSummary" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - } - }, - "documentation" : "

    Summary of details about the application.

    ", - "required" : [ "Description", "Author", "ApplicationId", "Name" ] - }, - "ApplicationVersionPage" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - }, - "Versions" : { - "shape" : "__listOfVersionSummary", - "locationName" : "versions", - "documentation" : "

    An array of version summaries for the application.

    " - } - }, - "documentation" : "

    A list of version summaries for the application.

    ", - "required" : [ "Versions" ] - }, - "BadRequestException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    400

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    One of the parameters in the request is invalid.

    " - } - }, - "documentation" : "

    One of the parameters in the request is invalid.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 400 - } - }, - "Capability" : { - "type" : "string", - "documentation" : "

    Values that must be specified in order to deploy some applications.

    ", - "enum" : [ "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND", "CAPABILITY_RESOURCE_POLICY" ] - }, - "ChangeSetDetails" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "ChangeSetId" : { - "shape" : "__string", - "locationName" : "changeSetId", - "documentation" : "

    The Amazon Resource Name (ARN) of the change set.

    Length constraints: Minimum length of 1.

    Pattern: ARN:[-a-zA-Z0-9:/]*

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "StackId" : { - "shape" : "__string", - "locationName" : "stackId", - "documentation" : "

    The unique ID of the stack.

    " - } - }, - "documentation" : "

    Details of the change set.

    ", - "required" : [ "ChangeSetId", "ApplicationId", "StackId", "SemanticVersion" ] - }, - "ConflictException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    409

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    The resource already exists.

    " - } - }, - "documentation" : "

    The resource already exists.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 409 - } - }, - "CreateApplicationInput" : { - "type" : "structure", - "members" : { - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseBody" : { - "shape" : "__string", - "locationName" : "licenseBody", - "documentation" : "

    A local text file that contains the license of the app that matches the spdxLicenseID value of your application.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to the S3 object that contains the license of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application that you want to publish.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeBody" : { - "shape" : "__string", - "locationName" : "readmeBody", - "documentation" : "

    A local text readme file in Markdown language that contains a more detailed description of the application and how it works.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the S3 object in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "TemplateBody" : { - "shape" : "__string", - "locationName" : "templateBody", - "documentation" : "

    The local raw packaged AWS SAM template file of your application.\n The file has the format file://<path>/<filename>.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the S3 object containing the packaged AWS SAM template of your application.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " - } - }, - "documentation" : "

    Create an application request.

    ", - "required" : [ "Description", "Name", "Author" ] - }, - "CreateApplicationRequest" : { - "type" : "structure", - "members" : { - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseBody" : { - "shape" : "__string", - "locationName" : "licenseBody", - "documentation" : "

    A local text file that contains the license of the app that matches the spdxLicenseID value of your application.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to the S3 object that contains the license of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application that you want to publish.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeBody" : { - "shape" : "__string", - "locationName" : "readmeBody", - "documentation" : "

    A local text readme file in Markdown language that contains a more detailed description of the application and how it works.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the S3 object in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "TemplateBody" : { - "shape" : "__string", - "locationName" : "templateBody", - "documentation" : "

    The local raw packaged AWS SAM template file of your application.\n The file has the format file://<path>/<filename>.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the S3 object containing the packaged AWS SAM template of your application.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " - } - }, - "required" : [ "Description", "Name", "Author" ] - }, - "CreateApplicationResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "IsVerifiedAuthor" : { - "shape" : "__boolean", - "locationName" : "isVerifiedAuthor", - "documentation" : "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "VerifiedAuthorUrl" : { - "shape" : "__string", - "locationName" : "verifiedAuthorUrl", - "documentation" : "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " - }, - "Version" : { - "shape" : "Version", - "locationName" : "version", - "documentation" : "

    Version information about the application.

    " - } - } - }, - "CreateApplicationVersionInput" : { - "type" : "structure", - "members" : { - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "TemplateBody" : { - "shape" : "__string", - "locationName" : "templateBody", - "documentation" : "

    The raw packaged AWS SAM template of your application.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the packaged AWS SAM template of your application.

    " - } - }, - "documentation" : "

    Create a version request.

    " - }, - "CreateApplicationVersionRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the new version.

    " - }, - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "TemplateBody" : { - "shape" : "__string", - "locationName" : "templateBody", - "documentation" : "

    The raw packaged AWS SAM template of your application.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the packaged AWS SAM template of your application.

    " - } - }, - "required" : [ "ApplicationId", "SemanticVersion" ] - }, - "CreateApplicationVersionResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "ParameterDefinitions" : { - "shape" : "__listOfParameterDefinition", - "locationName" : "parameterDefinitions", - "documentation" : "

    An array of parameter types supported by the application.

    " - }, - "RequiredCapabilities" : { - "shape" : "__listOfCapability", - "locationName" : "requiredCapabilities", - "documentation" : "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS::TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " - }, - "ResourcesSupported" : { - "shape" : "__boolean", - "locationName" : "resourcesSupported", - "documentation" : "

    Whether all of the AWS resources contained in this application are supported in the region\n in which it is being retrieved.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the packaged AWS SAM template of your application.

    " - } - } - }, - "CreateCloudFormationChangeSetInput" : { - "type" : "structure", - "members" : { - "Capabilities" : { - "shape" : "__listOf__string", - "locationName" : "capabilities", - "documentation" : "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS:TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " - }, - "ChangeSetName" : { - "shape" : "__string", - "locationName" : "changeSetName", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "ClientToken" : { - "shape" : "__string", - "locationName" : "clientToken", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "NotificationArns" : { - "shape" : "__listOf__string", - "locationName" : "notificationArns", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "ParameterOverrides" : { - "shape" : "__listOfParameterValue", - "locationName" : "parameterOverrides", - "documentation" : "

    A list of parameter values for the parameters of the application.

    " - }, - "ResourceTypes" : { - "shape" : "__listOf__string", - "locationName" : "resourceTypes", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "RollbackConfiguration" : { - "shape" : "RollbackConfiguration", - "locationName" : "rollbackConfiguration", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "StackName" : { - "shape" : "__string", - "locationName" : "stackName", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "Tags" : { - "shape" : "__listOfTag", - "locationName" : "tags", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "TemplateId" : { - "shape" : "__string", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - } - }, - "documentation" : "

    Create an application change set request.

    ", - "required" : [ "StackName" ] - }, - "CreateCloudFormationChangeSetRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "Capabilities" : { - "shape" : "__listOf__string", - "locationName" : "capabilities", - "documentation" : "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS:TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " - }, - "ChangeSetName" : { - "shape" : "__string", - "locationName" : "changeSetName", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "ClientToken" : { - "shape" : "__string", - "locationName" : "clientToken", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "NotificationArns" : { - "shape" : "__listOf__string", - "locationName" : "notificationArns", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "ParameterOverrides" : { - "shape" : "__listOfParameterValue", - "locationName" : "parameterOverrides", - "documentation" : "

    A list of parameter values for the parameters of the application.

    " - }, - "ResourceTypes" : { - "shape" : "__listOf__string", - "locationName" : "resourceTypes", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "RollbackConfiguration" : { - "shape" : "RollbackConfiguration", - "locationName" : "rollbackConfiguration", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "StackName" : { - "shape" : "__string", - "locationName" : "stackName", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "Tags" : { - "shape" : "__listOfTag", - "locationName" : "tags", - "documentation" : "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " - }, - "TemplateId" : { - "shape" : "__string", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - } - }, - "required" : [ "ApplicationId", "StackName" ] - }, - "CreateCloudFormationChangeSetResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "ChangeSetId" : { - "shape" : "__string", - "locationName" : "changeSetId", - "documentation" : "

    The Amazon Resource Name (ARN) of the change set.

    Length constraints: Minimum length of 1.

    Pattern: ARN:[-a-zA-Z0-9:/]*

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "StackId" : { - "shape" : "__string", - "locationName" : "stackId", - "documentation" : "

    The unique ID of the stack.

    " - } - } - }, - "CreateCloudFormationTemplateRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "CreateCloudFormationTemplateResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "ExpirationTime" : { - "shape" : "__string", - "locationName" : "expirationTime", - "documentation" : "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "Status" : { - "shape" : "Status", - "locationName" : "status", - "documentation" : "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " - }, - "TemplateId" : { - "shape" : "__string", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " - } - } - }, - "DeleteApplicationRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "ForbiddenException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    403

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    The client is not authenticated.

    " - } - }, - "documentation" : "

    The client is not authenticated.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 403 - } - }, - "GetApplicationPolicyRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "GetApplicationPolicyResponse" : { - "type" : "structure", - "members" : { - "Statements" : { - "shape" : "__listOfApplicationPolicyStatement", - "locationName" : "statements", - "documentation" : "

    An array of policy statements applied to the application.

    " - } - } - }, - "GetApplicationRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application to get.

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "GetApplicationResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "IsVerifiedAuthor" : { - "shape" : "__boolean", - "locationName" : "isVerifiedAuthor", - "documentation" : "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "VerifiedAuthorUrl" : { - "shape" : "__string", - "locationName" : "verifiedAuthorUrl", - "documentation" : "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " - }, - "Version" : { - "shape" : "Version", - "locationName" : "version", - "documentation" : "

    Version information about the application.

    " - } - } - }, - "GetCloudFormationTemplateRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "TemplateId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - } - }, - "required" : [ "ApplicationId", "TemplateId" ] - }, - "GetCloudFormationTemplateResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "ExpirationTime" : { - "shape" : "__string", - "locationName" : "expirationTime", - "documentation" : "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "Status" : { - "shape" : "Status", - "locationName" : "status", - "documentation" : "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " - }, - "TemplateId" : { - "shape" : "__string", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " - } - } - }, - "InternalServerErrorException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    500

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    " - } - }, - "documentation" : "

    The AWS Serverless Application Repository service encountered an internal error.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 500 - } - }, - "ListApplicationDependenciesRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "MaxItems" : { - "shape" : "MaxItems", - "location" : "querystring", - "locationName" : "maxItems", - "documentation" : "

    The total number of items to return.

    " - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

    A token to specify where to start paginating.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application to get.

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "ListApplicationDependenciesResponse" : { - "type" : "structure", - "members" : { - "Dependencies" : { - "shape" : "__listOfApplicationDependencySummary", - "locationName" : "dependencies", - "documentation" : "

    An array of application summaries nested in the application.

    " - }, - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - } - } - }, - "ListApplicationVersionsRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "MaxItems" : { - "shape" : "MaxItems", - "location" : "querystring", - "locationName" : "maxItems", - "documentation" : "

    The total number of items to return.

    " - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

    A token to specify where to start paginating.

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "ListApplicationVersionsResponse" : { - "type" : "structure", - "members" : { - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - }, - "Versions" : { - "shape" : "__listOfVersionSummary", - "locationName" : "versions", - "documentation" : "

    An array of version summaries for the application.

    " - } - } - }, - "ListApplicationsRequest" : { - "type" : "structure", - "members" : { - "MaxItems" : { - "shape" : "MaxItems", - "location" : "querystring", - "locationName" : "maxItems", - "documentation" : "

    The total number of items to return.

    " - }, - "NextToken" : { - "shape" : "__string", - "location" : "querystring", - "locationName" : "nextToken", - "documentation" : "

    A token to specify where to start paginating.

    " - } - } - }, - "ListApplicationsResponse" : { - "type" : "structure", - "members" : { - "Applications" : { - "shape" : "__listOfApplicationSummary", - "locationName" : "applications", - "documentation" : "

    An array of application summaries.

    " - }, - "NextToken" : { - "shape" : "__string", - "locationName" : "nextToken", - "documentation" : "

    The token to request the next page of results.

    " - } - } - }, - "MaxItems" : { - "type" : "integer", - "min" : 1, - "max" : 100 - }, - "NotFoundException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    404

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " - } - }, - "documentation" : "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 404 - } - }, - "ParameterDefinition" : { - "type" : "structure", - "members" : { - "AllowedPattern" : { - "shape" : "__string", - "locationName" : "allowedPattern", - "documentation" : "

    A regular expression that represents the patterns to allow for String types.

    " - }, - "AllowedValues" : { - "shape" : "__listOf__string", - "locationName" : "allowedValues", - "documentation" : "

    An array containing the list of values allowed for the parameter.

    " - }, - "ConstraintDescription" : { - "shape" : "__string", - "locationName" : "constraintDescription", - "documentation" : "

    A string that explains a constraint when the constraint is violated. For example, without a constraint description,\n a parameter that has an allowed pattern of [A-Za-z0-9]+ displays the following error message when the user\n specifies an invalid value:

    \n Malformed input-Parameter MyParameter must match pattern [A-Za-z0-9]+\n

    By adding a constraint description, such as \"must contain only uppercase and lowercase letters and numbers,\" you can display\n the following customized error message:

    \n Malformed input-Parameter MyParameter must contain only uppercase and lowercase letters and numbers.\n

    " - }, - "DefaultValue" : { - "shape" : "__string", - "locationName" : "defaultValue", - "documentation" : "

    A value of the appropriate type for the template to use if no value is specified when a stack is created.\n If you define constraints for the parameter, you must specify a value that adheres to those constraints.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    A string of up to 4,000 characters that describes the parameter.

    " - }, - "MaxLength" : { - "shape" : "__integer", - "locationName" : "maxLength", - "documentation" : "

    An integer value that determines the largest number of characters that you want to allow for String types.

    " - }, - "MaxValue" : { - "shape" : "__integer", - "locationName" : "maxValue", - "documentation" : "

    A numeric value that determines the largest numeric value that you want to allow for Number types.

    " - }, - "MinLength" : { - "shape" : "__integer", - "locationName" : "minLength", - "documentation" : "

    An integer value that determines the smallest number of characters that you want to allow for String types.

    " - }, - "MinValue" : { - "shape" : "__integer", - "locationName" : "minValue", - "documentation" : "

    A numeric value that determines the smallest numeric value that you want to allow for Number types.

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the parameter.

    " - }, - "NoEcho" : { - "shape" : "__boolean", - "locationName" : "noEcho", - "documentation" : "

    Whether to mask the parameter value whenever anyone makes a call that describes the stack. If you set the\n value to true, the parameter value is masked with asterisks (*****).

    " - }, - "ReferencedByResources" : { - "shape" : "__listOf__string", - "locationName" : "referencedByResources", - "documentation" : "

    A list of AWS SAM resources that use this parameter.

    " - }, - "Type" : { - "shape" : "__string", - "locationName" : "type", - "documentation" : "

    The type of the parameter.

    Valid values: String | Number | List<Number> | CommaDelimitedList\n

    \n String: A literal string.

    For example, users can specify \"MyUserName\".

    \n Number: An integer or float. AWS CloudFormation validates the parameter value as a number. However, when you use the\n parameter elsewhere in your template (for example, by using the Ref intrinsic function), the parameter value becomes a string.

    For example, users might specify \"8888\".

    \n List<Number>: An array of integers or floats that are separated by commas. AWS CloudFormation validates the parameter value as numbers. However, when\n you use the parameter elsewhere in your template (for example, by using the Ref intrinsic function), the parameter value becomes a list of strings.

    For example, users might specify \"80,20\", and then Ref results in [\"80\",\"20\"].

    \n CommaDelimitedList: An array of literal strings that are separated by commas. The total number of strings should be one more than the total number of commas.\n Also, each member string is space-trimmed.

    For example, users might specify \"test,dev,prod\", and then Ref results in [\"test\",\"dev\",\"prod\"].

    " - } - }, - "documentation" : "

    Parameters supported by the application.

    ", - "required" : [ "ReferencedByResources", "Name" ] - }, - "ParameterValue" : { - "type" : "structure", - "members" : { - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The key associated with the parameter. If you don't specify a key and value for a particular parameter, AWS CloudFormation\n uses the default value that is specified in your template.

    " - }, - "Value" : { - "shape" : "__string", - "locationName" : "value", - "documentation" : "

    The input value associated with the parameter.

    " - } - }, - "documentation" : "

    Parameter value of the application.

    ", - "required" : [ "Value", "Name" ] - }, - "PutApplicationPolicyRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "Statements" : { - "shape" : "__listOfApplicationPolicyStatement", - "locationName" : "statements", - "documentation" : "

    An array of policy statements applied to the application.

    " - } - }, - "required" : [ "ApplicationId", "Statements" ] - }, - "PutApplicationPolicyResponse" : { - "type" : "structure", - "members" : { - "Statements" : { - "shape" : "__listOfApplicationPolicyStatement", - "locationName" : "statements", - "documentation" : "

    An array of policy statements applied to the application.

    " - } - } - }, - "RollbackConfiguration" : { - "type" : "structure", - "members" : { - "MonitoringTimeInMinutes" : { - "shape" : "__integer", - "locationName" : "monitoringTimeInMinutes", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackConfiguration\n Data Type.

    " - }, - "RollbackTriggers" : { - "shape" : "__listOfRollbackTrigger", - "locationName" : "rollbackTriggers", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackConfiguration\n Data Type.

    " - } - }, - "documentation" : "

    This property corresponds to the AWS CloudFormation RollbackConfiguration\n Data Type.

    " - }, - "RollbackTrigger" : { - "type" : "structure", - "members" : { - "Arn" : { - "shape" : "__string", - "locationName" : "arn", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackTrigger\n Data Type.

    " - }, - "Type" : { - "shape" : "__string", - "locationName" : "type", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackTrigger\n Data Type.

    " - } - }, - "documentation" : "

    This property corresponds to the AWS CloudFormation RollbackTrigger\n Data Type.

    ", - "required" : [ "Type", "Arn" ] - }, - "Status" : { - "type" : "string", - "enum" : [ "PREPARING", "ACTIVE", "EXPIRED" ] - }, - "Tag" : { - "type" : "structure", - "members" : { - "Key" : { - "shape" : "__string", - "locationName" : "key", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation Tag\n Data Type.

    " - }, - "Value" : { - "shape" : "__string", - "locationName" : "value", - "documentation" : "

    This property corresponds to the content of the same name for the AWS CloudFormation \n Tag\n \n Data Type.

    " - } - }, - "documentation" : "

    This property corresponds to the AWS CloudFormation Tag\n Data Type.

    ", - "required" : [ "Value", "Key" ] - }, - "TemplateDetails" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "ExpirationTime" : { - "shape" : "__string", - "locationName" : "expirationTime", - "documentation" : "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "Status" : { - "shape" : "Status", - "locationName" : "status", - "documentation" : "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " - }, - "TemplateId" : { - "shape" : "__string", - "locationName" : "templateId", - "documentation" : "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " - } - }, - "documentation" : "

    Details of the template.

    ", - "required" : [ "Status", "TemplateUrl", "CreationTime", "ExpirationTime", "ApplicationId", "TemplateId", "SemanticVersion" ] - }, - "TooManyRequestsException" : { - "type" : "structure", - "members" : { - "ErrorCode" : { - "shape" : "__string", - "locationName" : "errorCode", - "documentation" : "

    429

    " - }, - "Message" : { - "shape" : "__string", - "locationName" : "message", - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    " - } - }, - "documentation" : "

    The client is sending more than the allowed number of requests per unit of time.

    ", - "exception" : true, - "error" : { - "httpStatusCode" : 429 - } - }, - "UnshareApplicationInput" : { - "type" : "structure", - "members" : { - "OrganizationId" : { - "shape" : "__string", - "locationName" : "organizationId", - "documentation" : "

    The AWS Organization ID to unshare the application from.

    " - } - }, - "required" : [ "OrganizationId" ], - "documentation":"

    Unshare application request.

    " - }, - "UnshareApplicationRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "OrganizationId" : { - "shape" : "__string", - "locationName" : "organizationId", - "documentation" : "

    The AWS Organization ID to unshare the application from.

    " - } - }, - "required" : [ "ApplicationId", "OrganizationId" ] - }, - "UpdateApplicationInput" : { - "type" : "structure", - "members" : { - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "ReadmeBody" : { - "shape" : "__string", - "locationName" : "readmeBody", - "documentation" : "

    A text readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - } - }, - "documentation" : "

    Update the application request.

    " - }, - "UpdateApplicationRequest" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "location" : "uri", - "locationName" : "applicationId", - "documentation" : "

    The Amazon Resource Name (ARN) of the application.

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "ReadmeBody" : { - "shape" : "__string", - "locationName" : "readmeBody", - "documentation" : "

    A text readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - } - }, - "required" : [ "ApplicationId" ] - }, - "UpdateApplicationResponse" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "Author" : { - "shape" : "__string", - "locationName" : "author", - "documentation" : "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "Description" : { - "shape" : "__string", - "locationName" : "description", - "documentation" : "

    The description of the application.

    Minimum length=1. Maximum length=256

    " - }, - "HomePageUrl" : { - "shape" : "__string", - "locationName" : "homePageUrl", - "documentation" : "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " - }, - "IsVerifiedAuthor" : { - "shape" : "__boolean", - "locationName" : "isVerifiedAuthor", - "documentation" : "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " - }, - "Labels" : { - "shape" : "__listOf__string", - "locationName" : "labels", - "documentation" : "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " - }, - "LicenseUrl" : { - "shape" : "__string", - "locationName" : "licenseUrl", - "documentation" : "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " - }, - "Name" : { - "shape" : "__string", - "locationName" : "name", - "documentation" : "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " - }, - "ReadmeUrl" : { - "shape" : "__string", - "locationName" : "readmeUrl", - "documentation" : "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " - }, - "SpdxLicenseId" : { - "shape" : "__string", - "locationName" : "spdxLicenseId", - "documentation" : "

    A valid identifier from https://spdx.org/licenses/.

    " - }, - "VerifiedAuthorUrl" : { - "shape" : "__string", - "locationName" : "verifiedAuthorUrl", - "documentation" : "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " - }, - "Version" : { - "shape" : "Version", - "locationName" : "version", - "documentation" : "

    Version information about the application.

    " - } - } - }, - "Version" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "ParameterDefinitions" : { - "shape" : "__listOfParameterDefinition", - "locationName" : "parameterDefinitions", - "documentation" : "

    An array of parameter types supported by the application.

    " - }, - "RequiredCapabilities" : { - "shape" : "__listOfCapability", - "locationName" : "requiredCapabilities", - "documentation" : "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS::TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " - }, - "ResourcesSupported" : { - "shape" : "__boolean", - "locationName" : "resourcesSupported", - "documentation" : "

    Whether all of the AWS resources contained in this application are supported in the region\n in which it is being retrieved.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "SourceCodeArchiveUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeArchiveUrl", - "documentation" : "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - }, - "TemplateUrl" : { - "shape" : "__string", - "locationName" : "templateUrl", - "documentation" : "

    A link to the packaged AWS SAM template of your application.

    " - } - }, - "documentation" : "

    Application version details.

    ", - "required" : [ "TemplateUrl", "ParameterDefinitions", "ResourcesSupported", "CreationTime", "RequiredCapabilities", "ApplicationId", "SemanticVersion" ] - }, - "VersionSummary" : { - "type" : "structure", - "members" : { - "ApplicationId" : { - "shape" : "__string", - "locationName" : "applicationId", - "documentation" : "

    The application Amazon Resource Name (ARN).

    " - }, - "CreationTime" : { - "shape" : "__string", - "locationName" : "creationTime", - "documentation" : "

    The date and time this resource was created.

    " - }, - "SemanticVersion" : { - "shape" : "__string", - "locationName" : "semanticVersion", - "documentation" : "

    The semantic version of the application:

    \n https://semver.org/\n

    " - }, - "SourceCodeUrl" : { - "shape" : "__string", - "locationName" : "sourceCodeUrl", - "documentation" : "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " - } - }, - "documentation" : "

    An application version summary.

    ", - "required" : [ "CreationTime", "ApplicationId", "SemanticVersion" ] - }, - "__boolean" : { - "type" : "boolean" - }, - "__double" : { - "type" : "double" - }, - "__integer" : { - "type" : "integer" - }, - "__listOfApplicationDependencySummary" : { - "type" : "list", - "member" : { - "shape" : "ApplicationDependencySummary" - } - }, - "__listOfApplicationPolicyStatement" : { - "type" : "list", - "member" : { - "shape" : "ApplicationPolicyStatement" - } - }, - "__listOfApplicationSummary" : { - "type" : "list", - "member" : { - "shape" : "ApplicationSummary" - } - }, - "__listOfCapability" : { - "type" : "list", - "member" : { - "shape" : "Capability" - } - }, - "__listOfParameterDefinition" : { - "type" : "list", - "member" : { - "shape" : "ParameterDefinition" - } - }, - "__listOfParameterValue" : { - "type" : "list", - "member" : { - "shape" : "ParameterValue" - } - }, - "__listOfRollbackTrigger" : { - "type" : "list", - "member" : { - "shape" : "RollbackTrigger" - } - }, - "__listOfTag" : { - "type" : "list", - "member" : { - "shape" : "Tag" - } - }, - "__listOfVersionSummary" : { - "type" : "list", - "member" : { - "shape" : "VersionSummary" - } - }, - "__listOf__string" : { - "type" : "list", - "member" : { - "shape" : "__string" + "shapes": { + "Application": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "IsVerifiedAuthor": { + "shape": "__boolean", + "locationName": "isVerifiedAuthor", + "documentation": "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "VerifiedAuthorUrl": { + "shape": "__string", + "locationName": "verifiedAuthorUrl", + "documentation": "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " + }, + "Version": { + "shape": "Version", + "locationName": "version", + "documentation": "

    Version information about the application.

    " + } + }, + "documentation": "

    Details about the application.

    ", + "required": [ + "Description", + "Author", + "ApplicationId", + "Name" + ] + }, + "ApplicationDependencyPage": { + "type": "structure", + "members": { + "Dependencies": { + "shape": "__listOfApplicationDependencySummary", + "locationName": "dependencies", + "documentation": "

    An array of application summaries nested in the application.

    " + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + } + }, + "documentation": "

    A list of application summaries nested in the application.

    ", + "required": [ + "Dependencies" + ] + }, + "ApplicationDependencySummary": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the nested application.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the nested application.

    " + } + }, + "documentation": "

    A nested application summary.

    ", + "required": [ + "ApplicationId", + "SemanticVersion" + ] + }, + "ApplicationPage": { + "type": "structure", + "members": { + "Applications": { + "shape": "__listOfApplicationSummary", + "locationName": "applications", + "documentation": "

    An array of application summaries.

    " + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + } + }, + "documentation": "

    A list of application details.

    ", + "required": [ + "Applications" + ] + }, + "ApplicationPolicy": { + "type": "structure", + "members": { + "Statements": { + "shape": "__listOfApplicationPolicyStatement", + "locationName": "statements", + "documentation": "

    An array of policy statements applied to the application.

    " + } + }, + "documentation": "

    Policy statements applied to the application.

    ", + "required": [ + "Statements" + ] + }, + "ApplicationPolicyStatement": { + "type": "structure", + "members": { + "Actions": { + "shape": "__listOf__string", + "locationName": "actions", + "documentation": "

    For the list of actions supported for this operation, see Application \n Permissions.

    " + }, + "PrincipalOrgIDs": { + "shape": "__listOf__string", + "locationName": "principalOrgIDs", + "documentation": "

    An array of PrinciplalOrgIDs, which corresponds to AWS IAM aws:PrincipalOrgID global condition key.

    " + }, + "Principals": { + "shape": "__listOf__string", + "locationName": "principals", + "documentation": "

    An array of AWS account IDs, or * to make the application public.

    " + }, + "StatementId": { + "shape": "__string", + "locationName": "statementId", + "documentation": "

    A unique ID for the statement.

    " + } + }, + "documentation": "

    Policy statement applied to the application.

    ", + "required": [ + "Principals", + "Actions" + ] + }, + "ApplicationSummary": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + } + }, + "documentation": "

    Summary of details about the application.

    ", + "required": [ + "Description", + "Author", + "ApplicationId", + "Name" + ] + }, + "ApplicationVersionPage": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + }, + "Versions": { + "shape": "__listOfVersionSummary", + "locationName": "versions", + "documentation": "

    An array of version summaries for the application.

    " + } + }, + "documentation": "

    A list of version summaries for the application.

    ", + "required": [ + "Versions" + ] + }, + "BadRequestException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    400

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    One of the parameters in the request is invalid.

    " + } + }, + "documentation": "

    One of the parameters in the request is invalid.

    ", + "exception": true, + "error": { + "httpStatusCode": 400 + } + }, + "Capability": { + "type": "string", + "documentation": "

    Values that must be specified in order to deploy some applications.

    ", + "enum": [ + "CAPABILITY_IAM", + "CAPABILITY_NAMED_IAM", + "CAPABILITY_AUTO_EXPAND", + "CAPABILITY_RESOURCE_POLICY" + ] + }, + "ChangeSetDetails": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "ChangeSetId": { + "shape": "__string", + "locationName": "changeSetId", + "documentation": "

    The Amazon Resource Name (ARN) of the change set.

    Length constraints: Minimum length of 1.

    Pattern: ARN:[-a-zA-Z0-9:/]*

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "StackId": { + "shape": "__string", + "locationName": "stackId", + "documentation": "

    The unique ID of the stack.

    " + } + }, + "documentation": "

    Details of the change set.

    ", + "required": [ + "ChangeSetId", + "ApplicationId", + "StackId", + "SemanticVersion" + ] + }, + "ConflictException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    409

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    The resource already exists.

    " + } + }, + "documentation": "

    The resource already exists.

    ", + "exception": true, + "error": { + "httpStatusCode": 409 + } + }, + "CreateApplicationInput": { + "type": "structure", + "members": { + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseBody": { + "shape": "__string", + "locationName": "licenseBody", + "documentation": "

    A local text file that contains the license of the app that matches the spdxLicenseID value of your application.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to the S3 object that contains the license of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application that you want to publish.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeBody": { + "shape": "__string", + "locationName": "readmeBody", + "documentation": "

    A local text readme file in Markdown language that contains a more detailed description of the application and how it works.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the S3 object in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "TemplateBody": { + "shape": "__string", + "locationName": "templateBody", + "documentation": "

    The local raw packaged AWS SAM template file of your application.\n The file has the format file://<path>/<filename>.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the S3 object containing the packaged AWS SAM template of your application.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " + } + }, + "documentation": "

    Create an application request.

    ", + "required": [ + "Description", + "Name", + "Author" + ] + }, + "CreateApplicationRequest": { + "type": "structure", + "members": { + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseBody": { + "shape": "__string", + "locationName": "licenseBody", + "documentation": "

    A local text file that contains the license of the app that matches the spdxLicenseID value of your application.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to the S3 object that contains the license of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    You can specify only one of licenseBody and licenseUrl; otherwise, an error results.

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application that you want to publish.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeBody": { + "shape": "__string", + "locationName": "readmeBody", + "documentation": "

    A local text readme file in Markdown language that contains a more detailed description of the application and how it works.\n The file has the format file://<path>/<filename>.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the S3 object in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    You can specify only one of readmeBody and readmeUrl; otherwise, an error results.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "TemplateBody": { + "shape": "__string", + "locationName": "templateBody", + "documentation": "

    The local raw packaged AWS SAM template file of your application.\n The file has the format file://<path>/<filename>.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the S3 object containing the packaged AWS SAM template of your application.

    You can specify only one of templateBody and templateUrl; otherwise an error results.

    " + } + }, + "required": [ + "Description", + "Name", + "Author" + ] + }, + "CreateApplicationResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "IsVerifiedAuthor": { + "shape": "__boolean", + "locationName": "isVerifiedAuthor", + "documentation": "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "VerifiedAuthorUrl": { + "shape": "__string", + "locationName": "verifiedAuthorUrl", + "documentation": "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " + }, + "Version": { + "shape": "Version", + "locationName": "version", + "documentation": "

    Version information about the application.

    " + } + } + }, + "CreateApplicationVersionInput": { + "type": "structure", + "members": { + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "TemplateBody": { + "shape": "__string", + "locationName": "templateBody", + "documentation": "

    The raw packaged AWS SAM template of your application.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the packaged AWS SAM template of your application.

    " + } + }, + "documentation": "

    Create a version request.

    " + }, + "CreateApplicationVersionRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "SemanticVersion": { + "shape": "__string", + "location": "uri", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the new version.

    " + }, + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "TemplateBody": { + "shape": "__string", + "locationName": "templateBody", + "documentation": "

    The raw packaged AWS SAM template of your application.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the packaged AWS SAM template of your application.

    " + } + }, + "required": [ + "ApplicationId", + "SemanticVersion" + ] + }, + "CreateApplicationVersionResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "ParameterDefinitions": { + "shape": "__listOfParameterDefinition", + "locationName": "parameterDefinitions", + "documentation": "

    An array of parameter types supported by the application.

    " + }, + "RequiredCapabilities": { + "shape": "__listOfCapability", + "locationName": "requiredCapabilities", + "documentation": "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS::TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " + }, + "ResourcesSupported": { + "shape": "__boolean", + "locationName": "resourcesSupported", + "documentation": "

    Whether all of the AWS resources contained in this application are supported in the region\n in which it is being retrieved.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the packaged AWS SAM template of your application.

    " + } + } + }, + "CreateCloudFormationChangeSetInput": { + "type": "structure", + "members": { + "Capabilities": { + "shape": "__listOf__string", + "locationName": "capabilities", + "documentation": "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS:TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " + }, + "ChangeSetName": { + "shape": "__string", + "locationName": "changeSetName", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "ClientToken": { + "shape": "__string", + "locationName": "clientToken", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "NotificationArns": { + "shape": "__listOf__string", + "locationName": "notificationArns", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "ParameterOverrides": { + "shape": "__listOfParameterValue", + "locationName": "parameterOverrides", + "documentation": "

    A list of parameter values for the parameters of the application.

    " + }, + "ResourceTypes": { + "shape": "__listOf__string", + "locationName": "resourceTypes", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "RollbackConfiguration": { + "shape": "RollbackConfiguration", + "locationName": "rollbackConfiguration", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "StackName": { + "shape": "__string", + "locationName": "stackName", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "Tags": { + "shape": "__listOfTag", + "locationName": "tags", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "TemplateId": { + "shape": "__string", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + } + }, + "documentation": "

    Create an application change set request.

    ", + "required": [ + "StackName" + ] + }, + "CreateCloudFormationChangeSetRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "Capabilities": { + "shape": "__listOf__string", + "locationName": "capabilities", + "documentation": "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS:TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " + }, + "ChangeSetName": { + "shape": "__string", + "locationName": "changeSetName", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "ClientToken": { + "shape": "__string", + "locationName": "clientToken", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "NotificationArns": { + "shape": "__listOf__string", + "locationName": "notificationArns", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "ParameterOverrides": { + "shape": "__listOfParameterValue", + "locationName": "parameterOverrides", + "documentation": "

    A list of parameter values for the parameters of the application.

    " + }, + "ResourceTypes": { + "shape": "__listOf__string", + "locationName": "resourceTypes", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "RollbackConfiguration": { + "shape": "RollbackConfiguration", + "locationName": "rollbackConfiguration", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "StackName": { + "shape": "__string", + "locationName": "stackName", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "Tags": { + "shape": "__listOfTag", + "locationName": "tags", + "documentation": "

    This property corresponds to the parameter of the same name for the AWS CloudFormation CreateChangeSet\n API.

    " + }, + "TemplateId": { + "shape": "__string", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + } + }, + "required": [ + "ApplicationId", + "StackName" + ] + }, + "CreateCloudFormationChangeSetResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "ChangeSetId": { + "shape": "__string", + "locationName": "changeSetId", + "documentation": "

    The Amazon Resource Name (ARN) of the change set.

    Length constraints: Minimum length of 1.

    Pattern: ARN:[-a-zA-Z0-9:/]*

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "StackId": { + "shape": "__string", + "locationName": "stackId", + "documentation": "

    The unique ID of the stack.

    " + } + } + }, + "CreateCloudFormationTemplateRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "CreateCloudFormationTemplateResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "ExpirationTime": { + "shape": "__string", + "locationName": "expirationTime", + "documentation": "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " + }, + "TemplateId": { + "shape": "__string", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " + } + } + }, + "DeleteApplicationRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "ForbiddenException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    403

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    The client is not authenticated.

    " + } + }, + "documentation": "

    The client is not authenticated.

    ", + "exception": true, + "error": { + "httpStatusCode": 403 + } + }, + "GetApplicationPolicyRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "GetApplicationPolicyResponse": { + "type": "structure", + "members": { + "Statements": { + "shape": "__listOfApplicationPolicyStatement", + "locationName": "statements", + "documentation": "

    An array of policy statements applied to the application.

    " + } + } + }, + "GetApplicationRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "SemanticVersion": { + "shape": "__string", + "location": "querystring", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application to get.

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "GetApplicationResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "IsVerifiedAuthor": { + "shape": "__boolean", + "locationName": "isVerifiedAuthor", + "documentation": "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "VerifiedAuthorUrl": { + "shape": "__string", + "locationName": "verifiedAuthorUrl", + "documentation": "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " + }, + "Version": { + "shape": "Version", + "locationName": "version", + "documentation": "

    Version information about the application.

    " + } + } + }, + "GetCloudFormationTemplateRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "TemplateId": { + "shape": "__string", + "location": "uri", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + } + }, + "required": [ + "ApplicationId", + "TemplateId" + ] + }, + "GetCloudFormationTemplateResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "ExpirationTime": { + "shape": "__string", + "locationName": "expirationTime", + "documentation": "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " + }, + "TemplateId": { + "shape": "__string", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " + } + } + }, + "InternalServerErrorException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    500

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    " + } + }, + "documentation": "

    The AWS Serverless Application Repository service encountered an internal error.

    ", + "exception": true, + "error": { + "httpStatusCode": 500 + } + }, + "ListApplicationDependenciesRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "MaxItems": { + "shape": "MaxItems", + "location": "querystring", + "locationName": "maxItems", + "documentation": "

    The total number of items to return.

    " + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

    A token to specify where to start paginating.

    " + }, + "SemanticVersion": { + "shape": "__string", + "location": "querystring", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application to get.

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "ListApplicationDependenciesResponse": { + "type": "structure", + "members": { + "Dependencies": { + "shape": "__listOfApplicationDependencySummary", + "locationName": "dependencies", + "documentation": "

    An array of application summaries nested in the application.

    " + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + } + } + }, + "ListApplicationVersionsRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "MaxItems": { + "shape": "MaxItems", + "location": "querystring", + "locationName": "maxItems", + "documentation": "

    The total number of items to return.

    " + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

    A token to specify where to start paginating.

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "ListApplicationVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + }, + "Versions": { + "shape": "__listOfVersionSummary", + "locationName": "versions", + "documentation": "

    An array of version summaries for the application.

    " + } + } + }, + "ListApplicationsRequest": { + "type": "structure", + "members": { + "MaxItems": { + "shape": "MaxItems", + "location": "querystring", + "locationName": "maxItems", + "documentation": "

    The total number of items to return.

    " + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "

    A token to specify where to start paginating.

    " + } + } + }, + "ListApplicationsResponse": { + "type": "structure", + "members": { + "Applications": { + "shape": "__listOfApplicationSummary", + "locationName": "applications", + "documentation": "

    An array of application summaries.

    " + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "

    The token to request the next page of results.

    " + } + } + }, + "MaxItems": { + "type": "integer", + "min": 1, + "max": 100 + }, + "NotFoundException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    404

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    " + } + }, + "documentation": "

    The resource (for example, an access policy statement) specified in the request doesn't exist.

    ", + "exception": true, + "error": { + "httpStatusCode": 404 + } + }, + "ParameterDefinition": { + "type": "structure", + "members": { + "AllowedPattern": { + "shape": "__string", + "locationName": "allowedPattern", + "documentation": "

    A regular expression that represents the patterns to allow for String types.

    " + }, + "AllowedValues": { + "shape": "__listOf__string", + "locationName": "allowedValues", + "documentation": "

    An array containing the list of values allowed for the parameter.

    " + }, + "ConstraintDescription": { + "shape": "__string", + "locationName": "constraintDescription", + "documentation": "

    A string that explains a constraint when the constraint is violated. For example, without a constraint description,\n a parameter that has an allowed pattern of [A-Za-z0-9]+ displays the following error message when the user\n specifies an invalid value:

    \n Malformed input-Parameter MyParameter must match pattern [A-Za-z0-9]+\n

    By adding a constraint description, such as \"must contain only uppercase and lowercase letters and numbers,\" you can display\n the following customized error message:

    \n Malformed input-Parameter MyParameter must contain only uppercase and lowercase letters and numbers.\n

    " + }, + "DefaultValue": { + "shape": "__string", + "locationName": "defaultValue", + "documentation": "

    A value of the appropriate type for the template to use if no value is specified when a stack is created.\n If you define constraints for the parameter, you must specify a value that adheres to those constraints.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    A string of up to 4,000 characters that describes the parameter.

    " + }, + "MaxLength": { + "shape": "__integer", + "locationName": "maxLength", + "documentation": "

    An integer value that determines the largest number of characters that you want to allow for String types.

    " + }, + "MaxValue": { + "shape": "__integer", + "locationName": "maxValue", + "documentation": "

    A numeric value that determines the largest numeric value that you want to allow for Number types.

    " + }, + "MinLength": { + "shape": "__integer", + "locationName": "minLength", + "documentation": "

    An integer value that determines the smallest number of characters that you want to allow for String types.

    " + }, + "MinValue": { + "shape": "__integer", + "locationName": "minValue", + "documentation": "

    A numeric value that determines the smallest numeric value that you want to allow for Number types.

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the parameter.

    " + }, + "NoEcho": { + "shape": "__boolean", + "locationName": "noEcho", + "documentation": "

    Whether to mask the parameter value whenever anyone makes a call that describes the stack. If you set the\n value to true, the parameter value is masked with asterisks (*****).

    " + }, + "ReferencedByResources": { + "shape": "__listOf__string", + "locationName": "referencedByResources", + "documentation": "

    A list of AWS SAM resources that use this parameter.

    " + }, + "Type": { + "shape": "__string", + "locationName": "type", + "documentation": "

    The type of the parameter.

    Valid values: String | Number | List<Number> | CommaDelimitedList\n

    \n String: A literal string.

    For example, users can specify \"MyUserName\".

    \n Number: An integer or float. AWS CloudFormation validates the parameter value as a number. However, when you use the\n parameter elsewhere in your template (for example, by using the Ref intrinsic function), the parameter value becomes a string.

    For example, users might specify \"8888\".

    \n List<Number>: An array of integers or floats that are separated by commas. AWS CloudFormation validates the parameter value as numbers. However, when\n you use the parameter elsewhere in your template (for example, by using the Ref intrinsic function), the parameter value becomes a list of strings.

    For example, users might specify \"80,20\", and then Ref results in [\"80\",\"20\"].

    \n CommaDelimitedList: An array of literal strings that are separated by commas. The total number of strings should be one more than the total number of commas.\n Also, each member string is space-trimmed.

    For example, users might specify \"test,dev,prod\", and then Ref results in [\"test\",\"dev\",\"prod\"].

    " + } + }, + "documentation": "

    Parameters supported by the application.

    ", + "required": [ + "ReferencedByResources", + "Name" + ] + }, + "ParameterValue": { + "type": "structure", + "members": { + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The key associated with the parameter. If you don't specify a key and value for a particular parameter, AWS CloudFormation\n uses the default value that is specified in your template.

    " + }, + "Value": { + "shape": "__string", + "locationName": "value", + "documentation": "

    The input value associated with the parameter.

    " + } + }, + "documentation": "

    Parameter value of the application.

    ", + "required": [ + "Value", + "Name" + ] + }, + "PutApplicationPolicyRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "Statements": { + "shape": "__listOfApplicationPolicyStatement", + "locationName": "statements", + "documentation": "

    An array of policy statements applied to the application.

    " + } + }, + "required": [ + "ApplicationId", + "Statements" + ] + }, + "PutApplicationPolicyResponse": { + "type": "structure", + "members": { + "Statements": { + "shape": "__listOfApplicationPolicyStatement", + "locationName": "statements", + "documentation": "

    An array of policy statements applied to the application.

    " + } + } + }, + "RollbackConfiguration": { + "type": "structure", + "members": { + "MonitoringTimeInMinutes": { + "shape": "__integer", + "locationName": "monitoringTimeInMinutes", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackConfiguration\n Data Type.

    " + }, + "RollbackTriggers": { + "shape": "__listOfRollbackTrigger", + "locationName": "rollbackTriggers", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackConfiguration\n Data Type.

    " + } + }, + "documentation": "

    This property corresponds to the AWS CloudFormation RollbackConfiguration\n Data Type.

    " + }, + "RollbackTrigger": { + "type": "structure", + "members": { + "Arn": { + "shape": "__string", + "locationName": "arn", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackTrigger\n Data Type.

    " + }, + "Type": { + "shape": "__string", + "locationName": "type", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation RollbackTrigger\n Data Type.

    " + } + }, + "documentation": "

    This property corresponds to the AWS CloudFormation RollbackTrigger\n Data Type.

    ", + "required": [ + "Type", + "Arn" + ] + }, + "Status": { + "type": "string", + "enum": [ + "PREPARING", + "ACTIVE", + "EXPIRED" + ] + }, + "Tag": { + "type": "structure", + "members": { + "Key": { + "shape": "__string", + "locationName": "key", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation Tag\n Data Type.

    " + }, + "Value": { + "shape": "__string", + "locationName": "value", + "documentation": "

    This property corresponds to the content of the same name for the AWS CloudFormation \n Tag\n \n Data Type.

    " + } + }, + "documentation": "

    This property corresponds to the AWS CloudFormation Tag\n Data Type.

    ", + "required": [ + "Value", + "Key" + ] + }, + "TemplateDetails": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "ExpirationTime": { + "shape": "__string", + "locationName": "expirationTime", + "documentation": "

    The date and time this template expires. Templates\n expire 1 hour after creation.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "

    Status of the template creation workflow.

    Possible values: PREPARING | ACTIVE | EXPIRED\n

    " + }, + "TemplateId": { + "shape": "__string", + "locationName": "templateId", + "documentation": "

    The UUID returned by CreateCloudFormationTemplate.

    Pattern: [0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the template that can be used to deploy the application using\n AWS CloudFormation.

    " + } + }, + "documentation": "

    Details of the template.

    ", + "required": [ + "Status", + "TemplateUrl", + "CreationTime", + "ExpirationTime", + "ApplicationId", + "TemplateId", + "SemanticVersion" + ] + }, + "TooManyRequestsException": { + "type": "structure", + "members": { + "ErrorCode": { + "shape": "__string", + "locationName": "errorCode", + "documentation": "

    429

    " + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    " + } + }, + "documentation": "

    The client is sending more than the allowed number of requests per unit of time.

    ", + "exception": true, + "error": { + "httpStatusCode": 429 + } + }, + "UnshareApplicationInput": { + "type": "structure", + "members": { + "OrganizationId": { + "shape": "__string", + "locationName": "organizationId", + "documentation": "

    The AWS Organization ID to unshare the application from.

    " + } + }, + "required": [ + "OrganizationId" + ], + "documentation": "

    Unshare application request.

    " + }, + "UnshareApplicationRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "OrganizationId": { + "shape": "__string", + "locationName": "organizationId", + "documentation": "

    The AWS Organization ID to unshare the application from.

    " + } + }, + "required": [ + "ApplicationId", + "OrganizationId" + ] + }, + "UpdateApplicationInput": { + "type": "structure", + "members": { + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "ReadmeBody": { + "shape": "__string", + "locationName": "readmeBody", + "documentation": "

    A text readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + } + }, + "documentation": "

    Update the application request.

    " + }, + "UpdateApplicationRequest": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "location": "uri", + "locationName": "applicationId", + "documentation": "

    The Amazon Resource Name (ARN) of the application.

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "ReadmeBody": { + "shape": "__string", + "locationName": "readmeBody", + "documentation": "

    A text readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + } + }, + "required": [ + "ApplicationId" + ] + }, + "UpdateApplicationResponse": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "Author": { + "shape": "__string", + "locationName": "author", + "documentation": "

    The name of the author publishing the app.

    Minimum length=1. Maximum length=127.

    Pattern \"^[a-z0-9](([a-z0-9]|-(?!-))*[a-z0-9])?$\";

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "Description": { + "shape": "__string", + "locationName": "description", + "documentation": "

    The description of the application.

    Minimum length=1. Maximum length=256

    " + }, + "HomePageUrl": { + "shape": "__string", + "locationName": "homePageUrl", + "documentation": "

    A URL with more information about the application, for example the location of your GitHub repository for the application.

    " + }, + "IsVerifiedAuthor": { + "shape": "__boolean", + "locationName": "isVerifiedAuthor", + "documentation": "

    Whether the author of this application has been verified. This means means that AWS has made a good faith review, as a reasonable and prudent service provider, of the information provided by the requester and has confirmed that the requester's identity is as claimed.

    " + }, + "Labels": { + "shape": "__listOf__string", + "locationName": "labels", + "documentation": "

    Labels to improve discovery of apps in search results.

    Minimum length=1. Maximum length=127. Maximum number of labels: 10

    Pattern: \"^[a-zA-Z0-9+\\\\-_:\\\\/@]+$\";

    " + }, + "LicenseUrl": { + "shape": "__string", + "locationName": "licenseUrl", + "documentation": "

    A link to a license file of the app that matches the spdxLicenseID value of your application.

    Maximum size 5 MB

    " + }, + "Name": { + "shape": "__string", + "locationName": "name", + "documentation": "

    The name of the application.

    Minimum length=1. Maximum length=140

    Pattern: \"[a-zA-Z0-9\\\\-]+\";

    " + }, + "ReadmeUrl": { + "shape": "__string", + "locationName": "readmeUrl", + "documentation": "

    A link to the readme file in Markdown language that contains a more detailed description of the application and how it works.

    Maximum size 5 MB

    " + }, + "SpdxLicenseId": { + "shape": "__string", + "locationName": "spdxLicenseId", + "documentation": "

    A valid identifier from https://spdx.org/licenses/.

    " + }, + "VerifiedAuthorUrl": { + "shape": "__string", + "locationName": "verifiedAuthorUrl", + "documentation": "

    The URL to the public profile of a verified author. This URL is submitted by the author.

    " + }, + "Version": { + "shape": "Version", + "locationName": "version", + "documentation": "

    Version information about the application.

    " + } + } + }, + "Version": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "ParameterDefinitions": { + "shape": "__listOfParameterDefinition", + "locationName": "parameterDefinitions", + "documentation": "

    An array of parameter types supported by the application.

    " + }, + "RequiredCapabilities": { + "shape": "__listOfCapability", + "locationName": "requiredCapabilities", + "documentation": "

    A list of values that you must specify before you can deploy certain applications.\n Some applications might include resources that can affect permissions in your AWS\n account, for example, by creating new AWS Identity and Access Management (IAM) users.\n For those applications, you must explicitly acknowledge their capabilities by\n specifying this parameter.

    The only valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM,\n CAPABILITY_RESOURCE_POLICY, and CAPABILITY_AUTO_EXPAND.

    The following resources require you to specify CAPABILITY_IAM or\n CAPABILITY_NAMED_IAM:\n AWS::IAM::Group,\n AWS::IAM::InstanceProfile,\n AWS::IAM::Policy, and\n AWS::IAM::Role.\n If the application contains IAM resources, you can specify either CAPABILITY_IAM\n or CAPABILITY_NAMED_IAM. If the application contains IAM resources\n with custom names, you must specify CAPABILITY_NAMED_IAM.

    The following resources require you to specify CAPABILITY_RESOURCE_POLICY:\n AWS::Lambda::Permission,\n AWS::IAM:Policy,\n AWS::ApplicationAutoScaling::ScalingPolicy,\n AWS::S3::BucketPolicy,\n AWS::SQS::QueuePolicy, and\n AWS::SNS::TopicPolicy.

    Applications that contain one or more nested applications require you to specify\n CAPABILITY_AUTO_EXPAND.

    If your application template contains any of the above resources, we recommend that you review\n all permissions associated with the application before deploying. If you don't specify\n this parameter for an application that requires capabilities, the call will fail.

    " + }, + "ResourcesSupported": { + "shape": "__boolean", + "locationName": "resourcesSupported", + "documentation": "

    Whether all of the AWS resources contained in this application are supported in the region\n in which it is being retrieved.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "SourceCodeArchiveUrl": { + "shape": "__string", + "locationName": "sourceCodeArchiveUrl", + "documentation": "

    A link to the S3 object that contains the ZIP archive of the source code for this version of your application.

    Maximum size 50 MB

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + }, + "TemplateUrl": { + "shape": "__string", + "locationName": "templateUrl", + "documentation": "

    A link to the packaged AWS SAM template of your application.

    " + } + }, + "documentation": "

    Application version details.

    ", + "required": [ + "TemplateUrl", + "ParameterDefinitions", + "ResourcesSupported", + "CreationTime", + "RequiredCapabilities", + "ApplicationId", + "SemanticVersion" + ] + }, + "VersionSummary": { + "type": "structure", + "members": { + "ApplicationId": { + "shape": "__string", + "locationName": "applicationId", + "documentation": "

    The application Amazon Resource Name (ARN).

    " + }, + "CreationTime": { + "shape": "__string", + "locationName": "creationTime", + "documentation": "

    The date and time this resource was created.

    " + }, + "SemanticVersion": { + "shape": "__string", + "locationName": "semanticVersion", + "documentation": "

    The semantic version of the application:

    \n https://semver.org/\n

    " + }, + "SourceCodeUrl": { + "shape": "__string", + "locationName": "sourceCodeUrl", + "documentation": "

    A link to a public repository for the source code of your application, for example the URL of a specific GitHub commit.

    " + } + }, + "documentation": "

    An application version summary.

    ", + "required": [ + "CreationTime", + "ApplicationId", + "SemanticVersion" + ] + }, + "__boolean": { + "type": "boolean" + }, + "__double": { + "type": "double" + }, + "__integer": { + "type": "integer" + }, + "__listOfApplicationDependencySummary": { + "type": "list", + "member": { + "shape": "ApplicationDependencySummary" + } + }, + "__listOfApplicationPolicyStatement": { + "type": "list", + "member": { + "shape": "ApplicationPolicyStatement" + } + }, + "__listOfApplicationSummary": { + "type": "list", + "member": { + "shape": "ApplicationSummary" + } + }, + "__listOfCapability": { + "type": "list", + "member": { + "shape": "Capability" + } + }, + "__listOfParameterDefinition": { + "type": "list", + "member": { + "shape": "ParameterDefinition" + } + }, + "__listOfParameterValue": { + "type": "list", + "member": { + "shape": "ParameterValue" + } + }, + "__listOfRollbackTrigger": { + "type": "list", + "member": { + "shape": "RollbackTrigger" + } + }, + "__listOfTag": { + "type": "list", + "member": { + "shape": "Tag" + } + }, + "__listOfVersionSummary": { + "type": "list", + "member": { + "shape": "VersionSummary" + } + }, + "__listOf__string": { + "type": "list", + "member": { + "shape": "__string" } }, - "__long" : { - "type" : "long" + "__long": { + "type": "long" }, - "__string" : { - "type" : "string" + "__string": { + "type": "string" } }, - "documentation" : "

    The AWS Serverless Application Repository makes it easy for developers and enterprises to quickly find\n and deploy serverless applications in the AWS Cloud. For more information about serverless applications,\n see Serverless Computing and Applications on the AWS website.

    The AWS Serverless Application Repository is deeply integrated with the AWS Lambda console, so that developers of \n all levels can get started with serverless computing without needing to learn anything new. You can use category \n keywords to browse for applications such as web and mobile backends, data processing applications, or chatbots. \n You can also search for applications by name, publisher, or event source. To use an application, you simply choose it, \n configure any required fields, and deploy it with a few clicks.

    You can also easily publish applications, sharing them publicly with the community at large, or privately\n within your team or across your organization. To publish a serverless application (or app), you can use the\n AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS SDKs to upload the code. Along with the\n code, you upload a simple manifest file, also known as the AWS Serverless Application Model (AWS SAM) template.\n For more information about AWS SAM, see AWS Serverless Application Model (AWS SAM) on the AWS Labs\n GitHub repository.

    The AWS Serverless Application Repository Developer Guide contains more information about the two developer\n experiences available:

      \n
    • \n

      Consuming Applications – Browse for applications and view information about them, including\n source code and readme files. Also install, configure, and deploy applications of your choosing.

      \n

      Publishing Applications – Configure and upload applications to make them available to other\n developers, and publish new versions of applications.

      \n
      • \n
    " -} + "documentation": "

    The AWS Serverless Application Repository makes it easy for developers and enterprises to quickly find\n and deploy serverless applications in the AWS Cloud. For more information about serverless applications,\n see Serverless Computing and Applications on the AWS website.

    The AWS Serverless Application Repository is deeply integrated with the AWS Lambda console, so that developers of \n all levels can get started with serverless computing without needing to learn anything new. You can use category \n keywords to browse for applications such as web and mobile backends, data processing applications, or chatbots. \n You can also search for applications by name, publisher, or event source. To use an application, you simply choose it, \n configure any required fields, and deploy it with a few clicks.

    You can also easily publish applications, sharing them publicly with the community at large, or privately\n within your team or across your organization. To publish a serverless application (or app), you can use the\n AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS SDKs to upload the code. Along with the\n code, you upload a simple manifest file, also known as the AWS Serverless Application Model (AWS SAM) template.\n For more information about AWS SAM, see AWS Serverless Application Model (AWS SAM) on the AWS Labs\n GitHub repository.

    The AWS Serverless Application Repository Developer Guide contains more information about the two developer\n experiences available:

      \n
    • \n

      Consuming Applications – Browse for applications and view information about them, including\n source code and readme files. Also install, configure, and deploy applications of your choosing.

      \n

      Publishing Applications – Configure and upload applications to make them available to other\n developers, and publish new versions of applications.

      \n
      • \n
    " +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/service-quotas/2019-06-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/service-quotas/2019-06-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/service-quotas/2019-06-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/service-quotas/2019-06-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/service-quotas/2019-06-24/service-2.json 2.31.35-1/awscli/botocore/data/service-quotas/2019-06-24/service-2.json --- 2.23.6-1/awscli/botocore/data/service-quotas/2019-06-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/service-quotas/2019-06-24/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"servicequotas", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Service Quotas", "serviceId":"Service Quotas", "signatureVersion":"v4", "targetPrefix":"ServiceQuotasV20190624", - "uid":"service-quotas-2019-06-24" + "uid":"service-quotas-2019-06-24", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateServiceQuotaTemplate":{ @@ -32,6 +34,26 @@ ], "documentation":"

    Associates your quota request template with your organization. When a new Amazon Web Services account is created in your organization, the quota increase requests in the template are automatically applied to the account. You can add a quota increase request for any adjustable quota to your template.

    " }, + "CreateSupportCase":{ + "name":"CreateSupportCase", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateSupportCaseRequest"}, + "output":{"shape":"CreateSupportCaseResponse"}, + "errors":[ + {"shape":"DependencyAccessDeniedException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"AccessDeniedException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"InvalidResourceStateException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

    Creates a Support case for an existing quota increase request. This call only creates a Support case if the request has a Pending status.

    " + }, "DeleteServiceQuotaIncreaseRequestFromTemplate":{ "name":"DeleteServiceQuotaIncreaseRequestFromTemplate", "http":{ @@ -110,6 +132,23 @@ ], "documentation":"

    Retrieves the status of the association for the quota request template.

    " }, + "GetAutoManagementConfiguration":{ + "name":"GetAutoManagementConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAutoManagementConfigurationRequest"}, + "output":{"shape":"GetAutoManagementConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ServiceException"} + ], + "documentation":"

    Retrieves information about your Service Quotas Automatic Management configuration. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

    " + }, "GetRequestedServiceQuotaChange":{ "name":"GetRequestedServiceQuotaChange", "http":{ @@ -142,7 +181,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves the applied quota value for the specified quota. For some quotas, only the default values are available. If the applied quota value is not available for a quota, the quota is not retrieved.

    " + "documentation":"

    Retrieves the applied quota value for the specified account-level or resource-level quota. For some quotas, only the default values are available. If the applied quota value is not available for a quota, the quota is not retrieved.

    " }, "GetServiceQuotaIncreaseRequestFromTemplate":{ "name":"GetServiceQuotaIncreaseRequestFromTemplate", @@ -181,7 +220,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the default values for the quotas for the specified Amazon Web Service. A default value does not reflect any quota increases.

    " + "documentation":"

    Lists the default values for the quotas for the specified Amazon Web Services service. A default value does not reflect any quota increases.

    " }, "ListRequestedServiceQuotaChangeHistory":{ "name":"ListRequestedServiceQuotaChangeHistory", @@ -199,7 +238,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves the quota increase requests for the specified Amazon Web Service.

    " + "documentation":"

    Retrieves the quota increase requests for the specified Amazon Web Services service. Filter responses to return quota requests at either the account level, resource level, or all levels. Responses include any open or closed requests within 90 days.

    " }, "ListRequestedServiceQuotaChangeHistoryByQuota":{ "name":"ListRequestedServiceQuotaChangeHistoryByQuota", @@ -217,7 +256,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Retrieves the quota increase requests for the specified quota.

    " + "documentation":"

    Retrieves the quota increase requests for the specified quota. Filter responses to return quota requests at either the account level, resource level, or all levels.

    " }, "ListServiceQuotaIncreaseRequestsInTemplate":{ "name":"ListServiceQuotaIncreaseRequestsInTemplate", @@ -255,7 +294,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the applied quota values for the specified Amazon Web Service. For some quotas, only the default values are available. If the applied quota value is not available for a quota, the quota is not retrieved.

    " + "documentation":"

    Lists the applied quota values for the specified Amazon Web Services service. For some quotas, only the default values are available. If the applied quota value is not available for a quota, the quota is not retrieved. Filter responses to return applied quota values at either the account level, resource level, or all levels.

    " }, "ListServices":{ "name":"ListServices", @@ -272,7 +311,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists the names and codes for the Amazon Web Services integrated with Service Quotas.

    " + "documentation":"

    Lists the names and codes for the Amazon Web Services services integrated with Service Quotas.

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -332,7 +371,41 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Submits a quota increase request for the specified quota.

    " + "documentation":"

    Submits a quota increase request for the specified quota at the account or resource level.

    " + }, + "StartAutoManagement":{ + "name":"StartAutoManagement", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartAutoManagementRequest"}, + "output":{"shape":"StartAutoManagementResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ServiceException"} + ], + "documentation":"

    Starts Service Quotas Automatic Management for an Amazon Web Services account, including notification preferences and excluded quotas configurations. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

    " + }, + "StopAutoManagement":{ + "name":"StopAutoManagement", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopAutoManagementRequest"}, + "output":{"shape":"StopAutoManagementResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ServiceException"} + ], + "documentation":"

    Stops Service Quotas Automatic Management for an Amazon Web Services account and removes all associated configurations. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

    " }, "TagResource":{ "name":"TagResource", @@ -369,6 +442,23 @@ {"shape":"ServiceException"} ], "documentation":"

    Removes tags from the specified applied quota. You can specify one or more tags to remove.

    " + }, + "UpdateAutoManagement":{ + "name":"UpdateAutoManagement", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateAutoManagementRequest"}, + "output":{"shape":"UpdateAutoManagementResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"NoSuchResourceException"}, + {"shape":"IllegalArgumentException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ServiceException"} + ], + "documentation":"

    Updates your Service Quotas Automatic Management configuration, including notification preferences and excluded quotas. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

    " } }, "shapes":{ @@ -404,13 +494,11 @@ }, "AssociateServiceQuotaTemplateRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateServiceQuotaTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AwsRegion":{ "type":"string", @@ -418,6 +506,20 @@ "min":1, "pattern":"[a-zA-Z][a-zA-Z0-9-]{1,128}" }, + "CreateSupportCaseRequest":{ + "type":"structure", + "required":["RequestId"], + "members":{ + "RequestId":{ + "shape":"RequestId", + "documentation":"

    The ID of the pending quota increase request for which you want to open a Support case.

    " + } + } + }, + "CreateSupportCaseResponse":{ + "type":"structure", + "members":{} + }, "CustomerServiceEngagementId":{"type":"string"}, "DateTime":{"type":"timestamp"}, "DeleteServiceQuotaIncreaseRequestFromTemplateRequest":{ @@ -444,8 +546,7 @@ }, "DeleteServiceQuotaIncreaseRequestFromTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DependencyAccessDeniedException":{ "type":"structure", @@ -457,13 +558,11 @@ }, "DisassociateServiceQuotaTemplateRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateServiceQuotaTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ErrorCode":{ "type":"string", @@ -480,7 +579,7 @@ "members":{ "ErrorCode":{ "shape":"ErrorCode", - "documentation":"

    Service Quotas returns the following error values:

    • DEPENDENCY_ACCESS_DENIED_ERROR - The caller does not have the required permissions to complete the action. To resolve the error, you must have permission to access the Amazon Web Service or quota.

    • DEPENDENCY_THROTTLING_ERROR - The Amazon Web Service is throttling Service Quotas.

    • DEPENDENCY_SERVICE_ERROR - The Amazon Web Service is not available.

    • SERVICE_QUOTA_NOT_AVAILABLE_ERROR - There was an error in Service Quotas.

    " + "documentation":"

    Service Quotas returns the following error values:

    • DEPENDENCY_ACCESS_DENIED_ERROR - The caller does not have the required permissions to complete the action. To resolve the error, you must have permission to access the Amazon Web Services service or quota.

    • DEPENDENCY_THROTTLING_ERROR - The Amazon Web Services service is throttling Service Quotas.

    • DEPENDENCY_SERVICE_ERROR - The Amazon Web Services service is not available.

    • SERVICE_QUOTA_NOT_AVAILABLE_ERROR - There was an error in Service Quotas.

    " }, "ErrorMessage":{ "shape":"ErrorMessage", @@ -490,6 +589,32 @@ "documentation":"

    An error that explains why an action did not succeed.

    " }, "ExceptionMessage":{"type":"string"}, + "ExcludedLimit":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ /]{1,128}" + }, + "ExcludedQuotaList":{ + "type":"list", + "member":{"shape":"ExcludedLimit"} + }, + "ExcludedService":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[A-Za-z0-9-_ /]{1,128}" + }, + "ExclusionList":{ + "type":"map", + "key":{"shape":"ExcludedService"}, + "value":{"shape":"ExcludedQuotaList"} + }, + "ExclusionQuotaList":{ + "type":"map", + "key":{"shape":"ExcludedService"}, + "value":{"shape":"QuotaInfoList"} + }, "GetAWSDefaultServiceQuotaRequest":{ "type":"structure", "required":[ @@ -518,8 +643,7 @@ }, "GetAssociationForServiceQuotaTemplateRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAssociationForServiceQuotaTemplateResponse":{ "type":"structure", @@ -530,6 +654,35 @@ } } }, + "GetAutoManagementConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "GetAutoManagementConfigurationResponse":{ + "type":"structure", + "members":{ + "OptInLevel":{ + "shape":"OptInLevel", + "documentation":"

    Information on the opt-in level for Automatic Management. Only Amazon Web Services account level is supported.

    " + }, + "OptInType":{ + "shape":"OptInType", + "documentation":"

    Information on the opt-in type for Automatic Management. There are two modes: Notify only and Notify and Auto-Adjust. Currently, only NotifyOnly is available.

    " + }, + "NotificationArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The User Notifications Amazon Resource Name (ARN) for Automatic Management notifications.

    " + }, + "OptInStatus":{ + "shape":"OptInStatus", + "documentation":"

    Status on whether Automatic Management is started or stopped.

    " + }, + "ExclusionList":{ + "shape":"ExclusionQuotaList", + "documentation":"

    List of Amazon Web Services services excluded from Automatic Management. You won't be notified of Service Quotas utilization for Amazon Web Services services added to the Automatic Management exclusion list.

    " + } + } + }, "GetRequestedServiceQuotaChangeRequest":{ "type":"structure", "required":["RequestId"], @@ -597,7 +750,7 @@ }, "ContextId":{ "shape":"QuotaContextId", - "documentation":"

    Specifies the Amazon Web Services account or resource to which the quota applies. The value in this field depends on the context scope associated with the specified service quota.

    " + "documentation":"

    Specifies the resource with an Amazon Resource Name (ARN).

    " } } }, @@ -704,7 +857,7 @@ }, "QuotaRequestedAtLevel":{ "shape":"AppliedLevelEnum", - "documentation":"

    Specifies at which level within the Amazon Web Services account the quota request applies to.

    " + "documentation":"

    Filters the response to return quota requests for the ACCOUNT, RESOURCE, or ALL levels. ACCOUNT is the default.

    " } } }, @@ -742,7 +895,7 @@ }, "QuotaRequestedAtLevel":{ "shape":"AppliedLevelEnum", - "documentation":"

    Specifies at which level within the Amazon Web Services account the quota request applies to.

    " + "documentation":"

    Filters the response to return quota requests for the ACCOUNT, RESOURCE, or ALL levels. ACCOUNT is the default.

    " } } }, @@ -815,7 +968,7 @@ }, "QuotaAppliedAtLevel":{ "shape":"AppliedLevelEnum", - "documentation":"

    Specifies at which level of granularity that the quota value is applied.

    " + "documentation":"

    Filters the response to return applied quota values for the ACCOUNT, RESOURCE, or ALL levels. ACCOUNT is the default.

    " } } }, @@ -854,7 +1007,7 @@ }, "Services":{ "shape":"ServiceInfoListDefinition", - "documentation":"

    The list of the Amazon Web Service names and service codes.

    " + "documentation":"

    The list of the Amazon Web Services service names and service codes.

    " } } }, @@ -933,6 +1086,24 @@ "documentation":"

    The specified resource does not exist.

    ", "exception":true }, + "OptInLevel":{ + "type":"string", + "enum":["ACCOUNT"] + }, + "OptInStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "OptInType":{ + "type":"string", + "enum":[ + "NotifyOnly", + "NotifyAndAdjust" + ] + }, "OrganizationNotInAllFeaturesModeException":{ "type":"structure", "members":{ @@ -1009,18 +1180,18 @@ "members":{ "ContextScope":{ "shape":"QuotaContextScope", - "documentation":"

    Specifies whether the quota applies to an Amazon Web Services account, or to a resource.

    " + "documentation":"

    Specifies the scope to which the quota value is applied. If the scope is RESOURCE, the quota value is applied to each resource in the Amazon Web Services account. If the scope is ACCOUNT, the quota value is applied to the Amazon Web Services account.

    " }, "ContextScopeType":{ "shape":"QuotaContextScopeType", - "documentation":"

    When the ContextScope is RESOURCE, then this specifies the resource type of the specified resource.

    " + "documentation":"

    Specifies the resource type to which the quota can be applied.

    " }, "ContextId":{ "shape":"QuotaContextId", - "documentation":"

    Specifies the Amazon Web Services account or resource to which the quota applies. The value in this field depends on the context scope associated with the specified service quota.

    " + "documentation":"

    Specifies the resource, or resources, to which the quota applies. The value for this field is either an Amazon Resource Name (ARN) or *. If the value is an ARN, the quota value applies to that resource. If the value is *, then the quota value applies to all resources listed in the ContextScopeType field. The quota value applies to all resources for which you haven’t previously applied a quota value, and any new resources you create in your Amazon Web Services account.

    " } }, - "documentation":"

    A structure that describes the context for a service quota. The context identifies what the quota applies to.

    " + "documentation":"

    A structure that describes the context for a resource-level quota. For resource-level quotas, such as Instances per OpenSearch Service Domain, you can apply the quota value at the resource-level for each OpenSearch Service Domain in your Amazon Web Services account. Together the attributes of this structure help you understand how the quota is implemented by Amazon Web Services and how you can manage it. For quotas such as Amazon OpenSearch Service Domains which can be managed at the account-level for each Amazon Web Services Region, the QuotaContext field is absent. See the attribute descriptions below to further understand how to use them.

    " }, "QuotaContextScope":{ "type":"string", @@ -1030,6 +1201,12 @@ ] }, "QuotaContextScopeType":{"type":"string"}, + "QuotaDescription":{ + "type":"string", + "max":350, + "min":0, + "pattern":"^.{0,350}$" + }, "QuotaExceededException":{ "type":"structure", "members":{ @@ -1038,6 +1215,24 @@ "documentation":"

    You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.

    ", "exception":true }, + "QuotaInfo":{ + "type":"structure", + "members":{ + "QuotaCode":{ + "shape":"QuotaCode", + "documentation":"

    The Service Quotas code for the Amazon Web Services service monitored with Automatic Management.

    " + }, + "QuotaName":{ + "shape":"QuotaName", + "documentation":"

    The Service Quotas name for the Amazon Web Services service monitored with Automatic Management.

    " + } + }, + "documentation":"

    Information on your Service Quotas for Service Quotas Automatic Management. Automatic Management monitors your Service Quotas utilization and notifies you before you run out of your allocated quotas.

    " + }, + "QuotaInfoList":{ + "type":"list", + "member":{"shape":"QuotaInfo"} + }, "QuotaMetricName":{"type":"string"}, "QuotaMetricNamespace":{"type":"string"}, "QuotaName":{"type":"string"}, @@ -1089,7 +1284,11 @@ }, "ContextId":{ "shape":"QuotaContextId", - "documentation":"

    Specifies the Amazon Web Services account or resource to which the quota applies. The value in this field depends on the context scope associated with the specified service quota.

    " + "documentation":"

    Specifies the resource with an Amazon Resource Name (ARN).

    " + }, + "SupportCaseAllowed":{ + "shape":"SupportCaseAllowed", + "documentation":"

    Specifies if an Amazon Web Services Support case can be opened for the quota increase request. This parameter is optional.

    By default, this flag is set to True and Amazon Web Services may create a support case for some quota increase requests. You can set this flag to False if you do not want a support case created when you request a quota increase. If you set the flag to False, Amazon Web Services does not open a support case and updates the request status to Not approved.

    " } } }, @@ -1147,7 +1346,7 @@ }, "Status":{ "shape":"RequestStatus", - "documentation":"

    The state of the quota increase request.

    " + "documentation":"

    The state of the quota increase request.

    • PENDING: The quota increase request is under review by Amazon Web Services.

    • CASE_OPENED: Service Quotas opened a support case to process the quota increase request. Follow-up on the support case for more information.

    • APPROVED: The quota increase request is approved.

    • DENIED: The quota increase request can't be approved by Service Quotas. Contact Amazon Web Services Support for more details.

    • NOT APPROVED: The quota increase request can't be approved by Service Quotas. Contact Amazon Web Services Support for more details.

    • CASE_CLOSED: The support case associated with this quota increase request was closed. Check the support case correspondence for the outcome of your quota request.

    • INVALID_REQUEST: Service Quotas couldn't process your resource-level quota increase request because the Amazon Resource Name (ARN) specified as part of the ContextId is invalid.

    " }, "Created":{ "shape":"DateTime", @@ -1175,7 +1374,7 @@ }, "QuotaRequestedAtLevel":{ "shape":"AppliedLevelEnum", - "documentation":"

    Specifies at which level within the Amazon Web Services account the quota request applies to.

    " + "documentation":"

    Filters the response to return quota requests for the ACCOUNT, RESOURCE, or ALL levels. ACCOUNT is the default.

    " }, "QuotaContext":{ "shape":"QuotaContextInfo", @@ -1224,7 +1423,7 @@ "documentation":"

    Specifies the service name.

    " } }, - "documentation":"

    Information about an Amazon Web Service.

    " + "documentation":"

    Information about an Amazon Web Services service.

    " }, "ServiceInfoListDefinition":{ "type":"list", @@ -1284,11 +1483,15 @@ }, "QuotaAppliedAtLevel":{ "shape":"AppliedLevelEnum", - "documentation":"

    Specifies at which level of granularity that the quota value is applied.

    " + "documentation":"

    Filters the response to return applied quota values for the ACCOUNT, RESOURCE, or ALL levels. ACCOUNT is the default.

    " }, "QuotaContext":{ "shape":"QuotaContextInfo", "documentation":"

    The context for this service quota.

    " + }, + "Description":{ + "shape":"QuotaDescription", + "documentation":"

    The quota description.

    " } }, "documentation":"

    Information about a quota.

    " @@ -1354,12 +1557,50 @@ "documentation":"

    The quota request template is not associated with your organization.

    ", "exception":true }, + "StartAutoManagementRequest":{ + "type":"structure", + "required":[ + "OptInLevel", + "OptInType" + ], + "members":{ + "OptInLevel":{ + "shape":"OptInLevel", + "documentation":"

    Sets the opt-in level for Automatic Management. Only Amazon Web Services account level is supported.

    " + }, + "OptInType":{ + "shape":"OptInType", + "documentation":"

    Sets the opt-in type for Automatic Management. There are two modes: Notify only and Notify and Auto-Adjust. Currently, only NotifyOnly is available.

    " + }, + "NotificationArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The User Notifications Amazon Resource Name (ARN) for Automatic Management notifications.

    " + }, + "ExclusionList":{ + "shape":"ExclusionList", + "documentation":"

    List of Amazon Web Services services excluded from Automatic Management. You won't be notified of Service Quotas utilization for Amazon Web Services services added to the Automatic Management exclusion list.

    " + } + } + }, + "StartAutoManagementResponse":{ + "type":"structure", + "members":{} + }, "Statistic":{ "type":"string", "max":256, "min":1, "pattern":"(Sum|Maximum)" }, + "StopAutoManagementRequest":{ + "type":"structure", + "members":{} + }, + "StopAutoManagementResponse":{ + "type":"structure", + "members":{} + }, + "SupportCaseAllowed":{"type":"boolean"}, "Tag":{ "type":"structure", "required":[ @@ -1411,8 +1652,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1463,9 +1703,29 @@ }, "UntagResourceResponse":{ "type":"structure", + "members":{} + }, + "UpdateAutoManagementRequest":{ + "type":"structure", "members":{ + "OptInType":{ + "shape":"OptInType", + "documentation":"

    Information on the opt-in type for your Automatic Management configuration. There are two modes: Notify only and Notify and Auto-Adjust. Currently, only NotifyOnly is available.

    " + }, + "NotificationArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The User Notifications Amazon Resource Name (ARN) for Automatic Management notifications you want to update.

    " + }, + "ExclusionList":{ + "shape":"ExclusionList", + "documentation":"

    List of Amazon Web Services services you want to exclude from Automatic Management. You won't be notified of Service Quotas utilization for Amazon Web Services services added to the Automatic Management exclusion list.

    " + } } + }, + "UpdateAutoManagementResponse":{ + "type":"structure", + "members":{} } }, - "documentation":"

    With Service Quotas, you can view and manage your quotas easily as your Amazon Web Services workloads grow. Quotas, also referred to as limits, are the maximum number of resources that you can create in your Amazon Web Services account. For more information, see the Service Quotas User Guide.

    " + "documentation":"

    With Service Quotas, you can view and manage your quotas easily as your Amazon Web Services workloads grow. Quotas, also referred to as limits, are the maximum number of resources that you can create in your Amazon Web Services account. For more information, see the Service Quotas User Guide.

    You need Amazon Web Services CLI version 2.13.20 or higher to view and manage resource-level quotas such as Instances per domain for Amazon OpenSearch Service.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/servicecatalog/2015-12-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/servicecatalog/2015-12-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/servicecatalog/2015-12-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicecatalog/2015-12-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/servicecatalog/2015-12-10/service-2.json 2.31.35-1/awscli/botocore/data/servicecatalog/2015-12-10/service-2.json --- 2.23.6-1/awscli/botocore/data/servicecatalog/2015-12-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicecatalog/2015-12-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"servicecatalog", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"AWS Service Catalog", "serviceId":"Service Catalog", "signatureVersion":"v4", "targetPrefix":"AWS242ServiceCatalogService", - "uid":"servicecatalog-2015-12-10" + "uid":"servicecatalog-2015-12-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptPortfolioShare":{ @@ -370,7 +372,8 @@ "output":{"shape":"DeleteServiceActionOutput"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ResourceInUseException"} + {"shape":"ResourceInUseException"}, + {"shape":"InvalidParametersException"} ], "documentation":"

    Deletes a self-service action.

    " }, @@ -675,7 +678,8 @@ "input":{"shape":"DisassociateServiceActionFromProvisioningArtifactInput"}, "output":{"shape":"DisassociateServiceActionFromProvisioningArtifactOutput"}, "errors":[ - {"shape":"ResourceNotFoundException"} + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"} ], "documentation":"

    Disassociates the specified self-service action association from the specified provisioning artifact.

    " }, @@ -1329,8 +1333,7 @@ }, "AcceptPortfolioShareOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AccessLevelFilter":{ "type":"structure", @@ -1400,8 +1403,7 @@ }, "AssociateBudgetWithResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociatePrincipalWithPortfolioInput":{ "type":"structure", @@ -1431,8 +1433,7 @@ }, "AssociatePrincipalWithPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateProductWithPortfolioInput":{ "type":"structure", @@ -1461,8 +1462,7 @@ }, "AssociateProductWithPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateServiceActionWithProvisioningArtifactInput":{ "type":"structure", @@ -1497,8 +1497,7 @@ }, "AssociateServiceActionWithProvisioningArtifactOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateTagOptionWithResourceInput":{ "type":"structure", @@ -1519,8 +1518,7 @@ }, "AssociateTagOptionWithResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "AttributeValue":{"type":"string"}, "BatchAssociateServiceActionWithProvisioningArtifactInput":{ @@ -2215,8 +2213,7 @@ }, "DeleteConstraintOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePortfolioInput":{ "type":"structure", @@ -2234,8 +2231,7 @@ }, "DeletePortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePortfolioShareInput":{ "type":"structure", @@ -2284,8 +2280,7 @@ }, "DeleteProductOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProvisionedProductPlanInput":{ "type":"structure", @@ -2307,8 +2302,7 @@ }, "DeleteProvisionedProductPlanOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProvisioningArtifactInput":{ "type":"structure", @@ -2333,8 +2327,7 @@ }, "DeleteProvisioningArtifactOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteServiceActionInput":{ "type":"structure", @@ -2357,8 +2350,7 @@ }, "DeleteServiceActionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTagOptionInput":{ "type":"structure", @@ -2372,8 +2364,7 @@ }, "DeleteTagOptionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeConstraintInput":{ "type":"structure", @@ -2971,13 +2962,11 @@ "Description":{"type":"string"}, "DisableAWSOrganizationsAccessInput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableAWSOrganizationsAccessOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableTemplateValidation":{"type":"boolean"}, "DisassociateBudgetFromResourceInput":{ @@ -2999,8 +2988,7 @@ }, "DisassociateBudgetFromResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociatePrincipalFromPortfolioInput":{ "type":"structure", @@ -3029,8 +3017,7 @@ }, "DisassociatePrincipalFromPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateProductFromPortfolioInput":{ "type":"structure", @@ -3055,8 +3042,7 @@ }, "DisassociateProductFromPortfolioOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateServiceActionFromProvisioningArtifactInput":{ "type":"structure", @@ -3091,8 +3077,7 @@ }, "DisassociateServiceActionFromProvisioningArtifactOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateTagOptionFromResourceInput":{ "type":"structure", @@ -3113,25 +3098,21 @@ }, "DisassociateTagOptionFromResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DuplicateResourceException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource is a duplicate.

    ", "exception":true }, "EnableAWSOrganizationsAccessInput":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableAWSOrganizationsAccessOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "EngineWorkflowFailureReason":{ "type":"string", @@ -3326,8 +3307,7 @@ }, "GetAWSOrganizationsAccessStatusInput":{ "type":"structure", - "members":{ - } + "members":{} }, "GetAWSOrganizationsAccessStatusOutput":{ "type":"structure", @@ -3441,15 +3421,13 @@ "InstructionValue":{"type":"string"}, "InvalidParametersException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    One or more parameters provided to the operation are not valid.

    ", "exception":true }, "InvalidStateException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An attempt was made to modify a resource that is in a state that is not valid. Check your resources to ensure that they are in valid states before retrying the operation.

    ", "exception":true }, @@ -3536,8 +3514,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The current limits of the service would have been exceeded by this operation. Decrease your resource use or increase your service limits and retry the operation.

    ", "exception":true }, @@ -4267,8 +4244,7 @@ }, "NotifyProvisionProductEngineWorkflowResultOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "NotifyTerminateProvisionedProductEngineWorkflowResultInput":{ "type":"structure", @@ -4304,8 +4280,7 @@ }, "NotifyTerminateProvisionedProductEngineWorkflowResultOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "NotifyUpdateProvisionedProductEngineWorkflowResultInput":{ "type":"structure", @@ -4345,8 +4320,7 @@ }, "NotifyUpdateProvisionedProductEngineWorkflowResultOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "NullableBoolean":{ "type":"boolean", @@ -4354,8 +4328,7 @@ }, "OperationNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation is not supported.

    ", "exception":true }, @@ -5631,8 +5604,7 @@ }, "RejectPortfolioShareOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Replacement":{ "type":"string", @@ -5779,15 +5751,13 @@ "ResourceId":{"type":"string"}, "ResourceInUseException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A resource that is currently in use. Ensure that the resource is not in use and retry the operation.

    ", "exception":true }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified resource was not found.

    ", "exception":true }, @@ -5962,7 +5932,7 @@ }, "AccessLevelFilter":{ "shape":"AccessLevelFilter", - "documentation":"

    The access level to use to obtain results. The default is User.

    " + "documentation":"

    The access level to use to obtain results. The default is Account.

    " }, "Filters":{ "shape":"ProvisionedProductFilters", @@ -6409,8 +6379,7 @@ }, "TagOptionNotMigratedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An operation requiring TagOptions failed because the TagOptions migration process has not been performed for this account. Use the Amazon Web Services Management Console to perform the migration process before retrying the operation.

    ", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/service-2.json 2.31.35-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/service-2.json --- 2.23.6-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicecatalog-appregistry/2020-06-24/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"servicecatalog-appregistry", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"AppRegistry", "serviceFullName":"AWS Service Catalog App Registry", "serviceId":"Service Catalog AppRegistry", "signatureVersion":"v4", "signingName":"servicecatalog", - "uid":"AWS242AppRegistry-2020-06-24" + "uid":"AWS242AppRegistry-2020-06-24", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateAttributeGroup":{ @@ -1676,8 +1678,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1735,8 +1736,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/paginators-1.sdk-extras.json 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/paginators-1.sdk-extras.json --- 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/paginators-1.sdk-extras.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/paginators-1.sdk-extras.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ + { + "version": 1.0, + "merge": { + "pagination": { + "ListInstances": { + "non_aggregate_keys": [ + "ResourceOwner" + ] + } + } + } + } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/service-2.json 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/service-2.json --- 2.23.6-1/awscli/botocore/data/servicediscovery/2017-03-14/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/servicediscovery/2017-03-14/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -290,7 +290,7 @@ "errors":[ {"shape":"InvalidInput"} ], - "documentation":"

    Lists summary information about the namespaces that were created by the current Amazon Web Services account.

    " + "documentation":"

    Lists summary information about the namespaces that were created by the current Amazon Web Services account and shared with the current Amazon Web Services account.

    " }, "ListOperations":{ "name":"ListOperations", @@ -454,7 +454,7 @@ {"shape":"InvalidInput"}, {"shape":"ServiceNotFound"} ], - "documentation":"

    Submits a request to perform the following operations:

    • Update the TTL setting for existing DnsRecords configurations

    • Add, update, or delete HealthCheckConfig for a specified service

      You can't add, update, or delete a HealthCheckCustomConfig configuration.

    For public and private DNS namespaces, note the following:

    • If you omit any existing DnsRecords or HealthCheckConfig configurations from an UpdateService request, the configurations are deleted from the service.

    • If you omit an existing HealthCheckCustomConfig configuration from an UpdateService request, the configuration isn't deleted from the service.

    When you update settings for a service, Cloud Map also updates the corresponding settings in all the records and health checks that were created by using the specified service.

    " + "documentation":"

    Submits a request to perform the following operations:

    • Update the TTL setting for existing DnsRecords configurations

    • Add, update, or delete HealthCheckConfig for a specified service

      You can't add, update, or delete a HealthCheckCustomConfig configuration.

    For public and private DNS namespaces, note the following:

    • If you omit any existing DnsRecords or HealthCheckConfig configurations from an UpdateService request, the configurations are deleted from the service.

    • If you omit an existing HealthCheckCustomConfig configuration from an UpdateService request, the configuration isn't deleted from the service.

    You can't call UpdateService and update settings in the following scenarios:

    • When the service is associated with an HTTP namespace

    • When the service is associated with a shared namespace and contains instances that were registered by Amazon Web Services accounts other than the account making the UpdateService call

    When you update settings for a service, Cloud Map also updates the corresponding settings in all the records and health checks that were created by using the specified service.

    " }, "UpdateServiceAttributes":{ "name":"UpdateServiceAttributes", @@ -473,6 +473,11 @@ } }, "shapes":{ + "AWSAccountId":{ + "type":"string", + "max":12, + "min":12 + }, "AmazonResourceName":{ "type":"string", "max":1011, @@ -618,8 +623,8 @@ "documentation":"

    The name that you want to assign to the service.

    Do not include sensitive information in the name if the namespace is discoverable by public DNS queries.

    If you want Cloud Map to create an SRV record when you register an instance and you're using a system that requires a specific SRV format, such as HAProxy, specify the following for Name:

    • Start the name with an underscore (_), such as _exampleservice.

    • End the name with ._protocol, such as ._tcp.

    When you register an instance, Cloud Map creates an SRV record and assigns a name to the record by concatenating the service name and the namespace name (for example,

    _exampleservice._tcp.example.com).

    For services that are accessible by DNS queries, you can't create multiple services with names that differ only by case (such as EXAMPLE and example). Otherwise, these services have the same DNS name and can't be distinguished. However, if you use a namespace that's only accessible by API calls, then you can create services that with names that differ only by case.

    " }, "NamespaceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace that you want to use to create the service. The namespace ID must be specified, but it can be specified either here or in the DnsConfig object.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace that you want to use to create the service. For namespaces shared with your Amazon Web Services account, specify the namespace ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "CreatorRequestId":{ "shape":"ResourceId", @@ -681,8 +686,8 @@ "required":["Id"], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace that you want to delete.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace that you want to delete.

    " } } }, @@ -703,8 +708,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service from which the attributes will be deleted.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service from which the attributes will be deleted. For services created in a namespace shared with your Amazon Web Services account, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "Attributes":{ "shape":"ServiceAttributeKeyList", @@ -714,23 +719,21 @@ }, "DeleteServiceAttributesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteServiceRequest":{ "type":"structure", "required":["Id"], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to delete.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to delete. If the namespace associated with the service is shared with your Amazon Web Services account, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing.

    " } } }, "DeleteServiceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterInstanceRequest":{ "type":"structure", @@ -740,8 +743,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that the instance is associated with.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that the instance is associated with. If the namespace associated with the service is shared with your account, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "InstanceId":{ "shape":"ResourceId", @@ -767,7 +770,7 @@ "members":{ "NamespaceName":{ "shape":"NamespaceName", - "documentation":"

    The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace. In most cases, Name and HttpName match. However, if you reuse Name for namespace creation, a generated hash is added to HttpName to distinguish the two.

    " + "documentation":"

    The HttpName name of the namespace. The HttpName is found in the HttpProperties member of the Properties member of the namespace. In most cases, Name and HttpName match. However, if you reuse Name for namespace creation, a generated hash is added to HttpName to distinguish the two.

    " }, "ServiceName":{ "shape":"ServiceName", @@ -788,6 +791,10 @@ "HealthStatus":{ "shape":"HealthStatusFilter", "documentation":"

    The health status of the instances that you want to discover. This parameter is ignored for services that don't have a health check configured, and all instances are returned.

    HEALTHY

    Returns healthy instances.

    UNHEALTHY

    Returns unhealthy instances.

    ALL

    Returns all instances.

    HEALTHY_OR_ELSE_ALL

    Returns healthy instances, unless none are reporting a healthy state. In that case, return all instances. This is also called failing open.

    " + }, + "OwnerAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the namespace associated with the instance, as specified in the namespace ResourceOwner field. For instances associated with namespaces that are shared with your account, you must specify an OwnerAccount.

    " } } }, @@ -813,11 +820,15 @@ "members":{ "NamespaceName":{ "shape":"NamespaceName", - "documentation":"

    The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace.

    " + "documentation":"

    The HttpName name of the namespace. The HttpName is found in the HttpProperties member of the Properties member of the namespace.

    " }, "ServiceName":{ "shape":"ServiceName", "documentation":"

    The name of the service that you specified when you registered the instance.

    " + }, + "OwnerAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the namespace associated with the instance, as specified in the namespace ResourceOwner field. For instances associated with namespaces that are shared with your account, you must specify an OwnerAccount. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } } }, @@ -908,7 +919,7 @@ "members":{ "Message":{"shape":"ErrorMessage"}, "DuplicateOperationId":{ - "shape":"ResourceId", + "shape":"OperationId", "documentation":"

    The ID of the operation that's already in progress.

    " } }, @@ -947,8 +958,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that the instance is associated with.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that the instance is associated with. For services created in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "InstanceId":{ "shape":"ResourceId", @@ -959,6 +970,10 @@ "GetInstanceResponse":{ "type":"structure", "members":{ + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace that contains the service that the instance is associated with. If this isn't your account ID, it's the ID of the account that shared the namespace with your account.

    " + }, "Instance":{ "shape":"Instance", "documentation":"

    A complex type that contains information about a specified instance.

    " @@ -970,8 +985,8 @@ "required":["ServiceId"], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that the instance is associated with.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that the instance is associated with. For services created in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "Instances":{ "shape":"InstanceIdList", @@ -1005,8 +1020,8 @@ "required":["Id"], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace that you want to get information about.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace that you want to get information about. For namespaces shared with your Amazon Web Services account, specify the namespace ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide

    " } } }, @@ -1024,8 +1039,12 @@ "required":["OperationId"], "members":{ "OperationId":{ - "shape":"ResourceId", + "shape":"OperationId", "documentation":"

    The ID of the operation that you want to get more information about.

    " + }, + "OwnerAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the namespace associated with the operation, as specified in the namespace ResourceOwner field. For operations associated with namespaces that are shared with your account, you must specify an OwnerAccount.

    " } } }, @@ -1043,8 +1062,8 @@ "required":["ServiceId"], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to get attributes for.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to get attributes for. For services created in a namespace shared with your Amazon Web Services account, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } } }, @@ -1062,8 +1081,8 @@ "required":["Id"], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to get settings for.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to get settings for. For services created by consumers in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } } }, @@ -1141,7 +1160,7 @@ }, "NamespaceName":{ "shape":"NamespaceNameHttp", - "documentation":"

    The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace.

    " + "documentation":"

    The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace.

    " }, "ServiceName":{ "shape":"ServiceName", @@ -1198,6 +1217,10 @@ "Attributes":{ "shape":"Attributes", "documentation":"

    A string map that contains the following information for the service that you specify in ServiceId:

    • The attributes that apply to the records that are defined in the service.

    • For each attribute, the applicable value.

    Do not include sensitive information in the attributes if the namespace is discoverable by public DNS queries.

    Supported attribute keys include the following:

    AWS_ALIAS_DNS_NAME

    If you want Cloud Map to create a Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that's associated with the load balancer. For information about how to get the DNS name, see AliasTarget->DNSName in the Route 53 API Reference.

    Note the following:

    • The configuration for the service that's specified by ServiceId must include settings for an A record, an AAAA record, or both.

    • In the service that's specified by ServiceId, the value of RoutingPolicy must be WEIGHTED.

    • If the service that's specified by ServiceId includes HealthCheckConfig settings, Cloud Map creates the health check, but it won't associate the health check with the alias record.

    • Auto naming currently doesn't support creating alias records that route traffic to Amazon Web Services resources other than ELB load balancers.

    • If you specify a value for AWS_ALIAS_DNS_NAME, don't specify values for any of the AWS_INSTANCE attributes.

    AWS_EC2_INSTANCE_ID

    HTTP namespaces only. The Amazon EC2 instance ID for the instance. The AWS_INSTANCE_IPV4 attribute contains the primary private IPv4 address.

    AWS_INIT_HEALTH_STATUS

    If the service configuration includes HealthCheckCustomConfig, you can optionally use AWS_INIT_HEALTH_STATUS to specify the initial status of the custom health check, HEALTHY or UNHEALTHY. If you don't specify a value for AWS_INIT_HEALTH_STATUS, the initial status is HEALTHY.

    AWS_INSTANCE_CNAME

    If the service configuration includes a CNAME record, the domain name that you want Route 53 to return in response to DNS queries (for example, example.com).

    This value is required if the service specified by ServiceId includes settings for an CNAME record.

    AWS_INSTANCE_IPV4

    If the service configuration includes an A record, the IPv4 address that you want Route 53 to return in response to DNS queries (for example, 192.0.2.44).

    This value is required if the service specified by ServiceId includes settings for an A record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.

    AWS_INSTANCE_IPV6

    If the service configuration includes an AAAA record, the IPv6 address that you want Route 53 to return in response to DNS queries (for example, 2001:0db8:85a3:0000:0000:abcd:0001:2345).

    This value is required if the service specified by ServiceId includes settings for an AAAA record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.

    AWS_INSTANCE_PORT

    If the service includes an SRV record, the value that you want Route 53 to return for the port.

    If the service includes HealthCheckConfig, the port on the endpoint that you want Route 53 to send requests to.

    This value is required if you specified settings for an SRV record or a Route 53 health check when you created the service.

    " + }, + "CreatedByAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that registered the instance. If this isn't your account ID, it's the ID of the account that shared the namespace with your account or the ID of another account with which the namespace has been shared. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } }, "documentation":"

    A complex type that contains information about an instance that Cloud Map creates when you submit a RegisterInstance request.

    " @@ -1235,6 +1258,10 @@ "Attributes":{ "shape":"Attributes", "documentation":"

    A string map that contains the following information:

    • The attributes that are associated with the instance.

    • For each attribute, the applicable value.

    Supported attribute keys include the following:

    AWS_ALIAS_DNS_NAME

    For an alias record that routes traffic to an Elastic Load Balancing load balancer, the DNS name that's associated with the load balancer.

    AWS_EC2_INSTANCE_ID (HTTP namespaces only)

    The Amazon EC2 instance ID for the instance. When the AWS_EC2_INSTANCE_ID attribute is specified, then the AWS_INSTANCE_IPV4 attribute contains the primary private IPv4 address.

    AWS_INIT_HEALTH_STATUS

    If the service configuration includes HealthCheckCustomConfig, you can optionally use AWS_INIT_HEALTH_STATUS to specify the initial status of the custom health check, HEALTHY or UNHEALTHY. If you don't specify a value for AWS_INIT_HEALTH_STATUS, the initial status is HEALTHY.

    AWS_INSTANCE_CNAME

    For a CNAME record, the domain name that Route 53 returns in response to DNS queries (for example, example.com).

    AWS_INSTANCE_IPV4

    For an A record, the IPv4 address that Route 53 returns in response to DNS queries (for example, 192.0.2.44).

    AWS_INSTANCE_IPV6

    For an AAAA record, the IPv6 address that Route 53 returns in response to DNS queries (for example, 2001:0db8:85a3:0000:0000:abcd:0001:2345).

    AWS_INSTANCE_PORT

    For an SRV record, the value that Route 53 returns for the port. In addition, if the service includes HealthCheckConfig, the port on the endpoint that Route 53 sends requests to.

    " + }, + "CreatedByAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that registered the instance. If this isn't your account ID, it's the ID of the account that shared the namespace with your account or the ID of another account with which the namespace has been shared. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } }, "documentation":"

    A complex type that contains information about the instances that you registered by using a specified service.

    " @@ -1256,8 +1283,8 @@ "required":["ServiceId"], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to list instances for.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to list instances for. For services created in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "NextToken":{ "shape":"NextToken", @@ -1272,6 +1299,10 @@ "ListInstancesResponse":{ "type":"structure", "members":{ + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace that contains the specified service. If this isn't your account ID, it's the ID of the account that shared the namespace with your account.

    " + }, "Instances":{ "shape":"InstanceSummaryList", "documentation":"

    Summary information about the instances that are associated with the specified service.

    " @@ -1408,6 +1439,10 @@ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that Cloud Map assigns to the namespace when you create it.

    " }, + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace. If this isn't your account ID, it's the ID of the account that shared the namespace with your account. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " + }, "Name":{ "shape":"NamespaceName", "documentation":"

    The name of the namespace, such as example.com.

    " @@ -1464,15 +1499,15 @@ "members":{ "Name":{ "shape":"NamespaceFilterName", - "documentation":"

    Specify the namespaces that you want to get using one of the following.

    • TYPE: Gets the namespaces of the specified type.

    • NAME: Gets the namespaces with the specified name.

    • HTTP_NAME: Gets the namespaces with the specified HTTP name.

    " + "documentation":"

    Specify the namespaces that you want to get using one of the following.

    • TYPE: Gets the namespaces of the specified type.

    • NAME: Gets the namespaces with the specified name.

    • HTTP_NAME: Gets the namespaces with the specified HTTP name.

    • RESOURCE_OWNER: Gets the namespaces created by your Amazon Web Services account or by other accounts. This can be used to filter for shared namespaces. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "Values":{ "shape":"FilterValues", - "documentation":"

    Specify the values that are applicable to the value that you specify for Name.

    • TYPE: Specify HTTP, DNS_PUBLIC, or DNS_PRIVATE.

    • NAME: Specify the name of the namespace, which is found in Namespace.Name.

    • HTTP_NAME: Specify the HTTP name of the namespace, which is found in Namespace.Properties.HttpProperties.HttpName.

    " + "documentation":"

    Specify the values that are applicable to the value that you specify for Name.

    • TYPE: Specify HTTP, DNS_PUBLIC, or DNS_PRIVATE.

    • NAME: Specify the name of the namespace, which is found in Namespace.Name.

    • HTTP_NAME: Specify the HTTP name of the namespace, which is found in Namespace.Properties.HttpProperties.HttpName.

    • RESOURCE_OWNER: Specify one of SELF or OTHER_ACCOUNTS. SELF can be used to filter namespaces created by you and OTHER_ACCOUNTS can be used to filter namespaces shared with you that were created by other accounts.

    " }, "Condition":{ "shape":"FilterCondition", - "documentation":"

    Specify the operator that you want to use to determine whether a namespace matches the specified value. Valid values for Condition are one of the following.

    • EQ: When you specify EQ for Condition, you can specify only one value. EQ is supported for TYPE, NAME, and HTTP_NAME. EQ is the default condition and can be omitted.

    • BEGINS_WITH: When you specify BEGINS_WITH for Condition, you can specify only one value. BEGINS_WITH is supported for TYPE, NAME, and HTTP_NAME.

    " + "documentation":"

    Specify the operator that you want to use to determine whether a namespace matches the specified value. Valid values for Condition are one of the following.

    • EQ: When you specify EQ for Condition, you can specify only one value. EQ is supported for TYPE, NAME, RESOURCE_OWNER and HTTP_NAME. EQ is the default condition and can be omitted.

    • BEGINS_WITH: When you specify BEGINS_WITH for Condition, you can specify only one value. BEGINS_WITH is supported for TYPE, NAME, and HTTP_NAME.

    " } }, "documentation":"

    A complex type that identifies the namespaces that you want to list. You can choose to list public or private namespaces.

    " @@ -1482,7 +1517,8 @@ "enum":[ "TYPE", "NAME", - "HTTP_NAME" + "HTTP_NAME", + "RESOURCE_OWNER" ] }, "NamespaceFilters":{ @@ -1497,12 +1533,12 @@ "NamespaceNameHttp":{ "type":"string", "max":1024, - "pattern":"^[!-~]{1,1024}$" + "pattern":"^(?!arn:)[!-~]{1,1024}$" }, "NamespaceNamePrivate":{ "type":"string", "max":253, - "pattern":"^[!-~]{1,253}$" + "pattern":"^(?!arn:)[!-~]{1,253}$" }, "NamespaceNamePublic":{ "type":"string", @@ -1546,6 +1582,10 @@ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that Cloud Map assigns to the namespace when you create it.

    " }, + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace. If this isn't your account ID, it's the ID of the account that shared the namespace with your account. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " + }, "Name":{ "shape":"NamespaceName", "documentation":"

    The name of the namespace. When you create a namespace, Cloud Map automatically creates a Route 53 hosted zone that has the same name as the namespace.

    " @@ -1592,6 +1632,10 @@ "shape":"OperationId", "documentation":"

    The ID of the operation that you want to get information about.

    " }, + "OwnerAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that owns the namespace associated with the operation.

    " + }, "Type":{ "shape":"OperationType", "documentation":"

    The name of the operation that's associated with the specified ID.

    " @@ -1861,8 +1905,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to use for settings for the instance.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to use for settings for the instance. For services created in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "InstanceId":{ "shape":"InstanceId", @@ -1974,6 +2018,10 @@ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that Cloud Map assigns to the service when you create it.

    " }, + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace with which the service is associated. If this isn't your account ID, it is the ID of the account that shared the namespace with your account. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " + }, "Name":{ "shape":"ServiceName", "documentation":"

    The name of the service.

    " @@ -2013,6 +2061,10 @@ "CreatorRequestId":{ "shape":"ResourceId", "documentation":"

    A unique string that identifies the request and that allows failed requests to be retried without the risk of running the operation twice. CreatorRequestId can be any unique string (for example, a date/timestamp).

    " + }, + "CreatedByAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the service. If this isn't your account ID, it is the ID of account of the namespace owner or of another account with which the namespace has been shared. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } }, "documentation":"

    A complex type that contains information about the specified service.

    " @@ -2028,6 +2080,10 @@ "ServiceId":{ "shape":"ResourceId", "documentation":"

    The ID of the existing service.

    " + }, + "ServiceArn":{ + "shape":"Arn", + "documentation":"

    The ARN of the existing service.

    " } }, "documentation":"

    The service can't be created because a service with the same name already exists.

    ", @@ -2054,6 +2110,10 @@ "shape":"Arn", "documentation":"

    The ARN of the service that the attributes are associated with.

    " }, + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace with which the service is associated. If this isn't your account ID, it is the ID of the account that shared the namespace with your account. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " + }, "Attributes":{ "shape":"ServiceAttributesMap", "documentation":"

    A string map that contains the following information for the service that you specify in ServiceArn:

    • The attributes that apply to the service.

    • For each attribute, the applicable value.

    You can specify a total of 30 attributes.

    " @@ -2103,22 +2163,25 @@ "members":{ "Name":{ "shape":"ServiceFilterName", - "documentation":"

    Specify NAMESPACE_ID.

    " + "documentation":"

    Specify the services that you want to get using one of the following.

    • NAMESPACE_ID: Gets the services associated with the specified namespace.

    • RESOURCE_OWNER: Gets the services associated with the namespaces created by your Amazon Web Services account or by other accounts. This can be used to filter for services created in a shared namespace. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "Values":{ "shape":"FilterValues", - "documentation":"

    The values that are applicable to the value that you specify for Condition to filter the list of services.

    " + "documentation":"

    The values that are applicable to the value that you specify for Condition to filter the list of services.

    • NAMESPACE_ID: Specify one namespace ID or ARN. Specify the namespace ARN for namespaces that are shared with your Amazon Web Services account.

    • RESOURCE_OWNER: Specify one of SELF or OTHER_ACCOUNTS. SELF can be used to filter services associated with namespaces created by you and OTHER_ACCOUNTS can be used to filter services associated with namespaces that were shared with you.

    " }, "Condition":{ "shape":"FilterCondition", - "documentation":"

    The operator that you want to use to determine whether a service is returned by ListServices. Valid values for Condition include the following:

    • EQ: When you specify EQ, specify one namespace ID for Values. EQ is the default condition and can be omitted.

    " + "documentation":"

    The operator that you want to use to determine whether a service is returned by ListServices. Valid values for Condition include the following:

    • EQ: When you specify EQ, specify one value. EQ is the default condition and can be omitted.

    " } }, "documentation":"

    A complex type that lets you specify the namespaces that you want to list services for.

    " }, "ServiceFilterName":{ "type":"string", - "enum":["NAMESPACE_ID"] + "enum":[ + "NAMESPACE_ID", + "RESOURCE_OWNER" + ] }, "ServiceFilters":{ "type":"list", @@ -2151,6 +2214,10 @@ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) that Cloud Map assigns to the service when you create it.

    " }, + "ResourceOwner":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the namespace with which the service is associated. If this isn't your account ID, it is the ID of the account that shared the namespace with your account. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " + }, "Name":{ "shape":"ServiceName", "documentation":"

    The name of the service.

    " @@ -2182,6 +2249,10 @@ "CreateDate":{ "shape":"Timestamp", "documentation":"

    The date and time that the service was created.

    " + }, + "CreatedByAccount":{ + "shape":"AWSAccountId", + "documentation":"

    The ID of the Amazon Web Services account that created the service. If this isn't your account ID, it is the account ID of the namespace owner or of another account with which the namespace has been shared. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " } }, "documentation":"

    A complex type that contains information about a specified service.

    " @@ -2252,8 +2323,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2292,8 +2362,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateHttpNamespaceRequest":{ "type":"structure", @@ -2303,8 +2372,8 @@ ], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace that you want to update.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace that you want to update.

    " }, "UpdaterRequestId":{ "shape":"ResourceId", @@ -2335,8 +2404,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that includes the configuration for the custom health check that you want to change the status for.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that includes the configuration for the custom health check that you want to change the status for. For services created in a shared namespace, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide.

    " }, "InstanceId":{ "shape":"ResourceId", @@ -2356,8 +2425,8 @@ ], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace that you want to update.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace that you want to update.

    " }, "UpdaterRequestId":{ "shape":"ResourceId", @@ -2387,8 +2456,8 @@ ], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the namespace being updated.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the namespace being updated.

    " }, "UpdaterRequestId":{ "shape":"ResourceId", @@ -2418,8 +2487,8 @@ ], "members":{ "ServiceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to update.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to update. For services created in a namespace shared with your Amazon Web Services account, specify the service ARN.

    " }, "Attributes":{ "shape":"ServiceAttributesMap", @@ -2429,8 +2498,7 @@ }, "UpdateServiceAttributesResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateServiceRequest":{ "type":"structure", @@ -2440,8 +2508,8 @@ ], "members":{ "Id":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service that you want to update.

    " + "shape":"Arn", + "documentation":"

    The ID or Amazon Resource Name (ARN) of the service that you want to update. If the namespace associated with the service is shared with your Amazon Web Services account, specify the service ARN. For more information about shared namespaces, see Cross-account Cloud Map namespace sharing in the Cloud Map Developer Guide

    " }, "Service":{ "shape":"ServiceChange", diff -pruN 2.23.6-1/awscli/botocore/data/ses/2010-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ses/2010-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ses/2010-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ses/2010-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ses/2010-12-01/service-2.json 2.31.35-1/awscli/botocore/data/ses/2010-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/ses/2010-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ses/2010-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1088,8 +1088,7 @@ "shapes":{ "AccountSendingPausedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that email sending is disabled for your entire Amazon SES account.

    You can enable or disable email sending for your Amazon SES account using UpdateAccountSendingEnabled.

    ", "error":{ "code":"AccountSendingPausedException", @@ -1331,8 +1330,7 @@ }, "CloneReceiptRuleSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CloudWatchDestination":{ @@ -1508,8 +1506,7 @@ }, "CreateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateConfigurationSetRequest":{ @@ -1525,8 +1522,7 @@ }, "CreateConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateConfigurationSetTrackingOptionsRequest":{ @@ -1546,8 +1542,7 @@ }, "CreateConfigurationSetTrackingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateCustomVerificationEmailTemplateRequest":{ @@ -1601,8 +1596,7 @@ }, "CreateReceiptFilterResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateReceiptRuleRequest":{ @@ -1629,8 +1623,7 @@ }, "CreateReceiptRuleResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateReceiptRuleSetRequest":{ @@ -1646,8 +1639,7 @@ }, "CreateReceiptRuleSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "CreateTemplateRequest":{ @@ -1663,8 +1655,7 @@ }, "CreateTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CustomMailFromStatus":{ "type":"string", @@ -1678,8 +1669,7 @@ "CustomRedirectDomain":{"type":"string"}, "CustomVerificationEmailInvalidContentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that custom verification email template provided content is invalid.

    ", "error":{ "code":"CustomVerificationEmailInvalidContent", @@ -1771,8 +1761,7 @@ }, "DeleteConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteConfigurationSetRequest":{ @@ -1788,8 +1777,7 @@ }, "DeleteConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteConfigurationSetTrackingOptionsRequest":{ @@ -1805,8 +1793,7 @@ }, "DeleteConfigurationSetTrackingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteCustomVerificationEmailTemplateRequest":{ @@ -1840,8 +1827,7 @@ }, "DeleteIdentityPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteIdentityRequest":{ @@ -1857,8 +1843,7 @@ }, "DeleteIdentityResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteReceiptFilterRequest":{ @@ -1874,8 +1859,7 @@ }, "DeleteReceiptFilterResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteReceiptRuleRequest":{ @@ -1898,8 +1882,7 @@ }, "DeleteReceiptRuleResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteReceiptRuleSetRequest":{ @@ -1915,8 +1898,7 @@ }, "DeleteReceiptRuleSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "DeleteTemplateRequest":{ @@ -1932,8 +1914,7 @@ }, "DeleteTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteVerifiedEmailAddressRequest":{ "type":"structure", @@ -1958,8 +1939,7 @@ }, "DescribeActiveReceiptRuleSetRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Represents a request to return the metadata and receipt rules for the receipt rule set that is currently active. You use receipt rule sets to receive email with Amazon SES. For more information, see the Amazon SES Developer Guide.

    " }, "DescribeActiveReceiptRuleSetResponse":{ @@ -2608,8 +2588,7 @@ }, "InvalidConfigurationSetException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the configuration set is invalid. See the error message for details.

    ", "error":{ "code":"InvalidConfigurationSet", @@ -2620,8 +2599,7 @@ }, "InvalidDeliveryOptionsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that provided delivery option is invalid.

    ", "error":{ "code":"InvalidDeliveryOptions", @@ -2668,8 +2646,7 @@ }, "InvalidPolicyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the provided policy is invalid. Check the error stack for more information about what caused the error.

    ", "error":{ "code":"InvalidPolicy", @@ -2758,8 +2735,7 @@ }, "InvalidTrackingOptionsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the custom domain to be used for open and click tracking redirects is invalid. This error appears most often in the following situations:

    • When the tracking domain you specified is not verified in Amazon SES.

    • When the tracking domain you specified is not a valid domain or subdomain.

    ", "error":{ "code":"InvalidTrackingOptions", @@ -2816,8 +2792,7 @@ "LastFreshStart":{"type":"timestamp"}, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that a resource could not be created because of service limits. For a list of Amazon SES limits, see the Amazon SES Developer Guide.

    ", "error":{ "code":"LimitExceeded", @@ -2939,8 +2914,7 @@ }, "ListReceiptFiltersRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Represents a request to list the IP address filters that exist under your Amazon Web Services account. You use IP address filters when you receive email with Amazon SES. For more information, see the Amazon SES Developer Guide.

    " }, "ListReceiptFiltersResponse":{ @@ -3021,8 +2995,7 @@ "MailFromDomainName":{"type":"string"}, "MailFromDomainNotVerifiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the message could not be sent because Amazon SES could not read the MX record required to use the specified MAIL FROM domain. For information about editing the custom MAIL FROM domain settings for an identity, see the Amazon SES Developer Guide.

    ", "error":{ "code":"MailFromDomainNotVerifiedException", @@ -3081,8 +3054,7 @@ "MessageId":{"type":"string"}, "MessageRejected":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the action failed, and the message could not be sent. Check the error stack for more information about what caused the error.

    ", "error":{ "code":"MessageRejected", @@ -3163,8 +3135,7 @@ }, "ProductionAccessNotGrantedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that the account has not been granted production access.

    ", "error":{ "code":"ProductionAccessNotGranted", @@ -3190,8 +3161,7 @@ }, "PutConfigurationSetDeliveryOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutIdentityPolicyRequest":{ @@ -3219,8 +3189,7 @@ }, "PutIdentityPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "RawMessage":{ @@ -3449,8 +3418,7 @@ }, "ReorderReceiptRuleSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "ReportingMta":{"type":"string"}, @@ -3927,8 +3895,7 @@ }, "SetActiveReceiptRuleSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetIdentityDkimEnabledRequest":{ @@ -3951,8 +3918,7 @@ }, "SetIdentityDkimEnabledResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetIdentityFeedbackForwardingEnabledRequest":{ @@ -3975,8 +3941,7 @@ }, "SetIdentityFeedbackForwardingEnabledResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetIdentityHeadersInNotificationsEnabledRequest":{ @@ -4004,8 +3969,7 @@ }, "SetIdentityHeadersInNotificationsEnabledResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetIdentityMailFromDomainRequest":{ @@ -4029,8 +3993,7 @@ }, "SetIdentityMailFromDomainResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetIdentityNotificationTopicRequest":{ @@ -4057,8 +4020,7 @@ }, "SetIdentityNotificationTopicResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "SetReceiptRulePositionRequest":{ @@ -4085,8 +4047,7 @@ }, "SetReceiptRulePositionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "StopAction":{ @@ -4278,8 +4239,7 @@ }, "UpdateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "UpdateConfigurationSetReputationMetricsEnabledRequest":{ @@ -4335,8 +4295,7 @@ }, "UpdateConfigurationSetTrackingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "UpdateCustomVerificationEmailTemplateRequest":{ @@ -4390,8 +4349,7 @@ }, "UpdateReceiptRuleResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "UpdateTemplateRequest":{ @@ -4403,8 +4361,7 @@ }, "UpdateTemplateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "VerificationAttributes":{ "type":"map", @@ -4494,8 +4451,7 @@ }, "VerifyEmailIdentityResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An empty element returned on a successful request.

    " }, "WorkmailAction":{ diff -pruN 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,32 +5,32 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "EndpointId": { "required": false, "documentation": "Operation parameter for EndpointId", - "type": "String" + "type": "string" } }, "rules": [ @@ -154,7 +154,7 @@ { "conditions": [], "endpoint": { - "url": "https://{EndpointId}.endpoints.email.{PartitionResult#dualStackDnsSuffix}", + "url": "https://{EndpointId}.endpoints.email.global.{PartitionResult#dualStackDnsSuffix}", "properties": { "authSchemes": [ { diff -pruN 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/paginators-1.json 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/paginators-1.json --- 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,30 @@ "output_token": "NextToken", "limit_key": "PageSize", "result_key": "MultiRegionEndpoints" + }, + "ListReputationEntities": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "ReputationEntities" + }, + "ListResourceTenants": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "ResourceTenants" + }, + "ListTenantResources": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "TenantResources" + }, + "ListTenants": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "PageSize", + "result_key": "Tenants" } } } diff -pruN 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/service-2.json 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/service-2.json --- 2.23.6-1/awscli/botocore/data/sesv2/2019-09-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sesv2/2019-09-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -266,6 +266,38 @@ ], "documentation":"

    Creates a multi-region endpoint (global-endpoint).

    The primary region is going to be the AWS-Region where the operation is executed. The secondary region has to be provided in request's parameters. From the data flow standpoint there is no difference between primary and secondary regions - sending traffic will be split equally between the two. The primary region is the region where the resource has been created and where it can be managed.

    " }, + "CreateTenant":{ + "name":"CreateTenant", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants" + }, + "input":{"shape":"CreateTenantRequest"}, + "output":{"shape":"CreateTenantResponse"}, + "errors":[ + {"shape":"AlreadyExistsException"}, + {"shape":"LimitExceededException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Create a tenant.

    Tenants are logical containers that group related SES resources together. Each tenant can have its own set of resources like email identities, configuration sets, and templates, along with reputation metrics and sending status. This helps isolate and manage email sending for different customers or business units within your Amazon SES API v2 account.

    " + }, + "CreateTenantResourceAssociation":{ + "name":"CreateTenantResourceAssociation", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/resources" + }, + "input":{"shape":"CreateTenantResourceAssociationRequest"}, + "output":{"shape":"CreateTenantResourceAssociationResponse"}, + "errors":[ + {"shape":"AlreadyExistsException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Associate a resource with a tenant.

    Resources can be email identities, configuration sets, or email templates. When you associate a resource with a tenant, you can use that resource when sending emails on behalf of that tenant.

    A single resource can be associated with multiple tenants, allowing for resource sharing across different tenants while maintaining isolation in email sending operations.

    " + }, "DeleteConfigurationSet":{ "name":"DeleteConfigurationSet", "http":{ @@ -436,6 +468,36 @@ ], "documentation":"

    Removes an email address from the suppression list for your account.

    " }, + "DeleteTenant":{ + "name":"DeleteTenant", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/delete" + }, + "input":{"shape":"DeleteTenantRequest"}, + "output":{"shape":"DeleteTenantResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Delete an existing tenant.

    When you delete a tenant, its associations with resources are removed, but the resources themselves are not deleted.

    " + }, + "DeleteTenantResourceAssociation":{ + "name":"DeleteTenantResourceAssociation", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/resources/delete" + }, + "input":{"shape":"DeleteTenantResourceAssociationRequest"}, + "output":{"shape":"DeleteTenantResourceAssociationResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Delete an association between a tenant and a resource.

    When you delete a tenant-resource association, the resource itself is not deleted, only its association with the specific tenant is removed. After removal, the resource will no longer be available for use with that tenant's email sending operations.

    " + }, "GetAccount":{ "name":"GetAccount", "http":{ @@ -750,6 +812,21 @@ ], "documentation":"

    Displays the multi-region endpoint (global-endpoint) configuration.

    Only multi-region endpoints (global-endpoints) whose primary region is the AWS-Region where operation is executed can be displayed.

    " }, + "GetReputationEntity":{ + "name":"GetReputationEntity", + "http":{ + "method":"GET", + "requestUri":"/v2/email/reputation/entities/{ReputationEntityType}/{ReputationEntityReference}" + }, + "input":{"shape":"GetReputationEntityRequest"}, + "output":{"shape":"GetReputationEntityResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Retrieve information about a specific reputation entity, including its reputation management policy, customer-managed status, Amazon Web Services Amazon SES-managed status, and aggregate sending status.

    Reputation entities represent resources in your Amazon SES account that have reputation tracking and management capabilities. The reputation impact reflects the highest impact reputation finding for the entity. Reputation findings can be retrieved using the ListRecommendations operation.

    " + }, "GetSuppressedDestination":{ "name":"GetSuppressedDestination", "http":{ @@ -765,6 +842,21 @@ ], "documentation":"

    Retrieves information about a specific email address that's on the suppression list for your account.

    " }, + "GetTenant":{ + "name":"GetTenant", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/get" + }, + "input":{"shape":"GetTenantRequest"}, + "output":{"shape":"GetTenantResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Get information about a specific tenant, including the tenant's name, ID, ARN, creation timestamp, tags, and sending status.

    " + }, "ListConfigurationSets":{ "name":"ListConfigurationSets", "http":{ @@ -791,7 +883,7 @@ {"shape":"BadRequestException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"

    Lists all of the contact lists available.

    " + "documentation":"

    Lists all of the contact lists available.

    If your output includes a \"NextToken\" field with a string value, this indicates there may be additional contacts on the filtered list - regardless of the number of contacts returned.

    " }, "ListContacts":{ "name":"ListContacts", @@ -951,6 +1043,35 @@ ], "documentation":"

    Lists the recommendations present in your Amazon SES account in the current Amazon Web Services Region.

    You can execute this operation no more than once per second.

    " }, + "ListReputationEntities":{ + "name":"ListReputationEntities", + "http":{ + "method":"POST", + "requestUri":"/v2/email/reputation/entities" + }, + "input":{"shape":"ListReputationEntitiesRequest"}, + "output":{"shape":"ListReputationEntitiesResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    List reputation entities in your Amazon SES account in the current Amazon Web Services Region. You can filter the results by entity type, reputation impact, sending status, or entity reference prefix.

    Reputation entities represent resources in your account that have reputation tracking and management capabilities. Use this operation to get an overview of all entities and their current reputation status.

    " + }, + "ListResourceTenants":{ + "name":"ListResourceTenants", + "http":{ + "method":"POST", + "requestUri":"/v2/email/resources/tenants/list" + }, + "input":{"shape":"ListResourceTenantsRequest"}, + "output":{"shape":"ListResourceTenantsResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"NotFoundException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    List all tenants associated with a specific resource.

    This operation returns a list of tenants that are associated with the specified resource. This is useful for understanding which tenants are currently using a particular resource such as an email identity, configuration set, or email template.

    " + }, "ListSuppressedDestinations":{ "name":"ListSuppressedDestinations", "http":{ @@ -981,6 +1102,35 @@ ], "documentation":"

    Retrieve a list of the tags (keys and values) that are associated with a specified resource. A tag is a label that you optionally define and associate with a resource. Each tag consists of a required tag key and an optional associated tag value. A tag key is a general label that acts as a category for more specific tag values. A tag value acts as a descriptor within a tag key.

    " }, + "ListTenantResources":{ + "name":"ListTenantResources", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/resources/list" + }, + "input":{"shape":"ListTenantResourcesRequest"}, + "output":{"shape":"ListTenantResourcesResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"NotFoundException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    List all resources associated with a specific tenant.

    This operation returns a list of resources (email identities, configuration sets, or email templates) that are associated with the specified tenant. You can optionally filter the results by resource type.

    " + }, + "ListTenants":{ + "name":"ListTenants", + "http":{ + "method":"POST", + "requestUri":"/v2/email/tenants/list" + }, + "input":{"shape":"ListTenantsRequest"}, + "output":{"shape":"ListTenantsResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    List all tenants associated with your account in the current Amazon Web Services Region.

    This operation returns basic information about each tenant, such as tenant name, ID, ARN, and creation timestamp.

    " + }, "PutAccountDedicatedIpWarmupAttributes":{ "name":"PutAccountDedicatedIpWarmupAttributes", "http":{ @@ -1052,6 +1202,22 @@ ], "documentation":"

    Update your Amazon SES account VDM attributes.

    You can execute this operation no more than once per second.

    " }, + "PutConfigurationSetArchivingOptions":{ + "name":"PutConfigurationSetArchivingOptions", + "http":{ + "method":"PUT", + "requestUri":"/v2/email/configuration-sets/{ConfigurationSetName}/archiving-options" + }, + "input":{"shape":"PutConfigurationSetArchivingOptionsRequest"}, + "output":{"shape":"PutConfigurationSetArchivingOptionsResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

    Associate the configuration set with a MailManager archive. When you send email using the SendEmail or SendBulkEmail operations the message as it will be given to the receiving SMTP server will be archived, along with the recipient information.

    ", + "idempotent":true + }, "PutConfigurationSetDeliveryOptions":{ "name":"PutConfigurationSetDeliveryOptions", "http":{ @@ -1492,6 +1658,36 @@ {"shape":"BadRequestException"} ], "documentation":"

    Updates an email template. Email templates enable you to send personalized email to one or more destinations in a single API operation. For more information, see the Amazon SES Developer Guide.

    You can execute this operation no more than once per second.

    " + }, + "UpdateReputationEntityCustomerManagedStatus":{ + "name":"UpdateReputationEntityCustomerManagedStatus", + "http":{ + "method":"PUT", + "requestUri":"/v2/email/reputation/entities/{ReputationEntityType}/{ReputationEntityReference}/customer-managed-status" + }, + "input":{"shape":"UpdateReputationEntityCustomerManagedStatusRequest"}, + "output":{"shape":"UpdateReputationEntityCustomerManagedStatusResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Update the customer-managed sending status for a reputation entity. This allows you to enable, disable, or reinstate sending for the entity.

    The customer-managed status works in conjunction with the Amazon Web Services Amazon SES-managed status to determine the overall sending capability. When you update the customer-managed status, the Amazon Web Services Amazon SES-managed status remains unchanged. If Amazon Web Services Amazon SES has disabled the entity, it will not be allowed to send regardless of the customer-managed status setting. When you reinstate an entity through the customer-managed status, it can continue sending only if the Amazon Web Services Amazon SES-managed status also permits sending, even if there are active reputation findings, until the findings are resolved or new violations occur.

    " + }, + "UpdateReputationEntityPolicy":{ + "name":"UpdateReputationEntityPolicy", + "http":{ + "method":"PUT", + "requestUri":"/v2/email/reputation/entities/{ReputationEntityType}/{ReputationEntityReference}/policy" + }, + "input":{"shape":"UpdateReputationEntityPolicyRequest"}, + "output":{"shape":"UpdateReputationEntityPolicyResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Update the reputation management policy for a reputation entity. The policy determines how the entity responds to reputation findings, such as automatically pausing sending when certain thresholds are exceeded.

    Reputation management policies are Amazon Web Services Amazon SES-managed (predefined policies). You can select from none, standard, and strict policies.

    " } }, "shapes":{ @@ -1527,8 +1723,7 @@ }, "AccountSuspendedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the account's ability to send email has been permanently restricted.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -1550,18 +1745,110 @@ "AdminEmail":{"type":"string"}, "AlreadyExistsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource specified in your request already exists.

    ", "error":{"httpStatusCode":400}, "exception":true }, - "AmazonResourceName":{"type":"string"}, - "AttributesData":{"type":"string"}, - "BadRequestException":{ + "AmazonResourceName":{ + "type":"string", + "min":1 + }, + "ArchiveArn":{ + "type":"string", + "max":1011, + "min":20, + "pattern":"arn:(aws|aws-[a-z-]+):ses:[a-z]{2}-[a-z-]+-[0-9]:[0-9]{1,20}:mailmanager-archive/a-[a-z0-9]{24,62}" + }, + "ArchivingOptions":{ + "type":"structure", + "members":{ + "ArchiveArn":{ + "shape":"ArchiveArn", + "documentation":"

    The Amazon Resource Name (ARN) of the MailManager archive where the Amazon SES API v2 will archive sent emails.

    " + } + }, + "documentation":"

    Used to associate a configuration set with a MailManager archive.

    " + }, + "Attachment":{ "type":"structure", + "required":[ + "RawContent", + "FileName" + ], "members":{ + "RawContent":{ + "shape":"RawAttachmentData", + "documentation":"

    The raw data of the attachment. It needs to be base64-encoded if you are accessing Amazon SES directly through the HTTPS interface. If you are accessing Amazon SES using an Amazon Web Services SDK, the SDK takes care of the base 64-encoding for you.

    " + }, + "ContentDisposition":{ + "shape":"AttachmentContentDisposition", + "documentation":"

    A standard descriptor indicating how the attachment should be rendered in the email. Supported values: ATTACHMENT or INLINE.

    " + }, + "FileName":{ + "shape":"AttachmentFileName", + "documentation":"

    The file name for the attachment as it will appear in the email. Amazon SES restricts certain file extensions. To ensure attachments are accepted, check the Unsupported attachment types in the Amazon SES Developer Guide.

    " + }, + "ContentDescription":{ + "shape":"AttachmentContentDescription", + "documentation":"

    A brief description of the attachment content.

    " + }, + "ContentId":{ + "shape":"AttachmentContentId", + "documentation":"

    Unique identifier for the attachment, used for referencing attachments with INLINE disposition in HTML content.

    " + }, + "ContentTransferEncoding":{ + "shape":"AttachmentContentTransferEncoding", + "documentation":"

    Specifies how the attachment is encoded. Supported values: BASE64, QUOTED_PRINTABLE, SEVEN_BIT.

    " + }, + "ContentType":{ + "shape":"AttachmentContentType", + "documentation":"

    The MIME type of the attachment.

    Example: application/pdf, image/jpeg

    " + } }, + "documentation":"

    Contains metadata and attachment raw content.

    " + }, + "AttachmentContentDescription":{ + "type":"string", + "max":1000 + }, + "AttachmentContentDisposition":{ + "type":"string", + "enum":[ + "ATTACHMENT", + "INLINE" + ] + }, + "AttachmentContentId":{ + "type":"string", + "max":78, + "min":1 + }, + "AttachmentContentTransferEncoding":{ + "type":"string", + "enum":[ + "BASE64", + "QUOTED_PRINTABLE", + "SEVEN_BIT" + ] + }, + "AttachmentContentType":{ + "type":"string", + "max":78, + "min":1 + }, + "AttachmentFileName":{ + "type":"string", + "max":255 + }, + "AttachmentList":{ + "type":"list", + "member":{"shape":"Attachment"} + }, + "AttributesData":{"type":"string"}, + "BadRequestException":{ + "type":"structure", + "members":{}, "documentation":"

    The input you provided is invalid.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -1817,8 +2104,7 @@ }, "CancelExportJobResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CaseId":{"type":"string"}, @@ -1879,8 +2165,7 @@ "ComplaintSubType":{"type":"string"}, "ConcurrentModificationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource is being modified by another operation or thread.

    ", "error":{"httpStatusCode":500}, "exception":true, @@ -1896,8 +2181,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If there is already an ongoing account details update under review.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -2018,8 +2302,7 @@ }, "CreateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateConfigurationSetRequest":{ @@ -2054,14 +2337,17 @@ "VdmOptions":{ "shape":"VdmOptions", "documentation":"

    An object that defines the VDM options for emails that you send using the configuration set.

    " + }, + "ArchivingOptions":{ + "shape":"ArchivingOptions", + "documentation":"

    An object that defines the MailManager archiving options for emails that you send using the configuration set.

    " } }, "documentation":"

    A request to create a configuration set.

    " }, "CreateConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateContactListRequest":{ @@ -2088,8 +2374,7 @@ }, "CreateContactListResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateContactRequest":{ "type":"structure", @@ -2124,8 +2409,7 @@ }, "CreateContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateCustomVerificationEmailTemplateRequest":{ "type":"structure", @@ -2167,8 +2451,7 @@ }, "CreateCustomVerificationEmailTemplateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "CreateDedicatedIpPoolRequest":{ @@ -2192,8 +2475,7 @@ }, "CreateDedicatedIpPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateDeliverabilityTestReportRequest":{ @@ -2269,8 +2551,7 @@ }, "CreateEmailIdentityPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "CreateEmailIdentityRequest":{ @@ -2334,8 +2615,7 @@ }, "CreateEmailTemplateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "CreateExportJobRequest":{ @@ -2430,6 +2710,74 @@ }, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, + "CreateTenantRequest":{ + "type":"structure", + "required":["TenantName"], + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to create. The name can contain up to 64 alphanumeric characters, including letters, numbers, hyphens (-) and underscores (_) only.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of objects that define the tags (keys and values) to associate with the tenant

    " + } + }, + "documentation":"

    Represents a request to create a tenant.

    Tenants are logical containers that group related SES resources together. Each tenant can have its own set of resources like email identities, configuration sets, and templates, along with reputation metrics and sending status. This helps isolate and manage email sending for different customers or business units within your Amazon SES API v2 account.

    " + }, + "CreateTenantResourceAssociationRequest":{ + "type":"structure", + "required":[ + "TenantName", + "ResourceArn" + ], + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to associate the resource with.

    " + }, + "ResourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to associate with the tenant.

    " + } + }, + "documentation":"

    Represents a request to associate a resource with a tenant.

    Resources can be email identities, configuration sets, or email templates. When you associate a resource with a tenant, you can use that resource when sending emails on behalf of that tenant.

    " + }, + "CreateTenantResourceAssociationResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " + }, + "CreateTenantResponse":{ + "type":"structure", + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant.

    " + }, + "TenantId":{ + "shape":"TenantId", + "documentation":"

    A unique identifier for the tenant.

    " + }, + "TenantArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the tenant.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the tenant was created.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of objects that define the tags (keys and values) associated with the tenant.

    " + }, + "SendingStatus":{ + "shape":"SendingStatus", + "documentation":"

    The status of email sending capability for the tenant.

    " + } + }, + "documentation":"

    Information about a newly created tenant.

    " + }, "CustomRedirectDomain":{ "type":"string", "documentation":"

    The domain to use for tracking open and click events.

    " @@ -2529,11 +2877,11 @@ }, "WarmupStatus":{ "shape":"WarmupStatus", - "documentation":"

    The warm-up status of a dedicated IP address. The status can have one of the following values:

    • IN_PROGRESS – The IP address isn't ready to use because the dedicated IP warm-up process is ongoing.

    • DONE – The dedicated IP warm-up process is complete, and the IP address is ready to use.

    " + "documentation":"

    The warm-up status of a dedicated IP address. The status can have one of the following values:

    • IN_PROGRESS – The IP address isn't ready to use because the dedicated IP warm-up process is ongoing.

    • DONE – The dedicated IP warm-up process is complete, and the IP address is ready to use.

    • NOT_APPLICABLE – The warm-up status doesn't apply to this IP address. This status is used for IP addresses in managed dedicated IP pools, where Amazon SES automatically handles the warm-up process.

    " }, "WarmupPercentage":{ "shape":"Percentage100Wrapper", - "documentation":"

    Indicates how complete the dedicated IP warm-up process is. When this value equals 1, the address has completed the warm-up process and is ready for use.

    " + "documentation":"

    Indicates the progress of your dedicated IP warm-up:

    • 0-100 – For standard dedicated IP addresses, this shows the warm-up completion percentage. A value of 100 means the IP address is fully warmed up and ready for use.

    • -1 – Appears for IP addresses in managed dedicated pools where Amazon SES automatically handles the warm-up process, making the percentage not applicable.

    " }, "PoolName":{ "shape":"PoolName", @@ -2593,8 +2941,7 @@ }, "DeleteConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteConfigurationSetRequest":{ @@ -2612,8 +2959,7 @@ }, "DeleteConfigurationSetResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteContactListRequest":{ @@ -2630,8 +2976,7 @@ }, "DeleteContactListResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContactRequest":{ "type":"structure", @@ -2656,8 +3001,7 @@ }, "DeleteContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCustomVerificationEmailTemplateRequest":{ "type":"structure", @@ -2674,8 +3018,7 @@ }, "DeleteCustomVerificationEmailTemplateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "DeleteDedicatedIpPoolRequest":{ @@ -2693,8 +3036,7 @@ }, "DeleteDedicatedIpPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteEmailIdentityPolicyRequest":{ @@ -2721,8 +3063,7 @@ }, "DeleteEmailIdentityPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteEmailIdentityRequest":{ @@ -2740,8 +3081,7 @@ }, "DeleteEmailIdentityResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "DeleteEmailTemplateRequest":{ @@ -2759,8 +3099,7 @@ }, "DeleteEmailTemplateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "DeleteMultiRegionEndpointRequest":{ @@ -2801,9 +3140,47 @@ }, "DeleteSuppressedDestinationResponse":{ "type":"structure", + "members":{}, + "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " + }, + "DeleteTenantRequest":{ + "type":"structure", + "required":["TenantName"], + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to delete.

    " + } + }, + "documentation":"

    Represents a request to delete a tenant.

    " + }, + "DeleteTenantResourceAssociationRequest":{ + "type":"structure", + "required":[ + "TenantName", + "ResourceArn" + ], "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to remove the resource association from.

    " + }, + "ResourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to remove from the tenant association.

    " + } }, - "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " + "documentation":"

    Represents a request to delete an association between a tenant and a resource.

    " + }, + "DeleteTenantResourceAssociationResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " + }, + "DeleteTenantResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "DeliverabilityDashboardAccountStatus":{ "type":"string", @@ -2959,7 +3336,7 @@ }, "SigningAttributesOrigin":{ "shape":"DkimSigningAttributesOrigin", - "documentation":"

    A string that indicates how DKIM was configured for the identity. These are the possible values:

    • AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.

    • EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

    " + "documentation":"

    A string that indicates how DKIM was configured for the identity. These are the possible values:

    • AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.

    • EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

    " }, "NextSigningKeyLength":{ "shape":"DkimSigningKeyLength", @@ -2993,7 +3370,7 @@ }, "DomainSigningAttributesOrigin":{ "shape":"DkimSigningAttributesOrigin", - "documentation":"

    The attribute to use for configuring DKIM for the identity depends on the operation:

    1. For PutEmailIdentityDkimSigningAttributes:

    2. For CreateEmailIdentity when replicating a parent identity's DKIM configuration:

      • Allowed values: All values except AWS_SES and EXTERNAL

    • AWS_SES – Configure DKIM for the identity by using Easy DKIM.

    • EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

    " + "documentation":"

    The attribute to use for configuring DKIM for the identity depends on the operation:

    1. For PutEmailIdentityDkimSigningAttributes:

    2. For CreateEmailIdentity when replicating a parent identity's DKIM configuration:

      • Allowed values: All values except AWS_SES and EXTERNAL

    • AWS_SES – Configure DKIM for the identity by using Easy DKIM.

    • EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).

    • AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTH_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_EU_CENTRAL_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).

    • AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).

    " } }, "documentation":"

    An object that contains configuration for Bring Your Own DKIM (BYODKIM), or, for Easy DKIM

    " @@ -3024,7 +3401,10 @@ "AWS_SES_US_EAST_1", "AWS_SES_US_EAST_2", "AWS_SES_US_WEST_1", - "AWS_SES_US_WEST_2" + "AWS_SES_US_WEST_2", + "AWS_SES_ME_CENTRAL_1", + "AWS_SES_AP_SOUTH_2", + "AWS_SES_EU_CENTRAL_2" ] }, "DkimSigningKeyLength":{ @@ -3186,7 +3566,7 @@ "members":{ "Simple":{ "shape":"Message", - "documentation":"

    The simple email message. The message consists of a subject and a message body.

    " + "documentation":"

    The simple email message. The message consists of a subject, message body and attachments list.

    " }, "Raw":{ "shape":"RawMessage", @@ -3197,7 +3577,7 @@ "documentation":"

    The template to use for the email message.

    " } }, - "documentation":"

    An object that defines the entire content of the email, including the message headers and the body content. You can create a simple email message, in which you specify the subject and the text and HTML versions of the message body. You can also create raw messages, in which you specify a complete MIME-formatted message. Raw messages can include attachments and custom headers.

    " + "documentation":"

    An object that defines the entire content of the email, including the message headers, body content, and attachments. For a simple email message, you specify the subject and provide both text and HTML versions of the message body. You can also add attachments to simple and templated messages. For a raw message, you provide a complete MIME-formatted message, which can include custom headers and attachments.

    " }, "EmailInsights":{ "type":"structure", @@ -3280,7 +3660,7 @@ }, "EmailTemplateName":{ "type":"string", - "documentation":"

    The name of the template. You will refer to this name when you send email using the SendTemplatedEmail or SendBulkTemplatedEmail operations.

    ", + "documentation":"

    The name of the template. You will refer to this name when you send email using the SendEmail or SendBulkEmail operations.

    ", "min":1 }, "EmailTemplateSubject":{ @@ -3346,7 +3726,7 @@ }, "MatchingEventTypes":{ "shape":"EventTypes", - "documentation":"

    The types of events that Amazon SES sends to the specified event destinations.

    • SEND - The send request was successful and SES will attempt to deliver the message to the recipient’s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)

    • REJECT - SES accepted the email, but determined that it contained a virus and didn’t attempt to deliver it to the recipient’s mail server.

    • BOUNCE - (Hard bounce) The recipient's mail server permanently rejected the email. (Soft bounces are only included when SES fails to deliver the email after retrying for a period of time.)

    • COMPLAINT - The email was successfully delivered to the recipient’s mail server, but the recipient marked it as spam.

    • DELIVERY - SES successfully delivered the email to the recipient's mail server.

    • OPEN - The recipient received the message and opened it in their email client.

    • CLICK - The recipient clicked one or more links in the email.

    • RENDERING_FAILURE - The email wasn't sent because of a template rendering issue. This event type can occur when template data is missing, or when there is a mismatch between template parameters and data. (This event type only occurs when you send email using the SendTemplatedEmail or SendBulkTemplatedEmail API operations.)

    • DELIVERY_DELAY - The email couldn't be delivered to the recipient’s mail server because a temporary issue occurred. Delivery delays can occur, for example, when the recipient's inbox is full, or when the receiving email server experiences a transient issue.

    • SUBSCRIPTION - The email was successfully delivered, but the recipient updated their subscription preferences by clicking on an unsubscribe link as part of your subscription management.

    " + "documentation":"

    The types of events that Amazon SES sends to the specified event destinations.

    • SEND - The send request was successful and SES will attempt to deliver the message to the recipient’s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)

    • REJECT - SES accepted the email, but determined that it contained a virus and didn’t attempt to deliver it to the recipient’s mail server.

    • BOUNCE - (Hard bounce) The recipient's mail server permanently rejected the email. (Soft bounces are only included when SES fails to deliver the email after retrying for a period of time.)

    • COMPLAINT - The email was successfully delivered to the recipient’s mail server, but the recipient marked it as spam.

    • DELIVERY - SES successfully delivered the email to the recipient's mail server.

    • OPEN - The recipient received the message and opened it in their email client.

    • CLICK - The recipient clicked one or more links in the email.

    • RENDERING_FAILURE - The email wasn't sent because of a template rendering issue. This event type can occur when template data is missing, or when there is a mismatch between template parameters and data. (This event type only occurs when you send email using the SendEmail or SendBulkEmail API operations.)

    • DELIVERY_DELAY - The email couldn't be delivered to the recipient’s mail server because a temporary issue occurred. Delivery delays can occur, for example, when the recipient's inbox is full, or when the receiving email server experiences a transient issue.

    • SUBSCRIPTION - The email was successfully delivered, but the recipient updated their subscription preferences by clicking on an unsubscribe link as part of your subscription management.

    " }, "KinesisFirehoseDestination":{ "shape":"KinesisFirehoseDestination", @@ -3582,8 +3962,7 @@ "GeneralEnforcementStatus":{"type":"string"}, "GetAccountRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A request to obtain information about the email-sending capabilities of your Amazon SES account.

    " }, "GetAccountResponse":{ @@ -3718,6 +4097,10 @@ "VdmOptions":{ "shape":"VdmOptions", "documentation":"

    An object that contains information about the VDM preferences for your configuration set.

    " + }, + "ArchivingOptions":{ + "shape":"ArchivingOptions", + "documentation":"

    An object that defines the MailManager archive where sent emails are archived that you send using the configuration set.

    " } }, "documentation":"

    Information about a configuration set.

    " @@ -3950,8 +4333,7 @@ }, "GetDeliverabilityDashboardOptionsRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Retrieve information about the status of the Deliverability dashboard for your Amazon Web Services account. When the Deliverability dashboard is enabled, you gain access to reputation, deliverability, and other metrics for your domains. You also gain the ability to perform predictive inbox placement tests.

    When you use the Deliverability dashboard, you pay a monthly subscription charge, in addition to any other fees that you accrue by using Amazon SES and other Amazon Web Services services. For more information about the features and cost of a Deliverability dashboard subscription, see Amazon Pinpoint Pricing.

    " }, "GetDeliverabilityDashboardOptionsResponse":{ @@ -4401,6 +4783,38 @@ }, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, + "GetReputationEntityRequest":{ + "type":"structure", + "required":[ + "ReputationEntityReference", + "ReputationEntityType" + ], + "members":{ + "ReputationEntityReference":{ + "shape":"ReputationEntityReference", + "documentation":"

    The unique identifier for the reputation entity. For resource-type entities, this is the Amazon Resource Name (ARN) of the resource.

    ", + "location":"uri", + "locationName":"ReputationEntityReference" + }, + "ReputationEntityType":{ + "shape":"ReputationEntityType", + "documentation":"

    The type of reputation entity. Currently, only RESOURCE type entities are supported.

    ", + "location":"uri", + "locationName":"ReputationEntityType" + } + }, + "documentation":"

    Represents a request to retrieve information about a specific reputation entity.

    " + }, + "GetReputationEntityResponse":{ + "type":"structure", + "members":{ + "ReputationEntity":{ + "shape":"ReputationEntity", + "documentation":"

    The reputation entity information, including status records, policy configuration, and reputation impact.

    " + } + }, + "documentation":"

    Information about the requested reputation entity.

    " + }, "GetSuppressedDestinationRequest":{ "type":"structure", "required":["EmailAddress"], @@ -4425,6 +4839,27 @@ }, "documentation":"

    Information about the suppressed email address.

    " }, + "GetTenantRequest":{ + "type":"structure", + "required":["TenantName"], + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to retrieve information about.

    " + } + }, + "documentation":"

    Represents a request to get information about a specific tenant.

    " + }, + "GetTenantResponse":{ + "type":"structure", + "members":{ + "Tenant":{ + "shape":"Tenant", + "documentation":"

    A structure that contains details about the tenant.

    " + } + }, + "documentation":"

    Information about a specific tenant.

    " + }, "GuardianAttributes":{ "type":"structure", "members":{ @@ -4603,8 +5038,7 @@ }, "InternalServiceErrorException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The request couldn't be processed because an error occurred with the Amazon SES API v2.

    ", "error":{"httpStatusCode":500}, "exception":true, @@ -4612,8 +5046,7 @@ }, "InvalidNextTokenException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified request includes an invalid or expired token.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -4708,8 +5141,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    There are too many instances of the specified resource type.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -5187,7 +5619,7 @@ }, "ListRecommendationsFilterKey":{ "type":"string", - "documentation":"

    The ListRecommendations filter type. This can be one of the following:

    • TYPE – The recommendation type, with values like DKIM, SPF, DMARC or BIMI.

    • IMPACT – The recommendation impact, with values like HIGH or LOW.

    • STATUS – The recommendation status, with values like OPEN or FIXED.

    • RESOURCE_ARN – The resource affected by the recommendation, with values like arn:aws:ses:us-east-1:123456789012:identity/example.com.

    ", + "documentation":"

    The ListRecommendations filter type. This can be one of the following:

    • TYPE – The recommendation type, with values like DKIM, SPF, DMARC, BIMI, or COMPLAINT.

    • IMPACT – The recommendation impact, with values like HIGH or LOW.

    • STATUS – The recommendation status, with values like OPEN or FIXED.

    • RESOURCE_ARN – The resource affected by the recommendation, with values like arn:aws:ses:us-east-1:123456789012:identity/example.com.

    ", "enum":[ "TYPE", "IMPACT", @@ -5227,6 +5659,71 @@ }, "documentation":"

    Contains the response to your request to retrieve the list of recommendations for your account.

    " }, + "ListReputationEntitiesRequest":{ + "type":"structure", + "members":{ + "Filter":{ + "shape":"ReputationEntityFilter", + "documentation":"

    An object that contains filters to apply when listing reputation entities. You can filter by entity type, reputation impact, sending status, or entity reference prefix.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token returned from a previous call to ListReputationEntities to indicate the position in the list of reputation entities.

    " + }, + "PageSize":{ + "shape":"MaxItems", + "documentation":"

    The number of results to show in a single call to ListReputationEntities. If the number of results is larger than the number you specified in this parameter, then the response includes a NextToken element, which you can use to obtain additional results.

    " + } + }, + "documentation":"

    Represents a request to list reputation entities with optional filtering.

    " + }, + "ListReputationEntitiesResponse":{ + "type":"structure", + "members":{ + "ReputationEntities":{ + "shape":"ReputationEntitiesList", + "documentation":"

    An array that contains information about the reputation entities in your account.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that indicates that there are additional reputation entities to list. To view additional reputation entities, issue another request to ListReputationEntities, and pass this token in the NextToken parameter.

    " + } + }, + "documentation":"

    A list of reputation entities in your account.

    " + }, + "ListResourceTenantsRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the resource to list associated tenants for.

    " + }, + "PageSize":{ + "shape":"MaxItems", + "documentation":"

    The number of results to show in a single call to ListResourceTenants. If the number of results is larger than the number you specified in this parameter, then the response includes a NextToken element, which you can use to obtain additional results.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token returned from a previous call to ListResourceTenants to indicate the position in the list of resource tenants.

    " + } + }, + "documentation":"

    Represents a request to list tenants associated with a specific resource.

    " + }, + "ListResourceTenantsResponse":{ + "type":"structure", + "members":{ + "ResourceTenants":{ + "shape":"ResourceTenantMetadataList", + "documentation":"

    An array that contains information about each tenant associated with the resource.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that indicates that there are additional tenants to list. To view additional tenants, issue another request to ListResourceTenants, and pass this token in the NextToken parameter.

    " + } + }, + "documentation":"

    Information about tenants associated with a specific resource.

    " + }, "ListSuppressedDestinationsRequest":{ "type":"structure", "members":{ @@ -5299,6 +5796,88 @@ } } }, + "ListTenantResourcesFilter":{ + "type":"map", + "key":{"shape":"ListTenantResourcesFilterKey"}, + "value":{"shape":"ListTenantResourcesFilterValue"}, + "documentation":"

    An object that contains mapping between ListTenantResourcesFilterKey and ListTenantResourcesFilterValue to filter by.

    " + }, + "ListTenantResourcesFilterKey":{ + "type":"string", + "documentation":"

    The key used to filter tenant resources. Currently, the only supported filter key is RESOURCE_TYPE.

    ", + "enum":["RESOURCE_TYPE"] + }, + "ListTenantResourcesFilterValue":{ + "type":"string", + "documentation":"

    The value used to filter tenant resources. When filtering by RESOURCE_TYPE, valid values are EMAIL_IDENTITY, CONFIGURATION_SET, or EMAIL_TEMPLATE.

    ", + "max":512, + "min":1 + }, + "ListTenantResourcesRequest":{ + "type":"structure", + "required":["TenantName"], + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant to list resources for.

    " + }, + "Filter":{ + "shape":"ListTenantResourcesFilter", + "documentation":"

    A map of filter keys and values for filtering the list of tenant resources. Currently, the only supported filter key is RESOURCE_TYPE.

    " + }, + "PageSize":{ + "shape":"MaxItems", + "documentation":"

    The number of results to show in a single call to ListTenantResources. If the number of results is larger than the number you specified in this parameter, then the response includes a NextToken element, which you can use to obtain additional results.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token returned from a previous call to ListTenantResources to indicate the position in the list of tenant resources.

    " + } + }, + "documentation":"

    Represents a request to list resources associated with a specific tenant.

    " + }, + "ListTenantResourcesResponse":{ + "type":"structure", + "members":{ + "TenantResources":{ + "shape":"TenantResourceList", + "documentation":"

    An array that contains information about each resource associated with the tenant.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that indicates that there are additional resources to list. To view additional resources, issue another request to ListTenantResources, and pass this token in the NextToken parameter.

    " + } + }, + "documentation":"

    Information about resources associated with a specific tenant.

    " + }, + "ListTenantsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token returned from a previous call to ListTenants to indicate the position in the list of tenants.

    " + }, + "PageSize":{ + "shape":"MaxItems", + "documentation":"

    The number of results to show in a single call to ListTenants. If the number of results is larger than the number you specified in this parameter, then the response includes a NextToken element, which you can use to obtain additional results.

    " + } + }, + "documentation":"

    Represents a request to list all tenants associated with your account in the current Amazon Web Services Region.

    " + }, + "ListTenantsResponse":{ + "type":"structure", + "members":{ + "Tenants":{ + "shape":"TenantInfoList", + "documentation":"

    An array that contains basic information about each tenant.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    A token that indicates that there are additional tenants to list. To view additional tenants, issue another request to ListTenants, and pass this token in the NextToken parameter.

    " + } + }, + "documentation":"

    Information about tenants associated with your account.

    " + }, "MailFromAttributes":{ "type":"structure", "required":[ @@ -5328,8 +5907,7 @@ }, "MailFromDomainNotVerifiedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the sending domain isn't verified.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -5377,6 +5955,10 @@ "Headers":{ "shape":"MessageHeaderList", "documentation":"

    The list of message headers that will be added to the email message.

    " + }, + "Attachments":{ + "shape":"AttachmentList", + "documentation":"

    The List of attachments to include in your email. All recipients will receive the same attachments.

    " } }, "documentation":"

    Represents the email message that you're sending. The Message object consists of a subject line and a message body.

    " @@ -5492,8 +6074,7 @@ }, "MessageRejected":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because it contains invalid content.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -5694,8 +6275,7 @@ }, "NotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource you attempted to access doesn't exist.

    ", "error":{"httpStatusCode":404}, "exception":true @@ -5807,8 +6387,7 @@ }, "PutAccountDedicatedIpWarmupAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutAccountDetailsRequest":{ @@ -5847,8 +6426,7 @@ }, "PutAccountDetailsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutAccountSendingAttributesRequest":{ @@ -5863,8 +6441,7 @@ }, "PutAccountSendingAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutAccountSuppressionAttributesRequest":{ @@ -5879,8 +6456,7 @@ }, "PutAccountSuppressionAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutAccountVdmAttributesRequest":{ @@ -5896,8 +6472,29 @@ }, "PutAccountVdmAttributesResponse":{ "type":"structure", + "members":{} + }, + "PutConfigurationSetArchivingOptionsRequest":{ + "type":"structure", + "required":["ConfigurationSetName"], "members":{ - } + "ConfigurationSetName":{ + "shape":"ConfigurationSetName", + "documentation":"

    The name of the configuration set to associate with a MailManager archive.

    ", + "location":"uri", + "locationName":"ConfigurationSetName" + }, + "ArchiveArn":{ + "shape":"ArchiveArn", + "documentation":"

    The Amazon Resource Name (ARN) of the MailManager archive that the Amazon SES API v2 sends email to.

    " + } + }, + "documentation":"

    A request to associate a configuration set with a MailManager archive.

    " + }, + "PutConfigurationSetArchivingOptionsResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetDeliveryOptionsRequest":{ "type":"structure", @@ -5926,8 +6523,7 @@ }, "PutConfigurationSetDeliveryOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetReputationOptionsRequest":{ @@ -5949,8 +6545,7 @@ }, "PutConfigurationSetReputationOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetSendingOptionsRequest":{ @@ -5972,8 +6567,7 @@ }, "PutConfigurationSetSendingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetSuppressionOptionsRequest":{ @@ -5995,8 +6589,7 @@ }, "PutConfigurationSetSuppressionOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetTrackingOptionsRequest":{ @@ -6019,8 +6612,7 @@ }, "PutConfigurationSetTrackingOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutConfigurationSetVdmOptionsRequest":{ @@ -6042,8 +6634,7 @@ }, "PutConfigurationSetVdmOptionsResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDedicatedIpInPoolRequest":{ @@ -6068,8 +6659,7 @@ }, "PutDedicatedIpInPoolResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDedicatedIpPoolScalingAttributesRequest":{ @@ -6094,8 +6684,7 @@ }, "PutDedicatedIpPoolScalingAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDedicatedIpWarmupAttributesRequest":{ @@ -6120,8 +6709,7 @@ }, "PutDedicatedIpWarmupAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutDeliverabilityDashboardOptionRequest":{ @@ -6141,8 +6729,7 @@ }, "PutDeliverabilityDashboardOptionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A response that indicates whether the Deliverability dashboard is enabled.

    " }, "PutEmailIdentityConfigurationSetAttributesRequest":{ @@ -6164,8 +6751,7 @@ }, "PutEmailIdentityConfigurationSetAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "PutEmailIdentityDkimAttributesRequest":{ @@ -6187,8 +6773,7 @@ }, "PutEmailIdentityDkimAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutEmailIdentityDkimSigningAttributesRequest":{ @@ -6248,8 +6833,7 @@ }, "PutEmailIdentityFeedbackAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutEmailIdentityMailFromAttributesRequest":{ @@ -6275,8 +6859,7 @@ }, "PutEmailIdentityMailFromAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "PutSuppressedDestinationRequest":{ @@ -6299,8 +6882,7 @@ }, "PutSuppressedDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "QueryErrorCode":{ @@ -6316,6 +6898,7 @@ "max":255, "min":1 }, + "RawAttachmentData":{"type":"blob"}, "RawMessage":{ "type":"structure", "required":["Data"], @@ -6344,7 +6927,7 @@ }, "Type":{ "shape":"RecommendationType", - "documentation":"

    The recommendation type, with values like DKIM, SPF, DMARC or BIMI.

    " + "documentation":"

    The recommendation type, with values like DKIM, SPF, DMARC, BIMI, or COMPLAINT.

    " }, "Description":{ "shape":"RecommendationDescription", @@ -6391,7 +6974,10 @@ "DMARC", "SPF", "BIMI", - "COMPLAINT" + "COMPLAINT", + "BOUNCE", + "FEEDBACK_3P", + "IP_LISTING" ] }, "RecommendationsList":{ @@ -6438,6 +7024,77 @@ "type":"string", "documentation":"

    A name that helps you identify a report generated by the Deliverability dashboard.

    " }, + "ReputationEntitiesList":{ + "type":"list", + "member":{"shape":"ReputationEntity"}, + "documentation":"

    A list of reputation entities.

    " + }, + "ReputationEntity":{ + "type":"structure", + "members":{ + "ReputationEntityReference":{ + "shape":"ReputationEntityReference", + "documentation":"

    The unique identifier for the reputation entity. For resource-type entities, this is the Amazon Resource Name (ARN) of the resource.

    " + }, + "ReputationEntityType":{ + "shape":"ReputationEntityType", + "documentation":"

    The type of reputation entity. Currently, only RESOURCE type entities are supported.

    " + }, + "ReputationManagementPolicy":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the reputation management policy applied to this entity. This is an Amazon Web Services Amazon SES-managed policy.

    " + }, + "CustomerManagedStatus":{ + "shape":"StatusRecord", + "documentation":"

    The customer-managed status record for this reputation entity, including the current status, cause description, and last updated timestamp.

    " + }, + "AwsSesManagedStatus":{ + "shape":"StatusRecord", + "documentation":"

    The Amazon Web Services Amazon SES-managed status record for this reputation entity, including the current status, cause description, and last updated timestamp.

    " + }, + "SendingStatusAggregate":{ + "shape":"SendingStatus", + "documentation":"

    The aggregate sending status that determines whether the entity is allowed to send emails. This status is derived from both the customer-managed and Amazon Web Services Amazon SES-managed statuses. If either the customer-managed status or the Amazon Web Services Amazon SES-managed status is DISABLED, the aggregate status will be DISABLED and the entity will not be allowed to send emails. When the customer-managed status is set to REINSTATED, the entity can continue sending even if there are active reputation findings, provided the Amazon Web Services Amazon SES-managed status also permits sending. The entity can only send emails when both statuses permit sending.

    " + }, + "ReputationImpact":{ + "shape":"RecommendationImpact", + "documentation":"

    The reputation impact level for this entity, representing the highest impact reputation finding currently active. Reputation findings can be retrieved using the ListRecommendations operation.

    " + } + }, + "documentation":"

    An object that contains information about a reputation entity, including its reference, type, policy, status records, and reputation impact.

    " + }, + "ReputationEntityFilter":{ + "type":"map", + "key":{"shape":"ReputationEntityFilterKey"}, + "value":{"shape":"ReputationEntityFilterValue"}, + "documentation":"

    An object that contains filters to apply when listing reputation entities.

    " + }, + "ReputationEntityFilterKey":{ + "type":"string", + "documentation":"

    The filter key to use when listing reputation entities. This can be one of the following:

    • ENTITY_TYPE – Filter by entity type.

    • REPUTATION_IMPACT – Filter by reputation impact level.

    • SENDING_STATUS – Filter by aggregate sending status.

    • ENTITY_REFERENCE_PREFIX – Filter by entity reference prefix.

    ", + "enum":[ + "ENTITY_TYPE", + "REPUTATION_IMPACT", + "SENDING_STATUS", + "ENTITY_REFERENCE_PREFIX" + ] + }, + "ReputationEntityFilterValue":{ + "type":"string", + "documentation":"

    The filter value to match against the specified filter key.

    ", + "max":512, + "min":1 + }, + "ReputationEntityReference":{ + "type":"string", + "documentation":"

    The unique identifier for a reputation entity. For resource-type entities, this is the Amazon Resource Name (ARN) of the resource.

    ", + "min":1 + }, + "ReputationEntityType":{ + "type":"string", + "documentation":"

    The type of reputation entity. Currently, only RESOURCE type entities are supported, which represent resources in your Amazon SES account that have reputation tracking capabilities.

    ", + "enum":["RESOURCE"] + }, "ReputationOptions":{ "type":"structure", "members":{ @@ -6452,6 +7109,42 @@ }, "documentation":"

    Enable or disable collection of reputation metrics for emails that you send using this configuration set in the current Amazon Web Services Region.

    " }, + "ResourceTenantMetadata":{ + "type":"structure", + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant associated with the resource.

    " + }, + "TenantId":{ + "shape":"TenantId", + "documentation":"

    A unique identifier for the tenant associated with the resource.

    " + }, + "ResourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " + }, + "AssociatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the resource was associated with the tenant.

    " + } + }, + "documentation":"

    A structure that contains information about a tenant associated with a resource.

    " + }, + "ResourceTenantMetadataList":{ + "type":"list", + "member":{"shape":"ResourceTenantMetadata"}, + "documentation":"

    A list of tenant metadata objects associated with a resource.

    " + }, + "ResourceType":{ + "type":"string", + "documentation":"

    The type of resource that can be associated with a tenant. Can be one of the following:

    • EMAIL_IDENTITY - An email address or domain that you use to send email.

    • CONFIGURATION_SET - A set of rules that you can apply to emails you send.

    • EMAIL_TEMPLATE - A template that defines the content of an email message.

    ", + "enum":[ + "EMAIL_IDENTITY", + "CONFIGURATION_SET", + "EMAIL_TEMPLATE" + ] + }, "ReviewDetails":{ "type":"structure", "members":{ @@ -6590,6 +7283,10 @@ "shape":"EndpointId", "documentation":"

    The ID of the multi-region endpoint (global-endpoint).

    ", "contextParam":{"name":"EndpointId"} + }, + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant through which this bulk email will be sent.

    The email sending operation will only succeed if all referenced resources (identities, configuration sets, and templates) are associated with this tenant.

    " } }, "documentation":"

    Represents a request to send email messages to multiple destinations using Amazon SES. For more information, see the Amazon SES Developer Guide.

    " @@ -6682,6 +7379,10 @@ "documentation":"

    The ID of the multi-region endpoint (global-endpoint).

    ", "contextParam":{"name":"EndpointId"} }, + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant through which this email will be sent.

    The email sending operation will only succeed if all referenced resources (identities, configuration sets, and templates) are associated with this tenant.

    " + }, "ListManagementOptions":{ "shape":"ListManagementOptions", "documentation":"

    An object used to specify a list or topic to which an email belongs, which will be used when a contact chooses to unsubscribe.

    " @@ -6729,8 +7430,7 @@ }, "SendingPausedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The message can't be sent because the account's ability to send email is currently paused.

    ", "error":{"httpStatusCode":400}, "exception":true @@ -6739,6 +7439,15 @@ "type":"string", "documentation":"

    The name of the dedicated IP pool to associate with the configuration set.

    " }, + "SendingStatus":{ + "type":"string", + "documentation":"

    The sending status for a reputation entity. This can be one of the following:

    • ENABLED – Sending is allowed for this entity.

    • DISABLED – Sending is prevented for this entity.

    • REINSTATED – Sending is allowed even if there are active reputation findings.

    ", + "enum":[ + "ENABLED", + "REINSTATED", + "DISABLED" + ] + }, "SentLast24Hours":{"type":"double"}, "SerialNumber":{"type":"long"}, "SnsDestination":{ @@ -6762,6 +7471,30 @@ "DELETING" ] }, + "StatusCause":{ + "type":"string", + "documentation":"

    A description of the reason for a status change, such as automated actions taken due to reputation findings or manual status updates.

    ", + "max":512, + "min":1 + }, + "StatusRecord":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"SendingStatus", + "documentation":"

    The current sending status. This can be one of the following:

    • ENABLED – Sending is allowed.

    • DISABLED – Sending is prevented.

    • REINSTATED – Sending is allowed even with active reputation findings.

    " + }, + "Cause":{ + "shape":"StatusCause", + "documentation":"

    A description of the reason for the current status, or null if no specific cause is available.

    " + }, + "LastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when this status was last updated.

    " + } + }, + "documentation":"

    An object that contains status information for a reputation entity, including the current status, cause description, and timestamp.

    " + }, "Subject":{"type":"string"}, "SubscriptionStatus":{ "type":"string", @@ -6939,8 +7672,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{"type":"string"}, "Template":{ @@ -6948,7 +7680,7 @@ "members":{ "TemplateName":{ "shape":"EmailTemplateName", - "documentation":"

    The name of the template. You will refer to this name when you send email using the SendTemplatedEmail or SendBulkTemplatedEmail operations.

    " + "documentation":"

    The name of the template. You will refer to this name when you send email using the SendEmail or SendBulkEmail operations.

    " }, "TemplateArn":{ "shape":"AmazonResourceName", @@ -6965,6 +7697,10 @@ "Headers":{ "shape":"MessageHeaderList", "documentation":"

    The list of message headers that will be added to the email message.

    " + }, + "Attachments":{ + "shape":"AttachmentList", + "documentation":"

    The List of attachments to include in your email. All recipients will receive the same attachments.

    " } }, "documentation":"

    An object that defines the email template to use for an email message, and the values to use for any message variables in that template. An email template is a type of message template that contains content that you want to reuse in email messages that you send. You can specifiy the email template by providing the name or ARN of an email template previously saved in your Amazon SES account or by providing the full template content.

    " @@ -6973,6 +7709,88 @@ "type":"string", "documentation":"

    The content of the custom verification email template.

    " }, + "Tenant":{ + "type":"structure", + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant.

    " + }, + "TenantId":{ + "shape":"TenantId", + "documentation":"

    A unique identifier for the tenant.

    " + }, + "TenantArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the tenant.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the tenant was created.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    An array of objects that define the tags (keys and values) associated with the tenant.

    " + }, + "SendingStatus":{ + "shape":"SendingStatus", + "documentation":"

    The status of sending capability for the tenant.

    " + } + }, + "documentation":"

    A structure that contains details about a tenant.

    " + }, + "TenantId":{"type":"string"}, + "TenantInfo":{ + "type":"structure", + "members":{ + "TenantName":{ + "shape":"TenantName", + "documentation":"

    The name of the tenant.

    " + }, + "TenantId":{ + "shape":"TenantId", + "documentation":"

    A unique identifier for the tenant.

    " + }, + "TenantArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the tenant.

    " + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The date and time when the tenant was created.

    " + } + }, + "documentation":"

    A structure that contains basic information about a tenant.

    " + }, + "TenantInfoList":{ + "type":"list", + "member":{"shape":"TenantInfo"}, + "documentation":"

    A list of tenant information objects.

    " + }, + "TenantName":{ + "type":"string", + "documentation":"

    The name of a tenant. The name can contain up to 64 alphanumeric characters, including letters, numbers, hyphens (-) and underscores (_) only.

    ", + "min":1 + }, + "TenantResource":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ResourceType", + "documentation":"

    The type of resource associated with the tenant. Valid values are EMAIL_IDENTITY, CONFIGURATION_SET, or EMAIL_TEMPLATE.

    " + }, + "ResourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the resource associated with the tenant.

    " + } + }, + "documentation":"

    A structure that contains information about a resource associated with a tenant.

    " + }, + "TenantResourceList":{ + "type":"list", + "member":{"shape":"TenantResource"}, + "documentation":"

    A list of resources associated with a tenant.

    " + }, "TestRenderEmailTemplateRequest":{ "type":"structure", "required":[ @@ -7019,8 +7837,7 @@ }, "TooManyRequestsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Too many requests have been made to the operation.

    ", "error":{"httpStatusCode":429}, "exception":true @@ -7132,8 +7949,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConfigurationSetEventDestinationRequest":{ "type":"structure", @@ -7164,8 +7980,7 @@ }, "UpdateConfigurationSetEventDestinationResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "UpdateContactListRequest":{ @@ -7190,8 +8005,7 @@ }, "UpdateContactListResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactRequest":{ "type":"structure", @@ -7228,8 +8042,7 @@ }, "UpdateContactResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCustomVerificationEmailTemplateRequest":{ "type":"structure", @@ -7273,8 +8086,7 @@ }, "UpdateCustomVerificationEmailTemplateResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "UpdateEmailIdentityPolicyRequest":{ @@ -7306,8 +8118,7 @@ }, "UpdateEmailIdentityPolicyResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An HTTP 200 response if the request succeeds, or an error message if the request fails.

    " }, "UpdateEmailTemplateRequest":{ @@ -7332,8 +8143,71 @@ }, "UpdateEmailTemplateResponse":{ "type":"structure", + "members":{}, + "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " + }, + "UpdateReputationEntityCustomerManagedStatusRequest":{ + "type":"structure", + "required":[ + "ReputationEntityType", + "ReputationEntityReference", + "SendingStatus" + ], + "members":{ + "ReputationEntityType":{ + "shape":"ReputationEntityType", + "documentation":"

    The type of reputation entity. Currently, only RESOURCE type entities are supported.

    ", + "location":"uri", + "locationName":"ReputationEntityType" + }, + "ReputationEntityReference":{ + "shape":"ReputationEntityReference", + "documentation":"

    The unique identifier for the reputation entity. For resource-type entities, this is the Amazon Resource Name (ARN) of the resource.

    ", + "location":"uri", + "locationName":"ReputationEntityReference" + }, + "SendingStatus":{ + "shape":"SendingStatus", + "documentation":"

    The new customer-managed sending status for the reputation entity. This can be one of the following:

    • ENABLED – Allow sending for this entity.

    • DISABLED – Prevent sending for this entity.

    • REINSTATED – Allow sending even if there are active reputation findings.

    " + } + }, + "documentation":"

    Represents a request to update the customer-managed sending status for a reputation entity.

    " + }, + "UpdateReputationEntityCustomerManagedStatusResponse":{ + "type":"structure", + "members":{}, + "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " + }, + "UpdateReputationEntityPolicyRequest":{ + "type":"structure", + "required":[ + "ReputationEntityType", + "ReputationEntityReference", + "ReputationEntityPolicy" + ], "members":{ + "ReputationEntityType":{ + "shape":"ReputationEntityType", + "documentation":"

    The type of reputation entity. Currently, only RESOURCE type entities are supported.

    ", + "location":"uri", + "locationName":"ReputationEntityType" + }, + "ReputationEntityReference":{ + "shape":"ReputationEntityReference", + "documentation":"

    The unique identifier for the reputation entity. For resource-type entities, this is the Amazon Resource Name (ARN) of the resource.

    ", + "location":"uri", + "locationName":"ReputationEntityReference" + }, + "ReputationEntityPolicy":{ + "shape":"AmazonResourceName", + "documentation":"

    The Amazon Resource Name (ARN) of the reputation management policy to apply to this entity. This is an Amazon Web Services Amazon SES-managed policy.

    " + } }, + "documentation":"

    Represents a request to update the reputation management policy for a reputation entity.

    " + }, + "UpdateReputationEntityPolicyResponse":{ + "type":"structure", + "members":{}, "documentation":"

    If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

    " }, "UseCaseDescription":{ @@ -7405,7 +8279,7 @@ }, "ErrorType":{ "shape":"VerificationError", - "documentation":"

    Provides the reason for the failure describing why Amazon SES was not able to successfully verify the identity. Below are the possible values:

    • INVALID_VALUE – Amazon SES was able to find the record, but the value contained within the record was invalid. Ensure you have published the correct values for the record.

    • TYPE_NOT_FOUND – The queried hostname exists but does not have the requested type of DNS record. Ensure that you have published the correct type of DNS record.

    • HOST_NOT_FOUND – The queried hostname does not exist or was not reachable at the time of the request. Ensure that you have published the required DNS record(s).

    • SERVICE_ERROR – A temporary issue is preventing Amazon SES from determining the verification status of the domain.

    • DNS_SERVER_ERROR – The DNS server encountered an issue and was unable to complete the request.

    • REPLICATION_ACCESS_DENIED – The verification failed because the user does not have the required permissions to replicate the DKIM key from the primary region. Ensure you have the necessary permissions in both primary and replica regions.

    • REPLICATION_PRIMARY_NOT_FOUND – The verification failed because no corresponding identity was found in the specified primary region. Ensure the identity exists in the primary region before attempting replication.

    • REPLICATION_PRIMARY_BYO_DKIM_NOT_SUPPORTED – The verification failed because the identity in the primary region is configured with Bring Your Own DKIM (BYODKIM). DKIM key replication is only supported for identities using Easy DKIM.

    • REPLICATION_REPLICA_AS_PRIMARY_NOT_SUPPORTED – The verification failed because the specified primary identity is a replica of another identity, and multi-level replication is not supported; the primary identity must be a non-replica identity.

    • REPLICATION_PRIMARY_INVALID_REGION – The verification failed due to an invalid primary region specified. Ensure you provide a valid AWS region where Amazon SES is available and different from the replica region.

    " + "documentation":"

    Provides the reason for the failure describing why Amazon SES was not able to successfully verify the identity. Below are the possible values:

    • INVALID_VALUE – Amazon SES was able to find the record, but the value contained within the record was invalid. Ensure you have published the correct values for the record.

    • TYPE_NOT_FOUND – The queried hostname exists but does not have the requested type of DNS record. Ensure that you have published the correct type of DNS record.

    • HOST_NOT_FOUND – The queried hostname does not exist or was not reachable at the time of the request. Ensure that you have published the required DNS record(s).

    • SERVICE_ERROR – A temporary issue is preventing Amazon SES from determining the verification status of the domain.

    • DNS_SERVER_ERROR – The DNS server encountered an issue and was unable to complete the request.

    • REPLICATION_ACCESS_DENIED – The verification failed because the user does not have the required permissions to replicate the DKIM key from the primary region. Ensure you have the necessary permissions in both primary and replica regions.

    • REPLICATION_PRIMARY_NOT_FOUND – The verification failed because no corresponding identity was found in the specified primary region. Ensure the identity exists in the primary region before attempting replication.

    • REPLICATION_PRIMARY_BYO_DKIM_NOT_SUPPORTED – The verification failed because the identity in the primary region is configured with Bring Your Own DKIM (BYODKIM). DKIM key replication is only supported for identities using Easy DKIM.

    • REPLICATION_REPLICA_AS_PRIMARY_NOT_SUPPORTED – The verification failed because the specified primary identity is a replica of another identity, and multi-level replication is not supported; the primary identity must be a non-replica identity.

    • REPLICATION_PRIMARY_INVALID_REGION – The verification failed due to an invalid primary region specified. Ensure you provide a valid Amazon Web Services region where Amazon SES is available and different from the replica region.

    " }, "SOARecord":{ "shape":"SOARecord", @@ -7455,7 +8329,8 @@ "documentation":"

    The warmup status of a dedicated IP.

    ", "enum":[ "IN_PROGRESS", - "DONE" + "DONE", + "NOT_APPLICABLE" ] }, "WebsiteURL":{ diff -pruN 2.23.6-1/awscli/botocore/data/shield/2016-06-02/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/shield/2016-06-02/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/shield/2016-06-02/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/shield/2016-06-02/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/shield/2016-06-02/service-2.json 2.31.35-1/awscli/botocore/data/shield/2016-06-02/service-2.json --- 2.23.6-1/awscli/botocore/data/shield/2016-06-02/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/shield/2016-06-02/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -645,8 +645,7 @@ }, "AssociateDRTLogBucketResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateDRTRoleRequest":{ "type":"structure", @@ -660,8 +659,7 @@ }, "AssociateDRTRoleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateHealthCheckRequest":{ "type":"structure", @@ -682,8 +680,7 @@ }, "AssociateHealthCheckResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateProactiveEngagementDetailsRequest":{ "type":"structure", @@ -697,8 +694,7 @@ }, "AssociateProactiveEngagementDetailsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AttackDetail":{ "type":"structure", @@ -897,8 +893,7 @@ }, "BlockAction":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies that Shield Advanced should configure its WAF rules with the WAF Block action.

    This is only used in the context of the ResponseAction setting.

    JSON specification: \"Block\": {}

    " }, "ContactNotes":{ @@ -923,8 +918,7 @@ }, "CountAction":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies that Shield Advanced should configure its WAF rules with the WAF Count action.

    This is only used in the context of the ResponseAction setting.

    JSON specification: \"Count\": {}

    " }, "CreateProtectionGroupRequest":{ @@ -963,8 +957,7 @@ }, "CreateProtectionGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateProtectionRequest":{ "type":"structure", @@ -998,13 +991,11 @@ }, "CreateSubscriptionRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateSubscriptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProtectionGroupRequest":{ "type":"structure", @@ -1018,8 +1009,7 @@ }, "DeleteProtectionGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteProtectionRequest":{ "type":"structure", @@ -1033,19 +1023,16 @@ }, "DeleteProtectionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSubscriptionRequest":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true }, "DeleteSubscriptionResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "deprecated":true }, "DescribeAttackRequest":{ @@ -1069,8 +1056,7 @@ }, "DescribeAttackStatisticsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAttackStatisticsResponse":{ "type":"structure", @@ -1091,8 +1077,7 @@ }, "DescribeDRTAccessRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeDRTAccessResponse":{ "type":"structure", @@ -1109,8 +1094,7 @@ }, "DescribeEmergencyContactSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEmergencyContactSettingsResponse":{ "type":"structure", @@ -1165,8 +1149,7 @@ }, "DescribeSubscriptionRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeSubscriptionResponse":{ "type":"structure", @@ -1189,18 +1172,15 @@ }, "DisableApplicationLayerAutomaticResponseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableProactiveEngagementRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisableProactiveEngagementResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateDRTLogBucketRequest":{ "type":"structure", @@ -1214,18 +1194,15 @@ }, "DisassociateDRTLogBucketResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateDRTRoleRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateDRTRoleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateHealthCheckRequest":{ "type":"structure", @@ -1246,8 +1223,7 @@ }, "DisassociateHealthCheckResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Double":{"type":"double"}, "DurationInSeconds":{ @@ -1304,23 +1280,19 @@ }, "EnableApplicationLayerAutomaticResponseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableProactiveEngagementRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "EnableProactiveEngagementResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "GetSubscriptionStateRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetSubscriptionStateResponse":{ "type":"structure", @@ -2161,8 +2133,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2222,8 +2193,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationLayerAutomaticResponseRequest":{ "type":"structure", @@ -2244,8 +2214,7 @@ }, "UpdateApplicationLayerAutomaticResponseResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateEmergencyContactSettingsRequest":{ "type":"structure", @@ -2258,8 +2227,7 @@ }, "UpdateEmergencyContactSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateProtectionGroupRequest":{ "type":"structure", @@ -2293,8 +2261,7 @@ }, "UpdateProtectionGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateSubscriptionRequest":{ "type":"structure", @@ -2307,8 +2274,7 @@ }, "UpdateSubscriptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationExceptionField":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/signer/2017-08-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/signer/2017-08-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/signer/2017-08-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/signer/2017-08-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/signer/2017-08-25/service-2.json 2.31.35-1/awscli/botocore/data/signer/2017-08-25/service-2.json --- 2.23.6-1/awscli/botocore/data/signer/2017-08-25/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/signer/2017-08-25/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,7 +11,8 @@ "serviceId":"signer", "signatureVersion":"v4", "signingName":"signer", - "uid":"signer-2017-08-25" + "uid":"signer-2017-08-25", + "auth":["aws.auth#sigv4"] }, "operations":{ "AddProfilePermission":{ @@ -1798,8 +1799,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1851,8 +1851,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/simspaceweaver/2022-10-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/simspaceweaver/2022-10-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/simspaceweaver/2022-10-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/simspaceweaver/2022-10-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sms/2016-10-24/completions-1.json 2.31.35-1/awscli/botocore/data/sms/2016-10-24/completions-1.json --- 2.23.6-1/awscli/botocore/data/sms/2016-10-24/completions-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sms/2016-10-24/completions-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -{ - "version": "1.0", - "resources": {}, - "operations": {} -} diff -pruN 2.23.6-1/awscli/botocore/data/sms/2016-10-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sms/2016-10-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sms/2016-10-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sms/2016-10-24/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,350 +0,0 @@ -{ - "version": "1.0", - "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, - "UseDualStack": { - "builtIn": "AWS::UseDualStack", - "required": true, - "default": false, - "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" - }, - "UseFIPS": { - "builtIn": "AWS::UseFIPS", - "required": true, - "default": false, - "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" - }, - "Endpoint": { - "builtIn": "SDK::Endpoint", - "required": false, - "documentation": "Override the endpoint used to send this request", - "type": "String" - } - }, - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Endpoint" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "aws.partition", - "argv": [ - { - "ref": "Region" - } - ], - "assign": "PartitionResult" - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://sms.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" - } - ] - } - ] -} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/sms/2016-10-24/paginators-1.json 2.31.35-1/awscli/botocore/data/sms/2016-10-24/paginators-1.json --- 2.23.6-1/awscli/botocore/data/sms/2016-10-24/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sms/2016-10-24/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -{ - "pagination": { - "GetReplicationJobs": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "replicationJobList" - }, - "GetReplicationRuns": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "replicationRunList" - }, - "GetConnectors": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "connectorList" - }, - "GetServers": { - "input_token": "nextToken", - "output_token": "nextToken", - "limit_key": "maxResults", - "result_key": "serverList" - }, - "ListApps": { - "input_token": "nextToken", - "limit_key": "maxResults", - "output_token": "nextToken", - "result_key": "apps" - } - } -} diff -pruN 2.23.6-1/awscli/botocore/data/sms/2016-10-24/service-2.json 2.31.35-1/awscli/botocore/data/sms/2016-10-24/service-2.json --- 2.23.6-1/awscli/botocore/data/sms/2016-10-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sms/2016-10-24/service-2.json 1970-01-01 00:00:00.000000000 +0000 @@ -1,2613 +0,0 @@ -{ - "version":"2.0", - "metadata":{ - "apiVersion":"2016-10-24", - "endpointPrefix":"sms", - "jsonVersion":"1.1", - "protocol":"json", - "serviceAbbreviation":"SMS", - "serviceFullName":"AWS Server Migration Service", - "serviceId":"SMS", - "signatureVersion":"v4", - "targetPrefix":"AWSServerMigrationService_V2016_10_24", - "uid":"sms-2016-10-24" - }, - "operations":{ - "CreateApp":{ - "name":"CreateApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateAppRequest"}, - "output":{"shape":"CreateAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Creates an application. An application consists of one or more server groups. Each server group contain one or more servers.

    " - }, - "CreateReplicationJob":{ - "name":"CreateReplicationJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"CreateReplicationJobRequest"}, - "output":{"shape":"CreateReplicationJobResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"ServerCannotBeReplicatedException"}, - {"shape":"ReplicationJobAlreadyExistsException"}, - {"shape":"NoConnectorsAvailableException"}, - {"shape":"InternalError"}, - {"shape":"TemporarilyUnavailableException"} - ], - "documentation":"

    Creates a replication job. The replication job schedules periodic replication runs to replicate your server to Amazon Web Services. Each replication run creates an Amazon Machine Image (AMI).

    " - }, - "DeleteApp":{ - "name":"DeleteApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteAppRequest"}, - "output":{"shape":"DeleteAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Deletes the specified application. Optionally deletes the launched stack associated with the application and all Server Migration Service replication jobs for servers in the application.

    " - }, - "DeleteAppLaunchConfiguration":{ - "name":"DeleteAppLaunchConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteAppLaunchConfigurationRequest"}, - "output":{"shape":"DeleteAppLaunchConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Deletes the launch configuration for the specified application.

    " - }, - "DeleteAppReplicationConfiguration":{ - "name":"DeleteAppReplicationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteAppReplicationConfigurationRequest"}, - "output":{"shape":"DeleteAppReplicationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Deletes the replication configuration for the specified application.

    " - }, - "DeleteAppValidationConfiguration":{ - "name":"DeleteAppValidationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteAppValidationConfigurationRequest"}, - "output":{"shape":"DeleteAppValidationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Deletes the validation configuration for the specified application.

    " - }, - "DeleteReplicationJob":{ - "name":"DeleteReplicationJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteReplicationJobRequest"}, - "output":{"shape":"DeleteReplicationJobResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"ReplicationJobNotFoundException"} - ], - "documentation":"

    Deletes the specified replication job.

    After you delete a replication job, there are no further replication runs. Amazon Web Services deletes the contents of the Amazon S3 bucket used to store Server Migration Service artifacts. The AMIs created by the replication runs are not deleted.

    " - }, - "DeleteServerCatalog":{ - "name":"DeleteServerCatalog", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DeleteServerCatalogRequest"}, - "output":{"shape":"DeleteServerCatalogResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"} - ], - "documentation":"

    Deletes all servers from your server catalog.

    " - }, - "DisassociateConnector":{ - "name":"DisassociateConnector", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"DisassociateConnectorRequest"}, - "output":{"shape":"DisassociateConnectorResponse"}, - "errors":[ - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"InvalidParameterException"} - ], - "documentation":"

    Disassociates the specified connector from Server Migration Service.

    After you disassociate a connector, it is no longer available to support replication jobs.

    " - }, - "GenerateChangeSet":{ - "name":"GenerateChangeSet", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GenerateChangeSetRequest"}, - "output":{"shape":"GenerateChangeSetResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Generates a target change set for a currently launched stack and writes it to an Amazon S3 object in the customer’s Amazon S3 bucket.

    " - }, - "GenerateTemplate":{ - "name":"GenerateTemplate", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GenerateTemplateRequest"}, - "output":{"shape":"GenerateTemplateResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Generates an CloudFormation template based on the current launch configuration and writes it to an Amazon S3 object in the customer’s Amazon S3 bucket.

    " - }, - "GetApp":{ - "name":"GetApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetAppRequest"}, - "output":{"shape":"GetAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieve information about the specified application.

    " - }, - "GetAppLaunchConfiguration":{ - "name":"GetAppLaunchConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetAppLaunchConfigurationRequest"}, - "output":{"shape":"GetAppLaunchConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieves the application launch configuration associated with the specified application.

    " - }, - "GetAppReplicationConfiguration":{ - "name":"GetAppReplicationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetAppReplicationConfigurationRequest"}, - "output":{"shape":"GetAppReplicationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieves the application replication configuration associated with the specified application.

    " - }, - "GetAppValidationConfiguration":{ - "name":"GetAppValidationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetAppValidationConfigurationRequest"}, - "output":{"shape":"GetAppValidationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieves information about a configuration for validating an application.

    " - }, - "GetAppValidationOutput":{ - "name":"GetAppValidationOutput", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetAppValidationOutputRequest"}, - "output":{"shape":"GetAppValidationOutputResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieves output from validating an application.

    " - }, - "GetConnectors":{ - "name":"GetConnectors", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetConnectorsRequest"}, - "output":{"shape":"GetConnectorsResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"} - ], - "documentation":"

    Describes the connectors registered with the Server Migration Service.

    " - }, - "GetReplicationJobs":{ - "name":"GetReplicationJobs", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetReplicationJobsRequest"}, - "output":{"shape":"GetReplicationJobsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"} - ], - "documentation":"

    Describes the specified replication job or all of your replication jobs.

    " - }, - "GetReplicationRuns":{ - "name":"GetReplicationRuns", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetReplicationRunsRequest"}, - "output":{"shape":"GetReplicationRunsResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"} - ], - "documentation":"

    Describes the replication runs for the specified replication job.

    " - }, - "GetServers":{ - "name":"GetServers", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"GetServersRequest"}, - "output":{"shape":"GetServersResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"} - ], - "documentation":"

    Describes the servers in your server catalog.

    Before you can describe your servers, you must import them using ImportServerCatalog.

    " - }, - "ImportAppCatalog":{ - "name":"ImportAppCatalog", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ImportAppCatalogRequest"}, - "output":{"shape":"ImportAppCatalogResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Allows application import from Migration Hub.

    " - }, - "ImportServerCatalog":{ - "name":"ImportServerCatalog", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ImportServerCatalogRequest"}, - "output":{"shape":"ImportServerCatalogResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"NoConnectorsAvailableException"} - ], - "documentation":"

    Gathers a complete list of on-premises servers. Connectors must be installed and monitoring all servers to import.

    This call returns immediately, but might take additional time to retrieve all the servers.

    " - }, - "LaunchApp":{ - "name":"LaunchApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"LaunchAppRequest"}, - "output":{"shape":"LaunchAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Launches the specified application as a stack in CloudFormation.

    " - }, - "ListApps":{ - "name":"ListApps", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"ListAppsRequest"}, - "output":{"shape":"ListAppsResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Retrieves summaries for all applications.

    " - }, - "NotifyAppValidationOutput":{ - "name":"NotifyAppValidationOutput", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"NotifyAppValidationOutputRequest"}, - "output":{"shape":"NotifyAppValidationOutputResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Provides information to Server Migration Service about whether application validation is successful.

    " - }, - "PutAppLaunchConfiguration":{ - "name":"PutAppLaunchConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"PutAppLaunchConfigurationRequest"}, - "output":{"shape":"PutAppLaunchConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Creates or updates the launch configuration for the specified application.

    " - }, - "PutAppReplicationConfiguration":{ - "name":"PutAppReplicationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"PutAppReplicationConfigurationRequest"}, - "output":{"shape":"PutAppReplicationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Creates or updates the replication configuration for the specified application.

    " - }, - "PutAppValidationConfiguration":{ - "name":"PutAppValidationConfiguration", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"PutAppValidationConfigurationRequest"}, - "output":{"shape":"PutAppValidationConfigurationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Creates or updates a validation configuration for the specified application.

    " - }, - "StartAppReplication":{ - "name":"StartAppReplication", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartAppReplicationRequest"}, - "output":{"shape":"StartAppReplicationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Starts replicating the specified application by creating replication jobs for each server in the application.

    " - }, - "StartOnDemandAppReplication":{ - "name":"StartOnDemandAppReplication", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartOnDemandAppReplicationRequest"}, - "output":{"shape":"StartOnDemandAppReplicationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Starts an on-demand replication run for the specified application.

    " - }, - "StartOnDemandReplicationRun":{ - "name":"StartOnDemandReplicationRun", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StartOnDemandReplicationRunRequest"}, - "output":{"shape":"StartOnDemandReplicationRunResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"UnauthorizedOperationException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"ReplicationRunLimitExceededException"}, - {"shape":"DryRunOperationException"} - ], - "documentation":"

    Starts an on-demand replication run for the specified replication job. This replication run starts immediately. This replication run is in addition to the ones already scheduled.

    There is a limit on the number of on-demand replications runs that you can request in a 24-hour period.

    " - }, - "StopAppReplication":{ - "name":"StopAppReplication", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"StopAppReplicationRequest"}, - "output":{"shape":"StopAppReplicationResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Stops replicating the specified application by deleting the replication job for each server in the application.

    " - }, - "TerminateApp":{ - "name":"TerminateApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"TerminateAppRequest"}, - "output":{"shape":"TerminateAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Terminates the stack for the specified application.

    " - }, - "UpdateApp":{ - "name":"UpdateApp", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateAppRequest"}, - "output":{"shape":"UpdateAppResponse"}, - "errors":[ - {"shape":"UnauthorizedOperationException"}, - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"InternalError"}, - {"shape":"OperationNotPermittedException"} - ], - "documentation":"

    Updates the specified application.

    " - }, - "UpdateReplicationJob":{ - "name":"UpdateReplicationJob", - "http":{ - "method":"POST", - "requestUri":"/" - }, - "input":{"shape":"UpdateReplicationJobRequest"}, - "output":{"shape":"UpdateReplicationJobResponse"}, - "errors":[ - {"shape":"InvalidParameterException"}, - {"shape":"MissingRequiredParameterException"}, - {"shape":"OperationNotPermittedException"}, - {"shape":"UnauthorizedOperationException"}, - {"shape":"ServerCannotBeReplicatedException"}, - {"shape":"ReplicationJobNotFoundException"}, - {"shape":"InternalError"}, - {"shape":"TemporarilyUnavailableException"} - ], - "documentation":"

    Updates the specified settings for the specified replication job.

    " - } - }, - "shapes":{ - "AmiId":{"type":"string"}, - "AppDescription":{"type":"string"}, - "AppId":{"type":"string"}, - "AppIdWithValidation":{ - "type":"string", - "pattern":"^app-[0-9a-f]{17}$" - }, - "AppIds":{ - "type":"list", - "member":{"shape":"AppId"} - }, - "AppLaunchConfigurationStatus":{ - "type":"string", - "enum":[ - "NOT_CONFIGURED", - "CONFIGURED" - ] - }, - "AppLaunchStatus":{ - "type":"string", - "enum":[ - "READY_FOR_CONFIGURATION", - "CONFIGURATION_IN_PROGRESS", - "CONFIGURATION_INVALID", - "READY_FOR_LAUNCH", - "VALIDATION_IN_PROGRESS", - "LAUNCH_PENDING", - "LAUNCH_IN_PROGRESS", - "LAUNCHED", - "PARTIALLY_LAUNCHED", - "DELTA_LAUNCH_IN_PROGRESS", - "DELTA_LAUNCH_FAILED", - "LAUNCH_FAILED", - "TERMINATE_IN_PROGRESS", - "TERMINATE_FAILED", - "TERMINATED" - ] - }, - "AppLaunchStatusMessage":{"type":"string"}, - "AppName":{"type":"string"}, - "AppReplicationConfigurationStatus":{ - "type":"string", - "enum":[ - "NOT_CONFIGURED", - "CONFIGURED" - ] - }, - "AppReplicationStatus":{ - "type":"string", - "enum":[ - "READY_FOR_CONFIGURATION", - "CONFIGURATION_IN_PROGRESS", - "CONFIGURATION_INVALID", - "READY_FOR_REPLICATION", - "VALIDATION_IN_PROGRESS", - "REPLICATION_PENDING", - "REPLICATION_IN_PROGRESS", - "REPLICATED", - "PARTIALLY_REPLICATED", - "DELTA_REPLICATION_IN_PROGRESS", - "DELTA_REPLICATED", - "DELTA_REPLICATION_FAILED", - "REPLICATION_FAILED", - "REPLICATION_STOPPING", - "REPLICATION_STOP_FAILED", - "REPLICATION_STOPPED" - ] - }, - "AppReplicationStatusMessage":{"type":"string"}, - "AppStatus":{ - "type":"string", - "enum":[ - "CREATING", - "ACTIVE", - "UPDATING", - "DELETING", - "DELETED", - "DELETE_FAILED" - ] - }, - "AppStatusMessage":{"type":"string"}, - "AppSummary":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The unique ID of the application.

    " - }, - "importedAppId":{ - "shape":"ImportedAppId", - "documentation":"

    The ID of the application.

    " - }, - "name":{ - "shape":"AppName", - "documentation":"

    The name of the application.

    " - }, - "description":{ - "shape":"AppDescription", - "documentation":"

    The description of the application.

    " - }, - "status":{ - "shape":"AppStatus", - "documentation":"

    Status of the application.

    " - }, - "statusMessage":{ - "shape":"AppStatusMessage", - "documentation":"

    A message related to the status of the application

    " - }, - "replicationConfigurationStatus":{ - "shape":"AppReplicationConfigurationStatus", - "documentation":"

    Status of the replication configuration.

    " - }, - "replicationStatus":{ - "shape":"AppReplicationStatus", - "documentation":"

    The replication status of the application.

    " - }, - "replicationStatusMessage":{ - "shape":"AppReplicationStatusMessage", - "documentation":"

    A message related to the replication status of the application.

    " - }, - "latestReplicationTime":{ - "shape":"Timestamp", - "documentation":"

    The timestamp of the application's most recent successful replication.

    " - }, - "launchConfigurationStatus":{ - "shape":"AppLaunchConfigurationStatus", - "documentation":"

    Status of the launch configuration.

    " - }, - "launchStatus":{ - "shape":"AppLaunchStatus", - "documentation":"

    The launch status of the application.

    " - }, - "launchStatusMessage":{ - "shape":"AppLaunchStatusMessage", - "documentation":"

    A message related to the launch status of the application.

    " - }, - "launchDetails":{ - "shape":"LaunchDetails", - "documentation":"

    Details about the latest launch of the application.

    " - }, - "creationTime":{ - "shape":"Timestamp", - "documentation":"

    The creation time of the application.

    " - }, - "lastModified":{ - "shape":"Timestamp", - "documentation":"

    The last modified time of the application.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the service role in the customer's account used by Server Migration Service.

    " - }, - "totalServerGroups":{ - "shape":"TotalServerGroups", - "documentation":"

    The number of server groups present in the application.

    " - }, - "totalServers":{ - "shape":"TotalServers", - "documentation":"

    The number of servers present in the application.

    " - } - }, - "documentation":"

    Information about the application.

    " - }, - "AppValidationConfiguration":{ - "type":"structure", - "members":{ - "validationId":{ - "shape":"ValidationId", - "documentation":"

    The ID of the validation.

    " - }, - "name":{ - "shape":"NonEmptyStringWithMaxLen255", - "documentation":"

    The name of the configuration.

    " - }, - "appValidationStrategy":{ - "shape":"AppValidationStrategy", - "documentation":"

    The validation strategy.

    " - }, - "ssmValidationParameters":{ - "shape":"SSMValidationParameters", - "documentation":"

    The validation parameters.

    " - } - }, - "documentation":"

    Configuration for validating an application.

    " - }, - "AppValidationConfigurations":{ - "type":"list", - "member":{"shape":"AppValidationConfiguration"} - }, - "AppValidationOutput":{ - "type":"structure", - "members":{ - "ssmOutput":{ - "shape":"SSMOutput", - "documentation":"

    Output from using SSM to validate the application.

    " - } - }, - "documentation":"

    Output from validating an application.

    " - }, - "AppValidationStrategy":{ - "type":"string", - "enum":["SSM"] - }, - "Apps":{ - "type":"list", - "member":{"shape":"AppSummary"} - }, - "AssociatePublicIpAddress":{"type":"boolean"}, - "AutoLaunch":{"type":"boolean"}, - "BucketName":{"type":"string"}, - "ClientToken":{"type":"string"}, - "Command":{ - "type":"string", - "max":64000, - "min":1 - }, - "Connector":{ - "type":"structure", - "members":{ - "connectorId":{ - "shape":"ConnectorId", - "documentation":"

    The ID of the connector.

    " - }, - "version":{ - "shape":"ConnectorVersion", - "documentation":"

    The connector version.

    " - }, - "status":{ - "shape":"ConnectorStatus", - "documentation":"

    The status of the connector.

    " - }, - "capabilityList":{ - "shape":"ConnectorCapabilityList", - "documentation":"

    The capabilities of the connector.

    " - }, - "vmManagerName":{ - "shape":"VmManagerName", - "documentation":"

    The name of the VM manager.

    " - }, - "vmManagerType":{ - "shape":"VmManagerType", - "documentation":"

    The VM management product.

    " - }, - "vmManagerId":{ - "shape":"VmManagerId", - "documentation":"

    The ID of the VM manager.

    " - }, - "ipAddress":{ - "shape":"IpAddress", - "documentation":"

    The IP address of the connector.

    " - }, - "macAddress":{ - "shape":"MacAddress", - "documentation":"

    The MAC address of the connector.

    " - }, - "associatedOn":{ - "shape":"Timestamp", - "documentation":"

    The time the connector was associated.

    " - } - }, - "documentation":"

    Represents a connector.

    " - }, - "ConnectorCapability":{ - "type":"string", - "enum":[ - "VSPHERE", - "SCVMM", - "HYPERV-MANAGER", - "SNAPSHOT_BATCHING", - "SMS_OPTIMIZED" - ] - }, - "ConnectorCapabilityList":{ - "type":"list", - "member":{"shape":"ConnectorCapability"} - }, - "ConnectorId":{"type":"string"}, - "ConnectorList":{ - "type":"list", - "member":{"shape":"Connector"} - }, - "ConnectorStatus":{ - "type":"string", - "enum":[ - "HEALTHY", - "UNHEALTHY" - ] - }, - "ConnectorVersion":{"type":"string"}, - "CreateAppRequest":{ - "type":"structure", - "members":{ - "name":{ - "shape":"AppName", - "documentation":"

    The name of the new application.

    " - }, - "description":{ - "shape":"AppDescription", - "documentation":"

    The description of the new application

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the service role in the customer's account to be used by Server Migration Service.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of application creation.

    " - }, - "serverGroups":{ - "shape":"ServerGroups", - "documentation":"

    The server groups to include in the application.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags to be associated with the application.

    " - } - } - }, - "CreateAppResponse":{ - "type":"structure", - "members":{ - "appSummary":{ - "shape":"AppSummary", - "documentation":"

    A summary description of the application.

    " - }, - "serverGroups":{ - "shape":"ServerGroups", - "documentation":"

    The server groups included in the application.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags associated with the application.

    " - } - } - }, - "CreateReplicationJobRequest":{ - "type":"structure", - "required":[ - "serverId", - "seedReplicationTime" - ], - "members":{ - "serverId":{ - "shape":"ServerId", - "documentation":"

    The ID of the server.

    " - }, - "seedReplicationTime":{ - "shape":"Timestamp", - "documentation":"

    The seed replication time.

    " - }, - "frequency":{ - "shape":"Frequency", - "documentation":"

    The time between consecutive replication runs, in hours.

    " - }, - "runOnce":{ - "shape":"RunOnce", - "documentation":"

    Indicates whether to run the replication job one time.

    " - }, - "licenseType":{ - "shape":"LicenseType", - "documentation":"

    The license type to be used for the AMI created by a successful replication run.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the IAM role to be used by the Server Migration Service.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication job.

    " - }, - "numberOfRecentAmisToKeep":{ - "shape":"NumberOfRecentAmisToKeep", - "documentation":"

    The maximum number of SMS-created AMIs to retain. The oldest is deleted after the maximum number is reached and a new AMI is created.

    " - }, - "encrypted":{ - "shape":"Encrypted", - "documentation":"

    Indicates whether the replication job produces encrypted AMIs.

    " - }, - "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key for replication jobs that produce encrypted AMIs. This value can be any of the following:

    • KMS key ID

    • KMS key alias

    • ARN referring to the KMS key ID

    • ARN referring to the KMS key alias

    If encrypted is true but a KMS key ID is not specified, the customer's default KMS key for Amazon EBS is used.

    " - } - } - }, - "CreateReplicationJobResponse":{ - "type":"structure", - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The unique identifier of the replication job.

    " - } - } - }, - "DeleteAppLaunchConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "DeleteAppLaunchConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteAppReplicationConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "DeleteAppReplicationConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteAppRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "forceStopAppReplication":{ - "shape":"ForceStopAppReplication", - "documentation":"

    Indicates whether to stop all replication jobs corresponding to the servers in the application while deleting the application.

    " - }, - "forceTerminateApp":{ - "shape":"ForceTerminateApp", - "documentation":"

    Indicates whether to terminate the stack corresponding to the application while deleting the application.

    " - } - } - }, - "DeleteAppResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteAppValidationConfigurationRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppIdWithValidation", - "documentation":"

    The ID of the application.

    " - } - } - }, - "DeleteAppValidationConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteReplicationJobRequest":{ - "type":"structure", - "required":["replicationJobId"], - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - } - } - }, - "DeleteReplicationJobResponse":{ - "type":"structure", - "members":{ - } - }, - "DeleteServerCatalogRequest":{ - "type":"structure", - "members":{ - } - }, - "DeleteServerCatalogResponse":{ - "type":"structure", - "members":{ - } - }, - "Description":{"type":"string"}, - "DisassociateConnectorRequest":{ - "type":"structure", - "required":["connectorId"], - "members":{ - "connectorId":{ - "shape":"ConnectorId", - "documentation":"

    The ID of the connector.

    " - } - } - }, - "DisassociateConnectorResponse":{ - "type":"structure", - "members":{ - } - }, - "DryRunOperationException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    The user has the required permissions, so the request would have succeeded, but a dry run was performed.

    ", - "exception":true - }, - "EC2KeyName":{"type":"string"}, - "Encrypted":{"type":"boolean"}, - "ErrorMessage":{"type":"string"}, - "ExecutionTimeoutSeconds":{ - "type":"integer", - "max":28800, - "min":60 - }, - "ForceStopAppReplication":{"type":"boolean"}, - "ForceTerminateApp":{"type":"boolean"}, - "Frequency":{"type":"integer"}, - "GenerateChangeSetRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application associated with the change set.

    " - }, - "changesetFormat":{ - "shape":"OutputFormat", - "documentation":"

    The format for the change set.

    " - } - } - }, - "GenerateChangeSetResponse":{ - "type":"structure", - "members":{ - "s3Location":{ - "shape":"S3Location", - "documentation":"

    The location of the Amazon S3 object.

    " - } - } - }, - "GenerateTemplateRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application associated with the CloudFormation template.

    " - }, - "templateFormat":{ - "shape":"OutputFormat", - "documentation":"

    The format for generating the CloudFormation template.

    " - } - } - }, - "GenerateTemplateResponse":{ - "type":"structure", - "members":{ - "s3Location":{ - "shape":"S3Location", - "documentation":"

    The location of the Amazon S3 object.

    " - } - } - }, - "GetAppLaunchConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "GetAppLaunchConfigurationResponse":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the service role in the customer's account that CloudFormation uses to launch the application.

    " - }, - "autoLaunch":{ - "shape":"AutoLaunch", - "documentation":"

    Indicates whether the application is configured to launch automatically after replication is complete.

    " - }, - "serverGroupLaunchConfigurations":{ - "shape":"ServerGroupLaunchConfigurations", - "documentation":"

    The launch configurations for server groups in this application.

    " - } - } - }, - "GetAppReplicationConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "GetAppReplicationConfigurationResponse":{ - "type":"structure", - "members":{ - "serverGroupReplicationConfigurations":{ - "shape":"ServerGroupReplicationConfigurations", - "documentation":"

    The replication configurations associated with server groups in this application.

    " - } - } - }, - "GetAppRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "GetAppResponse":{ - "type":"structure", - "members":{ - "appSummary":{ - "shape":"AppSummary", - "documentation":"

    Information about the application.

    " - }, - "serverGroups":{ - "shape":"ServerGroups", - "documentation":"

    The server groups that belong to the application.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags associated with the application.

    " - } - } - }, - "GetAppValidationConfigurationRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppIdWithValidation", - "documentation":"

    The ID of the application.

    " - } - } - }, - "GetAppValidationConfigurationResponse":{ - "type":"structure", - "members":{ - "appValidationConfigurations":{ - "shape":"AppValidationConfigurations", - "documentation":"

    The configuration for application validation.

    " - }, - "serverGroupValidationConfigurations":{ - "shape":"ServerGroupValidationConfigurations", - "documentation":"

    The configuration for instance validation.

    " - } - } - }, - "GetAppValidationOutputRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppIdWithValidation", - "documentation":"

    The ID of the application.

    " - } - } - }, - "GetAppValidationOutputResponse":{ - "type":"structure", - "members":{ - "validationOutputList":{ - "shape":"ValidationOutputList", - "documentation":"

    The validation output.

    " - } - } - }, - "GetConnectorsRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single call. The default value is 50. To retrieve the remaining results, make another call with the returned NextToken value.

    " - } - } - }, - "GetConnectorsResponse":{ - "type":"structure", - "members":{ - "connectorList":{ - "shape":"ConnectorList", - "documentation":"

    Information about the registered connectors.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token required to retrieve the next set of results. This value is null when there are no more results to return.

    " - } - } - }, - "GetReplicationJobsRequest":{ - "type":"structure", - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single call. The default value is 50. To retrieve the remaining results, make another call with the returned NextToken value.

    " - } - } - }, - "GetReplicationJobsResponse":{ - "type":"structure", - "members":{ - "replicationJobList":{ - "shape":"ReplicationJobList", - "documentation":"

    Information about the replication jobs.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token required to retrieve the next set of results. This value is null when there are no more results to return.

    " - } - } - }, - "GetReplicationRunsRequest":{ - "type":"structure", - "required":["replicationJobId"], - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single call. The default value is 50. To retrieve the remaining results, make another call with the returned NextToken value.

    " - } - } - }, - "GetReplicationRunsResponse":{ - "type":"structure", - "members":{ - "replicationJob":{ - "shape":"ReplicationJob", - "documentation":"

    Information about the replication job.

    " - }, - "replicationRunList":{ - "shape":"ReplicationRunList", - "documentation":"

    Information about the replication runs.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token required to retrieve the next set of results. This value is null when there are no more results to return.

    " - } - } - }, - "GetServersRequest":{ - "type":"structure", - "members":{ - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single call. The default value is 50. To retrieve the remaining results, make another call with the returned NextToken value.

    " - }, - "vmServerAddressList":{ - "shape":"VmServerAddressList", - "documentation":"

    The server addresses.

    " - } - } - }, - "GetServersResponse":{ - "type":"structure", - "members":{ - "lastModifiedOn":{ - "shape":"Timestamp", - "documentation":"

    The time when the server was last modified.

    " - }, - "serverCatalogStatus":{ - "shape":"ServerCatalogStatus", - "documentation":"

    The status of the server catalog.

    " - }, - "serverList":{ - "shape":"ServerList", - "documentation":"

    Information about the servers.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token required to retrieve the next set of results. This value is null when there are no more results to return.

    " - } - } - }, - "ImportAppCatalogRequest":{ - "type":"structure", - "members":{ - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the service role. If you omit this parameter, we create a service-linked role for Migration Hub in your account. Otherwise, the role that you provide must have the policy and trust policy described in the Migration Hub User Guide.

    " - } - } - }, - "ImportAppCatalogResponse":{ - "type":"structure", - "members":{ - } - }, - "ImportServerCatalogRequest":{ - "type":"structure", - "members":{ - } - }, - "ImportServerCatalogResponse":{ - "type":"structure", - "members":{ - } - }, - "ImportedAppId":{"type":"string"}, - "InstanceId":{ - "type":"string", - "pattern":"(^i-(\\w{8}|\\w{17})$)|(^mi-\\w{17}$)" - }, - "InstanceType":{"type":"string"}, - "InternalError":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    An internal error occurred.

    ", - "exception":true, - "fault":true - }, - "InvalidParameterException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    A specified parameter is not valid.

    ", - "exception":true - }, - "IpAddress":{"type":"string"}, - "KmsKeyId":{"type":"string"}, - "LaunchAppRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "LaunchAppResponse":{ - "type":"structure", - "members":{ - } - }, - "LaunchDetails":{ - "type":"structure", - "members":{ - "latestLaunchTime":{ - "shape":"Timestamp", - "documentation":"

    The latest time that this application was launched successfully.

    " - }, - "stackName":{ - "shape":"StackName", - "documentation":"

    The name of the latest stack launched for this application.

    " - }, - "stackId":{ - "shape":"StackId", - "documentation":"

    The ID of the latest stack launched for this application.

    " - } - }, - "documentation":"

    Details about the latest launch of an application.

    " - }, - "LaunchOrder":{"type":"integer"}, - "LicenseType":{ - "type":"string", - "enum":[ - "AWS", - "BYOL" - ] - }, - "ListAppsRequest":{ - "type":"structure", - "members":{ - "appIds":{ - "shape":"AppIds", - "documentation":"

    The unique application IDs.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token for the next set of results.

    " - }, - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return in a single call. The default value is 100. To retrieve the remaining results, make another call with the returned NextToken value.

    " - } - } - }, - "ListAppsResponse":{ - "type":"structure", - "members":{ - "apps":{ - "shape":"Apps", - "documentation":"

    The application summaries.

    " - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    The token required to retrieve the next set of results. This value is null when there are no more results to return.

    " - } - } - }, - "LogicalId":{"type":"string"}, - "MacAddress":{"type":"string"}, - "MaxResults":{"type":"integer"}, - "MissingRequiredParameterException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    A required parameter is missing.

    ", - "exception":true - }, - "NextToken":{"type":"string"}, - "NoConnectorsAvailableException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    There are no connectors available.

    ", - "exception":true - }, - "NonEmptyStringWithMaxLen255":{ - "type":"string", - "max":255, - "min":1, - "pattern":"^[\\S]+$" - }, - "NotificationContext":{ - "type":"structure", - "members":{ - "validationId":{ - "shape":"ValidationId", - "documentation":"

    The ID of the validation.

    " - }, - "status":{ - "shape":"ValidationStatus", - "documentation":"

    The status of the validation.

    " - }, - "statusMessage":{ - "shape":"ValidationStatusMessage", - "documentation":"

    The status message.

    " - } - }, - "documentation":"

    Contains the status of validating an application.

    " - }, - "NotifyAppValidationOutputRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppIdWithValidation", - "documentation":"

    The ID of the application.

    " - }, - "notificationContext":{ - "shape":"NotificationContext", - "documentation":"

    The notification information.

    " - } - } - }, - "NotifyAppValidationOutputResponse":{ - "type":"structure", - "members":{ - } - }, - "NumberOfRecentAmisToKeep":{"type":"integer"}, - "OperationNotPermittedException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    This operation is not allowed.

    ", - "exception":true - }, - "OutputFormat":{ - "type":"string", - "enum":[ - "JSON", - "YAML" - ] - }, - "PutAppLaunchConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of service role in the customer's account that CloudFormation uses to launch the application.

    " - }, - "autoLaunch":{ - "shape":"AutoLaunch", - "documentation":"

    Indicates whether the application is configured to launch automatically after replication is complete.

    " - }, - "serverGroupLaunchConfigurations":{ - "shape":"ServerGroupLaunchConfigurations", - "documentation":"

    Information about the launch configurations for server groups in the application.

    " - } - } - }, - "PutAppLaunchConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "PutAppReplicationConfigurationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "serverGroupReplicationConfigurations":{ - "shape":"ServerGroupReplicationConfigurations", - "documentation":"

    Information about the replication configurations for server groups in the application.

    " - } - } - }, - "PutAppReplicationConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "PutAppValidationConfigurationRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppIdWithValidation", - "documentation":"

    The ID of the application.

    " - }, - "appValidationConfigurations":{ - "shape":"AppValidationConfigurations", - "documentation":"

    The configuration for application validation.

    " - }, - "serverGroupValidationConfigurations":{ - "shape":"ServerGroupValidationConfigurations", - "documentation":"

    The configuration for instance validation.

    " - } - } - }, - "PutAppValidationConfigurationResponse":{ - "type":"structure", - "members":{ - } - }, - "ReplicationJob":{ - "type":"structure", - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "serverId":{ - "shape":"ServerId", - "documentation":"

    The ID of the server.

    " - }, - "serverType":{ - "shape":"ServerType", - "documentation":"

    The type of server.

    " - }, - "vmServer":{ - "shape":"VmServer", - "documentation":"

    Information about the VM server.

    " - }, - "seedReplicationTime":{ - "shape":"Timestamp", - "documentation":"

    The seed replication time.

    " - }, - "frequency":{ - "shape":"Frequency", - "documentation":"

    The time between consecutive replication runs, in hours.

    " - }, - "runOnce":{ - "shape":"RunOnce", - "documentation":"

    Indicates whether to run the replication job one time.

    " - }, - "nextReplicationRunStartTime":{ - "shape":"Timestamp", - "documentation":"

    The start time of the next replication run.

    " - }, - "licenseType":{ - "shape":"LicenseType", - "documentation":"

    The license type to be used for the AMI created by a successful replication run.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the IAM role to be used by Server Migration Service.

    " - }, - "latestAmiId":{ - "shape":"AmiId", - "documentation":"

    The ID of the latest Amazon Machine Image (AMI).

    " - }, - "state":{ - "shape":"ReplicationJobState", - "documentation":"

    The state of the replication job.

    " - }, - "statusMessage":{ - "shape":"ReplicationJobStatusMessage", - "documentation":"

    The description of the current status of the replication job.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication job.

    " - }, - "numberOfRecentAmisToKeep":{ - "shape":"NumberOfRecentAmisToKeep", - "documentation":"

    The number of recent AMIs to keep in the customer's account for a replication job. By default, the value is set to zero, meaning that all AMIs are kept.

    " - }, - "encrypted":{ - "shape":"Encrypted", - "documentation":"

    Indicates whether the replication job should produce encrypted AMIs.

    " - }, - "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key for replication jobs that produce encrypted AMIs. This value can be any of the following:

    • KMS key ID

    • KMS key alias

    • ARN referring to the KMS key ID

    • ARN referring to the KMS key alias

    If encrypted is enabled but a KMS key ID is not specified, the customer's default KMS key for Amazon EBS is used.

    " - }, - "replicationRunList":{ - "shape":"ReplicationRunList", - "documentation":"

    Information about the replication runs.

    " - } - }, - "documentation":"

    Represents a replication job.

    " - }, - "ReplicationJobAlreadyExistsException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    The specified replication job already exists.

    ", - "exception":true - }, - "ReplicationJobId":{"type":"string"}, - "ReplicationJobList":{ - "type":"list", - "member":{"shape":"ReplicationJob"} - }, - "ReplicationJobNotFoundException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    The specified replication job does not exist.

    ", - "exception":true - }, - "ReplicationJobState":{ - "type":"string", - "enum":[ - "PENDING", - "ACTIVE", - "FAILED", - "DELETING", - "DELETED", - "COMPLETED", - "PAUSED_ON_FAILURE", - "FAILING" - ] - }, - "ReplicationJobStatusMessage":{"type":"string"}, - "ReplicationJobTerminated":{"type":"boolean"}, - "ReplicationRun":{ - "type":"structure", - "members":{ - "replicationRunId":{ - "shape":"ReplicationRunId", - "documentation":"

    The ID of the replication run.

    " - }, - "state":{ - "shape":"ReplicationRunState", - "documentation":"

    The state of the replication run.

    " - }, - "type":{ - "shape":"ReplicationRunType", - "documentation":"

    The type of replication run.

    " - }, - "stageDetails":{ - "shape":"ReplicationRunStageDetails", - "documentation":"

    Details about the current stage of the replication run.

    " - }, - "statusMessage":{ - "shape":"ReplicationRunStatusMessage", - "documentation":"

    The description of the current status of the replication job.

    " - }, - "amiId":{ - "shape":"AmiId", - "documentation":"

    The ID of the Amazon Machine Image (AMI) from the replication run.

    " - }, - "scheduledStartTime":{ - "shape":"Timestamp", - "documentation":"

    The start time of the next replication run.

    " - }, - "completedTime":{ - "shape":"Timestamp", - "documentation":"

    The completion time of the last replication run.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication run.

    " - }, - "encrypted":{ - "shape":"Encrypted", - "documentation":"

    Indicates whether the replication run should produce an encrypted AMI.

    " - }, - "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key for replication jobs that produce encrypted AMIs. This value can be any of the following:

    • KMS key ID

    • KMS key alias

    • ARN referring to the KMS key ID

    • ARN referring to the KMS key alias

    If encrypted is true but a KMS key ID is not specified, the customer's default KMS key for Amazon EBS is used.

    " - } - }, - "documentation":"

    Represents a replication run.

    " - }, - "ReplicationRunId":{"type":"string"}, - "ReplicationRunLimitExceededException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    You have exceeded the number of on-demand replication runs you can request in a 24-hour period.

    ", - "exception":true - }, - "ReplicationRunList":{ - "type":"list", - "member":{"shape":"ReplicationRun"} - }, - "ReplicationRunStage":{"type":"string"}, - "ReplicationRunStageDetails":{ - "type":"structure", - "members":{ - "stage":{ - "shape":"ReplicationRunStage", - "documentation":"

    The current stage of a replication run.

    " - }, - "stageProgress":{ - "shape":"ReplicationRunStageProgress", - "documentation":"

    The progress of the current stage of a replication run.

    " - } - }, - "documentation":"

    Details of the current stage of a replication run.

    " - }, - "ReplicationRunStageProgress":{"type":"string"}, - "ReplicationRunState":{ - "type":"string", - "enum":[ - "PENDING", - "MISSED", - "ACTIVE", - "FAILED", - "COMPLETED", - "DELETING", - "DELETED" - ] - }, - "ReplicationRunStatusMessage":{"type":"string"}, - "ReplicationRunType":{ - "type":"string", - "enum":[ - "ON_DEMAND", - "AUTOMATIC" - ] - }, - "RoleName":{"type":"string"}, - "RunOnce":{"type":"boolean"}, - "S3BucketName":{ - "type":"string", - "max":63, - "min":3 - }, - "S3KeyName":{ - "type":"string", - "max":1024 - }, - "S3Location":{ - "type":"structure", - "members":{ - "bucket":{ - "shape":"S3BucketName", - "documentation":"

    The Amazon S3 bucket name.

    " - }, - "key":{ - "shape":"S3KeyName", - "documentation":"

    The Amazon S3 bucket key.

    " - } - }, - "documentation":"

    Location of an Amazon S3 object.

    " - }, - "SSMOutput":{ - "type":"structure", - "members":{ - "s3Location":{"shape":"S3Location"} - }, - "documentation":"

    Contains the location of validation output.

    " - }, - "SSMValidationParameters":{ - "type":"structure", - "members":{ - "source":{ - "shape":"Source", - "documentation":"

    The location of the validation script.

    " - }, - "instanceId":{ - "shape":"InstanceId", - "documentation":"

    The ID of the instance. The instance must have the following tag: UserForSMSApplicationValidation=true.

    " - }, - "scriptType":{ - "shape":"ScriptType", - "documentation":"

    The type of validation script.

    " - }, - "command":{ - "shape":"Command", - "documentation":"

    The command to run the validation script.

    " - }, - "executionTimeoutSeconds":{ - "shape":"ExecutionTimeoutSeconds", - "documentation":"

    The timeout interval, in seconds.

    " - }, - "outputS3BucketName":{ - "shape":"BucketName", - "documentation":"

    The name of the S3 bucket for output.

    " - } - }, - "documentation":"

    Contains validation parameters.

    " - }, - "ScriptType":{ - "type":"string", - "enum":[ - "SHELL_SCRIPT", - "POWERSHELL_SCRIPT" - ] - }, - "SecurityGroup":{"type":"string"}, - "Server":{ - "type":"structure", - "members":{ - "serverId":{ - "shape":"ServerId", - "documentation":"

    The ID of the server.

    " - }, - "serverType":{ - "shape":"ServerType", - "documentation":"

    The type of server.

    " - }, - "vmServer":{ - "shape":"VmServer", - "documentation":"

    Information about the VM server.

    " - }, - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "replicationJobTerminated":{ - "shape":"ReplicationJobTerminated", - "documentation":"

    Indicates whether the replication job is deleted or failed.

    " - } - }, - "documentation":"

    Represents a server.

    " - }, - "ServerCannotBeReplicatedException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    The specified server cannot be replicated.

    ", - "exception":true - }, - "ServerCatalogStatus":{ - "type":"string", - "enum":[ - "NOT_IMPORTED", - "IMPORTING", - "AVAILABLE", - "DELETED", - "EXPIRED" - ] - }, - "ServerGroup":{ - "type":"structure", - "members":{ - "serverGroupId":{ - "shape":"ServerGroupId", - "documentation":"

    The ID of a server group.

    " - }, - "name":{ - "shape":"ServerGroupName", - "documentation":"

    The name of a server group.

    " - }, - "serverList":{ - "shape":"ServerList", - "documentation":"

    The servers that belong to a server group.

    " - } - }, - "documentation":"

    Logical grouping of servers.

    " - }, - "ServerGroupId":{"type":"string"}, - "ServerGroupLaunchConfiguration":{ - "type":"structure", - "members":{ - "serverGroupId":{ - "shape":"ServerGroupId", - "documentation":"

    The ID of the server group with which the launch configuration is associated.

    " - }, - "launchOrder":{ - "shape":"LaunchOrder", - "documentation":"

    The launch order of servers in the server group.

    " - }, - "serverLaunchConfigurations":{ - "shape":"ServerLaunchConfigurations", - "documentation":"

    The launch configuration for servers in the server group.

    " - } - }, - "documentation":"

    Launch configuration for a server group.

    " - }, - "ServerGroupLaunchConfigurations":{ - "type":"list", - "member":{"shape":"ServerGroupLaunchConfiguration"} - }, - "ServerGroupName":{"type":"string"}, - "ServerGroupReplicationConfiguration":{ - "type":"structure", - "members":{ - "serverGroupId":{ - "shape":"ServerGroupId", - "documentation":"

    The ID of the server group with which this replication configuration is associated.

    " - }, - "serverReplicationConfigurations":{ - "shape":"ServerReplicationConfigurations", - "documentation":"

    The replication configuration for servers in the server group.

    " - } - }, - "documentation":"

    Replication configuration for a server group.

    " - }, - "ServerGroupReplicationConfigurations":{ - "type":"list", - "member":{"shape":"ServerGroupReplicationConfiguration"} - }, - "ServerGroupValidationConfiguration":{ - "type":"structure", - "members":{ - "serverGroupId":{ - "shape":"ServerGroupId", - "documentation":"

    The ID of the server group.

    " - }, - "serverValidationConfigurations":{ - "shape":"ServerValidationConfigurations", - "documentation":"

    The validation configuration.

    " - } - }, - "documentation":"

    Configuration for validating an instance.

    " - }, - "ServerGroupValidationConfigurations":{ - "type":"list", - "member":{"shape":"ServerGroupValidationConfiguration"} - }, - "ServerGroups":{ - "type":"list", - "member":{"shape":"ServerGroup"} - }, - "ServerId":{"type":"string"}, - "ServerLaunchConfiguration":{ - "type":"structure", - "members":{ - "server":{ - "shape":"Server", - "documentation":"

    The ID of the server with which the launch configuration is associated.

    " - }, - "logicalId":{ - "shape":"LogicalId", - "documentation":"

    The logical ID of the server in the CloudFormation template.

    " - }, - "vpc":{ - "shape":"VPC", - "documentation":"

    The ID of the VPC into which the server should be launched.

    " - }, - "subnet":{ - "shape":"Subnet", - "documentation":"

    The ID of the subnet the server should be launched into.

    " - }, - "securityGroup":{ - "shape":"SecurityGroup", - "documentation":"

    The ID of the security group that applies to the launched server.

    " - }, - "ec2KeyName":{ - "shape":"EC2KeyName", - "documentation":"

    The name of the Amazon EC2 SSH key to be used for connecting to the launched server.

    " - }, - "userData":{ - "shape":"UserData", - "documentation":"

    Location of the user-data script to be executed when launching the server.

    " - }, - "instanceType":{ - "shape":"InstanceType", - "documentation":"

    The instance type to use when launching the server.

    " - }, - "associatePublicIpAddress":{ - "shape":"AssociatePublicIpAddress", - "documentation":"

    Indicates whether a publicly accessible IP address is created when launching the server.

    " - }, - "iamInstanceProfileName":{ - "shape":"RoleName", - "documentation":"

    The name of the IAM instance profile.

    " - }, - "configureScript":{"shape":"S3Location"}, - "configureScriptType":{ - "shape":"ScriptType", - "documentation":"

    The type of configuration script.

    " - } - }, - "documentation":"

    Launch configuration for a server.

    " - }, - "ServerLaunchConfigurations":{ - "type":"list", - "member":{"shape":"ServerLaunchConfiguration"} - }, - "ServerList":{ - "type":"list", - "member":{"shape":"Server"} - }, - "ServerReplicationConfiguration":{ - "type":"structure", - "members":{ - "server":{ - "shape":"Server", - "documentation":"

    The ID of the server with which this replication configuration is associated.

    " - }, - "serverReplicationParameters":{ - "shape":"ServerReplicationParameters", - "documentation":"

    The parameters for replicating the server.

    " - } - }, - "documentation":"

    Replication configuration of a server.

    " - }, - "ServerReplicationConfigurations":{ - "type":"list", - "member":{"shape":"ServerReplicationConfiguration"} - }, - "ServerReplicationParameters":{ - "type":"structure", - "members":{ - "seedTime":{ - "shape":"Timestamp", - "documentation":"

    The seed time for creating a replication job for the server.

    " - }, - "frequency":{ - "shape":"Frequency", - "documentation":"

    The frequency of creating replication jobs for the server.

    " - }, - "runOnce":{ - "shape":"RunOnce", - "documentation":"

    Indicates whether to run the replication job one time.

    " - }, - "licenseType":{ - "shape":"LicenseType", - "documentation":"

    The license type for creating a replication job for the server.

    " - }, - "numberOfRecentAmisToKeep":{ - "shape":"NumberOfRecentAmisToKeep", - "documentation":"

    The number of recent AMIs to keep when creating a replication job for this server.

    " - }, - "encrypted":{ - "shape":"Encrypted", - "documentation":"

    Indicates whether the replication job produces encrypted AMIs.

    " - }, - "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key for replication jobs that produce encrypted AMIs. This value can be any of the following:

    • KMS key ID

    • KMS key alias

    • ARN referring to the KMS key ID

    • ARN referring to the KMS key alias

    If encrypted is enabled but a KMS key ID is not specified, the customer's default KMS key for Amazon EBS is used.

    " - } - }, - "documentation":"

    The replication parameters for replicating a server.

    " - }, - "ServerType":{ - "type":"string", - "enum":["VIRTUAL_MACHINE"] - }, - "ServerValidationConfiguration":{ - "type":"structure", - "members":{ - "server":{"shape":"Server"}, - "validationId":{ - "shape":"ValidationId", - "documentation":"

    The ID of the validation.

    " - }, - "name":{ - "shape":"NonEmptyStringWithMaxLen255", - "documentation":"

    The name of the configuration.

    " - }, - "serverValidationStrategy":{ - "shape":"ServerValidationStrategy", - "documentation":"

    The validation strategy.

    " - }, - "userDataValidationParameters":{ - "shape":"UserDataValidationParameters", - "documentation":"

    The validation parameters.

    " - } - }, - "documentation":"

    Configuration for validating an instance.

    " - }, - "ServerValidationConfigurations":{ - "type":"list", - "member":{"shape":"ServerValidationConfiguration"} - }, - "ServerValidationOutput":{ - "type":"structure", - "members":{ - "server":{"shape":"Server"} - }, - "documentation":"

    Contains output from validating an instance.

    " - }, - "ServerValidationStrategy":{ - "type":"string", - "enum":["USERDATA"] - }, - "Source":{ - "type":"structure", - "members":{ - "s3Location":{"shape":"S3Location"} - }, - "documentation":"

    Contains the location of a validation script.

    " - }, - "StackId":{"type":"string"}, - "StackName":{"type":"string"}, - "StartAppReplicationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "StartAppReplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "StartOnDemandAppReplicationRequest":{ - "type":"structure", - "required":["appId"], - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication run.

    " - } - } - }, - "StartOnDemandAppReplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "StartOnDemandReplicationRunRequest":{ - "type":"structure", - "required":["replicationJobId"], - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication run.

    " - } - } - }, - "StartOnDemandReplicationRunResponse":{ - "type":"structure", - "members":{ - "replicationRunId":{ - "shape":"ReplicationRunId", - "documentation":"

    The ID of the replication run.

    " - } - } - }, - "StopAppReplicationRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "StopAppReplicationResponse":{ - "type":"structure", - "members":{ - } - }, - "Subnet":{"type":"string"}, - "Tag":{ - "type":"structure", - "members":{ - "key":{ - "shape":"TagKey", - "documentation":"

    The tag key.

    " - }, - "value":{ - "shape":"TagValue", - "documentation":"

    The tag value.

    " - } - }, - "documentation":"

    Key/value pair that can be assigned to an application.

    " - }, - "TagKey":{"type":"string"}, - "TagValue":{"type":"string"}, - "Tags":{ - "type":"list", - "member":{"shape":"Tag"} - }, - "TemporarilyUnavailableException":{ - "type":"structure", - "members":{ - }, - "documentation":"

    The service is temporarily unavailable.

    ", - "exception":true, - "fault":true - }, - "TerminateAppRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - } - } - }, - "TerminateAppResponse":{ - "type":"structure", - "members":{ - } - }, - "Timestamp":{"type":"timestamp"}, - "TotalServerGroups":{"type":"integer"}, - "TotalServers":{"type":"integer"}, - "UnauthorizedOperationException":{ - "type":"structure", - "members":{ - "message":{"shape":"ErrorMessage"} - }, - "documentation":"

    You lack permissions needed to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys.

    ", - "exception":true - }, - "UpdateAppRequest":{ - "type":"structure", - "members":{ - "appId":{ - "shape":"AppId", - "documentation":"

    The ID of the application.

    " - }, - "name":{ - "shape":"AppName", - "documentation":"

    The new name of the application.

    " - }, - "description":{ - "shape":"AppDescription", - "documentation":"

    The new description of the application.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the service role in the customer's account used by Server Migration Service.

    " - }, - "serverGroups":{ - "shape":"ServerGroups", - "documentation":"

    The server groups in the application to update.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags to associate with the application.

    " - } - } - }, - "UpdateAppResponse":{ - "type":"structure", - "members":{ - "appSummary":{ - "shape":"AppSummary", - "documentation":"

    A summary description of the application.

    " - }, - "serverGroups":{ - "shape":"ServerGroups", - "documentation":"

    The updated server groups in the application.

    " - }, - "tags":{ - "shape":"Tags", - "documentation":"

    The tags associated with the application.

    " - } - } - }, - "UpdateReplicationJobRequest":{ - "type":"structure", - "required":["replicationJobId"], - "members":{ - "replicationJobId":{ - "shape":"ReplicationJobId", - "documentation":"

    The ID of the replication job.

    " - }, - "frequency":{ - "shape":"Frequency", - "documentation":"

    The time between consecutive replication runs, in hours.

    " - }, - "nextReplicationRunStartTime":{ - "shape":"Timestamp", - "documentation":"

    The start time of the next replication run.

    " - }, - "licenseType":{ - "shape":"LicenseType", - "documentation":"

    The license type to be used for the AMI created by a successful replication run.

    " - }, - "roleName":{ - "shape":"RoleName", - "documentation":"

    The name of the IAM role to be used by Server Migration Service.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the replication job.

    " - }, - "numberOfRecentAmisToKeep":{ - "shape":"NumberOfRecentAmisToKeep", - "documentation":"

    The maximum number of SMS-created AMIs to retain. The oldest is deleted after the maximum number is reached and a new AMI is created.

    " - }, - "encrypted":{ - "shape":"Encrypted", - "documentation":"

    When true, the replication job produces encrypted AMIs. For more information, KmsKeyId.

    " - }, - "kmsKeyId":{ - "shape":"KmsKeyId", - "documentation":"

    The ID of the KMS key for replication jobs that produce encrypted AMIs. This value can be any of the following:

    • KMS key ID

    • KMS key alias

    • ARN referring to the KMS key ID

    • ARN referring to the KMS key alias

    If encrypted is enabled but a KMS key ID is not specified, the customer's default KMS key for Amazon EBS is used.

    " - } - } - }, - "UpdateReplicationJobResponse":{ - "type":"structure", - "members":{ - } - }, - "UserData":{ - "type":"structure", - "members":{ - "s3Location":{ - "shape":"S3Location", - "documentation":"

    Amazon S3 location of the user-data script.

    " - } - }, - "documentation":"

    A script that runs on first launch of an Amazon EC2 instance. Used for configuring the server during launch.

    " - }, - "UserDataValidationParameters":{ - "type":"structure", - "members":{ - "source":{ - "shape":"Source", - "documentation":"

    The location of the validation script.

    " - }, - "scriptType":{ - "shape":"ScriptType", - "documentation":"

    The type of validation script.

    " - } - }, - "documentation":"

    Contains validation parameters.

    " - }, - "VPC":{"type":"string"}, - "ValidationId":{ - "type":"string", - "pattern":"^val-[0-9a-f]{17}$" - }, - "ValidationOutput":{ - "type":"structure", - "members":{ - "validationId":{ - "shape":"ValidationId", - "documentation":"

    The ID of the validation.

    " - }, - "name":{ - "shape":"NonEmptyStringWithMaxLen255", - "documentation":"

    The name of the validation.

    " - }, - "status":{ - "shape":"ValidationStatus", - "documentation":"

    The status of the validation.

    " - }, - "statusMessage":{ - "shape":"ValidationStatusMessage", - "documentation":"

    The status message.

    " - }, - "latestValidationTime":{ - "shape":"Timestamp", - "documentation":"

    The latest time that the validation was performed.

    " - }, - "appValidationOutput":{ - "shape":"AppValidationOutput", - "documentation":"

    The output from validating an application.

    " - }, - "serverValidationOutput":{ - "shape":"ServerValidationOutput", - "documentation":"

    The output from validation an instance.

    " - } - }, - "documentation":"

    Contains validation output.

    " - }, - "ValidationOutputList":{ - "type":"list", - "member":{"shape":"ValidationOutput"} - }, - "ValidationStatus":{ - "type":"string", - "enum":[ - "READY_FOR_VALIDATION", - "PENDING", - "IN_PROGRESS", - "SUCCEEDED", - "FAILED" - ] - }, - "ValidationStatusMessage":{ - "type":"string", - "max":2500 - }, - "VmId":{"type":"string"}, - "VmManagerId":{"type":"string"}, - "VmManagerName":{"type":"string"}, - "VmManagerType":{ - "type":"string", - "enum":[ - "VSPHERE", - "SCVMM", - "HYPERV-MANAGER" - ] - }, - "VmName":{"type":"string"}, - "VmPath":{"type":"string"}, - "VmServer":{ - "type":"structure", - "members":{ - "vmServerAddress":{ - "shape":"VmServerAddress", - "documentation":"

    The VM server location.

    " - }, - "vmName":{ - "shape":"VmName", - "documentation":"

    The name of the VM.

    " - }, - "vmManagerName":{ - "shape":"VmManagerName", - "documentation":"

    The name of the VM manager.

    " - }, - "vmManagerType":{ - "shape":"VmManagerType", - "documentation":"

    The type of VM management product.

    " - }, - "vmPath":{ - "shape":"VmPath", - "documentation":"

    The VM folder path in the vCenter Server virtual machine inventory tree.

    " - } - }, - "documentation":"

    Represents a VM server.

    " - }, - "VmServerAddress":{ - "type":"structure", - "members":{ - "vmManagerId":{ - "shape":"VmManagerId", - "documentation":"

    The ID of the VM manager.

    " - }, - "vmId":{ - "shape":"VmId", - "documentation":"

    The ID of the VM.

    " - } - }, - "documentation":"

    Represents a VM server location.

    " - }, - "VmServerAddressList":{ - "type":"list", - "member":{"shape":"VmServerAddress"} - } - }, - "documentation":"

    Product update

    We recommend Amazon Web Services Application Migration Service (Amazon Web Services MGN) as the primary migration service for lift-and-shift migrations. If Amazon Web Services MGN is unavailable in a specific Amazon Web Services Region, you can use the Server Migration Service APIs through March 2023.

    Server Migration Service (Server Migration Service) makes it easier and faster for you to migrate your on-premises workloads to Amazon Web Services. To learn more about Server Migration Service, see the following resources:

    ", - "deprecated":true, - "deprecatedMessage":"AWS Server Migration Service is Deprecated." -} diff -pruN 2.23.6-1/awscli/botocore/data/snow-device-management/2021-08-04/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/snow-device-management/2021-08-04/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/snow-device-management/2021-08-04/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/snow-device-management/2021-08-04/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/snowball/2016-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/snowball/2016-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/snowball/2016-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/snowball/2016-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/snowball/2016-06-30/service-2.json 2.31.35-1/awscli/botocore/data/snowball/2016-06-30/service-2.json --- 2.23.6-1/awscli/botocore/data/snowball/2016-06-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/snowball/2016-06-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -503,8 +503,7 @@ }, "CancelClusterResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CancelJobRequest":{ "type":"structure", @@ -518,8 +517,7 @@ }, "CancelJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ClusterId":{ "type":"string", @@ -590,7 +588,7 @@ }, "SnowballType":{ "shape":"SnowballType", - "documentation":"

    The type of Snowcone device to use for this cluster.

    For cluster jobs, Amazon Web Services Snow Family currently supports only the EDGE device type.

    " + "documentation":"

    The type of Snowball Edge device to use for this cluster.

    For cluster jobs, Amazon Web Services Snow Family currently supports only the EDGE device type.

    " }, "CreationDate":{ "shape":"Timestamp", @@ -839,7 +837,7 @@ }, "DeviceConfiguration":{ "shape":"DeviceConfiguration", - "documentation":"

    Defines the device configuration for an Snowcone job.

    For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the Snowcone User Guide or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the Snowcone User Guide.

    " + "documentation":"

    Defines the device configuration for an Snowball Edge job.

    For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the Snowcone User Guide or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the Snowcone User Guide.

    " }, "RemoteManagement":{ "shape":"RemoteManagement", @@ -1080,7 +1078,7 @@ "members":{ "SnowconeDeviceConfiguration":{ "shape":"SnowconeDeviceConfiguration", - "documentation":"

    Returns information about the device configuration for an Snowcone job.

    " + "documentation":"

    Returns information about the device configuration for an Snowball Edge job.

    " } }, "documentation":"

    The container for SnowconeDeviceConfiguration.

    " @@ -1206,8 +1204,7 @@ }, "GetSnowballUsageRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetSnowballUsageResult":{ "type":"structure", @@ -2157,10 +2154,10 @@ "members":{ "WirelessConnection":{ "shape":"WirelessConnection", - "documentation":"

    Configures the wireless connection for the Snowcone device.

    " + "documentation":"

    Configures the wireless connection for the Snowball Edge device.

    " } }, - "documentation":"

    Specifies the device configuration for an Snowcone job.

    " + "documentation":"

    Specifies the device configuration for an Snowball Edge job.

    " }, "SnsTopicARN":{ "type":"string", @@ -2281,8 +2278,7 @@ }, "UpdateClusterResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateJobRequest":{ "type":"structure", @@ -2333,8 +2329,7 @@ }, "UpdateJobResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateJobShipmentStateRequest":{ "type":"structure", @@ -2355,8 +2350,7 @@ }, "UpdateJobShipmentStateResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateLongTermPricingRequest":{ "type":"structure", @@ -2378,18 +2372,17 @@ }, "UpdateLongTermPricingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "WirelessConnection":{ "type":"structure", "members":{ "IsWifiEnabled":{ "shape":"Boolean", - "documentation":"

    Enables the Wi-Fi adapter on an Snowcone device.

    " + "documentation":"

    Enables the Wi-Fi adapter on an Snowball Edge device.

    " } }, - "documentation":"

    Configures the wireless connection on an Snowcone device.

    " + "documentation":"

    Configures the wireless connection on an Snowball Edge device.

    " } }, "documentation":"

    The Amazon Web Services Snow Family provides a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3). The Snow Family commands described here provide access to the same functionality that is available in the Amazon Web Services Snow Family Management Console, which enables you to create and manage jobs for a Snow Family device. To transfer data locally with a Snow Family device, you'll need to use the Snowball Edge client or the Amazon S3 API Interface for Snowball or OpsHub for Snow Family. For more information, see the User Guide.

    " diff -pruN 2.23.6-1/awscli/botocore/data/sns/2010-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sns/2010-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sns/2010-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sns/2010-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sns/2010-03-31/service-2.json 2.31.35-1/awscli/botocore/data/sns/2010-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/sns/2010-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sns/2010-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -86,7 +86,7 @@ {"shape":"InternalErrorException"}, {"shape":"AuthorizationErrorException"} ], - "documentation":"

    Creates a platform application object for one of the supported push notification services, such as APNS and GCM (Firebase Cloud Messaging), to which devices and mobile apps may register. You must specify PlatformPrincipal and PlatformCredential attributes when using the CreatePlatformApplication action.

    PlatformPrincipal and PlatformCredential are received from the notification service.

    • For ADM, PlatformPrincipal is client id and PlatformCredential is client secret.

    • For APNS and APNS_SANDBOX using certificate credentials, PlatformPrincipal is SSL certificate and PlatformCredential is private key.

    • For APNS and APNS_SANDBOX using token credentials, PlatformPrincipal is signing key ID and PlatformCredential is signing key.

    • For Baidu, PlatformPrincipal is API key and PlatformCredential is secret key.

    • For GCM (Firebase Cloud Messaging) using key credentials, there is no PlatformPrincipal. The PlatformCredential is API key.

    • For GCM (Firebase Cloud Messaging) using token credentials, there is no PlatformPrincipal. The PlatformCredential is a JSON formatted private key file. When using the Amazon Web Services CLI, the file must be in string format and special characters must be ignored. To format the file correctly, Amazon SNS recommends using the following command: SERVICE_JSON=`jq @json <<< cat service.json`.

    • For MPNS, PlatformPrincipal is TLS certificate and PlatformCredential is private key.

    • For WNS, PlatformPrincipal is Package Security Identifier and PlatformCredential is secret key.

    You can use the returned PlatformApplicationArn as an attribute for the CreatePlatformEndpoint action.

    " + "documentation":"

    Creates a platform application object for one of the supported push notification services, such as APNS and GCM (Firebase Cloud Messaging), to which devices and mobile apps may register. You must specify PlatformPrincipal and PlatformCredential attributes when using the CreatePlatformApplication action.

    PlatformPrincipal and PlatformCredential are received from the notification service.

    • For ADM, PlatformPrincipal is client id and PlatformCredential is client secret.

    • For APNS and APNS_SANDBOX using certificate credentials, PlatformPrincipal is SSL certificate and PlatformCredential is private key.

    • For APNS and APNS_SANDBOX using token credentials, PlatformPrincipal is signing key ID and PlatformCredential is signing key.

    • For Baidu, PlatformPrincipal is API key and PlatformCredential is secret key.

    • For GCM (Firebase Cloud Messaging) using key credentials, there is no PlatformPrincipal. The PlatformCredential is API key.

    • For GCM (Firebase Cloud Messaging) using token credentials, there is no PlatformPrincipal. The PlatformCredential is a JSON formatted private key file. When using the Amazon Web Services CLI or Amazon Web Services SDKs, the file must be in string format and special characters must be ignored. To format the file correctly, Amazon SNS recommends using the following command: SERVICE_JSON=$(jq @json < service.json).

    • For MPNS, PlatformPrincipal is TLS certificate and PlatformCredential is private key.

    • For WNS, PlatformPrincipal is Package Security Identifier and PlatformCredential is secret key.

    You can use the returned PlatformApplicationArn as an attribute for the CreatePlatformEndpoint action.

    " }, "CreatePlatformEndpoint":{ "name":"CreatePlatformEndpoint", @@ -607,7 +607,7 @@ {"shape":"InvalidSecurityException"}, {"shape":"ValidationException"} ], - "documentation":"

    Publishes up to ten messages to the specified topic. This is a batch version of Publish. For FIFO topics, multiple messages within a single batch are published in the order they are sent, and messages are deduplicated within the batch and across batches for 5 minutes.

    The result of publishing each message is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

    The maximum allowed individual message size and the maximum total payload size (the sum of the individual lengths of all of the batched messages) are both 256 KB (262,144 bytes).

    Some actions take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. For example, a parameter list with two elements looks like this:

    &AttributeName.1=first

    &AttributeName.2=second

    If you send a batch message to a topic, Amazon SNS publishes the batch message to each endpoint that is subscribed to the topic. The format of the batch message depends on the notification protocol for each subscribed endpoint.

    When a messageId is returned, the batch message is saved and Amazon SNS immediately delivers the message to subscribers.

    " + "documentation":"

    Publishes up to 10 messages to the specified topic in a single batch. This is a batch version of the Publish API. If you try to send more than 10 messages in a single batch request, you will receive a TooManyEntriesInBatchRequest exception.

    For FIFO topics, multiple messages within a single batch are published in the order they are sent, and messages are deduplicated within the batch and across batches for five minutes.

    The result of publishing each message is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

    The maximum allowed individual message size and the maximum total payload size (the sum of the individual lengths of all of the batched messages) are both 256 KB (262,144 bytes).

    The PublishBatch API can send up to 10 messages at a time. If you attempt to send more than 10 messages in one request, you will encounter a TooManyEntriesInBatchRequest exception. In such cases, split your messages into multiple requests, each containing no more than 10 messages.

    Some actions take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. For example, a parameter list with two elements looks like this:

    &AttributeName.1=first

    &AttributeName.2=second

    If you send a batch message to a topic, Amazon SNS publishes the batch message to each endpoint that is subscribed to the topic. The format of the batch message depends on the notification protocol for each subscribed endpoint.

    When a messageId is returned, the batch message is saved, and Amazon SNS immediately delivers the message to subscribers.

    " }, "PutDataProtectionPolicy":{ "name":"PutDataProtectionPolicy", @@ -781,7 +781,7 @@ {"shape":"NotFoundException"}, {"shape":"InvalidSecurityException"} ], - "documentation":"

    Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the subscription or the topic's owner can unsubscribe, and an Amazon Web Services signature is required. If the Unsubscribe call does not require authentication and the requester is not the subscription owner, a final cancellation message is delivered to the endpoint, so that the endpoint owner can easily resubscribe to the topic if the Unsubscribe request was unintended.

    Amazon SQS queue subscriptions require authentication for deletion. Only the owner of the subscription, or the owner of the topic can unsubscribe using the required Amazon Web Services signature.

    This action is throttled at 100 transactions per second (TPS).

    " + "documentation":"

    Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the subscription or the topic's owner can unsubscribe, and an Amazon Web Services signature is required. If the Unsubscribe call does not require authentication and the requester is not the subscription owner, a final cancellation message is delivered to the endpoint, so that the endpoint owner can easily resubscribe to the topic if the Unsubscribe request was unintended.

    This action is throttled at 100 transactions per second (TPS).

    " }, "UntagResource":{ "name":"UntagResource", @@ -1086,8 +1086,7 @@ }, "CreateSMSSandboxPhoneNumberResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateTopicInput":{ "type":"structure", @@ -1099,7 +1098,7 @@ }, "Attributes":{ "shape":"TopicAttributesMap", - "documentation":"

    A map of attributes with their corresponding values.

    The following lists names, descriptions, and values of the special request parameters that the CreateTopic action uses:

    • DeliveryPolicy – The policy that defines how Amazon SNS retries failed deliveries to HTTP/S endpoints.

    • DisplayName – The display name to use for a topic with SMS subscriptions.

    • FifoTopic – Set to true to create a FIFO topic.

    • Policy – The policy that defines who can access your topic. By default, only the topic owner can publish or subscribe to the topic.

    • SignatureVersion – The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. By default, SignatureVersion is set to 1.

    • TracingConfig – Tracing mode of an Amazon SNS topic. By default TracingConfig is set to PassThrough, and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to Active, Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. This is only supported on standard topics.

    The following attribute applies only to server-side encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms. For more examples, see KeyId in the Key Management Service API Reference.

    The following attributes apply only to FIFO topics:

    • ArchivePolicy – The policy that sets the retention period for messages stored in the message archive of an Amazon SNS FIFO topic.

    • ContentBasedDeduplication – Enables content-based deduplication for FIFO topics.

      • By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the Publish action.

      • When you set ContentBasedDeduplication to true, Amazon SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        (Optional) To override the generated value, you can specify a value for the MessageDeduplicationId parameter for the Publish action.

    • FifoThroughputScope – Enables higher throughput for your FIFO topic by adjusting the scope of deduplication. This attribute has two possible values:

      • Topic – The scope of message deduplication is across the entire topic. This is the default value and maintains existing behavior, with a maximum throughput of 3000 messages per second or 20MB per second, whichever comes first.

      • MessageGroup – The scope of deduplication is within each individual message group, which enables higher throughput per topic subject to regional quotas. For more information on quotas or to request an increase, see Amazon SNS service quotas in the Amazon Web Services General Reference.

    " + "documentation":"

    A map of attributes with their corresponding values.

    The following lists names, descriptions, and values of the special request parameters that the CreateTopic action uses:

    • DeliveryPolicy – The policy that defines how Amazon SNS retries failed deliveries to HTTP/S endpoints.

    • DisplayName – The display name to use for a topic with SMS subscriptions.

    • Policy – The policy that defines who can access your topic. By default, only the topic owner can publish or subscribe to the topic.

    • TracingConfig – Tracing mode of an Amazon SNS topic. By default TracingConfig is set to PassThrough, and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to Active, Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. This is only supported on standard topics.

    • HTTP

      • HTTPSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

    • Amazon Data Firehose

      • FirehoseSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

      • FirehoseSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

      • FirehoseFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

    • Lambda

      • LambdaSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

    • Platform application endpoint

      • ApplicationSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to a platform application endpoint.

      • ApplicationSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an platform application endpoint.

      • ApplicationFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an platform application endpoint.

      In addition to being able to configure topic attributes for message delivery status of notification messages sent to Amazon SNS application endpoints, you can also configure application attributes for the delivery status of push notification messages sent to push notification services.

      For example, For more information, see Using Amazon SNS Application Attributes for Message Delivery Status.

    • Amazon SQS

      • SQSSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

    The <ENDPOINT>SuccessFeedbackRoleArn and <ENDPOINT>FailureFeedbackRoleArn attributes are used to give Amazon SNS write access to use CloudWatch Logs on your behalf. The <ENDPOINT>SuccessFeedbackSampleRate attribute is for specifying the sample rate percentage (0-100) of successfully delivered messages. After you configure the <ENDPOINT>FailureFeedbackRoleArn attribute, then all failed message deliveries generate CloudWatch Logs.

    The following attribute applies only to server-side encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms. For more examples, see KeyId in the Key Management Service API Reference.

    The following attributes apply only to FIFO topics:

    • ArchivePolicy – The policy that sets the retention period for messages stored in the message archive of an Amazon SNS FIFO topic.

    • ContentBasedDeduplication – Enables content-based deduplication for FIFO topics.

      • By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the Publish action.

      • When you set ContentBasedDeduplication to true, Amazon SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        (Optional) To override the generated value, you can specify a value for the MessageDeduplicationId parameter for the Publish action.

    • FifoThroughputScope – Enables higher throughput for your FIFO topic by adjusting the scope of deduplication. This attribute has two possible values:

      • Topic – The scope of message deduplication is across the entire topic. This is the default value and maintains existing behavior, with a maximum throughput of 3000 messages per second or 20MB per second, whichever comes first.

      • MessageGroup – The scope of deduplication is within each individual message group, which enables higher throughput per topic subject to regional quotas. For more information on quotas or to request an increase, see Amazon SNS service quotas in the Amazon Web Services General Reference.

    " }, "Tags":{ "shape":"TagList", @@ -1160,8 +1159,7 @@ }, "DeleteSMSSandboxPhoneNumberResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTopicInput":{ "type":"structure", @@ -1221,7 +1219,7 @@ "members":{ "message":{"shape":"string"} }, - "documentation":"

    Indicates that the number of filter polices in your Amazon Web Services account exceeds the limit. To add more filter polices, submit an Amazon SNS Limit Increase case in the Amazon Web Services Support Center.

    ", + "documentation":"

    Indicates that the number of filter polices in your Amazon Web Services account exceeds the limit. To add more filter polices, submit an Amazon SNS Limit Increase case in the Amazon Web ServicesSupport Center.

    ", "error":{ "code":"FilterPolicyLimitExceeded", "httpStatusCode":403, @@ -1312,8 +1310,7 @@ }, "GetSMSSandboxAccountStatusInput":{ "type":"structure", - "members":{ - } + "members":{} }, "GetSMSSandboxAccountStatusResult":{ "type":"structure", @@ -1880,8 +1877,7 @@ }, "OptInPhoneNumberResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response for the OptInPhoneNumber action.

    " }, "OptedOutException":{ @@ -2014,7 +2010,7 @@ }, "MessageStructure":{ "shape":"messageStructure", - "documentation":"

    Set MessageStructure to json if you want to send a different message for each protocol. For example, using one publish action, you can send a short message to your SMS subscribers and a longer message to your email subscribers. If you set MessageStructure to json, the value of the Message parameter must:

    • be a syntactically valid JSON object; and

    • contain at least a top-level JSON key of \"default\" with a value that is a string.

    You can define other top-level keys that define the message you want to send to a specific transport protocol (e.g. http).

    " + "documentation":"

    Set MessageStructure to json if you want to send a different message for each protocol. For example, using one publish action, you can send a short message to your SMS subscribers and a longer message to your email subscribers. If you set MessageStructure to json, the value of the Message parameter must:

    • be a syntactically valid JSON object; and

    • contain at least a top-level JSON key of \"default\" with a value that is a string.

    You can define other top-level keys that define the message you want to send to a specific transport protocol (for example, http).

    " }, "MessageAttributes":{ "shape":"MessageAttributeMap", @@ -2026,7 +2022,7 @@ }, "MessageGroupId":{ "shape":"String", - "documentation":"

    This parameter applies only to FIFO (first-in-first-out) topics.

    The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single topic, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the topic, but the session data of each user is processed in a FIFO fashion.

    You must associate a non-empty MessageGroupId with a message. If you don't provide a MessageGroupId, the action fails.

    The length of MessageGroupId is 128 characters.

    MessageGroupId can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    MessageGroupId is required for FIFO topics. You can't use it for standard topics.

    " + "documentation":"

    FIFO topics: The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single topic, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the topic, but the session data of each user is processed in a FIFO fashion. You must associate a non-empty MessageGroupId with a message. If you do not provide a MessageGroupId, the action fails.

    Standard topics: The MessageGroupId is optional and is forwarded only to Amazon SQS standard subscriptions to activate fair queues. The MessageGroupId is not used for, or sent to, any other endpoint types.

    The length of MessageGroupId is 128 characters.

    MessageGroupId can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    " } }, "documentation":"

    Contains the details of a single Amazon SNS message along with an Id that identifies a message within the batch.

    " @@ -2108,7 +2104,7 @@ }, "MessageGroupId":{ "shape":"String", - "documentation":"

    This parameter applies only to FIFO (first-in-first-out) topics. The MessageGroupId can contain up to 128 alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    The MessageGroupId is a tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). Every message must include a MessageGroupId.

    " + "documentation":"

    The MessageGroupId can contain up to 128 alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For FIFO topics: The MessageGroupId is a tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). Every message must include a MessageGroupId.

    For standard topics: The MessageGroupId is optional and is forwarded only to Amazon SQS standard subscriptions to activate fair queues. The MessageGroupId is not used for, or sent to, any other endpoint types. When provided, the same validation rules apply as for FIFO topics.

    " } }, "documentation":"

    Input for Publish action.

    " @@ -2272,8 +2268,7 @@ }, "SetSMSAttributesResponse":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The response for the SetSMSAttributes action.

    " }, "SetSubscriptionAttributesInput":{ @@ -2311,7 +2306,7 @@ }, "AttributeName":{ "shape":"attributeName", - "documentation":"

    A map of attributes with their corresponding values.

    The following lists the names, descriptions, and values of the special request parameters that the SetTopicAttributes action uses:

    • ApplicationSuccessFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to a platform application endpoint.

    • DeliveryPolicy – The policy that defines how Amazon SNS retries failed deliveries to HTTP/S endpoints.

    • DisplayName – The display name to use for a topic with SMS subscriptions.

    • Policy – The policy that defines who can access your topic. By default, only the topic owner can publish or subscribe to the topic.

    • TracingConfig – Tracing mode of an Amazon SNS topic. By default TracingConfig is set to PassThrough, and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to Active, Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. This is only supported on standard topics.

    • HTTP

      • HTTPSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

    • Amazon Kinesis Data Firehose

      • FirehoseSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon Kinesis Data Firehose endpoint.

      • FirehoseSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon Kinesis Data Firehose endpoint.

      • FirehoseFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon Kinesis Data Firehose endpoint.

    • Lambda

      • LambdaSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

    • Platform application endpoint

      • ApplicationSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon Web Services application endpoint.

      • ApplicationSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon Web Services application endpoint.

      • ApplicationFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon Web Services application endpoint.

      In addition to being able to configure topic attributes for message delivery status of notification messages sent to Amazon SNS application endpoints, you can also configure application attributes for the delivery status of push notification messages sent to push notification services.

      For example, For more information, see Using Amazon SNS Application Attributes for Message Delivery Status.

    • Amazon SQS

      • SQSSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

    The <ENDPOINT>SuccessFeedbackRoleArn and <ENDPOINT>FailureFeedbackRoleArn attributes are used to give Amazon SNS write access to use CloudWatch Logs on your behalf. The <ENDPOINT>SuccessFeedbackSampleRate attribute is for specifying the sample rate percentage (0-100) of successfully delivered messages. After you configure the <ENDPOINT>FailureFeedbackRoleArn attribute, then all failed message deliveries generate CloudWatch Logs.

    The following attribute applies only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms. For more examples, see KeyId in the Key Management Service API Reference.

    • SignatureVersion – The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. By default, SignatureVersion is set to 1.

    The following attribute applies only to FIFO topics:

    • ArchivePolicy – The policy that sets the retention period for messages stored in the message archive of an Amazon SNS FIFO topic.

    • ContentBasedDeduplication – Enables content-based deduplication for FIFO topics.

      • By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the Publish action.

      • When you set ContentBasedDeduplication to true, Amazon SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        (Optional) To override the generated value, you can specify a value for the MessageDeduplicationId parameter for the Publish action.

    • FifoThroughputScope – Enables higher throughput for your FIFO topic by adjusting the scope of deduplication. This attribute has two possible values:

      • Topic – The scope of message deduplication is across the entire topic. This is the default value and maintains existing behavior, with a maximum throughput of 3000 messages per second or 20MB per second, whichever comes first.

      • MessageGroup – The scope of deduplication is within each individual message group, which enables higher throughput per topic subject to regional quotas. For more information on quotas or to request an increase, see Amazon SNS service quotas in the Amazon Web Services General Reference.

    " + "documentation":"

    A map of attributes with their corresponding values.

    The following lists the names, descriptions, and values of the special request parameters that the SetTopicAttributes action uses:

    • DeliveryPolicy – The policy that defines how Amazon SNS retries failed deliveries to HTTP/S endpoints.

    • DisplayName – The display name to use for a topic with SMS subscriptions.

    • Policy – The policy that defines who can access your topic. By default, only the topic owner can publish or subscribe to the topic.

    • TracingConfig – Tracing mode of an Amazon SNS topic. By default TracingConfig is set to PassThrough, and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. If set to Active, Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. This is only supported on standard topics.

    • HTTP

      • HTTPSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an HTTP endpoint.

      • HTTPFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

    • Amazon Data Firehose

      • FirehoseSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

      • FirehoseSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

      • FirehoseFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon Data Firehose endpoint.

    • Lambda

      • LambdaSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Lambda endpoint.

      • LambdaFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Lambda endpoint.

    • Platform application endpoint

      • ApplicationSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an platform application endpoint.

      • ApplicationSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an platform application endpoint.

      • ApplicationFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an platform application endpoint.

      In addition to being able to configure topic attributes for message delivery status of notification messages sent to Amazon SNS application endpoints, you can also configure application attributes for the delivery status of push notification messages sent to push notification services.

      For example, For more information, see Using Amazon SNS Application Attributes for Message Delivery Status.

    • Amazon SQS

      • SQSSuccessFeedbackRoleArn – Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSSuccessFeedbackSampleRate – Indicates percentage of successful messages to sample for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

      • SQSFailureFeedbackRoleArn – Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

    The <ENDPOINT>SuccessFeedbackRoleArn and <ENDPOINT>FailureFeedbackRoleArn attributes are used to give Amazon SNS write access to use CloudWatch Logs on your behalf. The <ENDPOINT>SuccessFeedbackSampleRate attribute is for specifying the sample rate percentage (0-100) of successfully delivered messages. After you configure the <ENDPOINT>FailureFeedbackRoleArn attribute, then all failed message deliveries generate CloudWatch Logs.

    The following attribute applies only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms. For more examples, see KeyId in the Key Management Service API Reference.

    • SignatureVersion – The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. By default, SignatureVersion is set to 1.

    The following attribute applies only to FIFO topics:

    • ArchivePolicy – The policy that sets the retention period for messages stored in the message archive of an Amazon SNS FIFO topic.

    • ContentBasedDeduplication – Enables content-based deduplication for FIFO topics.

      • By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the Publish action.

      • When you set ContentBasedDeduplication to true, Amazon SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        (Optional) To override the generated value, you can specify a value for the MessageDeduplicationId parameter for the Publish action.

    • FifoThroughputScope – Enables higher throughput for your FIFO topic by adjusting the scope of deduplication. This attribute has two possible values:

      • Topic – The scope of message deduplication is across the entire topic. This is the default value and maintains existing behavior, with a maximum throughput of 3000 messages per second or 20MB per second, whichever comes first.

      • MessageGroup – The scope of deduplication is within each individual message group, which enables higher throughput per topic subject to regional quotas. For more information on quotas or to request an increase, see Amazon SNS service quotas in the Amazon Web Services General Reference.

    " }, "AttributeValue":{ "shape":"attributeValue", @@ -2347,11 +2342,11 @@ }, "Protocol":{ "shape":"protocol", - "documentation":"

    The protocol that you want to use. Supported protocols include:

    • http – delivery of JSON-encoded message via HTTP POST

    • https – delivery of JSON-encoded message via HTTPS POST

    • email – delivery of message via SMTP

    • email-json – delivery of JSON-encoded message via SMTP

    • sms – delivery of message via SMS

    • sqs – delivery of JSON-encoded message to an Amazon SQS queue

    • application – delivery of JSON-encoded message to an EndpointArn for a mobile app and device

    • lambda – delivery of JSON-encoded message to an Lambda function

    • firehose – delivery of JSON-encoded message to an Amazon Kinesis Data Firehose delivery stream.

    " + "documentation":"

    The protocol that you want to use. Supported protocols include:

    • http – delivery of JSON-encoded message via HTTP POST

    • https – delivery of JSON-encoded message via HTTPS POST

    • email – delivery of message via SMTP

    • email-json – delivery of JSON-encoded message via SMTP

    • sms – delivery of message via SMS

    • sqs – delivery of JSON-encoded message to an Amazon SQS queue

    • application – delivery of JSON-encoded message to an EndpointArn for a mobile app and device

    • lambda – delivery of JSON-encoded message to an Lambda function

    • firehose – delivery of JSON-encoded message to an Amazon Data Firehose delivery stream.

    " }, "Endpoint":{ "shape":"endpoint", - "documentation":"

    The endpoint that you want to receive notifications. Endpoints vary by protocol:

    • For the http protocol, the (public) endpoint is a URL beginning with http://.

    • For the https protocol, the (public) endpoint is a URL beginning with https://.

    • For the email protocol, the endpoint is an email address.

    • For the email-json protocol, the endpoint is an email address.

    • For the sms protocol, the endpoint is a phone number of an SMS-enabled device.

    • For the sqs protocol, the endpoint is the ARN of an Amazon SQS queue.

    • For the application protocol, the endpoint is the EndpointArn of a mobile app and device.

    • For the lambda protocol, the endpoint is the ARN of an Lambda function.

    • For the firehose protocol, the endpoint is the ARN of an Amazon Kinesis Data Firehose delivery stream.

    " + "documentation":"

    The endpoint that you want to receive notifications. Endpoints vary by protocol:

    • For the http protocol, the (public) endpoint is a URL beginning with http://.

    • For the https protocol, the (public) endpoint is a URL beginning with https://.

    • For the email protocol, the endpoint is an email address.

    • For the email-json protocol, the endpoint is an email address.

    • For the sms protocol, the endpoint is a phone number of an SMS-enabled device.

    • For the sqs protocol, the endpoint is the ARN of an Amazon SQS queue.

    • For the application protocol, the endpoint is the EndpointArn of a mobile app and device.

    • For the lambda protocol, the endpoint is the ARN of an Lambda function.

    • For the firehose protocol, the endpoint is the ARN of an Amazon Data Firehose delivery stream.

    " }, "Attributes":{ "shape":"SubscriptionAttributesMap", @@ -2498,8 +2493,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2528,7 +2522,7 @@ "members":{ "message":{"shape":"string"} }, - "documentation":"

    The batch request contains more entries than permissible.

    ", + "documentation":"

    The batch request contains more entries than permissible (more than 10).

    ", "error":{ "code":"TooManyEntriesInBatchRequest", "httpStatusCode":400, @@ -2598,8 +2592,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UserErrorException":{ "type":"structure", @@ -2663,8 +2656,7 @@ }, "VerifySMSSandboxPhoneNumberResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The destination phone number's verification status.

    " }, "account":{"type":"string"}, diff -pruN 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/paginators-1.json 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "linkedAccounts" + }, + "ListWhatsAppMessageTemplates": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "templates" + }, + "ListWhatsAppTemplateLibrary": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "metaLibraryTemplates" } } } diff -pruN 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/service-2.json 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/socialmessaging/2024-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/socialmessaging/2024-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -24,6 +24,7 @@ "output":{"shape":"AssociateWhatsAppBusinessAccountOutput"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"LimitExceededException"}, {"shape":"AccessDeniedException"}, {"shape":"InvalidParametersException"}, {"shape":"ThrottledRequestException"}, @@ -31,6 +32,66 @@ ], "documentation":"

    This is only used through the Amazon Web Services console during sign-up to associate your WhatsApp Business Account to your Amazon Web Services account.

    " }, + "CreateWhatsAppMessageTemplate":{ + "name":"CreateWhatsAppMessageTemplate", + "http":{ + "method":"POST", + "requestUri":"/v1/whatsapp/template/put", + "responseCode":200 + }, + "input":{"shape":"CreateWhatsAppMessageTemplateInput"}, + "output":{"shape":"CreateWhatsAppMessageTemplateOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Creates a new WhatsApp message template from a custom definition.

    " + }, + "CreateWhatsAppMessageTemplateFromLibrary":{ + "name":"CreateWhatsAppMessageTemplateFromLibrary", + "http":{ + "method":"POST", + "requestUri":"/v1/whatsapp/template/create", + "responseCode":200 + }, + "input":{"shape":"CreateWhatsAppMessageTemplateFromLibraryInput"}, + "output":{"shape":"CreateWhatsAppMessageTemplateFromLibraryOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Creates a new WhatsApp message template using a template from Meta's template library.

    " + }, + "CreateWhatsAppMessageTemplateMedia":{ + "name":"CreateWhatsAppMessageTemplateMedia", + "http":{ + "method":"POST", + "requestUri":"/v1/whatsapp/template/media", + "responseCode":200 + }, + "input":{"shape":"CreateWhatsAppMessageTemplateMediaInput"}, + "output":{"shape":"CreateWhatsAppMessageTemplateMediaOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Uploads media for use in a WhatsApp message template.

    " + }, "DeleteWhatsAppMessageMedia":{ "name":"DeleteWhatsAppMessageMedia", "http":{ @@ -53,6 +114,27 @@ "documentation":"

    Delete a media object from the WhatsApp service. If the object is still in an Amazon S3 bucket you should delete it from there too.

    ", "idempotent":true }, + "DeleteWhatsAppMessageTemplate":{ + "name":"DeleteWhatsAppMessageTemplate", + "http":{ + "method":"DELETE", + "requestUri":"/v1/whatsapp/template", + "responseCode":200 + }, + "input":{"shape":"DeleteWhatsAppMessageTemplateInput"}, + "output":{"shape":"DeleteWhatsAppMessageTemplateOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Deletes a WhatsApp message template.

    ", + "idempotent":true + }, "DisassociateWhatsAppBusinessAccount":{ "name":"DisassociateWhatsAppBusinessAccount", "http":{ @@ -134,6 +216,26 @@ ], "documentation":"

    Get a media file from the WhatsApp service. On successful completion the media file is retrieved from Meta and stored in the specified Amazon S3 bucket. Use either destinationS3File or destinationS3PresignedUrl for the destination. If both are used then an InvalidParameterException is returned.

    " }, + "GetWhatsAppMessageTemplate":{ + "name":"GetWhatsAppMessageTemplate", + "http":{ + "method":"GET", + "requestUri":"/v1/whatsapp/template", + "responseCode":200 + }, + "input":{"shape":"GetWhatsAppMessageTemplateInput"}, + "output":{"shape":"GetWhatsAppMessageTemplateOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Retrieves a specific WhatsApp message template.

    " + }, "ListLinkedWhatsAppBusinessAccounts":{ "name":"ListLinkedWhatsAppBusinessAccounts", "http":{ @@ -171,6 +273,46 @@ ], "documentation":"

    List all tags associated with a resource, such as a phone number or WABA.

    " }, + "ListWhatsAppMessageTemplates":{ + "name":"ListWhatsAppMessageTemplates", + "http":{ + "method":"GET", + "requestUri":"/v1/whatsapp/template/list", + "responseCode":200 + }, + "input":{"shape":"ListWhatsAppMessageTemplatesInput"}, + "output":{"shape":"ListWhatsAppMessageTemplatesOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Lists WhatsApp message templates for a specific WhatsApp Business Account.

    " + }, + "ListWhatsAppTemplateLibrary":{ + "name":"ListWhatsAppTemplateLibrary", + "http":{ + "method":"POST", + "requestUri":"/v1/whatsapp/template/library", + "responseCode":200 + }, + "input":{"shape":"ListWhatsAppTemplateLibraryInput"}, + "output":{"shape":"ListWhatsAppTemplateLibraryOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Lists templates available in Meta's template library for WhatsApp messaging.

    " + }, "PostWhatsAppMessageMedia":{ "name":"PostWhatsAppMessageMedia", "http":{ @@ -266,6 +408,26 @@ {"shape":"InternalServiceException"} ], "documentation":"

    Removes the specified tags from a resource.

    " + }, + "UpdateWhatsAppMessageTemplate":{ + "name":"UpdateWhatsAppMessageTemplate", + "http":{ + "method":"POST", + "requestUri":"/v1/whatsapp/template", + "responseCode":200 + }, + "input":{"shape":"UpdateWhatsAppMessageTemplateInput"}, + "output":{"shape":"UpdateWhatsAppMessageTemplateOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParametersException"}, + {"shape":"ThrottledRequestException"}, + {"shape":"InternalServiceException"}, + {"shape":"DependencyException"} + ], + "documentation":"

    Updates an existing WhatsApp message template.

    " } }, "shapes":{ @@ -293,6 +455,22 @@ }, "exception":true }, + "AddContactNumber":{ + "type":"boolean", + "box":true + }, + "AddLearnMoreLink":{ + "type":"boolean", + "box":true + }, + "AddSecurityRecommendation":{ + "type":"boolean", + "box":true + }, + "AddTrackPackageLink":{ + "type":"boolean", + "box":true + }, "Arn":{ "type":"string", "max":2048, @@ -335,6 +513,107 @@ "type":"boolean", "box":true }, + "ButtonType":{ + "type":"string", + "max":25, + "min":1 + }, + "CodeExpirationMinutes":{ + "type":"integer", + "box":true + }, + "CreateWhatsAppMessageTemplateFromLibraryInput":{ + "type":"structure", + "required":[ + "metaLibraryTemplate", + "id" + ], + "members":{ + "metaLibraryTemplate":{ + "shape":"MetaLibraryTemplate", + "documentation":"

    The template configuration from Meta's library, including customizations for buttons and body text.

    " + }, + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account to associate with this template.

    " + } + } + }, + "CreateWhatsAppMessageTemplateFromLibraryOutput":{ + "type":"structure", + "members":{ + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID assigned to the template by Meta.

    " + }, + "templateStatus":{ + "shape":"String", + "documentation":"

    The status of the created template (for example, PENDING or APPROVED).

    " + }, + "category":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The category of the template (for example, UTILITY or MARKETING).

    " + } + } + }, + "CreateWhatsAppMessageTemplateInput":{ + "type":"structure", + "required":[ + "templateDefinition", + "id" + ], + "members":{ + "templateDefinition":{ + "shape":"MetaTemplateDefinition", + "documentation":"

    The complete template definition as a JSON blob.

    " + }, + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account to associate with this template.

    " + } + } + }, + "CreateWhatsAppMessageTemplateMediaInput":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account associated with this media upload.

    " + }, + "sourceS3File":{"shape":"S3File"} + } + }, + "CreateWhatsAppMessageTemplateMediaOutput":{ + "type":"structure", + "members":{ + "metaHeaderHandle":{ + "shape":"String", + "documentation":"

    The handle assigned to the uploaded media by Meta, used to reference the media in templates.

    " + } + } + }, + "CreateWhatsAppMessageTemplateOutput":{ + "type":"structure", + "members":{ + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID assigned to the template by Meta.

    " + }, + "templateStatus":{ + "shape":"String", + "documentation":"

    The status of the created template, such as PENDING or APPROVED..

    " + }, + "category":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The category of the template, such as UTILITY or MARKETING.

    " + } + } + }, + "DeleteAllLanguages":{ + "type":"boolean", + "box":true + }, "DeleteWhatsAppMessageMediaInput":{ "type":"structure", "required":[ @@ -365,6 +644,44 @@ } } }, + "DeleteWhatsAppMessageTemplateInput":{ + "type":"structure", + "required":[ + "id", + "templateName" + ], + "members":{ + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID of the template assigned by Meta.

    ", + "location":"querystring", + "locationName":"metaTemplateId" + }, + "deleteAllLanguages":{ + "shape":"DeleteAllLanguages", + "documentation":"

    If true, deletes all language versions of the template.

    ", + "location":"querystring", + "locationName":"deleteAllTemplates" + }, + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account associated with this template.

    ", + "location":"querystring", + "locationName":"id" + }, + "templateName":{ + "shape":"MetaTemplateName", + "documentation":"

    The name of the template to delete.

    ", + "location":"querystring", + "locationName":"templateName" + } + } + }, + "DeleteWhatsAppMessageTemplateOutput":{ + "type":"structure", + "members":{ + } + }, "DependencyException":{ "type":"structure", "members":{ @@ -400,6 +717,23 @@ "min":0, "pattern":"arn:.*:[a-z-]+([/:](.*))?" }, + "Filter":{ + "type":"map", + "key":{"shape":"FilterKeyString"}, + "value":{"shape":"FilterValueString"}, + "max":10, + "min":0 + }, + "FilterKeyString":{ + "type":"string", + "max":100, + "min":1 + }, + "FilterValueString":{ + "type":"string", + "max":100, + "min":1 + }, "GetLinkedWhatsAppBusinessAccountInput":{ "type":"structure", "required":["id"], @@ -485,6 +819,36 @@ } } }, + "GetWhatsAppMessageTemplateInput":{ + "type":"structure", + "required":[ + "metaTemplateId", + "id" + ], + "members":{ + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID of the template assigned by Meta.

    ", + "location":"querystring", + "locationName":"metaTemplateId" + }, + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account associated with this template.

    ", + "location":"querystring", + "locationName":"id" + } + } + }, + "GetWhatsAppMessageTemplateOutput":{ + "type":"structure", + "members":{ + "template":{ + "shape":"MetaTemplate", + "documentation":"

    The complete template definition as a JSON string (maximum 6000 characters).

    " + } + } + }, "Headers":{ "type":"map", "key":{"shape":"String"}, @@ -521,6 +885,108 @@ "type":"string", "pattern":"[A-Z]{2}" }, + "LibraryTemplateBodyInputs":{ + "type":"structure", + "members":{ + "addContactNumber":{ + "shape":"AddContactNumber", + "documentation":"

    When true, includes a contact number in the template body.

    " + }, + "addLearnMoreLink":{ + "shape":"AddLearnMoreLink", + "documentation":"

    When true, includes a \"learn more\" link in the template body.

    " + }, + "addSecurityRecommendation":{ + "shape":"AddSecurityRecommendation", + "documentation":"

    When true, includes security recommendations in the template body.

    " + }, + "addTrackPackageLink":{ + "shape":"AddTrackPackageLink", + "documentation":"

    When true, includes a package tracking link in the template body.

    " + }, + "codeExpirationMinutes":{ + "shape":"CodeExpirationMinutes", + "documentation":"

    The number of minutes until a verification code or OTP expires.

    " + } + }, + "documentation":"

    Configuration options for customizing the body content of a template from Meta's library.

    " + }, + "LibraryTemplateButtonInput":{ + "type":"structure", + "members":{ + "type":{ + "shape":"ButtonType", + "documentation":"

    The type of button (for example, QUICK_REPLY, CALL, or URL).

    " + }, + "phoneNumber":{ + "shape":"PhoneNumber", + "documentation":"

    The phone number in E.164 format for CALL-type buttons.

    " + }, + "url":{ + "shape":"MetaUrlWithSuffixExample", + "documentation":"

    The URL with dynamic parameters for URL-type buttons.

    " + }, + "otpType":{ + "shape":"OtpType", + "documentation":"

    The type of one-time password for OTP buttons.

    " + }, + "zeroTapTermsAccepted":{ + "shape":"ZeroTapTermsAccepted", + "documentation":"

    When true, indicates acceptance of zero-tap terms for the button.

    " + }, + "supportedApps":{ + "shape":"SupportedApps", + "documentation":"

    List of supported applications for this button type.

    " + } + }, + "documentation":"

    Configuration options for customizing buttons in a template from Meta's library.

    " + }, + "LibraryTemplateButtonList":{ + "type":"structure", + "members":{ + "type":{ + "shape":"ButtonType", + "documentation":"

    The type of button (for example, QUICK_REPLY, CALL, or URL).

    " + }, + "text":{ + "shape":"MetaText", + "documentation":"

    The text displayed on the button (maximum 40 characters).

    " + }, + "phoneNumber":{ + "shape":"PhoneNumber", + "documentation":"

    The phone number in E.164 format for CALL-type buttons.

    " + }, + "url":{ + "shape":"MetaUrl", + "documentation":"

    The URL for URL-type buttons.

    " + }, + "otpType":{ + "shape":"OtpType", + "documentation":"

    The type of one-time password for OTP buttons.

    " + }, + "zeroTapTermsAccepted":{ + "shape":"ZeroTapTermsAccepted", + "documentation":"

    When true, indicates acceptance of zero-tap terms for the button.

    " + }, + "supportedApps":{ + "shape":"SupportedApps", + "documentation":"

    List of supported applications for this button type.

    " + } + }, + "documentation":"

    Defines a button in a template from Meta's library.

    " + }, + "LimitExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The request was denied because it would exceed one or more service quotas or limits.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "LinkedAccountWithIncompleteSetup":{ "type":"map", "key":{"shape":"WhatsAppBusinessAccountId"}, @@ -716,6 +1182,80 @@ } } }, + "ListWhatsAppMessageTemplatesInput":{ + "type":"structure", + "required":["id"], + "members":{ + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account to list templates for.

    ", + "location":"querystring", + "locationName":"id" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page (1-100).

    ", + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListWhatsAppMessageTemplatesOutput":{ + "type":"structure", + "members":{ + "templates":{ + "shape":"TemplateSummaryList", + "documentation":"

    A list of template summaries.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to retrieve the next page of results, if any.

    " + } + } + }, + "ListWhatsAppTemplateLibraryInput":{ + "type":"structure", + "required":["id"], + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    " + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return per page (1-100).

    " + }, + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account to list library templates for.

    ", + "location":"querystring", + "locationName":"id" + }, + "filters":{ + "shape":"Filter", + "documentation":"

    Map of filters to apply (searchKey, topic, usecase, industry, language).

    " + } + } + }, + "ListWhatsAppTemplateLibraryOutput":{ + "type":"structure", + "members":{ + "metaLibraryTemplates":{ + "shape":"MetaLibraryTemplatesList", + "documentation":"

    A list of templates from Meta's library.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The token to retrieve the next page of results, if any.

    " + } + } + }, "Long":{ "type":"long", "box":true @@ -726,11 +1266,212 @@ "max":100, "min":1 }, + "MetaIndustries":{ + "type":"list", + "member":{"shape":"MetaIndustry"} + }, + "MetaIndustry":{ + "type":"string", + "max":25, + "min":1 + }, + "MetaLibraryTemplate":{ + "type":"structure", + "required":[ + "templateName", + "libraryTemplateName", + "templateCategory", + "templateLanguage" + ], + "members":{ + "templateName":{ + "shape":"MetaTemplateName", + "documentation":"

    The name to assign to the template.

    " + }, + "libraryTemplateName":{ + "shape":"MetaTemplateName", + "documentation":"

    The name of the template in Meta's library.

    " + }, + "templateCategory":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The category of the template (for example, UTILITY or MARKETING).

    " + }, + "templateLanguage":{ + "shape":"MetaTemplateLanguage", + "documentation":"

    The language code for the template (for example, en_US).

    " + }, + "libraryTemplateButtonInputs":{ + "shape":"MetaLibraryTemplateButtonInputs", + "documentation":"

    Button customizations for the template.

    " + }, + "libraryTemplateBodyInputs":{ + "shape":"LibraryTemplateBodyInputs", + "documentation":"

    Body text customizations for the template.

    " + } + }, + "documentation":"

    Represents a template from Meta's library with customization options.

    " + }, + "MetaLibraryTemplateButtonInputs":{ + "type":"list", + "member":{"shape":"LibraryTemplateButtonInput"} + }, + "MetaLibraryTemplateButtonList":{ + "type":"list", + "member":{"shape":"LibraryTemplateButtonList"} + }, + "MetaLibraryTemplateDefinition":{ + "type":"structure", + "members":{ + "templateName":{ + "shape":"MetaTemplateName", + "documentation":"

    The name of the template.

    " + }, + "templateLanguage":{ + "shape":"MetaTemplateLanguage", + "documentation":"

    The language code for the template (for example, en_US).

    " + }, + "templateCategory":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The category of the template (for example, UTILITY or MARKETING).

    " + }, + "templateTopic":{ + "shape":"MetaTemplateTopic", + "documentation":"

    The topic or subject matter of the template.

    " + }, + "templateUseCase":{ + "shape":"MetaTemplateUseCase", + "documentation":"

    The intended use case for the template.

    " + }, + "templateIndustry":{ + "shape":"MetaIndustries", + "documentation":"

    The industries the template is designed for.

    " + }, + "templateHeader":{ + "shape":"MetaTemplateHeader", + "documentation":"

    The header text of the template.

    " + }, + "templateBody":{ + "shape":"MetaTemplateBody", + "documentation":"

    The body text of the template.

    " + }, + "templateButtons":{ + "shape":"MetaLibraryTemplateButtonList", + "documentation":"

    The buttons included in the template.

    " + }, + "templateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The ID of the template in Meta's library.

    " + } + }, + "documentation":"

    Defines the complete structure and content of a template in Meta's library.

    " + }, + "MetaLibraryTemplatesList":{ + "type":"list", + "member":{"shape":"MetaLibraryTemplateDefinition"} + }, + "MetaTemplate":{ + "type":"string", + "max":6000, + "min":1 + }, + "MetaTemplateBody":{ + "type":"string", + "max":2000, + "min":1 + }, + "MetaTemplateCategory":{ + "type":"string", + "max":100, + "min":1 + }, + "MetaTemplateComponents":{ + "type":"blob", + "max":3000, + "min":1 + }, + "MetaTemplateDefinition":{ + "type":"blob", + "max":6000, + "min":1 + }, + "MetaTemplateHeader":{ + "type":"string", + "max":200, + "min":1 + }, + "MetaTemplateId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[0-9]+" + }, + "MetaTemplateLanguage":{ + "type":"string", + "max":6, + "min":1 + }, + "MetaTemplateName":{ + "type":"string", + "max":512, + "min":1 + }, + "MetaTemplateQualityScore":{ + "type":"string", + "max":20, + "min":1 + }, + "MetaTemplateStatus":{ + "type":"string", + "max":20, + "min":1 + }, + "MetaTemplateTopic":{ + "type":"string", + "max":20, + "min":1 + }, + "MetaTemplateUseCase":{ + "type":"string", + "max":30, + "min":1 + }, + "MetaText":{ + "type":"string", + "max":40, + "min":1 + }, + "MetaUrl":{ + "type":"string", + "max":400, + "min":1 + }, + "MetaUrlWithSuffixExample":{ + "type":"map", + "key":{"shape":"MetaUrlWithSuffixExampleKeyString"}, + "value":{"shape":"MetaUrlWithSuffixExampleValueString"}, + "max":10, + "min":0 + }, + "MetaUrlWithSuffixExampleKeyString":{ + "type":"string", + "max":30, + "min":1 + }, + "MetaUrlWithSuffixExampleValueString":{ + "type":"string", + "max":400, + "min":1 + }, "NextToken":{ "type":"string", "max":600, "min":1 }, + "OtpType":{ + "type":"string", + "max":25, + "min":1 + }, "PhoneNumber":{ "type":"string", "max":20, @@ -899,6 +1640,27 @@ "type":"list", "member":{"shape":"String"} }, + "SupportedApp":{ + "type":"map", + "key":{"shape":"SupportedAppKeyString"}, + "value":{"shape":"SupportedAppValueString"}, + "max":10, + "min":0 + }, + "SupportedAppKeyString":{ + "type":"string", + "max":30, + "min":1 + }, + "SupportedAppValueString":{ + "type":"string", + "max":100, + "min":1 + }, + "SupportedApps":{ + "type":"list", + "member":{"shape":"SupportedApp"} + }, "Tag":{ "type":"structure", "required":["key"], @@ -954,6 +1716,40 @@ "max":256, "min":0 }, + "TemplateSummary":{ + "type":"structure", + "members":{ + "templateName":{ + "shape":"MetaTemplateName", + "documentation":"

    The name of the template.

    " + }, + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID assigned to the template by Meta.

    " + }, + "templateStatus":{ + "shape":"MetaTemplateStatus", + "documentation":"

    The current status of the template (for example, APPROVED, PENDING, or REJECTED).

    " + }, + "templateQualityScore":{ + "shape":"MetaTemplateQualityScore", + "documentation":"

    The quality score assigned to the template by Meta.

    " + }, + "templateLanguage":{ + "shape":"MetaTemplateLanguage", + "documentation":"

    The language code of the template (for example, en_US).

    " + }, + "templateCategory":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The category of the template (for example, UTILITY or MARKETING).

    " + } + }, + "documentation":"

    Provides a summary of a WhatsApp message template's key attributes.

    " + }, + "TemplateSummaryList":{ + "type":"list", + "member":{"shape":"TemplateSummary"} + }, "ThrottledRequestException":{ "type":"structure", "members":{ @@ -999,6 +1795,36 @@ } } }, + "UpdateWhatsAppMessageTemplateInput":{ + "type":"structure", + "required":[ + "id", + "metaTemplateId" + ], + "members":{ + "id":{ + "shape":"LinkedWhatsAppBusinessAccountId", + "documentation":"

    The ID of the WhatsApp Business Account associated with this template.

    " + }, + "metaTemplateId":{ + "shape":"MetaTemplateId", + "documentation":"

    The numeric ID of the template assigned by Meta.

    " + }, + "templateCategory":{ + "shape":"MetaTemplateCategory", + "documentation":"

    The new category for the template (for example, UTILITY or MARKETING).

    " + }, + "templateComponents":{ + "shape":"MetaTemplateComponents", + "documentation":"

    The updated components of the template as a JSON blob (maximum 3000 characters).

    " + } + } + }, + "UpdateWhatsAppMessageTemplateOutput":{ + "type":"structure", + "members":{ + } + }, "ValidationException":{ "type":"structure", "members":{ @@ -1152,6 +1978,10 @@ "qualityRating":{ "shape":"WhatsAppPhoneNumberQualityRating", "documentation":"

    The quality rating of the phone number.

    " + }, + "dataLocalizationRegion":{ + "shape":"IsoCountryCode", + "documentation":"

    The geographic region where the WhatsApp phone number's data is stored and processed.

    " } }, "documentation":"

    The details of your WhatsApp phone number.

    " @@ -1215,6 +2045,10 @@ "qualityRating":{ "shape":"WhatsAppPhoneNumberQualityRating", "documentation":"

    The quality rating of the phone number. This is from Meta.

    " + }, + "dataLocalizationRegion":{ + "shape":"IsoCountryCode", + "documentation":"

    The geographic region where the WhatsApp phone number's data is stored and processed.

    " } }, "documentation":"

    The details of a linked phone number.

    " @@ -1256,6 +2090,10 @@ "accessToken":{ "shape":"WhatsAppSignupCallbackAccessTokenString", "documentation":"

    The access token for your WhatsApp Business Account. The accessToken value is provided by Meta.

    " + }, + "callbackUrl":{ + "shape":"WhatsAppSignupCallbackCallbackUrlString", + "documentation":"

    The URL where WhatsApp will send callback notifications for this account.

    " } }, "documentation":"

    Contains the accessToken provided by Meta during signup.

    " @@ -1265,6 +2103,11 @@ "max":1000, "min":0 }, + "WhatsAppSignupCallbackCallbackUrlString":{ + "type":"string", + "max":100, + "min":0 + }, "WhatsAppSignupCallbackResult":{ "type":"structure", "members":{ @@ -1278,6 +2121,10 @@ } }, "documentation":"

    Contains the results of WhatsAppSignupCallback.

    " + }, + "ZeroTapTermsAccepted":{ + "type":"boolean", + "box":true } }, "documentation":"

    Amazon Web Services End User Messaging Social, also referred to as Social messaging, is a messaging service that enables application developers to incorporate WhatsApp into their existing workflows. The Amazon Web Services End User Messaging Social API provides information about the Amazon Web Services End User Messaging Social API resources, including supported HTTP methods, parameters, and schemas.

    The Amazon Web Services End User Messaging Social API provides programmatic access to options that are unique to the WhatsApp Business Platform.

    If you're new to the Amazon Web Services End User Messaging Social API, it's also helpful to review What is Amazon Web Services End User Messaging Social in the Amazon Web Services End User Messaging Social User Guide. The Amazon Web Services End User Messaging Social User Guide provides tutorials, code samples, and procedures that demonstrate how to use Amazon Web Services End User Messaging Social API features programmatically and how to integrate functionality into applications. The guide also provides key information, such as integration with other Amazon Web Services services, and the quotas that apply to use of the service.

    Regional availability

    The Amazon Web Services End User Messaging Social API is available across several Amazon Web Services Regions and it provides a dedicated endpoint for each of these Regions. For a list of all the Regions and endpoints where the API is currently available, see Amazon Web Services Service Endpoints and Amazon Web Services End User Messaging endpoints and quotas in the Amazon Web Services General Reference. To learn more about Amazon Web Services Regions, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.

    In each Region, Amazon Web Services maintains multiple Availability Zones. These Availability Zones are physically isolated from each other, but are united by private, low-latency, high-throughput, and highly redundant network connections. These Availability Zones enable us to provide very high levels of availability and redundancy, while also minimizing latency. To learn more about the number of Availability Zones that are available in each Region, see Amazon Web Services Global Infrastructure.

    " diff -pruN 2.23.6-1/awscli/botocore/data/sqs/2012-11-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sqs/2012-11-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sqs/2012-11-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sqs/2012-11-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sqs/2012-11-05/service-2.json 2.31.35-1/awscli/botocore/data/sqs/2012-11-05/service-2.json --- 2.23.6-1/awscli/botocore/data/sqs/2012-11-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sqs/2012-11-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,8 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2012-11-05", - "awsQueryCompatible":{ - }, + "awsQueryCompatible":{}, "endpointPrefix":"sqs", "jsonVersion":"1.0", "protocol":"json", @@ -108,7 +107,7 @@ {"shape":"UnsupportedOperation"}, {"shape":"InvalidSecurity"} ], - "documentation":"

    Creates a new standard or FIFO queue. You can pass one or more attributes in the request. Keep the following in mind:

    • If you don't specify the FifoQueue attribute, Amazon SQS creates a standard queue.

      You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see Moving From a Standard Queue to a FIFO Queue in the Amazon SQS Developer Guide.

    • If you don't provide a value for an attribute, the queue is created with the default value for the attribute.

    • If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.

    To successfully create a new queue, you must provide a queue name that adheres to the limits related to queues and is unique within the scope of your queues.

    After you create a queue, you must wait at least one second after the queue is created to be able to use the queue.

    To retrieve the URL of a queue, use the GetQueueUrl action. This action only requires the QueueName parameter.

    When creating queues, keep the following points in mind:

    • If you specify the name of an existing queue and provide the exact same names and values for all its attributes, the CreateQueue action will return the URL of the existing queue instead of creating a new one.

    • If you attempt to create a queue with a name that already exists but with different attribute names or values, the CreateQueue action will return an error. This ensures that existing queues are not inadvertently altered.

    Cross-account permissions don't apply to this action. For more information, see Grant cross-account permissions to a role and a username in the Amazon SQS Developer Guide.

    " + "documentation":"

    Creates a new standard or FIFO queue. You can pass one or more attributes in the request. Keep the following in mind:

    • If you don't specify the FifoQueue attribute, Amazon SQS creates a standard queue.

      You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see Moving From a standard queue to a FIFO queue in the Amazon SQS Developer Guide.

    • If you don't provide a value for an attribute, the queue is created with the default value for the attribute.

    • If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.

    To successfully create a new queue, you must provide a queue name that adheres to the limits related to queues and is unique within the scope of your queues.

    After you create a queue, you must wait at least one second after the queue is created to be able to use the queue.

    To retrieve the URL of a queue, use the GetQueueUrl action. This action only requires the QueueName parameter.

    When creating queues, keep the following points in mind:

    • If you specify the name of an existing queue and provide the exact same names and values for all its attributes, the CreateQueue action will return the URL of the existing queue instead of creating a new one.

    • If you attempt to create a queue with a name that already exists but with different attribute names or values, the CreateQueue action will return an error. This ensures that existing queues are not inadvertently altered.

    Cross-account permissions don't apply to this action. For more information, see Grant cross-account permissions to a role and a username in the Amazon SQS Developer Guide.

    " }, "DeleteMessage":{ "name":"DeleteMessage", @@ -348,7 +347,7 @@ {"shape":"KmsInvalidKeyUsage"}, {"shape":"InvalidAddress"} ], - "documentation":"

    Delivers a message to the specified queue.

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    Amazon SQS does not throw an exception or completely reject the message if it contains invalid characters. Instead, it replaces those invalid characters with U+FFFD before storing the message in the queue, as long as the message body contains at least one valid character.

    " + "documentation":"

    Delivers a message to the specified queue.

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    If a message contains characters outside the allowed set, Amazon SQS rejects the message and returns an InvalidMessageContents error. Ensure that your message body includes only valid characters to avoid this exception.

    " }, "SendMessageBatch":{ "name":"SendMessageBatch", @@ -377,7 +376,7 @@ {"shape":"KmsInvalidKeyUsage"}, {"shape":"InvalidAddress"} ], - "documentation":"

    You can use SendMessageBatch to send up to 10 messages to the specified queue by assigning either identical or different values to each message (or by not assigning values at all). This is a batch version of SendMessage. For a FIFO queue, multiple messages within a single batch are enqueued in the order they are sent.

    The result of sending each message is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

    The maximum allowed individual message size and the maximum total payload size (the sum of the individual lengths of all of the batched messages) are both 256 KiB (262,144 bytes).

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    Amazon SQS does not throw an exception or completely reject the message if it contains invalid characters. Instead, it replaces those invalid characters with U+FFFD before storing the message in the queue, as long as the message body contains at least one valid character.

    If you don't specify the DelaySeconds parameter for an entry, Amazon SQS uses the default value for the queue.

    " + "documentation":"

    You can use SendMessageBatch to send up to 10 messages to the specified queue by assigning either identical or different values to each message (or by not assigning values at all). This is a batch version of SendMessage. For a FIFO queue, multiple messages within a single batch are enqueued in the order they are sent.

    The result of sending each message is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.

    The maximum allowed individual message size and the maximum total payload size (the sum of the individual lengths of all of the batched messages) are both 1 MiB 1,048,576 bytes.

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    If a message contains characters outside the allowed set, Amazon SQS rejects the message and returns an InvalidMessageContents error. Ensure that your message body includes only valid characters to avoid this exception.

    If you don't specify the DelaySeconds parameter for an entry, Amazon SQS uses the default value for the queue.

    " }, "SetQueueAttributes":{ "name":"SetQueueAttributes", @@ -680,7 +679,7 @@ }, "Attributes":{ "shape":"QueueAttributeMap", - "documentation":"

    A map of attributes with their corresponding values.

    The following lists the names, descriptions, and values of the special request parameters that the CreateQueue action uses:

    • DelaySeconds – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 seconds (15 minutes). Default: 0.

    • MaximumMessageSize – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB).

    • MessageRetentionPeriod – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer from 60 seconds (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). When you change a queue's attributes, the change can take up to 60 seconds for most of the attributes to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod attribute can take up to 15 minutes and will impact existing messages in the queue potentially causing them to be expired and deleted if the MessageRetentionPeriod is reduced below the age of existing messages.

    • Policy – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see Overview of Amazon Web Services IAM Policies in the IAM User Guide.

    • ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for which a ReceiveMessage action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0.

    • VisibilityTimeout – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide.

    The following attributes apply only to dead-letter queues:

    • RedrivePolicy – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:

      • deadLetterTargetArn – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

      • maxReceiveCount – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. Default: 10. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue.

    • RedriveAllowPolicy – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:

      • redrivePermission – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:

        • allowAll – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.

        • denyAll – No source queues can specify this queue as the dead-letter queue.

        • byQueue – Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue.

      • sourceQueueArns – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.

    The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.

    The following attributes apply only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. While the alias of the Amazon Web Services managed CMK for Amazon SQS is always alias/aws/sqs, the alias of a custom CMK can, for example, be alias/MyAlias . For more examples, see KeyId in the Key Management Service API Reference.

    • KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see How Does the Data Key Reuse Period Work?

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    The following attributes apply only to FIFO (first-in-first-out) queues:

    • FifoQueue – Designates a queue as FIFO. Valid values are true and false. If you don't specify the FifoQueue attribute, Amazon SQS creates a standard queue. You can provide this attribute only during queue creation. You can't change it for an existing queue. When you set this attribute, you must also provide the MessageGroupId for your messages explicitly.

      For more information, see FIFO queue logic in the Amazon SQS Developer Guide.

    • ContentBasedDeduplication – Enables content-based deduplication. Valid values are true and false. For more information, see Exactly-once processing in the Amazon SQS Developer Guide. Note the following:

      • Every message must have a unique MessageDeduplicationId.

        • You may provide a MessageDeduplicationId explicitly.

        • If you aren't able to provide a MessageDeduplicationId and you enable ContentBasedDeduplication for your queue, Amazon SQS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        • If you don't provide a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication set, the action fails with an error.

        • If the queue has ContentBasedDeduplication set, your MessageDeduplicationId overrides the generated one.

      • When ContentBasedDeduplication is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.

      • If you send one message with ContentBasedDeduplication enabled and then another message with a MessageDeduplicationId that is the same as the one generated for the first MessageDeduplicationId, the two messages are treated as duplicates and only one copy of the message is delivered.

    The following attributes apply only to high throughput for FIFO queues:

    • DeduplicationScope – Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue.

    • FifoThroughputLimit – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. The perMessageGroupId value is allowed only when the value for DeduplicationScope is messageGroup.

    To enable high throughput for FIFO queues, do the following:

    • Set DeduplicationScope to messageGroup.

    • Set FifoThroughputLimit to perMessageGroupId.

    If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.

    For information on throughput quotas, see Quotas related to messages in the Amazon SQS Developer Guide.

    " + "documentation":"

    A map of attributes with their corresponding values.

    The following lists the names, descriptions, and values of the special request parameters that the CreateQueue action uses:

    • DelaySeconds – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 seconds (15 minutes). Default: 0.

    • MaximumMessageSize – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) to 1,048,576 bytes (1 MiB). Default: 1,048,576 bytes (1 MiB).

    • MessageRetentionPeriod – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer from 60 seconds (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). When you change a queue's attributes, the change can take up to 60 seconds for most of the attributes to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod attribute can take up to 15 minutes and will impact existing messages in the queue potentially causing them to be expired and deleted if the MessageRetentionPeriod is reduced below the age of existing messages.

    • Policy – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see Overview of Amazon Web Services IAM Policies in the IAM User Guide.

    • ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for which a ReceiveMessage action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0.

    • VisibilityTimeout – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide.

    The following attributes apply only to dead-letter queues:

    • RedrivePolicy – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:

      • deadLetterTargetArn – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

      • maxReceiveCount – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. Default: 10. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue.

    • RedriveAllowPolicy – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:

      • redrivePermission – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:

        • allowAll – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.

        • denyAll – No source queues can specify this queue as the dead-letter queue.

        • byQueue – Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue.

      • sourceQueueArns – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.

    The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.

    The following attributes apply only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. While the alias of the Amazon Web Services managed CMK for Amazon SQS is always alias/aws/sqs, the alias of a custom CMK can, for example, be alias/MyAlias . For more examples, see KeyId in the Key Management Service API Reference.

    • KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see How Does the Data Key Reuse Period Work?

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    The following attributes apply only to FIFO (first-in-first-out) queues:

    • FifoQueue – Designates a queue as FIFO. Valid values are true and false. If you don't specify the FifoQueue attribute, Amazon SQS creates a standard queue. You can provide this attribute only during queue creation. You can't change it for an existing queue. When you set this attribute, you must also provide the MessageGroupId for your messages explicitly.

      For more information, see FIFO queue logic in the Amazon SQS Developer Guide.

    • ContentBasedDeduplication – Enables content-based deduplication. Valid values are true and false. For more information, see Exactly-once processing in the Amazon SQS Developer Guide. Note the following:

      • Every message must have a unique MessageDeduplicationId.

        • You may provide a MessageDeduplicationId explicitly.

        • If you aren't able to provide a MessageDeduplicationId and you enable ContentBasedDeduplication for your queue, Amazon SQS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        • If you don't provide a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication set, the action fails with an error.

        • If the queue has ContentBasedDeduplication set, your MessageDeduplicationId overrides the generated one.

      • When ContentBasedDeduplication is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.

      • If you send one message with ContentBasedDeduplication enabled and then another message with a MessageDeduplicationId that is the same as the one generated for the first MessageDeduplicationId, the two messages are treated as duplicates and only one copy of the message is delivered.

    The following attributes apply only to high throughput for FIFO queues:

    • DeduplicationScope – Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue.

    • FifoThroughputLimit – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. The perMessageGroupId value is allowed only when the value for DeduplicationScope is messageGroup.

    To enable high throughput for FIFO queues, do the following:

    • Set DeduplicationScope to messageGroup.

    • Set FifoThroughputLimit to perMessageGroupId.

    If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.

    For information on throughput quotas, see Quotas related to messages in the Amazon SQS Developer Guide.

    " }, "tags":{ "shape":"TagMap", @@ -896,8 +895,7 @@ }, "InvalidIdFormat":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified receipt handle isn't valid for the current version.

    ", "deprecated":true, "deprecatedMessage":"exception has been included in ReceiptHandleIsInvalid", @@ -1199,7 +1197,7 @@ "documentation":"

    Amazon SQS supports the following logical data types: String, Number, and Binary. For the Number data type, you must use StringValue.

    You can also append custom labels. For more information, see Amazon SQS Message Attributes in the Amazon SQS Developer Guide.

    " } }, - "documentation":"

    The user-specified message attribute value. For string data types, the Value attribute has the same restrictions on the content as the message body. For more information, see SendMessage.

    Name, type, value and the message body must not be empty or null. All parts of the message attribute, including Name, Type, and Value, are part of the message size restriction (256 KiB or 262,144 bytes).

    " + "documentation":"

    The user-specified message attribute value. For string data types, the Value attribute has the same restrictions on the content as the message body. For more information, see SendMessage.

    Name, type, value and the message body must not be empty or null. All parts of the message attribute, including Name, Type, and Value, are part of the message size restriction (1 MiB or 1,048,576 bytes).

    " }, "MessageBodyAttributeMap":{ "type":"map", @@ -1220,8 +1218,7 @@ }, "MessageNotInflight":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified message isn't in flight.

    ", "exception":true }, @@ -1393,13 +1390,13 @@ }, "AttributeNames":{ "shape":"AttributeNameList", - "documentation":"

    This parameter has been discontinued but will be supported for backward compatibility. To provide attribute names, you are encouraged to use MessageSystemAttributeNames.

    A list of attributes that need to be returned along with each message. These attributes include:

    • All – Returns all values.

    • ApproximateFirstReceiveTimestamp – Returns the time the message was first received from the queue (epoch time in milliseconds).

    • ApproximateReceiveCount – Returns the number of times a message has been received across all queues but not deleted.

    • AWSTraceHeader – Returns the X-Ray trace header string.

    • SenderId

      • For a user, returns the user ID, for example ABCDEFGHI1JKLMNOPQ23R.

      • For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456.

    • SentTimestamp – Returns the time the message was sent to the queue (epoch time in milliseconds).

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    • MessageDeduplicationId – Returns the value provided by the producer that calls the SendMessage action.

    • MessageGroupId – Returns the value provided by the producer that calls the SendMessage action. Messages with the same MessageGroupId are returned in sequence.

    • SequenceNumber – Returns the value provided by Amazon SQS.

    ", + "documentation":"

    This parameter has been discontinued but will be supported for backward compatibility. To provide attribute names, you are encouraged to use MessageSystemAttributeNames.

    A list of attributes that need to be returned along with each message. These attributes include:

    • All – Returns all values.

    • ApproximateFirstReceiveTimestamp – Returns the time the message was first received from the queue (epoch time in milliseconds).

    • ApproximateReceiveCount – Returns the number of times a message has been received across all queues but not deleted.

    • AWSTraceHeader – Returns the X-Ray trace header string.

    • SenderId

      • For a user, returns the user ID, for example ABCDEFGHI1JKLMNOPQ23R.

      • For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456.

    • SentTimestamp – Returns the time the message was sent to the queue (epoch time in milliseconds).

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    • MessageDeduplicationId – Returns the value provided by the producer that calls the SendMessage action.

    • MessageGroupId – Returns the value provided by the producer that calls the SendMessage action.

    • SequenceNumber – Returns the value provided by Amazon SQS.

    ", "deprecated":true, "deprecatedMessage":"AttributeNames has been replaced by MessageSystemAttributeNames" }, "MessageSystemAttributeNames":{ "shape":"MessageSystemAttributeList", - "documentation":"

    A list of attributes that need to be returned along with each message. These attributes include:

    • All – Returns all values.

    • ApproximateFirstReceiveTimestamp – Returns the time the message was first received from the queue (epoch time in milliseconds).

    • ApproximateReceiveCount – Returns the number of times a message has been received across all queues but not deleted.

    • AWSTraceHeader – Returns the X-Ray trace header string.

    • SenderId

      • For a user, returns the user ID, for example ABCDEFGHI1JKLMNOPQ23R.

      • For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456.

    • SentTimestamp – Returns the time the message was sent to the queue (epoch time in milliseconds).

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    • MessageDeduplicationId – Returns the value provided by the producer that calls the SendMessage action.

    • MessageGroupId – Returns the value provided by the producer that calls the SendMessage action. Messages with the same MessageGroupId are returned in sequence.

    • SequenceNumber – Returns the value provided by Amazon SQS.

    " + "documentation":"

    A list of attributes that need to be returned along with each message. These attributes include:

    • All – Returns all values.

    • ApproximateFirstReceiveTimestamp – Returns the time the message was first received from the queue (epoch time in milliseconds).

    • ApproximateReceiveCount – Returns the number of times a message has been received across all queues but not deleted.

    • AWSTraceHeader – Returns the X-Ray trace header string.

    • SenderId

      • For a user, returns the user ID, for example ABCDEFGHI1JKLMNOPQ23R.

      • For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456.

    • SentTimestamp – Returns the time the message was sent to the queue (epoch time in milliseconds).

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    • MessageDeduplicationId – Returns the value provided by the producer that calls the SendMessage action.

    • MessageGroupId – Returns the value provided by the producer that calls the SendMessage action.

    • SequenceNumber – Returns the value provided by Amazon SQS.

    " }, "MessageAttributeNames":{ "shape":"MessageAttributeNameList", @@ -1419,7 +1416,7 @@ }, "ReceiveRequestAttemptId":{ "shape":"String", - "documentation":"

    This parameter applies only to FIFO (first-in-first-out) queues.

    The token used for deduplication of ReceiveMessage calls. If a networking issue occurs after a ReceiveMessage action, and instead of a response you receive a generic error, it is possible to retry the same action with an identical ReceiveRequestAttemptId to retrieve the same set of messages, even if their visibility timeout has not yet expired.

    • You can use ReceiveRequestAttemptId only for 5 minutes after a ReceiveMessage action.

    • When you set FifoQueue, a caller of the ReceiveMessage action can provide a ReceiveRequestAttemptId explicitly.

    • It is possible to retry the ReceiveMessage action with the same ReceiveRequestAttemptId if none of the messages have been modified (deleted or had their visibility changes).

    • During a visibility timeout, subsequent calls with the same ReceiveRequestAttemptId return the same messages and receipt handles. If a retry occurs within the deduplication interval, it resets the visibility timeout. For more information, see Visibility Timeout in the Amazon SQS Developer Guide.

      If a caller of the ReceiveMessage action still processes messages when the visibility timeout expires and messages become visible, another worker consuming from the same queue can receive the same messages and therefore process duplicates. Also, if a consumer whose message processing time is longer than the visibility timeout tries to delete the processed messages, the action fails with an error.

      To mitigate this effect, ensure that your application observes a safe threshold before the visibility timeout expires and extend the visibility timeout as necessary.

    • While messages with a particular MessageGroupId are invisible, no more messages belonging to the same MessageGroupId are returned until the visibility timeout expires. You can still receive messages with another MessageGroupId as long as it is also visible.

    • If a caller of ReceiveMessage can't track the ReceiveRequestAttemptId, no retries work until the original visibility timeout expires. As a result, delays might occur but the messages in the queue remain in a strict order.

    The maximum length of ReceiveRequestAttemptId is 128 characters. ReceiveRequestAttemptId can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using ReceiveRequestAttemptId, see Using the ReceiveRequestAttemptId Request Parameter in the Amazon SQS Developer Guide.

    " + "documentation":"

    This parameter applies only to FIFO (first-in-first-out) queues.

    The token used for deduplication of ReceiveMessage calls. If a networking issue occurs after a ReceiveMessage action, and instead of a response you receive a generic error, it is possible to retry the same action with an identical ReceiveRequestAttemptId to retrieve the same set of messages, even if their visibility timeout has not yet expired.

    • You can use ReceiveRequestAttemptId only for 5 minutes after a ReceiveMessage action.

    • When you set FifoQueue, a caller of the ReceiveMessage action can provide a ReceiveRequestAttemptId explicitly.

    • It is possible to retry the ReceiveMessage action with the same ReceiveRequestAttemptId if none of the messages have been modified (deleted or had their visibility changes).

    • During a visibility timeout, subsequent calls with the same ReceiveRequestAttemptId return the same messages and receipt handles. If a retry occurs within the deduplication interval, it resets the visibility timeout. For more information, see Visibility Timeout in the Amazon SQS Developer Guide.

      If a caller of the ReceiveMessage action still processes messages when the visibility timeout expires and messages become visible, another worker consuming from the same queue can receive the same messages and therefore process duplicates. Also, if a consumer whose message processing time is longer than the visibility timeout tries to delete the processed messages, the action fails with an error.

      To mitigate this effect, ensure that your application observes a safe threshold before the visibility timeout expires and extend the visibility timeout as necessary.

    • While messages with a particular MessageGroupId are invisible, no more messages belonging to the same MessageGroupId are returned until the visibility timeout expires. You can still receive messages with another MessageGroupId from your FIFO queue as long as they are visible.

    • If a caller of ReceiveMessage can't track the ReceiveRequestAttemptId, no retries work until the original visibility timeout expires. As a result, delays might occur but the messages in the queue remain in a strict order.

    The maximum length of ReceiveRequestAttemptId is 128 characters. ReceiveRequestAttemptId can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using ReceiveRequestAttemptId, see Using the ReceiveRequestAttemptId Request Parameter in the Amazon SQS Developer Guide.

    " } }, "documentation":"

    Retrieves one or more messages from a specified queue.

    " @@ -1519,7 +1516,7 @@ }, "MessageGroupId":{ "shape":"String", - "documentation":"

    This parameter applies only to FIFO (first-in-first-out) queues.

    The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single queue, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the queue, but the session data of each user is processed in a FIFO fashion.

    • You must associate a non-empty MessageGroupId with a message. If you don't provide a MessageGroupId, the action fails.

    • ReceiveMessage might return messages with multiple MessageGroupId values. For each MessageGroupId, the messages are sorted by time sent. The caller can't specify a MessageGroupId.

    The length of MessageGroupId is 128 characters. Valid values: alphanumeric characters and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using MessageGroupId, see Using the MessageGroupId Property in the Amazon SQS Developer Guide.

    MessageGroupId is required for FIFO queues. You can't use it for Standard queues.

    " + "documentation":"

    MessageGroupId is an attribute used in Amazon SQS FIFO (First-In-First-Out) and standard queues. In FIFO queues, MessageGroupId organizes messages into distinct groups. Messages within the same message group are always processed one at a time, in strict order, ensuring that no two messages from the same group are processed simultaneously. In standard queues, using MessageGroupId enables fair queues. It is used to identify the tenant a message belongs to, helping maintain consistent message dwell time across all tenants during noisy neighbor events. Unlike FIFO queues, messages with the same MessageGroupId can be processed in parallel, maintaining the high throughput of standard queues.

    • FIFO queues: MessageGroupId acts as the tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single queue, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the queue, but the session data of each user is processed in a FIFO fashion.

      If you do not provide a MessageGroupId when sending a message to a FIFO queue, the action fails.

      ReceiveMessage might return messages with multiple MessageGroupId values. For each MessageGroupId, the messages are sorted by time sent.

    • Standard queues:Use MessageGroupId in standard queues to enable fair queues. The MessageGroupId identifies the tenant a message belongs to. A tenant can be any entity that shares a queue with others, such as your customer, a client application, or a request type. When one tenant sends a disproportionately large volume of messages or has messages that require longer processing time, fair queues ensure other tenants' messages maintain low dwell time. This preserves quality of service for all tenants while maintaining the scalability and throughput of standard queues. We recommend that you include a MessageGroupId in all messages when using fair queues.

    The length of MessageGroupId is 128 characters. Valid values: alphanumeric characters and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using MessageGroupId, see Using the MessageGroupId Property in the Amazon SQS Developer Guide.

    " } }, "documentation":"

    Contains the details of a single Amazon SQS message along with an Id.

    " @@ -1600,7 +1597,7 @@ }, "MessageBody":{ "shape":"String", - "documentation":"

    The message to send. The minimum size is one character. The maximum size is 256 KiB.

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    Amazon SQS does not throw an exception or completely reject the message if it contains invalid characters. Instead, it replaces those invalid characters with U+FFFD before storing the message in the queue, as long as the message body contains at least one valid character.

    " + "documentation":"

    The message to send. The minimum size is one character. The maximum size is 1 MiB or 1,048,576 bytes

    A message can include only XML, JSON, and unformatted text. The following Unicode characters are allowed. For more information, see the W3C specification for characters.

    #x9 | #xA | #xD | #x20 to #xD7FF | #xE000 to #xFFFD | #x10000 to #x10FFFF

    If a message contains characters outside the allowed set, Amazon SQS rejects the message and returns an InvalidMessageContents error. Ensure that your message body includes only valid characters to avoid this exception.

    " }, "DelaySeconds":{ "shape":"NullableInteger", @@ -1620,7 +1617,7 @@ }, "MessageGroupId":{ "shape":"String", - "documentation":"

    This parameter applies only to FIFO (first-in-first-out) queues.

    The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single queue, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the queue, but the session data of each user is processed in a FIFO fashion.

    • You must associate a non-empty MessageGroupId with a message. If you don't provide a MessageGroupId, the action fails.

    • ReceiveMessage might return messages with multiple MessageGroupId values. For each MessageGroupId, the messages are sorted by time sent. The caller can't specify a MessageGroupId.

    The maximum length of MessageGroupId is 128 characters. Valid values: alphanumeric characters and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using MessageGroupId, see Using the MessageGroupId Property in the Amazon SQS Developer Guide.

    MessageGroupId is required for FIFO queues. You can't use it for Standard queues.

    " + "documentation":"

    MessageGroupId is an attribute used in Amazon SQS FIFO (First-In-First-Out) and standard queues. In FIFO queues, MessageGroupId organizes messages into distinct groups. Messages within the same message group are always processed one at a time, in strict order, ensuring that no two messages from the same group are processed simultaneously. In standard queues, using MessageGroupId enables fair queues. It is used to identify the tenant a message belongs to, helping maintain consistent message dwell time across all tenants during noisy neighbor events. Unlike FIFO queues, messages with the same MessageGroupId can be processed in parallel, maintaining the high throughput of standard queues.

    • FIFO queues: MessageGroupId acts as the tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single queue, use MessageGroupId values (for example, session data for multiple users). In this scenario, multiple consumers can process the queue, but the session data of each user is processed in a FIFO fashion.

      If you do not provide a MessageGroupId when sending a message to a FIFO queue, the action fails.

      ReceiveMessage might return messages with multiple MessageGroupId values. For each MessageGroupId, the messages are sorted by time sent.

    • Standard queues:Use MessageGroupId in standard queues to enable fair queues. The MessageGroupId identifies the tenant a message belongs to. A tenant can be any entity that shares a queue with others, such as your customer, a client application, or a request type. When one tenant sends a disproportionately large volume of messages or has messages that require longer processing time, fair queues ensure other tenants' messages maintain low dwell time. This preserves quality of service for all tenants while maintaining the scalability and throughput of standard queues. We recommend that you include a MessageGroupId in all messages when using fair queues.

    The length of MessageGroupId is 128 characters. Valid values: alphanumeric characters and punctuation (!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~).

    For best practices of using MessageGroupId, see Using the MessageGroupId Property in the Amazon SQS Developer Guide.

    " } }, "documentation":"

    " @@ -1664,7 +1661,7 @@ }, "Attributes":{ "shape":"QueueAttributeMap", - "documentation":"

    A map of attributes to set.

    The following lists the names, descriptions, and values of the special request parameters that the SetQueueAttributes action uses:

    • DelaySeconds – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 (15 minutes). Default: 0.

    • MaximumMessageSize – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) up to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB).

    • MessageRetentionPeriod – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer representing seconds, from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). When you change a queue's attributes, the change can take up to 60 seconds for most of the attributes to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod attribute can take up to 15 minutes and will impact existing messages in the queue potentially causing them to be expired and deleted if the MessageRetentionPeriod is reduced below the age of existing messages.

    • Policy – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see Overview of Amazon Web Services IAM Policies in the Identity and Access Management User Guide.

    • ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for which a ReceiveMessage action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0.

    • VisibilityTimeout – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide.

    The following attributes apply only to dead-letter queues:

    • RedrivePolicy – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:

      • deadLetterTargetArn – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

      • maxReceiveCount – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. Default: 10. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue.

    • RedriveAllowPolicy – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:

      • redrivePermission – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:

        • allowAll – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.

        • denyAll – No source queues can specify this queue as the dead-letter queue.

        • byQueue – Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue.

      • sourceQueueArns – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.

    The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.

    The following attributes apply only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, the alias of a custom CMK can, for example, be alias/MyAlias . For more examples, see KeyId in the Key Management Service API Reference.

    • KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see How Does the Data Key Reuse Period Work?.

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    The following attribute applies only to FIFO (first-in-first-out) queues:

    • ContentBasedDeduplication – Enables content-based deduplication. For more information, see Exactly-once processing in the Amazon SQS Developer Guide. Note the following:

      • Every message must have a unique MessageDeduplicationId.

        • You may provide a MessageDeduplicationId explicitly.

        • If you aren't able to provide a MessageDeduplicationId and you enable ContentBasedDeduplication for your queue, Amazon SQS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        • If you don't provide a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication set, the action fails with an error.

        • If the queue has ContentBasedDeduplication set, your MessageDeduplicationId overrides the generated one.

      • When ContentBasedDeduplication is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.

      • If you send one message with ContentBasedDeduplication enabled and then another message with a MessageDeduplicationId that is the same as the one generated for the first MessageDeduplicationId, the two messages are treated as duplicates and only one copy of the message is delivered.

    The following attributes apply only to high throughput for FIFO queues:

    • DeduplicationScope – Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue.

    • FifoThroughputLimit – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. The perMessageGroupId value is allowed only when the value for DeduplicationScope is messageGroup.

    To enable high throughput for FIFO queues, do the following:

    • Set DeduplicationScope to messageGroup.

    • Set FifoThroughputLimit to perMessageGroupId.

    If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.

    For information on throughput quotas, see Quotas related to messages in the Amazon SQS Developer Guide.

    " + "documentation":"

    A map of attributes to set.

    The following lists the names, descriptions, and values of the special request parameters that the SetQueueAttributes action uses:

    • DelaySeconds – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 (15 minutes). Default: 0.

    • MaximumMessageSize – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) up to 1,048,576 bytes (1 MiB). Default: 1,048,576 bytes (1 MiB).

    • MessageRetentionPeriod – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer representing seconds, from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). When you change a queue's attributes, the change can take up to 60 seconds for most of the attributes to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod attribute can take up to 15 minutes and will impact existing messages in the queue potentially causing them to be expired and deleted if the MessageRetentionPeriod is reduced below the age of existing messages.

    • Policy – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see Overview of Amazon Web Services IAM Policies in the Identity and Access Management User Guide.

    • ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for which a ReceiveMessage action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0.

    • VisibilityTimeout – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide.

    The following attributes apply only to dead-letter queues:

    • RedrivePolicy – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:

      • deadLetterTargetArn – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

      • maxReceiveCount – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. Default: 10. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue.

    • RedriveAllowPolicy – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:

      • redrivePermission – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:

        • allowAll – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.

        • denyAll – No source queues can specify this queue as the dead-letter queue.

        • byQueue – Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue.

      • sourceQueueArns – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.

    The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.

    The following attributes apply only to server-side-encryption:

    • KmsMasterKeyId – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms. While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, the alias of a custom CMK can, for example, be alias/MyAlias . For more examples, see KeyId in the Key Management Service API Reference.

    • KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see How Does the Data Key Reuse Period Work?.

    • SqsManagedSseEnabled – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, SSE-KMS or SSE-SQS).

    The following attribute applies only to FIFO (first-in-first-out) queues:

    • ContentBasedDeduplication – Enables content-based deduplication. For more information, see Exactly-once processing in the Amazon SQS Developer Guide. Note the following:

      • Every message must have a unique MessageDeduplicationId.

        • You may provide a MessageDeduplicationId explicitly.

        • If you aren't able to provide a MessageDeduplicationId and you enable ContentBasedDeduplication for your queue, Amazon SQS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).

        • If you don't provide a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication set, the action fails with an error.

        • If the queue has ContentBasedDeduplication set, your MessageDeduplicationId overrides the generated one.

      • When ContentBasedDeduplication is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.

      • If you send one message with ContentBasedDeduplication enabled and then another message with a MessageDeduplicationId that is the same as the one generated for the first MessageDeduplicationId, the two messages are treated as duplicates and only one copy of the message is delivered.

    The following attributes apply only to high throughput for FIFO queues:

    • DeduplicationScope – Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue.

    • FifoThroughputLimit – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. The perMessageGroupId value is allowed only when the value for DeduplicationScope is messageGroup.

    To enable high throughput for FIFO queues, do the following:

    • Set DeduplicationScope to messageGroup.

    • Set FifoThroughputLimit to perMessageGroupId.

    If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.

    For information on throughput quotas, see Quotas related to messages in the Amazon SQS Developer Guide.

    " } }, "documentation":"

    " @@ -1766,5 +1763,5 @@ } } }, - "documentation":"

    Welcome to the Amazon SQS API Reference.

    Amazon SQS is a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. Amazon SQS moves data between distributed application components and helps you decouple these components.

    For information on the permissions you need to use this API, see Identity and access management in the Amazon SQS Developer Guide.

    You can use Amazon Web Services SDKs to access Amazon SQS using your favorite programming language. The SDKs perform tasks such as the following automatically:

    • Cryptographically sign your service requests

    • Retry requests

    • Handle error responses

    Additional information

    " + "documentation":"

    Welcome to the Amazon SQS API Reference.

    Amazon SQS is a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. Amazon SQS moves data between distributed application components and helps you decouple these components.

    For information on the permissions you need to use this API, see Identity and access management in the Amazon SQS Developer Guide.

    You can use Amazon Web Services SDKs to access Amazon SQS using your favorite programming language. The SDKs perform tasks such as the following automatically:

    • Cryptographically sign your service requests

    • Retry requests

    • Handle error responses

    Additional information

    " } diff -pruN 2.23.6-1/awscli/botocore/data/ssm/2014-11-06/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm/2014-11-06/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm/2014-11-06/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm/2014-11-06/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ssm/2014-11-06/service-2.json 2.31.35-1/awscli/botocore/data/ssm/2014-11-06/service-2.json --- 2.23.6-1/awscli/botocore/data/ssm/2014-11-06/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm/2014-11-06/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -157,7 +157,9 @@ {"shape":"InternalServerError"}, {"shape":"InvalidDocumentContent"}, {"shape":"DocumentLimitExceeded"}, - {"shape":"InvalidDocumentSchemaVersion"} + {"shape":"InvalidDocumentSchemaVersion"}, + {"shape":"TooManyUpdates"}, + {"shape":"NoLongerSupportedException"} ], "documentation":"

    Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

    " }, @@ -286,7 +288,8 @@ {"shape":"InternalServerError"}, {"shape":"InvalidDocument"}, {"shape":"InvalidDocumentOperation"}, - {"shape":"AssociatedInstances"} + {"shape":"AssociatedInstances"}, + {"shape":"TooManyUpdates"} ], "documentation":"

    Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.

    Before you delete the document, we recommend that you use DeleteAssociation to disassociate all managed nodes that are associated with the document.

    " }, @@ -435,7 +438,7 @@ {"shape":"InvalidInstanceId"}, {"shape":"InternalServerError"} ], - "documentation":"

    Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.

    " + "documentation":"

    Removes the server or virtual machine from the list of registered servers.

    If you want to reregister an on-premises server, edge device, or VM, you must use a different Activation Code and Activation ID than used to register the machine previously. The Activation Code and Activation ID must not have already been used on the maximum number of activations specified when they were created. For more information, see Deregistering managed nodes in a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.

    " }, "DeregisterPatchBaselineForPatchGroup":{ "name":"DeregisterPatchBaselineForPatchGroup", @@ -900,7 +903,7 @@ {"shape":"InvalidFilterValue"}, {"shape":"InvalidNextToken"} ], - "documentation":"

    Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.

    Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

    If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, DescribeParameters retrieves whatever the original key alias was referencing.

    " + "documentation":"

    Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.

    Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, DescribeParameters retrieves whatever the original key alias was referencing.

    " }, "DescribePatchBaselines":{ "name":"DescribePatchBaselines", @@ -987,6 +990,23 @@ ], "documentation":"

    Deletes the association between an OpsItem and a related item. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a tool in Amazon Web Services Systems Manager.

    " }, + "GetAccessToken":{ + "name":"GetAccessToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAccessTokenRequest"}, + "output":{"shape":"GetAccessTokenResponse"}, + "errors":[ + {"shape":"InternalServerError"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Returns a credentials set to be used with just-in-time node access.

    " + }, "GetAutomationExecution":{ "name":"GetAutomationExecution", "http":{ @@ -1270,7 +1290,7 @@ {"shape":"ParameterNotFound"}, {"shape":"ParameterVersionNotFound"} ], - "documentation":"

    Get information about a single parameter by specifying the parameter name.

    To get information about more than one parameter at a time, use the GetParameters operation.

    " + "documentation":"

    Get information about a single parameter by specifying the parameter name.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    To get information about more than one parameter at a time, use the GetParameters operation.

    " }, "GetParameterHistory":{ "name":"GetParameterHistory", @@ -1286,7 +1306,7 @@ {"shape":"InvalidNextToken"}, {"shape":"InvalidKeyId"} ], - "documentation":"

    Retrieves the history of all changes to a parameter.

    If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory retrieves whatever the original key alias was referencing.

    " + "documentation":"

    Retrieves the history of all changes to a parameter.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory retrieves whatever the original key alias was referencing.

    " }, "GetParameters":{ "name":"GetParameters", @@ -1300,7 +1320,7 @@ {"shape":"InvalidKeyId"}, {"shape":"InternalServerError"} ], - "documentation":"

    Get information about one or more parameters by specifying multiple parameter names.

    To get information about a single parameter, you can use the GetParameter operation instead.

    " + "documentation":"

    Get information about one or more parameters by specifying multiple parameter names.

    To get information about a single parameter, you can use the GetParameter operation instead.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    " }, "GetParametersByPath":{ "name":"GetParametersByPath", @@ -1318,7 +1338,7 @@ {"shape":"InvalidKeyId"}, {"shape":"InvalidNextToken"} ], - "documentation":"

    Retrieve information about one or more parameters under a specified level in a hierarchy.

    Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

    " + "documentation":"

    Retrieve information about one or more parameters under a specified level in a hierarchy.

    Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    " }, "GetPatchBaseline":{ "name":"GetPatchBaseline", @@ -1392,7 +1412,7 @@ {"shape":"ParameterVersionNotFound"}, {"shape":"ParameterVersionLabelLimitExceeded"} ], - "documentation":"

    A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.

    Parameter labels have the following requirements and restrictions.

    • A version of a parameter can have a maximum of 10 labels.

    • You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.

    • You can move a label from one version of a parameter to another.

    • You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.

    • If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.

    • A label can have a maximum of 100 characters.

    • Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).

    • Labels can't begin with a number, \"aws\" or \"ssm\" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.

    " + "documentation":"

    A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.

    Parameter labels have the following requirements and restrictions.

    • A version of a parameter can have a maximum of 10 labels.

    • You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.

    • You can move a label from one version of a parameter to another.

    • You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.

    • If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.

    • A label can have a maximum of 100 characters.

    • Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).

    • Labels can't begin with a number, \"aws\" or \"ssm\" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.

    • Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    " }, "ListAssociationVersions":{ "name":"ListAssociationVersions", @@ -1503,7 +1523,7 @@ {"shape":"InvalidDocumentVersion"}, {"shape":"InvalidNextToken"} ], - "documentation":"

    Information about approval reviews for a version of a change template in Change Manager.

    " + "documentation":"

    Amazon Web Services Systems Manager Change Manager will no longer be open to new customers starting November 7, 2025. If you would like to use Change Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services Systems Manager Change Manager availability change.

    Information about approval reviews for a version of a change template in Change Manager.

    " }, "ListDocumentVersions":{ "name":"ListDocumentVersions", @@ -1710,7 +1730,7 @@ {"shape":"InvalidResourceType"}, {"shape":"InvalidResourceId"} ], - "documentation":"

    Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.

    ComplianceType can be one of the following:

    • ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.

    • ExecutionType: Specify patch, association, or Custom:string.

    • ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.

    • Id: The patch, association, or custom compliance ID.

    • Title: A title.

    • Status: The status of the compliance item. For example, approved for patches, or Failed for associations.

    • Severity: A patch severity. For example, Critical.

    • DocumentName: An SSM document name. For example, AWS-RunPatchBaseline.

    • DocumentVersion: An SSM document version number. For example, 4.

    • Classification: A patch classification. For example, security updates.

    • PatchBaselineId: A patch baseline ID.

    • PatchSeverity: A patch severity. For example, Critical.

    • PatchState: A patch state. For example, InstancesWithFailedPatches.

    • PatchGroup: The name of a patch group.

    • InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

    " + "documentation":"

    Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.

    ComplianceType can be one of the following:

    • ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.

    • ExecutionType: Specify patch, association, or Custom:string.

    • ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.

      For State Manager associations, this represents the time when compliance status was captured by the Systems Manager service during its internal compliance aggregation workflow, not necessarily when the association was executed on the managed node. State Manager updates compliance information for all associations on an instance whenever any association executes, which may result in multiple associations showing the same execution time.

    • Id: The patch, association, or custom compliance ID.

    • Title: A title.

    • Status: The status of the compliance item. For example, approved for patches, or Failed for associations.

    • Severity: A patch severity. For example, Critical.

    • DocumentName: An SSM document name. For example, AWS-RunPatchBaseline.

    • DocumentVersion: An SSM document version number. For example, 4.

    • Classification: A patch classification. For example, security updates.

    • PatchBaselineId: A patch baseline ID.

    • PatchSeverity: A patch severity. For example, Critical.

    • PatchState: A patch state. For example, InstancesWithFailedPatches.

    • PatchGroup: The name of a patch group.

    • InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

    " }, "PutInventory":{ "name":"PutInventory", @@ -1761,7 +1781,7 @@ {"shape":"InvalidPolicyAttributeException"}, {"shape":"IncompatiblePolicyException"} ], - "documentation":"

    Add a parameter to the system.

    " + "documentation":"

    Create or update a parameter in Parameter Store.

    " }, "PutResourcePolicy":{ "name":"PutResourcePolicy", @@ -1931,6 +1951,24 @@ ], "documentation":"

    Runs commands on one or more managed nodes.

    " }, + "StartAccessRequest":{ + "name":"StartAccessRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartAccessRequestRequest"}, + "output":{"shape":"StartAccessRequestResponse"}, + "errors":[ + {"shape":"InternalServerError"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Starts the workflow for just-in-time node access sessions.

    " + }, "StartAssociationsOnce":{ "name":"StartAssociationsOnce", "http":{ @@ -1979,9 +2017,10 @@ {"shape":"AutomationDefinitionVersionNotFoundException"}, {"shape":"IdempotentParameterMismatch"}, {"shape":"InternalServerError"}, - {"shape":"AutomationDefinitionNotApprovedException"} + {"shape":"AutomationDefinitionNotApprovedException"}, + {"shape":"NoLongerSupportedException"} ], - "documentation":"

    Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.

    " + "documentation":"

    Amazon Web Services Systems Manager Change Manager will no longer be open to new customers starting November 7, 2025. If you would like to use Change Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services Systems Manager Change Manager availability change.

    Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.

    " }, "StartExecutionPreview":{ "name":"StartExecutionPreview", @@ -2054,7 +2093,7 @@ {"shape":"ParameterNotFound"}, {"shape":"ParameterVersionNotFound"} ], - "documentation":"

    Remove a label or labels from a parameter.

    " + "documentation":"

    Remove a label or labels from a parameter.

    Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    " }, "UpdateAssociation":{ "name":"UpdateAssociation", @@ -2149,9 +2188,10 @@ {"shape":"InternalServerError"}, {"shape":"InvalidDocument"}, {"shape":"InvalidDocumentOperation"}, - {"shape":"InvalidDocumentVersion"} + {"shape":"InvalidDocumentVersion"}, + {"shape":"TooManyUpdates"} ], - "documentation":"

    Updates information related to approval reviews for a specific version of a change template in Change Manager.

    " + "documentation":"

    Amazon Web Services Systems Manager Change Manager will no longer be open to new customers starting November 7, 2025. If you would like to use Change Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services Systems Manager Change Manager availability change.

    Updates information related to approval reviews for a specific version of a change template in Change Manager.

    " }, "UpdateMaintenanceWindow":{ "name":"UpdateMaintenanceWindow", @@ -2292,6 +2332,44 @@ } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

    The requester doesn't have permissions to perform the requested operation.

    ", + "exception":true + }, + "AccessKeyIdType":{ + "type":"string", + "pattern":"\\w{16,128}" + }, + "AccessKeySecretType":{ + "type":"string", + "sensitive":true + }, + "AccessRequestId":{ + "type":"string", + "pattern":"^(oi)-[0-9a-f]{12}$" + }, + "AccessRequestStatus":{ + "type":"string", + "enum":[ + "Approved", + "Rejected", + "Revoked", + "Expired", + "Pending" + ] + }, + "AccessType":{ + "type":"string", + "enum":[ + "Standard", + "JustInTime" + ] + }, "Account":{"type":"string"}, "AccountId":{ "type":"string", @@ -2415,8 +2493,7 @@ }, "AddTagsToResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AgentErrorCode":{ "type":"string", @@ -2555,8 +2632,7 @@ }, "AssociatedInstances":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You must disassociate a document from all managed nodes before you can delete it.

    ", "exception":true }, @@ -2623,8 +2699,7 @@ }, "AssociationAlreadyExists":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified association already exists.

    ", "exception":true }, @@ -2731,7 +2806,7 @@ }, "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

    " + "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

    " }, "TargetLocations":{ "shape":"TargetLocations", @@ -3012,8 +3087,7 @@ }, "AssociationLimitExceeded":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can have at most 2,000 active associations.

    ", "exception":true }, @@ -3165,11 +3239,11 @@ }, "ApplyOnlyAtCronInterval":{ "shape":"ApplyOnlyAtCronInterval", - "documentation":"

    By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

    " + "documentation":"

    By default, when you create new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

    " }, "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

    " + "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

    " }, "TargetLocations":{ "shape":"TargetLocations", @@ -3811,7 +3885,10 @@ }, "AutomationSubtype":{ "type":"string", - "enum":["ChangeRequest"] + "enum":[ + "ChangeRequest", + "AccessRequest" + ] }, "AutomationTargetParameterName":{ "type":"string", @@ -3874,6 +3951,10 @@ "Sources":{ "shape":"PatchSourceList", "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

    " + }, + "AvailableSecurityUpdatesComplianceStatus":{ + "shape":"PatchComplianceStatus", + "documentation":"

    Indicates whether managed nodes for which there are available security-related patches that have not been approved by the baseline are being defined as COMPLIANT or NON_COMPLIANT. This option is specified when the CreatePatchBaseline or UpdatePatchBaseline commands are run.

    Applies to Windows Server managed nodes only.

    " } }, "documentation":"

    Defines the basic information about a patch baseline override.

    " @@ -3909,8 +3990,7 @@ }, "CancelCommandResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Whether or not the command was successfully canceled. There is no guarantee that a request can be canceled.

    " }, "CancelMaintenanceWindowExecutionRequest":{ @@ -4337,7 +4417,7 @@ "members":{ "ExecutionTime":{ "shape":"DateTime", - "documentation":"

    The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

    " + "documentation":"

    The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

    For State Manager associations, this timestamp represents when the compliance status was captured and reported by the Systems Manager service, not when the underlying association was actually executed on the managed node. To track actual association execution times, use the DescribeAssociationExecutionTargets command or check the association execution history in the Systems Manager console.

    " }, "ExecutionId":{ "shape":"ComplianceExecutionId", @@ -4388,7 +4468,7 @@ }, "ExecutionSummary":{ "shape":"ComplianceExecutionSummary", - "documentation":"

    A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.

    " + "documentation":"

    A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.

    For State Manager associations, the ExecutionTime value represents when the compliance status was captured and aggregated by the Systems Manager service, not necessarily when the underlying association was executed on the managed node. State Manager updates compliance status for all associations on an instance whenever any association executes, which means multiple associations may show the same execution time even if they were executed at different times.

    " }, "Details":{ "shape":"ComplianceItemDetails", @@ -4724,11 +4804,11 @@ }, "ApplyOnlyAtCronInterval":{ "shape":"ApplyOnlyAtCronInterval", - "documentation":"

    By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

    " + "documentation":"

    By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified and when target changes are detected. Specify true for ApplyOnlyAtCronInterval if you want the association to run only according to the schedule you specified.

    For more information, see Understanding when associations are applied to resources and >About target updates with Automation runbooks in the Amazon Web Services Systems Manager User Guide.

    This parameter isn't supported for rate expressions.

    " }, "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

    " + "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

    " }, "TargetLocations":{ "shape":"TargetLocations", @@ -4824,15 +4904,15 @@ }, "ApplyOnlyAtCronInterval":{ "shape":"ApplyOnlyAtCronInterval", - "documentation":"

    By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

    " + "documentation":"

    By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified and when target changes are detected. Specify true for ApplyOnlyAtCronIntervalif you want the association to run only according to the schedule you specified.

    For more information, see Understanding when associations are applied to resources and >About target updates with Automation runbooks in the Amazon Web Services Systems Manager User Guide.

    This parameter isn't supported for rate expressions.

    " }, "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

    " + "documentation":"

    The names of Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

    " }, "TargetLocations":{ "shape":"TargetLocations", - "documentation":"

    A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.

    " + "documentation":"

    A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.

    The IncludeChildOrganizationUnits parameter is not supported by State Manager.

    " }, "ScheduleOffset":{ "shape":"ScheduleOffset", @@ -5009,7 +5089,7 @@ }, "OpsItemType":{ "shape":"OpsItemType", - "documentation":"

    The type of OpsItem to create. Systems Manager supports the following types of OpsItems:

    • /aws/issue

      This type of OpsItem is used for default OpsItems created by OpsCenter.

    • /aws/changerequest

      This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

    • /aws/insight

      This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

    " + "documentation":"

    The type of OpsItem to create. Systems Manager supports the following types of OpsItems:

    • /aws/issue

      This type of OpsItem is used for default OpsItems created by OpsCenter.

    • /aws/insight

      This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

    • /aws/changerequest

      This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

      Amazon Web Services Systems Manager Change Manager will no longer be open to new customers starting November 7, 2025. If you would like to use Change Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see Amazon Web Services Systems Manager Change Manager availability change.
    " }, "OperationalData":{ "shape":"OpsItemOperationalData", @@ -5148,7 +5228,7 @@ }, "RejectedPatchesAction":{ "shape":"PatchAction", - "documentation":"

    The action for Patch Manager to take on patches included in the RejectedPackages list.

    ALLOW_AS_DEPENDENCY

    Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

    Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

    BLOCK

    All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

    " + "documentation":"

    The action for Patch Manager to take on patches included in the RejectedPackages list.

    ALLOW_AS_DEPENDENCY

    Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

    Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

    BLOCK

    All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances.

    State value assignment for patch compliance:

    • If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

    • If an update attempts to install a dependency package that is now rejected by the baseline, when previous versions of the package were not rejected, the package being updated is reported as MISSING for SCAN operations and as FAILED for INSTALL operations.

    " }, "Description":{ "shape":"BaselineDescription", @@ -5158,6 +5238,10 @@ "shape":"PatchSourceList", "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

    " }, + "AvailableSecurityUpdatesComplianceStatus":{ + "shape":"PatchComplianceStatus", + "documentation":"

    Indicates the status you want to assign to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.

    Example scenario: Security patches that you might want installed can be skipped if you have specified a long period to wait after a patch is released before installation. If an update to the patch is released during your specified waiting period, the waiting period for installing the patch starts over. If the waiting period is too long, multiple versions of the patch could be released but never installed.

    Supported for Windows Server managed nodes only.

    " + }, "ClientToken":{ "shape":"ClientToken", "documentation":"

    User-provided idempotency token.

    ", @@ -5202,10 +5286,37 @@ }, "CreateResourceDataSyncResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreatedDate":{"type":"timestamp"}, + "Credentials":{ + "type":"structure", + "required":[ + "AccessKeyId", + "SecretAccessKey", + "SessionToken", + "ExpirationTime" + ], + "members":{ + "AccessKeyId":{ + "shape":"AccessKeyIdType", + "documentation":"

    The access key ID that identifies the temporary security credentials.

    " + }, + "SecretAccessKey":{ + "shape":"AccessKeySecretType", + "documentation":"

    The secret access key that can be used to sign requests.

    " + }, + "SessionToken":{ + "shape":"SessionTokenType", + "documentation":"

    The token that users must pass to the service API to use the temporary credentials.

    " + }, + "ExpirationTime":{ + "shape":"DateTime", + "documentation":"

    The datetime on which the current credentials expire.

    " + } + }, + "documentation":"

    The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

    " + }, "CustomSchemaCountLimitExceededException":{ "type":"structure", "members":{ @@ -5234,8 +5345,7 @@ }, "DeleteActivationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAssociationRequest":{ "type":"structure", @@ -5256,8 +5366,7 @@ }, "DeleteAssociationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDocumentRequest":{ "type":"structure", @@ -5283,8 +5392,7 @@ }, "DeleteDocumentResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInventoryRequest":{ "type":"structure", @@ -5357,8 +5465,7 @@ }, "DeleteOpsItemResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOpsMetadataRequest":{ "type":"structure", @@ -5372,8 +5479,7 @@ }, "DeleteOpsMetadataResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteParameterRequest":{ "type":"structure", @@ -5387,8 +5493,7 @@ }, "DeleteParameterResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteParametersRequest":{ "type":"structure", @@ -5448,8 +5553,7 @@ }, "DeleteResourceDataSyncResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourcePolicyRequest":{ "type":"structure", @@ -5475,8 +5579,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeliveryTimedOutCount":{"type":"integer"}, "DeregisterManagedInstanceRequest":{ @@ -5491,8 +5594,7 @@ }, "DeregisterManagedInstanceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterPatchBaselineForPatchGroupRequest":{ "type":"structure", @@ -5867,7 +5969,7 @@ "members":{ "Name":{ "shape":"DocumentName", - "documentation":"

    The name of the document for which you are the owner.

    " + "documentation":"

    The name of the document for which you are the owner.

    " }, "PermissionType":{ "shape":"DocumentPermissionType", @@ -5889,7 +5991,7 @@ "members":{ "AccountIds":{ "shape":"AccountIdList", - "documentation":"

    The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account or All.

    " + "documentation":"

    The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account number or all.

    " }, "AccountSharingInfoList":{ "shape":"AccountSharingInfoList", @@ -5907,7 +6009,7 @@ "members":{ "Name":{ "shape":"DocumentARN", - "documentation":"

    The name of the SSM document.

    " + "documentation":"

    The name of the SSM document.

    If you're calling a shared SSM document from a different Amazon Web Services account, Name is the full Amazon Resource Name (ARN) of the document.

    " }, "DocumentVersion":{ "shape":"DocumentVersion", @@ -6702,6 +6804,11 @@ "shape":"InstancesCount", "documentation":"

    The number of managed nodes with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these managed nodes is NON_COMPLIANT.

    ", "box":true + }, + "InstancesWithAvailableSecurityUpdates":{ + "shape":"Integer", + "documentation":"

    The number of managed nodes for which security-related patches are available but not approved because because they didn't meet the patch baseline requirements. For example, an updated version of a patch might have been released before the specified auto-approval period was over.

    Applies to Windows Server managed nodes only.

    ", + "box":true } } }, @@ -6835,8 +6942,7 @@ }, "DisassociateOpsItemRelatedItemResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DocumentARN":{ "type":"string", @@ -7389,7 +7495,9 @@ "ProblemAnalysisTemplate", "CloudFormation", "ConformancePackTemplate", - "QuickSetup" + "QuickSetup", + "ManualApprovalPolicy", + "AutoApprovalPolicy" ] }, "DocumentVersion":{ @@ -7490,8 +7598,7 @@ }, "DuplicateInstanceId":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You can't specify a managed node ID in more than one association.

    ", "exception":true }, @@ -7651,6 +7758,29 @@ "documentation":"

    You attempted to register a LAMBDA or STEP_FUNCTIONS task in a region where the corresponding service isn't available.

    ", "exception":true }, + "GetAccessTokenRequest":{ + "type":"structure", + "required":["AccessRequestId"], + "members":{ + "AccessRequestId":{ + "shape":"AccessRequestId", + "documentation":"

    The ID of a just-in-time node access request.

    " + } + } + }, + "GetAccessTokenResponse":{ + "type":"structure", + "members":{ + "Credentials":{ + "shape":"Credentials", + "documentation":"

    The temporary security credentials which can be used to start just-in-time node access sessions.

    " + }, + "AccessRequestStatus":{ + "shape":"AccessRequestStatus", + "documentation":"

    The status of the access request.

    " + } + } + }, "GetAutomationExecutionRequest":{ "type":"structure", "required":["AutomationExecutionId"], @@ -7676,7 +7806,7 @@ "members":{ "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.

    " + "documentation":"

    The names of Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.

    " }, "AtTime":{ "shape":"ISO8601String", @@ -7858,6 +7988,10 @@ "BaselineOverride":{ "shape":"BaselineOverride", "documentation":"

    Defines the basic information about a patch baseline override.

    " + }, + "UseS3DualStackEndpoint":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to use S3 dualstack endpoints for the patch snapshot download URL. Set to true to receive a presigned URL that supports both IPv4 and IPv6 connectivity. Set to false to use standard IPv4-only endpoints. Default is false. This parameter is required for managed nodes in IPv6-only environments.

    " } } }, @@ -8787,6 +8921,10 @@ "Sources":{ "shape":"PatchSourceList", "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

    " + }, + "AvailableSecurityUpdatesComplianceStatus":{ + "shape":"PatchComplianceStatus", + "documentation":"

    Indicates the compliance status of managed nodes for which security-related patches are available but were not approved. This preference is specified when the CreatePatchBaseline or UpdatePatchBaseline commands are run.

    Applies to Windows Server managed nodes only.

    " } } }, @@ -9270,7 +9408,7 @@ "members":{ "Key":{ "shape":"InstanceInformationStringFilterKey", - "documentation":"

    The filter key name to describe your managed nodes.

    Valid filter key values: ActivationIds | AgentVersion | AssociationStatus | IamRole | InstanceIds | PingStatus | PlatformTypes | ResourceType | SourceIds | SourceTypes | \"tag-key\" | \"tag:{keyname}

    • Valid values for the AssociationStatus filter key: Success | Pending | Failed

    • Valid values for the PingStatus filter key: Online | ConnectionLost | Inactive (deprecated)

    • Valid values for the PlatformType filter key: Windows | Linux | MacOS

    • Valid values for the ResourceType filter key: EC2Instance | ManagedInstance

    • Valid values for the SourceType filter key: AWS::EC2::Instance | AWS::SSM::ManagedInstance | AWS::IoT::Thing

    • Valid tag examples: Key=tag-key,Values=Purpose | Key=tag:Purpose,Values=Test.

    " + "documentation":"

    The filter key name to describe your managed nodes.

    Valid filter key values: ActivationIds | AgentVersion | AssociationStatus | IamRole | InstanceIds | PingStatus | PlatformType | ResourceType | SourceIds | SourceTypes | \"tag-key\" | \"tag:{keyname}

    • Valid values for the AssociationStatus filter key: Success | Pending | Failed

    • Valid values for the PingStatus filter key: Online | ConnectionLost | Inactive (deprecated)

    • Valid values for the PlatformType filter key: Windows | Linux | MacOS

    • Valid values for the ResourceType filter key: EC2Instance | ManagedInstance

    • Valid values for the SourceType filter key: AWS::EC2::Instance | AWS::SSM::ManagedInstance | AWS::IoT::Thing

    • Valid tag examples: Key=tag-key,Values=Purpose | Key=tag:Purpose,Values=Test.

    " }, "Values":{ "shape":"InstanceInformationFilterValueSet", @@ -9362,6 +9500,11 @@ "shape":"PatchNotApplicableCount", "documentation":"

    The number of patches from the patch baseline that aren't applicable for the managed node and therefore aren't installed on the node. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount.

    " }, + "AvailableSecurityUpdateCount":{ + "shape":"PatchAvailableSecurityUpdateCount", + "documentation":"

    The number of security-related patches that are available but not approved because they didn't meet the patch baseline requirements. For example, an updated version of a patch might have been released before the specified auto-approval period was over.

    Applies to Windows Server managed nodes only.

    ", + "box":true + }, "OperationStartTime":{ "shape":"DateTime", "documentation":"

    The time the most recent patching operation was started on the managed node.

    " @@ -9774,8 +9917,7 @@ }, "InvalidCommandId":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified command ID isn't valid. Verify the ID and try again.

    ", "exception":true }, @@ -9859,8 +10001,7 @@ }, "InvalidFilterKey":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified key isn't valid.

    ", "exception":true }, @@ -9974,15 +10115,13 @@ }, "InvalidOutputFolder":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The S3 bucket doesn't exist.

    ", "exception":true }, "InvalidOutputLocation":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The output location isn't valid or doesn't exist.

    ", "exception":true }, @@ -10004,8 +10143,7 @@ }, "InvalidPluginName":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The plugin name isn't valid.

    ", "exception":true }, @@ -10027,15 +10165,13 @@ }, "InvalidResourceId":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource ID isn't valid. Verify that you entered the correct ID and try again.

    ", "exception":true }, "InvalidResourceType":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

    ", "exception":true }, @@ -10240,14 +10376,14 @@ }, "Values":{ "shape":"InventoryFilterValueList", - "documentation":"

    Inventory filter values. Example: inventory filter where managed node IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal.

    " + "documentation":"

    Inventory filter values.

    " }, "Type":{ "shape":"InventoryQueryOperatorType", "documentation":"

    The type of filter.

    The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

    " } }, - "documentation":"

    One or more filters. Use a filter to return a more specific list of results.

    " + "documentation":"

    One or more filters. Use a filter to return a more specific list of results.

    Example formats for the aws ssm get-inventory command:

    --filters Key=AWS:InstanceInformation.AgentType,Values=amazon-ssm-agent,Type=Equal

    --filters Key=AWS:InstanceInformation.AgentVersion,Values=3.3.2299.0,Type=Equal

    --filters Key=AWS:InstanceInformation.ComputerName,Values=ip-192.0.2.0.us-east-2.compute.internal,Type=Equal

    --filters Key=AWS:InstanceInformation.InstanceId,Values=i-0a4cd6ceffEXAMPLE,i-1a2b3c4d5e6EXAMPLE,Type=Equal

    --filters Key=AWS:InstanceInformation.InstanceStatus,Values=Active,Type=Equal

    --filters Key=AWS:InstanceInformation.IpAddress,Values=198.51.100.0,Type=Equal

    --filters Key=AWS:InstanceInformation.PlatformName,Values=\"Amazon Linux\",Type=Equal

    --filters Key=AWS:InstanceInformation.PlatformType,Values=Linux,Type=Equal

    --filters Key=AWS:InstanceInformation.PlatformVersion,Values=2023,Type=BeginWith

    --filters Key=AWS:InstanceInformation.ResourceType,Values=EC2Instance,Type=Equal

    " }, "InventoryFilterKey":{ "type":"string", @@ -10512,8 +10648,7 @@ "InventoryTypeDisplayName":{"type":"string"}, "InvocationDoesNotExist":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.

    ", "exception":true }, @@ -11001,7 +11136,7 @@ "members":{ "SyncName":{ "shape":"ResourceDataSyncName", - "documentation":"

    The name of the resource data sync to retrieve information about. Required for cross-account/cross-Region configurations. Optional for single account/single-Region configurations.

    " + "documentation":"

    The name of the Amazon Web Services managed resource data sync to retrieve information about.

    For cross-account/cross-Region configurations, this parameter is required, and the name of the supported resource data sync is AWS-QuickSetup-ManagedNode.

    For single account/single-Region configurations, the parameter is not required.

    " }, "Filters":{ "shape":"NodeFilterList", @@ -11037,7 +11172,7 @@ "members":{ "SyncName":{ "shape":"ResourceDataSyncName", - "documentation":"

    The name of the resource data sync to retrieve information about. Required for cross-account/cross-Region configuration. Optional for single account/single-Region configurations.

    " + "documentation":"

    The name of the Amazon Web Services managed resource data sync to retrieve information about.

    For cross-account/cross-Region configurations, this parameter is required, and the name of the supported resource data sync is AWS-QuickSetup-ManagedNode.

    For single account/single-Region configurations, the parameter is not required.

    " }, "Filters":{ "shape":"NodeFilterList", @@ -12076,11 +12211,11 @@ }, "AccountIdsToAdd":{ "shape":"AccountIdList", - "documentation":"

    The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.

    " + "documentation":"

    The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All. You must specify a value for this parameter or the AccountIdsToRemove parameter.

    " }, "AccountIdsToRemove":{ "shape":"AccountIdList", - "documentation":"

    The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an ID to add and the same ID to remove, the system removes access to the document.

    " + "documentation":"

    The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an ID to add and the same ID to remove, the system removes access to the document. You must specify a value for this parameter or the AccountIdsToAdd parameter.

    " }, "SharedDocumentVersion":{ "shape":"SharedDocumentVersion", @@ -12090,10 +12225,17 @@ }, "ModifyDocumentPermissionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "NextToken":{"type":"string"}, + "NoLongerSupportedException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

    The requested operation is no longer supported by Systems Manager.

    ", + "exception":true + }, "Node":{ "type":"structure", "members":{ @@ -12880,6 +13022,15 @@ "Category", "Severity", "OpsItemType", + "AccessRequestByRequesterArn", + "AccessRequestByRequesterId", + "AccessRequestByApproverArn", + "AccessRequestByApproverId", + "AccessRequestBySourceAccountId", + "AccessRequestBySourceOpsItemId", + "AccessRequestBySourceRegion", + "AccessRequestByIsReplica", + "AccessRequestByTargetResourceId", "ChangeRequestByRequesterArn", "ChangeRequestByRequesterName", "ChangeRequestByApproverArn", @@ -13130,6 +13281,7 @@ "ChangeCalendarOverrideRejected", "PendingApproval", "Approved", + "Revoked", "Rejected", "Closed" ] @@ -13656,7 +13808,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"

    The parameter couldn't be found. Verify the name and try again.

    ", + "documentation":"

    The parameter couldn't be found. Verify the name and try again.

    For the DeleteParameter and GetParameter actions, if the specified parameter doesn't exist, the ParameterNotFound exception is not recorded in CloudTrail event logs.

    ", "exception":true }, "ParameterPatternMismatchException":{ @@ -13946,6 +14098,7 @@ "member":{"shape":"PatchAdvisoryId"} }, "PatchArch":{"type":"string"}, + "PatchAvailableSecurityUpdateCount":{"type":"integer"}, "PatchBaselineIdentity":{ "type":"structure", "members":{ @@ -14048,7 +14201,8 @@ "INSTALLED_REJECTED", "MISSING", "NOT_APPLICABLE", - "FAILED" + "FAILED", + "AVAILABLE_SECURITY_UPDATE" ] }, "PatchComplianceLevel":{ @@ -14067,6 +14221,13 @@ "max":100, "min":10 }, + "PatchComplianceStatus":{ + "type":"string", + "enum":[ + "COMPLIANT", + "NON_COMPLIANT" + ] + }, "PatchContentUrl":{"type":"string"}, "PatchCriticalNonCompliantCount":{"type":"integer"}, "PatchDeploymentStatus":{ @@ -14285,12 +14446,12 @@ }, "ApproveAfterDays":{ "shape":"ApproveAfterDays", - "documentation":"

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    This parameter is marked as Required: No, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

    ", + "documentation":"

    The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

    Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by 7 is 2025-11-16, patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.

    This parameter is marked as Required: No, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

    ", "box":true }, "ApproveUntilDate":{ "shape":"PatchStringDateTime", - "documentation":"

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD. For example, 2024-12-31.

    This parameter is marked as Required: No, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

    ", + "documentation":"

    The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

    Enter dates in the format YYYY-MM-DD. For example, 2025-11-16.

    Patch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date 2025-11-16, patches released between 2025-11-16T00:00:00Z and 2025-11-16T23:59:59Z will be included in the approval.

    This parameter is marked as Required: No, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

    Not supported for Debian Server or Ubuntu Server.

    Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

    ", "box":true }, "EnableNonSecurity":{ @@ -14345,7 +14506,7 @@ }, "Configuration":{ "shape":"PatchSourceConfiguration", - "documentation":"

    The value of the yum repo configuration. For example:

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5).

    " + "documentation":"

    The value of the repo configuration.

    Example for yum repositories

    [main]

    name=MyCustomRepository

    baseurl=https://my-custom-repository

    enabled=1

    For information about other options available for your yum repository configuration, see dnf.conf(5) on the man7.org website.

    Examples for Ubuntu Server and Debian Server

    deb http://security.ubuntu.com/ubuntu jammy main

    deb https://site.example.com/debian distribution component1 component2 component3

    Repo information for Ubuntu Server repositories must be specifed in a single line. For more examples and information, see jammy (5) sources.list.5.gz on the Ubuntu Server Manuals website and sources.list format on the Debian Wiki.

    " } }, "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repository. Applies to Linux managed nodes only.

    " @@ -14516,8 +14677,7 @@ }, "PutComplianceItemsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutInventoryMessage":{"type":"string"}, "PutInventoryRequest":{ @@ -14555,7 +14715,7 @@ "members":{ "Name":{ "shape":"PSParameterName", - "documentation":"

    The fully qualified name of the parameter that you want to add to the system.

    You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

    The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example: /Dev/DBServer/MySQL/db-string13

    Naming Constraints:

    • Parameter names are case sensitive.

    • A parameter name must be unique within an Amazon Web Services Region

    • A parameter name can't be prefixed with \"aws\" or \"ssm\" (case-insensitive).

    • Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-

      In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example: /Dev/Production/East/Project-ABC/MyParameter

    • A parameter name can't include spaces.

    • Parameter hierarchies are limited to a maximum depth of fifteen levels.

    For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.

    The maximum length constraint of 2048 characters listed below includes 1037 characters reserved for internal use by Systems Manager. The maximum length for a parameter name that you create is 1011 characters. This includes the characters in the ARN that precede the name you specify, such as arn:aws:ssm:us-east-2:111122223333:parameter/.

    " + "documentation":"

    The fully qualified name of the parameter that you want to create or update.

    You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

    The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example: /Dev/DBServer/MySQL/db-string13

    Naming Constraints:

    • Parameter names are case sensitive.

    • A parameter name must be unique within an Amazon Web Services Region

    • A parameter name can't be prefixed with \"aws\" or \"ssm\" (case-insensitive).

    • Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-

      In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example: /Dev/Production/East/Project-ABC/MyParameter

    • Parameter names can't contain spaces. The service removes any spaces specified for the beginning or end of a parameter name. If the specified name for a parameter contains spaces between characters, the request fails with a ValidationException error.

    • Parameter hierarchies are limited to a maximum depth of fifteen levels.

    For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.

    The reported maximum length of 2048 characters for a parameter name includes 1037 characters that are reserved for internal use by Systems Manager. The maximum length for a parameter name that you specify is 1011 characters.

    This count of 1011 characters includes the characters in the ARN that precede the name you specify. This ARN length will vary depending on your partition and Region. For example, the following 45 characters count toward the 1011 character maximum for a parameter created in the US East (Ohio) Region: arn:aws:ssm:us-east-2:111122223333:parameter/.

    " }, "Description":{ "shape":"ParameterDescription", @@ -14567,11 +14727,11 @@ }, "Type":{ "shape":"ParameterType", - "documentation":"

    The type of parameter that you want to add to the system.

    SecureString isn't currently supported for CloudFormation templates.

    Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.

    Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.

    " + "documentation":"

    The type of parameter that you want to create.

    SecureString isn't currently supported for CloudFormation templates.

    Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.

    Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.

    " }, "KeyId":{ "shape":"ParameterKeyId", - "documentation":"

    The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Use a custom key for better security. Required for parameters that use the SecureString data type.

    If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account which is not as secure as using a custom key.

    • To use a custom KMS key, choose the SecureString data type with the Key ID parameter.

    " + "documentation":"

    The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Use a custom key for better security. Required for parameters that use the SecureString data type.

    If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account, which is not as secure as using a custom key.

    • To use a custom KMS key, choose the SecureString data type with the Key ID parameter.

    " }, "Overwrite":{ "shape":"Boolean", @@ -14941,8 +15101,7 @@ }, "RemoveTagsFromResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "RequireType":{ "type":"string", @@ -15655,8 +15814,7 @@ }, "SendAutomationSignalResult":{ "type":"structure", - "members":{ - } + "members":{} }, "SendCommandRequest":{ "type":"structure", @@ -15746,6 +15904,35 @@ } } }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "Message", + "QuotaCode", + "ServiceCode" + ], + "members":{ + "Message":{"shape":"String"}, + "ResourceId":{ + "shape":"String", + "documentation":"

    The unique ID of the resource referenced in the failed request.

    " + }, + "ResourceType":{ + "shape":"String", + "documentation":"

    The resource type of the resource referenced in the failed request.

    " + }, + "QuotaCode":{ + "shape":"String", + "documentation":"

    The quota code recognized by the Amazon Web Services Service Quotas service.

    " + }, + "ServiceCode":{ + "shape":"String", + "documentation":"

    The code for the Amazon Web Services service that owns the quota.

    " + } + }, + "documentation":"

    The request exceeds the service quota. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your Amazon Web Services account.

    ", + "exception":true + }, "ServiceRole":{"type":"string"}, "ServiceSetting":{ "type":"structure", @@ -15841,6 +16028,10 @@ "MaxSessionDuration":{ "shape":"MaxSessionDuration", "documentation":"

    The maximum duration of a session before it terminates.

    " + }, + "AccessType":{ + "shape":"AccessType", + "documentation":"

    Standard access type is the default for Session Manager sessions. JustInTime is the access type for Just-in-time node access.

    " } }, "documentation":"

    Information about a Session Manager connection to a managed node.

    " @@ -15876,7 +16067,8 @@ "Target", "Owner", "Status", - "SessionId" + "SessionId", + "AccessType" ] }, "SessionFilterList":{ @@ -15981,6 +16173,10 @@ "max":400, "min":1 }, + "SessionTokenType":{ + "type":"string", + "sensitive":true + }, "SeveritySummary":{ "type":"structure", "members":{ @@ -16024,7 +16220,8 @@ "Reject", "StartStep", "StopStep", - "Resume" + "Resume", + "Revoke" ] }, "SnapshotDownloadUrl":{"type":"string"}, @@ -16056,6 +16253,36 @@ "type":"string", "max":24000 }, + "StartAccessRequestRequest":{ + "type":"structure", + "required":[ + "Reason", + "Targets" + ], + "members":{ + "Reason":{ + "shape":"String1to256", + "documentation":"

    A brief description explaining why you are requesting access to the node.

    " + }, + "Targets":{ + "shape":"Targets", + "documentation":"

    The node you are requesting access to.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Key-value pairs of metadata you want to assign to the access request.

    " + } + } + }, + "StartAccessRequestResponse":{ + "type":"structure", + "members":{ + "AccessRequestId":{ + "shape":"AccessRequestId", + "documentation":"

    The ID of the access request.

    " + } + } + }, "StartAssociationsOnceRequest":{ "type":"structure", "required":["AssociationIds"], @@ -16068,8 +16295,7 @@ }, "StartAssociationsOnceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StartAutomationExecutionRequest":{ "type":"structure", @@ -16290,8 +16516,7 @@ "StatusName":{"type":"string"}, "StatusUnchanged":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The updated status is the same as the current status.

    ", "exception":true }, @@ -16478,8 +16703,7 @@ }, "StopAutomationExecutionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StopType":{ "type":"string", @@ -16490,6 +16714,11 @@ }, "StreamUrl":{"type":"string"}, "String":{"type":"string"}, + "String1to256":{ + "type":"string", + "max":256, + "min":1 + }, "StringDateTime":{ "type":"string", "pattern":"^([\\-]?\\d{4}(?!\\d{2}\\b))((-?)((0[1-9]|1[0-2])(\\3([12]\\d|0[1-9]|3[01]))?|W([0-4]\\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\\d|[12]\\d{2}|3([0-5]\\d|6[1-6])))([T\\s]((([01]\\d|2[0-3])((:?)[0-5]\\d)?|24\\:?00)([\\.,]\\d(?!:))?)?(\\17[0-5]\\d([\\.,]\\d)?)?([zZ]|([\\-])([01]\\d|2[0-3]):?([0-5]\\d)?)?)?)?$" @@ -16583,12 +16812,12 @@ }, "TargetLocationMaxConcurrency":{ "shape":"MaxConcurrency", - "documentation":"

    The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

    ", + "documentation":"

    The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently. TargetLocationMaxConcurrency has a default value of 1.

    ", "box":true }, "TargetLocationMaxErrors":{ "shape":"MaxErrors", - "documentation":"

    The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

    ", + "documentation":"

    The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation. TargetLocationMaxErrors has a default value of 0.

    ", "box":true }, "ExecutionRoleName":{ @@ -16602,7 +16831,7 @@ }, "IncludeChildOrganizationUnits":{ "shape":"Boolean", - "documentation":"

    Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

    " + "documentation":"

    Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

    This parameter is not supported by State Manager.

    " }, "ExcludeAccounts":{ "shape":"ExcludeAccounts", @@ -16731,6 +16960,23 @@ } } }, + "ThrottlingException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{"shape":"String"}, + "QuotaCode":{ + "shape":"String", + "documentation":"

    The quota code recognized by the Amazon Web Services Service Quotas service.

    " + }, + "ServiceCode":{ + "shape":"String", + "documentation":"

    The code for the Amazon Web Services service that owns the quota.

    " + } + }, + "documentation":"

    The request or operation couldn't be performed because the service is throttling requests.

    ", + "exception":true + }, "TimeoutSeconds":{ "type":"integer", "max":2592000, @@ -16743,8 +16989,7 @@ }, "TooManyTagsError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The Targets parameter includes too many tags. Remove one or more tags and try the command again.

    ", "exception":true }, @@ -16932,15 +17177,15 @@ }, "ApplyOnlyAtCronInterval":{ "shape":"ApplyOnlyAtCronInterval", - "documentation":"

    By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it. This parameter isn't supported for rate expressions.

    If you chose this option when you created an association and later you edit that association or you make changes to the SSM document on which that association is based (by using the Documents page in the console), State Manager applies the association at the next specified cron interval. For example, if you chose the Latest version of an SSM document when you created an association and you edit the association by choosing a different document version on the Documents page, State Manager applies the association at the next specified cron interval if you previously selected this option. If this option wasn't selected, State Manager immediately runs the association.

    You can reset this option. To do so, specify the no-apply-only-at-cron-interval parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.

    " + "documentation":"

    By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify true for ApplyOnlyAtCronInterval if you want the association to run only according to the schedule you specified.

    If you chose this option when you created an association and later you edit that association or you make changes to the Automation runbook or SSM document on which that association is based, State Manager applies the association at the next specified cron interval. For example, if you chose the Latest version of an SSM document when you created an association and you edit the association by choosing a different document version on the Documents page, State Manager applies the association at the next specified cron interval if you previously set ApplyOnlyAtCronInterval to true. If this option wasn't selected, State Manager immediately runs the association.

    For more information, see Understanding when associations are applied to resources and About target updates with Automation runbooks in the Amazon Web Services Systems Manager User Guide.

    This parameter isn't supported for rate expressions.

    You can reset this parameter. To do so, specify the no-apply-only-at-cron-interval parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.

    " }, "CalendarNames":{ "shape":"CalendarNameOrARNList", - "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

    " + "documentation":"

    The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

    " }, "TargetLocations":{ "shape":"TargetLocations", - "documentation":"

    A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.

    " + "documentation":"

    A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.

    The IncludeChildOrganizationUnits parameter is not supported by State Manager.

    " }, "ScheduleOffset":{ "shape":"ScheduleOffset", @@ -17049,8 +17294,7 @@ }, "UpdateDocumentMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDocumentRequest":{ "type":"structure", @@ -17448,8 +17692,7 @@ }, "UpdateManagedInstanceRoleResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOpsItemRequest":{ "type":"structure", @@ -17523,8 +17766,7 @@ }, "UpdateOpsItemResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateOpsMetadataRequest":{ "type":"structure", @@ -17592,7 +17834,7 @@ }, "RejectedPatchesAction":{ "shape":"PatchAction", - "documentation":"

    The action for Patch Manager to take on patches included in the RejectedPackages list.

    ALLOW_AS_DEPENDENCY

    Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

    Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

    BLOCK

    All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

    " + "documentation":"

    The action for Patch Manager to take on patches included in the RejectedPackages list.

    ALLOW_AS_DEPENDENCY

    Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

    Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

    BLOCK

    All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances.

    State value assignment for patch compliance:

    • If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

    • If an update attempts to install a dependency package that is now rejected by the baseline, when previous versions of the package were not rejected, the package being updated is reported as MISSING for SCAN operations and as FAILED for INSTALL operations.

    " }, "Description":{ "shape":"BaselineDescription", @@ -17602,6 +17844,10 @@ "shape":"PatchSourceList", "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

    " }, + "AvailableSecurityUpdatesComplianceStatus":{ + "shape":"PatchComplianceStatus", + "documentation":"

    Indicates the status to be assigned to security patches that are available but not approved because they don't meet the installation criteria specified in the patch baseline.

    Example scenario: Security patches that you might want installed can be skipped if you have specified a long period to wait after a patch is released before installation. If an update to the patch is released during your specified waiting period, the waiting period for installing the patch starts over. If the waiting period is too long, multiple versions of the patch could be released but never installed.

    Supported for Windows Server managed nodes only.

    " + }, "Replace":{ "shape":"Boolean", "documentation":"

    If True, then all fields that are required by the CreatePatchBaseline operation are also required for this API request. Optional fields that aren't specified are set to null.

    ", @@ -17668,6 +17914,10 @@ "Sources":{ "shape":"PatchSourceList", "documentation":"

    Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

    " + }, + "AvailableSecurityUpdatesComplianceStatus":{ + "shape":"PatchComplianceStatus", + "documentation":"

    Indicates the compliance status of managed nodes for which security-related patches are available but were not approved. This preference is specified when the CreatePatchBaseline or UpdatePatchBaseline commands are run.

    Applies to Windows Server managed nodes only.

    " } } }, @@ -17695,8 +17945,7 @@ }, "UpdateResourceDataSyncResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateServiceSettingRequest":{ "type":"structure", @@ -17718,8 +17967,7 @@ }, "UpdateServiceSettingResult":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The result body of the UpdateServiceSetting API operation.

    " }, "Url":{"type":"string"}, @@ -17749,5 +17997,5 @@ "pattern":"^[0-9]{1,6}(\\.[0-9]{1,6}){2,3}$" } }, - "documentation":"

    Amazon Web Services Systems Manager is the operations hub for your Amazon Web Services applications and resources and a secure end-to-end management solution for hybrid cloud environments that enables safe and secure operations at scale.

    This reference is intended to be used with the Amazon Web Services Systems Manager User Guide. To get started, see Setting up Amazon Web Services Systems Manager.

    Related resources

    " + "documentation":"

    Amazon Web Services Systems Manager is the operations hub for your Amazon Web Services applications and resources and a secure end-to-end management solution for hybrid cloud environments that enables safe and secure operations at scale.

    This reference is intended to be used with the Amazon Web Services Systems Manager User Guide. To get started, see Setting up Amazon Web Services Systems Manager.

    Related resources

    " } diff -pruN 2.23.6-1/awscli/botocore/data/ssm-contacts/2021-05-03/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm-contacts/2021-05-03/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm-contacts/2021-05-03/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-contacts/2021-05-03/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/ssm-contacts/2021-05-03/service-2.json 2.31.35-1/awscli/botocore/data/ssm-contacts/2021-05-03/service-2.json --- 2.23.6-1/awscli/botocore/data/ssm-contacts/2021-05-03/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-contacts/2021-05-03/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,13 +5,15 @@ "endpointPrefix":"ssm-contacts", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"SSM Contacts", "serviceFullName":"AWS Systems Manager Incident Manager Contacts", "serviceId":"SSM Contacts", "signatureVersion":"v4", "signingName":"ssm-contacts", "targetPrefix":"SSMContacts", - "uid":"ssm-contacts-2021-05-03" + "uid":"ssm-contacts-2021-05-03", + "auth":["aws.auth#sigv4"] }, "operations":{ "AcceptPage":{ @@ -154,7 +156,7 @@ {"shape":"ConflictException"}, {"shape":"ValidationException"} ], - "documentation":"

    To remove a contact from Incident Manager, you can delete the contact. Deleting a contact removes them from all escalation plans and related response plans. Deleting an escalation plan removes it from all related response plans. You will have to recreate the contact and its contact channels before you can use it again.

    " + "documentation":"

    To remove a contact from Incident Manager, you can delete the contact. However, deleting a contact does not remove it from escalation plans and related response plans. Deleting an escalation plan also does not remove it from all related response plans. To modify an escalation plan, we recommend using the UpdateContact action to specify a different existing contact.

    " }, "DeleteContactChannel":{ "name":"DeleteContactChannel", @@ -171,7 +173,7 @@ {"shape":"ThrottlingException"}, {"shape":"ValidationException"} ], - "documentation":"

    To no longer receive engagements on a contact channel, you can delete the channel from a contact. Deleting the contact channel removes it from the contact's engagement plan. If you delete the only contact channel for a contact, you won't be able to engage that contact during an incident.

    " + "documentation":"

    To stop receiving engagements on a contact channel, you can delete the channel from a contact. Deleting the contact channel does not remove it from the contact's engagement plan, but the stage that includes the channel will be ignored. If you delete the only contact channel for a contact, you'll no longer be able to engage that contact during an incident.

    " }, "DeleteRotation":{ "name":"DeleteRotation", @@ -532,7 +534,7 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the tags of an escalation plan or contact.

    " + "documentation":"

    Lists the tags of a contact, escalation plan, rotation, or on-call schedule.

    " }, "PutContactPolicy":{ "name":"PutContactPolicy", @@ -748,8 +750,7 @@ }, "AcceptPageResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AcceptType":{ "type":"string", @@ -786,8 +787,7 @@ }, "ActivateContactChannelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ActivationCode":{ "type":"string", @@ -823,7 +823,7 @@ }, "RetryIntervalInMinutes":{ "shape":"RetryIntervalInMinutes", - "documentation":"

    The number of minutes to wait to retry sending engagement in the case the engagement initially fails.

    " + "documentation":"

    The number of minutes to wait before retrying to send engagement if the engagement initially failed.

    " } }, "documentation":"

    Information about the contact channel that Incident Manager uses to engage the contact.

    " @@ -883,7 +883,7 @@ }, "Type":{ "shape":"ContactType", - "documentation":"

    Refers to the type of contact. A single contact is type PERSONAL and an escalation plan is type ESCALATION.

    " + "documentation":"

    The type of contact.

    • PERSONAL: A single, individual contact.

    • ESCALATION: An escalation plan.

    • ONCALL_SCHEDULE: An on-call schedule.

    " } }, "documentation":"

    A personal contact or escalation plan that Incident Manager engages during an incident.

    " @@ -1066,7 +1066,7 @@ }, "Type":{ "shape":"ContactType", - "documentation":"

    To create an escalation plan use ESCALATION. To create a contact use PERSONAL.

    " + "documentation":"

    The type of contact to create.

    • PERSONAL: A single, individual contact.

    • ESCALATION: An escalation plan.

    • ONCALL_SCHEDULE: An on-call schedule.

    " }, "Plan":{ "shape":"Plan", @@ -1149,7 +1149,7 @@ }, "ContactIds":{ "shape":"RotationContactsArnList", - "documentation":"

    The Amazon Resource Names (ARNs) of the contacts to add to the rotation.

    The order that you list the contacts in is their shift order in the rotation schedule. To change the order of the contact's shifts, use the UpdateRotation operation.

    " + "documentation":"

    The Amazon Resource Names (ARNs) of the contacts to add to the rotation.

    Only the PERSONAL contact type is supported. The contact types ESCALATION and ONCALL_SCHEDULE are not supported for this operation.

    The order that you list the contacts in is their shift order in the rotation schedule. To change the order of the contact's shifts, use the UpdateRotation operation.

    " }, "StartTime":{ "shape":"DateTime", @@ -1157,7 +1157,7 @@ }, "TimeZoneId":{ "shape":"TimeZoneId", - "documentation":"

    The time zone to base the rotation’s activity on in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website.

    Designators for time zones that don’t support Daylight Savings Time rules, such as Pacific Standard Time (PST) and Pacific Daylight Time (PDT), are not supported.

    " + "documentation":"

    The time zone to base the rotation’s activity on in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website.

    Designators for time zones that don’t support Daylight Savings Time rules, such as Pacific Standard Time (PST), are not supported.

    " }, "Recurrence":{ "shape":"RecurrenceSettings", @@ -1226,8 +1226,7 @@ }, "DeactivateContactChannelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeferActivation":{ "type":"boolean", @@ -1245,8 +1244,7 @@ }, "DeleteContactChannelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteContactRequest":{ "type":"structure", @@ -1260,8 +1258,7 @@ }, "DeleteContactResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRotationOverrideRequest":{ "type":"structure", @@ -1282,8 +1279,7 @@ }, "DeleteRotationOverrideResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRotationRequest":{ "type":"structure", @@ -1297,8 +1293,7 @@ }, "DeleteRotationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DependentEntity":{ "type":"structure", @@ -1596,7 +1591,7 @@ }, "Type":{ "shape":"ContactType", - "documentation":"

    The type of contact, either PERSONAL or ESCALATION.

    " + "documentation":"

    The type of contact.

    " }, "Plan":{ "shape":"Plan", @@ -1799,7 +1794,7 @@ }, "Type":{ "shape":"ContactType", - "documentation":"

    The type of contact. A contact is type PERSONAL and an escalation plan is type ESCALATION.

    " + "documentation":"

    The type of contact.

    " } } }, @@ -2164,7 +2159,7 @@ "members":{ "ResourceARN":{ "shape":"AmazonResourceName", - "documentation":"

    The Amazon Resource Name (ARN) of the contact or escalation plan.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the contact, escalation plan, rotation, or on-call schedule.

    " } } }, @@ -2346,8 +2341,7 @@ }, "PutContactPolicyResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Receipt":{ "type":"structure", @@ -2421,12 +2415,12 @@ }, "NumberOfOnCalls":{ "shape":"NumberOfOnCalls", - "documentation":"

    The number of contacts, or shift team members designated to be on call concurrently during a shift. For example, in an on-call schedule containing ten contacts, a value of 2 designates that two of them are on call at any given time.

    ", + "documentation":"

    The number of contacts, or shift team members designated to be on call concurrently during a shift. For example, in an on-call schedule that contains ten contacts, a value of 2 designates that two of them are on call at any given time.

    ", "box":true }, "ShiftCoverages":{ "shape":"ShiftCoveragesMap", - "documentation":"

    Information about the days of the week included in on-call rotation coverage.

    " + "documentation":"

    Information about the days of the week that the on-call rotation coverage includes.

    " }, "RecurrenceMultiplier":{ "shape":"RecurrenceMultiplier", @@ -2642,8 +2636,7 @@ }, "SendActivationCodeResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Sender":{ "type":"string", @@ -2822,8 +2815,7 @@ }, "StopEngagementResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StopReason":{ "type":"string", @@ -2882,8 +2874,7 @@ }, "TagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2902,11 +2893,11 @@ "members":{ "ChannelTargetInfo":{ "shape":"ChannelTargetInfo", - "documentation":"

    Information about the contact channel Incident Manager is engaging.

    " + "documentation":"

    Information about the contact channel that Incident Manager engages.

    " }, "ContactTargetInfo":{ "shape":"ContactTargetInfo", - "documentation":"

    Information about the contact that Incident Manager is engaging.

    " + "documentation":"

    Information about the contact that Incident Manager engages.

    " } }, "documentation":"

    The contact or contact channel that's being engaged.

    " @@ -2975,8 +2966,7 @@ }, "UntagResourceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactChannelRequest":{ "type":"structure", @@ -2998,8 +2988,7 @@ }, "UpdateContactChannelResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateContactRequest":{ "type":"structure", @@ -3021,8 +3010,7 @@ }, "UpdateContactResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRotationRequest":{ "type":"structure", @@ -3037,7 +3025,7 @@ }, "ContactIds":{ "shape":"RotationContactsArnList", - "documentation":"

    The Amazon Resource Names (ARNs) of the contacts to include in the updated rotation.

    The order in which you list the contacts is their shift order in the rotation schedule.

    " + "documentation":"

    The Amazon Resource Names (ARNs) of the contacts to include in the updated rotation.

    Only the PERSONAL contact type is supported. The contact types ESCALATION and ONCALL_SCHEDULE are not supported for this operation.

    The order in which you list the contacts is their shift order in the rotation schedule.

    " }, "StartTime":{ "shape":"DateTime", @@ -3045,7 +3033,7 @@ }, "TimeZoneId":{ "shape":"TimeZoneId", - "documentation":"

    The time zone to base the updated rotation’s activity on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website.

    Designators for time zones that don’t support Daylight Savings Time Rules, such as Pacific Standard Time (PST) and Pacific Daylight Time (PDT), aren't supported.

    " + "documentation":"

    The time zone to base the updated rotation’s activity on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website.

    Designators for time zones that don’t support Daylight Savings Time Rules, such as Pacific Standard Time (PST), aren't supported.

    " }, "Recurrence":{ "shape":"RecurrenceSettings", @@ -3055,8 +3043,7 @@ }, "UpdateRotationResult":{ "type":"structure", - "members":{ - } + "members":{} }, "Uuid":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ssm-guiconnect-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ssm-guiconnect-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ssm-guiconnect.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://ssm-guiconnect.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/paginators-1.json 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,3 @@ +{ + "pagination": {} +} diff -pruN 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/service-2.json 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/service-2.json --- 2.23.6-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-guiconnect/2021-05-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,303 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2021-05-01", + "endpointPrefix":"ssm-guiconnect", + "jsonVersion":"1.1", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS SSM-GUIConnect", + "serviceId":"SSM GuiConnect", + "signatureVersion":"v4", + "signingName":"ssm-guiconnect", + "uid":"ssm-guiconnect-2021-05-01", + "auth":["aws.auth#sigv4"] + }, + "operations":{ + "DeleteConnectionRecordingPreferences":{ + "name":"DeleteConnectionRecordingPreferences", + "http":{ + "method":"POST", + "requestUri":"/DeleteConnectionRecordingPreferences", + "responseCode":200 + }, + "input":{"shape":"DeleteConnectionRecordingPreferencesRequest"}, + "output":{"shape":"DeleteConnectionRecordingPreferencesResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Deletes the preferences for recording RDP connections.

    ", + "idempotent":true + }, + "GetConnectionRecordingPreferences":{ + "name":"GetConnectionRecordingPreferences", + "http":{ + "method":"POST", + "requestUri":"/GetConnectionRecordingPreferences", + "responseCode":200 + }, + "output":{"shape":"GetConnectionRecordingPreferencesResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Returns the preferences specified for recording RDP connections in the requesting Amazon Web Services account and Amazon Web Services Region.

    " + }, + "UpdateConnectionRecordingPreferences":{ + "name":"UpdateConnectionRecordingPreferences", + "http":{ + "method":"POST", + "requestUri":"/UpdateConnectionRecordingPreferences", + "responseCode":200 + }, + "input":{"shape":"UpdateConnectionRecordingPreferencesRequest"}, + "output":{"shape":"UpdateConnectionRecordingPreferencesResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Updates the preferences for recording RDP connections.

    ", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    You do not have sufficient access to perform this action.

    ", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AccountId":{ + "type":"string", + "pattern":"^[0-9]{12}$" + }, + "BucketName":{ + "type":"string", + "pattern":"(?=^.{3,63}$)(?!^(\\d+\\.)+\\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])$)" + }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1 + }, + "ConflictException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    An error occurred due to a conflict.

    ", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "ConnectionRecordingPreferences":{ + "type":"structure", + "required":[ + "KMSKeyArn", + "RecordingDestinations" + ], + "members":{ + "KMSKeyArn":{ + "shape":"ConnectionRecordingPreferencesKMSKeyArnString", + "documentation":"

    The ARN of a KMS key that is used to encrypt data while it is being processed by the service. This key must exist in the same Amazon Web Services Region as the node you start an RDP connection to.

    " + }, + "RecordingDestinations":{ + "shape":"RecordingDestinations", + "documentation":"

    Determines where recordings of RDP connections are stored.

    " + } + }, + "documentation":"

    The set of preferences used for recording RDP connections in the requesting Amazon Web Services account and Amazon Web Services Region. This includes details such as which S3 bucket recordings are stored in.

    " + }, + "ConnectionRecordingPreferencesKMSKeyArnString":{ + "type":"string", + "max":2048, + "min":1 + }, + "DeleteConnectionRecordingPreferencesRequest":{ + "type":"structure", + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    User-provided idempotency token.

    ", + "idempotencyToken":true + } + } + }, + "DeleteConnectionRecordingPreferencesResponse":{ + "type":"structure", + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Service-provided idempotency token.

    " + } + } + }, + "ErrorMessage":{"type":"string"}, + "GetConnectionRecordingPreferencesResponse":{ + "type":"structure", + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Service-provided idempotency token.

    " + }, + "ConnectionRecordingPreferences":{ + "shape":"ConnectionRecordingPreferences", + "documentation":"

    The set of preferences used for recording RDP connections in the requesting Amazon Web Services account and Amazon Web Services Region. This includes details such as which S3 bucket recordings are stored in.

    " + } + } + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The request processing has failed because of an unknown error, exception or failure.

    ", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "RecordingDestinations":{ + "type":"structure", + "required":["S3Buckets"], + "members":{ + "S3Buckets":{ + "shape":"S3Buckets", + "documentation":"

    The S3 bucket where RDP connection recordings are stored.

    " + } + }, + "documentation":"

    Determines where recordings of RDP connections are stored.

    " + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The resource could not be found.

    ", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "S3Bucket":{ + "type":"structure", + "required":[ + "BucketName", + "BucketOwner" + ], + "members":{ + "BucketName":{ + "shape":"BucketName", + "documentation":"

    The name of the S3 bucket where RDP connection recordings are stored.

    " + }, + "BucketOwner":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account number that owns the S3 bucket.

    " + } + }, + "documentation":"

    The S3 bucket where RDP connection recordings are stored.

    " + }, + "S3Buckets":{ + "type":"list", + "member":{"shape":"S3Bucket"}, + "max":1, + "min":1 + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    Your request exceeds a service quota.

    ", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The request was denied due to request throttling.

    ", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "UpdateConnectionRecordingPreferencesRequest":{ + "type":"structure", + "required":["ConnectionRecordingPreferences"], + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    User-provided idempotency token.

    ", + "idempotencyToken":true + }, + "ConnectionRecordingPreferences":{ + "shape":"ConnectionRecordingPreferences", + "documentation":"

    The set of preferences used for recording RDP connections in the requesting Amazon Web Services account and Amazon Web Services Region. This includes details such as which S3 bucket recordings are stored in.

    " + } + } + }, + "UpdateConnectionRecordingPreferencesResponse":{ + "type":"structure", + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Service-provided idempotency token.

    " + }, + "ConnectionRecordingPreferences":{ + "shape":"ConnectionRecordingPreferences", + "documentation":"

    The set of preferences used for recording RDP connections in the requesting Amazon Web Services account and Amazon Web Services Region. This includes details such as which S3 bucket recordings are stored in.

    " + } + } + }, + "ValidationException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"

    The input fails to satisfy the constraints specified by an AWS service.

    ", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + }, + "documentation":"

    AWS Systems Manager GUI Connect

    Systems Manager GUI Connect, a component of Fleet Manager, lets you connect to your Window Server-type Amazon Elastic Compute Cloud (Amazon EC2) instances using the Remote Desktop Protocol (RDP). GUI Connect, which is powered by Amazon DCV, provides you with secure connectivity to your Windows Server instances directly from the Systems Manager console. You can have up to four simultaneous connections in a single browser window. In the console, GUI Connect is also referred to as Fleet Manager Remote Desktop.

    This reference is intended to be used with the Amazon Web Services Systems Manager User Guide . To get started, see the following user guide topics:

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/ssm-incidents/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm-incidents/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm-incidents/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-incidents/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ssm-quicksetup/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm-quicksetup/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm-quicksetup/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-quicksetup/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/paginators-1.json 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/paginators-1.json --- 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,6 +29,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "OperationEvents" + }, + "ListConfigurationCheckDefinitions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ConfigurationChecks" + }, + "ListConfigurationCheckOperations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ConfigurationCheckOperations" + }, + "ListSubCheckResults": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "SubCheckResults" + }, + "ListSubCheckRuleResults": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RuleResults" } } } diff -pruN 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/ssm-sap/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -77,6 +77,21 @@ ], "documentation":"

    Gets the component of an application registered with AWS Systems Manager for SAP.

    " }, + "GetConfigurationCheckOperation":{ + "name":"GetConfigurationCheckOperation", + "http":{ + "method":"POST", + "requestUri":"/get-configuration-check-operation", + "responseCode":200 + }, + "input":{"shape":"GetConfigurationCheckOperationInput"}, + "output":{"shape":"GetConfigurationCheckOperationOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Gets the details of a configuration check operation by specifying the operation ID.

    " + }, "GetDatabase":{ "name":"GetDatabase", "http":{ @@ -156,6 +171,37 @@ ], "documentation":"

    Lists all the components registered with AWS Systems Manager for SAP.

    " }, + "ListConfigurationCheckDefinitions":{ + "name":"ListConfigurationCheckDefinitions", + "http":{ + "method":"POST", + "requestUri":"/list-configuration-check-definitions", + "responseCode":200 + }, + "input":{"shape":"ListConfigurationCheckDefinitionsInput"}, + "output":{"shape":"ListConfigurationCheckDefinitionsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists all configuration check types supported by AWS Systems Manager for SAP.

    " + }, + "ListConfigurationCheckOperations":{ + "name":"ListConfigurationCheckOperations", + "http":{ + "method":"POST", + "requestUri":"/list-configuration-check-operations", + "responseCode":200 + }, + "input":{"shape":"ListConfigurationCheckOperationsInput"}, + "output":{"shape":"ListConfigurationCheckOperationsOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the configuration check operations performed by AWS Systems Manager for SAP.

    " + }, "ListDatabases":{ "name":"ListDatabases", "http":{ @@ -202,6 +248,36 @@ ], "documentation":"

    Lists the operations performed by AWS Systems Manager for SAP.

    " }, + "ListSubCheckResults":{ + "name":"ListSubCheckResults", + "http":{ + "method":"POST", + "requestUri":"/list-sub-check-results", + "responseCode":200 + }, + "input":{"shape":"ListSubCheckResultsInput"}, + "output":{"shape":"ListSubCheckResultsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the sub-check results of a specified configuration check operation.

    " + }, + "ListSubCheckRuleResults":{ + "name":"ListSubCheckRuleResults", + "http":{ + "method":"POST", + "requestUri":"/list-sub-check-rule-results", + "responseCode":200 + }, + "input":{"shape":"ListSubCheckRuleResultsInput"}, + "output":{"shape":"ListSubCheckRuleResultsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the rules of a specified sub-check belonging to a configuration check operation.

    " + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -262,8 +338,8 @@ "output":{"shape":"StartApplicationOutput"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], "documentation":"

    Request is an operation which starts an application.

    Parameter ApplicationId is required.

    " @@ -286,6 +362,23 @@ ], "documentation":"

    Refreshes a registered application.

    " }, + "StartConfigurationChecks":{ + "name":"StartConfigurationChecks", + "http":{ + "method":"POST", + "requestUri":"/start-configuration-checks", + "responseCode":200 + }, + "input":{"shape":"StartConfigurationChecksInput"}, + "output":{"shape":"StartConfigurationChecksOutput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Initiates configuration check operations against a specified application.

    " + }, "StopApplication":{ "name":"StopApplication", "http":{ @@ -297,8 +390,8 @@ "output":{"shape":"StopApplicationOutput"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"ValidationException"}, {"shape":"ConflictException"}, + {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], "documentation":"

    Request is an operation to stop an application.

    Parameter ApplicationId is required. Parameters StopConnectedEntity and IncludeEc2InstanceShutdown are optional.

    " @@ -514,6 +607,10 @@ "SAP_ABAP" ] }, + "ApplicationTypeList":{ + "type":"list", + "member":{"shape":"ApplicationType"} + }, "Arn":{ "type":"string", "pattern":"arn:(.+:){2,4}.+$|^arn:(.+:){1,3}.+\\/.+" @@ -764,6 +861,101 @@ "ERS" ] }, + "ConfigurationCheckDefinition":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ConfigurationCheckType", + "documentation":"

    The unique identifier of the configuration check.

    " + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the configuration check.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of what the configuration check validates.

    " + }, + "ApplicableApplicationTypes":{ + "shape":"ApplicationTypeList", + "documentation":"

    The list of SSMSAP application types that this configuration check can be evaluated against.

    " + } + }, + "documentation":"

    Represents a configuration check definition supported by AWS Systems Manager for SAP.

    " + }, + "ConfigurationCheckDefinitionList":{ + "type":"list", + "member":{"shape":"ConfigurationCheckDefinition"} + }, + "ConfigurationCheckOperation":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"OperationId", + "documentation":"

    The unique identifier of the configuration check operation.

    " + }, + "ApplicationId":{ + "shape":"ApplicationId", + "documentation":"

    The ID of the application against which the configuration check was performed.

    " + }, + "Status":{ + "shape":"OperationStatus", + "documentation":"

    The current status of the configuration check operation.

    " + }, + "StatusMessage":{ + "shape":"String", + "documentation":"

    A message providing additional details about the status of the configuration check operation.

    " + }, + "ConfigurationCheckId":{ + "shape":"ConfigurationCheckType", + "documentation":"

    The unique identifier of the configuration check that was performed.

    " + }, + "ConfigurationCheckName":{ + "shape":"String", + "documentation":"

    The name of the configuration check that was performed.

    " + }, + "ConfigurationCheckDescription":{ + "shape":"String", + "documentation":"

    A description of the configuration check that was performed.

    " + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"

    The time at which the configuration check operation started.

    " + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"

    The time at which the configuration check operation completed.

    " + }, + "RuleStatusCounts":{ + "shape":"RuleStatusCounts", + "documentation":"

    A summary of all the rule results, showing counts for each status type.

    " + } + }, + "documentation":"

    Represents a configuration check operation that has been executed against an application.

    " + }, + "ConfigurationCheckOperationList":{ + "type":"list", + "member":{"shape":"ConfigurationCheckOperation"} + }, + "ConfigurationCheckOperationListingMode":{ + "type":"string", + "enum":[ + "ALL_OPERATIONS", + "LATEST_PER_CHECK" + ] + }, + "ConfigurationCheckType":{ + "type":"string", + "enum":[ + "SAP_CHECK_01", + "SAP_CHECK_02", + "SAP_CHECK_03" + ] + }, + "ConfigurationCheckTypeList":{ + "type":"list", + "member":{"shape":"ConfigurationCheckType"} + }, "ConflictException":{ "type":"structure", "members":{ @@ -969,8 +1161,7 @@ }, "DeregisterApplicationOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "Filter":{ "type":"structure", @@ -1079,6 +1270,25 @@ } } }, + "GetConfigurationCheckOperationInput":{ + "type":"structure", + "required":["OperationId"], + "members":{ + "OperationId":{ + "shape":"OperationId", + "documentation":"

    The ID of the configuration check operation.

    " + } + } + }, + "GetConfigurationCheckOperationOutput":{ + "type":"structure", + "members":{ + "ConfigurationCheckOperation":{ + "shape":"ConfigurationCheckOperation", + "documentation":"

    Returns the details of a configuration check operation.

    " + } + } + }, "GetDatabaseInput":{ "type":"structure", "members":{ @@ -1304,6 +1514,71 @@ } } }, + "ListConfigurationCheckDefinitionsInput":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    " + } + } + }, + "ListConfigurationCheckDefinitionsOutput":{ + "type":"structure", + "members":{ + "ConfigurationChecks":{ + "shape":"ConfigurationCheckDefinitionList", + "documentation":"

    The configuration check types supported by AWS Systems Manager for SAP.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

    " + } + } + }, + "ListConfigurationCheckOperationsInput":{ + "type":"structure", + "required":["ApplicationId"], + "members":{ + "ApplicationId":{ + "shape":"ApplicationId", + "documentation":"

    The ID of the application.

    " + }, + "ListMode":{ + "shape":"ConfigurationCheckOperationListingMode", + "documentation":"

    The mode for listing configuration check operations. Defaults to \"LATEST_PER_CHECK\".

    • LATEST_PER_CHECK - Will list the latest configuration check operation per check type.

    • ALL_OPERATIONS - Will list all configuration check operations performed on the application.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    " + }, + "Filters":{ + "shape":"FilterList", + "documentation":"

    The filters of an operation.

    " + } + } + }, + "ListConfigurationCheckOperationsOutput":{ + "type":"structure", + "members":{ + "ConfigurationCheckOperations":{ + "shape":"ConfigurationCheckOperationList", + "documentation":"

    The configuration check operations performed by AWS Systems Manager for SAP.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

    " + } + } + }, "ListDatabasesInput":{ "type":"structure", "members":{ @@ -1408,6 +1683,68 @@ } } }, + "ListSubCheckResultsInput":{ + "type":"structure", + "required":["OperationId"], + "members":{ + "OperationId":{ + "shape":"OperationId", + "documentation":"

    The ID of the configuration check operation.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    " + } + } + }, + "ListSubCheckResultsOutput":{ + "type":"structure", + "members":{ + "SubCheckResults":{ + "shape":"SubCheckResultList", + "documentation":"

    The sub-check results of a configuration check operation.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

    " + } + } + }, + "ListSubCheckRuleResultsInput":{ + "type":"structure", + "required":["SubCheckResultId"], + "members":{ + "SubCheckResultId":{ + "shape":"SubCheckResultId", + "documentation":"

    The ID of the sub check result.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token for the next page of results.

    " + } + } + }, + "ListSubCheckRuleResultsOutput":{ + "type":"structure", + "members":{ + "RuleResults":{ + "shape":"RuleResultList", + "documentation":"

    The rule results of a sub-check belonging to a configuration check operation.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

    " + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceArn"], @@ -1437,7 +1774,7 @@ }, "NextToken":{ "type":"string", - "pattern":".{16,1024}" + "pattern":".{16,2048}" }, "Operation":{ "type":"structure", @@ -1733,6 +2070,93 @@ "max":64, "min":1 }, + "RuleResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"RuleResultId", + "documentation":"

    The unique identifier of the rule result.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of what the rule validates.

    " + }, + "Status":{ + "shape":"RuleResultStatus", + "documentation":"

    The status of the rule result.

    " + }, + "Message":{ + "shape":"String", + "documentation":"

    A message providing details about the rule result.

    " + }, + "Metadata":{ + "shape":"RuleResultMetadata", + "documentation":"

    Additional metadata associated with the rule result.

    " + } + }, + "documentation":"

    Represents the result of a single rule within a configuration check.

    " + }, + "RuleResultId":{ + "type":"string", + "pattern":"[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?" + }, + "RuleResultList":{ + "type":"list", + "member":{"shape":"RuleResult"} + }, + "RuleResultMetadata":{ + "type":"map", + "key":{"shape":"RuleResultMetadataKey"}, + "value":{"shape":"RuleResultMetadataValue"}, + "max":50, + "min":0 + }, + "RuleResultMetadataKey":{ + "type":"string", + "max":100, + "min":1 + }, + "RuleResultMetadataValue":{ + "type":"string", + "max":1000, + "min":1 + }, + "RuleResultStatus":{ + "type":"string", + "enum":[ + "PASSED", + "FAILED", + "WARNING", + "INFO", + "UNKNOWN" + ] + }, + "RuleStatusCounts":{ + "type":"structure", + "members":{ + "Failed":{ + "shape":"Integer", + "documentation":"

    The number of rules that failed.

    " + }, + "Warning":{ + "shape":"Integer", + "documentation":"

    The number of rules that returned warnings.

    " + }, + "Info":{ + "shape":"Integer", + "documentation":"

    The number of rules that returned informational results.

    " + }, + "Passed":{ + "shape":"Integer", + "documentation":"

    The number of rules that passed.

    " + }, + "Unknown":{ + "shape":"Integer", + "documentation":"

    The number of rules with unknown status.

    " + } + }, + "documentation":"

    A summary of rule results, providing counts for each status type.

    " + }, "SAPInstanceNumber":{ "type":"string", "pattern":"[0-9]{2}" @@ -1789,6 +2213,29 @@ } } }, + "StartConfigurationChecksInput":{ + "type":"structure", + "required":["ApplicationId"], + "members":{ + "ApplicationId":{ + "shape":"ApplicationId", + "documentation":"

    The ID of the application.

    " + }, + "ConfigurationCheckIds":{ + "shape":"ConfigurationCheckTypeList", + "documentation":"

    The list of configuration checks to perform.

    " + } + } + }, + "StartConfigurationChecksOutput":{ + "type":"structure", + "members":{ + "ConfigurationCheckOperations":{ + "shape":"ConfigurationCheckOperationList", + "documentation":"

    The configuration check operations that were started.

    " + } + } + }, "StopApplicationInput":{ "type":"structure", "required":["ApplicationId"], @@ -1817,6 +2264,40 @@ } }, "String":{"type":"string"}, + "SubCheckReferencesList":{ + "type":"list", + "member":{"shape":"String"} + }, + "SubCheckResult":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"SubCheckResultId", + "documentation":"

    The unique identifier of the sub-check result.

    " + }, + "Name":{ + "shape":"String", + "documentation":"

    The name of the sub-check.

    " + }, + "Description":{ + "shape":"String", + "documentation":"

    A description of what the sub-check validates.

    " + }, + "References":{ + "shape":"SubCheckReferencesList", + "documentation":"

    A list of references or documentation links related to the sub-check.

    " + } + }, + "documentation":"

    Represents the result of a sub-check within a configuration check operation.

    " + }, + "SubCheckResultId":{ + "type":"string", + "pattern":"[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?" + }, + "SubCheckResultList":{ + "type":"list", + "member":{"shape":"SubCheckResult"} + }, "TagKey":{ "type":"string", "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" @@ -1851,8 +2332,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1895,8 +2375,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationSettingsInput":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/sso/2019-06-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sso/2019-06-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sso/2019-06-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso/2019-06-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/sso/2019-06-10/service-2.json 2.31.35-1/awscli/botocore/data/sso/2019-06-10/service-2.json --- 2.23.6-1/awscli/botocore/data/sso/2019-06-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso/2019-06-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"portal.sso", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"SSO", "serviceFullName":"AWS Single Sign-On", "serviceId":"SSO", "signatureVersion":"v4", "signingName":"awsssoportal", - "uid":"sso-2019-06-10" + "uid":"sso-2019-06-10", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetRoleCredentials":{ @@ -28,7 +30,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Returns the STS short-term credentials for a given role name that is assigned to the user.

    ", - "authtype":"none" + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "ListAccountRoles":{ "name":"ListAccountRoles", @@ -45,7 +48,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists all roles that are assigned to the user for a given AWS account.

    ", - "authtype":"none" + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "ListAccounts":{ "name":"ListAccounts", @@ -62,7 +66,8 @@ {"shape":"ResourceNotFoundException"} ], "documentation":"

    Lists all AWS accounts assigned to the user. These AWS accounts are assigned by the administrator of the account. For more information, see Assign User Access in the IAM Identity Center User Guide. This operation returns a paginated response.

    ", - "authtype":"none" + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "Logout":{ "name":"Logout", @@ -77,7 +82,8 @@ {"shape":"TooManyRequestsException"} ], "documentation":"

    Removes the locally stored SSO tokens from the client-side cache and sends an API call to the IAM Identity Center service to invalidate the corresponding server-side IAM Identity Center sign in session.

    If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set. More specifically, IAM Identity Center assumes an IAM role in the target account on behalf of the user, and the corresponding temporary AWS credentials are returned to the client.

    After user logout, any existing IAM role sessions that were created by using IAM Identity Center permission sets continue based on the duration configured in the permission set. For more information, see User authentications in the IAM Identity Center User Guide.

    ", - "authtype":"none" + "authtype":"none", + "auth":["smithy.api#noAuth"] } }, "shapes":{ diff -pruN 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/service-2.json 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/service-2.json --- 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,11 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-07-20", + "auth":["aws.auth#sigv4"], "endpointPrefix":"sso", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"SSO Admin", "serviceFullName":"AWS Single Sign-On Admin", "serviceId":"SSO Admin", @@ -88,7 +90,7 @@ {"shape":"ValidationException"}, {"shape":"ConflictException"} ], - "documentation":"

    Creates an application in IAM Identity Center for the given application provider.

    " + "documentation":"

    Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider.

    This API does not support creating SAML 2.0 customer managed applications or Amazon Web Services managed applications. To learn how to create an Amazon Web Services managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the Amazon Web Services Management Console only. See Setting up customer managed SAML 2.0 applications. For more information on these application types, see Amazon Web Services managed applications.

    " }, "CreateApplicationAssignment":{ "name":"CreateApplicationAssignment", @@ -671,6 +673,23 @@ ], "documentation":"

    Retrieves details about an application grant.

    " }, + "GetApplicationSessionConfiguration":{ + "name":"GetApplicationSessionConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetApplicationSessionConfigurationRequest"}, + "output":{"shape":"GetApplicationSessionConfigurationResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Retrieves the session configuration for an application in IAM Identity Center.

    The session configuration determines how users can access an application. This includes whether user background sessions are enabled. User background sessions allow users to start a job on a supported Amazon Web Services managed application without having to remain signed in to an active session while the job runs.

    " + }, "GetInlinePolicyForPermissionSet":{ "name":"GetInlinePolicyForPermissionSet", "http":{ @@ -771,7 +790,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

    Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to.

    " + "documentation":"

    Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to. This action must be called from the management account containing your organization instance of IAM Identity Center. This action is not valid for account instances of IAM Identity Center.

    " }, "ListAccountsForProvisionedPermissionSet":{ "name":"ListAccountsForProvisionedPermissionSet", @@ -800,8 +819,8 @@ "output":{"shape":"ListApplicationAccessScopesResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], @@ -839,7 +858,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

    Lists the applications to which a specified principal is assigned.

    " + "documentation":"

    Lists the applications to which a specified principal is assigned. You must provide a filter when calling this action from a member account against your organization instance of IAM Identity Center. A filter is not required when called from the management account against an organization instance of IAM Identity Center, or from a member account against an account instance of IAM Identity Center in the same account.

    " }, "ListApplicationAuthenticationMethods":{ "name":"ListApplicationAuthenticationMethods", @@ -851,8 +870,8 @@ "output":{"shape":"ListApplicationAuthenticationMethodsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], @@ -868,8 +887,8 @@ "output":{"shape":"ListApplicationGrantsResponse"}, "errors":[ {"shape":"ThrottlingException"}, - {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], @@ -905,7 +924,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ValidationException"} ], - "documentation":"

    Lists all applications associated with the instance of IAM Identity Center. When listing applications for an instance in the management account, member accounts must use the applicationAccount parameter to filter the list to only applications created from that account.

    " + "documentation":"

    Lists all applications associated with the instance of IAM Identity Center. When listing applications for an organization instance in the management account, member accounts must use the applicationAccount parameter to filter the list to only applications created from that account. When listing applications for an account instance in the same member account, a filter is not required.

    " }, "ListCustomerManagedPolicyReferencesInPermissionSet":{ "name":"ListCustomerManagedPolicyReferencesInPermissionSet", @@ -1129,7 +1148,26 @@ {"shape":"ValidationException"}, {"shape":"ConflictException"} ], - "documentation":"

    Adds a grant to an application.

    ", + "documentation":"

    Creates a configuration for an application to use grants. Conceptually grants are authorization to request actions related to tokens. This configuration will be used when parties are requesting and receiving tokens during the trusted identity propagation process. For more information on the IAM Identity Center supported grant workflows, see SAML 2.0 and OAuth 2.0.

    A grant is created between your applications and Identity Center instance which enables an application to use specified mechanisms to obtain tokens. These tokens are used by your applications to gain access to Amazon Web Services resources on behalf of users. The following elements are within these exchanges:

    • Requester - The application requesting access to Amazon Web Services resources.

    • Subject - Typically the user that is requesting access to Amazon Web Services resources.

    • Grant - Conceptually, a grant is authorization to access Amazon Web Services resources. These grants authorize token generation for authenticating access to the requester and for the request to make requests on behalf of the subjects. There are four types of grants:

      • AuthorizationCode - Allows an application to request authorization through a series of user-agent redirects.

      • JWT bearer - Authorizes an application to exchange a JSON Web Token that came from an external identity provider. To learn more, see RFC 6479.

      • Refresh token - Enables application to request new access tokens to replace expiring or expired access tokens.

      • Exchange token - A grant that requests tokens from the authorization server by providing a ‘subject’ token with access scope authorizing trusted identity propagation to this application. To learn more, see RFC 8693.

    • Authorization server - IAM Identity Center requests tokens.

    User credentials are never shared directly within these exchanges. Instead, applications use grants to request access tokens from IAM Identity Center. For more information, see RFC 6479.

    Use cases

    • Connecting to custom applications.

    • Configuring an Amazon Web Services service to make calls to another Amazon Web Services services using JWT tokens.

    ", + "idempotent":true + }, + "PutApplicationSessionConfiguration":{ + "name":"PutApplicationSessionConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"PutApplicationSessionConfigurationRequest"}, + "output":{"shape":"PutApplicationSessionConfigurationResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Updates the session configuration for an application in IAM Identity Center.

    The session configuration determines how users can access an application. This includes whether user background sessions are enabled. User background sessions allow users to start a job on a supported Amazon Web Services managed application without having to remain signed in to an active session while the job runs.

    ", "idempotent":true }, "PutInlinePolicyToPermissionSet":{ @@ -1235,6 +1273,7 @@ "errors":[ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"ConflictException"} @@ -1319,7 +1358,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]+$" + "pattern":"[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]+" }, "AccessControlAttributeList":{ "type":"list", @@ -1342,7 +1381,7 @@ "type":"string", "max":256, "min":0, - "pattern":"^[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@\\[\\]\\{\\}\\$\\\\\"]*$" + "pattern":"[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@\\[\\]\\{\\}\\$\\\\\"]*" }, "AccessControlAttributeValueSourceList":{ "type":"list", @@ -1353,12 +1392,20 @@ "AccessDeniedException":{ "type":"structure", "members":{ - "Message":{"shape":"AccessDeniedExceptionMessage"} + "Message":{"shape":"AccessDeniedExceptionMessage"}, + "Reason":{ + "shape":"AccessDeniedExceptionReason", + "documentation":"

    The reason for the access denied exception.

    " + } }, "documentation":"

    You do not have sufficient access to perform this action.

    ", "exception":true }, "AccessDeniedExceptionMessage":{"type":"string"}, + "AccessDeniedExceptionReason":{ + "type":"string", + "enum":["KMS_AccessDeniedException"] + }, "AccountAssignment":{ "type":"structure", "members":{ @@ -1370,13 +1417,13 @@ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "PrincipalId":{ - "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " - }, "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    The entity type for which the assignment will be created.

    " + }, + "PrincipalId":{ + "shape":"PrincipalId", + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " } }, "documentation":"

    The assignment that indicates a principal's limited access to a specified Amazon Web Services account with a specified permission set.

    The term principal here refers to a user or group that is defined in IAM Identity Center.

    " @@ -1414,41 +1461,41 @@ "AccountAssignmentOperationStatus":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date that the permission set was created.

    " + "Status":{ + "shape":"StatusValues", + "documentation":"

    The status of the permission set provisioning process.

    " + }, + "RequestId":{ + "shape":"UUId", + "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " }, "FailureReason":{ "shape":"Reason", "documentation":"

    The message that contains an error or exception in case of an operation failure.

    " }, + "TargetId":{ + "shape":"TargetId", + "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " + }, + "TargetType":{ + "shape":"TargetType", + "documentation":"

    The entity type for which the assignment will be created.

    " + }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "PrincipalId":{ - "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " - }, "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    The entity type for which the assignment will be created.

    " }, - "RequestId":{ - "shape":"UUId", - "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " - }, - "Status":{ - "shape":"StatusValues", - "documentation":"

    The status of the permission set provisioning process.

    " - }, - "TargetId":{ - "shape":"TargetId", - "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " + "PrincipalId":{ + "shape":"PrincipalId", + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " }, - "TargetType":{ - "shape":"TargetType", - "documentation":"

    The entity type for which the assignment will be created.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date that the permission set was created.

    " } }, "documentation":"

    The status of the creation or deletion operation of an assignment that a principal needs to access an account.

    " @@ -1460,17 +1507,17 @@ "AccountAssignmentOperationStatusMetadata":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date that the permission set was created.

    " + "Status":{ + "shape":"StatusValues", + "documentation":"

    The status of the permission set provisioning process.

    " }, "RequestId":{ "shape":"UUId", "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " }, - "Status":{ - "shape":"StatusValues", - "documentation":"

    The status of the permission set provisioning process.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date that the permission set was created.

    " } }, "documentation":"

    Provides information about the AccountAssignment creation request.

    " @@ -1479,7 +1526,7 @@ "type":"string", "max":12, "min":12, - "pattern":"^\\d{12}$" + "pattern":"\\d{12}" }, "AccountList":{ "type":"list", @@ -1487,17 +1534,12 @@ }, "ActorPolicyDocument":{ "type":"structure", - "members":{ - }, + "members":{}, "document":true }, "Application":{ "type":"structure", "members":{ - "ApplicationAccount":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID number of the application.

    " - }, "ApplicationArn":{ "shape":"ApplicationArn", "documentation":"

    The ARN of the application.

    " @@ -1506,29 +1548,33 @@ "shape":"ApplicationProviderArn", "documentation":"

    The ARN of the application provider for this application.

    " }, - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date and time when the application was originally created.

    " + "Name":{ + "shape":"ApplicationNameType", + "documentation":"

    The name of the application.

    " }, - "Description":{ - "shape":"Description", - "documentation":"

    The description of the application.

    " + "ApplicationAccount":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID number of the application.

    " }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the instance of IAM Identity Center that is configured with this application.

    " }, - "Name":{ - "shape":"NameType", - "documentation":"

    The name of the application.

    " + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    The current status of the application in this instance of IAM Identity Center.

    " }, "PortalOptions":{ "shape":"PortalOptions", "documentation":"

    A structure that describes the options for the access portal associated with this application.

    " }, - "Status":{ - "shape":"ApplicationStatus", - "documentation":"

    The current status of the application in this instance of IAM Identity Center.

    " + "Description":{ + "shape":"Description", + "documentation":"

    The description of the application.

    " + }, + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date and time when the application was originally created.

    " } }, "documentation":"

    A structure that describes an application that uses IAM Identity Center for access management.

    " @@ -1537,7 +1583,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}" }, "ApplicationAssignment":{ "type":"structure", @@ -1594,6 +1640,12 @@ "max":50, "min":0 }, + "ApplicationNameType":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[\\S\\s]*" + }, "ApplicationProvider":{ "type":"structure", "required":["ApplicationProviderArn"], @@ -1602,14 +1654,14 @@ "shape":"ApplicationProviderArn", "documentation":"

    The ARN of the application provider.

    " }, - "DisplayData":{ - "shape":"DisplayData", - "documentation":"

    A structure that describes how IAM Identity Center represents the application provider in the portal.

    " - }, "FederationProtocol":{ "shape":"FederationProtocol", "documentation":"

    The protocol that the application provider uses to perform federation.

    " }, + "DisplayData":{ + "shape":"DisplayData", + "documentation":"

    A structure that describes how IAM Identity Center represents the application provider in the portal.

    " + }, "ResourceServerConfig":{ "shape":"ResourceServerConfig", "documentation":"

    A structure that describes the application provider's resource server.

    " @@ -1621,7 +1673,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::aws:applicationProvider/[a-zA-Z0-9-/]+$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::aws:applicationProvider/[a-zA-Z0-9-/]+" }, "ApplicationProviderList":{ "type":"list", @@ -1638,7 +1690,7 @@ "type":"string", "max":512, "min":1, - "pattern":"^http(s)?:\\/\\/[-a-zA-Z0-9+&@#\\/%?=~_|!:,.;]*[-a-zA-Z0-9+&bb@#\\/%?=~_|]$" + "pattern":"http(s)?:\\/\\/[-a-zA-Z0-9+&@#\\/%?=~_|!:,.;]*[-a-zA-Z0-9+&bb@#\\/%?=~_|]" }, "ApplicationVisibility":{ "type":"string", @@ -1654,15 +1706,11 @@ "AttachCustomerManagedPolicyReferenceToPermissionSetRequest":{ "type":"structure", "required":[ - "CustomerManagedPolicyReference", "InstanceArn", - "PermissionSetArn" + "PermissionSetArn", + "CustomerManagedPolicyReference" ], "members":{ - "CustomerManagedPolicyReference":{ - "shape":"CustomerManagedPolicyReference", - "documentation":"

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed.

    " @@ -1670,54 +1718,56 @@ "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the PermissionSet.

    " + }, + "CustomerManagedPolicyReference":{ + "shape":"CustomerManagedPolicyReference", + "documentation":"

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    " } } }, "AttachCustomerManagedPolicyReferenceToPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachManagedPolicyToPermissionSetRequest":{ "type":"structure", "required":[ "InstanceArn", - "ManagedPolicyArn", - "PermissionSetArn" + "PermissionSetArn", + "ManagedPolicyArn" ], "members":{ "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "ManagedPolicyArn":{ - "shape":"ManagedPolicyArn", - "documentation":"

    The Amazon Web Services managed policy ARN to be attached to a permission set.

    " - }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the PermissionSet that the managed policy should be attached to.

    " + }, + "ManagedPolicyArn":{ + "shape":"ManagedPolicyArn", + "documentation":"

    The Amazon Web Services managed policy ARN to be attached to a permission set.

    " } } }, "AttachManagedPolicyToPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AttachedManagedPolicy":{ "type":"structure", "members":{ - "Arn":{ - "shape":"ManagedPolicyArn", - "documentation":"

    The ARN of the Amazon Web Services managed policy. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " - }, "Name":{ "shape":"Name", "documentation":"

    The name of the Amazon Web Services managed policy.

    " + }, + "Arn":{ + "shape":"ManagedPolicyArn", + "documentation":"

    The ARN of the Amazon Web Services managed policy. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " } }, - "documentation":"

    A structure that stores the details of the Amazon Web Services managed policy.

    " + "documentation":"

    A structure that stores a list of managed policy ARNs that describe the associated Amazon Web Services managed policy.

    " }, "AttachedManagedPolicyList":{ "type":"list", @@ -1737,13 +1787,13 @@ "AuthenticationMethodItem":{ "type":"structure", "members":{ - "AuthenticationMethod":{ - "shape":"AuthenticationMethod", - "documentation":"

    A structure that describes an authentication method. The contents of this structure is determined by the AuthenticationMethodType.

    " - }, "AuthenticationMethodType":{ "shape":"AuthenticationMethodType", "documentation":"

    The type of authentication that is used by this method.

    " + }, + "AuthenticationMethod":{ + "shape":"AuthenticationMethod", + "documentation":"

    A structure that describes an authentication method. The contents of this structure is determined by the AuthenticationMethodType.

    " } }, "documentation":"

    A structure that describes an authentication method and its type.

    " @@ -1761,7 +1811,7 @@ "members":{ "RedirectUris":{ "shape":"RedirectUris", - "documentation":"

    A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

    " + "documentation":"

    A list of URIs that are valid locations to redirect a user's browser after the user is authorized.

    RedirectUris is required when the grant type is authorization_code.

    " } }, "documentation":"

    A structure that defines configuration settings for an application that supports the OAuth 2.0 Authorization Code Grant.

    " @@ -1769,13 +1819,13 @@ "AuthorizedTokenIssuer":{ "type":"structure", "members":{ - "AuthorizedAudiences":{ - "shape":"TokenIssuerAudiences", - "documentation":"

    An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

    " - }, "TrustedTokenIssuerArn":{ "shape":"TrustedTokenIssuerArn", "documentation":"

    The ARN of the trusted token issuer.

    " + }, + "AuthorizedAudiences":{ + "shape":"TokenIssuerAudiences", + "documentation":"

    An array list of authorized audiences, or applications, that can consume the tokens generated by the associated trusted token issuer.

    " } }, "documentation":"

    A structure that describes a trusted token issuer and associates it with a set of authorized audiences.

    " @@ -1790,13 +1840,13 @@ "type":"string", "max":255, "min":1, - "pattern":"^\\p{L}+(?:(\\.|\\_)\\p{L}+){0,2}$" + "pattern":"\\p{L}+(?:(\\.|\\_)\\p{L}+){0,2}" }, "ClientToken":{ "type":"string", "max":64, "min":1, - "pattern":"^[!-~]+$" + "pattern":"[!-~]+" }, "ConflictException":{ "type":"structure", @@ -1811,36 +1861,36 @@ "type":"structure", "required":[ "InstanceArn", + "TargetId", + "TargetType", "PermissionSetArn", - "PrincipalId", "PrincipalType", - "TargetId", - "TargetType" + "PrincipalId" ], "members":{ "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, + "TargetId":{ + "shape":"TargetId", + "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " + }, + "TargetType":{ + "shape":"TargetType", + "documentation":"

    The entity type for which the assignment will be created.

    " + }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set that the admin wants to grant the principal access to.

    " }, - "PrincipalId":{ - "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " - }, "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    The entity type for which the assignment will be created.

    " }, - "TargetId":{ - "shape":"TargetId", - "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " - }, - "TargetType":{ - "shape":"TargetType", - "documentation":"

    The entity type for which the assignment will be created.

    " + "PrincipalId":{ + "shape":"PrincipalId", + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " } } }, @@ -1863,11 +1913,11 @@ "members":{ "ApplicationArn":{ "shape":"ApplicationArn", - "documentation":"

    The ARN of the application provider under which the operation will run.

    " + "documentation":"

    The ARN of the application for which the assignment is created.

    " }, "PrincipalId":{ "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " }, "PrincipalType":{ "shape":"PrincipalType", @@ -1877,49 +1927,48 @@ }, "CreateApplicationAssignmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateApplicationRequest":{ "type":"structure", "required":[ - "ApplicationProviderArn", "InstanceArn", + "ApplicationProviderArn", "Name" ], "members":{ + "InstanceArn":{ + "shape":"InstanceArn", + "documentation":"

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + }, "ApplicationProviderArn":{ "shape":"ApplicationProviderArn", "documentation":"

    The ARN of the application provider under which the operation will run.

    " }, - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

    ", - "idempotencyToken":true + "Name":{ + "shape":"ApplicationNameType", + "documentation":"

    The name of the .

    " }, "Description":{ "shape":"Description", "documentation":"

    The description of the .

    " }, - "InstanceArn":{ - "shape":"InstanceArn", - "documentation":"

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " - }, - "Name":{ - "shape":"NameType", - "documentation":"

    The name of the .

    " - }, "PortalOptions":{ "shape":"PortalOptions", "documentation":"

    A structure that describes the options for the portal associated with an application.

    " }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Specifies tags to be attached to the application.

    " + }, "Status":{ "shape":"ApplicationStatus", "documentation":"

    Specifies whether the application is enabled or disabled.

    " }, - "Tags":{ - "shape":"TagList", - "documentation":"

    Specifies tags to be attached to the application.

    " + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

    ", + "idempotencyToken":true } } }, @@ -1935,37 +1984,36 @@ "CreateInstanceAccessControlAttributeConfigurationRequest":{ "type":"structure", "required":[ - "InstanceAccessControlAttributeConfiguration", - "InstanceArn" + "InstanceArn", + "InstanceAccessControlAttributeConfiguration" ], "members":{ - "InstanceAccessControlAttributeConfiguration":{ - "shape":"InstanceAccessControlAttributeConfiguration", - "documentation":"

    Specifies the IAM Identity Center identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center will replace the attribute value with the value from the IAM Identity Center identity store.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed.

    " + }, + "InstanceAccessControlAttributeConfiguration":{ + "shape":"InstanceAccessControlAttributeConfiguration", + "documentation":"

    Specifies the IAM Identity Center identity store attributes to add to your ABAC configuration. When using an external identity provider as an identity source, you can pass attributes through the SAML assertion. Doing so provides an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center will replace the attribute value with the value from the IAM Identity Center identity store.

    " } } }, "CreateInstanceAccessControlAttributeConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateInstanceRequest":{ "type":"structure", "members":{ + "Name":{ + "shape":"NameType", + "documentation":"

    The name of the instance of IAM Identity Center.

    " + }, "ClientToken":{ "shape":"ClientToken", "documentation":"

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

    ", "idempotencyToken":true }, - "Name":{ - "shape":"NameType", - "documentation":"

    The name of the instance of IAM Identity Center.

    " - }, "Tags":{ "shape":"TagList", "documentation":"

    Specifies tags to be attached to the instance of IAM Identity Center.

    " @@ -1984,10 +2032,14 @@ "CreatePermissionSetRequest":{ "type":"structure", "required":[ - "InstanceArn", - "Name" + "Name", + "InstanceArn" ], "members":{ + "Name":{ + "shape":"PermissionSetName", + "documentation":"

    The name of the PermissionSet.

    " + }, "Description":{ "shape":"PermissionSetDescription", "documentation":"

    The description of the PermissionSet.

    " @@ -1996,18 +2048,14 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "Name":{ - "shape":"PermissionSetName", - "documentation":"

    The name of the PermissionSet.

    " + "SessionDuration":{ + "shape":"Duration", + "documentation":"

    The length of time that the application user sessions are valid in the ISO-8601 standard.

    " }, "RelayState":{ "shape":"RelayState", "documentation":"

    Used to redirect users within the application during the federation authentication process.

    " }, - "SessionDuration":{ - "shape":"Duration", - "documentation":"

    The length of time that the application user sessions are valid in the ISO-8601 standard.

    " - }, "Tags":{ "shape":"TagList", "documentation":"

    The tags to attach to the new PermissionSet.

    " @@ -2028,15 +2076,10 @@ "required":[ "InstanceArn", "Name", - "TrustedTokenIssuerConfiguration", - "TrustedTokenIssuerType" + "TrustedTokenIssuerType", + "TrustedTokenIssuerConfiguration" ], "members":{ - "ClientToken":{ - "shape":"ClientToken", - "documentation":"

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

    ", - "idempotencyToken":true - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    Specifies the ARN of the instance of IAM Identity Center to contain the new trusted token issuer configuration.

    " @@ -2045,17 +2088,22 @@ "shape":"TrustedTokenIssuerName", "documentation":"

    Specifies the name of the new trusted token issuer configuration.

    " }, - "Tags":{ - "shape":"TagList", - "documentation":"

    Specifies tags to be attached to the new trusted token issuer configuration.

    " + "TrustedTokenIssuerType":{ + "shape":"TrustedTokenIssuerType", + "documentation":"

    Specifies the type of the new trusted token issuer.

    " }, "TrustedTokenIssuerConfiguration":{ "shape":"TrustedTokenIssuerConfiguration", "documentation":"

    Specifies settings that apply to the new trusted token issuer configuration. The settings that are available depend on what TrustedTokenIssuerType you specify.

    " }, - "TrustedTokenIssuerType":{ - "shape":"TrustedTokenIssuerType", - "documentation":"

    Specifies the type of the new trusted token issuer.

    " + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

    If you don't provide this value, then Amazon Web Services generates a random one for you.

    If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Specifies tags to be attached to the new trusted token issuer configuration.

    " } } }, @@ -2092,36 +2140,36 @@ "type":"structure", "required":[ "InstanceArn", + "TargetId", + "TargetType", "PermissionSetArn", - "PrincipalId", "PrincipalType", - "TargetId", - "TargetType" + "PrincipalId" ], "members":{ "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, + "TargetId":{ + "shape":"TargetId", + "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " + }, + "TargetType":{ + "shape":"TargetType", + "documentation":"

    The entity type for which the assignment will be deleted.

    " + }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set that will be used to remove access.

    " }, - "PrincipalId":{ - "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " - }, "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    The entity type for which the assignment will be deleted.

    " }, - "TargetId":{ - "shape":"TargetId", - "documentation":"

    TargetID is an Amazon Web Services account identifier, (For example, 123456789012).

    " - }, - "TargetType":{ - "shape":"TargetType", - "documentation":"

    The entity type for which the assignment will be deleted.

    " + "PrincipalId":{ + "shape":"PrincipalId", + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " } } }, @@ -2165,7 +2213,7 @@ }, "PrincipalId":{ "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " }, "PrincipalType":{ "shape":"PrincipalType", @@ -2175,8 +2223,7 @@ }, "DeleteApplicationAssignmentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteApplicationAuthenticationMethodRequest":{ "type":"structure", @@ -2224,8 +2271,7 @@ }, "DeleteApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInlinePolicyFromPermissionSetRequest":{ "type":"structure", @@ -2246,8 +2292,7 @@ }, "DeleteInlinePolicyFromPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInstanceAccessControlAttributeConfigurationRequest":{ "type":"structure", @@ -2261,8 +2306,7 @@ }, "DeleteInstanceAccessControlAttributeConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteInstanceRequest":{ "type":"structure", @@ -2276,8 +2320,7 @@ }, "DeleteInstanceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePermissionSetRequest":{ "type":"structure", @@ -2298,8 +2341,7 @@ }, "DeletePermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePermissionsBoundaryFromPermissionSetRequest":{ "type":"structure", @@ -2320,8 +2362,7 @@ }, "DeletePermissionsBoundaryFromPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTrustedTokenIssuerRequest":{ "type":"structure", @@ -2335,23 +2376,22 @@ }, "DeleteTrustedTokenIssuerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountAssignmentCreationStatusRequest":{ "type":"structure", "required":[ - "AccountAssignmentCreationRequestId", - "InstanceArn" + "InstanceArn", + "AccountAssignmentCreationRequestId" ], "members":{ - "AccountAssignmentCreationRequestId":{ - "shape":"UUId", - "documentation":"

    The identifier that is used to track the request operation progress.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + }, + "AccountAssignmentCreationRequestId":{ + "shape":"UUId", + "documentation":"

    The identifier that is used to track the request operation progress.

    " } } }, @@ -2367,17 +2407,17 @@ "DescribeAccountAssignmentDeletionStatusRequest":{ "type":"structure", "required":[ - "AccountAssignmentDeletionRequestId", - "InstanceArn" + "InstanceArn", + "AccountAssignmentDeletionRequestId" ], "members":{ - "AccountAssignmentDeletionRequestId":{ - "shape":"UUId", - "documentation":"

    The identifier that is used to track the request operation progress.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + }, + "AccountAssignmentDeletionRequestId":{ + "shape":"UUId", + "documentation":"

    The identifier that is used to track the request operation progress.

    " } } }, @@ -2404,7 +2444,7 @@ }, "PrincipalId":{ "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " }, "PrincipalType":{ "shape":"PrincipalType", @@ -2415,17 +2455,17 @@ "DescribeApplicationAssignmentResponse":{ "type":"structure", "members":{ - "ApplicationArn":{ - "shape":"ApplicationArn", - "documentation":"

    Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + "PrincipalType":{ + "shape":"PrincipalType", + "documentation":"

    The entity type for which the assignment will be created.

    " }, "PrincipalId":{ "shape":"PrincipalId", - "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " + "documentation":"

    An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.

    " }, - "PrincipalType":{ - "shape":"PrincipalType", - "documentation":"

    The entity type for which the assignment will be created.

    " + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " } } }, @@ -2447,14 +2487,14 @@ "shape":"ApplicationProviderArn", "documentation":"

    The ARN of the application provider.

    " }, - "DisplayData":{ - "shape":"DisplayData", - "documentation":"

    A structure with details about the display data for the application provider.

    " - }, "FederationProtocol":{ "shape":"FederationProtocol", "documentation":"

    The protocol used to federate to the application provider.

    " }, + "DisplayData":{ + "shape":"DisplayData", + "documentation":"

    A structure with details about the display data for the application provider.

    " + }, "ResourceServerConfig":{ "shape":"ResourceServerConfig", "documentation":"

    A structure with details about the receiving application.

    " @@ -2474,10 +2514,6 @@ "DescribeApplicationResponse":{ "type":"structure", "members":{ - "ApplicationAccount":{ - "shape":"AccountId", - "documentation":"

    The account ID.

    " - }, "ApplicationArn":{ "shape":"ApplicationArn", "documentation":"

    Specifies the ARN of the application.

    " @@ -2486,29 +2522,33 @@ "shape":"ApplicationProviderArn", "documentation":"

    The ARN of the application provider under which the operation will run.

    " }, - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date the application was created.

    " + "Name":{ + "shape":"ApplicationNameType", + "documentation":"

    The application name.

    " }, - "Description":{ - "shape":"Description", - "documentation":"

    The description of the .

    " + "ApplicationAccount":{ + "shape":"AccountId", + "documentation":"

    The account ID.

    " }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center application under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "Name":{ - "shape":"NameType", - "documentation":"

    The application name.

    " + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    Specifies whether the application is enabled or disabled.

    " }, "PortalOptions":{ "shape":"PortalOptions", "documentation":"

    A structure that describes the options for the portal associated with an application.

    " }, - "Status":{ - "shape":"ApplicationStatus", - "documentation":"

    Specifies whether the application is enabled or disabled.

    " + "Description":{ + "shape":"Description", + "documentation":"

    The description of the .

    " + }, + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date the application was created.

    " } } }, @@ -2525,10 +2565,6 @@ "DescribeInstanceAccessControlAttributeConfigurationResponse":{ "type":"structure", "members":{ - "InstanceAccessControlAttributeConfiguration":{ - "shape":"InstanceAccessControlAttributeConfiguration", - "documentation":"

    Gets the list of IAM Identity Center identity store attributes that have been added to your ABAC configuration.

    " - }, "Status":{ "shape":"InstanceAccessControlAttributeConfigurationStatus", "documentation":"

    The status of the attribute configuration process.

    " @@ -2536,6 +2572,10 @@ "StatusReason":{ "shape":"InstanceAccessControlAttributeConfigurationStatusReason", "documentation":"

    Provides more details about the current status of the specified attribute.

    " + }, + "InstanceAccessControlAttributeConfiguration":{ + "shape":"InstanceAccessControlAttributeConfiguration", + "documentation":"

    Gets the list of IAM Identity Center identity store attributes that have been added to your ABAC configuration.

    " } } }, @@ -2552,29 +2592,37 @@ "DescribeInstanceResponse":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date the instance was created.

    " + "InstanceArn":{ + "shape":"InstanceArn", + "documentation":"

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, "IdentityStoreId":{ "shape":"Id", "documentation":"

    The identifier of the identity store that is connected to the instance of IAM Identity Center.

    " }, - "InstanceArn":{ - "shape":"InstanceArn", - "documentation":"

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + "OwnerAccountId":{ + "shape":"AccountId", + "documentation":"

    The identifier of the Amazon Web Services account for which the instance was created.

    " }, "Name":{ "shape":"NameType", "documentation":"

    Specifies the instance name.

    " }, - "OwnerAccountId":{ - "shape":"AccountId", - "documentation":"

    The identifier of the Amazon Web Services account for which the instance was created.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date the instance was created.

    " }, "Status":{ "shape":"InstanceStatus", "documentation":"

    The status of the instance.

    " + }, + "StatusReason":{ + "shape":"Reason", + "documentation":"

    Provides additional context about the current status of the IAM Identity Center instance. This field is particularly useful when an instance is in a non-ACTIVE state, such as CREATE_FAILED. When an instance fails to create or update, this field contains information about the cause, which may include issues with KMS key configuration, permission problems with the specified KMS key, or service-related errors.

    " + }, + "EncryptionConfigurationDetails":{ + "shape":"EncryptionConfigurationDetails", + "documentation":"

    Contains the encryption configuration for your IAM Identity Center instance, including the encryption status, KMS key type, and KMS key ARN.

    " } } }, @@ -2643,21 +2691,21 @@ "DescribeTrustedTokenIssuerResponse":{ "type":"structure", "members":{ - "Name":{ - "shape":"TrustedTokenIssuerName", - "documentation":"

    The name of the trusted token issuer configuration.

    " - }, "TrustedTokenIssuerArn":{ "shape":"TrustedTokenIssuerArn", "documentation":"

    The ARN of the trusted token issuer configuration.

    " }, - "TrustedTokenIssuerConfiguration":{ - "shape":"TrustedTokenIssuerConfiguration", - "documentation":"

    A structure the describes the settings that apply of this trusted token issuer.

    " + "Name":{ + "shape":"TrustedTokenIssuerName", + "documentation":"

    The name of the trusted token issuer configuration.

    " }, "TrustedTokenIssuerType":{ "shape":"TrustedTokenIssuerType", "documentation":"

    The type of the trusted token issuer.

    " + }, + "TrustedTokenIssuerConfiguration":{ + "shape":"TrustedTokenIssuerConfiguration", + "documentation":"

    A structure the describes the settings that apply of this trusted token issuer.

    " } } }, @@ -2669,15 +2717,11 @@ "DetachCustomerManagedPolicyReferenceFromPermissionSetRequest":{ "type":"structure", "required":[ - "CustomerManagedPolicyReference", "InstanceArn", - "PermissionSetArn" + "PermissionSetArn", + "CustomerManagedPolicyReference" ], "members":{ - "CustomerManagedPolicyReference":{ - "shape":"CustomerManagedPolicyReference", - "documentation":"

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed.

    " @@ -2685,48 +2729,46 @@ "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the PermissionSet.

    " + }, + "CustomerManagedPolicyReference":{ + "shape":"CustomerManagedPolicyReference", + "documentation":"

    Specifies the name and path of a customer managed policy. You must have an IAM policy that matches the name and path in each Amazon Web Services account where you want to deploy your permission set.

    " } } }, "DetachCustomerManagedPolicyReferenceFromPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DetachManagedPolicyFromPermissionSetRequest":{ "type":"structure", "required":[ "InstanceArn", - "ManagedPolicyArn", - "PermissionSetArn" + "PermissionSetArn", + "ManagedPolicyArn" ], "members":{ "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "ManagedPolicyArn":{ - "shape":"ManagedPolicyArn", - "documentation":"

    The Amazon Web Services managed policy ARN to be detached from a permission set.

    " - }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the PermissionSet from which the policy should be detached.

    " + }, + "ManagedPolicyArn":{ + "shape":"ManagedPolicyArn", + "documentation":"

    The Amazon Web Services managed policy ARN to be detached from a permission set.

    " } } }, "DetachManagedPolicyFromPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisplayData":{ "type":"structure", "members":{ - "Description":{ - "shape":"Description", - "documentation":"

    The description of the application provider that appears in the portal.

    " - }, "DisplayName":{ "shape":"Name", "documentation":"

    The name of the application provider that appears in the portal.

    " @@ -2734,6 +2776,10 @@ "IconUrl":{ "shape":"IconUrl", "documentation":"

    A URL that points to an icon that represents the application provider.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    The description of the application provider that appears in the portal.

    " } }, "documentation":"

    A structure that describes how the portal represents an application provider.

    " @@ -2742,7 +2788,44 @@ "type":"string", "max":100, "min":1, - "pattern":"^(-?)P(?=\\d|T\\d)(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)([DW]))?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+(?:\\.\\d+)?)S)?)?$" + "pattern":"(-?)P(?=\\d|T\\d)(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)([DW]))?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+(?:\\.\\d+)?)S)?)?" + }, + "EncryptionConfiguration":{ + "type":"structure", + "required":["KeyType"], + "members":{ + "KeyType":{ + "shape":"KmsKeyType", + "documentation":"

    The type of KMS key used for encryption.

    " + }, + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The ARN of the KMS key used to encrypt data. Required when KeyType is CUSTOMER_MANAGED_KEY. Cannot be specified when KeyType is AWS_OWNED_KMS_KEY.

    " + } + }, + "documentation":"

    A structure that specifies the KMS key type and KMS key ARN used to encrypt data in your IAM Identity Center instance.

    " + }, + "EncryptionConfigurationDetails":{ + "type":"structure", + "members":{ + "KeyType":{ + "shape":"KmsKeyType", + "documentation":"

    The type of KMS key used for encryption.

    " + }, + "KmsKeyArn":{ + "shape":"KmsKeyArn", + "documentation":"

    The ARN of the KMS key currently used to encrypt data in your IAM Identity Center instance.

    " + }, + "EncryptionStatus":{ + "shape":"KmsKeyStatus", + "documentation":"

    The current status of encryption configuration.

    " + }, + "EncryptionStatusReason":{ + "shape":"Reason", + "documentation":"

    Provides additional context about the current encryption status. This field is particularly useful when the encryption status is UPDATE_FAILED. When encryption configuration update fails, this field contains information about the cause, which may include KMS key access issues, key not found errors, invalid key configuration, key in an invalid state, or a disabled key.

    " + } + }, + "documentation":"

    The encryption configuration of your IAM Identity Center instance, including the key type, KMS key ARN, and current encryption status.

    " }, "FederationProtocol":{ "type":"string", @@ -2772,13 +2855,13 @@ "type":"structure", "required":["Scope"], "members":{ - "AuthorizedTargets":{ - "shape":"ScopeTargets", - "documentation":"

    An array of authorized targets associated with this access scope.

    " - }, "Scope":{ "shape":"Scope", "documentation":"

    The name of the access scope that can be used with the authorized targets.

    " + }, + "AuthorizedTargets":{ + "shape":"ScopeTargets", + "documentation":"

    An array of authorized targets associated with this access scope.

    " } } }, @@ -2855,6 +2938,25 @@ } } }, + "GetApplicationSessionConfigurationRequest":{ + "type":"structure", + "required":["ApplicationArn"], + "members":{ + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the application for which to retrieve the session configuration.

    " + } + } + }, + "GetApplicationSessionConfigurationResponse":{ + "type":"structure", + "members":{ + "UserBackgroundSessionApplicationStatus":{ + "shape":"UserBackgroundSessionApplicationStatus", + "documentation":"

    The status of user background sessions for the application.

    " + } + } + }, "GetInlinePolicyForPermissionSetRequest":{ "type":"structure", "required":[ @@ -2933,17 +3035,17 @@ "GrantItem":{ "type":"structure", "required":[ - "Grant", - "GrantType" + "GrantType", + "Grant" ], "members":{ - "Grant":{ - "shape":"Grant", - "documentation":"

    The configuration structure for the selected grant.

    " - }, "GrantType":{ "shape":"GrantType", "documentation":"

    The type of the selected grant.

    " + }, + "Grant":{ + "shape":"Grant", + "documentation":"

    The configuration structure for the selected grant.

    " } }, "documentation":"

    A structure that defines a single grant and its configuration.

    " @@ -2976,13 +3078,13 @@ "type":"string", "max":768, "min":1, - "pattern":"^(http|https):\\/\\/.*$" + "pattern":"(http|https):\\/\\/.*" }, "Id":{ "type":"string", "max":64, "min":1, - "pattern":"^[a-zA-Z0-9-]*$" + "pattern":"[a-zA-Z0-9-]*" }, "InstanceAccessControlAttributeConfiguration":{ "type":"structure", @@ -3008,7 +3110,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}" }, "InstanceList":{ "type":"list", @@ -3019,29 +3121,33 @@ "InstanceMetadata":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date and time that the Identity Center instance was created.

    " + "InstanceArn":{ + "shape":"InstanceArn", + "documentation":"

    The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, "IdentityStoreId":{ "shape":"Id", "documentation":"

    The identifier of the identity store that is connected to the Identity Center instance.

    " }, - "InstanceArn":{ - "shape":"InstanceArn", - "documentation":"

    The ARN of the Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + "OwnerAccountId":{ + "shape":"AccountId", + "documentation":"

    The Amazon Web Services account ID number of the owner of the Identity Center instance.

    " }, "Name":{ "shape":"NameType", "documentation":"

    The name of the Identity Center instance.

    " }, - "OwnerAccountId":{ - "shape":"AccountId", - "documentation":"

    The Amazon Web Services account ID number of the owner of the Identity Center instance.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date and time that the Identity Center instance was created.

    " }, "Status":{ "shape":"InstanceStatus", "documentation":"

    The current status of this Identity Center instance.

    " + }, + "StatusReason":{ + "shape":"Reason", + "documentation":"

    Provides additional context about the current status of the IAM Identity Center instance. This field is particularly useful when an instance is in a non-ACTIVE state, such as CREATE_FAILED. When an instance creation fails, this field contains information about the cause, which may include issues with KMS key configuration or insufficient permissions.

    " } }, "documentation":"

    Provides information about the IAM Identity Center instance.

    " @@ -3050,6 +3156,7 @@ "type":"string", "enum":[ "CREATE_IN_PROGRESS", + "CREATE_FAILED", "DELETE_IN_PROGRESS", "ACTIVE" ] @@ -3068,7 +3175,7 @@ "type":"string", "max":255, "min":1, - "pattern":"^\\p{L}+(?:\\.\\p{L}+){0,2}$" + "pattern":"\\p{L}+(?:\\.\\p{L}+){0,2}" }, "JwksRetrievalOption":{ "type":"string", @@ -3079,19 +3186,36 @@ "members":{ "AuthorizedTokenIssuers":{ "shape":"AuthorizedTokenIssuers", - "documentation":"

    A list of allowed token issuers trusted by the Identity Center instances for this application.

    " + "documentation":"

    A list of allowed token issuers trusted by the Identity Center instances for this application.

    AuthorizedTokenIssuers is required when the grant type is JwtBearerGrant.

    " } }, - "documentation":"

    A structure that defines configuration settings for an application that supports the JWT Bearer Token Authorization Grant.

    " + "documentation":"

    A structure that defines configuration settings for an application that supports the JWT Bearer Token Authorization Grant. The AuthorizedAudience field is the aud claim. For more information, see RFC 7523.

    " + }, + "KmsKeyArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-[bcd]):kms:([a-z]{2,}(-[a-z0-9]+)+){1}:[0-9]{12}:key/(mrk-[a-f0-9]{32}|[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})" + }, + "KmsKeyStatus":{ + "type":"string", + "enum":[ + "UPDATING", + "ENABLED", + "UPDATE_FAILED" + ] + }, + "KmsKeyType":{ + "type":"string", + "enum":[ + "AWS_OWNED_KMS_KEY", + "CUSTOMER_MANAGED_KEY" + ] }, "ListAccountAssignmentCreationStatusRequest":{ "type":"structure", "required":["InstanceArn"], "members":{ - "Filter":{ - "shape":"OperationStatusFilter", - "documentation":"

    Filters results based on the passed attribute value.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -3103,6 +3227,10 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " + }, + "Filter":{ + "shape":"OperationStatusFilter", + "documentation":"

    Filters results based on the passed attribute value.

    " } } }, @@ -3123,10 +3251,6 @@ "type":"structure", "required":["InstanceArn"], "members":{ - "Filter":{ - "shape":"OperationStatusFilter", - "documentation":"

    Filters results based on the passed attribute value.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -3138,6 +3262,10 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " + }, + "Filter":{ + "shape":"OperationStatusFilter", + "documentation":"

    Filters results based on the passed attribute value.

    " } } }, @@ -3172,22 +3300,10 @@ "PrincipalType" ], "members":{ - "Filter":{ - "shape":"ListAccountAssignmentsFilter", - "documentation":"

    Specifies an Amazon Web Services account ID number. Results are filtered to only those that match this ID number.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    Specifies the ARN of the instance of IAM Identity Center that contains the principal.

    " }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " - }, - "NextToken":{ - "shape":"Token", - "documentation":"

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

    " - }, "PrincipalId":{ "shape":"PrincipalId", "documentation":"

    Specifies the principal for which you want to retrieve the list of account assignments.

    " @@ -3195,6 +3311,18 @@ "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    Specifies the type of the principal.

    " + }, + "Filter":{ + "shape":"ListAccountAssignmentsFilter", + "documentation":"

    Specifies an Amazon Web Services account ID number. Results are filtered to only those that match this ID number.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " } } }, @@ -3214,18 +3342,22 @@ "ListAccountAssignmentsRequest":{ "type":"structure", "required":[ - "AccountId", "InstanceArn", + "AccountId", "PermissionSetArn" ], "members":{ + "InstanceArn":{ + "shape":"InstanceArn", + "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + }, "AccountId":{ "shape":"TargetId", "documentation":"

    The identifier of the Amazon Web Services account from which to list the assignments.

    " }, - "InstanceArn":{ - "shape":"InstanceArn", - "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + "PermissionSetArn":{ + "shape":"PermissionSetArn", + "documentation":"

    The ARN of the permission set from which to list assignments.

    " }, "MaxResults":{ "shape":"MaxResults", @@ -3234,10 +3366,6 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, - "PermissionSetArn":{ - "shape":"PermissionSetArn", - "documentation":"

    The ARN of the permission set from which to list assignments.

    " } } }, @@ -3265,14 +3393,6 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to display for the PermissionSet.

    " - }, - "NextToken":{ - "shape":"Token", - "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the PermissionSet from which the associated Amazon Web Services accounts will be listed.

    " @@ -3280,6 +3400,14 @@ "ProvisioningStatus":{ "shape":"ProvisioningStatus", "documentation":"

    The permission set provisioning status for an Amazon Web Services account.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to display for the PermissionSet.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " } } }, @@ -3324,13 +3452,13 @@ "type":"structure", "required":["Scopes"], "members":{ - "NextToken":{ - "shape":"Token", - "documentation":"

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

    " - }, "Scopes":{ "shape":"Scopes", "documentation":"

    An array list of access scopes and their authorized targets that are associated with the application.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

    " } } }, @@ -3352,22 +3480,10 @@ "PrincipalType" ], "members":{ - "Filter":{ - "shape":"ListApplicationAssignmentsFilter", - "documentation":"

    Filters the output to include only assignments associated with the application that has the specified ARN.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    Specifies the instance of IAM Identity Center that contains principal and applications.

    " }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " - }, - "NextToken":{ - "shape":"Token", - "documentation":"

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

    " - }, "PrincipalId":{ "shape":"PrincipalId", "documentation":"

    Specifies the unique identifier of the principal for which you want to retrieve its assignments.

    " @@ -3375,6 +3491,18 @@ "PrincipalType":{ "shape":"PrincipalType", "documentation":"

    Specifies the type of the principal for which you want to retrieve its assignments.

    " + }, + "Filter":{ + "shape":"ListApplicationAssignmentsFilter", + "documentation":"

    Filters the output to include only assignments associated with the application that has the specified ARN.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

    " } } }, @@ -3521,10 +3649,6 @@ "type":"structure", "required":["InstanceArn"], "members":{ - "Filter":{ - "shape":"ListApplicationsFilter", - "documentation":"

    Filters response results.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center application under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -3536,6 +3660,10 @@ "NextToken":{ "shape":"Token", "documentation":"

    Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

    " + }, + "Filter":{ + "shape":"ListApplicationsFilter", + "documentation":"

    Filters response results.

    " } } }, @@ -3563,6 +3691,10 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed.

    " }, + "PermissionSetArn":{ + "shape":"PermissionSetArn", + "documentation":"

    The ARN of the PermissionSet.

    " + }, "MaxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to display for the list call.

    " @@ -3570,10 +3702,6 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, - "PermissionSetArn":{ - "shape":"PermissionSetArn", - "documentation":"

    The ARN of the PermissionSet.

    " } } }, @@ -3627,6 +3755,10 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, + "PermissionSetArn":{ + "shape":"PermissionSetArn", + "documentation":"

    The ARN of the PermissionSet whose managed policies will be listed.

    " + }, "MaxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to display for the PermissionSet.

    " @@ -3634,10 +3766,6 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, - "PermissionSetArn":{ - "shape":"PermissionSetArn", - "documentation":"

    The ARN of the PermissionSet whose managed policies will be listed.

    " } } }, @@ -3658,10 +3786,6 @@ "type":"structure", "required":["InstanceArn"], "members":{ - "Filter":{ - "shape":"OperationStatusFilter", - "documentation":"

    Filters results based on the passed attribute value.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -3673,36 +3797,44 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " + }, + "Filter":{ + "shape":"OperationStatusFilter", + "documentation":"

    Filters results based on the passed attribute value.

    " } } }, "ListPermissionSetProvisioningStatusResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"Token", - "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, "PermissionSetsProvisioningStatus":{ "shape":"PermissionSetProvisioningStatusList", "documentation":"

    The status object for the permission set provisioning operation.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " } } }, "ListPermissionSetsProvisionedToAccountRequest":{ "type":"structure", "required":[ - "AccountId", - "InstanceArn" + "InstanceArn", + "AccountId" ], "members":{ + "InstanceArn":{ + "shape":"InstanceArn", + "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + }, "AccountId":{ "shape":"AccountId", "documentation":"

    The identifier of the Amazon Web Services account from which to list the assignments.

    " }, - "InstanceArn":{ - "shape":"InstanceArn", - "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " + "ProvisioningStatus":{ + "shape":"ProvisioningStatus", + "documentation":"

    The status object for the permission set provisioning operation.

    " }, "MaxResults":{ "shape":"MaxResults", @@ -3711,10 +3843,6 @@ "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, - "ProvisioningStatus":{ - "shape":"ProvisioningStatus", - "documentation":"

    The status object for the permission set provisioning operation.

    " } } }, @@ -3739,26 +3867,26 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "MaxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to display for the assignment.

    " - }, "NextToken":{ "shape":"Token", "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to display for the assignment.

    " } } }, "ListPermissionSetsResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"Token", - "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, "PermissionSets":{ "shape":"PermissionSetList", "documentation":"

    Defines the level of access on an Amazon Web Services account.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " } } }, @@ -3770,26 +3898,26 @@ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "NextToken":{ - "shape":"Token", - "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, "ResourceArn":{ "shape":"TaggableResourceArn", "documentation":"

    The ARN of the resource with the tags to be listed.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " } } }, "ListTagsForResourceResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"Token", - "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " - }, "Tags":{ "shape":"TagList", "documentation":"

    A set of key-value pairs that are used to manage the resource.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    The pagination token for the list API. Initially the value is null. Use the output of previous API calls to make subsequent calls.

    " } } }, @@ -3814,13 +3942,13 @@ "ListTrustedTokenIssuersResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"Token", - "documentation":"

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

    " - }, "TrustedTokenIssuers":{ "shape":"TrustedTokenIssuerList", "documentation":"

    An array list of the trusted token issuer configurations.

    " + }, + "NextToken":{ + "shape":"Token", + "documentation":"

    If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

    " } } }, @@ -3828,19 +3956,19 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::aws:policy/[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]+$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):iam::aws:policy((/[A-Za-z0-9\\.,\\+@=_-]+)*)/([A-Za-z0-9\\.,\\+=@_-]+)" }, "ManagedPolicyName":{ "type":"string", "max":128, "min":1, - "pattern":"^[\\w+=,.@-]+$" + "pattern":"[\\w+=,.@-]+" }, "ManagedPolicyPath":{ "type":"string", "max":512, "min":1, - "pattern":"^((/[A-Za-z0-9\\.,\\+@=_-]+)*)/$" + "pattern":"((/[A-Za-z0-9\\.,\\+@=_-]+)*)/" }, "MaxResults":{ "type":"integer", @@ -3857,17 +3985,21 @@ "type":"string", "max":255, "min":0, - "pattern":"^[\\w+=,.@-]+$" + "pattern":"[\\w+=,.@-]+" }, "OidcJwtConfiguration":{ "type":"structure", "required":[ + "IssuerUrl", "ClaimAttributePath", "IdentityStoreAttributePath", - "IssuerUrl", "JwksRetrievalOption" ], "members":{ + "IssuerUrl":{ + "shape":"TrustedTokenIssuerUrl", + "documentation":"

    The URL that IAM Identity Center uses for OpenID Discovery. OpenID Discovery is used to obtain the information required to verify the tokens that the trusted token issuer generates.

    " + }, "ClaimAttributePath":{ "shape":"ClaimAttributePath", "documentation":"

    The path of the source attribute in the JWT from the trusted token issuer. The attribute mapped by this JMESPath expression is compared against the attribute mapped by IdentityStoreAttributePath when a trusted token issuer token is exchanged for an IAM Identity Center token.

    " @@ -3876,10 +4008,6 @@ "shape":"JMESPath", "documentation":"

    The path of the destination attribute in a JWT from IAM Identity Center. The attribute mapped by this JMESPath expression is compared against the attribute mapped by ClaimAttributePath when a trusted token issuer token is exchanged for an IAM Identity Center token.

    " }, - "IssuerUrl":{ - "shape":"TrustedTokenIssuerUrl", - "documentation":"

    The URL that IAM Identity Center uses for OpenID Discovery. OpenID Discovery is used to obtain the information required to verify the tokens that the trusted token issuer generates.

    " - }, "JwksRetrievalOption":{ "shape":"JwksRetrievalOption", "documentation":"

    The method that the trusted token issuer can use to retrieve the JSON Web Key Set used to verify a JWT.

    " @@ -3918,14 +4046,6 @@ "PermissionSet":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date that the permission set was created.

    " - }, - "Description":{ - "shape":"PermissionSetDescription", - "documentation":"

    The description of the PermissionSet.

    " - }, "Name":{ "shape":"PermissionSetName", "documentation":"

    The name of the permission set.

    " @@ -3934,13 +4054,21 @@ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "RelayState":{ - "shape":"RelayState", - "documentation":"

    Used to redirect users within the application during the federation authentication process.

    " + "Description":{ + "shape":"PermissionSetDescription", + "documentation":"

    The description of the PermissionSet.

    " + }, + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date that the permission set was created.

    " }, "SessionDuration":{ "shape":"Duration", "documentation":"

    The length of time that the application user sessions are valid for in the ISO-8601 standard.

    " + }, + "RelayState":{ + "shape":"RelayState", + "documentation":"

    Used to redirect users within the application during the federation authentication process.

    " } }, "documentation":"

    An entity that contains IAM policies.

    " @@ -3949,13 +4077,13 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}" }, "PermissionSetDescription":{ "type":"string", "max":700, "min":1, - "pattern":"^[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*$" + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" }, "PermissionSetList":{ "type":"list", @@ -3965,40 +4093,40 @@ "type":"string", "max":32, "min":1, - "pattern":"^[\\w+=,.@-]+$" + "pattern":"[\\w+=,.@-]+" }, "PermissionSetPolicyDocument":{ "type":"string", "max":32768, "min":1, - "pattern":"^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$" + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" }, "PermissionSetProvisioningStatus":{ "type":"structure", "members":{ + "Status":{ + "shape":"StatusValues", + "documentation":"

    The status of the permission set provisioning process.

    " + }, + "RequestId":{ + "shape":"UUId", + "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " + }, "AccountId":{ "shape":"AccountId", "documentation":"

    The identifier of the Amazon Web Services account from which to list the assignments.

    " }, - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date that the permission set was created.

    " - }, - "FailureReason":{ - "shape":"Reason", - "documentation":"

    The message that contains an error or exception in case of an operation failure.

    " - }, "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set that is being provisioned. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "RequestId":{ - "shape":"UUId", - "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " + "FailureReason":{ + "shape":"Reason", + "documentation":"

    The message that contains an error or exception in case of an operation failure.

    " }, - "Status":{ - "shape":"StatusValues", - "documentation":"

    The status of the permission set provisioning process.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date that the permission set was created.

    " } }, "documentation":"

    A structure that is used to provide the status of the provisioning operation for a specified permission set.

    " @@ -4010,17 +4138,17 @@ "PermissionSetProvisioningStatusMetadata":{ "type":"structure", "members":{ - "CreatedDate":{ - "shape":"Date", - "documentation":"

    The date that the permission set was created.

    " + "Status":{ + "shape":"StatusValues", + "documentation":"

    The status of the permission set provisioning process.

    " }, "RequestId":{ "shape":"UUId", "documentation":"

    The identifier for tracking the request operation that is generated by the universally unique identifier (UUID) workflow.

    " }, - "Status":{ - "shape":"StatusValues", - "documentation":"

    The status of the permission set provisioning process.

    " + "CreatedDate":{ + "shape":"Date", + "documentation":"

    The date that the permission set was created.

    " } }, "documentation":"

    Provides information about the permission set provisioning status.

    " @@ -4057,7 +4185,7 @@ "type":"string", "max":47, "min":1, - "pattern":"^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$" + "pattern":"([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}" }, "PrincipalType":{ "type":"string", @@ -4118,21 +4246,21 @@ "PutApplicationAccessScopeRequest":{ "type":"structure", "required":[ - "ApplicationArn", - "Scope" + "Scope", + "ApplicationArn" ], "members":{ - "ApplicationArn":{ - "shape":"ApplicationArn", - "documentation":"

    Specifies the ARN of the application with the access scope with the targets to add or update.

    " + "Scope":{ + "shape":"Scope", + "documentation":"

    Specifies the name of the access scope to be associated with the specified targets.

    " }, "AuthorizedTargets":{ "shape":"ScopeTargets", "documentation":"

    Specifies an array list of ARNs that represent the authorized targets for this access scope.

    " }, - "Scope":{ - "shape":"Scope", - "documentation":"

    Specifies the name of the access scope to be associated with the specified targets.

    " + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    Specifies the ARN of the application with the access scope with the targets to add or update.

    " } } }, @@ -4155,28 +4283,27 @@ }, "PutApplicationAssignmentConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutApplicationAuthenticationMethodRequest":{ "type":"structure", "required":[ "ApplicationArn", - "AuthenticationMethod", - "AuthenticationMethodType" + "AuthenticationMethodType", + "AuthenticationMethod" ], "members":{ "ApplicationArn":{ "shape":"ApplicationArn", "documentation":"

    Specifies the ARN of the application with the authentication method to add or update.

    " }, - "AuthenticationMethod":{ - "shape":"AuthenticationMethod", - "documentation":"

    Specifies a structure that describes the authentication method to add or update. The structure type you provide is determined by the AuthenticationMethodType parameter.

    " - }, "AuthenticationMethodType":{ "shape":"AuthenticationMethodType", "documentation":"

    Specifies the type of the authentication method that you want to add or update.

    " + }, + "AuthenticationMethod":{ + "shape":"AuthenticationMethod", + "documentation":"

    Specifies a structure that describes the authentication method to add or update. The structure type you provide is determined by the AuthenticationMethodType parameter.

    " } } }, @@ -4184,36 +4311,50 @@ "type":"structure", "required":[ "ApplicationArn", - "Grant", - "GrantType" + "GrantType", + "Grant" ], "members":{ "ApplicationArn":{ "shape":"ApplicationArn", "documentation":"

    Specifies the ARN of the application to update.

    " }, + "GrantType":{ + "shape":"GrantType", + "documentation":"

    Specifies the type of grant to update.

    " + }, "Grant":{ "shape":"Grant", "documentation":"

    Specifies a structure that describes the grant to update.

    " + } + } + }, + "PutApplicationSessionConfigurationRequest":{ + "type":"structure", + "required":["ApplicationArn"], + "members":{ + "ApplicationArn":{ + "shape":"ApplicationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the application for which to update the session configuration.

    " }, - "GrantType":{ - "shape":"GrantType", - "documentation":"

    Specifies the type of grant to update.

    " + "UserBackgroundSessionApplicationStatus":{ + "shape":"UserBackgroundSessionApplicationStatus", + "documentation":"

    The status of user background sessions for the application.

    " } } }, + "PutApplicationSessionConfigurationResponse":{ + "type":"structure", + "members":{} + }, "PutInlinePolicyToPermissionSetRequest":{ "type":"structure", "required":[ - "InlinePolicy", "InstanceArn", - "PermissionSetArn" + "PermissionSetArn", + "InlinePolicy" ], "members":{ - "InlinePolicy":{ - "shape":"PermissionSetPolicyDocument", - "documentation":"

    The inline policy to attach to a PermissionSet.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -4221,13 +4362,16 @@ "PermissionSetArn":{ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set.

    " + }, + "InlinePolicy":{ + "shape":"PermissionSetPolicyDocument", + "documentation":"

    The inline policy to attach to a PermissionSet.

    " } } }, "PutInlinePolicyToPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutPermissionsBoundaryToPermissionSetRequest":{ "type":"structure", @@ -4253,12 +4397,11 @@ }, "PutPermissionsBoundaryToPermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Reason":{ "type":"string", - "pattern":"^[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]*$" + "pattern":"[\\p{L}\\p{M}\\p{Z}\\p{S}\\p{N}\\p{P}]*" }, "RedirectUris":{ "type":"list", @@ -4268,24 +4411,31 @@ }, "RefreshTokenGrant":{ "type":"structure", - "members":{ - }, - "documentation":"

    A structure that defines configuration settings for an application that supports the OAuth 2.0 Refresh Token Grant.

    " + "members":{}, + "documentation":"

    A structure that defines configuration settings for an application that supports the OAuth 2.0 Refresh Token Grant. For more, see RFC 6749.

    " }, "RelayState":{ "type":"string", "max":240, "min":1, - "pattern":"^[a-zA-Z0-9&$@#\\\\\\/%?=~\\-_'\"|!:,.;*+\\[\\]\\ \\(\\)\\{\\}]+$" + "pattern":"[a-zA-Z0-9&$@#\\\\\\/%?=~\\-_'\"|!:,.;*+\\[\\]\\ \\(\\)\\{\\}]+" }, "ResourceNotFoundException":{ "type":"structure", "members":{ - "Message":{"shape":"ResourceNotFoundMessage"} + "Message":{"shape":"ResourceNotFoundMessage"}, + "Reason":{ + "shape":"ResourceNotFoundExceptionReason", + "documentation":"

    The reason for the resource not found exception.

    " + } }, "documentation":"

    Indicates that a requested resource is not found.

    ", "exception":true }, + "ResourceNotFoundExceptionReason":{ + "type":"string", + "enum":["KMS_NotFoundException"] + }, "ResourceNotFoundMessage":{"type":"string"}, "ResourceServerConfig":{ "type":"structure", @@ -4301,18 +4451,18 @@ "type":"string", "max":80, "min":1, - "pattern":"^[^:=\\-\\.\\s][0-9a-zA-Z_:\\-\\.]+$" + "pattern":"[^:=\\-\\.\\s][0-9a-zA-Z_:\\-\\.]+" }, "ResourceServerScopeDetails":{ "type":"structure", "members":{ - "DetailedTitle":{ - "shape":"Description", - "documentation":"

    The title of an access scope for a resource server.

    " - }, "LongDescription":{ "shape":"Description", "documentation":"

    The description of an access scope for a resource server.

    " + }, + "DetailedTitle":{ + "shape":"Description", + "documentation":"

    The title of an access scope for a resource server.

    " } }, "documentation":"

    A structure that describes details for an IAM Identity Center access scope that is associated with a resource server.

    " @@ -4324,19 +4474,19 @@ }, "Scope":{ "type":"string", - "pattern":"^([A-Za-z0-9_]{1,50})(:[A-Za-z0-9_]{1,50}){0,1}(:[A-Za-z0-9_]{1,50}){0,1}$" + "pattern":"([A-Za-z0-9_]{1,50})(:[A-Za-z0-9_]{1,50}){0,1}(:[A-Za-z0-9_]{1,50}){0,1}" }, "ScopeDetails":{ "type":"structure", "required":["Scope"], "members":{ - "AuthorizedTargets":{ - "shape":"ScopeTargets", - "documentation":"

    An array list of ARNs of applications.

    " - }, "Scope":{ "shape":"Scope", "documentation":"

    The name of the access scope.

    " + }, + "AuthorizedTargets":{ + "shape":"ScopeTargets", + "documentation":"

    An array list of ARNs of applications.

    " } }, "documentation":"

    A structure that describes an IAM Identity Center access scope and its authorized targets.

    " @@ -4345,7 +4495,7 @@ "type":"string", "max":100, "min":1, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::(\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}|:instance/(sso)?ins-[a-zA-Z0-9-.]{16})$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::(\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}|:instance/(sso)?ins-[a-zA-Z0-9-.]{16})" }, "ScopeTargets":{ "type":"list", @@ -4372,13 +4522,13 @@ "type":"structure", "required":["Origin"], "members":{ - "ApplicationUrl":{ - "shape":"ApplicationUrl", - "documentation":"

    The URL that accepts authentication requests for an application. This is a required parameter if the Origin parameter is APPLICATION.

    " - }, "Origin":{ "shape":"SignInOrigin", "documentation":"

    This determines how IAM Identity Center navigates the user to the target application. It can be one of the following values:

    • APPLICATION: IAM Identity Center redirects the customer to the configured ApplicationUrl.

    • IDENTITY_CENTER: IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application.

    " + }, + "ApplicationUrl":{ + "shape":"ApplicationUrl", + "documentation":"

    The URL that accepts authentication requests for an application. This is a required parameter if the Origin parameter is APPLICATION.

    " } }, "documentation":"

    A structure that describes the sign-in options for an application portal.

    " @@ -4420,7 +4570,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TagKeyList":{ "type":"list", @@ -4457,26 +4607,25 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" }, "TaggableResourceArn":{ "type":"string", "max":2048, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::((:instance/(sso)?ins-[a-zA-Z0-9-.]{16})|(:permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16})|(\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16})|(\\d{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}))$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::((:instance/(sso)?ins-[a-zA-Z0-9-.]{16})|(:permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16})|(\\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16})|(\\d{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}))" }, "TargetId":{ "type":"string", "max":12, "min":12, - "pattern":"^\\d{12}$" + "pattern":"\\d{12}" }, "TargetType":{ "type":"string", @@ -4485,23 +4634,30 @@ "ThrottlingException":{ "type":"structure", "members":{ - "Message":{"shape":"ThrottlingExceptionMessage"} + "Message":{"shape":"ThrottlingExceptionMessage"}, + "Reason":{ + "shape":"ThrottlingExceptionReason", + "documentation":"

    The reason for the throttling exception.

    " + } }, "documentation":"

    Indicates that the principal has crossed the throttling limits of the API operations.

    ", "exception":true }, "ThrottlingExceptionMessage":{"type":"string"}, + "ThrottlingExceptionReason":{ + "type":"string", + "enum":["KMS_ThrottlingException"] + }, "Token":{ "type":"string", "max":2048, "min":0, - "pattern":"^[-a-zA-Z0-9+=/_]*$" + "pattern":"[-a-zA-Z0-9+=/_]*" }, "TokenExchangeGrant":{ "type":"structure", - "members":{ - }, - "documentation":"

    A structure that defines configuration settings for an application that supports the OAuth 2.0 Token Exchange Grant.

    " + "members":{}, + "documentation":"

    A structure that defines configuration settings for an application that supports the OAuth 2.0 Token Exchange Grant. For more information, see RFC 8693.

    " }, "TokenIssuerAudience":{ "type":"string", @@ -4518,7 +4674,7 @@ "type":"string", "max":1224, "min":10, - "pattern":"^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" + "pattern":"arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\\d{12}:trustedTokenIssuer/(sso)?ins-[a-zA-Z0-9-.]{16}/tti-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, "TrustedTokenIssuerConfiguration":{ "type":"structure", @@ -4538,14 +4694,14 @@ "TrustedTokenIssuerMetadata":{ "type":"structure", "members":{ - "Name":{ - "shape":"TrustedTokenIssuerName", - "documentation":"

    The name of the trusted token issuer configuration in the instance of IAM Identity Center.

    " - }, "TrustedTokenIssuerArn":{ "shape":"TrustedTokenIssuerArn", "documentation":"

    The ARN of the trusted token issuer configuration in the instance of IAM Identity Center.

    " }, + "Name":{ + "shape":"TrustedTokenIssuerName", + "documentation":"

    The name of the trusted token issuer configuration in the instance of IAM Identity Center.

    " + }, "TrustedTokenIssuerType":{ "shape":"TrustedTokenIssuerType", "documentation":"

    The type of trusted token issuer.

    " @@ -4557,7 +4713,7 @@ "type":"string", "max":255, "min":1, - "pattern":"^[\\w+=,.@-]+$" + "pattern":"[\\w+=,.@-]+" }, "TrustedTokenIssuerType":{ "type":"string", @@ -4578,14 +4734,14 @@ "type":"string", "max":512, "min":1, - "pattern":"^https?:\\/\\/[-a-zA-Z0-9+&@\\/%=~_|!:,.;]*[-a-zA-Z0-9+&@\\/%=~_|]$" + "pattern":"https?:\\/\\/[-a-zA-Z0-9+&@\\/%=~_|!:,.;]*[-a-zA-Z0-9+&@\\/%=~_|]" }, "URI":{"type":"string"}, "UUId":{ "type":"string", "max":36, "min":36, - "pattern":"^\\b[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}\\b$" + "pattern":"\\b[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}\\b" }, "UntagResourceRequest":{ "type":"structure", @@ -4610,8 +4766,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateApplicationPortalOptions":{ "type":"structure", @@ -4628,72 +4783,70 @@ "shape":"ApplicationArn", "documentation":"

    Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, + "Name":{ + "shape":"ApplicationNameType", + "documentation":"

    Specifies the updated name for the application.

    " + }, "Description":{ "shape":"Description", "documentation":"

    The description of the .

    " }, - "Name":{ - "shape":"NameType", - "documentation":"

    Specifies the updated name for the application.

    " + "Status":{ + "shape":"ApplicationStatus", + "documentation":"

    Specifies whether the application is enabled or disabled.

    " }, "PortalOptions":{ "shape":"UpdateApplicationPortalOptions", "documentation":"

    A structure that describes the options for the portal associated with an application.

    " - }, - "Status":{ - "shape":"ApplicationStatus", - "documentation":"

    Specifies whether the application is enabled or disabled.

    " } } }, "UpdateApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateInstanceAccessControlAttributeConfigurationRequest":{ "type":"structure", "required":[ - "InstanceAccessControlAttributeConfiguration", - "InstanceArn" + "InstanceArn", + "InstanceAccessControlAttributeConfiguration" ], "members":{ - "InstanceAccessControlAttributeConfiguration":{ - "shape":"InstanceAccessControlAttributeConfiguration", - "documentation":"

    Updates the attributes for your ABAC configuration.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed.

    " + }, + "InstanceAccessControlAttributeConfiguration":{ + "shape":"InstanceAccessControlAttributeConfiguration", + "documentation":"

    Updates the attributes for your ABAC configuration.

    " } } }, "UpdateInstanceAccessControlAttributeConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateInstanceRequest":{ "type":"structure", - "required":[ - "InstanceArn", - "Name" - ], + "required":["InstanceArn"], "members":{ + "Name":{ + "shape":"NameType", + "documentation":"

    Updates the instance name.

    " + }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " }, - "Name":{ - "shape":"NameType", - "documentation":"

    Updates the instance name.

    " + "EncryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"

    Specifies the encryption configuration for your IAM Identity Center instance. You can use this to configure customer managed KMS keys (CMK) or Amazon Web Services owned KMS keys for encrypting your instance data.

    " } } }, "UpdateInstanceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePermissionSetRequest":{ "type":"structure", @@ -4702,10 +4855,6 @@ "PermissionSetArn" ], "members":{ - "Description":{ - "shape":"PermissionSetDescription", - "documentation":"

    The description of the PermissionSet.

    " - }, "InstanceArn":{ "shape":"InstanceArn", "documentation":"

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    " @@ -4714,33 +4863,36 @@ "shape":"PermissionSetArn", "documentation":"

    The ARN of the permission set.

    " }, - "RelayState":{ - "shape":"RelayState", - "documentation":"

    Used to redirect users within the application during the federation authentication process.

    " + "Description":{ + "shape":"PermissionSetDescription", + "documentation":"

    The description of the PermissionSet.

    " }, "SessionDuration":{ "shape":"Duration", "documentation":"

    The length of time that the application user sessions are valid for in the ISO-8601 standard.

    " + }, + "RelayState":{ + "shape":"RelayState", + "documentation":"

    Used to redirect users within the application during the federation authentication process.

    " } } }, "UpdatePermissionSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateTrustedTokenIssuerRequest":{ "type":"structure", "required":["TrustedTokenIssuerArn"], "members":{ - "Name":{ - "shape":"TrustedTokenIssuerName", - "documentation":"

    Specifies the updated name to be applied to the trusted token issuer configuration.

    " - }, "TrustedTokenIssuerArn":{ "shape":"TrustedTokenIssuerArn", "documentation":"

    Specifies the ARN of the trusted token issuer configuration that you want to update.

    " }, + "Name":{ + "shape":"TrustedTokenIssuerName", + "documentation":"

    Specifies the updated name to be applied to the trusted token issuer configuration.

    " + }, "TrustedTokenIssuerConfiguration":{ "shape":"TrustedTokenIssuerUpdateConfiguration", "documentation":"

    Specifies a structure with settings to apply to the specified trusted token issuer. The settings that you can provide are determined by the type of the trusted token issuer that you are updating.

    " @@ -4749,18 +4901,36 @@ }, "UpdateTrustedTokenIssuerResponse":{ "type":"structure", - "members":{ - } + "members":{} + }, + "UserBackgroundSessionApplicationStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] }, "ValidationException":{ "type":"structure", "members":{ - "Message":{"shape":"ValidationExceptionMessage"} + "Message":{"shape":"ValidationExceptionMessage"}, + "Reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

    The reason for the validation exception.

    " + } }, "documentation":"

    The request failed because it contains a syntax error.

    ", "exception":true }, - "ValidationExceptionMessage":{"type":"string"} + "ValidationExceptionMessage":{"type":"string"}, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "KMS_InvalidKeyUsageException", + "KMS_InvalidStateException", + "KMS_DisabledException" + ] + } }, - "documentation":"

    IAM Identity Center (successor to Single Sign-On) helps you securely create, or connect, your workforce identities and manage their access centrally across Amazon Web Services accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in Amazon Web Services, for organizations of any size and type.

    IAM Identity Center uses the sso and identitystore API namespaces.

    This reference guide provides information on single sign-on operations which could be used for access management of Amazon Web Services accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide.

    Many operations in the IAM Identity Center APIs rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API Reference.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other Amazon Web Services services. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    " + "documentation":"

    IAM Identity Center is the Amazon Web Services solution for connecting your workforce users to Amazon Web Services managed applications and other Amazon Web Services resources. You can connect your existing identity provider and synchronize users and groups from your directory, or create and manage your users directly in IAM Identity Center. You can then use IAM Identity Center for either or both of the following:

    • User access to applications

    • User access to Amazon Web Services accounts

    This guide provides information about single sign-on operations that you can use for access to applications and Amazon Web Services accounts. For information about IAM Identity Center features, see the IAM Identity Center User Guide.

    IAM Identity Center uses the sso and identitystore API namespaces.

    Many API operations for IAM Identity Center rely on identifiers for users and groups, known as principals. For more information about how to work with principals and principal IDs in IAM Identity Center, see the Identity Store API Reference.

    Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, and more). The SDKs provide a convenient way to create programmatic access to IAM Identity Center and other Amazon Web Services services. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/waiters-2.json 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/waiters-2.json --- 2.23.6-1/awscli/botocore/data/sso-admin/2020-07-20/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso-admin/2020-07-20/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/sso-oidc/2019-06-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sso-oidc/2019-06-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sso-oidc/2019-06-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso-oidc/2019-06-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sso-oidc/2019-06-10/service-2.json 2.31.35-1/awscli/botocore/data/sso-oidc/2019-06-10/service-2.json --- 2.23.6-1/awscli/botocore/data/sso-oidc/2019-06-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sso-oidc/2019-06-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -62,7 +62,7 @@ {"shape":"InternalServerException"}, {"shape":"InvalidRequestRegionException"} ], - "documentation":"

    Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-lived credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.

    " + "documentation":"

    Creates and returns access and refresh tokens for authorized client applications that are authenticated using any IAM entity, such as a service role or user. These tokens might contain defined scopes that specify permissions such as read:profile or write:data. Through downscoping, you can use the scopes parameter to request tokens with reduced permissions compared to the original client application's permissions or, if applicable, the refresh token's scopes. The access token can be used to fetch short-lived credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.

    This API is used with Signature Version 4. For more information, see Amazon Web Services Signature Version 4 for API Requests.

    " }, "RegisterClient":{ "name":"RegisterClient", @@ -78,7 +78,8 @@ {"shape":"InvalidClientMetadataException"}, {"shape":"InternalServerException"}, {"shape":"InvalidRedirectUriException"}, - {"shape":"UnsupportedGrantTypeException"} + {"shape":"UnsupportedGrantTypeException"}, + {"shape":"SlowDownException"} ], "documentation":"

    Registers a public client with IAM Identity Center. This allows clients to perform authorization using the authorization code grant with Proof Key for Code Exchange (PKCE) or the device code grant.

    ", "authtype":"none", @@ -112,6 +113,10 @@ "shape":"Error", "documentation":"

    Single error code. For this exception the value will be access_denied.

    " }, + "reason":{ + "shape":"AccessDeniedExceptionReason", + "documentation":"

    A string that uniquely identifies a reason for the error.

    " + }, "error_description":{ "shape":"ErrorDescription", "documentation":"

    Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.

    " @@ -121,6 +126,10 @@ "error":{"httpStatusCode":400}, "exception":true }, + "AccessDeniedExceptionReason":{ + "type":"string", + "enum":["KMS_AccessDeniedException"] + }, "AccessToken":{ "type":"string", "sensitive":true @@ -147,6 +156,16 @@ "error":{"httpStatusCode":400}, "exception":true }, + "AwsAdditionalDetails":{ + "type":"structure", + "members":{ + "identityContext":{ + "shape":"IdentityContext", + "documentation":"

    The trusted context assertion is signed and encrypted by STS. It provides access to sts:identity_context claim in the idToken without JWT parsing

    Identity context comprises information that Amazon Web Services services use to make authorization decisions when they receive requests.

    " + } + }, + "documentation":"

    This structure contains Amazon Web Services-specific parameter extensions and the identity context.

    " + }, "ClientId":{"type":"string"}, "ClientName":{"type":"string"}, "ClientSecret":{ @@ -192,7 +211,7 @@ }, "scope":{ "shape":"Scopes", - "documentation":"

    The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If this value is not specified, IAM Identity Center authorizes all scopes that are configured for the client during the call to RegisterClient.

    " + "documentation":"

    The list of scopes for which authorization is requested. This parameter has no effect; the access token will always include all scopes configured during client registration.

    " }, "redirectUri":{ "shape":"URI", @@ -312,6 +331,10 @@ "scope":{ "shape":"Scopes", "documentation":"

    The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.

    " + }, + "awsAdditionalDetails":{ + "shape":"AwsAdditionalDetails", + "documentation":"

    A structure containing information from IAM Identity Center managed user and group information.

    " } } }, @@ -344,6 +367,7 @@ "type":"string", "sensitive":true }, + "IdentityContext":{"type":"string"}, "InternalServerException":{ "type":"structure", "members":{ @@ -433,6 +457,10 @@ "shape":"Error", "documentation":"

    Single error code. For this exception the value will be invalid_request.

    " }, + "reason":{ + "shape":"InvalidRequestExceptionReason", + "documentation":"

    A string that uniquely identifies a reason for the error.

    " + }, "error_description":{ "shape":"ErrorDescription", "documentation":"

    Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.

    " @@ -442,6 +470,15 @@ "error":{"httpStatusCode":400}, "exception":true }, + "InvalidRequestExceptionReason":{ + "type":"string", + "enum":[ + "KMS_NotFoundException", + "KMS_InvalidKeyUsageException", + "KMS_InvalidStateException", + "KMS_DisabledException" + ] + }, "InvalidRequestRegionException":{ "type":"structure", "members":{ @@ -672,5 +709,5 @@ }, "UserCode":{"type":"string"} }, - "documentation":"

    IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a native application) to register with IAM Identity Center. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.

    API namespaces

    IAM Identity Center uses the sso and identitystore API namespaces. IAM Identity Center OpenID Connect uses the sso-oidc namespace.

    Considerations for using this guide

    Before you begin using this guide, we recommend that you first review the following important information about how the IAM Identity Center OIDC service works.

    • The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628) that are necessary to enable single sign-on authentication with the CLI.

    • With older versions of the CLI, the service only emits OIDC access tokens, so to obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that supports token refresh and doesn’t require re-authentication, update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh and configurable IAM Identity Center session durations. For more information, see Configure Amazon Web Services access portal session duration .

    • The access tokens provided by this service grant access to all Amazon Web Services account entitlements assigned to an IAM Identity Center user, not just a particular application.

    • The documentation in this guide does not describe the mechanism to convert the access token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service endpoints. For more information, see GetRoleCredentials in the IAM Identity Center Portal API Reference Guide.

    For general information about IAM Identity Center, see What is IAM Identity Center? in the IAM Identity Center User Guide.

    " + "documentation":"

    IAM Identity Center OpenID Connect (OIDC) is a web service that enables a client (such as CLI or a native application) to register with IAM Identity Center. The service also enables the client to fetch the user’s access token upon successful authentication and authorization with IAM Identity Center.

    API namespaces

    IAM Identity Center uses the sso and identitystore API namespaces. IAM Identity Center OpenID Connect uses the sso-oauth namespace.

    Considerations for using this guide

    Before you begin using this guide, we recommend that you first review the following important information about how the IAM Identity Center OIDC service works.

    • The IAM Identity Center OIDC service currently implements only the portions of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628) that are necessary to enable single sign-on authentication with the CLI.

    • With older versions of the CLI, the service only emits OIDC access tokens, so to obtain a new token, users must explicitly re-authenticate. To access the OIDC flow that supports token refresh and doesn’t require re-authentication, update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with support for OIDC token refresh and configurable IAM Identity Center session durations. For more information, see Configure Amazon Web Services access portal session duration .

    • The access tokens provided by this service grant access to all Amazon Web Services account entitlements assigned to an IAM Identity Center user, not just a particular application.

    • The documentation in this guide does not describe the mechanism to convert the access token into Amazon Web Services Auth (“sigv4”) credentials for use with IAM-protected Amazon Web Services service endpoints. For more information, see GetRoleCredentials in the IAM Identity Center Portal API Reference Guide.

    For general information about IAM Identity Center, see What is IAM Identity Center? in the IAM Identity Center User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/stepfunctions/2016-11-23/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/stepfunctions/2016-11-23/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/stepfunctions/2016-11-23/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/stepfunctions/2016-11-23/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json 2.31.35-1/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json --- 2.23.6-1/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -557,7 +557,7 @@ {"shape":"InvalidExecutionInput"}, {"shape":"ValidationException"} ], - "documentation":"

    Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:

    You can call this API on only one state at a time. The states that you can test include the following:

    The TestState API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see IAM permissions to test a state.

    The TestState API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the States.Timeout error.

    TestState doesn't support Activity tasks, .sync or .waitForTaskToken service integration patterns, Parallel, or Map states.

    ", + "documentation":"

    Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:

    You can call this API on only one state at a time. The states that you can test include the following:

    The TestState API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see IAM permissions to test a state.

    The TestState API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the States.Timeout error.

    TestState doesn't support Activity tasks, .sync or .waitForTaskToken service integration patterns, Parallel, or Map states.

    ", "endpoint":{"hostPrefix":"sync-"} }, "UntagResource":{ @@ -703,7 +703,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the activity.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the activity.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "creationDate":{ "shape":"Timestamp", @@ -900,7 +900,7 @@ "members":{ "name":{ "shape":"Name", - "documentation":"

    The name of the activity to create. This name must be unique for your Amazon Web Services account and region for 90 days. For more information, see Limits Related to State Machine Executions in the Step Functions Developer Guide.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the activity to create. This name must be unique for your Amazon Web Services account and region for 90 days. For more information, see Limits Related to State Machine Executions in the Step Functions Developer Guide.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "tags":{ "shape":"TagList", @@ -977,7 +977,7 @@ "members":{ "name":{ "shape":"Name", - "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "definition":{ "shape":"Definition", @@ -1056,8 +1056,7 @@ }, "DeleteActivityOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStateMachineAliasInput":{ "type":"structure", @@ -1071,8 +1070,7 @@ }, "DeleteStateMachineAliasOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStateMachineInput":{ "type":"structure", @@ -1086,8 +1084,7 @@ }, "DeleteStateMachineOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteStateMachineVersionInput":{ "type":"structure", @@ -1101,8 +1098,7 @@ }, "DeleteStateMachineVersionOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeActivityInput":{ "type":"structure", @@ -1128,7 +1124,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the activity.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the activity.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "creationDate":{ "shape":"Timestamp", @@ -1173,7 +1169,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the execution.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the execution.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "status":{ "shape":"ExecutionStatus", @@ -1199,7 +1195,7 @@ "outputDetails":{"shape":"CloudWatchEventsExecutionDataDetails"}, "traceHeader":{ "shape":"TraceHeader", - "documentation":"

    The X-Ray trace header that was passed to the execution.

    " + "documentation":"

    The X-Ray trace header that was passed to the execution.

    For X-Ray traces, all Amazon Web Services services use the X-Amzn-Trace-Id header from the HTTP request. Using the header is the preferred mechanism to identify a trace. StartExecution and StartSyncExecution API operations can also use traceHeader from the body of the request payload. If both sources are provided, Step Functions will use the header value (preferred) over the value in the request body.

    " }, "mapRunArn":{ "shape":"LongArn", @@ -1407,7 +1403,7 @@ }, "label":{ "shape":"MapRunLabel", - "documentation":"

    A user-defined or an auto-generated string that identifies a Map state. This field is returned only if the executionArn is a child workflow execution that was started by a Distributed Map state.

    " + "documentation":"

    A user-defined or an auto-generated string that identifies a Map state. This field is returned only if the executionArn is a child workflow execution that was started by a Distributed Map state.

    " }, "revisionId":{ "shape":"RevisionId", @@ -1454,7 +1450,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "status":{ "shape":"StateMachineStatus", @@ -1638,7 +1634,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the execution.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the execution.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "status":{ "shape":"ExecutionStatus", @@ -2439,7 +2435,7 @@ }, "statusFilter":{ "shape":"ExecutionStatus", - "documentation":"

    If specified, only list the executions whose current execution status matches the given filter.

    " + "documentation":"

    If specified, only list the executions whose current execution status matches the given filter.

    If you provide a PENDING_REDRIVE statusFilter, you must specify mapRunArn. For more information, see Child workflow execution redrive behaviour in the Step Functions Developer Guide.

    If you provide a stateMachineArn and a PENDING_REDRIVE statusFilter, the API returns a validation exception.

    " }, "maxResults":{ "shape":"PageSize", @@ -3032,8 +3028,7 @@ }, "SendTaskFailureOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "SendTaskHeartbeatInput":{ "type":"structure", @@ -3047,8 +3042,7 @@ }, "SendTaskHeartbeatOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "SendTaskSuccessInput":{ "type":"structure", @@ -3069,8 +3063,7 @@ }, "SendTaskSuccessOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "SensitiveCause":{ "type":"string", @@ -3112,15 +3105,15 @@ }, "name":{ "shape":"Name", - "documentation":"

    Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, see Limits Related to State Machine Executions in the Step Functions Developer Guide.

    If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, see Limits Related to State Machine Executions in the Step Functions Developer Guide.

    If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "input":{ "shape":"SensitiveData", - "documentation":"

    The string that contains the JSON input data for the execution, for example:

    \"input\": \"{\\\"first_name\\\" : \\\"test\\\"}\"

    If you don't include any JSON input data, you still must include the two braces, for example: \"input\": \"{}\"

    Length constraints apply to the payload size, and are expressed as bytes in UTF-8 encoding.

    " + "documentation":"

    The string that contains the JSON input data for the execution, for example:

    \"{\\\"first_name\\\" : \\\"Alejandro\\\"}\"

    If you don't include any JSON input data, you still must include the two braces, for example: \"{}\"

    Length constraints apply to the payload size, and are expressed as bytes in UTF-8 encoding.

    " }, "traceHeader":{ "shape":"TraceHeader", - "documentation":"

    Passes the X-Ray trace header. The trace header can also be passed in the request payload.

    " + "documentation":"

    Passes the X-Ray trace header. The trace header can also be passed in the request payload.

    For X-Ray traces, all Amazon Web Services services use the X-Amzn-Trace-Id header from the HTTP request. Using the header is the preferred mechanism to identify a trace. StartExecution and StartSyncExecution API operations can also use traceHeader from the body of the request payload. If both sources are provided, Step Functions will use the header value (preferred) over the value in the request body.

    " } } }, @@ -3155,11 +3148,11 @@ }, "input":{ "shape":"SensitiveData", - "documentation":"

    The string that contains the JSON input data for the execution, for example:

    \"input\": \"{\\\"first_name\\\" : \\\"test\\\"}\"

    If you don't include any JSON input data, you still must include the two braces, for example: \"input\": \"{}\"

    Length constraints apply to the payload size, and are expressed as bytes in UTF-8 encoding.

    " + "documentation":"

    The string that contains the JSON input data for the execution, for example:

    \"{\\\"first_name\\\" : \\\"Alejandro\\\"}\"

    If you don't include any JSON input data, you still must include the two braces, for example: \"{}\"

    Length constraints apply to the payload size, and are expressed as bytes in UTF-8 encoding.

    " }, "traceHeader":{ "shape":"TraceHeader", - "documentation":"

    Passes the X-Ray trace header. The trace header can also be passed in the request payload.

    " + "documentation":"

    Passes the X-Ray trace header. The trace header can also be passed in the request payload.

    For X-Ray traces, all Amazon Web Services services use the X-Amzn-Trace-Id header from the HTTP request. Using the header is the preferred mechanism to identify a trace. StartExecution and StartSyncExecution API operations can also use traceHeader from the body of the request payload. If both sources are provided, Step Functions will use the header value (preferred) over the value in the request body.

    " }, "includedData":{ "shape":"IncludedData", @@ -3220,7 +3213,7 @@ "outputDetails":{"shape":"CloudWatchEventsExecutionDataDetails"}, "traceHeader":{ "shape":"TraceHeader", - "documentation":"

    The X-Ray trace header that was passed to the execution.

    " + "documentation":"

    The X-Ray trace header that was passed to the execution.

    For X-Ray traces, all Amazon Web Services services use the X-Amzn-Trace-Id header from the HTTP request. Using the header is the preferred mechanism to identify a trace. StartExecution and StartSyncExecution API operations can also use traceHeader from the body of the request payload. If both sources are provided, Step Functions will use the header value (preferred) over the value in the request body.

    " }, "billingDetails":{ "shape":"BillingDetails", @@ -3253,7 +3246,7 @@ "members":{ "name":{ "shape":"Name", - "documentation":"

    The name of the state.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the state.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "output":{ "shape":"SensitiveData", @@ -3347,7 +3340,7 @@ }, "name":{ "shape":"Name", - "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " + "documentation":"

    The name of the state machine.

    A name must not contain:

    • white space

    • brackets < > { } [ ]

    • wildcard characters ? *

    • special characters \" # % \\ ^ | ~ ` $ & , ; : /

    • control characters (U+0000-001F, U+007F-009F, U+FFFE-FFFF)

    • surrogates (U+D800-DFFF)

    • invalid characters ( U+10FFFF)

    To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

    " }, "type":{ "shape":"StateMachineType", @@ -3491,8 +3484,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3806,7 +3798,7 @@ }, "nextState":{ "shape":"StateName", - "documentation":"

    The name of the next state to transition to. If you haven't defined a next state in your definition or if the execution of the state fails, this field doesn't contain a value.

    " + "documentation":"

    The name of the next state to transition to. If you haven't defined a next state in your definition or if the execution of the state fails, this field doesn't contain a value.

    " }, "status":{ "shape":"TestExecutionStatus", @@ -3878,8 +3870,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMapRunInput":{ "type":"structure", @@ -3908,8 +3899,7 @@ }, "UpdateMapRunOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateStateMachineAliasInput":{ "type":"structure", @@ -4156,5 +4146,5 @@ "includedDetails":{"type":"boolean"}, "truncated":{"type":"boolean"} }, - "documentation":"Step Functions

    Step Functions coordinates the components of distributed applications and microservices using visual workflows.

    You can use Step Functions to build applications from individual components, each of which performs a discrete function, or task, allowing you to scale and change applications quickly. Step Functions provides a console that helps visualize the components of your application as a series of steps. Step Functions automatically triggers and tracks each step, and retries steps when there are errors, so your application executes predictably and in the right order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any issues.

    Step Functions manages operations and underlying infrastructure to ensure your application is available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API. For more information about Step Functions, see the Step Functions Developer Guide .

    If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.

    " + "documentation":"Step Functions

    With Step Functions, you can create workflows, also called state machines, to build distributed applications, automate processes, orchestrate microservices, and create data and machine learning pipelines.

    Through the Step Functions API, you can create, list, update, and delete state machines, activities, and other data types. You can start, stop, and redrive your state machines. Your activity workers can send task success, heartbeat, and failure responses.

    With API calls, you can also manage other aspects of your workflow, such as tags, versions, and aliases.

    For more information about developing solutions with Step Functions, see the Step Functions Developer Guide .

    If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you might use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/paginators-1.json 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/paginators-1.json --- 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -74,6 +74,11 @@ ], "output_token": "NextMarker", "result_key": "FileSystemAssociationSummaryList" + }, + "ListCacheReports": { + "input_token": "Marker", + "output_token": "Marker", + "result_key": "CacheReportList" } } } diff -pruN 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/service-2.json 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/service-2.json --- 2.23.6-1/awscli/botocore/data/storagegateway/2013-06-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/storagegateway/2013-06-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -140,6 +140,20 @@ ], "documentation":"

    Cancels archiving of a virtual tape to the virtual tape shelf (VTS) after the archiving process is initiated. This operation is only supported in the tape gateway type.

    " }, + "CancelCacheReport":{ + "name":"CancelCacheReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelCacheReportInput"}, + "output":{"shape":"CancelCacheReportOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Cancels generation of a specified cache report. You can use this operation to manually cancel an IN-PROGRESS report for any reason. This action changes the report status from IN-PROGRESS to CANCELLED. You can only cancel in-progress reports. If the the report you attempt to cancel is in FAILED, ERROR, or COMPLETED state, the cancel operation returns an error.

    " + }, "CancelRetrieval":{ "name":"CancelRetrieval", "http":{ @@ -310,6 +324,20 @@ ], "documentation":"

    Deletes the bandwidth rate limits of a gateway. You can delete either the upload and download bandwidth rate limit, or you can delete both. If you delete only one of the limits, the other limit remains unchanged. To specify which gateway to work with, use the Amazon Resource Name (ARN) of the gateway in your request. This operation is supported only for the stored volume, cached volume, and tape gateway types.

    " }, + "DeleteCacheReport":{ + "name":"DeleteCacheReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteCacheReportInput"}, + "output":{"shape":"DeleteCacheReportOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Deletes the specified cache report and any associated tags from the Storage Gateway database. You can only delete completed reports. If the status of the report you attempt to delete still IN-PROGRESS, the delete operation returns an error. You can use CancelCacheReport to cancel an IN-PROGRESS report.

    DeleteCacheReport does not delete the report object from your Amazon S3 bucket.

    " + }, "DeleteChapCredentials":{ "name":"DeleteChapCredentials", "http":{ @@ -478,6 +506,20 @@ ], "documentation":"

    Returns information about the cache of a gateway. This operation is only supported in the cached volume, tape, and file gateway types.

    The response includes disk IDs that are configured as cache, and it includes the amount of cache allocated and used.

    " }, + "DescribeCacheReport":{ + "name":"DescribeCacheReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCacheReportInput"}, + "output":{"shape":"DescribeCacheReportOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Returns information about the specified cache report, including completion status and generation progress.

    " + }, "DescribeCachediSCSIVolumes":{ "name":"DescribeCachediSCSIVolumes", "http":{ @@ -744,6 +786,20 @@ ], "documentation":"

    Disassociates an Amazon FSx file system from the specified gateway. After the disassociation process finishes, the gateway can no longer access the Amazon FSx file system. This operation is only supported in the FSx File Gateway type.

    " }, + "EvictFilesFailingUpload":{ + "name":"EvictFilesFailingUpload", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EvictFilesFailingUploadInput"}, + "output":{"shape":"EvictFilesFailingUploadOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Starts a process that cleans the specified file share's cache of file entries that are failing upload to Amazon S3. This API operation reports success if the request is received with valid arguments, and there are no other cache clean operations currently in-progress for the specified file share. After a successful request, the cache clean operation occurs asynchronously and reports progress using CloudWatch logs and notifications.

    If ForceRemove is set to True, the cache clean operation will delete file data from the gateway which might otherwise be recoverable. We recommend using this operation only after all other methods to clear files failing upload have been exhausted, and if your business need outweighs the potential data loss.

    " + }, "JoinDomain":{ "name":"JoinDomain", "http":{ @@ -772,6 +828,20 @@ ], "documentation":"

    Lists the automatic tape creation policies for a gateway. If there are no automatic tape creation policies for the gateway, it returns an empty list.

    This operation is only supported for tape gateways.

    " }, + "ListCacheReports":{ + "name":"ListCacheReports", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListCacheReportsInput"}, + "output":{"shape":"ListCacheReportsOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Returns a list of existing cache reports for all file shares associated with your Amazon Web Services account. This list includes all information provided by the DescribeCacheReport action, such as report name, status, completion progress, start time, end time, filters, and tags.

    " + }, "ListFileShares":{ "name":"ListFileShares", "http":{ @@ -924,7 +994,7 @@ {"shape":"InvalidGatewayRequestException"}, {"shape":"InternalServerError"} ], - "documentation":"

    Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.

    Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or Lambda function. This operation is only supported for S3 File Gateways.

    For more information, see Getting file upload notification in the Amazon S3 File Gateway User Guide.

    " + "documentation":"

    Sends you notification through Amazon EventBridge when all files written to your file share have been uploaded to Amazon S3.

    Storage Gateway can send a notification through Amazon EventBridge when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through EventBridge. You can configure EventBridge to send the notification through event targets such as Amazon SNS or Lambda function. This operation is only supported for S3 File Gateways.

    For more information, see Getting file upload notification in the Amazon S3 File Gateway User Guide.

    " }, "RefreshCache":{ "name":"RefreshCache", @@ -1052,6 +1122,20 @@ ], "documentation":"

    Start a test that verifies that the specified gateway is configured for High Availability monitoring in your host environment. This request only initiates the test and that a successful response only indicates that the test was started. It doesn't indicate that the test passed. For the status of the test, invoke the DescribeAvailabilityMonitorTest API.

    Starting this test will cause your gateway to go offline for a brief period.

    " }, + "StartCacheReport":{ + "name":"StartCacheReport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartCacheReportInput"}, + "output":{"shape":"StartCacheReportOutput"}, + "errors":[ + {"shape":"InvalidGatewayRequestException"}, + {"shape":"InternalServerError"} + ], + "documentation":"

    Starts generating a report of the file metadata currently cached by an S3 File Gateway for a specific file share. You can use this report to identify and resolve issues if you have files failing upload from your gateway to Amazon S3. The report is a CSV file containing a list of files which match the set of filter parameters you specify in the request.

    The Files Failing Upload flag is reset every 24 hours and during gateway reboot. If this report captures the files after the reset, but before they become flagged again, they will not be reported as Files Failing Upload.

    The following requirements must be met to successfully generate a cache report:

    • You must have s3:PutObject and s3:AbortMultipartUpload permissions for the Amazon S3 bucket where you want to store the cache report.

    • No other cache reports can currently be in-progress for the specified file share.

    • There must be fewer than 10 existing cache reports for the specified file share.

    • The gateway must be online and connected to Amazon Web Services.

    • The root disk must have at least 20GB of free space when report generation starts.

    • You must specify at least one value for InclusionFilters or ExclusionFilters in the request.

    " + }, "StartGateway":{ "name":"StartGateway", "http":{ @@ -1343,7 +1427,8 @@ "JOINING", "NETWORK_ERROR", "TIMEOUT", - "UNKNOWN_ERROR" + "UNKNOWN_ERROR", + "INSUFFICIENT_PERMISSIONS" ] }, "AddCacheInput":{ @@ -1539,7 +1624,7 @@ }, "NetworkInterfaceId":{ "shape":"NetworkInterfaceId", - "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " + "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Accepts IPv4 and IPv6 addresses. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " }, "DiskId":{ "shape":"DiskId", @@ -1711,6 +1796,116 @@ }, "documentation":"

    The refresh cache information for the file share or FSx file systems.

    " }, + "CacheReportARN":{ + "type":"string", + "max":500, + "min":50 + }, + "CacheReportFilter":{ + "type":"structure", + "required":[ + "Name", + "Values" + ], + "members":{ + "Name":{ + "shape":"CacheReportFilterName", + "documentation":"

    The parameter name for a filter that determines which files are included or excluded from a cache report.

    Valid Names:

    UploadFailureReason | UploadState

    " + }, + "Values":{ + "shape":"CacheReportFilterValues", + "documentation":"

    The parameter value for a filter that determines which files are included or excluded from a cache report.

    Valid UploadFailureReason Values:

    InaccessibleStorageClass | InvalidObjectState | ObjectMissing | S3AccessDenied

    Valid UploadState Values:

    FailingUpload

    " + } + }, + "documentation":"

    A list of filter parameters and associated values that determine which files are included or excluded from a cache report created by a StartCacheReport request. Multiple instances of the same filter parameter are combined with an OR operation, while different parameters are combined with an AND operation.

    " + }, + "CacheReportFilterList":{ + "type":"list", + "member":{"shape":"CacheReportFilter"} + }, + "CacheReportFilterName":{ + "type":"string", + "enum":[ + "UploadState", + "UploadFailureReason" + ] + }, + "CacheReportFilterValue":{ + "type":"string", + "max":25, + "min":1 + }, + "CacheReportFilterValues":{ + "type":"list", + "member":{"shape":"CacheReportFilterValue"} + }, + "CacheReportInfo":{ + "type":"structure", + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to describe.

    " + }, + "CacheReportStatus":{ + "shape":"CacheReportStatus", + "documentation":"

    The status of the specified cache report.

    " + }, + "ReportCompletionPercent":{ + "shape":"ReportCompletionPercent", + "documentation":"

    The percentage of the report generation process that has been completed at time of inquiry.

    " + }, + "EndTime":{ + "shape":"Time", + "documentation":"

    The time at which the gateway stopped generating the cache report.

    " + }, + "Role":{"shape":"Role"}, + "FileShareARN":{"shape":"FileShareARN"}, + "LocationARN":{ + "shape":"LocationARN", + "documentation":"

    The ARN of the Amazon S3 bucket location where the cache report is saved.

    " + }, + "StartTime":{ + "shape":"Time", + "documentation":"

    The time at which the gateway started generating the cache report.

    " + }, + "InclusionFilters":{ + "shape":"CacheReportFilterList", + "documentation":"

    The list of filters and parameters that determine which files are included in the report.

    " + }, + "ExclusionFilters":{ + "shape":"CacheReportFilterList", + "documentation":"

    The list of filters and parameters that determine which files are excluded from the report.

    " + }, + "ReportName":{ + "shape":"CacheReportName", + "documentation":"

    The file name of the completed cache report object stored in Amazon S3.

    " + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    The list of key/value tags associated with the report.

    " + } + }, + "documentation":"

    Contains all informational fields associated with a cache report. Includes name, ARN, tags, status, progress, filters, start time, and end time.

    " + }, + "CacheReportList":{ + "type":"list", + "member":{"shape":"CacheReportInfo"} + }, + "CacheReportName":{ + "type":"string", + "max":100, + "min":1 + }, + "CacheReportStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "COMPLETED", + "CANCELED", + "FAILED", + "ERROR" + ] + }, "CacheStaleTimeoutInSeconds":{"type":"integer"}, "CachediSCSIVolume":{ "type":"structure", @@ -1796,6 +1991,25 @@ }, "documentation":"

    CancelArchivalOutput

    " }, + "CancelCacheReportInput":{ + "type":"structure", + "required":["CacheReportARN"], + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to cancel.

    " + } + } + }, + "CancelCacheReportOutput":{ + "type":"structure", + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to cancel.

    " + } + } + }, "CancelRetrievalInput":{ "type":"structure", "required":[ @@ -1898,7 +2112,7 @@ }, "NetworkInterfaceId":{ "shape":"NetworkInterfaceId", - "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " + "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Accepts IPv4 and IPv6 addresses. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " }, "ClientToken":{ "shape":"ClientToken", @@ -1984,7 +2198,7 @@ }, "ClientList":{ "shape":"FileShareClientList", - "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

    " + "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IPv4/IPv6 addresses or valid CIDR blocks.

    " }, "Squash":{ "shape":"Squash", @@ -2278,7 +2492,7 @@ }, "NetworkInterfaceId":{ "shape":"NetworkInterfaceId", - "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " + "documentation":"

    The network interface of the gateway on which to expose the iSCSI target. Accepts IPv4 and IPv6 addresses. Use DescribeGatewayInformation to get a list of the network interfaces available on a gateway.

    Valid Values: A valid IP address.

    " }, "KMSEncrypted":{ "shape":"Boolean", @@ -2525,6 +2739,25 @@ }, "documentation":"

    A JSON object containing the Amazon Resource Name (ARN) of the gateway whose bandwidth rate information was deleted.

    " }, + "DeleteCacheReportInput":{ + "type":"structure", + "required":["CacheReportARN"], + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to delete.

    " + } + } + }, + "DeleteCacheReportOutput":{ + "type":"structure", + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to delete.

    " + } + } + }, "DeleteChapCredentialsInput":{ "type":"structure", "required":[ @@ -2816,6 +3049,25 @@ } } }, + "DescribeCacheReportInput":{ + "type":"structure", + "required":["CacheReportARN"], + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report you want to describe.

    " + } + } + }, + "DescribeCacheReportOutput":{ + "type":"structure", + "members":{ + "CacheReportInfo":{ + "shape":"CacheReportInfo", + "documentation":"

    Contains all informational fields associated with a cache report. Includes name, ARN, tags, status, progress, filters, start time, and end time.

    " + } + } + }, "DescribeCachediSCSIVolumesInput":{ "type":"structure", "required":["VolumeARNs"], @@ -3073,7 +3325,7 @@ }, "ActiveDirectoryStatus":{ "shape":"ActiveDirectoryStatus", - "documentation":"

    Indicates the status of a gateway that is a member of the Active Directory domain.

    • ACCESS_DENIED: Indicates that the JoinDomain operation failed due to an authentication error.

    • DETACHED: Indicates that gateway is not joined to a domain.

    • JOINED: Indicates that the gateway has successfully joined a domain.

    • JOINING: Indicates that a JoinDomain operation is in progress.

    • NETWORK_ERROR: Indicates that JoinDomain operation failed due to a network or connectivity error.

    • TIMEOUT: Indicates that the JoinDomain operation failed because the operation didn't complete within the allotted time.

    • UNKNOWN_ERROR: Indicates that the JoinDomain operation failed due to another type of error.

    " + "documentation":"

    Indicates the status of a gateway that is a member of the Active Directory domain.

    This field is only used as part of a JoinDomain request. It is not affected by Active Directory connectivity changes that occur after the JoinDomain request succeeds.

    • ACCESS_DENIED: Indicates that the JoinDomain operation failed due to an authentication error.

    • DETACHED: Indicates that gateway is not joined to a domain.

    • JOINED: Indicates that the gateway has successfully joined a domain.

    • JOINING: Indicates that a JoinDomain operation is in progress.

    • NETWORK_ERROR: Indicates that JoinDomain operation failed due to a network or connectivity error.

    • TIMEOUT: Indicates that the JoinDomain operation failed because the operation didn't complete within the allotted time.

    • UNKNOWN_ERROR: Indicates that the JoinDomain operation failed due to another type of error.

    " }, "SMBGuestPasswordSet":{ "shape":"Boolean", @@ -3610,6 +3862,29 @@ "VolumeNotReady" ] }, + "EvictFilesFailingUploadInput":{ + "type":"structure", + "required":["FileShareARN"], + "members":{ + "FileShareARN":{ + "shape":"FileShareARN", + "documentation":"

    The Amazon Resource Name (ARN) of the file share for which you want to start the cache clean operation.

    " + }, + "ForceRemove":{ + "shape":"boolean", + "documentation":"

    Specifies whether cache entries with full or partial file data currently stored on the gateway will be forcibly removed by the cache clean operation.

    Valid arguments:

    • False - The cache clean operation skips cache entries failing upload if they are associated with data currently stored on the gateway. This preserves the cached data.

    • True - The cache clean operation removes cache entries failing upload even if they are associated with data currently stored on the gateway. This deletes the cached data.

      If ForceRemove is set to True, the cache clean operation will delete file data from the gateway which might otherwise be recoverable.
    " + } + } + }, + "EvictFilesFailingUploadOutput":{ + "type":"structure", + "members":{ + "NotificationId":{ + "shape":"string", + "documentation":"

    The randomly generated ID of the CloudWatch notification associated with the cache clean operation. This ID is in UUID format.

    " + } + } + }, "FileShareARN":{ "type":"string", "documentation":"

    The Amazon Resource Name (ARN) of the file share.

    ", @@ -3624,8 +3899,8 @@ }, "FileShareClientList":{ "type":"list", - "member":{"shape":"IPV4AddressCIDR"}, - "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

    ", + "member":{"shape":"Ipv4OrIpv6AddressCIDR"}, + "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IPv4/IPv6 addresses or valid CIDR blocks.

    ", "max":100, "min":1 }, @@ -3891,8 +4166,8 @@ "Host":{ "type":"string", "max":1024, - "min":6, - "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])(:(\\d+))?$" + "min":2, + "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])(:(\\d+))?$|^(?:\\[(?:(?:(?:[A-Fa-f0-9]{1,4}:){6}|(?=(?:[A-Fa-f0-9]{0,4}:){0,6}(?:[0-9]{1,3}\\.){3}[0-9]{1,3}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){0,5}|:)(?:(?::[0-9A-Fa-f]{1,4}){1,5}:|:)|::(?:[A-Fa-f0-9]{1,4}:){5})(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}|(?=(?:[A-Fa-f0-9]{0,4}:){0,7}[A-Fa-f0-9]{0,4}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){1,7}|:)(?:(:[0-9A-Fa-f]{1,4}){1,7}|:)|(?:[A-Fa-f0-9]{1,4}:){7}:|:(:[A-Fa-f0-9]{1,4}){7})\\]:\\d+$|^(?:(?:(?:[A-Fa-f0-9]{1,4}:){6}|(?=(?:[A-Fa-f0-9]{0,4}:){0,6}(?:[0-9]{1,3}\\.){3}[0-9]{1,3}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){0,5}|:)(?:(?::[0-9A-Fa-f]{1,4}){1,5}:|:)|::(?:[A-Fa-f0-9]{1,4}:){5})(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}|(?=(?:[A-Fa-f0-9]{0,4}:){0,7}[A-Fa-f0-9]{0,4}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){1,7}|:)(?:(:[0-9A-Fa-f]{1,4}){1,7}|:)|(?:[A-Fa-f0-9]{1,4}:){7}:|:(:[A-Fa-f0-9]{1,4}){7})$)" }, "HostEnvironment":{ "type":"string", @@ -3925,10 +4200,6 @@ "min":7, "pattern":"^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(\\.(?!$)|$)){4}" }, - "IPV4AddressCIDR":{ - "type":"string", - "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))?$" - }, "Initiator":{ "type":"string", "max":50, @@ -3974,6 +4245,10 @@ "max":1, "min":0 }, + "Ipv4OrIpv6AddressCIDR":{ + "type":"string", + "pattern":"^(?:(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?:\\/(?:[0-9]|[1-2][0-9]|3[0-2]))?$|^(?:(?:(?:[A-Fa-f0-9]{1,4}:){6}|(?=(?:[A-Fa-f0-9]{0,4}:){0,6}(?:[0-9]{1,3}\\.){3}[0-9]{1,3}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){0,5}|:)(?:(?::[0-9A-Fa-f]{1,4}){1,5}:|:)|::(?:[A-Fa-f0-9]{1,4}:){5})(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}|(?=(?:[A-Fa-f0-9]{0,4}:){0,7}[A-Fa-f0-9]{0,4}(?![:.\\w]))(?:(?:[0-9A-Fa-f]{1,4}:){1,7}|:)(?:(:[0-9A-Fa-f]{1,4}){1,7}|:)|(?:[A-Fa-f0-9]{1,4}:){7}:|:(:[A-Fa-f0-9]{1,4}){7})(?:\\/(?:12[0-8]|1[01][0-9]|[1-9]?[0-9]))?$" + }, "IqnName":{ "type":"string", "max":255, @@ -4003,7 +4278,7 @@ }, "DomainControllers":{ "shape":"Hosts", - "documentation":"

    List of IPv4 addresses, NetBIOS names, or host names of your domain server. If you need to specify the port number include it after the colon (“:”). For example, mydc.mydomain.com:389.

    " + "documentation":"

    List of IP addresses, NetBIOS names, or host names of your domain server. If you need to specify the port number include it after the colon (“:”). For example, mydc.mydomain.com:389.

    S3 File Gateway supports IPv6 addresses in addition to IPv4 and other existing formats.

    FSx File Gateway does not support IPv6.

    " }, "TimeoutInSeconds":{ "shape":"TimeoutInSeconds", @@ -4029,7 +4304,7 @@ }, "ActiveDirectoryStatus":{ "shape":"ActiveDirectoryStatus", - "documentation":"

    Indicates the status of the gateway as a member of the Active Directory domain.

    • ACCESS_DENIED: Indicates that the JoinDomain operation failed due to an authentication error.

    • DETACHED: Indicates that gateway is not joined to a domain.

    • JOINED: Indicates that the gateway has successfully joined a domain.

    • JOINING: Indicates that a JoinDomain operation is in progress.

    • NETWORK_ERROR: Indicates that JoinDomain operation failed due to a network or connectivity error.

    • TIMEOUT: Indicates that the JoinDomain operation failed because the operation didn't complete within the allotted time.

    • UNKNOWN_ERROR: Indicates that the JoinDomain operation failed due to another type of error.

    " + "documentation":"

    Indicates the status of the gateway as a member of the Active Directory domain.

    This field is only used as part of a JoinDomain request. It is not affected by Active Directory connectivity changes that occur after the JoinDomain request succeeds.

    • ACCESS_DENIED: Indicates that the JoinDomain operation failed due to an authentication error.

    • DETACHED: Indicates that gateway is not joined to a domain.

    • JOINED: Indicates that the gateway has successfully joined a domain.

    • JOINING: Indicates that a JoinDomain operation is in progress.

    • INSUFFICIENT_PERMISSIONS: Indicates that the JoinDomain operation failed because the specified user lacks the necessary permissions to join the domain.

    • NETWORK_ERROR: Indicates that JoinDomain operation failed due to a network or connectivity error.

    • TIMEOUT: Indicates that the JoinDomain operation failed because the operation didn't complete within the allotted time.

    • UNKNOWN_ERROR: Indicates that the JoinDomain operation failed due to another type of error.

    " } }, "documentation":"

    JoinDomainOutput

    " @@ -4061,6 +4336,28 @@ } } }, + "ListCacheReportsInput":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"Marker", + "documentation":"

    Opaque pagination token returned from a previous ListCacheReports operation. If present, Marker specifies where to continue the list from after a previous call to ListCacheReports. Optional.

    " + } + } + }, + "ListCacheReportsOutput":{ + "type":"structure", + "members":{ + "CacheReportList":{ + "shape":"CacheReportList", + "documentation":"

    A list of existing cache reports for all file shares associated with your Amazon Web Services account. This list includes all information provided by the DescribeCacheReport action, such as report status, completion progress, start time, end time, filters, and tags.

    " + }, + "Marker":{ + "shape":"Marker", + "documentation":"

    If the request includes Marker, the response returns that value in this field.

    " + } + } + }, "ListFileSharesInput":{ "type":"structure", "members":{ @@ -4349,7 +4646,7 @@ }, "Marker":{ "type":"string", - "max":1000, + "max":2000, "min":1 }, "MediumChangerType":{ @@ -4478,16 +4775,13 @@ }, "Ipv6Address":{ "shape":"string", - "documentation":"

    The Internet Protocol version 6 (IPv6) address of the interface. Currently not supported.

    " + "documentation":"

    The Internet Protocol version 6 (IPv6) address of the interface.

    This element returns IPv6 addresses for all gateway types except FSx File Gateway.

    " } }, "documentation":"

    Describes a gateway's network interface.

    ", "sensitive":true }, - "NetworkInterfaceId":{ - "type":"string", - "pattern":"\\A(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}\\z" - }, + "NetworkInterfaceId":{"type":"string"}, "NextUpdateAvailabilityDate":{ "type":"string", "max":25, @@ -4687,6 +4981,11 @@ }, "documentation":"

    RemoveTagsFromResourceOutput

    " }, + "ReportCompletionPercent":{ + "type":"integer", + "max":100, + "min":0 + }, "ResetCacheInput":{ "type":"structure", "required":["GatewayARN"], @@ -5028,6 +5327,60 @@ "GatewayARN":{"shape":"GatewayARN"} } }, + "StartCacheReportInput":{ + "type":"structure", + "required":[ + "FileShareARN", + "Role", + "LocationARN", + "BucketRegion", + "ClientToken" + ], + "members":{ + "FileShareARN":{"shape":"FileShareARN"}, + "Role":{ + "shape":"Role", + "documentation":"

    The ARN of the IAM role used when saving the cache report to Amazon S3.

    " + }, + "LocationARN":{ + "shape":"LocationARN", + "documentation":"

    The ARN of the Amazon S3 bucket where you want to save the cache report.

    We do not recommend saving the cache report to the same Amazon S3 bucket for which you are generating the report.

    This field does not accept access point ARNs.

    " + }, + "BucketRegion":{ + "shape":"RegionId", + "documentation":"

    The Amazon Web Services Region of the Amazon S3 bucket where you want to save the cache report.

    " + }, + "VPCEndpointDNSName":{ + "shape":"DNSHostName", + "documentation":"

    The DNS name of the VPC endpoint associated with the Amazon S3 where you want to save the cache report. Optional.

    " + }, + "InclusionFilters":{ + "shape":"CacheReportFilterList", + "documentation":"

    The list of filters and parameters that determine which files are included in the report. You must specify at least one value for InclusionFilters or ExclusionFilters in a StartCacheReport request.

    " + }, + "ExclusionFilters":{ + "shape":"CacheReportFilterList", + "documentation":"

    The list of filters and parameters that determine which files are excluded from the report. You must specify at least one value for InclusionFilters or ExclusionFilters in a StartCacheReport request.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique identifier that you use to ensure idempotent report generation if you need to retry an unsuccessful StartCacheReport request. If you retry a request, use the same ClientToken you specified in the initial request.

    " + }, + "Tags":{ + "shape":"Tags", + "documentation":"

    A list of up to 50 key/value tags that you can assign to the cache report. Using tags can help you categorize your reports and more easily locate them in search results.

    " + } + } + }, + "StartCacheReportOutput":{ + "type":"structure", + "members":{ + "CacheReportARN":{ + "shape":"CacheReportARN", + "documentation":"

    The Amazon Resource Name (ARN) of the cache report generated by the StartCacheReport request.

    " + } + } + }, "StartGatewayInput":{ "type":"structure", "required":["GatewayARN"], @@ -5667,7 +6020,7 @@ }, "ClientList":{ "shape":"FileShareClientList", - "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

    " + "documentation":"

    The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IPv4/IPv6 addresses or valid CIDR blocks.

    " }, "Squash":{ "shape":"Squash", diff -pruN 2.23.6-1/awscli/botocore/data/sts/2011-06-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/sts/2011-06-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/sts/2011-06-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sts/2011-06-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,34 +5,34 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "UseGlobalEndpoint": { "builtIn": "AWS::STS::UseGlobalEndpoint", "required": true, "default": false, "documentation": "Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.", - "type": "Boolean" + "type": "boolean" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/sts/2011-06-15/service-2.json 2.31.35-1/awscli/botocore/data/sts/2011-06-15/service-2.json --- 2.23.6-1/awscli/botocore/data/sts/2011-06-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/sts/2011-06-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -53,7 +53,9 @@ {"shape":"ExpiredTokenException"}, {"shape":"RegionDisabledException"} ], - "documentation":"

    Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

    The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.

    Session Duration

    By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

    Role chaining limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.

    Permissions

    The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

    (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

    Calling AssumeRoleWithSAML does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.

    Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

    Tags

    (Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

    You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

    An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

    You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.

    An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

    You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

    SAML Configuration

    Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.

    For more information, see the following resources:

    " + "documentation":"

    Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

    The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.

    AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These roles' names start with AWSReservedSSO_.

    Session Duration

    By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

    Role chaining limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.

    Permissions

    The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

    (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

    Calling AssumeRoleWithSAML does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.

    Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

    Tags

    (Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

    You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

    An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

    You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.

    An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

    You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

    SAML Configuration

    Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.

    For more information, see the following resources:

    ", + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "AssumeRoleWithWebIdentity":{ "name":"AssumeRoleWithWebIdentity", @@ -75,7 +77,9 @@ {"shape":"ExpiredTokenException"}, {"shape":"RegionDisabledException"} ], - "documentation":"

    Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or Amazon Cognito federated identities.

    For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide and the Amazon Web Services SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.

    To learn more about Amazon Cognito, see Amazon Cognito identity pools in Amazon Cognito Developer Guide.

    Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

    The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.

    Session Duration

    By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see Update the maximum session duration for a role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

    Permissions

    The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

    (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

    Tags

    (Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

    You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

    An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

    You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.

    An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

    You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

    Identities

    Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.

    Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.

    For more information about how to use OIDC federation and the AssumeRoleWithWebIdentity API, see the following resources:

    " + "documentation":"

    Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or Amazon Cognito federated identities.

    For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide and the Amazon Web Services SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.

    To learn more about Amazon Cognito, see Amazon Cognito identity pools in Amazon Cognito Developer Guide.

    Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

    The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.

    Session Duration

    By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see Update the maximum session duration for a role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

    Permissions

    The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

    (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

    Tags

    (Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing session tags using AssumeRoleWithWebIdentity in the IAM User Guide.

    You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

    An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

    You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.

    An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

    You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

    Identities

    Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.

    Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.

    For more information about how to use OIDC federation and the AssumeRoleWithWebIdentity API, see the following resources:

    ", + "authtype":"none", + "auth":["smithy.api#noAuth"] }, "AssumeRoot":{ "name":"AssumeRoot", @@ -92,7 +96,7 @@ {"shape":"RegionDisabledException"}, {"shape":"ExpiredTokenException"} ], - "documentation":"

    Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization.

    Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see Centralize root access for member accounts in the IAM User Guide.

    The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see Endpoints.

    You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see Track privileged tasks in CloudTrail in the IAM User Guide.

    " + "documentation":"

    Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization. You must use credentials from an Organizations management account or a delegated administrator account for IAM to call AssumeRoot. You cannot use root user credentials to make this call.

    Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see Centralize root access for member accounts in the IAM User Guide.

    The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see Endpoints.

    You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see Track privileged tasks in CloudTrail in the IAM User Guide.

    When granting access to privileged tasks you should only grant the necessary permissions required to perform that task. For more information, see Security best practices in IAM. In addition, you can use service control policies (SCPs) to manage and limit permissions in your organization. See General examples in the Organizations User Guide for more information on SCPs.

    " }, "DecodeAuthorizationMessage":{ "name":"DecodeAuthorizationMessage", @@ -136,6 +140,23 @@ }, "documentation":"

    Returns details about the IAM user or role whose credentials are used to call the operation.

    No permissions are required to perform this operation. If an administrator attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity action, you can still perform this operation. Permissions are not required because the same information is returned when access is denied. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the IAM User Guide.

    " }, + "GetDelegatedAccessToken":{ + "name":"GetDelegatedAccessToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDelegatedAccessTokenRequest"}, + "output":{ + "shape":"GetDelegatedAccessTokenResponse", + "resultWrapper":"GetDelegatedAccessTokenResult" + }, + "errors":[ + {"shape":"ExpiredTradeInTokenException"}, + {"shape":"RegionDisabledException"} + ], + "documentation":"

    This API is currently unavailable for general use.

    " + }, "GetFederationToken":{ "name":"GetFederationToken", "http":{ @@ -185,7 +206,7 @@ }, "RoleSessionName":{ "shape":"roleSessionNameType", - "documentation":"

    An identifier for the assumed role session.

    Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their CloudTrail logs.

    For security purposes, administrators can view this field in CloudTrail logs to help identify who performed an action in Amazon Web Services. Your administrator might require that you specify your user name as the session name when you assume the role. For more information, see sts:RoleSessionName .

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

    " + "documentation":"

    An identifier for the assumed role session.

    Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their CloudTrail logs.

    For security purposes, administrators can view this field in CloudTrail logs to help identify who performed an action in Amazon Web Services. Your administrator might require that you specify your user name as the session name when you assume the role. For more information, see sts:RoleSessionName .

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: +=,.@-

    " }, "PolicyArns":{ "shape":"policyDescriptorListType", @@ -209,11 +230,11 @@ }, "ExternalId":{ "shape":"externalIdType", - "documentation":"

    A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM User Guide.

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

    " + "documentation":"

    A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM User Guide.

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: +=,.@:\\/-

    " }, "SerialNumber":{ "shape":"serialNumberType", - "documentation":"

    The identification number of the MFA device that is associated with the user who is making the AssumeRole call. Specify this value if the trust policy of the role being assumed includes a condition that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

    " + "documentation":"

    The identification number of the MFA device that is associated with the user who is making the AssumeRole call. Specify this value if the trust policy of the role being assumed includes a condition that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).

    The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: +=/:,.@-

    " }, "TokenCode":{ "shape":"tokenCodeType", @@ -412,7 +433,7 @@ }, "TaskPolicyArn":{ "shape":"PolicyDescriptorType", - "documentation":"

    The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.

    " + "documentation":"

    The identity based policy that scopes the session to the privileged tasks that can be performed. You must use one of following Amazon Web Services managed policies to scope root session actions:

    " }, "DurationSeconds":{ "shape":"RootDurationSecondsType", @@ -513,6 +534,19 @@ }, "exception":true }, + "ExpiredTradeInTokenException":{ + "type":"structure", + "members":{ + "message":{"shape":"expiredTradeInTokenExceptionMessage"} + }, + "documentation":"

    ", + "error":{ + "code":"ExpiredTradeInTokenException", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "FederatedUser":{ "type":"structure", "required":[ @@ -552,8 +586,7 @@ }, "GetCallerIdentityRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetCallerIdentityResponse":{ "type":"structure", @@ -573,6 +606,30 @@ }, "documentation":"

    Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.

    " }, + "GetDelegatedAccessTokenRequest":{ + "type":"structure", + "required":["TradeInToken"], + "members":{ + "TradeInToken":{ + "shape":"tradeInTokenType", + "documentation":"

    " + } + } + }, + "GetDelegatedAccessTokenResponse":{ + "type":"structure", + "members":{ + "Credentials":{"shape":"Credentials"}, + "PackedPolicySize":{ + "shape":"nonNegativeIntegerType", + "documentation":"

    " + }, + "AssumedPrincipal":{ + "shape":"arnType", + "documentation":"

    " + } + } + }, "GetFederationTokenRequest":{ "type":"structure", "required":["Name"], @@ -751,14 +808,15 @@ "ProvidedContextsListType":{ "type":"list", "member":{"shape":"ProvidedContext"}, - "max":5 + "max":5, + "min":1 }, "RegionDisabledException":{ "type":"structure", "members":{ "message":{"shape":"regionDisabledMessage"} }, - "documentation":"

    STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating STS in an Amazon Web Services Region in the IAM User Guide.

    ", + "documentation":"

    STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating STS in an Amazon Web Services Region in the IAM User Guide.

    ", "error":{ "code":"RegionDisabledException", "httpStatusCode":403, @@ -849,6 +907,7 @@ "min":1 }, "expiredIdentityTokenMessage":{"type":"string"}, + "expiredTradeInTokenExceptionMessage":{"type":"string"}, "externalIdType":{ "type":"string", "max":1224, @@ -934,6 +993,10 @@ "pattern":"[\\d]*" }, "tokenType":{"type":"string"}, + "tradeInTokenType":{ + "type":"string", + "sensitive":true + }, "unrestrictedSessionPolicyDocumentType":{ "type":"string", "min":1, diff -pruN 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/paginators-1.json 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/paginators-1.json --- 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -17,6 +17,24 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "instances" + }, + "ListDataIntegrationEvents": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "events" + }, + "ListDataIntegrationFlowExecutions": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "flowExecutions" + }, + "ListDataLakeNamespaces": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "namespaces" } } } diff -pruN 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/service-2.json 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/service-2.json --- 2.23.6-1/awscli/botocore/data/supplychain/2024-01-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/supplychain/2024-01-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -66,8 +66,8 @@ "output":{"shape":"CreateDataLakeDatasetResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"}, {"shape":"ValidationException"}, {"shape":"InternalServerException"}, @@ -76,6 +76,27 @@ "documentation":"

    Enables you to programmatically create an Amazon Web Services Supply Chain data lake dataset. Developers can create the datasets using their pre-defined or custom schema for a given instance ID, namespace, and dataset name.

    ", "idempotent":true }, + "CreateDataLakeNamespace":{ + "name":"CreateDataLakeNamespace", + "http":{ + "method":"PUT", + "requestUri":"/api/datalake/instance/{instanceId}/namespaces/{name}", + "responseCode":200 + }, + "input":{"shape":"CreateDataLakeNamespaceRequest"}, + "output":{"shape":"CreateDataLakeNamespaceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically create an Amazon Web Services Supply Chain data lake namespace. Developers can create the namespaces for a given instance ID.

    ", + "idempotent":true + }, "CreateInstance":{ "name":"CreateInstance", "http":{ @@ -139,6 +160,27 @@ "documentation":"

    Enables you to programmatically delete an Amazon Web Services Supply Chain data lake dataset. Developers can delete the existing datasets for a given instance ID, namespace, and instance name.

    ", "idempotent":true }, + "DeleteDataLakeNamespace":{ + "name":"DeleteDataLakeNamespace", + "http":{ + "method":"DELETE", + "requestUri":"/api/datalake/instance/{instanceId}/namespaces/{name}", + "responseCode":200 + }, + "input":{"shape":"DeleteDataLakeNamespaceRequest"}, + "output":{"shape":"DeleteDataLakeNamespaceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically delete an Amazon Web Services Supply Chain data lake namespace and its underling datasets. Developers can delete the existing namespaces for a given instance ID and namespace name.

    ", + "idempotent":true + }, "DeleteInstance":{ "name":"DeleteInstance", "http":{ @@ -180,6 +222,26 @@ ], "documentation":"

    Get status and details of a BillOfMaterialsImportJob.

    " }, + "GetDataIntegrationEvent":{ + "name":"GetDataIntegrationEvent", + "http":{ + "method":"GET", + "requestUri":"/api-data/data-integration/instance/{instanceId}/data-integration-events/{eventId}", + "responseCode":200 + }, + "input":{"shape":"GetDataIntegrationEventRequest"}, + "output":{"shape":"GetDataIntegrationEventResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically view an Amazon Web Services Supply Chain Data Integration Event. Developers can view the eventType, eventGroupId, eventTimestamp, datasetTarget, datasetLoadExecution.

    " + }, "GetDataIntegrationFlow":{ "name":"GetDataIntegrationFlow", "http":{ @@ -200,6 +262,26 @@ ], "documentation":"

    Enables you to programmatically view a specific data pipeline for the provided Amazon Web Services Supply Chain instance and DataIntegrationFlow name.

    " }, + "GetDataIntegrationFlowExecution":{ + "name":"GetDataIntegrationFlowExecution", + "http":{ + "method":"GET", + "requestUri":"/api-data/data-integration/instance/{instanceId}/data-integration-flows/{flowName}/executions/{executionId}", + "responseCode":200 + }, + "input":{"shape":"GetDataIntegrationFlowExecutionRequest"}, + "output":{"shape":"GetDataIntegrationFlowExecutionResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Get the flow execution.

    " + }, "GetDataLakeDataset":{ "name":"GetDataLakeDataset", "http":{ @@ -220,6 +302,26 @@ ], "documentation":"

    Enables you to programmatically view an Amazon Web Services Supply Chain data lake dataset. Developers can view the data lake dataset information such as namespace, schema, and so on for a given instance ID, namespace, and dataset name.

    " }, + "GetDataLakeNamespace":{ + "name":"GetDataLakeNamespace", + "http":{ + "method":"GET", + "requestUri":"/api/datalake/instance/{instanceId}/namespaces/{name}", + "responseCode":200 + }, + "input":{"shape":"GetDataLakeNamespaceRequest"}, + "output":{"shape":"GetDataLakeNamespaceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically view an Amazon Web Services Supply Chain data lake namespace. Developers can view the data lake namespace information such as description for a given instance ID and namespace name.

    " + }, "GetInstance":{ "name":"GetInstance", "http":{ @@ -240,6 +342,46 @@ ], "documentation":"

    Enables you to programmatically retrieve the information related to an Amazon Web Services Supply Chain instance ID.

    " }, + "ListDataIntegrationEvents":{ + "name":"ListDataIntegrationEvents", + "http":{ + "method":"GET", + "requestUri":"/api-data/data-integration/instance/{instanceId}/data-integration-events", + "responseCode":200 + }, + "input":{"shape":"ListDataIntegrationEventsRequest"}, + "output":{"shape":"ListDataIntegrationEventsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically list all data integration events for the provided Amazon Web Services Supply Chain instance.

    " + }, + "ListDataIntegrationFlowExecutions":{ + "name":"ListDataIntegrationFlowExecutions", + "http":{ + "method":"GET", + "requestUri":"/api-data/data-integration/instance/{instanceId}/data-integration-flows/{flowName}/executions", + "responseCode":200 + }, + "input":{"shape":"ListDataIntegrationFlowExecutionsRequest"}, + "output":{"shape":"ListDataIntegrationFlowExecutionsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    List flow executions.

    " + }, "ListDataIntegrationFlows":{ "name":"ListDataIntegrationFlows", "http":{ @@ -280,6 +422,26 @@ ], "documentation":"

    Enables you to programmatically view the list of Amazon Web Services Supply Chain data lake datasets. Developers can view the datasets and the corresponding information such as namespace, schema, and so on for a given instance ID and namespace.

    " }, + "ListDataLakeNamespaces":{ + "name":"ListDataLakeNamespaces", + "http":{ + "method":"GET", + "requestUri":"/api/datalake/instance/{instanceId}/namespaces", + "responseCode":200 + }, + "input":{"shape":"ListDataLakeNamespacesRequest"}, + "output":{"shape":"ListDataLakeNamespacesResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically view the list of Amazon Web Services Supply Chain data lake namespaces. Developers can view the namespaces and the corresponding information such as description for a given instance ID. Note that this API only return custom namespaces, instance pre-defined namespaces are not included.

    " + }, "ListInstances":{ "name":"ListInstances", "http":{ @@ -338,7 +500,7 @@ {"shape":"InternalServerException"}, {"shape":"ConflictException"} ], - "documentation":"

    Send the transactional data payload for the event with real-time data for analysis or monitoring. The real-time data events are stored in an Amazon Web Services service before being processed and stored in data lake. New data events are synced with data lake at 5 PM GMT everyday. The updated transactional data is available in data lake after ingestion.

    ", + "documentation":"

    Send the data payload for the event with real-time data for analysis or monitoring. The real-time data events are stored in an Amazon Web Services service before being processed and stored in data lake.

    ", "idempotent":true }, "TagResource":{ @@ -422,6 +584,26 @@ ], "documentation":"

    Enables you to programmatically update an Amazon Web Services Supply Chain data lake dataset. Developers can update the description of a data lake dataset for a given instance ID, namespace, and dataset name.

    " }, + "UpdateDataLakeNamespace":{ + "name":"UpdateDataLakeNamespace", + "http":{ + "method":"PATCH", + "requestUri":"/api/datalake/instance/{instanceId}/namespaces/{name}", + "responseCode":200 + }, + "input":{"shape":"UpdateDataLakeNamespaceRequest"}, + "output":{"shape":"UpdateDataLakeNamespaceResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Enables you to programmatically update an Amazon Web Services Supply Chain data lake namespace. Developers can update the description of a data lake namespace for a given instance ID and namespace name.

    " + }, "UpdateInstance":{ "name":"UpdateInstance", "http":{ @@ -646,8 +828,8 @@ "locationName":"instanceId" }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset.

    ", + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    ", "location":"uri", "locationName":"namespace" }, @@ -659,12 +841,16 @@ }, "schema":{ "shape":"DataLakeDatasetSchema", - "documentation":"

    The custom schema of the data lake dataset and is only required when the name space is default.

    " + "documentation":"

    The custom schema of the data lake dataset and required for dataset in default and custom namespaces.

    " }, "description":{ "shape":"DataLakeDatasetDescription", "documentation":"

    The description of the dataset.

    " }, + "partitionSpec":{ + "shape":"DataLakeDatasetPartitionSpec", + "documentation":"

    The partition specification of the dataset. Partitioning can effectively improve the dataset query performance by reducing the amount of data scanned during query execution. But partitioning or not will affect how data get ingested by data ingestion methods, such as SendDataIntegrationEvent's dataset UPSERT will upsert records within partition (instead of within whole dataset). For more details, refer to those data ingestion documentations.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    The tags of the dataset.

    " @@ -683,6 +869,47 @@ }, "documentation":"

    The response parameters of CreateDataLakeDataset.

    " }, + "CreateDataLakeNamespaceRequest":{ + "type":"structure", + "required":[ + "instanceId", + "name" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of the namespace. Noted you cannot create namespace with name starting with asc, default, scn, aws, amazon, amzn

    ", + "location":"uri", + "locationName":"name" + }, + "description":{ + "shape":"DataLakeNamespaceDescription", + "documentation":"

    The description of the namespace.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags of the namespace.

    " + } + }, + "documentation":"

    The request parameters for CreateDataLakeNamespace.

    " + }, + "CreateDataLakeNamespaceResponse":{ + "type":"structure", + "required":["namespace"], + "members":{ + "namespace":{ + "shape":"DataLakeNamespace", + "documentation":"

    The detail of created namespace.

    " + } + }, + "documentation":"

    The response parameters of CreateDataLakeNamespace.

    " + }, "CreateInstanceRequest":{ "type":"structure", "members":{ @@ -725,17 +952,147 @@ }, "documentation":"

    The response parameters for CreateInstance.

    " }, + "DataIntegrationDatasetArn":{ + "type":"string", + "max":1011, + "min":20, + "pattern":"arn:aws:scn:([a-z0-9-]+):([0-9]+):instance/([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/namespaces/[^/]+/datasets/[^/]+" + }, + "DataIntegrationEvent":{ + "type":"structure", + "required":[ + "instanceId", + "eventId", + "eventType", + "eventGroupId", + "eventTimestamp" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The AWS Supply Chain instance identifier.

    " + }, + "eventId":{ + "shape":"UUID", + "documentation":"

    The unique event identifier.

    " + }, + "eventType":{ + "shape":"DataIntegrationEventType", + "documentation":"

    The data event type.

    " + }, + "eventGroupId":{ + "shape":"DataIntegrationEventGroupId", + "documentation":"

    Event identifier (for example, orderId for InboundOrder) used for data sharding or partitioning.

    " + }, + "eventTimestamp":{ + "shape":"Timestamp", + "documentation":"

    The event timestamp (in epoch seconds).

    " + }, + "datasetTargetDetails":{ + "shape":"DataIntegrationEventDatasetTargetDetails", + "documentation":"

    The target dataset details for a DATASET event type.

    " + } + }, + "documentation":"

    The data integration event details.

    " + }, "DataIntegrationEventData":{ "type":"string", "max":1048576, "min":1, "sensitive":true }, + "DataIntegrationEventDatasetLoadExecutionDetails":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"DataIntegrationEventDatasetLoadStatus", + "documentation":"

    The event load execution status to target dataset.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    The failure message (if any) of failed event load execution to dataset.

    " + } + }, + "documentation":"

    The target dataset load execution details.

    " + }, + "DataIntegrationEventDatasetLoadStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "IN_PROGRESS", + "FAILED" + ] + }, + "DataIntegrationEventDatasetOperationType":{ + "type":"string", + "enum":[ + "APPEND", + "UPSERT", + "DELETE" + ] + }, + "DataIntegrationEventDatasetTargetConfiguration":{ + "type":"structure", + "required":[ + "datasetIdentifier", + "operationType" + ], + "members":{ + "datasetIdentifier":{ + "shape":"DataIntegrationDatasetArn", + "documentation":"

    The datalake dataset ARN identifier.

    " + }, + "operationType":{ + "shape":"DataIntegrationEventDatasetOperationType", + "documentation":"

    The target dataset load operation type.

    " + } + }, + "documentation":"

    The target dataset configuration for a DATASET event type.

    " + }, + "DataIntegrationEventDatasetTargetDetails":{ + "type":"structure", + "required":[ + "datasetIdentifier", + "operationType", + "datasetLoadExecution" + ], + "members":{ + "datasetIdentifier":{ + "shape":"DataIntegrationDatasetArn", + "documentation":"

    The datalake dataset ARN identifier.

    " + }, + "operationType":{ + "shape":"DataIntegrationEventDatasetOperationType", + "documentation":"

    The target dataset load operation type. The available options are:

    • APPEND - Add new records to the dataset. Noted that this operation type will just try to append records as-is without any primary key or partition constraints.

    • UPSERT - Modify existing records in the dataset with primary key configured, events for datasets without primary keys are not allowed. If event data contains primary keys that match records in the dataset within same partition, then those existing records (in that partition) will be updated. If primary keys do not match, new records will be added. Note that if dataset contain records with duplicate primary key values in the same partition, those duplicate records will be deduped into one updated record.

    • DELETE - Remove existing records in the dataset with primary key configured, events for datasets without primary keys are not allowed. If event data contains primary keys that match records in the dataset within same partition, then those existing records (in that partition) will be deleted. If primary keys do not match, no actions will be done. Note that if dataset contain records with duplicate primary key values in the same partition, all those duplicates will be removed.

    " + }, + "datasetLoadExecution":{ + "shape":"DataIntegrationEventDatasetLoadExecutionDetails", + "documentation":"

    The target dataset load execution.

    " + } + }, + "documentation":"

    The target dataset details for a DATASET event type.

    " + }, "DataIntegrationEventGroupId":{ "type":"string", "max":255, "min":1 }, + "DataIntegrationEventList":{ + "type":"list", + "member":{"shape":"DataIntegrationEvent"} + }, + "DataIntegrationEventMaxResults":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "DataIntegrationEventNextToken":{ + "type":"string", + "max":65535, + "min":1 + }, "DataIntegrationEventType":{ "type":"string", "enum":[ @@ -753,7 +1110,8 @@ "scn.data.shipment", "scn.data.shipmentstop", "scn.data.shipmentstoporder", - "scn.data.supplyplan" + "scn.data.supplyplan", + "scn.data.dataset" ] }, "DataIntegrationFlow":{ @@ -804,15 +1162,30 @@ "members":{ "loadType":{ "shape":"DataIntegrationFlowLoadType", - "documentation":"

    The dataset data load type in dataset options.

    " + "documentation":"

    The target dataset's data load type. This only affects how source S3 files are selected in the S3-to-dataset flow.

    • REPLACE - Target dataset will get replaced with the new file added under the source s3 prefix.

    • INCREMENTAL - Target dataset will get updated with the up-to-date content under S3 prefix incorporating any file additions or removals there.

    " }, "dedupeRecords":{ "shape":"Boolean", - "documentation":"

    The dataset load option to remove duplicates.

    " + "documentation":"

    The option to perform deduplication on data records sharing same primary key values. If disabled, transformed data with duplicate primary key values will ingest into dataset, for datasets within asc namespace, such duplicates will cause ingestion fail. If enabled without dedupeStrategy, deduplication is done by retaining a random data record among those sharing the same primary key values. If enabled with dedupeStragtegy, the deduplication is done following the strategy.

    Note that target dataset may have partition configured, when dedupe is enabled, it only dedupe against primary keys and retain only one record out of those duplicates regardless of its partition status.

    " + }, + "dedupeStrategy":{ + "shape":"DataIntegrationFlowDedupeStrategy", + "documentation":"

    The deduplication strategy to dedupe the data records sharing same primary key values of the target dataset. This strategy only applies to target dataset with primary keys and with dedupeRecords option enabled. If transformed data still got duplicates after the dedupeStrategy evaluation, a random data record is chosen to be retained.

    " } }, "documentation":"

    The dataset options used in dataset source and target configurations.

    " }, + "DataIntegrationFlowDatasetSource":{ + "type":"structure", + "required":["datasetIdentifier"], + "members":{ + "datasetIdentifier":{ + "shape":"DataIntegrationDatasetArn", + "documentation":"

    The ARN of the dataset source.

    " + } + }, + "documentation":"

    The details of a flow execution with dataset source.

    " + }, "DataIntegrationFlowDatasetSourceConfiguration":{ "type":"structure", "required":["datasetIdentifier"], @@ -843,6 +1216,176 @@ }, "documentation":"

    The dataset DataIntegrationFlow target configuration parameters.

    " }, + "DataIntegrationFlowDedupeStrategy":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"DataIntegrationFlowDedupeStrategyType", + "documentation":"

    The type of the deduplication strategy.

    • FIELD_PRIORITY - Field priority configuration for the deduplication strategy specifies an ordered list of fields used to tie-break the data records sharing the same primary key values. Fields earlier in the list have higher priority for evaluation. For each field, the sort order determines whether to retain data record with larger or smaller field value.

    " + }, + "fieldPriority":{ + "shape":"DataIntegrationFlowFieldPriorityDedupeStrategyConfiguration", + "documentation":"

    The field priority deduplication strategy.

    " + } + }, + "documentation":"

    The deduplication strategy details.

    " + }, + "DataIntegrationFlowDedupeStrategyType":{ + "type":"string", + "enum":["FIELD_PRIORITY"] + }, + "DataIntegrationFlowExecution":{ + "type":"structure", + "required":[ + "instanceId", + "flowName", + "executionId" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The flow execution's instanceId.

    " + }, + "flowName":{ + "shape":"DataIntegrationFlowName", + "documentation":"

    The flow execution's flowName.

    " + }, + "executionId":{ + "shape":"UUID", + "documentation":"

    The flow executionId.

    " + }, + "status":{ + "shape":"DataIntegrationFlowExecutionStatus", + "documentation":"

    The status of flow execution.

    " + }, + "sourceInfo":{ + "shape":"DataIntegrationFlowExecutionSourceInfo", + "documentation":"

    The source information for a flow execution.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    The failure message (if any) of failed flow execution.

    " + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"

    The flow execution start timestamp.

    " + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

    The flow execution end timestamp.

    " + }, + "outputMetadata":{ + "shape":"DataIntegrationFlowExecutionOutputMetadata", + "documentation":"

    The flow execution output metadata.

    " + } + }, + "documentation":"

    The flow execution details.

    " + }, + "DataIntegrationFlowExecutionDiagnosticReportsRootS3URI":{ + "type":"string", + "pattern":"s3://[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]/.{1,1024}" + }, + "DataIntegrationFlowExecutionList":{ + "type":"list", + "member":{"shape":"DataIntegrationFlowExecution"} + }, + "DataIntegrationFlowExecutionMaxResults":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "DataIntegrationFlowExecutionNextToken":{ + "type":"string", + "max":65535, + "min":1 + }, + "DataIntegrationFlowExecutionOutputMetadata":{ + "type":"structure", + "members":{ + "diagnosticReportsRootS3URI":{ + "shape":"DataIntegrationFlowExecutionDiagnosticReportsRootS3URI", + "documentation":"

    The S3 URI under which all diagnostic files (such as deduped records if any) are stored.

    " + } + }, + "documentation":"

    The output metadata of the flow execution.

    " + }, + "DataIntegrationFlowExecutionSourceInfo":{ + "type":"structure", + "required":["sourceType"], + "members":{ + "sourceType":{ + "shape":"DataIntegrationFlowSourceType", + "documentation":"

    The data integration flow execution source type.

    " + }, + "s3Source":{ + "shape":"DataIntegrationFlowS3Source", + "documentation":"

    The source details of a flow execution with S3 source.

    " + }, + "datasetSource":{ + "shape":"DataIntegrationFlowDatasetSource", + "documentation":"

    The source details of a flow execution with dataset source.

    " + } + }, + "documentation":"

    The source information of a flow execution.

    " + }, + "DataIntegrationFlowExecutionStatus":{ + "type":"string", + "enum":[ + "SUCCEEDED", + "IN_PROGRESS", + "FAILED" + ] + }, + "DataIntegrationFlowFieldPriorityDedupeField":{ + "type":"structure", + "required":[ + "name", + "sortOrder" + ], + "members":{ + "name":{ + "shape":"DataIntegrationFlowFieldPriorityDedupeFieldName", + "documentation":"

    The name of the deduplication field. Must exist in the dataset and not be a primary key.

    " + }, + "sortOrder":{ + "shape":"DataIntegrationFlowFieldPriorityDedupeSortOrder", + "documentation":"

    The sort order for the deduplication field.

    " + } + }, + "documentation":"

    The field used in the field priority deduplication strategy.

    " + }, + "DataIntegrationFlowFieldPriorityDedupeFieldList":{ + "type":"list", + "member":{"shape":"DataIntegrationFlowFieldPriorityDedupeField"}, + "max":10, + "min":1 + }, + "DataIntegrationFlowFieldPriorityDedupeFieldName":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-z0-9_]+" + }, + "DataIntegrationFlowFieldPriorityDedupeSortOrder":{ + "type":"string", + "enum":[ + "ASC", + "DESC" + ] + }, + "DataIntegrationFlowFieldPriorityDedupeStrategyConfiguration":{ + "type":"structure", + "required":["fields"], + "members":{ + "fields":{ + "shape":"DataIntegrationFlowFieldPriorityDedupeFieldList", + "documentation":"

    The list of field names and their sort order for deduplication, arranged in descending priority from highest to lowest.

    " + } + }, + "documentation":"

    The field priority deduplication strategy details.

    " + }, "DataIntegrationFlowFileType":{ "type":"string", "enum":[ @@ -895,6 +1438,24 @@ "min":0, "pattern":"[/A-Za-z0-9._-]+" }, + "DataIntegrationFlowS3Source":{ + "type":"structure", + "required":[ + "bucketName", + "key" + ], + "members":{ + "bucketName":{ + "shape":"S3BucketName", + "documentation":"

    The S3 bucket name of the S3 source.

    " + }, + "key":{ + "shape":"DataIntegrationS3ObjectKey", + "documentation":"

    The S3 object key of the S3 source.

    " + } + }, + "documentation":"

    The details of a flow execution with S3 source.

    " + }, "DataIntegrationFlowS3SourceConfiguration":{ "type":"structure", "required":[ @@ -908,7 +1469,7 @@ }, "prefix":{ "shape":"DataIntegrationFlowS3Prefix", - "documentation":"

    The prefix of the S3 source objects.

    " + "documentation":"

    The prefix of the S3 source objects. To trigger data ingestion, S3 files need to be put under s3://bucketName/prefix/.

    " }, "options":{ "shape":"DataIntegrationFlowS3Options", @@ -942,7 +1503,8 @@ "DataIntegrationFlowSQLQuery":{ "type":"string", "max":65535, - "min":1 + "min":1, + "sensitive":true }, "DataIntegrationFlowSQLTransformationConfiguration":{ "type":"structure", @@ -1014,7 +1576,7 @@ }, "datasetTarget":{ "shape":"DataIntegrationFlowDatasetTargetConfiguration", - "documentation":"

    The dataset DataIntegrationFlow target.

    " + "documentation":"

    The dataset DataIntegrationFlow target. Note that for AWS Supply Chain dataset under asc namespace, it has a connection_id internal field that is not allowed to be provided by client directly, they will be auto populated.

    " } }, "documentation":"

    The DataIntegrationFlow target parameters.

    " @@ -1048,6 +1610,12 @@ "NONE" ] }, + "DataIntegrationS3ObjectKey":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[/A-Za-z0-9._:*()'!=?&+;@-]+" + }, "DataLakeDataset":{ "type":"structure", "required":[ @@ -1065,12 +1633,12 @@ "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    " }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset. The available values are:

    " + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    " }, "name":{ "shape":"DataLakeDatasetName", - "documentation":"

    The name of the dataset. For asc name space, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    " + "documentation":"

    The name of the dataset. For asc namespace, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    " }, "arn":{ "shape":"AscResourceArn", @@ -1084,6 +1652,7 @@ "shape":"DataLakeDatasetDescription", "documentation":"

    The description of the dataset.

    " }, + "partitionSpec":{"shape":"DataLakeDatasetPartitionSpec"}, "createdTime":{ "shape":"Timestamp", "documentation":"

    The creation time of the dataset.

    " @@ -1104,7 +1673,7 @@ "type":"list", "member":{"shape":"DataLakeDataset"}, "max":20, - "min":1 + "min":0 }, "DataLakeDatasetMaxResults":{ "type":"integer", @@ -1118,17 +1687,84 @@ "min":1, "pattern":"[a-z0-9_]+" }, - "DataLakeDatasetNamespace":{ - "type":"string", - "max":50, - "min":1, - "pattern":"[a-z]+" - }, "DataLakeDatasetNextToken":{ "type":"string", "max":65535, "min":1 }, + "DataLakeDatasetPartitionField":{ + "type":"structure", + "required":[ + "name", + "transform" + ], + "members":{ + "name":{ + "shape":"DataLakeDatasetSchemaFieldName", + "documentation":"

    The name of the partition field.

    " + }, + "transform":{ + "shape":"DataLakeDatasetPartitionFieldTransform", + "documentation":"

    The transformation of the partition field. A transformation specifies how to partition on a given field. For example, with timestamp you can specify that you'd like to partition fields by day, e.g. data record with value 2025-01-03T00:00:00Z in partition field is in 2025-01-03 partition. Also noted that data record without any value in optional partition field is in NULL partition.

    " + } + }, + "documentation":"

    The detail of the partition field.

    " + }, + "DataLakeDatasetPartitionFieldList":{ + "type":"list", + "member":{"shape":"DataLakeDatasetPartitionField"}, + "max":10, + "min":1 + }, + "DataLakeDatasetPartitionFieldTransform":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"DataLakeDatasetPartitionTransformType", + "documentation":"

    The type of partitioning transformation for this field. The available options are:

    • IDENTITY - Partitions data on a given field by its exact values.

    • YEAR - Partitions data on a timestamp field using year granularity.

    • MONTH - Partitions data on a timestamp field using month granularity.

    • DAY - Partitions data on a timestamp field using day granularity.

    • HOUR - Partitions data on a timestamp field using hour granularity.

    " + } + }, + "documentation":"

    The detail of the partition field transformation.

    " + }, + "DataLakeDatasetPartitionSpec":{ + "type":"structure", + "required":["fields"], + "members":{ + "fields":{ + "shape":"DataLakeDatasetPartitionFieldList", + "documentation":"

    The fields on which to partition a dataset. The partitions will be applied hierarchically based on the order of this list.

    " + } + }, + "documentation":"

    The partition specification for a dataset.

    " + }, + "DataLakeDatasetPartitionTransformType":{ + "type":"string", + "enum":[ + "YEAR", + "MONTH", + "DAY", + "HOUR", + "IDENTITY" + ] + }, + "DataLakeDatasetPrimaryKeyField":{ + "type":"structure", + "required":["name"], + "members":{ + "name":{ + "shape":"DataLakeDatasetSchemaFieldName", + "documentation":"

    The name of the primary key field.

    " + } + }, + "documentation":"

    The detail of the primary key field.

    " + }, + "DataLakeDatasetPrimaryKeyFieldList":{ + "type":"list", + "member":{"shape":"DataLakeDatasetPrimaryKeyField"}, + "max":20, + "min":1 + }, "DataLakeDatasetSchema":{ "type":"structure", "required":[ @@ -1143,9 +1779,13 @@ "fields":{ "shape":"DataLakeDatasetSchemaFieldList", "documentation":"

    The list of field details of the dataset schema.

    " + }, + "primaryKeys":{ + "shape":"DataLakeDatasetPrimaryKeyFieldList", + "documentation":"

    The list of primary key fields for the dataset. Primary keys defined can help data ingestion methods to ensure data uniqueness: CreateDataIntegrationFlow's dedupe strategy will leverage primary keys to perform records deduplication before write to dataset; SendDataIntegrationEvent's UPSERT and DELETE can only work with dataset with primary keys. For more details, refer to those data ingestion documentations.

    Note that defining primary keys does not necessarily mean the dataset cannot have duplicate records, duplicate records can still be ingested if CreateDataIntegrationFlow's dedupe disabled or through SendDataIntegrationEvent's APPEND operation.

    " } }, - "documentation":"

    The schema details of the dataset.

    " + "documentation":"

    The schema details of the dataset. Note that for AWS Supply Chain dataset under asc namespace, it may have internal fields like connection_id that will be auto populated by data ingestion methods.

    " }, "DataLakeDatasetSchemaField":{ "type":"structure", @@ -1188,7 +1828,8 @@ "INT", "DOUBLE", "STRING", - "TIMESTAMP" + "TIMESTAMP", + "LONG" ] }, "DataLakeDatasetSchemaName":{ @@ -1197,6 +1838,71 @@ "min":1, "pattern":"[A-Za-z0-9]+" }, + "DataLakeNamespace":{ + "type":"structure", + "required":[ + "instanceId", + "name", + "arn", + "createdTime", + "lastModifiedTime" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    " + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of the namespace.

    " + }, + "arn":{ + "shape":"AscResourceArn", + "documentation":"

    The arn of the namespace.

    " + }, + "description":{ + "shape":"DataLakeNamespaceDescription", + "documentation":"

    The description of the namespace.

    " + }, + "createdTime":{ + "shape":"Timestamp", + "documentation":"

    The creation time of the namespace.

    " + }, + "lastModifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The last modified time of the namespace.

    " + } + }, + "documentation":"

    The data lake namespace details.

    " + }, + "DataLakeNamespaceDescription":{ + "type":"string", + "max":500, + "min":1 + }, + "DataLakeNamespaceList":{ + "type":"list", + "member":{"shape":"DataLakeNamespace"}, + "max":20, + "min":1 + }, + "DataLakeNamespaceMaxResults":{ + "type":"integer", + "box":true, + "max":20, + "min":1 + }, + "DataLakeNamespaceName":{ + "type":"string", + "max":50, + "min":1, + "pattern":"[a-z0-9_]+" + }, + "DataLakeNamespaceNextToken":{ + "type":"string", + "max":65535, + "min":1 + }, "DatasetIdentifier":{ "type":"string", "max":1011, @@ -1258,14 +1964,14 @@ "locationName":"instanceId" }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset. The available values are:

    ", + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    ", "location":"uri", "locationName":"namespace" }, "name":{ "shape":"DataLakeDatasetName", - "documentation":"

    The name of the dataset. For asc name space, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", + "documentation":"

    The name of the dataset. For asc namespace, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", "location":"uri", "locationName":"name" } @@ -1285,8 +1991,8 @@ "documentation":"

    The AWS Supply Chain instance identifier.

    " }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of deleted dataset.

    " + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of deleted dataset.

    " }, "name":{ "shape":"DataLakeDatasetName", @@ -1295,6 +2001,46 @@ }, "documentation":"

    The response parameters of DeleteDataLakeDataset.

    " }, + "DeleteDataLakeNamespaceRequest":{ + "type":"structure", + "required":[ + "instanceId", + "name" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The AWS Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of the namespace. Noted you cannot delete pre-defined namespace like asc, default which are only deleted through instance deletion.

    ", + "location":"uri", + "locationName":"name" + } + }, + "documentation":"

    The request parameters of DeleteDataLakeNamespace.

    " + }, + "DeleteDataLakeNamespaceResponse":{ + "type":"structure", + "required":[ + "instanceId", + "name" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The AWS Supply Chain instance identifier.

    " + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of deleted namespace.

    " + } + }, + "documentation":"

    The response parameters of DeleteDataLakeNamespace.

    " + }, "DeleteInstanceRequest":{ "type":"structure", "required":["instanceId"], @@ -1356,6 +2102,79 @@ }, "documentation":"

    The response parameters for GetBillOfMaterialsImportJob.

    " }, + "GetDataIntegrationEventRequest":{ + "type":"structure", + "required":[ + "instanceId", + "eventId" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "eventId":{ + "shape":"UUID", + "documentation":"

    The unique event identifier.

    ", + "location":"uri", + "locationName":"eventId" + } + }, + "documentation":"

    The request parameters for GetDataIntegrationEvent.

    " + }, + "GetDataIntegrationEventResponse":{ + "type":"structure", + "required":["event"], + "members":{ + "event":{ + "shape":"DataIntegrationEvent", + "documentation":"

    The details of the DataIntegrationEvent returned.

    " + } + }, + "documentation":"

    The response parameters for GetDataIntegrationEvent.

    " + }, + "GetDataIntegrationFlowExecutionRequest":{ + "type":"structure", + "required":[ + "instanceId", + "flowName", + "executionId" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The AWS Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "flowName":{ + "shape":"DataIntegrationFlowName", + "documentation":"

    The flow name.

    ", + "location":"uri", + "locationName":"flowName" + }, + "executionId":{ + "shape":"UUID", + "documentation":"

    The flow execution identifier.

    ", + "location":"uri", + "locationName":"executionId" + } + }, + "documentation":"

    The request parameters of GetFlowExecution.

    " + }, + "GetDataIntegrationFlowExecutionResponse":{ + "type":"structure", + "required":["flowExecution"], + "members":{ + "flowExecution":{ + "shape":"DataIntegrationFlowExecution", + "documentation":"

    The flow execution details.

    " + } + }, + "documentation":"

    The response parameters of GetFlowExecution.

    " + }, "GetDataIntegrationFlowRequest":{ "type":"structure", "required":[ @@ -1404,14 +2223,14 @@ "locationName":"instanceId" }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset. The available values are:

    ", + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    ", "location":"uri", "locationName":"namespace" }, "name":{ "shape":"DataLakeDatasetName", - "documentation":"

    The name of the dataset. For asc name space, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", + "documentation":"

    The name of the dataset. For asc namespace, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", "location":"uri", "locationName":"name" } @@ -1427,7 +2246,40 @@ "documentation":"

    The fetched dataset details.

    " } }, - "documentation":"

    The response parameters for UpdateDataLakeDataset.

    " + "documentation":"

    The response parameters for GetDataLakeDataset.

    " + }, + "GetDataLakeNamespaceRequest":{ + "type":"structure", + "required":[ + "instanceId", + "name" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of the namespace. Besides the namespaces user created, you can also specify the pre-defined namespaces:

    ", + "location":"uri", + "locationName":"name" + } + }, + "documentation":"

    The request parameters for GetDataLakeNamespace.

    " + }, + "GetDataLakeNamespaceResponse":{ + "type":"structure", + "required":["namespace"], + "members":{ + "namespace":{ + "shape":"DataLakeNamespace", + "documentation":"

    The fetched namespace details.

    " + } + }, + "documentation":"

    The response parameters for GetDataLakeNamespace.

    " }, "GetInstanceRequest":{ "type":"structure", @@ -1579,6 +2431,101 @@ "min":0, "pattern":"arn:[a-z0-9][-.a-z0-9]{0,62}:kms:([a-z0-9][-.a-z0-9]{0,62})?:([a-z0-9][-.a-z0-9]{0,62})?:key/.{0,1019}" }, + "ListDataIntegrationEventsRequest":{ + "type":"structure", + "required":["instanceId"], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "eventType":{ + "shape":"DataIntegrationEventType", + "documentation":"

    List data integration events for the specified eventType.

    ", + "location":"querystring", + "locationName":"eventType" + }, + "nextToken":{ + "shape":"DataIntegrationEventNextToken", + "documentation":"

    The pagination token to fetch the next page of the data integration events.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"DataIntegrationEventMaxResults", + "documentation":"

    Specify the maximum number of data integration events to fetch in one paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + } + }, + "documentation":"

    The request parameters for ListDataIntegrationEvents.

    " + }, + "ListDataIntegrationEventsResponse":{ + "type":"structure", + "required":["events"], + "members":{ + "events":{ + "shape":"DataIntegrationEventList", + "documentation":"

    The list of data integration events.

    " + }, + "nextToken":{ + "shape":"DataIntegrationEventNextToken", + "documentation":"

    The pagination token to fetch the next page of the ListDataIntegrationEvents.

    " + } + }, + "documentation":"

    The response parameters for ListDataIntegrationEvents.

    " + }, + "ListDataIntegrationFlowExecutionsRequest":{ + "type":"structure", + "required":[ + "instanceId", + "flowName" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The AWS Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "flowName":{ + "shape":"DataIntegrationFlowName", + "documentation":"

    The flow name.

    ", + "location":"uri", + "locationName":"flowName" + }, + "nextToken":{ + "shape":"DataIntegrationFlowExecutionNextToken", + "documentation":"

    The pagination token to fetch next page of flow executions.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"DataIntegrationFlowExecutionMaxResults", + "documentation":"

    The number to specify the max number of flow executions to fetch in this paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + } + }, + "documentation":"

    The request parameters of ListFlowExecutions.

    " + }, + "ListDataIntegrationFlowExecutionsResponse":{ + "type":"structure", + "required":["flowExecutions"], + "members":{ + "flowExecutions":{ + "shape":"DataIntegrationFlowExecutionList", + "documentation":"

    The list of flow executions.

    " + }, + "nextToken":{ + "shape":"DataIntegrationFlowExecutionNextToken", + "documentation":"

    The pagination token to fetch next page of flow executions.

    " + } + }, + "documentation":"

    The response parameters of ListFlowExecutions.

    " + }, "ListDataIntegrationFlowsRequest":{ "type":"structure", "required":["instanceId"], @@ -1633,8 +2580,8 @@ "locationName":"instanceId" }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset. The available values are:

    ", + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    ", "location":"uri", "locationName":"namespace" }, @@ -1668,6 +2615,46 @@ }, "documentation":"

    The response parameters of ListDataLakeDatasets.

    " }, + "ListDataLakeNamespacesRequest":{ + "type":"structure", + "required":["instanceId"], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Supply Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "nextToken":{ + "shape":"DataLakeNamespaceNextToken", + "documentation":"

    The pagination token to fetch next page of namespaces.

    ", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"DataLakeNamespaceMaxResults", + "documentation":"

    The max number of namespaces to fetch in this paginated request.

    ", + "location":"querystring", + "locationName":"maxResults" + } + }, + "documentation":"

    The request parameters of ListDataLakeNamespaces.

    " + }, + "ListDataLakeNamespacesResponse":{ + "type":"structure", + "required":["namespaces"], + "members":{ + "namespaces":{ + "shape":"DataLakeNamespaceList", + "documentation":"

    The list of fetched namespace details. Noted it only contains custom namespaces, pre-defined namespaces are not included.

    " + }, + "nextToken":{ + "shape":"DataLakeNamespaceNextToken", + "documentation":"

    The pagination token to fetch next page of namespaces.

    " + } + }, + "documentation":"

    The response parameters of ListDataLakeNamespaces.

    " + }, "ListInstancesRequest":{ "type":"structure", "members":{ @@ -1772,24 +2759,28 @@ }, "eventType":{ "shape":"DataIntegrationEventType", - "documentation":"

    The data event type.

    " + "documentation":"

    The data event type.

    " }, "data":{ "shape":"DataIntegrationEventData", - "documentation":"

    The data payload of the event. For more information on the data schema to use, see Data entities supported in AWS Supply Chain.

    " + "documentation":"

    The data payload of the event, should follow the data schema of the target dataset, or see Data entities supported in AWS Supply Chain. To send single data record, use JsonObject format; to send multiple data records, use JsonArray format.

    Note that for AWS Supply Chain dataset under asc namespace, it has a connection_id internal field that is not allowed to be provided by client directly, they will be auto populated.

    " }, "eventGroupId":{ "shape":"DataIntegrationEventGroupId", - "documentation":"

    Event identifier (for example, orderId for InboundOrder) used for data sharing or partitioning.

    " + "documentation":"

    Event identifier (for example, orderId for InboundOrder) used for data sharding or partitioning. Noted under one eventGroupId of same eventType and instanceId, events are processed sequentially in the order they are received by the server.

    " }, "eventTimestamp":{ "shape":"SyntheticTimestamp_epoch_seconds", - "documentation":"

    The event timestamp (in epoch seconds).

    " + "documentation":"

    The timestamp (in epoch seconds) associated with the event. If not provided, it will be assigned with current timestamp.

    " }, "clientToken":{ "shape":"ClientToken", - "documentation":"

    The idempotent client token.

    ", + "documentation":"

    The idempotent client token. The token is active for 8 hours, and within its lifetime, it ensures the request completes only once upon retry with same client token. If omitted, the AWS SDK generates a unique value so that AWS SDK can safely retry the request upon network errors.

    ", "idempotencyToken":true + }, + "datasetTarget":{ + "shape":"DataIntegrationEventDatasetTargetConfiguration", + "documentation":"

    The target dataset configuration for scn.data.dataset event type.

    " } }, "documentation":"

    The request parameters for SendDataIntegrationEvent.

    " @@ -1979,14 +2970,14 @@ "locationName":"instanceId" }, "namespace":{ - "shape":"DataLakeDatasetNamespace", - "documentation":"

    The name space of the dataset. The available values are:

    ", + "shape":"DataLakeNamespaceName", + "documentation":"

    The namespace of the dataset, besides the custom defined namespace, every instance comes with below pre-defined namespaces:

    ", "location":"uri", "locationName":"namespace" }, "name":{ "shape":"DataLakeDatasetName", - "documentation":"

    The name of the dataset. For asc name space, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", + "documentation":"

    The name of the dataset. For asc namespace, the name must be one of the supported data entities under https://docs.aws.amazon.com/aws-supply-chain/latest/userguide/data-model-asc.html.

    ", "location":"uri", "locationName":"name" }, @@ -2008,6 +2999,43 @@ }, "documentation":"

    The response parameters of UpdateDataLakeDataset.

    " }, + "UpdateDataLakeNamespaceRequest":{ + "type":"structure", + "required":[ + "instanceId", + "name" + ], + "members":{ + "instanceId":{ + "shape":"UUID", + "documentation":"

    The Amazon Web Services Chain instance identifier.

    ", + "location":"uri", + "locationName":"instanceId" + }, + "name":{ + "shape":"DataLakeNamespaceName", + "documentation":"

    The name of the namespace. Noted you cannot update namespace with name starting with asc, default, scn, aws, amazon, amzn

    ", + "location":"uri", + "locationName":"name" + }, + "description":{ + "shape":"DataLakeNamespaceDescription", + "documentation":"

    The updated description of the data lake namespace.

    " + } + }, + "documentation":"

    The request parameters of UpdateDataLakeNamespace.

    " + }, + "UpdateDataLakeNamespaceResponse":{ + "type":"structure", + "required":["namespace"], + "members":{ + "namespace":{ + "shape":"DataLakeNamespace", + "documentation":"

    The updated namespace details.

    " + } + }, + "documentation":"

    The response parameters of UpdateDataLakeNamespace.

    " + }, "UpdateInstanceRequest":{ "type":"structure", "required":["instanceId"], diff -pruN 2.23.6-1/awscli/botocore/data/support/2013-04-15/service-2.json 2.31.35-1/awscli/botocore/data/support/2013-04-15/service-2.json --- 2.23.6-1/awscli/botocore/data/support/2013-04-15/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/support/2013-04-15/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1440,5 +1440,5 @@ "min":0 } }, - "documentation":"Amazon Web Services Support

    The Amazon Web Services Support API Reference is intended for programmers who need detailed information about the Amazon Web Services Support operations and data types. You can use the API to manage your support cases programmatically. The Amazon Web Services Support API uses HTTP methods that return results in JSON format.

    • You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API.

    • If you call the Amazon Web Services Support API from an account that doesn't have a Business, Enterprise On-Ramp, or Enterprise Support plan, the SubscriptionRequiredException error message appears. For information about changing your support plan, see Amazon Web Services Support.

    You can also use the Amazon Web Services Support API to access features for Trusted Advisor. You can return a list of checks and their descriptions, get check results, specify checks to refresh, and get the refresh status of checks.

    You can manage your support cases with the following Amazon Web Services Support API operations:

    You can also use the Amazon Web Services Support API to call the Trusted Advisor operations. For more information, see Trusted Advisor in the Amazon Web Services Support User Guide.

    For authentication of requests, Amazon Web Services Support uses Signature Version 4 Signing Process.

    For more information about this service and the endpoints to use, see About the Amazon Web Services Support API in the Amazon Web Services Support User Guide.

    " + "documentation":"Amazon Web Services Support

    The Amazon Web Services Support API Reference is intended for programmers who need detailed information about the Amazon Web Services Support operations and data types. You can use the API to manage your support cases programmatically. The Amazon Web Services Support API uses HTTP methods that return results in JSON format.

    • You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API.

    • If you call the Amazon Web Services Support API from an account that doesn't have a Business, Enterprise On-Ramp, or Enterprise Support plan, the SubscriptionRequiredException error message appears. For information about changing your support plan, see Amazon Web Services Support.

    You can also use the Amazon Web Services Support API to access features for Trusted Advisor. You can return a list of checks and their descriptions, get check results, specify checks to refresh, and get the refresh status of checks.

    You can manage your support cases with the following Amazon Web Services Support API operations:

    You can also use the Amazon Web Services Support API to call the Trusted Advisor operations. For more information, see Trusted Advisor in the Amazon Web Services Support User Guide.

    For authentication of requests, Amazon Web Services Support uses Signature Version 4 Signing Process.

    For more information about this service and the endpoints to use, see About the Amazon Web Services Support API in the Amazon Web Services Support User Guide.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/support-app/2021-08-20/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/support-app/2021-08-20/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/support-app/2021-08-20/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/support-app/2021-08-20/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/swf/2012-01-25/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/swf/2012-01-25/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/swf/2012-01-25/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/swf/2012-01-25/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,31 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "String" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,161 +57,170 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://swf.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-us-gov" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://swf-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://swf-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseDualStack" }, true ] @@ -221,119 +230,201 @@ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] - }, - "aws-us-gov" + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } ] } ], - "endpoint": { - "url": "https://swf.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://swf-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": "https://swf-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://swf-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://swf.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { "conditions": [], - "endpoint": { - "url": "https://swf.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://swf.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://swf.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/synthetics/2017-10-11/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/synthetics/2017-10-11/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/synthetics/2017-10-11/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/synthetics/2017-10-11/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/synthetics/2017-10-11/service-2.json 2.31.35-1/awscli/botocore/data/synthetics/2017-10-11/service-2.json --- 2.23.6-1/awscli/botocore/data/synthetics/2017-10-11/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/synthetics/2017-10-11/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -276,6 +276,23 @@ ], "documentation":"

    Use this operation to run a canary that has already been created. The frequency of the canary runs is determined by the value of the canary's Schedule. To see a canary's schedule, use GetCanary.

    " }, + "StartCanaryDryRun":{ + "name":"StartCanaryDryRun", + "http":{ + "method":"POST", + "requestUri":"/canary/{name}/dry-run/start" + }, + "input":{"shape":"StartCanaryDryRunRequest"}, + "output":{"shape":"StartCanaryDryRunResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"

    Use this operation to start a dry run for a canary that has already been created

    " + }, "StopCanary":{ "name":"StopCanary", "http":{ @@ -339,12 +356,22 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, - {"shape":"RequestEntityTooLargeException"} + {"shape":"RequestEntityTooLargeException"}, + {"shape":"AccessDeniedException"} ], - "documentation":"

    Updates the configuration of a canary that has already been created.

    You can't use this operation to update the tags of an existing canary. To change the tags of an existing canary, use TagResource.

    " + "documentation":"

    Updates the configuration of a canary that has already been created.

    For multibrowser canaries, you can add or remove browsers by updating the browserConfig list in the update call. For example:

    • To add Firefox to a canary that currently uses Chrome, specify browserConfigs as [CHROME, FIREFOX]

    • To remove Firefox and keep only Chrome, specify browserConfigs as [CHROME]

    You can't use this operation to update the tags of an existing canary. To change the tags of an existing canary, use TagResource.

    When you use the dryRunId field when updating a canary, the only other field you can provide is the Schedule. Adding any other field will thrown an exception.

    " } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"

    You don't have permission to perform this operation on this resource.

    ", + "error":{"httpStatusCode":403}, + "exception":true + }, "ArtifactConfigInput":{ "type":"structure", "members":{ @@ -386,8 +413,7 @@ }, "AssociateResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "BadRequestException":{ "type":"structure", @@ -432,6 +458,41 @@ "max":10000000, "min":1 }, + "BlueprintType":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[0-9a-zA-Z_\\-\\.]+" + }, + "BlueprintTypes":{ + "type":"list", + "member":{"shape":"BlueprintType"}, + "max":1, + "min":0 + }, + "BrowserConfig":{ + "type":"structure", + "members":{ + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The browser type associated with this browser configuration.

    " + } + }, + "documentation":"

    A structure that specifies the browser type to use for a canary run.

    " + }, + "BrowserConfigs":{ + "type":"list", + "member":{"shape":"BrowserConfig"}, + "max":2, + "min":1 + }, + "BrowserType":{ + "type":"string", + "enum":[ + "CHROME", + "FIREFOX" + ] + }, "Canaries":{ "type":"list", "member":{"shape":"Canary"} @@ -463,11 +524,11 @@ "RunConfig":{"shape":"CanaryRunConfigOutput"}, "SuccessRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about successful runs of this canary.

    " + "documentation":"

    The number of days to retain data about successful runs of this canary.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "FailureRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about failed runs of this canary.

    " + "documentation":"

    The number of days to retain data about failed runs of this canary.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "Status":{ "shape":"CanaryStatus", @@ -498,6 +559,18 @@ "shape":"ProvisionedResourceCleanupSetting", "documentation":"

    Specifies whether to also delete the Lambda functions and layers used by this canary when the canary is deleted. If it is AUTOMATIC, the Lambda functions and layers will be deleted when the canary is deleted.

    If the value of this parameter is OFF, then the value of the DeleteLambda parameter of the DeleteCanary operation determines whether the Lambda functions and layers will be deleted.

    " }, + "BrowserConfigs":{ + "shape":"BrowserConfigs", + "documentation":"

    A structure that specifies the browser type to use for a canary run. CloudWatch Synthetics supports running canaries on both CHROME and FIREFOX browsers.

    If not specified, browserConfigs defaults to Chrome.

    " + }, + "EngineConfigs":{ + "shape":"EngineConfigs", + "documentation":"

    A list of engine configurations for the canary, one for each browser type that the canary is configured to run on.

    All runtime versions syn-nodejs-puppeteer-11.0 and above, and syn-nodejs-playwright-3.0 and above, use engineConfigs only. You can no longer use engineArn in these versions.

    Runtime versions older than syn-nodejs-puppeteer-11.0 and syn-nodejs-playwright-3.0 continue to support engineArn to ensure backward compatibility.

    " + }, + "VisualReferences":{ + "shape":"VisualReferencesOutput", + "documentation":"

    A list of visual reference configurations for the canary, one for each browser type that the canary is configured to run on. Visual references are used for visual monitoring comparisons.

    syn-nodejs-puppeteer-11.0 and above, and syn-nodejs-playwright-3.0 and above, only supports visualReferences. visualReference field is not supported.

    Versions older than syn-nodejs-puppeteer-11.0 supports both visualReference and visualReferences for backward compatibility. It is recommended to use visualReferences for consistency and future compatibility.

    " + }, "Tags":{ "shape":"TagMap", "documentation":"

    The list of key-value pairs that are associated with the canary.

    " @@ -505,6 +578,10 @@ "ArtifactConfig":{ "shape":"ArtifactConfigOutput", "documentation":"

    A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.

    " + }, + "DryRunConfig":{ + "shape":"DryRunConfigOutput", + "documentation":"

    Returns the dry run configurations for a canary.

    " } }, "documentation":"

    This structure contains all information about one canary in your account.

    " @@ -517,30 +594,37 @@ }, "CanaryCodeInput":{ "type":"structure", - "required":["Handler"], "members":{ "S3Bucket":{ "shape":"String", - "documentation":"

    If your canary script is located in S3, specify the bucket name here. Do not include s3:// as the start of the bucket name.

    " + "documentation":"

    If your canary script is located in Amazon S3, specify the bucket name here. Do not include s3:// as the start of the bucket name.

    " }, "S3Key":{ "shape":"String", - "documentation":"

    The S3 key of your script. For more information, see Working with Amazon S3 Objects.

    " + "documentation":"

    The Amazon S3 key of your script. For more information, see Working with Amazon S3 Objects.

    " }, "S3Version":{ "shape":"String", - "documentation":"

    The S3 version ID of your script.

    " + "documentation":"

    The Amazon S3 version ID of your script.

    " }, "ZipFile":{ "shape":"Blob", - "documentation":"

    If you input your canary script directly into the canary instead of referring to an S3 location, the value of this parameter is the base64-encoded contents of the .zip file that contains the script. It must be smaller than 225 Kb.

    For large canary scripts, we recommend that you use an S3 location instead of inputting it directly with this parameter.

    " + "documentation":"

    If you input your canary script directly into the canary instead of referring to an Amazon S3 location, the value of this parameter is the base64-encoded contents of the .zip file that contains the script. It must be smaller than 225 Kb.

    For large canary scripts, we recommend that you use an Amazon S3 location instead of inputting it directly with this parameter.

    " }, "Handler":{ "shape":"CodeHandler", - "documentation":"

    The entry point to use for the source code when running the canary. For canaries that use the syn-python-selenium-1.0 runtime or a syn-nodejs.puppeteer runtime earlier than syn-nodejs.puppeteer-3.4, the handler must be specified as fileName.handler. For syn-python-selenium-1.1, syn-nodejs.puppeteer-3.4, and later runtimes, the handler can be specified as fileName.functionName , or you can specify a folder where canary scripts reside as folder/fileName.functionName .

    " + "documentation":"

    The entry point to use for the source code when running the canary. For canaries that use the syn-python-selenium-1.0 runtime or a syn-nodejs.puppeteer runtime earlier than syn-nodejs.puppeteer-3.4, the handler must be specified as fileName.handler. For syn-python-selenium-1.1, syn-nodejs.puppeteer-3.4, and later runtimes, the handler can be specified as fileName.functionName , or you can specify a folder where canary scripts reside as folder/fileName.functionName .

    This field is required when you don't specify BlueprintTypes and is not allowed when you specify BlueprintTypes.

    " + }, + "BlueprintTypes":{ + "shape":"BlueprintTypes", + "documentation":"

    BlueprintTypes is a list of templates that enable simplified canary creation. You can create canaries for common monitoring scenarios by providing only a JSON configuration file instead of writing custom scripts. The only supported value is multi-checks.

    Multi-checks monitors HTTP/DNS/SSL/TCP endpoints with built-in authentication schemes (Basic, API Key, OAuth, SigV4) and assertion capabilities. When you specify BlueprintTypes, the Handler field cannot be specified since the blueprint provides a pre-defined entry point.

    BlueprintTypes is supported only on canaries for syn-nodejs-3.0 runtime or later.

    " + }, + "Dependencies":{ + "shape":"Dependencies", + "documentation":"

    A list of dependencies that should be used for running this canary. Specify the dependencies as a key-value pair, where the key is the type of dependency and the value is the dependency reference.

    " } }, - "documentation":"

    Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script was passed into the canary directly, the script code is contained in the value of Zipfile.

    If you are uploading your canary scripts with an Amazon S3 bucket, your zip file should include your script in a certain folder structure.

    " + "documentation":"

    Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an Amazon S3 bucket, the bucket name, key, and version are also included. If the script was passed into the canary directly, the script code is contained in the value of Zipfile.

    If you are uploading your canary scripts with an Amazon S3 bucket, your zip file should include your script in a certain folder structure.

    " }, "CanaryCodeOutput":{ "type":"structure", @@ -551,11 +635,29 @@ }, "Handler":{ "shape":"String", - "documentation":"

    The entry point to use for the source code when running the canary.

    " + "documentation":"

    The entry point to use for the source code when running the canary.

    This field is required when you don't specify BlueprintTypes and is not allowed when you specify BlueprintTypes.

    " + }, + "BlueprintTypes":{ + "shape":"BlueprintTypes", + "documentation":"

    BlueprintTypes is a list of templates that enable simplified canary creation. You can create canaries for common monitoring scenarios by providing only a JSON configuration file instead of writing custom scripts. The only supported value is multi-checks.

    Multi-checks monitors HTTP/DNS/SSL/TCP endpoints with built-in authentication schemes (Basic, API Key, OAuth, SigV4) and assertion capabilities. When you specify BlueprintTypes, the Handler field cannot be specified since the blueprint provides a pre-defined entry point.

    BlueprintTypes is supported only on canaries for syn-nodejs-3.0 runtime or later.

    " + }, + "Dependencies":{ + "shape":"Dependencies", + "documentation":"

    A list of dependencies that are used for running this canary. The dependencies are specified as a key-value pair, where the key is the type of dependency and the value is the dependency reference.

    " } }, "documentation":"

    This structure contains information about the canary's Lambda handler and where its code is stored by CloudWatch Synthetics.

    " }, + "CanaryDryRunConfigOutput":{ + "type":"structure", + "members":{ + "DryRunId":{ + "shape":"UUID", + "documentation":"

    The DryRunId associated with an existing canary’s dry run. You can use this DryRunId to retrieve information about the dry run.

    " + } + }, + "documentation":"

    Returns the dry run configurations set for a canary.

    " + }, "CanaryLastRun":{ "type":"structure", "members":{ @@ -583,6 +685,14 @@ "shape":"UUID", "documentation":"

    A unique ID that identifies this canary run.

    " }, + "ScheduledRunId":{ + "shape":"UUID", + "documentation":"

    The ID of the scheduled canary run.

    " + }, + "RetryAttempt":{ + "shape":"RetryAttempt", + "documentation":"

    The count in number of the retry attempt.

    " + }, "Name":{ "shape":"CanaryName", "documentation":"

    The name of the canary.

    " @@ -598,6 +708,14 @@ "ArtifactS3Location":{ "shape":"String", "documentation":"

    The location where the canary stored artifacts from the run. Artifacts include the log file, screenshots, and HAR files.

    " + }, + "DryRunConfig":{ + "shape":"CanaryDryRunConfigOutput", + "documentation":"

    Returns the dry run configurations for a canary.

    " + }, + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The browser type associated with this canary run.

    " } }, "documentation":"

    This structure contains the details about one run of one canary.

    " @@ -619,7 +737,11 @@ }, "EnvironmentVariables":{ "shape":"EnvironmentVariablesMap", - "documentation":"

    Specifies the keys and values to use for any environment variables used in the canary script. Use the following format:

    { \"key1\" : \"value1\", \"key2\" : \"value2\", ...}

    Keys must start with a letter and be at least two characters. The total size of your environment variables cannot exceed 4 KB. You can't specify any Lambda reserved environment variables as the keys for your environment variables. For more information about reserved keys, see Runtime environment variables.

    The environment variables keys and values are not encrypted. Do not store sensitive information in this field.

    " + "documentation":"

    Specifies the keys and values to use for any environment variables used in the canary script. Use the following format:

    { \"key1\" : \"value1\", \"key2\" : \"value2\", ...}

    Keys must start with a letter and be at least two characters. The total size of your environment variables cannot exceed 4 KB. You can't specify any Lambda reserved environment variables as the keys for your environment variables. For more information about reserved keys, see Runtime environment variables.

    Environment variable keys and values are encrypted at rest using Amazon Web Services owned KMS keys. However, the environment variables are not encrypted on the client side. Do not store sensitive information in them.

    " + }, + "EphemeralStorage":{ + "shape":"EphemeralStorageSize", + "documentation":"

    Specifies the amount of ephemeral storage (in MB) to allocate for the canary run during execution. This temporary storage is used for storing canary run artifacts (which are uploaded to an Amazon S3 bucket at the end of the run), and any canary browser operations. This temporary storage is cleared after the run is completed. Default storage value is 1024 MB.

    " } }, "documentation":"

    A structure that contains input information for a canary run.

    " @@ -638,6 +760,10 @@ "ActiveTracing":{ "shape":"NullableBoolean", "documentation":"

    Displays whether this canary run used active X-Ray tracing.

    " + }, + "EphemeralStorage":{ + "shape":"EphemeralStorageSize", + "documentation":"

    Specifies the amount of ephemeral storage (in MB) to allocate for the canary run during execution. This temporary storage is used for storing canary run artifacts (which are uploaded to an Amazon S3 bucket at the end of the run), and any canary browser operations. This temporary storage is cleared after the run is completed. Default storage value is 1024 MB.

    " } }, "documentation":"

    A structure that contains information about a canary run.

    " @@ -670,11 +796,23 @@ }, "StateReasonCode":{ "shape":"CanaryRunStateReasonCode", - "documentation":"

    If this value is CANARY_FAILURE, an exception occurred in the canary code. If this value is EXECUTION_FAILURE, an exception occurred in CloudWatch Synthetics.

    " + "documentation":"

    If this value is CANARY_FAILURE, either the canary script failed or Synthetics ran into a fatal error when running the canary. For example, a canary timeout misconfiguration setting can cause the canary to timeout before Synthetics can evaluate its status.

    If this value is EXECUTION_FAILURE, a non-critical failure occurred such as failing to save generated debug artifacts (for example, screenshots or har files).

    If both types of failures occurred, the CANARY_FAILURE takes precedence. To understand the exact error, use the StateReason API.

    " + }, + "TestResult":{ + "shape":"CanaryRunTestResult", + "documentation":"

    Specifies the status of canary script for this run. When Synthetics tries to determine the status but fails, the result is marked as UNKNOWN. For the overall status of canary run, see State.

    " } }, "documentation":"

    This structure contains the status information about a canary run.

    " }, + "CanaryRunTestResult":{ + "type":"string", + "enum":[ + "PASSED", + "FAILED", + "UNKNOWN" + ] + }, "CanaryRunTimeline":{ "type":"structure", "members":{ @@ -685,6 +823,10 @@ "Completed":{ "shape":"Timestamp", "documentation":"

    The end time of the run.

    " + }, + "MetricTimestampForRunAndRetries":{ + "shape":"Timestamp", + "documentation":"

    The time at which the metrics will be generated for this run or retries.

    " } }, "documentation":"

    This structure contains the start and end times of a single canary run.

    " @@ -704,6 +846,10 @@ "DurationInSeconds":{ "shape":"MaxOneYearInSeconds", "documentation":"

    How long, in seconds, for the canary to continue making regular runs according to the schedule in the Expression value. If you specify 0, the canary continues making runs until you stop it. If you omit this field, the default of 0 is used.

    " + }, + "RetryConfig":{ + "shape":"RetryConfigInput", + "documentation":"

    A structure that contains the retry configuration for a canary

    " } }, "documentation":"

    This structure specifies how often a canary is to make runs and the date and time when it should stop making runs.

    " @@ -718,6 +864,10 @@ "DurationInSeconds":{ "shape":"MaxOneYearInSeconds", "documentation":"

    How long, in seconds, for the canary to continue making regular runs after it was created. The runs are performed according to the schedule in the Expression value.

    " + }, + "RetryConfig":{ + "shape":"RetryConfigOutput", + "documentation":"

    A structure that contains the retry configuration for a canary

    " } }, "documentation":"

    How long, in seconds, for the canary to continue making regular runs according to the schedule in the Expression value.

    " @@ -762,11 +912,11 @@ }, "StateReason":{ "shape":"String", - "documentation":"

    If the canary has insufficient permissions to run, this field provides more details.

    " + "documentation":"

    If the canary creation or update failed, this field provides details on the failure.

    " }, "StateReasonCode":{ "shape":"CanaryStateReasonCode", - "documentation":"

    If the canary cannot run or has failed, this field displays the reason.

    " + "documentation":"

    If the canary creation or update failed, this field displays the reason code.

    " } }, "documentation":"

    A structure that contains the current state of the canary.

    " @@ -796,8 +946,8 @@ "CodeHandler":{ "type":"string", "max":128, - "min":1, - "pattern":"^([0-9a-zA-Z_-]+\\/)*[0-9A-Za-z_\\\\-]+\\.[A-Za-z_][A-Za-z0-9_]*$" + "min":0, + "pattern":"^(([0-9a-zA-Z_-]+(\\/|\\.))*[0-9A-Za-z_\\\\-]+(\\.|::)[A-Za-z_][A-Za-z0-9_]*)?$" }, "ConflictException":{ "type":"structure", @@ -825,11 +975,11 @@ }, "Code":{ "shape":"CanaryCodeInput", - "documentation":"

    A structure that includes the entry point from which the canary should start running your script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included.

    " + "documentation":"

    A structure that includes the entry point from which the canary should start running your script. If the script is stored in an Amazon S3 bucket, the bucket name, key, and version are also included.

    " }, "ArtifactS3Location":{ "shape":"String", - "documentation":"

    The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the S3 bucket can't include a period (.).

    " + "documentation":"

    The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the Amazon S3 bucket can't include a period (.).

    " }, "ExecutionRoleArn":{ "shape":"RoleArn", @@ -841,15 +991,15 @@ }, "RunConfig":{ "shape":"CanaryRunConfigInput", - "documentation":"

    A structure that contains the configuration for individual canary runs, such as timeout value and environment variables.

    The environment variables keys and values are not encrypted. Do not store sensitive information in this field.

    " + "documentation":"

    A structure that contains the configuration for individual canary runs, such as timeout value and environment variables.

    Environment variable keys and values are encrypted at rest using Amazon Web Services owned KMS keys. However, the environment variables are not encrypted on the client side. Do not store sensitive information in them.

    " }, "SuccessRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    " + "documentation":"

    The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "FailureRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    " + "documentation":"

    The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "RuntimeVersion":{ "shape":"String", @@ -867,6 +1017,10 @@ "shape":"ProvisionedResourceCleanupSetting", "documentation":"

    Specifies whether to also delete the Lambda functions and layers used by this canary when the canary is deleted. If you omit this parameter, the default of AUTOMATIC is used, which means that the Lambda functions and layers will be deleted when the canary is deleted.

    If the value of this parameter is OFF, then the value of the DeleteLambda parameter of the DeleteCanary operation determines whether the Lambda functions and layers will be deleted.

    " }, + "BrowserConfigs":{ + "shape":"BrowserConfigs", + "documentation":"

    CloudWatch Synthetics now supports multibrowser canaries for syn-nodejs-puppeteer-11.0 and syn-nodejs-playwright-3.0 runtimes. This feature allows you to run your canaries on both Firefox and Chrome browsers. To create a multibrowser canary, you need to specify the BrowserConfigs with a list of browsers you want to use.

    If not specified, browserConfigs defaults to Chrome.

    " + }, "Tags":{ "shape":"TagMap", "documentation":"

    A list of key-value pairs to associate with the canary. You can associate as many as 50 tags with a canary.

    Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only the resources that have certain tag values.

    To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this parameter with the value lambda-function.

    " @@ -929,8 +1083,7 @@ }, "DeleteCanaryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGroupRequest":{ "type":"structure", @@ -946,8 +1099,32 @@ }, "DeleteGroupResponse":{ "type":"structure", + "members":{} + }, + "Dependencies":{ + "type":"list", + "member":{"shape":"Dependency"}, + "max":1, + "min":0 + }, + "Dependency":{ + "type":"structure", + "required":["Reference"], "members":{ - } + "Type":{ + "shape":"DependencyType", + "documentation":"

    The type of dependency. Valid value is LambdaLayer.

    " + }, + "Reference":{ + "shape":"String", + "documentation":"

    The dependency reference. For Lambda layers, this is the ARN of the Lambda layer. For more information about Lambda ARN format, see Lambda.

    " + } + }, + "documentation":"

    A structure that contains information about a dependency for a canary.

    " + }, + "DependencyType":{ + "type":"string", + "enum":["LambdaLayer"] }, "DescribeCanariesLastRunNameFilter":{ "type":"list", @@ -969,6 +1146,10 @@ "Names":{ "shape":"DescribeCanariesLastRunNameFilter", "documentation":"

    Use this parameter to return only canaries that match the names that you specify here. You can specify as many as five canary names.

    If you specify this parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.

    You are required to use the Names parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see Limiting a user to viewing specific canaries.

    " + }, + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The type of browser to use for the canary run.

    " } } }, @@ -1068,8 +1249,21 @@ }, "DisassociateResourceResponse":{ "type":"structure", + "members":{} + }, + "DryRunConfigOutput":{ + "type":"structure", "members":{ - } + "DryRunId":{ + "shape":"UUID", + "documentation":"

    The DryRunId associated with an existing canary’s dry run. You can use this DryRunId to retrieve information about the dry run.

    " + }, + "LastDryRunExecutionStatus":{ + "shape":"String", + "documentation":"

    Returns the last execution status for a canary's dry run.

    " + } + }, + "documentation":"

    Returns the dry run configurations set for a canary.

    " }, "EncryptionMode":{ "type":"string", @@ -1078,6 +1272,24 @@ "SSE_KMS" ] }, + "EngineConfig":{ + "type":"structure", + "members":{ + "EngineArn":{ + "shape":"FunctionArn", + "documentation":"

    Each engine configuration contains the ARN of the Lambda function that is used as the canary's engine for a specific browser type.

    " + }, + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The browser type associated with this engine configuration.

    " + } + }, + "documentation":"

    A structure of engine configurations for the canary, one for each browser type that the canary is configured to run on.

    " + }, + "EngineConfigs":{ + "type":"list", + "member":{"shape":"EngineConfig"} + }, "EnvironmentVariableName":{ "type":"string", "pattern":"[a-zA-Z]([a-zA-Z0-9_])+" @@ -1088,6 +1300,11 @@ "key":{"shape":"EnvironmentVariableName"}, "value":{"shape":"EnvironmentVariableValue"} }, + "EphemeralStorageSize":{ + "type":"integer", + "max":10240, + "min":1024 + }, "ErrorMessage":{"type":"string"}, "FunctionArn":{ "type":"string", @@ -1104,6 +1321,12 @@ "documentation":"

    The name of the canary that you want details for.

    ", "location":"uri", "locationName":"name" + }, + "DryRunId":{ + "shape":"UUID", + "documentation":"

    The DryRunId associated with an existing canary’s dry run. You can use this DryRunId to retrieve information about the dry run.

    ", + "location":"querystring", + "locationName":"dryRunId" } } }, @@ -1128,11 +1351,19 @@ }, "NextToken":{ "shape":"Token", - "documentation":"

    A token that indicates that there is more data available. You can use this token in a subsequent GetCanaryRuns operation to retrieve the next set of results.

    " + "documentation":"

    A token that indicates that there is more data available. You can use this token in a subsequent GetCanaryRuns operation to retrieve the next set of results.

    When auto retry is enabled for the canary, the first subsequent retry is suffixed with *1 indicating its the first retry and the next subsequent try is suffixed with *2.

    " }, "MaxResults":{ "shape":"MaxSize100", "documentation":"

    Specify this parameter to limit how many runs are returned each time you use the GetCanaryRuns operation. If you omit this parameter, the default of 100 is used.

    " + }, + "DryRunId":{ + "shape":"UUID", + "documentation":"

    The DryRunId associated with an existing canary’s dry run. You can use this DryRunId to retrieve information about the dry run.

    " + }, + "RunType":{ + "shape":"RunType", + "documentation":"

    • When you provide RunType=CANARY_RUN and dryRunId, you will get an exception

    • When a value is not provided for RunType, the default value is CANARY_RUN

    • When CANARY_RUN is provided, all canary runs excluding dry runs are returned

    • When DRY_RUN is provided, all dry runs excluding canary runs are returned

    " } } }, @@ -1395,6 +1626,11 @@ "max":31622400, "min":0 }, + "MaxRetries":{ + "type":"integer", + "max":2, + "min":0 + }, "MaxSize100":{ "type":"integer", "max":100, @@ -1467,12 +1703,45 @@ "type":"string", "enum":["lambda-function"] }, + "RetryAttempt":{ + "type":"integer", + "max":2, + "min":1 + }, + "RetryConfigInput":{ + "type":"structure", + "required":["MaxRetries"], + "members":{ + "MaxRetries":{ + "shape":"MaxRetries", + "documentation":"

    The maximum number of retries. The value must be less than or equal to 2.

    " + } + }, + "documentation":"

    This structure contains information about the canary's retry configuration.

    The default account level concurrent execution limit from Lambda is 1000. When you have more than 1000 canaries, it's possible there are more than 1000 Lambda invocations due to retries and the console might hang. For more information on the Lambda execution limit, see Understanding Lambda function scaling.

    For canary with MaxRetries = 2, you need to set the CanaryRunConfigInput.TimeoutInSeconds to less than 600 seconds to avoid validation errors.

    " + }, + "RetryConfigOutput":{ + "type":"structure", + "members":{ + "MaxRetries":{ + "shape":"MaxRetries", + "documentation":"

    The maximum number of retries. The value must be less than or equal to 2.

    " + } + }, + "documentation":"

    This structure contains information about the canary's retry configuration.

    " + }, "RoleArn":{ "type":"string", "max":2048, "min":1, "pattern":"arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, + "RunType":{ + "type":"string", + "enum":[ + "CANARY_RUN", + "DRY_RUN" + ] + }, "RuntimeVersion":{ "type":"structure", "members":{ @@ -1529,6 +1798,64 @@ "error":{"httpStatusCode":402}, "exception":true }, + "StartCanaryDryRunRequest":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"CanaryName", + "documentation":"

    The name of the canary that you want to dry run. To find canary names, use DescribeCanaries.

    ", + "location":"uri", + "locationName":"name" + }, + "Code":{"shape":"CanaryCodeInput"}, + "RuntimeVersion":{ + "shape":"String", + "documentation":"

    Specifies the runtime version to use for the canary. For a list of valid runtime versions and for more information about runtime versions, see Canary Runtime Versions.

    " + }, + "RunConfig":{"shape":"CanaryRunConfigInput"}, + "VpcConfig":{"shape":"VpcConfigInput"}, + "ExecutionRoleArn":{ + "shape":"RoleArn", + "documentation":"

    The ARN of the IAM role to be used to run the canary. This role must already exist, and must include lambda.amazonaws.com as a principal in the trust policy. The role must also have the following permissions:

    " + }, + "SuccessRetentionPeriodInDays":{ + "shape":"MaxSize1024", + "documentation":"

    The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " + }, + "FailureRetentionPeriodInDays":{ + "shape":"MaxSize1024", + "documentation":"

    The number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " + }, + "VisualReference":{"shape":"VisualReferenceInput"}, + "ArtifactS3Location":{ + "shape":"String", + "documentation":"

    The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the Amazon S3 bucket can't include a period (.).

    " + }, + "ArtifactConfig":{"shape":"ArtifactConfigInput"}, + "ProvisionedResourceCleanup":{ + "shape":"ProvisionedResourceCleanupSetting", + "documentation":"

    Specifies whether to also delete the Lambda functions and layers used by this canary when the canary is deleted. If you omit this parameter, the default of AUTOMATIC is used, which means that the Lambda functions and layers will be deleted when the canary is deleted.

    If the value of this parameter is OFF, then the value of the DeleteLambda parameter of the DeleteCanary operation determines whether the Lambda functions and layers will be deleted.

    " + }, + "BrowserConfigs":{ + "shape":"BrowserConfigs", + "documentation":"

    A structure that specifies the browser type to use for a canary run. CloudWatch Synthetics supports running canaries on both CHROME and FIREFOX browsers.

    If not specified, browserConfigs defaults to Chrome.

    " + }, + "VisualReferences":{ + "shape":"VisualReferences", + "documentation":"

    A list of visual reference configurations for the canary, one for each browser type that the canary is configured to run on. Visual references are used for visual monitoring comparisons.

    syn-nodejs-puppeteer-11.0 and above, and syn-nodejs-playwright-3.0 and above, only supports visualReferences. visualReference field is not supported.

    Versions older than syn-nodejs-puppeteer-11.0 supports both visualReference and visualReferences for backward compatibility. It is recommended to use visualReferences for consistency and future compatibility.

    " + } + } + }, + "StartCanaryDryRunResponse":{ + "type":"structure", + "members":{ + "DryRunConfig":{ + "shape":"DryRunConfigOutput", + "documentation":"

    Returns the dry run configurations for a canary.

    " + } + } + }, "StartCanaryRequest":{ "type":"structure", "required":["Name"], @@ -1543,8 +1870,7 @@ }, "StartCanaryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "StopCanaryRequest":{ "type":"structure", @@ -1560,8 +1886,7 @@ }, "StopCanaryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "String":{ "type":"string", @@ -1619,8 +1944,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1668,8 +1992,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCanaryRequest":{ "type":"structure", @@ -1683,7 +2006,7 @@ }, "Code":{ "shape":"CanaryCodeInput", - "documentation":"

    A structure that includes the entry point from which the canary should start running your script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included.

    " + "documentation":"

    A structure that includes the entry point from which the canary should start running your script. If the script is stored in an Amazon S3 bucket, the bucket name, key, and version are also included.

    " }, "ExecutionRoleArn":{ "shape":"RoleArn", @@ -1699,15 +2022,15 @@ }, "RunConfig":{ "shape":"CanaryRunConfigInput", - "documentation":"

    A structure that contains the timeout value that is used for each individual run of the canary.

    The environment variables keys and values are not encrypted. Do not store sensitive information in this field.

    " + "documentation":"

    A structure that contains the timeout value that is used for each individual run of the canary.

    Environment variable keys and values are encrypted at rest using Amazon Web Services owned KMS keys. However, the environment variables are not encrypted on the client side. Do not store sensitive information in them.

    " }, "SuccessRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about successful runs of this canary.

    " + "documentation":"

    The number of days to retain data about successful runs of this canary.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "FailureRetentionPeriodInDays":{ "shape":"MaxSize1024", - "documentation":"

    The number of days to retain data about failed runs of this canary.

    " + "documentation":"

    The number of days to retain data about failed runs of this canary.

    This setting affects the range of information returned by GetCanaryRuns, as well as the range of information displayed in the Synthetics console.

    " }, "VpcConfig":{ "shape":"VpcConfigInput", @@ -1719,7 +2042,7 @@ }, "ArtifactS3Location":{ "shape":"String", - "documentation":"

    The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the S3 bucket can't include a period (.).

    " + "documentation":"

    The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the Amazon S3 bucket can't include a period (.).

    " }, "ArtifactConfig":{ "shape":"ArtifactConfigInput", @@ -1728,13 +2051,24 @@ "ProvisionedResourceCleanup":{ "shape":"ProvisionedResourceCleanupSetting", "documentation":"

    Specifies whether to also delete the Lambda functions and layers used by this canary when the canary is deleted.

    If the value of this parameter is OFF, then the value of the DeleteLambda parameter of the DeleteCanary operation determines whether the Lambda functions and layers will be deleted.

    " + }, + "DryRunId":{ + "shape":"UUID", + "documentation":"

    Update the existing canary using the updated configurations from the DryRun associated with the DryRunId.

    When you use the dryRunId field when updating a canary, the only other field you can provide is the Schedule. Adding any other field will thrown an exception.

    " + }, + "VisualReferences":{ + "shape":"VisualReferences", + "documentation":"

    A list of visual reference configurations for the canary, one for each browser type that the canary is configured to run on. Visual references are used for visual monitoring comparisons.

    syn-nodejs-puppeteer-11.0 and above, and syn-nodejs-playwright-3.0 and above, only supports visualReferences. visualReference field is not supported.

    Versions older than syn-nodejs-puppeteer-11.0 supports both visualReference and visualReferences for backward compatibility. It is recommended to use visualReferences for consistency and future compatibility.

    For multibrowser visual monitoring, you can update the baseline for all configured browsers in a single update call by specifying a list of VisualReference objects, one per browser. Each VisualReference object maps to a specific browser configuration, allowing you to manage visual baselines for multiple browsers simultaneously.

    For single configuration canaries using Chrome browser (default browser), use visualReferences for syn-nodejs-puppeteer-11.0 and above, and syn-nodejs-playwright-3.0 and above canaries. The browserType in the visualReference object is not mandatory.

    " + }, + "BrowserConfigs":{ + "shape":"BrowserConfigs", + "documentation":"

    A structure that specifies the browser type to use for a canary run. CloudWatch Synthetics supports running canaries on both CHROME and FIREFOX browsers.

    If not specified, browserConfigs defaults to Chrome.

    " } } }, "UpdateCanaryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", @@ -1756,6 +2090,10 @@ "BaseCanaryRunId":{ "shape":"String", "documentation":"

    Specifies which canary run to use the screenshots from as the baseline for future visual monitoring with this canary. Valid values are nextrun to use the screenshots from the next run after this update is made, lastrun to use the screenshots from the most recent run before this update was made, or the value of Id in the CanaryRun from a run of this a canary in the past 31 days. If you specify the Id of a canary run older than 31 days, the operation returns a 400 validation exception error..

    " + }, + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The browser type associated with this visual reference.

    " } }, "documentation":"

    An object that specifies what screenshots to use as a baseline for visual monitoring by this canary. It can optionally also specify parts of the screenshots to ignore during the visual monitoring comparison.

    Visual monitoring is supported only on canaries running the syn-puppeteer-node-3.2 runtime or later. For more information, see Visual monitoring and Visual monitoring blueprint

    " @@ -1770,10 +2108,26 @@ "BaseCanaryRunId":{ "shape":"String", "documentation":"

    The ID of the canary run that produced the baseline screenshots that are used for visual monitoring comparisons by this canary.

    " + }, + "BrowserType":{ + "shape":"BrowserType", + "documentation":"

    The browser type associated with this visual reference.

    " } }, "documentation":"

    If this canary performs visual monitoring by comparing screenshots, this structure contains the ID of the canary run that is used as the baseline for screenshots, and the coordinates of any parts of those screenshots that are ignored during visual monitoring comparison.

    Visual monitoring is supported only on canaries running the syn-puppeteer-node-3.2 runtime or later.

    " }, + "VisualReferences":{ + "type":"list", + "member":{"shape":"VisualReferenceInput"}, + "max":2, + "min":1 + }, + "VisualReferencesOutput":{ + "type":"list", + "member":{"shape":"VisualReferenceOutput"}, + "max":2, + "min":1 + }, "VpcConfigInput":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/taxsettings/2018-05-10/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/taxsettings/2018-05-10/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/taxsettings/2018-05-10/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/taxsettings/2018-05-10/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -6,26 +6,26 @@ "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" }, "Region": { "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/taxsettings/2018-05-10/service-2.json 2.31.35-1/awscli/botocore/data/taxsettings/2018-05-10/service-2.json --- 2.23.6-1/awscli/botocore/data/taxsettings/2018-05-10/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/taxsettings/2018-05-10/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -44,7 +44,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get the active tax exemptions for a given list of accounts.

    " + "documentation":"

    Get the active tax exemptions for a given list of accounts. The IAM action is tax:GetExemptions.

    " }, "BatchPutTaxRegistration":{ "name":"BatchPutTaxRegistration", @@ -60,7 +60,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Adds or updates tax registration for multiple accounts in batch. This can be used to add or update tax registrations for up to five accounts in one batch. You can't set a TRN if there's a pending TRN. You'll need to delete the pending TRN first.

    To call this API operation for specific countries, see the following country-specific requirements.

    Bangladesh

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Brazil

    • You must complete the tax registration process in the Payment preferences page in the Billing and Cost Management console. After your TRN and billing address are verified, you can call this API operation.

    • For Amazon Web Services accounts created through Organizations, you can call this API operation when you don't have a billing address.

    Georgia

    • The valid personType values are Physical Person and Business.

    Kenya

    • You must specify the personType in the kenyaAdditionalInfo field of the additionalTaxInformation object.

    • If the personType is Physical Person, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Malaysia

    • The sector valid values are Business and Individual.

    • RegistrationType valid values are NRIC for individual, and TIN and sales and service tax (SST) for Business.

    • For individual, you can specify the taxInformationNumber in MalaysiaAdditionalInfo with NRIC type, and a valid MyKad or NRIC number.

    • For business, you must specify a businessRegistrationNumber in MalaysiaAdditionalInfo with a TIN type and tax identification number.

    • For business resellers, you must specify a businessRegistrationNumber and taxInformationNumber in MalaysiaAdditionalInfo with a sales and service tax (SST) type and a valid SST number.

    • For business resellers with service codes, you must specify businessRegistrationNumber, taxInformationNumber, and distinct serviceTaxCodes in MalaysiaAdditionalInfo with a SST type and valid sales and service tax (SST) number. By using this API operation, Amazon Web Services registers your self-declaration that you’re an authorized business reseller registered with the Royal Malaysia Customs Department (RMCD), and have a valid SST number.

    • Amazon Web Services reserves the right to seek additional information and/or take other actions to support your self-declaration as appropriate.

    • Amazon Web Services is currently registered under the following service tax codes. You must include at least one of the service tax codes in the service tax code strings to declare yourself as an authorized registered business reseller.

      Taxable service and service tax codes:

      Consultancy - 9907061674

      Training or coaching service - 9907071685

      IT service - 9907101676

      Digital services and electronic medium - 9907121690

    Nepal

    • The sector valid values are Business and Individual.

    Saudi Arabia

    • For address, you must specify addressLine3.

    South Korea

    • You must specify the certifiedEmailId and legalName in the TaxRegistrationEntry object. Use Korean characters for legalName.

    • You must specify the businessRepresentativeName, itemOfBusiness, and lineOfBusiness in the southKoreaAdditionalInfo field of the additionalTaxInformation object. Use Korean characters for these fields.

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    • For the address object, use Korean characters for addressLine1, addressLine2 city, postalCode, and stateOrRegion.

    Spain

    • You must specify the registrationType in the spainAdditionalInfo field of the additionalTaxInformation object.

    • If the registrationType is Local, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Turkey

    • You must specify the sector in the taxRegistrationEntry object.

    • If your sector is Business, Individual, or Government:

      • Specify the taxOffice. If your sector is Individual, don't enter this value.

      • (Optional) Specify the kepEmailId. If your sector is Individual, don't enter this value.

      • Note: In the Tax Settings page of the Billing console, Government appears as Public institutions

    • If your sector is Business and you're subject to KDV tax, you must specify your industry in the industries field.

    • For address, you must specify districtOrCounty.

    Ukraine

    • The sector valid values are Business and Individual.

    " + "documentation":"

    Adds or updates tax registration for multiple accounts in batch. This can be used to add or update tax registrations for up to five accounts in one batch. You can't set a TRN if there's a pending TRN. You'll need to delete the pending TRN first.

    To call this API operation for specific countries, see the following country-specific requirements.

    Bangladesh

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Brazil

    • You must complete the tax registration process in the Payment preferences page in the Billing and Cost Management console. After your TRN and billing address are verified, you can call this API operation.

    • For Amazon Web Services accounts created through Organizations, you can call this API operation when you don't have a billing address.

    Georgia

    • The valid personType values are Physical Person and Business.

    Indonesia

    • PutTaxRegistration: The use of this operation to submit tax information is subject to the Amazon Web Services service terms. By submitting, you’re providing consent for Amazon Web Services to validate NIK, NPWP, and NITKU data, provided by you with the Directorate General of Taxes of Indonesia in accordance with the Minister of Finance Regulation (PMK) Number 112/PMK.03/2022.

    • BatchPutTaxRegistration: The use of this operation to submit tax information is subject to the Amazon Web Services service terms. By submitting, you’re providing consent for Amazon Web Services to validate NIK, NPWP, and NITKU data, provided by you with the Directorate General of Taxes of Indonesia in accordance with the Minister of Finance Regulation (PMK) Number 112/PMK.03/2022, through our third-party partner PT Achilles Advanced Management (OnlinePajak).

    • You must specify the taxRegistrationNumberType in the indonesiaAdditionalInfo field of the additionalTaxInformation object.

    • If you specify decisionNumber, you must specify the ppnExceptionDesignationCode in the indonesiaAdditionalInfo field of the additionalTaxInformation object. If the taxRegistrationNumberType is set to NPWP or NITKU, valid values for ppnExceptionDesignationCode are either 01, 02, 03, 07, or 08.

      For other taxRegistrationNumberType values, ppnExceptionDesignationCode must be either 01, 07, or 08.

    • If ppnExceptionDesignationCode is 07, you must specify the decisionNumber in the indonesiaAdditionalInfo field of the additionalTaxInformation object.

    Kenya

    • You must specify the personType in the kenyaAdditionalInfo field of the additionalTaxInformation object.

    • If the personType is Physical Person, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Malaysia

    • The sector valid values are Business and Individual.

    • RegistrationType valid values are NRIC for individual, and TIN and sales and service tax (SST) for Business.

    • For individual, you can specify the taxInformationNumber in MalaysiaAdditionalInfo with NRIC type, and a valid MyKad or NRIC number.

    • For business, you must specify a businessRegistrationNumber in MalaysiaAdditionalInfo with a TIN type and tax identification number.

    • For business resellers, you must specify a businessRegistrationNumber and taxInformationNumber in MalaysiaAdditionalInfo with a sales and service tax (SST) type and a valid SST number.

    • For business resellers with service codes, you must specify businessRegistrationNumber, taxInformationNumber, and distinct serviceTaxCodes in MalaysiaAdditionalInfo with a SST type and valid sales and service tax (SST) number. By using this API operation, Amazon Web Services registers your self-declaration that you’re an authorized business reseller registered with the Royal Malaysia Customs Department (RMCD), and have a valid SST number.

    • Amazon Web Services reserves the right to seek additional information and/or take other actions to support your self-declaration as appropriate.

    • Amazon Web Services is currently registered under the following service tax codes. You must include at least one of the service tax codes in the service tax code strings to declare yourself as an authorized registered business reseller.

      Taxable service and service tax codes:

      Consultancy - 9907061674

      Training or coaching service - 9907071685

      IT service - 9907101676

      Digital services and electronic medium - 9907121690

    Nepal

    • The sector valid values are Business and Individual.

    Saudi Arabia

    • For address, you must specify addressLine3.

    South Korea

    • You must specify the certifiedEmailId and legalName in the TaxRegistrationEntry object. Use Korean characters for legalName.

    • You must specify the businessRepresentativeName, itemOfBusiness, and lineOfBusiness in the southKoreaAdditionalInfo field of the additionalTaxInformation object. Use Korean characters for these fields.

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    • For the address object, use Korean characters for addressLine1, addressLine2 city, postalCode, and stateOrRegion.

    Spain

    • You must specify the registrationType in the spainAdditionalInfo field of the additionalTaxInformation object.

    • If the registrationType is Local, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Turkey

    • You must specify the sector in the taxRegistrationEntry object.

    • If your sector is Business, Individual, or Government:

      • Specify the taxOffice. If your sector is Individual, don't enter this value.

      • (Optional) Specify the kepEmailId. If your sector is Individual, don't enter this value.

      • Note: In the Tax Settings page of the Billing console, Government appears as Public institutions

    • If your sector is Business and you're subject to KDV tax, you must specify your industry in the industries field.

    • For address, you must specify districtOrCounty.

    Ukraine

    • The sector valid values are Business and Individual.

    " }, "DeleteSupplementalTaxRegistration":{ "name":"DeleteSupplementalTaxRegistration", @@ -110,7 +110,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Get supported tax exemption types.

    " + "documentation":"

    Get supported tax exemption types. The IAM action is tax:GetExemptions.

    " }, "GetTaxInheritance":{ "name":"GetTaxInheritance", @@ -189,7 +189,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves the tax exemption of accounts listed in a consolidated billing family.

    " + "documentation":"

    Retrieves the tax exemption of accounts listed in a consolidated billing family. The IAM action is tax:GetExemptions.

    " }, "ListTaxRegistrations":{ "name":"ListTaxRegistrations", @@ -240,7 +240,7 @@ {"shape":"AttachmentUploadException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Adds the tax exemption for a single account or all accounts listed in a consolidated billing family.

    " + "documentation":"

    Adds the tax exemption for a single account or all accounts listed in a consolidated billing family. The IAM action is tax:UpdateExemptions.

    " }, "PutTaxInheritance":{ "name":"PutTaxInheritance", @@ -273,7 +273,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Adds or updates tax registration for a single account. You can't set a TRN if there's a pending TRN. You'll need to delete the pending TRN first.

    To call this API operation for specific countries, see the following country-specific requirements.

    Bangladesh

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Brazil

    • You must complete the tax registration process in the Payment preferences page in the Billing and Cost Management console. After your TRN and billing address are verified, you can call this API operation.

    • For Amazon Web Services accounts created through Organizations, you can call this API operation when you don't have a billing address.

    Georgia

    • The valid personType values are Physical Person and Business.

    Kenya

    • You must specify the personType in the kenyaAdditionalInfo field of the additionalTaxInformation object.

    • If the personType is Physical Person, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Malaysia

    • The sector valid values are Business and Individual.

    • RegistrationType valid values are NRIC for individual, and TIN and sales and service tax (SST) for Business.

    • For individual, you can specify the taxInformationNumber in MalaysiaAdditionalInfo with NRIC type, and a valid MyKad or NRIC number.

    • For business, you must specify a businessRegistrationNumber in MalaysiaAdditionalInfo with a TIN type and tax identification number.

    • For business resellers, you must specify a businessRegistrationNumber and taxInformationNumber in MalaysiaAdditionalInfo with a sales and service tax (SST) type and a valid SST number.

    • For business resellers with service codes, you must specify businessRegistrationNumber, taxInformationNumber, and distinct serviceTaxCodes in MalaysiaAdditionalInfo with a SST type and valid sales and service tax (SST) number. By using this API operation, Amazon Web Services registers your self-declaration that you’re an authorized business reseller registered with the Royal Malaysia Customs Department (RMCD), and have a valid SST number.

    • Amazon Web Services reserves the right to seek additional information and/or take other actions to support your self-declaration as appropriate.

    • Amazon Web Services is currently registered under the following service tax codes. You must include at least one of the service tax codes in the service tax code strings to declare yourself as an authorized registered business reseller.

      Taxable service and service tax codes:

      Consultancy - 9907061674

      Training or coaching service - 9907071685

      IT service - 9907101676

      Digital services and electronic medium - 9907121690

    Nepal

    • The sector valid values are Business and Individual.

    Saudi Arabia

    • For address, you must specify addressLine3.

    South Korea

    • You must specify the certifiedEmailId and legalName in the TaxRegistrationEntry object. Use Korean characters for legalName.

    • You must specify the businessRepresentativeName, itemOfBusiness, and lineOfBusiness in the southKoreaAdditionalInfo field of the additionalTaxInformation object. Use Korean characters for these fields.

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    • For the address object, use Korean characters for addressLine1, addressLine2 city, postalCode, and stateOrRegion.

    Spain

    • You must specify the registrationType in the spainAdditionalInfo field of the additionalTaxInformation object.

    • If the registrationType is Local, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Turkey

    • You must specify the sector in the taxRegistrationEntry object.

    • If your sector is Business, Individual, or Government:

      • Specify the taxOffice. If your sector is Individual, don't enter this value.

      • (Optional) Specify the kepEmailId. If your sector is Individual, don't enter this value.

      • Note: In the Tax Settings page of the Billing console, Government appears as Public institutions

    • If your sector is Business and you're subject to KDV tax, you must specify your industry in the industries field.

    • For address, you must specify districtOrCounty.

    Ukraine

    • The sector valid values are Business and Individual.

    " + "documentation":"

    Adds or updates tax registration for a single account. You can't set a TRN if there's a pending TRN. You'll need to delete the pending TRN first.

    To call this API operation for specific countries, see the following country-specific requirements.

    Bangladesh

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Brazil

    • You must complete the tax registration process in the Payment preferences page in the Billing and Cost Management console. After your TRN and billing address are verified, you can call this API operation.

    • For Amazon Web Services accounts created through Organizations, you can call this API operation when you don't have a billing address.

    Georgia

    • The valid personType values are Physical Person and Business.

    Indonesia

    • PutTaxRegistration: The use of this operation to submit tax information is subject to the Amazon Web Services service terms. By submitting, you’re providing consent for Amazon Web Services to validate NIK, NPWP, and NITKU data, provided by you with the Directorate General of Taxes of Indonesia in accordance with the Minister of Finance Regulation (PMK) Number 112/PMK.03/2022.

    • BatchPutTaxRegistration: The use of this operation to submit tax information is subject to the Amazon Web Services service terms. By submitting, you’re providing consent for Amazon Web Services to validate NIK, NPWP, and NITKU data, provided by you with the Directorate General of Taxes of Indonesia in accordance with the Minister of Finance Regulation (PMK) Number 112/PMK.03/2022, through our third-party partner PT Achilles Advanced Management (OnlinePajak).

    • You must specify the taxRegistrationNumberType in the indonesiaAdditionalInfo field of the additionalTaxInformation object.

    • If you specify decisionNumber, you must specify the ppnExceptionDesignationCode in the indonesiaAdditionalInfo field of the additionalTaxInformation object. If the taxRegistrationNumberType is set to NPWP or NITKU, valid values for ppnExceptionDesignationCode are either 01, 02, 03, 07, or 08.

      For other taxRegistrationNumberType values, ppnExceptionDesignationCode must be either 01, 07, or 08.

    • If ppnExceptionDesignationCode is 07, you must specify the decisionNumber in the indonesiaAdditionalInfo field of the additionalTaxInformation object.

    Kenya

    • You must specify the personType in the kenyaAdditionalInfo field of the additionalTaxInformation object.

    • If the personType is Physical Person, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Malaysia

    • The sector valid values are Business and Individual.

    • RegistrationType valid values are NRIC for individual, and TIN and sales and service tax (SST) for Business.

    • For individual, you can specify the taxInformationNumber in MalaysiaAdditionalInfo with NRIC type, and a valid MyKad or NRIC number.

    • For business, you must specify a businessRegistrationNumber in MalaysiaAdditionalInfo with a TIN type and tax identification number.

    • For business resellers, you must specify a businessRegistrationNumber and taxInformationNumber in MalaysiaAdditionalInfo with a sales and service tax (SST) type and a valid SST number.

    • For business resellers with service codes, you must specify businessRegistrationNumber, taxInformationNumber, and distinct serviceTaxCodes in MalaysiaAdditionalInfo with a SST type and valid sales and service tax (SST) number. By using this API operation, Amazon Web Services registers your self-declaration that you’re an authorized business reseller registered with the Royal Malaysia Customs Department (RMCD), and have a valid SST number.

    • Amazon Web Services reserves the right to seek additional information and/or take other actions to support your self-declaration as appropriate.

    • Amazon Web Services is currently registered under the following service tax codes. You must include at least one of the service tax codes in the service tax code strings to declare yourself as an authorized registered business reseller.

      Taxable service and service tax codes:

      Consultancy - 9907061674

      Training or coaching service - 9907071685

      IT service - 9907101676

      Digital services and electronic medium - 9907121690

    Nepal

    • The sector valid values are Business and Individual.

    Saudi Arabia

    • For address, you must specify addressLine3.

    South Korea

    • You must specify the certifiedEmailId and legalName in the TaxRegistrationEntry object. Use Korean characters for legalName.

    • You must specify the businessRepresentativeName, itemOfBusiness, and lineOfBusiness in the southKoreaAdditionalInfo field of the additionalTaxInformation object. Use Korean characters for these fields.

    • You must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    • For the address object, use Korean characters for addressLine1, addressLine2 city, postalCode, and stateOrRegion.

    Spain

    • You must specify the registrationType in the spainAdditionalInfo field of the additionalTaxInformation object.

    • If the registrationType is Local, you must specify the tax registration certificate document in the taxRegistrationDocuments field of the VerificationDetails object.

    Turkey

    • You must specify the sector in the taxRegistrationEntry object.

    • If your sector is Business, Individual, or Government:

      • Specify the taxOffice. If your sector is Individual, don't enter this value.

      • (Optional) Specify the kepEmailId. If your sector is Individual, don't enter this value.

      • Note: In the Tax Settings page of the Billing console, Government appears as Public institutions

    • If your sector is Business and you're subject to KDV tax, you must specify your industry in the industries field.

    • For address, you must specify districtOrCounty.

    Ukraine

    • The sector valid values are Business and Individual.

    " } }, "shapes":{ @@ -283,7 +283,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

    The access is denied for the Amazon Web Services Support API.

    ", + "documentation":"

    The access is denied for the Amazon Web ServicesSupport API.

    ", "error":{ "httpStatusCode":401, "senderFault":true @@ -325,9 +325,7 @@ }, "AccountIds":{ "type":"list", - "member":{"shape":"AccountId"}, - "max":5, - "min":1 + "member":{"shape":"AccountId"} }, "AccountMetaData":{ "type":"structure", @@ -364,6 +362,10 @@ "shape":"CanadaAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Canada.

    " }, + "egyptAdditionalInfo":{ + "shape":"EgyptAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Egypt.

    " + }, "estoniaAdditionalInfo":{ "shape":"EstoniaAdditionalInfo", "documentation":"

    Additional tax information to specify for a TRN in Estonia.

    " @@ -372,6 +374,14 @@ "shape":"GeorgiaAdditionalInfo", "documentation":"

    Additional tax information to specify for a TRN in Georgia.

    " }, + "greeceAdditionalInfo":{ + "shape":"GreeceAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Greece.

    " + }, + "indonesiaAdditionalInfo":{ + "shape":"IndonesiaAdditionalInfo", + "documentation":"

    " + }, "israelAdditionalInfo":{ "shape":"IsraelAdditionalInfo", "documentation":"

    Additional tax information to specify for a TRN in Israel.

    " @@ -415,6 +425,14 @@ "ukraineAdditionalInfo":{ "shape":"UkraineAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Ukraine.

    " + }, + "uzbekistanAdditionalInfo":{ + "shape":"UzbekistanAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Uzbekistan.

    " + }, + "vietnamAdditionalInfo":{ + "shape":"VietnamAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Vietnam.

    " } }, "documentation":"

    Additional tax information associated with your tax registration number (TRN). Depending on the TRN for a specific country, you might need to specify this information when you set your TRN.

    You can only specify one of the following parameters and the value can't be empty.

    The parameter that you specify must match the country for the TRN, if available. For example, if you set a TRN in Canada for specific provinces, you must also specify the canadaAdditionalInfo parameter.

    " @@ -430,6 +448,10 @@ "shape":"CanadaAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Canada.

    " }, + "egyptAdditionalInfo":{ + "shape":"EgyptAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Egypt.

    " + }, "estoniaAdditionalInfo":{ "shape":"EstoniaAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Estonia.

    " @@ -438,10 +460,18 @@ "shape":"GeorgiaAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Georgia.

    " }, + "greeceAdditionalInfo":{ + "shape":"GreeceAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Greece.

    " + }, "indiaAdditionalInfo":{ "shape":"IndiaAdditionalInfo", "documentation":"

    Additional tax information in India.

    " }, + "indonesiaAdditionalInfo":{ + "shape":"IndonesiaAdditionalInfo", + "documentation":"

    Additional tax information associated with your TRN in Indonesia.

    " + }, "israelAdditionalInfo":{ "shape":"IsraelAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Israel.

    " @@ -485,6 +515,14 @@ "ukraineAdditionalInfo":{ "shape":"UkraineAdditionalInfo", "documentation":"

    Additional tax information associated with your TRN in Ukraine.

    " + }, + "uzbekistanAdditionalInfo":{ + "shape":"UzbekistanAdditionalInfo", + "documentation":"

    Additional tax information associated with your TRN in Uzbekistan.

    " + }, + "vietnamAdditionalInfo":{ + "shape":"VietnamAdditionalInfo", + "documentation":"

    Additional tax information to specify for a TRN in Vietnam.

    " } }, "documentation":"

    Additional tax information associated with your TRN. The Tax Settings API returns country-specific information in the response when any additional information is present with your TRN for the following countries.

    " @@ -570,7 +608,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

    Failed to upload the tax exemption document to Amazon Web Services Support case.

    ", + "documentation":"

    Failed to upload the tax exemption document to Amazon Web ServicesSupport case.

    ", "error":{ "httpStatusCode":400, "senderFault":true @@ -627,11 +665,17 @@ "required":["accountIds"], "members":{ "accountIds":{ - "shape":"AccountIds", + "shape":"BatchDeleteTaxRegistrationRequestAccountIdsList", "documentation":"

    List of unique account identifiers.

    " } } }, + "BatchDeleteTaxRegistrationRequestAccountIdsList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":5, + "min":1 + }, "BatchDeleteTaxRegistrationResponse":{ "type":"structure", "required":["errors"], @@ -647,11 +691,17 @@ "required":["accountIds"], "members":{ "accountIds":{ - "shape":"AccountIds", + "shape":"BatchGetTaxExemptionsRequestAccountIdsList", "documentation":"

    List of unique account identifiers.

    " } } }, + "BatchGetTaxExemptionsRequestAccountIdsList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":5, + "min":1 + }, "BatchGetTaxExemptionsResponse":{ "type":"structure", "members":{ @@ -699,7 +749,7 @@ ], "members":{ "accountIds":{ - "shape":"AccountIds", + "shape":"BatchPutTaxRegistrationRequestAccountIdsList", "documentation":"

    List of unique account identifiers.

    " }, "taxRegistrationEntry":{ @@ -708,6 +758,12 @@ } } }, + "BatchPutTaxRegistrationRequestAccountIdsList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":550, + "min":1 + }, "BatchPutTaxRegistrationResponse":{ "type":"structure", "required":["errors"], @@ -792,7 +848,7 @@ "members":{ "message":{"shape":"ErrorMessage"} }, - "documentation":"

    You've exceeded the Amazon Web Services Support case creation limit for your account.

    ", + "documentation":"

    You've exceeded the Amazon Web ServicesSupport case creation limit for your account.

    ", "error":{ "httpStatusCode":413, "senderFault":true @@ -839,6 +895,10 @@ }, "exception":true }, + "ContractingAuthorityCode":{ + "type":"string", + "pattern":"^\\d{4}\\.[A-Z]\\d{5}\\.\\d{4}$" + }, "CountryCode":{ "type":"string", "max":2, @@ -855,6 +915,14 @@ "min":10, "pattern":"^(\\d{4}-(0[0-9]|1[0-2])-([0-2][0-9]|3[0-1]))$" }, + "DateString":{ + "type":"string", + "pattern":"^(\\d{4}-(0[0-9]|1[0-2])-([0-2][0-9]|3[0-1]))$" + }, + "DecisionNumber":{ + "type":"string", + "pattern":"^([a-zA-Z0-9/.\\-]{0,200})$" + }, "DeleteSupplementalTaxRegistrationRequest":{ "type":"structure", "required":["authorityId"], @@ -915,6 +983,28 @@ "min":1, "pattern":"^(?!\\s*$)[\\s\\S]+$" }, + "EgyptAdditionalInfo":{ + "type":"structure", + "members":{ + "uniqueIdentificationNumber":{ + "shape":"UniqueIdentificationNumber", + "documentation":"

    The unique identification number provided by the Egypt Tax Authority.

    " + }, + "uniqueIdentificationNumberExpirationDate":{ + "shape":"DateString", + "documentation":"

    The expiration date of the unique identification number provided by the Egypt Tax Authority.

    " + } + }, + "documentation":"

    Additional tax information to specify for a TRN in Egypt.

    " + }, + "ElectronicTransactionCodeNumber":{ + "type":"string", + "pattern":"^\\d{17}$" + }, + "EnterpriseIdentificationNumber":{ + "type":"string", + "pattern":"^(\\d{10}|(\\d{10}-\\d{3}))$" + }, "EntityExemptionAccountStatus":{ "type":"string", "enum":[ @@ -1076,6 +1166,16 @@ } } }, + "GreeceAdditionalInfo":{ + "type":"structure", + "members":{ + "contractingAuthorityCode":{ + "shape":"ContractingAuthorityCode", + "documentation":"

    The code of contracting authority for e-invoicing.

    " + } + }, + "documentation":"

    Additional tax information to specify for a TRN in Greece.

    " + }, "HeritageStatus":{ "type":"string", "enum":[ @@ -1097,6 +1197,33 @@ "type":"string", "pattern":"^([0-9]{10})$" }, + "IndonesiaAdditionalInfo":{ + "type":"structure", + "members":{ + "decisionNumber":{ + "shape":"DecisionNumber", + "documentation":"

    VAT-exempt customers have a Directorate General of Taxation (DGT) exemption letter or certificate (Surat Keterangan Bebas) decision number. Non-collected VAT have a DGT letter or certificate (Surat Keterangan Tidak Dipungut).

    " + }, + "ppnExceptionDesignationCode":{ + "shape":"PpnExceptionDesignationCode", + "documentation":"

    Exception code if you are designated by Directorate General of Taxation (DGT) as a VAT collector, non-collected VAT, or VAT-exempt customer.

    " + }, + "taxRegistrationNumberType":{ + "shape":"IndonesiaTaxRegistrationNumberType", + "documentation":"

    The tax registration number type.

    " + } + }, + "documentation":"

    Additional tax information associated with your TRN in Indonesia.

    " + }, + "IndonesiaTaxRegistrationNumberType":{ + "type":"string", + "enum":[ + "NIK", + "PassportNumber", + "NPWP", + "NITKU" + ] + }, "Industries":{ "type":"string", "enum":[ @@ -1367,6 +1494,10 @@ "type":"string", "pattern":"^[A-Z]{5}[0-9]{4}[A-Z]{1}$" }, + "PaymentVoucherNumber":{ + "type":"string", + "pattern":"^(\\d{17}|[A-Za-z]{3}\\d{13})$" + }, "PersonType":{ "type":"string", "enum":[ @@ -1395,6 +1526,10 @@ "min":1, "pattern":"^(?!\\s*$)[\\s\\S]+$" }, + "PpnExceptionDesignationCode":{ + "type":"string", + "pattern":"^(01|02|03|07|08)$" + }, "PutSupplementalTaxRegistrationRequest":{ "type":"structure", "required":["taxRegistrationEntry"], @@ -1432,17 +1567,23 @@ ], "members":{ "accountIds":{ - "shape":"AccountIds", + "shape":"PutTaxExemptionRequestAccountIdsList", "documentation":"

    The list of unique account identifiers.

    " }, "authority":{"shape":"Authority"}, "exemptionCertificate":{"shape":"ExemptionCertificate"}, "exemptionType":{ "shape":"GenericString", - "documentation":"

    The exemption type.

    " + "documentation":"

    The exemption type. Use the supported tax exemption type description.

    " } } }, + "PutTaxExemptionRequestAccountIdsList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":550, + "min":1 + }, "PutTaxExemptionResponse":{ "type":"structure", "members":{ @@ -1900,7 +2041,7 @@ }, "registrationType":{ "shape":"TaxRegistrationType", - "documentation":"

    Type of your tax registration. This can be either VAT or GST.

    " + "documentation":"

    Type of your tax registration.

    " }, "sector":{ "shape":"Sector", @@ -2118,12 +2259,37 @@ "Individual" ] }, + "UniqueIdentificationNumber":{ + "type":"string", + "pattern":"^[a-zA-Z0-9]{39}$" + }, "Url":{ "type":"string", "max":200, "min":1, "pattern":"^https.*\\S.*$" }, + "UzbekistanAdditionalInfo":{ + "type":"structure", + "members":{ + "taxRegistrationNumberType":{ + "shape":"UzbekistanTaxRegistrationNumberType", + "documentation":"

    The tax registration number type. The tax registration number type valid values are Business and Individual.

    " + }, + "vatRegistrationNumber":{ + "shape":"VatRegistrationNumber", + "documentation":"

    The unique 12-digit number issued to identify VAT-registered identities in Uzbekistan.

    " + } + }, + "documentation":"

    Additional tax information to specify for a TRN in Uzbekistan.

    " + }, + "UzbekistanTaxRegistrationNumberType":{ + "type":"string", + "enum":[ + "Business", + "Individual" + ] + }, "ValidationException":{ "type":"structure", "required":[ @@ -2173,6 +2339,10 @@ "type":"list", "member":{"shape":"ValidationExceptionField"} }, + "VatRegistrationNumber":{ + "type":"string", + "pattern":"^[0-9]{12}$" + }, "VerificationDetails":{ "type":"structure", "members":{ @@ -2186,6 +2356,28 @@ } }, "documentation":"

    Required information to verify your TRN.

    " + }, + "VietnamAdditionalInfo":{ + "type":"structure", + "members":{ + "electronicTransactionCodeNumber":{ + "shape":"ElectronicTransactionCodeNumber", + "documentation":"

    The electronic transaction code number on the tax return document. This field must be provided for successful API operation.

    " + }, + "enterpriseIdentificationNumber":{ + "shape":"EnterpriseIdentificationNumber", + "documentation":"

    The enterprise identification number for tax registration. This field must be provided for successful API operation.

    " + }, + "paymentVoucherNumber":{ + "shape":"PaymentVoucherNumber", + "documentation":"

    The payment voucher number on the tax return payment document. This field must be provided for successful API operation.

    " + }, + "paymentVoucherNumberDate":{ + "shape":"DateString", + "documentation":"

    The date on the tax return payment document. This field must be provided for successful API operation.

    " + } + }, + "documentation":"

    Additional tax information to specify for a TRN in Vietnam.

    " } }, "documentation":"

    You can use the tax setting API to programmatically set, modify, and delete the tax registration number (TRN), associated business legal name, and address (Collectively referred to as \"TRN information\"). You can also programmatically view TRN information and tax addresses (\"Tax profiles\").

    You can use this API to automate your TRN information settings instead of manually using the console.

    Service Endpoint

    • https://tax.us-east-1.amazonaws.com

    " diff -pruN 2.23.6-1/awscli/botocore/data/textract/2018-06-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/textract/2018-06-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/textract/2018-06-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/textract/2018-06-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/textract/2018-06-27/service-2.json 2.31.35-1/awscli/botocore/data/textract/2018-06-27/service-2.json --- 2.23.6-1/awscli/botocore/data/textract/2018-06-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/textract/2018-06-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,11 +5,13 @@ "endpointPrefix":"textract", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Textract", "serviceId":"Textract", "signatureVersion":"v4", "targetPrefix":"Textract", - "uid":"textract-2018-06-27" + "uid":"textract-2018-06-27", + "auth":["aws.auth#sigv4"] }, "operations":{ "AnalyzeDocument":{ @@ -428,7 +430,7 @@ {"shape":"ThrottlingException"}, {"shape":"LimitExceededException"} ], - "documentation":"

    Starts the asynchronous detection of text in a document. Amazon Textract can detect lines of text and the words that make up a line of text.

    StartDocumentTextDetection can analyze text in documents that are in JPEG, PNG, TIFF, and PDF format. The documents are stored in an Amazon S3 bucket. Use DocumentLocation to specify the bucket name and file name of the document.

    StartTextDetection returns a job identifier (JobId) that you use to get the results of the operation. When text detection is finished, Amazon Textract publishes a completion status to the Amazon Simple Notification Service (Amazon SNS) topic that you specify in NotificationChannel. To get the results of the text detection operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetDocumentTextDetection, and pass the job identifier (JobId) from the initial call to StartDocumentTextDetection.

    For more information, see Document Text Detection.

    " + "documentation":"

    Starts the asynchronous detection of text in a document. Amazon Textract can detect lines of text and the words that make up a line of text.

    StartDocumentTextDetection can analyze text in documents that are in JPEG, PNG, TIFF, and PDF format. The documents are stored in an Amazon S3 bucket. Use DocumentLocation to specify the bucket name and file name of the document.

    StartDocumentTextDetection returns a job identifier (JobId) that you use to get the results of the operation. When text detection is finished, Amazon Textract publishes a completion status to the Amazon Simple Notification Service (Amazon SNS) topic that you specify in NotificationChannel. To get the results of the text detection operation, first check that the status value published to the Amazon SNS topic is SUCCEEDED. If so, call GetDocumentTextDetection, and pass the job identifier (JobId) from the initial call to StartDocumentTextDetection.

    For more information, see Document Text Detection.

    " }, "StartExpenseAnalysis":{ "name":"StartExpenseAnalysis", @@ -541,8 +543,7 @@ "shapes":{ "AccessDeniedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    You aren't authorized to perform the action. Use the Amazon Resource Name (ARN) of an authorized user or IAM role to perform the operation.

    ", "exception":true }, @@ -838,6 +839,7 @@ } } }, + "Angle":{"type":"float"}, "AutoUpdate":{ "type":"string", "enum":[ @@ -847,8 +849,7 @@ }, "BadDocumentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Textract isn't able to read the document. For more information on the document limits in Amazon Textract, see limits.

    ", "exception":true }, @@ -857,7 +858,7 @@ "members":{ "BlockType":{ "shape":"BlockType", - "documentation":"

    The type of text item that's recognized. In operations for text detection, the following types are returned:

    • PAGE - Contains a list of the LINE Block objects that are detected on a document page.

    • WORD - A word detected on a document page. A word is one or more ISO basic Latin script characters that aren't separated by spaces.

    • LINE - A string of tab-delimited, contiguous words that are detected on a document page.

    In text analysis operations, the following types are returned:

    • PAGE - Contains a list of child Block objects that are detected on a document page.

    • KEY_VALUE_SET - Stores the KEY and VALUE Block objects for linked text that's detected on a document page. Use the EntityType field to determine if a KEY_VALUE_SET object is a KEY Block object or a VALUE Block object.

    • WORD - A word that's detected on a document page. A word is one or more ISO basic Latin script characters that aren't separated by spaces.

    • LINE - A string of tab-delimited, contiguous words that are detected on a document page.

    • TABLE - A table that's detected on a document page. A table is grid-based information with two or more rows or columns, with a cell span of one row and one column each.

    • TABLE_TITLE - The title of a table. A title is typically a line of text above or below a table, or embedded as the first row of a table.

    • TABLE_FOOTER - The footer associated with a table. A footer is typically a line or lines of text below a table or embedded as the last row of a table.

    • CELL - A cell within a detected table. The cell is the parent of the block that contains the text in the cell.

    • MERGED_CELL - A cell in a table whose content spans more than one row or column. The Relationships array for this cell contain data from individual cells.

    • SELECTION_ELEMENT - A selection element such as an option button (radio button) or a check box that's detected on a document page. Use the value of SelectionStatus to determine the status of the selection element.

    • SIGNATURE - The location and confidence score of a signature detected on a document page. Can be returned as part of a Key-Value pair or a detected cell.

    • QUERY - A question asked during the call of AnalyzeDocument. Contains an alias and an ID that attaches it to its answer.

    • QUERY_RESULT - A response to a question asked during the call of analyze document. Comes with an alias and ID for ease of locating in a response. Also contains location and confidence score.

    The following BlockTypes are only returned for Amazon Textract Layout.

    • LAYOUT_TITLE - The main title of the document.

    • LAYOUT_HEADER - Text located in the top margin of the document.

    • LAYOUT_FOOTER - Text located in the bottom margin of the document.

    • LAYOUT_SECTION_HEADER - The titles of sections within a document.

    • LAYOUT_PAGE_NUMBER - The page number of the documents.

    • LAYOUT_LIST - Any information grouped together in list form.

    • LAYOUT_FIGURE - Indicates the location of an image in a document.

    • LAYOUT_TABLE - Indicates the location of a table in the document.

    • LAYOUT_KEY_VALUE - Indicates the location of form key-values in a document.

    • LAYOUT_TEXT - Text that is present typically as a part of paragraphs in documents.

    " + "documentation":"

    The type of text item that's recognized. In operations for text detection, the following types are returned:

    • PAGE - Contains a list of the LINE Block objects that are detected on a document page.

    • WORD - A word detected on a document page. A word is one or more ISO basic Latin script characters that aren't separated by spaces.

    • LINE - A string of space-delimited, contiguous words that are detected on a document page.

    In text analysis operations, the following types are returned:

    • PAGE - Contains a list of child Block objects that are detected on a document page.

    • KEY_VALUE_SET - Stores the KEY and VALUE Block objects for linked text that's detected on a document page. Use the EntityType field to determine if a KEY_VALUE_SET object is a KEY Block object or a VALUE Block object.

    • WORD - A word that's detected on a document page. A word is one or more ISO basic Latin script characters that aren't separated by spaces.

    • LINE - A string of tab-delimited, contiguous words that are detected on a document page.

    • TABLE - A table that's detected on a document page. A table is grid-based information with two or more rows or columns, with a cell span of one row and one column each.

    • TABLE_TITLE - The title of a table. A title is typically a line of text above or below a table, or embedded as the first row of a table.

    • TABLE_FOOTER - The footer associated with a table. A footer is typically a line or lines of text below a table or embedded as the last row of a table.

    • CELL - A cell within a detected table. The cell is the parent of the block that contains the text in the cell.

    • MERGED_CELL - A cell in a table whose content spans more than one row or column. The Relationships array for this cell contain data from individual cells.

    • SELECTION_ELEMENT - A selection element such as an option button (radio button) or a check box that's detected on a document page. Use the value of SelectionStatus to determine the status of the selection element.

    • SIGNATURE - The location and confidence score of a signature detected on a document page. Can be returned as part of a Key-Value pair or a detected cell.

    • QUERY - A question asked during the call of AnalyzeDocument. Contains an alias and an ID that attaches it to its answer.

    • QUERY_RESULT - A response to a question asked during the call of analyze document. Comes with an alias and ID for ease of locating in a response. Also contains location and confidence score.

    The following BlockTypes are only returned for Amazon Textract Layout.

    • LAYOUT_TITLE - The main title of the document.

    • LAYOUT_HEADER - Text located in the top margin of the document.

    • LAYOUT_FOOTER - Text located in the bottom margin of the document.

    • LAYOUT_SECTION_HEADER - The titles of sections within a document.

    • LAYOUT_PAGE_NUMBER - The page number of the documents.

    • LAYOUT_LIST - Any information grouped together in list form.

    • LAYOUT_FIGURE - Indicates the location of an image in a document.

    • LAYOUT_TABLE - Indicates the location of a table in the document.

    • LAYOUT_KEY_VALUE - Indicates the location of form key-values in a document.

    • LAYOUT_TEXT - Text that is present typically as a part of paragraphs in documents.

    " }, "Confidence":{ "shape":"Percent", @@ -981,8 +982,7 @@ }, "ConflictException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Updating or deleting a resource can cause an inconsistent state.

    ", "exception":true }, @@ -1099,8 +1099,7 @@ }, "DeleteAdapterResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAdapterVersionRequest":{ "type":"structure", @@ -1121,8 +1120,7 @@ }, "DeleteAdapterVersionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DetectDocumentTextRequest":{ "type":"structure", @@ -1233,8 +1231,7 @@ }, "DocumentTooLargeException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The document can't be processed because it's too large. The maximum document size for synchronous operations 10 MB. The maximum document size for asynchronous operations is 500 MB for PDF files.

    ", "exception":true }, @@ -1441,6 +1438,10 @@ "Polygon":{ "shape":"Polygon", "documentation":"

    Within the bounding box, a fine-grained polygon around the recognized item.

    " + }, + "RotationAngle":{ + "shape":"Angle", + "documentation":"

    Provides a numerical value corresponding to the rotation of the text.

    " } }, "documentation":"

    Information about where the following items are located on a document page: detected page, text, key-value pairs, tables, table cells, and selection elements.

    " @@ -1884,8 +1885,7 @@ }, "IdempotentParameterMismatchException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    A ClientRequestToken input parameter was reused with an operation, but at least one of the other input parameters is different from the previous call to the operation.

    ", "exception":true }, @@ -1930,37 +1930,32 @@ }, "InternalServerError":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Textract experienced a service issue. Try your call again.

    ", "exception":true, "fault":true }, "InvalidJobIdException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An invalid job identifier was passed to an asynchronous analysis operation.

    ", "exception":true }, "InvalidKMSKeyException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates you do not have decrypt permissions with the KMS key entered, or the KMS key was entered incorrectly.

    ", "exception":true }, "InvalidParameterException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An input parameter violated a constraint. For example, in synchronous operations, an InvalidParameterException exception occurs when neither of the S3Object or Bytes values are supplied in the Document request parameter. Validate your parameter before calling the API operation again.

    ", "exception":true }, "InvalidS3ObjectException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Textract is unable to access the S3 object that's specified in the request. for more information, Configure Access to Amazon S3 For troubleshooting information, see Troubleshooting Amazon S3

    ", "exception":true }, @@ -2085,8 +2080,7 @@ }, "LimitExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    An Amazon Textract service limit was exceeded. For example, if you start too many asynchronous jobs concurrently, calls to start operations (StartDocumentTextDetection, for example) raise a LimitExceededException exception (HTTP status code: 400) until the number of concurrently running jobs is below the Amazon Textract service limit.

    ", "exception":true }, @@ -2343,8 +2337,7 @@ }, "ProvisionedThroughputExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The number of requests exceeded your throughput limit. If you want to increase this limit, contact Amazon Textract.

    ", "exception":true }, @@ -2434,8 +2427,7 @@ }, "ResourceNotFoundException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Returned when an operation tried to access a nonexistent resource.

    ", "exception":true }, @@ -2460,7 +2452,7 @@ }, "Name":{ "shape":"S3ObjectName", - "documentation":"

    The file name of the input document. Synchronous operations can use image files that are in JPEG or PNG format. Asynchronous operations also support PDF and TIFF format files.

    " + "documentation":"

    The file name of the input document. Image files may be in PDF, TIFF, JPEG, or PNG format.

    " }, "Version":{ "shape":"S3ObjectVersion", @@ -2496,8 +2488,7 @@ }, "ServiceQuotaExceededException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Returned when a request cannot be completed as it would exceed a maximum service quota.

    ", "exception":true }, @@ -2737,8 +2728,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -2755,8 +2745,7 @@ }, "ThrottlingException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Amazon Textract is temporarily unable to process the request. Try your call again.

    ", "exception":true, "fault":true @@ -2785,8 +2774,7 @@ }, "UnsupportedDocumentException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The format of the input document isn't supported. Documents for operations can be in PNG, JPEG, PDF, or TIFF format.

    ", "exception":true }, @@ -2809,8 +2797,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAdapterRequest":{ "type":"structure", @@ -2865,8 +2852,7 @@ }, "ValidationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Indicates that a request was not valid. Check request for proper formatting.

    ", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/paginators-1.json 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/paginators-1.json --- 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,18 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListDbClusters": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListDbInstancesForCluster": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json --- 2.23.6-1/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-influxdb/2023-01-27/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,26 @@ "uid":"timestream-influxdb-2023-01-27" }, "operations":{ + "CreateDbCluster":{ + "name":"CreateDbCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateDbClusterInput"}, + "output":{"shape":"CreateDbClusterOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Creates a new Timestream for InfluxDB cluster.

    ", + "idempotent":true + }, "CreateDbInstance":{ "name":"CreateDbInstance", "http":{ @@ -55,6 +75,25 @@ "documentation":"

    Creates a new Timestream for InfluxDB DB parameter group to associate with DB instances.

    ", "idempotent":true }, + "DeleteDbCluster":{ + "name":"DeleteDbCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteDbClusterInput"}, + "output":{"shape":"DeleteDbClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Deletes a Timestream for InfluxDB cluster.

    ", + "idempotent":true + }, "DeleteDbInstance":{ "name":"DeleteDbInstance", "http":{ @@ -74,6 +113,23 @@ "documentation":"

    Deletes a Timestream for InfluxDB DB instance.

    ", "idempotent":true }, + "GetDbCluster":{ + "name":"GetDbCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDbClusterInput"}, + "output":{"shape":"GetDbClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Retrieves information about a Timestream for InfluxDB cluster.

    " + }, "GetDbInstance":{ "name":"GetDbInstance", "http":{ @@ -108,6 +164,23 @@ ], "documentation":"

    Returns a Timestream for InfluxDB DB parameter group.

    " }, + "ListDbClusters":{ + "name":"ListDbClusters", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDbClustersInput"}, + "output":{"shape":"ListDbClustersOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of Timestream for InfluxDB DB clusters.

    " + }, "ListDbInstances":{ "name":"ListDbInstances", "http":{ @@ -125,6 +198,23 @@ ], "documentation":"

    Returns a list of Timestream for InfluxDB DB instances.

    " }, + "ListDbInstancesForCluster":{ + "name":"ListDbInstancesForCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListDbInstancesForClusterInput"}, + "output":{"shape":"ListDbInstancesForClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Returns a list of Timestream for InfluxDB clusters.

    " + }, "ListDbParameterGroups":{ "name":"ListDbParameterGroups", "http":{ @@ -182,6 +272,25 @@ "documentation":"

    Removes the tag from the specified resource.

    ", "idempotent":true }, + "UpdateDbCluster":{ + "name":"UpdateDbCluster", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateDbClusterInput"}, + "output":{"shape":"UpdateDbClusterOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"

    Updates a Timestream for InfluxDB cluster.

    ", + "idempotent":true + }, "UpdateDbInstance":{ "name":"UpdateDbInstance", "http":{ @@ -215,14 +324,14 @@ "AllocatedStorage":{ "type":"integer", "box":true, - "max":16384, + "max":15360, "min":20 }, "Arn":{ "type":"string", "max":1011, "min":1, - "pattern":"arn:aws[a-z\\-]*:timestream\\-influxdb:[a-z0-9\\-]+:[0-9]{12}:(db\\-instance|db\\-parameter\\-group)/[a-zA-Z0-9]{3,64}" + "pattern":"arn:aws[a-z\\-]*:timestream\\-influxdb:[a-z0-9\\-]+:[0-9]{12}:(db\\-instance|db\\-cluster|db\\-parameter\\-group)/[a-zA-Z0-9]{3,64}" }, "Boolean":{ "type":"boolean", @@ -234,6 +343,22 @@ "min":2, "pattern":"[^_\"][^\"]*" }, + "ClusterDeploymentType":{ + "type":"string", + "enum":["MULTI_NODE_READ_REPLICAS"] + }, + "ClusterStatus":{ + "type":"string", + "enum":[ + "CREATING", + "UPDATING", + "DELETING", + "AVAILABLE", + "FAILED", + "DELETED", + "MAINTENANCE" + ] + }, "ConflictException":{ "type":"structure", "required":[ @@ -255,6 +380,102 @@ "documentation":"

    The request conflicts with an existing resource in Timestream for InfluxDB.

    ", "exception":true }, + "CreateDbClusterInput":{ + "type":"structure", + "required":[ + "name", + "dbInstanceType", + "vpcSubnetIds", + "vpcSecurityGroupIds" + ], + "members":{ + "name":{ + "shape":"DbClusterName", + "documentation":"

    The name that uniquely identifies the DB cluster when interacting with the Amazon Timestream for InfluxDB API and CLI commands. This name will also be a prefix included in the endpoint. DB cluster names must be unique per customer and per region.

    " + }, + "username":{ + "shape":"Username", + "documentation":"

    The username of the initial admin user created in InfluxDB. Must start with a letter and can't end with a hyphen or contain two consecutive hyphens. For example, my-user1. This username will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a secret created in Secrets Manager in your account.

    " + }, + "password":{ + "shape":"Password", + "documentation":"

    The password of the initial admin user created in InfluxDB. This password will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a secret created in Secrets Manager in your account.

    " + }, + "organization":{ + "shape":"Organization", + "documentation":"

    The name of the initial organization for the initial admin user in InfluxDB. An InfluxDB organization is a workspace for a group of users.

    " + }, + "bucket":{ + "shape":"Bucket", + "documentation":"

    The name of the initial InfluxDB bucket. All InfluxDB data is stored in a bucket. A bucket combines the concept of a database and a retention period (the duration of time that each data point persists). A bucket belongs to an organization.

    " + }, + "port":{ + "shape":"Port", + "documentation":"

    The port number on which InfluxDB accepts connections.

    Valid Values: 1024-65535

    Default: 8086 for InfluxDB v2, 8181 for InfluxDB v3

    Constraints: The value can't be 2375-2376, 7788-7799, 8090, or 51678-51680

    " + }, + "dbParameterGroupIdentifier":{ + "shape":"DbParameterGroupIdentifier", + "documentation":"

    The ID of the DB parameter group to assign to your DB cluster. DB parameter groups specify how the database is configured. For example, DB parameter groups can specify the limit for query concurrency.

    " + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

    The Timestream for InfluxDB DB instance type to run InfluxDB on.

    " + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

    The Timestream for InfluxDB DB storage type to read and write InfluxDB data.

    You can choose between three different types of provisioned Influx IOPS Included storage according to your workload requirements:

    • Influx I/O Included 3000 IOPS

    • Influx I/O Included 12000 IOPS

    • Influx I/O Included 16000 IOPS

    " + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

    The amount of storage to allocate for your DB storage type in GiB (gibibytes).

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    Specifies whether the network type of the Timestream for InfluxDB cluster is IPv4, which can communicate over IPv4 protocol only, or DUAL, which can communicate over both IPv4 and IPv6 protocols.

    " + }, + "publiclyAccessible":{ + "shape":"Boolean", + "documentation":"

    Configures the Timestream for InfluxDB cluster with a public IP to facilitate access from outside the VPC.

    " + }, + "vpcSubnetIds":{ + "shape":"VpcSubnetIdList", + "documentation":"

    A list of VPC subnet IDs to associate with the DB cluster. Provide at least two VPC subnet IDs in different Availability Zones when deploying with a Multi-AZ standby.

    " + }, + "vpcSecurityGroupIds":{ + "shape":"VpcSecurityGroupIdList", + "documentation":"

    A list of VPC security group IDs to associate with the Timestream for InfluxDB cluster.

    " + }, + "deploymentType":{ + "shape":"ClusterDeploymentType", + "documentation":"

    Specifies the type of cluster to create.

    " + }, + "failoverMode":{ + "shape":"FailoverMode", + "documentation":"

    Specifies the behavior of failure recovery when the primary node of the cluster fails.

    " + }, + "logDeliveryConfiguration":{ + "shape":"LogDeliveryConfiguration", + "documentation":"

    Configuration for sending InfluxDB engine logs to a specified S3 bucket.

    " + }, + "tags":{ + "shape":"RequestTagMap", + "documentation":"

    A list of key-value pairs to associate with the DB instance.

    " + } + } + }, + "CreateDbClusterOutput":{ + "type":"structure", + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    A service-generated unique identifier.

    " + }, + "dbClusterStatus":{ + "shape":"ClusterStatus", + "documentation":"

    The status of the DB cluster.

    " + } + } + }, "CreateDbInstanceInput":{ "type":"structure", "required":[ @@ -276,7 +497,7 @@ }, "password":{ "shape":"Password", - "documentation":"

    The password of the initial admin user created in InfluxDB. This password will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Amazon Web Services SecretManager in your account.

    " + "documentation":"

    The password of the initial admin user created in InfluxDB v2. This password will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Secrets Manager in your account.

    " }, "organization":{ "shape":"Organization", @@ -419,7 +640,19 @@ }, "influxAuthParametersSecretArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + }, + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Specifies the DbCluster to which this DbInstance belongs to.

    " + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

    Specifies the DbInstance's role in the cluster.

    " + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

    Specifies the DbInstance's roles in the cluster.

    " } } }, @@ -480,6 +713,159 @@ } } }, + "DataFusionRuntimeType":{ + "type":"string", + "enum":[ + "multi-thread", + "multi-thread-alt" + ] + }, + "DbClusterId":{ + "type":"string", + "max":64, + "min":3, + "pattern":"[a-zA-Z0-9]+" + }, + "DbClusterName":{ + "type":"string", + "max":40, + "min":3, + "pattern":"[a-zA-z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*" + }, + "DbClusterSummary":{ + "type":"structure", + "required":[ + "id", + "name", + "arn" + ], + "members":{ + "id":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster to retrieve.

    " + }, + "name":{ + "shape":"DbClusterName", + "documentation":"

    Customer supplied name of the Timestream for InfluxDB cluster.

    " + }, + "arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the DB cluster.

    " + }, + "status":{ + "shape":"ClusterStatus", + "documentation":"

    The status of the DB cluster.

    " + }, + "endpoint":{ + "shape":"String", + "documentation":"

    The endpoint used to connect to the Timestream for InfluxDB cluster for write and read operations.

    " + }, + "readerEndpoint":{ + "shape":"String", + "documentation":"

    The endpoint used to connect to the Timestream for InfluxDB cluster for read-only operations.

    " + }, + "port":{ + "shape":"Port", + "documentation":"

    The port number on which InfluxDB accepts connections.

    " + }, + "deploymentType":{ + "shape":"ClusterDeploymentType", + "documentation":"

    Deployment type of the DB cluster

    " + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

    The Timestream for InfluxDB DB instance type that InfluxDB runs on.

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    Specifies whether the network type of the Timestream for InfluxDB Cluster is IPv4, which can communicate over IPv4 protocol only, or DUAL, which can communicate over both IPv4 and IPv6 protocols.

    " + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

    The Timestream for InfluxDB DB storage type that InfluxDB stores data on.

    " + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

    The amount of storage allocated for your DB storage type (in gibibytes).

    " + }, + "engineType":{ + "shape":"EngineType", + "documentation":"

    The engine type of your DB cluster.

    " + } + }, + "documentation":"

    Describes a summary of a Timestream for InfluxDB cluster.

    " + }, + "DbClusterSummaryList":{ + "type":"list", + "member":{"shape":"DbClusterSummary"} + }, + "DbInstanceForClusterSummary":{ + "type":"structure", + "required":[ + "id", + "name", + "arn" + ], + "members":{ + "id":{ + "shape":"DbInstanceId", + "documentation":"

    The service-generated unique identifier of the DB instance.

    " + }, + "name":{ + "shape":"DbInstanceName", + "documentation":"

    A service-generated name for the DB instance based on the customer-supplied name for the DB cluster.

    " + }, + "arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the DB instance.

    " + }, + "status":{ + "shape":"Status", + "documentation":"

    The status of the DB instance.

    " + }, + "endpoint":{ + "shape":"String", + "documentation":"

    The endpoint used to connect to InfluxDB. The default InfluxDB port is 8086.

    " + }, + "port":{ + "shape":"Port", + "documentation":"

    The port number on which InfluxDB accepts connections.

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    Specifies whether the network type of the Timestream for InfluxDB instance is IPv4, which can communicate over IPv4 protocol only, or DUAL, which can communicate over both IPv4 and IPv6 protocols.

    " + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

    The Timestream for InfluxDB instance type to run InfluxDB on.

    " + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

    The storage type for your DB instance.

    " + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

    The amount of storage allocated for your DB storage type in GiB (gibibytes).

    " + }, + "deploymentType":{ + "shape":"DeploymentType", + "documentation":"

    Specifies the deployment type if applicable.

    " + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

    Specifies the DB instance's role in the cluster.

    " + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

    Specifies the DB instance's roles in the cluster.

    " + } + }, + "documentation":"

    Contains a summary of a DB instance belonging to a DB cluster.

    " + }, + "DbInstanceForClusterSummaryList":{ + "type":"list", + "member":{"shape":"DbInstanceForClusterSummary"} + }, "DbInstanceId":{ "type":"string", "max":64, @@ -512,7 +898,7 @@ }, "name":{ "shape":"DbInstanceName", - "documentation":"

    This customer-supplied name uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and Amazon Web Services CLI commands.

    " + "documentation":"

    This customer-supplied name uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and CLI commands.

    " }, "arn":{ "shape":"Arn", @@ -567,7 +953,8 @@ "db.influx.4xlarge", "db.influx.8xlarge", "db.influx.12xlarge", - "db.influx.16xlarge" + "db.influx.16xlarge", + "db.influx.24xlarge" ] }, "DbParameterGroupId":{ @@ -627,6 +1014,25 @@ "InfluxIOIncludedT3" ] }, + "DeleteDbClusterInput":{ + "type":"structure", + "required":["dbClusterId"], + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster.

    " + } + } + }, + "DeleteDbClusterOutput":{ + "type":"structure", + "members":{ + "dbClusterStatus":{ + "shape":"ClusterStatus", + "documentation":"

    The status of the DB cluster.

    " + } + } + }, "DeleteDbInstanceInput":{ "type":"structure", "required":["identifier"], @@ -720,7 +1126,19 @@ }, "influxAuthParametersSecretArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + }, + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Specifies the DbCluster to which this DbInstance belongs to.

    " + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

    Specifies the DbInstance's role in the cluster.

    " + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

    Specifies the DbInstance's roles in the cluster.

    " } } }, @@ -755,7 +1173,8 @@ "hours", "minutes", "seconds", - "milliseconds" + "milliseconds", + "days" ] }, "DurationValueLong":{ @@ -763,6 +1182,121 @@ "box":true, "min":0 }, + "EngineType":{ + "type":"string", + "enum":[ + "INFLUXDB_V2", + "INFLUXDB_V3_CORE", + "INFLUXDB_V3_ENTERPRISE" + ] + }, + "FailoverMode":{ + "type":"string", + "enum":[ + "AUTOMATIC", + "NO_FAILOVER" + ] + }, + "GetDbClusterInput":{ + "type":"structure", + "required":["dbClusterId"], + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster to retrieve.

    " + } + } + }, + "GetDbClusterOutput":{ + "type":"structure", + "required":[ + "id", + "name", + "arn" + ], + "members":{ + "id":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster to retrieve.

    " + }, + "name":{ + "shape":"DbClusterName", + "documentation":"

    Customer-supplied name of the Timestream for InfluxDB cluster.

    " + }, + "arn":{ + "shape":"Arn", + "documentation":"

    The Amazon Resource Name (ARN) of the DB cluster.

    " + }, + "status":{ + "shape":"ClusterStatus", + "documentation":"

    The status of the DB cluster.

    " + }, + "endpoint":{ + "shape":"String", + "documentation":"

    The endpoint used to connect to the Timestream for InfluxDB cluster for write and read operations.

    " + }, + "readerEndpoint":{ + "shape":"String", + "documentation":"

    The endpoint used to connect to the Timestream for InfluxDB cluster for read-only operations.

    " + }, + "port":{ + "shape":"Port", + "documentation":"

    The port number on which InfluxDB accepts connections.

    " + }, + "deploymentType":{ + "shape":"ClusterDeploymentType", + "documentation":"

    Deployment type of the DB cluster.

    " + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

    The Timestream for InfluxDB instance type that InfluxDB runs on.

    " + }, + "networkType":{ + "shape":"NetworkType", + "documentation":"

    Specifies whether the network type of the Timestream for InfluxDB cluster is IPv4, which can communicate over IPv4 protocol only, or DUAL, which can communicate over both IPv4 and IPv6 protocols.

    " + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

    The Timestream for InfluxDB DB storage type that InfluxDB stores data on.

    " + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

    The amount of storage allocated for your DB storage type (in gibibytes).

    " + }, + "engineType":{ + "shape":"EngineType", + "documentation":"

    The engine type of your DB cluster.

    " + }, + "publiclyAccessible":{ + "shape":"Boolean", + "documentation":"

    Indicates if the DB cluster has a public IP to facilitate access from outside the VPC.

    " + }, + "dbParameterGroupIdentifier":{ + "shape":"DbParameterGroupIdentifier", + "documentation":"

    The ID of the DB parameter group assigned to your DB cluster.

    " + }, + "logDeliveryConfiguration":{ + "shape":"LogDeliveryConfiguration", + "documentation":"

    Configuration for sending InfluxDB engine logs to send to specified S3 bucket.

    " + }, + "influxAuthParametersSecretArn":{ + "shape":"String", + "documentation":"

    The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + }, + "vpcSubnetIds":{ + "shape":"VpcSubnetIdList", + "documentation":"

    A list of VPC subnet IDs associated with the DB cluster.

    " + }, + "vpcSecurityGroupIds":{ + "shape":"VpcSecurityGroupIdList", + "documentation":"

    A list of VPC security group IDs associated with the DB cluster.

    " + }, + "failoverMode":{ + "shape":"FailoverMode", + "documentation":"

    The configured failover mode for the DB cluster.

    " + } + } + }, "GetDbInstanceInput":{ "type":"structure", "required":["identifier"], @@ -856,7 +1390,19 @@ }, "influxAuthParametersSecretArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + }, + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Specifies the DbCluster to which this DbInstance belongs to.

    " + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

    Specifies the DbInstance's role in the cluster.

    " + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

    Specifies the DbInstance's roles in the cluster.

    " } } }, @@ -961,7 +1507,7 @@ }, "pprofDisabled":{ "shape":"Boolean", - "documentation":"

    Disable the /debug/pprof HTTP endpoint. This endpoint provides runtime profiling data and can be helpful when debugging.

    Default: false

    " + "documentation":"

    Disable the /debug/pprof HTTP endpoint. This endpoint provides runtime profiling data and can be helpful when debugging.

    Default: true

    " }, "queryInitialMemoryBytes":{ "shape":"InfluxDBv2ParametersQueryInitialMemoryBytesLong", @@ -1144,6 +1690,655 @@ "max":256, "min":0 }, + "InfluxDBv3CoreParameters":{ + "type":"structure", + "members":{ + "queryFileLimit":{ + "shape":"InfluxDBv3CoreParametersQueryFileLimitInteger", + "documentation":"

    Limits the number of Parquet files a query can access. If a query attempts to read more than this limit, InfluxDB 3 returns an error.

    Default: 432

    " + }, + "queryLogSize":{ + "shape":"InfluxDBv3CoreParametersQueryLogSizeInteger", + "documentation":"

    Defines the size of the query log. Up to this many queries remain in the log before older queries are evicted to make room for new ones.

    Default: 1000

    " + }, + "logFilter":{ + "shape":"InfluxDBv3CoreParametersLogFilterString", + "documentation":"

    Sets the filter directive for logs.

    " + }, + "logFormat":{ + "shape":"LogFormats", + "documentation":"

    Defines the message format for logs.

    Default: full

    " + }, + "dataFusionNumThreads":{ + "shape":"InfluxDBv3CoreParametersDataFusionNumThreadsInteger", + "documentation":"

    Sets the maximum number of DataFusion runtime threads to use.

    " + }, + "dataFusionRuntimeType":{ + "shape":"DataFusionRuntimeType", + "documentation":"

    Specifies the DataFusion tokio runtime type.

    Default: multi-thread

    " + }, + "dataFusionRuntimeDisableLifoSlot":{ + "shape":"Boolean", + "documentation":"

    Disables the LIFO slot of the DataFusion runtime.

    " + }, + "dataFusionRuntimeEventInterval":{ + "shape":"InfluxDBv3CoreParametersDataFusionRuntimeEventIntervalInteger", + "documentation":"

    Sets the number of scheduler ticks after which the scheduler of the DataFusion tokio runtime polls for external events–for example: timers, I/O.

    " + }, + "dataFusionRuntimeGlobalQueueInterval":{ + "shape":"InfluxDBv3CoreParametersDataFusionRuntimeGlobalQueueIntervalInteger", + "documentation":"

    Sets the number of scheduler ticks after which the scheduler of the DataFusion runtime polls the global task queue.

    " + }, + "dataFusionRuntimeMaxBlockingThreads":{ + "shape":"InfluxDBv3CoreParametersDataFusionRuntimeMaxBlockingThreadsInteger", + "documentation":"

    Specifies the limit for additional threads spawned by the DataFusion runtime.

    " + }, + "dataFusionRuntimeMaxIoEventsPerTick":{ + "shape":"InfluxDBv3CoreParametersDataFusionRuntimeMaxIoEventsPerTickInteger", + "documentation":"

    Configures the maximum number of events processed per tick by the tokio DataFusion runtime.

    " + }, + "dataFusionRuntimeThreadKeepAlive":{ + "shape":"Duration", + "documentation":"

    Sets a custom timeout for a thread in the blocking pool of the tokio DataFusion runtime.

    " + }, + "dataFusionRuntimeThreadPriority":{ + "shape":"InfluxDBv3CoreParametersDataFusionRuntimeThreadPriorityInteger", + "documentation":"

    Sets the thread priority for tokio DataFusion runtime workers.

    Default: 10

    " + }, + "dataFusionMaxParquetFanout":{ + "shape":"InfluxDBv3CoreParametersDataFusionMaxParquetFanoutInteger", + "documentation":"

    When multiple parquet files are required in a sorted way (deduplication for example), specifies the maximum fanout.

    Default: 1000

    " + }, + "dataFusionUseCachedParquetLoader":{ + "shape":"Boolean", + "documentation":"

    Uses a cached parquet loader when reading parquet files from the object store.

    " + }, + "dataFusionConfig":{ + "shape":"InfluxDBv3CoreParametersDataFusionConfigString", + "documentation":"

    Provides custom configuration to DataFusion as a comma-separated list of key:value pairs.

    " + }, + "maxHttpRequestSize":{ + "shape":"InfluxDBv3CoreParametersMaxHttpRequestSizeLong", + "documentation":"

    Specifies the maximum size of HTTP requests.

    Default: 10485760

    " + }, + "forceSnapshotMemThreshold":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the threshold for the internal memory buffer. Supports either a percentage (portion of available memory) or absolute value in MB–for example: 70% or 100

    Default: 70%

    " + }, + "walSnapshotSize":{ + "shape":"InfluxDBv3CoreParametersWalSnapshotSizeInteger", + "documentation":"

    Defines the number of WAL files to attempt to remove in a snapshot. This, multiplied by the interval, determines how often snapshots are taken.

    Default: 600

    " + }, + "walMaxWriteBufferSize":{ + "shape":"InfluxDBv3CoreParametersWalMaxWriteBufferSizeInteger", + "documentation":"

    Specifies the maximum number of write requests that can be buffered before a flush must be executed and succeed.

    Default: 100000

    " + }, + "snapshottedWalFilesToKeep":{ + "shape":"InfluxDBv3CoreParametersSnapshottedWalFilesToKeepInteger", + "documentation":"

    Specifies the number of snapshotted WAL files to retain in the object store. Flushing the WAL files does not clear the WAL files immediately; they are deleted when the number of snapshotted WAL files exceeds this number.

    Default: 300

    " + }, + "preemptiveCacheAge":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to prefetch into the Parquet cache during compaction.

    Default: 3d

    " + }, + "parquetMemCachePrunePercentage":{ + "shape":"InfluxDBv3CoreParametersParquetMemCachePrunePercentageFloat", + "documentation":"

    Specifies the percentage of entries to prune during a prune operation on the in-memory Parquet cache.

    Default: 0.1

    " + }, + "parquetMemCachePruneInterval":{ + "shape":"Duration", + "documentation":"

    Sets the interval to check if the in-memory Parquet cache needs to be pruned.

    Default: 1s

    " + }, + "disableParquetMemCache":{ + "shape":"Boolean", + "documentation":"

    Disables the in-memory Parquet cache. By default, the cache is enabled.

    " + }, + "parquetMemCacheQueryPathDuration":{ + "shape":"Duration", + "documentation":"

    Specifies the time window for caching recent Parquet files in memory.

    Default: 5h

    " + }, + "lastCacheEvictionInterval":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to evict expired entries from the Last-N-Value cache, expressed as a human-readable duration–for example: 20s, 1m, 1h.

    Default: 10s

    " + }, + "distinctCacheEvictionInterval":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to evict expired entries from the distinct value cache, expressed as a human-readable duration–for example: 20s, 1m, 1h.

    Default: 10s

    " + }, + "gen1Duration":{ + "shape":"Duration", + "documentation":"

    Specifies the duration that Parquet files are arranged into. Data timestamps land each row into a file of this duration. Supported durations are 1m, 5m, and 10m. These files are known as “generation 1” files that the compactor in InfluxDB 3 Enterprise can merge into larger generations.

    Default: 10m

    " + }, + "execMemPoolBytes":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the size of memory pool used during query execution. Can be given as absolute value in bytes or as a percentage of the total available memory–for example: 8000000000 or 10%.

    Default: 20%

    " + }, + "parquetMemCacheSize":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the size of the in-memory Parquet cache in megabytes or percentage of total available memory.

    Default: 20%

    " + }, + "walReplayFailOnError":{ + "shape":"Boolean", + "documentation":"

    Determines whether WAL replay should fail when encountering errors.

    Default: false

    " + }, + "walReplayConcurrencyLimit":{ + "shape":"InfluxDBv3CoreParametersWalReplayConcurrencyLimitInteger", + "documentation":"

    Concurrency limit during WAL replay. Setting this number too high can lead to OOM. The default is dynamically determined.

    Default: max(num_cpus, 10)

    " + }, + "tableIndexCacheMaxEntries":{ + "shape":"InfluxDBv3CoreParametersTableIndexCacheMaxEntriesInteger", + "documentation":"

    Specifies the maximum number of entries in the table index cache.

    Default: 1000

    " + }, + "tableIndexCacheConcurrencyLimit":{ + "shape":"InfluxDBv3CoreParametersTableIndexCacheConcurrencyLimitInteger", + "documentation":"

    Limits the concurrency level for table index cache operations.

    Default: 8

    " + }, + "gen1LookbackDuration":{ + "shape":"Duration", + "documentation":"

    Specifies how far back to look when creating generation 1 Parquet files.

    Default: 24h

    " + }, + "retentionCheckInterval":{ + "shape":"Duration", + "documentation":"

    The interval at which retention policies are checked and enforced. Enter as a human-readable time–for example: 30m or 1h.

    Default: 30m

    " + }, + "deleteGracePeriod":{ + "shape":"Duration", + "documentation":"

    Specifies the grace period before permanently deleting data.

    Default: 24h

    " + }, + "hardDeleteDefaultDuration":{ + "shape":"Duration", + "documentation":"

    Sets the default duration for hard deletion of data.

    Default: 90d

    " + } + }, + "documentation":"

    All the customer-modifiable InfluxDB v3 Core parameters in Timestream for InfluxDB.

    " + }, + "InfluxDBv3CoreParametersDataFusionConfigString":{ + "type":"string", + "pattern":"[a-zA-Z0-9_]+=[^,\\s]+(?:,[a-zA-Z0-9_]+=[^,\\s]+)*" + }, + "InfluxDBv3CoreParametersDataFusionMaxParquetFanoutInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionNumThreadsInteger":{ + "type":"integer", + "box":true, + "max":2048, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionRuntimeEventIntervalInteger":{ + "type":"integer", + "box":true, + "max":128, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionRuntimeGlobalQueueIntervalInteger":{ + "type":"integer", + "box":true, + "max":128, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionRuntimeMaxBlockingThreadsInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionRuntimeMaxIoEventsPerTickInteger":{ + "type":"integer", + "box":true, + "max":4096, + "min":1 + }, + "InfluxDBv3CoreParametersDataFusionRuntimeThreadPriorityInteger":{ + "type":"integer", + "box":true, + "max":19, + "min":-20 + }, + "InfluxDBv3CoreParametersLogFilterString":{ + "type":"string", + "max":1024, + "min":0 + }, + "InfluxDBv3CoreParametersMaxHttpRequestSizeLong":{ + "type":"long", + "box":true, + "max":16777216, + "min":1024 + }, + "InfluxDBv3CoreParametersParquetMemCachePrunePercentageFloat":{ + "type":"float", + "box":true, + "max":1, + "min":0 + }, + "InfluxDBv3CoreParametersQueryFileLimitInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":0 + }, + "InfluxDBv3CoreParametersQueryLogSizeInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":1 + }, + "InfluxDBv3CoreParametersSnapshottedWalFilesToKeepInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":0 + }, + "InfluxDBv3CoreParametersTableIndexCacheConcurrencyLimitInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "InfluxDBv3CoreParametersTableIndexCacheMaxEntriesInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "InfluxDBv3CoreParametersWalMaxWriteBufferSizeInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "InfluxDBv3CoreParametersWalReplayConcurrencyLimitInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "InfluxDBv3CoreParametersWalSnapshotSizeInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":1 + }, + "InfluxDBv3EnterpriseParameters":{ + "type":"structure", + "required":[ + "ingestQueryInstances", + "queryOnlyInstances", + "dedicatedCompactor" + ], + "members":{ + "queryFileLimit":{ + "shape":"InfluxDBv3EnterpriseParametersQueryFileLimitInteger", + "documentation":"

    Limits the number of Parquet files a query can access. If a query attempts to read more than this limit, InfluxDB 3 returns an error.

    Default: 432

    " + }, + "queryLogSize":{ + "shape":"InfluxDBv3EnterpriseParametersQueryLogSizeInteger", + "documentation":"

    Defines the size of the query log. Up to this many queries remain in the log before older queries are evicted to make room for new ones.

    Default: 1000

    " + }, + "logFilter":{ + "shape":"InfluxDBv3EnterpriseParametersLogFilterString", + "documentation":"

    Sets the filter directive for logs.

    " + }, + "logFormat":{ + "shape":"LogFormats", + "documentation":"

    Defines the message format for logs.

    Default: full

    " + }, + "dataFusionNumThreads":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionNumThreadsInteger", + "documentation":"

    Sets the maximum number of DataFusion runtime threads to use.

    " + }, + "dataFusionRuntimeType":{ + "shape":"DataFusionRuntimeType", + "documentation":"

    Specifies the DataFusion tokio runtime type.

    Default: multi-thread

    " + }, + "dataFusionRuntimeDisableLifoSlot":{ + "shape":"Boolean", + "documentation":"

    Disables the LIFO slot of the DataFusion runtime.

    " + }, + "dataFusionRuntimeEventInterval":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionRuntimeEventIntervalInteger", + "documentation":"

    Sets the number of scheduler ticks after which the scheduler of the DataFusion tokio runtime polls for external events–for example: timers, I/O.

    " + }, + "dataFusionRuntimeGlobalQueueInterval":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionRuntimeGlobalQueueIntervalInteger", + "documentation":"

    Sets the number of scheduler ticks after which the scheduler of the DataFusion runtime polls the global task queue.

    " + }, + "dataFusionRuntimeMaxBlockingThreads":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionRuntimeMaxBlockingThreadsInteger", + "documentation":"

    Specifies the limit for additional threads spawned by the DataFusion runtime.

    " + }, + "dataFusionRuntimeMaxIoEventsPerTick":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionRuntimeMaxIoEventsPerTickInteger", + "documentation":"

    Configures the maximum number of events processed per tick by the tokio DataFusion runtime.

    " + }, + "dataFusionRuntimeThreadKeepAlive":{ + "shape":"Duration", + "documentation":"

    Sets a custom timeout for a thread in the blocking pool of the tokio DataFusion runtime.

    " + }, + "dataFusionRuntimeThreadPriority":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionRuntimeThreadPriorityInteger", + "documentation":"

    Sets the thread priority for tokio DataFusion runtime workers.

    Default: 10

    " + }, + "dataFusionMaxParquetFanout":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionMaxParquetFanoutInteger", + "documentation":"

    When multiple parquet files are required in a sorted way (deduplication for example), specifies the maximum fanout.

    Default: 1000

    " + }, + "dataFusionUseCachedParquetLoader":{ + "shape":"Boolean", + "documentation":"

    Uses a cached parquet loader when reading parquet files from the object store.

    " + }, + "dataFusionConfig":{ + "shape":"InfluxDBv3EnterpriseParametersDataFusionConfigString", + "documentation":"

    Provides custom configuration to DataFusion as a comma-separated list of key:value pairs.

    " + }, + "maxHttpRequestSize":{ + "shape":"InfluxDBv3EnterpriseParametersMaxHttpRequestSizeLong", + "documentation":"

    Specifies the maximum size of HTTP requests.

    Default: 10485760

    " + }, + "forceSnapshotMemThreshold":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the threshold for the internal memory buffer. Supports either a percentage (portion of available memory) or absolute value in MB–for example: 70% or 100

    Default: 70%

    " + }, + "walSnapshotSize":{ + "shape":"InfluxDBv3EnterpriseParametersWalSnapshotSizeInteger", + "documentation":"

    Defines the number of WAL files to attempt to remove in a snapshot. This, multiplied by the interval, determines how often snapshots are taken.

    Default: 600

    " + }, + "walMaxWriteBufferSize":{ + "shape":"InfluxDBv3EnterpriseParametersWalMaxWriteBufferSizeInteger", + "documentation":"

    Specifies the maximum number of write requests that can be buffered before a flush must be executed and succeed.

    Default: 100000

    " + }, + "snapshottedWalFilesToKeep":{ + "shape":"InfluxDBv3EnterpriseParametersSnapshottedWalFilesToKeepInteger", + "documentation":"

    Specifies the number of snapshotted WAL files to retain in the object store. Flushing the WAL files does not clear the WAL files immediately; they are deleted when the number of snapshotted WAL files exceeds this number.

    Default: 300

    " + }, + "preemptiveCacheAge":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to prefetch into the Parquet cache during compaction.

    Default: 3d

    " + }, + "parquetMemCachePrunePercentage":{ + "shape":"InfluxDBv3EnterpriseParametersParquetMemCachePrunePercentageFloat", + "documentation":"

    Specifies the percentage of entries to prune during a prune operation on the in-memory Parquet cache.

    Default: 0.1

    " + }, + "parquetMemCachePruneInterval":{ + "shape":"Duration", + "documentation":"

    Sets the interval to check if the in-memory Parquet cache needs to be pruned.

    Default: 1s

    " + }, + "disableParquetMemCache":{ + "shape":"Boolean", + "documentation":"

    Disables the in-memory Parquet cache. By default, the cache is enabled.

    " + }, + "parquetMemCacheQueryPathDuration":{ + "shape":"Duration", + "documentation":"

    Specifies the time window for caching recent Parquet files in memory.

    Default: 5h

    " + }, + "lastCacheEvictionInterval":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to evict expired entries from the Last-N-Value cache, expressed as a human-readable duration–for example: 20s, 1m, 1h.

    Default: 10s

    " + }, + "distinctCacheEvictionInterval":{ + "shape":"Duration", + "documentation":"

    Specifies the interval to evict expired entries from the distinct value cache, expressed as a human-readable duration–for example: 20s, 1m, 1h.

    Default: 10s

    " + }, + "gen1Duration":{ + "shape":"Duration", + "documentation":"

    Specifies the duration that Parquet files are arranged into. Data timestamps land each row into a file of this duration. Supported durations are 1m, 5m, and 10m. These files are known as “generation 1” files, which the compactor can merge into larger generations.

    Default: 10m

    " + }, + "execMemPoolBytes":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the size of memory pool used during query execution. Can be given as absolute value in bytes or as a percentage of the total available memory–for example: 8000000000 or 10%.

    Default: 20%

    " + }, + "parquetMemCacheSize":{ + "shape":"PercentOrAbsoluteLong", + "documentation":"

    Specifies the size of the in-memory Parquet cache in megabytes or percentage of total available memory.

    Default: 20%

    " + }, + "walReplayFailOnError":{ + "shape":"Boolean", + "documentation":"

    Determines whether WAL replay should fail when encountering errors.

    Default: false

    " + }, + "walReplayConcurrencyLimit":{ + "shape":"InfluxDBv3EnterpriseParametersWalReplayConcurrencyLimitInteger", + "documentation":"

    Concurrency limit during WAL replay. Setting this number too high can lead to OOM. The default is dynamically determined.

    Default: max(num_cpus, 10)

    " + }, + "tableIndexCacheMaxEntries":{ + "shape":"InfluxDBv3EnterpriseParametersTableIndexCacheMaxEntriesInteger", + "documentation":"

    Specifies the maximum number of entries in the table index cache.

    Default: 1000

    " + }, + "tableIndexCacheConcurrencyLimit":{ + "shape":"InfluxDBv3EnterpriseParametersTableIndexCacheConcurrencyLimitInteger", + "documentation":"

    Limits the concurrency level for table index cache operations.

    Default: 8

    " + }, + "gen1LookbackDuration":{ + "shape":"Duration", + "documentation":"

    Specifies how far back to look when creating generation 1 Parquet files.

    Default: 24h

    " + }, + "retentionCheckInterval":{ + "shape":"Duration", + "documentation":"

    The interval at which retention policies are checked and enforced. Enter as a human-readable time–for example: 30m or 1h.

    Default: 30m

    " + }, + "deleteGracePeriod":{ + "shape":"Duration", + "documentation":"

    Specifies the grace period before permanently deleting data.

    Default: 24h

    " + }, + "hardDeleteDefaultDuration":{ + "shape":"Duration", + "documentation":"

    Sets the default duration for hard deletion of data.

    Default: 90d

    " + }, + "ingestQueryInstances":{ + "shape":"InfluxDBv3EnterpriseParametersIngestQueryInstancesInteger", + "documentation":"

    Specifies number of instances in the DbCluster which can both ingest and query.

    " + }, + "queryOnlyInstances":{ + "shape":"InfluxDBv3EnterpriseParametersQueryOnlyInstancesInteger", + "documentation":"

    Specifies number of instances in the DbCluster which can only query.

    " + }, + "dedicatedCompactor":{ + "shape":"Boolean", + "documentation":"

    Specifies if the compactor instance should be a standalone instance or not.

    " + }, + "compactionRowLimit":{ + "shape":"InfluxDBv3EnterpriseParametersCompactionRowLimitInteger", + "documentation":"

    Specifies the soft limit for the number of rows per file that the compactor writes. The compactor may write more rows than this limit.

    Default: 1000000

    " + }, + "compactionMaxNumFilesPerPlan":{ + "shape":"InfluxDBv3EnterpriseParametersCompactionMaxNumFilesPerPlanInteger", + "documentation":"

    Sets the maximum number of files included in any compaction plan.

    Default: 500

    " + }, + "compactionGen2Duration":{ + "shape":"Duration", + "documentation":"

    Specifies the duration of the first level of compaction (gen2). Later levels of compaction are multiples of this duration. This value should be equal to or greater than the gen1 duration.

    Default: 20m

    " + }, + "compactionMultipliers":{ + "shape":"InfluxDBv3EnterpriseParametersCompactionMultipliersString", + "documentation":"

    Specifies a comma-separated list of multiples defining the duration of each level of compaction. The number of elements in the list determines the number of compaction levels. The first element specifies the duration of the first level (gen3); subsequent levels are multiples of the previous level.

    Default: 3,4,6,5

    " + }, + "compactionCleanupWait":{ + "shape":"Duration", + "documentation":"

    Specifies the amount of time that the compactor waits after finishing a compaction run to delete files marked as needing deletion during that compaction run.

    Default: 10m

    " + }, + "compactionCheckInterval":{ + "shape":"Duration", + "documentation":"

    Specifies how often the compactor checks for new compaction work to perform.

    Default: 10s

    " + }, + "lastValueCacheDisableFromHistory":{ + "shape":"Boolean", + "documentation":"

    Disables populating the last-N-value cache from historical data. If disabled, the cache is still populated with data from the write-ahead log (WAL).

    " + }, + "distinctValueCacheDisableFromHistory":{ + "shape":"Boolean", + "documentation":"

    Disables populating the distinct value cache from historical data. If disabled, the cache is still populated with data from the write-ahead log (WAL).

    " + }, + "replicationInterval":{ + "shape":"Duration", + "documentation":"

    Specifies the interval at which data replication occurs between cluster nodes.

    Default: 250ms

    " + }, + "catalogSyncInterval":{ + "shape":"Duration", + "documentation":"

    Defines how often the catalog synchronizes across cluster nodes.

    Default: 10s

    " + } + }, + "documentation":"

    All the customer-modifiable InfluxDB v3 Enterprise parameters in Timestream for InfluxDB.

    " + }, + "InfluxDBv3EnterpriseParametersCompactionMaxNumFilesPerPlanInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersCompactionMultipliersString":{ + "type":"string", + "max":16, + "min":7, + "pattern":"\\d+,\\d+,\\d+,\\d+" + }, + "InfluxDBv3EnterpriseParametersCompactionRowLimitInteger":{ + "type":"integer", + "box":true, + "max":100000000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionConfigString":{ + "type":"string", + "pattern":"[a-zA-Z0-9_]+=[^,\\s]+(?:,[a-zA-Z0-9_]+=[^,\\s]+)*" + }, + "InfluxDBv3EnterpriseParametersDataFusionMaxParquetFanoutInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionNumThreadsInteger":{ + "type":"integer", + "box":true, + "max":2048, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionRuntimeEventIntervalInteger":{ + "type":"integer", + "box":true, + "max":128, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionRuntimeGlobalQueueIntervalInteger":{ + "type":"integer", + "box":true, + "max":128, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionRuntimeMaxBlockingThreadsInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionRuntimeMaxIoEventsPerTickInteger":{ + "type":"integer", + "box":true, + "max":4096, + "min":1 + }, + "InfluxDBv3EnterpriseParametersDataFusionRuntimeThreadPriorityInteger":{ + "type":"integer", + "box":true, + "max":19, + "min":-20 + }, + "InfluxDBv3EnterpriseParametersIngestQueryInstancesInteger":{ + "type":"integer", + "box":true, + "max":4, + "min":1 + }, + "InfluxDBv3EnterpriseParametersLogFilterString":{ + "type":"string", + "max":1024, + "min":0 + }, + "InfluxDBv3EnterpriseParametersMaxHttpRequestSizeLong":{ + "type":"long", + "box":true, + "max":16777216, + "min":1024 + }, + "InfluxDBv3EnterpriseParametersParquetMemCachePrunePercentageFloat":{ + "type":"float", + "box":true, + "max":1, + "min":0 + }, + "InfluxDBv3EnterpriseParametersQueryFileLimitInteger":{ + "type":"integer", + "box":true, + "max":1024, + "min":0 + }, + "InfluxDBv3EnterpriseParametersQueryLogSizeInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersQueryOnlyInstancesInteger":{ + "type":"integer", + "box":true, + "max":10, + "min":0 + }, + "InfluxDBv3EnterpriseParametersSnapshottedWalFilesToKeepInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":0 + }, + "InfluxDBv3EnterpriseParametersTableIndexCacheConcurrencyLimitInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "InfluxDBv3EnterpriseParametersTableIndexCacheMaxEntriesInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersWalMaxWriteBufferSizeInteger":{ + "type":"integer", + "box":true, + "max":1000000, + "min":1 + }, + "InfluxDBv3EnterpriseParametersWalReplayConcurrencyLimitInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "InfluxDBv3EnterpriseParametersWalSnapshotSizeInteger":{ + "type":"integer", + "box":true, + "max":10000, + "min":1 + }, + "InstanceMode":{ + "type":"string", + "enum":[ + "PRIMARY", + "STANDBY", + "REPLICA", + "INGEST", + "QUERY", + "COMPACT", + "PROCESS" + ] + }, + "InstanceModeList":{ + "type":"list", + "member":{"shape":"InstanceMode"} + }, "Integer":{ "type":"integer", "box":true @@ -1159,6 +2354,65 @@ "fault":true, "retryable":{"throttling":false} }, + "ListDbClustersInput":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token. To resume pagination, provide the nextToken value as an argument of a subsequent API invocation.

    " + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the output. If the total number of items available is more than the value specified, a nextToken is provided in the output. To resume pagination, provide the nextToken value as an argument of a subsequent API invocation.

    " + } + } + }, + "ListDbClustersOutput":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"DbClusterSummaryList", + "documentation":"

    A list of Timestream for InfluxDB cluster summaries.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    Token from a previous call of the operation. When this value is provided, the service returns results from where the previous response left off.

    " + } + } + }, + "ListDbInstancesForClusterInput":{ + "type":"structure", + "required":["dbClusterId"], + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    The pagination token. To resume pagination, provide the nextToken value as an argument of a subsequent API invocation.

    " + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of items to return in the output. If the total number of items available is more than the value specified, a nextToken is provided in the output. To resume pagination, provide the nextToken value as an argument of a subsequent API invocation.

    " + } + } + }, + "ListDbInstancesForClusterOutput":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"DbInstanceForClusterSummaryList", + "documentation":"

    A list of Timestream for InfluxDB instance summaries belonging to the cluster.

    " + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    Token from a previous call of the operation. When this value is provided, the service returns results from where the previous response left off.

    " + } + } + }, "ListDbInstancesInput":{ "type":"structure", "members":{ @@ -1243,6 +2497,10 @@ }, "documentation":"

    Configuration for sending InfluxDB engine logs to send to specified S3 bucket.

    " }, + "LogFormats":{ + "type":"string", + "enum":["full"] + }, "LogLevel":{ "type":"string", "enum":[ @@ -1279,6 +2537,14 @@ "InfluxDBv2":{ "shape":"InfluxDBv2Parameters", "documentation":"

    All the customer-modifiable InfluxDB v2 parameters in Timestream for InfluxDB.

    " + }, + "InfluxDBv3Core":{ + "shape":"InfluxDBv3CoreParameters", + "documentation":"

    All the customer-modifiable InfluxDB v3 Core parameters in Timestream for InfluxDB.

    " + }, + "InfluxDBv3Enterprise":{ + "shape":"InfluxDBv3EnterpriseParameters", + "documentation":"

    All the customer-modifiable InfluxDB v3 Enterprise parameters in Timestream for InfluxDB.

    " } }, "documentation":"

    The parameters that comprise the parameter group.

    ", @@ -1291,6 +2557,33 @@ "pattern":"[a-zA-Z0-9]+", "sensitive":true }, + "PercentOrAbsoluteLong":{ + "type":"structure", + "members":{ + "percent":{ + "shape":"PercentOrAbsoluteLongPercentString", + "documentation":"

    Percent for InfluxDB parameters.

    " + }, + "absolute":{ + "shape":"PercentOrAbsoluteLongAbsoluteLong", + "documentation":"

    Absolute long for InfluxDB parameters.

    " + } + }, + "documentation":"

    Percent or Absolute Long for InfluxDB parameters

    ", + "union":true + }, + "PercentOrAbsoluteLongAbsoluteLong":{ + "type":"long", + "box":true, + "max":1610612736000, + "min":0 + }, + "PercentOrAbsoluteLongPercentString":{ + "type":"string", + "max":4, + "min":2, + "pattern":"(?:100|[1-9]?[0-9])%" + }, "Port":{ "type":"integer", "box":true, @@ -1376,7 +2669,8 @@ "DELETED", "FAILED", "UPDATING_DEPLOYMENT_TYPE", - "UPDATING_INSTANCE_TYPE" + "UPDATING_INSTANCE_TYPE", + "MAINTENANCE" ] }, "String":{"type":"string"}, @@ -1431,7 +2725,8 @@ "type":"string", "enum":[ "log", - "jaeger" + "jaeger", + "disabled" ] }, "UntagResourceRequest":{ @@ -1451,6 +2746,45 @@ } } }, + "UpdateDbClusterInput":{ + "type":"structure", + "required":["dbClusterId"], + "members":{ + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Service-generated unique identifier of the DB cluster to update.

    " + }, + "logDeliveryConfiguration":{ + "shape":"LogDeliveryConfiguration", + "documentation":"

    The log delivery configuration to apply to the DB cluster.

    " + }, + "dbParameterGroupIdentifier":{ + "shape":"DbParameterGroupIdentifier", + "documentation":"

    Update the DB cluster to use the specified DB parameter group.

    " + }, + "port":{ + "shape":"Port", + "documentation":"

    Update the DB cluster to use the specified port.

    " + }, + "dbInstanceType":{ + "shape":"DbInstanceType", + "documentation":"

    Update the DB cluster to use the specified DB instance Type.

    " + }, + "failoverMode":{ + "shape":"FailoverMode", + "documentation":"

    Update the DB cluster's failover behavior.

    " + } + } + }, + "UpdateDbClusterOutput":{ + "type":"structure", + "members":{ + "dbClusterStatus":{ + "shape":"ClusterStatus", + "documentation":"

    The status of the DB cluster.

    " + } + } + }, "UpdateDbInstanceInput":{ "type":"structure", "required":["identifier"], @@ -1478,6 +2812,14 @@ "deploymentType":{ "shape":"DeploymentType", "documentation":"

    Specifies whether the DB instance will be deployed as a standalone instance or with a Multi-AZ standby for high availability.

    " + }, + "dbStorageType":{ + "shape":"DbStorageType", + "documentation":"

    The Timestream for InfluxDB DB storage type that InfluxDB stores data on.

    " + }, + "allocatedStorage":{ + "shape":"AllocatedStorage", + "documentation":"

    The amount of storage to allocate for your DB storage type (in gibibytes).

    " } } }, @@ -1496,7 +2838,7 @@ }, "name":{ "shape":"DbInstanceName", - "documentation":"

    This customer-supplied name uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and Amazon Web Services CLI commands.

    " + "documentation":"

    This customer-supplied name uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and CLI commands.

    " }, "arn":{ "shape":"Arn", @@ -1564,7 +2906,19 @@ }, "influxAuthParametersSecretArn":{ "shape":"String", - "documentation":"

    The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Secrets Manager secret containing the initial InfluxDB authorization parameters. The secret value is a JSON formatted key-value pair holding InfluxDB authorization values: organization, bucket, username, and password.

    " + }, + "dbClusterId":{ + "shape":"DbClusterId", + "documentation":"

    Specifies the DbCluster to which this DbInstance belongs to.

    " + }, + "instanceMode":{ + "shape":"InstanceMode", + "documentation":"

    Specifies the DbInstance's role in the cluster.

    " + }, + "instanceModes":{ + "shape":"InstanceModeList", + "documentation":"

    Specifies the DbInstance's roles in the cluster.

    " } } }, diff -pruN 2.23.6-1/awscli/botocore/data/timestream-query/2018-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/timestream-query/2018-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/timestream-query/2018-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-query/2018-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -167,6 +167,56 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-query-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-query.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://query.timestream-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", @@ -219,6 +269,31 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + } + ], + "endpoint": { + "url": "https://query.timestream.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://query.timestream-fips.{Region}.{PartitionResult#dnsSuffix}", @@ -271,6 +346,56 @@ ], "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-query.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-query.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://query.timestream.{Region}.{PartitionResult#dualStackDnsSuffix}", diff -pruN 2.23.6-1/awscli/botocore/data/timestream-query/2018-11-01/service-2.json 2.31.35-1/awscli/botocore/data/timestream-query/2018-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/timestream-query/2018-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-query/2018-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -492,8 +492,7 @@ }, "DescribeAccountSettingsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountSettingsResponse":{ "type":"structure", @@ -514,8 +513,7 @@ }, "DescribeEndpointsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEndpointsResponse":{ "type":"structure", @@ -1707,8 +1705,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1863,8 +1860,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccountSettingsRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/timestream-write/2018-11-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/timestream-write/2018-11-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/timestream-write/2018-11-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-write/2018-11-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,9 +165,58 @@ ] } ], - "type": "tree", "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-ingest-fips.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-ingest.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://ingest.timestream-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", @@ -179,14 +225,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +248,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +262,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +281,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +302,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +325,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,9 +344,58 @@ ] } ], - "type": "tree", "rules": [ { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-ingest.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://timestream-ingest.{Region}.api.aws", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { "conditions": [], "endpoint": { "url": "https://ingest.timestream.{Region}.{PartitionResult#dualStackDnsSuffix}", @@ -308,14 +404,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +424,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/timestream-write/2018-11-01/service-2.json 2.31.35-1/awscli/botocore/data/timestream-write/2018-11-01/service-2.json --- 2.23.6-1/awscli/botocore/data/timestream-write/2018-11-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/timestream-write/2018-11-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,13 +5,15 @@ "endpointPrefix":"ingest.timestream", "jsonVersion":"1.0", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"Timestream Write", "serviceFullName":"Amazon Timestream Write", "serviceId":"Timestream Write", "signatureVersion":"v4", "signingName":"timestream", "targetPrefix":"Timestream_20181101", - "uid":"timestream-write-2018-11-01" + "uid":"timestream-write-2018-11-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateBatchLoadTask":{ @@ -887,8 +889,7 @@ }, "DescribeEndpointsRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEndpointsResponse":{ "type":"structure", @@ -1476,8 +1477,7 @@ }, "ResumeBatchLoadTaskResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RetentionProperties":{ "type":"structure", @@ -1701,8 +1701,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1746,8 +1745,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDatabaseRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/tnb/2008-10-21/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/tnb/2008-10-21/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/tnb/2008-10-21/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/tnb/2008-10-21/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/transcribe/2017-10-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/transcribe/2017-10-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/transcribe/2017-10-26/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/transcribe/2017-10-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/transcribe/2017-10-26/service-2.json 2.31.35-1/awscli/botocore/data/transcribe/2017-10-26/service-2.json --- 2.23.6-1/awscli/botocore/data/transcribe/2017-10-26/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/transcribe/2017-10-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -536,7 +536,7 @@ {"shape":"InternalFailureException"}, {"shape":"ConflictException"} ], - "documentation":"

    Transcribes the audio from a customer service call and applies any additional Request Parameters you choose to include in your request.

    In addition to many standard transcription features, Call Analytics provides you with call characteristics, call summarization, speaker sentiment, and optional redaction of your text transcript and your audio file. You can also apply custom categories to flag specified conditions. To learn more about these features and insights, refer to Analyzing call center audio with Call Analytics.

    If you want to apply categories to your Call Analytics job, you must create them before submitting your job request. Categories cannot be retroactively applied to a job. To create a new category, use the operation. To learn more about Call Analytics categories, see Creating categories for post-call transcriptions and Creating categories for real-time transcriptions.

    To make a StartCallAnalyticsJob request, you must first upload your media file into an Amazon S3 bucket; you can then specify the Amazon S3 location of the file using the Media parameter.

    Note that job queuing is enabled by default for Call Analytics jobs.

    You must include the following parameters in your StartCallAnalyticsJob request:

    • region: The Amazon Web Services Region where you are making your request. For a list of Amazon Web Services Regions supported with Amazon Transcribe, refer to Amazon Transcribe endpoints and quotas.

    • CallAnalyticsJobName: A custom name that you create for your transcription job that's unique within your Amazon Web Services account.

    • DataAccessRoleArn: The Amazon Resource Name (ARN) of an IAM role that has permissions to access the Amazon S3 bucket that contains your input files.

    • Media (MediaFileUri or RedactedMediaFileUri): The Amazon S3 location of your media file.

    With Call Analytics, you can redact the audio contained in your media file by including RedactedMediaFileUri, instead of MediaFileUri, to specify the location of your input audio. If you choose to redact your audio, you can find your redacted media at the location specified in the RedactedMediaFileUri field of your response.

    " + "documentation":"

    Transcribes the audio from a customer service call and applies any additional Request Parameters you choose to include in your request.

    In addition to many standard transcription features, Call Analytics provides you with call characteristics, call summarization, speaker sentiment, and optional redaction of your text transcript and your audio file. You can also apply custom categories to flag specified conditions. To learn more about these features and insights, refer to Analyzing call center audio with Call Analytics.

    If you want to apply categories to your Call Analytics job, you must create them before submitting your job request. Categories cannot be retroactively applied to a job. To create a new category, use the operation. To learn more about Call Analytics categories, see Creating categories for post-call transcriptions and Creating categories for real-time transcriptions.

    To make a StartCallAnalyticsJob request, you must first upload your media file into an Amazon S3 bucket; you can then specify the Amazon S3 location of the file using the Media parameter.

    Job queuing is available for Call Analytics jobs. If you pass a DataAccessRoleArn in your request and you exceed your Concurrent Job Limit, your job will automatically be added to a queue to be processed once your concurrent job count is below the limit.

    You must include the following parameters in your StartCallAnalyticsJob request:

    • region: The Amazon Web Services Region where you are making your request. For a list of Amazon Web Services Regions supported with Amazon Transcribe, refer to Amazon Transcribe endpoints and quotas.

    • CallAnalyticsJobName: A custom name that you create for your transcription job that's unique within your Amazon Web Services account.

    • Media (MediaFileUri or RedactedMediaFileUri): The Amazon S3 location of your media file.

    With Call Analytics, you can redact the audio contained in your media file by including RedactedMediaFileUri, instead of MediaFileUri, to specify the location of your input audio. If you choose to redact your audio, you can find your redacted media at the location specified in the RedactedMediaFileUri field of your response.

    " }, "StartMedicalScribeJob":{ "name":"StartMedicalScribeJob", @@ -552,7 +552,7 @@ {"shape":"InternalFailureException"}, {"shape":"ConflictException"} ], - "documentation":"

    Transcribes patient-clinician conversations and generates clinical notes.

    Amazon Web Services HealthScribe automatically provides rich conversation transcripts, identifies speaker roles, classifies dialogues, extracts medical terms, and generates preliminary clinical notes. To learn more about these features, refer to Amazon Web Services HealthScribe.

    To make a StartMedicalScribeJob request, you must first upload your media file into an Amazon S3 bucket; you can then specify the Amazon S3 location of the file using the Media parameter.

    You must include the following parameters in your StartMedicalTranscriptionJob request:

    • DataAccessRoleArn: The ARN of an IAM role with the these minimum permissions: read permission on input file Amazon S3 bucket specified in Media, write permission on the Amazon S3 bucket specified in OutputBucketName, and full permissions on the KMS key specified in OutputEncryptionKMSKeyId (if set). The role should also allow transcribe.amazonaws.com to assume it.

    • Media (MediaFileUri): The Amazon S3 location of your media file.

    • MedicalScribeJobName: A custom name you create for your MedicalScribe job that is unique within your Amazon Web Services account.

    • OutputBucketName: The Amazon S3 bucket where you want your output files stored.

    • Settings: A MedicalScribeSettings obect that must set exactly one of ShowSpeakerLabels or ChannelIdentification to true. If ShowSpeakerLabels is true, MaxSpeakerLabels must also be set.

    • ChannelDefinitions: A MedicalScribeChannelDefinitions array should be set if and only if the ChannelIdentification value of Settings is set to true.

    " + "documentation":"

    Transcribes patient-clinician conversations and generates clinical notes.

    Amazon Web Services HealthScribe automatically provides rich conversation transcripts, identifies speaker roles, classifies dialogues, extracts medical terms, and generates preliminary clinical notes. To learn more about these features, refer to Amazon Web Services HealthScribe.

    To make a StartMedicalScribeJob request, you must first upload your media file into an Amazon S3 bucket; you can then specify the Amazon S3 location of the file using the Media parameter.

    You must include the following parameters in your StartMedicalTranscriptionJob request:

    • DataAccessRoleArn: The ARN of an IAM role with the these minimum permissions: read permission on input file Amazon S3 bucket specified in Media, write permission on the Amazon S3 bucket specified in OutputBucketName, and full permissions on the KMS key specified in OutputEncryptionKMSKeyId (if set). The role should also allow transcribe.amazonaws.com to assume it.

    • Media (MediaFileUri): The Amazon S3 location of your media file.

    • MedicalScribeJobName: A custom name you create for your MedicalScribe job that is unique within your Amazon Web Services account.

    • OutputBucketName: The Amazon S3 bucket where you want your output files stored.

    • Settings: A MedicalScribeSettings object that must set exactly one of ShowSpeakerLabels or ChannelIdentification to true. If ShowSpeakerLabels is true, MaxSpeakerLabels must also be set.

    • ChannelDefinitions: A MedicalScribeChannelDefinitions array should be set if and only if the ChannelIdentification value of Settings is set to true.

    " }, "StartMedicalTranscriptionJob":{ "name":"StartMedicalTranscriptionJob", @@ -852,7 +852,7 @@ "ContentRedaction":{"shape":"ContentRedaction"}, "LanguageOptions":{ "shape":"LanguageOptions", - "documentation":"

    You can specify two or more language codes that represent the languages you think may be present in your media. Including more than five is not recommended. If you're unsure what languages are present, do not include this parameter.

    Including language options can improve the accuracy of language identification.

    For a list of languages supported with Call Analytics, refer to the Supported languages table.

    To transcribe speech in Modern Standard Arabic (ar-SA), your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " + "documentation":"

    You can specify two or more language codes that represent the languages you think may be present in your media. Including more than five is not recommended. If you're unsure what languages are present, do not include this parameter.

    Including language options can improve the accuracy of language identification.

    For a list of languages supported with Call Analytics, refer to the Supported languages table.

    To transcribe speech in Modern Standard Arabic (ar-SA) in Amazon Web Services GovCloud (US) (US-West, us-gov-west-1), Amazon Web Services GovCloud (US) (US-East, us-gov-east-1), Canada (Calgary) ca-west-1 and Africa (Cape Town) af-south-1, your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " }, "LanguageIdSettings":{ "shape":"LanguageIdSettingsMap", @@ -1010,6 +1010,16 @@ "max":1, "min":0 }, + "ClinicalNoteGenerationSettings":{ + "type":"structure", + "members":{ + "NoteTemplate":{ + "shape":"MedicalScribeNoteTemplate", + "documentation":"

    Specify one of the following templates to use for the clinical note summary. The default is HISTORY_AND_PHYSICAL.

    • HISTORY_AND_PHYSICAL: Provides summaries for key sections of the clinical documentation. Examples of sections include Chief Complaint, History of Present Illness, Review of Systems, Past Medical History, Assessment, and Plan.

    • GIRPP: Provides summaries based on the patients progress toward goals. Examples of sections include Goal, Intervention, Response, Progress, and Plan.

    • BIRP: Focuses on the patient's behavioral patterns and responses. Examples of sections include Behavior, Intervention, Response, and Plan.

    • SIRP: Emphasizes the situational context of therapy. Examples of sections include Situation, Intervention, Response, and Plan.

    • DAP: Provides a simplified format for clinical documentation. Examples of sections include Data, Assessment, and Plan.

    • BEHAVIORAL_SOAP: Behavioral health focused documentation format. Examples of sections include Subjective, Objective, Assessment, and Plan.

    • PHYSICAL_SOAP: Physical health focused documentation format. Examples of sections include Subjective, Objective, Assessment, and Plan.

    " + } + }, + "documentation":"

    The output configuration for clinical note generation.

    " + }, "ConflictException":{ "type":"structure", "members":{ @@ -1308,8 +1318,7 @@ }, "DeleteCallAnalyticsCategoryResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteCallAnalyticsJobRequest":{ "type":"structure", @@ -1323,8 +1332,7 @@ }, "DeleteCallAnalyticsJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLanguageModelRequest":{ "type":"structure", @@ -1769,6 +1777,7 @@ "cs-CZ", "cy-WL", "el-GR", + "et-EE", "et-ET", "eu-ES", "fi-FI", @@ -1818,6 +1827,7 @@ "uk-UA", "uz-UZ", "wo-SN", + "zh-HK", "zu-ZA" ] }, @@ -2345,6 +2355,16 @@ "max":1, "min":0 }, + "MedicalScribeContext":{ + "type":"structure", + "members":{ + "PatientContext":{ + "shape":"MedicalScribePatientContext", + "documentation":"

    Contains patient-specific information.

    " + } + }, + "documentation":"

    The MedicalScribeContext object that contains contextual information used to generate customized clinical notes.

    " + }, "MedicalScribeJob":{ "type":"structure", "members":{ @@ -2393,9 +2413,13 @@ "shape":"MedicalScribeChannelDefinitions", "documentation":"

    Makes it possible to specify which speaker is on which channel. For example, if the clinician is the first participant to speak, you would set ChannelId of the first ChannelDefinition in the list to 0 (to indicate the first channel) and ParticipantRole to CLINICIAN (to indicate that it's the clinician speaking). Then you would set the ChannelId of the second ChannelDefinition in the list to 1 (to indicate the second channel) and ParticipantRole to PATIENT (to indicate that it's the patient speaking).

    " }, + "MedicalScribeContextProvided":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the MedicalScribeContext object was provided when the Medical Scribe job was started.

    " + }, "Tags":{ "shape":"TagList", - "documentation":"

    Adds one or more custom tags, each in the form of a key:value pair, to the Medica Scribe job.

    To learn more about using tags with Amazon Transcribe, refer to Tagging resources.

    " + "documentation":"

    Adds one or more custom tags, each in the form of a key:value pair, to the Medical Scribe job.

    To learn more about using tags with Amazon Transcribe, refer to Tagging resources.

    " } }, "documentation":"

    Provides detailed information about a Medical Scribe job.

    To view the status of the specified Medical Scribe job, check the MedicalScribeJobStatus field. If the status is COMPLETED, the job is finished and you can find the results at the locations specified in MedicalScribeOutput. If the status is FAILED, FailureReason provides details on why your Medical Scribe job failed.

    " @@ -2451,6 +2475,18 @@ "type":"string", "enum":["en-US"] }, + "MedicalScribeNoteTemplate":{ + "type":"string", + "enum":[ + "HISTORY_AND_PHYSICAL", + "GIRPP", + "BIRP", + "SIRP", + "DAP", + "BEHAVIORAL_SOAP", + "PHYSICAL_SOAP" + ] + }, "MedicalScribeOutput":{ "type":"structure", "required":[ @@ -2476,6 +2512,16 @@ "CLINICIAN" ] }, + "MedicalScribePatientContext":{ + "type":"structure", + "members":{ + "Pronouns":{ + "shape":"Pronouns", + "documentation":"

    The patient's preferred pronouns that the user wants to provide as a context for clinical note generation.

    " + } + }, + "documentation":"

    Contains patient-specific information used to customize the clinical note generation.

    " + }, "MedicalScribeSettings":{ "type":"structure", "members":{ @@ -2502,6 +2548,10 @@ "VocabularyFilterMethod":{ "shape":"VocabularyFilterMethod", "documentation":"

    Specify how you want your custom vocabulary filter applied to your transcript.

    To replace words with ***, choose mask.

    To delete words, choose remove.

    To flag words without changing them, choose tag.

    " + }, + "ClinicalNoteGenerationSettings":{ + "shape":"ClinicalNoteGenerationSettings", + "documentation":"

    Specify settings for the clinical note generation.

    " } }, "documentation":"

    Makes it possible to control how your Medical Scribe job is processed using a MedicalScribeSettings object. Specify ChannelIdentification if ChannelDefinitions are set. Enabled ShowSpeakerLabels if ChannelIdentification and ChannelDefinitions are not set. One and only one of ChannelIdentification and ShowSpeakerLabels must be set. If ShowSpeakerLabels is set, MaxSpeakerLabels must also be set. Use Settings to specify a vocabulary or vocabulary filter or both using VocabularyName, VocabularyFilterName. VocabularyFilterMethod must be specified if VocabularyFilterName is set.

    " @@ -2799,6 +2849,15 @@ "max":11, "min":0 }, + "Pronouns":{ + "type":"string", + "enum":[ + "HE_HIM", + "SHE_HER", + "THEY_THEM" + ], + "sensitive":true + }, "RedactionOutput":{ "type":"string", "enum":[ @@ -2966,7 +3025,7 @@ }, "OutputEncryptionKMSKeyId":{ "shape":"KMSKeyId", - "documentation":"

    The KMS key you want to use to encrypt your Call Analytics output.

    If using a key located in the current Amazon Web Services account, you can specify your KMS key in one of four ways:

    1. Use the KMS key ID itself. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use an alias for the KMS key ID. For example, alias/ExampleAlias.

    3. Use the Amazon Resource Name (ARN) for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    4. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If using a key located in a different Amazon Web Services account than the current Amazon Web Services account, you can specify your KMS key in one of two ways:

    1. Use the ARN for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    If you specify a KMS key to encrypt your output, you must also specify an output location using the OutputLocation parameter.

    Note that the role making the request must have permission to use the specified KMS key.

    " + "documentation":"

    The Amazon Resource Name (ARN) of a KMS key that you want to use to encrypt your Call Analytics output.

    KMS key ARNs have the format arn:partition:kms:region:account:key/key-id. For example: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. For more information, see KMS key ARNs.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    Note that the role making the request and the role specified in the DataAccessRoleArn request parameter (if present) must have permission to use the specified KMS key.

    " }, "DataAccessRoleArn":{ "shape":"DataAccessRoleArn", @@ -3016,7 +3075,7 @@ }, "OutputEncryptionKMSKeyId":{ "shape":"KMSKeyId", - "documentation":"

    The KMS key you want to use to encrypt your Medical Scribe output.

    If using a key located in the current Amazon Web Services account, you can specify your KMS key in one of four ways:

    1. Use the KMS key ID itself. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use an alias for the KMS key ID. For example, alias/ExampleAlias.

    3. Use the Amazon Resource Name (ARN) for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    4. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If using a key located in a different Amazon Web Services account than the current Amazon Web Services account, you can specify your KMS key in one of two ways:

    1. Use the ARN for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    Note that the role specified in the DataAccessRoleArn request parameter must have permission to use the specified KMS key.

    " + "documentation":"

    The Amazon Resource Name (ARN) of a KMS key that you want to use to encrypt your Medical Scribe output.

    KMS key ARNs have the format arn:partition:kms:region:account:key/key-id. For example: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. For more information, see KMS key ARNs.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    Note that the role making the request and the role specified in the DataAccessRoleArn request parameter (if present) must have permission to use the specified KMS key.

    " }, "KMSEncryptionContext":{ "shape":"KMSEncryptionContextMap", @@ -3036,7 +3095,11 @@ }, "Tags":{ "shape":"TagList", - "documentation":"

    Adds one or more custom tags, each in the form of a key:value pair, to the Medica Scribe job.

    To learn more about using tags with Amazon Transcribe, refer to Tagging resources.

    " + "documentation":"

    Adds one or more custom tags, each in the form of a key:value pair, to the Medical Scribe job.

    To learn more about using tags with Amazon Transcribe, refer to Tagging resources.

    " + }, + "MedicalScribeContext":{ + "shape":"MedicalScribeContext", + "documentation":"

    The MedicalScribeContext object that contains contextual information which is used during clinical note generation to add relevant context to the note.

    " } } }, @@ -3087,7 +3150,7 @@ }, "OutputEncryptionKMSKeyId":{ "shape":"KMSKeyId", - "documentation":"

    The KMS key you want to use to encrypt your medical transcription output.

    If using a key located in the current Amazon Web Services account, you can specify your KMS key in one of four ways:

    1. Use the KMS key ID itself. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use an alias for the KMS key ID. For example, alias/ExampleAlias.

    3. Use the Amazon Resource Name (ARN) for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    4. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If using a key located in a different Amazon Web Services account than the current Amazon Web Services account, you can specify your KMS key in one of two ways:

    1. Use the ARN for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    If you specify a KMS key to encrypt your output, you must also specify an output location using the OutputLocation parameter.

    Note that the role making the request must have permission to use the specified KMS key.

    " + "documentation":"

    The Amazon Resource Name (ARN) of a KMS key that you want to use to encrypt your medical transcription output.

    KMS key ARNs have the format arn:partition:kms:region:account:key/key-id. For example: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. For more information, see KMS key ARNs.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    Note that the role making the request and the role specified in the DataAccessRoleArn request parameter (if present) must have permission to use the specified KMS key.

    " }, "KMSEncryptionContext":{ "shape":"KMSEncryptionContextMap", @@ -3137,7 +3200,7 @@ }, "LanguageCode":{ "shape":"LanguageCode", - "documentation":"

    The language code that represents the language spoken in the input media file.

    If you're unsure of the language spoken in your media file, consider using IdentifyLanguage or IdentifyMultipleLanguages to enable automatic language identification.

    Note that you must include one of LanguageCode, IdentifyLanguage, or IdentifyMultipleLanguages in your request. If you include more than one of these parameters, your transcription job fails.

    For a list of supported languages and their associated language codes, refer to the Supported languages table.

    To transcribe speech in Modern Standard Arabic (ar-SA), your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " + "documentation":"

    The language code that represents the language spoken in the input media file.

    If you're unsure of the language spoken in your media file, consider using IdentifyLanguage or IdentifyMultipleLanguages to enable automatic language identification.

    Note that you must include one of LanguageCode, IdentifyLanguage, or IdentifyMultipleLanguages in your request. If you include more than one of these parameters, your transcription job fails.

    For a list of supported languages and their associated language codes, refer to the Supported languages table.

    To transcribe speech in Modern Standard Arabic (ar-SA) in Amazon Web Services GovCloud (US) (US-West, us-gov-west-1), Amazon Web Services GovCloud (US) (US-East, us-gov-east-1), Canada (Calgary, ca-west-1) and Africa (Cape Town, af-south-1), your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " }, "MediaSampleRateHertz":{ "shape":"MediaSampleRateHertz", @@ -3161,7 +3224,7 @@ }, "OutputEncryptionKMSKeyId":{ "shape":"KMSKeyId", - "documentation":"

    The KMS key you want to use to encrypt your transcription output.

    If using a key located in the current Amazon Web Services account, you can specify your KMS key in one of four ways:

    1. Use the KMS key ID itself. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use an alias for the KMS key ID. For example, alias/ExampleAlias.

    3. Use the Amazon Resource Name (ARN) for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    4. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If using a key located in a different Amazon Web Services account than the current Amazon Web Services account, you can specify your KMS key in one of two ways:

    1. Use the ARN for the KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.

    2. Use the ARN for the KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    If you specify a KMS key to encrypt your output, you must also specify an output location using the OutputLocation parameter.

    Note that the role making the request must have permission to use the specified KMS key.

    " + "documentation":"

    The Amazon Resource Name (ARN) of a KMS key that you want to use to encrypt your transcription output.

    KMS key ARNs have the format arn:partition:kms:region:account:key/key-id. For example: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. For more information, see KMS key ARNs.

    If you do not specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

    Note that the role making the request and the role specified in the DataAccessRoleArn request parameter (if present) must have permission to use the specified KMS key.

    " }, "KMSEncryptionContext":{ "shape":"KMSEncryptionContextMap", @@ -3193,7 +3256,7 @@ }, "LanguageOptions":{ "shape":"LanguageOptions", - "documentation":"

    You can specify two or more language codes that represent the languages you think may be present in your media. Including more than five is not recommended. If you're unsure what languages are present, do not include this parameter.

    If you include LanguageOptions in your request, you must also include IdentifyLanguage.

    For more information, refer to Supported languages.

    To transcribe speech in Modern Standard Arabic (ar-SA), your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " + "documentation":"

    You can specify two or more language codes that represent the languages you think may be present in your media. Including more than five is not recommended. If you're unsure what languages are present, do not include this parameter.

    If you include LanguageOptions in your request, you must also include IdentifyLanguage.

    For more information, refer to Supported languages.

    To transcribe speech in Modern Standard Arabic (ar-SA)in Amazon Web Services GovCloud (US) (US-West, us-gov-west-1), Amazon Web Services GovCloud (US) (US-East, us-gov-east-1), in Canada (Calgary) ca-west-1 and Africa (Cape Town) af-south-1, your media file must be encoded at a sample rate of 16,000 Hz or higher.

    " }, "Subtitles":{ "shape":"Subtitles", @@ -3345,8 +3408,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3653,8 +3715,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCallAnalyticsCategoryRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/transfer/2018-11-05/service-2.json 2.31.35-1/awscli/botocore/data/transfer/2018-11-05/service-2.json --- 2.23.6-1/awscli/botocore/data/transfer/2018-11-05/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/transfer/2018-11-05/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -368,7 +368,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the access that is assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property and its ExternalId.

    The response from this call returns the properties of the access that is associated with the ServerId value that was specified.

    " + "documentation":"

    Describes the access that is assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property and its ExternalId.

    The response from this call returns the properties of the access that is associated with the ServerId value that was specified.

    ", + "readonly":true }, "DescribeAgreement":{ "name":"DescribeAgreement", @@ -384,7 +385,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the agreement that's identified by the AgreementId.

    " + "documentation":"

    Describes the agreement that's identified by the AgreementId.

    ", + "readonly":true }, "DescribeCertificate":{ "name":"DescribeCertificate", @@ -400,7 +402,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the certificate that's identified by the CertificateId.

    " + "documentation":"

    Describes the certificate that's identified by the CertificateId.

    Transfer Family automatically publishes a Amazon CloudWatch metric called DaysUntilExpiry for imported certificates. This metric tracks the number of days until the certificate expires based on the InactiveDate. The metric is available in the AWS/Transfer namespace and includes the CertificateId as a dimension.

    ", + "readonly":true }, "DescribeConnector":{ "name":"DescribeConnector", @@ -416,7 +419,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the connector that's identified by the ConnectorId.

    " + "documentation":"

    Describes the connector that's identified by the ConnectorId.

    ", + "readonly":true }, "DescribeExecution":{ "name":"DescribeExecution", @@ -432,7 +436,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    You can use DescribeExecution to check the details of the execution of the specified workflow.

    This API call only returns details for in-progress workflows.

    If you provide an ID for an execution that is not in progress, or if the execution doesn't match the specified workflow ID, you receive a ResourceNotFound exception.

    " + "documentation":"

    You can use DescribeExecution to check the details of the execution of the specified workflow.

    This API call only returns details for in-progress workflows.

    If you provide an ID for an execution that is not in progress, or if the execution doesn't match the specified workflow ID, you receive a ResourceNotFound exception.

    ", + "readonly":true }, "DescribeHostKey":{ "name":"DescribeHostKey", @@ -448,7 +453,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Returns the details of the host key that's specified by the HostKeyId and ServerId.

    " + "documentation":"

    Returns the details of the host key that's specified by the HostKeyId and ServerId.

    ", + "readonly":true }, "DescribeProfile":{ "name":"DescribeProfile", @@ -464,7 +470,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Returns the details of the profile that's specified by the ProfileId.

    " + "documentation":"

    Returns the details of the profile that's specified by the ProfileId.

    ", + "readonly":true }, "DescribeSecurityPolicy":{ "name":"DescribeSecurityPolicy", @@ -480,7 +487,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more information about security policies, see Working with security policies for servers or Working with security policies for SFTP connectors.

    " + "documentation":"

    Describes the security policy that is attached to your server or SFTP connector. The response contains a description of the security policy's properties. For more information about security policies, see Working with security policies for servers or Working with security policies for SFTP connectors.

    ", + "readonly":true }, "DescribeServer":{ "name":"DescribeServer", @@ -496,7 +504,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

    The response contains a description of a server's properties. When you set EndpointType to VPC, the response will contain the EndpointDetails.

    " + "documentation":"

    Describes a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

    The response contains a description of a server's properties. When you set EndpointType to VPC, the response will contain the EndpointDetails.

    ", + "readonly":true }, "DescribeUser":{ "name":"DescribeUser", @@ -512,7 +521,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the user assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property.

    The response from this call returns the properties of the user associated with the ServerId value that was specified.

    " + "documentation":"

    Describes the user assigned to the specific file transfer protocol-enabled server, as identified by its ServerId property.

    The response from this call returns the properties of the user associated with the ServerId value that was specified.

    ", + "readonly":true }, "DescribeWebApp":{ "name":"DescribeWebApp", @@ -529,7 +539,8 @@ {"shape":"InternalServiceError"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Describes the web app that's identified by WebAppId.

    " + "documentation":"

    Describes the web app that's identified by WebAppId.

    ", + "readonly":true }, "DescribeWebAppCustomization":{ "name":"DescribeWebAppCustomization", @@ -546,7 +557,8 @@ {"shape":"InternalServiceError"}, {"shape":"AccessDeniedException"} ], - "documentation":"

    Describes the web app customization object that's identified by WebAppId.

    " + "documentation":"

    Describes the web app customization object that's identified by WebAppId.

    ", + "readonly":true }, "DescribeWorkflow":{ "name":"DescribeWorkflow", @@ -562,7 +574,8 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Describes the specified workflow.

    " + "documentation":"

    Describes the specified workflow.

    ", + "readonly":true }, "ImportCertificate":{ "name":"ImportCertificate", @@ -578,7 +591,7 @@ {"shape":"InternalServiceError"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

    Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.

    " + "documentation":"

    Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.

    You can import both the certificate and its chain in the Certificate parameter.

    After importing a certificate, Transfer Family automatically creates a Amazon CloudWatch metric called DaysUntilExpiry that tracks the number of days until the certificate expires. The metric is based on the InactiveDate parameter and is published daily in the AWS/Transfer namespace.

    It can take up to a full day after importing a certificate for Transfer Family to emit the DaysUntilExpiry metric to your account.

    If you use the Certificate parameter to upload both the certificate and its chain, don't use the CertificateChain parameter.

    CloudWatch monitoring

    The DaysUntilExpiry metric includes the following specifications:

    • Units: Count (days)

    • Dimensions: CertificateId (always present), Description (if provided during certificate import)

    • Statistics: Minimum, Maximum, Average

    • Frequency: Published daily

    " }, "ImportHostKey":{ "name":"ImportHostKey", @@ -631,7 +644,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists the details for all the accesses you have on your server.

    " + "documentation":"

    Lists the details for all the accesses you have on your server.

    ", + "readonly":true }, "ListAgreements":{ "name":"ListAgreements", @@ -648,7 +662,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Returns a list of the agreements for the server that's identified by the ServerId that you supply. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing agreements from where you left off.

    " + "documentation":"

    Returns a list of the agreements for the server that's identified by the ServerId that you supply. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing agreements from where you left off.

    ", + "readonly":true }, "ListCertificates":{ "name":"ListCertificates", @@ -665,7 +680,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Returns a list of the current certificates that have been imported into Transfer Family. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for the NextToken parameter, you can supply that value to continue listing certificates from where you left off.

    " + "documentation":"

    Returns a list of the current certificates that have been imported into Transfer Family. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for the NextToken parameter, you can supply that value to continue listing certificates from where you left off.

    ", + "readonly":true }, "ListConnectors":{ "name":"ListConnectors", @@ -682,7 +698,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists the connectors for the specified Region.

    " + "documentation":"

    Lists the connectors for the specified Region.

    ", + "readonly":true }, "ListExecutions":{ "name":"ListExecutions", @@ -699,7 +716,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists all in-progress executions for the specified workflow.

    If the specified workflow ID cannot be found, ListExecutions returns a ResourceNotFound exception.

    " + "documentation":"

    Lists all in-progress executions for the specified workflow.

    If the specified workflow ID cannot be found, ListExecutions returns a ResourceNotFound exception.

    ", + "readonly":true }, "ListFileTransferResults":{ "name":"ListFileTransferResults", @@ -732,7 +750,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Returns a list of host keys for the server that's specified by the ServerId parameter.

    " + "documentation":"

    Returns a list of host keys for the server that's specified by the ServerId parameter.

    ", + "readonly":true }, "ListProfiles":{ "name":"ListProfiles", @@ -749,7 +768,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Returns a list of the profiles for your system. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing profiles from where you left off.

    " + "documentation":"

    Returns a list of the profiles for your system. If you want to limit the results to a certain number, supply a value for the MaxResults parameter. If you ran the command previously and received a value for NextToken, you can supply that value to continue listing profiles from where you left off.

    ", + "readonly":true }, "ListSecurityPolicies":{ "name":"ListSecurityPolicies", @@ -765,7 +785,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists the security policies that are attached to your servers and SFTP connectors. For more information about security policies, see Working with security policies for servers or Working with security policies for SFTP connectors.

    " + "documentation":"

    Lists the security policies that are attached to your servers and SFTP connectors. For more information about security policies, see Working with security policies for servers or Working with security policies for SFTP connectors.

    ", + "readonly":true }, "ListServers":{ "name":"ListServers", @@ -781,7 +802,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists the file transfer protocol-enabled servers that are associated with your Amazon Web Services account.

    " + "documentation":"

    Lists the file transfer protocol-enabled servers that are associated with your Amazon Web Services account.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -797,7 +819,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists all of the tags associated with the Amazon Resource Name (ARN) that you specify. The resource can be a user, server, or role.

    " + "documentation":"

    Lists all of the tags associated with the Amazon Resource Name (ARN) that you specify. The resource can be a user, server, or role.

    ", + "readonly":true }, "ListUsers":{ "name":"ListUsers", @@ -814,7 +837,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

    " + "documentation":"

    Lists the users for a file transfer protocol-enabled server that you specify by passing the ServerId parameter.

    ", + "readonly":true }, "ListWebApps":{ "name":"ListWebApps", @@ -830,7 +854,8 @@ {"shape":"InternalServiceError"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists all web apps associated with your Amazon Web Services account for your current region.

    " + "documentation":"

    Lists all web apps associated with your Amazon Web Services account for your current region.

    ", + "readonly":true }, "ListWorkflows":{ "name":"ListWorkflows", @@ -846,7 +871,8 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"

    Lists all workflows associated with your Amazon Web Services account for your current region.

    " + "documentation":"

    Lists all workflows associated with your Amazon Web Services account for your current region.

    ", + "readonly":true }, "SendWorkflowStepState":{ "name":"SendWorkflowStepState", @@ -900,6 +926,40 @@ ], "documentation":"

    Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.

    • For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.

    • For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:

      • If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetrieveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.

      • If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.

    " }, + "StartRemoteDelete":{ + "name":"StartRemoteDelete", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartRemoteDeleteRequest"}, + "output":{"shape":"StartRemoteDeleteResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceError"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Deletes a file or directory on the remote SFTP server.

    " + }, + "StartRemoteMove":{ + "name":"StartRemoteMove", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartRemoteMoveRequest"}, + "output":{"shape":"StartRemoteMoveResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceError"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"

    Moves or renames a file or directory on the remote SFTP server.

    " + }, "StartServer":{ "name":"StartServer", "http":{ @@ -1239,7 +1299,7 @@ }, "MdnResponse":{ "shape":"MdnResponse", - "documentation":"

    Used for outbound requests (from an Transfer Family server to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values:

    • SYNC: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).

    • NONE: Specifies that no MDN response is required.

    " + "documentation":"

    Used for outbound requests (from an Transfer Family connector to a partner AS2 server) to determine whether the partner response for transfers is synchronous or asynchronous. Specify either of the following values:

    • SYNC: The system expects a synchronous MDN response, confirming that the file was transferred successfully (or not).

    • NONE: Specifies that no MDN response is required.

    " }, "BasicAuthSecretId":{ "shape":"As2ConnectorSecretId", @@ -1354,6 +1414,25 @@ "documentation":"

    This exception is thrown when the UpdateServer is called for a file transfer protocol-enabled server that has VPC as the endpoint type and the server's VpcEndpointID is not in the available state.

    ", "exception":true }, + "ConnectorEgressConfig":{ + "type":"structure", + "members":{ + "VpcLattice":{ + "shape":"ConnectorVpcLatticeEgressConfig", + "documentation":"

    VPC_LATTICE configuration for routing connector traffic through customer VPCs. Enables private connectivity to SFTP servers without requiring public internet access or complex network configurations.

    " + } + }, + "documentation":"

    Configuration structure that defines how traffic is routed from the connector to the SFTP server. Contains VPC Lattice settings when using VPC_LATTICE egress type for private connectivity through customer VPCs.

    ", + "union":true + }, + "ConnectorEgressType":{ + "type":"string", + "enum":[ + "SERVICE_MANAGED", + "VPC_LATTICE" + ] + }, + "ConnectorErrorMessage":{"type":"string"}, "ConnectorFileTransferResult":{ "type":"structure", "required":[ @@ -1398,6 +1477,29 @@ "min":0, "pattern":"TransferSFTPConnectorSecurityPolicy-[A-Za-z0-9-]+" }, + "ConnectorStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "ERRORED", + "PENDING" + ] + }, + "ConnectorVpcLatticeEgressConfig":{ + "type":"structure", + "required":["ResourceConfigurationArn"], + "members":{ + "ResourceConfigurationArn":{ + "shape":"VpcLatticeResourceConfigurationArn", + "documentation":"

    ARN of the VPC_LATTICE Resource Configuration that defines the target SFTP server location. Must point to a valid Resource Configuration in the customer's VPC with appropriate network connectivity to the SFTP server.

    " + }, + "PortNumber":{ + "shape":"SftpPort", + "documentation":"

    Port number for connecting to the SFTP server through VPC_LATTICE. Defaults to 22 if not specified. Must match the port on which the target SFTP server is listening.

    " + } + }, + "documentation":"

    VPC_LATTICE egress configuration that specifies the Resource Configuration ARN and port for connecting to SFTP servers through customer VPCs. Requires a valid Resource Configuration with appropriate network access.

    " + }, "CopyStepDetails":{ "type":"structure", "members":{ @@ -1430,7 +1532,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -1543,14 +1645,11 @@ }, "CreateConnectorRequest":{ "type":"structure", - "required":[ - "Url", - "AccessRole" - ], + "required":["AccessRole"], "members":{ "Url":{ "shape":"Url", - "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    " + "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.

    " }, "As2Config":{ "shape":"As2ConnectorConfig", @@ -1575,6 +1674,10 @@ "SecurityPolicyName":{ "shape":"ConnectorSecurityPolicyName", "documentation":"

    Specifies the name of the security policy for the connector.

    " + }, + "EgressConfig":{ + "shape":"ConnectorEgressConfig", + "documentation":"

    Specifies the egress configuration for the connector, which determines how traffic is routed from the connector to the SFTP server. When set to VPC, enables routing through customer VPCs using VPC_LATTICE for private connectivity.

    " } } }, @@ -1656,7 +1759,7 @@ }, "LoggingRole":{ "shape":"NullableRole", - "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.

    " }, "PostAuthenticationLoginBanner":{ "shape":"PostAuthenticationLoginBanner", @@ -1672,7 +1775,7 @@ }, "ProtocolDetails":{ "shape":"ProtocolDetails", - "documentation":"

    The protocol settings that are configured for your server.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " + "documentation":"

    The protocol settings that are configured for your server.

    Avoid placing Network Load Balancers (NLBs) or NAT gateways in front of Transfer Family servers, as this increases costs and can cause performance issues, including reduced connection limits for FTPS. For more details, see Avoid placing NLBs and NATs in front of Transfer Family.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " }, "SecurityPolicyName":{ "shape":"SecurityPolicyName", @@ -1692,7 +1795,11 @@ }, "S3StorageOptions":{ "shape":"S3StorageOptions", - "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized.

    • If using the console, this is enabled by default.

    • If using the API or CLI, this is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

    Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your Transfer Family endpoint. The default value is IPV4.

    The IpAddressType parameter has the following limitations:

    • It cannot be changed while the server is online. You must stop the server before modifying this parameter.

    • It cannot be updated to DUALSTACK if the server has AddressAllocationIds specified.

    When using DUALSTACK as the IpAddressType, you cannot set the AddressAllocationIds parameter for the EndpointDetails for the server.

    " } } }, @@ -1716,7 +1823,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -1779,11 +1886,11 @@ "members":{ "IdentityProviderDetails":{ "shape":"WebAppIdentityProviderDetails", - "documentation":"

    You can provide a structure that contains the details for the identity provider to use with your web app.

    " + "documentation":"

    You can provide a structure that contains the details for the identity provider to use with your web app.

    For more details about this parameter, see Configure your identity provider for Transfer Family web apps.

    " }, "AccessEndpoint":{ "shape":"WebAppAccessEndpoint", - "documentation":"

    The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.

    " + "documentation":"

    The AccessEndpoint is the URL that you provide to your users for them to interact with the Transfer Family web app. You can specify a custom URL or use the default value.

    Before you enter a custom URL for this parameter, follow the steps described in Update your access endpoint with a custom URL.

    " }, "WebAppUnits":{ "shape":"WebAppUnits", @@ -1792,6 +1899,10 @@ "Tags":{ "shape":"Tags", "documentation":"

    Key-value pairs that can be used to group and search for web apps.

    " + }, + "WebAppEndpointPolicy":{ + "shape":"WebAppEndpointPolicy", + "documentation":"

    Setting for the type of endpoint policy for the web app. The default value is STANDARD.

    If you are creating the web app in an Amazon Web Services GovCloud (US) Region, you can set this parameter to FIPS.

    " } } }, @@ -2013,6 +2124,12 @@ } } }, + "DeleteId":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[0-9a-zA-Z./-]+" + }, "DeleteProfileRequest":{ "type":"structure", "required":["ProfileId"], @@ -2437,7 +2554,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryMappings":{ "shape":"HomeDirectoryMappings", @@ -2540,7 +2657,7 @@ }, "Status":{ "shape":"CertificateStatusType", - "documentation":"

    Currently, the only available status is ACTIVE: all other values are reserved for future use.

    " + "documentation":"

    A certificate's status can be either ACTIVE or INACTIVE.

    You can set ActiveDate and InactiveDate in the UpdateCertificate call. If you set values for these parameters, those values are used to determine whether the certificate has a status of ACTIVE or INACTIVE.

    If you don't set values for ActiveDate and InactiveDate, we use the NotBefore and NotAfter date as specified on the X509 certificate to determine when a certificate is active and when it is inactive.

    " }, "Certificate":{ "shape":"CertificateBodyType", @@ -2552,11 +2669,11 @@ }, "ActiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes active.

    " + "documentation":"

    An optional date that specifies when the certificate becomes active. If you do not specify a value, ActiveDate takes the same value as NotBeforeDate, which is specified by the CA.

    " }, "InactiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes inactive.

    " + "documentation":"

    An optional date that specifies when the certificate becomes inactive. If you do not specify a value, InactiveDate takes the same value as NotAfterDate, which is specified by the CA.

    " }, "Serial":{ "shape":"CertSerial", @@ -2587,7 +2704,11 @@ }, "DescribedConnector":{ "type":"structure", - "required":["Arn"], + "required":[ + "Arn", + "EgressType", + "Status" + ], "members":{ "Arn":{ "shape":"Arn", @@ -2599,7 +2720,7 @@ }, "Url":{ "shape":"Url", - "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    " + "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.

    " }, "As2Config":{ "shape":"As2ConnectorConfig", @@ -2628,10 +2749,52 @@ "SecurityPolicyName":{ "shape":"ConnectorSecurityPolicyName", "documentation":"

    The text name of the security policy for the specified connector.

    " + }, + "EgressConfig":{ + "shape":"DescribedConnectorEgressConfig", + "documentation":"

    Current egress configuration of the connector, showing how traffic is routed to the SFTP server. Contains VPC Lattice settings when using VPC_LATTICE egress type.

    When using the VPC_LATTICE egress type, Transfer Family uses a managed Service Network to simplify the resource sharing process.

    " + }, + "EgressType":{ + "shape":"ConnectorEgressType", + "documentation":"

    Type of egress configuration for the connector. SERVICE_MANAGED uses Transfer Family managed NAT gateways, while VPC_LATTICE routes traffic through customer VPCs using VPC Lattice.

    " + }, + "ErrorMessage":{ + "shape":"ConnectorErrorMessage", + "documentation":"

    Error message providing details when the connector is in ERRORED status. Contains information to help troubleshoot connector creation or operation failures.

    " + }, + "Status":{ + "shape":"ConnectorStatus", + "documentation":"

    Current status of the connector. PENDING indicates creation/update in progress, ACTIVE means ready for operations, and ERRORED indicates a failure requiring attention.

    " } }, "documentation":"

    Describes the parameters for the connector, as identified by the ConnectorId.

    " }, + "DescribedConnectorEgressConfig":{ + "type":"structure", + "members":{ + "VpcLattice":{ + "shape":"DescribedConnectorVpcLatticeEgressConfig", + "documentation":"

    VPC_LATTICE configuration details in the response, showing the current Resource Configuration ARN and port settings for VPC-based connectivity.

    " + } + }, + "documentation":"

    Response structure containing the current egress configuration details for the connector. Shows how traffic is currently routed from the connector to the SFTP server.

    ", + "union":true + }, + "DescribedConnectorVpcLatticeEgressConfig":{ + "type":"structure", + "required":["ResourceConfigurationArn"], + "members":{ + "ResourceConfigurationArn":{ + "shape":"VpcLatticeResourceConfigurationArn", + "documentation":"

    ARN of the VPC_LATTICE Resource Configuration currently used by the connector. This Resource Configuration defines the network path to the SFTP server through the customer's VPC.

    " + }, + "PortNumber":{ + "shape":"SftpPort", + "documentation":"

    Port number currently configured for SFTP connections through VPC_LATTICE. Shows the port on which the connector attempts to connect to the target SFTP server.

    " + } + }, + "documentation":"

    VPC_LATTICE egress configuration details in the response, containing the Resource Configuration ARN and port number currently configured for the connector.

    " + }, "DescribedExecution":{ "type":"structure", "members":{ @@ -2808,7 +2971,7 @@ }, "ProtocolDetails":{ "shape":"ProtocolDetails", - "documentation":"

    The protocol settings that are configured for your server.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " + "documentation":"

    The protocol settings that are configured for your server.

    Avoid placing Network Load Balancers (NLBs) or NAT gateways in front of Transfer Family servers, as this increases costs and can cause performance issues, including reduced connection limits for FTPS. For more details, see Avoid placing NLBs and NATs in front of Transfer Family.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " }, "Domain":{ "shape":"Domain", @@ -2836,7 +2999,7 @@ }, "LoggingRole":{ "shape":"NullableRole", - "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.

    " }, "PostAuthenticationLoginBanner":{ "shape":"PostAuthenticationLoginBanner", @@ -2880,11 +3043,15 @@ }, "S3StorageOptions":{ "shape":"S3StorageOptions", - "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized.

    • If using the console, this is enabled by default.

    • If using the API or CLI, this is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " }, "As2ServiceManagedEgressIpAddresses":{ "shape":"ServiceManagedEgressIpAddresses", "documentation":"

    The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs.

    These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well.

    " + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

    Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your Transfer Family endpoint. The default value is IPV4.

    The IpAddressType parameter has the following limitations:

    • It cannot be changed while the server is online. You must stop the server before modifying this parameter.

    • It cannot be updated to DUALSTACK if the server has AddressAllocationIds specified.

    When using DUALSTACK as the IpAddressType, you cannot set the AddressAllocationIds parameter for the EndpointDetails for the server.

    " } }, "documentation":"

    Describes the properties of a file transfer protocol-enabled server that was specified.

    " @@ -2899,7 +3066,7 @@ }, "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryMappings":{ "shape":"HomeDirectoryMappings", @@ -2923,7 +3090,7 @@ }, "SshPublicKeys":{ "shape":"SshPublicKeys", - "documentation":"

    Specifies the public key portion of the Secure Shell (SSH) keys stored for the described user.

    " + "documentation":"

    Specifies the public key portion of the Secure Shell (SSH) keys stored for the described user.

    To delete the public key body, set its value to zero keys, as shown here:

    SshPublicKeys: []

    " }, "Tags":{ "shape":"Tags", @@ -2970,6 +3137,10 @@ "Tags":{ "shape":"Tags", "documentation":"

    Key-value pairs that can be used to group and search for web apps. Tags are metadata attached to web apps for any purpose.

    " + }, + "WebAppEndpointPolicy":{ + "shape":"WebAppEndpointPolicy", + "documentation":"

    Setting for the type of endpoint policy for the web app. The default value is STANDARD.

    If your web app was created in an Amazon Web Services GovCloud (US) Region, the value of this parameter can be FIPS, which indicates the web app endpoint is FIPS-compliant.

    " } }, "documentation":"

    A structure that describes the parameters for the web app, as identified by the WebAppId.

    " @@ -2999,7 +3170,7 @@ }, "FaviconFile":{ "shape":"WebAppFaviconFile", - "documentation":"

    Returns a icon file data string (in base64 encoding).

    " + "documentation":"

    Returns an icon file data string (in base64 encoding).

    " } }, "documentation":"

    A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app.

    " @@ -3118,7 +3289,7 @@ "members":{ "AddressAllocationIds":{ "shape":"AddressAllocationIds", - "documentation":"

    A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.

    An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the allocationId field from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API.

    This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server.

    This property can only be set as follows:

    • EndpointType must be set to VPC

    • The Transfer Family server must be offline.

    • You cannot set this parameter for Transfer Family servers that use the FTP protocol.

    • The server must already have SubnetIds populated (SubnetIds and AddressAllocationIds cannot be updated simultaneously).

    • AddressAllocationIds can't contain duplicates, and must be equal in length to SubnetIds. For example, if you have three subnet IDs, you must also specify three address allocation IDs.

    • Call the UpdateServer API to set or change this parameter.

    " + "documentation":"

    A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.

    An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the allocationId field from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API.

    This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server.

    This property can only be set as follows:

    • EndpointType must be set to VPC

    • The Transfer Family server must be offline.

    • You cannot set this parameter for Transfer Family servers that use the FTP protocol.

    • The server must already have SubnetIds populated (SubnetIds and AddressAllocationIds cannot be updated simultaneously).

    • AddressAllocationIds can't contain duplicates, and must be equal in length to SubnetIds. For example, if you have three subnet IDs, you must also specify three address allocation IDs.

    • Call the UpdateServer API to set or change this parameter.

    • You can't set address allocation IDs for servers that have an IpAddressType set to DUALSTACK You can only set this property if IpAddressType is set to IPV4.

    " }, "SubnetIds":{ "shape":"SubnetIds", @@ -3134,7 +3305,7 @@ }, "SecurityGroupIds":{ "shape":"SecurityGroupIds", - "documentation":"

    A list of security groups IDs that are available to attach to your server's endpoint.

    This property can only be set when EndpointType is set to VPC.

    You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.

    " + "documentation":"

    A list of security groups IDs that are available to attach to your server's endpoint.

    While SecurityGroupIds appears in the response syntax for consistency with CreateServer and UpdateServer operations, this field is not populated in DescribeServer responses. Security groups are managed at the VPC endpoint level and can be modified outside of the Transfer Family service. To retrieve current security group information, use the EC2 DescribeVpcEndpoints API with the VpcEndpointId returned in the response.

    This property can only be set when EndpointType is set to VPC.

    You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API.

    " } }, "documentation":"

    The virtual private cloud (VPC) endpoint settings that are configured for your file transfer protocol-enabled server. With a VPC endpoint, you can restrict access to your server and resources only within your VPC. To control incoming internet traffic, invoke the UpdateServer API and attach an Elastic IP address to your server's endpoint.

    After May 19, 2021, you won't be able to create a server using EndpointType=VPC_ENDPOINT in your Amazon Web Services account if your account hasn't already done so before May 19, 2021. If you have already created servers with EndpointType=VPC_ENDPOINT in your Amazon Web Services account on or before May 19, 2021, you will not be affected. After this date, use EndpointType=VPC.

    For more information, see https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint.

    It is recommended that you use VPC as the EndpointType. With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with EndpointType set to VPC_ENDPOINT.

    " @@ -3418,7 +3589,7 @@ }, "Certificate":{ "shape":"CertificateBodyType", - "documentation":"

    • For the CLI, provide a file path for a certificate in URI format. For example, --certificate file://encryption-cert.pem. Alternatively, you can provide the raw content.

    • For the SDK, specify the raw content of a certificate file. For example, --certificate \"`cat encryption-cert.pem`\".

    " + "documentation":"

    • For the CLI, provide a file path for a certificate in URI format. For example, --certificate file://encryption-cert.pem. Alternatively, you can provide the raw content.

    • For the SDK, specify the raw content of a certificate file. For example, --certificate \"`cat encryption-cert.pem`\".

    You can provide both the certificate and its chain in this parameter, without needing to use the CertificateChain parameter. If you use this parameter for both the certificate and its chain, do not use the CertificateChain parameter.

    " }, "CertificateChain":{ "shape":"CertificateChainType", @@ -3426,15 +3597,15 @@ }, "PrivateKey":{ "shape":"PrivateKeyType", - "documentation":"

    • For the CLI, provide a file path for a private key in URI format.For example, --private-key file://encryption-key.pem. Alternatively, you can provide the raw content of the private key file.

    • For the SDK, specify the raw content of a private key file. For example, --private-key \"`cat encryption-key.pem`\"

    " + "documentation":"

    • For the CLI, provide a file path for a private key in URI format. For example, --private-key file://encryption-key.pem. Alternatively, you can provide the raw content of the private key file.

    • For the SDK, specify the raw content of a private key file. For example, --private-key \"`cat encryption-key.pem`\"

    " }, "ActiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes active.

    " + "documentation":"

    An optional date that specifies when the certificate becomes active. If you do not specify a value, ActiveDate takes the same value as NotBeforeDate, which is specified by the CA.

    " }, "InactiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes inactive.

    " + "documentation":"

    An optional date that specifies when the certificate becomes inactive. If you do not specify a value, InactiveDate takes the same value as NotAfterDate, which is specified by the CA.

    " }, "Description":{ "shape":"Description", @@ -3585,6 +3756,13 @@ "documentation":"

    This exception is thrown when the client submits a malformed request.

    ", "exception":true }, + "IpAddressType":{ + "type":"string", + "enum":[ + "IPV4", + "DUALSTACK" + ] + }, "ListAccessesRequest":{ "type":"structure", "required":["ServerId"], @@ -4045,7 +4223,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -4125,11 +4303,11 @@ }, "ActiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes active.

    " + "documentation":"

    An optional date that specifies when the certificate becomes active. If you do not specify a value, ActiveDate takes the same value as NotBeforeDate, which is specified by the CA.

    " }, "InactiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes inactive.

    " + "documentation":"

    An optional date that specifies when the certificate becomes inactive. If you do not specify a value, InactiveDate takes the same value as NotAfterDate, which is specified by the CA.

    " }, "Type":{ "shape":"CertificateType", @@ -4159,7 +4337,7 @@ }, "Url":{ "shape":"Url", - "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    " + "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.

    " } }, "documentation":"

    Returns details of the connector that is specified.

    " @@ -4277,7 +4455,7 @@ }, "LoggingRole":{ "shape":"Role", - "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.

    " }, "ServerId":{ "shape":"ServerId", @@ -4308,7 +4486,7 @@ }, "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -4402,7 +4580,7 @@ "members":{ "LoggingRole":{ "shape":"Role", - "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.

    " }, "LogGroupName":{ "shape":"LogGroupName", @@ -4430,6 +4608,12 @@ "DIRECTORY" ] }, + "MaxConcurrentConnections":{ + "type":"integer", + "documentation":"

    The number of concurrent connections that the connector will create to the remote server.

    ", + "box":true, + "min":1 + }, "MaxItems":{ "type":"integer", "box":true, @@ -4467,6 +4651,12 @@ "min":1, "pattern":"[\\p{Print}\\p{Blank}]+" }, + "MoveId":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[0-9a-zA-Z./-]+" + }, "NextToken":{ "type":"string", "max":6144, @@ -4601,7 +4791,7 @@ "members":{ "PassiveIp":{ "shape":"PassiveIp", - "documentation":"

    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:

    aws transfer update-server --protocol-details PassiveIp=0.0.0.0

    Replace 0.0.0.0 in the example above with the actual IP address you want to use.

    If you change the PassiveIp value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with Transfer Family.

    Special values

    The AUTO and 0.0.0.0 are special values for the PassiveIp parameter. The value PassiveIp=AUTO is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. PassiveIp=0.0.0.0 has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the PassiveIp parameter. This reduces the effectiveness of having High Availability. In this case, you can specify PassiveIp=0.0.0.0. This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the PassiveIp=0.0.0.0 response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the PassiveIp=0.0.0.0 response.

    " + "documentation":"

    Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:

    aws transfer update-server --protocol-details PassiveIp=0.0.0.0

    Replace 0.0.0.0 in the example above with the actual IP address you want to use.

    If you change the PassiveIp value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see Configuring your FTPS server behind a firewall or NAT with Transfer Family.

    Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting TlsSessionResumptionMode = ENFORCED. For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see Avoid placing NLBs and NATs in front of Transfer Family.

    Special values

    The AUTO and 0.0.0.0 are special values for the PassiveIp parameter. The value PassiveIp=AUTO is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. PassiveIp=0.0.0.0 has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the PassiveIp parameter. This reduces the effectiveness of having High Availability. In this case, you can specify PassiveIp=0.0.0.0. This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the PassiveIp=0.0.0.0 response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the PassiveIp=0.0.0.0 response.

    " }, "TlsSessionResumptionMode":{ "shape":"TlsSessionResumptionMode", @@ -4723,7 +4913,7 @@ "members":{ "DirectoryListingOptimization":{ "shape":"DirectoryListingOptimization", - "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized.

    • If using the console, this is enabled by default.

    • If using the API or CLI, this is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " } }, "documentation":"

    The Amazon S3 storage options that are configured for your server.

    " @@ -4859,8 +5049,7 @@ }, "SendWorkflowStepStateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ServerId":{ "type":"string", @@ -4925,14 +5114,33 @@ "members":{ "UserSecretId":{ "shape":"SecretId", - "documentation":"

    The identifier for the secret (in Amazon Web Services Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret.

    " + "documentation":"

    The identifier for the secret (in Amazon Web Services Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret.

    • Required when creating an SFTP connector

    • Optional when updating an existing SFTP connector

    " }, "TrustedHostKeys":{ "shape":"SftpConnectorTrustedHostKeyList", - "documentation":"

    The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key.

    The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key.

    For the trusted host key, Transfer Family accepts RSA and ECDSA keys.

    • For RSA keys, the <key type> string is ssh-rsa.

    • For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated.

    Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com.

    ssh-keyscan ftp.host.com

    This prints the public host key to standard output.

    ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key

    Copy and paste this string into the TrustedHostKeys field for the create-connector command or into the Trusted host keys field in the console.

    " + "documentation":"

    The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan command against the SFTP server to retrieve the necessary key.

    TrustedHostKeys is optional for CreateConnector. If not provided, you can use TestConnection to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key.

    When creating connectors with egress config (VPC_LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is key-type key-body without the host name. For example: ssh-rsa AAAAB3Nza...<long-string-for-public-key>

    The three standard SSH public key format elements are <key type>, <body base64>, and an optional <comment>, with spaces between each element. Specify only the <key type> and <body base64>: do not enter the <comment> portion of the key.

    For the trusted host key, Transfer Family accepts RSA and ECDSA keys.

    • For RSA keys, the <key type> string is ssh-rsa.

    • For ECDSA keys, the <key type> string is either ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521, depending on the size of the key you generated.

    Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com.

    ssh-keyscan ftp.host.com

    This prints the public host key to standard output.

    ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key>

    Copy and paste this string into the TrustedHostKeys field for the create-connector command or into the Trusted host keys field in the console.

    For VPC Lattice type connectors (VPC_LATTICE), remove the hostname from the key and use only the key-type key-body format. In this example, it should be: ssh-rsa AAAAB3Nza...<long-string-for-public-key>

    " + }, + "MaxConcurrentConnections":{ + "shape":"MaxConcurrentConnections", + "documentation":"

    Specify the number of concurrent connections that your connector creates to the remote server. The default value is 1. The maximum values is 5.

    If you are using the Amazon Web Services Management Console, the default value is 5.

    This parameter specifies the number of active connections that your connector can establish with the remote server at the same time. Increasing this value can enhance connector performance when transferring large file batches by enabling parallel operations.

    " + } + }, + "documentation":"

    Contains the details for an SFTP connector object. The connector object is used for transferring files to and from a partner's SFTP server.

    " + }, + "SftpConnectorConnectionDetails":{ + "type":"structure", + "members":{ + "HostKey":{ + "shape":"SftpConnectorHostKey", + "documentation":"

    The SSH public key of the remote SFTP server. This is returned during the initial connection attempt when you call TestConnection. It allows you to retrieve the valid server host key to update the connector when you are unable to obtain it in advance.

    " } }, - "documentation":"

    Contains the details for an SFTP connector object. The connector object is used for transferring files to and from a partner's SFTP server.

    Because the SftpConnectorConfig data type is used for both creating and updating SFTP connectors, its parameters, TrustedHostKeys and UserSecretId are marked as not required. This is a bit misleading, as they are not required when you are updating an existing SFTP connector, but are required when you are creating a new SFTP connector.

    " + "documentation":"

    Contains the details for an SFTP connector connection.

    " + }, + "SftpConnectorHostKey":{ + "type":"string", + "max":2048, + "min":1 }, "SftpConnectorTrustedHostKey":{ "type":"string", @@ -4943,6 +5151,12 @@ "type":"list", "member":{"shape":"SftpConnectorTrustedHostKey"}, "max":10, + "min":0 + }, + "SftpPort":{ + "type":"integer", + "box":true, + "max":65535, "min":1 }, "SigningAlg":{ @@ -4965,7 +5179,7 @@ "type":"string", "max":32, "min":0, - "pattern":"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}" + "pattern":"[0-9a-fA-F\\.\\:]+" }, "SshPublicKey":{ "type":"structure", @@ -5091,6 +5305,65 @@ } } }, + "StartRemoteDeleteRequest":{ + "type":"structure", + "required":[ + "ConnectorId", + "DeletePath" + ], + "members":{ + "ConnectorId":{ + "shape":"ConnectorId", + "documentation":"

    The unique identifier for the connector.

    " + }, + "DeletePath":{ + "shape":"FilePath", + "documentation":"

    The absolute path of the file or directory to delete. You can only specify one path per call to this operation.

    " + } + } + }, + "StartRemoteDeleteResponse":{ + "type":"structure", + "required":["DeleteId"], + "members":{ + "DeleteId":{ + "shape":"DeleteId", + "documentation":"

    Returns a unique identifier for the delete operation.

    " + } + } + }, + "StartRemoteMoveRequest":{ + "type":"structure", + "required":[ + "ConnectorId", + "SourcePath", + "TargetPath" + ], + "members":{ + "ConnectorId":{ + "shape":"ConnectorId", + "documentation":"

    The unique identifier for the connector.

    " + }, + "SourcePath":{ + "shape":"FilePath", + "documentation":"

    The absolute path of the file or directory to move or rename. You can only specify one path per call to this operation.

    " + }, + "TargetPath":{ + "shape":"FilePath", + "documentation":"

    The absolute path for the target of the move/rename operation.

    " + } + } + }, + "StartRemoteMoveResponse":{ + "type":"structure", + "required":["MoveId"], + "members":{ + "MoveId":{ + "shape":"MoveId", + "documentation":"

    Returns a unique identifier for the move/rename operation.

    " + } + } + }, "StartServerRequest":{ "type":"structure", "required":["ServerId"], @@ -5240,6 +5513,10 @@ "StatusMessage":{ "shape":"Message", "documentation":"

    Returns Connection succeeded if the test is successful. Or, returns a descriptive error message if the test fails. The following list provides troubleshooting details, depending on the error message that you receive.

    • Verify that your secret name aligns with the one in Transfer Role permissions.

    • Verify the server URL in the connector configuration , and verify that the login credentials work successfully outside of the connector.

    • Verify that the secret exists and is formatted correctly.

    • Verify that the trusted host key in the connector configuration matches the ssh-keyscan output.

    " + }, + "SftpConnectionDetails":{ + "shape":"SftpConnectorConnectionDetails", + "documentation":"

    Structure that contains the SFTP connector host key.

    " } } }, @@ -5354,7 +5631,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -5473,11 +5750,11 @@ }, "ActiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes active.

    " + "documentation":"

    An optional date that specifies when the certificate becomes active. If you do not specify a value, ActiveDate takes the same value as NotBeforeDate, which is specified by the CA.

    " }, "InactiveDate":{ "shape":"CertDate", - "documentation":"

    An optional date that specifies when the certificate becomes inactive.

    " + "documentation":"

    An optional date that specifies when the certificate becomes inactive. If you do not specify a value, InactiveDate takes the same value as NotAfterDate, which is specified by the CA.

    " }, "Description":{ "shape":"Description", @@ -5495,6 +5772,17 @@ } } }, + "UpdateConnectorEgressConfig":{ + "type":"structure", + "members":{ + "VpcLattice":{ + "shape":"UpdateConnectorVpcLatticeEgressConfig", + "documentation":"

    VPC_LATTICE configuration updates for the connector. Use this to modify the Resource Configuration ARN or port number for VPC-based connectivity.

    " + } + }, + "documentation":"

    Structure for updating the egress configuration of an existing connector. Allows modification of how traffic is routed from the connector to the SFTP server, including VPC_LATTICE settings.

    ", + "union":true + }, "UpdateConnectorRequest":{ "type":"structure", "required":["ConnectorId"], @@ -5505,7 +5793,7 @@ }, "Url":{ "shape":"Url", - "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    " + "documentation":"

    The URL of the partner's AS2 or SFTP endpoint.

    When creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.

    " }, "As2Config":{ "shape":"As2ConnectorConfig", @@ -5526,6 +5814,10 @@ "SecurityPolicyName":{ "shape":"ConnectorSecurityPolicyName", "documentation":"

    Specifies the name of the security policy for the connector.

    " + }, + "EgressConfig":{ + "shape":"UpdateConnectorEgressConfig", + "documentation":"

    Updates the egress configuration for the connector, allowing you to modify how traffic is routed from the connector to the SFTP server. Changes to VPC configuration may require connector restart.

    " } } }, @@ -5539,6 +5831,20 @@ } } }, + "UpdateConnectorVpcLatticeEgressConfig":{ + "type":"structure", + "members":{ + "ResourceConfigurationArn":{ + "shape":"VpcLatticeResourceConfigurationArn", + "documentation":"

    Updated ARN of the VPC_LATTICE Resource Configuration. Use this to change the target SFTP server location or modify the network path through the customer's VPC infrastructure.

    " + }, + "PortNumber":{ + "shape":"SftpPort", + "documentation":"

    Updated port number for SFTP connections through VPC_LATTICE. Change this if the target SFTP server port has been modified or if connecting to a different server endpoint.

    " + } + }, + "documentation":"

    VPC_LATTICE egress configuration updates for modifying how the connector routes traffic through customer VPCs. Changes to these settings may require connector restart to take effect.

    " + }, "UpdateHostKeyRequest":{ "type":"structure", "required":[ @@ -5612,7 +5918,7 @@ }, "ProtocolDetails":{ "shape":"ProtocolDetails", - "documentation":"

    The protocol settings that are configured for your server.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " + "documentation":"

    The protocol settings that are configured for your server.

    Avoid placing Network Load Balancers (NLBs) or NAT gateways in front of Transfer Family servers, as this increases costs and can cause performance issues, including reduced connection limits for FTPS. For more details, see Avoid placing NLBs and NATs in front of Transfer Family.

    • To indicate passive mode (for FTP and FTPS protocols), use the PassiveIp parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.

    • To ignore the error that is generated when the client attempts to use the SETSTAT command on a file that you are uploading to an Amazon S3 bucket, use the SetStatOption parameter. To have the Transfer Family server ignore the SETSTAT command and upload files without needing to make any changes to your SFTP client, set the value to ENABLE_NO_OP. If you set the SetStatOption parameter to ENABLE_NO_OP, Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a SETSTAT call.

    • To determine whether your Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the TlsSessionResumptionMode parameter.

    • As2Transports indicates the transport method for the AS2 messages. Currently, only HTTP is supported.

    " }, "EndpointDetails":{ "shape":"EndpointDetails", @@ -5632,7 +5938,7 @@ }, "LoggingRole":{ "shape":"NullableRole", - "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.

    " }, "PostAuthenticationLoginBanner":{ "shape":"PostAuthenticationLoginBanner", @@ -5664,7 +5970,15 @@ }, "S3StorageOptions":{ "shape":"S3StorageOptions", - "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + "documentation":"

    Specifies whether or not performance for your Amazon S3 directories is optimized.

    • If using the console, this is enabled by default.

    • If using the API or CLI, this is disabled by default.

    By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.

    " + }, + "IpAddressType":{ + "shape":"IpAddressType", + "documentation":"

    Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your Transfer Family endpoint. The default value is IPV4.

    The IpAddressType parameter has the following limitations:

    • It cannot be changed while the server is online. You must stop the server before modifying this parameter.

    • It cannot be updated to DUALSTACK if the server has AddressAllocationIds specified.

    When using DUALSTACK as the IpAddressType, you cannot set the AddressAllocationIds parameter for the EndpointDetails for the server.

    " + }, + "IdentityProviderType":{ + "shape":"IdentityProviderType", + "documentation":"

    The mode of authentication for a server. The default value is SERVICE_MANAGED, which allows you to store and access user credentials within the Transfer Family service.

    Use AWS_DIRECTORY_SERVICE to provide access to Active Directory groups in Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connector. This option also requires you to provide a Directory ID by using the IdentityProviderDetails parameter.

    Use the API_GATEWAY value to integrate with an identity provider of your choosing. The API_GATEWAY setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the IdentityProviderDetails parameter.

    Use the AWS_LAMBDA value to directly use an Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the Function parameter for the IdentityProviderDetails data type.

    " } } }, @@ -5687,7 +6001,7 @@ "members":{ "HomeDirectory":{ "shape":"HomeDirectory", - "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    The HomeDirectory parameter is only used if HomeDirectoryType is set to PATH.

    " + "documentation":"

    The landing directory (folder) for a user when they log in to the server using the client.

    A HomeDirectory example is /bucket_name/home/mydirectory.

    You can use the HomeDirectory parameter for HomeDirectoryType when it is set to either PATH or LOGICAL.

    " }, "HomeDirectoryType":{ "shape":"HomeDirectoryType", @@ -5755,7 +6069,7 @@ }, "FaviconFile":{ "shape":"WebAppFaviconFile", - "documentation":"

    Specify icon file data string (in base64 encoding).

    " + "documentation":"

    Specify an icon file data string (in base64 encoding).

    " } } }, @@ -5872,6 +6186,12 @@ "pattern":"vpce-[0-9a-f]{17}" }, "VpcId":{"type":"string"}, + "VpcLatticeResourceConfigurationArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}" + }, "WebAppAccessEndpoint":{ "type":"string", "max":1024, @@ -5882,6 +6202,13 @@ "max":1024, "min":1 }, + "WebAppEndpointPolicy":{ + "type":"string", + "enum":[ + "FIPS", + "STANDARD" + ] + }, "WebAppFaviconFile":{ "type":"blob", "max":20960, diff -pruN 2.23.6-1/awscli/botocore/data/translate/2017-07-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/translate/2017-07-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/translate/2017-07-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/translate/2017-07-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/translate/2017-07-01/service-2.json 2.31.35-1/awscli/botocore/data/translate/2017-07-01/service-2.json --- 2.23.6-1/awscli/botocore/data/translate/2017-07-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/translate/2017-07-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"translate", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Amazon Translate", "serviceId":"Translate", "signatureVersion":"v4", "signingName":"translate", "targetPrefix":"AWSShineFrontendService_20170701", - "uid":"translate-2017-07-01" + "uid":"translate-2017-07-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "CreateParallelData":{ @@ -1317,8 +1319,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1793,8 +1794,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateParallelDataRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/trustedadvisor/2022-09-15/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/trustedadvisor/2022-09-15/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/trustedadvisor/2022-09-15/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/trustedadvisor/2022-09-15/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/verifiedpermissions/2021-12-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/verifiedpermissions/2021-12-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/verifiedpermissions/2021-12-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/verifiedpermissions/2021-12-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/verifiedpermissions/2021-12-01/service-2.json 2.31.35-1/awscli/botocore/data/verifiedpermissions/2021-12-01/service-2.json --- 2.23.6-1/awscli/botocore/data/verifiedpermissions/2021-12-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/verifiedpermissions/2021-12-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -29,7 +29,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about a group (batch) of policies.

    The BatchGetPolicy operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:GetPolicy in their IAM policies.

    " + "documentation":"

    Retrieves information about a group (batch) of policies.

    The BatchGetPolicy operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:GetPolicy in their IAM policies.

    ", + "readonly":true }, "BatchIsAuthorized":{ "name":"BatchIsAuthorized", @@ -46,7 +47,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.

    The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

    The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests.

    The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.

    " + "documentation":"

    Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches.

    The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

    The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests.

    The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.

    ", + "readonly":true }, "BatchIsAuthorizedWithToken":{ "name":"BatchIsAuthorizedWithToken", @@ -63,7 +65,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Makes a series of decisions about multiple authorization requests for one token. The principal in this request comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluations.

    The request is evaluated against all policies in the specified policy store that match the entities that you provide in the entities declaration and in the token. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

    The entities of a BatchIsAuthorizedWithToken API request can contain up to 100 resources and up to 99 user groups. The requests of a BatchIsAuthorizedWithToken API request can contain up to 30 requests.

    The BatchIsAuthorizedWithToken operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorizedWithToken in their IAM policies.

    " + "documentation":"

    Makes a series of decisions about multiple authorization requests for one token. The principal in this request comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluations.

    The request is evaluated against all policies in the specified policy store that match the entities that you provide in the entities declaration and in the token. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision.

    The entities of a BatchIsAuthorizedWithToken API request can contain up to 100 resources and up to 99 user groups. The requests of a BatchIsAuthorizedWithToken API request can contain up to 30 requests.

    The BatchIsAuthorizedWithToken operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorizedWithToken in their IAM policies.

    ", + "readonly":true }, "CreateIdentitySource":{ "name":"CreateIdentitySource", @@ -192,6 +195,7 @@ "output":{"shape":"DeletePolicyStoreOutput"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"InvalidStateException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -233,7 +237,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves the details about the specified identity source.

    " + "documentation":"

    Retrieves the details about the specified identity source.

    ", + "readonly":true }, "GetPolicy":{ "name":"GetPolicy", @@ -250,7 +255,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified policy.

    " + "documentation":"

    Retrieves information about the specified policy.

    ", + "readonly":true }, "GetPolicyStore":{ "name":"GetPolicyStore", @@ -267,7 +273,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves details about a policy store.

    " + "documentation":"

    Retrieves details about a policy store.

    ", + "readonly":true }, "GetPolicyTemplate":{ "name":"GetPolicyTemplate", @@ -284,7 +291,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieve the details for the specified policy template in the specified policy store.

    " + "documentation":"

    Retrieve the details for the specified policy template in the specified policy store.

    ", + "readonly":true }, "GetSchema":{ "name":"GetSchema", @@ -301,7 +309,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieve the details for the specified schema in the specified policy store.

    " + "documentation":"

    Retrieve the details for the specified schema in the specified policy store.

    ", + "readonly":true }, "IsAuthorized":{ "name":"IsAuthorized", @@ -318,7 +327,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Makes an authorization decision about a service request described in the parameters. The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.

    " + "documentation":"

    Makes an authorization decision about a service request described in the parameters. The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.

    ", + "readonly":true }, "IsAuthorizedWithToken":{ "name":"IsAuthorizedWithToken", @@ -335,7 +345,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.

    Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.

    Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store

    " + "documentation":"

    Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow or Deny, along with a list of the policies that resulted in the decision.

    Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.

    Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store

    ", + "readonly":true }, "ListIdentitySources":{ "name":"ListIdentitySources", @@ -352,7 +363,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns a paginated list of all of the identity sources defined in the specified policy store.

    " + "documentation":"

    Returns a paginated list of all of the identity sources defined in the specified policy store.

    ", + "readonly":true }, "ListPolicies":{ "name":"ListPolicies", @@ -369,7 +381,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns a paginated list of all policies stored in the specified policy store.

    " + "documentation":"

    Returns a paginated list of all policies stored in the specified policy store.

    ", + "readonly":true }, "ListPolicyStores":{ "name":"ListPolicyStores", @@ -385,7 +398,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns a paginated list of all policy stores in the calling Amazon Web Services account.

    " + "documentation":"

    Returns a paginated list of all policy stores in the calling Amazon Web Services account.

    ", + "readonly":true }, "ListPolicyTemplates":{ "name":"ListPolicyTemplates", @@ -402,7 +416,26 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Returns a paginated list of all policy templates in the specified policy store.

    " + "documentation":"

    Returns a paginated list of all policy templates in the specified policy store.

    ", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Returns the tags associated with the specified Amazon Verified Permissions resource. In Verified Permissions, policy stores can be tagged.

    ", + "readonly":true }, "PutSchema":{ "name":"PutSchema", @@ -424,6 +457,41 @@ "documentation":"

    Creates or updates the policy schema in the specified policy store. The schema is used to validate any Cedar policies and policy templates submitted to the policy store. Any changes to the schema validate only policies and templates submitted after the schema change. Existing policies and templates are not re-evaluated against the changed schema. If you later update a policy, then it is evaluated against the new schema at that time.

    Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.

    ", "idempotent":true }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceInput"}, + "output":{"shape":"TagResourceOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"TooManyTagsException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Assigns one or more tags (key-value pairs) to the specified Amazon Verified Permissions resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In Verified Permissions, policy stores can be tagged.

    Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

    You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.

    You can associate as many as 50 tags with a resource.

    " + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceInput"}, + "output":{"shape":"UntagResourceOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Removes one or more tags from the specified Amazon Verified Permissions resource. In Verified Permissions, policy stores can be tagged.

    " + }, "UpdateIdentitySource":{ "name":"UpdateIdentitySource", "http":{ @@ -548,32 +616,38 @@ "pattern":"Action$|^.+::Action", "sensitive":true }, + "AmazonResourceName":{ + "type":"string", + "documentation":"

    An Amazon Resource Name (ARN) uniquely identifies an AWS resource.

    ", + "max":2048, + "min":1 + }, "AttributeValue":{ "type":"structure", "members":{ "boolean":{ "shape":"BooleanAttribute", - "documentation":"

    An attribute value of Boolean type.

    Example: {\"boolean\": true}

    " + "documentation":"

    An attribute value of Boolean type.

    Example: {\"boolean\": true}

    " }, "entityIdentifier":{ "shape":"EntityIdentifier", - "documentation":"

    An attribute value of type EntityIdentifier.

    Example: \"entityIdentifier\": { \"entityId\": \"<id>\", \"entityType\": \"<entity type>\"}

    " + "documentation":"

    An attribute value of type EntityIdentifier.

    Example: {\"entityIdentifier\": { \"entityId\": \"alice\", \"entityType\": \"User\"} }

    " }, "long":{ "shape":"LongAttribute", - "documentation":"

    An attribute value of Long type.

    Example: {\"long\": 0}

    " + "documentation":"

    An attribute value of Long type.

    Example: {\"long\": 0}

    " }, "string":{ "shape":"StringAttribute", - "documentation":"

    An attribute value of String type.

    Example: {\"string\": \"abc\"}

    " + "documentation":"

    An attribute value of String type.

    Example: {\"string\": \"abc\"}

    " }, "set":{ "shape":"SetAttribute", - "documentation":"

    An attribute value of Set type.

    Example: {\"set\": [ {} ] }

    " + "documentation":"

    An attribute value of Set type.

    Example: {\"set\": [ {} ] }

    " }, "record":{ "shape":"RecordAttribute", - "documentation":"

    An attribute value of Record type.

    Example: {\"record\": { \"keyName\": {} } }

    " + "documentation":"

    An attribute value of Record type.

    Example: {\"record\": { \"keyName\": {} } }

    " }, "ipaddr":{ "shape":"IpAddr", @@ -582,9 +656,17 @@ "decimal":{ "shape":"Decimal", "documentation":"

    An attribute value of decimal type.

    Example: {\"decimal\": \"1.1\"}

    " + }, + "datetime":{ + "shape":"DatetimeAttribute", + "documentation":"

    An attribute value of datetime type.

    Example: {\"datetime\": \"2024-10-15T11:35:00Z\"}

    " + }, + "duration":{ + "shape":"Duration", + "documentation":"

    An attribute value of duration type.

    Example: {\"duration\": \"1h30m\"}

    " } }, - "documentation":"

    The value of an attribute.

    Contains information about the runtime context for a request for which an authorization decision is made.

    This data type is used as a member of the ContextDefinition structure which is uses as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

    ", + "documentation":"

    The value of an attribute.

    Contains information about the runtime context for a request for which an authorization decision is made.

    This data type is used as a member of the ContextDefinition structure which is used as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

    ", "union":true }, "Audience":{ @@ -743,7 +825,7 @@ }, "entities":{ "shape":"EntitiesDefinition", - "documentation":"

    Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.

    " + "documentation":"

    (Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.

    You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.

    " }, "requests":{ "shape":"BatchIsAuthorizedInputList", @@ -841,7 +923,7 @@ }, "entities":{ "shape":"EntitiesDefinition", - "documentation":"

    Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The BatchIsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    " + "documentation":"

    (Optional) Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.

    You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The BatchIsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    " }, "requests":{ "shape":"BatchIsAuthorizedWithTokenInputList", @@ -927,6 +1009,73 @@ "box":true, "sensitive":true }, + "CedarJson":{ + "type":"string", + "sensitive":true + }, + "CedarTagRecordAttribute":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"CedarTagValue"} + }, + "CedarTagSetAttribute":{ + "type":"list", + "member":{"shape":"CedarTagValue"} + }, + "CedarTagValue":{ + "type":"structure", + "members":{ + "boolean":{ + "shape":"BooleanAttribute", + "documentation":"

    A Cedar tag value of Boolean type.

    Example: {\"boolean\": false}

    " + }, + "entityIdentifier":{ + "shape":"EntityIdentifier", + "documentation":"

    A Cedar tag value of type EntityIdentifier.

    Example: {\"entityIdentifier\": { \"entityId\": \"alice\", \"entityType\": \"User\"} }

    " + }, + "long":{ + "shape":"LongAttribute", + "documentation":"

    A Cedar tag value of Long type.

    Example: {\"long\": 0}

    " + }, + "string":{ + "shape":"StringAttribute", + "documentation":"

    A Cedar tag value of String type.

    Example: {\"string\": \"abc\"}

    " + }, + "set":{ + "shape":"CedarTagSetAttribute", + "documentation":"

    A Cedar tag value of Set type.

    Example: {\"set\": [ { \"string\": \"abc\" } ] }

    " + }, + "record":{ + "shape":"CedarTagRecordAttribute", + "documentation":"

    A Cedar tag value of Record type.

    Example: {\"record\": { \"keyName\": {} } }

    " + }, + "ipaddr":{ + "shape":"IpAddr", + "documentation":"

    A Cedar tag value of ipaddr type.

    Example: {\"ip\": \"10.50.0.0/24\"}

    " + }, + "decimal":{ + "shape":"Decimal", + "documentation":"

    A Cedar tag value of decimal type.

    Example: {\"decimal\": \"-2.0\"}

    " + }, + "datetime":{ + "shape":"DatetimeAttribute", + "documentation":"

    A Cedar tag value of datetime type.

    Example: {\"datetime\": \"2025-11-04T11:35:00.000+0100\"}

    " + }, + "duration":{ + "shape":"Duration", + "documentation":"

    A Cedar tag value of duration type.

    Example: {\"duration\": \"-1d12h\"}

    " + } + }, + "documentation":"

    The value of an entity's Cedar tag.

    This data type is used as a member of the EntityItem structure that forms the body of the Entities request parameter for the IsAuthorized, BatchIsAuthorized, IsAuthorizedWithToken, and BatchIsAuthorizedWithToken operations.

    ", + "union":true + }, + "CedarVersion":{ + "type":"string", + "enum":[ + "CEDAR_2", + "CEDAR_4" + ] + }, "Claim":{ "type":"string", "min":1, @@ -1116,9 +1265,13 @@ "contextMap":{ "shape":"ContextMap", "documentation":"

    An list of attributes that are needed to successfully evaluate an authorization request. Each attribute in this array must include a map of a data type and its value.

    Example: \"contextMap\":{\"<KeyName1>\":{\"boolean\":true},\"<KeyName2>\":{\"long\":1234}}

    " + }, + "cedarJson":{ + "shape":"CedarJson", + "documentation":"

    A Cedar JSON string representation of the context needed to successfully evaluate an authorization request.

    Example: {\"cedarJson\":\"{\\\"<KeyName1>\\\": true, \\\"<KeyName2>\\\": 1234}\" }

    " } }, - "documentation":"

    Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the when and unless clauses in a policy.

    This data type is used as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

    Example: \"context\":{\"contextMap\":{\"<KeyName1>\":{\"boolean\":true},\"<KeyName2>\":{\"long\":1234}}}

    ", + "documentation":"

    Contains additional details about the context of the request. Verified Permissions evaluates this information in an authorization request as part of the when and unless clauses in a policy.

    This data type is used as a request parameter for the IsAuthorized, BatchIsAuthorized, and IsAuthorizedWithToken operations.

    If you're passing context as part of the request, exactly one instance of context must be passed. If you don't want to pass context, omit the context parameter from your request rather than sending context {}.

    Example: \"context\":{\"contextMap\":{\"<KeyName1>\":{\"boolean\":true},\"<KeyName2>\":{\"long\":1234}}}

    ", "union":true }, "ContextMap":{ @@ -1266,6 +1419,14 @@ "description":{ "shape":"PolicyStoreDescription", "documentation":"

    Descriptive text that you can provide to help with identification of the current policy store.

    " + }, + "deletionProtection":{ + "shape":"DeletionProtection", + "documentation":"

    Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.

    The default state is DISABLED.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The list of key-value pairs to associate with the policy store.

    " } } }, @@ -1349,6 +1510,13 @@ } } }, + "DatetimeAttribute":{ + "type":"string", + "max":28, + "min":10, + "pattern":"\\d{4}-\\d{2}-\\d{2}(T\\d{2}:\\d{2}:\\d{2}(\\.\\d{3})?(Z|[+-]\\d{4}))?", + "sensitive":true + }, "Decimal":{ "type":"string", "max":23, @@ -1382,8 +1550,7 @@ }, "DeleteIdentitySourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePolicyInput":{ "type":"structure", @@ -1404,8 +1571,7 @@ }, "DeletePolicyOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePolicyStoreInput":{ "type":"structure", @@ -1419,8 +1585,7 @@ }, "DeletePolicyStoreOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePolicyTemplateInput":{ "type":"structure", @@ -1441,8 +1606,14 @@ }, "DeletePolicyTemplateOutput":{ "type":"structure", - "members":{ - } + "members":{} + }, + "DeletionProtection":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] }, "DeterminingPolicyItem":{ "type":"structure", @@ -1465,12 +1636,23 @@ "min":1, "pattern":"https://.*" }, + "Duration":{ + "type":"string", + "max":100, + "min":2, + "pattern":"-?(\\d+d)?(\\d+h)?(\\d+m)?(\\d+s)?(\\d+ms)?", + "sensitive":true + }, "EntitiesDefinition":{ "type":"structure", "members":{ "entityList":{ "shape":"EntityList", - "documentation":"

    An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.

    " + "documentation":"

    An array of entities that are needed to successfully evaluate an authorization request. Each entity in this array must include an identifier for the entity, the attributes of the entity, and a list of any parent entities.

    If you include multiple entities with the same identifier, only the last one is processed in the request.

    " + }, + "cedarJson":{ + "shape":"CedarJson", + "documentation":"

    A Cedar JSON string representation of the entities needed to successfully evaluate an authorization request.

    Example: {\"cedarJson\": \"[{\\\"uid\\\":{\\\"type\\\":\\\"Photo\\\",\\\"id\\\":\\\"VacationPhoto94.jpg\\\"},\\\"attrs\\\":{\\\"accessLevel\\\":\\\"public\\\"},\\\"parents\\\":[]}]\"}

    " } }, "documentation":"

    Contains the list of entities to be considered during an authorization request. This includes all principals, resources, and actions required to successfully evaluate the request.

    This data type is used as a field in the response parameter for the IsAuthorized and IsAuthorizedWithToken operations.

    ", @@ -1481,6 +1663,11 @@ "key":{"shape":"String"}, "value":{"shape":"AttributeValue"} }, + "EntityCedarTags":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"CedarTagValue"} + }, "EntityId":{ "type":"string", "max":200, @@ -1527,6 +1714,10 @@ "parents":{ "shape":"ParentList", "documentation":"

    The parent entities in the hierarchy that contains the entity. A principal or resource entity can be defined with at most 99 transitive parents per authorization request.

    A transitive parent is an entity in the hierarchy of entities including all direct parents, and parents of parents. For example, a user can be a member of 91 groups if one of those groups is a member of eight groups, for a total of 100: one entity, 91 entity parents, and eight parents of parents.

    " + }, + "tags":{ + "shape":"EntityCedarTags", + "documentation":"

    A list of cedar tags for the entity.

    " } }, "documentation":"

    Contains information about an entity that can be referenced in a Cedar policy.

    This data type is used as one of the fields in the EntitiesDefinition structure.

    { \"identifier\": { \"entityType\": \"Photo\", \"entityId\": \"VacationPhoto94.jpg\" }, \"attributes\": {}, \"parents\": [ { \"entityType\": \"Album\", \"entityId\": \"alice_folder\" } ] }

    " @@ -1709,6 +1900,10 @@ "policyStoreId":{ "shape":"PolicyStoreId", "documentation":"

    Specifies the ID of the policy store that you want information about.

    " + }, + "tags":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to return the tags that are attached to the policy store. If this parameter is included in the API call, the tags are returned, otherwise they are not returned.

    If this parameter is included in the API call but there are no tags attached to the policy store, the tags response parameter is omitted from the response.

    " } } }, @@ -1745,6 +1940,18 @@ "description":{ "shape":"PolicyStoreDescription", "documentation":"

    Descriptive text that you can provide to help with identification of the current policy store.

    " + }, + "deletionProtection":{ + "shape":"DeletionProtection", + "documentation":"

    Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.

    The default state is DISABLED.

    " + }, + "cedarVersion":{ + "shape":"CedarVersion", + "documentation":"

    The version of the Cedar language used with policies, policy templates, and schemas in this policy store. For more information, see Amazon Verified Permissions upgrade to Cedar v4 FAQ.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The list of tags associated with the policy store.

    " } } }, @@ -1999,6 +2206,15 @@ "fault":true, "retryable":{"throttling":false} }, + "InvalidStateException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"

    The policy store can't be deleted because deletion protection is enabled. To delete this policy store, disable deletion protection.

    ", + "exception":true + }, "IpAddr":{ "type":"string", "max":44, @@ -2032,7 +2248,7 @@ }, "entities":{ "shape":"EntitiesDefinition", - "documentation":"

    Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.

    " + "documentation":"

    (Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.

    You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.

    " } } }, @@ -2088,7 +2304,7 @@ }, "entities":{ "shape":"EntitiesDefinition", - "documentation":"

    Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.

    You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The IsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    " + "documentation":"

    (Optional) Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store.

    You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.

    • The IsAuthorizedWithToken operation takes principal attributes from only the identityToken or accessToken passed to the operation.

    • For action entities, you can include only their Identifier and EntityType.

    " } } }, @@ -2260,6 +2476,25 @@ } } }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The ARN of the resource for which you want to view tags.

    " + } + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagMap", + "documentation":"

    The list of tags associated with the resource.

    " + } + } + }, "LongAttribute":{ "type":"long", "box":true, @@ -2710,7 +2945,7 @@ "type":"string", "max":200, "min":1, - "pattern":"[a-zA-Z0-9-]*" + "pattern":"[a-zA-Z0-9-/_]*" }, "PolicyStoreItem":{ "type":"structure", @@ -2757,7 +2992,7 @@ "type":"string", "max":200, "min":1, - "pattern":"[a-zA-Z0-9-]*" + "pattern":"[a-zA-Z0-9-/_]*" }, "PolicyTemplateItem":{ "type":"structure", @@ -3016,6 +3251,50 @@ "type":"string", "sensitive":true }, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":1 + }, + "TagMap":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":200, + "min":0 + }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The ARN of the resource that you're adding tags to.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The list of key-value pairs to associate with the resource.

    " + } + } + }, + "TagResourceOutput":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, "TemplateLinkedPolicyDefinition":{ "type":"structure", "required":["policyTemplateId"], @@ -3071,7 +3350,7 @@ "documentation":"

    The resource associated with this template-linked policy. Verified Permissions substitutes this resource for the ?resource placeholder in the policy template when it evaluates an authorization request.

    " } }, - "documentation":"

    Contains information about a policy created by instantiating a policy template.

    This

    " + "documentation":"

    Contains information about a policy created by instantiating a policy template.

    " }, "ThrottlingException":{ "type":"structure", @@ -3102,6 +3381,36 @@ "pattern":"[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+", "sensitive":true }, + "TooManyTagsException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"}, + "resourceName":{"shape":"AmazonResourceName"} + }, + "documentation":"

    No more tags be added because the limit (50) has been reached. To add new tags, use UntagResource to remove existing tags.

    ", + "exception":true + }, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"AmazonResourceName", + "documentation":"

    The ARN of the resource from which you are removing tags.

    " + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"

    The list of tag keys to remove from the resource.

    " + } + } + }, + "UntagResourceOutput":{ + "type":"structure", + "members":{} + }, "UpdateCognitoGroupConfiguration":{ "type":"structure", "required":["groupEntityType"], @@ -3383,6 +3692,10 @@ "shape":"ValidationSettings", "documentation":"

    A structure that defines the validation settings that want to enable for the policy store.

    " }, + "deletionProtection":{ + "shape":"DeletionProtection", + "documentation":"

    Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.

    When you call UpdatePolicyStore, this parameter is unchanged unless explicitly included in the call.

    " + }, "description":{ "shape":"PolicyStoreDescription", "documentation":"

    Descriptive text that you can provide to help with identification of the current policy store.

    " diff -pruN 2.23.6-1/awscli/botocore/data/voice-id/2021-09-27/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/voice-id/2021-09-27/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/voice-id/2021-09-27/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/voice-id/2021-09-27/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/paginators-1.json 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/paginators-1.json --- 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -83,6 +83,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListDomainVerifications": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" } } } diff -pruN 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/service-2.json 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/service-2.json --- 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2022-11-30", + "auth":["aws.auth#sigv4"], "endpointPrefix":"vpc-lattice", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Amazon VPC Lattice", "serviceId":"VPC Lattice", "signatureVersion":"v4", "signingName":"vpc-lattice", - "uid":"vpc-lattice-2022-11-30", - "auth":["aws.auth#sigv4"] + "uid":"vpc-lattice-2022-11-30" }, "operations":{ "BatchUpdateRule":{ @@ -26,9 +25,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the listener rules in a batch. You can use this operation to change the priority of listener rules. This can be useful when bulk updating or swapping rule priority.

    Required permissions: vpc-lattice:UpdateRule

    For more information, see How Amazon VPC Lattice works with IAM in the Amazon VPC Lattice User Guide.

    ", @@ -46,9 +45,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. The service network owner can use the access logs to audit the services in the network. The service network owner can only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. For more information, see Access logs in the Amazon VPC Lattice User Guide.

    ", @@ -66,9 +65,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -87,9 +86,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -108,13 +107,13 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Creates a resource gateway.

    ", + "documentation":"

    A resource gateway is a point of ingress into the VPC where a resource resides. It spans multiple Availability Zones. For your resource to be accessible from all Availability Zones, you should create your resource gateways to span as many Availability Zones as possible. A VPC can have multiple resource gateways.

    ", "idempotent":true }, "CreateRule":{ @@ -129,9 +128,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -150,9 +149,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -171,9 +170,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -192,9 +191,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -213,9 +212,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -234,9 +233,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -255,9 +254,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -276,8 +275,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified access log subscription.

    ", @@ -295,13 +294,32 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified auth policy. If an auth is set to AWS_IAM and the auth policy is deleted, all requests are denied. If you are trying to remove the auth policy completely, you must set the auth type to NONE. If auth is enabled on the resource, but no auth policy is set, all requests are denied.

    ", "idempotent":true }, + "DeleteDomainVerification":{ + "name":"DeleteDomainVerification", + "http":{ + "method":"DELETE", + "requestUri":"/domainverifications/{domainVerificationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"DeleteDomainVerificationRequest"}, + "output":{"shape":"DeleteDomainVerificationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Deletes the specified domain verification.

    ", + "idempotent":true + }, "DeleteListener":{ "name":"DeleteListener", "http":{ @@ -314,9 +332,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified listener.

    ", @@ -334,9 +352,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified resource configuration.

    ", @@ -354,8 +372,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Disassociates the resource configuration from the resource VPC endpoint.

    ", @@ -373,9 +391,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified resource gateway.

    ", @@ -393,8 +411,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the specified resource policy.

    ", @@ -412,9 +430,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a listener rule. Each listener has a default rule for checking connection requests, but you can define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. You can delete additional listener rules, but you cannot delete the default rule.

    For more information, see Listener rules in the Amazon VPC Lattice User Guide.

    ", @@ -432,9 +450,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a service. A service can't be deleted if it's associated with a service network. If you delete a service, all resources related to the service, such as the resource policy, auth policy, listeners, listener rules, and access log subscriptions, are also deleted. For more information, see Delete a service in the Amazon VPC Lattice User Guide.

    ", @@ -452,9 +470,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a service network. You can only delete the service network if there is no service or VPC associated with it. If you delete a service network, all resources related to the service network, such as the resource policy, auth policy, and access log subscriptions, are also deleted. For more information, see Delete a service network in the Amazon VPC Lattice User Guide.

    ", @@ -472,9 +490,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the association between a service network and a resource configuration.

    ", @@ -492,9 +510,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes the association between a service and a service network. This operation fails if an association is still in progress.

    ", @@ -512,9 +530,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Disassociates the VPC from the service network. You can't disassociate the VPC if there is a create or update association in progress.

    ", @@ -531,9 +549,9 @@ "output":{"shape":"DeleteTargetGroupResponse"}, "errors":[ {"shape":"ValidationException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a target group. You can't delete a target group if it is used in a listener rule or if the target group creation is in progress.

    ", @@ -551,9 +569,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deregisters the specified targets from the specified target group.

    ", @@ -571,11 +589,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified access log subscription.

    " + "documentation":"

    Retrieves information about the specified access log subscription.

    ", + "readonly":true }, "GetAuthPolicy":{ "name":"GetAuthPolicy", @@ -589,11 +608,31 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves information about the auth policy for the specified service or service network.

    ", + "readonly":true + }, + "GetDomainVerification":{ + "name":"GetDomainVerification", + "http":{ + "method":"GET", + "requestUri":"/domainverifications/{domainVerificationIdentifier}", + "responseCode":200 + }, + "input":{"shape":"GetDomainVerificationRequest"}, + "output":{"shape":"GetDomainVerificationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the auth policy for the specified service or service network.

    " + "documentation":"

    Retrieves information about a domain verification.ß

    ", + "readonly":true }, "GetListener":{ "name":"GetListener", @@ -607,11 +646,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified listener for the specified service.

    " + "documentation":"

    Retrieves information about the specified listener for the specified service.

    ", + "readonly":true }, "GetResourceConfiguration":{ "name":"GetResourceConfiguration", @@ -625,11 +665,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified resource configuration.

    " + "documentation":"

    Retrieves information about the specified resource configuration.

    ", + "readonly":true }, "GetResourceGateway":{ "name":"GetResourceGateway", @@ -643,11 +684,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified resource gateway.

    " + "documentation":"

    Retrieves information about the specified resource gateway.

    ", + "readonly":true }, "GetResourcePolicy":{ "name":"GetResourcePolicy", @@ -661,11 +703,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified resource policy. The resource policy is an IAM policy created on behalf of the resource owner when they share a resource.

    " + "documentation":"

    Retrieves information about the specified resource policy. The resource policy is an IAM policy created on behalf of the resource owner when they share a resource.

    ", + "readonly":true }, "GetRule":{ "name":"GetRule", @@ -679,11 +722,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified listener rules. You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.

    " + "documentation":"

    Retrieves information about the specified listener rules. You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.

    ", + "readonly":true }, "GetService":{ "name":"GetService", @@ -697,11 +741,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified service.

    " + "documentation":"

    Retrieves information about the specified service.

    ", + "readonly":true }, "GetServiceNetwork":{ "name":"GetServiceNetwork", @@ -715,11 +760,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified service network.

    " + "documentation":"

    Retrieves information about the specified service network.

    ", + "readonly":true }, "GetServiceNetworkResourceAssociation":{ "name":"GetServiceNetworkResourceAssociation", @@ -733,11 +779,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified association between a service network and a resource configuration.

    " + "documentation":"

    Retrieves information about the specified association between a service network and a resource configuration.

    ", + "readonly":true }, "GetServiceNetworkServiceAssociation":{ "name":"GetServiceNetworkServiceAssociation", @@ -751,11 +798,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified association between a service network and a service.

    " + "documentation":"

    Retrieves information about the specified association between a service network and a service.

    ", + "readonly":true }, "GetServiceNetworkVpcAssociation":{ "name":"GetServiceNetworkVpcAssociation", @@ -769,11 +817,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified association between a service network and a VPC.

    " + "documentation":"

    Retrieves information about the specified association between a service network and a VPC.

    ", + "readonly":true }, "GetTargetGroup":{ "name":"GetTargetGroup", @@ -787,11 +836,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Retrieves information about the specified target group.

    " + "documentation":"

    Retrieves information about the specified target group.

    ", + "readonly":true }, "ListAccessLogSubscriptions":{ "name":"ListAccessLogSubscriptions", @@ -808,7 +858,27 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the access log subscriptions for the specified service network or service.

    " + "documentation":"

    Lists the access log subscriptions for the specified service network or service.

    ", + "readonly":true + }, + "ListDomainVerifications":{ + "name":"ListDomainVerifications", + "http":{ + "method":"GET", + "requestUri":"/domainverifications", + "responseCode":200 + }, + "input":{"shape":"ListDomainVerificationsRequest"}, + "output":{"shape":"ListDomainVerificationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Lists the domain verifications.

    ", + "readonly":true }, "ListListeners":{ "name":"ListListeners", @@ -822,11 +892,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the listeners for the specified service.

    " + "documentation":"

    Lists the listeners for the specified service.

    ", + "readonly":true }, "ListResourceConfigurations":{ "name":"ListResourceConfigurations", @@ -843,7 +914,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the resource configurations owned by or shared with this account.

    " + "documentation":"

    Lists the resource configurations owned by or shared with this account.

    ", + "readonly":true }, "ListResourceEndpointAssociations":{ "name":"ListResourceEndpointAssociations", @@ -860,7 +932,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the associations for the specified VPC endpoint.

    " + "documentation":"

    Lists the associations for the specified VPC endpoint.

    ", + "readonly":true }, "ListResourceGateways":{ "name":"ListResourceGateways", @@ -877,7 +950,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the resource gateways that you own or that were shared with you.

    " + "documentation":"

    Lists the resource gateways that you own or that were shared with you.

    ", + "readonly":true }, "ListRules":{ "name":"ListRules", @@ -891,11 +965,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the rules for the specified listener.

    " + "documentation":"

    Lists the rules for the specified listener.

    ", + "readonly":true }, "ListServiceNetworkResourceAssociations":{ "name":"ListServiceNetworkResourceAssociations", @@ -912,7 +987,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the associations between a service network and a resource configuration.

    " + "documentation":"

    Lists the associations between a service network and a resource configuration.

    ", + "readonly":true }, "ListServiceNetworkServiceAssociations":{ "name":"ListServiceNetworkServiceAssociations", @@ -929,7 +1005,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the associations between a service network and a service. You can filter the list either by service or service network. You must provide either the service network identifier or the service identifier.

    Every association in Amazon VPC Lattice has a unique Amazon Resource Name (ARN), such as when a service network is associated with a VPC or when a service is associated with a service network. If the association is for a resource is shared with another account, the association includes the local account ID as the prefix in the ARN.

    " + "documentation":"

    Lists the associations between a service network and a service. You can filter the list either by service or service network. You must provide either the service network identifier or the service identifier.

    Every association in Amazon VPC Lattice has a unique Amazon Resource Name (ARN), such as when a service network is associated with a VPC or when a service is associated with a service network. If the association is for a resource is shared with another account, the association includes the local account ID as the prefix in the ARN.

    ", + "readonly":true }, "ListServiceNetworkVpcAssociations":{ "name":"ListServiceNetworkVpcAssociations", @@ -946,7 +1023,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the associations between a service network and a VPC. You can filter the list either by VPC or service network. You must provide either the ID of the service network identifier or the ID of the VPC.

    " + "documentation":"

    Lists the associations between a service network and a VPC. You can filter the list either by VPC or service network. You must provide either the ID of the service network identifier or the ID of the VPC.

    ", + "readonly":true }, "ListServiceNetworkVpcEndpointAssociations":{ "name":"ListServiceNetworkVpcEndpointAssociations", @@ -963,7 +1041,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the associations between a service network and a VPC endpoint.

    " + "documentation":"

    Lists the associations between a service network and a VPC endpoint.

    ", + "readonly":true }, "ListServiceNetworks":{ "name":"ListServiceNetworks", @@ -980,7 +1059,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the service networks owned by or shared with this account. The account ID in the ARN shows which account owns the service network.

    " + "documentation":"

    Lists the service networks owned by or shared with this account. The account ID in the ARN shows which account owns the service network.

    ", + "readonly":true }, "ListServices":{ "name":"ListServices", @@ -997,7 +1077,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the services owned by the caller account or shared with the caller account.

    " + "documentation":"

    Lists the services owned by the caller account or shared with the caller account.

    ", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1014,7 +1095,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the tags for the specified resource.

    " + "documentation":"

    Lists the tags for the specified resource.

    ", + "readonly":true }, "ListTargetGroups":{ "name":"ListTargetGroups", @@ -1031,7 +1113,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists your target groups. You can narrow your search by using the filters below in your request.

    " + "documentation":"

    Lists your target groups. You can narrow your search by using the filters below in your request.

    ", + "readonly":true }, "ListTargets":{ "name":"ListTargets", @@ -1045,11 +1128,12 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"

    Lists the targets for the target group. By default, all targets are included. You can use this API to check the health status of targets. You can also filter the results by target.

    " + "documentation":"

    Lists the targets for the target group. By default, all targets are included. You can use this API to check the health status of targets. You can also filter the results by target.

    ", + "readonly":true }, "PutAuthPolicy":{ "name":"PutAuthPolicy", @@ -1063,8 +1147,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Creates or updates the auth policy. The policy string in JSON must not contain newlines or blank lines.

    For more information, see Auth policies in the Amazon VPC Lattice User Guide.

    " @@ -1081,8 +1165,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Attaches a resource-based permission policy to a service or service network. The policy must contain the same actions and condition statements as the Amazon Web Services Resource Access Manager permission for sharing services and service networks.

    ", @@ -1100,14 +1184,34 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], "documentation":"

    Registers the targets with the target group. If it's a Lambda target, you can only have one target in a target group.

    " }, + "StartDomainVerification":{ + "name":"StartDomainVerification", + "http":{ + "method":"POST", + "requestUri":"/domainverifications", + "responseCode":201 + }, + "input":{"shape":"StartDomainVerificationRequest"}, + "output":{"shape":"StartDomainVerificationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Starts the domain verification process for a custom domain name.

    ", + "idempotent":true + }, "TagResource":{ "name":"TagResource", "http":{ @@ -1120,8 +1224,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Adds the specified tags to the specified resource.

    " @@ -1156,9 +1260,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the specified access log subscription.

    ", @@ -1176,9 +1280,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -1197,8 +1301,8 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -1216,8 +1320,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the specified resource gateway.

    " @@ -1234,9 +1339,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -1255,9 +1360,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -1275,9 +1380,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the specified service network.

    ", @@ -1295,9 +1400,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], "documentation":"

    Updates the service network and VPC association. If you add a security group to the service network and VPC association, the association must continue to have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and then recreate it without security groups.

    ", @@ -1315,9 +1420,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"}, - {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], @@ -1343,25 +1448,25 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$" + "pattern":"arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?" }, "AccessLogSubscriptionArn":{ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:accesslogsubscription/als-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:accesslogsubscription/als-[0-9a-z]{17}" }, "AccessLogSubscriptionId":{ "type":"string", "max":21, "min":21, - "pattern":"^als-[0-9a-z]{17}$" + "pattern":"als-[0-9a-z]{17}" }, "AccessLogSubscriptionIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((als-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:accesslogsubscription/als-[0-9a-z]{17}))$" + "pattern":"((als-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:accesslogsubscription/als-[0-9a-z]{17}))" }, "AccessLogSubscriptionList":{ "type":"list", @@ -1370,46 +1475,46 @@ "AccessLogSubscriptionSummary":{ "type":"structure", "required":[ - "arn", - "createdAt", - "destinationArn", "id", - "lastUpdatedAt", + "arn", + "resourceId", "resourceArn", - "resourceId" + "destinationArn", + "createdAt", + "lastUpdatedAt" ], "members":{ - "arn":{ - "shape":"AccessLogSubscriptionArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the access log subscription was created, in ISO-8601 format.

    " - }, - "destinationArn":{ - "shape":"AccessLogDestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the destination.

    " - }, "id":{ "shape":"AccessLogSubscriptionId", "documentation":"

    The ID of the access log subscription.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the access log subscription was last updated, in ISO-8601 format.

    " + "arn":{ + "shape":"AccessLogSubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription

    " + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"

    The ID of the service or service network.

    " }, "resourceArn":{ "shape":"ResourceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service or service network.

    " }, - "resourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service or service network.

    " + "destinationArn":{ + "shape":"AccessLogDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the destination.

    " }, "serviceNetworkLogType":{ "shape":"ServiceNetworkLogType", "documentation":"

    Log type of the service network.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the access log subscription was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the access log subscription was last updated, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about an access log subscription.

    " @@ -1418,13 +1523,13 @@ "type":"string", "max":12, "min":1, - "pattern":"^[0-9]{12}$" + "pattern":"[0-9]{12}" }, "Arn":{ "type":"string", "max":1224, "min":0, - "pattern":"^arn:[a-z0-9][-.a-z0-9]{0,62}:vpc-lattice:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}$" + "pattern":"arn:[a-z0-9][-.a-z0-9]{0,62}:vpc-lattice:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}" }, "ArnResource":{ "type":"structure", @@ -1445,7 +1550,7 @@ }, "AuthPolicyString":{ "type":"string", - "max":10000, + "max":36864, "min":0 }, "AuthType":{ @@ -1458,11 +1563,17 @@ "BatchUpdateRuleRequest":{ "type":"structure", "required":[ + "serviceIdentifier", "listenerIdentifier", - "rules", - "serviceIdentifier" + "rules" ], "members":{ + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" + }, "listenerIdentifier":{ "shape":"ListenerIdentifier", "documentation":"

    The ID or ARN of the listener.

    ", @@ -1472,12 +1583,6 @@ "rules":{ "shape":"RuleUpdateList", "documentation":"

    The rules for the specified listener.

    " - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" } } }, @@ -1502,13 +1607,13 @@ "type":"string", "max":2048, "min":0, - "pattern":"^(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:certificate/[0-9a-z-]+)?$" + "pattern":"(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:certificate/[0-9a-z-]+)?" }, "ClientToken":{ "type":"string", "max":64, "min":1, - "pattern":"[!-~]+" + "pattern":".*[!-~]+.*" }, "ConflictException":{ "type":"structure", @@ -1538,8 +1643,8 @@ "CreateAccessLogSubscriptionRequest":{ "type":"structure", "required":[ - "destinationArn", - "resourceIdentifier" + "resourceIdentifier", + "destinationArn" ], "members":{ "clientToken":{ @@ -1547,14 +1652,14 @@ "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", "idempotencyToken":true }, - "destinationArn":{ - "shape":"AccessLogDestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the destination. The supported destination types are CloudWatch Log groups, Kinesis Data Firehose delivery streams, and Amazon S3 buckets.

    " - }, "resourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    The ID or ARN of the service network or service.

    " }, + "destinationArn":{ + "shape":"AccessLogDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the destination. The supported destination types are CloudWatch Log groups, Kinesis Data Firehose delivery streams, and Amazon S3 buckets.

    " + }, "serviceNetworkLogType":{ "shape":"ServiceNetworkLogType", "documentation":"

    The type of log that monitors your Amazon VPC Lattice service networks.

    " @@ -1568,74 +1673,74 @@ "CreateAccessLogSubscriptionResponse":{ "type":"structure", "required":[ - "arn", - "destinationArn", "id", + "arn", + "resourceId", "resourceArn", - "resourceId" + "destinationArn" ], "members":{ - "arn":{ - "shape":"AccessLogSubscriptionArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " - }, - "destinationArn":{ - "shape":"AccessLogDestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the log destination.

    " - }, "id":{ "shape":"AccessLogSubscriptionId", "documentation":"

    The ID of the access log subscription.

    " }, - "resourceArn":{ - "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network or service.

    " + "arn":{ + "shape":"AccessLogSubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " }, "resourceId":{ "shape":"ResourceId", "documentation":"

    The ID of the service network or service.

    " }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network or service.

    " + }, "serviceNetworkLogType":{ "shape":"ServiceNetworkLogType", "documentation":"

    The type of log that monitors your Amazon VPC Lattice service networks.

    " + }, + "destinationArn":{ + "shape":"AccessLogDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the log destination.

    " } } }, "CreateListenerRequest":{ "type":"structure", "required":[ - "defaultAction", + "serviceIdentifier", "name", "protocol", - "serviceIdentifier" + "defaultAction" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", - "idempotencyToken":true - }, - "defaultAction":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule. Each listener has a default rule. The default rule is used if no other rules match.

    " + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" }, "name":{ "shape":"ListenerName", "documentation":"

    The name of the listener. A listener name must be unique within a service. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " }, + "protocol":{ + "shape":"ListenerProtocol", + "documentation":"

    The listener protocol.

    " + }, "port":{ "shape":"Port", "documentation":"

    The listener port. You can specify a value from 1 to 65535. For HTTP, the default is 80. For HTTPS, the default is 443.

    " }, - "protocol":{ - "shape":"ListenerProtocol", - "documentation":"

    The listener protocol.

    " + "defaultAction":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule. Each listener has a default rule. The default rule is used if no other rules match.

    " }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", @@ -1650,10 +1755,6 @@ "shape":"ListenerArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " }, - "defaultAction":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule.

    " - }, "id":{ "shape":"ListenerId", "documentation":"

    The ID of the listener.

    " @@ -1662,14 +1763,14 @@ "shape":"ListenerName", "documentation":"

    The name of the listener.

    " }, - "port":{ - "shape":"Port", - "documentation":"

    The port number of the listener.

    " - }, "protocol":{ "shape":"ListenerProtocol", "documentation":"

    The protocol of the listener.

    " }, + "port":{ + "shape":"Port", + "documentation":"

    The port number of the listener.

    " + }, "serviceArn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " @@ -1677,6 +1778,10 @@ "serviceId":{ "shape":"ServiceId", "documentation":"

    The ID of the service.

    " + }, + "defaultAction":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule.

    " } } }, @@ -1687,19 +1792,14 @@ "type" ], "members":{ - "allowAssociationToShareableServiceNetwork":{ - "shape":"Boolean", - "documentation":"

    (SINGLE, GROUP, ARN) Specifies whether the resource configuration can be associated with a sharable service network. The default is false.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", - "idempotencyToken":true - }, "name":{ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration. The name must be unique within the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"

    The type of resource configuration. A resource configuration can be one of the following types:

    • SINGLE - A single resource.

    • GROUP - A group of resources. You must create a group resource configuration before you create a child resource configuration.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + }, "portRanges":{ "shape":"PortRangeList", "documentation":"

    (SINGLE, GROUP, CHILD) The TCP port ranges that a consumer can use to access a resource configuration (for example: 1-65535). You can separate port ranges using commas (for example: 1,2,22-30).

    " @@ -1708,54 +1808,71 @@ "shape":"ProtocolType", "documentation":"

    (SINGLE, GROUP) The protocol accepted by the resource configuration.

    " }, - "resourceConfigurationDefinition":{ - "shape":"ResourceConfigurationDefinition", - "documentation":"

    (SINGLE, CHILD, ARN) The resource configuration.

    " + "resourceGatewayIdentifier":{ + "shape":"ResourceGatewayIdentifier", + "documentation":"

    (SINGLE, GROUP, ARN) The ID or ARN of the resource gateway used to connect to the resource configuration. For a child resource configuration, this value is inherited from the parent resource configuration.

    " }, "resourceConfigurationGroupIdentifier":{ "shape":"ResourceConfigurationIdentifier", - "documentation":"

    (CHILD) The ID or ARN of the parent resource configuration (type is GROUP). This is used to associate a child resource configuration with a group resource configuration.

    " + "documentation":"

    (CHILD) The ID or ARN of the parent resource configuration of type GROUP. This is used to associate a child resource configuration with a group resource configuration.

    " }, - "resourceGatewayIdentifier":{ - "shape":"ResourceGatewayIdentifier", - "documentation":"

    (SINGLE, GROUP, ARN) The ID or ARN of the resource gateway used to connect to the resource configuration. For a child resource configuration, this value is inherited from the parent resource configuration.

    " + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"

    Identifies the resource configuration in one of the following ways:

    • Amazon Resource Name (ARN) - Supported resource-types that are provisioned by Amazon Web Services services, such as RDS databases, can be identified by their ARN.

    • Domain name - Any domain name that is publicly resolvable.

    • IP address - For IPv4 and IPv6, only IP addresses in the VPC are supported.

    " + }, + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"

    (SINGLE, GROUP, ARN) Specifies whether the resource configuration can be associated with a sharable service network. The default is false.

    " + }, + "customDomainName":{ + "shape":"DomainName", + "documentation":"

    A custom domain name for your resource configuration. Additionally, provide a DomainVerificationID to prove your ownership of a domain.

    " + }, + "groupDomain":{ + "shape":"DomainName", + "documentation":"

    (GROUP) The group domain for a group resource configuration. Any domains that you create for the child resource are subdomains of the group domain. Child resources inherit the verification status of the domain.

    " + }, + "domainVerificationIdentifier":{ + "shape":"DomainVerificationIdentifier", + "documentation":"

    The domain verification ID of your verified custom domain name. If you don't provide an ID, you must configure the DNS settings yourself.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", "documentation":"

    The tags for the resource configuration.

    " - }, - "type":{ - "shape":"ResourceConfigurationType", - "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources. You must create a group resource configuration before you create a child resource configuration.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " } } }, "CreateResourceConfigurationResponse":{ "type":"structure", "members":{ - "allowAssociationToShareableServiceNetwork":{ - "shape":"Boolean", - "documentation":"

    Specifies whether the resource configuration can be associated with a sharable service network.

    " + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the resource configuration.

    " + }, + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"

    The name of the resource configuration.

    " }, "arn":{ "shape":"ResourceConfigurationArn", "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " - }, - "failureReason":{ - "shape":"String", - "documentation":"

    The reason that the request failed.

    " + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"

    The ID of the resource gateway associated with the resource configuration.

    " }, - "id":{ + "resourceConfigurationGroupId":{ "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the resource configuration.

    " + "documentation":"

    The ID of the parent resource configuration of type GROUP.

    " }, - "name":{ - "shape":"ResourceConfigurationName", - "documentation":"

    The name of the resource configuration.

    " + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"

    The type of resource configuration. A resource configuration can be one of the following types:

    • SINGLE - A single resource.

    • GROUP - A group of resources. You must create a group resource configuration before you create a child resource configuration.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " }, "portRanges":{ "shape":"PortRangeList", @@ -1765,64 +1882,80 @@ "shape":"ProtocolType", "documentation":"

    The protocol.

    " }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"

    The current status of the resource configuration.

    " + }, "resourceConfigurationDefinition":{ "shape":"ResourceConfigurationDefinition", - "documentation":"

    The resource configuration.

    " + "documentation":"

    Identifies the resource configuration in one of the following ways:

    • Amazon Resource Name (ARN) - Supported resource-types that are provisioned by Amazon Web Services services, such as RDS databases, can be identified by their ARN.

    • Domain name - Any domain name that is publicly resolvable.

    • IP address - For IPv4 and IPv6, only IP addresses in the VPC are supported.

    " }, - "resourceConfigurationGroupId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the parent resource configuration (type is GROUP).

    " + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"

    Specifies whether the resource configuration can be associated with a sharable service network.

    " }, - "resourceGatewayId":{ - "shape":"ResourceGatewayId", - "documentation":"

    The ID of the resource gateway associated with the resource configuration.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " }, - "status":{ - "shape":"ResourceConfigurationStatus", - "documentation":"

    The current status of the resource configuration.

    " + "failureReason":{ + "shape":"String", + "documentation":"

    The reason that the request failed.

    " }, - "type":{ - "shape":"ResourceConfigurationType", - "documentation":"

    The type of resource configuration.

    " + "customDomainName":{ + "shape":"DomainName", + "documentation":"

    The custom domain name for your resource configuration.

    " + }, + "domainVerificationId":{ + "shape":"DomainVerificationId", + "documentation":"

    The domain name verification ID.

    " + }, + "groupDomain":{ + "shape":"DomainName", + "documentation":"

    (GROUP) The group domain for a group resource configuration. Any domains that you create for the child resource are subdomains of the group domain. Child resources inherit the verification status of the domain.

    " + }, + "domainVerificationArn":{ + "shape":"DomainVerificationArn", + "documentation":"

    The verification ID ARN

    " } } }, "CreateResourceGatewayRequest":{ "type":"structure", - "required":[ - "name", - "subnetIds", - "vpcIdentifier" - ], + "required":["name"], "members":{ "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", "idempotencyToken":true }, - "ipAddressType":{ - "shape":"ResourceGatewayIpAddressType", - "documentation":"

    The type of IP address used by the resource gateway.

    " - }, "name":{ "shape":"ResourceGatewayName", "documentation":"

    The name of the resource gateway.

    " }, - "securityGroupIds":{ - "shape":"CreateResourceGatewayRequestSecurityGroupIdsList", - "documentation":"

    The IDs of the security groups to apply to the resource gateway. The security groups must be in the same VPC.

    " + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC for the resource gateway.

    " }, "subnetIds":{ "shape":"SubnetList", "documentation":"

    The IDs of the VPC subnets in which to create the resource gateway.

    " }, + "securityGroupIds":{ + "shape":"CreateResourceGatewayRequestSecurityGroupIdsList", + "documentation":"

    The IDs of the security groups to apply to the resource gateway. The security groups must be in the same VPC.

    " + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"

    A resource gateway can have IPv4, IPv6 or dualstack addresses. The IP address type of a resource gateway must be compatible with the subnets of the resource gateway and the IP address type of the resource, as described here:

    • IPv4Assign IPv4 addresses to your resource gateway network interfaces. This option is supported only if all selected subnets have IPv4 address ranges, and the resource also has an IPv4 address.

    • IPv6Assign IPv6 addresses to your resource gateway network interfaces. This option is supported only if all selected subnets are IPv6 only subnets, and the resource also has an IPv6 address.

    • DualstackAssign both IPv4 and IPv6 addresses to your resource gateway network interfaces. This option is supported only if all selected subnets have both IPv4 and IPv6 address ranges, and the resource either has an IPv4 or IPv6 address.

    The IP address type of the resource gateway is independent of the IP address type of the client or the VPC endpoint through which the resource is accessed.

    " + }, + "ipv4AddressesPerEni":{ + "shape":"Ipv4AddressesPerEni", + "documentation":"

    The number of IPv4 addresses in each ENI for the resource gateway.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    The tags for the resource gateway.

    " - }, - "vpcIdentifier":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC for the resource gateway.

    " } } }, @@ -1835,59 +1968,60 @@ "CreateResourceGatewayResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceGatewayArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " + "name":{ + "shape":"ResourceGatewayName", + "documentation":"

    The name of the resource gateway.

    " }, "id":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, - "ipAddressType":{ - "shape":"ResourceGatewayIpAddressType", - "documentation":"

    The type of IP address for the resource gateway.

    " - }, - "name":{ - "shape":"ResourceGatewayName", - "documentation":"

    The name of the resource gateway.

    " - }, - "securityGroupIds":{ - "shape":"SecurityGroupList", - "documentation":"

    The IDs of the security groups for the resource gateway.

    " + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " }, "status":{ "shape":"ResourceGatewayStatus", "documentation":"

    The status of the resource gateway.

    " }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC.

    " + }, "subnetIds":{ "shape":"SubnetList", "documentation":"

    The IDs of the resource gateway subnets.

    " }, - "vpcIdentifier":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC.

    " + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"

    The IDs of the security groups for the resource gateway.

    " + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"

    The type of IP address for the resource gateway.

    " + }, + "ipv4AddressesPerEni":{ + "shape":"Ipv4AddressesPerEni", + "documentation":"

    The number of IPv4 addresses in each ENI for the resource gateway.

    " } } }, "CreateRuleRequest":{ "type":"structure", "required":[ - "action", + "serviceIdentifier", "listenerIdentifier", - "match", "name", + "match", "priority", - "serviceIdentifier" + "action" ], "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", - "idempotencyToken":true + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" }, "listenerIdentifier":{ "shape":"ListenerIdentifier", @@ -1895,23 +2029,26 @@ "location":"uri", "locationName":"listenerIdentifier" }, - "match":{ - "shape":"RuleMatch", - "documentation":"

    The rule match.

    " - }, "name":{ "shape":"RuleName", "documentation":"

    The name of the rule. The name must be unique within the listener. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " }, + "match":{ + "shape":"RuleMatch", + "documentation":"

    The rule match.

    " + }, "priority":{ "shape":"RulePriority", "documentation":"

    The priority assigned to the rule. Each rule for a specific listener must have a unique priority. The lower the priority number the higher the priority.

    " }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" + "action":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", @@ -1922,10 +2059,6 @@ "CreateRuleResponse":{ "type":"structure", "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    The rule action.

    " - }, "arn":{ "shape":"RuleArn", "documentation":"

    The Amazon Resource Name (ARN) of the rule.

    " @@ -1934,17 +2067,21 @@ "shape":"RuleId", "documentation":"

    The ID of the rule.

    " }, - "match":{ - "shape":"RuleMatch", - "documentation":"

    The rule match. The RuleMatch must be an HttpMatch. This means that the rule should be an exact match on HTTP constraints which are made up of the HTTP method, path, and header.

    " - }, "name":{ "shape":"RuleName", "documentation":"

    The name of the rule.

    " }, + "match":{ + "shape":"RuleMatch", + "documentation":"

    The rule match. The RuleMatch must be an HttpMatch. This means that the rule should be an exact match on HTTP constraints which are made up of the HTTP method, path, and header.

    " + }, "priority":{ "shape":"RulePriority", "documentation":"

    The priority assigned to the rule. The lower the priority number the higher the priority.

    " + }, + "action":{ + "shape":"RuleAction", + "documentation":"

    The rule action.

    " } } }, @@ -1952,10 +2089,6 @@ "type":"structure", "required":["name"], "members":{ - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " - }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", @@ -1965,13 +2098,17 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network. The name must be unique to the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " }, - "sharingConfig":{ - "shape":"SharingConfig", - "documentation":"

    Specify if the service network should be enabled for sharing.

    " + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " }, "tags":{ "shape":"TagMap", "documentation":"

    The tags for the service network.

    " + }, + "sharingConfig":{ + "shape":"SharingConfig", + "documentation":"

    Specify if the service network should be enabled for sharing.

    " } } }, @@ -1995,44 +2132,44 @@ "shape":"ServiceNetworkIdentifierWithoutRegex", "documentation":"

    The ID of the service network to associate with the resource configuration.

    " }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled for the service network resource association.

    " + }, "tags":{ "shape":"TagMap", - "documentation":"

    The tags for the association.

    " + "documentation":"

    A key-value pair to associate with a resource.

    " } } }, "CreateServiceNetworkResourceAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"

    The ID of the association.

    " + }, "arn":{ "shape":"ServiceNetworkResourceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"

    The status of the association.

    " + }, "createdBy":{ "shape":"AccountId", "documentation":"

    The ID of the account that created the association.

    " }, - "id":{ - "shape":"ServiceNetworkResourceAssociationId", - "documentation":"

    The ID of the association.

    " - }, - "status":{ - "shape":"ServiceNetworkResourceAssociationStatus", - "documentation":"

    The status of the association.

    " + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is is enabled for the service network resource association.

    " } } }, "CreateServiceNetworkResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " - }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " - }, "id":{ "shape":"ServiceNetworkId", "documentation":"

    The ID of the service network.

    " @@ -2041,9 +2178,17 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " }, + "arn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, "sharingConfig":{ "shape":"SharingConfig", "documentation":"

    Specifies if the service network is enabled for sharing.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " } } }, @@ -2076,6 +2221,14 @@ "CreateServiceNetworkServiceAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkServiceAssociationIdentifier", + "documentation":"

    The ID of the association.

    " + }, + "status":{ + "shape":"ServiceNetworkServiceAssociationStatus", + "documentation":"

    The association status.

    " + }, "arn":{ "shape":"ServiceNetworkServiceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " @@ -2091,14 +2244,6 @@ "dnsEntry":{ "shape":"DnsEntry", "documentation":"

    The DNS name of the service.

    " - }, - "id":{ - "shape":"ServiceNetworkServiceAssociationIdentifier", - "documentation":"

    The ID of the association.

    " - }, - "status":{ - "shape":"ServiceNetworkServiceAssociationStatus", - "documentation":"

    The association status.

    " } } }, @@ -2114,21 +2259,29 @@ "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", "idempotencyToken":true }, - "securityGroupIds":{ - "shape":"CreateServiceNetworkVpcAssociationRequestSecurityGroupIdsList", - "documentation":"

    The IDs of the security groups. Security groups aren't added by default. You can add a security group to apply network level controls to control which resources in a VPC are allowed to access the service network and its services. For more information, see Control traffic to resources using security groups in the Amazon VPC User Guide.

    " - }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", "documentation":"

    The ID or ARN of the service network. You must use an ARN if the resources are in different accounts.

    " }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC.

    " + }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled for the VPC association.

    " + }, + "securityGroupIds":{ + "shape":"CreateServiceNetworkVpcAssociationRequestSecurityGroupIdsList", + "documentation":"

    The IDs of the security groups. Security groups aren't added by default. You can add a security group to apply network level controls to control which resources in a VPC are allowed to access the service network and its services. For more information, see Control traffic to resources using security groups in the Amazon VPC User Guide.

    " + }, "tags":{ "shape":"TagMap", "documentation":"

    The tags for the association.

    " }, - "vpcIdentifier":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC.

    " + "dnsOptions":{ + "shape":"DnsOptions", + "documentation":"

    DNS options for the service network VPC association.

    " } } }, @@ -2141,6 +2294,14 @@ "CreateServiceNetworkVpcAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkVpcAssociationId", + "documentation":"

    The ID of the association.

    " + }, + "status":{ + "shape":"ServiceNetworkVpcAssociationStatus", + "documentation":"

    The association status.

    " + }, "arn":{ "shape":"ServiceNetworkVpcAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " @@ -2149,41 +2310,26 @@ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "id":{ - "shape":"ServiceNetworkVpcAssociationId", - "documentation":"

    The ID of the association.

    " - }, "securityGroupIds":{ "shape":"SecurityGroupList", "documentation":"

    The IDs of the security groups.

    " }, - "status":{ - "shape":"ServiceNetworkVpcAssociationStatus", - "documentation":"

    The association status.

    " - } + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled for the VPC association.

    " + }, + "dnsOptions":{"shape":"DnsOptions"} } }, "CreateServiceRequest":{ "type":"structure", "required":["name"], "members":{ - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " - }, - "certificateArn":{ - "shape":"CertificateArn", - "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " - }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", "idempotencyToken":true }, - "customDomainName":{ - "shape":"ServiceCustomDomainName", - "documentation":"

    The custom domain name of the service.

    " - }, "name":{ "shape":"ServiceName", "documentation":"

    The name of the service. The name must be unique within the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " @@ -2191,43 +2337,55 @@ "tags":{ "shape":"TagMap", "documentation":"

    The tags for the service.

    " + }, + "customDomainName":{ + "shape":"ServiceCustomDomainName", + "documentation":"

    The custom domain name of the service.

    " + }, + "certificateArn":{ + "shape":"CertificateArn", + "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " } } }, "CreateServiceResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceId", + "documentation":"

    The ID of the service.

    " + }, "arn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " - }, - "certificateArn":{ - "shape":"CertificateArn", - "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " + "name":{ + "shape":"ServiceName", + "documentation":"

    The name of the service.

    " }, "customDomainName":{ "shape":"ServiceCustomDomainName", "documentation":"

    The custom domain name of the service.

    " }, - "dnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The public DNS name of the service.

    " - }, - "id":{ - "shape":"ServiceId", - "documentation":"

    The ID of the service.

    " - }, - "name":{ - "shape":"ServiceName", - "documentation":"

    The name of the service.

    " + "certificateArn":{ + "shape":"CertificateArn", + "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " }, "status":{ "shape":"ServiceStatus", "documentation":"

    The status. If the status is CREATE_FAILED, you must delete and recreate the service.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The public DNS name of the service.

    " } } }, @@ -2238,55 +2396,55 @@ "type" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", - "idempotencyToken":true + "name":{ + "shape":"TargetGroupName", + "documentation":"

    The name of the target group. The name must be unique within the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " + }, + "type":{ + "shape":"TargetGroupType", + "documentation":"

    The type of target group.

    " }, "config":{ "shape":"TargetGroupConfig", "documentation":"

    The target group configuration.

    " }, - "name":{ - "shape":"TargetGroupName", - "documentation":"

    The name of the target group. The name must be unique within the account. The valid characters are a-z, 0-9, and hyphens (-). You can't use a hyphen as the first or last character, or immediately after another hyphen.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", + "idempotencyToken":true }, "tags":{ "shape":"TagMap", "documentation":"

    The tags for the target group.

    " - }, - "type":{ - "shape":"TargetGroupType", - "documentation":"

    The type of target group.

    " } } }, "CreateTargetGroupResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"TargetGroupArn", - "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " - }, - "config":{ - "shape":"TargetGroupConfig", - "documentation":"

    The target group configuration.

    " - }, "id":{ "shape":"TargetGroupId", "documentation":"

    The ID of the target group.

    " }, + "arn":{ + "shape":"TargetGroupArn", + "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " + }, "name":{ "shape":"TargetGroupName", "documentation":"

    The name of the target group.

    " }, - "status":{ - "shape":"TargetGroupStatus", - "documentation":"

    The status. You can retry the operation if the status is CREATE_FAILED. However, if you retry it while the status is CREATE_IN_PROGRESS, there is no change in the status.

    " - }, "type":{ "shape":"TargetGroupType", "documentation":"

    The type of target group.

    " + }, + "config":{ + "shape":"TargetGroupConfig", + "documentation":"

    The target group configuration.

    " + }, + "status":{ + "shape":"TargetGroupStatus", + "documentation":"

    The status. You can retry the operation if the status is CREATE_FAILED. However, if you retry it while the status is CREATE_IN_PROGRESS, there is no change in the status.

    " } } }, @@ -2304,8 +2462,7 @@ }, "DeleteAccessLogSubscriptionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAuthPolicyRequest":{ "type":"structure", @@ -2321,34 +2478,48 @@ }, "DeleteAuthPolicyResponse":{ "type":"structure", + "members":{} + }, + "DeleteDomainVerificationRequest":{ + "type":"structure", + "required":["domainVerificationIdentifier"], "members":{ + "domainVerificationIdentifier":{ + "shape":"DomainVerificationIdentifier", + "documentation":"

    The ID of the domain verification to delete.

    ", + "location":"uri", + "locationName":"domainVerificationIdentifier" + } } }, + "DeleteDomainVerificationResponse":{ + "type":"structure", + "members":{} + }, "DeleteListenerRequest":{ "type":"structure", "required":[ - "listenerIdentifier", - "serviceIdentifier" + "serviceIdentifier", + "listenerIdentifier" ], "members":{ - "listenerIdentifier":{ - "shape":"ListenerIdentifier", - "documentation":"

    The ID or ARN of the listener.

    ", - "location":"uri", - "locationName":"listenerIdentifier" - }, "serviceIdentifier":{ "shape":"ServiceIdentifier", "documentation":"

    The ID or ARN of the service.

    ", "location":"uri", "locationName":"serviceIdentifier" + }, + "listenerIdentifier":{ + "shape":"ListenerIdentifier", + "documentation":"

    The ID or ARN of the listener.

    ", + "location":"uri", + "locationName":"listenerIdentifier" } } }, "DeleteListenerResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourceConfigurationRequest":{ "type":"structure", @@ -2364,8 +2535,7 @@ }, "DeleteResourceConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourceEndpointAssociationRequest":{ "type":"structure", @@ -2382,22 +2552,22 @@ "DeleteResourceEndpointAssociationResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceEndpointAssociationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " - }, "id":{ "shape":"ResourceEndpointAssociationId", "documentation":"

    The ID of the association.

    " }, - "resourceConfigurationArn":{ - "shape":"ResourceConfigurationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration associated with the VPC endpoint of type resource.

    " + "arn":{ + "shape":"ResourceEndpointAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, "resourceConfigurationId":{ "shape":"ResourceConfigurationId", "documentation":"

    The ID of the resource configuration.

    " }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration associated with the VPC endpoint of type resource.

    " + }, "vpcEndpointId":{ "shape":"VpcEndpointId", "documentation":"

    The ID of the resource VPC endpoint that is associated with the resource configuration.

    " @@ -2419,14 +2589,14 @@ "DeleteResourceGatewayResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceGatewayArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " - }, "id":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " + }, "name":{ "shape":"ResourceGatewayName", "documentation":"

    The name of the resource gateway.

    " @@ -2451,17 +2621,22 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleRequest":{ "type":"structure", "required":[ + "serviceIdentifier", "listenerIdentifier", - "ruleIdentifier", - "serviceIdentifier" + "ruleIdentifier" ], "members":{ + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" + }, "listenerIdentifier":{ "shape":"ListenerIdentifier", "documentation":"

    The ID or ARN of the listener.

    ", @@ -2473,19 +2648,12 @@ "documentation":"

    The ID or ARN of the rule.

    ", "location":"uri", "locationName":"ruleIdentifier" - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" } } }, "DeleteRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteServiceNetworkRequest":{ "type":"structure", @@ -2514,14 +2682,14 @@ "DeleteServiceNetworkResourceAssociationResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkResourceAssociationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " - }, "id":{ "shape":"ServiceNetworkResourceAssociationId", "documentation":"

    The ID of the association.

    " }, + "arn":{ + "shape":"ServiceNetworkResourceAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " + }, "status":{ "shape":"ServiceNetworkResourceAssociationStatus", "documentation":"

    The status of the association.

    " @@ -2530,8 +2698,7 @@ }, "DeleteServiceNetworkResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteServiceNetworkServiceAssociationRequest":{ "type":"structure", @@ -2548,10 +2715,6 @@ "DeleteServiceNetworkServiceAssociationResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkServiceAssociationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " - }, "id":{ "shape":"ServiceNetworkServiceAssociationIdentifier", "documentation":"

    The ID of the association.

    " @@ -2559,6 +2722,10 @@ "status":{ "shape":"ServiceNetworkServiceAssociationStatus", "documentation":"

    The status. You can retry the operation if the status is DELETE_FAILED. However, if you retry it when the status is DELETE_IN_PROGRESS, there is no change in the status.

    " + }, + "arn":{ + "shape":"ServiceNetworkServiceAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " } } }, @@ -2577,10 +2744,6 @@ "DeleteServiceNetworkVpcAssociationResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkVpcAssociationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " - }, "id":{ "shape":"ServiceNetworkVpcAssociationId", "documentation":"

    The ID of the association.

    " @@ -2588,6 +2751,10 @@ "status":{ "shape":"ServiceNetworkVpcAssociationStatus", "documentation":"

    The status. You can retry the operation if the status is DELETE_FAILED. However, if you retry it while the status is DELETE_IN_PROGRESS, there is no change in the status.

    " + }, + "arn":{ + "shape":"ServiceNetworkVpcAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " } } }, @@ -2606,14 +2773,14 @@ "DeleteServiceResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " - }, "id":{ "shape":"ServiceId", "documentation":"

    The ID of the service.

    " }, + "arn":{ + "shape":"ServiceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " + }, "name":{ "shape":"ServiceName", "documentation":"

    The name of the service.

    " @@ -2639,14 +2806,14 @@ "DeleteTargetGroupResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"TargetGroupArn", - "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " - }, "id":{ "shape":"TargetGroupId", "documentation":"

    The ID of the target group.

    " }, + "arn":{ + "shape":"TargetGroupArn", + "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " + }, "status":{ "shape":"TargetGroupStatus", "documentation":"

    The status. You can retry the operation if the status is DELETE_FAILED. However, if you retry it while the status is DELETE_IN_PROGRESS, the status doesn't change.

    " @@ -2705,6 +2872,20 @@ }, "documentation":"

    Describes the DNS information of a service.

    " }, + "DnsOptions":{ + "type":"structure", + "members":{ + "privateDnsPreference":{ + "shape":"PrivateDnsPreference", + "documentation":"

    The preference for which private domains have a private hosted zone created for and associated with the specified VPC. Only supported when private DNS is enabled and when the VPC endpoint type is ServiceNetwork or Resource.

    • ALL_DOMAINS - VPC Lattice provisions private hosted zones for all custom domain names.

    • VERIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone only if custom domain name has been verified by the provider.

    • VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS - VPC Lattice provisions private hosted zones for all verified custom domain names and other domain names that the resource consumer specifies. The resource consumer specifies the domain names in the privateDnsSpecifiedDomains parameter.

    • SPECIFIED_DOMAINS_ONLY - VPC Lattice provisions a private hosted zone for domain names specified by the resource consumer. The resource consumer specifies the domain names in the privateDnsSpecifiedDomains parameter.

    " + }, + "privateDnsSpecifiedDomains":{ + "shape":"PrivateDnsSpecifiedDomainsList", + "documentation":"

    Indicates which of the private domains to create private hosted zones for and associate with the specified VPC. Only supported when private DNS is enabled and the private DNS preference is VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS or SPECIFIED_DOMAINS_ONLY.

    " + } + }, + "documentation":"

    The DNS configuration options.

    " + }, "DnsResource":{ "type":"structure", "members":{ @@ -2714,7 +2895,7 @@ }, "ipAddressType":{ "shape":"ResourceConfigurationIpAddressType", - "documentation":"

    The type of IP address.

    " + "documentation":"

    The type of IP address. Dualstack is currently not supported.

    " } }, "documentation":"

    The DNS name of the resource.

    " @@ -2724,6 +2905,73 @@ "max":255, "min":3 }, + "DomainVerificationArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:domainverification/dv-[a-fA-F0-9]{17}" + }, + "DomainVerificationId":{ + "type":"string", + "max":20, + "min":20, + "pattern":"dv-[a-fA-F0-9]{17}" + }, + "DomainVerificationIdentifier":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"((dv-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:domainverification/dv-[a-fA-F0-9]{17}))" + }, + "DomainVerificationList":{ + "type":"list", + "member":{"shape":"DomainVerificationSummary"} + }, + "DomainVerificationSummary":{ + "type":"structure", + "required":[ + "id", + "arn", + "domainName", + "status", + "createdAt" + ], + "members":{ + "id":{ + "shape":"DomainVerificationId", + "documentation":"

    The ID of the domain verification.

    " + }, + "arn":{ + "shape":"DomainVerificationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the domain verification.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name being verified.

    " + }, + "status":{ + "shape":"VerificationStatus", + "documentation":"

    The current status of the domain verification process.

    " + }, + "txtMethodConfig":{ + "shape":"TxtMethodConfig", + "documentation":"

    The TXT record configuration used for domain verification.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the domain verification was created, in ISO-8601 format.

    " + }, + "lastVerifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the domain was last successfully verified, in ISO-8601 format.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the domain verification.

    " + } + }, + "documentation":"

    Summary information about a domain verification.

    " + }, "FailureCode":{"type":"string"}, "FailureMessage":{"type":"string"}, "FixedResponseAction":{ @@ -2732,7 +2980,7 @@ "members":{ "statusCode":{ "shape":"HttpStatusCode", - "documentation":"

    The HTTP response code.

    " + "documentation":"

    The HTTP response code. Only 404 and 500 status codes are supported.

    " } }, "documentation":"

    Describes an action that returns a custom HTTP response.

    " @@ -2763,46 +3011,46 @@ "GetAccessLogSubscriptionResponse":{ "type":"structure", "required":[ - "arn", - "createdAt", - "destinationArn", "id", - "lastUpdatedAt", + "arn", + "resourceId", "resourceArn", - "resourceId" + "destinationArn", + "createdAt", + "lastUpdatedAt" ], "members":{ - "arn":{ - "shape":"AccessLogSubscriptionArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the access log subscription was created, in ISO-8601 format.

    " - }, - "destinationArn":{ - "shape":"AccessLogDestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log destination.

    " - }, "id":{ "shape":"AccessLogSubscriptionId", "documentation":"

    The ID of the access log subscription.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the access log subscription was last updated, in ISO-8601 format.

    " + "arn":{ + "shape":"AccessLogSubscriptionArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"

    The ID of the service network or service.

    " }, "resourceArn":{ "shape":"ResourceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service network or service.

    " }, - "resourceId":{ - "shape":"ResourceId", - "documentation":"

    The ID of the service network or service.

    " + "destinationArn":{ + "shape":"AccessLogDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log destination.

    " }, "serviceNetworkLogType":{ "shape":"ServiceNetworkLogType", "documentation":"

    The log type for the service network.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the access log subscription was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the access log subscription was last updated, in ISO-8601 format.

    " } } }, @@ -2821,6 +3069,14 @@ "GetAuthPolicyResponse":{ "type":"structure", "members":{ + "policy":{ + "shape":"AuthPolicyString", + "documentation":"

    The auth policy.

    " + }, + "state":{ + "shape":"AuthPolicyState", + "documentation":"

    The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type is NONE, then any auth policy that you provide remains inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.

    " + }, "createdAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the auth policy was created, in ISO-8601 format.

    " @@ -2828,35 +3084,83 @@ "lastUpdatedAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the auth policy was last updated, in ISO-8601 format.

    " + } + } + }, + "GetDomainVerificationRequest":{ + "type":"structure", + "required":["domainVerificationIdentifier"], + "members":{ + "domainVerificationIdentifier":{ + "shape":"DomainVerificationIdentifier", + "documentation":"

    The ID or ARN of the domain verification to retrieve.

    ", + "location":"uri", + "locationName":"domainVerificationIdentifier" + } + } + }, + "GetDomainVerificationResponse":{ + "type":"structure", + "required":[ + "id", + "arn", + "domainName", + "status", + "createdAt" + ], + "members":{ + "id":{ + "shape":"DomainVerificationId", + "documentation":"

    The ID of the domain verification.

    " }, - "policy":{ - "shape":"AuthPolicyString", - "documentation":"

    The auth policy.

    " + "arn":{ + "shape":"DomainVerificationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the domain verification.

    " }, - "state":{ - "shape":"AuthPolicyState", - "documentation":"

    The state of the auth policy. The auth policy is only active when the auth type is set to AWS_IAM. If you provide a policy, then authentication and authorization decisions are made based on this policy and the client's IAM policy. If the auth type is NONE, then any auth policy that you provide remains inactive. For more information, see Create a service network in the Amazon VPC Lattice User Guide.

    " + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name being verified.

    " + }, + "status":{ + "shape":"VerificationStatus", + "documentation":"

    The current status of the domain verification process.

    " + }, + "txtMethodConfig":{ + "shape":"TxtMethodConfig", + "documentation":"

    The TXT record configuration used for domain verification.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the domain verification was created, in ISO-8601 format.

    " + }, + "lastVerifiedTime":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the domain was last successfully verified, in ISO-8601 format.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags associated with the domain verification.

    " } } }, "GetListenerRequest":{ "type":"structure", "required":[ - "listenerIdentifier", - "serviceIdentifier" + "serviceIdentifier", + "listenerIdentifier" ], "members":{ - "listenerIdentifier":{ - "shape":"ListenerIdentifier", - "documentation":"

    The ID or ARN of the listener.

    ", - "location":"uri", - "locationName":"listenerIdentifier" - }, "serviceIdentifier":{ "shape":"ServiceIdentifier", "documentation":"

    The ID or ARN of the service.

    ", "location":"uri", "locationName":"serviceIdentifier" + }, + "listenerIdentifier":{ + "shape":"ListenerIdentifier", + "documentation":"

    The ID or ARN of the listener.

    ", + "location":"uri", + "locationName":"listenerIdentifier" } } }, @@ -2867,34 +3171,22 @@ "shape":"ListenerArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener was created, in ISO-8601 format.

    " - }, - "defaultAction":{ - "shape":"RuleAction", - "documentation":"

    The actions for the default listener rule.

    " - }, "id":{ "shape":"ListenerId", "documentation":"

    The ID of the listener.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener was last updated, in ISO-8601 format.

    " - }, "name":{ "shape":"ListenerName", "documentation":"

    The name of the listener.

    " }, - "port":{ - "shape":"Port", - "documentation":"

    The listener port.

    " - }, "protocol":{ "shape":"ListenerProtocol", "documentation":"

    The listener protocol.

    " }, + "port":{ + "shape":"Port", + "documentation":"

    The listener port.

    " + }, "serviceArn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " @@ -2902,6 +3194,18 @@ "serviceId":{ "shape":"ServiceId", "documentation":"

    The ID of the service.

    " + }, + "defaultAction":{ + "shape":"RuleAction", + "documentation":"

    The actions for the default listener rule.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener was last updated, in ISO-8601 format.

    " } } }, @@ -2920,41 +3224,33 @@ "GetResourceConfigurationResponse":{ "type":"structure", "members":{ - "allowAssociationToShareableServiceNetwork":{ - "shape":"Boolean", - "documentation":"

    Specifies whether the resource configuration is associated with a sharable service network.

    " + "id":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the resource configuration.

    " }, - "amazonManaged":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the resource configuration was created and is managed by Amazon.

    " + "name":{ + "shape":"ResourceConfigurationName", + "documentation":"

    The name of the resource configuration.

    " }, "arn":{ "shape":"ResourceConfigurationArn", "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " - }, - "customDomainName":{ - "shape":"DomainName", - "documentation":"

    The custom domain name of the resource configuration.

    " - }, - "failureReason":{ - "shape":"String", - "documentation":"

    The reason the create-resource-configuration request failed.

    " + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"

    The ID of the resource gateway used to connect to the resource configuration in a given VPC. You can specify the resource gateway identifier only for resource configurations with type SINGLE, GROUP, or ARN.

    " }, - "id":{ + "resourceConfigurationGroupId":{ "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the resource configuration.

    " + "documentation":"

    The ID of the group resource configuration.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The most recent date and time that the resource configuration was updated, in ISO-8601 format.

    " + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " }, - "name":{ - "shape":"ResourceConfigurationName", - "documentation":"

    The name of the resource configuration.

    " + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"

    Specifies whether the resource configuration is associated with a sharable service network.

    " }, "portRanges":{ "shape":"PortRangeList", @@ -2964,25 +3260,49 @@ "shape":"ProtocolType", "documentation":"

    The TCP protocol accepted by the specified resource configuration.

    " }, + "customDomainName":{ + "shape":"DomainName", + "documentation":"

    The custom domain name of the resource configuration.

    " + }, + "status":{ + "shape":"ResourceConfigurationStatus", + "documentation":"

    The status of the resource configuration.

    " + }, "resourceConfigurationDefinition":{ "shape":"ResourceConfigurationDefinition", "documentation":"

    The resource configuration.

    " }, - "resourceConfigurationGroupId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the group resource configuration.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " }, - "resourceGatewayId":{ - "shape":"ResourceGatewayId", - "documentation":"

    The ID of the resource gateway used to connect to the resource configuration in a given VPC. You can specify the resource gateway identifier only for resource configurations with type SINGLE, GROUP, or ARN.

    " + "amazonManaged":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the resource configuration was created and is managed by Amazon.

    " }, - "status":{ - "shape":"ResourceConfigurationStatus", - "documentation":"

    The status of the resource configuration.

    " + "failureReason":{ + "shape":"String", + "documentation":"

    The reason the create-resource-configuration request failed.

    " }, - "type":{ - "shape":"ResourceConfigurationType", - "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The most recent date and time that the resource configuration was updated, in ISO-8601 format.

    " + }, + "domainVerificationId":{ + "shape":"DomainVerificationId", + "documentation":"

    The domain verification ID.

    " + }, + "domainVerificationArn":{ + "shape":"DomainVerificationArn", + "documentation":"

    The ARN of the domain verification.

    " + }, + "domainVerificationStatus":{ + "shape":"VerificationStatus", + "documentation":"

    The domain verification status.

    " + }, + "groupDomain":{ + "shape":"DomainName", + "documentation":"

    (GROUP) The group domain for a group resource configuration. Any domains that you create for the child resource are subdomains of the group domain. Child resources inherit the verification status of the domain.

    " } } }, @@ -3001,45 +3321,49 @@ "GetResourceGatewayResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceGatewayArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the resource gateway was created, in ISO-8601 format.

    " + "name":{ + "shape":"ResourceGatewayName", + "documentation":"

    The name of the resource gateway.

    " }, "id":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, - "ipAddressType":{ - "shape":"ResourceGatewayIpAddressType", - "documentation":"

    The type of IP address for the resource gateway.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the resource gateway was last updated, in ISO-8601 format.

    " - }, - "name":{ - "shape":"ResourceGatewayName", - "documentation":"

    The name of the resource gateway.

    " - }, - "securityGroupIds":{ - "shape":"SecurityGroupList", - "documentation":"

    The security group IDs associated with the resource gateway.

    " + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " }, "status":{ "shape":"ResourceGatewayStatus", "documentation":"

    The status for the resource gateway.

    " }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC for the resource gateway.

    " + }, "subnetIds":{ "shape":"SubnetList", "documentation":"

    The IDs of the VPC subnets for resource gateway.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC for the resource gateway.

    " + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"

    The security group IDs associated with the resource gateway.

    " + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"

    The type of IP address for the resource gateway.

    " + }, + "ipv4AddressesPerEni":{ + "shape":"Ipv4AddressesPerEni", + "documentation":"

    The number of IPv4 addresses in each ENI for the resource gateway.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the resource gateway was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the resource gateway was last updated, in ISO-8601 format.

    " } } }, @@ -3067,11 +3391,17 @@ "GetRuleRequest":{ "type":"structure", "required":[ + "serviceIdentifier", "listenerIdentifier", - "ruleIdentifier", - "serviceIdentifier" + "ruleIdentifier" ], "members":{ + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" + }, "listenerIdentifier":{ "shape":"ListenerIdentifier", "documentation":"

    The ID or ARN of the listener.

    ", @@ -3083,53 +3413,47 @@ "documentation":"

    The ID or ARN of the listener rule.

    ", "location":"uri", "locationName":"ruleIdentifier" - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" } } }, "GetRuleResponse":{ "type":"structure", "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule.

    " - }, "arn":{ "shape":"RuleArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener rule was created, in ISO-8601 format.

    " - }, "id":{ "shape":"RuleId", "documentation":"

    The ID of the listener.

    " }, + "name":{ + "shape":"RuleName", + "documentation":"

    The name of the listener.

    " + }, "isDefault":{ "shape":"Boolean", "documentation":"

    Indicates whether this is the default rule.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener rule was last updated, in ISO-8601 format.

    " - }, "match":{ "shape":"RuleMatch", "documentation":"

    The rule match.

    " }, - "name":{ - "shape":"RuleName", - "documentation":"

    The name of the listener.

    " - }, "priority":{ "shape":"RulePriority", "documentation":"

    The priority level for the specified rule.

    " + }, + "action":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener rule was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener rule was last updated, in ISO-8601 format.

    " } } }, @@ -3160,114 +3484,122 @@ "GetServiceNetworkResourceAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"

    The ID of the association.

    " + }, "arn":{ "shape":"ServiceNetworkResourceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"

    The status of the association.

    " }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "dnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The DNS entry for the service.

    " - }, - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "failureReason":{ - "shape":"String", - "documentation":"

    The reason the association request failed.

    " - }, - "id":{ - "shape":"ServiceNetworkResourceAssociationId", - "documentation":"

    The ID of the association.

    " - }, - "isManagedAssociation":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the association is managed by Amazon.

    " - }, - "lastUpdatedAt":{ + "createdAt":{ "shape":"Timestamp", - "documentation":"

    The most recent date and time that the association was updated, in ISO-8601 format.

    " + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, - "privateDnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The private DNS entry for the service.

    " + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the resource configuration that is associated with the service network.

    " }, "resourceConfigurationArn":{ "shape":"ResourceConfigurationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "resourceConfigurationId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the resource configuration that is associated with the service network.

    " - }, "resourceConfigurationName":{ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration that is associated with the service network.

    " }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkIdentifierWithoutRegex", - "documentation":"

    The Amazon Resource Name (ARN) of the service network that is associated with the resource configuration.

    " - }, "serviceNetworkId":{ "shape":"ServiceNetworkIdentifierWithoutRegex", "documentation":"

    The ID of the service network that is associated with the resource configuration.

    " }, + "serviceNetworkArn":{ + "shape":"ServiceNetworkIdentifierWithoutRegex", + "documentation":"

    The Amazon Resource Name (ARN) of the service network that is associated with the resource configuration.

    " + }, "serviceNetworkName":{ "shape":"ServiceNetworkNameWithoutRegex", "documentation":"

    The name of the service network that is associated with the resource configuration.

    " }, - "status":{ - "shape":"ServiceNetworkResourceAssociationStatus", - "documentation":"

    The status of the association.

    " + "failureReason":{ + "shape":"String", + "documentation":"

    The reason the association request failed.

    " + }, + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The most recent date and time that the association was updated, in ISO-8601 format.

    " + }, + "privateDnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The private DNS entry for the service.

    " + }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled in the service network resource association.

    " + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The DNS entry for the service.

    " + }, + "isManagedAssociation":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the association is managed by Amazon.

    " + }, + "domainVerificationStatus":{ + "shape":"VerificationStatus", + "documentation":"

    The domain verification status in the service network resource association.

    " } } }, "GetServiceNetworkResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + "id":{ + "shape":"ServiceNetworkId", + "documentation":"

    The ID of the service network.

    " }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " + "name":{ + "shape":"ServiceNetworkName", + "documentation":"

    The name of the service network.

    " }, "createdAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the service network was created, in ISO-8601 format.

    " }, - "id":{ - "shape":"ServiceNetworkId", - "documentation":"

    The ID of the service network.

    " - }, "lastUpdatedAt":{ "shape":"Timestamp", "documentation":"

    The date and time of the last update, in ISO-8601 format.

    " }, - "name":{ - "shape":"ServiceNetworkName", - "documentation":"

    The name of the service network.

    " + "arn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " }, - "numberOfAssociatedServices":{ - "shape":"Long", - "documentation":"

    The number of services associated with the service network.

    " + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " + }, + "sharingConfig":{ + "shape":"SharingConfig", + "documentation":"

    Specifies if the service network is enabled for sharing.

    " }, "numberOfAssociatedVPCs":{ "shape":"Long", "documentation":"

    The number of VPCs associated with the service network.

    " }, - "sharingConfig":{ - "shape":"SharingConfig", - "documentation":"

    Specifies if the service network is enabled for sharing.

    " + "numberOfAssociatedServices":{ + "shape":"Long", + "documentation":"

    The number of services associated with the service network.

    " } } }, @@ -3286,41 +3618,25 @@ "GetServiceNetworkServiceAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkServiceAssociationIdentifier", + "documentation":"

    The ID of the service network and service association.

    " + }, + "status":{ + "shape":"ServiceNetworkServiceAssociationStatus", + "documentation":"

    The status of the association.

    " + }, "arn":{ "shape":"ServiceNetworkServiceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " - }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "customDomainName":{ - "shape":"ServiceCustomDomainName", - "documentation":"

    The custom domain name of the service.

    " - }, - "dnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The DNS name of the service.

    " - }, - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "failureMessage":{ - "shape":"String", - "documentation":"

    The failure message.

    " - }, - "id":{ - "shape":"ServiceNetworkServiceAssociationIdentifier", - "documentation":"

    The ID of the service network and service association.

    " - }, - "serviceArn":{ - "shape":"ServiceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, "serviceId":{ "shape":"ServiceId", @@ -3330,9 +3646,9 @@ "shape":"ServiceName", "documentation":"

    The name of the service.

    " }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + "serviceArn":{ + "shape":"ServiceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " }, "serviceNetworkId":{ "shape":"ServiceNetworkId", @@ -3342,9 +3658,25 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " }, - "status":{ - "shape":"ServiceNetworkServiceAssociationStatus", - "documentation":"

    The status of the association.

    " + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The DNS name of the service.

    " + }, + "customDomainName":{ + "shape":"ServiceCustomDomainName", + "documentation":"

    The custom domain name of the service.

    " + }, + "failureMessage":{ + "shape":"String", + "documentation":"

    The failure message.

    " + }, + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " } } }, @@ -3363,41 +3695,25 @@ "GetServiceNetworkVpcAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkVpcAssociationId", + "documentation":"

    The ID of the association.

    " + }, + "status":{ + "shape":"ServiceNetworkVpcAssociationStatus", + "documentation":"

    The status of the association.

    " + }, "arn":{ "shape":"ServiceNetworkVpcAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " - }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "failureMessage":{ - "shape":"String", - "documentation":"

    The failure message.

    " - }, - "id":{ - "shape":"ServiceNetworkVpcAssociationId", - "documentation":"

    The ID of the association.

    " - }, - "lastUpdatedAt":{ + "createdAt":{ "shape":"Timestamp", - "documentation":"

    The date and time that the association was last updated, in ISO-8601 format.

    " - }, - "securityGroupIds":{ - "shape":"SecurityGroupList", - "documentation":"

    The IDs of the security groups.

    " - }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, "serviceNetworkId":{ "shape":"ServiceNetworkId", @@ -3407,13 +3723,37 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " }, - "status":{ - "shape":"ServiceNetworkVpcAssociationStatus", - "documentation":"

    The status of the association.

    " + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " }, "vpcId":{ "shape":"VpcId", "documentation":"

    The ID of the VPC.

    " + }, + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"

    The IDs of the security groups.

    " + }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled in the VPC association.

    " + }, + "failureMessage":{ + "shape":"String", + "documentation":"

    The failure message.

    " + }, + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was last updated, in ISO-8601 format.

    " + }, + "dnsOptions":{ + "shape":"DnsOptions", + "documentation":"

    DNS options for the service network VPC association.

    " } } }, @@ -3432,30 +3772,46 @@ "GetServiceResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceId", + "documentation":"

    The ID of the service.

    " + }, + "name":{ + "shape":"ServiceName", + "documentation":"

    The name of the service.

    " + }, "arn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " - }, - "certificateArn":{ - "shape":"CertificateArn", - "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " - }, "createdAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the service was created, in ISO-8601 format.

    " }, - "customDomainName":{ - "shape":"ServiceCustomDomainName", - "documentation":"

    The custom domain name of the service.

    " + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the service was last updated, in ISO-8601 format.

    " }, "dnsEntry":{ "shape":"DnsEntry", "documentation":"

    The DNS name of the service.

    " }, + "customDomainName":{ + "shape":"ServiceCustomDomainName", + "documentation":"

    The custom domain name of the service.

    " + }, + "certificateArn":{ + "shape":"CertificateArn", + "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " + }, + "status":{ + "shape":"ServiceStatus", + "documentation":"

    The status of the service.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " + }, "failureCode":{ "shape":"FailureCode", "documentation":"

    The failure code.

    " @@ -3463,22 +3819,6 @@ "failureMessage":{ "shape":"FailureMessage", "documentation":"

    The failure message.

    " - }, - "id":{ - "shape":"ServiceId", - "documentation":"

    The ID of the service.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the service was last updated, in ISO-8601 format.

    " - }, - "name":{ - "shape":"ServiceName", - "documentation":"

    The name of the service.

    " - }, - "status":{ - "shape":"ServiceStatus", - "documentation":"

    The status of the service.

    " } } }, @@ -3497,10 +3837,22 @@ "GetTargetGroupResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"TargetGroupId", + "documentation":"

    The ID of the target group.

    " + }, "arn":{ "shape":"TargetGroupArn", "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " }, + "name":{ + "shape":"TargetGroupName", + "documentation":"

    The name of the target group.

    " + }, + "type":{ + "shape":"TargetGroupType", + "documentation":"

    The target group type.

    " + }, "config":{ "shape":"TargetGroupConfig", "documentation":"

    The target group configuration.

    " @@ -3509,58 +3861,46 @@ "shape":"Timestamp", "documentation":"

    The date and time that the target group was created, in ISO-8601 format.

    " }, - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "failureMessage":{ - "shape":"String", - "documentation":"

    The failure message.

    " - }, - "id":{ - "shape":"TargetGroupId", - "documentation":"

    The ID of the target group.

    " - }, "lastUpdatedAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the target group was last updated, in ISO-8601 format.

    " }, - "name":{ - "shape":"TargetGroupName", - "documentation":"

    The name of the target group.

    " + "status":{ + "shape":"TargetGroupStatus", + "documentation":"

    The status.

    " }, "serviceArns":{ "shape":"ServiceArnList", "documentation":"

    The Amazon Resource Names (ARNs) of the service.

    " }, - "status":{ - "shape":"TargetGroupStatus", - "documentation":"

    The status.

    " + "failureMessage":{ + "shape":"String", + "documentation":"

    The failure message.

    " }, - "type":{ - "shape":"TargetGroupType", - "documentation":"

    The target group type.

    " + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " } } }, "HeaderMatch":{ "type":"structure", "required":[ - "match", - "name" + "name", + "match" ], "members":{ - "caseSensitive":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the match is case sensitive.

    " + "name":{ + "shape":"HeaderMatchName", + "documentation":"

    The name of the header.

    " }, "match":{ "shape":"HeaderMatchType", "documentation":"

    The header match type.

    " }, - "name":{ - "shape":"HeaderMatchName", - "documentation":"

    The name of the header.

    " + "caseSensitive":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the match is case sensitive.

    " } }, "documentation":"

    Describes the constraints for a header match. Matches incoming requests with rule based on request header value before applying rule action.

    " @@ -3594,10 +3934,6 @@ "HeaderMatchType":{ "type":"structure", "members":{ - "contains":{ - "shape":"HeaderMatchContains", - "documentation":"

    A contains type match.

    " - }, "exact":{ "shape":"HeaderMatchExact", "documentation":"

    An exact type match.

    " @@ -3605,6 +3941,10 @@ "prefix":{ "shape":"HeaderMatchPrefix", "documentation":"

    A prefix type match. Matches the value with the prefix.

    " + }, + "contains":{ + "shape":"HeaderMatchContains", + "documentation":"

    A contains type match.

    " } }, "documentation":"

    Describes a header match type.

    ", @@ -3617,6 +3957,22 @@ "shape":"Boolean", "documentation":"

    Indicates whether health checking is enabled.

    " }, + "protocol":{ + "shape":"TargetGroupProtocol", + "documentation":"

    The protocol used when performing health checks on targets. The possible protocols are HTTP and HTTPS. The default is HTTP.

    " + }, + "protocolVersion":{ + "shape":"HealthCheckProtocolVersion", + "documentation":"

    The protocol version used when performing health checks on targets. The possible protocol versions are HTTP1 and HTTP2.

    " + }, + "port":{ + "shape":"HealthCheckPort", + "documentation":"

    The port used when performing health checks on targets. The default setting is the port that a target receives traffic on.

    " + }, + "path":{ + "shape":"HealthCheckPath", + "documentation":"

    The destination for health checks on the targets. If the protocol version is HTTP/1.1 or HTTP/2, specify a valid URI (for example, /path?query). The default path is /. Health checks are not supported if the protocol version is gRPC, however, you can choose HTTP/1.1 or HTTP/2 and specify a valid URI.

    " + }, "healthCheckIntervalSeconds":{ "shape":"HealthCheckIntervalSeconds", "documentation":"

    The approximate amount of time, in seconds, between health checks of an individual target. The range is 5–300 seconds. The default is 30 seconds.

    " @@ -3629,29 +3985,13 @@ "shape":"HealthyThresholdCount", "documentation":"

    The number of consecutive successful health checks required before considering an unhealthy target healthy. The range is 2–10. The default is 5.

    " }, - "matcher":{ - "shape":"Matcher", - "documentation":"

    The codes to use when checking for a successful response from a target.

    " - }, - "path":{ - "shape":"HealthCheckPath", - "documentation":"

    The destination for health checks on the targets. If the protocol version is HTTP/1.1 or HTTP/2, specify a valid URI (for example, /path?query). The default path is /. Health checks are not supported if the protocol version is gRPC, however, you can choose HTTP/1.1 or HTTP/2 and specify a valid URI.

    " - }, - "port":{ - "shape":"HealthCheckPort", - "documentation":"

    The port used when performing health checks on targets. The default setting is the port that a target receives traffic on.

    " - }, - "protocol":{ - "shape":"TargetGroupProtocol", - "documentation":"

    The protocol used when performing health checks on targets. The possible protocols are HTTP and HTTPS. The default is HTTP.

    " - }, - "protocolVersion":{ - "shape":"HealthCheckProtocolVersion", - "documentation":"

    The protocol version used when performing health checks on targets. The possible protocol versions are HTTP1 and HTTP2.

    " - }, "unhealthyThresholdCount":{ "shape":"UnhealthyThresholdCount", "documentation":"

    The number of consecutive failed health checks required before considering a target unhealthy. The range is 2–10. The default is 2.

    " + }, + "matcher":{ + "shape":"Matcher", + "documentation":"

    The codes to use when checking for a successful response from a target.

    " } }, "documentation":"

    Describes the health check configuration of a target group. Health check configurations aren't used for target groups of type LAMBDA or ALB.

    " @@ -3666,7 +4006,7 @@ "type":"string", "max":2048, "min":0, - "pattern":"(^/[a-zA-Z0-9@:%_+.~#?&/=-]*$|(^$))" + "pattern":".*(^/[a-zA-Z0-9@:%_+.~#?&/=-]*$|(^$)).*" }, "HealthCheckPort":{ "type":"integer", @@ -3697,15 +4037,11 @@ "type":"string", "max":2000, "min":0, - "pattern":"(^[0-9-,]+$|(^$))" + "pattern":".*(^[0-9-,]+$|(^$)).*" }, "HttpMatch":{ "type":"structure", "members":{ - "headerMatches":{ - "shape":"HeaderMatchList", - "documentation":"

    The header matches. Matches incoming requests with rule based on request header value before applying rule action.

    " - }, "method":{ "shape":"HttpMethod", "documentation":"

    The HTTP method type.

    " @@ -3713,6 +4049,10 @@ "pathMatch":{ "shape":"PathMatch", "documentation":"

    The path match.

    " + }, + "headerMatches":{ + "shape":"HeaderMatchList", + "documentation":"

    The header matches. Matches incoming requests with rule based on request header value before applying rule action.

    " } }, "documentation":"

    Describes criteria that can be applied to incoming requests.

    " @@ -3772,6 +4112,12 @@ }, "documentation":"

    Describes an IP resource.

    " }, + "Ipv4AddressesPerEni":{ + "type":"integer", + "box":true, + "max":62, + "min":1 + }, "LambdaEventStructureVersion":{ "type":"string", "enum":[ @@ -3783,6 +4129,12 @@ "type":"structure", "required":["resourceIdentifier"], "members":{ + "resourceIdentifier":{ + "shape":"ResourceIdentifier", + "documentation":"

    The ID or ARN of the service network or service.

    ", + "location":"querystring", + "locationName":"resourceIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to return.

    ", @@ -3794,12 +4146,6 @@ "documentation":"

    A pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" - }, - "resourceIdentifier":{ - "shape":"ResourceIdentifier", - "documentation":"

    The ID or ARN of the service network or service.

    ", - "location":"querystring", - "locationName":"resourceIdentifier" } } }, @@ -3817,27 +4163,58 @@ } } }, - "ListListenersRequest":{ + "ListDomainVerificationsRequest":{ "type":"structure", - "required":["serviceIdentifier"], "members":{ "maxResults":{ "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", + "documentation":"

    The maximum number of results to return.

    ", "location":"querystring", "locationName":"maxResults" }, "nextToken":{ "shape":"NextToken", - "documentation":"

    A pagination token for the next page of results.

    ", + "documentation":"

    A pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" + } + } + }, + "ListDomainVerificationsResponse":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"DomainVerificationList", + "documentation":"

    Information about the domain verifications.

    " }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token for the next page of results.

    " + } + } + }, + "ListListenersRequest":{ + "type":"structure", + "required":["serviceIdentifier"], + "members":{ "serviceIdentifier":{ "shape":"ServiceIdentifier", "documentation":"

    The ID or ARN of the service.

    ", "location":"uri", "locationName":"serviceIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token for the next page of results.

    ", + "location":"querystring", + "locationName":"nextToken" } } }, @@ -3858,6 +4235,24 @@ "ListResourceConfigurationsRequest":{ "type":"structure", "members":{ + "resourceGatewayIdentifier":{ + "shape":"ResourceGatewayIdentifier", + "documentation":"

    The ID of the resource gateway for the resource configuration.

    ", + "location":"querystring", + "locationName":"resourceGatewayIdentifier" + }, + "resourceConfigurationGroupIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"

    The ID of the resource configuration of type Group.

    ", + "location":"querystring", + "locationName":"resourceConfigurationGroupIdentifier" + }, + "domainVerificationIdentifier":{ + "shape":"DomainVerificationIdentifier", + "documentation":"

    The domain verification ID.

    ", + "location":"querystring", + "locationName":"domainVerificationIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum page size.

    ", @@ -3869,18 +4264,6 @@ "documentation":"

    A pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" - }, - "resourceConfigurationGroupIdentifier":{ - "shape":"ResourceConfigurationIdentifier", - "documentation":"

    The ID of the group resource configuration.

    ", - "location":"querystring", - "locationName":"resourceConfigurationGroupIdentifier" - }, - "resourceGatewayIdentifier":{ - "shape":"ResourceGatewayIdentifier", - "documentation":"

    The ID of the resource gateway for the resource configuration.

    ", - "location":"querystring", - "locationName":"resourceGatewayIdentifier" } } }, @@ -3901,18 +4284,6 @@ "type":"structure", "required":["resourceConfigurationIdentifier"], "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum page size.

    ", - "location":"querystring", - "locationName":"maxResults" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token for the next page of results.

    ", - "location":"querystring", - "locationName":"nextToken" - }, "resourceConfigurationIdentifier":{ "shape":"ResourceConfigurationIdentifier", "documentation":"

    The ID for the resource configuration associated with the VPC endpoint.

    ", @@ -3936,6 +4307,18 @@ "documentation":"

    The owner of the VPC endpoint in the association.

    ", "location":"querystring", "locationName":"vpcEndpointOwner" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum page size.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token for the next page of results.

    ", + "location":"querystring", + "locationName":"nextToken" } } }, @@ -3986,10 +4369,16 @@ "ListRulesRequest":{ "type":"structure", "required":[ - "listenerIdentifier", - "serviceIdentifier" + "serviceIdentifier", + "listenerIdentifier" ], "members":{ + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" + }, "listenerIdentifier":{ "shape":"ListenerIdentifier", "documentation":"

    The ID or ARN of the listener.

    ", @@ -4007,12 +4396,6 @@ "documentation":"

    A pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" } } }, @@ -4033,6 +4416,18 @@ "ListServiceNetworkResourceAssociationsRequest":{ "type":"structure", "members":{ + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifier", + "documentation":"

    The ID of the service network.

    ", + "location":"querystring", + "locationName":"serviceNetworkIdentifier" + }, + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"

    The ID of the resource configuration.

    ", + "location":"querystring", + "locationName":"resourceConfigurationIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum page size.

    ", @@ -4045,17 +4440,11 @@ "location":"querystring", "locationName":"nextToken" }, - "resourceConfigurationIdentifier":{ - "shape":"ResourceConfigurationIdentifier", - "documentation":"

    The ID of the resource configurationk.

    ", - "location":"querystring", - "locationName":"resourceConfigurationIdentifier" - }, - "serviceNetworkIdentifier":{ - "shape":"ServiceNetworkIdentifier", - "documentation":"

    The ID of the service network.

    ", + "includeChildren":{ + "shape":"Boolean", + "documentation":"

    Include service network resource associations of the child resource configuration with the grouped resource configuration.

    The type is boolean and the default value is false.

    ", "location":"querystring", - "locationName":"serviceNetworkIdentifier" + "locationName":"includeChildren" } } }, @@ -4076,6 +4465,18 @@ "ListServiceNetworkServiceAssociationsRequest":{ "type":"structure", "members":{ + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifier", + "documentation":"

    The ID or ARN of the service network.

    ", + "location":"querystring", + "locationName":"serviceNetworkIdentifier" + }, + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"querystring", + "locationName":"serviceIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to return.

    ", @@ -4087,18 +4488,6 @@ "documentation":"

    A pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"querystring", - "locationName":"serviceIdentifier" - }, - "serviceNetworkIdentifier":{ - "shape":"ServiceNetworkIdentifier", - "documentation":"

    The ID or ARN of the service network.

    ", - "location":"querystring", - "locationName":"serviceNetworkIdentifier" } } }, @@ -4119,18 +4508,6 @@ "ListServiceNetworkVpcAssociationsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to return.

    ", - "location":"querystring", - "locationName":"maxResults" - }, - "nextToken":{ - "shape":"NextToken", - "documentation":"

    A pagination token for the next page of results.

    ", - "location":"querystring", - "locationName":"nextToken" - }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", "documentation":"

    The ID or ARN of the service network.

    ", @@ -4142,6 +4519,18 @@ "documentation":"

    The ID or ARN of the VPC.

    ", "location":"querystring", "locationName":"vpcIdentifier" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to return.

    ", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"

    A pagination token for the next page of results.

    ", + "location":"querystring", + "locationName":"nextToken" } } }, @@ -4163,6 +4552,12 @@ "type":"structure", "required":["serviceNetworkIdentifier"], "members":{ + "serviceNetworkIdentifier":{ + "shape":"ServiceNetworkIdentifier", + "documentation":"

    The ID of the service network associated with the VPC endpoint.

    ", + "location":"querystring", + "locationName":"serviceNetworkIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum page size.

    ", @@ -4174,12 +4569,6 @@ "documentation":"

    If there are additional results, a pagination token for the next page of results.

    ", "location":"querystring", "locationName":"nextToken" - }, - "serviceNetworkIdentifier":{ - "shape":"ServiceNetworkIdentifier", - "documentation":"

    The ID of the service network associated with the VPC endpoint.

    ", - "location":"querystring", - "locationName":"serviceNetworkIdentifier" } } }, @@ -4294,17 +4683,17 @@ "location":"querystring", "locationName":"nextToken" }, - "targetGroupType":{ - "shape":"TargetGroupType", - "documentation":"

    The target group type.

    ", - "location":"querystring", - "locationName":"targetGroupType" - }, "vpcIdentifier":{ "shape":"VpcId", "documentation":"

    The ID or ARN of the VPC.

    ", "location":"querystring", "locationName":"vpcIdentifier" + }, + "targetGroupType":{ + "shape":"TargetGroupType", + "documentation":"

    The target group type.

    ", + "location":"querystring", + "locationName":"targetGroupType" } } }, @@ -4325,6 +4714,12 @@ "type":"structure", "required":["targetGroupIdentifier"], "members":{ + "targetGroupIdentifier":{ + "shape":"TargetGroupIdentifier", + "documentation":"

    The ID or ARN of the target group.

    ", + "location":"uri", + "locationName":"targetGroupIdentifier" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to return.

    ", @@ -4337,12 +4732,6 @@ "location":"querystring", "locationName":"nextToken" }, - "targetGroupIdentifier":{ - "shape":"TargetGroupIdentifier", - "documentation":"

    The ID or ARN of the target group.

    ", - "location":"uri", - "locationName":"targetGroupIdentifier" - }, "targets":{ "shape":"ListTargetsRequestTargetsList", "documentation":"

    The targets.

    " @@ -4373,25 +4762,25 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}" }, "ListenerId":{ "type":"string", "max":26, "min":26, - "pattern":"^listener-[0-9a-z]{17}$" + "pattern":"listener-[0-9a-z]{17}" }, "ListenerIdentifier":{ "type":"string", "max":2048, "min":20, - "pattern":"^((listener-[0-9a-z]{17})|(^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}$))$" + "pattern":"((listener-[0-9a-z]{17})|(^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}$))" }, "ListenerName":{ "type":"string", "max":63, "min":3, - "pattern":"^(?!listener-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!listener-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "ListenerProtocol":{ "type":"string", @@ -4408,29 +4797,29 @@ "shape":"ListenerArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener was created, in ISO-8601 format.

    " - }, "id":{ "shape":"ListenerId", "documentation":"

    The ID of the listener.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener was last updated, in ISO-8601 format.

    " - }, "name":{ "shape":"ListenerName", "documentation":"

    The name of the listener.

    " }, + "protocol":{ + "shape":"ListenerProtocol", + "documentation":"

    The listener protocol.

    " + }, "port":{ "shape":"Port", "documentation":"

    The listener port.

    " }, - "protocol":{ - "shape":"ListenerProtocol", - "documentation":"

    The listener protocol.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener was last updated, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about a listener.

    " @@ -4469,13 +4858,13 @@ "type":"structure", "required":["match"], "members":{ - "caseSensitive":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the match is case sensitive.

    " - }, "match":{ "shape":"PathMatchType", "documentation":"

    The type of path match.

    " + }, + "caseSensitive":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the match is case sensitive.

    " } }, "documentation":"

    Describes the conditions that can be applied when matching a path for incoming requests.

    " @@ -4484,13 +4873,13 @@ "type":"string", "max":200, "min":1, - "pattern":"^/[a-zA-Z0-9@:%_+.~#?&/=-]*$" + "pattern":"/[a-zA-Z0-9@:%_+.~#?&/=-]*" }, "PathMatchPrefix":{ "type":"string", "max":200, "min":1, - "pattern":"^/[a-zA-Z0-9@:%_+.~#?&/=-]*$" + "pattern":"/[a-zA-Z0-9@:%_+.~#?&/=-]*" }, "PathMatchType":{ "type":"structure", @@ -4511,7 +4900,7 @@ "type":"string", "max":10000, "min":1, - "pattern":"^.*\\S.*$" + "pattern":".*\\S.*" }, "Port":{ "type":"integer", @@ -4523,12 +4912,32 @@ "type":"string", "max":11, "min":1, - "pattern":"^((\\d{1,5}\\-\\d{1,5})|(\\d+))$" + "pattern":"((\\d{1,5}\\-\\d{1,5})|(\\d+))" }, "PortRangeList":{ "type":"list", "member":{"shape":"PortRange"} }, + "PrivateDnsPreference":{ + "type":"string", + "enum":[ + "VERIFIED_DOMAINS_ONLY", + "ALL_DOMAINS", + "VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS", + "SPECIFIED_DOMAINS_ONLY" + ] + }, + "PrivateDnsSpecifiedDomain":{ + "type":"string", + "max":255, + "min":1 + }, + "PrivateDnsSpecifiedDomainsList":{ + "type":"list", + "member":{"shape":"PrivateDnsSpecifiedDomain"}, + "max":10, + "min":1 + }, "ProtocolType":{ "type":"string", "enum":["TCP"] @@ -4536,19 +4945,19 @@ "PutAuthPolicyRequest":{ "type":"structure", "required":[ - "policy", - "resourceIdentifier" + "resourceIdentifier", + "policy" ], "members":{ - "policy":{ - "shape":"AuthPolicyString", - "documentation":"

    The auth policy. The policy string in JSON must not contain newlines or blank lines.

    " - }, "resourceIdentifier":{ "shape":"ResourceIdentifier", "documentation":"

    The ID or ARN of the service network or service for which the policy is created.

    ", "location":"uri", "locationName":"resourceIdentifier" + }, + "policy":{ + "shape":"AuthPolicyString", + "documentation":"

    The auth policy. The policy string in JSON must not contain newlines or blank lines.

    " } } }, @@ -4568,26 +4977,25 @@ "PutResourcePolicyRequest":{ "type":"structure", "required":[ - "policy", - "resourceArn" + "resourceArn", + "policy" ], "members":{ - "policy":{ - "shape":"PolicyString", - "documentation":"

    An IAM policy. The policy string in JSON must not contain newlines or blank lines.

    " - }, "resourceArn":{ "shape":"ResourceArn", "documentation":"

    The ID or ARN of the service network or service for which the policy is created.

    ", "location":"uri", "locationName":"resourceArn" + }, + "policy":{ + "shape":"PolicyString", + "documentation":"

    An IAM policy. The policy string in JSON must not contain newlines or blank lines.

    " } } }, "PutResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RegisterTargetsRequest":{ "type":"structure", @@ -4631,21 +5039,17 @@ "type":"string", "max":200, "min":20, - "pattern":"^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc)|(resourceconfiguration/rcfg))-[0-9a-z]{17}$" + "pattern":"arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc)|(resourceconfiguration/rcfg))-[0-9a-z]{17}" }, "ResourceConfigurationArn":{ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9f\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}" }, "ResourceConfigurationDefinition":{ "type":"structure", "members":{ - "arnResource":{ - "shape":"ArnResource", - "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " - }, "dnsResource":{ "shape":"DnsResource", "documentation":"

    The DNS name of the resource.

    " @@ -4653,6 +5057,10 @@ "ipResource":{ "shape":"IpResource", "documentation":"

    The IP resource.

    " + }, + "arnResource":{ + "shape":"ArnResource", + "documentation":"

    The Amazon Resource Name (ARN) of the resource.

    " } }, "documentation":"

    Describes a resource configuration.

    ", @@ -4662,13 +5070,13 @@ "type":"string", "max":22, "min":22, - "pattern":"^rcfg-[0-9a-z]{17}$" + "pattern":"rcfg-[0-9a-z]{17}" }, "ResourceConfigurationIdentifier":{ "type":"string", "max":2048, "min":20, - "pattern":"^((rcfg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}))$" + "pattern":"((rcfg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceconfiguration/rcfg-[0-9a-z]{17}))" }, "ResourceConfigurationIpAddressType":{ "type":"string", @@ -4682,7 +5090,7 @@ "type":"string", "max":40, "min":3, - "pattern":"^(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!rcfg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "ResourceConfigurationStatus":{ "type":"string", @@ -4699,45 +5107,57 @@ "ResourceConfigurationSummary":{ "type":"structure", "members":{ - "amazonManaged":{ - "shape":"Boolean", - "documentation":"

    Indicates whether the resource configuration was created and is managed by Amazon.

    " - }, - "arn":{ - "shape":"ResourceConfigurationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " - }, "id":{ "shape":"ResourceConfigurationId", "documentation":"

    The ID of the resource configuration.

    " }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The most recent date and time that the resource configuration was updated, in ISO-8601 format.

    " - }, "name":{ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration.

    " }, - "resourceConfigurationGroupId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the group resource configuration.

    " + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " }, "resourceGatewayId":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the group resource configuration.

    " + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources. You must create a group resource configuration before you create a child resource configuration.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + }, "status":{ "shape":"ResourceConfigurationStatus", "documentation":"

    The status of the resource configuration.

    " }, - "type":{ - "shape":"ResourceConfigurationType", - "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + "amazonManaged":{ + "shape":"Boolean", + "documentation":"

    Indicates whether the resource configuration was created and is managed by Amazon.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the resource configuration was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The most recent date and time that the resource configuration was updated, in ISO-8601 format.

    " + }, + "customDomainName":{ + "shape":"DomainName", + "documentation":"

    The custom domain name.

    " + }, + "domainVerificationId":{ + "shape":"DomainVerificationId", + "documentation":"

    The domain verification ID.

    " + }, + "groupDomain":{ + "shape":"DomainName", + "documentation":"

    (GROUP) The group domain for a group resource configuration. Any domains that you create for the child resource are subdomains of the group domain. Child resources inherit the verification status of the domain.

    " } }, "documentation":"

    Summary information about a resource configuration.

    " @@ -4759,19 +5179,19 @@ "type":"string", "max":2048, "min":21, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}" }, "ResourceEndpointAssociationId":{ "type":"string", "max":21, "min":21, - "pattern":"^rea-[0-9a-f]{17}$" + "pattern":"rea-[0-9a-f]{17}" }, "ResourceEndpointAssociationIdentifier":{ "type":"string", "max":2048, "min":21, - "pattern":"^((rea-[0-9a-f]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}))$" + "pattern":"((rea-[0-9a-f]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourceendpointassociation/rea-[0-9a-f]{17}))" }, "ResourceEndpointAssociationList":{ "type":"list", @@ -4780,30 +5200,22 @@ "ResourceEndpointAssociationSummary":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceEndpointAssociationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the VPC endpoint association.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the VPC endpoint association was created, in ISO-8601 format.

    " - }, - "createdBy":{ - "shape":"AccountId", - "documentation":"

    The account that created the association.

    " - }, "id":{ "shape":"ResourceEndpointAssociationId", "documentation":"

    The ID of the VPC endpoint association.

    " }, - "resourceConfigurationArn":{ - "shape":"ResourceConfigurationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " + "arn":{ + "shape":"ResourceEndpointAssociationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the VPC endpoint association.

    " }, "resourceConfigurationId":{ "shape":"ResourceConfigurationId", "documentation":"

    The ID of the resource configuration.

    " }, + "resourceConfigurationArn":{ + "shape":"ResourceConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " + }, "resourceConfigurationName":{ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration.

    " @@ -4815,6 +5227,14 @@ "vpcEndpointOwner":{ "shape":"VpcEndpointOwner", "documentation":"

    The owner of the VPC endpoint.

    " + }, + "createdBy":{ + "shape":"AccountId", + "documentation":"

    The account that created the association.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the VPC endpoint association was created, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about a VPC endpoint association.

    " @@ -4823,19 +5243,19 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}" }, "ResourceGatewayId":{ "type":"string", "max":21, "min":21, - "pattern":"^rgw-[0-9a-z]{17}$" + "pattern":"rgw-[0-9a-z]{17}" }, "ResourceGatewayIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((rgw-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}))$" + "pattern":"((rgw-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:resourcegateway/rgw-[0-9a-z]{17}))" }, "ResourceGatewayIpAddressType":{ "type":"string", @@ -4853,7 +5273,7 @@ "type":"string", "max":40, "min":3, - "pattern":"^(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!rgw-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "ResourceGatewayStatus":{ "type":"string", @@ -4870,45 +5290,49 @@ "ResourceGatewaySummary":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceGatewayArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the VPC endpoint association was created, in ISO-8601 format.

    " + "name":{ + "shape":"ResourceGatewayName", + "documentation":"

    The name of the resource gateway.

    " }, "id":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, - "ipAddressType":{ - "shape":"ResourceGatewayIpAddressType", - "documentation":"

    The type of IP address used by the resource gateway.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The most recent date and time that the resource gateway was updated, in ISO-8601 format.

    " - }, - "name":{ - "shape":"ResourceGatewayName", - "documentation":"

    The name of the resource gateway.

    " - }, - "securityGroupIds":{ - "shape":"SecurityGroupList", - "documentation":"

    The IDs of the security groups applied to the resource gateway.

    " + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " }, "status":{ "shape":"ResourceGatewayStatus", "documentation":"

    The name of the resource gateway.

    " }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC for the resource gateway.

    " + }, "subnetIds":{ "shape":"SubnetList", "documentation":"

    The IDs of the VPC subnets for the resource gateway.

    " }, - "vpcIdentifier":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC for the resource gateway.

    " + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"

    The IDs of the security groups applied to the resource gateway.

    " + }, + "ipAddressType":{ + "shape":"ResourceGatewayIpAddressType", + "documentation":"

    The type of IP address used by the resource gateway.

    " + }, + "ipv4AddressesPerEni":{ + "shape":"Ipv4AddressesPerEni", + "documentation":"

    The number of IPv4 addresses in each ENI for the resource gateway.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the VPC endpoint association was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The most recent date and time that the resource gateway was updated, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about a resource gateway.

    " @@ -4917,13 +5341,13 @@ "type":"string", "max":50, "min":20, - "pattern":"^((sn)|(svc))-[0-9a-z]{17}$" + "pattern":"((sn)|(svc))-[0-9a-z]{17}" }, "ResourceIdentifier":{ "type":"string", "max":200, "min":17, - "pattern":"^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$" + "pattern":"((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))" }, "ResourceNotFoundException":{ "type":"structure", @@ -4953,13 +5377,13 @@ "RuleAction":{ "type":"structure", "members":{ - "fixedResponse":{ - "shape":"FixedResponseAction", - "documentation":"

    The fixed response action. The rule returns a custom HTTP response.

    " - }, "forward":{ "shape":"ForwardAction", "documentation":"

    The forward action. Traffic that matches the rule is forwarded to the specified target groups.

    " + }, + "fixedResponse":{ + "shape":"FixedResponseAction", + "documentation":"

    The fixed response action. The rule returns a custom HTTP response.

    " } }, "documentation":"

    Describes the action for a rule.

    ", @@ -4969,19 +5393,19 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}/rule/rule-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}/rule/rule-[0-9a-z]{17}" }, "RuleId":{ "type":"string", "max":22, "min":5, - "pattern":"^rule-[0-9a-z]{17}$" + "pattern":"rule-[0-9a-z]{17}" }, "RuleIdentifier":{ "type":"string", "max":2048, "min":20, - "pattern":"^((rule-[0-9a-z]{17})|(^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}/rule/rule-[0-9a-z]{17}$))$" + "pattern":"((rule-[0-9a-z]{17})|(^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}/listener/listener-[0-9a-z]{17}/rule/rule-[0-9a-z]{17}$))" }, "RuleMatch":{ "type":"structure", @@ -4998,12 +5422,12 @@ "type":"string", "max":63, "min":3, - "pattern":"^(?!rule-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!rule-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "RulePriority":{ "type":"integer", "box":true, - "max":100, + "max":2000, "min":1 }, "RuleSummary":{ @@ -5013,29 +5437,29 @@ "shape":"RuleArn", "documentation":"

    The Amazon Resource Name (ARN) of the rule.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener rule was created, in ISO-8601 format.

    " - }, "id":{ "shape":"RuleId", "documentation":"

    The ID of the rule.

    " }, - "isDefault":{ - "shape":"Boolean", - "documentation":"

    Indicates whether this is the default listener rule.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the listener rule was last updated, in ISO-8601 format.

    " - }, "name":{ "shape":"RuleName", "documentation":"

    The name of the rule.

    " }, + "isDefault":{ + "shape":"Boolean", + "documentation":"

    Indicates whether this is the default listener rule.

    " + }, "priority":{ "shape":"RulePriority", "documentation":"

    The priority of the rule.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener rule was created, in ISO-8601 format.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the listener rule was last updated, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about a listener rule.

    " @@ -5048,9 +5472,9 @@ "type":"structure", "required":["ruleIdentifier"], "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    The rule action.

    " + "ruleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The ID or ARN of the rule.

    " }, "match":{ "shape":"RuleMatch", @@ -5060,9 +5484,9 @@ "shape":"RulePriority", "documentation":"

    The rule priority. A listener can't have multiple rules with the same priority.

    " }, - "ruleIdentifier":{ - "shape":"RuleIdentifier", - "documentation":"

    The ID or ARN of the rule.

    " + "action":{ + "shape":"RuleAction", + "documentation":"

    The rule action.

    " } }, "documentation":"

    Describes a rule update.

    " @@ -5070,6 +5494,10 @@ "RuleUpdateFailure":{ "type":"structure", "members":{ + "ruleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The ID or ARN of the rule.

    " + }, "failureCode":{ "shape":"FailureCode", "documentation":"

    The failure code.

    " @@ -5077,10 +5505,6 @@ "failureMessage":{ "shape":"FailureMessage", "documentation":"

    The failure message.

    " - }, - "ruleIdentifier":{ - "shape":"RuleIdentifier", - "documentation":"

    The ID or ARN of the rule.

    " } }, "documentation":"

    Describes a rule update that failed.

    " @@ -5092,16 +5516,12 @@ "RuleUpdateList":{ "type":"list", "member":{"shape":"RuleUpdate"}, - "max":5, + "max":10, "min":1 }, "RuleUpdateSuccess":{ "type":"structure", "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    The action for the rule.

    " - }, "arn":{ "shape":"RuleArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " @@ -5110,6 +5530,10 @@ "shape":"RuleId", "documentation":"

    The ID of the listener.

    " }, + "name":{ + "shape":"RuleName", + "documentation":"

    The name of the listener.

    " + }, "isDefault":{ "shape":"Boolean", "documentation":"

    Indicates whether this is the default rule.

    " @@ -5118,13 +5542,13 @@ "shape":"RuleMatch", "documentation":"

    The rule match.

    " }, - "name":{ - "shape":"RuleName", - "documentation":"

    The name of the listener.

    " - }, "priority":{ "shape":"RulePriority", "documentation":"

    The rule priority.

    " + }, + "action":{ + "shape":"RuleAction", + "documentation":"

    The action for the rule.

    " } }, "documentation":"

    Describes a successful rule update.

    " @@ -5137,7 +5561,7 @@ "type":"string", "max":200, "min":5, - "pattern":"^sg-(([0-9a-z]{8})|([0-9a-z]{17}))$" + "pattern":"sg-(([0-9a-z]{8})|([0-9a-z]{17}))" }, "SecurityGroupList":{ "type":"list", @@ -5147,7 +5571,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}" }, "ServiceArnList":{ "type":"list", @@ -5162,13 +5586,13 @@ "type":"string", "max":21, "min":21, - "pattern":"^svc-[0-9a-z]{17}$" + "pattern":"svc-[0-9a-z]{17}" }, "ServiceIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((svc-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}))$" + "pattern":"((svc-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:service/svc-[0-9a-z]{17}))" }, "ServiceList":{ "type":"list", @@ -5178,13 +5602,13 @@ "type":"string", "max":40, "min":3, - "pattern":"^(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!svc-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "ServiceNetworkArn":{ "type":"string", "max":2048, "min":32, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}" }, "ServiceNetworkArnWithoutRegex":{ "type":"string", @@ -5194,33 +5618,33 @@ "ServiceNetworkEndpointAssociation":{ "type":"structure", "members":{ - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " + "vpcEndpointId":{ + "shape":"String", + "documentation":"

    The ID of the VPC endpoint associated with the service network.

    " + }, + "vpcId":{ + "shape":"String", + "documentation":"

    The ID of the VPC for the association.

    " + }, + "vpcEndpointOwnerId":{ + "shape":"String", + "documentation":"

    The owner of the VPC endpoint associated with the service network.

    " }, "id":{ "shape":"String", "documentation":"

    The ID of the association.

    " }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " - }, "state":{ "shape":"String", "documentation":"

    The state of the association.

    " }, - "vpcEndpointId":{ - "shape":"String", - "documentation":"

    The ID of the VPC endpoint associated with the service network.

    " - }, - "vpcEndpointOwnerId":{ - "shape":"String", - "documentation":"

    The owner of the VPC endpoint associated with the service network.

    " + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " }, - "vpcId":{ - "shape":"String", - "documentation":"

    The ID of the VPC for the association.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " } }, "documentation":"

    Describes the association between a service network and a VPC endpoint.

    " @@ -5229,13 +5653,13 @@ "type":"string", "max":20, "min":20, - "pattern":"^sn-[0-9a-z]{17}$" + "pattern":"sn-[0-9a-z]{17}" }, "ServiceNetworkIdentifier":{ "type":"string", "max":2048, "min":3, - "pattern":"^((sn-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}))$" + "pattern":"((sn-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetwork/sn-[0-9a-z]{17}))" }, "ServiceNetworkIdentifierWithoutRegex":{ "type":"string", @@ -5257,7 +5681,7 @@ "type":"string", "max":63, "min":3, - "pattern":"^(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "ServiceNetworkNameWithoutRegex":{ "type":"string", @@ -5268,19 +5692,19 @@ "type":"string", "max":2048, "min":22, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}" }, "ServiceNetworkResourceAssociationId":{ "type":"string", "max":22, "min":22, - "pattern":"^snra-[0-9a-f]{17}$" + "pattern":"snra-[0-9a-f]{17}" }, "ServiceNetworkResourceAssociationIdentifier":{ "type":"string", "max":2048, "min":22, - "pattern":"^((snra-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}))$" + "pattern":"((snra-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkresourceassociation/snra-[0-9a-f]{17}))" }, "ServiceNetworkResourceAssociationList":{ "type":"list", @@ -5300,65 +5724,69 @@ "ServiceNetworkResourceAssociationSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkResourceAssociationId", + "documentation":"

    The ID of the association between the service network and resource configuration.

    " + }, "arn":{ "shape":"ServiceNetworkResourceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " + "status":{ + "shape":"ServiceNetworkResourceAssociationStatus", + "documentation":"

    The status of the service network’s association with the resource configuration. If the deletion fails, try to delete again.

    " }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "dnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The DNS entry for the service.

    " - }, - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "id":{ - "shape":"ServiceNetworkResourceAssociationId", - "documentation":"

    The ID of the association between the service network and resource configuration.

    " - }, - "isManagedAssociation":{ - "shape":"Boolean", - "documentation":"

    Specifies whether the association is managed by Amazon.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, - "privateDnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The private DNS entry for the service.

    " + "resourceConfigurationId":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the resource configuration associated with the service network.

    " }, "resourceConfigurationArn":{ "shape":"ResourceConfigurationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "resourceConfigurationId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the resource configuration associated with the service network.

    " - }, "resourceConfigurationName":{ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration associated with the service network.

    " }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArnWithoutRegex", - "documentation":"

    The Amazon Resource Name (ARN) of the service network associated with the resource configuration.

    " - }, "serviceNetworkId":{ "shape":"ServiceNetworkIdentifierWithoutRegex", "documentation":"

    The ID of the service network associated with the resource configuration.

    " }, + "serviceNetworkArn":{ + "shape":"ServiceNetworkArnWithoutRegex", + "documentation":"

    The Amazon Resource Name (ARN) of the service network associated with the resource configuration.

    " + }, "serviceNetworkName":{ "shape":"ServiceNetworkNameWithoutRegex", "documentation":"

    The name of the service network associated with the resource configuration.

    " }, - "status":{ - "shape":"ServiceNetworkResourceAssociationStatus", - "documentation":"

    The status of the service network associated with the resource configuration.

    " + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The DNS entry for the service.

    " + }, + "privateDnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The private DNS entry for the service.

    " + }, + "isManagedAssociation":{ + "shape":"Boolean", + "documentation":"

    Specifies whether the association is managed by Amazon.

    " + }, + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " + }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled for the service network resource association.

    " } }, "documentation":"

    Summary information about an association between a service network and a resource configuration.

    " @@ -5367,13 +5795,13 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}" }, "ServiceNetworkServiceAssociationIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((snsa-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}))$" + "pattern":"((snsa-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkserviceassociation/snsa-[0-9a-z]{17}))" }, "ServiceNetworkServiceAssociationList":{ "type":"list", @@ -5392,33 +5820,25 @@ "ServiceNetworkServiceAssociationSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkServiceAssociationIdentifier", + "documentation":"

    The ID of the association.

    " + }, + "status":{ + "shape":"ServiceNetworkServiceAssociationStatus", + "documentation":"

    The status of the service network’s association with the service. If the deletion fails, try to delete again.

    " + }, "arn":{ "shape":"ServiceNetworkServiceAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " - }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "customDomainName":{ - "shape":"ServiceCustomDomainName", - "documentation":"

    The custom domain name of the service.

    " - }, - "dnsEntry":{ - "shape":"DnsEntry", - "documentation":"

    The DNS information.

    " - }, - "id":{ - "shape":"ServiceNetworkServiceAssociationIdentifier", - "documentation":"

    The ID of the association.

    " - }, - "serviceArn":{ - "shape":"ServiceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, "serviceId":{ "shape":"ServiceId", @@ -5428,9 +5848,9 @@ "shape":"ServiceName", "documentation":"

    The name of the service.

    " }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + "serviceArn":{ + "shape":"ServiceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " }, "serviceNetworkId":{ "shape":"ServiceNetworkId", @@ -5440,9 +5860,17 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " }, - "status":{ - "shape":"ServiceNetworkServiceAssociationStatus", - "documentation":"

    The status. If the deletion fails, try to delete again.

    " + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, + "dnsEntry":{ + "shape":"DnsEntry", + "documentation":"

    The DNS information.

    " + }, + "customDomainName":{ + "shape":"ServiceCustomDomainName", + "documentation":"

    The custom domain name of the service.

    " } }, "documentation":"

    Summary information about an association between a service network and a service.

    " @@ -5450,6 +5878,14 @@ "ServiceNetworkSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkId", + "documentation":"

    The ID of the service network.

    " + }, + "name":{ + "shape":"ServiceNetworkName", + "documentation":"

    The name of the service network.

    " + }, "arn":{ "shape":"ServiceNetworkArn", "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " @@ -5458,29 +5894,21 @@ "shape":"Timestamp", "documentation":"

    The date and time that the service network was created, in ISO-8601 format.

    " }, - "id":{ - "shape":"ServiceNetworkId", - "documentation":"

    The ID of the service network.

    " - }, "lastUpdatedAt":{ "shape":"Timestamp", "documentation":"

    The date and time that the service network was last updated, in ISO-8601 format.

    " }, - "name":{ - "shape":"ServiceNetworkName", - "documentation":"

    The name of the service network.

    " - }, - "numberOfAssociatedResourceConfigurations":{ + "numberOfAssociatedVPCs":{ "shape":"Long", - "documentation":"

    The number of resource configurations associated with a service network.

    " + "documentation":"

    The number of VPCs associated with the service network.

    " }, "numberOfAssociatedServices":{ "shape":"Long", "documentation":"

    The number of services associated with the service network.

    " }, - "numberOfAssociatedVPCs":{ + "numberOfAssociatedResourceConfigurations":{ "shape":"Long", - "documentation":"

    The number of VPCs associated with the service network.

    " + "documentation":"

    The number of resource configurations associated with a service network.

    " } }, "documentation":"

    Summary information about a service network.

    " @@ -5489,19 +5917,19 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}" }, "ServiceNetworkVpcAssociationId":{ "type":"string", "max":22, "min":22, - "pattern":"^snva-[0-9a-z]{17}$" + "pattern":"snva-[0-9a-z]{17}" }, "ServiceNetworkVpcAssociationIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((snva-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}))$" + "pattern":"((snva-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}))" }, "ServiceNetworkVpcAssociationList":{ "type":"list", @@ -5522,29 +5950,25 @@ "ServiceNetworkVpcAssociationSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkVpcAssociationId", + "documentation":"

    The ID of the association.

    " + }, "arn":{ "shape":"ServiceNetworkVpcAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " + "status":{ + "shape":"ServiceNetworkVpcAssociationStatus", + "documentation":"

    The status.

    " }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "id":{ - "shape":"ServiceNetworkVpcAssociationId", - "documentation":"

    The ID of the association.

    " - }, - "lastUpdatedAt":{ + "createdAt":{ "shape":"Timestamp", - "documentation":"

    The date and time that the association was last updated, in ISO-8601 format.

    " - }, - "serviceNetworkArn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + "documentation":"

    The date and time that the association was created, in ISO-8601 format.

    " }, "serviceNetworkId":{ "shape":"ServiceNetworkId", @@ -5554,13 +5978,25 @@ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " }, - "status":{ - "shape":"ServiceNetworkVpcAssociationStatus", - "documentation":"

    The status.

    " + "serviceNetworkArn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, + "privateDnsEnabled":{ + "shape":"Boolean", + "documentation":"

    Indicates if private DNS is enabled for the service network VPC association.

    " + }, + "dnsOptions":{ + "shape":"DnsOptions", + "documentation":"

    The DNS options for the service network VPC association.

    " }, "vpcId":{ "shape":"VpcId", "documentation":"

    The ID of the VPC.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the association was last updated, in ISO-8601 format.

    " } }, "documentation":"

    Summary information about an association between a service network and a VPC.

    " @@ -5573,16 +6009,12 @@ "type":"structure", "required":[ "message", - "quotaCode", "resourceType", - "serviceCode" + "serviceCode", + "quotaCode" ], "members":{ "message":{"shape":"String"}, - "quotaCode":{ - "shape":"String", - "documentation":"

    The ID of the service quota that was exceeded.

    " - }, "resourceId":{ "shape":"String", "documentation":"

    The resource ID.

    " @@ -5594,6 +6026,10 @@ "serviceCode":{ "shape":"String", "documentation":"

    The service code.

    " + }, + "quotaCode":{ + "shape":"String", + "documentation":"

    The ID of the service quota that was exceeded.

    " } }, "documentation":"

    The request would cause a service quota to be exceeded.

    ", @@ -5616,6 +6052,14 @@ "ServiceSummary":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceId", + "documentation":"

    The ID of the service.

    " + }, + "name":{ + "shape":"ServiceName", + "documentation":"

    The name of the service.

    " + }, "arn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " @@ -5624,25 +6068,17 @@ "shape":"Timestamp", "documentation":"

    The date and time that the service was created, in ISO-8601 format.

    " }, - "customDomainName":{ - "shape":"ServiceCustomDomainName", - "documentation":"

    The custom domain name of the service.

    " + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the service was last updated, in ISO-8601 format.

    " }, "dnsEntry":{ "shape":"DnsEntry", "documentation":"

    The DNS information.

    " }, - "id":{ - "shape":"ServiceId", - "documentation":"

    The ID of the service.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the service was last updated, in ISO-8601 format.

    " - }, - "name":{ - "shape":"ServiceName", - "documentation":"

    The name of the service.

    " + "customDomainName":{ + "shape":"ServiceCustomDomainName", + "documentation":"

    The custom domain name of the service.

    " }, "status":{ "shape":"ServiceStatus", @@ -5661,6 +6097,56 @@ }, "documentation":"

    Specifies if the service network should be enabled for sharing.

    " }, + "StartDomainVerificationRequest":{ + "type":"structure", + "required":["domainName"], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

    ", + "idempotencyToken":true + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name to verify ownership for.

    " + }, + "tags":{ + "shape":"TagMap", + "documentation":"

    The tags for the domain verification.

    " + } + } + }, + "StartDomainVerificationResponse":{ + "type":"structure", + "required":[ + "id", + "arn", + "domainName", + "status" + ], + "members":{ + "id":{ + "shape":"DomainVerificationId", + "documentation":"

    The ID of the domain verification.

    " + }, + "arn":{ + "shape":"DomainVerificationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the domain verification.

    " + }, + "domainName":{ + "shape":"DomainName", + "documentation":"

    The domain name being verified.

    " + }, + "status":{ + "shape":"VerificationStatus", + "documentation":"

    The current status of the domain verification process.

    " + }, + "txtMethodConfig":{ + "shape":"TxtMethodConfig", + "documentation":"

    The TXT record configuration used for domain verification.

    " + } + } + }, "String":{"type":"string"}, "SubnetId":{ "type":"string", @@ -5716,8 +6202,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5742,14 +6227,6 @@ "TargetFailure":{ "type":"structure", "members":{ - "failureCode":{ - "shape":"String", - "documentation":"

    The failure code.

    " - }, - "failureMessage":{ - "shape":"String", - "documentation":"

    The failure message.

    " - }, "id":{ "shape":"String", "documentation":"

    The ID of the target. If the target group type is INSTANCE, this is an instance ID. If the target group type is IP, this is an IP address. If the target group type is LAMBDA, this is the ARN of a Lambda function. If the target group type is ALB, this is the ARN of an Application Load Balancer.

    " @@ -5757,6 +6234,14 @@ "port":{ "shape":"Port", "documentation":"

    The port on which the target is listening. This parameter doesn't apply if the target is a Lambda function.

    " + }, + "failureCode":{ + "shape":"String", + "documentation":"

    The failure code.

    " + }, + "failureMessage":{ + "shape":"String", + "documentation":"

    The failure message.

    " } }, "documentation":"

    Describes a target failure.

    " @@ -5769,23 +6254,11 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:targetgroup/tg-[0-9a-z]{17}$" + "pattern":"arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:targetgroup/tg-[0-9a-z]{17}" }, "TargetGroupConfig":{ "type":"structure", "members":{ - "healthCheck":{ - "shape":"HealthCheckConfig", - "documentation":"

    The health check configuration. Not supported if the target group type is LAMBDA or ALB.

    " - }, - "ipAddressType":{ - "shape":"IpAddressType", - "documentation":"

    The type of IP address used for the target group. Supported only if the target group type is IP. The default is IPV4.

    " - }, - "lambdaEventStructureVersion":{ - "shape":"LambdaEventStructureVersion", - "documentation":"

    The version of the event structure that your Lambda function receives. Supported only if the target group type is LAMBDA. The default is V1.

    " - }, "port":{ "shape":"Port", "documentation":"

    The port on which the targets are listening. For HTTP, the default is 80. For HTTPS, the default is 443. Not supported if the target group type is LAMBDA.

    " @@ -5798,9 +6271,21 @@ "shape":"TargetGroupProtocolVersion", "documentation":"

    The protocol version. The default is HTTP1. Not supported if the target group type is LAMBDA.

    " }, + "ipAddressType":{ + "shape":"IpAddressType", + "documentation":"

    The type of IP address used for the target group. Supported only if the target group type is IP. The default is IPV4.

    " + }, "vpcIdentifier":{ "shape":"VpcId", "documentation":"

    The ID of the VPC. Not supported if the target group type is LAMBDA.

    " + }, + "healthCheck":{ + "shape":"HealthCheckConfig", + "documentation":"

    The health check configuration. Not supported if the target group type is LAMBDA or ALB.

    " + }, + "lambdaEventStructureVersion":{ + "shape":"LambdaEventStructureVersion", + "documentation":"

    The version of the event structure that your Lambda function receives. Supported only if the target group type is LAMBDA. The default is V1.

    " } }, "documentation":"

    Describes the configuration of a target group.

    For more information, see Target groups in the Amazon VPC Lattice User Guide.

    " @@ -5809,13 +6294,13 @@ "type":"string", "max":20, "min":20, - "pattern":"^tg-[0-9a-z]{17}$" + "pattern":"tg-[0-9a-z]{17}" }, "TargetGroupIdentifier":{ "type":"string", "max":2048, "min":17, - "pattern":"^((tg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:targetgroup/tg-[0-9a-z]{17}))$" + "pattern":"((tg-[0-9a-z]{17})|(arn:[a-z0-9\\-]+:vpc-lattice:[a-zA-Z0-9\\-]+:\\d{12}:targetgroup/tg-[0-9a-z]{17}))" }, "TargetGroupList":{ "type":"list", @@ -5825,7 +6310,7 @@ "type":"string", "max":128, "min":3, - "pattern":"^(?!tg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+$" + "pattern":"(?!tg-)(?![-])(?!.*[-]$)(?!.*[-]{2})[a-z0-9-]+" }, "TargetGroupProtocol":{ "type":"string", @@ -5856,34 +6341,26 @@ "TargetGroupSummary":{ "type":"structure", "members":{ - "arn":{ - "shape":"TargetGroupArn", - "documentation":"

    The ARN (Amazon Resource Name) of the target group.

    " - }, - "createdAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the target group was created, in ISO-8601 format.

    " - }, "id":{ "shape":"TargetGroupId", "documentation":"

    The ID of the target group.

    " }, - "ipAddressType":{ - "shape":"IpAddressType", - "documentation":"

    The type of IP address used for the target group. The possible values are IPV4 and IPV6. This is an optional parameter. If not specified, the default is IPV4.

    " - }, - "lambdaEventStructureVersion":{ - "shape":"LambdaEventStructureVersion", - "documentation":"

    The version of the event structure that your Lambda function receives. Supported only if the target group type is LAMBDA.

    " - }, - "lastUpdatedAt":{ - "shape":"Timestamp", - "documentation":"

    The date and time that the target group was last updated, in ISO-8601 format.

    " + "arn":{ + "shape":"TargetGroupArn", + "documentation":"

    The ARN (Amazon Resource Name) of the target group.

    " }, "name":{ "shape":"TargetGroupName", "documentation":"

    The name of the target group.

    " }, + "type":{ + "shape":"TargetGroupType", + "documentation":"

    The target group type.

    " + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the target group was created, in ISO-8601 format.

    " + }, "port":{ "shape":"Port", "documentation":"

    The port of the target group.

    " @@ -5892,21 +6369,29 @@ "shape":"TargetGroupProtocol", "documentation":"

    The protocol of the target group.

    " }, - "serviceArns":{ - "shape":"ServiceArnList", - "documentation":"

    The Amazon Resource Names (ARNs) of the service.

    " + "ipAddressType":{ + "shape":"IpAddressType", + "documentation":"

    The type of IP address used for the target group. The possible values are IPV4 and IPV6. This is an optional parameter. If not specified, the default is IPV4.

    " + }, + "vpcIdentifier":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC of the target group.

    " + }, + "lastUpdatedAt":{ + "shape":"Timestamp", + "documentation":"

    The date and time that the target group was last updated, in ISO-8601 format.

    " }, "status":{ "shape":"TargetGroupStatus", "documentation":"

    The status.

    " }, - "type":{ - "shape":"TargetGroupType", - "documentation":"

    The target group type.

    " + "serviceArns":{ + "shape":"ServiceArnList", + "documentation":"

    The Amazon Resource Names (ARNs) of the service.

    " }, - "vpcIdentifier":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC of the target group.

    " + "lambdaEventStructureVersion":{ + "shape":"LambdaEventStructureVersion", + "documentation":"

    The version of the event structure that your Lambda function receives. Supported only if the target group type is LAMBDA.

    " } }, "documentation":"

    Summary information about a target group.

    For more information, see Target groups in the Amazon VPC Lattice User Guide.

    " @@ -5957,13 +6442,13 @@ "shape":"Port", "documentation":"

    The port on which the target is listening.

    " }, - "reasonCode":{ - "shape":"String", - "documentation":"

    The code for why the target status is what it is.

    " - }, "status":{ "shape":"TargetStatus", "documentation":"

    The status of the target.

    • DRAINING: The target is being deregistered. No new connections are sent to this target while current connections are being drained. The default draining time is 5 minutes.

    • UNAVAILABLE: Health checks are unavailable for the target group.

    • HEALTHY: The target is healthy.

    • UNHEALTHY: The target is unhealthy.

    • INITIAL: Initial health checks on the target are being performed.

    • UNUSED: Target group is not used in a service.

    " + }, + "reasonCode":{ + "shape":"String", + "documentation":"

    The code for why the target status is what it is.

    " } }, "documentation":"

    Summary information about a target.

    " @@ -5977,6 +6462,10 @@ "required":["message"], "members":{ "message":{"shape":"String"}, + "serviceCode":{ + "shape":"String", + "documentation":"

    The service code.

    " + }, "quotaCode":{ "shape":"String", "documentation":"

    The ID of the service quota that was exceeded.

    " @@ -5986,10 +6475,6 @@ "documentation":"

    The number of seconds to wait before retrying.

    ", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"String", - "documentation":"

    The service code.

    " } }, "documentation":"

    The limit on the number of requests per second was exceeded.

    ", @@ -6004,6 +6489,24 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "TxtMethodConfig":{ + "type":"structure", + "required":[ + "value", + "name" + ], + "members":{ + "value":{ + "shape":"String", + "documentation":"

    The value that must be added to the TXT record for domain verification.

    " + }, + "name":{ + "shape":"String", + "documentation":"

    The name of the TXT record that must be created for domain verification.

    " + } + }, + "documentation":"

    Configuration for TXT record-based domain verification method.

    " + }, "UnhealthyThresholdCount":{ "type":"integer", "box":true, @@ -6033,8 +6536,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAccessLogSubscriptionRequest":{ "type":"structure", @@ -6058,46 +6560,48 @@ "UpdateAccessLogSubscriptionResponse":{ "type":"structure", "required":[ - "arn", - "destinationArn", "id", + "arn", + "resourceId", "resourceArn", - "resourceId" + "destinationArn" ], "members":{ - "arn":{ - "shape":"AccessLogSubscriptionArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " - }, - "destinationArn":{ - "shape":"AccessLogDestinationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the access log destination.

    " - }, "id":{ "shape":"AccessLogSubscriptionId", "documentation":"

    The ID of the access log subscription.

    " }, - "resourceArn":{ - "shape":"ResourceArn", + "arn":{ + "shape":"AccessLogSubscriptionArn", "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " }, "resourceId":{ "shape":"ResourceId", "documentation":"

    The ID of the resource.

    " + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log subscription.

    " + }, + "destinationArn":{ + "shape":"AccessLogDestinationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the access log destination.

    " } } }, "UpdateListenerRequest":{ "type":"structure", "required":[ - "defaultAction", + "serviceIdentifier", "listenerIdentifier", - "serviceIdentifier" + "defaultAction" ], "members":{ - "defaultAction":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule.

    " + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" }, "listenerIdentifier":{ "shape":"ListenerIdentifier", @@ -6105,11 +6609,9 @@ "location":"uri", "locationName":"listenerIdentifier" }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" + "defaultAction":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule.

    " } } }, @@ -6120,10 +6622,6 @@ "shape":"ListenerArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " }, - "defaultAction":{ - "shape":"RuleAction", - "documentation":"

    The action for the default rule.

    " - }, "id":{ "shape":"ListenerId", "documentation":"

    The ID of the listener.

    " @@ -6132,14 +6630,14 @@ "shape":"ListenerName", "documentation":"

    The name of the listener.

    " }, - "port":{ - "shape":"Port", - "documentation":"

    The listener port.

    " - }, "protocol":{ "shape":"ListenerProtocol", "documentation":"

    The protocol of the listener.

    " }, + "port":{ + "shape":"Port", + "documentation":"

    The listener port.

    " + }, "serviceArn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " @@ -6147,6 +6645,10 @@ "serviceId":{ "shape":"ServiceId", "documentation":"

    The ID of the service.

    " + }, + "defaultAction":{ + "shape":"RuleAction", + "documentation":"

    The action for the default rule.

    " } } }, @@ -6154,6 +6656,16 @@ "type":"structure", "required":["resourceConfigurationIdentifier"], "members":{ + "resourceConfigurationIdentifier":{ + "shape":"ResourceConfigurationIdentifier", + "documentation":"

    The ID of the resource configuration.

    ", + "location":"uri", + "locationName":"resourceConfigurationIdentifier" + }, + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"

    Identifies the resource configuration in one of the following ways:

    • Amazon Resource Name (ARN) - Supported resource-types that are provisioned by Amazon Web Services services, such as RDS databases, can be identified by their ARN.

    • Domain name - Any domain name that is publicly resolvable.

    • IP address - For IPv4 and IPv6, only IP addresses in the VPC are supported.

    " + }, "allowAssociationToShareableServiceNetwork":{ "shape":"Boolean", "documentation":"

    Indicates whether to add the resource configuration to service networks that are shared with other accounts.

    " @@ -6161,30 +6673,12 @@ "portRanges":{ "shape":"PortRangeList", "documentation":"

    The TCP port ranges that a consumer can use to access a resource configuration. You can separate port ranges with a comma. Example: 1-65535 or 1,2,22-30

    " - }, - "resourceConfigurationDefinition":{ - "shape":"ResourceConfigurationDefinition", - "documentation":"

    The resource configuration.

    " - }, - "resourceConfigurationIdentifier":{ - "shape":"ResourceConfigurationIdentifier", - "documentation":"

    The ID of the resource configuration.

    ", - "location":"uri", - "locationName":"resourceConfigurationIdentifier" } } }, "UpdateResourceConfigurationResponse":{ "type":"structure", "members":{ - "allowAssociationToShareableServiceNetwork":{ - "shape":"Boolean", - "documentation":"

    Indicates whether to add the resource configuration to service networks that are shared with other accounts.

    " - }, - "arn":{ - "shape":"ResourceConfigurationArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " - }, "id":{ "shape":"ResourceConfigurationId", "documentation":"

    The ID of the resource configuration.

    " @@ -6193,33 +6687,41 @@ "shape":"ResourceConfigurationName", "documentation":"

    The name of the resource configuration.

    " }, + "arn":{ + "shape":"ResourceConfigurationArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource configuration.

    " + }, + "resourceGatewayId":{ + "shape":"ResourceGatewayId", + "documentation":"

    The ID of the resource gateway associated with the resource configuration.

    " + }, + "resourceConfigurationGroupId":{ + "shape":"ResourceConfigurationId", + "documentation":"

    The ID of the group resource configuration.

    " + }, + "type":{ + "shape":"ResourceConfigurationType", + "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + }, "portRanges":{ "shape":"PortRangeList", "documentation":"

    The TCP port ranges that a consumer can use to access a resource configuration. You can separate port ranges with a comma. Example: 1-65535 or 1,2,22-30

    " }, + "allowAssociationToShareableServiceNetwork":{ + "shape":"Boolean", + "documentation":"

    Indicates whether to add the resource configuration to service networks that are shared with other accounts.

    " + }, "protocol":{ "shape":"ProtocolType", "documentation":"

    The TCP protocol accepted by the specified resource configuration.

    " }, - "resourceConfigurationDefinition":{ - "shape":"ResourceConfigurationDefinition", - "documentation":"

    The resource configuration.

    " - }, - "resourceConfigurationGroupId":{ - "shape":"ResourceConfigurationId", - "documentation":"

    The ID of the group resource configuration.

    " - }, - "resourceGatewayId":{ - "shape":"ResourceGatewayId", - "documentation":"

    The ID of the resource gateway associated with the resource configuration.

    " - }, "status":{ "shape":"ResourceConfigurationStatus", "documentation":"

    The status of the resource configuration.

    " }, - "type":{ - "shape":"ResourceConfigurationType", - "documentation":"

    The type of resource configuration.

    • SINGLE - A single resource.

    • GROUP - A group of resources.

    • CHILD - A single resource that is part of a group resource configuration.

    • ARN - An Amazon Web Services resource.

    " + "resourceConfigurationDefinition":{ + "shape":"ResourceConfigurationDefinition", + "documentation":"

    The resource configuration.

    " } } }, @@ -6248,51 +6750,53 @@ "UpdateResourceGatewayResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ResourceGatewayArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " + "name":{ + "shape":"ResourceGatewayName", + "documentation":"

    The name of the resource gateway.

    " }, "id":{ "shape":"ResourceGatewayId", "documentation":"

    The ID of the resource gateway.

    " }, - "ipAddressType":{ - "shape":"IpAddressType", - "documentation":"

    The type of IP address used by the resource gateway.

    " - }, - "name":{ - "shape":"ResourceGatewayName", - "documentation":"

    The name of the resource gateway.

    " - }, - "securityGroupIds":{ - "shape":"SecurityGroupList", - "documentation":"

    The IDs of the security groups associated with the resource gateway.

    " + "arn":{ + "shape":"ResourceGatewayArn", + "documentation":"

    The Amazon Resource Name (ARN) of the resource gateway.

    " }, "status":{ "shape":"ResourceGatewayStatus", "documentation":"

    The status of the resource gateway.

    " }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The ID of the VPC for the resource gateway.

    " + }, "subnetIds":{ "shape":"SubnetList", "documentation":"

    The IDs of the VPC subnets for the resource gateway.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The ID of the VPC for the resource gateway.

    " + "securityGroupIds":{ + "shape":"SecurityGroupList", + "documentation":"

    The IDs of the security groups associated with the resource gateway.

    " + }, + "ipAddressType":{ + "shape":"IpAddressType", + "documentation":"

    The type of IP address used by the resource gateway.

    " } } }, "UpdateRuleRequest":{ "type":"structure", "required":[ + "serviceIdentifier", "listenerIdentifier", - "ruleIdentifier", - "serviceIdentifier" + "ruleIdentifier" ], "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    Information about the action for the specified listener rule.

    " + "serviceIdentifier":{ + "shape":"ServiceIdentifier", + "documentation":"

    The ID or ARN of the service.

    ", + "location":"uri", + "locationName":"serviceIdentifier" }, "listenerIdentifier":{ "shape":"ListenerIdentifier", @@ -6300,6 +6804,12 @@ "location":"uri", "locationName":"listenerIdentifier" }, + "ruleIdentifier":{ + "shape":"RuleIdentifier", + "documentation":"

    The ID or ARN of the rule.

    ", + "location":"uri", + "locationName":"ruleIdentifier" + }, "match":{ "shape":"RuleMatch", "documentation":"

    The rule match.

    " @@ -6308,27 +6818,15 @@ "shape":"RulePriority", "documentation":"

    The rule priority. A listener can't have multiple rules with the same priority.

    " }, - "ruleIdentifier":{ - "shape":"RuleIdentifier", - "documentation":"

    The ID or ARN of the rule.

    ", - "location":"uri", - "locationName":"ruleIdentifier" - }, - "serviceIdentifier":{ - "shape":"ServiceIdentifier", - "documentation":"

    The ID or ARN of the service.

    ", - "location":"uri", - "locationName":"serviceIdentifier" + "action":{ + "shape":"RuleAction", + "documentation":"

    Information about the action for the specified listener rule.

    " } } }, "UpdateRuleResponse":{ "type":"structure", "members":{ - "action":{ - "shape":"RuleAction", - "documentation":"

    Information about the action for the specified listener rule.

    " - }, "arn":{ "shape":"RuleArn", "documentation":"

    The Amazon Resource Name (ARN) of the listener.

    " @@ -6337,6 +6835,10 @@ "shape":"RuleId", "documentation":"

    The ID of the listener.

    " }, + "name":{ + "shape":"RuleName", + "documentation":"

    The name of the listener.

    " + }, "isDefault":{ "shape":"Boolean", "documentation":"

    Indicates whether this is the default rule.

    " @@ -6345,46 +6847,38 @@ "shape":"RuleMatch", "documentation":"

    The rule match.

    " }, - "name":{ - "shape":"RuleName", - "documentation":"

    The name of the listener.

    " - }, "priority":{ "shape":"RulePriority", "documentation":"

    The rule priority.

    " + }, + "action":{ + "shape":"RuleAction", + "documentation":"

    Information about the action for the specified listener rule.

    " } } }, "UpdateServiceNetworkRequest":{ "type":"structure", "required":[ - "authType", - "serviceNetworkIdentifier" + "serviceNetworkIdentifier", + "authType" ], "members":{ - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " - }, "serviceNetworkIdentifier":{ "shape":"ServiceNetworkIdentifier", "documentation":"

    The ID or ARN of the service network.

    ", "location":"uri", "locationName":"serviceNetworkIdentifier" + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " } } }, "UpdateServiceNetworkResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"ServiceNetworkArn", - "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " - }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " - }, "id":{ "shape":"ServiceNetworkId", "documentation":"

    The ID of the service network.

    " @@ -6392,25 +6886,33 @@ "name":{ "shape":"ServiceNetworkName", "documentation":"

    The name of the service network.

    " + }, + "arn":{ + "shape":"ServiceNetworkArn", + "documentation":"

    The Amazon Resource Name (ARN) of the service network.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " } } }, "UpdateServiceNetworkVpcAssociationRequest":{ "type":"structure", "required":[ - "securityGroupIds", - "serviceNetworkVpcAssociationIdentifier" + "serviceNetworkVpcAssociationIdentifier", + "securityGroupIds" ], "members":{ - "securityGroupIds":{ - "shape":"UpdateServiceNetworkVpcAssociationRequestSecurityGroupIdsList", - "documentation":"

    The IDs of the security groups.

    " - }, "serviceNetworkVpcAssociationIdentifier":{ "shape":"ServiceNetworkVpcAssociationIdentifier", "documentation":"

    The ID or ARN of the association.

    ", "location":"uri", "locationName":"serviceNetworkVpcAssociationIdentifier" + }, + "securityGroupIds":{ + "shape":"UpdateServiceNetworkVpcAssociationRequestSecurityGroupIdsList", + "documentation":"

    The IDs of the security groups.

    " } } }, @@ -6423,25 +6925,25 @@ "UpdateServiceNetworkVpcAssociationResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceNetworkVpcAssociationId", + "documentation":"

    The ID of the association.

    " + }, "arn":{ "shape":"ServiceNetworkVpcAssociationArn", "documentation":"

    The Amazon Resource Name (ARN) of the association.

    " }, + "status":{ + "shape":"ServiceNetworkVpcAssociationStatus", + "documentation":"

    The status. You can retry the operation if the status is DELETE_FAILED. However, if you retry it while the status is DELETE_IN_PROGRESS, there is no change in the status.

    " + }, "createdBy":{ "shape":"AccountId", "documentation":"

    The account that created the association.

    " }, - "id":{ - "shape":"ServiceNetworkVpcAssociationId", - "documentation":"

    The ID of the association.

    " - }, "securityGroupIds":{ "shape":"SecurityGroupList", "documentation":"

    The IDs of the security groups.

    " - }, - "status":{ - "shape":"ServiceNetworkVpcAssociationStatus", - "documentation":"

    The status. You can retry the operation if the status is DELETE_FAILED. However, if you retry it while the status is DELETE_IN_PROGRESS, there is no change in the status.

    " } } }, @@ -6449,96 +6951,96 @@ "type":"structure", "required":["serviceIdentifier"], "members":{ - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " - }, - "certificateArn":{ - "shape":"CertificateArn", - "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " - }, "serviceIdentifier":{ "shape":"ServiceIdentifier", "documentation":"

    The ID or ARN of the service.

    ", "location":"uri", "locationName":"serviceIdentifier" + }, + "certificateArn":{ + "shape":"CertificateArn", + "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " + }, + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    • NONE: The resource does not use an IAM policy. This is the default.

    • AWS_IAM: The resource uses an IAM policy. When this type is used, auth is enabled and an auth policy is required.

    " } } }, "UpdateServiceResponse":{ "type":"structure", "members":{ + "id":{ + "shape":"ServiceId", + "documentation":"

    The ID of the service.

    " + }, "arn":{ "shape":"ServiceArn", "documentation":"

    The Amazon Resource Name (ARN) of the service.

    " }, - "authType":{ - "shape":"AuthType", - "documentation":"

    The type of IAM policy.

    " - }, - "certificateArn":{ - "shape":"CertificateArn", - "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " + "name":{ + "shape":"ServiceName", + "documentation":"

    The name of the service.

    " }, "customDomainName":{ "shape":"ServiceCustomDomainName", "documentation":"

    The custom domain name of the service.

    " }, - "id":{ - "shape":"ServiceId", - "documentation":"

    The ID of the service.

    " + "certificateArn":{ + "shape":"CertificateArn", + "documentation":"

    The Amazon Resource Name (ARN) of the certificate.

    " }, - "name":{ - "shape":"ServiceName", - "documentation":"

    The name of the service.

    " + "authType":{ + "shape":"AuthType", + "documentation":"

    The type of IAM policy.

    " } } }, "UpdateTargetGroupRequest":{ "type":"structure", "required":[ - "healthCheck", - "targetGroupIdentifier" + "targetGroupIdentifier", + "healthCheck" ], "members":{ - "healthCheck":{ - "shape":"HealthCheckConfig", - "documentation":"

    The health check configuration.

    " - }, "targetGroupIdentifier":{ "shape":"TargetGroupIdentifier", "documentation":"

    The ID or ARN of the target group.

    ", "location":"uri", "locationName":"targetGroupIdentifier" + }, + "healthCheck":{ + "shape":"HealthCheckConfig", + "documentation":"

    The health check configuration.

    " } } }, "UpdateTargetGroupResponse":{ "type":"structure", "members":{ - "arn":{ - "shape":"TargetGroupArn", - "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " - }, - "config":{ - "shape":"TargetGroupConfig", - "documentation":"

    The target group configuration.

    " - }, "id":{ "shape":"TargetGroupId", "documentation":"

    The ID of the target group.

    " }, + "arn":{ + "shape":"TargetGroupArn", + "documentation":"

    The Amazon Resource Name (ARN) of the target group.

    " + }, "name":{ "shape":"TargetGroupName", "documentation":"

    The name of the target group.

    " }, - "status":{ - "shape":"TargetGroupStatus", - "documentation":"

    The status.

    " - }, "type":{ "shape":"TargetGroupType", "documentation":"

    The target group type.

    " + }, + "config":{ + "shape":"TargetGroupConfig", + "documentation":"

    The target group configuration.

    " + }, + "status":{ + "shape":"TargetGroupStatus", + "documentation":"

    The status.

    " } } }, @@ -6549,14 +7051,14 @@ "reason" ], "members":{ - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

    The fields that failed validation.

    " - }, "message":{"shape":"String"}, "reason":{ "shape":"ValidationExceptionReason", "documentation":"

    The reason.

    " + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    The fields that failed validation.

    " } }, "documentation":"

    The input does not satisfy the constraints specified by an Amazon Web Services service.

    ", @@ -6569,17 +7071,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"String", - "documentation":"

    Additional information about why the validation failed.

    " - }, "name":{ "shape":"String", "documentation":"

    The name of the validation exception.

    " + }, + "message":{ + "shape":"String", + "documentation":"

    Additional information about why the validation failed.

    " } }, "documentation":"

    Describes a validation failure.

    " @@ -6597,23 +7099,31 @@ "other" ] }, + "VerificationStatus":{ + "type":"string", + "enum":[ + "VERIFIED", + "PENDING", + "VERIFICATION_TIMED_OUT" + ] + }, "VpcEndpointId":{ "type":"string", "max":22, "min":22, - "pattern":"^vpce-[0-9a-f]{17}$" + "pattern":"vpce-[0-9a-f]{17}" }, "VpcEndpointOwner":{ "type":"string", "max":12, "min":12, - "pattern":"^\\d{12}$" + "pattern":"\\d{12}" }, "VpcId":{ "type":"string", "max":50, "min":5, - "pattern":"^vpc-(([0-9a-z]{8})|([0-9a-z]{17}))$" + "pattern":"vpc-(([0-9a-z]{8})|([0-9a-z]{17}))" }, "WeightedTargetGroup":{ "type":"structure", @@ -6640,7 +7150,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[a-z0-9][-.a-z0-9]{0,62}:[a-z0-9][-.a-z0-9]{0,62}:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}$" + "pattern":"arn:[a-z0-9][-.a-z0-9]{0,62}:[a-z0-9][-.a-z0-9]{0,62}:([a-z0-9][-.a-z0-9]{0,62})?:\\d{12}?:[^/].{0,1023}" } }, "documentation":"

    Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor all of your services across multiple accounts and virtual private clouds (VPCs). Amazon VPC Lattice interconnects your microservices and legacy services within a logical boundary, so that you can discover and manage them more efficiently. For more information, see the Amazon VPC Lattice User Guide

    " diff -pruN 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/waiters-2.json 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/waiters-2.json --- 2.23.6-1/awscli/botocore/data/vpc-lattice/2022-11-30/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/vpc-lattice/2022-11-30/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/waf/2015-08-24/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/waf/2015-08-24/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/waf/2015-08-24/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/waf/2015-08-24/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/waf/2015-08-24/service-2.json 2.31.35-1/awscli/botocore/data/waf/2015-08-24/service-2.json --- 2.23.6-1/awscli/botocore/data/waf/2015-08-24/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/waf/2015-08-24/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2025,8 +2025,7 @@ }, "DeleteLoggingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePermissionPolicyRequest":{ "type":"structure", @@ -2040,8 +2039,7 @@ }, "DeletePermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRateBasedRuleRequest":{ "type":"structure", @@ -2680,8 +2678,7 @@ }, "GetChangeTokenRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetChangeTokenResponse":{ "type":"structure", @@ -3838,8 +3835,7 @@ }, "PutPermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RateBasedRule":{ "type":"structure", @@ -4546,8 +4542,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4605,8 +4600,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateByteMatchSetRequest":{ "type":"structure", @@ -5029,8 +5023,7 @@ }, "WAFInvalidAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

    ", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/waf-regional/2016-11-28/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/waf-regional/2016-11-28/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/waf-regional/2016-11-28/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/waf-regional/2016-11-28/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/waf-regional/2016-11-28/service-2.json 2.31.35-1/awscli/botocore/data/waf-regional/2016-11-28/service-2.json --- 2.23.6-1/awscli/botocore/data/waf-regional/2016-11-28/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/waf-regional/2016-11-28/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1440,8 +1440,7 @@ }, "AssociateWebACLResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ByteMatchSet":{ "type":"structure", @@ -2113,8 +2112,7 @@ }, "DeleteLoggingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePermissionPolicyRequest":{ "type":"structure", @@ -2128,8 +2126,7 @@ }, "DeletePermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRateBasedRuleRequest":{ "type":"structure", @@ -2381,8 +2378,7 @@ }, "DisassociateWebACLResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ErrorReason":{"type":"string"}, "ExcludedRule":{ @@ -2783,8 +2779,7 @@ }, "GetChangeTokenRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetChangeTokenResponse":{ "type":"structure", @@ -3983,8 +3978,7 @@ }, "PutPermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RateBasedRule":{ "type":"structure", @@ -4702,8 +4696,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -4761,8 +4754,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateByteMatchSetRequest":{ "type":"structure", @@ -5185,8 +5177,7 @@ }, "WAFInvalidAccountException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

    ", "exception":true }, diff -pruN 2.23.6-1/awscli/botocore/data/wafv2/2019-07-29/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/wafv2/2019-07-29/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/wafv2/2019-07-29/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/wafv2/2019-07-29/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/wafv2/2019-07-29/service-2.json 2.31.35-1/awscli/botocore/data/wafv2/2019-07-29/service-2.json --- 2.23.6-1/awscli/botocore/data/wafv2/2019-07-29/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/wafv2/2019-07-29/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -28,9 +28,10 @@ {"shape":"WAFInvalidParameterException"}, {"shape":"WAFNonexistentItemException"}, {"shape":"WAFUnavailableEntityException"}, - {"shape":"WAFInvalidOperationException"} + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFLimitsExceededException"} ], - "documentation":"

    Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for AssociateWebACL in the WAF Developer Guide.

    Temporary inconsistencies during updates

    When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.

    The following are examples of the temporary inconsistencies that you might notice during change propagation:

    • After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.

    • After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.

    • After you change a rule action setting, you might see the old action in some places and the new action in others.

    • After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.

    " + "documentation":"

    Associates a web ACL with a resource, to protect the resource.

    Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call UpdateDistribution for the distribution and provide the Amazon Resource Name (ARN) of the web ACL in the web ACL ID. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for AssociateWebACL in the WAF Developer Guide.

    Temporary inconsistencies during updates

    When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.

    The following are examples of the temporary inconsistencies that you might notice during change propagation:

    • After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.

    • After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.

    • After you change a rule action setting, you might see the old action in some places and the new action in others.

    • After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.

    " }, "CheckCapacity":{ "name":"CheckCapacity", @@ -156,7 +157,7 @@ {"shape":"WAFConfigurationWarningException"}, {"shape":"WAFExpiredManagedRuleGroupVersionException"} ], - "documentation":"

    Creates a WebACL per the specifications provided.

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    " + "documentation":"

    Creates a WebACL per the specifications provided.

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance.

    " }, "DeleteAPIKey":{ "name":"DeleteAPIKey", @@ -302,7 +303,7 @@ {"shape":"WAFTagOperationInternalErrorException"}, {"shape":"WAFInvalidOperationException"} ], - "documentation":"

    Deletes the specified WebACL.

    You can only use this if ManagedByFirewallManager is false in the web ACL.

    Before deleting any web ACL, first disassociate it from all resources.

    • To retrieve a list of the resources that are associated with a web ACL, use the following calls:

    • To disassociate a resource from a web ACL, use the following calls:

      • For regional resources, call DisassociateWebACL.

      • For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.

    " + "documentation":"

    Deletes the specified WebACL.

    You can only use this if ManagedByFirewallManager is false in the web ACL.

    Before deleting any web ACL, first disassociate it from all resources.

    • To retrieve a list of the resources that are associated with a web ACL, use the following calls:

    • To disassociate a resource from a web ACL, use the following calls:

      • For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.

      • For all other resources, call DisassociateWebACL.

    " }, "DescribeAllManagedProducts":{ "name":"DescribeAllManagedProducts", @@ -366,7 +367,7 @@ {"shape":"WAFNonexistentItemException"}, {"shape":"WAFInvalidOperationException"} ], - "documentation":"

    Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.

    " + "documentation":"

    Disassociates the specified resource from its web ACL association, if it has one.

    Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call UpdateDistribution for the distribution and provide an empty web ACL ID. For information, see UpdateDistribution in the Amazon CloudFront API Reference.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.

    " }, "GenerateMobileSdkReleaseUrl":{ "name":"GenerateMobileSdkReleaseUrl", @@ -713,7 +714,7 @@ {"shape":"WAFInvalidParameterException"}, {"shape":"WAFInvalidOperationException"} ], - "documentation":"

    Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL.

    For Amazon CloudFront, don't use this call. Instead, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for ListResourcesForWebACL in the WAF Developer Guide.

    " + "documentation":"

    Retrieves an array of the Amazon Resource Names (ARNs) for the resources that are associated with the specified web ACL.

    For Amazon CloudFront, don't use this call. Instead, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference.

    Required permissions for customer-managed IAM policies

    This call requires permissions that are specific to the protected resource type. For details, see Permissions for ListResourcesForWebACL in the WAF Developer Guide.

    " }, "ListRuleGroups":{ "name":"ListRuleGroups", @@ -781,7 +782,7 @@ {"shape":"WAFLimitsExceededException"}, {"shape":"WAFLogDestinationPermissionIssueException"} ], - "documentation":"

    Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.

    This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call.

    To modify an existing logging configuration, do the following:

    1. Retrieve it by calling GetLoggingConfiguration

    2. Update its settings as needed

    3. Provide the complete logging configuration specification to this call

    You can define one logging destination per web ACL.

    You can access information about the traffic that WAF inspects using the following steps:

    1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

      The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

      For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.

    2. Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

    When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

    For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.

    " + "documentation":"

    Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.

    If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs.

    This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call.

    To modify an existing logging configuration, do the following:

    1. Retrieve it by calling GetLoggingConfiguration

    2. Update its settings as needed

    3. Provide the complete logging configuration specification to this call

    You can define one logging destination per web ACL.

    You can access information about the traffic that WAF inspects using the following steps:

    1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

      The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

      For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.

    2. Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

    When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

    For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.

    " }, "PutManagedRuleSetVersions":{ "name":"PutManagedRuleSetVersions", @@ -952,7 +953,7 @@ {"shape":"WAFExpiredManagedRuleGroupVersionException"}, {"shape":"WAFConfigurationWarningException"} ], - "documentation":"

    Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.

    This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.

    To modify a web ACL, do the following:

    1. Retrieve it by calling GetWebACL

    2. Update its settings as needed

    3. Provide the complete web ACL specification to this call

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    Temporary inconsistencies during updates

    When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.

    The following are examples of the temporary inconsistencies that you might notice during change propagation:

    • After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.

    • After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.

    • After you change a rule action setting, you might see the old action in some places and the new action in others.

    • After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.

    " + "documentation":"

    Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.

    This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.

    To modify a web ACL, do the following:

    1. Retrieve it by calling GetWebACL

    2. Update its settings as needed

    3. Provide the complete web ACL specification to this call

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance.

    Temporary inconsistencies during updates

    When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.

    The following are examples of the temporary inconsistencies that you might notice during change propagation:

    • After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.

    • After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.

    • After you change a rule action setting, you might see the old action in some places and the new action in others.

    • After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.

    " } }, "shapes":{ @@ -997,6 +998,11 @@ "type":"integer", "min":0 }, + "ASN":{ + "type":"long", + "max":4294967295, + "min":0 + }, "AWSManagedRulesACFPRuleSet":{ "type":"structure", "required":[ @@ -1026,7 +1032,7 @@ "documentation":"

    Allow the use of regular expressions in the registration page path and the account creation path.

    " } }, - "documentation":"

    Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. This configuration is used in ManagedRuleGroupConfig.

    " + "documentation":"

    Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. This configuration is used in ManagedRuleGroupConfig.

    For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in WAF and Amazon Web Services Managed Rules rule groups list in the WAF Developer Guide.

    " }, "AWSManagedRulesATPRuleSet":{ "type":"structure", @@ -1049,7 +1055,22 @@ "documentation":"

    Allow the use of regular expressions in the login page path.

    " } }, - "documentation":"

    Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.

    " + "documentation":"

    Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.

    For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in WAF and Amazon Web Services Managed Rules rule groups list in the WAF Developer Guide.

    " + }, + "AWSManagedRulesAntiDDoSRuleSet":{ + "type":"structure", + "required":["ClientSideActionConfig"], + "members":{ + "ClientSideActionConfig":{ + "shape":"ClientSideActionConfig", + "documentation":"

    Configures the request handling that's applied by the managed rule group rules ChallengeAllDuringEvent and ChallengeDDoSRequests during a distributed denial of service (DDoS) attack.

    " + }, + "SensitivityToBlock":{ + "shape":"SensitivityToAct", + "documentation":"

    The sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the DDoSRequests rule runs.

    The higher the sensitivity, the more levels of labeling that the rule matches:

    • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

    • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

    • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

    Default: LOW

    " + } + }, + "documentation":"

    Configures the use of the anti-DDoS managed rule group, AWSManagedRulesAntiDDoSRuleSet. This configuration is used in ManagedRuleGroupConfig.

    The configuration that you provide here determines whether and how the rules in the rule group are used.

    For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in WAF and Amazon Web Services Managed Rules rule groups list in the WAF Developer Guide.

    " }, "AWSManagedRulesBotControlRuleSet":{ "type":"structure", @@ -1064,7 +1085,7 @@ "documentation":"

    Applies only to the targeted inspection level.

    Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Machine learning is required for the Bot Control rules TGT_ML_CoordinatedActivityLow and TGT_ML_CoordinatedActivityMedium, which inspect for anomalous behavior that might indicate distributed, coordinated bot activity.

    For more information about this choice, see the listing for these rules in the table at Bot Control rules listing in the WAF Developer Guide.

    Default: TRUE

    " } }, - "documentation":"

    Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.

    " + "documentation":"

    Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.

    For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in WAF and Amazon Web Services Managed Rules rule groups list in the WAF Developer Guide.

    " }, "Action":{"type":"string"}, "ActionCondition":{ @@ -1106,14 +1127,12 @@ }, "All":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Inspect all of the elements that WAF has parsed and extracted from the web request component that you've identified in your FieldToMatch specifications.

    This is used in the FieldToMatch specification for some web request component types.

    JSON specification: \"All\": {}

    " }, "AllQueryArguments":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Inspect all query arguments of the web request.

    This is used in the FieldToMatch specification for some web request component types.

    JSON specification: \"AllQueryArguments\": {}

    " }, "AllowAction":{ @@ -1137,6 +1156,57 @@ }, "documentation":"

    A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

    " }, + "ApplicationAttribute":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"AttributeName", + "documentation":"

    Specifies the attribute name.

    " + }, + "Values":{ + "shape":"AttributeValues", + "documentation":"

    Specifies the attribute value.

    " + } + }, + "documentation":"

    Application details defined during the web ACL creation process. Application attributes help WAF give recommendations for protection packs.

    " + }, + "ApplicationAttributes":{ + "type":"list", + "member":{"shape":"ApplicationAttribute"}, + "max":10, + "min":1 + }, + "ApplicationConfig":{ + "type":"structure", + "members":{ + "Attributes":{ + "shape":"ApplicationAttributes", + "documentation":"

    Contains the attribute name and a list of values for that attribute.

    " + } + }, + "documentation":"

    A list of ApplicationAttributes that contains information about the application.

    " + }, + "AsnList":{ + "type":"list", + "member":{"shape":"ASN"}, + "max":100, + "min":1 + }, + "AsnMatchStatement":{ + "type":"structure", + "required":["AsnList"], + "members":{ + "AsnList":{ + "shape":"AsnList", + "documentation":"

    Contains one or more Autonomous System Numbers (ASNs). ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.

    " + }, + "ForwardedIPConfig":{ + "shape":"ForwardedIPConfig", + "documentation":"

    The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

    " + } + }, + "documentation":"

    A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.

    For additional details, see ASN match rule statement in the WAF Developer Guide.

    " + }, "AssociateWebACLRequest":{ "type":"structure", "required":[ @@ -1150,14 +1220,13 @@ }, "ResourceArn":{ "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource to associate with the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    " + "documentation":"

    The Amazon Resource Name (ARN) of the resource to associate with the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    • For an Amplify application: arn:partition:amplify:region:account-id:apps/app-id

    " } } }, "AssociateWebACLResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociatedResourceType":{ "type":"string", @@ -1179,6 +1248,23 @@ }, "documentation":"

    Specifies custom configurations for the associations between the web ACL and protected resources.

    Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).

    You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

    For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    " }, + "AttributeName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[\\w\\-]+$" + }, + "AttributeValue":{ + "type":"string", + "max":64, + "min":1 + }, + "AttributeValues":{ + "type":"list", + "member":{"shape":"AttributeValue"}, + "max":50, + "min":1 + }, "BlockAction":{ "type":"structure", "members":{ @@ -1194,7 +1280,7 @@ "members":{ "OversizeHandling":{ "shape":"OversizeHandling", - "documentation":"

    What WAF should do if the body is larger than WAF can inspect.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

    Default: CONTINUE

    " + "documentation":"

    What WAF should do if the body is larger than WAF can inspect.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    • For Amplify, use the CloudFront limit.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

    Default: CONTINUE

    " } }, "documentation":"

    Inspect the body of the web request. The body immediately follows the request headers.

    This is used to indicate the web request component to inspect, in the FieldToMatch specification.

    " @@ -1325,7 +1411,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Rules":{ "shape":"Rules", @@ -1342,6 +1428,36 @@ } } }, + "ClientSideAction":{ + "type":"structure", + "required":["UsageOfAction"], + "members":{ + "UsageOfAction":{ + "shape":"UsageOfAction", + "documentation":"

    Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

    • If usage is enabled:

      • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

      • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

    • If usage is disabled:

      • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

      • The two rules are not evaluated.

      • None of the other ClientSideAction settings have any effect.

    This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

    This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

    " + }, + "Sensitivity":{ + "shape":"SensitivityToAct", + "documentation":"

    The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

    The higher the sensitivity, the more levels of labeling that the rule matches:

    • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

    • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

    • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

    Default: HIGH

    " + }, + "ExemptUriRegularExpressions":{ + "shape":"RegularExpressionList", + "documentation":"

    The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

    The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

    Amazon Web Services recommends using a regular expression.

    This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

    Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

    \\/api\\/|\\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

    " + } + }, + "documentation":"

    This is part of the AWSManagedRulesAntiDDoSRuleSet ClientSideActionConfig configuration in ManagedRuleGroupConfig.

    " + }, + "ClientSideActionConfig":{ + "type":"structure", + "required":["Challenge"], + "members":{ + "Challenge":{ + "shape":"ClientSideAction", + "documentation":"

    Configuration for the use of the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests.

    This setting isn't related to the configuration of the Challenge action itself. It only configures the use of the two anti-DDoS rules named here.

    You can enable or disable the use of these rules, and you can configure how to use them when they are enabled.

    " + } + }, + "documentation":"

    This is part of the configuration for the managed rules AWSManagedRulesAntiDDoSRuleSet in ManagedRuleGroupConfig.

    " + }, "ComparisonOperator":{ "type":"string", "enum":[ @@ -1703,7 +1819,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "TokenDomains":{ "shape":"APIKeyTokenDomains", @@ -1735,7 +1851,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Description":{ "shape":"EntityDescription", @@ -1778,7 +1894,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Description":{ "shape":"EntityDescription", @@ -1818,7 +1934,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Capacity":{ "shape":"CapacityUnit", @@ -1870,7 +1986,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "DefaultAction":{ "shape":"DefaultAction", @@ -1888,6 +2004,10 @@ "shape":"VisibilityConfig", "documentation":"

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

    " }, + "DataProtectionConfig":{ + "shape":"DataProtectionConfig", + "documentation":"

    Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.

    The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.

    " + }, "Tags":{ "shape":"TagList", "documentation":"

    An array of key:value pairs to associate with the resource.

    " @@ -1911,6 +2031,14 @@ "AssociationConfig":{ "shape":"AssociationConfig", "documentation":"

    Specifies custom configurations for the associations between the web ACL and protected resources.

    Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).

    You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

    For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    " + }, + "OnSourceDDoSProtectionConfig":{ + "shape":"OnSourceDDoSProtectionConfig", + "documentation":"

    Specifies the type of DDoS protection to apply to web request data for a web ACL. For most scenarios, it is recommended to use the default protection level, ACTIVE_UNDER_DDOS. If a web ACL is associated with multiple Application Load Balancers, the changes you make to DDoS protection in that web ACL will apply to all associated Application Load Balancers.

    " + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

    Configures the ability for the WAF console to store and retrieve application attributes during the web ACL creation process. Application attributes help WAF give recommendations for protection packs.

    " } } }, @@ -2018,6 +2146,56 @@ }, "documentation":"

    The response body to use in a custom response to a web request. This is referenced by key from CustomResponse CustomResponseBodyKey.

    " }, + "DataProtection":{ + "type":"structure", + "required":[ + "Field", + "Action" + ], + "members":{ + "Field":{ + "shape":"FieldToProtect", + "documentation":"

    Specifies the field type and optional keys to apply the protection behavior to.

    " + }, + "Action":{ + "shape":"DataProtectionAction", + "documentation":"

    Specifies how to protect the field. WAF can apply a one-way hash to the field or hard code a string substitution.

    • One-way hash example: ade099751dEXAMPLEHASH2ea9f3393f80dd5d3bEXAMPLEHASH966ae0d3cd5a1e

    • Substitution example: REDACTED

    " + }, + "ExcludeRuleMatchDetails":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to also exclude any rule match details from the data protection you have enabled for a given field. WAF logs these details for non-terminating matching rules and for the terminating matching rule. For additional information, see Log fields for web ACL traffic in the WAF Developer Guide.

    Default: FALSE

    " + }, + "ExcludeRateBasedDetails":{ + "shape":"Boolean", + "documentation":"

    Specifies whether to also exclude any rate-based rule details from the data protection you have enabled for a given field. If you specify this exception, RateBasedDetails will show the value of the field. For additional information, see the log field rateBasedRuleList at Log fields for web ACL traffic in the WAF Developer Guide.

    Default: FALSE

    " + } + }, + "documentation":"

    Specifies the protection behavior for a field type. This is part of the data protection configuration for a web ACL.

    " + }, + "DataProtectionAction":{ + "type":"string", + "enum":[ + "SUBSTITUTION", + "HASH" + ] + }, + "DataProtectionConfig":{ + "type":"structure", + "required":["DataProtections"], + "members":{ + "DataProtections":{ + "shape":"DataProtections", + "documentation":"

    An array of data protection configurations for specific web request field types. This is defined for each web ACL. WAF applies the specified protection to all web requests that the web ACL inspects.

    " + } + }, + "documentation":"

    Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.

    The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.

    This is part of the data protection configuration for a web ACL.

    " + }, + "DataProtections":{ + "type":"list", + "member":{"shape":"DataProtection"}, + "max":26, + "min":1 + }, "DefaultAction":{ "type":"structure", "members":{ @@ -2041,7 +2219,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "APIKey":{ "shape":"APIKey", @@ -2051,8 +2229,7 @@ }, "DeleteAPIKeyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteFirewallManagerRuleGroupsRequest":{ "type":"structure", @@ -2095,7 +2272,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2109,8 +2286,7 @@ }, "DeleteIPSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteLoggingConfigurationRequest":{ "type":"structure", @@ -2126,14 +2302,13 @@ }, "LogScope":{ "shape":"LogScope", - "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    Default: CUSTOMER

    " + "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    The log scope CLOUDWATCH_TELEMETRY_RULE_MANAGED indicates a configuration that is managed through Amazon CloudWatch Logs for telemetry data collection and analysis. For information, see What is Amazon CloudWatch Logs ? in the Amazon CloudWatch Logs user guide.

    Default: CUSTOMER

    " } } }, "DeleteLoggingConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeletePermissionPolicyRequest":{ "type":"structure", @@ -2147,8 +2322,7 @@ }, "DeletePermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRegexPatternSetRequest":{ "type":"structure", @@ -2165,7 +2339,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2179,8 +2353,7 @@ }, "DeleteRegexPatternSetResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRuleGroupRequest":{ "type":"structure", @@ -2197,7 +2370,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2211,8 +2384,7 @@ }, "DeleteRuleGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWebACLRequest":{ "type":"structure", @@ -2229,7 +2401,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2243,8 +2415,7 @@ }, "DeleteWebACLResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAllManagedProductsRequest":{ "type":"structure", @@ -2252,7 +2423,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " } } }, @@ -2278,7 +2449,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " } } }, @@ -2309,7 +2480,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "VersionName":{ "shape":"VersionKeyString", @@ -2356,14 +2527,13 @@ "members":{ "ResourceArn":{ "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    " + "documentation":"

    The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    • For an Amplify application: arn:partition:amplify:region:account-id:apps/app-id

    " } } }, "DisassociateWebACLResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DownloadUrl":{"type":"string"}, "EmailField":{ @@ -2473,7 +2643,7 @@ }, "Body":{ "shape":"Body", - "documentation":"

    Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    For information about how to handle oversized request bodies, see the Body object configuration.

    " + "documentation":"

    Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    • For Amplify, use the CloudFront limit.

    For information about how to handle oversized request bodies, see the Body object configuration.

    " }, "Method":{ "shape":"Method", @@ -2481,7 +2651,7 @@ }, "JsonBody":{ "shape":"JsonBody", - "documentation":"

    Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    For information about how to handle oversized request bodies, see the JsonBody object configuration.

    " + "documentation":"

    Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    • For Amplify, use the CloudFront limit.

    For information about how to handle oversized request bodies, see the JsonBody object configuration.

    " }, "Headers":{ "shape":"Headers", @@ -2498,9 +2668,17 @@ "JA3Fingerprint":{ "shape":"JA3Fingerprint", "documentation":"

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

    Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

    " + }, + "JA4Fingerprint":{ + "shape":"JA4Fingerprint", + "documentation":"

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

    You can obtain the JA4 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

    Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

    " + }, + "UriFragment":{ + "shape":"UriFragment", + "documentation":"

    Inspect fragments of the request URI. You must configure scope and pattern matching filters in the UriFragment object, to define the fragment of a URI that WAF inspects.

    Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the UriFragment object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.

    " } }, - "documentation":"

    Specifies a web request component to be used in a rule match statement or in a logging configuration.

    • In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

      Example JSON for a QueryString field to match:

      \"FieldToMatch\": { \"QueryString\": {} }

      Example JSON for a Method field to match specification:

      \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }

    • In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:

      • Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.

      • In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.

      • If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

    " + "documentation":"

    Specifies a web request component to be used in a rule match statement or in a logging configuration.

    • In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

      Example JSON for a QueryString field to match:

      \"FieldToMatch\": { \"QueryString\": {} }

      Example JSON for a Method field to match specification:

      \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }

    • In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:

      • Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.

      • In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.

      • If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.

    " }, "FieldToMatchData":{ "type":"string", @@ -2508,6 +2686,42 @@ "min":1, "pattern":".*\\S.*" }, + "FieldToProtect":{ + "type":"structure", + "required":["FieldType"], + "members":{ + "FieldType":{ + "shape":"FieldToProtectType", + "documentation":"

    Specifies the web request component type to protect.

    " + }, + "FieldKeys":{ + "shape":"FieldToProtectKeys", + "documentation":"

    Specifies the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

    " + } + }, + "documentation":"

    Specifies a field type and keys to protect in stored web request data. This is part of the data protection configuration for a web ACL.

    " + }, + "FieldToProtectKeyName":{ + "type":"string", + "max":64, + "min":1, + "pattern":".*\\S.*" + }, + "FieldToProtectKeys":{ + "type":"list", + "member":{"shape":"FieldToProtectKeyName"}, + "max":100 + }, + "FieldToProtectType":{ + "type":"string", + "enum":[ + "SINGLE_HEADER", + "SINGLE_COOKIE", + "SINGLE_QUERY_ARGUMENT", + "QUERY_STRING", + "BODY" + ] + }, "Filter":{ "type":"structure", "required":[ @@ -2617,7 +2831,7 @@ "documentation":"

    The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

    If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

    You can specify the following fallback behaviors:

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " } }, - "documentation":"

    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

    If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

    This configuration is used for GeoMatchStatement and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.

    WAF only evaluates the first IP address found in the specified HTTP header.

    " + "documentation":"

    The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

    If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

    This configuration is used for GeoMatchStatement, AsnMatchStatement, and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.

    WAF only evaluates the first IP address found in the specified HTTP header.

    " }, "ForwardedIPHeaderName":{ "type":"string", @@ -2682,7 +2896,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "APIKey":{ "shape":"APIKey", @@ -2717,7 +2931,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2752,7 +2966,7 @@ }, "LogScope":{ "shape":"LogScope", - "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    Default: CUSTOMER

    " + "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    The log scope CLOUDWATCH_TELEMETRY_RULE_MANAGED indicates a configuration that is managed through Amazon CloudWatch Logs for telemetry data collection and analysis. For information, see What is Amazon CloudWatch Logs ? in the Amazon CloudWatch Logs user guide.

    Default: CUSTOMER

    " } } }, @@ -2779,7 +2993,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2856,7 +3070,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "WebACLName":{ "shape":"EntityName", @@ -2903,7 +3117,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2933,7 +3147,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -2978,7 +3192,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "TimeWindow":{ "shape":"TimeWindow", @@ -3013,7 +3227,7 @@ "members":{ "ResourceArn":{ "shape":"ResourceArn", - "documentation":"

    The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    " + "documentation":"

    The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

    • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

    • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

    • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

    • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

    • For an Amplify application: arn:partition:amplify:region:account-id:apps/app-id

    " } } }, @@ -3028,11 +3242,6 @@ }, "GetWebACLRequest":{ "type":"structure", - "required":[ - "Name", - "Scope", - "Id" - ], "members":{ "Name":{ "shape":"EntityName", @@ -3040,11 +3249,15 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", "documentation":"

    The unique identifier for the web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

    " + }, + "ARN":{ + "shape":"ResourceArn", + "documentation":"

    The Amazon Resource Name (ARN) of the web ACL that you want to retrieve.

    " } } }, @@ -3146,7 +3359,7 @@ "members":{ "OversizeHandling":{ "shape":"OversizeHandling", - "documentation":"

    What WAF should do if the headers of the request are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available headers normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " + "documentation":"

    What WAF should do if the headers determined by your match scope are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available headers normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " } }, "documentation":"

    Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.

    " @@ -3170,7 +3383,7 @@ }, "OversizeHandling":{ "shape":"OversizeHandling", - "documentation":"

    What WAF should do if the headers of the request are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available headers normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " + "documentation":"

    What WAF should do if the headers determined by your match scope are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available headers normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " } }, "documentation":"

    Inspect all headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.

    This is used to indicate the web request component to inspect, in the FieldToMatch specification.

    If you want to inspect just the value of a single header, use the SingleHeader FieldToMatch setting instead.

    Example JSON: \"Headers\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }

    " @@ -3327,6 +3540,17 @@ }, "documentation":"

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

    Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

    " }, + "JA4Fingerprint":{ + "type":"structure", + "required":["FallbackBehavior"], + "members":{ + "FallbackBehavior":{ + "shape":"FallbackBehavior", + "documentation":"

    The match status to assign to the web request if the request doesn't have a JA4 fingerprint.

    You can specify the following fallback behaviors:

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " + } + }, + "documentation":"

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

    You can obtain the JA4 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

    Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

    " + }, "JsonBody":{ "type":"structure", "required":[ @@ -3348,7 +3572,7 @@ }, "OversizeHandling":{ "shape":"OversizeHandling", - "documentation":"

    What WAF should do if the body is larger than WAF can inspect.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

    Default: CONTINUE

    " + "documentation":"

    What WAF should do if the body is larger than WAF can inspect.

    WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.

    • For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for additional processing fees.

    • For Amplify, use the CloudFront limit.

    The options for oversize handling are the following:

    • CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

    Default: CONTINUE

    " } }, "documentation":"

    Inspect the body of the web request as JSON. The body immediately follows the request headers.

    This is used to indicate the web request component to inspect, in the FieldToMatch specification.

    Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.

    Example JSON: \"JsonBody\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"ALL\" }

    For additional information about this request component option, see JSON body in the WAF Developer Guide.

    " @@ -3475,7 +3699,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3522,7 +3746,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3557,7 +3781,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3588,7 +3812,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3619,7 +3843,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3631,7 +3855,7 @@ }, "LogScope":{ "shape":"LogScope", - "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    Default: CUSTOMER

    " + "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    The log scope CLOUDWATCH_TELEMETRY_RULE_MANAGED indicates a configuration that is managed through Amazon CloudWatch Logs for telemetry data collection and analysis. For information, see What is Amazon CloudWatch Logs ? in the Amazon CloudWatch Logs user guide.

    Default: CUSTOMER

    " } } }, @@ -3654,7 +3878,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3721,7 +3945,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3756,7 +3980,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

    Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.

    Default: APPLICATION_LOAD_BALANCER

    " + "documentation":"

    Retrieves the web ACLs that are used by the specified resource type.

    For Amazon CloudFront, don't use this call. Instead, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference.

    If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.

    Default: APPLICATION_LOAD_BALANCER

    " } } }, @@ -3775,7 +3999,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3837,7 +4061,7 @@ "members":{ "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "NextMarker":{ "shape":"NextMarker", @@ -3878,7 +4102,8 @@ "type":"string", "enum":[ "CUSTOMER", - "SECURITY_LAKE" + "SECURITY_LAKE", + "CLOUDWATCH_TELEMETRY_RULE_MANAGED" ] }, "LogType":{ @@ -3902,7 +4127,7 @@ }, "RedactedFields":{ "shape":"RedactedFields", - "documentation":"

    The parts of the request that you want to keep out of the logs.

    For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.

    Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.

    You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method.

    This setting has no impact on request sampling. With request sampling, the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.

    " + "documentation":"

    The parts of the request that you want to keep out of the logs.

    For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.

    If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs.

    Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.

    You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method.

    This setting has no impact on request sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.

    " }, "ManagedByFirewallManager":{ "shape":"Boolean", @@ -3918,10 +4143,10 @@ }, "LogScope":{ "shape":"LogScope", - "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    Default: CUSTOMER

    " + "documentation":"

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.

    The log scope CLOUDWATCH_TELEMETRY_RULE_MANAGED indicates a configuration that is managed through Amazon CloudWatch Logs for telemetry data collection and analysis. For information, see What is Amazon CloudWatch Logs ? in the Amazon CloudWatch Logs user guide.

    Default: CUSTOMER

    " } }, - "documentation":"

    Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

    You can define one logging destination per web ACL.

    You can access information about the traffic that WAF inspects using the following steps:

    1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

      The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

      For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.

    2. Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

    When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

    For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.

    " + "documentation":"

    Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

    If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs.

    You can define one logging destination per web ACL.

    You can access information about the traffic that WAF inspects using the following steps:

    1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

      The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

      For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.

    2. Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

    When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

    For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.

    " }, "LoggingConfigurations":{ "type":"list", @@ -3951,6 +4176,13 @@ "min":1, "pattern":".*\\S.*" }, + "LowReputationMode":{ + "type":"string", + "enum":[ + "ACTIVE_UNDER_DDOS", + "ALWAYS_ON" + ] + }, "ManagedProductDescriptor":{ "type":"structure", "members":{ @@ -4035,9 +4267,13 @@ "AWSManagedRulesACFPRuleSet":{ "shape":"AWSManagedRulesACFPRuleSet", "documentation":"

    Additional configuration for using the account creation fraud prevention (ACFP) managed rule group, AWSManagedRulesACFPRuleSet. Use this to provide account creation request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to account creation requests.

    For information about using the ACFP managed rule group, see WAF Fraud Control account creation fraud prevention (ACFP) rule group and WAF Fraud Control account creation fraud prevention (ACFP) in the WAF Developer Guide.

    " + }, + "AWSManagedRulesAntiDDoSRuleSet":{ + "shape":"AWSManagedRulesAntiDDoSRuleSet", + "documentation":"

    Additional configuration for using the anti-DDoS managed rule group, AWSManagedRulesAntiDDoSRuleSet. Use this to configure anti-DDoS behavior for the rule group.

    For information about using the anti-DDoS managed rule group, see WAF Anti-DDoS rule group and Distributed Denial of Service (DDoS) prevention in the WAF Developer Guide.

    " } }, - "documentation":"

    Additional information that's used by a managed rule group. Many managed rule groups don't require this.

    The rule groups used for intelligent threat mitigation require additional configuration:

    • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

    • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

    • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

    For example specifications, see the examples section of CreateWebACL.

    " + "documentation":"

    Additional information that's used by a managed rule group. Many managed rule groups don't require this.

    The rule groups used for intelligent threat mitigation require additional configuration:

    • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

    • Use the AWSManagedRulesAntiDDoSRuleSet configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge.

    • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

    • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

    For example specifications, see the examples section of CreateWebACL.

    " }, "ManagedRuleGroupConfigs":{ "type":"list", @@ -4072,11 +4308,11 @@ }, "ManagedRuleGroupConfigs":{ "shape":"ManagedRuleGroupConfigs", - "documentation":"

    Additional information that's used by a managed rule group. Many managed rule groups don't require this.

    The rule groups used for intelligent threat mitigation require additional configuration:

    • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

    • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

    • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

    " + "documentation":"

    Additional information that's used by a managed rule group. Many managed rule groups don't require this.

    The rule groups used for intelligent threat mitigation require additional configuration:

    • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

    • Use the AWSManagedRulesAntiDDoSRuleSet configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge.

    • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

    • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

    " }, "RuleActionOverrides":{ "shape":"RuleActionOverrides", - "documentation":"

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " + "documentation":"

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

    Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " } }, "documentation":"

    A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

    You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.

    You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

    " @@ -4238,8 +4474,7 @@ }, "Method":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Inspect the HTTP method of the web request. The method indicates the type of operation that the request is asking the origin to perform.

    This is used in the FieldToMatch specification for some web request component types.

    JSON specification: \"Method\": {}

    " }, "MetricName":{ @@ -4278,8 +4513,7 @@ }, "NoneAction":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies that WAF should do nothing. This is used for the OverrideAction setting on a Rule when the rule uses a rule group reference statement.

    This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.

    JSON specification: \"None\": {}

    " }, "NotStatement":{ @@ -4293,6 +4527,17 @@ }, "documentation":"

    A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

    " }, + "OnSourceDDoSProtectionConfig":{ + "type":"structure", + "required":["ALBLowReputationMode"], + "members":{ + "ALBLowReputationMode":{ + "shape":"LowReputationMode", + "documentation":"

    The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. ACTIVE_UNDER_DDOS protection is enabled by default whenever a web ACL is associated with an Application Load Balancer. In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the ACTIVE_UNDER_DDOS protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability. ALWAYS_ON protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic.

    " + } + }, + "documentation":"

    Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.

    " + }, "OrStatement":{ "type":"structure", "required":["Statements"], @@ -4404,7 +4649,9 @@ "ASSOCIATED_RESOURCE_TYPE", "SCOPE_DOWN", "CUSTOM_KEYS", - "ACP_RULE_SET_RESPONSE_INSPECTION" + "ACP_RULE_SET_RESPONSE_INSPECTION", + "DATA_PROTECTION_CONFIG", + "LOW_REPUTATION_MODE" ] }, "ParameterExceptionParameter":{ @@ -4529,7 +4776,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -4577,13 +4824,11 @@ }, "PutPermissionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "QueryString":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Inspect the query string of the web request. This is the part of a URL that appears after a ? character, if any.

    This is used in the FieldToMatch specification for some web request component types.

    JSON specification: \"QueryString\": {}

    " }, "RateBasedStatement":{ @@ -4595,7 +4840,7 @@ "members":{ "Limit":{ "shape":"RateLimit", - "documentation":"

    The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

    Examples:

    • If you aggregate on just the IP address, this is the limit on requests from any single IP address.

    • If you aggregate on the HTTP method and the query argument name \"city\", then this is the limit on requests for any single method, city pair.

    " + "documentation":"

    The limit on requests during the specified evaluation window for a single aggregation instance for the rate-based rule. If the rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

    Examples:

    • If you aggregate on just the IP address, this is the limit on requests from any single IP address.

    • If you aggregate on the HTTP method and the query argument name \"city\", then this is the limit on requests for any single method, city pair.

    " }, "EvaluationWindowSec":{ "shape":"EvaluationWindowSec", @@ -4667,6 +4912,18 @@ "UriPath":{ "shape":"RateLimitUriPath", "documentation":"

    Use the request's URI path as an aggregate key. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.

    " + }, + "JA3Fingerprint":{ + "shape":"RateLimitJA3Fingerprint", + "documentation":"

    Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.

    " + }, + "JA4Fingerprint":{ + "shape":"RateLimitJA4Fingerprint", + "documentation":"

    Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.

    " + }, + "ASN":{ + "shape":"RateLimitAsn", + "documentation":"

    Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. Each distinct ASN contributes to the aggregation instance.

    " } }, "documentation":"

    Specifies a single custom aggregate key for a rate-base rule.

    Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling.

    " @@ -4695,6 +4952,11 @@ "max":2000000000, "min":10 }, + "RateLimitAsn":{ + "type":"structure", + "members":{}, + "documentation":"

    Specifies an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key for a rate-based rule. Each distinct ASN contributes to the aggregation instance. If you use a single ASN as your custom key, then each ASN fully defines an aggregation instance.

    " + }, "RateLimitCookie":{ "type":"structure", "required":[ @@ -4715,14 +4977,12 @@ }, "RateLimitForwardedIP":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies the first IP address in an HTTP header as an aggregate key for a rate-based rule. Each distinct forwarded IP address contributes to the aggregation instance.

    This setting is used only in the RateBasedStatementCustomKey specification of a rate-based rule statement. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the forwarded IP address by specifying FORWARDED_IP in your rate-based statement's AggregateKeyType.

    This data type supports using the forwarded IP address in the web request aggregation for a rate-based rule, in RateBasedStatementCustomKey. The JSON specification for using the forwarded IP address doesn't explicitly use this data type.

    JSON specification: \"ForwardedIP\": {}

    When you use this specification, you must also configure the forwarded IP address in the rate-based statement's ForwardedIPConfig.

    " }, "RateLimitHTTPMethod":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    Specifies the request's HTTP method as an aggregate key for a rate-based rule. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.

    JSON specification: \"RateLimitHTTPMethod\": {}

    " }, "RateLimitHeader":{ @@ -4745,9 +5005,30 @@ }, "RateLimitIP":{ "type":"structure", + "members":{}, + "documentation":"

    Specifies the IP address in the web request as an aggregate key for a rate-based rule. Each distinct IP address contributes to the aggregation instance.

    This setting is used only in the RateBasedStatementCustomKey specification of a rate-based rule statement. To use this in the custom key settings, you must specify at least one other key to use, along with the IP address. To aggregate on only the IP address, in your rate-based statement's AggregateKeyType, specify IP.

    JSON specification: \"RateLimitIP\": {}

    " + }, + "RateLimitJA3Fingerprint":{ + "type":"structure", + "required":["FallbackBehavior"], "members":{ + "FallbackBehavior":{ + "shape":"FallbackBehavior", + "documentation":"

    The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.

    You can specify the following fallback behaviors:

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " + } }, - "documentation":"

    Specifies the IP address in the web request as an aggregate key for a rate-based rule. Each distinct IP address contributes to the aggregation instance.

    This setting is used only in the RateBasedStatementCustomKey specification of a rate-based rule statement. To use this in the custom key settings, you must specify at least one other key to use, along with the IP address. To aggregate on only the IP address, in your rate-based statement's AggregateKeyType, specify IP.

    JSON specification: \"RateLimitIP\": {}

    " + "documentation":"

    Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.

    " + }, + "RateLimitJA4Fingerprint":{ + "type":"structure", + "required":["FallbackBehavior"], + "members":{ + "FallbackBehavior":{ + "shape":"FallbackBehavior", + "documentation":"

    The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.

    You can specify the following fallback behaviors:

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    " + } + }, + "documentation":"

    Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.

    " }, "RateLimitLabelNamespace":{ "type":"structure", @@ -4813,7 +5094,7 @@ "documentation":"

    The string representing the regular expression.

    " } }, - "documentation":"

    A single regular expression. This is used in a RegexPatternSet.

    " + "documentation":"

    A single regular expression. This is used in a RegexPatternSet and also in the configuration for the Amazon Web Services Managed Rules rule group AWSManagedRulesAntiDDoSRuleSet.

    " }, "RegexMatchStatement":{ "type":"structure", @@ -5040,7 +5321,8 @@ "APPSYNC", "COGNITO_USER_POOL", "APP_RUNNER_SERVICE", - "VERIFIED_ACCESS_INSTANCE" + "VERIFIED_ACCESS_INSTANCE", + "AMPLIFY" ] }, "ResponseCode":{"type":"integer"}, @@ -5252,7 +5534,7 @@ }, "RuleLabels":{ "shape":"Labels", - "documentation":"

    Labels to apply to web requests that match the rule match statement. WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.

    Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement.

    For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:

    • Separate each component of the label with a colon.

    • Each namespace or name can have up to 128 characters.

    • You can specify up to 5 namespaces in a label.

    • Don't use the following reserved words in your label specification: aws, waf, managed, rulegroup, webacl, regexpatternset, or ipset.

    For example, myLabelName or nameSpace1:nameSpace2:myLabelName.

    " + "documentation":"

    Labels to apply to web requests that match the rule match statement. WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.

    Any rule that isn't a rule group reference statement or managed rule group statement can add labels to matching web requests.

    Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement.

    For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:

    • Separate each component of the label with a colon.

    • Each namespace or name can have up to 128 characters.

    • You can specify up to 5 namespaces in a label.

    • Don't use the following reserved words in your label specification: aws, waf, managed, rulegroup, webacl, regexpatternset, or ipset.

    For example, myLabelName or nameSpace1:nameSpace2:myLabelName.

    " }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -5304,14 +5586,14 @@ "members":{ "Name":{ "shape":"EntityName", - "documentation":"

    The name of the rule to override.

    " + "documentation":"

    The name of the rule to override.

    Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.

    " }, "ActionToUse":{ "shape":"RuleAction", "documentation":"

    The override action to use, in place of the configured action of the rule in the rule group.

    " } }, - "documentation":"

    Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " + "documentation":"

    Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.

    Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " }, "RuleActionOverrides":{ "type":"list", @@ -5389,7 +5671,7 @@ }, "RuleActionOverrides":{ "shape":"RuleActionOverrides", - "documentation":"

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " + "documentation":"

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

    Verify the rule names in your overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.

    You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

    " } }, "documentation":"

    A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

    You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.

    " @@ -5527,6 +5809,14 @@ "HIGH" ] }, + "SensitivityToAct":{ + "type":"string", + "enum":[ + "LOW", + "MEDIUM", + "HIGH" + ] + }, "SingleCookieName":{ "type":"string", "max":60, @@ -5683,6 +5973,10 @@ "RegexMatchStatement":{ "shape":"RegexMatchStatement", "documentation":"

    A rule statement used to search web request components for a match against a single regular expression.

    " + }, + "AsnMatchStatement":{ + "shape":"AsnMatchStatement", + "documentation":"

    A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.

    For additional details, see ASN match rule statement in the WAF Developer Guide.

    " } }, "documentation":"

    The processing guidance for a Rule, used by WAF to determine whether a web request matches the rule.

    For example specifications, see the examples section of CreateWebACL.

    " @@ -5770,8 +6064,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5890,8 +6183,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateIPSetRequest":{ "type":"structure", @@ -5909,7 +6201,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -5955,7 +6247,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -6008,7 +6300,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -6053,7 +6345,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -6107,7 +6399,7 @@ }, "Scope":{ "shape":"Scope", - "documentation":"

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " + "documentation":"

    Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. For an Amplify application, use CLOUDFRONT.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

    " }, "Id":{ "shape":"EntityId", @@ -6129,6 +6421,10 @@ "shape":"VisibilityConfig", "documentation":"

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

    " }, + "DataProtectionConfig":{ + "shape":"DataProtectionConfig", + "documentation":"

    Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.

    The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.

    " + }, "LockToken":{ "shape":"LockToken", "documentation":"

    A token used for optimistic locking. WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

    " @@ -6152,6 +6448,14 @@ "AssociationConfig":{ "shape":"AssociationConfig", "documentation":"

    Specifies custom configurations for the associations between the web ACL and protected resources.

    Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).

    You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

    For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

    " + }, + "OnSourceDDoSProtectionConfig":{ + "shape":"OnSourceDDoSProtectionConfig", + "documentation":"

    Specifies the type of DDoS protection to apply to web request data for a web ACL. For most scenarios, it is recommended to use the default protection level, ACTIVE_UNDER_DDOS. If a web ACL is associated with multiple Application Load Balancers, the changes you make to DDoS protection in that web ACL will apply to all associated Application Load Balancers.

    " + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

    Configures the ability for the WAF console to store and retrieve application attributes. Application attributes help WAF give recommendations for protection packs.

    When using UpdateWebACL, ApplicationConfig follows these rules:

    • If you omit ApplicationConfig from the request, all existing entries in the web ACL are retained.

    • If you include ApplicationConfig, entries must match the existing values exactly. Any attempt to modify existing entries will result in an error.

    " } } }, @@ -6164,12 +6468,28 @@ } } }, - "UriPath":{ + "UriFragment":{ "type":"structure", "members":{ + "FallbackBehavior":{ + "shape":"FallbackBehavior", + "documentation":"

    What WAF should do if it fails to completely parse the JSON body. The options are the following:

    • EVALUATE_AS_STRING - Inspect the body as plain text. WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.

    • MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.

    • NO_MATCH - Treat the web request as not matching the rule statement.

    If you don't provide this setting, WAF parses and evaluates the content only up to the first parsing failure that it encounters.

    Example JSON: { \"UriFragment\": { \"FallbackBehavior\": \"MATCH\"} }

    WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, WAF doesn't apply the fallback behavior. For more information, see JSON body in the WAF Developer Guide.

    " + } }, + "documentation":"

    Inspect fragments of the request URI. You can specify the parts of the URI fragment to inspect and you can narrow the set of URI fragments to inspect by including or excluding specific keys.

    This is used to indicate the web request component to inspect, in the FieldToMatch specification.

    Example JSON: \"UriFragment\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }

    " + }, + "UriPath":{ + "type":"structure", + "members":{}, "documentation":"

    Inspect the path component of the URI of the web request. This is the part of the web request that identifies a resource. For example, /images/daily-ad.jpg.

    This is used in the FieldToMatch specification for some web request component types.

    JSON specification: \"UriPath\": {}

    " }, + "UsageOfAction":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "UsernameField":{ "type":"structure", "required":["Identifier"], @@ -6222,7 +6542,7 @@ "members":{ "SampledRequestsEnabled":{ "shape":"Boolean", - "documentation":"

    Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.

    Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

    " + "documentation":"

    Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.

    If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data.

    Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.

    " }, "CloudWatchMetricsEnabled":{ "shape":"Boolean", @@ -6394,7 +6714,7 @@ "members":{ "Message":{"shape":"ErrorMessage"} }, - "documentation":"

    WAF couldn’t retrieve a resource that you specified for this operation. If you've just created a resource that you're using in this operation, you might just need to wait a few minutes. It can take from a few seconds to a number of minutes for changes to propagate. Verify the resources that you are specifying in your request parameters and then retry the operation.

    ", + "documentation":"

    WAF couldn’t retrieve a resource that you specified for this operation. If you've just created a resource that you're using in this operation, you might just need to wait a few minutes. It can take from a few seconds to a number of minutes for changes to propagate. Verify the resource specifications in your request parameters and then retry the operation.

    ", "exception":true }, "WAFUnsupportedAggregateKeyTypeException":{ @@ -6443,6 +6763,10 @@ "shape":"VisibilityConfig", "documentation":"

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

    " }, + "DataProtectionConfig":{ + "shape":"DataProtectionConfig", + "documentation":"

    Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.

    The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.

    " + }, "Capacity":{ "shape":"ConsumedCapacity", "documentation":"

    The web ACL capacity units (WCUs) currently being used by this web ACL.

    WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.

    " @@ -6486,9 +6810,17 @@ "RetrofittedByFirewallManager":{ "shape":"Boolean", "documentation":"

    Indicates whether this web ACL was created by a customer account and then retrofitted by Firewall Manager. If true, then the web ACL is currently being managed by a Firewall Manager WAF policy, and only Firewall Manager can manage any Firewall Manager rule groups in the web ACL. See also the properties ManagedByFirewallManager, PreProcessFirewallManagerRuleGroups, and PostProcessFirewallManagerRuleGroups.

    " + }, + "OnSourceDDoSProtectionConfig":{ + "shape":"OnSourceDDoSProtectionConfig", + "documentation":"

    Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.

    " + }, + "ApplicationConfig":{ + "shape":"ApplicationConfig", + "documentation":"

    Returns a list of ApplicationAttributes.

    " } }, - "documentation":"

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    " + "documentation":"

    A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance.

    " }, "WebACLSummaries":{ "type":"list", @@ -6539,5 +6871,5 @@ "documentation":"

    A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.

    " } }, - "documentation":"WAF

    This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.

    If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. WAF Classic support will end on September 30, 2025.

    For information about WAF, including how to migrate your WAF Classic resources to this version, see the WAF Developer Guide.

    WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.

    This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.

    You can make calls using the endpoints listed in WAF endpoints and quotas.

    • For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    • For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.

    Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.

    " + "documentation":"WAF

    This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.

    If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. WAF Classic support will end on September 30, 2025.

    For information about WAF, including how to migrate your WAF Classic resources to this version, see the WAF Developer Guide.

    WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.

    This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.

    You can make calls using the endpoints listed in WAF endpoints and quotas.

    • For regional resources, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    • For Amazon CloudFront and Amplify, you must use the API endpoint listed for US East (N. Virginia): us-east-1.

    Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.

    " } diff -pruN 2.23.6-1/awscli/botocore/data/wellarchitected/2020-03-31/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/wellarchitected/2020-03-31/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/wellarchitected/2020-03-31/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/wellarchitected/2020-03-31/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/wellarchitected/2020-03-31/service-2.json 2.31.35-1/awscli/botocore/data/wellarchitected/2020-03-31/service-2.json --- 2.23.6-1/awscli/botocore/data/wellarchitected/2020-03-31/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/wellarchitected/2020-03-31/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,12 +5,14 @@ "endpointPrefix":"wellarchitected", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceAbbreviation":"Well-Architected", "serviceFullName":"AWS Well-Architected Tool", "serviceId":"WellArchitected", "signatureVersion":"v4", "signingName":"wellarchitected", - "uid":"wellarchitected-2020-03-31" + "uid":"wellarchitected-2020-03-31", + "auth":["aws.auth#sigv4"] }, "operations":{ "AssociateLenses":{ @@ -2780,8 +2782,7 @@ }, "GetProfileTemplateInput":{ "type":"structure", - "members":{ - } + "members":{} }, "GetProfileTemplateOutput":{ "type":"structure", @@ -5117,8 +5118,7 @@ }, "TagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -5214,8 +5214,7 @@ }, "UntagResourceOutput":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAnswerInput":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/wisdom/2020-10-19/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/wisdom/2020-10-19/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/wisdom/2020-10-19/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/wisdom/2020-10-19/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/workdocs/2016-05-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workdocs/2016-05-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workdocs/2016-05-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workdocs/2016-05-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/workdocs/2016-05-01/service-2.json 2.31.35-1/awscli/botocore/data/workdocs/2016-05-01/service-2.json --- 2.23.6-1/awscli/botocore/data/workdocs/2016-05-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workdocs/2016-05-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,10 +5,12 @@ "endpointPrefix":"workdocs", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon WorkDocs", "serviceId":"WorkDocs", "signatureVersion":"v4", - "uid":"workdocs-2016-05-01" + "uid":"workdocs-2016-05-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "AbortDocumentVersionUpload":{ @@ -1280,8 +1282,7 @@ }, "CreateCustomMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateFolderRequest":{ "type":"structure", @@ -1339,8 +1340,7 @@ }, "CreateLabelsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateNotificationSubscriptionRequest":{ "type":"structure", @@ -1505,8 +1505,7 @@ }, "DeactivatingLastSystemUserException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The last user in the organization is being deactivated.

    ", "error":{"httpStatusCode":409}, "exception":true @@ -1583,8 +1582,7 @@ }, "DeleteCustomMetadataResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteDocumentRequest":{ "type":"structure", @@ -1706,8 +1704,7 @@ }, "DeleteLabelsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteNotificationSubscriptionRequest":{ "type":"structure", @@ -3897,8 +3894,7 @@ }, "UnauthorizedOperationException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operation is not permitted.

    ", "error":{"httpStatusCode":403}, "exception":true diff -pruN 2.23.6-1/awscli/botocore/data/workmail/2017-10-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workmail/2017-10-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workmail/2017-10-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workmail/2017-10-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/workmail/2017-10-01/service-2.json 2.31.35-1/awscli/botocore/data/workmail/2017-10-01/service-2.json --- 2.23.6-1/awscli/botocore/data/workmail/2017-10-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workmail/2017-10-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -1348,7 +1348,8 @@ {"shape":"MailDomainNotFoundException"}, {"shape":"MailDomainStateException"}, {"shape":"OrganizationNotFoundException"}, - {"shape":"OrganizationStateException"} + {"shape":"OrganizationStateException"}, + {"shape":"UnsupportedOperationException"} ], "documentation":"

    Registers an existing and disabled user, group, or resource for WorkMail use by associating a mailbox and calendaring capabilities. It performs no change if the user, group, or resource is enabled and fails if the user, group, or resource is deleted. This operation results in the accumulation of costs. For more information, see Pricing. The equivalent console functionality for this operation is Enable.

    Users can either be created by calling the CreateUser API operation or they can be synchronized from your directory. For more information, see DeregisterFromWorkMail.

    ", "idempotent":true @@ -1766,8 +1767,7 @@ }, "AssociateDelegateToResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateMemberToGroupRequest":{ "type":"structure", @@ -1793,8 +1793,7 @@ }, "AssociateMemberToGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "AssumeImpersonationRoleRequest":{ "type":"structure", @@ -1912,8 +1911,7 @@ }, "CancelMailboxExportJobResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateAliasRequest":{ "type":"structure", @@ -1939,8 +1937,7 @@ }, "CreateAliasResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateAvailabilityConfigurationRequest":{ "type":"structure", @@ -1974,8 +1971,7 @@ }, "CreateAvailabilityConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateGroupRequest":{ "type":"structure", @@ -2326,8 +2322,7 @@ }, "DeleteAccessControlRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAliasRequest":{ "type":"structure", @@ -2353,8 +2348,7 @@ }, "DeleteAliasResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteAvailabilityConfigurationRequest":{ "type":"structure", @@ -2375,8 +2369,7 @@ }, "DeleteAvailabilityConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEmailMonitoringConfigurationRequest":{ "type":"structure", @@ -2390,8 +2383,7 @@ }, "DeleteEmailMonitoringConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteGroupRequest":{ "type":"structure", @@ -2412,8 +2404,7 @@ }, "DeleteGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIdentityCenterApplicationRequest":{ "type":"structure", @@ -2427,8 +2418,7 @@ }, "DeleteIdentityCenterApplicationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIdentityProviderConfigurationRequest":{ "type":"structure", @@ -2442,8 +2432,7 @@ }, "DeleteIdentityProviderConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteImpersonationRoleRequest":{ "type":"structure", @@ -2464,8 +2453,7 @@ }, "DeleteImpersonationRoleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMailboxPermissionsRequest":{ "type":"structure", @@ -2491,8 +2479,7 @@ }, "DeleteMailboxPermissionsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMobileDeviceAccessOverrideRequest":{ "type":"structure", @@ -2518,8 +2505,7 @@ }, "DeleteMobileDeviceAccessOverrideResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteMobileDeviceAccessRuleRequest":{ "type":"structure", @@ -2540,8 +2526,7 @@ }, "DeleteMobileDeviceAccessRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteOrganizationRequest":{ "type":"structure", @@ -2605,8 +2590,7 @@ }, "DeletePersonalAccessTokenResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourceRequest":{ "type":"structure", @@ -2627,8 +2611,7 @@ }, "DeleteResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteRetentionPolicyRequest":{ "type":"structure", @@ -2649,8 +2632,7 @@ }, "DeleteRetentionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteUserRequest":{ "type":"structure", @@ -2671,8 +2653,7 @@ }, "DeleteUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterFromWorkMailRequest":{ "type":"structure", @@ -2693,8 +2674,7 @@ }, "DeregisterFromWorkMailResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeregisterMailDomainRequest":{ "type":"structure", @@ -2715,8 +2695,7 @@ }, "DeregisterMailDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeEmailMonitoringConfigurationRequest":{ "type":"structure", @@ -3298,8 +3277,7 @@ }, "DisassociateDelegateFromResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateMemberFromGroupRequest":{ "type":"structure", @@ -3325,8 +3303,7 @@ }, "DisassociateMemberFromGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DnsRecord":{ "type":"structure", @@ -5502,14 +5479,12 @@ }, "PutAccessControlRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutEmailMonitoringConfigurationRequest":{ "type":"structure", "required":[ "OrganizationId", - "RoleArn", "LogGroupArn" ], "members":{ @@ -5519,7 +5494,7 @@ }, "RoleArn":{ "shape":"RoleArn", - "documentation":"

    The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.

    " + "documentation":"

    The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration. If absent, the IAM Role Arn of AWSServiceRoleForAmazonWorkMailEvents will be used.

    " }, "LogGroupArn":{ "shape":"LogGroupArn", @@ -5529,8 +5504,7 @@ }, "PutEmailMonitoringConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutIdentityProviderConfigurationRequest":{ "type":"structure", @@ -5561,8 +5535,7 @@ }, "PutIdentityProviderConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutInboundDmarcSettingsRequest":{ "type":"structure", @@ -5583,8 +5556,7 @@ }, "PutInboundDmarcSettingsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutMailboxPermissionsRequest":{ "type":"structure", @@ -5615,8 +5587,7 @@ }, "PutMailboxPermissionsResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutMobileDeviceAccessOverrideRequest":{ "type":"structure", @@ -5651,8 +5622,7 @@ }, "PutMobileDeviceAccessOverrideResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "PutRetentionPolicyRequest":{ "type":"structure", @@ -5686,8 +5656,7 @@ }, "PutRetentionPolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RedactedEwsAvailabilityProvider":{ "type":"structure", @@ -5727,8 +5696,7 @@ }, "RegisterMailDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RegisterToWorkMailRequest":{ "type":"structure", @@ -5754,8 +5722,7 @@ }, "RegisterToWorkMailResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ReservedNameException":{ "type":"structure", @@ -5789,8 +5756,7 @@ }, "ResetPasswordResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Resource":{ "type":"structure", @@ -6023,8 +5989,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -6102,8 +6067,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAvailabilityConfigurationRequest":{ "type":"structure", @@ -6132,8 +6096,7 @@ }, "UpdateAvailabilityConfigurationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDefaultMailDomainRequest":{ "type":"structure", @@ -6154,8 +6117,7 @@ }, "UpdateDefaultMailDomainResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateGroupRequest":{ "type":"structure", @@ -6180,8 +6142,7 @@ }, "UpdateGroupResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateImpersonationRoleRequest":{ "type":"structure", @@ -6221,8 +6182,7 @@ }, "UpdateImpersonationRoleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMailboxQuotaRequest":{ "type":"structure", @@ -6248,8 +6208,7 @@ }, "UpdateMailboxQuotaResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateMobileDeviceAccessRuleRequest":{ "type":"structure", @@ -6316,8 +6275,7 @@ }, "UpdateMobileDeviceAccessRuleResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdatePrimaryEmailAddressRequest":{ "type":"structure", @@ -6343,8 +6301,7 @@ }, "UpdatePrimaryEmailAddressResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateResourceRequest":{ "type":"structure", @@ -6385,8 +6342,7 @@ }, "UpdateResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateUserRequest":{ "type":"structure", @@ -6471,8 +6427,7 @@ }, "UpdateUserResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{ "type":"string", diff -pruN 2.23.6-1/awscli/botocore/data/workmailmessageflow/2019-05-01/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workmailmessageflow/2019-05-01/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workmailmessageflow/2019-05-01/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workmailmessageflow/2019-05-01/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff -pruN 2.23.6-1/awscli/botocore/data/workmailmessageflow/2019-05-01/service-2.json 2.31.35-1/awscli/botocore/data/workmailmessageflow/2019-05-01/service-2.json --- 2.23.6-1/awscli/botocore/data/workmailmessageflow/2019-05-01/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workmailmessageflow/2019-05-01/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,10 +5,12 @@ "endpointPrefix":"workmailmessageflow", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon WorkMail Message Flow", "serviceId":"WorkMailMessageFlow", "signatureVersion":"v4", - "uid":"workmailmessageflow-2019-05-01" + "uid":"workmailmessageflow-2019-05-01", + "auth":["aws.auth#sigv4"] }, "operations":{ "GetRawMessageContent":{ @@ -110,8 +112,7 @@ }, "PutRawMessageContentResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "RawMessageContent":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/data/workspaces/2015-04-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workspaces/2015-04-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workspaces/2015-04-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces/2015-04-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/workspaces/2015-04-08/service-2.json 2.31.35-1/awscli/botocore/data/workspaces/2015-04-08/service-2.json --- 2.23.6-1/awscli/botocore/data/workspaces/2015-04-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces/2015-04-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -123,7 +123,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidParameterValuesException"} ], - "documentation":"

    Copies the specified image from the specified Region to the current Region. For more information about copying images, see Copy a Custom WorkSpaces Image.

    In the China (Ningxia) Region, you can copy images only within the same Region.

    In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web Services Support.

    Before copying a shared image, be sure to verify that it has been shared from the correct Amazon Web Services account. To determine if an image has been shared and to see the ID of the Amazon Web Services account that owns an image, use the DescribeWorkSpaceImages and DescribeWorkspaceImagePermissions API operations.

    " + "documentation":"

    Copies the specified image from the specified Region to the current Region. For more information about copying images, see Copy a Custom WorkSpaces Image.

    In the China (Ningxia) Region, you can copy images only within the same Region.

    In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web ServicesSupport.

    Before copying a shared image, be sure to verify that it has been shared from the correct Amazon Web Services account. To determine if an image has been shared and to see the ID of the Amazon Web Services account that owns an image, use the DescribeWorkSpaceImages and DescribeWorkspaceImagePermissions API operations.

    " }, "CreateAccountLinkInvitation":{ "name":"CreateAccountLinkInvitation", @@ -624,6 +624,20 @@ ], "documentation":"

    Retrieves a list that describes the connection aliases used for cross-Region redirection. For more information, see Cross-Region Redirection for Amazon WorkSpaces.

    " }, + "DescribeCustomWorkspaceImageImport":{ + "name":"DescribeCustomWorkspaceImageImport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeCustomWorkspaceImageImportRequest"}, + "output":{"shape":"DescribeCustomWorkspaceImageImportResult"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"

    Retrieves information about a WorkSpace BYOL image being imported via ImportCustomWorkspaceImage.

    " + }, "DescribeImageAssociations":{ "name":"DescribeImageAssociations", "http":{ @@ -892,6 +906,24 @@ ], "documentation":"

    Imports client branding. Client branding allows you to customize your WorkSpace's client login portal. You can tailor your login portal company logo, the support email address, support link, link to reset password, and a custom message for users trying to sign in.

    After you import client branding, the default branding experience for the specified platform type is replaced with the imported experience

    • You must specify at least one platform type when importing client branding.

    • You can import up to 6 MB of data with each request. If your request exceeds this limit, you can import client branding for different platform types using separate requests.

    • In each platform type, the SupportEmail and SupportLink parameters are mutually exclusive. You can specify only one parameter for each platform type, but not both.

    • Imported data can take up to a minute to appear in the WorkSpaces client.

    " }, + "ImportCustomWorkspaceImage":{ + "name":"ImportCustomWorkspaceImage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ImportCustomWorkspaceImageRequest"}, + "output":{"shape":"ImportCustomWorkspaceImageResult"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValuesException"}, + {"shape":"OperationNotSupportedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"ResourceLimitExceededException"} + ], + "documentation":"

    Imports the specified Windows 10 or 11 Bring Your Own License (BYOL) image into Amazon WorkSpaces using EC2 Image Builder. The image must be an already licensed image that is in your Amazon Web Services account, and you must own the image. For more information about creating BYOL images, see Bring Your Own Windows Desktop Licenses.

    " + }, "ImportWorkspaceImage":{ "name":"ImportWorkspaceImage", "http":{ @@ -1006,6 +1038,21 @@ ], "documentation":"

    Modifies the properties of the specified Amazon WorkSpaces clients.

    " }, + "ModifyEndpointEncryptionMode":{ + "name":"ModifyEndpointEncryptionMode", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyEndpointEncryptionModeRequest"}, + "output":{"shape":"ModifyEndpointEncryptionModeResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"OperationNotSupportedException"} + ], + "documentation":"

    Modifies the endpoint encryption mode that allows you to configure the specified directory between Standard TLS and FIPS 140-2 validated mode.

    " + }, "ModifySamlProperties":{ "name":"ModifySamlProperties", "http":{ @@ -1064,7 +1111,10 @@ "output":{"shape":"ModifyWorkspaceAccessPropertiesResult"}, "errors":[ {"shape":"ResourceNotFoundException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValuesException"}, + {"shape":"InvalidParameterCombinationException"}, + {"shape":"OperationNotSupportedException"} ], "documentation":"

    Specifies which devices and operating systems users can use to access their WorkSpaces. For more information, see Control Device Access.

    " }, @@ -1279,7 +1329,7 @@ }, "input":{"shape":"TerminateWorkspacesRequest"}, "output":{"shape":"TerminateWorkspacesResult"}, - "documentation":"

    Terminates the specified WorkSpaces.

    Terminating a WorkSpace is a permanent action and cannot be undone. The user's data is destroyed. If you need to archive any user data, contact Amazon Web Services Support before terminating the WorkSpace.

    You can terminate a WorkSpace that is in any state except SUSPENDED.

    This operation is asynchronous and returns before the WorkSpaces have been completely terminated. After a WorkSpace is terminated, the TERMINATED state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.

    Simple AD and AD Connector are made available to you free of charge to use with WorkSpaces. If there are no WorkSpaces being used with your Simple AD or AD Connector directory for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the Directory Service pricing terms.

    To delete empty directories, see Delete the Directory for Your WorkSpaces. If you delete your Simple AD or AD Connector directory, you can always create a new one when you want to start using WorkSpaces again.

    " + "documentation":"

    Terminates the specified WorkSpaces.

    Terminating a WorkSpace is a permanent action and cannot be undone. The user's data is destroyed. If you need to archive any user data, contact Amazon Web ServicesSupport before terminating the WorkSpace.

    You can terminate a WorkSpace that is in any state except SUSPENDED.

    This operation is asynchronous and returns before the WorkSpaces have been completely terminated. After a WorkSpace is terminated, the TERMINATED state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.

    Simple AD and AD Connector are made available to you free of charge to use with WorkSpaces. If there are no WorkSpaces being used with your Simple AD or AD Connector directory for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the Directory Service pricing terms.

    To delete empty directories, see Delete the Directory for Your WorkSpaces. If you delete your Simple AD or AD Connector directory, you can always create a new one when you want to start using WorkSpaces again.

    " }, "TerminateWorkspacesPool":{ "name":"TerminateWorkspacesPool", @@ -1398,7 +1448,7 @@ {"shape":"InvalidParameterValuesException"}, {"shape":"OperationNotSupportedException"} ], - "documentation":"

    Shares or unshares an image with one account in the same Amazon Web Services Region by specifying whether that account has permission to copy the image. If the copy image permission is granted, the image is shared with that account. If the copy image permission is revoked, the image is unshared with the account.

    After an image has been shared, the recipient account can copy the image to other Regions as needed.

    In the China (Ningxia) Region, you can copy images only within the same Region.

    In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web Services Support.

    For more information about sharing images, see Share or Unshare a Custom WorkSpaces Image.

    • To delete an image that has been shared, you must unshare the image before you delete it.

    • Sharing Bring Your Own License (BYOL) images across Amazon Web Services accounts isn't supported at this time in Amazon Web Services GovCloud (US). To share BYOL images across accounts in Amazon Web Services GovCloud (US), contact Amazon Web Services Support.

    " + "documentation":"

    Shares or unshares an image with one account in the same Amazon Web Services Region by specifying whether that account has permission to copy the image. If the copy image permission is granted, the image is shared with that account. If the copy image permission is revoked, the image is unshared with the account.

    After an image has been shared, the recipient account can copy the image to other Regions as needed.

    In the China (Ningxia) Region, you can copy images only within the same Region.

    In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web ServicesSupport.

    For more information about sharing images, see Share or Unshare a Custom WorkSpaces Image.

    • To delete an image that has been shared, you must unshare the image before you delete it.

    • Sharing Bring Your Own License (BYOL) images across Amazon Web Services accounts isn't supported at this time in Amazon Web Services GovCloud (US). To share BYOL images across accounts in Amazon Web Services GovCloud (US), contact Amazon Web ServicesSupport.

    " }, "UpdateWorkspacesPool":{ "name":"UpdateWorkspacesPool", @@ -1486,6 +1536,43 @@ "documentation":"

    The user is not authorized to access a resource.

    ", "exception":true }, + "AccessEndpoint":{ + "type":"structure", + "members":{ + "AccessEndpointType":{ + "shape":"AccessEndpointType", + "documentation":"

    Indicates the type of access endpoint.

    " + }, + "VpcEndpointId":{ + "shape":"AlphanumericDashUnderscoreNonEmptyString", + "documentation":"

    Indicates the VPC endpoint to use for access.

    " + } + }, + "documentation":"

    Describes the access type and endpoint for a WorkSpace.

    " + }, + "AccessEndpointConfig":{ + "type":"structure", + "required":["AccessEndpoints"], + "members":{ + "AccessEndpoints":{ + "shape":"AccessEndpointList", + "documentation":"

    Indicates a list of access endpoints associated with this directory.

    " + }, + "InternetFallbackProtocols":{ + "shape":"InternetFallbackProtocolList", + "documentation":"

    Indicates a list of protocols that fallback to using the public Internet when streaming over a VPC endpoint is not available.

    " + } + }, + "documentation":"

    Describes the access endpoint configuration for a WorkSpace.

    " + }, + "AccessEndpointList":{ + "type":"list", + "member":{"shape":"AccessEndpoint"} + }, + "AccessEndpointType":{ + "type":"string", + "enum":["STREAMING_WSP"] + }, "AccessPropertyValue":{ "type":"string", "enum":[ @@ -1602,6 +1689,10 @@ "pattern":"^(http|https)\\://\\S+" }, "Alias":{"type":"string"}, + "AlphanumericDashUnderscoreNonEmptyString":{ + "type":"string", + "pattern":"^[a-zA-Z0-9\\_\\-]{1,1000}$" + }, "AmazonUuid":{ "type":"string", "max":36, @@ -1635,8 +1726,7 @@ }, "ApplicationNotSupportedException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified application is not supported.

    ", "exception":true }, @@ -1764,8 +1854,7 @@ }, "AssociateIpGroupsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AssociateWorkspaceApplicationRequest":{ "type":"structure", @@ -1864,8 +1953,7 @@ }, "AuthorizeIpRulesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "AvailableUserSessions":{ "type":"integer", @@ -2109,8 +2197,7 @@ }, "ComputeNotCompatibleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The compute type of the WorkSpace is not compatible with the application.

    ", "exception":true }, @@ -2479,8 +2566,7 @@ }, "CreateTagsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "CreateUpdatedWorkspaceImageRequest":{ "type":"structure", @@ -2658,6 +2744,10 @@ "TimeoutSettings":{ "shape":"TimeoutSettings", "documentation":"

    Indicates the timeout settings of the pool.

    " + }, + "RunningMode":{ + "shape":"PoolsRunningMode", + "documentation":"

    The running mode for the pool.

    " } } }, @@ -2693,6 +2783,41 @@ } } }, + "CustomImageProtocol":{ + "type":"string", + "enum":[ + "PCOIP", + "DCV", + "BYOP" + ] + }, + "CustomWorkspaceImageImportErrorDetails":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"ErrorCode", + "documentation":"

    The error code that is returned for the image import.

    " + }, + "ErrorMessage":{ + "shape":"ImageErrorMessage", + "documentation":"

    The text of the error message that is returned for the image import.

    " + } + }, + "documentation":"

    Describes in-depth details about the error. These details include the possible causes of the error and troubleshooting information.

    " + }, + "CustomWorkspaceImageImportErrorDetailsList":{ + "type":"list", + "member":{"shape":"CustomWorkspaceImageImportErrorDetails"} + }, + "CustomWorkspaceImageImportState":{ + "type":"string", + "enum":[ + "PENDING", + "IN_PROGRESS", + "COMPLETED", + "ERROR" + ] + }, "DataReplication":{ "type":"string", "enum":[ @@ -2809,10 +2934,6 @@ "DefaultWorkspaceCreationProperties":{ "type":"structure", "members":{ - "EnableWorkDocs":{ - "shape":"BooleanObject", - "documentation":"

    Specifies whether the directory is enabled for Amazon WorkDocs.

    " - }, "EnableInternetAccess":{ "shape":"BooleanObject", "documentation":"

    Specifies whether to automatically assign an Elastic public IP address to WorkSpaces in this directory by default. If enabled, the Elastic public IP address allows outbound internet access from your WorkSpaces when you’re using an internet gateway in the Amazon VPC in which your WorkSpaces are located. If you're using a Network Address Translation (NAT) gateway for outbound internet access from your VPC, or if your WorkSpaces are in public subnets and you manually assign them Elastic IP addresses, you should disable this setting. This setting applies to new WorkSpaces that you launch or to existing WorkSpaces that you rebuild. For more information, see Configure a VPC for Amazon WorkSpaces.

    " @@ -2901,8 +3022,7 @@ }, "DeleteClientBrandingResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConnectClientAddInRequest":{ "type":"structure", @@ -2923,8 +3043,7 @@ }, "DeleteConnectClientAddInResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteConnectionAliasRequest":{ "type":"structure", @@ -2938,8 +3057,7 @@ }, "DeleteConnectionAliasResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteIpGroupRequest":{ "type":"structure", @@ -2953,8 +3071,7 @@ }, "DeleteIpGroupResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteTagsRequest":{ "type":"structure", @@ -2975,8 +3092,7 @@ }, "DeleteTagsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkspaceBundleRequest":{ "type":"structure", @@ -2989,8 +3105,7 @@ }, "DeleteWorkspaceBundleResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkspaceImageRequest":{ "type":"structure", @@ -3004,8 +3119,7 @@ }, "DeleteWorkspaceImageResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeployWorkspaceApplicationsRequest":{ "type":"structure", @@ -3042,8 +3156,7 @@ }, "DeregisterWorkspaceDirectoryResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountModificationsRequest":{ "type":"structure", @@ -3069,8 +3182,7 @@ }, "DescribeAccountRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "DescribeAccountResult":{ "type":"structure", @@ -3086,6 +3198,10 @@ "DedicatedTenancyAccountType":{ "shape":"DedicatedTenancyAccountType", "documentation":"

    The type of linked account.

    " + }, + "Message":{ + "shape":"Message", + "documentation":"

    The text message to describe the status of BYOL.

    " } } }, @@ -3357,6 +3473,53 @@ } } }, + "DescribeCustomWorkspaceImageImportRequest":{ + "type":"structure", + "required":["ImageId"], + "members":{ + "ImageId":{ + "shape":"WorkspaceImageId", + "documentation":"

    The identifier of the WorkSpace image.

    " + } + } + }, + "DescribeCustomWorkspaceImageImportResult":{ + "type":"structure", + "members":{ + "ImageId":{ + "shape":"WorkspaceImageId", + "documentation":"

    The identifier of the WorkSpace image.

    " + }, + "InfrastructureConfigurationArn":{ + "shape":"InfrastructureConfigurationArn", + "documentation":"

    The infrastructure configuration ARN that specifies how the WorkSpace image is built.

    " + }, + "State":{ + "shape":"CustomWorkspaceImageImportState", + "documentation":"

    The state of the WorkSpace image.

    " + }, + "Created":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the WorkSpace image import was created.

    " + }, + "LastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"

    The timestamp when the WorkSpace image import was last updated.

    " + }, + "ImageSource":{ + "shape":"ImageSourceIdentifier", + "documentation":"

    Describes the image import source.

    " + }, + "ImageBuilderInstanceId":{ + "shape":"NonEmptyString", + "documentation":"

    The image builder instance ID of the WorkSpace image.

    " + }, + "ErrorDetails":{ + "shape":"CustomWorkspaceImageImportErrorDetailsList", + "documentation":"

    Describes in-depth details about the error. These details include the possible causes of the error and troubleshooting information.

    " + } + } + }, "DescribeImageAssociationsRequest":{ "type":"structure", "required":[ @@ -3699,7 +3862,7 @@ }, "Limit":{ "shape":"Limit50", - "documentation":"

    The maximum number of items to return.

    " + "documentation":"

    The maximum size of each page of results. The default value is 20 and the maximum value is 50.

    " }, "NextToken":{ "shape":"PaginationToken", @@ -3888,8 +4051,7 @@ }, "DisassociateConnectionAliasResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateIpGroupsRequest":{ "type":"structure", @@ -3910,8 +4072,7 @@ }, "DisassociateIpGroupsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DisassociateWorkspaceApplicationRequest":{ "type":"structure", @@ -3948,6 +4109,10 @@ "type":"list", "member":{"shape":"IpAddress"} }, + "DnsIpv6Addresses":{ + "type":"list", + "member":{"shape":"Ipv6Address"} + }, "DomainName":{ "type":"string", "pattern":"^([a-zA-Z0-9]+[.-])+([a-zA-Z0-9])+$" @@ -3956,6 +4121,24 @@ "type":"string", "pattern":"^ami\\-([a-f0-9]{8}|[a-f0-9]{17})$" }, + "Ec2ImportTaskId":{ + "type":"string", + "max":28, + "min":19, + "pattern":"^import-ami\\-([a-zA-Z0-9]{8}|[a-zA-Z0-9]{17})$" + }, + "EndpointEncryptionMode":{ + "type":"string", + "enum":[ + "STANDARD_TLS", + "FIPS_VALIDATED" + ] + }, + "ErrorCode":{ + "type":"string", + "max":256, + "min":1 + }, "ErrorDetails":{ "type":"structure", "members":{ @@ -4139,6 +4322,24 @@ "type":"list", "member":{"shape":"ImageAssociatedResourceType"} }, + "ImageBuildVersionArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws(?:-[a-z-]+)?):image/[a-z0-9-_]+/(?:(?:([0-9]+|x)\\.([0-9]+|x)\\.([0-9]+|x))|(?:[0-9]+\\.[0-9]+\\.[0-9]+/[0-9]+))$" + }, + "ImageComputeType":{ + "type":"string", + "enum":[ + "BASE", + "GRAPHICS_G4DN" + ] + }, + "ImageErrorMessage":{ + "type":"string", + "max":2048, + "min":1 + }, "ImagePermission":{ "type":"structure", "members":{ @@ -4191,6 +4392,25 @@ "type":"list", "member":{"shape":"ImageResourceAssociation"} }, + "ImageSourceIdentifier":{ + "type":"structure", + "members":{ + "Ec2ImportTaskId":{ + "shape":"Ec2ImportTaskId", + "documentation":"

    The EC2 import task ID to import the image from the Amazon EC2 VM import process.

    " + }, + "ImageBuildVersionArn":{ + "shape":"ImageBuildVersionArn", + "documentation":"

    The ARN of the EC2 Image Builder image.

    " + }, + "Ec2ImageId":{ + "shape":"Ec2ImageId", + "documentation":"

    The identifier of the EC2 image.

    " + } + }, + "documentation":"

    Describes the image import source.

    ", + "union":true + }, "ImageType":{ "type":"string", "enum":[ @@ -4261,6 +4481,70 @@ } } }, + "ImportCustomWorkspaceImageRequest":{ + "type":"structure", + "required":[ + "ImageName", + "ImageDescription", + "ComputeType", + "Protocol", + "ImageSource", + "InfrastructureConfigurationArn", + "Platform", + "OsVersion" + ], + "members":{ + "ImageName":{ + "shape":"WorkspaceImageName", + "documentation":"

    The name of the WorkSpace image.

    " + }, + "ImageDescription":{ + "shape":"WorkspaceImageDescription", + "documentation":"

    The description of the WorkSpace image.

    " + }, + "ComputeType":{ + "shape":"ImageComputeType", + "documentation":"

    The supported compute type for the WorkSpace image.

    " + }, + "Protocol":{ + "shape":"CustomImageProtocol", + "documentation":"

    The supported protocol for the WorkSpace image. Windows 11 does not support PCOIP protocol.

    " + }, + "ImageSource":{ + "shape":"ImageSourceIdentifier", + "documentation":"

    The options for image import source.

    " + }, + "InfrastructureConfigurationArn":{ + "shape":"InfrastructureConfigurationArn", + "documentation":"

    The infrastructure configuration ARN that specifies how the WorkSpace image is built.

    " + }, + "Platform":{ + "shape":"Platform", + "documentation":"

    The platform for the WorkSpace image source.

    " + }, + "OsVersion":{ + "shape":"OSVersion", + "documentation":"

    The OS version for the WorkSpace image source.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    The resource tags. Each WorkSpaces resource can have a maximum of 50 tags.

    " + } + } + }, + "ImportCustomWorkspaceImageResult":{ + "type":"structure", + "members":{ + "ImageId":{ + "shape":"WorkspaceImageId", + "documentation":"

    The identifier of the WorkSpace image.

    " + }, + "State":{ + "shape":"CustomWorkspaceImageImportState", + "documentation":"

    The state of the WorkSpace image.

    " + } + } + }, "ImportWorkspaceImageRequest":{ "type":"structure", "required":[ @@ -4307,11 +4591,16 @@ }, "IncompatibleApplicationsException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The specified application is not compatible with the resource.

    ", "exception":true }, + "InfrastructureConfigurationArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws):infrastructure-configuration/[a-z0-9-_]+$" + }, "InternalServerException":{ "type":"structure", "members":{ @@ -4320,6 +4609,25 @@ "documentation":"

    Unexpected server error occured.

    ", "exception":true }, + "InternetFallbackProtocol":{ + "type":"string", + "enum":["PCOIP"] + }, + "InternetFallbackProtocolList":{ + "type":"list", + "member":{"shape":"InternetFallbackProtocol"} + }, + "InvalidParameterCombinationException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"ExceptionMessage", + "documentation":"

    The exception error message.

    " + } + }, + "documentation":"

    Two or more of the selected parameter values cannot be used together.

    ", + "exception":true + }, "InvalidParameterValuesException":{ "type":"structure", "members":{ @@ -4457,6 +4765,10 @@ "type":"list", "member":{"shape":"IpRuleItem"} }, + "Ipv6Address":{ + "type":"string", + "pattern":"^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|[0-9a-fA-F]{1,4}(?::[0-9a-fA-F]{1,4}){0,6}::[0-9a-fA-F]{1,4}$" + }, "Limit":{ "type":"integer", "max":25, @@ -4566,6 +4878,7 @@ "type":"integer", "min":0 }, + "Message":{"type":"string"}, "MicrosoftEntraConfig":{ "type":"structure", "members":{ @@ -4663,6 +4976,10 @@ "ModifyAccountResult":{ "type":"structure", "members":{ + "Message":{ + "shape":"Message", + "documentation":"

    The text message to describe the status of BYOL modification.

    " + } } }, "ModifyCertificateBasedAuthPropertiesRequest":{ @@ -4685,8 +5002,7 @@ }, "ModifyCertificateBasedAuthPropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyClientPropertiesRequest":{ "type":"structure", @@ -4707,9 +5023,29 @@ }, "ModifyClientPropertiesResult":{ "type":"structure", + "members":{} + }, + "ModifyEndpointEncryptionModeRequest":{ + "type":"structure", + "required":[ + "DirectoryId", + "EndpointEncryptionMode" + ], "members":{ + "DirectoryId":{ + "shape":"DirectoryId", + "documentation":"

    The identifier of the directory.

    " + }, + "EndpointEncryptionMode":{ + "shape":"EndpointEncryptionMode", + "documentation":"

    The encryption mode used for endpoint connections when streaming to WorkSpaces Personal or WorkSpace Pools.

    " + } } }, + "ModifyEndpointEncryptionModeResponse":{ + "type":"structure", + "members":{} + }, "ModifySamlPropertiesRequest":{ "type":"structure", "required":["ResourceId"], @@ -4730,8 +5066,7 @@ }, "ModifySamlPropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifySelfservicePermissionsRequest":{ "type":"structure", @@ -4752,8 +5087,7 @@ }, "ModifySelfservicePermissionsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyStreamingPropertiesRequest":{ "type":"structure", @@ -4771,8 +5105,7 @@ }, "ModifyStreamingPropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyWorkspaceAccessPropertiesRequest":{ "type":"structure", @@ -4793,8 +5126,7 @@ }, "ModifyWorkspaceAccessPropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyWorkspaceCreationPropertiesRequest":{ "type":"structure", @@ -4815,8 +5147,7 @@ }, "ModifyWorkspaceCreationPropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyWorkspacePropertiesRequest":{ "type":"structure", @@ -4838,8 +5169,7 @@ }, "ModifyWorkspacePropertiesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ModifyWorkspaceStateRequest":{ "type":"structure", @@ -4860,8 +5190,7 @@ }, "ModifyWorkspaceStateResult":{ "type":"structure", - "members":{ - } + "members":{} }, "NetworkAccessConfiguration":{ "type":"structure", @@ -4881,6 +5210,13 @@ "type":"string", "min":1 }, + "OSVersion":{ + "type":"string", + "enum":[ + "Windows_10", + "Windows_11" + ] + }, "OperatingSystem":{ "type":"structure", "members":{ @@ -4915,8 +5251,7 @@ }, "OperatingSystemNotCompatibleException":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"

    The operating system of the WorkSpace is not compatible with the application.

    ", "exception":true }, @@ -4981,6 +5316,17 @@ "type":"list", "member":{"shape":"PendingCreateStandbyWorkspacesRequest"} }, + "Platform":{ + "type":"string", + "enum":["WINDOWS"] + }, + "PoolsRunningMode":{ + "type":"string", + "enum":[ + "AUTO_STOP", + "ALWAYS_ON" + ] + }, "Protocol":{ "type":"string", "enum":[ @@ -5088,10 +5434,6 @@ "shape":"SubnetIds", "documentation":"

    The identifiers of the subnets for your virtual private cloud (VPC). Make sure that the subnets are in supported Availability Zones. The subnets must also be in separate Availability Zones. If these conditions are not met, you will receive an OperationNotSupportedException error.

    " }, - "EnableWorkDocs":{ - "shape":"BooleanObject", - "documentation":"

    Indicates whether Amazon WorkDocs is enabled or disabled. If you have enabled this parameter and WorkDocs is not available in the Region, you will receive an OperationNotSupportedException error. Set EnableWorkDocs to disabled, and try again.

    " - }, "EnableSelfService":{ "shape":"BooleanObject", "documentation":"

    Indicates whether self-service capabilities are enabled or disabled.

    " @@ -5296,8 +5638,7 @@ }, "RestoreWorkspaceResult":{ "type":"structure", - "members":{ - } + "members":{} }, "RevokeIpRulesRequest":{ "type":"structure", @@ -5318,8 +5659,7 @@ }, "RevokeIpRulesResult":{ "type":"structure", - "members":{ - } + "members":{} }, "RootStorage":{ "type":"structure", @@ -5537,8 +5877,7 @@ }, "StartWorkspacesPoolResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StartWorkspacesRequest":{ "type":"structure", @@ -5587,8 +5926,7 @@ }, "StopWorkspacesPoolResult":{ "type":"structure", - "members":{ - } + "members":{} }, "StopWorkspacesRequest":{ "type":"structure", @@ -5763,8 +6101,7 @@ }, "TerminateWorkspacesPoolResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TerminateWorkspacesPoolSessionRequest":{ "type":"structure", @@ -5778,8 +6115,7 @@ }, "TerminateWorkspacesPoolSessionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "TerminateWorkspacesRequest":{ "type":"structure", @@ -5862,8 +6198,7 @@ }, "UpdateConnectClientAddInResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateConnectionAliasPermissionRequest":{ "type":"structure", @@ -5884,8 +6219,7 @@ }, "UpdateConnectionAliasPermissionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateDescription":{ "type":"string", @@ -5926,8 +6260,7 @@ }, "UpdateRulesOfIpGroupResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWorkspaceBundleRequest":{ "type":"structure", @@ -5944,8 +6277,7 @@ }, "UpdateWorkspaceBundleResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWorkspaceImagePermissionRequest":{ "type":"structure", @@ -5971,8 +6303,7 @@ }, "UpdateWorkspaceImagePermissionResult":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateWorkspacesPoolRequest":{ "type":"structure", @@ -6005,6 +6336,10 @@ "TimeoutSettings":{ "shape":"TimeoutSettings", "documentation":"

    Indicates the timeout settings of the specified pool.

    " + }, + "RunningMode":{ + "shape":"PoolsRunningMode", + "documentation":"

    The desired running mode for the pool. The running mode can only be updated when the pool is in a stopped state.

    " } } }, @@ -6207,6 +6542,10 @@ "shape":"IpAddress", "documentation":"

    The IP address of the WorkSpace.

    " }, + "Ipv6Address":{ + "shape":"Ipv6Address", + "documentation":"

    The IPv6 address of the WorkSpace.

    " + }, "State":{ "shape":"WorkspaceState", "documentation":"

    The operational state of the WorkSpace.

    • PENDING – The WorkSpace is in a waiting state (for example, the WorkSpace is being created).

    • AVAILABLE – The WorkSpace is running and has passed the health checks.

    • IMPAIRED – Refer to UNHEALTHY state.

    • UNHEALTHY – The WorkSpace is not responding to health checks.

    • REBOOTING – The WorkSpace is being rebooted (restarted).

    • STARTING – The WorkSpace is starting up and health checks are being run.

    • REBUILDING – The WorkSpace is being rebuilt.

    • RESTORING – The WorkSpace is being restored.

    • MAINTENANCE – The WorkSpace is undergoing scheduled maintenance by Amazon Web Services.

    • ADMIN_MAINTENANCE – The WorkSpace is undergoing maintenance by the WorkSpaces administrator.

    • TERMINATING – The WorkSpace is being deleted.

    • TERMINATED – The WorkSpace has been deleted.

    • SUSPENDED – The WorkSpace has been suspended for image creation.

    • UPDATING – The WorkSpace is undergoing an update.

    • STOPPING – The WorkSpace is being stopped.

    • STOPPED – The WorkSpace has been stopped.

    • ERROR – The WorkSpace is an error state (for example, an error occurred during startup).

    After a WorkSpace is terminated, the TERMINATED state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.

    " @@ -6304,6 +6643,14 @@ "DeviceTypeLinux":{ "shape":"AccessPropertyValue", "documentation":"

    Indicates whether users can use Linux clients to access their WorkSpaces.

    " + }, + "DeviceTypeWorkSpacesThinClient":{ + "shape":"AccessPropertyValue", + "documentation":"

    Indicates whether users can access their WorkSpaces through a WorkSpaces Thin Client.

    " + }, + "AccessEndpointConfig":{ + "shape":"AccessEndpointConfig", + "documentation":"

    Specifies the configuration for accessing the WorkSpace.

    " } }, "documentation":"

    The device types and operating systems that can be used to access a WorkSpace. For more information, see Amazon WorkSpaces Client Network Requirements.

    " @@ -6411,10 +6758,6 @@ "WorkspaceCreationProperties":{ "type":"structure", "members":{ - "EnableWorkDocs":{ - "shape":"BooleanObject", - "documentation":"

    Indicates whether Amazon WorkDocs is enabled for your WorkSpaces.

    If WorkDocs is already enabled for a WorkSpaces directory and you disable it, new WorkSpaces launched in the directory will not have WorkDocs enabled. However, WorkDocs remains enabled for any existing WorkSpaces, unless you either disable users' access to WorkDocs or you delete the WorkDocs site. To disable users' access to WorkDocs, see Disabling Users in the Amazon WorkDocs Administration Guide. To delete a WorkDocs site, see Deleting a Site in the Amazon WorkDocs Administration Guide.

    If you enable WorkDocs on a directory that already has existing WorkSpaces, the existing WorkSpaces and any new WorkSpaces that are launched in the directory will have WorkDocs enabled.

    " - }, "EnableInternetAccess":{ "shape":"BooleanObject", "documentation":"

    Indicates whether internet access is enabled for your WorkSpaces.

    " @@ -6469,6 +6812,10 @@ "shape":"DnsIpAddresses", "documentation":"

    The IP addresses of the DNS servers for the directory.

    " }, + "DnsIpv6Addresses":{ + "shape":"DnsIpv6Addresses", + "documentation":"

    The IPv6 addresses of the DNS servers for the directory.

    " + }, "CustomerUserName":{ "shape":"UserName", "documentation":"

    The user name for the service account.

    " @@ -6517,6 +6864,10 @@ "shape":"CertificateBasedAuthProperties", "documentation":"

    The certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory for WorkSpaces login.

    " }, + "EndpointEncryptionMode":{ + "shape":"EndpointEncryptionMode", + "documentation":"

    Endpoint encryption mode that allows you to configure the specified directory between Standard TLS and FIPS 140-2 validated mode.

    " + }, "MicrosoftEntraConfig":{ "shape":"MicrosoftEntraConfig", "documentation":"

    Specifies details about Microsoft Entra configurations.

    " @@ -6708,7 +7059,10 @@ "MultipleUserProfiles", "StagedAppxPackage", "UnsupportedOsUpgrade", - "InsufficientRearmCount" + "InsufficientRearmCount", + "ProtocolOSIncompatibility", + "MemoryIntegrityIncompatibility", + "RestrictedDriveLetterInUse" ] }, "WorkspaceImageId":{ @@ -6848,6 +7202,10 @@ "WorkspaceName":{ "shape":"WorkspaceName", "documentation":"

    The name of the user-decoupled WorkSpace.

    WorkspaceName is required if UserName is [UNDEFINED] for user-decoupled WorkSpaces. WorkspaceName is not applicable if UserName is specified for user-assigned WorkSpaces.

    " + }, + "Ipv6Address":{ + "shape":"Ipv6Address", + "documentation":"

    The IPv6 address for the WorkSpace.

    " } }, "documentation":"

    Describes the information used to create a WorkSpace.

    " @@ -6969,7 +7327,8 @@ "State", "CreatedAt", "BundleId", - "DirectoryId" + "DirectoryId", + "RunningMode" ], "members":{ "PoolId":{ @@ -6986,7 +7345,7 @@ }, "PoolName":{ "shape":"WorkspacesPoolName", - "documentation":"

    The name of the pool,

    " + "documentation":"

    The name of the pool.

    " }, "Description":{ "shape":"UpdateDescription", @@ -7019,6 +7378,10 @@ "TimeoutSettings":{ "shape":"TimeoutSettings", "documentation":"

    The amount of time that a pool session remains active after users disconnect. If they try to reconnect to the pool session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new pool instance.

    " + }, + "RunningMode":{ + "shape":"PoolsRunningMode", + "documentation":"

    The running mode of the pool.

    " } }, "documentation":"

    Describes a pool of WorkSpaces.

    " diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/endpoint-rule-set-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://workspaces-instances-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://workspaces-instances.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/paginators-1.json 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/paginators-1.json --- 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/paginators-1.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListInstanceTypes": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "InstanceTypes" + }, + "ListRegions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Regions" + }, + "ListWorkspaceInstances": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "WorkspaceInstances" + } + } +} diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/service-2.json 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/service-2.json --- 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/service-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,1945 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2022-07-26", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"workspaces-instances", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"Amazon Workspaces Instances", + "serviceId":"Workspaces Instances", + "signatureVersion":"v4", + "signingName":"workspaces-instances", + "targetPrefix":"EUCMIFrontendAPIService", + "uid":"workspaces-instances-2022-07-26" + }, + "operations":{ + "AssociateVolume":{ + "name":"AssociateVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateVolumeRequest"}, + "output":{"shape":"AssociateVolumeResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Attaches a volume to a WorkSpace Instance.

    " + }, + "CreateVolume":{ + "name":"CreateVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateVolumeRequest"}, + "output":{"shape":"CreateVolumeResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Creates a new volume for WorkSpace Instances.

    ", + "idempotent":true + }, + "CreateWorkspaceInstance":{ + "name":"CreateWorkspaceInstance", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateWorkspaceInstanceRequest"}, + "output":{"shape":"CreateWorkspaceInstanceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Launches a new WorkSpace Instance with specified configuration parameters, enabling programmatic workspace deployment.

    ", + "idempotent":true + }, + "DeleteVolume":{ + "name":"DeleteVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteVolumeRequest"}, + "output":{"shape":"DeleteVolumeResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes a specified volume.

    " + }, + "DeleteWorkspaceInstance":{ + "name":"DeleteWorkspaceInstance", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteWorkspaceInstanceRequest"}, + "output":{"shape":"DeleteWorkspaceInstanceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes the specified WorkSpace

    " + }, + "DisassociateVolume":{ + "name":"DisassociateVolume", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateVolumeRequest"}, + "output":{"shape":"DisassociateVolumeResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Detaches a volume from a WorkSpace Instance.

    " + }, + "GetWorkspaceInstance":{ + "name":"GetWorkspaceInstance", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetWorkspaceInstanceRequest"}, + "output":{"shape":"GetWorkspaceInstanceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves detailed information about a specific WorkSpace Instance.

    " + }, + "ListInstanceTypes":{ + "name":"ListInstanceTypes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListInstanceTypesRequest"}, + "output":{"shape":"ListInstanceTypesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves a list of instance types supported by Amazon WorkSpaces Instances, enabling precise workspace infrastructure configuration.

    " + }, + "ListRegions":{ + "name":"ListRegions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRegionsRequest"}, + "output":{"shape":"ListRegionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves a list of AWS regions supported by Amazon WorkSpaces Instances, enabling region discovery for workspace deployments.

    " + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves tags for a WorkSpace Instance.

    " + }, + "ListWorkspaceInstances":{ + "name":"ListWorkspaceInstances", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListWorkspaceInstancesRequest"}, + "output":{"shape":"ListWorkspaceInstancesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Retrieves a collection of WorkSpaces Instances based on specified filters.

    " + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Adds tags to a WorkSpace Instance.

    " + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"

    Removes tags from a WorkSpace Instance.

    " + } + }, + "shapes":{ + "ARN":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"arn:.*" + }, + "AccessDeniedException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Detailed explanation of the access denial.

    " + } + }, + "documentation":"

    Indicates insufficient permissions to perform the requested action.

    ", + "exception":true + }, + "AmdSevSnpEnum":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, + "AssociateVolumeRequest":{ + "type":"structure", + "required":[ + "WorkspaceInstanceId", + "VolumeId", + "Device" + ], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    WorkSpace Instance to attach volume to.

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    Volume to be attached.

    " + }, + "Device":{ + "shape":"DeviceName", + "documentation":"

    Device path for volume attachment.

    " + } + }, + "documentation":"

    Specifies volume attachment parameters.

    " + }, + "AssociateVolumeResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms volume attachment.

    " + }, + "AutoRecoveryEnum":{ + "type":"string", + "enum":[ + "disabled", + "default" + ] + }, + "AvailabilityZone":{ + "type":"string", + "pattern":"[a-z]{2}-[a-z]+-\\d[a-z](-[a-z0-9]+)?" + }, + "BandwidthWeightingEnum":{ + "type":"string", + "enum":[ + "default", + "vpc-1", + "ebs-1" + ] + }, + "BlockDeviceMappingRequest":{ + "type":"structure", + "members":{ + "DeviceName":{ + "shape":"DeviceName", + "documentation":"

    Name of the device for storage mapping.

    " + }, + "Ebs":{ + "shape":"EbsBlockDevice", + "documentation":"

    EBS volume configuration for the device.

    " + }, + "NoDevice":{ + "shape":"DeviceName", + "documentation":"

    Indicates device should not be mapped.

    " + }, + "VirtualName":{ + "shape":"VirtualName", + "documentation":"

    Virtual device name for ephemeral storage.

    " + } + }, + "documentation":"

    Defines device mapping for WorkSpace Instance storage.

    " + }, + "BlockDeviceMappings":{ + "type":"list", + "member":{"shape":"BlockDeviceMappingRequest"} + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CapacityReservationPreferenceEnum":{ + "type":"string", + "enum":[ + "capacity-reservations-only", + "open", + "none" + ] + }, + "CapacityReservationSpecification":{ + "type":"structure", + "members":{ + "CapacityReservationPreference":{ + "shape":"CapacityReservationPreferenceEnum", + "documentation":"

    Preference for using capacity reservation.

    " + }, + "CapacityReservationTarget":{ + "shape":"CapacityReservationTarget", + "documentation":"

    Specific capacity reservation target.

    " + } + }, + "documentation":"

    Specifies capacity reservation preferences.

    " + }, + "CapacityReservationTarget":{ + "type":"structure", + "members":{ + "CapacityReservationId":{ + "shape":"String128", + "documentation":"

    Unique identifier for the capacity reservation.

    " + }, + "CapacityReservationResourceGroupArn":{ + "shape":"ARN", + "documentation":"

    ARN of the capacity reservation resource group.

    " + } + }, + "documentation":"

    Identifies a specific capacity reservation.

    " + }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1, + "sensitive":true + }, + "ConflictException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType" + ], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the conflict encountered.

    " + }, + "ResourceId":{ + "shape":"String", + "documentation":"

    Identifier of the conflicting resource.

    " + }, + "ResourceType":{ + "shape":"String", + "documentation":"

    Type of the conflicting resource.

    " + } + }, + "documentation":"

    Signals a conflict with the current state of the resource.

    ", + "exception":true + }, + "ConnectionTrackingSpecificationRequest":{ + "type":"structure", + "members":{ + "TcpEstablishedTimeout":{ + "shape":"NonNegativeInteger", + "documentation":"

    Timeout for established TCP connections.

    " + }, + "UdpStreamTimeout":{ + "shape":"NonNegativeInteger", + "documentation":"

    Timeout for UDP stream connections.

    " + }, + "UdpTimeout":{ + "shape":"NonNegativeInteger", + "documentation":"

    General timeout for UDP connections.

    " + } + }, + "documentation":"

    Defines connection tracking parameters for network interfaces.

    " + }, + "CpuCreditsEnum":{ + "type":"string", + "enum":[ + "standard", + "unlimited" + ] + }, + "CpuOptionsRequest":{ + "type":"structure", + "members":{ + "AmdSevSnp":{ + "shape":"AmdSevSnpEnum", + "documentation":"

    AMD Secure Encrypted Virtualization configuration.

    " + }, + "CoreCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of CPU cores to allocate.

    " + }, + "ThreadsPerCore":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of threads per CPU core.

    " + } + }, + "documentation":"

    Configures CPU-specific settings for WorkSpace Instance.

    " + }, + "CreateVolumeRequest":{ + "type":"structure", + "required":["AvailabilityZone"], + "members":{ + "AvailabilityZone":{ + "shape":"String64", + "documentation":"

    Availability zone for the volume.

    " + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique token to prevent duplicate volume creation.

    ", + "idempotencyToken":true + }, + "Encrypted":{ + "shape":"Boolean", + "documentation":"

    Indicates if the volume should be encrypted.

    " + }, + "Iops":{ + "shape":"NonNegativeInteger", + "documentation":"

    Input/output operations per second for the volume.

    " + }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

    KMS key for volume encryption.

    " + }, + "SizeInGB":{ + "shape":"NonNegativeInteger", + "documentation":"

    Volume size in gigabytes.

    " + }, + "SnapshotId":{ + "shape":"SnapshotId", + "documentation":"

    Source snapshot for volume creation.

    " + }, + "TagSpecifications":{ + "shape":"TagSpecifications", + "documentation":"

    Metadata tags for the volume.

    " + }, + "Throughput":{ + "shape":"NonNegativeInteger", + "documentation":"

    Volume throughput performance.

    " + }, + "VolumeType":{ + "shape":"VolumeTypeEnum", + "documentation":"

    Type of EBS volume.

    " + } + }, + "documentation":"

    Specifies volume creation parameters.

    " + }, + "CreateVolumeResponse":{ + "type":"structure", + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    Unique identifier for the new volume.

    " + } + }, + "documentation":"

    Returns the created volume identifier.

    " + }, + "CreateWorkspaceInstanceRequest":{ + "type":"structure", + "required":["ManagedInstance"], + "members":{ + "ClientToken":{ + "shape":"ClientToken", + "documentation":"

    Unique token to ensure idempotent instance creation, preventing duplicate workspace launches.

    ", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Optional metadata tags for categorizing and managing WorkSpaces Instances.

    " + }, + "ManagedInstance":{ + "shape":"ManagedInstanceRequest", + "documentation":"

    Comprehensive configuration settings for the WorkSpaces Instance, including network, compute, and storage parameters.

    " + } + }, + "documentation":"

    Defines the configuration parameters for creating a new WorkSpaces Instance.

    " + }, + "CreateWorkspaceInstanceResponse":{ + "type":"structure", + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier assigned to the newly created WorkSpaces Instance.

    " + } + }, + "documentation":"

    Returns the unique identifier for the newly created WorkSpaces Instance.

    " + }, + "CreditSpecificationRequest":{ + "type":"structure", + "members":{ + "CpuCredits":{ + "shape":"CpuCreditsEnum", + "documentation":"

    CPU credit specification mode.

    " + } + }, + "documentation":"

    Defines CPU credit configuration for burstable instances.

    " + }, + "DeleteVolumeRequest":{ + "type":"structure", + "required":["VolumeId"], + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    Identifier of the volume to delete.

    " + } + }, + "documentation":"

    Specifies the volume to delete.

    " + }, + "DeleteVolumeResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms volume deletion.

    " + }, + "DeleteWorkspaceInstanceRequest":{ + "type":"structure", + "required":["WorkspaceInstanceId"], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the WorkSpaces Instance targeted for deletion.

    " + } + }, + "documentation":"

    The WorkSpace to delete

    " + }, + "DeleteWorkspaceInstanceResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms the successful deletion of the specified WorkSpace Instance.

    " + }, + "Description":{ + "type":"string", + "max":1000, + "min":0, + "pattern":"[\\S\\s]*" + }, + "DeviceName":{ + "type":"string", + "max":32, + "min":0 + }, + "DisassociateModeEnum":{ + "type":"string", + "enum":[ + "FORCE", + "NO_FORCE" + ] + }, + "DisassociateVolumeRequest":{ + "type":"structure", + "required":[ + "WorkspaceInstanceId", + "VolumeId" + ], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    WorkSpace Instance to detach volume from.

    " + }, + "VolumeId":{ + "shape":"VolumeId", + "documentation":"

    Volume to be detached.

    " + }, + "Device":{ + "shape":"DeviceName", + "documentation":"

    Device path of volume to detach.

    " + }, + "DisassociateMode":{ + "shape":"DisassociateModeEnum", + "documentation":"

    Mode for volume detachment.

    " + } + }, + "documentation":"

    Specifies volume detachment parameters.

    " + }, + "DisassociateVolumeResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms volume detachment.

    " + }, + "EC2InstanceError":{ + "type":"structure", + "members":{ + "EC2ErrorCode":{ + "shape":"String", + "documentation":"

    Unique error code identifying the specific EC2 instance error.

    " + }, + "EC2ExceptionType":{ + "shape":"String", + "documentation":"

    Type of exception encountered during EC2 instance operation.

    " + }, + "EC2ErrorMessage":{ + "shape":"String", + "documentation":"

    Detailed description of the EC2 instance error.

    " + } + }, + "documentation":"

    Captures detailed error information for EC2 instance operations.

    " + }, + "EC2InstanceErrors":{ + "type":"list", + "member":{"shape":"EC2InstanceError"} + }, + "EC2ManagedInstance":{ + "type":"structure", + "members":{ + "InstanceId":{ + "shape":"String", + "documentation":"

    Unique identifier of the managed EC2 instance.

    " + } + }, + "documentation":"

    Represents an EC2 instance managed by WorkSpaces.

    " + }, + "EbsBlockDevice":{ + "type":"structure", + "members":{ + "VolumeType":{ + "shape":"VolumeTypeEnum", + "documentation":"

    Type of EBS volume (e.g., gp2, io1).

    " + }, + "Encrypted":{ + "shape":"Boolean", + "documentation":"

    Indicates if the volume is encrypted.

    " + }, + "KmsKeyId":{ + "shape":"KmsKeyId", + "documentation":"

    KMS key used for volume encryption.

    " + }, + "Iops":{ + "shape":"NonNegativeInteger", + "documentation":"

    Input/output operations per second for the volume.

    " + }, + "Throughput":{ + "shape":"NonNegativeInteger", + "documentation":"

    Volume data transfer rate.

    " + }, + "VolumeSize":{ + "shape":"NonNegativeInteger", + "documentation":"

    Size of the EBS volume in gigabytes.

    " + } + }, + "documentation":"

    Defines configuration for an Elastic Block Store volume.

    " + }, + "EnaSrdSpecificationRequest":{ + "type":"structure", + "members":{ + "EnaSrdEnabled":{ + "shape":"Boolean", + "documentation":"

    Enables or disables ENA SRD for network performance.

    " + }, + "EnaSrdUdpSpecification":{ + "shape":"EnaSrdUdpSpecificationRequest", + "documentation":"

    Configures UDP-specific ENA SRD settings.

    " + } + }, + "documentation":"

    Defines Elastic Network Adapter (ENA) Scalable Reliable Datagram (SRD) configuration.

    " + }, + "EnaSrdUdpSpecificationRequest":{ + "type":"structure", + "members":{ + "EnaSrdUdpEnabled":{ + "shape":"Boolean", + "documentation":"

    Enables or disables ENA SRD for UDP traffic.

    " + } + }, + "documentation":"

    Specifies UDP configuration for ENA SRD.

    " + }, + "EnclaveOptionsRequest":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    Enables or disables AWS Nitro Enclaves for enhanced security.

    " + } + }, + "documentation":"

    Configures AWS Nitro Enclave options for the WorkSpace Instance.

    " + }, + "GetWorkspaceInstanceRequest":{ + "type":"structure", + "required":["WorkspaceInstanceId"], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the WorkSpace Instance to retrieve.

    " + } + }, + "documentation":"

    Identifies the WorkSpaces Instance to retrieve detailed information for.

    " + }, + "GetWorkspaceInstanceResponse":{ + "type":"structure", + "members":{ + "WorkspaceInstanceErrors":{ + "shape":"WorkspaceInstanceErrors", + "documentation":"

    Captures any errors specific to the WorkSpace Instance lifecycle.

    " + }, + "EC2InstanceErrors":{ + "shape":"EC2InstanceErrors", + "documentation":"

    Includes any underlying EC2 instance errors encountered.

    " + }, + "ProvisionState":{ + "shape":"ProvisionStateEnum", + "documentation":"

    Current provisioning state of the WorkSpaces Instance.

    " + }, + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the retrieved WorkSpaces Instance.

    " + }, + "EC2ManagedInstance":{ + "shape":"EC2ManagedInstance", + "documentation":"

    Details of the associated EC2 managed instance.

    " + } + }, + "documentation":"

    Provides comprehensive details about the requested WorkSpaces Instance.

    " + }, + "HibernationOptionsRequest":{ + "type":"structure", + "members":{ + "Configured":{ + "shape":"Boolean", + "documentation":"

    Enables or disables instance hibernation capability.

    " + } + }, + "documentation":"

    Defines hibernation configuration for the WorkSpace Instance.

    " + }, + "HostId":{ + "type":"string", + "pattern":"h-[0-9a-zA-Z]{1,63}" + }, + "HostnameTypeEnum":{ + "type":"string", + "enum":[ + "ip-name", + "resource-name" + ] + }, + "HttpEndpointEnum":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, + "HttpProtocolIpv6Enum":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, + "HttpPutResponseHopLimit":{ + "type":"integer", + "box":true, + "max":64, + "min":1 + }, + "HttpTokensEnum":{ + "type":"string", + "enum":[ + "optional", + "required" + ] + }, + "IamInstanceProfileSpecification":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ARN", + "documentation":"

    Amazon Resource Name (ARN) of the IAM instance profile.

    " + }, + "Name":{ + "shape":"String64", + "documentation":"

    Name of the IAM instance profile.

    " + } + }, + "documentation":"

    Defines IAM instance profile configuration for WorkSpace Instance.

    " + }, + "ImageId":{ + "type":"string", + "pattern":"ami-[0-9a-zA-Z]{1,63}" + }, + "InstanceInterruptionBehaviorEnum":{ + "type":"string", + "enum":[ + "hibernate", + "stop" + ] + }, + "InstanceIpv6Address":{ + "type":"structure", + "members":{ + "Ipv6Address":{ + "shape":"Ipv6Address", + "documentation":"

    Specific IPv6 address assigned to the instance.

    " + }, + "IsPrimaryIpv6":{ + "shape":"Boolean", + "documentation":"

    Indicates if this is the primary IPv6 address for the instance.

    " + } + }, + "documentation":"

    Represents an IPv6 address configuration for a WorkSpace Instance.

    " + }, + "InstanceMaintenanceOptionsRequest":{ + "type":"structure", + "members":{ + "AutoRecovery":{ + "shape":"AutoRecoveryEnum", + "documentation":"

    Enables or disables automatic instance recovery.

    " + } + }, + "documentation":"

    Configures automatic maintenance settings for WorkSpace Instance.

    " + }, + "InstanceMarketOptionsRequest":{ + "type":"structure", + "members":{ + "MarketType":{ + "shape":"MarketTypeEnum", + "documentation":"

    Specifies the type of marketplace for instance deployment.

    " + }, + "SpotOptions":{ + "shape":"SpotMarketOptions", + "documentation":"

    Configuration options for spot instance deployment.

    " + } + }, + "documentation":"

    Configures marketplace-specific instance deployment options.

    " + }, + "InstanceMetadataOptionsRequest":{ + "type":"structure", + "members":{ + "HttpEndpoint":{ + "shape":"HttpEndpointEnum", + "documentation":"

    Enables or disables HTTP endpoint for instance metadata.

    " + }, + "HttpProtocolIpv6":{ + "shape":"HttpProtocolIpv6Enum", + "documentation":"

    Configures IPv6 support for instance metadata HTTP protocol.

    " + }, + "HttpPutResponseHopLimit":{ + "shape":"HttpPutResponseHopLimit", + "documentation":"

    Sets maximum number of network hops for metadata PUT responses.

    " + }, + "HttpTokens":{ + "shape":"HttpTokensEnum", + "documentation":"

    Configures token requirement for instance metadata retrieval.

    " + }, + "InstanceMetadataTags":{ + "shape":"InstanceMetadataTagsEnum", + "documentation":"

    Enables or disables instance metadata tags retrieval.

    " + } + }, + "documentation":"

    Defines instance metadata service configuration.

    " + }, + "InstanceMetadataTagsEnum":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, + "InstanceNetworkInterfaceSpecification":{ + "type":"structure", + "members":{ + "AssociateCarrierIpAddress":{ + "shape":"Boolean", + "documentation":"

    Enables carrier IP address association.

    " + }, + "AssociatePublicIpAddress":{ + "shape":"Boolean", + "documentation":"

    Enables public IP address assignment.

    " + }, + "ConnectionTrackingSpecification":{ + "shape":"ConnectionTrackingSpecificationRequest", + "documentation":"

    Configures network connection tracking parameters.

    " + }, + "Description":{ + "shape":"Description", + "documentation":"

    Descriptive text for the network interface.

    " + }, + "DeviceIndex":{ + "shape":"NonNegativeInteger", + "documentation":"

    Unique index for the network interface.

    " + }, + "EnaSrdSpecification":{ + "shape":"EnaSrdSpecificationRequest", + "documentation":"

    Configures Elastic Network Adapter Scalable Reliable Datagram settings.

    " + }, + "InterfaceType":{ + "shape":"InterfaceTypeEnum", + "documentation":"

    Specifies the type of network interface.

    " + }, + "Ipv4Prefixes":{ + "shape":"Ipv4Prefixes", + "documentation":"

    IPv4 prefix configurations for the interface.

    " + }, + "Ipv4PrefixCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of IPv4 prefixes to assign.

    " + }, + "Ipv6AddressCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of IPv6 addresses to assign.

    " + }, + "Ipv6Addresses":{ + "shape":"Ipv6Addresses", + "documentation":"

    Specific IPv6 addresses for the interface.

    " + }, + "Ipv6Prefixes":{ + "shape":"Ipv6Prefixes", + "documentation":"

    IPv6 prefix configurations for the interface.

    " + }, + "Ipv6PrefixCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of IPv6 prefixes to assign.

    " + }, + "NetworkCardIndex":{ + "shape":"NonNegativeInteger", + "documentation":"

    Index of the network card for multiple network interfaces.

    " + }, + "NetworkInterfaceId":{ + "shape":"NetworkInterfaceId", + "documentation":"

    Unique identifier for the network interface.

    " + }, + "PrimaryIpv6":{ + "shape":"Boolean", + "documentation":"

    Indicates the primary IPv6 configuration.

    " + }, + "PrivateIpAddress":{ + "shape":"Ipv4Address", + "documentation":"

    Primary private IP address for the interface.

    " + }, + "PrivateIpAddresses":{ + "shape":"PrivateIpAddresses", + "documentation":"

    List of private IP addresses for the interface.

    " + }, + "SecondaryPrivateIpAddressCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Number of additional private IP addresses to assign.

    " + }, + "Groups":{ + "shape":"SecurityGroupIds", + "documentation":"

    Security groups associated with the network interface.

    " + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"

    Subnet identifier for the network interface.

    " + } + }, + "documentation":"

    Defines network interface configuration for WorkSpace Instance.

    " + }, + "InstanceNetworkPerformanceOptionsRequest":{ + "type":"structure", + "members":{ + "BandwidthWeighting":{ + "shape":"BandwidthWeightingEnum", + "documentation":"

    Defines bandwidth allocation strategy for network interfaces.

    " + } + }, + "documentation":"

    Configures network performance settings for WorkSpace Instance.

    " + }, + "InstanceType":{ + "type":"string", + "pattern":"([a-z0-9-]+)\\.([a-z0-9]+)" + }, + "InstanceTypeInfo":{ + "type":"structure", + "members":{ + "InstanceType":{ + "shape":"InstanceType", + "documentation":"

    Unique identifier for the WorkSpace Instance type.

    " + } + }, + "documentation":"

    Provides details about a specific WorkSpace Instance type.

    " + }, + "InstanceTypes":{ + "type":"list", + "member":{"shape":"InstanceTypeInfo"} + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InterfaceTypeEnum":{ + "type":"string", + "enum":[ + "interface", + "efa", + "efa-only" + ] + }, + "InternalServerException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the internal server error.

    " + }, + "RetryAfterSeconds":{ + "shape":"Integer", + "documentation":"

    Recommended wait time before retrying the request.

    " + } + }, + "documentation":"

    Indicates an unexpected server-side error occurred.

    ", + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "Ipv4Address":{ + "type":"string", + "pattern":"(\\b25[0-5]|\\b2[0-4][0-9]|\\b[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}", + "sensitive":true + }, + "Ipv4Prefix":{ + "type":"string", + "pattern":".*(?:(?:\\d|[01]?\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)(?:/\\d{1,2})?.*" + }, + "Ipv4PrefixSpecificationRequest":{ + "type":"structure", + "members":{ + "Ipv4Prefix":{ + "shape":"Ipv4Prefix", + "documentation":"

    Specific IPv4 prefix for network interface configuration.

    " + } + }, + "documentation":"

    Specifies IPv4 prefix configuration for network interfaces.

    " + }, + "Ipv4Prefixes":{ + "type":"list", + "member":{"shape":"Ipv4PrefixSpecificationRequest"} + }, + "Ipv6Address":{ + "type":"string", + "max":128, + "min":0, + "sensitive":true + }, + "Ipv6Addresses":{ + "type":"list", + "member":{"shape":"InstanceIpv6Address"} + }, + "Ipv6Prefix":{ + "type":"string", + "pattern":"(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\/([0-9]{1,2}|1[01][0-9]|12[0-8])" + }, + "Ipv6PrefixSpecificationRequest":{ + "type":"structure", + "members":{ + "Ipv6Prefix":{ + "shape":"Ipv6Prefix", + "documentation":"

    Specific IPv6 prefix for network interface configuration.

    " + } + }, + "documentation":"

    Specifies IPv6 prefix configuration for network interfaces.

    " + }, + "Ipv6Prefixes":{ + "type":"list", + "member":{"shape":"Ipv6PrefixSpecificationRequest"} + }, + "KmsKeyId":{ + "type":"string", + "max":128, + "min":0, + "sensitive":true + }, + "LicenseConfigurationRequest":{ + "type":"structure", + "members":{ + "LicenseConfigurationArn":{ + "shape":"ARN", + "documentation":"

    ARN of the license configuration for the WorkSpace Instance.

    " + } + }, + "documentation":"

    Specifies license configuration for WorkSpace Instance.

    " + }, + "LicenseSpecifications":{ + "type":"list", + "member":{"shape":"LicenseConfigurationRequest"} + }, + "ListInstanceTypesRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    Maximum number of instance types to return in a single API call. Enables pagination of instance type results.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Pagination token for retrieving subsequent pages of instance type results.

    " + } + }, + "documentation":"

    Defines input parameters for retrieving supported WorkSpaces Instances instance types.

    " + }, + "ListInstanceTypesResponse":{ + "type":"structure", + "required":["InstanceTypes"], + "members":{ + "InstanceTypes":{ + "shape":"InstanceTypes", + "documentation":"

    Collection of supported instance types for WorkSpaces Instances.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving additional instance types if the result set is paginated.

    " + } + }, + "documentation":"

    Contains the list of instance types supported by WorkSpaces Instances.

    " + }, + "ListRegionsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    Maximum number of regions to return in a single API call. Enables pagination of region results.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Pagination token for retrieving subsequent pages of region results.

    " + } + }, + "documentation":"

    Defines input parameters for retrieving supported WorkSpaces Instances regions.

    " + }, + "ListRegionsResponse":{ + "type":"structure", + "required":["Regions"], + "members":{ + "Regions":{ + "shape":"RegionList", + "documentation":"

    Collection of AWS regions supported by WorkSpaces Instances.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving additional regions if the result set is paginated.

    " + } + }, + "documentation":"

    Contains the list of supported AWS regions for WorkSpaces Instances.

    " + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["WorkspaceInstanceId"], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the WorkSpace Instance.

    " + } + }, + "documentation":"

    Specifies the WorkSpace Instance to retrieve tags for.

    " + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"TagList", + "documentation":"

    Collection of tags associated with the WorkSpace Instance.

    " + } + }, + "documentation":"

    Returns the list of tags for the specified WorkSpace Instance.

    " + }, + "ListWorkspaceInstancesRequest":{ + "type":"structure", + "members":{ + "ProvisionStates":{ + "shape":"ProvisionStates", + "documentation":"

    Filter WorkSpaces Instances by their current provisioning states.

    " + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"

    Maximum number of WorkSpaces Instances to return in a single response.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Pagination token for retrieving subsequent pages of WorkSpaces Instances.

    " + } + }, + "documentation":"

    Defines filters and pagination parameters for retrieving WorkSpaces Instances.

    " + }, + "ListWorkspaceInstancesResponse":{ + "type":"structure", + "required":["WorkspaceInstances"], + "members":{ + "WorkspaceInstances":{ + "shape":"WorkspaceInstances", + "documentation":"

    Collection of WorkSpaces Instances returned by the query.

    " + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

    Token for retrieving additional WorkSpaces Instances if the result set is paginated.

    " + } + }, + "documentation":"

    Contains the list of WorkSpaces Instances matching the specified criteria.

    " + }, + "ManagedInstanceRequest":{ + "type":"structure", + "members":{ + "BlockDeviceMappings":{ + "shape":"BlockDeviceMappings", + "documentation":"

    Configures block device mappings for storage.

    " + }, + "CapacityReservationSpecification":{ + "shape":"CapacityReservationSpecification", + "documentation":"

    Specifies capacity reservation preferences.

    " + }, + "CpuOptions":{ + "shape":"CpuOptionsRequest", + "documentation":"

    Configures CPU-specific settings.

    " + }, + "CreditSpecification":{ + "shape":"CreditSpecificationRequest", + "documentation":"

    Defines CPU credit configuration for burstable instances.

    " + }, + "DisableApiStop":{ + "shape":"Boolean", + "documentation":"

    Prevents API-initiated instance stop.

    " + }, + "EbsOptimized":{ + "shape":"Boolean", + "documentation":"

    Enables optimized EBS performance.

    " + }, + "EnablePrimaryIpv6":{ + "shape":"Boolean", + "documentation":"

    Enables primary IPv6 address configuration.

    " + }, + "EnclaveOptions":{ + "shape":"EnclaveOptionsRequest", + "documentation":"

    Configures AWS Nitro Enclave settings.

    " + }, + "HibernationOptions":{ + "shape":"HibernationOptionsRequest", + "documentation":"

    Configures instance hibernation capabilities.

    " + }, + "IamInstanceProfile":{ + "shape":"IamInstanceProfileSpecification", + "documentation":"

    Specifies IAM instance profile configuration.

    " + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"

    Identifies the Amazon Machine Image (AMI) for the instance.

    " + }, + "InstanceMarketOptions":{ + "shape":"InstanceMarketOptionsRequest", + "documentation":"

    Configures marketplace-specific deployment options.

    " + }, + "InstanceType":{ + "shape":"InstanceType", + "documentation":"

    Specifies the WorkSpace Instance type.

    " + }, + "Ipv6Addresses":{ + "shape":"Ipv6Addresses", + "documentation":"

    Configures specific IPv6 addresses.

    " + }, + "Ipv6AddressCount":{ + "shape":"NonNegativeInteger", + "documentation":"

    Specifies number of IPv6 addresses to assign.

    " + }, + "KernelId":{ + "shape":"String128", + "documentation":"

    Identifies the kernel for the instance.

    " + }, + "KeyName":{ + "shape":"String64", + "documentation":"

    Specifies the key pair for instance access.

    " + }, + "LicenseSpecifications":{ + "shape":"LicenseSpecifications", + "documentation":"

    Configures license-related settings.

    " + }, + "MaintenanceOptions":{ + "shape":"InstanceMaintenanceOptionsRequest", + "documentation":"

    Defines automatic maintenance settings.

    " + }, + "MetadataOptions":{ + "shape":"InstanceMetadataOptionsRequest", + "documentation":"

    Configures instance metadata service settings.

    " + }, + "Monitoring":{ + "shape":"RunInstancesMonitoringEnabled", + "documentation":"

    Enables or disables detailed instance monitoring.

    " + }, + "NetworkInterfaces":{ + "shape":"NetworkInterfaces", + "documentation":"

    Configures network interface settings.

    " + }, + "NetworkPerformanceOptions":{ + "shape":"InstanceNetworkPerformanceOptionsRequest", + "documentation":"

    Defines network performance configuration.

    " + }, + "Placement":{ + "shape":"Placement", + "documentation":"

    Specifies instance placement preferences.

    " + }, + "PrivateDnsNameOptions":{ + "shape":"PrivateDnsNameOptionsRequest", + "documentation":"

    Configures private DNS name settings.

    " + }, + "PrivateIpAddress":{ + "shape":"Ipv4Address", + "documentation":"

    Specifies the primary private IP address.

    " + }, + "RamdiskId":{ + "shape":"String128", + "documentation":"

    Identifies the ramdisk for the instance.

    " + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"

    Specifies security group identifiers.

    " + }, + "SecurityGroups":{ + "shape":"SecurityGroupNames", + "documentation":"

    Configures security group settings.

    " + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"

    Identifies the subnet for the instance.

    " + }, + "TagSpecifications":{ + "shape":"TagSpecifications", + "documentation":"

    Configures resource tagging specifications.

    " + }, + "UserData":{ + "shape":"UserData", + "documentation":"

    Provides custom initialization data for the instance.

    " + } + }, + "documentation":"

    Defines comprehensive configuration for a managed WorkSpace Instance.

    " + }, + "MarketTypeEnum":{ + "type":"string", + "enum":[ + "spot", + "capacity-block" + ] + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "NetworkInterfaceId":{ + "type":"string", + "pattern":"eni-[0-9a-zA-Z]{1,63}" + }, + "NetworkInterfaces":{ + "type":"list", + "member":{"shape":"InstanceNetworkInterfaceSpecification"} + }, + "NextToken":{ + "type":"string", + "max":2048, + "min":1, + "sensitive":true + }, + "NonNegativeInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "Placement":{ + "type":"structure", + "members":{ + "Affinity":{ + "shape":"String64", + "documentation":"

    Specifies host affinity for dedicated instances.

    " + }, + "AvailabilityZone":{ + "shape":"AvailabilityZone", + "documentation":"

    Identifies the specific AWS availability zone.

    " + }, + "GroupId":{ + "shape":"PlacementGroupId", + "documentation":"

    Unique identifier for placement group.

    " + }, + "GroupName":{ + "shape":"String64", + "documentation":"

    Name of the placement group.

    " + }, + "HostId":{ + "shape":"HostId", + "documentation":"

    Identifies the specific dedicated host.

    " + }, + "HostResourceGroupArn":{ + "shape":"ARN", + "documentation":"

    ARN of the host resource group.

    " + }, + "PartitionNumber":{ + "shape":"NonNegativeInteger", + "documentation":"

    Specifies partition number for partition placement groups.

    " + }, + "Tenancy":{ + "shape":"TenancyEnum", + "documentation":"

    Defines instance tenancy configuration.

    " + } + }, + "documentation":"

    Defines instance placement configuration for WorkSpace Instance.

    " + }, + "PlacementGroupId":{ + "type":"string", + "pattern":"pg-[0-9a-zA-Z]{1,63}" + }, + "PrivateDnsNameOptionsRequest":{ + "type":"structure", + "members":{ + "HostnameType":{ + "shape":"HostnameTypeEnum", + "documentation":"

    Specifies the type of hostname configuration.

    " + }, + "EnableResourceNameDnsARecord":{ + "shape":"Boolean", + "documentation":"

    Enables DNS A record for resource name resolution.

    " + }, + "EnableResourceNameDnsAAAARecord":{ + "shape":"Boolean", + "documentation":"

    Enables DNS AAAA record for resource name resolution.

    " + } + }, + "documentation":"

    Configures private DNS name settings for WorkSpace Instance.

    " + }, + "PrivateIpAddressSpecification":{ + "type":"structure", + "members":{ + "Primary":{ + "shape":"Boolean", + "documentation":"

    Indicates if this is the primary private IP address.

    " + }, + "PrivateIpAddress":{ + "shape":"Ipv4Address", + "documentation":"

    Specific private IP address for the network interface.

    " + } + }, + "documentation":"

    Defines private IP address configuration for network interface.

    " + }, + "PrivateIpAddresses":{ + "type":"list", + "member":{"shape":"PrivateIpAddressSpecification"} + }, + "ProvisionStateEnum":{ + "type":"string", + "enum":[ + "ALLOCATING", + "ALLOCATED", + "DEALLOCATING", + "DEALLOCATED", + "ERROR_ALLOCATING", + "ERROR_DEALLOCATING" + ] + }, + "ProvisionStates":{ + "type":"list", + "member":{"shape":"ProvisionStateEnum"} + }, + "Region":{ + "type":"structure", + "members":{ + "RegionName":{ + "shape":"RegionName", + "documentation":"

    Name of the AWS region.

    " + } + }, + "documentation":"

    Represents an AWS region supported by WorkSpaces Instances.

    " + }, + "RegionList":{ + "type":"list", + "member":{"shape":"Region"} + }, + "RegionName":{ + "type":"string", + "pattern":"[-0-9a-z]{1,31}" + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType" + ], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Details about the missing resource.

    " + }, + "ResourceId":{ + "shape":"String", + "documentation":"

    Identifier of the resource that was not found.

    " + }, + "ResourceType":{ + "shape":"String", + "documentation":"

    Type of the resource that was not found.

    " + } + }, + "documentation":"

    Indicates the requested resource could not be found.

    ", + "exception":true + }, + "ResourceTypeEnum":{ + "type":"string", + "enum":[ + "instance", + "volume", + "spot-instances-request", + "network-interface" + ] + }, + "RunInstancesMonitoringEnabled":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"

    Enables or disables detailed instance monitoring.

    " + } + }, + "documentation":"

    Configures detailed monitoring for WorkSpace Instance.

    " + }, + "SecurityGroupId":{ + "type":"string", + "pattern":"sg-[0-9a-zA-Z]{1,63}" + }, + "SecurityGroupIds":{ + "type":"list", + "member":{"shape":"SecurityGroupId"} + }, + "SecurityGroupName":{ + "type":"string", + "pattern":"(?!sg-)[\\w .:/()#,@\\[\\]+=&;{}!$*-]{0,255}" + }, + "SecurityGroupNames":{ + "type":"list", + "member":{"shape":"SecurityGroupName"} + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType", + "ServiceCode", + "QuotaCode" + ], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the quota limitation.

    " + }, + "ResourceId":{ + "shape":"String", + "documentation":"

    Identifier of the resource related to the quota.

    " + }, + "ResourceType":{ + "shape":"String", + "documentation":"

    Type of resource related to the quota.

    " + }, + "ServiceCode":{ + "shape":"String", + "documentation":"

    Code identifying the service with the quota limitation.

    " + }, + "QuotaCode":{ + "shape":"String", + "documentation":"

    Specific code for the exceeded quota.

    " + } + }, + "documentation":"

    Indicates that a service quota has been exceeded.

    ", + "exception":true + }, + "SnapshotId":{ + "type":"string", + "pattern":"snap-[0-9a-zA-Z]{1,63}" + }, + "SpotInstanceTypeEnum":{ + "type":"string", + "enum":[ + "one-time", + "persistent" + ] + }, + "SpotMarketOptions":{ + "type":"structure", + "members":{ + "BlockDurationMinutes":{ + "shape":"NonNegativeInteger", + "documentation":"

    Duration of spot instance block reservation.

    " + }, + "InstanceInterruptionBehavior":{ + "shape":"InstanceInterruptionBehaviorEnum", + "documentation":"

    Specifies behavior when spot instance is interrupted.

    " + }, + "MaxPrice":{ + "shape":"String64", + "documentation":"

    Maximum hourly price for spot instance.

    " + }, + "SpotInstanceType":{ + "shape":"SpotInstanceTypeEnum", + "documentation":"

    Defines the type of spot instance request.

    " + }, + "ValidUntilUtc":{ + "shape":"Timestamp", + "documentation":"

    Timestamp until which spot instance request is valid.

    " + } + }, + "documentation":"

    Defines configuration for spot instance deployment.

    " + }, + "String":{"type":"string"}, + "String128":{ + "type":"string", + "max":128, + "min":0 + }, + "String64":{ + "type":"string", + "max":64, + "min":0 + }, + "SubnetId":{ + "type":"string", + "pattern":"subnet-[0-9a-zA-Z]{1,63}" + }, + "Tag":{ + "type":"structure", + "members":{ + "Key":{ + "shape":"TagKey", + "documentation":"

    Unique identifier for the tag.

    " + }, + "Value":{ + "shape":"TagValue", + "documentation":"

    Value associated with the tag key.

    " + } + }, + "documentation":"

    Represents a key-value metadata tag.

    " + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+)" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":30, + "min":1 + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "max":30, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "WorkspaceInstanceId", + "Tags" + ], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the WorkSpace Instance to tag.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Tags to be added to the WorkSpace Instance.

    " + } + }, + "documentation":"

    Specifies tags to add to a WorkSpace Instance.

    " + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms successful tag addition.

    " + }, + "TagSpecification":{ + "type":"structure", + "members":{ + "ResourceType":{ + "shape":"ResourceTypeEnum", + "documentation":"

    Type of resource being tagged.

    " + }, + "Tags":{ + "shape":"TagList", + "documentation":"

    Collection of tags for the specified resource.

    " + } + }, + "documentation":"

    Defines tagging configuration for a resource.

    " + }, + "TagSpecifications":{ + "type":"list", + "member":{"shape":"TagSpecification"}, + "max":30, + "min":0 + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" + }, + "TenancyEnum":{ + "type":"string", + "enum":[ + "default", + "dedicated", + "host" + ] + }, + "ThrottlingException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Description of the throttling event.

    " + }, + "ServiceCode":{ + "shape":"String", + "documentation":"

    Code identifying the service experiencing throttling.

    " + }, + "QuotaCode":{ + "shape":"String", + "documentation":"

    Specific code for the throttling quota.

    " + }, + "RetryAfterSeconds":{ + "shape":"Integer", + "documentation":"

    Recommended wait time before retrying the request.

    " + } + }, + "documentation":"

    Indicates the request rate has exceeded limits.

    ", + "exception":true, + "retryable":{"throttling":true} + }, + "Timestamp":{"type":"timestamp"}, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "WorkspaceInstanceId", + "TagKeys" + ], + "members":{ + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier of the WorkSpace Instance to untag.

    " + }, + "TagKeys":{ + "shape":"TagKeyList", + "documentation":"

    Keys of tags to be removed.

    " + } + }, + "documentation":"

    Specifies tags to remove from a WorkSpace Instance.

    " + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

    Confirms successful tag removal.

    " + }, + "UserData":{ + "type":"string", + "max":16000, + "min":0, + "sensitive":true + }, + "ValidationException":{ + "type":"structure", + "required":[ + "Message", + "Reason" + ], + "members":{ + "Message":{ + "shape":"String", + "documentation":"

    Overall description of validation failures.

    " + }, + "Reason":{ + "shape":"ValidationExceptionReason", + "documentation":"

    Specific reason for the validation failure.

    " + }, + "FieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    List of fields that failed validation.

    " + } + }, + "documentation":"

    Indicates invalid input parameters in the request.

    ", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "Name", + "Reason", + "Message" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"

    Name of the field that failed validation.

    " + }, + "Reason":{ + "shape":"String", + "documentation":"

    Reason for the validation failure.

    " + }, + "Message":{ + "shape":"String", + "documentation":"

    Detailed error message describing the validation issue.

    " + } + }, + "documentation":"

    Represents a validation error field in an API request.

    " + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "UNKNOWN_OPERATION", + "UNSUPPORTED_OPERATION", + "CANNOT_PARSE", + "FIELD_VALIDATION_FAILED", + "DEPENDENCY_FAILURE", + "OTHER" + ] + }, + "VirtualName":{ + "type":"string", + "pattern":"ephemeral(0|[1-9][0-9]{0,2})" + }, + "VolumeId":{ + "type":"string", + "pattern":"vol-[0-9a-zA-Z]{1,63}" + }, + "VolumeTypeEnum":{ + "type":"string", + "enum":[ + "standard", + "io1", + "io2", + "gp2", + "sc1", + "st1", + "gp3" + ] + }, + "WorkspaceInstance":{ + "type":"structure", + "members":{ + "ProvisionState":{ + "shape":"ProvisionStateEnum", + "documentation":"

    Current provisioning state of the WorkSpace Instance.

    " + }, + "WorkspaceInstanceId":{ + "shape":"WorkspaceInstanceId", + "documentation":"

    Unique identifier for the WorkSpace Instance.

    " + }, + "EC2ManagedInstance":{ + "shape":"EC2ManagedInstance", + "documentation":"

    Details of the associated EC2 managed instance.

    " + } + }, + "documentation":"

    Represents a single WorkSpace Instance.

    " + }, + "WorkspaceInstanceError":{ + "type":"structure", + "members":{ + "ErrorCode":{ + "shape":"String", + "documentation":"

    Unique error code for the WorkSpace Instance error.

    " + }, + "ErrorMessage":{ + "shape":"String", + "documentation":"

    Detailed description of the WorkSpace Instance error.

    " + } + }, + "documentation":"

    Captures errors specific to WorkSpace Instance operations.

    " + }, + "WorkspaceInstanceErrors":{ + "type":"list", + "member":{"shape":"WorkspaceInstanceError"} + }, + "WorkspaceInstanceId":{ + "type":"string", + "max":70, + "min":15, + "pattern":"wsinst-[0-9a-zA-Z]{8,63}" + }, + "WorkspaceInstances":{ + "type":"list", + "member":{"shape":"WorkspaceInstance"} + } + }, + "documentation":"

    Amazon WorkSpaces Instances provides an API framework for managing virtual workspace environments across multiple AWS regions, enabling programmatic creation and configuration of desktop infrastructure.

    " +} diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/waiters-2.json 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/waiters-2.json --- 2.23.6-1/awscli/botocore/data/workspaces-instances/2022-07-26/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-instances/2022-07-26/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/service-2.json 2.31.35-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/service-2.json --- 2.23.6-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-thin-client/2023-08-22/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -26,9 +26,9 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Creates an environment for your thin client devices.

    ", @@ -46,9 +46,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes a thin client device.

    ", @@ -67,9 +67,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deletes an environment.

    ", @@ -88,9 +88,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Deregisters a thin client device.

    ", @@ -239,9 +239,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Assigns one or more tags (key-value pairs) to the specified resource.

    ", @@ -259,9 +259,9 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, - {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], "documentation":"

    Removes a tag or tags from a resource.

    ", @@ -300,6 +300,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} @@ -344,7 +345,8 @@ }, "ActivationCode":{ "type":"string", - "pattern":"[a-z]{2}[a-z0-9]{6}" + "pattern":"[a-z]{2}[a-z0-9]{6}", + "sensitive":true }, "ApplyTimeOf":{ "type":"string", @@ -634,9 +636,9 @@ "shape":"KmsKeyArn", "documentation":"

    The Amazon Resource Name (ARN) of the Key Management Service key used to encrypt the device.

    " }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    The tag keys and optional values for the resource.

    " + "lastUserId":{ + "shape":"UserId", + "documentation":"

    The user ID of the most recent session on the device.

    " } }, "documentation":"

    Describes a thin client device.

    " @@ -671,7 +673,9 @@ }, "DeviceName":{ "type":"string", - "pattern":"[0-9\\p{IsAlphabetic}+:,.@'\" -]{1,64}", + "max":64, + "min":0, + "pattern":"$|^[0-9\\p{IsAlphabetic}+:,.@'\" -]*", "sensitive":true }, "DeviceSoftwareSetComplianceStatus":{ @@ -753,6 +757,10 @@ "arn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the device.

    " + }, + "lastUserId":{ + "shape":"UserId", + "documentation":"

    The user ID of the most recent session on the device.

    " } }, "documentation":"

    Describes a thin client device.

    " @@ -832,10 +840,6 @@ "shape":"KmsKeyArn", "documentation":"

    The Amazon Resource Name (ARN) of the Key Management Service key used to encrypt the environment.

    " }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    The tag keys and optional values for the resource.

    " - }, "deviceCreationTags":{ "shape":"DeviceCreationTagsMap", "documentation":"

    The tag keys and optional values for the newly created devices for this environment.

    " @@ -853,7 +857,9 @@ }, "EnvironmentName":{ "type":"string", - "pattern":"[0-9\\p{IsAlphabetic}+:,.@'\" -][0-9\\p{IsAlphabetic}+=:,.@'\" -]{0,63}", + "max":64, + "min":0, + "pattern":"$|^[0-9\\p{IsAlphabetic}+:,.@'\" -][0-9\\p{IsAlphabetic}+=:,.@'\" -]*", "sensitive":true }, "EnvironmentSoftwareSetComplianceStatus":{ @@ -1298,10 +1304,6 @@ "arn":{ "shape":"Arn", "documentation":"

    The Amazon Resource Name (ARN) of the software set.

    " - }, - "tags":{ - "shape":"TagsMap", - "documentation":"

    The tag keys and optional values for the resource.

    " } }, "documentation":"

    Describes a software set.

    " @@ -1583,6 +1585,10 @@ "members":{ } }, + "UserId":{ + "type":"string", + "sensitive":true + }, "ValidationException":{ "type":"structure", "members":{ diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/paginators-1.json 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/paginators-1.json --- 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/paginators-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/paginators-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "dataProtectionSettings" + }, + "ListSessionLoggers": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "sessionLoggers" } } } diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json --- 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2020-07-08", + "auth":["aws.auth#sigv4"], "endpointPrefix":"workspaces-web", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"Amazon WorkSpaces Web", "serviceId":"WorkSpaces Web", "signatureVersion":"v4", "signingName":"workspaces-web", - "uid":"workspaces-web-2020-07-08", - "auth":["aws.auth#sigv4"] + "uid":"workspaces-web-2020-07-08" }, "operations":{ "AssociateBrowserSettings":{ @@ -94,6 +93,26 @@ "documentation":"

    Associates a network settings resource with a web portal.

    ", "idempotent":true }, + "AssociateSessionLogger":{ + "name":"AssociateSessionLogger", + "http":{ + "method":"PUT", + "requestUri":"/portals/{portalArn+}/sessionLogger", + "responseCode":200 + }, + "input":{"shape":"AssociateSessionLoggerRequest"}, + "output":{"shape":"AssociateSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Associates a session logger with a portal.

    ", + "idempotent":true + }, "AssociateTrustStore":{ "name":"AssociateTrustStore", "http":{ @@ -272,6 +291,25 @@ ], "documentation":"

    Creates a web portal.

    " }, + "CreateSessionLogger":{ + "name":"CreateSessionLogger", + "http":{ + "method":"POST", + "requestUri":"/sessionLoggers", + "responseCode":200 + }, + "input":{"shape":"CreateSessionLoggerRequest"}, + "output":{"shape":"CreateSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Creates a session logger.

    " + }, "CreateTrustStore":{ "name":"CreateTrustStore", "http":{ @@ -443,6 +481,25 @@ "documentation":"

    Deletes a web portal.

    ", "idempotent":true }, + "DeleteSessionLogger":{ + "name":"DeleteSessionLogger", + "http":{ + "method":"DELETE", + "requestUri":"/sessionLoggers/{sessionLoggerArn+}", + "responseCode":200 + }, + "input":{"shape":"DeleteSessionLoggerRequest"}, + "output":{"shape":"DeleteSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} + ], + "documentation":"

    Deletes a session logger resource.

    ", + "idempotent":true + }, "DeleteTrustStore":{ "name":"DeleteTrustStore", "http":{ @@ -580,6 +637,25 @@ "documentation":"

    Disassociates network settings from a web portal.

    ", "idempotent":true }, + "DisassociateSessionLogger":{ + "name":"DisassociateSessionLogger", + "http":{ + "method":"DELETE", + "requestUri":"/portals/{portalArn+}/sessionLogger", + "responseCode":200 + }, + "input":{"shape":"DisassociateSessionLoggerRequest"}, + "output":{"shape":"DisassociateSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Disassociates a session logger from a portal.

    ", + "idempotent":true + }, "DisassociateTrustStore":{ "name":"DisassociateTrustStore", "http":{ @@ -803,6 +879,24 @@ ], "documentation":"

    Gets information for a secure browser session.

    " }, + "GetSessionLogger":{ + "name":"GetSessionLogger", + "http":{ + "method":"GET", + "requestUri":"/sessionLoggers/{sessionLoggerArn+}", + "responseCode":200 + }, + "input":{"shape":"GetSessionLoggerRequest"}, + "output":{"shape":"GetSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Gets details about a specific session logger resource.

    " + }, "GetTrustStore":{ "name":"GetTrustStore", "http":{ @@ -977,6 +1071,23 @@ ], "documentation":"

    Retrieves a list or web portals.

    " }, + "ListSessionLoggers":{ + "name":"ListSessionLoggers", + "http":{ + "method":"GET", + "requestUri":"/sessionLoggers", + "responseCode":200 + }, + "input":{"shape":"ListSessionLoggersRequest"}, + "output":{"shape":"ListSessionLoggersResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Lists all available session logger resources.

    " + }, "ListSessions":{ "name":"ListSessions", "http":{ @@ -1231,6 +1342,24 @@ "documentation":"

    Updates a web portal.

    ", "idempotent":true }, + "UpdateSessionLogger":{ + "name":"UpdateSessionLogger", + "http":{ + "method":"POST", + "requestUri":"/sessionLoggers/{sessionLoggerArn+}", + "responseCode":200 + }, + "input":{"shape":"UpdateSessionLoggerRequest"}, + "output":{"shape":"UpdateSessionLoggerResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"

    Updates the details of a session logger.

    " + }, "UpdateTrustStore":{ "name":"UpdateTrustStore", "http":{ @@ -1292,7 +1421,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$" + "pattern":"arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+" }, "AccessDeniedException":{ "type":"structure", @@ -1313,152 +1442,190 @@ "AssociateBrowserSettingsRequest":{ "type":"structure", "required":[ - "browserSettingsArn", - "portalArn" + "portalArn", + "browserSettingsArn" ], "members":{ - "browserSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the browser settings.

    ", - "location":"querystring", - "locationName":"browserSettingsArn" - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    ", "location":"uri", "locationName":"portalArn" + }, + "browserSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the browser settings.

    ", + "location":"querystring", + "locationName":"browserSettingsArn" } } }, "AssociateBrowserSettingsResponse":{ "type":"structure", "required":[ - "browserSettingsArn", - "portalArn" + "portalArn", + "browserSettingsArn" ], "members":{ - "browserSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the browser settings.

    " - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    " + }, + "browserSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the browser settings.

    " } } }, "AssociateDataProtectionSettingsRequest":{ "type":"structure", "required":[ - "dataProtectionSettingsArn", - "portalArn" + "portalArn", + "dataProtectionSettingsArn" ], "members":{ - "dataProtectionSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the data protection settings.

    ", - "location":"querystring", - "locationName":"dataProtectionSettingsArn" - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    ", "location":"uri", "locationName":"portalArn" + }, + "dataProtectionSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the data protection settings.

    ", + "location":"querystring", + "locationName":"dataProtectionSettingsArn" } } }, "AssociateDataProtectionSettingsResponse":{ "type":"structure", "required":[ - "dataProtectionSettingsArn", - "portalArn" + "portalArn", + "dataProtectionSettingsArn" ], "members":{ - "dataProtectionSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the data protection settings resource.

    " - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    " + }, + "dataProtectionSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the data protection settings resource.

    " } } }, "AssociateIpAccessSettingsRequest":{ "type":"structure", "required":[ - "ipAccessSettingsArn", - "portalArn" + "portalArn", + "ipAccessSettingsArn" ], "members":{ - "ipAccessSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the IP access settings.

    ", - "location":"querystring", - "locationName":"ipAccessSettingsArn" - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    ", "location":"uri", "locationName":"portalArn" + }, + "ipAccessSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the IP access settings.

    ", + "location":"querystring", + "locationName":"ipAccessSettingsArn" } } }, "AssociateIpAccessSettingsResponse":{ "type":"structure", "required":[ - "ipAccessSettingsArn", - "portalArn" + "portalArn", + "ipAccessSettingsArn" ], "members":{ - "ipAccessSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the IP access settings resource.

    " - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    " + }, + "ipAccessSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the IP access settings resource.

    " } } }, "AssociateNetworkSettingsRequest":{ "type":"structure", "required":[ - "networkSettingsArn", - "portalArn" + "portalArn", + "networkSettingsArn" ], "members":{ + "portalArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the web portal.

    ", + "location":"uri", + "locationName":"portalArn" + }, "networkSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the network settings.

    ", "location":"querystring", "locationName":"networkSettingsArn" + } + } + }, + "AssociateNetworkSettingsResponse":{ + "type":"structure", + "required":[ + "portalArn", + "networkSettingsArn" + ], + "members":{ + "portalArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the web portal.

    " }, + "networkSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the network settings.

    " + } + } + }, + "AssociateSessionLoggerRequest":{ + "type":"structure", + "required":[ + "portalArn", + "sessionLoggerArn" + ], + "members":{ "portalArn":{ "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    ", + "documentation":"

    The ARN of the portal to associate to the session logger ARN.

    ", "location":"uri", "locationName":"portalArn" + }, + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger to associate to the portal ARN.

    ", + "location":"querystring", + "locationName":"sessionLoggerArn" } } }, - "AssociateNetworkSettingsResponse":{ + "AssociateSessionLoggerResponse":{ "type":"structure", "required":[ - "networkSettingsArn", - "portalArn" + "portalArn", + "sessionLoggerArn" ], "members":{ - "networkSettingsArn":{ + "portalArn":{ "shape":"ARN", - "documentation":"

    The ARN of the network settings.

    " + "documentation":"

    The ARN of the portal.

    " }, - "portalArn":{ + "sessionLoggerArn":{ "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    " + "documentation":"

    The ARN of the session logger.

    " } } }, @@ -1594,9 +1761,9 @@ "type":"structure", "required":["browserSettingsArn"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the browser settings.

    " + "browserSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the browser settings.

    " }, "associatedPortalArns":{ "shape":"ArnList", @@ -1606,13 +1773,13 @@ "shape":"BrowserPolicy", "documentation":"

    A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions.

    " }, - "browserSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the browser settings.

    " - }, "customerManagedKey":{ "shape":"keyArn", "documentation":"

    The customer managed key used to encrypt sensitive information in the browser settings.

    " + }, + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the browser settings.

    " } }, "documentation":"

    The browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal.

    " @@ -1640,40 +1807,44 @@ "type":"string", "max":50, "min":1, - "pattern":"^[_\\-\\d\\w]+$", + "pattern":"[_\\-\\d\\w]+", "sensitive":true }, "Certificate":{ "type":"structure", "members":{ - "body":{ - "shape":"CertificateAuthorityBody", - "documentation":"

    The body of the certificate.

    " + "thumbprint":{ + "shape":"CertificateThumbprint", + "documentation":"

    A hexadecimal identifier for the certificate.

    " + }, + "subject":{ + "shape":"CertificatePrincipal", + "documentation":"

    The entity the certificate belongs to.

    " }, "issuer":{ "shape":"CertificatePrincipal", "documentation":"

    The entity that issued the certificate.

    " }, - "notValidAfter":{ - "shape":"Timestamp", - "documentation":"

    The certificate is not valid after this date.

    " - }, "notValidBefore":{ "shape":"Timestamp", "documentation":"

    The certificate is not valid before this date.

    " }, - "subject":{ - "shape":"CertificatePrincipal", - "documentation":"

    The entity the certificate belongs to.

    " + "notValidAfter":{ + "shape":"Timestamp", + "documentation":"

    The certificate is not valid after this date.

    " }, - "thumbprint":{ - "shape":"CertificateThumbprint", - "documentation":"

    A hexadecimal identifier for the certificate.

    " + "body":{ + "shape":"CertificateAuthorityBody", + "documentation":"

    The body of the certificate.

    " } }, "documentation":"

    The certificate.

    " }, - "CertificateAuthorityBody":{"type":"blob"}, + "CertificateAuthorityBody":{ + "type":"blob", + "max":32768, + "min":1 + }, "CertificateList":{ "type":"list", "member":{"shape":"CertificateAuthorityBody"} @@ -1682,30 +1853,30 @@ "type":"string", "max":256, "min":1, - "pattern":"^\\S+$" + "pattern":"\\S+" }, "CertificateSummary":{ "type":"structure", "members":{ + "thumbprint":{ + "shape":"CertificateThumbprint", + "documentation":"

    A hexadecimal identifier for the certificate.

    " + }, + "subject":{ + "shape":"CertificatePrincipal", + "documentation":"

    The entity the certificate belongs to.

    " + }, "issuer":{ "shape":"CertificatePrincipal", "documentation":"

    The entity that issued the certificate.

    " }, - "notValidAfter":{ - "shape":"Timestamp", - "documentation":"

    The certificate is not valid after this date.

    " - }, "notValidBefore":{ "shape":"Timestamp", "documentation":"

    The certificate is not valid before this date.

    " }, - "subject":{ - "shape":"CertificatePrincipal", - "documentation":"

    The entity the certificate belongs to.

    " - }, - "thumbprint":{ - "shape":"CertificateThumbprint", - "documentation":"

    A hexadecimal identifier for the certificate.

    " + "notValidAfter":{ + "shape":"Timestamp", + "documentation":"

    The certificate is not valid after this date.

    " } }, "documentation":"

    The summary of the certificate.

    " @@ -1718,7 +1889,7 @@ "type":"string", "max":64, "min":64, - "pattern":"^[A-Fa-f0-9]{64}$" + "pattern":"[A-Fa-f0-9]{64}" }, "CertificateThumbprintList":{ "type":"list", @@ -1759,7 +1930,7 @@ "type":"string", "max":253, "min":0, - "pattern":"^(\\.?)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)*[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$", + "pattern":"(\\.?)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\\.)*[a-z0-9][a-z0-9-]{0,61}[a-z0-9]", "sensitive":true }, "CookieName":{ @@ -1772,7 +1943,7 @@ "type":"string", "max":2000, "min":0, - "pattern":"^/(\\S)*$", + "pattern":"/(\\S)*", "sensitive":true }, "CookieSpecification":{ @@ -1820,6 +1991,14 @@ "type":"structure", "required":["browserPolicy"], "members":{ + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the browser settings resource. A tag is a key-value pair.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The custom managed key of the browser settings.

    " + }, "additionalEncryptionContext":{ "shape":"EncryptionContextMap", "documentation":"

    Additional encryption context of the browser settings.

    " @@ -1832,14 +2011,6 @@ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", "idempotencyToken":true - }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The custom managed key of the browser settings.

    " - }, - "tags":{ - "shape":"TagList", - "documentation":"

    The tags to add to the browser settings resource. A tag is a key-value pair.

    " } } }, @@ -1856,34 +2027,34 @@ "CreateDataProtectionSettingsRequest":{ "type":"structure", "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    Additional encryption context of the data protection settings.

    " + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The display name of the data protection settings.

    " }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true + "description":{ + "shape":"DescriptionSafe", + "documentation":"

    The description of the data protection settings.

    " + }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the data protection settings resource. A tag is a key-value pair.

    " }, "customerManagedKey":{ "shape":"keyArn", "documentation":"

    The custom managed key of the data protection settings.

    " }, - "description":{ - "shape":"DescriptionSafe", - "documentation":"

    The description of the data protection settings.

    " - }, - "displayName":{ - "shape":"DisplayNameSafe", - "documentation":"

    The display name of the data protection settings.

    " + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    Additional encryption context of the data protection settings.

    " }, "inlineRedactionConfiguration":{ "shape":"InlineRedactionConfiguration", "documentation":"

    The inline redaction configuration of the data protection settings that will be applied to all sessions.

    " }, - "tags":{ - "shape":"TagList", - "documentation":"

    The tags to add to the data protection settings resource. A tag is a key-value pair.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -1900,20 +2071,15 @@ "CreateIdentityProviderRequest":{ "type":"structure", "required":[ - "identityProviderDetails", + "portalArn", "identityProviderName", "identityProviderType", - "portalArn" + "identityProviderDetails" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "identityProviderDetails":{ - "shape":"IdentityProviderDetails", - "documentation":"

    The identity provider details. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " + "portalArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the web portal.

    " }, "identityProviderName":{ "shape":"IdentityProviderName", @@ -1923,9 +2089,14 @@ "shape":"IdentityProviderType", "documentation":"

    The identity provider type.

    " }, - "portalArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    " + "identityProviderDetails":{ + "shape":"IdentityProviderDetails", + "documentation":"

    The identity provider details. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true }, "tags":{ "shape":"TagList", @@ -1947,34 +2118,34 @@ "type":"structure", "required":["ipRules"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    Additional encryption context of the IP access settings.

    " + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The display name of the IP access settings.

    " }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true + "description":{ + "shape":"Description", + "documentation":"

    The description of the IP access settings.

    " + }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the IP access settings resource. A tag is a key-value pair.

    " }, "customerManagedKey":{ "shape":"keyArn", "documentation":"

    The custom managed key of the IP access settings.

    " }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the IP access settings.

    " - }, - "displayName":{ - "shape":"DisplayName", - "documentation":"

    The display name of the IP access settings.

    " + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    Additional encryption context of the IP access settings.

    " }, "ipRules":{ "shape":"IpRuleList", "documentation":"

    The IP rules of the IP access settings.

    " }, - "tags":{ - "shape":"TagList", - "documentation":"

    The tags to add to the IP access settings resource. A tag is a key-value pair.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -1991,31 +2162,31 @@ "CreateNetworkSettingsRequest":{ "type":"structure", "required":[ - "securityGroupIds", + "vpcId", "subnetIds", - "vpcId" + "securityGroupIds" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "securityGroupIds":{ - "shape":"SecurityGroupIdList", - "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The VPC that streaming instances will connect to.

    " }, "subnetIds":{ "shape":"SubnetIdList", "documentation":"

    The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.

    " }, + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " + }, "tags":{ "shape":"TagList", "documentation":"

    The tags to add to the network settings resource. A tag is a key-value pair.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The VPC that streaming instances will connect to.

    " + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -2032,26 +2203,30 @@ "CreatePortalRequest":{ "type":"structure", "members":{ + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The name of the web portal. This is not visible to users who log into the web portal.

    " + }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the web portal. A tag is a key-value pair.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The customer managed key of the web portal.

    " + }, "additionalEncryptionContext":{ "shape":"EncryptionContextMap", "documentation":"

    The additional encryption context of the portal.

    " }, - "authenticationType":{ - "shape":"AuthenticationType", - "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " - }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", "idempotencyToken":true }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The customer managed key of the web portal.

    " - }, - "displayName":{ - "shape":"DisplayName", - "documentation":"

    The name of the web portal. This is not visible to users who log into the web portal.

    " + "authenticationType":{ + "shape":"AuthenticationType", + "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " }, "instanceType":{ "shape":"InstanceType", @@ -2060,10 +2235,6 @@ "maxConcurrentSessions":{ "shape":"MaxConcurrentSessions", "documentation":"

    The maximum number of concurrent sessions for the portal.

    " - }, - "tags":{ - "shape":"TagList", - "documentation":"

    The tags to add to the web portal. A tag is a key-value pair.

    " } } }, @@ -2084,6 +2255,54 @@ } } }, + "CreateSessionLoggerRequest":{ + "type":"structure", + "required":[ + "eventFilter", + "logConfiguration" + ], + "members":{ + "eventFilter":{ + "shape":"EventFilter", + "documentation":"

    The filter that specifies the events to monitor.

    " + }, + "logConfiguration":{ + "shape":"LogConfiguration", + "documentation":"

    The configuration that specifies where logs are delivered.

    " + }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The human-readable display name for the session logger resource.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The custom managed key of the session logger.

    " + }, + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the session logger.

    " + }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the session logger.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK.

    ", + "idempotencyToken":true + } + } + }, + "CreateSessionLoggerResponse":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger.

    " + } + } + }, "CreateTrustStoreRequest":{ "type":"structure", "required":["certificateList"], @@ -2092,14 +2311,14 @@ "shape":"CertificateList", "documentation":"

    A list of CA certificates to be added to the trust store.

    " }, + "tags":{ + "shape":"TagList", + "documentation":"

    The tags to add to the trust store. A tag is a key-value pair.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", "idempotencyToken":true - }, - "tags":{ - "shape":"TagList", - "documentation":"

    The tags to add to the trust store. A tag is a key-value pair.

    " } } }, @@ -2117,11 +2336,6 @@ "type":"structure", "required":["kinesisStreamArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, "kinesisStreamArn":{ "shape":"KinesisStreamArn", "documentation":"

    The ARN of the Kinesis stream.

    " @@ -2129,6 +2343,11 @@ "tags":{ "shape":"TagList", "documentation":"

    The tags to add to the user settings resource. A tag is a key-value pair.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -2146,52 +2365,27 @@ "type":"structure", "required":[ "copyAllowed", - "downloadAllowed", "pasteAllowed", - "printAllowed", - "uploadAllowed" + "downloadAllowed", + "uploadAllowed", + "printAllowed" ], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the user settings.

    " - }, - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "cookieSynchronizationConfiguration":{ - "shape":"CookieSynchronizationConfiguration", - "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " - }, "copyAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can copy text from the streaming session to the local device.

    " }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The customer managed key used to encrypt sensitive information in the user settings.

    " - }, - "deepLinkAllowed":{ + "pasteAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " - }, - "disconnectTimeoutInMinutes":{ - "shape":"DisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " }, "downloadAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can download files from the streaming session to the local device.

    " }, - "idleDisconnectTimeoutInMinutes":{ - "shape":"IdleDisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " - }, - "pasteAllowed":{ + "uploadAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " }, "printAllowed":{ "shape":"EnabledType", @@ -2201,9 +2395,38 @@ "shape":"TagList", "documentation":"

    The tags to add to the user settings resource. A tag is a key-value pair.

    " }, - "uploadAllowed":{ + "disconnectTimeoutInMinutes":{ + "shape":"DisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + }, + "idleDisconnectTimeoutInMinutes":{ + "shape":"IdleDisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true + }, + "cookieSynchronizationConfiguration":{ + "shape":"CookieSynchronizationConfiguration", + "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The customer managed key used to encrypt sensitive information in the user settings.

    " + }, + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the user settings.

    " + }, + "deepLinkAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " + }, + "toolbarConfiguration":{ + "shape":"ToolbarConfiguration", + "documentation":"

    The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

    " } } }, @@ -2224,14 +2447,6 @@ "patternRegex" ], "members":{ - "keywordRegex":{ - "shape":"Regex", - "documentation":"

    The keyword regex for the customer pattern. After there is a match to the pattern regex, the keyword regex is used to search within the proximity of the match. If there is a keyword match, then the match is confirmed. If no keyword regex is provided, the pattern regex match will automatically be confirmed. The format must follow JavaScript regex format. The pattern must be enclosed between slashes, and can have flags behind the second slash. For example, “/ab+c/gi”

    " - }, - "patternDescription":{ - "shape":"DescriptionSafe", - "documentation":"

    The pattern description for the customer pattern.

    " - }, "patternName":{ "shape":"PatternName", "documentation":"

    The pattern name for the custom pattern.

    " @@ -2239,6 +2454,14 @@ "patternRegex":{ "shape":"Regex", "documentation":"

    The pattern regex for the customer pattern. The format must follow JavaScript regex format. The pattern must be enclosed between slashes, and can have flags behind the second slash. For example: “/ab+c/gi”.

    " + }, + "patternDescription":{ + "shape":"DescriptionSafe", + "documentation":"

    The pattern description for the customer pattern.

    " + }, + "keywordRegex":{ + "shape":"Regex", + "documentation":"

    The keyword regex for the customer pattern. After there is a match to the pattern regex, the keyword regex is used to search within the proximity of the match. If there is a keyword match, then the match is confirmed. If no keyword regex is provided, the pattern regex match will automatically be confirmed. The format must follow JavaScript regex format. The pattern must be enclosed between slashes, and can have flags behind the second slash. For example, “/ab+c/gi”

    " } }, "documentation":"

    The pattern configuration for redacting custom data types in session.

    " @@ -2247,14 +2470,26 @@ "type":"structure", "required":["dataProtectionSettingsArn"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the data protection settings.

    " + "dataProtectionSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the data protection settings resource.

    " + }, + "inlineRedactionConfiguration":{ + "shape":"InlineRedactionConfiguration", + "documentation":"

    The inline redaction configuration for the data protection settings.

    " }, "associatedPortalArns":{ "shape":"ArnList", "documentation":"

    A list of web portal ARNs that this data protection settings resource is associated with.

    " }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The display name of the data protection settings.

    " + }, + "description":{ + "shape":"DescriptionSafe", + "documentation":"

    The description of the data protection settings.

    " + }, "creationDate":{ "shape":"Timestamp", "documentation":"

    The creation date timestamp of the data protection settings.

    " @@ -2263,21 +2498,9 @@ "shape":"keyArn", "documentation":"

    The customer managed key used to encrypt sensitive information in the data protection settings.

    " }, - "dataProtectionSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the data protection settings resource.

    " - }, - "description":{ - "shape":"DescriptionSafe", - "documentation":"

    The description of the data protection settings.

    " - }, - "displayName":{ - "shape":"DisplayNameSafe", - "documentation":"

    The display name of the data protection settings.

    " - }, - "inlineRedactionConfiguration":{ - "shape":"InlineRedactionConfiguration", - "documentation":"

    The inline redaction configuration for the data protection settings.

    " + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the data protection settings.

    " } }, "documentation":"

    The data protection settings resource that can be associated with a web portal.

    " @@ -2290,21 +2513,21 @@ "type":"structure", "required":["dataProtectionSettingsArn"], "members":{ - "creationDate":{ - "shape":"Timestamp", - "documentation":"

    The creation date timestamp of the data protection settings.

    " - }, "dataProtectionSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the data protection settings.

    " }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The display name of the data protection settings.

    " + }, "description":{ "shape":"DescriptionSafe", "documentation":"

    The description of the data protection settings.

    " }, - "displayName":{ - "shape":"DisplayNameSafe", - "documentation":"

    The display name of the data protection settings.

    " + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The creation date timestamp of the data protection settings.

    " } }, "documentation":"

    The summary of the data protection settings.

    " @@ -2411,6 +2634,23 @@ "members":{ } }, + "DeleteSessionLoggerRequest":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger.

    ", + "location":"uri", + "locationName":"sessionLoggerArn" + } + } + }, + "DeleteSessionLoggerResponse":{ + "type":"structure", + "members":{ + } + }, "DeleteTrustStoreRequest":{ "type":"structure", "required":["trustStoreArn"], @@ -2466,14 +2706,14 @@ "type":"string", "max":256, "min":1, - "pattern":"^.+$", + "pattern":".+", "sensitive":true }, "DescriptionSafe":{ "type":"string", "max":256, "min":1, - "pattern":"^[ _\\-\\d\\w]+$", + "pattern":"[ _\\-\\d\\w]+", "sensitive":true }, "DisassociateBrowserSettingsRequest":{ @@ -2544,6 +2784,23 @@ "members":{ } }, + "DisassociateSessionLoggerRequest":{ + "type":"structure", + "required":["portalArn"], + "members":{ + "portalArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the portal to disassociate from the a session logger.

    ", + "location":"uri", + "locationName":"portalArn" + } + } + }, + "DisassociateSessionLoggerResponse":{ + "type":"structure", + "members":{ + } + }, "DisassociateTrustStoreRequest":{ "type":"structure", "required":["portalArn"], @@ -2605,14 +2862,14 @@ "type":"string", "max":64, "min":1, - "pattern":"^.+$", + "pattern":".+", "sensitive":true }, "DisplayNameSafe":{ "type":"string", "max":64, "min":1, - "pattern":"^[ _\\-\\d\\w]+$", + "pattern":"[ _\\-\\d\\w]+", "sensitive":true }, "EnabledType":{ @@ -2627,6 +2884,48 @@ "key":{"shape":"StringType"}, "value":{"shape":"StringType"} }, + "Event":{ + "type":"string", + "enum":[ + "WebsiteInteract", + "FileDownloadFromSecureBrowserToRemoteDisk", + "FileTransferFromRemoteToLocalDisk", + "FileTransferFromLocalToRemoteDisk", + "FileUploadFromRemoteDiskToSecureBrowser", + "ContentPasteToWebsite", + "ContentTransferFromLocalToRemoteClipboard", + "ContentCopyFromWebsite", + "UrlLoad", + "TabOpen", + "TabClose", + "PrintJobSubmit", + "SessionConnect", + "SessionStart", + "SessionDisconnect", + "SessionEnd" + ] + }, + "EventFilter":{ + "type":"structure", + "members":{ + "all":{ + "shape":"Unit", + "documentation":"

    The filter that monitors all of the available events, including any new events emitted in the future.

    " + }, + "include":{ + "shape":"Events", + "documentation":"

    The filter that monitors only the listed set of events. New events are not auto-monitored.

    " + } + }, + "documentation":"

    The filter that specifies the events to monitor.

    ", + "union":true + }, + "Events":{ + "type":"list", + "member":{"shape":"Event"}, + "max":100, + "min":1 + }, "ExceptionMessage":{"type":"string"}, "ExpireSessionRequest":{ "type":"structure", @@ -2655,6 +2954,13 @@ } }, "FieldName":{"type":"string"}, + "FolderStructure":{ + "type":"string", + "enum":[ + "Flat", + "NestedByDate" + ] + }, "GetBrowserSettingsRequest":{ "type":"structure", "required":["browserSettingsArn"], @@ -2807,6 +3113,27 @@ } } }, + "GetSessionLoggerRequest":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger.

    ", + "location":"uri", + "locationName":"sessionLoggerArn" + } + } + }, + "GetSessionLoggerResponse":{ + "type":"structure", + "members":{ + "sessionLogger":{ + "shape":"SessionLogger", + "documentation":"

    The session logger details.

    " + } + } + }, "GetSessionRequest":{ "type":"structure", "required":[ @@ -2840,21 +3167,21 @@ "GetTrustStoreCertificateRequest":{ "type":"structure", "required":[ - "thumbprint", - "trustStoreArn" + "trustStoreArn", + "thumbprint" ], "members":{ - "thumbprint":{ - "shape":"CertificateThumbprint", - "documentation":"

    The thumbprint of the trust store certificate.

    ", - "location":"querystring", - "locationName":"thumbprint" - }, "trustStoreArn":{ "shape":"ARN", "documentation":"

    The ARN of the trust store certificate.

    ", "location":"uri", "locationName":"trustStoreArn" + }, + "thumbprint":{ + "shape":"CertificateThumbprint", + "documentation":"

    The thumbprint of the trust store certificate.

    ", + "location":"querystring", + "locationName":"thumbprint" } } }, @@ -2862,13 +3189,13 @@ "type":"structure", "required":["trustStoreArn"], "members":{ - "certificate":{ - "shape":"Certificate", - "documentation":"

    The certificate of the trust store certificate.

    " - }, "trustStoreArn":{ "shape":"ARN", "documentation":"

    The ARN of the trust store certificate.

    " + }, + "certificate":{ + "shape":"Certificate", + "documentation":"

    The certificate of the trust store certificate.

    " } } }, @@ -2941,6 +3268,10 @@ "max":100, "min":1 }, + "HiddenToolbarItemList":{ + "type":"list", + "member":{"shape":"ToolbarItem"} + }, "IdentityProvider":{ "type":"structure", "required":["identityProviderArn"], @@ -2949,10 +3280,6 @@ "shape":"SubresourceARN", "documentation":"

    The ARN of the identity provider.

    " }, - "identityProviderDetails":{ - "shape":"IdentityProviderDetails", - "documentation":"

    The identity provider details. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " - }, "identityProviderName":{ "shape":"IdentityProviderName", "documentation":"

    The identity provider name.

    " @@ -2960,6 +3287,10 @@ "identityProviderType":{ "shape":"IdentityProviderType", "documentation":"

    The identity provider type.

    " + }, + "identityProviderDetails":{ + "shape":"IdentityProviderDetails", + "documentation":"

    The identity provider details. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " } }, "documentation":"

    The identity provider.

    " @@ -2978,7 +3309,7 @@ "type":"string", "max":32, "min":1, - "pattern":"^[^_][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_]+$", + "pattern":"[^_][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_]+", "sensitive":true }, "IdentityProviderSummary":{ @@ -3021,9 +3352,9 @@ "type":"structure", "required":["inlineRedactionPatterns"], "members":{ - "globalConfidenceLevel":{ - "shape":"ConfidenceLevel", - "documentation":"

    The global confidence level for the inline redaction configuration. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This is applied to patterns that do not have a pattern-level confidence level. Defaults to confidence level 2.

    " + "inlineRedactionPatterns":{ + "shape":"InlineRedactionPatterns", + "documentation":"

    The inline redaction patterns to be enabled for the inline redaction configuration.

    " }, "globalEnforcedUrls":{ "shape":"GlobalInlineRedactionUrls", @@ -3033,9 +3364,9 @@ "shape":"GlobalInlineRedactionUrls", "documentation":"

    The global exempt URL configuration for the inline redaction configuration. This is applied to patterns that do not have a pattern-level exempt URL list.

    " }, - "inlineRedactionPatterns":{ - "shape":"InlineRedactionPatterns", - "documentation":"

    The inline redaction patterns to be enabled for the inline redaction configuration.

    " + "globalConfidenceLevel":{ + "shape":"ConfidenceLevel", + "documentation":"

    The global confidence level for the inline redaction configuration. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This is applied to patterns that do not have a pattern-level confidence level. Defaults to confidence level 2.

    " } }, "documentation":"

    The configuration for in-session inline redaction.

    " @@ -3048,14 +3379,14 @@ "shape":"BuiltInPatternId", "documentation":"

    The built-in pattern from the list of preconfigured patterns. Either a customPattern or builtInPatternId is required.

    " }, - "confidenceLevel":{ - "shape":"ConfidenceLevel", - "documentation":"

    The confidence level for inline redaction pattern. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This overrides the global confidence level.

    " - }, "customPattern":{ "shape":"CustomPattern", "documentation":"

    >The configuration for a custom pattern. Either a customPattern or builtInPatternId is required.

    " }, + "redactionPlaceHolder":{ + "shape":"RedactionPlaceHolder", + "documentation":"

    The redaction placeholder that will replace the redacted text in session for the inline redaction pattern.

    " + }, "enforcedUrls":{ "shape":"InlineRedactionUrls", "documentation":"

    The enforced URL configuration for the inline redaction pattern. This will override the global enforced URL configuration.

    " @@ -3064,9 +3395,9 @@ "shape":"InlineRedactionUrls", "documentation":"

    The exempt URL configuration for the inline redaction pattern. This will override the global exempt URL configuration for the inline redaction pattern.

    " }, - "redactionPlaceHolder":{ - "shape":"RedactionPlaceHolder", - "documentation":"

    The redaction placeholder that will replace the redacted text in session for the inline redaction pattern.

    " + "confidenceLevel":{ + "shape":"ConfidenceLevel", + "documentation":"

    The confidence level for inline redaction pattern. This indicates the certainty of data type matches in the redaction process. Confidence level 3 means high confidence, and requires a formatted text pattern match in order for content to be redacted. Confidence level 2 means medium confidence, and redaction considers both formatted and unformatted text, and adds keyword associate to the logic. Confidence level 1 means low confidence, and redaction is enforced for both formatted pattern + unformatted pattern without keyword. This overrides the global confidence level.

    " } }, "documentation":"

    The set of patterns that determine the data types redacted in session.

    " @@ -3079,7 +3410,7 @@ }, "InlineRedactionUrl":{ "type":"string", - "pattern":"^((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))$", + "pattern":"((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))", "sensitive":true }, "InlineRedactionUrls":{ @@ -3116,37 +3447,37 @@ "type":"structure", "required":["ipAccessSettingsArn"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the IP access settings.

    " + "ipAccessSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the IP access settings resource.

    " }, "associatedPortalArns":{ "shape":"ArnList", "documentation":"

    A list of web portal ARNs that this IP access settings resource is associated with.

    " }, - "creationDate":{ - "shape":"Timestamp", - "documentation":"

    The creation date timestamp of the IP access settings.

    " + "ipRules":{ + "shape":"IpRuleList", + "documentation":"

    The IP rules of the IP access settings.

    " }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The customer managed key used to encrypt sensitive information in the IP access settings.

    " + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The display name of the IP access settings.

    " }, "description":{ "shape":"Description", "documentation":"

    The description of the IP access settings.

    " }, - "displayName":{ - "shape":"DisplayName", - "documentation":"

    The display name of the IP access settings.

    " + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The creation date timestamp of the IP access settings.

    " }, - "ipAccessSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the IP access settings resource.

    " + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The customer managed key used to encrypt sensitive information in the IP access settings.

    " }, - "ipRules":{ - "shape":"IpRuleList", - "documentation":"

    The IP rules of the IP access settings.

    " + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the IP access settings.

    " } }, "documentation":"

    The IP access settings resource that can be associated with a web portal.

    " @@ -3159,21 +3490,21 @@ "type":"structure", "required":["ipAccessSettingsArn"], "members":{ - "creationDate":{ - "shape":"Timestamp", - "documentation":"

    The creation date timestamp of the IP access settings.

    " - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the IP access settings.

    " + "ipAccessSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of IP access settings.

    " }, "displayName":{ "shape":"DisplayName", "documentation":"

    The display name of the IP access settings.

    " }, - "ipAccessSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of IP access settings.

    " + "description":{ + "shape":"Description", + "documentation":"

    The description of the IP access settings.

    " + }, + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The creation date timestamp of the IP access settings.

    " } }, "documentation":"

    The summary of IP access settings.

    " @@ -3182,7 +3513,7 @@ "type":"string", "max":15, "min":1, - "pattern":"^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$", + "pattern":"((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))", "sensitive":true }, "IpAddressList":{ @@ -3194,20 +3525,20 @@ "IpRange":{ "type":"string", "documentation":"

    A single IP address or an IP address range in CIDR notation

    ", - "pattern":"^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(?:/([0-9]|[12][0-9]|3[0-2])|)$", + "pattern":"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(?:/([0-9]|[12][0-9]|3[0-2])|)", "sensitive":true }, "IpRule":{ "type":"structure", "required":["ipRange"], "members":{ - "description":{ - "shape":"Description", - "documentation":"

    The description of the IP rule.

    " - }, "ipRange":{ "shape":"IpRange", "documentation":"

    The IP range of the IP rule.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the IP rule.

    " } }, "documentation":"

    The IP rules of the IP access settings.

    " @@ -3229,17 +3560,17 @@ "ListBrowserSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -3259,17 +3590,17 @@ "ListDataProtectionSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -3290,18 +3621,18 @@ "type":"structure", "required":["portalArn"], "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" + }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    ", @@ -3313,30 +3644,30 @@ "ListIdentityProvidersResponse":{ "type":"structure", "members":{ - "identityProviders":{ - "shape":"IdentityProviderList", - "documentation":"

    The identity providers.

    " - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " + }, + "identityProviders":{ + "shape":"IdentityProviderList", + "documentation":"

    The identity providers.

    " } } }, "ListIpAccessSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -3356,17 +3687,17 @@ "ListNetworkSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -3386,55 +3717,79 @@ "ListPortalsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, "ListPortalsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " - }, "portals":{ "shape":"PortalList", "documentation":"

    The portals in the list.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " } } }, - "ListSessionsRequest":{ + "ListSessionLoggersRequest":{ "type":"structure", - "required":["portalId"], "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", + "location":"querystring", + "locationName":"nextToken" + }, "maxResults":{ "shape":"MaxResults", "documentation":"

    The maximum number of results to be included in the next page.

    ", "location":"querystring", "locationName":"maxResults" + } + } + }, + "ListSessionLoggersResponse":{ + "type":"structure", + "members":{ + "sessionLoggers":{ + "shape":"SessionLoggerList", + "documentation":"

    The list of session loggers, including summaries of their details.

    " }, "nextToken":{ "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", - "location":"querystring", - "locationName":"nextToken" - }, + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " + } + } + }, + "ListSessionsRequest":{ + "type":"structure", + "required":["portalId"], + "members":{ "portalId":{ "shape":"PortalId", "documentation":"

    The ID of the web portal for the sessions.

    ", "location":"uri", "locationName":"portalId" }, + "username":{ + "shape":"Username", + "documentation":"

    The username of the session.

    ", + "location":"querystring", + "locationName":"username" + }, "sessionId":{ "shape":"SessionId", "documentation":"

    The ID of the session.

    ", @@ -3453,11 +3808,17 @@ "location":"querystring", "locationName":"status" }, - "username":{ - "shape":"Username", - "documentation":"

    The username of the session.

    ", + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", "location":"querystring", - "locationName":"username" + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", + "location":"querystring", + "locationName":"nextToken" } } }, @@ -3465,13 +3826,13 @@ "type":"structure", "required":["sessions"], "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " - }, "sessions":{ "shape":"SessionSummaryList", "documentation":"

    The sessions in a list.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " } } }, @@ -3500,11 +3861,11 @@ "type":"structure", "required":["trustStoreArn"], "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" + "trustStoreArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the trust store

    ", + "location":"uri", + "locationName":"trustStoreArn" }, "nextToken":{ "shape":"PaginationToken", @@ -3512,11 +3873,11 @@ "location":"querystring", "locationName":"nextToken" }, - "trustStoreArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the trust store

    ", - "location":"uri", - "locationName":"trustStoreArn" + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, @@ -3528,112 +3889,142 @@ "shape":"CertificateSummaryList", "documentation":"

    The certificate list.

    " }, - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.>

    " - }, "trustStoreArn":{ "shape":"ARN", "documentation":"

    The ARN of the trust store.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.>

    " } } }, "ListTrustStoresRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, "ListTrustStoresResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " - }, "trustStores":{ "shape":"TrustStoreSummaryList", "documentation":"

    The trust stores.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " } } }, "ListUserAccessLoggingSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, "ListUserAccessLoggingSettingsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " - }, "userAccessLoggingSettings":{ "shape":"UserAccessLoggingSettingsList", "documentation":"

    The user access logging settings.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " } } }, "ListUserSettingsRequest":{ "type":"structure", "members":{ - "maxResults":{ - "shape":"MaxResults", - "documentation":"

    The maximum number of results to be included in the next page.

    ", - "location":"querystring", - "locationName":"maxResults" - }, "nextToken":{ "shape":"PaginationToken", "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    ", "location":"querystring", "locationName":"nextToken" + }, + "maxResults":{ + "shape":"MaxResults", + "documentation":"

    The maximum number of results to be included in the next page.

    ", + "location":"querystring", + "locationName":"maxResults" } } }, "ListUserSettingsResponse":{ "type":"structure", "members":{ - "nextToken":{ - "shape":"PaginationToken", - "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " - }, "userSettings":{ "shape":"UserSettingsList", "documentation":"

    The user settings.

    " + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

    The pagination token used to retrieve the next page of results for this operation.

    " } } }, + "LogConfiguration":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"S3LogConfiguration", + "documentation":"

    The configuration for delivering the logs to S3.

    " + } + }, + "documentation":"

    The configuration of the log.

    " + }, + "LogFileFormat":{ + "type":"string", + "enum":[ + "JSONLines", + "Json" + ] + }, "MaxConcurrentSessions":{ "type":"integer", "box":true, "max":5000, "min":1 }, + "MaxDisplayResolution":{ + "type":"string", + "enum":[ + "size4096X2160", + "size3840X2160", + "size3440X1440", + "size2560X1440", + "size1920X1080", + "size1280X720", + "size1024X768", + "size800X600" + ] + }, "MaxResults":{ "type":"integer", "box":true, @@ -3643,25 +4034,25 @@ "type":"structure", "required":["networkSettingsArn"], "members":{ - "associatedPortalArns":{ - "shape":"ArnList", - "documentation":"

    A list of web portal ARNs that this network settings is associated with.

    " - }, "networkSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the network settings.

    " }, - "securityGroupIds":{ - "shape":"SecurityGroupIdList", - "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " + "associatedPortalArns":{ + "shape":"ArnList", + "documentation":"

    A list of web portal ARNs that this network settings is associated with.

    " + }, + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The VPC that streaming instances will connect to.

    " }, "subnetIds":{ "shape":"SubnetIdList", "documentation":"

    The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The VPC that streaming instances will connect to.

    " + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " } }, "documentation":"

    A network settings resource that can be associated with a web portal. Once associated with a web portal, network settings define how streaming instances will connect with your specified VPC.

    " @@ -3689,98 +4080,102 @@ "type":"string", "max":2048, "min":1, - "pattern":"^\\S+$" + "pattern":"\\S+" }, "PatternName":{ "type":"string", "max":20, "min":1, - "pattern":"^[_\\-\\d\\w]+$", + "pattern":"[_\\-\\d\\w]+", "sensitive":true }, "Portal":{ "type":"structure", "required":["portalArn"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the portal.

    " - }, - "authenticationType":{ - "shape":"AuthenticationType", - "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " - }, - "browserSettingsArn":{ + "portalArn":{ "shape":"ARN", - "documentation":"

    The ARN of the browser settings that is associated with this web portal.

    " + "documentation":"

    The ARN of the web portal.

    " + }, + "rendererType":{ + "shape":"RendererType", + "documentation":"

    The renderer that is used in streaming sessions.

    " }, "browserType":{ "shape":"BrowserType", "documentation":"

    The browser that users see when using a streaming session.

    " }, + "portalStatus":{ + "shape":"PortalStatus", + "documentation":"

    The status of the web portal.

    " + }, + "portalEndpoint":{ + "shape":"PortalEndpoint", + "documentation":"

    The endpoint URL of the web portal that users access in order to start streaming sessions.

    " + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The name of the web portal.

    " + }, "creationDate":{ "shape":"Timestamp", "documentation":"

    The creation date of the web portal.

    " }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The customer managed key used to encrypt sensitive information in the portal.

    " + "browserSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the browser settings that is associated with this web portal.

    " }, "dataProtectionSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the data protection settings.

    " }, - "displayName":{ - "shape":"DisplayName", - "documentation":"

    The name of the web portal.

    " - }, - "instanceType":{ - "shape":"InstanceType", - "documentation":"

    The type and resources of the underlying instance.

    " - }, - "ipAccessSettingsArn":{ + "userSettingsArn":{ "shape":"ARN", - "documentation":"

    The ARN of the IP access settings.

    " - }, - "maxConcurrentSessions":{ - "shape":"MaxConcurrentSessions", - "documentation":"

    The maximum number of concurrent sessions for the portal.

    " + "documentation":"

    The ARN of the user settings that is associated with the web portal.

    " }, "networkSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the network settings that is associated with the web portal.

    " }, - "portalArn":{ + "sessionLoggerArn":{ "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    " + "documentation":"

    The ARN of the session logger that is assocaited with the portal.

    " }, - "portalEndpoint":{ - "shape":"PortalEndpoint", - "documentation":"

    The endpoint URL of the web portal that users access in order to start streaming sessions.

    " - }, - "portalStatus":{ - "shape":"PortalStatus", - "documentation":"

    The status of the web portal.

    " - }, - "rendererType":{ - "shape":"RendererType", - "documentation":"

    The renderer that is used in streaming sessions.

    " + "trustStoreArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the trust store that is associated with the web portal.

    " }, "statusReason":{ "shape":"StatusReason", "documentation":"

    A message that explains why the web portal is in its current status.

    " }, - "trustStoreArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the trust store that is associated with the web portal.

    " - }, "userAccessLoggingSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the user access logging settings that is associated with the web portal.

    " }, - "userSettingsArn":{ + "authenticationType":{ + "shape":"AuthenticationType", + "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " + }, + "ipAccessSettingsArn":{ "shape":"ARN", - "documentation":"

    The ARN of the user settings that is associated with the web portal.

    " + "documentation":"

    The ARN of the IP access settings.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The customer managed key used to encrypt sensitive information in the portal.

    " + }, + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the portal.

    " + }, + "instanceType":{ + "shape":"InstanceType", + "documentation":"

    The type and resources of the underlying instance.

    " + }, + "maxConcurrentSessions":{ + "shape":"MaxConcurrentSessions", + "documentation":"

    The maximum number of concurrent sessions for the portal.

    " } }, "documentation":"

    The web portal.

    " @@ -3789,13 +4184,13 @@ "type":"string", "max":253, "min":1, - "pattern":"^[a-zA-Z0-9]?((?!-)([A-Za-z0-9-]*[A-Za-z0-9])\\.)+[a-zA-Z0-9]+$" + "pattern":"[a-zA-Z0-9]?((?!-)([A-Za-z0-9-]*[A-Za-z0-9])\\.)+[a-zA-Z0-9]+" }, "PortalId":{ "type":"string", "max":36, "min":36, - "pattern":"^[a-zA-Z0-9\\-]+$" + "pattern":"[a-zA-Z0-9\\-]+" }, "PortalList":{ "type":"list", @@ -3813,61 +4208,53 @@ "type":"structure", "required":["portalArn"], "members":{ - "authenticationType":{ - "shape":"AuthenticationType", - "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " - }, - "browserSettingsArn":{ + "portalArn":{ "shape":"ARN", - "documentation":"

    The ARN of the browser settings that is associated with the web portal.

    " + "documentation":"

    The ARN of the web portal.

    " + }, + "rendererType":{ + "shape":"RendererType", + "documentation":"

    The renderer that is used in streaming sessions.

    " }, "browserType":{ "shape":"BrowserType", "documentation":"

    The browser type of the web portal.

    " }, - "creationDate":{ - "shape":"Timestamp", - "documentation":"

    The creation date of the web portal.

    " + "portalStatus":{ + "shape":"PortalStatus", + "documentation":"

    The status of the web portal.

    " }, - "dataProtectionSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the data protection settings.

    " + "portalEndpoint":{ + "shape":"PortalEndpoint", + "documentation":"

    The endpoint URL of the web portal that users access in order to start streaming sessions.

    " }, "displayName":{ "shape":"DisplayName", "documentation":"

    The name of the web portal.

    " }, - "instanceType":{ - "shape":"InstanceType", - "documentation":"

    The type and resources of the underlying instance.

    " + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The creation date of the web portal.

    " }, - "ipAccessSettingsArn":{ + "browserSettingsArn":{ "shape":"ARN", - "documentation":"

    The ARN of the IP access settings.

    " + "documentation":"

    The ARN of the browser settings that is associated with the web portal.

    " }, - "maxConcurrentSessions":{ - "shape":"MaxConcurrentSessions", - "documentation":"

    The maximum number of concurrent sessions for the portal.

    " + "dataProtectionSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the data protection settings.

    " + }, + "userSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the user settings that is associated with the web portal.

    " }, "networkSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the network settings that is associated with the web portal.

    " }, - "portalArn":{ + "sessionLoggerArn":{ "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    " - }, - "portalEndpoint":{ - "shape":"PortalEndpoint", - "documentation":"

    The endpoint URL of the web portal that users access in order to start streaming sessions.

    " - }, - "portalStatus":{ - "shape":"PortalStatus", - "documentation":"

    The status of the web portal.

    " - }, - "rendererType":{ - "shape":"RendererType", - "documentation":"

    The renderer that is used in streaming sessions.

    " + "documentation":"

    The ARN of the session logger that is assocaited with the portal.

    " }, "trustStoreArn":{ "shape":"ARN", @@ -3877,9 +4264,21 @@ "shape":"ARN", "documentation":"

    The ARN of the user access logging settings that is associated with the web portal.

    " }, - "userSettingsArn":{ + "authenticationType":{ + "shape":"AuthenticationType", + "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " + }, + "ipAccessSettingsArn":{ "shape":"ARN", - "documentation":"

    The ARN of the user settings that is associated with the web portal.

    " + "documentation":"

    The ARN of the IP access settings.

    " + }, + "instanceType":{ + "shape":"InstanceType", + "documentation":"

    The type and resources of the underlying instance.

    " + }, + "maxConcurrentSessions":{ + "shape":"MaxConcurrentSessions", + "documentation":"

    The maximum number of concurrent sessions for the portal.

    " } }, "documentation":"

    The summary of the portal.

    " @@ -3889,13 +4288,13 @@ "type":"structure", "required":["redactionPlaceHolderType"], "members":{ - "redactionPlaceHolderText":{ - "shape":"RedactionPlaceHolderText", - "documentation":"

    The redaction placeholder text that will replace the redacted text in session for the custom text redaction placeholder type.

    " - }, "redactionPlaceHolderType":{ "shape":"RedactionPlaceHolderType", "documentation":"

    The redaction placeholder type that will replace the redacted text in session.

    " + }, + "redactionPlaceHolderText":{ + "shape":"RedactionPlaceHolderText", + "documentation":"

    The redaction placeholder text that will replace the redacted text in session for the custom text redaction placeholder type.

    " } }, "documentation":"

    The redaction placeholder that will replace the redacted text in session.

    " @@ -3904,7 +4303,7 @@ "type":"string", "max":20, "min":1, - "pattern":"^[*_\\-\\d\\w]+$", + "pattern":"[*_\\-\\d\\w]+", "sensitive":true }, "RedactionPlaceHolderType":{ @@ -3915,7 +4314,7 @@ "type":"string", "max":300, "min":0, - "pattern":"^\\/((?:[^\\n])+)\\/([gimsuyvd]{0,8})$", + "pattern":"\\/((?:[^\\n])+)\\/([gimsuyvd]{0,8})", "sensitive":true }, "RendererType":{ @@ -3945,17 +4344,66 @@ }, "ResourceType":{"type":"string"}, "RetryAfterSeconds":{"type":"integer"}, + "S3Bucket":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]", + "sensitive":true + }, + "S3BucketOwner":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "S3KeyPrefix":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[\\d\\w\\-_/!().*']+", + "sensitive":true + }, + "S3LogConfiguration":{ + "type":"structure", + "required":[ + "bucket", + "logFileFormat", + "folderStructure" + ], + "members":{ + "bucket":{ + "shape":"S3Bucket", + "documentation":"

    The S3 bucket name where logs are delivered.

    " + }, + "keyPrefix":{ + "shape":"S3KeyPrefix", + "documentation":"

    The S3 path prefix that determines where log files are stored.

    " + }, + "bucketOwner":{ + "shape":"S3BucketOwner", + "documentation":"

    The expected bucket owner of the target S3 bucket. The caller must have permissions to write to the target bucket.

    " + }, + "logFileFormat":{ + "shape":"LogFileFormat", + "documentation":"

    The format of the LogFile that is written to S3.

    " + }, + "folderStructure":{ + "shape":"FolderStructure", + "documentation":"

    The folder structure that defines the organizational structure for log files in S3.

    " + } + }, + "documentation":"

    The S3 log configuration.

    " + }, "SamlMetadata":{ "type":"string", "max":204800, "min":1, - "pattern":"^.+$" + "pattern":".+" }, "SecurityGroupId":{ "type":"string", "max":128, "min":1, - "pattern":"^[\\w+\\-]+$" + "pattern":"[\\w+\\-]+" }, "SecurityGroupIdList":{ "type":"list", @@ -3968,10 +4416,6 @@ "type":"structure", "members":{ "message":{"shape":"ExceptionMessage"}, - "quotaCode":{ - "shape":"QuotaCode", - "documentation":"

    The originating quota.

    " - }, "resourceId":{ "shape":"ResourceId", "documentation":"

    Identifier of the resource affected.

    " @@ -3983,6 +4427,10 @@ "serviceCode":{ "shape":"ServiceCode", "documentation":"

    The originating service.

    " + }, + "quotaCode":{ + "shape":"QuotaCode", + "documentation":"

    The originating quota.

    " } }, "documentation":"

    The service quota has been exceeded.

    ", @@ -3995,14 +4443,6 @@ "Session":{ "type":"structure", "members":{ - "clientIpAddresses":{ - "shape":"IpAddressList", - "documentation":"

    The IP address of the client.

    " - }, - "endTime":{ - "shape":"Timestamp", - "documentation":"

    The end time of the session.

    " - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    " @@ -4011,17 +4451,25 @@ "shape":"StringType", "documentation":"

    The ID of the session.

    " }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

    The start time of the session.

    " + "username":{ + "shape":"Username", + "documentation":"

    The username of the session.

    " + }, + "clientIpAddresses":{ + "shape":"IpAddressList", + "documentation":"

    The IP address of the client.

    " }, "status":{ "shape":"SessionStatus", "documentation":"

    The status of the session.

    " }, - "username":{ - "shape":"Username", - "documentation":"

    The username of the session.

    " + "startTime":{ + "shape":"Timestamp", + "documentation":"

    The start time of the session.

    " + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

    The end time of the session.

    " } }, "documentation":"

    Information about a secure browser session.

    " @@ -4030,7 +4478,73 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-zA-Z0-9\\-]+$" + "pattern":"[a-zA-Z0-9\\-]+" + }, + "SessionLogger":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger resource.

    " + }, + "eventFilter":{ + "shape":"EventFilter", + "documentation":"

    The filter that specifies which events to monitor.

    " + }, + "logConfiguration":{ + "shape":"LogConfiguration", + "documentation":"

    The configuration that specifies where logs are fowarded.

    " + }, + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The custom managed key of the session logger.

    " + }, + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the session logger.

    " + }, + "associatedPortalArns":{ + "shape":"ArnList", + "documentation":"

    The associated portal ARN.

    " + }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The human-readable display name.

    " + }, + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The date the session logger resource was created.

    " + } + }, + "documentation":"

    The session logger resource.

    " + }, + "SessionLoggerList":{ + "type":"list", + "member":{"shape":"SessionLoggerSummary"} + }, + "SessionLoggerSummary":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger resource.

    " + }, + "logConfiguration":{ + "shape":"LogConfiguration", + "documentation":"

    The configuration that specifies where the logs are fowarded.

    " + }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The human-readable display name.

    " + }, + "creationDate":{ + "shape":"Timestamp", + "documentation":"

    The date the session logger resource was created.

    " + } + }, + "documentation":"

    The summary of the session logger resource.

    " }, "SessionSortBy":{ "type":"string", @@ -4049,10 +4563,6 @@ "SessionSummary":{ "type":"structure", "members":{ - "endTime":{ - "shape":"Timestamp", - "documentation":"

    The end time of the session.

    " - }, "portalArn":{ "shape":"ARN", "documentation":"

    The ARN of the web portal.

    " @@ -4061,17 +4571,21 @@ "shape":"StringType", "documentation":"

    The ID of the session.

    " }, - "startTime":{ - "shape":"Timestamp", - "documentation":"

    The start time of the session.

    " + "username":{ + "shape":"Username", + "documentation":"

    The username of the session.

    " }, "status":{ "shape":"SessionStatus", "documentation":"

    The status of the session.

    " }, - "username":{ - "shape":"Username", - "documentation":"

    The username of the session.

    " + "startTime":{ + "shape":"Timestamp", + "documentation":"

    The start time of the session.

    " + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"

    The end time of the session.

    " } }, "documentation":"

    Summary information about a secure browser session.

    " @@ -4090,13 +4604,13 @@ "type":"string", "max":131072, "min":0, - "pattern":"^[\\s\\S]*$" + "pattern":"[\\s\\S]*" }, "SubnetId":{ "type":"string", "max":32, "min":1, - "pattern":"^subnet-([0-9a-f]{8}|[0-9a-f]{17})$" + "pattern":"subnet-([0-9a-f]{8}|[0-9a-f]{17})" }, "SubnetIdList":{ "type":"list", @@ -4108,7 +4622,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36}){2,}$" + "pattern":"arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36}){2,}" }, "Tag":{ "type":"structure", @@ -4134,7 +4648,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)", "sensitive":true }, "TagKeyList":{ @@ -4156,11 +4670,6 @@ "tags" ], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, "resourceArn":{ "shape":"ARN", "documentation":"

    The ARN of the resource.

    ", @@ -4170,6 +4679,11 @@ "tags":{ "shape":"TagList", "documentation":"

    The tags of the resource.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4182,13 +4696,17 @@ "type":"string", "max":256, "min":0, - "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$", + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)", "sensitive":true }, "ThrottlingException":{ "type":"structure", "members":{ "message":{"shape":"ExceptionMessage"}, + "serviceCode":{ + "shape":"ServiceCode", + "documentation":"

    The originating service.

    " + }, "quotaCode":{ "shape":"QuotaCode", "documentation":"

    The originating quota.

    " @@ -4198,10 +4716,6 @@ "documentation":"

    Advice to clients on when the call can be safely retried.

    ", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"ServiceCode", - "documentation":"

    The originating service.

    " } }, "documentation":"

    There is a throttling error.

    ", @@ -4228,6 +4742,45 @@ }, "exception":true }, + "ToolbarConfiguration":{ + "type":"structure", + "members":{ + "toolbarType":{ + "shape":"ToolbarType", + "documentation":"

    The type of toolbar displayed during the session.

    " + }, + "visualMode":{ + "shape":"VisualMode", + "documentation":"

    The visual mode of the toolbar.

    " + }, + "hiddenToolbarItems":{ + "shape":"HiddenToolbarItemList", + "documentation":"

    The list of toolbar items to be hidden.

    " + }, + "maxDisplayResolution":{ + "shape":"MaxDisplayResolution", + "documentation":"

    The maximum display resolution that is allowed for the session.

    " + } + }, + "documentation":"

    The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

    " + }, + "ToolbarItem":{ + "type":"string", + "enum":[ + "Windows", + "DualMonitor", + "FullScreen", + "Webcam", + "Microphone" + ] + }, + "ToolbarType":{ + "type":"string", + "enum":[ + "Floating", + "Docked" + ] + }, "TrustStore":{ "type":"structure", "required":["trustStoreArn"], @@ -4257,6 +4810,11 @@ "type":"list", "member":{"shape":"TrustStoreSummary"} }, + "Unit":{ + "type":"structure", + "members":{ + } + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -4287,16 +4845,16 @@ "type":"structure", "required":["browserSettingsArn"], "members":{ - "browserPolicy":{ - "shape":"BrowserPolicy", - "documentation":"

    A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions.

    " - }, "browserSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the browser settings.

    ", "location":"uri", "locationName":"browserSettingsArn" }, + "browserPolicy":{ + "shape":"BrowserPolicy", + "documentation":"

    A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions.

    " + }, "clientToken":{ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", @@ -4318,28 +4876,28 @@ "type":"structure", "required":["dataProtectionSettingsArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, "dataProtectionSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the data protection settings.

    ", "location":"uri", "locationName":"dataProtectionSettingsArn" }, - "description":{ - "shape":"DescriptionSafe", - "documentation":"

    The description of the data protection settings.

    " + "inlineRedactionConfiguration":{ + "shape":"InlineRedactionConfiguration", + "documentation":"

    The inline redaction configuration of the data protection settings that will be applied to all sessions.

    " }, "displayName":{ "shape":"DisplayNameSafe", "documentation":"

    The display name of the data protection settings.

    " }, - "inlineRedactionConfiguration":{ - "shape":"InlineRedactionConfiguration", - "documentation":"

    The inline redaction configuration of the data protection settings that will be applied to all sessions.

    " + "description":{ + "shape":"DescriptionSafe", + "documentation":"

    The description of the data protection settings.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4357,21 +4915,12 @@ "type":"structure", "required":["identityProviderArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, "identityProviderArn":{ "shape":"SubresourceARN", "documentation":"

    The ARN of the identity provider.

    ", "location":"uri", "locationName":"identityProviderArn" }, - "identityProviderDetails":{ - "shape":"IdentityProviderDetails", - "documentation":"

    The details of the identity provider. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " - }, "identityProviderName":{ "shape":"IdentityProviderName", "documentation":"

    The name of the identity provider.

    " @@ -4379,6 +4928,15 @@ "identityProviderType":{ "shape":"IdentityProviderType", "documentation":"

    The type of the identity provider.

    " + }, + "identityProviderDetails":{ + "shape":"IdentityProviderDetails", + "documentation":"

    The details of the identity provider. The following list describes the provider detail keys for each identity provider type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OIDC providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • authorize_url if not available from discovery URL specified by oidc_issuer key

      • token_url if not available from discovery URL specified by oidc_issuer key

      • attributes_url if not available from discovery URL specified by oidc_issuer key

      • jwks_uri if not available from discovery URL specified by oidc_issuer key

    • For SAML providers:

      • MetadataFile OR MetadataURL

      • IDPSignout (boolean) optional

      • IDPInit (boolean) optional

      • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

      • EncryptedResponses (boolean) optional

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4396,28 +4954,28 @@ "type":"structure", "required":["ipAccessSettingsArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "description":{ - "shape":"Description", - "documentation":"

    The description of the IP access settings.

    " - }, - "displayName":{ - "shape":"DisplayName", - "documentation":"

    The display name of the IP access settings.

    " - }, "ipAccessSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the IP access settings.

    ", "location":"uri", "locationName":"ipAccessSettingsArn" }, + "displayName":{ + "shape":"DisplayName", + "documentation":"

    The display name of the IP access settings.

    " + }, + "description":{ + "shape":"Description", + "documentation":"

    The description of the IP access settings.

    " + }, "ipRules":{ "shape":"IpRuleList", "documentation":"

    The updated IP rules of the IP access settings.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4435,28 +4993,28 @@ "type":"structure", "required":["networkSettingsArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, "networkSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the network settings.

    ", "location":"uri", "locationName":"networkSettingsArn" }, - "securityGroupIds":{ - "shape":"SecurityGroupIdList", - "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " + "vpcId":{ + "shape":"VpcId", + "documentation":"

    The VPC that streaming instances will connect to.

    " }, "subnetIds":{ "shape":"SubnetIdList", "documentation":"

    The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.

    " }, - "vpcId":{ - "shape":"VpcId", - "documentation":"

    The VPC that streaming instances will connect to.

    " + "securityGroupIds":{ + "shape":"SecurityGroupIdList", + "documentation":"

    One or more security groups used to control access from streaming instances to your VPC.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4474,14 +5032,20 @@ "type":"structure", "required":["portalArn"], "members":{ - "authenticationType":{ - "shape":"AuthenticationType", - "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " + "portalArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the web portal.

    ", + "location":"uri", + "locationName":"portalArn" }, "displayName":{ "shape":"DisplayName", "documentation":"

    The name of the web portal. This is not visible to users who log into the web portal.

    " }, + "authenticationType":{ + "shape":"AuthenticationType", + "documentation":"

    The type of authentication integration points used when signing into the web portal. Defaults to Standard.

    Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.

    IAM Identity Center web portals are authenticated through IAM Identity Center. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.

    " + }, "instanceType":{ "shape":"InstanceType", "documentation":"

    The type and resources of the underlying instance.

    " @@ -4489,12 +5053,6 @@ "maxConcurrentSessions":{ "shape":"MaxConcurrentSessions", "documentation":"

    The maximum number of concurrent sessions for the portal.

    " - }, - "portalArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the web portal.

    ", - "location":"uri", - "locationName":"portalArn" } } }, @@ -4507,10 +5065,50 @@ } } }, + "UpdateSessionLoggerRequest":{ + "type":"structure", + "required":["sessionLoggerArn"], + "members":{ + "sessionLoggerArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the session logger to update.

    ", + "location":"uri", + "locationName":"sessionLoggerArn" + }, + "eventFilter":{ + "shape":"EventFilter", + "documentation":"

    The updated eventFilter.

    " + }, + "logConfiguration":{ + "shape":"LogConfiguration", + "documentation":"

    The updated logConfiguration.

    " + }, + "displayName":{ + "shape":"DisplayNameSafe", + "documentation":"

    The updated display name.

    " + } + } + }, + "UpdateSessionLoggerResponse":{ + "type":"structure", + "required":["sessionLogger"], + "members":{ + "sessionLogger":{ + "shape":"SessionLogger", + "documentation":"

    The updated details of the session logger.

    " + } + } + }, "UpdateTrustStoreRequest":{ "type":"structure", "required":["trustStoreArn"], "members":{ + "trustStoreArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the trust store.

    ", + "location":"uri", + "locationName":"trustStoreArn" + }, "certificatesToAdd":{ "shape":"CertificateList", "documentation":"

    A list of CA certificates to add to the trust store.

    " @@ -4523,12 +5121,6 @@ "shape":"ClientToken", "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", "idempotencyToken":true - }, - "trustStoreArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the trust store.

    ", - "location":"uri", - "locationName":"trustStoreArn" } } }, @@ -4546,20 +5138,20 @@ "type":"structure", "required":["userAccessLoggingSettingsArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "kinesisStreamArn":{ - "shape":"KinesisStreamArn", - "documentation":"

    The ARN of the Kinesis stream.

    " - }, "userAccessLoggingSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the user access logging settings.

    ", "location":"uri", "locationName":"userAccessLoggingSettingsArn" + }, + "kinesisStreamArn":{ + "shape":"KinesisStreamArn", + "documentation":"

    The ARN of the Kinesis stream.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true } } }, @@ -4577,52 +5169,56 @@ "type":"structure", "required":["userSettingsArn"], "members":{ - "clientToken":{ - "shape":"ClientToken", - "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", - "idempotencyToken":true - }, - "cookieSynchronizationConfiguration":{ - "shape":"CookieSynchronizationConfiguration", - "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    If the allowlist and blocklist are empty, the configuration becomes null.

    " + "userSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the user settings.

    ", + "location":"uri", + "locationName":"userSettingsArn" }, "copyAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can copy text from the streaming session to the local device.

    " }, - "deepLinkAllowed":{ + "pasteAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " - }, - "disconnectTimeoutInMinutes":{ - "shape":"DisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " }, "downloadAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can download files from the streaming session to the local device.

    " }, - "idleDisconnectTimeoutInMinutes":{ - "shape":"IdleDisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " - }, - "pasteAllowed":{ + "uploadAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " }, "printAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can print to the local device.

    " }, - "uploadAllowed":{ + "disconnectTimeoutInMinutes":{ + "shape":"DisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + }, + "idleDisconnectTimeoutInMinutes":{ + "shape":"IdleDisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.

    If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.

    ", + "idempotencyToken":true + }, + "cookieSynchronizationConfiguration":{ + "shape":"CookieSynchronizationConfiguration", + "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    If the allowlist and blocklist are empty, the configuration becomes null.

    " + }, + "deepLinkAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " }, - "userSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the user settings.

    ", - "location":"uri", - "locationName":"userSettingsArn" + "toolbarConfiguration":{ + "shape":"ToolbarConfiguration", + "documentation":"

    The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

    " } } }, @@ -4640,6 +5236,10 @@ "type":"structure", "required":["userAccessLoggingSettingsArn"], "members":{ + "userAccessLoggingSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the user access logging settings.

    " + }, "associatedPortalArns":{ "shape":"ArnList", "documentation":"

    A list of web portal ARNs that this user access logging settings is associated with.

    " @@ -4647,10 +5247,6 @@ "kinesisStreamArn":{ "shape":"KinesisStreamArn", "documentation":"

    The ARN of the Kinesis stream.

    " - }, - "userAccessLoggingSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the user access logging settings.

    " } }, "documentation":"

    A user access logging settings resource that can be associated with a web portal.

    " @@ -4663,13 +5259,13 @@ "type":"structure", "required":["userAccessLoggingSettingsArn"], "members":{ - "kinesisStreamArn":{ - "shape":"KinesisStreamArn", - "documentation":"

    The ARN of the Kinesis stream.

    " - }, "userAccessLoggingSettingsArn":{ "shape":"ARN", "documentation":"

    The ARN of the user access logging settings.

    " + }, + "kinesisStreamArn":{ + "shape":"KinesisStreamArn", + "documentation":"

    The ARN of the Kinesis stream.

    " } }, "documentation":"

    The summary of user access logging settings.

    " @@ -4678,57 +5274,61 @@ "type":"structure", "required":["userSettingsArn"], "members":{ - "additionalEncryptionContext":{ - "shape":"EncryptionContextMap", - "documentation":"

    The additional encryption context of the user settings.

    " + "userSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the user settings.

    " }, "associatedPortalArns":{ "shape":"ArnList", "documentation":"

    A list of web portal ARNs that this user settings is associated with.

    " }, - "cookieSynchronizationConfiguration":{ - "shape":"CookieSynchronizationConfiguration", - "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " - }, "copyAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can copy text from the streaming session to the local device.

    " }, - "customerManagedKey":{ - "shape":"keyArn", - "documentation":"

    The customer managed key used to encrypt sensitive information in the user settings.

    " + "pasteAllowed":{ + "shape":"EnabledType", + "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " }, - "deepLinkAllowed":{ + "downloadAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " + "documentation":"

    Specifies whether the user can download files from the streaming session to the local device.

    " + }, + "uploadAllowed":{ + "shape":"EnabledType", + "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " + }, + "printAllowed":{ + "shape":"EnabledType", + "documentation":"

    Specifies whether the user can print to the local device.

    " }, "disconnectTimeoutInMinutes":{ "shape":"DisconnectTimeoutInMinutes", "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " }, - "downloadAllowed":{ - "shape":"EnabledType", - "documentation":"

    Specifies whether the user can download files from the streaming session to the local device.

    " - }, "idleDisconnectTimeoutInMinutes":{ "shape":"IdleDisconnectTimeoutInMinutes", "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " }, - "pasteAllowed":{ - "shape":"EnabledType", - "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " + "cookieSynchronizationConfiguration":{ + "shape":"CookieSynchronizationConfiguration", + "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " }, - "printAllowed":{ - "shape":"EnabledType", - "documentation":"

    Specifies whether the user can print to the local device.

    " + "customerManagedKey":{ + "shape":"keyArn", + "documentation":"

    The customer managed key used to encrypt sensitive information in the user settings.

    " }, - "uploadAllowed":{ + "additionalEncryptionContext":{ + "shape":"EncryptionContextMap", + "documentation":"

    The additional encryption context of the user settings.

    " + }, + "deepLinkAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " }, - "userSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the user settings.

    " + "toolbarConfiguration":{ + "shape":"ToolbarConfiguration", + "documentation":"

    The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

    " } }, "documentation":"

    A user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices.

    " @@ -4741,45 +5341,49 @@ "type":"structure", "required":["userSettingsArn"], "members":{ - "cookieSynchronizationConfiguration":{ - "shape":"CookieSynchronizationConfiguration", - "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " + "userSettingsArn":{ + "shape":"ARN", + "documentation":"

    The ARN of the user settings.

    " }, "copyAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can copy text from the streaming session to the local device.

    " }, - "deepLinkAllowed":{ + "pasteAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " - }, - "disconnectTimeoutInMinutes":{ - "shape":"DisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " }, "downloadAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can download files from the streaming session to the local device.

    " }, - "idleDisconnectTimeoutInMinutes":{ - "shape":"IdleDisconnectTimeoutInMinutes", - "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " - }, - "pasteAllowed":{ + "uploadAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can paste text from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " }, "printAllowed":{ "shape":"EnabledType", "documentation":"

    Specifies whether the user can print to the local device.

    " }, - "uploadAllowed":{ + "disconnectTimeoutInMinutes":{ + "shape":"DisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that a streaming session remains active after users disconnect.

    " + }, + "idleDisconnectTimeoutInMinutes":{ + "shape":"IdleDisconnectTimeoutInMinutes", + "documentation":"

    The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the disconnect timeout interval begins.

    " + }, + "cookieSynchronizationConfiguration":{ + "shape":"CookieSynchronizationConfiguration", + "documentation":"

    The configuration that specifies which cookies should be synchronized from the end user's local browser to the remote browser.

    " + }, + "deepLinkAllowed":{ "shape":"EnabledType", - "documentation":"

    Specifies whether the user can upload files from the local device to the streaming session.

    " + "documentation":"

    Specifies whether the user can use deep links that open automatically when connecting to a session.

    " }, - "userSettingsArn":{ - "shape":"ARN", - "documentation":"

    The ARN of the user settings.

    " + "toolbarConfiguration":{ + "shape":"ToolbarConfiguration", + "documentation":"

    The configuration of the toolbar. This allows administrators to select the toolbar type and visual mode, set maximum display resolution for sessions, and choose which items are visible to end users during their sessions. If administrators do not modify these settings, end users retain control over their toolbar preferences.

    " } }, "documentation":"

    The summary of user settings.

    " @@ -4788,20 +5392,20 @@ "type":"string", "max":256, "min":0, - "pattern":"^[\\s\\S]*$", + "pattern":"[\\s\\S]*", "sensitive":true }, "ValidationException":{ "type":"structure", "members":{ - "fieldList":{ - "shape":"ValidationExceptionFieldList", - "documentation":"

    The field that caused the error.

    " - }, "message":{"shape":"ExceptionMessage"}, "reason":{ "shape":"ValidationExceptionReason", "documentation":"

    Reason the request failed validation

    " + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"

    The field that caused the error.

    " } }, "documentation":"

    There is a validation error.

    ", @@ -4814,17 +5418,17 @@ "ValidationExceptionField":{ "type":"structure", "required":[ - "message", - "name" + "name", + "message" ], "members":{ - "message":{ - "shape":"ExceptionMessage", - "documentation":"

    The message describing why the field failed validation.

    " - }, "name":{ "shape":"FieldName", "documentation":"

    The name of the field that failed validation.

    " + }, + "message":{ + "shape":"ExceptionMessage", + "documentation":"

    The message describing why the field failed validation.

    " } }, "documentation":"

    Information about a field passed inside a request that resulted in an exception.

    " @@ -4842,17 +5446,24 @@ "other" ] }, + "VisualMode":{ + "type":"string", + "enum":[ + "Dark", + "Light" + ] + }, "VpcId":{ "type":"string", "max":255, "min":1, - "pattern":"^vpc-[0-9a-z]*$" + "pattern":"vpc-[0-9a-z]*" }, "keyArn":{ "type":"string", "max":2048, "min":20, - "pattern":"^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$" + "pattern":"arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+" } }, "documentation":"

    Amazon WorkSpaces Secure Browser is a low cost, fully managed WorkSpace built specifically to facilitate secure, web-based workloads. WorkSpaces Secure Browser makes it easy for customers to safely provide their employees with access to internal websites and SaaS web applications without the administrative burden of appliances or specialized client software. WorkSpaces Secure Browser provides simple policy tools tailored for user interactions, while offloading common tasks like capacity management, scaling, and maintaining browser images.

    " diff -pruN 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/waiters-2.json 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/waiters-2.json --- 2.23.6-1/awscli/botocore/data/workspaces-web/2020-07-08/waiters-2.json 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/workspaces-web/2020-07-08/waiters-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff -pruN 2.23.6-1/awscli/botocore/data/xray/2016-04-12/endpoint-rule-set-1.json 2.31.35-1/awscli/botocore/data/xray/2016-04-12/endpoint-rule-set-1.json --- 2.23.6-1/awscli/botocore/data/xray/2016-04-12/endpoint-rule-set-1.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/xray/2016-04-12/endpoint-rule-set-1.json 2025-11-12 19:17:29.000000000 +0000 @@ -5,27 +5,27 @@ "builtIn": "AWS::Region", "required": false, "documentation": "The AWS region used to dispatch the request.", - "type": "String" + "type": "string" }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, "default": false, "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", - "type": "Boolean" + "type": "boolean" }, "UseFIPS": { "builtIn": "AWS::UseFIPS", "required": true, "default": false, "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", - "type": "Boolean" + "type": "boolean" }, "Endpoint": { "builtIn": "SDK::Endpoint", "required": false, "documentation": "Override the endpoint used to send this request", - "type": "String" + "type": "string" } }, "rules": [ diff -pruN 2.23.6-1/awscli/botocore/data/xray/2016-04-12/service-2.json 2.31.35-1/awscli/botocore/data/xray/2016-04-12/service-2.json --- 2.23.6-1/awscli/botocore/data/xray/2016-04-12/service-2.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/data/xray/2016-04-12/service-2.json 2025-11-12 19:17:29.000000000 +0000 @@ -336,7 +336,7 @@ {"shape":"InvalidRequestException"}, {"shape":"ThrottledException"} ], - "documentation":"

    Retrieves the current destination of data sent to PutTraceSegments and OpenTelemetry API. The Transaction Search feature requires a CloudWatchLogs destination. For more information, see Transaction Search and OpenTelemetry.

    " + "documentation":"

    Retrieves the current destination of data sent to PutTraceSegments and OpenTelemetry protocol (OTLP) endpoint. The Transaction Search feature requires a CloudWatchLogs destination. For more information, see Transaction Search and OpenTelemetry.

    " }, "GetTraceSummaries":{ "name":"GetTraceSummaries", @@ -379,7 +379,7 @@ {"shape":"ThrottledException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Retrieves a list of traces for a given RetrievalToken from the CloudWatch log group generated by Transaction Search. For information on what each trace returns, see BatchGetTraces.

    This API does not initiate a retrieval job. To start a trace retrieval, use StartTraceRetrieval, which generates the required RetrievalToken.

    When the RetrievalStatus is not COMPLETE, the API will return an empty response. Retry the request once the retrieval has completed to access the full list of traces.

    For cross-account observability, this API can retrieve traces from linked accounts when CloudWatch log is the destination across relevant accounts. For more details, see CloudWatch cross-account observability.

    For retrieving data from X-Ray directly as opposed to the Transaction-Search Log group, see BatchGetTraces.

    " + "documentation":"

    Retrieves a list of traces for a given RetrievalToken from the CloudWatch log group generated by Transaction Search. For information on what each trace returns, see BatchGetTraces.

    This API does not initiate a retrieval process. To start a trace retrieval, use StartTraceRetrieval, which generates the required RetrievalToken.

    When the RetrievalStatus is not COMPLETE, the API will return an empty response. Retry the request once the retrieval has completed to access the full list of traces.

    For cross-account observability, this API can retrieve traces from linked accounts when CloudWatch log is set as the destination across relevant accounts. For more details, see CloudWatch cross-account observability.

    For retrieving data from X-Ray directly as opposed to the Transaction Search generated log group, see BatchGetTraces.

    " }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -469,7 +469,7 @@ {"shape":"ThrottledException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

    Initiates a trace retrieval process using the specified time range and for the give trace IDs on Transaction Search generated by the CloudWatch log group. For more information, see Transaction Search.

    API returns a RetrievalToken, which can be used with ListRetrievedTraces or GetRetrievedTracesGraph to fetch results. Retrievals will time out after 60 minutes. To execute long time ranges, consider segmenting into multiple retrievals.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to retrieve data from a linked source account, as long as both accounts have transaction search enabled.

    For retrieving data from X-Ray directly as opposed to the Transaction-Search Log group, see BatchGetTraces.

    " + "documentation":"

    Initiates a trace retrieval process using the specified time range and for the given trace IDs in the Transaction Search generated CloudWatch log group. For more information, see Transaction Search.

    API returns a RetrievalToken, which can be used with ListRetrievedTraces or GetRetrievedTracesGraph to fetch results. Retrievals will time out after 60 minutes. To execute long time ranges, consider segmenting into multiple retrievals.

    If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to retrieve data from a linked source account, as long as both accounts have transaction search enabled.

    For retrieving data from X-Ray directly as opposed to the Transaction-Search Log group, see BatchGetTraces.

    " }, "TagResource":{ "name":"TagResource", @@ -627,6 +627,10 @@ "type":"list", "member":{"shape":"AnomalousService"} }, + "AnomalyCount":{ + "type":"integer", + "min":0 + }, "AttributeKey":{ "type":"string", "max":32, @@ -731,14 +735,17 @@ }, "CancelTraceRetrievalResult":{ "type":"structure", - "members":{ - } + "members":{} }, "ClientID":{ "type":"string", "max":24, "min":24 }, + "CooldownWindowMinutes":{ + "type":"integer", + "min":0 + }, "CreateGroupRequest":{ "type":"structure", "required":["GroupName"], @@ -808,8 +815,7 @@ }, "DeleteGroupResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteResourcePolicyRequest":{ "type":"structure", @@ -827,8 +833,7 @@ }, "DeleteResourcePolicyResult":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteSamplingRuleRequest":{ "type":"structure", @@ -1171,8 +1176,7 @@ }, "GetEncryptionConfigRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetEncryptionConfigResult":{ "type":"structure", @@ -1505,6 +1509,10 @@ "SamplingStatisticsDocuments":{ "shape":"SamplingStatisticsDocumentList", "documentation":"

    Information about rules that the service is using to sample requests.

    " + }, + "SamplingBoostStatisticsDocuments":{ + "shape":"SamplingBoostStatisticsDocumentList", + "documentation":"

    Information about rules that the service is using to boost sampling rate.

    " } } }, @@ -1522,6 +1530,10 @@ "UnprocessedStatistics":{ "shape":"UnprocessedStatisticsList", "documentation":"

    Information about SamplingStatisticsDocument that X-Ray could not process.

    " + }, + "UnprocessedBoostStatistics":{ + "shape":"UnprocessedStatisticsList", + "documentation":"

    Information about SamplingBoostStatisticsDocument that X-Ray could not process.

    " } } }, @@ -1666,8 +1678,7 @@ }, "GetTraceSegmentDestinationRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetTraceSegmentDestinationResult":{ "type":"structure", @@ -2286,6 +2297,11 @@ "error":{"httpStatusCode":400}, "exception":true }, + "MaxRate":{ + "type":"double", + "max":1, + "min":0 + }, "NullableBoolean":{"type":"boolean"}, "NullableDouble":{"type":"double"}, "NullableInteger":{"type":"integer"}, @@ -2428,8 +2444,7 @@ }, "PutTelemetryRecordsResult":{ "type":"structure", - "members":{ - } + "members":{} }, "PutTraceSegmentsRequest":{ "type":"structure", @@ -2687,10 +2702,93 @@ "max":32, "min":1 }, + "SampledAnomalyCount":{ + "type":"integer", + "min":0 + }, "SampledCount":{ "type":"integer", "min":0 }, + "SamplingBoost":{ + "type":"structure", + "required":[ + "BoostRate", + "BoostRateTTL" + ], + "members":{ + "BoostRate":{ + "shape":"Double", + "documentation":"

    The calculated sampling boost rate for this service

    " + }, + "BoostRateTTL":{ + "shape":"Timestamp", + "documentation":"

    When the sampling boost expires.

    " + } + }, + "documentation":"

    Temporary boost sampling rate. X-Ray calculates sampling boost for each service based on the recent sampling boost stats of all services that called GetSamplingTargets.

    " + }, + "SamplingBoostStatisticsDocument":{ + "type":"structure", + "required":[ + "RuleName", + "ServiceName", + "Timestamp", + "AnomalyCount", + "TotalCount", + "SampledAnomalyCount" + ], + "members":{ + "RuleName":{ + "shape":"RuleName", + "documentation":"

    The name of the sampling rule.

    " + }, + "ServiceName":{ + "shape":"ServiceName", + "documentation":"

    Matches the name that the service uses to identify itself in segments.

    " + }, + "Timestamp":{ + "shape":"Timestamp", + "documentation":"

    The current time.

    " + }, + "AnomalyCount":{ + "shape":"AnomalyCount", + "documentation":"

    The number of requests with anomaly.

    " + }, + "TotalCount":{ + "shape":"TotalCount", + "documentation":"

    The number of requests that associated to the rule.

    " + }, + "SampledAnomalyCount":{ + "shape":"SampledAnomalyCount", + "documentation":"

    The number of requests with anomaly recorded.

    " + } + }, + "documentation":"

    Request anomaly stats for a single rule from a service. Results are for the last 10 seconds unless the service has been assigned a longer reporting interval after a previous call to GetSamplingTargets.

    " + }, + "SamplingBoostStatisticsDocumentList":{ + "type":"list", + "member":{"shape":"SamplingBoostStatisticsDocument"}, + "max":25 + }, + "SamplingRateBoost":{ + "type":"structure", + "required":[ + "MaxRate", + "CooldownWindowMinutes" + ], + "members":{ + "MaxRate":{ + "shape":"MaxRate", + "documentation":"

    Defines max temporary sampling rate to apply when a boost is triggered. Calculated boost rate by X-Ray will be less than or equal to this max rate.

    " + }, + "CooldownWindowMinutes":{ + "shape":"CooldownWindowMinutes", + "documentation":"

    Sets the time window (in minutes) in which only one sampling rate boost can be triggered. After a boost occurs, no further boosts are allowed until the next window.

    " + } + }, + "documentation":"

    Enable temporary sampling rate increases when you detect anomalies to improve visibility.

    " + }, "SamplingRule":{ "type":"structure", "required":[ @@ -2757,6 +2855,10 @@ "Attributes":{ "shape":"AttributeMap", "documentation":"

    Matches attributes derived from the request.

    " + }, + "SamplingRateBoost":{ + "shape":"SamplingRateBoost", + "documentation":"

    Specifies the multiplier applied to the base sampling rate. This boost allows you to temporarily increase sampling without changing the rule's configuration.

    " } }, "documentation":"

    A sampling rule that services use to decide whether to instrument a request. Rule fields can match properties of the service, or properties of a request. The service can ignore rules that don't match its properties.

    " @@ -2833,6 +2935,10 @@ "Attributes":{ "shape":"AttributeMap", "documentation":"

    Matches attributes derived from the request.

    " + }, + "SamplingRateBoost":{ + "shape":"SamplingRateBoost", + "documentation":"

    Specifies the multiplier applied to the base sampling rate. This boost allows you to temporarily increase sampling without changing the rule's configuration.

    " } }, "documentation":"

    A document specifying changes to a sampling rule's configuration.

    " @@ -2952,6 +3058,10 @@ "Interval":{ "shape":"NullableInteger", "documentation":"

    The number of seconds for the service to wait before getting sampling targets again.

    " + }, + "SamplingBoost":{ + "shape":"SamplingBoost", + "documentation":"

    The sampling boost that X-Ray allocated for this service.

    " } }, "documentation":"

    Temporary changes to a sampling rule configuration. To meet the global sampling target for a rule, X-Ray calculates a new reservoir for each service based on the recent sampling results of all services that called GetSamplingTargets.

    " @@ -3224,8 +3334,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3324,6 +3433,10 @@ "error":{"httpStatusCode":400}, "exception":true }, + "TotalCount":{ + "type":"integer", + "min":0 + }, "Trace":{ "type":"structure", "members":{ @@ -3333,7 +3446,7 @@ }, "Duration":{ "shape":"NullableDouble", - "documentation":"

    The length of time in seconds between the start time of the root segment and the end time of the last segment that completed.

    " + "documentation":"

    The length of time in seconds between the start time of the earliest segment that started and the end time of the last segment that completed.

    " }, "LimitExceeded":{ "shape":"NullableBoolean", @@ -3422,7 +3535,7 @@ }, "Duration":{ "shape":"NullableDouble", - "documentation":"

    The length of time in seconds between the start time of the root segment and the end time of the last segment that completed.

    " + "documentation":"

    The length of time in seconds between the start time of the earliest segment that started and the end time of the last segment that completed.

    " }, "ResponseTime":{ "shape":"NullableDouble", @@ -3592,8 +3705,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateGroupRequest":{ "type":"structure", diff -pruN 2.23.6-1/awscli/botocore/discovery.py 2.31.35-1/awscli/botocore/discovery.py --- 2.23.6-1/awscli/botocore/discovery.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/discovery.py 2025-11-12 19:17:29.000000000 +0000 @@ -27,12 +27,14 @@ class EndpointDiscoveryException(BotoCor class EndpointDiscoveryRequired(EndpointDiscoveryException): - """ Endpoint Discovery is disabled but is required for this operation. """ + """Endpoint Discovery is disabled but is required for this operation.""" + fmt = 'Endpoint Discovery is not enabled but this operation requires it.' class EndpointDiscoveryRefreshFailed(EndpointDiscoveryException): - """ Endpoint Discovery failed to the refresh the known endpoints. """ + """Endpoint Discovery failed to the refresh the known endpoints.""" + fmt = 'Endpoint Discovery failed to refresh the required endpoints.' @@ -42,7 +44,7 @@ def block_endpoint_discovery_required_op raise EndpointDiscoveryRequired() -class EndpointDiscoveryModel(object): +class EndpointDiscoveryModel: def __init__(self, service_model): self._service_model = service_model @@ -61,7 +63,9 @@ class EndpointDiscoveryModel(object): def discovery_required_for(self, operation_name): try: - operation_model = self._service_model.operation_model(operation_name) + operation_model = self._service_model.operation_model( + operation_name + ) return operation_model.endpoint_discovery.get('required', False) except OperationNotFoundError: return False @@ -85,13 +89,17 @@ class EndpointDiscoveryModel(object): for member_name, member_shape in shape.members.items(): if member_shape.metadata.get('endpointdiscoveryid'): ids[member_name] = params[member_name] - elif member_shape.type_name == 'structure' and member_name in params: + elif ( + member_shape.type_name == 'structure' and member_name in params + ): self._gather_ids(member_shape, params[member_name], ids) return ids -class EndpointDiscoveryManager(object): - def __init__(self, client, cache=None, current_time=None, always_discover=True): +class EndpointDiscoveryManager: + def __init__( + self, client, cache=None, current_time=None, always_discover=True + ): if cache is None: cache = {} self._cache = cache @@ -177,8 +185,7 @@ class EndpointDiscoveryManager(object): if not self._always_discover and not discovery_required: # Discovery set to only run on required operations logger.debug( - 'Optional discovery disabled. Skipping discovery for Operation: %s' - % operation + f'Optional discovery disabled. Skipping discovery for Operation: {operation}' ) return None @@ -214,18 +221,18 @@ class EndpointDiscoveryManager(object): return None -class EndpointDiscoveryHandler(object): +class EndpointDiscoveryHandler: def __init__(self, manager): self._manager = manager def register(self, events, service_id): events.register( - 'before-parameter-build.%s' % service_id, self.gather_identifiers + f'before-parameter-build.{service_id}', self.gather_identifiers ) events.register_first( - 'request-created.%s' % service_id, self.discover_endpoint + f'request-created.{service_id}', self.discover_endpoint ) - events.register('needs-retry.%s' % service_id, self.handle_retries) + events.register(f'needs-retry.{service_id}', self.handle_retries) def gather_identifiers(self, params, model, context, **kwargs): endpoint_discovery = model.endpoint_discovery diff -pruN 2.23.6-1/awscli/botocore/docs/__init__.py 2.31.35-1/awscli/botocore/docs/__init__.py --- 2.23.6-1/awscli/botocore/docs/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -33,6 +33,7 @@ def generate_docs(root_dir, session): for service_name in session.get_available_services(): docs = ServiceDocumenter(service_name, session).document_service() service_doc_path = os.path.join( - services_doc_path, service_name + '.rst') + services_doc_path, service_name + '.rst' + ) with open(service_doc_path, 'wb') as f: f.write(docs) diff -pruN 2.23.6-1/awscli/botocore/docs/bcdoc/docstringparser.py 2.31.35-1/awscli/botocore/docs/bcdoc/docstringparser.py --- 2.23.6-1/awscli/botocore/docs/bcdoc/docstringparser.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/bcdoc/docstringparser.py 2025-11-12 19:17:29.000000000 +0000 @@ -51,12 +51,13 @@ class DocStringParser(HTMLParser): self.tree.add_data(data) -class HTMLTree(object): +class HTMLTree: """ A tree which handles HTML nodes. Designed to work with a python HTML parser, meaning that the current_node will be the most recently opened tag. When a tag is closed, the current_node moves up to the parent node. """ + def __init__(self, doc): self.doc = doc self.head = StemNode() @@ -80,9 +81,9 @@ class HTMLTree(object): def _doc_has_handler(self, tag, is_start): if is_start: - handler_name = 'start_%s' % tag + handler_name = f'start_{tag}' else: - handler_name = 'end_%s' % tag + handler_name = f'end_{tag}' return hasattr(self.doc.style, handler_name) @@ -93,7 +94,7 @@ class HTMLTree(object): self.head.write(self.doc) -class Node(object): +class Node: def __init__(self, parent=None): self.parent = parent @@ -103,7 +104,7 @@ class Node(object): class StemNode(Node): def __init__(self, parent=None): - super(StemNode, self).__init__(parent) + super().__init__(parent) self.children = [] def add_child(self, child): @@ -122,8 +123,9 @@ class TagNode(StemNode): """ A generic Tag node. It will verify that handlers exist before writing. """ + def __init__(self, tag, attrs=None, parent=None): - super(TagNode, self).__init__(parent) + super().__init__(parent) self.attrs = attrs self.tag = tag @@ -133,23 +135,23 @@ class TagNode(StemNode): self._write_end(doc) def _write_start(self, doc): - handler_name = 'start_%s' % self.tag + handler_name = f'start_{self.tag}' if hasattr(doc.style, handler_name): getattr(doc.style, handler_name)(self.attrs) def _write_end(self, doc): - handler_name = 'end_%s' % self.tag + handler_name = f'end_{self.tag}' if hasattr(doc.style, handler_name): getattr(doc.style, handler_name)() class LineItemNode(TagNode): def __init__(self, attrs=None, parent=None): - super(LineItemNode, self).__init__('li', attrs, parent) + super().__init__('li', attrs, parent) def write(self, doc): self._lstrip(self) - super(LineItemNode, self).write(doc) + super().write(doc) def _lstrip(self, node): """ @@ -174,10 +176,11 @@ class DataNode(Node): """ A Node that contains only string data. """ + def __init__(self, data, parent=None): - super(DataNode, self).__init__(parent) + super().__init__(parent) if not isinstance(data, str): - raise ValueError("Expecting string type, %s given." % type(data)) + raise ValueError(f"Expecting string type, {type(data)} given.") self.data = data def lstrip(self): diff -pruN 2.23.6-1/awscli/botocore/docs/bcdoc/restdoc.py 2.31.35-1/awscli/botocore/docs/bcdoc/restdoc.py --- 2.23.6-1/awscli/botocore/docs/bcdoc/restdoc.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/bcdoc/restdoc.py 2025-11-12 19:17:29.000000000 +0000 @@ -19,8 +19,7 @@ from botocore.docs.bcdoc.style import Re LOG = logging.getLogger('bcdocs') -class ReSTDocument(object): - +class ReSTDocument: def __init__(self, target='man'): self.style = ReSTStyle(self) self.target = target @@ -46,7 +45,7 @@ class ReSTDocument(object): """ Write content on a newline. """ - self._write('%s%s\n' % (self.style.spaces(), content)) + self._write(f'{self.style.spaces()}{content}\n') def peek_write(self): """ @@ -117,7 +116,7 @@ class DocumentStructure(ReSTDocument): :param context: A dictionary of data to store with the strucuture. These are only stored per section not the entire structure. """ - super(DocumentStructure, self).__init__(target=target) + super().__init__(target=target) self._name = name self._structure = OrderedDict() self._path = [self._name] @@ -172,8 +171,9 @@ class DocumentStructure(ReSTDocument): to the document structure it was instantiated from. """ # Add a new section - section = self.__class__(name=name, target=self.target, - context=context) + section = self.__class__( + name=name, target=self.target, context=context + ) section.path = self.path + [name] # Indent the section apporpriately as well section.style.indentation = self.style.indentation diff -pruN 2.23.6-1/awscli/botocore/docs/bcdoc/style.py 2.31.35-1/awscli/botocore/docs/bcdoc/style.py --- 2.23.6-1/awscli/botocore/docs/bcdoc/style.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/bcdoc/style.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,8 +16,7 @@ import logging logger = logging.getLogger('bcdocs') -class BaseStyle(object): - +class BaseStyle: def __init__(self, doc, indent_width=2): self.doc = doc self.indent_width = indent_width @@ -33,7 +32,7 @@ class BaseStyle(object): self._indent = value def new_paragraph(self): - return '\n%s' % self.spaces() + return f'\n{self.spaces()}' def indent(self): self._indent += 1 @@ -65,7 +64,6 @@ class BaseStyle(object): class ReSTStyle(BaseStyle): - def __init__(self, doc, indent_width=2): BaseStyle.__init__(self, doc, indent_width) self.do_p = True @@ -73,10 +71,10 @@ class ReSTStyle(BaseStyle): self.list_depth = 0 def new_paragraph(self): - self.doc.write('\n\n%s' % self.spaces()) + self.doc.write(f'\n\n{self.spaces()}') def new_line(self): - self.doc.write('\n%s' % self.spaces()) + self.doc.write(f'\n{self.spaces()}') def _start_inline(self, markup): self.doc.write(markup) @@ -123,12 +121,12 @@ class ReSTStyle(BaseStyle): def ref(self, title, link=None): if link is None: link = title - self.doc.write(':doc:`%s <%s>`' % (title, link)) + self.doc.write(f':doc:`{title} <{link}>`') def _heading(self, s, border_char): border = border_char * len(s) self.new_paragraph() - self.doc.write('%s\n%s\n%s' % (border, s, border)) + self.doc.write(f'{border}\n{s}\n{border}') self.new_paragraph() def h1(self, s): @@ -154,11 +152,11 @@ class ReSTStyle(BaseStyle): def start_p(self, attrs=None): if self.do_p: - self.doc.write('\n\n%s' % self.spaces()) + self.doc.write(f'\n\n{self.spaces()}') def end_p(self): if self.do_p: - self.doc.write('\n\n%s' % self.spaces()) + self.doc.write(f'\n\n{self.spaces()}') def start_code(self, attrs=None): self.doc.do_translation = True @@ -219,13 +217,13 @@ class ReSTStyle(BaseStyle): self.doc.do_translation = True def link_target_definition(self, refname, link): - self.doc.writeln('.. _%s: %s' % (refname, link)) + self.doc.writeln(f'.. _{refname}: {link}') def sphinx_reference_label(self, label, text=None): if text is None: text = label if self.doc.target == 'html': - self.doc.write(':ref:`%s <%s>`' % (text, label)) + self.doc.write(f':ref:`{text} <{label}>`') else: self.doc.write(text) @@ -238,14 +236,14 @@ class ReSTStyle(BaseStyle): if ':' in last_write: last_write = last_write.replace(':', r'\:') self.doc.push_write(last_write) - self.doc.push_write(' <%s>`__' % self.a_href) + self.doc.push_write(f' <{self.a_href}>`__') elif last_write == '`': # Look at start_a(). It will do a self.doc.write('`') # which is the start of the link title. If that is the # case then there was no link text. We should just # use an inline link. The syntax of this is # ``_ - self.doc.push_write('`<%s>`__' % self.a_href) + self.doc.push_write(f'`<{self.a_href}>`__') else: self.doc.push_write(self.a_href) self.doc.hrefs[self.a_href] = self.a_href @@ -346,9 +344,9 @@ class ReSTStyle(BaseStyle): self.li(item) else: if file_name: - self.doc.writeln(' %s' % file_name) + self.doc.writeln(f' {file_name}') else: - self.doc.writeln(' %s' % item) + self.doc.writeln(f' {item}') def hidden_toctree(self): if self.doc.target == 'html': @@ -365,11 +363,11 @@ class ReSTStyle(BaseStyle): if title is not None: self.doc.writeln(title) if depth is not None: - self.doc.writeln(' :depth: %s' % depth) + self.doc.writeln(f' :depth: {depth}') def start_sphinx_py_class(self, class_name): self.new_paragraph() - self.doc.write('.. py:class:: %s' % class_name) + self.doc.write(f'.. py:class:: {class_name}') self.indent() self.new_paragraph() @@ -379,9 +377,9 @@ class ReSTStyle(BaseStyle): def start_sphinx_py_method(self, method_name, parameters=None): self.new_paragraph() - content = '.. py:method:: %s' % method_name + content = f'.. py:method:: {method_name}' if parameters is not None: - content += '(%s)' % parameters + content += f'({parameters})' self.doc.write(content) self.indent() self.new_paragraph() @@ -392,7 +390,7 @@ class ReSTStyle(BaseStyle): def start_sphinx_py_attr(self, attr_name): self.new_paragraph() - self.doc.write('.. py:attribute:: %s' % attr_name) + self.doc.write(f'.. py:attribute:: {attr_name}') self.indent() self.new_paragraph() @@ -407,12 +405,12 @@ class ReSTStyle(BaseStyle): def external_link(self, title, link): if self.doc.target == 'html': - self.doc.write('`%s <%s>`_' % (title, link)) + self.doc.write(f'`{title} <{link}>`_') else: self.doc.write(title) def internal_link(self, title, page): if self.doc.target == 'html': - self.doc.write(':doc:`%s <%s>`' % (title, page)) + self.doc.write(f':doc:`{title} <{page}>`') else: self.doc.write(title) diff -pruN 2.23.6-1/awscli/botocore/docs/client.py 2.31.35-1/awscli/botocore/docs/client.py --- 2.23.6-1/awscli/botocore/docs/client.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/client.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,7 @@ from botocore.docs.sharedexample import from botocore.docs.utils import DocumentedShape, get_official_service_name -class ClientDocumenter(object): +class ClientDocumenter: def __init__(self, client, shared_examples=None): self._client = client self._shared_examples = shared_examples @@ -50,11 +50,15 @@ class ClientDocumenter(object): section = section.add_new_section('intro') # Write out the top level description for the client. official_service_name = get_official_service_name( - self._client.meta.service_model) + self._client.meta.service_model + ) section.write( - 'A low-level client representing %s' % official_service_name) + f'A low-level client representing {official_service_name}' + ) section.style.new_line() - section.include_doc_string(self._client.meta.service_model.documentation) + section.include_doc_string( + self._client.meta.service_model.documentation + ) # Write out the client example instantiation. self._add_client_creation_example(section) @@ -65,19 +69,18 @@ class ClientDocumenter(object): section.style.new_line() class_name = self._client.__class__.__name__ for method_name in sorted(client_methods): - section.style.li(':py:meth:`~%s.Client.%s`' % ( - class_name, method_name)) + section.style.li(f':py:meth:`~{class_name}.Client.{method_name}`') def _add_class_signature(self, section): section.style.start_sphinx_py_class( - class_name='%s.Client' % self._client.__class__.__name__) + class_name=f'{self._client.__class__.__name__}.Client' + ) def _add_client_creation_example(self, section): section.style.start_codeblock() section.style.new_line() section.write( - 'client = session.create_client(\'{service}\')'.format( - service=self._service_name) + f'client = session.create_client(\'{self._service_name}\')' ) section.style.end_codeblock() @@ -85,7 +88,8 @@ class ClientDocumenter(object): section = section.add_new_section('methods') for method_name in sorted(client_methods): self._add_client_method( - section, method_name, client_methods[method_name]) + section, method_name, client_methods[method_name] + ) def _add_client_method(self, section, method_name, method): section = section.add_new_section(method_name) @@ -107,17 +111,19 @@ class ClientDocumenter(object): error_section.style.new_line() client_name = self._client.__class__.__name__ for error in operation_model.error_shapes: - class_name = '%s.Client.exceptions.%s' % (client_name, error.name) - error_section.style.li(':py:class:`%s`' % class_name) + class_name = f'{client_name}.Client.exceptions.{error.name}' + error_section.style.li(f':py:class:`{class_name}`') def _add_model_driven_method(self, section, method_name): service_model = self._client.meta.service_model operation_name = self._client.meta.method_to_api_mapping[method_name] operation_model = service_model.operation_model(operation_name) - example_prefix = 'response = client.%s' % method_name + example_prefix = f'response = client.{method_name}' document_model_driven_method( - section, method_name, operation_model, + section, + method_name, + operation_model, event_emitter=self._client.meta.events, method_description=operation_model.documentation, example_prefix=example_prefix, @@ -131,10 +137,11 @@ class ClientDocumenter(object): shared_examples = self._shared_examples.get(operation_name) if shared_examples: document_shared_examples( - section, operation_model, example_prefix, shared_examples) + section, operation_model, example_prefix, shared_examples + ) -class ClientExceptionsDocumenter(object): +class ClientExceptionsDocumenter: _USER_GUIDE_LINK = ( 'https://boto3.amazonaws.com/' 'v1/documentation/api/latest/guide/error-handling.html' @@ -142,26 +149,32 @@ class ClientExceptionsDocumenter(object) _GENERIC_ERROR_SHAPE = DocumentedShape( name='Error', type_name='structure', - documentation=( - 'Normalized access to common exception attributes.' - ), - members=OrderedDict([ - ('Code', DocumentedShape( - name='Code', - type_name='string', - documentation=( - 'An identifier specifying the exception type.' + documentation=('Normalized access to common exception attributes.'), + members=OrderedDict( + [ + ( + 'Code', + DocumentedShape( + name='Code', + type_name='string', + documentation=( + 'An identifier specifying the exception type.' + ), + ), ), - )), - ('Message', DocumentedShape( - name='Message', - type_name='string', - documentation=( - 'A descriptive message explaining why the exception ' - 'occured.' + ( + 'Message', + DocumentedShape( + name='Message', + type_name='string', + documentation=( + 'A descriptive message explaining why the exception ' + 'occured.' + ), + ), ), - )), - ]), + ] + ), ) def __init__(self, client): @@ -194,7 +207,7 @@ class ClientExceptionsDocumenter(object) def _exception_class_name(self, shape): cls_name = self._client.__class__.__name__ - return '%s.Client.exceptions.%s' % (cls_name, shape.name) + return f'{cls_name}.Client.exceptions.{shape.name}' def _add_exceptions_list(self, section): error_shapes = self._client.meta.service_model.error_shapes @@ -208,7 +221,7 @@ class ClientExceptionsDocumenter(object) section.style.new_line() for shape in error_shapes: class_name = self._exception_class_name(shape) - section.style.li(':py:class:`%s`' % class_name) + section.style.li(f':py:class:`{class_name}`') def _add_exception_classes(self, section): for shape in self._client.meta.service_model.error_shapes: @@ -239,7 +252,7 @@ class ClientExceptionsDocumenter(object) section.write('...') section.style.dedent() section.style.new_line() - section.write('except client.exceptions.%s as e:' % shape.name) + section.write(f'except client.exceptions.{shape.name} as e:') section.style.indent() section.style.new_line() section.write('print(e.response)') @@ -275,7 +288,9 @@ class ClientExceptionsDocumenter(object) event_emitter=self._client.meta.events, ) documenter.document_example( - example_section, shape, include=[self._GENERIC_ERROR_SHAPE], + example_section, + shape, + include=[self._GENERIC_ERROR_SHAPE], ) def _add_response_params(self, section, shape): @@ -289,5 +304,7 @@ class ClientExceptionsDocumenter(object) event_emitter=self._client.meta.events, ) documenter.document_params( - params_section, shape, include=[self._GENERIC_ERROR_SHAPE], + params_section, + shape, + include=[self._GENERIC_ERROR_SHAPE], ) diff -pruN 2.23.6-1/awscli/botocore/docs/docstring.py 2.31.35-1/awscli/botocore/docs/docstring.py --- 2.23.6-1/awscli/botocore/docs/docstring.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/docstring.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,20 +24,21 @@ class LazyLoadedDocstring(str): help(). Note that all docstring classes **must** subclass from this class. It cannot be used directly as a docstring. """ + def __init__(self, *args, **kwargs): """ The args and kwargs are the same as the underlying document generation function. These just get proxied to the underlying function. """ - super(LazyLoadedDocstring, self).__init__() + super().__init__() self._gen_args = args self._gen_kwargs = kwargs self._docstring = None def __new__(cls, *args, **kwargs): # Needed in order to sub class from str with args and kwargs - return super(LazyLoadedDocstring, cls).__new__(cls) + return super().__new__(cls) def _write_docstring(self, *args, **kwargs): raise NotImplementedError( @@ -76,8 +77,8 @@ class LazyLoadedDocstring(str): # Call the document method function with the args and kwargs # passed to the class. self._write_docstring( - docstring_structure, *self._gen_args, - **self._gen_kwargs) + docstring_structure, *self._gen_args, **self._gen_kwargs + ) return docstring_structure.flush_structure().decode('utf-8') diff -pruN 2.23.6-1/awscli/botocore/docs/example.py 2.31.35-1/awscli/botocore/docs/example.py --- 2.23.6-1/awscli/botocore/docs/example.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/example.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,8 +15,9 @@ from botocore.docs.utils import py_defau class BaseExampleDocumenter(ShapeDocumenter): - def document_example(self, section, shape, prefix=None, include=None, - exclude=None): + def document_example( + self, section, shape, prefix=None, include=None, exclude=None + ): """Generates an example based on a shape :param section: The section to write the documentation to. @@ -39,14 +40,19 @@ class BaseExampleDocumenter(ShapeDocumen if prefix is not None: section.write(prefix) self.traverse_and_document_shape( - section=section, shape=shape, history=history, - include=include, exclude=exclude) + section=section, + shape=shape, + history=history, + include=include, + exclude=exclude, + ) def document_recursive_shape(self, section, shape, **kwargs): section.write('{\'... recursive ...\'}') - def document_shape_default(self, section, shape, history, include=None, - exclude=None, **kwargs): + def document_shape_default( + self, section, shape, history, include=None, exclude=None, **kwargs + ): py_type = self._get_special_py_default(shape) if py_type is None: py_type = py_default(shape.type_name) @@ -55,33 +61,37 @@ class BaseExampleDocumenter(ShapeDocumen py_type = 'StreamingBody()' section.write(py_type) - def document_shape_type_string(self, section, shape, history, - include=None, exclude=None, **kwargs): + def document_shape_type_string( + self, section, shape, history, include=None, exclude=None, **kwargs + ): if 'enum' in shape.metadata: for i, enum in enumerate(shape.metadata['enum']): - section.write('\'%s\'' % enum) + section.write(f'\'{enum}\'') if i < len(shape.metadata['enum']) - 1: section.write('|') else: self.document_shape_default(section, shape, history) - def document_shape_type_list(self, section, shape, history, include=None, - exclude=None, **kwargs): + def document_shape_type_list( + self, section, shape, history, include=None, exclude=None, **kwargs + ): param_shape = shape.member list_section = section.add_new_section('list-value') self._start_nested_param(list_section, '[') param_section = list_section.add_new_section( - 'member', context={'shape': param_shape.name}) + 'member', context={'shape': param_shape.name} + ) self.traverse_and_document_shape( - section=param_section, shape=param_shape, history=history) + section=param_section, shape=param_shape, history=history + ) ending_comma_section = list_section.add_new_section('ending-comma') ending_comma_section.write(',') - ending_bracket_section = list_section.add_new_section( - 'ending-bracket') + ending_bracket_section = list_section.add_new_section('ending-bracket') self._end_nested_param(ending_bracket_section, ']') - def document_shape_type_structure(self, section, shape, history, - include=None, exclude=None, **kwargs): + def document_shape_type_structure( + self, section, shape, history, include=None, exclude=None, **kwargs + ): if not shape.members: section.write('{}') return @@ -95,32 +105,41 @@ class BaseExampleDocumenter(ShapeDocumen if exclude and param in exclude: continue param_section = section.add_new_section(param) - param_section.write('\'%s\': ' % param) + param_section.write(f'\'{param}\': ') param_shape = input_members[param] param_value_section = param_section.add_new_section( - 'member-value', context={'shape': param_shape.name}) + 'member-value', context={'shape': param_shape.name} + ) self.traverse_and_document_shape( - section=param_value_section, shape=param_shape, - history=history, name=param) + section=param_value_section, + shape=param_shape, + history=history, + name=param, + ) if i < len(input_members) - 1: ending_comma_section = param_section.add_new_section( - 'ending-comma') + 'ending-comma' + ) ending_comma_section.write(',') ending_comma_section.style.new_line() self._end_structure(section, '{', '}') - def document_shape_type_map(self, section, shape, history, - include=None, exclude=None, **kwargs): + def document_shape_type_map( + self, section, shape, history, include=None, exclude=None, **kwargs + ): map_section = section.add_new_section('map-value') self._start_nested_param(map_section, '{') value_shape = shape.value key_section = map_section.add_new_section( - 'key', context={'shape': shape.key.name}) + 'key', context={'shape': shape.key.name} + ) key_section.write('\'string\': ') value_section = map_section.add_new_section( - 'value', context={'shape': value_shape.name}) + 'value', context={'shape': value_shape.name} + ) self.traverse_and_document_shape( - section=value_section, shape=value_shape, history=history) + section=value_section, shape=value_shape, history=history + ) end_bracket_section = map_section.add_new_section('ending-bracket') self._end_nested_param(end_bracket_section, '}') @@ -161,8 +180,9 @@ class BaseExampleDocumenter(ShapeDocumen class ResponseExampleDocumenter(BaseExampleDocumenter): EVENT_NAME = 'response-example' - def document_shape_type_event_stream(self, section, shape, history, - **kwargs): + def document_shape_type_event_stream( + self, section, shape, history, **kwargs + ): section.write('EventStream(') self.document_shape_type_structure(section, shape, history, **kwargs) end_section = section.add_new_section('event-stream-end') @@ -172,8 +192,9 @@ class ResponseExampleDocumenter(BaseExam class RequestExampleDocumenter(BaseExampleDocumenter): EVENT_NAME = 'request-example' - def document_shape_type_structure(self, section, shape, history, - include=None, exclude=None, **kwargs): + def document_shape_type_structure( + self, section, shape, history, include=None, exclude=None, **kwargs + ): param_format = '\'%s\'' operator = ': ' start = '{' @@ -196,13 +217,18 @@ class RequestExampleDocumenter(BaseExamp param_section.write(operator) param_shape = input_members[param] param_value_section = param_section.add_new_section( - 'member-value', context={'shape': param_shape.name}) + 'member-value', context={'shape': param_shape.name} + ) self.traverse_and_document_shape( - section=param_value_section, shape=param_shape, - history=history, name=param) + section=param_value_section, + shape=param_shape, + history=history, + name=param, + ) if i < len(input_members) - 1: ending_comma_section = param_section.add_new_section( - 'ending-comma') + 'ending-comma' + ) ending_comma_section.write(',') ending_comma_section.style.new_line() self._end_structure(section, start, end) diff -pruN 2.23.6-1/awscli/botocore/docs/method.py 2.31.35-1/awscli/botocore/docs/method.py --- 2.23.6-1/awscli/botocore/docs/method.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/method.py 2025-11-12 19:17:29.000000000 +0000 @@ -43,8 +43,9 @@ def get_instance_public_methods(instance return instance_methods -def document_model_driven_signature(section, name, operation_model, - include=None, exclude=None): +def document_model_driven_signature( + section, name, operation_model, include=None, exclude=None +): """Documents the signature of a model-driven method :param section: The section to write the documentation to. @@ -82,8 +83,9 @@ def document_model_driven_signature(sect section.style.start_sphinx_py_method(name, signature_params) -def document_custom_signature(section, name, method, - include=None, exclude=None): +def document_custom_signature( + section, name, method, include=None, exclude=None +): """Documents the signature of a custom method :param section: The section to write the documentation to. @@ -125,8 +127,7 @@ def document_custom_method(section, meth :param method: The handle to the method being documented """ - document_custom_signature( - section, method_name, method) + document_custom_signature(section, method_name, method) method_intro_section = section.add_new_section('method-intro') method_intro_section.writeln('') doc_string = inspect.getdoc(method) @@ -134,12 +135,20 @@ def document_custom_method(section, meth method_intro_section.style.write_py_doc_string(doc_string) -def document_model_driven_method(section, method_name, operation_model, - event_emitter, method_description=None, - example_prefix=None, include_input=None, - include_output=None, exclude_input=None, - exclude_output=None, document_output=True, - include_signature=True): +def document_model_driven_method( + section, + method_name, + operation_model, + event_emitter, + method_description=None, + example_prefix=None, + include_input=None, + include_output=None, + exclude_input=None, + exclude_output=None, + document_output=True, + include_signature=True, +): """Documents an individual method :param section: The section to write to @@ -179,8 +188,12 @@ def document_model_driven_method(section # Add the signature if specified. if include_signature: document_model_driven_signature( - section, method_name, operation_model, include=include_input, - exclude=exclude_input) + section, + method_name, + operation_model, + include=include_input, + exclude=exclude_input, + ) # Add the description for the method. method_intro_section = section.add_new_section('method-intro') @@ -188,18 +201,19 @@ def document_model_driven_method(section if operation_model.deprecated: method_intro_section.style.start_danger() method_intro_section.writeln( - 'This operation is deprecated and may not function as ' - 'expected. This operation should not be used going forward ' - 'and is only kept for the purpose of backwards compatiblity.') + 'This operation is deprecated and may not function as ' + 'expected. This operation should not be used going forward ' + 'and is only kept for the purpose of backwards compatiblity.' + ) method_intro_section.style.end_danger() service_uid = operation_model.service_model.metadata.get('uid') if service_uid is not None: method_intro_section.style.new_paragraph() method_intro_section.write("See also: ") - link = '%s/%s/%s' % (AWS_DOC_BASE, service_uid, - operation_model.name) - method_intro_section.style.external_link(title="AWS API Documentation", - link=link) + link = f'{AWS_DOC_BASE}/{service_uid}/{operation_model.name}' + method_intro_section.style.external_link( + title="AWS API Documentation", link=link + ) method_intro_section.writeln('') # Add the example section. @@ -219,10 +233,15 @@ def document_model_driven_method(section RequestExampleDocumenter( service_id=operation_model.service_model.service_id.hyphenize(), operation_name=operation_model.name, - event_emitter=event_emitter, context=context).document_example( - example_section, operation_model.input_shape, - prefix=example_prefix, include=include_input, - exclude=exclude_input) + event_emitter=event_emitter, + context=context, + ).document_example( + example_section, + operation_model.input_shape, + prefix=example_prefix, + include=include_input, + exclude=exclude_input, + ) else: example_section.style.new_paragraph() example_section.style.start_codeblock() @@ -234,9 +253,14 @@ def document_model_driven_method(section RequestParamsDocumenter( service_id=operation_model.service_model.service_id.hyphenize(), operation_name=operation_model.name, - event_emitter=event_emitter, context=context).document_params( - request_params_section, operation_model.input_shape, - include=include_input, exclude=exclude_input) + event_emitter=event_emitter, + context=context, + ).document_params( + request_params_section, + operation_model.input_shape, + include=include_input, + exclude=exclude_input, + ) # Add the return value documentation return_section = section.add_new_section('return') @@ -271,13 +295,18 @@ def document_model_driven_method(section service_id=operation_model.service_model.service_id.hyphenize(), operation_name=operation_model.name, event_emitter=event_emitter, - context=context).document_example( - return_example_section, operation_model.output_shape, - include=include_output, exclude=exclude_output) + context=context, + ).document_example( + return_example_section, + operation_model.output_shape, + include=include_output, + exclude=exclude_output, + ) # Add a description for the return value return_description_section = return_section.add_new_section( - 'description') + 'description' + ) return_description_section.style.new_line() return_description_section.style.bold('Response Structure') return_description_section.style.new_paragraph() @@ -285,8 +314,12 @@ def document_model_driven_method(section service_id=operation_model.service_model.service_id.hyphenize(), operation_name=operation_model.name, event_emitter=event_emitter, - context=context).document_params( - return_description_section, operation_model.output_shape, - include=include_output, exclude=exclude_output) + context=context, + ).document_params( + return_description_section, + operation_model.output_shape, + include=include_output, + exclude=exclude_output, + ) else: return_section.write(':returns: None') diff -pruN 2.23.6-1/awscli/botocore/docs/paginator.py 2.31.35-1/awscli/botocore/docs/paginator.py --- 2.23.6-1/awscli/botocore/docs/paginator.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/paginator.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,7 +17,7 @@ from botocore.docs.utils import Document from botocore.utils import get_service_module_name -class PaginatorDocumenter(object): +class PaginatorDocumenter: def __init__(self, client, service_paginator_model): self._client = client self._service_name = self._client.meta.service_model.service_name @@ -33,13 +33,14 @@ class PaginatorDocumenter(object): section.writeln('The available paginators are:') paginator_names = sorted( - self._service_paginator_model._paginator_config) + self._service_paginator_model._paginator_config + ) # List the available paginators and then document each paginator. for paginator_name in paginator_names: section.style.li( - ':py:class:`%s.Paginator.%s`' % ( - self._client.__class__.__name__, paginator_name)) + f':py:class:`{self._client.__class__.__name__}.Paginator.{paginator_name}`' + ) self._add_paginator(section, paginator_name) def _add_paginator(self, section, paginator_name): @@ -47,33 +48,38 @@ class PaginatorDocumenter(object): # Docment the paginator class section.style.start_sphinx_py_class( - class_name='%s.Paginator.%s' % ( - self._client.__class__.__name__, paginator_name)) + class_name=f'{self._client.__class__.__name__}.Paginator.{paginator_name}' + ) section.style.start_codeblock() section.style.new_line() # Document how to instantiate the paginator. section.write( - 'paginator = client.get_paginator(\'%s\')' % xform_name( - paginator_name) + f'paginator = client.get_paginator(\'{xform_name(paginator_name)}\')' ) section.style.end_codeblock() section.style.new_line() # Get the pagination model for the particular paginator. paginator_config = self._service_paginator_model.get_paginator( - paginator_name) + paginator_name + ) document_paginate_method( section=section, paginator_name=paginator_name, event_emitter=self._client.meta.events, service_model=self._client.meta.service_model, - paginator_config=paginator_config + paginator_config=paginator_config, ) -def document_paginate_method(section, paginator_name, event_emitter, - service_model, paginator_config, - include_signature=True): +def document_paginate_method( + section, + paginator_name, + event_emitter, + service_model, + paginator_config, + include_signature=True, +): """Documents the paginate method of a paginator :param section: The section to write to @@ -91,8 +97,7 @@ def document_paginate_method(section, pa It is useful for generating docstrings. """ # Retrieve the operation model of the underlying operation. - operation_model = service_model.operation_model( - paginator_name) + operation_model = service_model.operation_model(paginator_name) # Add representations of the request and response parameters # we want to include in the description of the paginate method. @@ -100,40 +105,52 @@ def document_paginate_method(section, pa pagination_config_members = OrderedDict() pagination_config_members['MaxItems'] = DocumentedShape( - name='MaxItems', type_name='integer', + name='MaxItems', + type_name='integer', documentation=( '

    The total number of items to return. If the total ' 'number of items available is more than the value ' 'specified in max-items then a NextToken ' 'will be provided in the output that you can use to ' - 'resume pagination.

    ')) + 'resume pagination.

    ' + ), + ) if paginator_config.get('limit_key', None): pagination_config_members['PageSize'] = DocumentedShape( - name='PageSize', type_name='integer', - documentation='

    The size of each page.

    ') + name='PageSize', + type_name='integer', + documentation='

    The size of each page.

    ', + ) pagination_config_members['StartingToken'] = DocumentedShape( - name='StartingToken', type_name='string', + name='StartingToken', + type_name='string', documentation=( '

    A token to specify where to start paginating. ' 'This is the NextToken from a previous ' - 'response.

    ')) + 'response.

    ' + ), + ) botocore_pagination_params = [ DocumentedShape( - name='PaginationConfig', type_name='structure', + name='PaginationConfig', + type_name='structure', documentation=( '

    A dictionary that provides parameters to control ' - 'pagination.

    '), - members=pagination_config_members) + 'pagination.

    ' + ), + members=pagination_config_members, + ) ] botocore_pagination_response_params = [ DocumentedShape( - name='NextToken', type_name='string', - documentation=( - '

    A token to resume pagination.

    ')) + name='NextToken', + type_name='string', + documentation=('

    A token to resume pagination.

    '), + ) ] service_pagination_params = [] @@ -152,20 +169,21 @@ def document_paginate_method(section, pa # Hide the output tokens in the documentation. service_pagination_response_params = [] if isinstance(paginator_config['output_token'], list): - service_pagination_response_params += paginator_config[ - 'output_token'] + service_pagination_response_params += paginator_config['output_token'] else: - service_pagination_response_params.append(paginator_config[ - 'output_token']) + service_pagination_response_params.append( + paginator_config['output_token'] + ) paginate_description = ( 'Creates an iterator that will paginate through responses ' - 'from :py:meth:`{0}.Client.{1}`.'.format( - get_service_module_name(service_model), xform_name(paginator_name)) + f'from :py:meth:`{get_service_module_name(service_model)}.Client.{xform_name(paginator_name)}`.' ) document_model_driven_method( - section, 'paginate', operation_model, + section, + 'paginate', + operation_model, event_emitter=event_emitter, method_description=paginate_description, example_prefix='response_iterator = paginator.paginate', @@ -173,5 +191,5 @@ def document_paginate_method(section, pa include_output=botocore_pagination_response_params, exclude_input=service_pagination_params, exclude_output=service_pagination_response_params, - include_signature=include_signature + include_signature=include_signature, ) diff -pruN 2.23.6-1/awscli/botocore/docs/params.py 2.31.35-1/awscli/botocore/docs/params.py --- 2.23.6-1/awscli/botocore/docs/params.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/params.py 2025-11-12 19:17:29.000000000 +0000 @@ -32,53 +32,77 @@ class BaseParamsDocumenter(ShapeDocument """ history = [] self.traverse_and_document_shape( - section=section, shape=shape, history=history, - name=None, include=include, exclude=exclude) + section=section, + shape=shape, + history=history, + name=None, + include=include, + exclude=exclude, + ) def document_recursive_shape(self, section, shape, **kwargs): self._add_member_documentation(section, shape, **kwargs) - def document_shape_default(self, section, shape, history, include=None, - exclude=None, **kwargs): + def document_shape_default( + self, section, shape, history, include=None, exclude=None, **kwargs + ): self._add_member_documentation(section, shape, **kwargs) - def document_shape_type_list(self, section, shape, history, include=None, - exclude=None, **kwargs): + def document_shape_type_list( + self, section, shape, history, include=None, exclude=None, **kwargs + ): self._add_member_documentation(section, shape, **kwargs) param_shape = shape.member param_section = section.add_new_section( - param_shape.name, context={'shape': shape.member.name}) + param_shape.name, context={'shape': shape.member.name} + ) self._start_nested_param(param_section) self.traverse_and_document_shape( - section=param_section, shape=param_shape, - history=history, name=None) + section=param_section, + shape=param_shape, + history=history, + name=None, + ) section = section.add_new_section('end-list') self._end_nested_param(section) - def document_shape_type_map(self, section, shape, history, include=None, - exclude=None, **kwargs): + def document_shape_type_map( + self, section, shape, history, include=None, exclude=None, **kwargs + ): self._add_member_documentation(section, shape, **kwargs) key_section = section.add_new_section( - 'key', context={'shape': shape.key.name}) + 'key', context={'shape': shape.key.name} + ) self._start_nested_param(key_section) self._add_member_documentation(key_section, shape.key) param_section = section.add_new_section( - shape.value.name, context={'shape': shape.value.name}) + shape.value.name, context={'shape': shape.value.name} + ) param_section.style.indent() self._start_nested_param(param_section) self.traverse_and_document_shape( - section=param_section, shape=shape.value, - history=history, name=None) + section=param_section, + shape=shape.value, + history=history, + name=None, + ) end_section = section.add_new_section('end-map') self._end_nested_param(end_section) self._end_nested_param(end_section) - def document_shape_type_structure(self, section, shape, history, - include=None, exclude=None, - name=None, **kwargs): + def document_shape_type_structure( + self, + section, + shape, + history, + include=None, + exclude=None, + name=None, + **kwargs, + ): members = self._add_members_to_shape(shape.members, include) self._add_member_documentation(section, shape, name=name) for param in members: @@ -86,11 +110,15 @@ class BaseParamsDocumenter(ShapeDocument continue param_shape = members[param] param_section = section.add_new_section( - param, context={'shape': param_shape.name}) + param, context={'shape': param_shape.name} + ) self._start_nested_param(param_section) self.traverse_and_document_shape( - section=param_section, shape=param_shape, - history=history, name=param) + section=param_section, + shape=param_shape, + history=history, + name=param, + ) section = section.add_new_section('end-structure') self._end_nested_param(section) @@ -134,7 +162,7 @@ class ResponseParamsDocumenter(BaseParam name_section = section.add_new_section('param-name') name_section.write('- ') if name is not None: - name_section.style.bold('%s ' % name) + name_section.style.bold(f'{name} ') type_section = section.add_new_section('param-type') self._document_non_top_level_param_type(type_section, shape) @@ -156,18 +184,21 @@ class ResponseParamsDocumenter(BaseParam ' as follows' ) tagged_union_members_str = ', '.join( - ['``%s``' % key for key in shape.members.keys()] + [f'``{key}``' for key in shape.members.keys()] + ) + unknown_code_example = ( + '\'SDK_UNKNOWN_MEMBER\': ' + '{\'name\': \'UnknownMemberName\'}' ) - unknown_code_example = ('\'SDK_UNKNOWN_MEMBER\': ' - '{\'name\': \'UnknownMemberName\'}') tagged_union_docs.write(note % (tagged_union_members_str)) example = section.add_new_section('param-unknown-example') example.style.codeblock(unknown_code_example) documentation_section.include_doc_string(shape.documentation) section.style.new_paragraph() - def document_shape_type_event_stream(self, section, shape, history, - **kwargs): + def document_shape_type_event_stream( + self, section, shape, history, **kwargs + ): self.document_shape_type_structure(section, shape, history, **kwargs) @@ -176,8 +207,9 @@ class RequestParamsDocumenter(BaseParams EVENT_NAME = 'request-params' - def document_shape_type_structure(self, section, shape, history, - include=None, exclude=None, **kwargs): + def document_shape_type_structure( + self, section, shape, history, include=None, exclude=None, **kwargs + ): if len(history) > 1: self._add_member_documentation(section, shape, **kwargs) section.style.indent() @@ -187,36 +219,47 @@ class RequestParamsDocumenter(BaseParams continue param_shape = members[param] param_section = section.add_new_section( - param, context={'shape': param_shape.name}) + param, context={'shape': param_shape.name} + ) param_section.style.new_line() is_required = param in shape.required_members self.traverse_and_document_shape( - section=param_section, shape=param_shape, - history=history, name=param, is_required=is_required) + section=param_section, + shape=param_shape, + history=history, + name=param, + is_required=is_required, + ) section = section.add_new_section('end-structure') if len(history) > 1: section.style.dedent() section.style.new_line() - def _add_member_documentation(self, section, shape, name=None, - is_top_level_param=False, is_required=False, - **kwargs): + def _add_member_documentation( + self, + section, + shape, + name=None, + is_top_level_param=False, + is_required=False, + **kwargs, + ): py_type = self._get_special_py_type_name(shape) if py_type is None: py_type = py_type_name(shape.type_name) if is_top_level_param: type_section = section.add_new_section('param-type') - type_section.write(':type %s: %s' % (name, py_type)) + type_section.write(f':type {name}: {py_type}') end_type_section = type_section.add_new_section('end-param-type') end_type_section.style.new_line() name_section = section.add_new_section('param-name') - name_section.write(':param %s: ' % name) + name_section.write(f':param {name}: ') else: name_section = section.add_new_section('param-name') name_section.write('- ') if name is not None: - name_section.style.bold('%s ' % name) + name_section.style.bold(f'{name} ') type_section = section.add_new_section('param-type') self._document_non_top_level_param_type(type_section, shape) @@ -226,7 +269,8 @@ class RequestParamsDocumenter(BaseParams is_required_section.style.bold('[REQUIRED] ') if shape.documentation: documentation_section = section.add_new_section( - 'param-documentation') + 'param-documentation' + ) documentation_section.style.indent() if getattr(shape, 'is_tagged_union', False): tagged_union_docs = section.add_new_section( @@ -238,7 +282,7 @@ class RequestParamsDocumenter(BaseParams ' following top level keys can be set: %s. ' ) tagged_union_members_str = ', '.join( - ['``%s``' % key for key in shape.members.keys()] + [f'``{key}``' for key in shape.members.keys()] ) tagged_union_docs.write(note % (tagged_union_members_str)) documentation_section.include_doc_string(shape.documentation) diff -pruN 2.23.6-1/awscli/botocore/docs/service.py 2.31.35-1/awscli/botocore/docs/service.py --- 2.23.6-1/awscli/botocore/docs/service.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/service.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,14 +18,17 @@ from botocore.docs.waiter import WaiterD from botocore.exceptions import DataNotFoundError -class ServiceDocumenter(object): +class ServiceDocumenter: def __init__(self, service_name, session): self._session = session self._service_name = service_name self._client = self._session.create_client( - service_name, region_name='us-east-1', aws_access_key_id='foo', - aws_secret_access_key='bar') + service_name, + region_name='us-east-1', + aws_access_key_id='foo', + aws_secret_access_key='bar', + ) self._event_emitter = self._client.meta.events self.sections = [ @@ -34,7 +37,7 @@ class ServiceDocumenter(object): 'client-api', 'client-exceptions', 'paginator-api', - 'waiter-api' + 'waiter-api', ] def document_service(self): @@ -43,8 +46,8 @@ class ServiceDocumenter(object): :returns: The reStructured text of the documented service. """ doc_structure = DocumentStructure( - self._service_name, section_names=self.sections, - target='html') + self._service_name, section_names=self.sections, target='html' + ) self.title(doc_structure.get_section('title')) self.table_of_contents(doc_structure.get_section('table-of-contents')) self.client_api(doc_structure.get_section('client-api')) @@ -57,8 +60,7 @@ class ServiceDocumenter(object): section.style.h1(self._client.__class__.__name__) service_id = self._client.meta.service_model.service_id.hyphenize() self._event_emitter.emit( - 'docs.%s.%s' % ('title', service_id), - section=section + 'docs.{}.{}'.format('title', service_id), section=section ) def table_of_contents(self, section): @@ -79,23 +81,26 @@ class ServiceDocumenter(object): def paginator_api(self, section): try: service_paginator_model = self._session.get_paginator_model( - self._service_name) + self._service_name + ) except DataNotFoundError: return paginator_documenter = PaginatorDocumenter( - self._client, service_paginator_model) + self._client, service_paginator_model + ) paginator_documenter.document_paginators(section) def waiter_api(self, section): if self._client.waiter_names: service_waiter_model = self._session.get_waiter_model( - self._service_name) + self._service_name + ) waiter_documenter = WaiterDocumenter( - self._client, service_waiter_model) + self._client, service_waiter_model + ) waiter_documenter.document_waiters(section) def get_examples(self, service_name): loader = self._session.get_component('data_loader') - examples = loader.load_service_model( - service_name, 'examples-1') + examples = loader.load_service_model(service_name, 'examples-1') return examples['examples'] diff -pruN 2.23.6-1/awscli/botocore/docs/shape.py 2.31.35-1/awscli/botocore/docs/shape.py --- 2.23.6-1/awscli/botocore/docs/shape.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/shape.py 2025-11-12 19:17:29.000000000 +0000 @@ -19,23 +19,29 @@ from botocore.utils import is_json_value_header -class ShapeDocumenter(object): +class ShapeDocumenter: EVENT_NAME = '' - def __init__(self, service_id, operation_name, event_emitter, - context=None): + def __init__( + self, service_id, operation_name, event_emitter, context=None + ): self._service_id = service_id self._operation_name = operation_name self._event_emitter = event_emitter self._context = context if context is None: - self._context = { - 'special_shape_types': {} - } - - def traverse_and_document_shape(self, section, shape, history, - include=None, exclude=None, name=None, - is_required=False): + self._context = {'special_shape_types': {}} + + def traverse_and_document_shape( + self, + section, + shape, + history, + include=None, + exclude=None, + name=None, + is_required=False, + ): """Traverses and documents a shape Will take a self class and call its appropriate methods as a shape @@ -65,29 +71,34 @@ class ShapeDocumenter(object): self.document_recursive_shape(section, shape, name=name) else: history.append(shape.name) - is_top_level_param = (len(history) == 2) + is_top_level_param = len(history) == 2 if hasattr(shape, 'is_document_type') and shape.is_document_type: param_type = 'document' - getattr(self, 'document_shape_type_%s' % param_type, - self.document_shape_default)( - section, shape, history=history, name=name, - include=include, exclude=exclude, - is_top_level_param=is_top_level_param, - is_required=is_required) + getattr( + self, + f'document_shape_type_{param_type}', + self.document_shape_default, + )( + section, + shape, + history=history, + name=name, + include=include, + exclude=exclude, + is_top_level_param=is_top_level_param, + is_required=is_required, + ) if is_top_level_param: self._event_emitter.emit( - 'docs.%s.%s.%s.%s' % (self.EVENT_NAME, - self._service_id, - self._operation_name, - name), - section=section) - at_overlying_method_section = (len(history) == 1) + f'docs.{self.EVENT_NAME}.{self._service_id}.{self._operation_name}.{name}', + section=section, + ) + at_overlying_method_section = len(history) == 1 if at_overlying_method_section: self._event_emitter.emit( - 'docs.%s.%s.%s.complete-section' % (self.EVENT_NAME, - self._service_id, - self._operation_name), - section=section) + f'docs.{self.EVENT_NAME}.{self._service_id}.{self._operation_name}.complete-section', + section=section, + ) history.pop() def _get_special_py_default(self, shape): @@ -116,7 +127,8 @@ class ShapeDocumenter(object): if hasattr(shape, 'is_document_type') and shape.is_document_type: return special_type_map['document_type'] for special_type, marked_shape in self._context[ - 'special_shape_types'].items(): + 'special_shape_types' + ].items(): if special_type in special_type_map: if shape == marked_shape: return special_type_map[special_type] diff -pruN 2.23.6-1/awscli/botocore/docs/sharedexample.py 2.31.35-1/awscli/botocore/docs/sharedexample.py --- 2.23.6-1/awscli/botocore/docs/sharedexample.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/sharedexample.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,9 +17,10 @@ from botocore.docs.utils import escape_c from botocore.utils import parse_timestamp -class SharedExampleDocumenter(object): - def document_shared_example(self, example, prefix, section, - operation_model): +class SharedExampleDocumenter: + def document_shared_example( + self, example, prefix, section, operation_model + ): """Documents a single shared example based on its definition. :param example: The model of the example @@ -33,8 +34,9 @@ class SharedExampleDocumenter(object): section.style.new_paragraph() section.write(example.get('description')) section.style.new_line() - self.document_input(section, example, prefix, - operation_model.input_shape) + self.document_input( + section, example, prefix, operation_model.input_shape + ) self.document_output(section, example, operation_model.output_shape) def document_input(self, section, example, prefix, shape): @@ -96,19 +98,20 @@ class SharedExampleDocumenter(object): else: self._document_str(section, value, path) - def _document_dict(self, section, value, comments, path, shape, - top_level=False): + def _document_dict( + self, section, value, comments, path, shape, top_level=False + ): dict_section = section.add_new_section('dict-value') self._start_nested_value(dict_section, '{') for key, val in value.items(): - path.append('.%s' % key) + path.append(f'.{key}') item_section = dict_section.add_new_section(key) item_section.style.new_line() item_comment = self._get_comment(path, comments) if item_comment: item_section.write(item_comment) item_section.style.new_line() - item_section.write("'%s': " % key) + item_section.write(f"'{key}': ") # Shape could be none if there is no output besides ResponseMetadata item_shape = None @@ -128,7 +131,7 @@ class SharedExampleDocumenter(object): param_section = section.add_new_section('param-values') self._start_nested_value(param_section, '(') for key, val in value.items(): - path.append('.%s' % key) + path.append(f'.{key}') item_section = param_section.add_new_section(key) item_section.style.new_line() item_comment = self._get_comment(path, comments) @@ -153,7 +156,7 @@ class SharedExampleDocumenter(object): for index, val in enumerate(value): item_section = list_section.add_new_section(index) item_section.style.new_line() - path.append('[%s]' % index) + path.append(f'[{index}]') item_comment = self._get_comment(path, comments) if item_comment: item_section.write(item_comment) @@ -167,17 +170,17 @@ class SharedExampleDocumenter(object): # We do the string conversion because this might accept a type that # we don't specifically address. safe_value = escape_controls(value) - section.write(u"'%s'," % str(safe_value)) + section.write(f"'{str(safe_value)}',") def _document_number(self, section, value, path): - section.write("%s," % str(value)) + section.write(f"{str(value)},") def _document_datetime(self, section, value, path): datetime_tuple = parse_timestamp(value).timetuple() datetime_str = str(datetime_tuple[0]) for i in range(1, len(datetime_tuple)): datetime_str += ", " + str(datetime_tuple[i]) - section.write("datetime(%s)," % datetime_str) + section.write(f"datetime({datetime_str}),") def _get_comment(self, path, comments): key = re.sub(r'^\.', '', ''.join(path)) @@ -198,8 +201,9 @@ class SharedExampleDocumenter(object): section.write(end) -def document_shared_examples(section, operation_model, example_prefix, - shared_examples): +def document_shared_examples( + section, operation_model, example_prefix, shared_examples +): """Documents the shared examples :param section: The section to write to. @@ -219,5 +223,5 @@ def document_shared_examples(section, op example=example, section=container_section.add_new_section(example['id']), prefix=example_prefix, - operation_model=operation_model + operation_model=operation_model, ) diff -pruN 2.23.6-1/awscli/botocore/docs/utils.py 2.31.35-1/awscli/botocore/docs/utils.py --- 2.23.6-1/awscli/botocore/docs/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -73,31 +73,53 @@ def get_official_service_name(service_mo if short_name.startswith('AWS'): short_name = short_name[4:] if short_name and short_name.lower() not in official_name.lower(): - official_name += ' ({0})'.format(short_name) + official_name += f' ({short_name})' return official_name _DocumentedShape = namedtuple( - 'DocumentedShape', ['name', 'type_name', 'documentation', 'metadata', - 'members', 'required_members']) + 'DocumentedShape', + [ + 'name', + 'type_name', + 'documentation', + 'metadata', + 'members', + 'required_members', + ], +) -class DocumentedShape (_DocumentedShape): +class DocumentedShape(_DocumentedShape): """Use this class to inject new shapes into a model for documentation""" - def __new__(cls, name, type_name, documentation, metadata=None, - members=None, required_members=None): + + def __new__( + cls, + name, + type_name, + documentation, + metadata=None, + members=None, + required_members=None, + ): if metadata is None: metadata = [] if members is None: members = [] if required_members is None: required_members = [] - return super(DocumentedShape, cls).__new__( - cls, name, type_name, documentation, metadata, members, - required_members) + return super().__new__( + cls, + name, + type_name, + documentation, + metadata, + members, + required_members, + ) -class AutoPopulatedParam(object): +class AutoPopulatedParam: def __init__(self, name, param_description=None): self.name = name self.param_description = param_description @@ -105,7 +127,8 @@ class AutoPopulatedParam(object): self.param_description = ( 'Please note that this parameter is automatically populated ' 'if it is not provided. Including this parameter is not ' - 'required\n') + 'required\n' + ) def document_auto_populated_param(self, event_name, section, **kwargs): """Documents auto populated parameters @@ -120,7 +143,8 @@ class AutoPopulatedParam(object): if 'is-required' in section.available_sections: section.delete_section('is-required') description_section = section.get_section( - 'param-documentation') + 'param-documentation' + ) description_section.writeln(self.param_description) elif event_name.startswith('docs.request-example'): section = section.get_section('structure-value') @@ -128,13 +152,14 @@ class AutoPopulatedParam(object): section.delete_section(self.name) -class HideParamFromOperations(object): +class HideParamFromOperations: """Hides a single parameter from multiple operations. This method will remove a parameter from documentation and from examples. This method is typically used for things that are automatically populated because a user would be unable to provide a value (e.g., a checksum of a serialized XML request body).""" + def __init__(self, service_name, parameter_name, operation_names): """ :type service_name: str @@ -166,8 +191,9 @@ class HideParamFromOperations(object): section.delete_section(self._parameter_name) -class AppendParamDocumentation(object): +class AppendParamDocumentation: """Appends documentation to a specific parameter""" + def __init__(self, parameter_name, doc_string): self._parameter_name = parameter_name self._doc_string = doc_string @@ -175,8 +201,7 @@ class AppendParamDocumentation(object): def append_documentation(self, event_name, section, **kwargs): if self._parameter_name in section.available_sections: section = section.get_section(self._parameter_name) - description_section = section.get_section( - 'param-documentation') + description_section = section.get_section('param-documentation') description_section.writeln(self._doc_string) @@ -189,8 +214,11 @@ _CONTROLS = { } # Combines all CONTROLS keys into a big or regular expression _ESCAPE_CONTROLS_RE = re.compile('|'.join(map(re.escape, _CONTROLS))) + + # Based on the match get the appropriate replacement from CONTROLS -_CONTROLS_MATCH_HANDLER = lambda match: _CONTROLS[match.group(0)] +def _CONTROLS_MATCH_HANDLER(match): + return _CONTROLS[match.group(0)] def escape_controls(value): diff -pruN 2.23.6-1/awscli/botocore/docs/waiter.py 2.31.35-1/awscli/botocore/docs/waiter.py --- 2.23.6-1/awscli/botocore/docs/waiter.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/docs/waiter.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,7 +17,7 @@ from botocore.docs.utils import Document from botocore.utils import get_service_module_name -class WaiterDocumenter(object): +class WaiterDocumenter: def __init__(self, client, service_waiter_model): self._client = client self._service_name = self._client.meta.service_model.service_name @@ -33,21 +33,21 @@ class WaiterDocumenter(object): section.writeln('The available waiters are:') for waiter_name in self._service_waiter_model.waiter_names: section.style.li( - ':py:class:`%s.Waiter.%s`' % ( - self._client.__class__.__name__, waiter_name)) + f':py:class:`{self._client.__class__.__name__}.Waiter.{waiter_name}`' + ) self._add_single_waiter(section, waiter_name) def _add_single_waiter(self, section, waiter_name): section = section.add_new_section(waiter_name) section.style.start_sphinx_py_class( - class_name='%s.Waiter.%s' % ( - self._client.__class__.__name__, waiter_name)) + class_name=f'{self._client.__class__.__name__}.Waiter.{waiter_name}' + ) # Add example on how to instantiate waiter. section.style.start_codeblock() section.style.new_line() section.write( - 'waiter = client.get_waiter(\'%s\')' % xform_name(waiter_name) + f'waiter = client.get_waiter(\'{xform_name(waiter_name)}\')' ) section.style.end_codeblock() @@ -58,13 +58,18 @@ class WaiterDocumenter(object): waiter_name=waiter_name, event_emitter=self._client.meta.events, service_model=self._client.meta.service_model, - service_waiter_model=self._service_waiter_model + service_waiter_model=self._service_waiter_model, ) -def document_wait_method(section, waiter_name, event_emitter, - service_model, service_waiter_model, - include_signature=True): +def document_wait_method( + section, + waiter_name, + event_emitter, + service_model, + service_waiter_model, + include_signature=True, +): """Documents a the wait method of a waiter :param section: The section to write to @@ -81,47 +86,54 @@ def document_wait_method(section, waiter It is useful for generating docstrings. """ waiter_model = service_waiter_model.get_waiter(waiter_name) - operation_model = service_model.operation_model( - waiter_model.operation) + operation_model = service_model.operation_model(waiter_model.operation) waiter_config_members = OrderedDict() waiter_config_members['Delay'] = DocumentedShape( - name='Delay', type_name='integer', + name='Delay', + type_name='integer', documentation=( '

    The amount of time in seconds to wait between ' - 'attempts. Default: {0}

    '.format(waiter_model.delay))) + f'attempts. Default: {waiter_model.delay}

    ' + ), + ) waiter_config_members['MaxAttempts'] = DocumentedShape( - name='MaxAttempts', type_name='integer', + name='MaxAttempts', + type_name='integer', documentation=( '

    The maximum number of attempts to be made. ' - 'Default: {0}

    '.format(waiter_model.max_attempts))) + f'Default: {waiter_model.max_attempts}

    ' + ), + ) botocore_waiter_params = [ DocumentedShape( - name='WaiterConfig', type_name='structure', + name='WaiterConfig', + type_name='structure', documentation=( '

    A dictionary that provides parameters to control ' - 'waiting behavior.

    '), - members=waiter_config_members) + 'waiting behavior.

    ' + ), + members=waiter_config_members, + ) ] wait_description = ( - 'Polls :py:meth:`{0}.Client.{1}` every {2} ' + f'Polls :py:meth:`{get_service_module_name(service_model)}.Client.{xform_name(waiter_model.operation)}` every {waiter_model.delay} ' 'seconds until a successful state is reached. An error is ' - 'returned after {3} failed checks.'.format( - get_service_module_name(service_model), - xform_name(waiter_model.operation), - waiter_model.delay, waiter_model.max_attempts) + f'returned after {waiter_model.max_attempts} failed checks.' ) document_model_driven_method( - section, 'wait', operation_model, + section, + 'wait', + operation_model, event_emitter=event_emitter, method_description=wait_description, example_prefix='waiter.wait', include_input=botocore_waiter_params, document_output=False, - include_signature=include_signature + include_signature=include_signature, ) diff -pruN 2.23.6-1/awscli/botocore/endpoint.py 2.31.35-1/awscli/botocore/endpoint.py --- 2.23.6-1/awscli/botocore/endpoint.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/endpoint.py 2025-11-12 19:17:29.000000000 +0000 @@ -58,7 +58,7 @@ def convert_to_response_dict(http_respon 'status_code': http_response.status_code, 'context': { 'operation_name': operation_model.name, - } + }, } if response_dict['status_code'] >= 300: response_dict['body'] = http_response.content @@ -72,7 +72,7 @@ def convert_to_response_dict(http_respon return response_dict -class Endpoint(object): +class Endpoint: """ Represents an endpoint for a particular service in a specific region. Only an endpoint can make requests. @@ -82,8 +82,15 @@ class Endpoint(object): :ivar host: The fully qualified endpoint hostname. :ivar session: The session object. """ - def __init__(self, host, endpoint_prefix, event_emitter, - response_parser_factory=None, http_session=None): + + def __init__( + self, + host, + endpoint_prefix, + event_emitter, + response_parser_factory=None, + http_session=None, + ): self._endpoint_prefix = endpoint_prefix self._event_emitter = event_emitter self.host = host @@ -96,26 +103,32 @@ class Endpoint(object): self.http_session = URLLib3Session() def __repr__(self): - return '%s(%s)' % (self._endpoint_prefix, self.host) + return f'{self._endpoint_prefix}({self.host})' def make_request(self, operation_model, request_dict): - logger.debug("Making request for %s with params: %s", - operation_model, request_dict) + logger.debug( + "Making request for %s with params: %s", + operation_model, + request_dict, + ) return self._send_request(request_dict, operation_model) def create_request(self, params, operation_model=None): request = create_request_object(params) if operation_model: - request.stream_output = any([ - operation_model.has_streaming_output, - operation_model.has_event_stream_output - ]) + request.stream_output = any( + [ + operation_model.has_streaming_output, + operation_model.has_event_stream_output, + ] + ) service_id = operation_model.service_model.service_id.hyphenize() - event_name = 'request-created.{service_id}.{op_name}'.format( - service_id=service_id, - op_name=operation_model.name) - self._event_emitter.emit(event_name, request=request, - operation_name=operation_model.name) + event_name = f'request-created.{service_id}.{operation_model.name}' + self._event_emitter.emit( + event_name, + request=request, + operation_name=operation_model.name, + ) prepared_request = self.prepare_request(request) return prepared_request @@ -134,9 +147,15 @@ class Endpoint(object): request = self.create_request(request_dict, operation_model) context = request_dict['context'] success_response, exception = self._get_response( - request, operation_model, context) - while self._needs_retry(attempts, operation_model, request_dict, - success_response, exception): + request, operation_model, context + ) + while self._needs_retry( + attempts, + operation_model, + request_dict, + success_response, + exception, + ): attempts += 1 # If there is a stream associated with the request, we need # to reset it before attempting to send the request again. @@ -144,16 +163,19 @@ class Endpoint(object): # body. request.reset_stream() # Create a new request when retried (including a new signature). - request = self.create_request( - request_dict, operation_model) + request = self.create_request(request_dict, operation_model) success_response, exception = self._get_response( - request, operation_model, context) - if success_response is not None and \ - 'ResponseMetadata' in success_response[1]: + request, operation_model, context + ) + if ( + success_response is not None + and 'ResponseMetadata' in success_response[1] + ): # We want to share num retries, not num attempts. total_retries = attempts - 1 - success_response[1]['ResponseMetadata']['RetryAttempts'] = \ - total_retries + success_response[1]['ResponseMetadata']['RetryAttempts'] = ( + total_retries + ) if exception is not None: raise exception else: @@ -166,7 +188,8 @@ class Endpoint(object): # If an exception occurs then the success_response is None. # If no exception occurs then exception is None. success_response, exception = self._do_get_response( - request, operation_model, context) + request, operation_model, context + ) kwargs_to_emit = { 'response_dict': None, 'parsed_response': None, @@ -177,25 +200,30 @@ class Endpoint(object): http_response, parsed_response = success_response kwargs_to_emit['parsed_response'] = parsed_response kwargs_to_emit['response_dict'] = convert_to_response_dict( - http_response, operation_model) + http_response, operation_model + ) service_id = operation_model.service_model.service_id.hyphenize() self._event_emitter.emit( - 'response-received.%s.%s' % ( - service_id, operation_model.name), **kwargs_to_emit) + f'response-received.{service_id}.{operation_model.name}', + **kwargs_to_emit, + ) return success_response, exception def _do_get_response(self, request, operation_model, context): try: logger.debug("Sending http request: %s", request) - history_recorder.record('HTTP_REQUEST', { - 'method': request.method, - 'headers': request.headers, - 'streaming': operation_model.has_streaming_input, - 'url': request.url, - 'body': request.body - }) + history_recorder.record( + 'HTTP_REQUEST', + { + 'method': request.method, + 'headers': request.headers, + 'streaming': operation_model.has_streaming_input, + 'url': request.url, + 'body': request.body, + }, + ) service_id = operation_model.service_model.service_id.hyphenize() - event_name = 'before-send.%s.%s' % (service_id, operation_model.name) + event_name = f'before-send.{service_id}.{operation_model.name}' responses = self._event_emitter.emit(event_name, request=request) http_response = first_non_none_response(responses) if http_response is None: @@ -203,21 +231,28 @@ class Endpoint(object): except HTTPClientError as e: return (None, e) except Exception as e: - logger.debug("Exception received when sending HTTP request.", - exc_info=True) + logger.debug( + "Exception received when sending HTTP request.", exc_info=True + ) return (None, e) # This returns the http_response and the parsed_data. - response_dict = convert_to_response_dict(http_response, operation_model) + response_dict = convert_to_response_dict( + http_response, operation_model + ) handle_checksum_body( - http_response, response_dict, context, operation_model, + http_response, + response_dict, + context, + operation_model, ) http_response_record_dict = response_dict.copy() - http_response_record_dict['streaming'] = \ + http_response_record_dict['streaming'] = ( operation_model.has_streaming_output + ) history_recorder.record('HTTP_RESPONSE', http_response_record_dict) - protocol = operation_model.metadata['protocol'] + protocol = operation_model.service_model.resolved_protocol customized_response_dict = {} self._event_emitter.emit( f"before-parse.{service_id}.{operation_model.name}", @@ -227,7 +262,8 @@ class Endpoint(object): ) parser = self._response_parser_factory.create_parser(protocol) parsed_response = parser.parse( - response_dict, operation_model.output_shape) + response_dict, operation_model.output_shape + ) parsed_response.update(customized_response_dict) # Do a second parsing pass to pick up on any modeled error fields # NOTE: Ideally, we would push this down into the parser classes but @@ -236,15 +272,20 @@ class Endpoint(object): # output shape but we can't change that now if http_response.status_code >= 300: self._add_modeled_error_fields( - response_dict, parsed_response, - operation_model, parser, + response_dict, + parsed_response, + operation_model, + parser, ) history_recorder.record('PARSED_RESPONSE', parsed_response) return (http_response, parsed_response), None def _add_modeled_error_fields( - self, response_dict, parsed_response, - operation_model, parser, + self, + response_dict, + parsed_response, + operation_model, + parser, ): error_code = parsed_response.get("Error", {}).get("Code") if error_code is None: @@ -257,24 +298,35 @@ class Endpoint(object): # TODO: avoid naming conflicts with ResponseMetadata and Error parsed_response.update(modeled_parse) - def _needs_retry(self, attempts, operation_model, request_dict, - response=None, caught_exception=None): + def _needs_retry( + self, + attempts, + operation_model, + request_dict, + response=None, + caught_exception=None, + ): service_id = operation_model.service_model.service_id.hyphenize() - event_name = 'needs-retry.%s.%s' % ( - service_id, - operation_model.name) + event_name = f'needs-retry.{service_id}.{operation_model.name}' responses = self._event_emitter.emit( - event_name, response=response, endpoint=self, - operation=operation_model, attempts=attempts, - caught_exception=caught_exception, request_dict=request_dict) + event_name, + response=response, + endpoint=self, + operation=operation_model, + attempts=attempts, + caught_exception=caught_exception, + request_dict=request_dict, + ) handler_response = first_non_none_response(responses) if handler_response is None: return False else: # Request needs to be retried, and we need to sleep # for the specified number of times. - logger.debug("Response received to retry, sleeping for " - "%s seconds", handler_response) + logger.debug( + "Response received to retry, sleeping for " "%s seconds", + handler_response, + ) time.sleep(handler_response) return True @@ -282,24 +334,29 @@ class Endpoint(object): return self.http_session.send(request) -class EndpointCreator(object): +class EndpointCreator: def __init__(self, event_emitter): self._event_emitter = event_emitter - def create_endpoint(self, service_model, region_name, endpoint_url, - verify=None, response_parser_factory=None, - timeout=DEFAULT_TIMEOUT, - max_pool_connections=MAX_POOL_CONNECTIONS, - http_session_cls=URLLib3Session, - proxies=None, - socket_options=None, - client_cert=None, - proxies_config=None): - if ( - not is_valid_endpoint_url(endpoint_url) - and not is_valid_ipv6_endpoint_url(endpoint_url) - ): - raise ValueError("Invalid endpoint: %s" % endpoint_url) + def create_endpoint( + self, + service_model, + region_name, + endpoint_url, + verify=None, + response_parser_factory=None, + timeout=DEFAULT_TIMEOUT, + max_pool_connections=MAX_POOL_CONNECTIONS, + http_session_cls=URLLib3Session, + proxies=None, + socket_options=None, + client_cert=None, + proxies_config=None, + ): + if not is_valid_endpoint_url( + endpoint_url + ) and not is_valid_ipv6_endpoint_url(endpoint_url): + raise ValueError(f"Invalid endpoint: {endpoint_url}") if proxies is None: proxies = self._get_proxies(endpoint_url) @@ -313,7 +370,7 @@ class EndpointCreator(object): max_pool_connections=max_pool_connections, socket_options=socket_options, client_cert=client_cert, - proxies_config=proxies_config + proxies_config=proxies_config, ) return Endpoint( @@ -321,7 +378,7 @@ class EndpointCreator(object): endpoint_prefix=endpoint_prefix, event_emitter=self._event_emitter, response_parser_factory=response_parser_factory, - http_session=http_session + http_session=http_session, ) def _get_proxies(self, url): diff -pruN 2.23.6-1/awscli/botocore/endpoint_provider.py 2.31.35-1/awscli/botocore/endpoint_provider.py --- 2.23.6-1/awscli/botocore/endpoint_provider.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/endpoint_provider.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,7 +20,6 @@ go to any `endpoint-rule-set.json` file or you can look at the test files in /tests/unit/data/endpoints/valid-rules/ """ - import logging import re from enum import Enum @@ -550,7 +549,6 @@ class TreeRule(BaseRule): class RuleCreator: - endpoint = EndpointRule error = ErrorRule tree = TreeRule diff -pruN 2.23.6-1/awscli/botocore/errorfactory.py 2.31.35-1/awscli/botocore/errorfactory.py --- 2.23.6-1/awscli/botocore/errorfactory.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/errorfactory.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,7 @@ from botocore.exceptions import ClientEr from botocore.utils import get_service_module_name -class BaseClientExceptions(object): +class BaseClientExceptions: ClientError = ClientError def __init__(self, code_to_exception): @@ -45,15 +45,17 @@ class BaseClientExceptions(object): def __getattr__(self, name): exception_cls_names = [ - exception_cls.__name__ for exception_cls - in self._code_to_exception.values() + exception_cls.__name__ + for exception_cls in self._code_to_exception.values() ] raise AttributeError( - '%r object has no attribute %r. Valid exceptions are: %s' % ( - self, name, ', '.join(exception_cls_names))) + '{!r} object has no attribute {!r}. Valid exceptions are: {}'.format( + self, name, ', '.join(exception_cls_names) + ) + ) -class ClientExceptionsFactory(object): +class ClientExceptionsFactory: def __init__(self): self._client_exceptions_cache = {} @@ -84,5 +86,6 @@ class ClientExceptionsFactory(object): code_to_exception[code] = exception_cls cls_name = str(get_service_module_name(service_model) + 'Exceptions') client_exceptions_cls = type( - cls_name, (BaseClientExceptions,), cls_props) + cls_name, (BaseClientExceptions,), cls_props + ) return client_exceptions_cls(code_to_exception) diff -pruN 2.23.6-1/awscli/botocore/eventstream.py 2.31.35-1/awscli/botocore/eventstream.py --- 2.23.6-1/awscli/botocore/eventstream.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/eventstream.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,7 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -"""Binary Event Stream Decoding """ +"""Binary Event Stream Decoding""" from binascii import crc32 from struct import unpack @@ -20,46 +20,36 @@ from botocore.exceptions import EventStr # byte length of the prelude (total_length + header_length + prelude_crc) _PRELUDE_LENGTH = 12 _MAX_HEADERS_LENGTH = 128 * 1024 # 128 Kb -_MAX_PAYLOAD_LENGTH = 16 * 1024 ** 2 # 16 Mb class ParserError(Exception): - """Base binary flow encoding parsing exception. """ + """Base binary flow encoding parsing exception.""" + pass class DuplicateHeader(ParserError): - """Duplicate header found in the event. """ + """Duplicate header found in the event.""" + def __init__(self, header): - message = 'Duplicate header present: "%s"' % header - super(DuplicateHeader, self).__init__(message) + message = f'Duplicate header present: "{header}"' + super().__init__(message) class InvalidHeadersLength(ParserError): - """Headers length is longer than the maximum. """ - def __init__(self, length): - message = 'Header length of %s exceeded the maximum of %s' % ( - length, _MAX_HEADERS_LENGTH - ) - super(InvalidHeadersLength, self).__init__(message) + """Headers length is longer than the maximum.""" - -class InvalidPayloadLength(ParserError): - """Payload length is longer than the maximum. """ def __init__(self, length): - message = 'Payload length of %s exceeded the maximum of %s' % ( - length, _MAX_PAYLOAD_LENGTH - ) - super(InvalidPayloadLength, self).__init__(message) + message = f'Header length of {length} exceeded the maximum of {_MAX_HEADERS_LENGTH}' + super().__init__(message) class ChecksumMismatch(ParserError): - """Calculated checksum did not match the expected checksum. """ + """Calculated checksum did not match the expected checksum.""" + def __init__(self, expected, calculated): - message = 'Checksum mismatch: expected 0x%08x, calculated 0x%08x' % ( - expected, calculated - ) - super(ChecksumMismatch, self).__init__(message) + message = f'Checksum mismatch: expected 0x{expected:08x}, calculated 0x{calculated:08x}' + super().__init__(message) class NoInitialResponseError(ParserError): @@ -68,12 +58,13 @@ class NoInitialResponseError(ParserError This exception is raised when the event stream produced no events or the first event in the stream was not of the initial-response type. """ + def __init__(self): message = 'First event was not of the initial-response type' - super(NoInitialResponseError, self).__init__(message) + super().__init__(message) -class DecodeUtils(object): +class DecodeUtils: """Unpacking utility functions used in the decoder. All methods on this class take raw bytes and return a tuple containing @@ -250,7 +241,8 @@ class DecodeUtils(object): :returns: A tuple containing the (utf-8 string, bytes consumed). """ array_bytes, consumed = DecodeUtils.unpack_byte_array( - data, length_byte_size) + data, length_byte_size + ) return array_bytes.decode('utf-8'), consumed @staticmethod @@ -288,8 +280,9 @@ def _validate_checksum(data, checksum, c raise ChecksumMismatch(checksum, computed_checksum) -class MessagePrelude(object): - """Represents the prelude of an event stream message. """ +class MessagePrelude: + """Represents the prelude of an event stream message.""" + def __init__(self, total_length, headers_length, crc): self.total_length = total_length self.headers_length = headers_length @@ -329,8 +322,9 @@ class MessagePrelude(object): return _PRELUDE_LENGTH + self.headers_length -class EventStreamMessage(object): - """Represents an event stream message. """ +class EventStreamMessage: + """Represents an event stream message.""" + def __init__(self, prelude, headers, payload, crc): self.prelude = prelude self.headers = headers @@ -344,12 +338,12 @@ class EventStreamMessage(object): return { 'status_code': status_code, 'headers': self.headers, - 'body': self.payload + 'body': self.payload, } -class EventStreamHeaderParser(object): - """ Parses the event headers from an event stream message. +class EventStreamHeaderParser: + """Parses the event headers from an event stream message. Expects all of the header data upfront and creates a dictionary of headers to return. This object can be reused multiple times to parse the headers @@ -432,7 +426,7 @@ class EventStreamHeaderParser(object): self._data = self._data[consumed:] -class EventStreamBuffer(object): +class EventStreamBuffer: """Streaming based event stream buffer A buffer class that wraps bytes from an event stream providing parsed @@ -456,36 +450,35 @@ class EventStreamBuffer(object): if prelude.headers_length > _MAX_HEADERS_LENGTH: raise InvalidHeadersLength(prelude.headers_length) - if prelude.payload_length > _MAX_PAYLOAD_LENGTH: - raise InvalidPayloadLength(prelude.payload_length) - def _parse_prelude(self): prelude_bytes = self._data[:_PRELUDE_LENGTH] raw_prelude, _ = DecodeUtils.unpack_prelude(prelude_bytes) prelude = MessagePrelude(*raw_prelude) - self._validate_prelude(prelude) # The minus 4 removes the prelude crc from the bytes to be checked - _validate_checksum(prelude_bytes[:_PRELUDE_LENGTH-4], prelude.crc) + _validate_checksum(prelude_bytes[: _PRELUDE_LENGTH - 4], prelude.crc) + self._validate_prelude(prelude) return prelude def _parse_headers(self): - header_bytes = self._data[_PRELUDE_LENGTH:self._prelude.headers_end] + header_bytes = self._data[_PRELUDE_LENGTH : self._prelude.headers_end] return self._header_parser.parse(header_bytes) def _parse_payload(self): prelude = self._prelude - payload_bytes = self._data[prelude.headers_end:prelude.payload_end] + payload_bytes = self._data[prelude.headers_end : prelude.payload_end] return payload_bytes def _parse_message_crc(self): prelude = self._prelude - crc_bytes = self._data[prelude.payload_end:prelude.total_length] + crc_bytes = self._data[prelude.payload_end : prelude.total_length] message_crc, _ = DecodeUtils.unpack_uint32(crc_bytes) return message_crc def _parse_message_bytes(self): # The minus 4 includes the prelude crc to the bytes to be checked - message_bytes = self._data[_PRELUDE_LENGTH-4:self._prelude.payload_end] + message_bytes = self._data[ + _PRELUDE_LENGTH - 4 : self._prelude.payload_end + ] return message_bytes def _validate_message_crc(self): @@ -504,7 +497,7 @@ class EventStreamBuffer(object): def _prepare_for_next_message(self): # Advance the data and reset the current prelude - self._data = self._data[self._prelude.total_length:] + self._data = self._data[self._prelude.total_length :] self._prelude = None def next(self): @@ -531,7 +524,7 @@ class EventStreamBuffer(object): return self -class EventStream(object): +class EventStream: """Wrapper class for an event stream body. This wraps the underlying streaming body, parsing it for individual events @@ -574,6 +567,7 @@ class EventStream(object): if not end_event_received: raise Exception("End event not received, request incomplete.") """ + def __init__(self, raw_stream, output_shape, parser, operation_name): self._raw_stream = raw_stream self._output_shape = output_shape @@ -591,8 +585,7 @@ class EventStream(object): event_stream_buffer = EventStreamBuffer() for chunk in self._raw_stream.stream(): event_stream_buffer.add_data(chunk) - for event in event_stream_buffer: - yield event + yield from event_stream_buffer def _parse_event(self, event): response_dict = event.to_response_dict() @@ -613,5 +606,5 @@ class EventStream(object): raise NoInitialResponseError() def close(self): - """Closes the underlying streaming body. """ + """Closes the underlying streaming body.""" self._raw_stream.close() diff -pruN 2.23.6-1/awscli/botocore/exceptions.py 2.31.35-1/awscli/botocore/exceptions.py --- 2.23.6-1/awscli/botocore/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,7 +11,6 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from __future__ import unicode_literals from botocore.vendored.requests.packages import urllib3 @@ -34,6 +33,7 @@ class BotoCoreError(Exception): :ivar msg: The descriptive message associated with the error. """ + fmt = 'An unspecified error occurred' def __init__(self, **kwargs): @@ -51,6 +51,7 @@ class DataNotFoundError(BotoCoreError): :ivar data_path: The data path that the user attempted to load. """ + fmt = 'Unable to load data for: {data_path}' @@ -60,9 +61,11 @@ class UnknownServiceError(DataNotFoundEr :ivar service_name: The name of the unknown service. """ + fmt = ( "Unknown service: '{service_name}'. Valid service names are: " - "{known_service_names}") + "{known_service_names}" + ) class UnknownRegionError(BotoCoreError): @@ -81,19 +84,24 @@ class ApiVersionNotFoundError(BotoCoreEr :ivar data_path: The data path that the user attempted to load. :ivar api_version: The API version that the user attempted to load. """ + fmt = 'Unable to load data {data_path} for: {api_version}' class HTTPClientError(BotoCoreError): fmt = 'An HTTP Client raised an unhandled exception: {error}' + def __init__(self, request=None, response=None, **kwargs): self.request = request self.response = response - super(HTTPClientError, self).__init__(**kwargs) + super().__init__(**kwargs) def __reduce__(self): return _exception_from_packed_args, ( - self.__class__, (self.request, self.response), self.kwargs) + self.__class__, + (self.request, self.response), + self.kwargs, + ) class ConnectionError(BotoCoreError): @@ -105,8 +113,10 @@ class InvalidIMDSEndpointError(BotoCoreE class InvalidIMDSEndpointModeError(BotoCoreError): - fmt = ('Invalid EC2 Instance Metadata endpoint mode: {mode}' - ' Valid endpoint modes (case-insensitive): {valid_modes}.') + fmt = ( + 'Invalid EC2 Instance Metadata endpoint mode: {mode}' + ' Valid endpoint modes (case-insensitive): {valid_modes}.' + ) class EndpointConnectionError(ConnectionError): @@ -120,7 +130,8 @@ class SSLError(ConnectionError): class ConnectionClosedError(HTTPClientError): fmt = ( 'Connection was closed before we received a valid response ' - 'from endpoint URL: "{endpoint_url}".') + 'from endpoint URL: "{endpoint_url}".' + ) class ReadTimeoutError(HTTPClientError, urllib3.exceptions.ReadTimeoutError): @@ -139,6 +150,7 @@ class NoCredentialsError(BotoCoreError): """ No credentials could be found. """ + fmt = 'Unable to locate credentials' @@ -169,6 +181,7 @@ class PartialCredentialsError(BotoCoreEr :ivar cred_var: The missing credential variable name. """ + fmt = 'Partial credentials found in {provider}, missing: {cred_var}' @@ -181,6 +194,7 @@ class CredentialRetrievalError(BotoCoreE retrieved. """ + fmt = 'Error when retrieving credentials from {provider}: {error_msg}' @@ -190,6 +204,7 @@ class UnknownSignatureVersionError(BotoC :ivar signature_version: The name of the requested signature version. """ + fmt = 'Unknown Signature Version: {signature_version}.' @@ -200,6 +215,7 @@ class ServiceNotInRegionError(BotoCoreEr :ivar service_name: The name of the service. :ivar region_name: The name of the region. """ + fmt = 'Service {service_name} not available in region {region_name}' @@ -215,6 +231,7 @@ class BaseEndpointResolverError(BotoCore class NoRegionError(BaseEndpointResolverError): """No region was specified.""" + fmt = 'You must specify a region.' @@ -227,8 +244,10 @@ class EndpointVariantError(BaseEndpointR """ - fmt = ('Unable to construct a modeled endpoint with the following ' - 'variant(s) {tags}: ') + fmt = ( + 'Unable to construct a modeled endpoint with the following ' + 'variant(s) {tags}: ' + ) class UnknownEndpointError(BaseEndpointResolverError, ValueError): @@ -238,9 +257,11 @@ class UnknownEndpointError(BaseEndpointR :ivar service_name: The name of the service. :ivar region_name: The name of the region. """ + fmt = ( 'Unable to construct an endpoint for ' - '{service_name} in region {region_name}') + '{service_name} in region {region_name}' + ) class UnknownFIPSEndpointError(BaseEndpointResolverError): @@ -250,6 +271,7 @@ class UnknownFIPSEndpointError(BaseEndpo :ivar service_name: The name of the service. :ivar region_name: The name of the region. """ + fmt = ( 'The provided FIPS pseudo-region "{region_name}" is not known for ' 'the service "{service_name}". A FIPS compliant endpoint cannot be ' @@ -264,6 +286,7 @@ class ProfileNotFound(BotoCoreError): :ivar profile: The name of the profile the user attempted to load. """ + fmt = 'The config profile ({profile}) could not be found' @@ -273,6 +296,7 @@ class ConfigParseError(BotoCoreError): :ivar path: The path to the configuration file. """ + fmt = 'Unable to parse config file: {path}' @@ -282,6 +306,7 @@ class ConfigNotFound(BotoCoreError): :ivar path: The path to the configuration file. """ + fmt = 'The specified config file ({path}) could not be found.' @@ -296,8 +321,11 @@ class MissingParametersError(BotoCoreErr other than str(). :ivar missing: The names of the missing parameters. """ - fmt = ('The following required parameters are missing for ' - '{object_name}: {missing}') + + fmt = ( + 'The following required parameters are missing for ' + '{object_name}: {missing}' + ) class ValidationError(BotoCoreError): @@ -311,8 +339,8 @@ class ValidationError(BotoCoreError): :ivar param: The parameter that failed validation. :ivar type_name: The name of the underlying type. """ - fmt = ("Invalid value ('{value}') for param {param} " - "of type {type_name} ") + + fmt = "Invalid value ('{value}') for param {param} " "of type {type_name} " class ParamValidationError(BotoCoreError): @@ -330,8 +358,11 @@ class UnknownKeyError(ValidationError): :ivar param: The name of the parameter. :ivar choices: The valid choices the value can be. """ - fmt = ("Unknown key '{value}' for param '{param}'. Must be one " - "of: {choices}") + + fmt = ( + "Unknown key '{value}' for param '{param}'. Must be one " + "of: {choices}" + ) class RangeError(ValidationError): @@ -343,8 +374,11 @@ class RangeError(ValidationError): :ivar min_value: The specified minimum value. :ivar max_value: The specified maximum value. """ - fmt = ('Value out of range for param {param}: ' - '{min_value} <= {value} <= {max_value}') + + fmt = ( + 'Value out of range for param {param}: ' + '{min_value} <= {value} <= {max_value}' + ) class UnknownParameterError(ValidationError): @@ -355,6 +389,7 @@ class UnknownParameterError(ValidationEr :ivar operation: The name of the operation. :ivar choices: The valid choices the parameter name can be. """ + fmt = ( "Unknown parameter '{name}' for operation {operation}. Must be one " "of: {choices}" @@ -367,9 +402,8 @@ class InvalidRegionError(ValidationError :ivar region_name: region_name that was being validated. """ - fmt = ( - "Provided region_name '{region_name}' doesn't match a supported format." - ) + + fmt = "Provided region_name '{region_name}' doesn't match a supported format." class AliasConflictParameterError(ValidationError): @@ -380,6 +414,7 @@ class AliasConflictParameterError(Valida :ivar alias: The name of the alias :ivar operation: The name of the operation. """ + fmt = ( "Parameter '{original}' and its alias '{alias}' were provided " "for operation {operation}. Only one of them may be used." @@ -392,6 +427,7 @@ class UnknownServiceStyle(BotoCoreError) :ivar service_style: The style requested. """ + fmt = 'The service style ({service_style}) is not understood.' @@ -404,66 +440,77 @@ class OperationNotPageableError(BotoCore class ChecksumError(BotoCoreError): - """The expected checksum did not match the calculated checksum. + """The expected checksum did not match the calculated checksum.""" - """ - fmt = ('Checksum {checksum_type} failed, expected checksum ' - '{expected_checksum} did not match calculated checksum ' - '{actual_checksum}.') + fmt = ( + 'Checksum {checksum_type} failed, expected checksum ' + '{expected_checksum} did not match calculated checksum ' + '{actual_checksum}.' + ) class UnseekableStreamError(BotoCoreError): - """Need to seek a stream, but stream does not support seeking. + """Need to seek a stream, but stream does not support seeking.""" - """ - fmt = ('Need to rewind the stream {stream_object}, but stream ' - 'is not seekable.') + fmt = ( + 'Need to rewind the stream {stream_object}, but stream ' + 'is not seekable.' + ) class WaiterError(BotoCoreError): """Waiter failed to reach desired state.""" + fmt = 'Waiter {name} failed: {reason}' def __init__(self, name, reason, last_response): - super(WaiterError, self).__init__(name=name, reason=reason) + super().__init__(name=name, reason=reason) self.last_response = last_response class IncompleteReadError(BotoCoreError): """HTTP response did not return expected number of bytes.""" - fmt = ('{actual_bytes} read, but total bytes ' - 'expected is {expected_bytes}.') + + fmt = ( + '{actual_bytes} read, but total bytes ' 'expected is {expected_bytes}.' + ) class InvalidExpressionError(BotoCoreError): """Expression is either invalid or too complex.""" + fmt = 'Invalid expression {expression}: Only dotted lookups are supported.' class UnknownCredentialError(BotoCoreError): """Tried to insert before/after an unregistered credential type.""" + fmt = 'Credential named {name} not found.' class WaiterConfigError(BotoCoreError): """Error when processing waiter configuration.""" + fmt = 'Error processing waiter config: {error_msg}' class UnknownClientMethodError(BotoCoreError): """Error when trying to access a method on a client that does not exist.""" + fmt = 'Client does not have method: {method_name}' class UnsupportedSignatureVersionError(BotoCoreError): """Error when trying to use an unsupported Signature Version.""" + fmt = 'Signature version(s) are not supported: {signature_version}' class ClientError(Exception): MSG_TEMPLATE = ( 'An error occurred ({error_code}) when calling the {operation_name} ' - 'operation{retry_info}: {error_message}') + 'operation{retry_info}: {error_message}' + ) def __init__(self, error_response, operation_name): retry_info = self._get_retry_info(error_response) @@ -474,7 +521,7 @@ class ClientError(Exception): operation_name=operation_name, retry_info=retry_info, ) - super(ClientError, self).__init__(msg) + super().__init__(msg) self.response = error_response self.operation_name = operation_name @@ -484,8 +531,9 @@ class ClientError(Exception): metadata = response['ResponseMetadata'] if metadata.get('MaxAttemptsReached', False): if 'RetryAttempts' in metadata: - retry_info = (' (reached max retries: %s)' % - metadata['RetryAttempts']) + retry_info = ' (reached max retries: {})'.format( + metadata['RetryAttempts'] + ) return retry_info def __reduce__(self): @@ -501,6 +549,7 @@ class EventStreamError(ClientError): class UnsupportedTLSVersionWarning(Warning): """Warn when an openssl version that uses TLS 1.2 is required""" + pass @@ -510,6 +559,7 @@ class ImminentRemovalWarning(Warning): class InvalidDNSNameError(BotoCoreError): """Error when virtual host path is forced on a non-DNS compatible bucket""" + fmt = ( 'Bucket named {bucket_name} is not DNS compatible. Virtual ' 'hosted-style addressing cannot be used. The addressing style ' @@ -521,6 +571,7 @@ class InvalidDNSNameError(BotoCoreError) class InvalidS3AddressingStyleError(BotoCoreError): """Error when an invalid path style is specified""" + fmt = ( 'S3 addressing style {s3_addressing_style} is invalid. Valid options ' 'are: \'auto\', \'virtual\', and \'path\'' @@ -529,6 +580,7 @@ class InvalidS3AddressingStyleError(Boto class UnsupportedS3ArnError(BotoCoreError): """Error when S3 ARN provided to Bucket parameter is not supported""" + fmt = ( 'S3 ARN {arn} provided to "Bucket" parameter is invalid. Only ' 'ARNs for S3 access-points are supported.' @@ -537,13 +589,13 @@ class UnsupportedS3ArnError(BotoCoreErro class UnsupportedS3ControlArnError(BotoCoreError): """Error when S3 ARN provided to S3 control parameter is not supported""" - fmt = ( - 'S3 ARN "{arn}" provided is invalid for this operation. {msg}' - ) + + fmt = 'S3 ARN "{arn}" provided is invalid for this operation. {msg}' class InvalidHostLabelError(BotoCoreError): """Error when an invalid host label would be bound to an endpoint""" + fmt = ( 'Invalid host label to be bound to the hostname of the endpoint: ' '"{label}".' @@ -552,6 +604,7 @@ class InvalidHostLabelError(BotoCoreErro class UnsupportedOutpostResourceError(BotoCoreError): """Error when S3 Outpost ARN provided to Bucket parameter is incomplete""" + fmt = ( 'S3 Outpost ARN resource "{resource_name}" provided to "Bucket" ' 'parameter is invalid. Only ARNs for S3 Outpost arns with an ' @@ -561,20 +614,19 @@ class UnsupportedOutpostResourceError(Bo class UnsupportedS3ConfigurationError(BotoCoreError): """Error when an unsupported configuration is used with access-points""" - fmt = ( - 'Unsupported configuration when using S3: {msg}' - ) + + fmt = 'Unsupported configuration when using S3: {msg}' class UnsupportedS3AccesspointConfigurationError(BotoCoreError): """Error when an unsupported configuration is used with access-points""" - fmt = ( - 'Unsupported configuration when using S3 access-points: {msg}' - ) + + fmt = 'Unsupported configuration when using S3 access-points: {msg}' class InvalidEndpointDiscoveryConfigurationError(BotoCoreError): """Error when invalid value supplied for endpoint_discovery_enabled""" + fmt = ( 'Unsupported configuration value for endpoint_discovery_enabled. ' 'Expected one of ("true", "false", "auto") but got {config_value}.' @@ -583,13 +635,13 @@ class InvalidEndpointDiscoveryConfigurat class UnsupportedS3ControlConfigurationError(BotoCoreError): """Error when an unsupported configuration is used with S3 Control""" - fmt = ( - 'Unsupported configuration when using S3 Control: {msg}' - ) + + fmt = 'Unsupported configuration when using S3 Control: {msg}' class InvalidRetryConfigurationError(BotoCoreError): """Error when invalid retry configuration is specified""" + fmt = ( 'Cannot provide retry configuration for "{retry_config_option}". ' 'Valid retry configuration options are: \'max_attempts\'' @@ -598,6 +650,7 @@ class InvalidRetryConfigurationError(Bot class InvalidMaxRetryAttemptsError(InvalidRetryConfigurationError): """Error when invalid retry configuration is specified""" + fmt = ( 'Value provided to "max_attempts": {provided_max_attempts} must ' 'be an integer greater than or equal to one.' @@ -606,6 +659,7 @@ class InvalidMaxRetryAttemptsError(Inval class InvalidRetryModeError(InvalidRetryConfigurationError): """Error when invalid retry mode configuration is specified""" + fmt = ( 'Invalid value provided to "mode": "{provided_retry_mode}" must ' 'be one of: "standard" or "adaptive"' @@ -613,7 +667,9 @@ class InvalidRetryModeError(InvalidRetry class StubResponseError(BotoCoreError): - fmt = 'Error getting response stub for operation {operation_name}: {reason}' + fmt = ( + 'Error getting response stub for operation {operation_name}: {reason}' + ) class StubAssertionError(StubResponseError, AssertionError): @@ -703,15 +759,11 @@ class AuthCodeFetcherError(SSOError): class CapacityNotAvailableError(BotoCoreError): - fmt = ( - 'Insufficient request capacity available.' - ) + fmt = 'Insufficient request capacity available.' class InvalidProxiesConfigError(BotoCoreError): - fmt = ( - 'Invalid configuration value(s) provided for proxies_config.' - ) + fmt = 'Invalid configuration value(s) provided for proxies_config.' class AwsChunkedWrapperError(BotoCoreError): @@ -723,9 +775,7 @@ class FlexibleChecksumError(BotoCoreErro class InvalidEndpointConfigurationError(BotoCoreError): - fmt = ( - 'Invalid endpoint configuration: {msg}' - ) + fmt = 'Invalid endpoint configuration: {msg}' class EndpointProviderError(BotoCoreError): @@ -751,3 +801,12 @@ class InvalidChecksumConfigError(BotoCor 'Unsupported configuration value for {config_key}. ' 'Expected one of {valid_options} but got {config_value}.' ) + + +class UnsupportedServiceProtocolsError(BotoCoreError): + """Error when a service does not use any protocol supported by botocore.""" + + fmt = ( + 'Botocore supports {botocore_supported_protocols}, but service {service} only ' + 'supports {service_supported_protocols}.' + ) diff -pruN 2.23.6-1/awscli/botocore/handlers.py 2.31.35-1/awscli/botocore/handlers.py --- 2.23.6-1/awscli/botocore/handlers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/handlers.py 2025-11-12 19:17:29.000000000 +0000 @@ -26,9 +26,10 @@ from io import BytesIO import botocore import botocore.auth -from botocore import utils, UNSIGNED +from botocore import UNSIGNED, utils +from botocore.args import ClientConfigString from botocore.compat import ( - MD5_AVAILABLE, + MD5_AVAILABLE, # noqa ETree, OrderedDict, XMLParseError, @@ -47,25 +48,27 @@ from botocore.docs.utils import ( ) from botocore.exceptions import ( AliasConflictParameterError, - MissingServiceIdError, + MissingServiceIdError, # noqa ParamValidationError, UnsupportedTLSVersionWarning, ) from botocore.regions import EndpointResolverBuiltins from botocore.signers import ( - add_generate_db_auth_token, add_dsql_generate_db_auth_token_methods, + add_generate_db_auth_token, add_generate_presigned_post, add_generate_presigned_url, ) +from botocore.useragent import register_feature_id from botocore.utils import ( SAFE_CHARS, + SERVICE_NAME_ALIASES, ArnParser, - hyphenize_service_id, - is_global_accesspoint, + get_token_from_environment, + hyphenize_service_id, # noqa + is_global_accesspoint, # noqa percent_encode, switch_host_with_param, - SERVICE_NAME_ALIASES, ) logger = logging.getLogger(__name__) @@ -117,8 +120,8 @@ def _looks_like_special_case_error(statu if status_code == 200 and body: try: parser = ETree.XMLParser( - target=ETree.TreeBuilder(), - encoding='utf-8') + target=ETree.TreeBuilder(), encoding='utf-8' + ) parser.feed(body) root = parser.close() except XMLParseError: @@ -132,7 +135,7 @@ def _looks_like_special_case_error(statu def set_operation_specific_signer(context, signing_name, **kwargs): - """ Choose the operation-specific signer. + """Choose the operation-specific signer. Individual operations may have a different auth type than the service as a whole. This will most often manifest as operations that should not be @@ -204,8 +207,9 @@ def decode_console_output(parsed, **kwar # We're using 'replace' for errors because it is # possible that console output contains non string # chars we can't utf-8 decode. - value = base64.b64decode(bytes(parsed['Output'], 'latin-1')).decode( - 'utf-8', 'replace') + value = base64.b64decode( + bytes(parsed['Output'], 'latin-1') + ).decode('utf-8', 'replace') parsed['Output'] = value except (ValueError, TypeError, AttributeError): logger.debug('Error decoding base64', exc_info=True) @@ -215,8 +219,9 @@ def generate_idempotent_uuid(params, mod for name in model.idempotent_members: if name not in params: params[name] = str(uuid.uuid4()) - logger.debug("injecting idempotency token (%s) into param '%s'." % - (params[name], name)) + logger.debug( + f"injecting idempotency token ({params[name]}) into param '{name}'." + ) def decode_quoted_jsondoc(value): @@ -231,7 +236,8 @@ def json_decode_template_body(parsed, ** if 'TemplateBody' in parsed: try: value = json.loads( - parsed['TemplateBody'], object_pairs_hook=OrderedDict) + parsed['TemplateBody'], object_pairs_hook=OrderedDict + ) parsed['TemplateBody'] = value except (ValueError, TypeError): logger.debug('error loading JSON', exc_info=True) @@ -243,9 +249,9 @@ def validate_bucket_name(params, **kwarg bucket = params['Bucket'] if not VALID_BUCKET.search(bucket) and not VALID_S3_ARN.search(bucket): error_msg = ( - 'Invalid bucket name "%s": Bucket name must match ' - 'the regex "%s" or be an ARN matching the regex "%s"' % ( - bucket, VALID_BUCKET.pattern, VALID_S3_ARN.pattern)) + f'Invalid bucket name "{bucket}": Bucket name must match ' + f'the regex "{VALID_BUCKET.pattern}" or be an ARN matching the regex "{VALID_S3_ARN.pattern}"' + ) raise ParamValidationError(report=error_msg) @@ -278,16 +284,19 @@ def _sse_md5(params, sse_member_prefix=' key_as_bytes = params[sse_key_member] if isinstance(key_as_bytes, str): key_as_bytes = key_as_bytes.encode('utf-8') - key_md5_str = base64.b64encode( - get_md5(key_as_bytes).digest()).decode('utf-8') + key_md5_str = base64.b64encode(get_md5(key_as_bytes).digest()).decode( + 'utf-8' + ) key_b64_encoded = base64.b64encode(key_as_bytes).decode('utf-8') params[sse_key_member] = key_b64_encoded params[sse_md5_member] = key_md5_str def _needs_s3_sse_customization(params, sse_member_prefix): - return (params.get(sse_member_prefix + 'Key') is not None and - sse_member_prefix + 'KeyMD5' not in params) + return ( + params.get(sse_member_prefix + 'Key') is not None + and sse_member_prefix + 'KeyMD5' not in params + ) def disable_signing(**kwargs): @@ -310,7 +319,7 @@ def add_expect_header(model, params, **k params['headers']['Expect'] = '100-continue' -class DeprecatedServiceDocumenter(object): +class DeprecatedServiceDocumenter: def __init__(self, replacement_service_name): self._replacement_service_name = replacement_service_name @@ -331,8 +340,10 @@ def document_copy_source_form(section, e param_line = parent.get_section('CopySource') value_portion = param_line.get_section('member-value') value_portion.clear_text() - value_portion.write("'string' or {'Bucket': 'string', " - "'Key': 'string', 'VersionId': 'string'}") + value_portion.write( + "'string' or {'Bucket': 'string', " + "'Key': 'string', 'VersionId': 'string'}" + ) elif 'request-params' in event_name: param_section = section.get_section('CopySource') type_section = param_section.get_section('param-type') @@ -393,15 +404,16 @@ def _quote_source_header_from_dict(sourc key = source_dict['Key'] version_id = source_dict.get('VersionId') if VALID_S3_ARN.search(bucket): - final = '%s/object/%s' % (bucket, key) + final = f'{bucket}/object/{key}' else: - final = '%s/%s' % (bucket, key) + final = f'{bucket}/{key}' except KeyError as e: raise ParamValidationError( - report='Missing required parameter: %s' % str(e)) + report=f'Missing required parameter: {str(e)}' + ) final = percent_encode(final, safe=SAFE_CHARS + '/') if version_id is not None: - final += '?versionId=%s' % version_id + final += f'?versionId={version_id}' return final @@ -410,12 +422,13 @@ def _quote_source_header(value): if result is None: return percent_encode(value, safe=SAFE_CHARS + '/') else: - first, version_id = value[:result.start()], value[result.start():] + first, version_id = value[: result.start()], value[result.start() :] return percent_encode(first, safe=SAFE_CHARS + '/') + version_id -def _get_cross_region_presigned_url(request_signer, request_dict, model, - source_region, destination_region): +def _get_cross_region_presigned_url( + request_signer, request_dict, model, source_region, destination_region +): # The better way to do this is to actually get the # endpoint_resolver and get the endpoint_url given the # source region. In this specific case, we know that @@ -427,12 +440,13 @@ def _get_cross_region_presigned_url(requ request_dict_copy = copy.deepcopy(request_dict) request_dict_copy['body']['DestinationRegion'] = destination_region request_dict_copy['url'] = request_dict['url'].replace( - destination_region, source_region) + destination_region, source_region + ) request_dict_copy['method'] = 'GET' request_dict_copy['headers'] = {} return request_signer.generate_presigned_url( - request_dict_copy, region_name=source_region, - operation_name=model.name) + request_dict_copy, region_name=source_region, operation_name=model.name + ) def _get_presigned_url_source_and_destination_regions(request_signer, params): @@ -447,9 +461,11 @@ def inject_presigned_url_ec2(params, req if 'PresignedUrl' in params['body']: return src, dest = _get_presigned_url_source_and_destination_regions( - request_signer, params['body']) + request_signer, params['body'] + ) url = _get_cross_region_presigned_url( - request_signer, params, model, src, dest) + request_signer, params, model, src, dest + ) params['body']['PresignedUrl'] = url # EC2 Requires that the destination region be sent over the wire in # addition to the source region. @@ -464,7 +480,8 @@ def inject_presigned_url_rds(params, req return src, dest = _get_presigned_url_source_and_destination_regions( - request_signer, params['body']) + request_signer, params['body'] + ) # Since SourceRegion isn't actually modeled for RDS, it needs to be # removed from the request params before we send the actual request. @@ -474,7 +491,8 @@ def inject_presigned_url_rds(params, req return url = _get_cross_region_presigned_url( - request_signer, params, model, src, dest) + request_signer, params, model, src, dest + ) params['body']['PreSignedUrl'] = url @@ -496,11 +514,14 @@ def _decode_policy_types(parsed, shape): shape_name = 'policyDocumentType' if shape.type_name == 'structure': for member_name, member_shape in shape.members.items(): - if member_shape.type_name == 'string' and \ - member_shape.name == shape_name and \ - member_name in parsed: + if ( + member_shape.type_name == 'string' + and member_shape.name == shape_name + and member_name in parsed + ): parsed[member_name] = decode_quoted_jsondoc( - parsed[member_name]) + parsed[member_name] + ) elif member_name in parsed: _decode_policy_types(parsed[member_name], member_shape) if shape.type_name == 'list': @@ -518,9 +539,7 @@ def parse_get_bucket_location(parsed, ht if http_response.raw is None: return response_body = http_response.content - parser = ETree.XMLParser( - target=ETree.TreeBuilder(), - encoding='utf-8') + parser = ETree.XMLParser(target=ETree.TreeBuilder(), encoding='utf-8') parser.feed(response_body) root = parser.close() region = root.text @@ -532,14 +551,17 @@ def base64_encode_user_data(params, **kw if isinstance(params['UserData'], str): # Encode it to bytes if it is text. params['UserData'] = params['UserData'].encode('utf-8') - params['UserData'] = base64.b64encode( - params['UserData']).decode('utf-8') + params['UserData'] = base64.b64encode(params['UserData']).decode( + 'utf-8' + ) def document_base64_encoding(param): - description = ('**This value will be base64 encoded automatically. Do ' - 'not base64 encode this value prior to performing the ' - 'operation.**') + description = ( + '**This value will be base64 encoded automatically. Do ' + 'not base64 encode this value prior to performing the ' + 'operation.**' + ) append = AppendParamDocumentation(param, description) return append.append_documentation @@ -566,14 +588,13 @@ def validate_ascii_metadata(params, **kw try: key.encode('ascii') value.encode('ascii') - except UnicodeEncodeError as e: + except UnicodeEncodeError: error_msg = ( 'Non ascii characters found in S3 metadata ' - 'for key "%s", value: "%s". \nS3 metadata can only ' - 'contain ASCII characters. ' % (key, value) + f'for key "{key}", value: "{value}". \nS3 metadata can only ' + 'contain ASCII characters. ' ) - raise ParamValidationError( - report=error_msg) + raise ParamValidationError(report=error_msg) def fix_route53_ids(params, model, **kwargs): @@ -587,8 +608,11 @@ def fix_route53_ids(params, model, **kwa if not input_shape or not hasattr(input_shape, 'members'): return - members = [name for (name, shape) in input_shape.members.items() - if shape.name in ['ResourceId', 'DelegationSetId', 'ChangeId']] + members = [ + name + for (name, shape) in input_shape.members.items() + if shape.name in ['ResourceId', 'DelegationSetId', 'ChangeId'] + ] for name in members: if name in params: @@ -609,7 +633,8 @@ def inject_account_id(params, **kwargs): def add_glacier_version(model, params, **kwargs): request_dict = params request_dict['headers']['x-amz-glacier-version'] = model.metadata[ - 'apiVersion'] + 'apiVersion' + ] def add_accept_header(model, params, **kwargs): @@ -643,7 +668,8 @@ def add_glacier_checksums(params, **kwar starting_position = body.tell() if 'x-amz-content-sha256' not in headers: headers['x-amz-content-sha256'] = utils.calculate_sha256( - body, as_hex=True) + body, as_hex=True + ) body.seek(starting_position) if 'x-amz-sha256-tree-hash' not in headers: headers['x-amz-sha256-tree-hash'] = utils.calculate_tree_hash(body) @@ -667,7 +693,9 @@ def document_glacier_tree_hash_checksum( return AppendParamDocumentation('checksum', doc).append_documentation -def document_cloudformation_get_template_return_type(section, event_name, **kwargs): +def document_cloudformation_get_template_return_type( + section, event_name, **kwargs +): if 'response-params' in event_name: template_body_section = section.get_section('TemplateBody') type_section = template_body_section.get_section('param-type') @@ -687,15 +715,16 @@ def switch_host_machinelearning(request, def check_openssl_supports_tls_version_1_2(**kwargs): import ssl + try: openssl_version_tuple = ssl.OPENSSL_VERSION_INFO if openssl_version_tuple < (1, 0, 1): warnings.warn( - 'Currently installed openssl version: %s does not ' + f'Currently installed openssl version: {ssl.OPENSSL_VERSION} does not ' 'support TLS 1.2, which is required for use of iot-data. ' 'Please use python installed with openssl version 1.0.1 or ' - 'higher.' % (ssl.OPENSSL_VERSION), - UnsupportedTLSVersionWarning + 'higher.', + UnsupportedTLSVersionWarning, ) # We cannot check the openssl version on python2.6, so we should just # pass on this conveniency check. @@ -733,7 +762,7 @@ def decode_list_object(parsed, context, top_level_keys=['Delimiter', 'Marker', 'NextMarker'], nested_keys=[('Contents', 'Key'), ('CommonPrefixes', 'Prefix')], parsed=parsed, - context=context + context=context, ) @@ -746,7 +775,7 @@ def decode_list_object_v2(parsed, contex top_level_keys=['Delimiter', 'Prefix', 'StartAfter'], nested_keys=[('Contents', 'Key'), ('CommonPrefixes', 'Prefix')], parsed=parsed, - context=context + context=context, ) @@ -768,19 +797,20 @@ def decode_list_object_versions(parsed, ('CommonPrefixes', 'Prefix'), ], parsed=parsed, - context=context + context=context, ) def _decode_list_object(top_level_keys, nested_keys, parsed, context): - if parsed.get('EncodingType') == 'url' and \ - context.get('encoding_type_auto_set'): + if parsed.get('EncodingType') == 'url' and context.get( + 'encoding_type_auto_set' + ): # URL decode top-level keys in the response if present. for key in top_level_keys: if key in parsed: parsed[key] = unquote_str(parsed[key]) # URL decode nested keys from the response if present. - for (top_key, child_key) in nested_keys: + for top_key, child_key in nested_keys: if top_key in parsed: for member in parsed[top_key]: member[child_key] = unquote_str(member[child_key]) @@ -803,7 +833,7 @@ def _add_parameter_aliases(handler_list) aliases = { 'ec2.*.Filter': 'Filters', 'cloudwatch-logs.CreateExportTask.from': 'fromTime', - 'cloudsearch-domain.Search.return': 'returnFields' + 'cloudsearch-domain.Search.return': 'returnFields', } for original, new_name in aliases.items(): @@ -817,16 +847,17 @@ def _add_parameter_aliases(handler_list) parameter_build_event_handler_tuple = ( 'before-parameter-build.' + event_portion, parameter_alias.alias_parameter_in_call, - REGISTER_FIRST + REGISTER_FIRST, ) docs_event_handler_tuple = ( 'docs.*.' + event_portion + '.complete-section', - parameter_alias.alias_parameter_in_documentation) + parameter_alias.alias_parameter_in_documentation, + ) handler_list.append(parameter_build_event_handler_tuple) handler_list.append(docs_event_handler_tuple) -class ParameterAlias(object): +class ParameterAlias: def __init__(self, original_name, alias_name): self._original_name = original_name self._alias_name = alias_name @@ -841,7 +872,7 @@ class ParameterAlias(object): raise AliasConflictParameterError( original=self._original_name, alias=self._alias_name, - operation=model.name + operation=model.name, ) # Remove the alias parameter value and use the old name # instead. @@ -870,14 +901,15 @@ class ParameterAlias(object): def _replace_content(self, section): content = section.getvalue().decode('utf-8') updated_content = content.replace( - self._original_name, self._alias_name) + self._original_name, self._alias_name + ) section.clear_text() section.write(updated_content) -class ClientMethodAlias(object): +class ClientMethodAlias: def __init__(self, actual_name): - """ Aliases a non-extant method to an existing method. + """Aliases a non-extant method to an existing method. :param actual_name: The name of the method that actually exists on the client. @@ -889,9 +921,9 @@ class ClientMethodAlias(object): # TODO: Remove this class as it is no longer used -class HeaderToHostHoister(object): - """Takes a header and moves it to the front of the hoststring. - """ +class HeaderToHostHoister: + """Takes a header and moves it to the front of the hoststring.""" + _VALID_HOSTNAME = re.compile(r'(?!-)[a-z\d-]{1,63}(? 0): self._validate_checksum() @@ -232,10 +234,7 @@ class StreamingChecksumBody(StreamingBod def _validate_checksum(self): if self._checksum.digest() != base64.b64decode(self._expected): - error_msg = ( - "Expected checksum %s did not match calculated checksum: %s" - % (self._expected, self._checksum.b64digest(),) - ) + error_msg = f"Expected checksum {self._expected} did not match calculated checksum: {self._checksum.b64digest()}" raise FlexibleChecksumError(error_msg=error_msg) @@ -245,7 +244,10 @@ def resolve_checksum_context(request, op def resolve_request_checksum_algorithm( - request, operation_model, params, supported_algorithms=None, + request, + operation_model, + params, + supported_algorithms=None, ): # If the header is already set by the customer, skip calculation if has_checksum_header(request): @@ -270,7 +272,7 @@ def resolve_request_checksum_algorithm( algorithm_name = params[algorithm_member].lower() if algorithm_name not in supported_algorithms: raise FlexibleChecksumError( - error_msg="Unsupported checksum algorithm: %s" % algorithm_name + error_msg=f"Unsupported checksum algorithm: {algorithm_name}" ) elif request_checksum_required or ( algorithm_member and request_checksum_calculation == "when_supported" @@ -340,7 +342,7 @@ def apply_request_checksum(request): _apply_request_trailer_checksum(request) else: raise FlexibleChecksumError( - error_msg="Unknown checksum variant: %s" % algorithm["in"] + error_msg="Unknown checksum variant: {}".format(algorithm["in"]) ) if "request_algorithm_header" in checksum_context: request_algorithm_header = checksum_context["request_algorithm_header"] @@ -359,6 +361,7 @@ def _apply_request_header_checksum(reque checksum_cls = _CHECKSUM_CLS.get(algorithm["algorithm"]) digest = checksum_cls().handle(request["body"]) request["headers"][location_name] = digest + _register_checksum_algorithm_feature_id(algorithm) def _apply_request_trailer_checksum(request): @@ -382,6 +385,7 @@ def _apply_request_trailer_checksum(requ else: headers["Content-Encoding"] = "aws-chunked" headers["X-Amz-Trailer"] = location_name + _register_checksum_algorithm_feature_id(algorithm) content_length = determine_content_length(body) if content_length is not None: @@ -389,14 +393,32 @@ def _apply_request_trailer_checksum(requ # services such as S3 may require the decoded content length headers["X-Amz-Decoded-Content-Length"] = str(content_length) + if "Content-Length" in headers: + del headers["Content-Length"] + logger.debug( + "Removing the Content-Length header since 'chunked' is specified for Transfer-Encoding." + ) + if isinstance(body, (bytes, bytearray)): body = io.BytesIO(body) request["body"] = AwsChunkedWrapper( - body, checksum_cls=checksum_cls, checksum_name=location_name, + body, + checksum_cls=checksum_cls, + checksum_name=location_name, ) +def _register_checksum_algorithm_feature_id(algorithm): + checksum_algorithm_name = algorithm["algorithm"].upper() + if checksum_algorithm_name == "CRC64NVME": + checksum_algorithm_name = "CRC64" + checksum_algorithm_name_feature_id = ( + f"FLEXIBLE_CHECKSUMS_REQ_{checksum_algorithm_name}" + ) + register_feature_id(checksum_algorithm_name_feature_id) + + def resolve_response_checksum_algorithms( request, operation_model, params, supported_algorithms=None ): @@ -430,7 +452,7 @@ def handle_checksum_body(http_response, return for algorithm in algorithms: - header_name = "x-amz-checksum-%s" % algorithm + header_name = f"x-amz-checksum-{algorithm}" # If the header is not found, check the next algorithm if header_name not in headers: continue @@ -464,7 +486,7 @@ def handle_checksum_body(http_response, def _handle_streaming_response(http_response, response, algorithm): checksum_cls = _CHECKSUM_CLS.get(algorithm) - header_name = "x-amz-checksum-%s" % algorithm + header_name = f"x-amz-checksum-{algorithm}" return StreamingChecksumBody( http_response.raw, response["headers"].get("content-length"), @@ -475,16 +497,13 @@ def _handle_streaming_response(http_resp def _handle_bytes_response(http_response, response, algorithm): body = http_response.content - header_name = "x-amz-checksum-%s" % algorithm + header_name = f"x-amz-checksum-{algorithm}" checksum_cls = _CHECKSUM_CLS.get(algorithm) checksum = checksum_cls() checksum.update(body) expected = response["headers"][header_name] if checksum.digest() != base64.b64decode(expected): - error_msg = ( - "Expected checksum %s did not match calculated checksum: %s" - % (expected, checksum.b64digest(),) - ) + error_msg = f"Expected checksum {expected} did not match calculated checksum: {checksum.b64digest()}" raise FlexibleChecksumError(error_msg=error_msg) return body diff -pruN 2.23.6-1/awscli/botocore/httpsession.py 2.31.35-1/awscli/botocore/httpsession.py --- 2.23.6-1/awscli/botocore/httpsession.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/httpsession.py 2025-11-12 19:17:29.000000000 +0000 @@ -28,6 +28,8 @@ from urllib3.util.ssl_ import ( ) from urllib3.util.url import parse_url +from concurrent.futures import CancelledError + try: from urllib3.util.ssl_ import OP_NO_TICKET, PROTOCOL_TLS_CLIENT except ImportError: @@ -497,6 +499,8 @@ class URLLib3Session: raise ConnectionClosedError( error=e, request=request, endpoint_url=request.url ) + except CancelledError: + raise except Exception as e: message = 'Exception received when sending urllib3 HTTP request' logger.debug(message, exc_info=True) diff -pruN 2.23.6-1/awscli/botocore/loaders.py 2.31.35-1/awscli/botocore/loaders.py --- 2.23.6-1/awscli/botocore/loaders.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/loaders.py 2025-11-12 19:17:29.000000000 +0000 @@ -101,6 +101,7 @@ information that doesn't quite fit in th for the sdk. For instance, additional operation parameters might be added here which don't represent the actual service api. """ + import logging import os @@ -121,6 +122,7 @@ def instance_cache(func): ``self._cache`` dictionary. """ + def _wrapper(self, *args, **kwargs): key = (func.__name__,) + args for pair in sorted(kwargs.items()): @@ -130,15 +132,17 @@ def instance_cache(func): data = func(self, *args, **kwargs) self._cache[key] = data return data + return _wrapper -class JSONFileLoader(object): +class JSONFileLoader: """Loader JSON files. This class can load the default format of models, which is a JSON file. """ + def exists(self, file_path): """Checks if the file exists. @@ -198,7 +202,7 @@ def create_loader(search_path_string=Non return Loader(extra_search_paths=paths) -class Loader(object): +class Loader: """Find and load data models. This class will handle searching for and loading data models. @@ -207,17 +211,24 @@ class Loader(object): convenience method over ``load_data`` and ``determine_latest_version``. """ + FILE_LOADER_CLASS = JSONFileLoader # The included models in botocore/data/ that we ship with botocore. BUILTIN_DATA_PATH = os.path.join(BOTOCORE_ROOT, 'data') # For convenience we automatically add ~/.aws/models to the data path. - CUSTOMER_DATA_PATH = os.path.join(os.path.expanduser('~'), - '.aws', 'models') + CUSTOMER_DATA_PATH = os.path.join( + os.path.expanduser('~'), '.aws', 'models' + ) BUILTIN_EXTRAS_TYPES = ['sdk'] - def __init__(self, extra_search_paths=None, file_loader=None, - cache=None, include_default_search_paths=True, - include_default_extras=True): + def __init__( + self, + extra_search_paths=None, + file_loader=None, + cache=None, + include_default_search_paths=True, + include_default_extras=True, + ): self._cache = {} if file_loader is None: file_loader = self.FILE_LOADER_CLASS() @@ -227,8 +238,9 @@ class Loader(object): else: self._search_paths = [] if include_default_search_paths: - self._search_paths.extend([self.CUSTOMER_DATA_PATH, - self.BUILTIN_DATA_PATH]) + self._search_paths.extend( + [self.CUSTOMER_DATA_PATH, self.BUILTIN_DATA_PATH] + ) self._extras_types = [] if include_default_extras: @@ -271,15 +283,17 @@ class Loader(object): # by searching for the corresponding type_name in each # potential directory. possible_services = [ - d for d in os.listdir(possible_path) - if os.path.isdir(os.path.join(possible_path, d))] + d + for d in os.listdir(possible_path) + if os.path.isdir(os.path.join(possible_path, d)) + ] for service_name in possible_services: full_dirname = os.path.join(possible_path, service_name) api_versions = os.listdir(full_dirname) for api_version in api_versions: - full_load_path = os.path.join(full_dirname, - api_version, - type_name) + full_load_path = os.path.join( + full_dirname, api_version, type_name + ) if self.file_loader.exists(full_load_path): services.add(service_name) break @@ -324,9 +338,9 @@ class Loader(object): """ known_api_versions = set() - for possible_path in self._potential_locations(service_name, - must_exist=True, - is_dir=True): + for possible_path in self._potential_locations( + service_name, must_exist=True, is_dir=True + ): for dirname in os.listdir(possible_path): full_path = os.path.join(possible_path, dirname, type_name) # Only add to the known_api_versions if the directory @@ -374,11 +388,13 @@ class Loader(object): if service_name not in known_services: raise UnknownServiceError( service_name=service_name, - known_service_names=', '.join(sorted(known_services))) + known_service_names=', '.join(sorted(known_services)), + ) if api_version is None: api_version = self.determine_latest_version( - service_name, type_name) + service_name, type_name + ) full_path = os.path.join(service_name, api_version, type_name) model = self.load_data(full_path) @@ -392,7 +408,7 @@ class Loader(object): def _find_extras(self, service_name, type_name, api_version): """Creates an iterator over all the extras data.""" for extras_type in self.extras_types: - extras_name = '%s.%s-extras' % (type_name, extras_type) + extras_name = f'{type_name}.{extras_type}-extras' full_path = os.path.join(service_name, api_version, extras_name) try: @@ -438,8 +454,7 @@ class Loader(object): data, _ = self.load_data_with_path(name) return data - def _potential_locations(self, name=None, must_exist=False, - is_dir=False): + def _potential_locations(self, name=None, must_exist=False, is_dir=False): # Will give an iterator over the full path of potential locations # according to the search path. for path in self.search_paths: @@ -471,8 +486,9 @@ class Loader(object): return path.startswith(self.BUILTIN_DATA_PATH) -class ExtrasProcessor(object): +class ExtrasProcessor: """Processes data from extras files into service models.""" + def process(self, original_model, extra_models): """Processes data from a list of loaded extras files into a model diff -pruN 2.23.6-1/awscli/botocore/model.py 2.31.35-1/awscli/botocore/model.py --- 2.23.6-1/awscli/botocore/model.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/model.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Abstractions to interact with service models.""" + from collections import defaultdict from typing import NamedTuple, Union @@ -19,8 +20,14 @@ from botocore.compat import OrderedDict from botocore.exceptions import ( MissingServiceIdError, UndefinedModelAttributeError, + UnsupportedServiceProtocolsError, +) +from botocore.utils import ( + PRIORITY_ORDERED_SUPPORTED_PROTOCOLS, + CachedProperty, + hyphenize_service_id, + instance_cache, ) -from botocore.utils import CachedProperty, hyphenize_service_id, instance_cache NOT_SET = object() @@ -46,21 +53,50 @@ class ServiceId(str): return hyphenize_service_id(self) -class Shape(object): +class Shape: """Object representing a shape from the service model.""" + # To simplify serialization logic, all shape params that are # related to serialization are moved from the top level hash into # a 'serialization' hash. This list below contains the names of all # the attributes that should be moved. - SERIALIZED_ATTRS = ['locationName', 'queryName', 'flattened', 'location', - 'payload', 'streaming', 'timestampFormat', - 'xmlNamespace', 'resultWrapper', 'xmlAttribute', - 'eventstream', 'event', 'eventheader', 'eventpayload', - 'jsonvalue', 'timestampFormat', 'hostLabel'] - METADATA_ATTRS = ['required', 'min', 'max', 'sensitive', 'enum', - 'idempotencyToken', 'error', 'exception', - 'endpointdiscoveryid', 'retryable', 'document', 'union', - 'contextParam', 'clientContextParams', 'requiresLength'] + SERIALIZED_ATTRS = [ + 'locationName', + 'queryName', + 'flattened', + 'location', + 'payload', + 'streaming', + 'timestampFormat', + 'xmlNamespace', + 'resultWrapper', + 'xmlAttribute', + 'eventstream', + 'event', + 'eventheader', + 'eventpayload', + 'jsonvalue', + 'timestampFormat', + 'hostLabel', + ] + METADATA_ATTRS = [ + 'required', + 'min', + 'max', + 'sensitive', + 'enum', + 'idempotencyToken', + 'error', + 'exception', + 'endpointdiscoveryid', + 'retryable', + 'document', + 'union', + 'contextParam', + 'clientContextParams', + 'requiresLength', + 'pattern', + ] MAP_TYPE = OrderedDict def __init__(self, shape_name, shape_model, shape_resolver=None): @@ -174,8 +210,7 @@ class Shape(object): return self._shape_resolver.resolve_shape_ref(shape_ref) def __repr__(self): - return "<%s(%s)>" % (self.__class__.__name__, - self.name) + return f"<{self.__class__.__name__}({self.name})>" @property def event_stream_name(self): @@ -262,7 +297,7 @@ class ClientContextParameter(NamedTuple) documentation: str -class ServiceModel(object): +class ServiceModel: """ :ivar service_description: The parsed service description dictionary. @@ -294,14 +329,16 @@ class ServiceModel(object): # We want clients to be able to access metadata directly. self.metadata = service_description.get('metadata', {}) self._shape_resolver = ShapeResolver( - service_description.get('shapes', {})) + service_description.get('shapes', {}) + ) self._signature_version = NOT_SET self._service_name = service_name self._instance_cache = {} def shape_for(self, shape_name, member_traits=None): return self._shape_resolver.get_shape_by_name( - shape_name, member_traits) + shape_name, member_traits + ) def shape_for_error_code(self, error_code): return self._error_code_cache.get(error_code, None) @@ -368,9 +405,7 @@ class ServiceModel(object): try: return ServiceId(self._get_metadata_property('serviceId')) except UndefinedModelAttributeError: - raise MissingServiceIdError( - service_name=self._service_name - ) + raise MissingServiceIdError(service_name=self._service_name) @CachedProperty def signing_name(self): @@ -393,6 +428,28 @@ class ServiceModel(object): return self._get_metadata_property('protocol') @CachedProperty + def protocols(self): + return self._get_metadata_property('protocols') + + @CachedProperty + def resolved_protocol(self): + # We need to ensure `protocols` exists in the metadata before attempting to + # access it directly since referencing service_model.protocols directly will + # raise an UndefinedModelAttributeError if protocols is not defined + if self.metadata.get('protocols'): + for protocol in PRIORITY_ORDERED_SUPPORTED_PROTOCOLS: + if protocol in self.protocols: + return protocol + raise UnsupportedServiceProtocolsError( + botocore_supported_protocols=PRIORITY_ORDERED_SUPPORTED_PROTOCOLS, + service_supported_protocols=self.protocols, + service=self.service_name, + ) + # If a service does not have a `protocols` trait, fall back to the legacy + # `protocol` trait + return self.protocol + + @CachedProperty def endpoint_prefix(self): return self._get_metadata_property('endpointPrefix') @@ -407,8 +464,10 @@ class ServiceModel(object): def endpoint_discovery_required(self): for operation in self.operation_names: model = self.operation_model(operation) - if (model.endpoint_discovery is not None and - model.endpoint_discovery.get('required')): + if ( + model.endpoint_discovery is not None + and model.endpoint_discovery.get('required') + ): return True return False @@ -429,8 +488,8 @@ class ServiceModel(object): return self.metadata[name] except KeyError: raise UndefinedModelAttributeError( - '"%s" not defined in the metadata of the model: %s' % - (name, self)) + f'"{name}" not defined in the metadata of the model: {self}' + ) # Signature version is one of the rare properties # that can be modified so a CachedProperty is not used here. @@ -451,11 +510,10 @@ class ServiceModel(object): return 'awsQueryCompatible' in self.metadata def __repr__(self): - return '%s(%s)' % (self.__class__.__name__, self.service_name) + return f'{self.__class__.__name__}({self.service_name})' - -class OperationModel(object): +class OperationModel: def __init__(self, operation_model, service_model, name=None): """ @@ -543,7 +601,8 @@ class OperationModel(object): # input shape. return None return self._service_model.resolve_shape_ref( - self._operation_model['input']) + self._operation_model['input'] + ) @CachedProperty def output_shape(self): @@ -553,7 +612,8 @@ class OperationModel(object): # operation has no expected output. return None return self._service_model.resolve_shape_ref( - self._operation_model['output']) + self._operation_model['output'] + ) @CachedProperty def idempotent_members(self): @@ -561,9 +621,12 @@ class OperationModel(object): if not input_shape: return [] - return [name for (name, shape) in input_shape.members.items() - if 'idempotencyToken' in shape.metadata and - shape.metadata['idempotencyToken']] + return [ + name + for (name, shape) in input_shape.members.items() + if 'idempotencyToken' in shape.metadata + and shape.metadata['idempotencyToken'] + ] @CachedProperty def static_context_parameters(self): @@ -680,10 +743,10 @@ class OperationModel(object): return None def __repr__(self): - return '%s(name=%s)' % (self.__class__.__name__, self.name) + return f'{self.__class__.__name__}(name={self.name})' -class ShapeResolver(object): +class ShapeResolver: """Resolves shape references.""" # Any type not in this mapping will default to the Shape class. @@ -691,7 +754,7 @@ class ShapeResolver(object): 'structure': StructureShape, 'list': ListShape, 'map': MapShape, - 'string': StringShape + 'string': StringShape, } def __init__(self, shape_map): @@ -706,8 +769,9 @@ class ShapeResolver(object): try: shape_cls = self.SHAPE_CLASSES.get(shape_model['type'], Shape) except KeyError: - raise InvalidShapeError("Shape is missing required key 'type': %s" - % shape_model) + raise InvalidShapeError( + f"Shape is missing required key 'type': {shape_model}" + ) if member_traits: shape_model = shape_model.copy() shape_model.update(member_traits) @@ -731,23 +795,27 @@ class ShapeResolver(object): shape_name = member_traits.pop('shape') except KeyError: raise InvalidShapeReferenceError( - "Invalid model, missing shape reference: %s" % shape_ref) + f"Invalid model, missing shape reference: {shape_ref}" + ) return self.get_shape_by_name(shape_name, member_traits) -class UnresolvableShapeMap(object): - """A ShapeResolver that will throw ValueErrors when shapes are resolved. - """ +class UnresolvableShapeMap: + """A ShapeResolver that will throw ValueErrors when shapes are resolved.""" + def get_shape_by_name(self, shape_name, member_traits=None): - raise ValueError("Attempted to lookup shape '%s', but no shape " - "map was provided.") + raise ValueError( + "Attempted to lookup shape '%s', but no shape " "map was provided." + ) def resolve_shape_ref(self, shape_ref): - raise ValueError("Attempted to resolve shape '%s', but no shape " - "map was provided.") + raise ValueError( + "Attempted to resolve shape '%s', but no shape " + "map was provided." + ) -class DenormalizedStructureBuilder(object): +class DenormalizedStructureBuilder: """Build a StructureShape from a denormalized model. This is a convenience builder class that makes it easy to construct @@ -783,6 +851,7 @@ class DenormalizedStructureBuilder(objec matters, such as for documentation. """ + def __init__(self, name=None): self.members = OrderedDict() self._name_generator = ShapeNameGenerator() @@ -815,9 +884,11 @@ class DenormalizedStructureBuilder(objec } self._build_model(denormalized, shapes, self.name) resolver = ShapeResolver(shape_map=shapes) - return StructureShape(shape_name=self.name, - shape_model=shapes[self.name], - shape_resolver=resolver) + return StructureShape( + shape_name=self.name, + shape_model=shapes[self.name], + shape_resolver=resolver, + ) def _build_model(self, model, shapes, shape_name): if model['type'] == 'structure': @@ -826,11 +897,22 @@ class DenormalizedStructureBuilder(objec shapes[shape_name] = self._build_list(model, shapes) elif model['type'] == 'map': shapes[shape_name] = self._build_map(model, shapes) - elif model['type'] in ['string', 'integer', 'boolean', 'blob', 'float', - 'timestamp', 'long', 'double', 'char']: + elif model['type'] in [ + 'string', + 'integer', + 'boolean', + 'blob', + 'float', + 'timestamp', + 'long', + 'double', + 'char', + ]: shapes[shape_name] = self._build_scalar(model) else: - raise InvalidShapeError("Unknown shape type: %s" % model['type']) + raise InvalidShapeError( + "Unknown shape type: {}".format(model['type']) + ) def _build_structure(self, model, shapes): members = OrderedDict() @@ -881,13 +963,14 @@ class DenormalizedStructureBuilder(objec return self._name_generator.new_shape_name(model['type']) -class ShapeNameGenerator(object): +class ShapeNameGenerator: """Generate unique shape names for a type. This class can be used in conjunction with the DenormalizedStructureBuilder to generate unique shape names for a given type. """ + def __init__(self): self._name_cache = defaultdict(int) @@ -919,5 +1002,4 @@ class ShapeNameGenerator(object): """ self._name_cache[type_name] += 1 current_index = self._name_cache[type_name] - return '%sType%s' % (type_name.capitalize(), - current_index) + return f'{type_name.capitalize()}Type{current_index}' diff -pruN 2.23.6-1/awscli/botocore/monitoring.py 2.31.35-1/awscli/botocore/monitoring.py --- 2.23.6-1/awscli/botocore/monitoring.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/monitoring.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,15 +24,17 @@ from botocore.exceptions import ( ) RETRYABLE_EXCEPTIONS = ( - ConnectionError, ConnectionClosedError, ReadTimeoutError, - EndpointConnectionError + ConnectionError, + ConnectionClosedError, + ReadTimeoutError, + EndpointConnectionError, ) logger = logging.getLogger(__name__) -class Monitor(object): +class Monitor: _EVENTS_TO_REGISTER = [ 'before-parameter-build', 'request-created', @@ -70,10 +72,13 @@ class Monitor(object): except Exception as e: logger.debug( 'Exception %s raised by client monitor in handling event %s', - e, event_name, exc_info=True) + e, + event_name, + exc_info=True, + ) -class MonitorEventAdapter(object): +class MonitorEventAdapter: def __init__(self, time=time.time): """Adapts event emitter events to produce monitor events @@ -113,21 +118,24 @@ class MonitorEventAdapter(object): def _handle_request_created(self, request, **kwargs): context = request.context new_attempt_event = context[ - 'current_api_call_event'].new_api_call_attempt( - timestamp=self._get_current_time()) + 'current_api_call_event' + ].new_api_call_attempt(timestamp=self._get_current_time()) new_attempt_event.request_headers = request.headers new_attempt_event.url = request.url context['current_api_call_attempt_event'] = new_attempt_event - def _handle_response_received(self, parsed_response, context, exception, - **kwargs): + def _handle_response_received( + self, parsed_response, context, exception, **kwargs + ): attempt_event = context.pop('current_api_call_attempt_event') attempt_event.latency = self._get_latency(attempt_event) if parsed_response is not None: attempt_event.http_status_code = parsed_response[ - 'ResponseMetadata']['HTTPStatusCode'] + 'ResponseMetadata' + ]['HTTPStatusCode'] attempt_event.response_headers = parsed_response[ - 'ResponseMetadata']['HTTPHeaders'] + 'ResponseMetadata' + ]['HTTPHeaders'] attempt_event.parsed_error = parsed_response.get('Error') else: attempt_event.wire_exception = exception @@ -135,7 +143,8 @@ class MonitorEventAdapter(object): def _handle_after_call(self, context, parsed, **kwargs): context['current_api_call_event'].retries_exceeded = parsed[ - 'ResponseMetadata'].get('MaxAttemptsReached', False) + 'ResponseMetadata' + ].get('MaxAttemptsReached', False) return self._complete_api_call(context) def _handle_after_call_error(self, context, exception, **kwargs): @@ -143,13 +152,13 @@ class MonitorEventAdapter(object): # was a retryable connection error, then the retries must have exceeded # for that exception as this event gets emitted **after** retries # happen. - context['current_api_call_event'].retries_exceeded = \ - self._is_retryable_exception(exception) + context[ + 'current_api_call_event' + ].retries_exceeded = self._is_retryable_exception(exception) return self._complete_api_call(context) def _is_retryable_exception(self, exception): - return isinstance( - exception, RETRYABLE_EXCEPTIONS) + return isinstance(exception, RETRYABLE_EXCEPTIONS) def _complete_api_call(self, context): call_event = context.pop('current_api_call_event') @@ -163,7 +172,7 @@ class MonitorEventAdapter(object): return int(self._time() * 1000) -class BaseMonitorEvent(object): +class BaseMonitorEvent: def __init__(self, service, operation, timestamp): """Base monitor event @@ -183,7 +192,7 @@ class BaseMonitorEvent(object): self.timestamp = timestamp def __repr__(self): - return '%s(%r)' % (self.__class__.__name__, self.__dict__) + return f'{self.__class__.__name__}({self.__dict__!r})' def __eq__(self, other): if isinstance(other, self.__class__): @@ -192,8 +201,15 @@ class BaseMonitorEvent(object): class APICallEvent(BaseMonitorEvent): - def __init__(self, service, operation, timestamp, latency=None, - attempts=None, retries_exceeded=False): + def __init__( + self, + service, + operation, + timestamp, + latency=None, + attempts=None, + retries_exceeded=False, + ): """Monitor event for a single API call This event corresponds to a single client method call, which includes @@ -221,8 +237,9 @@ class APICallEvent(BaseMonitorEvent): :param retries_exceeded: True if API call exceeded retries. False otherwise """ - super(APICallEvent, self).__init__( - service=service, operation=operation, timestamp=timestamp) + super().__init__( + service=service, operation=operation, timestamp=timestamp + ) self.latency = latency self.attempts = attempts if attempts is None: @@ -237,19 +254,26 @@ class APICallEvent(BaseMonitorEvent): APICallAttemptEvent """ attempt_event = APICallAttemptEvent( - service=self.service, - operation=self.operation, - timestamp=timestamp + service=self.service, operation=self.operation, timestamp=timestamp ) self.attempts.append(attempt_event) return attempt_event class APICallAttemptEvent(BaseMonitorEvent): - def __init__(self, service, operation, timestamp, - latency=None, url=None, http_status_code=None, - request_headers=None, response_headers=None, - parsed_error=None, wire_exception=None): + def __init__( + self, + service, + operation, + timestamp, + latency=None, + url=None, + http_status_code=None, + request_headers=None, + response_headers=None, + parsed_error=None, + wire_exception=None, + ): """Monitor event for a single API call attempt This event corresponds to a single HTTP request attempt in completing @@ -294,7 +318,7 @@ class APICallAttemptEvent(BaseMonitorEve :param wire_exception: The exception raised in sending the HTTP request (i.e. ConnectionError) """ - super(APICallAttemptEvent, self).__init__( + super().__init__( service=service, operation=operation, timestamp=timestamp ) self.latency = latency @@ -306,7 +330,7 @@ class APICallAttemptEvent(BaseMonitorEve self.wire_exception = wire_exception -class CSMSerializer(object): +class CSMSerializer: _MAX_CLIENT_ID_LENGTH = 255 _MAX_EXCEPTION_CLASS_LENGTH = 128 _MAX_ERROR_CODE_LENGTH = 128 @@ -323,9 +347,7 @@ class CSMSerializer(object): r'Credential=(?P\w+)/\d+/' r'(?P[a-z0-9-]+)/' ), - 's3': re.compile( - r'AWS (?P\w+):' - ) + 's3': re.compile(r'AWS (?P\w+):'), } _SERIALIZEABLE_EVENT_PROPERTIES = [ 'service', @@ -355,9 +377,8 @@ class CSMSerializer(object): def _validate_client_id(self, csm_client_id): if len(csm_client_id) > self._MAX_CLIENT_ID_LENGTH: raise ValueError( - 'The value provided for csm_client_id: %s exceeds the ' - 'maximum length of %s characters' % ( - csm_client_id, self._MAX_CLIENT_ID_LENGTH) + f'The value provided for csm_client_id: {csm_client_id} exceeds the ' + f'maximum length of {self._MAX_CLIENT_ID_LENGTH} characters' ) def serialize(self, event): @@ -376,9 +397,9 @@ class CSMSerializer(object): value = getattr(event, attr, None) if value is not None: getattr(self, '_serialize_' + attr)( - value, event_dict, event_type=event_type) - return ensure_bytes( - json.dumps(event_dict, separators=(',', ':'))) + value, event_dict, event_type=event_type + ) + return ensure_bytes(json.dumps(event_dict, separators=(',', ':'))) def _get_base_event_dict(self, event): return { @@ -408,15 +429,18 @@ class CSMSerializer(object): if region is not None: event_dict['Region'] = region event_dict['UserAgent'] = self._get_user_agent( - last_attempt.request_headers) + last_attempt.request_headers + ) if last_attempt.http_status_code is not None: event_dict['FinalHttpStatusCode'] = last_attempt.http_status_code if last_attempt.parsed_error is not None: self._serialize_parsed_error( - last_attempt.parsed_error, event_dict, 'ApiCall') + last_attempt.parsed_error, event_dict, 'ApiCall' + ) if last_attempt.wire_exception is not None: self._serialize_wire_exception( - last_attempt.wire_exception, event_dict, 'ApiCall') + last_attempt.wire_exception, event_dict, 'ApiCall' + ) def _serialize_latency(self, latency, event_dict, event_type): if event_type == 'ApiCall': @@ -424,15 +448,17 @@ class CSMSerializer(object): elif event_type == 'ApiCallAttempt': event_dict['AttemptLatency'] = latency - def _serialize_retries_exceeded(self, retries_exceeded, event_dict, - **kwargs): - event_dict['MaxRetriesExceeded'] = (1 if retries_exceeded else 0) + def _serialize_retries_exceeded( + self, retries_exceeded, event_dict, **kwargs + ): + event_dict['MaxRetriesExceeded'] = 1 if retries_exceeded else 0 def _serialize_url(self, url, event_dict, **kwargs): event_dict['Fqdn'] = urlparse(url).netloc - def _serialize_request_headers(self, request_headers, event_dict, - **kwargs): + def _serialize_request_headers( + self, request_headers, event_dict, **kwargs + ): event_dict['UserAgent'] = self._get_user_agent(request_headers) if self._is_signed(request_headers): event_dict['AccessKey'] = self._get_access_key(request_headers) @@ -441,34 +467,42 @@ class CSMSerializer(object): event_dict['Region'] = region if 'X-Amz-Security-Token' in request_headers: event_dict['SessionToken'] = request_headers[ - 'X-Amz-Security-Token'] + 'X-Amz-Security-Token' + ] - def _serialize_http_status_code(self, http_status_code, event_dict, - **kwargs): + def _serialize_http_status_code( + self, http_status_code, event_dict, **kwargs + ): event_dict['HttpStatusCode'] = http_status_code - def _serialize_response_headers(self, response_headers, event_dict, - **kwargs): + def _serialize_response_headers( + self, response_headers, event_dict, **kwargs + ): for header, entry in self._RESPONSE_HEADERS_TO_EVENT_ENTRIES.items(): if header in response_headers: event_dict[entry] = response_headers[header] - def _serialize_parsed_error(self, parsed_error, event_dict, event_type, - **kwargs): + def _serialize_parsed_error( + self, parsed_error, event_dict, event_type, **kwargs + ): field_prefix = 'Final' if event_type == 'ApiCall' else '' event_dict[field_prefix + 'AwsException'] = self._truncate( - parsed_error['Code'], self._MAX_ERROR_CODE_LENGTH) + parsed_error['Code'], self._MAX_ERROR_CODE_LENGTH + ) event_dict[field_prefix + 'AwsExceptionMessage'] = self._truncate( - parsed_error['Message'], self._MAX_MESSAGE_LENGTH) + parsed_error['Message'], self._MAX_MESSAGE_LENGTH + ) - def _serialize_wire_exception(self, wire_exception, event_dict, event_type, - **kwargs): + def _serialize_wire_exception( + self, wire_exception, event_dict, event_type, **kwargs + ): field_prefix = 'Final' if event_type == 'ApiCall' else '' event_dict[field_prefix + 'SdkException'] = self._truncate( - wire_exception.__class__.__name__, - self._MAX_EXCEPTION_CLASS_LENGTH) + wire_exception.__class__.__name__, self._MAX_EXCEPTION_CLASS_LENGTH + ) event_dict[field_prefix + 'SdkExceptionMessage'] = self._truncate( - str(wire_exception), self._MAX_MESSAGE_LENGTH) + str(wire_exception), self._MAX_MESSAGE_LENGTH + ) def _get_event_type(self, event): if isinstance(event, APICallEvent): @@ -493,7 +527,7 @@ class CSMSerializer(object): def _get_user_agent(self, request_headers): return self._truncate( ensure_unicode(request_headers.get('User-Agent', '')), - self._MAX_USER_AGENT_LENGTH + self._MAX_USER_AGENT_LENGTH, ) def _is_signed(self, request_headers): @@ -512,13 +546,15 @@ class CSMSerializer(object): def _truncate(self, text, max_length): if len(text) > max_length: logger.debug( - 'Truncating following value to maximum length of ' - '%s: %s', text, max_length) + 'Truncating following value to maximum length of ' '%s: %s', + text, + max_length, + ) return text[:max_length] return text -class SocketPublisher(object): +class SocketPublisher: _MAX_MONITOR_EVENT_LENGTH = 8 * 1024 def __init__(self, socket, host, port, serializer): @@ -554,7 +590,8 @@ class SocketPublisher(object): logger.debug( 'Serialized event of size %s exceeds the maximum length ' 'allowed: %s. Not sending event to socket.', - len(serialized_event), self._MAX_MONITOR_EVENT_LENGTH + len(serialized_event), + self._MAX_MONITOR_EVENT_LENGTH, ) return self._socket.sendto(serialized_event, self._address) diff -pruN 2.23.6-1/awscli/botocore/paginate.py 2.31.35-1/awscli/botocore/paginate.py --- 2.23.6-1/awscli/botocore/paginate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/paginate.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,17 +14,20 @@ import base64 import json import logging +from functools import partial from itertools import tee import jmespath from botocore.compat import zip +from botocore.context import with_current_context from botocore.exceptions import PaginationError +from botocore.useragent import register_feature_id from botocore.utils import merge_dicts, set_value_from_jmespath log = logging.getLogger(__name__) -class TokenEncoder(object): +class TokenEncoder: """Encodes dictionaries into opaque strings. This for the most part json dumps + base64 encoding, but also supports @@ -102,7 +105,7 @@ class TokenEncoder(object): return base64.b64encode(data).decode('utf-8'), [path] -class TokenDecoder(object): +class TokenDecoder: """Decodes token strings back into dictionaries. This performs the inverse operation to the TokenEncoder, accepting @@ -170,7 +173,7 @@ class TokenDecoder(object): container[path[-1]] = value -class PaginatorModel(object): +class PaginatorModel: def __init__(self, paginator_config): self._paginator_config = paginator_config['pagination'] @@ -178,15 +181,27 @@ class PaginatorModel(object): try: single_paginator_config = self._paginator_config[operation_name] except KeyError: - raise ValueError("Paginator for operation does not exist: %s" - % operation_name) + raise ValueError( + f"Paginator for operation does not exist: {operation_name}" + ) return single_paginator_config -class PageIterator(object): - def __init__(self, method, input_token, output_token, more_results, - result_keys, non_aggregate_keys, limit_key, max_items, - starting_token, page_size, op_kwargs): +class PageIterator: + def __init__( + self, + method, + input_token, + output_token, + more_results, + result_keys, + non_aggregate_keys, + limit_key, + max_items, + starting_token, + page_size, + op_kwargs, + ): self._method = method self._input_token = input_token self._output_token = output_token @@ -215,7 +230,7 @@ class PageIterator(object): @resume_token.setter def resume_token(self, value): if not isinstance(value, dict): - raise ValueError("Bad starting token: %s" % value) + raise ValueError(f"Bad starting token: {value}") if 'boto_truncate_amount' in value: token_keys = sorted(self._input_token + ['boto_truncate_amount']) @@ -226,7 +241,7 @@ class PageIterator(object): if token_keys == dict_keys: self._resume_token = self._token_encoder.encode(value) else: - raise ValueError("Bad starting token: %s" % value) + raise ValueError(f"Bad starting token: {value}") @property def non_aggregate_part(self): @@ -257,7 +272,8 @@ class PageIterator(object): # to index into the retrieved page. if self._starting_token is not None: starting_truncation = self._handle_first_request( - parsed, primary_result_key, starting_truncation) + parsed, primary_result_key, starting_truncation + ) first_request = False self._record_non_aggregate_key_values(parsed) else: @@ -271,12 +287,17 @@ class PageIterator(object): num_current_response = len(current_response) truncate_amount = 0 if self._max_items is not None: - truncate_amount = (total_items + num_current_response) \ - - self._max_items + truncate_amount = ( + total_items + num_current_response + ) - self._max_items if truncate_amount > 0: - self._truncate_response(parsed, primary_result_key, - truncate_amount, starting_truncation, - next_token) + self._truncate_response( + parsed, + primary_result_key, + truncate_amount, + starting_truncation, + next_token, + ) yield response break else: @@ -285,16 +306,22 @@ class PageIterator(object): next_token = self._get_next_token(parsed) if all(t is None for t in next_token.values()): break - if self._max_items is not None and \ - total_items == self._max_items: + if ( + self._max_items is not None + and total_items == self._max_items + ): # We're on a page boundary so we can set the current # next token to be the resume token. self.resume_token = next_token break - if previous_next_token is not None and \ - previous_next_token == next_token: - message = ("The same next token was received " - "twice: %s" % next_token) + if ( + previous_next_token is not None + and previous_next_token == next_token + ): + message = ( + "The same next token was received " + f"twice: {next_token}" + ) raise PaginationError(message=message) self._inject_token_into_kwargs(current_kwargs, next_token) previous_next_token = next_token @@ -319,12 +346,12 @@ class PageIterator(object): for page in self: results = compiled.search(page) if isinstance(results, list): - for element in results: - yield element + yield from results else: # Yield result directly if it is not a list. yield results + @with_current_context(partial(register_feature_id, 'PAGINATOR')) def _make_request(self, current_kwargs): return self._method(**current_kwargs) @@ -335,9 +362,9 @@ class PageIterator(object): non_aggregate_keys = {} for expression in self._non_aggregate_key_exprs: result = expression.search(response) - set_value_from_jmespath(non_aggregate_keys, - expression.expression, - result) + set_value_from_jmespath( + non_aggregate_keys, expression.expression, result + ) self._non_aggregate_part = non_aggregate_keys def _inject_starting_params(self, op_kwargs): @@ -360,8 +387,9 @@ class PageIterator(object): elif name in op_kwargs: del op_kwargs[name] - def _handle_first_request(self, parsed, primary_result_key, - starting_truncation): + def _handle_first_request( + self, parsed, primary_result_key, starting_truncation + ): # If the payload is an array or string, we need to slice into it # and only return the truncated amount. starting_truncation = self._parse_starting_token()[1] @@ -370,11 +398,7 @@ class PageIterator(object): data = all_data[starting_truncation:] else: data = None - set_value_from_jmespath( - parsed, - primary_result_key.expression, - data - ) + set_value_from_jmespath(parsed, primary_result_key.expression, data) # We also need to truncate any secondary result keys # because they were not truncated in the previous last # response. @@ -387,23 +411,32 @@ class PageIterator(object): elif isinstance(sample, str): empty_value = '' elif isinstance(sample, (int, float)): - empty_value = 0 + # Even though we may be resuming from a truncated page, we + # still start from the actual numeric secondary result. For + # DynamoDB's Count/ScannedCount, this will still show how many + # items the server evaluated, even if the client is truncating + # due to a StartingToken. + empty_value = sample else: empty_value = None set_value_from_jmespath(parsed, token.expression, empty_value) return starting_truncation - def _truncate_response(self, parsed, primary_result_key, truncate_amount, - starting_truncation, next_token): + def _truncate_response( + self, + parsed, + primary_result_key, + truncate_amount, + starting_truncation, + next_token, + ): original = primary_result_key.search(parsed) if original is None: original = [] amount_to_keep = len(original) - truncate_amount truncated = original[:amount_to_keep] set_value_from_jmespath( - parsed, - primary_result_key.expression, - truncated + parsed, primary_result_key.expression, truncated ) # The issue here is that even though we know how much we've truncated # we need to account for this globally including any starting @@ -416,8 +449,9 @@ class PageIterator(object): # However, even though we only kept 1, this is post # left truncation so the next starting index should be 2, not 1 # (left_truncation + amount_to_keep). - next_token['boto_truncate_amount'] = \ + next_token['boto_truncate_amount'] = ( amount_to_keep + starting_truncation + ) self.resume_token = next_token def _get_next_token(self, parsed): @@ -425,8 +459,9 @@ class PageIterator(object): if not self._more_results.search(parsed): return {} next_tokens = {} - for output_token, input_key in \ - zip(self._output_token, self._input_token): + for output_token, input_key in zip( + self._output_token, self._input_token + ): next_token = output_token.search(parsed) # We do not want to include any empty strings as actual tokens. # Treat them as None. @@ -438,8 +473,10 @@ class PageIterator(object): def result_key_iters(self): teed_results = tee(self, len(self.result_keys)) - return [ResultKeyIterator(i, result_key) for i, result_key - in zip(teed_results, self.result_keys)] + return [ + ResultKeyIterator(i, result_key) + for i, result_key in zip(teed_results, self.result_keys) + ] def build_full_result(self): complete_result = {} @@ -470,8 +507,10 @@ class PageIterator(object): if existing_value is None: # Set the initial result set_value_from_jmespath( - complete_result, result_expression.expression, - result_value) + complete_result, + result_expression.expression, + result_value, + ) continue # Now both result_value and existing_value contain something if isinstance(result_value, list): @@ -479,8 +518,10 @@ class PageIterator(object): elif isinstance(result_value, (int, float, str)): # Modify the existing result with the sum or concatenation set_value_from_jmespath( - complete_result, result_expression.expression, - existing_value + result_value) + complete_result, + result_expression.expression, + existing_value + result_value, + ) merge_dicts(complete_result, self.non_aggregate_part) if self.resume_token is not None: complete_result['NextToken'] = self.resume_token @@ -507,8 +548,10 @@ class PageIterator(object): This handles parsing of old style starting tokens, and attempts to coerce them into the new style. """ - log.debug("Attempting to fall back to old starting token parser. For " - "token: %s" % self._starting_token) + log.debug( + "Attempting to fall back to old starting token parser. For " + f"token: {self._starting_token}" + ) if self._starting_token is None: return None @@ -538,16 +581,18 @@ class PageIterator(object): len_deprecated_token = len(deprecated_token) len_input_token = len(self._input_token) if len_deprecated_token > len_input_token: - raise ValueError("Bad starting token: %s" % self._starting_token) + raise ValueError(f"Bad starting token: {self._starting_token}") elif len_deprecated_token < len_input_token: - log.debug("Old format starting token does not contain all input " - "tokens. Setting the rest, in order, as None.") + log.debug( + "Old format starting token does not contain all input " + "tokens. Setting the rest, in order, as None." + ) for i in range(len_input_token - len_deprecated_token): deprecated_token.append(None) return dict(zip(self._input_token, deprecated_token)) -class Paginator(object): +class Paginator: PAGE_ITERATOR_CLS = PageIterator def __init__(self, method, pagination_config, model): @@ -558,7 +603,8 @@ class Paginator(object): self._input_token = self._get_input_tokens(self._pagination_cfg) self._more_results = self._get_more_results_token(self._pagination_cfg) self._non_aggregate_keys = self._get_non_aggregate_keys( - self._pagination_cfg) + self._pagination_cfg + ) self._result_keys = self._get_result_keys(self._pagination_cfg) self._limit_key = self._get_limit_key(self._pagination_cfg) @@ -613,14 +659,18 @@ class Paginator(object): """ page_params = self._extract_paging_params(kwargs) return self.PAGE_ITERATOR_CLS( - self._method, self._input_token, - self._output_token, self._more_results, - self._result_keys, self._non_aggregate_keys, + self._method, + self._input_token, + self._output_token, + self._more_results, + self._result_keys, + self._non_aggregate_keys, self._limit_key, page_params['MaxItems'], page_params['StartingToken'], page_params['PageSize'], - kwargs) + kwargs, + ) def _extract_paging_params(self, kwargs): pagination_config = kwargs.pop('PaginationConfig', {}) @@ -632,7 +682,8 @@ class Paginator(object): if self._limit_key is None: raise PaginationError( message="PageSize parameter is not supported for the " - "pagination interface for this operation.") + "pagination interface for this operation." + ) input_members = self._model.input_shape.members limit_key_shape = input_members.get(self._limit_key) if limit_key_shape.type_name == 'string': @@ -647,7 +698,7 @@ class Paginator(object): } -class ResultKeyIterator(object): +class ResultKeyIterator: """Iterates over the results of paginated responses. Each iterator is associated with a single result key. @@ -670,5 +721,4 @@ class ResultKeyIterator(object): results = self.result_key.search(page) if results is None: results = [] - for result in results: - yield result + yield from results diff -pruN 2.23.6-1/awscli/botocore/parsers.py 2.31.35-1/awscli/botocore/parsers.py --- 2.23.6-1/awscli/botocore/parsers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/parsers.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,30 +24,34 @@ showing the inheritance hierarchy of the :: - - +--------------+ - |ResponseParser| - +--------------+ - ^ ^ ^ - +--------------------+ | +-------------------+ - | | | - +----------+----------+ +------+-------+ +-------+------+ - |BaseXMLResponseParser| |BaseRestParser| |BaseJSONParser| - +---------------------+ +--------------+ +--------------+ - ^ ^ ^ ^ ^ ^ - | | | | | | - | | | | | | - | ++----------+-+ +-+-----------++ | - | |RestXMLParser| |RestJSONParser| | - +-----+-----+ +-------------+ +--------------+ +----+-----+ - |QueryParser| |JSONParser| - +-----------+ +----------+ - + +-------------------+ + | ResponseParser | + +-------------------+ + ^ ^ ^ ^ ^ + | | | | | + | | | | +--------------------------------------------+ + | | | +-----------------------------+ | + | | | | | + +--------------------+ | +----------------+ | | + | | | | | ++----------+----------+ +------+-------+ +-------+------+ +------+-------+ +------+--------+ +|BaseXMLResponseParser| |BaseRestParser| |BaseJSONParser| |BaseCBORParser| |BaseRpcV2Parser| ++---------------------+ +--------------+ +--------------+ +----------+---+ +-+-------------+ + ^ ^ ^ ^ ^ ^ ^ ^ + | | | | | | | | + | | | | | | | | + | ++----------+-+ +-+--------+---+ | +---+---------+-+ + | |RestXMLParser| |RestJSONParser| | |RpcV2CBORParser| + +-----+-----+ +-------------+ +--------------+ | +---+---------+-+ + |QueryParser| | + +-----------+ +----+-----+ + |JSONParser| + +----------+ The diagram above shows that there is a base class, ``ResponseParser`` that contains logic that is similar amongst all the different protocols (``query``, -``json``, ``rest-json``, ``rest-xml``). Amongst the various services there -is shared logic that can be grouped several ways: +``json``, ``rest-json``, ``rest-xml``, ``smithy-rpc-v2-cbor``). Amongst the various services +there is shared logic that can be grouped several ways: * The ``query`` and ``rest-xml`` both have XML bodies that are parsed in the same way. @@ -114,15 +118,21 @@ Each call to ``parse()`` returns a dict } """ + import base64 import http.client +import io import json import logging +import os import re +import struct from botocore.compat import ETree, XMLParseError from botocore.eventstream import EventStream, NoInitialResponseError from botocore.utils import ( + CachedProperty, + ensure_boolean, is_json_value_header, lowercase_dict, merge_dicts, @@ -134,7 +144,7 @@ LOG = logging.getLogger(__name__) DEFAULT_TIMESTAMP_PARSER = parse_timestamp -class ResponseParserFactory(object): +class ResponseParserFactory: def __init__(self): self._defaults = {} @@ -176,6 +186,7 @@ def _text_content(func): else: text = node_or_string return func(self, shape, text) + return _get_text_content @@ -183,7 +194,7 @@ class ResponseParserError(Exception): pass -class ResponseParser(object): +class ResponseParser: """Base class for response parsing. This class represents the interface that all ResponseParsers for the @@ -196,6 +207,7 @@ class ResponseParser(object): docstring for more info. """ + DEFAULT_ENCODING = 'utf-8' EVENT_STREAM_PARSER_CLS = None @@ -209,7 +221,8 @@ class ResponseParser(object): self._event_stream_parser = None if self.EVENT_STREAM_PARSER_CLS is not None: self._event_stream_parser = self.EVENT_STREAM_PARSER_CLS( - timestamp_parser, blob_parser) + timestamp_parser, blob_parser + ) def _default_blob_parser(self, value): # Blobs are always returned as bytes type (this matters on python3). @@ -297,29 +310,35 @@ class ResponseParser(object): def _do_generic_error_parse(self, response): # There's not really much we can do when we get a generic # html response. - LOG.debug("Received a non protocol specific error response from the " - "service, unable to populate error code and message.") + LOG.debug( + "Received a non protocol specific error response from the " + "service, unable to populate error code and message." + ) return { - 'Error': {'Code': str(response['status_code']), - 'Message': http.client.responses.get( - response['status_code'], '')}, + 'Error': { + 'Code': str(response['status_code']), + 'Message': http.client.responses.get( + response['status_code'], '' + ), + }, 'ResponseMetadata': {}, } def _do_parse(self, response, shape): - raise NotImplementedError("%s._do_parse" % self.__class__.__name__) + raise NotImplementedError(f"{self.__class__.__name__}._do_parse") def _do_error_parse(self, response, shape): - raise NotImplementedError( - "%s._do_error_parse" % self.__class__.__name__) + raise NotImplementedError(f"{self.__class__.__name__}._do_error_parse") def _do_modeled_error_parse(self, response, shape, parsed): raise NotImplementedError( - "%s._do_modeled_error_parse" % self.__class__.__name__) + f"{self.__class__.__name__}._do_modeled_error_parse" + ) def _parse_shape(self, shape, node): - handler = getattr(self, '_handle_%s' % shape.type_name, - self._default_handle) + handler = getattr( + self, f'_handle_{shape.type_name}', self._default_handle + ) return handler(shape, node) def _handle_list(self, shape, node): @@ -346,6 +365,9 @@ class ResponseParser(object): if shape.is_tagged_union: cleaned_value = value.copy() cleaned_value.pop("__type", None) + cleaned_value = { + k: v for k, v in cleaned_value.items() if v is not None + } if len(cleaned_value) != 1: error_msg = ( "Invalid service response: %s must have one and only " @@ -353,7 +375,11 @@ class ResponseParser(object): ) raise ResponseParserError(error_msg % shape.name) tag = self._get_first_key(cleaned_value) - if tag not in shape.members: + serialized_member_names = [ + shape.members[member].serialization.get('name', member) + for member in shape.members + ] + if tag not in serialized_member_names: msg = ( "Received a tagged union response with member " "unknown to client: %s. Please upgrade SDK for full " @@ -366,11 +392,25 @@ class ResponseParser(object): def _handle_unknown_tagged_union_member(self, tag): return {'SDK_UNKNOWN_MEMBER': {'name': tag}} + def _do_query_compatible_error_parse(self, code, headers, error): + """ + Error response may contain an x-amzn-query-error header to translate + errors codes from former `query` services into other protocols. We use this + to do our lookup in the errorfactory for modeled errors. + """ + query_error = headers['x-amzn-query-error'] + query_error_components = query_error.split(';') + + if len(query_error_components) == 2 and query_error_components[0]: + error['Error']['QueryErrorCode'] = code + error['Error']['Type'] = query_error_components[1] + return query_error_components[0] + return code + class BaseXMLResponseParser(ResponseParser): def __init__(self, timestamp_parser=None, blob_parser=None): - super(BaseXMLResponseParser, self).__init__(timestamp_parser, - blob_parser) + super().__init__(timestamp_parser, blob_parser) self._namespace_re = re.compile('{.*}') def _handle_map(self, shape, node): @@ -390,7 +430,7 @@ class BaseXMLResponseParser(ResponsePars elif tag_name == value_location_name: val_name = self._parse_shape(value_shape, single_pair) else: - raise ResponseParserError("Unknown tag: %s" % tag_name) + raise ResponseParserError(f"Unknown tag: {tag_name}") parsed[key_name] = val_name return parsed @@ -405,7 +445,7 @@ class BaseXMLResponseParser(ResponsePars # it's flattened, and if it's not, then we make it a one element list. if shape.serialization.get('flattened') and not isinstance(node, list): node = [node] - return super(BaseXMLResponseParser, self)._handle_list(shape, node) + return super()._handle_list(shape, node) def _handle_structure(self, shape, node): parsed = {} @@ -418,8 +458,10 @@ class BaseXMLResponseParser(ResponsePars return self._handle_unknown_tagged_union_member(tag) for member_name in members: member_shape = members[member_name] - if 'location' in member_shape.serialization or \ - member_shape.serialization.get('eventheader'): + if ( + 'location' in member_shape.serialization + or member_shape.serialization.get('eventheader') + ): # All members with locations have already been handled, # so we don't need to parse these members. continue @@ -427,13 +469,15 @@ class BaseXMLResponseParser(ResponsePars member_node = xml_dict.get(xml_name) if member_node is not None: parsed[member_name] = self._parse_shape( - member_shape, member_node) + member_shape, member_node + ) elif member_shape.serialization.get('xmlAttribute'): attribs = {} location_name = member_shape.serialization['name'] for key, value in node.attrib.items(): new_key = self._namespace_re.sub( - location_name.split(':')[0] + ':', key) + location_name.split(':')[0] + ':', key + ) attribs[new_key] = value if location_name in attribs: parsed[member_name] = attribs[location_name] @@ -453,7 +497,8 @@ class BaseXMLResponseParser(ResponsePars # surrounding structure. if shape.type_name == 'list' and shape.serialization.get('flattened'): list_member_serialized_name = shape.member.serialization.get( - 'name') + 'name' + ) if list_member_serialized_name is not None: return list_member_serialized_name serialized_name = shape.serialization.get('name') @@ -487,15 +532,15 @@ class BaseXMLResponseParser(ResponsePars def _parse_xml_string_to_dom(self, xml_string): try: parser = ETree.XMLParser( - target=ETree.TreeBuilder(), - encoding=self.DEFAULT_ENCODING) + target=ETree.TreeBuilder(), encoding=self.DEFAULT_ENCODING + ) parser.feed(xml_string) root = parser.close() except XMLParseError as e: raise ResponseParserError( - "Unable to parse response (%s), " - "invalid XML received. Further retries may succeed:\n%s" % - (e, xml_string)) + f"Unable to parse response ({e}), " + f"invalid XML received. Further retries may succeed:\n{xml_string}" + ) return root def _replace_nodes(self, parsed): @@ -540,7 +585,6 @@ class BaseXMLResponseParser(ResponsePars class QueryParser(BaseXMLResponseParser): - def _do_error_parse(self, response, shape): xml_contents = response['body'] root = self._parse_xml_string_to_dom(xml_contents) @@ -571,8 +615,8 @@ class QueryParser(BaseXMLResponseParser) start = root if 'resultWrapper' in shape.serialization: start = self._find_result_wrapped_shape( - shape.serialization['resultWrapper'], - root) + shape.serialization['resultWrapper'], root + ) parsed = self._parse_shape(shape, start) if inject_metadata: self._inject_response_metadata(root, parsed) @@ -593,7 +637,6 @@ class QueryParser(BaseXMLResponseParser) class EC2QueryParser(QueryParser): - def _inject_response_metadata(self, node, inject_into): mapping = self._build_name_to_xml_node(node) child_node = mapping.get('requestId') @@ -613,7 +656,7 @@ class EC2QueryParser(QueryParser): # # This is different from QueryParser in that it's RequestID, # not RequestId - original = super(EC2QueryParser, self)._do_error_parse(response, shape) + original = super()._do_error_parse(response, shape) if 'RequestID' in original: original['ResponseMetadata'] = { 'RequestId': original.pop('RequestID') @@ -630,7 +673,6 @@ class EC2QueryParser(QueryParser): class BaseJSONParser(ResponseParser): - def _handle_structure(self, shape, value): final_parsed = {} if shape.is_document_type: @@ -652,8 +694,8 @@ class BaseJSONParser(ResponseParser): raw_value = value.get(json_name) if raw_value is not None: final_parsed[member_name] = self._parse_shape( - member_shapes[member_name], - raw_value) + member_shapes[member_name], raw_value + ) return final_parsed def _handle_map(self, shape, value): @@ -684,8 +726,9 @@ class BaseJSONParser(ResponseParser): # The error message can either come in the 'message' or 'Message' key # so we need to check for both. - error['Error']['Message'] = body.get('message', - body.get('Message', '')) + error['Error']['Message'] = body.get( + 'message', body.get('Message', '') + ) # if the message did not contain an error code # include the response status code response_code = response.get('status_code') @@ -703,6 +746,8 @@ class BaseJSONParser(ResponseParser): # code has a couple forms as well: # * "com.aws.dynamodb.vAPI#ProvisionedThroughputExceededException" # * "ResourceNotFoundException" + if ':' in code: + code = code.split(':', 1)[0] if '#' in code: code = code.rsplit('#', 1)[1] error['Error']['Code'] = code @@ -711,8 +756,9 @@ class BaseJSONParser(ResponseParser): def _inject_response_metadata(self, parsed, headers): if 'x-amzn-requestid' in headers: - parsed.setdefault('ResponseMetadata', {})['RequestId'] = ( - headers['x-amzn-requestid']) + parsed.setdefault('ResponseMetadata', {})['RequestId'] = headers[ + 'x-amzn-requestid' + ] def _parse_body_as_json(self, body_contents): if not body_contents: @@ -724,21 +770,216 @@ class BaseJSONParser(ResponseParser): except ValueError: # if the body cannot be parsed, include # the literal string as the message - return { 'message': body } + return {'message': body} -class BaseEventStreamParser(ResponseParser): +class BaseCBORParser(ResponseParser): + INDEFINITE_ITEM_ADDITIONAL_INFO = 31 + BREAK_CODE = 0xFF + + @CachedProperty + def major_type_to_parsing_method_map(self): + return { + 0: self._parse_unsigned_integer, + 1: self._parse_negative_integer, + 2: self._parse_byte_string, + 3: self._parse_text_string, + 4: self._parse_array, + 5: self._parse_map, + 6: self._parse_tag, + 7: self._parse_simple_and_float, + } + + def get_peekable_stream_from_bytes(self, bytes): + return io.BufferedReader(io.BytesIO(bytes)) + + def parse_data_item(self, stream): + # CBOR data is divided into "data items", and each data item starts + # with an initial byte that describes how the following bytes should be parsed + initial_byte = self._read_bytes_as_int(stream, 1) + # The highest order three bits of the initial byte describe the CBOR major type + major_type = initial_byte >> 5 + # The lowest order 5 bits of the initial byte tells us more information about + # how the bytes should be parsed that will be used + additional_info = initial_byte & 0b00011111 + + if major_type in self.major_type_to_parsing_method_map: + method = self.major_type_to_parsing_method_map[major_type] + return method(stream, additional_info) + else: + raise ResponseParserError( + f"Unsupported inital byte found for data item- " + f"Major type:{major_type}, Additional info: " + f"{additional_info}" + ) + + # Major type 0 - unsigned integers + def _parse_unsigned_integer(self, stream, additional_info): + additional_info_to_num_bytes = { + 24: 1, + 25: 2, + 26: 4, + 27: 8, + } + # Values under 24 don't need a full byte to be stored; their values are + # instead stored as the "additional info" in the initial byte + if additional_info < 24: + return additional_info + elif additional_info in additional_info_to_num_bytes: + num_bytes = additional_info_to_num_bytes[additional_info] + return self._read_bytes_as_int(stream, num_bytes) + else: + raise ResponseParserError( + "Invalid CBOR integer returned from the service; unparsable " + f"additional info found for major type 0 or 1: {additional_info}" + ) + + # Major type 1 - negative integers + def _parse_negative_integer(self, stream, additional_info): + return -1 - self._parse_unsigned_integer(stream, additional_info) + + # Major type 2 - byte string + def _parse_byte_string(self, stream, additional_info): + if additional_info != self.INDEFINITE_ITEM_ADDITIONAL_INFO: + length = self._parse_unsigned_integer(stream, additional_info) + return self._read_from_stream(stream, length) + else: + chunks = [] + while True: + if self._handle_break_code(stream): + break + initial_byte = self._read_bytes_as_int(stream, 1) + additional_info = initial_byte & 0b00011111 + length = self._parse_unsigned_integer(stream, additional_info) + chunks.append(self._read_from_stream(stream, length)) + return b''.join(chunks) + + # Major type 3 - text string + def _parse_text_string(self, stream, additional_info): + return self._parse_byte_string(stream, additional_info).decode('utf-8') + + # Major type 4 - lists + def _parse_array(self, stream, additional_info): + if additional_info != self.INDEFINITE_ITEM_ADDITIONAL_INFO: + length = self._parse_unsigned_integer(stream, additional_info) + return [self.parse_data_item(stream) for _ in range(length)] + else: + items = [] + while not self._handle_break_code(stream): + items.append(self.parse_data_item(stream)) + return items + + # Major type 5 - maps + def _parse_map(self, stream, additional_info): + items = {} + if additional_info != self.INDEFINITE_ITEM_ADDITIONAL_INFO: + length = self._parse_unsigned_integer(stream, additional_info) + for _ in range(length): + self._parse_key_value_pair(stream, items) + return items + + else: + while not self._handle_break_code(stream): + self._parse_key_value_pair(stream, items) + return items + + def _parse_key_value_pair(self, stream, items): + key = self.parse_data_item(stream) + value = self.parse_data_item(stream) + if value is not None: + items[key] = value + + # Major type 6 is tags. The only tag we currently support is tag 1 for unix + # timestamps + def _parse_tag(self, stream, additional_info): + tag = self._parse_unsigned_integer(stream, additional_info) + value = self.parse_data_item(stream) + if tag == 1: # Epoch-based date/time in milliseconds + return self._parse_datetime(value) + else: + raise ResponseParserError( + f"Found CBOR tag not supported by botocore: {tag}" + ) + + def _parse_datetime(self, value): + if isinstance(value, (int, float)): + return self._timestamp_parser(value) + else: + raise ResponseParserError( + f"Unable to parse datetime value: {value}" + ) + + # Major type 7 includes floats and "simple" types. Supported simple types are + # currently boolean values, CBOR's null, and CBOR's undefined type. All other + # values are either floats or invalid. + def _parse_simple_and_float(self, stream, additional_info): + # For major type 7, values 20-23 correspond to CBOR "simple" values + additional_info_simple_values = { + 20: False, # CBOR false + 21: True, # CBOR true + 22: None, # CBOR null + 23: None, # CBOR undefined + } + # First we check if the additional info corresponds to a supported simple value + if additional_info in additional_info_simple_values: + return additional_info_simple_values[additional_info] + + # If it's not a simple value, we need to parse it into the correct format and + # number fo bytes + float_formats = { + 25: ('>e', 2), + 26: ('>f', 4), + 27: ('>d', 8), + } + + if additional_info in float_formats: + float_format, num_bytes = float_formats[additional_info] + return struct.unpack( + float_format, self._read_from_stream(stream, num_bytes) + )[0] + raise ResponseParserError( + f"Invalid additional info found for major type 7: {additional_info}. " + f"This indicates an unsupported simple type or an indefinite float value" + ) + + # This helper method is intended for use when parsing indefinite length items. + # It does nothing if the next byte is not the break code. If the next byte is + # the break code, it advances past that byte and returns True so the calling + # method knows to stop parsing that data item. + def _handle_break_code(self, stream): + if int.from_bytes(stream.peek(1)[:1], 'big') == self.BREAK_CODE: + stream.seek(1, os.SEEK_CUR) + return True + + def _read_bytes_as_int(self, stream, num_bytes): + byte = self._read_from_stream(stream, num_bytes) + return int.from_bytes(byte, 'big') + + def _read_from_stream(self, stream, num_bytes): + value = stream.read(num_bytes) + if len(value) != num_bytes: + raise ResponseParserError( + "End of stream reached; this indicates a " + "malformed CBOR response from the server or an " + "issue in botocore" + ) + return value + +class BaseEventStreamParser(ResponseParser): def _do_parse(self, response, shape): final_parsed = {} if shape.serialization.get('eventstream'): event_type = response['headers'].get(':event-type') event_shape = shape.members.get(event_type) if event_shape: - final_parsed[event_type] = self._do_parse(response, event_shape) + final_parsed[event_type] = self._do_parse( + response, event_shape + ) else: - self._parse_non_payload_attrs(response, shape, - shape.members, final_parsed) + self._parse_non_payload_attrs( + response, shape, shape.members, final_parsed + ) self._parse_payload(response, shape, shape.members, final_parsed) return final_parsed @@ -751,7 +992,7 @@ class BaseEventStreamParser(ResponsePars error = { 'Error': { 'Code': exception_type, - 'Message': body.get('Message', body.get('message', '')) + 'Message': body.get('Message', body.get('message', '')), } } else: @@ -775,7 +1016,9 @@ class BaseEventStreamParser(ResponsePars parsed_body = body.decode(self.DEFAULT_ENCODING) else: raw_parse = self._initial_body_parse(body) - parsed_body = self._parse_shape(member_shape, raw_parse) + parsed_body = self._parse_shape( + member_shape, raw_parse + ) final_parsed[name] = parsed_body return # If we didn't find an explicit payload, use the current shape @@ -783,8 +1026,9 @@ class BaseEventStreamParser(ResponsePars body_parsed = self._parse_shape(shape, original_parsed) final_parsed.update(body_parsed) - def _parse_non_payload_attrs(self, response, shape, - member_shapes, final_parsed): + def _parse_non_payload_attrs( + self, response, shape, member_shapes, final_parsed + ): headers = response['headers'] for name in member_shapes: member_shape = member_shapes[name] @@ -799,31 +1043,38 @@ class BaseEventStreamParser(ResponsePars def _initial_body_parse(self, body_contents): # This method should do the initial xml/json parsing of the - # body. We we still need to walk the parsed body in order + # body. We still need to walk the parsed body in order # to convert types, but this method will do the first round # of parsing. raise NotImplementedError("_initial_body_parse") class EventStreamJSONParser(BaseEventStreamParser, BaseJSONParser): - def _initial_body_parse(self, body_contents): return self._parse_body_as_json(body_contents) class EventStreamXMLParser(BaseEventStreamParser, BaseXMLResponseParser): - def _initial_body_parse(self, xml_string): if not xml_string: return ETree.Element('') return self._parse_xml_string_to_dom(xml_string) -class JSONParser(BaseJSONParser): +class EventStreamCBORParser(BaseEventStreamParser, BaseCBORParser): + def _initial_body_parse(self, body_contents): + if body_contents == b'': + return {} + return self.parse_data_item( + self.get_peekable_stream_from_bytes(body_contents) + ) + +class JSONParser(BaseJSONParser): EVENT_STREAM_PARSER_CLS = EventStreamJSONParser """Response parser for the "json" protocol.""" + def _do_parse(self, response, shape): parsed = {} if shape is not None: @@ -859,11 +1110,11 @@ class JSONParser(BaseJSONParser): class BaseRestParser(ResponseParser): - def _do_parse(self, response, shape): final_parsed = {} final_parsed['ResponseMetadata'] = self._populate_response_metadata( - response) + response + ) self._add_modeled_parse(response, shape, final_parsed) return final_parsed @@ -871,8 +1122,9 @@ class BaseRestParser(ResponseParser): if shape is None: return final_parsed member_shapes = shape.members - self._parse_non_payload_attrs(response, shape, - member_shapes, final_parsed) + self._parse_non_payload_attrs( + response, shape, member_shapes, final_parsed + ) self._parse_payload(response, shape, member_shapes, final_parsed) def _do_modeled_error_parse(self, response, shape): @@ -911,14 +1163,16 @@ class BaseRestParser(ResponseParser): else: original_parsed = self._initial_body_parse(response['body']) final_parsed[payload_member_name] = self._parse_shape( - body_shape, original_parsed) + body_shape, original_parsed + ) else: original_parsed = self._initial_body_parse(response['body']) body_parsed = self._parse_shape(shape, original_parsed) final_parsed.update(body_parsed) - def _parse_non_payload_attrs(self, response, shape, - member_shapes, final_parsed): + def _parse_non_payload_attrs( + self, response, shape, member_shapes, final_parsed + ): headers = response['headers'] for name in member_shapes: member_shape = member_shapes[name] @@ -927,15 +1181,18 @@ class BaseRestParser(ResponseParser): continue elif location == 'statusCode': final_parsed[name] = self._parse_shape( - member_shape, response['status_code']) + member_shape, response['status_code'] + ) elif location == 'headers': - final_parsed[name] = self._parse_header_map(member_shape, - headers) + final_parsed[name] = self._parse_header_map( + member_shape, headers + ) elif location == 'header': header_name = member_shape.serialization.get('name', name) if header_name in headers: final_parsed[name] = self._parse_shape( - member_shape, headers[header_name]) + member_shape, headers[header_name] + ) def _parse_header_map(self, shape, headers): # Note that headers are case insensitive, so we .lower() @@ -946,13 +1203,13 @@ class BaseRestParser(ResponseParser): if header_name.lower().startswith(prefix): # The key name inserted into the parsed hash # strips off the prefix. - name = header_name[len(prefix):] + name = header_name[len(prefix) :] parsed[name] = headers[header_name] return parsed def _initial_body_parse(self, body_contents): # This method should do the initial xml/json parsing of the - # body. We we still need to walk the parsed body in order + # body. We still need to walk the parsed body in order # to convert types, but this method will do the first round # of parsing. raise NotImplementedError("_initial_body_parse") @@ -969,18 +1226,88 @@ class BaseRestParser(ResponseParser): if location == 'header' and not isinstance(node, list): # List in headers may be a comma separated string as per RFC7230 node = [e.strip() for e in node.split(',')] - return super(BaseRestParser, self)._handle_list(shape, node) + return super()._handle_list(shape, node) -class RestJSONParser(BaseRestParser, BaseJSONParser): +class BaseRpcV2Parser(ResponseParser): + def _do_parse(self, response, shape): + parsed = {} + if shape is not None: + event_stream_name = shape.event_stream_name + if event_stream_name: + parsed = self._handle_event_stream( + response, shape, event_stream_name + ) + else: + parsed = {} + self._parse_payload(response, shape, parsed) + parsed['ResponseMetadata'] = self._populate_response_metadata( + response + ) + return parsed + + def _add_modeled_parse(self, response, shape, final_parsed): + if shape is None: + return final_parsed + self._parse_payload(response, shape, final_parsed) + + def _do_modeled_error_parse(self, response, shape): + final_parsed = {} + self._add_modeled_parse(response, shape, final_parsed) + return final_parsed + + def _populate_response_metadata(self, response): + metadata = {} + headers = response['headers'] + if 'x-amzn-requestid' in headers: + metadata['RequestId'] = headers['x-amzn-requestid'] + return metadata + + def _handle_structure(self, shape, node): + parsed = {} + members = shape.members + if shape.is_tagged_union: + cleaned_value = node.copy() + cleaned_value.pop("__type", None) + cleaned_value = { + k: v for k, v in cleaned_value.items() if v is not None + } + if len(cleaned_value) != 1: + error_msg = ( + "Invalid service response: %s must have one and only " + "one member set." + ) + raise ResponseParserError(error_msg % shape.name) + for member_name in members: + member_shape = members[member_name] + member_node = node.get(member_name) + if member_node is not None: + parsed[member_name] = self._parse_shape( + member_shape, member_node + ) + return parsed + + def _parse_payload(self, response, shape, final_parsed): + original_parsed = self._initial_body_parse(response['body']) + body_parsed = self._parse_shape(shape, original_parsed) + final_parsed.update(body_parsed) + def _initial_body_parse(self, body_contents): + # This method should do the initial parsing of the + # body. We still need to walk the parsed body in order + # to convert types, but this method will do the first round + # of parsing. + raise NotImplementedError("_initial_body_parse") + + +class RestJSONParser(BaseRestParser, BaseJSONParser): EVENT_STREAM_PARSER_CLS = EventStreamJSONParser def _initial_body_parse(self, body_contents): return self._parse_body_as_json(body_contents) def _do_error_parse(self, response, shape): - error = super(RestJSONParser, self)._do_error_parse(response, shape) + error = super()._do_error_parse(response, shape) self._inject_error_code(error, response) return error @@ -988,19 +1315,87 @@ class RestJSONParser(BaseRestParser, Bas # The "Code" value can come from either a response # header or a value in the JSON body. body = self._initial_body_parse(response['body']) + code = None if 'x-amzn-errortype' in response['headers']: code = response['headers']['x-amzn-errortype'] - # Could be: - # x-amzn-errortype: ValidationException: - code = code.split(':')[0] - error['Error']['Code'] = code elif 'code' in body or 'Code' in body: - error['Error']['Code'] = body.get( - 'code', body.get('Code', '')) + code = body.get('code', body.get('Code', '')) + if code is None: + return + if isinstance(code, str): + code = code.split(':', 1)[0].rsplit('#', 1)[-1] + error['Error']['Code'] = code + def _handle_boolean(self, shape, value): + return ensure_boolean(value) -class RestXMLParser(BaseRestParser, BaseXMLResponseParser): + def _handle_integer(self, shape, value): + return int(value) + + def _handle_float(self, shape, value): + return float(value) + + _handle_long = _handle_integer + _handle_double = _handle_float + + +class RpcV2CBORParser(BaseRpcV2Parser, BaseCBORParser): + EVENT_STREAM_PARSER_CLS = EventStreamCBORParser + + def _initial_body_parse(self, body_contents): + if body_contents == b'': + return body_contents + body_contents_stream = self.get_peekable_stream_from_bytes( + body_contents + ) + return self.parse_data_item(body_contents_stream) + + def _do_error_parse(self, response, shape): + body = self._initial_body_parse(response['body']) + error = { + "Error": { + "Message": body.get('message', body.get('Message', '')), + "Code": '', + }, + "ResponseMetadata": {}, + } + headers = response['headers'] + + code = body.get('__type') + if code is None: + response_code = response.get('status_code') + if response_code is not None: + code = str(response_code) + if code is not None: + if ':' in code: + code = code.split(':', 1)[0] + if '#' in code: + code = code.rsplit('#', 1)[1] + if 'x-amzn-query-error' in headers: + code = self._do_query_compatible_error_parse( + code, headers, error + ) + error['Error']['Code'] = code + if 'x-amzn-requestid' in headers: + error.setdefault('ResponseMetadata', {})['RequestId'] = headers[ + 'x-amzn-requestid' + ] + return error + + def _handle_event_stream(self, response, shape, event_name): + event_stream_shape = shape.members[event_name] + event_stream = self._create_event_stream(response, event_stream_shape) + try: + event = event_stream.get_initial_response() + except NoInitialResponseError: + error_msg = 'First event was not of type initial-response' + raise ResponseParserError(error_msg) + parsed = self._initial_body_parse(event.payload) + parsed[event_name] = event_stream + return parsed + +class RestXMLParser(BaseRestParser, BaseXMLResponseParser): EVENT_STREAM_PARSER_CLS = EventStreamXMLParser def _initial_body_parse(self, xml_string): @@ -1028,10 +1423,11 @@ class RestXMLParser(BaseRestParser, Base # the error response from other sources like the HTTP status code. try: return self._parse_error_from_body(response) - except ResponseParserError as e: + except ResponseParserError: LOG.debug( 'Exception caught when parsing error response body:', - exc_info=True) + exc_info=True, + ) return self._parse_error_from_http_status(response) def _parse_error_from_http_status(self, response): @@ -1039,12 +1435,13 @@ class RestXMLParser(BaseRestParser, Base 'Error': { 'Code': str(response['status_code']), 'Message': http.client.responses.get( - response['status_code'], ''), + response['status_code'], '' + ), }, 'ResponseMetadata': { 'RequestId': response['headers'].get('x-amz-request-id', ''), 'HostId': response['headers'].get('x-amz-id-2', ''), - } + }, } def _parse_error_from_body(self, response): @@ -1072,7 +1469,7 @@ class RestXMLParser(BaseRestParser, Base @_text_content def _handle_string(self, shape, text): - text = super(RestXMLParser, self)._handle_string(shape, text) + text = super()._handle_string(shape, text) return text @@ -1082,4 +1479,5 @@ PROTOCOL_PARSERS = { 'json': JSONParser, 'rest-json': RestJSONParser, 'rest-xml': RestXMLParser, + 'smithy-rpc-v2-cbor': RpcV2CBORParser, } diff -pruN 2.23.6-1/awscli/botocore/regions.py 2.31.35-1/awscli/botocore/regions.py --- 2.23.6-1/awscli/botocore/regions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/regions.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,20 +16,20 @@ This module implements endpoint resoluti given service and region and resolving the available endpoints for a service in a specific AWS partition. """ + import copy import logging import re from enum import Enum import jmespath - from botocore import UNSIGNED, xform_name from botocore.auth import AUTH_TYPE_MAPS from botocore.endpoint_provider import EndpointProvider from botocore.exceptions import ( EndpointProviderError, - InvalidEndpointConfigurationError, EndpointVariantError, + InvalidEndpointConfigurationError, InvalidHostLabelError, NoRegionError, ParamValidationError, @@ -41,15 +41,17 @@ from botocore.exceptions import ( UnsupportedS3ControlArnError, UnsupportedS3ControlConfigurationError, ) +from botocore.useragent import register_feature_id from botocore.utils import ensure_boolean, instance_cache LOG = logging.getLogger(__name__) -DEFAULT_URI_TEMPLATE = '{service}.{region}.{dnsSuffix}' # noqa +DEFAULT_URI_TEMPLATE = '{service}.{region}.{dnsSuffix}' # noqa DEFAULT_SERVICE_DATA = {'endpoints': {}} -class BaseEndpointResolver(object): +class BaseEndpointResolver: """Resolves regions and endpoints. Must be subclassed.""" + def construct_endpoint(self, service_name, region_name=None): """Resolves an endpoint for a service and region combination. @@ -86,8 +88,9 @@ class BaseEndpointResolver(object): """ raise NotImplementedError - def get_available_endpoints(self, service_name, partition_name='aws', - allow_non_regional=False): + def get_available_endpoints( + self, service_name, partition_name='aws', allow_non_regional=False + ): """Lists the endpoint names of a particular partition. :type service_name: string @@ -141,9 +144,13 @@ class EndpointResolver(BaseEndpointResol result.append(partition['partition']) return result - def get_available_endpoints(self, service_name, partition_name='aws', - allow_non_regional=False, - endpoint_variant_tags=None): + def get_available_endpoints( + self, + service_name, + partition_name='aws', + allow_non_regional=False, + endpoint_variant_tags=None, + ): result = [] for partition in self._endpoint_data['partitions']: if partition['partition'] != partition_name: @@ -157,8 +164,8 @@ class EndpointResolver(BaseEndpointResol # Only regional endpoints can be modeled with variants if endpoint_variant_tags and is_regional_endpoint: variant_data = self._retrieve_variant_data( - service_endpoints[endpoint_name], - endpoint_variant_tags) + service_endpoints[endpoint_name], endpoint_variant_tags + ) if variant_data: result.append(endpoint_name) elif allow_non_regional or is_regional_endpoint: @@ -166,15 +173,14 @@ class EndpointResolver(BaseEndpointResol return result def get_partition_dns_suffix( - self, - partition_name, - endpoint_variant_tags=None + self, partition_name, endpoint_variant_tags=None ): for partition in self._endpoint_data['partitions']: if partition['partition'] == partition_name: if endpoint_variant_tags: variant = self._retrieve_variant_data( - partition.get('defaults'), endpoint_variant_tags) + partition.get('defaults'), endpoint_variant_tags + ) if variant and 'dnsSuffix' in variant: return variant['dnsSuffix'] else: @@ -187,7 +193,7 @@ class EndpointResolver(BaseEndpointResol region_name=None, partition_name=None, use_dualstack_endpoint=False, - use_fips_endpoint=False + use_fips_endpoint=False, ): if ( service_name == 's3' @@ -204,9 +210,12 @@ class EndpointResolver(BaseEndpointResol if valid_partition is not None: result = self._endpoint_for_partition( - valid_partition, service_name, - region_name, use_dualstack_endpoint, use_fips_endpoint, - True + valid_partition, + service_name, + region_name, + use_dualstack_endpoint, + use_fips_endpoint, + True, ) return result return None @@ -214,12 +223,16 @@ class EndpointResolver(BaseEndpointResol # Iterate over each partition until a match is found. for partition in self._endpoint_data['partitions']: if use_dualstack_endpoint and ( - partition['partition'] in - self._UNSUPPORTED_DUALSTACK_PARTITIONS): + partition['partition'] + in self._UNSUPPORTED_DUALSTACK_PARTITIONS + ): continue result = self._endpoint_for_partition( - partition, service_name, region_name, use_dualstack_endpoint, - use_fips_endpoint + partition, + service_name, + region_name, + use_dualstack_endpoint, + use_fips_endpoint, ) if result: return result @@ -233,19 +246,30 @@ class EndpointResolver(BaseEndpointResol error_msg='No partition found for provided region_name.', ) - def _endpoint_for_partition(self, partition, service_name, region_name, - use_dualstack_endpoint, use_fips_endpoint, - force_partition=False): + def _endpoint_for_partition( + self, + partition, + service_name, + region_name, + use_dualstack_endpoint, + use_fips_endpoint, + force_partition=False, + ): partition_name = partition["partition"] - if (use_dualstack_endpoint and - partition_name in self._UNSUPPORTED_DUALSTACK_PARTITIONS): - error_msg = ("Dualstack endpoints are currently not supported" - " for %s partition" % partition_name) + if ( + use_dualstack_endpoint + and partition_name in self._UNSUPPORTED_DUALSTACK_PARTITIONS + ): + error_msg = ( + "Dualstack endpoints are currently not supported" + f" for {partition_name} partition" + ) raise EndpointVariantError(tags=['dualstack'], error_msg=error_msg) # Get the service from the partition, or an empty template. service_data = partition['services'].get( - service_name, DEFAULT_SERVICE_DATA) + service_name, DEFAULT_SERVICE_DATA + ) # Use the partition endpoint if no region is supplied. if region_name is None: if 'partitionEndpoint' in service_data: @@ -272,12 +296,19 @@ class EndpointResolver(BaseEndpointResol partition_endpoint = service_data.get('partitionEndpoint') is_regionalized = service_data.get('isRegionalized', True) if partition_endpoint and not is_regionalized: - LOG.debug('Using partition endpoint for %s, %s: %s', - service_name, region_name, partition_endpoint) + LOG.debug( + 'Using partition endpoint for %s, %s: %s', + service_name, + region_name, + partition_endpoint, + ) resolve_kwargs['endpoint_name'] = partition_endpoint return self._resolve(**resolve_kwargs) - LOG.debug('Creating a regex based endpoint for %s, %s', - service_name, region_name) + LOG.debug( + 'Creating a regex based endpoint for %s, %s', + service_name, + region_name, + ) return self._resolve(**resolve_kwargs) def _region_match(self, partition, region_name): @@ -302,40 +333,44 @@ class EndpointResolver(BaseEndpointResol tags.append('fips') return tags - def _resolve_variant(self, tags, endpoint_data, service_defaults, - partition_defaults): + def _resolve_variant( + self, tags, endpoint_data, service_defaults, partition_defaults + ): result = {} - for variants in [endpoint_data, service_defaults, - partition_defaults]: + for variants in [endpoint_data, service_defaults, partition_defaults]: variant = self._retrieve_variant_data(variants, tags) if variant: self._merge_keys(variant, result) return result - def _resolve(self, partition, service_name, service_data, endpoint_name, - use_dualstack_endpoint, use_fips_endpoint): - endpoint_data = service_data.get('endpoints', {}).get(endpoint_name, {}) + def _resolve( + self, + partition, + service_name, + service_data, + endpoint_name, + use_dualstack_endpoint, + use_fips_endpoint, + ): + endpoint_data = service_data.get('endpoints', {}).get( + endpoint_name, {} + ) if endpoint_data.get('deprecated'): LOG.warning( - 'Client is configured with the deprecated endpoint: %s' % ( - endpoint_name - ) + f'Client is configured with the deprecated endpoint: {endpoint_name}' ) service_defaults = service_data.get('defaults', {}) partition_defaults = partition.get('defaults', {}) - tags = self._create_tag_list(use_dualstack_endpoint, - use_fips_endpoint) + tags = self._create_tag_list(use_dualstack_endpoint, use_fips_endpoint) if tags: - result = self._resolve_variant(tags, endpoint_data, - service_defaults, - partition_defaults) + result = self._resolve_variant( + tags, endpoint_data, service_defaults, partition_defaults + ) if result == {}: - error_msg = ("Endpoint does not exist for %s in region %s" % ( - service_name, endpoint_name - )) + error_msg = f"Endpoint does not exist for {service_name} in region {endpoint_name}" raise EndpointVariantError(tags=tags, error_msg=error_msg) self._merge_keys(endpoint_data, result) else: @@ -353,13 +388,20 @@ class EndpointResolver(BaseEndpointResol self._merge_keys(partition_defaults, result) result['hostname'] = self._expand_template( - partition, result['hostname'], service_name, endpoint_name, - result['dnsSuffix'] + partition, + result['hostname'], + service_name, + endpoint_name, + result['dnsSuffix'], ) if 'sslCommonName' in result: result['sslCommonName'] = self._expand_template( - partition, result['sslCommonName'], service_name, - endpoint_name, result['dnsSuffix']) + partition, + result['sslCommonName'], + service_name, + endpoint_name, + result['dnsSuffix'], + ) return result @@ -368,11 +410,12 @@ class EndpointResolver(BaseEndpointResol if key not in result: result[key] = from_data[key] - def _expand_template(self, partition, template, service_name, - endpoint_name, dnsSuffix): + def _expand_template( + self, partition, template, service_name, endpoint_name, dnsSuffix + ): return template.format( - service=service_name, region=endpoint_name, - dnsSuffix=dnsSuffix) + service=service_name, region=endpoint_name, dnsSuffix=dnsSuffix + ) class EndpointResolverBuiltins(str, Enum): @@ -384,10 +427,10 @@ class EndpointResolverBuiltins(str, Enum # Whether the UseDualStackEndpoint configuration option has been enabled # for the SDK client (bool) AWS_USE_DUALSTACK = "AWS::UseDualStack" - # Whether the global endpoint should be used with STS, rather the the + # Whether the global endpoint should be used with STS, rather than the # regional endpoint for us-east-1 (bool) AWS_STS_USE_GLOBAL_ENDPOINT = "AWS::STS::UseGlobalEndpoint" - # Whether the global endpoint should be used with S3, rather then the + # Whether the global endpoint should be used with S3, rather than the # regional endpoint for us-east-1 (bool) AWS_S3_USE_GLOBAL_ENDPOINT = "AWS::S3::UseGlobalEndpoint" # Whether S3 Transfer Acceleration has been requested (bool) @@ -404,10 +447,12 @@ class EndpointResolverBuiltins(str, Enum AWS_S3_DISABLE_MRAP = "AWS::S3::DisableMultiRegionAccessPoints" # Whether a custom endpoint has been configured (str) SDK_ENDPOINT = "SDK::Endpoint" - # Currently not implemented: + # An AWS account ID that can be optionally configured for the SDK client (str) ACCOUNT_ID = "AWS::Auth::AccountId" + # Whether an endpoint should include an account ID (str) ACCOUNT_ID_ENDPOINT_MODE = "AWS::Auth::AccountIdEndpointMode" + class EndpointRulesetResolver: """Resolves endpoints using a service's endpoint ruleset""" @@ -452,7 +497,7 @@ class EndpointRulesetResolver: operation_model, call_args, request_context ) LOG.debug( - 'Calling endpoint provider with parameters: %s' % provider_params + f'Calling endpoint provider with parameters: {provider_params}' ) try: provider_result = self._provider.resolve_endpoint( @@ -466,10 +511,14 @@ class EndpointRulesetResolver: raise else: raise botocore_exception from ex - LOG.debug('Endpoint provider result: %s' % provider_result.url) + LOG.debug(f'Endpoint provider result: {provider_result.url}') # The endpoint provider does not support non-secure transport. - if not self._use_ssl and provider_result.url.startswith('https://'): + if ( + not self._use_ssl + and provider_result.url.startswith('https://') + and 'Endpoint' not in provider_params + ): provider_result = provider_result._replace( url=f'http://{provider_result.url[8:]}' ) @@ -516,6 +565,7 @@ class EndpointRulesetResolver: if param_val is not None: provider_params[param_name] = param_val + self._register_endpoint_feature_ids(param_name, param_val) return provider_params @@ -523,7 +573,8 @@ class EndpointRulesetResolver: self, param_name, operation_model, call_args ): static = self._resolve_param_as_static_context_param( - param_name, operation_model, + param_name, + operation_model, ) if static is not None: return static @@ -572,7 +623,10 @@ class EndpointRulesetResolver: def _resolve_param_as_builtin(self, builtin_name, builtins): if builtin_name not in EndpointResolverBuiltins.__members__.values(): raise UnknownEndpointResolutionBuiltInName(name=builtin_name) - return builtins.get(builtin_name) + builtin = builtins.get(builtin_name) + if callable(builtin): + return builtin() + return builtin @instance_cache def _get_static_context_params(self, operation_model): @@ -605,7 +659,7 @@ class EndpointRulesetResolver: customized_builtins = copy.copy(self._builtins) # Handlers are expected to modify the builtins dict in place. self._event_emitter.emit( - 'before-endpoint-resolution.%s' % service_id, + f'before-endpoint-resolution.{service_id}', builtins=customized_builtins, model=operation_model, params=call_args, @@ -789,3 +843,9 @@ class EndpointRulesetResolver: if msg == 'EndpointId must be a valid host label.': return InvalidEndpointConfigurationError(msg=msg) return None + + def _register_endpoint_feature_ids(self, param_name, param_val): + if param_name == 'AccountIdEndpointMode': + register_feature_id(f'ACCOUNT_ID_MODE_{param_val.upper()}') + elif param_name == 'AccountId': + register_feature_id('RESOLVED_ACCOUNT_ID') diff -pruN 2.23.6-1/awscli/botocore/response.py 2.31.35-1/awscli/botocore/response.py --- 2.23.6-1/awscli/botocore/response.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/response.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,16 +15,23 @@ import logging import sys -from botocore import ScalarTypes, parsers -from botocore.compat import XMLParseError, json, set_socket_timeout +from botocore import ( + ScalarTypes, # noqa + parsers, +) +from botocore.compat import ( + XMLParseError, # noqa + json, # noqa + set_socket_timeout, +) from botocore.exceptions import IncompleteReadError, ReadTimeoutError -from botocore.hooks import first_non_none_response +from botocore.hooks import first_non_none_response # noqa from urllib3.exceptions import ReadTimeoutError as URLLib3ReadTimeoutError logger = logging.getLogger(__name__) -class StreamingBody(object): +class StreamingBody: """Wrapper class for an http response body. This provides a few additional conveniences that do not exist @@ -36,6 +43,7 @@ class StreamingBody(object): is raised. """ + _DEFAULT_CHUNK_SIZE = 1024 def __init__(self, raw_stream, content_length): @@ -61,9 +69,12 @@ class StreamingBody(object): # in py2 and py3. So this code has been pushed to botocore.compat. set_socket_timeout(self._raw_stream, timeout) except AttributeError: - logger.error("Cannot access the socket object of " - "a streaming response. It's possible " - "the interface has changed.", exc_info=True) + logger.error( + "Cannot access the socket object of " + "a streaming response. It's possible " + "the interface has changed.", + exc_info=True, + ) raise def read(self, amt=None): @@ -85,13 +96,11 @@ class StreamingBody(object): return chunk def __iter__(self): - """Return an iterator to yield 1k chunks from the raw stream. - """ + """Return an iterator to yield 1k chunks from the raw stream.""" return self.iter_chunks(self._DEFAULT_CHUNK_SIZE) def __next__(self): - """Return the next 1k chunk from the raw stream. - """ + """Return the next 1k chunk from the raw stream.""" current_chunk = self.read(self._DEFAULT_CHUNK_SIZE) if current_chunk: return current_chunk @@ -128,11 +137,13 @@ class StreamingBody(object): # See: https://github.com/kennethreitz/requests/issues/1855 # Basically, our http library doesn't do this for us, so we have # to do this ourself. - if self._content_length is not None and \ - self._amount_read != int(self._content_length): + if self._content_length is not None and self._amount_read != int( + self._content_length + ): raise IncompleteReadError( actual_bytes=self._amount_read, - expected_bytes=int(self._content_length)) + expected_bytes=int(self._content_length), + ) def close(self): """Close the underlying http response stream.""" @@ -140,7 +151,7 @@ class StreamingBody(object): def get_response(operation_model, http_response): - protocol = operation_model.metadata['protocol'] + protocol = operation_model.service_model.resolved_protocol response_dict = { 'headers': http_response.headers, 'status_code': http_response.status_code, @@ -152,10 +163,12 @@ def get_response(operation_model, http_r response_dict['body'] = http_response.content elif operation_model.has_streaming_output: response_dict['body'] = StreamingBody( - http_response.raw, response_dict['headers'].get('content-length')) + http_response.raw, response_dict['headers'].get('content-length') + ) else: response_dict['body'] = http_response.content parser = parsers.create_parser(protocol) - return http_response, parser.parse(response_dict, - operation_model.output_shape) + return http_response, parser.parse( + response_dict, operation_model.output_shape + ) diff -pruN 2.23.6-1/awscli/botocore/retries/adaptive.py 2.31.35-1/awscli/botocore/retries/adaptive.py --- 2.23.6-1/awscli/botocore/retries/adaptive.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/adaptive.py 2025-11-12 19:17:29.000000000 +0000 @@ -9,8 +9,9 @@ logger = logging.getLogger(__name__) def register_retry_handler(client): clock = bucket.Clock() - rate_adjustor = throttling.CubicCalculator(starting_max_rate=0, - start_time=clock.current_time()) + rate_adjustor = throttling.CubicCalculator( + starting_max_rate=0, start_time=clock.current_time() + ) token_bucket = bucket.TokenBucket(max_rate=1, clock=clock) rate_clocker = RateClocker(clock) throttling_detector = standard.ThrottlingErrorDetector( @@ -24,20 +25,27 @@ def register_retry_handler(client): clock=clock, ) client.meta.events.register( - 'before-send', limiter.on_sending_request, + 'before-send', + limiter.on_sending_request, ) client.meta.events.register( - 'needs-retry', limiter.on_receiving_response, + 'needs-retry', + limiter.on_receiving_response, ) return limiter -class ClientRateLimiter(object): - +class ClientRateLimiter: _MAX_RATE_ADJUST_SCALE = 2.0 - def __init__(self, rate_adjustor, rate_clocker, token_bucket, - throttling_detector, clock): + def __init__( + self, + rate_adjustor, + rate_clocker, + token_bucket, + throttling_detector, + clock, + ): self._rate_adjustor = rate_adjustor self._rate_clocker = rate_clocker self._token_bucket = token_bucket @@ -56,34 +64,44 @@ class ClientRateLimiter(object): timestamp = self._clock.current_time() with self._lock: if not self._throttling_detector.is_throttling_error(**kwargs): - throttling = False new_rate = self._rate_adjustor.success_received(timestamp) else: - throttling = True if not self._enabled: rate_to_use = measured_rate else: - rate_to_use = min(measured_rate, self._token_bucket.max_rate) + rate_to_use = min( + measured_rate, self._token_bucket.max_rate + ) new_rate = self._rate_adjustor.error_received( - rate_to_use, timestamp) - logger.debug("Throttling response received, new send rate: %s " - "measured rate: %s, token bucket capacity " - "available: %s", new_rate, measured_rate, - self._token_bucket.available_capacity) + rate_to_use, timestamp + ) + logger.debug( + "Throttling response received, new send rate: %s " + "measured rate: %s, token bucket capacity " + "available: %s", + new_rate, + measured_rate, + self._token_bucket.available_capacity, + ) self._enabled = True self._token_bucket.max_rate = min( - new_rate, self._MAX_RATE_ADJUST_SCALE * measured_rate) + new_rate, self._MAX_RATE_ADJUST_SCALE * measured_rate + ) -class RateClocker(object): +class RateClocker: """Tracks the rate at which a client is sending a request.""" _DEFAULT_SMOOTHING = 0.8 # Update the rate every _TIME_BUCKET_RANGE seconds. _TIME_BUCKET_RANGE = 0.5 - def __init__(self, clock, smoothing=_DEFAULT_SMOOTHING, - time_bucket_range=_TIME_BUCKET_RANGE): + def __init__( + self, + clock, + smoothing=_DEFAULT_SMOOTHING, + time_bucket_range=_TIME_BUCKET_RANGE, + ): self._clock = clock self._measured_rate = 0 self._smoothing = smoothing @@ -95,15 +113,15 @@ class RateClocker(object): def record(self, amount=1): with self._lock: t = self._clock.current_time() - bucket = math.floor( - t * self._time_bucket_scale) / self._time_bucket_scale + bucket = ( + math.floor(t * self._time_bucket_scale) + / self._time_bucket_scale + ) self._count += amount if bucket > self._last_bucket: - current_rate = self._count / float( - bucket - self._last_bucket) - self._measured_rate = ( - (current_rate * self._smoothing) + - (self._measured_rate * (1 - self._smoothing)) + current_rate = self._count / float(bucket - self._last_bucket) + self._measured_rate = (current_rate * self._smoothing) + ( + self._measured_rate * (1 - self._smoothing) ) self._count = 0 self._last_bucket = bucket diff -pruN 2.23.6-1/awscli/botocore/retries/base.py 2.31.35-1/awscli/botocore/retries/base.py --- 2.23.6-1/awscli/botocore/retries/base.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/base.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,5 +1,4 @@ -class BaseRetryBackoff(object): - +class BaseRetryBackoff: def delay_amount(self, context): """Calculate how long we should delay before retrying. @@ -9,7 +8,7 @@ class BaseRetryBackoff(object): raise NotImplementedError("delay_amount") -class BaseRetryableChecker(object): +class BaseRetryableChecker: """Base class for determining if a retry should happen. This base class checks for specific retryable conditions. diff -pruN 2.23.6-1/awscli/botocore/retries/bucket.py 2.31.35-1/awscli/botocore/retries/bucket.py --- 2.23.6-1/awscli/botocore/retries/bucket.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/bucket.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,11 +1,12 @@ """This module implements token buckets used for client side throttling.""" + import threading import time from botocore.exceptions import CapacityNotAvailableError -class Clock(object): +class Clock: def __init__(self): pass @@ -16,8 +17,7 @@ class Clock(object): return time.time() -class TokenBucket(object): - +class TokenBucket: _MIN_RATE = 0.5 def __init__(self, max_rate, clock, min_rate=_MIN_RATE): @@ -51,8 +51,9 @@ class TokenBucket(object): self._max_capacity = 1 # If we're scaling down, we also can't have a capacity that's # more than our max_capacity. - self._current_capacity = min(self._current_capacity, - self._max_capacity) + self._current_capacity = min( + self._current_capacity, self._max_capacity + ) self._new_fill_rate_condition.notify() @property diff -pruN 2.23.6-1/awscli/botocore/retries/quota.py 2.31.35-1/awscli/botocore/retries/quota.py --- 2.23.6-1/awscli/botocore/retries/quota.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/quota.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,11 +1,9 @@ -"""Retry quota implementation. +"""Retry quota implementation.""" - -""" import threading -class RetryQuota(object): +class RetryQuota: INITIAL_CAPACITY = 500 def __init__(self, initial_capacity=INITIAL_CAPACITY, lock=None): @@ -47,8 +45,7 @@ class RetryQuota(object): return with self._lock: amount = min( - self._max_capacity - self._available_capacity, - capacity_amount + self._max_capacity - self._available_capacity, capacity_amount ) self._available_capacity += amount diff -pruN 2.23.6-1/awscli/botocore/retries/special.py 2.31.35-1/awscli/botocore/retries/special.py --- 2.23.6-1/awscli/botocore/retries/special.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/special.py 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,7 @@ retry handler. They don't make sense as module. Ideally we should be able to remove this module. """ + import logging from binascii import crc32 @@ -16,7 +17,6 @@ logger = logging.getLogger(__name__) # TODO: This is an ideal candidate for the retryable trait once that's # available. class RetryIDPCommunicationError(BaseRetryableChecker): - _SERVICE_NAME = 'sts' def is_retryable(self, context): @@ -28,7 +28,6 @@ class RetryIDPCommunicationError(BaseRet class RetryDDBChecksumError(BaseRetryableChecker): - _CHECKSUM_HEADER = 'x-amz-crc32' _SERVICE_NAME = 'dynamodb' @@ -41,8 +40,12 @@ class RetryDDBChecksumError(BaseRetryabl checksum = context.http_response.headers.get(self._CHECKSUM_HEADER) if checksum is None: return False - actual_crc32 = crc32(context.http_response.content) & 0xffffffff + actual_crc32 = crc32(context.http_response.content) & 0xFFFFFFFF if actual_crc32 != int(checksum): - logger.debug("DynamoDB crc32 checksum does not match, " - "expected: %s, actual: %s", checksum, actual_crc32) + logger.debug( + "DynamoDB crc32 checksum does not match, " + "expected: %s, actual: %s", + checksum, + actual_crc32, + ) return True diff -pruN 2.23.6-1/awscli/botocore/retries/standard.py 2.31.35-1/awscli/botocore/retries/standard.py --- 2.23.6-1/awscli/botocore/retries/standard.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/standard.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,6 +23,7 @@ This allows us to define an API that has based API used by botocore. """ + import logging import random @@ -44,8 +45,9 @@ def register_retry_handler(client, max_a service_id = client.meta.service_model.service_id service_event_name = service_id.hyphenize() - client.meta.events.register('after-call.%s' % service_event_name, - retry_quota.release_retry_quota) + client.meta.events.register( + f'after-call.{service_event_name}', retry_quota.release_retry_quota + ) handler = RetryHandler( retry_policy=RetryPolicy( @@ -56,20 +58,22 @@ def register_retry_handler(client, max_a retry_quota=retry_quota, ) - unique_id = 'retry-config-%s' % service_event_name + unique_id = f'retry-config-{service_event_name}' client.meta.events.register( - 'needs-retry.%s' % service_event_name, handler.needs_retry, - unique_id=unique_id + f'needs-retry.{service_event_name}', + handler.needs_retry, + unique_id=unique_id, ) return handler -class RetryHandler(object): +class RetryHandler: """Bridge between botocore's event system and this module. This class is intended to be hooked to botocore's event system as an event handler. """ + def __init__(self, retry_policy, retry_event_adapter, retry_quota): self._retry_policy = retry_policy self._retry_event_adapter = retry_event_adapter @@ -84,19 +88,22 @@ class RetryHandler(object): # capacity in our retry quota. if self._retry_quota.acquire_retry_quota(context): retry_delay = self._retry_policy.compute_retry_delay(context) - logger.debug("Retry needed, retrying request after " - "delay of: %s", retry_delay) + logger.debug( + "Retry needed, retrying request after " "delay of: %s", + retry_delay, + ) else: - logger.debug("Retry needed but retry quota reached, " - "not retrying request.") + logger.debug( + "Retry needed but retry quota reached, " + "not retrying request." + ) else: logger.debug("Not retrying request.") - self._retry_event_adapter.adapt_retry_response_from_context( - context) + self._retry_event_adapter.adapt_retry_response_from_context(context) return retry_delay -class RetryEventAdapter(object): +class RetryEventAdapter: """Adapter to existing retry interface used in the endpoints layer. This existing interface for determining if a retry needs to happen @@ -106,6 +113,7 @@ class RetryEventAdapter(object): new retry strategies. """ + def create_retry_context(self, **kwargs): """Create context based on needs-retry kwargs.""" response = kwargs['response'] @@ -138,14 +146,15 @@ class RetryEventAdapter(object): # don't mutate any input parameters from the needs-retry event. metadata = context.get_retry_metadata() if context.parsed_response is not None: - context.parsed_response.setdefault( - 'ResponseMetadata', {}).update(metadata) + context.parsed_response.setdefault('ResponseMetadata', {}).update( + metadata + ) # Implementation note: this is meant to encapsulate all the misc stuff # that gets sent in the needs-retry event. This is mapped so that params # are more clear and explicit. -class RetryContext(object): +class RetryContext: """Normalize a response that we use to check if a retry should occur. This class smoothes over the different types of responses we may get @@ -168,9 +177,16 @@ class RetryContext(object): are meant to be modified directly. """ - def __init__(self, attempt_number, operation_model=None, - parsed_response=None, http_response=None, - caught_exception=None, request_context=None): + + def __init__( + self, + attempt_number, + operation_model=None, + parsed_response=None, + http_response=None, + caught_exception=None, + request_context=None, + ): # 1-based attempt number. self.attempt_number = attempt_number self.operation_model = operation_model @@ -221,7 +237,7 @@ class RetryContext(object): return self._retry_metadata.copy() -class RetryPolicy(object): +class RetryPolicy: def __init__(self, retry_checker, retry_backoff): self._retry_checker = retry_checker self._retry_backoff = retry_backoff @@ -234,7 +250,6 @@ class RetryPolicy(object): class ExponentialBackoff(BaseRetryBackoff): - _BASE = 2 _MAX_BACKOFF = 20 @@ -259,7 +274,7 @@ class ExponentialBackoff(BaseRetryBackof # want the first delay to just be ``rand(0, 1)``. return min( self._random() * (self._base ** (context.attempt_number - 1)), - self._max_backoff + self._max_backoff, ) @@ -287,9 +302,12 @@ class TransientRetryableChecker(BaseRetr HTTPClientError, ) - def __init__(self, transient_error_codes=None, - transient_status_codes=None, - transient_exception_cls=None): + def __init__( + self, + transient_error_codes=None, + transient_status_codes=None, + transient_exception_cls=None, + ): if transient_error_codes is None: transient_error_codes = self._TRANSIENT_ERROR_CODES[:] if transient_status_codes is None: @@ -304,12 +322,15 @@ class TransientRetryableChecker(BaseRetr if context.get_error_code() in self._transient_error_codes: return True if context.http_response is not None: - if context.http_response.status_code in \ - self._transient_status_codes: + if ( + context.http_response.status_code + in self._transient_status_codes + ): return True if context.caught_exception is not None: - return isinstance(context.caught_exception, - self._transient_exception_cls) + return isinstance( + context.caught_exception, self._transient_exception_cls + ) return False @@ -357,8 +378,9 @@ class ModeledRetryableChecker(BaseRetrya return self._error_detector.detect_error_type(context) is not None -class ModeledRetryErrorDetector(object): +class ModeledRetryErrorDetector: """Checks whether or not an error is a modeled retryable error.""" + # There are return values from the detect_error_type() method. TRANSIENT_ERROR = 'TRANSIENT_ERROR' THROTTLING_ERROR = 'THROTTLING_ERROR' @@ -385,8 +407,7 @@ class ModeledRetryErrorDetector(object): # Check if this error code matches the shape. This can # be either by name or by a modeled error code. error_code_to_check = ( - shape.metadata.get('error', {}).get('code') - or shape.name + shape.metadata.get('error', {}).get('code') or shape.name ) if error_code == error_code_to_check: if shape.metadata['retryable'].get('throttling'): @@ -394,7 +415,7 @@ class ModeledRetryErrorDetector(object): return self.TRANSIENT_ERROR -class ThrottlingErrorDetector(object): +class ThrottlingErrorDetector: def __init__(self, retry_event_adapter): self._modeled_error_detector = ModeledRetryErrorDetector() self._fixed_error_code_detector = ThrottledRetryableChecker() @@ -422,19 +443,24 @@ class StandardRetryConditions(BaseRetrya # Note: This class is for convenience so you can have the # standard retry condition in a single class. self._max_attempts_checker = MaxAttemptsChecker(max_attempts) - self._additional_checkers = OrRetryChecker([ - TransientRetryableChecker(), - ThrottledRetryableChecker(), - ModeledRetryableChecker(), - OrRetryChecker([ - special.RetryIDPCommunicationError(), - special.RetryDDBChecksumError(), - ]) - ]) + self._additional_checkers = OrRetryChecker( + [ + TransientRetryableChecker(), + ThrottledRetryableChecker(), + ModeledRetryableChecker(), + OrRetryChecker( + [ + special.RetryIDPCommunicationError(), + special.RetryDDBChecksumError(), + ] + ), + ] + ) def is_retryable(self, context): - return (self._max_attempts_checker.is_retryable(context) and - self._additional_checkers.is_retryable(context)) + return self._max_attempts_checker.is_retryable( + context + ) and self._additional_checkers.is_retryable(context) class OrRetryChecker(BaseRetryableChecker): @@ -445,7 +471,7 @@ class OrRetryChecker(BaseRetryableChecke return any(checker.is_retryable(context) for checker in self._checkers) -class RetryQuotaChecker(object): +class RetryQuotaChecker: _RETRY_COST = 5 _NO_RETRY_INCREMENT = 1 _TIMEOUT_RETRY_REQUEST = 10 diff -pruN 2.23.6-1/awscli/botocore/retries/throttling.py 2.31.35-1/awscli/botocore/retries/throttling.py --- 2.23.6-1/awscli/botocore/retries/throttling.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/retries/throttling.py 2025-11-12 19:17:29.000000000 +0000 @@ -3,13 +3,17 @@ from collections import namedtuple CubicParams = namedtuple('CubicParams', ['w_max', 'k', 'last_fail']) -class CubicCalculator(object): +class CubicCalculator: _SCALE_CONSTANT = 0.4 _BETA = 0.7 - def __init__(self, starting_max_rate, - start_time, - scale_constant=_SCALE_CONSTANT, beta=_BETA): + def __init__( + self, + starting_max_rate, + start_time, + scale_constant=_SCALE_CONSTANT, + beta=_BETA, + ): self._w_max = starting_max_rate self._scale_constant = scale_constant self._beta = beta @@ -17,14 +21,14 @@ class CubicCalculator(object): self._last_fail = start_time def _calculate_zero_point(self): - k = ((self._w_max * (1 - self._beta)) / self._scale_constant) ** (1 / 3.0) + k = ((self._w_max * (1 - self._beta)) / self._scale_constant) ** ( + 1 / 3.0 + ) return k def success_received(self, timestamp): dt = timestamp - self._last_fail - new_rate = ( - self._scale_constant * (dt - self._k) ** 3 + self._w_max - ) + new_rate = self._scale_constant * (dt - self._k) ** 3 + self._w_max return new_rate def error_received(self, current_rate, timestamp): @@ -48,7 +52,5 @@ class CubicCalculator(object): """ return CubicParams( - w_max=self._w_max, - k=self._k, - last_fail=self._last_fail + w_max=self._w_max, k=self._k, last_fail=self._last_fail ) diff -pruN 2.23.6-1/awscli/botocore/serialize.py 2.31.35-1/awscli/botocore/serialize.py --- 2.23.6-1/awscli/botocore/serialize.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/serialize.py 2025-11-12 19:17:29.000000000 +0000 @@ -37,14 +37,19 @@ The input to the serializers should be t with the exception of blob types. Those are assumed to be binary, and if a str/unicode type is passed in, it will be encoded as utf-8. """ + import base64 import calendar import datetime +import decimal +import math import re +import struct from xml.etree import ElementTree from botocore import validate from botocore.compat import formatdate, json +from botocore.useragent import register_feature_id from botocore.utils import ( has_header, is_json_value_header, @@ -68,7 +73,7 @@ def create_serializer(protocol_name, inc return serializer -class Serializer(object): +class Serializer: DEFAULT_METHOD = 'POST' # Clients can change this to a different MutableMapping # (i.e OrderedDict) if they want. This is used in the @@ -124,7 +129,7 @@ class Serializer(object): 'method': self.DEFAULT_METHOD, 'headers': {}, # An empty body is represented as an empty byte string. - 'body': b'' + 'body': b'', } return serialized @@ -150,8 +155,7 @@ class Serializer(object): timestamp_format = self.TIMESTAMP_FORMAT timestamp_format = timestamp_format.lower() datetime_obj = parse_to_aware_datetime(value) - converter = getattr( - self, '_timestamp_%s' % timestamp_format) + converter = getattr(self, f'_timestamp_{timestamp_format}') final_value = converter(datetime_obj) return final_value @@ -166,8 +170,7 @@ class Serializer(object): # via the default encoding. if isinstance(value, str): value = value.encode(self.DEFAULT_ENCODING) - return base64.b64encode(value).strip().decode( - self.DEFAULT_ENCODING) + return base64.b64encode(value).strip().decode(self.DEFAULT_ENCODING) def _expand_host_prefix(self, parameters, operation_model): operation_endpoint = operation_model.endpoint @@ -178,25 +181,44 @@ class Serializer(object): return None host_prefix_expression = operation_endpoint['hostPrefix'] + if operation_model.input_shape is None: + return host_prefix_expression input_members = operation_model.input_shape.members host_labels = [ - member for member, shape in input_members.items() + member + for member, shape in input_members.items() if shape.serialization.get('hostLabel') ] format_kwargs = dict((name, parameters[name]) for name in host_labels) return host_prefix_expression.format(**format_kwargs) + def _is_shape_flattened(self, shape): + return shape.serialization.get('flattened') + + def _handle_float(self, value): + if value == float("Infinity"): + value = "Infinity" + elif value == float("-Infinity"): + value = "-Infinity" + elif math.isnan(value): + value = "NaN" + return value + + def _handle_query_compatible_trait(self, operation_model, serialized): + if operation_model.service_model.is_query_compatible: + serialized['headers']['x-amzn-query-mode'] = 'true' -class QuerySerializer(Serializer): +class QuerySerializer(Serializer): TIMESTAMP_FORMAT = 'iso8601' def serialize_to_request(self, parameters, operation_model): shape = operation_model.input_shape serialized = self._create_default_request() - serialized['method'] = operation_model.http.get('method', - self.DEFAULT_METHOD) + serialized['method'] = operation_model.http.get( + 'method', self.DEFAULT_METHOD + ) serialized['headers'] = { 'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8' } @@ -223,8 +245,11 @@ class QuerySerializer(Serializer): # input. # prefix: The incrementally built up prefix for the serialized # key (i.e Foo.bar.members.1). - method = getattr(self, '_serialize_type_%s' % shape.type_name, - self._default_serialize) + method = getattr( + self, + f'_serialize_type_{shape.type_name}', + self._default_serialize, + ) method(serialized, value, shape, prefix=prefix) def _serialize_type_structure(self, serialized, value, shape, prefix=''): @@ -233,7 +258,7 @@ class QuerySerializer(Serializer): member_shape = members[key] member_prefix = self._get_serialized_name(member_shape, key) if prefix: - member_prefix = '%s.%s' % (prefix, member_prefix) + member_prefix = f'{prefix}.{member_prefix}' self._serialize(serialized, value, member_shape, member_prefix) def _serialize_type_list(self, serialized, value, shape, prefix=''): @@ -249,9 +274,9 @@ class QuerySerializer(Serializer): list_prefix = '.'.join(prefix.split('.')[:-1] + [name]) else: list_name = shape.member.serialization.get('name', 'member') - list_prefix = '%s.%s' % (prefix, list_name) + list_prefix = f'{prefix}.{list_name}' for i, element in enumerate(value, 1): - element_prefix = '%s.%s' % (list_prefix, i) + element_prefix = f'{list_prefix}.{i}' element_shape = shape.member self._serialize(serialized, element, element_shape, element_prefix) @@ -259,7 +284,7 @@ class QuerySerializer(Serializer): if self._is_shape_flattened(shape): full_prefix = prefix else: - full_prefix = '%s.entry' % prefix + full_prefix = f'{prefix}.entry' template = full_prefix + '.{i}.{suffix}' key_shape = shape.key value_shape = shape.value @@ -277,7 +302,8 @@ class QuerySerializer(Serializer): def _serialize_type_timestamp(self, serialized, value, shape, prefix=''): serialized[prefix] = self._convert_timestamp_to_str( - value, shape.serialization.get('timestampFormat')) + value, shape.serialization.get('timestampFormat') + ) def _serialize_type_boolean(self, serialized, value, shape, prefix=''): if value: @@ -288,8 +314,11 @@ class QuerySerializer(Serializer): def _default_serialize(self, serialized, value, shape, prefix=''): serialized[prefix] = value - def _is_shape_flattened(self, shape): - return shape.serialization.get('flattened') + def _serialize_type_float(self, serialized, value, shape, prefix=''): + serialized[prefix] = self._handle_float(value) + + def _serialize_type_double(self, serialized, value, shape, prefix=''): + self._serialize_type_float(serialized, value, shape, prefix) class EC2Serializer(QuerySerializer): @@ -304,7 +333,7 @@ class EC2Serializer(QuerySerializer): def _get_serialized_name(self, shape, default_name): # Returns the serialized name for the shape if it exists. - # Otherwise it will return the passed in default_name. + # Otherwise it will return the passed in capitalized default_name. if 'queryName' in shape.serialization: return shape.serialization['queryName'] elif 'name' in shape.serialization: @@ -317,7 +346,7 @@ class EC2Serializer(QuerySerializer): def _serialize_type_list(self, serialized, value, shape, prefix=''): for i, element in enumerate(value, 1): - element_prefix = '%s.%s' % (prefix, i) + element_prefix = f'{prefix}.{i}' element_shape = shape.member self._serialize(serialized, element, element_shape, element_prefix) @@ -326,16 +355,21 @@ class JSONSerializer(Serializer): TIMESTAMP_FORMAT = 'unixtimestamp' def serialize_to_request(self, parameters, operation_model): - target = '%s.%s' % (operation_model.metadata['targetPrefix'], - operation_model.name) + target = '{}.{}'.format( + operation_model.metadata['targetPrefix'], + operation_model.name, + ) json_version = operation_model.metadata['jsonVersion'] serialized = self._create_default_request() - serialized['method'] = operation_model.http.get('method', - self.DEFAULT_METHOD) + serialized['method'] = operation_model.http.get( + 'method', self.DEFAULT_METHOD + ) serialized['headers'] = { 'X-Amz-Target': target, - 'Content-Type': 'application/x-amz-json-%s' % json_version, + 'Content-Type': f'application/x-amz-json-{json_version}', } + self._handle_query_compatible_trait(operation_model, serialized) + body = self.MAP_TYPE() input_shape = operation_model.input_shape if input_shape is not None: @@ -349,8 +383,11 @@ class JSONSerializer(Serializer): return serialized def _serialize(self, serialized, value, shape, key=None): - method = getattr(self, '_serialize_type_%s' % shape.type_name, - self._default_serialize) + method = getattr( + self, + f'_serialize_type_{shape.type_name}', + self._default_serialize, + ) method(serialized, value, shape, key) def _serialize_type_structure(self, serialized, value, shape, key): @@ -371,7 +408,9 @@ class JSONSerializer(Serializer): member_shape = members[member_key] if 'name' in member_shape.serialization: member_key = member_shape.serialization['name'] - self._serialize(serialized, member_value, member_shape, member_key) + self._serialize( + serialized, member_value, member_shape, member_key + ) def _serialize_type_map(self, serialized, value, shape, key): map_obj = self.MAP_TYPE() @@ -396,11 +435,262 @@ class JSONSerializer(Serializer): def _serialize_type_timestamp(self, serialized, value, shape, key): serialized[key] = self._convert_timestamp_to_str( - value, shape.serialization.get('timestampFormat')) + value, shape.serialization.get('timestampFormat') + ) def _serialize_type_blob(self, serialized, value, shape, key): serialized[key] = self._get_base64(value) + def _serialize_type_float(self, serialized, value, shape, prefix=''): + if isinstance(value, decimal.Decimal): + value = float(value) + serialized[prefix] = self._handle_float(value) + + def _serialize_type_double(self, serialized, value, shape, prefix=''): + self._serialize_type_float(serialized, value, shape, prefix) + + +class CBORSerializer(Serializer): + UNSIGNED_INT_MAJOR_TYPE = 0 + NEGATIVE_INT_MAJOR_TYPE = 1 + BLOB_MAJOR_TYPE = 2 + STRING_MAJOR_TYPE = 3 + LIST_MAJOR_TYPE = 4 + MAP_MAJOR_TYPE = 5 + TAG_MAJOR_TYPE = 6 + FLOAT_AND_SIMPLE_MAJOR_TYPE = 7 + + def _serialize_data_item(self, serialized, value, shape, key=None): + method = getattr(self, f'_serialize_type_{shape.type_name}') + if method is None: + raise ValueError( + f"Unrecognized C2J type: {shape.type_name}, unable to " + f"serialize request" + ) + method(serialized, value, shape, key) + + def _serialize_type_integer(self, serialized, value, shape, key): + if value >= 0: + major_type = self.UNSIGNED_INT_MAJOR_TYPE + else: + major_type = self.NEGATIVE_INT_MAJOR_TYPE + # The only differences in serializing negative and positive integers is + # that for negative, we set the major type to 1 and set the value to -1 + # minus the value + value = -1 - value + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + value + ) + initial_byte = self._get_initial_byte(major_type, additional_info) + if num_bytes == 0: + serialized.extend(initial_byte) + else: + serialized.extend(initial_byte + value.to_bytes(num_bytes, "big")) + + def _serialize_type_long(self, serialized, value, shape, key): + self._serialize_type_integer(serialized, value, shape, key) + + def _serialize_type_blob(self, serialized, value, shape, key): + if isinstance(value, str): + value = value.encode('utf-8') + elif not isinstance(value, (bytes, bytearray)): + # We support file-like objects for blobs; these already have been + # validated to ensure they have a read method + value = value.read() + length = len(value) + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + length + ) + initial_byte = self._get_initial_byte( + self.BLOB_MAJOR_TYPE, additional_info + ) + if num_bytes == 0: + serialized.extend(initial_byte) + else: + serialized.extend(initial_byte + length.to_bytes(num_bytes, "big")) + serialized.extend(value) + + def _serialize_type_string(self, serialized, value, shape, key): + encoded = value.encode('utf-8') + length = len(encoded) + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + length + ) + initial_byte = self._get_initial_byte( + self.STRING_MAJOR_TYPE, additional_info + ) + if num_bytes == 0: + serialized.extend(initial_byte + encoded) + else: + serialized.extend( + initial_byte + length.to_bytes(num_bytes, "big") + encoded + ) + + def _serialize_type_list(self, serialized, value, shape, key): + length = len(value) + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + length + ) + initial_byte = self._get_initial_byte( + self.LIST_MAJOR_TYPE, additional_info + ) + if num_bytes == 0: + serialized.extend(initial_byte) + else: + serialized.extend(initial_byte + length.to_bytes(num_bytes, "big")) + for item in value: + self._serialize_data_item(serialized, item, shape.member) + + def _serialize_type_map(self, serialized, value, shape, key): + length = len(value) + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + length + ) + initial_byte = self._get_initial_byte( + self.MAP_MAJOR_TYPE, additional_info + ) + if num_bytes == 0: + serialized.extend(initial_byte) + else: + serialized.extend(initial_byte + length.to_bytes(num_bytes, "big")) + for key_item, item in value.items(): + self._serialize_data_item(serialized, key_item, shape.key) + self._serialize_data_item(serialized, item, shape.value) + + def _serialize_type_structure(self, serialized, value, shape, key): + if key is not None: + # For nested structures, we need to serialize the key first + self._serialize_data_item(serialized, key, shape.key_shape) + + # Remove `None` values from the dictionary + value = {k: v for k, v in value.items() if v is not None} + + map_length = len(value) + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + map_length + ) + initial_byte = self._get_initial_byte( + self.MAP_MAJOR_TYPE, additional_info + ) + if num_bytes == 0: + serialized.extend(initial_byte) + else: + serialized.extend( + initial_byte + map_length.to_bytes(num_bytes, "big") + ) + + members = shape.members + for member_key, member_value in value.items(): + member_shape = members[member_key] + if 'name' in member_shape.serialization: + member_key = member_shape.serialization['name'] + if member_value is not None: + self._serialize_type_string(serialized, member_key, None, None) + self._serialize_data_item( + serialized, member_value, member_shape + ) + + def _serialize_type_timestamp(self, serialized, value, shape, key): + timestamp = self._convert_timestamp_to_str(value) + tag = 1 # Use tag 1 for unix timestamp + initial_byte = self._get_initial_byte(self.TAG_MAJOR_TYPE, tag) + serialized.extend(initial_byte) # Tagging the timestamp + additional_info, num_bytes = self._get_additional_info_and_num_bytes( + timestamp + ) + + if num_bytes == 0: + initial_byte = self._get_initial_byte( + self.UNSIGNED_INT_MAJOR_TYPE, timestamp + ) + serialized.extend(initial_byte) + else: + initial_byte = self._get_initial_byte( + self.UNSIGNED_INT_MAJOR_TYPE, additional_info + ) + serialized.extend( + initial_byte + timestamp.to_bytes(num_bytes, "big") + ) + + def _serialize_type_float(self, serialized, value, shape, key): + if self._is_special_number(value): + serialized.extend( + self._get_bytes_for_special_numbers(value) + ) # Handle special values like NaN or Infinity + else: + initial_byte = self._get_initial_byte( + self.FLOAT_AND_SIMPLE_MAJOR_TYPE, 26 + ) + serialized.extend(initial_byte + struct.pack(">f", value)) + + def _serialize_type_double(self, serialized, value, shape, key): + if self._is_special_number(value): + serialized.extend( + self._get_bytes_for_special_numbers(value) + ) # Handle special values like NaN or Infinity + else: + initial_byte = self._get_initial_byte( + self.FLOAT_AND_SIMPLE_MAJOR_TYPE, 27 + ) + serialized.extend(initial_byte + struct.pack(">d", value)) + + def _serialize_type_boolean(self, serialized, value, shape, key): + additional_info = 21 if value else 20 + serialized.extend( + self._get_initial_byte( + self.FLOAT_AND_SIMPLE_MAJOR_TYPE, additional_info + ) + ) + + def _get_additional_info_and_num_bytes(self, value): + # Values under 24 can be stored in the initial byte and don't need further + # encoding + if value < 24: + return value, 0 + # Values between 24 and 255 (inclusive) can be stored in 1 byte and + # correspond to additional info 24 + elif value < 256: + return 24, 1 + # Values up to 65535 can be stored in two bytes and correspond to additional + # info 25 + elif value < 65536: + return 25, 2 + # Values up to 4294967296 can be stored in four bytes and correspond to + # additional info 26 + elif value < 4294967296: + return 26, 4 + # The maximum number of bytes in a definite length data items is 8 which + # to additional info 27 + else: + return 27, 8 + + def _get_initial_byte(self, major_type, additional_info): + # The highest order three bits are the major type, so we need to bitshift the + # major type by 5 + major_type_bytes = major_type << 5 + return (major_type_bytes | additional_info).to_bytes(1, "big") + + def _is_special_number(self, value): + return any( + [ + value == float('inf'), + value == float('-inf'), + math.isnan(value), + ] + ) + + def _get_bytes_for_special_numbers(self, value): + additional_info = 25 + initial_byte = self._get_initial_byte( + self.FLOAT_AND_SIMPLE_MAJOR_TYPE, additional_info + ) + if value == float('inf'): + return initial_byte + struct.pack(">H", 0x7C00) + elif value == float('-inf'): + return initial_byte + struct.pack(">H", 0xFC00) + elif math.isnan(value): + return initial_byte + struct.pack(">H", 0x7E00) + class BaseRestSerializer(Serializer): """Base class for rest protocols. @@ -412,6 +702,7 @@ class BaseRestSerializer(Serializer): Subclasses must implement the ``_serialize_body_params`` method. """ + QUERY_STRING_TIMESTAMP_FORMAT = 'iso8601' HEADER_TIMESTAMP_FORMAT = 'rfc822' # This is a list of known values for the "location" key in the @@ -421,9 +712,15 @@ class BaseRestSerializer(Serializer): def serialize_to_request(self, parameters, operation_model): serialized = self._create_default_request() - serialized['method'] = operation_model.http.get('method', - self.DEFAULT_METHOD) + serialized['method'] = operation_model.http.get( + 'method', self.DEFAULT_METHOD + ) shape = operation_model.input_shape + + host_prefix = self._expand_host_prefix(parameters, operation_model) + if host_prefix is not None: + serialized['host_prefix'] = host_prefix + if shape is None: serialized['url_path'] = operation_model.http['requestUri'] return serialized @@ -448,11 +745,12 @@ class BaseRestSerializer(Serializer): if param_value is None: # Don't serialize any parameter with a None value. continue - self._partition_parameters(partitioned, param_name, param_value, - shape_members) + self._partition_parameters( + partitioned, param_name, param_value, shape_members + ) serialized['url_path'] = self._render_uri_template( - operation_model.http['requestUri'], - partitioned['uri_path_kwargs']) + operation_model.http['requestUri'], partitioned['uri_path_kwargs'] + ) if 'authPath' in operation_model.http: serialized['auth_path'] = self._render_uri_template( @@ -465,14 +763,11 @@ class BaseRestSerializer(Serializer): serialized['query_string'] = partitioned['query_string_kwargs'] if partitioned['headers']: serialized['headers'] = partitioned['headers'] - self._serialize_payload(partitioned, parameters, - serialized, shape, shape_members) + self._serialize_payload( + partitioned, parameters, serialized, shape, shape_members + ) self._serialize_content_type(serialized, shape, shape_members) - host_prefix = self._expand_host_prefix(parameters, operation_model) - if host_prefix is not None: - serialized['host_prefix'] = host_prefix - return serialized def _render_uri_template(self, uri_template, params): @@ -486,14 +781,17 @@ class BaseRestSerializer(Serializer): for template_param in re.findall(r'{(.*?)}', uri_template): if template_param.endswith('+'): encoded_params[template_param] = percent_encode( - params[template_param[:-1]], safe='/~') + params[template_param[:-1]], safe='/~' + ) else: encoded_params[template_param] = percent_encode( - params[template_param]) + params[template_param] + ) return uri_template.format(**encoded_params) - def _serialize_payload(self, partitioned, parameters, - serialized, shape, shape_members): + def _serialize_payload( + self, partitioned, parameters, serialized, shape, shape_members + ): # partitioned - The user input params partitioned by location. # parameters - The user input params. # serialized - The final serialized request dict. @@ -512,13 +810,14 @@ class BaseRestSerializer(Serializer): body_params = parameters.get(payload_member) if body_params is not None: serialized['body'] = self._serialize_body_params( - body_params, - shape_members[payload_member]) + body_params, shape_members[payload_member] + ) else: serialized['body'] = self._serialize_empty_body() elif partitioned['body_kwargs']: serialized['body'] = self._serialize_body_params( - partitioned['body_kwargs'], shape) + partitioned['body_kwargs'], shape + ) elif self._requires_empty_body(shape): serialized['body'] = self._serialize_empty_body() @@ -542,18 +841,19 @@ class BaseRestSerializer(Serializer): def _has_streaming_payload(self, payload, shape_members): """Determine if payload is streaming (a blob or string).""" - return ( - payload is not None and - shape_members[payload].type_name in ['blob', 'string'] - ) + return payload is not None and shape_members[payload].type_name in [ + 'blob', + 'string', + ] def _encode_payload(self, body): if isinstance(body, str): return body.encode(self.DEFAULT_ENCODING) return body - def _partition_parameters(self, partitioned, param_name, - param_value, shape_members): + def _partition_parameters( + self, partitioned, param_name, param_value, shape_members + ): # This takes the user provided input parameter (``param``) # and figures out where they go in the request dict. # Some params are HTTP headers, some are used in the URI, some @@ -562,29 +862,32 @@ class BaseRestSerializer(Serializer): location = member.serialization.get('location') key_name = member.serialization.get('name', param_name) if location == 'uri': - partitioned['uri_path_kwargs'][key_name] = param_value + uri_path_value = self._get_uri_and_query_string_value( + param_value, member + ) + partitioned['uri_path_kwargs'][key_name] = uri_path_value elif location == 'querystring': if isinstance(param_value, dict): partitioned['query_string_kwargs'].update(param_value) - elif isinstance(param_value, bool): - partitioned['query_string_kwargs'][ - key_name] = str(param_value).lower() - elif member.type_name == 'timestamp': - timestamp_format = member.serialization.get( - 'timestampFormat', self.QUERY_STRING_TIMESTAMP_FORMAT) - partitioned['query_string_kwargs'][ - key_name] = self._convert_timestamp_to_str( - param_value, timestamp_format - ) + elif member.type_name == 'list': + new_param = [ + self._get_uri_and_query_string_value(value, member.member) + for value in param_value + ] + partitioned['query_string_kwargs'][key_name] = new_param else: - partitioned['query_string_kwargs'][key_name] = param_value + new_param = self._get_uri_and_query_string_value( + param_value, member + ) + partitioned['query_string_kwargs'][key_name] = new_param elif location == 'header': shape = shape_members[param_name] if not param_value and shape.type_name == 'list': # Empty lists should not be set on the headers return - value = self._convert_header_value(shape, param_value) - partitioned['headers'][key_name] = str(value) + partitioned['headers'][key_name] = self._convert_header_value( + shape, param_value + ) elif location == 'headers': # 'headers' is a bit of an oddball. The ``key_name`` # is actually really a prefix for the header names: @@ -593,12 +896,26 @@ class BaseRestSerializer(Serializer): # creating multiple header key/val pairs. The key # name to use for each header is the header_prefix (``key_name``) # plus the key provided by the user. - self._do_serialize_header_map(header_prefix, - partitioned['headers'], - param_value) + self._do_serialize_header_map( + header_prefix, partitioned['headers'], param_value + ) else: partitioned['body_kwargs'][param_name] = param_value + def _get_uri_and_query_string_value(self, param_value, member): + if member.type_name == 'boolean': + return str(param_value).lower() + elif member.type_name == 'timestamp': + timestamp_format = member.serialization.get( + 'timestampFormat', self.QUERY_STRING_TIMESTAMP_FORMAT + ) + return self._convert_timestamp_to_str( + param_value, timestamp_format + ) + elif member.type_name in ['float', 'double']: + return str(self._handle_float(param_value)) + return param_value + def _do_serialize_header_map(self, header_prefix, headers, user_input): for key, val in user_input.items(): full_key = header_prefix + key @@ -612,24 +929,82 @@ class BaseRestSerializer(Serializer): datetime_obj = parse_to_aware_datetime(value) timestamp = calendar.timegm(datetime_obj.utctimetuple()) timestamp_format = shape.serialization.get( - 'timestampFormat', self.HEADER_TIMESTAMP_FORMAT) - return self._convert_timestamp_to_str(timestamp, timestamp_format) + 'timestampFormat', self.HEADER_TIMESTAMP_FORMAT + ) + return str( + self._convert_timestamp_to_str(timestamp, timestamp_format) + ) elif shape.type_name == 'list': - converted_value = [ - self._convert_header_value(shape.member, v) - for v in value if v is not None - ] + if shape.member.type_name == "string": + converted_value = [ + self._escape_header_list_string(v) + for v in value + if v is not None + ] + else: + converted_value = [ + self._convert_header_value(shape.member, v) + for v in value + if v is not None + ] return ",".join(converted_value) elif is_json_value_header(shape): # Serialize with no spaces after separators to save space in # the header. return self._get_base64(json.dumps(value, separators=(',', ':'))) + elif shape.type_name == 'boolean': + return str(value).lower() + elif shape.type_name in ['float', 'double']: + return str(self._handle_float(value)) + else: + return str(value) + + def _escape_header_list_string(self, value): + # Escapes a header list string by wrapping it in double quotes if it contains + # a comma or a double quote, and escapes any internal double quotes. + if '"' in value or ',' in value: + return '"' + value.replace('"', '\\"') + '"' else: return value -class RestJSONSerializer(BaseRestSerializer, JSONSerializer): +class BaseRpcV2Serializer(Serializer): + """Base class for RPCv2 protocols. + The only variance between the various RPCv2 protocols is the + way that the body is serialized. All other aspects (headers, uri, etc.) + are the same and logic for serializing those aspects lives here. + Subclasses must implement the ``_serialize_body_params`` and + ``_serialize_headers`` methods. + """ + + def serialize_to_request(self, parameters, operation_model): + serialized = self._create_default_request() + service_name = operation_model.service_model.metadata['targetPrefix'] + operation_name = operation_model.name + serialized['url_path'] = ( + f'/service/{service_name}/operation/{operation_name}' + ) + + input_shape = operation_model.input_shape + if input_shape is not None: + self._serialize_payload(parameters, serialized, input_shape) + + self._serialize_headers(serialized, operation_model) + + return serialized + + def _serialize_payload(self, parameters, serialized, shape): + body_payload = self._serialize_body_params(parameters, shape) + serialized['body'] = body_payload + def _serialize_headers(self, serialized, operation_model): + raise NotImplementedError("_serialize_headers") + + def _serialize_body_params(self, parameters, shape): + raise NotImplementedError("_serialize_body_params") + + +class RestJSONSerializer(BaseRestSerializer, JSONSerializer): def _serialize_empty_body(self): return b'{}' @@ -672,19 +1047,17 @@ class RestXMLSerializer(BaseRestSerializ return ElementTree.tostring(real_root, encoding=self.DEFAULT_ENCODING) def _serialize(self, shape, params, xmlnode, name): - method = getattr(self, '_serialize_type_%s' % shape.type_name, - self._default_serialize) + method = getattr( + self, + f'_serialize_type_{shape.type_name}', + self._default_serialize, + ) method(xmlnode, params, shape, name) def _serialize_type_structure(self, xmlnode, params, shape, name): structure_node = ElementTree.SubElement(xmlnode, name) - if 'xmlNamespace' in shape.serialization: - namespace_metadata = shape.serialization['xmlNamespace'] - attribute_name = 'xmlns' - if namespace_metadata.get('prefix'): - attribute_name += ':%s' % namespace_metadata['prefix'] - structure_node.attrib[attribute_name] = namespace_metadata['uri'] + self._add_xml_namespace(shape, structure_node) for key, value in params.items(): member_shape = shape.members[key] member_name = member_shape.serialization.get('name', key) @@ -710,6 +1083,7 @@ class RestXMLSerializer(BaseRestSerializ else: element_name = member_shape.serialization.get('name', 'member') list_node = ElementTree.SubElement(xmlnode, name) + self._add_xml_namespace(shape, list_node) for item in params: self._serialize(member_shape, item, list_node, element_name) @@ -722,15 +1096,22 @@ class RestXMLSerializer(BaseRestSerializ # val1 # # - node = ElementTree.SubElement(xmlnode, name) - # TODO: handle flattened maps. + if not self._is_shape_flattened(shape): + node = ElementTree.SubElement(xmlnode, name) + self._add_xml_namespace(shape, node) + for key, value in params.items(): - entry_node = ElementTree.SubElement(node, 'entry') + sub_node = ( + ElementTree.SubElement(xmlnode, name) + if self._is_shape_flattened(shape) + else ElementTree.SubElement(node, 'entry') + ) key_name = self._get_serialized_name(shape.key, default_name='key') - val_name = self._get_serialized_name(shape.value, - default_name='value') - self._serialize(shape.key, key, entry_node, key_name) - self._serialize(shape.value, value, entry_node, val_name) + val_name = self._get_serialized_name( + shape.value, default_name='value' + ) + self._serialize(shape.key, key, sub_node, key_name) + self._serialize(shape.value, value, sub_node, val_name) def _serialize_type_boolean(self, xmlnode, params, shape, name): # For scalar types, the 'params' attr is actually just a scalar @@ -742,19 +1123,76 @@ class RestXMLSerializer(BaseRestSerializ else: str_value = 'false' node.text = str_value + self._add_xml_namespace(shape, node) def _serialize_type_blob(self, xmlnode, params, shape, name): node = ElementTree.SubElement(xmlnode, name) node.text = self._get_base64(params) + self._add_xml_namespace(shape, node) def _serialize_type_timestamp(self, xmlnode, params, shape, name): node = ElementTree.SubElement(xmlnode, name) - node.text = self._convert_timestamp_to_str( - params, shape.serialization.get('timestampFormat')) + node.text = str( + self._convert_timestamp_to_str( + params, shape.serialization.get('timestampFormat') + ) + ) + self._add_xml_namespace(shape, node) + + def _serialize_type_float(self, xmlnode, params, shape, name): + node = ElementTree.SubElement(xmlnode, name) + node.text = str(self._handle_float(params)) + self._add_xml_namespace(shape, node) + + def _serialize_type_double(self, xmlnode, params, shape, name): + self._serialize_type_float(xmlnode, params, shape, name) def _default_serialize(self, xmlnode, params, shape, name): node = ElementTree.SubElement(xmlnode, name) node.text = str(params) + self._add_xml_namespace(shape, node) + + def _add_xml_namespace(self, shape, structure_node): + if 'xmlNamespace' in shape.serialization: + namespace_metadata = shape.serialization['xmlNamespace'] + attribute_name = 'xmlns' + if isinstance(namespace_metadata, dict): + if namespace_metadata.get('prefix'): + attribute_name += f":{namespace_metadata['prefix']}" + structure_node.attrib[attribute_name] = namespace_metadata[ + 'uri' + ] + elif isinstance(namespace_metadata, str): + structure_node.attrib[attribute_name] = namespace_metadata + + +class RpcV2CBORSerializer(BaseRpcV2Serializer, CBORSerializer): + TIMESTAMP_FORMAT = 'unixtimestamp' + + def serialize_to_request(self, parameters, operation_model): + register_feature_id('PROTOCOL_RPC_V2_CBOR') + return super().serialize_to_request(parameters, operation_model) + + def _serialize_body_params(self, parameters, input_shape): + body = bytearray() + self._serialize_data_item(body, parameters, input_shape) + return bytes(body) + + def _serialize_headers(self, serialized, operation_model): + serialized['headers']['smithy-protocol'] = 'rpc-v2-cbor' + + if operation_model.has_event_stream_output: + header_val = 'application/vnd.amazon.eventstream' + else: + header_val = 'application/cbor' + self._handle_query_compatible_trait(operation_model, serialized) + + has_body = serialized['body'] != b'' + has_content_type = has_header('Content-Type', serialized['headers']) + + serialized['headers']['Accept'] = header_val + if not has_content_type and has_body: + serialized['headers']['Content-Type'] = header_val SERIALIZERS = { @@ -763,4 +1201,5 @@ SERIALIZERS = { 'json': JSONSerializer, 'rest-json': RestJSONSerializer, 'rest-xml': RestXMLSerializer, + 'smithy-rpc-v2-cbor': RpcV2CBORSerializer, } diff -pruN 2.23.6-1/awscli/botocore/session.py 2.31.35-1/awscli/botocore/session.py --- 2.23.6-1/awscli/botocore/session.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/session.py 2025-11-12 19:17:29.000000000 +0000 @@ -45,6 +45,7 @@ from botocore.configprovider import ( ConfigValueStore, create_botocore_default_config_mapping, ) +from botocore.context import get_context, with_current_context from botocore.errorfactory import ClientExceptionsFactory from botocore.exceptions import ( ConfigNotFound, @@ -57,13 +58,12 @@ from botocore.loaders import create_load from botocore.model import ServiceModel from botocore.parsers import ResponseParserFactory from botocore.regions import EndpointResolver -from botocore.useragent import UserAgentString - +from botocore.useragent import UserAgentString, register_feature_id logger = logging.getLogger(__name__) -class Session(object): +class Session: """ The Session object collects together useful functionality from `botocore` as well as important data such as configuration @@ -79,8 +79,13 @@ class Session(object): #: The default format string to use when configuring the botocore logger. LOG_FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' - def __init__(self, session_vars=None, event_hooks=None, - include_builtin_handlers=True, profile=None): + def __init__( + self, + session_vars=None, + event_hooks=None, + include_builtin_handlers=True, + profile=None, + ): """ Create a new Session object. @@ -161,7 +166,8 @@ class Session(object): def _register_credential_provider(self): self._components.lazy_register_component( - 'credential_provider', self._create_credential_resolver) + 'credential_provider', self._create_credential_resolver + ) def _create_credential_resolver(self): return botocore.credentials.create_credential_resolver( @@ -171,7 +177,8 @@ class Session(object): def _register_data_loader(self): self._components.lazy_register_component( 'data_loader', - lambda: create_loader(self.get_config_variable('data_path'))) + lambda: create_loader(self.get_config_variable('data_path')), + ) def _register_endpoint_resolver(self): def create_default_resolver(): @@ -179,16 +186,20 @@ class Session(object): endpoints, path = loader.load_data_with_path('endpoints') uses_builtin = loader.is_builtin_path(path) return EndpointResolver(endpoints, uses_builtin_data=uses_builtin) + self._internal_components.lazy_register_component( - 'endpoint_resolver', create_default_resolver) + 'endpoint_resolver', create_default_resolver + ) def _register_response_parser_factory(self): - self._components.register_component('response_parser_factory', - ResponseParserFactory()) + self._components.register_component( + 'response_parser_factory', ResponseParserFactory() + ) def _register_exceptions_factory(self): self._internal_components.register_component( - 'exceptions_factory', ClientExceptionsFactory()) + 'exceptions_factory', ClientExceptionsFactory() + ) def _register_builtin_handlers(self, events): for spec in handlers.BUILTIN_HANDLERS: @@ -206,12 +217,14 @@ class Session(object): config_store_component = ConfigValueStore( mapping=create_botocore_default_config_mapping(self) ) - self._components.register_component('config_store', - config_store_component) + self._components.register_component( + 'config_store', config_store_component + ) def _register_monitor(self): self._internal_components.lazy_register_component( - 'monitor', self._create_csm_monitor) + 'monitor', self._create_csm_monitor + ) def _register_user_agent_creator(self): uas = UserAgentString.from_environment() @@ -229,8 +242,9 @@ class Session(object): host=host, port=port, serializer=monitoring.CSMSerializer( - csm_client_id=client_id) - ) + csm_client_id=client_id + ), + ), ) return handler return None @@ -261,9 +275,11 @@ class Session(object): def get_config_variable(self, logical_name, methods=None): if methods is not None: return self._get_config_variable_with_custom_methods( - logical_name, methods) + logical_name, methods + ) return self.get_component('config_store').get_config_variable( - logical_name) + logical_name + ) def _get_config_variable_with_custom_methods(self, logical_name, methods): # If a custom list of methods was supplied we need to perserve the @@ -289,9 +305,7 @@ class Session(object): mapping[name] = chain_builder.create_config_chain( **build_chain_config_args ) - config_store_component = ConfigValueStore( - mapping=mapping - ) + config_store_component = ConfigValueStore(mapping=mapping) value = config_store_component.get_config_variable(logical_name) return value @@ -390,7 +404,8 @@ class Session(object): # profile. cred_file = self.get_config_variable('credentials_file') cred_profiles = botocore.configloader.raw_config_parse( - cred_file) + cred_file + ) for profile in cred_profiles: cred_vars = cred_profiles[profile] if profile not in self._config['profiles']: @@ -421,7 +436,9 @@ class Session(object): """ self._client_config = client_config - def set_credentials(self, access_key, secret_key, token=None): + def set_credentials( + self, access_key, secret_key, token=None, account_id=None + ): """ Manually create credentials for this session. If you would prefer to use botocore without a config file, environment variables, @@ -437,10 +454,13 @@ class Session(object): :type token: str :param token: An option session token used by STS session credentials. + + :type account_id: str + :param account_id: An optional account ID part of the credentials. """ - self._credentials = botocore.credentials.Credentials(access_key, - secret_key, - token) + self._credentials = botocore.credentials.Credentials( + access_key, secret_key, token, account_id=account_id + ) def get_credentials(self): """ @@ -453,10 +473,11 @@ class Session(object): """ if self._credentials is None: self._credentials = self._components.get_component( - 'credential_provider').load_credentials() + 'credential_provider' + ).load_credentials() return self._credentials - def get_auth_token(self): + def get_auth_token(self, **kwargs): """ Return the :class:`botocore.tokens.AuthToken` object associated with this session. If the authorization token has not yet been loaded, this @@ -464,8 +485,15 @@ class Session(object): return the cached authorization token. """ + provider = self._components.get_component('token_provider') + + signing_name = kwargs.get('signing_name') + if signing_name is not None: + auth_token = provider.load_token(signing_name=signing_name) + if auth_token is not None: + return auth_token + if self._auth_token is None: - provider = self._components.get_component('token_provider') self._auth_token = provider.load_token() return self._auth_token @@ -496,16 +524,12 @@ class Session(object): """ if truncate: - return '%s/%s' % (self.user_agent_name, self.user_agent_version) - base = '%s/%s Python/%s %s/%s' % (self.user_agent_name, - self.user_agent_version, - platform.python_version(), - platform.system(), - platform.release()) + return f'{self.user_agent_name}/{self.user_agent_version}' + base = f'{self.user_agent_name}/{self.user_agent_version} Python/{platform.python_version()} {platform.system()}/{platform.release()}' if os.environ.get('AWS_EXECUTION_ENV') is not None: - base += ' exec-env/%s' % os.environ.get('AWS_EXECUTION_ENV') + base += ' exec-env/{}'.format(os.environ.get('AWS_EXECUTION_ENV')) if self.user_agent_extra: - base += ' %s' % self.user_agent_extra + base += f' {self.user_agent_extra}' return base @@ -533,14 +557,14 @@ class Session(object): def get_waiter_model(self, service_name): loader = self.get_component('data_loader') - waiter_config = loader.load_service_model( - service_name, 'waiters-2') + waiter_config = loader.load_service_model(service_name, 'waiters-2') return waiter.WaiterModel(waiter_config) def get_paginator_model(self, service_name): loader = self.get_component('data_loader') paginator_config = loader.load_service_model( - service_name, 'paginators-1') + service_name, 'paginators-1' + ) return paginate.PaginatorModel(paginator_config) def get_service_data(self, service_name): @@ -558,8 +582,9 @@ class Session(object): """ Return a list of names of available services. """ - return self.get_component('data_loader')\ - .list_available_services(type_name='service-2') + return self.get_component('data_loader').list_available_services( + type_name='service-2' + ) def set_debug_logger(self, logger_name='botocore'): """ @@ -568,8 +593,9 @@ class Session(object): """ self.set_stream_logger(logger_name, logging.DEBUG) - def set_stream_logger(self, logger_name, log_level, stream=None, - format_string=None): + def set_stream_logger( + self, logger_name, log_level, stream=None, format_string=None + ): """ Convenience method to configure a stream logger. @@ -636,8 +662,9 @@ class Session(object): # add ch to logger log.addHandler(ch) - def register(self, event_name, handler, unique_id=None, - unique_id_uses_count=False): + def register( + self, event_name, handler, unique_id=None, unique_id_uses_count=False + ): """Register a handler with an event. :type event_name: str @@ -670,11 +697,20 @@ class Session(object): ``unique_id_uses_count`` value declared by the very first ``register`` call for that ``unique_id``. """ - self._events.register(event_name, handler, unique_id, - unique_id_uses_count=unique_id_uses_count) + self._events.register( + event_name, + handler, + unique_id, + unique_id_uses_count=unique_id_uses_count, + ) - def unregister(self, event_name, handler=None, unique_id=None, - unique_id_uses_count=False): + def unregister( + self, + event_name, + handler=None, + unique_id=None, + unique_id_uses_count=False, + ): """Unregister a handler with an event. :type event_name: str @@ -703,9 +739,12 @@ class Session(object): ``unique_id_uses_count`` value declared by the very first ``register`` call for that ``unique_id``. """ - self._events.unregister(event_name, handler=handler, - unique_id=unique_id, - unique_id_uses_count=unique_id_uses_count) + self._events.unregister( + event_name, + handler=handler, + unique_id=unique_id, + unique_id_uses_count=unique_id_uses_count, + ) def emit(self, event_name, **kwargs): return self._events.emit(event_name, **kwargs) @@ -720,10 +759,11 @@ class Session(object): except ValueError: if name in ['endpoint_resolver', 'exceptions_factory']: warnings.warn( - 'Fetching the %s component with the get_component() ' + f'Fetching the {name} component with the get_component() ' 'method is deprecated as the component has always been ' - 'considered an internal interface of botocore' % name, - DeprecationWarning) + 'considered an internal interface of botocore', + DeprecationWarning, + ) return self._internal_components.get_component(name) raise @@ -745,10 +785,20 @@ class Session(object): def lazy_register_component(self, name, component): self._components.lazy_register_component(name, component) - def create_client(self, service_name, region_name=None, - use_ssl=True, verify=None, endpoint_url=None, - aws_access_key_id=None, aws_secret_access_key=None, - aws_session_token=None, config=None): + @with_current_context() + def create_client( + self, + service_name, + region_name=None, + use_ssl=True, + verify=None, + endpoint_url=None, + aws_access_key_id=None, + aws_secret_access_key=None, + aws_session_token=None, + config=None, + aws_account_id=None, + ): """Create a botocore client. :type service_name: string @@ -808,6 +858,10 @@ class Session(object): the client will be the result of calling ``merge()`` on the default config with the config provided to this call. + :type aws_account_id: string + :param aws_account_id: The account id to use when creating + the client. Same semantics as aws_access_key_id above. + :rtype: botocore.client.BaseClient :return: A botocore client instance @@ -831,23 +885,36 @@ class Session(object): loader = self.get_component('data_loader') event_emitter = self.get_component('event_emitter') - response_parser_factory = self.get_component( - 'response_parser_factory') + response_parser_factory = self.get_component('response_parser_factory') if config is not None and config.signature_version is UNSIGNED: credentials = None - elif aws_access_key_id is not None and aws_secret_access_key is not None: + elif ( + aws_access_key_id is not None and aws_secret_access_key is not None + ): credentials = botocore.credentials.Credentials( access_key=aws_access_key_id, secret_key=aws_secret_access_key, - token=aws_session_token) - elif self._missing_cred_vars(aws_access_key_id, - aws_secret_access_key): + token=aws_session_token, + account_id=aws_account_id, + ) + elif self._missing_cred_vars(aws_access_key_id, aws_secret_access_key): raise PartialCredentialsError( provider='explicit', - cred_var=self._missing_cred_vars(aws_access_key_id, - aws_secret_access_key)) + cred_var=self._missing_cred_vars( + aws_access_key_id, aws_secret_access_key + ), + ) else: + if ignored_credentials := self._get_ignored_credentials( + aws_session_token, aws_account_id + ): + logger.debug( + f"Ignoring the following credential-related values which were set without " + f"an access key id and secret key on the session or client: {ignored_credentials}" + ) credentials = self.get_credentials() + if getattr(credentials, 'method', None) == 'explicit': + register_feature_id('CREDENTIALS_CODE') auth_token = self.get_auth_token() endpoint_resolver = self._get_internal_component('endpoint_resolver') exceptions_factory = self._get_internal_component('exceptions_factory') @@ -866,15 +933,30 @@ class Session(object): config_store=config_store, ) + user_agent_creator.set_client_features(get_context().features) + client_creator = botocore.client.ClientCreator( - loader, endpoint_resolver, self.user_agent(), event_emitter, - response_parser_factory, exceptions_factory, config_store, - user_agent_creator=user_agent_creator) + loader, + endpoint_resolver, + self.user_agent(), + event_emitter, + response_parser_factory, + exceptions_factory, + config_store, + user_agent_creator=user_agent_creator, + auth_token_resolver=self.get_auth_token, + ) client = client_creator.create_client( - service_name=service_name, region_name=region_name, - is_secure=use_ssl, endpoint_url=endpoint_url, verify=verify, - credentials=credentials, scoped_config=self.get_scoped_config(), - client_config=config, auth_token=auth_token) + service_name=service_name, + region_name=region_name, + is_secure=use_ssl, + endpoint_url=endpoint_url, + verify=verify, + credentials=credentials, + scoped_config=self.get_scoped_config(), + client_config=config, + auth_token=auth_token, + ) monitor = self._get_internal_component('monitor') if monitor is not None: monitor.register(client.meta.events) @@ -929,8 +1011,9 @@ class Session(object): resolver = self._get_internal_component('endpoint_resolver') return resolver.get_available_partitions() - def get_available_regions(self, service_name, partition_name='aws', - allow_non_regional=False): + def get_available_regions( + self, service_name, partition_name='aws', allow_non_regional=False + ): """Lists the region and endpoint names of a particular partition. :type service_name: string @@ -954,16 +1037,27 @@ class Session(object): try: service_data = self.get_service_data(service_name) endpoint_prefix = service_data['metadata'].get( - 'endpointPrefix', service_name) + 'endpointPrefix', service_name + ) results = resolver.get_available_endpoints( - endpoint_prefix, partition_name, allow_non_regional) + endpoint_prefix, partition_name, allow_non_regional + ) except UnknownServiceError: pass return results + def _get_ignored_credentials(self, aws_session_token, aws_account_id): + credential_inputs = [] + if aws_session_token: + credential_inputs.append('aws_session_token') + if aws_account_id: + credential_inputs.append('aws_account_id') + return ', '.join(credential_inputs) if credential_inputs else None -class ComponentLocator(object): + +class ComponentLocator: """Service locator for session components.""" + def __init__(self): self._components = {} self._deferred = {} @@ -979,7 +1073,7 @@ class ComponentLocator(object): try: return self._components[name] except KeyError: - raise ValueError("Unknown component: %s" % name) + raise ValueError(f"Unknown component: {name}") def register_component(self, name, component): self._components[name] = component @@ -1017,8 +1111,9 @@ class SessionVarDict(MutableMapping): def __len__(self): return len(self._store) - def _update_config_store_from_session_vars(self, logical_name, - config_options): + def _update_config_store_from_session_vars( + self, logical_name, config_options + ): # This is for backwards compatibility. The new preferred way to # modify configuration logic is to use the component system to get # the config_store component from the session, and then update @@ -1037,11 +1132,11 @@ class SessionVarDict(MutableMapping): config_property_names=config_name, default=default, conversion_func=typecast, - ) + ), ) -class SubsetChainConfigFactory(object): +class SubsetChainConfigFactory: """A class for creating backwards compatible configuration chains. This class can be used instead of @@ -1050,13 +1145,19 @@ class SubsetChainConfigFactory(object): out providers that are not in the methods tuple when creating a new config chain. """ + def __init__(self, session, methods, environ=None): self._factory = ConfigChainFactory(session, environ) self._supported_methods = methods - def create_config_chain(self, instance_name=None, env_var_names=None, - config_property_name=None, default=None, - conversion_func=None): + def create_config_chain( + self, + instance_name=None, + env_var_names=None, + config_property_name=None, + default=None, + conversion_func=None, + ): """Build a config chain following the standard botocore pattern. This config chain factory will omit any providers not in the methods diff -pruN 2.23.6-1/awscli/botocore/signers.py 2.31.35-1/awscli/botocore/signers.py --- 2.23.6-1/awscli/botocore/signers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/signers.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,15 +20,20 @@ import botocore.auth from botocore.awsrequest import create_request_object, prepare_request_dict from botocore.compat import OrderedDict from botocore.exceptions import ( + ParamValidationError, UnknownClientMethodError, UnknownSignatureVersionError, UnsupportedSignatureVersionError, - ParamValidationError, ) -from botocore.utils import ArnParser, datetime2timestamp, fix_s3_host +from botocore.tokens import FrozenAuthToken +from botocore.utils import ( + ArnParser, + datetime2timestamp, + fix_s3_host, # noqa +) -class RequestSigner(object): +class RequestSigner: """ An object to sign requests before they go out over the wire using one of the authentication mechanisms defined in ``auth.py``. This @@ -62,9 +67,17 @@ class RequestSigner(object): :type event_emitter: :py:class:`~botocore.hooks.BaseEventHooks` :param event_emitter: Extension mechanism to fire events. """ - def __init__(self, service_id, region_name, signing_name, - signature_version, credentials, event_emitter, - auth_token=None): + + def __init__( + self, + service_id, + region_name, + signing_name, + signature_version, + credentials, + event_emitter, + auth_token=None, + ): self._region_name = region_name self._signing_name = signing_name self._signature_version = signature_version @@ -94,8 +107,15 @@ class RequestSigner(object): # Don't call this method directly. return self.sign(operation_name, request) - def sign(self, operation_name, request, region_name=None, - signing_type='standard', expires_in=None, signing_name=None): + def sign( + self, + operation_name, + request, + region_name=None, + signing_type='standard', + expires_in=None, + signing_name=None, + ): """Sign a request before it goes out over the wire. :type operation_name: string @@ -130,23 +150,25 @@ class RequestSigner(object): signing_name = self._signing_name signature_version = self._choose_signer( - operation_name, signing_type, request.context) + operation_name, signing_type, request.context + ) # Allow mutating request before signing self._event_emitter.emit( - 'before-sign.{0}.{1}'.format( - self._service_id.hyphenize(), operation_name), - request=request, signing_name=signing_name, + f'before-sign.{self._service_id.hyphenize()}.{operation_name}', + request=request, + signing_name=signing_name, region_name=self._region_name, - signature_version=signature_version, request_signer=self, - operation_name=operation_name + signature_version=signature_version, + request_signer=self, + operation_name=operation_name, ) if signature_version != botocore.UNSIGNED: kwargs = { 'signing_name': signing_name, 'region_name': region_name, - 'signature_version': signature_version + 'signature_version': signature_version, } if expires_in is not None: kwargs['expires'] = expires_in @@ -166,7 +188,8 @@ class RequestSigner(object): except UnknownSignatureVersionError as e: if signing_type != 'standard': raise UnsupportedSignatureVersionError( - signature_version=signature_version) + signature_version=signature_version + ) else: raise e @@ -188,7 +211,7 @@ class RequestSigner(object): """ signing_type_suffix_map = { 'presign-post': '-presign-post', - 'presign-url': '-query' + 'presign-url': '-query', } suffix = signing_type_suffix_map.get(signing_type, '') # operation specific signing context takes precedent over client-level @@ -197,13 +220,14 @@ class RequestSigner(object): signing = context.get('signing', {}) signing_name = signing.get('signing_name', self._signing_name) region_name = signing.get('region', self._region_name) - if signature_version is not botocore.UNSIGNED and not \ - signature_version.endswith(suffix): + if ( + signature_version is not botocore.UNSIGNED + and not signature_version.endswith(suffix) + ): signature_version += suffix handler, response = self._event_emitter.emit_until_response( - 'choose-signer.{0}.{1}'.format( - self._service_id.hyphenize(), operation_name), + f'choose-signer.{self._service_id.hyphenize()}.{operation_name}', signing_name=signing_name, region_name=region_name, signature_version=signature_version, @@ -214,14 +238,17 @@ class RequestSigner(object): signature_version = response # The suffix needs to be checked again in case we get an improper # signature version from choose-signer. - if signature_version is not botocore.UNSIGNED and not \ - signature_version.endswith(suffix): + if ( + signature_version is not botocore.UNSIGNED + and not signature_version.endswith(suffix) + ): signature_version += suffix return signature_version - def get_auth_instance(self, signing_name, region_name, - signature_version=None, **kwargs): + def get_auth_instance( + self, signing_name, region_name, signature_version=None, **kwargs + ): """ Get an auth instance which can be used to sign a request using the given signature version. @@ -246,12 +273,16 @@ class RequestSigner(object): cls = botocore.auth.AUTH_TYPE_MAPS.get(signature_version) if cls is None: raise UnknownSignatureVersionError( - signature_version=signature_version) + signature_version=signature_version + ) if cls.REQUIRES_TOKEN is True: - frozen_token = None - if self._auth_token is not None: + if self._auth_token and not isinstance( + self._auth_token, FrozenAuthToken + ): frozen_token = self._auth_token.get_frozen_token() + else: + frozen_token = self._auth_token auth = cls(frozen_token) return auth @@ -281,9 +312,14 @@ class RequestSigner(object): # Alias get_auth for backwards compatibility. get_auth = get_auth_instance - def generate_presigned_url(self, request_dict, operation_name, - expires_in=3600, region_name=None, - signing_name=None): + def generate_presigned_url( + self, + request_dict, + operation_name, + expires_in=3600, + region_name=None, + signing_name=None, + ): """Generates a presigned url :type request_dict: dict @@ -306,14 +342,20 @@ class RequestSigner(object): :returns: The presigned url """ request = create_request_object(request_dict) - self.sign(operation_name, request, region_name, - 'presign-url', expires_in, signing_name) + self.sign( + operation_name, + request, + region_name, + 'presign-url', + expires_in, + signing_name, + ) request.prepare() return request.url -class CloudFrontSigner(object): +class CloudFrontSigner: '''A signer to create a signed CloudFront URL. First you create a cloudfront signer based on a normalized RSA signer:: @@ -367,8 +409,12 @@ class CloudFrontSigner(object): :rtype: str :return: The signed URL. """ - if (date_less_than is not None and policy is not None or - date_less_than is None and policy is None): + if ( + date_less_than is not None + and policy is not None + or date_less_than is None + and policy is None + ): e = 'Need to provide either date_less_than or policy, but not both' raise ValueError(e) if date_less_than is not None: @@ -377,22 +423,29 @@ class CloudFrontSigner(object): if isinstance(policy, str): policy = policy.encode('utf8') if date_less_than is not None: - params = ['Expires=%s' % int(datetime2timestamp(date_less_than))] + params = [f'Expires={int(datetime2timestamp(date_less_than))}'] else: - params = ['Policy=%s' % self._url_b64encode(policy).decode('utf8')] + params = [ + 'Policy={}'.format(self._url_b64encode(policy).decode('utf8')) + ] signature = self.rsa_signer(policy) - params.extend([ - 'Signature=%s' % self._url_b64encode(signature).decode('utf8'), - 'Key-Pair-Id=%s' % self.key_id, - ]) + params.extend( + [ + 'Signature={}'.format( + self._url_b64encode(signature).decode('utf8') + ), + f'Key-Pair-Id={self.key_id}', + ] + ) return self._build_url(url, params) def _build_url(self, base_url, extra_params): separator = '&' if '?' in base_url else '?' return base_url + separator + '&'.join(extra_params) - def build_policy(self, resource, date_less_than, - date_greater_than=None, ip_address=None): + def build_policy( + self, resource, date_less_than, date_greater_than=None, ip_address=None + ): """A helper to build policy. :type resource: str @@ -435,8 +488,12 @@ class CloudFrontSigner(object): def _url_b64encode(self, data): # Required by CloudFront. See also: # http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-linux-openssl.html - return base64.b64encode( - data).replace(b'+', b'-').replace(b'=', b'_').replace(b'/', b'~') + return ( + base64.b64encode(data) + .replace(b'+', b'-') + .replace(b'=', b'_') + .replace(b'/', b'~') + ) def add_generate_db_auth_token(class_attributes, **kwargs): @@ -484,7 +541,7 @@ def generate_db_auth_token(self, DBHostn 'query_string': '', 'headers': {}, 'body': params, - 'method': 'GET' + 'method': 'GET', } # RDS requires that the scheme not be set when sent over. This can cause @@ -494,13 +551,16 @@ def generate_db_auth_token(self, DBHostn # netloc would be treated as a path component. To work around this we # introduce https here and remove it once we're done processing it. scheme = 'https://' - endpoint_url = '%s%s:%s' % (scheme, DBHostname, Port) + endpoint_url = f'{scheme}{DBHostname}:{Port}' prepare_request_dict(request_dict, endpoint_url) presigned_url = self._request_signer.generate_presigned_url( - operation_name='connect', request_dict=request_dict, - region_name=region, expires_in=900, signing_name='rds-db' + operation_name='connect', + request_dict=request_dict, + region_name=region, + expires_in=900, + signing_name='rds-db', ) - return presigned_url[len(scheme):] + return presigned_url[len(scheme) :] def _dsql_generate_db_auth_token( @@ -596,13 +656,18 @@ def dsql_generate_db_connect_admin_auth_ ) -class S3PostPresigner(object): +class S3PostPresigner: def __init__(self, request_signer): self._request_signer = request_signer - def generate_presigned_post(self, request_dict, fields=None, - conditions=None, expires_in=3600, - region_name=None): + def generate_presigned_post( + self, + request_dict, + fields=None, + conditions=None, + expires_in=3600, + region_name=None, + ): """Generates the url and the form fields used for a presigned s3 post :type request_dict: dict @@ -667,7 +732,8 @@ class S3PostPresigner(object): request.context['s3-presign-post-policy'] = policy self._request_signer.sign( - 'PutObject', request, region_name, 'presign-post') + 'PutObject', request, region_name, 'presign-post' + ) # Return the url and the fields for th form to post. return {'url': request.url, 'fields': fields} @@ -676,8 +742,9 @@ def add_generate_presigned_url(class_att class_attributes['generate_presigned_url'] = generate_presigned_url -def generate_presigned_url(self, ClientMethod, Params=None, ExpiresIn=3600, - HttpMethod=None): +def generate_presigned_url( + self, ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None +): """Generate a presigned url given a client, its method, and arguments :type ClientMethod: string @@ -715,8 +782,7 @@ def generate_presigned_url(self, ClientM except KeyError: raise UnknownClientMethodError(method_name=client_method) - operation_model = self.meta.service_model.operation_model( - operation_name) + operation_model = self.meta.service_model.operation_model(operation_name) params = self._emit_api_params( api_params=params, operation_model=operation_model, @@ -749,16 +815,19 @@ def generate_presigned_url(self, ClientM # Generate the presigned url. return request_signer.generate_presigned_url( - request_dict=request_dict, expires_in=expires_in, - operation_name=operation_name) + request_dict=request_dict, + expires_in=expires_in, + operation_name=operation_name, + ) def add_generate_presigned_post(class_attributes, **kwargs): class_attributes['generate_presigned_post'] = generate_presigned_post -def generate_presigned_post(self, Bucket, Key, Fields=None, Conditions=None, - ExpiresIn=3600): +def generate_presigned_post( + self, Bucket, Key, Fields=None, Conditions=None, ExpiresIn=3600 +): """Builds the url and the form fields used for a presigned s3 post :type Bucket: string @@ -844,8 +913,7 @@ def generate_presigned_post(self, Bucket # We choose the CreateBucket operation model because its url gets # serialized to what a presign post requires. - operation_model = self.meta.service_model.operation_model( - 'CreateBucket') + operation_model = self.meta.service_model.operation_model('CreateBucket') params = self._emit_api_params( api_params={'Bucket': bucket}, operation_model=operation_model, @@ -878,7 +946,7 @@ def generate_presigned_post(self, Bucket # If the key ends with filename, the only constraint that can be # imposed is if it starts with the specified prefix. if key.endswith('${filename}'): - conditions.append(["starts-with", '$key', key[:-len('${filename}')]]) + conditions.append(["starts-with", '$key', key[: -len('${filename}')]]) else: conditions.append({'key': key}) @@ -886,5 +954,8 @@ def generate_presigned_post(self, Bucket fields['key'] = key return post_presigner.generate_presigned_post( - request_dict=request_dict, fields=fields, conditions=conditions, - expires_in=expires_in) + request_dict=request_dict, + fields=fields, + conditions=conditions, + expires_in=expires_in, + ) diff -pruN 2.23.6-1/awscli/botocore/stub.py 2.31.35-1/awscli/botocore/stub.py --- 2.23.6-1/awscli/botocore/stub.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/stub.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,7 @@ from botocore.exceptions import ( from botocore.validate import validate_parameters -class _ANY(object): +class _ANY: """ A helper object that compares equal to everything. Copied from unittest.mock @@ -39,10 +39,11 @@ class _ANY(object): def __repr__(self): return '' + ANY = _ANY() -class Stubber(object): +class Stubber: """ This class will allow you to stub out requests so you don't have to hit an endpoint to write tests. Responses are returned first in, first out. @@ -163,6 +164,7 @@ class Stubber(object): assert service_response == response """ + def __init__(self, client): """ :param client: The client to add your stubs to. @@ -186,11 +188,13 @@ class Stubber(object): self.client.meta.events.register_first( 'before-parameter-build.*.*', self._assert_expected_params, - unique_id=self._expected_params_event_id) + unique_id=self._expected_params_event_id, + ) self.client.meta.events.register( 'before-call.*.*', self._get_response_handler, - unique_id=self._event_id) + unique_id=self._event_id, + ) def deactivate(self): """ @@ -199,11 +203,13 @@ class Stubber(object): self.client.meta.events.unregister( 'before-parameter-build.*.*', self._assert_expected_params, - unique_id=self._expected_params_event_id) + unique_id=self._expected_params_event_id, + ) self.client.meta.events.unregister( 'before-call.*.*', self._get_response_handler, - unique_id=self._event_id) + unique_id=self._event_id, + ) def add_response(self, method, service_response, expected_params=None): """ @@ -233,8 +239,8 @@ class Stubber(object): def _add_response(self, method, service_response, expected_params): if not hasattr(self.client, method): raise ValueError( - "Client %s does not have method: %s" - % (self.client.meta.service_model.service_name, method)) + f"Client {self.client.meta.service_model.service_name} does not have method: {method}" + ) # Create a successful http response http_response = AWSResponse(None, 200, {}, None) @@ -246,14 +252,20 @@ class Stubber(object): response = { 'operation_name': operation_name, 'response': (http_response, service_response), - 'expected_params': expected_params + 'expected_params': expected_params, } self._queue.append(response) - def add_client_error(self, method, service_error_code='', - service_message='', http_status_code=400, - service_error_meta=None, expected_params=None, - response_meta=None): + def add_client_error( + self, + method, + service_error_code='', + service_message='', + http_status_code=400, + service_error_meta=None, + expected_params=None, + response_meta=None, + ): """ Adds a ``ClientError`` to the response queue. @@ -294,10 +306,7 @@ class Stubber(object): # look like. parsed_response = { 'ResponseMetadata': {'HTTPStatusCode': http_status_code}, - 'Error': { - 'Message': service_message, - 'Code': service_error_code - } + 'Error': {'Message': service_message, 'Code': service_error_code}, } if service_error_meta is not None: @@ -323,23 +332,25 @@ class Stubber(object): remaining = len(self._queue) if remaining != 0: raise AssertionError( - "%d responses remaining in queue." % remaining) + "%d responses remaining in queue." % remaining + ) def _assert_expected_call_order(self, model, params): if not self._queue: raise UnStubbedResponseError( operation_name=model.name, reason=( - 'Unexpected API Call: A call was made but no additional calls expected. ' - 'Either the API Call was not stubbed or it was called multiple times.' - ) + 'Unexpected API Call: A call was made but no additional calls expected. ' + 'Either the API Call was not stubbed or it was called multiple times.' + ), ) name = self._queue[0]['operation_name'] if name != model.name: raise StubResponseError( operation_name=model.name, - reason='Operation mismatch: found response for %s.' % name) + reason=f'Operation mismatch: found response for {name}.', + ) def _get_response_handler(self, model, params, context, **kwargs): self._assert_expected_call_order(model, params) @@ -359,15 +370,15 @@ class Stubber(object): if param not in params or expected_params[param] != params[param]: raise StubAssertionError( operation_name=model.name, - reason='Expected parameters:\n%s,\nbut received:\n%s' % ( - pformat(expected_params), pformat(params))) + reason=f'Expected parameters:\n{pformat(expected_params)},\nbut received:\n{pformat(params)}', + ) # Ensure there are no extra params hanging around if sorted(expected_params.keys()) != sorted(params.keys()): raise StubAssertionError( operation_name=model.name, - reason='Expected parameters:\n%s,\nbut received:\n%s' % ( - pformat(expected_params), pformat(params))) + reason=f'Expected parameters:\n{pformat(expected_params)},\nbut received:\n{pformat(params)}', + ) def _should_not_stub(self, context): # Do not include presign requests when processing stubbed client calls @@ -395,4 +406,6 @@ class Stubber(object): # empty apart from ResponseMetadata raise ParamValidationError( report=( - "Service response should only contain ResponseMetadata.")) + "Service response should only contain ResponseMetadata." + ) + ) diff -pruN 2.23.6-1/awscli/botocore/tokens.py 2.31.35-1/awscli/botocore/tokens.py --- 2.23.6-1/awscli/botocore/tokens.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/tokens.py 2025-11-12 19:17:29.000000000 +0000 @@ -19,8 +19,6 @@ from datetime import datetime, timedelta from typing import Optional import dateutil.parser -from dateutil.tz import tzutc - from botocore import UNSIGNED from botocore.compat import total_seconds from botocore.config import Config @@ -29,7 +27,13 @@ from botocore.exceptions import ( InvalidConfigError, TokenRetrievalError, ) -from botocore.utils import CachedProperty, JSONFileCache, SSOTokenLoader +from botocore.utils import ( + CachedProperty, + JSONFileCache, + SSOTokenLoader, + get_token_from_environment, +) +from dateutil.tz import tzutc logger = logging.getLogger(__name__) @@ -40,6 +44,7 @@ def _utc_now(): def create_token_resolver(session): providers = [ + ScopedEnvTokenProvider(session), SSOTokenProvider(session), ] return TokenProviderChain(providers=providers) @@ -164,9 +169,9 @@ class TokenProviderChain: providers = [] self._providers = providers - def load_token(self): + def load_token(self, **kwargs): for provider in self._providers: - token = provider.load_token() + token = provider.load_token(**kwargs) if token is not None: return token return None @@ -323,10 +328,36 @@ class SSOTokenProvider: token_dict["accessToken"], expiration=expiration ) - def load_token(self): + def load_token(self, **kwargs): if self._sso_config is None: return None return DeferredRefreshableToken( self.METHOD, self._refresher, time_fetcher=self._now ) + + +class ScopedEnvTokenProvider: + """ + Token provider that loads tokens from environment variables scoped to + a specific `signing_name`. + """ + + METHOD = 'env' + + def __init__(self, session, environ=None): + self._session = session + if environ is None: + environ = os.environ + self.environ = environ + + def load_token(self, **kwargs): + signing_name = kwargs.get("signing_name") + if signing_name is None: + return None + + token = get_token_from_environment(signing_name, self.environ) + + if token is not None: + logger.info("Found token in environment variables.") + return FrozenAuthToken(token) diff -pruN 2.23.6-1/awscli/botocore/useragent.py 2.31.35-1/awscli/botocore/useragent.py --- 2.23.6-1/awscli/botocore/useragent.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/useragent.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,6 +22,8 @@ configuration options: * The ``user_agent_extra`` field in the :py:class:`botocore.config.Config`. """ + +import logging import os import platform from copy import copy @@ -29,8 +31,12 @@ from string import ascii_letters, digits from typing import NamedTuple, Optional from botocore import __version__ as botocore_version +from botocore.context import get_context + +logger = logging.getLogger(__name__) -_USERAGENT_ALLOWED_CHARACTERS = ascii_letters + digits + "!$%&'*+-.^_`|~" + +_USERAGENT_ALLOWED_CHARACTERS = ascii_letters + digits + "!$%&'*+-.^_`|~," _USERAGENT_ALLOWED_OS_NAMES = ( 'windows', 'linux', @@ -47,12 +53,84 @@ _USERAGENT_PLATFORM_NAME_MAPPINGS = {'da # using their existing values. Uses uppercase "B" with all other characters # lowercase. _USERAGENT_SDK_NAME = 'Botocore' +_USERAGENT_FEATURE_MAPPINGS = { + 'WAITER': 'B', + 'PAGINATOR': 'C', + 'RETRY_MODE_STANDARD': 'E', + 'RETRY_MODE_ADAPTIVE': 'F', + 'S3_TRANSFER': 'G', + 'PROTOCOL_RPC_V2_CBOR': 'M', + 'GZIP_REQUEST_COMPRESSION': 'L', + 'ENDPOINT_OVERRIDE': 'N', + 'ACCOUNT_ID_MODE_PREFERRED': 'P', + 'ACCOUNT_ID_MODE_DISABLED': 'Q', + 'ACCOUNT_ID_MODE_REQUIRED': 'R', + 'SIGV4A_SIGNING': 'S', + 'RESOLVED_ACCOUNT_ID': 'T', + 'FLEXIBLE_CHECKSUMS_REQ_CRC32': 'U', + 'FLEXIBLE_CHECKSUMS_REQ_CRC32C': 'V', + 'FLEXIBLE_CHECKSUMS_REQ_CRC64': 'W', + 'FLEXIBLE_CHECKSUMS_REQ_SHA1': 'X', + 'FLEXIBLE_CHECKSUMS_REQ_SHA256': 'Y', + 'FLEXIBLE_CHECKSUMS_REQ_WHEN_SUPPORTED': 'Z', + 'FLEXIBLE_CHECKSUMS_REQ_WHEN_REQUIRED': 'a', + 'FLEXIBLE_CHECKSUMS_RES_WHEN_SUPPORTED': 'b', + 'FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED': 'c', + 'CREDENTIALS_CODE': 'e', + 'CREDENTIALS_ENV_VARS': 'g', + 'CREDENTIALS_PROFILE_PROCESS': 'v', + 'CREDENTIALS_PROCESS': 'w', + 'CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN': 'h', + 'CREDENTIALS_STS_ASSUME_ROLE': 'i', + 'CREDENTIALS_STS_ASSUME_ROLE_WEB_ID': 'k', + 'CREDENTIALS_PROFILE': 'n', + 'CREDENTIALS_PROFILE_SOURCE_PROFILE': 'o', + 'CREDENTIALS_PROFILE_NAMED_PROVIDER': 'p', + 'CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN': 'q', + 'CREDENTIALS_PROFILE_SSO': 'r', + 'CREDENTIALS_SSO': 's', + 'CREDENTIALS_PROFILE_SSO_LEGACY': 't', + 'CREDENTIALS_SSO_LEGACY': 'u', + 'CREDENTIALS_BOTO2_CONFIG_FILE': 'x', + 'CREDENTIALS_HTTP': 'z', + 'CREDENTIALS_IMDS': '0', + 'BEARER_SERVICE_ENV_VARS': '3', +} + + +def register_feature_id(feature_id): + """Adds metric value to the current context object's ``features`` set. + + :type feature_id: str + :param feature_id: The name of the feature to register. Value must be a key + in the ``_USERAGENT_FEATURE_MAPPINGS`` dict. + """ + ctx = get_context() + if ctx is None: + # Never register features outside the scope of a + # ``botocore.context.start_as_current_context`` context manager. + # Otherwise, the context variable won't be reset and features will + # bleed into all subsequent requests. Return instead of raising an + # exception since this function could be invoked in a public interface. + return + if val := _USERAGENT_FEATURE_MAPPINGS.get(feature_id): + ctx.features.add(val) + + +def register_feature_ids(feature_ids): + """Adds multiple feature IDs to the current context object's ``features`` set. + :type feature_ids: iterable of str + :param feature_ids: An iterable of feature ID strings to register. Each + value must be a key in the ``_USERAGENT_FEATURE_MAPPINGS`` dict. + """ + for feature_id in feature_ids: + register_feature_id(feature_id) def sanitize_user_agent_string_component(raw_str, allow_hash): """Replaces all not allowed characters in the string with a dash ("-"). - Allowed characters are ASCII alphanumerics and ``!$%&'*+-.^_`|~``. If + Allowed characters are ASCII alphanumerics and ``!$%&'*+-.^_`|~,``. If ``allow_hash`` is ``True``, "#"``" is also allowed. :type raw_str: str @@ -69,19 +147,41 @@ def sanitize_user_agent_string_component ) +class UserAgentComponentSizeConfig: + """ + Configures the max size of a built user agent string component and the + delimiter used to truncate the string if the size is above the max. + """ + + def __init__(self, max_size_in_bytes: int, delimiter: str): + self.max_size_in_bytes = max_size_in_bytes + self.delimiter = delimiter + self._validate_input() + + def _validate_input(self): + if self.max_size_in_bytes < 1: + raise ValueError( + f'Invalid `max_size_in_bytes`: {self.max_size_in_bytes}. ' + 'Value must be a positive integer.' + ) + + class UserAgentComponent(NamedTuple): """ Component of a Botocore User-Agent header string in the standard format. - Each component consists of a prefix, a name, and a value. In the string - representation these are combined in the format ``prefix/name#value``. + Each component consists of a prefix, a name, a value, and a size_config. + In the string representation these are combined in the format + ``prefix/name#value``. - This class is considered private and is subject to abrupt breaking changes. + ``size_config`` configures the max size and truncation strategy for the + built user agent string component. """ prefix: str name: str value: Optional[str] = None + size_config: Optional[UserAgentComponentSizeConfig] = None def to_string(self): """Create string like 'prefix/name#value' from a UserAgentComponent.""" @@ -92,11 +192,39 @@ class UserAgentComponent(NamedTuple): self.name, allow_hash=False ) if self.value is None or self.value == '': - return f'{clean_prefix}/{clean_name}' - clean_value = sanitize_user_agent_string_component( - self.value, allow_hash=True - ) - return f'{clean_prefix}/{clean_name}#{clean_value}' + clean_string = f'{clean_prefix}/{clean_name}' + else: + clean_value = sanitize_user_agent_string_component( + self.value, allow_hash=True + ) + clean_string = f'{clean_prefix}/{clean_name}#{clean_value}' + if self.size_config is not None: + clean_string = self._truncate_string( + clean_string, + self.size_config.max_size_in_bytes, + self.size_config.delimiter, + ) + return clean_string + + def _truncate_string(self, string, max_size, delimiter): + """ + Pop ``delimiter``-separated values until encoded string is less than or + equal to ``max_size``. + """ + orig = string + while len(string.encode('utf-8')) > max_size: + parts = string.split(delimiter) + parts.pop() + string = delimiter.join(parts) + + if string == '': + logger.debug( + f"User agent component `{orig}` could not be truncated to " + f"`{max_size}` bytes with delimiter " + f"`{delimiter}` without losing all contents. " + f"Value will be omitted from user agent string." + ) + return string class RawStringUserAgentComponent: @@ -191,9 +319,9 @@ class UserAgentString: self._session_user_agent_extra = None self._client_config = None - self._uses_paginator = None - self._uses_waiter = None - self._uses_resource = None + + # Component that can be set with ``set_client_features()`` + self._client_features = None @classmethod def from_environment(cls): @@ -231,6 +359,15 @@ class UserAgentString: self._session_user_agent_extra = session_user_agent_extra return self + def set_client_features(self, features): + """ + Persist client-specific features registered before or during client + creation. + :type features: Set[str] + :param features: A set of client-specific features. + """ + self._client_features = features + def with_client_config(self, client_config): """ Create a copy with all original values and client-specific values. @@ -258,7 +395,7 @@ class UserAgentString: components = [ *self._build_sdk_metadata(), - RawStringUserAgentComponent('ua/2.0'), + RawStringUserAgentComponent('ua/2.1'), *self._build_os_metadata(), *self._build_architecture_metadata(), *self._build_language_metadata(), @@ -269,7 +406,9 @@ class UserAgentString: *self._build_extra(), ] - return ' '.join([comp.to_string() for comp in components]) + return ' '.join( + [comp.to_string() for comp in components if comp.to_string()] + ) def _build_sdk_metadata(self): """ @@ -396,12 +535,23 @@ class UserAgentString: def _build_feature_metadata(self): """ - Build the features components of the User-Agent header string. + Build the features component of the User-Agent header string. - Botocore currently does not report any features. This may change in a - future version. + Returns a single component with prefix "m" followed by a list of + comma-separated metric values. """ - return [] + ctx = get_context() + context_features = set() if ctx is None else ctx.features + client_features = self._client_features or set() + features = client_features.union(context_features) + if not features: + return [] + size_config = UserAgentComponentSizeConfig(1024, ',') + return [ + UserAgentComponent( + 'm', ','.join(features), size_config=size_config + ) + ] def _build_config_metadata(self): """ @@ -471,6 +621,13 @@ class UserAgentString: components.append(self._client_config.user_agent_extra) return ' '.join(components) + def rebuild_and_replace_user_agent_handler( + self, operation_name, request, **kwargs + ): + ua_string = self.to_string() + if request.headers.get('User-Agent'): + request.headers.replace_header('User-Agent', ua_string) + def _get_crt_version(): """ diff -pruN 2.23.6-1/awscli/botocore/utils.py 2.31.35-1/awscli/botocore/utils.py --- 2.23.6-1/awscli/botocore/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -90,7 +90,9 @@ METADATA_ENDPOINT_MODES = ('ipv4', 'ipv6 SAFE_CHARS = '-._~' LABEL_RE = re.compile(r'[a-z0-9][a-z0-9\-]*[a-z0-9]') RETRYABLE_HTTP_ERRORS = ( - ReadTimeoutError, EndpointConnectionError, ConnectionClosedError, + ReadTimeoutError, + EndpointConnectionError, + ConnectionClosedError, ConnectTimeoutError, ) S3_ACCELERATE_WHITELIST = ['dualstack'] @@ -100,7 +102,7 @@ S3_ACCELERATE_WHITELIST = ['dualstack'] IPV4_PAT = r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}" IPV4_RE = re.compile("^" + IPV4_PAT + "$") HEX_PAT = "[0-9A-Fa-f]{1,4}" -LS32_PAT = "(?:{hex}:{hex}|{ipv4})".format(hex=HEX_PAT, ipv4=IPV4_PAT) +LS32_PAT = f"(?:{HEX_PAT}:{HEX_PAT}|{IPV4_PAT})" _subs = {"hex": HEX_PAT, "ls32": LS32_PAT} _variations = [ # 6( h16 ":" ) ls32 @@ -123,7 +125,9 @@ _variations = [ "(?:(?:%(hex)s:){0,6}%(hex)s)?::", ] -UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~" +UNRESERVED_PAT = ( + r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~" +) IPV6_PAT = "(?:" + "|".join([x % _subs for x in _variations]) + ")" ZONE_ID_PAT = "(?:%25|%)(?:[" + UNRESERVED_PAT + "]|%[a-fA-F0-9]{2})+" IPV6_ADDRZ_PAT = r"\[" + IPV6_PAT + r"(?:" + ZONE_ID_PAT + r")?\]" @@ -138,6 +142,15 @@ CHECKSUM_HEADER_PATTERN = re.compile( flags=re.IGNORECASE, ) +PRIORITY_ORDERED_SUPPORTED_PROTOCOLS = ( + 'json', + 'rest-json', + 'rest-xml', + 'smithy-rpc-v2-cbor', + 'query', + 'ec2', +) + def ensure_boolean(val): """Ensures a boolean value if a string or boolean is provided @@ -158,18 +171,19 @@ def resolve_imds_endpoint_mode(session): ec2_metadata_service_endpoint_mode takes precedence over imds_use_ipv6. """ endpoint_mode = session.get_config_variable( - 'ec2_metadata_service_endpoint_mode') + 'ec2_metadata_service_endpoint_mode' + ) if endpoint_mode is not None: lendpoint_mode = endpoint_mode.lower() if lendpoint_mode not in METADATA_ENDPOINT_MODES: error_msg_kwargs = { 'mode': endpoint_mode, - 'valid_modes': METADATA_ENDPOINT_MODES + 'valid_modes': METADATA_ENDPOINT_MODES, } raise InvalidIMDSEndpointModeError(**error_msg_kwargs) return lendpoint_mode elif session.get_config_variable('imds_use_ipv6'): - return 'ipv6' + return 'ipv6' return 'ipv4' @@ -182,10 +196,12 @@ def is_json_value_header(shape): :return: True if this type is a jsonvalue, False otherwise :rtype: Bool """ - return (hasattr(shape, 'serialization') and - shape.serialization.get('jsonvalue', False) and - shape.serialization.get('location') == 'header' and - shape.type_name == 'string') + return ( + hasattr(shape, 'serialization') + and shape.serialization.get('jsonvalue', False) + and shape.serialization.get('location') == 'header' + and shape.type_name == 'string' + ) def has_header(header_name, headers): @@ -195,9 +211,7 @@ def has_header(header_name, headers): elif isinstance(headers, botocore.awsrequest.HeadersDict): return header_name in headers else: - return header_name.lower() in [ - key.lower() for key in headers.keys() - ] + return header_name.lower() in [key.lower() for key in headers.keys()] def get_service_module_name(service_model): @@ -208,7 +222,9 @@ def get_service_module_name(service_mode name = service_model.metadata.get( 'serviceAbbreviation', service_model.metadata.get( - 'serviceFullName', service_model.service_name)) + 'serviceFullName', service_model.service_name + ), + ) name = name.replace('Amazon', '') name = name.replace('AWS', '') name = re.sub(r'\W+', '', name) @@ -291,10 +307,7 @@ def set_value_from_jmespath(source, expr source[current_key] = {} return set_value_from_jmespath( - source[current_key], - remainder, - value, - is_first=False + source[current_key], remainder, value, is_first=False ) # If we're down to a single key, set it. @@ -310,6 +323,7 @@ def is_global_accesspoint(context): class _RetriesExceededError(Exception): """Internal exception used when the number of retries are exceeded.""" + pass @@ -318,15 +332,20 @@ class BadIMDSRequestError(Exception): self.request = request -class IMDSFetcher(object): - +class IMDSFetcher: _RETRIES_EXCEEDED_ERROR_CLS = _RetriesExceededError _TOKEN_PATH = 'latest/api/token' _TOKEN_TTL = '21600' - def __init__(self, timeout=DEFAULT_METADATA_SERVICE_TIMEOUT, - num_attempts=1, base_url=METADATA_BASE_URL, - env=None, user_agent=None, config=None): + def __init__( + self, + timeout=DEFAULT_METADATA_SERVICE_TIMEOUT, + num_attempts=1, + base_url=METADATA_BASE_URL, + env=None, + user_agent=None, + config=None, + ): self._timeout = timeout self._num_attempts = num_attempts if config is None: @@ -350,8 +369,9 @@ class IMDSFetcher(object): return self._base_url def _select_base_url(self, base_url, config): - requires_ipv6 = config.get( - 'ec2_metadata_service_endpoint_mode') == 'ipv6' + requires_ipv6 = ( + config.get('ec2_metadata_service_endpoint_mode') == 'ipv6' + ) custom_metadata_endpoint = config.get('ec2_metadata_service_endpoint') if requires_ipv6 and custom_metadata_endpoint: @@ -370,21 +390,28 @@ class IMDSFetcher(object): else: chosen_base_url = METADATA_BASE_URL - logger.debug("IMDS ENDPOINT: %s" % chosen_base_url) + logger.debug(f"IMDS ENDPOINT: {chosen_base_url}") if not is_valid_uri(chosen_base_url): raise InvalidIMDSEndpointError(endpoint=chosen_base_url) return chosen_base_url + + def _construct_url(self, path): + sep = '' + if self._base_url and not self._base_url.endswith('/'): + sep = '/' + return f'{self._base_url}{sep}{path}' def _fetch_metadata_token(self): self._assert_enabled() - url = self._base_url + self._TOKEN_PATH + url = self._construct_url(self._TOKEN_PATH) headers = { 'x-aws-ec2-metadata-token-ttl-seconds': self._TOKEN_TTL, } self._add_user_agent(headers) request = botocore.awsrequest.AWSRequest( - method='PUT', url=url, headers=headers) + method='PUT', url=url, headers=headers + ) for i in range(self._num_attempts): try: response = self._session.send(request.prepare()) @@ -399,7 +426,11 @@ class IMDSFetcher(object): except RETRYABLE_HTTP_ERRORS as e: logger.debug( "Caught retryable HTTP exception while making metadata " - "service request to %s: %s", url, e, exc_info=True) + "service request to %s: %s", + url, + e, + exc_info=True, + ) except HTTPClientError as e: if isinstance(e.kwargs.get('error'), LocationParseError): raise InvalidIMDSEndpointError(endpoint=url, error=e) @@ -428,7 +459,7 @@ class IMDSFetcher(object): self._assert_v1_enabled() if retry_func is None: retry_func = self._default_retry - url = self._base_url + url_path + url = self._construct_url(url_path) headers = {} if token is not None: headers['x-aws-ec2-metadata-token'] = token @@ -436,14 +467,19 @@ class IMDSFetcher(object): for i in range(self._num_attempts): try: request = botocore.awsrequest.AWSRequest( - method='GET', url=url, headers=headers) + method='GET', url=url, headers=headers + ) response = self._session.send(request.prepare()) if not retry_func(response): return response except RETRYABLE_HTTP_ERRORS as e: logger.debug( "Caught retryable HTTP exception while making metadata " - "service request to %s: %s", url, e, exc_info=True) + "service request to %s: %s", + url, + e, + exc_info=True, + ) raise self._RETRIES_EXCEEDED_ERROR_CLS() def _add_user_agent(self, headers): @@ -462,10 +498,7 @@ class IMDSFetcher(object): ) def _default_retry(self, response): - return ( - self._is_non_ok_response(response) or - self._is_empty(response) - ) + return self._is_non_ok_response(response) or self._is_empty(response) def _is_non_ok_response(self, response): if response.status_code != 200: @@ -484,9 +517,7 @@ class IMDSFetcher(object): "Metadata service returned %s response " "with status code of %s for url: %s" ) - logger_args = [ - reason_to_log, response.status_code, response.url - ] + logger_args = [reason_to_log, response.status_code, response.url] if log_body: statement += ", content body: %s" logger_args.append(response.content) @@ -496,7 +527,10 @@ class IMDSFetcher(object): class InstanceMetadataFetcher(IMDSFetcher): _URL_PATH = 'latest/meta-data/iam/security-credentials/' _REQUIRED_CREDENTIAL_FIELDS = [ - 'AccessKeyId', 'SecretAccessKey', 'Token', 'Expiration' + 'AccessKeyId', + 'SecretAccessKey', + 'Token', + 'Expiration', ] def retrieve_iam_role_credentials(self): @@ -524,13 +558,18 @@ class InstanceMetadataFetcher(IMDSFetche # retrieve credentials. These error will contain both a # Code and Message key. if 'Code' in credentials and 'Message' in credentials: - logger.debug('Error response received when retrieving' - 'credentials: %s.', credentials) + logger.debug( + 'Error response received when retrieving' + 'credentials: %s.', + credentials, + ) return {} except self._RETRIES_EXCEEDED_ERROR_CLS: - logger.debug("Max number of attempts exceeded (%s) when " - "attempting to retrieve data from metadata service.", - self._num_attempts) + logger.debug( + "Max number of attempts exceeded (%s) when " + "attempting to retrieve data from metadata service.", + self._num_attempts, + ) except BadIMDSRequestError as e: logger.debug("Bad IMDS request: %s", e.request) return {} @@ -559,16 +598,13 @@ class InstanceMetadataFetcher(IMDSFetche return True def _needs_retry_for_role_name(self, response): - return ( - self._is_non_ok_response(response) or - self._is_empty(response) - ) + return self._is_non_ok_response(response) or self._is_empty(response) def _needs_retry_for_credentials(self, response): return ( - self._is_non_ok_response(response) or - self._is_empty(response) or - self._is_invalid_json(response) + self._is_non_ok_response(response) + or self._is_empty(response) + or self._is_invalid_json(response) ) def _contains_all_credential_fields(self, credentials): @@ -576,7 +612,8 @@ class InstanceMetadataFetcher(IMDSFetche if field not in credentials: logger.debug( 'Retrieved credentials is missing required field: %s', - field) + field, + ) return False return True @@ -591,13 +628,19 @@ class InstanceMetadataFetcher(IMDSFetche refresh_interval = self._config.get( "ec2_credential_refresh_window", 60 * 10 ) - refresh_interval_with_jitter = refresh_interval + random.randint(120, 600) + refresh_interval_with_jitter = refresh_interval + random.randint( + 120, 600 + ) current_time = datetime.datetime.utcnow() - refresh_offset = datetime.timedelta(seconds=refresh_interval_with_jitter) + refresh_offset = datetime.timedelta( + seconds=refresh_interval_with_jitter + ) extension_time = expiration - refresh_offset if current_time >= extension_time: new_time = current_time + refresh_offset - credentials["expiry_time"] = new_time.strftime("%Y-%m-%dT%H:%M:%SZ") + credentials["expiry_time"] = new_time.strftime( + "%Y-%m-%dT%H:%M:%SZ" + ) logger.info( f"Attempting credential expiration extension due to a " f"credential service availability issue. A refresh of " @@ -640,7 +683,7 @@ def merge_dicts(dict1, dict2, append_lis def lowercase_dict(original): - """Copies the given dictionary ensuring all keys are lowercase strings. """ + """Copies the given dictionary ensuring all keys are lowercase strings.""" copy = {} for key in original: copy[key.lower()] = original[key] @@ -699,11 +742,13 @@ def percent_encode_sequence(mapping, saf for key, value in pairs: if isinstance(value, list): for element in value: - encoded_pairs.append('%s=%s' % (percent_encode(key), - percent_encode(element))) + encoded_pairs.append( + f'{percent_encode(key)}={percent_encode(element)}' + ) else: - encoded_pairs.append('%s=%s' % (percent_encode(key), - percent_encode(value))) + encoded_pairs.append( + f'{percent_encode(key)}={percent_encode(value)}' + ) return '&'.join(encoded_pairs) @@ -760,7 +805,7 @@ def _parse_timestamp_with_tzinfo(value, # enforce that GMT == UTC. return dateutil.parser.parse(value, tzinfos={'GMT': tzutc()}) except (TypeError, ValueError) as e: - raise ValueError('Invalid timestamp "%s": %s' % (value, e)) + raise ValueError(f'Invalid timestamp "{value}": {e}') def parse_timestamp(value): @@ -807,7 +852,7 @@ def parse_timestamp(value): exc_info=e, ) raise RuntimeError( - 'Unable to calculate correct timezone offset for "%s"' % value + f'Unable to calculate correct timezone offset for "{value}"' ) @@ -954,7 +999,7 @@ def _in_pairs(iterable): return zip_longest(shared_iter, shared_iter) -class CachedProperty(object): +class CachedProperty: """A read only property that caches the initially computed value. This descriptor will only call the provided ``fget`` function once. @@ -974,7 +1019,7 @@ class CachedProperty(object): return computed_value -class ArgumentGenerator(object): +class ArgumentGenerator: """Generate sample input based on a shape model. This class contains a ``generate_skeleton`` method that will take @@ -1000,6 +1045,7 @@ class ArgumentGenerator(object): print("Sample input for dynamodb.CreateTable: %s" % sample_input) """ + def __init__(self, use_member_names=False): self._use_member_names = use_member_names @@ -1048,7 +1094,8 @@ class ArgumentGenerator(object): return skeleton for member_name, member_shape in shape.members.items(): skeleton[member_name] = self._generate_skeleton( - member_shape, stack, name=member_name) + member_shape, stack, name=member_name + ) return skeleton def _generate_type_list(self, shape, stack): @@ -1074,6 +1121,7 @@ def is_valid_ipv6_endpoint_url(endpoint_ hostname = f'[{urlparse(endpoint_url).hostname}]' return IPV6_ADDRZ_RE.match(hostname) is not None + def is_valid_ipv4_endpoint_url(endpoint_url): hostname = urlparse(endpoint_url).hostname return IPV4_RE.match(hostname) is not None @@ -1103,11 +1151,16 @@ def is_valid_endpoint_url(endpoint_url): hostname = hostname[:-1] allowed = re.compile( r"^((?!-)[A-Z\d-]{1,63}(?accesspoint|outpost)[/:](?P.+)$' ) @@ -1912,9 +1982,7 @@ class S3ArnParamHandler(object): r'^(?P[a-zA-Z0-9\-]{1,63})[/:]accesspoint[/:]' r'(?P[a-zA-Z0-9\-]{1,63}$)' ) - _BLACKLISTED_OPERATIONS = [ - 'CreateBucket' - ] + _BLACKLISTED_OPERATIONS = ['CreateBucket'] def __init__(self, arn_parser=None): self._arn_parser = arn_parser @@ -1991,13 +2059,19 @@ class S3ArnParamHandler(object): } -class S3EndpointSetter(object): +class S3EndpointSetter: _DEFAULT_PARTITION = 'aws' _DEFAULT_DNS_SUFFIX = 'amazonaws.com' - def __init__(self, endpoint_resolver, region=None, - s3_config=None, endpoint_url=None, partition=None, - use_fips_endpoint=False): + def __init__( + self, + endpoint_resolver, + region=None, + s3_config=None, + endpoint_url=None, + partition=None, + use_fips_endpoint=False, + ): # This is calling the endpoint_resolver in regions.py self._endpoint_resolver = endpoint_resolver self._region = region @@ -2015,7 +2089,7 @@ class S3EndpointSetter(object): event_emitter.register('choose-signer.s3', self.set_signer) event_emitter.register( 'before-call.s3.WriteGetObjectResponse', - self.update_endpoint_to_s3_object_lambda + self.update_endpoint_to_s3_object_lambda, ) def update_endpoint_to_s3_object_lambda(self, params, context, **kwargs): @@ -2031,7 +2105,9 @@ class S3EndpointSetter(object): resolver = self._endpoint_resolver # Constructing endpoints as s3-object-lambda as region - resolved = resolver.construct_endpoint('s3-object-lambda', self._region) + resolved = resolver.construct_endpoint( + 's3-object-lambda', self._region + ) # Ideally we would be able to replace the endpoint before # serialization but there's no event to do that currently @@ -2049,9 +2125,9 @@ class S3EndpointSetter(object): self._validate_fips_supported(request) self._validate_global_regions(request) region_name = self._resolve_region_for_accesspoint_endpoint( - request) - self._resolve_signing_name_for_accesspoint_endpoint( - request) + request + ) + self._resolve_signing_name_for_accesspoint_endpoint(request) self._switch_to_accesspoint_endpoint(request, region_name) return if self._use_accelerate_endpoint: @@ -2059,8 +2135,8 @@ class S3EndpointSetter(object): raise UnsupportedS3ConfigurationError( msg=( 'Client is configured to use the FIPS psuedo region ' - 'for "%s", but S3 Accelerate does not have any FIPS ' - 'compatible endpoints.' % (self._region) + f'for "{self._region}", but S3 Accelerate does not have any FIPS ' + 'compatible endpoints.' ) ) switch_host_s3_accelerate(request=request, **kwargs) @@ -2075,16 +2151,13 @@ class S3EndpointSetter(object): return if 'fips' in request.context['s3_accesspoint']['region']: raise UnsupportedS3AccesspointConfigurationError( - msg={ - 'Invalid ARN, FIPS region not allowed in ARN.' - } + msg={'Invalid ARN, FIPS region not allowed in ARN.'} ) if 'outpost_name' in request.context['s3_accesspoint']: raise UnsupportedS3AccesspointConfigurationError( msg=( - 'Client is configured to use the FIPS psuedo-region "%s", ' - 'but outpost ARNs do not support FIPS endpoints.' % ( - self._region) + f'Client is configured to use the FIPS psuedo-region "{self._region}", ' + 'but outpost ARNs do not support FIPS endpoints.' ) ) # Transforming psuedo region to actual region @@ -2096,11 +2169,10 @@ class S3EndpointSetter(object): raise UnsupportedS3AccesspointConfigurationError( msg=( 'Client is configured to use the FIPS psuedo-region ' - 'for "%s", but the access-point ARN provided is for ' - 'the "%s" region. For clients using a FIPS ' + f'for "{self._region}", but the access-point ARN provided is for ' + f'the "{accesspoint_region}" region. For clients using a FIPS ' 'psuedo-region calls to access-point ARNs in another ' - 'region are not allowed.' % (self._region, - accesspoint_region) + 'region are not allowed.' ) ) @@ -2111,8 +2183,8 @@ class S3EndpointSetter(object): raise UnsupportedS3AccesspointConfigurationError( msg=( 'Client is configured to use the global psuedo-region ' - '"%s". When providing access-point ARNs a regional ' - 'endpoint must be specified.' % self._region + f'"{self._region}". When providing access-point ARNs a regional ' + 'endpoint must be specified.' ) ) @@ -2128,14 +2200,15 @@ class S3EndpointSetter(object): if request_partition != self._partition: raise UnsupportedS3AccesspointConfigurationError( msg=( - 'Client is configured for "%s" partition, but access-point' - ' ARN provided is for "%s" partition. The client and ' - ' access-point partition must be the same.' % ( - self._partition, request_partition) + f'Client is configured for "{self._partition}" partition, but access-point' + f' ARN provided is for "{request_partition}" partition. The client and ' + ' access-point partition must be the same.' ) ) s3_service = request.context['s3_accesspoint'].get('service') - if s3_service == 's3-object-lambda' and self._s3_config.get('use_dualstack_endpoint'): + if s3_service == 's3-object-lambda' and self._s3_config.get( + 'use_dualstack_endpoint' + ): raise UnsupportedS3AccesspointConfigurationError( msg=( 'Client does not support s3 dualstack configuration ' @@ -2193,16 +2266,20 @@ class S3EndpointSetter(object): def _switch_to_accesspoint_endpoint(self, request, region_name): original_components = urlsplit(request.url) - accesspoint_endpoint = urlunsplit(( - original_components.scheme, - self._get_netloc(request.context, region_name), - self._get_accesspoint_path( - original_components.path, request.context), - original_components.query, - '' - )) + accesspoint_endpoint = urlunsplit( + ( + original_components.scheme, + self._get_netloc(request.context, region_name), + self._get_accesspoint_path( + original_components.path, request.context + ), + original_components.query, + '', + ) + ) logger.debug( - 'Updating URI from %s to %s' % (request.url, accesspoint_endpoint)) + f'Updating URI from {request.url} to {accesspoint_endpoint}' + ) request.url = accesspoint_endpoint def _get_netloc(self, request_context, region_name): @@ -2214,9 +2291,7 @@ class S3EndpointSetter(object): def _get_mrap_netloc(self, request_context): s3_accesspoint = request_context['s3_accesspoint'] region_name = 's3-global' - mrap_netloc_components = [ - s3_accesspoint['name'] - ] + mrap_netloc_components = [s3_accesspoint['name']] if self._endpoint_url: endpoint_url_netloc = urlsplit(self._endpoint_url).netloc mrap_netloc_components.append(endpoint_url_netloc) @@ -2226,7 +2301,7 @@ class S3EndpointSetter(object): [ 'accesspoint', region_name, - self._get_partition_dns_suffix(partition) + self._get_partition_dns_suffix(partition), ] ) return '.'.join(mrap_netloc_components) @@ -2234,7 +2309,7 @@ class S3EndpointSetter(object): def _get_accesspoint_netloc(self, request_context, region_name): s3_accesspoint = request_context['s3_accesspoint'] accesspoint_netloc_components = [ - '%s-%s' % (s3_accesspoint['name'], s3_accesspoint['account']), + '{}-{}'.format(s3_accesspoint['name'], s3_accesspoint['account']), ] outpost_name = s3_accesspoint.get('outpost_name') if self._endpoint_url: @@ -2248,25 +2323,24 @@ class S3EndpointSetter(object): accesspoint_netloc_components.extend(outpost_host) elif s3_accesspoint['service'] == 's3-object-lambda': component = self._inject_fips_if_needed( - 's3-object-lambda', request_context) + 's3-object-lambda', request_context + ) accesspoint_netloc_components.append(component) else: component = self._inject_fips_if_needed( - 's3-accesspoint', request_context) + 's3-accesspoint', request_context + ) accesspoint_netloc_components.append(component) if self._s3_config.get('use_dualstack_endpoint'): accesspoint_netloc_components.append('dualstack') accesspoint_netloc_components.extend( - [ - region_name, - self._get_dns_suffix(region_name) - ] + [region_name, self._get_dns_suffix(region_name)] ) return '.'.join(accesspoint_netloc_components) def _inject_fips_if_needed(self, component, request_context): if self._use_fips_endpoint: - return '%s-fips' % component + return f'{component}-fips' return component def _get_accesspoint_path(self, original_path, request_context): @@ -2288,7 +2362,8 @@ class S3EndpointSetter(object): def _get_dns_suffix(self, region_name): resolved = self._endpoint_resolver.construct_endpoint( - 's3', region_name) + 's3', region_name + ) dns_suffix = self._DEFAULT_DNS_SUFFIX if resolved and 'dnsSuffix' in resolved: dns_suffix = resolved['dnsSuffix'] @@ -2375,21 +2450,29 @@ class S3EndpointSetter(object): logger.debug("Using S3 path style addressing.") return None - logger.debug("Defaulting to S3 virtual host style addressing with " - "path style addressing fallback.") + logger.debug( + "Defaulting to S3 virtual host style addressing with " + "path style addressing fallback." + ) # By default, try to use virtual style with path fallback. return fix_s3_host -class S3ControlEndpointSetter(object): +class S3ControlEndpointSetter: _DEFAULT_PARTITION = 'aws' _DEFAULT_DNS_SUFFIX = 'amazonaws.com' _HOST_LABEL_REGEX = re.compile(r'^[a-zA-Z0-9\-]{1,63}$') - def __init__(self, endpoint_resolver, region=None, - s3_config=None, endpoint_url=None, partition=None, - use_fips_endpoint=False): + def __init__( + self, + endpoint_resolver, + region=None, + s3_config=None, + endpoint_url=None, + partition=None, + use_fips_endpoint=False, + ): self._endpoint_resolver = endpoint_resolver self._region = region self._s3_config = s3_config @@ -2413,7 +2496,6 @@ class S3ControlEndpointSetter(object): self._add_headers_from_arn_details(request) elif self._use_endpoint_from_outpost_id(request): self._validate_outpost_redirection_valid(request) - outpost_id = request.context['outpost_id'] self._override_signing_name(request, 's3-outposts') new_netloc = self._construct_outpost_endpoint(self._region) self._update_request_netloc(request, new_netloc) @@ -2428,27 +2510,24 @@ class S3ControlEndpointSetter(object): if 'fips' in request.context['arn_details']['region']: raise UnsupportedS3ControlArnError( arn=request.context['arn_details']['original'], - msg={ - 'Invalid ARN, FIPS region not allowed in ARN.' - } + msg={'Invalid ARN, FIPS region not allowed in ARN.'}, ) if not self._s3_config.get('use_arn_region', False): arn_region = request.context['arn_details']['region'] if arn_region != self._region: error_msg = ( 'The use_arn_region configuration is disabled but ' - 'received arn for "%s" when the client is configured ' - 'to use "%s"' - ) % (arn_region, self._region) + f'received arn for "{arn_region}" when the client is configured ' + f'to use "{self._region}"' + ) raise UnsupportedS3ControlConfigurationError(msg=error_msg) request_partion = request.context['arn_details']['partition'] if request_partion != self._partition: raise UnsupportedS3ControlConfigurationError( msg=( - 'Client is configured for "%s" partition, but arn ' - 'provided is for "%s" partition. The client and ' - 'arn partition must be the same.' % ( - self._partition, request_partion) + f'Client is configured for "{self._partition}" partition, but arn ' + f'provided is for "{request_partion}" partition. The client and ' + 'arn partition must be the same.' ) ) if self._s3_config.get('use_accelerate_endpoint'): @@ -2482,20 +2561,24 @@ class S3ControlEndpointSetter(object): return arn_service def _resolve_endpoint_from_arn_details(self, request, region_name): - new_netloc = self._resolve_netloc_from_arn_details(request, region_name) + new_netloc = self._resolve_netloc_from_arn_details( + request, region_name + ) self._update_request_netloc(request, new_netloc) def _update_request_netloc(self, request, new_netloc): original_components = urlsplit(request.url) - arn_details_endpoint = urlunsplit(( - original_components.scheme, - new_netloc, - original_components.path, - original_components.query, - '' - )) + arn_details_endpoint = urlunsplit( + ( + original_components.scheme, + new_netloc, + original_components.path, + original_components.query, + '', + ) + ) logger.debug( - 'Updating URI from %s to %s' % (request.url, arn_details_endpoint) + f'Updating URI from {request.url} to {arn_details_endpoint}' ) request.url = arn_details_endpoint @@ -2555,7 +2638,8 @@ class S3ControlEndpointSetter(object): def _get_dns_suffix(self, region_name): resolved = self._endpoint_resolver.construct_endpoint( - 's3', region_name) + 's3', region_name + ) dns_suffix = self._DEFAULT_DNS_SUFFIX if resolved and 'dnsSuffix' in resolved: dns_suffix = resolved['dnsSuffix'] @@ -2636,17 +2720,17 @@ class S3ControlArnParamHandler: return None def _split_resource(self, arn_details): - return self._RESOURCE_SPLIT_REGEX.split(arn_details['resource']) + return self._RESOURCE_SPLIT_REGEX.split(arn_details['resource']) def _override_account_id_param(self, params, arn_details): account_id = arn_details['account'] if 'AccountId' in params and params['AccountId'] != account_id: error_msg = ( 'Account ID in arn does not match the AccountId parameter ' - 'provided: "%s"' - ) % params['AccountId'] + 'provided: "{}"' + ).format(params['AccountId']) raise UnsupportedS3ControlArnError( - arn=arn_details['original'], + arn=arn_details['original'], msg=error_msg, ) params['AccountId'] = account_id @@ -2799,8 +2883,7 @@ class S3ControlArnParamHandlerv2(S3Contr ) -class ContainerMetadataFetcher(object): - +class ContainerMetadataFetcher: TIMEOUT_SECONDS = 2 RETRY_ATTEMPTS = 3 SLEEP_TIME = 1 @@ -2836,8 +2919,7 @@ class ContainerMetadataFetcher(object): parsed = botocore.compat.urlparse(full_url) if self._is_loopback_address(parsed.hostname): return - is_whitelisted_host = self._check_if_whitelisted_host( - parsed.hostname) + is_whitelisted_host = self._check_if_whitelisted_host(parsed.hostname) if not is_whitelisted_host: raise ValueError( f"Unsupported host '{parsed.hostname}'. Can only retrieve metadata " @@ -2876,10 +2958,15 @@ class ContainerMetadataFetcher(object): while True: try: return self._get_response( - full_url, headers, self.TIMEOUT_SECONDS) + full_url, headers, self.TIMEOUT_SECONDS + ) except MetadataRetrievalError as e: - logger.debug("Received error when attempting to retrieve " - "container metadata: %s", e, exc_info=True) + logger.debug( + "Received error when attempting to retrieve " + "container metadata: %s", + e, + exc_info=True, + ) self._sleep(self.SLEEP_TIME) attempts += 1 if attempts >= self.RETRY_ATTEMPTS: @@ -2912,7 +2999,7 @@ class ContainerMetadataFetcher(object): raise MetadataRetrievalError(error_msg=error_msg) def full_url(self, relative_uri): - return 'http://%s%s' % (self.IP_ADDRESS, relative_uri) + return f'http://{self.IP_ADDRESS}{relative_uri}' def get_environ_proxies(url): @@ -3095,7 +3182,7 @@ def conditionally_calculate_md5(params, params['headers']['Content-MD5'] = md5_digest -class FileWebIdentityTokenLoader(object): +class FileWebIdentityTokenLoader: def __init__(self, web_identity_token_path, _open=open): self._web_identity_token_path = web_identity_token_path self._open = _open @@ -3105,18 +3192,23 @@ class FileWebIdentityTokenLoader(object) return token_file.read() -class BaseSSOTokenFetcher(object): +class BaseSSOTokenFetcher: """Base class for SSO token fetchers, for functionality shared between the device and authorization code grant flows. """ + _EXPIRY_WINDOW = 15 * 60 _CLIENT_REGISTRATION_TYPE = 'public' _USER_AGENT_EXTRA = None def __init__( - self, sso_region, client_creator, - parsed_globals, cache=None, - on_pending_authorization=None, time_fetcher=None + self, + sso_region, + client_creator, + parsed_globals, + cache=None, + on_pending_authorization=None, + time_fetcher=None, ): self._sso_region = sso_region self._client_creator = client_creator @@ -3207,6 +3299,7 @@ class BaseSSOTokenFetcher(object): class SSOTokenFetcher(BaseSSOTokenFetcher): """Performs the device grant OAuth2.0 flow""" + # The device flow RFC defines the slow-down delay to be an additional # 5 seconds: # https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15#section-3.5 @@ -3272,10 +3365,9 @@ class SSOTokenFetcher(BaseSSOTokenFetche ) if not force_refresh and cache_key in self._cache: registration = self._cache[cache_key] - if ( - not self._is_expired(registration) - and not self._is_registration_for_auth_code(registration) - ): + if not self._is_expired( + registration + ) and not self._is_registration_for_auth_code(registration): return registration registration = self._register_client( @@ -3345,7 +3437,11 @@ class SSOTokenFetcher(BaseSSOTokenFetche self._sleep(interval) def _create_token_attempt( - self, start_url, registration, authorization, interval, + self, + start_url, + registration, + authorization, + interval, ): try: response = self._client.create_token( @@ -3416,6 +3512,7 @@ class SSOTokenFetcher(BaseSSOTokenFetche class SSOTokenFetcherAuth(BaseSSOTokenFetcher): """Performs the authorization code grant with PKCE OAuth2.0 flow""" + _AUTH_GRANT_TYPES = ('authorization_code', 'refresh_token') _AUTH_GRANT_DEFAULT_SCOPE = 'sso:account:access' _USER_AGENT_EXTRA = 'md/sso#auth' @@ -3443,9 +3540,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe # Generate the PKCE pair self.code_verifier = ''.join( - secrets.choice( - string.ascii_letters + string.digits + '-._~' - ) + secrets.choice(string.ascii_letters + string.digits + '-._~') for _ in range(64) ) self.code_challenge = base64.urlsafe_b64encode( @@ -3471,7 +3566,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe 'clientSecret': response['clientSecret'], 'expiresAt': expires_at, 'scopes': register_kwargs['scopes'], - 'grantTypes': register_kwargs['grantTypes'] + 'grantTypes': register_kwargs['grantTypes'], } return registration @@ -3490,17 +3585,16 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe ) if not force_refresh and cache_key in self._cache: registration = self._cache[cache_key] - if ( - not self._is_expired(registration) - and self._is_registration_for_auth_code(registration) - ): + if not self._is_expired( + registration + ) and self._is_registration_for_auth_code(registration): return registration registration = self._register_client( session_name, scopes, self._auth_code_fetcher.redirect_uri_without_port(), - start_url + start_url, ) self._cache[cache_key] = registration return registration @@ -3526,10 +3620,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe self._client.meta.events.register( 'before-call', self._extract_resolved_endpoint ) - self._client.register_client( - clientName='temp', - clientType='public' - ) + self._client.register_client(clientName='temp', clientType='public') self._client.meta.events.unregister( 'before-call', self._extract_resolved_endpoint ) @@ -3537,18 +3628,14 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe return self._base_endpoint def _get_authorization_uri( - self, - client_id, - registration_scopes, - expected_state + self, client_id, registration_scopes, expected_state ): - query_params = { 'response_type': 'code', 'client_id': client_id, 'redirect_uri': self._auth_code_fetcher.redirect_uri_with_port(), 'state': expected_state, - 'code_challenge_method': 'S256' + 'code_challenge_method': 'S256', # Don't want to encode code_challenge again, so we append below } @@ -3574,9 +3661,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe expected_state = uuid.uuid4() authorization_uri = self._get_authorization_uri( - registration['clientId'], - registration_scopes, - expected_state + registration['clientId'], registration_scopes, expected_state ) # Even though there's just one URI, this matches the inputs @@ -3584,7 +3669,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe authorization_args = { 'verificationUri': authorization_uri, 'verificationUriComplete': authorization_uri, - 'userCode': None + 'userCode': None, } # Open/display the link, then block until the redirect uri is hit and @@ -3614,7 +3699,7 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe clientSecret=registration['clientSecret'], redirectUri=self._auth_code_fetcher.redirect_uri_with_port(), codeVerifier=self.code_verifier, - code=auth_code + code=auth_code, ) expires_in = datetime.timedelta(seconds=response['expiresIn']) token = { @@ -3648,15 +3733,13 @@ class SSOTokenFetcherAuth(BaseSSOTokenFe return token token = self._get_new_token( - start_url, - session_name, - registration_scopes + start_url, session_name, registration_scopes ) self._cache[cache_key] = token return token -class SSOTokenLoader(object): +class SSOTokenLoader: def __init__(self, cache=None): if cache is None: cache = {} @@ -3694,11 +3777,22 @@ def original_ld_library_path(env=None): # See: https://pyinstaller.readthedocs.io/en/stable/runtime-information.html # When running under pyinstaller, it will set an # LD_LIBRARY_PATH to ensure it prefers its bundled version of libs. - # There are times where we don't want this behavior, for example when + # There are times when we don't want this behavior, for example when # running a separate subprocess. if env is None: env = os.environ + # Unless the user provided an explicit value, set this so + # PyInstaller resets the environment variables used by its + # bootloader causing a subprocess to be treated as new. + # This avoids interfering with starting another PyInstaller + # process, such as the CLI using another instance of itself + # as a credentials process. + should_clear_pyinstaller_reset_environment = False + if 'PYINSTALLER_RESET_ENVIRONMENT' not in env: + env['PYINSTALLER_RESET_ENVIRONMENT'] = '1' + should_clear_pyinstaller_reset_environment = True + value_to_put_back = env.get('LD_LIBRARY_PATH') # The first case is where a user has exported an LD_LIBRARY_PATH # in their env. This will be mapped to LD_LIBRARY_PATH_ORIG. @@ -3713,18 +3807,15 @@ def original_ld_library_path(env=None): finally: if value_to_put_back is not None: env['LD_LIBRARY_PATH'] = value_to_put_back + if should_clear_pyinstaller_reset_environment: + env.pop('PYINSTALLER_RESET_ENVIRONMENT', None) class EventbridgeSignerSetter: _DEFAULT_PARTITION = 'aws' _DEFAULT_DNS_SUFFIX = 'amazonaws.com' - def __init__( - self, - endpoint_resolver, - region=None, - endpoint_url=None - ): + def __init__(self, endpoint_resolver, region=None, endpoint_url=None): self._endpoint_resolver = endpoint_resolver self._region = region self._endpoint_url = endpoint_url @@ -3732,19 +3823,16 @@ class EventbridgeSignerSetter: def register(self, event_emitter): event_emitter.register( 'before-parameter-build.eventbridge.PutEvents', - self.check_for_global_endpoint + self.check_for_global_endpoint, ) event_emitter.register( - 'before-call.eventbridge.PutEvents', - self.set_endpoint_url + 'before-call.eventbridge.PutEvents', self.set_endpoint_url ) def set_endpoint_url(self, params, context, **kwargs): if 'eventbridge_endpoint' in context: endpoint = context['eventbridge_endpoint'] - logger.debug( - f"Rewriting URL from {params['url']} to {endpoint}" - ) + logger.debug(f"Rewriting URL from {params['url']} to {endpoint}") params['url'] = endpoint def check_for_global_endpoint(self, params, context, **kwargs): @@ -3776,8 +3864,7 @@ class EventbridgeSignerSetter: msg='EndpointId is not a valid hostname component.' ) resolved_endpoint = self._get_global_endpoint( - endpoint, - endpoint_variant_tags=endpoint_variant_tags + endpoint, endpoint_variant_tags=endpoint_variant_tags ) else: resolved_endpoint = self._endpoint_url @@ -3792,8 +3879,7 @@ class EventbridgeSignerSetter: if partition is None: partition = self._DEFAULT_PARTITION dns_suffix = resolver.get_partition_dns_suffix( - partition, - endpoint_variant_tags=endpoint_variant_tags + partition, endpoint_variant_tags=endpoint_variant_tags ) if dns_suffix is None: dns_suffix = self._DEFAULT_DNS_SUFFIX @@ -3909,6 +3995,21 @@ def is_s3express_bucket(bucket): return bucket.endswith('--x-s3') +def get_token_from_environment(signing_name, environ=None): + if not isinstance(signing_name, str) or not signing_name.strip(): + return None + + if environ is None: + environ = os.environ + env_var = _get_bearer_env_var_name(signing_name) + return environ.get(env_var) + + +def _get_bearer_env_var_name(signing_name): + bearer_name = signing_name.replace('-', '_').replace(' ', '_').upper() + return f"AWS_BEARER_TOKEN_{bearer_name}" + + # This parameter is not part of the public interface and is subject to abrupt # breaking changes or removal without prior announcement. # Mapping of services that have been renamed for backwards compatibility reasons. diff -pruN 2.23.6-1/awscli/botocore/validate.py 2.31.35-1/awscli/botocore/validate.py --- 2.23.6-1/awscli/botocore/validate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/validate.py 2025-11-12 19:17:29.000000000 +0000 @@ -56,12 +56,17 @@ def type_check(valid_types): def _type_check(param, errors, name): if not isinstance(param, valid_types): valid_type_names = [str(t) for t in valid_types] - errors.report(name, 'invalid type', param=param, - valid_types=valid_type_names) + errors.report( + name, + 'invalid type', + param=param, + valid_types=valid_type_names, + ) return False return True return _on_passes_type_check + return _create_type_check_guard @@ -82,7 +87,7 @@ def range_check(name, value, shape, erro errors.report(name, error_type, param=value, min_allowed=min_allowed) -class ValidationErrors(object): +class ValidationErrors: def __init__(self): self._errors = [] @@ -101,45 +106,71 @@ class ValidationErrors(object): error_type, name, additional = error name = self._get_name(name) if error_type == 'missing required field': - return 'Missing required parameter in %s: "%s"' % ( - name, additional['required_name']) + return 'Missing required parameter in {}: "{}"'.format( + name, + additional['required_name'], + ) elif error_type == 'unknown field': - return 'Unknown parameter in %s: "%s", must be one of: %s' % ( - name, additional['unknown_param'], - ', '.join(additional['valid_names'])) + return 'Unknown parameter in {}: "{}", must be one of: {}'.format( + name, + additional['unknown_param'], + ', '.join(additional['valid_names']), + ) elif error_type == 'invalid type': - return 'Invalid type for parameter %s, value: %s, type: %s, ' \ - 'valid types: %s' % (name, additional['param'], - str(type(additional['param'])), - ', '.join(additional['valid_types'])) + return ( + 'Invalid type for parameter {}, value: {}, type: {}, ' + 'valid types: {}'.format( + name, + additional['param'], + str(type(additional['param'])), + ', '.join(additional['valid_types']), + ) + ) elif error_type == 'invalid range': min_allowed = additional['min_allowed'] - return ('Invalid value for parameter %s, value: %s, ' - 'valid min value: %s' % (name, additional['param'], - min_allowed)) + return ( + 'Invalid value for parameter {}, value: {}, ' + 'valid min value: {}'.format( + name, additional['param'], min_allowed + ) + ) elif error_type == 'invalid length': min_allowed = additional['min_allowed'] - return ('Invalid length for parameter %s, value: %s, ' - 'valid min length: %s' % (name, additional['param'], - min_allowed)) + return ( + 'Invalid length for parameter {}, value: {}, ' + 'valid min length: {}'.format( + name, additional['param'], min_allowed + ) + ) elif error_type == 'unable to encode to json': - return 'Invalid parameter %s must be json serializable: %s' \ - % (name, additional['type_error']) + return 'Invalid parameter {} must be json serializable: {}'.format( + name, + additional['type_error'], + ) elif error_type == 'invalid type for document': - return 'Invalid type for document parameter %s, value: %s, type: %s, ' \ - 'valid types: %s' % (name, additional['param'], - str(type(additional['param'])), - ', '.join(additional['valid_types'])) + return ( + 'Invalid type for document parameter {}, value: {}, type: {}, ' + 'valid types: {}'.format( + name, + additional['param'], + str(type(additional['param'])), + ', '.join(additional['valid_types']), + ) + ) elif error_type == 'more than one input': - return 'Invalid number of parameters set for tagged union structure' \ - ' %s. Can only set one of the following keys: %s.' % ( - name, '. '.join(additional['members']) - ) + return ( + 'Invalid number of parameters set for tagged union structure' + ' {}. Can only set one of the following keys: {}.'.format( + name, '. '.join(additional['members']) + ) + ) elif error_type == 'empty input': - return 'Must set one of the following keys for tagged union' \ - 'structure %s: %s.' % ( - name, '. '.join(additional['members']) - ) + return ( + 'Must set one of the following keys for tagged union' + 'structure {}: {}.'.format( + name, '. '.join(additional['members']) + ) + ) def _get_name(self, name): if not name: @@ -153,7 +184,7 @@ class ValidationErrors(object): self._errors.append((reason, name, kwargs)) -class ParamValidator(object): +class ParamValidator: """Validates parameters against a shape model.""" def validate(self, params, shape): @@ -185,8 +216,9 @@ class ParamValidator(object): if special_validator: special_validator(params, shape, errors, name) else: - getattr(self, '_validate_%s' % shape.type_name)( - params, shape, errors, name) + getattr(self, f'_validate_{shape.type_name}')( + params, shape, errors, name + ) def _validate_jsonvalue_string(self, params, shape, errors, name): # Check to see if a value marked as a jsonvalue can be dumped to @@ -205,15 +237,19 @@ class ParamValidator(object): self._validate_document(params[key], shape, errors, key) elif isinstance(params, list): for index, entity in enumerate(params): - self._validate_document(entity, shape, errors, - '%s[%d]' % (name, index)) + self._validate_document( + entity, shape, errors, '%s[%d]' % (name, index) + ) elif not isinstance(params, (str, int, bool, float)): valid_types = (str, int, bool, float, list, dict) valid_type_names = [str(t) for t in valid_types] - errors.report(name, 'invalid type for document', - param=params, - param_type=type(params), - valid_types=valid_type_names) + errors.report( + name, + 'invalid type for document', + param=params, + param_type=type(params), + valid_types=valid_type_names, + ) @type_check(valid_types=(dict,)) def _validate_structure(self, params, shape, errors, name): @@ -228,21 +264,33 @@ class ParamValidator(object): # Validate required fields. for required_member in shape.metadata.get('required', []): if required_member not in params: - errors.report(name, 'missing required field', - required_name=required_member, user_params=params) + errors.report( + name, + 'missing required field', + required_name=required_member, + user_params=params, + ) members = shape.members known_params = [] # Validate known params. for param in params: if param not in members: - errors.report(name, 'unknown field', unknown_param=param, - valid_names=list(members)) + errors.report( + name, + 'unknown field', + unknown_param=param, + valid_names=list(members), + ) else: known_params.append(param) # Validate structure members. for param in known_params: - self._validate(params[param], shape.members[param], - errors, '%s.%s' % (name, param)) + self._validate( + params[param], + shape.members[param], + errors, + f'{name}.{param}', + ) @type_check(valid_types=(str,)) def _validate_string(self, param, shape, errors, name): @@ -261,16 +309,15 @@ class ParamValidator(object): member_shape = shape.member range_check(name, len(param), shape, 'invalid length', errors) for i, item in enumerate(param): - self._validate(item, member_shape, errors, '%s[%s]' % (name, i)) + self._validate(item, member_shape, errors, f'{name}[{i}]') @type_check(valid_types=(dict,)) def _validate_map(self, param, shape, errors, name): key_shape = shape.key value_shape = shape.value for key, value in param.items(): - self._validate(key, key_shape, errors, "%s (key: %s)" - % (name, key)) - self._validate(value, value_shape, errors, '%s.%s' % (name, key)) + self._validate(key, key_shape, errors, f"{name} (key: {key})") + self._validate(value, value_shape, errors, f'{name}.{key}') @type_check(valid_types=(int,)) def _validate_integer(self, param, shape, errors, name): @@ -283,9 +330,12 @@ class ParamValidator(object): # File like objects are also allowed for blob types. return else: - errors.report(name, 'invalid type', param=param, - valid_types=[str(bytes), str(bytearray), - 'file-like object']) + errors.report( + name, + 'invalid type', + param=param, + valid_types=[str(bytes), str(bytearray), 'file-like object'], + ) @type_check(valid_types=(bool,)) def _validate_boolean(self, param, shape, errors, name): @@ -308,8 +358,9 @@ class ParamValidator(object): is_valid_type = self._type_check_datetime(param) if not is_valid_type: valid_type_names = [str(datetime), 'timestamp-string'] - errors.report(name, 'invalid type', param=param, - valid_types=valid_type_names) + errors.report( + name, 'invalid type', param=param, valid_types=valid_type_names + ) def _type_check_datetime(self, value): try: @@ -321,7 +372,7 @@ class ParamValidator(object): return False -class ParamValidationDecorator(object): +class ParamValidationDecorator: def __init__(self, param_validator, serializer): self._param_validator = param_validator self._serializer = serializer @@ -329,9 +380,11 @@ class ParamValidationDecorator(object): def serialize_to_request(self, parameters, operation_model): input_shape = operation_model.input_shape if input_shape is not None: - report = self._param_validator.validate(parameters, - operation_model.input_shape) + report = self._param_validator.validate( + parameters, operation_model.input_shape + ) if report.has_errors(): raise ParamValidationError(report=report.generate_report()) - return self._serializer.serialize_to_request(parameters, - operation_model) + return self._serializer.serialize_to_request( + parameters, operation_model + ) diff -pruN 2.23.6-1/awscli/botocore/waiter.py 2.31.35-1/awscli/botocore/waiter.py --- 2.23.6-1/awscli/botocore/waiter.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/botocore/waiter.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,9 +12,12 @@ # language governing permissions and limitations under the License. import logging import time +from functools import partial import jmespath +from botocore.context import with_current_context from botocore.docs.docstring import WaiterDocstring +from botocore.useragent import register_feature_id from botocore.utils import get_service_module_name from . import xform_name @@ -44,7 +47,8 @@ def create_waiter_with_client(waiter_nam single_waiter_config = waiter_model.get_waiter(waiter_name) operation_name = xform_name(single_waiter_config.operation) operation_method = NormalizedOperationMethod( - getattr(client, operation_name)) + getattr(client, operation_name) + ) # Create a new wait method that will serve as a proxy to the underlying # Waiter.wait method. This is needed to attach a docstring to the @@ -57,17 +61,16 @@ def create_waiter_with_client(waiter_nam event_emitter=client.meta.events, service_model=client.meta.service_model, service_waiter_model=waiter_model, - include_signature=False + include_signature=False, ) # Rename the waiter class based on the type of waiter. - waiter_class_name = str('%s.Waiter.%s' % ( - get_service_module_name(client.meta.service_model), - waiter_name)) + waiter_class_name = str( + f'{get_service_module_name(client.meta.service_model)}.Waiter.{waiter_name}' + ) # Create the new waiter class - documented_waiter_cls = type( - waiter_class_name, (Waiter,), {'wait': wait}) + documented_waiter_cls = type(waiter_class_name, (Waiter,), {'wait': wait}) # Return an instance of the new waiter class. return documented_waiter_cls( @@ -82,7 +85,7 @@ def is_valid_waiter_error(response): return False -class NormalizedOperationMethod(object): +class NormalizedOperationMethod: def __init__(self, client_method): self._client_method = client_method @@ -93,7 +96,7 @@ class NormalizedOperationMethod(object): return e.response -class WaiterModel(object): +class WaiterModel: SUPPORTED_VERSION = 2 def __init__(self, waiter_config): @@ -123,26 +126,29 @@ class WaiterModel(object): def _verify_supported_version(self, version): if version != self.SUPPORTED_VERSION: raise WaiterConfigError( - error_msg=("Unsupported waiter version, supported version " - "must be: %s, but version of waiter config " - "is: %s" % (self.SUPPORTED_VERSION, - version))) + error_msg=( + "Unsupported waiter version, supported version " + f"must be: {self.SUPPORTED_VERSION}, but version of waiter config " + f"is: {version}" + ) + ) def get_waiter(self, waiter_name): try: single_waiter_config = self._waiter_config[waiter_name] except KeyError: - raise ValueError("Waiter does not exist: %s" % waiter_name) + raise ValueError(f"Waiter does not exist: {waiter_name}") return SingleWaiterConfig(single_waiter_config) -class SingleWaiterConfig(object): +class SingleWaiterConfig: """Represents the waiter configuration for a single waiter. A single waiter is considered the configuration for a single value associated with a named waiter (i.e TableExists). """ + def __init__(self, single_waiter_config): self._config = single_waiter_config @@ -162,7 +168,7 @@ class SingleWaiterConfig(object): return acceptors -class AcceptorConfig(object): +class AcceptorConfig: def __init__(self, config): self.state = config['state'] self.matcher = config['matcher'] @@ -173,17 +179,17 @@ class AcceptorConfig(object): @property def explanation(self): if self.matcher == 'path': - return 'For expression "%s" we matched expected path: "%s"' % (self.argument, self.expected) + return f'For expression "{self.argument}" we matched expected path: "{self.expected}"' elif self.matcher == 'pathAll': - return 'For expression "%s" all members matched excepted path: "%s"' % (self.argument, self.expected) + return f'For expression "{self.argument}" all members matched excepted path: "{self.expected}"' elif self.matcher == 'pathAny': - return 'For expression "%s" we matched expected path: "%s" at least once' % (self.argument, self.expected) + return f'For expression "{self.argument}" we matched expected path: "{self.expected}" at least once' elif self.matcher == 'status': - return 'Matched expected HTTP status code: %s' % self.expected + return f'Matched expected HTTP status code: {self.expected}' elif self.matcher == 'error': - return 'Matched expected service error code: %s' % self.expected + return f'Matched expected service error code: {self.expected}' else: - return 'No explanation for unknown waiter type: "%s"' % self.matcher + return f'No explanation for unknown waiter type: "{self.matcher}"' def _create_matcher_func(self): # An acceptor function is a callable that takes a single value. The @@ -206,7 +212,8 @@ class AcceptorConfig(object): return self._create_error_matcher() else: raise WaiterConfigError( - error_msg="Unknown acceptor: %s" % self.matcher) + error_msg=f"Unknown acceptor: {self.matcher}" + ) def _create_path_matcher(self): expression = jmespath.compile(self.argument) @@ -216,6 +223,7 @@ class AcceptorConfig(object): if is_valid_waiter_error(response): return return expression.search(response) == expected + return acceptor_matches def _create_path_all_matcher(self): @@ -236,6 +244,7 @@ class AcceptorConfig(object): if element != expected: return False return True + return acceptor_matches def _create_path_any_matcher(self): @@ -256,6 +265,7 @@ class AcceptorConfig(object): if element == expected: return True return False + return acceptor_matches def _create_status_matcher(self): @@ -266,8 +276,10 @@ class AcceptorConfig(object): # other than it is a dict, so we don't assume there's # a ResponseMetadata.HTTPStatusCode. status_code = response.get('ResponseMetadata', {}).get( - 'HTTPStatusCode') + 'HTTPStatusCode' + ) return status_code == expected + return acceptor_matches def _create_error_matcher(self): @@ -289,11 +301,11 @@ class AcceptorConfig(object): return "Error" not in response else: return response.get("Error", {}).get("Code", "") == expected - + return acceptor_matches -class Waiter(object): +class Waiter: def __init__(self, name, config, operation_method): """ @@ -315,6 +327,7 @@ class Waiter(object): self.name = name self.config = config + @with_current_context(partial(register_feature_id, 'WAITER')) def wait(self, **kwargs): acceptors = list(self.config.acceptors) current_state = 'waiting' @@ -342,20 +355,19 @@ class Waiter(object): # can just handle here by raising an exception. raise WaiterError( name=self.name, - reason='An error occurred (%s): %s' % ( + reason='An error occurred ({}): {}'.format( response['Error'].get('Code', 'Unknown'), response['Error'].get('Message', 'Unknown'), ), last_response=response, ) if current_state == 'success': - logger.debug("Waiting complete, waiter matched the " - "success state.") + logger.debug( + "Waiting complete, waiter matched the " "success state." + ) return if current_state == 'failure': - reason = 'Waiter encountered a terminal failure state: %s' % ( - acceptor.explanation - ) + reason = f'Waiter encountered a terminal failure state: {acceptor.explanation}' raise WaiterError( name=self.name, reason=reason, @@ -365,9 +377,7 @@ class Waiter(object): if last_matched_acceptor is None: reason = 'Max attempts exceeded' else: - reason = 'Max attempts exceeded. Previously accepted state: %s' %( - acceptor.explanation - ) + reason = f'Max attempts exceeded. Previously accepted state: {acceptor.explanation}' raise WaiterError( name=self.name, reason=reason, diff -pruN 2.23.6-1/awscli/clidocs.py 2.31.35-1/awscli/clidocs.py --- 2.23.6-1/awscli/clidocs.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/clidocs.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,30 +13,34 @@ import logging import os import re + from botocore import xform_name from botocore.model import StringShape from botocore.utils import is_json_value_header -from awscli import SCALAR_TYPES +from awscli import SCALAR_TYPES, __version__ as AWS_CLI_VERSION from awscli.argprocess import ParamShorthandDocGen from awscli.bcdoc.docevents import DOC_EVENTS from awscli.topictags import TopicTagDB from awscli.utils import ( - find_service_and_method_in_event_name, is_document_type, - operation_uses_document_types, is_streaming_blob_type, - is_tagged_union_type + find_service_and_method_in_event_name, + is_document_type, + is_streaming_blob_type, + is_tagged_union_type, + operation_uses_document_types, ) LOG = logging.getLogger(__name__) -EXAMPLES_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), - 'examples') +EXAMPLES_DIR = os.path.join( + os.path.dirname(os.path.abspath(__file__)), 'examples' +) GLOBAL_OPTIONS_FILE = os.path.join(EXAMPLES_DIR, 'global_options.rst') -GLOBAL_OPTIONS_SYNOPSIS_FILE = os.path.join(EXAMPLES_DIR, - 'global_synopsis.rst') - +GLOBAL_OPTIONS_SYNOPSIS_FILE = os.path.join( + EXAMPLES_DIR, 'global_synopsis.rst' +) -class CLIDocumentEventHandler(object): +class CLIDocumentEventHandler: def __init__(self, help_command): self.help_command = help_command self.register(help_command.session, help_command.event_class) @@ -91,9 +95,11 @@ class CLIDocumentEventHandler(object): handler method will be unregistered for the all events of that type for the specified ``event_class``. """ - self._map_handlers(self.help_command.session, - self.help_command.event_class, - self.help_command.session.unregister) + self._map_handlers( + self.help_command.session, + self.help_command.event_class, + self.help_command.session.unregister, + ) # These are default doc handlers that apply in the general case. @@ -108,8 +114,9 @@ class CLIDocumentEventHandler(object): doc.write(' . ') full_cmd_list.append(cmd) full_cmd_name = ' '.join(full_cmd_list) - doc.write(':ref:`%s `' % (cmd, full_cmd_name)) - doc.write(' ]') + doc.write(f':ref:`{cmd} `') + doc.writeln(' ]') + doc.writeln('') def doc_title(self, help_command, **kwargs): doc = help_command.doc @@ -117,7 +124,7 @@ class CLIDocumentEventHandler(object): reference = help_command.event_class.replace('.', ' ') if reference != 'aws': reference = 'aws ' + reference - doc.writeln('.. _cli:%s:' % reference) + doc.writeln(f'.. _cli:{reference}:') doc.style.h1(help_command.name) def doc_description(self, help_command, **kwargs): @@ -131,7 +138,7 @@ class CLIDocumentEventHandler(object): doc = help_command.doc doc.style.h2('Synopsis') doc.style.start_codeblock() - doc.writeln('%s' % help_command.name) + doc.writeln(f'{help_command.name}') def doc_synopsis_option(self, arg_name, help_command, **kwargs): doc = help_command.doc @@ -141,17 +148,19 @@ class CLIDocumentEventHandler(object): # This arg is already documented so we can move on. return option_str = ' | '.join( - [a.cli_name for a in - self._arg_groups[argument.group_name]]) + [a.cli_name for a in self._arg_groups[argument.group_name]] + ) self._documented_arg_groups.append(argument.group_name) elif argument.cli_name.startswith('--'): - option_str = '%s ' % argument.cli_name + option_str = f'{argument.cli_name} ' else: - option_str = '<%s>' % argument.cli_name - if not (argument.required - or getattr(argument, '_DOCUMENT_AS_REQUIRED', False)): - option_str = '[%s]' % option_str - doc.writeln('%s' % option_str) + option_str = f'<{argument.cli_name}>' + if not ( + argument.required + or getattr(argument, '_DOCUMENT_AS_REQUIRED', False) + ): + option_str = f'[{option_str}]' + doc.writeln(f'{option_str}') def doc_synopsis_end(self, help_command, **kwargs): doc = help_command.doc @@ -172,18 +181,32 @@ class CLIDocumentEventHandler(object): def doc_option(self, arg_name, help_command, **kwargs): doc = help_command.doc argument = help_command.arg_table[arg_name] + if argument.required or getattr( + argument, '_DOCUMENT_AS_REQUIRED', False + ): + required_field = ' [required]' + else: + required_field = '' + if argument.group_name in self._arg_groups: if argument.group_name in self._documented_arg_groups: # This arg is already documented so we can move on. return name = ' | '.join( - ['``%s``' % a.cli_name for a in - self._arg_groups[argument.group_name]]) + [ + f'``{a.cli_name}``' + for a in self._arg_groups[argument.group_name] + ] + ) self._documented_arg_groups.append(argument.group_name) else: - name = '``%s``' % argument.cli_name - doc.write('%s (%s)\n' % (name, self._get_argument_type_name( - argument.argument_model, argument.cli_type_name))) + name = f'``{argument.cli_name}``' + doc.write( + f'{name} ' + f'({self._get_argument_type_name(argument.argument_model, argument.cli_type_name)})' + f'{required_field}\n' + ) + doc.style.indent() doc.include_doc_string(argument.documentation) if is_streaming_blob_type(argument.argument_model): @@ -192,6 +215,7 @@ class CLIDocumentEventHandler(object): self._add_tagged_union_note(argument.argument_model, doc) if hasattr(argument, 'argument_model'): self._document_enums(argument.argument_model, doc) + self._document_constraints(argument.argument_model, doc) self._document_nested_structure(argument.argument_model, doc) doc.style.dedent() doc.style.new_paragraph() @@ -210,11 +234,13 @@ class CLIDocumentEventHandler(object): doc = help_command.doc doc.write('* ') doc.style.sphinx_reference_label( - label='cli:%s' % related_item, - text=related_item + label=f'cli:{related_item}', text=related_item ) doc.write('\n') + def doc_meta_description(self, help_command, **kwargs): + pass + def _document_enums(self, model, doc): """Documents top-level parameter enums""" if isinstance(model, StringShape): @@ -223,27 +249,46 @@ class CLIDocumentEventHandler(object): doc.write('Possible values:') doc.style.start_ul() for enum in model.enum: - doc.style.li('``%s``' % enum) + doc.style.li(f'``{enum}``') doc.style.end_ul() def _document_nested_structure(self, model, doc): """Recursively documents parameters in nested structures""" member_type_name = getattr(model, 'type_name', None) if member_type_name == 'structure': + required_members = model.metadata.get('required', []) for member_name, member_shape in model.members.items(): - self._doc_member(doc, member_name, member_shape, - stack=[model.name]) + is_required = member_name in required_members + self._doc_member( + doc, + member_name, + member_shape, + stack=[model.name], + required=is_required, + ) elif member_type_name == 'list': - self._doc_member(doc, '', model.member, stack=[model.name]) + self._doc_member( + doc, '', model.member, stack=[model.name], required=False + ) elif member_type_name == 'map': key_shape = model.key key_name = key_shape.serialization.get('name', 'key') - self._doc_member(doc, key_name, key_shape, stack=[model.name]) + self._doc_member( + doc, key_name, key_shape, stack=[model.name], required=False + ) value_shape = model.value value_name = value_shape.serialization.get('name', 'value') - self._doc_member(doc, value_name, value_shape, stack=[model.name]) + self._doc_member( + doc, + value_name, + value_shape, + stack=[model.name], + required=False, + ) - def _doc_member(self, doc, member_name, member_shape, stack): + def _doc_member( + self, doc, member_name, member_shape, stack, required=False + ): if member_shape.name in stack: # Document the recursion once, otherwise just # note the fact that it's recursive and return. @@ -253,63 +298,103 @@ class CLIDocumentEventHandler(object): return stack.append(member_shape.name) try: - self._do_doc_member(doc, member_name, - member_shape, stack) + self._do_doc_member( + doc, member_name, member_shape, stack, required + ) finally: stack.pop() - def _do_doc_member(self, doc, member_name, member_shape, stack): + def _do_doc_member( + self, doc, member_name, member_shape, stack, required=False + ): docs = member_shape.documentation type_name = self._get_argument_type_name( - member_shape, member_shape.type_name) + member_shape, member_shape.type_name + ) + if member_name: - doc.write('%s -> (%s)' % (member_name, type_name)) + parameter_string = f'{member_name} -> ({type_name})' else: - doc.write('(%s)' % type_name) + parameter_string = f'({type_name})' + + if required: + parameter_string += ' [required]' + + doc.write(parameter_string) + doc.style.indent() doc.style.new_paragraph() doc.include_doc_string(docs) if is_tagged_union_type(member_shape): self._add_tagged_union_note(member_shape, doc) + + self._document_enums(member_shape, doc) + self._document_constraints(member_shape, doc) doc.style.new_paragraph() member_type_name = member_shape.type_name if member_type_name == 'structure': + required_members = member_shape.metadata.get('required', []) for sub_name, sub_shape in member_shape.members.items(): - self._doc_member(doc, sub_name, sub_shape, stack) + sub_required = sub_name in required_members + self._doc_member( + doc, sub_name, sub_shape, stack, required=sub_required + ) elif member_type_name == 'map': key_shape = member_shape.key key_name = key_shape.serialization.get('name', 'key') - self._doc_member(doc, key_name, key_shape, stack) + self._doc_member(doc, key_name, key_shape, stack, required=False) value_shape = member_shape.value value_name = value_shape.serialization.get('name', 'value') - self._doc_member(doc, value_name, value_shape, stack) + self._doc_member( + doc, value_name, value_shape, stack, required=False + ) elif member_type_name == 'list': - self._doc_member(doc, '', member_shape.member, stack) + self._doc_member( + doc, '', member_shape.member, stack, required=False + ) doc.style.dedent() doc.style.new_paragraph() def _add_streaming_blob_note(self, doc): doc.style.start_note() - msg = ("This argument is of type: streaming blob. " - "Its value must be the path to a file " - "(e.g. ``path/to/file``) and must **not** " - "be prefixed with ``file://`` or ``fileb://``") + msg = ( + "This argument is of type: streaming blob. " + "Its value must be the path to a file " + "(e.g. ``path/to/file``) and must **not** " + "be prefixed with ``file://`` or ``fileb://``" + ) doc.writeln(msg) doc.style.end_note() def _add_tagged_union_note(self, shape, doc): doc.style.start_note() - members_str = ", ".join( - [f'``{key}``' for key in shape.members.keys()] + members_str = ", ".join([f'``{key}``' for key in shape.members.keys()]) + msg = ( + "This is a Tagged Union structure. Only one of the " + f"following top level keys can be set: {members_str}." ) - msg = ("This is a Tagged Union structure. Only one of the " - f"following top level keys can be set: {members_str}.") doc.writeln(msg) doc.style.end_note() + def _document_constraints(self, model, doc): + """Documents parameter value constraints""" + if not hasattr(model, 'metadata'): + return + constraints = ['min', 'max', 'pattern'] + if not any( + [constraint in model.metadata for constraint in constraints] + ): + return + doc.style.new_paragraph() + doc.write('Constraints:') + doc.style.start_ul() + for constraint in constraints: + if (val := model.metadata.get(constraint)) is not None: + doc.style.li(f'{constraint}: ``{val}``') + doc.style.end_ul() -class ProviderDocumentEventHandler(CLIDocumentEventHandler): +class ProviderDocumentEventHandler(CLIDocumentEventHandler): def doc_breadcrumbs(self, help_command, event_name, **kwargs): pass @@ -339,12 +424,11 @@ class ProviderDocumentEventHandler(CLIDo def doc_subitem(self, command_name, help_command, **kwargs): doc = help_command.doc - file_name = '%s/index' % command_name + file_name = f'{command_name}/index' doc.style.tocitem(command_name, file_name=file_name) class ServiceDocumentEventHandler(CLIDocumentEventHandler): - # A service document has no synopsis. def doc_synopsis_start(self, help_command, **kwargs): pass @@ -390,15 +474,21 @@ class ServiceDocumentEventHandler(CLIDoc # If the subcommand table has commands in it, # direct the subitem to the command's index because # it has more subcommands to be documented. - if (len(subcommand_table) > 0): - file_name = '%s/index' % command_name + if len(subcommand_table) > 0: + file_name = f'{command_name}/index' doc.style.tocitem(command_name, file_name=file_name) else: doc.style.tocitem(command_name) + def doc_meta_description(self, help_command, **kwargs): + doc = help_command.doc + reference = help_command.event_class.replace('.', ' ') + doc.writeln(".. meta::") + doc.writeln(f" :description: Learn about the AWS CLI {AWS_CLI_VERSION} {reference} commands.") + doc.writeln("") -class OperationDocumentEventHandler(CLIDocumentEventHandler): +class OperationDocumentEventHandler(CLIDocumentEventHandler): AWS_DOC_BASE = 'https://docs.aws.amazon.com/goto/WebAPI' def doc_description(self, help_command, **kwargs): @@ -409,7 +499,6 @@ class OperationDocumentEventHandler(CLID self._add_webapi_crosslink(help_command) self._add_note_for_document_types_if_used(help_command) - def _add_webapi_crosslink(self, help_command): doc = help_command.doc operation_model = help_command.obj @@ -422,8 +511,7 @@ class OperationDocumentEventHandler(CLID return doc.style.new_paragraph() doc.write("See also: ") - link = '%s/%s/%s' % (self.AWS_DOC_BASE, service_uid, - operation_model.name) + link = f'{self.AWS_DOC_BASE}/{service_uid}/{operation_model.name}' doc.style.external_link(title="AWS API Documentation", link=link) doc.writeln('') @@ -431,27 +519,29 @@ class OperationDocumentEventHandler(CLID if operation_uses_document_types(help_command.obj): help_command.doc.style.new_paragraph() help_command.doc.writeln( - '``%s`` uses document type values. Document types follow the ' + f'``{help_command.name}`` uses document type values. Document types follow the ' 'JSON data model where valid values are: strings, numbers, ' 'booleans, null, arrays, and objects. For command input, ' 'options and nested parameters that are labeled with the type ' '``document`` must be provided as JSON. Shorthand syntax does ' - 'not support document types.' % help_command.name + 'not support document types.' ) - def _json_example_value_name(self, argument_model, include_enum_values=True): + def _json_example_value_name( + self, argument_model, include_enum_values=True + ): # If include_enum_values is True, then the valid enum values # are included as the sample JSON value. if isinstance(argument_model, StringShape): if argument_model.enum and include_enum_values: choices = argument_model.enum - return '|'.join(['"%s"' % c for c in choices]) + return '|'.join([f'"{c}"' for c in choices]) else: return '"string"' elif argument_model.type_name == 'boolean': return 'true|false' else: - return '%s' % argument_model.type_name + return f'{argument_model.type_name}' def _json_example(self, doc, argument_model, stack): if argument_model.name in stack: @@ -471,7 +561,9 @@ class OperationDocumentEventHandler(CLID if argument_model.type_name == 'list': doc.write('[') if argument_model.member.type_name in SCALAR_TYPES: - doc.write('%s, ...' % self._json_example_value_name(argument_model.member)) + doc.write( + f'{self._json_example_value_name(argument_model.member)}, ...' + ) else: doc.style.indent() doc.style.new_line() @@ -485,7 +577,7 @@ class OperationDocumentEventHandler(CLID doc.write('{') doc.style.indent() key_string = self._json_example_value_name(argument_model.key) - doc.write('%s: ' % key_string) + doc.write(f'{key_string}: ') if argument_model.value.type_name in SCALAR_TYPES: doc.write(self._json_example_value_name(argument_model.value)) else: @@ -514,16 +606,17 @@ class OperationDocumentEventHandler(CLID member_model = members[member_name] member_type_name = member_model.type_name if member_type_name in SCALAR_TYPES: - doc.write('"%s": %s' % (member_name, - self._json_example_value_name(member_model))) + doc.write( + f'"{member_name}": {self._json_example_value_name(member_model)}' + ) elif member_type_name == 'structure': - doc.write('"%s": ' % member_name) + doc.write(f'"{member_name}": ') self._json_example(doc, member_model, stack) elif member_type_name == 'map': - doc.write('"%s": ' % member_name) + doc.write(f'"{member_name}": ') self._json_example(doc, member_model, stack) elif member_type_name == 'list': - doc.write('"%s": ' % member_name) + doc.write(f'"{member_name}": ') self._json_example(doc, member_model, stack) if i < len(members) - 1: doc.write(',') @@ -533,8 +626,9 @@ class OperationDocumentEventHandler(CLID doc.write('}') def doc_option_example(self, arg_name, help_command, event_name, **kwargs): - service_id, operation_name = \ - find_service_and_method_in_event_name(event_name) + service_id, operation_name = find_service_and_method_in_event_name( + event_name + ) doc = help_command.doc cli_argument = help_command.arg_table[arg_name] if cli_argument.group_name in self._arg_groups: @@ -546,7 +640,8 @@ class OperationDocumentEventHandler(CLID docgen = ParamShorthandDocGen() if docgen.supports_shorthand(cli_argument.argument_model): example_shorthand_syntax = docgen.generate_shorthand_example( - cli_argument, service_id, operation_name) + cli_argument, service_id, operation_name + ) if example_shorthand_syntax is None: # If the shorthand syntax returns a value of None, # this indicates to us that there is no example @@ -560,8 +655,11 @@ class OperationDocumentEventHandler(CLID for example_line in example_shorthand_syntax.splitlines(): doc.writeln(example_line) doc.style.end_codeblock() - if argument_model is not None and argument_model.type_name == 'list' and \ - argument_model.member.type_name in SCALAR_TYPES: + if ( + argument_model is not None + and argument_model.type_name == 'list' + and argument_model.member.type_name in SCALAR_TYPES + ): # A list of scalars is special. While you *can* use # JSON ( ["foo", "bar", "baz"] ), you can also just # use the argparse behavior of space separated lists. @@ -572,12 +670,9 @@ class OperationDocumentEventHandler(CLID doc.write('Syntax') doc.style.start_codeblock() example_type = self._json_example_value_name( - member, include_enum_values=False) - doc.write('%s %s ...' % (example_type, example_type)) - if isinstance(member, StringShape) and member.enum: - # If we have enum values, we can tell the user - # exactly what valid values they can provide. - self._write_valid_enums(doc, member.enum) + member, include_enum_values=False + ) + doc.write(f'{example_type} {example_type} ...') doc.style.end_codeblock() doc.style.new_paragraph() elif cli_argument.cli_type_name not in SCALAR_TYPES: @@ -588,13 +683,6 @@ class OperationDocumentEventHandler(CLID doc.style.end_codeblock() doc.style.new_paragraph() - def _write_valid_enums(self, doc, enum_values): - doc.style.new_paragraph() - doc.write("Where valid values are:\n") - for value in enum_values: - doc.write(" %s\n" % value) - doc.write("\n") - def doc_output(self, help_command, event_name, **kwargs): doc = help_command.doc doc.style.h2('Output') @@ -606,6 +694,12 @@ class OperationDocumentEventHandler(CLID for member_name, member_shape in output_shape.members.items(): self._doc_member(doc, member_name, member_shape, stack=[]) + def doc_meta_description(self, help_command, **kwargs): + doc = help_command.doc + reference = help_command.event_class.replace('.', ' ') + doc.writeln(".. meta::") + doc.writeln(f" :description: Use the AWS CLI {AWS_CLI_VERSION} to run the {reference} command.") + doc.writeln("") class TopicListerDocumentEventHandler(CLIDocumentEventHandler): DESCRIPTION = ( @@ -614,7 +708,8 @@ class TopicListerDocumentEventHandler(CL 'the list of topics from the command line, run ``aws help topics``. ' 'To access a specific topic from the command line, run ' '``aws help [topicname]``, where ``topicname`` is the name of the ' - 'topic as it appears in the output from ``aws help topics``.') + 'topic as it appears in the output from ``aws help topics``.' + ) def __init__(self, help_command): self.help_command = help_command @@ -633,8 +728,8 @@ class TopicListerDocumentEventHandler(CL doc = help_command.doc doc.style.new_paragraph() doc.style.link_target_definition( - refname='cli:aws help %s' % self.help_command.name, - link='') + refname=f'cli:aws help {self.help_command.name}', link='' + ) doc.style.h1('AWS CLI Topic Guide') def doc_description(self, help_command, **kwargs): @@ -674,13 +769,13 @@ class TopicListerDocumentEventHandler(CL # each category. for topic_name in sorted(categories[category_name]): description = self._topic_tag_db.get_tag_single_value( - topic_name, 'description') + topic_name, 'description' + ) doc.write('* ') doc.style.sphinx_reference_label( - label='cli:aws help %s' % topic_name, - text=topic_name + label=f'cli:aws help {topic_name}', text=topic_name ) - doc.write(': %s\n' % description) + doc.write(f': {description}\n') # Add a hidden toctree to make sure everything is connected in # the document. doc.style.hidden_toctree() @@ -689,7 +784,6 @@ class TopicListerDocumentEventHandler(CL class TopicDocumentEventHandler(TopicListerDocumentEventHandler): - def doc_breadcrumbs(self, help_command, **kwargs): doc = help_command.doc if doc.target != 'man': @@ -697,8 +791,7 @@ class TopicDocumentEventHandler(TopicLis doc.style.sphinx_reference_label(label='cli:aws', text='aws') doc.write(' . ') doc.style.sphinx_reference_label( - label='cli:aws help topics', - text='topics' + label='cli:aws help topics', text='topics' ) doc.write(' ]') @@ -706,22 +799,24 @@ class TopicDocumentEventHandler(TopicLis doc = help_command.doc doc.style.new_paragraph() doc.style.link_target_definition( - refname='cli:aws help %s' % self.help_command.name, - link='') + refname=f'cli:aws help {self.help_command.name}', link='' + ) title = self._topic_tag_db.get_tag_single_value( - help_command.name, 'title') + help_command.name, 'title' + ) doc.style.h1(title) def doc_description(self, help_command, **kwargs): doc = help_command.doc - topic_filename = os.path.join(self._topic_tag_db.topic_dir, - help_command.name + '.rst') + topic_filename = os.path.join( + self._topic_tag_db.topic_dir, help_command.name + '.rst' + ) contents = self._remove_tags_from_content(topic_filename) doc.writeln(contents) doc.style.new_paragraph() def _remove_tags_from_content(self, filename): - with open(filename, 'r') as f: + with open(filename) as f: lines = f.readlines() content_begin_index = 0 @@ -759,7 +854,8 @@ class GlobalOptionsDocumenter: for arg in help_command.arg_table: argument = help_command.arg_table.get(arg) help_command.doc.writeln( - f"``{argument.cli_name}`` ({argument.cli_type_name})") + f"``{argument.cli_name}`` ({argument.cli_type_name})" + ) help_command.doc.style.indent() help_command.doc.style.new_paragraph() help_command.doc.include_doc_string(argument.documentation) diff -pruN 2.23.6-1/awscli/clidriver.py 2.31.35-1/awscli/clidriver.py --- 2.23.6-1/awscli/clidriver.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/clidriver.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,69 +10,84 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import copy import json +import logging import os import platform -import sys -import copy -import logging import re +import sys -import distro import botocore.session +import distro from botocore import xform_name -from botocore.compat import copy_kwargs, OrderedDict +from botocore.compat import OrderedDict, copy_kwargs +from botocore.configprovider import ( + ChainProvider, + ConstantProvider, + EnvironmentProvider, + InstanceVarProvider, + ScopedConfigProvider, +) +from botocore.context import start_as_current_context from botocore.history import get_global_history_recorder -from botocore.configprovider import InstanceVarProvider -from botocore.configprovider import EnvironmentProvider -from botocore.configprovider import ScopedConfigProvider -from botocore.configprovider import ConstantProvider -from botocore.configprovider import ChainProvider from awscli import __version__ +from awscli.alias import AliasCommandInjector, AliasLoader +from awscli.argparser import ( + ArgTableArgParser, + FirstPassGlobalArgParser, + MainArgParser, + ServiceArgParser, + SubCommandArgParser, +) +from awscli.argprocess import unpack_argument +from awscli.arguments import ( + BooleanArgument, + CLIArgument, + CustomArgument, + ListArgument, + UnknownArgumentError, +) +from awscli.autoprompt.core import AutoPromptDriver +from awscli.commands import CLICommand from awscli.compat import ( - default_pager, get_stderr_text_writer, get_stdout_text_writer + default_pager, + get_stderr_text_writer, + get_stdout_text_writer, + validate_preferred_output_encoding, +) +from awscli.constants import PARAM_VALIDATION_ERROR_RC +from awscli.errorhandler import ( + construct_cli_error_handlers_chain, + construct_entry_point_handlers_chain, ) from awscli.formatter import get_formatter -from awscli.plugin import load_plugins -from awscli.commands import CLICommand -from awscli.argparser import MainArgParser -from awscli.argparser import FirstPassGlobalArgParser -from awscli.argparser import ServiceArgParser -from awscli.argparser import ArgTableArgParser -from awscli.argparser import SubCommandArgParser -from awscli.help import ProviderHelpCommand -from awscli.help import ServiceHelpCommand -from awscli.help import OperationHelpCommand -from awscli.arguments import CustomArgument -from awscli.arguments import ListArgument -from awscli.arguments import BooleanArgument -from awscli.arguments import CLIArgument -from awscli.arguments import UnknownArgumentError -from awscli.argprocess import unpack_argument -from awscli.alias import AliasLoader -from awscli.alias import AliasCommandInjector +from awscli.help import ( + OperationHelpCommand, + ProviderHelpCommand, + ServiceHelpCommand, +) from awscli.logger import ( - set_stream_logger, remove_stream_logger, enable_crt_logging, disable_crt_logging, + enable_crt_logging, + remove_stream_logger, + set_stream_logger, ) +from awscli.plugin import load_plugins +from awscli.telemetry import add_session_id_component_to_user_agent_extra from awscli.utils import ( + IMDSRegionProvider, + OutputStreamFactory, + add_command_lineage_to_user_agent_extra, add_metadata_component_to_user_agent_extra, - add_command_lineage_to_user_agent_extra -) -from awscli.utils import emit_top_level_args_parsed_event -from awscli.utils import OutputStreamFactory -from awscli.utils import IMDSRegionProvider -from awscli.constants import PARAM_VALIDATION_ERROR_RC -from awscli.autoprompt.core import AutoPromptDriver -from awscli.errorhandler import ( - construct_cli_error_handlers_chain, construct_entry_point_handlers_chain + emit_top_level_args_parsed_event, ) - LOG = logging.getLogger('awscli.clidriver') LOG_FORMAT = ( - '%(asctime)s - %(threadName)s - %(name)s - %(levelname)s - %(message)s') + '%(asctime)s - %(threadName)s - %(name)s - %(levelname)s - %(message)s' +) HISTORY_RECORDER = get_global_history_recorder() METADATA_FILENAME = 'metadata.json' # Don't remove this line. The idna encoding @@ -84,11 +99,12 @@ METADATA_FILENAME = 'metadata.json' # the encodings.idna is imported and registered in the codecs registry, # which will stop the LookupErrors from happening. # See: https://bugs.python.org/issue29288 -u''.encode('idna') +''.encode('idna') def main(): - return AWSCLIEntryPoint().main(sys.argv[1:]) + with start_as_current_context(): + return AWSCLIEntryPoint().main(sys.argv[1:]) def create_clidriver(args=None): @@ -99,19 +115,21 @@ def create_clidriver(args=None): debug = args.debug session = botocore.session.Session() _set_user_agent_for_session(session) - load_plugins(session.full_config.get('plugins', {}), - event_hooks=session.get_component('event_emitter')) + load_plugins( + session.full_config.get('plugins', {}), + event_hooks=session.get_component('event_emitter'), + ) error_handlers_chain = construct_cli_error_handlers_chain() - driver = CLIDriver(session=session, - error_handler=error_handlers_chain, - debug=debug) + driver = CLIDriver( + session=session, error_handler=error_handlers_chain, debug=debug + ) return driver def _get_distribution_source(): metadata_file = os.path.join( os.path.join(os.path.dirname(os.path.abspath(__file__)), 'data'), - METADATA_FILENAME + METADATA_FILENAME, ) metadata = {} if os.path.isfile(metadata_file): @@ -133,7 +151,7 @@ def _get_linux_distribution(): linux_distribution = distro.id() version = distro.major_version() if version: - linux_distribution += '.%s' % version + linux_distribution += f'.{version}' except Exception: pass return linux_distribution @@ -141,9 +159,7 @@ def _get_linux_distribution(): def _add_distribution_source_to_user_agent(session): add_metadata_component_to_user_agent_extra( - session, - 'installer', - _get_distribution_source() + session, 'installer', _get_distribution_source() ) @@ -151,7 +167,7 @@ def _add_linux_distribution_to_user_agen if linux_distribution := _get_distribution(): add_metadata_component_to_user_agent_extra( session, - 'distrib', + 'distrib', linux_distribution, ) @@ -161,14 +177,13 @@ def _set_user_agent_for_session(session) session.user_agent_version = __version__ _add_distribution_source_to_user_agent(session) _add_linux_distribution_to_user_agent(session) + add_session_id_component_to_user_agent_extra(session) def no_pager_handler(session, parsed_args, **kwargs): if parsed_args.no_cli_pager: config_store = session.get_component('config_store') - config_store.set_config_provider( - 'pager', ConstantProvider(value=None) - ) + config_store.set_config_provider('pager', ConstantProvider(value=None)) class AWSCLIEntryPoint: @@ -184,7 +199,7 @@ class AWSCLIEntryPoint: return self._error_handler.handle_exception( e, stdout=get_stdout_text_writer(), - stderr=get_stderr_text_writer() + stderr=get_stderr_text_writer(), ) HISTORY_RECORDER.record('CLI_RC', rc, 'CLI') @@ -222,10 +237,8 @@ class AWSCLIEntryPoint: return rc -class CLIDriver(object): - - def __init__(self, session=None, error_handler=None, - debug=False): +class CLIDriver: + def __init__(self, session=None, error_handler=None, debug=False): if session is None: self.session = botocore.session.get_session() _set_user_agent_for_session(self.session) @@ -245,32 +258,27 @@ class CLIDriver(object): def _update_config_chain(self): config_store = self.session.get_component('config_store') config_store.set_config_provider( - 'region', - self._construct_cli_region_chain() + 'region', self._construct_cli_region_chain() + ) + config_store.set_config_provider( + 'output', self._construct_cli_output_chain() ) config_store.set_config_provider( - 'output', - self._construct_cli_output_chain() + 'pager', self._construct_cli_pager_chain() ) config_store.set_config_provider( - 'pager', - self._construct_cli_pager_chain() + 'cli_binary_format', self._construct_cli_binary_format_chain() ) config_store.set_config_provider( - 'cli_binary_format', - self._construct_cli_binary_format_chain() + 'cli_auto_prompt', self._construct_cli_auto_prompt_chain() ) config_store.set_config_provider( - 'cli_auto_prompt', - self._construct_cli_auto_prompt_chain() + 'cli_help_output', self._construct_cli_help_output_chain() ) def _construct_cli_region_chain(self): providers = [ - InstanceVarProvider( - instance_var='region', - session=self.session - ), + InstanceVarProvider(instance_var='region', session=self.session), EnvironmentProvider( name='AWS_REGION', env=os.environ, @@ -305,6 +313,16 @@ class CLIDriver(object): ] return ChainProvider(providers=providers) + def _construct_cli_help_output_chain(self): + providers = [ + ScopedConfigProvider( + config_var_name='cli_help_output', + session=self.session, + ), + ConstantProvider(value='terminal'), + ] + return ChainProvider(providers=providers) + def _construct_cli_pager_chain(self): providers = [ EnvironmentProvider( @@ -344,8 +362,7 @@ class CLIDriver(object): env=os.environ, ), ScopedConfigProvider( - config_var_name='cli_auto_prompt', - session=self.session + config_var_name='cli_auto_prompt', session=self.session ), ConstantProvider(value='off'), ] @@ -390,24 +407,27 @@ class CLIDriver(object): """ command_table = self._build_builtin_commands(self.session) - self.session.emit('building-command-table.main', - command_table=command_table, - session=self.session, - command_object=self) + self.session.emit( + 'building-command-table.main', + command_table=command_table, + session=self.session, + command_object=self, + ) return command_table def _build_builtin_commands(self, session): commands = OrderedDict() services = session.get_available_services() for service_name in services: - commands[service_name] = ServiceCommand(cli_name=service_name, - session=self.session, - service_name=service_name) + commands[service_name] = ServiceCommand( + cli_name=service_name, + session=self.session, + service_name=service_name, + ) return commands def _add_aliases(self, command_table, parser): - injector = AliasCommandInjector( - self.session, self.alias_loader) + injector = AliasCommandInjector(self.session, self.alias_loader) injector.inject_aliases(command_table, parser) def _build_argument_table(self): @@ -420,29 +440,36 @@ class CLIDriver(object): cli_argument.add_to_arg_table(argument_table) # Then the final step is to send out an event so handlers # can add extra arguments or modify existing arguments. - self.session.emit('building-top-level-params', - session=self.session, - argument_table=argument_table, - driver=self) + self.session.emit( + 'building-top-level-params', + session=self.session, + argument_table=argument_table, + driver=self, + ) return argument_table def _create_cli_argument(self, option_name, option_params): return CustomArgument( - option_name, help_text=option_params.get('help', ''), + option_name, + help_text=option_params.get('help', ''), dest=option_params.get('dest'), default=option_params.get('default'), action=option_params.get('action'), required=option_params.get('required'), choices=option_params.get('choices'), - cli_type_name=option_params.get('type')) + cli_type_name=option_params.get('type'), + ) def create_help_command(self): cli_data = self._get_cli_data() - return ProviderHelpCommand(self.session, self._get_command_table(), - self._get_argument_table(), - cli_data.get('description', None), - cli_data.get('synopsis', None), - cli_data.get('help_usage', None)) + return ProviderHelpCommand( + self.session, + self._get_command_table(), + self._get_argument_table(), + cli_data.get('description', None), + cli_data.get('synopsis', None), + cli_data.get('help_usage', None), + ) def _cli_version(self): version_string = ( @@ -452,8 +479,10 @@ class CLIDriver(object): ) if 'AWS_EXECUTION_ENV' in os.environ: - version_string += f' exec-env/{os.environ.get("AWS_EXECUTION_ENV")}' - + version_string += ( + f' exec-env/{os.environ.get("AWS_EXECUTION_ENV")}' + ) + version_string += f' {_get_distribution_source()}/{platform.machine()}' if linux_distribution := _get_distribution(): @@ -466,10 +495,12 @@ class CLIDriver(object): command_table['help'] = self.create_help_command() cli_data = self._get_cli_data() parser = MainArgParser( - command_table, self._cli_version(), + command_table, + self._cli_version(), cli_data.get('description', None), self._get_argument_table(), - prog="aws") + prog="aws", + ) return parser def main(self, args=None): @@ -492,9 +523,9 @@ class CLIDriver(object): # command table. This is why it's in the try/except clause. parsed_args, remaining = parser.parse_known_args(args) self._handle_top_level_args(parsed_args) + validate_preferred_output_encoding() self._emit_session_event(parsed_args) - HISTORY_RECORDER.record( - 'CLI_VERSION', self._cli_version(), 'CLI') + HISTORY_RECORDER.record('CLI_VERSION', self._cli_version(), 'CLI') HISTORY_RECORDER.record('CLI_ARGUMENTS', args, 'CLI') return command_table[parsed_args.command](remaining, parsed_args) except BaseException as e: @@ -506,7 +537,7 @@ class CLIDriver(object): return self._error_handler.handle_exception( e, stdout=get_stdout_text_writer(), - stderr=get_stderr_text_writer() + stderr=get_stderr_text_writer(), ) def _emit_session_event(self, parsed_args): @@ -516,8 +547,10 @@ class CLIDriver(object): # session components to be reset (such as session.profile = foo) # then all the prior registered components would be removed. self.session.emit( - 'session-initialized', session=self.session, - parsed_args=parsed_args) + 'session-initialized', + session=self.session, + parsed_args=parsed_args, + ) def _show_error(self, msg): LOG.debug(msg, exc_info=True) @@ -536,8 +569,9 @@ class CLIDriver(object): loggers_list = ['botocore', 'awscli', 's3transfer', 'urllib3'] if debug: for logger_name in loggers_list: - set_stream_logger(logger_name, logging.DEBUG, - format_string=LOG_FORMAT) + set_stream_logger( + logger_name, logging.DEBUG, format_string=LOG_FORMAT + ) enable_crt_logging() LOG.debug("CLI version: %s", self._cli_version()) LOG.debug("Arguments entered to CLI: %s", sys.argv[1:]) @@ -548,12 +582,10 @@ class CLIDriver(object): for logger_name in loggers_list: remove_stream_logger(logger_name) disable_crt_logging() - set_stream_logger(logger_name='awscli', - log_level=logging.ERROR) + set_stream_logger(logger_name='awscli', log_level=logging.ERROR) class ServiceCommand(CLICommand): - """A service command for the CLI. For example, ``aws ec2 ...`` we'd create a ServiceCommand @@ -621,7 +653,8 @@ class ServiceCommand(CLICommand): def _get_service_model(self): if self._service_model is None: self._service_model = self.session.get_service_model( - self._service_name) + self._service_name + ) return self._service_model def __call__(self, args, parsed_globals): @@ -646,10 +679,12 @@ class ServiceCommand(CLICommand): operation_model=operation_model, operation_caller=CLIOperationCaller(self.session), ) - self.session.emit('building-command-table.%s' % self._name, - command_table=command_table, - session=self.session, - command_object=self) + self.session.emit( + f'building-command-table.{self._name}', + command_table=command_table, + session=self.session, + command_object=self, + ) self._add_lineage(command_table) return command_table @@ -660,23 +695,25 @@ class ServiceCommand(CLICommand): def create_help_command(self): command_table = self._get_command_table() - return ServiceHelpCommand(session=self.session, - obj=self._get_service_model(), - command_table=command_table, - arg_table=None, - event_class='.'.join(self.lineage_names), - name=self._name) + return ServiceHelpCommand( + session=self.session, + obj=self._get_service_model(), + command_table=command_table, + arg_table=None, + event_class='.'.join(self.lineage_names), + name=self._name, + ) def create_parser(self): command_table = self._get_command_table() # Also add a 'help' command. command_table['help'] = self.create_help_command() return ServiceArgParser( - operations_table=command_table, service_name=self._name) - + operations_table=command_table, service_name=self._name + ) -class ServiceOperation(object): +class ServiceOperation: """A single operation of a service. This class represents a single operation for a service, for @@ -690,8 +727,9 @@ class ServiceOperation(object): } DEFAULT_ARG_CLASS = CLIArgument - def __init__(self, name, parent_name, operation_caller, - operation_model, session): + def __init__( + self, name, parent_name, operation_caller, operation_model, session + ): """ :type name: str @@ -750,7 +788,7 @@ class ServiceOperation(object): subcommand_table = OrderedDict() full_name = '_'.join([c.name for c in self.lineage]) self._session.emit( - 'building-command-table.%s' % full_name, + f'building-command-table.{full_name}', command_table=subcommand_table, session=self._session, command_object=self, @@ -780,18 +818,23 @@ class ServiceOperation(object): def __call__(self, args, parsed_globals): # Once we know we're trying to call a particular operation # of a service we can go ahead and load the parameters. - event = 'before-building-argument-table-parser.%s.%s' % \ - (self._parent_name, self._name) - self._emit(event, argument_table=self.arg_table, args=args, - session=self._session) + event = f'before-building-argument-table-parser.{self._parent_name}.{self._name}' + self._emit( + event, + argument_table=self.arg_table, + args=args, + session=self._session, + ) subcommand_table = self.subcommand_table maybe_parsed_subcommand = self._parse_potential_subcommand( - args, subcommand_table) + args, subcommand_table + ) if maybe_parsed_subcommand is not None: new_args, subcommand_name = maybe_parsed_subcommand return subcommand_table[subcommand_name](new_args, parsed_globals) operation_parser = self._create_operation_parser( - self.arg_table, subcommand_table) + self.arg_table, subcommand_table + ) self._add_help(operation_parser) parsed_args, remaining = operation_parser.parse_known_args(args) if parsed_args.help == 'help': @@ -801,20 +844,21 @@ class ServiceOperation(object): remaining.append(parsed_args.help) if remaining: raise UnknownArgumentError( - "Unknown options: %s" % ', '.join(remaining)) - event = 'operation-args-parsed.%s.%s' % (self._parent_name, - self._name) - self._emit(event, parsed_args=parsed_args, - parsed_globals=parsed_globals) + f"Unknown options: {', '.join(remaining)}" + ) + event = f'operation-args-parsed.{self._parent_name}.{self._name}' + self._emit( + event, parsed_args=parsed_args, parsed_globals=parsed_globals + ) call_parameters = self._build_call_parameters( - parsed_args, self.arg_table) - event = 'calling-command.%s.%s' % (self._parent_name, - self._name) + parsed_args, self.arg_table + ) + event = f'calling-command.{self._parent_name}.{self._name}' override = self._emit_first_non_none_response( event, call_parameters=call_parameters, parsed_args=parsed_args, - parsed_globals=parsed_globals + parsed_globals=parsed_globals, ) # There are two possible values for override. It can be some type # of exception that will be raised if detected or it can represent @@ -837,14 +881,18 @@ class ServiceOperation(object): return self._operation_caller.invoke( self._operation_model.service_model.service_name, self._operation_model.name, - call_parameters, parsed_globals) + call_parameters, + parsed_globals, + ) def create_help_command(self): return OperationHelpCommand( self._session, operation_model=self._operation_model, arg_table=self.arg_table, - name=self._name, event_class='.'.join(self.lineage_names)) + name=self._name, + event_class='.'.join(self.lineage_names), + ) def _add_help(self, parser): # The 'help' output is processed a little differently from @@ -874,8 +922,9 @@ class ServiceOperation(object): service_name = self._operation_model.service_model.endpoint_prefix operation_name = xform_name(self._name, '-') - return unpack_argument(session, service_name, operation_name, - cli_argument, value) + return unpack_argument( + session, service_name, operation_name, cli_argument, value + ) def _create_argument_table(self): argument_table = OrderedDict() @@ -887,8 +936,9 @@ class ServiceOperation(object): arg_dict = input_shape.members for arg_name, arg_shape in arg_dict.items(): cli_arg_name = xform_name(arg_name, '-') - arg_class = self.ARG_TYPES.get(arg_shape.type_name, - self.DEFAULT_ARG_CLASS) + arg_class = self.ARG_TYPES.get( + arg_shape.type_name, self.DEFAULT_ARG_CLASS + ) is_token = arg_shape.metadata.get('idempotencyToken', False) is_required = arg_name in required_arguments and not is_token event_emitter = self._session.get_component('event_emitter') @@ -898,34 +948,36 @@ class ServiceOperation(object): is_required=is_required, operation_model=self._operation_model, serialized_name=arg_name, - event_emitter=event_emitter) + event_emitter=event_emitter, + ) arg_object.add_to_arg_table(argument_table) LOG.debug(argument_table) - self._emit('building-argument-table.%s.%s' % (self._parent_name, - self._name), - operation_model=self._operation_model, - session=self._session, - command=self, - argument_table=argument_table) + self._emit( + f'building-argument-table.{self._parent_name}.{self._name}', + operation_model=self._operation_model, + session=self._session, + command=self, + argument_table=argument_table, + ) return argument_table def _emit(self, name, **kwargs): return self._session.emit(name, **kwargs) def _emit_first_non_none_response(self, name, **kwargs): - return self._session.emit_first_non_none_response( - name, **kwargs) + return self._session.emit_first_non_none_response(name, **kwargs) def _create_operation_parser(self, arg_table, subcommand_table): parser = ArgTableArgParser(arg_table, subcommand_table) return parser def _add_customization_to_user_agent(self): - add_command_lineage_to_user_agent_extra(self._session, self.lineage_names) - + add_command_lineage_to_user_agent_extra( + self._session, self.lineage_names + ) -class CLIOperationCaller(object): +class CLIOperationCaller: """Call an AWS operation and format the response.""" def __init__(self, session): @@ -957,27 +1009,31 @@ class CLIOperationCaller(object): """ client = self._session.create_client( - service_name, region_name=parsed_globals.region, + service_name, + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) response = self._make_client_call( - client, operation_name, parameters, parsed_globals) + client, operation_name, parameters, parsed_globals + ) self._display_response(operation_name, response, parsed_globals) return 0 - def _make_client_call(self, client, operation_name, parameters, - parsed_globals): + def _make_client_call( + self, client, operation_name, parameters, parsed_globals + ): py_operation_name = xform_name(operation_name) if client.can_paginate(py_operation_name) and parsed_globals.paginate: paginator = client.get_paginator(py_operation_name) response = paginator.paginate(**parameters) else: response = getattr(client, xform_name(operation_name))( - **parameters) + **parameters + ) return response - def _display_response(self, command_name, response, - parsed_globals): + def _display_response(self, command_name, response, parsed_globals): output = parsed_globals.output if output is None: output = self._session.get_config_variable('output') diff -pruN 2.23.6-1/awscli/commands.py 2.31.35-1/awscli/commands.py --- 2.23.6-1/awscli/commands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/commands.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,8 +12,7 @@ # language governing permissions and limitations under the License. -class CLICommand(object): - +class CLICommand: """Interface for a CLI command. This class represents a top level CLI command diff -pruN 2.23.6-1/awscli/compat.py 2.31.35-1/awscli/compat.py --- 2.23.6-1/awscli/compat.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/compat.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,27 +10,27 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys -import re -import shlex +import collections.abc as collections_abc +import contextlib +import io +import locale +import logging import os import os.path import platform -import zipfile -import signal -import contextlib -import collections.abc as collections_abc -import locale import queue -import io -from urllib.request import urlopen +import re +import shlex +import signal +import sys +import urllib.parse as urlparse +import zipfile from configparser import RawConfigParser from functools import partial -import urllib.parse as urlparse from urllib.error import URLError +from urllib.request import urlopen -from botocore.compat import six -from botocore.compat import OrderedDict +from botocore.compat import OrderedDict, six # Backwards compatible definitions from six PY3 = sys.version_info[0] == 3 @@ -46,6 +46,7 @@ raw_input = input # package the files in a zip container. try: import zlib + ZIP_COMPRESSION_MODE = zipfile.ZIP_DEFLATED except ImportError: ZIP_COMPRESSION_MODE = zipfile.ZIP_STORED @@ -71,17 +72,20 @@ else: imap = map raw_input = input +OUTPUT_ENCODING_ENV_VAR = 'AWS_CLI_OUTPUT_ENCODING' +PYTHONUTF8_ENV_VAR = 'PYTHONUTF8' + +LOG = logging.getLogger(__name__) + class StdinMissingError(Exception): def __init__(self): - message = ( - 'stdin is required for this operation, but is not available.' - ) + message = 'stdin is required for this operation, but is not available.' super(StdinMissingError, self).__init__(message) -class NonTranslatedStdout(object): - """ This context manager sets the line-end translation mode for stdout. +class NonTranslatedStdout: + """This context manager sets the line-end translation mode for stdout. It is deliberately set to binary mode so that `\r` does not get added to the line ending. This can be useful when printing commands where a @@ -91,13 +95,16 @@ class NonTranslatedStdout(object): def __enter__(self): if sys.platform == "win32": import msvcrt - self.previous_mode = msvcrt.setmode(sys.stdout.fileno(), - os.O_BINARY) + + self.previous_mode = msvcrt.setmode( + sys.stdout.fileno(), os.O_BINARY + ) return sys.stdout def __exit__(self, type, value, traceback): if sys.platform == "win32": import msvcrt + msvcrt.setmode(sys.stdout.fileno(), self.previous_mode) @@ -120,9 +127,56 @@ def get_binary_stdout(): def _get_text_writer(stream, errors): + set_preferred_output_encoding(stream) return stream +def validate_preferred_output_encoding(): + """ + Validate that the preferred output encoding is valid if it's set. + We do this separately from set_preferred_output_encoding because that + may be called from error handlers while handling another exception, which + we still want to print successfully. + """ + if OUTPUT_ENCODING_ENV_VAR in os.environ: + try: + ''.encode(os.environ[OUTPUT_ENCODING_ENV_VAR]) + except LookupError: + raise ValueError( + f'Unknown codec `' + f'{os.environ[OUTPUT_ENCODING_ENV_VAR]}` ' + f'specified for {OUTPUT_ENCODING_ENV_VAR}.' + ) + + +def set_preferred_output_encoding(stream): + """ + If the user specified AWS_CLI_OUTPUT_ENCODING, use that encoding + for the output stream. This lets us move away from the Python-specific + environment variables in the long-term, though we support PYTHONUTF8 + here as well for backwards compatability. + """ + if OUTPUT_ENCODING_ENV_VAR in os.environ: + try: + stream.reconfigure(encoding=os.environ[OUTPUT_ENCODING_ENV_VAR]) + except LookupError: + # At this point we don't want to raise the exception, since we + # could be writing out another error. Callers should call + # validate_preferred_output_encoding first. + LOG.debug( + f'Ignoring invalid codec ' + f'{os.environ[OUTPUT_ENCODING_ENV_VAR]} ' + f'specified for {OUTPUT_ENCODING_ENV_VAR}.' + ) + # Fall back to PYTHONUTF8, for users who were setting it + # before the PyInstaller 6 upgrade which stopped supporting it + elif ( + PYTHONUTF8_ENV_VAR in os.environ + and os.environ[PYTHONUTF8_ENV_VAR] == '1' + ): + stream.reconfigure(encoding='UTF-8') + + def getpreferredencoding(*args, **kwargs): """Use AWS_CLI_FILE_ENCODING environment variable value as encoding, if it's not set use locale.getpreferredencoding() @@ -330,12 +384,12 @@ try: from platform import linux_distribution except ImportError: _UNIXCONFDIR = '/etc' - def _dist_try_harder(distname, version, id): - """ Tries some special tricks to get the distribution - information in case the default method fails. - Currently supports older SuSE Linux, Caldera OpenLinux and - Slackware Linux distributions. + def _dist_try_harder(distname, version, id): + """Tries some special tricks to get the distribution + information in case the default method fails. + Currently supports older SuSE Linux, Caldera OpenLinux and + Slackware Linux distributions. """ if os.path.exists('/var/adm/inst-log/info'): # SuSE Linux stores distribution information in that file @@ -367,7 +421,7 @@ except ImportError: if os.path.isdir('/usr/lib/setup'): # Check for slackware version tag file (thanks to Greg Andruk) verfiles = os.listdir('/usr/lib/setup') - for n in range(len(verfiles)-1, -1, -1): + for n in range(len(verfiles) - 1, -1, -1): if verfiles[n][:14] != 'slack-version-': del verfiles[n] if verfiles: @@ -379,14 +433,13 @@ except ImportError: return distname, version, id _release_filename = re.compile(r'(\w+)[-_](release|version)', re.ASCII) - _lsb_release_version = re.compile(r'(.+)' - r' release ' - r'([\d.]+)' - r'[^(]*(?:\((.+)\))?', re.ASCII) - _release_version = re.compile(r'([^0-9]+)' - r'(?: release )?' - r'([\d.]+)' - r'[^(]*(?:\((.+)\))?', re.ASCII) + _lsb_release_version = re.compile( + r'(.+)' r' release ' r'([\d.]+)' r'[^(]*(?:\((.+)\))?', re.ASCII + ) + _release_version = re.compile( + r'([^0-9]+)' r'(?: release )?' r'([\d.]+)' r'[^(]*(?:\((.+)\))?', + re.ASCII, + ) # See also http://www.novell.com/coolsolutions/feature/11251.html # and http://linuxmafia.com/faq/Admin/release-files.html @@ -394,12 +447,24 @@ except ImportError: # and http://www.die.net/doc/linux/man/man1/lsb_release.1.html _supported_dists = ( - 'SuSE', 'debian', 'fedora', 'redhat', 'centos', - 'mandrake', 'mandriva', 'rocks', 'slackware', 'yellowdog', 'gentoo', - 'UnitedLinux', 'turbolinux', 'arch', 'mageia') + 'SuSE', + 'debian', + 'fedora', + 'redhat', + 'centos', + 'mandrake', + 'mandriva', + 'rocks', + 'slackware', + 'yellowdog', + 'gentoo', + 'UnitedLinux', + 'turbolinux', + 'arch', + 'mageia', + ) def _parse_release_file(firstline): - # Default to empty 'version' and 'id' strings. Both defaults are used # when 'firstline' is empty. 'id' defaults to empty when an id can not # be deduced. @@ -429,34 +494,39 @@ except ImportError: _release_file_re = re.compile(r"(?:DISTRIB_RELEASE\s*=)\s*(.*)", re.I) _codename_file_re = re.compile(r"(?:DISTRIB_CODENAME\s*=)\s*(.*)", re.I) - def linux_distribution(distname='', version='', id='', - supported_dists=_supported_dists, - full_distribution_name=1): - return _linux_distribution(distname, version, id, supported_dists, - full_distribution_name) - - def _linux_distribution(distname, version, id, supported_dists, - full_distribution_name): - - """ Tries to determine the name of the Linux OS distribution name. - The function first looks for a distribution release file in - /etc and then reverts to _dist_try_harder() in case no - suitable files are found. - supported_dists may be given to define the set of Linux - distributions to look for. It defaults to a list of currently - supported Linux distributions identified by their release file - name. - If full_distribution_name is true (default), the full - distribution read from the OS is returned. Otherwise the short - name taken from supported_dists is used. - Returns a tuple (distname, version, id) which default to the - args given as parameters. + def linux_distribution( + distname='', + version='', + id='', + supported_dists=_supported_dists, + full_distribution_name=1, + ): + return _linux_distribution( + distname, version, id, supported_dists, full_distribution_name + ) + + def _linux_distribution( + distname, version, id, supported_dists, full_distribution_name + ): + """Tries to determine the name of the Linux OS distribution name. + The function first looks for a distribution release file in + /etc and then reverts to _dist_try_harder() in case no + suitable files are found. + supported_dists may be given to define the set of Linux + distributions to look for. It defaults to a list of currently + supported Linux distributions identified by their release file + name. + If full_distribution_name is true (default), the full + distribution read from the OS is returned. Otherwise the short + name taken from supported_dists is used. + Returns a tuple (distname, version, id) which default to the + args given as parameters. """ # check for the Debian/Ubuntu /etc/lsb-release file first, needed so # that the distribution doesn't get identified as Debian. # https://bugs.python.org/issue9514 try: - with open("/etc/lsb-release", "r") as etclsbrel: + with open("/etc/lsb-release") as etclsbrel: for line in etclsbrel: m = _distributor_id_file_re.search(line) if m: @@ -469,8 +539,8 @@ except ImportError: _u_id = m.group(1).strip() if _u_distname and _u_version: return (_u_distname, _u_version, _u_id) - except (EnvironmentError, UnboundLocalError): - pass + except (OSError, UnboundLocalError): + pass try: etc = os.listdir(_UNIXCONFDIR) @@ -489,8 +559,11 @@ except ImportError: return _dist_try_harder(distname, version, id) # Read the first line - with open(os.path.join(_UNIXCONFDIR, file), 'r', - encoding='utf-8', errors='surrogateescape') as f: + with open( + os.path.join(_UNIXCONFDIR, file), + encoding='utf-8', + errors='surrogateescape', + ) as f: firstline = f.readline() _distname, _version, _id = _parse_release_file(firstline) diff -pruN 2.23.6-1/awscli/customizations/addexamples.py 2.31.35-1/awscli/customizations/addexamples.py --- 2.23.6-1/awscli/customizations/addexamples.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/addexamples.py 2025-11-12 19:17:29.000000000 +0000 @@ -26,36 +26,38 @@ work you need to: For example, ``examples/ec2/ec2-create-key-pair.rst``. """ -import os -import logging +import logging +import os LOG = logging.getLogger(__name__) def add_examples(help_command, **kwargs): doc_path = os.path.join( - os.path.dirname( - os.path.dirname( - os.path.abspath(__file__))), 'examples') - doc_path = os.path.join(doc_path, - help_command.event_class.replace('.', os.path.sep)) + os.path.dirname(os.path.dirname(os.path.abspath(__file__))), 'examples' + ) + doc_path = os.path.join( + doc_path, help_command.event_class.replace('.', os.path.sep) + ) doc_path = doc_path + '.rst' LOG.debug("Looking for example file at: %s", doc_path) if os.path.isfile(doc_path): help_command.doc.style.h2('Examples') help_command.doc.style.start_note() - msg = ("

    To use the following examples, you must have the AWS " - "CLI installed and configured. See the " - "" - "Getting started guide in the AWS CLI User Guide " - "for more information.

    " - "

    Unless otherwise stated, all examples have unix-like " - "quotation rules. These examples will need to be adapted " - "to your terminal's quoting rules. See " - "" - "Using quotation marks with strings " - "in the AWS CLI User Guide.

    ") + msg = ( + "

    To use the following examples, you must have the AWS " + "CLI installed and configured. See the " + "" + "Getting started guide in the AWS CLI User Guide " + "for more information.

    " + "

    Unless otherwise stated, all examples have unix-like " + "quotation rules. These examples will need to be adapted " + "to your terminal's quoting rules. See " + "" + "Using quotation marks with strings " + "in the AWS CLI User Guide.

    " + ) help_command.doc.include_doc_string(msg) help_command.doc.style.end_note() fp = open(doc_path) diff -pruN 2.23.6-1/awscli/customizations/argrename.py 2.31.35-1/awscli/customizations/argrename.py --- 2.23.6-1/awscli/customizations/argrename.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/argrename.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,12 +10,10 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -""" -""" +""" """ from awscli.customizations import utils - ARGUMENT_RENAMES = { # Mapping of original arg to renamed arg. # The key is ..argname @@ -26,7 +24,6 @@ ARGUMENT_RENAMES = { 'ec2.create-image.no-no-reboot': 'reboot', 'ec2.*.no-egress': 'ingress', 'ec2.*.no-disable-api-termination': 'enable-api-termination', - 'opsworks.*.region': 'stack-region', 'elastictranscoder.*.output': 'job-output', 'swf.register-activity-type.version': 'activity-version', 'swf.register-workflow-type.version': 'workflow-version', @@ -76,8 +73,7 @@ ARGUMENT_RENAMES = { 'stepfunctions.send-task-success.output': 'task-output', 'clouddirectory.publish-schema.version': 'schema-version', 'mturk.list-qualification-types.query': 'types-query', - 'workdocs.create-notification-subscription.endpoint': - 'notification-endpoint', + 'workdocs.create-notification-subscription.endpoint': 'notification-endpoint', 'workdocs.describe-users.query': 'user-query', 'lex-models.delete-bot.version': 'bot-version', 'lex-models.delete-intent.version': 'intent-version', @@ -117,36 +113,41 @@ ARGUMENT_RENAMES = { # This is useful when you need to change the name of an argument but you # still need to support the old argument. HIDDEN_ALIASES = { - 'mgn.*.replication-servers-security-groups-ids': - 'replication-servers-security-groups-i-ds', + 'mgn.*.replication-servers-security-groups-ids': 'replication-servers-security-groups-i-ds', 'mgn.*.source-server-ids': 'source-server-i-ds', - 'mgn.*.replication-configuration-template-ids': - 'replication-configuration-template-i-ds', - 'elasticache.create-replication-group.preferred-cache-cluster-azs': - 'preferred-cache-cluster-a-zs' + 'mgn.*.replication-configuration-template-ids': 'replication-configuration-template-i-ds', + 'elasticache.create-replication-group.preferred-cache-cluster-azs': 'preferred-cache-cluster-a-zs', } def register_arg_renames(cli): for original, new_name in ARGUMENT_RENAMES.items(): event_portion, original_arg_name = original.rsplit('.', 1) - cli.register('building-argument-table.%s' % event_portion, - rename_arg(original_arg_name, new_name)) + cli.register( + 'building-argument-table.%s' % event_portion, + rename_arg(original_arg_name, new_name), + ) for original, new_name in HIDDEN_ALIASES.items(): event_portion, original_arg_name = original.rsplit('.', 1) - cli.register('building-argument-table.%s' % event_portion, - hidden_alias(original_arg_name, new_name)) + cli.register( + 'building-argument-table.%s' % event_portion, + hidden_alias(original_arg_name, new_name), + ) def rename_arg(original_arg_name, new_name): def _rename_arg(argument_table, **kwargs): if original_arg_name in argument_table: utils.rename_argument(argument_table, original_arg_name, new_name) + return _rename_arg def hidden_alias(original_arg_name, alias_name): def _alias_arg(argument_table, **kwargs): if original_arg_name in argument_table: - utils.make_hidden_alias(argument_table, original_arg_name, alias_name) + utils.make_hidden_alias( + argument_table, original_arg_name, alias_name + ) + return _alias_arg diff -pruN 2.23.6-1/awscli/customizations/arguments.py 2.31.35-1/awscli/customizations/arguments.py --- 2.23.6-1/awscli/customizations/arguments.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/arguments.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,10 +13,11 @@ import os import re +import jmespath + from awscli.arguments import CustomArgument from awscli.compat import compat_open from awscli.customizations.exceptions import ParamValidationError -import jmespath def resolve_given_outfile_path(path): @@ -62,8 +63,10 @@ class OverrideRequiredArgsArgument(Custo super(OverrideRequiredArgsArgument, self).__init__(**self.ARG_DATA) def _register_argument_action(self): - self._session.register('before-building-argument-table-parser', - self.override_required_args) + self._session.register( + 'before-building-argument-table-parser', + self.override_required_args, + ) def override_required_args(self, argument_table, args, **kwargs): name_in_cmdline = '--' + self.name @@ -93,16 +96,19 @@ class StatefulArgument(CustomArgument): class QueryOutFileArgument(StatefulArgument): """An argument that write a JMESPath query result to a file""" - def __init__(self, session, name, query, after_call_event, perm, - *args, **kwargs): + def __init__( + self, session, name, query, after_call_event, perm, *args, **kwargs + ): self._session = session self._query = query self._after_call_event = after_call_event self._perm = perm # Generate default help_text if text was not provided. if 'help_text' not in kwargs: - kwargs['help_text'] = ('Saves the command output contents of %s ' - 'to the given filename' % self.query) + kwargs['help_text'] = ( + 'Saves the command output contents of %s ' + 'to the given filename' % self.query + ) super(QueryOutFileArgument, self).__init__(name, *args, **kwargs) @property @@ -129,7 +135,8 @@ class QueryOutFileArgument(StatefulArgum if is_parsed_result_successful(parsed): contents = jmespath.search(self.query, parsed) with compat_open( - self.value, 'w', access_permissions=self.perm) as fp: + self.value, 'w', access_permissions=self.perm + ) as fp: # Don't write 'None' to a file -- write ''. if contents is None: fp.write('') @@ -145,15 +152,21 @@ class QueryOutFileArgument(StatefulArgum os.chmod(self.value, self.perm) -class NestedBlobArgumentHoister(object): +class NestedBlobArgumentHoister: """Can be registered to update a single argument / model value combination mapping that to a new top-level argument. Currently limited to blob argument types as these are the only ones requiring the hoist. """ - def __init__(self, source_arg, source_arg_blob_member, - new_arg, new_arg_doc_string, doc_string_addendum): + def __init__( + self, + source_arg, + source_arg_blob_member, + new_arg, + new_arg_doc_string, + doc_string_addendum, + ): self._source_arg = source_arg self._source_arg_blob_member = source_arg_blob_member self._new_arg = new_arg @@ -163,8 +176,7 @@ class NestedBlobArgumentHoister(object): def __call__(self, session, argument_table, **kwargs): if not self._valid_target(argument_table): return - self._update_arg( - argument_table, self._source_arg, self._new_arg) + self._update_arg(argument_table, self._source_arg, self._new_arg) def _valid_target(self, argument_table): # Find the source argument and check that it has a member of @@ -173,16 +185,18 @@ class NestedBlobArgumentHoister(object): arg = argument_table[self._source_arg] input_model = arg.argument_model member = input_model.members.get(self._source_arg_blob_member) - if (member is not None and - member.type_name == 'blob'): + if member is not None and member.type_name == 'blob': return True return False def _update_arg(self, argument_table, source_arg, new_arg): argument_table[new_arg] = _NestedBlobArgumentParamOverwrite( - new_arg, source_arg, self._source_arg_blob_member, + new_arg, + source_arg, + self._source_arg_blob_member, help_text=self._new_arg_doc_string, - cli_type_name='blob') + cli_type_name='blob', + ) argument_table[source_arg].required = False argument_table[source_arg].documentation += self._doc_string_addendum @@ -190,7 +204,8 @@ class NestedBlobArgumentHoister(object): class _NestedBlobArgumentParamOverwrite(CustomArgument): def __init__(self, new_arg, source_arg, source_arg_blob_member, **kwargs): super(_NestedBlobArgumentParamOverwrite, self).__init__( - new_arg, **kwargs) + new_arg, **kwargs + ) self._param_to_overwrite = _reverse_xform_name(source_arg) self._source_arg_blob_member = source_arg_blob_member diff -pruN 2.23.6-1/awscli/customizations/assumerole.py 2.31.35-1/awscli/customizations/assumerole.py --- 2.23.6-1/awscli/customizations/assumerole.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/assumerole.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,17 +1,19 @@ -import os import logging +import os -from botocore.exceptions import ProfileNotFound from botocore.credentials import JSONFileCache +from botocore.exceptions import ProfileNotFound LOG = logging.getLogger(__name__) CACHE_DIR = os.path.expanduser(os.path.join('~', '.aws', 'cli', 'cache')) def register_assume_role_provider(event_handlers): - event_handlers.register('session-initialized', - inject_assume_role_provider_cache, - unique_id='inject_assume_role_cred_provider_cache') + event_handlers.register( + 'session-initialized', + inject_assume_role_provider_cache, + unique_id='inject_assume_role_cred_provider_cache', + ) def inject_assume_role_provider_cache(session, **kwargs): @@ -33,9 +35,11 @@ def inject_assume_role_provider_cache(se # immediately return. If it's invalid something else # up the stack will raise ProfileNotFound, otherwise # the configure (and other) commands will work as expected. - LOG.debug("ProfileNotFound caught when trying to inject " - "assume-role cred provider cache. Not configuring " - "JSONFileCache for assume-role.") + LOG.debug( + "ProfileNotFound caught when trying to inject " + "assume-role cred provider cache. Not configuring " + "JSONFileCache for assume-role." + ) return assume_role_provider = cred_chain.get_provider('assume-role') assume_role_provider.cache = JSONFileCache(CACHE_DIR) diff -pruN 2.23.6-1/awscli/customizations/awslambda.py 2.31.35-1/awscli/customizations/awslambda.py --- 2.23.6-1/awscli/customizations/awslambda.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/awslambda.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,18 +10,18 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import zipfile import copy +import zipfile from contextlib import closing -from awscli.arguments import CustomArgument, CLIArgument -from awscli.customizations.exceptions import ParamValidationError +from awscli.arguments import CLIArgument, CustomArgument from awscli.compat import BytesIO - +from awscli.customizations.exceptions import ParamValidationError ERROR_MSG = ( "--zip-file must be a zip file with the fileb:// prefix.\n" - "Example usage: --zip-file fileb://path/to/file.zip") + "Example usage: --zip-file fileb://path/to/file.zip" +) ZIP_DOCSTRING = ( '

    The path to the zip file of the {param_type} you are uploading. ' @@ -31,14 +31,21 @@ ZIP_DOCSTRING = ( def register_lambda_create_function(cli): - cli.register('building-argument-table.lambda.create-function', - ZipFileArgumentHoister('Code').hoist) - cli.register('building-argument-table.lambda.publish-layer-version', - ZipFileArgumentHoister('Content').hoist) - cli.register('building-argument-table.lambda.update-function-code', - _modify_zipfile_docstring) - cli.register('process-cli-arg.lambda.update-function-code', - validate_is_zip_file) + cli.register( + 'building-argument-table.lambda.create-function', + ZipFileArgumentHoister('Code').hoist, + ) + cli.register( + 'building-argument-table.lambda.publish-layer-version', + ZipFileArgumentHoister('Content').hoist, + ) + cli.register( + 'building-argument-table.lambda.update-function-code', + _modify_zipfile_docstring, + ) + cli.register( + 'process-cli-arg.lambda.update-function-code', validate_is_zip_file + ) def validate_is_zip_file(cli_argument, value, **kwargs): @@ -46,7 +53,7 @@ def validate_is_zip_file(cli_argument, v _should_contain_zip_content(value) -class ZipFileArgumentHoister(object): +class ZipFileArgumentHoister: """Hoists a ZipFile argument up to the top level. Injects a top-level ZipFileArgument into the argument table which maps @@ -55,6 +62,7 @@ class ZipFileArgumentHoister(object): ReplacedZipFileArgument to prevent its usage and recommend the new top-level injected parameter. """ + def __init__(self, serialized_name): self._serialized_name = serialized_name self._name = serialized_name.lower() @@ -62,8 +70,10 @@ class ZipFileArgumentHoister(object): def hoist(self, session, argument_table, **kwargs): help_text = ZIP_DOCSTRING.format(param_type=self._name) argument_table['zip-file'] = ZipFileArgument( - 'zip-file', help_text=help_text, cli_type_name='blob', - serialized_name=self._serialized_name + 'zip-file', + help_text=help_text, + cli_type_name='blob', + serialized_name=self._serialized_name, ) argument = argument_table[self._name] model = copy.deepcopy(argument.argument_model) @@ -107,6 +117,7 @@ class ZipFileArgument(CustomArgument): --zip-file foo.zip winds up being serialized as { 'Code': { 'ZipFile': } }. """ + def __init__(self, *args, **kwargs): self._param_to_replace = kwargs.pop('serialized_name') super(ZipFileArgument, self).__init__(*args, **kwargs) @@ -131,6 +142,7 @@ class ReplacedZipFileArgument(CLIArgumen contents. And the argument class can inject those bytes into the correct serialization name. """ + def __init__(self, *args, **kwargs): super(ReplacedZipFileArgument, self).__init__(*args, **kwargs) self._cli_name = '--%s' % kwargs['name'] diff -pruN 2.23.6-1/awscli/customizations/binaryformat.py 2.31.35-1/awscli/customizations/binaryformat.py --- 2.23.6-1/awscli/customizations/binaryformat.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/binaryformat.py 2025-11-12 19:17:29.000000000 +0000 @@ -60,7 +60,7 @@ class Base64DecodeVisitor(ModelVisitor): raise InvalidBase64Error('Invalid base64: "%s"' % value) -class BinaryFormatHandler(object): +class BinaryFormatHandler: _BINARY_FORMATS = { 'base64': (base64_decode_input_blobs, register_identity_blob_parser), 'raw-in-base64-out': (None, register_identity_blob_parser), diff -pruN 2.23.6-1/awscli/customizations/binaryhoist.py 2.31.35-1/awscli/customizations/binaryhoist.py --- 2.23.6-1/awscli/customizations/binaryhoist.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/binaryhoist.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,10 +11,10 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import copy - from dataclasses import dataclass from typing import Optional -from awscli.arguments import CustomArgument, CLIArgument + +from awscli.arguments import CLIArgument, CustomArgument from awscli.customizations.exceptions import ParamValidationError diff -pruN 2.23.6-1/awscli/customizations/cliinput.py 2.31.35-1/awscli/customizations/cliinput.py --- 2.23.6-1/awscli/customizations/cliinput.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cliinput.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,9 +15,9 @@ import json from ruamel.yaml import YAML from ruamel.yaml.error import YAMLError -from awscli.paramfile import get_paramfile, LOCAL_PREFIX_MAP from awscli.argprocess import ParamError, ParamSyntaxError from awscli.customizations.arguments import OverrideRequiredArgsArgument +from awscli.paramfile import LOCAL_PREFIX_MAP, get_paramfile def register_cli_input_args(cli): @@ -49,6 +49,7 @@ class CliInputArgument(OverrideRequiredA The parameters in the file will be overwritten by any arguments specified on the command line. """ + def _register_argument_action(self): self._session.register( 'calling-command.*', self.add_to_call_parameters @@ -65,7 +66,7 @@ class CliInputArgument(OverrideRequiredA raise ParamError( self.cli_name, "Invalid type: expecting map, " - "received %s" % type(loaded_params) + "received %s" % type(loaded_params), ) self._update_call_parameters(call_parameters, loaded_params) @@ -75,7 +76,8 @@ class CliInputArgument(OverrideRequiredA return cli_input_args = [ - k for k, v in vars(parsed_args).items() + k + for k, v in vars(parsed_args).items() if v is not None and k.startswith('cli_input') ] if len(cli_input_args) != 1: @@ -109,6 +111,7 @@ class CliInputJSONArgument(CliInputArgum generated by ``--generate-cli-skeleton``. The items in the JSON string will not clobber other arguments entered into the command line. """ + ARG_DATA = { 'name': 'cli-input-json', 'group_name': 'cli_input', @@ -120,7 +123,7 @@ class CliInputJSONArgument(CliInputArgum 'pass arbitrary binary values using a JSON-provided value as the ' 'string will be taken literally. This may not be specified along ' 'with ``--cli-input-yaml``.' - ) + ), } def _load_parameters(self, arg_value): @@ -141,7 +144,7 @@ class CliInputYAMLArgument(CliInputArgum 'If other arguments are provided on the command line, those ' 'values will override the YAML-provided values. This may not be ' 'specified along with ``--cli-input-json``.' - ) + ), } def _load_parameters(self, arg_value): diff -pruN 2.23.6-1/awscli/customizations/cloudformation/__init__.py 2.31.35-1/awscli/customizations/cloudformation/__init__.py --- 2.23.6-1/awscli/customizations/cloudformation/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,8 +10,8 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.cloudformation.package import PackageCommand from awscli.customizations.cloudformation.deploy import DeployCommand +from awscli.customizations.cloudformation.package import PackageCommand def initialize(cli): diff -pruN 2.23.6-1/awscli/customizations/cloudformation/artifact_exporter.py 2.31.35-1/awscli/customizations/cloudformation/artifact_exporter.py --- 2.23.6-1/awscli/customizations/cloudformation/artifact_exporter.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/artifact_exporter.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,23 +11,24 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import contextlib import logging import os +import shutil import tempfile -import zipfile -import contextlib import uuid -import shutil -from botocore.utils import set_value_from_jmespath - -from awscli.compat import urlparse +import zipfile from contextlib import contextmanager -from awscli.compat import compat_open -from awscli.customizations.cloudformation import exceptions -from awscli.customizations.cloudformation.yamlhelper import yaml_dump, \ - yaml_parse + import jmespath +from botocore.utils import set_value_from_jmespath +from awscli.compat import compat_open, urlparse +from awscli.customizations.cloudformation import exceptions +from awscli.customizations.cloudformation.yamlhelper import ( + yaml_dump, + yaml_parse, +) LOG = logging.getLogger(__name__) @@ -60,19 +61,16 @@ def is_local_file(path): def is_zip_file(path): - return ( - is_path_value_valid(path) and - zipfile.is_zipfile(path)) - - -def parse_s3_url(url, - bucket_name_property="Bucket", - object_key_property="Key", - version_property=None): + return is_path_value_valid(path) and zipfile.is_zipfile(path) - if isinstance(url, str) \ - and url.startswith("s3://"): +def parse_s3_url( + url, + bucket_name_property="Bucket", + object_key_property="Key", + version_property=None, +): + if isinstance(url, str) and url.startswith("s3://"): # Python < 2.7.10 don't parse query parameters from URI with custom # scheme such as s3://blah/blah. As a workaround, remove scheme # altogether to trigger the parser "s3://foo/bar?v=1" =>"//foo/bar?v=1" @@ -86,19 +84,23 @@ def parse_s3_url(url, # If there is a query string that has a single versionId field, # set the object version and return - if version_property is not None \ - and 'versionId' in query \ - and len(query['versionId']) == 1: + if ( + version_property is not None + and 'versionId' in query + and len(query['versionId']) == 1 + ): result[version_property] = query['versionId'][0] return result - raise ValueError("URL given to the parse method is not a valid S3 url " - "{0}".format(url)) + raise ValueError( + f"URL given to the parse method is not a valid S3 url {url}" + ) -def upload_local_artifacts(resource_id, resource_dict, property_name, - parent_dir, uploader): +def upload_local_artifacts( + resource_id, resource_dict, property_name, parent_dir, uploader +): """ Upload local artifacts referenced by the property at given resource and return S3 URL of the uploaded object. It is the responsibility of callers @@ -134,8 +136,9 @@ def upload_local_artifacts(resource_id, # This check is supporting the case where your resource does not # refer to local artifacts # Nothing to do if property value is an S3 URL - LOG.debug("Property {0} of {1} is already a S3 URL" - .format(property_name, resource_id)) + LOG.debug( + f"Property {property_name} of {resource_id} is already a S3 URL" + ) return local_path local_path = make_abs_path(parent_dir, local_path) @@ -149,14 +152,15 @@ def upload_local_artifacts(resource_id, return uploader.upload_with_dedup(local_path) raise exceptions.InvalidLocalPathError( - resource_id=resource_id, - property_name=property_name, - local_path=local_path) + resource_id=resource_id, + property_name=property_name, + local_path=local_path, + ) def zip_and_upload(local_path, uploader): with zip_folder(local_path) as zipfile: - return uploader.upload_with_dedup(zipfile) + return uploader.upload_with_dedup(zipfile) @contextmanager @@ -169,8 +173,7 @@ def zip_folder(folder_path): :return: Name of the zipfile """ - filename = os.path.join( - tempfile.gettempdir(), "data-" + uuid.uuid4().hex) + filename = os.path.join(tempfile.gettempdir(), "data-" + uuid.uuid4().hex) zipfile_name = make_zip(filename, folder_path) try: @@ -181,7 +184,7 @@ def zip_folder(folder_path): def make_zip(filename, source_root): - zipfile_name = "{0}.zip".format(filename) + zipfile_name = f"{filename}.zip" source_root = os.path.abspath(source_root) with open(zipfile_name, 'wb') as f: zip_file = zipfile.ZipFile(f, 'w', zipfile.ZIP_DEFLATED) @@ -189,8 +192,7 @@ def make_zip(filename, source_root): for root, dirs, files in os.walk(source_root, followlinks=True): for filename in files: full_path = os.path.join(root, filename) - relative_path = os.path.relpath( - full_path, source_root) + relative_path = os.path.relpath(full_path, source_root) zf.write(full_path, relative_path) return zipfile_name @@ -216,7 +218,7 @@ def copy_to_temp_dir(filepath): return tmp_dir -class Resource(object): +class Resource: """ Base class representing a CloudFormation resource that can be exported """ @@ -241,17 +243,25 @@ class Resource(object): return if isinstance(property_value, dict): - LOG.debug("Property {0} of {1} resource is not a URL" - .format(self.PROPERTY_NAME, resource_id)) + LOG.debug( + "Property %s of %s resource is not a URL", + self.PROPERTY_NAME, + resource_id, + ) return # If property is a file but not a zip file, place file in temp # folder and send the temp folder to be zipped temp_dir = None - if is_local_file(property_value) and not \ - is_zip_file(property_value) and self.FORCE_ZIP: + if ( + is_local_file(property_value) + and not is_zip_file(property_value) + and self.FORCE_ZIP + ): temp_dir = copy_to_temp_dir(property_value) - set_value_from_jmespath(resource_dict, self.PROPERTY_NAME, temp_dir) + set_value_from_jmespath( + resource_dict, self.PROPERTY_NAME, temp_dir + ) try: self.do_export(resource_id, resource_dict, parent_dir) @@ -259,10 +269,11 @@ class Resource(object): except Exception as ex: LOG.debug("Unable to export", exc_info=ex) raise exceptions.ExportFailedError( - resource_id=resource_id, - property_name=self.PROPERTY_NAME, - property_value=property_value, - ex=ex) + resource_id=resource_id, + property_name=self.PROPERTY_NAME, + property_value=property_value, + ex=ex, + ) finally: if temp_dir: shutil.rmtree(temp_dir) @@ -272,10 +283,16 @@ class Resource(object): Default export action is to upload artifacts and set the property to S3 URL of the uploaded object """ - uploaded_url = upload_local_artifacts(resource_id, resource_dict, - self.PROPERTY_NAME, - parent_dir, self.uploader) - set_value_from_jmespath(resource_dict, self.PROPERTY_NAME, uploaded_url) + uploaded_url = upload_local_artifacts( + resource_id, + resource_dict, + self.PROPERTY_NAME, + parent_dir, + self.uploader, + ) + set_value_from_jmespath( + resource_dict, self.PROPERTY_NAME, uploaded_url + ) class ResourceWithS3UrlDict(Resource): @@ -297,16 +314,20 @@ class ResourceWithS3UrlDict(Resource): of the uploaded object """ - artifact_s3_url = \ - upload_local_artifacts(resource_id, resource_dict, - self.PROPERTY_NAME, - parent_dir, self.uploader) + artifact_s3_url = upload_local_artifacts( + resource_id, + resource_dict, + self.PROPERTY_NAME, + parent_dir, + self.uploader, + ) parsed_url = parse_s3_url( - artifact_s3_url, - bucket_name_property=self.BUCKET_NAME_PROPERTY, - object_key_property=self.OBJECT_KEY_PROPERTY, - version_property=self.VERSION_PROPERTY) + artifact_s3_url, + bucket_name_property=self.BUCKET_NAME_PROPERTY, + object_key_property=self.OBJECT_KEY_PROPERTY, + version_property=self.VERSION_PROPERTY, + ) set_value_from_jmespath(resource_dict, self.PROPERTY_NAME, parsed_url) @@ -440,6 +461,7 @@ class CloudFormationStackResource(Resour Represents CloudFormation::Stack resource that can refer to a nested stack template via TemplateURL property. """ + RESOURCE_TYPE = "AWS::CloudFormation::Stack" PROPERTY_NAME = "TemplateURL" @@ -455,21 +477,26 @@ class CloudFormationStackResource(Resour template_path = resource_dict.get(self.PROPERTY_NAME, None) - if template_path is None or is_s3_url(template_path) or \ - template_path.startswith("http://") or \ - template_path.startswith("https://"): + if ( + template_path is None + or is_s3_url(template_path) + or template_path.startswith("http://") + or template_path.startswith("https://") + ): # Nothing to do return abs_template_path = make_abs_path(parent_dir, template_path) if not is_local_file(abs_template_path): raise exceptions.InvalidTemplateUrlParameterError( - property_name=self.PROPERTY_NAME, - resource_id=resource_id, - template_path=abs_template_path) - - exported_template_dict = \ - Template(template_path, parent_dir, self.uploader).export() + property_name=self.PROPERTY_NAME, + resource_id=resource_id, + template_path=abs_template_path, + ) + + exported_template_dict = Template( + template_path, parent_dir, self.uploader + ).export() exported_template_str = yaml_dump(exported_template_dict) @@ -478,13 +505,17 @@ class CloudFormationStackResource(Resour temporary_file.flush() url = self.uploader.upload_with_dedup( - temporary_file.name, "template") + temporary_file.name, "template" + ) # TemplateUrl property requires S3 URL to be in path-style format parts = parse_s3_url(url, version_property="Version") s3_path_url = self.uploader.to_path_style_s3_url( - parts["Key"], parts.get("Version", None)) - set_value_from_jmespath(resource_dict, self.PROPERTY_NAME, s3_path_url) + parts["Key"], parts.get("Version", None) + ) + set_value_from_jmespath( + resource_dict, self.PROPERTY_NAME, s3_path_url + ) class ServerlessApplicationResource(CloudFormationStackResource): @@ -492,15 +523,16 @@ class ServerlessApplicationResource(Clou Represents Serverless::Application resource that can refer to a nested app template via Location property. """ + RESOURCE_TYPE = "AWS::Serverless::Application" PROPERTY_NAME = "Location" - class GlueJobCommandScriptLocationResource(Resource): """ Represents Glue::Job resource. """ + RESOURCE_TYPE = "AWS::Glue::Job" # Note the PROPERTY_NAME includes a '.' implying it's nested. PROPERTY_NAME = "Command.ScriptLocation" @@ -510,6 +542,7 @@ class CodeCommitRepositoryS3Resource(Res """ Represents CodeCommit::Repository resource. """ + RESOURCE_TYPE = "AWS::CodeCommit::Repository" PROPERTY_NAME = "Code.S3" BUCKET_NAME_PROPERTY = "Bucket" @@ -538,12 +571,12 @@ RESOURCES_EXPORT_LIST = [ GlueJobCommandScriptLocationResource, StepFunctionsStateMachineDefinitionResource, ServerlessStateMachineDefinitionResource, - CodeCommitRepositoryS3Resource + CodeCommitRepositoryS3Resource, ] METADATA_EXPORT_LIST = [ ServerlessRepoApplicationReadme, - ServerlessRepoApplicationLicense + ServerlessRepoApplicationLicense, ] @@ -551,47 +584,58 @@ def include_transform_export_handler(tem if template_dict.get("Name", None) != "AWS::Include": return template_dict - include_location = template_dict.get("Parameters", {}).get("Location", None) - if not include_location \ - or not is_path_value_valid(include_location) \ - or is_s3_url(include_location): + include_location = template_dict.get("Parameters", {}).get( + "Location", None + ) + if ( + not include_location + or not is_path_value_valid(include_location) + or is_s3_url(include_location) + ): # `include_location` is either empty, or not a string, or an S3 URI return template_dict # We are confident at this point that `include_location` is a string containing the local path abs_include_location = os.path.join(parent_dir, include_location) if is_local_file(abs_include_location): - template_dict["Parameters"]["Location"] = uploader.upload_with_dedup(abs_include_location) + template_dict["Parameters"]["Location"] = uploader.upload_with_dedup( + abs_include_location + ) else: raise exceptions.InvalidLocalPathError( resource_id="AWS::Include", property_name="Location", - local_path=abs_include_location) + local_path=abs_include_location, + ) return template_dict -GLOBAL_EXPORT_DICT = { - "Fn::Transform": include_transform_export_handler -} +GLOBAL_EXPORT_DICT = {"Fn::Transform": include_transform_export_handler} -class Template(object): +class Template: """ Class to export a CloudFormation template """ - def __init__(self, template_path, parent_dir, uploader, - resources_to_export=RESOURCES_EXPORT_LIST, - metadata_to_export=METADATA_EXPORT_LIST): + def __init__( + self, + template_path, + parent_dir, + uploader, + resources_to_export=RESOURCES_EXPORT_LIST, + metadata_to_export=METADATA_EXPORT_LIST, + ): """ Reads the template and makes it ready for export """ if not (is_local_folder(parent_dir) and os.path.isabs(parent_dir)): - raise ValueError("parent_dir parameter must be " - "an absolute path to a folder {0}" - .format(parent_dir)) + raise ValueError( + "parent_dir parameter must be " + f"an absolute path to a folder {parent_dir}" + ) abs_template_path = make_abs_path(parent_dir, template_path) template_dir = os.path.dirname(abs_template_path) @@ -614,7 +658,9 @@ class Template(object): """ for key, val in template_dict.items(): if key in GLOBAL_EXPORT_DICT: - template_dict[key] = GLOBAL_EXPORT_DICT[key](val, self.uploader, self.template_dir) + template_dict[key] = GLOBAL_EXPORT_DICT[key]( + val, self.uploader, self.template_dir + ) elif isinstance(val, dict): self.export_global_artifacts(val) elif isinstance(val, list): @@ -640,7 +686,9 @@ class Template(object): continue exporter = exporter_class(self.uploader) - exporter.export(metadata_type, metadata_dict, self.template_dir) + exporter.export( + metadata_type, metadata_dict, self.template_dir + ) return template_dict @@ -665,10 +713,11 @@ class Template(object): def export_resources(self, resource_dict): for resource_id, resource in resource_dict.items(): - if resource_id.startswith("Fn::ForEach::"): if not isinstance(resource, list) or len(resource) != 3: - raise exceptions.InvalidForEachIntrinsicFunctionError(resource_id=resource_id) + raise exceptions.InvalidForEachIntrinsicFunctionError( + resource_id=resource_id + ) self.export_resources(resource[2]) continue diff -pruN 2.23.6-1/awscli/customizations/cloudformation/deploy.py 2.31.35-1/awscli/customizations/cloudformation/deploy.py --- 2.23.6-1/awscli/customizations/cloudformation/deploy.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/deploy.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,21 +13,19 @@ import functools import json +import logging import os import sys -import logging from botocore.client import Config -from awscli.compat import compat_open -from awscli.customizations.exceptions import ParamValidationError +from awscli.compat import compat_open, get_stdout_text_writer from awscli.customizations.cloudformation import exceptions from awscli.customizations.cloudformation.deployer import Deployer -from awscli.customizations.s3uploader import S3Uploader from awscli.customizations.cloudformation.yamlhelper import yaml_parse - from awscli.customizations.commands import BasicCommand -from awscli.compat import get_stdout_text_writer +from awscli.customizations.exceptions import ParamValidationError +from awscli.customizations.s3uploader import S3Uploader from awscli.utils import write_exception LOG = logging.getLogger(__name__) @@ -61,8 +59,10 @@ class CodePipelineLikeParameterOverrideP class CloudFormationLikeParameterOverrideParser(BaseParameterOverrideParser): def can_parse(self, data): for param_pair in data: - if ('ParameterKey' not in param_pair or - 'ParameterValue' not in param_pair): + if ( + 'ParameterKey' not in param_pair + or 'ParameterValue' not in param_pair + ): return False if len(param_pair.keys()) > 2: return False @@ -76,8 +76,7 @@ class CloudFormationLikeParameterOverrid # "ParameterValue": "string", # }] return { - param['ParameterKey']: param['ParameterValue'] - for param in data + param['ParameterKey']: param['ParameterValue'] for param in data } @@ -98,14 +97,14 @@ class StringEqualsParameterOverrideParse class DeployCommand(BasicCommand): - - MSG_NO_EXECUTE_CHANGESET = \ - ("Changeset created successfully. Run the following command to " - "review changes:" - "\n" - "aws cloudformation describe-change-set --change-set-name " - "{changeset_id}" - "\n") + MSG_NO_EXECUTE_CHANGESET = ( + "Changeset created successfully. Run the following command to " + "review changes:" + "\n" + "aws cloudformation describe-change-set --change-set-name " + "{changeset_id}" + "\n" + ) MSG_EXECUTE_SUCCESS = "Successfully created/updated stack - {stack_name}\n" @@ -113,8 +112,9 @@ class DeployCommand(BasicCommand): TAGS_CMD = "tags" NAME = 'deploy' - DESCRIPTION = BasicCommand.FROM_FILE("cloudformation", - "_deploy_description.rst") + DESCRIPTION = BasicCommand.FROM_FILE( + "cloudformation", "_deploy_description.rst" + ) ARG_TABLE = [ { @@ -123,7 +123,7 @@ class DeployCommand(BasicCommand): 'help_text': ( 'The path where your AWS CloudFormation' ' template is located.' - ) + ), }, { 'name': 'stack-name', @@ -133,7 +133,7 @@ class DeployCommand(BasicCommand): 'The name of the AWS CloudFormation stack you\'re deploying to.' ' If you specify an existing stack, the command updates the' ' stack. If you specify a new stack, the command creates it.' - ) + ), }, { 'name': 's3-bucket', @@ -142,7 +142,7 @@ class DeployCommand(BasicCommand): 'The name of the S3 bucket where this command uploads your ' 'CloudFormation template. This is required the deployments of ' 'templates sized greater than 51,200 bytes' - ) + ), }, { "name": "force-upload", @@ -151,7 +151,7 @@ class DeployCommand(BasicCommand): 'Indicates whether to override existing files in the S3 bucket.' ' Specify this flag to upload artifacts even if they ' ' match existing artifacts in the S3 bucket.' - ) + ), }, { 'name': 's3-prefix', @@ -160,15 +160,14 @@ class DeployCommand(BasicCommand): ' artifacts\' name when it uploads them to the S3 bucket.' ' The prefix name is a path name (folder name) for' ' the S3 bucket.' - ) + ), }, - { 'name': 'kms-key-id', 'help_text': ( 'The ID of an AWS KMS key that the command uses' ' to encrypt artifacts that are at rest in the S3 bucket.' - ) + ), }, { 'name': PARAMETER_OVERRIDE_CMD, @@ -184,7 +183,7 @@ class DeployCommand(BasicCommand): ' parameters that don\'t have a default value.' ' Syntax: ParameterKey1=ParameterValue1' ' ParameterKey2=ParameterValue2 ... or JSON file (see Examples)' - ) + ), }, { 'name': 'capabilities', @@ -194,11 +193,8 @@ class DeployCommand(BasicCommand): 'type': 'array', 'items': { 'type': 'string', - 'enum': [ - 'CAPABILITY_IAM', - 'CAPABILITY_NAMED_IAM' - ] - } + 'enum': ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'], + }, }, 'default': [], 'help_text': ( @@ -215,8 +211,7 @@ class DeployCommand(BasicCommand): ' custom names, you must specify CAPABILITY_NAMED_IAM. If you' ' don\'t specify this parameter, this action returns an' ' InsufficientCapabilities error.' - ) - + ), }, { 'name': 'no-execute-changeset', @@ -230,7 +225,7 @@ class DeployCommand(BasicCommand): ' AWS CloudFormation change set and then exits without' ' executing the change set. After you view the change set,' ' execute it to implement your changes.' - ) + ), }, { 'name': 'disable-rollback', @@ -242,7 +237,7 @@ class DeployCommand(BasicCommand): 'help_text': ( 'Preserve the state of previously provisioned resources when ' 'the execute-change-set operation fails.' - ) + ), }, { 'name': 'no-disable-rollback', @@ -254,7 +249,7 @@ class DeployCommand(BasicCommand): 'help_text': ( 'Roll back all resource changes when the execute-change-set ' 'operation fails.' - ) + ), }, { 'name': 'role-arn', @@ -263,21 +258,16 @@ class DeployCommand(BasicCommand): 'The Amazon Resource Name (ARN) of an AWS Identity and Access ' 'Management (IAM) role that AWS CloudFormation assumes when ' 'executing the change set.' - ) + ), }, { 'name': 'notification-arns', 'required': False, - 'schema': { - 'type': 'array', - 'items': { - 'type': 'string' - } - }, + 'schema': {'type': 'array', 'items': {'type': 'string'}}, 'help_text': ( 'Amazon Simple Notification Service topic Amazon Resource Names' ' (ARNs) that AWS CloudFormation associates with the stack.' - ) + ), }, { 'name': 'fail-on-empty-changeset', @@ -287,10 +277,14 @@ class DeployCommand(BasicCommand): 'dest': 'fail_on_empty_changeset', 'default': False, 'help_text': ( - 'Specify if the CLI should return a non-zero exit code if ' - 'there are no changes to be made to the stack. The default ' - 'behavior is to return a zero exit code.' - ) + 'Specify if the CLI should return a non-zero exit code ' + 'when there are no changes to be made to the stack. By ' + 'default, a zero exit code is returned, and this is ' + 'the same behavior that occurs when ' + '`--no-fail-on-empty-changeset` is specified. If ' + '`--fail-on-empty-changeset` is specified, then the ' + 'CLI will return a non-zero exit code.' + ), }, { 'name': 'no-fail-on-empty-changeset', @@ -302,46 +296,43 @@ class DeployCommand(BasicCommand): 'help_text': ( 'Causes the CLI to return an exit code of 0 if there are no ' 'changes to be made to the stack.' - ) + ), }, { 'name': TAGS_CMD, 'action': 'store', 'required': False, - 'schema': { - 'type': 'array', - 'items': { - 'type': 'string' - } - }, + 'schema': {'type': 'array', 'items': {'type': 'string'}}, 'default': [], 'help_text': ( 'A list of tags to associate with the stack that is created' ' or updated. AWS CloudFormation also propagates these tags' ' to resources in the stack if the resource supports it.' ' Syntax: TagKey1=TagValue1 TagKey2=TagValue2 ...' - ) - } + ), + }, ] def _run_main(self, parsed_args, parsed_globals): - cloudformation_client = \ - self._session.create_client( - 'cloudformation', region_name=parsed_globals.region, - endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + cloudformation_client = self._session.create_client( + 'cloudformation', + region_name=parsed_globals.region, + endpoint_url=parsed_globals.endpoint_url, + verify=parsed_globals.verify_ssl, + ) template_dict, template_str, template_size = self.load_template_file( - parsed_args.template_file) + parsed_args.template_file + ) stack_name = parsed_args.stack_name parameter_overrides = self.parse_parameter_overrides( parsed_args.parameter_overrides ) tags_dict = self.parse_key_value_arg(parsed_args.tags, self.TAGS_CMD) - tags = [{"Key": key, "Value": value} - for key, value in tags_dict.items()] - + tags = [ + {"Key": key, "Value": value} for key, value in tags_dict.items() + ] parameters = self.merge_parameters(template_dict, parameter_overrides) @@ -354,39 +345,62 @@ class DeployCommand(BasicCommand): "s3", config=Config(signature_version='s3v4'), region_name=parsed_globals.region, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) - s3_uploader = S3Uploader(s3_client, - bucket, - parsed_args.s3_prefix, - parsed_args.kms_key_id, - parsed_args.force_upload) + s3_uploader = S3Uploader( + s3_client, + bucket, + parsed_args.s3_prefix, + parsed_args.kms_key_id, + parsed_args.force_upload, + ) else: s3_uploader = None deployer = Deployer(cloudformation_client) - return self.deploy(deployer, stack_name, template_str, - parameters, parsed_args.capabilities, - parsed_args.execute_changeset, parsed_args.role_arn, - parsed_args.notification_arns, s3_uploader, - tags, parsed_args.fail_on_empty_changeset, - parsed_args.disable_rollback) + return self.deploy( + deployer, + stack_name, + template_str, + parameters, + parsed_args.capabilities, + parsed_args.execute_changeset, + parsed_args.role_arn, + parsed_args.notification_arns, + s3_uploader, + tags, + parsed_args.fail_on_empty_changeset, + parsed_args.disable_rollback, + ) def load_template_file(self, template_file): template_path = os.path.expanduser(template_file) if not os.path.isfile(template_path): raise exceptions.InvalidTemplatePathError( - template_path=template_path) + template_path=template_path + ) with compat_open(template_path, "r") as handle: template_str = handle.read() template_dict = yaml_parse(template_str) template_size = os.path.getsize(template_path) return template_dict, template_str, template_size - def deploy(self, deployer, stack_name, template_str, - parameters, capabilities, execute_changeset, role_arn, - notification_arns, s3_uploader, tags, - fail_on_empty_changeset=False, disable_rollback=False): + def deploy( + self, + deployer, + stack_name, + template_str, + parameters, + capabilities, + execute_changeset, + role_arn, + notification_arns, + s3_uploader, + tags, + fail_on_empty_changeset=False, + disable_rollback=False, + ): try: result = deployer.create_and_wait_for_changeset( stack_name=stack_name, @@ -396,7 +410,7 @@ class DeployCommand(BasicCommand): role_arn=role_arn, notification_arns=notification_arns, s3_uploader=s3_uploader, - tags=tags + tags=tags, ) except exceptions.ChangeEmptyError as ex: if fail_on_empty_changeset: @@ -405,14 +419,19 @@ class DeployCommand(BasicCommand): return 0 if execute_changeset: - deployer.execute_changeset(result.changeset_id, stack_name, - disable_rollback) + deployer.execute_changeset( + result.changeset_id, stack_name, disable_rollback + ) deployer.wait_for_execute(stack_name, result.changeset_type) - sys.stdout.write(self.MSG_EXECUTE_SUCCESS.format( - stack_name=stack_name)) + sys.stdout.write( + self.MSG_EXECUTE_SUCCESS.format(stack_name=stack_name) + ) else: - sys.stdout.write(self.MSG_NO_EXECUTE_CHANGESET.format( - changeset_id=result.changeset_id)) + sys.stdout.write( + self.MSG_NO_EXECUTE_CHANGESET.format( + changeset_id=result.changeset_id + ) + ) sys.stdout.flush() return 0 @@ -434,10 +453,7 @@ class DeployCommand(BasicCommand): return parameter_values for key, value in template_dict["Parameters"].items(): - - obj = { - "ParameterKey": key - } + obj = {"ParameterKey": key} if key in parameter_overrides: obj["ParameterValue"] = parameter_overrides[key] @@ -466,7 +482,7 @@ class DeployCommand(BasicCommand): parsers = [ CloudFormationLikeParameterOverrideParser(), CodePipelineLikeParameterOverrideParser(), - StringEqualsParameterOverrideParser() + StringEqualsParameterOverrideParser(), ] for parser in parsers: if parser.can_parse(data): @@ -475,13 +491,13 @@ class DeployCommand(BasicCommand): 'JSON passed to --parameter-overrides must be one of ' 'the formats: ["Key1=Value1","Key2=Value2", ...] , ' '[{"ParameterKey": "Key1", "ParameterValue": "Value1"}, ...] , ' - '["Parameters": {"Key1": "Value1", "Key2": "Value2", ...}]') + '["Parameters": {"Key1": "Value1", "Key2": "Value2", ...}]' + ) else: # In case it was in deploy command format # and was input via command line return self.parse_key_value_arg( - arg_value, - self.PARAMETER_OVERRIDE_CMD + arg_value, self.PARAMETER_OVERRIDE_CMD ) def parse_key_value_arg(self, arg_value, argname): @@ -496,14 +512,13 @@ class DeployCommand(BasicCommand): """ result = {} for data in arg_value: - # Split at first '=' from left key_value_pair = data.split("=", 1) if len(key_value_pair) != 2: raise exceptions.InvalidKeyValuePairArgumentError( - argname=argname, - value=key_value_pair) + argname=argname, value=key_value_pair + ) result[key_value_pair[0]] = key_value_pair[1] diff -pruN 2.23.6-1/awscli/customizations/cloudformation/deployer.py 2.31.35-1/awscli/customizations/cloudformation/deployer.py --- 2.23.6-1/awscli/customizations/cloudformation/deployer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/deployer.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,27 +11,33 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import collections +import logging import sys import time -import logging +from datetime import datetime + import botocore -import collections from awscli.customizations.cloudformation import exceptions -from awscli.customizations.cloudformation.artifact_exporter import mktempfile, parse_s3_url - -from datetime import datetime +from awscli.customizations.cloudformation.artifact_exporter import ( + mktempfile, + parse_s3_url, +) LOG = logging.getLogger(__name__) ChangeSetResult = collections.namedtuple( - "ChangeSetResult", ["changeset_id", "changeset_type"]) + "ChangeSetResult", ["changeset_id", "changeset_type"] +) -class Deployer(object): - - def __init__(self, cloudformation_client, - changeset_prefix="awscli-cloudformation-package-deploy-"): +class Deployer: + def __init__( + self, + cloudformation_client, + changeset_prefix="awscli-cloudformation-package-deploy-", + ): self._client = cloudformation_client self.changeset_prefix = changeset_prefix @@ -62,18 +68,25 @@ class Deployer(object): # the exception msg to understand the nature of this exception. msg = str(e) - if "Stack with id {0} does not exist".format(stack_name) in msg: - LOG.debug("Stack with id {0} does not exist".format( - stack_name)) + if f"Stack with id {stack_name} does not exist" in msg: + LOG.debug(f"Stack with id {stack_name} does not exist") return False else: # We don't know anything about this exception. Don't handle LOG.debug("Unable to get stack details.", exc_info=e) raise e - def create_changeset(self, stack_name, cfn_template, - parameter_values, capabilities, role_arn, - notification_arns, s3_uploader, tags): + def create_changeset( + self, + stack_name, + cfn_template, + parameter_values, + capabilities, + role_arn, + notification_arns, + s3_uploader, + tags, + ): """ Call Cloudformation to create a changeset and wait for it to complete @@ -86,7 +99,7 @@ class Deployer(object): """ now = datetime.utcnow().isoformat() - description = "Created by AWS CLI at {0} UTC".format(now) + description = f"Created by AWS CLI at {now} UTC" # Each changeset will get a unique name based on time changeset_name = self.changeset_prefix + str(int(time.time())) @@ -96,17 +109,27 @@ class Deployer(object): # When creating a new stack, UsePreviousValue=True is invalid. # For such parameters, users should either override with new value, # or set a Default value in template to successfully create a stack. - parameter_values = [x for x in parameter_values - if not x.get("UsePreviousValue", False)] + parameter_values = [ + x + for x in parameter_values + if not x.get("UsePreviousValue", False) + ] else: changeset_type = "UPDATE" # UsePreviousValue not valid if parameter is new summary = self._client.get_template_summary(StackName=stack_name) - existing_parameters = [parameter['ParameterKey'] for parameter in \ - summary['Parameters']] - parameter_values = [x for x in parameter_values - if not (x.get("UsePreviousValue", False) and \ - x["ParameterKey"] not in existing_parameters)] + existing_parameters = [ + parameter['ParameterKey'] + for parameter in summary['Parameters'] + ] + parameter_values = [ + x + for x in parameter_values + if not ( + x.get("UsePreviousValue", False) + and x["ParameterKey"] not in existing_parameters + ) + ] kwargs = { 'ChangeSetName': changeset_name, @@ -126,10 +149,13 @@ class Deployer(object): temporary_file.write(kwargs.pop('TemplateBody')) temporary_file.flush() url = s3_uploader.upload_with_dedup( - temporary_file.name, "template") + temporary_file.name, "template" + ) # TemplateUrl property requires S3 URL to be in path-style format parts = parse_s3_url(url, version_property="Version") - kwargs['TemplateURL'] = s3_uploader.to_path_style_s3_url(parts["Key"], parts.get("Version", None)) + kwargs['TemplateURL'] = s3_uploader.to_path_style_s3_url( + parts["Key"], parts.get("Version", None) + ) # don't set these arguments if not specified to use existing values if role_arn is not None: @@ -159,8 +185,11 @@ class Deployer(object): # Poll every 5 seconds. Changeset creation should be fast waiter_config = {'Delay': 5} try: - waiter.wait(ChangeSetName=changeset_id, StackName=stack_name, - WaiterConfig=waiter_config) + waiter.wait( + ChangeSetName=changeset_id, + StackName=stack_name, + WaiterConfig=waiter_config, + ) except botocore.exceptions.WaiterError as ex: LOG.debug("Create changeset waiter exception", exc_info=ex) @@ -168,17 +197,22 @@ class Deployer(object): status = resp["Status"] reason = resp["StatusReason"] - if status == "FAILED" and \ - "The submitted information didn't contain changes." in reason or \ - "No updates are to be performed" in reason: - raise exceptions.ChangeEmptyError(stack_name=stack_name) - - raise RuntimeError("Failed to create the changeset: {0} " - "Status: {1}. Reason: {2}" - .format(ex, status, reason)) - - def execute_changeset(self, changeset_id, stack_name, - disable_rollback=False): + if ( + status == "FAILED" + and "The submitted information didn't contain changes." + in reason + or "No updates are to be performed" in reason + ): + raise exceptions.ChangeEmptyError(stack_name=stack_name) + + raise RuntimeError( + f"Failed to create the changeset: {ex} " + f"Status: {status}. Reason: {reason}" + ) + + def execute_changeset( + self, changeset_id, stack_name, disable_rollback=False + ): """ Calls CloudFormation to execute changeset @@ -188,12 +222,12 @@ class Deployer(object): :return: Response from execute-change-set call """ return self._client.execute_change_set( - ChangeSetName=changeset_id, - StackName=stack_name, - DisableRollback=disable_rollback) + ChangeSetName=changeset_id, + StackName=stack_name, + DisableRollback=disable_rollback, + ) def wait_for_execute(self, stack_name, changeset_type): - sys.stdout.write("Waiting for stack create/update to complete\n") sys.stdout.flush() @@ -203,8 +237,7 @@ class Deployer(object): elif changeset_type == "UPDATE": waiter = self._client.get_waiter("stack_update_complete") else: - raise RuntimeError("Invalid changeset type {0}" - .format(changeset_type)) + raise RuntimeError(f"Invalid changeset type {changeset_type}") # Poll every 30 seconds. Polling too frequently risks hitting rate limits # on CloudFormation's DescribeStacks API @@ -220,13 +253,27 @@ class Deployer(object): raise exceptions.DeployFailedError(stack_name=stack_name) - def create_and_wait_for_changeset(self, stack_name, cfn_template, - parameter_values, capabilities, role_arn, - notification_arns, s3_uploader, tags): - + def create_and_wait_for_changeset( + self, + stack_name, + cfn_template, + parameter_values, + capabilities, + role_arn, + notification_arns, + s3_uploader, + tags, + ): result = self.create_changeset( - stack_name, cfn_template, parameter_values, capabilities, - role_arn, notification_arns, s3_uploader, tags) + stack_name, + cfn_template, + parameter_values, + capabilities, + role_arn, + notification_arns, + s3_uploader, + tags, + ) self.wait_for_changeset(result.changeset_id, stack_name) return result diff -pruN 2.23.6-1/awscli/customizations/cloudformation/exceptions.py 2.31.35-1/awscli/customizations/cloudformation/exceptions.py --- 2.23.6-1/awscli/customizations/cloudformation/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,3 @@ - class CloudFormationCommandError(Exception): fmt = 'An unspecified error occurred' @@ -17,42 +16,50 @@ class ChangeEmptyError(CloudFormationCom class InvalidLocalPathError(CloudFormationCommandError): - fmt = ("Parameter {property_name} of resource {resource_id} refers " - "to a file or folder that does not exist {local_path}") + fmt = ( + "Parameter {property_name} of resource {resource_id} refers " + "to a file or folder that does not exist {local_path}" + ) class InvalidTemplateUrlParameterError(CloudFormationCommandError): - fmt = ("{property_name} parameter of {resource_id} resource is invalid. " - "It must be a S3 URL or path to CloudFormation " - "template file. Actual: {template_path}") + fmt = ( + "{property_name} parameter of {resource_id} resource is invalid. " + "It must be a S3 URL or path to CloudFormation " + "template file. Actual: {template_path}" + ) class ExportFailedError(CloudFormationCommandError): - fmt = ("Unable to upload artifact {property_value} referenced " - "by {property_name} parameter of {resource_id} resource." - "\n" - "{ex}") + fmt = ( + "Unable to upload artifact {property_value} referenced " + "by {property_name} parameter of {resource_id} resource." + "\n" + "{ex}" + ) class InvalidKeyValuePairArgumentError(CloudFormationCommandError): - fmt = ("{value} value passed to --{argname} must be of format " - "Key=Value") + fmt = "{value} value passed to --{argname} must be of format " "Key=Value" class DeployFailedError(CloudFormationCommandError): - fmt = \ - ("Failed to create/update the stack. Run the following command" - "\n" - "to fetch the list of events leading up to the failure" - "\n" - "aws cloudformation describe-stack-events --stack-name {stack_name}") + fmt = ( + "Failed to create/update the stack. Run the following command" + "\n" + "to fetch the list of events leading up to the failure" + "\n" + "aws cloudformation describe-stack-events --stack-name {stack_name}" + ) + class DeployBucketRequiredError(CloudFormationCommandError): - fmt = \ - ("Templates with a size greater than 51,200 bytes must be deployed " - "via an S3 Bucket. Please add the --s3-bucket parameter to your " - "command. The local template will be copied to that S3 bucket and " - "then deployed.") + fmt = ( + "Templates with a size greater than 51,200 bytes must be deployed " + "via an S3 Bucket. Please add the --s3-bucket parameter to your " + "command. The local template will be copied to that S3 bucket and " + "then deployed." + ) class InvalidForEachIntrinsicFunctionError(CloudFormationCommandError): diff -pruN 2.23.6-1/awscli/customizations/cloudformation/package.py 2.31.35-1/awscli/customizations/cloudformation/package.py --- 2.23.6-1/awscli/customizations/cloudformation/package.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/package.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,17 +11,16 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os +import json import logging +import os import sys -import json - from botocore.client import Config +from awscli.customizations.cloudformation import exceptions from awscli.customizations.cloudformation.artifact_exporter import Template from awscli.customizations.cloudformation.yamlhelper import yaml_dump -from awscli.customizations.cloudformation import exceptions from awscli.customizations.commands import BasicCommand from awscli.customizations.s3uploader import S3Uploader @@ -29,7 +28,6 @@ LOG = logging.getLogger(__name__) class PackageCommand(BasicCommand): - MSG_PACKAGED_TEMPLATE_WRITTEN = ( "Successfully packaged artifacts and wrote output template " "to file {output_file_name}." @@ -38,12 +36,14 @@ class PackageCommand(BasicCommand): "\n" "aws cloudformation deploy --template-file {output_file_path} " "--stack-name " - "\n") + "\n" + ) NAME = "package" - DESCRIPTION = BasicCommand.FROM_FILE("cloudformation", - "_package_description.rst") + DESCRIPTION = BasicCommand.FROM_FILE( + "cloudformation", "_package_description.rst" + ) ARG_TABLE = [ { @@ -52,18 +52,16 @@ class PackageCommand(BasicCommand): 'help_text': ( 'The path where your AWS CloudFormation' ' template is located.' - ) + ), }, - { 'name': 's3-bucket', 'required': True, 'help_text': ( 'The name of the S3 bucket where this command uploads' ' the artifacts that are referenced in your template.' - ) + ), }, - { 'name': 's3-prefix', 'help_text': ( @@ -71,17 +69,15 @@ class PackageCommand(BasicCommand): ' artifacts\' name when it uploads them to the S3 bucket.' ' The prefix name is a path name (folder name) for' ' the S3 bucket.' - ) + ), }, - { 'name': 'kms-key-id', 'help_text': ( 'The ID of an AWS KMS key that the command uses' ' to encrypt artifacts that are at rest in the S3 bucket.' - ) + ), }, - { "name": "output-template-file", "help_text": ( @@ -89,18 +85,16 @@ class PackageCommand(BasicCommand): " output AWS CloudFormation template. If you don't specify" " a path, the command writes the template to the standard" " output." - ) + ), }, - { "name": "use-json", "action": "store_true", "help_text": ( "Indicates whether to use JSON as the format for the output AWS" " CloudFormation template. YAML is used by default." - ) + ), }, - { "name": "force-upload", "action": "store_true", @@ -108,7 +102,7 @@ class PackageCommand(BasicCommand): 'Indicates whether to override existing files in the S3 bucket.' ' Specify this flag to upload artifacts even if they ' ' match existing artifacts in the S3 bucket.' - ) + ), }, { "name": "metadata", @@ -116,11 +110,11 @@ class PackageCommand(BasicCommand): "schema": { "type": "map", "key": {"type": "string"}, - "value": {"type": "string"} + "value": {"type": "string"}, }, "help_text": "A map of metadata to attach to *ALL* the artifacts that" - " are referenced in your template." - } + " are referenced in your template.", + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -128,20 +122,24 @@ class PackageCommand(BasicCommand): "s3", config=Config(signature_version='s3v4'), region_name=parsed_globals.region, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) template_path = parsed_args.template_file if not os.path.isfile(template_path): raise exceptions.InvalidTemplatePathError( - template_path=template_path) + template_path=template_path + ) bucket = parsed_args.s3_bucket - self.s3_uploader = S3Uploader(s3_client, - bucket, - parsed_args.s3_prefix, - parsed_args.kms_key_id, - parsed_args.force_upload) + self.s3_uploader = S3Uploader( + s3_client, + bucket, + parsed_args.s3_prefix, + parsed_args.kms_key_id, + parsed_args.force_upload, + ) # attach the given metadata to the artifacts to be uploaded self.s3_uploader.artifact_metadata = parsed_args.metadata @@ -154,8 +152,9 @@ class PackageCommand(BasicCommand): if output_file: msg = self.MSG_PACKAGED_TEMPLATE_WRITTEN.format( - output_file_name=output_file, - output_file_path=os.path.abspath(output_file)) + output_file_name=output_file, + output_file_path=os.path.abspath(output_file), + ) sys.stdout.write(msg) sys.stdout.flush() @@ -166,7 +165,9 @@ class PackageCommand(BasicCommand): exported_template = template.export() if use_json: - exported_str = json.dumps(exported_template, indent=4, ensure_ascii=False) + exported_str = json.dumps( + exported_template, indent=4, ensure_ascii=False + ) else: exported_str = yaml_dump(exported_template) diff -pruN 2.23.6-1/awscli/customizations/cloudformation/yamlhelper.py 2.31.35-1/awscli/customizations/cloudformation/yamlhelper.py --- 2.23.6-1/awscli/customizations/cloudformation/yamlhelper.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudformation/yamlhelper.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,9 +13,8 @@ import re import ruamel.yaml +from botocore.compat import OrderedDict, json from ruamel.yaml.resolver import ScalarNode, SequenceNode -from botocore.compat import json -from botocore.compat import OrderedDict from awscli.utils import dump_yaml_to_str @@ -73,9 +72,10 @@ def _add_yaml_1_1_boolean_resolvers(reso '|true|True|TRUE|false|False|FALSE' '|on|On|ON|off|Off|OFF)$' ) - boolean_first_chars = list(u'yYnNtTfFoO') + boolean_first_chars = list('yYnNtTfFoO') resolver_cls.add_implicit_resolver( - 'tag:yaml.org,2002:bool', boolean_regex, boolean_first_chars) + 'tag:yaml.org,2002:bool', boolean_regex, boolean_first_chars + ) def yaml_dump(dict_to_dump): @@ -111,9 +111,11 @@ def yaml_parse(yamlstr): yaml = ruamel.yaml.YAML(typ="safe", pure=True) yaml.Constructor.add_constructor( ruamel.yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, - _dict_constructor) + _dict_constructor, + ) yaml.Constructor.add_multi_constructor( - "!", intrinsics_multi_constructor) + "!", intrinsics_multi_constructor + ) _add_yaml_1_1_boolean_resolvers(yaml.Resolver) return yaml.load(yamlstr) diff -pruN 2.23.6-1/awscli/customizations/cloudfront.py 2.31.35-1/awscli/customizations/cloudfront.py --- 2.23.6-1/awscli/customizations/cloudfront.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudfront.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,18 +11,18 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import hashlib +import random import sys import time -import random -from awscrt.crypto import RSA, RSASignatureAlgorithm - -from botocore.utils import parse_to_aware_datetime from botocore.signers import CloudFrontSigner +from botocore.utils import parse_to_aware_datetime + +from awscrt.crypto import RSA, RSASignatureAlgorithm from awscli.arguments import CustomArgument -from awscli.customizations.utils import validate_mutually_exclusive_handler from awscli.customizations.commands import BasicCommand +from awscli.customizations.utils import validate_mutually_exclusive_handler def register(event_handler): @@ -30,37 +30,52 @@ def register(event_handler): # Provides a simpler --paths for ``aws cloudfront create-invalidation`` event_handler.register( - 'building-argument-table.cloudfront.create-invalidation', _add_paths) + 'building-argument-table.cloudfront.create-invalidation', _add_paths + ) event_handler.register( 'operation-args-parsed.cloudfront.create-invalidation', - validate_mutually_exclusive_handler(['invalidation_batch'], ['paths'])) + validate_mutually_exclusive_handler(['invalidation_batch'], ['paths']), + ) event_handler.register( 'operation-args-parsed.cloudfront.create-distribution', validate_mutually_exclusive_handler( ['default_root_object', 'origin_domain_name'], - ['distribution_config'])) + ['distribution_config'], + ), + ) event_handler.register( 'building-argument-table.cloudfront.create-distribution', lambda argument_table, **kwargs: argument_table.__setitem__( - 'origin-domain-name', OriginDomainName(argument_table))) + 'origin-domain-name', OriginDomainName(argument_table) + ), + ) event_handler.register( 'building-argument-table.cloudfront.create-distribution', lambda argument_table, **kwargs: argument_table.__setitem__( - 'default-root-object', CreateDefaultRootObject(argument_table))) + 'default-root-object', CreateDefaultRootObject(argument_table) + ), + ) context = {} event_handler.register( - 'top-level-args-parsed', context.update, unique_id='cloudfront') + 'top-level-args-parsed', context.update, unique_id='cloudfront' + ) event_handler.register( 'operation-args-parsed.cloudfront.update-distribution', validate_mutually_exclusive_handler( - ['default_root_object'], ['distribution_config'])) + ['default_root_object'], ['distribution_config'] + ), + ) event_handler.register( 'building-argument-table.cloudfront.update-distribution', lambda argument_table, **kwargs: argument_table.__setitem__( - 'default-root-object', UpdateDefaultRootObject( - context=context, argument_table=argument_table))) + 'default-root-object', + UpdateDefaultRootObject( + context=context, argument_table=argument_table + ), + ), + ) def unique_string(prefix='cli'): @@ -73,7 +88,6 @@ def _add_paths(argument_table, **kwargs) class PathsArgument(CustomArgument): - def __init__(self): doc = ( 'The space-separated paths to be invalidated.' @@ -86,17 +100,23 @@ class PathsArgument(CustomArgument): parameters['InvalidationBatch'] = { "CallerReference": unique_string(), "Paths": {"Quantity": len(value), "Items": value}, - } + } class ExclusiveArgument(CustomArgument): DOC = '%s This argument and --%s are mutually exclusive.' - def __init__(self, name, argument_table, - exclusive_to='distribution-config', help_text=''): + def __init__( + self, + name, + argument_table, + exclusive_to='distribution-config', + help_text='', + ): argument_table[exclusive_to].required = False super(ExclusiveArgument, self).__init__( - name, help_text=self.DOC % (help_text, exclusive_to)) + name, help_text=self.DOC % (help_text, exclusive_to) + ) def distribution_config_template(self): return { @@ -108,12 +128,9 @@ class ExclusiveArgument(CustomArgument): "QueryString": False, "Cookies": {"Forward": "none"}, }, - "TrustedSigners": { - "Enabled": False, - "Quantity": 0 - }, + "TrustedSigners": {"Enabled": False, "Quantity": 0}, "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0 + "MinTTL": 0, }, "Enabled": True, "Comment": "", @@ -123,14 +140,17 @@ class ExclusiveArgument(CustomArgument): class OriginDomainName(ExclusiveArgument): def __init__(self, argument_table): super(OriginDomainName, self).__init__( - 'origin-domain-name', argument_table, - help_text='The domain name for your origin.') + 'origin-domain-name', + argument_table, + help_text='The domain name for your origin.', + ) def add_to_params(self, parameters, value): if value is None: return parameters.setdefault( - 'DistributionConfig', self.distribution_config_template()) + 'DistributionConfig', self.distribution_config_template() + ) origin_id = unique_string(prefix=value) item = {"Id": origin_id, "DomainName": value, "OriginPath": ''} if item['DomainName'].endswith('.s3.amazonaws.com'): @@ -140,36 +160,50 @@ class OriginDomainName(ExclusiveArgument item["S3OriginConfig"] = {"OriginAccessIdentity": ""} else: item["CustomOriginConfig"] = { - 'HTTPPort': 80, 'HTTPSPort': 443, - 'OriginProtocolPolicy': 'http-only'} + 'HTTPPort': 80, + 'HTTPSPort': 443, + 'OriginProtocolPolicy': 'http-only', + } parameters['DistributionConfig']['Origins'] = { - "Quantity": 1, "Items": [item]} + "Quantity": 1, + "Items": [item], + } parameters['DistributionConfig']['DefaultCacheBehavior'][ - 'TargetOriginId'] = origin_id + 'TargetOriginId' + ] = origin_id class CreateDefaultRootObject(ExclusiveArgument): def __init__(self, argument_table, help_text=''): super(CreateDefaultRootObject, self).__init__( - 'default-root-object', argument_table, help_text=help_text or ( + 'default-root-object', + argument_table, + help_text=help_text + or ( 'The object that you want CloudFront to return (for example, ' - 'index.html) when a viewer request points to your root URL.')) + 'index.html) when a viewer request points to your root URL.' + ), + ) def add_to_params(self, parameters, value): if value is not None: parameters.setdefault( - 'DistributionConfig', self.distribution_config_template()) + 'DistributionConfig', self.distribution_config_template() + ) parameters['DistributionConfig']['DefaultRootObject'] = value class UpdateDefaultRootObject(CreateDefaultRootObject): def __init__(self, context, argument_table): super(UpdateDefaultRootObject, self).__init__( - argument_table, help_text=( + argument_table, + help_text=( 'The object that you want CloudFront to return (for example, ' 'index.html) when a viewer request points to your root URL. ' 'CLI will automatically make a get-distribution-config call ' - 'to load and preserve your other settings.')) + 'to load and preserve your other settings.' + ), + ) self.context = context def add_to_params(self, parameters, value): @@ -178,7 +212,8 @@ class UpdateDefaultRootObject(CreateDefa 'cloudfront', region_name=self.context['parsed_args'].region, endpoint_url=self.context['parsed_args'].endpoint_url, - verify=self.context['parsed_args'].verify_ssl) + verify=self.context['parsed_args'].verify_ssl, + ) response = client.get_distribution_config(Id=parameters['Id']) parameters['IfMatch'] = response['ETag'] parameters['DistributionConfig'] = response['DistributionConfig'] @@ -210,7 +245,8 @@ class SignCommand(BasicCommand): 'required': True, 'help_text': ( "The active CloudFront key pair Id for the key pair " - "that you're using to generate the signature."), + "that you're using to generate the signature." + ), }, { 'name': 'private-key', @@ -218,43 +254,53 @@ class SignCommand(BasicCommand): 'help_text': 'file://path/to/your/private-key.pem', }, { - 'name': 'date-less-than', 'required': True, - 'help_text': - 'The expiration date and time for the URL. ' + DATE_FORMAT, + 'name': 'date-less-than', + 'required': True, + 'help_text': 'The expiration date and time for the URL. ' + + DATE_FORMAT, }, { 'name': 'date-greater-than', - 'help_text': - 'An optional start date and time for the URL. ' + DATE_FORMAT, + 'help_text': 'An optional start date and time for the URL. ' + + DATE_FORMAT, }, { 'name': 'ip-address', 'help_text': ( 'An optional IP address or IP address range to allow client ' - 'making the GET request from. Format: x.x.x.x/x or x.x.x.x'), + 'making the GET request from. Format: x.x.x.x/x or x.x.x.x' + ), }, ] def _run_main(self, args, parsed_globals): signer = CloudFrontSigner( - args.key_pair_id, RSASigner(args.private_key).sign) + args.key_pair_id, RSASigner(args.private_key).sign + ) date_less_than = parse_to_aware_datetime(args.date_less_than) date_greater_than = args.date_greater_than if date_greater_than is not None: date_greater_than = parse_to_aware_datetime(date_greater_than) if date_greater_than is not None or args.ip_address is not None: policy = signer.build_policy( - args.url, date_less_than, date_greater_than=date_greater_than, - ip_address=args.ip_address) - sys.stdout.write(signer.generate_presigned_url( - args.url, policy=policy)) + args.url, + date_less_than, + date_greater_than=date_greater_than, + ip_address=args.ip_address, + ) + sys.stdout.write( + signer.generate_presigned_url(args.url, policy=policy) + ) else: - sys.stdout.write(signer.generate_presigned_url( - args.url, date_less_than=date_less_than)) + sys.stdout.write( + signer.generate_presigned_url( + args.url, date_less_than=date_less_than + ) + ) return 0 -class RSASigner(object): +class RSASigner: def __init__(self, private_key): key_bytes = private_key.encode('utf8') self.priv_key = RSA.new_private_key_from_pem_data(key_bytes) diff -pruN 2.23.6-1/awscli/customizations/cloudsearch.py 2.31.35-1/awscli/customizations/cloudsearch.py --- 2.23.6-1/awscli/customizations/cloudsearch.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudsearch.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,17 +13,18 @@ import logging -from awscli.customizations.flatten import FlattenArguments, SEP -from awscli.customizations.exceptions import ParamValidationError from botocore.compat import OrderedDict +from awscli.customizations.exceptions import ParamValidationError +from awscli.customizations.flatten import SEP, FlattenArguments + LOG = logging.getLogger(__name__) DEFAULT_VALUE_TYPE_MAP = { 'Int': int, 'Double': float, 'IntArray': int, - 'DoubleArray': float + 'DoubleArray': float, } @@ -71,13 +72,16 @@ FLATTEN_CONFIG = { "define-expression": { "expression": { "keep": False, - "flatten": OrderedDict([ - # Order is crucial here! We're - # flattening ExpressionValue to be "expression", - # but this is the name ("expression") of the our parent - # key, the top level nested param. - ("ExpressionName", {"name": "name"}), - ("ExpressionValue", {"name": "expression"}),]), + "flatten": OrderedDict( + [ + # Order is crucial here! We're + # flattening ExpressionValue to be "expression", + # but this is the name ("expression") of the our parent + # key, the top level nested param. + ("ExpressionName", {"name": "name"}), + ("ExpressionValue", {"name": "expression"}), + ] + ), } }, "define-index-field": { @@ -85,30 +89,57 @@ FLATTEN_CONFIG = { "keep": False, # We use an ordered dict because `type` needs to be parsed before # any of the Options values. - "flatten": OrderedDict([ - ("IndexFieldName", {"name": "name"}), - ("IndexFieldType", {"name": "type"}), - ("IntOptions.DefaultValue", {"name": "default-value", - "type": "string", - "hydrate": index_hydrate}), - ("IntOptions.FacetEnabled", {"name": "facet-enabled", - "hydrate": index_hydrate }), - ("IntOptions.SearchEnabled", {"name": "search-enabled", - "hydrate": index_hydrate}), - ("IntOptions.ReturnEnabled", {"name": "return-enabled", - "hydrate": index_hydrate}), - ("IntOptions.SortEnabled", {"name": "sort-enabled", - "hydrate": index_hydrate}), - ("IntOptions.SourceField", {"name": "source-field", - "type": "string", - "hydrate": index_hydrate }), - ("TextOptions.HighlightEnabled", {"name": "highlight-enabled", - "hydrate": index_hydrate}), - ("TextOptions.AnalysisScheme", {"name": "analysis-scheme", - "hydrate": index_hydrate}) - ]) + "flatten": OrderedDict( + [ + ("IndexFieldName", {"name": "name"}), + ("IndexFieldType", {"name": "type"}), + ( + "IntOptions.DefaultValue", + { + "name": "default-value", + "type": "string", + "hydrate": index_hydrate, + }, + ), + ( + "IntOptions.FacetEnabled", + {"name": "facet-enabled", "hydrate": index_hydrate}, + ), + ( + "IntOptions.SearchEnabled", + {"name": "search-enabled", "hydrate": index_hydrate}, + ), + ( + "IntOptions.ReturnEnabled", + {"name": "return-enabled", "hydrate": index_hydrate}, + ), + ( + "IntOptions.SortEnabled", + {"name": "sort-enabled", "hydrate": index_hydrate}, + ), + ( + "IntOptions.SourceField", + { + "name": "source-field", + "type": "string", + "hydrate": index_hydrate, + }, + ), + ( + "TextOptions.HighlightEnabled", + { + "name": "highlight-enabled", + "hydrate": index_hydrate, + }, + ), + ( + "TextOptions.AnalysisScheme", + {"name": "analysis-scheme", "hydrate": index_hydrate}, + ), + ] + ), } - } + }, } diff -pruN 2.23.6-1/awscli/customizations/cloudsearchdomain.py 2.31.35-1/awscli/customizations/cloudsearchdomain.py --- 2.23.6-1/awscli/customizations/cloudsearchdomain.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudsearchdomain.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,11 +17,14 @@ This module customizes the cloudsearchdo * Add validation that --endpoint-url is required. """ + from awscli.customizations.exceptions import ParamValidationError + def register_cloudsearchdomain(cli): - cli.register_last('calling-command.cloudsearchdomain', - validate_endpoint_url) + cli.register_last( + 'calling-command.cloudsearchdomain', validate_endpoint_url + ) def validate_endpoint_url(parsed_globals, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/cloudtrail/__init__.py 2.31.35-1/awscli/customizations/cloudtrail/__init__.py --- 2.23.6-1/awscli/customizations/cloudtrail/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudtrail/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -28,4 +28,6 @@ def inject_commands(command_table, sessi must not collide with existing low-level API call names. """ command_table['validate-logs'] = CloudTrailValidateLogs(session) - command_table['verify-query-results'] = CloudTrailVerifyQueryResult(session) + command_table['verify-query-results'] = CloudTrailVerifyQueryResult( + session + ) diff -pruN 2.23.6-1/awscli/customizations/cloudtrail/utils.py 2.31.35-1/awscli/customizations/cloudtrail/utils.py --- 2.23.6-1/awscli/customizations/cloudtrail/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudtrail/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,9 +11,10 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from dateutil import tz, parser from datetime import timedelta +from dateutil import parser, tz + DATE_FORMAT = "%Y%m%dT%H%M%SZ" @@ -94,5 +95,6 @@ class PublicKeyProvider: return key["Value"] raise RuntimeError( - "No public keys found for key with fingerprint: %s" % public_key_fingerprint + "No public keys found for key with fingerprint: %s" + % public_key_fingerprint ) diff -pruN 2.23.6-1/awscli/customizations/cloudtrail/validation.py 2.31.35-1/awscli/customizations/cloudtrail/validation.py --- 2.23.6-1/awscli/customizations/cloudtrail/validation.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudtrail/validation.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,24 +12,26 @@ # language governing permissions and limitations under the License. import base64 import binascii -import json import hashlib +import json import logging import re import sys import zlib -from zlib import error as ZLibError from datetime import datetime, timedelta -from dateutil import tz, parser +from zlib import error as ZLibError from awscrt.crypto import RSA, RSASignatureAlgorithm +from botocore.exceptions import ClientError +from dateutil import parser, tz -from awscli.customizations.cloudtrail.utils import get_trail_by_arn, \ - get_account_id_from_arn, PublicKeyProvider +from awscli.customizations.cloudtrail.utils import ( + PublicKeyProvider, + get_account_id_from_arn, + get_trail_by_arn, +) from awscli.customizations.commands import BasicCommand from awscli.customizations.exceptions import ParamValidationError -from botocore.exceptions import ClientError - LOG = logging.getLogger(__name__) DATE_FORMAT = '%Y%m%dT%H%M%SZ' @@ -66,7 +68,7 @@ def parse_date(date_string): return parser.parse(date_string) except ValueError: raise ParamValidationError( - 'Unable to parse date value: %s' % date_string + f'Unable to parse date value: {date_string}' ) @@ -76,16 +78,22 @@ def assert_cloudtrail_arn_is_valid(trail ARNs look like: arn:aws:cloudtrail:us-east-1:123456789012:trail/foo""" pattern = re.compile(r'arn:.+:cloudtrail:.+:\d{12}:trail/.+') if not pattern.match(trail_arn): - raise ParamValidationError( - 'Invalid trail ARN provided: %s' % trail_arn - ) + raise ParamValidationError(f'Invalid trail ARN provided: {trail_arn}') -def create_digest_traverser(cloudtrail_client, organization_client, - s3_client_provider, trail_arn, - trail_source_region=None, on_invalid=None, - on_gap=None, on_missing=None, bucket=None, - prefix=None, account_id=None): +def create_digest_traverser( + cloudtrail_client, + organization_client, + s3_client_provider, + trail_arn, + trail_source_region=None, + on_invalid=None, + on_gap=None, + on_missing=None, + bucket=None, + prefix=None, + account_id=None, +): """Creates a CloudTrail DigestTraverser and its object graph. :type cloudtrail_client: botocore.client.CloudTrail @@ -134,9 +142,11 @@ def create_digest_traverser(cloudtrail_c if not account_id: raise ParamValidationError( "Missing required parameter for organization " - "trail: '--account-id'") + "trail: '--account-id'" + ) organization_id = organization_client.describe_organization()[ - 'Organization']['Id'] + 'Organization' + ]['Id'] # Determine the region from the ARN (e.g., arn:aws:cloudtrail:REGION:...) trail_region = trail_arn.split(':')[3] @@ -147,24 +157,31 @@ def create_digest_traverser(cloudtrail_c account_id = get_account_id_from_arn(trail_arn) digest_provider = DigestProvider( - account_id=account_id, trail_name=trail_name, + account_id=account_id, + trail_name=trail_name, s3_client_provider=s3_client_provider, trail_source_region=trail_source_region, trail_home_region=trail_region, - organization_id=organization_id) + organization_id=organization_id, + ) return DigestTraverser( - digest_provider=digest_provider, starting_bucket=bucket, - starting_prefix=prefix, on_invalid=on_invalid, on_gap=on_gap, + digest_provider=digest_provider, + starting_bucket=bucket, + starting_prefix=prefix, + on_invalid=on_invalid, + on_gap=on_gap, on_missing=on_missing, - public_key_provider=PublicKeyProvider(cloudtrail_client)) + public_key_provider=PublicKeyProvider(cloudtrail_client), + ) -class S3ClientProvider(object): +class S3ClientProvider: """Creates Amazon S3 clients and determines the region name of a client. This class will cache the location constraints of previously requested buckets and cache previously created clients for the same region. """ + def __init__(self, session, get_bucket_location_region='us-east-1'): self._session = session self._get_bucket_location_region = get_bucket_location_region @@ -196,26 +213,30 @@ class S3ClientProvider(object): class DigestError(ValueError): """Exception raised when a digest fails to validate""" + pass class DigestSignatureError(DigestError): """Exception raised when a digest signature is invalid""" + def __init__(self, bucket, key): - message = ('Digest file\ts3://%s/%s\tINVALID: signature verification ' - 'failed') % (bucket, key) + message = ( + f'Digest file\ts3://{bucket}/{key}\tINVALID: signature verification ' + 'failed' + ) super(DigestSignatureError, self).__init__(message) class InvalidDigestFormat(DigestError): """Exception raised when a digest has an invalid format""" + def __init__(self, bucket, key): - message = 'Digest file\ts3://%s/%s\tINVALID: invalid format' % (bucket, - key) + message = f'Digest file\ts3://{bucket}/{key}\tINVALID: invalid format' super(InvalidDigestFormat, self).__init__(message) -class DigestProvider(object): +class DigestProvider: """ Retrieves digest keys and digests from Amazon S3. @@ -224,9 +245,16 @@ class DigestProvider(object): dict. This class is not responsible for validation or iterating from one digest to the next. """ - def __init__(self, s3_client_provider, account_id, trail_name, - trail_home_region, trail_source_region=None, - organization_id=None): + + def __init__( + self, + s3_client_provider, + account_id, + trail_name, + trail_home_region, + trail_source_region=None, + organization_id=None, + ): self._client_provider = s3_client_provider self.trail_name = trail_name self.account_id = account_id @@ -254,7 +282,8 @@ class DigestProvider(object): target_start_date = format_date(normalize_date(start_date)) # Add one hour to the end_date to get logs that spilled over to next. target_end_date = format_date( - normalize_date(end_date + timedelta(hours=1))) + normalize_date(end_date + timedelta(hours=1)) + ) # Ensure digests are from the same trail. digest_key_regex = re.compile(self._create_digest_key_regex(prefix)) for key in key_filter: @@ -276,19 +305,23 @@ class DigestProvider(object): client = self._client_provider.get_client(bucket) result = client.get_object(Bucket=bucket, Key=key) try: - digest = zlib.decompress(result['Body'].read(), - zlib.MAX_WBITS | 16) + digest = zlib.decompress( + result['Body'].read(), zlib.MAX_WBITS | 16 + ) digest_data = json.loads(digest.decode()) except (ValueError, ZLibError): # Cannot gzip decode or JSON parse. raise InvalidDigestFormat(bucket, key) # Add the expected digest signature and algorithm to the dict. - if 'signature' not in result['Metadata'] \ - or 'signature-algorithm' not in result['Metadata']: + if ( + 'signature' not in result['Metadata'] + or 'signature-algorithm' not in result['Metadata'] + ): raise DigestSignatureError(bucket, key) digest_data['_signature'] = result['Metadata']['signature'] - digest_data['_signature_algorithm'] = \ - result['Metadata']['signature-algorithm'] + digest_data['_signature_algorithm'] = result['Metadata'][ + 'signature-algorithm' + ] return digest_data, digest def _create_digest_key(self, start_date, key_prefix): @@ -310,7 +343,7 @@ class DigestProvider(object): 'ymd': date.strftime('%Y/%m/%d'), 'source_region': self.trail_source_region, 'home_region': self.trail_home_region, - 'name': self.trail_name + 'name': self.trail_name, } if self.organization_id: template += '{organization_id}/' @@ -332,7 +365,7 @@ class DigestProvider(object): 'account_id': re.escape(self.account_id), 'source_region': re.escape(self.trail_source_region), 'home_region': re.escape(self.trail_home_region), - 'name': re.escape(self.trail_name) + 'name': re.escape(self.trail_name), } if self.organization_id: template += '{organization_id}/' @@ -348,17 +381,31 @@ class DigestProvider(object): return '^' + key + '$' -class DigestTraverser(object): +class DigestTraverser: """Retrieves and validates digests within a date range.""" + # These keys are required to be present before validating the contents # of a digest. - required_digest_keys = ['digestPublicKeyFingerprint', 'digestS3Bucket', - 'digestS3Object', 'previousDigestSignature', - 'digestEndTime', 'digestStartTime'] - - def __init__(self, digest_provider, starting_bucket, starting_prefix, - public_key_provider, digest_validator=None, - on_invalid=None, on_gap=None, on_missing=None): + required_digest_keys = [ + 'digestPublicKeyFingerprint', + 'digestS3Bucket', + 'digestS3Object', + 'previousDigestSignature', + 'digestEndTime', + 'digestStartTime', + ] + + def __init__( + self, + digest_provider, + starting_bucket, + starting_prefix, + public_key_provider, + digest_validator=None, + on_invalid=None, + on_gap=None, + on_missing=None, + ): """ :type digest_provider: DigestProvider :param digest_provider: DigestProvider object @@ -409,57 +456,91 @@ class DigestTraverser(object): while key and start_date <= last_start_date: try: digest, end_date = self._load_and_validate_digest( - public_keys, bucket, key) + public_keys, bucket, key + ) last_start_date = normalize_date( - parse_date(digest['digestStartTime'])) + parse_date(digest['digestStartTime']) + ) previous_bucket = digest.get('previousDigestS3Bucket', None) yield digest if previous_bucket is None: # The chain is broken, so find next in digest store. key, end_date = self._find_next_digest( - digests=digests, bucket=bucket, last_key=key, - last_start_date=last_start_date, cb=self._on_gap, - is_cb_conditional=True) + digests=digests, + bucket=bucket, + last_key=key, + last_start_date=last_start_date, + cb=self._on_gap, + is_cb_conditional=True, + ) else: key = digest['previousDigestS3Object'] if previous_bucket != bucket: bucket = previous_bucket # The bucket changed so reload the digest list. digests = self._load_digests( - bucket, prefix, start_date, end_date) + bucket, prefix, start_date, end_date + ) except ClientError as e: if e.response['Error']['Code'] != 'NoSuchKey': raise e key, end_date = self._find_next_digest( - digests=digests, bucket=bucket, last_key=key, - last_start_date=last_start_date, cb=self._on_missing, - message=str(e)) + digests=digests, + bucket=bucket, + last_key=key, + last_start_date=last_start_date, + cb=self._on_missing, + message=str(e), + ) except DigestError as e: key, end_date = self._find_next_digest( - digests=digests, bucket=bucket, last_key=key, - last_start_date=last_start_date, cb=self._on_invalid, - message=str(e)) + digests=digests, + bucket=bucket, + last_key=key, + last_start_date=last_start_date, + cb=self._on_invalid, + message=str(e), + ) except Exception as e: # Any other unexpected errors. key, end_date = self._find_next_digest( - digests=digests, bucket=bucket, last_key=key, - last_start_date=last_start_date, cb=self._on_invalid, - message='Digest file\ts3://%s/%s\tINVALID: %s' - % (bucket, key, str(e))) + digests=digests, + bucket=bucket, + last_key=key, + last_start_date=last_start_date, + cb=self._on_invalid, + message=f'Digest file\ts3://{bucket}/{key}\tINVALID: {str(e)}', + ) def _load_digests(self, bucket, prefix, start_date, end_date): return self.digest_provider.load_digest_keys_in_range( - bucket=bucket, prefix=prefix, - start_date=start_date, end_date=end_date) + bucket=bucket, + prefix=prefix, + start_date=start_date, + end_date=end_date, + ) - def _find_next_digest(self, digests, bucket, last_key, last_start_date, - cb=None, is_cb_conditional=False, message=None): + def _find_next_digest( + self, + digests, + bucket, + last_key, + last_start_date, + cb=None, + is_cb_conditional=False, + message=None, + ): """Finds the next digest in the bucket and invokes any callback.""" next_key, next_end_date = self._get_last_digest(digests, last_key) if cb and (not is_cb_conditional or next_key): - cb(bucket=bucket, next_key=next_key, last_key=last_key, - next_end_date=next_end_date, last_start_date=last_start_date, - message=message) + cb( + bucket=bucket, + next_key=next_key, + last_key=last_key, + next_end_date=next_end_date, + last_start_date=last_start_date, + message=message, + ) return next_key, next_end_date def _get_last_digest(self, digests, before_key=None): @@ -474,14 +555,16 @@ class DigestTraverser(object): elif before_key is None: next_key = digests.pop() next_key_date = normalize_date( - parse_date(extract_digest_key_date(next_key))) + parse_date(extract_digest_key_date(next_key)) + ) return next_key, next_key_date # find a key before the given key. before_key_date = parse_date(extract_digest_key_date(before_key)) while digests: next_key = digests.pop() next_key_date = normalize_date( - parse_date(extract_digest_key_date(next_key))) + parse_date(extract_digest_key_date(next_key)) + ) if next_key_date < before_key_date: LOG.debug("Next found key: %s", next_key) return next_key, next_key_date @@ -499,37 +582,40 @@ class DigestTraverser(object): if required_key not in digest_data: raise InvalidDigestFormat(bucket, key) # Ensure the bucket and key are the same as what's expected. - if digest_data['digestS3Bucket'] != bucket \ - or digest_data['digestS3Object'] != key: + if ( + digest_data['digestS3Bucket'] != bucket + or digest_data['digestS3Object'] != key + ): raise DigestError( - ('Digest file\ts3://%s/%s\tINVALID: has been moved from its ' - 'original location') % (bucket, key)) + f'Digest file\ts3://{bucket}/{key}\tINVALID: has been moved from its ' + 'original location' + ) # Get the public keys in the given time range. fingerprint = digest_data['digestPublicKeyFingerprint'] if fingerprint not in public_keys: raise DigestError( - ('Digest file\ts3://%s/%s\tINVALID: public key not found in ' - 'region %s for fingerprint %s') % - (bucket, key, self.digest_provider.trail_home_region, - fingerprint)) + f'Digest file\ts3://{bucket}/{key}\tINVALID: public key not found in ' + f'region {self.digest_provider.trail_home_region} for fingerprint {fingerprint}' + ) public_key_hex = public_keys[fingerprint]['Value'] self._digest_validator.validate( - bucket, key, public_key_hex, digest_data, digest) + bucket, key, public_key_hex, digest_data, digest + ) end_date = normalize_date(parse_date(digest_data['digestEndTime'])) return digest_data, end_date def _load_public_keys(self, start_date, end_date): public_keys = self._public_key_provider.get_public_keys( - start_date, end_date) + start_date, end_date + ) if not public_keys: raise RuntimeError( - 'No public keys found between %s and %s' % - (format_display_date(start_date), - format_display_date(end_date))) + f'No public keys found between {format_display_date(start_date)} and {format_display_date(end_date)}' + ) return public_keys -class Sha256RSADigestValidator(object): +class Sha256RSADigestValidator: """ Validates SHA256withRSA signed digests. @@ -554,17 +640,21 @@ class Sha256RSADigestValidator(object): public_key = RSA.new_public_key_from_der_data(decoded_key) except RuntimeError: raise DigestError( - ('Digest file\ts3://%s/%s\tINVALID: Unable to load PKCS #1 key' - ' with fingerprint %s') - % (bucket, key, digest_data['digestPublicKeyFingerprint'])) + ( + 'Digest file\ts3://{}/{}\tINVALID: Unable to load PKCS #1 key' + ' with fingerprint {}' + ).format( + bucket, key, digest_data['digestPublicKeyFingerprint'] + ) + ) to_sign = self._create_string_to_sign(digest_data, inflated_digest) signature_bytes = binascii.unhexlify(digest_data['_signature']) result = public_key.verify( - signature_algorithm=RSASignatureAlgorithm.PKCS1_5_SHA256, - digest=hashlib.sha256(to_sign).digest(), - signature=signature_bytes + signature_algorithm=RSASignatureAlgorithm.PKCS1_5_SHA256, + digest=hashlib.sha256(to_sign).digest(), + signature=signature_bytes, ) if not result: # The previous implementation caught a cryptography.exceptions.InvalidSignature @@ -577,12 +667,13 @@ class Sha256RSADigestValidator(object): if previous_signature is None: # The value must be 'null' to match the Java implementation. previous_signature = 'null' - string_to_sign = "%s\n%s/%s\n%s\n%s" % ( + string_to_sign = "{}\n{}/{}\n{}\n{}".format( digest_data['digestEndTime'], digest_data['digestS3Bucket'], digest_data['digestS3Object'], hashlib.sha256(inflated_digest).hexdigest(), - previous_signature) + previous_signature, + ) LOG.debug('Digest string to sign: %s', string_to_sign) return string_to_sign.encode() @@ -591,6 +682,7 @@ class CloudTrailValidateLogs(BasicComman """ Validates log digests and log files, optionally saving them to disk. """ + NAME = 'validate-logs' DESCRIPTION = """ Validates CloudTrail logs for a given period of time. @@ -637,34 +729,67 @@ class CloudTrailValidateLogs(BasicComman """ ARG_TABLE = [ - {'name': 'trail-arn', 'required': True, 'cli_type_name': 'string', - 'help_text': 'Specifies the ARN of the trail to be validated'}, - {'name': 'start-time', 'required': True, 'cli_type_name': 'string', - 'help_text': ('Specifies that log files delivered on or after the ' - 'specified UTC timestamp value will be validated. ' - 'Example: "2015-01-08T05:21:42Z".')}, - {'name': 'end-time', 'cli_type_name': 'string', - 'help_text': ('Optionally specifies that log files delivered on or ' - 'before the specified UTC timestamp value will be ' - 'validated. The default value is the current time. ' - 'Example: "2015-01-08T12:31:41Z".')}, - {'name': 's3-bucket', 'cli_type_name': 'string', - 'help_text': ('Optionally specifies the S3 bucket where the digest ' - 'files are stored. If a bucket name is not specified, ' - 'the CLI will retrieve it by calling describe_trails')}, - {'name': 's3-prefix', 'cli_type_name': 'string', - 'help_text': ('Optionally specifies the optional S3 prefix where the ' - 'digest files are stored. If not specified, the CLI ' - 'will determine the prefix automatically by calling ' - 'describe_trails.')}, - {'name': 'account-id', 'cli_type_name': 'string', - 'help_text': ('Optionally specifies the account for validating logs. ' - 'This parameter is needed for organization trails ' - 'for validating logs for specific account inside an ' - 'organization')}, - {'name': 'verbose', 'cli_type_name': 'boolean', - 'action': 'store_true', - 'help_text': 'Display verbose log validation information'} + { + 'name': 'trail-arn', + 'required': True, + 'cli_type_name': 'string', + 'help_text': 'Specifies the ARN of the trail to be validated', + }, + { + 'name': 'start-time', + 'required': True, + 'cli_type_name': 'string', + 'help_text': ( + 'Specifies that log files delivered on or after the ' + 'specified UTC timestamp value will be validated. ' + 'Example: "2015-01-08T05:21:42Z".' + ), + }, + { + 'name': 'end-time', + 'cli_type_name': 'string', + 'help_text': ( + 'Optionally specifies that log files delivered on or ' + 'before the specified UTC timestamp value will be ' + 'validated. The default value is the current time. ' + 'Example: "2015-01-08T12:31:41Z".' + ), + }, + { + 'name': 's3-bucket', + 'cli_type_name': 'string', + 'help_text': ( + 'Optionally specifies the S3 bucket where the digest ' + 'files are stored. If a bucket name is not specified, ' + 'the CLI will retrieve it by calling describe_trails' + ), + }, + { + 'name': 's3-prefix', + 'cli_type_name': 'string', + 'help_text': ( + 'Optionally specifies the optional S3 prefix where the ' + 'digest files are stored. If not specified, the CLI ' + 'will determine the prefix automatically by calling ' + 'describe_trails.' + ), + }, + { + 'name': 'account-id', + 'cli_type_name': 'string', + 'help_text': ( + 'Optionally specifies the account for validating logs. ' + 'This parameter is needed for organization trails ' + 'for validating logs for specific account inside an ' + 'organization' + ), + }, + { + 'name': 'verbose', + 'cli_type_name': 'boolean', + 'action': 'store_true', + 'help_text': 'Display verbose log validation information', + }, ] def __init__(self, session): @@ -722,26 +847,36 @@ class CloudTrailValidateLogs(BasicComman self._source_region = parsed_globals.region # Use the the same region as the region of the CLI to get locations. self.s3_client_provider = S3ClientProvider( - self._session, self._source_region) - client_args = {'region_name': parsed_globals.region, - 'verify': parsed_globals.verify_ssl} + self._session, self._source_region + ) + client_args = { + 'region_name': parsed_globals.region, + 'verify': parsed_globals.verify_ssl, + } self.organization_client = self._session.create_client( - 'organizations', **client_args) + 'organizations', **client_args + ) if parsed_globals.endpoint_url is not None: client_args['endpoint_url'] = parsed_globals.endpoint_url self.cloudtrail_client = self._session.create_client( - 'cloudtrail', **client_args) + 'cloudtrail', **client_args + ) def _call(self): traverser = create_digest_traverser( - trail_arn=self.trail_arn, cloudtrail_client=self.cloudtrail_client, + trail_arn=self.trail_arn, + cloudtrail_client=self.cloudtrail_client, organization_client=self.organization_client, trail_source_region=self._source_region, - s3_client_provider=self.s3_client_provider, bucket=self.s3_bucket, - prefix=self.s3_prefix, on_missing=self._on_missing_digest, - on_invalid=self._on_invalid_digest, on_gap=self._on_digest_gap, - account_id=self.account_id) + s3_client_provider=self.s3_client_provider, + bucket=self.s3_bucket, + prefix=self.s3_prefix, + on_missing=self._on_missing_digest, + on_invalid=self._on_invalid_digest, + on_gap=self._on_digest_gap, + account_id=self.account_id, + ) self._write_startup_text() digests = traverser.traverse(self.start_time, self.end_time) for digest in digests: @@ -750,8 +885,10 @@ class CloudTrailValidateLogs(BasicComman self._track_found_times(digest) self._valid_digests += 1 self._write_status( - 'Digest file\ts3://%s/%s\tvalid' - % (digest['digestS3Bucket'], digest['digestS3Object'])) + 'Digest file\ts3://{}/{}\tvalid'.format( + digest['digestS3Bucket'], digest['digestS3Object'] + ) + ) if not digest['logFiles']: continue for log in digest['logFiles']: @@ -771,12 +908,13 @@ class CloudTrailValidateLogs(BasicComman self._found_end_time = min(digest_end_time, self.end_time) def _download_log(self, log): - """ Download a log, decompress, and compare SHA256 checksums""" + """Download a log, decompress, and compare SHA256 checksums""" try: # Create a client that can work with this bucket. client = self.s3_client_provider.get_client(log['s3Bucket']) response = client.get_object( - Bucket=log['s3Bucket'], Key=log['s3Object']) + Bucket=log['s3Bucket'], Key=log['s3Object'] + ) gzip_inflater = zlib.decompressobj(zlib.MAX_WBITS | 16) rolling_hash = hashlib.sha256() for chunk in iter(lambda: response['Body'].read(2048), b""): @@ -790,8 +928,9 @@ class CloudTrailValidateLogs(BasicComman self._on_log_invalid(log) else: self._valid_logs += 1 - self._write_status(('Log file\ts3://%s/%s\tvalid' - % (log['s3Bucket'], log['s3Object']))) + self._write_status( + f"Log file\ts3://{log['s3Bucket']}/{log['s3Object']}\tvalid" + ) except ClientError as e: if e.response['Error']['Code'] != 'NoSuchKey': raise @@ -802,35 +941,34 @@ class CloudTrailValidateLogs(BasicComman def _write_status(self, message, is_error=False): if is_error: if self._is_last_status_double_space: - sys.stderr.write("%s\n\n" % message) + sys.stderr.write(f"{message}\n\n") else: - sys.stderr.write("\n%s\n\n" % message) + sys.stderr.write(f"\n{message}\n\n") self._is_last_status_double_space = True elif self.is_verbose: self._is_last_status_double_space = False - sys.stdout.write("%s\n" % message) + sys.stdout.write(f"{message}\n") def _write_startup_text(self): sys.stdout.write( - 'Validating log files for trail %s between %s and %s\n\n' - % (self.trail_arn, format_display_date(self.start_time), - format_display_date(self.end_time))) + f'Validating log files for trail {self.trail_arn} between {format_display_date(self.start_time)} and {format_display_date(self.end_time)}\n\n' + ) def _write_summary_text(self): if not self._is_last_status_double_space: sys.stdout.write('\n') - sys.stdout.write('Results requested for %s to %s\n' - % (format_display_date(self.start_time), - format_display_date(self.end_time))) + sys.stdout.write( + f'Results requested for {format_display_date(self.start_time)} to {format_display_date(self.end_time)}\n' + ) if not self._valid_digests and not self._invalid_digests: sys.stdout.write('No digests found\n') return if not self._found_start_time or not self._found_end_time: sys.stdout.write('No valid digests found in range\n') else: - sys.stdout.write('Results found for %s to %s:\n' - % (format_display_date(self._found_start_time), - format_display_date(self._found_end_time))) + sys.stdout.write( + f'Results found for {format_display_date(self._found_start_time)} to {format_display_date(self._found_end_time)}:\n' + ) self._write_ratio(self._valid_digests, self._invalid_digests, 'digest') self._write_ratio(self._valid_logs, self._invalid_logs, 'log') sys.stdout.write('\n') @@ -840,19 +978,25 @@ class CloudTrailValidateLogs(BasicComman if total > 0: sys.stdout.write('\n%d/%d %s files valid' % (valid, total, name)) if invalid > 0: - sys.stdout.write(', %d/%d %s files INVALID' % (invalid, total, - name)) + sys.stdout.write( + ', %d/%d %s files INVALID' % (invalid, total, name) + ) def _on_missing_digest(self, bucket, last_key, **kwargs): self._invalid_digests += 1 - self._write_status('Digest file\ts3://%s/%s\tINVALID: not found' - % (bucket, last_key), True) + self._write_status( + f'Digest file\ts3://{bucket}/{last_key}\tINVALID: not found', + True, + ) def _on_digest_gap(self, **kwargs): self._write_status( - 'No log files were delivered by CloudTrail between %s and %s' - % (format_display_date(kwargs['next_end_date']), - format_display_date(kwargs['last_start_date'])), True) + 'No log files were delivered by CloudTrail between {} and {}'.format( + format_display_date(kwargs['next_end_date']), + format_display_date(kwargs['last_start_date']), + ), + True, + ) def _on_invalid_digest(self, message, **kwargs): self._invalid_digests += 1 @@ -861,17 +1005,28 @@ class CloudTrailValidateLogs(BasicComman def _on_invalid_log_format(self, log_data): self._invalid_logs += 1 self._write_status( - ('Log file\ts3://%s/%s\tINVALID: invalid format' - % (log_data['s3Bucket'], log_data['s3Object'])), True) + ( + 'Log file\ts3://{}/{}\tINVALID: invalid format'.format( + log_data['s3Bucket'], log_data['s3Object'] + ) + ), + True, + ) def _on_log_invalid(self, log_data): self._invalid_logs += 1 self._write_status( - "Log file\ts3://%s/%s\tINVALID: hash value doesn't match" - % (log_data['s3Bucket'], log_data['s3Object']), True) + "Log file\ts3://{}/{}\tINVALID: hash value doesn't match".format( + log_data['s3Bucket'], log_data['s3Object'] + ), + True, + ) def _on_missing_log(self, log_data): self._invalid_logs += 1 self._write_status( - 'Log file\ts3://%s/%s\tINVALID: not found' - % (log_data['s3Bucket'], log_data['s3Object']), True) + 'Log file\ts3://{}/{}\tINVALID: not found'.format( + log_data['s3Bucket'], log_data['s3Object'] + ), + True, + ) diff -pruN 2.23.6-1/awscli/customizations/cloudtrail/verifyqueryresults.py 2.31.35-1/awscli/customizations/cloudtrail/verifyqueryresults.py --- 2.23.6-1/awscli/customizations/cloudtrail/verifyqueryresults.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/cloudtrail/verifyqueryresults.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,17 +1,19 @@ import base64 import binascii -import json import hashlib +import json import sys from abc import ABC, abstractmethod from os import path -from awscli.customizations.exceptions import ParamValidationError - from awscrt.crypto import RSA, RSASignatureAlgorithm +from awscli.customizations.cloudtrail.utils import ( + PublicKeyProvider, + parse_date, +) from awscli.customizations.commands import BasicCommand -from awscli.customizations.cloudtrail.utils import parse_date, PublicKeyProvider +from awscli.customizations.exceptions import ParamValidationError SIGN_FILE_NAME = "result_sign.json" @@ -65,8 +67,10 @@ class Sha256RsaSignatureValidator: signature_bytes = binascii.unhexlify(sign_file["hashSignature"]) result = public_key.verify( signature_algorithm=RSASignatureAlgorithm.PKCS1_5_SHA256, - digest=hashlib.sha256(self._create_string_to_sign(sign_file)).digest(), - signature=signature_bytes + digest=hashlib.sha256( + self._create_string_to_sign(sign_file) + ).digest(), + signature=signature_bytes, ) if not result: # The previous implementation caught a cryptography.exceptions.InvalidSignature @@ -187,7 +191,6 @@ class S3ExportFilesHashValidator(BaseExp s3_bucket=None, s3_path_prefix=None, ): - self._s3_client = s3_client self._s3_bucket = s3_bucket self._s3_path_prefix = s3_path_prefix @@ -197,9 +200,13 @@ class S3ExportFilesHashValidator(BaseExp for file_info in sign_file["files"]: key = self._s3_path_prefix + file_info["fileName"] - response = self._s3_client.get_object(Bucket=self._s3_bucket, Key=key) + response = self._s3_client.get_object( + Bucket=self._s3_bucket, Key=key + ) self._validate_hash_value( - response["Body"], file_info["fileName"], file_info["fileHashValue"] + response["Body"], + file_info["fileName"], + file_info["fileHashValue"], ) @@ -218,7 +225,9 @@ class LocalExportFilesHashValidator(Base path.join(self.local_path_prefix, file_info["fileName"]), "rb" ) as export_file: self._validate_hash_value( - export_file, file_info["fileName"], file_info["fileHashValue"] + export_file, + file_info["fileName"], + file_info["fileHashValue"], ) @@ -250,7 +259,7 @@ class CloudTrailVerifyQueryResult(BasicC CloudTrail delivered them. .. note:: - For verify export file from S3, this command requires that the user or + For verify export file from S3, this command requires that the user or role executing the command has permission to call GetObject, and GetBucketLocation for the bucket that store the export file. """ @@ -358,7 +367,9 @@ class CloudTrailVerifyQueryResult(BasicC ) signature_validator.validate(public_key, sign_file) self._return_code = 0 - sys.stdout.write("Successfully validated sign and query result files\n") + sys.stdout.write( + "Successfully validated sign and query result files\n" + ) def _initialize_components( self, diff -pruN 2.23.6-1/awscli/customizations/codeartifact/login.py 2.31.35-1/awscli/customizations/codeartifact/login.py --- 2.23.6-1/awscli/customizations/codeartifact/login.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codeartifact/login.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,25 +1,21 @@ import errno import os import platform -import sys -import subprocess import re - +import subprocess +import sys from configparser import RawConfigParser +from datetime import datetime from io import StringIO from urllib.parse import urlsplit -from datetime import datetime -from dateutil.tz import tzutc +from botocore.utils import original_ld_library_path, parse_timestamp from dateutil.relativedelta import relativedelta -from botocore.utils import parse_timestamp +from dateutil.tz import tzutc -from awscli.compat import ( - is_windows, urlparse, get_stderr_encoding, is_macos -) +from awscli.compat import get_stderr_encoding, is_macos, is_windows, urlparse from awscli.customizations import utils as cli_utils from awscli.customizations.commands import BasicCommand -from awscli.utils import original_ld_library_path from awscli.customizations.utils import uni_print @@ -45,7 +41,7 @@ class CommandFailedError(Exception): def __init__(self, called_process_error, auth_token): msg = str(called_process_error).replace(auth_token, '******') if called_process_error.stderr is not None: - msg +=( + msg += ( f' Stderr from command:\n' f'{called_process_error.stderr.decode(get_stderr_encoding())}' ) @@ -55,8 +51,16 @@ class CommandFailedError(Exception): class BaseLogin: _TOOL_NOT_FOUND_MESSAGE = '%s was not found. Please verify installation.' - def __init__(self, auth_token, expiration, repository_endpoint, - domain, repository, subprocess_utils, namespace=None): + def __init__( + self, + auth_token, + expiration, + repository_endpoint, + domain, + repository, + subprocess_utils, + namespace=None, + ): self.auth_token = auth_token self.expiration = expiration self.repository_endpoint = repository_endpoint @@ -79,15 +83,18 @@ class BaseLogin: # for some corner case # e.g. 11 hours 59 minutes 31 seconds should output --> 12 hours. remaining = relativedelta( - self.expiration, datetime.now(tzutc())) + relativedelta(seconds=30) + self.expiration, datetime.now(tzutc()) + ) + relativedelta(seconds=30) expiration_message = get_relative_expiration_time(remaining) - sys.stdout.write('Successfully configured {} to use ' - 'AWS CodeArtifact repository {} ' - .format(tool, self.repository_endpoint)) + sys.stdout.write( + f'Successfully configured {tool} to use ' + f'AWS CodeArtifact repository {self.repository_endpoint} ' + ) sys.stdout.write(os.linesep) - sys.stdout.write('Login expires in {} at {}'.format( - expiration_message, self.expiration)) + sys.stdout.write( + f'Login expires in {expiration_message} at {self.expiration}' + ) sys.stdout.write(os.linesep) def _run_commands(self, tool, commands, dry_run=False): @@ -113,9 +120,7 @@ class BaseLogin: raise CommandFailedError(ex, self.auth_token) except OSError as ex: if ex.errno == errno.ENOENT: - raise ValueError( - self._TOOL_NOT_FOUND_MESSAGE % tool - ) + raise ValueError(self._TOOL_NOT_FOUND_MESSAGE % tool) raise ex @classmethod @@ -124,18 +129,15 @@ class BaseLogin: class SwiftLogin(BaseLogin): + DEFAULT_NETRC_FMT = 'machine {hostname} login token password {auth_token}' - DEFAULT_NETRC_FMT = \ - u'machine {hostname} login token password {auth_token}' - - NETRC_REGEX_FMT = \ - r'(?P\bmachine\s+{escaped_hostname}\s+login\s+\S+\s+password\s+)' \ + NETRC_REGEX_FMT = ( + r'(?P\bmachine\s+{escaped_hostname}\s+login\s+\S+\s+password\s+)' r'(?P\S+)' + ) def login(self, dry_run=False): - scope = self.get_scope( - self.namespace - ) + scope = self.get_scope(self.namespace) commands = self.get_commands( self.repository_endpoint, self.auth_token, scope=scope ) @@ -143,13 +145,14 @@ class SwiftLogin(BaseLogin): if not is_macos: hostname = urlparse.urlparse(self.repository_endpoint).hostname new_entry = self.DEFAULT_NETRC_FMT.format( - hostname=hostname, - auth_token=self.auth_token + hostname=hostname, auth_token=self.auth_token ) if dry_run: self._display_new_netrc_entry(new_entry, self.get_netrc_path()) else: - self._update_netrc_entry(hostname, new_entry, self.get_netrc_path()) + self._update_netrc_entry( + hostname, new_entry, self.get_netrc_path() + ) self._run_commands('swift', commands, dry_run) @@ -171,22 +174,22 @@ class SwiftLogin(BaseLogin): def _update_netrc_entry(self, hostname, new_entry, netrc_path): pattern = re.compile( self.NETRC_REGEX_FMT.format(escaped_hostname=re.escape(hostname)), - re.M + re.M, ) if not os.path.isfile(netrc_path): self._create_netrc_file(netrc_path, new_entry) else: - with open(netrc_path, 'r') as f: + with open(netrc_path) as f: contents = f.read() escaped_auth_token = self.auth_token.replace('\\', r'\\') new_contents = re.sub( - pattern, - rf"\g{escaped_auth_token}", - contents + pattern, rf"\g{escaped_auth_token}", contents ) if new_contents == contents: - new_contents = self._append_netrc_entry(new_contents, new_entry) + new_contents = self._append_netrc_entry( + new_contents, new_entry + ) with open(netrc_path, 'w') as f: f.write(new_contents) @@ -195,8 +198,9 @@ class SwiftLogin(BaseLogin): dirname = os.path.split(netrc_path)[0] if not os.path.isdir(dirname): os.makedirs(dirname) - with os.fdopen(os.open(netrc_path, - os.O_WRONLY | os.O_CREAT, 0o600), 'w') as f: + with os.fdopen( + os.open(netrc_path, os.O_WRONLY | os.O_CREAT, 0o600), 'w' + ) as f: f.write(new_entry + '\n') def _append_netrc_entry(self, contents, new_entry): @@ -234,9 +238,7 @@ class SwiftLogin(BaseLogin): scope = kwargs.get('scope') # Set up the codeartifact repository as the swift registry. - set_registry_command = [ - 'swift', 'package-registry', 'set', endpoint - ] + set_registry_command = ['swift', 'package-registry', 'set', endpoint] if scope is not None: set_registry_command.extend(['--scope', scope]) commands.append(set_registry_command) @@ -245,7 +247,10 @@ class SwiftLogin(BaseLogin): # We will write token to .netrc for Linux and Windows # MacOS will store the token from command line option to Keychain login_registry_command = [ - 'swift', 'package-registry', 'login', f'{endpoint}login' + 'swift', + 'package-registry', + 'login', + f'{endpoint}login', ] if is_macos: login_registry_command.extend(['--token', auth_token]) @@ -293,7 +298,9 @@ class NuGetBaseLogin(BaseLogin): ) source_configured_message = self._SOURCE_UPDATED_MESSAGE else: - command = self._get_configure_command('add', nuget_index_url, source_name) + command = self._get_configure_command( + 'add', nuget_index_url, source_name + ) source_configured_message = self._SOURCE_ADDED_MESSAGE if dry_run: @@ -305,9 +312,7 @@ class NuGetBaseLogin(BaseLogin): try: with original_ld_library_path(): self.subprocess_utils.run( - command, - capture_output=True, - check=True + command, capture_output=True, check=True ) except subprocess.CalledProcessError as e: uni_print('Failed to update the NuGet.Config\n') @@ -339,8 +344,7 @@ class NuGetBaseLogin(BaseLogin): """ with original_ld_library_path(): response = self.subprocess_utils.check_output( - self._get_list_command(), - stderr=self.subprocess_utils.PIPE + self._get_list_command(), stderr=self.subprocess_utils.PIPE ) lines = response.decode(os.device_encoding(1) or "utf-8").splitlines() @@ -350,13 +354,14 @@ class NuGetBaseLogin(BaseLogin): for i in range(len(lines)): result = self._SOURCE_REGEX.match(lines[i].strip()) if result: - source_to_url_dict[result["source_name"].strip()] = \ - lines[i + 1].strip() + source_to_url_dict[result["source_name"].strip()] = lines[ + i + 1 + ].strip() return source_to_url_dict def _get_source_name(self, codeartifact_url, source_dict): - default_name = '{}/{}'.format(self.domain, self.repository) + default_name = f'{self.domain}/{self.repository}' # Check if the CodeArtifact URL is already present in the # NuGet.Config file. If the URL already exists, use the source name @@ -387,7 +392,6 @@ class NuGetBaseLogin(BaseLogin): class NuGetLogin(NuGetBaseLogin): - def _get_tool_name(self): return 'nuget' @@ -396,16 +400,21 @@ class NuGetLogin(NuGetBaseLogin): def _get_configure_command(self, operation, nuget_index_url, source_name): return [ - 'nuget', 'sources', operation, - '-name', source_name, - '-source', nuget_index_url, - '-username', 'aws', - '-password', self.auth_token + 'nuget', + 'sources', + operation, + '-name', + source_name, + '-source', + nuget_index_url, + '-username', + 'aws', + '-password', + self.auth_token, ] class DotNetLogin(NuGetBaseLogin): - def _get_tool_name(self): return 'dotnet' @@ -422,10 +431,7 @@ class DotNetLogin(NuGetBaseLogin): command.append(source_name) command += ['--source', nuget_index_url] - command += [ - '--username', 'aws', - '--password', self.auth_token - ] + command += ['--username', 'aws', '--password', self.auth_token] # Encryption is not supported on non-Windows platforms. if not is_windows: @@ -435,15 +441,12 @@ class DotNetLogin(NuGetBaseLogin): class NpmLogin(BaseLogin): - # On Windows we need to be explicit about the .cmd file to execute # (unless we execute through the shell, i.e. with shell=True). NPM_CMD = 'npm.cmd' if platform.system().lower() == 'windows' else 'npm' def login(self, dry_run=False): - scope = self.get_scope( - self.namespace - ) + scope = self.get_scope(self.namespace) commands = self.get_commands( self.repository_endpoint, self.auth_token, scope=scope ) @@ -465,7 +468,7 @@ class NpmLogin(BaseLogin): if namespace.startswith('@'): scope = namespace else: - scope = '@{}'.format(namespace) + scope = f'@{namespace}' if not valid_scope_name.match(scope): raise ValueError( @@ -481,27 +484,21 @@ class NpmLogin(BaseLogin): scope = kwargs.get('scope') # prepend scope if it exists - registry = '{}:registry'.format(scope) if scope else 'registry' + registry = f'{scope}:registry' if scope else 'registry' # set up the codeartifact repository as the npm registry. - commands.append( - [cls.NPM_CMD, 'config', 'set', registry, endpoint] - ) + commands.append([cls.NPM_CMD, 'config', 'set', registry, endpoint]) repo_uri = urlsplit(endpoint) # configure npm to always require auth for the repository. - always_auth_config = '//{}{}:always-auth'.format( - repo_uri.netloc, repo_uri.path - ) + always_auth_config = f'//{repo_uri.netloc}{repo_uri.path}:always-auth' commands.append( [cls.NPM_CMD, 'config', 'set', always_auth_config, 'true'] ) # set auth info for the repository. - auth_token_config = '//{}{}:_authToken'.format( - repo_uri.netloc, repo_uri.path - ) + auth_token_config = f'//{repo_uri.netloc}{repo_uri.path}:_authToken' commands.append( [cls.NPM_CMD, 'config', 'set', auth_token_config, auth_token] ) @@ -510,13 +507,10 @@ class NpmLogin(BaseLogin): class PipLogin(BaseLogin): - PIP_INDEX_URL_FMT = '{scheme}://aws:{auth_token}@{netloc}{path}simple/' def login(self, dry_run=False): - commands = self.get_commands( - self.repository_endpoint, self.auth_token - ) + commands = self.get_commands(self.repository_endpoint, self.auth_token) self._run_commands('pip', commands, dry_run) @classmethod @@ -526,14 +520,13 @@ class PipLogin(BaseLogin): scheme=repo_uri.scheme, auth_token=auth_token, netloc=repo_uri.netloc, - path=repo_uri.path + path=repo_uri.path, ) return [['pip', 'config', 'set', 'global.index-url', pip_index_url]] class TwineLogin(BaseLogin): - DEFAULT_PYPI_RC_FMT = '''\ [distutils] index-servers= @@ -553,14 +546,19 @@ password: {auth_token}''' domain, repository, subprocess_utils, - pypi_rc_path=None + pypi_rc_path=None, ): if pypi_rc_path is None: pypi_rc_path = self.get_pypi_rc_path() self.pypi_rc_path = pypi_rc_path super().__init__( - auth_token, expiration, repository_endpoint, - domain, repository, subprocess_utils) + auth_token, + expiration, + repository_endpoint, + domain, + repository, + subprocess_utils, + ) @classmethod def get_commands(cls, endpoint, auth_token, **kwargs): @@ -577,8 +575,7 @@ password: {auth_token}''' pypi_rc_path = kwargs['pypi_rc_path'] default_pypi_rc = cls.DEFAULT_PYPI_RC_FMT.format( - repository_endpoint=endpoint, - auth_token=auth_token + repository_endpoint=endpoint, auth_token=auth_token ) pypi_rc = RawConfigParser() @@ -624,7 +621,7 @@ password: {auth_token}''' pypi_rc_str = self.get_commands( self.repository_endpoint, self.auth_token, - pypi_rc_path=self.pypi_rc_path + pypi_rc_path=self.pypi_rc_path, ) if dry_run: @@ -681,7 +678,7 @@ class CodeArtifactLogin(BasicCommand): 'package_format': 'pypi', 'login_cls': TwineLogin, 'namespace_support': False, - } + }, } NAME = 'login' @@ -707,7 +704,7 @@ class CodeArtifactLogin(BasicCommand): { 'name': 'domain-owner', 'help_text': 'The AWS account ID that owns your CodeArtifact ' - 'domain', + 'domain', 'required': False, }, { @@ -719,7 +716,7 @@ class CodeArtifactLogin(BasicCommand): 'name': 'duration-seconds', 'cli_type_name': 'integer', 'help_text': 'The time, in seconds, that the login information ' - 'is valid', + 'is valid', 'required': False, }, { @@ -730,17 +727,17 @@ class CodeArtifactLogin(BasicCommand): { 'name': 'endpoint-type', 'help_text': 'The type of endpoint you want the tool to interact with', - 'required': False + 'required': False, }, { 'name': 'dry-run', 'action': 'store_true', 'help_text': 'Only print the commands that would be executed ' - 'to connect your tool with your repository without ' - 'making any changes to your configuration. Note that ' - 'this prints the unredacted auth token as part of the output', + 'to connect your tool with your repository without ' + 'making any changes to your configuration. Note that ' + 'this prints the unredacted auth token as part of the output', 'required': False, - 'default': False + 'default': False, }, ] @@ -749,7 +746,7 @@ class CodeArtifactLogin(BasicCommand): if not namespace_compatible and parsed_args.namespace: raise ValueError( - 'Argument --namespace is not supported for {}'.format(tool) + f'Argument --namespace is not supported for {tool}' ) else: return parsed_args.namespace @@ -760,30 +757,30 @@ class CodeArtifactLogin(BasicCommand): kwargs = { 'domain': parsed_args.domain, 'repository': parsed_args.repository, - 'format': package_format + 'format': package_format, } if parsed_args.endpoint_type: kwargs['endpointType'] = parsed_args.endpoint_type if parsed_args.domain_owner: kwargs['domainOwner'] = parsed_args.domain_owner - get_repository_endpoint_response = \ + get_repository_endpoint_response = ( codeartifact_client.get_repository_endpoint(**kwargs) + ) return get_repository_endpoint_response['repositoryEndpoint'] def _get_authorization_token(self, codeartifact_client, parsed_args): - kwargs = { - 'domain': parsed_args.domain - } + kwargs = {'domain': parsed_args.domain} if parsed_args.domain_owner: kwargs['domainOwner'] = parsed_args.domain_owner if parsed_args.duration_seconds: kwargs['durationSeconds'] = parsed_args.duration_seconds - get_authorization_token_response = \ + get_authorization_token_response = ( codeartifact_client.get_authorization_token(**kwargs) + ) return get_authorization_token_response @@ -811,8 +808,13 @@ class CodeArtifactLogin(BasicCommand): auth_token = auth_token_res['authorizationToken'] expiration = parse_timestamp(auth_token_res['expiration']) login = self.TOOL_MAP[tool]['login_cls']( - auth_token, expiration, repository_endpoint, - domain, repository, subprocess, namespace + auth_token, + expiration, + repository_endpoint, + domain, + repository, + subprocess, + namespace, ) login.login(parsed_args.dry_run) diff -pruN 2.23.6-1/awscli/customizations/codecommit.py 2.31.35-1/awscli/customizations/codecommit.py --- 2.23.6-1/awscli/customizations/codecommit.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codecommit.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,18 +11,19 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import datetime +import fileinput +import logging import os import re import sys -import logging -import fileinput -import datetime from botocore.auth import SigV4Auth from botocore.awsrequest import AWSRequest from botocore.compat import urlsplit -from awscli.customizations.commands import BasicCommand + from awscli.compat import NonTranslatedStdout +from awscli.customizations.commands import BasicCommand logger = logging.getLogger('botocore.credentials') @@ -43,9 +44,10 @@ def inject_commands(command_table, sessi class CodeCommitNoOpStoreCommand(BasicCommand): NAME = 'store' - DESCRIPTION = ('This operation does nothing, credentials' - ' are calculated each time') - SYNOPSIS = ('aws codecommit credential-helper store') + DESCRIPTION = ( + 'This operation does nothing, credentials are calculated each time' + ) + SYNOPSIS = 'aws codecommit credential-helper store' EXAMPLES = '' _UNDOCUMENTED = True @@ -55,9 +57,8 @@ class CodeCommitNoOpStoreCommand(BasicCo class CodeCommitNoOpEraseCommand(BasicCommand): NAME = 'erase' - DESCRIPTION = ('This operation does nothing, no credentials' - ' are ever stored') - SYNOPSIS = ('aws codecommit credential-helper erase') + DESCRIPTION = 'This operation does nothing, no credentials are ever stored' + SYNOPSIS = 'aws codecommit credential-helper erase' EXAMPLES = '' _UNDOCUMENTED = True @@ -67,16 +68,20 @@ class CodeCommitNoOpEraseCommand(BasicCo class CodeCommitGetCommand(BasicCommand): NAME = 'get' - DESCRIPTION = ('get a username SigV4 credential pair' - ' based on protocol, host and path provided' - ' from standard in. This is primarily' - ' called by git to generate credentials to' - ' authenticate against AWS CodeCommit') - SYNOPSIS = ('aws codecommit credential-helper get') - EXAMPLES = (r'echo -e "protocol=https\\n' - r'path=/v1/repos/myrepo\\n' - 'host=git-codecommit.us-east-1.amazonaws.com"' - ' | aws codecommit credential-helper get') + DESCRIPTION = ( + 'get a username SigV4 credential pair' + ' based on protocol, host and path provided' + ' from standard in. This is primarily' + ' called by git to generate credentials to' + ' authenticate against AWS CodeCommit' + ) + SYNOPSIS = 'aws codecommit credential-helper get' + EXAMPLES = ( + r'echo -e "protocol=https\\n' + r'path=/v1/repos/myrepo\\n' + 'host=git-codecommit.us-east-1.amazonaws.com"' + ' | aws codecommit credential-helper get' + ) ARG_TABLE = [ { 'name': 'ignore-host-check', @@ -86,18 +91,20 @@ class CodeCommitGetCommand(BasicCommand) 'help_text': ( 'Optional. Generate credentials regardless of whether' ' the domain is an Amazon domain.' - ) - } - ] + ), + } + ] def __init__(self, session): super(CodeCommitGetCommand, self).__init__(session) def _run_main(self, args, parsed_globals): git_parameters = self.read_git_parameters() - if ('amazon.com' in git_parameters['host'] or - 'amazonaws.com' in git_parameters['host'] or - args.ignore_host_check): + if ( + 'amazon.com' in git_parameters['host'] + or 'amazonaws.com' in git_parameters['host'] + or args.ignore_host_check + ): theUrl = self.extract_url(git_parameters) region = self.extract_region(git_parameters, parsed_globals) signature = self.sign_request(region, theUrl) @@ -111,9 +118,9 @@ class CodeCommitGetCommand(BasicCommand) # Python will add a \r to the line ending for a text stdout in Windows. # Git does not like the \r, so switch to binary with NonTranslatedStdout() as binary_stdout: - binary_stdout.write('username={0}\n'.format(username)) + binary_stdout.write(f'username={username}\n') logger.debug('username\n%s', username) - binary_stdout.write('password={0}\n'.format(signature)) + binary_stdout.write(f'password={signature}\n') # need to explicitly flush the buffer here, # before we turn the stream back to text for windows binary_stdout.flush() @@ -129,14 +136,16 @@ class CodeCommitGetCommand(BasicCommand) return parsed def extract_url(self, parameters): - url = '{0}://{1}/{2}'.format(parameters['protocol'], - parameters['host'], - parameters['path']) + url = '{0}://{1}/{2}'.format( + parameters['protocol'], parameters['host'], parameters['path'] + ) return url def extract_region(self, parameters, parsed_globals): - match = re.match(r'(vpce-.+\.)?git-codecommit(-fips)?\.([^.]+)\.(vpce\.)?amazonaws\.com', - parameters['host']) + match = re.match( + r'(vpce-.+\.)?git-codecommit(-fips)?\.([^.]+)\.(vpce\.)?amazonaws\.com', + parameters['host'], + ) if match is not None: return match.group(3) elif parsed_globals.region is not None: @@ -155,10 +164,9 @@ class CodeCommitGetCommand(BasicCommand) split = urlsplit(request.url) # we don't want to include the port number in the signature hostname = split.netloc.split(':')[0] - canonical_request = '{0}\n{1}\n\nhost:{2}\n\nhost\n'.format( - request.method, - split.path, - hostname) + canonical_request = ( + f'{request.method}\n{split.path}\n\nhost:{hostname}\n\nhost\n' + ) logger.debug("Calculating signature using v4 auth.") logger.debug('CanonicalRequest:\n%s', canonical_request) string_to_sign = signer.string_to_sign(request, canonical_request) @@ -170,7 +178,7 @@ class CodeCommitGetCommand(BasicCommand) class CodeCommitCommand(BasicCommand): NAME = 'credential-helper' - SYNOPSIS = ('aws codecommit credential-helper') + SYNOPSIS = 'aws codecommit credential-helper' EXAMPLES = '' SUBCOMMANDS = [ @@ -178,14 +186,16 @@ class CodeCommitCommand(BasicCommand): {'name': 'store', 'command_class': CodeCommitNoOpStoreCommand}, {'name': 'erase', 'command_class': CodeCommitNoOpEraseCommand}, ] - DESCRIPTION = ('Provide a SigV4 compatible user name and' - ' password for git smart HTTP ' - ' These commands are consumed by git and' - ' should not used directly. Erase and Store' - ' are no-ops. Get is operation to generate' - ' credentials to authenticate AWS CodeCommit.' - ' Run \"aws codecommit credential-helper help\"' - ' for details') + DESCRIPTION = ( + 'Provide a SigV4 compatible user name and' + ' password for git smart HTTP ' + ' These commands are consumed by git and' + ' should not used directly. Erase and Store' + ' are no-ops. Get is operation to generate' + ' credentials to authenticate AWS CodeCommit.' + ' Run "aws codecommit credential-helper help"' + ' for details' + ) def _run_main(self, args, parsed_globals): self._raise_usage_error() diff -pruN 2.23.6-1/awscli/customizations/codedeploy/codedeploy.py 2.31.35-1/awscli/customizations/codedeploy/codedeploy.py --- 2.23.6-1/awscli/customizations/codedeploy/codedeploy.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/codedeploy.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,12 +12,13 @@ # language governing permissions and limitations under the License. from awscli.customizations import utils -from awscli.customizations.codedeploy.locationargs import \ - modify_revision_arguments -from awscli.customizations.codedeploy.push import Push -from awscli.customizations.codedeploy.register import Register from awscli.customizations.codedeploy.deregister import Deregister from awscli.customizations.codedeploy.install import Install +from awscli.customizations.codedeploy.locationargs import ( + modify_revision_arguments, +) +from awscli.customizations.codedeploy.push import Push +from awscli.customizations.codedeploy.register import Register from awscli.customizations.codedeploy.uninstall import Uninstall @@ -25,25 +26,19 @@ def initialize(cli): """ The entry point for CodeDeploy high level commands. """ - cli.register( - 'building-command-table.main', - change_name - ) - cli.register( - 'building-command-table.deploy', - inject_commands - ) + cli.register('building-command-table.main', change_name) + cli.register('building-command-table.deploy', inject_commands) cli.register( 'building-argument-table.deploy.get-application-revision', - modify_revision_arguments + modify_revision_arguments, ) cli.register( 'building-argument-table.deploy.register-application-revision', - modify_revision_arguments + modify_revision_arguments, ) cli.register( 'building-argument-table.deploy.create-deployment', - modify_revision_arguments + modify_revision_arguments, ) diff -pruN 2.23.6-1/awscli/customizations/codedeploy/deregister.py 2.31.35-1/awscli/customizations/codedeploy/deregister.py --- 2.23.6-1/awscli/customizations/codedeploy/deregister.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/deregister.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,9 +15,12 @@ import sys from botocore.exceptions import ClientError +from awscli.customizations.codedeploy.utils import ( + INSTANCE_NAME_ARG, + validate_instance_name, + validate_region, +) from awscli.customizations.commands import BasicCommand -from awscli.customizations.codedeploy.utils import \ - validate_region, validate_instance_name, INSTANCE_NAME_ARG class Deregister(BasicCommand): @@ -38,8 +41,8 @@ class Deregister(BasicCommand): 'help_text': ( 'Optional. Do not delete the IAM user for the registered ' 'on-premises instance.' - ) - } + ), + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -52,11 +55,10 @@ class Deregister(BasicCommand): 'codedeploy', region_name=params.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) self.iam = self._session.create_client( - 'iam', - region_name=params.region + 'iam', region_name=params.region ) try: @@ -77,11 +79,11 @@ class Deregister(BasicCommand): sys.stdout.flush() sys.stderr.write( 'ERROR\n' - '{0}\n' + f'{e}\n' 'Deregister the on-premises instance by following the ' 'instructions in "Configure Existing On-Premises Instances by ' 'Using AWS CodeDeploy" in the AWS CodeDeploy User ' - 'Guide.\n'.format(e) + 'Guide.\n' ) return 255 return 0 @@ -95,12 +97,7 @@ class Deregister(BasicCommand): start = params.iam_user_arn.rfind('/') + 1 params.user_name = params.iam_user_arn[start:] params.tags = response['instanceInfo']['tags'] - sys.stdout.write( - 'DONE\n' - 'IamUserArn: {0}\n'.format( - params.iam_user_arn - ) - ) + sys.stdout.write(f'DONE\nIamUserArn: {params.iam_user_arn}\n') if params.tags: sys.stdout.write('Tags:') for tag in params.tags: @@ -112,8 +109,7 @@ class Deregister(BasicCommand): def _remove_tags(self, params): sys.stdout.write('Removing tags from the on-premises instance... ') self.codedeploy.remove_tags_from_on_premises_instances( - tags=params.tags, - instanceNames=[params.instance_name] + tags=params.tags, instanceNames=[params.instance_name] ) sys.stdout.write('DONE\n') @@ -129,11 +125,11 @@ class Deregister(BasicCommand): list_user_policies = self.iam.get_paginator('list_user_policies') try: for response in list_user_policies.paginate( - UserName=params.user_name): + UserName=params.user_name + ): for policy_name in response['PolicyNames']: self.iam.delete_user_policy( - UserName=params.user_name, - PolicyName=policy_name + UserName=params.user_name, PolicyName=policy_name ) except ClientError as e: if e.response.get('Error', {}).get('Code') != 'NoSuchEntity': @@ -145,11 +141,12 @@ class Deregister(BasicCommand): list_access_keys = self.iam.get_paginator('list_access_keys') try: for response in list_access_keys.paginate( - UserName=params.user_name): + UserName=params.user_name + ): for access_key in response['AccessKeyMetadata']: self.iam.delete_access_key( UserName=params.user_name, - AccessKeyId=access_key['AccessKeyId'] + AccessKeyId=access_key['AccessKeyId'], ) except ClientError as e: if e.response.get('Error', {}).get('Code') != 'NoSuchEntity': @@ -157,9 +154,7 @@ class Deregister(BasicCommand): sys.stdout.write('DONE\n') def _delete_iam_user(self, params): - sys.stdout.write('Deleting the IAM user ({0})... '.format( - params.user_name - )) + sys.stdout.write(f'Deleting the IAM user ({params.user_name})... ') try: self.iam.delete_user(UserName=params.user_name) except ClientError as e: diff -pruN 2.23.6-1/awscli/customizations/codedeploy/install.py 2.31.35-1/awscli/customizations/codedeploy/install.py --- 2.23.6-1/awscli/customizations/codedeploy/install.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/install.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,9 +16,12 @@ import os import shutil import sys +from awscli.customizations.codedeploy.utils import ( + validate_instance, + validate_region, + validate_s3_location, +) from awscli.customizations.commands import BasicCommand -from awscli.customizations.codedeploy.utils import \ - validate_region, validate_s3_location, validate_instance class Install(BasicCommand): @@ -37,7 +40,7 @@ class Install(BasicCommand): 'help_text': ( 'Required. The path to the on-premises instance configuration ' 'file.' - ) + ), }, { 'name': 'override-config', @@ -46,7 +49,7 @@ class Install(BasicCommand): 'help_text': ( 'Optional. Overrides the on-premises instance configuration ' 'file.' - ) + ), }, { 'name': 'agent-installer', @@ -54,8 +57,8 @@ class Install(BasicCommand): 'required': False, 'help_text': ( 'Optional. The AWS CodeDeploy Agent installer file.' - ) - } + ), + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -74,18 +77,20 @@ class Install(BasicCommand): sys.stdout.flush() sys.stderr.write( 'ERROR\n' - '{0}\n' + f'{e}\n' 'Install the AWS CodeDeploy Agent on the on-premises instance ' 'by following the instructions in "Configure Existing ' 'On-Premises Instances by Using AWS CodeDeploy" in the AWS ' - 'CodeDeploy User Guide.\n'.format(e) + 'CodeDeploy User Guide.\n' ) return 255 return 0 def _validate_override_config(self, params): - if os.path.isfile(params.system.CONFIG_PATH) and \ - not params.override_config: + if ( + os.path.isfile(params.system.CONFIG_PATH) + and not params.override_config + ): raise RuntimeError( 'The on-premises instance configuration file already exists. ' 'Specify --override-config to update the existing on-premises ' @@ -95,9 +100,9 @@ class Install(BasicCommand): def _validate_agent_installer(self, params): validate_s3_location(params, 'agent_installer') if 'bucket' not in params: - params.bucket = 'aws-codedeploy-{0}'.format(params.region) + params.bucket = f'aws-codedeploy-{params.region}' if 'key' not in params: - params.key = 'latest/{0}'.format(params.system.INSTALLER) + params.key = f'latest/{params.system.INSTALLER}' params.installer = params.system.INSTALLER else: start = params.key.rfind('/') + 1 diff -pruN 2.23.6-1/awscli/customizations/codedeploy/locationargs.py 2.31.35-1/awscli/customizations/codedeploy/locationargs.py --- 2.23.6-1/awscli/customizations/codedeploy/locationargs.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/locationargs.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,8 +12,7 @@ # language governing permissions and limitations under the License. from awscli.argprocess import unpack_cli_arg -from awscli.arguments import CustomArgument -from awscli.arguments import create_argument_model_from_schema +from awscli.arguments import CustomArgument, create_argument_model_from_schema from awscli.customizations.exceptions import ParamValidationError S3_LOCATION_ARG_DESCRIPTION = { @@ -23,7 +22,7 @@ S3_LOCATION_ARG_DESCRIPTION = { 'Information about the location of the application revision in Amazon ' 'S3. You must specify the bucket, the key, and bundleType. ' 'Optionally, you can also specify an eTag and version.' - ) + ), } S3_LOCATION_SCHEMA = { @@ -32,30 +31,30 @@ S3_LOCATION_SCHEMA = { "bucket": { "type": "string", "description": "The Amazon S3 bucket name.", - "required": True + "required": True, }, "key": { "type": "string", "description": "The Amazon S3 object key name.", - "required": True + "required": True, }, "bundleType": { "type": "string", "description": "The format of the bundle stored in Amazon S3.", "enum": ["tar", "tgz", "zip"], - "required": True + "required": True, }, "eTag": { "type": "string", "description": "The Amazon S3 object eTag.", - "required": False + "required": False, }, "version": { "type": "string", "description": "The Amazon S3 object version.", - "required": False - } - } + "required": False, + }, + }, } GITHUB_LOCATION_ARG_DESCRIPTION = { @@ -67,7 +66,7 @@ GITHUB_LOCATION_ARG_DESCRIPTION = { 'references the application revision. For the repository, use the ' 'format GitHub-account/repository-name or GitHub-org/repository-name. ' 'For the commit ID, use the SHA1 Git commit reference.' - ) + ), } GITHUB_LOCATION_SCHEMA = { @@ -79,32 +78,28 @@ GITHUB_LOCATION_SCHEMA = { "The GitHub account or organization and repository. Specify " "as GitHub-account/repository or GitHub-org/repository." ), - "required": True + "required": True, }, "commitId": { "type": "string", "description": "The SHA1 Git commit reference.", - "required": True - } - } + "required": True, + }, + }, } def modify_revision_arguments(argument_table, session, **kwargs): s3_model = create_argument_model_from_schema(S3_LOCATION_SCHEMA) - argument_table[S3_LOCATION_ARG_DESCRIPTION['name']] = ( - S3LocationArgument( - argument_model=s3_model, - session=session, - **S3_LOCATION_ARG_DESCRIPTION - ) + argument_table[S3_LOCATION_ARG_DESCRIPTION['name']] = S3LocationArgument( + argument_model=s3_model, session=session, **S3_LOCATION_ARG_DESCRIPTION ) github_model = create_argument_model_from_schema(GITHUB_LOCATION_SCHEMA) argument_table[GITHUB_LOCATION_ARG_DESCRIPTION['name']] = ( GitHubLocationArgument( argument_model=github_model, session=session, - **GITHUB_LOCATION_ARG_DESCRIPTION + **GITHUB_LOCATION_ARG_DESCRIPTION, ) ) argument_table['revision'].required = False @@ -123,7 +118,7 @@ class LocationArgument(CustomArgument): param=self.argument_model, cli_argument=self, value=value, - operation=None + operation=None, ) if parsed is None: parsed = unpack_cli_arg(self, value) @@ -149,8 +144,8 @@ class S3LocationArgument(LocationArgumen "s3Location": { "bucket": value_dict['bucket'], "key": value_dict['key'], - "bundleType": value_dict['bundleType'] - } + "bundleType": value_dict['bundleType'], + }, } if 'eTag' in value_dict: revision['s3Location']['eTag'] = value_dict['eTag'] @@ -171,6 +166,6 @@ class GitHubLocationArgument(LocationArg "revisionType": "GitHub", "gitHubLocation": { "repository": value_dict['repository'], - "commitId": value_dict['commitId'] - } + "commitId": value_dict['commitId'], + }, } diff -pruN 2.23.6-1/awscli/customizations/codedeploy/push.py 2.31.35-1/awscli/customizations/codedeploy/push.py --- 2.23.6-1/awscli/customizations/codedeploy/push.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/push.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,20 +11,19 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import contextlib import os import sys -import zipfile import tempfile -import contextlib +import zipfile from datetime import datetime from botocore.exceptions import ClientError +from awscli.compat import ZIP_COMPRESSION_MODE, BytesIO from awscli.customizations.codedeploy.utils import validate_s3_location from awscli.customizations.commands import BasicCommand from awscli.customizations.exceptions import ParamValidationError -from awscli.compat import BytesIO, ZIP_COMPRESSION_MODE - ONE_MB = 1 << 20 MULTIPART_LIMIT = 6 * ONE_MB @@ -51,7 +50,7 @@ class Push(BasicCommand): 'help_text': ( 'Required. The name of the AWS CodeDeploy application to be ' 'associated with the application revision.' - ) + ), }, { 'name': 's3-location', @@ -63,7 +62,7 @@ class Push(BasicCommand): r'a bucket and a key that represent the Amazon S3 bucket name ' r'and the object key name. Content will be zipped before ' r'uploading. Use the format s3://\/\' - ) + ), }, { 'name': 'ignore-hidden-files', @@ -75,13 +74,13 @@ class Push(BasicCommand): 'and upload hidden files to Amazon S3; otherwise, set the ' '--no-ignore-hidden-files flag (the default) to bundle and ' 'upload hidden files to Amazon S3.' - ) + ), }, { 'name': 'no-ignore-hidden-files', 'action': 'store_true', 'default': False, - 'group_name': 'ignore-hidden-files' + 'group_name': 'ignore-hidden-files', }, { 'name': 'source', @@ -92,7 +91,7 @@ class Push(BasicCommand): 'accompanying AppSpec file on the development machine to be ' 'zipped and uploaded to Amazon S3. If not specified, the ' 'current directory is used.' - ) + ), }, { 'name': 'description', @@ -102,8 +101,8 @@ class Push(BasicCommand): 'revision. If not specified, the default string "Uploaded by ' 'AWS CLI \'time\' UTC" is used, where \'time\' is the current ' 'system time in Coordinated Universal Time (UTC).' - ) - } + ), + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -112,34 +111,32 @@ class Push(BasicCommand): 'codedeploy', region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) self.s3 = self._session.create_client( - 's3', - region_name=parsed_globals.region + 's3', region_name=parsed_globals.region ) self._push(parsed_args) return 0 def _validate_args(self, parsed_args): validate_s3_location(parsed_args, 's3_location') - if parsed_args.ignore_hidden_files \ - and parsed_args.no_ignore_hidden_files: + if ( + parsed_args.ignore_hidden_files + and parsed_args.no_ignore_hidden_files + ): raise ParamValidationError( 'You cannot specify both --ignore-hidden-files and ' '--no-ignore-hidden-files.' ) if not parsed_args.description: parsed_args.description = ( - 'Uploaded by AWS CLI {0} UTC'.format( - datetime.utcnow().isoformat() - ) + f'Uploaded by AWS CLI {datetime.utcnow().isoformat()} UTC' ) def _push(self, params): with self._compress( - params.source, - params.ignore_hidden_files + params.source, params.ignore_hidden_files ) as bundle: try: upload_response = self._upload_to_s3(params, bundle) @@ -148,36 +145,26 @@ class Push(BasicCommand): params.version = upload_response['VersionId'] except Exception as e: raise RuntimeError( - 'Failed to upload \'%s\' to \'%s\': %s' % - (params.source, - params.s3_location, - str(e)) + 'Failed to upload \'%s\' to \'%s\': %s' + % (params.source, params.s3_location, str(e)) ) self._register_revision(params) if 'version' in params: - version_string = ',version={0}'.format(params.version) + version_string = f',version={params.version}' else: version_string = '' s3location_string = ( - '--s3-location bucket={0},key={1},' - 'bundleType=zip,eTag={2}{3}'.format( - params.bucket, - params.key, - params.eTag, - version_string - ) + f'--s3-location bucket={params.bucket},key={params.key},' + f'bundleType=zip,eTag={params.eTag}{version_string}' ) sys.stdout.write( 'To deploy with this revision, run:\n' 'aws deploy create-deployment ' - '--application-name {0} {1} ' + f'--application-name {params.application_name} {s3location_string} ' '--deployment-group-name ' '--deployment-config-name ' - '--description \n'.format( - params.application_name, - s3location_string - ) + '--description \n' ) @contextlib.contextmanager @@ -197,14 +184,12 @@ class Push(BasicCommand): for fn in files: filename = os.path.join(root, fn) filename = os.path.abspath(filename) - arcname = filename[len(source_path) + 1:] + arcname = filename[len(source_path) + 1 :] if filename == appspec_path: contains_appspec = True zf.write(filename, arcname, ZIP_COMPRESSION_MODE) if not contains_appspec: - raise RuntimeError( - '{0} was not found'.format(appspec_path) - ) + raise RuntimeError(f'{appspec_path} was not found') finally: zf.close() yield tf @@ -213,16 +198,10 @@ class Push(BasicCommand): size_remaining = self._bundle_size(bundle) if size_remaining < MULTIPART_LIMIT: return self.s3.put_object( - Bucket=params.bucket, - Key=params.key, - Body=bundle + Bucket=params.bucket, Key=params.key, Body=bundle ) else: - return self._multipart_upload_to_s3( - params, - bundle, - size_remaining - ) + return self._multipart_upload_to_s3(params, bundle, size_remaining) def _bundle_size(self, bundle): bundle.seek(0, 2) @@ -232,8 +211,7 @@ class Push(BasicCommand): def _multipart_upload_to_s3(self, params, bundle, size_remaining): create_response = self.s3.create_multipart_upload( - Bucket=params.bucket, - Key=params.key + Bucket=params.bucket, Key=params.key ) upload_id = create_response['UploadId'] try: @@ -247,25 +225,22 @@ class Push(BasicCommand): Key=params.key, UploadId=upload_id, PartNumber=part_num, - Body=BytesIO(data) + Body=BytesIO(data), + ) + multipart_list.append( + {'PartNumber': part_num, 'ETag': upload_response['ETag']} ) - multipart_list.append({ - 'PartNumber': part_num, - 'ETag': upload_response['ETag'] - }) part_num += 1 size_remaining -= len(data) return self.s3.complete_multipart_upload( Bucket=params.bucket, Key=params.key, UploadId=upload_id, - MultipartUpload={'Parts': multipart_list} + MultipartUpload={'Parts': multipart_list}, ) except ClientError as e: self.s3.abort_multipart_upload( - Bucket=params.bucket, - Key=params.key, - UploadId=upload_id + Bucket=params.bucket, Key=params.key, UploadId=upload_id ) raise e @@ -276,13 +251,13 @@ class Push(BasicCommand): 'bucket': params.bucket, 'key': params.key, 'bundleType': 'zip', - 'eTag': params.eTag - } + 'eTag': params.eTag, + }, } if 'version' in params: revision['s3Location']['version'] = params.version self.codedeploy.register_application_revision( applicationName=params.application_name, revision=revision, - description=params.description + description=params.description, ) diff -pruN 2.23.6-1/awscli/customizations/codedeploy/register.py 2.31.35-1/awscli/customizations/codedeploy/register.py --- 2.23.6-1/awscli/customizations/codedeploy/register.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/register.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,11 +13,16 @@ import sys -from awscli.customizations.commands import BasicCommand from awscli.customizations.codedeploy.systems import DEFAULT_CONFIG_FILE -from awscli.customizations.codedeploy.utils import \ - validate_region, validate_instance_name, validate_tags, \ - validate_iam_user_arn, INSTANCE_NAME_ARG, IAM_USER_ARN_ARG +from awscli.customizations.codedeploy.utils import ( + IAM_USER_ARN_ARG, + INSTANCE_NAME_ARG, + validate_iam_user_arn, + validate_instance_name, + validate_region, + validate_tags, +) +from awscli.customizations.commands import BasicCommand class Register(BasicCommand): @@ -38,15 +43,15 @@ class Register(BasicCommand): "Key": { "description": "The tag key.", "type": "string", - "required": True + "required": True, }, "Value": { "description": "The tag value.", "type": "string", - "required": True - } - } - } + "required": True, + }, + }, + }, } ARG_TABLE = [ @@ -60,9 +65,9 @@ class Register(BasicCommand): 'help_text': ( 'Optional. The list of key/value pairs to tag the on-premises ' 'instance.' - ) + ), }, - IAM_USER_ARN_ARG + IAM_USER_ARN_ARG, ] def _run_main(self, parsed_args, parsed_globals): @@ -77,11 +82,10 @@ class Register(BasicCommand): 'codedeploy', region_name=params.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) self.iam = self._session.create_client( - 'iam', - region_name=params.region + 'iam', region_name=params.region ) try: @@ -94,23 +98,21 @@ class Register(BasicCommand): if params.tags: self._add_tags(params) sys.stdout.write( - 'Copy the on-premises configuration file named {0} to the ' + f'Copy the on-premises configuration file named {DEFAULT_CONFIG_FILE} to the ' 'on-premises instance, and run the following command on the ' 'on-premises instance to install and configure the AWS ' 'CodeDeploy Agent:\n' - 'aws deploy install --config-file {0}\n'.format( - DEFAULT_CONFIG_FILE - ) + f'aws deploy install --config-file {DEFAULT_CONFIG_FILE}\n' ) except Exception as e: sys.stdout.flush() sys.stderr.write( 'ERROR\n' - '{0}\n' + f'{e}\n' 'Register the on-premises instance by following the ' 'instructions in "Configure Existing On-Premises Instances by ' 'Using AWS CodeDeploy" in the AWS CodeDeploy User ' - 'Guide.\n'.format(e) + 'Guide.\n' ) return 255 return 0 @@ -119,31 +121,18 @@ class Register(BasicCommand): sys.stdout.write('Creating the IAM user... ') params.user_name = params.instance_name response = self.iam.create_user( - Path='/AWS/CodeDeploy/', - UserName=params.user_name + Path='/AWS/CodeDeploy/', UserName=params.user_name ) params.iam_user_arn = response['User']['Arn'] - sys.stdout.write( - 'DONE\n' - 'IamUserArn: {0}\n'.format( - params.iam_user_arn - ) - ) + sys.stdout.write(f'DONE\nIamUserArn: {params.iam_user_arn}\n') def _create_access_key(self, params): sys.stdout.write('Creating the IAM user access key... ') - response = self.iam.create_access_key( - UserName=params.user_name - ) + response = self.iam.create_access_key(UserName=params.user_name) params.access_key_id = response['AccessKey']['AccessKeyId'] params.secret_access_key = response['AccessKey']['SecretAccessKey'] sys.stdout.write( - 'DONE\n' - 'AccessKeyId: {0}\n' - 'SecretAccessKey: {1}\n'.format( - params.access_key_id, - params.secret_access_key - ) + f'DONE\nAccessKeyId: {params.access_key_id}\nSecretAccessKey: {params.secret_access_key}\n' ) def _create_user_policy(self, params): @@ -162,49 +151,37 @@ class Register(BasicCommand): self.iam.put_user_policy( UserName=params.user_name, PolicyName=params.policy_name, - PolicyDocument=params.policy_document + PolicyDocument=params.policy_document, ) sys.stdout.write( - 'DONE\n' - 'PolicyName: {0}\n' - 'PolicyDocument: {1}\n'.format( - params.policy_name, - params.policy_document - ) + f'DONE\nPolicyName: {params.policy_name}\nPolicyDocument: {params.policy_document}\n' ) def _create_config(self, params): sys.stdout.write( - 'Creating the on-premises instance configuration file named {0}' - '...'.format(DEFAULT_CONFIG_FILE) + f'Creating the on-premises instance configuration file named {DEFAULT_CONFIG_FILE}' + '...' ) with open(DEFAULT_CONFIG_FILE, 'w') as f: f.write( '---\n' - 'region: {0}\n' - 'iam_user_arn: {1}\n' - 'aws_access_key_id: {2}\n' - 'aws_secret_access_key: {3}\n'.format( - params.region, - params.iam_user_arn, - params.access_key_id, - params.secret_access_key - ) + f'region: {params.region}\n' + f'iam_user_arn: {params.iam_user_arn}\n' + f'aws_access_key_id: {params.access_key_id}\n' + f'aws_secret_access_key: {params.secret_access_key}\n' ) sys.stdout.write('DONE\n') def _register_instance(self, params): sys.stdout.write('Registering the on-premises instance... ') self.codedeploy.register_on_premises_instance( - instanceName=params.instance_name, - iamUserArn=params.iam_user_arn + instanceName=params.instance_name, iamUserArn=params.iam_user_arn ) sys.stdout.write('DONE\n') def _add_tags(self, params): sys.stdout.write('Adding tags to the on-premises instance... ') self.codedeploy.add_tags_to_on_premises_instances( - tags=params.tags, - instanceNames=[params.instance_name] + tags=params.tags, instanceNames=[params.instance_name] ) sys.stdout.write('DONE\n') diff -pruN 2.23.6-1/awscli/customizations/codedeploy/systems.py 2.31.35-1/awscli/customizations/codedeploy/systems.py --- 2.23.6-1/awscli/customizations/codedeploy/systems.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/systems.py 2025-11-12 19:17:29.000000000 +0000 @@ -26,10 +26,7 @@ class System: def __init__(self, params): self.session = params.session - self.s3 = self.session.create_client( - 's3', - region_name=params.region - ) + self.s3 = self.session.create_client('s3', region_name=params.region) def validate_administrator(self): raise NotImplementedError('validate_administrator') @@ -44,7 +41,7 @@ class System: class Windows(System): CONFIG_DIR = r'C:\ProgramData\Amazon\CodeDeploy' CONFIG_FILE = 'conf.onpremises.yml' - CONFIG_PATH = r'{0}\{1}'.format(CONFIG_DIR, CONFIG_FILE) + CONFIG_PATH = rf'{CONFIG_DIR}\{CONFIG_FILE}' INSTALLER = 'codedeploy-agent.msi' def validate_administrator(self): @@ -60,11 +57,13 @@ class Windows(System): process = subprocess.Popen( [ 'powershell.exe', - '-Command', 'Stop-Service', - '-Name', 'codedeployagent' + '-Command', + 'Stop-Service', + '-Name', + 'codedeployagent', ], stdout=subprocess.PIPE, - stderr=subprocess.PIPE + stderr=subprocess.PIPE, ) (output, error) = process.communicate() not_found = ( @@ -72,7 +71,7 @@ class Windows(System): ) if process.returncode != 0 and not_found not in error: raise RuntimeError( - 'Failed to stop the AWS CodeDeploy Agent:\n{0}'.format(error) + f'Failed to stop the AWS CodeDeploy Agent:\n{error}' ) response = self.s3.get_object(Bucket=params.bucket, Key=params.key) @@ -81,26 +80,33 @@ class Windows(System): subprocess.check_call( [ - r'.\{0}'.format(self.INSTALLER), + rf'.\{self.INSTALLER}', '/quiet', - '/l', r'.\codedeploy-agent-install-log.txt' + '/l', + r'.\codedeploy-agent-install-log.txt', ], - shell=True + shell=True, + ) + subprocess.check_call( + [ + 'powershell.exe', + '-Command', + 'Restart-Service', + '-Name', + 'codedeployagent', + ] ) - subprocess.check_call([ - 'powershell.exe', - '-Command', 'Restart-Service', - '-Name', 'codedeployagent' - ]) process = subprocess.Popen( [ 'powershell.exe', - '-Command', 'Get-Service', - '-Name', 'codedeployagent' + '-Command', + 'Get-Service', + '-Name', + 'codedeployagent', ], stdout=subprocess.PIPE, - stderr=subprocess.PIPE + stderr=subprocess.PIPE, ) (output, error) = process.communicate() if "Running" not in output: @@ -112,11 +118,13 @@ class Windows(System): process = subprocess.Popen( [ 'powershell.exe', - '-Command', 'Stop-Service', - '-Name', 'codedeployagent' + '-Command', + 'Stop-Service', + '-Name', + 'codedeployagent', ], stdout=subprocess.PIPE, - stderr=subprocess.PIPE + stderr=subprocess.PIPE, ) (output, error) = process.communicate() not_found = ( @@ -126,32 +134,34 @@ class Windows(System): self._remove_agent() elif not_found not in error: raise RuntimeError( - 'Failed to stop the AWS CodeDeploy Agent:\n{0}'.format(error) + f'Failed to stop the AWS CodeDeploy Agent:\n{error}' ) def _remove_agent(self): process = subprocess.Popen( [ 'wmic', - 'product', 'where', 'name="CodeDeploy Host Agent"', - 'call', 'uninstall', '/nointeractive' + 'product', + 'where', + 'name="CodeDeploy Host Agent"', + 'call', + 'uninstall', + '/nointeractive', ], stdout=subprocess.PIPE, - stderr=subprocess.PIPE + stderr=subprocess.PIPE, ) (output, error) = process.communicate() if process.returncode != 0: raise RuntimeError( - 'Failed to uninstall the AWS CodeDeploy Agent:\n{0}'.format( - error - ) + f'Failed to uninstall the AWS CodeDeploy Agent:\n{error}' ) class Linux(System): CONFIG_DIR = '/etc/codedeploy-agent/conf' CONFIG_FILE = DEFAULT_CONFIG_FILE - CONFIG_PATH = '{0}/{1}'.format(CONFIG_DIR, CONFIG_FILE) + CONFIG_PATH = f'{CONFIG_DIR}/{CONFIG_FILE}' INSTALLER = 'install' def validate_administrator(self): @@ -169,9 +179,7 @@ class Linux(System): with open(self.INSTALLER, 'wb') as f: f.write(response['Body'].read()) - subprocess.check_call( - ['chmod', '+x', './{0}'.format(self.INSTALLER)] - ) + subprocess.check_call(['chmod', '+x', f'./{self.INSTALLER}']) credentials = self.session.get_credentials() environment = os.environ.copy() @@ -180,10 +188,7 @@ class Linux(System): environment['AWS_SECRET_ACCESS_KEY'] = credentials.secret_key if credentials.token is not None: environment['AWS_SESSION_TOKEN'] = credentials.token - subprocess.check_call( - ['./{0}'.format(self.INSTALLER), 'auto'], - env=environment - ) + subprocess.check_call([f'./{self.INSTALLER}', 'auto'], env=environment) def uninstall(self, params): process = self._stop_agent(params) @@ -200,12 +205,12 @@ class Linux(System): process = subprocess.Popen( ['service', 'codedeploy-agent', 'stop'], stdout=subprocess.PIPE, - stderr=subprocess.PIPE + stderr=subprocess.PIPE, ) (output, error) = process.communicate() if process.returncode != 0 and params.not_found_msg not in error: raise RuntimeError( - 'Failed to stop the AWS CodeDeploy Agent:\n{0}'.format(error) + f'Failed to stop the AWS CodeDeploy Agent:\n{error}' ) return process @@ -231,5 +236,7 @@ class RHEL(Linux): subprocess.check_call(['yum', '-y', 'erase', 'codedeploy-agent']) def _stop_agent(self, params): - params.not_found_msg = 'Redirecting to /bin/systemctl stop codedeploy-agent.service' + params.not_found_msg = ( + 'Redirecting to /bin/systemctl stop codedeploy-agent.service' + ) return Linux._stop_agent(self, params) diff -pruN 2.23.6-1/awscli/customizations/codedeploy/uninstall.py 2.31.35-1/awscli/customizations/codedeploy/uninstall.py --- 2.23.6-1/awscli/customizations/codedeploy/uninstall.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/uninstall.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,12 +11,14 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import errno import os import sys -import errno -from awscli.customizations.codedeploy.utils import validate_instance, \ - validate_region +from awscli.customizations.codedeploy.utils import ( + validate_instance, + validate_region, +) from awscli.customizations.commands import BasicCommand @@ -41,11 +43,11 @@ class Uninstall(BasicCommand): sys.stdout.flush() sys.stderr.write( 'ERROR\n' - '{0}\n' + f'{e}\n' 'Uninstall the AWS CodeDeploy Agent on the on-premises ' 'instance by following the instructions in "Configure ' 'Existing On-Premises Instances by Using AWS CodeDeploy" in ' - 'the AWS CodeDeploy User Guide.\n'.format(e) + 'the AWS CodeDeploy User Guide.\n' ) return 255 return 0 diff -pruN 2.23.6-1/awscli/customizations/codedeploy/utils.py 2.31.35-1/awscli/customizations/codedeploy/utils.py --- 2.23.6-1/awscli/customizations/codedeploy/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/codedeploy/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,14 +13,20 @@ import platform import re - -import awscli.compat -from awscli.compat import urlopen, URLError -from awscli.customizations.codedeploy.systems import System, Ubuntu, Windows, RHEL -from awscli.customizations.exceptions import ParamValidationError -from awscli.customizations.exceptions import ConfigurationError from socket import timeout +import awscli.compat +from awscli.compat import URLError, urlopen +from awscli.customizations.codedeploy.systems import ( + RHEL, + System, + Ubuntu, + Windows, +) +from awscli.customizations.exceptions import ( + ConfigurationError, + ParamValidationError, +) MAX_INSTANCE_NAME_LENGTH = 100 MAX_TAGS_PER_INSTANCE = 10 @@ -34,9 +40,7 @@ INSTANCE_NAME_ARG = { 'name': 'instance-name', 'synopsis': '--instance-name ', 'required': True, - 'help_text': ( - 'Required. The name of the on-premises instance.' - ) + 'help_text': ('Required. The name of the on-premises instance.'), } IAM_USER_ARN_ARG = { @@ -45,7 +49,7 @@ IAM_USER_ARN_ARG = { 'required': False, 'help_text': ( 'Optional. The IAM user associated with the on-premises instance.' - ) + ), } @@ -70,9 +74,7 @@ def validate_instance_name(params): ) if len(params.instance_name) > MAX_INSTANCE_NAME_LENGTH: raise ParamValidationError( - 'Instance name cannot be longer than {0} characters.'.format( - MAX_INSTANCE_NAME_LENGTH - ) + f'Instance name cannot be longer than {MAX_INSTANCE_NAME_LENGTH} characters.' ) @@ -80,28 +82,23 @@ def validate_tags(params): if params.tags: if len(params.tags) > MAX_TAGS_PER_INSTANCE: raise ParamValidationError( - 'Instances can only have a maximum of {0} tags.'.format( - MAX_TAGS_PER_INSTANCE - ) + f'Instances can only have a maximum of {MAX_TAGS_PER_INSTANCE} tags.' ) for tag in params.tags: if len(tag['Key']) > MAX_TAG_KEY_LENGTH: raise ParamValidationError( - 'Tag Key cannot be longer than {0} characters.'.format( - MAX_TAG_KEY_LENGTH - ) + f'Tag Key cannot be longer than {MAX_TAG_KEY_LENGTH} characters.' ) if len(tag['Value']) > MAX_TAG_VALUE_LENGTH: raise ParamValidationError( - 'Tag Value cannot be longer than {0} characters.'.format( - MAX_TAG_VALUE_LENGTH - ) + f'Tag Value cannot be longer than {MAX_TAG_VALUE_LENGTH} characters.' ) def validate_iam_user_arn(params): - if params.iam_user_arn and \ - not re.match(IAM_USER_ARN_PATTERN, params.iam_user_arn): + if params.iam_user_arn and not re.match( + IAM_USER_ARN_PATTERN, params.iam_user_arn + ): raise ParamValidationError('Invalid IAM user ARN.') @@ -115,9 +112,7 @@ def validate_instance(params): elif platform.system() == 'Windows': params.system = Windows(params) if 'system' not in params: - raise RuntimeError( - System.UNSUPPORTED_SYSTEM_MSG - ) + raise RuntimeError(System.UNSUPPORTED_SYSTEM_MSG) try: urlopen('http://169.254.169.254/latest/meta-data/', timeout=1) raise RuntimeError('Amazon EC2 instances are not supported.') @@ -137,7 +132,5 @@ def validate_s3_location(params, arg_nam else: raise ParamValidationError( '--{0} must specify the Amazon S3 URL format as ' - 's3:///.'.format( - arg_name.replace('_', '-') - ) + 's3:///.'.format(arg_name.replace('_', '-')) ) diff -pruN 2.23.6-1/awscli/customizations/commands.py 2.31.35-1/awscli/customizations/commands.py --- 2.23.6-1/awscli/customizations/commands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/commands.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,5 +1,5 @@ -import logging import copy +import logging import os from botocore import model @@ -10,20 +10,19 @@ import awscli from awscli.argparser import ArgTableArgParser, SubCommandArgParser from awscli.argprocess import unpack_argument, unpack_cli_arg from awscli.arguments import CustomArgument, create_argument_model_from_schema +from awscli.bcdoc import docevents from awscli.clidocs import OperationDocumentEventHandler from awscli.commands import CLICommand -from awscli.bcdoc import docevents +from awscli.customizations.exceptions import ParamValidationError from awscli.help import HelpCommand from awscli.schema import SchemaTransformer from awscli.utils import add_command_lineage_to_user_agent_extra -from awscli.customizations.exceptions import ParamValidationError LOG = logging.getLogger(__name__) _open = open -class _FromFile(object): - +class _FromFile: def __init__(self, *paths, **kwargs): """ ``**kwargs`` can contain a ``root_module`` argument @@ -43,7 +42,6 @@ class _FromFile(object): class BasicCommand(CLICommand): - """Basic top level command with no subcommands. If you want to create a new command, subclass this and @@ -140,17 +138,21 @@ class BasicCommand(CLICommand): # an arg parser and parse them. self._subcommand_table = self._build_subcommand_table() self._arg_table = self._build_arg_table() - event = 'before-building-argument-table-parser.%s' % \ - ".".join(self.lineage_names) - self._session.emit(event, argument_table=self._arg_table, args=args, - session=self._session) + event = f'before-building-argument-table-parser.{".".join(self.lineage_names)}' + self._session.emit( + event, + argument_table=self._arg_table, + args=args, + session=self._session, + ) maybe_parsed_subcommand = self._parse_potential_subcommand( args, self._subcommand_table ) if maybe_parsed_subcommand is not None: new_args, subcommand_name = maybe_parsed_subcommand return self._subcommand_table[subcommand_name]( - new_args, parsed_globals) + new_args, parsed_globals + ) parser = ArgTableArgParser(self.arg_table, self.subcommand_table) parsed_args, remaining = parser.parse_known_args(args) @@ -166,20 +168,18 @@ class BasicCommand(CLICommand): cli_argument = self.arg_table[xformed] value = unpack_argument( - self._session, - 'custom', - self.name, - cli_argument, - value + self._session, 'custom', self.name, cli_argument, value ) # If this parameter has a schema defined, then allow plugins # a chance to process and override its value. if self._should_allow_plugins_override(cli_argument, value): - override = self._session\ - .emit_first_non_none_response( - 'process-cli-arg.%s.%s' % ('custom', self.name), - cli_argument=cli_argument, value=value, operation=None) + override = self._session.emit_first_non_none_response( + f'process-cli-arg.custom.{self.name}', + cli_argument=cli_argument, + value=value, + operation=None, + ) if override is not None: # A plugin supplied a conversion @@ -189,7 +189,8 @@ class BasicCommand(CLICommand): # correct Python type (dict, list, etc) value = unpack_cli_arg(cli_argument, value) self._validate_value_against_schema( - cli_argument.argument_model, value) + cli_argument.argument_model, value + ) setattr(parsed_args, key, value) if hasattr(self._session, 'user_agent_extra'): @@ -201,7 +202,7 @@ class BasicCommand(CLICommand): # function for this top level command. if remaining: raise ParamValidationError( - "Unknown options: %s" % ','.join(remaining) + f"Unknown options: {','.join(remaining)}" ) rc = self._run_main(parsed_args, parsed_globals) if rc is None: @@ -209,12 +210,11 @@ class BasicCommand(CLICommand): else: return rc - def _validate_value_against_schema(self, model, value): + def _validate_value_against_schema(self, model, value): # noqa: F811 validate_parameters(value, model) def _should_allow_plugins_override(self, param, value): - if (param and param.argument_model is not None and - value is not None): + if param and param.argument_model is not None and value is not None: return True return False @@ -236,10 +236,12 @@ class BasicCommand(CLICommand): subcommand_class = subcommand['command_class'] subcommand_table[subcommand_name] = subcommand_class(self._session) name = '_'.join([c.name for c in self.lineage]) - self._session.emit('building-command-table.%s' % name, - command_table=subcommand_table, - session=self._session, - command_object=self) + self._session.emit( + f'building-command-table.{name}', + command_table=subcommand_table, + session=self._session, + command_object=self, + ) self._add_lineage(subcommand_table) return subcommand_table @@ -251,8 +253,12 @@ class BasicCommand(CLICommand): command_help_table = {} if self.SUBCOMMANDS: command_help_table = self.create_help_command_table() - return BasicHelp(self._session, self, command_table=command_help_table, - arg_table=self.arg_table) + return BasicHelp( + self._session, + self, + command_table=command_help_table, + arg_table=self.arg_table, + ) def create_help_command_table(self): """ @@ -268,15 +274,16 @@ class BasicCommand(CLICommand): def _build_arg_table(self): arg_table = OrderedDict() name = '_'.join([c.name for c in self.lineage]) - self._session.emit('building-arg-table.%s' % name, - arg_table=self.ARG_TABLE) + self._session.emit( + f'building-arg-table.{name}', arg_table=self.ARG_TABLE + ) for arg_data in self.ARG_TABLE: - # If a custom schema was passed in, create the argument_model # so that it can be validated and docs can be generated. if 'schema' in arg_data: argument_model = create_argument_model_from_schema( - arg_data.pop('schema')) + arg_data.pop('schema') + ) arg_data['argument_model'] = argument_model custom_argument = CustomArgument(**arg_data) @@ -319,21 +326,27 @@ class BasicCommand(CLICommand): def _raise_usage_error(self): lineage = ' '.join([c.name for c in self.lineage]) error_msg = ( - "usage: aws [options] %s " - "[parameters]\naws: error: too few arguments" - ) % lineage + f"usage: aws [options] {lineage} " + "[parameters]\naws: [ERROR]: too few arguments" + ) raise ParamValidationError(error_msg) def _add_customization_to_user_agent(self): - add_command_lineage_to_user_agent_extra(self._session, self.lineage_names) + add_command_lineage_to_user_agent_extra( + self._session, self.lineage_names + ) class BasicHelp(HelpCommand): - - def __init__(self, session, command_object, command_table, arg_table, - event_handler_class=None): - super(BasicHelp, self).__init__(session, command_object, - command_table, arg_table) + def __init__( + self, + session, + command_object, + command_table, + arg_table, + event_handler_class=None, + ): + super().__init__(session, command_object, command_table, arg_table) # This is defined in HelpCommand so we're matching the # casing here. if event_handler_class is None: @@ -366,6 +379,16 @@ class BasicHelp(HelpCommand): def event_class(self): return '.'.join(self.obj.lineage_names) + @property + def url(self): + # If the operation command has a subcommand table with commands + # in it, treat it as a service command as opposed to an operation + # command. This is to support things like a customization command + # that rely on the `BasicHelp` object. + if len(self.command_table) > 0: + return f"{self._base_remote_url}/reference/{self.event_class.replace('.', '/')}/index.html" + return f"{self._base_remote_url}/reference/{self.event_class.replace('.', '/')}.html" + def _get_doc_contents(self, attr_name): value = getattr(self, attr_name) if isinstance(value, BasicCommand.FROM_FILE): @@ -376,7 +399,9 @@ class BasicHelp(HelpCommand): root_module = value.root_module doc_path = os.path.join( os.path.abspath(os.path.dirname(root_module.__file__)), - 'examples', trailing_path) + 'examples', + trailing_path, + ) with _open(doc_path) as f: return f.read() else: @@ -389,14 +414,18 @@ class BasicHelp(HelpCommand): # We pass ourselves along so that we can, in turn, get passed # to all event handlers. docevents.generate_events(self.session, self) - self.renderer.render(self.doc.getvalue()) + + if self._help_output_format == 'url': + self.renderer.render(self.url.encode()) + else: + self.renderer.render(self.doc.getvalue()) + instance.unregister() class BasicDocHandler(OperationDocumentEventHandler): - def __init__(self, help_command): - super(BasicDocHandler, self).__init__(help_command) + super().__init__(help_command) self.doc = help_command.doc def doc_description(self, help_command, **kwargs): @@ -406,8 +435,7 @@ class BasicDocHandler(OperationDocumentE def doc_synopsis_start(self, help_command, **kwargs): if not help_command.synopsis: - super(BasicDocHandler, self).doc_synopsis_start( - help_command=help_command, **kwargs) + super().doc_synopsis_start(help_command=help_command, **kwargs) else: self.doc.style.h2('Synopsis') self.doc.style.start_codeblock() @@ -424,18 +452,18 @@ class BasicDocHandler(OperationDocumentE # This arg is already documented so we can move on. return option_str = ' | '.join( - [a.cli_name for a in - self._arg_groups[argument.group_name]]) + [a.cli_name for a in self._arg_groups[argument.group_name]] + ) self._documented_arg_groups.append(argument.group_name) elif argument.cli_type_name == 'boolean': - option_str = '%s' % argument.cli_name + option_str = f'{argument.cli_name}' elif argument.nargs == '+': - option_str = "%s [...]" % argument.cli_name + option_str = f"{argument.cli_name} [...]" else: - option_str = '%s ' % argument.cli_name + option_str = f'{argument.cli_name} ' if not (argument.required or argument.positional_arg): - option_str = '[%s]' % option_str - doc.writeln('%s' % option_str) + option_str = f'[{option_str}]' + doc.writeln(f'{option_str}') else: # A synopsis has been provided so we don't need to write @@ -444,8 +472,7 @@ class BasicDocHandler(OperationDocumentE def doc_synopsis_end(self, help_command, **kwargs): if not help_command.synopsis and not help_command.command_table: - super(BasicDocHandler, self).doc_synopsis_end( - help_command=help_command, **kwargs) + super().doc_synopsis_end(help_command=help_command, **kwargs) else: self.doc.style.end_codeblock() diff -pruN 2.23.6-1/awscli/customizations/configservice/getstatus.py 2.31.35-1/awscli/customizations/configservice/getstatus.py --- 2.23.6-1/awscli/customizations/configservice/getstatus.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configservice/getstatus.py 2025-11-12 19:17:29.000000000 +0000 @@ -25,8 +25,10 @@ def add_get_status(command_table, sessio class GetStatusCommand(BasicCommand): NAME = 'get-status' - DESCRIPTION = ('Reports the status of all of configuration ' - 'recorders and delivery channels.') + DESCRIPTION = ( + 'Reports the status of all of configuration ' + 'recorders and delivery channels.' + ) def __init__(self, session): self._config_client = None @@ -42,10 +44,11 @@ class GetStatusCommand(BasicCommand): client_args = { 'verify': parsed_globals.verify_ssl, 'region_name': parsed_globals.region, - 'endpoint_url': parsed_globals.endpoint_url + 'endpoint_url': parsed_globals.endpoint_url, } - self._config_client = self._session.create_client('config', - **client_args) + self._config_client = self._session.create_client( + 'config', **client_args + ) def _check_configuration_recorders(self): status = self._config_client.describe_configuration_recorder_status() diff -pruN 2.23.6-1/awscli/customizations/configservice/putconfigurationrecorder.py 2.31.35-1/awscli/customizations/configservice/putconfigurationrecorder.py --- 2.23.6-1/awscli/customizations/configservice/putconfigurationrecorder.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configservice/putconfigurationrecorder.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,7 +18,8 @@ from awscli.arguments import CLIArgument def register_modify_put_configuration_recorder(cli): cli.register( 'building-argument-table.configservice.put-configuration-recorder', - extract_recording_group) + extract_recording_group, + ) def extract_recording_group(session, argument_table, **kwargs): @@ -29,10 +30,13 @@ def extract_recording_group(session, arg configuration_recorder_argument = argument_table['configuration-recorder'] configuration_recorder_model = copy.deepcopy( - configuration_recorder_argument.argument_model) + configuration_recorder_argument.argument_model + ) recording_group_model = copy.deepcopy( - configuration_recorder_argument.argument_model. - members['recordingGroup']) + configuration_recorder_argument.argument_model.members[ + 'recordingGroup' + ] + ) del configuration_recorder_model.members['recordingGroup'] argument_table['configuration-recorder'] = ConfigurationRecorderArgument( @@ -41,7 +45,7 @@ def extract_recording_group(session, arg operation_model=configuration_recorder_argument._operation_model, is_required=True, event_emitter=session.get_component('event_emitter'), - serialized_name='ConfigurationRecorder' + serialized_name='ConfigurationRecorder', ) argument_table['recording-group'] = RecordingGroupArgument( @@ -50,7 +54,7 @@ def extract_recording_group(session, arg operation_model=configuration_recorder_argument._operation_model, is_required=False, event_emitter=session.get_component('event_emitter'), - serialized_name='recordingGroup' + serialized_name='recordingGroup', ) diff -pruN 2.23.6-1/awscli/customizations/configservice/subscribe.py 2.31.35-1/awscli/customizations/configservice/subscribe.py --- 2.23.6-1/awscli/customizations/configservice/subscribe.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configservice/subscribe.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,29 +14,43 @@ import json import sys from awscli.customizations.commands import BasicCommand -from awscli.customizations.utils import s3_bucket_exists from awscli.customizations.s3.utils import find_bucket_key +from awscli.customizations.utils import s3_bucket_exists - -S3_BUCKET = {'name': 's3-bucket', 'required': True, - 'help_text': ('The S3 bucket that the AWS Config delivery channel' - ' will use. If the bucket does not exist, it will ' - 'be automatically created. The value for this ' - 'argument should follow the form ' - 'bucket/prefix. Note that the prefix is optional.')} - -SNS_TOPIC = {'name': 'sns-topic', 'required': True, - 'help_text': ('The SNS topic that the AWS Config delivery channel' - ' will use. If the SNS topic does not exist, it ' - 'will be automatically created. Value for this ' - 'should be a valid SNS topic name or the ARN of an ' - 'existing SNS topic.')} - -IAM_ROLE = {'name': 'iam-role', 'required': True, - 'help_text': ('The IAM role that the AWS Config configuration ' - 'recorder will use to record current resource ' - 'configurations. Value for this should be the ' - 'ARN of the desired IAM role.')} +S3_BUCKET = { + 'name': 's3-bucket', + 'required': True, + 'help_text': ( + 'The S3 bucket that the AWS Config delivery channel' + ' will use. If the bucket does not exist, it will ' + 'be automatically created. The value for this ' + 'argument should follow the form ' + 'bucket/prefix. Note that the prefix is optional.' + ), +} + +SNS_TOPIC = { + 'name': 'sns-topic', + 'required': True, + 'help_text': ( + 'The SNS topic that the AWS Config delivery channel' + ' will use. If the SNS topic does not exist, it ' + 'will be automatically created. Value for this ' + 'should be a valid SNS topic name or the ARN of an ' + 'existing SNS topic.' + ), +} + +IAM_ROLE = { + 'name': 'iam-role', + 'required': True, + 'help_text': ( + 'The IAM role that the AWS Config configuration ' + 'recorder will use to record current resource ' + 'configurations. Value for this should be the ' + 'ARN of the desired IAM role.' + ), +} def register_subscribe(cli): @@ -49,10 +63,12 @@ def add_subscribe(command_table, session class SubscribeCommand(BasicCommand): NAME = 'subscribe' - DESCRIPTION = ('Subscribes user to AWS Config by creating an AWS Config ' - 'delivery channel and configuration recorder to track ' - 'AWS resource configurations. The names of the default ' - 'channel and configuration recorder will be default.') + DESCRIPTION = ( + 'Subscribes user to AWS Config by creating an AWS Config ' + 'delivery channel and configuration recorder to track ' + 'AWS resource configurations. The names of the default ' + 'channel and configuration recorder will be default.' + ) ARG_TABLE = [S3_BUCKET, SNS_TOPIC, IAM_ROLE] def __init__(self, session): @@ -79,7 +95,7 @@ class SubscribeCommand(BasicCommand): self._config_client.put_configuration_recorder( ConfigurationRecorder={ 'name': name, - 'roleARN': parsed_args.iam_role + 'roleARN': parsed_args.iam_role, } ) @@ -87,14 +103,15 @@ class SubscribeCommand(BasicCommand): delivery_channel = { 'name': name, 's3BucketName': bucket, - 'snsTopicARN': sns_topic_arn + 'snsTopicARN': sns_topic_arn, } if prefix: delivery_channel['s3KeyPrefix'] = prefix self._config_client.put_delivery_channel( - DeliveryChannel=delivery_channel) + DeliveryChannel=delivery_channel + ) # Start the configuration recorder. self._config_client.start_configuration_recorder( @@ -106,7 +123,8 @@ class SubscribeCommand(BasicCommand): sys.stdout.write('Configuration Recorders: ') response = self._config_client.describe_configuration_recorders() sys.stdout.write( - json.dumps(response['ConfigurationRecorders'], indent=4)) + json.dumps(response['ConfigurationRecorders'], indent=4) + ) sys.stdout.write('\n\n') # Describe the delivery channels @@ -120,17 +138,18 @@ class SubscribeCommand(BasicCommand): def _setup_clients(self, parsed_globals): client_args = { 'verify': parsed_globals.verify_ssl, - 'region_name': parsed_globals.region + 'region_name': parsed_globals.region, } self._s3_client = self._session.create_client('s3', **client_args) self._sns_client = self._session.create_client('sns', **client_args) # Use the specified endpoint only for config related commands. client_args['endpoint_url'] = parsed_globals.endpoint_url - self._config_client = self._session.create_client('config', - **client_args) + self._config_client = self._session.create_client( + 'config', **client_args + ) -class S3BucketHelper(object): +class S3BucketHelper: def __init__(self, s3_client): self._s3_client = s3_client @@ -149,16 +168,14 @@ class S3BucketHelper(object): def _create_bucket(self, bucket): region_name = self._s3_client.meta.region_name - params = { - 'Bucket': bucket - } + params = {'Bucket': bucket} bucket_config = {'LocationConstraint': region_name} if region_name != 'us-east-1': params['CreateBucketConfiguration'] = bucket_config self._s3_client.create_bucket(**params) -class SNSTopicHelper(object): +class SNSTopicHelper: def __init__(self, sns_client): self._sns_client = sns_client diff -pruN 2.23.6-1/awscli/customizations/configure/__init__.py 2.31.35-1/awscli/customizations/configure/__init__.py --- 2.23.6-1/awscli/customizations/configure/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,15 +11,15 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import string + from awscli.compat import shlex NOT_SET = '' -PREDEFINED_SECTION_NAMES = ('plugins') +PREDEFINED_SECTION_NAMES = 'plugins' _WHITESPACE = ' \t' -class ConfigValue(object): - +class ConfigValue: def __init__(self, value, config_type, config_variable): self.value = value self.config_type = config_type diff -pruN 2.23.6-1/awscli/customizations/configure/addmodel.py 2.31.35-1/awscli/customizations/configure/addmodel.py --- 2.23.6-1/awscli/customizations/configure/addmodel.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/addmodel.py 2025-11-12 19:17:29.000000000 +0000 @@ -76,11 +76,12 @@ def get_model_location(session, service_ # not the one set by AWS_DATA_PATH) data_path = session.get_component('data_loader').CUSTOMER_DATA_PATH # Use the version of the model to determine the file's naming convention. - service_model_name = ( - 'service-%d.json' % int( - float(service_definition.get('version', '2.0')))) - return os.path.join(data_path, service_name, api_version, - service_model_name) + service_model_name = 'service-%d.json' % int( + float(service_definition.get('version', '2.0')) + ) + return os.path.join( + data_path, service_name, api_version, service_model_name + ) class AddModelCommand(BasicCommand): @@ -92,11 +93,18 @@ class AddModelCommand(BasicCommand): 'provided.' ) ARG_TABLE = [ - {'name': 'service-model', 'required': True, 'help_text': ( - 'The contents of the service JSON model.')}, - {'name': 'service-name', 'help_text': ( - 'Overrides the default name used by the service JSON ' - 'model to generate CLI service commands and Boto3 clients.')} + { + 'name': 'service-model', + 'required': True, + 'help_text': ('The contents of the service JSON model.'), + }, + { + 'name': 'service-name', + 'help_text': ( + 'Overrides the default name used by the service JSON ' + 'model to generate CLI service commands and Boto3 clients.' + ), + }, ] def _run_main(self, parsed_args, parsed_globals): diff -pruN 2.23.6-1/awscli/customizations/configure/configure.py 2.31.35-1/awscli/customizations/configure/configure.py --- 2.23.6-1/awscli/customizations/configure/configure.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/configure.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,42 +10,48 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os import logging +import os +import sys from botocore.exceptions import ProfileNotFound from awscli.compat import compat_input from awscli.customizations.commands import BasicCommand from awscli.customizations.configure.addmodel import AddModelCommand -from awscli.customizations.configure.set import ConfigureSetCommand +from awscli.customizations.configure.exportcreds import ( + ConfigureExportCredentialsCommand, +) from awscli.customizations.configure.get import ConfigureGetCommand -from awscli.customizations.configure.list import ConfigureListCommand -from awscli.customizations.configure.writer import ConfigFileWriter from awscli.customizations.configure.importer import ConfigureImportCommand +from awscli.customizations.configure.list import ConfigureListCommand from awscli.customizations.configure.listprofiles import ListProfilesCommand -from awscli.customizations.configure.sso import ConfigureSSOCommand -from awscli.customizations.configure.sso import ConfigureSSOSessionCommand -from awscli.customizations.configure.exportcreds import \ - ConfigureExportCredentialsCommand +from awscli.customizations.configure.mfalogin import ConfigureMFALoginCommand +from awscli.customizations.configure.set import ConfigureSetCommand +from awscli.customizations.configure.sso import ( + ConfigureSSOCommand, + ConfigureSSOSessionCommand, +) +from awscli.customizations.configure.writer import ConfigFileWriter from . import mask_value, profile_to_section - logger = logging.getLogger(__name__) def register_configure_cmd(cli): - cli.register('building-command-table.main', - ConfigureCommand.add_command) + cli.register('building-command-table.main', ConfigureCommand.add_command) -class InteractivePrompter(object): - +class InteractivePrompter: def get_value(self, current_value, config_name, prompt_text=''): - if config_name in ('aws_access_key_id', 'aws_secret_access_key'): + if config_name in ( + 'aws_access_key_id', + 'aws_secret_access_key', + 'aws_session_token', + ): current_value = mask_value(current_value) - response = compat_input("%s [%s]: " % (prompt_text, current_value)) + response = compat_input(f"{prompt_text} [{current_value}]: ") if not response: # If the user hits enter, we return a value of None # instead of an empty string. That way we can determine @@ -57,7 +63,7 @@ class InteractivePrompter(object): class ConfigureCommand(BasicCommand): NAME = 'configure' DESCRIPTION = BasicCommand.FROM_FILE() - SYNOPSIS = ('aws configure [--profile profile-name]') + SYNOPSIS = 'aws configure [--profile profile-name]' EXAMPLES = ( 'To create a new configuration::\n' '\n' @@ -84,8 +90,11 @@ class ConfigureCommand(BasicCommand): {'name': 'list-profiles', 'command_class': ListProfilesCommand}, {'name': 'sso', 'command_class': ConfigureSSOCommand}, {'name': 'sso-session', 'command_class': ConfigureSSOSessionCommand}, - {'name': 'export-credentials', - 'command_class': ConfigureExportCredentialsCommand}, + {'name': 'mfa-login', 'command_class': ConfigureMFALoginCommand}, + { + 'name': 'export-credentials', + 'command_class': ConfigureExportCredentialsCommand, + }, ] # If you want to add new values to prompt, update this list here. @@ -93,12 +102,13 @@ class ConfigureCommand(BasicCommand): # (logical_name, config_name, prompt_text) ('aws_access_key_id', "AWS Access Key ID"), ('aws_secret_access_key', "AWS Secret Access Key"), + ('aws_session_token', "AWS Session Token"), ('region', "Default region name"), ('output', "Default output format"), ] def __init__(self, session, prompter=None, config_writer=None): - super(ConfigureCommand, self).__init__(session) + super().__init__(session) if prompter is None: prompter = InteractivePrompter() self._prompter = prompter @@ -106,8 +116,24 @@ class ConfigureCommand(BasicCommand): config_writer = ConfigFileWriter() self._config_writer = config_writer + def _needs_session_token(self, new_values): + """Check if session token is needed based on access key ID.""" + access_key = new_values.get('aws_access_key_id') + return access_key and access_key.startswith('ASIA') + + def _should_prompt_for_session_token(self, new_values, config): + """Determine if we should prompt for session token.""" + # Don't prompt if explicitly switching to long-term credentials + new_access_key = new_values.get('aws_access_key_id') + if new_access_key and not self._needs_session_token(new_values): + return False + + # Prompt if needed for temporary credentials or if already exists + return self._needs_session_token(new_values) or config.get('aws_session_token') + def _run_main(self, parsed_args, parsed_globals): # Called when invoked with no args "aws configure" + new_values = {} # This is the config from the config file scoped to a specific # profile. @@ -115,14 +141,28 @@ class ConfigureCommand(BasicCommand): config = self._session.get_scoped_config() except ProfileNotFound: config = {} + for config_name, prompt_text in self.VALUES_TO_PROMPT: + if config_name == 'aws_session_token' and not self._should_prompt_for_session_token(new_values, config): + continue + current_value = config.get(config_name) - new_value = self._prompter.get_value(current_value, config_name, - prompt_text) + new_value = self._prompter.get_value( + current_value, config_name, prompt_text + ) if new_value is not None and new_value != current_value: new_values[config_name] = new_value + + # Remove session token for non-temporary credentials + if ( + 'aws_access_key_id' in new_values + and not self._needs_session_token(new_values) + and config.get('aws_session_token') + ): + new_values['aws_session_token'] = None config_filename = os.path.expanduser( - self._session.get_config_variable('config_file')) + self._session.get_config_variable('config_file') + ) if new_values: profile = self._session.profile self._write_out_creds_file_values(new_values, profile) @@ -140,15 +180,22 @@ class ConfigureCommand(BasicCommand): credential_file_values = {} if 'aws_access_key_id' in new_values: credential_file_values['aws_access_key_id'] = new_values.pop( - 'aws_access_key_id') + 'aws_access_key_id' + ) if 'aws_secret_access_key' in new_values: credential_file_values['aws_secret_access_key'] = new_values.pop( - 'aws_secret_access_key') + 'aws_secret_access_key' + ) + if 'aws_session_token' in new_values: + credential_file_values['aws_session_token'] = new_values.pop( + 'aws_session_token' + ) if credential_file_values: if profile_name is not None: credential_file_values['__section__'] = profile_name shared_credentials_filename = os.path.expanduser( - self._session.get_config_variable('credentials_file')) + self._session.get_config_variable('credentials_file') + ) self._config_writer.update_config( - credential_file_values, - shared_credentials_filename) + credential_file_values, shared_credentials_filename + ) diff -pruN 2.23.6-1/awscli/customizations/configure/exportcreds.py 2.31.35-1/awscli/customizations/configure/exportcreds.py --- 2.23.6-1/awscli/customizations/configure/exportcreds.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/exportcreds.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,21 +10,21 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os -import io -import sys import csv +import io import json -from datetime import datetime +import os +import sys from collections import namedtuple +from datetime import datetime from awscli.customizations.commands import BasicCommand from awscli.customizations.exceptions import ConfigurationError - # Takes botocore's ReadOnlyCredentials and exposes an expiry_time. Credentials = namedtuple( - 'Credentials', ['access_key', 'secret_key', 'token', 'expiry_time']) + 'Credentials', ['access_key', 'secret_key', 'token', 'expiry_time'] +) def convert_botocore_credentials(credentials): @@ -46,8 +46,7 @@ def convert_botocore_credentials(credent ) -class BaseCredentialFormatter(object): - +class BaseCredentialFormatter: FORMAT = None DOCUMENTATION = "" @@ -61,27 +60,28 @@ class BaseCredentialFormatter(object): class BasePerLineFormatter(BaseCredentialFormatter): - _VAR_FORMAT = 'export {var_name}={var_value}' def display_credentials(self, credentials): - output = ( - self._format_line('AWS_ACCESS_KEY_ID', credentials.access_key) + - self._format_line('AWS_SECRET_ACCESS_KEY', credentials.secret_key)) + output = self._format_line( + 'AWS_ACCESS_KEY_ID', credentials.access_key + ) + self._format_line('AWS_SECRET_ACCESS_KEY', credentials.secret_key) if credentials.token is not None: output += self._format_line('AWS_SESSION_TOKEN', credentials.token) if credentials.expiry_time is not None: output += self._format_line( - 'AWS_CREDENTIAL_EXPIRATION', credentials.expiry_time) + 'AWS_CREDENTIAL_EXPIRATION', credentials.expiry_time + ) self._stream.write(output) def _format_line(self, var_name, var_value): - return self._VAR_FORMAT.format( - var_name=var_name, var_value=var_value) + '\n' + return ( + self._VAR_FORMAT.format(var_name=var_name, var_value=var_value) + + '\n' + ) class BashEnvVarFormatter(BasePerLineFormatter): - FORMAT = 'env' DOCUMENTATION = ( "Display credentials as exported shell variables: " @@ -91,7 +91,6 @@ class BashEnvVarFormatter(BasePerLineFor class BashNoExportEnvFormatter(BasePerLineFormatter): - FORMAT = 'env-no-export' DOCUMENTATION = ( "Display credentials as non-exported shell variables: " @@ -101,7 +100,6 @@ class BashNoExportEnvFormatter(BasePerLi class PowershellFormatter(BasePerLineFormatter): - FORMAT = 'powershell' DOCUMENTATION = ( 'Display credentials as PowerShell environment variables: ' @@ -111,7 +109,6 @@ class PowershellFormatter(BasePerLineFor class WindowsCmdFormatter(BasePerLineFormatter): - FORMAT = 'windows-cmd' DOCUMENTATION = ( 'Display credentials as Windows cmd environment variables: ' @@ -121,7 +118,6 @@ class WindowsCmdFormatter(BasePerLineFor class CredentialProcessFormatter(BaseCredentialFormatter): - FORMAT = 'process' DOCUMENTATION = ( "Display credentials as JSON output, in the schema " @@ -149,15 +145,23 @@ class CredentialProcessFormatter(BaseCre SUPPORTED_FORMATS = { - format_cls.FORMAT: format_cls for format_cls in - [CredentialProcessFormatter, BashEnvVarFormatter, BashNoExportEnvFormatter, - PowershellFormatter, WindowsCmdFormatter] + format_cls.FORMAT: format_cls + for format_cls in [ + CredentialProcessFormatter, + BashEnvVarFormatter, + BashNoExportEnvFormatter, + PowershellFormatter, + WindowsCmdFormatter, + ] } def generate_docs(formats): - lines = ['The output format to display credentials. ' - 'Defaults to `process`. ', '

      '] + lines = [ + 'The output format to display credentials. ' + 'Defaults to `process`. ', + '
        ', + ] for name, cls in formats.items(): line = f'
      • ``{name}`` - {cls.DOCUMENTATION}
        • ' lines.append(line) @@ -166,7 +170,6 @@ def generate_docs(formats): class ConfigureExportCredentialsCommand(BasicCommand): - NAME = 'export-credentials' SYNOPSIS = 'aws configure export-credentials --profile profile-name' DESCRIPTION = ( @@ -179,11 +182,13 @@ class ConfigureExportCredentialsCommand( "``--output`` options." ) ARG_TABLE = [ - {'name': 'format', - 'help_text': generate_docs(SUPPORTED_FORMATS), - 'action': 'store', - 'choices': list(SUPPORTED_FORMATS), - 'default': CredentialProcessFormatter.FORMAT}, + { + 'name': 'format', + 'help_text': generate_docs(SUPPORTED_FORMATS), + 'action': 'store', + 'choices': list(SUPPORTED_FORMATS), + 'default': CredentialProcessFormatter.FORMAT, + }, ] _RECURSION_VAR = '_AWS_CLI_PROFILE_CHAIN' # Two levels is reasonable because you might explicitly run @@ -208,7 +213,8 @@ class ConfigureExportCredentialsCommand( def _detect_recursion_barrier(self): profile = self._get_current_profile() seen_profiles = self._parse_profile_chain( - self._env.get(self._RECURSION_VAR, '')) + self._env.get(self._RECURSION_VAR, '') + ) if len(seen_profiles) >= self._MAX_RECURSION: raise ConfigurationError( f"Maximum recursive credential process resolution reached " @@ -224,7 +230,8 @@ class ConfigureExportCredentialsCommand( def _update_recursion_barrier(self): profile = self._get_current_profile() seen_profiles = self._parse_profile_chain( - self._env.get(self._RECURSION_VAR, '')) + self._env.get(self._RECURSION_VAR, '') + ) seen_profiles.append(profile) serialized = self._serialize_to_csv_str(seen_profiles) self._env[self._RECURSION_VAR] = serialized @@ -254,10 +261,12 @@ class ConfigureExportCredentialsCommand( except Exception as e: original_msg = str(e).strip() raise ConfigurationError( - f"Unable to retrieve credentials: {original_msg}\n") + f"Unable to retrieve credentials: {original_msg}\n" + ) if creds is None: raise ConfigurationError( - "Unable to retrieve credentials: no credentials found") + "Unable to retrieve credentials: no credentials found" + ) creds_with_expiry = convert_botocore_credentials(creds) formatter = SUPPORTED_FORMATS[parsed_args.format](self._out_stream) formatter.display_credentials(creds_with_expiry) diff -pruN 2.23.6-1/awscli/customizations/configure/get.py 2.31.35-1/awscli/customizations/configure/get.py --- 2.23.6-1/awscli/customizations/configure/get.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/get.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,8 +10,8 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys import logging +import sys from awscli.customizations.commands import BasicCommand @@ -22,15 +22,19 @@ LOG = logging.getLogger(__name__) class ConfigureGetCommand(BasicCommand): NAME = 'get' - DESCRIPTION = BasicCommand.FROM_FILE('configure', 'get', - '_description.rst') + DESCRIPTION = BasicCommand.FROM_FILE( + 'configure', 'get', '_description.rst' + ) SYNOPSIS = 'aws configure get varname [--profile profile-name]' EXAMPLES = BasicCommand.FROM_FILE('configure', 'get', '_examples.rst') ARG_TABLE = [ - {'name': 'varname', - 'help_text': 'The name of the config value to retrieve.', - 'action': 'store', - 'cli_type_name': 'string', 'positional_arg': True}, + { + 'name': 'varname', + 'help_text': 'The name of the config value to retrieve.', + 'action': 'store', + 'cli_type_name': 'string', + 'positional_arg': True, + }, ] def __init__(self, session, stream=None, error_stream=None): @@ -53,7 +57,7 @@ class ConfigureGetCommand(BasicCommand): else: value = self._get_dotted_config_value(varname) - LOG.debug(u'Config value retrieved: %s' % value) + LOG.debug('Config value retrieved: %s' % value) if isinstance(value, str): self._stream.write(value) @@ -81,8 +85,9 @@ class ConfigureGetCommand(BasicCommand): value = full_config.get(section, {}).get(config_name) if value is None: # Try to retrieve it from the profile config. - value = full_config['profiles'].get( - section, {}).get(config_name) + value = ( + full_config['profiles'].get(section, {}).get(config_name) + ) return value if parts[0] == 'profile': @@ -93,7 +98,8 @@ class ConfigureGetCommand(BasicCommand): # default.emr-dev.emr.instance_profile) If not, go further to check # if varname starts with a known profile name elif parts[0] == 'default' or ( - parts[0] in self._session.full_config['profiles']): + parts[0] in self._session.full_config['profiles'] + ): profile_name = parts[0] config_name = parts[1] remaining = parts[2:] @@ -104,8 +110,11 @@ class ConfigureGetCommand(BasicCommand): config_name = parts[0] remaining = parts[1:] - value = self._session.full_config['profiles'].get( - profile_name, {}).get(config_name) + value = ( + self._session.full_config['profiles'] + .get(profile_name, {}) + .get(config_name) + ) if len(remaining) == 1: try: value = value.get(remaining[-1]) diff -pruN 2.23.6-1/awscli/customizations/configure/importer.py 2.31.35-1/awscli/customizations/configure/importer.py --- 2.23.6-1/awscli/customizations/configure/importer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/importer.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,13 +10,13 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import codecs import os import sys -import codecs -from awscli.customizations.utils import uni_print from awscli.customizations.commands import BasicCommand from awscli.customizations.configure.writer import ConfigFileWriter +from awscli.customizations.utils import uni_print class ConfigureImportCommand(BasicCommand): @@ -33,33 +33,42 @@ class ConfigureImportCommand(BasicComman '--profile-prefix test-\n\n' ) ARG_TABLE = [ - {'name': 'csv', - 'required': True, - 'help_text': ( - 'The credentials in CSV format generated by the AWS web console.' - 'The CSV file must contain the "User name", "Access key ID", and ' - '"Secret access key" headers.' - ), - 'cli_type_name': 'string'}, - {'name': 'skip-invalid', - 'dest': 'skip_invalid', - 'help_text': ( - 'Skip entries that are invalid or do not have programmatic ' - 'access instead of failing.' - ), - 'default': False, - 'action': 'store_true'}, - {'name': 'profile-prefix', - 'dest': 'profile_prefix', - 'help_text': ( - 'Adds the specified prefix to the beginning of all profile names.' - ), - 'default': '', - 'cli_type_name': 'string'}, + { + 'name': 'csv', + 'required': True, + 'help_text': ( + 'The credentials in CSV format generated by the AWS web console. ' + 'The CSV file must contain the "User name", "Access key ID", and ' + '"Secret access key" headers.' + 'If passing a CSV file path instead of a CSV-formatted string, ' + 'the "file://" prefix is required.' + ), + 'cli_type_name': 'string', + }, + { + 'name': 'skip-invalid', + 'dest': 'skip_invalid', + 'help_text': ( + 'Skip entries that are invalid or do not have programmatic ' + 'access instead of failing.' + ), + 'default': False, + 'action': 'store_true', + }, + { + 'name': 'profile-prefix', + 'dest': 'profile_prefix', + 'help_text': ( + 'Adds the specified prefix to the beginning of all profile names.' + ), + 'default': '', + 'cli_type_name': 'string', + }, ] - def __init__(self, session, csv_parser=None, importer=None, - out_stream=None): + def __init__( + self, session, csv_parser=None, importer=None, out_stream=None + ): super(ConfigureImportCommand, self).__init__(session) if csv_parser is None: csv_parser = CSVCredentialParser() @@ -79,16 +88,27 @@ class ConfigureImportCommand(BasicComman return os.path.expanduser(config_file) def _import_csv(self, contents): + self._check_possible_filepath(contents) config_path = self._get_config_path() credentials = self._csv_parser.parse_credentials(contents) for credential in credentials: self._importer.import_credential( - credential, config_path, + credential, + config_path, profile_prefix=self._profile_prefix, ) import_msg = 'Successfully imported %s profile(s)\n' % len(credentials) uni_print(import_msg, out_file=self._out_stream) + def _check_possible_filepath(self, csv_data): + if ('\n' not in csv_data and + os.path.exists(csv_data) and + not csv_data.startswith('file://')): + raise ValueError( + "You may be passing a file to import without the 'file://' prefix. " + "To import a CSV file, use --csv file://path/to/file.csv" + ) + def _run_main(self, parsed_args, parsed_globals): self._csv_parser.strict = not parsed_args.skip_invalid self._profile_prefix = parsed_args.profile_prefix @@ -100,7 +120,7 @@ class CredentialParserError(Exception): pass -class CSVCredentialParser(object): +class CSVCredentialParser: _USERNAME_HEADER = 'User Name' _AKID_HEADER = 'Access Key ID' _SAK_HEADER = 'Secret Access key' @@ -185,11 +205,13 @@ class CSVCredentialParser(object): return self._convert_rows_to_credentials(parsed_rows) -class CredentialImporter(object): +class CredentialImporter: def __init__(self, writer): self._config_writer = writer - def import_credential(self, credential, credentials_file, profile_prefix=''): + def import_credential( + self, credential, credentials_file, profile_prefix='' + ): name, akid, sak = credential config_profile = { '__section__': profile_prefix + name, diff -pruN 2.23.6-1/awscli/customizations/configure/list.py 2.31.35-1/awscli/customizations/configure/list.py --- 2.23.6-1/awscli/customizations/configure/list.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/list.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,7 @@ import sys from awscli.customizations.commands import BasicCommand -from . import ConfigValue, NOT_SET +from . import NOT_SET, ConfigValue class ConfigureListCommand(BasicCommand): @@ -41,26 +41,24 @@ class ConfigureListCommand(BasicCommand) 'To show your current configuration values::\n' '\n' ' $ aws configure list\n' - ' Name Value Type Location\n' - ' ---- ----- ---- --------\n' - ' profile None None\n' - ' access_key ****************ABCD config_file ~/.aws/config\n' - ' secret_key ****************ABCD config_file ~/.aws/config\n' - ' region us-west-2 env AWS_DEFAULT_REGION\n' + ' NAME : VALUE : TYPE : LOCATION\n' + ' profile : : None : None\n' + ' access_key : ****************ABCD : config_file : ~/.aws/config\n' + ' secret_key : ****************ABCD : config_file : ~/.aws/config\n' + ' region : us-west-2 : env : AWS_DEFAULT_REGION\n' '\n' ) def __init__(self, session, stream=None): - super(ConfigureListCommand, self).__init__(session) + super().__init__(session) if stream is None: stream = sys.stdout self._stream = stream def _run_main(self, args, parsed_globals): - self._display_config_value(ConfigValue('Value', 'Type', 'Location'), - 'Name') - self._display_config_value(ConfigValue('-----', '----', '--------'), - '----') + self._display_config_value( + ConfigValue('VALUE', 'TYPE', 'LOCATION'), 'NAME' + ) if parsed_globals and parsed_globals.profile is not None: profile = ConfigValue(self._session.profile, 'manual', '--profile') @@ -77,9 +75,12 @@ class ConfigureListCommand(BasicCommand) return 0 def _display_config_value(self, config_value, config_name): - self._stream.write('%10s %24s %16s %s\n' % ( - config_name, config_value.value, config_value.config_type, - config_value.config_variable)) + self._stream.write( + f'{config_name:<10} : ' + f'{config_value.value:<24} : ' + f'{str(config_value.config_type):<16} : ' + f'{str(config_value.config_variable)}\n' + ) def _lookup_credentials(self): # First try it with _lookup_config. It's possible @@ -105,10 +106,12 @@ class ConfigureListCommand(BasicCommand) # visible from botocore.credentials. I think # the credentials.method is sufficient to show # where the credentials are coming from. - access_key = ConfigValue(credentials.access_key, - credentials.method, '') - secret_key = ConfigValue(credentials.secret_key, - credentials.method, '') + access_key = ConfigValue( + credentials.access_key, credentials.method, '' + ) + secret_key = ConfigValue( + credentials.secret_key, credentials.method, '' + ) access_key.mask_value() secret_key.mask_value() return access_key, secret_key @@ -135,14 +138,17 @@ class ConfigureListCommand(BasicCommand) # First try to look up the variable in the env. value = self._session.get_config_variable(name, methods=('env',)) if value is not None: - return ConfigValue(value, 'env', - self._session.session_var_map[name][1]) + return ConfigValue( + value, 'env', self._session.session_var_map[name][1] + ) # Then try to look up the variable in the config file. value = self._session.get_config_variable(name, methods=('config',)) if value is not None: return ConfigValue( - value, 'config-file', - self._session.get_config_variable('config_file')) + value, + 'config-file', + self._session.get_config_variable('config_file'), + ) def _lookup_config(self, name): val = self._lookup_in_env_and_config(name) diff -pruN 2.23.6-1/awscli/customizations/configure/listprofiles.py 2.31.35-1/awscli/customizations/configure/listprofiles.py --- 2.23.6-1/awscli/customizations/configure/listprofiles.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/listprofiles.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,12 +18,8 @@ from awscli.customizations.utils import class ListProfilesCommand(BasicCommand): NAME = 'list-profiles' - DESCRIPTION = ( - 'List the profiles available to the AWS CLI.' - ) - EXAMPLES = ( - 'aws configure list-profiles\n\n' - ) + DESCRIPTION = 'List the profiles available to the AWS CLI.' + EXAMPLES = 'aws configure list-profiles\n\n' def __init__(self, session, out_stream=None): super(ListProfilesCommand, self).__init__(session) diff -pruN 2.23.6-1/awscli/customizations/configure/mfalogin.py 2.31.35-1/awscli/customizations/configure/mfalogin.py --- 2.23.6-1/awscli/customizations/configure/mfalogin.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/mfalogin.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,280 @@ +# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +import logging +import os +import random +import string +import sys + +# Import botocore at module level to avoid repeated imports +import botocore.session +from botocore.exceptions import ClientError, ProfileNotFound + +from awscli.compat import compat_input +from awscli.customizations.commands import BasicCommand +from awscli.customizations.configure import profile_to_section +from awscli.customizations.configure.writer import ConfigFileWriter + +LOG = logging.getLogger(__name__) + + +class InteractiveMFAPrompter: + """Handles interactive prompting for MFA login.""" + + def get_value(self, current_value, prompt_text=''): + """Prompt for a value, showing the current value as a default.""" + response = compat_input(f"{prompt_text} [{current_value}]: ") + if not response: + # If the user hits enter, return the current value + return current_value + return response + + def get_credential_value(self, current_value, config_name, prompt_text=''): + """Prompt for credential values with masking for sensitive data.""" + response = compat_input(f"{prompt_text}: ") + if not response: + return None + return response + + +class ConfigureMFALoginCommand(BasicCommand): + """Configures MFA login for AWS CLI by creating temporary credentials.""" + + NAME = 'mfa-login' + DESCRIPTION = BasicCommand.FROM_FILE( + 'configure', 'mfa-login', '_description.rst' + ) + SYNOPSIS = ( + 'aws configure mfa-login [--profile profile-name] ' + '[--update-profile profile-to-update] [--duration-seconds seconds] ' + '[--serial-number mfa-serial-number]' + ) + EXAMPLES = BasicCommand.FROM_FILE('configure', 'mfa-login', '_examples.rst') + ARG_TABLE = [ + { + 'name': 'update-profile', + 'help_text': ( + 'The profile to update with temporary credentials. ' + 'If not provided, a default name will be generated.' + ), + 'action': 'store', + 'required': False, + 'cli_type_name': 'string', + }, + { + 'name': 'duration-seconds', + 'help_text': ( + 'The duration, in seconds, that the credentials should remain valid. ' + 'Minimum is 900 seconds (15 minutes), maximum is 129600 seconds (36 hours).' + ), + 'action': 'store', + 'required': False, + 'cli_type_name': 'integer', + 'default': 43200, + }, + { + 'name': 'serial-number', + 'help_text': ( + 'The ARN or serial number of the MFA device associated with the IAM user. ' + 'If not provided, will use the mfa_serial from the profile configuration.' + ), + 'action': 'store', + 'required': False, + 'cli_type_name': 'string', + }, + ] + + # Values to prompt for during interactive setup + VALUES_TO_PROMPT = [ + ('aws_access_key_id', 'AWS Access Key ID'), + ('aws_secret_access_key', 'AWS Secret Access Key'), + ('mfa_serial', 'MFA serial number or ARN'), + ('mfa_token', 'MFA token code'), + ] + + def __init__(self, session, prompter=None, config_writer=None): + super().__init__(session) + if prompter is None: + prompter = InteractiveMFAPrompter() + self._prompter = prompter + if config_writer is None: + config_writer = ConfigFileWriter() + self._config_writer = config_writer + + def _generate_profile_name_from_mfa(self, mfa_serial): + """Generate a deterministic profile name from MFA serial/ARN.""" + if isinstance(mfa_serial, str) and mfa_serial.startswith('arn:aws:iam::'): + # Parse ARN: arn:aws:iam::123456789012:mfa/device-name + parts = mfa_serial.split(':') + account_id = parts[4] + device_name = parts[5].split('/')[-1] # Get device name after 'mfa/' + return f"{account_id}-{device_name}" + else: + # Assume it's just a serial number + return f"session-{mfa_serial}" + + def _get_target_profile(self, parsed_args, mfa_serial=None): + """Get or generate the target profile name.""" + target_profile = parsed_args.update_profile + if not target_profile: + if mfa_serial: + target_profile = self._generate_profile_name_from_mfa(mfa_serial) + else: + target_profile = "session-temp" + target_profile = self._prompter.get_value( + target_profile, 'Profile to update' + ) + return target_profile + + def _get_mfa_token(self): + """Prompt for MFA token code.""" + token_code = self._prompter.get_credential_value( + 'None', 'mfa_token', 'MFA token code' + ) + if not token_code: + sys.stderr.write("MFA token code is required\n") + return None + return token_code + + def _call_sts_get_session_token(self, sts_client, duration_seconds, mfa_serial, token_code): + """Call STS to get temporary credentials.""" + try: + response = sts_client.get_session_token( + DurationSeconds=duration_seconds, + SerialNumber=mfa_serial, + TokenCode=token_code, + ) + return response + except ClientError as e: + sys.stderr.write(f"An error occurred: {e}\n") + return None + + def _resolve_mfa_serial(self, parsed_args, source_config): + """Resolve MFA serial from args, config, or prompt.""" + mfa_serial = parsed_args.serial_number or source_config.get('mfa_serial') + if not mfa_serial: + mfa_serial = self._prompter.get_credential_value( + 'None', 'mfa_serial', 'MFA serial number or ARN' + ) + if not mfa_serial: + sys.stderr.write("MFA serial number or MFA device ARN is required\n") + return None + return mfa_serial + + def _write_temporary_credentials(self, temp_credentials, target_profile): + """Write temporary credentials to the credentials file.""" + credentials_file = os.path.expanduser(self._session.get_config_variable('credentials_file')) + + credential_values = { + '__section__': target_profile, + 'aws_access_key_id': temp_credentials['AccessKeyId'], + 'aws_secret_access_key': temp_credentials['SecretAccessKey'], + 'aws_session_token': temp_credentials['SessionToken'], + } + + try: + expiration_time = temp_credentials['Expiration'].strftime( + '%Y-%m-%d %H:%M:%S UTC' + ) + except AttributeError: + expiration_time = str(temp_credentials['Expiration']) + + self._config_writer.update_config(credential_values, credentials_file) + + sys.stdout.write( + f"Temporary credentials written to profile '{target_profile}'\n" + ) + sys.stdout.write(f"Credentials will expire at {expiration_time}\n") + sys.stdout.write( + f"To use these credentials, specify --profile {target_profile} when running AWS CLI commands\n" + ) + return 0 + + def _run_main(self, parsed_args, parsed_globals): + duration_seconds = parsed_args.duration_seconds + + # Use the CLI session directly + credentials = self._session.get_credentials() + if credentials is None: + return self._handle_interactive_prompting(parsed_args, duration_seconds) + + source_config = self._session.get_scoped_config() + + # Resolve MFA serial number + mfa_serial = self._resolve_mfa_serial(parsed_args, source_config) + if not mfa_serial: + return 1 + + # Get MFA token code + token_code = self._get_mfa_token() + if not token_code: + return 1 + + # Get the target profile name + target_profile = self._get_target_profile(parsed_args, mfa_serial) + + # Call STS to get temporary credentials + sts_client = self._session.create_client('sts') + response = self._call_sts_get_session_token( + sts_client, duration_seconds, mfa_serial, token_code + ) + if not response: + return 1 + + # Write credentials and return + return self._write_temporary_credentials( + response['Credentials'], target_profile + ) + + def _handle_interactive_prompting(self, parsed_args, duration_seconds): + """Handle the case where no default profile exists, and there is no profile explicitly named as a configuration source""" + sys.stdout.write( + "Please provide your AWS credentials:\n" + ) + + values = {} + for config_name, prompt_text in self.VALUES_TO_PROMPT: + if config_name == 'mfa_serial' and parsed_args.serial_number: + values[config_name] = parsed_args.serial_number + continue + + value = self._prompter.get_credential_value( + 'None', config_name, prompt_text + ) + if not value or value == 'None': + sys.stderr.write(f"{prompt_text} is required\n") + return 1 + values[config_name] = value + + # Get the target profile name + target_profile = self._get_target_profile(parsed_args, values['mfa_serial']) + + # Create STS client with the provided credentials + session = botocore.session.Session() + sts_client = session.create_client( + 'sts', + aws_access_key_id=values['aws_access_key_id'], + aws_secret_access_key=values['aws_secret_access_key'], + ) + + # Call STS to get temporary credentials + response = self._call_sts_get_session_token( + sts_client, duration_seconds, values['mfa_serial'], values['mfa_token'] + ) + if not response: + return 1 + + # Write credentials and return + return self._write_temporary_credentials( + response['Credentials'], target_profile + ) \ No newline at end of file diff -pruN 2.23.6-1/awscli/customizations/configure/set.py 2.31.35-1/awscli/customizations/configure/set.py --- 2.23.6-1/awscli/customizations/configure/set.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/set.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,25 +20,35 @@ from . import PREDEFINED_SECTION_NAMES, class ConfigureSetCommand(BasicCommand): NAME = 'set' - DESCRIPTION = BasicCommand.FROM_FILE('configure', 'set', - '_description.rst') + DESCRIPTION = BasicCommand.FROM_FILE( + 'configure', 'set', '_description.rst' + ) SYNOPSIS = 'aws configure set varname value [--profile profile-name]' EXAMPLES = BasicCommand.FROM_FILE('configure', 'set', '_examples.rst') ARG_TABLE = [ - {'name': 'varname', - 'help_text': 'The name of the config value to set.', - 'action': 'store', - 'cli_type_name': 'string', 'positional_arg': True}, - {'name': 'value', - 'help_text': 'The value to set.', - 'action': 'store', - 'no_paramfile': True, # To disable the default paramfile behavior - 'cli_type_name': 'string', 'positional_arg': True}, + { + 'name': 'varname', + 'help_text': 'The name of the config value to set.', + 'action': 'store', + 'cli_type_name': 'string', + 'positional_arg': True, + }, + { + 'name': 'value', + 'help_text': 'The value to set.', + 'action': 'store', + 'no_paramfile': True, # To disable the default paramfile behavior + 'cli_type_name': 'string', + 'positional_arg': True, + }, ] # Any variables specified in this list will be written to # the ~/.aws/credentials file instead of ~/.aws/config. - _WRITE_TO_CREDS_FILE = ['aws_access_key_id', 'aws_secret_access_key', - 'aws_session_token'] + _WRITE_TO_CREDS_FILE = [ + 'aws_access_key_id', + 'aws_secret_access_key', + 'aws_session_token', + ] def __init__(self, session, config_writer=None): super(ConfigureSetCommand, self).__init__(session) diff -pruN 2.23.6-1/awscli/customizations/configure/sso.py 2.31.35-1/awscli/customizations/configure/sso.py --- 2.23.6-1/awscli/customizations/configure/sso.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/sso.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,8 +13,8 @@ import collections import itertools import json -import os import logging +import os import re import colorama @@ -23,28 +23,29 @@ from botocore.config import Config from botocore.configprovider import ConstantProvider from botocore.exceptions import ProfileNotFound from botocore.utils import is_valid_endpoint_url - from prompt_toolkit import prompt as ptk_prompt from prompt_toolkit.application import get_app from prompt_toolkit.completion import WordCompleter from prompt_toolkit.formatted_text import FormattedText from prompt_toolkit.styles import Style -from prompt_toolkit.validation import Validator -from prompt_toolkit.validation import ValidationError +from prompt_toolkit.validation import ValidationError, Validator -from awscli.customizations.utils import uni_print from awscli.customizations.configure import ( - profile_to_section, get_section_header, + get_section_header, + profile_to_section, ) from awscli.customizations.configure.writer import ConfigFileWriter -from awscli.customizations.wizard.ui.selectmenu import select_menu from awscli.customizations.sso.utils import ( - do_sso_login, parse_sso_registration_scopes, PrintOnlyHandler, LOGIN_ARGS, + LOGIN_ARGS, BaseSSOCommand, + PrintOnlyHandler, + do_sso_login, + parse_sso_registration_scopes, ) +from awscli.customizations.utils import uni_print +from awscli.customizations.wizard.ui.selectmenu import select_menu from awscli.formatter import CLI_OUTPUT_FORMATS - logger = logging.getLogger(__name__) _CMD_PROMPT_USAGE = ( @@ -95,7 +96,8 @@ class ScopesValidator(ValidatorWithDefau return if not self._is_comma_separated_list(document.text): self._raise_validation_error( - document, 'Scope values must be separated by commas') + document, 'Scope values must be separated by commas' + ) def _is_comma_separated_list(self, value): scopes = value.split(',') @@ -105,7 +107,7 @@ class ScopesValidator(ValidatorWithDefau return True -class PTKPrompt(object): +class PTKPrompt: _DEFAULT_PROMPT_FORMAT = '{prompt_text} [{current_value}]: ' def __init__(self, prompter=None): @@ -118,21 +120,26 @@ class PTKPrompt(object): completions = [] completer_kwargs = { 'words': completions, - 'pattern': re.compile(r'\S+') + 'pattern': re.compile(r'\S+'), } if isinstance(completions, dict): completer_kwargs['meta_dict'] = completions completer_kwargs['words'] = list(completions.keys()) return WordCompleter(**completer_kwargs) - def get_value(self, current_value, prompt_text='', - completions=None, validator=None, toolbar=None, - prompt_fmt=None): + def get_value( + self, + current_value, + prompt_text='', + completions=None, + validator=None, + toolbar=None, + prompt_fmt=None, + ): if prompt_fmt is None: prompt_fmt = self._DEFAULT_PROMPT_FORMAT prompt_string = prompt_fmt.format( - prompt_text=prompt_text, - current_value=current_value + prompt_text=prompt_text, current_value=current_value ) prompter_kwargs = { 'validator': validator, @@ -192,7 +199,8 @@ class SSOSessionConfigurationPrompter: self._botocore_session = botocore_session self._prompter = prompter self._sso_sessions = self._botocore_session.full_config.get( - 'sso_sessions', {}) + 'sso_sessions', {} + ) self._sso_session = None self.sso_session_config = {} @@ -204,7 +212,8 @@ class SSOSessionConfigurationPrompter: def sso_session(self, value): self._sso_session = value self.sso_session_config = self._sso_sessions.get( - self._sso_session, {}).copy() + self._sso_session, {} + ).copy() def prompt_for_sso_session(self, required=True): prompt_text = 'SSO session name' @@ -217,7 +226,8 @@ class SSOSessionConfigurationPrompter: if not required: prompt_fmt = f'{prompt_text} (Recommended): ' sso_session = self._prompt_for( - 'sso_session', prompt_text, + 'sso_session', + prompt_text, completions=sorted(self._sso_sessions), toolbar=self._get_sso_session_toolbar, validator_cls=validator_cls, @@ -229,43 +239,55 @@ class SSOSessionConfigurationPrompter: def prompt_for_sso_start_url(self): return self._prompt_for( - 'sso_start_url', 'SSO start URL', + 'sso_start_url', + 'SSO start URL', completions=self._get_potential_start_urls(), validator_cls=StartUrlValidator, ) def prompt_for_sso_region(self): return self._prompt_for( - 'sso_region', 'SSO region', + 'sso_region', + 'SSO region', completions=self._get_potential_sso_regions(), validator_cls=RequiredInputValidator, ) def prompt_for_sso_registration_scopes(self): if 'sso_registration_scopes' not in self.sso_session_config: - self.sso_session_config['sso_registration_scopes'] = \ + self.sso_session_config['sso_registration_scopes'] = ( self._DEFAULT_SSO_SCOPE + ) raw_scopes = self._prompt_for( - 'sso_registration_scopes', 'SSO registration scopes', + 'sso_registration_scopes', + 'SSO registration scopes', completions=self._get_potential_sso_registrations_scopes(), validator_cls=ScopesValidator, ) return parse_sso_registration_scopes(raw_scopes) - def _prompt_for(self, config_name, text, - completions=None, validator_cls=None, - toolbar=None, prompt_fmt=None, current_value=None): + def _prompt_for( + self, + config_name, + text, + completions=None, + validator_cls=None, + toolbar=None, + prompt_fmt=None, + current_value=None, + ): if current_value is None: current_value = self.sso_session_config.get(config_name) validator = None if validator_cls: validator = validator_cls(current_value) value = self._prompter.get_value( - current_value, text, + current_value, + text, completions=completions, validator=validator, toolbar=toolbar, - prompt_fmt=prompt_fmt + prompt_fmt=prompt_fmt, ) if value: self.sso_session_config[config_name] = value @@ -275,12 +297,17 @@ class SSOSessionConfigurationPrompter: current_input = get_app().current_buffer.document.text if current_input in self._sso_sessions: selected_sso_config = self._sso_sessions[current_input] - return FormattedText([ - ('', self._get_toolbar_border()), - ('', '\n'), - ('bold', f'Configuration for SSO session: {current_input}\n\n'), - ('', json.dumps(selected_sso_config, indent=2)), - ]) + return FormattedText( + [ + ('', self._get_toolbar_border()), + ('', '\n'), + ( + 'bold', + f'Configuration for SSO session: {current_input}\n\n', + ), + ('', json.dumps(selected_sso_config, indent=2)), + ] + ) def _get_toolbar_border(self): horizontal_line_char = '\u2500' @@ -289,8 +316,7 @@ class SSOSessionConfigurationPrompter: def _get_potential_start_urls(self): profiles = self._botocore_session.full_config.get('profiles', {}) configs_to_search = itertools.chain( - profiles.values(), - self._sso_sessions.values() + profiles.values(), self._sso_sessions.values() ) potential_start_urls = set() for config_to_search in configs_to_search: @@ -335,14 +361,16 @@ class BaseSSOConfigurationCommand(BaseSS self._config_writer = config_writer self._sso_sessions = self._session.full_config.get('sso_sessions', {}) self._sso_session_prompter = SSOSessionConfigurationPrompter( - botocore_session=session, prompter=self._prompter, + botocore_session=session, + prompter=self._prompter, ) def _write_sso_configuration(self): self._update_section( section_header=get_section_header( - 'sso-session', self._sso_session_prompter.sso_session), - new_values=self._sso_session_prompter.sso_session_config + 'sso-session', self._sso_session_prompter.sso_session + ), + new_values=self._sso_session_prompter.sso_session_config, ) def _update_section(self, section_header, new_values): @@ -354,7 +382,7 @@ class BaseSSOConfigurationCommand(BaseSS class ConfigureSSOCommand(BaseSSOConfigurationCommand): NAME = 'sso' - SYNOPSIS = ('aws configure sso [--profile profile-name]') + SYNOPSIS = 'aws configure sso [--profile profile-name]' DESCRIPTION = ( 'The ``aws configure sso`` command interactively prompts for the ' 'configuration values required to create a profile that sources ' @@ -368,10 +396,18 @@ class ConfigureSSOCommand(BaseSSOConfigu # TODO: Add CLI parameters to skip prompted values, --start-url, etc. ARG_TABLE = LOGIN_ARGS - def __init__(self, session, prompter=None, selector=None, - config_writer=None, sso_token_cache=None, sso_login=None): + def __init__( + self, + session, + prompter=None, + selector=None, + config_writer=None, + sso_token_cache=None, + sso_login=None, + ): super(ConfigureSSOCommand, self).__init__( - session, prompter=prompter, config_writer=config_writer) + session, prompter=prompter, config_writer=config_writer + ) if selector is None: selector = select_menu self._selector = selector @@ -390,14 +426,13 @@ class ConfigureSSOCommand(BaseSSOConfigu def _set_sso_session_if_configured_in_profile(self): if 'sso_session' in self._profile_config: - self._sso_session_prompter.sso_session = \ - self._profile_config['sso_session'] + self._sso_session_prompter.sso_session = self._profile_config[ + 'sso_session' + ] def _handle_single_account(self, accounts): sso_account_id = accounts[0]['accountId'] - single_account_msg = ( - 'The only AWS account available to you is: {}\n' - ) + single_account_msg = 'The only AWS account available to you is: {}\n' uni_print(single_account_msg.format(sso_account_id)) return sso_account_id @@ -407,7 +442,8 @@ class ConfigureSSOCommand(BaseSSOConfigu ) uni_print(available_accounts_msg.format(len(accounts))) selected_account = self._selector( - accounts, display_format=display_account) + accounts, display_format=display_account + ) sso_account_id = selected_account['accountId'] return sso_account_id @@ -424,7 +460,7 @@ class ConfigureSSOCommand(BaseSSOConfigu sso_account_id = self._handle_single_account(accounts) else: sso_account_id = self._handle_multiple_accounts(accounts) - uni_print('Using the account ID {}\n'.format(sso_account_id)) + uni_print(f'Using the account ID {sso_account_id}\n') self._new_profile_config_values['sso_account_id'] = sso_account_id return sso_account_id @@ -444,8 +480,7 @@ class ConfigureSSOCommand(BaseSSOConfigu def _get_all_roles(self, sso, sso_token, sso_account_id): paginator = sso.get_paginator('list_account_roles') results = paginator.paginate( - accountId=sso_account_id, - accessToken=sso_token['accessToken'] + accountId=sso_account_id, accessToken=sso_token['accessToken'] ) return results.build_full_result() @@ -458,7 +493,7 @@ class ConfigureSSOCommand(BaseSSOConfigu sso_role_name = self._handle_single_role(roles) else: sso_role_name = self._handle_multiple_roles(roles) - uni_print('Using the role name "{}"\n'.format(sso_role_name)) + uni_print(f'Using the role name "{sso_role_name}"\n') self._new_profile_config_values['sso_role_name'] = sso_role_name return sso_role_name @@ -466,30 +501,35 @@ class ConfigureSSOCommand(BaseSSOConfigu if self._original_profile_name: profile_name = self._original_profile_name else: - text = 'CLI profile name' + text = 'Profile name' default_profile = None if sso_account_id and sso_role_name: default_profile = f'{sso_role_name}-{sso_account_id}' validator = RequiredInputValidator(default_profile) profile_name = self._prompter.get_value( - default_profile, text, validator=validator) + default_profile, text, validator=validator + ) return profile_name def _prompt_for_cli_default_region(self): # TODO: figure out a way to get a list of reasonable client regions return self._prompt_for_profile_config( - 'region', 'CLI default client Region') + 'region', 'Default client Region' + ) def _prompt_for_cli_output_format(self): return self._prompt_for_profile_config( - 'output', 'CLI default output format', + 'output', + 'CLI default output format (json if not specified)', completions=list(CLI_OUTPUT_FORMATS.keys()), ) def _prompt_for_profile_config(self, config_name, text, completions=None): current_value = self._profile_config.get(config_name) + new_value = self._prompter.get_value( - current_value, text, + current_value, + text, completions=completions, ) if new_value: @@ -519,7 +559,7 @@ class ConfigureSSOCommand(BaseSSOConfigu token_cache=self._sso_token_cache, on_pending_authorization=on_pending_authorization, use_device_code=parsed_args.use_device_code, - **sso_registration_args + **sso_registration_args, ) # Construct an SSO client to explore the accounts / roles @@ -546,7 +586,8 @@ class ConfigureSSOCommand(BaseSSOConfigu def _prompt_for_sso_registration_args(self): sso_session = self._sso_session_prompter.prompt_for_sso_session( - required=False) + required=False + ) if sso_session is None: self._warn_configuring_using_legacy_format() return self._prompt_for_registration_args_with_legacy_format() @@ -554,7 +595,8 @@ class ConfigureSSOCommand(BaseSSOConfigu self._set_sso_session_in_profile_config(sso_session) if sso_session in self._sso_sessions: return self._get_sso_registration_args_from_sso_config( - sso_session) + sso_session + ) else: return self._prompt_for_registration_args_for_new_sso_session( sso_session=sso_session @@ -564,10 +606,7 @@ class ConfigureSSOCommand(BaseSSOConfigu self._store_sso_session_prompter_answers_to_profile_config() self._set_sso_session_defaults_from_profile_config() start_url, sso_region = self._prompt_for_sso_start_url_and_sso_region() - return { - 'start_url': start_url, - 'sso_region': sso_region - } + return {'start_url': start_url, 'sso_region': sso_region} def _get_sso_registration_args_from_sso_config(self, sso_session): sso_config = self._get_sso_session_config(sso_session) @@ -575,13 +614,15 @@ class ConfigureSSOCommand(BaseSSOConfigu 'session_name': sso_session, 'start_url': sso_config['sso_start_url'], 'sso_region': sso_config['sso_region'], - 'registration_scopes': sso_config.get('registration_scopes') + 'registration_scopes': sso_config.get('registration_scopes'), } def _prompt_for_registration_args_for_new_sso_session(self, sso_session): self._set_sso_session_defaults_from_profile_config() start_url, sso_region = self._prompt_for_sso_start_url_and_sso_region() - scopes = self._sso_session_prompter.prompt_for_sso_registration_scopes() + scopes = ( + self._sso_session_prompter.prompt_for_sso_registration_scopes() + ) return { 'session_name': sso_session, 'start_url': start_url, @@ -591,14 +632,15 @@ class ConfigureSSOCommand(BaseSSOConfigu # using any cached tokens from any previous of attempts to # create/authenticate a new SSO session as part of the configure # sso flow. - 'force_refresh': True + 'force_refresh': True, } def _store_sso_session_prompter_answers_to_profile_config(self): # Wire the SSO session prompter to set config values to the # dictionary used for writing to the profile section - self._sso_session_prompter.sso_session_config = \ + self._sso_session_prompter.sso_session_config = ( self._new_profile_config_values + ) def _set_sso_session_in_profile_config(self, sso_session): self._new_profile_config_values['sso_session'] = sso_session @@ -608,11 +650,13 @@ class ConfigureSSOCommand(BaseSSOConfigu # SSO configuration as part of the prompt if a profile was explicitly # provided that already had SSO configuration if 'sso_start_url' in self._profile_config: - self._sso_session_prompter.sso_session_config['sso_start_url'] = \ + self._sso_session_prompter.sso_session_config['sso_start_url'] = ( self._profile_config['sso_start_url'] + ) if 'sso_region' in self._profile_config: - self._sso_session_prompter.sso_session_config['sso_region'] = \ + self._sso_session_prompter.sso_session_config['sso_region'] = ( self._profile_config['sso_region'] + ) def _prompt_for_sso_start_url_and_sso_region(self): start_url = self._sso_session_prompter.prompt_for_sso_start_url() @@ -633,8 +677,9 @@ class ConfigureSSOCommand(BaseSSOConfigu try: sso_account_id = self._prompt_for_account(sso, sso_token) sso_role_name = self._prompt_for_role( - sso, sso_token, sso_account_id) - except sso.exceptions.UnauthorizedException as e: + sso, sso_token, sso_account_id + ) + except sso.exceptions.UnauthorizedException: uni_print( 'Unable to list AWS accounts and/or roles. ' 'Skipping configuring AWS credential provider for profile.\n' @@ -645,17 +690,25 @@ class ConfigureSSOCommand(BaseSSOConfigu if self._new_profile_config_values: profile_section = profile_to_section(profile) self._update_section( - profile_section, self._new_profile_config_values) + profile_section, self._new_profile_config_values + ) if self._sso_session_prompter.sso_session: self._write_sso_configuration() def _print_conclusion(self, configured_for_aws_credentials, profile_name): if configured_for_aws_credentials: - msg = ( - '\nTo use this profile, specify the profile name using ' - '--profile, as shown:\n\n' - 'aws s3 ls --profile {}\n' - ) + if profile_name.lower() == 'default': + msg = ( + 'The AWS CLI is now configured to use the default profile.\n' + 'Run the following command to verify your configuration:\n\n' + 'aws sts get-caller-identity\n' + ) + else: + msg = ( + 'To use this profile, specify the profile name using ' + '--profile, as shown:\n\n' + 'aws sts get-caller-identity --profile {}\n' + ) else: msg = 'Successfully configured SSO for profile: {}\n' uni_print(msg.format(profile_name)) @@ -663,7 +716,7 @@ class ConfigureSSOCommand(BaseSSOConfigu class ConfigureSSOSessionCommand(BaseSSOConfigurationCommand): NAME = 'sso-session' - SYNOPSIS = ('aws configure sso-session') + SYNOPSIS = 'aws configure sso-session' DESCRIPTION = ( 'The ``aws configure sso-session`` command interactively prompts for ' 'the configuration values required to create a SSO session. ' diff -pruN 2.23.6-1/awscli/customizations/configure/writer.py 2.31.35-1/awscli/customizations/configure/writer.py --- 2.23.6-1/awscli/customizations/configure/writer.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/configure/writer.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,13 +16,13 @@ import re from . import SectionNotFoundError -class ConfigFileWriter(object): +class ConfigFileWriter: SECTION_REGEX = re.compile(r'^\s*\[(?P
        [^]]+)\]') OPTION_REGEX = re.compile( r'(?P
      ' - ) + ), } PROJECTION_EXPRESSION = { - 'name': 'projection', 'nargs': '+', + 'name': 'projection', + 'nargs': '+', 'help_text': ( '

      A string that identifies one or more attributes to retrieve from ' 'the specified table or index. These attributes can include scalars, ' @@ -71,11 +73,12 @@ PROJECTION_EXPRESSION = { '

      For CLI specific syntax see ' 'aws help ddb-expressions

      ' - ) + ), } FILTER_EXPRESSION = { - 'name': 'filter', 'nargs': '+', + 'name': 'filter', + 'nargs': '+', 'help_text': ( '

      A string that contains conditions that DynamoDB applies after the ' 'operation, but before the data is returned to you. Items that do ' @@ -90,11 +93,12 @@ FILTER_EXPRESSION = { '

      For CLI specific syntax see ' 'aws help ddb-expressions

      ' - ) + ), } CONDITION_EXPRESSION = { - 'name': 'condition', 'nargs': '+', + 'name': 'condition', + 'nargs': '+', 'help_text': ( '

      A condition that must be satisfied in order for a conditional ' 'put operation to succeed.

      ' @@ -106,11 +110,12 @@ CONDITION_EXPRESSION = { '

      For CLI specific syntax see ' 'aws help ddb-expressions

      ' - ) + ), } KEY_CONDITION_EXPRESSION = { - 'name': 'key-condition', 'nargs': '+', + 'name': 'key-condition', + 'nargs': '+', 'help_text': ( '

      The condition that specifies the key value(s) for items to be ' 'retrieved. Must perform an equality test on a single partition key ' @@ -152,7 +157,7 @@ KEY_CONDITION_EXPRESSION = { '

      For CLI specific syntax see ' 'aws help ddb-expressions

      ' - ) + ), } ITEMS = { @@ -161,12 +166,15 @@ ITEMS = { 'synopsis': '', 'help_text': ( '

      One or more items to put into the table, in YAML format.

      ' - ) + ), } CONSISTENT_READ = { - 'name': 'consistent-read', 'action': 'store_true', 'default': True, - 'group_name': 'consistent_read', 'dest': 'consistent_read', + 'name': 'consistent-read', + 'action': 'store_true', + 'default': True, + 'group_name': 'consistent_read', + 'dest': 'consistent_read', 'help_text': ( '

      Determines the read consistency model: If set to ' '--consistent-read, then the operation uses strongly ' @@ -175,29 +183,36 @@ CONSISTENT_READ = { 'global secondary indexes. If you query a global secondary index ' 'with --consistent-read, you will receive a ' 'ValidationException.

      ' - ) + ), } NO_CONSISTENT_READ = { - 'name': 'no-consistent-read', 'action': 'store_false', 'default': True, - 'group_name': 'consistent_read', 'dest': 'consistent_read', + 'name': 'no-consistent-read', + 'action': 'store_false', + 'default': True, + 'group_name': 'consistent_read', + 'dest': 'consistent_read', } RETURN_CONSUMED_CAPACITY = { - 'name': 'return-consumed-capacity', 'action': 'store_true', - 'default': False, 'group_name': 'return_consumed_capacity', + 'name': 'return-consumed-capacity', + 'action': 'store_true', + 'default': False, + 'group_name': 'return_consumed_capacity', 'dest': 'return_consumed_capacity', 'help_text': ( '

      Will include the aggregate ConsumedCapacity for the ' 'operation. If --index-name is also specified, ' 'then the ConsumedCapacity for each table and secondary ' 'index that was accessed will be returned.

      ' - ) + ), } NO_RETURN_CONSUMED_CAPACITY = { - 'name': 'no-return-consumed-capacity', 'action': 'store_false', - 'default': False, 'group_name': 'return_consumed_capacity', + 'name': 'no-return-consumed-capacity', + 'action': 'store_false', + 'default': False, + 'group_name': 'return_consumed_capacity', 'dest': 'return_consumed_capacity', } diff -pruN 2.23.6-1/awscli/customizations/dynamodb/parser.py 2.31.35-1/awscli/customizations/dynamodb/parser.py --- 2.23.6-1/awscli/customizations/dynamodb/parser.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/dynamodb/parser.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,16 +13,18 @@ from decimal import Decimal import awscli.customizations.dynamodb.ast as ast + from .exceptions import ( - EmptyExpressionError, UnexpectedTokenError, UnknownExpressionError, + EmptyExpressionError, InvalidLiteralValueError, + UnexpectedTokenError, + UnknownExpressionError, ) - from .lexer import Lexer from .types import Binary -class Parser(object): +class Parser: COMPARATORS = ['eq', 'ne', 'lt', 'lte', 'gt', 'gte'] def __init__(self, lexer=None): @@ -57,7 +59,9 @@ class Parser(object): expression = self._parse_simple_expression() identifier_types = [ - 'identifier', 'path_identifier', 'index_identifier' + 'identifier', + 'path_identifier', + 'index_identifier', ] if expression['type'] in identifier_types and self._match('comma'): self._advance() @@ -104,8 +108,11 @@ class Parser(object): return self._parse_function() operand_types = [ - 'literal', 'identifier', 'unquoted_identifier', - 'lbracket', 'lbrace', + 'literal', + 'identifier', + 'unquoted_identifier', + 'lbracket', + 'lbrace', ] if not self._match(operand_types): raise UnknownExpressionError( @@ -174,7 +181,10 @@ class Parser(object): token=self._current, expression=self._expression, expected_type=[ - 'literal', 'lbracket', 'lbrace', 'identifier', + 'literal', + 'lbracket', + 'lbrace', + 'identifier', 'unquoted_identiifer', ], ) @@ -291,7 +301,7 @@ class Parser(object): expression=self._expression, message=( 'Keys must be of type `str`, found `%s`' % type(key) - ) + ), ) self._advance_if_match('literal') self._advance_if_match('colon') diff -pruN 2.23.6-1/awscli/customizations/dynamodb/subcommands.py 2.31.35-1/awscli/customizations/dynamodb/subcommands.py --- 2.23.6-1/awscli/customizations/dynamodb/subcommands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/dynamodb/subcommands.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,26 +10,28 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from base64 import b64decode -from decimal import Decimal import logging import sys +from base64 import b64decode +from decimal import Decimal from ruamel.yaml import YAML -from awscli.formatter import YAMLFormatter -from awscli.utils import OutputStreamFactory import awscli.customizations.dynamodb.params as parameters from awscli.customizations.commands import BasicCommand, CustomArgument from awscli.customizations.dynamodb.extractor import AttributeExtractor +from awscli.customizations.dynamodb.formatter import DynamoYAMLDumper from awscli.customizations.dynamodb.transform import ( - ParameterTransformer, TypeSerializer, TypeDeserializer + ParameterTransformer, + TypeDeserializer, + TypeSerializer, ) -from awscli.customizations.dynamodb.formatter import DynamoYAMLDumper -from awscli.customizations.paginate import ensure_paging_params_not_set from awscli.customizations.exceptions import ParamValidationError -from .types import Binary +from awscli.customizations.paginate import ensure_paging_params_not_set +from awscli.formatter import YAMLFormatter +from awscli.utils import OutputStreamFactory +from .types import Binary LOGGER = logging.getLogger(__name__) @@ -39,9 +41,10 @@ class DDBCommand(BasicCommand): factory = self._session.get_component('response_parser_factory') factory.set_parser_defaults(blob_parser=None) self._client = self._session.create_client( - 'dynamodb', region_name=parsed_globals.region, + 'dynamodb', + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) self._transformer = ParameterTransformer() self._serializer = TypeSerializer() @@ -55,8 +58,10 @@ class DDBCommand(BasicCommand): self._client.meta.method_to_api_mapping.get(operation_name) ) self._transformer.transform( - data, operation_model.input_shape, self._serializer.serialize, - 'AttributeValue' + data, + operation_model.input_shape, + self._serializer.serialize, + 'AttributeValue', ) def _deserialize(self, operation_name, data): @@ -65,12 +70,15 @@ class DDBCommand(BasicCommand): self._client.meta.method_to_api_mapping.get(operation_name) ) self._transformer.transform( - data, operation_model.output_shape, self._deserializer.deserialize, - 'AttributeValue' + data, + operation_model.output_shape, + self._deserializer.deserialize, + 'AttributeValue', ) - def _make_api_call(self, operation_name, client_args, - should_paginate=True): + def _make_api_call( + self, operation_name, client_args, should_paginate=True + ): self._serialize(operation_name, client_args) if self._client.can_paginate(operation_name) and should_paginate: @@ -78,8 +86,10 @@ class DDBCommand(BasicCommand): response = paginator.paginate(**client_args).build_full_result() else: response = getattr(self._client, operation_name)(**client_args) - if 'ConsumedCapacity' in response and \ - response['ConsumedCapacity'] is None: + if ( + 'ConsumedCapacity' in response + and response['ConsumedCapacity'] is None + ): del response['ConsumedCapacity'] self._deserialize(operation_name, response) return response @@ -98,11 +108,11 @@ class DDBCommand(BasicCommand): with self._output_stream_factory.get_output_stream() as stream: formatter(operation_name, data, stream) - def _add_expression_args(self, expression_name, expression, args, - substitution_count=0): + def _add_expression_args( + self, expression_name, expression, args, substitution_count=0 + ): result = self._extractor.extract( - ' '.join(expression), - substitution_count + ' '.join(expression), substitution_count ) args[expression_name] = result['expression'] @@ -121,7 +131,9 @@ class DDBCommand(BasicCommand): class PaginatedDDBCommand(DDBCommand): PAGING_ARGS = [ - parameters.STARTING_TOKEN, parameters.MAX_ITEMS, parameters.PAGE_SIZE + parameters.STARTING_TOKEN, + parameters.MAX_ITEMS, + parameters.PAGE_SIZE, ] def _build_arg_table(self): @@ -175,7 +187,10 @@ class SelectCommand(PaginatedDDBCommand) def _select(self, parsed_args, parsed_globals): output_type = parsed_globals.output - if output_type is not None and output_type not in self._SUPPORTED_OUTPUT_TYPES: + if ( + output_type is not None + and output_type not in self._SUPPORTED_OUTPUT_TYPES + ): raise ParamValidationError( f'{output_type} output format is not supported for ddb commands' ) @@ -201,27 +216,35 @@ class SelectCommand(PaginatedDDBCommand) def _get_client_args(self, parsed_args): client_args = super(SelectCommand, self)._get_client_args(parsed_args) - client_args.update({ - 'TableName': parsed_args.table_name, - 'ConsistentRead': parsed_args.consistent_read, - }) + client_args.update( + { + 'TableName': parsed_args.table_name, + 'ConsistentRead': parsed_args.consistent_read, + } + ) substitution_count = 0 if parsed_args.index_name is not None: client_args['IndexName'] = parsed_args.index_name if parsed_args.projection is not None: substitution_count = self._add_expression_args( - 'ProjectionExpression', parsed_args.projection, client_args, + 'ProjectionExpression', + parsed_args.projection, + client_args, substitution_count, ) if parsed_args.filter is not None: substitution_count += self._add_expression_args( - 'FilterExpression', parsed_args.filter, client_args, + 'FilterExpression', + parsed_args.filter, + client_args, substitution_count, ) if parsed_args.key_condition is not None: self._add_expression_args( - 'KeyConditionExpression', parsed_args.key_condition, - client_args, substitution_count, + 'KeyConditionExpression', + parsed_args.key_condition, + client_args, + substitution_count, ) if parsed_args.attributes is not None: select_map = { @@ -245,9 +268,7 @@ class SelectCommand(PaginatedDDBCommand) class PutCommand(DDBCommand): NAME = 'put' - DESCRIPTION = ( - '``put`` puts one or more items into a table.' - ) + DESCRIPTION = '``put`` puts one or more items into a table.' ARG_TABLE = [ parameters.TABLE_NAME, parameters.ITEMS, @@ -301,9 +322,7 @@ class PutCommand(DDBCommand): put_requests = [{'PutRequest': {'Item': i}} for i in items] while len(put_requests) > 0: batch_items = put_requests[:batch_size] - client_args['RequestItems'] = { - parsed_args.table_name: batch_items - } + client_args['RequestItems'] = {parsed_args.table_name: batch_items} result = self._make_api_call('batch_write_item', client_args) put_requests = put_requests[batch_size:] @@ -328,6 +347,8 @@ class PutCommand(DDBCommand): client_args = {'ReturnConsumedCapacity': 'NONE'} if parsed_args.condition is not None: self._add_expression_args( - 'ConditionExpression', parsed_args.condition, client_args, + 'ConditionExpression', + parsed_args.condition, + client_args, ) return client_args diff -pruN 2.23.6-1/awscli/customizations/dynamodb/transform.py 2.31.35-1/awscli/customizations/dynamodb/transform.py --- 2.23.6-1/awscli/customizations/dynamodb/transform.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/dynamodb/transform.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,11 +13,12 @@ from collections.abc import Mapping, MutableSequence from awscli.customizations.dynamodb.types import ( - TypeSerializer, TypeDeserializer + TypeDeserializer, + TypeSerializer, ) -class ParameterTransformer(object): +class ParameterTransformer: """Transforms the input to and output from botocore based on shape""" def transform(self, params, model, transformation, target_shape): @@ -30,18 +31,20 @@ class ParameterTransformer(object): :param target_shape: The name of the shape to apply the transformation to """ - self._transform_parameters( - model, params, transformation, target_shape) + self._transform_parameters(model, params, transformation, target_shape) - def _transform_parameters(self, model, params, transformation, - target_shape): + def _transform_parameters( + self, model, params, transformation, target_shape + ): type_name = model.type_name if type_name in ['structure', 'map', 'list']: getattr(self, '_transform_%s' % type_name)( - model, params, transformation, target_shape) + model, params, transformation, target_shape + ) - def _transform_structure(self, model, params, transformation, - target_shape): + def _transform_structure( + self, model, params, transformation, target_shape + ): if not isinstance(params, Mapping): return for param in params: @@ -52,8 +55,11 @@ class ParameterTransformer(object): params[param] = transformation(params[param]) else: self._transform_parameters( - member_model, params[param], transformation, - target_shape) + member_model, + params[param], + transformation, + target_shape, + ) def _transform_map(self, model, params, transformation, target_shape): if not isinstance(params, Mapping): @@ -65,7 +71,8 @@ class ParameterTransformer(object): params[key] = transformation(value) else: self._transform_parameters( - value_model, params[key], transformation, target_shape) + value_model, params[key], transformation, target_shape + ) def _transform_list(self, model, params, transformation, target_shape): if not isinstance(params, MutableSequence): @@ -77,4 +84,5 @@ class ParameterTransformer(object): params[i] = transformation(item) else: self._transform_parameters( - member_model, params[i], transformation, target_shape) + member_model, params[i], transformation, target_shape + ) diff -pruN 2.23.6-1/awscli/customizations/dynamodb/types.py 2.31.35-1/awscli/customizations/dynamodb/types.py --- 2.23.6-1/awscli/customizations/dynamodb/types.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/dynamodb/types.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,9 +11,15 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. from collections.abc import Mapping, Set -from decimal import Decimal, Context, Clamped -from decimal import Overflow, Inexact, Underflow, Rounded - +from decimal import ( + Clamped, + Context, + Decimal, + Inexact, + Overflow, + Rounded, + Underflow, +) STRING = 'S' NUMBER = 'N' @@ -28,24 +34,29 @@ LIST = 'L' DYNAMODB_CONTEXT = Context( - Emin=-128, Emax=126, prec=38, - traps=[Clamped, Overflow, Inexact, Rounded, Underflow] + Emin=-128, + Emax=126, + prec=38, + traps=[Clamped, Overflow, Inexact, Rounded, Underflow], ) BINARY_TYPES = (bytearray, bytes) -class Binary(object): +class Binary: """A class for representing Binary in dynamodb Especially for Python 2, use this class to explicitly specify binary data for item in DynamoDB. It is essentially a wrapper around binary. Unicode and Python 3 string types are not allowed. """ + def __init__(self, value): if not isinstance(value, BINARY_TYPES): - raise TypeError('Value must be of the following types: %s.' % - ', '.join([str(t) for t in BINARY_TYPES])) + raise TypeError( + 'Value must be of the following types: %s.' + % ', '.join([str(t) for t in BINARY_TYPES]) + ) self.value = value def __eq__(self, other): @@ -66,8 +77,9 @@ class Binary(object): return hash(self.value) -class TypeSerializer(object): +class TypeSerializer: """This class serializes Python data types to DynamoDB types.""" + def serialize(self, value): """The method to serialize the Python data types. :param value: A python value to be serialized to DynamoDB. Here are @@ -150,7 +162,8 @@ class TypeSerializer(object): return True elif isinstance(value, float): raise TypeError( - 'Float types are not supported. Use Decimal types instead.') + 'Float types are not supported. Use Decimal types instead.' + ) return False def _is_string(self, value): @@ -224,8 +237,9 @@ class TypeSerializer(object): return dict([(k, self.serialize(v)) for k, v in value.items()]) -class TypeDeserializer(object): +class TypeDeserializer: """This class deserializes DynamoDB types to Python types.""" + def deserialize(self, value): """The method to deserialize the DynamoDB data types. :param value: A DynamoDB value to be deserialized to a pythonic value. @@ -246,15 +260,19 @@ class TypeDeserializer(object): """ if not value: - raise TypeError('Value must be a nonempty dictionary whose key ' - 'is a valid dynamodb type.') + raise TypeError( + 'Value must be a nonempty dictionary whose key ' + 'is a valid dynamodb type.' + ) dynamodb_type = list(value.keys())[0] try: deserializer = getattr( - self, '_deserialize_%s' % dynamodb_type.lower()) + self, '_deserialize_%s' % dynamodb_type.lower() + ) except AttributeError: raise TypeError( - 'Dynamodb type %s is not supported' % dynamodb_type) + 'Dynamodb type %s is not supported' % dynamodb_type + ) return deserializer(value[dynamodb_type]) def _deserialize_null(self, value): diff -pruN 2.23.6-1/awscli/customizations/ec2/addcount.py 2.31.35-1/awscli/customizations/ec2/addcount.py --- 2.23.6-1/awscli/customizations/ec2/addcount.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/addcount.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,24 +16,28 @@ from botocore import model from awscli.arguments import BaseCLIArgument - logger = logging.getLogger(__name__) DEFAULT = 1 -HELP = """ +HELP = ( + """

      Number of instances to launch. If a single number is provided, it is assumed to be the minimum to launch (defaults to %d). If a range is provided in the form min:max then the first number is interpreted as the minimum number of instances to launch and the second -is interpreted as the maximum number of instances to launch.

      """ % DEFAULT +is interpreted as the maximum number of instances to launch.

      """ + % DEFAULT +) def register_count_events(event_handler): event_handler.register( - 'building-argument-table.ec2.run-instances', ec2_add_count) + 'building-argument-table.ec2.run-instances', ec2_add_count + ) event_handler.register( - 'before-parameter-build.ec2.RunInstances', set_default_count) + 'before-parameter-build.ec2.RunInstances', set_default_count + ) def ec2_add_count(argument_table, **kwargs): @@ -48,7 +52,6 @@ def set_default_count(params, **kwargs): class CountArgument(BaseCLIArgument): - def __init__(self, name): self.argument_model = model.Shape('CountArgument', {'type': 'string'}) self._name = name @@ -76,8 +79,11 @@ class CountArgument(BaseCLIArgument): def add_to_parser(self, parser): # We do NOT set default value here. It will be set later by event hook. - parser.add_argument(self.cli_name, metavar=self.py_name, - help='Number of instances to launch') + parser.add_argument( + self.cli_name, + metavar=self.py_name, + help='Number of instances to launch', + ) def add_to_params(self, parameters, value): if value is None: @@ -91,6 +97,8 @@ class CountArgument(BaseCLIArgument): parameters['MinCount'] = int(minstr) parameters['MaxCount'] = int(maxstr) except: - msg = ('count parameter should be of ' - 'form min[:max] (e.g. 1 or 1:10)') + msg = ( + 'count parameter should be of ' + 'form min[:max] (e.g. 1 or 1:10)' + ) raise ParamValidationError(msg) diff -pruN 2.23.6-1/awscli/customizations/ec2/bundleinstance.py 2.31.35-1/awscli/customizations/ec2/bundleinstance.py --- 2.23.6-1/awscli/customizations/ec2/bundleinstance.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/bundleinstance.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,11 +11,11 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import logging -from hashlib import sha1 -import hmac import base64 import datetime +import hmac +import logging +from hashlib import sha1 from awscli.arguments import CustomArgument from awscli.customizations.exceptions import ParamValidationError @@ -26,15 +26,18 @@ logger = logging.getLogger('ec2bundleins # bundle-instance operation: # --bucket: -BUCKET_DOCS = ('The bucket in which to store the AMI. ' - 'You can specify a bucket that you already own or ' - 'a new bucket that Amazon EC2 creates on your behalf. ' - 'If you specify a bucket that belongs to someone else, ' - 'Amazon EC2 returns an error.') +BUCKET_DOCS = ( + 'The bucket in which to store the AMI. ' + 'You can specify a bucket that you already own or ' + 'a new bucket that Amazon EC2 creates on your behalf. ' + 'If you specify a bucket that belongs to someone else, ' + 'Amazon EC2 returns an error.' +) # --prefix: -PREFIX_DOCS = ('The prefix for the image component names being stored ' - 'in Amazon S3.') +PREFIX_DOCS = ( + 'The prefix for the image component names being stored in Amazon S3.' +) # --owner-akid OWNER_AKID_DOCS = 'The access key ID of the owner of the Amazon S3 bucket.' @@ -53,13 +56,16 @@ POLICY_DOCS = ( "sections about policy construction and signatures in the " '' - 'Amazon Simple Storage Service Developer Guide.') + 'Amazon Simple Storage Service Developer Guide.' +) # --owner-sak -OWNER_SAK_DOCS = ('The AWS secret access key for the owner of the ' - 'Amazon S3 bucket specified in the --bucket ' - 'parameter. This parameter is required so that a ' - 'signature can be computed for the policy.') +OWNER_SAK_DOCS = ( + 'The AWS secret access key for the owner of the ' + 'Amazon S3 bucket specified in the --bucket ' + 'parameter. This parameter is required so that a ' + 'signature can be computed for the policy.' +) def _add_params(argument_table, **kwargs): @@ -68,25 +74,27 @@ def _add_params(argument_table, **kwargs # argparse if they only supply scalar params. storage_arg = argument_table['storage'] storage_arg.required = False - arg = BundleArgument(storage_param='Bucket', - name='bucket', - help_text=BUCKET_DOCS) + arg = BundleArgument( + storage_param='Bucket', name='bucket', help_text=BUCKET_DOCS + ) argument_table['bucket'] = arg - arg = BundleArgument(storage_param='Prefix', - name='prefix', - help_text=PREFIX_DOCS) + arg = BundleArgument( + storage_param='Prefix', name='prefix', help_text=PREFIX_DOCS + ) argument_table['prefix'] = arg - arg = BundleArgument(storage_param='AWSAccessKeyId', - name='owner-akid', - help_text=OWNER_AKID_DOCS) + arg = BundleArgument( + storage_param='AWSAccessKeyId', + name='owner-akid', + help_text=OWNER_AKID_DOCS, + ) argument_table['owner-akid'] = arg - arg = BundleArgument(storage_param='_SAK', - name='owner-sak', - help_text=OWNER_SAK_DOCS) + arg = BundleArgument( + storage_param='_SAK', name='owner-sak', help_text=OWNER_SAK_DOCS + ) argument_table['owner-sak'] = arg - arg = BundleArgument(storage_param='UploadPolicy', - name='policy', - help_text=POLICY_DOCS) + arg = BundleArgument( + storage_param='UploadPolicy', name='policy', help_text=POLICY_DOCS + ) argument_table['policy'] = arg @@ -97,21 +105,24 @@ def _check_args(parsed_args, **kwargs): logger.debug(parsed_args) arg_dict = vars(parsed_args) if arg_dict['storage']: - for key in ('bucket', 'prefix', 'owner_akid', - 'owner_sak', 'policy'): + for key in ('bucket', 'prefix', 'owner_akid', 'owner_sak', 'policy'): if arg_dict[key]: - msg = ('Mixing the --storage option ' - 'with the simple, scalar options is ' - 'not recommended.') + msg = ( + 'Mixing the --storage option ' + 'with the simple, scalar options is ' + 'not recommended.' + ) raise ParamValidationError(msg) -POLICY = ('{{"expiration": "{expires}",' - '"conditions": [' - '{{"bucket": "{bucket}"}},' - '{{"acl": "ec2-bundle-read"}},' - '["starts-with", "$key", "{prefix}"]' - ']}}' - ) + +POLICY = ( + '{{"expiration": "{expires}",' + '"conditions": [' + '{{"bucket": "{bucket}"}},' + '{{"acl": "ec2-bundle-read"}},' + '["starts-with", "$key", "{prefix}"]' + ']}}' +) def _generate_policy(params): @@ -120,9 +131,9 @@ def _generate_policy(params): delta = datetime.timedelta(hours=24) expires = datetime.datetime.utcnow() + delta expires_iso = expires.strftime("%Y-%m-%dT%H:%M:%S.%fZ") - policy = POLICY.format(expires=expires_iso, - bucket=params['Bucket'], - prefix=params['Prefix']) + policy = POLICY.format( + expires=expires_iso, bucket=params['Bucket'], prefix=params['Prefix'] + ) params['UploadPolicy'] = policy.encode('utf-8') @@ -163,7 +174,6 @@ def register_bundleinstance(event_handle class BundleArgument(CustomArgument): - def __init__(self, storage_param, *args, **kwargs): super(BundleArgument, self).__init__(*args, **kwargs) self._storage_param = storage_param diff -pruN 2.23.6-1/awscli/customizations/ec2/decryptpassword.py 2.31.35-1/awscli/customizations/ec2/decryptpassword.py --- 2.23.6-1/awscli/customizations/ec2/decryptpassword.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/decryptpassword.py 2025-11-12 19:17:29.000000000 +0000 @@ -27,22 +27,25 @@ the instance (e.g. windows-keypair.pem). password data sent from EC2 will be decrypted before display.

      """ -def ec2_add_priv_launch_key(argument_table, operation_model, session, - **kwargs): +def ec2_add_priv_launch_key( + argument_table, operation_model, session, **kwargs +): """ This handler gets called after the argument table for the operation has been created. It's job is to add the ``priv-launch-key`` parameter. """ argument_table['priv-launch-key'] = LaunchKeyArgument( - session, operation_model, 'priv-launch-key') + session, operation_model, 'priv-launch-key' + ) class LaunchKeyArgument(BaseCLIArgument): - def __init__(self, session, operation_model, name): self._session = session - self.argument_model = model.Shape('LaunchKeyArgument', {'type': 'string'}) + self.argument_model = model.Shape( + 'LaunchKeyArgument', {'type': 'string'} + ) self._operation_model = operation_model self._name = name self._key_path = None @@ -65,8 +68,9 @@ class LaunchKeyArgument(BaseCLIArgument) return HELP def add_to_parser(self, parser): - parser.add_argument(self.cli_name, dest=self.py_name, - help='SSH Private Key file') + parser.add_argument( + self.cli_name, dest=self.py_name, help='SSH Private Key file' + ) def add_to_params(self, parameters, value): """ @@ -81,13 +85,17 @@ class LaunchKeyArgument(BaseCLIArgument) if os.path.isfile(path): self._key_path = path service_id = self._operation_model.service_model.service_id - event = 'after-call.%s.%s' % (service_id.hyphenize(), - self._operation_model.name) + event = 'after-call.%s.%s' % ( + service_id.hyphenize(), + self._operation_model.name, + ) self._session.register(event, self._decrypt_password_data) else: - msg = ('priv-launch-key should be a path to the ' - 'local SSH private key file used to launch ' - 'the instance.') + msg = ( + 'priv-launch-key should be a path to the ' + 'local SSH private key file used to launch ' + 'the instance.' + ) raise ValueError(msg) def _decrypt_password_data(self, parsed, **kwargs): @@ -108,12 +116,16 @@ class LaunchKeyArgument(BaseCLIArgument) pk_bytes = pk_file.read() private_key = RSA.new_private_key_from_pem_data(pk_bytes) value = base64.b64decode(value) - value = private_key.decrypt(RSASignatureAlgorithm.PKCS1_5_SHA256, value) + value = private_key.decrypt( + RSASignatureAlgorithm.PKCS1_5_SHA256, value + ) logger.debug(parsed) parsed['PasswordData'] = value.decode('utf-8') logger.debug(parsed) except Exception: logger.debug('Unable to decrypt PasswordData', exc_info=True) - msg = ('Unable to decrypt password data using ' - 'provided private key file.') + msg = ( + 'Unable to decrypt password data using ' + 'provided private key file.' + ) raise ValueError(msg) diff -pruN 2.23.6-1/awscli/customizations/ec2/paginate.py 2.31.35-1/awscli/customizations/ec2/paginate.py --- 2.23.6-1/awscli/customizations/ec2/paginate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/paginate.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,15 +16,14 @@ def register_ec2_page_size_injector(even EC2PageSizeInjector().register(event_emitter) -class EC2PageSizeInjector(object): - +class EC2PageSizeInjector: # Operations to auto-paginate and their specific whitelists. # Format: # Key: Operation # Value: List of parameters to add to whitelist for that operation. TARGET_OPERATIONS = { "describe-volumes": [], - "describe-snapshots": ['OwnerIds', 'RestorableByUserIds'] + "describe-snapshots": ['OwnerIds', 'RestorableByUserIds'], } # Parameters which should be whitelisted for every operation. diff -pruN 2.23.6-1/awscli/customizations/ec2/protocolarg.py 2.31.35-1/awscli/customizations/ec2/protocolarg.py --- 2.23.6-1/awscli/customizations/ec2/protocolarg.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/protocolarg.py 2025-11-12 19:17:29.000000000 +0000 @@ -31,7 +31,7 @@ def _fix_args(params, **kwargs): def register_protocol_args(cli): - cli.register('before-parameter-build.ec2.CreateNetworkAclEntry', - _fix_args) - cli.register('before-parameter-build.ec2.ReplaceNetworkAclEntry', - _fix_args) + cli.register('before-parameter-build.ec2.CreateNetworkAclEntry', _fix_args) + cli.register( + 'before-parameter-build.ec2.ReplaceNetworkAclEntry', _fix_args + ) diff -pruN 2.23.6-1/awscli/customizations/ec2/runinstances.py 2.31.35-1/awscli/customizations/ec2/runinstances.py --- 2.23.6-1/awscli/customizations/ec2/runinstances.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/runinstances.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,6 +22,7 @@ This functionality (and much more) is al ``--network-interfaces`` complex argument. This just makes two of the most commonly used features available more easily. """ + from awscli.arguments import CustomArgument from awscli.customizations.exceptions import ParamValidationError @@ -31,37 +32,46 @@ SECONDARY_PRIVATE_IP_ADDRESSES_DOCS = ( 'or instance. You can specify this multiple times to assign multiple ' 'secondary IP addresses. If you want additional private IP addresses ' 'but do not need a specific address, use the ' - '--secondary-private-ip-address-count option.') + '--secondary-private-ip-address-count option.' +) # --secondary-private-ip-address-count SECONDARY_PRIVATE_IP_ADDRESS_COUNT_DOCS = ( '[EC2-VPC] The number of secondary IP addresses to assign to ' - 'the network interface or instance.') + 'the network interface or instance.' +) # --associate-public-ip-address ASSOCIATE_PUBLIC_IP_ADDRESS_DOCS = ( '[EC2-VPC] If specified a public IP address will be assigned ' - 'to the new instance in a VPC.') + 'to the new instance in a VPC.' +) def _add_params(argument_table, **kwargs): arg = SecondaryPrivateIpAddressesArgument( name='secondary-private-ip-addresses', - help_text=SECONDARY_PRIVATE_IP_ADDRESSES_DOCS) + help_text=SECONDARY_PRIVATE_IP_ADDRESSES_DOCS, + ) argument_table['secondary-private-ip-addresses'] = arg arg = SecondaryPrivateIpAddressCountArgument( name='secondary-private-ip-address-count', - help_text=SECONDARY_PRIVATE_IP_ADDRESS_COUNT_DOCS) + help_text=SECONDARY_PRIVATE_IP_ADDRESS_COUNT_DOCS, + ) argument_table['secondary-private-ip-address-count'] = arg arg = AssociatePublicIpAddressArgument( name='associate-public-ip-address', help_text=ASSOCIATE_PUBLIC_IP_ADDRESS_DOCS, - action='store_true', group_name='associate_public_ip') + action='store_true', + group_name='associate_public_ip', + ) argument_table['associate-public-ip-address'] = arg arg = NoAssociatePublicIpAddressArgument( name='no-associate-public-ip-address', help_text=ASSOCIATE_PUBLIC_IP_ADDRESS_DOCS, - action='store_false', group_name='associate_public_ip') + action='store_false', + group_name='associate_public_ip', + ) argument_table['no-associate-public-ip-address'] = arg @@ -71,13 +81,17 @@ def _check_args(parsed_args, **kwargs): # raise an error. arg_dict = vars(parsed_args) if arg_dict['network_interfaces']: - for key in ('secondary_private_ip_addresses', - 'secondary_private_ip_address_count', - 'associate_public_ip_address'): + for key in ( + 'secondary_private_ip_addresses', + 'secondary_private_ip_address_count', + 'associate_public_ip_address', + ): if arg_dict[key]: - msg = ('Mixing the --network-interfaces option ' - 'with the simple, scalar options is ' - 'not supported.') + msg = ( + 'Mixing the --network-interfaces option ' + 'with the simple, scalar options is ' + 'not supported.' + ) raise ParamValidationError(msg) @@ -96,7 +110,7 @@ def _fix_args(params, **kwargs): network_interface_params = [ 'PrivateIpAddresses', 'SecondaryPrivateIpAddressCount', - 'AssociatePublicIpAddress' + 'AssociatePublicIpAddress', ] if 'NetworkInterfaces' in params: interface = params['NetworkInterfaces'][0] @@ -108,8 +122,10 @@ def _fix_args(params, **kwargs): interface['Groups'] = params['SecurityGroupIds'] del params['SecurityGroupIds'] if 'PrivateIpAddress' in params: - ip_addr = {'PrivateIpAddress': params['PrivateIpAddress'], - 'Primary': True} + ip_addr = { + 'PrivateIpAddress': params['PrivateIpAddress'], + 'Primary': True, + } interface['PrivateIpAddresses'] = [ip_addr] del params['PrivateIpAddress'] if 'Ipv6AddressCount' in params: @@ -149,41 +165,41 @@ def _build_network_interfaces(params, ke class SecondaryPrivateIpAddressesArgument(CustomArgument): - def add_to_parser(self, parser, cli_name=None): - parser.add_argument(self.cli_name, dest=self.py_name, - default=self._default, nargs='*') + parser.add_argument( + self.cli_name, dest=self.py_name, default=self._default, nargs='*' + ) def add_to_params(self, parameters, value): if value: value = [{'PrivateIpAddress': v, 'Primary': False} for v in value] - _build_network_interfaces( - parameters, 'PrivateIpAddresses', value) + _build_network_interfaces(parameters, 'PrivateIpAddresses', value) class SecondaryPrivateIpAddressCountArgument(CustomArgument): - def add_to_parser(self, parser, cli_name=None): - parser.add_argument(self.cli_name, dest=self.py_name, - default=self._default, type=int) + parser.add_argument( + self.cli_name, dest=self.py_name, default=self._default, type=int + ) def add_to_params(self, parameters, value): if value: _build_network_interfaces( - parameters, 'SecondaryPrivateIpAddressCount', value) + parameters, 'SecondaryPrivateIpAddressCount', value + ) class AssociatePublicIpAddressArgument(CustomArgument): - def add_to_params(self, parameters, value): if value is True: _build_network_interfaces( - parameters, 'AssociatePublicIpAddress', value) + parameters, 'AssociatePublicIpAddress', value + ) class NoAssociatePublicIpAddressArgument(CustomArgument): - def add_to_params(self, parameters, value): if value is False: _build_network_interfaces( - parameters, 'AssociatePublicIpAddress', value) + parameters, 'AssociatePublicIpAddress', value + ) diff -pruN 2.23.6-1/awscli/customizations/ec2/secgroupsimplify.py 2.31.35-1/awscli/customizations/ec2/secgroupsimplify.py --- 2.23.6-1/awscli/customizations/ec2/secgroupsimplify.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2/secgroupsimplify.py 2025-11-12 19:17:29.000000000 +0000 @@ -27,8 +27,7 @@ from awscli.customizations.exceptions im def _add_params(argument_table, **kwargs): - arg = ProtocolArgument('protocol', - help_text=PROTOCOL_DOCS) + arg = ProtocolArgument('protocol', help_text=PROTOCOL_DOCS) argument_table['protocol'] = arg argument_table['ip-protocol']._UNDOCUMENTED = True @@ -43,13 +42,11 @@ def _add_params(argument_table, **kwargs argument_table['cidr'] = arg argument_table['cidr-ip']._UNDOCUMENTED = True - arg = SourceGroupArgument('source-group', - help_text=SOURCEGROUP_DOCS) + arg = SourceGroupArgument('source-group', help_text=SOURCEGROUP_DOCS) argument_table['source-group'] = arg argument_table['source-security-group-name']._UNDOCUMENTED = True - arg = GroupOwnerArgument('group-owner', - help_text=GROUPOWNER_DOCS) + arg = GroupOwnerArgument('group-owner', help_text=GROUPOWNER_DOCS) argument_table['group-owner'] = arg argument_table['source-security-group-owner-id']._UNDOCUMENTED = True @@ -60,11 +57,12 @@ def _check_args(parsed_args, **kwargs): # raise an error. arg_dict = vars(parsed_args) if arg_dict['ip_permissions']: - for key in ('protocol', 'port', 'cidr', - 'source_group', 'group_owner'): + for key in ('protocol', 'port', 'cidr', 'source_group', 'group_owner'): if arg_dict[key]: - msg = ('The --%s option is not compatible ' - 'with the --ip-permissions option ') % key + msg = ( + 'The --%s option is not compatible ' + 'with the --ip-permissions option ' + ) % key raise ParamValidationError(msg) @@ -72,21 +70,29 @@ def _add_docs(help_command, **kwargs): doc = help_command.doc doc.style.new_paragraph() doc.style.start_note() - msg = ('To specify multiple rules in a single command ' - 'use the --ip-permissions option') + msg = ( + 'To specify multiple rules in a single command ' + 'use the --ip-permissions option' + ) doc.include_doc_string(msg) doc.style.end_note() EVENTS = [ - ('building-argument-table.ec2.authorize-security-group-ingress', - _add_params), - ('building-argument-table.ec2.authorize-security-group-egress', - _add_params), + ( + 'building-argument-table.ec2.authorize-security-group-ingress', + _add_params, + ), + ( + 'building-argument-table.ec2.authorize-security-group-egress', + _add_params, + ), ('building-argument-table.ec2.revoke-security-group-ingress', _add_params), ('building-argument-table.ec2.revoke-security-group-egress', _add_params), - ('operation-args-parsed.ec2.authorize-security-group-ingress', - _check_args), + ( + 'operation-args-parsed.ec2.authorize-security-group-ingress', + _check_args, + ), ('operation-args-parsed.ec2.authorize-security-group-egress', _check_args), ('operation-args-parsed.ec2.revoke-security-group-ingress', _check_args), ('operation-args-parsed.ec2.revoke-security-group-egress', _check_args), @@ -95,25 +101,31 @@ EVENTS = [ ('doc-description.ec2.revoke-security-group-ingress', _add_docs), ('doc-description.ec2.revoke-security-groupdoc-ingress', _add_docs), ] -PROTOCOL_DOCS = ('

      The IP protocol: tcp | ' - 'udp | icmp

      ' - '

      (VPC only) Use all to specify all protocols.

      ' - '

      If this argument is provided without also providing the ' - 'port argument, then it will be applied to all ' - 'ports for the specified protocol.

      ') -PORT_DOCS = ('

      For TCP or UDP: The range of ports to allow.' - ' A single integer or a range (min-max).

      ' - '

      For ICMP: A single integer or a range (type-code)' - ' representing the ICMP type' - ' number and the ICMP code number respectively.' - ' A value of -1 indicates all ICMP codes for' - ' all ICMP types. A value of -1 just for type' - ' indicates all ICMP codes for the specified ICMP type.

      ') +PROTOCOL_DOCS = ( + '

      The IP protocol: tcp | ' + 'udp | icmp

      ' + '

      (VPC only) Use all to specify all protocols.

      ' + '

      If this argument is provided without also providing the ' + 'port argument, then it will be applied to all ' + 'ports for the specified protocol.

      ' +) +PORT_DOCS = ( + '

      For TCP or UDP: The range of ports to allow.' + ' A single integer or a range (min-max).

      ' + '

      For ICMP: A single integer or a range (type-code)' + ' representing the ICMP type' + ' number and the ICMP code number respectively.' + ' A value of -1 indicates all ICMP codes for' + ' all ICMP types. A value of -1 just for type' + ' indicates all ICMP codes for the specified ICMP type.

      ' +) CIDR_DOCS = '

      The IPv4 address range, in CIDR format.

      ' -SOURCEGROUP_DOCS = ('

      The name or ID of the source security group.

      ') -GROUPOWNER_DOCS = ('

      The AWS account ID that owns the source security ' - 'group. Cannot be used when specifying a CIDR IP ' - 'address.

      ') +SOURCEGROUP_DOCS = '

      The name or ID of the source security group.

      ' +GROUPOWNER_DOCS = ( + '

      The AWS account ID that owns the source security ' + 'group. Cannot be used when specifying a CIDR IP ' + 'address.

      ' +) def register_secgroup(event_handler): @@ -137,19 +149,22 @@ def _build_ip_permissions(params, key, v class ProtocolArgument(CustomArgument): - def add_to_params(self, parameters, value): if value: try: int_value = int(value) if (int_value < 0 or int_value > 255) and int_value != -1: - msg = ('protocol numbers must be in the range 0-255 ' - 'or -1 to specify all protocols') + msg = ( + 'protocol numbers must be in the range 0-255 ' + 'or -1 to specify all protocols' + ) raise ParamValidationError(msg) except ValueError: if value not in ('tcp', 'udp', 'icmp', 'all'): - msg = ('protocol parameter should be one of: ' - 'tcp|udp|icmp|all or any valid protocol number.') + msg = ( + 'protocol parameter should be one of: ' + 'tcp|udp|icmp|all or any valid protocol number.' + ) raise ParamValidationError(msg) if value == 'all': value = '-1' @@ -157,7 +172,6 @@ class ProtocolArgument(CustomArgument): class PortArgument(CustomArgument): - def add_to_params(self, parameters, value): if value: try: @@ -175,13 +189,14 @@ class PortArgument(CustomArgument): _build_ip_permissions(parameters, 'FromPort', int(fromstr)) _build_ip_permissions(parameters, 'ToPort', int(tostr)) except ValueError: - msg = ('port parameter should be of the ' - 'form (e.g. 22 or 22-25)') + msg = ( + 'port parameter should be of the ' + 'form (e.g. 22 or 22-25)' + ) raise ParamValidationError(msg) class CidrArgument(CustomArgument): - def add_to_params(self, parameters, value): if value: value = [{'CidrIp': value}] @@ -189,7 +204,6 @@ class CidrArgument(CustomArgument): class SourceGroupArgument(CustomArgument): - def add_to_params(self, parameters, value): if value: if value.startswith('sg-'): @@ -199,7 +213,6 @@ class SourceGroupArgument(CustomArgument class GroupOwnerArgument(CustomArgument): - def add_to_params(self, parameters, value): if value: _build_ip_permissions(parameters, 'UserId', value) diff -pruN 2.23.6-1/awscli/customizations/ec2instanceconnect/eicefetcher.py 2.31.35-1/awscli/customizations/ec2instanceconnect/eicefetcher.py --- 2.23.6-1/awscli/customizations/ec2instanceconnect/eicefetcher.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2instanceconnect/eicefetcher.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,10 @@ # language governing permissions and limitations under the License. import logging -from awscli.customizations.exceptions import ParamValidationError, ConfigurationError +from awscli.customizations.exceptions import ( + ConfigurationError, + ParamValidationError, +) logger = logging.getLogger(__name__) @@ -22,7 +25,6 @@ class FipsEndpointUnsupported(Configurat class InstanceConnectEndpointRequestFetcher: - def get_eice_dns_name(self, eice_info, is_fips_enabled): fips_dns_name = eice_info.get('FipsDnsName') @@ -33,45 +35,88 @@ class InstanceConnectEndpointRequestFetc elif is_fips_enabled and not fips_dns_name: raise FipsEndpointUnsupported("Unable to find FIPS Endpoint") - def get_available_instance_connect_endpoint(self, ec2_client, vpc_id, subnet_id, instance_connect_endpoint_id): + def get_available_instance_connect_endpoint( + self, ec2_client, vpc_id, subnet_id, instance_connect_endpoint_id + ): if instance_connect_endpoint_id: - return self._get_instance_connect_endpoint_by_id(ec2_client, instance_connect_endpoint_id) + return self._get_instance_connect_endpoint_by_id( + ec2_client, instance_connect_endpoint_id + ) else: - return self._get_instance_connect_endpoint_by_vpc(ec2_client, vpc_id, subnet_id) - - def _get_instance_connect_endpoint_by_id(self, ec2_client, instance_connect_endpoint_id): + return self._get_instance_connect_endpoint_by_vpc( + ec2_client, vpc_id, subnet_id + ) + + def _get_instance_connect_endpoint_by_id( + self, ec2_client, instance_connect_endpoint_id + ): args = { - "Filters": [{"Name": "state", "Values": ["create-complete"]}], - "InstanceConnectEndpointIds": [instance_connect_endpoint_id] + "Filters": [ + { + "Name": "state", + "Values": [ + "create-complete", + "update-in-progress", + "update-failed", + "update-complete", + ], + } + ], + "InstanceConnectEndpointIds": [instance_connect_endpoint_id], } - describe_eice_response = ec2_client.describe_instance_connect_endpoints(**args) - instance_connect_endpoints = describe_eice_response["InstanceConnectEndpoints"] + describe_eice_response = ( + ec2_client.describe_instance_connect_endpoints(**args) + ) + instance_connect_endpoints = describe_eice_response[ + "InstanceConnectEndpoints" + ] if instance_connect_endpoints: return instance_connect_endpoints[0] raise ParamValidationError( - f"There are no available instance connect endpoints with {instance_connect_endpoint_id}") + f"There are no available instance connect endpoints with {instance_connect_endpoint_id}" + ) - def _get_instance_connect_endpoint_by_vpc(self, ec2_client, vpc_id, subnet_id): + def _get_instance_connect_endpoint_by_vpc( + self, ec2_client, vpc_id, subnet_id + ): ## Describe until subnet match and if none match subnet then return the first one based on vpc-id filter - args = {"Filters": [ - {"Name": "state", "Values": ["create-complete"]}, - {"Name": "vpc-id", "Values": [vpc_id]} - ]} + args = { + "Filters": [ + { + "Name": "state", + "Values": [ + "create-complete", + "update-in-progress", + "update-failed", + "update-complete", + ], + }, + {"Name": "vpc-id", "Values": [vpc_id]}, + ] + } - paginator = ec2_client.get_paginator('describe_instance_connect_endpoints') + paginator = ec2_client.get_paginator( + 'describe_instance_connect_endpoints' + ) page_iterator = paginator.paginate(**args) instance_connect_endpoints = [] for page in page_iterator: page_result = page["InstanceConnectEndpoints"] - instance_connect_endpoints = instance_connect_endpoints + page_result + instance_connect_endpoints = ( + instance_connect_endpoints + page_result + ) if page_result: for eice in page_result: if eice['SubnetId'] == subnet_id: - logger.debug(f"Using EICE based on subnet: {instance_connect_endpoints[0]}") + logger.debug(f"Using EICE based on subnet: {eice}") return eice if instance_connect_endpoints: - logger.debug(f"Using EICE based on vpc: {instance_connect_endpoints[0]}") + logger.debug( + f"Using EICE based on vpc: {instance_connect_endpoints[0]}" + ) return instance_connect_endpoints[0] - raise ParamValidationError("There are no available instance connect endpoints.") + raise ParamValidationError( + "There are no available instance connect endpoints." + ) diff -pruN 2.23.6-1/awscli/customizations/ec2instanceconnect/eicesigner.py 2.31.35-1/awscli/customizations/ec2instanceconnect/eicesigner.py --- 2.23.6-1/awscli/customizations/ec2instanceconnect/eicesigner.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2instanceconnect/eicesigner.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,14 +17,14 @@ from botocore.signers import RequestSign class InstanceConnectEndpointRequestSigner: def __init__( - self, - session, - instance_connect_endpoint_dns_name, - instance_connect_endpoint_id, - remote_port, - instance_private_ip, - max_tunnel_duration, - request_singer=None, + self, + session, + instance_connect_endpoint_dns_name, + instance_connect_endpoint_id, + remote_port, + instance_private_ip, + max_tunnel_duration, + request_singer=None, ): service_model = session.get_service_model("ec2-instance-connect") diff -pruN 2.23.6-1/awscli/customizations/ec2instanceconnect/opentunnel.py 2.31.35-1/awscli/customizations/ec2instanceconnect/opentunnel.py --- 2.23.6-1/awscli/customizations/ec2instanceconnect/opentunnel.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2instanceconnect/opentunnel.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,12 +14,14 @@ import logging import sys from awscli.customizations.commands import BasicCommand +from awscli.customizations.ec2instanceconnect.eicefetcher import ( + InstanceConnectEndpointRequestFetcher, +) from awscli.customizations.ec2instanceconnect.eicesigner import ( InstanceConnectEndpointRequestSigner, ) from awscli.customizations.ec2instanceconnect.websocket import WebsocketManager from awscli.customizations.exceptions import ParamValidationError -from awscli.customizations.ec2instanceconnect.eicefetcher import InstanceConnectEndpointRequestFetcher logger = logging.getLogger(__name__) @@ -27,7 +29,9 @@ logger = logging.getLogger(__name__) class OpenTunnelCommand(BasicCommand): NAME = "open-tunnel" - DESCRIPTION = "Opens a websocket tunnel to the specified EC2 Instance or private ip." + DESCRIPTION = ( + "Opens a websocket tunnel to the specified EC2 Instance or private ip." + ) ARG_TABLE = [ { @@ -126,10 +130,16 @@ class OpenTunnelCommand(BasicCommand): ) instance_connect_endpoint_id = eice["InstanceConnectEndpointId"] - is_fips_enabled = self._session.get_config_variable('use_fips_endpoint') - instance_connect_endpoint_dns_name = eice_fetcher.get_eice_dns_name(eice, is_fips_enabled) + is_fips_enabled = self._session.get_config_variable( + 'use_fips_endpoint' + ) + instance_connect_endpoint_dns_name = ( + eice_fetcher.get_eice_dns_name(eice, is_fips_enabled) + ) - logger.debug(f"Using endpoint dns: {instance_connect_endpoint_dns_name}") + logger.debug( + f"Using endpoint dns: {instance_connect_endpoint_dns_name}" + ) eice_request_signer = InstanceConnectEndpointRequestSigner( self._session, instance_connect_endpoint_dns_name=instance_connect_endpoint_dns_name, @@ -140,7 +150,10 @@ class OpenTunnelCommand(BasicCommand): ) with WebsocketManager( - parsed_args.local_port, parsed_args.max_websocket_connections, eice_request_signer, self._session.user_agent(), + parsed_args.local_port, + parsed_args.max_websocket_connections, + eice_request_signer, + self._session.user_agent(), ) as websocket_manager: websocket_manager.run() return 0 @@ -148,13 +161,23 @@ class OpenTunnelCommand(BasicCommand): def _validate_parsed_args(self, parsed_args): if not parsed_args.instance_id and not parsed_args.private_ip_address: raise ParamValidationError("Specify an instance id or private ip.") - if parsed_args.instance_connect_endpoint_dns_name and not parsed_args.instance_connect_endpoint_id: - raise ParamValidationError("Specify an instance connect endpoint id when providing a DNS name.") - if parsed_args.private_ip_address and not parsed_args.instance_connect_endpoint_id: - raise ParamValidationError("Specify an instance connect endpoint id when providing a private ip.") + if ( + parsed_args.instance_connect_endpoint_dns_name + and not parsed_args.instance_connect_endpoint_id + ): + raise ParamValidationError( + "Specify an instance connect endpoint id when providing a DNS name." + ) + if ( + parsed_args.private_ip_address + and not parsed_args.instance_connect_endpoint_id + ): + raise ParamValidationError( + "Specify an instance connect endpoint id when providing a private ip." + ) if parsed_args.max_tunnel_duration is not None and ( - parsed_args.max_tunnel_duration < 1 - or parsed_args.max_tunnel_duration > 3_600 + parsed_args.max_tunnel_duration < 1 + or parsed_args.max_tunnel_duration > 3_600 ): raise ParamValidationError( "Invalid max connection timeout specified. Value must be greater than 1 and " @@ -164,4 +187,4 @@ class OpenTunnelCommand(BasicCommand): raise ParamValidationError( "This command does not support interactive mode. You must use this command as a proxy or in listener " "mode. " - ) \ No newline at end of file + ) diff -pruN 2.23.6-1/awscli/customizations/ec2instanceconnect/ssh.py 2.31.35-1/awscli/customizations/ec2instanceconnect/ssh.py --- 2.23.6-1/awscli/customizations/ec2instanceconnect/ssh.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2instanceconnect/ssh.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,20 +10,25 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os import logging +import os import re import shutil import subprocess import sys import tempfile -from awscli.customizations.commands import BasicCommand -from awscli.customizations.exceptions import ParamValidationError, ConfigurationError -from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey -from cryptography.hazmat.primitives.serialization import PublicFormat, Encoding, PrivateFormat, NoEncryption +from awscrt.crypto import ED25519, ED25519ExportFormat + from awscli.compat import compat_shell_quote -from awscli.customizations.ec2instanceconnect.eicefetcher import InstanceConnectEndpointRequestFetcher +from awscli.customizations.commands import BasicCommand +from awscli.customizations.ec2instanceconnect.eicefetcher import ( + InstanceConnectEndpointRequestFetcher, +) +from awscli.customizations.exceptions import ( + ConfigurationError, + ParamValidationError, +) logger = logging.getLogger(__name__) @@ -31,9 +36,7 @@ logger = logging.getLogger(__name__) class SshCommand(BasicCommand): NAME = 'ssh' - CONNECTION_TYPES = ['auto', - 'direct', - 'eice'] + CONNECTION_TYPES = ['auto', 'direct', 'eice'] ARG_TABLE = [ { @@ -67,7 +70,7 @@ class SshCommand(BasicCommand): { 'name': 'local-forwarding', 'help_text': 'Specify the local forwarding specification as defined by your OpenSSH client. ' - '(Example: 3336:remote.host:3306)', + '(Example: 3336:remote.host:3306)', 'required': False, }, { @@ -77,21 +80,21 @@ class SshCommand(BasicCommand): '
        ' '
      • direct: SSH directly to the instance. ' 'The CLI tries to connect using the IP addresses in the following order: ' - '
          ' - '
        • Public IPv4
          • ' - '
        • IPv6
          • ' - '
        • Private IPv4
          • ' - '
        ' + '
          ' + '
        • Public IPv4
          • ' + '
        • IPv6
          • ' + '
        • Private IPv4
          • ' + '
        ' '
        • ' '
      • eice: SSH using EC2 Instance Connect Endpoint. The CLI always uses the private IPv4 address.
        • ' '
      • auto: The CLI automatically determines the connection type (direct or eice) ' 'to use based on the instance info. Currently the CLI tries to connect using the IP addresses ' 'in the following order and with the corresponding connection type:' - '
          ' - '
        • Public IPv4: direct
          • ' - '
        • Private IPv4: eice
          • ' - '
        • IPv6: direct
          • ' - '
        ' + '
          ' + '
        • Public IPv4: direct
          • ' + '
        • Private IPv4: eice
          • ' + '
        • IPv6: direct
          • ' + '
        ' '
        • ' '
      ' 'In the future, we might change the behavior of the auto connection type. To ensure that your ' @@ -130,7 +133,7 @@ class SshCommand(BasicCommand): ), 'required': False, }, - } + }, }, }, ] @@ -138,8 +141,10 @@ class SshCommand(BasicCommand): DESCRIPTION = 'Connect to your EC2 instance using your OpenSSH client.' def __init__(self, session, key_manager=None): - super(SshCommand, self).__init__(session) - self._key_manager = KeyManager() if (key_manager is None) else key_manager + super().__init__(session) + self._key_manager = ( + KeyManager() if (key_manager is None) else key_manager + ) def _run_main(self, parsed_args, parsed_globals): self._validate_parsed_args(parsed_args) @@ -169,7 +174,9 @@ class SshCommand(BasicCommand): ip_address_to_connect = private_ip_address elif parsed_args.connection_type == 'direct': use_open_tunnel = False - ip_address_to_connect = public_ip_address or ipv6_address or private_ip_address + ip_address_to_connect = ( + public_ip_address or ipv6_address or private_ip_address + ) elif parsed_args.connection_type == 'auto': # In case of auto we use IPv4 address first and then IPv6 because right now most instance have these, but # in future we might want to switch this logic to where we select IPv6 first and then fallback to IPv4. @@ -184,22 +191,34 @@ class SshCommand(BasicCommand): ip_address_to_connect = ipv6_address if ip_address_to_connect is None: - raise ParamValidationError('Unable to find any IP address on the instance to connect to.') + raise ParamValidationError( + 'Unable to find any IP address on the instance to connect to.' + ) - instance_connect_endpoint_id = self._get_eice_option(parsed_args.eice_options, 'endpointId') - instance_connect_endpoint_dns_name = self._get_eice_option(parsed_args.eice_options, 'dnsName') + instance_connect_endpoint_id = self._get_eice_option( + parsed_args.eice_options, 'endpointId' + ) + instance_connect_endpoint_dns_name = self._get_eice_option( + parsed_args.eice_options, 'dnsName' + ) if use_open_tunnel and not instance_connect_endpoint_dns_name: eice_fetcher = InstanceConnectEndpointRequestFetcher() eice_info = eice_fetcher.get_available_instance_connect_endpoint( ec2_client, instance_metadata["VpcId"], instance_metadata["SubnetId"], - instance_connect_endpoint_id + instance_connect_endpoint_id, ) - instance_connect_endpoint_id = eice_info["InstanceConnectEndpointId"] + instance_connect_endpoint_id = eice_info[ + "InstanceConnectEndpointId" + ] - is_fips_enabled = self._session.get_config_variable('use_fips_endpoint') - instance_connect_endpoint_dns_name = eice_fetcher.get_eice_dns_name(eice_info, is_fips_enabled) + is_fips_enabled = self._session.get_config_variable( + 'use_fips_endpoint' + ) + instance_connect_endpoint_dns_name = ( + eice_fetcher.get_eice_dns_name(eice_info, is_fips_enabled) + ) # Validate ssh key exist (either use user defined or create new one) key_file = parsed_args.private_key_file @@ -209,7 +228,10 @@ class SshCommand(BasicCommand): key_file = os.path.join(tmp_dir, 'private-key') logger.debug('Generate new ssh key and upload') private_pem_bytes = self._generate_and_upload_ssh_key( - parsed_args.instance_id, parsed_args.os_user, parsed_globals) + parsed_args.instance_id, + parsed_args.os_user, + parsed_globals, + ) with open(key_file, 'wb') as fd: fd.write(private_pem_bytes) @@ -226,50 +248,70 @@ class SshCommand(BasicCommand): ip_address_to_connect, instance_connect_endpoint_id, instance_connect_endpoint_dns_name, - self._get_eice_option(parsed_args.eice_options, 'maxTunnelDuration'), - parsed_globals + self._get_eice_option( + parsed_args.eice_options, 'maxTunnelDuration' + ), + parsed_globals, ) def _validate_parsed_args(self, parsed_args): if parsed_args.instance_id: if not re.search("^i-[0-9a-zA-Z]+$", parsed_args.instance_id): - raise ParamValidationError('The specified instance ID is invalid. ' - 'Provide the full instance ID in the form i-xxxxxxxxxxxxxxxxx.') + raise ParamValidationError( + 'The specified instance ID is invalid. ' + 'Provide the full instance ID in the form i-xxxxxxxxxxxxxxxxx.' + ) eice_options = parsed_args.eice_options if parsed_args.connection_type == "direct" and eice_options: - raise ParamValidationError('eice-options can\'t be specified when connection type is direct.') + raise ParamValidationError( + 'eice-options can\'t be specified when connection type is direct.' + ) - if self._get_eice_option(eice_options, 'dnsName') and not self._get_eice_option(eice_options, 'endpointId'): - raise ParamValidationError('When specifying dnsName, you must specify endpointId.') + if self._get_eice_option( + eice_options, 'dnsName' + ) and not self._get_eice_option(eice_options, 'endpointId'): + raise ParamValidationError( + 'When specifying dnsName, you must specify endpointId.' + ) if eice_options and 'maxTunnelDuration' in eice_options: max_tunnel_duration = eice_options['maxTunnelDuration'] - if max_tunnel_duration is not None and (max_tunnel_duration < 1 or max_tunnel_duration > 3_600): + if max_tunnel_duration is not None and ( + max_tunnel_duration < 1 or max_tunnel_duration > 3_600 + ): raise ParamValidationError( 'Invalid value specified for maxTunnelDuration. Value must be greater than 1 and ' 'less than 3600.' ) if self._get_eice_option(eice_options, 'endpointId'): - if not re.search("^eice-[0-9a-zA-Z_]+$", eice_options['endpointId']): - raise ParamValidationError('The specified endpointId is invalid. ' - 'Provide the full EC2 Instance Connect Endpoint ID in ' - 'the form eice-xxxxxxxxxxxxxxxxx.') + if not re.search( + "^eice-[0-9a-zA-Z_]+$", eice_options['endpointId'] + ): + raise ParamValidationError( + 'The specified endpointId is invalid. ' + 'Provide the full EC2 Instance Connect Endpoint ID in ' + 'the form eice-xxxxxxxxxxxxxxxxx.' + ) if self._get_eice_option(eice_options, 'dnsName'): if not re.search('^[0-9a-zA-Z.-]+$', eice_options['dnsName']): raise ParamValidationError('The specified dnsName is invalid.') if parsed_args.instance_ip and parsed_args.connection_type == 'auto': - raise ParamValidationError('When specifying instance-ip, you must specify connection-type.') + raise ParamValidationError( + 'When specifying instance-ip, you must specify connection-type.' + ) def _get_eice_option(self, eice_options, option): if eice_options: return eice_options.get(option) return None - def _generate_and_upload_ssh_key(self, instance_id, os_user, parsed_globals): + def _generate_and_upload_ssh_key( + self, instance_id, os_user, parsed_globals + ): private_key = self._key_manager.generate_key() logger.debug('Upload public ssh key to instance') @@ -279,18 +321,33 @@ class SshCommand(BasicCommand): verify=parsed_globals.verify_ssl, ) public_key = self._key_manager.get_public_key(private_key) - self._key_manager.upload_public_key(ec2_instance_connect_client, instance_id, os_user, public_key) + self._key_manager.upload_public_key( + ec2_instance_connect_client, instance_id, os_user, public_key + ) return self._key_manager.get_private_pem(private_key) - def _generate_open_tunnel_command(self, instance_id, private_ip_address, ssh_port, eice_id, eice_dns_name, - max_tunnel_duration, parsed_globals): + def _generate_open_tunnel_command( + self, + instance_id, + private_ip_address, + ssh_port, + eice_id, + eice_dns_name, + max_tunnel_duration, + parsed_globals, + ): aws_cli_path = sys.argv[0] proxy_command = [ - aws_cli_path, 'ec2-instance-connect', 'open-tunnel', - '--instance-id', instance_id, - '--private-ip-address', private_ip_address, - '--remote-port', str(ssh_port), + aws_cli_path, + 'ec2-instance-connect', + 'open-tunnel', + '--instance-id', + instance_id, + '--private-ip-address', + private_ip_address, + '--remote-port', + str(ssh_port), ] logger.debug(f"Using aws: {aws_cli_path}") @@ -312,20 +369,42 @@ class SshCommand(BasicCommand): return proxy_command - def _ssh(self, use_open_tunnel, instance_id, ssh_port, os_user, local_forwarding, key_file, - ip_address, eice_id, eice_dns_name, max_tunnel_duration, parsed_globals): - + def _ssh( + self, + use_open_tunnel, + instance_id, + ssh_port, + os_user, + local_forwarding, + key_file, + ip_address, + eice_id, + eice_dns_name, + max_tunnel_duration, + parsed_globals, + ): proxy_command = self._generate_open_tunnel_command( - instance_id, ip_address, ssh_port, eice_id, eice_dns_name, max_tunnel_duration, parsed_globals) + instance_id, + ip_address, + ssh_port, + eice_id, + eice_dns_name, + max_tunnel_duration, + parsed_globals, + ) command = [ 'ssh', # adding ServerAliveInterval as default because it offers better customer experience as it let customer # know about terminated connections. If we want to allow customer to override this we can add additional # parameter to this cli command - '-o', 'ServerAliveInterval=5', - '-p', str(ssh_port), - '-i', key_file, os_user + '@' + ip_address, + '-o', + 'ServerAliveInterval=5', + '-p', + str(ssh_port), + '-i', + key_file, + os_user + '@' + ip_address, ] ssh_path = shutil.which('ssh') @@ -333,8 +412,10 @@ class SshCommand(BasicCommand): command[0] = ssh_path logger.debug(f"Using ssh: {ssh_path}") else: - raise ConfigurationError('SSH not available. Please refer to the documentation ' - 'at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html.') + raise ConfigurationError( + 'SSH not available. Please refer to the documentation ' + 'at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html.' + ) # Add local-forwarding option if users passed local-forwarding if local_forwarding: @@ -348,7 +429,10 @@ class SshCommand(BasicCommand): # If we are trying to connect to instance in private subnet lets use open-tunnel command to use eice if use_open_tunnel: command.insert(-1, '-o') - command.insert(-1, f"ProxyCommand={' '.join(compat_shell_quote(a) for a in proxy_command)}") + command.insert( + -1, + f"ProxyCommand={' '.join(compat_shell_quote(a) for a in proxy_command)}", + ) logger.debug('Invoking SSH command: %s', command) rc = subprocess.call(command) @@ -358,25 +442,36 @@ class SshCommand(BasicCommand): class KeyManager: def generate_key(self): logger.debug('Generate Ed25519 Key') - return Ed25519PrivateKey.generate() + return ED25519.new_generate() + + def _get_public_key(self, private_key): + public_key_bytes = ED25519.export_public_key( + private_key, export_format=ED25519ExportFormat.OPENSSH_B64 + ) + return f"ssh-ed25519 {public_key_bytes.decode()}" def get_public_key(self, private_key): - return private_key.public_key().public_bytes( - encoding=Encoding.OpenSSH, - format=PublicFormat.OpenSSH + return self._get_public_key(private_key) + + def _get_private_pem(self, private_key): + private_key_bytes = ED25519.export_private_key( + private_key, export_format=ED25519ExportFormat.OPENSSH_B64 ) + return ( + '-----BEGIN OPENSSH PRIVATE KEY-----\n' + f'{private_key_bytes.decode()}\n' + '-----END OPENSSH PRIVATE KEY-----\n' + ).encode() def get_private_pem(self, private_key): - return private_key.private_bytes( - encoding=Encoding.PEM, - format=PrivateFormat.OpenSSH, - encryption_algorithm=NoEncryption() - ) + return self._get_private_pem(private_key=private_key) - def upload_public_key(self, ec2_instance_connect_client, instance_id, os_user, public_key): + def upload_public_key( + self, ec2_instance_connect_client, instance_id, os_user, public_key + ): logger.debug('Upload ssh key to instance') ec2_instance_connect_client.send_ssh_public_key( InstanceId=instance_id, InstanceOSUser=os_user, - SSHPublicKey=public_key.decode(), + SSHPublicKey=public_key, ) diff -pruN 2.23.6-1/awscli/customizations/ec2instanceconnect/websocket.py 2.31.35-1/awscli/customizations/ec2instanceconnect/websocket.py --- 2.23.6-1/awscli/customizations/ec2instanceconnect/websocket.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ec2instanceconnect/websocket.py 2025-11-12 19:17:29.000000000 +0000 @@ -28,10 +28,11 @@ from awscrt.http import HttpProxyAuthent from awscrt.io import ClientTlsContext, TlsContextOptions from awscrt.websocket import ( OnConnectionSetupData, + OnConnectionShutdownData, + OnIncomingFrameCompleteData, OnIncomingFramePayloadData, OnSendFrameCompleteData, Opcode, - OnConnectionShutdownData, OnIncomingFrameCompleteData, ) from awscli.compat import is_windows @@ -42,9 +43,11 @@ logger = logging.getLogger(__name__) class WebsocketException(RuntimeError): pass + class InputClosedError(RuntimeError): pass + class BaseWebsocketIO: def has_data_to_read(self): raise NotImplementedError("has_data_to_read") @@ -63,10 +66,11 @@ _SELECT_TIMEOUT = 0.05 class StdinStdoutIO(BaseWebsocketIO): - def has_data_to_read(self): socket_list = [sys.stdin] - read_sockets, _, _ = select.select(socket_list, [], [], _SELECT_TIMEOUT) + read_sockets, _, _ = select.select( + socket_list, [], [], _SELECT_TIMEOUT + ) if read_sockets: return True return False @@ -83,13 +87,11 @@ class StdinStdoutIO(BaseWebsocketIO): class WindowsStdinStdoutIO(StdinStdoutIO): - def has_data_to_read(self): return True class TCPSocketIO(BaseWebsocketIO): - def __init__(self, conn): self.conn = conn @@ -121,19 +123,36 @@ class TCPSocketIO(BaseWebsocketIO): class Websocket: - def __init__(self, websocketio, websocket_id, tls_connection_options=None, on_connection_event=None, - shutdown_event=None, send_frame_results_queue=None): + def __init__( + self, + websocketio, + websocket_id, + tls_connection_options=None, + on_connection_event=None, + shutdown_event=None, + send_frame_results_queue=None, + ): self.websocketio = websocketio self.websocket_id = websocket_id - self._on_connection_event = Event() if (on_connection_event is None) else on_connection_event - self._send_frame_results_queue = Queue() if (send_frame_results_queue is None) else send_frame_results_queue - self._shutdown_event = Event() if (shutdown_event is None) else shutdown_event + self._on_connection_event = ( + Event() if (on_connection_event is None) else on_connection_event + ) + self._send_frame_results_queue = ( + Queue() + if (send_frame_results_queue is None) + else send_frame_results_queue + ) + self._shutdown_event = ( + Event() if (shutdown_event is None) else shutdown_event + ) self._websocket = None self._exception = None self._close_frame_bytes = bytearray() if tls_connection_options is None: - self._tls_connection_options = ClientTlsContext(TlsContextOptions()).new_connection_options() + self._tls_connection_options = ClientTlsContext( + TlsContextOptions() + ).new_connection_options() else: self._tls_connection_options = tls_connection_options @@ -147,21 +166,29 @@ class Websocket: def connect(self, url, user_agent=None): parsed_url = urlparse(url) path = parsed_url.path + "?" + parsed_url.query - request = websocket.create_handshake_request(host=parsed_url.hostname, path=path) + request = websocket.create_handshake_request( + host=parsed_url.hostname, path=path + ) if user_agent: request.headers.set("User-Agent", user_agent) environment = os.environ.copy() proxy_options = None - proxy_url = environment.get("HTTP_PROXY") or environment.get("HTTPS_PROXY") + proxy_url = environment.get("HTTP_PROXY") or environment.get( + "HTTPS_PROXY" + ) no_proxy = environment.get("NO_PROXY", "") if proxy_url and parsed_url.hostname not in no_proxy: parsed_proxy_url = urlparse(proxy_url) - logger.debug(f"Using the following proxy: {parsed_proxy_url.hostname}") + logger.debug( + f"Using the following proxy: {parsed_proxy_url.hostname}" + ) proxy_options = HttpProxyOptions( host_name=parsed_proxy_url.hostname, port=parsed_proxy_url.port, - auth_type=HttpProxyAuthenticationType.Basic if proxy_url else HttpProxyAuthenticationType.Nothing, + auth_type=HttpProxyAuthenticationType.Basic + if proxy_url + else HttpProxyAuthenticationType.Nothing, auth_username=parsed_proxy_url.username or None, auth_password=parsed_proxy_url.password or None, ) @@ -176,7 +203,7 @@ class Websocket: on_connection_setup=self._on_connection, on_connection_shutdown=self._on_connection_shutdown, on_incoming_frame_payload=self._on_incoming_frame_payload_data, - on_incoming_frame_complete=self._on_incoming_frame_complete + on_incoming_frame_complete=self._on_incoming_frame_complete, ) # Wait for the on_connection callback to be called. @@ -211,7 +238,7 @@ class Websocket: try: data = self.websocketio.read(self._MAX_BYTES_PER_FRAME) - except InputClosedError as e: + except InputClosedError: logger.debug('Input closed. Shutting down websocket.') self.close() @@ -230,7 +257,9 @@ class Websocket: ] # Expected exception if server or user closes conn. Catch it and gracefully exit this method. if any(exc_code in str(e.args) for exc_code in crt_exceptions): - logger.debug(f"Received exception when sending websocket frame: {e.args}") + logger.debug( + f"Received exception when sending websocket frame: {e.args}" + ) self.close() else: raise e @@ -253,20 +282,29 @@ class Websocket: self._websocket = data.websocket self._on_connection_event.set() - def _on_incoming_frame_payload_data(self, incoming_frame_data: OnIncomingFramePayloadData) -> None: + def _on_incoming_frame_payload_data( + self, incoming_frame_data: OnIncomingFramePayloadData + ) -> None: opcode = incoming_frame_data.frame.opcode if not opcode.is_data_frame(): if opcode == Opcode.CLOSE and incoming_frame_data.data: self._close_frame_bytes += incoming_frame_data.data return if opcode == Opcode.TEXT: - self._exception = WebsocketException("Received invalid data from server, closing websocket connection.") + self._exception = WebsocketException( + "Received invalid data from server, closing websocket connection." + ) self.close() return self.websocketio.write(incoming_frame_data.data) - def _on_incoming_frame_complete(self, incoming_frame_data: OnIncomingFrameCompleteData): - if incoming_frame_data.frame.opcode == Opcode.CLOSE and incoming_frame_data.exception is None: + def _on_incoming_frame_complete( + self, incoming_frame_data: OnIncomingFrameCompleteData + ): + if ( + incoming_frame_data.frame.opcode == Opcode.CLOSE + and incoming_frame_data.exception is None + ): if len(self._close_frame_bytes) > 0: shutdown_code_as_bytes = self._close_frame_bytes[0:2] # The shutdown code is a packed 2 byte unsigned int. @@ -274,11 +312,17 @@ class Websocket: shutdown_reason_in_bytes = self._close_frame_bytes[2:] if shutdown_code != 1000: logger.debug("Shutdown code: %s", str(shutdown_code)) - decoded_shutdown_reason = shutdown_reason_in_bytes.decode("utf-8") - self._exception = WebsocketException(f"Websocket Closure Reason: {decoded_shutdown_reason}") + decoded_shutdown_reason = shutdown_reason_in_bytes.decode( + "utf-8" + ) + self._exception = WebsocketException( + f"Websocket Closure Reason: {decoded_shutdown_reason}" + ) self.close() - def _on_send_frame_complete_data(self, send_frame_data: OnSendFrameCompleteData) -> None: + def _on_send_frame_complete_data( + self, send_frame_data: OnSendFrameCompleteData + ) -> None: self._send_frame_results_queue.put(send_frame_data) def _on_connection_shutdown(self, data: OnConnectionShutdownData) -> None: @@ -288,7 +332,13 @@ class Websocket: class WebsocketManager: - def __init__(self, port, max_websocket_connections, eice_request_signer, user_agent=None): + def __init__( + self, + port, + max_websocket_connections, + eice_request_signer, + user_agent=None, + ): self._port = port self._executor = ThreadPoolExecutor( max_workers=max_websocket_connections @@ -322,8 +372,12 @@ class WebsocketManager: def run(self): # If no port is specified, open a singular websocket connection. if not self._port: - websocketio = WindowsStdinStdoutIO() if is_windows else StdinStdoutIO() - future = self._open_websocket_connection(Websocket(websocketio, websocket_id=None)) + websocketio = ( + WindowsStdinStdoutIO() if is_windows else StdinStdoutIO() + ) + future = self._open_websocket_connection( + Websocket(websocketio, websocket_id=None) + ) # Block until the future completes. future.result() else: @@ -342,21 +396,32 @@ class WebsocketManager: conn, addr = self._socket.accept() # Check if we have reached max connections self._remove_done_futures() - if len(self._inflight_futures_and_websockets) >= self._max_websocket_connections: - print(f"Max websocket connections {self._max_websocket_connections} have been reached, closing " - f"incoming connection.") + if ( + len(self._inflight_futures_and_websockets) + >= self._max_websocket_connections + ): + print( + f"Max websocket connections {self._max_websocket_connections} have been reached, closing " + f"incoming connection." + ) conn.close() continue websocket_id = self._connection_id_counter self._connection_id_counter += 1 - print(f"[{websocket_id}] Accepted new tcp connection, opening websocket tunnel.") + print( + f"[{websocket_id}] Accepted new tcp connection, opening websocket tunnel." + ) try: web_socket = Websocket(TCPSocketIO(conn), websocket_id) future = self._open_websocket_connection(web_socket) - future.add_done_callback(self._print_tcp_conn_closed(web_socket)) + future.add_done_callback( + self._print_tcp_conn_closed(web_socket) + ) except WebsocketException as e: - logger.error(f"[{websocket_id}] Encountered error opening websocket: {e.args}") + logger.error( + f"[{websocket_id}] Encountered error opening websocket: {e.args}" + ) def _open_websocket_connection(self, web_socket): presigned_url = self._eice_request_signer.get_presigned_url() diff -pruN 2.23.6-1/awscli/customizations/ecr.py 2.31.35-1/awscli/customizations/ecr.py --- 2.23.6-1/awscli/customizations/ecr.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecr.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,12 +10,12 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import sys +from base64 import b64decode + from awscli.customizations.commands import BasicCommand from awscli.customizations.utils import create_client_from_parsed_globals -from base64 import b64decode -import sys - def register_ecr_commands(cli): cli.register('building-command-table.ecr', _inject_commands) @@ -27,16 +27,17 @@ def _inject_commands(command_table, sess class ECRGetLoginPassword(BasicCommand): """Get a password to be used with container clients such as Docker""" + NAME = 'get-login-password' DESCRIPTION = BasicCommand.FROM_FILE( - 'ecr/get-login-password_description.rst') + 'ecr/get-login-password_description.rst' + ) def _run_main(self, parsed_args, parsed_globals): ecr_client = create_client_from_parsed_globals( - self._session, - 'ecr', - parsed_globals) + self._session, 'ecr', parsed_globals + ) result = ecr_client.get_authorization_token() auth = result['authorizationData'][0] auth_token = b64decode(auth['authorizationToken']).decode() diff -pruN 2.23.6-1/awscli/customizations/ecr_public.py 2.31.35-1/awscli/customizations/ecr_public.py --- 2.23.6-1/awscli/customizations/ecr_public.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecr_public.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,12 +10,12 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import sys +from base64 import b64decode + from awscli.customizations.commands import BasicCommand from awscli.customizations.utils import create_client_from_parsed_globals -from base64 import b64decode -import sys - def register_ecr_public_commands(cli): cli.register('building-command-table.ecr-public', _inject_commands) @@ -27,16 +27,17 @@ def _inject_commands(command_table, sess class ECRPublicGetLoginPassword(BasicCommand): """Get a password to be used with container clients such as Docker""" + NAME = 'get-login-password' DESCRIPTION = BasicCommand.FROM_FILE( - 'ecr-public/get-login-password_description.rst') + 'ecr-public/get-login-password_description.rst' + ) def _run_main(self, parsed_args, parsed_globals): ecr_public_client = create_client_from_parsed_globals( - self._session, - 'ecr-public', - parsed_globals) + self._session, 'ecr-public', parsed_globals + ) result = ecr_public_client.get_authorization_token() auth = result['authorizationData'] auth_token = b64decode(auth['authorizationToken']).decode() diff -pruN 2.23.6-1/awscli/customizations/ecs/__init__.py 2.31.35-1/awscli/customizations/ecs/__init__.py --- 2.23.6-1/awscli/customizations/ecs/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecs/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,8 +12,10 @@ # language governing permissions and limitations under the License. from awscli.customizations.ecs.deploy import ECSDeploy -from awscli.customizations.ecs.executecommand import ECSExecuteCommand -from awscli.customizations.ecs.executecommand import ExecuteCommandCaller +from awscli.customizations.ecs.executecommand import ( + ECSExecuteCommand, + ExecuteCommandCaller, +) def initialize(cli): @@ -33,7 +35,8 @@ def inject_commands(command_table, sessi name='execute-command', parent_name='ecs', session=session, - operation_model=session.get_service_model('ecs') - .operation_model('ExecuteCommand'), + operation_model=session.get_service_model('ecs').operation_model( + 'ExecuteCommand' + ), operation_caller=ExecuteCommandCaller(session), ) diff -pruN 2.23.6-1/awscli/customizations/ecs/deploy.py 2.31.35-1/awscli/customizations/ecs/deploy.py --- 2.23.6-1/awscli/customizations/ecs/deploy.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecs/deploy.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,9 +18,10 @@ import sys from botocore import compat, config from botocore.exceptions import ClientError + from awscli.compat import compat_open -from awscli.customizations.ecs import exceptions, filehelpers from awscli.customizations.commands import BasicCommand +from awscli.customizations.ecs import exceptions, filehelpers TIMEOUT_BUFFER_MIN = 10 DEFAULT_DELAY_SEC = 15 @@ -45,96 +46,111 @@ class ECSDeploy(BasicCommand): ARG_TABLE = [ { 'name': 'service', - 'help_text': ("The short name or full Amazon Resource Name " - "(ARN) of the service to update"), - 'required': True + 'help_text': ( + "The short name or full Amazon Resource Name " + "(ARN) of the service to update" + ), + 'required': True, }, { 'name': 'task-definition', - 'help_text': ("The file path where your task definition file is " - "located. The format of the file must be the same " - "as the JSON output of: aws ecs " - "register-task-definition " - "--generate-cli-skeleton"), - 'required': True + 'help_text': ( + "The file path where your task definition file is " + "located. The format of the file must be the same " + "as the JSON output of: aws ecs " + "register-task-definition " + "--generate-cli-skeleton" + ), + 'required': True, }, { 'name': 'codedeploy-appspec', - 'help_text': ("The file path where your AWS CodeDeploy appspec " - "file is located. The appspec file may be in JSON " - "or YAML format. The TaskDefinition " - "property will be updated within the appspec with " - "the newly registered task definition ARN, " - "overwriting any placeholder values in the file."), - 'required': True + 'help_text': ( + "The file path where your AWS CodeDeploy appspec " + "file is located. The appspec file may be in JSON " + "or YAML format. The TaskDefinition " + "property will be updated within the appspec with " + "the newly registered task definition ARN, " + "overwriting any placeholder values in the file." + ), + 'required': True, }, { 'name': 'cluster', - 'help_text': ("The short name or full Amazon Resource Name " - "(ARN) of the cluster that your service is " - "running within. If you do not specify a " - "cluster, the \"default\" cluster is assumed."), - 'required': False + 'help_text': ( + "The short name or full Amazon Resource Name " + "(ARN) of the cluster that your service is " + "running within. If you do not specify a " + "cluster, the \"default\" cluster is assumed." + ), + 'required': False, }, { 'name': 'codedeploy-application', - 'help_text': ("The name of the AWS CodeDeploy application " - "to use for the deployment. The specified " - "application must use the 'ECS' compute " - "platform. If you do not specify an " - "application, the application name " - "AppECS-[CLUSTER_NAME]-[SERVICE_NAME] " - "is assumed."), - 'required': False + 'help_text': ( + "The name of the AWS CodeDeploy application " + "to use for the deployment. The specified " + "application must use the 'ECS' compute " + "platform. If you do not specify an " + "application, the application name " + "AppECS-[CLUSTER_NAME]-[SERVICE_NAME] " + "is assumed." + ), + 'required': False, }, { 'name': 'codedeploy-deployment-group', - 'help_text': ("The name of the AWS CodeDeploy deployment " - "group to use for the deployment. The " - "specified deployment group must be associated " - "with the specified ECS service and cluster. " - "If you do not specify a deployment group, " - "the deployment group name " - "DgpECS-[CLUSTER_NAME]-[SERVICE_NAME] " - "is assumed."), - 'required': False - } + 'help_text': ( + "The name of the AWS CodeDeploy deployment " + "group to use for the deployment. The " + "specified deployment group must be associated " + "with the specified ECS service and cluster. " + "If you do not specify a deployment group, " + "the deployment group name " + "DgpECS-[CLUSTER_NAME]-[SERVICE_NAME] " + "is assumed." + ), + 'required': False, + }, ] - MSG_TASK_DEF_REGISTERED = \ + MSG_TASK_DEF_REGISTERED = ( "Successfully registered new ECS task definition {arn}\n" + ) MSG_CREATED_DEPLOYMENT = "Successfully created deployment {id}\n" - MSG_SUCCESS = ("Successfully deployed {task_def} to " - "service '{service}'\n") + MSG_SUCCESS = "Successfully deployed {task_def} to service '{service}'\n" USER_AGENT_EXTRA = 'md/customization#ecs-deploy' def _run_main(self, parsed_args, parsed_globals): - - register_task_def_kwargs, appspec_obj = \ - self._load_file_args(parsed_args.task_definition, - parsed_args.codedeploy_appspec) + register_task_def_kwargs, appspec_obj = self._load_file_args( + parsed_args.task_definition, parsed_args.codedeploy_appspec + ) ecs_client_wrapper = ECSClient( - self._session, parsed_args, parsed_globals, self.USER_AGENT_EXTRA) + self._session, parsed_args, parsed_globals, self.USER_AGENT_EXTRA + ) self.resources = self._get_resource_names( - parsed_args, ecs_client_wrapper) + parsed_args, ecs_client_wrapper + ) codedeploy_client = self._session.create_client( 'codedeploy', region_name=parsed_globals.region, verify=parsed_globals.verify_ssl, - config=config.Config(user_agent_extra=self.USER_AGENT_EXTRA)) + config=config.Config(user_agent_extra=self.USER_AGENT_EXTRA), + ) self._validate_code_deploy_resources(codedeploy_client) self.wait_time = self._cd_validator.get_deployment_wait_time() self.task_def_arn = self._register_task_def( - register_task_def_kwargs, ecs_client_wrapper) + register_task_def_kwargs, ecs_client_wrapper + ) self._create_and_wait_for_deployment(codedeploy_client, appspec_obj) return 0 @@ -143,18 +159,19 @@ class ECSDeploy(BasicCommand): deployer = CodeDeployer(client, appspec) deployer.update_task_def_arn(self.task_def_arn) deployment_id = deployer.create_deployment( - self.resources['app_name'], - self.resources['deployment_group_name']) + self.resources['app_name'], self.resources['deployment_group_name'] + ) - sys.stdout.write(self.MSG_CREATED_DEPLOYMENT.format( - id=deployment_id)) + sys.stdout.write(self.MSG_CREATED_DEPLOYMENT.format(id=deployment_id)) deployer.wait_for_deploy_success(deployment_id, self.wait_time) service_name = self.resources['service'] sys.stdout.write( self.MSG_SUCCESS.format( - task_def=self.task_def_arn, service=service_name)) + task_def=self.task_def_arn, service=service_name + ) + ) sys.stdout.flush() def _get_file_contents(self, file_path): @@ -162,9 +179,8 @@ class ECSDeploy(BasicCommand): try: with compat_open(full_path) as f: return f.read() - except (OSError, IOError, UnicodeDecodeError) as e: - raise exceptions.FileLoadError( - file_path=file_path, error=e) + except (OSError, UnicodeDecodeError) as e: + raise exceptions.FileLoadError(file_path=file_path, error=e) def _get_resource_names(self, args, ecs_client): service_details = ecs_client.get_service_details() @@ -172,9 +188,11 @@ class ECSDeploy(BasicCommand): cluster_name = service_details['cluster_name'] application_name = filehelpers.get_app_name( - service_name, cluster_name, args.codedeploy_application) + service_name, cluster_name, args.codedeploy_application + ) deployment_group_name = filehelpers.get_deploy_group_name( - service_name, cluster_name, args.codedeploy_deployment_group) + service_name, cluster_name, args.codedeploy_deployment_group + ) return { 'service': service_name, @@ -182,7 +200,7 @@ class ECSDeploy(BasicCommand): 'cluster': cluster_name, 'cluster_arn': service_details['cluster_arn'], 'app_name': application_name, - 'deployment_group_name': deployment_group_name + 'deployment_group_name': deployment_group_name, } def _load_file_args(self, task_def_arg, appspec_arg): @@ -199,8 +217,7 @@ class ECSDeploy(BasicCommand): task_def_arn = response['taskDefinition']['taskDefinitionArn'] - sys.stdout.write(self.MSG_TASK_DEF_REGISTERED.format( - arn=task_def_arn)) + sys.stdout.write(self.MSG_TASK_DEF_REGISTERED.format(arn=task_def_arn)) sys.stdout.flush() return task_def_arn @@ -212,10 +229,11 @@ class ECSDeploy(BasicCommand): self._cd_validator = validator -class CodeDeployer(): - - MSG_WAITING = ("Waiting for {deployment_id} to succeed " - "(will wait up to {wait} minutes)...\n") +class CodeDeployer: + MSG_WAITING = ( + "Waiting for {deployment_id} to succeed " + "(will wait up to {wait} minutes)...\n" + ) def __init__(self, cd_client, appspec_dict): self._client = cd_client @@ -223,13 +241,15 @@ class CodeDeployer(): def create_deployment(self, app_name, deploy_grp_name): request_obj = self._get_create_deploy_request( - app_name, deploy_grp_name) + app_name, deploy_grp_name + ) try: response = self._client.create_deployment(**request_obj) except ClientError as e: raise exceptions.ServiceClientError( - action='create deployment', error=e) + action='create deployment', error=e + ) return response['deploymentId'] @@ -246,9 +266,9 @@ class CodeDeployer(): "revisionType": "AppSpecContent", "appSpecContent": { "content": json.dumps(self._appspec_dict), - "sha256": self._get_appspec_hash() - } - } + "sha256": self._get_appspec_hash(), + }, + }, } def update_task_def_arn(self, new_arn): @@ -270,7 +290,8 @@ class CodeDeployer(): appspec_obj = self._appspec_dict resources_key = filehelpers.find_required_key( - 'codedeploy-appspec', appspec_obj, 'resources') + 'codedeploy-appspec', appspec_obj, 'resources' + ) updated_resources = [] # 'resources' is a list of string:obj dictionaries @@ -280,11 +301,13 @@ class CodeDeployer(): resource_content = resource[name] # get resource properties properties_key = filehelpers.find_required_key( - name, resource_content, 'properties') + name, resource_content, 'properties' + ) properties_content = resource_content[properties_key] # find task definition property task_def_key = filehelpers.find_required_key( - properties_key, properties_content, 'taskDefinition') + properties_key, properties_content, 'taskDefinition' + ) # insert new task def ARN into resource properties_content[task_def_key] = new_arn @@ -305,22 +328,19 @@ class CodeDeployer(): delay_sec = DEFAULT_DELAY_SEC max_attempts = (wait_min * 60) / delay_sec - config = { - 'Delay': delay_sec, - 'MaxAttempts': max_attempts - } + config = {'Delay': delay_sec, 'MaxAttempts': max_attempts} self._show_deploy_wait_msg(id, wait_min) waiter.wait(deploymentId=id, WaiterConfig=config) def _show_deploy_wait_msg(self, id, wait_min): sys.stdout.write( - self.MSG_WAITING.format(deployment_id=id, - wait=wait_min)) + self.MSG_WAITING.format(deployment_id=id, wait=wait_min) + ) sys.stdout.flush() -class CodeDeployValidator(): +class CodeDeployValidator: def __init__(self, cd_client, resources): self._client = cd_client self._resource_names = resources @@ -328,35 +348,42 @@ class CodeDeployValidator(): def describe_cd_resources(self): try: self.app_details = self._client.get_application( - applicationName=self._resource_names['app_name']) + applicationName=self._resource_names['app_name'] + ) except ClientError as e: raise exceptions.ServiceClientError( - action='describe Code Deploy application', error=e) + action='describe Code Deploy application', error=e + ) try: dgp = self._resource_names['deployment_group_name'] app = self._resource_names['app_name'] self.deployment_group_details = self._client.get_deployment_group( - applicationName=app, deploymentGroupName=dgp) + applicationName=app, deploymentGroupName=dgp + ) except ClientError as e: raise exceptions.ServiceClientError( - action='describe Code Deploy deployment group', error=e) + action='describe Code Deploy deployment group', error=e + ) def get_deployment_wait_time(self): - - if (not hasattr(self, 'deployment_group_details') or - self.deployment_group_details is None): + if ( + not hasattr(self, 'deployment_group_details') + or self.deployment_group_details is None + ): return None else: dgp_info = self.deployment_group_details['deploymentGroupInfo'] blue_green_info = dgp_info['blueGreenDeploymentConfiguration'] - deploy_ready_wait_min = \ - blue_green_info['deploymentReadyOption']['waitTimeInMinutes'] + deploy_ready_wait_min = blue_green_info['deploymentReadyOption'][ + 'waitTimeInMinutes' + ] terminate_key = 'terminateBlueInstancesOnDeploymentSuccess' - termination_wait_min = \ - blue_green_info[terminate_key]['terminationWaitTimeInMinutes'] + termination_wait_min = blue_green_info[terminate_key][ + 'terminationWaitTimeInMinutes' + ] configured_wait = deploy_ready_wait_min + termination_wait_min @@ -370,7 +397,8 @@ class CodeDeployValidator(): app_name = self._resource_names['app_name'] if self.app_details['application']['computePlatform'] != 'ECS': raise exceptions.InvalidPlatformError( - resource='Application', name=app_name) + resource='Application', name=app_name + ) def validate_deployment_group(self): dgp = self._resource_names['deployment_group_name'] @@ -384,26 +412,29 @@ class CodeDeployValidator(): if compute_platform != 'ECS': raise exceptions.InvalidPlatformError( - resource='Deployment Group', name=dgp) + resource='Deployment Group', name=dgp + ) - target_services = \ - self.deployment_group_details['deploymentGroupInfo']['ecsServices'] + target_services = self.deployment_group_details['deploymentGroupInfo'][ + 'ecsServices' + ] # either ECS resource names or ARNs can be stored, so check both for target in target_services: target_serv = target['serviceName'] if target_serv != service and target_serv != service_arn: raise exceptions.InvalidProperyError( - dg_name=dgp, resource='service', resource_name=service) + dg_name=dgp, resource='service', resource_name=service + ) target_cluster = target['clusterName'] if target_cluster != cluster and target_cluster != cluster_arn: raise exceptions.InvalidProperyError( - dg_name=dgp, resource='cluster', resource_name=cluster) - + dg_name=dgp, resource='cluster', resource_name=cluster + ) -class ECSClient(): +class ECSClient: def __init__(self, session, parsed_args, parsed_globals, user_agent_extra): self._args = parsed_args self._custom_config = config.Config(user_agent_extra=user_agent_extra) @@ -412,7 +443,8 @@ class ECSClient(): region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, verify=parsed_globals.verify_ssl, - config=self._custom_config) + config=self._custom_config, + ) def get_service_details(self): cluster = self._args.cluster @@ -422,33 +454,36 @@ class ECSClient(): try: service_response = self._client.describe_services( - cluster=cluster, services=[self._args.service]) + cluster=cluster, services=[self._args.service] + ) except ClientError as e: raise exceptions.ServiceClientError( - action='describe ECS service', error=e) + action='describe ECS service', error=e + ) if len(service_response['services']) == 0: raise exceptions.InvalidServiceError( - service=self._args.service, cluster=cluster) + service=self._args.service, cluster=cluster + ) service_details = service_response['services'][0] - cluster_name = \ - filehelpers.get_cluster_name_from_arn( - service_details['clusterArn']) + cluster_name = filehelpers.get_cluster_name_from_arn( + service_details['clusterArn'] + ) return { 'service_arn': service_details['serviceArn'], 'service_name': service_details['serviceName'], 'cluster_arn': service_details['clusterArn'], - 'cluster_name': cluster_name + 'cluster_name': cluster_name, } def register_task_definition(self, kwargs): try: - response = \ - self._client.register_task_definition(**kwargs) + response = self._client.register_task_definition(**kwargs) except ClientError as e: raise exceptions.ServiceClientError( - action='register ECS task definition', error=e) + action='register ECS task definition', error=e + ) return response diff -pruN 2.23.6-1/awscli/customizations/ecs/exceptions.py 2.31.35-1/awscli/customizations/ecs/exceptions.py --- 2.23.6-1/awscli/customizations/ecs/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecs/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,7 +13,8 @@ class ECSError(Exception): - """ Base class for all ECSErrors.""" + """Base class for all ECSErrors.""" + fmt = 'An unspecified error occurred' def __init__(self, **kwargs): @@ -23,8 +24,7 @@ class ECSError(Exception): class MissingPropertyError(ECSError): - fmt = \ - "Error: Resource '{resource}' must include property '{prop_name}'" + fmt = "Error: Resource '{resource}' must include property '{prop_name}'" class FileLoadError(ECSError): @@ -36,8 +36,10 @@ class InvalidPlatformError(ECSError): class InvalidProperyError(ECSError): - fmt = ("Error: deployment group '{dg_name}' does not target " - "ECS {resource} '{resource_name}'") + fmt = ( + "Error: deployment group '{dg_name}' does not target " + "ECS {resource} '{resource_name}'" + ) class InvalidServiceError(ECSError): @@ -45,4 +47,4 @@ class InvalidServiceError(ECSError): class ServiceClientError(ECSError): - fmt = "Failed to {action}:\n{error}" \ No newline at end of file + fmt = "Failed to {action}:\n{error}" diff -pruN 2.23.6-1/awscli/customizations/ecs/executecommand.py 2.31.35-1/awscli/customizations/ecs/executecommand.py --- 2.23.6-1/awscli/customizations/ecs/executecommand.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecs/executecommand.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,13 +10,13 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import logging -import json import errno - +import json +import logging from subprocess import check_call + +from awscli.clidriver import CLIOperationCaller, ServiceOperation from awscli.compat import ignore_user_entered_signals -from awscli.clidriver import ServiceOperation, CLIOperationCaller logger = logging.getLogger(__name__) @@ -24,17 +24,13 @@ ERROR_MESSAGE = ( 'SessionManagerPlugin is not found. ', 'Please refer to SessionManager Documentation here: ', 'http://docs.aws.amazon.com/console/systems-manager/', - 'session-manager-plugin-not-found' + 'session-manager-plugin-not-found', ) -TASK_NOT_FOUND = ( - 'The task provided in the request was ' - 'not found.' -) +TASK_NOT_FOUND = 'The task provided in the request was not found.' class ECSExecuteCommand(ServiceOperation): - def create_help_command(self): help_command = super(ECSExecuteCommand, self).create_help_command() # change the output shape because the command provides no output. @@ -43,10 +39,7 @@ class ECSExecuteCommand(ServiceOperation def get_container_runtime_id(client, container_name, task_id, cluster_name): - describe_tasks_params = { - "cluster": cluster_name, - "tasks": [task_id] - } + describe_tasks_params = {"cluster": cluster_name, "tasks": [task_id]} describe_tasks_response = client.describe_tasks(**describe_tasks_params) # need to fail here if task has failed in the intermediate time tasks = describe_tasks_response['tasks'] @@ -64,11 +57,10 @@ def build_ssm_request_paramaters(respons container_name = response['containerName'] # in order to get container run-time id # we need to make a call to describe-tasks - container_runtime_id = \ - get_container_runtime_id(client, container_name, - task_id, cluster_name) - target = "ecs:{}_{}_{}".format(cluster_name, task_id, - container_runtime_id) + container_runtime_id = get_container_runtime_id( + client, container_name, task_id, cluster_name + ) + target = f"ecs:{cluster_name}_{task_id}_{container_runtime_id}" ssm_request_params = {"Target": target} return ssm_request_params @@ -85,13 +77,18 @@ class ExecuteCommandCaller(CLIOperationC # before execute-command-command is made check_call(["session-manager-plugin"]) client = self._session.create_client( - service_name, region_name=parsed_globals.region, + service_name, + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) response = client.execute_command(**parameters) region_name = client.meta.region_name - profile_name = self._session.profile \ - if self._session.profile is not None else '' + profile_name = ( + self._session.profile + if self._session.profile is not None + else '' + ) endpoint_url = client.meta.endpoint_url ssm_request_params = build_ssm_request_paramaters(response, client) # ignore_user_entered_signals ignores these signals @@ -102,16 +99,21 @@ class ExecuteCommandCaller(CLIOperationC # and handling in there with ignore_user_entered_signals(): # call executable with necessary input - check_call(["session-manager-plugin", - json.dumps(response['session']), - region_name, - "StartSession", - profile_name, - json.dumps(ssm_request_params), - endpoint_url]) + check_call( + [ + "session-manager-plugin", + json.dumps(response['session']), + region_name, + "StartSession", + profile_name, + json.dumps(ssm_request_params), + endpoint_url, + ] + ) return 0 except OSError as ex: if ex.errno == errno.ENOENT: - logger.debug('SessionManagerPlugin is not present', - exc_info=True) + logger.debug( + 'SessionManagerPlugin is not present', exc_info=True + ) raise ValueError(''.join(ERROR_MESSAGE)) diff -pruN 2.23.6-1/awscli/customizations/ecs/filehelpers.py 2.31.35-1/awscli/customizations/ecs/filehelpers.py --- 2.23.6-1/awscli/customizations/ecs/filehelpers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/ecs/filehelpers.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import json + from ruamel.yaml import YAML from awscli.customizations.ecs import exceptions @@ -21,16 +22,17 @@ DGP_PREFIX = 'DgpECS-' def find_required_key(resource_name, obj, key): - if obj is None: raise exceptions.MissingPropertyError( - resource=resource_name, prop_name=key) + resource=resource_name, prop_name=key + ) result = _get_case_insensitive_key(obj, key) if result is None: raise exceptions.MissingPropertyError( - resource=resource_name, prop_name=key) + resource=resource_name, prop_name=key + ) else: return result diff -pruN 2.23.6-1/awscli/customizations/eks/__init__.py 2.31.35-1/awscli/customizations/eks/__init__.py --- 2.23.6-1/awscli/customizations/eks/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.eks.update_kubeconfig import UpdateKubeconfigCommand from awscli.customizations.eks.get_token import GetTokenCommand +from awscli.customizations.eks.update_kubeconfig import UpdateKubeconfigCommand def initialize(cli): diff -pruN 2.23.6-1/awscli/customizations/eks/exceptions.py 2.31.35-1/awscli/customizations/eks/exceptions.py --- 2.23.6-1/awscli/customizations/eks/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,8 +13,8 @@ class EKSError(Exception): - """ Base class for all EKSErrors.""" + """Base class for all EKSErrors.""" class EKSClusterError(EKSError): - """ Raised when a cluster is not in the correct state.""" + """Raised when a cluster is not in the correct state.""" diff -pruN 2.23.6-1/awscli/customizations/eks/get_token.py 2.31.35-1/awscli/customizations/eks/get_token.py --- 2.23.6-1/awscli/customizations/eks/get_token.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/get_token.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,19 +11,18 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import base64 -import botocore import json import os import sys - from datetime import datetime, timedelta -from botocore.signers import RequestSigner + +import botocore from botocore.model import ServiceId +from botocore.signers import RequestSigner -from awscli.formatter import get_formatter from awscli.customizations.commands import BasicCommand -from awscli.customizations.utils import uni_print -from awscli.customizations.utils import validate_mutually_exclusive +from awscli.customizations.utils import uni_print, validate_mutually_exclusive +from awscli.formatter import get_formatter AUTH_SERVICE = "sts" AUTH_COMMAND = "GetCallerIdentity" @@ -116,15 +115,19 @@ class GetTokenCommand(BasicCommand): sts_client = client_factory.get_sts_client( region_name=parsed_globals.region, role_arn=parsed_args.role_arn ) - - validate_mutually_exclusive(parsed_args, ['cluster_name'], ['cluster_id']) + + validate_mutually_exclusive( + parsed_args, ['cluster_name'], ['cluster_id'] + ) if parsed_args.cluster_id: identifier = parsed_args.cluster_id elif parsed_args.cluster_name: identifier = parsed_args.cluster_name else: - return ValueError("Either parameter --cluster-name or --cluster-id must be specified.") + return ValueError( + "Either parameter --cluster-name or --cluster-id must be specified." + ) token = TokenGenerator(sts_client).get_token(identifier) @@ -215,7 +218,7 @@ class GetTokenCommand(BasicCommand): return fallback_api_version -class TokenGenerator(object): +class TokenGenerator: def __init__(self, sts_client): self._sts_client = sts_client @@ -236,7 +239,7 @@ class TokenGenerator(object): ) -class STSClientFactory(object): +class STSClientFactory: def __init__(self, session): self._session = session @@ -273,4 +276,6 @@ class STSClientFactory(object): def _inject_k8s_aws_id_header(self, request, **kwargs): if K8S_AWS_ID_HEADER in request.context: - request.headers[K8S_AWS_ID_HEADER] = request.context[K8S_AWS_ID_HEADER] + request.headers[K8S_AWS_ID_HEADER] = request.context[ + K8S_AWS_ID_HEADER + ] diff -pruN 2.23.6-1/awscli/customizations/eks/kubeconfig.py 2.31.35-1/awscli/customizations/eks/kubeconfig.py --- 2.23.6-1/awscli/customizations/eks/kubeconfig.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/kubeconfig.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,36 +20,38 @@ from botocore.compat import OrderedDict from awscli.compat import compat_open from awscli.customizations.eks.exceptions import EKSError from awscli.customizations.eks.ordered_yaml import ( + ordered_yaml_dump, ordered_yaml_load, - ordered_yaml_dump ) class KubeconfigError(EKSError): - """ Base class for all kubeconfig errors.""" + """Base class for all kubeconfig errors.""" class KubeconfigCorruptedError(KubeconfigError): - """ Raised when a kubeconfig cannot be parsed.""" + """Raised when a kubeconfig cannot be parsed.""" class KubeconfigInaccessableError(KubeconfigError): - """ Raised when a kubeconfig cannot be opened for read/writing.""" + """Raised when a kubeconfig cannot be opened for read/writing.""" def _get_new_kubeconfig_content(): - return OrderedDict([ - ("apiVersion", "v1"), - ("clusters", []), - ("contexts", []), - ("current-context", ""), - ("kind", "Config"), - ("preferences", OrderedDict()), - ("users", []) - ]) + return OrderedDict( + [ + ("apiVersion", "v1"), + ("clusters", []), + ("contexts", []), + ("current-context", ""), + ("kind", "Config"), + ("preferences", OrderedDict()), + ("users", []), + ] + ) -class Kubeconfig(object): +class Kubeconfig: def __init__(self, path, content=None): self.path = path if content is None: @@ -57,7 +59,7 @@ class Kubeconfig(object): self.content = content def dump_content(self): - """ Return the stored content in yaml format. """ + """Return the stored content in yaml format.""" return ordered_yaml_dump(self.content) def has_cluster(self, name): @@ -67,18 +69,21 @@ class Kubeconfig(object): """ if self.content.get('clusters') is None: return False - return name in [cluster['name'] - for cluster in self.content['clusters'] if 'name' in cluster] + return name in [ + cluster['name'] + for cluster in self.content['clusters'] + if 'name' in cluster + ] def __eq__(self, other): return ( - isinstance(other, Kubeconfig) - and self.path == other.path - and self.content == other.content + isinstance(other, Kubeconfig) + and self.path == other.path + and self.content == other.content ) -class KubeconfigValidator(object): +class KubeconfigValidator: def __init__(self): # Validation_content is an empty Kubeconfig # It is used as a way to know what types different entries should be @@ -92,8 +97,9 @@ class KubeconfigValidator(object): :type config: Kubeconfig """ if not isinstance(config, Kubeconfig): - raise KubeconfigCorruptedError("Internal error: " - f"Not a {Kubeconfig}.") + raise KubeconfigCorruptedError( + f"Internal error: Not a {Kubeconfig}." + ) self._validate_config_types(config) self._validate_list_entry_types(config) @@ -108,9 +114,11 @@ class KubeconfigValidator(object): if not isinstance(config.content, dict): raise KubeconfigCorruptedError(f"Content not a {dict}.") for key, value in self._validation_content.items(): - if (key in config.content and - config.content[key] is not None and - not isinstance(config.content[key], type(value))): + if ( + key in config.content + and config.content[key] is not None + and not isinstance(config.content[key], type(value)) + ): raise KubeconfigCorruptedError( f"{key} is wrong type: {type(config.content[key])} " f"(Should be {type(value)})" @@ -125,19 +133,19 @@ class KubeconfigValidator(object): :type config: Kubeconfig """ for key, value in self._validation_content.items(): - if (key in config.content and - type(config.content[key]) == list): + if key in config.content and type(config.content[key]) == list: for element in config.content[key]: if not isinstance(element, OrderedDict): raise KubeconfigCorruptedError( - f"Entry in {key} not a {dict}. ") + f"Entry in {key} not a {dict}. " + ) -class KubeconfigLoader(object): - def __init__(self, validator = None): +class KubeconfigLoader: + def __init__(self, validator=None): if validator is None: - validator=KubeconfigValidator() - self._validator=validator + validator = KubeconfigValidator() + self._validator = validator def load_kubeconfig(self, path): """ @@ -159,23 +167,25 @@ class KubeconfigLoader(object): try: with compat_open(path, "r") as stream: loaded_content = ordered_yaml_load(stream) - except IOError as e: + except OSError as e: if e.errno == errno.ENOENT: - loaded_content=None + loaded_content = None else: raise KubeconfigInaccessableError( - f"Can't open kubeconfig for reading: {e}") + f"Can't open kubeconfig for reading: {e}" + ) except yaml.YAMLError as e: raise KubeconfigCorruptedError( - f"YamlError while loading kubeconfig: {e}") + f"YamlError while loading kubeconfig: {e}" + ) - loaded_config=Kubeconfig(path, loaded_content) + loaded_config = Kubeconfig(path, loaded_content) self._validator.validate_config(loaded_config) return loaded_config -class KubeconfigWriter(object): +class KubeconfigWriter: def write_kubeconfig(self, config): """ Write config to disk. @@ -187,24 +197,27 @@ class KubeconfigWriter(object): :raises KubeconfigInaccessableError: if the kubeconfig can't be opened for writing """ - directory=os.path.dirname(config.path) + directory = os.path.dirname(config.path) try: os.makedirs(directory) except OSError as e: if e.errno != errno.EEXIST: raise KubeconfigInaccessableError( - f"Can't create directory for writing: {e}") + f"Can't create directory for writing: {e}" + ) try: with compat_open( - config.path, "w+", access_permissions=0o600) as stream: + config.path, "w+", access_permissions=0o600 + ) as stream: ordered_yaml_dump(config.content, stream) - except IOError as e: + except OSError as e: raise KubeconfigInaccessableError( - f"Can't open kubeconfig for writing: {e}") + f"Can't open kubeconfig for writing: {e}" + ) -class KubeconfigAppender(object): +class KubeconfigAppender: def insert_entry(self, config, key, new_entry): """ Insert entry into the entries list at content[key] @@ -213,42 +226,48 @@ class KubeconfigAppender(object): :param config: The kubeconfig to insert an entry into :type config: Kubeconfig """ - entries=self._setdefault_existing_entries(config, key) - same_name_index=self._index_same_name(entries, new_entry) + entries = self._setdefault_existing_entries(config, key) + same_name_index = self._index_same_name(entries, new_entry) if same_name_index is None: entries.append(new_entry) else: - entries[same_name_index]=new_entry + entries[same_name_index] = new_entry return config def _setdefault_existing_entries(self, config, key): - config.content[key]=config.content.get(key) or [] - entries=config.content[key] + config.content[key] = config.content.get(key) or [] + entries = config.content[key] if not isinstance(entries, list): - raise KubeconfigError(f"Tried to insert into {key}, " - f"which is a {type(entries)} " - f"not a {list}") + raise KubeconfigError( + f"Tried to insert into {key}, " + f"which is a {type(entries)} " + f"not a {list}" + ) return entries def _index_same_name(self, entries, new_entry): if "name" in new_entry: - name_to_search=new_entry["name"] + name_to_search = new_entry["name"] for i, entry in enumerate(entries): if "name" in entry and entry["name"] == name_to_search: return i return None - def _make_context(self, cluster, user, alias = None): - """ Generate a context to associate cluster and user with a given alias.""" - return OrderedDict([ - ("context", OrderedDict([ - ("cluster", cluster["name"]), - ("user", user["name"]) - ])), - ("name", alias or user["name"]) - ]) + def _make_context(self, cluster, user, alias=None): + """Generate a context to associate cluster and user with a given alias.""" + return OrderedDict( + [ + ( + "context", + OrderedDict( + [("cluster", cluster["name"]), ("user", user["name"])] + ), + ), + ("name", alias or user["name"]), + ] + ) - def insert_cluster_user_pair(self, config, cluster, user, alias = None): + def insert_cluster_user_pair(self, config, cluster, user, alias=None): """ Insert the passed cluster entry and user entry, then make a context to associate them @@ -270,11 +289,11 @@ class KubeconfigAppender(object): :return: The generated context :rtype: OrderedDict """ - context=self._make_context(cluster, user, alias = alias) + context = self._make_context(cluster, user, alias=alias) self.insert_entry(config, "clusters", cluster) self.insert_entry(config, "users", user) self.insert_entry(config, "contexts", context) - config.content["current-context"]=context["name"] + config.content["current-context"] = context["name"] return context diff -pruN 2.23.6-1/awscli/customizations/eks/ordered_yaml.py 2.31.35-1/awscli/customizations/eks/ordered_yaml.py --- 2.23.6-1/awscli/customizations/eks/ordered_yaml.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/ordered_yaml.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,21 +15,25 @@ from botocore.compat import OrderedDict from awscli.utils import dump_yaml_to_str + def _ordered_constructor(loader, node): loader.flatten_mapping(node) return OrderedDict(loader.construct_pairs(node)) + def _ordered_representer(dumper, data): return dumper.represent_mapping( - ruamel.yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, - data.items()) + ruamel.yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, data.items() + ) + def ordered_yaml_load(stream): - """ Load an OrderedDict object from a yaml stream.""" + """Load an OrderedDict object from a yaml stream.""" yaml = ruamel.yaml.YAML(typ="safe", pure=True) yaml.Constructor.add_constructor( ruamel.yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, - _ordered_constructor) + _ordered_constructor, + ) return yaml.load(stream) diff -pruN 2.23.6-1/awscli/customizations/eks/update_kubeconfig.py 2.31.35-1/awscli/customizations/eks/update_kubeconfig.py --- 2.23.6-1/awscli/customizations/eks/update_kubeconfig.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/eks/update_kubeconfig.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,11 +20,11 @@ from awscli.customizations.commands impo from awscli.customizations.eks.exceptions import EKSClusterError from awscli.customizations.eks.kubeconfig import ( Kubeconfig, + KubeconfigAppender, KubeconfigError, KubeconfigLoader, - KubeconfigWriter, KubeconfigValidator, - KubeconfigAppender + KubeconfigWriter, ) from awscli.customizations.eks.ordered_yaml import ordered_yaml_dump from awscli.customizations.utils import uni_print @@ -37,75 +37,106 @@ DEFAULT_PATH = os.path.expanduser("~/.ku # this can be safely changed to default to writing "v1" API_VERSION = "client.authentication.k8s.io/v1beta1" + class UpdateKubeconfigCommand(BasicCommand): NAME = 'update-kubeconfig' DESCRIPTION = BasicCommand.FROM_FILE( - 'eks', - 'update-kubeconfig', - '_description.rst' + 'eks', 'update-kubeconfig', '_description.rst' ) ARG_TABLE = [ { 'name': 'name', 'dest': 'cluster_name', - 'help_text': ("The name of the cluster for which " - "to create a kubeconfig entry. " - "This cluster must exist in your account and in the " - "specified or configured default Region " - "for your AWS CLI installation."), - 'required': True + 'help_text': ( + "The name of the cluster for which " + "to create a kubeconfig entry. " + "This cluster must exist in your account and in the " + "specified or configured default Region " + "for your AWS CLI installation." + ), + 'required': True, }, { 'name': 'kubeconfig', - 'help_text': ("Optionally specify a kubeconfig file to append " - "with your configuration. " - "By default, the configuration is written to the " - "first file path in the KUBECONFIG " - "environment variable (if it is set) " - "or the default kubeconfig path (.kube/config) " - "in your home directory."), - 'required': False + 'help_text': ( + "Optionally specify a kubeconfig file to append " + "with your configuration. " + "By default, the configuration is written to the " + "first file path in the KUBECONFIG " + "environment variable (if it is set) " + "or the default kubeconfig path (.kube/config) " + "in your home directory." + ), + 'required': False, }, { 'name': 'role-arn', - 'help_text': ("To assume a role for cluster authentication, " - "specify an IAM role ARN with this option. " - "For example, if you created a cluster " - "while assuming an IAM role, " - "then you must also assume that role to " - "connect to the cluster the first time."), - 'required': False + 'help_text': ( + "To assume a role for cluster authentication, " + "specify an IAM role ARN with this option. " + "For example, if you created a cluster " + "while assuming an IAM role, " + "then you must also assume that role to " + "connect to the cluster the first time." + ), + 'required': False, + }, + { + 'name': 'proxy-url', + 'help_text': ( + "Optionally specify a proxy url to route " + "traffic via when connecting to a cluster." + ), + 'required': False, }, { 'name': 'dry-run', 'action': 'store_true', 'default': False, - 'help_text': ("Print the merged kubeconfig to stdout instead of " - "writing it to the specified file."), - 'required': False + 'help_text': ( + "Print the merged kubeconfig to stdout instead of " + "writing it to the specified file." + ), + 'required': False, }, { 'name': 'verbose', 'action': 'store_true', 'default': False, - 'help_text': ("Print more detailed output " - "when writing to the kubeconfig file, " - "including the appended entries.") + 'help_text': ( + "Print more detailed output " + "when writing to the kubeconfig file, " + "including the appended entries." + ), }, { 'name': 'alias', - 'help_text': ("Alias for the cluster context name. " - "Defaults to match cluster ARN."), - 'required': False + 'help_text': ( + "Alias for the cluster context name. " + "Defaults to match cluster ARN." + ), + 'required': False, }, { 'name': 'user-alias', - 'help_text': ("Alias for the generated user name. " - "Defaults to match cluster ARN."), - 'required': False - } + 'help_text': ( + "Alias for the generated user name. " + "Defaults to match cluster ARN." + ), + 'required': False, + }, + { + 'name': 'assume-role-arn', + 'help_text': ( + 'To assume a role for retrieving cluster information, ' + 'specify an IAM role ARN with this option. ' + 'Use this for cross-account access to get cluster details ' + 'from the account where the cluster resides.' + ), + 'required': False, + }, ] def _display_entries(self, entries): @@ -121,25 +152,25 @@ class UpdateKubeconfigCommand(BasicComma uni_print("\n") def _run_main(self, parsed_args, parsed_globals): - client = EKSClient(self._session, - parsed_args=parsed_args, - parsed_globals=parsed_globals) + client = EKSClient( + self._session, + parsed_args=parsed_args, + parsed_globals=parsed_globals, + ) new_cluster_dict = client.get_cluster_entry() - new_user_dict = client.get_user_entry(user_alias=parsed_args.user_alias) + new_user_dict = client.get_user_entry( + user_alias=parsed_args.user_alias + ) config_selector = KubeconfigSelector( - os.environ.get("KUBECONFIG", ""), - parsed_args.kubeconfig - ) - config = config_selector.choose_kubeconfig( - new_cluster_dict["name"] + os.environ.get("KUBECONFIG", ""), parsed_args.kubeconfig ) + config = config_selector.choose_kubeconfig(new_cluster_dict["name"]) updating_existing = config.has_cluster(new_cluster_dict["name"]) appender = KubeconfigAppender() - new_context_dict = appender.insert_cluster_user_pair(config, - new_cluster_dict, - new_user_dict, - parsed_args.alias) + new_context_dict = appender.insert_cluster_user_pair( + config, new_cluster_dict, new_user_dict, parsed_args.alias + ) if parsed_args.dry_run: uni_print(config.dump_content()) @@ -148,27 +179,23 @@ class UpdateKubeconfigCommand(BasicComma writer.write_kubeconfig(config) if updating_existing: - uni_print("Updated context {0} in {1}\n".format( - new_context_dict["name"], config.path - )) + uni_print( + f"Updated context {new_context_dict['name']} in {config.path}\n" + ) else: - uni_print("Added new context {0} to {1}\n".format( - new_context_dict["name"], config.path - )) + uni_print( + f"Added new context {new_context_dict['name']} to {config.path}\n" + ) if parsed_args.verbose: - self._display_entries([ - new_context_dict, - new_user_dict, - new_cluster_dict - ]) + self._display_entries( + [new_context_dict, new_user_dict, new_cluster_dict] + ) return 0 -class KubeconfigSelector(object): - - def __init__(self, env_variable, path_in, validator=None, - loader=None): +class KubeconfigSelector: + def __init__(self, env_variable, path_in, validator=None, loader=None): """ Parse KUBECONFIG into a list of absolute paths. Also replace the empty list with DEFAULT_PATH @@ -194,9 +221,11 @@ class KubeconfigSelector(object): # Get the list of paths from the environment variable if env_variable == "": env_variable = DEFAULT_PATH - self._paths = [self._expand_path(element) - for element in env_variable.split(os.pathsep) - if len(element.strip()) > 0] + self._paths = [ + self._expand_path(element) + for element in env_variable.split(os.pathsep) + if len(element.strip()) > 0 + ] if len(self._paths) == 0: self._paths = [DEFAULT_PATH] @@ -219,12 +248,10 @@ class KubeconfigSelector(object): loaded_config = self._loader.load_kubeconfig(candidate_path) if loaded_config.has_cluster(cluster_name): - LOG.debug("Found entry to update at {0}".format( - candidate_path - )) + LOG.debug("Found entry to update at %s", candidate_path) return loaded_config except KubeconfigError as e: - LOG.warning("Passing {0}:{1}".format(candidate_path, e)) + LOG.warning("Passing %s:%s", candidate_path, e) # No entry was found, use the first file in KUBECONFIG # @@ -232,11 +259,11 @@ class KubeconfigSelector(object): return self._loader.load_kubeconfig(self._paths[0]) def _expand_path(self, path): - """ A helper to expand a path to a full absolute path. """ + """A helper to expand a path to a full absolute path.""" return os.path.abspath(os.path.expanduser(path)) -class EKSClient(object): +class EKSClient: def __init__(self, session, parsed_args, parsed_globals=None): self._session = session self._cluster_name = parsed_args.cluster_name @@ -251,27 +278,46 @@ class EKSClient(object): Cache the response in self._cluster_description. describe-cluster will only be called once. """ - if self._cluster_description is None: - if self._parsed_globals is None: - client = self._session.create_client("eks") - else: - client = self._session.create_client( - "eks", - region_name=self._parsed_globals.region, - endpoint_url=self._parsed_globals.endpoint_url, - verify=self._parsed_globals.verify_ssl - ) - full_description = client.describe_cluster(name=self._cluster_name) - self._cluster_description = full_description["cluster"] + if self._cluster_description is not None: + return self._cluster_description - if "status" not in self._cluster_description: - raise EKSClusterError("Cluster not found") - if self._cluster_description["status"] not in ["ACTIVE", "UPDATING"]: - raise EKSClusterError("Cluster status is {0}".format( - self._cluster_description["status"] - )) + client_kwargs = {} + if self._parsed_globals: + client_kwargs.update( + { + "region_name": self._parsed_globals.region, + "endpoint_url": self._parsed_globals.endpoint_url, + "verify": self._parsed_globals.verify_ssl, + } + ) + + # Handle role assumption if needed + if getattr(self._parsed_args, 'assume_role_arn', None): + sts_client = self._session.create_client('sts') + credentials = sts_client.assume_role( + RoleArn=self._parsed_args.assume_role_arn, + RoleSessionName='EKSDescribeClusterSession', + )["Credentials"] + + client_kwargs.update( + { + "aws_access_key_id": credentials["AccessKeyId"], + "aws_secret_access_key": credentials["SecretAccessKey"], + "aws_session_token": credentials["SessionToken"], + } + ) + + client = self._session.create_client("eks", **client_kwargs) + full_description = client.describe_cluster(name=self._cluster_name) + cluster = full_description.get("cluster") + + if not cluster or "status" not in cluster: + raise EKSClusterError("Cluster not found") + if cluster["status"] not in ["ACTIVE", "UPDATING"]: + raise EKSClusterError(f"Cluster status is {cluster['status']}") - return self._cluster_description + self._cluster_description = cluster + return cluster def get_cluster_entry(self): """ @@ -279,17 +325,33 @@ class EKSClient(object): the previously obtained description. """ - cert_data = self.cluster_description.get("certificateAuthority", {}).get("data", "") + cert_data = self.cluster_description.get( + "certificateAuthority", {} + ).get("data", "") endpoint = self.cluster_description.get("endpoint") arn = self.cluster_description.get("arn") - return OrderedDict([ - ("cluster", OrderedDict([ - ("certificate-authority-data", cert_data), - ("server", endpoint) - ])), - ("name", arn) - ]) + generated_cluster = OrderedDict( + [ + ( + "cluster", + OrderedDict( + [ + ("certificate-authority-data", cert_data), + ("server", endpoint), + ] + ), + ), + ("name", arn), + ] + ) + + if self._parsed_args.proxy_url is not None: + generated_cluster["cluster"]["proxy-url"] = ( + self._parsed_args.proxy_url + ) + + return generated_cluster def get_user_entry(self, user_alias=None): """ @@ -307,37 +369,54 @@ class EKSClient(object): cluster_identification_parameter = "--cluster-id" cluster_identification_value = self.cluster_description.get("id") - generated_user = OrderedDict([ - ("name", user_alias or self.cluster_description.get("arn", "")), - ("user", OrderedDict([ - ("exec", OrderedDict([ - ("apiVersion", API_VERSION), - ("args", + generated_user = OrderedDict( + [ + ( + "name", + user_alias or self.cluster_description.get("arn", ""), + ), + ( + "user", + OrderedDict( [ - "--region", - region, - "eks", - "get-token", - cluster_identification_parameter, - cluster_identification_value, - "--output", - "json", - ]), - ("command", "aws"), - ])) - ])) - ]) + ( + "exec", + OrderedDict( + [ + ("apiVersion", API_VERSION), + ( + "args", + [ + "--region", + region, + "eks", + "get-token", + cluster_identification_parameter, + cluster_identification_value, + "--output", + "json", + ], + ), + ("command", "aws"), + ] + ), + ) + ] + ), + ), + ] + ) if self._parsed_args.role_arn is not None: - generated_user["user"]["exec"]["args"].extend([ - "--role", - self._parsed_args.role_arn - ]) + generated_user["user"]["exec"]["args"].extend( + ["--role", self._parsed_args.role_arn] + ) if self._session.profile: - generated_user["user"]["exec"]["env"] = [OrderedDict([ - ("name", "AWS_PROFILE"), - ("value", self._session.profile) - ])] + generated_user["user"]["exec"]["env"] = [ + OrderedDict( + [("name", "AWS_PROFILE"), ("value", self._session.profile)] + ) + ] return generated_user diff -pruN 2.23.6-1/awscli/customizations/emr/addinstancegroups.py 2.31.35-1/awscli/customizations/emr/addinstancegroups.py --- 2.23.6-1/awscli/customizations/emr/addinstancegroups.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/addinstancegroups.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,10 +12,12 @@ # language governing permissions and limitations under the License. -from awscli.customizations.emr import argumentschema -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import helptext -from awscli.customizations.emr import instancegroupsutils +from awscli.customizations.emr import ( + argumentschema, + emrutils, + helptext, + instancegroupsutils, +) from awscli.customizations.emr.command import Command @@ -23,29 +25,46 @@ class AddInstanceGroups(Command): NAME = 'add-instance-groups' DESCRIPTION = 'Adds an instance group to a running cluster.' ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'instance-groups', 'required': True, - 'help_text': helptext.INSTANCE_GROUPS, - 'schema': argumentschema.INSTANCE_GROUPS_SCHEMA} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'instance-groups', + 'required': True, + 'help_text': helptext.INSTANCE_GROUPS, + 'schema': argumentschema.INSTANCE_GROUPS_SCHEMA, + }, ] def _run_main_command(self, parsed_args, parsed_globals): parameters = {'JobFlowId': parsed_args.cluster_id} - parameters['InstanceGroups'] = \ + parameters['InstanceGroups'] = ( instancegroupsutils.build_instance_groups( - parsed_args.instance_groups) + parsed_args.instance_groups + ) + ) add_instance_groups_response = emrutils.call( - self._session, 'add_instance_groups', parameters, - self.region, parsed_globals.endpoint_url, - parsed_globals.verify_ssl) + self._session, + 'add_instance_groups', + parameters, + self.region, + parsed_globals.endpoint_url, + parsed_globals.verify_ssl, + ) constructed_result = self._construct_result( - add_instance_groups_response) + add_instance_groups_response + ) - emrutils.display_response(self._session, 'add_instance_groups', - constructed_result, parsed_globals) + emrutils.display_response( + self._session, + 'add_instance_groups', + constructed_result, + parsed_globals, + ) return 0 def _construct_result(self, add_instance_groups_result): @@ -55,12 +74,15 @@ class AddInstanceGroups(Command): if add_instance_groups_result is not None: jobFlowId = add_instance_groups_result.get('JobFlowId') instanceGroupIds = add_instance_groups_result.get( - 'InstanceGroupIds') + 'InstanceGroupIds' + ) clusterArn = add_instance_groups_result.get('ClusterArn') if jobFlowId is not None and instanceGroupIds is not None: - return {'ClusterId': jobFlowId, - 'InstanceGroupIds': instanceGroupIds, - 'ClusterArn': clusterArn} + return { + 'ClusterId': jobFlowId, + 'InstanceGroupIds': instanceGroupIds, + 'ClusterArn': clusterArn, + } else: return {} diff -pruN 2.23.6-1/awscli/customizations/emr/addsteps.py 2.31.35-1/awscli/customizations/emr/addsteps.py --- 2.23.6-1/awscli/customizations/emr/addsteps.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/addsteps.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,50 +11,60 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import argumentschema -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import helptext -from awscli.customizations.emr import steputils +from awscli.customizations.emr import ( + argumentschema, + emrutils, + helptext, + steputils, +) from awscli.customizations.emr.command import Command class AddSteps(Command): NAME = 'add-steps' - DESCRIPTION = ('Add a list of steps to a cluster.') + DESCRIPTION = 'Add a list of steps to a cluster.' ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID - }, - {'name': 'steps', - 'required': True, - 'nargs': '+', - 'schema': argumentschema.STEPS_SCHEMA, - 'help_text': helptext.STEPS - }, - {'name': 'execution-role-arn', - 'required': False, - 'help_text': helptext.EXECUTION_ROLE_ARN - } + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'steps', + 'required': True, + 'nargs': '+', + 'schema': argumentschema.STEPS_SCHEMA, + 'help_text': helptext.STEPS, + }, + { + 'name': 'execution-role-arn', + 'required': False, + 'help_text': helptext.EXECUTION_ROLE_ARN, + }, ] def _run_main_command(self, parsed_args, parsed_globals): parsed_steps = parsed_args.steps release_label = emrutils.get_release_label( - parsed_args.cluster_id, self._session, self.region, - parsed_globals.endpoint_url, parsed_globals.verify_ssl) + parsed_args.cluster_id, + self._session, + self.region, + parsed_globals.endpoint_url, + parsed_globals.verify_ssl, + ) step_list = steputils.build_step_config_list( - parsed_step_list=parsed_steps, region=self.region, - release_label=release_label) - parameters = { - 'JobFlowId': parsed_args.cluster_id, - 'Steps': step_list - } + parsed_step_list=parsed_steps, + region=self.region, + release_label=release_label, + ) + parameters = {'JobFlowId': parsed_args.cluster_id, 'Steps': step_list} if parsed_args.execution_role_arn is not None: parameters['ExecutionRoleArn'] = parsed_args.execution_role_arn - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 diff -pruN 2.23.6-1/awscli/customizations/emr/addtags.py 2.31.35-1/awscli/customizations/emr/addtags.py --- 2.23.6-1/awscli/customizations/emr/addtags.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/addtags.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,13 +13,13 @@ from awscli.arguments import CustomArgument -from awscli.customizations.emr import helptext -from awscli.customizations.emr import emrutils +from awscli.customizations.emr import emrutils, helptext def modify_tags_argument(argument_table, **kwargs): - argument_table['tags'] = TagsArgument('tags', required=True, - help_text=helptext.TAGS, nargs='+') + argument_table['tags'] = TagsArgument( + 'tags', required=True, help_text=helptext.TAGS, nargs='+' + ) class TagsArgument(CustomArgument): diff -pruN 2.23.6-1/awscli/customizations/emr/applicationutils.py 2.31.35-1/awscli/customizations/emr/applicationutils.py --- 2.23.6-1/awscli/customizations/emr/applicationutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/applicationutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,14 +11,11 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import constants, emrutils, exceptions from awscli.customizations.exceptions import ParamValidationError -def build_applications(region, - parsed_applications, ami_version=None): +def build_applications(region, parsed_applications, ami_version=None): app_list = [] step_list = [] ba_list = [] @@ -28,38 +25,41 @@ def build_applications(region, if app_name == constants.HIVE: hive_version = constants.LATEST - step_list.append( - _build_install_hive_step(region=region)) + step_list.append(_build_install_hive_step(region=region)) args = app_config.get('Args') if args is not None: hive_site_path = _find_matching_arg( - key=constants.HIVE_SITE_KEY, args_list=args) + key=constants.HIVE_SITE_KEY, args_list=args + ) if hive_site_path is not None: step_list.append( _build_install_hive_site_step( - region=region, - hive_site_path=hive_site_path)) + region=region, hive_site_path=hive_site_path + ) + ) elif app_name == constants.PIG: pig_version = constants.LATEST - step_list.append( - _build_pig_install_step( - region=region)) + step_list.append(_build_pig_install_step(region=region)) elif app_name == constants.GANGLIA: ba_list.append( - _build_ganglia_install_bootstrap_action( - region=region)) + _build_ganglia_install_bootstrap_action(region=region) + ) elif app_name == constants.HBASE: ba_list.append( - _build_hbase_install_bootstrap_action( - region=region)) + _build_hbase_install_bootstrap_action(region=region) + ) if ami_version >= '3.0': step_list.append( _build_hbase_install_step( - constants.HBASE_PATH_HADOOP2_INSTALL_JAR)) + constants.HBASE_PATH_HADOOP2_INSTALL_JAR + ) + ) elif ami_version >= '2.1': step_list.append( _build_hbase_install_step( - constants.HBASE_PATH_HADOOP1_INSTALL_JAR)) + constants.HBASE_PATH_HADOOP1_INSTALL_JAR + ) + ) else: raise ParamValidationError( 'aws: error: AMI version %s is not ' @@ -68,12 +68,15 @@ def build_applications(region, elif app_name == constants.IMPALA: ba_list.append( _build_impala_install_bootstrap_action( - region=region, - args=app_config.get('Args'))) + region=region, args=app_config.get('Args') + ) + ) else: app_list.append( _build_supported_product( - app_config['Name'], app_config.get('Args'))) + app_config['Name'], app_config.get('Args') + ) + ) return app_list, ba_list, step_list @@ -89,16 +92,18 @@ def _build_ganglia_install_bootstrap_act return emrutils.build_bootstrap_action( name=constants.INSTALL_GANGLIA_NAME, path=emrutils.build_s3_link( - relative_path=constants.GANGLIA_INSTALL_BA_PATH, - region=region)) + relative_path=constants.GANGLIA_INSTALL_BA_PATH, region=region + ), + ) def _build_hbase_install_bootstrap_action(region): return emrutils.build_bootstrap_action( name=constants.INSTALL_HBASE_NAME, path=emrutils.build_s3_link( - relative_path=constants.HBASE_INSTALL_BA_PATH, - region=region)) + relative_path=constants.HBASE_INSTALL_BA_PATH, region=region + ), + ) def _build_hbase_install_step(jar): @@ -106,7 +111,8 @@ def _build_hbase_install_step(jar): jar=jar, name=constants.START_HBASE_NAME, action_on_failure=constants.TERMINATE_CLUSTER, - args=constants.HBASE_INSTALL_ARG) + args=constants.HBASE_INSTALL_ARG, + ) def _build_impala_install_bootstrap_action(region, args=None): @@ -114,37 +120,43 @@ def _build_impala_install_bootstrap_acti constants.BASE_PATH_ARG, emrutils.build_s3_link(region=region), constants.IMPALA_VERSION, - constants.LATEST] + constants.LATEST, + ] if args is not None: args_list.append(constants.IMPALA_CONF) args_list.append(','.join(args)) return emrutils.build_bootstrap_action( name=constants.INSTALL_IMPALA_NAME, path=emrutils.build_s3_link( - relative_path=constants.IMPALA_INSTALL_PATH, - region=region), - args=args_list) + relative_path=constants.IMPALA_INSTALL_PATH, region=region + ), + args=args_list, + ) -def _build_install_hive_step(region, - action_on_failure=constants.TERMINATE_CLUSTER): +def _build_install_hive_step( + region, action_on_failure=constants.TERMINATE_CLUSTER +): step_args = [ emrutils.build_s3_link(constants.HIVE_SCRIPT_PATH, region), constants.INSTALL_HIVE_ARG, constants.BASE_PATH_ARG, emrutils.build_s3_link(constants.HIVE_BASE_PATH, region), constants.HIVE_VERSIONS, - constants.LATEST] + constants.LATEST, + ] step = emrutils.build_step( name=constants.INSTALL_HIVE_NAME, action_on_failure=action_on_failure, jar=emrutils.build_s3_link(constants.SCRIPT_RUNNER_PATH, region), - args=step_args) + args=step_args, + ) return step -def _build_install_hive_site_step(region, hive_site_path, - action_on_failure=constants.CANCEL_AND_WAIT): +def _build_install_hive_site_step( + region, hive_site_path, action_on_failure=constants.CANCEL_AND_WAIT +): step_args = [ emrutils.build_s3_link(constants.HIVE_SCRIPT_PATH, region), constants.BASE_PATH_ARG, @@ -152,29 +164,34 @@ def _build_install_hive_site_step(region constants.INSTALL_HIVE_SITE_ARG, hive_site_path, constants.HIVE_VERSIONS, - constants.LATEST] + constants.LATEST, + ] step = emrutils.build_step( name=constants.INSTALL_HIVE_SITE_NAME, action_on_failure=action_on_failure, jar=emrutils.build_s3_link(constants.SCRIPT_RUNNER_PATH, region), - args=step_args) + args=step_args, + ) return step -def _build_pig_install_step(region, - action_on_failure=constants.TERMINATE_CLUSTER): +def _build_pig_install_step( + region, action_on_failure=constants.TERMINATE_CLUSTER +): step_args = [ emrutils.build_s3_link(constants.PIG_SCRIPT_PATH, region), constants.INSTALL_PIG_ARG, constants.BASE_PATH_ARG, emrutils.build_s3_link(constants.PIG_BASE_PATH, region), constants.PIG_VERSIONS, - constants.LATEST] + constants.LATEST, + ] step = emrutils.build_step( name=constants.INSTALL_PIG_NAME, action_on_failure=action_on_failure, jar=emrutils.build_s3_link(constants.SCRIPT_RUNNER_PATH, region), - args=step_args) + args=step_args, + ) return step diff -pruN 2.23.6-1/awscli/customizations/emr/argumentschema.py 2.31.35-1/awscli/customizations/emr/argumentschema.py --- 2.23.6-1/awscli/customizations/emr/argumentschema.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/argumentschema.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,15 +16,9 @@ from awscli.customizations.emr.createdef CONFIGURATIONS_PROPERTIES_SCHEMA = { "type": "map", - "key": { - "type": "string", - "description": "Configuration key" - }, - "value": { - "type": "string", - "description": "Configuration value" - }, - "description": "Application configuration properties" + "key": {"type": "string", "description": "Configuration key"}, + "value": {"type": "string", "description": "Configuration value"}, + "description": "Application configuration properties", } CONFIGURATIONS_CLASSIFICATION_SCHEMA = { @@ -38,10 +32,10 @@ INNER_CONFIGURATIONS_SCHEMA = { "type": "object", "properties": { "Classification": CONFIGURATIONS_CLASSIFICATION_SCHEMA, - "Properties": CONFIGURATIONS_PROPERTIES_SCHEMA - } + "Properties": CONFIGURATIONS_PROPERTIES_SCHEMA, + }, }, - "description": "Instance group application configurations." + "description": "Instance group application configurations.", } OUTER_CONFIGURATIONS_SCHEMA = { @@ -51,45 +45,48 @@ OUTER_CONFIGURATIONS_SCHEMA = { "properties": { "Classification": CONFIGURATIONS_CLASSIFICATION_SCHEMA, "Properties": CONFIGURATIONS_PROPERTIES_SCHEMA, - "Configurations": INNER_CONFIGURATIONS_SCHEMA - } + "Configurations": INNER_CONFIGURATIONS_SCHEMA, + }, }, - "description": "Instance group application configurations." + "description": "Instance group application configurations.", } ONDEMAND_CAPACITY_RESERVATION_OPTIONS_SCHEMA = { "type": "object", - "properties" : { + "properties": { "UsageStrategy": { "type": "string", "description": "The strategy of whether to use available capacity reservations to fulfill On-Demand capacity.", - "enum": ["use-capacity-reservations-first"] + "enum": ["use-capacity-reservations-first"], }, "CapacityReservationPreference": { "type": "string", "description": "The preference of the capacity reservation of the instance.", - "enum": [ - "open", - "none" - ] + "enum": ["open", "none"], }, "CapacityReservationResourceGroupArn": { "type": "string", - "description": "The ARN of the capacity reservation resource group in which to run the instance." - } - } + "description": "The ARN of the capacity reservation resource group in which to run the instance.", + }, + }, } SPOT_ALLOCATION_STRATEGY_SCHEMA = { "type": "string", "description": "The strategy to use to launch Spot instance fleets.", - "enum": ["capacity-optimized", "price-capacity-optimized", "lowest-price", "diversified", "capacity-optimized-prioritized"] + "enum": [ + "capacity-optimized", + "price-capacity-optimized", + "lowest-price", + "diversified", + "capacity-optimized-prioritized", + ], } ONDEMAND_ALLOCATION_STRATEGY_SCHEMA = { "type": "string", "description": "The strategy to use to launch On-Demand instance fleets.", - "enum": ["lowest-price", "prioritized"] + "enum": ["lowest-price", "prioritized"], } INSTANCE_GROUPS_SCHEMA = { @@ -99,39 +96,35 @@ INSTANCE_GROUPS_SCHEMA = { "properties": { "Name": { "type": "string", - "description": - "Friendly name given to the instance group." + "description": "Friendly name given to the instance group.", }, "InstanceGroupType": { "type": "string", - "description": - "The type of the instance group in the cluster.", + "description": "The type of the instance group in the cluster.", "enum": ["MASTER", "CORE", "TASK"], - "required": True + "required": True, }, "BidPrice": { "type": "string", - "description": - "Bid price for each Amazon EC2 instance in the " - "instance group when launching nodes as Spot Instances, " - "expressed in USD." + "description": "Bid price for each Amazon EC2 instance in the " + "instance group when launching nodes as Spot Instances, " + "expressed in USD.", }, "InstanceType": { "type": "string", - "description": - "The Amazon EC2 instance type for all instances " - "in the instance group.", - "required": True + "description": "The Amazon EC2 instance type for all instances " + "in the instance group.", + "required": True, }, "InstanceCount": { "type": "integer", "description": "Target number of Amazon EC2 instances " "for the instance group", - "required": True + "required": True, }, "CustomAmiId": { "type": "string", - "description": "The AMI ID of a custom AMI to use when Amazon EMR provisions EC2 instances." + "description": "The AMI ID of a custom AMI to use when Amazon EMR provisions EC2 instances.", }, "EbsConfiguration": { "type": "object", @@ -146,19 +139,19 @@ INSTANCE_GROUPS_SCHEMA = { "items": { "type": "object", "properties": { - "VolumeSpecification" : { + "VolumeSpecification": { "type": "object", "description": "The EBS volume specification that will be created and attached to every instance in this instance group.", "properties": { "VolumeType": { "type": "string", "description": "The EBS volume type that is attached to all the instances in the instance group. Valid types are: gp2, io1, and standard.", - "required": True + "required": True, }, "SizeInGB": { "type": "integer", "description": "The EBS volume size, in GB, that is attached to all the instances in the instance group.", - "required": True + "required": True, }, "Iops": { "type": "integer", @@ -167,17 +160,17 @@ INSTANCE_GROUPS_SCHEMA = { "Throughput": { "type": "integer", "description": "The throughput of the EBS volume that is attached to all the instances in the instance group.", - } - } + }, + }, }, "VolumesPerInstance": { "type": "integer", "description": "The number of EBS volumes that will be created and attached to each instance in the instance group.", - } - } - } - } - } + }, + }, + }, + }, + }, }, "AutoScalingPolicy": { "type": "object", @@ -190,14 +183,14 @@ INSTANCE_GROUPS_SCHEMA = { "MinCapacity": { "type": "integer", "description": "The minimum value for the instances to scale in" - " to in response to scaling activities." + " to in response to scaling activities.", }, "MaxCapacity": { "type": "integer", "description": "The maximum value for the instances to scale out to in response" - " to scaling activities" - } - } + " to scaling activities", + }, + }, }, "Rules": { "type": "array", @@ -207,11 +200,11 @@ INSTANCE_GROUPS_SCHEMA = { "properties": { "Name": { "type": "string", - "description": "Name of the Auto Scaling rule." + "description": "Name of the Auto Scaling rule.", }, "Description": { "type": "string", - "description": "Description of the Auto Scaling rule." + "description": "Description of the Auto Scaling rule.", }, "Action": { "type": "object", @@ -220,35 +213,38 @@ INSTANCE_GROUPS_SCHEMA = { "Market": { # Required for Instance Fleets "type": "string", "description": "Market type of the Amazon EC2 instances used to create a " - "cluster node by Auto Scaling action.", - "enum": ["ON_DEMAND", "SPOT"] + "cluster node by Auto Scaling action.", + "enum": ["ON_DEMAND", "SPOT"], }, "SimpleScalingPolicyConfiguration": { "type": "object", "description": "The Simple scaling configuration that will be associated" - "to Auto Scaling action.", + "to Auto Scaling action.", "properties": { "AdjustmentType": { "type": "string", "description": "Specifies how the ScalingAdjustment parameter is " - "interpreted.", - "enum": ["CHANGE_IN_CAPACITY", "PERCENT_CHANGE_IN_CAPACITY", - "EXACT_CAPACITY"] + "interpreted.", + "enum": [ + "CHANGE_IN_CAPACITY", + "PERCENT_CHANGE_IN_CAPACITY", + "EXACT_CAPACITY", + ], }, "ScalingAdjustment": { "type": "integer", "description": "The amount by which to scale, based on the " - "specified adjustment type." + "specified adjustment type.", }, "CoolDown": { "type": "integer", "description": "The amount of time, in seconds, after a scaling " - "activity completes and before the next scaling " - "activity can start." - } - } - } - } + "activity completes and before the next scaling " + "activity can start.", + }, + }, + }, + }, }, "Trigger": { "type": "object", @@ -257,44 +253,44 @@ INSTANCE_GROUPS_SCHEMA = { "CloudWatchAlarmDefinition": { "type": "object", "description": "The Alarm to be registered with CloudWatch, to trigger" - " scaling activities.", + " scaling activities.", "properties": { "ComparisonOperator": { "type": "string", "description": "The arithmetic operation to use when comparing the" - " specified Statistic and Threshold." + " specified Statistic and Threshold.", }, "EvaluationPeriods": { "type": "integer", "description": "The number of periods over which data is compared" - " to the specified threshold." + " to the specified threshold.", }, "MetricName": { "type": "string", - "description": "The name for the alarm's associated metric." + "description": "The name for the alarm's associated metric.", }, "Namespace": { "type": "string", - "description": "The namespace for the alarm's associated metric." + "description": "The namespace for the alarm's associated metric.", }, "Period": { "type": "integer", "description": "The period in seconds over which the specified " - "statistic is applied." + "statistic is applied.", }, "Statistic": { "type": "string", "description": "The statistic to apply to the alarm's associated " - "metric." + "metric.", }, "Threshold": { "type": "double", "description": "The value against which the specified statistic is " - "compared." + "compared.", }, "Unit": { "type": "string", - "description": "The statistic's unit of measure." + "description": "The statistic's unit of measure.", }, "Dimensions": { "type": "array", @@ -304,27 +300,27 @@ INSTANCE_GROUPS_SCHEMA = { "properties": { "Key": { "type": "string", - "description": "Dimension Key." + "description": "Dimension Key.", }, "Value": { "type": "string", - "description": "Dimension Value." - } - } - } - } - } + "description": "Dimension Value.", + }, + }, + }, + }, + }, } - } - } - } - } - } - } + }, + }, + }, + }, + }, + }, }, - "Configurations": OUTER_CONFIGURATIONS_SCHEMA - } - } + "Configurations": OUTER_CONFIGURATIONS_SCHEMA, + }, + }, } INSTANCE_FLEETS_SCHEMA = { @@ -334,21 +330,21 @@ INSTANCE_FLEETS_SCHEMA = { "properties": { "Name": { "type": "string", - "description": "Friendly name given to the instance fleet." + "description": "Friendly name given to the instance fleet.", }, "InstanceFleetType": { "type": "string", "description": "The type of the instance fleet in the cluster.", "enum": ["MASTER", "CORE", "TASK"], - "required": True + "required": True, }, "TargetOnDemandCapacity": { "type": "integer", - "description": "Target on-demand capacity for the instance fleet." + "description": "Target on-demand capacity for the instance fleet.", }, "TargetSpotCapacity": { "type": "integer", - "description": "Target spot capacity for the instance fleet." + "description": "Target spot capacity for the instance fleet.", }, "InstanceTypeConfigs": { "type": "array", @@ -358,30 +354,30 @@ INSTANCE_FLEETS_SCHEMA = { "InstanceType": { "type": "string", "description": "The Amazon EC2 instance type for the instance fleet.", - "required": True + "required": True, }, "WeightedCapacity": { "type": "integer", - "description": "The weight assigned to an instance type, which will impact the overall fulfillment of the capacity." + "description": "The weight assigned to an instance type, which will impact the overall fulfillment of the capacity.", }, "BidPrice": { "type": "string", "description": "Bid price for each Amazon EC2 instance in the " - "instance fleet when launching nodes as Spot Instances, " - "expressed in USD." + "instance fleet when launching nodes as Spot Instances, " + "expressed in USD.", }, "BidPriceAsPercentageOfOnDemandPrice": { "type": "double", - "description": "Bid price as percentage of on-demand price." + "description": "Bid price as percentage of on-demand price.", }, "CustomAmiId": { "type": "string", - "description": "The AMI ID of a custom AMI to use when Amazon EMR provisions EC2 instances." + "description": "The AMI ID of a custom AMI to use when Amazon EMR provisions EC2 instances.", }, "Priority": { "type": "double", "description": "The priority at which Amazon EMR launches the EC2 instances with this instance type. " - "Priority starts at 0, which is the highest priority. Amazon EMR considers the highest priority first." + "Priority starts at 0, which is the highest priority. Amazon EMR considers the highest priority first.", }, "EbsConfiguration": { "type": "object", @@ -396,83 +392,83 @@ INSTANCE_FLEETS_SCHEMA = { "items": { "type": "object", "properties": { - "VolumeSpecification" : { + "VolumeSpecification": { "type": "object", "description": "The EBS volume specification that is created " - "and attached to each instance in the instance group.", + "and attached to each instance in the instance group.", "properties": { "VolumeType": { "type": "string", "description": "The EBS volume type that is attached to all " - "the instances in the instance group. Valid types are: " - "gp2, io1, and standard.", - "required": True + "the instances in the instance group. Valid types are: " + "gp2, io1, and standard.", + "required": True, }, "SizeInGB": { "type": "integer", "description": "The EBS volume size, in GB, that is attached " - "to all the instances in the instance group.", - "required": True + "to all the instances in the instance group.", + "required": True, }, "Iops": { "type": "integer", "description": "The IOPS of the EBS volume that is attached to " - "all the instances in the instance group.", + "all the instances in the instance group.", }, "Throughput": { - "type": "integer", - "description": "The throughput of the EBS volume that is attached to " - "all the instances in the instance group.", - } - } + "type": "integer", + "description": "The throughput of the EBS volume that is attached to " + "all the instances in the instance group.", + }, + }, }, "VolumesPerInstance": { "type": "integer", "description": "The number of EBS volumes that will be created and " - "attached to each instance in the instance group.", - } - } - } - } - } - }, - "Configurations": OUTER_CONFIGURATIONS_SCHEMA - } - } + "attached to each instance in the instance group.", + }, + }, + }, + }, + }, + }, + "Configurations": OUTER_CONFIGURATIONS_SCHEMA, + }, + }, }, "LaunchSpecifications": { "type": "object", - "properties" : { + "properties": { "OnDemandSpecification": { "type": "object", "properties": { "AllocationStrategy": ONDEMAND_ALLOCATION_STRATEGY_SCHEMA, - "CapacityReservationOptions": ONDEMAND_CAPACITY_RESERVATION_OPTIONS_SCHEMA - } + "CapacityReservationOptions": ONDEMAND_CAPACITY_RESERVATION_OPTIONS_SCHEMA, + }, }, "SpotSpecification": { "type": "object", "properties": { "TimeoutDurationMinutes": { "type": "integer", - "description": "The time, in minutes, after which the action specified in TimeoutAction field will be performed if requested resources are unavailable." + "description": "The time, in minutes, after which the action specified in TimeoutAction field will be performed if requested resources are unavailable.", }, "TimeoutAction": { "type": "string", "description": "The action that is performed after TimeoutDurationMinutes.", "enum": [ "TERMINATE_CLUSTER", - "SWITCH_TO_ONDEMAND" - ] + "SWITCH_TO_ONDEMAND", + ], }, "BlockDurationMinutes": { "type": "integer", - "description": "Block duration in minutes." + "description": "Block duration in minutes.", }, - "AllocationStrategy": SPOT_ALLOCATION_STRATEGY_SCHEMA - } - } - } + "AllocationStrategy": SPOT_ALLOCATION_STRATEGY_SCHEMA, + }, + }, + }, }, "ResizeSpecifications": { "type": "object", @@ -481,31 +477,28 @@ INSTANCE_FLEETS_SCHEMA = { "type": "object", "properties": { "TimeoutDurationMinutes": { - "type" : "integer", - "description": "The time, in minutes, after which the resize will be stopped if requested resources are unavailable." + "type": "integer", + "description": "The time, in minutes, after which the resize will be stopped if requested resources are unavailable.", }, - "AllocationStrategy": SPOT_ALLOCATION_STRATEGY_SCHEMA - } + "AllocationStrategy": SPOT_ALLOCATION_STRATEGY_SCHEMA, + }, }, "OnDemandResizeSpecification": { "type": "object", "properties": { "TimeoutDurationMinutes": { - "type" : "integer", - "description": "The time, in minutes, after which the resize will be stopped if requested resources are unavailable." + "type": "integer", + "description": "The time, in minutes, after which the resize will be stopped if requested resources are unavailable.", }, "AllocationStrategy": ONDEMAND_ALLOCATION_STRATEGY_SCHEMA, - "CapacityReservationOptions": ONDEMAND_CAPACITY_RESERVATION_OPTIONS_SCHEMA - } - } - } + "CapacityReservationOptions": ONDEMAND_CAPACITY_RESERVATION_OPTIONS_SCHEMA, + }, + }, + }, }, - "Context": { - "type": "string", - "description": "Reserved." - } - } - } + "Context": {"type": "string", "description": "Reserved."}, + }, + }, } EC2_ATTRIBUTES_SCHEMA = { @@ -513,75 +506,64 @@ EC2_ATTRIBUTES_SCHEMA = { "properties": { "KeyName": { "type": "string", - "description": - "The name of the Amazon EC2 key pair that can " - "be used to ssh to the master node as the user 'hadoop'." + "description": "The name of the Amazon EC2 key pair that can " + "be used to ssh to the master node as the user 'hadoop'.", }, "SubnetId": { "type": "string", - "description": - "To launch the cluster in Amazon " - "Virtual Private Cloud (Amazon VPC), set this parameter to " - "the identifier of the Amazon VPC subnet where you want " - "the cluster to launch. If you do not specify this value, " - "the cluster is launched in the normal Amazon Web Services " - "cloud, outside of an Amazon VPC. " + "description": "To launch the cluster in Amazon " + "Virtual Private Cloud (Amazon VPC), set this parameter to " + "the identifier of the Amazon VPC subnet where you want " + "the cluster to launch. If you do not specify this value, " + "the cluster is launched in the normal Amazon Web Services " + "cloud, outside of an Amazon VPC. ", }, "SubnetIds": { "type": "array", - "description": - "List of SubnetIds.", - "items": { - "type": "string" - } + "description": "List of SubnetIds.", + "items": {"type": "string"}, }, "AvailabilityZone": { "type": "string", - "description": "The Availability Zone the cluster will run in." + "description": "The Availability Zone the cluster will run in.", }, "AvailabilityZones": { "type": "array", "description": "List of AvailabilityZones.", - "items": { - "type": "string" - } + "items": {"type": "string"}, }, "InstanceProfile": { "type": "string", - "description": - "An IAM role for the cluster. The EC2 instances of the cluster" - " assume this role. The default role is " + - EC2_ROLE_NAME + ". In order to use the default" - " role, you must have already created it using the " - "create-default-roles command. " + "description": "An IAM role for the cluster. The EC2 instances of the cluster" + " assume this role. The default role is " + + EC2_ROLE_NAME + + ". In order to use the default" + " role, you must have already created it using the " + "create-default-roles command. ", }, "EmrManagedMasterSecurityGroup": { "type": "string", - "description": helptext.EMR_MANAGED_MASTER_SECURITY_GROUP + "description": helptext.EMR_MANAGED_MASTER_SECURITY_GROUP, }, "EmrManagedSlaveSecurityGroup": { "type": "string", - "description": helptext.EMR_MANAGED_SLAVE_SECURITY_GROUP + "description": helptext.EMR_MANAGED_SLAVE_SECURITY_GROUP, }, "ServiceAccessSecurityGroup": { "type": "string", - "description": helptext.SERVICE_ACCESS_SECURITY_GROUP + "description": helptext.SERVICE_ACCESS_SECURITY_GROUP, }, "AdditionalMasterSecurityGroups": { "type": "array", "description": helptext.ADDITIONAL_MASTER_SECURITY_GROUPS, - "items": { - "type": "string" - } + "items": {"type": "string"}, }, "AdditionalSlaveSecurityGroups": { "type": "array", "description": helptext.ADDITIONAL_SLAVE_SECURITY_GROUPS, - "items": { - "type": "string" - } - } - } + "items": {"type": "string"}, + }, + }, } @@ -593,20 +575,26 @@ APPLICATIONS_SCHEMA = { "Name": { "type": "string", "description": "Application name.", - "enum": ["MapR", "HUE", "HIVE", "PIG", "HBASE", - "IMPALA", "GANGLIA", "HADOOP", "SPARK"], - "required": True + "enum": [ + "MapR", + "HUE", + "HIVE", + "PIG", + "HBASE", + "IMPALA", + "GANGLIA", + "HADOOP", + "SPARK", + ], + "required": True, }, "Args": { "type": "array", - "description": - "A list of arguments to pass to the application.", - "items": { - "type": "string" - } - } - } - } + "description": "A list of arguments to pass to the application.", + "items": {"type": "string"}, + }, + }, + }, } BOOTSTRAP_ACTIONS_SCHEMA = { @@ -614,29 +602,22 @@ BOOTSTRAP_ACTIONS_SCHEMA = { "items": { "type": "object", "properties": { - "Name": { - "type": "string", - "default": "Bootstrap Action" - }, + "Name": {"type": "string", "default": "Bootstrap Action"}, "Path": { "type": "string", - "description": - "Location of the script to run during a bootstrap action. " - "Can be either a location in Amazon S3 or " - "on a local file system.", - "required": True + "description": "Location of the script to run during a bootstrap action. " + "Can be either a location in Amazon S3 or " + "on a local file system.", + "required": True, }, "Args": { "type": "array", - "description": - "A list of command line arguments to pass to " - "the bootstrap action script", - "items": { - "type": "string" - } - } - } - } + "description": "A list of command line arguments to pass to " + "the bootstrap action script", + "items": {"type": "string"}, + }, + }, + }, } @@ -647,8 +628,7 @@ STEPS_SCHEMA = { "properties": { "Type": { "type": "string", - "description": - "The type of a step to be added to the cluster.", + "description": "The type of a step to be added to the cluster.", "default": "custom_jar", "enum": ["CUSTOM_JAR", "STREAMING", "HIVE", "PIG", "IMPALA"], }, @@ -660,7 +640,7 @@ STEPS_SCHEMA = { "type": "string", "description": "The action to take if the cluster step fails.", "enum": ["TERMINATE_CLUSTER", "CANCEL_AND_WAIT", "CONTINUE"], - "default": "CONTINUE" + "default": "CONTINUE", }, "Jar": { "type": "string", @@ -668,42 +648,34 @@ STEPS_SCHEMA = { }, "Args": { "type": "array", - "description": - "A list of command line arguments to pass to the step.", - "items": { - "type": "string" - } + "description": "A list of command line arguments to pass to the step.", + "items": {"type": "string"}, }, "MainClass": { "type": "string", - "description": - "The name of the main class in the specified " - "Java file. If not specified, the JAR file should " - "specify a Main-Class in its manifest file." + "description": "The name of the main class in the specified " + "Java file. If not specified, the JAR file should " + "specify a Main-Class in its manifest file.", }, "Properties": { "type": "string", - "description": - "A list of Java properties that are set when the step " - "runs. You can use these properties to pass key value " - "pairs to your main function." - } - } - } + "description": "A list of Java properties that are set when the step " + "runs. You can use these properties to pass key value " + "pairs to your main function.", + }, + }, + }, } HBASE_RESTORE_FROM_BACKUP_SCHEMA = { "type": "object", "properties": { - "Dir": { - "type": "string", - "description": helptext.HBASE_BACKUP_DIR - }, + "Dir": {"type": "string", "description": helptext.HBASE_BACKUP_DIR}, "BackupVersion": { "type": "string", - "description": helptext.HBASE_BACKUP_VERSION - } - } + "description": helptext.HBASE_BACKUP_VERSION, + }, + }, } EMR_FS_SCHEMA = { @@ -711,41 +683,38 @@ EMR_FS_SCHEMA = { "properties": { "Consistent": { "type": "boolean", - "description": "Enable EMRFS consistent view." + "description": "Enable EMRFS consistent view.", }, "SSE": { "type": "boolean", "description": "Enable Amazon S3 server-side encryption on files " - "written to S3 by EMRFS." + "written to S3 by EMRFS.", }, "RetryCount": { "type": "integer", - "description": - "The maximum number of times to retry upon S3 inconsistency." + "description": "The maximum number of times to retry upon S3 inconsistency.", }, "RetryPeriod": { "type": "integer", "description": "The amount of time (in seconds) until the first " - "retry. Subsequent retries use an exponential " - "back-off." + "retry. Subsequent retries use an exponential " + "back-off.", }, "Args": { "type": "array", "description": "A list of arguments to pass for additional " - "EMRFS configuration.", - "items": { - "type": "string" - } + "EMRFS configuration.", + "items": {"type": "string"}, }, "Encryption": { "type": "string", "description": "EMRFS encryption type.", - "enum": ["SERVERSIDE", "CLIENTSIDE"] + "enum": ["SERVERSIDE", "CLIENTSIDE"], }, "ProviderType": { "type": "string", "description": "EMRFS client-side encryption provider type.", - "enum": ["KMS", "CUSTOM"] + "enum": ["KMS", "CUSTOM"], }, "KMSKeyId": { "type": "string", @@ -753,46 +722,41 @@ EMR_FS_SCHEMA = { }, "CustomProviderLocation": { "type": "string", - "description": "Custom encryption provider JAR location." + "description": "Custom encryption provider JAR location.", }, "CustomProviderClass": { "type": "string", - "description": "Custom encryption provider full class name." - } - } + "description": "Custom encryption provider full class name.", + }, + }, } -TAGS_SCHEMA = { - "type": "array", - "items": { - "type": "string" - } -} +TAGS_SCHEMA = {"type": "array", "items": {"type": "string"}} KERBEROS_ATTRIBUTES_SCHEMA = { "type": "object", "properties": { "Realm": { "type": "string", - "description": "The name of Kerberos realm." + "description": "The name of Kerberos realm.", }, "KdcAdminPassword": { "type": "string", - "description": "The password of Kerberos administrator." + "description": "The password of Kerberos administrator.", }, "CrossRealmTrustPrincipalPassword": { "type": "string", - "description": "The password to establish cross-realm trusts." + "description": "The password to establish cross-realm trusts.", }, "ADDomainJoinUser": { "type": "string", - "description": "The name of the user with privileges to join instances to Active Directory." + "description": "The name of the user with privileges to join instances to Active Directory.", }, "ADDomainJoinPassword": { "type": "string", - "description": "The password of the user with privileges to join instances to Active Directory." - } - } + "description": "The password of the user with privileges to join instances to Active Directory.", + }, + }, } MANAGED_SCALING_POLICY_SCHEMA = { @@ -800,73 +764,66 @@ MANAGED_SCALING_POLICY_SCHEMA = { "properties": { "ComputeLimits": { "type": "object", - "description": - "The EC2 unit limits for a managed scaling policy. " - "The managed scaling activity of a cluster is not allowed to go above " - "or below these limits. The limits apply to CORE and TASK groups " - "and exclude the capacity of the MASTER group.", + "description": "The EC2 unit limits for a managed scaling policy. " + "The managed scaling activity of a cluster is not allowed to go above " + "or below these limits. The limits apply to CORE and TASK groups " + "and exclude the capacity of the MASTER group.", "properties": { - "MinimumCapacityUnits": { - "type": "integer", - "description": - "The lower boundary of EC2 units. It is measured through " - "VCPU cores or instances for instance groups and measured " - "through units for instance fleets. Managed scaling " - "activities are not allowed beyond this boundary.", - "required": True - }, - "MaximumCapacityUnits": { - "type": "integer", - "description": - "The upper boundary of EC2 units. It is measured through " - "VCPU cores or instances for instance groups and measured " - "through units for instance fleets. Managed scaling " - "activities are not allowed beyond this boundary.", - "required": True - }, - "MaximumOnDemandCapacityUnits": { - "type": "integer", - "description": - "The upper boundary of on-demand EC2 units. It is measured through " - "VCPU cores or instances for instance groups and measured " - "through units for instance fleets. The on-demand units are not " - "allowed to scale beyond this boundary. " - "This value must be lower than MaximumCapacityUnits." - }, - "UnitType": { - "type": "string", - "description": "The unit type used for specifying a managed scaling policy.", - "enum": ["VCPU", "Instances", "InstanceFleetUnits"], - "required": True - }, - "MaximumCoreCapacityUnits": { - "type": "integer", - "description": - "The upper boundary of EC2 units for core node type in a cluster. " - "It is measured through VCPU cores or instances for instance groups " - "and measured through units for instance fleets. " - "The core units are not allowed to scale beyond this boundary. " - "The parameter is used to split capacity allocation between core and task nodes." - } - } + "MinimumCapacityUnits": { + "type": "integer", + "description": "The lower boundary of EC2 units. It is measured through " + "VCPU cores or instances for instance groups and measured " + "through units for instance fleets. Managed scaling " + "activities are not allowed beyond this boundary.", + "required": True, + }, + "MaximumCapacityUnits": { + "type": "integer", + "description": "The upper boundary of EC2 units. It is measured through " + "VCPU cores or instances for instance groups and measured " + "through units for instance fleets. Managed scaling " + "activities are not allowed beyond this boundary.", + "required": True, + }, + "MaximumOnDemandCapacityUnits": { + "type": "integer", + "description": "The upper boundary of on-demand EC2 units. It is measured through " + "VCPU cores or instances for instance groups and measured " + "through units for instance fleets. The on-demand units are not " + "allowed to scale beyond this boundary. " + "This value must be lower than MaximumCapacityUnits.", + }, + "UnitType": { + "type": "string", + "description": "The unit type used for specifying a managed scaling policy.", + "enum": ["VCPU", "Instances", "InstanceFleetUnits"], + "required": True, + }, + "MaximumCoreCapacityUnits": { + "type": "integer", + "description": "The upper boundary of EC2 units for core node type in a cluster. " + "It is measured through VCPU cores or instances for instance groups " + "and measured through units for instance fleets. " + "The core units are not allowed to scale beyond this boundary. " + "The parameter is used to split capacity allocation between core and task nodes.", + }, + }, }, "ScalingStrategy": { "type": "string", "enum": ["DEFAULT", "ADVANCED"], - "description": - "Determines whether a custom scaling utilization performance index can be set. " - "Possible values include ADVANCED or DEFAULT." + "description": "Determines whether a custom scaling utilization performance index can be set. " + "Possible values include ADVANCED or DEFAULT.", }, "UtilizationPerformanceIndex": { "type": "integer", - "description": - "An integer value that represents an advanced scaling strategy. " - "Setting a higher value optimizes for performance. " - "Setting a lower value optimizes for resource conservation. " - "Setting the value to 50 balances performance and resource conservation. " - "Possible values are 1, 25, 50, 75, and 100." - } - } + "description": "An integer value that represents an advanced scaling strategy. " + "Setting a higher value optimizes for performance. " + "Setting a lower value optimizes for resource conservation. " + "Setting the value to 50 balances performance and resource conservation. " + "Possible values are 1, 25, 50, 75, and 100.", + }, + }, } PLACEMENT_GROUP_CONFIGS_SCHEMA = { @@ -878,26 +835,25 @@ PLACEMENT_GROUP_CONFIGS_SCHEMA = { "type": "string", "description": "Role of the instance in the cluster.", "enum": ["MASTER", "CORE", "TASK"], - "required": True + "required": True, }, "PlacementStrategy": { "type": "string", "description": "EC2 Placement Group strategy associated " - "with instance role.", - "enum": ["SPREAD", "PARTITION", "CLUSTER", "NONE"] - } - } - } + "with instance role.", + "enum": ["SPREAD", "PARTITION", "CLUSTER", "NONE"], + }, + }, + }, } AUTO_TERMINATION_POLICY_SCHEMA = { "type": "object", - "properties": { + "properties": { "IdleTimeout": { "type": "long", - "description": - "Specifies the amount of idle time in seconds after which the cluster automatically terminates. " - "You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days).", + "description": "Specifies the amount of idle time in seconds after which the cluster automatically terminates. " + "You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days).", } - } + }, } diff -pruN 2.23.6-1/awscli/customizations/emr/command.py 2.31.35-1/awscli/customizations/emr/command.py --- 2.23.6-1/awscli/customizations/emr/command.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/command.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,11 +12,9 @@ # language governing permissions and limitations under the License. import logging + from awscli.customizations.commands import BasicCommand -from awscli.customizations.emr import config -from awscli.customizations.emr import configutils -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import config, configutils, emrutils, exceptions LOG = logging.getLogger(__name__) @@ -24,36 +22,42 @@ LOG = logging.getLogger(__name__) class Command(BasicCommand): region = None - UNSUPPORTED_COMMANDS_FOR_RELEASE_BASED_CLUSTERS = set([ - 'install-applications', - 'restore-from-hbase-backup', - 'schedule-hbase-backup', - 'create-hbase-backup', - 'disable-hbase-backups', - ]) + UNSUPPORTED_COMMANDS_FOR_RELEASE_BASED_CLUSTERS = set( + [ + 'install-applications', + 'restore-from-hbase-backup', + 'schedule-hbase-backup', + 'create-hbase-backup', + 'disable-hbase-backups', + ] + ) def supports_arg(self, name): - return any((x['name'] == name for x in self.ARG_TABLE)) + return any(x['name'] == name for x in self.ARG_TABLE) def _run_main(self, parsed_args, parsed_globals): - - self._apply_configs(parsed_args, - configutils.get_configs(self._session)) + self._apply_configs( + parsed_args, configutils.get_configs(self._session) + ) self.region = emrutils.get_region(self._session, parsed_globals) self._validate_unsupported_commands_for_release_based_clusters( - parsed_args, parsed_globals) + parsed_args, parsed_globals + ) return self._run_main_command(parsed_args, parsed_globals) def _apply_configs(self, parsed_args, parsed_configs): - applicable_configurations = \ - self._get_applicable_configurations(parsed_args, parsed_configs) + applicable_configurations = self._get_applicable_configurations( + parsed_args, parsed_configs + ) configs_added = {} for configuration in applicable_configurations: - configuration.add(self, parsed_args, - parsed_configs[configuration.name]) - configs_added[configuration.name] = \ - parsed_configs[configuration.name] + configuration.add( + self, parsed_args, parsed_configs[configuration.name] + ) + configs_added[configuration.name] = parsed_configs[ + configuration.name + ] if configs_added: LOG.debug("Updated arguments with configs: %s" % configs_added) @@ -68,20 +72,23 @@ class Command(BasicCommand): # 3. Configurations that are present in parsed_configs # 2. Configurations that are not present in parsed_args - configurations = \ - config.get_applicable_configurations(self) + configurations = config.get_applicable_configurations(self) - configurations = [x for x in configurations - if x.name in parsed_configs and - not x.is_present(parsed_args)] + configurations = [ + x + for x in configurations + if x.name in parsed_configs and not x.is_present(parsed_args) + ] configurations = self._filter_configurations_in_special_cases( - configurations, parsed_args, parsed_configs) + configurations, parsed_args, parsed_configs + ) return configurations - def _filter_configurations_in_special_cases(self, configurations, - parsed_args, parsed_configs): + def _filter_configurations_in_special_cases( + self, configurations, parsed_args, parsed_configs + ): # Subclasses can override this method to filter the applicable # configurations further based upon some custom logic # Default behavior is to return the configurations list as is @@ -99,18 +106,25 @@ class Command(BasicCommand): raise NotImplementedError("_run_main_command") def _validate_unsupported_commands_for_release_based_clusters( - self, parsed_args, parsed_globals): + self, parsed_args, parsed_globals + ): command = self.NAME - if (command in self.UNSUPPORTED_COMMANDS_FOR_RELEASE_BASED_CLUSTERS and - hasattr(parsed_args, 'cluster_id')): + if ( + command in self.UNSUPPORTED_COMMANDS_FOR_RELEASE_BASED_CLUSTERS + and hasattr(parsed_args, 'cluster_id') + ): release_label = emrutils.get_release_label( - parsed_args.cluster_id, self._session, self.region, - parsed_globals.endpoint_url, parsed_globals.verify_ssl) + parsed_args.cluster_id, + self._session, + self.region, + parsed_globals.endpoint_url, + parsed_globals.verify_ssl, + ) if release_label: raise exceptions.UnsupportedCommandWithReleaseError( - command=command, - release_label=release_label) + command=command, release_label=release_label + ) def override_args_required_option(argument_table, args, session, **kwargs): @@ -119,8 +133,7 @@ def override_args_required_option(argume # file # We don't want to override when user is viewing the help so that we # can show the required options correctly in the help - need_to_override = False if len(args) == 1 and args[0] == 'help' \ - else True + need_to_override = False if len(args) == 1 and args[0] == 'help' else True if need_to_override: parsed_configs = configutils.get_configs(session) diff -pruN 2.23.6-1/awscli/customizations/emr/config.py 2.31.35-1/awscli/customizations/emr/config.py --- 2.23.6-1/awscli/customizations/emr/config.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/config.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,20 +12,26 @@ # language governing permissions and limitations under the License. import logging -from awscli.customizations.emr import configutils -from awscli.customizations.emr import exceptions + +from awscli.customizations.emr import configutils, exceptions LOG = logging.getLogger(__name__) SUPPORTED_CONFIG_LIST = [ {'name': 'service_role'}, {'name': 'log_uri'}, - {'name': 'instance_profile', 'arg_name': 'ec2_attributes', - 'arg_value_key': 'InstanceProfile'}, - {'name': 'key_name', 'arg_name': 'ec2_attributes', - 'arg_value_key': 'KeyName'}, + { + 'name': 'instance_profile', + 'arg_name': 'ec2_attributes', + 'arg_value_key': 'InstanceProfile', + }, + { + 'name': 'key_name', + 'arg_name': 'ec2_attributes', + 'arg_value_key': 'KeyName', + }, {'name': 'enable_debugging', 'type': 'boolean'}, - {'name': 'key_pair_file'} + {'name': 'key_pair_file'}, ] TYPES = ['string', 'boolean'] @@ -39,27 +45,30 @@ def get_applicable_configurations(comman def _create_supported_configuration(config): config_type = config['type'] if 'type' in config else 'string' - if (config_type == 'string'): - config_arg_name = config['arg_name'] \ - if 'arg_name' in config else config['name'] - config_arg_value_key = config['arg_value_key'] \ - if 'arg_value_key' in config else None - configuration = StringConfiguration(config['name'], - config_arg_name, - config_arg_value_key) - elif (config_type == 'boolean'): + if config_type == 'string': + config_arg_name = ( + config['arg_name'] if 'arg_name' in config else config['name'] + ) + config_arg_value_key = ( + config['arg_value_key'] if 'arg_value_key' in config else None + ) + configuration = StringConfiguration( + config['name'], config_arg_name, config_arg_value_key + ) + elif config_type == 'boolean': configuration = BooleanConfiguration(config['name']) return configuration def _create_supported_configurations(): - return [_create_supported_configuration(config) - for config in SUPPORTED_CONFIG_LIST] - + return [ + _create_supported_configuration(config) + for config in SUPPORTED_CONFIG_LIST + ] -class Configuration(object): +class Configuration: def __init__(self, name, arg_name): self.name = name self.arg_name = arg_name @@ -78,7 +87,6 @@ class Configuration(object): class StringConfiguration(Configuration): - def __init__(self, name, arg_name, arg_value_key=None): super(StringConfiguration, self).__init__(name, arg_name) self.arg_value_key = arg_value_key @@ -87,40 +95,42 @@ class StringConfiguration(Configuration) return command.supports_arg(self.arg_name.replace('_', '-')) def is_present(self, parsed_args): - if (not self.arg_value_key): + if not self.arg_value_key: return self._check_arg(parsed_args, self.arg_name) else: - return self._check_arg(parsed_args, self.arg_name) \ - and self.arg_value_key in getattr(parsed_args, self.arg_name) + return self._check_arg( + parsed_args, self.arg_name + ) and self.arg_value_key in getattr(parsed_args, self.arg_name) def add(self, command, parsed_args, value): - if (not self.arg_value_key): + if not self.arg_value_key: setattr(parsed_args, self.arg_name, value) else: - if (not self._check_arg(parsed_args, self.arg_name)): + if not self._check_arg(parsed_args, self.arg_name): setattr(parsed_args, self.arg_name, {}) getattr(parsed_args, self.arg_name)[self.arg_value_key] = value class BooleanConfiguration(Configuration): - def __init__(self, name): super(BooleanConfiguration, self).__init__(name, name) self.no_version_arg_name = "no_" + name def is_applicable(self, command): - return command.supports_arg(self.arg_name.replace('_', '-')) and \ - command.supports_arg(self.no_version_arg_name.replace('_', '-')) + return command.supports_arg( + self.arg_name.replace('_', '-') + ) and command.supports_arg(self.no_version_arg_name.replace('_', '-')) def is_present(self, parsed_args): - return self._check_arg(parsed_args, self.arg_name) \ - or self._check_arg(parsed_args, self.no_version_arg_name) + return self._check_arg(parsed_args, self.arg_name) or self._check_arg( + parsed_args, self.no_version_arg_name + ) def add(self, command, parsed_args, value): - if (value.lower() == 'true'): + if value.lower() == 'true': setattr(parsed_args, self.arg_name, True) setattr(parsed_args, self.no_version_arg_name, False) - elif (value.lower() == 'false'): + elif value.lower() == 'false': setattr(parsed_args, self.arg_name, False) setattr(parsed_args, self.no_version_arg_name, True) else: @@ -128,4 +138,6 @@ class BooleanConfiguration(Configuration config_value=value, config_key=self.arg_name, profile_var_name=configutils.get_current_profile_var_name( - command._session)) + command._session + ), + ) diff -pruN 2.23.6-1/awscli/customizations/emr/configutils.py 2.31.35-1/awscli/customizations/emr/configutils.py --- 2.23.6-1/awscli/customizations/emr/configutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/configutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,8 +14,7 @@ import logging import os from awscli.customizations.configure.writer import ConfigFileWriter -from awscli.customizations.emr.constants import EC2_ROLE_NAME -from awscli.customizations.emr.constants import EMR_ROLE_NAME +from awscli.customizations.emr.constants import EC2_ROLE_NAME, EMR_ROLE_NAME LOG = logging.getLogger(__name__) @@ -35,21 +34,31 @@ def get_current_profile_var_name(session def _get_profile_str(session, separator): profile_name = session.get_config_variable('profile') - return 'default' if profile_name is None \ + return ( + 'default' + if profile_name is None else 'profile%c%s' % (separator, profile_name) + ) def is_any_role_configured(session): parsed_configs = get_configs(session) - return True if ('instance_profile' in parsed_configs or - 'service_role' in parsed_configs) \ + return ( + True + if ( + 'instance_profile' in parsed_configs + or 'service_role' in parsed_configs + ) else False + ) def update_roles(session): if is_any_role_configured(session): - LOG.debug("At least one of the roles is already associated with " - "your current profile ") + LOG.debug( + "At least one of the roles is already associated with " + "your current profile " + ) else: config_writer = ConfigWriter(session) config_writer.update_config('service_role', EMR_ROLE_NAME) @@ -57,16 +66,15 @@ def update_roles(session): LOG.debug("Associated default roles with your current profile") -class ConfigWriter(object): - +class ConfigWriter: def __init__(self, session): self.session = session self.section = _get_profile_str(session, ' ') self.config_file_writer = ConfigFileWriter() def update_config(self, key, value): - config_filename = \ - os.path.expanduser(self.session.get_config_variable('config_file')) - updated_config = {'__section__': self.section, - 'emr': {key: value}} + config_filename = os.path.expanduser( + self.session.get_config_variable('config_file') + ) + updated_config = {'__section__': self.section, 'emr': {key: value}} self.config_file_writer.update_config(updated_config, config_filename) diff -pruN 2.23.6-1/awscli/customizations/emr/constants.py 2.31.35-1/awscli/customizations/emr/constants.py --- 2.23.6-1/awscli/customizations/emr/constants.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/constants.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,7 +16,9 @@ EC2_ROLE_NAME = "EMR_EC2_DefaultRole" EMR_ROLE_NAME = "EMR_DefaultRole" EMR_AUTOSCALING_ROLE_NAME = "EMR_AutoScaling_DefaultRole" -ROLE_ARN_PATTERN = "arn:{{region_suffix}}:iam::aws:policy/service-role/{{policy_name}}" +ROLE_ARN_PATTERN = ( + "arn:{{region_suffix}}:iam::aws:policy/service-role/{{policy_name}}" +) EC2_ROLE_POLICY_NAME = "AmazonElasticMapReduceforEC2Role" EMR_ROLE_POLICY_NAME = "AmazonElasticMapReduceRole" EMR_AUTOSCALING_ROLE_POLICY_NAME = "AmazonElasticMapReduceforAutoScalingRole" @@ -57,12 +59,14 @@ EMRFS_RETRY_COUNT_KEY = 'fs.s3.consisten EMRFS_RETRY_PERIOD_KEY = 'fs.s3.consistent.retryPeriodSeconds' EMRFS_CSE_KEY = 'fs.s3.cse.enabled' EMRFS_CSE_KMS_KEY_ID_KEY = 'fs.s3.cse.kms.keyId' -EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY = \ +EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY = ( 'fs.s3.cse.encryptionMaterialsProvider' +) EMRFS_CSE_CUSTOM_PROVIDER_URI_KEY = 'fs.s3.cse.encryptionMaterialsProvider.uri' -EMRFS_CSE_KMS_PROVIDER_FULL_CLASS_NAME = ('com.amazon.ws.emr.hadoop.fs.cse.' - 'KMSEncryptionMaterialsProvider') +EMRFS_CSE_KMS_PROVIDER_FULL_CLASS_NAME = ( + 'com.amazon.ws.emr.hadoop.fs.cse.KMSEncryptionMaterialsProvider' +) EMRFS_CSE_CUSTOM_S3_GET_BA_PATH = 'file:/usr/share/aws/emr/scripts/s3get' EMRFS_CUSTOM_DEST_PATH = '/usr/share/aws/emr/auxlib' @@ -181,16 +185,31 @@ EMR = 'elasticmapreduce' APPLICATION_AUTOSCALING = 'application-autoscaling' LATEST = 'latest' -APPLICATIONS = ["HIVE", "PIG", "HBASE", "GANGLIA", "IMPALA", "SPARK", "MAPR", - "MAPR_M3", "MAPR_M5", "MAPR_M7"] +APPLICATIONS = [ + "HIVE", + "PIG", + "HBASE", + "GANGLIA", + "IMPALA", + "SPARK", + "MAPR", + "MAPR_M3", + "MAPR_M5", + "MAPR_M7", +] SSH_USER = 'hadoop' STARTING_STATES = ['STARTING', 'BOOTSTRAPPING'] TERMINATED_STATES = ['TERMINATED', 'TERMINATING', 'TERMINATED_WITH_ERRORS'] # list-clusters -LIST_CLUSTERS_ACTIVE_STATES = ['STARTING', 'BOOTSTRAPPING', 'RUNNING', - 'WAITING', 'TERMINATING'] +LIST_CLUSTERS_ACTIVE_STATES = [ + 'STARTING', + 'BOOTSTRAPPING', + 'RUNNING', + 'WAITING', + 'TERMINATING', +] LIST_CLUSTERS_TERMINATED_STATES = ['TERMINATED'] LIST_CLUSTERS_FAILED_STATES = ['TERMINATED_WITH_ERRORS'] diff -pruN 2.23.6-1/awscli/customizations/emr/createcluster.py 2.31.35-1/awscli/customizations/emr/createcluster.py --- 2.23.6-1/awscli/customizations/emr/createcluster.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/createcluster.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,137 +13,217 @@ import re -from awscli.customizations.exceptions import ParamValidationError +from botocore.compat import json + from awscli.customizations.commands import BasicCommand -from awscli.customizations.emr import applicationutils -from awscli.customizations.emr import argumentschema -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrfsutils -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions -from awscli.customizations.emr import hbaseutils -from awscli.customizations.emr import helptext -from awscli.customizations.emr import instancegroupsutils -from awscli.customizations.emr import instancefleetsutils -from awscli.customizations.emr import steputils +from awscli.customizations.emr import ( + applicationutils, + argumentschema, + constants, + emrfsutils, + emrutils, + exceptions, + hbaseutils, + helptext, + instancefleetsutils, + instancegroupsutils, + steputils, +) from awscli.customizations.emr.command import Command -from awscli.customizations.emr.constants import EC2_ROLE_NAME -from awscli.customizations.emr.constants import EMR_ROLE_NAME -from botocore.compat import json +from awscli.customizations.emr.constants import EC2_ROLE_NAME, EMR_ROLE_NAME +from awscli.customizations.exceptions import ParamValidationError class CreateCluster(Command): NAME = 'create-cluster' DESCRIPTION = helptext.CREATE_CLUSTER_DESCRIPTION ARG_TABLE = [ - {'name': 'release-label', - 'help_text': helptext.RELEASE_LABEL}, - {'name': 'os-release-label', - 'help_text': helptext.OS_RELEASE_LABEL}, - {'name': 'ami-version', - 'help_text': helptext.AMI_VERSION}, - {'name': 'instance-groups', - 'schema': argumentschema.INSTANCE_GROUPS_SCHEMA, - 'help_text': helptext.INSTANCE_GROUPS}, - {'name': 'instance-type', - 'help_text': helptext.INSTANCE_TYPE}, - {'name': 'instance-count', - 'help_text': helptext.INSTANCE_COUNT}, - {'name': 'auto-terminate', 'action': 'store_true', - 'group_name': 'auto_terminate', - 'help_text': helptext.AUTO_TERMINATE}, - {'name': 'no-auto-terminate', 'action': 'store_true', - 'group_name': 'auto_terminate'}, - {'name': 'instance-fleets', - 'schema': argumentschema.INSTANCE_FLEETS_SCHEMA, - 'help_text': helptext.INSTANCE_FLEETS}, - {'name': 'name', - 'default': 'Development Cluster', - 'help_text': helptext.CLUSTER_NAME}, - {'name': 'log-uri', - 'help_text': helptext.LOG_URI}, - {'name': 'log-encryption-kms-key-id', - 'help_text': helptext.LOG_ENCRYPTION_KMS_KEY_ID}, - {'name': 'service-role', - 'help_text': helptext.SERVICE_ROLE}, - {'name': 'auto-scaling-role', - 'help_text': helptext.AUTOSCALING_ROLE}, - {'name': 'use-default-roles', 'action': 'store_true', - 'help_text': helptext.USE_DEFAULT_ROLES}, - {'name': 'configurations', - 'help_text': helptext.CONFIGURATIONS}, - {'name': 'ec2-attributes', - 'help_text': helptext.EC2_ATTRIBUTES, - 'schema': argumentschema.EC2_ATTRIBUTES_SCHEMA}, - {'name': 'termination-protected', 'action': 'store_true', - 'group_name': 'termination_protected', - 'help_text': helptext.TERMINATION_PROTECTED}, - {'name': 'no-termination-protected', 'action': 'store_true', - 'group_name': 'termination_protected'}, - {'name': 'unhealthy-node-replacement', 'action': 'store_true', - 'group_name': 'unhealthy_node_replacement', - 'help_text': helptext.UNHEALTHY_NODE_REPLACEMENT}, - {'name': 'no-unhealthy-node-replacement', 'action': 'store_true', - 'group_name': 'unhealthy_node_replacement'}, - {'name': 'scale-down-behavior', - 'help_text': helptext.SCALE_DOWN_BEHAVIOR}, - {'name': 'visible-to-all-users', 'action': 'store_true', - 'group_name': 'visibility', - 'help_text': helptext.VISIBILITY}, - {'name': 'no-visible-to-all-users', 'action': 'store_true', - 'group_name': 'visibility'}, - {'name': 'enable-debugging', 'action': 'store_true', - 'group_name': 'debug', - 'help_text': helptext.DEBUGGING}, - {'name': 'no-enable-debugging', 'action': 'store_true', - 'group_name': 'debug'}, - {'name': 'tags', 'nargs': '+', - 'help_text': helptext.TAGS, - 'schema': argumentschema.TAGS_SCHEMA}, - {'name': 'bootstrap-actions', - 'help_text': helptext.BOOTSTRAP_ACTIONS, - 'schema': argumentschema.BOOTSTRAP_ACTIONS_SCHEMA}, - {'name': 'applications', - 'help_text': helptext.APPLICATIONS, - 'schema': argumentschema.APPLICATIONS_SCHEMA}, - {'name': 'emrfs', - 'help_text': helptext.EMR_FS, - 'schema': argumentschema.EMR_FS_SCHEMA}, - {'name': 'steps', - 'schema': argumentschema.STEPS_SCHEMA, - 'help_text': helptext.STEPS}, - {'name': 'additional-info', - 'help_text': helptext.ADDITIONAL_INFO}, - {'name': 'restore-from-hbase-backup', - 'schema': argumentschema.HBASE_RESTORE_FROM_BACKUP_SCHEMA, - 'help_text': helptext.RESTORE_FROM_HBASE}, - {'name': 'security-configuration', - 'help_text': helptext.SECURITY_CONFIG}, - {'name': 'custom-ami-id', - 'help_text' : helptext.CUSTOM_AMI_ID}, - {'name': 'ebs-root-volume-size', - 'help_text' : helptext.EBS_ROOT_VOLUME_SIZE}, - {'name': 'ebs-root-volume-iops', - 'help_text' : helptext.EBS_ROOT_VOLUME_IOPS}, - {'name': 'ebs-root-volume-throughput', - 'help_text' : helptext.EBS_ROOT_VOLUME_THROUGHPUT}, - {'name': 'repo-upgrade-on-boot', - 'help_text' : helptext.REPO_UPGRADE_ON_BOOT}, - {'name': 'kerberos-attributes', - 'schema': argumentschema.KERBEROS_ATTRIBUTES_SCHEMA, - 'help_text': helptext.KERBEROS_ATTRIBUTES}, - {'name': 'step-concurrency-level', - 'cli_type_name': 'integer', - 'help_text': helptext.STEP_CONCURRENCY_LEVEL}, - {'name': 'managed-scaling-policy', - 'schema': argumentschema.MANAGED_SCALING_POLICY_SCHEMA, - 'help_text': helptext.MANAGED_SCALING_POLICY}, - {'name': 'placement-group-configs', - 'schema': argumentschema.PLACEMENT_GROUP_CONFIGS_SCHEMA, - 'help_text': helptext.PLACEMENT_GROUP_CONFIGS}, - {'name': 'auto-termination-policy', - 'schema': argumentschema.AUTO_TERMINATION_POLICY_SCHEMA, - 'help_text': helptext.AUTO_TERMINATION_POLICY} + {'name': 'release-label', 'help_text': helptext.RELEASE_LABEL}, + {'name': 'os-release-label', 'help_text': helptext.OS_RELEASE_LABEL}, + {'name': 'ami-version', 'help_text': helptext.AMI_VERSION}, + { + 'name': 'instance-groups', + 'schema': argumentschema.INSTANCE_GROUPS_SCHEMA, + 'help_text': helptext.INSTANCE_GROUPS, + }, + {'name': 'instance-type', 'help_text': helptext.INSTANCE_TYPE}, + {'name': 'instance-count', 'help_text': helptext.INSTANCE_COUNT}, + { + 'name': 'auto-terminate', + 'action': 'store_true', + 'group_name': 'auto_terminate', + 'help_text': helptext.AUTO_TERMINATE, + }, + { + 'name': 'no-auto-terminate', + 'action': 'store_true', + 'group_name': 'auto_terminate', + }, + { + 'name': 'instance-fleets', + 'schema': argumentschema.INSTANCE_FLEETS_SCHEMA, + 'help_text': helptext.INSTANCE_FLEETS, + }, + { + 'name': 'name', + 'default': 'Development Cluster', + 'help_text': helptext.CLUSTER_NAME, + }, + {'name': 'log-uri', 'help_text': helptext.LOG_URI}, + { + 'name': 'log-encryption-kms-key-id', + 'help_text': helptext.LOG_ENCRYPTION_KMS_KEY_ID, + }, + {'name': 'service-role', 'help_text': helptext.SERVICE_ROLE}, + {'name': 'auto-scaling-role', 'help_text': helptext.AUTOSCALING_ROLE}, + { + 'name': 'use-default-roles', + 'action': 'store_true', + 'help_text': helptext.USE_DEFAULT_ROLES, + }, + {'name': 'configurations', 'help_text': helptext.CONFIGURATIONS}, + { + 'name': 'ec2-attributes', + 'help_text': helptext.EC2_ATTRIBUTES, + 'schema': argumentschema.EC2_ATTRIBUTES_SCHEMA, + }, + { + 'name': 'termination-protected', + 'action': 'store_true', + 'group_name': 'termination_protected', + 'help_text': helptext.TERMINATION_PROTECTED, + }, + { + 'name': 'no-termination-protected', + 'action': 'store_true', + 'group_name': 'termination_protected', + }, + { + 'name': 'unhealthy-node-replacement', + 'action': 'store_true', + 'group_name': 'unhealthy_node_replacement', + 'help_text': helptext.UNHEALTHY_NODE_REPLACEMENT, + }, + { + 'name': 'no-unhealthy-node-replacement', + 'action': 'store_true', + 'group_name': 'unhealthy_node_replacement', + }, + { + 'name': 'scale-down-behavior', + 'help_text': helptext.SCALE_DOWN_BEHAVIOR, + }, + { + 'name': 'visible-to-all-users', + 'action': 'store_true', + 'group_name': 'visibility', + 'help_text': helptext.VISIBILITY, + }, + { + 'name': 'no-visible-to-all-users', + 'action': 'store_true', + 'group_name': 'visibility', + }, + { + 'name': 'enable-debugging', + 'action': 'store_true', + 'group_name': 'debug', + 'help_text': helptext.DEBUGGING, + }, + { + 'name': 'no-enable-debugging', + 'action': 'store_true', + 'group_name': 'debug', + }, + { + 'name': 'tags', + 'nargs': '+', + 'help_text': helptext.TAGS, + 'schema': argumentschema.TAGS_SCHEMA, + }, + { + 'name': 'bootstrap-actions', + 'help_text': helptext.BOOTSTRAP_ACTIONS, + 'schema': argumentschema.BOOTSTRAP_ACTIONS_SCHEMA, + }, + { + 'name': 'applications', + 'help_text': helptext.APPLICATIONS, + 'schema': argumentschema.APPLICATIONS_SCHEMA, + }, + { + 'name': 'emrfs', + 'help_text': helptext.EMR_FS, + 'schema': argumentschema.EMR_FS_SCHEMA, + }, + { + 'name': 'steps', + 'schema': argumentschema.STEPS_SCHEMA, + 'help_text': helptext.STEPS, + }, + {'name': 'additional-info', 'help_text': helptext.ADDITIONAL_INFO}, + { + 'name': 'restore-from-hbase-backup', + 'schema': argumentschema.HBASE_RESTORE_FROM_BACKUP_SCHEMA, + 'help_text': helptext.RESTORE_FROM_HBASE, + }, + { + 'name': 'security-configuration', + 'help_text': helptext.SECURITY_CONFIG, + }, + {'name': 'custom-ami-id', 'help_text': helptext.CUSTOM_AMI_ID}, + { + 'name': 'ebs-root-volume-size', + 'help_text': helptext.EBS_ROOT_VOLUME_SIZE, + }, + { + 'name': 'ebs-root-volume-iops', + 'help_text': helptext.EBS_ROOT_VOLUME_IOPS, + }, + { + 'name': 'ebs-root-volume-throughput', + 'help_text': helptext.EBS_ROOT_VOLUME_THROUGHPUT, + }, + { + 'name': 'repo-upgrade-on-boot', + 'help_text': helptext.REPO_UPGRADE_ON_BOOT, + }, + { + 'name': 'kerberos-attributes', + 'schema': argumentschema.KERBEROS_ATTRIBUTES_SCHEMA, + 'help_text': helptext.KERBEROS_ATTRIBUTES, + }, + { + 'name': 'step-concurrency-level', + 'cli_type_name': 'integer', + 'help_text': helptext.STEP_CONCURRENCY_LEVEL, + }, + { + 'name': 'managed-scaling-policy', + 'schema': argumentschema.MANAGED_SCALING_POLICY_SCHEMA, + 'help_text': helptext.MANAGED_SCALING_POLICY, + }, + { + 'name': 'placement-group-configs', + 'schema': argumentschema.PLACEMENT_GROUP_CONFIGS_SCHEMA, + 'help_text': helptext.PLACEMENT_GROUP_CONFIGS, + }, + { + 'name': 'auto-termination-policy', + 'schema': argumentschema.AUTO_TERMINATION_POLICY_SCHEMA, + 'help_text': helptext.AUTO_TERMINATION_POLICY, + }, + { + 'name': 'extended-support', + 'action': 'store_true', + 'group_name': 'extended-support', + 'help_text': helptext.EXTENDED_SUPPORT, + }, + { + 'name': 'no-extended-support', + 'action': 'store_true', + 'group_name': 'extended-support', + }, ] SYNOPSIS = BasicCommand.FROM_FILE('emr', 'create-cluster-synopsis.txt') EXAMPLES = BasicCommand.FROM_FILE('emr', 'create-cluster-examples.rst') @@ -156,71 +236,95 @@ class CreateCluster(Command): service_role_validation_message = ( " Either choose --use-default-roles or use both --service-role " - " and --ec2-attributes InstanceProfile=.") + " and --ec2-attributes InstanceProfile=." + ) - if parsed_args.use_default_roles is True and \ - parsed_args.service_role is not None: + if ( + parsed_args.use_default_roles is True + and parsed_args.service_role is not None + ): raise exceptions.MutualExclusiveOptionError( option1="--use-default-roles", option2="--service-role", - message=service_role_validation_message) + message=service_role_validation_message, + ) - if parsed_args.use_default_roles is True and \ - parsed_args.ec2_attributes is not None and \ - 'InstanceProfile' in parsed_args.ec2_attributes: + if ( + parsed_args.use_default_roles is True + and parsed_args.ec2_attributes is not None + and 'InstanceProfile' in parsed_args.ec2_attributes + ): raise exceptions.MutualExclusiveOptionError( option1="--use-default-roles", option2="--ec2-attributes InstanceProfile", - message=service_role_validation_message) + message=service_role_validation_message, + ) - if parsed_args.instance_groups is not None and \ - parsed_args.instance_fleets is not None: + if ( + parsed_args.instance_groups is not None + and parsed_args.instance_fleets is not None + ): raise exceptions.MutualExclusiveOptionError( - option1="--instance-groups", - option2="--instance-fleets") + option1="--instance-groups", option2="--instance-fleets" + ) instances_config = {} if parsed_args.instance_fleets is not None: - instances_config['InstanceFleets'] = \ + instances_config['InstanceFleets'] = ( instancefleetsutils.validate_and_build_instance_fleets( - parsed_args.instance_fleets) + parsed_args.instance_fleets + ) + ) else: - instances_config['InstanceGroups'] = \ + instances_config['InstanceGroups'] = ( instancegroupsutils.validate_and_build_instance_groups( instance_groups=parsed_args.instance_groups, instance_type=parsed_args.instance_type, - instance_count=parsed_args.instance_count) + instance_count=parsed_args.instance_count, + ) + ) if parsed_args.release_label is not None: params["ReleaseLabel"] = parsed_args.release_label if parsed_args.configurations is not None: try: params["Configurations"] = json.loads( - parsed_args.configurations) + parsed_args.configurations + ) except ValueError: raise ParamValidationError( 'aws: error: invalid json argument for ' 'option --configurations' ) - if (parsed_args.release_label is None and - parsed_args.ami_version is not None): - is_valid_ami_version = re.match(r'\d?\..*', parsed_args.ami_version) + if ( + parsed_args.release_label is None + and parsed_args.ami_version is not None + ): + is_valid_ami_version = re.match( + r'\d?\..*', parsed_args.ami_version + ) if is_valid_ami_version is None: raise exceptions.InvalidAmiVersionError( - ami_version=parsed_args.ami_version) + ami_version=parsed_args.ami_version + ) params['AmiVersion'] = parsed_args.ami_version emrutils.apply_dict( - params, 'AdditionalInfo', parsed_args.additional_info) + params, 'AdditionalInfo', parsed_args.additional_info + ) emrutils.apply_dict(params, 'LogUri', parsed_args.log_uri) if parsed_args.os_release_label is not None: - emrutils.apply_dict(params, 'OSReleaseLabel', - parsed_args.os_release_label) + emrutils.apply_dict( + params, 'OSReleaseLabel', parsed_args.os_release_label + ) if parsed_args.log_encryption_kms_key_id is not None: - emrutils.apply_dict(params, 'LogEncryptionKmsKeyId', - parsed_args.log_encryption_kms_key_id) + emrutils.apply_dict( + params, + 'LogEncryptionKmsKeyId', + parsed_args.log_encryption_kms_key_id, + ) if parsed_args.use_default_roles is True: parsed_args.service_role = EMR_ROLE_NAME @@ -236,61 +340,79 @@ class CreateCluster(Command): if parsed_args.auto_scaling_role is None: raise exceptions.MissingAutoScalingRoleError() - emrutils.apply_dict(params, 'AutoScalingRole', parsed_args.auto_scaling_role) + emrutils.apply_dict( + params, 'AutoScalingRole', parsed_args.auto_scaling_role + ) if parsed_args.scale_down_behavior is not None: - emrutils.apply_dict(params, 'ScaleDownBehavior', parsed_args.scale_down_behavior) + emrutils.apply_dict( + params, 'ScaleDownBehavior', parsed_args.scale_down_behavior + ) if ( - parsed_args.no_auto_terminate is False and - parsed_args.auto_terminate is False): + parsed_args.no_auto_terminate is False + and parsed_args.auto_terminate is False + ): parsed_args.no_auto_terminate = True - instances_config['KeepJobFlowAliveWhenNoSteps'] = \ + instances_config['KeepJobFlowAliveWhenNoSteps'] = ( emrutils.apply_boolean_options( parsed_args.no_auto_terminate, '--no-auto-terminate', parsed_args.auto_terminate, - '--auto-terminate') + '--auto-terminate', + ) + ) - instances_config['TerminationProtected'] = \ + instances_config['TerminationProtected'] = ( emrutils.apply_boolean_options( parsed_args.termination_protected, '--termination-protected', parsed_args.no_termination_protected, - '--no-termination-protected') - - if (parsed_args.unhealthy_node_replacement or parsed_args.no_unhealthy_node_replacement): - instances_config['UnhealthyNodeReplacement'] = \ - emrutils.apply_boolean_options( - parsed_args.unhealthy_node_replacement, - '--unhealthy-node-replacement', - parsed_args.no_unhealthy_node_replacement, - '--no-unhealthy-node-replacement') + '--no-termination-protected', + ) + ) - if (parsed_args.visible_to_all_users is False and - parsed_args.no_visible_to_all_users is False): + if ( + parsed_args.unhealthy_node_replacement + or parsed_args.no_unhealthy_node_replacement + ): + instances_config['UnhealthyNodeReplacement'] = ( + emrutils.apply_boolean_options( + parsed_args.unhealthy_node_replacement, + '--unhealthy-node-replacement', + parsed_args.no_unhealthy_node_replacement, + '--no-unhealthy-node-replacement', + ) + ) + + if ( + parsed_args.visible_to_all_users is False + and parsed_args.no_visible_to_all_users is False + ): parsed_args.visible_to_all_users = True - params['VisibleToAllUsers'] = \ - emrutils.apply_boolean_options( - parsed_args.visible_to_all_users, - '--visible-to-all-users', - parsed_args.no_visible_to_all_users, - '--no-visible-to-all-users') + params['VisibleToAllUsers'] = emrutils.apply_boolean_options( + parsed_args.visible_to_all_users, + '--visible-to-all-users', + parsed_args.no_visible_to_all_users, + '--no-visible-to-all-users', + ) params['Tags'] = emrutils.parse_tags(parsed_args.tags) params['Instances'] = instances_config if parsed_args.ec2_attributes is not None: self._build_ec2_attributes( - cluster=params, parsed_attrs=parsed_args.ec2_attributes) + cluster=params, parsed_attrs=parsed_args.ec2_attributes + ) debugging_enabled = emrutils.apply_boolean_options( parsed_args.enable_debugging, '--enable-debugging', parsed_args.no_enable_debugging, - '--no-enable-debugging') + '--no-enable-debugging', + ) if parsed_args.log_uri is None and debugging_enabled is True: raise exceptions.LogUriError @@ -300,21 +422,24 @@ class CreateCluster(Command): cluster=params, key='Steps', value=[ - self._build_enable_debugging(parsed_args, parsed_globals)]) + self._build_enable_debugging(parsed_args, parsed_globals) + ], + ) if parsed_args.applications is not None: if parsed_args.release_label is None: - app_list, ba_list, step_list = \ + app_list, ba_list, step_list = ( applicationutils.build_applications( region=self.region, parsed_applications=parsed_args.applications, - ami_version=params['AmiVersion']) - self._update_cluster_dict( - params, 'NewSupportedProducts', app_list) - self._update_cluster_dict( - params, 'BootstrapActions', ba_list) + ami_version=params['AmiVersion'], + ) + ) self._update_cluster_dict( - params, 'Steps', step_list) + params, 'NewSupportedProducts', app_list + ) + self._update_cluster_dict(params, 'BootstrapActions', ba_list) + self._update_cluster_dict(params, 'Steps', step_list) else: params["Applications"] = [] for application in parsed_args.applications: @@ -324,37 +449,45 @@ class CreateCluster(Command): if hbase_restore_config is not None: args = hbaseutils.build_hbase_restore_from_backup_args( dir=hbase_restore_config.get('Dir'), - backup_version=hbase_restore_config.get('BackupVersion')) + backup_version=hbase_restore_config.get('BackupVersion'), + ) step_config = emrutils.build_step( jar=constants.HBASE_JAR_PATH, name=constants.HBASE_RESTORE_STEP_NAME, action_on_failure=constants.CANCEL_AND_WAIT, - args=args) - self._update_cluster_dict( - params, 'Steps', [step_config]) + args=args, + ) + self._update_cluster_dict(params, 'Steps', [step_config]) if parsed_args.bootstrap_actions is not None: self._build_bootstrap_actions( cluster=params, - parsed_boostrap_actions=parsed_args.bootstrap_actions) + parsed_boostrap_actions=parsed_args.bootstrap_actions, + ) if parsed_args.emrfs is not None: self._handle_emrfs_parameters( cluster=params, emrfs_args=parsed_args.emrfs, - release_label=parsed_args.release_label) + release_label=parsed_args.release_label, + ) if parsed_args.steps is not None: steps_list = steputils.build_step_config_list( parsed_step_list=parsed_args.steps, region=self.region, - release_label=parsed_args.release_label) + release_label=parsed_args.release_label, + ) self._update_cluster_dict( - cluster=params, key='Steps', value=steps_list) + cluster=params, key='Steps', value=steps_list + ) if parsed_args.security_configuration is not None: emrutils.apply_dict( - params, 'SecurityConfiguration', parsed_args.security_configuration) + params, + 'SecurityConfiguration', + parsed_args.security_configuration, + ) if parsed_args.custom_ami_id is not None: emrutils.apply_dict( @@ -362,15 +495,21 @@ class CreateCluster(Command): ) if parsed_args.ebs_root_volume_size is not None: emrutils.apply_dict( - params, 'EbsRootVolumeSize', int(parsed_args.ebs_root_volume_size) + params, + 'EbsRootVolumeSize', + int(parsed_args.ebs_root_volume_size), ) if parsed_args.ebs_root_volume_iops is not None: emrutils.apply_dict( - params, 'EbsRootVolumeIops', int(parsed_args.ebs_root_volume_iops) + params, + 'EbsRootVolumeIops', + int(parsed_args.ebs_root_volume_iops), ) if parsed_args.ebs_root_volume_throughput is not None: emrutils.apply_dict( - params, 'EbsRootVolumeThroughput', int(parsed_args.ebs_root_volume_throughput) + params, + 'EbsRootVolumeThroughput', + int(parsed_args.ebs_root_volume_throughput), ) if parsed_args.repo_upgrade_on_boot is not None: @@ -380,34 +519,56 @@ class CreateCluster(Command): if parsed_args.kerberos_attributes is not None: emrutils.apply_dict( - params, 'KerberosAttributes', parsed_args.kerberos_attributes) + params, 'KerberosAttributes', parsed_args.kerberos_attributes + ) if parsed_args.step_concurrency_level is not None: params['StepConcurrencyLevel'] = parsed_args.step_concurrency_level + if parsed_args.extended_support or parsed_args.no_extended_support: + params['ExtendedSupport'] = emrutils.apply_boolean_options( + parsed_args.extended_support, + '--extended-support', + parsed_args.no_extended_support, + '--no-extended-support', + ) + if parsed_args.managed_scaling_policy is not None: emrutils.apply_dict( - params, 'ManagedScalingPolicy', parsed_args.managed_scaling_policy) + params, + 'ManagedScalingPolicy', + parsed_args.managed_scaling_policy, + ) if parsed_args.placement_group_configs is not None: emrutils.apply_dict( - params, 'PlacementGroupConfigs', - parsed_args.placement_group_configs) + params, + 'PlacementGroupConfigs', + parsed_args.placement_group_configs, + ) if parsed_args.auto_termination_policy is not None: emrutils.apply_dict( - params, 'AutoTerminationPolicy', - parsed_args.auto_termination_policy) + params, + 'AutoTerminationPolicy', + parsed_args.auto_termination_policy, + ) self._validate_required_applications(parsed_args) run_job_flow_response = emrutils.call( - self._session, 'run_job_flow', params, self.region, - parsed_globals.endpoint_url, parsed_globals.verify_ssl) + self._session, + 'run_job_flow', + params, + self.region, + parsed_globals.endpoint_url, + parsed_globals.verify_ssl, + ) constructed_result = self._construct_result(run_job_flow_response) - emrutils.display_response(self._session, 'run_job_flow', - constructed_result, parsed_globals) + emrutils.display_response( + self._session, 'run_job_flow', constructed_result, parsed_globals + ) return 0 @@ -419,8 +580,7 @@ class CreateCluster(Command): clusterArn = run_job_flow_result.get('ClusterArn') if jobFlowId is not None: - return {'ClusterId': jobFlowId, - 'ClusterArn': clusterArn } + return {'ClusterId': jobFlowId, 'ClusterArn': clusterArn} else: return {} @@ -428,83 +588,118 @@ class CreateCluster(Command): keys = parsed_attrs.keys() instances = cluster['Instances'] - if ('SubnetId' in keys and 'SubnetIds' in keys): + if 'SubnetId' in keys and 'SubnetIds' in keys: raise exceptions.MutualExclusiveOptionError( - option1="SubnetId", - option2="SubnetIds") + option1="SubnetId", option2="SubnetIds" + ) - if ('AvailabilityZone' in keys and 'AvailabilityZones' in keys): + if 'AvailabilityZone' in keys and 'AvailabilityZones' in keys: raise exceptions.MutualExclusiveOptionError( - option1="AvailabilityZone", - option2="AvailabilityZones") + option1="AvailabilityZone", option2="AvailabilityZones" + ) - if ('SubnetId' in keys or 'SubnetIds' in keys) \ - and ('AvailabilityZone' in keys or 'AvailabilityZones' in keys): + if ('SubnetId' in keys or 'SubnetIds' in keys) and ( + 'AvailabilityZone' in keys or 'AvailabilityZones' in keys + ): raise exceptions.SubnetAndAzValidationError emrutils.apply_params( - src_params=parsed_attrs, src_key='KeyName', - dest_params=instances, dest_key='Ec2KeyName') + src_params=parsed_attrs, + src_key='KeyName', + dest_params=instances, + dest_key='Ec2KeyName', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='SubnetId', - dest_params=instances, dest_key='Ec2SubnetId') + src_params=parsed_attrs, + src_key='SubnetId', + dest_params=instances, + dest_key='Ec2SubnetId', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='SubnetIds', - dest_params=instances, dest_key='Ec2SubnetIds') + src_params=parsed_attrs, + src_key='SubnetIds', + dest_params=instances, + dest_key='Ec2SubnetIds', + ) if 'AvailabilityZone' in keys: instances['Placement'] = dict() emrutils.apply_params( - src_params=parsed_attrs, src_key='AvailabilityZone', + src_params=parsed_attrs, + src_key='AvailabilityZone', dest_params=instances['Placement'], - dest_key='AvailabilityZone') + dest_key='AvailabilityZone', + ) if 'AvailabilityZones' in keys: instances['Placement'] = dict() emrutils.apply_params( - src_params=parsed_attrs, src_key='AvailabilityZones', + src_params=parsed_attrs, + src_key='AvailabilityZones', dest_params=instances['Placement'], - dest_key='AvailabilityZones') + dest_key='AvailabilityZones', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='InstanceProfile', - dest_params=cluster, dest_key='JobFlowRole') + src_params=parsed_attrs, + src_key='InstanceProfile', + dest_params=cluster, + dest_key='JobFlowRole', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='EmrManagedMasterSecurityGroup', - dest_params=instances, dest_key='EmrManagedMasterSecurityGroup') + src_params=parsed_attrs, + src_key='EmrManagedMasterSecurityGroup', + dest_params=instances, + dest_key='EmrManagedMasterSecurityGroup', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='EmrManagedSlaveSecurityGroup', - dest_params=instances, dest_key='EmrManagedSlaveSecurityGroup') + src_params=parsed_attrs, + src_key='EmrManagedSlaveSecurityGroup', + dest_params=instances, + dest_key='EmrManagedSlaveSecurityGroup', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='ServiceAccessSecurityGroup', - dest_params=instances, dest_key='ServiceAccessSecurityGroup') + src_params=parsed_attrs, + src_key='ServiceAccessSecurityGroup', + dest_params=instances, + dest_key='ServiceAccessSecurityGroup', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='AdditionalMasterSecurityGroups', - dest_params=instances, dest_key='AdditionalMasterSecurityGroups') + src_params=parsed_attrs, + src_key='AdditionalMasterSecurityGroups', + dest_params=instances, + dest_key='AdditionalMasterSecurityGroups', + ) emrutils.apply_params( - src_params=parsed_attrs, src_key='AdditionalSlaveSecurityGroups', - dest_params=instances, dest_key='AdditionalSlaveSecurityGroups') + src_params=parsed_attrs, + src_key='AdditionalSlaveSecurityGroups', + dest_params=instances, + dest_key='AdditionalSlaveSecurityGroups', + ) emrutils.apply(params=cluster, key='Instances', value=instances) return cluster - def _build_bootstrap_actions( - self, cluster, parsed_boostrap_actions): + def _build_bootstrap_actions(self, cluster, parsed_boostrap_actions): cluster_ba_list = cluster.get('BootstrapActions') if cluster_ba_list is None: cluster_ba_list = [] bootstrap_actions = [] - if len(cluster_ba_list) + len(parsed_boostrap_actions) \ - > constants.MAX_BOOTSTRAP_ACTION_NUMBER: - raise ParamValidationError('aws: error: maximum number of ' - 'bootstrap actions for a cluster exceeded.') + if ( + len(cluster_ba_list) + len(parsed_boostrap_actions) + > constants.MAX_BOOTSTRAP_ACTION_NUMBER + ): + raise ParamValidationError( + 'aws: error: maximum number of ' + 'bootstrap actions for a cluster exceeded.' + ) for ba in parsed_boostrap_actions: ba_config = {} @@ -514,15 +709,22 @@ class CreateCluster(Command): ba_config['Name'] = constants.BOOTSTRAP_ACTION_NAME script_arg_config = {} emrutils.apply_params( - src_params=ba, src_key='Path', - dest_params=script_arg_config, dest_key='Path') + src_params=ba, + src_key='Path', + dest_params=script_arg_config, + dest_key='Path', + ) emrutils.apply_params( - src_params=ba, src_key='Args', - dest_params=script_arg_config, dest_key='Args') + src_params=ba, + src_key='Args', + dest_params=script_arg_config, + dest_key='Args', + ) emrutils.apply( params=ba_config, key='ScriptBootstrapAction', - value=script_arg_config) + value=script_arg_config, + ) bootstrap_actions.append(ba_config) result = cluster_ba_list + bootstrap_actions @@ -537,15 +739,18 @@ class CreateCluster(Command): args = [constants.DEBUGGING_COMMAND] else: jar = emrutils.get_script_runner(self.region) - args = [emrutils.build_s3_link( - relative_path=constants.DEBUGGING_PATH, - region=self.region)] + args = [ + emrutils.build_s3_link( + relative_path=constants.DEBUGGING_PATH, region=self.region + ) + ] return emrutils.build_step( name=constants.DEBUGGING_NAME, action_on_failure=constants.TERMINATE_CLUSTER, jar=jar, - args=args) + args=args, + ) def _update_cluster_dict(self, cluster, key, value): if key in cluster: @@ -555,29 +760,34 @@ class CreateCluster(Command): return cluster def _validate_release_label_ami_version(self, parsed_args): - if parsed_args.ami_version is not None and \ - parsed_args.release_label is not None: + if ( + parsed_args.ami_version is not None + and parsed_args.release_label is not None + ): raise exceptions.MutualExclusiveOptionError( - option1="--ami-version", - option2="--release-label") + option1="--ami-version", option2="--release-label" + ) - if parsed_args.ami_version is None and \ - parsed_args.release_label is None: + if ( + parsed_args.ami_version is None + and parsed_args.release_label is None + ): raise exceptions.RequiredOptionsError( - option1="--ami-version", - option2="--release-label") + option1="--ami-version", option2="--release-label" + ) # Checks if the applications required by steps are specified # using the --applications option. def _validate_required_applications(self, parsed_args): - specified_apps = set([]) if parsed_args.applications is not None: - specified_apps = \ - set([app['Name'].lower() for app in parsed_args.applications]) + specified_apps = set( + [app['Name'].lower() for app in parsed_args.applications] + ) - missing_apps = self._get_missing_applications_for_steps(specified_apps, - parsed_args) + missing_apps = self._get_missing_applications_for_steps( + specified_apps, parsed_args + ) # Check for HBase. if parsed_args.restore_from_hbase_backup is not None: if constants.HBASE not in specified_apps: @@ -585,11 +795,13 @@ class CreateCluster(Command): if missing_apps: raise exceptions.MissingApplicationsError( - applications=missing_apps) + applications=missing_apps + ) def _get_missing_applications_for_steps(self, specified_apps, parsed_args): - allowed_app_steps = set([constants.HIVE, constants.PIG, - constants.IMPALA]) + allowed_app_steps = set( + [constants.HIVE, constants.PIG, constants.IMPALA] + ) missing_apps = set() if parsed_args.steps is not None: for step in parsed_args.steps: @@ -599,38 +811,51 @@ class CreateCluster(Command): if step_type is not None: step_type = step_type.lower() - if step_type in allowed_app_steps and \ - step_type not in specified_apps: + if ( + step_type in allowed_app_steps + and step_type not in specified_apps + ): missing_apps.add(step['Type'].title()) return missing_apps - def _filter_configurations_in_special_cases(self, configurations, - parsed_args, parsed_configs): + def _filter_configurations_in_special_cases( + self, configurations, parsed_args, parsed_configs + ): if parsed_args.use_default_roles: - configurations = [x for x in configurations - if x.name != 'service_role' and - x.name != 'instance_profile'] + configurations = [ + x + for x in configurations + if x.name != 'service_role' and x.name != 'instance_profile' + ] return configurations def _handle_emrfs_parameters(self, cluster, emrfs_args, release_label): if release_label: self.validate_no_emrfs_configuration(cluster) emrfs_configuration = emrfsutils.build_emrfs_confiuration( - emrfs_args) + emrfs_args + ) self._update_cluster_dict( - cluster=cluster, key='Configurations', - value=[emrfs_configuration]) + cluster=cluster, + key='Configurations', + value=[emrfs_configuration], + ) else: emrfs_ba_config_list = emrfsutils.build_bootstrap_action_configs( - self.region, emrfs_args) + self.region, emrfs_args + ) self._update_cluster_dict( - cluster=cluster, key='BootstrapActions', - value=emrfs_ba_config_list) + cluster=cluster, + key='BootstrapActions', + value=emrfs_ba_config_list, + ) def validate_no_emrfs_configuration(self, cluster): if 'Configurations' in cluster: for config in cluster['Configurations']: - if config is not None and \ - config.get('Classification') == constants.EMRFS_SITE: + if ( + config is not None + and config.get('Classification') == constants.EMRFS_SITE + ): raise exceptions.DuplicateEmrFsConfigurationError diff -pruN 2.23.6-1/awscli/customizations/emr/createdefaultroles.py 2.31.35-1/awscli/customizations/emr/createdefaultroles.py --- 2.23.6-1/awscli/customizations/emr/createdefaultroles.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/createdefaultroles.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,32 +13,30 @@ import logging import re + import botocore.exceptions import botocore.session from botocore import xform_name -from awscli.customizations.utils import get_policy_arn_suffix -from awscli.customizations.emr import configutils -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import configutils, emrutils, exceptions from awscli.customizations.emr.command import Command -from awscli.customizations.emr.constants import EC2 -from awscli.customizations.emr.constants import EC2_ROLE_NAME -from awscli.customizations.emr.constants import EC2_SERVICE_PRINCIPAL -from awscli.customizations.emr.constants import ROLE_ARN_PATTERN -from awscli.customizations.emr.constants import EMR -from awscli.customizations.emr.constants import EMR_ROLE_NAME -from awscli.customizations.emr.constants import EMR_AUTOSCALING_ROLE_NAME -from awscli.customizations.emr.constants import APPLICATION_AUTOSCALING -from awscli.customizations.emr.constants import EC2_ROLE_POLICY_NAME -from awscli.customizations.emr.constants import EMR_ROLE_POLICY_NAME -from awscli.customizations.emr.constants \ - import EMR_AUTOSCALING_ROLE_POLICY_NAME -from awscli.customizations.emr.constants import EMR_AUTOSCALING_SERVICE_NAME -from awscli.customizations.emr.constants \ - import EMR_AUTOSCALING_SERVICE_PRINCIPAL +from awscli.customizations.emr.constants import ( + APPLICATION_AUTOSCALING, + EC2, + EC2_ROLE_NAME, + EC2_ROLE_POLICY_NAME, + EC2_SERVICE_PRINCIPAL, + EMR, + EMR_AUTOSCALING_ROLE_NAME, + EMR_AUTOSCALING_ROLE_POLICY_NAME, + EMR_AUTOSCALING_SERVICE_NAME, + EMR_AUTOSCALING_SERVICE_PRINCIPAL, + EMR_ROLE_NAME, + EMR_ROLE_POLICY_NAME, + ROLE_ARN_PATTERN, +) from awscli.customizations.emr.exceptions import ResolveServicePrincipalError - +from awscli.customizations.utils import get_policy_arn_suffix LOG = logging.getLogger(__name__) @@ -51,9 +49,9 @@ def assume_role_policy(serviceprincipal) "Sid": "", "Effect": "Allow", "Principal": {"Service": serviceprincipal}, - "Action": "sts:AssumeRole" + "Action": "sts:AssumeRole", } - ] + ], } @@ -94,107 +92,138 @@ def _get_suffix_and_region_from_endpoint def _get_regex_match_from_endpoint_host(endpoint_host): if endpoint_host is None: return None - regex_match = re.match("(https?://)([^.]+).elasticmapreduce.([^/]*)", - endpoint_host) + regex_match = re.match( + "(https?://)([^.]+).elasticmapreduce.([^/]*)", endpoint_host + ) # Supports 'elasticmapreduce.{region}.' and '{region}.elasticmapreduce.' if regex_match is None: - regex_match = re.match("(https?://elasticmapreduce).([^.]+).([^/]*)", - endpoint_host) + regex_match = re.match( + "(https?://elasticmapreduce).([^.]+).([^/]*)", endpoint_host + ) return regex_match class CreateDefaultRoles(Command): NAME = "create-default-roles" - DESCRIPTION = ('Creates the default IAM role ' + - EC2_ROLE_NAME + ' and ' + - EMR_ROLE_NAME + ' which can be used when creating the' - ' cluster using the create-cluster command. The default' - ' roles for EMR use managed policies, which are updated' - ' automatically to support future EMR functionality.\n' - '\nIf you do not have a Service Role and Instance Profile ' - 'variable set for your create-cluster command in the AWS ' - 'CLI config file, create-default-roles will automatically ' - 'set the values for these variables with these default ' - 'roles. If you have already set a value for Service Role ' - 'or Instance Profile, create-default-roles will not ' - 'automatically set the defaults for these variables in the ' - 'AWS CLI config file. You can view settings for variables ' - 'in the config file using the "aws configure get" command.' - '\n') + DESCRIPTION = ( + 'Creates the default IAM role ' + + EC2_ROLE_NAME + + ' and ' + + EMR_ROLE_NAME + + ' which can be used when creating the' + ' cluster using the create-cluster command. The default' + ' roles for EMR use managed policies, which are updated' + ' automatically to support future EMR functionality.\n' + '\nIf you do not have a Service Role and Instance Profile ' + 'variable set for your create-cluster command in the AWS ' + 'CLI config file, create-default-roles will automatically ' + 'set the values for these variables with these default ' + 'roles. If you have already set a value for Service Role ' + 'or Instance Profile, create-default-roles will not ' + 'automatically set the defaults for these variables in the ' + 'AWS CLI config file. You can view settings for variables ' + 'in the config file using the "aws configure get" command.' + '\n' + ) ARG_TABLE = [ - {'name': 'iam-endpoint', - 'no_paramfile': True, - 'help_text': '

      The IAM endpoint to call for creating the roles.' - ' This is optional and should only be specified when a' - ' custom endpoint should be called for IAM operations' - '.

      '} + { + 'name': 'iam-endpoint', + 'no_paramfile': True, + 'help_text': '

      The IAM endpoint to call for creating the roles.' + ' This is optional and should only be specified when a' + ' custom endpoint should be called for IAM operations' + '.

      ', + } ] def _run_main_command(self, parsed_args, parsed_globals): - self.iam_endpoint_url = parsed_args.iam_endpoint self._check_for_iam_endpoint(self.region, self.iam_endpoint_url) - self.emr_endpoint_url = \ - self._session.create_client( - 'emr', - region_name=self.region, - endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl).meta.endpoint_url - - LOG.debug('elasticmapreduce endpoint used for resolving' - ' service principal: ' + self.emr_endpoint_url) + self.emr_endpoint_url = self._session.create_client( + 'emr', + region_name=self.region, + endpoint_url=parsed_globals.endpoint_url, + verify=parsed_globals.verify_ssl, + ).meta.endpoint_url + + LOG.debug( + 'elasticmapreduce endpoint used for resolving' + ' service principal: ' + self.emr_endpoint_url + ) # Create default EC2 Role for EMR if it does not exist. - ec2_result, ec2_policy = self._create_role_if_not_exists(parsed_globals, EC2_ROLE_NAME, - EC2_ROLE_POLICY_NAME, [EC2]) + ec2_result, ec2_policy = self._create_role_if_not_exists( + parsed_globals, EC2_ROLE_NAME, EC2_ROLE_POLICY_NAME, [EC2] + ) # Create default EC2 Instance Profile for EMR if it does not exist. instance_profile_name = EC2_ROLE_NAME - if self.check_if_instance_profile_exists(instance_profile_name, - parsed_globals): + if self.check_if_instance_profile_exists( + instance_profile_name, parsed_globals + ): LOG.debug('Instance Profile ' + instance_profile_name + ' exists.') else: - LOG.debug('Instance Profile ' + instance_profile_name + - 'does not exist. Creating default Instance Profile ' + - instance_profile_name) - self._create_instance_profile_with_role(instance_profile_name, - instance_profile_name, - parsed_globals) + LOG.debug( + 'Instance Profile ' + + instance_profile_name + + 'does not exist. Creating default Instance Profile ' + + instance_profile_name + ) + self._create_instance_profile_with_role( + instance_profile_name, instance_profile_name, parsed_globals + ) # Create default EMR Role if it does not exist. - emr_result, emr_policy = self._create_role_if_not_exists(parsed_globals, EMR_ROLE_NAME, - EMR_ROLE_POLICY_NAME, [EMR]) + emr_result, emr_policy = self._create_role_if_not_exists( + parsed_globals, EMR_ROLE_NAME, EMR_ROLE_POLICY_NAME, [EMR] + ) # Create default EMR AutoScaling Role if it does not exist. - emr_autoscaling_result, emr_autoscaling_policy = \ - self._create_role_if_not_exists(parsed_globals, EMR_AUTOSCALING_ROLE_NAME, - EMR_AUTOSCALING_ROLE_POLICY_NAME, [EMR, APPLICATION_AUTOSCALING]) + emr_autoscaling_result, emr_autoscaling_policy = ( + self._create_role_if_not_exists( + parsed_globals, + EMR_AUTOSCALING_ROLE_NAME, + EMR_AUTOSCALING_ROLE_POLICY_NAME, + [EMR, APPLICATION_AUTOSCALING], + ) + ) configutils.update_roles(self._session) emrutils.display_response( self._session, 'create_role', - self._construct_result(ec2_result, ec2_policy, - emr_result, emr_policy, - emr_autoscaling_result, emr_autoscaling_policy), - parsed_globals) + self._construct_result( + ec2_result, + ec2_policy, + emr_result, + emr_policy, + emr_autoscaling_result, + emr_autoscaling_policy, + ), + parsed_globals, + ) return 0 - def _create_role_if_not_exists(self, parsed_globals, role_name, policy_name, service_names): + def _create_role_if_not_exists( + self, parsed_globals, role_name, policy_name, service_names + ): result = None policy = None if self.check_if_role_exists(role_name, parsed_globals): LOG.debug('Role ' + role_name + ' exists.') else: - LOG.debug('Role ' + role_name + ' does not exist.' - ' Creating default role: ' + role_name) + LOG.debug( + 'Role ' + role_name + ' does not exist.' + ' Creating default role: ' + role_name + ) role_arn = get_role_policy_arn(self.region, policy_name) result = self._create_role_with_role_policy( - role_name, service_names, role_arn, parsed_globals) + role_name, service_names, role_arn, parsed_globals + ) policy = self._get_role_policy(role_arn, parsed_globals) return result, policy @@ -205,20 +234,30 @@ class CreateDefaultRoles(Command): if iam_endpoint is None: raise exceptions.UnknownIamEndpointError(region=region) - def _construct_result(self, ec2_response, ec2_policy, - emr_response, emr_policy, - emr_autoscaling_response, emr_autoscaling_policy): + def _construct_result( + self, + ec2_response, + ec2_policy, + emr_response, + emr_policy, + emr_autoscaling_response, + emr_autoscaling_policy, + ): result = [] self._construct_role_and_role_policy_structure( - result, ec2_response, ec2_policy) + result, ec2_response, ec2_policy + ) self._construct_role_and_role_policy_structure( - result, emr_response, emr_policy) + result, emr_response, emr_policy + ) self._construct_role_and_role_policy_structure( - result, emr_autoscaling_response, emr_autoscaling_policy) + result, emr_autoscaling_response, emr_autoscaling_policy + ) return result def _construct_role_and_role_policy_structure( - self, list, response, policy): + self, list, response, policy + ): if response is not None and response['Role'] is not None: list.append({'Role': response['Role'], 'RolePolicy': policy}) return list @@ -240,12 +279,14 @@ class CreateDefaultRoles(Command): return True - def check_if_instance_profile_exists(self, instance_profile_name, - parsed_globals): + def check_if_instance_profile_exists( + self, instance_profile_name, parsed_globals + ): parameters = {'InstanceProfileName': instance_profile_name} try: - self._call_iam_operation('GetInstanceProfile', parameters, - parsed_globals) + self._call_iam_operation( + 'GetInstanceProfile', parameters, parsed_globals + ) except botocore.exceptions.ClientError as e: profile_not_found_code = 'NoSuchEntity' error_code = e.response.get('Error', {}).get('Code') @@ -261,59 +302,74 @@ class CreateDefaultRoles(Command): def _get_role_policy(self, arn, parsed_globals): parameters = {} parameters['PolicyArn'] = arn - policy_details = self._call_iam_operation('GetPolicy', parameters, - parsed_globals) + policy_details = self._call_iam_operation( + 'GetPolicy', parameters, parsed_globals + ) parameters["VersionId"] = policy_details["Policy"]["DefaultVersionId"] - policy_version_details = self._call_iam_operation('GetPolicyVersion', - parameters, - parsed_globals) + policy_version_details = self._call_iam_operation( + 'GetPolicyVersion', parameters, parsed_globals + ) return policy_version_details["PolicyVersion"]["Document"] def _create_role_with_role_policy( - self, role_name, service_names, role_arn, parsed_globals): - + self, role_name, service_names, role_arn, parsed_globals + ): if len(service_names) == 1: service_principal = get_service_principal( - service_names[0], self.emr_endpoint_url, self._session) + service_names[0], self.emr_endpoint_url, self._session + ) else: service_principal = [] for service in service_names: - service_principal.append(get_service_principal( - service, self.emr_endpoint_url, self._session)) - - LOG.debug(f'Adding service principal(s) to trust policy: {service_principal}') + service_principal.append( + get_service_principal( + service, self.emr_endpoint_url, self._session + ) + ) + + LOG.debug( + f'Adding service principal(s) to trust policy: {service_principal}' + ) parameters = {'RoleName': role_name} - _assume_role_policy = \ - emrutils.dict_to_string(assume_role_policy(service_principal)) + _assume_role_policy = emrutils.dict_to_string( + assume_role_policy(service_principal) + ) parameters['AssumeRolePolicyDocument'] = _assume_role_policy - create_role_response = self._call_iam_operation('CreateRole', - parameters, - parsed_globals) + create_role_response = self._call_iam_operation( + 'CreateRole', parameters, parsed_globals + ) parameters = {} parameters['PolicyArn'] = role_arn parameters['RoleName'] = role_name - self._call_iam_operation('AttachRolePolicy', - parameters, parsed_globals) + self._call_iam_operation( + 'AttachRolePolicy', parameters, parsed_globals + ) return create_role_response - def _create_instance_profile_with_role(self, instance_profile_name, - role_name, parsed_globals): + def _create_instance_profile_with_role( + self, instance_profile_name, role_name, parsed_globals + ): # Creating an Instance Profile parameters = {'InstanceProfileName': instance_profile_name} - self._call_iam_operation('CreateInstanceProfile', parameters, - parsed_globals) + self._call_iam_operation( + 'CreateInstanceProfile', parameters, parsed_globals + ) # Adding the role to the Instance Profile parameters = {} parameters['InstanceProfileName'] = instance_profile_name parameters['RoleName'] = role_name - self._call_iam_operation('AddRoleToInstanceProfile', parameters, - parsed_globals) + self._call_iam_operation( + 'AddRoleToInstanceProfile', parameters, parsed_globals + ) def _call_iam_operation(self, operation_name, parameters, parsed_globals): client = self._session.create_client( - 'iam', region_name=self.region, endpoint_url=self.iam_endpoint_url, - verify=parsed_globals.verify_ssl) + 'iam', + region_name=self.region, + endpoint_url=self.iam_endpoint_url, + verify=parsed_globals.verify_ssl, + ) return getattr(client, xform_name(operation_name))(**parameters) diff -pruN 2.23.6-1/awscli/customizations/emr/describecluster.py 2.31.35-1/awscli/customizations/emr/describecluster.py --- 2.23.6-1/awscli/customizations/emr/describecluster.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/describecluster.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,20 +11,22 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +from botocore.exceptions import NoCredentialsError + from awscli.customizations.commands import BasicCommand -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import helptext +from awscli.customizations.emr import constants, emrutils, helptext from awscli.customizations.emr.command import Command -from botocore.exceptions import NoCredentialsError class DescribeCluster(Command): NAME = 'describe-cluster' DESCRIPTION = helptext.DESCRIBE_CLUSTER_DESCRIPTION ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + } ] def _run_main_command(self, parsed_args, parsed_globals): @@ -34,44 +36,61 @@ class DescribeCluster(Command): is_fleet_based_cluster = False describe_cluster_result = self._call( - self._session, 'describe_cluster', parameters, parsed_globals) - + self._session, 'describe_cluster', parameters, parsed_globals + ) if 'Cluster' in describe_cluster_result: describe_cluster = describe_cluster_result['Cluster'] - if describe_cluster.get('InstanceCollectionType') == constants.INSTANCE_FLEET_TYPE: + if ( + describe_cluster.get('InstanceCollectionType') + == constants.INSTANCE_FLEET_TYPE + ): is_fleet_based_cluster = True if is_fleet_based_cluster: list_instance_fleets_result = self._call( - self._session, 'list_instance_fleets', parameters, - parsed_globals) + self._session, + 'list_instance_fleets', + parameters, + parsed_globals, + ) else: list_instance_groups_result = self._call( - self._session, 'list_instance_groups', parameters, - parsed_globals) + self._session, + 'list_instance_groups', + parameters, + parsed_globals, + ) list_bootstrap_actions_result = self._call( - self._session, 'list_bootstrap_actions', - parameters, parsed_globals) + self._session, 'list_bootstrap_actions', parameters, parsed_globals + ) constructed_result = self._construct_result( describe_cluster_result, list_instance_fleets_result, list_instance_groups_result, - list_bootstrap_actions_result) + list_bootstrap_actions_result, + ) - emrutils.display_response(self._session, 'describe_cluster', - constructed_result, parsed_globals) + emrutils.display_response( + self._session, + 'describe_cluster', + constructed_result, + parsed_globals, + ) return 0 def _call(self, session, operation_name, parameters, parsed_globals): return emrutils.call( - session, operation_name, parameters, + session, + operation_name, + parameters, region_name=self.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) def _get_key_of_result(self, keys): # Return the first key that is not "Marker" @@ -80,23 +99,36 @@ class DescribeCluster(Command): return key def _construct_result( - self, describe_cluster_result, list_instance_fleets_result, - list_instance_groups_result, list_bootstrap_actions_result): + self, + describe_cluster_result, + list_instance_fleets_result, + list_instance_groups_result, + list_bootstrap_actions_result, + ): result = describe_cluster_result result['Cluster']['BootstrapActions'] = [] - if (list_instance_fleets_result is not None and - list_instance_fleets_result.get('InstanceFleets') is not None): - result['Cluster']['InstanceFleets'] = \ + if ( + list_instance_fleets_result is not None + and list_instance_fleets_result.get('InstanceFleets') is not None + ): + result['Cluster']['InstanceFleets'] = ( list_instance_fleets_result.get('InstanceFleets') - if (list_instance_groups_result is not None and - list_instance_groups_result.get('InstanceGroups') is not None): - result['Cluster']['InstanceGroups'] = \ + ) + if ( + list_instance_groups_result is not None + and list_instance_groups_result.get('InstanceGroups') is not None + ): + result['Cluster']['InstanceGroups'] = ( list_instance_groups_result.get('InstanceGroups') - if (list_bootstrap_actions_result is not None and - list_bootstrap_actions_result.get('BootstrapActions') - is not None): - result['Cluster']['BootstrapActions'] = \ + ) + if ( + list_bootstrap_actions_result is not None + and list_bootstrap_actions_result.get('BootstrapActions') + is not None + ): + result['Cluster']['BootstrapActions'] = ( list_bootstrap_actions_result['BootstrapActions'] + ) return result diff -pruN 2.23.6-1/awscli/customizations/emr/emr.py 2.31.35-1/awscli/customizations/emr/emr.py --- 2.23.6-1/awscli/customizations/emr/emr.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/emr.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,20 +11,20 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import hbase -from awscli.customizations.emr import ssh +from awscli.customizations.emr import hbase, ssh +from awscli.customizations.emr.addinstancegroups import AddInstanceGroups from awscli.customizations.emr.addsteps import AddSteps +from awscli.customizations.emr.addtags import modify_tags_argument +from awscli.customizations.emr.command import override_args_required_option from awscli.customizations.emr.createcluster import CreateCluster -from awscli.customizations.emr.addinstancegroups import AddInstanceGroups from awscli.customizations.emr.createdefaultroles import CreateDefaultRoles -from awscli.customizations.emr.modifyclusterattributes import ModifyClusterAttr -from awscli.customizations.emr.installapplications import InstallApplications from awscli.customizations.emr.describecluster import DescribeCluster +from awscli.customizations.emr.installapplications import InstallApplications +from awscli.customizations.emr.listclusters import ( + modify_list_clusters_argument, +) +from awscli.customizations.emr.modifyclusterattributes import ModifyClusterAttr from awscli.customizations.emr.terminateclusters import TerminateClusters -from awscli.customizations.emr.addtags import modify_tags_argument -from awscli.customizations.emr.listclusters \ - import modify_list_clusters_argument -from awscli.customizations.emr.command import override_args_required_option def emr_initialize(cli): @@ -35,9 +35,12 @@ def emr_initialize(cli): cli.register('building-argument-table.emr.add-tags', modify_tags_argument) cli.register( 'building-argument-table.emr.list-clusters', - modify_list_clusters_argument) - cli.register('before-building-argument-table-parser.emr.*', - override_args_required_option) + modify_list_clusters_argument, + ) + cli.register( + 'before-building-argument-table-parser.emr.*', + override_args_required_option, + ) def register_commands(command_table, session, **kwargs): @@ -52,12 +55,12 @@ def register_commands(command_table, ses command_table['install-applications'] = InstallApplications(session) command_table['create-cluster'] = CreateCluster(session) command_table['add-steps'] = AddSteps(session) - command_table['restore-from-hbase-backup'] = \ - hbase.RestoreFromHBaseBackup(session) + command_table['restore-from-hbase-backup'] = hbase.RestoreFromHBaseBackup( + session + ) command_table['create-hbase-backup'] = hbase.CreateHBaseBackup(session) command_table['schedule-hbase-backup'] = hbase.ScheduleHBaseBackup(session) - command_table['disable-hbase-backups'] = \ - hbase.DisableHBaseBackups(session) + command_table['disable-hbase-backups'] = hbase.DisableHBaseBackups(session) command_table['create-default-roles'] = CreateDefaultRoles(session) command_table['add-instance-groups'] = AddInstanceGroups(session) command_table['ssh'] = ssh.SSH(session) diff -pruN 2.23.6-1/awscli/customizations/emr/emrfsutils.py 2.31.35-1/awscli/customizations/emr/emrfsutils.py --- 2.23.6-1/awscli/customizations/emr/emrfsutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/emrfsutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,11 +11,9 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions from botocore.compat import OrderedDict +from awscli.customizations.emr import constants, emrutils, exceptions CONSISTENT_OPTIONAL_KEYS = ['RetryCount', 'RetryPeriod'] CSE_KMS_REQUIRED_KEYS = ['KMSKeyId'] @@ -40,20 +38,26 @@ def build_bootstrap_action_configs(regio emrutils.build_bootstrap_action( path=constants.EMRFS_CSE_CUSTOM_S3_GET_BA_PATH, name=constants.S3_GET_BA_NAME, - args=[constants.S3_GET_BA_SRC, - emrfs_args.get('CustomProviderLocation'), - constants.S3_GET_BA_DEST, - constants.EMRFS_CUSTOM_DEST_PATH, - constants.S3_GET_BA_FORCE])) + args=[ + constants.S3_GET_BA_SRC, + emrfs_args.get('CustomProviderLocation'), + constants.S3_GET_BA_DEST, + constants.EMRFS_CUSTOM_DEST_PATH, + constants.S3_GET_BA_FORCE, + ], + ) + ) emrfs_setup_ba_args = _build_ba_args_to_setup_emrfs(emrfs_args) bootstrap_actions.append( emrutils.build_bootstrap_action( path=emrutils.build_s3_link( - relative_path=constants.CONFIG_HADOOP_PATH, - region=region), + relative_path=constants.CONFIG_HADOOP_PATH, region=region + ), name=constants.EMRFS_BA_NAME, - args=emrfs_setup_ba_args)) + args=emrfs_setup_ba_args, + ) + ) return bootstrap_actions @@ -63,74 +67,95 @@ def build_emrfs_confiuration(emrfs_args) emrfs_properties = _build_emrfs_properties(emrfs_args) if _need_to_configure_cse(emrfs_args, 'CUSTOM'): - emrfs_properties[constants.EMRFS_CSE_CUSTOM_PROVIDER_URI_KEY] = \ + emrfs_properties[constants.EMRFS_CSE_CUSTOM_PROVIDER_URI_KEY] = ( emrfs_args.get('CustomProviderLocation') + ) emrfs_configuration = { 'Classification': constants.EMRFS_SITE, - 'Properties': emrfs_properties} + 'Properties': emrfs_properties, + } return emrfs_configuration def _verify_emrfs_args(emrfs_args): # Encryption should have a valid value - if 'Encryption' in emrfs_args \ - and emrfs_args['Encryption'].upper() not in ENCRYPTION_TYPES: + if ( + 'Encryption' in emrfs_args + and emrfs_args['Encryption'].upper() not in ENCRYPTION_TYPES + ): raise exceptions.UnknownEncryptionTypeError( - encryption=emrfs_args['Encryption']) + encryption=emrfs_args['Encryption'] + ) # Only one of SSE and Encryption should be configured if 'SSE' in emrfs_args and 'Encryption' in emrfs_args: raise exceptions.BothSseAndEncryptionConfiguredError( - sse=emrfs_args['SSE'], encryption=emrfs_args['Encryption']) + sse=emrfs_args['SSE'], encryption=emrfs_args['Encryption'] + ) # CSE should be configured correctly # ProviderType should be present and should have valid value # Given the type, the required parameters should be present - if ('Encryption' in emrfs_args and - emrfs_args['Encryption'].upper() == constants.EMRFS_CLIENT_SIDE): + if ( + 'Encryption' in emrfs_args + and emrfs_args['Encryption'].upper() == constants.EMRFS_CLIENT_SIDE + ): if 'ProviderType' not in emrfs_args: raise exceptions.MissingParametersError( - object_name=CSE_OPTION_NAME, missing='ProviderType') + object_name=CSE_OPTION_NAME, missing='ProviderType' + ) elif emrfs_args['ProviderType'].upper() not in CSE_PROVIDER_TYPES: raise exceptions.UnknownCseProviderTypeError( - provider_type=emrfs_args['ProviderType']) + provider_type=emrfs_args['ProviderType'] + ) elif emrfs_args['ProviderType'].upper() == 'KMS': - _verify_required_args(emrfs_args.keys(), CSE_KMS_REQUIRED_KEYS, - CSE_KMS_OPTION_NAME) + _verify_required_args( + emrfs_args.keys(), CSE_KMS_REQUIRED_KEYS, CSE_KMS_OPTION_NAME + ) elif emrfs_args['ProviderType'].upper() == 'CUSTOM': - _verify_required_args(emrfs_args.keys(), CSE_CUSTOM_REQUIRED_KEYS, - CSE_CUSTOM_OPTION_NAME) + _verify_required_args( + emrfs_args.keys(), + CSE_CUSTOM_REQUIRED_KEYS, + CSE_CUSTOM_OPTION_NAME, + ) # No child attributes should be present if the parent feature is not # configured if 'Consistent' not in emrfs_args: - _verify_child_args(emrfs_args.keys(), CONSISTENT_OPTIONAL_KEYS, - CONSISTENT_OPTION_NAME) + _verify_child_args( + emrfs_args.keys(), CONSISTENT_OPTIONAL_KEYS, CONSISTENT_OPTION_NAME + ) if not _need_to_configure_cse(emrfs_args, 'KMS'): - _verify_child_args(emrfs_args.keys(), CSE_KMS_REQUIRED_KEYS, - CSE_KMS_OPTION_NAME) + _verify_child_args( + emrfs_args.keys(), CSE_KMS_REQUIRED_KEYS, CSE_KMS_OPTION_NAME + ) if not _need_to_configure_cse(emrfs_args, 'CUSTOM'): - _verify_child_args(emrfs_args.keys(), CSE_CUSTOM_REQUIRED_KEYS, - CSE_CUSTOM_OPTION_NAME) + _verify_child_args( + emrfs_args.keys(), CSE_CUSTOM_REQUIRED_KEYS, CSE_CUSTOM_OPTION_NAME + ) def _verify_required_args(actual_keys, required_keys, object_name): if any(x not in actual_keys for x in required_keys): missing_keys = list( - sorted(set(required_keys).difference(set(actual_keys)))) + sorted(set(required_keys).difference(set(actual_keys))) + ) raise exceptions.MissingParametersError( - object_name=object_name, missing=emrutils.join(missing_keys)) + object_name=object_name, missing=emrutils.join(missing_keys) + ) def _verify_child_args(actual_keys, child_keys, parent_object_name): if any(x in actual_keys for x in child_keys): invalid_keys = list( - sorted(set(child_keys).intersection(set(actual_keys)))) + sorted(set(child_keys).intersection(set(actual_keys))) + ) raise exceptions.InvalidEmrFsArgumentsError( invalid=emrutils.join(invalid_keys), - parent_object_name=parent_object_name) + parent_object_name=parent_object_name, + ) def _build_ba_args_to_setup_emrfs(emrfs_args): @@ -170,29 +195,35 @@ def _need_to_configure_consistent_view(e def _need_to_configure_sse(emrfs_args): - return 'SSE' in emrfs_args \ - or ('Encryption' in emrfs_args and - emrfs_args['Encryption'].upper() == constants.EMRFS_SERVER_SIDE) + return 'SSE' in emrfs_args or ( + 'Encryption' in emrfs_args + and emrfs_args['Encryption'].upper() == constants.EMRFS_SERVER_SIDE + ) def _need_to_configure_cse(emrfs_args, cse_type): - return ('Encryption' in emrfs_args and - emrfs_args['Encryption'].upper() == constants.EMRFS_CLIENT_SIDE and - 'ProviderType' in emrfs_args and - emrfs_args['ProviderType'].upper() == cse_type) + return ( + 'Encryption' in emrfs_args + and emrfs_args['Encryption'].upper() == constants.EMRFS_CLIENT_SIDE + and 'ProviderType' in emrfs_args + and emrfs_args['ProviderType'].upper() == cse_type + ) def _update_properties_for_consistent_view(emrfs_properties, emrfs_args): - emrfs_properties[constants.EMRFS_CONSISTENT_KEY] = \ - str(emrfs_args['Consistent']).lower() + emrfs_properties[constants.EMRFS_CONSISTENT_KEY] = str( + emrfs_args['Consistent'] + ).lower() if 'RetryCount' in emrfs_args: - emrfs_properties[constants.EMRFS_RETRY_COUNT_KEY] = \ - str(emrfs_args['RetryCount']) + emrfs_properties[constants.EMRFS_RETRY_COUNT_KEY] = str( + emrfs_args['RetryCount'] + ) if 'RetryPeriod' in emrfs_args: - emrfs_properties[constants.EMRFS_RETRY_PERIOD_KEY] = \ - str(emrfs_args['RetryPeriod']) + emrfs_properties[constants.EMRFS_RETRY_PERIOD_KEY] = str( + emrfs_args['RetryPeriod'] + ) def _update_properties_for_sse(emrfs_properties, emrfs_args): @@ -206,16 +237,17 @@ def _update_properties_for_cse(emrfs_pro emrfs_properties[constants.EMRFS_CSE_KEY] = 'true' if cse_type == 'KMS': emrfs_properties[ - constants.EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY] = \ - constants.EMRFS_CSE_KMS_PROVIDER_FULL_CLASS_NAME + constants.EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY + ] = constants.EMRFS_CSE_KMS_PROVIDER_FULL_CLASS_NAME - emrfs_properties[constants.EMRFS_CSE_KMS_KEY_ID_KEY] =\ - emrfs_args['KMSKeyId'] + emrfs_properties[constants.EMRFS_CSE_KMS_KEY_ID_KEY] = emrfs_args[ + 'KMSKeyId' + ] elif cse_type == 'CUSTOM': emrfs_properties[ - constants.EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY] = \ - emrfs_args['CustomProviderClass'] + constants.EMRFS_CSE_ENCRYPTION_MATERIALS_PROVIDER_KEY + ] = emrfs_args['CustomProviderClass'] def _update_emrfs_ba_args(ba_args, key_value): diff -pruN 2.23.6-1/awscli/customizations/emr/emrutils.py 2.31.35-1/awscli/customizations/emr/emrutils.py --- 2.23.6-1/awscli/customizations/emr/emrutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/emrutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,13 +15,12 @@ import json import logging import os +from botocore import xform_name +from botocore.exceptions import NoCredentialsError, WaiterError from awscli.clidriver import CLIOperationCaller +from awscli.customizations.emr import constants, exceptions from awscli.customizations.exceptions import ParamValidationError -from awscli.customizations.emr import constants -from awscli.customizations.emr import exceptions -from botocore.exceptions import WaiterError, NoCredentialsError -from botocore import xform_name LOG = logging.getLogger(__name__) @@ -57,11 +56,16 @@ def parse_key_value_string(key_value_str def apply_boolean_options( - true_option, true_option_name, false_option, false_option_name): + true_option, true_option_name, false_option, false_option_name +): if true_option and false_option: - error_message = \ - 'aws: error: cannot use both ' + true_option_name + \ - ' and ' + false_option_name + ' options together.' + error_message = ( + 'aws: error: cannot use both ' + + true_option_name + + ' and ' + + false_option_name + + ' options together.' + ) raise ParamValidationError(error_message) elif true_option: return True @@ -92,13 +96,14 @@ def apply_params(src_params, src_key, de def build_step( - jar, name='Step', - action_on_failure=constants.DEFAULT_FAILURE_ACTION, - args=None, - main_class=None, - properties=None): - check_required_field( - structure='HadoopJarStep', name='Jar', value=jar) + jar, + name='Step', + action_on_failure=constants.DEFAULT_FAILURE_ACTION, + args=None, + main_class=None, + properties=None, +): + check_required_field(structure='HadoopJarStep', name='Jar', value=jar) step = {} apply_dict(step, 'Name', name) @@ -113,13 +118,11 @@ def build_step( return step -def build_bootstrap_action( - path, - name='Bootstrap Action', - args=None): +def build_bootstrap_action(path, name='Bootstrap Action', args=None): if path is None: raise exceptions.MissingParametersError( - object_name='ScriptBootstrapActionConfig', missing='Path') + object_name='ScriptBootstrapActionConfig', missing='Path' + ) ba_config = {} apply_dict(ba_config, 'Name', name) script_config = {} @@ -133,20 +136,22 @@ def build_bootstrap_action( def build_s3_link(relative_path='', region='us-east-1'): if region is None: region = 'us-east-1' - return 's3://{0}.elasticmapreduce{1}'.format(region, relative_path) + return f's3://{region}.elasticmapreduce{relative_path}' def get_script_runner(region='us-east-1'): if region is None: region = 'us-east-1' return build_s3_link( - relative_path=constants.SCRIPT_RUNNER_PATH, region=region) + relative_path=constants.SCRIPT_RUNNER_PATH, region=region + ) def check_required_field(structure, name, value): if not value: raise exceptions.MissingParametersError( - object_name=structure, missing=name) + object_name=structure, missing=name + ) def check_empty_string_list(name, value): @@ -154,8 +159,14 @@ def check_empty_string_list(name, value) raise exceptions.EmptyListError(param=name) -def call(session, operation_name, parameters, region_name=None, - endpoint_url=None, verify=None): +def call( + session, + operation_name, + parameters, + region_name=None, + endpoint_url=None, + verify=None, +): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. @@ -163,8 +174,11 @@ def call(session, operation_name, parame raise NoCredentialsError() client = session.create_client( - 'emr', region_name=region_name, endpoint_url=endpoint_url, - verify=verify) + 'emr', + region_name=region_name, + endpoint_url=endpoint_url, + verify=verify, + ) LOG.debug('Calling ' + str(operation_name)) return getattr(client, operation_name)(**parameters) @@ -182,7 +196,8 @@ def get_client(session, parsed_globals): 'emr', region_name=get_region(session, parsed_globals), endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) def get_cluster_state(session, parsed_globals, cluster_id): @@ -210,12 +225,13 @@ def which(program): return None -def call_and_display_response(session, operation_name, parameters, - parsed_globals): +def call_and_display_response( + session, operation_name, parameters, parsed_globals +): cli_operation_caller = CLIOperationCaller(session) cli_operation_caller.invoke( - 'emr', operation_name, - parameters, parsed_globals) + 'emr', operation_name, parameters, parsed_globals + ) def display_response(session, operation_name, result, parsed_globals): @@ -223,7 +239,8 @@ def display_response(session, operation_ # Calling a private method. Should be changed after the functionality # is moved outside CliOperationCaller. cli_operation_caller._display_response( - operation_name, result, parsed_globals) + operation_name, result, parsed_globals + ) def get_region(session, parsed_globals): @@ -245,8 +262,9 @@ def join(values, separator=',', lastSepa return values[0] else: separator = '%s ' % separator - return ' '.join([separator.join(values[:-1]), - lastSeparator, values[-1]]) + return ' '.join( + [separator.join(values[:-1]), lastSeparator, values[-1]] + ) def split_to_key_value(string): @@ -256,21 +274,24 @@ def split_to_key_value(string): return string.split('=', 1) -def get_cluster(cluster_id, session, region, - endpoint_url, verify_ssl): - describe_cluster_params = {'ClusterId': cluster_id} - describe_cluster_response = call( - session, 'describe_cluster', describe_cluster_params, - region, endpoint_url, - verify_ssl) - - if describe_cluster_response is not None: - return describe_cluster_response.get('Cluster') - - -def get_release_label(cluster_id, session, region, - endpoint_url, verify_ssl): - cluster = get_cluster(cluster_id, session, region, - endpoint_url, verify_ssl) - if cluster is not None: - return cluster.get('ReleaseLabel') +def get_cluster(cluster_id, session, region, endpoint_url, verify_ssl): + describe_cluster_params = {'ClusterId': cluster_id} + describe_cluster_response = call( + session, + 'describe_cluster', + describe_cluster_params, + region, + endpoint_url, + verify_ssl, + ) + + if describe_cluster_response is not None: + return describe_cluster_response.get('Cluster') + + +def get_release_label(cluster_id, session, region, endpoint_url, verify_ssl): + cluster = get_cluster( + cluster_id, session, region, endpoint_url, verify_ssl + ) + if cluster is not None: + return cluster.get('ReleaseLabel') diff -pruN 2.23.6-1/awscli/customizations/emr/exceptions.py 2.31.35-1/awscli/customizations/emr/exceptions.py --- 2.23.6-1/awscli/customizations/emr/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,12 +14,12 @@ from awscli.customizations.exceptions im class EmrError(Exception): - """ The base exception class for Emr exceptions. :ivar msg: The descriptive message associated with the error. """ + fmt = 'An unspecified error occurred' def __init__(self, **kwargs): @@ -29,7 +29,6 @@ class EmrError(Exception): class MissingParametersError(EmrError, ParamValidationError): - """ One or more required parameters were not supplied. @@ -40,168 +39,193 @@ class MissingParametersError(EmrError, P other than str(). :ivar missing: The names of the missing parameters. """ - fmt = ('aws: error: The following required parameters are missing for ' - '{object_name}: {missing}.') + fmt = ( + 'aws: error: The following required parameters are missing for ' + '{object_name}: {missing}.' + ) -class EmptyListError(EmrError, ParamValidationError): +class EmptyListError(EmrError, ParamValidationError): """ The provided list is empty. :ivar param: The provided list parameter """ - fmt = ('aws: error: The prameter {param} cannot be an empty list.') + fmt = 'aws: error: The prameter {param} cannot be an empty list.' -class MissingRequiredInstanceGroupsError(EmrError, ParamValidationError): +class MissingRequiredInstanceGroupsError(EmrError, ParamValidationError): """ In create-cluster command, none of --instance-group, --instance-count nor --instance-type were not supplied. """ - fmt = ('aws: error: Must specify either --instance-groups or ' - '--instance-type with --instance-count(optional) to ' - 'configure instance groups.') + fmt = ( + 'aws: error: Must specify either --instance-groups or ' + '--instance-type with --instance-count(optional) to ' + 'configure instance groups.' + ) -class InstanceGroupsValidationError(EmrError, ParamValidationError): +class InstanceGroupsValidationError(EmrError, ParamValidationError): """ --instance-type and --instance-count are shortcut option for --instance-groups and they cannot be specified together with --instance-groups """ - fmt = ('aws: error: You may not specify --instance-type ' - 'or --instance-count with --instance-groups, ' - 'because --instance-type and --instance-count are ' - 'shortcut options for --instance-groups.') + fmt = ( + 'aws: error: You may not specify --instance-type ' + 'or --instance-count with --instance-groups, ' + 'because --instance-type and --instance-count are ' + 'shortcut options for --instance-groups.' + ) -class InvalidAmiVersionError(EmrError, ParamValidationError): +class InvalidAmiVersionError(EmrError, ParamValidationError): """ The supplied ami-version is invalid. :ivar ami_version: The provided ami_version. """ - fmt = ('aws: error: The supplied AMI version "{ami_version}" is invalid.' - ' Please see AMI Versions Supported in Amazon EMR in ' - 'Amazon Elastic MapReduce Developer Guide: ' - 'http://docs.aws.amazon.com/ElasticMapReduce/' - 'latest/DeveloperGuide/ami-versions-supported.html') + fmt = ( + 'aws: error: The supplied AMI version "{ami_version}" is invalid.' + ' Please see AMI Versions Supported in Amazon EMR in ' + 'Amazon Elastic MapReduce Developer Guide: ' + 'http://docs.aws.amazon.com/ElasticMapReduce/' + 'latest/DeveloperGuide/ami-versions-supported.html' + ) -class MissingBooleanOptionsError(EmrError, ParamValidationError): +class MissingBooleanOptionsError(EmrError, ParamValidationError): """ Required boolean options are not supplied. :ivar true_option :ivar false_option """ - fmt = ('aws: error: Must specify one of the following boolean options: ' - '{true_option}|{false_option}.') + fmt = ( + 'aws: error: Must specify one of the following boolean options: ' + '{true_option}|{false_option}.' + ) -class UnknownStepTypeError(EmrError, ParamValidationError): +class UnknownStepTypeError(EmrError, ParamValidationError): """ The provided step type is not supported. :ivar step_type: the step_type provided. """ - fmt = ('aws: error: The step type {step_type} is not supported.') + fmt = 'aws: error: The step type {step_type} is not supported.' -class UnknownIamEndpointError(EmrError): +class UnknownIamEndpointError(EmrError): """ The IAM endpoint is not known for the specified region. :ivar region: The region specified. """ - fmt = 'IAM endpoint not known for region: {region}.' +\ - ' Specify the iam-endpoint using the --iam-endpoint option.' + fmt = ( + 'IAM endpoint not known for region: {region}.' + + ' Specify the iam-endpoint using the --iam-endpoint option.' + ) -class ResolveServicePrincipalError(EmrError): +class ResolveServicePrincipalError(EmrError): """ The service principal could not be resolved from the region or the endpoint. """ - fmt = 'Could not resolve the service principal from' +\ - ' the region or the endpoint.' + fmt = ( + 'Could not resolve the service principal from' + + ' the region or the endpoint.' + ) -class LogUriError(EmrError, ParamValidationError): +class LogUriError(EmrError, ParamValidationError): """ The LogUri is not specified and debugging is enabled for the cluster. """ - fmt = ('aws: error: LogUri not specified. You must specify a logUri ' - 'if you enable debugging when creating a cluster.') + fmt = ( + 'aws: error: LogUri not specified. You must specify a logUri ' + 'if you enable debugging when creating a cluster.' + ) -class MasterDNSNotAvailableError(EmrError): +class MasterDNSNotAvailableError(EmrError): """ Cannot get dns of master node on the cluster. """ - fmt = 'Cannot get DNS of master node on the cluster. '\ - ' Please try again after some time.' + fmt = ( + 'Cannot get DNS of master node on the cluster. ' + ' Please try again after some time.' + ) -class WrongPuttyKeyError(EmrError, ParamValidationError): +class WrongPuttyKeyError(EmrError, ParamValidationError): """ A wrong key has been used with a compatible program. """ - fmt = 'Key file file format is incorrect. Putty expects a ppk file. '\ - 'Please refer to documentation at http://docs.aws.amazon.com/'\ - 'ElasticMapReduce/latest/DeveloperGuide/EMR_SetUp_SSH.html. ' + fmt = ( + 'Key file file format is incorrect. Putty expects a ppk file. ' + 'Please refer to documentation at http://docs.aws.amazon.com/' + 'ElasticMapReduce/latest/DeveloperGuide/EMR_SetUp_SSH.html. ' + ) -class SSHNotFoundError(EmrError): +class SSHNotFoundError(EmrError): """ SSH or Putty not available. """ - fmt = 'SSH or Putty not available. Please refer to the documentation '\ - 'at http://docs.aws.amazon.com/ElasticMapReduce/latest/'\ - 'DeveloperGuide/EMR_SetUp_SSH.html.' + fmt = ( + 'SSH or Putty not available. Please refer to the documentation ' + 'at http://docs.aws.amazon.com/ElasticMapReduce/latest/' + 'DeveloperGuide/EMR_SetUp_SSH.html.' + ) -class SCPNotFoundError(EmrError): +class SCPNotFoundError(EmrError): """ SCP or Pscp not available. """ - fmt = 'SCP or Pscp not available. Please refer to the documentation '\ - 'at http://docs.aws.amazon.com/ElasticMapReduce/latest/'\ - 'DeveloperGuide/EMR_SetUp_SSH.html. ' + fmt = ( + 'SCP or Pscp not available. Please refer to the documentation ' + 'at http://docs.aws.amazon.com/ElasticMapReduce/latest/' + 'DeveloperGuide/EMR_SetUp_SSH.html. ' + ) -class SubnetAndAzValidationError(EmrError, ParamValidationError): +class SubnetAndAzValidationError(EmrError, ParamValidationError): """ SubnetId and AvailabilityZone are mutual exclusive in --ec2-attributes. """ - fmt = ('aws: error: You may not specify both a SubnetId and an Availabili' - 'tyZone (placement) because ec2SubnetId implies a placement.') + fmt = ( + 'aws: error: You may not specify both a SubnetId and an Availabili' + 'tyZone (placement) because ec2SubnetId implies a placement.' + ) -class RequiredOptionsError(EmrError, ParamValidationError): +class RequiredOptionsError(EmrError, ParamValidationError): """ Either of option1 or option2 is required. """ - fmt = ('aws: error: Either {option1} or {option2} is required.') + fmt = 'aws: error: Either {option1} or {option2} is required.' class MutualExclusiveOptionError(EmrError, ParamValidationError): - """ The provided option1 and option2 are mutually exclusive. @@ -211,15 +235,18 @@ class MutualExclusiveOptionError(EmrErro """ def __init__(self, **kwargs): - msg = ('aws: error: You cannot specify both ' + - kwargs.get('option1', '') + ' and ' + - kwargs.get('option2', '') + ' options together.' + - kwargs.get('message', '')) + msg = ( + 'aws: error: You cannot specify both ' + + kwargs.get('option1', '') + + ' and ' + + kwargs.get('option2', '') + + ' options together.' + + kwargs.get('message', '') + ) Exception.__init__(self, msg) class MissingApplicationsError(EmrError, ParamValidationError): - """ The application required for a step is not installed when creating a cluster. @@ -228,50 +255,56 @@ class MissingApplicationsError(EmrError, """ def __init__(self, **kwargs): - msg = ('aws: error: Some of the steps require the following' - ' applications to be installed: ' + - ', '.join(kwargs['applications']) + '. Please install the' - ' applications using --applications.') + msg = ( + 'aws: error: Some of the steps require the following' + ' applications to be installed: ' + + ', '.join(kwargs['applications']) + + '. Please install the' + ' applications using --applications.' + ) Exception.__init__(self, msg) class ClusterTerminatedError(EmrError): - """ The cluster is terminating or has already terminated. """ + fmt = 'aws: error: Cluster terminating or already terminated.' class ClusterStatesFilterValidationError(EmrError, ParamValidationError): - """ In the list-clusters command, customers can specify only one of the following states filters: --cluster-states, --active, --terminated, --failed """ - fmt = ('aws: error: You can specify only one of the cluster state ' - 'filters: --cluster-states, --active, --terminated, --failed.') + fmt = ( + 'aws: error: You can specify only one of the cluster state ' + 'filters: --cluster-states, --active, --terminated, --failed.' + ) -class MissingClusterAttributesError(EmrError, ParamValidationError): +class MissingClusterAttributesError(EmrError, ParamValidationError): """ In the modify-cluster-attributes command, customers need to provide at least one of the following cluster attributes: --visible-to-all-users, --no-visible-to-all-users, --termination-protected, --no-termination-protected, --auto-terminate and --no-auto-terminate """ - fmt = ('aws: error: Must specify one of the following boolean options: ' - '--visible-to-all-users|--no-visible-to-all-users, ' - '--termination-protected|--no-termination-protected, ' - '--auto-terminate|--no-auto-terminate, ' - '--unhealthy-node-replacement|--no-unhealthy-node-replacement.') + fmt = ( + 'aws: error: Must specify one of the following boolean options: ' + '--visible-to-all-users|--no-visible-to-all-users, ' + '--termination-protected|--no-termination-protected, ' + '--auto-terminate|--no-auto-terminate, ' + '--unhealthy-node-replacement|--no-unhealthy-node-replacement.' + ) -class InvalidEmrFsArgumentsError(EmrError, ParamValidationError): +class InvalidEmrFsArgumentsError(EmrError, ParamValidationError): """ The provided EMRFS parameters are invalid as parent feature e.g., Consistent View, CSE, SSE is not configured @@ -280,40 +313,46 @@ class InvalidEmrFsArgumentsError(EmrErro :ivar parent_object_name: Parent feature name """ - fmt = ('aws: error: {parent_object_name} is not specified. Thus, ' - ' following parameters are invalid: {invalid}') + fmt = ( + 'aws: error: {parent_object_name} is not specified. Thus, ' + ' following parameters are invalid: {invalid}' + ) class DuplicateEmrFsConfigurationError(EmrError, ParamValidationError): - - fmt = ('aws: error: EMRFS should be configured either using ' - '--configuration or --emrfs but not both') + fmt = ( + 'aws: error: EMRFS should be configured either using ' + '--configuration or --emrfs but not both' + ) class UnknownCseProviderTypeError(EmrError, ParamValidationError): - """ The provided EMRFS client-side encryption provider type is not supported. :ivar provider_type: the provider_type provided. """ - fmt = ('aws: error: The client side encryption type "{provider_type}" is ' - 'not supported. You must specify either KMS or Custom') + fmt = ( + 'aws: error: The client side encryption type "{provider_type}" is ' + 'not supported. You must specify either KMS or Custom' + ) -class UnknownEncryptionTypeError(EmrError, ParamValidationError): +class UnknownEncryptionTypeError(EmrError, ParamValidationError): """ The provided encryption type is not supported. :ivar provider_type: the provider_type provided. """ - fmt = ('aws: error: The encryption type "{encryption}" is invalid. ' - 'You must specify either ServerSide or ClientSide') + fmt = ( + 'aws: error: The encryption type "{encryption}" is invalid. ' + 'You must specify either ServerSide or ClientSide' + ) -class BothSseAndEncryptionConfiguredError(EmrError, ParamValidationError): +class BothSseAndEncryptionConfiguredError(EmrError, ParamValidationError): """ Only one of SSE or Encryption can be configured. @@ -321,25 +360,30 @@ class BothSseAndEncryptionConfiguredErro :ivar encryption: Value for encryption """ - fmt = ('aws: error: Both SSE={sse} and Encryption={encryption} are ' - 'configured for --emrfs. You must specify only one of the two.') + fmt = ( + 'aws: error: Both SSE={sse} and Encryption={encryption} are ' + 'configured for --emrfs. You must specify only one of the two.' + ) class InvalidBooleanConfigError(EmrError, ParamValidationError): - - fmt = ("aws: error: {config_value} for {config_key} in the config file is " - "invalid. The value should be either 'True' or 'False'. Use " - "'aws configure set {profile_var_name}.emr.{config_key} ' " - "command to set a valid value.") + fmt = ( + "aws: error: {config_value} for {config_key} in the config file is " + "invalid. The value should be either 'True' or 'False'. Use " + "'aws configure set {profile_var_name}.emr.{config_key} ' " + "command to set a valid value." + ) class UnsupportedCommandWithReleaseError(EmrError, ParamValidationError): + fmt = ( + "aws: error: {command} is not supported with " + "'{release_label}' release." + ) - fmt = ("aws: error: {command} is not supported with " - "'{release_label}' release.") class MissingAutoScalingRoleError(EmrError, ParamValidationError): - - fmt = ("aws: error: Must specify --auto-scaling-role when configuring an " - "AutoScaling policy for an instance group.") - + fmt = ( + "aws: error: Must specify --auto-scaling-role when configuring an " + "AutoScaling policy for an instance group." + ) diff -pruN 2.23.6-1/awscli/customizations/emr/hbase.py 2.31.35-1/awscli/customizations/emr/hbase.py --- 2.23.6-1/awscli/customizations/emr/hbase.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/hbase.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,71 +11,98 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import hbaseutils -from awscli.customizations.emr import helptext +from awscli.customizations.emr import constants, emrutils, hbaseutils, helptext from awscli.customizations.emr.command import Command from awscli.customizations.exceptions import ParamValidationError class RestoreFromHBaseBackup(Command): NAME = 'restore-from-hbase-backup' - DESCRIPTION = ('Restores HBase from S3. ' + - helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS) + DESCRIPTION = ( + 'Restores HBase from S3. ' + helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'dir', 'required': True, - 'help_text': helptext.HBASE_BACKUP_DIR}, - {'name': 'backup-version', - 'help_text': helptext.HBASE_BACKUP_VERSION} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'dir', + 'required': True, + 'help_text': helptext.HBASE_BACKUP_DIR, + }, + {'name': 'backup-version', 'help_text': helptext.HBASE_BACKUP_VERSION}, ] def _run_main_command(self, parsed_args, parsed_globals): steps = [] args = hbaseutils.build_hbase_restore_from_backup_args( - parsed_args.dir, parsed_args.backup_version) + parsed_args.dir, parsed_args.backup_version + ) step_config = emrutils.build_step( jar=constants.HBASE_JAR_PATH, name=constants.HBASE_RESTORE_STEP_NAME, action_on_failure=constants.CANCEL_AND_WAIT, - args=args) + args=args, + ) steps.append(step_config) - parameters = {'JobFlowId': parsed_args.cluster_id, - 'Steps': steps} - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + parameters = {'JobFlowId': parsed_args.cluster_id, 'Steps': steps} + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 class ScheduleHBaseBackup(Command): NAME = 'schedule-hbase-backup' - DESCRIPTION = ('Adds a step to schedule automated HBase backup. ' + - helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS) + DESCRIPTION = ( + 'Adds a step to schedule automated HBase backup. ' + + helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'type', 'required': True, - 'help_text': "

      Backup type. You can specify 'incremental' or " - "'full'.

      "}, - {'name': 'dir', 'required': True, - 'help_text': helptext.HBASE_BACKUP_DIR}, - {'name': 'interval', 'required': True, - 'help_text': '

      The time between backups.

      '}, - {'name': 'unit', 'required': True, - 'help_text': "

      The time unit for backup's time-interval. " - "You can specify one of the following values:" - " 'minutes', 'hours', or 'days'.

      "}, - {'name': 'start-time', - 'help_text': '

      The time of the first backup in ISO format.

      ' - ' e.g. 2014-04-21T05:26:10Z. Default is now.'}, - {'name': 'consistent', 'action': 'store_true', - 'help_text': '

      Performs a consistent backup.' - ' Pauses all write operations to the HBase cluster' - ' during the backup process.

      '} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'type', + 'required': True, + 'help_text': "

      Backup type. You can specify 'incremental' or " + "'full'.

      ", + }, + { + 'name': 'dir', + 'required': True, + 'help_text': helptext.HBASE_BACKUP_DIR, + }, + { + 'name': 'interval', + 'required': True, + 'help_text': '

      The time between backups.

      ', + }, + { + 'name': 'unit', + 'required': True, + 'help_text': "

      The time unit for backup's time-interval. " + "You can specify one of the following values:" + " 'minutes', 'hours', or 'days'.

      ", + }, + { + 'name': 'start-time', + 'help_text': '

      The time of the first backup in ISO format.

      ' + ' e.g. 2014-04-21T05:26:10Z. Default is now.', + }, + { + 'name': 'consistent', + 'action': 'store_true', + 'help_text': '

      Performs a consistent backup.' + ' Pauses all write operations to the HBase cluster' + ' during the backup process.

      ', + }, ] def _run_main_command(self, parsed_args, parsed_globals): @@ -88,37 +115,54 @@ class ScheduleHBaseBackup(Command): jar=constants.HBASE_JAR_PATH, name=constants.HBASE_SCHEDULE_BACKUP_STEP_NAME, action_on_failure=constants.CANCEL_AND_WAIT, - args=args) + args=args, + ) steps.append(step_config) - parameters = {'JobFlowId': parsed_args.cluster_id, - 'Steps': steps} - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + parameters = {'JobFlowId': parsed_args.cluster_id, 'Steps': steps} + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 def _check_type(self, type): type = type.lower() if type != constants.FULL and type != constants.INCREMENTAL: - raise ParamValidationError('aws: error: invalid type. ' - 'type should be either ' + - constants.FULL + ' or ' + constants.INCREMENTAL + - '.') + raise ParamValidationError( + 'aws: error: invalid type. ' + 'type should be either ' + + constants.FULL + + ' or ' + + constants.INCREMENTAL + + '.' + ) def _check_unit(self, unit): unit = unit.lower() - if (unit != constants.MINUTES and - unit != constants.HOURS and - unit != constants.DAYS): + if ( + unit != constants.MINUTES + and unit != constants.HOURS + and unit != constants.DAYS + ): raise ParamValidationError( 'aws: error: invalid unit. unit should be one of' - ' the following values: ' + constants.MINUTES + - ', ' + constants.HOURS + ' or ' + constants.DAYS + '.' + ' the following values: ' + + constants.MINUTES + + ', ' + + constants.HOURS + + ' or ' + + constants.DAYS + + '.' ) def _build_hbase_schedule_backup_args(self, parsed_args): - args = [constants.HBASE_MAIN, constants.HBASE_SCHEDULED_BACKUP, - constants.TRUE, constants.HBASE_BACKUP_DIR, parsed_args.dir] + args = [ + constants.HBASE_MAIN, + constants.HBASE_SCHEDULED_BACKUP, + constants.TRUE, + constants.HBASE_BACKUP_DIR, + parsed_args.dir, + ] type = parsed_args.type.lower() unit = parsed_args.unit.lower() @@ -151,17 +195,28 @@ class ScheduleHBaseBackup(Command): class CreateHBaseBackup(Command): NAME = 'create-hbase-backup' - DESCRIPTION = ('Creates a HBase backup in S3. ' + - helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS) + DESCRIPTION = ( + 'Creates a HBase backup in S3. ' + + helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'dir', 'required': True, - 'help_text': helptext.HBASE_BACKUP_DIR}, - {'name': 'consistent', 'action': 'store_true', - 'help_text': '

      Performs a consistent backup. Pauses all write' - ' operations to the HBase cluster during the backup' - ' process.

      '} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'dir', + 'required': True, + 'help_text': helptext.HBASE_BACKUP_DIR, + }, + { + 'name': 'consistent', + 'action': 'store_true', + 'help_text': '

      Performs a consistent backup. Pauses all write' + ' operations to the HBase cluster during the backup' + ' process.

      ', + }, ] def _run_main_command(self, parsed_args, parsed_globals): @@ -172,19 +227,23 @@ class CreateHBaseBackup(Command): jar=constants.HBASE_JAR_PATH, name=constants.HBASE_BACKUP_STEP_NAME, action_on_failure=constants.CANCEL_AND_WAIT, - args=args) + args=args, + ) steps.append(step_config) - parameters = {'JobFlowId': parsed_args.cluster_id, - 'Steps': steps} - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + parameters = {'JobFlowId': parsed_args.cluster_id, 'Steps': steps} + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 def _build_hbase_backup_args(self, parsed_args): - args = [constants.HBASE_MAIN, - constants.HBASE_BACKUP, - constants.HBASE_BACKUP_DIR, parsed_args.dir] + args = [ + constants.HBASE_MAIN, + constants.HBASE_BACKUP, + constants.HBASE_BACKUP_DIR, + parsed_args.dir, + ] if parsed_args.consistent is True: args.append(constants.HBASE_BACKUP_CONSISTENT) @@ -194,15 +253,26 @@ class CreateHBaseBackup(Command): class DisableHBaseBackups(Command): NAME = 'disable-hbase-backups' - DESCRIPTION = ('Add a step to disable automated HBase backups. ' + - helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS) + DESCRIPTION = ( + 'Add a step to disable automated HBase backups. ' + + helptext.AVAILABLE_ONLY_FOR_AMI_VERSIONS + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'full', 'action': 'store_true', - 'help_text': 'Disables full backup.'}, - {'name': 'incremental', 'action': 'store_true', - 'help_text': 'Disables incremental backup.'} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'full', + 'action': 'store_true', + 'help_text': 'Disables full backup.', + }, + { + 'name': 'incremental', + 'action': 'store_true', + 'help_text': 'Disables incremental backup.', + }, ] def _run_main_command(self, parsed_args, parsed_globals): @@ -214,22 +284,30 @@ class DisableHBaseBackups(Command): constants.HBASE_JAR_PATH, constants.HBASE_SCHEDULE_BACKUP_STEP_NAME, constants.CANCEL_AND_WAIT, - args) + args, + ) steps.append(step_config) - parameters = {'JobFlowId': parsed_args.cluster_id, - 'Steps': steps} - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + parameters = {'JobFlowId': parsed_args.cluster_id, 'Steps': steps} + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 def _build_hbase_disable_backups_args(self, parsed_args): - args = [constants.HBASE_MAIN, constants.HBASE_SCHEDULED_BACKUP, - constants.FALSE] + args = [ + constants.HBASE_MAIN, + constants.HBASE_SCHEDULED_BACKUP, + constants.FALSE, + ] if parsed_args.full is False and parsed_args.incremental is False: - error_message = 'Should specify at least one of --' +\ - constants.FULL + ' and --' +\ - constants.INCREMENTAL + '.' + error_message = ( + 'Should specify at least one of --' + + constants.FULL + + ' and --' + + constants.INCREMENTAL + + '.' + ) raise ParamValidationError(error_message) if parsed_args.full is True: args.append(constants.HBASE_DISABLE_FULL_BACKUP) diff -pruN 2.23.6-1/awscli/customizations/emr/hbaseutils.py 2.31.35-1/awscli/customizations/emr/hbaseutils.py --- 2.23.6-1/awscli/customizations/emr/hbaseutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/hbaseutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,9 +15,12 @@ from awscli.customizations.emr import co def build_hbase_restore_from_backup_args(dir, backup_version=None): - args = [constants.HBASE_MAIN, - constants.HBASE_RESTORE, - constants.HBASE_BACKUP_DIR, dir] + args = [ + constants.HBASE_MAIN, + constants.HBASE_RESTORE, + constants.HBASE_BACKUP_DIR, + dir, + ] if backup_version is not None: args.append(constants.HBASE_BACKUP_VERSION_FOR_RESTORE) diff -pruN 2.23.6-1/awscli/customizations/emr/helptext.py 2.31.35-1/awscli/customizations/emr/helptext.py --- 2.23.6-1/awscli/customizations/emr/helptext.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/helptext.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,6 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr.createdefaultroles import EMR_ROLE_NAME -from awscli.customizations.emr.createdefaultroles import EC2_ROLE_NAME TERMINATE_CLUSTERS = ( 'Shuts down one or more clusters, each specified by cluster ID. ' @@ -27,28 +25,33 @@ TERMINATE_CLUSTERS = ( 'The command is asynchronous. Depending on the ' 'configuration of the cluster, it may take from 5 to 20 minutes for the ' 'cluster to terminate completely and release allocated resources such as ' - 'Amazon EC2 instances.') + 'Amazon EC2 instances.' +) CLUSTER_ID = ( '

      A unique string that identifies a cluster. The ' 'create-cluster command returns this identifier. You can ' - 'use the list-clusters command to get cluster IDs.

      ') + 'use the list-clusters command to get cluster IDs.

      ' +) HBASE_BACKUP_DIR = ( '

      The Amazon S3 location of the Hbase backup. Example: ' 's3://mybucket/mybackup, where mybucket is the ' 'specified Amazon S3 bucket and mybackup is the specified backup ' 'location. The path argument must begin with s3://, which ' - 'refers to an Amazon S3 bucket.

      ') + 'refers to an Amazon S3 bucket.

      ' +) HBASE_BACKUP_VERSION = ( '

      The backup version to restore from. If not specified, the latest backup ' - 'in the specified location is used.

      ') + 'in the specified location is used.

      ' +) # create-cluster options help text CREATE_CLUSTER_DESCRIPTION = ( - 'Creates an Amazon EMR cluster with the specified configurations.') + 'Creates an Amazon EMR cluster with the specified configurations.' +) DESCRIBE_CLUSTER_DESCRIPTION = ( 'Provides cluster-level details including status, hardware ' @@ -58,22 +61,24 @@ DESCRIBE_CLUSTER_DESCRIPTION = ( 'elasticmapreduce:ListBootstrapActions, ' 'elasticmapreduce:ListInstanceFleets, ' 'elasticmapreduce:DescribeCluster, ' - 'and elasticmapreduce:ListInstanceGroups.') + 'and elasticmapreduce:ListInstanceGroups.' +) -CLUSTER_NAME = ( - '

      The name of the cluster. If not provided, the default is "Development Cluster".

      ') +CLUSTER_NAME = '

      The name of the cluster. If not provided, the default is "Development Cluster".

      ' LOG_URI = ( '

      Specifies the location in Amazon S3 to which log files ' 'are periodically written. If a value is not provided, ' 'logs files are not written to Amazon S3 from the master node ' - 'and are lost if the master node terminates.

      ') + 'and are lost if the master node terminates.

      ' +) LOG_ENCRYPTION_KMS_KEY_ID = ( '

      Specifies the KMS Id utilized for log encryption. If a value is ' 'not provided, log files will be encrypted by default encryption method ' 'AES-256. This attribute is only available with EMR version 5.30.0 and later, ' - 'excluding EMR 6.0.0.

      ') + 'excluding EMR 6.0.0.

      ' +) SERVICE_ROLE = ( '

      Specifies an IAM service role, which Amazon EMR requires to call other AWS services ' @@ -82,28 +87,32 @@ SERVICE_ROLE = ( 'To specify the default service role, as well as the default instance ' 'profile, use the --use-default-roles parameter. ' 'If the role and instance profile do not already exist, use the ' - 'aws emr create-default-roles command to create them.

      ') + 'aws emr create-default-roles command to create them.

      ' +) AUTOSCALING_ROLE = ( '

      Specify --auto-scaling-role EMR_AutoScaling_DefaultRole' ' if an automatic scaling policy is specified for an instance group' ' using the --instance-groups parameter. This default' ' IAM role allows the automatic scaling feature' - ' to launch and terminate Amazon EC2 instances during scaling operations.

      ') + ' to launch and terminate Amazon EC2 instances during scaling operations.

      ' +) USE_DEFAULT_ROLES = ( '

      Specifies that the cluster should use the default' ' service role (EMR_DefaultRole) and instance profile (EMR_EC2_DefaultRole)' ' for permissions to access other AWS services.

      ' '

      Make sure that the role and instance profile exist first. To create them,' - ' use the create-default-roles command.

      ') + ' use the create-default-roles command.

      ' +) AMI_VERSION = ( '

      Applies only to Amazon EMR release versions earlier than 4.0. Use' ' --release-label for 4.0 and later. Specifies' ' the version of Amazon Linux Amazon Machine Image (AMI)' ' to use when launching Amazon EC2 instances in the cluster.' - ' For example, --ami-version 3.1.0.') + ' For example, --ami-version 3.1.0.' +) RELEASE_LABEL = ( '

      Specifies the Amazon EMR release version, which determines' @@ -115,12 +124,14 @@ RELEASE_LABEL = ( '

      https://docs.aws.amazon.com/emr/latest/ReleaseGuide

      ' '

      Use --release-label only for Amazon EMR release version 4.0' ' and later. Use --ami-version for earlier versions.' - ' You cannot specify both a release label and AMI version.

      ') + ' You cannot specify both a release label and AMI version.

      ' +) OS_RELEASE_LABEL = ( '

      Specifies a particular Amazon Linux release for all nodes in a cluster' - ' launch request. If a release is not specified, EMR uses the latest validated' - ' Amazon Linux release for cluster launch.

      ') + ' launch request. If a release is not specified, EMR uses the latest validated' + ' Amazon Linux release for cluster launch.

      ' +) CONFIGURATIONS = ( '

      Specifies a JSON file that contains configuration classifications,' @@ -134,7 +145,8 @@ CONFIGURATIONS = ( ' file for an application, such as yarn-site for YARN. For a list of' ' available configuration classifications and example JSON, see' ' the following topic in the Amazon EMR Release Guide:

      ' - '

      https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html

      ') + '

      https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html

      ' +) INSTANCE_GROUPS = ( '

      Specifies the number and type of Amazon EC2 instances' @@ -163,7 +175,8 @@ INSTANCE_GROUPS = ( '

    • [EbsConfiguration] - Specifies additional Amazon EBS storage volumes attached' ' to EC2 instances using an inline JSON structure.
      • ' '
    • [AutoScalingPolicy] - Specifies an automatic scaling policy for the' - ' instance group using an inline JSON structure.
      • ') + ' instance group using an inline JSON structure.' +) INSTANCE_FLEETS = ( '

      Applies only to Amazon EMR release version 5.0 and later. Specifies' @@ -195,7 +208,8 @@ INSTANCE_FLEETS = ( '

    • InstanceTypeConfigs - Specify up to five EC2 instance types to' ' use in the instance fleet, including details such as Spot price and Amazon EBS configuration.' ' When you use an On-Demand or Spot Instance allocation strategy,' - ' you can specify up to 30 instance types per instance fleet.
      • ') + ' you can specify up to 30 instance types per instance fleet.' +) INSTANCE_TYPE = ( '

      Shortcut parameter as an alternative to --instance-groups.' @@ -204,18 +218,21 @@ INSTANCE_TYPE = ( ' the cluster consists of a single master node running on the EC2 instance type' ' specified. When used together with --instance-count,' ' one instance is used for the master node, and the remainder' - ' are used for the core node type.

      ') + ' are used for the core node type.

      ' +) INSTANCE_COUNT = ( '

      Shortcut parameter as an alternative to --instance-groups' ' when used together with --instance-type. Specifies the' ' number of Amazon EC2 instances to create for a cluster.' ' One instance is used for the master node, and the remainder' - ' are used for the core node type.

      ') + ' are used for the core node type.

      ' +) ADDITIONAL_INFO = ( '

      Specifies additional information during cluster creation. To set development mode when starting your EMR cluster,' - ' set this parameter to {"clusterType":"development"}.

      ') + ' set this parameter to {"clusterType":"development"}.

      ' +) EC2_ATTRIBUTES = ( '

      Configures cluster and Amazon EC2 instance configurations. Accepts' @@ -227,10 +244,10 @@ EC2_ATTRIBUTES = ( ' For example, us-west-1b. AvailabilityZone is used for uniform instance groups,' ' while AvailabilityZones (plural) is used for instance fleets.' '

    • AvailabilityZones - Applies to clusters that use the instance fleet configuration.' - ' When multiple Availability Zones are specified, Amazon EMR evaluates them and launches instances' + ' When multiple Availability Zones are specified, Amazon EMR evaluates them and launches instances' ' in the optimal Availability Zone. AvailabilityZone is used for uniform instance groups,' ' while AvailabilityZones (plural) is used for instance fleets.
      • ' - '
    • SubnetId - Applies to clusters that use the uniform instance group configuration.' + '
    • SubnetId - Applies to clusters that use the uniform instance group configuration.' ' Specify the VPC subnet in which to create the cluster. SubnetId is used for uniform instance groups,' ' while SubnetIds (plural) is used for instance fleets.
      • ' '
    • SubnetIds - Applies to clusters that use the instance fleet configuration.' @@ -249,16 +266,19 @@ EC2_ATTRIBUTES = ( '
    • AdditionalMasterSecurityGroups - A list of additional Amazon EC2' ' security group IDs for the master node.
      • ' '
    • AdditionalSlaveSecurityGroups - A list of additional Amazon EC2' - ' security group IDs for the slave nodes.
      • ') + ' security group IDs for the slave nodes.' +) AUTO_TERMINATE = ( '

      Specifies whether the cluster should terminate after' - ' completing all the steps. Auto termination is off by default.

      ') + ' completing all the steps. Auto termination is off by default.

      ' +) TERMINATION_PROTECTED = ( '

      Specifies whether to lock the cluster to prevent the' ' Amazon EC2 instances from being terminated by API call,' - ' user intervention, or an error.

      ') + ' user intervention, or an error.

      ' +) SCALE_DOWN_BEHAVIOR = ( '

      Specifies the way that individual Amazon EC2 instances terminate' @@ -276,7 +296,8 @@ VISIBILITY = ( ' of the AWS account associated with the cluster. If a user' ' has the proper policy permissions set, they can also manage the cluster.

      ' '

      Visibility is on by default. The --no-visible-to-all-users option' - ' is no longer supported. To restrict cluster visibility, use an IAM policy.

      ') + ' is no longer supported. To restrict cluster visibility, use an IAM policy.

      ' +) DEBUGGING = ( '

      Specifies that the debugging tool is enabled for the cluster,' @@ -284,7 +305,8 @@ DEBUGGING = ( ' Turning debugging on requires that you specify --log-uri' ' because log files must be stored in Amazon S3 so that' ' Amazon EMR can index them for viewing in the console.' - ' Effective January 23, 2023, Amazon EMR will discontinue the debugging tool for all versions.

      ') + ' Effective January 23, 2023, Amazon EMR will discontinue the debugging tool for all versions.

      ' +) TAGS = ( '

      A list of tags to associate with a cluster, which apply to' @@ -294,7 +316,8 @@ TAGS = ( ' with a maximum of 256 characters.

      ' '

      You can specify tags in key=value format or you can add a' ' tag without a value using only the key name, for example key.' - ' Use a space to separate multiple tags.

      ') + ' Use a space to separate multiple tags.

      ' +) BOOTSTRAP_ACTIONS = ( '

      Specifies a list of bootstrap actions to run on each EC2 instance when' @@ -317,7 +340,8 @@ BOOTSTRAP_ACTIONS = ( ' to pass to the bootstrap action script. Arguments can be' ' either a list of values (Args=arg1,arg2,arg3)' ' or a list of key-value pairs, as well as optional values,' - ' enclosed in square brackets (Args=[arg1,arg2=arg2value,arg3]).') + ' enclosed in square brackets (Args=[arg1,arg2=arg2value,arg3]).' +) APPLICATIONS = ( '

      Specifies the applications to install on the cluster.' @@ -329,7 +353,8 @@ APPLICATIONS = ( ' some applications take optional arguments for configuration.' ' Arguments should either be a comma-separated list of values' ' (Args=arg1,arg2,arg3) or a bracket-enclosed list of values' - ' and key-value pairs (Args=[arg1,arg2=arg3,arg4]).

      ') + ' and key-value pairs (Args=[arg1,arg2=arg3,arg4]).

      ' +) EMR_FS = ( '

      Specifies EMRFS configuration options, such as consistent view' @@ -340,13 +365,15 @@ EMR_FS = ( ' to configure EMRFS, and use security configurations' ' to configure encryption for EMRFS data in Amazon S3 instead.' ' For more information, see the following topic in the Amazon EMR Management Guide:

      ' - '

      https://docs.aws.amazon.com/emr/latest/ManagementGuide/emrfs-configure-consistent-view.html

      ') + '

      https://docs.aws.amazon.com/emr/latest/ManagementGuide/emrfs-configure-consistent-view.html

      ' +) RESTORE_FROM_HBASE = ( '

      Applies only when using Amazon EMR release versions earlier than 4.0.' ' Launches a new HBase cluster and populates it with' ' data from a previous backup of an HBase cluster. HBase' - ' must be installed using the --applications option.

      ') + ' must be installed using the --applications option.

      ' +) STEPS = ( '

      Specifies a list of steps to be executed by the cluster. Steps run' @@ -356,27 +383,32 @@ STEPS = ( ' or by specifying an inline JSON structure. Args supplied with steps' ' should be a comma-separated list of values (Args=arg1,arg2,arg3) or' ' a bracket-enclosed list of values and key-value' - ' pairs (Args=[arg1,arg2=value,arg4).

      ') + ' pairs (Args=[arg1,arg2=value,arg4).

      ' +) INSTALL_APPLICATIONS = ( '

      The applications to be installed.' ' Takes the following parameters: ' - 'Name and Args.

      ') + 'Name and Args.

      ' +) EBS_ROOT_VOLUME_SIZE = ( '

      This option is available only with Amazon EMR version 4.x and later. Specifies the size,' ' in GiB, of the EBS root device volume of the Amazon Linux AMI' - ' that is used for each EC2 instance in the cluster.

      ') + ' that is used for each EC2 instance in the cluster.

      ' +) EBS_ROOT_VOLUME_IOPS = ( '

      This option is available only with Amazon EMR version 6.15.0 and later. Specifies the IOPS,' ' of the EBS root device volume of the Amazon Linux AMI' - ' that is used for each EC2 instance in the cluster.

      ') + ' that is used for each EC2 instance in the cluster.

      ' +) EBS_ROOT_VOLUME_THROUGHPUT = ( '

      This option is available only with Amazon EMR version 6.15.0 and later. Specifies the throughput,' ' in MiB/s, of the EBS root device volume of the Amazon Linux AMI' - ' that is used for each EC2 instance in the cluster.

      ') + ' that is used for each EC2 instance in the cluster.

      ' +) SECURITY_CONFIG = ( @@ -386,7 +418,8 @@ SECURITY_CONFIG = ( ' the following topic in the Amazon EMR Management Guide:

      ' '

      https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-encryption-enable-security-configuration.html

      ' '

      Use list-security-configurations to get a list of available' - ' security configurations in the active account.

      ') + ' security configurations in the active account.

      ' +) CUSTOM_AMI_ID = ( '

      Applies only to Amazon EMR release version 5.7.0 and later.' @@ -396,7 +429,8 @@ CUSTOM_AMI_ID = ( ' can also be used instead of bootstrap actions to customize' ' cluster node configurations. For more information, see' ' the following topic in the Amazon EMR Management Guide:

      ' - '

      https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-custom-ami.html

      ') + '

      https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-custom-ami.html

      ' +) REPO_UPGRADE_ON_BOOT = ( '

      Applies only when a --custom-ami-id is' @@ -405,24 +439,26 @@ REPO_UPGRADE_ON_BOOT = ( ' before other services start. You can set this parameter' ' using --rep-upgrade-on-boot NONE to' ' disable these updates. CAUTION: This creates additional' - ' security risks.

      ') + ' security risks.

      ' +) KERBEROS_ATTRIBUTES = ( - '

      Specifies required cluster attributes for Kerberos when Kerberos authentication' - ' is enabled in the specified --security-configuration.' - ' Takes the following arguments:

      ' - '
    • Realm - Specifies the name of the Kerberos' - ' realm to which all nodes in a cluster belong. For example,' - ' Realm=EC2.INTERNAL.
      • ' - '
    • KdcAdminPassword - Specifies the password used within the cluster' - ' for the kadmin service, which maintains Kerberos principals, password' - ' policies, and keytabs for the cluster.
      • ' - '
    • CrossRealmTrustPrincipalPassword - Required when establishing a cross-realm trust' - ' with a KDC in a different realm. This is the cross-realm principal password,' - ' which must be identical across realms.
      • ' - '
    • ADDomainJoinUser - Required when establishing trust with an Active Directory' - ' domain. This is the User logon name of an AD account with sufficient privileges to join resources to the domain.
      • ' - '
    • ADDomainJoinPassword - The AD password for ADDomainJoinUser.
      • ') + '

      Specifies required cluster attributes for Kerberos when Kerberos authentication' + ' is enabled in the specified --security-configuration.' + ' Takes the following arguments:

      ' + '
    • Realm - Specifies the name of the Kerberos' + ' realm to which all nodes in a cluster belong. For example,' + ' Realm=EC2.INTERNAL.
      • ' + '
    • KdcAdminPassword - Specifies the password used within the cluster' + ' for the kadmin service, which maintains Kerberos principals, password' + ' policies, and keytabs for the cluster.
      • ' + '
    • CrossRealmTrustPrincipalPassword - Required when establishing a cross-realm trust' + ' with a KDC in a different realm. This is the cross-realm principal password,' + ' which must be identical across realms.
      • ' + '
    • ADDomainJoinUser - Required when establishing trust with an Active Directory' + ' domain. This is the User logon name of an AD account with sufficient privileges to join resources to the domain.
      • ' + '
    • ADDomainJoinPassword - The AD password for ADDomainJoinUser.
      • ' +) # end create-cluster options help descriptions @@ -437,7 +473,8 @@ LIST_CLUSTERS_CLUSTER_STATES = ( '
    • WAITING
      • ' '
    • TERMINATING
      • ' '
    • TERMINATED
      • ' - '
    • TERMINATED_WITH_ERRORS
      • ') + '
    • TERMINATED_WITH_ERRORS
      • ' +) LIST_CLUSTERS_STATE_FILTERS = ( '

      Shortcut options for --cluster-states. The' @@ -446,41 +483,50 @@ LIST_CLUSTERS_STATE_FILTERS = ( ' are STARTING,BOOTSTRAPPING,' ' RUNNING, WAITING, or TERMINATING. ' '

    • --terminated - list only clusters that are TERMINATED.
      • ' - '
    • --failed - list only clusters that are TERMINATED_WITH_ERRORS.
      • ') + '
    • --failed - list only clusters that are TERMINATED_WITH_ERRORS.
      • ' +) LIST_CLUSTERS_CREATED_AFTER = ( '

      List only those clusters created after the date and time' ' specified in the format yyyy-mm-ddThh:mm:ss. For example,' - ' --created-after 2017-07-04T00:01:30.

      ') + ' --created-after 2017-07-04T00:01:30.

      ' +) LIST_CLUSTERS_CREATED_BEFORE = ( '

      List only those clusters created before the date and time' ' specified in the format yyyy-mm-ddThh:mm:ss. For example,' - ' --created-before 2017-07-04T00:01:30.

      ') + ' --created-before 2017-07-04T00:01:30.

      ' +) EMR_MANAGED_MASTER_SECURITY_GROUP = ( '

      The identifier of the Amazon EC2 security group ' - 'for the master node.

      ') + 'for the master node.

      ' +) EMR_MANAGED_SLAVE_SECURITY_GROUP = ( '

      The identifier of the Amazon EC2 security group ' - 'for the slave nodes.

      ') + 'for the slave nodes.

      ' +) SERVICE_ACCESS_SECURITY_GROUP = ( '

      The identifier of the Amazon EC2 security group ' - 'for Amazon EMR to access clusters in VPC private subnets.

      ') + 'for Amazon EMR to access clusters in VPC private subnets.

      ' +) ADDITIONAL_MASTER_SECURITY_GROUPS = ( '

      A list of additional Amazon EC2 security group IDs for ' - 'the master node

      ') + 'the master node

      ' +) ADDITIONAL_SLAVE_SECURITY_GROUPS = ( '

      A list of additional Amazon EC2 security group IDs for ' - 'the slave nodes.

      ') + 'the slave nodes.

      ' +) AVAILABLE_ONLY_FOR_AMI_VERSIONS = ( 'This command is only available when using Amazon EMR versions' - 'earlier than 4.0.') + 'earlier than 4.0.' +) STEP_CONCURRENCY_LEVEL = ( 'This command specifies the step concurrency level of the cluster.' @@ -498,10 +544,10 @@ MANAGED_SCALING_POLICY = ( ) PLACEMENT_GROUP_CONFIGS = ( - '

      Placement group configuration for an Amazon EMR ' - 'cluster. The configuration specifies the EC2 placement group ' - 'strategy associated with each EMR Instance Role.

      ' - '

      Currently, we support placement group only for MASTER ' + '

      Placement group configuration for an Amazon EMR ' + 'cluster. The configuration specifies the EC2 placement group ' + 'strategy associated with each EMR Instance Role.

      ' + '

      Currently, we support placement group only for MASTER ' 'role with SPREAD strategy by default. You can opt-in by ' 'passing --placement-group-configs InstanceRole=MASTER ' 'during cluster creation.

      ' @@ -522,3 +568,5 @@ EXECUTION_ROLE_ARN = ( UNHEALTHY_NODE_REPLACEMENT = ( '

      Unhealthy node replacement for an Amazon EMR cluster.

      ' ) + +EXTENDED_SUPPORT = '

      Reserved.

      ' diff -pruN 2.23.6-1/awscli/customizations/emr/installapplications.py 2.31.35-1/awscli/customizations/emr/installapplications.py --- 2.23.6-1/awscli/customizations/emr/installapplications.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/installapplications.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,41 +12,52 @@ # language governing permissions and limitations under the License. -from awscli.customizations.emr import applicationutils -from awscli.customizations.emr import argumentschema -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import helptext +from awscli.customizations.emr import ( + applicationutils, + argumentschema, + constants, + emrutils, + helptext, +) from awscli.customizations.emr.command import Command from awscli.customizations.exceptions import ParamValidationError class InstallApplications(Command): NAME = 'install-applications' - DESCRIPTION = ('Installs applications on a running cluster. Currently only' - ' Hive and Pig can be installed using this command, and' - ' this command is only supported by AMI versions' - ' (3.x and 2.x).') + DESCRIPTION = ( + 'Installs applications on a running cluster. Currently only' + ' Hive and Pig can be installed using this command, and' + ' this command is only supported by AMI versions' + ' (3.x and 2.x).' + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'applications', 'required': True, - 'help_text': helptext.INSTALL_APPLICATIONS, - 'schema': argumentschema.APPLICATIONS_SCHEMA}, + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'applications', + 'required': True, + 'help_text': helptext.INSTALL_APPLICATIONS, + 'schema': argumentschema.APPLICATIONS_SCHEMA, + }, ] # Applications supported by the install-applications command. supported_apps = ['HIVE', 'PIG'] def _run_main_command(self, parsed_args, parsed_globals): - parameters = {'JobFlowId': parsed_args.cluster_id} self._check_for_supported_apps(parsed_args.applications) parameters['Steps'] = applicationutils.build_applications( - self.region, parsed_args.applications)[2] + self.region, parsed_args.applications + )[2] - emrutils.call_and_display_response(self._session, 'AddJobFlowSteps', - parameters, parsed_globals) + emrutils.call_and_display_response( + self._session, 'AddJobFlowSteps', parameters, parsed_globals + ) return 0 def _check_for_supported_apps(self, parsed_applications): @@ -58,10 +69,12 @@ class InstallApplications(Command): raise ParamValidationError( "aws: error: " + app_config['Name'] + " cannot be" " installed on a running cluster. 'Name' should be one" - " of the following: " + - ', '.join(self.supported_apps)) + " of the following: " + ', '.join(self.supported_apps) + ) else: raise ParamValidationError( - "aws: error: Unknown application: " + app_config['Name'] + - ". 'Name' should be one of the following: " + - ', '.join(constants.APPLICATIONS)) + "aws: error: Unknown application: " + + app_config['Name'] + + ". 'Name' should be one of the following: " + + ', '.join(constants.APPLICATIONS) + ) diff -pruN 2.23.6-1/awscli/customizations/emr/instancefleetsutils.py 2.31.35-1/awscli/customizations/emr/instancefleetsutils.py --- 2.23.6-1/awscli/customizations/emr/instancefleetsutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/instancefleetsutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import constants -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import constants, exceptions def validate_and_build_instance_fleets(parsed_instance_fleets): @@ -31,41 +30,71 @@ def validate_and_build_instance_fleets(p instance_fleet_config['Name'] = instance_fleet['Name'] else: instance_fleet_config['Name'] = instance_fleet['InstanceFleetType'] - instance_fleet_config['InstanceFleetType'] = instance_fleet['InstanceFleetType'] + instance_fleet_config['InstanceFleetType'] = instance_fleet[ + 'InstanceFleetType' + ] if 'TargetOnDemandCapacity' in keys: - instance_fleet_config['TargetOnDemandCapacity'] = instance_fleet['TargetOnDemandCapacity'] + instance_fleet_config['TargetOnDemandCapacity'] = instance_fleet[ + 'TargetOnDemandCapacity' + ] if 'TargetSpotCapacity' in keys: - instance_fleet_config['TargetSpotCapacity'] = instance_fleet['TargetSpotCapacity'] + instance_fleet_config['TargetSpotCapacity'] = instance_fleet[ + 'TargetSpotCapacity' + ] if 'InstanceTypeConfigs' in keys: - instance_fleet_config['InstanceTypeConfigs'] = instance_fleet['InstanceTypeConfigs'] + instance_fleet_config['InstanceTypeConfigs'] = instance_fleet[ + 'InstanceTypeConfigs' + ] if 'LaunchSpecifications' in keys: - instanceFleetProvisioningSpecifications = instance_fleet['LaunchSpecifications'] + instanceFleetProvisioningSpecifications = instance_fleet[ + 'LaunchSpecifications' + ] instance_fleet_config['LaunchSpecifications'] = {} if 'SpotSpecification' in instanceFleetProvisioningSpecifications: - instance_fleet_config['LaunchSpecifications']['SpotSpecification'] = \ - instanceFleetProvisioningSpecifications['SpotSpecification'] - - if 'OnDemandSpecification' in instanceFleetProvisioningSpecifications: - instance_fleet_config['LaunchSpecifications']['OnDemandSpecification'] = \ - instanceFleetProvisioningSpecifications['OnDemandSpecification'] + instance_fleet_config['LaunchSpecifications'][ + 'SpotSpecification' + ] = instanceFleetProvisioningSpecifications[ + 'SpotSpecification' + ] + + if ( + 'OnDemandSpecification' + in instanceFleetProvisioningSpecifications + ): + instance_fleet_config['LaunchSpecifications'][ + 'OnDemandSpecification' + ] = instanceFleetProvisioningSpecifications[ + 'OnDemandSpecification' + ] if 'ResizeSpecifications' in keys: - instanceFleetResizeSpecifications = instance_fleet['ResizeSpecifications'] + instanceFleetResizeSpecifications = instance_fleet[ + 'ResizeSpecifications' + ] instance_fleet_config['ResizeSpecifications'] = {} if 'SpotResizeSpecification' in instanceFleetResizeSpecifications: - instance_fleet_config['ResizeSpecifications']['SpotResizeSpecification'] = \ - instanceFleetResizeSpecifications['SpotResizeSpecification'] + instance_fleet_config['ResizeSpecifications'][ + 'SpotResizeSpecification' + ] = instanceFleetResizeSpecifications[ + 'SpotResizeSpecification' + ] + + if ( + 'OnDemandResizeSpecification' + in instanceFleetResizeSpecifications + ): + instance_fleet_config['ResizeSpecifications'][ + 'OnDemandResizeSpecification' + ] = instanceFleetResizeSpecifications[ + 'OnDemandResizeSpecification' + ] - if 'OnDemandResizeSpecification' in instanceFleetResizeSpecifications: - instance_fleet_config['ResizeSpecifications']['OnDemandResizeSpecification'] = \ - instanceFleetResizeSpecifications['OnDemandResizeSpecification'] - if 'Context' in keys: instance_fleet_config['Context'] = instance_fleet['Context'] diff -pruN 2.23.6-1/awscli/customizations/emr/instancegroupsutils.py 2.31.35-1/awscli/customizations/emr/instancegroupsutils.py --- 2.23.6-1/awscli/customizations/emr/instancegroupsutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/instancegroupsutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import constants -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import constants, exceptions def build_instance_groups(parsed_instance_groups): @@ -44,7 +43,9 @@ def build_instance_groups(parsed_instanc ig_config['EbsConfiguration'] = instance_group['EbsConfiguration'] if 'AutoScalingPolicy' in keys: - ig_config['AutoScalingPolicy'] = instance_group['AutoScalingPolicy'] + ig_config['AutoScalingPolicy'] = instance_group[ + 'AutoScalingPolicy' + ] if 'Configurations' in keys: ig_config['Configurations'] = instance_group['Configurations'] @@ -56,8 +57,7 @@ def build_instance_groups(parsed_instanc return instance_groups -def _build_instance_group( - instance_type, instance_count, instance_group_type): +def _build_instance_group(instance_type, instance_count, instance_group_type): ig_config = {} ig_config['InstanceType'] = instance_type ig_config['InstanceCount'] = instance_count @@ -68,13 +68,14 @@ def _build_instance_group( def validate_and_build_instance_groups( - instance_groups, instance_type, instance_count): - if (instance_groups is None and instance_type is None): + instance_groups, instance_type, instance_count +): + if instance_groups is None and instance_type is None: raise exceptions.MissingRequiredInstanceGroupsError - if (instance_groups is not None and - (instance_type is not None or - instance_count is not None)): + if instance_groups is not None and ( + instance_type is not None or instance_count is not None + ): raise exceptions.InstanceGroupsValidationError if instance_groups is not None: @@ -84,13 +85,15 @@ def validate_and_build_instance_groups( master_ig = _build_instance_group( instance_type=instance_type, instance_count=1, - instance_group_type="MASTER") + instance_group_type="MASTER", + ) instance_groups.append(master_ig) if instance_count is not None and int(instance_count) > 1: core_ig = _build_instance_group( instance_type=instance_type, instance_count=int(instance_count) - 1, - instance_group_type="CORE") + instance_group_type="CORE", + ) instance_groups.append(core_ig) return instance_groups diff -pruN 2.23.6-1/awscli/customizations/emr/listclusters.py 2.31.35-1/awscli/customizations/emr/listclusters.py --- 2.23.6-1/awscli/customizations/emr/listclusters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/listclusters.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,41 +13,46 @@ from awscli.arguments import CustomArgument -from awscli.customizations.emr import helptext -from awscli.customizations.emr import exceptions -from awscli.customizations.emr import constants +from awscli.customizations.emr import constants, exceptions, helptext def modify_list_clusters_argument(argument_table, **kwargs): - argument_table['cluster-states'] = \ - ClusterStatesArgument( - name='cluster-states', - help_text=helptext.LIST_CLUSTERS_CLUSTER_STATES, - nargs='+') - argument_table['active'] = \ - ActiveStateArgument( - name='active', help_text=helptext.LIST_CLUSTERS_STATE_FILTERS, - action='store_true', group_name='states_filter') - argument_table['terminated'] = \ - TerminatedStateArgument( - name='terminated', - action='store_true', group_name='states_filter') - argument_table['failed'] = \ - FailedStateArgument( - name='failed', action='store_true', group_name='states_filter') + argument_table['cluster-states'] = ClusterStatesArgument( + name='cluster-states', + help_text=helptext.LIST_CLUSTERS_CLUSTER_STATES, + nargs='+', + ) + argument_table['active'] = ActiveStateArgument( + name='active', + help_text=helptext.LIST_CLUSTERS_STATE_FILTERS, + action='store_true', + group_name='states_filter', + ) + argument_table['terminated'] = TerminatedStateArgument( + name='terminated', action='store_true', group_name='states_filter' + ) + argument_table['failed'] = FailedStateArgument( + name='failed', action='store_true', group_name='states_filter' + ) argument_table['created-before'] = CreatedBefore( - name='created-before', help_text=helptext.LIST_CLUSTERS_CREATED_BEFORE, - cli_type_name='timestamp') + name='created-before', + help_text=helptext.LIST_CLUSTERS_CREATED_BEFORE, + cli_type_name='timestamp', + ) argument_table['created-after'] = CreatedAfter( - name='created-after', help_text=helptext.LIST_CLUSTERS_CREATED_AFTER, - cli_type_name='timestamp') + name='created-after', + help_text=helptext.LIST_CLUSTERS_CREATED_AFTER, + cli_type_name='timestamp', + ) class ClusterStatesArgument(CustomArgument): def add_to_params(self, parameters, value): if value is not None: - if (parameters.get('ClusterStates') is not None and - len(parameters.get('ClusterStates')) > 0): + if ( + parameters.get('ClusterStates') is not None + and len(parameters.get('ClusterStates')) > 0 + ): raise exceptions.ClusterStatesFilterValidationError() parameters['ClusterStates'] = value @@ -55,8 +60,10 @@ class ClusterStatesArgument(CustomArgume class ActiveStateArgument(CustomArgument): def add_to_params(self, parameters, value): if value is True: - if (parameters.get('ClusterStates') is not None and - len(parameters.get('ClusterStates')) > 0): + if ( + parameters.get('ClusterStates') is not None + and len(parameters.get('ClusterStates')) > 0 + ): raise exceptions.ClusterStatesFilterValidationError() parameters['ClusterStates'] = constants.LIST_CLUSTERS_ACTIVE_STATES @@ -64,18 +71,23 @@ class ActiveStateArgument(CustomArgument class TerminatedStateArgument(CustomArgument): def add_to_params(self, parameters, value): if value is True: - if (parameters.get('ClusterStates') is not None and - len(parameters.get('ClusterStates')) > 0): + if ( + parameters.get('ClusterStates') is not None + and len(parameters.get('ClusterStates')) > 0 + ): raise exceptions.ClusterStatesFilterValidationError() - parameters['ClusterStates'] = \ + parameters['ClusterStates'] = ( constants.LIST_CLUSTERS_TERMINATED_STATES + ) class FailedStateArgument(CustomArgument): def add_to_params(self, parameters, value): if value is True: - if (parameters.get('ClusterStates') is not None and - len(parameters.get('ClusterStates')) > 0): + if ( + parameters.get('ClusterStates') is not None + and len(parameters.get('ClusterStates')) > 0 + ): raise exceptions.ClusterStatesFilterValidationError() parameters['ClusterStates'] = constants.LIST_CLUSTERS_FAILED_STATES diff -pruN 2.23.6-1/awscli/customizations/emr/modifyclusterattributes.py 2.31.35-1/awscli/customizations/emr/modifyclusterattributes.py --- 2.23.6-1/awscli/customizations/emr/modifyclusterattributes.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/modifyclusterattributes.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,103 +11,176 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import exceptions -from awscli.customizations.emr import helptext +from awscli.customizations.emr import emrutils, exceptions, helptext from awscli.customizations.emr.command import Command class ModifyClusterAttr(Command): NAME = 'modify-cluster-attributes' - DESCRIPTION = ("Modifies the cluster attributes 'visible-to-all-users', " - " 'termination-protected' and 'unhealthy-node-replacement'.") + DESCRIPTION = ( + "Modifies the cluster attributes 'visible-to-all-users', " + " 'termination-protected' and 'unhealthy-node-replacement'." + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': helptext.CLUSTER_ID}, - {'name': 'visible-to-all-users', 'required': False, 'action': - 'store_true', 'group_name': 'visible', - 'help_text': helptext.VISIBILITY}, - {'name': 'no-visible-to-all-users', 'required': False, 'action': - 'store_true', 'group_name': 'visible', - 'help_text': helptext.VISIBILITY}, - {'name': 'termination-protected', 'required': False, 'action': - 'store_true', 'group_name': 'terminate', - 'help_text': 'Set termination protection on or off'}, - {'name': 'no-termination-protected', 'required': False, 'action': - 'store_true', 'group_name': 'terminate', - 'help_text': 'Set termination protection on or off'}, - {'name': 'auto-terminate', 'required': False, 'action': - 'store_true', 'group_name': 'auto_terminate', - 'help_text': 'Set cluster auto terminate after completing all the steps on or off'}, - {'name': 'no-auto-terminate', 'required': False, 'action': - 'store_true', 'group_name': 'auto_terminate', - 'help_text': 'Set cluster auto terminate after completing all the steps on or off'}, - {'name': 'unhealthy-node-replacement', 'required': False, 'action': - 'store_true', 'group_name': 'UnhealthyReplacement', - 'help_text': 'Set Unhealthy Node Replacement on or off'}, - {'name': 'no-unhealthy-node-replacement', 'required': False, 'action': - 'store_true', 'group_name': 'UnhealthyReplacement', - 'help_text': 'Set Unhealthy Node Replacement on or off'}, + { + 'name': 'cluster-id', + 'required': True, + 'help_text': helptext.CLUSTER_ID, + }, + { + 'name': 'visible-to-all-users', + 'required': False, + 'action': 'store_true', + 'group_name': 'visible', + 'help_text': helptext.VISIBILITY, + }, + { + 'name': 'no-visible-to-all-users', + 'required': False, + 'action': 'store_true', + 'group_name': 'visible', + 'help_text': helptext.VISIBILITY, + }, + { + 'name': 'termination-protected', + 'required': False, + 'action': 'store_true', + 'group_name': 'terminate', + 'help_text': 'Set termination protection on or off', + }, + { + 'name': 'no-termination-protected', + 'required': False, + 'action': 'store_true', + 'group_name': 'terminate', + 'help_text': 'Set termination protection on or off', + }, + { + 'name': 'auto-terminate', + 'required': False, + 'action': 'store_true', + 'group_name': 'auto_terminate', + 'help_text': 'Set cluster auto terminate after completing all the steps on or off', + }, + { + 'name': 'no-auto-terminate', + 'required': False, + 'action': 'store_true', + 'group_name': 'auto_terminate', + 'help_text': 'Set cluster auto terminate after completing all the steps on or off', + }, + { + 'name': 'unhealthy-node-replacement', + 'required': False, + 'action': 'store_true', + 'group_name': 'UnhealthyReplacement', + 'help_text': 'Set Unhealthy Node Replacement on or off', + }, + { + 'name': 'no-unhealthy-node-replacement', + 'required': False, + 'action': 'store_true', + 'group_name': 'UnhealthyReplacement', + 'help_text': 'Set Unhealthy Node Replacement on or off', + }, ] def _run_main_command(self, args, parsed_globals): - - if (args.visible_to_all_users and args.no_visible_to_all_users): + if args.visible_to_all_users and args.no_visible_to_all_users: raise exceptions.MutualExclusiveOptionError( option1='--visible-to-all-users', - option2='--no-visible-to-all-users') - if (args.termination_protected and args.no_termination_protected): + option2='--no-visible-to-all-users', + ) + if args.termination_protected and args.no_termination_protected: raise exceptions.MutualExclusiveOptionError( option1='--termination-protected', - option2='--no-termination-protected') - if (args.auto_terminate and args.no_auto_terminate): + option2='--no-termination-protected', + ) + if args.auto_terminate and args.no_auto_terminate: raise exceptions.MutualExclusiveOptionError( - option1='--auto-terminate', - option2='--no-auto-terminate') - if (args.unhealthy_node_replacement and args.no_unhealthy_node_replacement): + option1='--auto-terminate', option2='--no-auto-terminate' + ) + if ( + args.unhealthy_node_replacement + and args.no_unhealthy_node_replacement + ): raise exceptions.MutualExclusiveOptionError( option1='--unhealthy-node-replacement', - option2='--no-unhealthy-node-replacement') - if not(args.termination_protected or args.no_termination_protected or - args.visible_to_all_users or args.no_visible_to_all_users or - args.auto_terminate or args.no_auto_terminate or - args.unhealthy_node_replacement or args.no_unhealthy_node_replacement): + option2='--no-unhealthy-node-replacement', + ) + if not ( + args.termination_protected + or args.no_termination_protected + or args.visible_to_all_users + or args.no_visible_to_all_users + or args.auto_terminate + or args.no_auto_terminate + or args.unhealthy_node_replacement + or args.no_unhealthy_node_replacement + ): raise exceptions.MissingClusterAttributesError() - if (args.visible_to_all_users or args.no_visible_to_all_users): - visible = (args.visible_to_all_users and - not args.no_visible_to_all_users) - parameters = {'JobFlowIds': [args.cluster_id], - 'VisibleToAllUsers': visible} - emrutils.call_and_display_response(self._session, - 'SetVisibleToAllUsers', - parameters, parsed_globals) - - if (args.termination_protected or args.no_termination_protected): - protected = (args.termination_protected and - not args.no_termination_protected) - parameters = {'JobFlowIds': [args.cluster_id], - 'TerminationProtected': protected} - emrutils.call_and_display_response(self._session, - 'SetTerminationProtection', - parameters, parsed_globals) - - if (args.auto_terminate or args.no_auto_terminate): - auto_terminate = (args.auto_terminate and - not args.no_auto_terminate) - parameters = {'JobFlowIds': [args.cluster_id], - 'KeepJobFlowAliveWhenNoSteps': not auto_terminate} - emrutils.call_and_display_response(self._session, - 'SetKeepJobFlowAliveWhenNoSteps', - parameters, parsed_globals) - - if (args.unhealthy_node_replacement or args.no_unhealthy_node_replacement): - protected = (args.unhealthy_node_replacement and - not args.no_unhealthy_node_replacement) - parameters = {'JobFlowIds': [args.cluster_id], - 'UnhealthyNodeReplacement': protected} - emrutils.call_and_display_response(self._session, - 'SetUnhealthyNodeReplacement', - parameters, parsed_globals) + if args.visible_to_all_users or args.no_visible_to_all_users: + visible = ( + args.visible_to_all_users and not args.no_visible_to_all_users + ) + parameters = { + 'JobFlowIds': [args.cluster_id], + 'VisibleToAllUsers': visible, + } + emrutils.call_and_display_response( + self._session, + 'SetVisibleToAllUsers', + parameters, + parsed_globals, + ) + + if args.termination_protected or args.no_termination_protected: + protected = ( + args.termination_protected + and not args.no_termination_protected + ) + parameters = { + 'JobFlowIds': [args.cluster_id], + 'TerminationProtected': protected, + } + emrutils.call_and_display_response( + self._session, + 'SetTerminationProtection', + parameters, + parsed_globals, + ) + + if args.auto_terminate or args.no_auto_terminate: + auto_terminate = args.auto_terminate and not args.no_auto_terminate + parameters = { + 'JobFlowIds': [args.cluster_id], + 'KeepJobFlowAliveWhenNoSteps': not auto_terminate, + } + emrutils.call_and_display_response( + self._session, + 'SetKeepJobFlowAliveWhenNoSteps', + parameters, + parsed_globals, + ) + + if ( + args.unhealthy_node_replacement + or args.no_unhealthy_node_replacement + ): + protected = ( + args.unhealthy_node_replacement + and not args.no_unhealthy_node_replacement + ) + parameters = { + 'JobFlowIds': [args.cluster_id], + 'UnhealthyNodeReplacement': protected, + } + emrutils.call_and_display_response( + self._session, + 'SetUnhealthyNodeReplacement', + parameters, + parsed_globals, + ) return 0 diff -pruN 2.23.6-1/awscli/customizations/emr/ssh.py 2.31.35-1/awscli/customizations/emr/ssh.py --- 2.23.6-1/awscli/customizations/emr/ssh.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/ssh.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,25 +15,33 @@ import os import subprocess import tempfile -from awscli.customizations.emr import constants -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import sshutils +from awscli.customizations.emr import constants, emrutils, sshutils from awscli.customizations.emr.command import Command -KEY_PAIR_FILE_HELP_TEXT = '\nA value for the variable Key Pair File ' \ - 'can be set in the AWS CLI config file using the ' \ +KEY_PAIR_FILE_HELP_TEXT = ( + '\nA value for the variable Key Pair File ' + 'can be set in the AWS CLI config file using the ' '"aws configure set emr.key_pair_file " command.\n' +) class Socks(Command): NAME = 'socks' - DESCRIPTION = ('Create a socks tunnel on port 8157 from your machine ' - 'to the master.\n%s' % KEY_PAIR_FILE_HELP_TEXT) + DESCRIPTION = ( + 'Create a socks tunnel on port 8157 from your machine ' + 'to the master.\n%s' % KEY_PAIR_FILE_HELP_TEXT + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': 'Cluster Id of cluster you want to ssh into'}, - {'name': 'key-pair-file', 'required': True, - 'help_text': 'Private key file to use for login'}, + { + 'name': 'cluster-id', + 'required': True, + 'help_text': 'Cluster Id of cluster you want to ssh into', + }, + { + 'name': 'key-pair-file', + 'required': True, + 'help_text': 'Private key file to use for login', + }, ] def _run_main_command(self, parsed_args, parsed_globals): @@ -41,20 +49,36 @@ class Socks(Command): master_dns = sshutils.validate_and_find_master_dns( session=self._session, parsed_globals=parsed_globals, - cluster_id=parsed_args.cluster_id) + cluster_id=parsed_args.cluster_id, + ) key_file = parsed_args.key_pair_file sshutils.validate_ssh_with_key_file(key_file) f = tempfile.NamedTemporaryFile(delete=False) - if (emrutils.which('ssh') or emrutils.which('ssh.exe')): - command = ['ssh', '-o', 'StrictHostKeyChecking=no', '-o', - 'ServerAliveInterval=10', '-ND', '8157', '-i', - parsed_args.key_pair_file, constants.SSH_USER + - '@' + master_dns] + if emrutils.which('ssh') or emrutils.which('ssh.exe'): + command = [ + 'ssh', + '-o', + 'StrictHostKeyChecking=no', + '-o', + 'ServerAliveInterval=10', + '-ND', + '8157', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns, + ] else: - command = ['putty', '-ssh', '-i', parsed_args.key_pair_file, - constants.SSH_USER + '@' + master_dns, '-N', '-D', - '8157'] + command = [ + 'putty', + '-ssh', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns, + '-N', + '-D', + '8157', + ] print(' '.join(command)) rc = subprocess.call(command) @@ -66,35 +90,56 @@ class Socks(Command): class SSH(Command): NAME = 'ssh' - DESCRIPTION = ('SSH into master node of the cluster.\n%s' % - KEY_PAIR_FILE_HELP_TEXT) + DESCRIPTION = ( + 'SSH into master node of the cluster.\n%s' % KEY_PAIR_FILE_HELP_TEXT + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': 'Cluster Id of cluster you want to ssh into'}, - {'name': 'key-pair-file', 'required': True, - 'help_text': 'Private key file to use for login'}, - {'name': 'command', 'help_text': 'Command to execute on Master Node'} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': 'Cluster Id of cluster you want to ssh into', + }, + { + 'name': 'key-pair-file', + 'required': True, + 'help_text': 'Private key file to use for login', + }, + {'name': 'command', 'help_text': 'Command to execute on Master Node'}, ] def _run_main_command(self, parsed_args, parsed_globals): master_dns = sshutils.validate_and_find_master_dns( session=self._session, parsed_globals=parsed_globals, - cluster_id=parsed_args.cluster_id) + cluster_id=parsed_args.cluster_id, + ) key_file = parsed_args.key_pair_file sshutils.validate_ssh_with_key_file(key_file) f = tempfile.NamedTemporaryFile(delete=False) - if (emrutils.which('ssh') or emrutils.which('ssh.exe')): - command = ['ssh', '-o', 'StrictHostKeyChecking=no', '-o', - 'ServerAliveInterval=10', '-i', - parsed_args.key_pair_file, constants.SSH_USER + - '@' + master_dns, '-t'] + if emrutils.which('ssh') or emrutils.which('ssh.exe'): + command = [ + 'ssh', + '-o', + 'StrictHostKeyChecking=no', + '-o', + 'ServerAliveInterval=10', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns, + '-t', + ] if parsed_args.command: command.append(parsed_args.command) else: - command = ['putty', '-ssh', '-i', parsed_args.key_pair_file, - constants.SSH_USER + '@' + master_dns, '-t'] + command = [ + 'putty', + '-ssh', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns, + '-t', + ] if parsed_args.command: f.write(parsed_args.command) f.write('\nread -n1 -r -p "Command completed. Press any key."') @@ -110,33 +155,57 @@ class SSH(Command): class Put(Command): NAME = 'put' - DESCRIPTION = ('Put file onto the master node.\n%s' % - KEY_PAIR_FILE_HELP_TEXT) + DESCRIPTION = ( + 'Put file onto the master node.\n%s' % KEY_PAIR_FILE_HELP_TEXT + ) ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': 'Cluster Id of cluster you want to put file onto'}, - {'name': 'key-pair-file', 'required': True, - 'help_text': 'Private key file to use for login'}, - {'name': 'src', 'required': True, - 'help_text': 'Source file path on local machine'}, - {'name': 'dest', 'help_text': 'Destination file path on remote host'} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': 'Cluster Id of cluster you want to put file onto', + }, + { + 'name': 'key-pair-file', + 'required': True, + 'help_text': 'Private key file to use for login', + }, + { + 'name': 'src', + 'required': True, + 'help_text': 'Source file path on local machine', + }, + {'name': 'dest', 'help_text': 'Destination file path on remote host'}, ] def _run_main_command(self, parsed_args, parsed_globals): master_dns = sshutils.validate_and_find_master_dns( session=self._session, parsed_globals=parsed_globals, - cluster_id=parsed_args.cluster_id) + cluster_id=parsed_args.cluster_id, + ) key_file = parsed_args.key_pair_file sshutils.validate_scp_with_key_file(key_file) - if (emrutils.which('scp') or emrutils.which('scp.exe')): - command = ['scp', '-r', '-o StrictHostKeyChecking=no', - '-i', parsed_args.key_pair_file, parsed_args.src, - constants.SSH_USER + '@' + master_dns] + if emrutils.which('scp') or emrutils.which('scp.exe'): + command = [ + 'scp', + '-r', + '-o StrictHostKeyChecking=no', + '-i', + parsed_args.key_pair_file, + parsed_args.src, + constants.SSH_USER + '@' + master_dns, + ] else: - command = ['pscp', '-scp', '-r', '-i', parsed_args.key_pair_file, - parsed_args.src, constants.SSH_USER + '@' + master_dns] + command = [ + 'pscp', + '-scp', + '-r', + '-i', + parsed_args.key_pair_file, + parsed_args.src, + constants.SSH_USER + '@' + master_dns, + ] # if the instance is not terminated if parsed_args.dest: @@ -150,33 +219,53 @@ class Put(Command): class Get(Command): NAME = 'get' - DESCRIPTION = ('Get file from master node.\n%s' % KEY_PAIR_FILE_HELP_TEXT) + DESCRIPTION = 'Get file from master node.\n%s' % KEY_PAIR_FILE_HELP_TEXT ARG_TABLE = [ - {'name': 'cluster-id', 'required': True, - 'help_text': 'Cluster Id of cluster you want to get file from'}, - {'name': 'key-pair-file', 'required': True, - 'help_text': 'Private key file to use for login'}, - {'name': 'src', 'required': True, - 'help_text': 'Source file path on remote host'}, - {'name': 'dest', 'help_text': 'Destination file path on your machine'} + { + 'name': 'cluster-id', + 'required': True, + 'help_text': 'Cluster Id of cluster you want to get file from', + }, + { + 'name': 'key-pair-file', + 'required': True, + 'help_text': 'Private key file to use for login', + }, + { + 'name': 'src', + 'required': True, + 'help_text': 'Source file path on remote host', + }, + {'name': 'dest', 'help_text': 'Destination file path on your machine'}, ] def _run_main_command(self, parsed_args, parsed_globals): master_dns = sshutils.validate_and_find_master_dns( session=self._session, parsed_globals=parsed_globals, - cluster_id=parsed_args.cluster_id) + cluster_id=parsed_args.cluster_id, + ) key_file = parsed_args.key_pair_file sshutils.validate_scp_with_key_file(key_file) - if (emrutils.which('scp') or emrutils.which('scp.exe')): - command = ['scp', '-r', '-o StrictHostKeyChecking=no', '-i', - parsed_args.key_pair_file, constants.SSH_USER + '@' + - master_dns + ':' + parsed_args.src] + if emrutils.which('scp') or emrutils.which('scp.exe'): + command = [ + 'scp', + '-r', + '-o StrictHostKeyChecking=no', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns + ':' + parsed_args.src, + ] else: - command = ['pscp', '-scp', '-r', '-i', parsed_args.key_pair_file, - constants.SSH_USER + '@' + master_dns + ':' + - parsed_args.src] + command = [ + 'pscp', + '-scp', + '-r', + '-i', + parsed_args.key_pair_file, + constants.SSH_USER + '@' + master_dns + ':' + parsed_args.src, + ] if parsed_args.dest: command.append(parsed_args.dest) diff -pruN 2.23.6-1/awscli/customizations/emr/sshutils.py 2.31.35-1/awscli/customizations/emr/sshutils.py --- 2.23.6-1/awscli/customizations/emr/sshutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/sshutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,11 +13,10 @@ import logging -from awscli.customizations.emr import exceptions -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import constants from botocore.exceptions import WaiterError +from awscli.customizations.emr import constants, emrutils, exceptions + LOG = logging.getLogger(__name__) @@ -32,7 +31,8 @@ def validate_and_find_master_dns(session Throw MasterDNSNotAvailableError or ClusterTerminatedError. """ cluster_state = emrutils.get_cluster_state( - session, parsed_globals, cluster_id) + session, parsed_globals, cluster_id + ) if cluster_state in constants.TERMINATED_STATES: raise exceptions.ClusterTerminatedError @@ -48,21 +48,27 @@ def validate_and_find_master_dns(session raise exceptions.MasterDNSNotAvailableError return emrutils.find_master_dns( - session=session, cluster_id=cluster_id, - parsed_globals=parsed_globals) + session=session, cluster_id=cluster_id, parsed_globals=parsed_globals + ) def validate_ssh_with_key_file(key_file): - if (emrutils.which('putty.exe') or emrutils.which('ssh') or - emrutils.which('ssh.exe')) is None: + if ( + emrutils.which('putty.exe') + or emrutils.which('ssh') + or emrutils.which('ssh.exe') + ) is None: raise exceptions.SSHNotFoundError else: check_ssh_key_format(key_file) def validate_scp_with_key_file(key_file): - if (emrutils.which('pscp.exe') or emrutils.which('scp') or - emrutils.which('scp.exe')) is None: + if ( + emrutils.which('pscp.exe') + or emrutils.which('scp') + or emrutils.which('scp.exe') + ) is None: raise exceptions.SCPNotFoundError else: check_scp_key_format(key_file) @@ -70,8 +76,10 @@ def validate_scp_with_key_file(key_file) def check_scp_key_format(key_file): # If only pscp is present and the file format is incorrect - if (emrutils.which('pscp.exe') is not None and - (emrutils.which('scp.exe') or emrutils.which('scp')) is None): + if ( + emrutils.which('pscp.exe') is not None + and (emrutils.which('scp.exe') or emrutils.which('scp')) is None + ): if check_command_key_format(key_file, ['ppk']) is False: raise exceptions.WrongPuttyKeyError else: @@ -80,8 +88,10 @@ def check_scp_key_format(key_file): def check_ssh_key_format(key_file): # If only putty is present and the file format is incorrect - if (emrutils.which('putty.exe') is not None and - (emrutils.which('ssh.exe') or emrutils.which('ssh')) is None): + if ( + emrutils.which('putty.exe') is not None + and (emrutils.which('ssh.exe') or emrutils.which('ssh')) is None + ): if check_command_key_format(key_file, ['ppk']) is False: raise exceptions.WrongPuttyKeyError else: diff -pruN 2.23.6-1/awscli/customizations/emr/steputils.py 2.31.35-1/awscli/customizations/emr/steputils.py --- 2.23.6-1/awscli/customizations/emr/steputils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/steputils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,9 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import constants -from awscli.customizations.emr import exceptions +from awscli.customizations.emr import constants, emrutils, exceptions def build_step_config_list(parsed_step_list, region, release_label): @@ -29,23 +27,24 @@ def build_step_config_list(parsed_step_l step_config = build_custom_jar_step(parsed_step=step) elif step_type == constants.STREAMING: step_config = build_streaming_step( - parsed_step=step, release_label=release_label) + parsed_step=step, release_label=release_label + ) elif step_type == constants.HIVE: step_config = build_hive_step( - parsed_step=step, region=region, - release_label=release_label) + parsed_step=step, region=region, release_label=release_label + ) elif step_type == constants.PIG: step_config = build_pig_step( - parsed_step=step, region=region, - release_label=release_label) + parsed_step=step, region=region, release_label=release_label + ) elif step_type == constants.IMPALA: step_config = build_impala_step( - parsed_step=step, region=region, - release_label=release_label) + parsed_step=step, region=region, release_label=release_label + ) elif step_type == constants.SPARK: step_config = build_spark_step( - parsed_step=step, region=region, - release_label=release_label) + parsed_step=step, region=region, release_label=release_label + ) else: raise exceptions.UnknownStepTypeError(step_type=step_type) @@ -57,14 +56,17 @@ def build_step_config_list(parsed_step_l def build_custom_jar_step(parsed_step): name = _apply_default_value( arg=parsed_step.get('Name'), - value=constants.DEFAULT_CUSTOM_JAR_STEP_NAME) + value=constants.DEFAULT_CUSTOM_JAR_STEP_NAME, + ) action_on_failure = _apply_default_value( arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + value=constants.DEFAULT_FAILURE_ACTION, + ) emrutils.check_required_field( structure=constants.CUSTOM_JAR_STEP_CONFIG, name='Jar', - value=parsed_step.get('Jar')) + value=parsed_step.get('Jar'), + ) return emrutils.build_step( jar=parsed_step.get('Jar'), args=parsed_step.get('Args'), @@ -72,22 +74,25 @@ def build_custom_jar_step(parsed_step): action_on_failure=action_on_failure, main_class=parsed_step.get('MainClass'), properties=emrutils.parse_key_value_string( - parsed_step.get('Properties'))) + parsed_step.get('Properties') + ), + ) def build_streaming_step(parsed_step, release_label): name = _apply_default_value( arg=parsed_step.get('Name'), - value=constants.DEFAULT_STREAMING_STEP_NAME) + value=constants.DEFAULT_STREAMING_STEP_NAME, + ) action_on_failure = _apply_default_value( arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + value=constants.DEFAULT_FAILURE_ACTION, + ) args = parsed_step.get('Args') emrutils.check_required_field( - structure=constants.STREAMING_STEP_CONFIG, - name='Args', - value=args) + structure=constants.STREAMING_STEP_CONFIG, name='Args', value=args + ) emrutils.check_empty_string_list(name='Args', value=args) args_list = [] @@ -100,30 +105,30 @@ def build_streaming_step(parsed_step, re args_list += args return emrutils.build_step( - jar=jar, - args=args_list, - name=name, - action_on_failure=action_on_failure) + jar=jar, args=args_list, name=name, action_on_failure=action_on_failure + ) def build_hive_step(parsed_step, release_label, region=None): args = parsed_step.get('Args') emrutils.check_required_field( - structure=constants.HIVE_STEP_CONFIG, name='Args', value=args) + structure=constants.HIVE_STEP_CONFIG, name='Args', value=args + ) emrutils.check_empty_string_list(name='Args', value=args) name = _apply_default_value( - arg=parsed_step.get('Name'), - value=constants.DEFAULT_HIVE_STEP_NAME) - action_on_failure = \ - _apply_default_value( - arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + arg=parsed_step.get('Name'), value=constants.DEFAULT_HIVE_STEP_NAME + ) + action_on_failure = _apply_default_value( + arg=parsed_step.get('ActionOnFailure'), + value=constants.DEFAULT_FAILURE_ACTION, + ) return emrutils.build_step( jar=_get_runner_jar(release_label, region), args=_build_hive_args(args, release_label, region), name=name, - action_on_failure=action_on_failure) + action_on_failure=action_on_failure, + ) def _build_hive_args(args, release_label, region): @@ -131,8 +136,11 @@ def _build_hive_args(args, release_label if release_label: args_list.append(constants.HIVE_SCRIPT_COMMAND) else: - args_list.append(emrutils.build_s3_link( - relative_path=constants.HIVE_SCRIPT_PATH, region=region)) + args_list.append( + emrutils.build_s3_link( + relative_path=constants.HIVE_SCRIPT_PATH, region=region + ) + ) args_list.append(constants.RUN_HIVE_SCRIPT) @@ -149,20 +157,23 @@ def _build_hive_args(args, release_label def build_pig_step(parsed_step, release_label, region=None): args = parsed_step.get('Args') emrutils.check_required_field( - structure=constants.PIG_STEP_CONFIG, name='Args', value=args) + structure=constants.PIG_STEP_CONFIG, name='Args', value=args + ) emrutils.check_empty_string_list(name='Args', value=args) name = _apply_default_value( - arg=parsed_step.get('Name'), - value=constants.DEFAULT_PIG_STEP_NAME) + arg=parsed_step.get('Name'), value=constants.DEFAULT_PIG_STEP_NAME + ) action_on_failure = _apply_default_value( arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + value=constants.DEFAULT_FAILURE_ACTION, + ) return emrutils.build_step( jar=_get_runner_jar(release_label, region), args=_build_pig_args(args, release_label, region), name=name, - action_on_failure=action_on_failure) + action_on_failure=action_on_failure, + ) def _build_pig_args(args, release_label, region): @@ -170,8 +181,11 @@ def _build_pig_args(args, release_label, if release_label: args_list.append(constants.PIG_SCRIPT_COMMAND) else: - args_list.append(emrutils.build_s3_link( - relative_path=constants.PIG_SCRIPT_PATH, region=region)) + args_list.append( + emrutils.build_s3_link( + relative_path=constants.PIG_SCRIPT_PATH, region=region + ) + ) args_list.append(constants.RUN_PIG_SCRIPT) @@ -189,43 +203,51 @@ def build_impala_step(parsed_step, relea if release_label: raise exceptions.UnknownStepTypeError(step_type=constants.IMPALA) name = _apply_default_value( - arg=parsed_step.get('Name'), - value=constants.DEFAULT_IMPALA_STEP_NAME) + arg=parsed_step.get('Name'), value=constants.DEFAULT_IMPALA_STEP_NAME + ) action_on_failure = _apply_default_value( arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + value=constants.DEFAULT_FAILURE_ACTION, + ) args_list = [ emrutils.build_s3_link( - relative_path=constants.IMPALA_INSTALL_PATH, region=region), - constants.RUN_IMPALA_SCRIPT] + relative_path=constants.IMPALA_INSTALL_PATH, region=region + ), + constants.RUN_IMPALA_SCRIPT, + ] args = parsed_step.get('Args') emrutils.check_required_field( - structure=constants.IMPALA_STEP_CONFIG, name='Args', value=args) + structure=constants.IMPALA_STEP_CONFIG, name='Args', value=args + ) args_list += args return emrutils.build_step( jar=emrutils.get_script_runner(region), args=args_list, name=name, - action_on_failure=action_on_failure) + action_on_failure=action_on_failure, + ) def build_spark_step(parsed_step, release_label, region=None): name = _apply_default_value( - arg=parsed_step.get('Name'), - value=constants.DEFAULT_SPARK_STEP_NAME) + arg=parsed_step.get('Name'), value=constants.DEFAULT_SPARK_STEP_NAME + ) action_on_failure = _apply_default_value( arg=parsed_step.get('ActionOnFailure'), - value=constants.DEFAULT_FAILURE_ACTION) + value=constants.DEFAULT_FAILURE_ACTION, + ) args = parsed_step.get('Args') emrutils.check_required_field( - structure=constants.SPARK_STEP_CONFIG, name='Args', value=args) + structure=constants.SPARK_STEP_CONFIG, name='Args', value=args + ) return emrutils.build_step( jar=_get_runner_jar(release_label, region), args=_build_spark_args(args, release_label, region), name=name, - action_on_failure=action_on_failure) + action_on_failure=action_on_failure, + ) def _build_spark_args(args, release_label, region): @@ -247,5 +269,8 @@ def _apply_default_value(arg, value): def _get_runner_jar(release_label, region): - return constants.COMMAND_RUNNER if release_label \ + return ( + constants.COMMAND_RUNNER + if release_label else emrutils.get_script_runner(region) + ) diff -pruN 2.23.6-1/awscli/customizations/emr/terminateclusters.py 2.31.35-1/awscli/customizations/emr/terminateclusters.py --- 2.23.6-1/awscli/customizations/emr/terminateclusters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emr/terminateclusters.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,23 +12,26 @@ # language governing permissions and limitations under the License. -from awscli.customizations.emr import emrutils -from awscli.customizations.emr import helptext +from awscli.customizations.emr import emrutils, helptext from awscli.customizations.emr.command import Command class TerminateClusters(Command): NAME = 'terminate-clusters' DESCRIPTION = helptext.TERMINATE_CLUSTERS - ARG_TABLE = [{ - 'name': 'cluster-ids', 'nargs': '+', 'required': True, - 'help_text': '

      A list of clusters to terminate.

      ', - 'schema': {'type': 'array', 'items': {'type': 'string'}}, - }] + ARG_TABLE = [ + { + 'name': 'cluster-ids', + 'nargs': '+', + 'required': True, + 'help_text': '

      A list of clusters to terminate.

      ', + 'schema': {'type': 'array', 'items': {'type': 'string'}}, + } + ] def _run_main_command(self, parsed_args, parsed_globals): parameters = {'JobFlowIds': parsed_args.cluster_ids} - emrutils.call_and_display_response(self._session, - 'TerminateJobFlows', parameters, - parsed_globals) + emrutils.call_and_display_response( + self._session, 'TerminateJobFlows', parameters, parsed_globals + ) return 0 diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/__init__.py 2.31.35-1/awscli/customizations/emrcontainers/__init__.py --- 2.23.6-1/awscli/customizations/emrcontainers/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,15 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.emrcontainers.update_role_trust_policy \ - import UpdateRoleTrustPolicyCommand +from awscli.customizations.emrcontainers.create_role_associations import ( + CreateRoleAssociationsCommand, +) +from awscli.customizations.emrcontainers.delete_role_associations import ( + DeleteRoleAssociationsCommand, +) +from awscli.customizations.emrcontainers.update_role_trust_policy import ( + UpdateRoleTrustPolicyCommand, +) def initialize(cli): @@ -28,4 +35,11 @@ def inject_commands(command_table, sessi Used to inject new high level commands into the command list. """ command_table['update-role-trust-policy'] = UpdateRoleTrustPolicyCommand( - session) + session + ) + command_table['create-role-associations'] = CreateRoleAssociationsCommand( + session + ) + command_table['delete-role-associations'] = DeleteRoleAssociationsCommand( + session + ) diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/base36.py 2.31.35-1/awscli/customizations/emrcontainers/base36.py --- 2.23.6-1/awscli/customizations/emrcontainers/base36.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/base36.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. -class Base36(object): +class Base36: def str_to_int(self, request): """Method to convert given string into decimal representation""" result = 0 diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/constants.py 2.31.35-1/awscli/customizations/emrcontainers/constants.py --- 2.23.6-1/awscli/customizations/emrcontainers/constants.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/constants.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,24 +14,37 @@ # Declare all the constants used by Lifecycle in this file # Lifecycle role names -TRUST_POLICY_STATEMENT_FORMAT = '{ \ +from enum import Enum + +TRUST_POLICY_STATEMENT_FORMAT = ( + '{ \ "Effect": "Allow", \ "Principal": { \ - "Federated": "arn:%(AWS_PARTITION)s:iam::%(AWS_ACCOUNT_ID)s:oidc-provider/' \ - '%(OIDC_PROVIDER)s" \ + "Federated": "arn:%(AWS_PARTITION)s:iam::%(AWS_ACCOUNT_ID)s:oidc-provider/' + '%(OIDC_PROVIDER)s" \ }, \ "Action": "sts:AssumeRoleWithWebIdentity", \ "Condition": { \ "StringLike": { \ - "%(OIDC_PROVIDER)s:sub": "system:serviceaccount:%(NAMESPACE)s' \ - ':emr-containers-sa-*-*-%(AWS_ACCOUNT_ID)s-' \ - '%(BASE36_ENCODED_ROLE_NAME)s" \ + "%(OIDC_PROVIDER)s:sub": "system:serviceaccount:%(NAMESPACE)s' + ':emr-containers-sa-*-*-%(AWS_ACCOUNT_ID)s-' + '%(BASE36_ENCODED_ROLE_NAME)s" \ } \ } \ }' +) -TRUST_POLICY_STATEMENT_ALREADY_EXISTS = "Trust policy statement already " \ - "exists for role %s. No changes " \ - "were made!" +TRUST_POLICY_STATEMENT_ALREADY_EXISTS = ( + "Trust policy statement already exists for role %s. No changes were made!" +) TRUST_POLICY_UPDATE_SUCCESSFUL = "Successfully updated trust policy of role %s" + +SERVICE_ACCOUNT_NAMING = "emr-containers-sa-%(FRAMEWORK)s-%(COMPONENT)s-%(AWS_ACCOUNT_ID)s-%(BASE36_ENCODED_ROLE_NAME)s" + + +class ServiceAccount(Enum): + SPARK_OPERATOR_SERVICE_ACCOUNT = "emr-containers-sa-spark-operator" + FLINK_OPERATOR_SERVICE_ACCOUNT = "emr-containers-sa-flink-operator" + LIVY_SERVICE_ACCOUNT = "emr-containers-sa-livy" + LIVY_SPARK_SERVICE_ACCOUNT = "emr-container-sa-spark-livy" diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/create_role_associations.py 2.31.35-1/awscli/customizations/emrcontainers/create_role_associations.py --- 2.23.6-1/awscli/customizations/emrcontainers/create_role_associations.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/create_role_associations.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,307 @@ +# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +import json +import logging +import sys + +import botocore + +from awscli.customizations.commands import BasicCommand +from awscli.customizations.emrcontainers.base36 import Base36 +from awscli.customizations.emrcontainers.constants import ( + SERVICE_ACCOUNT_NAMING, + ServiceAccount, +) +from awscli.customizations.emrcontainers.eks import EKS +from awscli.customizations.emrcontainers.utils import get_region +from awscli.customizations.utils import get_policy_arn_suffix, uni_print + +LOG = logging.getLogger(__name__) + + +class CreateRoleAssociationsCommand(BasicCommand): + NAME = "create-role-associations" + + DESCRIPTION = BasicCommand.FROM_FILE( + "emr-containers", "create-role-associations", "_description.rst" + ) + + ARG_TABLE = [ + { + "name": "cluster-name", + "help_text": ( + "Specify the name of the Amazon EKS cluster with " + "which the IAM Role would be associated." + ), + "required": True, + }, + { + "name": "namespace", + "help_text": ( + "Specify the job/application namespace from the Amazon EKS cluster " + "with which the IAM Role would be associated." + ), + "required": True, + }, + { + "name": "role-name", + "help_text": ( + "Specify the IAM Role name that you want to associate " + "with Amazon EMR on EKS." + ), + "required": True, + }, + { + "name": "type", + "help_text": ( + "Specify the Amazon EMR on EKS submission model and choose service accounts that you want to associate " + "with Amazon EMR on EKS. The default is start_job_run. Supported types: start_job_run, " + "interactive_endpoint, spark_operator, flink_operator, livy." + ), + "required": False, + "choices": [ + "start_job_run", + "interactive_endpoint", + "spark_operator", + "flink_operator", + "livy", + ], + }, + { + "name": "operator-namespace", + "help_text": ( + "Specify the namespace that you want to associate the operator service account " + "with the IAM role. Default to the job/application namespace specified. Note: " + "If jobs are running in a different namespace than the operator installation namespace, " + "this parameter needs to be set as the namespace that the operator is running on." + ), + "required": False, + }, + { + "name": "service-account-name", + "help_text": ( + "Specify the service account name that you want to associate with the IAM role. " + "By default, Amazon EMR on EKS service accounts will be used for association." + ), + "required": False, + }, + ] + + def _run_main(self, parsed_args, parsed_globals): + """Call to run the commands""" + + self._cluster_name = parsed_args.cluster_name + self._namespace = parsed_args.namespace + self._role_name = parsed_args.role_name + self._type = parsed_args.type or "start_job_run" + self._operator_namespace = parsed_args.operator_namespace + self._service_account_name = parsed_args.service_account_name + self._region = get_region(self._session, parsed_globals) + + result = self._create_role_associations(parsed_globals) + if result: + uni_print(json.dumps(result, indent=4)) + + return 0 + + def _create_role_associations(self, parsed_globals): + """Method to create role associations if not done already""" + eks_client = EKS( + self._session.create_client( + "eks", + region_name=self._region, + verify=parsed_globals.verify_ssl, + ) + ) + account_id = eks_client.get_account_id(self._cluster_name) + role_arn = f"arn:{get_policy_arn_suffix(self._region)}:iam::{account_id}:role/{self._role_name}" + + results = [] + # If service account provided, create association with provided service account and role + if self._service_account_name: + service_account_namespace_mapping = [ + (self._service_account_name, self._namespace) + ] + else: + # By default, create associations with EMR on EKS service accounts + base36 = Base36() + + base36_encoded_role_name = base36.encode(self._role_name) + LOG.debug(f"Base36 encoded role name: {base36_encoded_role_name}") + service_account_namespace_mapping = ( + self._get_emr_service_account_namespace_mapping( + account_id, base36_encoded_role_name + ) + ) + + for ( + service_account_name, + namespace, + ) in service_account_namespace_mapping: + LOG.debug( + f"Creating pod identity association for service account {service_account_name} and " + + f"role {self._role_name} in namespace {namespace}" + ) + try: + result = eks_client.create_pod_identity_association( + self._cluster_name, + namespace, + role_arn, + service_account_name, + ) + results.append( + result["association"] + if "association" in result + else result + ) + except botocore.exceptions.ClientError as error: + # Raise the error if EKS throws exceptions other than ResourceInUseException + if error.response["Error"]["Code"] != "ResourceInUseException": + for result in results: + uni_print( + f"Rolling back association for service account {service_account_name} " + f"and role {self._role_name} in namespace {namespace} as an error was encountered\n", + out_file=sys.stderr, + ) + eks_client.delete_pod_identity_association( + cluster_name=result["clusterName"], + association_id=result["associationId"], + ) + raise Exception( + f"Failed to create pod identity association for service account {service_account_name}, " + f"role {self._role_name} in namespace {namespace}: {error.response['Error']['Message']}" + ) from error + uni_print( + f"Skipping pod identity association creation because pod identity association already exists for " + f"service account {service_account_name} and role {self._role_name} in namespace {namespace}: " + f"{error.response['Error']['Message']}\n", + out_file=sys.stderr, + ) + return results + + def _get_emr_service_account_namespace_mapping( + self, account_id, base36_encoded_role_name + ): + return getattr(self, f"_get_{self._type}_mapping")( + account_id, base36_encoded_role_name + ) + + def _get_start_job_run_mapping(self, account_id, base36_encoded_role_name): + emr_spark_components = ["client", "driver", "executor"] + return [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_components + ] + + def _get_interactive_endpoint_mapping( + self, account_id, base36_encoded_role_name + ): + emr_spark_endpoint_components = ["jeg", "jeg-kernel", "session"] + return [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_endpoint_components + ] + + def _get_spark_operator_mapping( + self, account_id, base36_encoded_role_name + ): + emr_spark_operator_components = ["driver", "executor"] + service_accounts = [ + ( + ServiceAccount.SPARK_OPERATOR_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ) + ] + service_accounts.extend( + [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_operator_components + ] + ) + return service_accounts + + def _get_flink_operator_mapping( + self, account_id, base36_encoded_role_name + ): + emr_flink_operator_components = ["jobmanager", "taskmanager"] + service_accounts = [ + ( + ServiceAccount.FLINK_OPERATOR_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ) + ] + service_accounts.extend( + [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "flink", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_flink_operator_components + ] + ) + return service_accounts + + def _get_livy_mapping(self, account_id, base36_encoded_role_name): + return [ + ( + ServiceAccount.LIVY_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ), + (ServiceAccount.LIVY_SPARK_SERVICE_ACCOUNT.value, self._namespace), + ] diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/delete_role_associations.py 2.31.35-1/awscli/customizations/emrcontainers/delete_role_associations.py --- 2.23.6-1/awscli/customizations/emrcontainers/delete_role_associations.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/delete_role_associations.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,298 @@ +# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +import json +import logging +import sys + +import botocore + +from awscli.customizations.commands import BasicCommand +from awscli.customizations.emrcontainers.base36 import Base36 +from awscli.customizations.emrcontainers.constants import ( + SERVICE_ACCOUNT_NAMING, + ServiceAccount, +) +from awscli.customizations.emrcontainers.eks import EKS +from awscli.customizations.emrcontainers.utils import get_region +from awscli.customizations.utils import uni_print + +LOG = logging.getLogger(__name__) + + +class DeleteRoleAssociationsCommand(BasicCommand): + NAME = "delete-role-associations" + + DESCRIPTION = BasicCommand.FROM_FILE( + "emr-containers", "delete-role-associations", "_description.rst" + ) + + ARG_TABLE = [ + { + "name": "cluster-name", + "help_text": ( + "Specify the name of the Amazon EKS cluster with " + "which the IAM Role would be dissociated." + ), + "required": True, + }, + { + "name": "namespace", + "help_text": ( + "Specify the job/application namespace from the Amazon EKS cluster " + "with which the IAM Role would be dissociated." + ), + "required": True, + }, + { + "name": "role-name", + "help_text": ( + "Specify the IAM Role name that you want to dissociate " + "with Amazon EMR on EKS." + ), + "required": True, + }, + { + "name": "type", + "help_text": ( + "Specify the Amazon EMR on EKS submission model and choose service accounts that you want to " + "dissociate from Amazon EMR on EKS. The default is start_job_run. Supported types: start_job_run, " + "interactive_endpoint, spark_operator, flink_operator, livy." + ), + "required": False, + "choices": [ + "start_job_run", + "interactive_endpoint", + "spark_operator", + "flink_operator", + "livy", + ], + }, + { + "name": "operator-namespace", + "help_text": ( + "Specify the namespace under which you want to dissociate the operator service account " + "from the IAM role. Default to the job/application namespace specified. Note: If jobs are running " + "in a different namespace than the operator installation namespace, this parameter needs to be set as " + "the namespace that the operator is running on." + ), + "required": False, + }, + { + "name": "service-account-name", + "help_text": ( + "Specify the service account name that you want to dissociate with the IAM role. " + "By default, Amazon EMR on EKS service accounts will be used for association." + ), + "required": False, + }, + ] + + def _run_main(self, parsed_args, parsed_globals): + """Call to run the commands""" + + self._cluster_name = parsed_args.cluster_name + self._namespace = parsed_args.namespace + self._role_name = parsed_args.role_name + self._type = parsed_args.type or "start_job_run" + self._operator_namespace = parsed_args.operator_namespace + self._service_account_name = parsed_args.service_account_name + self._region = get_region(self._session, parsed_globals) + + result = self._delete_role_associations(parsed_globals) + if result: + uni_print(json.dumps(result, indent=4)) + + return 0 + + def _delete_role_associations(self, parsed_globals): + """Method to delete role associations if not done already""" + eks_client = EKS( + self._session.create_client( + "eks", + region_name=self._region, + verify=parsed_globals.verify_ssl, + ) + ) + account_id = eks_client.get_account_id(self._cluster_name) + + results = [] + # If service account provided, delete association with provided service account and role + if self._service_account_name: + service_account_namespace_mapping = [ + (self._service_account_name, self._namespace) + ] + else: + # By default, delete associations with EMR on EKS service accounts + base36 = Base36() + + base36_encoded_role_name = base36.encode(self._role_name) + LOG.debug(f"Base36 encoded role name: {base36_encoded_role_name}") + service_account_namespace_mapping = ( + self._get_emr_service_account_namespace_mapping( + account_id, base36_encoded_role_name + ) + ) + + for ( + service_account_name, + namespace, + ) in service_account_namespace_mapping: + try: + association = eks_client.list_pod_identity_associations( + self._cluster_name, namespace, service_account_name + ) + if not association.get("associations", []): + uni_print( + f"Skipping deletion as no pod identity association found for service account {service_account_name} " + f"and role {self._role_name} in namespace {namespace}\n", + out_file=sys.stderr, + ) + continue + association_id = association["associations"][0][ + "associationId" + ] + LOG.debug( + f"Deleting pod identity association for service account {service_account_name} " + f"and role {self._role_name} in {namespace} with association id {association_id}" + ) + result = eks_client.delete_pod_identity_association( + self._cluster_name, association_id + ) + results.append( + result["association"] + if "association" in result + else result + ) + except botocore.exceptions.ClientError as error: + raise Exception( + f"Failed to delete pod identity association for service account {service_account_name}, " + f"role {self._role_name} in namespace {namespace}: {error.response['Error']['Message']}" + ) from error + return results + + def _get_emr_service_account_namespace_mapping( + self, account_id, base36_encoded_role_name + ): + return getattr(self, f"_get_{self._type}_mapping")( + account_id, base36_encoded_role_name + ) + + def _get_start_job_run_mapping(self, account_id, base36_encoded_role_name): + emr_spark_components = ["client", "driver", "executor"] + return [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_components + ] + + def _get_interactive_endpoint_mapping( + self, account_id, base36_encoded_role_name + ): + emr_spark_endpoint_components = ["jeg", "jeg-kernel", "session"] + return [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_endpoint_components + ] + + def _get_spark_operator_mapping( + self, account_id, base36_encoded_role_name + ): + emr_spark_operator_components = ["driver", "executor"] + service_accounts = [ + ( + ServiceAccount.SPARK_OPERATOR_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ) + ] + service_accounts.extend( + [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "spark", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_spark_operator_components + ] + ) + return service_accounts + + def _get_flink_operator_mapping( + self, account_id, base36_encoded_role_name + ): + emr_flink_operator_components = ["jobmanager", "taskmanager"] + service_accounts = [ + ( + ServiceAccount.FLINK_OPERATOR_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ) + ] + service_accounts.extend( + [ + ( + SERVICE_ACCOUNT_NAMING + % { + "FRAMEWORK": "flink", + "COMPONENT": component, + "AWS_ACCOUNT_ID": account_id, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + }, + self._namespace, + ) + for component in emr_flink_operator_components + ] + ) + return service_accounts + + def _get_livy_mapping(self, account_id, base36_encoded_role_name): + return [ + ( + ServiceAccount.LIVY_SERVICE_ACCOUNT.value, + ( + self._operator_namespace + if self._operator_namespace + else self._namespace + ), + ), + (ServiceAccount.LIVY_SPARK_SERVICE_ACCOUNT.value, self._namespace), + ] diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/eks.py 2.31.35-1/awscli/customizations/emrcontainers/eks.py --- 2.23.6-1/awscli/customizations/emrcontainers/eks.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/eks.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. -class EKS(object): +class EKS: def __init__(self, eks_client): self.eks_client = eks_client self.cluster_info = {} @@ -24,8 +24,13 @@ class EKS(object): name=cluster_name ) - oidc_issuer = self.cluster_info[cluster_name].get("cluster", {}).get( - "identity", {}).get("oidc", {}).get("issuer", "") + oidc_issuer = ( + self.cluster_info[cluster_name] + .get("cluster", {}) + .get("identity", {}) + .get("oidc", {}) + .get("issuer", "") + ) return oidc_issuer.split('https://')[1] @@ -36,7 +41,32 @@ class EKS(object): name=cluster_name ) - cluster_arn = self.cluster_info[cluster_name].get("cluster", {}).get( - "arn", "") + cluster_arn = ( + self.cluster_info[cluster_name].get("cluster", {}).get("arn", "") + ) return cluster_arn.split(':')[4] + + def create_pod_identity_association( + self, cluster_name, namespace, role_arn, service_account + ): + return self.eks_client.create_pod_identity_association( + clusterName=cluster_name, + namespace=namespace, + roleArn=role_arn, + serviceAccount=service_account, + ) + + def delete_pod_identity_association(self, cluster_name, association_id): + return self.eks_client.delete_pod_identity_association( + clusterName=cluster_name, associationId=association_id + ) + + def list_pod_identity_associations( + self, cluster_name, namespace, service_account + ): + return self.eks_client.list_pod_identity_associations( + clusterName=cluster_name, + namespace=namespace, + serviceAccount=service_account, + ) diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/iam.py 2.31.35-1/awscli/customizations/emrcontainers/iam.py --- 2.23.6-1/awscli/customizations/emrcontainers/iam.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/iam.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,7 @@ import json -class IAM(object): +class IAM: def __init__(self, iam_client): self.iam_client = iam_client @@ -26,6 +26,5 @@ class IAM(object): def update_assume_role_policy(self, role_name, assume_role_policy): """Method to update trust policy of given role name""" return self.iam_client.update_assume_role_policy( - RoleName=role_name, - PolicyDocument=json.dumps(assume_role_policy) + RoleName=role_name, PolicyDocument=json.dumps(assume_role_policy) ) diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/update_role_trust_policy.py 2.31.35-1/awscli/customizations/emrcontainers/update_role_trust_policy.py --- 2.23.6-1/awscli/customizations/emrcontainers/update_role_trust_policy.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/update_role_trust_policy.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,28 +15,20 @@ import json import logging from awscli.customizations.commands import BasicCommand -from awscli.customizations.emrcontainers.constants \ - import TRUST_POLICY_STATEMENT_FORMAT, \ - TRUST_POLICY_STATEMENT_ALREADY_EXISTS, \ - TRUST_POLICY_UPDATE_SUCCESSFUL from awscli.customizations.emrcontainers.base36 import Base36 +from awscli.customizations.emrcontainers.constants import ( + TRUST_POLICY_STATEMENT_ALREADY_EXISTS, + TRUST_POLICY_STATEMENT_FORMAT, + TRUST_POLICY_UPDATE_SUCCESSFUL, +) from awscli.customizations.emrcontainers.eks import EKS from awscli.customizations.emrcontainers.iam import IAM -from awscli.customizations.utils import uni_print, get_policy_arn_suffix +from awscli.customizations.emrcontainers.utils import get_region +from awscli.customizations.utils import get_policy_arn_suffix, uni_print LOG = logging.getLogger(__name__) -# Method to parse the arguments to get the region value -def get_region(session, parsed_globals): - region = parsed_globals.region - - if region is None: - region = session.get_config_variable('region') - - return region - - def check_if_statement_exists(expected_statement, actual_assume_role_document): if actual_assume_role_document is None: return False @@ -71,48 +63,56 @@ class UpdateRoleTrustPolicyCommand(Basic NAME = 'update-role-trust-policy' DESCRIPTION = BasicCommand.FROM_FILE( - 'emr-containers', - 'update-role-trust-policy', - '_description.rst' + 'emr-containers', 'update-role-trust-policy', '_description.rst' ) ARG_TABLE = [ { 'name': 'cluster-name', - 'help_text': ("Specify the name of the Amazon EKS cluster with " - "which the IAM Role would be used."), - 'required': True + 'help_text': ( + "Specify the name of the Amazon EKS cluster with " + "which the IAM Role would be used." + ), + 'required': True, }, { 'name': 'namespace', - 'help_text': ("Specify the namespace from the Amazon EKS cluster " - "with which the IAM Role would be used."), - 'required': True + 'help_text': ( + "Specify the namespace from the Amazon EKS cluster " + "with which the IAM Role would be used." + ), + 'required': True, }, { 'name': 'role-name', - 'help_text': ("Specify the IAM Role name that you want to use" - "with Amazon EMR on EKS."), - 'required': True + 'help_text': ( + "Specify the IAM Role name that you want to use" + "with Amazon EMR on EKS." + ), + 'required': True, }, { 'name': 'iam-endpoint', 'no_paramfile': True, - 'help_text': ("The IAM endpoint to call for updating the role " - "trust policy. This is optional and should only be" - "specified when a custom endpoint should be called" - "for IAM operations."), - 'required': False + 'help_text': ( + "The IAM endpoint to call for updating the role " + "trust policy. This is optional and should only be" + "specified when a custom endpoint should be called" + "for IAM operations." + ), + 'required': False, }, { 'name': 'dry-run', 'action': 'store_true', 'default': False, - 'help_text': ("Print the merged trust policy document to" - "stdout instead of updating the role trust" - "policy directly."), - 'required': False - } + 'help_text': ( + "Print the merged trust policy document to" + "stdout instead of updating the role trust" + "policy directly." + ), + 'required': False, + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -136,42 +136,55 @@ class UpdateRoleTrustPolicyCommand(Basic base36 = Base36() - eks_client = EKS(self._session.create_client( - 'eks', - region_name=self._region, - verify=parsed_globals.verify_ssl - )) + eks_client = EKS( + self._session.create_client( + 'eks', + region_name=self._region, + verify=parsed_globals.verify_ssl, + ) + ) account_id = eks_client.get_account_id(self._cluster_name) oidc_provider = eks_client.get_oidc_issuer_id(self._cluster_name) base36_encoded_role_name = base36.encode(self._role_name) LOG.debug('Base36 encoded role name: %s', base36_encoded_role_name) - trust_policy_statement = json.loads(TRUST_POLICY_STATEMENT_FORMAT % { - "AWS_ACCOUNT_ID": account_id, - "OIDC_PROVIDER": oidc_provider, - "NAMESPACE": self._namespace, - "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, - "AWS_PARTITION": get_policy_arn_suffix(self._region) - }) - - LOG.debug('Computed Trust Policy Statement:\n%s', json.dumps( - trust_policy_statement, indent=2)) - iam_client = IAM(self._session.create_client( - 'iam', - region_name=self._region, - endpoint_url=self._endpoint_url, - verify=parsed_globals.verify_ssl - )) + trust_policy_statement = json.loads( + TRUST_POLICY_STATEMENT_FORMAT + % { + "AWS_ACCOUNT_ID": account_id, + "OIDC_PROVIDER": oidc_provider, + "NAMESPACE": self._namespace, + "BASE36_ENCODED_ROLE_NAME": base36_encoded_role_name, + "AWS_PARTITION": get_policy_arn_suffix(self._region), + } + ) + + LOG.debug( + 'Computed Trust Policy Statement:\n%s', + json.dumps(trust_policy_statement, indent=2), + ) + iam_client = IAM( + self._session.create_client( + 'iam', + region_name=self._region, + endpoint_url=self._endpoint_url, + verify=parsed_globals.verify_ssl, + ) + ) assume_role_document = iam_client.get_assume_role_policy( - self._role_name) - matches = check_if_statement_exists(trust_policy_statement, - assume_role_document) + self._role_name + ) + matches = check_if_statement_exists( + trust_policy_statement, assume_role_document + ) if not matches: - LOG.debug('Role %s does not have the required trust policy ', - self._role_name) + LOG.debug( + 'Role %s does not have the required trust policy ', + self._role_name, + ) existing_statements = assume_role_document.get("Statement") if existing_statements is None: @@ -183,8 +196,9 @@ class UpdateRoleTrustPolicyCommand(Basic return json.dumps(assume_role_document, indent=2) else: LOG.debug('Updating trust policy of role %s', self._role_name) - iam_client.update_assume_role_policy(self._role_name, - assume_role_document) + iam_client.update_assume_role_policy( + self._role_name, assume_role_document + ) return TRUST_POLICY_UPDATE_SUCCESSFUL % self._role_name else: return TRUST_POLICY_STATEMENT_ALREADY_EXISTS % self._role_name diff -pruN 2.23.6-1/awscli/customizations/emrcontainers/utils.py 2.31.35-1/awscli/customizations/emrcontainers/utils.py --- 2.23.6-1/awscli/customizations/emrcontainers/utils.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/customizations/emrcontainers/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +""" +Utility functions to make it easier to work with emr-containers customizations. + +""" + + +# Method to parse the arguments to get the region value +def get_region(session, parsed_globals): + region = parsed_globals.region + + if region is None: + region = session.get_config_variable("region") + + return region diff -pruN 2.23.6-1/awscli/customizations/flatten.py 2.31.35-1/awscli/customizations/flatten.py --- 2.23.6-1/awscli/customizations/flatten.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/flatten.py 2025-11-12 19:17:29.000000000 +0000 @@ -30,15 +30,26 @@ class FlattenedArgument(CustomArgument): Supports both an object and a list of objects, in which case the flattened parameters will hydrate a list with a single object in it. """ - def __init__(self, name, container, prop, help_text='', required=None, - type=None, hydrate=None, hydrate_value=None): + + def __init__( + self, + name, + container, + prop, + help_text='', + required=None, + type=None, + hydrate=None, + hydrate_value=None, + ): self.type = type self._container = container self._property = prop self._hydrate = hydrate self._hydrate_value = hydrate_value - super(FlattenedArgument, self).__init__(name=name, help_text=help_text, - required=required) + super(FlattenedArgument, self).__init__( + name=name, help_text=help_text, required=required + ) @property def cli_type_name(self): @@ -56,7 +67,7 @@ class FlattenedArgument(CustomArgument): cli_type = self._container.cli_type_name key = self._property - LOG.debug('Hydrating {0}[{1}]'.format(container, key)) + LOG.debug('Hydrating %s[%s]', container, key) if value is not None: # Convert type if possible @@ -85,7 +96,7 @@ class FlattenedArgument(CustomArgument): parameters[container][key] = value -class FlattenArguments(object): +class FlattenArguments: """ Flatten arguments for one or more commands for a particular service from a given configuration which maps service call parameters to flattened @@ -151,6 +162,7 @@ class FlattenArguments(object): ensure that a list of one or more objects is hydrated rather than a single object. """ + def __init__(self, service_name, configs): self.configs = configs self.service_name = service_name @@ -163,9 +175,10 @@ class FlattenArguments(object): # Flatten each configured operation when they are built service = self.service_name for operation in self.configs: - cli.register('building-argument-table.{0}.{1}'.format(service, - operation), - self.flatten_args) + cli.register( + f'building-argument-table.{service}.{operation}', + self.flatten_args, + ) def flatten_args(self, command, argument_table, **kwargs): # For each argument with a bag of parameters @@ -173,10 +186,15 @@ class FlattenArguments(object): argument_from_table = argument_table[name] overwritten = False - LOG.debug('Flattening {0} argument {1} into {2}'.format( - command.name, name, - ', '.join([v['name'] for k, v in argument['flatten'].items()]) - )) + LOG.debug( + 'Flattening {0} argument {1} into {2}'.format( + command.name, + name, + ', '.join( + [v['name'] for k, v in argument['flatten'].items()] + ), + ) + ) # For each parameter to flatten out for sub_argument, new_config in argument['flatten'].items(): @@ -200,8 +218,9 @@ class FlattenArguments(object): overwritten = True # Delete the original argument? - if not overwritten and ('keep' not in argument or - not argument['keep']): + if not overwritten and ( + 'keep' not in argument or not argument['keep'] + ): del argument_table[name] def _find_nested_arg(self, argument, name): @@ -212,16 +231,14 @@ class FlattenArguments(object): """ if SEP in name: # Find the actual nested argument to pull out - LOG.debug('Finding nested argument in {0}'.format(name)) + LOG.debug('Finding nested argument in %s', name) for piece in name.split(SEP)[:-1]: for member_name, member in argument.members.items(): if member_name == piece: argument = member break else: - raise ParamValidationError( - 'Invalid piece {0}'.format(piece) - ) + raise ParamValidationError(f'Invalid piece {piece}') return argument @@ -239,7 +256,9 @@ class FlattenArguments(object): config['help_text'] = member.documentation if 'required' not in config: - config['required'] = member_name in argument.required_members + config['required'] = ( + member_name in argument.required_members + ) if 'type' not in config: config['type'] = member.type_name diff -pruN 2.23.6-1/awscli/customizations/gamelift/__init__.py 2.31.35-1/awscli/customizations/gamelift/__init__.py --- 2.23.6-1/awscli/customizations/gamelift/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/gamelift/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,8 +10,8 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.gamelift.uploadbuild import UploadBuildCommand from awscli.customizations.gamelift.getlog import GetGameSessionLogCommand +from awscli.customizations.gamelift.uploadbuild import UploadBuildCommand def register_gamelift_commands(event_emitter): diff -pruN 2.23.6-1/awscli/customizations/gamelift/getlog.py 2.31.35-1/awscli/customizations/gamelift/getlog.py --- 2.23.6-1/awscli/customizations/gamelift/getlog.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/gamelift/getlog.py 2025-11-12 19:17:29.000000000 +0000 @@ -21,30 +21,38 @@ class GetGameSessionLogCommand(BasicComm NAME = 'get-game-session-log' DESCRIPTION = 'Download a compressed log file for a game session.' ARG_TABLE = [ - {'name': 'game-session-id', 'required': True, - 'help_text': 'The game session ID'}, - {'name': 'save-as', 'required': True, - 'help_text': 'The filename to which the file should be saved (.zip)'} + { + 'name': 'game-session-id', + 'required': True, + 'help_text': 'The game session ID', + }, + { + 'name': 'save-as', + 'required': True, + 'help_text': 'The filename to which the file should be saved (.zip)', + }, ] def _run_main(self, args, parsed_globals): client = self._session.create_client( - 'gamelift', region_name=parsed_globals.region, + 'gamelift', + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) # Retrieve a signed url. response = client.get_game_session_log_url( - GameSessionId=args.game_session_id) + GameSessionId=args.game_session_id + ) url = response['PreSignedUrl'] # Retrieve the content from the presigned url and save it locally. contents = urlopen(url) sys.stdout.write( - 'Downloading log archive for game session %s...\r' % - args.game_session_id + 'Downloading log archive for game session %s...\r' + % args.game_session_id ) with open(args.save_as, 'wb') as f: @@ -53,6 +61,7 @@ class GetGameSessionLogCommand(BasicComm sys.stdout.write( 'Successfully downloaded log archive for game ' - 'session %s to %s\n' % (args.game_session_id, args.save_as)) + 'session %s to %s\n' % (args.game_session_id, args.save_as) + ) return 0 diff -pruN 2.23.6-1/awscli/customizations/gamelift/uploadbuild.py 2.31.35-1/awscli/customizations/gamelift/uploadbuild.py --- 2.23.6-1/awscli/customizations/gamelift/uploadbuild.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/gamelift/uploadbuild.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,11 +10,11 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import threading import contextlib import os -import tempfile import sys +import tempfile +import threading import zipfile from s3transfer import S3Transfer @@ -27,26 +27,40 @@ class UploadBuildCommand(BasicCommand): NAME = 'upload-build' DESCRIPTION = 'Upload a new build to AWS GameLift.' ARG_TABLE = [ - {'name': 'name', 'required': True, - 'help_text': 'The name of the build'}, - {'name': 'build-version', 'required': True, - 'help_text': 'The version of the build'}, - {'name': 'build-root', 'required': True, - 'help_text': - 'The path to the directory containing the build to upload'}, - {'name': 'server-sdk-version', 'required': False, - 'help_text': - 'The version of the GameLift server SDK used to ' - 'create the game server'}, - {'name': 'operating-system', 'required': False, - 'help_text': 'The operating system the build runs on'} + { + 'name': 'name', + 'required': True, + 'help_text': 'The name of the build', + }, + { + 'name': 'build-version', + 'required': True, + 'help_text': 'The version of the build', + }, + { + 'name': 'build-root', + 'required': True, + 'help_text': 'The path to the directory containing the build to upload', + }, + { + 'name': 'server-sdk-version', + 'required': False, + 'help_text': 'The version of the GameLift server SDK used to ' + 'create the game server', + }, + { + 'name': 'operating-system', + 'required': False, + 'help_text': 'The operating system the build runs on', + }, ] def _run_main(self, args, parsed_globals): gamelift_client = self._session.create_client( - 'gamelift', region_name=parsed_globals.region, + 'gamelift', + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) # Validate a build directory if not validate_directory(args.build_root): @@ -60,7 +74,7 @@ class UploadBuildCommand(BasicCommand): # Create a build based on the operating system given. create_build_kwargs = { 'Name': args.name, - 'Version': args.build_version + 'Version': args.build_version, } if args.operating_system: create_build_kwargs['OperatingSystem'] = args.operating_system @@ -70,8 +84,7 @@ class UploadBuildCommand(BasicCommand): build_id = response['Build']['BuildId'] # Retrieve a set of credentials and the s3 bucket and key. - response = gamelift_client.request_upload_credentials( - BuildId=build_id) + response = gamelift_client.request_upload_credentials(BuildId=build_id) upload_credentials = response['UploadCredentials'] bucket = response['StorageLocation']['Bucket'] key = response['StorageLocation']['Key'] @@ -82,11 +95,12 @@ class UploadBuildCommand(BasicCommand): secret_key = upload_credentials['SecretAccessKey'] session_token = upload_credentials['SessionToken'] s3_client = self._session.create_client( - 's3', aws_access_key_id=access_key, + 's3', + aws_access_key_id=access_key, aws_secret_access_key=secret_key, aws_session_token=session_token, region_name=parsed_globals.region, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) s3_transfer_mgr = S3Transfer(s3_client) @@ -95,11 +109,13 @@ class UploadBuildCommand(BasicCommand): fd, temporary_zipfile = tempfile.mkstemp('%s.zip' % build_id) zip_directory(temporary_zipfile, args.build_root) s3_transfer_mgr.upload_file( - temporary_zipfile, bucket, key, + temporary_zipfile, + bucket, + key, callback=ProgressPercentage( temporary_zipfile, - label='Uploading ' + args.build_root + ':' - ) + label='Uploading ' + args.build_root + ':', + ), ) finally: os.close(fd) @@ -107,7 +123,8 @@ class UploadBuildCommand(BasicCommand): sys.stdout.write( 'Successfully uploaded %s to AWS GameLift\n' - 'Build ID: %s\n' % (args.build_root, build_id)) + 'Build ID: %s\n' % (args.build_root, build_id) + ) return 0 @@ -120,8 +137,7 @@ def zip_directory(zipfile_name, source_r for root, dirs, files in os.walk(source_root): for filename in files: full_path = os.path.join(root, filename) - relative_path = os.path.relpath( - full_path, source_root) + relative_path = os.path.relpath(full_path, source_root) zf.write(full_path, relative_path) @@ -140,7 +156,7 @@ def validate_directory(source_root): # TODO: Remove this class once available to CLI from s3transfer # docstring. -class ProgressPercentage(object): +class ProgressPercentage: def __init__(self, filename, label=None): self._filename = filename self._label = label @@ -156,9 +172,12 @@ class ProgressPercentage(object): if self._size > 0: percentage = (self._seen_so_far / self._size) * 100 sys.stdout.write( - "\r%s %s / %s (%.2f%%)" % ( - self._label, human_readable_size(self._seen_so_far), - human_readable_size(self._size), percentage + "\r%s %s / %s (%.2f%%)" + % ( + self._label, + human_readable_size(self._seen_so_far), + human_readable_size(self._size), + percentage, ) ) sys.stdout.flush() diff -pruN 2.23.6-1/awscli/customizations/generatecliskeleton.py 2.31.35-1/awscli/customizations/generatecliskeleton.py --- 2.23.6-1/awscli/customizations/generatecliskeleton.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/generatecliskeleton.py 2025-11-12 19:17:29.000000000 +0000 @@ -33,7 +33,8 @@ def add_generate_skeleton(session, opera # is designated by the argument name `outfile`. if 'outfile' not in argument_table: generate_cli_skeleton_argument = GenerateCliSkeletonArgument( - session, operation_model) + session, operation_model + ) generate_cli_skeleton_argument.add_to_arg_table(argument_table) @@ -44,6 +45,7 @@ class GenerateCliSkeletonArgument(Overri command from taking place. Instead, it will generate a JSON skeleton and print it to standard output. """ + ARG_DATA = { 'name': 'generate-cli-skeleton', 'help_text': ( @@ -86,17 +88,18 @@ class GenerateCliSkeletonArgument(Overri except IndexError: pass super(GenerateCliSkeletonArgument, self).override_required_args( - argument_table, args, **kwargs) + argument_table, args, **kwargs + ) - def generate_skeleton(self, call_parameters, parsed_args, - parsed_globals, **kwargs): + def generate_skeleton( + self, call_parameters, parsed_args, parsed_globals, **kwargs + ): if not getattr(parsed_args, 'generate_cli_skeleton', None): return arg_value = parsed_args.generate_cli_skeleton return getattr( - self, '_generate_%s_skeleton' % arg_value.replace('-', '_'))( - call_parameters=call_parameters, parsed_globals=parsed_globals - ) + self, '_generate_%s_skeleton' % arg_value.replace('-', '_') + )(call_parameters=call_parameters, parsed_globals=parsed_globals) def _generate_yaml_input_skeleton(self, **kwargs): input_shape = self._operation_model.input_shape @@ -120,13 +123,14 @@ class GenerateCliSkeletonArgument(Overri outfile.write('\n') return 0 - def _generate_output_skeleton(self, call_parameters, parsed_globals, - **kwargs): + def _generate_output_skeleton( + self, call_parameters, parsed_globals, **kwargs + ): service_name = self._operation_model.service_model.service_name operation_name = self._operation_model.name return StubbedCLIOperationCaller(self._session).invoke( - service_name, operation_name, call_parameters, - parsed_globals) + service_name, operation_name, call_parameters, parsed_globals + ) class StubbedCLIOperationCaller(CLIOperationCaller): @@ -135,31 +139,36 @@ class StubbedCLIOperationCaller(CLIOpera It generates a fake response and uses the response and provided parameters to make a stubbed client call for an operation command. """ - def _make_client_call(self, client, operation_name, parameters, - parsed_globals): + + def _make_client_call( + self, client, operation_name, parameters, parsed_globals + ): method_name = xform_name(operation_name) operation_model = client.meta.service_model.operation_model( - operation_name) + operation_name + ) fake_response = {} if operation_model.output_shape: argument_generator = ArgumentGenerator(use_member_names=True) fake_response = argument_generator.generate_skeleton( - operation_model.output_shape) + operation_model.output_shape + ) with Stubber(client) as stubber: stubber.add_response(method_name, fake_response) return getattr(client, method_name)(**parameters) -class _Bytes(object): +class _Bytes: @classmethod def represent(cls, dumper, data): - return dumper.represent_scalar(u'tag:yaml.org,2002:binary', '') + return dumper.represent_scalar('tag:yaml.org,2002:binary', '') class YAMLArgumentGenerator(ArgumentGenerator): def __init__(self, use_member_names=False, yaml=None): super(YAMLArgumentGenerator, self).__init__( - use_member_names=use_member_names) + use_member_names=use_member_names + ) self._yaml = yaml if self._yaml is None: self._yaml = YAML() @@ -181,14 +190,17 @@ class YAMLArgumentGenerator(ArgumentGene skeleton = self._yaml.map() for member_name, member_shape in shape.members.items(): skeleton[member_name] = self._generate_skeleton( - member_shape, stack, name=member_name) + member_shape, stack, name=member_name + ) is_required = member_name in shape.required_members self._add_member_comments( - skeleton, member_name, member_shape, is_required) + skeleton, member_name, member_shape, is_required + ) return skeleton - def _add_member_comments(self, skeleton, member_name, member_shape, - is_required): + def _add_member_comments( + self, skeleton, member_name, member_shape, is_required + ): comment_components = [] if is_required: comment_components.append('[REQUIRED]') @@ -208,6 +220,6 @@ class YAMLArgumentGenerator(ArgumentGene # YAML has support for ordered maps, so don't use ordereddicts # because that isn't necessary and it makes the output harder to # understand and read. - return dict(super(YAMLArgumentGenerator, self)._generate_type_map( - shape, stack - )) + return dict( + super(YAMLArgumentGenerator, self)._generate_type_map(shape, stack) + ) diff -pruN 2.23.6-1/awscli/customizations/globalargs.py 2.31.35-1/awscli/customizations/globalargs.py --- 2.23.6-1/awscli/customizations/globalargs.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/globalargs.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,29 +10,38 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys import os +import sys +import jmespath +from botocore import UNSIGNED from botocore.client import Config from botocore.endpoint import DEFAULT_TIMEOUT -from botocore.handlers import disable_signing -import jmespath from awscli.compat import urlparse from awscli.customizations.exceptions import ParamValidationError def register_parse_global_args(cli): - cli.register('top-level-args-parsed', resolve_types, - unique_id='resolve-types') - cli.register('top-level-args-parsed', no_sign_request, - unique_id='no-sign') - cli.register('top-level-args-parsed', resolve_verify_ssl, - unique_id='resolve-verify-ssl') - cli.register('top-level-args-parsed', resolve_cli_read_timeout, - unique_id='resolve-cli-read-timeout') - cli.register('top-level-args-parsed', resolve_cli_connect_timeout, - unique_id='resolve-cli-connect-timeout') + cli.register( + 'top-level-args-parsed', resolve_types, unique_id='resolve-types' + ) + cli.register('top-level-args-parsed', no_sign_request, unique_id='no-sign') + cli.register( + 'top-level-args-parsed', + resolve_verify_ssl, + unique_id='resolve-verify-ssl', + ) + cli.register( + 'top-level-args-parsed', + resolve_cli_read_timeout, + unique_id='resolve-cli-read-timeout', + ) + cli.register( + 'top-level-args-parsed', + resolve_cli_connect_timeout, + unique_id='resolve-cli-connect-timeout', + ) def resolve_types(parsed_args, **kwargs): @@ -89,13 +98,10 @@ def resolve_verify_ssl(parsed_args, sess def no_sign_request(parsed_args, session, **kwargs): if not parsed_args.sign_request: - # In order to make signing disabled for all requests - # we need to use botocore's ``disable_signing()`` handler. - # Register this first to override other handlers. - emitter = session.get_component('event_emitter') - emitter.register_first( - 'choose-signer', disable_signing, unique_id='disable-signing', - ) + # Disable request signing by setting the signature version to UNSIGNED + # in the default client configuration. This ensures all new clients + # will be created with signing disabled. + _update_default_client_config(session, 'signature_version', UNSIGNED) def resolve_cli_connect_timeout(parsed_args, session, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/history/__init__.py 2.31.35-1/awscli/customizations/history/__init__.py --- 2.23.6-1/awscli/customizations/history/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,37 +10,40 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import logging import os import sys -import logging -from botocore.history import get_global_history_recorder from botocore.exceptions import ProfileNotFound +from botocore.history import get_global_history_recorder from awscli.compat import sqlite3 from awscli.customizations.commands import BasicCommand -from awscli.customizations.history.constants import HISTORY_FILENAME_ENV_VAR -from awscli.customizations.history.constants import DEFAULT_HISTORY_FILENAME -from awscli.customizations.history.db import DatabaseConnection -from awscli.customizations.history.db import DatabaseRecordWriter -from awscli.customizations.history.db import RecordBuilder -from awscli.customizations.history.db import DatabaseHistoryHandler -from awscli.customizations.history.show import ShowCommand +from awscli.customizations.history.constants import ( + DEFAULT_HISTORY_FILENAME, + HISTORY_FILENAME_ENV_VAR, +) +from awscli.customizations.history.db import ( + DatabaseConnection, + DatabaseHistoryHandler, + DatabaseRecordWriter, + RecordBuilder, +) from awscli.customizations.history.list import ListCommand - +from awscli.customizations.history.show import ShowCommand LOG = logging.getLogger(__name__) HISTORY_RECORDER = get_global_history_recorder() def register_history_mode(event_handlers): - event_handlers.register( - 'session-initialized', attach_history_handler) + event_handlers.register('session-initialized', attach_history_handler) def register_history_commands(event_handlers): event_handlers.register( - "building-command-table.main", add_history_commands) + "building-command-table.main", add_history_commands + ) def attach_history_handler(session, parsed_args, **kwargs): @@ -48,7 +51,8 @@ def attach_history_handler(session, pars LOG.debug('Enabling CLI history') history_filename = os.environ.get( - HISTORY_FILENAME_ENV_VAR, DEFAULT_HISTORY_FILENAME) + HISTORY_FILENAME_ENV_VAR, DEFAULT_HISTORY_FILENAME + ) if not os.path.isdir(os.path.dirname(history_filename)): os.makedirs(os.path.dirname(history_filename)) @@ -98,7 +102,7 @@ class HistoryCommand(BasicCommand): ) SUBCOMMANDS = [ {'name': 'show', 'command_class': ShowCommand}, - {'name': 'list', 'command_class': ListCommand} + {'name': 'list', 'command_class': ListCommand}, ] def _run_main(self, parsed_args, parsed_globals): diff -pruN 2.23.6-1/awscli/customizations/history/commands.py 2.31.35-1/awscli/customizations/history/commands.py --- 2.23.6-1/awscli/customizations/history/commands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/commands.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,14 +13,16 @@ import os from awscli.compat import is_windows -from awscli.utils import is_a_tty -from awscli.utils import OutputStreamFactory - from awscli.customizations.commands import BasicCommand -from awscli.customizations.history.db import DatabaseConnection -from awscli.customizations.history.constants import HISTORY_FILENAME_ENV_VAR -from awscli.customizations.history.constants import DEFAULT_HISTORY_FILENAME -from awscli.customizations.history.db import DatabaseRecordReader +from awscli.customizations.history.constants import ( + DEFAULT_HISTORY_FILENAME, + HISTORY_FILENAME_ENV_VAR, +) +from awscli.customizations.history.db import ( + DatabaseConnection, + DatabaseRecordReader, +) +from awscli.utils import OutputStreamFactory, is_a_tty class HistorySubcommand(BasicCommand): @@ -29,8 +31,9 @@ class HistorySubcommand(BasicCommand): self._db_reader = db_reader self._output_stream_factory = output_stream_factory if output_stream_factory is None: - self._output_stream_factory = \ + self._output_stream_factory = ( self._get_default_output_stream_factory() + ) def _get_default_output_stream_factory(self): return OutputStreamFactory(self._session) @@ -45,7 +48,8 @@ class HistorySubcommand(BasicCommand): def _get_history_db_filename(self): filename = os.environ.get( - HISTORY_FILENAME_ENV_VAR, DEFAULT_HISTORY_FILENAME) + HISTORY_FILENAME_ENV_VAR, DEFAULT_HISTORY_FILENAME + ) if not os.path.exists(filename): raise RuntimeError( 'Could not locate history. Make sure cli_history is set to ' diff -pruN 2.23.6-1/awscli/customizations/history/constants.py 2.31.35-1/awscli/customizations/history/constants.py --- 2.23.6-1/awscli/customizations/history/constants.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/constants.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. import os - HISTORY_FILENAME_ENV_VAR = 'AWS_CLI_HISTORY_FILE' DEFAULT_HISTORY_FILENAME = os.path.expanduser( - os.path.join('~', '.aws', 'cli', 'history', 'history.db')) + os.path.join('~', '.aws', 'cli', 'history', 'history.db') +) diff -pruN 2.23.6-1/awscli/customizations/history/db.py 2.31.35-1/awscli/customizations/history/db.py --- 2.23.6-1/awscli/customizations/history/db.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/db.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,24 +10,21 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import uuid -import time -import json import datetime -import threading +import json import logging -from awscli.compat import collections_abc +import threading +import time +import uuid from botocore.history import BaseHistoryHandler -from awscli.compat import sqlite3 -from awscli.compat import binary_type - +from awscli.compat import binary_type, collections_abc, sqlite3 LOG = logging.getLogger(__name__) -class DatabaseConnection(object): +class DatabaseConnection: _CREATE_TABLE = """ CREATE TABLE IF NOT EXISTS records ( id TEXT, @@ -41,7 +38,8 @@ class DatabaseConnection(object): def __init__(self, db_filename): self._connection = sqlite3.connect( - db_filename, check_same_thread=False, isolation_level=None) + db_filename, check_same_thread=False, isolation_level=None + ) self._ensure_database_setup() def close(self): @@ -92,8 +90,9 @@ class PayloadSerializer(json.JSONEncoder if isinstance(obj, str): obj = self._try_decode_bytes(obj) elif isinstance(obj, dict): - obj = dict((k, self._remove_non_unicode_stings(v)) for k, v - in obj.items()) + obj = dict( + (k, self._remove_non_unicode_stings(v)) for k, v in obj.items() + ) elif isinstance(obj, (list, tuple)): obj = [self._remove_non_unicode_stings(o) for o in obj] return obj @@ -132,7 +131,7 @@ class PayloadSerializer(json.JSONEncoder return repr(obj) -class DatabaseRecordWriter(object): +class DatabaseRecordWriter: _WRITE_RECORD = """ INSERT INTO records( id, request_id, source, event_type, timestamp, payload) @@ -152,26 +151,30 @@ class DatabaseRecordWriter(object): def _create_db_record(self, record): event_type = record['event_type'] - json_serialized_payload = json.dumps(record['payload'], - cls=PayloadSerializer) + json_serialized_payload = json.dumps( + record['payload'], cls=PayloadSerializer + ) db_record = ( record['command_id'], record.get('request_id'), record['source'], event_type, record['timestamp'], - json_serialized_payload + json_serialized_payload, ) return db_record -class DatabaseRecordReader(object): +class DatabaseRecordReader: _ORDERING = 'ORDER BY timestamp' - _GET_LAST_ID_RECORDS = """ + _GET_LAST_ID_RECORDS = ( + """ SELECT * FROM records WHERE id = (SELECT id FROM records WHERE timestamp = - (SELECT max(timestamp) FROM records)) %s;""" % _ORDERING + (SELECT max(timestamp) FROM records)) %s;""" + % _ORDERING + ) _GET_RECORDS_BY_ID = 'SELECT * from records where id = ? %s' % _ORDERING _GET_ALL_RECORDS = ( 'SELECT a.id AS id_a, ' @@ -218,9 +221,10 @@ class DatabaseRecordReader(object): yield row -class RecordBuilder(object): +class RecordBuilder: _REQUEST_LIFECYCLE_EVENTS = set( - ['API_CALL', 'HTTP_REQUEST', 'HTTP_RESPONSE', 'PARSED_RESPONSE']) + ['API_CALL', 'HTTP_REQUEST', 'HTTP_RESPONSE', 'PARSED_RESPONSE'] + ) _START_OF_REQUEST_LIFECYCLE_EVENT = 'API_CALL' def __init__(self): @@ -254,7 +258,7 @@ class RecordBuilder(object): 'event_type': event_type, 'payload': payload, 'source': source, - 'timestamp': int(time.time() * 1000) + 'timestamp': int(time.time() * 1000), } request_id = self._get_request_id(event_type) if request_id: diff -pruN 2.23.6-1/awscli/customizations/history/filters.py 2.31.35-1/awscli/customizations/history/filters.py --- 2.23.6-1/awscli/customizations/history/filters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/filters.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,7 +1,7 @@ import re -class RegexFilter(object): +class RegexFilter: def __init__(self, pattern, replacement): self._pattern = pattern self._replacement = replacement diff -pruN 2.23.6-1/awscli/customizations/history/list.py 2.31.35-1/awscli/customizations/history/list.py --- 2.23.6-1/awscli/customizations/history/list.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/list.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,11 +10,11 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import json import datetime +import json -from awscli.utils import OutputStreamFactory from awscli.customizations.history.commands import HistorySubcommand +from awscli.utils import OutputStreamFactory class ListCommand(HistorySubcommand): @@ -26,12 +26,7 @@ class ListCommand(HistorySubcommand): '``history show`` with the command_id to see more details about ' 'a particular entry.' ) - _COL_WIDTHS = { - 'id_a': 38, - 'timestamp': 24, - 'args': 50, - 'rc': 0 - } + _COL_WIDTHS = {'id_a': 38, 'timestamp': 24, 'args': 50, 'rc': 0} def _get_default_output_stream_factory(self): return OutputStreamFactory(self._session, default_less_flags='SR') @@ -45,7 +40,8 @@ class ListCommand(HistorySubcommand): raise RuntimeError( 'No commands were found in your history. Make sure you have ' 'enabled history mode by adding "cli_history = enabled" ' - 'to the config file.') + 'to the config file.' + ) with self._output_stream_factory.get_output_stream() as stream: formatter = TextFormatter(self._COL_WIDTHS, stream) @@ -55,11 +51,12 @@ class ListCommand(HistorySubcommand): return 0 -class RecordAdapter(object): +class RecordAdapter: """This class is just to read one ahead to make sure there are records If there are no records we can just exit early. """ + def __init__(self, records): self._records = records self._next = None @@ -80,7 +77,7 @@ class RecordAdapter(object): self._advance() -class TextFormatter(object): +class TextFormatter: def __init__(self, col_widths, output_stream): self._col_widths = col_widths self._output_stream = output_stream @@ -88,27 +85,28 @@ class TextFormatter(object): def _format_time(self, timestamp): command_time = datetime.datetime.fromtimestamp(timestamp / 1000) formatted = datetime.datetime.strftime( - command_time, '%Y-%m-%d %I:%M:%S %p') + command_time, '%Y-%m-%d %I:%M:%S %p' + ) return formatted def _format_args(self, args, arg_width): json_value = json.loads(args) formatted = ' '.join(json_value[:2]) if len(formatted) >= arg_width: - formatted = '%s...' % formatted[:arg_width-4] + formatted = '%s...' % formatted[: arg_width - 4] return formatted def _format_record(self, record): fmt_string = "{0:<%s}{1:<%s}{2:<%s}{3}\n" % ( self._col_widths['id_a'], self._col_widths['timestamp'], - self._col_widths['args'] + self._col_widths['args'], ) record_line = fmt_string.format( record['id_a'], self._format_time(record['timestamp']), self._format_args(record['args'], self._col_widths['args']), - record['rc'] + record['rc'], ) return record_line diff -pruN 2.23.6-1/awscli/customizations/history/show.py 2.31.35-1/awscli/customizations/history/show.py --- 2.23.6-1/awscli/customizations/history/show.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/history/show.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,18 +13,18 @@ import datetime import json import sys -import xml.parsers.expat import xml.dom.minidom +import xml.parsers.expat import colorama -from awscli.table import COLORAMA_KWARGS +from awscli.customizations.exceptions import ParamValidationError from awscli.customizations.history.commands import HistorySubcommand from awscli.customizations.history.filters import RegexFilter -from awscli.customizations.exceptions import ParamValidationError +from awscli.table import COLORAMA_KWARGS -class Formatter(object): +class Formatter: def __init__(self, output=None, include=None, exclude=None): """Formats and outputs CLI history events @@ -46,7 +46,8 @@ class Formatter(object): self._output = sys.stdout if include and exclude: raise ParamValidationError( - 'Either input or exclude can be provided but not both') + 'Either input or exclude can be provided but not both' + ) self._include = include self._exclude = exclude @@ -80,97 +81,73 @@ class DetailedFormatter(Formatter): _SECTIONS = { 'CLI_VERSION': { 'title': 'AWS CLI command entered', - 'values': [ - {'description': 'with AWS CLI version'} - ] - }, - 'CLI_ARGUMENTS': { - 'values': [ - {'description': 'with arguments'} - ] + 'values': [{'description': 'with AWS CLI version'}], }, + 'CLI_ARGUMENTS': {'values': [{'description': 'with arguments'}]}, 'API_CALL': { 'title': 'API call made', 'values': [ - { - 'description': 'to service', - 'payload_key': 'service' - }, - { - 'description': 'using operation', - 'payload_key': 'operation' - }, + {'description': 'to service', 'payload_key': 'service'}, + {'description': 'using operation', 'payload_key': 'operation'}, { 'description': 'with parameters', 'payload_key': 'params', - 'value_format': 'dictionary' - } - ] + 'value_format': 'dictionary', + }, + ], }, 'HTTP_REQUEST': { 'title': 'HTTP request sent', 'values': [ - { - 'description': 'to URL', - 'payload_key': 'url' - }, - { - 'description': 'with method', - 'payload_key': 'method' - }, + {'description': 'to URL', 'payload_key': 'url'}, + {'description': 'with method', 'payload_key': 'method'}, { 'description': 'with headers', 'payload_key': 'headers', 'value_format': 'dictionary', - 'filters': [_SIG_FILTER] + 'filters': [_SIG_FILTER], }, { 'description': 'with body', 'payload_key': 'body', - 'value_format': 'http_body' - } - - ] + 'value_format': 'http_body', + }, + ], }, 'HTTP_RESPONSE': { 'title': 'HTTP response received', 'values': [ { 'description': 'with status code', - 'payload_key': 'status_code' + 'payload_key': 'status_code', }, { 'description': 'with headers', 'payload_key': 'headers', - 'value_format': 'dictionary' + 'value_format': 'dictionary', }, { 'description': 'with body', 'payload_key': 'body', - 'value_format': 'http_body' - } - ] + 'value_format': 'http_body', + }, + ], }, 'PARSED_RESPONSE': { 'title': 'HTTP response parsed', 'values': [ - { - 'description': 'parsed to', - 'value_format': 'dictionary' - } - ] + {'description': 'parsed to', 'value_format': 'dictionary'} + ], }, 'CLI_RC': { 'title': 'AWS CLI command exited', - 'values': [ - {'description': 'with return code'} - ] + 'values': [{'description': 'with return code'}], }, } _COMPONENT_COLORS = { 'title': colorama.Style.BRIGHT, - 'description': colorama.Fore.CYAN + 'description': colorama.Fore.CYAN, } def __init__(self, output=None, include=None, exclude=None, colorize=True): @@ -225,7 +202,8 @@ class DetailedFormatter(Formatter): formatted_timestamp = self._format_description('at time') formatted_timestamp += self._format_value( - event_record['timestamp'], event_record, value_format='timestamp') + event_record['timestamp'], event_record, value_format='timestamp' + ) return '\n' + formatted_title + formatted_timestamp @@ -233,19 +211,20 @@ class DetailedFormatter(Formatter): request_id = event_record['request_id'] if request_id: if request_id not in self._request_id_to_api_num: - self._request_id_to_api_num[ - request_id] = self._num_api_calls + self._request_id_to_api_num[request_id] = self._num_api_calls self._num_api_calls += 1 return self._request_id_to_api_num[request_id] def _format_description(self, value_description): return self._color_if_configured( - value_description + ': ', 'description') + value_description + ': ', 'description' + ) def _format_value(self, value, event_record, value_format=None): if value_format: formatted_value = self._value_pformatter.pformat( - value, value_format, event_record) + value, value_format, event_record + ) else: formatted_value = str(value) return formatted_value + '\n' @@ -257,13 +236,14 @@ class DetailedFormatter(Formatter): return text -class SectionValuePrettyFormatter(object): +class SectionValuePrettyFormatter: def pformat(self, value, value_format, event_record): return getattr(self, '_pformat_' + value_format)(value, event_record) def _pformat_timestamp(self, event_timestamp, event_record=None): return datetime.datetime.fromtimestamp( - event_timestamp/1000.0).strftime('%Y-%m-%d %H:%M:%S.%f')[:-3] + event_timestamp / 1000.0 + ).strftime('%Y-%m-%d %H:%M:%S.%f')[:-3] def _pformat_dictionary(self, obj, event_record=None): return json.dumps(obj=obj, sort_keys=True, indent=4) @@ -295,7 +275,7 @@ class SectionValuePrettyFormatter(object # is called. stripped_body = self._strip_whitespace(body) xml_dom = xml.dom.minidom.parseString(stripped_body) - return xml_dom.toprettyxml(indent=' '*4, newl='\n') + return xml_dom.toprettyxml(indent=' ' * 4, newl='\n') def _get_pretty_json(self, body): # The json body is loaded so it can be dumped in a format that @@ -312,9 +292,7 @@ class SectionValuePrettyFormatter(object def _strip_whitespace(self, xml_string): xml_dom = xml.dom.minidom.parseString(xml_string) - return ''.join( - [line.strip() for line in xml_dom.toxml().splitlines()] - ) + return ''.join([line.strip() for line in xml_dom.toxml().splitlines()]) def _is_json_structure(self, body): if body.startswith('{'): @@ -333,43 +311,57 @@ class ShowCommand(HistorySubcommand): 'If this command is ran without any positional arguments, it will ' 'display the events for the last CLI command ran.' ) - FORMATTERS = { - 'detailed': DetailedFormatter - } + FORMATTERS = {'detailed': DetailedFormatter} ARG_TABLE = [ - {'name': 'command_id', 'nargs': '?', 'default': 'latest', - 'positional_arg': True, - 'help_text': ( - 'The ID of the CLI command to show. If this positional argument ' - 'is omitted, it will show the last the CLI command ran.')}, - {'name': 'include', 'nargs': '+', - 'help_text': ( - 'Specifies which events to **only** include when showing the ' - 'CLI command. This argument is mutually exclusive with ' - '``--exclude``.')}, - {'name': 'exclude', 'nargs': '+', - 'help_text': ( - 'Specifies which events to exclude when showing the ' - 'CLI command. This argument is mutually exclusive with ' - '``--include``.')}, - {'name': 'format', 'choices': FORMATTERS.keys(), - 'default': 'detailed', 'help_text': ( - 'Specifies which format to use in showing the events for ' - 'the specified CLI command. The following formats are ' - 'supported:\n\n' - '
        ' - '
      • detailed - This the default format. It prints out a ' - 'detailed overview of the CLI command ran. It displays all ' - 'of the key events in the command lifecycle where each ' - 'important event has a title and its important values ' - 'underneath. The events are ordered by timestamp and events of ' - 'the same API call are associated together with the ' - '[``api_id``] notation where events that share the same ' - '``api_id`` belong to the lifecycle of the same API call.' - '
        • ' - '
      ' - ) - } + { + 'name': 'command_id', + 'nargs': '?', + 'default': 'latest', + 'positional_arg': True, + 'help_text': ( + 'The ID of the CLI command to show. If this positional argument ' + 'is omitted, it will show the last the CLI command ran.' + ), + }, + { + 'name': 'include', + 'nargs': '+', + 'help_text': ( + 'Specifies which events to **only** include when showing the ' + 'CLI command. This argument is mutually exclusive with ' + '``--exclude``.' + ), + }, + { + 'name': 'exclude', + 'nargs': '+', + 'help_text': ( + 'Specifies which events to exclude when showing the ' + 'CLI command. This argument is mutually exclusive with ' + '``--include``.' + ), + }, + { + 'name': 'format', + 'choices': FORMATTERS.keys(), + 'default': 'detailed', + 'help_text': ( + 'Specifies which format to use in showing the events for ' + 'the specified CLI command. The following formats are ' + 'supported:\n\n' + '
        ' + '
      • detailed - This the default format. It prints out a ' + 'detailed overview of the CLI command ran. It displays all ' + 'of the key events in the command lifecycle where each ' + 'important event has a title and its important values ' + 'underneath. The events are ordered by timestamp and events of ' + 'the same API call are associated together with the ' + '[``api_id``] notation where events that share the same ' + '``api_id`` belong to the lifecycle of the same API call.' + '
        • ' + '
      ' + ), + }, ] def _run_main(self, parsed_args, parsed_globals): @@ -378,7 +370,8 @@ class ShowCommand(HistorySubcommand): self._validate_args(parsed_args) with self._output_stream_factory.get_output_stream() as stream: formatter = self._get_formatter( - parsed_args, parsed_globals, stream) + parsed_args, parsed_globals, stream + ) for record in self._get_record_iterator(parsed_args): formatter.display(record) finally: @@ -388,18 +381,20 @@ class ShowCommand(HistorySubcommand): def _validate_args(self, parsed_args): if parsed_args.exclude and parsed_args.include: raise ParamValidationError( - 'Either --exclude or --include can be provided but not both') + 'Either --exclude or --include can be provided but not both' + ) def _get_formatter(self, parsed_args, parsed_globals, output_stream): format_type = parsed_args.format formatter_kwargs = { 'include': parsed_args.include, 'exclude': parsed_args.exclude, - 'output': output_stream + 'output': output_stream, } if format_type == 'detailed': formatter_kwargs['colorize'] = self._should_use_color( - parsed_globals) + parsed_globals + ) return self.FORMATTERS[format_type](**formatter_kwargs) def _get_record_iterator(self, parsed_args): diff -pruN 2.23.6-1/awscli/customizations/iamvirtmfa.py 2.31.35-1/awscli/customizations/iamvirtmfa.py --- 2.23.6-1/awscli/customizations/iamvirtmfa.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/iamvirtmfa.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,22 +22,27 @@ pull the appropriate data field out of t to the specified file. It will also remove the two bootstrap data fields from the response. """ -import base64 -from awscli.customizations.arguments import StatefulArgument -from awscli.customizations.arguments import resolve_given_outfile_path -from awscli.customizations.arguments import is_parsed_result_successful +import base64 +from awscli.customizations.arguments import ( + StatefulArgument, + is_parsed_result_successful, + resolve_given_outfile_path, +) CHOICES = ('QRCodePNG', 'Base32StringSeed') -OUTPUT_HELP = ('The output path and file name where the bootstrap ' - 'information will be stored.') -BOOTSTRAP_HELP = ('Method to use to seed the virtual MFA. ' - 'Valid values are: %s | %s' % CHOICES) +OUTPUT_HELP = ( + 'The output path and file name where the bootstrap ' + 'information will be stored.' +) +BOOTSTRAP_HELP = ( + 'Method to use to seed the virtual MFA. ' + 'Valid values are: %s | %s' % CHOICES +) class FileArgument(StatefulArgument): - def add_to_params(self, parameters, value): # Validate the file here so we can raise an error prior # calling the service. @@ -45,20 +50,25 @@ class FileArgument(StatefulArgument): super(FileArgument, self).add_to_params(parameters, value) -class IAMVMFAWrapper(object): - +class IAMVMFAWrapper: def __init__(self, event_handler): self._event_handler = event_handler self._outfile = FileArgument( - 'outfile', help_text=OUTPUT_HELP, required=True) + 'outfile', help_text=OUTPUT_HELP, required=True + ) self._method = StatefulArgument( - 'bootstrap-method', help_text=BOOTSTRAP_HELP, - choices=CHOICES, required=True) + 'bootstrap-method', + help_text=BOOTSTRAP_HELP, + choices=CHOICES, + required=True, + ) self._event_handler.register( 'building-argument-table.iam.create-virtual-mfa-device', - self._add_options) + self._add_options, + ) self._event_handler.register( - 'after-call.iam.CreateVirtualMFADevice', self._save_file) + 'after-call.iam.CreateVirtualMFADevice', self._save_file + ) def _add_options(self, argument_table, **kwargs): argument_table['outfile'] = self._outfile diff -pruN 2.23.6-1/awscli/customizations/iot.py 2.31.35-1/awscli/customizations/iot.py --- 2.23.6-1/awscli/customizations/iot.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/iot.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,6 +22,7 @@ file. This customization adds the follow - ``--public-key-outfile``: keyPair.PublicKey - ``--private-key-outfile``: keyPair.PrivateKey """ + from awscli.customizations.arguments import QueryOutFileArgument @@ -34,19 +35,34 @@ def register_create_keys_and_cert_argume """ after_event = 'after-call.iot.CreateKeysAndCertificate' argument_table['certificate-pem-outfile'] = QueryOutFileArgument( - session=session, name='certificate-pem-outfile', - query='certificatePem', after_call_event=after_event, perm=0o600) + session=session, + name='certificate-pem-outfile', + query='certificatePem', + after_call_event=after_event, + perm=0o600, + ) argument_table['public-key-outfile'] = QueryOutFileArgument( - session=session, name='public-key-outfile', query='keyPair.PublicKey', - after_call_event=after_event, perm=0o600) + session=session, + name='public-key-outfile', + query='keyPair.PublicKey', + after_call_event=after_event, + perm=0o600, + ) argument_table['private-key-outfile'] = QueryOutFileArgument( - session=session, name='private-key-outfile', - query='keyPair.PrivateKey', after_call_event=after_event, perm=0o600) + session=session, + name='private-key-outfile', + query='keyPair.PrivateKey', + after_call_event=after_event, + perm=0o600, + ) def register_create_keys_from_csr_arguments(session, argument_table, **kwargs): """Add certificate-pem-outfile to create-certificate-from-csr""" argument_table['certificate-pem-outfile'] = QueryOutFileArgument( - session=session, name='certificate-pem-outfile', + session=session, + name='certificate-pem-outfile', query='certificatePem', - after_call_event='after-call.iot.CreateCertificateFromCsr', perm=0o600) + after_call_event='after-call.iot.CreateCertificateFromCsr', + perm=0o600, + ) diff -pruN 2.23.6-1/awscli/customizations/iot_data.py 2.31.35-1/awscli/customizations/iot_data.py --- 2.23.6-1/awscli/customizations/iot_data.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/iot_data.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,8 @@ def register_custom_endpoint_note(event_emitter): event_emitter.register_last( - 'doc-description.iot-data', add_custom_endpoint_url_note) + 'doc-description.iot-data', add_custom_endpoint_url_note + ) def add_custom_endpoint_url_note(help_command, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/lightsail/__init__.py 2.31.35-1/awscli/customizations/lightsail/__init__.py --- 2.23.6-1/awscli/customizations/lightsail/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/lightsail/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,9 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.lightsail.push_container_image \ - import PushContainerImage +from awscli.customizations.lightsail.push_container_image import ( + PushContainerImage, +) def initialize(cli): diff -pruN 2.23.6-1/awscli/customizations/lightsail/push_container_image.py 2.31.35-1/awscli/customizations/lightsail/push_container_image.py --- 2.23.6-1/awscli/customizations/lightsail/push_container_image.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/lightsail/push_container_image.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,6 +14,7 @@ import errno import json import logging import subprocess + import awscli from awscli.compat import ignore_user_entered_signals from awscli.customizations.commands import BasicCommand @@ -24,11 +25,12 @@ logger = logging.getLogger(__name__) ERROR_MESSAGE = ( 'The Lightsail Control (lightsailctl) plugin was not found. ', 'To download and install it, see ', - 'https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-install-software' + 'https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-install-software', ) INPUT_VERSION = '1' + class PushContainerImage(BasicCommand): NAME = 'push-container-image' @@ -38,18 +40,11 @@ class PushContainerImage(BasicCommand): { 'name': 'service-name', 'help_text': helptext.SERVICENAME, - 'required': True + 'required': True, }, - { - 'name': 'image', - 'help_text': helptext.IMAGE, - 'required': True - }, - { - 'name': 'label', - 'help_text': helptext.LABEL, - 'required': True - }] + {'name': 'image', 'help_text': helptext.IMAGE, 'required': True}, + {'name': 'label', 'help_text': helptext.LABEL, 'required': True}, + ] def _run_main(self, parsed_args, parsed_globals): payload = self._get_input_request(parsed_args, parsed_globals) @@ -65,24 +60,24 @@ class PushContainerImage(BasicCommand): subprocess.run( ['lightsailctl', '--plugin', '--input-stdin'], input=json.dumps(payload).encode('utf-8'), - check=True) + check=True, + ) return 0 except OSError as ex: if ex.errno == errno.ENOENT: - logger.debug('lightsailctl not found', - exc_info=True) + logger.debug('lightsailctl not found', exc_info=True) raise ValueError(''.join(ERROR_MESSAGE)) def _get_input_request(self, parsed_args, parsed_globals): input_request = { - 'inputVersion' : INPUT_VERSION, + 'inputVersion': INPUT_VERSION, 'operation': 'PushContainerImage', } payload = dict( service=parsed_args.service_name, image=parsed_args.image, - label=parsed_args.label + label=parsed_args.label, ) configuration = {} @@ -105,22 +100,25 @@ class PushContainerImage(BasicCommand): if parsed_globals.profile: configuration['profile'] = parsed_globals.profile elif self._session.get_config_variable('profile'): - configuration['profile'] = \ - self._session.get_config_variable('profile') + configuration['profile'] = self._session.get_config_variable( + 'profile' + ) if parsed_globals.region: configuration['region'] = parsed_globals.region elif self._session.get_config_variable('region'): - configuration['region'] = \ - self._session.get_config_variable('region') + configuration['region'] = self._session.get_config_variable( + 'region' + ) configuration['doNotSignRequest'] = not parsed_globals.sign_request if parsed_globals.ca_bundle: configuration['caBundle'] = parsed_globals.ca_bundle elif self._session.get_config_variable('ca_bundle'): - configuration['caBundle'] = \ - self._session.get_config_variable('ca_bundle') + configuration['caBundle'] = self._session.get_config_variable( + 'ca_bundle' + ) if parsed_globals.read_timeout is not None: configuration['readTimeout'] = parsed_globals.read_timeout diff -pruN 2.23.6-1/awscli/customizations/logs/__init__.py 2.31.35-1/awscli/customizations/logs/__init__.py --- 2.23.6-1/awscli/customizations/logs/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/logs/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,13 +10,15 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.logs.tail import TailCommand from awscli.customizations.logs.startlivetail import StartLiveTailCommand +from awscli.customizations.logs.tail import TailCommand def register_logs_commands(event_emitter): event_emitter.register('building-command-table.logs', inject_tail_command) - event_emitter.register('building-command-table.logs', inject_start_live_tail_command) + event_emitter.register( + 'building-command-table.logs', inject_start_live_tail_command + ) def inject_tail_command(command_table, session, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/logs/startlivetail.py 2.31.35-1/awscli/customizations/logs/startlivetail.py --- 2.23.6-1/awscli/customizations/logs/startlivetail.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/logs/startlivetail.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,30 +10,30 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from enum import Enum -from functools import partial -from threading import Thread import asyncio -import colorama import contextlib import json import re import signal import sys import time +from enum import Enum +from functools import partial +from threading import Thread +import colorama from prompt_toolkit.application import Application, get_app from prompt_toolkit.buffer import Buffer from prompt_toolkit.filters import Condition from prompt_toolkit.formatted_text import ( ANSI, - to_formatted_text, fragment_list_to_text, + to_formatted_text, ) from prompt_toolkit.key_binding import KeyBindings, KeyPressEvent from prompt_toolkit.layout import Layout, Window, WindowAlign -from prompt_toolkit.layout.controls import BufferControl, FormattedTextControl from prompt_toolkit.layout.containers import HSplit, VSplit +from prompt_toolkit.layout.controls import BufferControl, FormattedTextControl from prompt_toolkit.layout.dimension import Dimension from prompt_toolkit.layout.processors import Processor, Transformation @@ -42,7 +42,6 @@ from awscli.customizations.commands impo from awscli.customizations.exceptions import ParamValidationError from awscli.utils import is_a_tty - DESCRIPTION = ( "Starts a Live Tail streaming session for one or more log groups. " "A Live Tail session provides a near real-time streaming of log events " @@ -770,9 +769,9 @@ class InteractiveUI(BaseLiveTailUI): elapsed_time = int( current_time - self._session_metadata.session_start_time ) - hours = "{:02d}".format(elapsed_time // 3600) - minutes = "{:02d}".format((elapsed_time // 60) % 60) - seconds = "{:02d}".format(elapsed_time % 60) + hours = f"{elapsed_time // 3600:02d}" + minutes = f"{(elapsed_time // 60) % 60:02d}" + seconds = f"{elapsed_time % 60:02d}" keyword_count_map = ", ".join( [ value.get_string_to_print() @@ -824,7 +823,9 @@ class InteractiveUI(BaseLiveTailUI): self._application.exit() async def _run_ui(self): - self._application.create_background_task(self._log_events_printer.run()) + self._application.create_background_task( + self._log_events_printer.run() + ) self._application.create_background_task(self._render_metadata()) self._application.create_background_task(self._trim_buffers()) @@ -893,7 +894,7 @@ class LiveTailLogEventsCollector(Thread) def _collect_log_events(self): try: for event in self._response_stream: - if not "sessionUpdate" in event: + if "sessionUpdate" not in event: continue session_update = event["sessionUpdate"] diff -pruN 2.23.6-1/awscli/customizations/logs/tail.py 2.31.35-1/awscli/customizations/logs/tail.py --- 2.23.6-1/awscli/customizations/logs/tail.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/logs/tail.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,23 +10,22 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from collections import defaultdict -from datetime import datetime, timedelta import json import re import time +from collections import defaultdict +from datetime import datetime, timedelta -from botocore.utils import parse_timestamp, datetime2timestamp -from dateutil import tz import colorama +from botocore.utils import datetime2timestamp, parse_timestamp +from dateutil import tz from awscli.compat import get_stdout_text_writer -from awscli.utils import is_a_tty from awscli.customizations.commands import BasicCommand +from awscli.utils import is_a_tty -class BaseLogEventsFormatter(object): - +class BaseLogEventsFormatter: _TIMESTAMP_COLOR = colorama.Fore.GREEN _STREAM_NAME_COLOR = colorama.Fore.CYAN @@ -56,13 +55,14 @@ class ShortLogEventsFormatter(BaseLogEve def display_log_event(self, log_event): log_event = '%s %s' % ( self._format_timestamp(log_event['timestamp']), - log_event['message'] + log_event['message'], ) self._write_log_event(log_event) def _format_timestamp(self, timestamp): return self._color_if_configured( - timestamp.strftime("%Y-%m-%dT%H:%M:%S"), self._TIMESTAMP_COLOR) + timestamp.strftime("%Y-%m-%dT%H:%M:%S"), self._TIMESTAMP_COLOR + ) class DetailedLogEventsFormatter(BaseLogEventsFormatter): @@ -70,15 +70,15 @@ class DetailedLogEventsFormatter(BaseLog log_event = '%s %s %s' % ( self._format_timestamp(log_event['timestamp']), self._color_if_configured( - log_event['logStreamName'], self._STREAM_NAME_COLOR), - log_event['message'] + log_event['logStreamName'], self._STREAM_NAME_COLOR + ), + log_event['message'], ) self._write_log_event(log_event) def _format_timestamp(self, timestamp): return self._color_if_configured( - timestamp.isoformat(timespec='microseconds'), - self._TIMESTAMP_COLOR + timestamp.isoformat(timespec='microseconds'), self._TIMESTAMP_COLOR ) @@ -87,8 +87,9 @@ class PrettyJSONLogEventsFormatter(BaseL log_event = '%s %s %s' % ( self._format_timestamp(log_event['timestamp']), self._color_if_configured( - log_event['logStreamName'], self._STREAM_NAME_COLOR), - self._format_pretty_json(log_event['message']) + log_event['logStreamName'], self._STREAM_NAME_COLOR + ), + self._format_pretty_json(log_event['message']), ) self._write_log_event(log_event) @@ -102,7 +103,8 @@ class PrettyJSONLogEventsFormatter(BaseL def _format_timestamp(self, timestamp): return self._color_if_configured( - timestamp.isoformat(), self._TIMESTAMP_COLOR) + timestamp.isoformat(), self._TIMESTAMP_COLOR + ) class TailCommand(BasicCommand): @@ -139,7 +141,7 @@ class TailCommand(BasicCommand): 'display logs starting five minutes in the past. ' 'Note that multiple units are **not** supported ' '(i.e. ``5h30m``)' - ) + ), }, { 'name': 'follow', @@ -149,7 +151,7 @@ class TailCommand(BasicCommand): 'Whether to continuously poll for new logs. By default, the ' 'command will exit once there are no more logs to display. ' 'To exit from this mode, use Control-C.' - ) + ), }, { 'name': 'format', @@ -169,7 +171,7 @@ class TailCommand(BasicCommand): '
    • json - Pretty print any messages that are entirely JSON.' '
      • ' '
    ' - ) + ), }, { 'name': 'filter-pattern', @@ -179,7 +181,7 @@ class TailCommand(BasicCommand): 'latest/logs/FilterAndPatternSyntax.html">Filter and ' 'Pattern Syntax for details. If not provided, all ' 'the events are matched' - ) + ), }, { 'name': 'log-stream-names', @@ -188,7 +190,7 @@ class TailCommand(BasicCommand): 'The list of stream names to filter logs by. This parameter ' 'cannot be specified when ``--log-stream-name-prefix`` is ' 'also specified.' - ) + ), }, { 'name': 'log-stream-name-prefix', @@ -197,10 +199,8 @@ class TailCommand(BasicCommand): 'with names beginning with this prefix will be returned. This ' 'parameter cannot be specified when ``log-stream-names`` is ' 'also specified.' - ) + ), }, - - ] _FORMAT_TO_FORMATTER_CLS = { 'detailed': DetailedLogEventsFormatter, @@ -210,17 +210,21 @@ class TailCommand(BasicCommand): def _run_main(self, parsed_args, parsed_globals): logs_client = self._session.create_client( - 'logs', region_name=parsed_globals.region, + 'logs', + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) logs_generator = self._get_log_events_generator( - logs_client, parsed_args.follow) + logs_client, parsed_args.follow + ) log_events = logs_generator.iter_log_events( - parsed_args.group_name, start=parsed_args.since, + parsed_args.group_name, + start=parsed_args.since, filter_pattern=parsed_args.filter_pattern, log_stream_names=parsed_args.log_stream_names, - log_stream_name_prefix=parsed_args.log_stream_name_prefix) + log_stream_name_prefix=parsed_args.log_stream_name_prefix, + ) self._output_log_events(parsed_args, parsed_globals, log_events) return 0 @@ -234,7 +238,8 @@ class TailCommand(BasicCommand): def _output_log_events(self, parsed_args, parsed_globals, log_events): output = get_stdout_text_writer() logs_formatter = self._FORMAT_TO_FORMATTER_CLS[parsed_args.format]( - output, colorize=self._should_use_color(parsed_globals)) + output, colorize=self._should_use_color(parsed_globals) + ) for event in log_events: logs_formatter.display_log_event(event) @@ -246,7 +251,7 @@ class TailCommand(BasicCommand): return is_a_tty() -class TimestampUtils(object): +class TimestampUtils: _RELATIVE_TIMESTAMP_REGEX = re.compile( r"(?P\d+)(?Ps|m|h|d|w)$" ) @@ -281,16 +286,26 @@ class TimestampUtils(object): return self._now() + timedelta(seconds=amount * multiplier * -1) -class BaseLogEventsGenerator(object): +class BaseLogEventsGenerator: def __init__(self, client, timestamp_utils): self._client = client self._timestamp_utils = timestamp_utils - def iter_log_events(self, group_name, start=None, filter_pattern=None, - log_stream_names=None, log_stream_name_prefix=None): + def iter_log_events( + self, + group_name, + start=None, + filter_pattern=None, + log_stream_names=None, + log_stream_name_prefix=None, + ): filter_logs_events_kwargs = self._get_filter_logs_events_kwargs( - group_name, start, filter_pattern, log_stream_names, - log_stream_name_prefix) + group_name, + start, + filter_pattern, + log_stream_names, + log_stream_name_prefix, + ) log_events = self._filter_log_events(filter_logs_events_kwargs) for log_event in log_events: self._convert_event_timestamps(log_event) @@ -299,14 +314,15 @@ class BaseLogEventsGenerator(object): def _filter_log_events(self, filter_logs_events_kwargs): raise NotImplementedError('_filter_log_events()') - def _get_filter_logs_events_kwargs(self, group_name, start, - filter_pattern, - log_stream_names, - log_stream_name_prefix): - kwargs = { - 'logGroupName': group_name, - 'interleaved': True - } + def _get_filter_logs_events_kwargs( + self, + group_name, + start, + filter_pattern, + log_stream_names, + log_stream_name_prefix, + ): + kwargs = {'logGroupName': group_name, 'interleaved': True} if start is not None: kwargs['startTime'] = self._timestamp_utils.to_epoch_millis(start) if filter_pattern is not None: @@ -319,9 +335,11 @@ class BaseLogEventsGenerator(object): def _convert_event_timestamps(self, event): event['ingestionTime'] = self._timestamp_utils.to_datetime( - event['ingestionTime']) + event['ingestionTime'] + ) event['timestamp'] = self._timestamp_utils.to_datetime( - event['timestamp']) + event['timestamp'] + ) class NoFollowLogEventsGenerator(BaseLogEventsGenerator): @@ -356,32 +374,39 @@ class FollowLogEventsGenerator(BaseLogEv # Keep only ids of the events with the newest timestamp newest_timestamp = max(event_ids_per_timestamp.keys()) event_ids_per_timestamp = defaultdict( - set, {newest_timestamp: event_ids_per_timestamp[newest_timestamp]} + set, + {newest_timestamp: event_ids_per_timestamp[newest_timestamp]}, ) return event_ids_per_timestamp - def _reset_filter_log_events_params(self, fle_kwargs, event_ids_per_timestamp): + def _reset_filter_log_events_params( + self, fle_kwargs, event_ids_per_timestamp + ): # Remove nextToken and update startTime for the next request # with the timestamp of the newest event if event_ids_per_timestamp: - fle_kwargs['startTime'] = max( - event_ids_per_timestamp.keys() - ) + fle_kwargs['startTime'] = max(event_ids_per_timestamp.keys()) fle_kwargs.pop('nextToken', None) def _do_filter_log_events(self, filter_logs_events_kwargs): event_ids_per_timestamp = defaultdict(set) while True: response = self._client.filter_log_events( - **filter_logs_events_kwargs) + **filter_logs_events_kwargs + ) for event in response['events']: # For the case where we've hit the last page, we will be # reusing the newest timestamp of the received events to keep polling. # This means it is possible that duplicate log events with same timestamp # are returned back which we do not want to yield again. # We only want to yield log events that we have not seen. - if event['eventId'] not in event_ids_per_timestamp[event['timestamp']]: - event_ids_per_timestamp[event['timestamp']].add(event['eventId']) + if ( + event['eventId'] + not in event_ids_per_timestamp[event['timestamp']] + ): + event_ids_per_timestamp[event['timestamp']].add( + event['eventId'] + ) yield event event_ids_per_timestamp = self._get_latest_events_and_timestamp( event_ids_per_timestamp @@ -390,7 +415,6 @@ class FollowLogEventsGenerator(BaseLogEv filter_logs_events_kwargs['nextToken'] = response['nextToken'] else: self._reset_filter_log_events_params( - filter_logs_events_kwargs, - event_ids_per_timestamp + filter_logs_events_kwargs, event_ids_per_timestamp ) self._sleep(self._TIME_TO_SLEEP) diff -pruN 2.23.6-1/awscli/customizations/opsworks.py 2.31.35-1/awscli/customizations/opsworks.py --- 2.23.6-1/awscli/customizations/opsworks.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/opsworks.py 1970-01-01 00:00:00.000000000 +0000 @@ -1,545 +0,0 @@ -# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). You -# may not use this file except in compliance with the License. A copy of -# the License is located at -# -# http://aws.amazon.com/apache2.0/ -# -# or in the "license" file accompanying this file. This file is -# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF -# ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. -import datetime -import json -import logging -import os -import platform -import re -import shlex -import socket -import subprocess -import tempfile -import textwrap - -from botocore.exceptions import ClientError - -from awscli.compat import urlopen, ensure_text_type -from awscli.customizations.commands import BasicCommand -from awscli.customizations.utils import create_client_from_parsed_globals -from awscli.customizations.exceptions import ParamValidationError - - -LOG = logging.getLogger(__name__) - -IAM_USER_POLICY_NAME = "OpsWorks-Instance" -IAM_USER_POLICY_TIMEOUT = datetime.timedelta(minutes=15) -IAM_PATH = '/AWS/OpsWorks/' -IAM_POLICY_ARN = 'arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration' - -HOSTNAME_RE = re.compile(r"^(?!-)[a-z0-9-]{1,63}(?$AGENT_TMP_DIR/opsworks-agent-installer/preconfig <]', - 'help_text': """Either the EC2 instance ID or the hostname of the - instance or machine to be registered with OpsWorks. - Cannot be used together with `--local`."""}, - ] - - def __init__(self, session): - super(OpsWorksRegister, self).__init__(session) - self._stack = None - self._ec2_instance = None - self._prov_params = None - self._use_address = None - self._use_hostname = None - self._name_for_iam = None - self.access_key = None - - def _create_clients(self, args, parsed_globals): - self.iam = self._session.create_client('iam') - self.opsworks = create_client_from_parsed_globals( - self._session, 'opsworks', parsed_globals) - - def _run_main(self, args, parsed_globals): - self._create_clients(args, parsed_globals) - - self.prevalidate_arguments(args) - self.retrieve_stack(args) - self.validate_arguments(args) - self.determine_details(args) - self.create_iam_entities(args) - self.setup_target_machine(args) - return 0 - - def prevalidate_arguments(self, args): - """ - Validates command line arguments before doing anything else. - """ - if not args.target and not args.local: - raise ParamValidationError("One of target or --local is required.") - elif args.target and args.local: - raise ParamValidationError( - "Arguments target and --local are mutually exclusive.") - - if args.local and platform.system() != 'Linux': - raise ParamValidationError( - "Non-Linux instances are not supported by AWS OpsWorks.") - - if args.ssh and (args.username or args.private_key): - raise ParamValidationError( - "Argument --override-ssh cannot be used together with " - "--ssh-username or --ssh-private-key.") - - if args.infrastructure_class == 'ec2': - if args.private_ip: - raise ParamValidationError( - "--override-private-ip is not supported for EC2.") - if args.public_ip: - raise ParamValidationError( - "--override-public-ip is not supported for EC2.") - - if args.infrastructure_class == 'on-premises' and \ - args.use_instance_profile: - raise ParamValidationError( - "--use-instance-profile is only supported for EC2.") - - if args.hostname: - if not HOSTNAME_RE.match(args.hostname): - raise ParamValidationError( - "Invalid hostname: '%s'. Hostnames must consist of " - "letters, digits and dashes only and must not start or " - "end with a dash." % args.hostname) - - def retrieve_stack(self, args): - """ - Retrieves the stack from the API, thereby ensures that it exists. - - Provides `self._stack`, `self._prov_params`, `self._use_address`, and - `self._ec2_instance`. - """ - - LOG.debug("Retrieving stack and provisioning parameters") - self._stack = self.opsworks.describe_stacks( - StackIds=[args.stack_id] - )['Stacks'][0] - self._prov_params = \ - self.opsworks.describe_stack_provisioning_parameters( - StackId=self._stack['StackId'] - ) - - if args.infrastructure_class == 'ec2' and not args.local: - LOG.debug("Retrieving EC2 instance information") - ec2 = self._session.create_client( - 'ec2', region_name=self._stack['Region']) - - # `desc_args` are arguments for the describe_instances call, - # whereas `conditions` is a list of lambdas for further filtering - # on the results of the call. - desc_args = {'Filters': []} - conditions = [] - - # make sure that the platforms (EC2/VPC) and VPC IDs of the stack - # and the instance match - if 'VpcId' in self._stack: - desc_args['Filters'].append( - {'Name': 'vpc-id', 'Values': [self._stack['VpcId']]} - ) - else: - # Cannot search for non-VPC instances directly, thus filter - # afterwards - conditions.append(lambda instance: 'VpcId' not in instance) - - # target may be an instance ID, an IP address, or a name - if INSTANCE_ID_RE.match(args.target): - desc_args['InstanceIds'] = [args.target] - elif IP_ADDRESS_RE.match(args.target): - # Cannot search for either private or public IP at the same - # time, thus filter afterwards - conditions.append( - lambda instance: - instance.get('PrivateIpAddress') == args.target or - instance.get('PublicIpAddress') == args.target) - # also use the given address to connect - self._use_address = args.target - else: - # names are tags - desc_args['Filters'].append( - {'Name': 'tag:Name', 'Values': [args.target]} - ) - - # find all matching instances - instances = [ - i - for r in ec2.describe_instances(**desc_args)['Reservations'] - for i in r['Instances'] - if all(c(i) for c in conditions) - ] - - if not instances: - raise ValueError( - "Did not find any instance matching %s." % args.target) - elif len(instances) > 1: - raise ValueError( - "Found multiple instances matching %s: %s." % ( - args.target, - ", ".join(i['InstanceId'] for i in instances))) - - self._ec2_instance = instances[0] - - def validate_arguments(self, args): - """ - Validates command line arguments using the retrieved information. - """ - - if args.hostname: - instances = self.opsworks.describe_instances( - StackId=self._stack['StackId'] - )['Instances'] - if any(args.hostname.lower() == instance['Hostname'] - for instance in instances): - raise ValueError( - "Invalid hostname: '%s'. Hostnames must be unique within " - "a stack." % args.hostname) - - if args.infrastructure_class == 'ec2' and args.local: - # make sure the regions match - region = json.loads( - ensure_text_type(urlopen(IDENTITY_URL).read()))['region'] - if region != self._stack['Region']: - raise ValueError( - "The stack's and the instance's region must match.") - - def determine_details(self, args): - """ - Determine details (like the address to connect to and the hostname to - use) from the given arguments and the retrieved data. - - Provides `self._use_address` (if not provided already), - `self._use_hostname` and `self._name_for_iam`. - """ - - # determine the address to connect to - if not self._use_address: - if args.local: - pass - elif args.infrastructure_class == 'ec2': - if 'PublicIpAddress' in self._ec2_instance: - self._use_address = self._ec2_instance['PublicIpAddress'] - elif 'PrivateIpAddress' in self._ec2_instance: - LOG.warning( - "Instance does not have a public IP address. Trying " - "to use the private address to connect.") - self._use_address = self._ec2_instance['PrivateIpAddress'] - else: - # Should never happen - raise ValueError( - "The instance does not seem to have an IP address.") - elif args.infrastructure_class == 'on-premises': - self._use_address = args.target - - # determine the names to use - if args.hostname: - self._use_hostname = args.hostname - self._name_for_iam = args.hostname - elif args.local: - self._use_hostname = None - self._name_for_iam = socket.gethostname() - else: - self._use_hostname = None - self._name_for_iam = args.target - - def create_iam_entities(self, args): - """ - Creates an IAM group, user and corresponding credentials. - - Provides `self.access_key`. - """ - - if args.use_instance_profile: - LOG.debug("Skipping IAM entity creation") - self.access_key = None - return - - LOG.debug("Creating the IAM group if necessary") - group_name = "OpsWorks-%s" % clean_for_iam(self._stack['StackId']) - try: - self.iam.create_group(GroupName=group_name, Path=IAM_PATH) - LOG.debug("Created IAM group %s", group_name) - except ClientError as e: - if e.response.get('Error', {}).get('Code') == 'EntityAlreadyExists': - LOG.debug("IAM group %s exists, continuing", group_name) - # group already exists, good - pass - else: - raise - - # create the IAM user, trying alternatives if it already exists - LOG.debug("Creating an IAM user") - base_username = "OpsWorks-%s-%s" % ( - shorten_name(clean_for_iam(self._stack['Name']), 25), - shorten_name(clean_for_iam(self._name_for_iam), 25) - ) - for try_ in range(20): - username = base_username + ("+%s" % try_ if try_ else "") - try: - self.iam.create_user(UserName=username, Path=IAM_PATH) - except ClientError as e: - if e.response.get('Error', {}).get('Code') == 'EntityAlreadyExists': - LOG.debug( - "IAM user %s already exists, trying another name", - username - ) - # user already exists, try the next one - pass - else: - raise - else: - LOG.debug("Created IAM user %s", username) - break - else: - raise ValueError("Couldn't find an unused IAM user name.") - - LOG.debug("Adding the user to the group and attaching a policy") - self.iam.add_user_to_group(GroupName=group_name, UserName=username) - - try: - self.iam.attach_user_policy( - PolicyArn=IAM_POLICY_ARN, - UserName=username - ) - except ClientError as e: - if e.response.get('Error', {}).get('Code') == 'AccessDenied': - LOG.debug( - "Unauthorized to attach policy %s to user %s. Trying " - "to put user policy", - IAM_POLICY_ARN, - username - ) - self.iam.put_user_policy( - PolicyName=IAM_USER_POLICY_NAME, - PolicyDocument=self._iam_policy_document( - self._stack['Arn'], IAM_USER_POLICY_TIMEOUT), - UserName=username - ) - LOG.debug( - "Put policy %s to user %s", - IAM_USER_POLICY_NAME, - username - ) - else: - raise - else: - LOG.debug( - "Attached policy %s to user %s", - IAM_POLICY_ARN, - username - ) - - LOG.debug("Creating an access key") - self.access_key = self.iam.create_access_key( - UserName=username - )['AccessKey'] - - def setup_target_machine(self, args): - """ - Setups the target machine by copying over the credentials and starting - the installation process. - """ - - remote_script = REMOTE_SCRIPT % { - 'agent_installer_url': - self._prov_params['AgentInstallerUrl'], - 'preconfig': - self._to_ruby_yaml(self._pre_config_document(args)), - 'assets_download_bucket': - self._prov_params['Parameters']['assets_download_bucket'] - } - - if args.local: - LOG.debug("Running the installer locally") - subprocess.check_call(["/bin/sh", "-c", remote_script]) - else: - LOG.debug("Connecting to the target machine to run the installer.") - self.ssh(args, remote_script) - - def ssh(self, args, remote_script): - """ - Runs a (sh) script on a remote machine via SSH. - """ - - if platform.system() == 'Windows': - try: - script_file = tempfile.NamedTemporaryFile("wt", delete=False) - script_file.write(remote_script) - script_file.close() - if args.ssh: - call = args.ssh - else: - call = 'plink' - if args.username: - call += ' -l "%s"' % args.username - if args.private_key: - call += ' -i "%s"' % args.private_key - call += ' "%s"' % self._use_address - call += ' -m' - call += ' "%s"' % script_file.name - - subprocess.check_call(call, shell=True) - finally: - os.remove(script_file.name) - else: - if args.ssh: - call = shlex.split(str(args.ssh)) - else: - call = ['ssh', '-tt'] - if args.username: - call.extend(['-l', args.username]) - if args.private_key: - call.extend(['-i', args.private_key]) - call.append(self._use_address) - - remote_call = ["/bin/sh", "-c", remote_script] - call.append(" ".join(shlex.quote(word) for word in remote_call)) - subprocess.check_call(call) - - def _pre_config_document(self, args): - parameters = dict( - stack_id=self._stack['StackId'], - **self._prov_params["Parameters"] - ) - if self.access_key: - parameters['access_key_id'] = self.access_key['AccessKeyId'] - parameters['secret_access_key'] = \ - self.access_key['SecretAccessKey'] - if self._use_hostname: - parameters['hostname'] = self._use_hostname - if args.private_ip: - parameters['private_ip'] = args.private_ip - if args.public_ip: - parameters['public_ip'] = args.public_ip - parameters['import'] = args.infrastructure_class == 'ec2' - LOG.debug("Using pre-config: %r", parameters) - return parameters - - @staticmethod - def _iam_policy_document(arn, timeout=None): - statement = { - "Action": "opsworks:RegisterInstance", - "Effect": "Allow", - "Resource": arn, - } - if timeout is not None: - valid_until = datetime.datetime.utcnow() + timeout - statement["Condition"] = { - "DateLessThan": { - "aws:CurrentTime": - valid_until.strftime("%Y-%m-%dT%H:%M:%SZ") - } - } - policy_document = { - "Statement": [statement], - "Version": "2012-10-17" - } - return json.dumps(policy_document) - - @staticmethod - def _to_ruby_yaml(parameters): - return "\n".join(":%s: %s" % (k, json.dumps(v)) - for k, v in sorted(parameters.items())) - - -def clean_for_iam(name): - """ - Cleans a name to fit IAM's naming requirements. - """ - - return re.sub(r'[^A-Za-z0-9+=,.@_-]+', '-', name) - - -def shorten_name(name, max_length): - """ - Shortens a name to the given number of characters. - """ - - if len(name) <= max_length: - return name - q, r = divmod(max_length - 3, 2) - return name[:q + r] + "..." + name[-q:] diff -pruN 2.23.6-1/awscli/customizations/opsworkscm.py 2.31.35-1/awscli/customizations/opsworkscm.py --- 2.23.6-1/awscli/customizations/opsworkscm.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/opsworkscm.py 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). You -# may not use this file except in compliance with the License. A copy of -# the License is located at -# -# http://aws.amazon.com/apache2.0/ -# -# or in the "license" file accompanying this file. This file is -# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF -# ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. -from awscli.customizations.utils import alias_command - - -def register_alias_opsworks_cm(event_emitter): - event_emitter.register('building-command-table.main', alias_opsworks_cm) - - -def alias_opsworks_cm(command_table, **kwargs): - alias_command(command_table, 'opsworkscm', 'opsworks-cm') diff -pruN 2.23.6-1/awscli/customizations/paginate.py 2.31.35-1/awscli/customizations/paginate.py --- 2.23.6-1/awscli/customizations/paginate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/paginate.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,13 +23,13 @@ For any operation that can be paginated, * Add a ``--starting-token`` and a ``--max-items`` argument. """ + import logging import sys from functools import partial -from botocore import xform_name +from botocore import model, xform_name from botocore.exceptions import DataNotFoundError -from botocore import model from awscli.arguments import BaseCLIArgument from awscli.customizations.exceptions import ParamValidationError @@ -87,7 +87,8 @@ def get_paginator_config(session, servic return None try: operation_paginator_config = paginator_model.get_paginator( - operation_name) + operation_name + ) except ValueError: return None return operation_paginator_config @@ -100,15 +101,19 @@ def add_paging_description(help_command, return service_name = help_command.obj.service_model.service_name paginator_config = get_paginator_config( - help_command.session, service_name, help_command.obj.name) + help_command.session, service_name, help_command.obj.name + ) if not paginator_config: return help_command.doc.style.new_paragraph() help_command.doc.writeln( - ('``%s`` is a paginated operation. Multiple API calls may be issued ' - 'in order to retrieve the entire data set of results. You can ' - 'disable pagination by providing the ``--no-paginate`` argument.') - % help_command.name) + ( + '``%s`` is a paginated operation. Multiple API calls may be issued ' + 'in order to retrieve the entire data set of results. You can ' + 'disable pagination by providing the ``--no-paginate`` argument.' + ) + % help_command.name + ) # Only include result key information if it is present. if paginator_config.get('result_key'): queries = paginator_config['result_key'] @@ -116,33 +121,48 @@ def add_paging_description(help_command, queries = [queries] queries = ", ".join([('``%s``' % s) for s in queries]) help_command.doc.writeln( - ('When using ``--output text`` and the ``--query`` argument on a ' - 'paginated response, the ``--query`` argument must extract data ' - 'from the results of the following query expressions: %s') - % queries) + ( + 'When using ``--output text`` and the ``--query`` argument on a ' + 'paginated response, the ``--query`` argument must extract data ' + 'from the results of the following query expressions: %s' + ) + % queries + ) -def unify_paging_params(argument_table, operation_model, event_name, - session, **kwargs): +def unify_paging_params( + argument_table, operation_model, event_name, session, **kwargs +): paginator_config = get_paginator_config( - session, operation_model.service_model.service_name, - operation_model.name) + session, + operation_model.service_model.service_name, + operation_model.name, + ) if paginator_config is None: # We only apply these customizations to paginated responses. return - logger.debug("Modifying paging parameters for operation: %s", - operation_model.name) + logger.debug( + "Modifying paging parameters for operation: %s", operation_model.name + ) _remove_existing_paging_arguments(argument_table, paginator_config) - parsed_args_event = event_name.replace('building-argument-table.', - 'operation-args-parsed.') - call_parameters_event = event_name.replace('building-argument-table', - 'calling-command') + parsed_args_event = event_name.replace( + 'building-argument-table.', 'operation-args-parsed.' + ) + call_parameters_event = event_name.replace( + 'building-argument-table', 'calling-command' + ) shadowed_args = {} - add_paging_argument(argument_table, 'starting-token', - PageArgument('starting-token', STARTING_TOKEN_HELP, - parse_type='string', - serialized_name='StartingToken'), - shadowed_args) + add_paging_argument( + argument_table, + 'starting-token', + PageArgument( + 'starting-token', + STARTING_TOKEN_HELP, + parse_type='string', + serialized_name='StartingToken', + ), + shadowed_args, + ) input_members = operation_model.input_shape.members type_name = 'integer' if 'limit_key' in paginator_config: @@ -150,21 +170,38 @@ def unify_paging_params(argument_table, type_name = limit_key_shape.type_name if type_name not in PageArgument.type_map: raise TypeError( - ('Unsupported pagination type {0} for operation {1}' - ' and parameter {2}').format( - type_name, operation_model.name, - paginator_config['limit_key'])) - add_paging_argument(argument_table, 'page-size', - PageArgument('page-size', PAGE_SIZE_HELP, - parse_type=type_name, - serialized_name='PageSize'), - shadowed_args) - - add_paging_argument(argument_table, 'max-items', - PageArgument('max-items', MAX_ITEMS_HELP, - parse_type=type_name, - serialized_name='MaxItems'), - shadowed_args) + ( + 'Unsupported pagination type {0} for operation {1}' + ' and parameter {2}' + ).format( + type_name, + operation_model.name, + paginator_config['limit_key'], + ) + ) + add_paging_argument( + argument_table, + 'page-size', + PageArgument( + 'page-size', + PAGE_SIZE_HELP, + parse_type=type_name, + serialized_name='PageSize', + ), + shadowed_args, + ) + + add_paging_argument( + argument_table, + 'max-items', + PageArgument( + 'max-items', + MAX_ITEMS_HELP, + parse_type=type_name, + serialized_name='MaxItems', + ), + shadowed_args, + ) # We will register two pagination handlers. # # The first is focused on analyzing the CLI arguments passed to see @@ -179,13 +216,20 @@ def unify_paging_params(argument_table, # directly and this bypasses all of the CLI args processing. session.register( parsed_args_event, - partial(check_should_enable_pagination, - list(_get_all_cli_input_tokens(paginator_config)), - shadowed_args, argument_table)) + partial( + check_should_enable_pagination, + list(_get_all_cli_input_tokens(paginator_config)), + shadowed_args, + argument_table, + ), + ) session.register( call_parameters_event, - partial(check_should_enable_pagination_call_parameters, - list(_get_all_input_tokens(paginator_config)))) + partial( + check_should_enable_pagination_call_parameters, + list(_get_all_input_tokens(paginator_config)), + ), + ) def add_paging_argument(argument_table, arg_name, argument, shadowed_args): @@ -199,17 +243,27 @@ def add_paging_argument(argument_table, argument_table[arg_name] = argument -def check_should_enable_pagination(input_tokens, shadowed_args, argument_table, - parsed_args, parsed_globals, **kwargs): +def check_should_enable_pagination( + input_tokens, + shadowed_args, + argument_table, + parsed_args, + parsed_globals, + **kwargs, +): normalized_paging_args = ['start_token', 'max_items'] for token in input_tokens: py_name = token.replace('-', '_') - if getattr(parsed_args, py_name) is not None and \ - py_name not in normalized_paging_args: + if ( + getattr(parsed_args, py_name) is not None + and py_name not in normalized_paging_args + ): # The user has specified a manual (undocumented) pagination arg. # We need to automatically turn pagination off. - logger.debug("User has specified a manual pagination arg. " - "Automatically setting --no-paginate.") + logger.debug( + "User has specified a manual pagination arg. " + "Automatically setting --no-paginate." + ) parsed_globals.paginate = False if not parsed_globals.paginate: @@ -229,12 +283,16 @@ def check_should_enable_pagination(input def ensure_paging_params_not_set(parsed_args, shadowed_args): paging_params = ['starting_token', 'page_size', 'max_items'] shadowed_params = [p.replace('-', '_') for p in shadowed_args.keys()] - params_used = [p for p in paging_params if - p not in shadowed_params and getattr(parsed_args, p, None)] + params_used = [ + p + for p in paging_params + if p not in shadowed_params and getattr(parsed_args, p, None) + ] if len(params_used) > 0: converted_params = ', '.join( - ["--" + p.replace('_', '-') for p in params_used]) + ["--" + p.replace('_', '-') for p in params_used] + ) raise ParamValidationError( "Cannot specify --no-paginate along with pagination " "arguments: %s" % converted_params @@ -291,11 +349,14 @@ def _get_cli_name(param_objects, token_n # and would be missed by the processing above. This function gets # called on the calling-command event. def check_should_enable_pagination_call_parameters( - input_tokens, call_parameters, parsed_args, parsed_globals, **kwargs): + input_tokens, call_parameters, parsed_args, parsed_globals, **kwargs +): for param in call_parameters: if param in input_tokens: - logger.debug("User has specified a manual pagination arg. " - "Automatically setting --no-paginate.") + logger.debug( + "User has specified a manual pagination arg. " + "Automatically setting --no-paginate." + ) parsed_globals.paginate = False @@ -317,7 +378,8 @@ class PageArgument(BaseCLIArgument): def _emit_non_positive_max_items_warning(self): uni_print( "warning: Non-positive values for --max-items may result in undefined behavior.\n", - sys.stderr) + sys.stderr, + ) @property def cli_name(self): @@ -340,8 +402,11 @@ class PageArgument(BaseCLIArgument): return self._documentation def add_to_parser(self, parser): - parser.add_argument(self.cli_name, dest=self.py_name, - type=self.type_map[self._parse_type]) + parser.add_argument( + self.cli_name, + dest=self.py_name, + type=self.type_map[self._parse_type], + ) def add_to_params(self, parameters, value): if value is not None: diff -pruN 2.23.6-1/awscli/customizations/putmetricdata.py 2.31.35-1/awscli/customizations/putmetricdata.py --- 2.23.6-1/awscli/customizations/putmetricdata.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/putmetricdata.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,21 +23,32 @@ cloudwatch put-metric-data operation: * --storage-resolution """ + import decimal from awscli.arguments import CustomArgument -from awscli.utils import split_on_commas from awscli.customizations.utils import validate_mutually_exclusive_handler +from awscli.utils import split_on_commas def register_put_metric_data(event_handler): event_handler.register( - 'building-argument-table.cloudwatch.put-metric-data', _promote_args) + 'building-argument-table.cloudwatch.put-metric-data', _promote_args + ) event_handler.register( 'operation-args-parsed.cloudwatch.put-metric-data', validate_mutually_exclusive_handler( - ['metric_data'], ['metric_name', 'timestamp', 'unit', 'value', - 'dimensions', 'statistic_values'])) + ['metric_data'], + [ + 'metric_name', + 'timestamp', + 'unit', + 'value', + 'dimensions', + 'statistic_values', + ], + ), + ) def _promote_args(argument_table, operation_model, **kwargs): @@ -48,25 +59,32 @@ def _promote_args(argument_table, operat argument_table['metric-data'].required = False argument_table['metric-name'] = PutMetricArgument( - 'metric-name', help_text='The name of the metric.') + 'metric-name', help_text='The name of the metric.' + ) argument_table['timestamp'] = PutMetricArgument( - 'timestamp', help_text='The time stamp used for the metric. ' - 'If not specified, the default value is ' - 'set to the time the metric data was ' - 'received.') + 'timestamp', + help_text='The time stamp used for the metric. ' + 'If not specified, the default value is ' + 'set to the time the metric data was ' + 'received.', + ) argument_table['unit'] = PutMetricArgument( - 'unit', help_text='The unit of metric.') + 'unit', help_text='The unit of metric.' + ) argument_table['value'] = PutMetricArgument( - 'value', help_text='The value for the metric. Although the --value ' - 'parameter accepts numbers of type Double, ' - 'Amazon CloudWatch truncates values with very ' - 'large exponents. Values with base-10 exponents ' - 'greater than 126 (1 x 10^126) are truncated. ' - 'Likewise, values with base-10 exponents less ' - 'than -130 (1 x 10^-130) are also truncated.') + 'value', + help_text='The value for the metric. Although the --value ' + 'parameter accepts numbers of type Double, ' + 'Amazon CloudWatch truncates values with very ' + 'large exponents. Values with base-10 exponents ' + 'greater than 126 (1 x 10^126) are truncated. ' + 'Likewise, values with base-10 exponents less ' + 'than -130 (1 x 10^-130) are also truncated.', + ) argument_table['dimensions'] = PutMetricArgument( - 'dimensions', help_text=( + 'dimensions', + help_text=( 'The --dimensions argument further expands ' 'on the identity of a metric using a Name=Value ' 'pair, separated by commas, for example: ' @@ -76,11 +94,12 @@ def _promote_args(argument_table, operat 'where for the same example you would use the format ' '--dimensions Name=InstanceID,Value=i-aaba32d4 ' 'Name=InstanceType,value=m1.small .' - ) + ), ) argument_table['statistic-values'] = PutMetricArgument( - 'statistic-values', help_text='A set of statistical values describing ' - 'the metric.') + 'statistic-values', + help_text='A set of statistical values describing the metric.', + ) metric_data = operation_model.input_shape.members['MetricData'].member storage_resolution = metric_data.members['StorageResolution'] @@ -103,7 +122,9 @@ def insert_first_element(name): parameters[name] = [{}] first_element = parameters[name][0] return func(self, first_element, value) + return _add_to_params + return _wrap_add_to_params diff -pruN 2.23.6-1/awscli/customizations/quicksight.py 2.31.35-1/awscli/customizations/quicksight.py --- 2.23.6-1/awscli/customizations/quicksight.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/quicksight.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,11 +16,13 @@ from awscli.customizations.arguments imp _ASSET_BUNDLE_FILE_DOCSTRING = ( '

    The content of the asset bundle to be uploaded. ' 'To specify the content of a local file use the ' - 'fileb:// prefix. Example: fileb://asset-bundle.zip

    ') + 'fileb:// prefix. Example: fileb://asset-bundle.zip

    ' +) _ASSET_BUNDLE_DOCSTRING_ADDENDUM = ( '

    To specify a local file use ' - '--asset-bundle-import-source-bytes instead.

    ') + '--asset-bundle-import-source-bytes instead.

    ' +) def register_quicksight_asset_bundle_customizations(cli): @@ -31,4 +33,6 @@ def register_quicksight_asset_bundle_cus source_arg_blob_member='Body', new_arg='asset-bundle-import-source-bytes', new_arg_doc_string=_ASSET_BUNDLE_FILE_DOCSTRING, - doc_string_addendum=_ASSET_BUNDLE_DOCSTRING_ADDENDUM)) + doc_string_addendum=_ASSET_BUNDLE_DOCSTRING_ADDENDUM, + ), + ) diff -pruN 2.23.6-1/awscli/customizations/rds.py 2.31.35-1/awscli/customizations/rds.py --- 2.23.6-1/awscli/customizations/rds.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/rds.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,8 +24,7 @@ modify-option-group). """ -from awscli.clidriver import ServiceOperation -from awscli.clidriver import CLIOperationCaller +from awscli.clidriver import CLIOperationCaller, ServiceOperation from awscli.customizations import utils from awscli.customizations.commands import BasicCommand from awscli.customizations.utils import uni_print @@ -33,10 +32,14 @@ from awscli.customizations.utils import def register_rds_modify_split(cli): cli.register('building-command-table.rds', _building_command_table) - cli.register('building-argument-table.rds.add-option-to-option-group', - _rename_add_option) - cli.register('building-argument-table.rds.remove-option-from-option-group', - _rename_remove_option) + cli.register( + 'building-argument-table.rds.add-option-to-option-group', + _rename_add_option, + ) + cli.register( + 'building-argument-table.rds.remove-option-from-option-group', + _rename_remove_option, + ) def register_add_generate_db_auth_token(cli): @@ -49,14 +52,16 @@ def _add_generate_db_auth_token(command_ def _rename_add_option(argument_table, **kwargs): - utils.rename_argument(argument_table, 'options-to-include', - new_name='options') + utils.rename_argument( + argument_table, 'options-to-include', new_name='options' + ) del argument_table['options-to-remove'] def _rename_remove_option(argument_table, **kwargs): - utils.rename_argument(argument_table, 'options-to-remove', - new_name='options') + utils.rename_argument( + argument_table, 'options-to-remove', new_name='options' + ) del argument_table['options-to-include'] @@ -69,15 +74,19 @@ def _building_command_table(command_tabl rds_model = session.get_service_model('rds') modify_operation_model = rds_model.operation_model('ModifyOptionGroup') command_table['add-option-to-option-group'] = ServiceOperation( - parent_name='rds', name='add-option-to-option-group', + parent_name='rds', + name='add-option-to-option-group', operation_caller=CLIOperationCaller(session), session=session, - operation_model=modify_operation_model) + operation_model=modify_operation_model, + ) command_table['remove-option-from-option-group'] = ServiceOperation( - parent_name='rds', name='remove-option-from-option-group', + parent_name='rds', + name='remove-option-from-option-group', session=session, operation_model=modify_operation_model, - operation_caller=CLIOperationCaller(session)) + operation_caller=CLIOperationCaller(session), + ) class GenerateDBAuthTokenCommand(BasicCommand): @@ -86,23 +95,35 @@ class GenerateDBAuthTokenCommand(BasicCo 'Generates an auth token used to connect to a db with IAM credentials.' ) ARG_TABLE = [ - {'name': 'hostname', 'required': True, - 'help_text': 'The hostname of the database to connect to.'}, - {'name': 'port', 'cli_type_name': 'integer', 'required': True, - 'help_text': 'The port number the database is listening on.'}, - {'name': 'username', 'required': True, - 'help_text': 'The username to log in as.'} + { + 'name': 'hostname', + 'required': True, + 'help_text': 'The hostname of the database to connect to.', + }, + { + 'name': 'port', + 'cli_type_name': 'integer', + 'required': True, + 'help_text': 'The port number the database is listening on.', + }, + { + 'name': 'username', + 'required': True, + 'help_text': 'The username to log in as.', + }, ] def _run_main(self, parsed_args, parsed_globals): rds = self._session.create_client( - 'rds', parsed_globals.region, parsed_globals.endpoint_url, - parsed_globals.verify_ssl + 'rds', + parsed_globals.region, + parsed_globals.endpoint_url, + parsed_globals.verify_ssl, ) token = rds.generate_db_auth_token( DBHostname=parsed_args.hostname, Port=parsed_args.port, - DBUsername=parsed_args.username + DBUsername=parsed_args.username, ) uni_print(token) uni_print('\n') diff -pruN 2.23.6-1/awscli/customizations/rekognition.py 2.31.35-1/awscli/customizations/rekognition.py --- 2.23.6-1/awscli/customizations/rekognition.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/rekognition.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,12 +13,15 @@ from awscli.customizations.arguments import NestedBlobArgumentHoister -IMAGE_FILE_DOCSTRING = ('

    The content of the image to be uploaded. ' - 'To specify the content of a local file use the ' - 'fileb:// prefix. ' - 'Example: fileb://image.png

    ') -IMAGE_DOCSTRING_ADDENDUM = ('

    To specify a local file use --%s ' - 'instead.

    ') +IMAGE_FILE_DOCSTRING = ( + '

    The content of the image to be uploaded. ' + 'To specify the content of a local file use the ' + 'fileb:// prefix. ' + 'Example: fileb://image.png

    ' +) +IMAGE_DOCSTRING_ADDENDUM = ( + '

    To specify a local file use --%s instead.

    ' +) FILE_PARAMETER_UPDATES = { @@ -32,10 +35,13 @@ def register_rekognition_detect_labels(c for target, new_param in FILE_PARAMETER_UPDATES.items(): operation, old_param = target.rsplit('.', 1) doc_string_addendum = IMAGE_DOCSTRING_ADDENDUM % new_param - cli.register('building-argument-table.rekognition.%s' % operation, - NestedBlobArgumentHoister( - source_arg=old_param, - source_arg_blob_member='Bytes', - new_arg=new_param, - new_arg_doc_string=IMAGE_FILE_DOCSTRING, - doc_string_addendum=doc_string_addendum)) + cli.register( + 'building-argument-table.rekognition.%s' % operation, + NestedBlobArgumentHoister( + source_arg=old_param, + source_arg_blob_member='Bytes', + new_arg=new_param, + new_arg_doc_string=IMAGE_FILE_DOCSTRING, + doc_string_addendum=doc_string_addendum, + ), + ) diff -pruN 2.23.6-1/awscli/customizations/removals.py 2.31.35-1/awscli/customizations/removals.py --- 2.23.6-1/awscli/customizations/removals.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/removals.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,6 +18,7 @@ This customization removes commands that yet fully supported. """ + import logging from functools import partial @@ -26,52 +27,88 @@ LOG = logging.getLogger(__name__) def register_removals(event_handler): cmd_remover = CommandRemover(event_handler) - cmd_remover.remove(on_event='building-command-table.ses', - remove_commands=['delete-verified-email-address', - 'list-verified-email-addresses', - 'verify-email-address']) - cmd_remover.remove(on_event='building-command-table.ec2', - remove_commands=['import-instance', 'import-volume']) - cmd_remover.remove(on_event='building-command-table.emr', - remove_commands=['run-job-flow', 'describe-job-flows', - 'add-job-flow-steps', - 'terminate-job-flows', - 'list-bootstrap-actions', - 'list-instance-groups', - 'set-termination-protection', - 'set-keep-job-flow-alive-when-no-steps', - 'set-visible-to-all-users', - 'set-unhealthy-node-replacement']) - cmd_remover.remove(on_event='building-command-table.kinesis', - remove_commands=['subscribe-to-shard']) - cmd_remover.remove(on_event='building-command-table.lexv2-runtime', - remove_commands=['start-conversation']) - cmd_remover.remove(on_event='building-command-table.lambda', - remove_commands=['invoke-with-response-stream']) - cmd_remover.remove(on_event='building-command-table.sagemaker-runtime', - remove_commands=['invoke-endpoint-with-response-stream']) - cmd_remover.remove(on_event='building-command-table.bedrock-runtime', - remove_commands=['invoke-model-with-response-stream', - 'converse-stream']) - cmd_remover.remove(on_event='building-command-table.bedrock-agent-runtime', - remove_commands=['invoke-agent', - 'invoke-flow', - 'invoke-inline-agent', - 'optimize-prompt', - 'retrieve-and-generate-stream']) - cmd_remover.remove(on_event='building-command-table.qbusiness', - remove_commands=['chat']) - cmd_remover.remove(on_event='building-command-table.iotsitewise', - remove_commands=['invoke-assistant']) + cmd_remover.remove( + on_event='building-command-table.ses', + remove_commands=[ + 'delete-verified-email-address', + 'list-verified-email-addresses', + 'verify-email-address', + ], + ) + cmd_remover.remove( + on_event='building-command-table.ec2', + remove_commands=['import-instance', 'import-volume'], + ) + cmd_remover.remove( + on_event='building-command-table.emr', + remove_commands=[ + 'run-job-flow', + 'describe-job-flows', + 'add-job-flow-steps', + 'terminate-job-flows', + 'list-bootstrap-actions', + 'list-instance-groups', + 'set-termination-protection', + 'set-keep-job-flow-alive-when-no-steps', + 'set-visible-to-all-users', + 'set-unhealthy-node-replacement', + ], + ) + cmd_remover.remove( + on_event='building-command-table.kinesis', + remove_commands=['subscribe-to-shard'], + ) + cmd_remover.remove( + on_event='building-command-table.lexv2-runtime', + remove_commands=['start-conversation'], + ) + cmd_remover.remove( + on_event='building-command-table.lambda', + remove_commands=['invoke-with-response-stream'], + ) + cmd_remover.remove( + on_event='building-command-table.sagemaker-runtime', + remove_commands=['invoke-endpoint-with-response-stream'], + ) + cmd_remover.remove( + on_event='building-command-table.bedrock-runtime', + remove_commands=[ + 'invoke-model-with-bidirectional-stream', + 'invoke-model-with-response-stream', + 'converse-stream', + ], + ) + cmd_remover.remove( + on_event='building-command-table.bedrock-agent-runtime', + remove_commands=[ + 'invoke-agent', + 'invoke-flow', + 'invoke-inline-agent', + 'optimize-prompt', + 'retrieve-and-generate-stream', + ], + ) + cmd_remover.remove(on_event='building-command-table.bedrock-agentcore', + remove_commands=['invoke-code-interpreter']) + cmd_remover.remove( + on_event='building-command-table.qbusiness', remove_commands=['chat'] + ) + cmd_remover.remove( + on_event='building-command-table.iotsitewise', + remove_commands=['invoke-assistant'], + ) + cmd_remover.remove( + on_event='building-command-table.logs', + remove_commands=['get-log-object'], + ) -class CommandRemover(object): +class CommandRemover: def __init__(self, events): self._events = events def remove(self, on_event, remove_commands): - self._events.register(on_event, - self._create_remover(remove_commands)) + self._events.register(on_event, self._create_remover(remove_commands)) def _create_remover(self, commands_to_remove): return partial(_remove_commands, commands_to_remove=commands_to_remove) @@ -84,5 +121,6 @@ def _remove_commands(command_table, comm LOG.debug("Removing operation: %s", command) del command_table[command] except KeyError: - LOG.warning("Attempting to delete command that does not exist: %s", - command) + LOG.warning( + "Attempting to delete command that does not exist: %s", command + ) diff -pruN 2.23.6-1/awscli/customizations/route53.py 2.31.35-1/awscli/customizations/route53.py --- 2.23.6-1/awscli/customizations/route53.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/route53.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,7 +18,8 @@ def register_create_hosted_zone_doc_fix( # has the necessary documentation. cli.register( 'doc-option.route53.create-hosted-zone.hosted-zone-config', - add_private_zone_note) + add_private_zone_note, + ) def add_private_zone_note(help_command, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/s3/comparator.py 2.31.35-1/awscli/customizations/s3/comparator.py --- 2.23.6-1/awscli/customizations/s3/comparator.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/comparator.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,20 +11,23 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import logging -from awscli.compat import advance_iterator +from awscli.compat import advance_iterator LOG = logging.getLogger(__name__) -class Comparator(object): +class Comparator: """ This class performs all of the comparisons behind the sync operation """ - def __init__(self, file_at_src_and_dest_sync_strategy, - file_not_at_dest_sync_strategy, - file_not_at_src_sync_strategy): + def __init__( + self, + file_at_src_and_dest_sync_strategy, + file_not_at_dest_sync_strategy, + file_not_at_src_sync_strategy, + ): self._sync_strategy = file_at_src_and_dest_sync_strategy self._not_at_dest_sync_strategy = file_not_at_dest_sync_strategy self._not_at_src_sync_strategy = file_not_at_src_sync_strategy @@ -102,26 +105,42 @@ class Comparator(object): elif compare_keys == 'less_than': src_take = True dest_take = False - should_sync = self._not_at_dest_sync_strategy.determine_should_sync(src_file, None) + should_sync = ( + self._not_at_dest_sync_strategy.determine_should_sync( + src_file, None + ) + ) if should_sync: yield src_file elif compare_keys == 'greater_than': src_take = False dest_take = True - should_sync = self._not_at_src_sync_strategy.determine_should_sync(None, dest_file) + should_sync = ( + self._not_at_src_sync_strategy.determine_should_sync( + None, dest_file + ) + ) if should_sync: yield dest_file elif (not src_done) and dest_done: src_take = True - should_sync = self._not_at_dest_sync_strategy.determine_should_sync(src_file, None) + should_sync = ( + self._not_at_dest_sync_strategy.determine_should_sync( + src_file, None + ) + ) if should_sync: yield src_file elif src_done and (not dest_done): dest_take = True - should_sync = self._not_at_src_sync_strategy.determine_should_sync(None, dest_file) + should_sync = ( + self._not_at_src_sync_strategy.determine_should_sync( + None, dest_file + ) + ) if should_sync: yield dest_file else: @@ -135,10 +154,10 @@ class Comparator(object): src_comp_key = src_file.compare_key dest_comp_key = dest_file.compare_key - if (src_comp_key == dest_comp_key): + if src_comp_key == dest_comp_key: return 'equal' - elif (src_comp_key < dest_comp_key): + elif src_comp_key < dest_comp_key: return 'less_than' else: diff -pruN 2.23.6-1/awscli/customizations/s3/factory.py 2.31.35-1/awscli/customizations/s3/factory.py --- 2.23.6-1/awscli/customizations/s3/factory.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/factory.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,18 +15,20 @@ import logging import awscrt.s3 from botocore.client import Config from botocore.httpsession import DEFAULT_CA_BUNDLE -from s3transfer.manager import TransferManager from s3transfer.crt import ( - acquire_crt_s3_process_lock, create_s3_crt_client, - BotocoreCRTRequestSerializer, CRTTransferManager, - BotocoreCRTCredentialsWrapper + BotocoreCRTCredentialsWrapper, + BotocoreCRTRequestSerializer, + CRTTransferManager, + acquire_crt_s3_process_lock, + create_s3_crt_client, ) +from s3transfer.manager import TransferManager from awscli.compat import urlparse from awscli.customizations.s3 import constants -from awscli.customizations.s3.transferconfig import \ - create_transfer_config_from_runtime_config - +from awscli.customizations.s3.transferconfig import ( + create_transfer_config_from_runtime_config, +) LOGGER = logging.getLogger(__name__) @@ -36,9 +38,7 @@ class ClientFactory: self._session = session def create_client(self, params, is_source_client=False): - create_client_kwargs = { - 'verify': params['verify_ssl'] - } + create_client_kwargs = {'verify': params['verify_ssl']} if params.get('sse') == 'aws:kms': create_client_kwargs['config'] = Config(signature_version='s3v4') region = params['region'] @@ -61,22 +61,24 @@ class TransferManagerFactory: self._session = session self._botocore_client_factory = ClientFactory(self._session) - def create_transfer_manager(self, params, runtime_config, - botocore_client=None): + def create_transfer_manager( + self, params, runtime_config, botocore_client=None + ): client_type = self._compute_transfer_client_type( - params, runtime_config) + params, runtime_config + ) if client_type == constants.CRT_TRANSFER_CLIENT: return self._create_crt_transfer_manager(params, runtime_config) else: return self._create_classic_transfer_manager( - params, runtime_config, botocore_client) + params, runtime_config, botocore_client + ) def _compute_transfer_client_type(self, params, runtime_config): if params.get('paths_type') == 's3s3': return constants.CLASSIC_TRANSFER_CLIENT preferred_transfer_client = runtime_config.get( - 'preferred_transfer_client', - constants.AUTO_RESOLVE_TRANSFER_CLIENT + 'preferred_transfer_client', constants.AUTO_RESOLVE_TRANSFER_CLIENT ) if preferred_transfer_client == constants.AUTO_RESOLVE_TRANSFER_CLIENT: return self._resolve_transfer_client_type_for_system() @@ -92,7 +94,7 @@ class TransferManagerFactory: is_running = self._is_crt_client_running_in_other_aws_cli_process() LOGGER.debug( 'S3 CRT client running in different AWS CLI process: %s', - is_running + is_running, ) if not is_running: transfer_client_type = constants.CRT_TRANSFER_CLIENT @@ -114,7 +116,7 @@ class TransferManagerFactory: self._acquire_crt_s3_process_lock() return CRTTransferManager( self._create_crt_client(params, runtime_config), - self._create_crt_request_serializer(params) + self._create_crt_request_serializer(params), ) def _create_crt_client(self, params, runtime_config): @@ -133,8 +135,18 @@ class TransferManagerFactory: create_crt_client_kwargs['part_size'] = multipart_chunksize if params.get('sign_request', True): crt_credentials_provider = self._get_crt_credentials_provider() - create_crt_client_kwargs[ - 'crt_credentials_provider'] = crt_credentials_provider + create_crt_client_kwargs['crt_credentials_provider'] = ( + crt_credentials_provider + ) + fio_options = {} + if (val := runtime_config.get('should_stream')) is not None: + fio_options['should_stream'] = val + if (val := runtime_config.get('disk_throughput')) is not None: + # Convert bytes to gigabits. + fio_options['disk_throughput_gbps'] = val * 8 / 1_000_000_000 + if (val := runtime_config.get('direct_io')) is not None: + fio_options['direct_io'] = val + create_crt_client_kwargs['fio_options'] = fio_options return create_s3_crt_client(**create_crt_client_kwargs) @@ -144,23 +156,27 @@ class TransferManagerFactory: { 'region_name': self._resolve_region(params), 'endpoint_url': params.get('endpoint_url'), - } + }, ) - def _create_classic_transfer_manager(self, params, runtime_config, - client=None): + def _create_classic_transfer_manager( + self, params, runtime_config, client=None + ): if client is None: client = self._botocore_client_factory.create_client(params) transfer_config = create_transfer_config_from_runtime_config( - runtime_config) - transfer_config.max_in_memory_upload_chunks = \ + runtime_config + ) + transfer_config.max_in_memory_upload_chunks = ( self._MAX_IN_MEMORY_CHUNKS - transfer_config.max_in_memory_download_chunks = \ + ) + transfer_config.max_in_memory_download_chunks = ( self._MAX_IN_MEMORY_CHUNKS + ) LOGGER.debug( "Using a multipart threshold of %s and a part size of %s", transfer_config.multipart_threshold, - transfer_config.multipart_chunksize + transfer_config.multipart_chunksize, ) return TransferManager(client, transfer_config) diff -pruN 2.23.6-1/awscli/customizations/s3/fileformat.py 2.31.35-1/awscli/customizations/s3/fileformat.py --- 2.23.6-1/awscli/customizations/s3/fileformat.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/fileformat.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,7 +13,7 @@ import os -class FileFormat(object): +class FileFormat: def format(self, src, dest, parameters): """ This function formats the source and destination @@ -53,9 +53,12 @@ class FileFormat(object): # will take on the name the user specified in the # command line. dest_path, use_src_name = format_table[dest_type](dest_path, dir_op) - files = {'src': {'path': src_path, 'type': src_type}, - 'dest': {'path': dest_path, 'type': dest_type}, - 'dir_op': dir_op, 'use_src_name': use_src_name} + files = { + 'src': {'path': src_path, 'type': src_type}, + 'dest': {'path': dest_path, 'type': dest_type}, + 'dir_op': dir_op, + 'use_src_name': use_src_name, + } return files def local_format(self, path, dir_op): diff -pruN 2.23.6-1/awscli/customizations/s3/filegenerator.py 2.31.35-1/awscli/customizations/s3/filegenerator.py --- 2.23.6-1/awscli/customizations/s3/filegenerator.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/filegenerator.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,17 +11,22 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import os -import sys import stat +import sys +from botocore.exceptions import ClientError from dateutil.parser import parse from dateutil.tz import tzlocal -from botocore.exceptions import ClientError -from awscli.customizations.s3.utils import find_bucket_key, get_file_stat -from awscli.customizations.s3.utils import BucketLister, create_warning, \ - find_dest_path_comp_key, EPOCH_TIME from awscli.compat import queue +from awscli.customizations.s3.utils import ( + EPOCH_TIME, + BucketLister, + create_warning, + find_bucket_key, + find_dest_path_comp_key, + get_file_stat, +) _open = open @@ -57,19 +62,20 @@ def is_readable(path): if os.path.isdir(path): try: os.listdir(path) - except (OSError, IOError): + except OSError: return False else: try: with _open(path, 'r') as fd: pass - except (OSError, IOError): + except OSError: return False return True # This class is provided primarily to provide a detailed error message. + class FileDecodingError(Exception): """Raised when there was an issue decoding the file.""" @@ -84,17 +90,26 @@ class FileDecodingError(Exception): self.file_name = filename self.error_message = ( 'There was an error trying to decode the the file %s in ' - 'directory "%s". \n%s' % (repr(self.file_name), - self.directory, - self.ADVICE) + 'directory "%s". \n%s' + % (repr(self.file_name), self.directory, self.ADVICE) ) super(FileDecodingError, self).__init__(self.error_message) -class FileStat(object): - def __init__(self, src, dest=None, compare_key=None, size=None, - last_update=None, src_type=None, dest_type=None, - operation_name=None, response_data=None): +class FileStat: + def __init__( + self, + src, + dest=None, + compare_key=None, + size=None, + last_update=None, + src_type=None, + dest_type=None, + operation_name=None, + response_data=None, + etag=None, + ): self.src = src self.dest = dest self.compare_key = compare_key @@ -104,9 +119,10 @@ class FileStat(object): self.dest_type = dest_type self.operation_name = operation_name self.response_data = response_data + self.etag = etag -class FileGenerator(object): +class FileGenerator: """ This is a class the creates a generator to yield files based on information returned from the ``FileFormat`` class. It is universal in the sense that @@ -114,8 +130,16 @@ class FileGenerator(object): under the same common prefix. The generator yields corresponding ``FileInfo`` objects to send to a ``Comparator`` or ``S3Handler``. """ - def __init__(self, client, operation_name, follow_symlinks=True, - page_size=None, result_queue=None, request_parameters=None): + + def __init__( + self, + client, + operation_name, + follow_symlinks=True, + page_size=None, + result_queue=None, + request_parameters=None, + ): self._client = client self.operation_name = operation_name self.follow_symlinks = follow_symlinks @@ -141,9 +165,12 @@ class FileGenerator(object): for src_path, extra_information in file_iterator: dest_path, compare_key = find_dest_path_comp_key(files, src_path) file_stat_kwargs = { - 'src': src_path, 'dest': dest_path, 'compare_key': compare_key, - 'src_type': src_type, 'dest_type': dest_type, - 'operation_name': self.operation_name + 'src': src_path, + 'dest': dest_path, + 'compare_key': compare_key, + 'src_type': src_type, + 'dest_type': dest_type, + 'operation_name': self.operation_name, } self._inject_extra_information(file_stat_kwargs, extra_information) yield FileStat(**file_stat_kwargs) @@ -152,6 +179,7 @@ class FileGenerator(object): src_type = file_stat_kwargs['src_type'] file_stat_kwargs['size'] = extra_information['Size'] file_stat_kwargs['last_update'] = extra_information['LastModified'] + file_stat_kwargs['etag'] = extra_information.get('ETag') # S3 objects require the response data retrieved from HeadObject # and ListObject @@ -188,7 +216,8 @@ class FileGenerator(object): names = [] for name in listdir_names: if not self.should_ignore_file_with_decoding_warnings( - path, name): + path, name + ): file_path = join(path, name) if isdir(file_path): name = name + os.path.sep @@ -225,8 +254,9 @@ class FileGenerator(object): warning = create_warning( path=path, error_message="File has an invalid timestamp. Passing epoch " - "time as timestamp.", - skip_file=False) + "time as timestamp.", + skip_file=False, + ) self.result_queue.put(warning) return EPOCH_TIME return update_time @@ -251,8 +281,9 @@ class FileGenerator(object): """ if not isinstance(filename, str): decoding_error = FileDecodingError(dirname, filename) - warning = create_warning(repr(filename), - decoding_error.error_message) + warning = create_warning( + repr(filename), decoding_error.error_message + ) self.result_queue.put(warning) return True path = os.path.join(dirname, filename) @@ -290,10 +321,14 @@ class FileGenerator(object): self.result_queue.put(warning) return True if is_special_file(path): - warning = create_warning(path, - ("File is character special device, " - "block special device, FIFO, or " - "socket.")) + warning = create_warning( + path, + ( + "File is character special device, " + "block special device, FIFO, or " + "socket." + ), + ) self.result_queue.put(warning) return True if not is_readable(path): @@ -318,9 +353,12 @@ class FileGenerator(object): else: lister = BucketLister(self._client) extra_args = self.request_parameters.get('ListObjectsV2', {}) - for key in lister.list_objects(bucket=bucket, prefix=prefix, - page_size=self.page_size, - extra_args=extra_args): + for key in lister.list_objects( + bucket=bucket, + prefix=prefix, + page_size=self.page_size, + extra_args=extra_args, + ): source_path, response_data = key if response_data['Size'] == 0 and source_path.endswith('/'): if self.operation_name == 'delete': @@ -366,4 +404,5 @@ class FileGenerator(object): response['Size'] = int(response.pop('ContentLength')) last_update = parse(response['LastModified']) response['LastModified'] = last_update.astimezone(tzlocal()) + response['ETag'] = response.pop('ETag', None) return s3_path, response diff -pruN 2.23.6-1/awscli/customizations/s3/fileinfo.py 2.31.35-1/awscli/customizations/s3/fileinfo.py --- 2.23.6-1/awscli/customizations/s3/fileinfo.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/fileinfo.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. -class FileInfo(object): +class FileInfo: """This class contains important details related to performing a task. It can perform operations such as ``upload``, ``download``, ``copy``, @@ -38,11 +38,24 @@ class FileInfo(object): from the list of a ListObjects or the response from a HeadObject. It will only be filled if the task was generated from an S3 bucket. """ - def __init__(self, src, dest=None, compare_key=None, size=None, - last_update=None, src_type=None, dest_type=None, - operation_name=None, client=None, parameters=None, - source_client=None, is_stream=False, - associated_response_data=None): + + def __init__( + self, + src, + dest=None, + compare_key=None, + size=None, + last_update=None, + src_type=None, + dest_type=None, + operation_name=None, + client=None, + parameters=None, + source_client=None, + is_stream=False, + associated_response_data=None, + etag=None, + ): self.src = src self.src_type = src_type self.operation_name = operation_name @@ -59,6 +72,7 @@ class FileInfo(object): self.source_client = source_client self.is_stream = is_stream self.associated_response_data = associated_response_data + self.etag = etag def is_glacier_compatible(self): """Determines if a file info object is glacier compatible @@ -82,8 +96,11 @@ class FileInfo(object): def _is_glacier_object(self, response_data): glacier_storage_classes = ['GLACIER', 'DEEP_ARCHIVE'] if response_data: - if response_data.get('StorageClass') in glacier_storage_classes \ - and not self._is_restored(response_data): + if response_data.get( + 'StorageClass' + ) in glacier_storage_classes and not self._is_restored( + response_data + ): return True return False diff -pruN 2.23.6-1/awscli/customizations/s3/fileinfobuilder.py 2.31.35-1/awscli/customizations/s3/fileinfobuilder.py --- 2.23.6-1/awscli/customizations/s3/fileinfobuilder.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/fileinfobuilder.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,13 +13,15 @@ from awscli.customizations.s3.fileinfo import FileInfo -class FileInfoBuilder(object): +class FileInfoBuilder: """ This class takes a ``FileBase`` object's attributes and generates a ``FileInfo`` object so that the operation can be performed. """ - def __init__(self, client, source_client=None, - parameters = None, is_stream=False): + + def __init__( + self, client, source_client=None, parameters=None, is_stream=False + ): self._client = client self._source_client = client if source_client is not None: @@ -45,6 +47,7 @@ class FileInfoBuilder(object): file_info_attr['parameters'] = self._parameters file_info_attr['is_stream'] = self._is_stream file_info_attr['associated_response_data'] = file_base.response_data + file_info_attr['etag'] = file_base.etag # This is a bit quirky. The below conditional hinges on the --delete # flag being set, which only occurs during a sync command. The source @@ -57,8 +60,9 @@ class FileInfoBuilder(object): # issue by swapping clients only in the case of a sync delete since # swapping which client is used in the delete function would then break # moving under s3v4. - if (file_base.operation_name == 'delete' and - self._parameters.get('delete')): + if file_base.operation_name == 'delete' and self._parameters.get( + 'delete' + ): file_info_attr['client'] = self._source_client file_info_attr['source_client'] = self._client else: diff -pruN 2.23.6-1/awscli/customizations/s3/filters.py 2.31.35-1/awscli/customizations/s3/filters.py --- 2.23.6-1/awscli/customizations/s3/filters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/filters.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,13 +10,12 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import logging import fnmatch +import logging import os from awscli.customizations.s3.utils import split_s3_bucket_key - LOG = logging.getLogger(__name__) @@ -28,24 +27,26 @@ def create_filter(parameters): cli_filters = parameters['filters'] real_filters = [] for filter_type, filter_pattern in cli_filters: - real_filters.append((filter_type.lstrip('-'), - filter_pattern)) + real_filters.append((filter_type.lstrip('-'), filter_pattern)) source_location = parameters['src'] if source_location.startswith('s3://'): # This gives us (bucket, keyname) and we want # the bucket to be the root dir. - src_rootdir = _get_s3_root(source_location, - parameters['dir_op']) + src_rootdir = _get_s3_root(source_location, parameters['dir_op']) else: - src_rootdir = _get_local_root(parameters['src'], parameters['dir_op']) + src_rootdir = _get_local_root( + parameters['src'], parameters['dir_op'] + ) destination_location = parameters['dest'] if destination_location.startswith('s3://'): - dst_rootdir = _get_s3_root(parameters['dest'], - parameters['dir_op']) + dst_rootdir = _get_s3_root( + parameters['dest'], parameters['dir_op'] + ) else: - dst_rootdir = _get_local_root(parameters['dest'], - parameters['dir_op']) + dst_rootdir = _get_local_root( + parameters['dest'], parameters['dir_op'] + ) return Filter(real_filters, src_rootdir, dst_rootdir) else: @@ -73,10 +74,11 @@ def _get_local_root(source_location, dir return rootdir -class Filter(object): +class Filter: """ This is a universal exclude/include filter. """ + def __init__(self, patterns, rootdir, dst_rootdir): """ :var patterns: A list of patterns. A pattern consists of a list @@ -100,7 +102,8 @@ class Filter(object): full_patterns = [] for pattern in original_patterns: full_patterns.append( - (pattern[0], os.path.join(rootdir, pattern[1]))) + (pattern[0], os.path.join(rootdir, pattern[1])) + ) return full_patterns def call(self, file_infos): @@ -122,11 +125,16 @@ class Filter(object): current_file_status = self._match_pattern(pattern, file_info) if current_file_status is not None: file_status = current_file_status - dst_current_file_status = self._match_pattern(dst_pattern, file_info) + dst_current_file_status = self._match_pattern( + dst_pattern, file_info + ) if dst_current_file_status is not None: file_status = dst_current_file_status - LOG.debug("=%s final filtered status, should_include: %s", - file_path, file_status[1]) + LOG.debug( + "=%s final filtered status, should_include: %s", + file_path, + file_status[1], + ) if file_status[1]: yield file_info @@ -141,13 +149,15 @@ class Filter(object): is_match = fnmatch.fnmatch(file_path, path_pattern) if is_match and pattern_type == 'include': file_status = (file_info, True) - LOG.debug("%s matched include filter: %s", - file_path, path_pattern) + LOG.debug("%s matched include filter: %s", file_path, path_pattern) elif is_match and pattern_type == 'exclude': file_status = (file_info, False) - LOG.debug("%s matched exclude filter: %s", - file_path, path_pattern) + LOG.debug("%s matched exclude filter: %s", file_path, path_pattern) else: - LOG.debug("%s did not match %s filter: %s", - file_path, pattern_type, path_pattern) + LOG.debug( + "%s did not match %s filter: %s", + file_path, + pattern_type, + path_pattern, + ) return file_status diff -pruN 2.23.6-1/awscli/customizations/s3/results.py 2.31.35-1/awscli/customizations/s3/results.py --- 2.23.6-1/awscli/customizations/s3/results.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/results.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,24 +10,19 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from __future__ import division import logging import sys import threading import time -from collections import namedtuple -from collections import defaultdict +from collections import defaultdict, namedtuple -from s3transfer.exceptions import CancelledError -from s3transfer.exceptions import FatalError +from s3transfer.exceptions import CancelledError, FatalError from s3transfer.subscribers import BaseSubscriber -from awscli.compat import queue, ensure_text_type -from awscli.customizations.s3.utils import human_readable_size -from awscli.customizations.utils import uni_print -from awscli.customizations.s3.utils import WarningResult +from awscli.compat import ensure_text_type, queue from awscli.customizations.s3.subscribers import OnDoneFilteredSubscriber - +from awscli.customizations.s3.utils import WarningResult, human_readable_size +from awscli.customizations.utils import uni_print LOGGER = logging.getLogger(__name__) @@ -51,8 +46,8 @@ def _create_new_result_cls(name, extra_f QueuedResult = _create_new_result_cls('QueuedResult', ['total_transfer_size']) ProgressResult = _create_new_result_cls( - 'ProgressResult', ['bytes_transferred', 'total_transfer_size', - 'timestamp']) + 'ProgressResult', ['bytes_transferred', 'total_transfer_size', 'timestamp'] +) SuccessResult = _create_new_result_cls('SuccessResult') @@ -65,13 +60,15 @@ ErrorResult = namedtuple('ErrorResult', CtrlCResult = _create_new_result_cls('CtrlCResult', base_cls=ErrorResult) CommandResult = namedtuple( - 'CommandResult', ['num_tasks_failed', 'num_tasks_warned']) + 'CommandResult', ['num_tasks_failed', 'num_tasks_warned'] +) FinalTotalSubmissionsResult = namedtuple( - 'FinalTotalSubmissionsResult', ['total_submissions']) + 'FinalTotalSubmissionsResult', ['total_submissions'] +) -class ShutdownThreadRequest(object): +class ShutdownThreadRequest: pass @@ -91,7 +88,7 @@ class QueuedResultSubscriber(BaseResultS transfer_type=self._transfer_type, src=self._src, dest=self._dest, - total_transfer_size=self._size + total_transfer_size=self._size, ) ) @@ -105,7 +102,7 @@ class ProgressResultSubscriber(BaseResul dest=self._dest, bytes_transferred=bytes_transferred, timestamp=time.time(), - total_transfer_size=self._size + total_transfer_size=self._size, ) ) @@ -137,14 +134,16 @@ class DoneResultSubscriber(BaseResultSub ) -class BaseResultHandler(object): +class BaseResultHandler: """Base handler class to be called in the ResultProcessor""" + def __call__(self, result): raise NotImplementedError('__call__()') class ResultRecorder(BaseResultHandler): """Records and track transfer statistics based on results received""" + def __init__(self): self.bytes_transferred = 0 self.bytes_failed_to_transfer = 0 @@ -175,26 +174,27 @@ class ResultRecorder(BaseResultHandler): def expected_totals_are_final(self): return ( - self.final_expected_files_transferred == - self.expected_files_transferred + self.final_expected_files_transferred + == self.expected_files_transferred ) def __call__(self, result): """Record the result of an individual Result object""" self._result_handler_map.get(type(result), self._record_noop)( - result=result) + result=result + ) def _get_ongoing_dict_key(self, result): if not isinstance(result, BaseResult): raise ValueError( 'Any result using _get_ongoing_dict_key must subclass from ' - 'BaseResult. Provided result is of type: %s' % type(result) + f'BaseResult. Provided result is of type: {type(result)}' ) key_parts = [] for result_property in [result.transfer_type, result.src, result.dest]: if result_property is not None: key_parts.append(ensure_text_type(result_property)) - return u':'.join(key_parts) + return ':'.join(key_parts) def _pop_result_from_ongoing_dicts(self, result): ongoing_key = self._get_ongoing_dict_key(result) @@ -210,8 +210,9 @@ class ResultRecorder(BaseResultHandler): if self.start_time is None: self.start_time = time.time() total_transfer_size = result.total_transfer_size - self._ongoing_total_sizes[ - self._get_ongoing_dict_key(result)] = total_transfer_size + self._ongoing_total_sizes[self._get_ongoing_dict_key(result)] = ( + total_transfer_size + ) # The total transfer size can be None if we do not know the size # immediately so do not add to the total right away. if total_transfer_size: @@ -221,8 +222,9 @@ class ResultRecorder(BaseResultHandler): def _record_progress_result(self, result, **kwargs): bytes_transferred = result.bytes_transferred self._update_ongoing_transfer_size_if_unknown(result) - self._ongoing_progress[ - self._get_ongoing_dict_key(result)] += bytes_transferred + self._ongoing_progress[self._get_ongoing_dict_key(result)] += ( + bytes_transferred + ) self.bytes_transferred += bytes_transferred # Since the start time is captured in the result recorder and # capture timestamps in the subscriber, there is a chance that if @@ -233,7 +235,8 @@ class ResultRecorder(BaseResultHandler): # negative progress being displayed or zero division occurring. if result.timestamp > self.start_time: self.bytes_transfer_speed = self.bytes_transferred / ( - result.timestamp - self.start_time) + result.timestamp - self.start_time + ) def _update_ongoing_transfer_size_if_unknown(self, result): # This is a special case when the transfer size was previous not @@ -270,7 +273,8 @@ class ResultRecorder(BaseResultHandler): # the count for bytes transferred by just adding on the remaining bytes # that did not get transferred. total_progress, total_file_size = self._pop_result_from_ongoing_dicts( - result) + result + ) if total_file_size is not None: progress_left = total_file_size - total_progress self.bytes_failed_to_transfer += progress_left @@ -299,27 +303,26 @@ class ResultPrinter(BaseResultHandler): FILE_PROGRESS_FORMAT = ( 'Completed {files_completed} file(s) with ' + _FILES_REMAINING ) - SUCCESS_FORMAT = ( - u'{transfer_type}: {transfer_location}' - ) - DRY_RUN_FORMAT = u'(dryrun) ' + SUCCESS_FORMAT - FAILURE_FORMAT = ( - u'{transfer_type} failed: {transfer_location} {exception}' - ) + SUCCESS_FORMAT = '{transfer_type}: {transfer_location}' + DRY_RUN_FORMAT = '(dryrun) ' + SUCCESS_FORMAT + FAILURE_FORMAT = '{transfer_type} failed: {transfer_location} {exception}' # TODO: Add "warning: " prefix once all commands are converted to using # result printer and remove "warning: " prefix from ``create_warning``. - WARNING_FORMAT = ( - u'{message}' - ) - ERROR_FORMAT = ( - u'fatal error: {exception}' - ) + WARNING_FORMAT = '{message}' + ERROR_FORMAT = 'fatal error: {exception}' CTRL_C_MSG = 'cancelled: ctrl-c received' - SRC_DEST_TRANSFER_LOCATION_FORMAT = u'{src} to {dest}' - SRC_TRANSFER_LOCATION_FORMAT = u'{src}' + SRC_DEST_TRANSFER_LOCATION_FORMAT = '{src} to {dest}' + SRC_TRANSFER_LOCATION_FORMAT = '{src}' - def __init__(self, result_recorder, out_file=None, error_file=None): + def __init__( + self, + result_recorder, + out_file=None, + error_file=None, + frequency=0, + oneline=True, + ): """Prints status of ongoing transfer :type result_recorder: ResultRecorder @@ -332,9 +335,22 @@ class ResultPrinter(BaseResultHandler): :type error_file: file-like obj :param error_file: Location to write warnings and errors. By default, the location is sys.stderr. + + :type frequency: int + :param frequency: Frequency in seconds to print progress. + By default, prints progress in real time. + + :type oneline: boolean + :param oneline: Indicates if progress should be on one line. + By default, prints progress on one line, overwriting previous + progress message. Setting to False prints each progress + message on a new line. + """ self._result_recorder = result_recorder self._out_file = out_file + self._frequency = frequency + self._first = True if self._out_file is None: self._out_file = sys.stdout self._error_file = error_file @@ -349,14 +365,16 @@ class ResultPrinter(BaseResultHandler): ErrorResult: self._print_error, CtrlCResult: self._print_ctrl_c, DryRunResult: self._print_dry_run, - FinalTotalSubmissionsResult: - self._clear_progress_if_no_more_expected_transfers, + FinalTotalSubmissionsResult: self._clear_progress_if_no_more_expected_transfers, } + self._now = time.time() + self._oneline = oneline def __call__(self, result): """Print the progress of the ongoing transfer based on a result""" self._result_handler_map.get(type(result), self._print_noop)( - result=result) + result=result + ) def _print_noop(self, **kwargs): # If the result does not have a handler, then do nothing with it. @@ -365,7 +383,7 @@ class ResultPrinter(BaseResultHandler): def _print_dry_run(self, result, **kwargs): statement = self.DRY_RUN_FORMAT.format( transfer_type=result.transfer_type, - transfer_location=self._get_transfer_location(result) + transfer_location=self._get_transfer_location(result), ) statement = self._adjust_statement_padding(statement) self._print_to_out_file(statement) @@ -373,7 +391,7 @@ class ResultPrinter(BaseResultHandler): def _print_success(self, result, **kwargs): success_statement = self.SUCCESS_FORMAT.format( transfer_type=result.transfer_type, - transfer_location=self._get_transfer_location(result) + transfer_location=self._get_transfer_location(result), ) success_statement = self._adjust_statement_padding(success_statement) self._print_to_out_file(success_statement) @@ -383,7 +401,7 @@ class ResultPrinter(BaseResultHandler): failure_statement = self.FAILURE_FORMAT.format( transfer_type=result.transfer_type, transfer_location=self._get_transfer_location(result), - exception=result.exception + exception=result.exception, ) failure_statement = self._adjust_statement_padding(failure_statement) self._print_to_error_file(failure_statement) @@ -397,7 +415,8 @@ class ResultPrinter(BaseResultHandler): def _print_error(self, result, **kwargs): self._flush_error_statement( - self.ERROR_FORMAT.format(exception=result.exception)) + self.ERROR_FORMAT.format(exception=result.exception) + ) def _print_ctrl_c(self, result, **kwargs): self._flush_error_statement(self.CTRL_C_MSG) @@ -410,7 +429,8 @@ class ResultPrinter(BaseResultHandler): if result.dest is None: return self.SRC_TRANSFER_LOCATION_FORMAT.format(src=result.src) return self.SRC_DEST_TRANSFER_LOCATION_FORMAT.format( - src=result.src, dest=result.dest) + src=result.src, dest=result.dest + ) def _redisplay_progress(self): # Reset to zero because done statements are printed with new lines @@ -423,57 +443,89 @@ class ResultPrinter(BaseResultHandler): if self._has_remaining_progress(): self._print_progress() + def _should_print_progress_now(self): + """Check to see if should print progres based on frequency. + + Will only return true if its the first time or enough time has elapsed + since the last time printing. + """ + + if ( + self._first + or (self._frequency == 0) + or (time.time() - self._now >= self._frequency) + ): + self._now = time.time() + self._first = False + return True + + return False + def _print_progress(self, **kwargs): # Get all of the statistics in the correct form. + remaining_files = self._get_expected_total( - str(self._result_recorder.expected_files_transferred - - self._result_recorder.files_transferred) + str( + self._result_recorder.expected_files_transferred + - self._result_recorder.files_transferred + ) ) # Create the display statement. if self._result_recorder.expected_bytes_transferred > 0: bytes_completed = human_readable_size( - self._result_recorder.bytes_transferred + - self._result_recorder.bytes_failed_to_transfer + self._result_recorder.bytes_transferred + + self._result_recorder.bytes_failed_to_transfer ) expected_bytes_completed = self._get_expected_total( human_readable_size( - self._result_recorder.expected_bytes_transferred)) + self._result_recorder.expected_bytes_transferred + ) + ) - transfer_speed = human_readable_size( - self._result_recorder.bytes_transfer_speed) + '/s' + transfer_speed = ( + human_readable_size(self._result_recorder.bytes_transfer_speed) + + '/s' + ) progress_statement = self.BYTE_PROGRESS_FORMAT.format( bytes_completed=bytes_completed, expected_bytes_completed=expected_bytes_completed, transfer_speed=transfer_speed, - remaining_files=remaining_files + remaining_files=remaining_files, ) else: # We're not expecting any bytes to be transferred, so we should # only print of information about number of files transferred. progress_statement = self.FILE_PROGRESS_FORMAT.format( files_completed=self._result_recorder.files_transferred, - remaining_files=remaining_files + remaining_files=remaining_files, ) if not self._result_recorder.expected_totals_are_final(): progress_statement += self._STILL_CALCULATING_TOTALS - # Make sure that it overrides any previous progress bar. - progress_statement = self._adjust_statement_padding( - progress_statement, ending_char='\r') - # We do not want to include the carriage return in this calculation - # as progress length is used for determining whitespace padding. - # So we subtract one off of the length. - self._progress_length = len(progress_statement) - 1 - + if self._oneline: + # Make sure that it overrides any previous progress bar. + progress_statement = self._adjust_statement_padding( + progress_statement, ending_char='\r' + ) + # We do not want to include the carriage return in this calculation + # as progress length is used for determining whitespace padding. + # So we subtract one off of the length. + self._progress_length = len(progress_statement) - 1 + else: + progress_statement = self._adjust_statement_padding( + progress_statement, ending_char='\n' + ) # Print the progress out. - self._print_to_out_file(progress_statement) + if self._should_print_progress_now(): + self._print_to_out_file(progress_statement) def _get_expected_total(self, expected_total): if not self._result_recorder.expected_totals_are_final(): return self._ESTIMATED_EXPECTED_TOTAL.format( - expected_total=expected_total) + expected_total=expected_total + ) return expected_total def _adjust_statement_padding(self, print_statement, ending_char='\n'): @@ -500,12 +552,14 @@ class ResultPrinter(BaseResultHandler): class NoProgressResultPrinter(ResultPrinter): """A result printer that doesn't print progress""" + def _print_progress(self, **kwargs): pass class OnlyShowErrorsResultPrinter(ResultPrinter): """A result printer that only prints out errors""" + def _print_progress(self, **kwargs): pass @@ -537,7 +591,8 @@ class ResultProcessor(threading.Thread): if isinstance(result, ShutdownThreadRequest): LOGGER.debug( 'Shutdown request received in result processing ' - 'thread, shutting down result thread.') + 'thread, shutting down result thread.' + ) break if self._result_handlers_enabled: self._process_result(result) @@ -558,10 +613,14 @@ class ResultProcessor(threading.Thread): except Exception as e: LOGGER.debug( 'Error processing result %s with handler %s: %s', - result, result_handler, e, exc_info=True) + result, + result_handler, + e, + exc_info=True, + ) -class CommandResultRecorder(object): +class CommandResultRecorder: def __init__(self, result_queue, result_recorder, result_processor): """Records the result for an entire command @@ -600,7 +659,7 @@ class CommandResultRecorder(object): """ return CommandResult( self._result_recorder.files_failed + self._result_recorder.errors, - self._result_recorder.files_warned + self._result_recorder.files_warned, ) def notify_total_submissions(self, total): @@ -612,8 +671,11 @@ class CommandResultRecorder(object): def __exit__(self, exc_type, exc_value, *args): if exc_type: - LOGGER.debug('Exception caught during command execution: %s', - exc_value, exc_info=True) + LOGGER.debug( + 'Exception caught during command execution: %s', + exc_value, + exc_info=True, + ) self.result_queue.put(ErrorResult(exception=exc_value)) self.shutdown() return True diff -pruN 2.23.6-1/awscli/customizations/s3/s3.py 2.31.35-1/awscli/customizations/s3/s3.py --- 2.23.6-1/awscli/customizations/s3/s3.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/s3.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,11 +12,20 @@ # language governing permissions and limitations under the License. from awscli.customizations import utils from awscli.customizations.commands import BasicCommand -from awscli.customizations.s3.subcommands import ListCommand, WebsiteCommand, \ - CpCommand, MvCommand, RmCommand, SyncCommand, MbCommand, RbCommand, \ - PresignCommand -from awscli.customizations.s3.syncstrategy.register import \ - register_sync_strategies +from awscli.customizations.s3.subcommands import ( + CpCommand, + ListCommand, + MbCommand, + MvCommand, + PresignCommand, + RbCommand, + RmCommand, + SyncCommand, + WebsiteCommand, +) +from awscli.customizations.s3.syncstrategy.register import ( + register_sync_strategies, +) def awscli_initialize(cli): diff -pruN 2.23.6-1/awscli/customizations/s3/s3handler.py 2.31.35-1/awscli/customizations/s3/s3handler.py --- 2.23.6-1/awscli/customizations/s3/s3handler.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/s3handler.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,40 +15,51 @@ import os from s3transfer.manager import TransferManager -from awscli.customizations.s3.utils import ( - human_readable_size, MAX_UPLOAD_SIZE, find_bucket_key, relative_path, - create_warning, NonSeekableStream) -from awscli.customizations.s3.transferconfig import \ - create_transfer_config_from_runtime_config -from awscli.customizations.s3.results import QueuedResultSubscriber -from awscli.customizations.s3.results import ProgressResultSubscriber -from awscli.customizations.s3.results import DoneResultSubscriber -from awscli.customizations.s3.results import QueuedResult -from awscli.customizations.s3.results import SuccessResult -from awscli.customizations.s3.results import FailureResult -from awscli.customizations.s3.results import DryRunResult -from awscli.customizations.s3.results import ResultRecorder -from awscli.customizations.s3.results import ResultPrinter -from awscli.customizations.s3.results import OnlyShowErrorsResultPrinter -from awscli.customizations.s3.results import NoProgressResultPrinter -from awscli.customizations.s3.results import ResultProcessor -from awscli.customizations.s3.results import CommandResultRecorder -from awscli.customizations.s3.utils import RequestParamsMapper -from awscli.customizations.s3.utils import StdoutBytesWriter +from awscli.compat import get_binary_stdin +from awscli.customizations.s3.results import ( + CommandResultRecorder, + DoneResultSubscriber, + DryRunResult, + FailureResult, + NoProgressResultPrinter, + OnlyShowErrorsResultPrinter, + ProgressResultSubscriber, + QueuedResult, + QueuedResultSubscriber, + ResultPrinter, + ResultProcessor, + ResultRecorder, + SuccessResult, +) from awscli.customizations.s3.subscribers import ( - ProvideSizeSubscriber, ProvideUploadContentTypeSubscriber, + CopyPropsSubscriberFactory, + DeleteCopySourceObjectSubscriber, + DeleteSourceFileSubscriber, + DeleteSourceObjectSubscriber, + DirectoryCreatorSubscriber, + ProvideETagSubscriber, ProvideLastModifiedTimeSubscriber, - CopyPropsSubscriberFactory, DirectoryCreatorSubscriber, - DeleteSourceFileSubscriber, DeleteSourceObjectSubscriber, - DeleteCopySourceObjectSubscriber + ProvideSizeSubscriber, + ProvideUploadContentTypeSubscriber, +) +from awscli.customizations.s3.transferconfig import ( + create_transfer_config_from_runtime_config, +) +from awscli.customizations.s3.utils import ( + MAX_UPLOAD_SIZE, + NonSeekableStream, + RequestParamsMapper, + StdoutBytesWriter, + create_warning, + find_bucket_key, + human_readable_size, + relative_path, ) -from awscli.compat import get_binary_stdin - LOGGER = logging.getLogger(__name__) -class S3TransferHandlerFactory(object): +class S3TransferHandlerFactory: def __init__(self, cli_params): """Factory for S3TransferHandlers @@ -73,12 +84,15 @@ class S3TransferHandlerFactory(object): result_processor_handlers = [result_recorder] self._add_result_printer(result_recorder, result_processor_handlers) result_processor = ResultProcessor( - result_queue, result_processor_handlers) + result_queue, result_processor_handlers + ) command_result_recorder = CommandResultRecorder( - result_queue, result_recorder, result_processor) + result_queue, result_recorder, result_processor + ) return S3TransferHandler( - transfer_manager, self._cli_params, command_result_recorder) + transfer_manager, self._cli_params, command_result_recorder + ) def _add_result_printer(self, result_recorder, result_processor_handlers): if self._cli_params.get('quiet'): @@ -90,11 +104,15 @@ class S3TransferHandlerFactory(object): elif not self._cli_params.get('progress'): result_printer = NoProgressResultPrinter(result_recorder) else: - result_printer = ResultPrinter(result_recorder) + result_printer = ResultPrinter( + result_recorder, + frequency=self._cli_params.get('progress_frequency'), + oneline=not self._cli_params.get('progress_multiline'), + ) result_processor_handlers.append(result_printer) -class S3TransferHandler(object): +class S3TransferHandler: def __init__(self, transfer_manager, cli_params, result_command_recorder): """Backend for performing S3 transfers @@ -119,8 +137,9 @@ class S3TransferHandler(object): self._result_command_recorder = result_command_recorder submitter_args = ( - self._transfer_manager, self._result_command_recorder.result_queue, - cli_params + self._transfer_manager, + self._result_command_recorder.result_queue, + cli_params, ) self._submitters = [ UploadStreamRequestSubmitter(*submitter_args), @@ -129,7 +148,7 @@ class S3TransferHandler(object): DownloadRequestSubmitter(*submitter_args), CopyRequestSubmitter(*submitter_args), DeleteRequestSubmitter(*submitter_args), - LocalDeleteRequestSubmitter(*submitter_args) + LocalDeleteRequestSubmitter(*submitter_args), ] def call(self, fileinfos): @@ -153,11 +172,12 @@ class S3TransferHandler(object): total_submissions += 1 break self._result_command_recorder.notify_total_submissions( - total_submissions) + total_submissions + ) return self._result_command_recorder.get_command_result() -class BaseTransferRequestSubmitter(object): +class BaseTransferRequestSubmitter: REQUEST_MAPPER_METHOD = None def __init__(self, transfer_manager, result_queue, cli_params): @@ -219,7 +239,8 @@ class BaseTransferRequestSubmitter(objec self.REQUEST_MAPPER_METHOD(extra_args, self._cli_params) if not self._cli_params.get('dryrun'): return self._submit_transfer_request( - fileinfo, extra_args, self._get_subscribers(fileinfo)) + fileinfo, extra_args, self._get_subscribers(fileinfo) + ) else: self._submit_dryrun(fileinfo) @@ -227,14 +248,14 @@ class BaseTransferRequestSubmitter(objec subscribers = [] result_subscriber_kwargs = self._get_result_subscriber_kwargs(fileinfo) self._add_provide_size_subscriber(subscribers, fileinfo) + subscribers.append(ProvideETagSubscriber(fileinfo.etag)) subscribers.append(QueuedResultSubscriber(**result_subscriber_kwargs)) self._add_additional_subscribers(subscribers, fileinfo) subscribers.extend( [ ProgressResultSubscriber(**result_subscriber_kwargs), - DoneResultSubscriber(**result_subscriber_kwargs) + DoneResultSubscriber(**result_subscriber_kwargs), ] - ) return subscribers @@ -251,8 +272,9 @@ class BaseTransferRequestSubmitter(objec def _submit_dryrun(self, fileinfo): transfer_type = self._get_transfer_type(fileinfo) src, dest = self._format_src_dest(fileinfo) - self._result_queue.put(DryRunResult( - transfer_type=transfer_type, src=src, dest=dest)) + self._result_queue.put( + DryRunResult(transfer_type=transfer_type, src=src, dest=dest) + ) def _add_provide_size_subscriber(self, subscribers, fileinfo): subscribers.append(ProvideSizeSubscriber(fileinfo.size)) @@ -280,27 +302,27 @@ class BaseTransferRequestSubmitter(objec return [] def _should_inject_content_type(self): - return ( - self._cli_params.get('guess_mime_type') and - not self._cli_params.get('content_type') - ) + return self._cli_params.get( + 'guess_mime_type' + ) and not self._cli_params.get('content_type') def _warn_glacier(self, fileinfo): if not self._cli_params.get('force_glacier_transfer'): if not fileinfo.is_glacier_compatible(): LOGGER.debug( 'Encountered glacier object s3://%s. Not performing ' - '%s on object.' % (fileinfo.src, fileinfo.operation_name)) + '%s on object.' % (fileinfo.src, fileinfo.operation_name) + ) if not self._cli_params.get('ignore_glacier_warnings'): warning = create_warning( - 's3://'+fileinfo.src, + 's3://' + fileinfo.src, 'Object is of storage class GLACIER. Unable to ' 'perform %s operations on GLACIER objects. You must ' 'restore the object to be able to perform the ' 'operation. See aws s3 %s help for additional ' 'parameter options to ignore or force these ' - 'transfers.' % - (fileinfo.operation_name, fileinfo.operation_name) + 'transfers.' + % (fileinfo.operation_name, fileinfo.operation_name), ) self._result_queue.put(warning) return True @@ -311,10 +333,12 @@ class BaseTransferRequestSubmitter(objec # need to take that into account when checking for a parent prefix. parent_prefix = '..' + os.path.sep escapes_cwd = os.path.normpath(fileinfo.compare_key).startswith( - parent_prefix) + parent_prefix + ) if escapes_cwd: warning = create_warning( - fileinfo.compare_key, "File references a parent directory.") + fileinfo.compare_key, "File references a parent directory." + ) self._result_queue.put(warning) return True return False @@ -353,8 +377,11 @@ class UploadRequestSubmitter(BaseTransfe bucket, key = find_bucket_key(fileinfo.dest) filein = self._get_filein(fileinfo) return self._transfer_manager.upload( - fileobj=filein, bucket=bucket, key=key, - extra_args=extra_args, subscribers=subscribers + fileobj=filein, + bucket=bucket, + key=key, + extra_args=extra_args, + subscribers=subscribers, ) def _get_filein(self, fileinfo): @@ -366,11 +393,13 @@ class UploadRequestSubmitter(BaseTransfe def _warn_if_too_large(self, fileinfo): if getattr(fileinfo, 'size') and fileinfo.size > MAX_UPLOAD_SIZE: file_path = relative_path(fileinfo.src) - warning_message = ( - "File %s exceeds s3 upload limit of %s." % ( - file_path, human_readable_size(MAX_UPLOAD_SIZE))) + warning_message = "File %s exceeds s3 upload limit of %s." % ( + file_path, + human_readable_size(MAX_UPLOAD_SIZE), + ) warning = create_warning( - file_path, warning_message, skip_file=False) + file_path, warning_message, skip_file=False + ) self._result_queue.put(warning) def _format_src_dest(self, fileinfo): @@ -387,18 +416,25 @@ class DownloadRequestSubmitter(BaseTrans def _add_additional_subscribers(self, subscribers, fileinfo): subscribers.append(DirectoryCreatorSubscriber()) - subscribers.append(ProvideLastModifiedTimeSubscriber( - fileinfo.last_update, self._result_queue)) + subscribers.append( + ProvideLastModifiedTimeSubscriber( + fileinfo.last_update, self._result_queue + ) + ) if self._cli_params.get('is_move', False): - subscribers.append(DeleteSourceObjectSubscriber( - fileinfo.source_client)) + subscribers.append( + DeleteSourceObjectSubscriber(fileinfo.source_client) + ) def _submit_transfer_request(self, fileinfo, extra_args, subscribers): bucket, key = find_bucket_key(fileinfo.src) fileout = self._get_fileout(fileinfo) return self._transfer_manager.download( - fileobj=fileout, bucket=bucket, key=key, - extra_args=extra_args, subscribers=subscribers + fileobj=fileout, + bucket=bucket, + key=key, + extra_args=extra_args, + subscribers=subscribers, ) def _get_fileout(self, fileinfo): @@ -423,8 +459,9 @@ class CopyRequestSubmitter(BaseTransferR if not self._cli_params.get('metadata_directive'): self._add_copy_props_subscribers(subscribers, fileinfo) if self._cli_params.get('is_move', False): - subscribers.append(DeleteCopySourceObjectSubscriber( - fileinfo.source_client)) + subscribers.append( + DeleteCopySourceObjectSubscriber(fileinfo.source_client) + ) def _add_copy_props_subscribers(self, subscribers, fileinfo): copy_props_factory = CopyPropsSubscriberFactory( @@ -439,9 +476,12 @@ class CopyRequestSubmitter(BaseTransferR source_bucket, source_key = find_bucket_key(fileinfo.src) copy_source = {'Bucket': source_bucket, 'Key': source_key} return self._transfer_manager.copy( - bucket=bucket, key=key, copy_source=copy_source, - extra_args=extra_args, subscribers=subscribers, - source_client=fileinfo.source_client + bucket=bucket, + key=key, + copy_source=copy_source, + extra_args=extra_args, + subscribers=subscribers, + source_client=fileinfo.source_client, ) def _get_warning_handlers(self): @@ -455,9 +495,8 @@ class CopyRequestSubmitter(BaseTransferR class UploadStreamRequestSubmitter(UploadRequestSubmitter): def can_submit(self, fileinfo): - return ( - fileinfo.operation_name == 'upload' and - self._cli_params.get('is_stream') + return fileinfo.operation_name == 'upload' and self._cli_params.get( + 'is_stream' ) def _add_provide_size_subscriber(self, subscribers, fileinfo): @@ -478,9 +517,8 @@ class UploadStreamRequestSubmitter(Uploa class DownloadStreamRequestSubmitter(DownloadRequestSubmitter): def can_submit(self, fileinfo): - return ( - fileinfo.operation_name == 'download' and - self._cli_params.get('is_stream') + return fileinfo.operation_name == 'download' and self._cli_params.get( + 'is_stream' ) def _add_provide_size_subscriber(self, subscribers, fileinfo): @@ -500,8 +538,9 @@ class DeleteRequestSubmitter(BaseTransfe REQUEST_MAPPER_METHOD = RequestParamsMapper.map_delete_object_params def can_submit(self, fileinfo): - return fileinfo.operation_name == 'delete' and \ - fileinfo.src_type == 's3' + return ( + fileinfo.operation_name == 'delete' and fileinfo.src_type == 's3' + ) def _add_provide_size_subscriber(self, subscribers, fileinfo): pass @@ -509,8 +548,11 @@ class DeleteRequestSubmitter(BaseTransfe def _submit_transfer_request(self, fileinfo, extra_args, subscribers): bucket, key = find_bucket_key(fileinfo.src) return self._transfer_manager.delete( - bucket=bucket, key=key, extra_args=extra_args, - subscribers=subscribers) + bucket=bucket, + key=key, + extra_args=extra_args, + subscribers=subscribers, + ) def _format_src_dest(self, fileinfo): return self._format_s3_path(fileinfo.src), None @@ -520,8 +562,10 @@ class LocalDeleteRequestSubmitter(BaseTr REQUEST_MAPPER_METHOD = None def can_submit(self, fileinfo): - return fileinfo.operation_name == 'delete' and \ - fileinfo.src_type == 'local' + return ( + fileinfo.operation_name == 'delete' + and fileinfo.src_type == 'local' + ) def _submit_transfer_request(self, fileinfo, extra_args, subscribers): # This is quirky but essentially instead of relying on a built-in @@ -537,19 +581,15 @@ class LocalDeleteRequestSubmitter(BaseTr # deleting a local file only happens for sync --delete downloads and # is very fast compared to all of the other types of transfers. src, dest = self._format_src_dest(fileinfo) - result_kwargs = { - 'transfer_type': 'delete', - 'src': src, - 'dest': dest - } + result_kwargs = {'transfer_type': 'delete', 'src': src, 'dest': dest} try: - self._result_queue.put(QueuedResult( - total_transfer_size=0, **result_kwargs)) + self._result_queue.put( + QueuedResult(total_transfer_size=0, **result_kwargs) + ) os.remove(fileinfo.src) self._result_queue.put(SuccessResult(**result_kwargs)) except Exception as e: - self._result_queue.put( - FailureResult(exception=e, **result_kwargs)) + self._result_queue.put(FailureResult(exception=e, **result_kwargs)) finally: # Return True to indicate that the transfer was submitted return True diff -pruN 2.23.6-1/awscli/customizations/s3/subcommands.py 2.31.35-1/awscli/customizations/s3/subcommands.py --- 2.23.6-1/awscli/customizations/s3/subcommands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/subcommands.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,146 +10,216 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os import logging +import os import sys from botocore.client import Config -from botocore.utils import is_s3express_bucket, ensure_boolean +from botocore.useragent import register_feature_id +from botocore.utils import ensure_boolean, is_s3express_bucket from dateutil.parser import parse from dateutil.tz import tzlocal from awscli.compat import queue from awscli.customizations.commands import BasicCommand +from awscli.customizations.exceptions import ParamValidationError +from awscli.customizations.s3 import transferconfig from awscli.customizations.s3.comparator import Comparator from awscli.customizations.s3.factory import ( - ClientFactory, TransferManagerFactory + ClientFactory, + TransferManagerFactory, ) -from awscli.customizations.s3.fileinfobuilder import FileInfoBuilder from awscli.customizations.s3.fileformat import FileFormat from awscli.customizations.s3.filegenerator import FileGenerator from awscli.customizations.s3.fileinfo import FileInfo +from awscli.customizations.s3.fileinfobuilder import FileInfoBuilder from awscli.customizations.s3.filters import create_filter from awscli.customizations.s3.s3handler import S3TransferHandlerFactory -from awscli.customizations.s3.utils import find_bucket_key, AppendFilter, \ - find_dest_path_comp_key, human_readable_size, \ - RequestParamsMapper, split_s3_bucket_key, block_unsupported_resources, \ - S3PathResolver +from awscli.customizations.s3.syncstrategy.base import ( + MissingFileSync, + NeverSync, + SizeAndLastModifiedSync, +) +from awscli.customizations.s3.utils import ( + AppendFilter, + RequestParamsMapper, + S3PathResolver, + block_unsupported_resources, + find_bucket_key, + find_dest_path_comp_key, + human_readable_size, + split_s3_bucket_key, +) from awscli.customizations.utils import uni_print -from awscli.customizations.s3.syncstrategy.base import MissingFileSync, \ - SizeAndLastModifiedSync, NeverSync -from awscli.customizations.s3 import transferconfig -from awscli.customizations.exceptions import ParamValidationError - LOGGER = logging.getLogger(__name__) -RECURSIVE = {'name': 'recursive', 'action': 'store_true', 'dest': 'dir_op', - 'help_text': ( - "Command is performed on all files or objects " - "under the specified directory or prefix.")} - - -HUMAN_READABLE = {'name': 'human-readable', 'action': 'store_true', - 'help_text': "Displays file sizes in human readable format."} - - -SUMMARIZE = {'name': 'summarize', 'action': 'store_true', - 'help_text': ( - "Displays summary information " - "(number of objects, total size).")} - - -DRYRUN = {'name': 'dryrun', 'action': 'store_true', - 'help_text': ( - "Displays the operations that would be performed using the " - "specified command without actually running them.")} - - -QUIET = {'name': 'quiet', 'action': 'store_true', - 'help_text': ( - "Does not display the operations performed from the specified " - "command.")} - - -FORCE = {'name': 'force', 'action': 'store_true', - 'help_text': ( - "Deletes all objects in the bucket including the bucket itself. " - "Note that versioned objects will not be deleted in this " - "process which would cause the bucket deletion to fail because " - "the bucket would not be empty. To delete versioned " - "objects use the ``s3api delete-object`` command with " - "the ``--version-id`` parameter.")} - - -FOLLOW_SYMLINKS = {'name': 'follow-symlinks', 'action': 'store_true', - 'default': True, 'group_name': 'follow_symlinks', - 'help_text': ( - "Symbolic links are followed " - "only when uploading to S3 from the local filesystem. " - "Note that S3 does not support symbolic links, so the " - "contents of the link target are uploaded under the " - "name of the link. When neither ``--follow-symlinks`` " - "nor ``--no-follow-symlinks`` is specified, the default " - "is to follow symlinks.")} - - -NO_FOLLOW_SYMLINKS = {'name': 'no-follow-symlinks', 'action': 'store_false', - 'dest': 'follow_symlinks', 'default': True, - 'group_name': 'follow_symlinks'} - - -NO_GUESS_MIME_TYPE = {'name': 'no-guess-mime-type', 'action': 'store_false', - 'dest': 'guess_mime_type', 'default': True, - 'help_text': ( - "Do not try to guess the mime type for " - "uploaded files. By default the mime type of a " - "file is guessed when it is uploaded.")} - - -CONTENT_TYPE = {'name': 'content-type', - 'help_text': ( - "Specify an explicit content type for this operation. " - "This value overrides any guessed mime types.")} - - -EXCLUDE = {'name': 'exclude', 'action': AppendFilter, 'nargs': 1, - 'dest': 'filters', - 'help_text': ( - "Exclude all files or objects from the command that matches " - "the specified pattern.")} - - -INCLUDE = {'name': 'include', 'action': AppendFilter, 'nargs': 1, - 'dest': 'filters', - 'help_text': ( - "Don't exclude files or objects " - "in the command that match the specified pattern. " - 'See Use of ' - 'Exclude and Include Filters for details.')} - - -ACL = {'name': 'acl', - 'choices': ['private', 'public-read', 'public-read-write', - 'authenticated-read', 'aws-exec-read', 'bucket-owner-read', - 'bucket-owner-full-control', 'log-delivery-write'], - 'help_text': ( - "Sets the ACL for the object when the command is " - "performed. If you use this parameter you must have the " - '"s3:PutObjectAcl" permission included in the list of actions ' - "for your IAM policy. " - "Only accepts values of ``private``, ``public-read``, " - "``public-read-write``, ``authenticated-read``, ``aws-exec-read``, " - "``bucket-owner-read``, ``bucket-owner-full-control`` and " - "``log-delivery-write``. " - 'See Canned ACL for details')} +RECURSIVE = { + 'name': 'recursive', + 'action': 'store_true', + 'dest': 'dir_op', + 'help_text': ( + "Command is performed on all files or objects " + "under the specified directory or prefix." + ), +} + + +HUMAN_READABLE = { + 'name': 'human-readable', + 'action': 'store_true', + 'help_text': "Displays file sizes in human readable format.", +} + + +SUMMARIZE = { + 'name': 'summarize', + 'action': 'store_true', + 'help_text': ( + "Displays summary information (number of objects, total size)." + ), +} + + +DRYRUN = { + 'name': 'dryrun', + 'action': 'store_true', + 'help_text': ( + "Displays the operations that would be performed using the " + "specified command without actually running them." + ), +} + + +QUIET = { + 'name': 'quiet', + 'action': 'store_true', + 'help_text': ( + "Does not display the operations performed from the specified command." + ), +} + + +FORCE = { + 'name': 'force', + 'action': 'store_true', + 'help_text': ( + "Deletes all objects in the bucket including the bucket itself. " + "Note that versioned objects will not be deleted in this " + "process which would cause the bucket deletion to fail because " + "the bucket would not be empty. To delete versioned " + "objects use the ``s3api delete-object`` command with " + "the ``--version-id`` parameter." + ), +} + + +FOLLOW_SYMLINKS = { + 'name': 'follow-symlinks', + 'action': 'store_true', + 'default': True, + 'group_name': 'follow_symlinks', + 'help_text': ( + "Symbolic links are followed " + "only when uploading to S3 from the local filesystem. " + "Note that S3 does not support symbolic links, so the " + "contents of the link target are uploaded under the " + "name of the link. When neither ``--follow-symlinks`` " + "nor ``--no-follow-symlinks`` is specified, the default " + "is to follow symlinks." + ), +} + + +NO_FOLLOW_SYMLINKS = { + 'name': 'no-follow-symlinks', + 'action': 'store_false', + 'dest': 'follow_symlinks', + 'default': True, + 'group_name': 'follow_symlinks', +} + + +NO_GUESS_MIME_TYPE = { + 'name': 'no-guess-mime-type', + 'action': 'store_false', + 'dest': 'guess_mime_type', + 'default': True, + 'help_text': ( + "Do not try to guess the mime type for " + "uploaded files. By default the mime type of a " + "file is guessed when it is uploaded." + ), +} + + +CONTENT_TYPE = { + 'name': 'content-type', + 'help_text': ( + "Specify an explicit content type for this operation. " + "This value overrides any guessed mime types." + ), +} + + +EXCLUDE = { + 'name': 'exclude', + 'action': AppendFilter, + 'nargs': 1, + 'dest': 'filters', + 'help_text': ( + "Exclude all files or objects from the command that matches " + "the specified pattern." + ), +} + + +INCLUDE = { + 'name': 'include', + 'action': AppendFilter, + 'nargs': 1, + 'dest': 'filters', + 'help_text': ( + "Don't exclude files or objects " + "in the command that match the specified pattern. " + 'See Use of ' + 'Exclude and Include Filters for details.' + ), +} + + +ACL = { + 'name': 'acl', + 'choices': [ + 'private', + 'public-read', + 'public-read-write', + 'authenticated-read', + 'aws-exec-read', + 'bucket-owner-read', + 'bucket-owner-full-control', + 'log-delivery-write', + ], + 'help_text': ( + "Sets the ACL for the object when the command is " + "performed. If you use this parameter you must have the " + '"s3:PutObjectAcl" permission included in the list of actions ' + "for your IAM policy. " + "Only accepts values of ``private``, ``public-read``, " + "``public-read-write``, ``authenticated-read``, ``aws-exec-read``, " + "``bucket-owner-read``, ``bucket-owner-full-control`` and " + "``log-delivery-write``. " + 'See Canned ACL for details' + ), +} GRANTS = { - 'name': 'grants', 'nargs': '+', + 'name': 'grants', + 'nargs': '+', 'help_text': ( '

    Grant specific permissions to individual users or groups. You ' 'can supply a list of grants of the form

    --grants ' @@ -174,40 +244,48 @@ GRANTS = { '
' 'For more information on Amazon S3 access control, see ' 'Access Control')} + 'UsingAuthAccess.html">Access Control' + ), +} SSE = { - 'name': 'sse', 'nargs': '?', 'const': 'AES256', + 'name': 'sse', + 'nargs': '?', + 'const': 'AES256', 'choices': ['AES256', 'aws:kms'], 'help_text': ( 'Specifies server-side encryption of the object in S3. ' 'Valid values are ``AES256`` and ``aws:kms``. If the parameter is ' 'specified but no value is provided, ``AES256`` is used.' - ) + ), } SSE_C = { - 'name': 'sse-c', 'nargs': '?', 'const': 'AES256', 'choices': ['AES256'], + 'name': 'sse-c', + 'nargs': '?', + 'const': 'AES256', + 'choices': ['AES256'], 'help_text': ( 'Specifies server-side encryption using customer provided keys ' 'of the the object in S3. ``AES256`` is the only valid value. ' 'If the parameter is specified but no value is provided, ' '``AES256`` is used. If you provide this value, ``--sse-c-key`` ' 'must be specified as well.' - ) + ), } SSE_C_KEY = { - 'name': 'sse-c-key', 'cli_type_name': 'blob', + 'name': 'sse-c-key', + 'cli_type_name': 'blob', 'help_text': ( 'The customer-provided encryption key to use to server-side ' 'encrypt the object in S3. If you provide this value, ' '``--sse-c`` must be specified as well. The key provided should ' '**not** be base64 encoded.' - ) + ), } @@ -218,13 +296,15 @@ SSE_KMS_KEY_ID = { 'should be used to server-side encrypt the object in S3. You should ' 'only provide this parameter if you are using a customer managed ' 'customer master key (CMK) and not the AWS managed KMS CMK.' - ) + ), } SSE_C_COPY_SOURCE = { - 'name': 'sse-c-copy-source', 'nargs': '?', - 'const': 'AES256', 'choices': ['AES256'], + 'name': 'sse-c-copy-source', + 'nargs': '?', + 'const': 'AES256', + 'choices': ['AES256'], 'help_text': ( 'This parameter should only be specified when copying an S3 object ' 'that was encrypted server-side with a customer-provided ' @@ -233,12 +313,13 @@ SSE_C_COPY_SOURCE = { 'value. If the parameter is specified but no value is provided, ' '``AES256`` is used. If you provide this value, ' '``--sse-c-copy-source-key`` must be specified as well. ' - ) + ), } SSE_C_COPY_SOURCE_KEY = { - 'name': 'sse-c-copy-source-key', 'cli_type_name': 'blob', + 'name': 'sse-c-copy-source-key', + 'cli_type_name': 'blob', 'help_text': ( 'This parameter should only be specified when copying an S3 object ' 'that was encrypted server-side with a customer-provided ' @@ -247,105 +328,130 @@ SSE_C_COPY_SOURCE_KEY = { 'must be one that was used when the source object was created. ' 'If you provide this value, ``--sse-c-copy-source`` be specified as ' 'well. The key provided should **not** be base64 encoded.' - ) + ), } -STORAGE_CLASS = {'name': 'storage-class', - 'choices': ['STANDARD', 'REDUCED_REDUNDANCY', 'STANDARD_IA', - 'ONEZONE_IA', 'INTELLIGENT_TIERING', 'GLACIER', - 'DEEP_ARCHIVE', 'GLACIER_IR'], - 'help_text': ( - "The type of storage to use for the object. " - "Valid choices are: STANDARD | REDUCED_REDUNDANCY " - "| STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING " - "| GLACIER | DEEP_ARCHIVE | GLACIER_IR. " - "Defaults to 'STANDARD'")} - - -WEBSITE_REDIRECT = {'name': 'website-redirect', - 'help_text': ( - "If the bucket is configured as a website, " - "redirects requests for this object to another object " - "in the same bucket or to an external URL. Amazon S3 " - "stores the value of this header in the object " - "metadata.")} - - -CACHE_CONTROL = {'name': 'cache-control', - 'help_text': ( - "Specifies caching behavior along the " - "request/reply chain.")} - - -CONTENT_DISPOSITION = {'name': 'content-disposition', - 'help_text': ( - "Specifies presentational information " - "for the object.")} - - -CONTENT_ENCODING = {'name': 'content-encoding', - 'help_text': ( - "Specifies what content encodings have been " - "applied to the object and thus what decoding " - "mechanisms must be applied to obtain the media-type " - "referenced by the Content-Type header field.")} - - -CONTENT_LANGUAGE = {'name': 'content-language', - 'help_text': ("The language the content is in.")} - - -SOURCE_REGION = {'name': 'source-region', - 'help_text': ( - "When transferring objects from an s3 bucket to an s3 " - "bucket, this specifies the region of the source bucket." - " Note the region specified by ``--region`` or through " - "configuration of the CLI refers to the region of the " - "destination bucket. If ``--source-region`` is not " - "specified the region of the source will be the same " - "as the region of the destination bucket.")} +STORAGE_CLASS = { + 'name': 'storage-class', + 'choices': [ + 'STANDARD', + 'REDUCED_REDUNDANCY', + 'STANDARD_IA', + 'ONEZONE_IA', + 'INTELLIGENT_TIERING', + 'GLACIER', + 'DEEP_ARCHIVE', + 'GLACIER_IR', + ], + 'help_text': ( + "The type of storage to use for the object. " + "Valid choices are: STANDARD | REDUCED_REDUNDANCY " + "| STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING " + "| GLACIER | DEEP_ARCHIVE | GLACIER_IR. " + "Defaults to 'STANDARD'" + ), +} + + +WEBSITE_REDIRECT = { + 'name': 'website-redirect', + 'help_text': ( + "If the bucket is configured as a website, " + "redirects requests for this object to another object " + "in the same bucket or to an external URL. Amazon S3 " + "stores the value of this header in the object " + "metadata." + ), +} + + +CACHE_CONTROL = { + 'name': 'cache-control', + 'help_text': ("Specifies caching behavior along the request/reply chain."), +} + + +CONTENT_DISPOSITION = { + 'name': 'content-disposition', + 'help_text': ("Specifies presentational information for the object."), +} + + +CONTENT_ENCODING = { + 'name': 'content-encoding', + 'help_text': ( + "Specifies what content encodings have been " + "applied to the object and thus what decoding " + "mechanisms must be applied to obtain the media-type " + "referenced by the Content-Type header field." + ), +} + + +CONTENT_LANGUAGE = { + 'name': 'content-language', + 'help_text': ("The language the content is in."), +} + + +SOURCE_REGION = { + 'name': 'source-region', + 'help_text': ( + "When transferring objects from an s3 bucket to an s3 " + "bucket, this specifies the region of the source bucket." + " Note the region specified by ``--region`` or through " + "configuration of the CLI refers to the region of the " + "destination bucket. If ``--source-region`` is not " + "specified the region of the source will be the same " + "as the region of the destination bucket." + ), +} EXPIRES = { 'name': 'expires', 'help_text': ( - "The date and time at which the object is no longer cacheable.") + "The date and time at which the object is no longer cacheable." + ), } METADATA = { - 'name': 'metadata', 'cli_type_name': 'map', + 'name': 'metadata', + 'cli_type_name': 'map', 'schema': { 'type': 'map', 'key': {'type': 'string'}, - 'value': {'type': 'string'} + 'value': {'type': 'string'}, }, 'help_text': ( "A map of metadata to store with the objects in S3. This will be " "applied to every object which is part of this request. In a sync, " "this means that files which haven't changed won't receive the new " "metadata. " - ) + ), } METADATA_DIRECTIVE = { - 'name': 'metadata-directive', 'choices': ['COPY', 'REPLACE'], + 'name': 'metadata-directive', + 'choices': ['COPY', 'REPLACE'], 'help_text': ( 'Sets the ``x-amz-metadata-directive`` header for CopyObject ' 'operations. It is recommended to use the ``--copy-props`` parameter ' 'instead to control copying of metadata properties. ' 'If ``--metadata-directive`` is set, the ``--copy-props`` parameter ' 'will be disabled and will have no affect on the transfer.' - ) + ), } COPY_PROPS = { 'name': 'copy-props', 'choices': ['none', 'metadata-directive', 'default'], - 'default': 'default', 'help_text': ( + 'default': 'default', + 'help_text': ( 'Determines which properties are copied from the source S3 object. ' 'This parameter only applies for S3 to S3 copies. Valid values are: ' '
    ' @@ -375,81 +481,124 @@ COPY_PROPS = { 'If you want to guarantee no additional API calls are made other than ' 'than the ones needed to perform the actual copy, set this option to ' '``none``.' - ) + ), } -INDEX_DOCUMENT = {'name': 'index-document', - 'help_text': ( - 'A suffix that is appended to a request that is for ' - 'a directory on the website endpoint (e.g. if the ' - 'suffix is index.html and you make a request to ' - 'samplebucket/images/ the data that is returned ' - 'will be for the object with the key name ' - 'images/index.html) The suffix must not be empty and ' - 'must not include a slash character.')} - - -ERROR_DOCUMENT = {'name': 'error-document', - 'help_text': ( - 'The object key name to use when ' - 'a 4XX class error occurs.')} - - -ONLY_SHOW_ERRORS = {'name': 'only-show-errors', 'action': 'store_true', - 'help_text': ( - 'Only errors and warnings are displayed. All other ' - 'output is suppressed.')} - - -NO_PROGRESS = {'name': 'no-progress', - 'action': 'store_false', - 'dest': 'progress', - 'help_text': ( - 'File transfer progress is not displayed. This flag ' - 'is only applied when the quiet and only-show-errors ' - 'flags are not provided.')} - - -EXPECTED_SIZE = {'name': 'expected-size', - 'help_text': ( - 'This argument specifies the expected size of a stream ' - 'in terms of bytes. Note that this argument is needed ' - 'only when a stream is being uploaded to s3 and the size ' - 'is larger than 50GB. Failure to include this argument ' - 'under these conditions may result in a failed upload ' - 'due to too many parts in upload.')} - - -PAGE_SIZE = {'name': 'page-size', 'cli_type_name': 'integer', - 'help_text': ( - 'The number of results to return in each response to a list ' - 'operation. The default value is 1000 (the maximum allowed). ' - 'Using a lower value may help if an operation times out.')} +INDEX_DOCUMENT = { + 'name': 'index-document', + 'help_text': ( + 'A suffix that is appended to a request that is for ' + 'a directory on the website endpoint (e.g. if the ' + 'suffix is index.html and you make a request to ' + 'samplebucket/images/ the data that is returned ' + 'will be for the object with the key name ' + 'images/index.html) The suffix must not be empty and ' + 'must not include a slash character.' + ), +} + + +ERROR_DOCUMENT = { + 'name': 'error-document', + 'help_text': ('The object key name to use when a 4XX class error occurs.'), +} + + +ONLY_SHOW_ERRORS = { + 'name': 'only-show-errors', + 'action': 'store_true', + 'help_text': ( + 'Only errors and warnings are displayed. All other ' + 'output is suppressed.' + ), +} + + +NO_PROGRESS = { + 'name': 'no-progress', + 'action': 'store_false', + 'dest': 'progress', + 'help_text': ( + 'File transfer progress is not displayed. This flag ' + 'is only applied when the quiet and only-show-errors ' + 'flags are not provided.' + ), +} + +PROGRESS_FREQUENCY = { + 'name': 'progress-frequency', + 'dest': 'progress_frequency', + 'cli_type_name': 'integer', + 'default': 0, + 'help_text': ( + 'Number of seconds to wait before updating file ' + 'transfer progress. This flag is only applied when ' + 'the quiet and only-show-errors flags are not ' + 'provided.' + ), +} + +PROGRESS_MULTILINE = { + 'name': 'progress-multiline', + 'dest': 'progress_multiline', + 'action': 'store_true', + 'help_text': ( + 'Show progress on multiple lines.' + ), +} + + +EXPECTED_SIZE = { + 'name': 'expected-size', + 'help_text': ( + 'This argument specifies the expected size of a stream ' + 'in terms of bytes. Note that this argument is needed ' + 'only when a stream is being uploaded to s3 and the size ' + 'is larger than 50GB. Failure to include this argument ' + 'under these conditions may result in a failed upload ' + 'due to too many parts in upload.' + ), +} + + +PAGE_SIZE = { + 'name': 'page-size', + 'cli_type_name': 'integer', + 'help_text': ( + 'The number of results to return in each response to a list ' + 'operation. The default value is 1000 (the maximum allowed). ' + 'Using a lower value may help if an operation times out.' + ), +} IGNORE_GLACIER_WARNINGS = { - 'name': 'ignore-glacier-warnings', 'action': 'store_true', + 'name': 'ignore-glacier-warnings', + 'action': 'store_true', 'help_text': ( 'Turns off glacier warnings. Warnings about an operation that cannot ' 'be performed because it involves copying, downloading, or moving ' 'a glacier object will no longer be printed to standard error and ' 'will no longer cause the return code of the command to be ``2``.' - ) + ), } FORCE_GLACIER_TRANSFER = { - 'name': 'force-glacier-transfer', 'action': 'store_true', + 'name': 'force-glacier-transfer', + 'action': 'store_true', 'help_text': ( 'Forces a transfer request on all Glacier objects in a sync or ' 'recursive copy.' - ) + ), } REQUEST_PAYER = { - 'name': 'request-payer', 'choices': ['requester'], - 'nargs': '?', 'const': 'requester', + 'name': 'request-payer', + 'choices': ['requester'], + 'nargs': '?', + 'const': 'requester', 'help_text': ( 'Confirms that the requester knows that they will be charged ' 'for the request. Bucket owners need not specify this parameter in ' @@ -457,11 +606,12 @@ REQUEST_PAYER = { 'pays buckets can be found at ' 'http://docs.aws.amazon.com/AmazonS3/latest/dev/' 'ObjectsinRequesterPaysBuckets.html' - ) + ), } VALIDATE_SAME_S3_PATHS = { - 'name': 'validate-same-s3-paths', 'action': 'store_true', + 'name': 'validate-same-s3-paths', + 'action': 'store_true', 'help_text': ( 'Resolves the source and destination S3 URIs to their ' 'underlying buckets and verifies that the file or object ' @@ -478,18 +628,20 @@ VALIDATE_SAME_S3_PATHS = { 'NOTE: Path validation requires making additional API calls. ' 'Future updates to this path-validation mechanism might change ' 'which API calls are made.' - ) + ), } CHECKSUM_MODE = { - 'name': 'checksum-mode', 'choices': ['ENABLED'], - 'help_text': 'To retrieve the checksum, this mode must be enabled. If the object has a ' - 'checksum, it will be verified.' + 'name': 'checksum-mode', + 'choices': ['ENABLED'], + 'help_text': 'To retrieve the checksum, this mode must be enabled. If the object has a ' + 'checksum, it will be verified.', } CHECKSUM_ALGORITHM = { - 'name': 'checksum-algorithm', 'choices': ['CRC64NVME', 'CRC32', 'SHA256', 'SHA1', 'CRC32C'], - 'help_text': 'Indicates the algorithm used to create the checksum for the object.' + 'name': 'checksum-algorithm', + 'choices': ['CRC64NVME', 'CRC32', 'SHA256', 'SHA1', 'CRC32C'], + 'help_text': 'Indicates the algorithm used to create the checksum for the object.', } BUCKET_NAME_PREFIX = { @@ -497,7 +649,7 @@ BUCKET_NAME_PREFIX = { 'help_text': ( 'Limits the response to bucket names that begin with the specified ' 'bucket name prefix.' - ) + ), } BUCKET_REGION = { @@ -509,18 +661,45 @@ BUCKET_REGION = { 'us-west-2 for the US West (Oregon) Region. For a list of the valid ' 'values for all of the Amazon Web Services Regions, see ' 'https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region' - ) + ), } -TRANSFER_ARGS = [DRYRUN, QUIET, INCLUDE, EXCLUDE, ACL, - FOLLOW_SYMLINKS, NO_FOLLOW_SYMLINKS, NO_GUESS_MIME_TYPE, - SSE, SSE_C, SSE_C_KEY, SSE_KMS_KEY_ID, SSE_C_COPY_SOURCE, - SSE_C_COPY_SOURCE_KEY, STORAGE_CLASS, GRANTS, - WEBSITE_REDIRECT, CONTENT_TYPE, CACHE_CONTROL, - CONTENT_DISPOSITION, CONTENT_ENCODING, CONTENT_LANGUAGE, - EXPIRES, SOURCE_REGION, ONLY_SHOW_ERRORS, NO_PROGRESS, - PAGE_SIZE, IGNORE_GLACIER_WARNINGS, FORCE_GLACIER_TRANSFER, - REQUEST_PAYER, CHECKSUM_MODE, CHECKSUM_ALGORITHM] +TRANSFER_ARGS = [ + DRYRUN, + QUIET, + INCLUDE, + EXCLUDE, + ACL, + FOLLOW_SYMLINKS, + NO_FOLLOW_SYMLINKS, + NO_GUESS_MIME_TYPE, + SSE, + SSE_C, + SSE_C_KEY, + SSE_KMS_KEY_ID, + SSE_C_COPY_SOURCE, + SSE_C_COPY_SOURCE_KEY, + STORAGE_CLASS, + GRANTS, + WEBSITE_REDIRECT, + CONTENT_TYPE, + CACHE_CONTROL, + CONTENT_DISPOSITION, + CONTENT_ENCODING, + CONTENT_LANGUAGE, + EXPIRES, + SOURCE_REGION, + ONLY_SHOW_ERRORS, + NO_PROGRESS, + PROGRESS_FREQUENCY, + PROGRESS_MULTILINE, + PAGE_SIZE, + IGNORE_GLACIER_WARNINGS, + FORCE_GLACIER_TRANSFER, + REQUEST_PAYER, + CHECKSUM_MODE, + CHECKSUM_ALGORITHM, +] class S3Command(BasicCommand): @@ -535,14 +714,28 @@ class S3Command(BasicCommand): class ListCommand(S3Command): NAME = 'ls' - DESCRIPTION = ("List S3 objects and common prefixes under a prefix or " - "all S3 buckets. Note that the --output and --no-paginate " - "arguments are ignored for this command.") + DESCRIPTION = ( + "List S3 objects and common prefixes under a prefix or " + "all S3 buckets. Note that the --output and --no-paginate " + "arguments are ignored for this command." + ) USAGE = " or NONE" - ARG_TABLE = [{'name': 'paths', 'nargs': '?', 'default': 's3://', - 'positional_arg': True, 'synopsis': USAGE}, RECURSIVE, - PAGE_SIZE, HUMAN_READABLE, SUMMARIZE, REQUEST_PAYER, - BUCKET_NAME_PREFIX, BUCKET_REGION] + ARG_TABLE = [ + { + 'name': 'paths', + 'nargs': '?', + 'default': 's3://', + 'positional_arg': True, + 'synopsis': USAGE, + }, + RECURSIVE, + PAGE_SIZE, + HUMAN_READABLE, + SUMMARIZE, + REQUEST_PAYER, + BUCKET_NAME_PREFIX, + BUCKET_REGION, + ] def _run_main(self, parsed_args, parsed_globals): super(ListCommand, self)._run_main(parsed_args, parsed_globals) @@ -564,10 +757,12 @@ class ListCommand(S3Command): elif parsed_args.dir_op: # Then --recursive was specified. self._list_all_objects_recursive( - bucket, key, parsed_args.page_size, parsed_args.request_payer) + bucket, key, parsed_args.page_size, parsed_args.request_payer + ) else: self._list_all_objects( - bucket, key, parsed_args.page_size, parsed_args.request_payer) + bucket, key, parsed_args.page_size, parsed_args.request_payer + ) if parsed_args.summarize: self._print_summary() if key: @@ -584,12 +779,15 @@ class ListCommand(S3Command): # thrown before reaching the automatic return of rc of zero. return 0 - def _list_all_objects(self, bucket, key, page_size=None, - request_payer=None): + def _list_all_objects( + self, bucket, key, page_size=None, request_payer=None + ): paginator = self.client.get_paginator('list_objects_v2') paging_args = { - 'Bucket': bucket, 'Prefix': key, 'Delimiter': '/', - 'PaginationConfig': {'PageSize': page_size} + 'Bucket': bucket, + 'Prefix': key, + 'Delimiter': '/', + 'PaginationConfig': {'PageSize': page_size}, } if request_payer is not None: paging_args['RequestPayer'] = request_payer @@ -619,21 +817,18 @@ class ListCommand(S3Command): filename = filename_components[-1] else: filename = content['Key'] - print_str = last_mod_str + ' ' + size_str + ' ' + \ - filename + '\n' + print_str = last_mod_str + ' ' + size_str + ' ' + filename + '\n' uni_print(print_str) self._at_first_page = False def _list_all_buckets( - self, - page_size=None, - prefix=None, - bucket_region=None, + self, + page_size=None, + prefix=None, + bucket_region=None, ): paginator = self.client.get_paginator('list_buckets') - paging_args = { - 'PaginationConfig': {'PageSize': page_size} - } + paging_args = {'PaginationConfig': {'PageSize': page_size}} if prefix: paging_args['Prefix'] = prefix if bucket_region: @@ -649,12 +844,14 @@ class ListCommand(S3Command): print_str = last_mod_str + ' ' + bucket['Name'] + '\n' uni_print(print_str) - def _list_all_objects_recursive(self, bucket, key, page_size=None, - request_payer=None): + def _list_all_objects_recursive( + self, bucket, key, page_size=None, request_payer=None + ): paginator = self.client.get_paginator('list_objects_v2') paging_args = { - 'Bucket': bucket, 'Prefix': key, - 'PaginationConfig': {'PageSize': page_size} + 'Bucket': bucket, + 'Prefix': key, + 'PaginationConfig': {'PageSize': page_size}, } if request_payer is not None: paging_args['RequestPayer'] = request_payer @@ -676,11 +873,14 @@ class ListCommand(S3Command): """ last_mod = parse(last_mod) last_mod = last_mod.astimezone(tzlocal()) - last_mod_tup = (str(last_mod.year), str(last_mod.month).zfill(2), - str(last_mod.day).zfill(2), - str(last_mod.hour).zfill(2), - str(last_mod.minute).zfill(2), - str(last_mod.second).zfill(2)) + last_mod_tup = ( + str(last_mod.year), + str(last_mod.month).zfill(2), + str(last_mod.day).zfill(2), + str(last_mod.hour).zfill(2), + str(last_mod.minute).zfill(2), + str(last_mod.second).zfill(2), + ) last_mod_str = "%s-%s-%s %s:%s:%s" % last_mod_tup return last_mod_str.ljust(19, ' ') @@ -711,25 +911,36 @@ class WebsiteCommand(S3Command): NAME = 'website' DESCRIPTION = 'Set the website configuration for a bucket.' USAGE = '' - ARG_TABLE = [{'name': 'paths', 'nargs': 1, 'positional_arg': True, - 'synopsis': USAGE}, INDEX_DOCUMENT, ERROR_DOCUMENT] + ARG_TABLE = [ + { + 'name': 'paths', + 'nargs': 1, + 'positional_arg': True, + 'synopsis': USAGE, + }, + INDEX_DOCUMENT, + ERROR_DOCUMENT, + ] def _run_main(self, parsed_args, parsed_globals): super(WebsiteCommand, self)._run_main(parsed_args, parsed_globals) bucket = self._get_bucket_name(parsed_args.paths[0]) website_configuration = self._build_website_configuration(parsed_args) self.client.put_bucket_website( - Bucket=bucket, WebsiteConfiguration=website_configuration) + Bucket=bucket, WebsiteConfiguration=website_configuration + ) return 0 def _build_website_configuration(self, parsed_args): website_config = {} if parsed_args.index_document is not None: - website_config['IndexDocument'] = \ - {'Suffix': parsed_args.index_document} + website_config['IndexDocument'] = { + 'Suffix': parsed_args.index_document + } if parsed_args.error_document is not None: - website_config['ErrorDocument'] = \ - {'Key': parsed_args.error_document} + website_config['ErrorDocument'] = { + 'Key': parsed_args.error_document + } return website_config def _get_bucket_name(self, path): @@ -756,13 +967,18 @@ class PresignCommand(S3Command): "so the region needs to be configured explicitly." ) USAGE = "" - ARG_TABLE = [{'name': 'path', - 'positional_arg': True, 'synopsis': USAGE}, - {'name': 'expires-in', 'default': 3600, - 'cli_type_name': 'integer', - 'help_text': ( - 'Number of seconds until the pre-signed ' - 'URL expires. Default is 3600 seconds. Maximum is 604800 seconds.')}] + ARG_TABLE = [ + {'name': 'path', 'positional_arg': True, 'synopsis': USAGE}, + { + 'name': 'expires-in', + 'default': 3600, + 'cli_type_name': 'integer', + 'help_text': ( + 'Number of seconds until the pre-signed ' + 'URL expires. Default is 3600 seconds. Maximum is 604800 seconds.' + ), + }, + ] def _run_main(self, parsed_args, parsed_globals): super(PresignCommand, self)._run_main(parsed_args, parsed_globals) @@ -773,7 +989,7 @@ class PresignCommand(S3Command): url = self.client.generate_presigned_url( 'get_object', {'Bucket': bucket, 'Key': key}, - ExpiresIn=parsed_args.expires_in + ExpiresIn=parsed_args.expires_in, ) uni_print(url) uni_print('\n') @@ -783,18 +999,22 @@ class PresignCommand(S3Command): class S3TransferCommand(S3Command): def _run_main(self, parsed_args, parsed_globals): super(S3TransferCommand, self)._run_main(parsed_args, parsed_globals) + register_feature_id('S3_TRANSFER') self._convert_path_args(parsed_args) params = self._get_params(parsed_args, parsed_globals, self._session) source_client, transfer_client = self._get_source_and_transfer_clients( params=params ) transfer_manager = self._get_transfer_manager( - params=params, - botocore_transfer_client=transfer_client + params=params, botocore_transfer_client=transfer_client ) cmd = CommandArchitecture( - self._session, self.NAME, params, - transfer_manager, source_client, transfer_client + self._session, + self.NAME, + params, + transfer_manager, + source_client, + transfer_client, ) cmd.create_instructions() return cmd.run() @@ -812,8 +1032,8 @@ class S3TransferCommand(S3Command): def _get_params(self, parsed_args, parsed_globals, session): cmd_params = CommandParameters( - self.NAME, vars(parsed_args), self.USAGE, - session, parsed_globals) + self.NAME, vars(parsed_args), self.USAGE, session, parsed_globals + ) cmd_params.add_region(parsed_globals) cmd_params.add_endpoint_url(parsed_globals) cmd_params.add_verify_ssl(parsed_globals) @@ -825,7 +1045,8 @@ class S3TransferCommand(S3Command): def _get_source_and_transfer_clients(self, params): client_factory = ClientFactory(self._session) source_client = client_factory.create_client( - params, is_source_client=True) + params, is_source_client=True + ) transfer_client = client_factory.create_client(params) return source_client, transfer_client @@ -839,52 +1060,98 @@ class S3TransferCommand(S3Command): def _get_runtime_config(self): return transferconfig.RuntimeConfig().build_config( - **self._session.get_scoped_config().get('s3', {})) + **self._session.get_scoped_config().get('s3', {}) + ) class CpCommand(S3TransferCommand): NAME = 'cp' - DESCRIPTION = "Copies a local file or S3 object to another location " \ - "locally or in S3." - USAGE = " or " \ - "or " - ARG_TABLE = [{'name': 'paths', 'nargs': 2, 'positional_arg': True, - 'synopsis': USAGE}] + TRANSFER_ARGS + \ - [METADATA, COPY_PROPS, METADATA_DIRECTIVE, EXPECTED_SIZE, - RECURSIVE] + DESCRIPTION = ( + "Copies a local file or S3 object to another location " + "locally or in S3." + ) + USAGE = " or or " + ARG_TABLE = ( + [ + { + 'name': 'paths', + 'nargs': 2, + 'positional_arg': True, + 'synopsis': USAGE, + } + ] + + TRANSFER_ARGS + + [METADATA, COPY_PROPS, METADATA_DIRECTIVE, EXPECTED_SIZE, RECURSIVE] + ) class MvCommand(S3TransferCommand): NAME = 'mv' DESCRIPTION = BasicCommand.FROM_FILE('s3', 'mv', '_description.rst') - USAGE = " or " \ - "or " - ARG_TABLE = [{'name': 'paths', 'nargs': 2, 'positional_arg': True, - 'synopsis': USAGE}] + TRANSFER_ARGS +\ - [METADATA, COPY_PROPS, METADATA_DIRECTIVE, RECURSIVE, - VALIDATE_SAME_S3_PATHS] + USAGE = " or or " + ARG_TABLE = ( + [ + { + 'name': 'paths', + 'nargs': 2, + 'positional_arg': True, + 'synopsis': USAGE, + } + ] + + TRANSFER_ARGS + + [ + METADATA, + COPY_PROPS, + METADATA_DIRECTIVE, + RECURSIVE, + VALIDATE_SAME_S3_PATHS, + ] + ) class RmCommand(S3TransferCommand): NAME = 'rm' DESCRIPTION = "Deletes an S3 object." USAGE = "" - ARG_TABLE = [{'name': 'paths', 'nargs': 1, 'positional_arg': True, - 'synopsis': USAGE}, DRYRUN, QUIET, RECURSIVE, REQUEST_PAYER, - INCLUDE, EXCLUDE, ONLY_SHOW_ERRORS, PAGE_SIZE] + ARG_TABLE = [ + { + 'name': 'paths', + 'nargs': 1, + 'positional_arg': True, + 'synopsis': USAGE, + }, + DRYRUN, + QUIET, + RECURSIVE, + REQUEST_PAYER, + INCLUDE, + EXCLUDE, + ONLY_SHOW_ERRORS, + PAGE_SIZE, + ] class SyncCommand(S3TransferCommand): NAME = 'sync' - DESCRIPTION = "Syncs directories and S3 prefixes. Recursively copies " \ - "new and updated files from the source directory to " \ - "the destination. Only creates folders in the destination " \ - "if they contain one or more files." - USAGE = " or " \ - " or " - ARG_TABLE = [{'name': 'paths', 'nargs': 2, 'positional_arg': True, - 'synopsis': USAGE}] + TRANSFER_ARGS + \ - [METADATA, COPY_PROPS, METADATA_DIRECTIVE] + DESCRIPTION = ( + "Syncs directories and S3 prefixes. Recursively copies " + "new and updated files from the source directory to " + "the destination. Only creates folders in the destination " + "if they contain one or more files." + ) + USAGE = " or or " + ARG_TABLE = ( + [ + { + 'name': 'paths', + 'nargs': 2, + 'positional_arg': True, + 'synopsis': USAGE, + } + ] + + TRANSFER_ARGS + + [METADATA, COPY_PROPS, METADATA_DIRECTIVE] + ) class MbCommand(S3Command): @@ -920,7 +1187,7 @@ class MbCommand(S3Command): except Exception as e: uni_print( "make_bucket failed: %s %s\n" % (parsed_args.path, e), - sys.stderr + sys.stderr, ) return 1 @@ -935,8 +1202,10 @@ class RbCommand(S3Command): "deleted." ) USAGE = "" - ARG_TABLE = [{'name': 'path', 'positional_arg': True, - 'synopsis': USAGE}, FORCE] + ARG_TABLE = [ + {'name': 'path', 'positional_arg': True, 'synopsis': USAGE}, + FORCE, + ] def _run_main(self, parsed_args, parsed_globals): super(RbCommand, self)._run_main(parsed_args, parsed_globals) @@ -963,7 +1232,7 @@ class RbCommand(S3Command): except Exception as e: uni_print( "remove_bucket failed: %s %s\n" % (parsed_args.path, e), - sys.stderr + sys.stderr, ) return 1 @@ -974,10 +1243,11 @@ class RbCommand(S3Command): if rc != 0: raise RuntimeError( "remove_bucket failed: Unable to delete all objects in the " - "bucket, bucket will not be deleted.") + "bucket, bucket will not be deleted." + ) -class CommandArchitecture(object): +class CommandArchitecture: """ This class drives the actual command. A command is performed in two steps. First a list of instructions is generated. This list of @@ -987,8 +1257,16 @@ class CommandArchitecture(object): list of instructions to wire together an assortment of generators to perform the command. """ - def __init__(self, session, cmd, parameters, transfer_manager, - source_client, transfer_client): + + def __init__( + self, + session, + cmd, + parameters, + transfer_manager, + source_client, + transfer_client, + ): self.session = session self.cmd = cmd self.parameters = parameters @@ -1026,14 +1304,16 @@ class CommandArchitecture(object): """ sync_strategies = {} # Set the default strategies. - sync_strategies['file_at_src_and_dest_sync_strategy'] = \ + sync_strategies['file_at_src_and_dest_sync_strategy'] = ( SizeAndLastModifiedSync() + ) sync_strategies['file_not_at_dest_sync_strategy'] = MissingFileSync() sync_strategies['file_not_at_src_sync_strategy'] = NeverSync() # Determine what strategies to override if any. responses = self.session.emit( - 'choosing-s3-sync-strategy', params=self.parameters) + 'choosing-s3-sync-strategy', params=self.parameters + ) if responses is not None: for response in responses: override_sync_strategy = response[1] @@ -1076,85 +1356,106 @@ class CommandArchitecture(object): 'locals3': 'upload', 's3s3': 'copy', 's3local': 'download', - 's3': 'delete' + 's3': 'delete', } result_queue = queue.Queue() operation_name = cmd_translation[paths_type] fgen_kwargs = { - 'client': self._source_client, 'operation_name': operation_name, + 'client': self._source_client, + 'operation_name': operation_name, 'follow_symlinks': self.parameters['follow_symlinks'], 'page_size': self.parameters['page_size'], 'result_queue': result_queue, } rgen_kwargs = { - 'client': self._client, 'operation_name': '', + 'client': self._client, + 'operation_name': '', 'follow_symlinks': self.parameters['follow_symlinks'], 'page_size': self.parameters['page_size'], 'result_queue': result_queue, } - fgen_request_parameters = \ + fgen_request_parameters = ( self._get_file_generator_request_parameters_skeleton() + ) self._map_request_payer_params(fgen_request_parameters) self._map_sse_c_params(fgen_request_parameters, paths_type) fgen_kwargs['request_parameters'] = fgen_request_parameters - rgen_request_parameters = \ + rgen_request_parameters = ( self._get_file_generator_request_parameters_skeleton() + ) self._map_request_payer_params(rgen_request_parameters) rgen_kwargs['request_parameters'] = rgen_request_parameters file_generator = FileGenerator(**fgen_kwargs) rev_generator = FileGenerator(**rgen_kwargs) stream_dest_path, stream_compare_key = find_dest_path_comp_key(files) - stream_file_info = [FileInfo(src=files['src']['path'], - dest=stream_dest_path, - compare_key=stream_compare_key, - src_type=files['src']['type'], - dest_type=files['dest']['type'], - operation_name=operation_name, - client=self._client, - is_stream=True)] + stream_file_info = [ + FileInfo( + src=files['src']['path'], + dest=stream_dest_path, + compare_key=stream_compare_key, + src_type=files['src']['type'], + dest_type=files['dest']['type'], + operation_name=operation_name, + client=self._client, + is_stream=True, + ) + ] file_info_builder = FileInfoBuilder( - self._client, self._source_client, self.parameters) + self._client, self._source_client, self.parameters + ) s3_transfer_handler = S3TransferHandlerFactory(self.parameters)( - self._transfer_manager, result_queue) + self._transfer_manager, result_queue + ) sync_strategies = self.choose_sync_strategies() command_dict = {} if self.cmd == 'sync': - command_dict = {'setup': [files, rev_files], - 'file_generator': [file_generator, - rev_generator], - 'filters': [create_filter(self.parameters), - create_filter(self.parameters)], - 'comparator': [Comparator(**sync_strategies)], - 'file_info_builder': [file_info_builder], - 's3_handler': [s3_transfer_handler]} + command_dict = { + 'setup': [files, rev_files], + 'file_generator': [file_generator, rev_generator], + 'filters': [ + create_filter(self.parameters), + create_filter(self.parameters), + ], + 'comparator': [Comparator(**sync_strategies)], + 'file_info_builder': [file_info_builder], + 's3_handler': [s3_transfer_handler], + } elif self.cmd == 'cp' and self.parameters['is_stream']: - command_dict = {'setup': [stream_file_info], - 's3_handler': [s3_transfer_handler]} + command_dict = { + 'setup': [stream_file_info], + 's3_handler': [s3_transfer_handler], + } elif self.cmd == 'cp': - command_dict = {'setup': [files], - 'file_generator': [file_generator], - 'filters': [create_filter(self.parameters)], - 'file_info_builder': [file_info_builder], - 's3_handler': [s3_transfer_handler]} + command_dict = { + 'setup': [files], + 'file_generator': [file_generator], + 'filters': [create_filter(self.parameters)], + 'file_info_builder': [file_info_builder], + 's3_handler': [s3_transfer_handler], + } elif self.cmd == 'rm': - command_dict = {'setup': [files], - 'file_generator': [file_generator], - 'filters': [create_filter(self.parameters)], - 'file_info_builder': [file_info_builder], - 's3_handler': [s3_transfer_handler]} + command_dict = { + 'setup': [files], + 'file_generator': [file_generator], + 'filters': [create_filter(self.parameters)], + 'file_info_builder': [file_info_builder], + 's3_handler': [s3_transfer_handler], + } elif self.cmd == 'mv': - command_dict = {'setup': [files], - 'file_generator': [file_generator], - 'filters': [create_filter(self.parameters)], - 'file_info_builder': [file_info_builder], - 's3_handler': [s3_transfer_handler]} + command_dict = { + 'setup': [files], + 'file_generator': [file_generator], + 'filters': [create_filter(self.parameters)], + 'file_info_builder': [file_info_builder], + 's3_handler': [s3_transfer_handler], + } files = command_dict['setup'] while self.instructions: @@ -1185,22 +1486,16 @@ class CommandArchitecture(object): return rc def _get_file_generator_request_parameters_skeleton(self): - return { - 'HeadObject': {}, - 'ListObjects': {}, - 'ListObjectsV2': {} - } + return {'HeadObject': {}, 'ListObjects': {}, 'ListObjectsV2': {}} def _map_request_payer_params(self, request_parameters): RequestParamsMapper.map_head_object_params( - request_parameters['HeadObject'], { - 'request_payer': self.parameters.get('request_payer') - } + request_parameters['HeadObject'], + {'request_payer': self.parameters.get('request_payer')}, ) RequestParamsMapper.map_list_objects_v2_params( - request_parameters['ListObjectsV2'], { - 'request_payer': self.parameters.get('request_payer') - } + request_parameters['ListObjectsV2'], + {'request_payer': self.parameters.get('request_payer')}, ) def _map_sse_c_params(self, request_parameters, paths_type): @@ -1211,13 +1506,15 @@ class CommandArchitecture(object): # not need any of these because it is used only for sync operations # which only use ListObjects which does not require HeadObject. RequestParamsMapper.map_head_object_params( - request_parameters['HeadObject'], self.parameters) + request_parameters['HeadObject'], self.parameters + ) if paths_type == 's3s3': RequestParamsMapper.map_head_object_params( - request_parameters['HeadObject'], { + request_parameters['HeadObject'], + { 'sse_c': self.parameters.get('sse_c_copy_source'), - 'sse_c_key': self.parameters.get('sse_c_copy_source_key') - } + 'sse_c_key': self.parameters.get('sse_c_copy_source_key'), + }, ) @@ -1231,13 +1528,15 @@ class CommandArchitecture(object): # the various valid parameters. The difficult part right now is the # parameters property right now is a dictionary that holds arbitrary # key/value pairs making it difficult to know what is supported. -class CommandParameters(object): +class CommandParameters: """ This class is used to do some initial error based on the parameters and arguments passed to the command line. """ - def __init__(self, cmd, parameters, usage, - session=None, parsed_globals=None): + + def __init__( + self, cmd, parameters, usage, session=None, parsed_globals=None + ): """ Stores command name and parameters. Ensures that the ``dir_op`` flag is true if a certain command is being used. @@ -1286,9 +1585,10 @@ class CommandParameters(object): self._validate_not_s3_express_bucket_for_sync() def _validate_not_s3_express_bucket_for_sync(self): - if self.cmd == 'sync' and \ - (self._is_s3express_path(self.parameters['src']) or - self._is_s3express_path(self.parameters['dest'])): + if self.cmd == 'sync' and ( + self._is_s3express_path(self.parameters['src']) + or self._is_s3express_path(self.parameters['dest']) + ): raise ParamValidationError( "Cannot use sync command with a directory bucket." ) @@ -1314,7 +1614,7 @@ class CommandParameters(object): def _validate_path_args(self): # If we're using a mv command, you can't copy the object onto itself. params = self.parameters - if self.cmd == 'mv' and params['paths_type']=='s3s3': + if self.cmd == 'mv' and params['paths_type'] == 's3s3': self._raise_if_mv_same_paths(params['src'], params['dest']) if self._should_validate_same_underlying_s3_paths(): self._validate_same_underlying_s3_paths() @@ -1325,20 +1625,20 @@ class CommandParameters(object): self._raise_if_paths_type_incorrect_for_param( CHECKSUM_ALGORITHM['name'], params['paths_type'], - ['locals3', 's3s3']) + ['locals3', 's3s3'], + ) if params.get('checksum_mode'): self._raise_if_paths_type_incorrect_for_param( - CHECKSUM_MODE['name'], - params['paths_type'], - ['s3local']) + CHECKSUM_MODE['name'], params['paths_type'], ['s3local'] + ) # If the user provided local path does not exist, hard fail because # we know that we will not be able to upload the file. if 'locals3' == params['paths_type'] and not params['is_stream']: if not os.path.exists(params['src']): raise RuntimeError( - 'The user-provided path %s does not exist.' % - params['src']) + 'The user-provided path %s does not exist.' % params['src'] + ) # If the operation is downloading to a directory that does not exist, # create the directories so no warnings are thrown during the syncing # process. @@ -1362,19 +1662,27 @@ class CommandParameters(object): def _validate_same_s3_paths_enabled(self): validate_env_var = ensure_boolean( - os.environ.get('AWS_CLI_S3_MV_VALIDATE_SAME_S3_PATHS')) - return (self.parameters.get('validate_same_s3_paths') or - validate_env_var) + os.environ.get('AWS_CLI_S3_MV_VALIDATE_SAME_S3_PATHS') + ) + return ( + self.parameters.get('validate_same_s3_paths') or validate_env_var + ) def _should_emit_validate_s3_paths_warning(self): is_same_key = self._same_key( - self.parameters['src'], self.parameters['dest']) + self.parameters['src'], self.parameters['dest'] + ) src_has_underlying_path = S3PathResolver.has_underlying_s3_path( - self.parameters['src']) + self.parameters['src'] + ) dest_has_underlying_path = S3PathResolver.has_underlying_s3_path( - self.parameters['dest']) - return (is_same_key and not self._validate_same_s3_paths_enabled() and - (src_has_underlying_path or dest_has_underlying_path)) + self.parameters['dest'] + ) + return ( + is_same_key + and not self._validate_same_s3_paths_enabled() + and (src_has_underlying_path or dest_has_underlying_path) + ) def _emit_validate_s3_paths_warning(self): msg = ( @@ -1390,19 +1698,20 @@ class CommandParameters(object): def _should_validate_same_underlying_s3_paths(self): is_same_key = self._same_key( - self.parameters['src'], self.parameters['dest']) + self.parameters['src'], self.parameters['dest'] + ) return is_same_key and self._validate_same_s3_paths_enabled() def _validate_same_underlying_s3_paths(self): src_paths = S3PathResolver.from_session( self._session, self.parameters.get('source_region', self._parsed_globals.region), - self._parsed_globals.verify_ssl + self._parsed_globals.verify_ssl, ).resolve_underlying_s3_paths(self.parameters['src']) dest_paths = S3PathResolver.from_session( self._session, self._parsed_globals.region, - self._parsed_globals.verify_ssl + self._parsed_globals.verify_ssl, ).resolve_underlying_s3_paths(self.parameters['dest']) for src_path in src_paths: for dest_path in dest_paths: @@ -1415,13 +1724,15 @@ class CommandParameters(object): f"{self.parameters['src']} - {self.parameters['dest']}" ) - def _raise_if_paths_type_incorrect_for_param(self, param, paths_type, allowed_paths): + def _raise_if_paths_type_incorrect_for_param( + self, param, paths_type, allowed_paths + ): if paths_type not in allowed_paths: expected_usage_map = { 'locals3': ' ', 's3s3': ' ', 's3local': ' ', - 's3': '' + 's3': '', } raise ParamValidationError( f"Expected {param} parameter to be used with one of following path formats: " @@ -1444,14 +1755,16 @@ class CommandParameters(object): This initial check ensures that the path types for the specified command is correct. """ - template_type = {'s3s3': ['cp', 'sync', 'mv'], - 's3local': ['cp', 'sync', 'mv'], - 'locals3': ['cp', 'sync', 'mv'], - 's3': ['mb', 'rb', 'rm'], - 'local': [], 'locallocal': []} + template_type = { + 's3s3': ['cp', 'sync', 'mv'], + 's3local': ['cp', 'sync', 'mv'], + 'locals3': ['cp', 'sync', 'mv'], + 's3': ['mb', 'rb', 'rm'], + 'local': [], + 'locallocal': [], + } paths_type = '' - usage = "usage: aws s3 %s %s" % (self.cmd, - self.usage) + usage = "usage: aws s3 %s %s" % (self.cmd, self.usage) for i in range(len(paths)): if paths[i].startswith('s3://'): paths_type = paths_type + 's3' @@ -1472,8 +1785,9 @@ class CommandParameters(object): Adds endpoint_url to the parameters. """ if 'endpoint_url' in parsed_globals: - self.parameters['endpoint_url'] = getattr(parsed_globals, - 'endpoint_url') + self.parameters['endpoint_url'] = getattr( + parsed_globals, 'endpoint_url' + ) else: self.parameters['endpoint_url'] = None @@ -1482,7 +1796,8 @@ class CommandParameters(object): def add_sign_request(self, parsed_globals): self.parameters['sign_request'] = getattr( - parsed_globals, 'sign_request', True) + parsed_globals, 'sign_request', True + ) def add_page_size(self, parsed_args): self.parameters['page_size'] = getattr(parsed_args, 'page_size', None) diff -pruN 2.23.6-1/awscli/customizations/s3/subscribers.py 2.31.35-1/awscli/customizations/s3/subscribers.py --- 2.23.6-1/awscli/customizations/s3/subscribers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/subscribers.py 2025-11-12 19:17:29.000000000 +0000 @@ -20,7 +20,6 @@ from s3transfer.subscribers import BaseS from awscli.customizations.s3 import utils - LOGGER = logging.getLogger(__name__) @@ -37,10 +36,10 @@ class OnDoneFilteredSubscriber(BaseSubsc It is really a convenience class so developers do not have to have to constantly remember to have a general try/except around future.result() """ + def on_done(self, future, **kwargs): future_exception = None try: - future.result() except Exception as e: future_exception = e @@ -62,6 +61,7 @@ class ProvideSizeSubscriber(BaseSubscrib """ A subscriber which provides the transfer size before it's queued. """ + def __init__(self, size): self.size = size @@ -73,12 +73,35 @@ class ProvideSizeSubscriber(BaseSubscrib else: LOGGER.debug( 'Not providing transfer size. Future: %s does not offer' - 'the capability to notify the size of a transfer', future + 'the capability to notify the size of a transfer', + future, + ) + + +class ProvideETagSubscriber(BaseSubscriber): + """ + A subscriber which provides the object ETag before it's queued. + """ + + def __init__(self, etag): + self.etag = etag + + def on_queued(self, future, **kwargs): + # The CRT transfer client does not support providing an expected + # ETag of an object. So only provide it if it is available. + if hasattr(future.meta, 'provide_object_etag'): + future.meta.provide_object_etag(self.etag) + else: + LOGGER.debug( + 'Not providing object ETag. Future: %s does not offer' + 'the capability to notify the ETag of an object', + future, ) class DeleteSourceSubscriber(OnDoneFilteredSubscriber): """A subscriber which deletes the source of the transfer.""" + def _on_success(self, future): try: self._delete_source(future) @@ -91,6 +114,7 @@ class DeleteSourceSubscriber(OnDoneFilte class DeleteSourceObjectSubscriber(DeleteSourceSubscriber): """A subscriber which deletes an object.""" + def __init__(self, client): self._client = client @@ -104,16 +128,18 @@ class DeleteSourceObjectSubscriber(Delet call_args = future.meta.call_args delete_object_kwargs = { 'Bucket': self._get_bucket(call_args), - 'Key': self._get_key(call_args) + 'Key': self._get_key(call_args), } if call_args.extra_args.get('RequestPayer'): delete_object_kwargs['RequestPayer'] = call_args.extra_args[ - 'RequestPayer'] + 'RequestPayer' + ] self._client.delete_object(**delete_object_kwargs) class DeleteCopySourceObjectSubscriber(DeleteSourceObjectSubscriber): """A subscriber which deletes the copy source.""" + def _get_bucket(self, call_args): return call_args.copy_source['Bucket'] @@ -123,6 +149,7 @@ class DeleteCopySourceObjectSubscriber(D class DeleteSourceFileSubscriber(DeleteSourceSubscriber): """A subscriber which deletes a file.""" + def _delete_source(self, future): os.remove(future.meta.call_args.fileobj) @@ -146,6 +173,7 @@ class ProvideUploadContentTypeSubscriber class ProvideLastModifiedTimeSubscriber(OnDoneFilteredSubscriber): """Sets utime for a downloaded file""" + def __init__(self, last_modified_time, result_queue): self._last_modified_time = last_modified_time self._result_queue = result_queue @@ -159,13 +187,16 @@ class ProvideLastModifiedTimeSubscriber( except Exception as e: warning_message = ( 'Successfully Downloaded %s but was unable to update the ' - 'last modified time. %s' % (filename, e)) + 'last modified time. %s' % (filename, e) + ) self._result_queue.put( - utils.create_warning(filename, warning_message)) + utils.create_warning(filename, warning_message) + ) class DirectoryCreatorSubscriber(BaseSubscriber): """Creates a directory to download if it does not exist""" + def on_queued(self, future, **kwargs): d = os.path.dirname(future.meta.call_args.fileobj) try: @@ -174,18 +205,20 @@ class DirectoryCreatorSubscriber(BaseSub except OSError as e: if not e.errno == errno.EEXIST: raise CreateDirectoryError( - "Could not create directory %s: %s" % (d, e)) + "Could not create directory %s: %s" % (d, e) + ) -class CopyPropsSubscriberFactory(object): +class CopyPropsSubscriberFactory: def __init__(self, client, transfer_config, cli_params): self._client = client self._transfer_config = transfer_config self._cli_params = cli_params def get_subscribers(self, fileinfo): - copy_props = self._cli_params.get( - 'copy_props', 'default').replace('-', '_') + copy_props = self._cli_params.get('copy_props', 'default').replace( + '-', '_' + ) return getattr(self, '_get_%s_subscribers' % copy_props)(fileinfo) def _get_none_subscribers(self, fileinfo): @@ -197,16 +230,18 @@ class CopyPropsSubscriberFactory(object) def _get_metadata_directive_subscribers(self, fileinfo): return [ self._create_metadata_directive_props_subscriber(fileinfo), - ReplaceTaggingDirectiveSubscriber() + ReplaceTaggingDirectiveSubscriber(), ] def _get_default_subscribers(self, fileinfo): return [ self._create_metadata_directive_props_subscriber(fileinfo), SetTagsSubscriber( - self._client, self._transfer_config, self._cli_params, + self._client, + self._transfer_config, + self._cli_params, source_client=fileinfo.source_client, - ) + ), ] def _create_metadata_directive_props_subscriber(self, fileinfo): @@ -216,8 +251,9 @@ class CopyPropsSubscriberFactory(object) 'cli_params': self._cli_params, } if not self._cli_params.get('dir_op'): - subscriber_kwargs[ - 'head_object_response'] = fileinfo.associated_response_data + subscriber_kwargs['head_object_response'] = ( + fileinfo.associated_response_data + ) return SetMetadataDirectivePropsSubscriber(**subscriber_kwargs) @@ -247,8 +283,9 @@ class SetMetadataDirectivePropsSubscribe 'Metadata', ] - def __init__(self, client, transfer_config, cli_params, - head_object_response=None): + def __init__( + self, client, transfer_config, cli_params, head_object_response=None + ): self._client = client self._transfer_config = transfer_config self._cli_params = cli_params @@ -280,7 +317,8 @@ class SetMetadataDirectivePropsSubscribe 'Key': copy_source['Key'], } utils.RequestParamsMapper.map_head_object_params( - head_object_params, self._cli_params) + head_object_params, self._cli_params + ) return self._client.head_object(**head_object_params) def _inject_metadata_props(self, future, head_object_response): @@ -333,19 +371,14 @@ class SetTagsSubscriber(OnDoneFilteredSu extra_args, self._cli_params ) self._client.put_object_tagging( - Bucket=bucket, - Key=key, - Tagging={'TagSet': tag_set}, - **extra_args + Bucket=bucket, Key=key, Tagging={'TagSet': tag_set}, **extra_args ) def _delete_object(self, bucket, key): - params = { - 'Bucket': bucket, - 'Key': key - } + params = {'Bucket': bucket, 'Key': key} utils.RequestParamsMapper.map_delete_object_params( - params, self._cli_params) + params, self._cli_params + ) self._client.delete_object(**params) def _get_bucket_key_from_copy_source(self, future): @@ -358,16 +391,20 @@ class SetTagsSubscriber(OnDoneFilteredSu extra_args, self._cli_params ) get_tags_response = self._source_client.get_object_tagging( - Bucket=bucket, Key=key, **extra_args) + Bucket=bucket, Key=key, **extra_args + ) return get_tags_response['TagSet'] def _fits_in_tagging_header(self, tagging_header): - return len( - tagging_header.encode('utf-8')) <= self._MAX_TAGGING_HEADER_SIZE + return ( + len(tagging_header.encode('utf-8')) + <= self._MAX_TAGGING_HEADER_SIZE + ) def _serialize_to_header_value(self, tags): return percent_encode_sequence( - [(tag['Key'], tag['Value']) for tag in tags]) + [(tag['Key'], tag['Value']) for tag in tags] + ) def _is_multipart_copy(self, future): return future.meta.size >= self._transfer_config.multipart_threshold diff -pruN 2.23.6-1/awscli/customizations/s3/syncstrategy/base.py 2.31.35-1/awscli/customizations/s3/syncstrategy/base.py --- 2.23.6-1/awscli/customizations/s3/syncstrategy/base.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/syncstrategy/base.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,14 +14,16 @@ import logging from awscli.customizations.exceptions import ParamValidationError - LOG = logging.getLogger(__name__) -VALID_SYNC_TYPES = ['file_at_src_and_dest', 'file_not_at_dest', - 'file_not_at_src'] +VALID_SYNC_TYPES = [ + 'file_at_src_and_dest', + 'file_not_at_dest', + 'file_not_at_src', +] -class BaseSync(object): +class BaseSync: """Base sync strategy To create a new sync strategy, subclass from this class. @@ -69,8 +71,7 @@ class BaseSync(object): if sync_type not in VALID_SYNC_TYPES: raise ParamValidationError( "Unknown sync_type: %s.\n" - "Valid options are %s." % - (sync_type, VALID_SYNC_TYPES) + "Valid options are %s." % (sync_type, VALID_SYNC_TYPES) ) @property @@ -80,8 +81,7 @@ class BaseSync(object): def register_strategy(self, session): """Registers the sync strategy class to the given session.""" - session.register('building-arg-table.s3_sync', - self.add_sync_argument) + session.register('building-arg-table.s3_sync', self.add_sync_argument) session.register('choosing-s3-sync-strategy', self.use_sync_strategy) def determine_should_sync(self, src_file, dest_file): @@ -118,7 +118,7 @@ class BaseSync(object): 'file_not_at_dest': refers to ``src_file`` 'file_not_at_src': refers to ``dest_file`` - """ + """ raise NotImplementedError("determine_should_sync") @@ -187,8 +187,9 @@ class BaseSync(object): :param td: The difference between two datetime objects. """ - return (td.microseconds + (td.seconds + td.days * 24 * - 3600) * 10**6) / 10**6 + return ( + td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6 + ) / 10**6 def compare_size(self, src_file, dest_file): """ @@ -218,7 +219,6 @@ class BaseSync(object): # at the source location. return False elif cmd == "download": - if self.total_seconds(delta) <= 0: return True else: @@ -228,7 +228,6 @@ class BaseSync(object): class SizeAndLastModifiedSync(BaseSync): - def determine_should_sync(self, src_file, dest_file): same_size = self.compare_size(src_file, dest_file) same_last_modified_time = self.compare_time(src_file, dest_file) @@ -236,9 +235,13 @@ class SizeAndLastModifiedSync(BaseSync): if should_sync: LOG.debug( "syncing: %s -> %s, size: %s -> %s, modified time: %s -> %s", - src_file.src, src_file.dest, - src_file.size, dest_file.size, - src_file.last_update, dest_file.last_update) + src_file.src, + src_file.dest, + src_file.size, + dest_file.size, + src_file.last_update, + dest_file.last_update, + ) return should_sync @@ -255,6 +258,9 @@ class MissingFileSync(BaseSync): super(MissingFileSync, self).__init__(sync_type) def determine_should_sync(self, src_file, dest_file): - LOG.debug("syncing: %s -> %s, file does not exist at destination", - src_file.src, src_file.dest) + LOG.debug( + "syncing: %s -> %s, file does not exist at destination", + src_file.src, + src_file.dest, + ) return True diff -pruN 2.23.6-1/awscli/customizations/s3/syncstrategy/delete.py 2.31.35-1/awscli/customizations/s3/syncstrategy/delete.py --- 2.23.6-1/awscli/customizations/s3/syncstrategy/delete.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/syncstrategy/delete.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,24 +14,29 @@ import logging from awscli.customizations.s3.syncstrategy.base import BaseSync - LOG = logging.getLogger(__name__) -DELETE = {'name': 'delete', 'action': 'store_true', - 'help_text': ( - "Files that exist in the destination but not in the source are " - "deleted during sync. Note that files excluded by filters are " - "excluded from deletion.")} +DELETE = { + 'name': 'delete', + 'action': 'store_true', + 'help_text': ( + "Files that exist in the destination but not in the source are " + "deleted during sync. Note that files excluded by filters are " + "excluded from deletion." + ), +} class DeleteSync(BaseSync): - ARGUMENT = DELETE def determine_should_sync(self, src_file, dest_file): dest_file.operation_name = 'delete' - LOG.debug("syncing: (None) -> %s (remove), file does not " - "exist at source (%s) and delete mode enabled", - dest_file.src, dest_file.dest) + LOG.debug( + "syncing: (None) -> %s (remove), file does not " + "exist at source (%s) and delete mode enabled", + dest_file.src, + dest_file.dest, + ) return True diff -pruN 2.23.6-1/awscli/customizations/s3/syncstrategy/exacttimestamps.py 2.31.35-1/awscli/customizations/s3/syncstrategy/exacttimestamps.py --- 2.23.6-1/awscli/customizations/s3/syncstrategy/exacttimestamps.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/syncstrategy/exacttimestamps.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,21 +14,23 @@ import logging from awscli.customizations.s3.syncstrategy.base import SizeAndLastModifiedSync - LOG = logging.getLogger(__name__) -EXACT_TIMESTAMPS = {'name': 'exact-timestamps', 'action': 'store_true', - 'help_text': ( - 'When syncing from S3 to local, same-sized ' - 'items will be ignored only when the timestamps ' - 'match exactly. The default behavior is to ignore ' - 'same-sized items unless the local version is newer ' - 'than the S3 version.')} +EXACT_TIMESTAMPS = { + 'name': 'exact-timestamps', + 'action': 'store_true', + 'help_text': ( + 'When syncing from S3 to local, same-sized ' + 'items will be ignored only when the timestamps ' + 'match exactly. The default behavior is to ignore ' + 'same-sized items unless the local version is newer ' + 'than the S3 version.' + ), +} class ExactTimestampsSync(SizeAndLastModifiedSync): - ARGUMENT = EXACT_TIMESTAMPS def compare_time(self, src_file, dest_file): @@ -39,5 +41,6 @@ class ExactTimestampsSync(SizeAndLastMod if cmd == 'download': return self.total_seconds(delta) == 0 else: - return super(ExactTimestampsSync, self).compare_time(src_file, - dest_file) + return super(ExactTimestampsSync, self).compare_time( + src_file, dest_file + ) diff -pruN 2.23.6-1/awscli/customizations/s3/syncstrategy/register.py 2.31.35-1/awscli/customizations/s3/syncstrategy/register.py --- 2.23.6-1/awscli/customizations/s3/syncstrategy/register.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/syncstrategy/register.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,14 +10,16 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.s3.syncstrategy.sizeonly import SizeOnlySync -from awscli.customizations.s3.syncstrategy.exacttimestamps import \ - ExactTimestampsSync from awscli.customizations.s3.syncstrategy.delete import DeleteSync +from awscli.customizations.s3.syncstrategy.exacttimestamps import ( + ExactTimestampsSync, +) +from awscli.customizations.s3.syncstrategy.sizeonly import SizeOnlySync -def register_sync_strategy(session, strategy_cls, - sync_type='file_at_src_and_dest'): +def register_sync_strategy( + session, strategy_cls, sync_type='file_at_src_and_dest' +): """Registers a single sync strategy :param session: The session that the sync strategy is being registered to. diff -pruN 2.23.6-1/awscli/customizations/s3/syncstrategy/sizeonly.py 2.31.35-1/awscli/customizations/s3/syncstrategy/sizeonly.py --- 2.23.6-1/awscli/customizations/s3/syncstrategy/sizeonly.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/syncstrategy/sizeonly.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,24 +14,30 @@ import logging from awscli.customizations.s3.syncstrategy.base import BaseSync - LOG = logging.getLogger(__name__) -SIZE_ONLY = {'name': 'size-only', 'action': 'store_true', - 'help_text': ( - 'Makes the size of each key the only criteria used to ' - 'decide whether to sync from source to destination.')} +SIZE_ONLY = { + 'name': 'size-only', + 'action': 'store_true', + 'help_text': ( + 'Makes the size of each key the only criteria used to ' + 'decide whether to sync from source to destination.' + ), +} class SizeOnlySync(BaseSync): - ARGUMENT = SIZE_ONLY def determine_should_sync(self, src_file, dest_file): same_size = self.compare_size(src_file, dest_file) should_sync = not same_size if should_sync: - LOG.debug("syncing: %s -> %s, size_changed: %s", - src_file.src, src_file.dest, not same_size) + LOG.debug( + "syncing: %s -> %s, size_changed: %s", + src_file.src, + src_file.dest, + not same_size, + ) return should_sync diff -pruN 2.23.6-1/awscli/customizations/s3/transferconfig.py 2.31.35-1/awscli/customizations/s3/transferconfig.py --- 2.23.6-1/awscli/customizations/s3/transferconfig.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/transferconfig.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,26 +10,31 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from s3transfer.manager import TransferConfig - -from awscli.customizations.s3 import constants -from awscli.customizations.s3.utils import human_readable_to_int # If the user does not specify any overrides, # these are the default values we use for the s3 transfer # commands. import logging +from botocore.utils import ensure_boolean +from s3transfer.manager import TransferConfig + +from awscli.customizations.s3 import constants +from awscli.customizations.s3.utils import human_readable_to_int LOGGER = logging.getLogger(__name__) DEFAULTS = { - 'multipart_threshold': 8 * (1024 ** 2), - 'multipart_chunksize': 8 * (1024 ** 2), + 'multipart_threshold': 8 * (1024**2), + 'multipart_chunksize': 8 * (1024**2), 'max_concurrent_requests': 10, 'max_queue_size': 1000, 'max_bandwidth': None, 'preferred_transfer_client': constants.AUTO_RESOLVE_TRANSFER_CLIENT, 'target_bandwidth': None, + 'io_chunksize': 256 * 1024, + 'should_stream': None, + 'disk_throughput': None, + 'direct_io': None, } @@ -37,13 +42,27 @@ class InvalidConfigError(Exception): pass -class RuntimeConfig(object): - - POSITIVE_INTEGERS = ['multipart_chunksize', 'multipart_threshold', - 'max_concurrent_requests', 'max_queue_size', - 'max_bandwidth', 'target_bandwidth'] - HUMAN_READABLE_SIZES = ['multipart_chunksize', 'multipart_threshold'] - HUMAN_READABLE_RATES = ['max_bandwidth', 'target_bandwidth'] +class RuntimeConfig: + POSITIVE_INTEGERS = [ + 'multipart_chunksize', + 'multipart_threshold', + 'max_concurrent_requests', + 'max_queue_size', + 'max_bandwidth', + 'target_bandwidth', + 'io_chunksize', + 'disk_throughput', + ] + HUMAN_READABLE_SIZES = [ + 'multipart_chunksize', + 'multipart_threshold', + 'io_chunksize', + ] + HUMAN_READABLE_RATES = [ + 'max_bandwidth', + 'target_bandwidth', + 'disk_throughput', + ] SUPPORTED_CHOICES = { 'preferred_transfer_client': [ constants.AUTO_RESOLVE_TRANSFER_CLIENT, @@ -56,6 +75,7 @@ class RuntimeConfig(object): 'default': constants.CLASSIC_TRANSFER_CLIENT } } + BOOLEANS = ['should_stream', 'direct_io'] @staticmethod def defaults(): @@ -77,6 +97,7 @@ class RuntimeConfig(object): runtime_config.update(kwargs) self._convert_human_readable_sizes(runtime_config) self._convert_human_readable_rates(runtime_config) + self._convert_booleans(runtime_config) self._resolve_choice_aliases(runtime_config) self._validate_config(runtime_config) return runtime_config @@ -107,7 +128,14 @@ class RuntimeConfig(object): 'as an integer in terms of bytes per second ' '(e.g. 10485760) or a rate in terms of bytes ' 'per second (e.g. 10MB/s or 800KB/s) or bits per ' - 'second (e.g. 10Mb/s or 800Kb/s)' % value) + 'second (e.g. 10Mb/s or 800Kb/s)' % value + ) + + def _convert_booleans(self, runtime_config): + for attr in self.BOOLEANS: + value = runtime_config.get(attr) + if value is not None: + runtime_config[attr] = ensure_boolean(value) def _human_readable_rate_to_int(self, value): # The human_readable_to_int() utility only supports integers (e.g. 1024) @@ -145,7 +173,9 @@ class RuntimeConfig(object): resolved_value = self.CHOICE_ALIASES[attr][current_value] LOGGER.debug( 'Resolved %s configuration alias value "%s" to "%s"', - attr, current_value, resolved_value + attr, + current_value, + resolved_value, ) runtime_config[attr] = resolved_value @@ -173,7 +203,8 @@ class RuntimeConfig(object): def _error_positive_value(self, name, value): raise InvalidConfigError( - "Value for %s must be a positive integer: %s" % (name, value)) + "Value for %s must be a positive integer: %s" % (name, value) + ) def _error_invalid_choice(self, name, value): raise InvalidConfigError( @@ -198,6 +229,7 @@ def create_transfer_config_from_runtime_ 'multipart_threshold': 'multipart_threshold', 'multipart_chunksize': 'multipart_chunksize', 'max_bandwidth': 'max_bandwidth', + 'io_chunksize': 'io_chunksize', } kwargs = {} for key, value in runtime_config.items(): diff -pruN 2.23.6-1/awscli/customizations/s3/utils.py 2.31.35-1/awscli/customizations/s3/utils.py --- 2.23.6-1/awscli/customizations/s3/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,19 +11,18 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import argparse +import errno import logging -from datetime import datetime import mimetypes -import errno import os import re -from collections import namedtuple, deque +from collections import deque, namedtuple +from datetime import datetime from dateutil.parser import parse from dateutil.tz import tzlocal, tzutc -from awscli.compat import bytes_print -from awscli.compat import queue +from awscli.compat import bytes_print, queue from awscli.customizations.exceptions import ParamValidationError LOGGER = logging.getLogger(__name__) @@ -31,16 +30,16 @@ HUMANIZE_SUFFIXES = ('KiB', 'MiB', 'GiB' EPOCH_TIME = datetime(1970, 1, 1, tzinfo=tzutc()) # Maximum object size allowed in S3. # See: http://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html -MAX_UPLOAD_SIZE = 5 * (1024 ** 4) +MAX_UPLOAD_SIZE = 5 * (1024**4) SIZE_SUFFIX = { 'kb': 1024, - 'mb': 1024 ** 2, - 'gb': 1024 ** 3, - 'tb': 1024 ** 4, + 'mb': 1024**2, + 'gb': 1024**3, + 'tb': 1024**4, 'kib': 1024, - 'mib': 1024 ** 2, - 'gib': 1024 ** 3, - 'tib': 1024 ** 4, + 'mib': 1024**2, + 'gib': 1024**3, + 'tib': 1024**4, } _S3_ACCESSPOINT_TO_BUCKET_KEY_REGEX = re.compile( r'^(?Parn:(aws).*:s3:[a-z\-0-9]*:[0-9]{12}:accesspoint[:/][^/]+)/?' @@ -90,7 +89,7 @@ def human_readable_size(value): return '%d Bytes' % bytes_int for i, suffix in enumerate(HUMANIZE_SUFFIXES): - unit = base ** (i+2) + unit = base ** (i + 2) if round((bytes_int / unit) * base) < base: return '%.1f %s' % ((base * bytes_int / unit), suffix) @@ -110,8 +109,7 @@ def human_readable_to_int(value): suffix = value[-3:].lower() else: suffix = value[-2:].lower() - has_size_identifier = ( - len(value) >= 2 and suffix in SIZE_SUFFIX) + has_size_identifier = len(value) >= 2 and suffix in SIZE_SUFFIX if not has_size_identifier: try: return int(value) @@ -119,7 +117,7 @@ def human_readable_to_int(value): raise ValueError("Invalid size value: %s" % value) else: multiplier = SIZE_SUFFIX[suffix] - return int(value[:-len(suffix)]) * multiplier + return int(value[: -len(suffix)]) * multiplier class AppendFilter(argparse.Action): @@ -136,6 +134,7 @@ class AppendFilter(argparse.Action): appear later in the command line take preference over rulers that appear earlier. """ + def __call__(self, parser, namespace, values, option_string=None): filter_list = getattr(namespace, self.dest) if filter_list: @@ -170,6 +169,7 @@ class StablePriorityQueue(queue.Queue): (least important) priority available. """ + def __init__(self, maxsize=0, max_priority=20): queue.Queue.__init__(self, maxsize=maxsize) self.priorities = [deque([]) for i in range(max_priority + 1)] @@ -182,8 +182,10 @@ class StablePriorityQueue(queue.Queue): return size def _put(self, item): - priority = min(getattr(item, 'PRIORITY', self.default_priority), - self.default_priority) + priority = min( + getattr(item, 'PRIORITY', self.default_priority), + self.default_priority, + ) self.priorities[priority].append(item) def _get(self): @@ -251,9 +253,10 @@ def get_file_stat(path): """ try: stats = os.stat(path) - except IOError as e: - raise ValueError('Could not retrieve file stat of "%s": %s' % ( - path, e)) + except OSError as e: + raise ValueError( + 'Could not retrieve file stat of "%s": %s' % (path, e) + ) try: update_time = datetime.fromtimestamp(stats.st_mtime, tzlocal()) @@ -284,14 +287,15 @@ def find_dest_path_comp_key(files, src_p sep_table = {'s3': '/', 'local': os.sep} if files['dir_op']: - rel_path = src_path[len(src['path']):] + rel_path = src_path[len(src['path']) :] else: rel_path = src_path.split(sep_table[src_type])[-1] compare_key = rel_path.replace(sep_table[src_type], '/') if files['use_src_name']: dest_path = dest['path'] - dest_path += rel_path.replace(sep_table[src_type], - sep_table[dest_type]) + dest_path += rel_path.replace( + sep_table[src_type], sep_table[dest_type] + ) else: dest_path = dest['path'] return dest_path, compare_key @@ -305,16 +309,18 @@ def create_warning(path, error_message, if skip_file: print_string = print_string + "Skipping file " + path + ". " print_string = print_string + error_message - warning_message = WarningResult(message=print_string, error=False, - warning=True) + warning_message = WarningResult( + message=print_string, error=False, warning=True + ) return warning_message -class StdoutBytesWriter(object): +class StdoutBytesWriter: """ This class acts as a file-like object that performs the bytes_print function on write. """ + def __init__(self, stdout=None): self._stdout = stdout @@ -344,8 +350,9 @@ def guess_content_type(filename): # default guessed content type of None. except UnicodeDecodeError: LOGGER.debug( - 'Unable to guess content type for %s due to ' - 'UnicodeDecodeError: ', filename, exc_info=True + 'Unable to guess content type for %s due to UnicodeDecodeError: ', + filename, + exc_info=True, ) @@ -381,8 +388,9 @@ def set_file_utime(filename, desired_tim if e.errno != errno.EPERM: raise e raise SetFileUtimeError( - ("The file was downloaded, but attempting to modify the " - "utime of the file failed. Is the file owned by another user?")) + "The file was downloaded, but attempting to modify the " + "utime of the file failed. Is the file owned by another user?" + ) class SetFileUtimeError(Exception): @@ -393,15 +401,20 @@ def _date_parser(date_string): return parse(date_string).astimezone(tzlocal()) -class BucketLister(object): +class BucketLister: """List keys in a bucket.""" + def __init__(self, client, date_parser=_date_parser): self._client = client self._date_parser = date_parser - def list_objects(self, bucket, prefix=None, page_size=None, - extra_args=None): - kwargs = {'Bucket': bucket, 'PaginationConfig': {'PageSize': page_size}} + def list_objects( + self, bucket, prefix=None, page_size=None, extra_args=None + ): + kwargs = { + 'Bucket': bucket, + 'PaginationConfig': {'PageSize': page_size}, + } if prefix is not None: kwargs['Prefix'] = prefix if extra_args is not None: @@ -414,12 +427,14 @@ class BucketLister(object): for content in contents: source_path = bucket + '/' + content['Key'] content['LastModified'] = self._date_parser( - content['LastModified']) + content['LastModified'] + ) yield source_path, content -class PrintTask(namedtuple('PrintTask', - ['message', 'error', 'total_parts', 'warning'])): +class PrintTask( + namedtuple('PrintTask', ['message', 'error', 'total_parts', 'warning']) +): def __new__(cls, message, error=False, total_parts=None, warning=None): """ :param message: An arbitrary string associated with the entry. This @@ -428,13 +443,15 @@ class PrintTask(namedtuple('PrintTask', :param total_parts: The total number of parts for multipart transfers. :param warning: Boolean indicating a warning """ - return super(PrintTask, cls).__new__(cls, message, error, total_parts, - warning) + return super(PrintTask, cls).__new__( + cls, message, error, total_parts, warning + ) + WarningResult = PrintTask -class RequestParamsMapper(object): +class RequestParamsMapper: """A utility class that maps CLI params to request params Each method in the class maps to a particular operation and will set @@ -462,6 +479,7 @@ class RequestParamsMapper(object): Note that existing parameters in ``request_params`` will be overriden if a parameter in ``cli_params`` maps to the existing parameter. """ + @classmethod def map_put_object_params(cls, request_params, cli_params): """Map CLI params to PutObject request params""" @@ -498,7 +516,8 @@ class RequestParamsMapper(object): cls._auto_populate_metadata_directive(request_params) cls._set_sse_request_params(request_params, cli_params) cls._set_sse_c_and_copy_source_request_params( - request_params, cli_params) + request_params, cli_params + ) cls._set_request_payer_param(request_params, cli_params) cls._set_checksum_algorithm_param(request_params, cli_params) @@ -527,7 +546,8 @@ class RequestParamsMapper(object): def map_upload_part_copy_params(cls, request_params, cli_params): """Map CLI params to UploadPartCopy request params""" cls._set_sse_c_and_copy_source_request_params( - request_params, cli_params) + request_params, cli_params + ) cls._set_request_payer_param(request_params, cli_params) @classmethod @@ -551,7 +571,9 @@ class RequestParamsMapper(object): @classmethod def _set_checksum_algorithm_param(cls, request_params, cli_params): if cli_params.get('checksum_algorithm'): - request_params['ChecksumAlgorithm'] = cli_params['checksum_algorithm'] + request_params['ChecksumAlgorithm'] = cli_params[ + 'checksum_algorithm' + ] @classmethod def _set_general_object_params(cls, request_params, cli_params): @@ -567,7 +589,7 @@ class RequestParamsMapper(object): 'content_disposition': 'ContentDisposition', 'content_encoding': 'ContentEncoding', 'content_language': 'ContentLanguage', - 'expires': 'Expires' + 'expires': 'Expires', } for cli_param_name in general_param_translation: if cli_params.get(cli_param_name): @@ -608,21 +630,23 @@ class RequestParamsMapper(object): @classmethod def _auto_populate_metadata_directive(cls, request_params): - if request_params.get('Metadata') and \ - not request_params.get('MetadataDirective'): + if request_params.get('Metadata') and not request_params.get( + 'MetadataDirective' + ): request_params['MetadataDirective'] = 'REPLACE' @classmethod def _set_metadata_directive_param(cls, request_params, cli_params): if cli_params.get('metadata_directive'): request_params['MetadataDirective'] = cli_params[ - 'metadata_directive'] + 'metadata_directive' + ] @classmethod def _set_sse_request_params(cls, request_params, cli_params): if cli_params.get('sse'): request_params['ServerSideEncryption'] = cli_params['sse'] - if cli_params.get('sse_kms_key_id'): + if cli_params.get('sse_kms_key_id'): request_params['SSEKMSKeyId'] = cli_params['sse_kms_key_id'] @classmethod @@ -635,18 +659,21 @@ class RequestParamsMapper(object): def _set_sse_c_copy_source_request_params(cls, request_params, cli_params): if cli_params.get('sse_c_copy_source'): request_params['CopySourceSSECustomerAlgorithm'] = cli_params[ - 'sse_c_copy_source'] + 'sse_c_copy_source' + ] request_params['CopySourceSSECustomerKey'] = cli_params[ - 'sse_c_copy_source_key'] + 'sse_c_copy_source_key' + ] @classmethod - def _set_sse_c_and_copy_source_request_params(cls, request_params, - cli_params): + def _set_sse_c_and_copy_source_request_params( + cls, request_params, cli_params + ): cls._set_sse_c_request_params(request_params, cli_params) cls._set_sse_c_copy_source_request_params(request_params, cli_params) -class NonSeekableStream(object): +class NonSeekableStream: """Wrap a file like object as a non seekable stream. This class is used to wrap an existing file like object @@ -664,6 +691,7 @@ class NonSeekableStream(object): for certain that a fileobj is non seekable. """ + def __init__(self, fileobj): self._fileobj = fileobj @@ -696,10 +724,12 @@ class S3PathResolver: def has_underlying_s3_path(self, path): bucket, _ = split_s3_bucket_key(path) return bool( - self._S3_ACCESSPOINT_ARN_TO_ACCOUNT_NAME_REGEX.match(bucket) or - self._S3_OUTPOST_ACCESSPOINT_ARN_TO_ACCOUNT_REGEX.match(bucket) or - self._S3_MRAP_ARN_TO_ACCOUNT_ALIAS_REGEX.match(bucket) or - bucket.endswith('-s3alias') or bucket.endswith('--op-s3')) + self._S3_ACCESSPOINT_ARN_TO_ACCOUNT_NAME_REGEX.match(bucket) + or self._S3_OUTPOST_ACCESSPOINT_ARN_TO_ACCOUNT_REGEX.match(bucket) + or self._S3_MRAP_ARN_TO_ACCOUNT_ALIAS_REGEX.match(bucket) + or bucket.endswith('-s3alias') + or bucket.endswith('--op-s3') + ) @classmethod def from_session(cls, session, region, verify_ssl): @@ -756,8 +786,7 @@ class S3PathResolver: def _get_access_point_bucket(self, account, name): return self._s3control_client.get_access_point( - AccountId=account, - Name=name + AccountId=account, Name=name )['Bucket'] def _get_account_id(self): diff -pruN 2.23.6-1/awscli/customizations/s3errormsg.py 2.31.35-1/awscli/customizations/s3errormsg.py --- 2.23.6-1/awscli/customizations/s3errormsg.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3errormsg.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,9 +10,7 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -"""Give better S3 error messages. -""" - +"""Give better S3 error messages.""" REGION_ERROR_MSG = ( 'You can fix this issue by explicitly providing the correct region ' @@ -54,8 +52,9 @@ def enhance_error_msg(parsed, **kwargs): def _is_sigv4_error_message(parsed): - return ('Please use AWS4-HMAC-SHA256' in - parsed.get('Error', {}).get('Message', '')) + return 'Please use AWS4-HMAC-SHA256' in parsed.get('Error', {}).get( + 'Message', '' + ) def _is_permanent_redirect_message(parsed): @@ -63,5 +62,7 @@ def _is_permanent_redirect_message(parse def _is_kms_sigv4_error_message(parsed): - return ('AWS KMS managed keys require AWS Signature Version 4' in - parsed.get('Error', {}).get('Message', '')) + return ( + 'AWS KMS managed keys require AWS Signature Version 4' + in parsed.get('Error', {}).get('Message', '') + ) diff -pruN 2.23.6-1/awscli/customizations/s3events.py 2.31.35-1/awscli/customizations/s3events.py --- 2.23.6-1/awscli/customizations/s3events.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3events.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Add S3 specific event streaming output arg.""" -from awscli.arguments import CustomArgument +from awscli.arguments import CustomArgument STREAM_HELP_TEXT = 'Filename where the records will be saved' @@ -24,28 +24,29 @@ class DocSectionNotFoundError(Exception) def register_event_stream_arg(event_handlers): event_handlers.register( 'building-argument-table.s3api.select-object-content', - add_event_stream_output_arg) + add_event_stream_output_arg, + ) event_handlers.register_last( - 'doc-output.s3api.select-object-content', - replace_event_stream_docs + 'doc-output.s3api.select-object-content', replace_event_stream_docs ) def register_document_expires_string(event_handlers): - event_handlers.register_last( - 'doc-output.s3api', - document_expires_string - ) + event_handlers.register_last('doc-output.s3api', document_expires_string) -def add_event_stream_output_arg(argument_table, operation_model, - session, **kwargs): +def add_event_stream_output_arg( + argument_table, operation_model, session, **kwargs +): argument_table['outfile'] = S3SelectStreamOutputArgument( - name='outfile', help_text=STREAM_HELP_TEXT, - cli_type_name='string', positional_arg=True, + name='outfile', + help_text=STREAM_HELP_TEXT, + cli_type_name='string', + positional_arg=True, stream_key=operation_model.output_shape.serialization['payload'], - session=session) + session=session, + ) def replace_event_stream_docs(help_command, **kwargs): @@ -59,10 +60,13 @@ def replace_event_stream_docs(help_comma # we should be raising something with a helpful error message. raise DocSectionNotFoundError( 'Could not find the "output" section for the command: %s' - % help_command) + % help_command + ) doc.write('======\nOutput\n======\n') - doc.write("This command generates no output. The selected " - "object content is written to the specified outfile.\n") + doc.write( + "This command generates no output. The selected " + "object content is written to the specified outfile.\n" + ) def document_expires_string(help_command, **kwargs): @@ -81,7 +85,7 @@ def document_expires_string(help_command f'\n\n{" " * doc.style.indentation * doc.style.indent_width}', 'ExpiresString -> (string)\n\n', '\tThe raw, unparsed value of the ``Expires`` field.', - f'\n\n{" " * doc.style.indentation * doc.style.indent_width}' + f'\n\n{" " * doc.style.indentation * doc.style.indent_width}', ] for idx, write in enumerate(deprecation_note_and_expires_string): @@ -103,8 +107,9 @@ class S3SelectStreamOutputArgument(Custo def add_to_params(self, parameters, value): self._output_file = value - self._session.register('after-call.s3.SelectObjectContent', - self.save_file) + self._session.register( + 'after-call.s3.SelectObjectContent', self.save_file + ) def save_file(self, parsed, **kwargs): # This method is hooked into after-call which fires diff -pruN 2.23.6-1/awscli/customizations/s3uploader.py 2.31.35-1/awscli/customizations/s3uploader.py --- 2.23.6-1/awscli/customizations/s3uploader.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/s3uploader.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,14 +11,14 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import hashlib import logging -import threading import os import sys +import threading import botocore import botocore.exceptions +from botocore.compat import get_md5 from s3transfer.manager import TransferManager from s3transfer.subscribers import BaseSubscriber @@ -27,20 +27,31 @@ from awscli.compat import collections_ab LOG = logging.getLogger(__name__) +def _get_checksum(): + hashlib_params = {"usedforsecurity": False} + try: + checksum = get_md5(**hashlib_params) + except botocore.exceptions.MD5UnavailableError: + import hashlib + checksum = hashlib.sha256(**hashlib_params) + return checksum + + class NoSuchBucketError(Exception): def __init__(self, **kwargs): msg = self.fmt.format(**kwargs) Exception.__init__(self, msg) self.kwargs = kwargs + fmt = ( + "S3 Bucket does not exist. " + "Execute the command to create a new bucket" + "\n" + "aws s3 mb s3://{bucket_name}" + ) - fmt = ("S3 Bucket does not exist. " - "Execute the command to create a new bucket" - "\n" - "aws s3 mb s3://{bucket_name}") - -class S3Uploader(object): +class S3Uploader: """ Class to upload objects to S3 bucket that use versioning. If bucket does not already use versioning, this class will turn on versioning. @@ -59,12 +70,15 @@ class S3Uploader(object): raise TypeError("Artifact metadata should be in dict type") self._artifact_metadata = val - def __init__(self, s3_client, - bucket_name, - prefix=None, - kms_key_id=None, - force_upload=False, - transfer_manager=None): + def __init__( + self, + s3_client, + bucket_name, + prefix=None, + kms_key_id=None, + force_upload=False, + transfer_manager=None, + ): self.bucket_name = bucket_name self.prefix = prefix self.kms_key_id = kms_key_id or None @@ -86,21 +100,20 @@ class S3Uploader(object): """ if self.prefix and len(self.prefix) > 0: - remote_path = "{0}/{1}".format(self.prefix, remote_path) + remote_path = f"{self.prefix}/{remote_path}" # Check if a file with same data exists if not self.force_upload and self.file_exists(remote_path): - LOG.debug("File with same data already exists at {0}. " - "Skipping upload".format(remote_path)) + LOG.debug( + f"File with same data already exists at {remote_path}. " + "Skipping upload" + ) return self.make_url(remote_path) try: - # Default to regular server-side encryption unless customer has # specified their own KMS keys - additional_args = { - "ServerSideEncryption": "AES256" - } + additional_args = {"ServerSideEncryption": "AES256"} if self.kms_key_id: additional_args["ServerSideEncryption"] = "aws:kms" @@ -109,13 +122,16 @@ class S3Uploader(object): if self.artifact_metadata: additional_args["Metadata"] = self.artifact_metadata - print_progress_callback = \ - ProgressPercentage(file_name, remote_path) - future = self.transfer_manager.upload(file_name, - self.bucket_name, - remote_path, - additional_args, - [print_progress_callback]) + print_progress_callback = ProgressPercentage( + file_name, remote_path + ) + future = self.transfer_manager.upload( + file_name, + self.bucket_name, + remote_path, + additional_args, + [print_progress_callback], + ) future.result() return self.make_url(remote_path) @@ -128,7 +144,7 @@ class S3Uploader(object): def upload_with_dedup(self, file_name, extension=None): """ - Makes and returns name of the S3 object based on the file's MD5 sum + Makes and returns name of the S3 object based on the file's checksum :param file_name: file to upload :param extension: String of file extension to append to the object @@ -140,8 +156,8 @@ class S3Uploader(object): # and re-upload only if necessary. So the template points to same file # in multiple places, this will upload only once - filemd5 = self.file_checksum(file_name) - remote_path = filemd5 + file_checksum = self.file_checksum(file_name) + remote_path = file_checksum if extension: remote_path = remote_path + "." + extension @@ -157,8 +173,7 @@ class S3Uploader(object): try: # Find the object that matches this ETag - self.s3.head_object( - Bucket=self.bucket_name, Key=remote_path) + self.s3.head_object(Bucket=self.bucket_name, Key=remote_path) return True except botocore.exceptions.ClientError: # Either File does not exist or we are unable to get @@ -166,13 +181,11 @@ class S3Uploader(object): return False def make_url(self, obj_path): - return "s3://{0}/{1}".format( - self.bucket_name, obj_path) + return f"s3://{self.bucket_name}/{obj_path}" def file_checksum(self, file_name): - with open(file_name, "rb") as file_handle: - md5 = hashlib.md5() + checksum = _get_checksum() # Read file in chunks of 4096 bytes block_size = 4096 @@ -182,23 +195,23 @@ class S3Uploader(object): buf = file_handle.read(block_size) while len(buf) > 0: - md5.update(buf) + checksum.update(buf) buf = file_handle.read(block_size) # Restore file cursor's position file_handle.seek(curpos) - return md5.hexdigest() + return checksum.hexdigest() def to_path_style_s3_url(self, key, version=None): """ - This link describes the format of Path Style URLs - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro + This link describes the format of Path Style URLs + http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro """ base = self.s3.meta.endpoint_url - result = "{0}/{1}/{2}".format(base, self.bucket_name, key) + result = f"{base}/{self.bucket_name}/{key}" if version: - result = "{0}?versionId={1}".format(result, version) + result = f"{result}?versionId={version}" return result @@ -214,14 +227,18 @@ class ProgressPercentage(BaseSubscriber) self._lock = threading.Lock() def on_progress(self, future, bytes_transferred, **kwargs): - # To simplify we'll assume this is hooked up # to a single filename. with self._lock: self._seen_so_far += bytes_transferred percentage = (self._seen_so_far / self._size) * 100 sys.stderr.write( - "\rUploading to %s %s / %s (%.2f%%)" % - (self._remote_path, self._seen_so_far, - self._size, percentage)) + "\rUploading to %s %s / %s (%.2f%%)" + % ( + self._remote_path, + self._seen_so_far, + self._size, + percentage, + ) + ) sys.stderr.flush() diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/__init__.py 2.31.35-1/awscli/customizations/servicecatalog/__init__.py --- 2.23.6-1/awscli/customizations/servicecatalog/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,13 +11,13 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.servicecatalog.generate \ - import GenerateCommand +from awscli.customizations.servicecatalog.generate import GenerateCommand def register_servicecatalog_commands(event_emitter): - event_emitter.register('building-command-table.servicecatalog', - inject_commands) + event_emitter.register( + 'building-command-table.servicecatalog', inject_commands + ) def inject_commands(command_table, session, **kwargs): diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/generate.py 2.31.35-1/awscli/customizations/servicecatalog/generate.py --- 2.23.6-1/awscli/customizations/servicecatalog/generate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/generate.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,20 +13,23 @@ from awscli.customizations.commands import BasicCommand from awscli.customizations.servicecatalog import helptext -from awscli.customizations.servicecatalog.generateproduct \ - import GenerateProductCommand -from awscli.customizations.servicecatalog.generateprovisioningartifact \ - import GenerateProvisioningArtifactCommand +from awscli.customizations.servicecatalog.generateproduct import ( + GenerateProductCommand, +) +from awscli.customizations.servicecatalog.generateprovisioningartifact import ( + GenerateProvisioningArtifactCommand, +) class GenerateCommand(BasicCommand): NAME = "generate" DESCRIPTION = helptext.GENERATE_COMMAND SUBCOMMANDS = [ - {'name': 'product', - 'command_class': GenerateProductCommand}, - {'name': 'provisioning-artifact', - 'command_class': GenerateProvisioningArtifactCommand} + {'name': 'product', 'command_class': GenerateProductCommand}, + { + 'name': 'provisioning-artifact', + 'command_class': GenerateProvisioningArtifactCommand, + }, ] def _run_main(self, parsed_args, parsed_globals): diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/generatebase.py 2.31.35-1/awscli/customizations/servicecatalog/generatebase.py --- 2.23.6-1/awscli/customizations/servicecatalog/generatebase.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/generatebase.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,29 +12,28 @@ # language governing permissions and limitations under the License. from awscli.customizations.commands import BasicCommand -from awscli.customizations.servicecatalog.utils \ - import make_url, get_s3_path from awscli.customizations.s3uploader import S3Uploader from awscli.customizations.servicecatalog import exceptions +from awscli.customizations.servicecatalog.utils import get_s3_path, make_url class GenerateBaseCommand(BasicCommand): - def _run_main(self, parsed_args, parsed_globals): self.region = self.get_and_validate_region(parsed_globals) self.s3_client = self._session.create_client( 's3', region_name=self.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, + ) + self.s3_uploader = S3Uploader( + self.s3_client, parsed_args.bucket_name, force_upload=True ) - self.s3_uploader = S3Uploader(self.s3_client, - parsed_args.bucket_name, - force_upload=True) try: - self.s3_uploader.upload(parsed_args.file_path, - get_s3_path(parsed_args.file_path)) - except OSError as ex: + self.s3_uploader.upload( + parsed_args.file_path, get_s3_path(parsed_args.file_path) + ) + except OSError: raise RuntimeError("%s cannot be found" % parsed_args.file_path) def get_and_validate_region(self, parsed_globals): @@ -43,11 +42,9 @@ class GenerateBaseCommand(BasicCommand): region = self._session.get_config_variable('region') if region not in self._session.get_available_regions('servicecatalog'): raise exceptions.InvalidParametersException( - message="Region {0} is not supported".format( - parsed_globals.region)) + message=f"Region {parsed_globals.region} is not supported" + ) return region def create_s3_url(self, bucket_name, file_path): - return make_url(self.region, - bucket_name, - get_s3_path(file_path)) + return make_url(self.region, bucket_name, get_s3_path(file_path)) diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/generateproduct.py 2.31.35-1/awscli/customizations/servicecatalog/generateproduct.py --- 2.23.6-1/awscli/customizations/servicecatalog/generateproduct.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/generateproduct.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,11 +13,13 @@ import sys -from awscli.customizations.servicecatalog import helptext -from awscli.customizations.servicecatalog.generatebase \ - import GenerateBaseCommand from botocore.compat import json +from awscli.customizations.servicecatalog import helptext +from awscli.customizations.servicecatalog.generatebase import ( + GenerateBaseCommand, +) + class GenerateProductCommand(GenerateBaseCommand): NAME = "product" @@ -26,71 +28,66 @@ class GenerateProductCommand(GenerateBas { 'name': 'product-name', 'required': True, - 'help_text': helptext.PRODUCT_NAME + 'help_text': helptext.PRODUCT_NAME, }, { 'name': 'product-owner', 'required': True, - 'help_text': helptext.OWNER + 'help_text': helptext.OWNER, }, { 'name': 'product-type', 'required': True, 'help_text': helptext.PRODUCT_TYPE, - 'choices': ['CLOUD_FORMATION_TEMPLATE', 'MARKETPLACE'] + 'choices': ['CLOUD_FORMATION_TEMPLATE', 'MARKETPLACE'], }, { 'name': 'product-description', 'required': False, - 'help_text': helptext.PRODUCT_DESCRIPTION + 'help_text': helptext.PRODUCT_DESCRIPTION, }, { 'name': 'product-distributor', 'required': False, - 'help_text': helptext.DISTRIBUTOR + 'help_text': helptext.DISTRIBUTOR, }, { 'name': 'tags', 'required': False, - 'schema': { - 'type': 'array', - 'items': { - 'type': 'string' - } - }, + 'schema': {'type': 'array', 'items': {'type': 'string'}}, 'default': [], 'synopsis': '--tags Key=key1,Value=value1 Key=key2,Value=value2', - 'help_text': helptext.TAGS + 'help_text': helptext.TAGS, }, { 'name': 'file-path', 'required': True, - 'help_text': helptext.FILE_PATH + 'help_text': helptext.FILE_PATH, }, { 'name': 'bucket-name', 'required': True, - 'help_text': helptext.BUCKET_NAME + 'help_text': helptext.BUCKET_NAME, }, { 'name': 'support-description', 'required': False, - 'help_text': helptext.SUPPORT_DESCRIPTION + 'help_text': helptext.SUPPORT_DESCRIPTION, }, { 'name': 'support-email', 'required': False, - 'help_text': helptext.SUPPORT_EMAIL + 'help_text': helptext.SUPPORT_EMAIL, }, { 'name': 'provisioning-artifact-name', 'required': True, - 'help_text': helptext.PA_NAME + 'help_text': helptext.PA_NAME, }, { 'name': 'provisioning-artifact-description', 'required': True, - 'help_text': helptext.PA_DESCRIPTION + 'help_text': helptext.PA_DESCRIPTION, }, { 'name': 'provisioning-artifact-type', @@ -99,27 +96,30 @@ class GenerateProductCommand(GenerateBas 'choices': [ 'CLOUD_FORMATION_TEMPLATE', 'MARKETPLACE_AMI', - 'MARKETPLACE_CAR' - ] - } + 'MARKETPLACE_CAR', + ], + }, ] def _run_main(self, parsed_args, parsed_globals): - super(GenerateProductCommand, self)._run_main(parsed_args, - parsed_globals) + super(GenerateProductCommand, self)._run_main( + parsed_args, parsed_globals + ) self.region = self.get_and_validate_region(parsed_globals) - self.s3_url = self.create_s3_url(parsed_args.bucket_name, - parsed_args.file_path) + self.s3_url = self.create_s3_url( + parsed_args.bucket_name, parsed_args.file_path + ) self.scs_client = self._session.create_client( - 'servicecatalog', region_name=self.region, + 'servicecatalog', + region_name=self.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) - response = self.create_product(self.build_args(parsed_args, - self.s3_url), - parsed_globals) + response = self.create_product( + self.build_args(parsed_args, self.s3_url), parsed_globals + ) sys.stdout.write(json.dumps(response, indent=2, ensure_ascii=False)) return 0 @@ -145,11 +145,9 @@ class GenerateProductCommand(GenerateBas "ProvisioningArtifactParameters": { 'Name': parsed_args.provisioning_artifact_name, 'Description': parsed_args.provisioning_artifact_description, - 'Info': { - 'LoadTemplateFromURL': s3_url - }, - 'Type': parsed_args.provisioning_artifact_type - } + 'Info': {'LoadTemplateFromURL': s3_url}, + 'Type': parsed_args.provisioning_artifact_type, + }, } # Non-required args diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/generateprovisioningartifact.py 2.31.35-1/awscli/customizations/servicecatalog/generateprovisioningartifact.py --- 2.23.6-1/awscli/customizations/servicecatalog/generateprovisioningartifact.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/generateprovisioningartifact.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,11 +13,13 @@ import sys -from awscli.customizations.servicecatalog import helptext -from awscli.customizations.servicecatalog.generatebase \ - import GenerateBaseCommand from botocore.compat import json +from awscli.customizations.servicecatalog import helptext +from awscli.customizations.servicecatalog.generatebase import ( + GenerateBaseCommand, +) + class GenerateProvisioningArtifactCommand(GenerateBaseCommand): NAME = 'provisioning-artifact' @@ -26,22 +28,22 @@ class GenerateProvisioningArtifactComman { 'name': 'file-path', 'required': True, - 'help_text': helptext.FILE_PATH + 'help_text': helptext.FILE_PATH, }, { 'name': 'bucket-name', 'required': True, - 'help_text': helptext.BUCKET_NAME + 'help_text': helptext.BUCKET_NAME, }, { 'name': 'provisioning-artifact-name', 'required': True, - 'help_text': helptext.PA_NAME + 'help_text': helptext.PA_NAME, }, { 'name': 'provisioning-artifact-description', 'required': True, - 'help_text': helptext.PA_DESCRIPTION + 'help_text': helptext.PA_DESCRIPTION, }, { 'name': 'provisioning-artifact-type', @@ -50,31 +52,33 @@ class GenerateProvisioningArtifactComman 'choices': [ 'CLOUD_FORMATION_TEMPLATE', 'MARKETPLACE_AMI', - 'MARKETPLACE_CAR' - ] + 'MARKETPLACE_CAR', + ], }, { 'name': 'product-id', 'required': True, - 'help_text': helptext.PRODUCT_ID - } + 'help_text': helptext.PRODUCT_ID, + }, ] def _run_main(self, parsed_args, parsed_globals): super(GenerateProvisioningArtifactCommand, self)._run_main( - parsed_args, parsed_globals) + parsed_args, parsed_globals + ) self.region = self.get_and_validate_region(parsed_globals) - self.s3_url = self.create_s3_url(parsed_args.bucket_name, - parsed_args.file_path) + self.s3_url = self.create_s3_url( + parsed_args.bucket_name, parsed_args.file_path + ) self.scs_client = self._session.create_client( - 'servicecatalog', region_name=self.region, + 'servicecatalog', + region_name=self.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl + verify=parsed_globals.verify_ssl, ) - response = self.create_provisioning_artifact(parsed_args, - self.s3_url) + response = self.create_provisioning_artifact(parsed_args, self.s3_url) sys.stdout.write(json.dumps(response, indent=2, ensure_ascii=False)) @@ -86,11 +90,9 @@ class GenerateProvisioningArtifactComman Parameters={ 'Name': parsed_args.provisioning_artifact_name, 'Description': parsed_args.provisioning_artifact_description, - 'Info': { - 'LoadTemplateFromURL': s3_url - }, - 'Type': parsed_args.provisioning_artifact_type - } + 'Info': {'LoadTemplateFromURL': s3_url}, + 'Type': parsed_args.provisioning_artifact_type, + }, ) if 'ResponseMetadata' in response: diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/helptext.py 2.31.35-1/awscli/customizations/servicecatalog/helptext.py --- 2.23.6-1/awscli/customizations/servicecatalog/helptext.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/helptext.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,8 +14,10 @@ TAGS = "Tags to associate with the new product." -BUCKET_NAME = ("Name of the S3 bucket name where the CloudFormation " - "template will be uploaded to") +BUCKET_NAME = ( + "Name of the S3 bucket name where the CloudFormation " + "template will be uploaded to" +) SUPPORT_DESCRIPTION = "Support information about the product" @@ -39,15 +41,21 @@ PRODUCT_TYPE = "The type of the product PRODUCT_DESCRIPTION = "The text description of the product" -PRODUCT_COMMAND_DESCRIPTION = ("Create a new product using a CloudFormation " - "template specified as a local file path") - -PA_COMMAND_DESCRIPTION = ("Create a new provisioning artifact for the " - "specified product using a CloudFormation template " - "specified as a local file path") - -GENERATE_COMMAND = ("Generate a Service Catalog product or provisioning " - "artifact using a CloudFormation template specified " - "as a local file path") +PRODUCT_COMMAND_DESCRIPTION = ( + "Create a new product using a CloudFormation " + "template specified as a local file path" +) + +PA_COMMAND_DESCRIPTION = ( + "Create a new provisioning artifact for the " + "specified product using a CloudFormation template " + "specified as a local file path" +) + +GENERATE_COMMAND = ( + "Generate a Service Catalog product or provisioning " + "artifact using a CloudFormation template specified " + "as a local file path" +) FILE_PATH = "A local file path that references the CloudFormation template" diff -pruN 2.23.6-1/awscli/customizations/servicecatalog/utils.py 2.31.35-1/awscli/customizations/servicecatalog/utils.py --- 2.23.6-1/awscli/customizations/servicecatalog/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/servicecatalog/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,16 +16,16 @@ import os def make_url(region, bucket_name, obj_path, version=None): """ - This link describes the format of Path Style URLs - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro + This link describes the format of Path Style URLs + http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro """ base = "https://s3.amazonaws.com" if region and region != "us-east-1": - base = "https://s3-{0}.amazonaws.com".format(region) + base = f"https://s3-{region}.amazonaws.com" - result = "{0}/{1}/{2}".format(base, bucket_name, obj_path) + result = f"{base}/{bucket_name}/{obj_path}" if version: - result = "{0}?versionId={1}".format(result, version) + result = f"{result}?versionId={version}" return result diff -pruN 2.23.6-1/awscli/customizations/sessendemail.py 2.31.35-1/awscli/customizations/sessendemail.py --- 2.23.6-1/awscli/customizations/sessendemail.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sessendemail.py 2025-11-12 19:17:29.000000000 +0000 @@ -22,52 +22,61 @@ aws ses send-email --subject SUBJECT --f """ -from awscli.customizations import utils from awscli.arguments import CustomArgument +from awscli.customizations import utils from awscli.customizations.utils import validate_mutually_exclusive_handler - -TO_HELP = ('The email addresses of the primary recipients. ' - 'You can specify multiple recipients as space-separated values') -CC_HELP = ('The email addresses of copy recipients (Cc). ' - 'You can specify multiple recipients as space-separated values') -BCC_HELP = ('The email addresses of blind-carbon-copy recipients (Bcc). ' - 'You can specify multiple recipients as space-separated values') +TO_HELP = ( + 'The email addresses of the primary recipients. ' + 'You can specify multiple recipients as space-separated values' +) +CC_HELP = ( + 'The email addresses of copy recipients (Cc). ' + 'You can specify multiple recipients as space-separated values' +) +BCC_HELP = ( + 'The email addresses of blind-carbon-copy recipients (Bcc). ' + 'You can specify multiple recipients as space-separated values' +) SUBJECT_HELP = 'The subject of the message' TEXT_HELP = 'The raw text body of the message' HTML_HELP = 'The HTML body of the message' def register_ses_send_email(event_handler): - event_handler.register('building-argument-table.ses.send-email', - _promote_args) + event_handler.register( + 'building-argument-table.ses.send-email', _promote_args + ) event_handler.register( 'operation-args-parsed.ses.send-email', validate_mutually_exclusive_handler( - ['destination'], ['to', 'cc', 'bcc'])) + ['destination'], ['to', 'cc', 'bcc'] + ), + ) event_handler.register( 'operation-args-parsed.ses.send-email', - validate_mutually_exclusive_handler( - ['message'], ['text', 'html'])) + validate_mutually_exclusive_handler(['message'], ['text', 'html']), + ) def _promote_args(argument_table, **kwargs): argument_table['message'].required = False argument_table['destination'].required = False - utils.rename_argument(argument_table, 'source', - new_name='from') + utils.rename_argument(argument_table, 'source', new_name='from') argument_table['to'] = AddressesArgument( - 'to', 'ToAddresses', help_text=TO_HELP) + 'to', 'ToAddresses', help_text=TO_HELP + ) argument_table['cc'] = AddressesArgument( - 'cc', 'CcAddresses', help_text=CC_HELP) + 'cc', 'CcAddresses', help_text=CC_HELP + ) argument_table['bcc'] = AddressesArgument( - 'bcc', 'BccAddresses', help_text=BCC_HELP) + 'bcc', 'BccAddresses', help_text=BCC_HELP + ) argument_table['subject'] = BodyArgument( - 'subject', 'Subject', help_text=SUBJECT_HELP) - argument_table['text'] = BodyArgument( - 'text', 'Text', help_text=TEXT_HELP) - argument_table['html'] = BodyArgument( - 'html', 'Html', help_text=HTML_HELP) + 'subject', 'Subject', help_text=SUBJECT_HELP + ) + argument_table['text'] = BodyArgument('text', 'Text', help_text=TEXT_HELP) + argument_table['html'] = BodyArgument('html', 'Html', help_text=HTML_HELP) def _build_destination(params, key, value): @@ -88,11 +97,21 @@ def _build_message(params, key, value): class AddressesArgument(CustomArgument): - - def __init__(self, name, json_key, help_text='', dest=None, default=None, - action=None, required=None, choices=None, cli_type_name=None): - super(AddressesArgument, self).__init__(name=name, help_text=help_text, - required=required, nargs='+') + def __init__( + self, + name, + json_key, + help_text='', + dest=None, + default=None, + action=None, + required=None, + choices=None, + cli_type_name=None, + ): + super(AddressesArgument, self).__init__( + name=name, help_text=help_text, required=required, nargs='+' + ) self._json_key = json_key def add_to_params(self, parameters, value): @@ -101,13 +120,12 @@ class AddressesArgument(CustomArgument): class BodyArgument(CustomArgument): - def __init__(self, name, json_key, help_text='', required=None): - super(BodyArgument, self).__init__(name=name, help_text=help_text, - required=required) + super(BodyArgument, self).__init__( + name=name, help_text=help_text, required=required + ) self._json_key = json_key def add_to_params(self, parameters, value): if value: _build_message(parameters, self._json_key, value) - diff -pruN 2.23.6-1/awscli/customizations/sessionmanager.py 2.31.35-1/awscli/customizations/sessionmanager.py --- 2.23.6-1/awscli/customizations/sessionmanager.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sessionmanager.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,15 +10,15 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import logging -import json import errno +import json +import logging import os import re - from subprocess import check_call, check_output + +from awscli.clidriver import CLIOperationCaller, ServiceOperation from awscli.compat import ignore_user_entered_signals -from awscli.clidriver import ServiceOperation, CLIOperationCaller logger = logging.getLogger(__name__) @@ -26,13 +26,14 @@ ERROR_MESSAGE = ( 'SessionManagerPlugin is not found. ', 'Please refer to SessionManager Documentation here: ', 'http://docs.aws.amazon.com/console/systems-manager/', - 'session-manager-plugin-not-found' + 'session-manager-plugin-not-found', ) def register_ssm_session(event_handlers): - event_handlers.register('building-command-table.ssm', - add_custom_start_session) + event_handlers.register( + 'building-command-table.ssm', add_custom_start_session + ) def add_custom_start_session(session, command_table, **kwargs): @@ -40,8 +41,9 @@ def add_custom_start_session(session, co name='start-session', parent_name='ssm', session=session, - operation_model=session.get_service_model( - 'ssm').operation_model('StartSession'), + operation_model=session.get_service_model('ssm').operation_model( + 'StartSession' + ), operation_caller=StartSessionCaller(session), ) @@ -84,8 +86,7 @@ class VersionRequirement: class StartSessionCommand(ServiceOperation): def create_help_command(self): - help_command = super( - StartSessionCommand, self).create_help_command() + help_command = super(StartSessionCommand, self).create_help_command() # Change the output shape because the command provides no output. self._operation_model.output_shape = None return help_command @@ -95,12 +96,13 @@ class StartSessionCaller(CLIOperationCal LAST_PLUGIN_VERSION_WITHOUT_ENV_VAR = "1.2.497.0" DEFAULT_SSM_ENV_NAME = "AWS_SSM_START_SESSION_RESPONSE" - def invoke(self, service_name, operation_name, parameters, - parsed_globals): + def invoke(self, service_name, operation_name, parameters, parsed_globals): client = self._session.create_client( - service_name, region_name=parsed_globals.region, + service_name, + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) response = client.start_session(**parameters) session_id = response['SessionId'] region_name = client.meta.region_name @@ -108,8 +110,11 @@ class StartSessionCaller(CLIOperationCal # to fetch same profile credentials to make an api call in the plugin. # If --profile flag is configured, pass it to Session Manager plugin. # If not, set empty string. - profile_name = parsed_globals.profile \ - if parsed_globals.profile is not None else '' + profile_name = ( + parsed_globals.profile + if parsed_globals.profile is not None + else '' + ) endpoint_url = client.meta.endpoint_url ssm_env_name = self.DEFAULT_SSM_ENV_NAME @@ -147,19 +152,25 @@ class StartSessionCaller(CLIOperationCal # and handling in there with ignore_user_entered_signals(): # call executable with necessary input - check_call(["session-manager-plugin", - start_session_response, - region_name, - "StartSession", - profile_name, - json.dumps(parameters), - endpoint_url], env=env) + check_call( + [ + "session-manager-plugin", + start_session_response, + region_name, + "StartSession", + profile_name, + json.dumps(parameters), + endpoint_url, + ], + env=env, + ) return 0 except OSError as ex: if ex.errno == errno.ENOENT: - logger.debug('SessionManagerPlugin is not present', - exc_info=True) + logger.debug( + 'SessionManagerPlugin is not present', exc_info=True + ) # start-session api call returns response and starts the # session on ssm-agent and response is forwarded to # session-manager-plugin. If plugin is not present, terminate diff -pruN 2.23.6-1/awscli/customizations/sso/__init__.py 2.31.35-1/awscli/customizations/sso/__init__.py --- 2.23.6-1/awscli/customizations/sso/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sso/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,9 +10,8 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from botocore.exceptions import ProfileNotFound -from botocore.exceptions import UnknownCredentialError from botocore.credentials import JSONFileCache +from botocore.exceptions import ProfileNotFound, UnknownCredentialError from awscli.customizations.sso.login import LoginCommand from awscli.customizations.sso.logout import LogoutCommand @@ -21,11 +20,13 @@ from awscli.customizations.sso.utils imp def register_sso_commands(event_emitter): event_emitter.register( - 'building-command-table.sso', add_sso_commands, + 'building-command-table.sso', + add_sso_commands, ) event_emitter.register( - 'session-initialized', inject_json_file_cache, - unique_id='inject_sso_json_file_cache' + 'session-initialized', + inject_json_file_cache, + unique_id='inject_sso_json_file_cache', ) diff -pruN 2.23.6-1/awscli/customizations/sso/login.py 2.31.35-1/awscli/customizations/sso/login.py --- 2.23.6-1/awscli/customizations/sso/login.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sso/login.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,7 +11,10 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. from awscli.customizations.sso.utils import ( - do_sso_login, PrintOnlyHandler, LOGIN_ARGS, BaseSSOCommand, + LOGIN_ARGS, + BaseSSOCommand, + PrintOnlyHandler, + do_sso_login, ) from awscli.customizations.utils import uni_print @@ -31,11 +34,11 @@ class LoginCommand(BaseSSOCommand): { 'name': 'sso-session', 'help_text': ( - 'An explicit SSO session to use to login. By default, this ' - 'command will login using the SSO session configured as part ' - 'of the requested profile and generally does not require this ' - 'argument to be set.' - ) + 'An explicit SSO session to use to login. By default, this ' + 'command will login using the SSO session configured as part ' + 'of the requested profile and generally does not require this ' + 'argument to be set.' + ), } ] diff -pruN 2.23.6-1/awscli/customizations/sso/logout.py 2.31.35-1/awscli/customizations/sso/logout.py --- 2.23.6-1/awscli/customizations/sso/logout.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sso/logout.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,9 +17,7 @@ import os from botocore.exceptions import ClientError from awscli.customizations.commands import BasicCommand -from awscli.customizations.sso.utils import SSO_TOKEN_DIR -from awscli.customizations.sso.utils import AWS_CREDS_CACHE_DIR - +from awscli.customizations.sso.utils import AWS_CREDS_CACHE_DIR, SSO_TOKEN_DIR LOG = logging.getLogger(__name__) @@ -35,12 +33,14 @@ class LogoutCommand(BasicCommand): ARG_TABLE = [] def _run_main(self, parsed_args, parsed_globals): - SSOTokenSweeper(self._session, parsed_globals).delete_credentials(SSO_TOKEN_DIR) + SSOTokenSweeper(self._session, parsed_globals).delete_credentials( + SSO_TOKEN_DIR + ) SSOCredentialSweeper().delete_credentials(AWS_CREDS_CACHE_DIR) return 0 -class BaseCredentialSweeper(object): +class BaseCredentialSweeper: def delete_credentials(self, creds_dir): if not os.path.isdir(creds_dir): return @@ -59,7 +59,7 @@ class BaseCredentialSweeper(object): def _get_json_contents(self, filename): try: - with open(filename, 'r') as f: + with open(filename) as f: return json.load(f) except Exception: # We do not want to include the traceback in the exception diff -pruN 2.23.6-1/awscli/customizations/sso/utils.py 2.31.35-1/awscli/customizations/sso/utils.py --- 2.23.6-1/awscli/customizations/sso/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/sso/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,16 +18,19 @@ import socket import time import webbrowser from functools import partial -from http.server import HTTPServer, BaseHTTPRequestHandler +from http.server import BaseHTTPRequestHandler, HTTPServer -from botocore.compat import urlparse, parse_qs +from botocore.compat import parse_qs, urlparse from botocore.credentials import JSONFileCache from botocore.exceptions import ( AuthCodeFetcherError, PendingAuthorizationExpiredError, ) -from botocore.utils import SSOTokenFetcher, SSOTokenFetcherAuth -from botocore.utils import original_ld_library_path +from botocore.utils import ( + SSOTokenFetcher, + SSOTokenFetcherAuth, + original_ld_library_path, +) from awscli import __version__ as awscli_version from awscli.customizations.assumerole import CACHE_DIR as AWS_CREDS_CACHE_DIR @@ -37,9 +40,7 @@ from awscli.customizations.utils import LOG = logging.getLogger(__name__) -SSO_TOKEN_DIR = os.path.expanduser( - os.path.join('~', '.aws', 'sso', 'cache') -) +SSO_TOKEN_DIR = os.path.expanduser(os.path.join('~', '.aws', 'sso', 'cache')) LOGIN_ARGS = [ { @@ -49,7 +50,7 @@ LOGIN_ARGS = [ 'help_text': ( 'Disables automatically opening the verification URL in the ' 'default browser.' - ) + ), }, { 'name': 'use-device-code', @@ -58,8 +59,8 @@ LOGIN_ARGS = [ 'help_text': ( 'Uses the Device Code authorization grant and login flow ' 'instead of the Authorization Code flow.' - ) - } + ), + }, ] @@ -74,16 +75,16 @@ def _sso_json_dumps(obj): def do_sso_login( - session, - sso_region, - start_url, - parsed_globals, - token_cache=None, - on_pending_authorization=None, - force_refresh=False, - registration_scopes=None, - session_name=None, - use_device_code=False, + session, + sso_region, + start_url, + parsed_globals, + token_cache=None, + on_pending_authorization=None, + force_refresh=False, + registration_scopes=None, + session_name=None, + use_device_code=False, ): if token_cache is None: token_cache = JSONFileCache(SSO_TOKEN_DIR, dumps_func=_sso_json_dumps) @@ -153,7 +154,6 @@ class PrintOnlyHandler(BaseAuthorization f'Browser will not be automatically opened.\n' f'Please visit the following URL:\n' f'\n{verificationUri}\n' - ) user_code_msg = ( @@ -179,18 +179,23 @@ class OpenBrowserHandler(BaseAuthorizati def __call__( self, userCode, verificationUri, verificationUriComplete, **kwargs ): - opening_msg = ( - f'Attempting to automatically open the SSO authorization page in ' - f'your default browser.\nIf the browser does not open or you wish ' - f'to use a different device to authorize this request, open the ' - f'following URL:\n' - f'\n{verificationUri}\n' - ) + if userCode: # only the device code flow supports different devices + opening_msg = ( + f'Attempting to automatically open the SSO authorization page ' + f'in your default browser.\nIf the browser does not open or ' + f'you wish to use a different device to authorize this ' + f'request, open the following URL:\n' + f'\n{verificationUri}\n' + ) + else: + opening_msg = ( + f'Attempting to automatically open the SSO authorization page ' + f'in your default browser.\nIf the browser does not open, open ' + f'the following URL:\n' + f'\n{verificationUri}\n' + ) - user_code_msg = ( - f'\nThen enter the code:\n' - f'\n{userCode}\n' - ) + user_code_msg = f'\nThen enter the code:\n\n{userCode}\n' uni_print(opening_msg, self._outfile) if userCode: uni_print(user_code_msg, self._outfile) @@ -206,6 +211,7 @@ class AuthCodeFetcher: """Manages the local web server that will be used to retrieve the authorization code from the OAuth callback """ + # How many seconds handle_request should wait for an incoming request _REQUEST_TIMEOUT = 10 # How long we wait overall for the callback @@ -222,21 +228,25 @@ class AuthCodeFetcher: handler = partial(OAuthCallbackHandler, self) self.http_server = HTTPServer(('', 0), handler) self.http_server.timeout = self._REQUEST_TIMEOUT - except socket.error as e: + except OSError as e: raise AuthCodeFetcherError(error_msg=e) def redirect_uri_without_port(self): return 'http://127.0.0.1/oauth/callback' def redirect_uri_with_port(self): - return f'http://127.0.0.1:{self.http_server.server_port}/oauth/callback' + return ( + f'http://127.0.0.1:{self.http_server.server_port}/oauth/callback' + ) def get_auth_code_and_state(self): """Blocks until the expected redirect request with either the authorization code/state or and error is handled """ start = time.time() - while not self._is_done and time.time() < start + self._OVERALL_TIMEOUT: + while ( + not self._is_done and time.time() < start + self._OVERALL_TIMEOUT + ): self.http_server.handle_request() self.http_server.server_close() @@ -256,6 +266,7 @@ class OAuthCallbackHandler(BaseHTTPReque the auth code and state parameters, and displaying a page directing the user to return to the CLI. """ + def __init__(self, auth_code_fetcher, *args, **kwargs): self._auth_code_fetcher = auth_code_fetcher super().__init__(*args, **kwargs) diff -pruN 2.23.6-1/awscli/customizations/streamingoutputarg.py 2.31.35-1/awscli/customizations/streamingoutputarg.py --- 2.23.6-1/awscli/customizations/streamingoutputarg.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/streamingoutputarg.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,8 +15,9 @@ from botocore.model import Shape from awscli.arguments import BaseCLIArgument -def add_streaming_output_arg(argument_table, operation_model, - session, **kwargs): +def add_streaming_output_arg( + argument_table, operation_model, session, **kwargs +): # Implementation detail: hooked up to 'building-argument-table' # event. if _has_streaming_output(operation_model): @@ -24,7 +25,9 @@ def add_streaming_output_arg(argument_ta argument_table['outfile'] = StreamingOutputArgument( response_key=streaming_argument_name, operation_model=operation_model, - session=session, name='outfile') + session=session, + name='outfile', + ) def _has_streaming_output(model): @@ -36,15 +39,16 @@ def _get_streaming_argument_name(model): class StreamingOutputArgument(BaseCLIArgument): - BUFFER_SIZE = 32768 HELP = 'Filename where the content will be saved' - def __init__(self, response_key, operation_model, name, - session, buffer_size=None): + def __init__( + self, response_key, operation_model, name, session, buffer_size=None + ): self._name = name - self.argument_model = Shape('StreamingOutputArgument', - {'type': 'string'}) + self.argument_model = Shape( + 'StreamingOutputArgument', {'type': 'string'} + ) if buffer_size is None: buffer_size = self.BUFFER_SIZE self._buffer_size = buffer_size @@ -81,15 +85,15 @@ class StreamingOutputArgument(BaseCLIArg return self.HELP def add_to_parser(self, parser): - parser.add_argument(self._name, metavar=self.py_name, - help=self.HELP) + parser.add_argument(self._name, metavar=self.py_name, help=self.HELP) def add_to_params(self, parameters, value): self._output_file = value service_id = self._operation_model.service_model.service_id.hyphenize() operation_name = self._operation_model.name - self._session.register('after-call.%s.%s' % ( - service_id, operation_name), self.save_file) + self._session.register( + 'after-call.%s.%s' % (service_id, operation_name), self.save_file + ) def save_file(self, parsed, **kwargs): if self._response_key not in parsed: diff -pruN 2.23.6-1/awscli/customizations/timestampformat.py 2.31.35-1/awscli/customizations/timestampformat.py --- 2.23.6-1/awscli/customizations/timestampformat.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/timestampformat.py 2025-11-12 19:17:29.000000000 +0000 @@ -27,8 +27,10 @@ There's nothing currently done for times in the future. """ -from botocore.utils import parse_timestamp + from botocore.exceptions import ProfileNotFound +from botocore.utils import parse_timestamp + from awscli.customizations.exceptions import ConfigurationError diff -pruN 2.23.6-1/awscli/customizations/toplevelbool.py 2.31.35-1/awscli/customizations/toplevelbool.py --- 2.23.6-1/awscli/customizations/toplevelbool.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/toplevelbool.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,15 +16,14 @@ You can instead say `--ebs-optimized/--n """ + import logging from functools import partial - -from awscli.argprocess import detect_shape_structure from awscli import arguments -from awscli.customizations.utils import validate_mutually_exclusive_handler +from awscli.argprocess import detect_shape_structure from awscli.customizations.exceptions import ParamValidationError - +from awscli.customizations.utils import validate_mutually_exclusive_handler LOG = logging.getLogger(__name__) # This sentinel object is used to distinguish when @@ -34,17 +33,20 @@ _NOT_SPECIFIED = object() def register_bool_params(event_handler): - event_handler.register('building-argument-table.ec2.*', - partial(pull_up_bool, - event_handler=event_handler)) + event_handler.register( + 'building-argument-table.ec2.*', + partial(pull_up_bool, event_handler=event_handler), + ) def _qualifies_for_simplification(arg_model): if detect_shape_structure(arg_model) == 'structure(scalar)': members = arg_model.members - if (len(members) == 1 and - list(members.keys())[0] == 'Value' and - list(members.values())[0].type_name == 'boolean'): + if ( + len(members) == 1 + and list(members.keys())[0] == 'Value' + and list(members.values())[0].type_name == 'boolean' + ): return True return False @@ -56,8 +58,8 @@ def pull_up_bool(argument_table, event_h boolean_pairs = [] event_handler.register( 'operation-args-parsed.ec2.*', - partial(validate_boolean_mutex_groups, - boolean_pairs=boolean_pairs)) + partial(validate_boolean_mutex_groups, boolean_pairs=boolean_pairs), + ) for value in list(argument_table.values()): if hasattr(value, 'argument_model'): arg_model = value.argument_model @@ -66,18 +68,25 @@ def pull_up_bool(argument_table, event_h # one that supports --option and --option # and another arg of --no-option. new_arg = PositiveBooleanArgument( - value.name, arg_model, value._operation_model, + value.name, + arg_model, + value._operation_model, value._event_emitter, group_name=value.name, - serialized_name=value._serialized_name) + serialized_name=value._serialized_name, + ) argument_table[value.name] = new_arg negative_name = 'no-%s' % value.name negative_arg = NegativeBooleanParameter( - negative_name, arg_model, value._operation_model, + negative_name, + arg_model, + value._operation_model, value._event_emitter, - action='store_true', dest='no_%s' % new_arg.py_name, + action='store_true', + dest='no_%s' % new_arg.py_name, group_name=value.name, - serialized_name=value._serialized_name) + serialized_name=value._serialized_name, + ) argument_table[negative_name] = negative_arg # If we've pulled up a structure(scalar) arg # into a pair of top level boolean args, we need @@ -90,19 +99,33 @@ def pull_up_bool(argument_table, event_h def validate_boolean_mutex_groups(boolean_pairs, parsed_args, **kwargs): # Validate we didn't pass in an --option and a --no-option. for positive, negative in boolean_pairs: - if getattr(parsed_args, positive.py_name) is not _NOT_SPECIFIED and \ - getattr(parsed_args, negative.py_name) is not _NOT_SPECIFIED: + if ( + getattr(parsed_args, positive.py_name) is not _NOT_SPECIFIED + and getattr(parsed_args, negative.py_name) is not _NOT_SPECIFIED + ): raise ParamValidationError( 'Cannot specify both the "%s" option and ' - 'the "%s" option.' % (positive.cli_name, negative.cli_name)) + 'the "%s" option.' % (positive.cli_name, negative.cli_name) + ) class PositiveBooleanArgument(arguments.CLIArgument): - def __init__(self, name, argument_model, operation_model, - event_emitter, serialized_name, group_name): + def __init__( + self, + name, + argument_model, + operation_model, + event_emitter, + serialized_name, + group_name, + ): super(PositiveBooleanArgument, self).__init__( - name, argument_model, operation_model, event_emitter, - serialized_name=serialized_name) + name, + argument_model, + operation_model, + event_emitter, + serialized_name=serialized_name, + ) self._group_name = group_name @property @@ -113,11 +136,13 @@ class PositiveBooleanArgument(arguments. # We need to support three forms: # --option-name # --option-name Value=(true|false) - parser.add_argument(self.cli_name, - help=self.documentation, - action='store', - default=_NOT_SPECIFIED, - nargs='?') + parser.add_argument( + self.cli_name, + help=self.documentation, + action='store', + default=_NOT_SPECIFIED, + nargs='?', + ) def add_to_params(self, parameters, value): if value is _NOT_SPECIFIED: @@ -131,17 +156,29 @@ class PositiveBooleanArgument(arguments. parameters[self._serialized_name] = {'Value': True} else: # Otherwise the arg was specified with a value. - parameters[self._serialized_name] = self._unpack_argument( - value) + parameters[self._serialized_name] = self._unpack_argument(value) class NegativeBooleanParameter(arguments.BooleanArgument): - def __init__(self, name, argument_model, operation_model, - event_emitter, serialized_name, action='store_true', - dest=None, group_name=None): + def __init__( + self, + name, + argument_model, + operation_model, + event_emitter, + serialized_name, + action='store_true', + dest=None, + group_name=None, + ): super(NegativeBooleanParameter, self).__init__( - name, argument_model, operation_model, event_emitter, - default=_NOT_SPECIFIED, serialized_name=serialized_name) + name, + argument_model, + operation_model, + event_emitter, + default=_NOT_SPECIFIED, + serialized_name=serialized_name, + ) self._group_name = group_name def add_to_params(self, parameters, value): diff -pruN 2.23.6-1/awscli/customizations/translate.py 2.31.35-1/awscli/customizations/translate.py --- 2.23.6-1/awscli/customizations/translate.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/translate.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,10 +12,10 @@ # language governing permissions and limitations under the License. import copy -from awscli.arguments import CustomArgument, CLIArgument +from awscli.arguments import CLIArgument, CustomArgument from awscli.customizations.binaryhoist import ( - BinaryBlobArgumentHoister, ArgumentParameters, + BinaryBlobArgumentHoister, ) FILE_DOCSTRING = ( @@ -41,22 +41,24 @@ DOCUMENT_ERRORSTRING = ( def register_translate_import_terminology(cli): - cli.register( - "building-argument-table.translate.import-terminology", - BinaryBlobArgumentHoister( - new_argument=ArgumentParameters( - name="data-file", - help_text=FILE_DOCSTRING, - required=True, - ), - original_argument=ArgumentParameters( - name="terminology-data", - member="File", - required=False, + ( + cli.register( + "building-argument-table.translate.import-terminology", + BinaryBlobArgumentHoister( + new_argument=ArgumentParameters( + name="data-file", + help_text=FILE_DOCSTRING, + required=True, + ), + original_argument=ArgumentParameters( + name="terminology-data", + member="File", + required=False, + ), + error_if_original_used=FILE_ERRORSTRING, ), - error_if_original_used=FILE_ERRORSTRING, ), - ), + ) cli.register( "building-argument-table.translate.translate-document", diff -pruN 2.23.6-1/awscli/customizations/utils.py 2.31.35-1/awscli/customizations/utils.py --- 2.23.6-1/awscli/customizations/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,20 +14,19 @@ Utility functions to make it easier to work with customizations. """ + import copy import re import sys import xml from botocore.exceptions import ClientError -from awscli.customizations.exceptions import ParamValidationError +from awscli.customizations.exceptions import ParamValidationError _SENTENCE_DELIMETERS_REGEX = re.compile(r'[.:]+') -_LINE_BREAK_CHARS = [ - '\n', - '\u2028' -] +_LINE_BREAK_CHARS = ['\n', '\u2028'] + def rename_argument(argument_table, existing_name, new_name): current = argument_table[existing_name] @@ -93,6 +92,7 @@ def alias_command(command_table, existin def validate_mutually_exclusive_handler(*groups): def _handler(parsed_args, **kwargs): return validate_mutually_exclusive(parsed_args, *groups) + return _handler @@ -140,8 +140,9 @@ def s3_bucket_exists(s3_client, bucket_n return bucket_exists -def create_client_from_parsed_globals(session, service_name, parsed_globals, - overrides=None): +def create_client_from_parsed_globals( + session, service_name, parsed_globals, overrides=None +): """Creates a service client, taking parsed_globals into account Any values specified in overrides will override the returned dict. Note @@ -197,8 +198,9 @@ def uni_print(statement, out_file=None): # ``sys.stdout.encoding`` is ``None``. if new_encoding is None: new_encoding = 'ascii' - new_statement = statement.encode( - new_encoding, 'replace').decode(new_encoding) + new_statement = statement.encode(new_encoding, 'replace').decode( + new_encoding + ) out_file.write(new_statement) out_file.flush() diff -pruN 2.23.6-1/awscli/customizations/waiters.py 2.31.35-1/awscli/customizations/waiters.py --- 2.23.6-1/awscli/customizations/waiters.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/waiters.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,8 +14,11 @@ from botocore import xform_name from botocore.exceptions import DataNotFoundError from awscli.clidriver import ServiceOperation -from awscli.customizations.commands import BasicCommand, BasicHelp, \ - BasicDocHandler +from awscli.customizations.commands import ( + BasicCommand, + BasicDocHandler, + BasicHelp, +) def register_add_waiters(cli): @@ -29,15 +32,17 @@ def add_waiters(command_table, session, service_model = getattr(command_object, 'service_model', None) if service_model is not None: # Get a client out of the service object. - waiter_model = get_waiter_model_from_service_model(session, - service_model) + waiter_model = get_waiter_model_from_service_model( + session, service_model + ) if waiter_model is None: return waiter_names = waiter_model.waiter_names # If there are waiters make a wait command. if waiter_names: command_table['wait'] = WaitCommand( - session, waiter_model, service_model) + session, waiter_model, service_model + ) def get_waiter_model_from_service_model(session, service_model): @@ -50,9 +55,11 @@ def get_waiter_model_from_service_model( class WaitCommand(BasicCommand): NAME = 'wait' - DESCRIPTION = ('Wait until a particular condition is satisfied. Each ' - 'subcommand polls an API until the listed requirement ' - 'is met.') + DESCRIPTION = ( + 'Wait until a particular condition is satisfied. Each ' + 'subcommand polls an API until the listed requirement ' + 'is met.' + ) def __init__(self, session, waiter_model, service_model): self._model = waiter_model @@ -60,7 +67,7 @@ class WaitCommand(BasicCommand): self.waiter_cmd_builder = WaiterStateCommandBuilder( session=session, model=self._model, - service_model=self._service_model + service_model=self._service_model, ) super(WaitCommand, self).__init__(session) @@ -76,13 +83,16 @@ class WaitCommand(BasicCommand): return subcommand_table def create_help_command(self): - return BasicHelp(self._session, self, - command_table=self.subcommand_table, - arg_table=self.arg_table, - event_handler_class=WaiterCommandDocHandler) + return BasicHelp( + self._session, + self, + command_table=self.subcommand_table, + arg_table=self.arg_table, + event_handler_class=WaiterCommandDocHandler, + ) -class WaiterStateCommandBuilder(object): +class WaiterStateCommandBuilder: def __init__(self, session, model, service_model): self._session = session self._model = model @@ -97,8 +107,9 @@ class WaiterStateCommandBuilder(object): waiter_names = self._model.waiter_names for waiter_name in waiter_names: waiter_cli_name = xform_name(waiter_name, '-') - subcommand_table[waiter_cli_name] = \ - self._build_waiter_state_cmd(waiter_name) + subcommand_table[waiter_cli_name] = self._build_waiter_state_cmd( + waiter_name + ) def _build_waiter_state_cmd(self, waiter_name): # Get the waiter @@ -117,7 +128,8 @@ class WaiterStateCommandBuilder(object): operation_model = self._service_model.operation_model(operation_name) waiter_state_command = WaiterStateCommand( - name=waiter_cli_name, parent_name='wait', + name=waiter_cli_name, + parent_name='wait', operation_caller=WaiterCaller(self._session, waiter_name), session=self._session, operation_model=operation_model, @@ -131,13 +143,13 @@ class WaiterStateCommandBuilder(object): return waiter_state_command -class WaiterStateDocBuilder(object): +class WaiterStateDocBuilder: SUCCESS_DESCRIPTIONS = { - 'error': u'%s is thrown ', - 'path': u'%s ', - 'pathAll': u'%s for all elements ', - 'pathAny': u'%s for any element ', - 'status': u'%s response is received ' + 'error': '%s is thrown ', + 'path': '%s ', + 'pathAll': '%s for all elements ', + 'pathAny': '%s for any element ', + 'status': '%s response is received ', } def __init__(self, waiter_config): @@ -149,7 +161,7 @@ class WaiterStateDocBuilder(object): # description is provided, use a heuristic to generate a description # for the waiter. if not description: - description = u'Wait until ' + description = 'Wait until ' # Look at all of the acceptors and find the success state # acceptor. for acceptor in self._waiter_config.acceptors: @@ -159,9 +171,11 @@ class WaiterStateDocBuilder(object): break # Include what operation is being used. description += self._build_operation_description( - self._waiter_config.operation) + self._waiter_config.operation + ) description += self._build_polling_description( - self._waiter_config.delay, self._waiter_config.max_attempts) + self._waiter_config.delay, self._waiter_config.max_attempts + ) return description def _build_success_description(self, acceptor): @@ -172,8 +186,9 @@ class WaiterStateDocBuilder(object): # If success is based off of the state of a resource include the # description about what resource is looked at. if matcher in ['path', 'pathAny', 'pathAll']: - resource_description = u'JMESPath query %s returns ' % \ - acceptor.argument + resource_description = ( + 'JMESPath query %s returns ' % acceptor.argument + ) # Prepend the resource description to the template description success_description = resource_description + success_description # Complete the description by filling in the expected success state. @@ -182,27 +197,29 @@ class WaiterStateDocBuilder(object): def _build_operation_description(self, operation): operation_name = xform_name(operation).replace('_', '-') - return u'when polling with ``%s``.' % operation_name + return 'when polling with ``%s``.' % operation_name def _build_polling_description(self, delay, max_attempts): description = ( ' It will poll every %s seconds until a successful state ' 'has been reached. This will exit with a return code of 255 ' - 'after %s failed checks.' - % (delay, max_attempts)) + 'after %s failed checks.' % (delay, max_attempts) + ) return description -class WaiterCaller(object): +class WaiterCaller: def __init__(self, session, waiter_name): self._session = session self._waiter_name = waiter_name def invoke(self, service_name, operation_name, parameters, parsed_globals): client = self._session.create_client( - service_name, region_name=parsed_globals.region, + service_name, + region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, - verify=parsed_globals.verify_ssl) + verify=parsed_globals.verify_ssl, + ) waiter = client.get_waiter(xform_name(self._waiter_name)) waiter.wait(**parameters) return 0 diff -pruN 2.23.6-1/awscli/customizations/wizard/app.py 2.31.35-1/awscli/customizations/wizard/app.py --- 2.23.6-1/awscli/customizations/wizard/app.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/app.py 2025-11-12 19:17:29.000000000 +0000 @@ -18,15 +18,17 @@ from collections.abc import MutableMappi from prompt_toolkit.application import Application from awscli.customizations.wizard import core -from awscli.customizations.wizard.ui.style import get_default_style -from awscli.customizations.wizard.ui.keybindings import get_default_keybindings from awscli.customizations.wizard.exceptions import ( - UnexpectedWizardException, UnableToRunWizardError, InvalidChoiceException + InvalidChoiceException, + UnableToRunWizardError, + UnexpectedWizardException, ) +from awscli.customizations.wizard.ui.keybindings import get_default_keybindings +from awscli.customizations.wizard.ui.style import get_default_style from awscli.utils import json_encoder -class WizardAppRunner(object): +class WizardAppRunner: def __init__(self, session, app_factory): self._session = session self._app_factory = app_factory @@ -39,9 +41,19 @@ class WizardAppRunner(object): class WizardApp(Application): - def __init__(self, layout, values, traverser, executor, style=None, - key_bindings=None, full_screen=True, output=None, - app_input=None, file_io=None): + def __init__( + self, + layout, + values, + traverser, + executor, + style=None, + key_bindings=None, + full_screen=True, + output=None, + app_input=None, + file_io=None, + ): self.values = values self.traverser = traverser self.executor = executor @@ -56,8 +68,12 @@ class WizardApp(Application): file_io = FileIO() self.file_io = file_io super().__init__( - layout=layout, style=style, key_bindings=key_bindings, - full_screen=full_screen, output=output, input=app_input, + layout=layout, + style=style, + key_bindings=key_bindings, + full_screen=full_screen, + output=output, + input=app_input, ) def run(self, pre_run=None, **kwargs): @@ -71,9 +87,7 @@ class WizardApp(Application): loop.close() def _handle_exception(self, loop, context): - self.exit( - exception=UnexpectedWizardException(context['exception']) - ) + self.exit(exception=UnexpectedWizardException(context['exception'])) class WizardTraverser: @@ -106,18 +120,19 @@ class WizardTraverser: def current_prompt_has_details(self): return 'details' in self._prompt_definitions.get( - self._current_prompt, {}) + self._current_prompt, {} + ) def submit_prompt_answer(self, answer): definition = self._prompt_definitions[self._current_prompt] if 'choices' in definition: answer = self._convert_display_value_to_actual_value( - self._get_choices(self._current_prompt), - answer + self._get_choices(self._current_prompt), answer ) if 'datatype' in definition: answer = core.DataTypeConverter.convert( - definition['datatype'], answer) + definition['datatype'], answer + ) self._values[self._current_prompt] = answer @@ -153,8 +168,11 @@ class WizardTraverser: return self._prompt_meets_condition(value_name) def is_prompt_details_visible_by_default(self, value_name): - return self._prompt_definitions[value_name].get( - 'details', {}).get('visible', False) + return ( + self._prompt_definitions[value_name] + .get('details', {}) + .get('visible', False) + ) def has_visited_section(self, section_name): return section_name in self._visited_sections @@ -233,10 +251,7 @@ class WizardTraverser: for choice in choices: if isinstance(choice, str): normalized_choices.append( - { - 'display': choice, - 'actual_value': choice - } + {'display': choice, 'actual_value': choice} ) else: normalized_choices.append(choice) @@ -255,7 +270,7 @@ class WizardTraverser: def _get_next_prompt(self): prompts = list(self._prompt_definitions) current_pos = prompts.index(self._current_prompt) - for prompt in prompts[current_pos+1:]: + for prompt in prompts[current_pos + 1 :]: if self._prompt_meets_condition(prompt): return prompt return self.DONE @@ -271,12 +286,14 @@ class WizardTraverser: def get_output(self): template_step = core.TemplateStep() return template_step.run_step( - self._definition[self.OUTPUT], self._values) + self._definition[self.OUTPUT], self._values + ) class WizardValues(MutableMapping): - def __init__(self, definition, value_retrieval_steps=None, - exception_handler=None): + def __init__( + self, definition, value_retrieval_steps=None, exception_handler=None + ): self._definition = definition if value_retrieval_steps is None: value_retrieval_steps = {} diff -pruN 2.23.6-1/awscli/customizations/wizard/commands.py 2.31.35-1/awscli/customizations/wizard/commands.py --- 2.23.6-1/awscli/customizations/wizard/commands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/commands.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,10 +10,10 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.wizard import devcommands, factory -from awscli.customizations.wizard.loader import WizardLoader from awscli.customizations.commands import BasicCommand, BasicHelp from awscli.customizations.exceptions import ParamValidationError +from awscli.customizations.wizard import devcommands, factory +from awscli.customizations.wizard.loader import WizardLoader def register_wizard_commands(event_handlers): @@ -25,8 +25,9 @@ def register_wizard_commands(event_handl def _register_wizards_for_commands(commands, event_handlers): for command in commands: - event_handlers.register('building-command-table.%s' % command, - _add_wizard_command) + event_handlers.register( + 'building-command-table.%s' % command, _add_wizard_command + ) def _add_wizard_command(session, command_object, command_table, **kwargs): @@ -36,7 +37,7 @@ def _add_wizard_command(session, command session=session, loader=WizardLoader(), parent_command=command_object.name, - runner={'0.1': v1_runner, '0.2': v2_runner} + runner={'0.1': v1_runner, '0.2': v2_runner}, ) command_table['wizard'] = cmd @@ -47,8 +48,9 @@ class TopLevelWizardCommand(BasicCommand 'Interactive command for creating and configuring AWS resources.' ) - def __init__(self, session, loader, parent_command, runner, - wizard_name='_main'): + def __init__( + self, session, loader, parent_command, runner, wizard_name='_main' + ): super(TopLevelWizardCommand, self).__init__(session) self._session = session self._loader = loader @@ -58,12 +60,17 @@ class TopLevelWizardCommand(BasicCommand def _build_subcommand_table(self): subcommand_table = super( - TopLevelWizardCommand, self)._build_subcommand_table() + TopLevelWizardCommand, self + )._build_subcommand_table() wizards = self._get_available_wizards() for name in wizards: - cmd = SingleWizardCommand(self._session, self._loader, - self._parent_command, self._runner, - wizard_name=name) + cmd = SingleWizardCommand( + self._session, + self._loader, + self._parent_command, + self._runner, + wizard_name=name, + ) subcommand_table[name] = cmd self._add_lineage(subcommand_table) return subcommand_table @@ -80,12 +87,14 @@ class TopLevelWizardCommand(BasicCommand self._raise_usage_error() def _wizard_exists(self): - return self._loader.wizard_exists(self._parent_command, - self._wizard_name) + return self._loader.wizard_exists( + self._parent_command, self._wizard_name + ) def _run_wizard(self): loaded = self._loader.load_wizard( - self._parent_command, self._wizard_name) + self._parent_command, self._wizard_name + ) version = loaded.get('version') if version in self._runner: self._runner[version].run(loaded) @@ -95,15 +104,19 @@ class TopLevelWizardCommand(BasicCommand ) def create_help_command(self): - return BasicHelp(self._session, self, - command_table=self.subcommand_table, - arg_table=self.arg_table) + return BasicHelp( + self._session, + self, + command_table=self.subcommand_table, + arg_table=self.arg_table, + ) class SingleWizardCommand(TopLevelWizardCommand): def __init__(self, session, loader, parent_command, runner, wizard_name): super(SingleWizardCommand, self).__init__( - session, loader, parent_command, runner, wizard_name) + session, loader, parent_command, runner, wizard_name + ) self._session = session self._loader = loader self._runner = runner @@ -119,15 +132,19 @@ class SingleWizardCommand(TopLevelWizard def create_help_command(self): loaded = self._loader.load_wizard( - self._parent_command, self._wizard_name, + self._parent_command, + self._wizard_name, + ) + return WizardHelpCommand( + self._session, self, self.subcommand_table, self.arg_table, loaded ) - return WizardHelpCommand(self._session, self, self.subcommand_table, - self.arg_table, loaded) class WizardHelpCommand(BasicHelp): - def __init__(self, session, command_object, command_table, arg_table, - loaded_wizard): - super(WizardHelpCommand, self).__init__(session, command_object, - command_table, arg_table) + def __init__( + self, session, command_object, command_table, arg_table, loaded_wizard + ): + super(WizardHelpCommand, self).__init__( + session, command_object, command_table, arg_table + ) self._description = loaded_wizard.get('description', '') diff -pruN 2.23.6-1/awscli/customizations/wizard/core.py 2.31.35-1/awscli/customizations/wizard/core.py --- 2.23.6-1/awscli/customizations/wizard/core.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/core.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,25 +11,25 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Core planner and executor for wizards.""" -import re + import json import os +import re from functools import partial -from botocore import xform_name import jmespath +from botocore import xform_name -from awscli.utils import json_encoder from awscli.customizations.wizard.exceptions import ( - InvalidDataTypeConversionException + InvalidDataTypeConversionException, ) - +from awscli.utils import json_encoder DONE_SECTION_NAME = '__DONE__' OUTPUT_SECTION_NAME = '__OUTPUT__' -class Runner(object): +class Runner: def __init__(self, planner, executor): self._planner = planner self._executor = executor @@ -39,7 +39,7 @@ class Runner(object): self._executor.execute(wizard_spec['execute'], params) -class Planner(object): +class Planner: _DONE_STEP = 'DONE' _STOP_RUNNING = object() @@ -108,7 +108,7 @@ class Planner(object): return next_step[value] -class BaseStep(object): +class BaseStep: # Subclasses must implement this. This defines the name you'd # use for the `type` in a wizard definition. NAME = '' @@ -118,7 +118,6 @@ class BaseStep(object): class StaticStep(BaseStep): - NAME = 'static' def run_step(self, step_definition, parameters): @@ -126,7 +125,6 @@ class StaticStep(BaseStep): class PromptStep(BaseStep): - NAME = 'prompt' def __init__(self, prompter): @@ -135,13 +133,14 @@ class PromptStep(BaseStep): 'int': int, 'float': float, 'str': str, - 'bool': lambda x: True if x.lower() == 'true' else False + 'bool': lambda x: True if x.lower() == 'true' else False, } def run_step(self, step_definition, parameters): choices = self._get_choices(step_definition, parameters) - response = self._prompter.prompt(step_definition['description'], - choices=choices) + response = self._prompter.prompt( + step_definition['description'], choices=choices + ) return self._convert_data_type_if_needed(response, step_definition) def _get_choices(self, step_definition, parameters): @@ -180,13 +179,13 @@ class YesNoPrompt(PromptStep): # They want the "No" choice to be the starting value so we # need to reverse the choices. choices[:] = choices[::-1] - response = self._prompter.prompt(step_definition['question'], - choices=choices) + response = self._prompter.prompt( + step_definition['question'], choices=choices + ) return response class FilePromptStep(BaseStep): - NAME = 'fileprompt' def __init__(self, prompter): @@ -198,13 +197,12 @@ class FilePromptStep(BaseStep): class TemplateStep(BaseStep): - NAME = 'template' CONDITION_PATTERN = re.compile( r'(?:^[ \t]*)?{%\s*if\s+(?P.+?)\s+%}(?:\s*[$|\n])?' r'(?P.+?)[ \t]*{%\s*endif\s*%}[$|\n]?', - re.DOTALL | re.MULTILINE | re.IGNORECASE + re.DOTALL | re.MULTILINE | re.IGNORECASE, ) _SUPPORTED_CONDITION_OPERATORS = [ '==', @@ -247,7 +245,6 @@ class TemplateStep(BaseStep): class APICallStep(BaseStep): - NAME = 'apicall' def __init__(self, api_invoker): @@ -256,18 +253,18 @@ class APICallStep(BaseStep): def run_step(self, step_definition, parameters): service, op_name = step_definition['operation'].split('.', 1) return self._api_invoker.invoke( - service=service, operation=op_name, + service=service, + operation=op_name, api_params=step_definition['params'], plan_variables=parameters, optional_api_params=step_definition.get('optional_params'), query=step_definition.get('query'), cache=step_definition.get('cache', False), - paginate=step_definition.get('paginate', False) + paginate=step_definition.get('paginate', False), ) class SharedConfigStep(BaseStep): - NAME = 'sharedconfig' def __init__(self, config_api): @@ -289,7 +286,8 @@ class LoadDataStep(BaseStep): def run_step(self, step_definition, parameters): var_resolver = VariableResolver() value = var_resolver.resolve_variables( - parameters, step_definition['value'], + parameters, + step_definition['value'], ) load_type = step_definition['load_type'] if load_type == 'json': @@ -304,7 +302,8 @@ class DumpDataStep(BaseStep): def run_step(self, step_definition, parameters): var_resolver = VariableResolver() value = var_resolver.resolve_variables( - parameters, step_definition['value'], + parameters, + step_definition['value'], ) dump_type = step_definition['dump_type'] if dump_type == 'json': @@ -313,8 +312,7 @@ class DumpDataStep(BaseStep): raise ValueError(f'Unsupported load_type: {dump_type}') -class VariableResolver(object): - +class VariableResolver: _VAR_MATCH = re.compile(r'^{(.*?)}$') def resolve_variables(self, variables, params): @@ -364,7 +362,7 @@ class VariableResolver(object): return value -class APIInvoker(object): +class APIInvoker: """This class contains shared logic for the apicall step. The ``apicall`` in the planner and executor are slightly different @@ -372,37 +370,49 @@ class APIInvoker(object): between the two steps. """ + def __init__(self, session): self._session = session self._response_cache = {} - def invoke(self, service, operation, api_params, plan_variables, - optional_api_params=None, query=None, cache=False, - paginate=False): + def invoke( + self, + service, + operation, + api_params, + plan_variables, + optional_api_params=None, + query=None, + cache=False, + paginate=False, + ): # TODO: All of the params that come from prompting the user # are strings. We need a way to convert values to their # appropriate types. We can either add typing into the wizard # spec or we possibly auto-convert based on the service # model (or both). resolved_params = self._resolve_params( - api_params, optional_api_params, plan_variables) + api_params, optional_api_params, plan_variables + ) if cache: response = self._get_cached_api_call( - service, operation, resolved_params, paginate) + service, operation, resolved_params, paginate + ) else: response = self._make_api_call( - service, operation, resolved_params, paginate) + service, operation, resolved_params, paginate + ) if query is not None: response = jmespath.search(query, response) return response def _resolve_params(self, api_params, optional_params, plan_vars): resolver = VariableResolver() - api_params_resolved = resolver.resolve_variables( - plan_vars, api_params) + api_params_resolved = resolver.resolve_variables(plan_vars, api_params) if optional_params is not None: optional_params_resolved = resolver.resolve_variables( - plan_vars, optional_params) + plan_vars, optional_params + ) for key, value in optional_params_resolved.items(): if key not in api_params_resolved and value is not None: api_params_resolved[key] = value @@ -417,14 +427,14 @@ class APIInvoker(object): else: return getattr(client, client_method_name)(**resolved_params) - def _get_cached_api_call(self, service, operation, resolved_params, - paginate): - cache_key = self._get_cache_key( - service, operation, resolved_params - ) + def _get_cached_api_call( + self, service, operation, resolved_params, paginate + ): + cache_key = self._get_cache_key(service, operation, resolved_params) if cache_key not in self._response_cache: response = self._make_api_call( - service, operation, resolved_params, paginate) + service, operation, resolved_params, paginate + ) self._response_cache[cache_key] = response return self._response_cache[cache_key] @@ -432,12 +442,11 @@ class APIInvoker(object): return ( service_name, operation, - json.dumps(resolved_params, default=json_encoder) + json.dumps(resolved_params, default=json_encoder), ) -class Executor(object): - +class Executor: def __init__(self, step_handlers): self._step_handlers = step_handlers @@ -466,8 +475,7 @@ class ConditionEvaluator: if not isinstance(condition, list): condition = [condition] for single in condition: - statuses.append(self._check_single_condition( - single, parameters)) + statuses.append(self._check_single_condition(single, parameters)) return all(statuses) def _check_single_condition(self, single, parameters): @@ -483,7 +491,7 @@ class DataTypeConverter: 'int': int, 'float': float, 'str': str, - 'bool': lambda x: x.lower() == 'true' + 'bool': lambda x: x.lower() == 'true', } @classmethod @@ -494,8 +502,7 @@ class DataTypeConverter: raise InvalidDataTypeConversionException(value, datatype) -class ExecutorStep(object): - +class ExecutorStep: # Subclasses must implement this to specify what name to use # for the `type` in a wizard definition. NAME = '' @@ -505,7 +512,6 @@ class ExecutorStep(object): class APICallExecutorStep(ExecutorStep): - NAME = 'apicall' def __init__(self, api_invoker): @@ -514,7 +520,8 @@ class APICallExecutorStep(ExecutorStep): def run_step(self, step_definition, parameters): service, op_name = step_definition['operation'].split('.', 1) response = self._api_invoker.invoke( - service=service, operation=op_name, + service=service, + operation=op_name, api_params=step_definition['params'], plan_variables=parameters, optional_api_params=step_definition.get('optional_params'), @@ -525,7 +532,6 @@ class APICallExecutorStep(ExecutorStep): class SharedConfigExecutorStep(ExecutorStep): - NAME = 'sharedconfig' def __init__(self, config_api): @@ -535,8 +541,9 @@ class SharedConfigExecutorStep(ExecutorS config_params = {} profile = None if 'profile' in step_definition: - profile = self._resolve_params(step_definition['profile'], - parameters) + profile = self._resolve_params( + step_definition['profile'], parameters + ) config_params = self._resolve_params( step_definition['params'], parameters ) @@ -546,7 +553,7 @@ class SharedConfigExecutorStep(ExecutorS return VariableResolver().resolve_variables(params, value) -class SharedConfigAPI(object): +class SharedConfigAPI: """Simplified interface to reading/writing the ~/.aws/config file. This provides a simplified interface over the config file writer @@ -555,6 +562,7 @@ class SharedConfigAPI(object): This allows similar logic to be shared by the planner and executor. """ + def __init__(self, session, config_writer): self._session = session self._config_writer = config_writer @@ -575,24 +583,24 @@ class SharedConfigAPI(object): config_params['__section__'] = section config_params.update(values) config_filename = os.path.expanduser( - self._session.get_config_variable('config_file')) + self._session.get_config_variable('config_file') + ) self._config_writer.update_config(config_params, config_filename) class DefineVariableStep(ExecutorStep): - NAME = 'define-variable' def run_step(self, step_definition, parameters): value = step_definition['value'] resolved_value = VariableResolver().resolve_variables( - parameters, value) + parameters, value + ) key = step_definition['varname'] parameters[key] = resolved_value class MergeDictStep(ExecutorStep): - NAME = 'merge-dict' def run_step(self, step_definition, parameters): @@ -600,7 +608,8 @@ class MergeDictStep(ExecutorStep): result = {} for overlay in step_definition['overlays']: resolved_overlay = var_resolver.resolve_variables( - parameters, overlay, + parameters, + overlay, ) result = self._deep_merge(result, resolved_overlay) parameters[step_definition['output_var']] = result diff -pruN 2.23.6-1/awscli/customizations/wizard/devcommands.py 2.31.35-1/awscli/customizations/wizard/devcommands.py --- 2.23.6-1/awscli/customizations/wizard/devcommands.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/devcommands.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,13 +11,15 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. from ruamel.yaml import YAML + from awscli.customizations.commands import BasicCommand from awscli.customizations.wizard.factory import create_wizard_app def register_dev_commands(event_handlers): - event_handlers.register('building-command-table.cli-dev', - WizardDev.add_command) + event_handlers.register( + 'building-command-table.cli-dev', WizardDev.add_command + ) def create_default_wizard_dev_runner(session): @@ -27,14 +29,14 @@ def create_default_wizard_dev_runner(ses ) -class WizardLoader(object): +class WizardLoader: def load(self, contents): yaml = YAML(typ="rt") data = yaml.load(contents) return data -class WizardDevRunner(object): +class WizardDevRunner: def __init__(self, wizard_loader, session): self._wizard_loader = wizard_loader self._session = session @@ -57,8 +59,10 @@ class WizardDev(BasicCommand): 'future versions.\n' ) ARG_TABLE = [ - {'name': 'run-wizard', - 'help_text': 'Run a wizard given a wizard file.'} + { + 'name': 'run-wizard', + 'help_text': 'Run a wizard given a wizard file.', + } ] def __init__(self, session, dev_runner=None): diff -pruN 2.23.6-1/awscli/customizations/wizard/exceptions.py 2.31.35-1/awscli/customizations/wizard/exceptions.py --- 2.23.6-1/awscli/customizations/wizard/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -45,6 +45,6 @@ class UnexpectedWizardException(Exceptio message = self.MSG_FORMAT.format( original_tb=''.join(format_tb(original_exception.__traceback__)), original_exception_cls=self.original_exception.__class__.__name__, - original_exception=self.original_exception + original_exception=self.original_exception, ) super().__init__(message) diff -pruN 2.23.6-1/awscli/customizations/wizard/factory.py 2.31.35-1/awscli/customizations/wizard/factory.py --- 2.23.6-1/awscli/customizations/wizard/factory.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/factory.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,21 +10,26 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from awscli.customizations.wizard.ui.layout import WizardLayoutFactory +from awscli.customizations.configure.writer import ConfigFileWriter from awscli.customizations.wizard import core, ui from awscli.customizations.wizard.app import ( - WizardAppRunner, WizardApp, WizardValues, WizardTraverser, + WizardApp, + WizardAppRunner, + WizardTraverser, + WizardValues, ) -from awscli.customizations.configure.writer import ConfigFileWriter +from awscli.customizations.wizard.ui.layout import WizardLayoutFactory def create_default_executor(api_invoker, shared_config): return core.Executor( step_handlers={ core.APICallExecutorStep.NAME: core.APICallExecutorStep( - api_invoker), + api_invoker + ), core.SharedConfigExecutorStep.NAME: core.SharedConfigExecutorStep( - shared_config), + shared_config + ), core.DefineVariableStep.NAME: core.DefineVariableStep(), core.MergeDictStep.NAME: core.MergeDictStep(), core.LoadDataExecutorStep.NAME: core.LoadDataExecutorStep(), @@ -35,19 +40,22 @@ def create_default_executor(api_invoker, def create_default_wizard_v1_runner(session): api_invoker = core.APIInvoker(session=session) - shared_config = core.SharedConfigAPI(session=session, - config_writer=ConfigFileWriter()) + shared_config = core.SharedConfigAPI( + session=session, config_writer=ConfigFileWriter() + ) planner = core.Planner( step_handlers={ core.StaticStep.NAME: core.StaticStep(), core.PromptStep.NAME: core.PromptStep(ui.UIPrompter()), core.YesNoPrompt.NAME: core.YesNoPrompt(ui.UIPrompter()), core.FilePromptStep.NAME: core.FilePromptStep( - ui.UIFilePrompter(ui.FileCompleter())), + ui.UIFilePrompter(ui.FileCompleter()) + ), core.TemplateStep.NAME: core.TemplateStep(), core.APICallStep.NAME: core.APICallStep(api_invoker=api_invoker), core.SharedConfigStep.NAME: core.SharedConfigStep( - config_api=shared_config), + config_api=shared_config + ), } ) executor = create_default_executor(api_invoker, shared_config) @@ -61,24 +69,30 @@ def create_default_wizard_v2_runner(sess def create_wizard_app(definition, session, output=None, app_input=None): api_invoker = core.APIInvoker(session=session) - shared_config = core.SharedConfigAPI(session=session, - config_writer=ConfigFileWriter()) + shared_config = core.SharedConfigAPI( + session=session, config_writer=ConfigFileWriter() + ) layout = WizardLayoutFactory().create_wizard_layout(definition) values = WizardValues( definition, value_retrieval_steps={ core.APICallStep.NAME: core.APICallStep(api_invoker=api_invoker), core.SharedConfigStep.NAME: core.SharedConfigStep( - config_api=shared_config), + config_api=shared_config + ), core.TemplateStep.NAME: core.TemplateStep(), core.LoadDataStep.NAME: core.LoadDataStep(), core.DumpDataStep.NAME: core.DumpDataStep(), }, - exception_handler=layout.error_bar.display_error + exception_handler=layout.error_bar.display_error, ) executor = create_default_executor(api_invoker, shared_config) traverser = WizardTraverser(definition, values, executor) return WizardApp( - layout=layout, values=values, traverser=traverser, - executor=executor, output=output, app_input=app_input + layout=layout, + values=values, + traverser=traverser, + executor=executor, + output=output, + app_input=app_input, ) diff -pruN 2.23.6-1/awscli/customizations/wizard/loader.py 2.31.35-1/awscli/customizations/wizard/loader.py --- 2.23.6-1/awscli/customizations/wizard/loader.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/loader.py 2025-11-12 19:17:29.000000000 +0000 @@ -38,12 +38,14 @@ exists, then a usage error will be print """ + import os -from ruamel.yaml import YAML +from ruamel.yaml import YAML WIZARD_SPEC_DIR = os.path.join( - os.path.dirname(os.path.abspath(__file__)), 'wizards', + os.path.dirname(os.path.abspath(__file__)), + 'wizards', ) @@ -51,7 +53,7 @@ class WizardNotExistError(Exception): pass -class WizardLoader(object): +class WizardLoader: def __init__(self, spec_dir=None): if spec_dir is None: spec_dir = WIZARD_SPEC_DIR @@ -60,8 +62,7 @@ class WizardLoader(object): self._yaml = YAML(typ='rt') def list_commands_with_wizards(self): - """Returns a list of commands with at least one wizard. - """ + """Returns a list of commands with at least one wizard.""" return os.listdir(self._spec_dir) def list_available_wizards(self, command_name): @@ -81,21 +82,24 @@ class WizardLoader(object): of the file. """ - filename = os.path.join(self._spec_dir, command_name, - wizard_name + '.yml') + filename = os.path.join( + self._spec_dir, command_name, wizard_name + '.yml' + ) try: with open(filename) as f: return self._load_yaml(f.read()) - except (OSError, IOError): - raise WizardNotExistError("Wizard does not exist for command " - "'%s', name: '%s'" % (command_name, - wizard_name)) + except OSError: + raise WizardNotExistError( + "Wizard does not exist for command " + "'%s', name: '%s'" % (command_name, wizard_name) + ) def _load_yaml(self, contents): data = self._yaml.load(contents) return data def wizard_exists(self, command_name, wizard_name): - filename = os.path.join(self._spec_dir, command_name, - wizard_name + '.yml') + filename = os.path.join( + self._spec_dir, command_name, wizard_name + '.yml' + ) return os.path.isfile(filename) diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/__init__.py 2.31.35-1/awscli/customizations/wizard/ui/__init__.py --- 2.23.6-1/awscli/customizations/wizard/ui/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,7 +10,6 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from __future__ import unicode_literals import os import prompt_toolkit @@ -19,7 +18,7 @@ from prompt_toolkit.completion import Co from awscli.customizations.wizard.ui import selectmenu -class Prompter(object): +class Prompter: def prompt(self, display_text, choices=None): raise NotImplementedError('prompt') @@ -34,7 +33,8 @@ class UIPrompter(Prompter): return selectmenu.select_menu(choices) else: response = selectmenu.select_menu( - choices, display_format=self._display_text) + choices, display_format=self._display_text + ) result = response['actual_value'] return result @@ -52,16 +52,16 @@ class FileCompleter(Completer): for child in sorted(children): if child.startswith(partial): result = os.path.join(dirname, child) - yield Completion(result, - start_position=-len(result)) + yield Completion(result, start_position=-len(result)) except OSError: return -class UIFilePrompter(object): +class UIFilePrompter: def __init__(self, completer): self._completer = completer def prompt(self, display_text): return prompt_toolkit.prompt( - '%s: ' % display_text, completer=self._completer) + '%s: ' % display_text, completer=self._completer + ) diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/keybindings.py 2.31.35-1/awscli/customizations/wizard/ui/keybindings.py --- 2.23.6-1/awscli/customizations/wizard/ui/keybindings.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/keybindings.py 2025-11-12 19:17:29.000000000 +0000 @@ -11,15 +11,17 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. from prompt_toolkit.application import get_app -from prompt_toolkit.filters import has_focus, Condition +from prompt_toolkit.filters import Condition, has_focus from prompt_toolkit.key_binding import KeyBindings from prompt_toolkit.keys import Keys +from awscli.customizations.wizard.exceptions import BaseWizardException from awscli.customizations.wizard.ui.utils import ( - get_ui_control_by_buffer_name, move_to_previous_prompt, - show_details_if_visible_by_default, refresh_details_view + get_ui_control_by_buffer_name, + move_to_previous_prompt, + refresh_details_view, + show_details_if_visible_by_default, ) -from awscli.customizations.wizard.exceptions import BaseWizardException @Condition @@ -52,11 +54,13 @@ def get_default_keybindings(): def submit_current_answer(event): current_prompt = event.app.traverser.get_current_prompt() prompt_buffer = get_ui_control_by_buffer_name( - event.app.layout, current_prompt).buffer + event.app.layout, current_prompt + ).buffer try: event.app.traverser.submit_prompt_answer(prompt_buffer.text) - if isinstance(event.app.layout.error_bar.current_error, - BaseWizardException): + if isinstance( + event.app.layout.error_bar.current_error, BaseWizardException + ): event.app.layout.error_bar.clear() except BaseWizardException as e: event.app.layout.error_bar.display_error(e) @@ -91,11 +95,14 @@ def get_default_keybindings(): def focus_on_details_panel(event): if event.app.details_visible: layout = event.app.layout - if layout.current_buffer and \ - layout.current_buffer.name == 'details_buffer': + if ( + layout.current_buffer + and layout.current_buffer.name == 'details_buffer' + ): current_prompt = event.app.traverser.get_current_prompt() current_control = get_ui_control_by_buffer_name( - layout, current_prompt) + layout, current_prompt + ) layout.focus(current_control) else: details_buffer = layout.get_buffer_by_name('details_buffer') @@ -106,8 +113,7 @@ def get_default_keybindings(): event.app.details_visible = not event.app.details_visible layout = event.app.layout current_prompt = event.app.traverser.get_current_prompt() - current_control = get_ui_control_by_buffer_name( - layout, current_prompt) + current_control = get_ui_control_by_buffer_name(layout, current_prompt) if not event.app.details_visible: layout.focus(current_control) else: @@ -121,7 +127,8 @@ def get_default_keybindings(): refresh_details_view(event.app, current_prompt) event.app.save_details_visible = True save_dialogue = get_ui_control_by_buffer_name( - event.app.layout, 'save_details_dialogue') + event.app.layout, 'save_details_dialogue' + ) event.app.layout.focus(save_dialogue) @kb.add(Keys.F4, filter=error_bar_enabled) diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/layout.py 2.31.35-1/awscli/customizations/wizard/ui/layout.py --- 2.23.6-1/awscli/customizations/wizard/ui/layout.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/layout.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,36 +15,55 @@ import os from prompt_toolkit.application import get_app from prompt_toolkit.buffer import Buffer from prompt_toolkit.completion import PathCompleter -from prompt_toolkit.layout.controls import BufferControl, FormattedTextControl -from prompt_toolkit.filters import has_focus, Condition +from prompt_toolkit.filters import Condition, has_focus from prompt_toolkit.formatted_text import HTML, to_formatted_text from prompt_toolkit.key_binding import KeyBindings from prompt_toolkit.key_binding.bindings.focus import ( - focus_next, focus_previous + focus_next, + focus_previous, ) from prompt_toolkit.keys import Keys from prompt_toolkit.layout import Layout from prompt_toolkit.layout.containers import ( - Window, HSplit, Dimension, ConditionalContainer, WindowAlign, VSplit, - to_container, to_filter + ConditionalContainer, + Dimension, + HSplit, + VSplit, + Window, + WindowAlign, + to_container, + to_filter, ) +from prompt_toolkit.layout.controls import BufferControl, FormattedTextControl +from prompt_toolkit.utils import is_windows from prompt_toolkit.widgets import ( - HorizontalLine, Box, Button, Label, Shadow, Frame, VerticalLine, - Dialog, TextArea + Box, + Button, + Dialog, + Frame, + HorizontalLine, + Label, + Shadow, + TextArea, + VerticalLine, ) -from prompt_toolkit.utils import is_windows from awscli.autoprompt.widgets import BaseToolbarView, TitleLine from awscli.customizations.wizard import core -from awscli.customizations.wizard.ui.section import ( - WizardSectionTab, WizardSectionBody -) from awscli.customizations.wizard.ui.keybindings import ( - details_visible, prompt_has_details, error_bar_enabled, - save_details_visible + details_visible, + error_bar_enabled, + prompt_has_details, + save_details_visible, +) +from awscli.customizations.wizard.ui.section import ( + WizardSectionBody, + WizardSectionTab, ) from awscli.customizations.wizard.ui.utils import ( - move_to_previous_prompt, Spacer, get_ui_control_by_buffer_name + Spacer, + get_ui_control_by_buffer_name, + move_to_previous_prompt, ) @@ -56,13 +75,15 @@ class WizardLayoutFactory: [ self._create_title(definition), self._create_sections( - definition, run_wizard_dialog, error_bar), - HorizontalLine() + definition, run_wizard_dialog, error_bar + ), + HorizontalLine(), ] ) return WizardLayout( - container=container, run_wizard_dialog=run_wizard_dialog, - error_bar=error_bar + container=container, + run_wizard_dialog=run_wizard_dialog, + error_bar=error_bar, ) def _create_title(self, definition): @@ -90,17 +111,19 @@ class WizardLayoutFactory: return VSplit( [ HSplit( - section_tabs, - padding=1, - style='class:wizard.section.tab' + section_tabs, padding=1, style='class:wizard.section.tab' ), ConditionalContainer( VerticalLine(), filter=Condition(is_windows) ), - HSplit([*section_bodies, + HSplit( + [ + *section_bodies, WizardDetailsPanel(), error_bar, - ToolbarView()]) + ToolbarView(), + ] + ), ] ) @@ -144,25 +167,33 @@ class WizardDetailsPanel: def _get_container(self): return ConditionalContainer( - HSplit([ - TitleLine(self._get_title), - VSplit([ - Window( - content=BufferControl( - buffer=Buffer( - name='details_buffer', read_only=True), - ), - height=Dimension( - max=self.DIMENSIONS['details_window_height_max'], - preferred=self.DIMENSIONS[ - 'details_window_height_pref'] - ), - wrap_lines=True + HSplit( + [ + TitleLine(self._get_title), + VSplit( + [ + Window( + content=BufferControl( + buffer=Buffer( + name='details_buffer', read_only=True + ), + ), + height=Dimension( + max=self.DIMENSIONS[ + 'details_window_height_max' + ], + preferred=self.DIMENSIONS[ + 'details_window_height_pref' + ], + ), + wrap_lines=True, + ), + SaveFileDialogue(), + ] ), - SaveFileDialogue(), - ]) - ]), - details_visible + ] + ), + details_visible, ) def __pt_container__(self): @@ -175,8 +206,7 @@ class SaveFileDialogue: def _get_container(self): return ConditionalContainer( - self._create_dialog(), - save_details_visible + self._create_dialog(), save_details_visible ) def __pt_container__(self): @@ -188,17 +218,21 @@ class SaveFileDialogue: cancel_button = self._create_cancel_button(textfield) dialog = Dialog( title='Save to file', - body=HSplit([ - Label(text='Filename', dont_extend_height=True), - textfield, - ], padding=Dimension(preferred=1, max=1)), + body=HSplit( + [ + Label(text='Filename', dont_extend_height=True), + textfield, + ], + padding=Dimension(preferred=1, max=1), + ), buttons=[save_button, cancel_button], - with_background=True) + with_background=True, + ) dialog.container.container.style = 'class:wizard.dialog.save' dialog.container.body.container.style = 'class:wizard.dialog.body' dialog.container.body.container.content.key_bindings.add( - Keys.Enter, filter=has_focus('save_details_dialogue'))( - save_button.handler) + Keys.Enter, filter=has_focus('save_details_dialogue') + )(save_button.handler) return dialog def _create_textfield(self): @@ -214,11 +248,13 @@ class SaveFileDialogue: def save_handler(*args, **kwargs): app = get_app() contents = app.layout.get_buffer_by_name( - 'details_buffer').document.text + 'details_buffer' + ).document.text app.file_io.write_file_contents(textfield.text, contents) app.save_details_visible = False current_control = get_ui_control_by_buffer_name( - app.layout, app.traverser.get_current_prompt()) + app.layout, app.traverser.get_current_prompt() + ) app.layout.focus(current_control) return Button(text='Save', handler=save_handler) @@ -228,6 +264,7 @@ class SaveFileDialogue: app = get_app() app.save_details_visible = False app.layout.focus('details_buffer') + return Button(text='Cancel', handler=cancel_handler) def _create_key_bindings(self, save_button, cancel_button): @@ -252,29 +289,29 @@ class ToolbarView(BaseToolbarView): def create_window(self, help_text): text_control = FormattedTextControl(text=lambda: help_text) text_control.name = 'toolbar_panel' - return HSplit([ - HorizontalLine(), - Window( - content=text_control, - wrap_lines=True, - **self.DIMENSIONS - ) - ]) + return HSplit( + [ + HorizontalLine(), + Window( + content=text_control, wrap_lines=True, **self.DIMENSIONS + ), + ] + ) def help_text(self): app = get_app() output = [] if prompt_has_details(): title = getattr(app, 'details_title', 'Details panel') - output.extend([ - f'{self.STYLE}[F2] Switch to {title}', - f'{self.STYLE}[F3] Show/Hide {title}', - f'{self.STYLE}[CTRL+S] Save {title}', - ]) - if error_bar_enabled(): - output.append( - f'{self.STYLE}[F4] Show/Hide error message' + output.extend( + [ + f'{self.STYLE}[F2] Switch to {title}', + f'{self.STYLE}[F3] Show/Hide {title}', + f'{self.STYLE}[CTRL+S] Save {title}', + ] ) + if error_bar_enabled(): + output.append(f'{self.STYLE}[F4] Show/Hide error message') return to_formatted_text(HTML(f'{self.SPACING}'.join(output))) @@ -367,7 +404,7 @@ class RunWizardDialog: def _create_dialog_frame(self): frame_body = Box( body=self._create_buttons_container(), - height=Dimension(min=1, max=3, preferred=3) + height=Dimension(min=1, max=3, preferred=3), ) return Shadow( body=Frame( @@ -405,8 +442,7 @@ class WizardErrorBar: def display_error(self, exception): self.current_error = exception self._error_bar_buffer.text = ( - 'Encountered following error in wizard:\n\n' - f'{exception}' + f'Encountered following error in wizard:\n\n{exception}' ) get_app().error_bar_visible = True @@ -420,19 +456,20 @@ class WizardErrorBar: def _get_container(self): return ConditionalContainer( - HSplit([ - TitleLine('Wizard exception'), - Window( - content=BufferControl( - buffer=self._error_bar_buffer, - focusable=False + HSplit( + [ + TitleLine('Wizard exception'), + Window( + content=BufferControl( + buffer=self._error_bar_buffer, focusable=False + ), + style='class:wizard.error', + dont_extend_height=True, + wrap_lines=True, ), - style='class:wizard.error', - dont_extend_height=True, - wrap_lines=True, - ), - ]), - Condition(self._is_visible) + ] + ), + Condition(self._is_visible), ) def _is_visible(self): diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/prompt.py 2.31.35-1/awscli/customizations/wizard/ui/prompt.py --- 2.23.6-1/awscli/customizations/wizard/ui/prompt.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/prompt.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,21 +12,26 @@ # language governing permissions and limitations under the License. from prompt_toolkit.application import get_app from prompt_toolkit.buffer import Buffer +from prompt_toolkit.completion import PathCompleter from prompt_toolkit.document import Document from prompt_toolkit.filters import Condition from prompt_toolkit.key_binding import KeyBindings from prompt_toolkit.keys import Keys from prompt_toolkit.layout.containers import ( - Window, VSplit, Dimension, ConditionalContainer, FloatContainer, Float + ConditionalContainer, + Dimension, + Float, + FloatContainer, + ScrollOffsets, + VSplit, + Window, ) from prompt_toolkit.layout.controls import BufferControl from prompt_toolkit.layout.margins import ScrollbarMargin -from prompt_toolkit.layout.containers import ScrollOffsets from prompt_toolkit.layout.menus import CompletionsMenu -from prompt_toolkit.completion import PathCompleter from awscli.customizations.wizard.ui.selectmenu import ( - CollapsableSelectionMenuControl + CollapsableSelectionMenuControl, ) from awscli.customizations.wizard.ui.utils import FullyExtendedWidthWindow @@ -46,7 +51,7 @@ class WizardPrompt: answer = WizardPromptCompletionAnswer( self._value_name, default_value=self._value_definition.get('default_value'), - completer=self._value_definition['completer'] + completer=self._value_definition['completer'], ) else: answer = WizardPromptAnswer( @@ -57,13 +62,12 @@ class WizardPrompt: VSplit( [ WizardPromptDescription( - self._value_name, - self._value_definition['description'] + self._value_name, self._value_definition['description'] ), - answer + answer, ], ), - Condition(self._is_visible) + Condition(self._is_visible), ) def _is_visible(self): @@ -81,14 +85,9 @@ class WizardPromptDescription: def _get_container(self): content = f'{self._value_description}:' - buffer = Buffer( - document=Document(content), - read_only=True - ) + buffer = Buffer(document=Document(content), read_only=True) return Window( - content=BufferControl( - buffer=buffer, focusable=False - ), + content=BufferControl(buffer=buffer, focusable=False), style=self._get_style, width=Dimension.exact(len(content) + 1), dont_extend_height=True, @@ -114,14 +113,13 @@ class WizardPromptAnswer: self.container = self._get_answer_container() def _get_answer_buffer(self): - return Buffer(name=self._value_name, - document=Document(text=self._default_value)) + return Buffer( + name=self._value_name, document=Document(text=self._default_value) + ) def _get_answer_container(self): return FullyExtendedWidthWindow( - content=BufferControl( - buffer=self._buffer - ), + content=BufferControl(buffer=self._buffer), style=self._get_style, dont_extend_height=True, ) @@ -144,20 +142,22 @@ class WizardPromptCompletionAnswer(Wizar super().__init__(value_name, default_value) def _get_completer(self, completer): - return { - 'file_completer': PathCompleter(expanduser=True) - }[completer] + return {'file_completer': PathCompleter(expanduser=True)}[completer] def _get_answer_buffer(self): - return Buffer(name=self._value_name, - completer=self._completer, - complete_while_typing=True, - document=Document(text=self._default_value)) + return Buffer( + name=self._value_name, + completer=self._completer, + complete_while_typing=True, + document=Document(text=self._default_value), + ) def _get_menu_height(self): if self._buffer.complete_state: - return min(len(self._buffer.complete_state.completions), - self.COMPLETION_MENU_MAX_HEIGHT) + return min( + len(self._buffer.complete_state.completions), + self.COMPLETION_MENU_MAX_HEIGHT, + ) return 0 def _get_answer_container(self): @@ -165,16 +165,18 @@ class WizardPromptCompletionAnswer(Wizar FullyExtendedWidthWindow( content=BufferControl(buffer=self._buffer), style=self._get_style, - wrap_lines=True + wrap_lines=True, ), floats=[ Float( - xcursor=True, ycursor=True, top=1, + xcursor=True, + ycursor=True, + top=1, height=self._get_menu_height, content=CompletionsMenu(), ) ], - key_bindings=self._get_key_bindings() + key_bindings=self._get_key_bindings(), ) def _get_key_bindings(self): @@ -205,7 +207,7 @@ class WizardPromptSelectionAnswer(Wizard content=CollapsableSelectionMenuControl( items=self._get_choices, selection_capture_buffer=self._buffer, - on_toggle=self._show_details + on_toggle=self._show_details, ), style=self._get_style, always_hide_cursor=True, @@ -218,8 +220,7 @@ class WizardPromptSelectionAnswer(Wizard def _show_details(self, choice): app = get_app() - details_buffer = app.layout.get_buffer_by_name( - 'details_buffer') + details_buffer = app.layout.get_buffer_by_name('details_buffer') details, title = self._get_details(choice) app.details_title = title details_buffer.reset() diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/section.py 2.31.35-1/awscli/customizations/wizard/ui/section.py --- 2.23.6-1/awscli/customizations/wizard/ui/section.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/section.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,7 +15,10 @@ from prompt_toolkit.buffer import Buffer from prompt_toolkit.document import Document from prompt_toolkit.filters import Condition from prompt_toolkit.layout.containers import ( - Window, HSplit, Dimension, ConditionalContainer + ConditionalContainer, + Dimension, + HSplit, + Window, ) from prompt_toolkit.layout.controls import BufferControl from prompt_toolkit.widgets import Box @@ -31,14 +34,9 @@ class WizardSectionTab: def _get_container(self): content = f" {self._definition['shortname']}" - buffer = Buffer( - document=Document(content), - read_only=True - ) + buffer = Buffer(document=Document(content), read_only=True) return Window( - content=BufferControl( - buffer=buffer, focusable=False - ), + content=BufferControl(buffer=buffer, focusable=False), style=self._get_style, width=Dimension.exact(len(content) + 1), dont_extend_height=True, @@ -66,12 +64,12 @@ class WizardSectionBody: return ConditionalContainer( Box( HSplit( - self._create_prompts_from_section_definition(), - padding=1 + self._create_prompts_from_section_definition(), padding=1 ), - padding_left=2, padding_top=1 + padding_left=2, + padding_top=1, ), - Condition(self._is_current_section) + Condition(self._is_current_section), ) def _is_current_section(self): diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/selectmenu.py 2.31.35-1/awscli/customizations/wizard/ui/selectmenu.py --- 2.23.6-1/awscli/customizations/wizard/ui/selectmenu.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/selectmenu.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,22 +10,21 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -from __future__ import unicode_literals from prompt_toolkit import Application from prompt_toolkit.application import get_app from prompt_toolkit.buffer import Buffer -from prompt_toolkit.utils import get_cwidth -from prompt_toolkit.layout import Layout, FloatContainer, Float -from prompt_toolkit.layout.controls import UIControl, UIContent -from prompt_toolkit.layout.screen import Point -from prompt_toolkit.layout.dimension import Dimension from prompt_toolkit.key_binding.key_bindings import KeyBindings -from prompt_toolkit.layout.margins import ScrollbarMargin +from prompt_toolkit.layout import Float, FloatContainer, Layout from prompt_toolkit.layout.containers import ScrollOffsets, Window +from prompt_toolkit.layout.controls import UIContent, UIControl +from prompt_toolkit.layout.dimension import Dimension +from prompt_toolkit.layout.margins import ScrollbarMargin +from prompt_toolkit.layout.screen import Point +from prompt_toolkit.utils import get_cwidth def select_menu(items, display_format=None, max_height=10): - """ Presents a list of options and allows the user to select one. + """Presents a list of options and allows the user to select one. This presents a static list of options and prompts the user to select one. This is similar to a completion menu but is different in that it does not @@ -64,7 +63,8 @@ def select_menu(items, display_format=No # limit the height and width of the window. content = FloatContainer( Window(height=Dimension(min=min_height, max=min_height)), - [Float(menu_window, top=0, left=0)]) + [Float(menu_window, top=0, left=0)], + ) app = Application( layout=Layout(content), key_bindings=app_bindings, @@ -84,7 +84,7 @@ def _trim_text(text, max_width): if width > max_width: # When there are no double width characters, just use slice operation. if len(text) == width: - trimmed_text = (text[:max(1, max_width - 3)] + '...')[:max_width] + trimmed_text = (text[: max(1, max_width - 3)] + '...')[:max_width] return trimmed_text, len(trimmed_text) # Otherwise, loop until we have the desired width. (Rather @@ -151,13 +151,13 @@ class SelectionMenuControl(UIControl): def create_content(self, width, height): def get_line(i): item = self._get_items()[i] - is_selected = (i == self._selection) + is_selected = i == self._selection return self._menu_item_fragment(item, is_selected, width) return UIContent( get_line=get_line, cursor_position=Point(x=0, y=self._selection or 0), - line_count=len(self._get_items()) + line_count=len(self._get_items()), ) def _move_cursor(self, delta): @@ -190,8 +190,15 @@ class SelectionMenuControl(UIControl): class CollapsableSelectionMenuControl(SelectionMenuControl): """Menu that collapses to text with selection when loses focus""" - def __init__(self, items, display_format=None, cursor='>', - selection_capture_buffer=None, on_toggle=None): + + def __init__( + self, + items, + display_format=None, + cursor='>', + selection_capture_buffer=None, + on_toggle=None, + ): super().__init__(items, display_format=display_format, cursor=cursor) if not selection_capture_buffer: selection_capture_buffer = Buffer() @@ -204,6 +211,7 @@ class CollapsableSelectionMenuControl(Se self._has_ever_entered_select_menu = True return super().create_content(width, height) else: + def get_line(i): content = '' if self._has_ever_entered_select_menu: @@ -212,11 +220,11 @@ class CollapsableSelectionMenuControl(Se return UIContent(get_line=get_line, line_count=1) - def preferred_height(self, width, max_height, wrap_lines, - get_line_prefix): + def preferred_height(self, width, max_height, wrap_lines, get_line_prefix): if get_app().layout.has_focus(self): return super().preferred_height( - width, max_height, wrap_lines, get_line_prefix) + width, max_height, wrap_lines, get_line_prefix + ) else: return 1 diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/style.py 2.31.35-1/awscli/customizations/wizard/ui/style.py --- 2.23.6-1/awscli/customizations/wizard/ui/style.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/style.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,26 +16,25 @@ from prompt_toolkit.utils import is_wind def get_default_style(): basic_styles = [ - # Wizard-specific classes - ('wizard', ''), - ('wizard.title', 'underline bold'), - ('wizard.prompt.description', 'bold'), - ('wizard.prompt.description.current', 'white'), - ('wizard.prompt.answer', 'bg:#aaaaaa black'), - ('wizard.prompt.answer.current', 'white'), - ('wizard.section.tab.current', 'white'), - ('wizard.section.tab.unvisited', '#777777'), - ('wizard.section.tab.visited', ''), - ('wizard.dialog', ''), - ('wizard.dialog frame.label', 'white bold'), - ('wizard.dialog.save frame.label', 'black bold'), - ('wizard.dialog.body', 'bg:#aaaaaa black'), - ('wizard.error', 'bg:#550000 #ffffff'), - - # Prompt-toolkit built-in classes - ('button.focused', 'bg:#777777 white'), - ('completion-menu.completion', 'underline'), - ] + # Wizard-specific classes + ('wizard', ''), + ('wizard.title', 'underline bold'), + ('wizard.prompt.description', 'bold'), + ('wizard.prompt.description.current', 'white'), + ('wizard.prompt.answer', 'bg:#aaaaaa black'), + ('wizard.prompt.answer.current', 'white'), + ('wizard.section.tab.current', 'white'), + ('wizard.section.tab.unvisited', '#777777'), + ('wizard.section.tab.visited', ''), + ('wizard.dialog', ''), + ('wizard.dialog frame.label', 'white bold'), + ('wizard.dialog.save frame.label', 'black bold'), + ('wizard.dialog.body', 'bg:#aaaaaa black'), + ('wizard.error', 'bg:#550000 #ffffff'), + # Prompt-toolkit built-in classes + ('button.focused', 'bg:#777777 white'), + ('completion-menu.completion', 'underline'), + ] if is_windows(): os_related_styles = [ ('wizard.section.tab', 'bold black'), diff -pruN 2.23.6-1/awscli/customizations/wizard/ui/utils.py 2.31.35-1/awscli/customizations/wizard/ui/utils.py --- 2.23.6-1/awscli/customizations/wizard/ui/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/ui/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,7 +12,7 @@ # language governing permissions and limitations under the License. from prompt_toolkit.buffer import Buffer from prompt_toolkit.document import Document -from prompt_toolkit.layout.containers import Window, Dimension +from prompt_toolkit.layout.containers import Dimension, Window from prompt_toolkit.layout.controls import BufferControl @@ -28,7 +28,8 @@ def get_ui_control_by_buffer_name(layout if hasattr(control, 'buffer') and control.buffer.name == buffer_name: return control raise ValueError( - f"Couldn't find buffer in the current layout: {buffer_name}") + f"Couldn't find buffer in the current layout: {buffer_name}" + ) def move_to_previous_prompt(app): @@ -37,13 +38,15 @@ def move_to_previous_prompt(app): show_details_if_visible_by_default(app, previous_prompt) refresh_details_view(app, previous_prompt) previous_control = get_ui_control_by_buffer_name( - app.layout, previous_prompt) + app.layout, previous_prompt + ) app.layout.focus(previous_control) def show_details_if_visible_by_default(app, prompt): - app.details_visible = \ - app.traverser.is_prompt_details_visible_by_default(prompt) + app.details_visible = app.traverser.is_prompt_details_visible_by_default( + prompt + ) def refresh_details_view(app, prompt): @@ -59,19 +62,13 @@ class Spacer: element such as expanding tab column in the wizard app with the color gray. """ + def __init__(self): self.container = self._get_container() def _get_container(self): - buffer = Buffer( - document=Document(''), - read_only=True - ) - return Window( - content=BufferControl( - buffer=buffer, focusable=False - ) - ) + buffer = Buffer(document=Document(''), read_only=True) + return Window(content=BufferControl(buffer=buffer, focusable=False)) def __pt_container__(self): return self.container @@ -79,5 +76,6 @@ class Spacer: class FullyExtendedWidthWindow(Window): """Window that fully extends its available width""" + def preferred_width(self, max_available_width): return Dimension(preferred=max_available_width) diff -pruN 2.23.6-1/awscli/customizations/wizard/wizards/lambda/new-function.yml 2.31.35-1/awscli/customizations/wizard/wizards/lambda/new-function.yml --- 2.23.6-1/awscli/customizations/wizard/wizards/lambda/new-function.yml 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/customizations/wizard/wizards/lambda/new-function.yml 2025-11-12 19:17:29.000000000 +0000 @@ -132,7 +132,7 @@ __OUTPUT__: Wizard successfully created Lambda Function: Function name: {function_name} Function ARN: {function_arn} - + {% if {preview_type} == preview_cli_command %} Steps to create function is equivalent to running the following sample AWS CLI commands: diff -pruN 2.23.6-1/awscli/data/metadata.json 2.31.35-1/awscli/data/metadata.json --- 2.23.6-1/awscli/data/metadata.json 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/data/metadata.json 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ { "distribution_source": "source" -} \ No newline at end of file +} diff -pruN 2.23.6-1/awscli/errorhandler.py 2.31.35-1/awscli/errorhandler.py --- 2.23.6-1/awscli/errorhandler.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/errorhandler.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,23 +14,29 @@ import logging import signal from botocore.exceptions import ( - NoRegionError, NoCredentialsError, ClientError, + ClientError, + NoCredentialsError, + NoRegionError, +) +from botocore.exceptions import ( ParamValidationError as BotocoreParamValidationError, ) +from awscli.argparser import USAGE, ArgParseException from awscli.argprocess import ParamError, ParamSyntaxError from awscli.arguments import UnknownArgumentError -from awscli.argparser import ArgParseException, USAGE +from awscli.autoprompt.factory import PrompterKeyboardInterrupt from awscli.constants import ( - PARAM_VALIDATION_ERROR_RC, CONFIGURATION_ERROR_RC, CLIENT_ERROR_RC, - GENERAL_ERROR_RC + CLIENT_ERROR_RC, + CONFIGURATION_ERROR_RC, + GENERAL_ERROR_RC, + PARAM_VALIDATION_ERROR_RC, ) -from awscli.utils import PagerInitializationException -from awscli.autoprompt.factory import PrompterKeyboardInterrupt from awscli.customizations.exceptions import ( - ParamValidationError, ConfigurationError + ConfigurationError, + ParamValidationError, ) - +from awscli.utils import PagerInitializationException LOG = logging.getLogger(__name__) @@ -40,7 +46,7 @@ def construct_entry_point_handlers_chain ParamValidationErrorsHandler(), PrompterInterruptExceptionHandler(), InterruptExceptionHandler(), - GeneralExceptionHandler() + GeneralExceptionHandler(), ] return ChainedExceptionHandler(exception_handlers=handlers) @@ -55,7 +61,7 @@ def construct_cli_error_handlers_chain() PagerErrorHandler(), InterruptExceptionHandler(), ClientErrorHandler(), - GeneralExceptionHandler() + GeneralExceptionHandler(), ] return ChainedExceptionHandler(exception_handlers=handlers) @@ -84,8 +90,11 @@ class FilteredExceptionHandler(BaseExcep class ParamValidationErrorsHandler(FilteredExceptionHandler): EXCEPTIONS_TO_HANDLE = ( - ParamError, ParamSyntaxError, ArgParseException, - ParamValidationError, BotocoreParamValidationError + ParamError, + ParamSyntaxError, + ArgParseException, + ParamValidationError, + BotocoreParamValidationError, ) RC = PARAM_VALIDATION_ERROR_RC @@ -108,7 +117,9 @@ class ConfigurationErrorHandler(Filtered class NoRegionErrorHandler(FilteredExceptionHandler): EXCEPTIONS_TO_HANDLE = NoRegionError RC = CONFIGURATION_ERROR_RC - MESSAGE = '%s You can also configure your region by running "aws configure".' + MESSAGE = ( + '%s You can also configure your region by running "aws configure".' + ) class NoCredentialsErrorHandler(FilteredExceptionHandler): diff -pruN 2.23.6-1/awscli/examples/apigatewaymanagementapi/post-to-connection.rst 2.31.35-1/awscli/examples/apigatewaymanagementapi/post-to-connection.rst --- 2.23.6-1/awscli/examples/apigatewaymanagementapi/post-to-connection.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewaymanagementapi/post-to-connection.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ The following ``post-to-connection`` exa aws apigatewaymanagementapi post-to-connection \ --connection-id L0SM9cOFvHcCIhw= \ - --data "Hello from API Gateway!" \ + --data 'SGVsbG8gZnJvbSBBUEkgR2F0ZXdheSE=' \ --endpoint-url https://aabbccddee.execute-api.us-west-2.amazonaws.com/prod This command produces no output. diff -pruN 2.23.6-1/awscli/examples/apigatewayv2/create-routing-rule.rst 2.31.35-1/awscli/examples/apigatewayv2/create-routing-rule.rst --- 2.23.6-1/awscli/examples/apigatewayv2/create-routing-rule.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewayv2/create-routing-rule.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +**To create a routing rule** + +The following ``create-routing-rule`` example creates a routing rule with a priority of ``50``. :: + + aws apigatewayv2 create-routing-rule \ + --domain-name 'regional.example.com' \ + --priority 50 \ + --conditions '[ \ + { \ + "MatchBasePaths": { \ + "AnyOf": [ \ + "PetStoreShopper" \ + ] \ + } \ + } \ + ]' \ + --actions '[ \ + { \ + "InvokeApi": { \ + "ApiId": "abcd1234", \ + "Stage": "prod" \ + } \ + } \ + ]' + +Output:: + + { + "Actions": [ + { + "InvokeApi": { + "ApiId": "abcd1234", + "Stage": "prod", + "StripBasePath": false + } + } + ], + "Conditions": [ + { + "MatchBasePaths": { + "AnyOf": [ + "PetStoreShopper" + ] + } + } + ], + "Priority": 50, + "RoutingRuleArn": "arn:aws:apigateway:us-east-2:123456789012:/domainnames/regional.example.com/routingrules/aaa111", + "RoutingRuleId": "aaa111" + } + +For more information, see `Routing rules to connect API stages to a custom domain name for REST APIs `__ in the *Amazon API Gateway Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/apigatewayv2/delete-routing-rule.rst 2.31.35-1/awscli/examples/apigatewayv2/delete-routing-rule.rst --- 2.23.6-1/awscli/examples/apigatewayv2/delete-routing-rule.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewayv2/delete-routing-rule.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To delete a routing rule** + +The following ``delete-routing-rule`` example deletes a routing rule for a custom domain name. :: + + aws apigatewayv2 delete-routing-rule \ + --domain-name 'regional.example.com' \ + --routing-rule-id aaa111 + +This command produces no output. + +For more information, see `Routing rules to connect API stages to a custom domain name for REST APIs `__ in the *Amazon API Gateway Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/apigatewayv2/get-routing-rule.rst 2.31.35-1/awscli/examples/apigatewayv2/get-routing-rule.rst --- 2.23.6-1/awscli/examples/apigatewayv2/get-routing-rule.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewayv2/get-routing-rule.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**To get a routing rule** + +The following ``get-routing-rule`` example gets a routing rule for a domain name. :: + + aws apigatewayv2 get-routing-rule \ + --domain-name 'regional.example.com' \ + --routing-rule-id aaa111 + +Output:: + + { + "Actions": [ + { + "InvokeApi": { + "ApiId": "abcd1234", + "Stage": "prod", + "StripBasePath": false + } + } + ], + "Conditions": [ + { + "MatchBasePaths": { + "AnyOf": [ + "PetStoreShopper" + ] + } + } + ], + "Priority": 50, + "RoutingRuleArn": "arn:aws:apigateway:us-east-2:123456789012:/domainnames/regional.example.com/routingrules/aaa111", + "RoutingRuleId": "aaa111" + } + +For more information, see `Routing rules to connect API stages to a custom domain name for REST APIs `__ in the *Amazon API Gateway Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/apigatewayv2/list-routing-rules.rst 2.31.35-1/awscli/examples/apigatewayv2/list-routing-rules.rst --- 2.23.6-1/awscli/examples/apigatewayv2/list-routing-rules.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewayv2/list-routing-rules.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,38 @@ +**To list routing rules** + +The following ``list-routing-rules`` example lists the routing rules for a domain name. :: + + aws apigatewayv2 list-routing-rules \ + --domain-name 'regional.example.com' + +Output:: + + { + "RoutingRules": [ + { + "Actions": [ + { + "InvokeApi": { + "ApiId": "abcd1234", + "Stage": "prod", + "StripBasePath": false + } + } + ], + "Conditions": [ + { + "MatchBasePaths": { + "AnyOf": [ + "PetStoreShopper" + ] + } + } + ], + "Priority": 150, + "RoutingRuleArn": "arn:aws:apigateway:us-east-1:123456789012:/domainnames/regional.example.com/routingrules/aaa111", + "RoutingRuleId": "aaa111" + } + ] + } + +For more information, see `Routing rules to connect API stages to a custom domain name for REST APIs `__ in the *Amazon API Gateway Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/apigatewayv2/put-routing-rule.rst 2.31.35-1/awscli/examples/apigatewayv2/put-routing-rule.rst --- 2.23.6-1/awscli/examples/apigatewayv2/put-routing-rule.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/apigatewayv2/put-routing-rule.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,52 @@ +**To update a routing rule** + +The following ``put-routing-rule`` example updates the priority of a routing rule. :: + + aws apigatewayv2 put-routing-rule \ + --domain-name 'regional.example.com' \ + --priority 150 \ + --conditions '[ \ + { \ + "MatchBasePaths": { \ + "AnyOf": [ \ + "PetStoreShopper" \ + ] \ + } \ + } \ + ]' \ + --actions '[ \ + { \ + "InvokeApi": { \ + "ApiId": "abcd1234", \ + "Stage": "prod" \ + } \ + } \ + ]' + +Output:: + + { + "Actions": [ + { + "InvokeApi": { + "ApiId": "abcd1234", + "Stage": "prod", + "StripBasePath": false + } + } + ], + "Conditions": [ + { + "MatchBasePaths": { + "AnyOf": [ + "PetStoreShopper" + ] + } + } + ], + "Priority": 150, + "RoutingRuleArn": "arn:aws:apigateway:us-east-2:123456789012:/domainnames/regional.example.com/routingrules/aaa111", + "RoutingRuleId": "aaa111" + } + +For more information, see `Routing rules to connect API stages to a custom domain name for REST APIs `__ in the *Amazon API Gateway Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/application-signals/batch-get-service-level-objective-budget-report.rst 2.31.35-1/awscli/examples/application-signals/batch-get-service-level-objective-budget-report.rst --- 2.23.6-1/awscli/examples/application-signals/batch-get-service-level-objective-budget-report.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/batch-get-service-level-objective-budget-report.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,99 @@ +**To retrieve one or more service level objective (SLO) budget reports.** + +The following ``batch-get-service-level-objective-budget-report`` example retrieves one or more service level objective (SLO) budget reports. :: + + aws application-signals batch-get-service-level-objective-budget-report \ + --timestamp 1735059869 \ + --slo-ids "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName1" "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName2" + +Output:: + + { + "Timestamp": "2024-12-24T22:34:29+05:30", + "Reports": [{ + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName1", + "Name": "Your SLO Name", + "EvaluationType": "PeriodBased", + "BudgetStatus": "OK", + "Attainment": 100.0, + "TotalBudgetSeconds": 6048, + "BudgetSecondsRemaining": 6048, + "Sli": { + "SliMetric": { + "MetricDataQueries": [{ + "Id": "m1", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [{ + "Name": "InstanceId", + "Value": "i-0e098765432522" + }] + }, + "Period": 60, + "Stat": "Average" + }, + "ReturnData": true + }] + }, + "MetricThreshold": 200.0, + "ComparisonOperator": "LessThanOrEqualTo" + }, + "Goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 7 + } + }, + "AttainmentGoal": 99.0, + "WarningThreshold": 50.0 + } + }, + { + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName2", + "Name": "test", + "EvaluationType": "PeriodBased", + "BudgetStatus": "BREACHED", + "Attainment": 97.39583275, + "TotalBudgetSeconds": 86, + "BudgetSecondsRemaining": -2154, + "Sli": { + "SliMetric": { + "MetricDataQueries": [{ + "Id": "cwMetric", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [{ + "Name": "InstanceId", + "Value": "i-0e12345678922" + }] + }, + "Period": 300, + "Stat": "Average" + }, + "ReturnData": true + }] + }, + "MetricThreshold": 5.0, + "ComparisonOperator": "GreaterThan" + }, + "Goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 1 + } + }, + "AttainmentGoal": 99.9, + "WarningThreshold": 30.0 + } + } + ], + "Errors": [] + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/create-service-level-objective.rst 2.31.35-1/awscli/examples/application-signals/create-service-level-objective.rst --- 2.23.6-1/awscli/examples/application-signals/create-service-level-objective.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/create-service-level-objective.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,88 @@ +**To create a service level objective (SLO)** + +The following ``create-service-level-objective`` example creates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. :: + + aws application-signals create-service-level-objective \ + --name "SLOName" \ + --description "Description of your SLO" \ + --sli-config file://sli-config.json + +Contents of ``sli-config.json``:: + + { + "SliMetricConfig": { + "MetricDataQueries": [ + { + "Id": "m1", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [ + { + "Name": "InstanceId", + "Value": "i-0e5a1234561522" + } + ] + }, + "Period": 60, + "Stat": "Average" + }, + "ReturnData": true + } + ] + }, + "MetricThreshold": 200, + "ComparisonOperator": "LessThanOrEqualTo" + } + +Output:: + + { + "Slo": { + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName", + "Name": "SLOName", + "Description": "Description of your SLO", + "CreatedTime": "2024-12-27T08:16:09.032000+05:30", + "LastUpdatedTime": "2024-12-27T08:16:09.032000+05:30", + "Sli": { + "SliMetric": { + "MetricDataQueries": [ + { + "Id": "m1", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [ + { + "Name": "InstanceId", + "Value": "i-0e59876543234522" + } + ] + }, + "Period": 60, + "Stat": "Average" + }, + "ReturnData": true + } + ] + }, + "MetricThreshold": 200.0, + "ComparisonOperator": "LessThanOrEqualTo" + }, + "EvaluationType": "PeriodBased", + "Goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 7 + } + }, + "AttainmentGoal": 99.0, + "WarningThreshold": 50.0 + } + } + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/delete-service-level-objective.rst 2.31.35-1/awscli/examples/application-signals/delete-service-level-objective.rst --- 2.23.6-1/awscli/examples/application-signals/delete-service-level-objective.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/delete-service-level-objective.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To delete the specified service level objective.** + +The following ``delete-service-level-objective`` example deletes the specified service level objective. :: + + aws application-signals delete-service-level-objective \ + --id "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName" + +This command produces no output. + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/get-service-level-objective.rst 2.31.35-1/awscli/examples/application-signals/get-service-level-objective.rst --- 2.23.6-1/awscli/examples/application-signals/get-service-level-objective.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/get-service-level-objective.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,53 @@ +**To return information about one SLO created in the account** + +The following ``get-service-level-objective`` example returns information about one SLO created in the account. :: + + aws application-signals get-service-level-objective \ + --id "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName" + +Output:: + + { + "Slo": { + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName", + "Name": "SLOName", + "Description": "Description of your SLO", + "CreatedTime": "2024-12-24T22:19:18.624000+05:30", + "LastUpdatedTime": "2024-12-24T22:19:55.280000+05:30", + "Sli": { + "SliMetric": { + "MetricDataQueries": [{ + "Id": "m1", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [{ + "Name": "InstanceId", + "Value": "i-0e0987654321522" + }] + }, + "Period": 60, + "Stat": "Average" + }, + "ReturnData": true + }] + }, + "MetricThreshold": 200.0, + "ComparisonOperator": "LessThanOrEqualTo" + }, + "EvaluationType": "PeriodBased", + "Goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 7 + } + }, + "AttainmentGoal": 99.0, + "WarningThreshold": 50.0 + } + } + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/get-service.rst 2.31.35-1/awscli/examples/application-signals/get-service.rst --- 2.23.6-1/awscli/examples/application-signals/get-service.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/get-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,72 @@ +**To return information about a service discovered by Application Signals** + +The following ``get-service`` example returns information about a service discovered by Application Signals. :: + + aws application-signals get-service \ + --start-time 1732704000 \ + --end-time 1732714500 \ + --key-attributes Environment=lambda:default,Name=hello-world-python,Type=Service + +Output:: + + { + "Service": { + "KeyAttributes": { + "Environment": "lambda:default", + "Name": "hello-world-python", + "Type": "Service" + }, + "AttributeMaps": [{ + "Lambda.Function.Name": "hello-world-python", + "PlatformType": "AWS::Lambda" + }], + "MetricReferences": [{ + "Namespace": "ApplicationSignals", + "MetricType": "LATENCY", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Latency" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "FAULT", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Fault" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "ERROR", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Error" + }], + "LogGroupReferences": [{ + "Identifier": "/aws/lambda/hello-world-python", + "ResourceType": "AWS::Logs::LogGroup", + "Type": "AWS::Resource" + }] + }, + "StartTime": "2024-11-27T10:00:00+00:00", + "EndTime": "2024-11-27T14:00:01+00:00", + "LogGroupReferences": [{ + "Identifier": "/aws/lambda/hello-world-python", + "ResourceType": "AWS::Logs::LogGroup", + "Type": "AWS::Resource" + }] + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-service-dependencies.rst 2.31.35-1/awscli/examples/application-signals/list-service-dependencies.rst --- 2.23.6-1/awscli/examples/application-signals/list-service-dependencies.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-service-dependencies.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,96 @@ +**To return a list of service dependencies of the service that you specify** + +The following ``list-service-dependencies`` example returns a list of service dependencies of the service that you specify. :: + + aws application-signals list-service-dependencies \ + --start-time 1732021200 \ + --end-time 1732107600 \ + --key-attributes Environment=api-gateway:prod, Name=PetAdoptionStatusUpdater,Type=Service + +Output:: + + { + "ServiceDependencies": [{ + "OperationName": "PUT /prod", + "DependencyKeyAttributes": { + "Environment": "lambda:default", + "Name": "Services-name", + "Type": "Service" + }, + "DependencyOperationName": "Invoke", + "MetricReferences": [{ + "Namespace": "ApplicationSignals", + "MetricType": "LATENCY", + "Dimensions": [{ + "Name": "Environment", + "Value": "api-gateway:prod" + }, { + "Name": "Operation", + "Value": "PUT /prod" + }, { + "Name": "RemoteEnvironment", + "Value": "lambda:default" + }, { + "Name": "RemoteOperation", + "Value": "Invoke" + }, { + "Name": "RemoteService", + "Value": "Services-name" + }, { + "Name": "Service", + "Value": "PetAdoptionStatusUpdater" + }], + "MetricName": "Latency" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "FAULT", + "Dimensions": [{ + "Name": "Environment", + "Value": "api-gateway:prod" + }, { + "Name": "Operation", + "Value": "PUT /prod" + }, { + "Name": "RemoteEnvironment", + "Value": "lambda:default" + }, { + "Name": "RemoteOperation", + "Value": "Invoke" + }, { + "Name": "RemoteService", + "Value": "Services-name" + }, { + "Name": "Service", + "Value": "PetAdoptionStatusUpdater" + }], + "MetricName": "Fault" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "ERROR", + "Dimensions": [{ + "Name": "Environment", + "Value": "api-gateway:prod" + }, { + "Name": "Operation", + "Value": "PUT /prod" + }, { + "Name": "RemoteEnvironment", + "Value": "lambda:default" + }, { + "Name": "RemoteOperation", + "Value": "Invoke" + }, { + "Name": "RemoteService", + "Value": "Services-name" + }, { + "Name": "Service", + "Value": "PetAdoptionStatusUpdater" + }], + "MetricName": "Error" + }] + }], + "StartTime": "2024-11-19T13:00:00+00:00", + "EndTime": "2024-11-20T13:00:01+00:00" + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-service-dependents.rst 2.31.35-1/awscli/examples/application-signals/list-service-dependents.rst --- 2.23.6-1/awscli/examples/application-signals/list-service-dependents.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-service-dependents.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,36 @@ +**To return the list of dependents that invoked the specified service during the provided time range** + +The following ``list-service-dependents`` example returns the list of dependents that invoked the specified service during the provided time range. :: + + aws application-signals list-service-dependents \ + --start-time 1732021200 \ + --end-time 1732107600 \ + --key-attributes Environment=generic:default,Name=PetSite,Type=Service + +Output:: + + { + "ServiceDependents": [{ + "OperationName": "", + "DependentKeyAttributes": { + "Identifier": "pet-api-canary-hao", + "ResourceType": "AWS::Synthetics::Canary", + "Type": "AWS::Resource" + }, + "DependentOperationName": "", + "MetricReferences": [] + }, { + "OperationName": "", + "DependentKeyAttributes": { + "Identifier": "PetSite", + "ResourceType": "AWS::Synthetics::Canary", + "Type": "AWS::Resource" + }, + "DependentOperationName": "", + "MetricReferences": [] + }], + "StartTime": "2024-12-24T05:00:00+00:00", + "EndTime": "2024-12-25T06:00:01+00:00" + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-service-level-objectives.rst 2.31.35-1/awscli/examples/application-signals/list-service-level-objectives.rst --- 2.23.6-1/awscli/examples/application-signals/list-service-level-objectives.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-service-level-objectives.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To return a list of SLOs created in this account.** + +The following ``list-service-level-objectives`` example returns a list of SLOs created in this account. :: + + aws application-signals list-service-level-objectives + +Output:: + + { + "SloSummaries": [{ + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/test", + "Name": "test", + "CreatedTime": "2024-12-24T22:01:21.116000+05:30" + }] + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-service-operations.rst 2.31.35-1/awscli/examples/application-signals/list-service-operations.rst --- 2.23.6-1/awscli/examples/application-signals/list-service-operations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-service-operations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,63 @@ +**To return a list of the operations of this service that have been discovered by Application Signals** + +The following ``list-service-operations`` example returns a list of the operations of this service that have been discovered by Application Signals. :: + + aws application-signals list-service-operations \ + --start-time 1735017423 \ + --end-time 1735103823 \ + --key-attributes Environment=generic:default,Name=payforadoption,Type=Service + +Output:: + + { + "ServiceOperations": [{ + "Name": "POST /api", + "MetricReferences": [{ + "Namespace": "ApplicationSignals", + "MetricType": "LATENCY", + "Dimensions": [{ + "Name": "Environment", + "Value": "generic:default" + }, { + "Name": "Operation", + "Value": "POST /api" + }, { + "Name": "Service", + "Value": "payforadoption" + }], + "MetricName": "Latency" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "FAULT", + "Dimensions": [{ + "Name": "Environment", + "Value": "generic:default" + }, { + "Name": "Operation", + "Value": "POST /api" + }, { + "Name": "Service", + "Value": "payforadoption" + }], + "MetricName": "Fault" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "ERROR", + "Dimensions": [{ + "Name": "Environment", + "Value": "generic:default" + }, { + "Name": "Operation", + "Value": "POST /api" + }, { + "Name": "Service", + "Value": "payforadoption" + }], + "MetricName": "Error" + }] + }], + "StartTime": "2024-12-24T05:00:00+00:00", + "EndTime": "2024-12-25T06:00:01+00:00" + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-services.rst 2.31.35-1/awscli/examples/application-signals/list-services.rst --- 2.23.6-1/awscli/examples/application-signals/list-services.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-services.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,61 @@ +**To return a list of services that have been discovered by Application Signals** + +The following ``list-services`` example returns a list of services that have been discovered by Application Signals. :: + + aws application-signals list-services \ + --start-time 1734918791 \ + --end-time 1734965591 + +Output:: + + { + "ServiceSummaries": [{ + "KeyAttributes": { + "Environment": "lambda:default", + "Name": "hello-world-python", + "Type": "Service" + }, + "AttributeMaps": [{ + "Lambda.Function.Name": "hello-world-python", + "PlatformType": "AWS::Lambda" + }], + "MetricReferences": [{ + "Namespace": "ApplicationSignals", + "MetricType": "LATENCY", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Latency" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "FAULT", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Fault" + }, { + "Namespace": "ApplicationSignals", + "MetricType": "ERROR", + "Dimensions": [{ + "Name": "Environment", + "Value": "lambda:default" + }, { + "Name": "Service", + "Value": "hello-world-python" + }], + "MetricName": "Error" + }] + }], + "StartTime": "2024-11-27T10:00:00+00:00", + "EndTime": "2024-11-27T14:00:01+00:00" + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/list-tags-for-resource.rst 2.31.35-1/awscli/examples/application-signals/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/application-signals/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/list-tags-for-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To display the tags associated with a CloudWatch resource** + +The following ``list-tags-for-resource`` example displays the tags associated with a CloudWatch resource. :: + + aws application-signals list-tags-for-resource \ + --resource-arn "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName" + +Output:: + + { + "Tags": [{ + "Key": "test", + "Value": "value" + }] + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/start-discovery.rst 2.31.35-1/awscli/examples/application-signals/start-discovery.rst --- 2.23.6-1/awscli/examples/application-signals/start-discovery.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/start-discovery.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,9 @@ +**To enable this Amazon Web Services account to be able to use CloudWatch Application Signals** + +The following ``start-discovery`` example enables this Amazon Web Services account to be able to use CloudWatch Application Signals by creating the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role. :: + + aws application-signals start-discovery + +This command produces no output. + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/tag-resource.rst 2.31.35-1/awscli/examples/application-signals/tag-resource.rst --- 2.23.6-1/awscli/examples/application-signals/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/tag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To assigns one or more tags (key-value pairs) to the specified CloudWatch resource, such as a service level objective** + +The following ``tag-resource`` example assigns one or more tags (key-value pairs) to the specified CloudWatch resource, such as a service level objective. :: + + aws application-signals tag-resource \ + --resource-arn "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName" \ + --tags '{"Key":"test","Value":"value"}' + +This command produces no output. + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/untag-resource.rst 2.31.35-1/awscli/examples/application-signals/untag-resource.rst --- 2.23.6-1/awscli/examples/application-signals/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/untag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To remove one or more tags from the specified resource** + +The following ``untag-resource`` example removes one or more tags from the specified resource. :: + + aws application-signals untag-resource \ + --resource-arn "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName" \ + --tag-keys "test" + +This command produces no output. + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/application-signals/update-service-level-objective.rst 2.31.35-1/awscli/examples/application-signals/update-service-level-objective.rst --- 2.23.6-1/awscli/examples/application-signals/update-service-level-objective.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/application-signals/update-service-level-objective.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,69 @@ +**To update an existing service level objective (SLO)** + +The following ``update-service-level-objective`` example updates an existing service level objective (SLO). :: + + aws application-signals update-service-level-objective \ + --cli-input-json file://update-slo.json + +Contents of ``update-slo.json``:: + + { + "id": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName", + "goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 7 + } + }, + "AttainmentGoal": 90.0, + "WarningThreshold": 50.0 + } + } + +Output:: + + { + "Slo": { + "Arn": "arn:aws:application-signals:us-east-1:123456789101:slo/SLOName", + "Name": "SLOName", + "Description": "Description of your SLO", + "CreatedTime": "2024-12-24T22:19:18.624000+05:30", + "LastUpdatedTime": "2024-12-27T08:51:38.278000+05:30", + "Sli": { + "SliMetric": { + "MetricDataQueries": [{ + "Id": "m1", + "MetricStat": { + "Metric": { + "Namespace": "AWS/EC2", + "MetricName": "CPUUtilization", + "Dimensions": [{ + "Name": "InstanceId", + "Value": "i-00987654345222" + }] + }, + "Period": 60, + "Stat": "Average" + }, + "ReturnData": true + }] + }, + "MetricThreshold": 200.0, + "ComparisonOperator": "LessThanOrEqualTo" + }, + "EvaluationType": "PeriodBased", + "Goal": { + "Interval": { + "RollingInterval": { + "DurationUnit": "DAY", + "Duration": 7 + } + }, + "AttainmentGoal": 90.0, + "WarningThreshold": 50.0 + } + } + } + +For more information, see `Application Signals `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To associate phone numbers with an Amazon Chime Voice Connector group** - -The following ``associate-phone-numbers-with-voice-connector-group`` example associates the specified phone numbers with an Amazon Chime Voice Connector group. :: - - aws chime associate-phone-numbers-with-voice-connector-group \ - --voice-connector-group-id 123a456b-c7d8-90e1-fg23-4h567jkl8901 \ - --e164-phone-numbers "+12065550100" "+12065550101" \ - --force-associate - -Output:: - - { - "PhoneNumberErrors": [] - } - -For more information, see `Working with Amazon Chime Voice Connector groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector.rst 2.31.35-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/associate-phone-numbers-with-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To associate phone numbers with an Amazon Chime Voice Connector** - -The following ``associate-phone-numbers-with-voice-connector`` example associates the specified phone numbers with an Amazon Chime Voice Connector. :: - - aws chime associate-phone-numbers-with-voice-connector \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --e164-phone-numbers "+12065550100" "+12065550101" - --force-associate - -Output:: - - { - "PhoneNumberErrors": [] - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/create-proxy-session.rst 2.31.35-1/awscli/examples/chime/create-proxy-session.rst --- 2.23.6-1/awscli/examples/chime/create-proxy-session.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/create-proxy-session.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -**To create a proxy session** - -The following ``create-proxy-session`` example creates a proxy session with voice and SMS capabilities. :: - - aws chime create-proxy-session \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --participant-phone-numbers "+14015550101" "+12065550100" \ - --capabilities "Voice" "SMS" - -Output:: - - { - "ProxySession": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "ProxySessionId": "123a4bc5-67d8-901e-2f3g-h4ghjk56789l", - "Status": "Open", - "ExpiryMinutes": 60, - "Capabilities": [ - "SMS", - "Voice" - ], - "CreatedTimestamp": "2020-04-15T16:10:10.288Z", - "UpdatedTimestamp": "2020-04-15T16:10:10.288Z", - "Participants": [ - { - "PhoneNumber": "+12065550100", - "ProxyPhoneNumber": "+19135550199" - }, - { - "PhoneNumber": "+14015550101", - "ProxyPhoneNumber": "+19135550199" - } - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/create-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/create-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/create-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/create-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -**To create an Amazon Chime Voice Connector group** - -The following ``create-voice-connector-group`` example creates an Amazon Chime Voice Connector group that includes the specified Amazon Chime Voice Connector. :: - - aws chime create-voice-connector-group \ - --name myGroup \ - --voice-connector-items VoiceConnectorId=abcdef1ghij2klmno3pqr4,Priority=2 - -Output:: - - { - "VoiceConnectorGroup": { - "VoiceConnectorGroupId": "123a456b-c7d8-90e1-fg23-4h567jkl8901", - "Name": "myGroup", - "VoiceConnectorItems": [], - "CreatedTimestamp": "2019-09-18T16:38:34.734Z", - "UpdatedTimestamp": "2019-09-18T16:38:34.734Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connector Groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/create-voice-connector.rst 2.31.35-1/awscli/examples/chime/create-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/create-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/create-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To create an Amazon Chime Voice Connector** - -The following ``create-voice-connector`` example creates an Amazon Chime Voice Connector in the specified AWS Region, with encryption enabled. :: - - aws chime create-voice-connector \ - --name newVoiceConnector \ - --aws-region us-west-2 \ - --require-encryption - -Output:: - - { - "VoiceConnector": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "AwsRegion": "us-west-2", - "Name": "newVoiceConnector", - "OutboundHostName": "abcdef1ghij2klmno3pqr4.voiceconnector.chime.aws", - "RequireEncryption": true, - "CreatedTimestamp": "2019-09-18T20:34:01.352Z", - "UpdatedTimestamp": "2019-09-18T20:34:01.352Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-proxy-session.rst 2.31.35-1/awscli/examples/chime/delete-proxy-session.rst --- 2.23.6-1/awscli/examples/chime/delete-proxy-session.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-proxy-session.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -**To delete a proxy session** - -The following ``delete-proxy-session`` example deletes the specified proxy session. :: - - aws chime delete-proxy-session \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --proxy-session-id 123a4bc5-67d8-901e-2f3g-h4ghjk56789l - -This command produces no output. - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**title** - -The following ``delete-voice-connector-group`` example deletes the specified Amazon Chime Voice Connector group. :: - - aws chime delete-voice-connector-group \ - --voice-connector-group-id 123a456b-c7d8-90e1-fg23-4h567jkl8901 - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connector Groups `__ in the *Amazon Chime Administration Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-origination.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-origination.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-origination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-origination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete origination settings** - -The following ``delete-voice-connector-origination`` example deletes the origination host, port, protocol, priority, and weight from the specified Amazon Chime Voice Connector. :: - - aws chime delete-voice-connector-origination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-proxy.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-proxy.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-proxy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-proxy.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete a proxy configuration** - -The following ``delete-voice-connector-proxy`` example deletes the proxy configuration from your Amazon Chime Voice Connector. :: - - aws chime delete-voice-connector-proxy \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-streaming-configuration.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-streaming-configuration.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-streaming-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-streaming-configuration.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete a streaming configuration** - -The following ``delete-voice-connector-streaming-configuration`` example deletes the streaming configuration for the specified Amazon Chime Voice Connector. :: - - aws chime delete-voice-connector-streaming-configuration \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. - -For more information, see `Streaming Amazon Chime Voice Connector Data to Kinesis `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-termination-credentials.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-termination-credentials.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-termination-credentials.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-termination-credentials.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -**To delete termination credentials** - -The following ``delete-voice-connector-termination-credentials`` example deletes the termination credentials for the specified user name and Amazon Chime Voice Connector. :: - - aws chime delete-voice-connector-termination-credentials \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --usernames "jdoe" - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector-termination.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector-termination.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector-termination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector-termination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete termination settings** - -The following ``delete-voice-connector-termination`` example deletes the termination settings for the specified Amazon Chime Voice Connector. :: - - aws chime delete-voice-connector-termination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/delete-voice-connector.rst 2.31.35-1/awscli/examples/chime/delete-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/delete-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/delete-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete an Amazon Chime Voice Connector** - -The following ``delete-voice-connector`` example doesthis :: - - aws chime delete-voice-connector \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To disassociate phone numbers from an Amazon Chime Voice Connector group** - -The following ``disassociate-phone-numbers-from-voice-connector-group`` example disassociates the specified phone numbers from an Amazon Chime Voice Connector group. :: - - aws chime disassociate-phone-numbers-from-voice-connector-group \ - --voice-connector-group-id 123a456b-c7d8-90e1-fg23-4h567jkl8901 \ - --e164-phone-numbers "+12065550100" "+12065550101" - -Output:: - - { - "PhoneNumberErrors": [] - } - -For more information, see `Working with Amazon Chime Voice Connector Groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector.rst 2.31.35-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/disassociate-phone-numbers-from-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To disassociate phone numbers from an Amazon Chime Voice Connector** - -The following ``disassociate-phone-numbers-from-voice-connector`` example disassociates the specified phone numbers from an Amazon Chime Voice Connector. :: - - aws chime disassociate-phone-numbers-from-voice-connector \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --e164-phone-numbers "+12065550100" "+12065550101" - -Output:: - - { - "PhoneNumberErrors": [] - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-proxy-session.rst 2.31.35-1/awscli/examples/chime/get-proxy-session.rst --- 2.23.6-1/awscli/examples/chime/get-proxy-session.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-proxy-session.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -**To get proxy session details** - -The following ``get-proxy-session`` example lists the details of the specified proxy session. :: - - aws chime get-proxy-session \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --proxy-session-id 123a4bc5-67d8-901e-2f3g-h4ghjk56789l - -Output:: - - { - "ProxySession": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "ProxySessionId": "123a4bc5-67d8-901e-2f3g-h4ghjk56789l", - "Status": "Open", - "ExpiryMinutes": 60, - "Capabilities": [ - "SMS", - "Voice" - ], - "CreatedTimestamp": "2020-04-15T16:10:10.288Z", - "UpdatedTimestamp": "2020-04-15T16:10:10.288Z", - "Participants": [ - { - "PhoneNumber": "+12065550100", - "ProxyPhoneNumber": "+19135550199" - }, - { - "PhoneNumber": "+14015550101", - "ProxyPhoneNumber": "+19135550199" - } - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To get details for an Amazon Chime Voice Connector group** - -The following ``get-voice-connector-group`` example displays details for the specified Amazon Chime Voice Connector group. :: - - aws chime get-voice-connector-group \ - --voice-connector-group-id 123a456b-c7d8-90e1-fg23-4h567jkl8901 - -Output:: - - { - "VoiceConnectorGroup": { - "VoiceConnectorGroupId": "123a456b-c7d8-90e1-fg23-4h567jkl8901", - "Name": "myGroup", - "VoiceConnectorItems": [], - "CreatedTimestamp": "2019-09-18T16:38:34.734Z", - "UpdatedTimestamp": "2019-09-18T16:38:34.734Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connector Groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-logging-configuration.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-logging-configuration.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-logging-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-logging-configuration.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To get logging configuration details** - -The following ``get-voice-connector-logging-configuration`` example retreives the logging configuration details for the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-logging-configuration \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "LoggingConfiguration": { - "EnableSIPLogs": true - } - } - - -For more information, see `Streaming Amazon Chime Voice Connector Media to Kinesis `__ in the *Amazon Chime Administration Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-origination.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-origination.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-origination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-origination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -**To retrieve origination settings** - -The following ``get-voice-connector-origination`` example retrieves the origination host, port, protocol, priority, and weight for the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-origination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "Origination": { - "Routes": [ - { - "Host": "10.24.34.0", - "Port": 1234, - "Protocol": "TCP", - "Priority": 1, - "Weight": 5 - } - ], - "Disabled": false - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-proxy.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-proxy.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-proxy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-proxy.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To get proxy configuration details** - -The following ``get-voice-connector-proxy`` example gets the proxy configuration details for your Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-proxy \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "Proxy": { - "DefaultSessionExpiryMinutes": 60, - "Disabled": false, - "PhoneNumberCountries": [ - "US" - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-streaming-configuration.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-streaming-configuration.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-streaming-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-streaming-configuration.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To get streaming configuration details** - -The following ``get-voice-connector-streaming-configuration`` example gets the streaming configuration details for the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-streaming-configuration \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "StreamingConfiguration": { - "DataRetentionInHours": 24, - "Disabled": false - } - } - -For more information, see `Streaming Amazon Chime Voice Connector Data to Kinesis `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-termination-health.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-termination-health.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-termination-health.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-termination-health.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To retrieve termination health details** - -The following ``get-voice-connector-termination-health`` example retrieves the termination health details for the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-termination-health \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "TerminationHealth": { - "Timestamp": "Fri Aug 23 16:45:55 UTC 2019", - "Source": "10.24.34.0" - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector-termination.rst 2.31.35-1/awscli/examples/chime/get-voice-connector-termination.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector-termination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector-termination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -**To retrieve termination settings** - -The following ``get-voice-connector-termination`` example retrieves the termination settings for the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector-termination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. -Output:: - - { - "Termination": { - "CpsLimit": 1, - "DefaultPhoneNumber": "+12065550100", - "CallingRegions": [ - "US" - ], - "CidrAllowedList": [ - "10.24.34.0/23" - ], - "Disabled": false - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/get-voice-connector.rst 2.31.35-1/awscli/examples/chime/get-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/get-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/get-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -**To get details for an Amazon Chime Voice Connector** - -The following ``get-voice-connector`` example displays the details of the specified Amazon Chime Voice Connector. :: - - aws chime get-voice-connector \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "VoiceConnector": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "AwsRegion": "us-west-2", - "Name": "newVoiceConnector", - "OutboundHostName": "abcdef1ghij2klmno3pqr4.voiceconnector.chime.aws", - "RequireEncryption": true, - "CreatedTimestamp": "2019-09-18T20:34:01.352Z", - "UpdatedTimestamp": "2019-09-18T20:34:01.352Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/list-proxy-sessions.rst 2.31.35-1/awscli/examples/chime/list-proxy-sessions.rst --- 2.23.6-1/awscli/examples/chime/list-proxy-sessions.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/list-proxy-sessions.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -**To list proxy sessions** - -The following ``list-proxy-sessions`` example lists the proxy sessions for your Amazon Chime Voice Connector. :: - - aws chime list-proxy-sessions \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -Output:: - - { - "ProxySession": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "ProxySessionId": "123a4bc5-67d8-901e-2f3g-h4ghjk56789l", - "Status": "Open", - "ExpiryMinutes": 60, - "Capabilities": [ - "SMS", - "Voice" - ], - "CreatedTimestamp": "2020-04-15T16:10:10.288Z", - "UpdatedTimestamp": "2020-04-15T16:10:10.288Z", - "Participants": [ - { - "PhoneNumber": "+12065550100", - "ProxyPhoneNumber": "+19135550199" - }, - { - "PhoneNumber": "+14015550101", - "ProxyPhoneNumber": "+19135550199" - } - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/list-voice-connector-groups.rst 2.31.35-1/awscli/examples/chime/list-voice-connector-groups.rst --- 2.23.6-1/awscli/examples/chime/list-voice-connector-groups.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/list-voice-connector-groups.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -**To list Amazon Chime Voice Connector groups for an Amazon Chime account** - -The following ``list-voice-connector-groups`` example lists the Amazon Chime Voice Connector groups associated with the administrator's Amazon Chime account. :: - - aws chime list-voice-connector-groups - -Output:: - - { - "VoiceConnectorGroups": [ - { - "VoiceConnectorGroupId": "123a456b-c7d8-90e1-fg23-4h567jkl8901", - "Name": "myGroup", - "VoiceConnectorItems": [], - "CreatedTimestamp": "2019-09-18T16:38:34.734Z", - "UpdatedTimestamp": "2019-09-18T16:38:34.734Z" - } - ] - } - -For more information, see `Working with Amazon Chime Voice Connector groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/list-voice-connector-termination-credentials.rst 2.31.35-1/awscli/examples/chime/list-voice-connector-termination-credentials.rst --- 2.23.6-1/awscli/examples/chime/list-voice-connector-termination-credentials.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/list-voice-connector-termination-credentials.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To retrieve a list of termination credentials** - -The following ``list-voice-connector-termination-credentials`` example retrieves a list of the termination credentials for the specified Amazon Chime Voice Connector. :: - - aws chime list-voice-connector-termination-credentials \ - --voice-connector-id abcdef1ghij2klmno3pqr4 - -This command produces no output. -Output:: - - { - "Usernames": [ - "jdoe" - ] - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/list-voice-connectors.rst 2.31.35-1/awscli/examples/chime/list-voice-connectors.rst --- 2.23.6-1/awscli/examples/chime/list-voice-connectors.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/list-voice-connectors.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -**To list Amazon Chime Voice Connectors for an account** - -The following ``list-voice-connectors`` example lists the Amazon Chime Voice Connectors associated with the caller's account. :: - - aws chime list-voice-connectors - -Output:: - - { - "VoiceConnectors": [ - { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "AwsRegion": "us-east-1", - "Name": "MyVoiceConnector", - "OutboundHostName": "abcdef1ghij2klmno3pqr4.voiceconnector.chime.aws", - "RequireEncryption": true, - "CreatedTimestamp": "2019-06-04T18:46:56.508Z", - "UpdatedTimestamp": "2019-09-18T16:33:00.806Z" - }, - { - "VoiceConnectorId": "cbadef1ghij2klmno3pqr5", - "AwsRegion": "us-west-2", - "Name": "newVoiceConnector", - "OutboundHostName": "cbadef1ghij2klmno3pqr5.voiceconnector.chime.aws", - "RequireEncryption": true, - "CreatedTimestamp": "2019-09-18T20:34:01.352Z", - "UpdatedTimestamp": "2019-09-18T20:34:01.352Z" - } - ] - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-logging-configuration.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-logging-configuration.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-logging-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-logging-configuration.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To add a logging configuration for an Amazon Chime Voice Connector** - -The following ``put-voice-connector-logging-configuration`` example turns on the SIP logging configuration for the specified Amazon Chime Voice Connector. :: - - aws chime put-voice-connector-logging-configuration \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --logging-configuration EnableSIPLogs=true - -Output:: - - { - "LoggingConfiguration": { - "EnableSIPLogs": true - } - } - -For more information, see `Streaming Amazon Chime Voice Connector Media to Kinesis `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-origination.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-origination.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-origination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-origination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -**To set up origination settings** - -The following ``put-voice-connector-origination`` example sets up the origination host, port, protocol, priority, and weight for the specified Amazon Chime Voice Connector. :: - - aws chime put-voice-connector-origination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --origination Routes=[{Host="10.24.34.0",Port=1234,Protocol="TCP",Priority=1,Weight=5}],Disabled=false - -Output:: - - { - "Origination": { - "Routes": [ - { - "Host": "10.24.34.0", - "Port": 1234, - "Protocol": "TCP", - "Priority": 1, - "Weight": 5 - } - ], - "Disabled": false - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-proxy.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-proxy.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-proxy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-proxy.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -**To put a proxy configuration** - -The following ``put-voice-connector-proxy`` example sets a proxy configuration to your Amazon Chime Voice Connector. :: - - aws chime put-voice-connector-proxy \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --default-session-expiry-minutes 60 \ - --phone-number-pool-countries "US" - -Output:: - - { - "Proxy": { - "DefaultSessionExpiryMinutes": 60, - "Disabled": false, - "PhoneNumberCountries": [ - "US" - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-streaming-configuration.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-streaming-configuration.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-streaming-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-streaming-configuration.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -**To create a streaming configuration** - -The following ``put-voice-connector-streaming-configuration`` example creates a streaming configuration for the specified Amazon Chime Voice Connector. It enables media streaming from the Amazon Chime Voice Connector to Amazon Kinesis, and sets the data retention period to 24 hours. :: - - aws chime put-voice-connector-streaming-configuration \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --streaming-configuration DataRetentionInHours=24,Disabled=false - -Output:: - - { - "StreamingConfiguration": { - "DataRetentionInHours": 24, - "Disabled": false - } - } - -For more information, see `Streaming Amazon Chime Voice Connector Data to Kinesis `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-termination-credentials.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-termination-credentials.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-termination-credentials.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-termination-credentials.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -**To set up termination credentials** - -The following ``put-voice-connector-termination-credentials`` example sets termination credentials for the specified Amazon Chime Voice Connector. :: - - aws chime put-voice-connector-termination-credentials \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --credentials Username="jdoe",Password="XXXXXXXX" - -This command produces no output. - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/put-voice-connector-termination.rst 2.31.35-1/awscli/examples/chime/put-voice-connector-termination.rst --- 2.23.6-1/awscli/examples/chime/put-voice-connector-termination.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/put-voice-connector-termination.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To set up termination settings** - -The following ``put-voice-connector-termination`` example sets the calling regions and allowed IP host termination settings for the specified Amazon Chime Voice Connector. :: - - aws chime put-voice-connector-termination \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --termination CallingRegions="US",CidrAllowedList="10.24.34.0/23",Disabled=false - -Output:: - - { - "Termination": { - "CpsLimit": 0, - "CallingRegions": [ - "US" - ], - "CidrAllowedList": [ - "10.24.34.0/23" - ], - "Disabled": false - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/update-proxy-session.rst 2.31.35-1/awscli/examples/chime/update-proxy-session.rst --- 2.23.6-1/awscli/examples/chime/update-proxy-session.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/update-proxy-session.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -**To update a proxy session** - -The following ``update-proxy-session`` example updates the proxy session capabilities. :: - - aws chime update-proxy-session \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --proxy-session-id 123a4bc5-67d8-901e-2f3g-h4ghjk56789l \ - --capabilities "Voice" - -Output:: - - { - "ProxySession": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "ProxySessionId": "123a4bc5-67d8-901e-2f3g-h4ghjk56789l", - "Status": "Open", - "ExpiryMinutes": 60, - "Capabilities": [ - "Voice" - ], - "CreatedTimestamp": "2020-04-15T16:10:10.288Z", - "UpdatedTimestamp": "2020-04-15T16:10:10.288Z", - "Participants": [ - { - "PhoneNumber": "+12065550100", - "ProxyPhoneNumber": "+19135550199" - }, - { - "PhoneNumber": "+14015550101", - "ProxyPhoneNumber": "+19135550199" - } - ] - } - } - -For more information, see `Proxy Phone Sessions `__ in the *Amazon Chime Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/update-voice-connector-group.rst 2.31.35-1/awscli/examples/chime/update-voice-connector-group.rst --- 2.23.6-1/awscli/examples/chime/update-voice-connector-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/update-voice-connector-group.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -**To update the details for an Amazon Chime Voice Connector group** - -The following ``update-voice-connector-group`` example updates the details of the specified Amazon Chime Voice Connector group. :: - - aws chime update-voice-connector-group \ - --voice-connector-group-id 123a456b-c7d8-90e1-fg23-4h567jkl8901 \ - --name "newGroupName" \ - --voice-connector-items VoiceConnectorId=abcdef1ghij2klmno3pqr4,Priority=1 - -Output:: - - { - "VoiceConnectorGroup": { - "VoiceConnectorGroupId": "123a456b-c7d8-90e1-fg23-4h567jkl8901", - "Name": "newGroupName", - "VoiceConnectorItems": [ - { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "Priority": 1 - } - ], - "CreatedTimestamp": "2019-09-18T16:38:34.734Z", - "UpdatedTimestamp": "2019-10-28T19:00:57.081Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connector Groups `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/chime/update-voice-connector.rst 2.31.35-1/awscli/examples/chime/update-voice-connector.rst --- 2.23.6-1/awscli/examples/chime/update-voice-connector.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/chime/update-voice-connector.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To update the details for an Amazon Chime Voice Connector** - -The following ``update-voice-connector`` example updates the name of the specified Amazon Chime Voice Connector. :: - - aws chime update-voice-connector \ - --voice-connector-id abcdef1ghij2klmno3pqr4 \ - --name newName \ - --require-encryption - -Output:: - - { - "VoiceConnector": { - "VoiceConnectorId": "abcdef1ghij2klmno3pqr4", - "AwsRegion": "us-west-2", - "Name": "newName", - "OutboundHostName": "abcdef1ghij2klmno3pqr4.voiceconnector.chime.aws", - "RequireEncryption": true, - "CreatedTimestamp": "2019-09-18T20:34:01.352Z", - "UpdatedTimestamp": "2019-09-18T20:40:52.895Z" - } - } - -For more information, see `Working with Amazon Chime Voice Connectors `__ in the *Amazon Chime Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudformation/_package_description.rst 2.31.35-1/awscli/examples/cloudformation/_package_description.rst --- 2.23.6-1/awscli/examples/cloudformation/_package_description.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudformation/_package_description.rst 2025-11-12 19:17:29.000000000 +0000 @@ -40,7 +40,7 @@ For example, if your AWS Lambda function ``/home/user/code/lambdafunction/`` folder, specify ``CodeUri: /home/user/code/lambdafunction`` for the ``AWS::Serverless::Function`` resource. The command returns a template and replaces -the local path with the S3 location: ``CodeUri: s3://mybucket/lambdafunction.zip``. +the local path with the S3 location: ``CodeUri: s3://amzn-s3-demo-bucket/lambdafunction.zip``. If you specify a file, the command directly uploads it to the S3 bucket. If you specify a folder, the command zips the folder and then uploads the .zip file. @@ -49,8 +49,8 @@ current working directory. The exception if you don't specify a ``BodyS3Location``, this command will not upload an artifact to S3. Before the command uploads artifacts, it checks if the artifacts are already -present in the S3 bucket to prevent unnecessary uploads. The command uses MD5 -checksums to compare files. If the values match, the command doesn't upload the -artifacts. Use the ``--force-upload flag`` to skip this check and always upload the -artifacts. +present in the S3 bucket to prevent unnecessary uploads. If the values match, the +command doesn't upload the artifacts. Use the ``--force-upload flag`` to skip this +check and always upload the artifacts. The command uses MD5 checksums to compare +files by default. If MD5 is not available in the environment, a SHA256 checksum is used. diff -pruN 2.23.6-1/awscli/examples/cloudfront/associate-distribution-tenant-web-acl.rst 2.31.35-1/awscli/examples/cloudfront/associate-distribution-tenant-web-acl.rst --- 2.23.6-1/awscli/examples/cloudfront/associate-distribution-tenant-web-acl.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/associate-distribution-tenant-web-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To associate a web ACL with a CloudFront distribution tenant** + +The following ``associate-distribution-tenant-web-acl`` example associates a web ACL with a CloudFront distribution with ETag ``E13V1IB3VIYABC``. :: + + aws cloudfront associate-distribution-tenant-web-acl \ + --id dt_2wjDZi3hD1ivOXf6rpZJO1AB \ + --if-match E13V1IB3VIYABC \ + --web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f37123ABC + +Output:: + + { + "ETag": "E1VC38T7YXBABC", + "Id": "dt_2wjDZi3hD1ivOXf6rpZJO1AB", + "WebACLArn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f37123ABC" + } + +For more information, see `Use AWS WAF protections `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/associate-distribution-web-acl.rst 2.31.35-1/awscli/examples/cloudfront/associate-distribution-web-acl.rst --- 2.23.6-1/awscli/examples/cloudfront/associate-distribution-web-acl.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/associate-distribution-web-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To associate a web ACL with a CloudFront distribution** + +The following ``associate-distribution-web-acl`` example associates a web ACL with a CloudFront distribution. :: + + aws cloudfront associate-distribution-web-acl \ + --id E1XNX8R2GOAABC \ + --if-match E2YWS1C2J3OABC \ + --web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cABC + +Output:: + + { + "ETag": "E3QE7ED60U0ABC", + "Id": "E1XNX8R2GOAABC", + "WebACLArn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cABC" + } + +For more information, see `Use AWS WAF protections `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/create-connection-group.rst 2.31.35-1/awscli/examples/cloudfront/create-connection-group.rst --- 2.23.6-1/awscli/examples/cloudfront/create-connection-group.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/create-connection-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,39 @@ +**To create a connection group in CloudFront** + +The following ``create-connection-group`` example creates an enabled connection group, specifies an Anycast static IP list, and disables IPv6. :: + + aws cloudfront create-connection-group \ + --name cg-with-anycast-ip-list \ + --no-ipv6-enabled \ + --enabled \ + --anycast-ip-list-id aip_CCkW6gKrDiBD4n78123ABC \ + --tags "Items=[{Key=abc,Value=123}]" + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "ConnectionGroup": { + "Id": "cg_2yb6uj74B4PCbfhT31WFdiSABC", + "Name": "cg-with-anycast-ip-list", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2yb6uj74B4PCbfhT31WFdiSABC", + "CreatedTime": "2025-06-16T16:25:50.061000+00:00", + "LastModifiedTime": "2025-06-16T16:25:50.061000+00:00", + "Tags": { + "Items": [ + { + "Key": "abc", + "Value": "123" + } + ] + }, + "Ipv6Enabled": false, + "RoutingEndpoint": "dj6xusxq65abc.cloudfront.net", + "AnycastIpListId": "aip_CCkW6gKrDiBD4n78123ABC", + "Status": "InProgress", + "Enabled": true, + "IsDefault": false + } + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/create-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/create-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/create-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/create-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,275 @@ +**Example 1: To create a CloudFront distribution tenant that uses a custom certificate** + +The following ``create-distribution-tenant`` example creates a CloudFront distribution tenant that specifies customizations to disable WAF, add geo-restrictions, and uses another TLS certificate. :: + + aws cloudfront create-distribution-tenant \ + --cli-input-json file://tenant.json + +Contents of ``tenant.json``:: + + { + "DistributionId": "E1XNX8R2GOAABC", + "Domains": [ + { + "Domain": "example.com" + } + ], + "Parameters": [ + { + "Name": "testParam", + "Value": "defaultValue" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "Enabled": false, + "Tags": { + "Items": [ + { + "Key": "tag", + "Value": "tagValue" + } + ] + }, + "Name": "new-tenant-customizations", + "Customizations": { + "GeoRestrictions": { + "Locations": ["DE"], + "RestrictionType": "whitelist" + }, + "WebAcl": { + "Action": "disable" + }, + "Certificate": { + "Arn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc" + } + } + } + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "DistributionTenant": { + "Id": "dt_2yN5tYwVbPKr7m2IB69M1yp1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "new-tenant-customizations", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yN5tYwVbPKr7m2IB69M1yp1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "active" + } + ], + "Tags": { + "Items": [ + { + "Key": "tag", + "Value": "tagValue" + } + ] + }, + "Customizations": { + "WebAcl": { + "Action": "disable" + }, + "Certificate": { + "Arn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc" + }, + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "DE" + ] + } + }, + "Parameters": [ + { + "Name": "testParam", + "Value": "defaultValue" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "CreatedTime": "2025-06-11T17:20:06.432000+00:00", + "LastModifiedTime": "2025-06-11T17:20:06.432000+00:00", + "Enabled": false, + "Status": "InProgress" + } + } + +**Example 2: To create a distribution tenant with an inherited certificate** + +The following ``create-distribution-tenant`` example creates a distribution tenant and specifies an inherited TLS certificate from the multi-tenant distribution. :: + + aws cloudfront create-distribution-tenant \ + --cli-input-json file://tenant.json + +Contents of ``tenant.json``:: + + { + "DistributionId": "E1HVIAU7U12ABC", + "Domains": [ + { + "Domain": "example.com" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "Enabled": true, + "Name": "new-tenant-no-cert" + } + +Output:: + + { + "ETag": "E23ZP02F0ABC", + "DistributionTenant": { + "Id": "dt_2zhRB0vBe0B72LZCVy1mgzI1AB", + "DistributionId": "E1HVIAU7U12ABC", + "Name": "new-tenant-no-cert", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhRB0vBe0B72LZCVy1mgzI1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "active" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC", + "CreatedTime": "2025-07-10T20:59:38.414000+00:00", + "LastModifiedTime": "2025-07-10T20:59:38.414000+00:00", + "Enabled": true, + "Status": "InProgress" + } + } + +**Example 3: To create a CloudFront distribution tenant using a CloudFront-hosted validation token** + +The following ``create-distribution-tenant`` example creates a distribution tenant and uses a CloudFront-hosted validation token for your domain name. :: + + aws cloudfront create-distribution-tenant \ + --cli-input-json file://tenant.json + +Contents of ``tenant.json``:: + + { + "DistributionId": "E2GJ5J9QN12ABC", + "Domains": [ + { + "Domain": "example.com" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC", + "Enabled": true, + "Name": "new-tenant-cf-hosted", + "ManagedCertificateRequest": { + "ValidationTokenHost": "cloudfront" + } + } + +**Important:** To successfully run this command, you must configure a CNAME DNS record that points your new domain (example.com) to the routing endpoint of the connection group that is associated with the distribution tenant. This CNAME record must also be propagated before CloudFront can successfully complete this request. + +Output:: + + { + "ETag": "E23ZP02F0ABC", + "DistributionTenant": { + "Id": "dt_2zhStKrA524GvvTWJX92Ozl1AB", + "DistributionId": "E2GJ5J9QN12ABC", + "Name": "new-tenant-cf-hosted", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhStKrA524GvvTWJX92Ozl1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "inactive" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "ConnectionGroupId": "cg_2zhSaGatwwXjTjE42nneZzqABC", + "CreatedTime": "2025-07-10T21:13:46.416000+00:00", + "LastModifiedTime": "2025-07-10T21:13:46.416000+00:00", + "Enabled": true, + "Status": "InProgress" + } + } + +**Example 4: To create a CloudFront distribution tenant using a self-hosted validation token** + +The following ``create-distribution-tenant`` example creates a CloudFront distribution tenant and uses a self-hosted validation token. :: + + aws cloudfront create-distribution-tenant \ + --cli-input-json file://tenant.json + +Contents of ``tenant.json``:: + + { + "DistributionId": "E2GJ5J9QN12ABC", + "Domains": [ + { + "Domain": "example.com" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "Enabled": true, + "Name": "new-tenant-self-hosted", + "ManagedCertificateRequest": { + "ValidationTokenHost": "self-hosted" + } + } + +Output:: + + { + "ETag": "E23ZP02F0ABC", + "DistributionTenant": { + "Id": "dt_2zhTFBV93OfFJJ3YMdNM5BC1AB", + "DistributionId": "E2GJ5J9QN12ABC", + "Name": "new-tenant-self-hosted", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhTFBV93OfFJJ3YMdNM5BC1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "inactive" + } + ], + "Parameters": [ + { + "Name": "tenantName", + "Value": "first-tenant" + } + ], + "ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC", + "CreatedTime": "2025-07-10T21:16:39.828000+00:00", + "LastModifiedTime": "2025-07-10T21:16:39.828000+00:00", + "Enabled": true, + "Status": "InProgress" + } + } + +**Important:** After you run this command, the distribution tenant will be created without validation. To validate the managed certificate request and configure the DNS when you're ready to start receiving traffic, see `Complete domain setup `__ in the *Amazon CloudFront Developer Guide*. + +For more information about creating distribution tenants, see `Create a distribution `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/create-distribution.rst 2.31.35-1/awscli/examples/cloudfront/create-distribution.rst --- 2.23.6-1/awscli/examples/cloudfront/create-distribution.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/create-distribution.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,235 +1,625 @@ -**Example 1: To create a CloudFront distribution** - -The following example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using command line arguments. :: - - aws cloudfront create-distribution \ - --origin-domain-name amzn-s3-demo-bucket.s3.amazonaws.com \ - --default-root-object index.html - -Output:: - - { - "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE", - "ETag": "E9LHASXEXAMPLE", - "Distribution": { - "Id": "EMLARXS9EXAMPLE", - "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", - "Status": "InProgress", - "LastModifiedTime": "2019-11-22T00:55:15.705Z", - "InProgressInvalidationBatches": 0, - "DomainName": "d111111abcdef8.cloudfront.net", - "ActiveTrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "DistributionConfig": { - "CallerReference": "cli-example", - "Aliases": { - "Quantity": 0 - }, - "DefaultRootObject": "index.html", - "Origins": { - "Quantity": 1, - "Items": [ - { - "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", - "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", - "OriginPath": "", - "CustomHeaders": { - "Quantity": 0 - }, - "S3OriginConfig": { - "OriginAccessIdentity": "" - } - } - ] - }, - "OriginGroups": { - "Quantity": 0 - }, - "DefaultCacheBehavior": { - "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, - "TrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, - "AllowedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ], - "CachedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ] - } - }, - "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, - "LambdaFunctionAssociations": { - "Quantity": 0 - }, - "FieldLevelEncryptionId": "" - }, - "CacheBehaviors": { - "Quantity": 0 - }, - "CustomErrorResponses": { - "Quantity": 0 - }, - "Comment": "", - "Logging": { - "Enabled": false, - "IncludeCookies": false, - "Bucket": "", - "Prefix": "" - }, - "PriceClass": "PriceClass_All", - "Enabled": true, - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true, - "MinimumProtocolVersion": "TLSv1", - "CertificateSource": "cloudfront" - }, - "Restrictions": { - "GeoRestriction": { - "RestrictionType": "none", - "Quantity": 0 - } - }, - "WebACLId": "", - "HttpVersion": "http2", - "IsIPV6Enabled": true - } - } - } - -**Example 2: To create a CloudFront distribution using a JSON file** - -The following example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using a JSON file. :: - - aws cloudfront create-distribution \ - --distribution-config file://dist-config.json - - -Contents of ``dist-config.json``:: - - { - "CallerReference": "cli-example", - "Aliases": { - "Quantity": 0 - }, - "DefaultRootObject": "index.html", - "Origins": { - "Quantity": 1, - "Items": [ - { - "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", - "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", - "OriginPath": "", - "CustomHeaders": { - "Quantity": 0 - }, - "S3OriginConfig": { - "OriginAccessIdentity": "" - } - } - ] - }, - "OriginGroups": { - "Quantity": 0 - }, - "DefaultCacheBehavior": { - "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, - "TrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, - "AllowedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ], - "CachedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ] - } - }, - "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, - "LambdaFunctionAssociations": { - "Quantity": 0 - }, - "FieldLevelEncryptionId": "" - }, - "CacheBehaviors": { - "Quantity": 0 - }, - "CustomErrorResponses": { - "Quantity": 0 - }, - "Comment": "", - "Logging": { - "Enabled": false, - "IncludeCookies": false, - "Bucket": "", - "Prefix": "" - }, - "PriceClass": "PriceClass_All", - "Enabled": true, - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true, - "MinimumProtocolVersion": "TLSv1", - "CertificateSource": "cloudfront" - }, - "Restrictions": { - "GeoRestriction": { - "RestrictionType": "none", - "Quantity": 0 - } - }, - "WebACLId": "", - "HttpVersion": "http2", - "IsIPV6Enabled": true - } - -See Example 1 for sample output. \ No newline at end of file +**Example 1: To create a CloudFront distribution** + +The following ``create-distribution`` example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using command line arguments. :: + + aws cloudfront create-distribution \ + --origin-domain-name amzn-s3-demo-bucket.s3.amazonaws.com \ + --default-root-object index.html + +Output:: + + { + "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE", + "ETag": "E9LHASXEXAMPLE", + "Distribution": { + "Id": "EMLARXS9EXAMPLE", + "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", + "Status": "InProgress", + "LastModifiedTime": "2019-11-22T00:55:15.705Z", + "InProgressInvalidationBatches": 0, + "DomainName": "d111111abcdef8.cloudfront.net", + "ActiveTrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "DistributionConfig": { + "CallerReference": "cli-example", + "Aliases": { + "Quantity": 0 + }, + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", + "OriginPath": "", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + } + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "ForwardedValues": { + "QueryString": false, + "Cookies": { + "Forward": "none" + }, + "Headers": { + "Quantity": 0 + }, + "QueryStringCacheKeys": { + "Quantity": 0 + } + }, + "TrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "MinTTL": 0, + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + }, + "SmoothStreaming": false, + "DefaultTTL": 86400, + "MaxTTL": 31536000, + "Compress": false, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "" + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "", + "Logging": { + "Enabled": false, + "IncludeCookies": false, + "Bucket": "", + "Prefix": "" + }, + "PriceClass": "PriceClass_All", + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true, + "MinimumProtocolVersion": "TLSv1", + "CertificateSource": "cloudfront" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "", + "HttpVersion": "http2", + "IsIPV6Enabled": true + } + } + } + +**Example 2: To create a CloudFront distribution using a JSON file** + +The following ``create-distribution`` example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using a JSON file. :: + + aws cloudfront create-distribution \ + --distribution-config file://dist-config.json + + +Contents of ``dist-config.json``:: + + { + "CallerReference": "cli-example", + "Aliases": { + "Quantity": 0 + }, + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", + "OriginPath": "", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + } + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "ForwardedValues": { + "QueryString": false, + "Cookies": { + "Forward": "none" + }, + "Headers": { + "Quantity": 0 + }, + "QueryStringCacheKeys": { + "Quantity": 0 + } + }, + "TrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "MinTTL": 0, + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + }, + "SmoothStreaming": false, + "DefaultTTL": 86400, + "MaxTTL": 31536000, + "Compress": false, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "" + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "", + "Logging": { + "Enabled": false, + "IncludeCookies": false, + "Bucket": "", + "Prefix": "" + }, + "PriceClass": "PriceClass_All", + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true, + "MinimumProtocolVersion": "TLSv1", + "CertificateSource": "cloudfront" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "", + "HttpVersion": "http2", + "IsIPV6Enabled": true + } + +See Example 1 for sample output. + +**Example 3: To create a CloudFront multi-tenant distribution with a certificate** + +The following ``create-distribution`` example creates a CloudFront distribution with multi-tenant support and a specifies a TLS certificate. :: + + aws cloudfront create-distribution \ + --distribution-config file://dist-config.json + +Contents of ``dist-config.json``:: + + { + "CallerReference": "cli-example-with-cert", + "Comment": "CLI example distribution", + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "OriginPath": "/{{tenantName}}", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + } + } + ] + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", + "ViewerProtocolPolicy": "allow-all", + "AllowedMethods": { + "Quantity": 2, + "Items": ["HEAD", "GET"], + "CachedMethods": { + "Quantity": 2, + "Items": ["HEAD", "GET"] + } + } + }, + "Enabled": true, + "ViewerCertificate": { + "ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/191306a1-db01-49ca-90ef-fc414ee5dabc", + "SSLSupportMethod": "sni-only" + }, + "HttpVersion": "http2", + "ConnectionMode": "tenant-only", + "TenantConfig": { + "ParameterDefinitions": [ + { + "Name": "tenantName", + "Definition": { + "StringSchema": { + "Comment": "tenantName parameter", + "DefaultValue": "root", + "Required": false + } + } + } + ] + } + } + +Output:: + + { + "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E1HVIAU7UABC", + "ETag": "E20LT7R1BABC", + "Distribution": { + "Id": "E1HVIAU7U12ABC", + "ARN": "arn:aws:cloudfront::123456789012:distribution/E1HVIAU7U12ABC", + "Status": "InProgress", + "LastModifiedTime": "2025-07-10T20:33:31.117000+00:00", + "InProgressInvalidationBatches": 0, + "DomainName": "example.com", + "ActiveTrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "ActiveTrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, + "DistributionConfig": { + "CallerReference": "cli-example-with-cert", + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "OriginPath": "/{{tenantName}}", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + }, + "ConnectionAttempts": 3, + "ConnectionTimeout": 10, + "OriginShield": { + "Enabled": false + }, + "OriginAccessControlId": "" + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "TrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "AllowedMethods": { + "Quantity": 2, + "Items": ["HEAD", "GET"], + "CachedMethods": { + "Quantity": 2, + "Items": ["HEAD", "GET"] + } + }, + "Compress": false, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", + "GrpcConfig": { + "Enabled": false + } + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "CLI example distribution", + "Logging": { + "Enabled": false, + "IncludeCookies": false, + "Bucket": "", + "Prefix": "" + }, + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": false, + "ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc", + "SSLSupportMethod": "sni-only", + "MinimumProtocolVersion": "TLSv1.2_2021", + "Certificate": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc", + "CertificateSource": "acm" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "", + "HttpVersion": "http2", + "TenantConfig": { + "ParameterDefinitions": [ + { + "Name": "tenantName", + "Definition": { + "StringSchema": { + "Comment": "tenantName parameter", + "DefaultValue": "root", + "Required": false + } + } + } + ] + }, + "ConnectionMode": "tenant-only" + } + } + } + +For more information, see `Working with distributions `__ in the *Amazon CloudFront Developer Guide*. + +**Example 4: To create a CloudFront multi-tenant distribution without a certificate** + +The following ``create-distribution`` example creates a CloudFront distribution with multi-tenant support but without a TLS certificate. :: + + aws cloudfront create-distribution \ + --distribution-config file://dist-config.json + +Contents of ``dist-config.json``:: + + { + "CallerReference": "cli-example", + "Comment": "CLI example distribution", + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "OriginPath": "/{{tenantName}}", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + } + } + ] + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", + "ViewerProtocolPolicy": "allow-all", + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + } + }, + "Enabled": true, + "HttpVersion": "http2", + "ConnectionMode": "tenant-only", + "TenantConfig": { + "ParameterDefinitions": [ + { + "Name": "tenantName", + "Definition": { + "StringSchema": { + "Comment": "tenantName parameter", + "DefaultValue": "root", + "Required": false + } + } + } + ] + } + } + +Output:: + + { + "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E2GJ5J9QN12ABC", + "ETag": "E37YLVVQIABC", + "Distribution": { + "Id": "E2GJ5J9QNABC", + "ARN": "arn:aws:cloudfront::123456789012:distribution/E2GJ5J9QN12ABC", + "Status": "InProgress", + "LastModifiedTime": "2025-07-10T20:35:20.565000+00:00", + "InProgressInvalidationBatches": 0, + "DomainName": "example.com", + "ActiveTrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "ActiveTrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, + "DistributionConfig": { + "CallerReference": "cli-example-no-cert", + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "OriginPath": "/{{tenantName}}", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + }, + "ConnectionAttempts": 3, + "ConnectionTimeout": 10, + "OriginShield": { + "Enabled": false + }, + "OriginAccessControlId": "" + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "TrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + }, + "Compress": false, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC", + "GrpcConfig": { + "Enabled": false + } + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "CLI example distribution", + "Logging": { + "Enabled": false, + "IncludeCookies": false, + "Bucket": "", + "Prefix": "" + }, + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true, + "SSLSupportMethod": "sni-only", + "MinimumProtocolVersion": "TLSv1", + "CertificateSource": "cloudfront" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "", + "HttpVersion": "http2", + "TenantConfig": { + "ParameterDefinitions": [ + { + "Name": "tenantName", + "Definition": { + "StringSchema": { + "Comment": "tenantName parameter", + "DefaultValue": "root", + "Required": false + } + } + } + ] + }, + "ConnectionMode": "tenant-only" + } + } + } + +For more information, see `Configure distributions `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/create-invalidation-for-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/create-invalidation-for-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/create-invalidation-for-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/create-invalidation-for-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To create a CloudFront invalidation for a distribution tenant** + +The following ``create-invalidation-for-distribution-tenant`` example creates an invalidation for all files in a CloudFront distribution tenant. :: + + aws cloudfront create-invalidation-for-distribution-tenant \ + --id dt_2wjDZi3hD1ivOXf6rpZJO1AB \ + --invalidation-batch '{"Paths": {"Quantity": 1, "Items": ["/*"]}, "CallerReference": "invalidation-$(date +%s)"}' + +Output:: + + { + "Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJO1AB/invalidation/I2JGL2F1ZAA426PGG0YLLKABC", + "Invalidation": { + "Id": "I2JGL2F1ZAA426PGG0YLLKABC", + "Status": "InProgress", + "CreateTime": "2025-05-07T16:59:25.947000+00:00", + "InvalidationBatch": { + "Paths": { + "Quantity": 1, + "Items": [ + "/*" + ] + }, + "CallerReference": "invalidation-$(date +%s)" + } + } + } + +For more information, see `Invalidate files to remove content `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/delete-connection-group.rst 2.31.35-1/awscli/examples/cloudfront/delete-connection-group.rst --- 2.23.6-1/awscli/examples/cloudfront/delete-connection-group.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/delete-connection-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To delete a connection group** + +The following ``delete-connection-group`` example deletes a connection group. The connection group must be disabled and can't be associated with any CloudFront resources. :: + + aws cloudfront delete-connection-group \ + --id cg_2wjLpjbHkLUdhWAjHllcOeABC \ + --if-match ETVPDKIKX0DABC + +When successful, this command has no output. + +For more information about managing connection groups, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/delete-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/delete-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/delete-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/delete-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To delete a distribution tenant** + +The following ``delete-distribution-tenant`` example deletes a distribution tenant with ETag ``ETVPDKIKX0DABC``. The distribution tenant must be disabled and can't be associated with any CloudFront resources. :: + + aws cloudfront delete-distribution-tenant \ + --id dt_2wjMUbg3NHZEQ7OfoalP5zi1AB \ + --if-match ETVPDKIKX0DABC + +When successful, this command has no output. + +For more information, see `Delete a distribution `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/disassociate-distribution-tenant-web-acl.rst 2.31.35-1/awscli/examples/cloudfront/disassociate-distribution-tenant-web-acl.rst --- 2.23.6-1/awscli/examples/cloudfront/disassociate-distribution-tenant-web-acl.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/disassociate-distribution-tenant-web-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,16 @@ +**To disassociate a web ACL from a distribution tenant** + +The following ``disassociate-distribution-tenant-web-acl`` example disassociates a web ACL from a distribution tenant with ETag ``E1PA6795UKMABC``. :: + + aws cloudfront disassociate-distribution-tenant-web-acl \ + --id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB \ + --if-match E1PA6795UKMABC + +Output:: + + { + "ETag": "E13V1IB3VIYABC", + "Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB" + } + +For more information, see `Disable AWS WAF security protections `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/disassociate-distribution-web-acl.rst 2.31.35-1/awscli/examples/cloudfront/disassociate-distribution-web-acl.rst --- 2.23.6-1/awscli/examples/cloudfront/disassociate-distribution-web-acl.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/disassociate-distribution-web-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,16 @@ +**To disassociate a web ACL from a CloudFront distribution** + +The following ``disassociate-distribution-web-acl`` example removes the association between a web ACL and a CloudFront distribution with ETag ``E13V1IB3VIYABC``. :: + + aws cloudfront disassociate-distribution-web-acl \ + --id E1XNX8R2GOAABC \ + --if-match EEZQ9Z24VM1ABC + +Output:: + + { + "ETag": "E2YWS1C2J3OABC", + "Id": "E1XNX8R2GOAABC" + } + +For more information, see `Disable AWS WAF security protections `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-connection-group-by-routing-endpoint.rst 2.31.35-1/awscli/examples/cloudfront/get-connection-group-by-routing-endpoint.rst --- 2.23.6-1/awscli/examples/cloudfront/get-connection-group-by-routing-endpoint.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-connection-group-by-routing-endpoint.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,26 @@ +**To get a connection group by routing endpoint** + +The following ``get-connection-group-by-routing-endpoint`` example retrieves information about a connection group using its routing endpoint. :: + + aws cloudfront get-connection-group-by-routing-endpoint \ + --routing-endpoint dvdg9gprgabc.cloudfront.net + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "ConnectionGroup": { + "Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC", + "Name": "connection-group-2", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC", + "CreatedTime": "2025-05-06T15:42:00.790000+00:00", + "LastModifiedTime": "2025-05-06T15:42:00.790000+00:00", + "Ipv6Enabled": true, + "RoutingEndpoint": "dvdg9gprgabc.cloudfront.net", + "Status": "Deployed", + "Enabled": true, + "IsDefault": false + } + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-connection-group.rst 2.31.35-1/awscli/examples/cloudfront/get-connection-group.rst --- 2.23.6-1/awscli/examples/cloudfront/get-connection-group.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-connection-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,26 @@ +**To get a CloudFront connection group** + +The following ``get-connection-group`` example retrieves information about a CloudFront connection group. :: + + aws cloudfront get-connection-group \ + --identifier cg_2wjDWTBKTlRB87cAaUQFaakABC + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "ConnectionGroup": { + "Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC", + "Name": "connection-group-2", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC", + "CreatedTime": "2025-05-06T15:42:00.790000+00:00", + "LastModifiedTime": "2025-05-06T15:42:00.790000+00:00", + "Ipv6Enabled": true, + "RoutingEndpoint": "dvdg9gprgabc.cloudfront.net", + "Status": "Deployed", + "Enabled": true, + "IsDefault": false + } + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-distribution-tenant-by-domain.rst 2.31.35-1/awscli/examples/cloudfront/get-distribution-tenant-by-domain.rst --- 2.23.6-1/awscli/examples/cloudfront/get-distribution-tenant-by-domain.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-distribution-tenant-by-domain.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,37 @@ +**To get distribution tenant information by domain** + +The following ``get-distribution-tenant-by-domain`` example retrieves information about a distribution tenant using the specified domain. :: + + aws cloudfront get-distribution-tenant-by-domain \ + --domain example.com + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "DistributionTenant": { + "Id": "dt_2xVInRKCfUzQHgxosDs9hiLk1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "example-tenant-4", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2xVInRKCfUzQHgxosDs9hiLk1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "active" + } + ], + "Parameters": [ + { + "Name": "testParam", + "Value": "defaultValue" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "CreatedTime": "2025-05-23T16:16:20.871000+00:00", + "LastModifiedTime": "2025-05-23T16:16:20.871000+00:00", + "Enabled": false, + "Status": "Deployed" + } + } + +For more information, see `Understand how multi-tenant distributions work `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/get-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/get-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,31 @@ +**To get details about a CloudFront distribution tenant** + +The following ``get-distribution-tenant`` example retrieves information about a CloudFront distribution tenant. :: + + aws cloudfront get-distribution-tenant \ + --id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB + +Output:: + + { + "ETag": "E23ZP02F085ABC", + "DistributionTenant": { + "Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "example-tenant-2", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "inactive" + } + ], + "ConnectionGroupId": "cg_2wjDWTBKTlRB87cAaUQFaakABC", + "CreatedTime": "2025-05-06T15:42:28.542000+00:00", + "LastModifiedTime": "2025-05-06T15:42:37.724000+00:00", + "Enabled": true, + "Status": "InProgress" + } + } + +For more information, see `Understand how multi-tenant distributions work `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-invalidation-for-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/get-invalidation-for-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/get-invalidation-for-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-invalidation-for-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To get an invalidation for a distribution tenant** + +The following ``get-invalidation-for-distribution-tenant`` example gets information about an invalidation for a distribution tenant. :: + + aws cloudfront get-invalidation-for-distribution-tenant \ + --distribution-tenant-id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB \ + --id I4CU23QAPKMUDUU06F9OFGFABC + +Output:: + + { + "Invalidation": { + "Id": "I4CU23QAPKMUDUU06F9OFGFABC", + "Status": "Completed", + "CreateTime": "2025-05-06T15:46:12.824000+00:00", + "InvalidationBatch": { + "Paths": { + "Quantity": 2, + "Items": [ + "/example/invalidation", + "/more/invalidations" + ] + }, + "CallerReference": "007ee5a6-d0a0-42be-bb61-e7b915969b48" + } + } + } + +For more information, see `Invalidate files to remove content `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/get-managed-certificate-details.rst 2.31.35-1/awscli/examples/cloudfront/get-managed-certificate-details.rst --- 2.23.6-1/awscli/examples/cloudfront/get-managed-certificate-details.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/get-managed-certificate-details.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,25 @@ +**To get managed certificate details** + +The following ``get-managed-certificate-details`` example retrieves the details of a CloudFront managed ACM certificate. :: + + aws cloudfront get-managed-certificate-details \ + --identifier dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB + +Output:: + + { + "ManagedCertificateDetails": { + "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/655dc1fe-6d37-451d-a013-c2db3a034abc", + "CertificateStatus": "pending-validation", + "ValidationTokenHost": "self-hosted", + "ValidationTokenDetails": [ + { + "Domain": "example.com", + "RedirectTo": "validation.us-east-1.acm-validations.aws/123456789012/.well-known/pki-validation/b315c9ae21284e7918bb9f3f422ab1c7.txt", + "RedirectFrom": "example.com/.well-known/pki-validation/b315c9ae21284e7918bb9f3f422ac3c7.txt" + } + ] + } + } + +For more information, see `Request certificates for your CloudFront distribution tenant `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-connection-groups.rst 2.31.35-1/awscli/examples/cloudfront/list-connection-groups.rst --- 2.23.6-1/awscli/examples/cloudfront/list-connection-groups.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-connection-groups.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,38 @@ +**To list connection groups** + +The following ``list-connection-groups`` example lists the available connection groups in your AWS account. :: + + aws cloudfront list-connection-groups + +Output:: + + { + "ConnectionGroups": [ + { + "Id": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "Name": "CreatedByCloudFront-cg_2whCJoXMYCjHcxaLGrkllvyABC", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2whCJoXMYCjHcxaLGrkllvyABC", + "RoutingEndpoint": "d3sx0pso7m5abc.cloudfront.net", + "CreatedTime": "2025-05-05T22:32:29.630000+00:00", + "LastModifiedTime": "2025-05-05T22:32:29.630000+00:00", + "ETag": "E23ZP02F085ABC", + "Enabled": true, + "Status": "Deployed", + "IsDefault": true + }, + { + "Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC", + "Name": "connection-group-2", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC", + "RoutingEndpoint": "dvdg9gprgabc.cloudfront.net", + "CreatedTime": "2025-05-06T15:42:00.790000+00:00", + "LastModifiedTime": "2025-05-06T15:42:00.790000+00:00", + "ETag": "E23ZP02F085ABC", + "Enabled": true, + "Status": "Deployed", + "IsDefault": false + } + ] + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-distribution-tenants-by-customization.rst 2.31.35-1/awscli/examples/cloudfront/list-distribution-tenants-by-customization.rst --- 2.23.6-1/awscli/examples/cloudfront/list-distribution-tenants-by-customization.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-distribution-tenants-by-customization.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,45 @@ +**To list distribution tenants by customization** + +The following ``list-distribution-tenants-by-customization`` example lists distribution tenants that use the specified web ACL. :: + + aws cloudfront list-distribution-tenants-by-customization \ + --web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/CreatedByCloudFront-0273cd2f/a3c19bce-42b5-48a1-a8d4-b2bb2f28eabc + +Output:: + + { + "DistributionTenantList": [ + { + "Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "example-tenant-2", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "inactive" + } + ], + "ConnectionGroupId": "cg_2wjDWTBKTlRB87cAaUQFaakABC", + "Customizations": { + "WebAcl": { + "Action": "override", + "Arn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/CreatedByCloudFront-0273cd2f/a3c19bce-42b5-48a1-a8d4-b2bb2f28eabc" + }, + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "AL" + ] + } + }, + "CreatedTime": "2025-05-06T15:42:28.542000+00:00", + "LastModifiedTime": "2025-05-06T16:14:08.710000+00:00", + "ETag": "E1F83G8C2ARABC", + "Enabled": true, + "Status": "Deployed" + } + ] + } + +For more information, see `Distribution tenant customizations `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-distribution-tenants.rst 2.31.35-1/awscli/examples/cloudfront/list-distribution-tenants.rst --- 2.23.6-1/awscli/examples/cloudfront/list-distribution-tenants.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-distribution-tenants.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,90 @@ +**To list CloudFront distribution tenants** + +The following ``list-distribution-tenants`` example lists 3 CloudFront distribution tenants in your AWS account by the associated connection group. :: + + aws cloudfront list-distribution-tenants \ + --association-filter ConnectionGroupId=cg_2whCJoXMYCjHcxaLGrkllvyABC \ + --max-items 3 + +Output:: + + { + "DistributionTenantList": [ + { + "Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "new-tenant-customizations", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMvQgam3QkJo2z54FDl91dk1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "active" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "Customizations": { + "WebAcl": { + "Action": "disable" + }, + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "DE" + ] + } + }, + "CreatedTime": "2025-06-11T15:54:02.142000+00:00", + "LastModifiedTime": "2025-06-11T15:54:02.142000+00:00", + "ETag": "E23ZP02F085ABC", + "Enabled": false, + "Status": "Deployed" + }, + { + "Id": "dt_2yMuV7NJuBcAB0cwwxMCBZQ1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "new-tenant", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMuV7NJuBcAB0cwwxMCBZQ1AB", + "Domains": [ + { + "Domain": "1.example.com", + "Status": "active" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "Customizations": { + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "DE" + ] + } + }, + "CreatedTime": "2025-06-11T15:46:23.466000+00:00", + "LastModifiedTime": "2025-06-11T15:46:23.466000+00:00", + "ETag": "E23ZP02F085ABC", + "Enabled": false, + "Status": "Deployed" + }, + { + "Id": "dt_2xVInRKCfUzQHgxosDs9hiLk1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "new-tenant-2", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2xVInRKCfUzQHgxosDs9hiLk1AB", + "Domains": [ + { + "Domain": "2.example.com", + "Status": "active" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "CreatedTime": "2025-05-23T16:16:20.871000+00:00", + "LastModifiedTime": "2025-05-23T16:16:20.871000+00:00", + "ETag": "E23ZP02F085ABC", + "Enabled": false, + "Status": "Deployed" + } + ], + "NextToken": "eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAzfQ==" + } + +For more information, see `Understand how multi-tenant distributions work `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-distributions-by-connection-mode.rst 2.31.35-1/awscli/examples/cloudfront/list-distributions-by-connection-mode.rst --- 2.23.6-1/awscli/examples/cloudfront/list-distributions-by-connection-mode.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-distributions-by-connection-mode.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,115 @@ +**To list CloudFront distributions by connection mode** + +The following ``list-distributions-by-connection-mode`` example lists CloudFront distributions with the specified connection mode. :: + + aws cloudfront list-distributions-by-connection-mode \ + --connection-mode tenant-only + +Output:: + + { + "DistributionList": { + "Items": [ + { + "Id": "E1XNX8R2GOAABC", + "ARN": "arn:aws:cloudfront::123456789012:distribution/E1XNX8R2GOAABC", + "ETag": "EPT4JPJQDY1ABC", + "Status": "Deployed", + "LastModifiedTime": "2025-05-23T16:16:15.691000+00:00", + "DomainName": "-", + "Aliases": { + "Quantity": 0 + }, + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "example-cfn-simple-distribution123", + "DomainName": "example.com", + "OriginPath": "", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + }, + "ConnectionAttempts": 3, + "ConnectionTimeout": 10, + "OriginShield": { + "Enabled": false + }, + "OriginAccessControlId": "E2CJRMB5LKEABC" + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "example-cfn-simple-distribution123", + "TrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + }, + "Compress": true, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5abc", + "GrpcConfig": { + "Enabled": false + } + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "", + "PriceClass": "PriceClass_All", + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": false, + "ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc", + "SSLSupportMethod": "sni-only", + "MinimumProtocolVersion": "TLSv1.2_2021", + "Certificate": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc", + "CertificateSource": "acm" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cabc", + "HttpVersion": "http2", + "IsIPV6Enabled": false, + "Staging": false, + "ConnectionMode": "tenant-only" + } + ] + } + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-domain-conflicts.rst 2.31.35-1/awscli/examples/cloudfront/list-domain-conflicts.rst --- 2.23.6-1/awscli/examples/cloudfront/list-domain-conflicts.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-domain-conflicts.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +**To list domain conflicts for a CloudFront distribution** + +The following ``list-domain-conflicts`` example lists domain conflicts for a CloudFront distribution. :: + + aws cloudfront list-domain-conflicts \ + --domain example.com \ + --domain-control-validation-resource "DistributionTenantId=dt_2x9GhoK0TZRsohWzv1b9It8J1AB" + +Output:: + + { + "DomainConflicts": [ + { + "Domain": "example.com", + "ResourceType": "distribution-tenant", + "ResourceId": "***************ohWzv1b9It8J1AB", + "AccountId": "123456789012" + } + ] + } + +For more information, see `Move an alternate domain name to a different distribution `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/list-invalidations-for-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/list-invalidations-for-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/list-invalidations-for-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/list-invalidations-for-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +**To list invalidations for a CloudFront distribution tenant** + +The following ``list-invalidations-for-distribution-tenant`` example lists the invalidations for a CloudFront distribution tenant. :: + + aws cloudfront list-invalidations-for-distribution-tenant \ + --id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB + +Output:: + + { + "InvalidationList": { + "Items": [ + { + "Id": "I4CU23QAPKMUDUU06F9OFGFABC", + "CreateTime": "2025-05-06T15:46:12.824000+00:00", + "Status": "Completed" + } + ] + } + } + +For more information, see `Invalidate files to remove content `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/update-connection-group.rst 2.31.35-1/awscli/examples/cloudfront/update-connection-group.rst --- 2.23.6-1/awscli/examples/cloudfront/update-connection-group.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/update-connection-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To update a CloudFront connection group** + +The following ``update-connection-group`` example disables a CloudFront connection group and disables IPv6. :: + + aws cloudfront update-connection-group \ + --id cg_2yHsDkcPKeUlVkk3aEgLKcjABC \ + --no-ipv6-enabled \ + --no-enabled \ + --if-match E3UN6WX5RRO2ABC + +Output:: + + { + "ETag": "E1F83G8C2ARABC", + "ConnectionGroup": { + "Id": "cg_2yHsDkcPKeUlVkk3aEgLKcjABC", + "Name": "cg-example", + "Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2yHsDkcPKeUlVkk3aEgLKcjABC", + "CreatedTime": "2025-06-09T20:58:35.481000+00:00", + "LastModifiedTime": "2025-06-11T16:25:54.280000+00:00", + "Ipv6Enabled": false, + "RoutingEndpoint": "du9xp1elo1abc.cloudfront.net", + "Status": "InProgress", + "Enabled": false, + "IsDefault": false + } + } + +For more information, see `Create custom connection group (optional) `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/update-distribution-tenant.rst 2.31.35-1/awscli/examples/cloudfront/update-distribution-tenant.rst --- 2.23.6-1/awscli/examples/cloudfront/update-distribution-tenant.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/update-distribution-tenant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,76 @@ +**To update a CloudFront distribution tenant** + +The following ``update-distribution-tenant`` example updates a CloudFront distribution tenant with a new parameter value and adds a country to the geo-restrictions. :: + + aws cloudfront update-distribution-tenant \ + --cli-input-json file://update-tenant.json + +Contents of ``update-tenant.json``:: + + { + "Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB", + "IfMatch": "E1F83G8C2ARABC", + "Parameters": [ + { + "Name": "testParam", + "Value": "newParameterValue" + } + ], + "Customizations": { + "WebAcl": { + "Action": "disable" + }, + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "DE", + "GB", + "ES" + ] + } + } + } + +Output:: + + { + "ETag": "E1PA6795UKMABC", + "DistributionTenant": { + "Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB", + "DistributionId": "E1XNX8R2GOAABC", + "Name": "new-tenant-customizations", + "Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMvQgam3QkJo2z54FDl91dk1AB", + "Domains": [ + { + "Domain": "example.com", + "Status": "active" + } + ], + "Customizations": { + "WebAcl": { + "Action": "disable" + }, + "GeoRestrictions": { + "RestrictionType": "whitelist", + "Locations": [ + "DE", + "ES", + "GB" + ] + } + }, + "Parameters": [ + { + "Name": "testParam", + "Value": "newParameterValue" + } + ], + "ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC", + "CreatedTime": "2025-06-11T15:54:02.142000+00:00", + "LastModifiedTime": "2025-06-11T16:42:45.531000+00:00", + "Enabled": false, + "Status": "InProgress" + } + } + +For more information, see `Distribution tenant customizations `__ in the *Amazon CloudFront Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cloudfront/update-domain-association.rst 2.31.35-1/awscli/examples/cloudfront/update-domain-association.rst --- 2.23.6-1/awscli/examples/cloudfront/update-domain-association.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/update-domain-association.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To update a domain association** + +The following ``update-domain-association`` example updates a domain association for a distribution tenant with ETag ``E23ZP02F085ABC``. :: + + aws cloudfront update-domain-association \ + --domain example.com \ + --target-resource DistributionTenantId=dt_2x9GhoK0TZRsohWzv1b9It8J1AB \ + --if-match E23ZP02F085ABC + +Output:: + + { + "ETag": "ETVPDKIKX0ABC", + "Domain": "example.com", + "ResourceId": "dt_2x9GhoK0TZRsohWzv1b9It8J1AB" + } + +For more information, see `Move an alternate domain name to a different distribution `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cloudfront/verify-dns-configuration.rst 2.31.35-1/awscli/examples/cloudfront/verify-dns-configuration.rst --- 2.23.6-1/awscli/examples/cloudfront/verify-dns-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cloudfront/verify-dns-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,20 @@ +**To verify DNS configuration for a domain** + +The following ``verify-dns-configuration`` example verifies the DNS configuration for a domain. :: + + aws cloudfront verify-dns-configuration \ + --domain example.com \ + --identifier dt_2x9GhoK0TZRsohWzv1b9It8J1AB + +Output:: + + { + "DnsConfigurationList": [ + { + "Domain": "example.com", + "Status": "valid-configuration" + } + ] + } + +For more information, see `Move an alternate domain name to a different distribution `__ in the *Amazon CloudFront Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/codecommit/get-merge-commit.rst 2.31.35-1/awscli/examples/codecommit/get-merge-commit.rst --- 2.23.6-1/awscli/examples/codecommit/get-merge-commit.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/codecommit/get-merge-commit.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,11 +1,10 @@ **To get detailed information about a merge commit** -The following ``get-merge-commit`` example displays details about a merge commit for the source branch named ``bugfix-bug1234`` with a destination branch named ``main`` using the THREE_WAY_MERGE strategy in a repository named ``MyDemoRepo``. :: +The following ``get-merge-commit`` example displays details about a merge commit for the source branch named ``bugfix-bug1234`` with a destination branch named ``main`` in a repository named ``MyDemoRepo``. :: aws codecommit get-merge-commit \ --source-commit-specifier bugfix-bug1234 \ --destination-commit-specifier main \ - --merge-option THREE_WAY_MERGE \ --repository-name MyDemoRepo Output:: diff -pruN 2.23.6-1/awscli/examples/codepipeline/list-action-executions.rst 2.31.35-1/awscli/examples/codepipeline/list-action-executions.rst --- 2.23.6-1/awscli/examples/codepipeline/list-action-executions.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/codepipeline/list-action-executions.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,115 +1,115 @@ -**To list action executions** - -The following ``list-action-executions`` example views action execution details for a pipeline, such as action execution ID, input artifacts, output artifacts, execution result, and status. :: - - aws codepipeline list-action-executions \ - --pipeline-name myPipeline - -Output:: - - { - "actionExecutionDetails": [ - { - "pipelineExecutionId": "EXAMPLE0-adfc-488e-bf4c-1111111720d3", - "actionExecutionId": "EXAMPLE4-2ee8-4853-bd6a-111111158148", - "pipelineVersion": 12, - "stageName": "Deploy", - "actionName": "Deploy", - "startTime": 1598572628.6, - "lastUpdateTime": 1598572661.255, - "status": "Succeeded", - "input": { - "actionTypeId": { - "category": "Deploy", - "owner": "AWS", - "provider": "CodeDeploy", - "version": "1" - }, - "configuration": { - "ApplicationName": "my-application", - "DeploymentGroupName": "my-deployment-group" - }, - "resolvedConfiguration": { - "ApplicationName": "my-application", - "DeploymentGroupName": "my-deployment-group" - }, - "region": "us-east-1", - "inputArtifacts": [ - { - "name": "SourceArtifact", - "s3location": { - "bucket": "artifact-bucket", - "key": "myPipeline/SourceArti/key" - } - } - ], - "namespace": "DeployVariables" - }, - "output": { - "outputArtifacts": [], - "executionResult": { - "externalExecutionId": "d-EXAMPLEE5", - "externalExecutionSummary": "Deployment Succeeded", - "externalExecutionUrl": "https://myaddress.com" - }, - "outputVariables": {} - } - }, - { - "pipelineExecutionId": "EXAMPLE0-adfc-488e-bf4c-1111111720d3", - "actionExecutionId": "EXAMPLE5-abb4-4192-9031-11111113a7b0", - "pipelineVersion": 12, - "stageName": "Source", - "actionName": "Source", - "startTime": 1598572624.387, - "lastUpdateTime": 1598572628.16, - "status": "Succeeded", - "input": { - "actionTypeId": { - "category": "Source", - "owner": "AWS", - "provider": "CodeCommit", - "version": "1" - }, - "configuration": { - "BranchName": "production", - "PollForSourceChanges": "false", - "RepositoryName": "my-repo" - }, - "resolvedConfiguration": { - "BranchName": "production", - "PollForSourceChanges": "false", - "RepositoryName": "my-repo" - }, - "region": "us-east-1", - "inputArtifacts": [], - "namespace": "SourceVariables" - }, - "output": { - "outputArtifacts": [ - { - "name": "SourceArtifact", - "s3location": { - "bucket": "my-bucket", - "key": "myPipeline/SourceArti/key" - } - } - ], - "executionResult": { - "externalExecutionId": "1111111ad99dcd35914c00b7fbea13995EXAMPLE", - "externalExecutionSummary": "Edited template.yml", - "externalExecutionUrl": "https://myaddress.com" - }, - "outputVariables": { - "AuthorDate": "2020-05-08T17:45:43Z", - "BranchName": "production", - "CommitId": "EXAMPLEad99dcd35914c00b7fbea139951111111", - "CommitMessage": "Edited template.yml", - "CommitterDate": "2020-05-08T17:45:43Z", - "RepositoryName": "my-repo" - } - } - }, - . . . . - +**To list action executions** + +The following ``list-action-executions`` example views action execution details for a pipeline, such as action execution ID, input artifacts, output artifacts, execution result, and status. :: + + aws codepipeline list-action-executions \ + --pipeline-name myPipeline + +Output:: + + { + "actionExecutionDetails": [ + { + "pipelineExecutionId": "EXAMPLE0-adfc-488e-bf4c-1111111720d3", + "actionExecutionId": "EXAMPLE4-2ee8-4853-bd6a-111111158148", + "pipelineVersion": 12, + "stageName": "Deploy", + "actionName": "Deploy", + "startTime": 1598572628.6, + "lastUpdateTime": 1598572661.255, + "status": "Succeeded", + "input": { + "actionTypeId": { + "category": "Deploy", + "owner": "AWS", + "provider": "CodeDeploy", + "version": "1" + }, + "configuration": { + "ApplicationName": "my-application", + "DeploymentGroupName": "my-deployment-group" + }, + "resolvedConfiguration": { + "ApplicationName": "my-application", + "DeploymentGroupName": "my-deployment-group" + }, + "region": "us-east-1", + "inputArtifacts": [ + { + "name": "SourceArtifact", + "s3location": { + "bucket": "artifact-bucket", + "key": "myPipeline/SourceArti/key" + } + } + ], + "namespace": "DeployVariables" + }, + "output": { + "outputArtifacts": [], + "executionResult": { + "externalExecutionId": "d-EXAMPLEE5", + "externalExecutionSummary": "Deployment Succeeded", + "externalExecutionUrl": "https://myaddress.com" + }, + "outputVariables": {} + } + }, + { + "pipelineExecutionId": "EXAMPLE0-adfc-488e-bf4c-1111111720d3", + "actionExecutionId": "EXAMPLE5-abb4-4192-9031-11111113a7b0", + "pipelineVersion": 12, + "stageName": "Source", + "actionName": "Source", + "startTime": 1598572624.387, + "lastUpdateTime": 1598572628.16, + "status": "Succeeded", + "input": { + "actionTypeId": { + "category": "Source", + "owner": "AWS", + "provider": "CodeCommit", + "version": "1" + }, + "configuration": { + "BranchName": "production", + "PollForSourceChanges": "false", + "RepositoryName": "my-repo" + }, + "resolvedConfiguration": { + "BranchName": "production", + "PollForSourceChanges": "false", + "RepositoryName": "my-repo" + }, + "region": "us-east-1", + "inputArtifacts": [], + "namespace": "SourceVariables" + }, + "output": { + "outputArtifacts": [ + { + "name": "SourceArtifact", + "s3location": { + "bucket": "amzn-s3-demo-bucket", + "key": "myPipeline/SourceArti/key" + } + } + ], + "executionResult": { + "externalExecutionId": "1111111ad99dcd35914c00b7fbea13995EXAMPLE", + "externalExecutionSummary": "Edited template.yml", + "externalExecutionUrl": "https://myaddress.com" + }, + "outputVariables": { + "AuthorDate": "2020-05-08T17:45:43Z", + "BranchName": "production", + "CommitId": "EXAMPLEad99dcd35914c00b7fbea139951111111", + "CommitMessage": "Edited template.yml", + "CommitterDate": "2020-05-08T17:45:43Z", + "RepositoryName": "my-repo" + } + } + }, + . . . . + For more information, see `View action executions (CLI) `__ in the *AWS CodePipeline User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-identity-provider-by-identifier.rst 2.31.35-1/awscli/examples/cognito-idp/get-identity-provider-by-identifier.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-identity-provider-by-identifier.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-identity-provider-by-identifier.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**To get the configuration of an identity provider from the IdP identifier** + +The following ``get-identity-provider-by-identifier`` example returns the configuration of the identity provider with the identifier ``mysso``. :: + + aws cognito-idp get-identity-provider-by-identifier \ + --user-pool-id us-west-2_EXAMPLE \ + --idp-identifier mysso + +Output:: + + { + "IdentityProvider": { + "UserPoolId": "us-west-2_EXAMPLE", + "ProviderName": "MYSAML", + "ProviderType": "SAML", + "ProviderDetails": { + "ActiveEncryptionCertificate": "[Certificate contents]", + "IDPSignout": "false", + "MetadataURL": "https://auth.example.com/saml/metadata/", + "SLORedirectBindingURI": "https://auth.example.com/saml/logout/", + "SSORedirectBindingURI": "https://auth.example.com/saml/assertion/" + }, + "AttributeMapping": { + "email": "email" + }, + "IdpIdentifiers": [ + "mysso", + "mysamlsso" + ], + "LastModifiedDate": 1705616729.188, + "CreationDate": 1643734622.919 + } + } + +For more information, see `Third-party IdP sign-in `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-log-delivery-configuration.rst 2.31.35-1/awscli/examples/cognito-idp/get-log-delivery-configuration.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-log-delivery-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-log-delivery-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**To display the log delivery configuration** + +The following ``get-log-delivery-configuration`` example displays the log export settings of the requested user pool. :: + + aws cognito-idp get-log-delivery-configuration \ + --user-pool-id us-west-2_EXAMPLE + +Output:: + + { + "LogDeliveryConfiguration": { + "UserPoolId": "us-west-2_EXAMPLE", + "LogConfigurations": [ + { + "LogLevel": "INFO", + "EventSource": "userAuthEvents", + "FirehoseConfiguration": { + "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/my-test-deliverystream" + } + }, + { + "LogLevel": "ERROR", + "EventSource": "userNotification", + "CloudWatchLogsConfiguration": { + "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:my-message-delivery-logs" + } + } + ] + } + } + +For more information, see `Exporting user pool logs `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-signing-certificate.rst 2.31.35-1/awscli/examples/cognito-idp/get-signing-certificate.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-signing-certificate.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-signing-certificate.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,13 +1,14 @@ -**To get a signing certificate** - -This example gets a signing certificate for a user pool. - -Command:: - - aws cognito-idp get-signing-certificate --user-pool-id us-west-2_aaaaaaaaa - -Output:: - - { - "Certificate": "CERTIFICATE_DATA" - } \ No newline at end of file +**To display the SAML signing certificate** + +The following ``get-signing-certificate`` example displays the SAML 2.0 signing certificate for the request user pool. :: + + aws cognito-idp get-signing-certificate \ + --user-pool-id us-west-2_EXAMPLE + +Output:: + + { + "Certificate": "[Certificate content]" + } + +For more information, see `SAML signing and encryption `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-ui-customization.rst 2.31.35-1/awscli/examples/cognito-idp/get-ui-customization.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-ui-customization.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-ui-customization.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,19 +1,22 @@ -**To get UI customization information** - -This example gets UI customization information for a user pool. - -Command:: - - aws cognito-idp get-ui-customization --user-pool-id us-west-2_aaaaaaaaa - -Output:: - - { - "UICustomization": { - "UserPoolId": "us-west-2_aaaaaaaaa", - "ClientId": "ALL", - "ImageUrl": "https://aaaaaaaaaaaaa.cloudfront.net/us-west-2_aaaaaaaaa/ALL/20190128231240/assets/images/image.jpg", - "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", - "CSSVersion": "20190128231240" - } - } \ No newline at end of file +**To display the classic hosted UI customization settings for an app client** + +The following ``get-ui-customization`` example displays the classic hosted UI customization settings for an app client that doesn't inherit settings from the user pool. :: + + aws cognito-idp get-ui-customization \ + --user-pool-id us-west-2_EXAMPLE \ + --client-id 1example23456789 + + +Output:: + + { + "UICustomization": { + "UserPoolId": "us-west-2_EXAMPLE", + "ClientId": "1example23456789", + "ImageUrl": "https://example.cloudfront.net/us-west-2_EXAMPLE/1example23456789/20250115191928/assets/images/image.jpg", + "CSS": "\n.logo-customizable {\n max-width: 80%;\n max-height: 30%;\n}\n\n.banner-customizable {\n padding: 25px 0px 25px 0px;\n background-color: lightgray;\n}\n\n.label-customizable {\n font-weight: 400;\n}\n\n.textDescription-customizable {\n padding-top: 100px;\n padding-bottom: 10px;\n display: block;\n font-size: 12px;\n}\n\n.idpDescription-customizable {\n padding-top: 10px;\n padding-bottom: 10px;\n display: block;\n font-size: 16px;\n}\n\n.legalText-customizable {\n color: #747474;\n font-size: 11px;\n}\n\n.submitButton-customizable {\n font-size: 14px;\n font-weight: bold;\n margin: 20px 0px 10px 0px;\n height: 50px;\n width: 100%;\n color: #fff;\n background-color: #337ab7;\n}\n\n.submitButton-customizable:hover {\n color: #fff;\n background-color: #286090;\n}\n\n.errorMessage-customizable {\n padding: 5px;\n font-size: 12px;\n width: 100%;\n background: #F5F5F5;\n border: 2px solid #D64958;\n color: #D64958;\n}\n\n.inputField-customizable {\n width: 100%;\n height: 34px;\n color: #555;\n background-color: #fff;\n border: 1px solid #ccc;\n}\n\n.inputField-customizable:focus {\n border-color: #66afe9;\n outline: 0;\n}\n\n.idpButton-customizable {\n height: 40px;\n width: 100%;\n width: 100%;\n text-align: center;\n margin-bottom: 15px;\n color: #fff;\n background-color: #5bc0de;\n border-color: #46b8da;\n}\n\n.idpButton-customizable:hover {\n color: #fff;\n background-color: #31b0d5;\n}\n\n.socialButton-customizable {\n border-radius: 2px;\n height: 60px;\n margin-bottom: 15px;\n padding: 1px;\n text-align: left;\n width: 100%;\n}\n\n.redirect-customizable {\n text-align: center;\n}\n\n.passwordCheck-notValid-customizable {\n color: #DF3312;\n}\n\n.passwordCheck-valid-customizable {\n color: #19BF00;\n}\n\n.background-customizable {\n background-color: #fff;\n}\n", + "CSSVersion": "20250115191928" + } + } + +For more information, see `Hosted UI (classic) branding `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-user-attribute-verification-code.rst 2.31.35-1/awscli/examples/cognito-idp/get-user-attribute-verification-code.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-user-attribute-verification-code.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-user-attribute-verification-code.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +**To send an attribute verification code to the current user** + +The following ``get-user-attribute-verification-code`` example sends an attribute verification code to the currently signed-in user's email address. :: + + aws cognito-idp get-user-attribute-verification-code \ + --access-token eyJra456defEXAMPLE \ + --attribute-name email + +Output:: + + { + "CodeDeliveryDetails": { + "Destination": "a***@e***", + "DeliveryMedium": "EMAIL", + "AttributeName": "email" + } + } + +For more information, see `Signing up and confirming user accounts `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-user-auth-factors.rst 2.31.35-1/awscli/examples/cognito-idp/get-user-auth-factors.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-user-auth-factors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-user-auth-factors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,20 @@ +**To list the authentication factors available to the current user** + +The following ``get-user-auth-factors`` example lists the available authentication factors for the currently signed-in user. :: + + aws cognito-idp get-user-auth-factors \ + --access-token eyJra456defEXAMPLE + +Output:: + + { + "Username": "testuser", + "ConfiguredUserAuthFactors": [ + "PASSWORD", + "EMAIL_OTP", + "SMS_OTP", + "WEB_AUTHN" + ] + } + +For more information, see `Authentication `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-user-pool-mfa-config.rst 2.31.35-1/awscli/examples/cognito-idp/get-user-pool-mfa-config.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-user-pool-mfa-config.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-user-pool-mfa-config.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,33 @@ +**To display the multi-factor authentication and WebAuthn settings of a user pool** + +The following ``get-user-pool-mfa-config`` example displays the MFA and WebAuthn configuration of the requested user pool. :: + + aws cognito-idp get-user-pool-mfa-config \ + --user-pool-id us-west-2_EXAMPLE + +Output:: + + { + "SmsMfaConfiguration": { + "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", + "SmsConfiguration": { + "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/my-SMS-Role", + "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "SnsRegion": "us-west-2" + } + }, + "SoftwareTokenMfaConfiguration": { + "Enabled": true + }, + "EmailMfaConfiguration": { + "Message": "Your OTP for MFA or sign-in: use {####}", + "Subject": "OTP test" + }, + "MfaConfiguration": "OPTIONAL", + "WebAuthnConfiguration": { + "RelyingPartyId": "auth.example.com", + "UserVerification": "preferred" + } + } + +For more information, see `Adding MFA `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/get-user.rst 2.31.35-1/awscli/examples/cognito-idp/get-user.rst --- 2.23.6-1/awscli/examples/cognito-idp/get-user.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/get-user.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,56 @@ +**To get the details of the current user** + +The following ``get-user`` example displays the profile of the currently signed-in user. :: + + aws cognito-idp get-user \ + --access-token eyJra456defEXAMPLE + +Output:: + + { + "Username": "johndoe", + "UserAttributes": [ + { + "Name": "sub", + "Value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + }, + { + "Name": "identities", + "Value": "[{\"userId\":\"a1b2c3d4-5678-90ab-cdef-EXAMPLE22222\",\"providerName\":\"SignInWithApple\",\"providerType\":\"SignInWithApple\",\"issuer\":null,\"primary\":false,\"dateCreated\":1701125599632}]" + }, + { + "Name": "email_verified", + "Value": "true" + }, + { + "Name": "custom:state", + "Value": "Maine" + }, + { + "Name": "name", + "Value": "John Doe" + }, + { + "Name": "phone_number_verified", + "Value": "true" + }, + { + "Name": "phone_number", + "Value": "+12065551212" + }, + { + "Name": "preferred_username", + "Value": "jamesdoe" + }, + { + "Name": "locale", + "Value": "EMEA" + }, + { + "Name": "email", + "Value": "jamesdoe@example.com" + } + ] + } + +For more information, see `Managing users `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/global-sign-out.rst 2.31.35-1/awscli/examples/cognito-idp/global-sign-out.rst --- 2.23.6-1/awscli/examples/cognito-idp/global-sign-out.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/global-sign-out.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To sign out the current user** + +The following ``global-sign-out`` example signs out the current user. :: + + aws cognito-idp global-sign-out \ + --access-token eyJra456defEXAMPLE + +This command produces no output. + +For more information, see `Managing users `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/initiate-auth.rst 2.31.35-1/awscli/examples/cognito-idp/initiate-auth.rst --- 2.23.6-1/awscli/examples/cognito-idp/initiate-auth.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/initiate-auth.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To sign in a user** + +The following ``initiate-auth`` example signs in a user with the basic username-password flow and no additional challenges. :: + + aws cognito-idp initiate-auth \ + --auth-flow USER_PASSWORD_AUTH \ + --client-id 1example23456789 \ + --analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \ + --auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue + +Output:: + + { + "AuthenticationResult": { + "AccessToken": "eyJra456defEXAMPLE", + "ExpiresIn": 3600, + "TokenType": "Bearer", + "RefreshToken": "eyJra123abcEXAMPLE", + "IdToken": "eyJra789ghiEXAMPLE", + "NewDeviceMetadata": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceGroupKey": "-v7w9UcY6" + } + } + } + +For more information, see `Authentication `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-devices.rst 2.31.35-1/awscli/examples/cognito-idp/list-devices.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-devices.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-devices.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,18 +1,15 @@ -**To list devices for a user** +**To list a user's devices** -The following ``list-devices`` example lists devices for the currently sign-in user. :: +The following ``list-devices`` example lists the devices that the current user has registered. :: - aws cognito-idp admin-list-devices \ - --user-pool-id us-west-2_EXAMPLE \ - --access-token eyJra456defEXAMPLE \ - --limit 1 + aws cognito-idp list-devices \ + --access-token eyJra456defEXAMPLE Output:: { "Devices": [ { - "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", @@ -20,34 +17,35 @@ Output:: }, { "Name": "device_name", - "Value": "MyDevice" - }, - { - "Name": "dev:device_arn", - "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" - }, - { - "Name": "dev:device_owner", - "Value": "diego.us-west-2_EXAMPLE" + "Value": "Dart-device" }, { "Name": "last_ip_used", "Value": "192.0.2.1" - }, + } + ], + "DeviceCreateDate": 1715100742.022, + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceLastAuthenticatedDate": 1715100742.0, + "DeviceLastModifiedDate": 1723233651.167 + }, + { + "DeviceAttributes": [ { - "Name": "dev:device_remembered_status", - "Value": "remembered" + "Name": "device_status", + "Value": "valid" }, { - "Name": "dev:device_sdk", - "Value": "aws-sdk" + "Name": "last_ip_used", + "Value": "192.0.2.2" } ], - "DeviceCreateDate": 1715100742.022, - "DeviceLastModifiedDate": 1723233651.167, - "DeviceLastAuthenticatedDate": 1715100742.0 + "DeviceCreateDate": 1726856147.993, + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", + "DeviceLastAuthenticatedDate": 1726856147.0, + "DeviceLastModifiedDate": 1726856147.993 } ] } -For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. +For more information, see `Working with devices `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-groups.rst 2.31.35-1/awscli/examples/cognito-idp/list-groups.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-groups.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-groups.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**To list the groups in a user pool** + +The following ``list-groups`` example lists the first two groups in the requested user pool. :: + + aws cognito-idp list-groups \ + --user-pool-id us-west-2_EXAMPLE \ + --max-items 2 + +Output:: + + { + "Groups": [ + { + "CreationDate": 1681760899.633, + "Description": "My test group", + "GroupName": "testgroup", + "LastModifiedDate": 1681760899.633, + "Precedence": 1, + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "CreationDate": 1642632749.051, + "Description": "Autogenerated group for users who sign in using Facebook", + "GroupName": "us-west-2_EXAMPLE_Facebook", + "LastModifiedDate": 1642632749.051, + "UserPoolId": "us-west-2_EXAMPLE" + } + ], + "NextToken": "[Pagination token]" + } + +For more information, see `Adding groups to a user pool `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-identity-providers.rst 2.31.35-1/awscli/examples/cognito-idp/list-identity-providers.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-identity-providers.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-identity-providers.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To list identity providers** + +The following ``list-identity-providers`` example lists the first two identity providers in the requested user pool. :: + + aws cognito-idp list-identity-providers \ + --user-pool-id us-west-2_EXAMPLE \ + --max-items 2 + +Output:: + + { + "Providers": [ + { + "CreationDate": 1619477386.504, + "LastModifiedDate": 1703798328.142, + "ProviderName": "Azure", + "ProviderType": "SAML" + }, + { + "CreationDate": 1642698776.175, + "LastModifiedDate": 1642699086.453, + "ProviderName": "LoginWithAmazon", + "ProviderType": "LoginWithAmazon" + } + ], + "NextToken": "[Pagination token]" + } + +For more information, see `Third-party IdP sign-in `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-resource-servers.rst 2.31.35-1/awscli/examples/cognito-idp/list-resource-servers.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-resource-servers.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-resource-servers.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,43 @@ +**To list resource servers** + +The following ``list-resource-servers`` example lists the first two resource servers in the requested user pool. :: + + aws cognito-idp list-resource-servers \ + --user-pool-id us-west-2_EXAMPLE \ + --max-results 2 + +Output:: + + { + "ResourceServers": [ + { + "Identifier": "myapi.example.com", + "Name": "Example API with custom access control scopes", + "Scopes": [ + { + "ScopeDescription": "International customers", + "ScopeName": "international.read" + }, + { + "ScopeDescription": "Domestic customers", + "ScopeName": "domestic.read" + } + ], + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "Identifier": "myapi2.example.com", + "Name": "Another example API for access control", + "Scopes": [ + { + "ScopeDescription": "B2B customers", + "ScopeName": "b2b.read" + } + ], + "UserPoolId": "us-west-2_EXAMPLE" + } + ], + "NextToken": "[Pagination token]" + } + +For more information, see `Access control with resource servers `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-tags-for-resource.rst 2.31.35-1/awscli/examples/cognito-idp/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-tags-for-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To list user pool tags** + +The following ``list-tags-for-resource`` example lists the tags assigned to the user pool with the requested ARN. :: + + aws cognito-idp list-tags-for-resource \ + --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE + +Output:: + + { + "Tags": { + "administrator": "Jie", + "tenant": "ExampleCorp" + } + } + +For more information, see `Tagging Amazon Cognito resources `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-user-import-jobs.rst 2.31.35-1/awscli/examples/cognito-idp/list-user-import-jobs.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-user-import-jobs.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-user-import-jobs.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,57 +1,61 @@ -**To list user import jobs** - -This example lists user import jobs. - -For more information about importing users, see `Importing Users into User Pools From a CSV File`_. - -Command:: - - aws cognito-idp list-user-import-jobs --user-pool-id us-west-2_aaaaaaaaa --max-results 20 - -Output:: - - { - "UserImportJobs": [ - { - "JobName": "Test2", - "JobId": "import-d0OnwGA3mV", - "UserPoolId": "us-west-2_aaaaaaaaa", - "PreSignedUrl": "PRE_SIGNED_URL", - "CreationDate": 1548272793.069, - "Status": "Created", - "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", - "ImportedUsers": 0, - "SkippedUsers": 0, - "FailedUsers": 0 - }, - { - "JobName": "Test1", - "JobId": "import-qQ0DCt2fRh", - "UserPoolId": "us-west-2_aaaaaaaaa", - "PreSignedUrl": "PRE_SIGNED_URL", - "CreationDate": 1548271795.471, - "Status": "Created", - "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", - "ImportedUsers": 0, - "SkippedUsers": 0, - "FailedUsers": 0 - }, - { - "JobName": "import-Test1", - "JobId": "import-TZqNQvDRnW", - "UserPoolId": "us-west-2_aaaaaaaaa", - "PreSignedUrl": "PRE_SIGNED_URL", - "CreationDate": 1548271708.512, - "StartDate": 1548277247.962, - "CompletionDate": 1548277248.912, - "Status": "Failed", - "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", - "ImportedUsers": 0, - "SkippedUsers": 0, - "FailedUsers": 1, - "CompletionMessage": "Too many users have failed or been skipped during the import." - } - ] - } - -.. _`Importing Users into User Pools From a CSV File`: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html \ No newline at end of file +**To list user import jobs and statuses** + +The following ``list-user-import-jobs`` example lists first three user import jobs and their details in the requested user pool. :: + + aws cognito-idp list-user-import-jobs \ + --user-pool-id us-west-2_EXAMPLE \ + --max-results 3 + +Output:: + + { + "PaginationToken": "us-west-2_EXAMPLE#import-example3#1667948397084", + "UserImportJobs": [ + { + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", + "CompletionDate": 1735329786.142, + "CompletionMessage": "The user import job has expired.", + "CreationDate": 1735241621.022, + "FailedUsers": 0, + "ImportedUsers": 0, + "JobId": "import-example1", + "JobName": "Test-import-job-1", + "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", + "SkippedUsers": 0, + "Status": "Expired", + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", + "CompletionDate": 1681509058.408, + "CompletionMessage": "Too many users have failed or been skipped during the import.", + "CreationDate": 1681509001.477, + "FailedUsers": 1, + "ImportedUsers": 0, + "JobId": "import-example2", + "JobName": "Test-import-job-2", + "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", + "SkippedUsers": 0, + "StartDate": 1681509057.965, + "Status": "Failed", + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", + "CompletionDate": 1.667864578676E9, + "CompletionMessage": "Import Job Completed Successfully.", + "CreationDate": 1.667864480281E9, + "FailedUsers": 0, + "ImportedUsers": 6, + "JobId": "import-example3", + "JobName": "Test-import-job-3", + "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", + "SkippedUsers": 0, + "StartDate": 1.667864578167E9, + "Status": "Succeeded", + "UserPoolId": "us-west-2_EXAMPLE" + } + ] + } + +For more information, see `Importing users from a CSV file `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-user-pool-clients.rst 2.31.35-1/awscli/examples/cognito-idp/list-user-pool-clients.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-user-pool-clients.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-user-pool-clients.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**To list app clients** + +The following ``list-user-pool-clients`` example lists the first three app clients in the requested user pool. :: + + aws cognito-idp list-user-pool-clients \ + --user-pool-id us-west-2_EXAMPLE \ + --max-results 3 + +Output:: + + { + "NextToken": "[Pagination token]", + "UserPoolClients": [ + { + "ClientId": "1example23456789", + "ClientName": "app-client-1", + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "ClientId": "2example34567890", + "ClientName": "app-client-2", + "UserPoolId": "us-west-2_EXAMPLE" + }, + { + "ClientId": "3example45678901", + "ClientName": "app-client-3", + "UserPoolId": "us-west-2_EXAMPLE" + } + ] + } + +For more information, see `App clients `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-user-pools.rst 2.31.35-1/awscli/examples/cognito-idp/list-user-pools.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-user-pools.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-user-pools.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,22 +1,48 @@ -**To list user pools** - -This example lists up to 20 user pools. - -Command:: - - aws cognito-idp list-user-pools --max-results 20 - -Output:: - - { - "UserPools": [ - { - "CreationDate": 1547763720.822, - "LastModifiedDate": 1547763720.822, - "LambdaConfig": {}, - "Id": "us-west-2_aaaaaaaaa", - "Name": "MyUserPool" - } - ] - } - +**To list user pools** + +The following ``list-user-pools`` example lists 3 of the available user pools in the AWS account of the current CLI credentials. :: + + aws cognito-idp list-user-pools \ + --max-results 3 + +Output:: + + { + "NextToken": "[Pagination token]", + "UserPools": [ + { + "CreationDate": 1681502497.741, + "Id": "us-west-2_EXAMPLE1", + "LambdaConfig": { + "CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", + "PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", + "PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", + "PreTokenGenerationConfig": { + "LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", + "LambdaVersion": "V1_0" + } + }, + "LastModifiedDate": 1681502497.741, + "Name": "user pool 1" + }, + { + "CreationDate": 1686064178.717, + "Id": "us-west-2_EXAMPLE2", + "LambdaConfig": { + }, + "LastModifiedDate": 1686064178.873, + "Name": "user pool 2" + }, + { + "CreationDate": 1627681712.237, + "Id": "us-west-2_EXAMPLE3", + "LambdaConfig": { + "UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction" + }, + "LastModifiedDate": 1678486942.479, + "Name": "user pool 3" + } + ] + } + +For more information, see `Amazon Cognito user pools `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-users.rst 2.31.35-1/awscli/examples/cognito-idp/list-users.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-users.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-users.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,35 +1,98 @@ -**To list users** - -This example lists up to 20 users. - -Command:: - - aws cognito-idp list-users --user-pool-id us-west-2_aaaaaaaaa --limit 20 - -Output:: - - { - "Users": [ - { - "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", - "Enabled": true, - "UserStatus": "FORCE_CHANGE_PASSWORD", - "UserCreateDate": 1548089817.683, - "UserLastModifiedDate": 1548089817.683, - "Attributes": [ - { - "Name": "sub", - "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" - }, - { - "Name": "email_verified", - "Value": "true" - }, - { - "Name": "email", - "Value": "mary@example.com" - } - ] - } - ] - } +**Example 1: To list users with a server-side filter** + +The following ``list-users`` example lists 3 users in the requested user pool whose email addresses begin with ``testuser``. :: + + aws cognito-idp list-users \ + --user-pool-id us-west-2_EXAMPLE \ + --filter email^=\"testuser\" \ + --max-items 3 + +Output:: + + { + "PaginationToken": "efgh5678EXAMPLE", + "Users": [ + { + "Attributes": [ + { + "Name": "sub", + "Value": "eaad0219-2117-439f-8d46-4db20e59268f" + }, + { + "Name": "email", + "Value": "testuser@example.com" + } + ], + "Enabled": true, + "UserCreateDate": 1682955829.578, + "UserLastModifiedDate": 1689030181.63, + "UserStatus": "CONFIRMED", + "Username": "testuser" + }, + { + "Attributes": [ + { + "Name": "sub", + "Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90" + }, + { + "Name": "email", + "Value": "testuser2@example.com" + } + ], + "Enabled": true, + "UserCreateDate": 1684427979.201, + "UserLastModifiedDate": 1684427979.201, + "UserStatus": "UNCONFIRMED", + "Username": "testuser2" + }, + { + "Attributes": [ + { + "Name": "sub", + "Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7" + }, + { + "Name": "email", + "Value": "testuser3@example.com" + } + ], + "Enabled": true, + "UserCreateDate": 1684427823.641, + "UserLastModifiedDate": 1684427823.641, + "UserStatus": "UNCONFIRMED", + "Username": "testuser3@example.com" + } + ] + } + +For more information, see `Managing and searching for users `__ in the *Amazon Cognito Developer Guide*. + +**Example 2: To list users with a client-side filter** + +The following ``list-users`` example lists the attributes of three users who have an attribute, in this case their email address, that contains the email domain "@example.com". If other attributes contained this string, they would also be displayed. The second user has no attributes that match the query and is excluded from the displayed output, but not from the server response. :: + + aws cognito-idp list-users \ + --user-pool-id us-west-2_EXAMPLE \ + --max-items 3 + --query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\] + +Output:: + + [ + [ + { + "Name": "email", + "Value": "admin@example.com" + } + ], + [], + [ + { + "Name": "email", + "Value": "operator@example.com" + } + ] + ] + +For more information, see `Managing and searching for users `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/list-web-authn-credentials.rst 2.31.35-1/awscli/examples/cognito-idp/list-web-authn-credentials.rst --- 2.23.6-1/awscli/examples/cognito-idp/list-web-authn-credentials.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/list-web-authn-credentials.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +**To list passkey credentials** + +The following ``list-web-authn-credentials`` example lists passkey, or WebAuthn, credentials for the current user. They have one registered device. :: + + aws cognito-idp list-web-authn-credentials \ + --access-token eyJra456defEXAMPLE + +Output:: + + { + "Credentials": [ + { + "AuthenticatorAttachment": "cross-platform", + "CreatedAt": 1736293876.115, + "CredentialId": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", + "FriendlyCredentialName": "Roaming passkey", + "RelyingPartyId": "auth.example.com" + } + ] + } + +For more information, see `Passkey sign-in `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/respond-to-auth-challenge.rst 2.31.35-1/awscli/examples/cognito-idp/respond-to-auth-challenge.rst --- 2.23.6-1/awscli/examples/cognito-idp/respond-to-auth-challenge.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/respond-to-auth-challenge.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,27 +1,78 @@ -**To respond to an authorization challenge** - -This example responds to an authorization challenge initiated with `initiate-auth`_. It is a response to the NEW_PASSWORD_REQUIRED challenge. -It sets a password for user jane@example.com. - -Command:: - - aws cognito-idp respond-to-auth-challenge --client-id 3n4b5urk1ft4fl3mg5e62d9ado --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD="password" --session "SESSION_TOKEN" - -Output:: - - { - "ChallengeParameters": {}, - "AuthenticationResult": { - "AccessToken": "ACCESS_TOKEN", - "ExpiresIn": 3600, - "TokenType": "Bearer", - "RefreshToken": "REFRESH_TOKEN", - "IdToken": "ID_TOKEN", - "NewDeviceMetadata": { - "DeviceKey": "us-west-2_fec070d2-fa88-424a-8ec8-b26d7198eb23", - "DeviceGroupKey": "-wt2ha1Zd" - } - } - } - -.. _`initiate-auth`: https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/initiate-auth.html \ No newline at end of file +**Example 1: To respond to a NEW_PASSWORD_REQUIRED challenge** + +The following ``respond-to-auth-challenge`` example responds to a NEW_PASSWORD_REQUIRED challenge that `initiate-auth`_ returned. It sets a password for the user ``jane@example.com``. :: + + aws cognito-idp respond-to-auth-challenge \ + --client-id 1example23456789 \ + --challenge-name NEW_PASSWORD_REQUIRED \ + --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \ + --session AYABeEv5HklEXAMPLE + +Output:: + + { + "ChallengeParameters": {}, + "AuthenticationResult": { + "AccessToken": "ACCESS_TOKEN", + "ExpiresIn": 3600, + "TokenType": "Bearer", + "RefreshToken": "REFRESH_TOKEN", + "IdToken": "ID_TOKEN", + "NewDeviceMetadata": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceGroupKey": "-wt2ha1Zd" + } + } + } + +For more information, see `Authentication `__ in the *Amazon Cognito Developer Guide*. + +**Example 2: To respond to a SELECT_MFA_TYPE challenge** + +The following ``respond-to-auth-challenge`` example chooses TOTP MFA as the MFA option for the current user. The user was prompted to select an MFA type and will next be prompted to enter their MFA code. :: + + aws cognito-idp respond-to-auth-challenge \ + --client-id 1example23456789 + --session AYABeEv5HklEXAMPLE + --challenge-name SELECT_MFA_TYPE + --challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA + +Output:: + + { + "ChallengeName": "SOFTWARE_TOKEN_MFA", + "Session": "AYABeEv5HklEXAMPLE", + "ChallengeParameters": { + "FRIENDLY_DEVICE_NAME": "transparent" + } + } + +For more information, see `Adding MFA `__ in the *Amazon Cognito Developer Guide*. + +**Example 3: To respond to a SOFTWARE_TOKEN_MFA challenge** + +The following ``respond-to-auth-challenge`` example provides a TOTP MFA code and completes sign-in. :: + + aws cognito-idp respond-to-auth-challenge \ + --client-id 1example23456789 \ + --session AYABeEv5HklEXAMPLE \ + --challenge-name SOFTWARE_TOKEN_MFA \ + --challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456 + +Output:: + + { + "AuthenticationResult": { + "AccessToken": "eyJra456defEXAMPLE", + "ExpiresIn": 3600, + "TokenType": "Bearer", + "RefreshToken": "eyJra123abcEXAMPLE", + "IdToken": "eyJra789ghiEXAMPLE", + "NewDeviceMetadata": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceGroupKey": "-v7w9UcY6" + } + } + } + +For more information, see `Adding MFA `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/revoke-token.rst 2.31.35-1/awscli/examples/cognito-idp/revoke-token.rst --- 2.23.6-1/awscli/examples/cognito-idp/revoke-token.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/revoke-token.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To revoke a refresh token** + +The following ``revoke-token`` revokes the requested refresh token and associated access tokens. :: + + aws cognito-idp revoke-token \ + --token eyJjd123abcEXAMPLE \ + --client-id 1example23456789 + +This command produces no output. + +For more information, see `Revoking tokens `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/set-log-delivery-configuration.rst 2.31.35-1/awscli/examples/cognito-idp/set-log-delivery-configuration.rst --- 2.23.6-1/awscli/examples/cognito-idp/set-log-delivery-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/set-log-delivery-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,33 @@ +**To set up log export from a user pool** + +The following ``set-log-delivery-configuration`` example configures the requested user pool with user-notification error logging to a log group and user-authentication info logging to an S3 bucket. :: + + aws cognito-idp set-log-delivery-configuration \ + --user-pool-id us-west-2_EXAMPLE \ + --log-configurations LogLevel=ERROR,EventSource=userNotification,CloudWatchLogsConfiguration={LogGroupArn=arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported} LogLevel=INFO,EventSource=userAuthEvents,S3Configuration={BucketArn=arn:aws:s3:::amzn-s3-demo-bucket1} + +Output:: + + { + "LogDeliveryConfiguration": { + "LogConfigurations": [ + { + "CloudWatchLogsConfiguration": { + "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported" + }, + "EventSource": "userNotification", + "LogLevel": "ERROR" + }, + { + "EventSource": "userAuthEvents", + "LogLevel": "INFO", + "S3Configuration": { + "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1" + } + } + ], + "UserPoolId": "us-west-2_EXAMPLE" + } + } + +For more information, see `Exporting user pool logs `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/set-risk-configuration.rst 2.31.35-1/awscli/examples/cognito-idp/set-risk-configuration.rst --- 2.23.6-1/awscli/examples/cognito-idp/set-risk-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/set-risk-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,23 +1,136 @@ -**To set risk configuration** - -This example sets the risk configuration for a user pool. It sets the sign-up event action to NO_ACTION. - -Command:: - - aws cognito-idp set-risk-configuration --user-pool-id us-west-2_aaaaaaaaa --compromised-credentials-risk-configuration EventFilter=SIGN_UP,Actions={EventAction=NO_ACTION} - -Output:: - - { - "RiskConfiguration": { - "UserPoolId": "us-west-2_aaaaaaaaa", - "CompromisedCredentialsRiskConfiguration": { - "EventFilter": [ - "SIGN_UP" - ], - "Actions": { - "EventAction": "NO_ACTION" - } - } - } - } \ No newline at end of file +**To set the threat protection risk configuration** + +The following ``set-risk-configuration`` example configures threat protection messages and actions, compromised credentials, and IP address exceptions in the requested app client. Because of the complexity of the NotifyConfiguration object, JSON input is a best practice for this command. :: + + aws cognito-idp set-risk-configuration \ + --cli-input-json file://set-risk-configuration.json + +Contents of ``set-risk-configuration.json``:: + + { + "AccountTakeoverRiskConfiguration": { + "Actions": { + "HighAction": { + "EventAction": "MFA_REQUIRED", + "Notify": true + }, + "LowAction": { + "EventAction": "NO_ACTION", + "Notify": true + }, + "MediumAction": { + "EventAction": "MFA_IF_CONFIGURED", + "Notify": true + } + }, + "NotifyConfiguration": { + "BlockEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We blocked an unrecognized sign-in to your account with this information:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "Blocked sign-in attempt", + "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "From": "admin@example.com", + "MfaEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We required you to use multi-factor authentication for the following sign-in attempt:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "New sign-in attempt", + "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "NoActionEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We observed an unrecognized sign-in to your account with this information:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "New sign-in attempt", + "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "ReplyTo": "admin@example.com", + "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" + } + }, + "ClientId": "1example23456789", + "CompromisedCredentialsRiskConfiguration": { + "Actions": { + "EventAction": "BLOCK" + }, + "EventFilter": [ + "PASSWORD_CHANGE", + "SIGN_UP", + "SIGN_IN" + ] + }, + "RiskExceptionConfiguration": { + "BlockedIPRangeList": [ + "192.0.2.1/32", + "192.0.2.2/32" + ], + "SkippedIPRangeList": [ + "203.0.113.1/32", + "203.0.113.2/32" + ] + }, + "UserPoolId": "us-west-2_EXAMPLE" + } + +Output:: + + { + "RiskConfiguration": { + "AccountTakeoverRiskConfiguration": { + "Actions": { + "HighAction": { + "EventAction": "MFA_REQUIRED", + "Notify": true + }, + "LowAction": { + "EventAction": "NO_ACTION", + "Notify": true + }, + "MediumAction": { + "EventAction": "MFA_IF_CONFIGURED", + "Notify": true + } + }, + "NotifyConfiguration": { + "BlockEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We blocked an unrecognized sign-in to your account with this information:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "Blocked sign-in attempt", + "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "From": "admin@example.com", + "MfaEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We required you to use multi-factor authentication for the following sign-in attempt:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "New sign-in attempt", + "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "NoActionEmail": { + "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
    We observed an unrecognized sign-in to your account with this information:\n
      \n
    • Time: {login-time}
      • \n
    • Device: {device-name}
      • \n
    • Location: {city}, {country}
      • \n
    \nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
    \n\n", + "Subject": "New sign-in attempt", + "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" + }, + "ReplyTo": "admin@example.com", + "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" + } + }, + "ClientId": "1example23456789", + "CompromisedCredentialsRiskConfiguration": { + "Actions": { + "EventAction": "BLOCK" + }, + "EventFilter": [ + "PASSWORD_CHANGE", + "SIGN_UP", + "SIGN_IN" + ] + }, + "RiskExceptionConfiguration": { + "BlockedIPRangeList": [ + "192.0.2.1/32", + "192.0.2.2/32" + ], + "SkippedIPRangeList": [ + "203.0.113.1/32", + "203.0.113.2/32" + ] + }, + "UserPoolId": "us-west-2_EXAMPLE" + } + } + +For more information, see `Threat protection `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/set-ui-customization.rst 2.31.35-1/awscli/examples/cognito-idp/set-ui-customization.rst --- 2.23.6-1/awscli/examples/cognito-idp/set-ui-customization.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/set-ui-customization.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,18 +1,45 @@ -**To set UI customization** - -This example customizes the CSS setting for a user pool. - -Command:: - - aws cognito-idp set-ui-customization --user-pool-id us-west-2_aaaaaaaaa --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n" - -Output:: - - { - "UICustomization": { - "UserPoolId": "us-west-2_aaaaaaaaa", - "ClientId": "ALL", - "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", - "CSSVersion": "20190129172214" - } - } \ No newline at end of file +**Example 1: To customize the classic hosted UI for an app client** + +The following ``set-ui-customization`` example configures the requested app client with some custom CSS and with the Amazon Cognito logo as the application logo. :: + + aws cognito-idp set-ui-customization \ + --user-pool-id us-west-2_ywDJHlIfU \ + --client-id 14pq32c5q2uq2q7keorloqvb23 \ + --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ + --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC + +Output:: + + { + "UICustomization": { + "UserPoolId": "us-west-2_ywDJHlIfU", + "ClientId": "14pq32c5q2uq2q7keorloqvb23", + "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", + "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", + "CSSVersion": "20250117005911" + } + } + +**Example 2: To set the default UI customization for all app clients** + +The following ``set-ui-customization`` example configures the requested user pool for all app clients that don't have a client-specific configuration. The command applies some custom CSS and with the Amazon Cognito logo as the application logo. :: + + aws cognito-idp set-ui-customization \ + --user-pool-id us-west-2_ywDJHlIfU \ + --client-id ALL \ + --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ + --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC + +Output:: + + { + "UICustomization": { + "UserPoolId": "us-west-2_ywDJHlIfU", + "ClientId": "14pq32c5q2uq2q7keorloqvb23", + "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", + "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", + "CSSVersion": "20250117005911" + } + } + +For more information, see `Hosted UI (classic) branding `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/set-user-mfa-preference.rst 2.31.35-1/awscli/examples/cognito-idp/set-user-mfa-preference.rst --- 2.23.6-1/awscli/examples/cognito-idp/set-user-mfa-preference.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/set-user-mfa-preference.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,12 +1,13 @@ -**To set user MFA settings** +**To set a user's MFA preference** -The following ``set-user-mfa-preference`` example modifies the MFA delivery options. It changes the MFA delivery medium to SMS. :: +The following ``set-user-mfa-preference`` example configures the current user to use TOTP MFA and disables all other MFA factors. :: aws cognito-idp set-user-mfa-preference \ - --access-token "eyJra12345EXAMPLE" \ + --access-token eyJra456defEXAMPLE \ --software-token-mfa-settings Enabled=true,PreferredMfa=true \ - --sms-mfa-settings Enabled=false,PreferredMfa=false + --sms-mfa-settings Enabled=false,PreferredMfa=false \ + --email-mfa-settings Enabled=false,PreferredMfa=false This command produces no output. -For more information, see `Adding MFA to a user pool `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file +For more information, see `Adding MFA `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/set-user-pool-mfa-config.rst 2.31.35-1/awscli/examples/cognito-idp/set-user-pool-mfa-config.rst --- 2.23.6-1/awscli/examples/cognito-idp/set-user-pool-mfa-config.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/set-user-pool-mfa-config.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,38 @@ +**To configure user pool MFA and WebAuthn** + +The following ``set-user-pool-mfa-config`` example configures the requested user pool with optional MFA with all available MFA methods, and sets the WebAuthn configuration. :: + + aws cognito-idp set-user-pool-mfa-config \ + --user-pool-id us-west-2_EXAMPLE \ + --sms-mfa-configuration "SmsAuthenticationMessage=\"Your OTP for MFA or sign-in: use {####}.\",SmsConfiguration={SnsCallerArn=arn:aws:iam::123456789012:role/service-role/test-SMS-Role,ExternalId=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111,SnsRegion=us-west-2}" \ + --software-token-mfa-configuration Enabled=true \ + --email-mfa-configuration "Message=\"Your OTP for MFA or sign-in: use {####}\",Subject=\"OTP test\"" \ + --mfa-configuration OPTIONAL \ + --web-authn-configuration RelyingPartyId=auth.example.com,UserVerification=preferred + +Output:: + + { + "EmailMfaConfiguration": { + "Message": "Your OTP for MFA or sign-in: use {####}", + "Subject": "OTP test" + }, + "MfaConfiguration": "OPTIONAL", + "SmsMfaConfiguration": { + "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", + "SmsConfiguration": { + "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/test-SMS-Role", + "SnsRegion": "us-west-2" + } + }, + "SoftwareTokenMfaConfiguration": { + "Enabled": true + }, + "WebAuthnConfiguration": { + "RelyingPartyId": "auth.example.com", + "UserVerification": "preferred" + } + } + +For more information, see `Adding MFA `__ and `Passkey sign-in `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/start-user-import-job.rst 2.31.35-1/awscli/examples/cognito-idp/start-user-import-job.rst --- 2.23.6-1/awscli/examples/cognito-idp/start-user-import-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/start-user-import-job.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,29 +1,27 @@ -**To start a user import job** - -This example starts a user input job. - -For more information about importing users, see `Importing Users into User Pools From a CSV File`_. - -Command:: - - aws cognito-idp start-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW - -Output:: - - { - "UserImportJob": { - "JobName": "import-Test10", - "JobId": "import-lmpxSOuIzH", - "UserPoolId": "us-west-2_aaaaaaaaa", - "PreSignedUrl": "PRE_SIGNED_URL", - "CreationDate": 1548278378.928, - "StartDate": 1548278397.334, - "Status": "Pending", - "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", - "ImportedUsers": 0, - "SkippedUsers": 0, - "FailedUsers": 0 - } - } - -.. _`Importing Users into User Pools From a CSV File`: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html \ No newline at end of file +**To start an import job** + +The following ``start-user-import-job`` example starts the requested import job in the requested user pool. :: + + aws cognito-idp start-user-import-job \ + --user-pool-id us-west-2_EXAMPLE \ + --job-id import-mAgUtd8PMm + +Output:: + + { + "UserImportJob": { + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", + "CreationDate": 1736442975.904, + "FailedUsers": 0, + "ImportedUsers": 0, + "JobId": "import-mAgUtd8PMm", + "JobName": "Customer import", + "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", + "SkippedUsers": 0, + "StartDate": 1736443020.081, + "Status": "Pending", + "UserPoolId": "us-west-2_EXAMPLE" + } + } + +For more information, see `Importing users into a user pool `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/start-web-authn-registration.rst 2.31.35-1/awscli/examples/cognito-idp/start-web-authn-registration.rst --- 2.23.6-1/awscli/examples/cognito-idp/start-web-authn-registration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/start-web-authn-registration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +**To get passkey registration information for a signed-in user** + +The following ``start-web-authn-registration`` example generates WebAuthn registration options for the current user. :: + + aws cognito-idp start-web-authn-registration \ + --access-token eyJra456defEXAMPLE + +Output:: + + { + "CredentialCreationOptions": { + "authenticatorSelection": { + "requireResidentKey": true, + "residentKey": "required", + "userVerification": "preferred" + }, + "challenge": "wxvbDicyqQqvF2EXAMPLE", + "excludeCredentials": [ + { + "id": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", + "type": "public-key" + } + ], + "pubKeyCredParams": [ + { + "alg": -7, + "type": "public-key" + }, + { + "alg": -257, + "type": "public-key" + } + ], + "rp": { + "id": "auth.example.com", + "name": "auth.example.com" + }, + "timeout": 60000, + "user": { + "displayName": "testuser", + "id": "ZWFhZDAyMTktMjExNy00MzlmLThkNDYtNGRiMjBlNEXAMPLE", + "name": "testuser" + } + } + } + +For more information, see `Passkey sign-in `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/stop-user-import-job.rst 2.31.35-1/awscli/examples/cognito-idp/stop-user-import-job.rst --- 2.23.6-1/awscli/examples/cognito-idp/stop-user-import-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/stop-user-import-job.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,29 @@ -**To stop a user import job** - -This example stops a user input job. - -For more information about importing users, see `Importing Users into User Pools From a CSV File`_. - -Command:: - - aws cognito-idp stop-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW - -Output:: - - { - "UserImportJob": { - "JobName": "import-Test5", - "JobId": "import-Fx0kARISFL", - "UserPoolId": "us-west-2_aaaaaaaaa", - "PreSignedUrl": "PRE_SIGNED_URL", - "CreationDate": 1548278576.259, - "StartDate": 1548278623.366, - "CompletionDate": 1548278626.741, - "Status": "Stopped", - "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", - "ImportedUsers": 0, - "SkippedUsers": 0, - "FailedUsers": 0, - "CompletionMessage": "The Import Job was stopped by the developer." - } - } - -.. _`Importing Users into User Pools From a CSV File`: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html \ No newline at end of file +**To stop an import job** + +The following ``stop-user-import-job`` example stops the requested running user import job in the requested user pool. :: + + aws cognito-idp stop-user-import-job \ + --user-pool-id us-west-2_EXAMPLE \ + --job-id import-mAgUtd8PMm + +Output:: + + { + "UserImportJob": { + "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", + "CompletionDate": 1736443496.379, + "CompletionMessage": "The Import Job was stopped by the developer.", + "CreationDate": 1736443471.781, + "FailedUsers": 0, + "ImportedUsers": 0, + "JobId": "import-mAgUtd8PMm", + "JobName": "Customer import", + "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", + "SkippedUsers": 0, + "StartDate": 1736443494.154, + "Status": "Stopped", + "UserPoolId": "us-west-2_EXAMPLE" + } + } + +For more information, see `Importing users into a user pool `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/tag-resource.rst 2.31.35-1/awscli/examples/cognito-idp/tag-resource.rst --- 2.23.6-1/awscli/examples/cognito-idp/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/tag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To tag a user pool** + +The following ``tag-resource`` example applies ``administrator`` and ``department`` tags to the requested user pool. :: + + aws cognito-idp tag-resource \ + --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE \ + --tags administrator=Jie,tenant=ExampleCorp + +This command produces no output. + +For more information, see `Tagging Amazon Cognito resources `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/untag-resource.rst 2.31.35-1/awscli/examples/cognito-idp/untag-resource.rst --- 2.23.6-1/awscli/examples/cognito-idp/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/untag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To remove tags from a user pool** + +The following ``untag-resource`` example removes ``administrator`` and ``department`` tags from the requested user pool. :: + + aws cognito-idp untag-resource \ + --resource-arn arn:aws:cognito-idp:us-west-2:767671399759:userpool/us-west-2_l5cxwdm2K \ + --tag-keys administrator tenant + +This command produces no output. + +For more information, see `Tagging Amazon Cognito resources `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/update-identity-provider.rst 2.31.35-1/awscli/examples/cognito-idp/update-identity-provider.rst --- 2.23.6-1/awscli/examples/cognito-idp/update-identity-provider.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/update-identity-provider.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,71 @@ +**To update a user pool identity provider** + +The following ``update-identity-provider`` example updates the OIDC provider "MyOIDCIdP" in the requested user pool. :: + + aws cognito-idp update-identity-provider \ + --cli-input-json file://update-identity-provider.json + +Contents of ``update-identity-provider.json``:: + + { + "AttributeMapping": { + "email": "idp_email", + "email_verified": "idp_email_verified", + "username": "sub" + }, + "CreationDate": 1.701129701653E9, + "IdpIdentifiers": [ + "corp", + "dev" + ], + "LastModifiedDate": 1.701129701653E9, + "ProviderDetails": { + "attributes_request_method": "GET", + "attributes_url": "https://example.com/userInfo", + "attributes_url_add_attributes": "false", + "authorize_scopes": "openid profile", + "authorize_url": "https://example.com/authorize", + "client_id": "idpexampleclient123", + "client_secret": "idpexamplesecret456", + "jwks_uri": "https://example.com/.well-known/jwks.json", + "oidc_issuer": "https://example.com", + "token_url": "https://example.com/token" + }, + "ProviderName": "MyOIDCIdP", + "UserPoolId": "us-west-2_EXAMPLE" + } + +Output:: + + { + "IdentityProvider": { + "AttributeMapping": { + "email": "idp_email", + "email_verified": "idp_email_verified", + "username": "sub" + }, + "CreationDate": 1701129701.653, + "IdpIdentifiers": [ + "corp", + "dev" + ], + "LastModifiedDate": 1736444278.211, + "ProviderDetails": { + "attributes_request_method": "GET", + "attributes_url": "https://example.com/userInfo", + "attributes_url_add_attributes": "false", + "authorize_scopes": "openid profile", + "authorize_url": "https://example.com/authorize", + "client_id": "idpexampleclient123", + "client_secret": "idpexamplesecret456", + "jwks_uri": "https://example.com/.well-known/jwks.json", + "oidc_issuer": "https://example.com", + "token_url": "https://example.com/token" + }, + "ProviderName": "MyOIDCIdP", + "ProviderType": "OIDC", + "UserPoolId": "us-west-2_EXAMPLE" + } + } + +For more information, see `Configuring a domain `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/update-managed-login-branding.rst 2.31.35-1/awscli/examples/cognito-idp/update-managed-login-branding.rst --- 2.23.6-1/awscli/examples/cognito-idp/update-managed-login-branding.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/update-managed-login-branding.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,949 @@ +**To update a managed login branding style** + +The following ``update-managed-login-branding`` example updates the requested app client branding style. :: + + aws cognito-idp update-managed-login-branding \ + --cli-input-json file://update-managed-login-branding.json + +Contents of ``update-managed-login-branding.json``:: + + { + "Assets": [ + { + "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", + "Category": "PAGE_FOOTER_BACKGROUND", + "ColorMode": "DARK", + "Extension": "SVG" + } + ], + "ManagedLoginBrandingId": "63f30090-6b1f-4278-b885-2bbb81f8e545", + "Settings": { + "categories": { + "auth": { + "authMethodOrder": [ + [ + { + "display": "BUTTON", + "type": "FEDERATED" + }, + { + "display": "INPUT", + "type": "USERNAME_PASSWORD" + } + ] + ], + "federation": { + "interfaceStyle": "BUTTON_LIST", + "order": [ + ] + } + }, + "form": { + "displayGraphics": true, + "instructions": { + "enabled": false + }, + "languageSelector": { + "enabled": false + }, + "location": { + "horizontal": "CENTER", + "vertical": "CENTER" + }, + "sessionTimerDisplay": "NONE" + }, + "global": { + "colorSchemeMode": "LIGHT", + "pageFooter": { + "enabled": false + }, + "pageHeader": { + "enabled": false + }, + "spacingDensity": "REGULAR" + }, + "signUp": { + "acceptanceElements": [ + { + "enforcement": "NONE", + "textKey": "en" + } + ] + } + }, + "componentClasses": { + "buttons": { + "borderRadius": 8.0 + }, + "divider": { + "darkMode": { + "borderColor": "232b37ff" + }, + "lightMode": { + "borderColor": "ebebf0ff" + } + }, + "dropDown": { + "borderRadius": 8.0, + "darkMode": { + "defaults": { + "itemBackgroundColor": "192534ff" + }, + "hover": { + "itemBackgroundColor": "081120ff", + "itemBorderColor": "5f6b7aff", + "itemTextColor": "e9ebedff" + }, + "match": { + "itemBackgroundColor": "d1d5dbff", + "itemTextColor": "89bdeeff" + } + }, + "lightMode": { + "defaults": { + "itemBackgroundColor": "ffffffff" + }, + "hover": { + "itemBackgroundColor": "f4f4f4ff", + "itemBorderColor": "7d8998ff", + "itemTextColor": "000716ff" + }, + "match": { + "itemBackgroundColor": "414d5cff", + "itemTextColor": "0972d3ff" + } + } + }, + "focusState": { + "darkMode": { + "borderColor": "539fe5ff" + }, + "lightMode": { + "borderColor": "0972d3ff" + } + }, + "idpButtons": { + "icons": { + "enabled": true + } + }, + "input": { + "borderRadius": 8.0, + "darkMode": { + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "5f6b7aff" + }, + "placeholderColor": "8d99a8ff" + }, + "lightMode": { + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "7d8998ff" + }, + "placeholderColor": "5f6b7aff" + } + }, + "inputDescription": { + "darkMode": { + "textColor": "8d99a8ff" + }, + "lightMode": { + "textColor": "5f6b7aff" + } + }, + "inputLabel": { + "darkMode": { + "textColor": "d1d5dbff" + }, + "lightMode": { + "textColor": "000716ff" + } + }, + "link": { + "darkMode": { + "defaults": { + "textColor": "539fe5ff" + }, + "hover": { + "textColor": "89bdeeff" + } + }, + "lightMode": { + "defaults": { + "textColor": "0972d3ff" + }, + "hover": { + "textColor": "033160ff" + } + } + }, + "optionControls": { + "darkMode": { + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "7d8998ff" + }, + "selected": { + "backgroundColor": "539fe5ff", + "foregroundColor": "000716ff" + } + }, + "lightMode": { + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "7d8998ff" + }, + "selected": { + "backgroundColor": "0972d3ff", + "foregroundColor": "ffffffff" + } + } + }, + "statusIndicator": { + "darkMode": { + "error": { + "backgroundColor": "1a0000ff", + "borderColor": "eb6f6fff", + "indicatorColor": "eb6f6fff" + }, + "pending": { + "indicatorColor": "AAAAAAAA" + }, + "success": { + "backgroundColor": "001a02ff", + "borderColor": "29ad32ff", + "indicatorColor": "29ad32ff" + }, + "warning": { + "backgroundColor": "1d1906ff", + "borderColor": "e0ca57ff", + "indicatorColor": "e0ca57ff" + } + }, + "lightMode": { + "error": { + "backgroundColor": "fff7f7ff", + "borderColor": "d91515ff", + "indicatorColor": "d91515ff" + }, + "pending": { + "indicatorColor": "AAAAAAAA" + }, + "success": { + "backgroundColor": "f2fcf3ff", + "borderColor": "037f0cff", + "indicatorColor": "037f0cff" + }, + "warning": { + "backgroundColor": "fffce9ff", + "borderColor": "8d6605ff", + "indicatorColor": "8d6605ff" + } + } + } + }, + "components": { + "alert": { + "borderRadius": 12.0, + "darkMode": { + "error": { + "backgroundColor": "1a0000ff", + "borderColor": "eb6f6fff" + } + }, + "lightMode": { + "error": { + "backgroundColor": "fff7f7ff", + "borderColor": "d91515ff" + } + } + }, + "favicon": { + "enabledTypes": [ + "ICO", + "SVG" + ] + }, + "form": { + "backgroundImage": { + "enabled": false + }, + "borderRadius": 8.0, + "darkMode": { + "backgroundColor": "0f1b2aff", + "borderColor": "424650ff" + }, + "lightMode": { + "backgroundColor": "ffffffff", + "borderColor": "c6c6cdff" + }, + "logo": { + "enabled": false, + "formInclusion": "IN", + "location": "CENTER", + "position": "TOP" + } + }, + "idpButton": { + "custom": { + }, + "standard": { + "darkMode": { + "active": { + "backgroundColor": "354150ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + }, + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "c6c6cdff", + "textColor": "c6c6cdff" + }, + "hover": { + "backgroundColor": "192534ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "d3e7f9ff", + "borderColor": "033160ff", + "textColor": "033160ff" + }, + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "424650ff", + "textColor": "424650ff" + }, + "hover": { + "backgroundColor": "f2f8fdff", + "borderColor": "033160ff", + "textColor": "033160ff" + } + } + } + }, + "pageBackground": { + "darkMode": { + "color": "0f1b2aff" + }, + "image": { + "enabled": true + }, + "lightMode": { + "color": "ffffffff" + } + }, + "pageFooter": { + "backgroundImage": { + "enabled": false + }, + "darkMode": { + "background": { + "color": "0f141aff" + }, + "borderColor": "424650ff" + }, + "lightMode": { + "background": { + "color": "fafafaff" + }, + "borderColor": "d5dbdbff" + }, + "logo": { + "enabled": false, + "location": "START" + } + }, + "pageHeader": { + "backgroundImage": { + "enabled": false + }, + "darkMode": { + "background": { + "color": "0f141aff" + }, + "borderColor": "424650ff" + }, + "lightMode": { + "background": { + "color": "fafafaff" + }, + "borderColor": "d5dbdbff" + }, + "logo": { + "enabled": false, + "location": "START" + } + }, + "pageText": { + "darkMode": { + "bodyColor": "b6bec9ff", + "descriptionColor": "b6bec9ff", + "headingColor": "d1d5dbff" + }, + "lightMode": { + "bodyColor": "414d5cff", + "descriptionColor": "414d5cff", + "headingColor": "000716ff" + } + }, + "phoneNumberSelector": { + "displayType": "TEXT" + }, + "primaryButton": { + "darkMode": { + "active": { + "backgroundColor": "539fe5ff", + "textColor": "000716ff" + }, + "defaults": { + "backgroundColor": "539fe5ff", + "textColor": "000716ff" + }, + "disabled": { + "backgroundColor": "ffffffff", + "borderColor": "ffffffff" + }, + "hover": { + "backgroundColor": "89bdeeff", + "textColor": "000716ff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "033160ff", + "textColor": "ffffffff" + }, + "defaults": { + "backgroundColor": "0972d3ff", + "textColor": "ffffffff" + }, + "disabled": { + "backgroundColor": "ffffffff", + "borderColor": "ffffffff" + }, + "hover": { + "backgroundColor": "033160ff", + "textColor": "ffffffff" + } + } + }, + "secondaryButton": { + "darkMode": { + "active": { + "backgroundColor": "354150ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + }, + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "539fe5ff", + "textColor": "539fe5ff" + }, + "hover": { + "backgroundColor": "192534ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "d3e7f9ff", + "borderColor": "033160ff", + "textColor": "033160ff" + }, + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "0972d3ff", + "textColor": "0972d3ff" + }, + "hover": { + "backgroundColor": "f2f8fdff", + "borderColor": "033160ff", + "textColor": "033160ff" + } + } + } + } + }, + "UseCognitoProvidedValues": false, + "UserPoolId": "ca-central-1_EXAMPLE" + } + +Output:: + + { + "ManagedLoginBranding": { + "Assets": [ + { + "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", + "Category": "PAGE_FOOTER_BACKGROUND", + "ColorMode": "DARK", + "Extension": "SVG" + } + ], + "CreationDate": 1732138490.642, + "LastModifiedDate": 1732140420.301, + "ManagedLoginBrandingId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "Settings": { + "categories": { + "auth": { + "authMethodOrder": [ + [ + { + "display": "BUTTON", + "type": "FEDERATED" + }, + { + "display": "INPUT", + "type": "USERNAME_PASSWORD" + } + ] + ], + "federation": { + "interfaceStyle": "BUTTON_LIST", + "order": [ + ] + } + }, + "form": { + "displayGraphics": true, + "instructions": { + "enabled": false + }, + "languageSelector": { + "enabled": false + }, + "location": { + "horizontal": "CENTER", + "vertical": "CENTER" + }, + "sessionTimerDisplay": "NONE" + }, + "global": { + "colorSchemeMode": "LIGHT", + "pageFooter": { + "enabled": false + }, + "pageHeader": { + "enabled": false + }, + "spacingDensity": "REGULAR" + }, + "signUp": { + "acceptanceElements": [ + { + "enforcement": "NONE", + "textKey": "en" + } + ] + } + }, + "componentClasses": { + "buttons": { + "borderRadius": 8.0 + }, + "divider": { + "darkMode": { + "borderColor": "232b37ff" + }, + "lightMode": { + "borderColor": "ebebf0ff" + } + }, + "dropDown": { + "borderRadius": 8.0, + "darkMode": { + "defaults": { + "itemBackgroundColor": "192534ff" + }, + "hover": { + "itemBackgroundColor": "081120ff", + "itemBorderColor": "5f6b7aff", + "itemTextColor": "e9ebedff" + }, + "match": { + "itemBackgroundColor": "d1d5dbff", + "itemTextColor": "89bdeeff" + } + }, + "lightMode": { + "defaults": { + "itemBackgroundColor": "ffffffff" + }, + "hover": { + "itemBackgroundColor": "f4f4f4ff", + "itemBorderColor": "7d8998ff", + "itemTextColor": "000716ff" + }, + "match": { + "itemBackgroundColor": "414d5cff", + "itemTextColor": "0972d3ff" + } + } + }, + "focusState": { + "darkMode": { + "borderColor": "539fe5ff" + }, + "lightMode": { + "borderColor": "0972d3ff" + } + }, + "idpButtons": { + "icons": { + "enabled": true + } + }, + "input": { + "borderRadius": 8.0, + "darkMode": { + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "5f6b7aff" + }, + "placeholderColor": "8d99a8ff" + }, + "lightMode": { + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "7d8998ff" + }, + "placeholderColor": "5f6b7aff" + } + }, + "inputDescription": { + "darkMode": { + "textColor": "8d99a8ff" + }, + "lightMode": { + "textColor": "5f6b7aff" + } + }, + "inputLabel": { + "darkMode": { + "textColor": "d1d5dbff" + }, + "lightMode": { + "textColor": "000716ff" + } + }, + "link": { + "darkMode": { + "defaults": { + "textColor": "539fe5ff" + }, + "hover": { + "textColor": "89bdeeff" + } + }, + "lightMode": { + "defaults": { + "textColor": "0972d3ff" + }, + "hover": { + "textColor": "033160ff" + } + } + }, + "optionControls": { + "darkMode": { + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "7d8998ff" + }, + "selected": { + "backgroundColor": "539fe5ff", + "foregroundColor": "000716ff" + } + }, + "lightMode": { + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "7d8998ff" + }, + "selected": { + "backgroundColor": "0972d3ff", + "foregroundColor": "ffffffff" + } + } + }, + "statusIndicator": { + "darkMode": { + "error": { + "backgroundColor": "1a0000ff", + "borderColor": "eb6f6fff", + "indicatorColor": "eb6f6fff" + }, + "pending": { + "indicatorColor": "AAAAAAAA" + }, + "success": { + "backgroundColor": "001a02ff", + "borderColor": "29ad32ff", + "indicatorColor": "29ad32ff" + }, + "warning": { + "backgroundColor": "1d1906ff", + "borderColor": "e0ca57ff", + "indicatorColor": "e0ca57ff" + } + }, + "lightMode": { + "error": { + "backgroundColor": "fff7f7ff", + "borderColor": "d91515ff", + "indicatorColor": "d91515ff" + }, + "pending": { + "indicatorColor": "AAAAAAAA" + }, + "success": { + "backgroundColor": "f2fcf3ff", + "borderColor": "037f0cff", + "indicatorColor": "037f0cff" + }, + "warning": { + "backgroundColor": "fffce9ff", + "borderColor": "8d6605ff", + "indicatorColor": "8d6605ff" + } + } + } + }, + "components": { + "alert": { + "borderRadius": 12.0, + "darkMode": { + "error": { + "backgroundColor": "1a0000ff", + "borderColor": "eb6f6fff" + } + }, + "lightMode": { + "error": { + "backgroundColor": "fff7f7ff", + "borderColor": "d91515ff" + } + } + }, + "favicon": { + "enabledTypes": [ + "ICO", + "SVG" + ] + }, + "form": { + "backgroundImage": { + "enabled": false + }, + "borderRadius": 8.0, + "darkMode": { + "backgroundColor": "0f1b2aff", + "borderColor": "424650ff" + }, + "lightMode": { + "backgroundColor": "ffffffff", + "borderColor": "c6c6cdff" + }, + "logo": { + "enabled": false, + "formInclusion": "IN", + "location": "CENTER", + "position": "TOP" + } + }, + "idpButton": { + "custom": { + }, + "standard": { + "darkMode": { + "active": { + "backgroundColor": "354150ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + }, + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "c6c6cdff", + "textColor": "c6c6cdff" + }, + "hover": { + "backgroundColor": "192534ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "d3e7f9ff", + "borderColor": "033160ff", + "textColor": "033160ff" + }, + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "424650ff", + "textColor": "424650ff" + }, + "hover": { + "backgroundColor": "f2f8fdff", + "borderColor": "033160ff", + "textColor": "033160ff" + } + } + } + }, + "pageBackground": { + "darkMode": { + "color": "0f1b2aff" + }, + "image": { + "enabled": true + }, + "lightMode": { + "color": "ffffffff" + } + }, + "pageFooter": { + "backgroundImage": { + "enabled": false + }, + "darkMode": { + "background": { + "color": "0f141aff" + }, + "borderColor": "424650ff" + }, + "lightMode": { + "background": { + "color": "fafafaff" + }, + "borderColor": "d5dbdbff" + }, + "logo": { + "enabled": false, + "location": "START" + } + }, + "pageHeader": { + "backgroundImage": { + "enabled": false + }, + "darkMode": { + "background": { + "color": "0f141aff" + }, + "borderColor": "424650ff" + }, + "lightMode": { + "background": { + "color": "fafafaff" + }, + "borderColor": "d5dbdbff" + }, + "logo": { + "enabled": false, + "location": "START" + } + }, + "pageText": { + "darkMode": { + "bodyColor": "b6bec9ff", + "descriptionColor": "b6bec9ff", + "headingColor": "d1d5dbff" + }, + "lightMode": { + "bodyColor": "414d5cff", + "descriptionColor": "414d5cff", + "headingColor": "000716ff" + } + }, + "phoneNumberSelector": { + "displayType": "TEXT" + }, + "primaryButton": { + "darkMode": { + "active": { + "backgroundColor": "539fe5ff", + "textColor": "000716ff" + }, + "defaults": { + "backgroundColor": "539fe5ff", + "textColor": "000716ff" + }, + "disabled": { + "backgroundColor": "ffffffff", + "borderColor": "ffffffff" + }, + "hover": { + "backgroundColor": "89bdeeff", + "textColor": "000716ff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "033160ff", + "textColor": "ffffffff" + }, + "defaults": { + "backgroundColor": "0972d3ff", + "textColor": "ffffffff" + }, + "disabled": { + "backgroundColor": "ffffffff", + "borderColor": "ffffffff" + }, + "hover": { + "backgroundColor": "033160ff", + "textColor": "ffffffff" + } + } + }, + "secondaryButton": { + "darkMode": { + "active": { + "backgroundColor": "354150ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + }, + "defaults": { + "backgroundColor": "0f1b2aff", + "borderColor": "539fe5ff", + "textColor": "539fe5ff" + }, + "hover": { + "backgroundColor": "192534ff", + "borderColor": "89bdeeff", + "textColor": "89bdeeff" + } + }, + "lightMode": { + "active": { + "backgroundColor": "d3e7f9ff", + "borderColor": "033160ff", + "textColor": "033160ff" + }, + "defaults": { + "backgroundColor": "ffffffff", + "borderColor": "0972d3ff", + "textColor": "0972d3ff" + }, + "hover": { + "backgroundColor": "f2f8fdff", + "borderColor": "033160ff", + "textColor": "033160ff" + } + } + } + } + }, + "UseCognitoProvidedValues": false, + "UserPoolId": "ca-central-1_EXAMPLE" + } + } + +For more information, see `Apply branding to managed login pages `__ in the *Amazon Cognito Developer Guide*. + \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/update-user-pool-client.rst 2.31.35-1/awscli/examples/cognito-idp/update-user-pool-client.rst --- 2.23.6-1/awscli/examples/cognito-idp/update-user-pool-client.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/update-user-pool-client.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,24 +1,121 @@ -**To update a user pool client** - -This example updates the name of a user pool client. It also adds a writeable attribute "nickname". - -Command:: - - aws cognito-idp update-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 3n4b5urk1ft4fl3mg5e62d9ado --client-name "NewClientName" --write-attributes "nickname" - -Output:: - - { - "UserPoolClient": { - "UserPoolId": "us-west-2_aaaaaaaaa", - "ClientName": "NewClientName", - "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", - "LastModifiedDate": 1548802761.334, - "CreationDate": 1548178931.258, - "RefreshTokenValidity": 30, - "WriteAttributes": [ - "nickname" - ], - "AllowedOAuthFlowsUserPoolClient": false - } - } \ No newline at end of file +**To update an app client** + +The following ``update-user-pool-client`` example updates the configuration of the requested app client. :: + + aws cognito-idp update-user-pool-client \ + --user-pool-id us-west-2_EXAMPLE \ + --client-id 1example23456789 \ + --client-name my-test-app \ + --refresh-token-validity 30 \ + --access-token-validity 60 \ + --id-token-validity 60 \ + --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ + --read-attributes "address" "birthdate" "email" "email_verified" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "phone_number_verified" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ + --write-attributes "address" "birthdate" "email" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ + --explicit-auth-flows "ALLOW_ADMIN_USER_PASSWORD_AUTH" "ALLOW_CUSTOM_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" "ALLOW_USER_PASSWORD_AUTH" "ALLOW_USER_SRP_AUTH" \ + --supported-identity-providers "MySAML" "COGNITO" "Google" \ + --callback-urls "https://www.example.com" "https://app2.example.com" \ + --logout-urls "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" "https://example.com/logout" \ + --default-redirect-uri "https://www.example.com" \ + --allowed-o-auth-flows "code" "implicit" \ + --allowed-o-auth-scopes "openid" "profile" "aws.cognito.signin.user.admin" \ + --allowed-o-auth-flows-user-pool-client \ + --prevent-user-existence-errors ENABLED \ + --enable-token-revocation \ + --no-enable-propagate-additional-user-context-data \ + --auth-session-validity 3 + +Output:: + + { + "UserPoolClient": { + "UserPoolId": "us-west-2_EXAMPLE", + "ClientName": "my-test-app", + "ClientId": "1example23456789", + "LastModifiedDate": "2025-01-31T14:40:12.498000-08:00", + "CreationDate": "2023-09-13T16:26:34.408000-07:00", + "RefreshTokenValidity": 30, + "AccessTokenValidity": 60, + "IdTokenValidity": 60, + "TokenValidityUnits": { + "AccessToken": "minutes", + "IdToken": "minutes", + "RefreshToken": "days" + }, + "ReadAttributes": [ + "website", + "zoneinfo", + "address", + "birthdate", + "email_verified", + "gender", + "profile", + "phone_number_verified", + "preferred_username", + "locale", + "middle_name", + "picture", + "updated_at", + "name", + "nickname", + "phone_number", + "family_name", + "email" + ], + "WriteAttributes": [ + "website", + "zoneinfo", + "address", + "birthdate", + "gender", + "profile", + "preferred_username", + "locale", + "middle_name", + "picture", + "updated_at", + "name", + "nickname", + "phone_number", + "family_name", + "email" + ], + "ExplicitAuthFlows": [ + "ALLOW_CUSTOM_AUTH", + "ALLOW_USER_PASSWORD_AUTH", + "ALLOW_ADMIN_USER_PASSWORD_AUTH", + "ALLOW_USER_SRP_AUTH", + "ALLOW_REFRESH_TOKEN_AUTH" + ], + "SupportedIdentityProviders": [ + "Google", + "COGNITO", + "MySAML" + ], + "CallbackURLs": [ + "https://www.example.com", + "https://app2.example.com" + ], + "LogoutURLs": [ + "https://example.com/logout", + "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" + ], + "DefaultRedirectURI": "https://www.example.com", + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthScopes": [ + "aws.cognito.signin.user.admin", + "openid", + "profile" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "PreventUserExistenceErrors": "ENABLED", + "EnableTokenRevocation": true, + "EnablePropagateAdditionalUserContextData": false, + "AuthSessionValidity": 3 + } + } + +For more information, see `Application-specific settings with app clients `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/update-user-pool-domain.rst 2.31.35-1/awscli/examples/cognito-idp/update-user-pool-domain.rst --- 2.23.6-1/awscli/examples/cognito-idp/update-user-pool-domain.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/update-user-pool-domain.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To update a custom domain** + +The following ``update-user-pool-domain`` example configures the branding version and certificate for the custom domain the requested user pool. :: + + aws cognito-idp update-user-pool-domain \ + --user-pool-id ca-central-1_EXAMPLE \ + --domain auth.example.com \ + --managed-login-version 2 \ + --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 + +Output:: + + { + "CloudFrontDomain": "example.cloudfront.net", + "ManagedLoginVersion": 2 + } + +For more information, see `Managed login `__ and `Configuring a domain `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/cognito-idp/verify-software-token.rst 2.31.35-1/awscli/examples/cognito-idp/verify-software-token.rst --- 2.23.6-1/awscli/examples/cognito-idp/verify-software-token.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/verify-software-token.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To confirm registration of a TOTP authenticator** + +The following ``verify-software-token`` example completes TOTP registration for the current user. :: + + aws cognito-idp verify-software-token \ + --access-token eyJra456defEXAMPLE \ + --user-code 123456 + +Output:: + + { + "Status": "SUCCESS" + } + +For more information, see `Adding MFA to a user pool `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/cognito-idp/verify-user-attribute.rst 2.31.35-1/awscli/examples/cognito-idp/verify-user-attribute.rst --- 2.23.6-1/awscli/examples/cognito-idp/verify-user-attribute.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/cognito-idp/verify-user-attribute.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To verify an attribute change** + +The following ``verify-user-attribute`` example verifies a change to the current user's email attribute. :: + + aws cognito-idp verify-user-attribute \ + --access-token eyJra456defEXAMPLE \ + --attribute-name email \ + --code 123456 + +For more information, see `Configuring email or phone verification `__ in the *Amazon Cognito Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/configure/mfa-login/_description.rst 2.31.35-1/awscli/examples/configure/mfa-login/_description.rst --- 2.23.6-1/awscli/examples/configure/mfa-login/_description.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/configure/mfa-login/_description.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,3 @@ +This command gets temporary AWS security credentials for use with the AWS CLI and SDK, and places them in an AWS profile. It will use a long-lived IAM user access key, and the MFA code from either a virtual TOTP MFA device, or a hardware OTP authenticator to call STS get-session-token to get the temporary credentials. If no default profile exists, the command will prompt you to provide your AWS credentials first. + +Note: This command currently supports only hardware or software based one-time password (OTP) authenticators. Passkeys and U2F devices are not currently supported. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/configure/mfa-login/_examples.rst 2.31.35-1/awscli/examples/configure/mfa-login/_examples.rst --- 2.23.6-1/awscli/examples/configure/mfa-login/_examples.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/configure/mfa-login/_examples.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,47 @@ +**To create a new profile with temporary MFA credentials** + +The following ``mfa-login`` command creates a new profile with temporary credentials obtained using MFA authentication. :: + + aws configure mfa-login + +Output:: + + MFA serial number or ARN: arn:aws:iam::123456789012:mfa/user + MFA token code: 123456 + Profile to update [session-12345]: + Temporary credentials written to profile 'session-12345' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile session-12345 when running AWS CLI commands + +**To update an existing profile with temporary MFA credentials** + +The following ``mfa-login`` command updates an existing profile with temporary credentials obtained using MFA authentication. :: + + aws configure mfa-login --profile myprofile --update-profile mytemp + +Output:: + + MFA token code: 123456 + Temporary credentials written to profile 'mytemp' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile mytemp when running AWS CLI commands + +**To create credentials when no default profile exists** + +If you don't have a default profile configured, the ``mfa-login`` command will prompt you for your AWS credentials first. :: + + aws configure mfa-login + +Output:: + + No default profile found. Please provide your AWS credentials: + AWS Access Key ID: AKIAIOSFODNN7EXAMPLE + AWS Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MFA serial number or ARN: arn:aws:iam::123456789012:mfa/user + MFA token code: 123456 + Profile to update [session-12345]: + Temporary credentials written to profile 'session-12345' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile session-12345 when running AWS CLI commands + +**Note:** This command currently supports only hardware or software based one-time password (OTP) authenticators. Passkeys and U2F devices are not currently supported. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/configure/mfa-login.rst 2.31.35-1/awscli/examples/configure/mfa-login.rst --- 2.23.6-1/awscli/examples/configure/mfa-login.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/configure/mfa-login.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,49 @@ +**To create a new profile with temporary MFA credentials** + +The following ``mfa-login`` command creates a new profile with temporary credentials obtained using MFA authentication. :: + + aws configure mfa-login + +Output:: + + MFA serial number or ARN: arn:aws:iam::123456789012:mfa/MFADeviceName + MFA token code: 123456 + Profile to update [session-MFADeviceName]: + Temporary credentials written to profile 'session-MFADeviceName' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile session-MFADeviceName when running AWS CLI commands + +**To create credentials when no default profile exists** + +If you don't have a default profile configured, the ``mfa-login`` command will prompt you for your AWS credentials first. :: + + aws configure mfa-login + +Output:: + + No default profile found. Please provide your AWS credentials: + AWS Access Key ID: AKIAIOSFODNN7EXAMPLE + AWS Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + MFA serial number or ARN: arn:aws:iam::123456789012:mfa/MFADeviceName + MFA token code: 123456 + Profile to update [session-MFADeviceName]: + Temporary credentials written to profile 'session-MFADeviceName' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile session-MFADeviceName when running AWS CLI commands + +**To update an existing profile with temporary MFA credentials** + +The following ``mfa-login`` command updates an existing profile with temporary credentials obtained using MFA authentication. :: + + aws configure mfa-login --profile myprofile --update-profile mfaprofile + +Output:: + + MFA token code: 123456 + Temporary credentials written to profile 'mfaprofile' + Credentials will expire at 2023-05-19 18:06:10 UTC + To use these credentials, specify --profile mfaprofile when running AWS CLI commands + +**Note:** This command currently supports only hardware or software based one-time password (OTP) authenticators. Passkeys and U2F devices are not currently supported with this command. + +For more information, see `Using Multi-Factor Authentication (MFA) in AWS `__ in the *AWS IAM User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ds-data/create-group.rst 2.31.35-1/awscli/examples/ds-data/create-group.rst --- 2.23.6-1/awscli/examples/ds-data/create-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ds-data/create-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,15 +1,15 @@ -**To create a group for a directory** +**To list the available widgets** -The following ``create-group`` example creates a group in the specified directory. :: +The following ``create-group`` example creates a group in a specified directory. :: aws ds-data create-group \ --directory-id d-1234567890 \ - --sam-account-name 'sales' + --sam-account-name "sales" Output:: { - "DirectoryId": "d-9067f3da7a", + "DirectoryId": "d-1234567890", "SAMAccountName": "sales", "SID": "S-1-2-34-5567891234-5678912345-67891234567-8912" } diff -pruN 2.23.6-1/awscli/examples/dsql/generate-db-connect-auth-token.rst 2.31.35-1/awscli/examples/dsql/generate-db-connect-auth-token.rst --- 2.23.6-1/awscli/examples/dsql/generate-db-connect-auth-token.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/dsql/generate-db-connect-auth-token.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,11 +3,11 @@ The following ``generate-db-connect-auth-token`` example generates IAM authentication token to connect to a database. :: aws dsql generate-db-connect-auth-token \ - --hostname test.us-east-1.prod.sql.dsql.aws.dev \ + --hostname abc0def1baz2quux3quuux4.dsql.us-east-1.on.aws \ --region us-east-1 \ --expires-in 3600 Output:: - 'test.us-east-1.prod.sql.dsql.aws.dev/?Action=DbConnect&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=access_key%2F20241107%2Fus-east-1%2Fdsql%2Faws4_request&X-Amz-Date=20241107T173933Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b53dae15763139d6a5af5e318b117ff6e66c5ee859b14d44697d159cbe996077' + 'abc0def1baz2quux3quuux4.dsql.us-east-1.on.aws/?Action=DbConnect&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=access_key%2F20241107%2Fus-east-1%2Fdsql%2Faws4_request&X-Amz-Date=20241107T173933Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b53dae15763139d6a5af5e318b117ff6e66c5ee859b14d44697d159cbe996077' diff -pruN 2.23.6-1/awscli/examples/ec2/allocate-address.rst 2.31.35-1/awscli/examples/ec2/allocate-address.rst --- 2.23.6-1/awscli/examples/ec2/allocate-address.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/allocate-address.rst 2025-11-12 19:17:29.000000000 +0000 @@ -53,4 +53,25 @@ Output:: "NetworkBorderGroup": "us-west-2", } -For more information, see `Elastic IP addresses `__ in the *Amazon EC2 User Guide*. \ No newline at end of file +For more information, see `Elastic IP addresses `__ in the *Amazon EC2 User Guide*. + +**Example 4: To allocate an Elastic IP address from an IPAM pool** + +The following ``allocate-address`` example allocates a specific /32 Elastic IP address from an Amazon VPC IP Address Manager (IPAM) pool. :: + + aws ec2 allocate-address \ + --region us-east-1 \ + --ipam-pool-id ipam-pool-1234567890abcdef0 \ + --address 192.0.2.0 + +Output:: + + { + "PublicIp": "192.0.2.0", + "AllocationId": "eipalloc-abcdef01234567890", + "PublicIpv4Pool": "ipam-pool-1234567890abcdef0", + "NetworkBorderGroup": "us-east-1", + "Domain": "vpc" + } + +For more information, see `Allocate sequential Elastic IP addresses from an IPAM pool `__ in the *Amazon VPC IPAM User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/associate-ipam-resource-discovery.rst 2.31.35-1/awscli/examples/ec2/associate-ipam-resource-discovery.rst --- 2.23.6-1/awscli/examples/ec2/associate-ipam-resource-discovery.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/associate-ipam-resource-discovery.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ In this example, you are an IPAM delegat Note -* To complete this request, you'll need the resource discovery ID which you can get with `describe-ipam-resource-discoveries `__ and the IPAM ID which you can get with `describe-ipams `__. +* To complete this request, you'll need the resource discovery ID which you can get with `describe-ipam-resource-discoveries `__ and the IPAM ID which you can get with `describe-ipams `__. * The resource discovery that you are associating must have first been shared with your account using AWS RAM. * The ``--region`` you enter must match the home Region of the IPAM you are associating it with. diff -pruN 2.23.6-1/awscli/examples/ec2/associate-security-group-vpc.rst 2.31.35-1/awscli/examples/ec2/associate-security-group-vpc.rst --- 2.23.6-1/awscli/examples/ec2/associate-security-group-vpc.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/associate-security-group-vpc.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To associate a security group with another VPC** + +The following ``associate-security-group-vpc`` example associates the specified security group with the specified VPC. :: + + aws ec2 associate-security-group-vpc \ + --group-id sg-04dbb43907d3f8a78 \ + --vpc-id vpc-0bf4c2739bc05a694 + +Output:: + + { + "State": "associating" + } + +For more information, see `Associate security groups with multiple VPCs `__ in the *Amazon VPC User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/create-ipam-resource-discovery.rst 2.31.35-1/awscli/examples/ec2/create-ipam-resource-discovery.rst --- 2.23.6-1/awscli/examples/ec2/create-ipam-resource-discovery.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/create-ipam-resource-discovery.rst 2025-11-12 19:17:29.000000000 +0000 @@ -43,4 +43,4 @@ Output:: ] } -Once you create a resource discovery, you may want to share it with another IPAM delegated admin, which you can do with `create-resource-share `__. For more information, see `Integrate IPAM with accounts outside of your organization `__ in the *Amazon VPC IPAM User Guide*. \ No newline at end of file +Once you create a resource discovery, you may want to share it with another IPAM delegated admin, which you can do with `create-resource-share `__. For more information, see `Integrate IPAM with accounts outside of your organization `__ in the *Amazon VPC IPAM User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ec2/create-spot-datafeed-subscription.rst 2.31.35-1/awscli/examples/ec2/create-spot-datafeed-subscription.rst --- 2.23.6-1/awscli/examples/ec2/create-spot-datafeed-subscription.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/create-spot-datafeed-subscription.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,24 +1,24 @@ -**To create a Spot Instance data feed** - -The following ``create-spot-datafeed-subscription`` example creates a Spot Instance data feed. :: - - aws ec2 create-spot-datafeed-subscription \ - --bucket my-bucket \ - --prefix spot-data-feed - -Output:: - - { - "SpotDatafeedSubscription": { - "Bucket": "my-bucket", - "OwnerId": "123456789012", - "Prefix": "spot-data-feed", - "State": "Active" - } - } - -The data feed is stored in the Amazon S3 bucket that you specified. The file names for this data feed have the following format. :: - - my-bucket.s3.amazonaws.com/spot-data-feed/123456789012.YYYY-MM-DD-HH.n.abcd1234.gz - -For more information, see `Spot Instance data feed `__ in the *Amazon EC2 User Guide*. +**To create a Spot Instance data feed** + +The following ``create-spot-datafeed-subscription`` example creates a Spot Instance data feed. :: + + aws ec2 create-spot-datafeed-subscription \ + --bucket amzn-s3-demo-bucket \ + --prefix spot-data-feed + +Output:: + + { + "SpotDatafeedSubscription": { + "Bucket": "amzn-s3-demo-bucket", + "OwnerId": "123456789012", + "Prefix": "spot-data-feed", + "State": "Active" + } + } + +The data feed is stored in the Amazon S3 bucket that you specified. The file names for this data feed have the following format. :: + + amzn-s3-demo-bucket.s3.amazonaws.com/spot-data-feed/123456789012.YYYY-MM-DD-HH.n.abcd1234.gz + +For more information, see `Spot Instance data feed `__ in the *Amazon Elastic Compute Cloud User Guide for Linux Instances*. diff -pruN 2.23.6-1/awscli/examples/ec2/create-vpc-endpoint.rst 2.31.35-1/awscli/examples/ec2/create-vpc-endpoint.rst --- 2.23.6-1/awscli/examples/ec2/create-vpc-endpoint.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/create-vpc-endpoint.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,118 +1,196 @@ -**Example 1: To create a gateway endpoint** - -The following ``create-vpc-endpoint`` example creates a gateway VPC endpoint between VPC ``vpc-1a2b3c4d`` and Amazon S3 in the ``us-east-1`` region, and associates route table ``rtb-11aa22bb`` with the endpoint. :: - - aws ec2 create-vpc-endpoint \ - --vpc-id vpc-1a2b3c4d \ - --service-name com.amazonaws.us-east-1.s3 \ - --route-table-ids rtb-11aa22bb - -Output:: - - { - "VpcEndpoint": { - "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"\*\",\"Action\":\"\*\",\"Resource\":\"\*\"}]}", - "VpcId": "vpc-1a2b3c4d", - "State": "available", - "ServiceName": "com.amazonaws.us-east-1.s3", - "RouteTableIds": [ - "rtb-11aa22bb" - ], - "VpcEndpointId": "vpc-1a2b3c4d", - "CreationTimestamp": "2015-05-15T09:40:50Z" - } - } - -For more information, see `Create a gateway endpoint `__ in the *AWS PrivateLink User Guide*. - -**Example 2: To create an interface endpoint** - -The following ``create-vpc-endpoint`` example creates an interface VPC endpoint between VPC ``vpc-1a2b3c4d`` and Amazon S3 in the ``us-east-1`` region. The command creates the endpoint in subnet ``subnet-1a2b3c4d``, associates it with security group ``sg-1a2b3c4d``, and adds a tag with a key of "Service" and a Value of "S3". :: - - aws ec2 create-vpc-endpoint \ - --vpc-id vpc-1a2b3c4d \ - --vpc-endpoint-type Interface \ - --service-name com.amazonaws.us-east-1.s3 \ - --subnet-ids subnet-7b16de0c \ - --security-group-id sg-1a2b3c4d \ - --tag-specifications ResourceType=vpc-endpoint,Tags=[{Key=service,Value=S3}] - -Output:: - - { - "VpcEndpoint": { - "VpcEndpointId": "vpce-1a2b3c4d5e6f1a2b3", - "VpcEndpointType": "Interface", - "VpcId": "vpc-1a2b3c4d", - "ServiceName": "com.amazonaws.us-east-1.s3", - "State": "pending", - "RouteTableIds": [], - "SubnetIds": [ - "subnet-1a2b3c4d" - ], - "Groups": [ - { - "GroupId": "sg-1a2b3c4d", - "GroupName": "default" - } - ], - "PrivateDnsEnabled": false, - "RequesterManaged": false, - "NetworkInterfaceIds": [ - "eni-0b16f0581c8ac6877" - ], - "DnsEntries": [ - { - "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg.s3.us-east-1.vpce.amazonaws.com", - "HostedZoneId": "Z7HUB22UULQXV" - }, - { - "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg-us-east-1c.s3.us-east-1.vpce.amazonaws.com", - "HostedZoneId": "Z7HUB22UULQXV" - } - ], - "CreationTimestamp": "2021-03-05T14:46:16.030000+00:00", - "Tags": [ - { - "Key": "service", - "Value": "S3" - } - ], - "OwnerId": "123456789012" - } - } - -For more information, see `Create an interface VPC endpoint `__ in the *AWS PrivateLink User Guide*. - -**Example 3: To create a Gateway Load Balancer endpoint** - -The following ``create-vpc-endpoint`` example creates a Gateway Load Balancer endpoint between VPC ``vpc-111122223333aabbc`` and and a service that is configured using a Gateway Load Balancer. :: - - aws ec2 create-vpc-endpoint \ - --service-name com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123 \ - --vpc-endpoint-type GatewayLoadBalancer \ - --vpc-id vpc-111122223333aabbc \ - --subnet-ids subnet-0011aabbcc2233445 - -Output:: - - { - "VpcEndpoint": { - "VpcEndpointId": "vpce-aabbaabbaabbaabba", - "VpcEndpointType": "GatewayLoadBalancer", - "VpcId": "vpc-111122223333aabbc", - "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123", - "State": "pending", - "SubnetIds": [ - "subnet-0011aabbcc2233445" - ], - "RequesterManaged": false, - "NetworkInterfaceIds": [ - "eni-01010120203030405" - ], - "CreationTimestamp": "2020-11-11T08:06:03.522Z", - "OwnerId": "123456789012" - } - } - -For more information, see `Gateway Load Balancer endpoints `__ in the *AWS PrivateLink User Guide*. \ No newline at end of file +**Example 1: To create a gateway endpoint** + +The following ``create-vpc-endpoint`` example creates a gateway VPC endpoint between VPC ``vpc-1a2b3c4d`` and Amazon S3 in the ``us-east-1`` region, and associates route table ``rtb-11aa22bb`` with the endpoint. :: + + aws ec2 create-vpc-endpoint \ + --vpc-id vpc-1a2b3c4d \ + --service-name com.amazonaws.us-east-1.s3 \ + --route-table-ids rtb-11aa22bb + +Output:: + + { + "VpcEndpoint": { + "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"\*\",\"Action\":\"\*\",\"Resource\":\"\*\"}]}", + "VpcId": "vpc-1a2b3c4d", + "State": "available", + "ServiceName": "com.amazonaws.us-east-1.s3", + "RouteTableIds": [ + "rtb-11aa22bb" + ], + "VpcEndpointId": "vpc-1a2b3c4d", + "CreationTimestamp": "2015-05-15T09:40:50Z" + } + } + +For more information, see `Create a gateway endpoint `__ in the *AWS PrivateLink User Guide*. + +**Example 2: To create an interface endpoint** + +The following ``create-vpc-endpoint`` example creates an interface VPC endpoint between VPC ``vpc-1a2b3c4d`` and Amazon S3 in the ``us-east-1`` region. The command creates the endpoint in subnet ``subnet-1a2b3c4d``, associates it with security group ``sg-1a2b3c4d``, and adds a tag with a key of "Service" and a Value of "S3". :: + + aws ec2 create-vpc-endpoint \ + --vpc-id vpc-1a2b3c4d \ + --vpc-endpoint-type Interface \ + --service-name com.amazonaws.us-east-1.s3 \ + --subnet-ids subnet-7b16de0c \ + --security-group-id sg-1a2b3c4d \ + --tag-specifications ResourceType=vpc-endpoint,Tags=[{Key=service,Value=S3}] + +Output:: + + { + "VpcEndpoint": { + "VpcEndpointId": "vpce-1a2b3c4d5e6f1a2b3", + "VpcEndpointType": "Interface", + "VpcId": "vpc-1a2b3c4d", + "ServiceName": "com.amazonaws.us-east-1.s3", + "State": "pending", + "RouteTableIds": [], + "SubnetIds": [ + "subnet-1a2b3c4d" + ], + "Groups": [ + { + "GroupId": "sg-1a2b3c4d", + "GroupName": "default" + } + ], + "PrivateDnsEnabled": false, + "RequesterManaged": false, + "NetworkInterfaceIds": [ + "eni-0b16f0581c8ac6877" + ], + "DnsEntries": [ + { + "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg.s3.us-east-1.vpce.amazonaws.com", + "HostedZoneId": "Z7HUB22UULQXV" + }, + { + "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg-us-east-1c.s3.us-east-1.vpce.amazonaws.com", + "HostedZoneId": "Z7HUB22UULQXV" + } + ], + "CreationTimestamp": "2021-03-05T14:46:16.030000+00:00", + "Tags": [ + { + "Key": "service", + "Value": "S3" + } + ], + "OwnerId": "123456789012" + } + } + +For more information, see `Create an interface VPC endpoint `__ in the *AWS PrivateLink User Guide*. + +**Example 3: To create a Gateway Load Balancer endpoint** + +The following ``create-vpc-endpoint`` example creates a Gateway Load Balancer endpoint between VPC ``vpc-111122223333aabbc`` and and a service that is configured using a Gateway Load Balancer. :: + + aws ec2 create-vpc-endpoint \ + --service-name com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123 \ + --vpc-endpoint-type GatewayLoadBalancer \ + --vpc-id vpc-111122223333aabbc \ + --subnet-ids subnet-0011aabbcc2233445 + +Output:: + + { + "VpcEndpoint": { + "VpcEndpointId": "vpce-aabbaabbaabbaabba", + "VpcEndpointType": "GatewayLoadBalancer", + "VpcId": "vpc-111122223333aabbc", + "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123", + "State": "pending", + "SubnetIds": [ + "subnet-0011aabbcc2233445" + ], + "RequesterManaged": false, + "NetworkInterfaceIds": [ + "eni-01010120203030405" + ], + "CreationTimestamp": "2020-11-11T08:06:03.522Z", + "OwnerId": "123456789012" + } + } + +For more information, see `Gateway Load Balancer endpoints `__ in the *AWS PrivateLink User Guide*. + +**Example 4: To create a resource endpoint** + +The following ``create-vpc-endpoint`` example creates a resource endpoint. :: + + aws ec2 create-vpc-endpoint \ + --vpc-endpoint-type Resource \ + --vpc-id vpc-111122223333aabbc \ + --subnet-ids subnet-0011aabbcc2233445 \ + --resource-configuration-arn arn:aws:vpc-lattice-us-east-1:123456789012:resourceconfiguration/rcfg-0123abcde98765432 + +Output:: + + { + "VpcEndpoint": { + "VpcEndpointId": "vpce-00939a7ed9EXAMPLE", + "VpcEndpointType": "Resource", + "VpcId": "vpc-111122223333aabbc", + "State": "Pending", + "SubnetIds": [ + "subnet-0011aabbcc2233445" + ], + "Groups": [ + { + "GroupId": "sg-03e2f15fbfc09b000", + "GroupName": "default" + } + ], + "IpAddressType": "IPV4", + "PrivateDnsEnabled": false, + "CreationTimestamp": "2025-02-06T23:38:49.525000+00:00", + "Tags": [], + "OwnerId": "123456789012", + "ResourceConfigurationArn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-0123abcde98765432" + } + } + +For more information, see `Resource endpoints `__ in the *AWS PrivateLink User Guide*. + +**Example 5: To create a service network endpoint** + +The following ``create-vpc-endpoint`` example creates a service network endpoint. :: + + aws ec2 create-vpc-endpoint \ + --vpc-endpoint-type ServiceNetwork \ + --vpc-id vpc-111122223333aabbc \ + --subnet-ids subnet-0011aabbcc2233445 \ + --service-network-arn arn:aws:vpc-lattice:us-east-1:123456789012:servicenetwork/sn-0101abcd5432abcd0 \ + --security-group-ids sg-0123456789012abcd + +Output:: + + { + "VpcEndpoint": { + "VpcEndpointId": "vpce-0f00567fa8EXAMPLE", + "VpcEndpointType": "ServiceNetwork", + "VpcId": "vpc-111122223333aabbc", + "State": "Pending", + "SubnetIds": [ + "subnet-0011aabbcc2233445" + ], + "Groups": [ + { + "GroupId": "sg-0123456789012abcd", + "GroupName": "my-security-group" + } + ], + "IpAddressType": "IPV4", + "PrivateDnsEnabled": false, + "CreationTimestamp": "2025-02-06T23:44:20.449000+00:00", + "Tags": [], + "OwnerId": "123456789012", + "ServiceNetworkArn": "arn:aws:vpc-lattice:us-east-1:123456789012:servicenetwork/sn-0101abcd5432abcd0" + } + } + +For more information, see `Service network endpoints `__ in the *AWS PrivateLink User Guide*. + diff -pruN 2.23.6-1/awscli/examples/ec2/delete-ipam-pool.rst 2.31.35-1/awscli/examples/ec2/delete-ipam-pool.rst --- 2.23.6-1/awscli/examples/ec2/delete-ipam-pool.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/delete-ipam-pool.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ In this example, you're a IPAM delegated To complete this request: -* You'll need the IPAM pool ID which you can get with `describe-ipam-pools `__. +* You'll need the IPAM pool ID which you can get with `describe-ipam-pools `__. * The ``--region`` must be the IPAM home Region. The following ``delete-ipam-pool`` example deletes an IPAM pool in your AWS account. :: diff -pruN 2.23.6-1/awscli/examples/ec2/describe-addresses-attribute.rst 2.31.35-1/awscli/examples/ec2/describe-addresses-attribute.rst --- 2.23.6-1/awscli/examples/ec2/describe-addresses-attribute.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/describe-addresses-attribute.rst 2025-11-12 19:17:29.000000000 +0000 @@ -26,4 +26,4 @@ Output:: ] } -To view the attributes of an elastic IP address, you must have first associated a domain name with the elastic IP address. For more information, see `Use reverse DNS for email applications `__ in the *Amazon EC2 User Guide* or `modify-address-attribute `__ in the *AWS CLI Command Reference*. +To view the attributes of an elastic IP address, you must have first associated a domain name with the elastic IP address. For more information, see `Use reverse DNS for email applications `__ in the *Amazon EC2 User Guide* or `modify-address-attribute `__ in the *AWS CLI Command Reference*. diff -pruN 2.23.6-1/awscli/examples/ec2/describe-security-group-vpc-associations.rst 2.31.35-1/awscli/examples/ec2/describe-security-group-vpc-associations.rst --- 2.23.6-1/awscli/examples/ec2/describe-security-group-vpc-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/describe-security-group-vpc-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,21 @@ +**To describe VPC associations** + +The following ``describe-security-group-vpc-associations`` example describes the VPC associations for the specified security group. :: + + aws ec2 describe-security-group-vpc-associations \ + --filters Name=group-id,Values=sg-04dbb43907d3f8a78 + +Output:: + + { + "SecurityGroupVpcAssociations": [ + { + "GroupId": "sg-04dbb43907d3f8a78", + "VpcId": "vpc-0bf4c2739bc05a694", + "VpcOwnerId": "123456789012", + "State": "associated" + } + ] + } + +For more information, see `Associate security groups with multiple VPCs `__ in the *Amazon VPC User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/describe-vpc-endpoint-associations.rst 2.31.35-1/awscli/examples/ec2/describe-vpc-endpoint-associations.rst --- 2.23.6-1/awscli/examples/ec2/describe-vpc-endpoint-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/describe-vpc-endpoint-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +**To describe VPC endpoint associations** + +The following ``describe-vpc-endpoint-associations`` example describes your VPC endpoint associations. :: + + aws ec2 describe-vpc-endpoint-associations + +Output:: + + { + "VpcEndpointAssociations": [ + { + "Id": "vpce-rsc-asc-0a810ca6ac8866bf9", + "VpcEndpointId": "vpce-019b90d6f16d4f958", + "AssociatedResourceAccessibility": "Accessible", + "DnsEntry": { + "DnsName": "vpce-019b90d6f16d4f958.rcfg-07129f3acded87625.4232ccc.vpc-lattice-rsc.us-east-2.on.aws", + "HostedZoneId": "Z03265862FOUNWMZOKUF4" + }, + "AssociatedResourceArn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-07129f3acded87625" + } + ] + } + +For more information, see `Manage VPC endpoint associations `__ in the *AWS PrivateLink User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/disable-image-deregistration-protection.rst 2.31.35-1/awscli/examples/ec2/disable-image-deregistration-protection.rst --- 2.23.6-1/awscli/examples/ec2/disable-image-deregistration-protection.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/disable-image-deregistration-protection.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,14 @@ +**To disable deregistration protection** + +The following ``disable-image-deregistration-protection`` example disables deregistration protection for the specified image. :: + + aws ec2 disable-image-deregistration-protection \ + --image-id ami-0b1a928a144a74ec9 + +Output:: + + { + "Return": "disabled" + } + +For more information, see `Protect an AMI from deregistration `__ in the *Amazon EC2 User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/disassociate-security-group-vpc.rst 2.31.35-1/awscli/examples/ec2/disassociate-security-group-vpc.rst --- 2.23.6-1/awscli/examples/ec2/disassociate-security-group-vpc.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/disassociate-security-group-vpc.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To disassociate a security group from a VPC** + +The following ``disassociate-security-group-vpc`` example disassociates the specified security group from the specified VPC. :: + + aws ec2 disassociate-security-group-vpc \ + --group-id sg-04dbb43907d3f8a78 \ + --vpc-id vpc-0bf4c2739bc05a694 + +Output:: + + { + "State": "disassociating" + } + +For more information, see `Associate security groups with multiple VPCs `__ in the *Amazon VPC User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/enable-image-deregistration-protection.rst 2.31.35-1/awscli/examples/ec2/enable-image-deregistration-protection.rst --- 2.23.6-1/awscli/examples/ec2/enable-image-deregistration-protection.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/enable-image-deregistration-protection.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,14 @@ +**To enable deregistration protection** + +The following ``enable-image-deregistration-protection`` example enables deregistration protection for the specified image. :: + + aws ec2 enable-image-deregistration-protection \ + --image-id ami-0b1a928a144a74ec9 + +Output:: + + { + "Return": "enabled-without-cooldown" + } + +For more information, see `Protect an EC2 AMI from deregistration `__ in the *Amazon EC2 User Guide*. diff -pruN 2.23.6-1/awscli/examples/ec2/get-ipam-discovered-public-addresses.rst 2.31.35-1/awscli/examples/ec2/get-ipam-discovered-public-addresses.rst --- 2.23.6-1/awscli/examples/ec2/get-ipam-discovered-public-addresses.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/get-ipam-discovered-public-addresses.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ **To view discovered public IP addresses** -In this example, you are an IPAM delegated admin and you want to view the IP addresses of resources discovered by IPAM. You can get the resource discovery ID with `describe-ipam-resource-discoveries `__. +In this example, you are an IPAM delegated admin and you want to view the IP addresses of resources discovered by IPAM. You can get the resource discovery ID with `describe-ipam-resource-discoveries `__. The following ``get-ipam-discovered-public-addresses`` example shows the discovered public IP addresses for a resource discovery. :: diff -pruN 2.23.6-1/awscli/examples/ec2/modify-ipam-resource-discovery.rst 2.31.35-1/awscli/examples/ec2/modify-ipam-resource-discovery.rst --- 2.23.6-1/awscli/examples/ec2/modify-ipam-resource-discovery.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/modify-ipam-resource-discovery.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,7 +5,7 @@ In this example, you're an IPAM delegate To complete this request: * You cannot modify a default resource discovery and you must be the owner of the resource discovery. -* You need the resource discovery ID, which you can get with `describe-ipam-resource-discoveries `__. +* You need the resource discovery ID, which you can get with `describe-ipam-resource-discoveries `__. The following ``modify-ipam-resource-discovery`` example modifies a non-default resource discovery in your AWS account. :: diff -pruN 2.23.6-1/awscli/examples/ec2/modify-ipam-scope.rst 2.31.35-1/awscli/examples/ec2/modify-ipam-scope.rst --- 2.23.6-1/awscli/examples/ec2/modify-ipam-scope.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/modify-ipam-scope.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,7 +2,7 @@ In this scenario, you're an IPAM delegated admin who wants to modify the description of an IPAM scope. -To complete this request, you'll need the scope ID, which you can get with `describe-ipam-scopes `__. +To complete this request, you'll need the scope ID, which you can get with `describe-ipam-scopes `__. The following ``modify-ipam-scope`` example updates the description of the scope. :: diff -pruN 2.23.6-1/awscli/examples/ec2/release-ipam-pool-allocation.rst 2.31.35-1/awscli/examples/ec2/release-ipam-pool-allocation.rst --- 2.23.6-1/awscli/examples/ec2/release-ipam-pool-allocation.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ec2/release-ipam-pool-allocation.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,8 +4,8 @@ In this example, you're an IPAM delegate Note the following: -* You can only use this command for custom allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using `modify-ipam-resource-cidr `__. -* To complete this request, you'll need the IPAM pool ID, which you can get with `describe-ipam-pools `__. You'll also need the allocation ID, which you can get with `get-ipam-pool-allocations `__. +* You can only use this command for custom allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using `modify-ipam-resource-cidr `__. +* To complete this request, you'll need the IPAM pool ID, which you can get with `describe-ipam-pools `__. You'll also need the allocation ID, which you can get with `get-ipam-pool-allocations `__. * If you do not want to remove allocations one by one, you can use the ``--cascade option`` when you delete an IPAM pool to automatically release any allocations in the pool before deleting it. * There are a number of prerequisites before running this command. For more information, see `Release an allocation `__ in the *Amazon VPC IPAM User Guide*. * The ``--region`` in which you run this command must be the locale of the IPAM pool where the allocation is. @@ -24,4 +24,4 @@ Output:: "Success": true } -Once you release an allocation, you may want to run `delete-ipam-pool `__. \ No newline at end of file +Once you release an allocation, you may want to run `delete-ipam-pool `__. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ecs/create-cluster.rst 2.31.35-1/awscli/examples/ecs/create-cluster.rst --- 2.23.6-1/awscli/examples/ecs/create-cluster.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/create-cluster.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,9 +1,11 @@ **Example 1: To create a new cluster** -The following ``create-cluster`` example creates a cluster. :: +The following ``create-cluster`` example creates a cluster named ``MyCluster`` and enables CloudWatch Container Insights with enhanced observability. :: aws ecs create-cluster \ - --cluster-name MyCluster + --cluster-name MyCluster \ + --settings name=containerInsights,value=enhanced + Output:: @@ -17,6 +19,12 @@ Output:: "runningTasksCount": 0, "activeServicesCount": 0, "statistics": [], + "settings": [ + { + "name": "containerInsights", + "value": "enhanced" + } + ], "tags": [] } } @@ -25,7 +33,7 @@ For more information, see `Creating a Cl **Example 2: To create a new cluster using capacity providers** -The following ``create-cluster`` example creates a cluster and associates two existing capacity providers with it. The ``create-capacity-provider`` command is used to create a capacity provider. Specifying a default capacity provider strategy is optional, but recommended. In this example, we create a cluster named ``MyCluster`` and associate the ``MyCapacityProvider1`` and ``MyCapacityProvider2`` capacity providers with it. A default capacity provider strategy is specified that spreads the tasks evenly across both capacity providers. +The following ``create-cluster`` example creates a cluster and associates two existing capacity providers with it. The ``create-capacity-provider`` command is used to create a capacity provider. Specifying a default capacity provider strategy is optional, but recommended. In this example, we create a cluster named ``MyCluster`` and associate the ``MyCapacityProvider1`` and ``MyCapacityProvider2`` capacity providers with it. A default capacity provider strategy is specified that spreads the tasks evenly across both capacity providers. :: aws ecs create-cluster \ --cluster-name MyCluster \ @@ -68,18 +76,18 @@ Output:: ], "attachments": [ { - "id": "0fb0c8f4-6edd-4de1-9b09-17e470ee1918", - "type": "asp", - "status": "PRECREATED", - "details": [ - { - "name": "capacityProviderName", - "value": "MyCapacityProvider1" - }, - { - "name": "scalingPlanName", - "value": "ECSManagedAutoScalingPlan-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" - } + "id": "0fb0c8f4-6edd-4de1-9b09-17e470ee1918", + "type": "asp", + "status": "PRECREATED", + "details": [ + { + "name": "capacityProviderName", + "value": "MyCapacityProvider1" + }, + { + "name": "scalingPlanName", + "value": "ECSManagedAutoScalingPlan-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + } ] }, { @@ -106,39 +114,35 @@ For more information, see `Cluster capac **Example 3: To create a new cluster with multiple tags** -The following ``create-cluster`` example creates a cluster with multiple tags. For more information about adding tags using shorthand syntax, see `Using Shorthand Syntax with the AWS Command Line Interface `_ in the *AWS CLI User Guide*. :: +The following ``create-cluster`` example creates a cluster with multiple tags. For more information about adding tags using shorthand syntax, see `Using Shorthand Syntax with the AWS Command Line Interface `__ in the *AWS CLI User Guide*. :: aws ecs create-cluster \ --cluster-name MyCluster \ - --tags key=key1,value=value1 key=key2,value=value2 key=key3,value=value3 + --tags key=key1,value=value1 key=key2,value=value2 Output:: - { - "cluster": { - "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/MyCluster", - "clusterName": "MyCluster", - "status": "ACTIVE", - "registeredContainerInstancesCount": 0, - "pendingTasksCount": 0, - "runningTasksCount": 0, - "activeServicesCount": 0, - "statistics": [], - "tags": [ - { - "key": "key1", - "value": "value1" - }, - { - "key": "key2", - "value": "value2" - }, - { - "key": "key3", - "value": "value3" - } - ] + { + "cluster": { + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/MyCluster", + "clusterName": "MyCluster", + "status": "ACTIVE", + "registeredContainerInstancesCount": 0, + "pendingTasksCount": 0, + "runningTasksCount": 0, + "activeServicesCount": 0, + "statistics": [], + "tags": [ + { + "key": "key1", + "value": "value1" + }, + { + "key": "key2", + "value": "value2" + } + ] } } -For more information, see `Creating a Cluster `__ in the *Amazon ECS Developer Guide*. \ No newline at end of file +For more information, see `Creating a Cluster `__ in the *Amazon ECS Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ecs/create-service.rst 2.31.35-1/awscli/examples/ecs/create-service.rst --- 2.23.6-1/awscli/examples/ecs/create-service.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/create-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -9,7 +9,7 @@ The following ``create-service`` example --desired-count 2 \ --launch-type FARGATE \ --platform-version LATEST \ - --network-configuration "awsvpcConfiguration={subnets=[subnet-12344321],securityGroups=[sg-12344321],assignPublicIp=ENABLED}" \ + --network-configuration 'awsvpcConfiguration={subnets=[subnet-12344321],securityGroups=[sg-12344321],assignPublicIp=ENABLED}' \ --tags key=key1,value=value1 key=key2,value=value2 key=key3,value=value3 Output:: @@ -93,6 +93,8 @@ Output:: } } +For more information, see `Creating a Service `__ in the *Amazon ECS Developer Guide*. + **Example 2: To create a service using the EC2 launch type** The following ``create-service`` example shows how to create a service called ``ecs-simple-service`` with a task that uses the EC2 launch type. The service uses the ``sleep360`` task definition and it maintains 1 instantiation of the task. :: @@ -145,6 +147,8 @@ Output:: } } +For more information, see `Creating a Service `__ in the *Amazon ECS Developer Guide*. + **Example 3: To create a service that uses an external deployment controller** The following ``create-service`` example creates a service that uses an external deployment controller. :: @@ -189,11 +193,20 @@ Output:: } } +For more information, see `Creating a Service `__ in the *Amazon ECS Developer Guide*. + **Example 4: To create a new service behind a load balancer** -The following ``create-service`` example shows how to create a service that is behind a load balancer. You must have a load balancer configured in the same Region as your container instance. This example uses the ``--cli-input-json`` option and a JSON input file called ``ecs-simple-service-elb.json`` with the following content:: +The following ``create-service`` example shows how to create a service that is behind a load balancer. You must have a load balancer configured in the same Region as your container instance. This example uses the ``--cli-input-json`` option and a JSON input file called ``ecs-simple-service-elb.json`` with the following content. :: - { + aws ecs create-service \ + --cluster MyCluster \ + --service-name ecs-simple-service-elb \ + --cli-input-json file://ecs-simple-service-elb.json + +Contents of ``ecs-simple-service-elb.json``:: + + { "serviceName": "ecs-simple-service-elb", "taskDefinition": "ecs-demo", "loadBalancers": [ @@ -207,13 +220,6 @@ The following ``create-service`` example "role": "ecsServiceRole" } -Command:: - - aws ecs create-service \ - --cluster MyCluster \ - --service-name ecs-simple-service-elb \ - --cli-input-json file://ecs-simple-service-elb.json - Output:: { @@ -231,7 +237,7 @@ Output:: "roleArn": "arn:aws:iam::123456789012:role/ecsServiceRole", "desiredCount": 10, "serviceName": "ecs-simple-service-elb", - "clusterArn": "arn:aws:ecs:`_ in the *Amazon ECS Developer Guide*. \ No newline at end of file +For more information, see `Use load balancing to distribute Amazon ECS service traffic `__ in the *Amazon ECS Developer Guide*. + +**Example 5: To configure Amazon EBS volumes at service creation** + +The following ``create-service`` example shows how to configure Amazon EBS volumes for each task managed by the service. You must have an Amazon ECS infrastructure role configured with the ``AmazonECSInfrastructureRolePolicyForVolumes`` managed policy attached. You must specify a task definition with the same volume name as in the ``create-service`` request. This example uses the ``--cli-input-json`` option and a JSON input file called ``ecs-simple-service-ebs.json`` with the following content. :: + + aws ecs create-service \ + --cli-input-json file://ecs-simple-service-ebs.json + +Contents of ``ecs-simple-service-ebs.json``:: + + { + "cluster": "mycluster", + "taskDefinition": "mytaskdef", + "serviceName": "ecs-simple-service-ebs", + "desiredCount": 2, + "launchType": "FARGATE", + "networkConfiguration":{ + "awsvpcConfiguration":{ + "assignPublicIp": "ENABLED", + "securityGroups": ["sg-12344321"], + "subnets":["subnet-12344321"] + } + }, + "volumeConfigurations": [ + { + "name": "myEbsVolume", + "managedEBSVolume": { + "roleArn":"arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "volumeType": "gp3", + "sizeInGiB": 100, + "iops": 3000, + "throughput": 125, + "filesystemType": "ext4" + } + } + ] + } + +Output:: + + { + "service": { + "serviceArn": "arn:aws:ecs:us-west-2:123456789012:service/mycluster/ecs-simple-service-ebs", + "serviceName": "ecs-simple-service-ebs", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/mycluster", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 0, + "pendingCount": 0, + "launchType": "EC2", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:3", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": false, + "rollback": false + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100 + }, + "deployments": [ + { + "id": "ecs-svc/7851020056849183687", + "status": "PRIMARY", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:3", + "desiredCount": 0, + "pendingCount": 0, + "runningCount": 0, + "failedTasks": 0, + "createdAt": "2025-01-21T11:32:38.034000-06:00", + "updatedAt": "2025-01-21T11:32:38.034000-06:00", + "launchType": "EC2", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "DISABLED" + } + }, + "rolloutState": "IN_PROGRESS", + "rolloutStateReason": "ECS deployment ecs-svc/7851020056849183687 in progress.", + "volumeConfigurations": [ + { + "name": "myEBSVolume", + "managedEBSVolume": { + "volumeType": "gp3", + "sizeInGiB": 100, + "iops": 3000, + "throughput": 125, + "roleArn": "arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "filesystemType": "ext4" + } + } + ] + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [], + "createdAt": "2025-01-21T11:32:38.034000-06:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "DISABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:user/AIDACKCEVSQ6C2EXAMPLE", + "enableECSManagedTags": false, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "DISABLED" + } + } + +For more information, see `Use Amazon EBS volumes with Amazon ECS `__ in the *Amazon ECS Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ecs/put-account-setting.rst 2.31.35-1/awscli/examples/ecs/put-account-setting.rst --- 2.23.6-1/awscli/examples/ecs/put-account-setting.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/put-account-setting.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,16 +1,19 @@ **To modify the account setting for your IAM user account** -The following ``put-account-setting`` example enables the ``serviceLongArnFormat`` account setting for your IAM user account. :: +The following ``put-account-setting`` example sets the ``containerInsights`` account setting to ``enhanced`` for your IAM user account. This turns on Container Insights with enhanced observability. :: - aws ecs put-account-setting --name serviceLongArnFormat --value enabled + aws ecs put-account-setting \ + --name containerInsights \ + --value enhanced Output:: { "setting": { - "name": "serviceLongArnFormat", - "value": "enabled", - "principalArn": "arn:aws:iam::130757420319:user/your_username" + "name": "containerInsights", + "value": "enhanced", + "principalArn": "arn:aws:iam::123456789012:user/johndoe", + "type": "user" } } diff -pruN 2.23.6-1/awscli/examples/ecs/run-task.rst 2.31.35-1/awscli/examples/ecs/run-task.rst --- 2.23.6-1/awscli/examples/ecs/run-task.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/run-task.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To run a task on your default cluster** +**Example 1: To run a task on your default cluster** The following ``run-task`` example runs a task on the default cluster and uses a client token. :: @@ -60,4 +60,129 @@ Output:: "failures": [] } -For more information, see `Running Tasks `__ in the *Amazon ECS Developer Guide*. \ No newline at end of file +For more information, see `Running an application as a standalone task `__ in the *Amazon ECS Developer Guide*. + +**Example 2: To configure an Amazon EBS volume for a standalone task** + +The following ``run-task`` example configures an encrypted Amazon EBS volume for a Fargate task on the default cluster. You must have an Amazon ECS infrastructure role configured with the ``AmazonECSInfrastructureRolePolicyForVolumes`` managed policy attached. You must specify a task definition with the same volume name as in the ``run-task`` request. This example uses the ``--cli-input-json`` option and a JSON input file called ``ebs.json``. :: + + aws ecs run-task \ + --cli-input-json file://ebs.json + +Contents of ``ebs.json``:: + + { + "cluster": "default", + "taskDefinition": "mytaskdef", + "launchType": "FARGATE", + "networkConfiguration":{ + "awsvpcConfiguration":{ + "assignPublicIp": "ENABLED", + "securityGroups": ["sg-12344321"], + "subnets":["subnet-12344321"] + } + }, + "volumeConfigurations": [ + { + "name": "myEBSVolume", + "managedEBSVolume": { + "volumeType": "gp3", + "sizeInGiB": 100, + "roleArn":"arn:aws:iam::1111222333:role/ecsInfrastructureRole", + "encrypted": true, + "kmsKeyId": "arn:aws:kms:region:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + } + } + ] + } + +Output:: + + { + "tasks": [ + { + "attachments": [ + { + "id": "ce868693-15ca-4083-91ac-f782f64000c9", + "type": "ElasticNetworkInterface", + "status": "PRECREATED", + "details": [ + { + "name": "subnetId", + "value": "subnet-070982705451dad82" + } + ] + }, + { + "id": "a17ed863-786c-4372-b5b3-b23e53f37877", + "type": "AmazonElasticBlockStorage", + "status": "CREATED", + "details": [ + { + "name": "roleArn", + "value": "arn:aws:iam::123456789012:role/ecsInfrastructureRole" + }, + { + "name": "volumeName", + "value": "myEBSVolume" + }, + { + "name": "deleteOnTermination", + "value": "true" + } + ] + } + ], + "attributes": [ + { + "name": "ecs.cpu-architecture", + "value": "x86_64" + } + ], + "availabilityZone": "us-west-2b", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/default", + "containers": [ + { + "containerArn": "arn:aws:ecs:us-west-2:123456789012:container/default/7f1fbd3629434cc4b82d72d2f09b67c9/e21962a2-f328-4699-98a3-5161ac2c186a", + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/7f1fbd3629434cc4b82d72d2f09b67c9", + "name": "container-using-ebs", + "image": "amazonlinux:2", + "lastStatus": "PENDING", + "networkInterfaces": [], + "cpu": "0" + } + ], + "cpu": "1024", + "createdAt": "2025-01-23T10:29:46.650000-06:00", + "desiredStatus": "RUNNING", + "enableExecuteCommand": false, + "group": "family:mytaskdef", + "lastStatus": "PROVISIONING", + "launchType": "FARGATE", + "memory": "3072", + "overrides": { + "containerOverrides": [ + { + "name": "container-using-ebs" + } + ], + "inferenceAcceleratorOverrides": [] + }, + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "tags": [], + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/7f1fbd3629434cc4b82d72d2f09b67c9", + "taskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:4", + "version": 1, + "ephemeralStorage": { + "sizeInGiB": 20 + }, + "fargateEphemeralStorage": { + "sizeInGiB": 20 + } + } + ], + "failures": [] + } + +For more information, see `Use Amazon EBS volumes with Amazon ECS `__ in the *Amazon ECS Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ecs/start-task.rst 2.31.35-1/awscli/examples/ecs/start-task.rst --- 2.23.6-1/awscli/examples/ecs/start-task.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/start-task.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -**To start a new task** +**Example 1: To start a new task** -The following ``start-task`` starts a task using the latest revision of the ``sleep360`` task definition on the specified container instance in the default cluster. :: +The following ``start-task`` example starts a task using the latest revision of the ``sleep360`` task definition on the specified container instance in the default cluster. :: aws ecs start-task \ --task-definition sleep360 \ @@ -11,10 +11,10 @@ Output:: { "tasks": [ { - "taskArn": "arn:aws:ecs:us-west-2:130757420319:task/default/666fdccc2e2d4b6894dd422f4eeee8f8", - "clusterArn": "arn:aws:ecs:us-west-2:130757420319:cluster/default", - "taskDefinitionArn": "arn:aws:ecs:us-west-2:130757420319:task-definition/sleep360:3", - "containerInstanceArn": "arn:aws:ecs:us-west-2:130757420319:container-instance/default/765936fadbdd46b5991a4bd70c2a43d4", + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/666fdccc2e2d4b6894dd422f4eeee8f8", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/default", + "taskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sleep360:3", + "containerInstanceArn": "arn:aws:ecs:us-west-2:123456789012:container-instance/default/765936fadbdd46b5991a4bd70c2a43d4", "overrides": { "containerOverrides": [ { @@ -28,8 +28,8 @@ Output:: "memory": "128", "containers": [ { - "containerArn": "arn:aws:ecs:us-west-2:130757420319:container/75f11ed4-8a3d-4f26-a33b-ad1db9e02d41", - "taskArn": "arn:aws:ecs:us-west-2:130757420319:task/default/666fdccc2e2d4b6894dd422f4eeee8f8", + "containerArn": "arn:aws:ecs:us-west-2:123456789012:container/75f11ed4-8a3d-4f26-a33b-ad1db9e02d41", + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/666fdccc2e2d4b6894dd422f4eeee8f8", "name": "sleep", "lastStatus": "PENDING", "networkInterfaces": [], @@ -47,3 +47,123 @@ Output:: ], "failures": [] } + +For more information, see `Schedule your containers on Amazon ECS `__ in the *Amazon ECS Developer Guide*. + +**Example 2: To configure an Amazon EBS volume at task start** + +The following ``start-task`` example configures an encrypted Amazon EBS volume for a task on the specified container instance. You must have an Amazon ECS infrastructure role configured with the ``AmazonECSInfrastructureRolePolicyForVolumes`` managed policy attached. You must specify a task definition with the same volume name as in the ``start-task`` request. This example uses the ``--cli-input-json`` option and a JSON input file called ``ebs.json`` with the following content. :: + + aws ecs start-task \ + --cli-input-json file://ebs.json \ + --container-instances 765936fadbdd46b5991a4bd70c2a43d4 + +Contents of ``ebs.json``:: + + { + "cluster": "default", + "taskDefinition": "mytaskdef", + "networkConfiguration":{ + "awsvpcConfiguration":{ + "assignPublicIp": "ENABLED", + "securityGroups": ["sg-12344321"], + "subnets":["subnet-12344321"] + } + }, + "volumeConfigurations": [ + { + "name": "myEBSVolume", + "managedEBSVolume": { + "volumeType": "gp3", + "sizeInGiB": 100, + "roleArn":"arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "encrypted": true, + "kmsKeyId": "arn:aws:kms:region:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab" + } + } + ] + } + +Output:: + + { + "tasks": [ + { + "attachments": [ + { + "id": "aea29489-9dcd-49f1-8164-4d91566e1113", + "type": "ElasticNetworkInterface", + "status": "PRECREATED", + "details": [ + { + "name": "subnetId", + "value": "subnet-12344321" + } + ] + }, + { + "id": "f29e1222-9a1e-410f-b499-a12a7cd6d42e", + "type": "AmazonElasticBlockStorage", + "status": "CREATED", + "details": [ + { + "name": "roleArn", + "value": "arn:aws:iam::123456789012:role/ecsInfrastructureRole" + }, + { + "name": "volumeName", + "value": "myEBSVolume" + }, + { + "name": "deleteOnTermination", + "value": "true" + } + ] + } + ], + "attributes": [ + { + "name": "ecs.cpu-architecture", + "value": "arm64" + } + ], + "availabilityZone": "us-west-2c", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/default", + "containerInstanceArn": "arn:aws:ecs:us-west-2:123456789012:container-instance/default/765936fadbdd46b5991a4bd70c2a43d4", + "containers": [ + { + "containerArn": "arn:aws:ecs:us-west-2:123456789012:container/default/bb122ace3ed84add92c00a351a03c69e/a4a9ed10-51c7-4567-9653-50e71b94f867", + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/bb122ace3ed84add92c00a351a03c69e", + "name": "container-using-ebs", + "image": "amazonlinux:2", + "lastStatus": "PENDING", + "networkInterfaces": [], + "cpu": "0" + } + ], + "cpu": "1024", + "createdAt": "2025-01-23T14:51:05.191000-06:00", + "desiredStatus": "RUNNING", + "enableExecuteCommand": false, + "group": "family:mytaskdef", + "lastStatus": "PROVISIONING", + "launchType": "EC2", + "memory": "3072", + "overrides": { + "containerOverrides": [ + { + "name": "container-using-ebs" + } + ], + "inferenceAcceleratorOverrides": [] + }, + "tags": [], + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/default/bb122ace3ed84add92c00a351a03c69e", + "taskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:4", + "version": 1 + } + ], + "failures": [] + } + +For more information, see `Use Amazon EBS volumes with Amazon ECS `__ in the *Amazon ECS Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ecs/update-cluster-settings.rst 2.31.35-1/awscli/examples/ecs/update-cluster-settings.rst --- 2.23.6-1/awscli/examples/ecs/update-cluster-settings.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/update-cluster-settings.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,16 +1,16 @@ **To modify the settings for your cluster** -The following ``update-cluster-settings`` example enables CloudWatch Container Insights for the ``default`` cluster. :: +The following ``update-cluster-settings`` example enables CloudWatch Container Insights with enhanced observability for the ``MyCluster`` cluster. :: aws ecs update-cluster-settings \ - --cluster default \ - --settings name=containerInsights,value=enabled + --cluster MyCluster \ + --settings name=containerInsights,value=enhanced Output:: { "cluster": { - "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/MyCluster", + "clusterArn": "arn:aws:ecs:us-esat-1:123456789012:cluster/MyCluster", "clusterName": "default", "status": "ACTIVE", "registeredContainerInstancesCount": 0, @@ -22,10 +22,10 @@ Output:: "settings": [ { "name": "containerInsights", - "value": "enabled" + "value": "enhanced" } ] } } -For more information, see `Modifying Account Settings `__ in the *Amazon ECS Developer Guide*. \ No newline at end of file +For more information, see `Modifying Account Settings `__ in the *Amazon ECS Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ecs/update-service.rst 2.31.35-1/awscli/examples/ecs/update-service.rst --- 2.23.6-1/awscli/examples/ecs/update-service.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/update-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,12 +2,750 @@ The following ``update-service`` example updates the ``my-http-service`` service to use the ``amazon-ecs-sample`` task definition. :: - aws ecs update-service --service my-http-service --task-definition amazon-ecs-sample + aws ecs update-service \ + --cluster test \ + --service my-http-service \ + --task-definition amazon-ecs-sample + +Output:: + + { + "service": { + "serviceArn": "arn:aws:ecs:us-west-2:123456789012:service/test/my-http-service", + "serviceName": "my-http-service", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/test", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 2, + "pendingCount": 0, + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/amazon-ecs-sample:2", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": true, + "rollback": true + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100, + "alarms": { + "alarmNames": [], + "rollback": false, + "enable": false + } + }, + "deployments": [ + { + "id": "ecs-svc/7419115625193919142", + "status": "PRIMARY", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/amazon-ecs-sample:2", + "desiredCount": 0, + "pendingCount": 0, + "runningCount": 0, + "failedTasks": 0, + "createdAt": "2025-02-21T13:26:02.734000-06:00", + "updatedAt": "2025-02-21T13:26:02.734000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "IN_PROGRESS", + "rolloutStateReason": "ECS deployment ecs-svc/7419115625193919142 in progress." + }, + { + "id": "ecs-svc/1709597507655421668", + "status": "ACTIVE", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/old-amazon-ecs-sample:4", + "desiredCount": 2, + "pendingCount": 0, + "runningCount": 2, + "failedTasks": 0, + "createdAt": "2025-01-24T11:13:07.621000-06:00", + "updatedAt": "2025-02-02T16:11:30.838000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "COMPLETED", + "rolloutStateReason": "ECS deployment ecs-svc/1709597507655421668 completed." + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [ + { + "id": "e40b4d1c-80d9-4834-aaf3-6a268e530e17", + "createdAt": "2025-02-21T10:31:26.037000-06:00", + "message": "(my-http-service) has reached a steady state." + }, + { + "id": "6ac069ad-fc8b-4e49-a35d-b5574a964c8e", + "createdAt": "2025-02-21T04:31:22.703000-06:00", + "message": "(my-http-service) has reached a steady state." + }, + { + "id": "265f7d37-dfd1-4880-a846-ec486f341919", + "createdAt": "2025-02-20T22:31:22.514000-06:00", + "message": "(my-http-service) has reached a steady state." + } + ], + "createdAt": "2024-10-30T17:12:43.218000-05:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321", + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:role/AIDACKCEVSQ6C2EXAMPLE", + "enableECSManagedTags": true, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "DISABLED" + } + } + +For more information, see `Update an Amazon ECS service using the console `__ in the *Amazon ECS Developer Guide*. **Example 2: To change the number of tasks in a service** -The following ``update-service`` example updates the desired task count of the service ``my-http-service`` to 3. :: +The following ``update-service`` example updates the desired task count of the service ``my-http-service`` from to 2. :: + + aws ecs update-service \ + --cluster MyCluster \ + --service my-http-service \ + --desired-count 2 + +Output:: + + { + "service": { + "serviceArn": "arn:aws:ecs:us-east-1:123456789012:service/MyCluster/my-http-service", + "serviceName": "my-http-service", + "clusterArn": "arn:aws:ecs:us-east-1:123456789012:cluster/MyCluster", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 1, + "pendingCount": 0, + "capacityProviderStrategy": [ + { + "capacityProvider": "FARGATE", + "weight": 1, + "base": 0 + } + ], + "platformVersion": "LATEST", + "platformFamily": "Linux", + "taskDefinition": "arn:aws:ecs:us-east-1:123456789012:task-definition/MyTaskDefinition", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": true, + "rollback": true + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100, + "alarms": { + "alarmNames": [], + "rollback": false, + "enable": false + } + }, + "deployments": [ + { + "id": "ecs-svc/1976744184940610707", + "status": "PRIMARY", + "taskkDefinition": "arn:aws:ecs:us-east-1:123456789012:task-definition/MyTaskDefinition", + "desiredCount": 1, + "pendingCount": 0, + "runningCount": 1, + "failedTasks": 0, + "createdAt": "2024-12-03T16:24:25.225000-05:00", + "updatedAt": "2024-12-03T16:25:15.837000-05:00", + "capacityProviderStrategy": [ + { + "capacityProvider": "FARGATE", + "weight": 1, + "base": 0 + } + ], + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-0d0eab1bb38d5ca64", + "subnet-0db5010045995c2d5" + ], + "securityGroups": [ + "sg-02556bf85a191f59a" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "COMPLETED", + "rolloutStateReason": "ECS deployment ecs-svc/1976744184940610707 completed." + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [ + { + "id": "f27350b9-4b2a-4e2e-b72e-a4b68380de45", + "createdAt": "2024-12-30T13:24:07.345000-05:00", + "message": "(service my-http-service) has reached a steady state." + }, + { + "id": "e764ec63-f53f-45e3-9af2-d99f922d2957", + "createdAt": "2024-12-30T12:32:21.600000-05:00", + "message": "(service my-http-service) has reached a steady state." + }, + { + "id": "28444756-c2fa-47f8-bd60-93a8e05f3991", + "createdAt": "2024-12-08T19:26:10.367000-05:00", + "message": "(service my-http-service) has reached a steady state." + } + ], + "createdAt": "2024-12-03T16:24:25.225000-05:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-0d0eab1bb38d5ca64", + "subnet-0db5010045995c2d5" + ], + "securityGroups": [ + "sg-02556bf85a191f59a" + ], + "assignPublicIp": "ENABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:role/Admin", + "enableECSManagedTags": true, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "ENABLED" + } + } + +For more information, see `Updating an Amazon ECS service using the console `__ in the *Amazon ECS Developer Guide*. + +**Example 3: To configure Amazon EBS volumes for attachment at service update** + +The following ``update-service`` example updates the service ``my-http-service`` to use Amazon EBS volumes. You must have an Amazon ECS infrastructure role configured with the ``AmazonECSInfrastructureRolePolicyForVolumes`` managed policy attached. You must also specify a task definition with the same volume name as in the ``update-service`` request and with ``configuredAtLaunch`` set to ``true``. This example uses the ``--cli-input-json`` option and a JSON input file called ``ebs.json``. :: + + aws ecs update-service \ + --cli-input-json file://ebs.json + +Contents of ``ebs.json``:: + + { + "cluster": "mycluster", + "taskDefinition": "mytaskdef", + "service": "my-http-service", + "desiredCount": 2, + "volumeConfigurations": [ + { + "name": "myEbsVolume", + "managedEBSVolume": { + "roleArn":"arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "volumeType": "gp3", + "sizeInGiB": 100, + "iops": 3000, + "throughput": 125, + "filesystemType": "ext4" + } + } + ] + } + +Output:: + + { + "service": { + "serviceArn": "arn:aws:ecs:us-west-2:123456789012:service/mycluster/my-http-service", + "serviceName": "my-http-service", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/mycluster", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 2, + "pendingCount": 0, + "launchType": "FARGATE", + "platformVersion": "LATEST", + "platformFamily": "Linux", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:1", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": true, + "rollback": true + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100, + "alarms": { + "alarmNames": [], + "rollback": false, + "enable": false + } + }, + "deployments": [ + { + "id": "ecs-svc/2420458347226626275", + "status": "PRIMARY", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:1", + "desiredCount": 0, + "pendingCount": 0, + "runningCount": 0, + "failedTasks": 0, + "createdAt": "2025-02-21T15:07:20.519000-06:00", + "updatedAt": "2025-02-21T15:07:20.519000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321", + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "IN_PROGRESS", + "rolloutStateReason": "ECS deployment ecs-svc/2420458347226626275 in progress.", + "volumeConfigurations": [ + { + "name": "ebs-volume", + "managedEBSVolume": { + "volumeType": "gp3", + "sizeInGiB": 100, + "iops": 3000, + "throughput": 125, + "roleArn": "arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "filesystemType": "ext4" + } + } + ] + }, + { + "id": "ecs-svc/5191625155316533644", + "status": "ACTIVE", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:2", + "desiredCount": 2, + "pendingCount": 0, + "runningCount": 2, + "failedTasks": 0, + "createdAt": "2025-02-21T14:54:48.862000-06:00", + "updatedAt": "2025-02-21T14:57:22.502000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "COMPLETED", + "rolloutStateReason": "ECS deployment ecs-svc/5191625155316533644 completed." + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [ + { + "id": "b5823113-c2c5-458e-9649-8c2ed38f23a5", + "createdAt": "2025-02-21T14:57:22.508000-06:00", + "message": "(service my-http-service) has reached a steady state." + }, + { + "id": "b05a48e8-da35-4074-80aa-37ceb3167357", + "createdAt": "2025-02-21T14:57:22.507000-06:00", + "message": "(service my-http-service) (deployment ecs-svc/5191625155316533644) deployment completed." + }, + { + "id": "a10cd55d-4ba6-4cea-a655-5a5d32ada8a0", + "createdAt": "2025-02-21T14:55:32.833000-06:00", + "message": "(service my-http-service) has started 1 tasks: (task fb9c8df512684aec92f3c57dc3f22361)." + }, + ], + "createdAt": "2025-02-21T14:54:48.862000-06:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:role/AIDACKCEVSQ6C2EXAMPLE", + "enableECSManagedTags": true, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "ENABLED" + } + } + + +For more information, see `Use Amazon EBS volumes with Amazon ECS `__ in the *Amazon ECS Developer Guide*. + +**Example 4: To update a service to no longer use Amazon EBS volumes** + +The following ``update-service`` example updates the service ``my-http-service`` to no longer use Amazon EBS volumes. You must specify a task definition revision with ``configuredAtLaunch`` set to ``false``. :: + + aws ecs update-service \ + --cluster mycluster \ + --task-definition mytaskdef \ + --service my-http-service \ + --desired-count 2 \ + --volume-configurations "[]" + +Output:: + + { + "service": { + "serviceArn": "arn:aws:ecs:us-west-2:123456789012:service/mycluster/my-http-service", + "serviceName": "my-http-service", + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/mycluster", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 2, + "pendingCount": 0, + "launchType": "FARGATE", + "platformVersion": "LATEST", + "platformFamily": "Linux", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:3", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": true, + "rollback": true + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100, + "alarms": { + "alarmNames": [], + "rollback": false, + "enable": false + } + }, + "deployments": [ + { + "id": "ecs-svc/7522791612543716777", + "status": "PRIMARY", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/mytaskdef:3", + "desiredCount": 0, + "pendingCount": 0, + "runningCount": 0, + "failedTasks": 0, + "createdAt": "2025-02-21T15:25:38.598000-06:00", + "updatedAt": "2025-02-21T15:25:38.598000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "IN_PROGRESS", + "rolloutStateReason": "ECS deployment ecs-svc/7522791612543716777 in progress." + }, + { + "id": "ecs-svc/2420458347226626275", + "status": "ACTIVE", + "taskDefinition": "arn:aws:ecs:us-west-2:123456789012:task-definition/myoldtaskdef:1", + "desiredCount": 2, + "pendingCount": 0, + "runningCount": 2, + "failedTasks": 0, + "createdAt": "2025-02-21T15:07:20.519000-06:00", + "updatedAt": "2025-02-21T15:10:59.955000-06:00", + "launchType": "FARGATE", + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "COMPLETED", + "rolloutStateReason": "ECS deployment ecs-svc/2420458347226626275 completed.", + "volumeConfigurations": [ + { + "name": "ebs-volume", + "managedEBSVolume": { + "volumeType": "gp3", + "sizeInGiB": 100, + "iops": 3000, + "throughput": 125, + "roleArn": "arn:aws:iam::123456789012:role/ecsInfrastructureRole", + "filesystemType": "ext4" + } + } + ] + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [ + { + "id": "4f2c3ca1-7800-4048-ba57-bba210ada2ad", + "createdAt": "2025-02-21T15:10:59.959000-06:00", + "message": "(service my-http-service) has reached a steady state." + }, + { + "id": "4b36a593-2d40-4ed6-8be8-b9b699eb6198", + "createdAt": "2025-02-21T15:10:59.958000-06:00", + "message": "(service my-http-service) (deployment ecs-svc/2420458347226626275) deployment completed." + }, + { + "id": "88380089-14e2-4ef0-8dbb-a33991683371", + "createdAt": "2025-02-21T15:09:39.055000-06:00", + "message": "(service my-http-service) has stopped 1 running tasks: (task fb9c8df512684aec92f3c57dc3f22361)." + }, + { + "id": "97d84243-d52f-4255-89bb-9311391c61f6", + "createdAt": "2025-02-21T15:08:57.653000-06:00", + "message": "(service my-http-service) has stopped 1 running tasks: (task 33eff090ad2c40539daa837e6503a9bc)." + }, + { + "id": "672ece6c-e2d0-4021-b5da-eefb14001687", + "createdAt": "2025-02-21T15:08:15.631000-06:00", + "message": "(service my-http-service) has started 1 tasks: (task 996c02a66ff24f3190a4a8e0c841740f)." + }, + { + "id": "a3cf9bea-9be6-4175-ac28-4c68360986eb", + "createdAt": "2025-02-21T15:07:36.931000-06:00", + "message": "(service my-http-service) has started 1 tasks: (task d5d23c39f89e46cf9a647b9cc6572feb)." + }, + { + "id": "b5823113-c2c5-458e-9649-8c2ed38f23a5", + "createdAt": "2025-02-21T14:57:22.508000-06:00", + "message": "(service my-http-service) has reached a steady state." + }, + { + "id": "b05a48e8-da35-4074-80aa-37ceb3167357", + "createdAt": "2025-02-21T14:57:22.507000-06:00", + "message": "(service my-http-service) (deployment ecs-svc/5191625155316533644) deployment completed." + }, + { + "id": "a10cd55d-4ba6-4cea-a655-5a5d32ada8a0", + "createdAt": "2025-02-21T14:55:32.833000-06:00", + "message": "(service my-http-service) has started 1 tasks: (task fb9c8df512684aec92f3c57dc3f22361)." + }, + { + "id": "42da91fa-e26d-42ef-88c3-bb5965c56b2f", + "createdAt": "2025-02-21T14:55:02.703000-06:00", + "message": "(service my-http-service) has started 1 tasks: (task 33eff090ad2c40539daa837e6503a9bc)." + } + ], + "createdAt": "2025-02-21T14:54:48.862000-06:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-12344321" + ], + "securityGroups": [ + "sg-12344321" + ], + "assignPublicIp": "ENABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:role/AIDACKCEVSQ6C2EXAMPLE", + "enableECSManagedTags": true, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "ENABLED" + } + } + +For more information, see `Use Amazon EBS volumes with Amazon ECS `__ in the *Amazon ECS Developer Guide*. + +**Example 5: To turn on Availability Zone rebalancing for a service** + +The following ``update-service`` example turns on Availability Zone rebalancing for the service ``my-http-service``. :: + + aws ecs update-service \ + --cluster MyCluster \ + --service my-http-service \ + --availability-zone-rebalancing ENABLED + +Output:: - aws ecs update-service --service my-http-service --desired-count 3 + { + "service": { + "serviceArn": "arn:aws:ecs:us-east-1:123456789012:service/MyCluster/my-http-service", + "serviceName": "my-http-service", + "clusterArn": "arn:aws:ecs:us-east-1:123456789012:cluster/MyCluster", + "loadBalancers": [], + "serviceRegistries": [], + "status": "ACTIVE", + "desiredCount": 2, + "runningCount": 1, + "pendingCount": 0, + "capacityProviderStrategy": [ + { + "capacityProvider": "FARGATE", + "weight": 1, + "base": 0 + } + ], + "platformVersion": "LATEST", + "platformFamily": "Linux", + "taskDefinition": "arn:aws:ecs:us-east-1:123456789012:task-definition/MyTaskDefinition", + "deploymentConfiguration": { + "deploymentCircuitBreaker": { + "enable": true, + "rollback": true + }, + "maximumPercent": 200, + "minimumHealthyPercent": 100, + "alarms": { + "alarmNames": [], + "rollback": false, + "enable": false + } + }, + "deployments": [ + { + "id": "ecs-svc/1976744184940610707", + "status": "PRIMARY", + "taskkDefinition": "arn:aws:ecs:us-east-1:123456789012:task-definition/MyTaskDefinition", + "desiredCount": 1, + "pendingCount": 0, + "runningCount": 1, + "failedTasks": 0, + "createdAt": "2024-12-03T16:24:25.225000-05:00", + "updatedAt": "2024-12-03T16:25:15.837000-05:00", + "capacityProviderStrategy": [ + { + "capacityProvider": "FARGATE", + "weight": 1, + "base": 0 + } + ], + "platformVersion": "1.4.0", + "platformFamily": "Linux", + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-0d0eab1bb38d5ca64", + "subnet-0db5010045995c2d5" + ], + "securityGroups": [ + "sg-02556bf85a191f59a" + ], + "assignPublicIp": "ENABLED" + } + }, + "rolloutState": "COMPLETED", + "rolloutStateReason": "ECS deployment ecs-svc/1976744184940610707 completed." + } + ], + "roleArn": "arn:aws:iam::123456789012:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "events": [], + "createdAt": "2024-12-03T16:24:25.225000-05:00", + "placementConstraints": [], + "placementStrategy": [], + "networkConfiguration": { + "awsvpcConfiguration": { + "subnets": [ + "subnet-0d0eab1bb38d5ca64", + "subnet-0db5010045995c2d5" + ], + "securityGroups": [ + "sg-02556bf85a191f59a" + ], + "assignPublicIp": "ENABLED" + } + }, + "healthCheckGracePeriodSeconds": 0, + "schedulingStrategy": "REPLICA", + "deploymentController": { + "type": "ECS" + }, + "createdBy": "arn:aws:iam::123456789012:role/Admin", + "enableECSManagedTags": true, + "propagateTags": "NONE", + "enableExecuteCommand": false, + "availabilityZoneRebalancing": "ENABLED" + } + } -For more information, see `Updating a Service `_ in the *Amazon ECS Developer Guide*. \ No newline at end of file +For more information, see `Updating an Amazon ECS service using the console `__ in the *Amazon ECS Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ecs/wait/services-inactive.rst 2.31.35-1/awscli/examples/ecs/wait/services-inactive.rst --- 2.23.6-1/awscli/examples/ecs/wait/services-inactive.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/wait/services-inactive.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,9 @@ +**Wait until an ECS service becomes inactive** + +The following ``service-inactive`` example waits until ECS services becomes inactive in the cluster. :: + + aws ecs wait services-inactive \ + --cluster MyCluster \ + --services MyService + +This command produces no output. diff -pruN 2.23.6-1/awscli/examples/ecs/wait/task-stopped.rst 2.31.35-1/awscli/examples/ecs/wait/task-stopped.rst --- 2.23.6-1/awscli/examples/ecs/wait/task-stopped.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ecs/wait/task-stopped.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +**Example 1: Wait until an ECS task is in stopped state** + +The following ``wait tasks-stopped`` example waits until the provided tasks in the command are in a stopped state. You can pass IDs or full ARN of the tasks. This example uses ID of the task. :: + + aws ecs wait tasks-stopped \ + --cluster MyCluster \ + --tasks 2c196f0a00dd4f58b7c8897a5c7bce13 + +This command produces no output. + +**Example 2: Wait until multiple ECS tasks are in stopped state** + +The following ``wait tasks-stopped`` example waits until the multiple tasks provided in the command are in a stopped state. You can pass IDs or full ARN of the tasks. This example uses IDs of the tasks. :: + + aws ecs wait tasks-stopped \ + --cluster MyCluster \ + --tasks 2c196f0a00dd4f58b7c8897a5c7bce13 4d590253bb114126b7afa7b58EXAMPLE + +This command produces no output. + + + diff -pruN 2.23.6-1/awscli/examples/eks/associate-access-policy.rst 2.31.35-1/awscli/examples/eks/associate-access-policy.rst --- 2.23.6-1/awscli/examples/eks/associate-access-policy.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/associate-access-policy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To associate an access policy and its scope to the access entry of the cluster** + +The following ``associate-access-policy`` associates an access policy and its scope to the access entry of the specified cluster. :: + + aws eks associate-access-policy \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/Admin \ + --policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy \ + --access-scope type=namespace,namespaces=default + +Output:: + + { + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:role/Admin", + "associatedAccessPolicy": { + "policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy", + "accessScope": { + "type": "namespace", + "namespaces": [ + "default" + ] + }, + "associatedAt": "2025-05-24T15:59:51.981000-05:00", + "modifiedAt": "2025-05-24T15:59:51.981000-05:00" + } + } + +For more information, see `Associate access policies with access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/create-access-entry.rst 2.31.35-1/awscli/examples/eks/create-access-entry.rst --- 2.23.6-1/awscli/examples/eks/create-access-entry.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/create-access-entry.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,54 @@ +**Example 1: To create the access entry for EKS cluster** + +The following ``create-access-entry`` example creates an access entry that allows an IAM principal to access the EKS cluster. :: + + aws eks create-access-entry \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:user/eks-user + +Output:: + + { + "accessEntry": { + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:user/eks-user", + "kubernetesGroups": [], + "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-user/a1b2c3d4-5678-90ab-cdef-a6506e3d36p0", + "createdAt": "2025-04-14T22:45:48.097000-05:00", + "modifiedAt": "2025-04-14T22:45:48.097000-05:00", + "tags": {}, + "username": "arn:aws:iam::111122223333:user/eks-user", + "type": "STANDARD" + } + } + +For more information, see `Create access entries `__ in the *Amazon EKS User Guide*. + +**Example 2: To create the access entry for EKS cluster by specifying the type of access entry** + +The following ``create-access-entry`` example creates an access entry of type ``EC2_LINUX`` in the EKS cluster. By default, a type ``STANDARD`` access entry is created. Apart from the default, if we specify any other access entry types, an IAM role ARN needs to be passed in the CLI. :: + + aws eks create-access-entry \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/admin-test-ip \ + --type EC2_LINUX + +Output:: + + { + "accessEntry": { + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:role/admin-test-ip", + "kubernetesGroups": [ + "system:nodes" + ], + "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/role/111122223333/admin-test-ip/accb5418-f493-f390-3e6e-c3f19f725fcp", + "createdAt": "2025-05-06T19:42:45.453000-05:00", + "modifiedAt": "2025-05-06T19:42:45.453000-05:00", + "tags": {}, + "username": "system:node:{{EC2PrivateDNSName}}", + "type": "EC2_LINUX" + } + } + +For more information, see `Create access entries `__ in the *Amazon EKS User Guide*. diff -pruN 2.23.6-1/awscli/examples/eks/create-pod-identity-association.rst 2.31.35-1/awscli/examples/eks/create-pod-identity-association.rst --- 2.23.6-1/awscli/examples/eks/create-pod-identity-association.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/create-pod-identity-association.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,59 @@ +**Example 1: To create an EKS Pod Identity association in EKS cluster** + +The following ``create-pod-identity-association`` example creates an EKS Pod Identity association between a service account in the EKS cluster and an IAM role. :: + + aws eks create-pod-identity-association \ + --cluster-name eks-customer \ + --namespace default \ + --service-account default \ + --role-arn arn:aws:iam::111122223333:role/my-role + +Output:: + + { + "association": { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "roleArn": "arn:aws:iam::111122223333:role/my-role", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-8mvwvh57cu74mgcst", + "associationId": "a-8mvwvh57cu74mgcst", + "tags": {}, + "createdAt": "2025-05-24T19:40:13.961000-05:00", + "modifiedAt": "2025-05-24T19:40:13.961000-05:00" + } + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. + +**Example 2: To create an EKS Pod Identity association in EKS cluster with tags** + +The following ``create-pod-identity-association`` creates an EKS Pod Identity association between a service account and an IAM role in the EKS cluster with tags. :: + + aws eks create-pod-identity-association \ + --cluster-name eks-customer \ + --namespace default \ + --service-account default \ + --role-arn arn:aws:iam::111122223333:role/my-role \ + --tags Key1=value1,Key2=value2 + +Output:: + + { + "association": { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "roleArn": "arn:aws:iam::111122223333:role/my-role", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgoda", + "associationId": "a-9njjin9gfghecgoda", + "tags": { + "Key2": "value2", + "Key1": "value1" + }, + "createdAt": "2025-05-24T19:52:14.135000-05:00", + "modifiedAt": "2025-05-24T19:52:14.135000-05:00" + } + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/delete-access-entry.rst 2.31.35-1/awscli/examples/eks/delete-access-entry.rst --- 2.23.6-1/awscli/examples/eks/delete-access-entry.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/delete-access-entry.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To delete an access entry associated with the cluster** + +The following ``delete-access-entry`` deletes an access entry associated with the EKS cluster named ``eks-customer``. :: + + aws eks delete-access-entry \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/Admin + +This command produces no output. + +For more information, see `Delete access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/delete-pod-identity-association.rst 2.31.35-1/awscli/examples/eks/delete-pod-identity-association.rst --- 2.23.6-1/awscli/examples/eks/delete-pod-identity-association.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/delete-pod-identity-association.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +**To delete the EKS Pod Identity association** + +The following ``delete-pod-identity-association`` example deletes the EKS Pod Identity association with association ID ``a-9njjin9gfghecgocd`` from the EKS cluster named ``eks-customer``. :: + + aws eks delete-pod-identity-association \ + --cluster-name eks-customer \ + --association-id a-9njjin9gfghecgocd + +Output:: + + { + "association": { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "roleArn": "arn:aws:iam::111122223333:role/s3-role", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd", + "associationId": "a-9njjin9gfghecgocd", + "tags": { + "Key2": "value2", + "Key1": "value1" + }, + "createdAt": "2025-05-24T19:52:14.135000-05:00", + "modifiedAt": "2025-05-25T21:10:56.923000-05:00" + } + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/describe-access-entry.rst 2.31.35-1/awscli/examples/eks/describe-access-entry.rst --- 2.23.6-1/awscli/examples/eks/describe-access-entry.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/describe-access-entry.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,25 @@ +**To describe the access entry for EKS cluster** + +The following ``describe-access-entry`` example describes an access entry for the EKS cluster. :: + + aws eks describe-access-entry \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:user/eks-admin-user + +Output:: + + { + "accessEntry": { + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:user/eks-admin-user", + "kubernetesGroups": [], + "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/user/111122223333/eks-admin-user/0acb1bc6-cb0a-ede6-11ae-a6506e3d36p0", + "createdAt": "2025-04-14T22:45:48.097000-05:00", + "modifiedAt": "2025-04-14T22:45:48.097000-05:00", + "tags": {}, + "username": "arn:aws:iam::111122223333:user/eks-admin-user", + "type": "STANDARD" + } + } + +For more information, see `Grant IAM users access to Kubernetes with EKS access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/describe-insight.rst 2.31.35-1/awscli/examples/eks/describe-insight.rst --- 2.23.6-1/awscli/examples/eks/describe-insight.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/describe-insight.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,36 @@ +**To get the details of an insight for an EKS cluster using its ID** + +The following ``describe-insight`` example returns the details about the insight specified using the cluster name and insight ID. :: + + aws eks describe-insight \ + --cluster-name eks-customer \ + --id 38ea7a64-a14f-4e0e-95c7-8dbcab3c3623 + +Output:: + + { + "insight": { + "id": "38ea7a64-a14f-4e0e-95c7-8dbcab3c3623", + "name": "Kubelet version skew", + "category": "UPGRADE_READINESS", + "kubernetesVersion": "1.33", + "lastRefreshTime": "2025-05-24T11:22:50-05:00", + "lastTransitionTime": "2025-05-24T11:22:50-05:00", + "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause noncompliance with supported Kubernetes kubelet version skew policy.", + "insightStatus": { + "status": "PASSING", + "reason": "Node kubelet versions match the cluster control plane version." + }, + "recommendation": "Upgrade your worker nodes to match the Kubernetes version of your cluster control plane.", + "additionalInfo": { + "Kubelet version skew policy": "https://kubernetes.io/releases/version-skew-policy/#kubelet", + "Updating a managed node group": "https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html" + }, + "resources": [], + "categorySpecificSummary": { + "deprecationDetails": [] + } + } + } + +For more information, see `View cluster insights `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/describe-pod-identity-association.rst 2.31.35-1/awscli/examples/eks/describe-pod-identity-association.rst --- 2.23.6-1/awscli/examples/eks/describe-pod-identity-association.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/describe-pod-identity-association.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +**To provide the details about Pod Identity association** + +The following ``describe-pod-identity-association`` example describes a Pod Identity association in the EKS cluster. :: + + aws eks describe-pod-identity-association \ + --cluster-name eks-customer \ + --association-id a-9njjin9gfghecgocd + +Output:: + + { + "association": { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "roleArn": "arn:aws:iam::111122223333:role/my-role", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd", + "associationId": "a-9njjin9gfghecgocd", + "tags": { + "Key2": "value2", + "Key1": "value1" + }, + "createdAt": "2025-05-24T19:52:14.135000-05:00", + "modifiedAt": "2025-05-24T19:52:14.135000-05:00" + } + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/disassociate-access-policy.rst 2.31.35-1/awscli/examples/eks/disassociate-access-policy.rst --- 2.23.6-1/awscli/examples/eks/disassociate-access-policy.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/disassociate-access-policy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +**To disassociate the access policy from an access entry** + +The following ``disassociate-access-policy`` removes the access policy associated with the access entry. :: + + aws eks disassociate-access-policy \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/Admin \ + --policy-arn arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy + +This command produces no output. + +For more information, see `Associate access policies with access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/list-access-entries.rst 2.31.35-1/awscli/examples/eks/list-access-entries.rst --- 2.23.6-1/awscli/examples/eks/list-access-entries.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/list-access-entries.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +**To list the access entries for an EKS cluster** + +The following ``list-access-entries`` returns the list of access entries associated with the EKS cluster ``eks-customer``. :: + + aws eks list-access-entries \ + --cluster-name eks-customer + +Output:: + + { + "accessEntries": [ + "arn:aws:iam::111122223333:role/Admin", + "arn:aws:iam::111122223333:role/admin-test-ip", + "arn:aws:iam::111122223333:role/assume-worker-node-role", + "arn:aws:iam::111122223333:user/eks-admin-user" + ] + } + +For more information, see `Grant IAM users access to Kubernetes with EKS access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/list-access-policies.rst 2.31.35-1/awscli/examples/eks/list-access-policies.rst --- 2.23.6-1/awscli/examples/eks/list-access-policies.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/list-access-policies.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,90 @@ +**To list all available access policies** + +This ``list-access-policies`` example returns the list of all available access policies. :: + + aws eks list-access-policies + +Output:: + + { + "accessPolicies": [ + { + "name": "AmazonEKSAdminPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy" + }, + { + "name": "AmazonEKSAdminViewPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminViewPolicy" + }, + { + "name": "AmazonEKSAutoNodePolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAutoNodePolicy" + }, + { + "name": "AmazonEKSBlockStorageClusterPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStorageClusterPolicy" + }, + { + "name": "AmazonEKSBlockStoragePolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStoragePolicy" + }, + { + "name": "AmazonEKSClusterAdminPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + }, + { + "name": "AmazonEKSComputeClusterPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputeClusterPolicy" + }, + { + "name": "AmazonEKSComputePolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputePolicy" + }, + { + "name": "AmazonEKSEditPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy" + }, + { + "name": "AmazonEKSHybridPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSHybridPolicy" + }, + { + "name": "AmazonEKSLoadBalancingClusterPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingClusterPolicy" + }, + { + "name": "AmazonEKSLoadBalancingPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingPolicy" + }, + { + "name": "AmazonEKSNetworkingClusterPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingClusterPolicy" + }, + { + "name": "AmazonEKSNetworkingPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingPolicy" + }, + { + "name": "AmazonEKSViewPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy" + }, + { + "name": "AmazonEMRJobPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonEMRJobPolicy" + }, + { + "name": "AmazonSagemakerHyperpodClusterPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodClusterPolicy" + }, + { + "name": "AmazonSagemakerHyperpodControllerPolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodControllerPolicy" + }, + { + "name": "AmazonSagemakerHyperpodSystemNamespacePolicy", + "arn": "arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodSystemNamespacePolicy" + } + ] + } + +For more information, see `Associate access policies with access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/list-associated-access-policies.rst 2.31.35-1/awscli/examples/eks/list-associated-access-policies.rst --- 2.23.6-1/awscli/examples/eks/list-associated-access-policies.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/list-associated-access-policies.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To list the access policies associated with an access entry** + +The following ``list-associated-access-policies`` example returns the list of access policies associated with an access entry in the EKS cluster. :: + + aws eks list-associated-access-policies \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/Admin + +Output:: + + { + "associatedAccessPolicies": [ + { + "policyArn": "arn:aws:eks::aws:cluster-access-policy/AmazonEKSAdminPolicy", + "accessScope": { + "type": "cluster", + "namespaces": [] + }, + "associatedAt": "2025-05-24T17:26:22.935000-05:00", + "modifiedAt": "2025-05-24T17:26:22.935000-05:00" + } + ], + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:role/Admin" + } + +For more information, see `Grant IAM users access to Kubernetes with EKS access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/list-insights.rst 2.31.35-1/awscli/examples/eks/list-insights.rst --- 2.23.6-1/awscli/examples/eks/list-insights.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/list-insights.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,67 @@ +**To list all insights for the specified cluster** + +The following ``list-insights`` example returns the list of all insights checked against the specified cluster. :: + + aws eks list-insights \ + --cluster-name eks-customer + +Output:: + + { + "insights": [ + { + "id": "38ea7a64-a14f-4e0e-95c7-8dbcab3c3616", + "name": "Kubelet version skew", + "category": "UPGRADE_READINESS", + "kubernetesVersion": "1.33", + "lastRefreshTime": "2025-05-24T11:22:50-05:00", + "lastTransitionTime": "2025-05-24T11:22:50-05:00", + "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause noncompliance with supported Kubernetes kubelet version skew policy.", + "insightStatus": { + "status": "PASSING", + "reason": "Node kubelet versions match the cluster control plane version." + } + }, + { + "id": "9cd91472-f99c-45a9-b7d7-54d4900dee23", + "name": "EKS add-on version compatibility", + "category": "UPGRADE_READINESS", + "kubernetesVersion": "1.33", + "lastRefreshTime": "2025-05-24T11:22:59-05:00", + "lastTransitionTime": "2025-05-24T11:22:50-05:00", + "description": "Checks version of installed EKS add-ons to ensure they are compatible with the next version of Kubernetes. ", + "insightStatus": { + "status": "PASSING", + "reason": "All installed EKS add-on versions are compatible with next Kubernetes version." + } + }, + { + "id": "0deb269d-b1e1-458c-a2b4-7a57f940c875", + "name": "Cluster health issues", + "category": "UPGRADE_READINESS", + "kubernetesVersion": "1.33", + "lastRefreshTime": "2025-05-24T11:22:59-05:00", + "lastTransitionTime": "2025-05-24T11:22:50-05:00", + "description": "Checks for any cluster health issues that prevent successful upgrade to the next Kubernetes version on EKS.", + "insightStatus": { + "status": "PASSING", + "reason": "No cluster health issues detected." + } + }, + { + "id": "214fa274-344f-420b-812a-5049ce72c9ww", + "name": "kube-proxy version skew", + "category": "UPGRADE_READINESS", + "kubernetesVersion": "1.33", + "lastRefreshTime": "2025-05-24T11:22:50-05:00", + "lastTransitionTime": "2025-05-24T11:22:50-05:00", + "description": "Checks version of kube-proxy in cluster to see if upgrade would cause noncompliance with supported Kubernetes kube-proxy version skew policy.", + "insightStatus": { + "status": "PASSING", + "reason": "kube-proxy versions match the cluster control plane version." + } + } + ] + } + +For more information, see `View cluster insights `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/list-pod-identity-associations.rst 2.31.35-1/awscli/examples/eks/list-pod-identity-associations.rst --- 2.23.6-1/awscli/examples/eks/list-pod-identity-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/list-pod-identity-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,61 @@ +**Example 1: To list the Pod Identity associations in an EKS cluster** + +The following ``list-pod-identity-associations`` returns the list of Pod Identity associations associated with the EKS cluster named ``eks-customer`` in all namespaces and service accounts. :: + + aws eks list-pod-identity-associations \ + --cluster-name eks-customer + +Output:: + + { + "associations": [ + { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd", + "associationId": "a-9njjin9gfghecgocd" + }, + { + "clusterName": "eks-customer", + "namespace": "kube-system", + "serviceAccount": "eks-customer", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-dvtacahdvjn01ffbc", + "associationId": "a-dvtacahdvjn01ffbc" + }, + { + "clusterName": "eks-customer", + "namespace": "kube-system", + "serviceAccount": "coredns", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-yrpsdroc4ei7k6xps", + "associationId": "a-yrpsdroc4ei7k6xps" + } + ] + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. + +**Example 2: To list the Pod Identity associations in an EKS cluster based on namespace and service account** + +The following ``list-pod-identity-associations`` returns the list of Pod Identity associations in the EKS cluster based on namespace and service account. :: + + aws eks list-pod-identity-associations \ + --cluster-name eks-customer \ + --namespace kube-system \ + --service-account eks-customer + +Output:: + + { + "associations": [ + { + "clusterName": "eks-customer", + "namespace": "kube-system", + "serviceAccount": "eks-customer", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-dvtacahdvjn01ffbc", + "associationId": "a-dvtacahdvjn01ffbc" + } + ] + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/update-access-entry.rst 2.31.35-1/awscli/examples/eks/update-access-entry.rst --- 2.23.6-1/awscli/examples/eks/update-access-entry.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/update-access-entry.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +**To update an access entry for an EKS cluster** + +The following ``update-access-entry`` updates an access entry for the EKS cluster by adding the Kubernetes group ``tester``. :: + + aws eks update-access-entry \ + --cluster-name eks-customer \ + --principal-arn arn:aws:iam::111122223333:role/Admin \ + --kubernetes-groups tester + +Output:: + + { + "accessEntry": { + "clusterName": "eks-customer", + "principalArn": "arn:aws:iam::111122223333:role/Admin", + "kubernetesGroups": [ + "tester" + ], + "accessEntryArn": "arn:aws:eks:us-west-2:111122223333:access-entry/eks-customer/role/111122223333/Admin/d2cb8183-d6ec-b82a-d967-eca21902a4b4", + "createdAt": "2025-05-24T11:02:04.432000-05:00", + "modifiedAt": "2025-05-24T17:08:01.608000-05:00", + "tags": {}, + "username": "arn:aws:sts::111122223333:assumed-role/Admin/{{SessionName}}", + "type": "STANDARD" + } + } + +For more information, see `Update access entries `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/eks/update-kubeconfig/_description.rst 2.31.35-1/awscli/examples/eks/update-kubeconfig/_description.rst --- 2.23.6-1/awscli/examples/eks/update-kubeconfig/_description.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/update-kubeconfig/_description.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,16 +4,16 @@ Note: To use the resulting configuration, you must have kubectl installed and in your PATH environment variable. This command constructs a configuration with prepopulated server and certificate authority data values for a specified cluster. -You can specify an IAM role ARN with the --role-arn option to use for authentication when you issue kubectl commands. +You can specify an IAM role ARN with the ``--role-arn`` option to use for authentication when you issue kubectl commands. Otherwise, the IAM entity in your default AWS CLI or SDK credential chain is used. You can view your default AWS CLI or SDK identity by running the ``aws sts get-caller-identity`` command. The resulting kubeconfig is created as a new file or merged with an existing kubeconfig file using the following logic: -* If you specify a path with the --kubeconfig option, then the resulting configuration file is created there or merged with an existing kubeconfig at that location. -* Or, if you have the KUBECONFIG environment variable set, then the resulting configuration file is created at the first entry in that variable or merged with an existing kubeconfig at that location. -* Otherwise, by default, the resulting configuration file is created at the default kubeconfig path (.kube/config) in your home directory or merged with an existing kubeconfig at that location. +* If you specify a path with the ``--kubeconfig option``, then the resulting configuration file is created there or merged with an existing kubeconfig at that location. +* Or, if you have the ``KUBECONFIG`` environment variable set, then the resulting configuration file is created at the first entry in that variable or merged with an existing kubeconfig at that location. +* Otherwise, by default, the resulting configuration file is created at the default kubeconfig path (``.kube/config``) in your home directory or merged with an existing kubeconfig at that location. * If a previous cluster configuration exists for an Amazon EKS cluster with the same name at the specified path, the existing configuration is overwritten with the new configuration. * When update-kubeconfig writes a configuration to a kubeconfig file, the current-context of the kubeconfig file is set to that configuration. -You can use the --dry-run option to print the resulting configuration to stdout instead of writing it to the specified location. +You can use the ``--dry-run`` option to print the resulting configuration to stdout instead of writing it to the specified location. diff -pruN 2.23.6-1/awscli/examples/eks/update-pod-identity-association.rst 2.31.35-1/awscli/examples/eks/update-pod-identity-association.rst --- 2.23.6-1/awscli/examples/eks/update-pod-identity-association.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/eks/update-pod-identity-association.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To update the EKS Pod Identity association** + +The following ``update-pod-identity-association`` example updates an EKS Pod Identity association by changing the associated IAM role from ``arn:aws:iam::111122223333:role/my-role`` to ``arn:aws:iam::111122223333:role/s3-role`` for association ID ``a-9njjin9gfghecgocd``. This API only allows updating the associated IAM role. :: + + aws eks update-pod-identity-association \ + --cluster-name eks-customer \ + --association-id a-9njjin9gfghecgocd \ + --role-arn arn:aws:iam::111122223333:role/s3-role + +Output:: + + { + "association": { + "clusterName": "eks-customer", + "namespace": "default", + "serviceAccount": "default", + "roleArn": "arn:aws:iam::111122223333:role/s3-role", + "associationArn": "arn:aws:eks:us-west-2:111122223333:podidentityassociation/eks-customer/a-9njjin9gfghecgocd", + "associationId": "a-9njjin9gfghecgocd", + "tags": { + "Key2": "value2", + "Key1": "value1" + }, + "createdAt": "2025-05-24T19:52:14.135000-05:00", + "modifiedAt": "2025-05-25T21:01:53.120000-05:00" + } + } + +For more information, see `Learn how EKS Pod Identity grants pods access to AWS services `__ in the *Amazon EKS User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/elasticbeanstalk/create-application-version.rst 2.31.35-1/awscli/examples/elasticbeanstalk/create-application-version.rst --- 2.23.6-1/awscli/examples/elasticbeanstalk/create-application-version.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/elasticbeanstalk/create-application-version.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,9 +2,9 @@ The following command creates a new version, "v1" of an application named "MyApp":: - aws elasticbeanstalk create-application-version --application-name MyApp --version-label v1 --description MyAppv1 --source-bundle S3Bucket="my-bucket",S3Key="sample.war" --auto-create-application + aws elasticbeanstalk create-application-version --application-name MyApp --version-label v1 --description MyAppv1 --source-bundle S3Bucket="amzn-s3-demo-bucket",S3Key="sample.war" --auto-create-application -The application will be created automatically if it does not already exist, due to the auto-create-application option. The source bundle is a .war file stored in an s3 bucket named "my-bucket" that contains the Apache Tomcat sample application. +The application will be created automatically if it does not already exist, due to the auto-create-application option. The source bundle is a .war file stored in an s3 bucket named "amzn-s3-demo-bucket" that contains the Apache Tomcat sample application. Output:: @@ -16,7 +16,7 @@ Output:: "DateCreated": "2015-02-03T23:01:25.412Z", "DateUpdated": "2015-02-03T23:01:25.412Z", "SourceBundle": { - "S3Bucket": "my-bucket", + "S3Bucket": "amzn-s3-demo-bucket", "S3Key": "sample.war" } } diff -pruN 2.23.6-1/awscli/examples/elbv2/modify-listener.rst 2.31.35-1/awscli/examples/elbv2/modify-listener.rst --- 2.23.6-1/awscli/examples/elbv2/modify-listener.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/elbv2/modify-listener.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,86 +1,95 @@ -**Example 1: To change the default action to a forward action** - -The following ``modify-listener`` example changes the default action (to a **forward** action)for the specified listener. :: - - aws elbv2 modify-listener \ - --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 \ - --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f - -Output:: - - { - "Listeners": [ - { - "Protocol": "HTTP", - "DefaultActions": [ - { - "TargetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f", - "Type": "forward" - } - ], - "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", - "Port": 80, - "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2" - } - ] - } - -**Example 2: To change the default action to a redirect action** - -The following ``modify-listener`` example changes the default action to a **redirect** action for the specified listener. :: - - aws elbv2 modify-listener \ - --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 \ - --default-actions Type=redirect,TargetGroupArn=arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f - -Output:: - - { - "Listeners": [ - { - "Protocol": "HTTP", - "DefaultActions": [ - { - "TargetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f", - "Type": "redirect" - } - ], - "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", - "Port": 80, - "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2" - } - ] - } - -**Example 3: To change the server certificate** - -This example changes the server certificate for the specified HTTPS listener. :: - - aws elbv2 modify-listener \ - --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/0467ef3c8400ae65 \ - --certificates CertificateArn=arn:aws:iam::123456789012:server-certificate/my-new-server-cert - -Output:: - - { - "Listeners": [ - { - "Protocol": "HTTPS", - "DefaultActions": [ - { - "TargetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067", - "Type": "forward" - } - ], - "SslPolicy": "ELBSecurityPolicy-2015-05", - "Certificates": [ - { - "CertificateArn": "arn:aws:iam::123456789012:server-certificate/my-new-server-cert" - } - ], - "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", - "Port": 443, - "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/0467ef3c8400ae65" - } - ] - } \ No newline at end of file +**Example 1: To change the default action to a forward action** + +The following ``modify-listener`` example changes the default action to a ``forward`` action for the specified listener. :: + + aws elbv2 modify-listener \ + --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 \ + --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f + +Output:: + + { + "Listeners": [ + { + "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2", + "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", + "Protocol": "HTTP", + "Port": 80, + "DefaultActions": [ + { + "Type": "forward", + "TargetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-new-targets/2453ed029918f21f" + } + ] + } + ] + } + +**Example 2: To change the default action to a redirect action** + +The following ``modify-listener`` example changes the default action to a ``redirect`` action for the specified listener. :: + + aws elbv2 modify-listener \ + --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2 \ + --default-actions Type=redirect, RedirectConfig='{Protocol=HTTPS,StatusCode=HTTP_302}' + +Output:: + + { + "Listeners": [ + { + "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/f2f7dc8efc522ab2", + "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", + "Protocol": "HTTP", + "Port": 80, + "DefaultActions": [ + { + "Type": "redirect", + "RedirectConfig": { + "Protocol": "HTTPS", + "Port": "#{port}", + "Host": "#{host}", + "Path": "/#{path}", + "Query": "#{query}", + "StatusCode": "HTTP_302", + } + } + ] + } + ] + } + +**Example 3: To change the server certificate** + +The following ``modify-listener`` example changes the server certificate for the specified HTTPS listener. :: + + aws elbv2 modify-listener \ + --listener-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/0467ef3c8400ae65 \ + --certificates CertificateArn=arn:aws:iam::123456789012:server-certificate/my-new-server-cert + +Output:: + + { + "Listeners": [ + { + "ListenerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/my-load-balancer/50dc6c495c0c9188/0467ef3c8400ae65", + "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188", + "Protocol": "HTTPS", + "Port": 443, + "DefaultActions": [ + { + "Type": "forward", + "TargetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067" + } + ], + "SslPolicy": "ELBSecurityPolicy-2015-05", + "Certificates": [ + { + "CertificateArn": "arn:aws:iam::123456789012:server-certificate/my-new-server-cert" + } + ], + } + ] + } + +For more information, see `Listener rules `__ in the *Application Load Balancers User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/emr/add-steps.rst 2.31.35-1/awscli/examples/emr/add-steps.rst --- 2.23.6-1/awscli/examples/emr/add-steps.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr/add-steps.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,7 +2,7 @@ - Command:: - aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=CUSTOM_JAR,Name=CustomJAR,ActionOnFailure=CONTINUE,Jar=s3://mybucket/mytest.jar,Args=arg1,arg2,arg3 Type=CUSTOM_JAR,Name=CustomJAR,ActionOnFailure=CONTINUE,Jar=s3://mybucket/mytest.jar,MainClass=mymainclass,Args=arg1,arg2,arg3 + aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=CUSTOM_JAR,Name=CustomJAR,ActionOnFailure=CONTINUE,Jar=s3://amzn-s3-demo-bucket/mytest.jar,Args=arg1,arg2,arg3 Type=CUSTOM_JAR,Name=CustomJAR,ActionOnFailure=CONTINUE,Jar=s3://amzn-s3-demo-bucket/mytest.jar,MainClass=mymainclass,Args=arg1,arg2,arg3 - Required parameters:: @@ -25,7 +25,7 @@ - Command:: - aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=STREAMING,Name='Streaming Program',ActionOnFailure=CONTINUE,Args=[-files,s3://elasticmapreduce/samples/wordcount/wordSplitter.py,-mapper,wordSplitter.py,-reducer,aggregate,-input,s3://elasticmapreduce/samples/wordcount/input,-output,s3://mybucket/wordcount/output] + aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=STREAMING,Name='Streaming Program',ActionOnFailure=CONTINUE,Args=[-files,s3://elasticmapreduce/samples/wordcount/wordSplitter.py,-mapper,wordSplitter.py,-reducer,aggregate,-input,s3://elasticmapreduce/samples/wordcount/input,-output,s3://amzn-s3-demo-bucket/wordcount/output] - Required parameters:: @@ -40,7 +40,7 @@ [ { "Name": "JSON Streaming Step", - "Args": ["-files","s3://elasticmapreduce/samples/wordcount/wordSplitter.py","-mapper","wordSplitter.py","-reducer","aggregate","-input","s3://elasticmapreduce/samples/wordcount/input","-output","s3://mybucket/wordcount/output"], + "Args": ["-files","s3://elasticmapreduce/samples/wordcount/wordSplitter.py","-mapper","wordSplitter.py","-reducer","aggregate","-input","s3://elasticmapreduce/samples/wordcount/input","-output","s3://amzn-s3-demo-bucket/wordcount/output"], "ActionOnFailure": "CONTINUE", "Type": "STREAMING" } @@ -72,15 +72,15 @@ NOTE: JSON arguments must include option "ActionOnFailure": "CONTINUE", "Args": [ "-files", - "s3://mybucket/mapper.py,s3://mybucket/reducer.py", + "s3://amzn-s3-demo-bucket/mapper.py,s3://amzn-s3-demo-bucket/reducer.py", "-mapper", "mapper.py", "-reducer", "reducer.py", "-input", - "s3://mybucket/input", + "s3://amzn-s3-demo-bucket/input", "-output", - "s3://mybucket/output"] + "s3://amzn-s3-demo-bucket/output"] } ] @@ -109,7 +109,7 @@ NOTE: JSON arguments must include option - Command:: - aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=HIVE,Name='Hive program',ActionOnFailure=CONTINUE,Args=[-f,s3://mybucket/myhivescript.q,-d,INPUT=s3://mybucket/myhiveinput,-d,OUTPUT=s3://mybucket/myhiveoutput,arg1,arg2] Type=HIVE,Name='Hive steps',ActionOnFailure=TERMINATE_CLUSTER,Args=[-f,s3://elasticmapreduce/samples/hive-ads/libs/model-build.q,-d,INPUT=s3://elasticmapreduce/samples/hive-ads/tables,-d,OUTPUT=s3://mybucket/hive-ads/output/2014-04-18/11-07-32,-d,LIBS=s3://elasticmapreduce/samples/hive-ads/libs] + aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=HIVE,Name='Hive program',ActionOnFailure=CONTINUE,Args=[-f,s3://amzn-s3-demo-bucket/myhivescript.q,-d,INPUT=s3://amzn-s3-demo-bucket/myhiveinput,-d,OUTPUT=s3://amzn-s3-demo-bucket/myhiveoutput,arg1,arg2] Type=HIVE,Name='Hive steps',ActionOnFailure=TERMINATE_CLUSTER,Args=[-f,s3://elasticmapreduce/samples/hive-ads/libs/model-build.q,-d,INPUT=s3://elasticmapreduce/samples/hive-ads/tables,-d,OUTPUT=s3://amzn-s3-demo-bucket/hive-ads/output/2014-04-18/11-07-32,-d,LIBS=s3://elasticmapreduce/samples/hive-ads/libs] - Required parameters:: @@ -134,7 +134,7 @@ NOTE: JSON arguments must include option - Command:: - aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=PIG,Name='Pig program',ActionOnFailure=CONTINUE,Args=[-f,s3://mybucket/mypigscript.pig,-p,INPUT=s3://mybucket/mypiginput,-p,OUTPUT=s3://mybucket/mypigoutput,arg1,arg2] Type=PIG,Name='Pig program',Args=[-f,s3://elasticmapreduce/samples/pig-apache/do-reports2.pig,-p,INPUT=s3://elasticmapreduce/samples/pig-apache/input,-p,OUTPUT=s3://mybucket/pig-apache/output,arg1,arg2] + aws emr add-steps --cluster-id j-XXXXXXXX --steps Type=PIG,Name='Pig program',ActionOnFailure=CONTINUE,Args=[-f,s3://amzn-s3-demo-bucket/mypigscript.pig,-p,INPUT=s3://amzn-s3-demo-bucket/mypiginput,-p,OUTPUT=s3://amzn-s3-demo-bucket/mypigoutput,arg1,arg2] Type=PIG,Name='Pig program',Args=[-f,s3://elasticmapreduce/samples/pig-apache/do-reports2.pig,-p,INPUT=s3://elasticmapreduce/samples/pig-apache/input,-p,OUTPUT=s3://amzn-s3-demo-bucket/pig-apache/output,arg1,arg2] - Required parameters:: diff -pruN 2.23.6-1/awscli/examples/emr/create-cluster-examples.rst 2.31.35-1/awscli/examples/emr/create-cluster-examples.rst --- 2.23.6-1/awscli/examples/emr/create-cluster-examples.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr/create-cluster-examples.rst 2025-11-12 19:17:29.000000000 +0000 @@ -369,7 +369,7 @@ The following ``create-cluster`` example The following example specifies the step inline. :: aws emr create-cluster \ - --steps Type=STREAMING,Name='Streaming Program',ActionOnFailure=CONTINUE,Args=[-files,s3://elasticmapreduce/samples/wordcount/wordSplitter.py,-mapper,wordSplitter.py,-reducer,aggregate,-input,s3://elasticmapreduce/samples/wordcount/input,-output,s3://mybucket/wordcount/output] \ + --steps Type=STREAMING,Name='Streaming Program',ActionOnFailure=CONTINUE,Args=[-files,s3://elasticmapreduce/samples/wordcount/wordSplitter.py,-mapper,wordSplitter.py,-reducer,aggregate,-input,s3://elasticmapreduce/samples/wordcount/input,-output,s3://amzn-s3-demo-bucket/wordcount/output] \ --release-label emr-5.3.1 \ --instance-groups InstanceGroupType=MASTER,InstanceCount=1,InstanceType=m4.large InstanceGroupType=CORE,InstanceCount=2,InstanceType=m4.large \ --auto-terminate @@ -397,7 +397,7 @@ Contents of ``multiplefiles.json``:: "-input", "s3://elasticmapreduce/samples/wordcount/input", "-output", - "s3://mybucket/wordcount/output" + "s3://amzn-s3-demo-bucket/wordcount/output" ], "ActionOnFailure": "CONTINUE", "Type": "STREAMING" @@ -409,7 +409,7 @@ Contents of ``multiplefiles.json``:: The following example add Hive steps when creating a cluster. Hive steps require parameters ``Type`` and ``Args``. Hive steps optional parameters are ``Name`` and ``ActionOnFailure``. :: aws emr create-cluster \ - --steps Type=HIVE,Name='Hive program',ActionOnFailure=CONTINUE,ActionOnFailure=TERMINATE_CLUSTER,Args=[-f,s3://elasticmapreduce/samples/hive-ads/libs/model-build.q,-d,INPUT=s3://elasticmapreduce/samples/hive-ads/tables,-d,OUTPUT=s3://mybucket/hive-ads/output/2014-04-18/11-07-32,-d,LIBS=s3://elasticmapreduce/samples/hive-ads/libs] \ + --steps Type=HIVE,Name='Hive program',ActionOnFailure=CONTINUE,ActionOnFailure=TERMINATE_CLUSTER,Args=[-f,s3://elasticmapreduce/samples/hive-ads/libs/model-build.q,-d,INPUT=s3://elasticmapreduce/samples/hive-ads/tables,-d,OUTPUT=s3://amzn-s3-demo-bucket/hive-ads/output/2014-04-18/11-07-32,-d,LIBS=s3://elasticmapreduce/samples/hive-ads/libs] \ --applications Name=Hive \ --release-label emr-5.3.1 \ --instance-groups InstanceGroupType=MASTER,InstanceCount=1,InstanceType=m4.large InstanceGroupType=CORE,InstanceCount=2,InstanceType=m4.large @@ -419,7 +419,7 @@ The following example add Hive steps whe The following example adds Pig steps when creating a cluster. Pig steps required parameters are ``Type`` and ``Args``. Pig steps optional parameters are ``Name`` and ``ActionOnFailure``. :: aws emr create-cluster \ - --steps Type=PIG,Name='Pig program',ActionOnFailure=CONTINUE,Args=[-f,s3://elasticmapreduce/samples/pig-apache/do-reports2.pig,-p,INPUT=s3://elasticmapreduce/samples/pig-apache/input,-p,OUTPUT=s3://mybucket/pig-apache/output] \ + --steps Type=PIG,Name='Pig program',ActionOnFailure=CONTINUE,Args=[-f,s3://elasticmapreduce/samples/pig-apache/do-reports2.pig,-p,INPUT=s3://elasticmapreduce/samples/pig-apache/input,-p,OUTPUT=s3://amzn-s3-demo-bucket/pig-apache/output] \ --applications Name=Pig \ --release-label emr-5.3.1 \ --instance-groups InstanceGroupType=MASTER,InstanceCount=1,InstanceType=m4.large InstanceGroupType=CORE,InstanceCount=2,InstanceType=m4.large @@ -429,7 +429,7 @@ The following example adds Pig steps whe The following ``create-cluster`` example runs two bootstrap actions defined as scripts that are stored in Amazon S3. :: aws emr create-cluster \ - --bootstrap-actions Path=s3://mybucket/myscript1,Name=BootstrapAction1,Args=[arg1,arg2] Path=s3://mybucket/myscript2,Name=BootstrapAction2,Args=[arg1,arg2] \ + --bootstrap-actions Path=s3://amzn-s3-demo-bucket/myscript1,Name=BootstrapAction1,Args=[arg1,arg2] Path=s3://amzn-s3-demo-bucket/myscript2,Name=BootstrapAction2,Args=[arg1,arg2] \ --release-label emr-5.3.1 \ --instance-groups InstanceGroupType=MASTER,InstanceCount=1,InstanceType=m4.large InstanceGroupType=CORE,InstanceCount=2,InstanceType=m4.large \ --auto-terminate diff -pruN 2.23.6-1/awscli/examples/emr/create-cluster-synopsis.txt 2.31.35-1/awscli/examples/emr/create-cluster-synopsis.txt --- 2.23.6-1/awscli/examples/emr/create-cluster-synopsis.txt 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr/create-cluster-synopsis.txt 2025-11-12 19:17:29.000000000 +0000 @@ -32,3 +32,4 @@ [--managed-scaling-policy ] [--placement-group-configs ] [--auto-termination-policy ] + [--extended-support | --no-extended-support] diff -pruN 2.23.6-1/awscli/examples/emr-containers/create-role-associations/_description.rst 2.31.35-1/awscli/examples/emr-containers/create-role-associations/_description.rst --- 2.23.6-1/awscli/examples/emr-containers/create-role-associations/_description.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr-containers/create-role-associations/_description.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +Creates role associations of given IAM role with EMR service accounts such that it can be used with Amazon EMR on EKS with the given namespace from the given EKS cluster. + +Note: +The command would associate EMR service accounts with provided IAM role to EKS pod identity: + +* "emr-containers-sa-%(FRAMEWORK)s-%(COMPONENT)s-%(AWS_ACCOUNT_ID)s-%(BASE36_ENCODED_ROLE_NAME)s" + +Here:: + + = EMR on EKS framework such as spark, flink, livy + = Task component for the framework. Such as client, driver, executor for spark; flink-operator, jobmanager, taskmanager for flink. + = AWS Account ID of the EKS cluster + = Base36 encoded form of the IAM Role name + +You can use the **--type** option to select which submission model to associate. + +You can use the **--operator-namespace** option if your operator/livy jobs are running in a different operator namespace other than your job/application namespace. **--namespace** should be the Job/Application Namespace, and this option is for operator namespace to associate operator/livy service account. + +You can use the **--service-account-name** option to associate a custom service account with the role. diff -pruN 2.23.6-1/awscli/examples/emr-containers/create-role-associations.rst 2.31.35-1/awscli/examples/emr-containers/create-role-associations.rst --- 2.23.6-1/awscli/examples/emr-containers/create-role-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr-containers/create-role-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,48 @@ +**To create role associations of an IAM Role with EMR service accounts to be used with Amazon EMR on EKS** + +The following ``create-role-associations`` example command creates EKS pod identity associations of a role named **example_iam_role** with EMR service accounts such that it can be used with Amazon EMR on EKS with +**example_namespace** namespace from an EKS cluster named **example_cluster**.:: + + aws emr-containers create-role-associations \ + --cluster-name example_cluster \ + --namespace example_namespace \ + --role-name example_iam_role + +Output:: + + [ + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-client-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/a-bgyr1umgdmrk1kdtq", + "associationId": "a-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + }, + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-driver-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/b-bgyr1umgdmrk1kdtq", + "associationId": "b-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + }, + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-executor-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/c-bgyr1umgdmrk1kdtq", + "associationId": "c-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + } + ] + diff -pruN 2.23.6-1/awscli/examples/emr-containers/delete-role-associations/_description.rst 2.31.35-1/awscli/examples/emr-containers/delete-role-associations/_description.rst --- 2.23.6-1/awscli/examples/emr-containers/delete-role-associations/_description.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr-containers/delete-role-associations/_description.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +Deletes role associations of given IAM role with EMR service accounts such that it will be removed from Amazon EMR on EKS with the given namespace from the given EKS cluster. + +Note: +The command would dissociate EMR service accounts with provided IAM role from EKS pod identity: + +* "emr-containers-sa-%(FRAMEWORK)s-%(COMPONENT)s-%(AWS_ACCOUNT_ID)s-%(BASE36_ENCODED_ROLE_NAME)s" + +Here:: + + = EMR on EKS framework such as spark, flink, livy + = Task component for the framework. Such as client, driver, executor for spark; flink-operator, jobmanager, taskmanager for flink. + = AWS Account ID of the EKS cluster + = Base36 encoded form of the IAM Role name + +You can use the **--type** option to select which submission model to dissociate. + +You can use the **--operator-namespace** option if your operator/livy jobs are running in a different operator namespace other than your job/application namespace. **--namespace** should be the Job/Application Namespace, and this option is for operator namespace to dissociate operator/livy service account. + +You can use the **--service-account-name** option to dissociate a custom service account with the role. diff -pruN 2.23.6-1/awscli/examples/emr-containers/delete-role-associations.rst 2.31.35-1/awscli/examples/emr-containers/delete-role-associations.rst --- 2.23.6-1/awscli/examples/emr-containers/delete-role-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/emr-containers/delete-role-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,50 @@ +**To delete role associations of an IAM Role with EMR service accounts** + +EKS allows associations with non existing resources (namespace, service account), so EMR on EKS suggest to delete the associations if the namespace is deleted or the role is not in use to release the space for other associations. + +The following ``delete-role-associations`` example command deletes EKS pod identity associations of a role named **example_iam_role** with EMR service accounts such that it can be removed from Amazon EMR on EKS with +**example_namespace** namespace from an EKS cluster named **example_cluster**.:: + + aws emr-containers delete-role-associations \ + --cluster-name example_cluster \ + --namespace example_namespace \ + --role-name example_iam_role + +Output:: + + [ + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-client-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/a-bgyr1umgdmrk1kdtq", + "associationId": "a-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + }, + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-driver-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/b-bgyr1umgdmrk1kdtq", + "associationId": "b-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + }, + { + "clusterName": "example_cluster", + "namespace": "example_namespace", + "serviceAccount": "emr-spark-executor-service-account-example", + "roleArn": "arn:aws:iam::111111111111:role/example_iam_role", + "associationArn": "arn:aws:eks:us-east-1:111111111111:podidentityassociation/example_cluster/c-bgyr1umgdmrk1kdtq", + "associationId": "c-bgyr1umgdmrk1kdtq", + "tags": {}, + "createdAt": "2022-11-15T10:49:00+00:00", + "modifiedAt": "2022-11-15T10:49:00+00:00" + } + ] + diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/create-stage.rst 2.31.35-1/awscli/examples/ivs-realtime/create-stage.rst --- 2.23.6-1/awscli/examples/ivs-realtime/create-stage.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/create-stage.rst 2025-11-12 19:17:29.000000000 +0000 @@ -19,18 +19,36 @@ Output:: "stage": { "activeSessionId": "st-a1b2c3d4e5f6g", "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "autoParticipantRecordingConfiguration": { + "storageConfigurationArn": "", + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "DISABLED" + }, + "recordingReconnectWindowSeconds": 0, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 6 + }, + "recordParticipantReplicas": true + }, "endpoints": { "events": "wss://global.events.live-video.net", "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", - "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + "whip": "https://9x0y8z7s6t5u.global-bm.whip.live-video.net" }, "name": "stage1", "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. **Example 2: To create a stage and configure individial participant recording** @@ -38,7 +56,54 @@ The following ``create-stage`` example c aws ivs-realtime create-stage \ --name stage1 \ - --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh"}' + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", "recordingReconnectWindowSeconds": 100, \ + "hlsConfiguration": {"targetSegmentDurationSeconds": 5}}' + +Output:: + + { + "stage": { + "activeSessionId": "st-a1b2c3d4e5f6g", + "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "autoParticipantRecordingConfiguration": { + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh" + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "DISABLED" + }, + "recordingReconnectWindowSeconds": 100, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 5 + }, + "recordParticipantReplicas": true + }, + "endpoints": { + "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", + "whip": "https://9x0y8z7s6t5u.global-bm.whip.live-video.net" + }, + "name": "stage1", + "tags": {} + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 3: To create a stage and configure individial participant recording with thumbnail recording enabled** + +The following ``create-stage`` example creates a stage and configures individual participant recording with thumbnail recording enabled. :: + + aws ivs-realtime create-stage \ + --name stage1 \ + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", \ + "thumbnailConfiguration": {"recordingMode": "INTERVAL","storage": ["SEQUENTIAL"],"targetIntervalSeconds": 60}}' Output:: @@ -47,20 +112,32 @@ Output:: "activeSessionId": "st-a1b2c3d4e5f6g", "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", "autoParticipantRecordingConfiguration": { - "mediaTypes": [ - "AUDIO_VIDEO" - ], - "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "INTERVAL" + }, + "recordingReconnectWindowSeconds": 0, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 6 + }, + "recordParticipantReplicas": true }, "endpoints": { "events": "wss://global.events.live-video.net", "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", - "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + "whip": "https://9x0y8z7s6t5u.global-bm.whip.live-video.net" }, "name": "stage1", "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/get-composition.rst 2.31.35-1/awscli/examples/ivs-realtime/get-composition.rst --- 2.23.6-1/awscli/examples/ivs-realtime/get-composition.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/get-composition.rst 2025-11-12 19:17:29.000000000 +0000 @@ -31,9 +31,12 @@ Output:: "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" ], "recordingConfiguration": { - "format": "HLS" + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } }, - "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE" + "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", } }, "detail": { @@ -48,11 +51,13 @@ Output:: ], "layout": { "grid": { - "featuredParticipantAttribute": "" + "featuredParticipantAttribute": "", "gridGap": 2, "omitStoppedVideo": false, + "participantOrderAttribute": "", "videoAspectRatio": "VIDEO", - "videoFillMode": "" } + "videoFillMode": "" + } }, "stageArn": "arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd", "startTime": "2023-10-16T23:24:00+00:00", @@ -61,7 +66,7 @@ Output:: } } -For more information, see `Composite Recording (Real-Time Streaming) `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. **Example 2: To get a composition with PiP layout** @@ -96,7 +101,10 @@ Output:: "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" ], "recordingConfiguration": { - "format": "HLS" + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } }, "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE" } @@ -116,6 +124,7 @@ Output:: "featuredParticipantAttribute": "abcdefg", "gridGap": 0, "omitStoppedVideo": false, + "participantOrderAttribute": "", "pipBehavior": "STATIC", "pipOffset": 0, "pipParticipantAttribute": "", @@ -130,4 +139,81 @@ Output:: } } -For more information, see `Composite Recording (Real-Time Streaming) `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. + +**Example 3: To get a composition with thumbnail recording enabled** + +The following ``get-composition`` example gets the composition for the ARN (Amazon Resource Name) specified, which has thumbnail recording enabled with default settings. :: + + aws ivs-realtime get-composition \ + --arn "arn:aws:ivs:ap-northeast-1:123456789012:composition/abcdABCDefgh" + +Output:: + + { + "composition": { + "arn": "arn:aws:ivs:ap-northeast-1:123456789012:composition/abcdABCDefgh", + "destinations": [ + { + "configuration": { + "channel": { + "channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", + "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + }, + "name": "" + }, + "id": "AabBCcdDEefF", + "startTime": "2023-10-16T23:26:00+00:00", + "state": "ACTIVE" + }, + { + "configuration": { + "name": "", + "s3": { + "encoderConfigurationArns": [ + "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + ], + "recordingConfiguration": { + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } + }, + "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", + "thumbnailConfigurations": [ + { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + } + ] + } + }, + "detail": { + "s3": { + "recordingPrefix": "aBcDeFgHhGfE/AbCdEfGhHgFe/GHFabcgefABC/composite" + } + }, + "id": "GHFabcgefABC", + "startTime": "2023-10-16T23:26:00+00:00", + "state": "STARTING" + } + ], + "layout": { + "grid": { + "featuredParticipantAttribute": "" + "gridGap": 2, + "omitStoppedVideo": false, + "participantOrderAttribute": "", + "videoAspectRatio": "VIDEO", + "videoFillMode": "" } + }, + "stageArn": "arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd", + "startTime": "2023-10-16T23:24:00+00:00", + "state": "ACTIVE", + "tags": {} + } + } + +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/get-participant.rst 2.31.35-1/awscli/examples/ivs-realtime/get-participant.rst --- 2.23.6-1/awscli/examples/ivs-realtime/get-participant.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/get-participant.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,31 +1,99 @@ -**To get a stage participant** - -The following ``get-participant`` example gets the stage participant for a specified participant ID and session ID in the specified stage ARN (Amazon Resource Name). :: - - aws ivs-realtime get-participant \ - --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ - --session-id st-a1b2c3d4e5f6g \ - --participant-id abCDEf12GHIj - -Output:: - - { - "participant": { - "browserName", "Google Chrome", - "browserVersion", "116", - "firstJoinTime": "2023-04-26T20:30:34+00:00", - "ispName", "Comcast", - "osName", "Microsoft Windows 10 Pro", - "osVersion", "10.0.19044" - "participantId": "abCDEf12GHIj", - "published": true, - "recordingS3BucketName": "bucket-name", - "recordingS3Prefix": "abcdABCDefgh/st-a1b2c3d4e5f6g/abCDEf12GHIj/1234567890", - "recordingState": "ACTIVE", - "sdkVersion", "", - "state": "CONNECTED", - "userId": "", - } - } - -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +**Example 1: To get a stage participant** + +The following ``get-participant`` example gets the stage participant for a specified participant ID and session ID in the specified stage ARN (Amazon Resource Name). :: + + aws ivs-realtime get-participant \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g \ + --participant-id abCDEf12GHIj + +Output:: + + { + "participant": { + "browserName": "Google Chrome", + "browserVersion": "116", + "firstJoinTime": "2023-04-26T20:30:34+00:00", + "ispName": "Comcast", + "osName": "Microsoft Windows 10 Pro", + "osVersion": "10.0.19044", + "participantId": "abCDEf12GHIj", + "published": true, + "recordingS3BucketName": "bucket-name", + "recordingS3Prefix": "abcdABCDefgh/st-a1b2c3d4e5f6g/abCDEf12GHIj/1234567890", + "recordingState": "ACTIVE", + "sdkVersion": "", + "state": "CONNECTED", + "userId": "" + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 2: To get a stage participant that has been replicated to another stage** + +The following ``get-participant`` example gets the stage participant for a specified participant ID and session ID in the specified stage ARN (Amazon Resource Name), when the participant has also been replicated to another stage. :: + + aws ivs-realtime get-participant \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g \ + --participant-id abCDEf12GHIj + +Output:: + + { + "participant": { + "browserName": "Google Chrome", + "browserVersion": "116", + "firstJoinTime": "2023-04-26T20:30:34+00:00", + "ispName": "Comcast", + "osName": "Microsoft Windows 10 Pro", + "osVersion": "10.0.19044", + "participantId": "abCDEf12GHIj", + "published": true, + "recordingS3BucketName": "bucket-name", + "recordingS3Prefix": "abcdABCDefgh/st-a1b2c3d4e5f6g/abCDEf12GHIj/1234567890", + "recordingState": "ACTIVE", + "replicationState": "ACTIVE", + "replicationType": "SOURCE", + "sdkVersion": "", + "state": "CONNECTED", + "userId": "" + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 3: To get a stage participant that has been replicated from another stage** + +The following ``get-participant`` example gets the stage participant for a specified participant ID and session ID in the specified stage ARN (Amazon Resource Name), when the participant has been replicated from another stage. :: + + aws ivs-realtime get-participant \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g \ + --participant-id abCDEf12GHIj + +Output:: + + { + "participant": { + "browserName": "Google Chrome", + "browserVersion": "116", + "firstJoinTime": "2023-04-26T20:30:34+00:00", + "ispName": "Comcast", + "osName": "Microsoft Windows 10 Pro", + "osVersion": "10.0.19044", + "participantId": "abCDEf12GHIj", + "published": true, + "recordingS3BucketName": "bucket-name", + "recordingS3Prefix": "abcdABCDefgh/st-a1b2c3d4e5f6g/abCDEf12GHIj/1234567890", + "recordingState": "ACTIVE", + "replicationState": "ACTIVE", + "replicationType": "REPLICA", + "sdkVersion": "", + "state": "CONNECTED", + "userId": "" + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/get-stage.rst 2.31.35-1/awscli/examples/ivs-realtime/get-stage.rst --- 2.23.6-1/awscli/examples/ivs-realtime/get-stage.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/get-stage.rst 2025-11-12 19:17:29.000000000 +0000 @@ -12,20 +12,32 @@ Output:: "activeSessionId": "st-a1b2c3d4e5f6g", "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", "autoParticipantRecordingConfiguration": { - "mediaTypes": [ - "AUDIO_VIDEO" - ], - "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "storageConfigurationArn": "", + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "DISABLED" + }, + "recordingReconnectWindowSeconds": 0, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 6 + }, + "recordParticipantReplicas": true }, "endpoints": { "events": "wss://global.events.live-video.net", "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", - "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + "whip": "https://9x0y8z7s6t5u.global-bm.whip.live-video.net" }, "name": "test", "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/list-participant-events.rst 2.31.35-1/awscli/examples/ivs-realtime/list-participant-events.rst --- 2.23.6-1/awscli/examples/ivs-realtime/list-participant-events.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/list-participant-events.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To get a list of stage participant events** +**Example 1: To get a list of stage participant events** The following ``list-participant-events`` example lists all participant events for a specified participant ID and session ID of a specified stage ARN (Amazon Resource Name). :: @@ -34,4 +34,56 @@ Output:: ] } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 2: To get a list of stage participant events, including participant replication stop and start** + +The following ``list-participant-events`` example lists all participant events for a specified session ID of a specified stage ARN (Amazon Resource Name), where a participant is replicated to another stage. :: + + aws ivs-realtime list-participant-events \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g \ + --participant-id abCDEf12GHIj + +Output:: + + { + "events": [ + { + "eventTime": "2025-04-26T20:36:28+00:00", + "name": "LEFT", + "participantId": "abCDEf12GHIj" + }, + { + "eventTime": "2025-04-26T20:36:28+00:00", + "name": "PUBLISH_STOPPED", + "participantId": "abCDEf12GHIj" + }, + { + "eventTime": "2025-04-26T20:30:34+00:00", + "name": "JOINED", + "participantId": "abCDEf12GHIj" + }, + { + "eventTime": "2025-04-26T20:30:34+00:00", + "name": "PUBLISH_STARTED", + "participantId": "abCDEf12GHIj" + }, + { + "name": "REPLICATION_STARTED", + "participantId": "abCDEf12GHIj", + "eventTime": "2025-04-26T20:30:34+00:00", + "destinationStageArn": "arn:aws:ivs:us-west-2:12345678901:stage/ABCDabcdefgh", + "destinationSessionId": "st-b1c2d3e4f5g6a" + }, + { + "name": "REPLICATION_STOPPED", + "participantId": "abCDEf12GHIj", + "eventTime": "2025-04-26T20:32:34+00:00", + "destinationStageArn": "arn:aws:ivs:us-west-2:12345678901:stage/ABCDabcdefgh", + "destinationSessionId": "st-b1c2d3e4f5g6a" + } + ] + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/list-participant-replicas.rst 2.31.35-1/awscli/examples/ivs-realtime/list-participant-replicas.rst --- 2.23.6-1/awscli/examples/ivs-realtime/list-participant-replicas.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/list-participant-replicas.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +**To get a list of stage participant replicas** + +The following ``list-participant-replicas`` example lists all stage participants replicated from the specified source stage ARN (Amazon Resource Name) to another stage. :: + + aws ivs-realtime list-participant-replicas \ + --source-stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --participant-id abCDEf12GHIj + +Output:: + + { + "replicas": [ + { + "sourceStageArn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "participantId": "abCDEf12GHIj", + "sourceSessionId": "st-a1b2c3d4e5f6g", + "destinationStageArn": "arn:aws:ivs:us-west-2:012345678901:stage/ABCDabcdefgh", + "destinationSessionId": "st-b1c2d3e4f5g6a", + "replicationState": "ACTIVE" + } + ] + } + +For more information, see `IVS Participant Replication `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/list-participants.rst 2.31.35-1/awscli/examples/ivs-realtime/list-participants.rst --- 2.23.6-1/awscli/examples/ivs-realtime/list-participants.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/list-participants.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To get a list of stage participants** +**Example 1: To get a list of stage participants** The following ``list-participants`` example lists all participants for a specified session ID of a specified stage ARN (Amazon Resource Name). :: @@ -12,7 +12,7 @@ Output:: "participants": [ { "firstJoinTime": "2023-04-26T20:30:34+00:00", - "participantId": "abCDEf12GHIj" + "participantId": "abCDEf12GHIj", "published": true, "recordingState": "STOPPED", "state": "DISCONNECTED", @@ -21,4 +21,62 @@ Output:: ] } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 2: To get a list of stage participants, when a participant has been replicated to another stage** + +The following ``list-participants`` example lists all participants for a specified session ID of a specified stage ARN (Amazon Resource Name), when a participant has been replicated to another stage. :: + + aws ivs-realtime list-participants \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g + +Output:: + + { + "participants": [ + { + "firstJoinTime": "2023-04-26T20:30:34+00:00", + "participantId": "abCDEf12GHIj", + "published": true, + "recordingState": "STOPPED", + "state": "DISCONNECTED", + "userId": "", + "replicationState": "ACTIVE", + "replicationType": "SOURCE", + "sourceStageArn": "", + "sourceSessionId": "" + } + ] + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 3: To get a list of stage participants, when a participant has been replicated from another stage** + +The following ``list-participants`` example lists all participants for a specified session ID of a specified stage ARN (Amazon Resource Name), when a participant has been replicated from another stage. :: + + aws ivs-realtime list-participants \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --session-id st-a1b2c3d4e5f6g + +Output:: + + { + "participants": [ + { + "firstJoinTime": "2023-04-26T20:30:34+00:00", + "participantId": "abCDEf12GHIj", + "published": true, + "recordingState": "STOPPED", + "state": "DISCONNECTED", + "userId": "", + "replicationState": "ACTIVE", + "replicationType": "REPLICA", + "sourceStageArn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "sourceSessionId": "st-a1b2c3d4e5f6g" + } + ] + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/start-composition.rst 2.31.35-1/awscli/examples/ivs-realtime/start-composition.rst --- 2.23.6-1/awscli/examples/ivs-realtime/start-composition.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/start-composition.rst 2025-11-12 19:17:29.000000000 +0000 @@ -7,6 +7,7 @@ The following ``start-composition`` exam --destinations '[{"channel": {"channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", \ "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"}}, \ {"s3":{"encoderConfigurationArns":["arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"], \ + "recordingConfiguration": {"hlsConfiguration": {"targetSegmentDurationSeconds": 5}}, \ "storageConfigurationArn":"arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE"}}]' Output:: @@ -34,7 +35,10 @@ Output:: "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" ], "recordingConfiguration": { - "format": "HLS" + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 5 + } }, "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE" } @@ -53,6 +57,7 @@ Output:: "featuredParticipantAttribute": "" "gridGap": 2, "omitStoppedVideo": false, + "participantOrderAttribute": "", "videoAspectRatio": "VIDEO", "videoFillMode": "" } @@ -64,7 +69,7 @@ Output:: } } -For more information, see `Composite Recording (Real-Time Streaming) `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. **Example 2: To start a composition with PiP layout** @@ -103,7 +108,10 @@ Output:: "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" ], "recordingConfiguration": { - "format": "HLS" + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } }, "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE" } @@ -122,6 +130,7 @@ Output:: "featuredParticipantAttribute": "abcdefg", "gridGap": 0, "omitStoppedVideo": false, + "participantOrderAttribute": "", "pipBehavior": "STATIC", "pipOffset": 0, "pipParticipantAttribute": "", @@ -136,4 +145,167 @@ Output:: } } -For more information, see `Composite Recording (Real-Time Streaming) `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. + +**Example 3: To start a composition with thumbnail recording enabled** + +The following ``start-composition`` example starts a composition for the specified stage to be streamed to the specified locations with thumbnail recording enabled. :: + + aws ivs-realtime start-composition \ + --stage-arn arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd \ + --destinations '[{"channel": {"channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", \ + "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"}}, \ + {"s3": {"encoderConfigurationArns": ["arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"], \ + "storageConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", \ + "thumbnailConfigurations": [{"storage": ["SEQUENTIAL"],"targetIntervalSeconds": 60}]}}]' + +Output:: + + { + "composition": { + "arn": "arn:aws:ivs:ap-northeast-1:123456789012:composition/abcdABCDefgh", + "destinations": [ + { + "configuration": { + "channel": { + "channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", + "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + }, + "name": "" + }, + "id": "AabBCcdDEefF", + "state": "STARTING" + }, + { + "configuration": { + "name": "", + "s3": { + "encoderConfigurationArns": [ + "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + ], + "recordingConfiguration": { + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } + }, + "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", + "thumbnailConfigurations": [ + { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ] + } + ] + } + }, + "detail": { + "s3": { + "recordingPrefix": "aBcDeFgHhGfE/AbCdEfGhHgFe/GHFabcgefABC/composite" + } + }, + "id": "GHFabcgefABC", + "state": "STARTING" + } + ], + "layout": { + "grid": { + "featuredParticipantAttribute": "" + "gridGap": 2, + "omitStoppedVideo": false, + "participantOrderAttribute": "", + "videoAspectRatio": "VIDEO", + "videoFillMode": "" + } + }, + "stageArn": "arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd", + "startTime": "2023-10-16T23:24:00+00:00", + "state": "STARTING", + "tags": {} + } + } + +For more information, see `Composite Recording (Real-Time Streaming) `__ in the *Amazon Interactive Video Service User Guide*. + +**Example 4: To start a composition using grid layout with custom participant ordering** + +The following ``start-composition`` example starts a composition for the specified stage to be streamed to the specified locations using grid layout with custom participant ordering. :: + + aws ivs-realtime start-composition \ + --stage-arn arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd \ + --destinations '[{"channel": {"channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", \ + "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"}}, \ + {"s3": {"encoderConfigurationArns": ["arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef"], \ + "storageConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", \ + "thumbnailConfigurations": [{"storage": ["SEQUENTIAL"],"targetIntervalSeconds": 60}]}}]' \ + --layout grid='{participantOrderAttribute="abcdefg"}' + +Output:: + + { + "composition": { + "arn": "arn:aws:ivs:ap-northeast-1:123456789012:composition/abcdABCDefgh", + "destinations": [ + { + "configuration": { + "channel": { + "channelArn": "arn:aws:ivs:ap-northeast-1:123456789012:channel/abcABCdefDEg", + "encoderConfigurationArn": "arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + }, + "name": "" + }, + "id": "AabBCcdDEefF", + "state": "STARTING" + }, + { + "configuration": { + "name": "", + "s3": { + "encoderConfigurationArns": [ + "arn:aws:ivs:arn:aws:ivs:ap-northeast-1:123456789012:encoder-configuration/ABabCDcdEFef" + ], + "recordingConfiguration": { + "format": "HLS", + "hlsConfiguration": { + "targetSegmentDurationSeconds": 2 + } + }, + "storageConfigurationArn": "arn:arn:aws:ivs:ap-northeast-1:123456789012:storage-configuration/FefABabCDcdE", + "thumbnailConfigurations": [ + { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ] + } + ] + } + }, + "detail": { + "s3": { + "recordingPrefix": "aBcDeFgHhGfE/AbCdEfGhHgFe/GHFabcgefABC/composite" + } + }, + "id": "GHFabcgefABC", + "state": "STARTING" + } + ], + "layout": { + "grid": { + "featuredParticipantAttribute": "" + "gridGap": 2, + "omitStoppedVideo": false, + "participantOrderAttribute": "abcdefg", + "videoAspectRatio": "VIDEO", + "videoFillMode": "" + } + }, + "stageArn": "arn:aws:ivs:ap-northeast-1:123456789012:stage/defgABCDabcd", + "startTime": "2023-10-16T23:24:00+00:00", + "state": "STARTING", + "tags": {} + } + } + +For more information, see `IVS Composite Recording | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/start-participant-replication.rst 2.31.35-1/awscli/examples/ivs-realtime/start-participant-replication.rst --- 2.23.6-1/awscli/examples/ivs-realtime/start-participant-replication.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/start-participant-replication.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +**To start replicating a participant from one stage to another stage** + +The following ``start-participant-replication`` example replicates a participant from a source stage to a destination stage, with each stage specified by its ARN (Amazon Resource Name). :: + + aws ivs-realtime start-participant-replication \ + --source-stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --destination-stage-arn arn:aws:ivs:us-west-2:234567890123:stage/bcdABCDefghi \ + --participant-id abCDEf12GHIj + +Output:: + + { + "accessControlAllowOrigin": "*", + "accessControlExposeHeaders": "Access-Control-Allow-Origin,Access-Control-Expose-Headers,Cache-Control,Content-Length, \ + Content-Security-Policy,Content-Type,date,Strict-Transport-Security,x-amz-apigw-id,x-amzn-errormessage,x-amzn-errortype, \ + x-amzn-requestid,x-amzn-trace-id,X-Content-Type-Options,X-Frame-Options", + "cacheControl": "no-store, no-cache", + "contentSecurityPolicy": "default-src 'self'; upgrade-insecure-requests;", + "strictTransportSecurity": "max-age:47304000; includeSubDomains", + "xContentTypeOptions": "nosniff", + "xFrameOptions": "DENY" + } + +For more information, see `IVS Participant Replication `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/stop-participant-replication.rst 2.31.35-1/awscli/examples/ivs-realtime/stop-participant-replication.rst --- 2.23.6-1/awscli/examples/ivs-realtime/stop-participant-replication.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/stop-participant-replication.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +**To stop replicating a participant from one stage to another stage** + +The following ``stop-participant-replication`` example stops replicating a participant from a source stage to a destination stage, with each stage specified by its ARN (Amazon Resource Name). :: + + aws ivs-realtime stop-participant-replication \ + --source-stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --destination-stage-arn arn:aws:ivs:us-west-2:234567890123:stage/bcdABCDefghi \ + --participant-id abCDEf12GHIj + +Output:: + + { + "accessControlAllowOrigin": "*", + "accessControlExposeHeaders": "Access-Control-Allow-Origin,Access-Control-Expose-Headers,Cache-Control,Content-Length, \ + Content-Security-Policy,Content-Type,date,Strict-Transport-Security,x-amz-apigw-id,x-amzn-errormessage,x-amzn-errortype, \ + x-amzn-requestid,x-amzn-trace-id,X-Content-Type-Options,X-Frame-Options", + "cacheControl": "no-store, no-cache", + "contentSecurityPolicy": "default-src 'self'; upgrade-insecure-requests;", + "strictTransportSecurity": "max-age:47304000; includeSubDomains", + "xContentTypeOptions": "nosniff", + "xFrameOptions": "DENY" + } + +For more information, see `IVS Participant Replication `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/ivs-realtime/update-stage.rst 2.31.35-1/awscli/examples/ivs-realtime/update-stage.rst --- 2.23.6-1/awscli/examples/ivs-realtime/update-stage.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ivs-realtime/update-stage.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,10 +1,12 @@ -**To update a stage's configuration** +**Example 1: To update a stage's configuration** -The following ``update-stage`` example updates a stage for a specified stage ARN to update the stage name and configure individual participant recording. :: +The following ``update-stage`` example updates a stage for a specified stage ARN to update the stage name and configure individual participant recording with thumbnail recording enabled. :: aws ivs-realtime update-stage \ --arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ - --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh"}' \ + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", "recordingReconnectWindowSeconds": 100, \ + "thumbnailConfiguration": {"recordingMode": "INTERVAL","storage": ["SEQUENTIAL"],"targetIntervalSeconds": 60}} \ + "hlsConfiguration": {"targetSegmentDurationSeconds": 5}}' \ --name stage1a Output:: @@ -13,10 +15,22 @@ Output:: "stage": { "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", "autoParticipantRecordingConfiguration": { - "mediaTypes": [ - "AUDIO_VIDEO" - ], - "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "INTERVAL" + }, + "recordingReconnectWindowSeconds": 100, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 5 + }, + "recordParticipantReplicas": true }, "endpoints": { "events": "wss://global.events.live-video.net", @@ -29,4 +43,51 @@ Output:: } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. + +**Example 2: To update a stage's configuration, including disabling participant replica recording** + +The following ``update-stage`` example updates a stage for a specified stage ARN to update the stage name and configure individual participant recording with thumbnail recording enabled and participant replica recording disabled. :: + + aws ivs-realtime update-stage \ + --arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", "recordingReconnectWindowSeconds": 100, \ + "thumbnailConfiguration": {"recordingMode": "INTERVAL","storage": ["SEQUENTIAL"],"targetIntervalSeconds": 60}, "recordParticipantReplicas":false} \ + "hlsConfiguration": {"targetSegmentDurationSeconds": 5}}' \ + --name stage1a + +Output:: + + { + "stage": { + "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "autoParticipantRecordingConfiguration": { + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + "thumbnailConfiguration": { + "targetIntervalSeconds": 60, + "storage": [ + "SEQUENTIAL" + ], + "recordingMode": "INTERVAL" + }, + "recordingReconnectWindowSeconds": 100, + "hlsConfiguration": { + "targetSegmentDurationSeconds": 5 + }, + "recordParticipantReplicas": false + }, + "endpoints": { + "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", + "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + }, + "name": "stage1a", + "tags": {} + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon IVS Low-Latency Streaming User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kendra/describe-data-source.rst 2.31.35-1/awscli/examples/kendra/describe-data-source.rst --- 2.23.6-1/awscli/examples/kendra/describe-data-source.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kendra/describe-data-source.rst 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,7 @@ Output:: "Template": { "connectionConfiguration": { "repositoryEndpointMetadata": { - "BucketName": "my-bucket" + "BucketName": "amzn-s3-demo-bucket" } }, "repositoryConfigurations": { diff -pruN 2.23.6-1/awscli/examples/kms/create-key.rst 2.31.35-1/awscli/examples/kms/create-key.rst --- 2.23.6-1/awscli/examples/kms/create-key.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/create-key.rst 2025-11-12 19:17:29.000000000 +0000 @@ -17,6 +17,7 @@ Output:: "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2017-07-05T14:04:55-07:00", + "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, @@ -40,7 +41,7 @@ For more information, see `Creating keys **Example 2: To create an asymmetric RSA KMS key for encryption and decryption** -The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. :: +The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.:: aws kms create-key \ --key-spec RSA_4096 \ @@ -75,7 +76,7 @@ For more information, see `Asymmetric ke **Example 3: To create an asymmetric elliptic curve KMS key for signing and verification** -To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. :: +To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.:: aws kms create-key \ --key-spec ECC_NIST_P521 \ @@ -105,10 +106,43 @@ Output:: } -For more information, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. +For more information, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. + +**Example 4: To create an asymmetric ML-DSA KMS key for signing and verification** + +This example creates a module-lattice digital signature algorithm (ML-DSA) key for signing and verification. The key-usage parameter is required even though ``SIGN_VERIFY`` is the only valid value for ML-DSA keys. :: + + aws kms create-key \ + --key-spec ML_DSA_65 \ + --key-usage SIGN_VERIFY + +Output:: + + { + "KeyMetadata": { + "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "AWSAccountId": "111122223333", + "CreationDate": "2019-12-02T07:48:55-07:00", + "Description": "", + "Enabled": true, + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyManager": "CUSTOMER", + "KeySpec": "ML_DSA_65", + "KeyState": "Enabled", + "KeyUsage": "SIGN_VERIFY", + "MultiRegion": false, + "Origin": "AWS_KMS", + "SigningAlgorithms": [ + "ML_DSA_SHAKE_256" + ] + } + } + + +For more information, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. -**Example 4: To create an HMAC KMS key** +**Example 5: To create an HMAC KMS key** The following ``create-key`` example creates a 384-bit HMAC KMS key. The ``GENERATE_VERIFY_MAC`` value for the ``--key-usage`` parameter is required even though it's the only valid value for HMAC KMS keys. :: @@ -142,7 +176,7 @@ Output:: For more information, see `HMAC keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. -**Example 4: To create a multi-Region primary KMS key** +**Example 6: To create a multi-Region primary KMS key** The following ``create-key`` example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the ``--multi-region`` parameter is required for this KMS key. In the AWS CLI, to indicate that a Boolean parameter is true, just specify the parameter name. :: @@ -156,6 +190,7 @@ Output:: "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab", "AWSAccountId": "111122223333", "CreationDate": "2021-09-02T016:15:21-09:00", + "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, @@ -183,7 +218,7 @@ Output:: For more information, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. -**Example 5: To create a KMS key for imported key material** +**Example 7: To create a KMS key for imported key material** The following ``create-key`` example creates a creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the ``--origin`` parameter to ``EXTERNAL``. :: @@ -253,7 +288,7 @@ Output:: For more information, see `AWS CloudHSM key stores `__ in the *AWS Key Management Service Developer Guide*. -**Example 7: To create a KMS key in an external key store** +**Example 8: To create a KMS key in an external key store** The following ``create-key`` example creates a creates a KMS key in the specified external key store. The ``--custom-key-store-id``, ``--origin``, and ``--xks-key-id`` parameters are required in this command. diff -pruN 2.23.6-1/awscli/examples/kms/delete-imported-key-material.rst 2.31.35-1/awscli/examples/kms/delete-imported-key-material.rst --- 2.23.6-1/awscli/examples/kms/delete-imported-key-material.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/delete-imported-key-material.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,6 +5,12 @@ The following ``delete-imported-key-mate aws kms delete-imported-key-material \ --key-id 1234abcd-12ab-34cd-56ef-1234567890ab -This command produces no output. To verify that the key material is deleted, use the ``describe-key`` command to look for a key state of ``PendingImport`` or ``PendingDeletion``. -For more information, see `Deleting imported key material`__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file +Output:: + + { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6" + } + +For more information, see `Deleting imported key material `__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kms/describe-key.rst 2.31.35-1/awscli/examples/kms/describe-key.rst --- 2.23.6-1/awscli/examples/kms/describe-key.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/describe-key.rst 2025-11-12 19:17:29.000000000 +0000 @@ -14,6 +14,7 @@ Output:: "AWSAccountId": "846764612917", "KeyId": "b8a9477d-836c-491f-857e-07937918959b", "Arn": "arn:aws:kms:us-west-2:846764612917:key/b8a9477d-836c-491f-857e-07937918959b", + "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "CreationDate": 2017-06-30T21:44:32.140000+00:00, "Enabled": true, "Description": "Default KMS key that protects my S3 objects when no other key is defined", @@ -80,6 +81,7 @@ Output:: "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "CreationDate": "2021-06-28T21:09:16.114000+00:00", + "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "Description": "", "Enabled": true, "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab", diff -pruN 2.23.6-1/awscli/examples/kms/disable-key.rst 2.31.35-1/awscli/examples/kms/disable-key.rst --- 2.23.6-1/awscli/examples/kms/disable-key.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/disable-key.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ **To temporarily disable a KMS key** -The following example uses the ``disable-key`` command to disable a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. :: +The following ``disable-key`` command disables a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. :: aws kms disable-key \ --key-id 1234abcd-12ab-34cd-56ef-1234567890ab diff -pruN 2.23.6-1/awscli/examples/kms/generate-data-key-pair-without-plaintext.rst 2.31.35-1/awscli/examples/kms/generate-data-key-pair-without-plaintext.rst --- 2.23.6-1/awscli/examples/kms/generate-data-key-pair-without-plaintext.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-data-key-pair-without-plaintext.rst 2025-11-12 19:17:29.000000000 +0000 @@ -20,6 +20,7 @@ Output:: "PrivateKeyCiphertextBlob": "AQIDAHi6LtupRpdKl2aJTzkK6FbhOtQkMlQJJH3PdtHvS/y+hAFFxmiD134doUDzMGmfCEtcAAAHaTCCB2UGCSqGSIb3DQEHBqCCB1...", "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...", "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "KeyPairSpec": "ECC_NIST_P384" } diff -pruN 2.23.6-1/awscli/examples/kms/generate-data-key-pair.rst 2.31.35-1/awscli/examples/kms/generate-data-key-pair.rst --- 2.23.6-1/awscli/examples/kms/generate-data-key-pair.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-data-key-pair.rst 2025-11-12 19:17:29.000000000 +0000 @@ -19,6 +19,7 @@ Output:: "PrivateKeyPlaintext": "MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDcDd4YzI+u9Kfv4t2UkTWhShBXkekS4cBVt07I0P42ZgMf+YvU5IgS4ut...", "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...", "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6" "KeyPairSpec": "RSA_2048" } diff -pruN 2.23.6-1/awscli/examples/kms/generate-data-key-without-plaintext.rst 2.31.35-1/awscli/examples/kms/generate-data-key-without-plaintext.rst --- 2.23.6-1/awscli/examples/kms/generate-data-key-without-plaintext.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-data-key-without-plaintext.rst 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,8 @@ Output:: { "CiphertextBlob": "AQEDAHjRYf5WytIc0C857tFSnBaPn2F8DgfmThbJlGfR8P3WlwAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEFogL", - "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6" } The ``CiphertextBlob`` (encrypted data key) is returned in base64-encoded format. diff -pruN 2.23.6-1/awscli/examples/kms/generate-data-key.rst 2.31.35-1/awscli/examples/kms/generate-data-key.rst --- 2.23.6-1/awscli/examples/kms/generate-data-key.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-data-key.rst 2025-11-12 19:17:29.000000000 +0000 @@ -15,13 +15,13 @@ Output:: { "Plaintext": "VdzKNHGzUAzJeRBVY+uUmofUGGiDzyB3+i9fVkh3piw=", "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6", "CiphertextBlob": "AQEDAHjRYf5WytIc0C857tFSnBaPn2F8DgfmThbJlGfR8P3WlwAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEFogLqPWZconQhwHAIBEIA7d9AC7GeJJM34njQvg4Wf1d5sw0NIo1MrBqZa+YdhV8MrkBQPeac0ReRVNDt9qleAt+SHgIRF8P0H+7U=" } The ``Plaintext`` (plaintext data key) and the ``CiphertextBlob`` (encrypted data key) are returned in base64-encoded format. -For more information, see `Data keys `__ in the *AWS Key Management Service Developer Guide*. **Example 2: To generate a 512-bit symmetric data key** The following ``generate-data-key`` example requests a 512-bit symmetric data key for encryption and decryption. The command returns a plaintext data key for immediate use and deletion, and a copy of that data key encrypted under the specified KMS key. You can safely store the encrypted data key with the encrypted data. @@ -41,9 +41,10 @@ Output:: { "CiphertextBlob": "AQIBAHi6LtupRpdKl2aJTzkK6FbhOtQkMlQJJH3PdtHvS/y+hAEnX/QQNmMwDfg2korNMEc8AAACaDCCAmQGCSqGSIb3DQEHBqCCAlUwggJRAgEAMIICSgYJKoZ...", "Plaintext": "ty8Lr0Bk6OF07M2BWt6qbFdNB+G00ZLtf5MSEb4al3R2UKWGOp06njAwy2n72VRm2m7z/Pm9Wpbvttz6a4lSo9hgPvKhZ5y6RTm4OovEXiVfBveyX3DQxDzRSwbKDPk/...", - "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6" } The ``Plaintext`` (plaintext data key) and ``CiphertextBlob`` (encrypted data key) are returned in base64-encoded format. -For more information, see `Data keys `__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kms/generate-mac.rst 2.31.35-1/awscli/examples/kms/generate-mac.rst --- 2.23.6-1/awscli/examples/kms/generate-mac.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-mac.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,45 @@ +**Example 1: To generate an HMAC for a message** + +The following ``generate-mac`` command generates an HMAC for a message, an HMAC KMS key, and a MAC algorithm. The algorithm must be supported by the specified HMAC KMS key. + +In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file. + +Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent a HMAC KMS key with a key usage of ``GENERATE_VERIFY_MAC``. :: + + msg=(echo 'Hello World' | base64) + + aws kms generate-mac \ + --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ + --message fileb://Message \ + --mac-algorithm HMAC_SHA_384 + +Output:: + + { + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "Mac": "", + "MacAlgorithm": "HMAC_SHA_384" + } + +For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. + +**Example 2: To save an HMAC in a file (Linux and macOs)** + +The following ``generate-mac`` example generates an HMAC for a short message stored in a local file. The command also gets the ``Mac`` property from the response, Base64-decodes it and saves it in the ExampleMac file. You can use the MAC file in a ``verify-mac`` command that verifies the MAC. + +The ``generate-mac`` command requires a Base64-encoded message and a MAC algorithm that your HMAC KMS key supports. To get the MAC algorithms that your KMS key supports, use the ``describe-key`` command. + +Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent an asymmetric KMS key with a key usage of GENERATE_VERIFY_MAC. :: + + echo 'hello world' | base64 > EncodedMessage + + aws kms generate-mac \ + --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ + --message fileb://EncodedMessage \ + --mac-algorithm HMAC_SHA_384 \ + --output text \ + --query Mac | base64 --decode > ExampleMac + +This command produces no output. This example extracts the ``Mac`` property of the output and saves it in a file. + +For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/kms/generate-random.rst 2.31.35-1/awscli/examples/kms/generate-random.rst --- 2.23.6-1/awscli/examples/kms/generate-random.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/generate-random.rst 2025-11-12 19:17:29.000000000 +0000 @@ -6,7 +6,7 @@ When you run this command, you must use You don't specify a KMS key when you run this command. The random byte string is unrelated to any KMS key. -By default, AWS KMS generates the random number. However, if you specify a `custom key store`__, the random byte string is generated in the AWS CloudHSM cluster associated with the custom key store. +By default, AWS KMS generates the random number. However, if you specify a `custom key store `__, the random byte string is generated in the AWS CloudHSM cluster associated with the custom key store. This example uses the following parameters and values: diff -pruN 2.23.6-1/awscli/examples/kms/get-public-key.rst 2.31.35-1/awscli/examples/kms/get-public-key.rst --- 2.23.6-1/awscli/examples/kms/get-public-key.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/get-public-key.rst 2025-11-12 19:17:29.000000000 +0000 @@ -20,8 +20,7 @@ Output:: ] } -For more information about using asymmetric KMS keys in AWS KMS, see `Using Symmetric and Asymmetric Keys `__ in the *AWS Key Management Service API Reference*. - +For more information about using asymmetric KMS keys in AWS KMS, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. **Example 2: To convert a public key to DER format (Linux and macOS)** The following ``get-public-key`` example downloads the public key of an asymmetric KMS key and saves it in a DER file. @@ -37,4 +36,4 @@ Before running this command, replace the This command produces no output. -For more information about using asymmetric KMS keys in AWS KMS, see `Using Symmetric and Asymmetric Keys `__ in the *AWS Key Management Service API Reference*. +For more information about using asymmetric KMS keys in AWS KMS, see `Asymmetric keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kms/import-key-material.rst 2.31.35-1/awscli/examples/kms/import-key-material.rst --- 2.23.6-1/awscli/examples/kms/import-key-material.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/import-key-material.rst 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,11 @@ Before running this command, replace the --expiration-model KEY_MATERIAL_EXPIRES \ --valid-to 2021-09-21T19:00:00Z -This command produces no output. +Output:: + + { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6" + } For more information about importing key material, see `Importing Key Material `__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kms/re-encrypt.rst 2.31.35-1/awscli/examples/kms/re-encrypt.rst --- 2.23.6-1/awscli/examples/kms/re-encrypt.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/re-encrypt.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ The following ``re-encrypt`` command exa * Provide the ciphertext in a file. - In the value of the ``--ciphertext-blob`` parameter, use the ``fileb://`` prefix, which tells the CLI to read the data from a binary file. If the file is not in the current directory, type the full path to file. For more information about reading AWS CLI parameter values from a file, see `Loading AWS CLI parameters from a file ` in the *AWS Command Line Interface User Guide* and `Best Practices for Local File Parameters` in the *AWS Command Line Tool Blog*. + In the value of the ``--ciphertext-blob`` parameter, use the ``fileb://`` prefix, which tells the CLI to read the data from a binary file. If the file is not in the current directory, type the full path to file. For more information about reading AWS CLI parameter values from a file, see `Loading AWS CLI parameters from a file `__ in the *AWS Command Line Interface User Guide* and `Best Practices for Local File Parameters `__ in the *AWS Command Line Tool Blog*. * Specify the source KMS key, which decrypts the ciphertext. @@ -34,7 +34,7 @@ Before running this command, replace the This command produces no output. The output from the ``re-encrypt`` command is base64-decoded and saved in a file. -For more information, see `ReEncrypt `__ in the *AWS Key Management Service API Reference*. **Example 2: To re-encrypt an encrypted message under a different symmetric KMS key (Windows command prompt).** @@ -59,4 +59,4 @@ Output:: Output Length = 12 CertUtil: -decode command completed successfully. -For more information, see `ReEncrypt `__ in the *AWS Key Management Service API Reference*. diff -pruN 2.23.6-1/awscli/examples/kms/sign.rst 2.31.35-1/awscli/examples/kms/sign.rst --- 2.23.6-1/awscli/examples/kms/sign.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/sign.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ The following ``sign`` example generates You must specify a message to sign and a signing algorithm that your asymmetric KMS key supports. To get the signing algorithms for your KMS key, use the ``describe-key`` command. -In AWS CLI 2.0, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file. +In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file. Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent an asymmetric KMS key with a key usage of SIGN_VERIFY. :: diff -pruN 2.23.6-1/awscli/examples/kms/verify-mac.rst 2.31.35-1/awscli/examples/kms/verify-mac.rst --- 2.23.6-1/awscli/examples/kms/verify-mac.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/verify-mac.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**Example 1: To verify an HMAC** + +The following ``verify-mac`` command verifies an HMAC for a particular message, HMAC KMS keys, and MAC algorithm. A value of 'true' in the MacValid value in the response indicates that the HMAC is valid. + +In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file. + +The MAC that you specify cannot be base64-encoded. For help decoding the MAC that the ``generate-mac`` command returns, see the ``generate-mac`` command examples. + +Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent a HMAC KMS key with a key usage of ``GENERATE_VERIFY_MAC``. :: + + msg=(echo 'Hello World' | base64) + + aws kms verify-mac \ + --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ + --message fileb://Message \ + --mac-algorithm HMAC_SHA_384 \ + --mac fileb://ExampleMac + +Output:: + + { + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "MacValid": true, + "MacAlgorithm": "HMAC_SHA_384" + } + +For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS `__ in the *AWS Key Management Service Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/kms/verify.rst 2.31.35-1/awscli/examples/kms/verify.rst --- 2.23.6-1/awscli/examples/kms/verify.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/kms/verify.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,10 @@ **To verify a digital signature** -The following ``verify`` example verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. The signature that you specify cannot be base64-encoded. For help decoding the signature that the ``sign`` command returns, see the ``sign`` command examples. +The following ``verify`` command verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. + +In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file. + +The signature that you specify cannot be base64-encoded. For help decoding the signature that the ``sign`` command returns, see the ``sign`` command examples. The output of the command includes a Boolean ``SignatureValid`` field that indicates that the signature was verified. If the signature validation fails, the ``verify`` command fails, too. diff -pruN 2.23.6-1/awscli/examples/lambda/create-function.rst 2.31.35-1/awscli/examples/lambda/create-function.rst --- 2.23.6-1/awscli/examples/lambda/create-function.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/lambda/create-function.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ The following ``create-function`` exampl aws lambda create-function \ --function-name my-function \ - --runtime nodejs18.x \ + --runtime nodejs22.x \ --zip-file fileb://my-function.zip \ --handler my-function.handler \ --role arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-tges6bf4 @@ -28,10 +28,10 @@ Output:: "Version": "$LATEST", "Role": "arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-zgur6bf4", "Timeout": 3, - "LastModified": "2023-10-14T22:26:11.234+0000", + "LastModified": "2025-10-14T22:26:11.234+0000", "Handler": "my-function.handler", - "Runtime": "nodejs18.x", + "Runtime": "nodejs22.x", "Description": "" } -For more information, see `AWS Lambda Function Configuration `__ in the *AWS Lambda Developer Guide*. +For more information, see `Configure Lambda function memory `__ in the *AWS Lambda Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/lambda/get-function.rst 2.31.35-1/awscli/examples/lambda/get-function.rst --- 2.23.6-1/awscli/examples/lambda/get-function.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/lambda/get-function.rst 2025-11-12 19:17:29.000000000 +0000 @@ -34,10 +34,10 @@ Output:: "Handler": "index.handler", "Role": "arn:aws:iam::123456789012:role/service-role/helloWorldPython-role-uy3l9qyq", "Timeout": 3, - "LastModified": "2019-09-24T18:20:35.054+0000", - "Runtime": "nodejs10.x", + "LastModified": "2025-09-24T18:20:35.054+0000", + "Runtime": "nodejs22.x", "Description": "" } } -For more information, see `AWS Lambda Function Configuration `__ in the *AWS Lambda Developer Guide*. +For more information, see `Configure Lambda function memory `__ in the *AWS Lambda Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/lambda/invoke.rst 2.31.35-1/awscli/examples/lambda/invoke.rst --- 2.23.6-1/awscli/examples/lambda/invoke.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/lambda/invoke.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,6 @@ The following ``invoke`` example invokes the ``my-function`` function synchronously. The ``cli-binary-format`` option is required if you're using AWS CLI version 2. For more information, see `AWS CLI supported global command line options `__ in the *AWS Command Line Interface User Guide*. :: aws lambda invoke \ - --cli-binary-format raw-in-base64-out \ --function-name my-function \ --cli-binary-format raw-in-base64-out \ --payload '{ "name": "Bob" }' \ @@ -16,14 +15,13 @@ Output:: "StatusCode": 200 } -For more information, see `Synchronous Invocation `__ in the *AWS Lambda Developer Guide*. +For more information, see `Invoke a Lambda function synchronously `__ in the *AWS Lambda Developer Guide*. **Example 2: To invoke a Lambda function asynchronously** The following ``invoke`` example invokes the ``my-function`` function asynchronously. The ``cli-binary-format`` option is required if you're using AWS CLI version 2. For more information, see `AWS CLI supported global command line options `__ in the *AWS Command Line Interface User Guide*. :: aws lambda invoke \ - --cli-binary-format raw-in-base64-out \ --function-name my-function \ --invocation-type Event \ --cli-binary-format raw-in-base64-out \ @@ -36,4 +34,4 @@ Output:: "StatusCode": 202 } -For more information, see `Asynchronous Invocation `__ in the *AWS Lambda Developer Guide*. +For more information, see `Invoking a Lambda function asynchronously `__ in the *AWS Lambda Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/lambda/list-functions.rst 2.31.35-1/awscli/examples/lambda/list-functions.rst --- 2.23.6-1/awscli/examples/lambda/list-functions.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/lambda/list-functions.rst 2025-11-12 19:17:29.000000000 +0000 @@ -22,8 +22,8 @@ Output:: "Handler": "helloworld.handler", "Role": "arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-zgur6bf4", "Timeout": 3, - "LastModified": "2023-09-23T18:32:33.857+0000", - "Runtime": "nodejs18.x", + "LastModified": "2025-09-23T18:32:33.857+0000", + "Runtime": "nodejs22.x", "Description": "" }, { @@ -45,8 +45,8 @@ Output:: "Handler": "index.handler", "Role": "arn:aws:iam::123456789012:role/service-role/helloWorldPython-role-uy3l9qyq", "Timeout": 3, - "LastModified": "2023-10-01T16:47:28.490+0000", - "Runtime": "nodejs18.x", + "LastModified": "2025-10-01T16:47:28.490+0000", + "Runtime": "nodejs22.x", "Description": "" }, { @@ -78,11 +78,11 @@ Output:: "Handler": "lambda_function.lambda_handler", "Role": "arn:aws:iam::123456789012:role/service-role/my-python-function-role-z5g7dr6n", "Timeout": 3, - "LastModified": "2023-10-01T19:40:41.643+0000", + "LastModified": "2025-10-01T19:40:41.643+0000", "Runtime": "python3.11", "Description": "" } ] } -For more information, see `AWS Lambda Function Configuration `__ in the *AWS Lambda Developer Guide*. \ No newline at end of file +For more information, see `Configure Lambda function memory `__ in the *AWS Lambda Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/create-monitor.rst 2.31.35-1/awscli/examples/networkflowmonitor/create-monitor.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/create-monitor.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/create-monitor.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +**To create a monitor** + +The following ``create-monitor`` example creates a monitor named ``demo`` in the specified account. :: + + aws networkflowmonitor create-monitor \ + --monitor-name demo \ + --local-resources type="AWS::EC2::VPC",identifier="arn:aws:ec2:us-east-1:123456789012:vpc/vpc-03ea55eeda25adbb0" \ + --scope-arn arn:aws:networkflowmonitor:us-east-1:123456789012:scope/e21cda79-30a0-4c12-9299-d8629d76d8cf + +Output:: + + { + "monitorArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/demo", + "monitorName": "demo", + "monitorStatus": "ACTIVE", + "tags": {} + } + +For more information, see `Create a monitor in Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/create-scope.rst 2.31.35-1/awscli/examples/networkflowmonitor/create-scope.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/create-scope.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/create-scope.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,16 @@ +**To create a scope** + +The following ``create-scope`` example creates a scope that includes a set of resources for which Network Flow Monitor will generate network traffic metrics. :: + + aws networkflowmonitor create-scope \ + --targets '[{"targetIdentifier":{"targetId":{"accountId":"123456789012"},"targetType":"ACCOUNT"},"region":"us-east-1"}]' + +Output:: + + { + "scopeId": "97626f8d-8a21-4b5d-813a-1a0962dd4615", + "status": "IN_PROGRESS", + "tags": {} + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/delete-monitor.rst 2.31.35-1/awscli/examples/networkflowmonitor/delete-monitor.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/delete-monitor.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/delete-monitor.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To delete a monitor** + +The following ``delete-monitor`` example deletes a monitor named ``demo`` in the specified account. :: + + aws networkflowmonitor delete-monitor \ + --monitor-name demo + +This command produces no output. + +For more information, see `Delete a monitor in Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/delete-scope.rst 2.31.35-1/awscli/examples/networkflowmonitor/delete-scope.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/delete-scope.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/delete-scope.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To delete a scope** + +The following ``delete-scope`` example deletes a specified scope. :: + + aws networkflowmonitor delete-scope \ + --scope-id fdc20616-6bb4-4242-a24e-a748e65ca7ac + +This command produces no output. + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-monitor.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-monitor.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-monitor.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-monitor.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,26 @@ +**To retrieve information about a monitor** + +The following ``get-monitor`` example displays information about the monitor named ``demo`` in the specified account. :: + + aws networkflowmonitor get-monitor \ + --monitor-name Demo + +Output:: + + { + "monitorArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo", + "monitorName": "Demo", + "monitorStatus": "ACTIVE", + "localResources": [ + { + "type": "AWS::EC2::VPC", + "identifier": "arn:aws:ec2:us-east-1:123456789012:vpc/vpc-03ea55eeda25adbb0" + } + ], + "remoteResources": [], + "createdAt": "2024-12-09T12:21:51.616000-06:00", + "modifiedAt": "2024-12-09T12:21:55.412000-06:00", + "tags": {} + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors-data.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors-data.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors-data.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors-data.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,30 @@ +**To retrieve the top contributor data on workload insights** + +The following ``get-query-results-workload-insights-top-contributors-data`` example returns the data for the specified query. :: + + aws networkflowmonitor get-query-results-workload-insights-top-contributors-data \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id cc4f4ab3-3103-33b8-80ff-d6597a0c6cea + +Output:: + + { + "datapoints": [ + { + "timestamps": [ + "2024-12-09T19:00:00+00:00", + "2024-12-09T19:05:00+00:00", + "2024-12-09T19:10:00+00:00" + ], + "values": [ + 259943.0, + 194856.0, + 216432.0 + ], + "label": "use1-az6" + } + ], + "unit": "Bytes" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-query-results-workload-insights-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To retrieve the top contributors on workload insights** + +The following ``get-query-results-workload-insights-top-contributors`` example returns the data for the specified query. :: + + aws networkflowmonitor get-query-results-workload-insights-top-contributors \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id 1fc423d3-b144-37a6-80e6-e2c7d26eea0c + +Output:: + + { + "topContributors": [ + { + "accountId": "123456789012", + "localSubnetId": "subnet-0a5b30fb95dca2c14", + "localAz": "use1-az6", + "localVpcId": "vpc-03ea55eeda25adbb0", + "localRegion": "us-east-1", + "remoteIdentifier": "", + "value": 908443, + "localSubnetArn": "arn:aws:ec2:us-east-1:123456789012:subnet/subnet-0a5b30fb95dca2c14", + "localVpcArn": "arn:aws:ec2:us-east-1:123456789012:vpc/vpc-03ea55eeda25adbb0" + } + ] + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-monitor-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-monitor-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-monitor-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-monitor-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To retrieve the status of the query** + +The following ``get-query-status-monitor-top-contributors`` example displays the current status of the query in the specified account. :: + + aws networkflowmonitor get-query-status-monitor-top-contributors \ + --monitor-name Demo \ + --query-id 5398eabd-bc40-3f5f-aba3-bcb639d3c7ca + +Output:: + + { + "status": "SUCCEEDED" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors-data.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors-data.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors-data.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors-data.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To retrieve the status of the query** + +The following ``get-query-status-workload-insights-top-contributors-data`` example displays the current status of the query in the specified account. :: + + aws networkflowmonitor get-query-status-workload-insights-top-contributors-data \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id 4333754d-8ae1-3f29-b6b7-c36db2e7f8ac + +Output:: + + { + "status": "SUCCEEDED" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-query-status-workload-insights-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,15 @@ +**To retrieve the status of the query** + +The following ``get-query-status-workload-insights-top-contributors`` example displays the current status of the query in the specified account. :: + + aws networkflowmonitor get-query-status-workload-insights-top-contributors \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id f2a87c70-3e5a-362e-8beb-4747d13d8419 + +Output:: + + { + "status": "SUCCEEDED" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/get-scope.rst 2.31.35-1/awscli/examples/networkflowmonitor/get-scope.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/get-scope.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/get-scope.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,28 @@ +**To retrieve information about a scope** + +The following ``get-scope`` example displays information about a scope, such as status, tags, name and target details. :: + + aws networkflowmonitor get-scope \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf + +Output:: + + { + "scopeId": "e21cda79-30a0-4c12-9299-d8629d76d8cf", + "status": "SUCCEEDED", + "scopeArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:scope/e21cda79-30a0-4c12-9299-d8629d76d8cf", + "targets": [ + { + "targetIdentifier": { + "targetId": { + "accountId": "123456789012" + }, + "targetType": "ACCOUNT" + }, + "region": "us-east-1" + } + ], + "tags": {} + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/list-monitors.rst 2.31.35-1/awscli/examples/networkflowmonitor/list-monitors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/list-monitors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/list-monitors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +**To retrieve a list of monitors** + +The following ``list-monitors`` example returns returns all the monitors in the specified account. :: + + aws networkflowmonitor list-monitors + +Output:: + + { + "monitors": [ + { + "monitorArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo", + "monitorName": "Demo", + "monitorStatus": "ACTIVE" + } + ] + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/list-scopes.rst 2.31.35-1/awscli/examples/networkflowmonitor/list-scopes.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/list-scopes.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/list-scopes.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,19 @@ +**To retrieve a list of scopes** + +The following ``list-scopes`` example lists all scopes in the specified account. :: + + aws networkflowmonitor list-scopes + +Output:: + + { + "scopes": [ + { + "scopeId": "fdc20616-6bb4-4242-a24e-a748e65ca7ac", + "status": "SUCCEEDED", + "scopeArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:scope/fdc20616-6bb4-4242-a24e-a748e65ca7ac" + } + ] + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/list-tags-for-resource.rst 2.31.35-1/awscli/examples/networkflowmonitor/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/list-tags-for-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To list the tags** + +The following ``list-tags-for-resource`` example returns all the tags associated with the specified resource. :: + + aws networkflowmonitor list-tags-for-resource \ + --resource-arn arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo + +Output:: + + { + "tags": { + "Value": "Production", + "Key": "stack" + } + } + +For more information, see `Tagging your Amazon CloudWatch resources `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/start-query-monitor-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/start-query-monitor-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/start-query-monitor-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/start-query-monitor-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To start a query** + +The following ``start-query-monitor-top-contributors`` example starts the query which returns a query ID to retrieve the top contributors. :: + + aws networkflowmonitor start-query-monitor-top-contributors \ + --monitor-name Demo \ + --start-time 2024-12-09T19:00:00Z \ + --end-time 2024-12-09T19:15:00Z \ + --metric-name DATA_TRANSFERRED \ + --destination-category UNCLASSIFIED + +Output:: + + { + "queryId": "aecd3a88-0283-35b0-a17d-6e944dc8531d" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors-data.rst 2.31.35-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors-data.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors-data.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors-data.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To start a query** + +The following ``start-query-workload-insights-top-contributors-data`` example starts the query which returns a query ID to retrieve the top contributors. :: + + aws networkflowmonitor start-query-workload-insights-top-contributors-data \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --start-time 2024-12-09T19:00:00Z \ + --end-time 2024-12-09T19:15:00Z \ + --metric-name DATA_TRANSFERRED \ + --destination-category UNCLASSIFIED + +Output:: + + { + "queryId": "cc4f4ab3-3103-33b8-80ff-d6597a0c6cea" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/start-query-workload-insights-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To start a query** + +The following ``start-query-workload-insights-top-contributors`` example starts the query which returns a query ID to retrieve the top contributors. :: + + aws networkflowmonitor start-query-workload-insights-top-contributors \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --start-time 2024-12-09T19:00:00Z \ + --end-time 2024-12-09T19:15:00Z \ + --metric-name DATA_TRANSFERRED \ + --destination-category UNCLASSIFIED + +Output:: + + { + "queryId": "1fc423d3-b144-37a6-80e6-e2c7d26eea0c" + } + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-monitor-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-monitor-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-monitor-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-monitor-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To stop a query** + +The following ``stop-query-monitor-top-contributors`` example stops the query in the specified account. :: + + aws networkflowmonitor stop-query-monitor-top-contributors \ + --monitor-name Demo \ + --query-id aecd3a88-0283-35b0-a17d-6e944dc8531d + +This command produces no output. + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors-data.rst 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors-data.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors-data.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors-data.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To stop a query** + +The following ``stop-query-workload-insights-top-contributors-data`` example stops the query in the specified account. :: + + aws networkflowmonitor stop-query-workload-insights-top-contributors-data \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id cc4f4ab3-3103-33b8-80ff-d6597a0c6cea + +This command produces no output. + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors.rst 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/stop-query-workload-insights-top-contributors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To stop a query** + +The following ``stop-query-workload-insights-top-contributors`` example stops the query in the specified account. :: + + aws networkflowmonitor stop-query-workload-insights-top-contributors \ + --scope-id e21cda79-30a0-4c12-9299-d8629d76d8cf \ + --query-id 1fc423d3-b144-37a6-80e6-e2c7d26eea0c + +This command produces no output. + +For more information, see `Evaluate network flows with workload insights `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/tag-resource.rst 2.31.35-1/awscli/examples/networkflowmonitor/tag-resource.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/tag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To add a tag to the specified resource** + +The following ``tag-resource`` example adds a tag to the monitor in the specified account. :: + + aws networkflowmonitor tag-resource \ + --resource-arn arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo \ + --tags Key=stack,Value=Production + +This command produces no output. + +For more information, see `Tagging your Amazon CloudWatch resources `__ in the *Amazon CloudWatch User Guide*. diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/untag-resource.rst 2.31.35-1/awscli/examples/networkflowmonitor/untag-resource.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/untag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To remove a tag from the specified resource** + +The following ``untag-resource`` example removes a tag from the monitor in the specified account. :: + + aws networkflowmonitor untag-resource \ + --resource-arn arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo \ + --tag-keys stack + +This command produces no output. + +For more information, see `Tagging your Amazon CloudWatch resources `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkflowmonitor/update-monitor.rst 2.31.35-1/awscli/examples/networkflowmonitor/update-monitor.rst --- 2.23.6-1/awscli/examples/networkflowmonitor/update-monitor.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkflowmonitor/update-monitor.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,21 @@ +**To update an existing monitor** + +The following ``update-monitor`` example updates the monitor named ``Demo`` in the specified account. :: + + aws networkflowmonitor update-monitor \ + --monitor-name Demo \ + --local-resources-to-add type="AWS::EC2::VPC",identifier="arn:aws:ec2:us-east-1:123456789012:vpc/vpc-048d08dfbec623f94" + +Output:: + + { + "monitorArn": "arn:aws:networkflowmonitor:us-east-1:123456789012:monitor/Demo", + "monitorName": "Demo", + "monitorStatus": "ACTIVE", + "tags": { + "Value": "Production", + "Key": "stack" + } + } + +For more information, see `Components and features of Network Flow Monitor `__ in the *Amazon CloudWatch User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkmanager/delete-bucket-analytics-configuration.rst 2.31.35-1/awscli/examples/networkmanager/delete-bucket-analytics-configuration.rst --- 2.23.6-1/awscli/examples/networkmanager/delete-bucket-analytics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/delete-bucket-analytics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-bucket-analytics-configuration`` example removes the analytics configuration for the specified bucket and ID. :: aws s3api delete-bucket-analytics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkmanager/delete-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/networkmanager/delete-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/networkmanager/delete-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/delete-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-bucket-metrics-configuration`` example removes the metrics configuration for the specified bucket and ID. :: aws s3api delete-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/networkmanager/delete-public-access-block.rst 2.31.35-1/awscli/examples/networkmanager/delete-public-access-block.rst --- 2.23.6-1/awscli/examples/networkmanager/delete-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/delete-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,6 +3,6 @@ The following ``delete-public-access-block`` example removes the block public access configuration on the specified bucket. :: aws s3api delete-public-access-block \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket This command produces no output. diff -pruN 2.23.6-1/awscli/examples/networkmanager/get-bucket-analytics-configuration.rst 2.31.35-1/awscli/examples/networkmanager/get-bucket-analytics-configuration.rst --- 2.23.6-1/awscli/examples/networkmanager/get-bucket-analytics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/get-bucket-analytics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-analytics-configuration`` example displays the analytics configuration for the specified bucket and ID. :: aws s3api get-bucket-analytics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/get-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/networkmanager/get-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/networkmanager/get-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/get-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-metrics-configuration`` example displays the metrics configuration for the specified bucket and ID. :: aws s3api get-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/get-object-retention.rst 2.31.35-1/awscli/examples/networkmanager/get-object-retention.rst --- 2.23.6-1/awscli/examples/networkmanager/get-object-retention.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/get-object-retention.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-retention`` example retrieves the object retention configuration for the specified object. :: aws s3api get-object-retention \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/get-public-access-block.rst 2.31.35-1/awscli/examples/networkmanager/get-public-access-block.rst --- 2.23.6-1/awscli/examples/networkmanager/get-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/get-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,7 +2,7 @@ The following ``get-public-access-block`` example displays the block public access configuration for the specified bucket. :: - aws s3api get-public-access-block --bucket my-bucket + aws s3api get-public-access-block --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/list-bucket-analytics-configurations.rst 2.31.35-1/awscli/examples/networkmanager/list-bucket-analytics-configurations.rst --- 2.23.6-1/awscli/examples/networkmanager/list-bucket-analytics-configurations.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/list-bucket-analytics-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-bucket-analytics-configurations`` retrieves a list of analytics configurations for the specified bucket. :: aws s3api list-bucket-analytics-configurations \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/list-bucket-metrics-configurations.rst 2.31.35-1/awscli/examples/networkmanager/list-bucket-metrics-configurations.rst --- 2.23.6-1/awscli/examples/networkmanager/list-bucket-metrics-configurations.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/list-bucket-metrics-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-bucket-metrics-configurations`` example retrieves a list of metrics configurations for the specified bucket. :: aws s3api list-bucket-metrics-configurations \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/networkmanager/put-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/networkmanager/put-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/networkmanager/put-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/put-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-metrics-configuration`` example sets a metric configuration with ID 123 for the specified bucket. :: aws s3api put-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 \ --metrics-configuration '{"Id": "123", "Filter": {"Prefix": "logs"}}' diff -pruN 2.23.6-1/awscli/examples/networkmanager/put-object-retention.rst 2.31.35-1/awscli/examples/networkmanager/put-object-retention.rst --- 2.23.6-1/awscli/examples/networkmanager/put-object-retention.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/put-object-retention.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-object-retention`` example sets an object retention configuration for the specified object until 2025-01-01. :: aws s3api put-object-retention \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf \ --retention '{ "Mode": "GOVERNANCE", "RetainUntilDate": "2025-01-01T00:00:00" }' diff -pruN 2.23.6-1/awscli/examples/networkmanager/put-public-access-block.rst 2.31.35-1/awscli/examples/networkmanager/put-public-access-block.rst --- 2.23.6-1/awscli/examples/networkmanager/put-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/networkmanager/put-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-public-access-block`` example sets a restrictive block public access configuration for the specified bucket. :: aws s3api put-public-access-block \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" This command produces no output. diff -pruN 2.23.6-1/awscli/examples/omics/cancel-run.rst 2.31.35-1/awscli/examples/omics/cancel-run.rst --- 2.23.6-1/awscli/examples/omics/cancel-run.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/cancel-run.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,4 +5,4 @@ The following ``cancel-run`` example can aws omics cancel-run \ --id 1234567 -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Run lifecycle in a workflow `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/create-run-group.rst 2.31.35-1/awscli/examples/omics/create-run-group.rst --- 2.23.6-1/awscli/examples/omics/create-run-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/create-run-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,7 +5,9 @@ The following ``create-run-group`` examp aws omics create-run-group \ --name cram-converter \ --max-cpus 20 \ - --max-duration 600 + --max-gpus 10 \ + --max-duration 600 \ + --max-runs 5 Output:: @@ -15,4 +17,4 @@ Output:: "tags": {} } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating run groups `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/create-workflow.rst 2.31.35-1/awscli/examples/omics/create-workflow.rst --- 2.23.6-1/awscli/examples/omics/create-workflow.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/create-workflow.rst 2025-11-12 19:17:29.000000000 +0000 @@ -42,4 +42,4 @@ Output:: "tags": {} } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating private workflows `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/delete-run-group.rst 2.31.35-1/awscli/examples/omics/delete-run-group.rst --- 2.23.6-1/awscli/examples/omics/delete-run-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/delete-run-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,4 +5,4 @@ The following ``delete-run-group`` examp aws omics delete-run-group \ --id 1234567 -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Deleting runs and run groups `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/delete-run.rst 2.31.35-1/awscli/examples/omics/delete-run.rst --- 2.23.6-1/awscli/examples/omics/delete-run.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/delete-run.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,4 +5,4 @@ The following ``delete-run`` example del aws omics delete-run \ --id 1234567 -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Deleting runs and run groups `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/delete-workflow.rst 2.31.35-1/awscli/examples/omics/delete-workflow.rst --- 2.23.6-1/awscli/examples/omics/delete-workflow.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/delete-workflow.rst 2025-11-12 19:17:29.000000000 +0000 @@ -5,4 +5,4 @@ The following ``delete-workflow`` exampl aws omics delete-workflow \ --id 1234567 -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Delete a private workflow `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/get-run-group.rst 2.31.35-1/awscli/examples/omics/get-run-group.rst --- 2.23.6-1/awscli/examples/omics/get-run-group.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/get-run-group.rst 2025-11-12 19:17:29.000000000 +0000 @@ -17,4 +17,4 @@ Output:: "tags": {} } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating run groups `__ in the *AWS HealthOmics User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/omics/get-run-task.rst 2.31.35-1/awscli/examples/omics/get-run-task.rst --- 2.23.6-1/awscli/examples/omics/get-run-task.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/get-run-task.rst 2025-11-12 19:17:29.000000000 +0000 @@ -20,4 +20,4 @@ Output:: "taskId": "1234567" } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Task lifecycle in a HealthOmics run `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/get-run.rst 2.31.35-1/awscli/examples/omics/get-run.rst --- 2.23.6-1/awscli/examples/omics/get-run.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/get-run.rst 2025-11-12 19:17:29.000000000 +0000 @@ -35,4 +35,4 @@ Output:: "workflowType": "PRIVATE" } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Run lifecycle in a workflow `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/get-workflow.rst 2.31.35-1/awscli/examples/omics/get-workflow.rst --- 2.23.6-1/awscli/examples/omics/get-workflow.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/get-workflow.rst 2025-11-12 19:17:29.000000000 +0000 @@ -38,4 +38,4 @@ Output:: "type": "PRIVATE" } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating private workflows `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/list-run-groups.rst 2.31.35-1/awscli/examples/omics/list-run-groups.rst --- 2.23.6-1/awscli/examples/omics/list-run-groups.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/list-run-groups.rst 2025-11-12 19:17:29.000000000 +0000 @@ -19,4 +19,4 @@ Output:: ] } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating run groups `__ in the *AWS HealthOmics User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/omics/list-run-tasks.rst 2.31.35-1/awscli/examples/omics/list-run-tasks.rst --- 2.23.6-1/awscli/examples/omics/list-run-tasks.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/list-run-tasks.rst 2025-11-12 19:17:29.000000000 +0000 @@ -32,4 +32,4 @@ Output:: ] } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Task lifecycle in a HealthOmics run `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/list-runs.rst 2.31.35-1/awscli/examples/omics/list-runs.rst --- 2.23.6-1/awscli/examples/omics/list-runs.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/list-runs.rst 2025-11-12 19:17:29.000000000 +0000 @@ -43,4 +43,4 @@ Output:: ] } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Run lifecycle in a workflow `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/list-workflows.rst 2.31.35-1/awscli/examples/omics/list-workflows.rst --- 2.23.6-1/awscli/examples/omics/list-workflows.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/list-workflows.rst 2025-11-12 19:17:29.000000000 +0000 @@ -29,4 +29,4 @@ Output:: ] } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating private workflows `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/start-run.rst 2.31.35-1/awscli/examples/omics/start-run.rst --- 2.23.6-1/awscli/examples/omics/start-run.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/start-run.rst 2025-11-12 19:17:29.000000000 +0000 @@ -32,7 +32,7 @@ Output:: "tags": {} } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. +For more information, see `Starting a run `__ in the *AWS HealthOmics User Guide*. **To load source files from Amazon Omics** @@ -46,4 +46,3 @@ You can also load source files from Amaz "ref_fasta_index": "omics://123456789012.storage.us-west-2.amazonaws.com/1234567890/reference/1234567890/index" } -For more information, see `Omics Workflows `__ in the *Amazon Omics Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/omics/update-workflow.rst 2.31.35-1/awscli/examples/omics/update-workflow.rst --- 2.23.6-1/awscli/examples/omics/update-workflow.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/omics/update-workflow.rst 2025-11-12 19:17:29.000000000 +0000 @@ -6,4 +6,4 @@ The following ``update-workflow`` exampl --id 1234567 \ --description "copy workflow" -For more information, see `Omics Storage `__ in the *Amazon Omics Developer Guide*. +For more information, see `Creating or updating a workflow `__ in the *AWS HealthOmics User Guide*. diff -pruN 2.23.6-1/awscli/examples/opsworks/assign-instance.rst 2.31.35-1/awscli/examples/opsworks/assign-instance.rst --- 2.23.6-1/awscli/examples/opsworks/assign-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/assign-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To assign a registered instance to a layer** - -The following example assigns a registered instance to a custom layer. :: - - aws opsworks --region us-east-1 assign-instance --instance-id 4d6d1710-ded9-42a1-b08e-b043ad7af1e2 --layer-ids 26cf1d32-6876-42fa-bbf1-9cadc0bff938 - -*Output*: None. - -**More Information** - -For more information, see `Assigning a Registered Instance to a Layer`_ in the *AWS OpsWorks User Guide*. - -.. _`Assigning a Registered Instance to a Layer`: http://docs.aws.amazon.com/opsworks/latest/userguide/registered-instances-assign.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/assign-volume.rst 2.31.35-1/awscli/examples/opsworks/assign-volume.rst --- 2.23.6-1/awscli/examples/opsworks/assign-volume.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/assign-volume.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To assign a registered volume to an instance** - -The following example assigns a registered Amazon Elastic Block Store (Amazon EBS) volume to an instance. -The volume is identified by its volume ID, which is the GUID that AWS OpsWorks assigns when -you register the volume with a stack, not the Amazon Elastic Compute Cloud (Amazon EC2) volume ID. -Before you run ``assign-volume``, you must first run ``update-volume`` to assign a mount point to the volume. :: - - aws opsworks --region us-east-1 assign-volume --instance-id 4d6d1710-ded9-42a1-b08e-b043ad7af1e2 --volume-id 26cf1d32-6876-42fa-bbf1-9cadc0bff938 - -*Output*: None. - -**More Information** - -For more information, see `Assigning Amazon EBS Volumes to an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Assigning Amazon EBS Volumes to an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-attach.html#resources-attach-ebs - diff -pruN 2.23.6-1/awscli/examples/opsworks/associate-elastic-ip.rst 2.31.35-1/awscli/examples/opsworks/associate-elastic-ip.rst --- 2.23.6-1/awscli/examples/opsworks/associate-elastic-ip.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/associate-elastic-ip.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To associate an Elastic IP address with an instance** - -The following example associates an Elastic IP address with a specified instance. :: - - aws opsworks --region us-east-1 associate-elastic-ip --instance-id dfe18b02-5327-493d-91a4-c5c0c448927f --elastic-ip 54.148.130.96 - -*Output*: None. - -**More Information** - -For more information, see `Resource Management`_ in the *AWS OpsWorks User Guide*. - -.. _`Resource Management`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/attach-elastic-load-balancer.rst 2.31.35-1/awscli/examples/opsworks/attach-elastic-load-balancer.rst --- 2.23.6-1/awscli/examples/opsworks/attach-elastic-load-balancer.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/attach-elastic-load-balancer.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To attach a load balancer to a layer** - -The following example attaches a load balancer, identified by its name, to a specified layer. :: - - aws opsworks --region us-east-1 attach-elastic-load-balancer --elastic-load-balancer-name Java-LB --layer-id 888c5645-09a5-4d0e-95a8-812ef1db76a4 - -*Output*: None. - -**More Information** - -For more information, see `Elastic Load Balancing`_ in the *AWS OpsWorks User Guide*. - -.. _`Elastic Load Balancing`: http://docs.aws.amazon.com/opsworks/latest/userguide/load-balancer-elb.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/create-app.rst 2.31.35-1/awscli/examples/opsworks/create-app.rst --- 2.23.6-1/awscli/examples/opsworks/create-app.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-app.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -**Example 1: To create an app** - -The following example creates a PHP app named SimplePHPApp from code stored in a GitHub repository. -The command uses the shorthand form of the application source definition. :: - - aws opsworks create-app \ - --region us-east-1 \ - --stack-id f6673d70-32e6-4425-8999-265dd002fec7 \ - --name SimplePHPApp \ - --type php \ - --app-source Type=git,Url=git://github.com/amazonwebservices/opsworks-demo-php-simple-app.git,Revision=version1 - -Output:: - - { - "AppId": "6cf5163c-a951-444f-a8f7-3716be75f2a2" - } - -**Example 2: To create an app with an attached database** - -The following example creates a JSP app from code stored in .zip archive in a public S3 bucket. -It attaches an RDS DB instance to serve as the app's data store. The application and database sources are defined in separate -JSON files that are in the directory from which you run the command. :: - - aws opsworks create-app \ - --region us-east-1 \ - --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 \ - --name SimpleJSP \ - --type java \ - --app-source file://appsource.json \ - --data-sources file://datasource.json - -The application source information is in ``appsource.json`` and contains the following. :: - - { - "Type": "archive", - "Url": "https://s3.amazonaws.com/opsworks-demo-assets/simplejsp.zip" - } - -The database source information is in ``datasource.json`` and contains the following. :: - - [ - { - "Type": "RdsDbInstance", - "Arn": "arn:aws:rds:us-west-2:123456789012:db:clitestdb", - "DatabaseName": "mydb" - } - ] - -**Note**: For an RDS DB instance, you must first use ``register-rds-db-instance`` to register the instance with the stack. -For MySQL App Server instances, set ``Type`` to ``OpsworksMysqlInstance``. These instances are -created by AWS OpsWorks, -so they do not have to be registered. - -Output:: - - { - "AppId": "26a61ead-d201-47e3-b55c-2a7c666942f8" - } - -For more information, see `Adding Apps`_ in the *AWS OpsWorks User Guide*. - -.. _`Adding Apps`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps-creating.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/create-deployment.rst 2.31.35-1/awscli/examples/opsworks/create-deployment.rst --- 2.23.6-1/awscli/examples/opsworks/create-deployment.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-deployment.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ -**Example 1: To deploy apps and run stack commands** - -The following examples show how to use the ``create-deployment`` command to deploy apps and run stack commands. Notice that the quote (``"``) characters in the JSON object that specifies the command are all preceded by escape characters (\\). Without the escape characters, the command might return an invalid JSON error. - -The following ``create-deployment`` example deploys an app to a specified stack. :: - - aws opsworks create-deployment \ - --stack-id cfb7e082-ad1d-4599-8e81-de1c39ab45bf \ - --app-id 307be5c8-d55d-47b5-bd6e-7bd417c6c7eb - --command "{\"Name\":\"deploy\"}" - -Output:: - - { - "DeploymentId": "5746c781-df7f-4c87-84a7-65a119880560" - } - -**Example 2: To deploy a Rails App and Migrate the Database** - -The following ``create-deployment`` command deploys a Ruby on Rails app to a specified stack and migrates the database. :: - - aws opsworks create-deployment \ - --stack-id cfb7e082-ad1d-4599-8e81-de1c39ab45bf \ - --app-id 307be5c8-d55d-47b5-bd6e-7bd417c6c7eb \ - --command "{\"Name\":\"deploy\", \"Args\":{\"migrate\":[\"true\"]}}" - -Output:: - - { - "DeploymentId": "5746c781-df7f-4c87-84a7-65a119880560" - } - -For more information on deployment, see `Deploying Apps `__ in the *AWS OpsWorks User Guide*. - -**Example 3: Run a Recipe** - -The following ``create-deployment`` command runs a custom recipe, ``phpapp::appsetup``, on the instances in a specified stack. :: - - aws opsworks create-deployment \ - --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb \ - --command "{\"Name\":\"execute_recipes\", \"Args\":{\"recipes\":[\"phpapp::appsetup\"]}}" - -Output:: - - { - "DeploymentId": "5cbaa7b9-4e09-4e53-aa1b-314fbd106038" - } - -For more information, see `Run Stack Commands `__ in the *AWS OpsWorks User Guide*. - -**Example 4: Install Dependencies** - -The following ``create-deployment`` command installs dependencies, such as packages or Ruby gems, on the instances in a -specified stack. :: - - aws opsworks create-deployment \ - --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb \ - --command "{\"Name\":\"install_dependencies\"}" - -Output:: - - { - "DeploymentId": "aef5b255-8604-4928-81b3-9b0187f962ff" - } - -For more information, see `Run Stack Commands `__ in the *AWS OpsWorks User Guide*. diff -pruN 2.23.6-1/awscli/examples/opsworks/create-instance.rst 2.31.35-1/awscli/examples/opsworks/create-instance.rst --- 2.23.6-1/awscli/examples/opsworks/create-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -**To create an instance** - -The following ``create-instance`` command creates an m1.large Amazon Linux instance named myinstance1 in a specified stack. -The instance is assigned to one layer. :: - - aws opsworks --region us-east-1 create-instance --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --layer-ids 5c8c272a-f2d5-42e3-8245-5bf3927cb65b --hostname myinstance1 --instance-type m1.large --os "Amazon Linux" - -To use an autogenerated name, call `get-hostname-suggestion`_, which generates -a hostname based on the theme that you specified when you created the stack. -Then pass that name to the `hostname` argument. - -.. _get-hostname-suggestion: http://docs.aws.amazon.com/cli/latest/reference/opsworks/get-hostname-suggestion.html - -*Output*:: - - { - "InstanceId": "5f9adeaa-c94c-42c6-aeef-28a5376002cd" - } - -**More Information** - -For more information, see `Adding an Instance to a Layer`_ in the *AWS OpsWorks User Guide*. - -.. _`Adding an Instance to a Layer`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-add.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/create-layer.rst 2.31.35-1/awscli/examples/opsworks/create-layer.rst --- 2.23.6-1/awscli/examples/opsworks/create-layer.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-layer.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To create a layer** - -The following ``create-layer`` command creates a PHP App Server layer named MyPHPLayer in a specified stack. :: - - aws opsworks create-layer --region us-east-1 --stack-id f6673d70-32e6-4425-8999-265dd002fec7 --type php-app --name MyPHPLayer --shortname myphplayer - -*Output*:: - - { - "LayerId": "0b212672-6b4b-40e4-8a34-5a943cf2e07a" - } - -**More Information** - -For more information, see `How to Create a Layer`_ in the *AWS OpsWorks User Guide*. - -.. _`How to Create a Layer`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinglayers-basics-create.html diff -pruN 2.23.6-1/awscli/examples/opsworks/create-server.rst 2.31.35-1/awscli/examples/opsworks/create-server.rst --- 2.23.6-1/awscli/examples/opsworks/create-server.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-server.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -**To create a server** - -The following ``create-server`` example creates a new Chef Automate server named ``automate-06`` in your default region. Note that defaults are used for most other settings, such as number of backups to retain, and maintenance and backup start times. Before you run a ``create-server`` command, complete prerequisites in `Getting Started with AWS OpsWorks for Chef Automate `__ in the *AWS Opsworks for Chef Automate User Guide*. :: - - aws opsworks-cm create-server \ - --engine "ChefAutomate" \ - --instance-profile-arn "arn:aws:iam::012345678901:instance-profile/aws-opsworks-cm-ec2-role" \ - --instance-type "t2.medium" \ - --server-name "automate-06" \ - --service-role-arn "arn:aws:iam::012345678901:role/aws-opsworks-cm-service-role" - -Output:: - - { - "Server": { - "AssociatePublicIpAddress": true, - "BackupRetentionCount": 10, - "CreatedAt": 2019-12-29T13:38:47.520Z, - "DisableAutomatedBackup": FALSE, - "Endpoint": "https://opsworks-cm.us-east-1.amazonaws.com", - "Engine": "ChefAutomate", - "EngineAttributes": [ - { - "Name": "CHEF_AUTOMATE_ADMIN_PASSWORD", - "Value": "1Example1" - } - ], - "EngineModel": "Single", - "EngineVersion": "2019-08", - "InstanceProfileArn": "arn:aws:iam::012345678901:instance-profile/aws-opsworks-cm-ec2-role", - "InstanceType": "t2.medium", - "PreferredBackupWindow": "Sun:02:00", - "PreferredMaintenanceWindow": "00:00", - "SecurityGroupIds": [ "sg-12345678" ], - "ServerArn": "arn:aws:iam::012345678901:instance/automate-06-1010V4UU2WRM2", - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::012345678901:role/aws-opsworks-cm-service-role", - "Status": "CREATING", - "SubnetIds": [ "subnet-12345678" ] - } - } - -For more information, see `CreateServer `__ in the *AWS OpsWorks for Chef Automate API Reference*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworks/create-stack.rst 2.31.35-1/awscli/examples/opsworks/create-stack.rst --- 2.23.6-1/awscli/examples/opsworks/create-stack.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-stack.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -**To create a stack** - -The following ``create-stack`` command creates a stack named CLI Stack. :: - - aws opsworks create-stack --name "CLI Stack" --stack-region "us-east-1" --service-role-arn arn:aws:iam::123456789012:role/aws-opsworks-service-role --default-instance-profile-arn arn:aws:iam::123456789012:instance-profile/aws-opsworks-ec2-role --region us-east-1 - -The ``service-role-arn`` and ``default-instance-profile-arn`` parameters are required. You typically -use the ones that AWS OpsWorks -creates for you when you create your first stack. To get the Amazon Resource Names (ARNs) for your -account, go to the `IAM console`_, choose ``Roles`` in the navigation panel, -choose the role or profile, and choose the ``Summary`` tab. - -.. _`IAM console`: https://console.aws.amazon.com/iam/home - -*Output*:: - - { - "StackId": "f6673d70-32e6-4425-8999-265dd002fec7" - } - -**More Information** - -For more information, see `Create a New Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Create a New Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-creating.html diff -pruN 2.23.6-1/awscli/examples/opsworks/create-user-profile.rst 2.31.35-1/awscli/examples/opsworks/create-user-profile.rst --- 2.23.6-1/awscli/examples/opsworks/create-user-profile.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/create-user-profile.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To create a user profile** - -You import an AWS Identity and Access Manager (IAM) user into AWS OpsWorks by calling `create-user-profile` to create a user profile. -The following example creates a user profile for the cli-user-test IAM user, who -is identified by Amazon Resource Name (ARN). The example assigns the user an SSH username of ``myusername`` and enables self management, -which allows the user to specify an SSH public key. :: - - aws opsworks --region us-east-1 create-user-profile --iam-user-arn arn:aws:iam::123456789102:user/cli-user-test --ssh-username myusername --allow-self-management - -*Output*:: - - { - "IamUserArn": "arn:aws:iam::123456789102:user/cli-user-test" - } - -**Tip**: This command imports an IAM user into AWS OpsWorks, but only with the permissions that are -granted by the attached policies. You can grant per-stack AWS OpsWorks permissions by using the ``set-permissions`` command. - -**More Information** - -For more information, see `Importing Users into AWS OpsWorks`_ in the *AWS OpsWorks User Guide*. - -.. _`Importing Users into AWS OpsWorks`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-manage-import.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/delete-app.rst 2.31.35-1/awscli/examples/opsworks/delete-app.rst --- 2.23.6-1/awscli/examples/opsworks/delete-app.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/delete-app.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To delete an app** - -The following example deletes a specified app, which is identified by its app ID. -You can obtain an app ID by going to the app's details page on the AWS OpsWorks console or by -running the ``describe-apps`` command. :: - - aws opsworks delete-app --region us-east-1 --app-id 577943b9-2ec1-4baf-a7bf-1d347601edc5 - -*Output*: None. - -**More Information** - -For more information, see `Apps`_ in the *AWS OpsWorks User Guide*. - -.. _`Apps`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps.html - - diff -pruN 2.23.6-1/awscli/examples/opsworks/delete-instance.rst 2.31.35-1/awscli/examples/opsworks/delete-instance.rst --- 2.23.6-1/awscli/examples/opsworks/delete-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/delete-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To delete an instance** - -The following ``delete-instance`` example deletes a specified instance, which is identified by its instance ID. You can find an instance ID by opening the instance's details page in the AWS OpsWorks console, or by running the ``describe-instances`` command. - -If the instance is online, you must first stop the instance by calling ``stop-instance``, and then you must wait until the instance has stopped. Run ``describe-instances`` to check the instance status. - -To remove the instance's Amazon EBS volumes or Elastic IP addresses, add the ``--delete-volumes`` or ``--delete-elastic-ip`` arguments, respectively. :: - - aws opsworks delete-instance \ - --region us-east-1 \ - --instance-id 3a21cfac-4a1f-4ce2-a921-b2cfba6f7771 - -This command produces no output. - -For more information, see `Deleting AWS OpsWorks Instances `__ in the *AWS OpsWorks User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworks/delete-layer.rst 2.31.35-1/awscli/examples/opsworks/delete-layer.rst --- 2.23.6-1/awscli/examples/opsworks/delete-layer.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/delete-layer.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To delete a layer** - -The following example deletes a specified layer, which is identified by its layer ID. -You can obtain a layer ID by going to the layer's details page on the AWS OpsWorks console or by -running the ``describe-layers`` command. - -**Note:** Before deleting a layer, you must use ``delete-instance`` to delete all of the layer's instances. :: - - aws opsworks delete-layer --region us-east-1 --layer-id a919454e-b816-4598-b29a-5796afb498ed - -*Output*: None. - -**More Information** - -For more information, see `Deleting AWS OpsWorks Instances`_ in the *AWS OpsWorks User Guide*. - -.. _`Deleting AWS OpsWorks Instances`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-delete.html diff -pruN 2.23.6-1/awscli/examples/opsworks/delete-stack.rst 2.31.35-1/awscli/examples/opsworks/delete-stack.rst --- 2.23.6-1/awscli/examples/opsworks/delete-stack.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/delete-stack.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -**To delete a stack** - -The following example deletes a specified stack, which is identified by its stack ID. -You can obtain a stack ID by clicking **Stack Settings** on the AWS OpsWorks console or by -running the ``describe-stacks`` command. - -**Note:** Before deleting a layer, you must use ``delete-app``, ``delete-instance``, and ``delete-layer`` -to delete all of the stack's apps, instances, and layers. :: - - aws opsworks delete-stack --region us-east-1 --stack-id 154a9d89-7e9e-433b-8de8-617e53756c84 - -*Output*: None. - -**More Information** - -For more information, see `Shut Down a Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Shut Down a Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-shutting.html diff -pruN 2.23.6-1/awscli/examples/opsworks/delete-user-profile.rst 2.31.35-1/awscli/examples/opsworks/delete-user-profile.rst --- 2.23.6-1/awscli/examples/opsworks/delete-user-profile.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/delete-user-profile.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To delete a user profile and remove an IAM user from AWS OpsWorks** - -The following example deletes the user profile for a specified AWS Identity and Access Management -(IAM) user, who -is identified by Amazon Resource Name (ARN). The operation removes the user from AWS OpsWorks, but -does not delete the IAM user. You must use the IAM console, CLI, or API for that task. :: - - aws opsworks --region us-east-1 delete-user-profile --iam-user-arn arn:aws:iam::123456789102:user/cli-user-test - -*Output*: None. - -**More Information** - -For more information, see `Importing Users into AWS OpsWorks`_ in the *AWS OpsWorks User Guide*. - -.. _`Importing Users into AWS OpsWorks`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-manage-import.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/deregister-elastic-ip.rst 2.31.35-1/awscli/examples/opsworks/deregister-elastic-ip.rst --- 2.23.6-1/awscli/examples/opsworks/deregister-elastic-ip.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/deregister-elastic-ip.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -**To deregister an Elastic IP address from a stack** - -The following example deregisters an Elastic IP address, identified by its IP address, from its stack. :: - - aws opsworks deregister-elastic-ip --region us-east-1 --elastic-ip 54.148.130.96 - -*Output*: None. - -**More Information** - -For more information, see `Deregistering Elastic IP Addresses`_ in the *AWS OpsWorks User Guide*. - -.. _`Deregistering Elastic IP Addresses`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-dereg.html#resources-dereg-eip diff -pruN 2.23.6-1/awscli/examples/opsworks/deregister-instance.rst 2.31.35-1/awscli/examples/opsworks/deregister-instance.rst --- 2.23.6-1/awscli/examples/opsworks/deregister-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/deregister-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To deregister a registered instance from a stack** - -The following ``deregister-instance`` command deregisters a registered instance from its stack. :: - - aws opsworks --region us-east-1 deregister-instance --instance-id 4d6d1710-ded9-42a1-b08e-b043ad7af1e2 - -*Output*: None. - -**More Information** - -For more information, see `Deregistering a Registered Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Deregistering a Registered Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/registered-instances-unassign.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/deregister-rds-db-instance.rst 2.31.35-1/awscli/examples/opsworks/deregister-rds-db-instance.rst --- 2.23.6-1/awscli/examples/opsworks/deregister-rds-db-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/deregister-rds-db-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To deregister an Amazon RDS DB instance from a stack** - -The following example deregisters an RDS DB instance, identified by its ARN, from its stack. :: - - aws opsworks deregister-rds-db-instance --region us-east-1 --rds-db-instance-arn arn:aws:rds:us-west-2:123456789012:db:clitestdb - -*Output*: None. - -**More Information** - -For more information, see `Deregistering Amazon RDS Instances`_ in the *ASW OpsWorks User Guide*. - -.. _`Deregistering Amazon RDS Instances`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-dereg.html#resources-dereg-rds - - -.. instance ID: clitestdb - Master usernams: cliuser - Master PWD: some23!pwd - DB Name: mydb - aws opsworks deregister-rds-db-instance --region us-east-1 --rds-db-instance-arn arn:aws:rds:us-west-2:645732743964:db:clitestdb \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworks/deregister-volume.rst 2.31.35-1/awscli/examples/opsworks/deregister-volume.rst --- 2.23.6-1/awscli/examples/opsworks/deregister-volume.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/deregister-volume.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To deregister an Amazon EBS volume** - -The following example deregisters an EBS volume from its stack. -The volume is identified by its volume ID, which is the GUID that AWS OpsWorks assigned when -you registered the volume with the stack, not the EC2 volume ID. :: - - aws opsworks deregister-volume --region us-east-1 --volume-id 5c48ef52-3144-4bf5-beaa-fda4deb23d4d - -*Output*: None. - -**More Information** - -For more information, see `Deregistering Amazon EBS Volumes`_ in the *AWS OpsWorks User Guide*. - -.. _`Deregistering Amazon EBS Volumes`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-dereg.html#resources-dereg-ebs diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-apps.rst 2.31.35-1/awscli/examples/opsworks/describe-apps.rst --- 2.23.6-1/awscli/examples/opsworks/describe-apps.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-apps.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -**To describe apps** - -The following ``describe-apps`` command describes the apps in a specified stack. :: - - aws opsworks describe-apps \ - --stack-id 38ee91e2-abdc-4208-a107-0b7168b3cc7a \ - --region us-east-1 - -Output:: - - { - "Apps": [ - { - "StackId": "38ee91e2-abdc-4208-a107-0b7168b3cc7a", - "AppSource": { - "Url": "https://s3-us-west-2.amazonaws.com/opsworks-demo-assets/simplejsp.zip", - "Type": "archive" - }, - "Name": "SimpleJSP", - "EnableSsl": false, - "SslConfiguration": {}, - "AppId": "da1decc1-0dff-43ea-ad7c-bb667cd87c8b", - "Attributes": { - "RailsEnv": null, - "AutoBundleOnDeploy": "true", - "DocumentRoot": "ROOT" - }, - "Shortname": "simplejsp", - "Type": "other", - "CreatedAt": "2013-08-01T21:46:54+00:00" - } - ] - } - -For more information, see Apps_ in the *AWS OpsWorks User Guide*. - -.. _Apps: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-commands.rst 2.31.35-1/awscli/examples/opsworks/describe-commands.rst --- 2.23.6-1/awscli/examples/opsworks/describe-commands.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-commands.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -**To describe commands** - -The following ``describe-commands`` command describes the commands in a specified instance. :: - - aws opsworks describe-commands \ - --instance-id 8c2673b9-3fe5-420d-9cfa-78d875ee7687 \ - --region us-east-1 - -Output:: - - { - "Commands": [ - { - "Status": "successful", - "CompletedAt": "2013-07-25T18:57:47+00:00", - "InstanceId": "8c2673b9-3fe5-420d-9cfa-78d875ee7687", - "DeploymentId": "6ed0df4c-9ef7-4812-8dac-d54a05be1029", - "AcknowledgedAt": "2013-07-25T18:57:41+00:00", - "LogUrl": "https://s3.amazonaws.com//logs/008c1a91-ec59-4d51-971d-3adff54b00cc?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE &Expires=1375394373&Signature=HkXil6UuNfxTCC37EPQAa462E1E%3D&response-cache-control=private&response-content-encoding=gzip&response-content- type=text%2Fplain", - "Type": "undeploy", - "CommandId": "008c1a91-ec59-4d51-971d-3adff54b00cc", - "CreatedAt": "2013-07-25T18:57:34+00:00", - "ExitCode": 0 - }, - { - "Status": "successful", - "CompletedAt": "2013-07-25T18:55:40+00:00", - "InstanceId": "8c2673b9-3fe5-420d-9cfa-78d875ee7687", - "DeploymentId": "19d3121e-d949-4ff2-9f9d-94eac087862a", - "AcknowledgedAt": "2013-07-25T18:55:32+00:00", - "LogUrl": "https://s3.amazonaws.com//logs/899d3d64-0384-47b6-a586-33433aad117c?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE &Expires=1375394373&Signature=xMsJvtLuUqWmsr8s%2FAjVru0BtRs%3D&response-cache-control=private&response-content-encoding=gzip&response-conten t-type=text%2Fplain", - "Type": "deploy", - "CommandId": "899d3d64-0384-47b6-a586-33433aad117c", - "CreatedAt": "2013-07-25T18:55:29+00:00", - "ExitCode": 0 - } - ] - } - -For more information, see `AWS OpsWorks Lifecycle Events`_ in the *AWS OpsWorks User Guide*. - -.. _`AWS OpsWorks Lifecycle Events`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingcookbook-events.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-deployments.rst 2.31.35-1/awscli/examples/opsworks/describe-deployments.rst --- 2.23.6-1/awscli/examples/opsworks/describe-deployments.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-deployments.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ -**To describe deployments** - -The following ``describe-deployments`` command describes the deployments in a specified stack. :: - - aws opsworks --region us-east-1 describe-deployments --stack-id 38ee91e2-abdc-4208-a107-0b7168b3cc7a - -*Output*:: - - { - "Deployments": [ - { - "StackId": "38ee91e2-abdc-4208-a107-0b7168b3cc7a", - "Status": "successful", - "CompletedAt": "2013-07-25T18:57:49+00:00", - "DeploymentId": "6ed0df4c-9ef7-4812-8dac-d54a05be1029", - "Command": { - "Args": {}, - "Name": "undeploy" - }, - "CreatedAt": "2013-07-25T18:57:34+00:00", - "Duration": 15, - "InstanceIds": [ - "8c2673b9-3fe5-420d-9cfa-78d875ee7687", - "9e588a25-35b2-4804-bd43-488f85ebe5b7" - ] - }, - { - "StackId": "38ee91e2-abdc-4208-a107-0b7168b3cc7a", - "Status": "successful", - "CompletedAt": "2013-07-25T18:56:41+00:00", - "IamUserArn": "arn:aws:iam::123456789012:user/someuser", - "DeploymentId": "19d3121e-d949-4ff2-9f9d-94eac087862a", - "Command": { - "Args": {}, - "Name": "deploy" - }, - "InstanceIds": [ - "8c2673b9-3fe5-420d-9cfa-78d875ee7687", - "9e588a25-35b2-4804-bd43-488f85ebe5b7" - ], - "Duration": 72, - "CreatedAt": "2013-07-25T18:55:29+00:00" - } - ] - } - -**More Information** - -For more information, see `Deploying Apps`_ in the *AWS OpsWorks User Guide*. - -.. _`Deploying Apps`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps-deploying.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-elastic-ips.rst 2.31.35-1/awscli/examples/opsworks/describe-elastic-ips.rst --- 2.23.6-1/awscli/examples/opsworks/describe-elastic-ips.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-elastic-ips.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To describe Elastic IP instances** - -The following ``describe-elastic-ips`` command describes the Elastic IP addresses in a specified instance. :: - - aws opsworks --region us-east-1 describe-elastic-ips --instance-id b62f3e04-e9eb-436c-a91f-d9e9a396b7b0 - -*Output*:: - - { - "ElasticIps": [ - { - "Ip": "192.0.2.0", - "Domain": "standard", - "Region": "us-west-2" - } - ] - } - -**More Information** - -For more information, see Instances_ in the *AWS OpsWorks User Guide*. - -.. _Instances: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-elastic-load-balancers.rst 2.31.35-1/awscli/examples/opsworks/describe-elastic-load-balancers.rst --- 2.23.6-1/awscli/examples/opsworks/describe-elastic-load-balancers.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-elastic-load-balancers.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -**To describe a stack's elastic load balancers** - -The following ``describe-elastic-load-balancers`` command describes a specified stack's load balancers. :: - - aws opsworks --region us-west-2 describe-elastic-load-balancers --stack-id 6f4660e5-37a6-4e42-bfa0-1358ebd9c182 - -*Output*: This particular stack has one load balancer. - -:: - - { - "ElasticLoadBalancers": [ - { - "SubnetIds": [ - "subnet-60e4ea04", - "subnet-66e1c110" - ], - "Ec2InstanceIds": [], - "ElasticLoadBalancerName": "my-balancer", - "Region": "us-west-2", - "LayerId": "344973cb-bf2b-4cd0-8d93-51cd819bab04", - "AvailabilityZones": [ - "us-west-2a", - "us-west-2b" - ], - "VpcId": "vpc-b319f9d4", - "StackId": "6f4660e5-37a6-4e42-bfa0-1358ebd9c182", - "DnsName": "my-balancer-2094040179.us-west-2.elb.amazonaws.com" - } - ] - } - -**More Information** - -For more information, see Apps_ in the *AWS OpsWorks User Guide*. - -.. _Apps: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps.html diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-instances.rst 2.31.35-1/awscli/examples/opsworks/describe-instances.rst --- 2.23.6-1/awscli/examples/opsworks/describe-instances.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-instances.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,95 +0,0 @@ -**To describe instances** - -The following ``describe-instances`` command describes the instances in a specified stack:: - - aws opsworks --region us-east-1 describe-instances --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 - -*Output*: The following output example is for a stack with two instances. The first is a registered -EC2 instance, and the second was created by AWS OpsWorks. - -:: - - { - "Instances": [ - { - "StackId": "71c7ca72-55ae-4b6a-8ee1-a8dcded3fa0f", - "PrivateDns": "ip-10-31-39-66.us-west-2.compute.internal", - "LayerIds": [ - "26cf1d32-6876-42fa-bbf1-9cadc0bff938" - ], - "EbsOptimized": false, - "ReportedOs": { - "Version": "14.04", - "Name": "ubuntu", - "Family": "debian" - }, - "Status": "online", - "InstanceId": "4d6d1710-ded9-42a1-b08e-b043ad7af1e2", - "SshKeyName": "US-West-2", - "InfrastructureClass": "ec2", - "RootDeviceVolumeId": "vol-d08ec6c1", - "SubnetId": "subnet-b8de0ddd", - "InstanceType": "t1.micro", - "CreatedAt": "2015-02-24T20:52:49+00:00", - "AmiId": "ami-35501205", - "Hostname": "ip-192-0-2-0", - "Ec2InstanceId": "i-5cd23551", - "PublicDns": "ec2-192-0-2-0.us-west-2.compute.amazonaws.com", - "SecurityGroupIds": [ - "sg-c4d3f0a1" - ], - "Architecture": "x86_64", - "RootDeviceType": "ebs", - "InstallUpdatesOnBoot": true, - "Os": "Custom", - "VirtualizationType": "paravirtual", - "AvailabilityZone": "us-west-2a", - "PrivateIp": "10.31.39.66", - "PublicIp": "192.0.2.06", - "RegisteredBy": "arn:aws:iam::123456789102:user/AWS/OpsWorks/OpsWorks-EC2Register-i-5cd23551" - }, - { - "StackId": "71c7ca72-55ae-4b6a-8ee1-a8dcded3fa0f", - "PrivateDns": "ip-10-31-39-158.us-west-2.compute.internal", - "SshHostRsaKeyFingerprint": "69:6b:7b:8b:72:f3:ed:23:01:00:05:bc:9f:a4:60:c1", - "LayerIds": [ - "26cf1d32-6876-42fa-bbf1-9cadc0bff938" - ], - "EbsOptimized": false, - "ReportedOs": {}, - "Status": "booting", - "InstanceId": "9b137a0d-2f5d-4cc0-9704-13da4b31fdcb", - "SshKeyName": "US-West-2", - "InfrastructureClass": "ec2", - "RootDeviceVolumeId": "vol-e09dd5f1", - "SubnetId": "subnet-b8de0ddd", - "InstanceProfileArn": "arn:aws:iam::123456789102:instance-profile/aws-opsworks-ec2-role", - "InstanceType": "c3.large", - "CreatedAt": "2015-02-24T21:29:33+00:00", - "AmiId": "ami-9fc29baf", - "SshHostDsaKeyFingerprint": "fc:87:95:c3:f5:e1:3b:9f:d2:06:6e:62:9a:35:27:e8", - "Ec2InstanceId": "i-8d2dca80", - "PublicDns": "ec2-192-0-2-1.us-west-2.compute.amazonaws.com", - "SecurityGroupIds": [ - "sg-b022add5", - "sg-b122add4" - ], - "Architecture": "x86_64", - "RootDeviceType": "ebs", - "InstallUpdatesOnBoot": true, - "Os": "Amazon Linux 2014.09", - "VirtualizationType": "paravirtual", - "AvailabilityZone": "us-west-2a", - "Hostname": "custom11", - "PrivateIp": "10.31.39.158", - "PublicIp": "192.0.2.0" - } - ] - } - -**More Information** - -For more information, see `Instances`_ in the *AWS OpsWorks User Guide*. - -.. _`Instances`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-layers.rst 2.31.35-1/awscli/examples/opsworks/describe-layers.rst --- 2.23.6-1/awscli/examples/opsworks/describe-layers.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-layers.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,171 +0,0 @@ -**To describe a stack's layers** - -The following ``describe-layers`` command describes the layers in a specified stack:: - - aws opsworks --region us-east-1 describe-layers --stack-id 38ee91e2-abdc-4208-a107-0b7168b3cc7a - -*Output*:: - - { - "Layers": [ - { - "StackId": "38ee91e2-abdc-4208-a107-0b7168b3cc7a", - "Type": "db-master", - "DefaultSecurityGroupNames": [ - "AWS-OpsWorks-DB-Master-Server" - ], - "Name": "MySQL", - "Packages": [], - "DefaultRecipes": { - "Undeploy": [], - "Setup": [ - "opsworks_initial_setup", - "ssh_host_keys", - "ssh_users", - "mysql::client", - "dependencies", - "ebs", - "opsworks_ganglia::client", - "mysql::server", - "dependencies", - "deploy::mysql" - ], - "Configure": [ - "opsworks_ganglia::configure-client", - "ssh_users", - "agent_version", - "deploy::mysql" - ], - "Shutdown": [ - "opsworks_shutdown::default", - "mysql::stop" - ], - "Deploy": [ - "deploy::default", - "deploy::mysql" - ] - }, - "CustomRecipes": { - "Undeploy": [], - "Setup": [], - "Configure": [], - "Shutdown": [], - "Deploy": [] - }, - "EnableAutoHealing": false, - "LayerId": "41a20847-d594-4325-8447-171821916b73", - "Attributes": { - "MysqlRootPasswordUbiquitous": "true", - "RubygemsVersion": null, - "RailsStack": null, - "HaproxyHealthCheckMethod": null, - "RubyVersion": null, - "BundlerVersion": null, - "HaproxyStatsPassword": null, - "PassengerVersion": null, - "MemcachedMemory": null, - "EnableHaproxyStats": null, - "ManageBundler": null, - "NodejsVersion": null, - "HaproxyHealthCheckUrl": null, - "MysqlRootPassword": "*****FILTERED*****", - "GangliaPassword": null, - "GangliaUser": null, - "HaproxyStatsUrl": null, - "GangliaUrl": null, - "HaproxyStatsUser": null - }, - "Shortname": "db-master", - "AutoAssignElasticIps": false, - "CustomSecurityGroupIds": [], - "CreatedAt": "2013-07-25T18:11:19+00:00", - "VolumeConfigurations": [ - { - "MountPoint": "/vol/mysql", - "Size": 10, - "NumberOfDisks": 1 - } - ] - }, - { - "StackId": "38ee91e2-abdc-4208-a107-0b7168b3cc7a", - "Type": "custom", - "DefaultSecurityGroupNames": [ - "AWS-OpsWorks-Custom-Server" - ], - "Name": "TomCustom", - "Packages": [], - "DefaultRecipes": { - "Undeploy": [], - "Setup": [ - "opsworks_initial_setup", - "ssh_host_keys", - "ssh_users", - "mysql::client", - "dependencies", - "ebs", - "opsworks_ganglia::client" - ], - "Configure": [ - "opsworks_ganglia::configure-client", - "ssh_users", - "agent_version" - ], - "Shutdown": [ - "opsworks_shutdown::default" - ], - "Deploy": [ - "deploy::default" - ] - }, - "CustomRecipes": { - "Undeploy": [], - "Setup": [ - "tomcat::setup" - ], - "Configure": [ - "tomcat::configure" - ], - "Shutdown": [], - "Deploy": [ - "tomcat::deploy" - ] - }, - "EnableAutoHealing": true, - "LayerId": "e6cbcd29-d223-40fc-8243-2eb213377440", - "Attributes": { - "MysqlRootPasswordUbiquitous": null, - "RubygemsVersion": null, - "RailsStack": null, - "HaproxyHealthCheckMethod": null, - "RubyVersion": null, - "BundlerVersion": null, - "HaproxyStatsPassword": null, - "PassengerVersion": null, - "MemcachedMemory": null, - "EnableHaproxyStats": null, - "ManageBundler": null, - "NodejsVersion": null, - "HaproxyHealthCheckUrl": null, - "MysqlRootPassword": null, - "GangliaPassword": null, - "GangliaUser": null, - "HaproxyStatsUrl": null, - "GangliaUrl": null, - "HaproxyStatsUser": null - }, - "Shortname": "tomcustom", - "AutoAssignElasticIps": false, - "CustomSecurityGroupIds": [], - "CreatedAt": "2013-07-25T18:12:53+00:00", - "VolumeConfigurations": [] - } - ] - } - -**More Information** - -For more information, see Layers_ in the *AWS OpsWorks User Guide*. - -.. _Layers: http://docs.aws.amazon.com/opsworks/latest/userguide/workinglayers.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-load-based-auto-scaling.rst 2.31.35-1/awscli/examples/opsworks/describe-load-based-auto-scaling.rst --- 2.23.6-1/awscli/examples/opsworks/describe-load-based-auto-scaling.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-load-based-auto-scaling.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -**To describe a layer's load-based scaling configuration** - -The following example describes a specified layer's load-based scaling configuration. -The layer is identified by its layer ID, which you can find on the layer's -details page or by running ``describe-layers``. :: - - aws opsworks describe-load-based-auto-scaling --region us-east-1 --layer-ids 6bec29c9-c866-41a0-aba5-fa3e374ce2a1 - -*Output*: The example layer has a single load-based instance. :: - - { - "LoadBasedAutoScalingConfigurations": [ - { - "DownScaling": { - "IgnoreMetricsTime": 10, - "ThresholdsWaitTime": 10, - "InstanceCount": 1, - "CpuThreshold": 30.0 - }, - "Enable": true, - "UpScaling": { - "IgnoreMetricsTime": 5, - "ThresholdsWaitTime": 5, - "InstanceCount": 1, - "CpuThreshold": 80.0 - }, - "LayerId": "6bec29c9-c866-41a0-aba5-fa3e374ce2a1" - } - ] - } - - -**More Information** - -For more information, see `How Automatic Load-based Scaling Works`_ in the *AWS OpsWorks User Guide*. - -.. _`How Automatic Load-based Scaling Works`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-autoscaling.html#workinginstances-autoscaling-loadbased diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-my-user-profile.rst 2.31.35-1/awscli/examples/opsworks/describe-my-user-profile.rst --- 2.23.6-1/awscli/examples/opsworks/describe-my-user-profile.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-my-user-profile.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To obtain a user's profile** - -The following example shows how to obtain the profile -of the AWS Identity and Access Management (IAM) user that is running the command. :: - - aws opsworks --region us-east-1 describe-my-user-profile - -*Output*: For brevity, most of the user's SSH public key is replaced by an ellipsis (...). :: - - { - "UserProfile": { - "IamUserArn": "arn:aws:iam::123456789012:user/myusername", - "SshPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQ...3LQ4aX9jpxQw== rsa-key-20141104", - "Name": "myusername", - "SshUsername": "myusername" - } - } - -**More Information** - -For more information, see `Importing Users into AWS OpsWorks`_ in the *AWS OpsWorks User Guide*. - -.. _`Importing Users into AWS OpsWorks`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-manage-import.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-permissions.rst 2.31.35-1/awscli/examples/opsworks/describe-permissions.rst --- 2.23.6-1/awscli/examples/opsworks/describe-permissions.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-permissions.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -**To obtain a user's per-stack AWS OpsWorks permission level** - -The following example shows how to to obtain an AWS Identity and Access Management (IAM) user's permission level on a specified stack. :: - - aws opsworks --region us-east-1 describe-permissions --iam-user-arn arn:aws:iam::123456789012:user/cli-user-test --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 - -*Output*:: - - { - "Permissions": [ - { - "StackId": "d72553d4-8727-448c-9b00-f024f0ba1b06", - "IamUserArn": "arn:aws:iam::123456789012:user/cli-user-test", - "Level": "manage", - "AllowSudo": true, - "AllowSsh": true - } - ] - } - - -**More Information** - -For more information, see `Granting Per-Stack Permissions Levels`_ in the *AWS OpsWorks User Guide*. - -.. _`Granting Per-Stack Permissions Levels`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-console.html diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-raid-arrays.rst 2.31.35-1/awscli/examples/opsworks/describe-raid-arrays.rst --- 2.23.6-1/awscli/examples/opsworks/describe-raid-arrays.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-raid-arrays.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -**To describe RAID arrays** - -The following example describes the RAID arrays attached to the instances in a specified stack. :: - - aws opsworks --region us-east-1 describe-raid-arrays --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 - -*Output*: The following is the output for a stack with one RAID array. :: - - { - "RaidArrays": [ - { - "StackId": "d72553d4-8727-448c-9b00-f024f0ba1b06", - "AvailabilityZone": "us-west-2a", - "Name": "Created for php-app1", - "NumberOfDisks": 2, - "InstanceId": "9f14adbc-ced5-43b6-bf01-e7d0db6cf2f7", - "RaidLevel": 0, - "VolumeType": "standard", - "RaidArrayId": "f2d4e470-5972-4676-b1b8-bae41ec3e51c", - "Device": "/dev/md0", - "MountPoint": "/mnt/workspace", - "CreatedAt": "2015-02-26T23:53:09+00:00", - "Size": 100 - } - ] - } - -For more information, see `EBS Volumes`_ in the *AWS OpsWorks User Guide*. - -.. _`EBS Volumes`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinglayers-basics-edit.html#workinglayers-basics-edit-ebs - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-rds-db-instances.rst 2.31.35-1/awscli/examples/opsworks/describe-rds-db-instances.rst --- 2.23.6-1/awscli/examples/opsworks/describe-rds-db-instances.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-rds-db-instances.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -**To describe a stack's registered Amazon RDS instances** - -The following example describes the Amazon RDS instances registered with a specified stack. :: - - aws opsworks --region us-east-1 describe-rds-db-instances --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 - -*Output*: The following is the output for a stack with one registered RDS instance. :: - - { - "RdsDbInstances": [ - { - "Engine": "mysql", - "StackId": "d72553d4-8727-448c-9b00-f024f0ba1b06", - "MissingOnRds": false, - "Region": "us-west-2", - "RdsDbInstanceArn": "arn:aws:rds:us-west-2:123456789012:db:clitestdb", - "DbPassword": "*****FILTERED*****", - "Address": "clitestdb.cdlqlk5uwd0k.us-west-2.rds.amazonaws.com", - "DbUser": "cliuser", - "DbInstanceIdentifier": "clitestdb" - } - ] - } - - -For more information, see `Resource Management`_ in the *AWS OpsWorks User Guide*. - -.. _`Resource Management`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-stack-provisioning-parameters.rst 2.31.35-1/awscli/examples/opsworks/describe-stack-provisioning-parameters.rst --- 2.23.6-1/awscli/examples/opsworks/describe-stack-provisioning-parameters.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-stack-provisioning-parameters.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -**To return the provisioning parameters for a stack** - -The following ``describe-stack-provisioning-parameters`` example returns the provisioning parameters for a specified stack. Provisioning parameters include settings such as the agent installation location and public key that OpsWorks uses to manage the agent on instances in a stack. :: - - aws opsworks describe-stack-provisioning-parameters \ - --stack-id 62744d97-6faf-4ecb-969b-a086fEXAMPLE - -Output:: - - { - "AgentInstallerUrl": "https://opsworks-instance-agent-us-west-2.s3.amazonaws.com/ID_number/opsworks-agent-installer.tgz", - "Parameters": { - "agent_installer_base_url": "https://opsworks-instance-agent-us-west-2.s3.amazonaws.com", - "agent_installer_tgz": "opsworks-agent-installer.tgz", - "assets_download_bucket": "opsworks-instance-assets-us-west-2.s3.amazonaws.com", - "charlie_public_key": "-----BEGIN PUBLIC KEY-----PUBLIC_KEY_EXAMPLE\n-----END PUBLIC KEY-----", - "instance_service_endpoint": "opsworks-instance-service.us-west-2.amazonaws.com", - "instance_service_port": "443", - "instance_service_region": "us-west-2", - "instance_service_ssl_verify_peer": "true", - "instance_service_use_ssl": "true", - "ops_works_endpoint": "opsworks.us-west-2.amazonaws.com", - "ops_works_port": "443", - "ops_works_region": "us-west-2", - "ops_works_ssl_verify_peer": "true", - "ops_works_use_ssl": "true", - "verbose": "false", - "wait_between_runs": "30" - } - } - -For more information, see `Run Stack Commands `__ in the *AWS OpsWorks User Guide*. diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-stack-summary.rst 2.31.35-1/awscli/examples/opsworks/describe-stack-summary.rst --- 2.23.6-1/awscli/examples/opsworks/describe-stack-summary.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-stack-summary.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -**To describe a stack's configuration** - -The following ``describe-stack-summary`` command returns a summary of the specified stack's configuration. :: - - aws opsworks --region us-east-1 describe-stack-summary --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 - -*Output*:: - - { - "StackSummary": { - "StackId": "8c428b08-a1a1-46ce-a5f8-feddc43771b8", - "InstancesCount": { - "Booting": 1 - }, - "Name": "CLITest", - "AppsCount": 1, - "LayersCount": 1, - "Arn": "arn:aws:opsworks:us-west-2:123456789012:stack/8c428b08-a1a1-46ce-a5f8-feddc43771b8/" - } - } - -**More Information** - -For more information, see `Stacks`_ in the *AWS OpsWorks User Guide*. - -.. _`Stacks`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-stacks.rst 2.31.35-1/awscli/examples/opsworks/describe-stacks.rst --- 2.23.6-1/awscli/examples/opsworks/describe-stacks.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-stacks.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,65 +0,0 @@ -**To describe stacks** - -The following ``describe-stacks`` command describes an account's stacks. :: - - aws opsworks --region us-east-1 describe-stacks - -*Output*:: - - { - "Stacks": [ - { - "ServiceRoleArn": "arn:aws:iam::444455556666:role/aws-opsworks-service-role", - "StackId": "aeb7523e-7c8b-49d4-b866-03aae9d4fbcb", - "DefaultRootDeviceType": "instance-store", - "Name": "TomStack-sd", - "ConfigurationManager": { - "Version": "11.4", - "Name": "Chef" - }, - "UseCustomCookbooks": true, - "CustomJson": "{\n \"tomcat\": {\n \"base_version\": 7,\n \"java_opts\": \"-Djava.awt.headless=true -Xmx256m\"\n },\n \"datasources\": {\n \"ROOT\": \"jdbc/mydb\"\n }\n}", - "Region": "us-east-1", - "DefaultInstanceProfileArn": "arn:aws:iam::444455556666:instance-profile/aws-opsworks-ec2-role", - "CustomCookbooksSource": { - "Url": "git://github.com/example-repo/tomcustom.git", - "Type": "git" - }, - "DefaultAvailabilityZone": "us-east-1a", - "HostnameTheme": "Layer_Dependent", - "Attributes": { - "Color": "rgb(45, 114, 184)" - }, - "DefaultOs": "Amazon Linux", - "CreatedAt": "2013-08-01T22:53:42+00:00" - }, - { - "ServiceRoleArn": "arn:aws:iam::444455556666:role/aws-opsworks-service-role", - "StackId": "40738975-da59-4c5b-9789-3e422f2cf099", - "DefaultRootDeviceType": "instance-store", - "Name": "MyStack", - "ConfigurationManager": { - "Version": "11.4", - "Name": "Chef" - }, - "UseCustomCookbooks": false, - "Region": "us-east-1", - "DefaultInstanceProfileArn": "arn:aws:iam::444455556666:instance-profile/aws-opsworks-ec2-role", - "CustomCookbooksSource": {}, - "DefaultAvailabilityZone": "us-east-1a", - "HostnameTheme": "Layer_Dependent", - "Attributes": { - "Color": "rgb(45, 114, 184)" - }, - "DefaultOs": "Amazon Linux", - "CreatedAt": "2013-10-25T19:24:30+00:00" - } - ] - } - -**More Information** - -For more information, see `Stacks`_ in the *AWS OpsWorks User Guide*. - -.. _`Stacks`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-timebased-auto-scaling.rst 2.31.35-1/awscli/examples/opsworks/describe-timebased-auto-scaling.rst --- 2.23.6-1/awscli/examples/opsworks/describe-timebased-auto-scaling.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-timebased-auto-scaling.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -**To describe the time-based scaling configuration of an instance** - -The following example describes a specified instance's time-based scaling configuration. -The instance is identified by its instance ID, which you can find on the instances's -details page or by running ``describe-instances``. :: - - aws opsworks describe-time-based-auto-scaling --region us-east-1 --instance-ids 701f2ffe-5d8e-4187-b140-77b75f55de8d - -*Output*: The example has a single time-based instance. :: - - { - "TimeBasedAutoScalingConfigurations": [ - { - "InstanceId": "701f2ffe-5d8e-4187-b140-77b75f55de8d", - "AutoScalingSchedule": { - "Monday": { - "11": "on", - "10": "on", - "13": "on", - "12": "on" - }, - "Tuesday": { - "11": "on", - "10": "on", - "13": "on", - "12": "on" - } - } - } - ] - } - - - -**More Information** - -For more information, see `How Automatic Time-based Scaling Works`_ in the *AWS OpsWorks User Guide*. - -.. _`How Automatic Time-based Scaling Works`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-autoscaling.html#workinginstances-autoscaling-timebased diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-user-profiles.rst 2.31.35-1/awscli/examples/opsworks/describe-user-profiles.rst --- 2.23.6-1/awscli/examples/opsworks/describe-user-profiles.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-user-profiles.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -**To describe user profiles** - -The following ``describe-user-profiles`` command describes the account's user profiles. :: - - aws opsworks --region us-east-1 describe-user-profiles - -*Output*:: - - { - "UserProfiles": [ - { - "IamUserArn": "arn:aws:iam::123456789012:user/someuser", - "SshPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkOuP7i80q3Cko...", - "AllowSelfManagement": true, - "Name": "someuser", - "SshUsername": "someuser" - }, - { - "IamUserArn": "arn:aws:iam::123456789012:user/cli-user-test", - "AllowSelfManagement": true, - "Name": "cli-user-test", - "SshUsername": "myusername" - } - ] - } - -**More Information** - -For more information, see `Managing AWS OpsWorks Users`_ in the *AWS OpsWorks User Guide*. - -.. _`Managing AWS OpsWorks Users`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-manage.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/describe-volumes.rst 2.31.35-1/awscli/examples/opsworks/describe-volumes.rst --- 2.23.6-1/awscli/examples/opsworks/describe-volumes.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/describe-volumes.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -**To describe a stack's volumes** - -The following example describes a stack's EBS volumes. :: - - aws opsworks --region us-east-1 describe-volumes --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 - -*Output*:: - - { - "Volumes": [ - { - "Status": "in-use", - "AvailabilityZone": "us-west-2a", - "Name": "CLITest", - "InstanceId": "dfe18b02-5327-493d-91a4-c5c0c448927f", - "VolumeType": "standard", - "VolumeId": "56b66fbd-e1a1-4aff-9227-70f77118d4c5", - "Device": "/dev/sdi", - "Ec2VolumeId": "vol-295c1638", - "MountPoint": "/mnt/myvolume", - "Size": 1 - } - ] - } - -**More Information** - -For more information, see `Resource Management`_ in the *AWS OpsWorks User Guide*. - -.. _`Resource Management`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/detach-elastic-load-balancer.rst 2.31.35-1/awscli/examples/opsworks/detach-elastic-load-balancer.rst --- 2.23.6-1/awscli/examples/opsworks/detach-elastic-load-balancer.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/detach-elastic-load-balancer.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To detach a load balancer from its layer** - -The following example detaches a load balancer, identified by its name, from its layer. :: - - aws opsworks --region us-east-1 detach-elastic-load-balancer --elastic-load-balancer-name Java-LB --layer-id 888c5645-09a5-4d0e-95a8-812ef1db76a4 - -*Output*: None. - -**More Information** - -For more information, see `Elastic Load Balancing`_ in the *AWS OpsWorks User Guide*. - -.. _`Elastic Load Balancing`: http://docs.aws.amazon.com/opsworks/latest/userguide/load-balancer-elb.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/disassociate-elastic-ip.rst 2.31.35-1/awscli/examples/opsworks/disassociate-elastic-ip.rst --- 2.23.6-1/awscli/examples/opsworks/disassociate-elastic-ip.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/disassociate-elastic-ip.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To disassociate an Elastic IP address from an instance** - -The following example disassociates an Elastic IP address from a specified instance. :: - - aws opsworks --region us-east-1 disassociate-elastic-ip --elastic-ip 54.148.130.96 - -*Output*: None. - -**More Information** - -For more information, see `Resource Management`_ in the *AWS OpsWorks User Guide*. - -.. _`Resource Management`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/get-hostname-suggestion.rst 2.31.35-1/awscli/examples/opsworks/get-hostname-suggestion.rst --- 2.23.6-1/awscli/examples/opsworks/get-hostname-suggestion.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/get-hostname-suggestion.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -**To get the next hostname for a layer** - -The following example gets the next generated hostname for a specified layer. The layer used for -this example is a Java Application Server layer with one instance. The stack's hostname theme is -the default, Layer_Dependent. :: - - aws opsworks --region us-east-1 get-hostname-suggestion --layer-id 888c5645-09a5-4d0e-95a8-812ef1db76a4 - -*Output*:: - - { - "Hostname": "java-app2", - "LayerId": "888c5645-09a5-4d0e-95a8-812ef1db76a4" - } - -**More Information** - -For more information, see `Create a New Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Create a New Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-creating.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/reboot-instance.rst 2.31.35-1/awscli/examples/opsworks/reboot-instance.rst --- 2.23.6-1/awscli/examples/opsworks/reboot-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/reboot-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To reboot an instance** - -The following example reboots an instance. :: - - aws opsworks --region us-east-1 reboot-instance --instance-id dfe18b02-5327-493d-91a4-c5c0c448927f - -*Output*: None. - -**More Information** - -For more information, see `Rebooting an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Rebooting an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-starting.html#workinginstances-starting-reboot - diff -pruN 2.23.6-1/awscli/examples/opsworks/register-elastic-ip.rst 2.31.35-1/awscli/examples/opsworks/register-elastic-ip.rst --- 2.23.6-1/awscli/examples/opsworks/register-elastic-ip.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/register-elastic-ip.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -**To register an Elastic IP address with a stack** - -The following example registers an Elastic IP address, identified by its IP address, with a specified stack. - -**Note:** The Elastic IP address must be in the same region as the stack. :: - - aws opsworks register-elastic-ip --region us-east-1 --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 --elastic-ip 54.148.130.96 - -*Output* :: - - { - "ElasticIp": "54.148.130.96" - } - -**More Information** - -For more information, see `Registering Elastic IP Addresses with a Stack`_ in the *OpsWorks User Guide*. - -.. _`Registering Elastic IP Addresses with a Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-reg.html#resources-reg-eip diff -pruN 2.23.6-1/awscli/examples/opsworks/register-rds-db-instance.rst 2.31.35-1/awscli/examples/opsworks/register-rds-db-instance.rst --- 2.23.6-1/awscli/examples/opsworks/register-rds-db-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/register-rds-db-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To register an Amazon RDS instance with a stack** - -The following example registers an Amazon RDS DB instance, identified by its Amazon Resource Name (ARN), with a specified stack. -It also specifies the instance's master username and password. Note that AWS OpsWorks does not validate either of these -values. If either one is incorrect, your application will not be able to connect to the database. :: - - aws opsworks register-rds-db-instance --region us-east-1 --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 --rds-db-instance-arn arn:aws:rds:us-west-2:123456789012:db:clitestdb --db-user cliuser --db-password some23!pwd - -*Output*: None. - -**More Information** - -For more information, see `Registering Amazon RDS Instances with a Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Registering Amazon RDS Instances with a Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-reg.html#resources-reg-rds diff -pruN 2.23.6-1/awscli/examples/opsworks/register-volume.rst 2.31.35-1/awscli/examples/opsworks/register-volume.rst --- 2.23.6-1/awscli/examples/opsworks/register-volume.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/register-volume.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -**To register an Amazon EBS volume with a stack** - -The following example registers an Amazon EBS volume, identified by its volume ID, with a specified stack. :: - - aws opsworks register-volume --region us-east-1 --stack-id d72553d4-8727-448c-9b00-f024f0ba1b06 --ec-2-volume-id vol-295c1638 - -*Output*:: - - { - "VolumeId": "ee08039c-7cb7-469f-be10-40fb7f0c05e8" - } - - -**More Information** - -For more information, see `Registering Amazon EBS Volumes with a Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Registering Amazon EBS Volumes with a Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-reg.html#resources-reg-ebs diff -pruN 2.23.6-1/awscli/examples/opsworks/register.rst 2.31.35-1/awscli/examples/opsworks/register.rst --- 2.23.6-1/awscli/examples/opsworks/register.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/register.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,105 +0,0 @@ -**To register instances with a stack** - -The following examples show a variety of ways to register instances with a stack that were created outside of AWS Opsworks. -You can run ``register`` from the instance to be registered, or from a separate workstation. -For more information, see `Registering Amazon EC2 and On-premises Instances`_ in the *AWS OpsWorks User Guide*. - -.. _`Registering Amazon EC2 and On-premises Instances`: http://docs.aws.amazon.com/opsworks/latest/userguide/registered-instances-register-registering.html - - -**Note**: For brevity, the examples omit the ``region`` argument. - -*To register an Amazon EC2 instance* - -To indicate that you are registering an EC2 instance, set the ``--infrastructure-class`` argument -to ``ec2``. - -The following example registers an EC2 instance with the specified stack from a separate workstation. -The instance is identified by its EC2 ID, ``i-12345678``. The example uses the workstation's default SSH username and attempts -to log in to the instance using authentication techniques that do not require a password, -such as a default private SSH key. If that fails, ``register`` queries for the password. :: - - aws opsworks register --infrastructure-class=ec2 --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb i-12345678 - -The following example registers an EC2 instance with the specifed stack from a separate workstation. -It uses the ``--ssh-username`` and ``--ssh-private-key`` arguments to explicitly -specify the SSH username and private key file that the command uses to log into the instance. -``ec2-user`` is the standard username for Amazon Linux instances. Use ``ubuntu`` for Ubuntu instances. :: - - aws opsworks register --infrastructure-class=ec2 --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --ssh-username ec2-user --ssh-private-key ssh_private_key i-12345678 - -The following example registers the EC2 instance that is running the ``register`` command. -Log in to the instance with SSH and run ``register`` with the ``--local`` argument instead of an instance ID or hostname. :: - - aws opsworks register --infrastructure-class ec2 --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --local - -*To register an on-premises instance* - -To indicate that you are registering an on-premises instance, set the ``--infrastructure-class`` argument -to ``on-premises``. - -The following example registers an existing on-premises instance with a specified stack from a separate workstation. -The instance is identified by its IP address, ``192.0.2.3``. The example uses the workstation's default SSH username and attempts -to log in to the instance using authentication techniques that do not require a password, -such as a default private SSH key. If that fails, ``register`` queries for the password. :: - - aws opsworks register --infrastructure-class on-premises --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb 192.0.2.3 - -The following example registers an on-premises instance with a specified stack from a separate workstation. -The instance is identified by its hostname, ``host1``. The ``--override-...`` arguments direct AWS OpsWorks -to display ``webserver1`` as the host name and ``192.0.2.3`` and ``10.0.0.2`` as the instance's public and -private IP addresses, respectively. :: - - aws opsworks register --infrastructure-class on-premises --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --override-hostname webserver1 --override-public-ip 192.0.2.3 --override-private-ip 10.0.0.2 host1 - -The following example registers an on-premises instance with a specified stack from a separate workstation. -The instance is identified by its IP address. ``register`` logs into the instance using the specified SSH username and private key file. :: - - aws opsworks register --infrastructure-class on-premises --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --ssh-username admin --ssh-private-key ssh_private_key 192.0.2.3 - -The following example registers an existing on-premises instance with a specified stack from a separate workstation. -The command logs into the instance using a custom SSH command string that specifies -the SSH password and the instance's IP address. :: - - aws opsworks register --infrastructure-class on-premises --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --override-ssh "sshpass -p 'mypassword' ssh your-user@192.0.2.3" - -The following example registers the on-premises instance that is running the ``register`` command. -Log in to the instance with SSH and run ``register`` with the ``--local`` argument instead of an instance ID or hostname. :: - - aws opsworks register --infrastructure-class on-premises --stack-id 935450cc-61e0-4b03-a3e0-160ac817d2bb --local - -*Output*: The following is typical output for registering an EC2 instance. - -:: - - Warning: Permanently added '52.11.41.206' (ECDSA) to the list of known hosts. - % Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed - 100 6403k 100 6403k 0 0 2121k 0 0:00:03 0:00:03 --:--:-- 2121k - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Initializing AWS OpsWorks environment - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Running on Ubuntu - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Checking if OS is supported - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Running on supported OS - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Setup motd - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Executing: ln -sf --backup /etc/motd.opsworks-static /etc/motd - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Enabling multiverse repositories - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Customizing APT environment - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Installing system packages - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Executing: dpkg --configure -a - [Tue, 24 Feb 2015 20:48:37 +0000] opsworks-init: Executing with retry: apt-get update - [Tue, 24 Feb 2015 20:49:13 +0000] opsworks-init: Executing: apt-get install -y ruby ruby-dev libicu-dev libssl-dev libxslt-dev libxml2-dev libyaml-dev monit - [Tue, 24 Feb 2015 20:50:13 +0000] opsworks-init: Using assets bucket from environment: 'opsworks-instance-assets-us-east-1.s3.amazonaws.com'. - [Tue, 24 Feb 2015 20:50:13 +0000] opsworks-init: Installing Ruby for the agent - [Tue, 24 Feb 2015 20:50:13 +0000] opsworks-init: Executing: /tmp/opsworks-agent-installer.YgGq8wF3UUre6yDy/opsworks-agent-installer/opsworks-agent/bin/installer_wrapper.sh -r -R opsworks-instance-assets-us-east-1.s3.amazonaws.com - [Tue, 24 Feb 2015 20:50:44 +0000] opsworks-init: Starting the installer - Instance successfully registered. Instance ID: 4d6d1710-ded9-42a1-b08e-b043ad7af1e2 - Connection to 52.11.41.206 closed. - -**More Information** - -For more information, see `Registering an Instance with an AWS OpsWorks Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Registering an Instance with an AWS OpsWorks Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/registered-instances-register.html - - - diff -pruN 2.23.6-1/awscli/examples/opsworks/set-load-based-auto-scaling.rst 2.31.35-1/awscli/examples/opsworks/set-load-based-auto-scaling.rst --- 2.23.6-1/awscli/examples/opsworks/set-load-based-auto-scaling.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/set-load-based-auto-scaling.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -**To set the load-based scaling configuration for a layer** - -The following example enables load-based scaling for a specified layer and sets the configuration -for that layer. -You must use ``create-instance`` to add load-based instances to the layer. :: - - aws opsworks --region us-east-1 set-load-based-auto-scaling --layer-id 523569ae-2faf-47ac-b39e-f4c4b381f36d --enable --up-scaling file://upscale.json --down-scaling file://downscale.json - -The example puts the upscaling threshold settings in a separate file in the working directory named ``upscale.json``, which contains the following. :: - - { - "InstanceCount": 2, - "ThresholdsWaitTime": 3, - "IgnoreMetricsTime": 3, - "CpuThreshold": 85, - "MemoryThreshold": 85, - "LoadThreshold": 85 - } - -The example puts the downscaling threshold settings in a separate file in the working directory named ``downscale.json``, which contains the following. :: - - { - "InstanceCount": 2, - "ThresholdsWaitTime": 3, - "IgnoreMetricsTime": 3, - "CpuThreshold": 35, - "MemoryThreshold": 30, - "LoadThreshold": 30 - } - -*Output*: None. - -**More Information** - -For more information, see `Using Automatic Load-based Scaling`_ in the *AWS OpsWorks User Guide*. - -.. _`Using Automatic Load-based Scaling`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-autoscaling-loadbased.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/set-permission.rst 2.31.35-1/awscli/examples/opsworks/set-permission.rst --- 2.23.6-1/awscli/examples/opsworks/set-permission.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/set-permission.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -**To grant per-stack AWS OpsWorks permission levels** - -When you import an AWS Identity and Access Management (IAM) user into AWS OpsWorks by calling ``create-user-profile``, the user has only those -permissions that are granted by the attached IAM policies. -You can grant AWS OpsWorks permissions by modifying a user's policies. -However, it is often easier to import a user and then use the ``set-permission`` command to grant -the user one of the standard permission levels for each stack to which the user will need access. - -The following example grants permission for the specified stack for a user, who -is identified by Amazon Resource Name (ARN). The example grants the user a Manage permissions level, with sudo and SSH privileges on the stack's -instances. :: - - aws opsworks set-permission --region us-east-1 --stack-id 71c7ca72-55ae-4b6a-8ee1-a8dcded3fa0f --level manage --iam-user-arn arn:aws:iam::123456789102:user/cli-user-test --allow-ssh --allow-sudo - - -*Output*: None. - -**More Information** - -For more information, see `Granting AWS OpsWorks Users Per-Stack Permissions`_ in the *AWS OpsWorks User Guide*. - -.. _`Granting AWS OpsWorks Users Per-Stack Permissions`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-console.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/set-time-based-auto-scaling.rst 2.31.35-1/awscli/examples/opsworks/set-time-based-auto-scaling.rst --- 2.23.6-1/awscli/examples/opsworks/set-time-based-auto-scaling.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/set-time-based-auto-scaling.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -**To set the time-based scaling configuration for a layer** - -The following example sets the time-based configuration for a specified instance. -You must first use ``create-instance`` to add the instance to the layer. :: - - aws opsworks --region us-east-1 set-time-based-auto-scaling --instance-id 69b6237c-08c0-4edb-a6af-78f3d01cedf2 --auto-scaling-schedule file://schedule.json - -The example puts the schedule in a separate file in the working directory named ``schedule.json``. -For this example, the instance is on for a few hours around midday UTC (Coordinated Universal Time) on Monday and Tuesday. :: - - { - "Monday": { - "10": "on", - "11": "on", - "12": "on", - "13": "on" - }, - "Tuesday": { - "10": "on", - "11": "on", - "12": "on", - "13": "on" - } - } - -*Output*: None. - -**More Information** - -For more information, see `Using Automatic Time-based Scaling`_ in the *AWS OpsWorks User Guide*. - -.. _`Using Automatic Time-based Scaling`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-autoscaling-timebased.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/start-instance.rst 2.31.35-1/awscli/examples/opsworks/start-instance.rst --- 2.23.6-1/awscli/examples/opsworks/start-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/start-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To start an instance** - -The following ``start-instance`` command starts a specified 24/7 instance. :: - - aws opsworks start-instance --instance-id f705ee48-9000-4890-8bd3-20eb05825aaf - -*Output*: None. Use describe-instances_ to check the instance's status. - -.. _describe-instances: http://docs.aws.amazon.com/cli/latest/reference/opsworks/describe-instances.html - -**Tip** You can start every offline instance in a stack with one command by calling start-stack_. - -.. _start-stack: http://docs.aws.amazon.com/cli/latest/reference/opsworks/start-stack.html - -**More Information** - -For more information, see `Manually Starting, Stopping, and Rebooting 24/7 Instances`_ in the *AWS OpsWorks User Guide*. - -.. _`Manually Starting, Stopping, and Rebooting 24/7 Instances`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-starting.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/start-stack.rst 2.31.35-1/awscli/examples/opsworks/start-stack.rst --- 2.23.6-1/awscli/examples/opsworks/start-stack.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/start-stack.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To start a stack's instances** - -The following example starts all of a stack's 24/7 instances. -To start a particular instance, use ``start-instance``. :: - - aws opsworks --region us-east-1 start-stack --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 - -*Output*: None. - -**More Information** - -For more information, see `Starting an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Starting an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-starting.html#workinginstances-starting-start - diff -pruN 2.23.6-1/awscli/examples/opsworks/stop-instance.rst 2.31.35-1/awscli/examples/opsworks/stop-instance.rst --- 2.23.6-1/awscli/examples/opsworks/stop-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/stop-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To stop an instance** - -The following example stops a specified instance, which is identified by its instance ID. -You can obtain an instance ID by going to the instance's details page on the AWS OpsWorks console or by -running the ``describe-instances`` command. :: - - aws opsworks stop-instance --region us-east-1 --instance-id 3a21cfac-4a1f-4ce2-a921-b2cfba6f7771 - -You can restart a stopped instance by calling ``start-instance`` or by deleting the instance by calling -``delete-instance``. - -*Output*: None. - -**More Information** - -For more information, see `Stopping an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Stopping an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-starting.html#workinginstances-starting-stop - - diff -pruN 2.23.6-1/awscli/examples/opsworks/stop-stack.rst 2.31.35-1/awscli/examples/opsworks/stop-stack.rst --- 2.23.6-1/awscli/examples/opsworks/stop-stack.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/stop-stack.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To stop a stack's instances** - -The following example stops all of a stack's 24/7 instances. -To stop a particular instance, use ``stop-instance``. :: - - aws opsworks --region us-east-1 stop-stack --stack-id 8c428b08-a1a1-46ce-a5f8-feddc43771b8 - -*Output*: No output. - -**More Information** - -For more information, see `Stopping an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Stopping an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-starting.html#workinginstances-starting-stop - diff -pruN 2.23.6-1/awscli/examples/opsworks/unassign-instance.rst 2.31.35-1/awscli/examples/opsworks/unassign-instance.rst --- 2.23.6-1/awscli/examples/opsworks/unassign-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/unassign-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To unassign a registered instance from its layers** - -The following ``unassign-instance`` command unassigns an instance from its attached layers. :: - - aws opsworks --region us-east-1 unassign-instance --instance-id 4d6d1710-ded9-42a1-b08e-b043ad7af1e2 - -**Output**: None. - -**More Information** - -For more information, see `Unassigning a Registered Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Unassigning a Registered Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/registered-instances-unassign.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/unassign-volume.rst 2.31.35-1/awscli/examples/opsworks/unassign-volume.rst --- 2.23.6-1/awscli/examples/opsworks/unassign-volume.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/unassign-volume.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To unassign a volume from its instance** - -The following example unassigns a registered Amazon Elastic Block Store (Amazon EBS) volume from its instance. -The volume is identified by its volume ID, which is the GUID that AWS OpsWorks assigns when -you register the volume with a stack, not the Amazon Elastic Compute Cloud (Amazon EC2) volume ID. :: - - aws opsworks --region us-east-1 unassign-volume --volume-id 8430177d-52b7-4948-9c62-e195af4703df - -*Output*: None. - -**More Information** - -For more information, see `Unassigning Amazon EBS Volumes`_ in the *AWS OpsWorks User Guide*. - -.. _`Unassigning Amazon EBS Volumes`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-detach.html#resources-detach-ebs - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-app.rst 2.31.35-1/awscli/examples/opsworks/update-app.rst --- 2.23.6-1/awscli/examples/opsworks/update-app.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-app.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To update an app** - -The following example updates a specified app to change its name. :: - - aws opsworks --region us-east-1 update-app --app-id 26a61ead-d201-47e3-b55c-2a7c666942f8 --name NewAppName - -*Output*: None. - -**More Information** - -For more information, see `Editing Apps`_ in the *AWS OpsWorks User Guide*. - -.. _`Editing Apps`: http://docs.aws.amazon.com/opsworks/latest/userguide/workingapps-editing.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-elastic-ip.rst 2.31.35-1/awscli/examples/opsworks/update-elastic-ip.rst --- 2.23.6-1/awscli/examples/opsworks/update-elastic-ip.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-elastic-ip.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To update an Elastic IP address name** - -The following example updates the name of a specified Elastic IP address. :: - - aws opsworks --region us-east-1 update-elastic-ip --elastic-ip 54.148.130.96 --name NewIPName - -*Output*: None. - -**More Information** - -For more information, see `Resource Management`_ in the *AWS OpsWorks User Guide*. - -.. _`Resource Management`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-instance.rst 2.31.35-1/awscli/examples/opsworks/update-instance.rst --- 2.23.6-1/awscli/examples/opsworks/update-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To update an instance** - -The following example updates a specified instance's type. :: - - aws opsworks --region us-east-1 update-instance --instance-id dfe18b02-5327-493d-91a4-c5c0c448927f --instance-type c3.xlarge - -*Output*: None. - -**More Information** - -For more information, see `Editing the Instance Configuration`_ in the *AWS OpsWorks User Guide*. - -.. _`Editing the Instance Configuration`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-properties.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-layer.rst 2.31.35-1/awscli/examples/opsworks/update-layer.rst --- 2.23.6-1/awscli/examples/opsworks/update-layer.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-layer.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To update a layer** - -The following example updates a specified layer to use Amazon EBS-optimized instances. :: - - aws opsworks --region us-east-1 update-layer --layer-id 888c5645-09a5-4d0e-95a8-812ef1db76a4 --use-ebs-optimized-instances - -*Output*: None. - -**More Information** - -For more information, see `Editing an OpsWorks Layer's Configuration`_ in the *AWS OpsWorks User Guide*. - -.. _`Editing an OpsWorks Layer's Configuration`: http://docs.aws.amazon.com/opsworks/latest/userguide/workinglayers-basics-edit.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-my-user-profile.rst 2.31.35-1/awscli/examples/opsworks/update-my-user-profile.rst --- 2.23.6-1/awscli/examples/opsworks/update-my-user-profile.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-my-user-profile.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To update a user's profile** - -The following example updates the ``development`` user's profile to use a specified SSH public key. -The user's AWS credentials are represented by the ``development`` profile in the ``credentials`` file -(``~\.aws\credentials``), and the key is in a ``.pem`` file in the working directory. :: - - aws opsworks --region us-east-1 --profile development update-my-user-profile --ssh-public-key file://development_key.pem - -*Output*: None. - -**More Information** - -For more information, see `Editing AWS OpsWorks User Settings`_ in the *AWS OpsWorks User Guide*. - -.. _`Editing AWS OpsWorks User Settings`: http://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users-manage-edit.html - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-rds-db-instance.rst 2.31.35-1/awscli/examples/opsworks/update-rds-db-instance.rst --- 2.23.6-1/awscli/examples/opsworks/update-rds-db-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-rds-db-instance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -**To update a registered Amazon RDS DB instance** - -The following example updates an Amazon RDS instance's master password value. -Note that this command does not change the RDS instance's master password, just the password that -you provide to AWS OpsWorks. -If this password does not match the RDS instance's password, -your application will not be able to connect to the database. :: - - aws opsworks --region us-east-1 update-rds-db-instance --db-password 123456789 - -*Output*: None. - -**More Information** - -For more information, see `Registering Amazon RDS Instances with a Stack`_ in the *AWS OpsWorks User Guide*. - -.. _`Registering Amazon RDS Instances with a Stack`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-reg.html#resources-reg-rds - diff -pruN 2.23.6-1/awscli/examples/opsworks/update-volume.rst 2.31.35-1/awscli/examples/opsworks/update-volume.rst --- 2.23.6-1/awscli/examples/opsworks/update-volume.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworks/update-volume.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To update a registered volume** - -The following example updates a registered Amazon Elastic Block Store (Amazon EBS) volume's mount point. -The volume is identified by its volume ID, which is the GUID that AWS OpsWorks assigns to the volume when -you register it with a stack, not the Amazon Elastic Compute Cloud (Amazon EC2) volume ID.:: - - aws opsworks --region us-east-1 update-volume --volume-id 8430177d-52b7-4948-9c62-e195af4703df --mount-point /mnt/myvol - -*Output*: None. - -**More Information** - -For more information, see `Assigning Amazon EBS Volumes to an Instance`_ in the *AWS OpsWorks User Guide*. - -.. _`Assigning Amazon EBS Volumes to an Instance`: http://docs.aws.amazon.com/opsworks/latest/userguide/resources-attach.html#resources-attach-ebs - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/associate-node.rst 2.31.35-1/awscli/examples/opsworkscm/associate-node.rst --- 2.23.6-1/awscli/examples/opsworkscm/associate-node.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/associate-node.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -**To associate nodes** - -The following ``associate-node`` command associates a node named ``i-44de882p`` with -a Chef Automate server named ``automate-06``, meaning that the ``automate-06`` server -manages the node, and communicates recipe commands to the node through ``chef-client`` agent software -that is installed on the node by the associate-node command. Valid node names are EC2 instance IDs.:: - - aws opsworks-cm associate-node --server-name "automate-06" --node-name "i-43de882p" --engine-attributes "Name=CHEF_ORGANIZATION,Value='MyOrganization' Name=CHEF_NODE_PUBLIC_KEY,Value='Public_key_contents'" - -The output returned by the command resembles the following. -*Output*:: - - { - "NodeAssociationStatusToken": "AHUY8wFe4pdXtZC5DiJa5SOLp5o14DH//rHRqHDWXxwVoNBxcEy4V7R0NOFymh7E/1HumOBPsemPQFE6dcGaiFk" - } - -**More Information** - -For more information, see `Adding Nodes Automatically in AWS OpsWorks for Chef Automate`_ in the *AWS OpsWorks User Guide*. - -.. _`Adding Nodes Automatically in AWS OpsWorks for Chef Automate`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-unattend-assoc.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/create-backup.rst 2.31.35-1/awscli/examples/opsworkscm/create-backup.rst --- 2.23.6-1/awscli/examples/opsworkscm/create-backup.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/create-backup.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -**To create backups** - -The following ``create-backup`` command starts a manual backup of a Chef Automate server -named ``automate-06`` in the ``us-east-1`` region. The command adds a descriptive message to -the backup in the ``--description`` parameter. :: - - aws opsworks-cm create-backup \ - --server-name 'automate-06' \ - --description "state of my infrastructure at launch" - -The output shows you information similar to the following about the new backup. - -Output:: - - { - "Backups": [ - { - "BackupArn": "string", - "BackupId": "automate-06-20160729133847520", - "BackupType": "MANUAL", - "CreatedAt": 2016-07-29T13:38:47.520Z, - "Description": "state of my infrastructure at launch", - "Engine": "Chef", - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/automate-06-1010V4UU2WRM2", - "InstanceType": "m4.large", - "KeyPair": "", - "PreferredBackupWindow": "", - "PreferredMaintenanceWindow": "", - "S3LogUrl": "https://s3.amazonaws.com//automate-06-20160729133847520", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role.1114810729735", - "Status": "OK", - "StatusDescription": "", - "SubnetIds": [ "subnet-49436a18" ], - "ToolsVersion": "string", - "UserArn": "arn:aws:iam::1019881987024:user/opsworks-user" - } - ], - } - -For more information, see `Back Up and Restore an AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Back Up and Restore an AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-backup-restore.html \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworkscm/create-server.rst 2.31.35-1/awscli/examples/opsworkscm/create-server.rst --- 2.23.6-1/awscli/examples/opsworkscm/create-server.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/create-server.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -**To create a server** - -The following ``create-server`` example creates a new Chef Automate server named ``automate-06`` in your default region. Note that defaults are used for most other settings, such as number of backups to retain, and maintenance and backup start times. Before you run a ``create-server`` command, complete prerequisites in `Getting Started with AWS OpsWorks for Chef Automate `__ in the *AWS Opsworks for Chef Automate User Guide*. :: - - aws opsworks-cm create-server \ - --engine "Chef" \ - --engine-model "Single" \ - --engine-version "12" \ - --server-name "automate-06" \ - --instance-profile-arn "arn:aws:iam::1019881987024:instance-profile/aws-opsworks-cm-ec2-role" \ - --instance-type "t2.medium" \ - --key-pair "amazon-test" \ - --service-role-arn "arn:aws:iam::044726508045:role/aws-opsworks-cm-service-role" - -The output shows you information similar to the following about the new server:: - - { - "Server": { - "BackupRetentionCount": 10, - "CreatedAt": 2016-07-29T13:38:47.520Z, - "DisableAutomatedBackup": FALSE, - "Endpoint": "https://opsworks-cm.us-east-1.amazonaws.com", - "Engine": "Chef", - "EngineAttributes": [ - { - "Name": "CHEF_DELIVERY_ADMIN_PASSWORD", - "Value": "1Password1" - } - ], - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/aws-opsworks-cm-ec2-role", - "InstanceType": "t2.medium", - "KeyPair": "amazon-test", - "MaintenanceStatus": "", - "PreferredBackupWindow": "Sun:02:00", - "PreferredMaintenanceWindow": "00:00", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerArn": "arn:aws:iam::1019881987024:instance/automate-06-1010V4UU2WRM2", - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role", - "Status": "CREATING", - "StatusReason": "", - "SubnetIds": [ "subnet-49436a18" ] - } - } - -For more information, see `UpdateServer `_ in the *AWS OpsWorks for Chef Automate API Reference*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworkscm/delete-backup.rst 2.31.35-1/awscli/examples/opsworkscm/delete-backup.rst --- 2.23.6-1/awscli/examples/opsworkscm/delete-backup.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/delete-backup.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To delete backups** - -The following ``delete-backup`` command deletes a manual or automated backup of -a Chef Automate server, identified by the backup ID. This command is useful when -you are approaching the maximum number of backups that you can save, or you want -to minimize your Amazon S3 storage costs.:: - - aws opsworks-cm delete-backup --backup-id "automate-06-2016-11-19T23:42:40.240Z" - -The output shows whether the backup deletion succeeded. - -**More Information** - -For more information, see `Back Up and Restore an AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Back Up and Restore an AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-backup-restore.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/delete-server.rst 2.31.35-1/awscli/examples/opsworkscm/delete-server.rst --- 2.23.6-1/awscli/examples/opsworkscm/delete-server.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/delete-server.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To delete servers** - -The following ``delete-server`` command deletes a Chef Automate server, identified -by the server's name. After the server is deleted, it is no longer returned by -``DescribeServer`` requests.:: - - aws opsworks-cm delete-server --server-name "automate-06" - -The output shows whether the server deletion succeeded. - -**More Information** - -For more information, see `Delete an AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Delete an AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-delete-server.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/describe-account-attributes.rst 2.31.35-1/awscli/examples/opsworkscm/describe-account-attributes.rst --- 2.23.6-1/awscli/examples/opsworkscm/describe-account-attributes.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/describe-account-attributes.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -**To describe account attributes** - -The following ``describe-account-attributes`` command returns information about your -account's usage of AWS OpsWorks for Chef Automate resources.:: - - aws opsworks-cm describe-account-attributes - -The output for each account attribute entry returned by the command resembles the following. -*Output*:: - - { - "Attributes": [ - { - "Maximum": 5, - "Name": "ServerLimit", - "Used": 2 - } - ] - } - -**More Information** - -For more information, see `DescribeAccountAttributes`_ in the *AWS OpsWorks for Chef Automate API Reference*. - -.. _`DescribeAccountAttributes`: http://docs.aws.amazon.com/opsworks-cm/latest/APIReference/API_DescribeAccountAttributes.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/describe-backups.rst 2.31.35-1/awscli/examples/opsworkscm/describe-backups.rst --- 2.23.6-1/awscli/examples/opsworkscm/describe-backups.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/describe-backups.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ -**To describe backups** - -The following ``describe-backups`` command returns information about all backups -associated with your account in your default region. :: - - aws opsworks-cm describe-backups - -The output for each backup entry returned by the command resembles the following. - -Output:: - - { - "Backups": [ - { - "BackupArn": "string", - "BackupId": "automate-06-20160729133847520", - "BackupType": "MANUAL", - "CreatedAt": 2016-07-29T13:38:47.520Z, - "Description": "state of my infrastructure at launch", - "Engine": "Chef", - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/automate-06-1010V4UU2WRM2", - "InstanceType": "m4.large", - "KeyPair": "", - "PreferredBackupWindow": "", - "PreferredMaintenanceWindow": "", - "S3LogUrl": "https://s3.amazonaws.com//automate-06-20160729133847520", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role.1114810729735", - "Status": "Successful", - "StatusDescription": "", - "SubnetIds": [ "subnet-49436a18" ], - "ToolsVersion": "string", - "UserArn": "arn:aws:iam::1019881987024:user/opsworks-user" - } - ], - } - -For more information, see `Back Up and Restore an AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Back Up and Restore an AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-backup-restore.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/describe-events.rst 2.31.35-1/awscli/examples/opsworkscm/describe-events.rst --- 2.23.6-1/awscli/examples/opsworkscm/describe-events.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/describe-events.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -**To describe events** - -The following ``describe-events`` example returns information about all events that are associated with the specified Chef Automate server. :: - - aws opsworks-cm describe-events \ - --server-name 'automate-06' - -The output for each event entry returned by the command resembles the following example:: - - { - "ServerEvents": [ - { - "CreatedAt": 2016-07-29T13:38:47.520Z, - "LogUrl": "https://s3.amazonaws.com//automate-06-20160729133847520", - "Message": "Updates successfully installed.", - "ServerName": "automate-06" - } - ] - } - -For more information, see `General Troubleshooting Tips `_ in the *AWS OpsWorks User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworkscm/describe-node-association-status.rst 2.31.35-1/awscli/examples/opsworkscm/describe-node-association-status.rst --- 2.23.6-1/awscli/examples/opsworkscm/describe-node-association-status.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/describe-node-association-status.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To describe node association status** - -The following ``describe-node-association-status`` command returns the status of a -request to associate a node with a Chef Automate server named ``automate-06``.:: - - aws opsworks-cm describe-node-association-status --server-name "automate-06" --node-association-status-token "AflJKl+/GoKLZJBdDQEx0O65CDi57blQe9nKM8joSok0pQ9xr8DqApBN9/1O6sLdSvlfDEKkEx+eoCHvjoWHaOs=" - -The output for each account attribute entry returned by the command resembles the following. -*Output*:: - - { - "NodeAssociationStatus": "IN_PROGRESS" - } - -**More Information** - -For more information, see `DescribeNodeAssociationStatus`_ in the *AWS OpsWorks for Chef Automate API Reference*. - -.. _`DescribeNodeAssociationStatus`: http://docs.aws.amazon.com/opsworks-cm/latest/APIReference/API_DescribeNodeAssociationStatus.html - diff -pruN 2.23.6-1/awscli/examples/opsworkscm/describe-servers.rst 2.31.35-1/awscli/examples/opsworkscm/describe-servers.rst --- 2.23.6-1/awscli/examples/opsworkscm/describe-servers.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/describe-servers.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,48 +0,0 @@ -**To describe servers** - -The following ``describe-servers`` command returns information about all servers -that are associated with your account, and in your default region.:: - - aws opsworks-cm describe-servers - -The output for each server entry returned by the command resembles the following. -*Output*:: - - { - "Servers": [ - { - "BackupRetentionCount": 8, - "CreatedAt": 2016-07-29T13:38:47.520Z, - "DisableAutomatedBackup": FALSE, - "Endpoint": "https://opsworks-cm.us-east-1.amazonaws.com", - "Engine": "Chef", - "EngineAttributes": [ - { - "Name": "CHEF_DELIVERY_ADMIN_PASSWORD", - "Value": "1Password1" - } - ], - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/automate-06-1010V4UU2WRM2", - "InstanceType": "m4.large", - "KeyPair": "", - "MaintenanceStatus": "SUCCESS", - "PreferredBackupWindow": "03:00", - "PreferredMaintenanceWindow": "Mon:09:00", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerArn": "arn:aws:iam::1019881987024:instance/automate-06-1010V4UU2WRM2", - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role.1114810729735", - "Status": "HEALTHY", - "StatusReason": "", - "SubnetIds": [ "subnet-49436a18" ] - } - ] - } - -**More Information** - -For more information, see `DescribeServers`_ in the *AWS OpsWorks for Chef Automate API Guide*. - -.. _`DescribeServers`: http://docs.aws.amazon.com/opsworks-cm/latest/APIReference/API_DescribeServers.html diff -pruN 2.23.6-1/awscli/examples/opsworkscm/disassociate-node.rst 2.31.35-1/awscli/examples/opsworkscm/disassociate-node.rst --- 2.23.6-1/awscli/examples/opsworkscm/disassociate-node.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/disassociate-node.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -**To disassociate nodes** - -The following ``disassociate-node`` command disassociates a node named ``i-44de882p``, removing the node from -management by a Chef Automate server named ``automate-06``. Valid node names are EC2 instance IDs.:: - - aws opsworks-cm disassociate-node --server-name "automate-06" --node-name "i-43de882p" --engine-attributes "Name=CHEF_ORGANIZATION,Value='MyOrganization' Name=CHEF_NODE_PUBLIC_KEY,Value='Public_key_contents'" - -The output returned by the command resembles the following. -*Output*:: - - { - "NodeAssociationStatusToken": "AHUY8wFe4pdXtZC5DiJa5SOLp5o14DH//rHRqHDWXxwVoNBxcEy4V7R0NOFymh7E/1HumOBPsemPQFE6dcGaiFk" - } - -**More Information** - -For more information, see `Delete an AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Delete an AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-delete-server.html diff -pruN 2.23.6-1/awscli/examples/opsworkscm/restore-server.rst 2.31.35-1/awscli/examples/opsworkscm/restore-server.rst --- 2.23.6-1/awscli/examples/opsworkscm/restore-server.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/restore-server.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To restore a server** - -The following ``restore-server`` command performs an in-place restoration of a -Chef Automate server named ``automate-06`` in your default region from a backup -with an ID of ``automate-06-2016-11-22T16:13:27.998Z``. Restoring a server restores -connections to the nodes that the Chef Automate server was managing at the time -that the specified backup was performed. - - aws opsworks-cm restore-server --backup-id "automate-06-2016-11-22T16:13:27.998Z" --server-name "automate-06" - -The output is the command ID only. -*Output*:: - - (None) - -**More Information** - -For more information, see `Restore a Failed AWS OpsWorks for Chef Automate Server`_ in the *AWS OpsWorks User Guide*. - -.. _`Restore a Failed AWS OpsWorks for Chef Automate Server`: http://docs.aws.amazon.com/opsworks/latest/userguide/opscm-chef-restore.html diff -pruN 2.23.6-1/awscli/examples/opsworkscm/start-maintenance.rst 2.31.35-1/awscli/examples/opsworkscm/start-maintenance.rst --- 2.23.6-1/awscli/examples/opsworkscm/start-maintenance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/start-maintenance.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -**To start maintenance** - -The following ``start-maintenance`` example manually starts maintenance on the specified Chef Automate or Puppet Enterprise server in your default region. This command is useful if an earlier, automated maintenance attempt failed, and the underlying cause of maintenance failure has been resolved. :: - - aws opsworks-cm start-maintenance \ - --server-name 'automate-06' - -Output:: - - { - "Server": { - "AssociatePublicIpAddress": true, - "BackupRetentionCount": 10, - "ServerName": "automate-06", - "CreatedAt": 1569229584.842, - "CloudFormationStackArn": "arn:aws:cloudformation:us-west-2:123456789012:stack/aws-opsworks-cm-instance-automate-06-1606611794746/EXAMPLE0-31de-11eb-bdb0-0a5b0a1353b8", - "DisableAutomatedBackup": false, - "Endpoint": "automate-06-EXAMPLEvr8gjfk5f.us-west-2.opsworks-cm.io", - "Engine": "ChefAutomate", - "EngineModel": "Single", - "EngineAttributes": [], - "EngineVersion": "2020-07", - "InstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/aws-opsworks-cm-ec2-role", - "InstanceType": "m5.large", - "PreferredMaintenanceWindow": "Sun:01:00", - "PreferredBackupWindow": "Sun:15:00", - "SecurityGroupIds": [ - "sg-EXAMPLE" - ], - "ServiceRoleArn": "arn:aws:iam::123456789012:role/service-role/aws-opsworks-cm-service-role", - "Status": "UNDER_MAINTENANCE", - "SubnetIds": [ - "subnet-EXAMPLE" - ], - "ServerArn": "arn:aws:opsworks-cm:us-west-2:123456789012:server/automate-06/0148382d-66b0-4196-8274-d1a2b6dff8d1" - } - } - -For more information, see `System Maintenance (Puppet Enterprise servers) `_ or `System Maintenance (Chef Automate servers) `_ in the *AWS OpsWorks User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/opsworkscm/update-server-engine-attributes.rst 2.31.35-1/awscli/examples/opsworkscm/update-server-engine-attributes.rst --- 2.23.6-1/awscli/examples/opsworkscm/update-server-engine-attributes.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/update-server-engine-attributes.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -**To update server engine attributes** - -The following ``update-server-engine-attributes`` command updates the value of the ``CHEF_PIVOTAL_KEY`` engine attribute for a Chef Automate server named ``automate-06``. It is currently not possible to change the value of other engine attributes. :: - - aws opsworks-cm update-server-engine-attributes \ - --attribute-name CHEF_PIVOTAL_KEY \ - --attribute-value "new key value" \ - --server-name "automate-06" - -The output shows you information similar to the following about the updated server. :: - - { - "Server": { - "BackupRetentionCount": 2, - "CreatedAt": 2016-07-29T13:38:47.520Z, - "DisableAutomatedBackup": FALSE, - "Endpoint": "https://opsworks-cm.us-east-1.amazonaws.com", - "Engine": "Chef", - "EngineAttributes": [ - { - "Name": "CHEF_PIVOTAL_KEY", - "Value": "new key value" - } - ], - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/automate-06-1010V4UU2WRM2", - "InstanceType": "m4.large", - "KeyPair": "", - "MaintenanceStatus": "SUCCESS", - "PreferredBackupWindow": "Mon:09:15", - "PreferredMaintenanceWindow": "03:00", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerArn": "arn:aws:iam::1019881987024:instance/automate-06-1010V4UU2WRM2", - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role.1114810729735", - "Status": "HEALTHY", - "StatusReason": "", - "SubnetIds": [ "subnet-49436a18" ] - } - } - -For more information, see `UpdateServerEngineAttributes `_ in the *AWS OpsWorks for Chef Automate API Reference*. diff -pruN 2.23.6-1/awscli/examples/opsworkscm/update-server.rst 2.31.35-1/awscli/examples/opsworkscm/update-server.rst --- 2.23.6-1/awscli/examples/opsworkscm/update-server.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/opsworkscm/update-server.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -**To update a server** - -The following ``update-server`` command updates the maintenance start time of the specified Chef Automate server in your default region. The ``--preferred-maintenance-window`` parameter is added to change the start day and time of server maintenance to Mondays at 9:15 a.m. UTC.:: - - aws opsworks-cm update-server \ - --server-name "automate-06" \ - --preferred-maintenance-window "Mon:09:15" - -The output shows you information similar to the following about the updated server. :: - - { - "Server": { - "BackupRetentionCount": 8, - "CreatedAt": 2016-07-29T13:38:47.520Z, - "DisableAutomatedBackup": TRUE, - "Endpoint": "https://opsworks-cm.us-east-1.amazonaws.com", - "Engine": "Chef", - "EngineAttributes": [ - { - "Name": "CHEF_DELIVERY_ADMIN_PASSWORD", - "Value": "1Password1" - } - ], - "EngineModel": "Single", - "EngineVersion": "12", - "InstanceProfileArn": "arn:aws:iam::1019881987024:instance-profile/automate-06-1010V4UU2WRM2", - "InstanceType": "m4.large", - "KeyPair": "", - "MaintenanceStatus": "OK", - "PreferredBackupWindow": "Mon:09:15", - "PreferredMaintenanceWindow": "03:00", - "SecurityGroupIds": [ "sg-1a24c270" ], - "ServerArn": "arn:aws:iam::1019881987024:instance/automate-06-1010V4UU2WRM2", - "ServerName": "automate-06", - "ServiceRoleArn": "arn:aws:iam::1019881987024:role/aws-opsworks-cm-service-role.1114810729735", - "Status": "HEALTHY", - "StatusReason": "", - "SubnetIds": [ "subnet-49436a18" ] - } - } - -For more information, see `UpdateServer `_ in the *AWS OpsWorks for Chef Automate API Reference*. diff -pruN 2.23.6-1/awscli/examples/pi/create-performance-analysis-report.rst 2.31.35-1/awscli/examples/pi/create-performance-analysis-report.rst --- 2.23.6-1/awscli/examples/pi/create-performance-analysis-report.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/create-performance-analysis-report.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To create a performance analysis report** + +The following ``create-performance-analysis-report`` example creates a performance analysis report with the start time ``1682969503`` and end time ``1682979503`` for the database ``db-abcdefg123456789``. :: + + aws pi create-performance-analysis-report \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --start-time 1682969503 \ + --end-time 1682979503 + +Output:: + + { + "AnalysisReportId": "report-0234d3ed98e28fb17" + } + +For more information about creating performance analysis reports, see `Creating a performance analysis report in Performance Insights `__ in the *Amazon RDS User Guide* and `Creating a performance analysis report in Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/delete-performance-analysis-report.rst 2.31.35-1/awscli/examples/pi/delete-performance-analysis-report.rst --- 2.23.6-1/awscli/examples/pi/delete-performance-analysis-report.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/delete-performance-analysis-report.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +**To delete a performance analysis report** + +The following ``delete-performance-analysis-report`` example deletes the performance analysis report with the report ID ``report-0d99cc91c4422ee61``. :: + + aws pi delete-performance-analysis-report \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --analysis-report-id report-0d99cc91c4422ee61 + +This command produces no output. + +For more information about deleting performance analysis reports, see `Deleting a performance analysis report in Performance Insights `__ in the *Amazon RDS User Guide* and `Deleting a performance analysis report in Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/describe-dimension-keys.rst 2.31.35-1/awscli/examples/pi/describe-dimension-keys.rst --- 2.23.6-1/awscli/examples/pi/describe-dimension-keys.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/describe-dimension-keys.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To describe dimension keys** +**Example 1: To describe dimension keys** This example requests the names of all wait events. The data is summarized by event name, and the aggregate values of those events over the specified time period. @@ -54,3 +54,35 @@ Output:: } ] } + +**Example 2: To find the SQL ID for statements contributing the most to DB load** + +The following ``describe-dimension-keys`` requests the SQL statement and SQL ID for the 10 statements that contributed the most to DB load. :: + + aws pi describe-dimension-keys \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --start-time 2023-05-01T00:00:00Z \ + --end-time 2023-05-01T01:00:00Z \ + --metric db.load.avg \ + --group-by '{"Group": "db.sql", "Dimensions": ["db.sql.id", "db.sql.statement"],"Limit": 10}' + +Output:: + + { + "AlignedEndTime": 1.5270804E9, + "AlignedStartTime": 1.5270264E9, + "Identifier": "db-abcdefg123456789", + "MetricList": [ + { + "Keys": [ + { + "Dimensions": {"db.sql.id": "AKIAIOSFODNN7EXAMPLE", "db.sql.statement": "SELECT * FROM customers WHERE customer_id = 123"}, + "Total": 25.5,"Partitions": [12.3, 13.2] + } + ] + } + ] + } + +For more information about dimensions in Performance Insights, see `Database load `__ in the *Amazon RDS User Guide* and `Database load `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/get-dimension-key-details.rst 2.31.35-1/awscli/examples/pi/get-dimension-key-details.rst --- 2.23.6-1/awscli/examples/pi/get-dimension-key-details.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/get-dimension-key-details.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,25 @@ +**To get details for a specified dimension group for a DB instance** + +The following ``get-dimension-key-details`` example retrieves the full text of a SQL statement for DB instance ``db-10BCD2EFGHIJ3KL4M5NO6PQRS5``. The ``--group`` is ``db.sql``, and the ``--group-identifier`` is ``db.sql.id``. In this example, ``example-sql-id`` represents a SQL ID retrieved by using the ``get-resource-metrics`` or ``describe-dimension-keys`` operations. In this example, the dimensions details are available. Thus, Performance Insights retrieves the full text of the SQL statement, without truncating it. :: + + aws pi get-dimension-key-details \ + --service-type RDS \ + --identifier db-10BCD2EFGHIJ3KL4M5NO6PQRS5 \ + --group db.sql \ + --group-identifier example-sql-id \ + --requested-dimensions statement + +Output:: + + { + "Dimensions":[ + { + "Value": "SELECT e.last_name, d.department_name FROM employees e, departments d WHERE e.department_id=d.department_id", + "Dimension": "db.sql.statement", + "Status": "AVAILABLE" + }, + ... + ] + } + +For more information about dimensions in Performance Insights, see `Database load `__ in the *Amazon RDS User Guide* and `Database load `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/get-performance-analysis-report.rst 2.31.35-1/awscli/examples/pi/get-performance-analysis-report.rst --- 2.23.6-1/awscli/examples/pi/get-performance-analysis-report.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/get-performance-analysis-report.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To get a performance analysis report** + +The following ``get-performance-analysis-report`` example gets the performance analysis report for the database ``db-abcdefg123456789`` with the report ID ``report-0d99cc91c4422ee61``. The response provides the report status, ID, time details, and insights. :: + + aws pi get-performance-analysis-report \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --analysis-report-id report-0d99cc91c4422ee61 + +Output:: + + { + "AnalysisReport": { + "Status": "Succeeded", + "ServiceType": "RDS", + "Identifier": "db-abcdefg123456789", + "StartTime": 1680583486.584, + "AnalysisReportId": "report-0d99cc91c4422ee61", + "EndTime": 1680587086.584, + "CreateTime": 1680587087.139, + "Insights": [ + ... (Condensed for space) + ] + } + } + +For more information about performance analysis reports, see `Analyzing database performance for a period of time `__ in the *Amazon RDS User Guide* and `Analyzing database performance for a period of time `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/get-resource-metadata.rst 2.31.35-1/awscli/examples/pi/get-resource-metadata.rst --- 2.23.6-1/awscli/examples/pi/get-resource-metadata.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/get-resource-metadata.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,20 @@ +**To get resource metadata for a database** + +The following ``get-resource-metadata`` example gets the resource metadata for the database ``db-abcdefg123456789``. The response shows that SQL digest statistics are enabled. :: + + aws pi get-resource-metadata \ + --service-type RDS \ + --identifier db-abcdefg123456789 + +Output:: + + { + "Identifier": "db-abcdefg123456789", + "Features":{ + "SQL_DIGEST_STATISTICS":{ + "Status": "ENABLED" + } + } + } + +For more information about SQL statistics for Performance Insights, see `SQL statistics for Performance Insights `__ in the *Amazon RDS User Guide* and `SQL statistics for Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/list-available-resource-dimensions.rst 2.31.35-1/awscli/examples/pi/list-available-resource-dimensions.rst --- 2.23.6-1/awscli/examples/pi/list-available-resource-dimensions.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/list-available-resource-dimensions.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,48 @@ +**To list the dimensions that can be queried for a metric type on a DB instance** + +The following ``list-available-resource-dimensions`` example lists the ``db.load`` metrics you can query for the database ``db-abcdefg123456789``. :: + + aws pi list-available-resource-dimensions \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --metrics db.load + +Output:: + + { + "MetricDimensions": [ + { + "Metric": "db.load", + "Groups": [ + { + "Group": "db.user", + "Dimensions": [ + { + "Identifier": "db.user.id" + }, + { + "Identifier": "db.user.name" + } + ] + }, + { + "Group": "db.sql_tokenized", + "Dimensions": [ + { + "Identifier": "db.sql_tokenized.id" + }, + { + "Identifier": "db.sql_tokenized.db_id" + }, + { + "Identifier": "db.sql_tokenized.statement" + } + ] + }, + ... + ] + } + ] + } + +For more information about dimensions in Performance Insights, see `Database load `__ in the *Amazon RDS User Guide* and `Database load `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/list-available-resource-metrics.rst 2.31.35-1/awscli/examples/pi/list-available-resource-metrics.rst --- 2.23.6-1/awscli/examples/pi/list-available-resource-metrics.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/list-available-resource-metrics.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To list the metrics that can be queried for a metric type on a DB instance** + +The following ``list-available-resource-metrics`` example lists the ``db.load`` metrics you can query for the database ``db-abcdefg123456789``. :: + + aws pi list-available-resource-metrics \ + --service-type RDS \ + --identifier db-abcdefg123456789 \ + --metric-types "os" "db" + +Output:: + + { + "Metrics": [ + { + "Description": "The number of virtual CPUs for the DB instance", + "Metric": "os.general.numVCPUs", + "Unit": "vCPUs" + }, + ......, + { + "Description": "Time spent reading data file blocks by backends in this instance", + "Metric": "db.IO.read_latency", + "Unit": "Milliseconds per block" + }, + ...... + ] + } + +For more information about metrics in Performance Insights, see `Database load `__ in the *Amazon RDS User Guide* and `Database load `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/list-performance-analysis-reports.rst 2.31.35-1/awscli/examples/pi/list-performance-analysis-reports.rst --- 2.23.6-1/awscli/examples/pi/list-performance-analysis-reports.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/list-performance-analysis-reports.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,44 @@ +**To list performance analysis reports for a database** + +The following ``list-performance-analysis-reports`` example lists performance analysis reports for the database ``db-abcdefg123456789``. The response lists all the reports with the report ID, status, and time period details. :: + + aws pi list-performance-analysis-reports \ + --service-type RDS \ + --identifier db-abcdefg123456789 + +Output:: + + { + "AnalysisReports": [ + { + "Status": "Succeeded", + "EndTime": 1680587086.584, + "CreateTime": 1680587087.139, + "StartTime": 1680583486.584, + "AnalysisReportId": "report-0d99cc91c4422ee61" + }, + { + "Status": "Succeeded", + "EndTime": 1681491137.914, + "CreateTime": 1681491145.973, + "StartTime": 1681487537.914, + "AnalysisReportId": "report-002633115cc002233" + }, + { + "Status": "Succeeded", + "EndTime": 1681493499.849, + "CreateTime": 1681493507.762, + "StartTime": 1681489899.849, + "AnalysisReportId": "report-043b1e006b47246f9" + }, + { + "Status": "InProgress", + "EndTime": 1682979503.0, + "CreateTime": 1682979618.994, + "StartTime": 1682969503.0, + "AnalysisReportId": "report-01ad15f9b88bcbd56" + } + ] + } + +For more information about performance analysis reports, see `Analyzing database performance for a period of time `__ in the *Amazon RDS User Guide* and `Analyzing database performance for a period of time `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/list-tags-for-resource.rst 2.31.35-1/awscli/examples/pi/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/pi/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/list-tags-for-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,20 @@ +**To list tags for a performance analysis report** + +The following ``list-tags-for-resource`` example lists tags for a performance analysis report with the report ID ``report-0d99cc91c4422ee61``. :: + + aws pi list-tags-for-resource \ + --service-type RDS \ + --resource-arn arn:aws:pi:us-west-2:123456789012:perf-reports/RDS/db-abcdefg123456789/report-0d99cc91c4422ee61 + +Output:: + + { + "Tags": [ + { + "Value": "test-tag", + "Key": "name" + } + ] + } + +For more information about tagging performance analysis reports, see `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon RDS User Guide* and `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/tag-resource.rst 2.31.35-1/awscli/examples/pi/tag-resource.rst --- 2.23.6-1/awscli/examples/pi/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/tag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +**To add a tag to a performance analysis report** + +The following ``tag-resource`` example adds the tag key ``name`` with the tag value ``test-tag`` to a performance analysis report with the report ID ``report-0d99cc91c4422ee61``. :: + + aws pi tag-resource \ + --service-type RDS \ + --resource-arn arn:aws:pi:us-west-2:123456789012:perf-reports/RDS/db-abcdefg123456789/report-0d99cc91c4422ee61 \ + --tags Key=name,Value=test-tag + +This command produces no output. + +For more information about tagging performance analysis reports, see `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon RDS User Guide* and `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/pi/untag-resource.rst 2.31.35-1/awscli/examples/pi/untag-resource.rst --- 2.23.6-1/awscli/examples/pi/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/pi/untag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,12 @@ +**To delete a tag for a performance analysis report** + +The following ``untag-resource`` example deletes the tag ``name`` for a performance analysis report with the report ID ``report-0d99cc91c4422ee61``. :: + + aws pi untag-resource \ + --service-type RDS \ + --resource-arn arn:aws:pi:us-west-2:123456789012:perf-reports/RDS/db-abcdefg123456789/report-0d99cc91c4422ee61 \ + --tag-keys name + +This command produces no output. + +For more information about tagging performance analysis reports, see `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon RDS User Guide* and `Adding tags to a performance analysis report in Performance Insights `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/qldb/cancel-journal-kinesis-stream.rst 2.31.35-1/awscli/examples/qldb/cancel-journal-kinesis-stream.rst --- 2.23.6-1/awscli/examples/qldb/cancel-journal-kinesis-stream.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/cancel-journal-kinesis-stream.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -**To cancel a journal stream** - -The following ``cancel-journal-kinesis-stream`` example cancels the specified journal stream from a ledger. :: - - aws qldb cancel-journal-kinesis-stream \ - --ledger-name myExampleLedger \ - --stream-id 7ISCkqwe4y25YyHLzYUFAf - -Output:: - - { - "StreamId": "7ISCkqwe4y25YyHLzYUFAf" - } - -For more information, see `Streaming journal data from Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/create-ledger.rst 2.31.35-1/awscli/examples/qldb/create-ledger.rst --- 2.23.6-1/awscli/examples/qldb/create-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/create-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -**Example 1: To create a ledger with default properties** - -The following ``create-ledger`` example creates a ledger with the name ``myExampleLedger`` and the permissions mode ``STANDARD``. The optional parameters for deletion protection and AWS KMS key are not specified, so they default to ``true`` and an AWS owned KMS key respectively. :: - - aws qldb create-ledger \ - --name myExampleLedger \ - --permissions-mode STANDARD - -Output:: - - { - "State": "CREATING", - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "DeletionProtection": true, - "CreationDateTime": 1568839243.951, - "Name": "myExampleLedger", - "PermissionsMode": "STANDARD" - } - -**Example 2: To create a ledger with deletion protection disabled, a customer managed KMS key, and specified tags** - -The following ``create-ledger`` example creates a ledger with the name ``myExampleLedger2`` and the permissions mode ``STANDARD``. The deletion protection feature is disabled, the specified customer managed KMS key is used for encryption at rest, and the specified tags are attached to the resource. :: - - aws qldb create-ledger \ - --name myExampleLedger2 \ - --permissions-mode STANDARD \ - --no-deletion-protection \ - --kms-key arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ - --tags IsTest=true,Domain=Test - -Output:: - - { - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger2", - "DeletionProtection": false, - "CreationDateTime": 1568839543.557, - "State": "CREATING", - "Name": "myExampleLedger2", - "PermissionsMode": "STANDARD", - "KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" - } - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/qldb/delete-ledger.rst 2.31.35-1/awscli/examples/qldb/delete-ledger.rst --- 2.23.6-1/awscli/examples/qldb/delete-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/delete-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -**To delete a ledger** - -The following ``delete-ledger`` example deletes the specified ledger. :: - - aws qldb delete-ledger \ - --name myExampleLedger - -This command produces no output. - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/describe-journal-kinesis-stream.rst 2.31.35-1/awscli/examples/qldb/describe-journal-kinesis-stream.rst --- 2.23.6-1/awscli/examples/qldb/describe-journal-kinesis-stream.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/describe-journal-kinesis-stream.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -**To describe a journal stream** - -The following ``describe-journal-kinesis-stream`` example displays the details for the specified journal stream from a ledger. :: - - aws qldb describe-journal-kinesis-stream \ - --ledger-name myExampleLedger \ - --stream-id 7ISCkqwe4y25YyHLzYUFAf - -Output:: - - { - "Stream": { - "LedgerName": "myExampleLedger", - "CreationTime": 1591221984.677, - "InclusiveStartTime": 1590710400.0, - "ExclusiveEndTime": 1590796799.0, - "RoleArn": "arn:aws:iam::123456789012:role/my-kinesis-stream-role", - "StreamId": "7ISCkqwe4y25YyHLzYUFAf", - "Arn": "arn:aws:qldb:us-east-1:123456789012:stream/myExampleLedger/7ISCkqwe4y25YyHLzYUFAf", - "Status": "ACTIVE", - "KinesisConfiguration": { - "StreamArn": "arn:aws:kinesis:us-east-1:123456789012:stream/stream-for-qldb", - "AggregationEnabled": true - }, - "StreamName": "myExampleLedger-stream" - } - } - -For more information, see `Streaming journal data from Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/describe-journal-s3-export.rst 2.31.35-1/awscli/examples/qldb/describe-journal-s3-export.rst --- 2.23.6-1/awscli/examples/qldb/describe-journal-s3-export.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/describe-journal-s3-export.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -**To describe a journal export job** - -The following ``describe-journal-s3-export`` example displays the details for the specified export job from a ledger. :: - - aws qldb describe-journal-s3-export \ - --name myExampleLedger \ - --export-id ADR2ONPKN5LINYGb4dp7yZ - -Output:: - - { - "ExportDescription": { - "S3ExportConfiguration": { - "Bucket": "amzn-s3-demo-bucket", - "Prefix": "ledgerexport1/", - "EncryptionConfiguration": { - "ObjectEncryptionType": "SSE_S3" - } - }, - "RoleArn": "arn:aws:iam::123456789012:role/my-s3-export-role", - "Status": "COMPLETED", - "ExportCreationTime": 1568847801.418, - "InclusiveStartTime": 1568764800.0, - "ExclusiveEndTime": 1568847599.0, - "LedgerName": "myExampleLedger", - "ExportId": "ADR2ONPKN5LINYGb4dp7yZ" - } - } - -For more information, see `Exporting Your Journal in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/describe-ledger.rst 2.31.35-1/awscli/examples/qldb/describe-ledger.rst --- 2.23.6-1/awscli/examples/qldb/describe-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/describe-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -**To describe a ledger** - -The following ``describe-ledger`` example displays the details for the specified ledger. :: - - aws qldb describe-ledger \ - --name myExampleLedger - -Output:: - - { - "CreationDateTime": 1568839243.951, - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "State": "ACTIVE", - "Name": "myExampleLedger", - "DeletionProtection": true, - "PermissionsMode": "STANDARD", - "EncryptionDescription": { - "KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", - "EncryptionStatus": "ENABLED" - } - } - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/qldb/export-journal-to-s3.rst 2.31.35-1/awscli/examples/qldb/export-journal-to-s3.rst --- 2.23.6-1/awscli/examples/qldb/export-journal-to-s3.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/export-journal-to-s3.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -**To export journal blocks to S3** - -The following ``export-journal-to-s3`` example creates an export job for journal blocks within a specified date and time range from a ledger with the name ``myExampleLedger``. The export job writes the blocks into a specified Amazon S3 bucket. :: - - aws qldb export-journal-to-s3 \ - --name myExampleLedger \ - --inclusive-start-time 2019-09-18T00:00:00Z \ - --exclusive-end-time 2019-09-18T22:59:59Z \ - --role-arn arn:aws:iam::123456789012:role/my-s3-export-role \ - --s3-export-configuration file://my-s3-export-config.json - -Contents of ``my-s3-export-config.json``:: - - { - "Bucket": "amzn-s3-demo-bucket", - "Prefix": "ledgerexport1/", - "EncryptionConfiguration": { - "ObjectEncryptionType": "SSE_S3" - } - } - -Output:: - - { - "ExportId": "ADR2ONPKN5LINYGb4dp7yZ" - } - -For more information, see `Exporting Your Journal in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/get-block.rst 2.31.35-1/awscli/examples/qldb/get-block.rst --- 2.23.6-1/awscli/examples/qldb/get-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/get-block.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ -**Example 1: To get a journal block and proof for verification using input files** - -The following ``get-block`` example requests a block data object and a proof from the specified ledger. The request is for a specified digest tip address and block address. :: - - aws qldb get-block \ - --name vehicle-registration \ - --block-address file://myblockaddress.json \ - --digest-tip-address file://mydigesttipaddress.json - -Contents of ``myblockaddress.json``:: - - { - "IonText": "{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100}" - } - -Contents of ``mydigesttipaddress.json``:: - - { - "IonText": "{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:123}" - } - -Output:: - - { - "Block": { - "IonText": "{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},transactionId:\"FnQeJBAicTX0Ah32ZnVtSX\",blockTimestamp:2019-09-16T19:37:05.360Z,blockHash:{{NoChM92yKRuJAb/jeLd1VnYn4DHiWIf071ACfic9uHc=}},entriesHash:{{l05LOsiKV14SDbuaYnH7uwXzUvqzIwUiRLXGbTyj/nY=}},previousBlockHash:{{7kewBXhpdbClcZKxhVmpoMHpUGOJtWQD0iY2LPfZkYA=}},entriesHashList:[{{eRSwnmAM7WWANWDd5iGOyK+T4tDXyzUq6HZ/0fgLHos=}},{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},{{y5cCBr7pOAIUfsVQ1j0TqtE97b4b4oo1R0vnYyE5wWM=}},{{TvTXygML1bMe6NvEZtGkX+KR+W/EJl4qD1mmV77KZQg=}}],transactionInfo:{statements:[{statement:\"FROM VehicleRegistration AS r \\nWHERE r.VIN = '1N4AL11D75C109151'\\nINSERT INTO r.Owners.SecondaryOwners\\n VALUE { 'PersonId' : 'CMVdR77XP8zAglmmFDGTvt' }\",startTime:2019-09-16T19:37:05.302Z,statementDigest:{{jcgPX2vsOJ0waum4qmDYtn1pCAT9xKNIzA+2k4R+mxA=}}}],documents:{JUJgkIcNbhS2goq8RqLuZ4:{tableName:\"VehicleRegistration\",tableId:\"BFJKdXgzt9oF4wjMbuxy4G\",statements:[0]}}},revisions:[{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},hash:{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},data:{VIN:\"1N4AL11D75C109151\",LicensePlateNumber:\"LEWISR261LL\",State:\"WA\",PendingPenaltyTicketAmount:90.25,ValidFromDate:2017-08-21,ValidToDate:2020-05-11,Owners:{PrimaryOwner:{PersonId:\"BFJKdXhnLRT27sXBnojNGW\"},SecondaryOwners:[{PersonId:\"CMVdR77XP8zAglmmFDGTvt\"}]},City:\"Everett\"},metadata:{id:\"JUJgkIcNbhS2goq8RqLuZ4\",version:3,txTime:2019-09-16T19:37:05.344Z,txId:\"FnQeJBAicTX0Ah32ZnVtSX\"}}]}" - }, - "Proof": { - "IonText": "[{{l3+EXs69K1+rehlqyWLkt+oHDlw4Zi9pCLW/t/mgTPM=}},{{48CXG3ehPqsxCYd34EEa8Fso0ORpWWAO8010RJKf3Do=}},{{9UnwnKSQT0i3ge1JMVa+tMIqCEDaOPTkWxmyHSn8UPQ=}},{{3nW6Vryghk+7pd6wFCtLufgPM6qXHyTNeCb1sCwcDaI=}},{{Irb5fNhBrNEQ1VPhzlnGT/ZQPadSmgfdtMYcwkNOxoI=}},{{+3CWpYG/ytf/vq9GidpzSx6JJiLXt1hMQWNnqOy3jfY=}},{{NPx6cRhwsiy5m9UEWS5JTJrZoUdO2jBOAAOmyZAT+qE=}}]" - } - } - -For more information, see `Data Verification in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. - -**Example 2: To get a journal block and proof for verification using shorthand syntax** - -The following ``get-block`` example requests a block data object and a proof from the specified ledger using shorthand syntax. The request is for a specified digest tip address and block address. :: - - aws qldb get-block \ - --name vehicle-registration \ - --block-address 'IonText="{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100}"' \ - --digest-tip-address 'IonText="{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:123}"' - -Output:: - - { - "Block": { - "IonText": "{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},transactionId:\"FnQeJBAicTX0Ah32ZnVtSX\",blockTimestamp:2019-09-16T19:37:05.360Z,blockHash:{{NoChM92yKRuJAb/jeLd1VnYn4DHiWIf071ACfic9uHc=}},entriesHash:{{l05LOsiKV14SDbuaYnH7uwXzUvqzIwUiRLXGbTyj/nY=}},previousBlockHash:{{7kewBXhpdbClcZKxhVmpoMHpUGOJtWQD0iY2LPfZkYA=}},entriesHashList:[{{eRSwnmAM7WWANWDd5iGOyK+T4tDXyzUq6HZ/0fgLHos=}},{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},{{y5cCBr7pOAIUfsVQ1j0TqtE97b4b4oo1R0vnYyE5wWM=}},{{TvTXygML1bMe6NvEZtGkX+KR+W/EJl4qD1mmV77KZQg=}}],transactionInfo:{statements:[{statement:\"FROM VehicleRegistration AS r \\nWHERE r.VIN = '1N4AL11D75C109151'\\nINSERT INTO r.Owners.SecondaryOwners\\n VALUE { 'PersonId' : 'CMVdR77XP8zAglmmFDGTvt' }\",startTime:2019-09-16T19:37:05.302Z,statementDigest:{{jcgPX2vsOJ0waum4qmDYtn1pCAT9xKNIzA+2k4R+mxA=}}}],documents:{JUJgkIcNbhS2goq8RqLuZ4:{tableName:\"VehicleRegistration\",tableId:\"BFJKdXgzt9oF4wjMbuxy4G\",statements:[0]}}},revisions:[{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},hash:{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},data:{VIN:\"1N4AL11D75C109151\",LicensePlateNumber:\"LEWISR261LL\",State:\"WA\",PendingPenaltyTicketAmount:90.25,ValidFromDate:2017-08-21,ValidToDate:2020-05-11,Owners:{PrimaryOwner:{PersonId:\"BFJKdXhnLRT27sXBnojNGW\"},SecondaryOwners:[{PersonId:\"CMVdR77XP8zAglmmFDGTvt\"}]},City:\"Everett\"},metadata:{id:\"JUJgkIcNbhS2goq8RqLuZ4\",version:3,txTime:2019-09-16T19:37:05.344Z,txId:\"FnQeJBAicTX0Ah32ZnVtSX\"}}]}" - }, - "Proof": { - "IonText": "[{{l3+EXs69K1+rehlqyWLkt+oHDlw4Zi9pCLW/t/mgTPM=}},{{48CXG3ehPqsxCYd34EEa8Fso0ORpWWAO8010RJKf3Do=}},{{9UnwnKSQT0i3ge1JMVa+tMIqCEDaOPTkWxmyHSn8UPQ=}},{{3nW6Vryghk+7pd6wFCtLufgPM6qXHyTNeCb1sCwcDaI=}},{{Irb5fNhBrNEQ1VPhzlnGT/ZQPadSmgfdtMYcwkNOxoI=}},{{+3CWpYG/ytf/vq9GidpzSx6JJiLXt1hMQWNnqOy3jfY=}},{{NPx6cRhwsiy5m9UEWS5JTJrZoUdO2jBOAAOmyZAT+qE=}}]" - } - } - -For more information, see `Data Verification in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/get-digest.rst 2.31.35-1/awscli/examples/qldb/get-digest.rst --- 2.23.6-1/awscli/examples/qldb/get-digest.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/get-digest.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To get a digest for a ledger** - -The following ``get-digest`` example requests a digest from the specified ledger at the latest committed block in the journal. :: - - aws qldb get-digest \ - --name vehicle-registration - -Output:: - - { - "Digest": "6m6BMXobbJKpMhahwVthAEsN6awgnHK62Qq5McGP1Gk=", - "DigestTipAddress": { - "IonText": "{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:123}" - } - } - -For more information, see `Data Verification in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/get-revision.rst 2.31.35-1/awscli/examples/qldb/get-revision.rst --- 2.23.6-1/awscli/examples/qldb/get-revision.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/get-revision.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -**Example 1: To get a document revision and proof for verification using input files** - -The following ``get-revision`` example requests a revision data object and a proof from the specified ledger. The request is for a specified digest tip address, document ID, and block address of the revision. :: - - aws qldb get-revision \ - --name vehicle-registration \ - --block-address file://myblockaddress.json \ - --document-id JUJgkIcNbhS2goq8RqLuZ4 \ - --digest-tip-address file://mydigesttipaddress.json - -Contents of ``myblockaddress.json``:: - - { - "IonText": "{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100}" - } - -Contents of ``mydigesttipaddress.json``:: - - { - "IonText": "{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:123}" - } - -Output:: - - { - "Revision": { - "IonText": "{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},hash:{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},data:{VIN:\"1N4AL11D75C109151\",LicensePlateNumber:\"LEWISR261LL\",State:\"WA\",PendingPenaltyTicketAmount:90.25,ValidFromDate:2017-08-21,ValidToDate:2020-05-11,Owners:{PrimaryOwner:{PersonId:\"BFJKdXhnLRT27sXBnojNGW\"},SecondaryOwners:[{PersonId:\"CMVdR77XP8zAglmmFDGTvt\"}]},City:\"Everett\"},metadata:{id:\"JUJgkIcNbhS2goq8RqLuZ4\",version:3,txTime:2019-09-16T19:37:05.344Z,txId:\"FnQeJBAicTX0Ah32ZnVtSX\"}}" - }, - "Proof": { - "IonText": "[{{eRSwnmAM7WWANWDd5iGOyK+T4tDXyzUq6HZ/0fgLHos=}},{{VV1rdaNuf+yJZVGlmsM6gr2T52QvBO8Lg+KgpjcnWAU=}},{{7kewBXhpdbClcZKxhVmpoMHpUGOJtWQD0iY2LPfZkYA=}},{{l3+EXs69K1+rehlqyWLkt+oHDlw4Zi9pCLW/t/mgTPM=}},{{48CXG3ehPqsxCYd34EEa8Fso0ORpWWAO8010RJKf3Do=}},{{9UnwnKSQT0i3ge1JMVa+tMIqCEDaOPTkWxmyHSn8UPQ=}},{{3nW6Vryghk+7pd6wFCtLufgPM6qXHyTNeCb1sCwcDaI=}},{{Irb5fNhBrNEQ1VPhzlnGT/ZQPadSmgfdtMYcwkNOxoI=}},{{+3CWpYG/ytf/vq9GidpzSx6JJiLXt1hMQWNnqOy3jfY=}},{{NPx6cRhwsiy5m9UEWS5JTJrZoUdO2jBOAAOmyZAT+qE=}}]" - } - } - -For more information, see `Data Verification in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. - -**Example 2: To get a document revision and proof for verification using shorthand syntax** - -The following ``get-revision`` example requests a revision data object and a proof from the specified ledger using shorthand syntax. The request is for a specified digest tip address, document ID, and block address of the revision. :: - - aws qldb get-revision \ - --name vehicle-registration \ - --block-address 'IonText="{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100}"' \ - --document-id JUJgkIcNbhS2goq8RqLuZ4 \ - --digest-tip-address 'IonText="{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:123}"' - -Output:: - - { - "Revision": { - "IonText": "{blockAddress:{strandId:\"KmA3ZZca7vAIiJAK9S5Iwl\",sequenceNo:100},hash:{{mHVex/yjHAWjFPpwhBuH2GKXmKJjK2FBa9faqoUVNtg=}},data:{VIN:\"1N4AL11D75C109151\",LicensePlateNumber:\"LEWISR261LL\",State:\"WA\",PendingPenaltyTicketAmount:90.25,ValidFromDate:2017-08-21,ValidToDate:2020-05-11,Owners:{PrimaryOwner:{PersonId:\"BFJKdXhnLRT27sXBnojNGW\"},SecondaryOwners:[{PersonId:\"CMVdR77XP8zAglmmFDGTvt\"}]},City:\"Everett\"},metadata:{id:\"JUJgkIcNbhS2goq8RqLuZ4\",version:3,txTime:2019-09-16T19:37:05.344Z,txId:\"FnQeJBAicTX0Ah32ZnVtSX\"}}" - }, - "Proof": { - "IonText": "[{{eRSwnmAM7WWANWDd5iGOyK+T4tDXyzUq6HZ/0fgLHos=}},{{VV1rdaNuf+yJZVGlmsM6gr2T52QvBO8Lg+KgpjcnWAU=}},{{7kewBXhpdbClcZKxhVmpoMHpUGOJtWQD0iY2LPfZkYA=}},{{l3+EXs69K1+rehlqyWLkt+oHDlw4Zi9pCLW/t/mgTPM=}},{{48CXG3ehPqsxCYd34EEa8Fso0ORpWWAO8010RJKf3Do=}},{{9UnwnKSQT0i3ge1JMVa+tMIqCEDaOPTkWxmyHSn8UPQ=}},{{3nW6Vryghk+7pd6wFCtLufgPM6qXHyTNeCb1sCwcDaI=}},{{Irb5fNhBrNEQ1VPhzlnGT/ZQPadSmgfdtMYcwkNOxoI=}},{{+3CWpYG/ytf/vq9GidpzSx6JJiLXt1hMQWNnqOy3jfY=}},{{NPx6cRhwsiy5m9UEWS5JTJrZoUdO2jBOAAOmyZAT+qE=}}]" - } - } - -For more information, see `Data Verification in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/list-journal-kinesis-streams-for-ledger.rst 2.31.35-1/awscli/examples/qldb/list-journal-kinesis-streams-for-ledger.rst --- 2.23.6-1/awscli/examples/qldb/list-journal-kinesis-streams-for-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/list-journal-kinesis-streams-for-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -**To list journal streams for a ledger** - -The following ``list-journal-kinesis-streams-for-ledger`` example lists journal streams for the specified ledger. :: - - aws qldb list-journal-kinesis-streams-for-ledger \ - --ledger-name myExampleLedger - -Output:: - - { - "Streams": [ - { - "LedgerName": "myExampleLedger", - "CreationTime": 1591221984.677, - "InclusiveStartTime": 1590710400.0, - "ExclusiveEndTime": 1590796799.0, - "RoleArn": "arn:aws:iam::123456789012:role/my-kinesis-stream-role", - "StreamId": "7ISCkqwe4y25YyHLzYUFAf", - "Arn": "arn:aws:qldb:us-east-1:123456789012:stream/myExampleLedger/7ISCkqwe4y25YyHLzYUFAf", - "Status": "ACTIVE", - "KinesisConfiguration": { - "StreamArn": "arn:aws:kinesis:us-east-1:123456789012:stream/stream-for-qldb", - "AggregationEnabled": true - }, - "StreamName": "myExampleLedger-stream" - } - ] - } - -For more information, see `Streaming journal data from Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/list-journal-s3-exports-for-ledger.rst 2.31.35-1/awscli/examples/qldb/list-journal-s3-exports-for-ledger.rst --- 2.23.6-1/awscli/examples/qldb/list-journal-s3-exports-for-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/list-journal-s3-exports-for-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -**To list journal export jobs for a ledger** - -The following ``list-journal-s3-exports-for-ledger`` example lists journal export jobs for the specified ledger. :: - - aws qldb list-journal-s3-exports-for-ledger \ - --name myExampleLedger - -Output:: - - { - "JournalS3Exports": [ - { - "LedgerName": "myExampleLedger", - "ExclusiveEndTime": 1568847599.0, - "ExportCreationTime": 1568847801.418, - "S3ExportConfiguration": { - "Bucket": "amzn-s3-demo-bucket", - "Prefix": "ledgerexport1/", - "EncryptionConfiguration": { - "ObjectEncryptionType": "SSE_S3" - } - }, - "ExportId": "ADR2ONPKN5LINYGb4dp7yZ", - "RoleArn": "arn:aws:iam::123456789012:role/qldb-s3-export", - "InclusiveStartTime": 1568764800.0, - "Status": "IN_PROGRESS" - } - ] - } - -For more information, see `Exporting Your Journal in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/qldb/list-journal-s3-exports.rst 2.31.35-1/awscli/examples/qldb/list-journal-s3-exports.rst --- 2.23.6-1/awscli/examples/qldb/list-journal-s3-exports.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/list-journal-s3-exports.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -**To list journal export jobs** - -The following ``list-journal-s3-exports`` example lists journal export jobs for all ledgers that are associated with the current AWS account and Region. :: - - aws qldb list-journal-s3-exports - -Output:: - - { - "JournalS3Exports": [ - { - "Status": "IN_PROGRESS", - "LedgerName": "myExampleLedger", - "S3ExportConfiguration": { - "EncryptionConfiguration": { - "ObjectEncryptionType": "SSE_S3" - }, - "Bucket": "amzn-s3-demo-bucket", - "Prefix": "ledgerexport1/" - }, - "RoleArn": "arn:aws:iam::123456789012:role/my-s3-export-role", - "ExportCreationTime": 1568847801.418, - "ExportId": "ADR2ONPKN5LINYGb4dp7yZ", - "InclusiveStartTime": 1568764800.0, - "ExclusiveEndTime": 1568847599.0 - }, - { - "Status": "COMPLETED", - "LedgerName": "myExampleLedger2", - "S3ExportConfiguration": { - "EncryptionConfiguration": { - "ObjectEncryptionType": "SSE_S3" - }, - "Bucket": "amzn-s3-demo-bucket", - "Prefix": "ledgerexport1/" - }, - "RoleArn": "arn:aws:iam::123456789012:role/my-s3-export-role", - "ExportCreationTime": 1568846847.638, - "ExportId": "2pdvW8UQrjBAiYTMehEJDI", - "InclusiveStartTime": 1568592000.0, - "ExclusiveEndTime": 1568764800.0 - } - ] - } - -For more information, see `Exporting Your Journal in Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/list-ledgers.rst 2.31.35-1/awscli/examples/qldb/list-ledgers.rst --- 2.23.6-1/awscli/examples/qldb/list-ledgers.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/list-ledgers.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -**To list your available ledgers** - -The following ``list-ledgers`` example lists all ledgers that are associated with the current AWS account and Region. :: - - aws qldb list-ledgers - -Output:: - - { - "Ledgers": [ - { - "State": "ACTIVE", - "CreationDateTime": 1568839243.951, - "Name": "myExampleLedger" - }, - { - "State": "ACTIVE", - "CreationDateTime": 1568839543.557, - "Name": "myExampleLedger2" - } - ] - } - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/list-tags-for-resource.rst 2.31.35-1/awscli/examples/qldb/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/qldb/list-tags-for-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -**To list the tags attached to a ledger** - -The following ``list-tags-for-resource`` example lists all tags attached to the specified ledger. :: - - aws qldb list-tags-for-resource \ - --resource-arn arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger - -Output:: - - { - "Tags": { - "IsTest": "true", - "Domain": "Test" - } - } - -For more information, see `Tagging Amazon QLDB Resources `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/stream-journal-to-kinesis.rst 2.31.35-1/awscli/examples/qldb/stream-journal-to-kinesis.rst --- 2.23.6-1/awscli/examples/qldb/stream-journal-to-kinesis.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/stream-journal-to-kinesis.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -**Example 1: To stream journal data to Kinesis Data Streams using input files** - -The following ``stream-journal-to-kinesis`` example creates a stream of journal data within a specified date and time range from a ledger with the name ``myExampleLedger``. The stream sends the data to a specified Amazon Kinesis data stream. :: - - aws qldb stream-journal-to-kinesis \ - --ledger-name myExampleLedger \ - --inclusive-start-time 2020-05-29T00:00:00Z \ - --exclusive-end-time 2020-05-29T23:59:59Z \ - --role-arn arn:aws:iam::123456789012:role/my-kinesis-stream-role \ - --kinesis-configuration file://my-kinesis-config.json \ - --stream-name myExampleLedger-stream - -Contents of ``my-kinesis-config.json``:: - - { - "StreamArn": "arn:aws:kinesis:us-east-1:123456789012:stream/stream-for-qldb", - "AggregationEnabled": true - } - -Output:: - - { - "StreamId": "7ISCkqwe4y25YyHLzYUFAf" - } - -For more information, see `Streaming journal data from Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. - -**Example 2: To stream journal data to Kinesis Data Streams using shorthand syntax** - -The following ``stream-journal-to-kinesis`` example creates a stream of journal data within a specified date and time range from a ledger with the name ``myExampleLedger``. The stream sends the data to a specified Amazon Kinesis data stream. :: - - aws qldb stream-journal-to-kinesis \ - --ledger-name myExampleLedger \ - --inclusive-start-time 2020-05-29T00:00:00Z \ - --exclusive-end-time 2020-05-29T23:59:59Z \ - --role-arn arn:aws:iam::123456789012:role/my-kinesis-stream-role \ - --stream-name myExampleLedger-stream \ - --kinesis-configuration StreamArn=arn:aws:kinesis:us-east-1:123456789012:stream/stream-for-qldb,AggregationEnabled=true - -Output:: - - { - "StreamId": "7ISCkqwe4y25YyHLzYUFAf" - } - -For more information, see `Streaming journal data from Amazon QLDB `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/tag-resource.rst 2.31.35-1/awscli/examples/qldb/tag-resource.rst --- 2.23.6-1/awscli/examples/qldb/tag-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -**To tag a ledger** - -The following ``tag-resource`` example adds a set of tags to a specified ledger. :: - - aws qldb tag-resource \ - --resource-arn arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger \ - --tags IsTest=true,Domain=Test - -This command produces no output. - -For more information, see `Tagging Amazon QLDB Resources `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/untag-resource.rst 2.31.35-1/awscli/examples/qldb/untag-resource.rst --- 2.23.6-1/awscli/examples/qldb/untag-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -**To remove tags from a resource** - -The following ``untag-resource`` example removes tags with the specified tag keys from a specified ledger. :: - - aws qldb untag-resource \ - --resource-arn arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger \ - --tag-keys IsTest Domain - -This command produces no output. - -For more information, see `Tagging Amazon QLDB Resources `__ in the *Amazon QLDB Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/qldb/update-ledger-permissions-mode.rst 2.31.35-1/awscli/examples/qldb/update-ledger-permissions-mode.rst --- 2.23.6-1/awscli/examples/qldb/update-ledger-permissions-mode.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/update-ledger-permissions-mode.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -**Example 1: To update the permissions mode of a ledger to STANDARD** - -The following ``update-ledger-permissions-mode`` example assigns the ``STANDARD`` permissions mode to the specified ledger. :: - - aws qldb update-ledger-permissions-mode \ - --name myExampleLedger \ - --permissions-mode STANDARD - -Output:: - - { - "Name": "myExampleLedger", - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "PermissionsMode": "STANDARD" - } - -**Example 2: To update the permissions mode of a ledger to ALLOW_ALL** - -The following ``update-ledger-permissions-mode`` example assigns the ``ALLOW_ALL`` permissions mode to the specified ledger. :: - - aws qldb update-ledger-permissions-mode \ - --name myExampleLedger \ - --permissions-mode ALLOW_ALL - -Output:: - - { - "Name": "myExampleLedger", - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "PermissionsMode": "ALLOW_ALL" - } - - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/qldb/update-ledger.rst 2.31.35-1/awscli/examples/qldb/update-ledger.rst --- 2.23.6-1/awscli/examples/qldb/update-ledger.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/qldb/update-ledger.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -**Example 1: To update the deletion protection property of a ledger** - -The following ``update-ledger`` example updates the specified ledger to disable the deletion protection feature. :: - - aws qldb update-ledger \ - --name myExampleLedger \ - --no-deletion-protection - -Output:: - - { - "CreationDateTime": 1568839243.951, - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "DeletionProtection": false, - "Name": "myExampleLedger", - "State": "ACTIVE" - } - -**Example 2: To update the AWS KMS key of a ledger to a customer managed key** - -The following ``update-ledger`` example updates the specified ledger to use a customer managed KMS key for encryption at rest. :: - - aws qldb update-ledger \ - --name myExampleLedger \ - --kms-key arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 - -Output:: - - { - "CreationDateTime": 1568839243.951, - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "DeletionProtection": false, - "Name": "myExampleLedger", - "State": "ACTIVE", - "EncryptionDescription": { - "KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", - "EncryptionStatus": "UPDATING" - } - } - -**Example 3: To update the AWS KMS key of a ledger to an AWS owned key** - -The following ``update-ledger`` example updates the specified ledger to use an AWS owned KMS key for encryption at rest. :: - - aws qldb update-ledger \ - --name myExampleLedger \ - --kms-key AWS_OWNED_KMS_KEY - -Output:: - - { - "CreationDateTime": 1568839243.951, - "Arn": "arn:aws:qldb:us-west-2:123456789012:ledger/myExampleLedger", - "DeletionProtection": false, - "Name": "myExampleLedger", - "State": "ACTIVE", - "EncryptionDescription": { - "KmsKeyArn": "AWS_OWNED_KMS_KEY", - "EncryptionStatus": "UPDATING" - } - } - -For more information, see `Basic Operations for Amazon QLDB Ledgers `__ in the *Amazon QLDB Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/rds/cancel-export-task.rst 2.31.35-1/awscli/examples/rds/cancel-export-task.rst --- 2.23.6-1/awscli/examples/rds/cancel-export-task.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/rds/cancel-export-task.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,23 +1,23 @@ -**To cancel a snapshot export to Amazon S3** - -The following ``cancel-export-task`` example cancels an export task in progress that is exporting a snapshot to Amazon S3. :: - - aws rds cancel-export-task \ - --export-task-identifier my-s3-export-1 - -Output:: - - { - "ExportTaskIdentifier": "my-s3-export-1", - "SourceArn": "arn:aws:rds:us-east-1:123456789012:snapshot:publisher-final-snapshot", - "SnapshotTime": "2019-03-24T20:01:09.815Z", - "S3Bucket": "mybucket", - "S3Prefix": "", - "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/export-snap-S3-role", - "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd0000-7bfd-4594-af38-aabbccddeeff", - "Status": "CANCELING", - "PercentProgress": 0, - "TotalExtractedDataInGB": 0 - } - +**To cancel a snapshot export to Amazon S3** + +The following ``cancel-export-task`` example cancels an export task in progress that is exporting a snapshot to Amazon S3. :: + + aws rds cancel-export-task \ + --export-task-identifier my-s3-export-1 + +Output:: + + { + "ExportTaskIdentifier": "my-s3-export-1", + "SourceArn": "arn:aws:rds:us-east-1:123456789012:snapshot:publisher-final-snapshot", + "SnapshotTime": "2019-03-24T20:01:09.815Z", + "S3Bucket": "amzn-s3-demo-bucket", + "S3Prefix": "", + "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/export-snap-S3-role", + "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd0000-7bfd-4594-af38-aabbccddeeff", + "Status": "CANCELING", + "PercentProgress": 0, + "TotalExtractedDataInGB": 0 + } + For more information, see `Canceling a snapshot export task `__ in the *Amazon RDS User Guide* or `Canceling a snapshot export task `__ in the *Amazon Aurora User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/rds/describe-export-tasks.rst 2.31.35-1/awscli/examples/rds/describe-export-tasks.rst --- 2.23.6-1/awscli/examples/rds/describe-export-tasks.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/rds/describe-export-tasks.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,40 +1,40 @@ -**To describe snapshot export tasks** - -The following ``describe-export-tasks`` example returns information about snapshot exports to Amazon S3. :: - - aws rds describe-export-tasks - -Output:: - - { - "ExportTasks": [ - { - "ExportTaskIdentifier": "test-snapshot-export", - "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:test-snapshot", - "SnapshotTime": "2020-03-02T18:26:28.163Z", - "TaskStartTime": "2020-03-02T18:57:56.896Z", - "TaskEndTime": "2020-03-02T19:10:31.985Z", - "S3Bucket": "mybucket", - "S3Prefix": "", - "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", - "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", - "Status": "COMPLETE", - "PercentProgress": 100, - "TotalExtractedDataInGB": 0 - }, - { - "ExportTaskIdentifier": "my-s3-export", - "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test", - "SnapshotTime": "2020-03-27T20:48:42.023Z", - "S3Bucket": "mybucket", - "S3Prefix": "", - "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", - "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", - "Status": "STARTING", - "PercentProgress": 0, - "TotalExtractedDataInGB": 0 - } - ] - } - -For more information, see `Monitoring Snapshot Exports `__ in the *Amazon RDS User Guide*. +**To describe snapshot export tasks** + +The following ``describe-export-tasks`` example returns information about snapshot exports to Amazon S3. :: + + aws rds describe-export-tasks + +Output:: + + { + "ExportTasks": [ + { + "ExportTaskIdentifier": "test-snapshot-export", + "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:test-snapshot", + "SnapshotTime": "2020-03-02T18:26:28.163Z", + "TaskStartTime": "2020-03-02T18:57:56.896Z", + "TaskEndTime": "2020-03-02T19:10:31.985Z", + "S3Bucket": "amzn-s3-demo-bucket", + "S3Prefix": "", + "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", + "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", + "Status": "COMPLETE", + "PercentProgress": 100, + "TotalExtractedDataInGB": 0 + }, + { + "ExportTaskIdentifier": "my-s3-export", + "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test", + "SnapshotTime": "2020-03-27T20:48:42.023Z", + "S3Bucket": "amzn-s3-demo-bucket", + "S3Prefix": "", + "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", + "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", + "Status": "STARTING", + "PercentProgress": 0, + "TotalExtractedDataInGB": 0 + } + ] + } + +For more information, see `Monitoring Snapshot Exports `__ in the *Amazon RDS User Guide*. diff -pruN 2.23.6-1/awscli/examples/rds/restore-db-cluster-from-s3.rst 2.31.35-1/awscli/examples/rds/restore-db-cluster-from-s3.rst --- 2.23.6-1/awscli/examples/rds/restore-db-cluster-from-s3.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/rds/restore-db-cluster-from-s3.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,64 +1,64 @@ -**To restore an Amazon Aurora DB cluster from Amazon S3** - -The following ``restore-db-cluster-from-s3`` example restores an Amazon Aurora MySQL version 5.7-compatible DB cluster from a MySQL 5.7 DB backup file in Amazon S3. :: - - aws rds restore-db-cluster-from-s3 \ - --db-cluster-identifier cluster-s3-restore \ - --engine aurora-mysql \ - --master-username admin \ - --master-user-password mypassword \ - --s3-bucket-name mybucket \ - --s3-prefix test-backup \ - --s3-ingestion-role-arn arn:aws:iam::123456789012:role/service-role/TestBackup \ - --source-engine mysql \ - --source-engine-version 5.7.28 - -Output:: - - { - "DBCluster": { - "AllocatedStorage": 1, - "AvailabilityZones": [ - "us-west-2c", - "us-west-2a", - "us-west-2b" - ], - "BackupRetentionPeriod": 1, - "DBClusterIdentifier": "cluster-s3-restore", - "DBClusterParameterGroup": "default.aurora-mysql5.7", - "DBSubnetGroup": "default", - "Status": "creating", - "Endpoint": "cluster-s3-restore.cluster-co3xyzabc123.us-west-2.rds.amazonaws.com", - "ReaderEndpoint": "cluster-s3-restore.cluster-ro-co3xyzabc123.us-west-2.rds.amazonaws.com", - "MultiAZ": false, - "Engine": "aurora-mysql", - "EngineVersion": "5.7.12", - "Port": 3306, - "MasterUsername": "admin", - "PreferredBackupWindow": "11:15-11:45", - "PreferredMaintenanceWindow": "thu:12:19-thu:12:49", - "ReadReplicaIdentifiers": [], - "DBClusterMembers": [], - "VpcSecurityGroups": [ - { - "VpcSecurityGroupId": "sg-########", - "Status": "active" - } - ], - "HostedZoneId": "Z1PVIF0EXAMPLE", - "StorageEncrypted": false, - "DbClusterResourceId": "cluster-SU5THYQQHOWCXZZDGXREXAMPLE", - "DBClusterArn": "arn:aws:rds:us-west-2:123456789012:cluster:cluster-s3-restore", - "AssociatedRoles": [], - "IAMDatabaseAuthenticationEnabled": false, - "ClusterCreateTime": "2020-07-27T14:22:08.095Z", - "EngineMode": "provisioned", - "DeletionProtection": false, - "HttpEndpointEnabled": false, - "CopyTagsToSnapshot": false, - "CrossAccountClone": false, - "DomainMemberships": [] - } - } - -For more information, see `Migrating Data from MySQL by Using an Amazon S3 Bucket `__ in the *Amazon Aurora User Guide*. +**To restore an Amazon Aurora DB cluster from Amazon S3** + +The following ``restore-db-cluster-from-s3`` example restores an Amazon Aurora MySQL version 5.7-compatible DB cluster from a MySQL 5.7 DB backup file in Amazon S3. :: + + aws rds restore-db-cluster-from-s3 \ + --db-cluster-identifier cluster-s3-restore \ + --engine aurora-mysql \ + --master-username admin \ + --master-user-password mypassword \ + --s3-bucket-name amzn-s3-demo-bucket \ + --s3-prefix test-backup \ + --s3-ingestion-role-arn arn:aws:iam::123456789012:role/service-role/TestBackup \ + --source-engine mysql \ + --source-engine-version 5.7.28 + +Output:: + + { + "DBCluster": { + "AllocatedStorage": 1, + "AvailabilityZones": [ + "us-west-2c", + "us-west-2a", + "us-west-2b" + ], + "BackupRetentionPeriod": 1, + "DBClusterIdentifier": "cluster-s3-restore", + "DBClusterParameterGroup": "default.aurora-mysql5.7", + "DBSubnetGroup": "default", + "Status": "creating", + "Endpoint": "cluster-s3-restore.cluster-co3xyzabc123.us-west-2.rds.amazonaws.com", + "ReaderEndpoint": "cluster-s3-restore.cluster-ro-co3xyzabc123.us-west-2.rds.amazonaws.com", + "MultiAZ": false, + "Engine": "aurora-mysql", + "EngineVersion": "5.7.12", + "Port": 3306, + "MasterUsername": "admin", + "PreferredBackupWindow": "11:15-11:45", + "PreferredMaintenanceWindow": "thu:12:19-thu:12:49", + "ReadReplicaIdentifiers": [], + "DBClusterMembers": [], + "VpcSecurityGroups": [ + { + "VpcSecurityGroupId": "sg-########", + "Status": "active" + } + ], + "HostedZoneId": "Z1PVIF0EXAMPLE", + "StorageEncrypted": false, + "DbClusterResourceId": "cluster-SU5THYQQHOWCXZZDGXREXAMPLE", + "DBClusterArn": "arn:aws:rds:us-west-2:123456789012:cluster:cluster-s3-restore", + "AssociatedRoles": [], + "IAMDatabaseAuthenticationEnabled": false, + "ClusterCreateTime": "2020-07-27T14:22:08.095Z", + "EngineMode": "provisioned", + "DeletionProtection": false, + "HttpEndpointEnabled": false, + "CopyTagsToSnapshot": false, + "CrossAccountClone": false, + "DomainMemberships": [] + } + } + +For more information, see `Migrating Data from MySQL by Using an Amazon S3 Bucket `__ in the *Amazon Aurora User Guide*. diff -pruN 2.23.6-1/awscli/examples/rds/start-export-task.rst 2.31.35-1/awscli/examples/rds/start-export-task.rst --- 2.23.6-1/awscli/examples/rds/start-export-task.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/rds/start-export-task.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,26 +1,26 @@ -**To export a snapshot to Amazon S3** - -The following ``start-export-task`` example exports a DB snapshot named ``db5-snapshot-test`` to the Amazon S3 bucket named ``mybucket``. :: - - aws rds start-export-task \ - --export-task-identifier my-s3-export \ - --source-arn arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test \ - --s3-bucket-name mybucket \ - --iam-role-arn arn:aws:iam::123456789012:role/service-role/ExportRole \ - --kms-key-id arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff - -Output:: - - { - "ExportTaskIdentifier": "my-s3-export", - "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test", - "SnapshotTime": "2020-03-27T20:48:42.023Z", - "S3Bucket": "mybucket", - "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", - "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", - "Status": "STARTING", - "PercentProgress": 0, - "TotalExtractedDataInGB": 0 - } - -For more information, see `Exporting a Snapshot to an Amazon S3 Bucket `__ in the *Amazon RDS User Guide*. +**To export a snapshot to Amazon S3** + +The following ``start-export-task`` example exports a DB snapshot named ``db5-snapshot-test`` to the Amazon S3 bucket named ``amzn-s3-demo-bucket``. :: + + aws rds start-export-task \ + --export-task-identifier my-s3-export \ + --source-arn arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test \ + --s3-bucket-name amzn-s3-demo-bucket \ + --iam-role-arn arn:aws:iam::123456789012:role/service-role/ExportRole \ + --kms-key-id arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff + +Output:: + + { + "ExportTaskIdentifier": "my-s3-export", + "SourceArn": "arn:aws:rds:us-west-2:123456789012:snapshot:db5-snapshot-test", + "SnapshotTime": "2020-03-27T20:48:42.023Z", + "S3Bucket": "amzn-s3-demo-bucket", + "IamRoleArn": "arn:aws:iam::123456789012:role/service-role/ExportRole", + "KmsKeyId": "arn:aws:kms:us-west-2:123456789012:key/abcd0000-7fca-4128-82f2-aabbccddeeff", + "Status": "STARTING", + "PercentProgress": 0, + "TotalExtractedDataInGB": 0 + } + +For more information, see `Exporting a Snapshot to an Amazon S3 Bucket `__ in the *Amazon RDS User Guide*. diff -pruN 2.23.6-1/awscli/examples/robomaker/batch-describe-simulation-job.rst 2.31.35-1/awscli/examples/robomaker/batch-describe-simulation-job.rst --- 2.23.6-1/awscli/examples/robomaker/batch-describe-simulation-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/batch-describe-simulation-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,150 +0,0 @@ -**To batch describe simulation jobs** - -The following ``batch-describe-simulation-job`` example retrieves details for the three specified simulation jobs. - -Command:: - - aws robomaker batch-describe-simulation-job \ - --job arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-66bbb3gpxm8x arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-p0cpdrrwng2n arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-g8h6tglmblgw - -Output:: - - { - "jobs": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-66bbb3gpxm8x", - "status": "Completed", - "lastUpdatedAt": 1548959178.0, - "failureBehavior": "Continue", - "clientRequestToken": "6020408e-b05c-4310-9f13-4ed71c5221ed", - "outputLocation": { - "s3Bucket": "awsrobomakerobjecttracker-111111111-bundlesbucket-2lk584kiq1oa", - "s3Prefix": "output" - }, - "maxJobDurationInSeconds": 3600, - "simulationTimeMillis": 0, - "iamRole": "arn:aws:iam::111111111111:role/AWSRoboMakerObjectTracker-154895-SimulationJobRole-14D5ASA7PQE3A", - "simulationApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/AWSRoboMakerObjectTracker-1548959046124_NPvyfcatq/1548959170096", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "object_tracker_simulation", - "launchFile": "local_training.launch", - "environmentVariables": { - "MARKOV_PRESET_FILE": "object_tracker.py", - "MODEL_S3_BUCKET": "awsrobomakerobjecttracker-111111111-bundlesbucket-2lk584kiq1oa", - "MODEL_S3_PREFIX": "model-store", - "ROS_AWS_REGION": "us-west-2" - } - } - } - ], - "tags": {}, - "vpcConfig": { - "subnets": [ - "subnet-716dd52a", - "subnet-43c22325", - "subnet-3f526976" - ], - "securityGroups": [ - "sg-3fb40545" - ], - "vpcId": "vpc-99895eff", - "assignPublicIp": true - } - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-p0cpdrrwng2n", - "status": "Completed", - "lastUpdatedAt": 1548168817.0, - "failureBehavior": "Continue", - "clientRequestToken": "e4a23e75-f9a7-411d-835f-21881c82c58b", - "outputLocation": { - "s3Bucket": "awsrobomakercloudwatch-111111111111-bundlesbucket-14e5s9jvwtmv7", - "s3Prefix": "output" - }, - "maxJobDurationInSeconds": 3600, - "simulationTimeMillis": 0, - "iamRole": "arn:aws:iam::111111111111:role/AWSRoboMakerCloudWatch-154766341-SimulationJobRole-G0OBWTQ8YBG6", - "robotApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/AWSRoboMakerCloudWatch-1547663411642_NZbpqEJ3T/1547663517377", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "cloudwatch_robot", - "launchFile": "await_commands.launch", - "environmentVariables": { - "LAUNCH_ID": "1548168752173", - "ROS_AWS_REGION": "us-west-2" - } - } - } - ], - "simulationApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/AWSRoboMakerCloudWatch-1547663411642_0LIt6D1h6/1547663521470", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "cloudwatch_simulation", - "launchFile": "bookstore_turtlebot_navigation.launch", - "environmentVariables": { - "LAUNCH_ID": "1548168752173", - "ROS_AWS_REGION": "us-west-2", - "TURTLEBOT3_MODEL": "waffle_pi" - } - } - } - ], - "tags": {}, - "vpcConfig": { - "subnets": [ - "subnet-716dd52a", - "subnet-43c22325", - "subnet-3f526976" - ], - "securityGroups": [ - "sg-3fb40545" - ], - "vpcId": "vpc-99895eff", - "assignPublicIp": true - } - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-g8h6tglmblgw", - "status": "Canceled", - "lastUpdatedAt": 1546543442.0, - "failureBehavior": "Fail", - "clientRequestToken": "d796bbb4-2a2c-1abc-f2a9-0d9e547d853f", - "outputLocation": { - "s3Bucket": "sample-bucket", - "s3Prefix": "SimulationLog_115490482698" - }, - "maxJobDurationInSeconds": 28800, - "simulationTimeMillis": 0, - "iamRole": "arn:aws:iam::111111111111:role/RoboMakerSampleTheFirst", - "robotApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/RoboMakerHelloWorldRobot/1546541208251", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_robot", - "launchFile": "rotate.launch" - } - } - ], - "simulationApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/RoboMakerHelloWorldSimulation/1546541198985", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_simulation", - "launchFile": "empty_world.launch" - } - } - ], - "tags": {} - } - ], - "unprocessedJobs": [] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/cancel-simulation-job.rst 2.31.35-1/awscli/examples/robomaker/cancel-simulation-job.rst --- 2.23.6-1/awscli/examples/robomaker/cancel-simulation-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/cancel-simulation-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -**To cancel a simulation job** - -The following ``cancel-simulation-job`` example cancels the specified simulation job. :: - - aws robomaker cancel-simulation-job \ - --job arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-66bbb3gpxm8x diff -pruN 2.23.6-1/awscli/examples/robomaker/create-deployment-job.rst 2.31.35-1/awscli/examples/robomaker/create-deployment-job.rst --- 2.23.6-1/awscli/examples/robomaker/create-deployment-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-deployment-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -**To create a deployment job** - -This example creates a deployment job for fleet MyFleet. It includes an environment variable named "ENVIRONMENT". -It also attaches a tag named "Region". - -Command:: - - aws robomaker create-deployment-job --deployment-config concurrentDeploymentPercentage=20,failureThresholdPercentage=25 --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/Trek/1539894765711 --tags Region=West --deployment-application-configs application=arn:aws:robomaker:us-west-2:111111111111:robot-application/RoboMakerVoiceInteractionRobot/1546537110575,applicationVersion=1,launchConfig={environmentVariables={ENVIRONMENT=Beta},launchFile=await_commands.launch,packageName=voice_interaction_robot} - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/sim-0974h36s4v0t", - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "status": "Pending", - "deploymentApplicationConfigs": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/RoboMakerVoiceInteractionRobot/1546537110575", - "applicationVersion": "1", - "launchConfig": { - "packageName": "voice_interaction_robot", - "launchFile": "await_commands.launch", - "environmentVariables": { - "ENVIRONMENT": "Beta" - } - } - } - ], - "createdAt": 1550770236.0, - "deploymentConfig": { - "concurrentDeploymentPercentage": 20, - "failureThresholdPercentage": 25 - }, - "tags": { - "Region": "West" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/create-fleet.rst 2.31.35-1/awscli/examples/robomaker/create-fleet.rst --- 2.23.6-1/awscli/examples/robomaker/create-fleet.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-fleet.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -**To create a fleet** - -This example creates a fleet. It attaches a tag named Region. - -Command:: - - aws robomaker create-fleet --name MyFleet --tags Region=East - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyOtherFleet/1550771394395", - "name": "MyFleet", - "createdAt": 1550771394.0, - "tags": { - "Region": "East" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/create-robot-application-version.rst 2.31.35-1/awscli/examples/robomaker/create-robot-application-version.rst --- 2.23.6-1/awscli/examples/robomaker/create-robot-application-version.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-robot-application-version.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -**To create a robot application version** - -This example creates a robot application version. - -Command:: - - aws robomaker create-robot-application-version --application arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551201873931 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551201873931", - "name": "MyRobotApplication", - "version": "1", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-robot-application.tar.gz", - "etag": "f8cf5526f1c6e7b3a72c3ed3f79c5493-70", - "architecture": "ARMHF" - } - ], - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "lastUpdatedAt": 1551201873.0, - "revisionId": "9986bb8d-a695-4ab4-8810-9f4a74d1aa00" - "tags": {} - } - diff -pruN 2.23.6-1/awscli/examples/robomaker/create-robot-application.rst 2.31.35-1/awscli/examples/robomaker/create-robot-application.rst --- 2.23.6-1/awscli/examples/robomaker/create-robot-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-robot-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -**To create a robot application** - -This example creates a robot application. - -Command:: - - aws robomaker create-robot-application --name MyRobotApplication --sources s3Bucket=my-bucket,s3Key=my-robot-application.tar.gz,architecture=X86_64 --robot-software-suite name=ROS,version=Kinetic - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551201873931", - "name": "MyRobotApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-robot-application.tar.gz", - "architecture": "ARMHF" - } - ], - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "lastUpdatedAt": 1551201873.0, - "revisionId": "1f3cb539-9239-4841-a656-d3efcffa07e1", - "tags": {} - } diff -pruN 2.23.6-1/awscli/examples/robomaker/create-robot.rst 2.31.35-1/awscli/examples/robomaker/create-robot.rst --- 2.23.6-1/awscli/examples/robomaker/create-robot.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-robot.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ -**To create a robot** - -This example creates a robot. It uses the ARMHF architecture. It also attaches a tag named Region. - -Command:: - - aws robomaker create-robot --name MyRobot --architecture ARMHF --greengrass-group-id 0f728a3c-7dbf-4a3e-976d-d16a8360caba --tags Region=East - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398", - "name": "MyRobot", - "createdAt": 1550772325.0, - "greengrassGroupId": "0f728a3c-7dbf-4a3e-976d-d16a8360caba", - "architecture": "ARMHF", - "tags": { - "Region": "East" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/create-simulation-application-version.rst 2.31.35-1/awscli/examples/robomaker/create-simulation-application-version.rst --- 2.23.6-1/awscli/examples/robomaker/create-simulation-application-version.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-simulation-application-version.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -**To create a simulation application version** - -This example creates a robot application version. - -Command:: - - aws robomaker create-simulation-application-version --application arn:aws:robomaker:us-west-2:111111111111:robot-application/MySimulationApplication/1551203427605 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MyRobotApplication/1551203427605", - "name": "MyRobotApplication", - "version": "1", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-simulation-application.tar.gz", - "etag": "00d8a94ff113856688c4fce618ae0f45-94", - "architecture": "X86_64" - } - ], - "simulationSoftwareSuite": { - "name": "Gazebo", - "version": "7" - }, - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "renderingEngine": { - "name": "OGRE", - "version": "1.x" - }, - "lastUpdatedAt": 1551203853.0, - "revisionId": "ee753e53-519c-4d37-895d-65e79bcd1914", - "tags": {} - } - diff -pruN 2.23.6-1/awscli/examples/robomaker/create-simulation-application.rst 2.31.35-1/awscli/examples/robomaker/create-simulation-application.rst --- 2.23.6-1/awscli/examples/robomaker/create-simulation-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-simulation-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -**To create a simulation application** - -This example creates a simulation application. - -Command:: - - aws robomaker create-simulation-application --name MyRobotApplication --sources s3Bucket=my-bucket,s3Key=my-simulation-application.tar.gz,architecture=ARMHF --robot-software-suite name=ROS,version=Kinetic --simulation-software-suite name=Gazebo,version=7 --rendering-engine name=OGRE,version=1.x - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MyRobotApplication/1551203301792", - "name": "MyRobotApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-simulation-application.tar.gz", - "architecture": "X86_64" - } - ], - "simulationSoftwareSuite": { - "name": "Gazebo", - "version": "7" - }, - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "renderingEngine": { - "name": "OGRE", - "version": "1.x" - }, - "lastUpdatedAt": 1551203301.0, - "revisionId": "ee753e53-519c-4d37-895d-65e79bcd1914", - "tags": {} - } - diff -pruN 2.23.6-1/awscli/examples/robomaker/create-simulation-job.rst 2.31.35-1/awscli/examples/robomaker/create-simulation-job.rst --- 2.23.6-1/awscli/examples/robomaker/create-simulation-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/create-simulation-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -**To create a simulation job** - -This example creates a simulation job. It uses a robot application and a simulation application. - -Command:: - - aws robomaker create-simulation-job --max-job-duration-in-seconds 3600 --iam-role arn:aws:iam::111111111111:role/AWSRoboMakerCloudWatch-154766341-SimulationJobRole-G0OBWTQ8YBG6 --robot-applications application=arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821,launchConfig={packageName=hello_world_robot,launchFile=rotate.launch} --simulation-applications application=arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605,launchConfig={packageName=hello_world_simulation,launchFile=empty_world.launch} --tags Region=North - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-w7m68wpr05h8", - "status": "Pending", - "lastUpdatedAt": 1551213837.0, - "failureBehavior": "Fail", - "clientRequestToken": "b283ccce-e468-43ee-8642-be76a9d69f15", - "maxJobDurationInSeconds": 3600, - "simulationTimeMillis": 0, - "iamRole": "arn:aws:iam::111111111111:role/MySimulationRole", - "robotApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_robot", - "launchFile": "rotate.launch" - } - } - ], - "simulationApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_simulation", - "launchFile": "empty_world.launch" - } - } - ], - "tags": { - "Region": "North" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/delete-fleet.rst 2.31.35-1/awscli/examples/robomaker/delete-fleet.rst --- 2.23.6-1/awscli/examples/robomaker/delete-fleet.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/delete-fleet.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To delete a fleet** - -This example deletes a fleet. - -Command:: - - aws robomaker delete-fleet --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771394395 diff -pruN 2.23.6-1/awscli/examples/robomaker/delete-robot-application.rst 2.31.35-1/awscli/examples/robomaker/delete-robot-application.rst --- 2.23.6-1/awscli/examples/robomaker/delete-robot-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/delete-robot-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To delete a robot application** - -This example deletes a robot application. - -Command:: - - aws robomaker delete-robot-application --application arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821 diff -pruN 2.23.6-1/awscli/examples/robomaker/delete-robot.rst 2.31.35-1/awscli/examples/robomaker/delete-robot.rst --- 2.23.6-1/awscli/examples/robomaker/delete-robot.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/delete-robot.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To delete a robot** - -This example deletes a robot. - -Command:: - - aws robomaker delete-robot --robot arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1540829698778 diff -pruN 2.23.6-1/awscli/examples/robomaker/delete-simulation-application.rst 2.31.35-1/awscli/examples/robomaker/delete-simulation-application.rst --- 2.23.6-1/awscli/examples/robomaker/delete-simulation-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/delete-simulation-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To delete a simulation application** - -This example deletes a simulation application. - -Command:: - - aws robomaker delete-simulation-application --application arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605 diff -pruN 2.23.6-1/awscli/examples/robomaker/deregister-robot.rst 2.31.35-1/awscli/examples/robomaker/deregister-robot.rst --- 2.23.6-1/awscli/examples/robomaker/deregister-robot.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/deregister-robot.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To deregister a robot from a fleet** - -This example deregisters a robot from a fleet. - -Command:: - - aws robomaker deregister-robot --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771358907 --robot arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398 - -Output:: - - { - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771358907", - "robot": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398" - } diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-deployment-job.rst 2.31.35-1/awscli/examples/robomaker/describe-deployment-job.rst --- 2.23.6-1/awscli/examples/robomaker/describe-deployment-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-deployment-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -**To describe a deployment job** - -The following ``describe-deployment-job`` example retrieves the details about the specified deployment job. :: - - aws robomaker describe-deployment-job \ - --job arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-xl8qssl6pbcn - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-xl8qssl6pbcn", - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/Trek/1539894765711", - "status": "InProgress", - "deploymentConfig": { - "concurrentDeploymentPercentage": 20, - "failureThresholdPercentage": 25 - }, - "deploymentApplicationConfigs": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/RoboMakerHelloWorldRobot/1546541208251", - "applicationVersion": "1", - "launchConfig": { - "packageName": "hello_world_robot", - "launchFile": "rotate.launch" - } - } - ], - "createdAt": 1551218369.0, - "robotDeploymentSummary": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1540834232469", - "deploymentStartTime": 1551218376.0, - "status": "Deploying", - "progressDetail": {} - } - ], - "tags": {} - } diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-fleet.rst 2.31.35-1/awscli/examples/robomaker/describe-fleet.rst --- 2.23.6-1/awscli/examples/robomaker/describe-fleet.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-fleet.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -**To describe a fleet** - -The following ``describe-fleet`` example retrieves the details for the specified fleet. :: - - aws robomaker describe-fleet \ - --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771358907 - -Output:: - - { - "name": "MyFleet", - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "robots": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1540834232469", - "createdAt": 1540834232.0 - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyOtherRobot/1540829698778", - "createdAt": 1540829698.0 - } - ], - "createdAt": 1539894765.0, - "lastDeploymentStatus": "Succeeded", - "lastDeploymentJob": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-xl8qssl6pbcn", - "lastDeploymentTime": 1551218369.0, - "tags": {} - } diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-robot-application.rst 2.31.35-1/awscli/examples/robomaker/describe-robot-application.rst --- 2.23.6-1/awscli/examples/robomaker/describe-robot-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-robot-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -**To describe a robot application** - -This example describes a robot application. - -Command:: - - aws robomaker describe-robot-application --application arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821", - "name": "MyRobotApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-robot-application.tar.gz", - "architecture": "X86_64" - } - ], - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "revisionId": "e72efe0d-f44f-4333-b604-f6fa5c6bb50b", - "lastUpdatedAt": 1551203485.0, - "tags": {} - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-robot.rst 2.31.35-1/awscli/examples/robomaker/describe-robot.rst --- 2.23.6-1/awscli/examples/robomaker/describe-robot.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-robot.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -**To describe a robot** - -This example describes a robot. - -Command:: - - aws robomaker describe-robot --robot arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398", - "name": "MyRobot", - "status": "Available", - "greengrassGroupId": "0f728a3c-7dbf-4a3e-976d-d16a8360caba", - "createdAt": 1550772325.0, - "architecture": "ARMHF", - "tags": { - "Region": "East" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-simulation-application.rst 2.31.35-1/awscli/examples/robomaker/describe-simulation-application.rst --- 2.23.6-1/awscli/examples/robomaker/describe-simulation-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-simulation-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -**To describe a simulation application** - -This example describes a simulation application. - -Command:: - - aws robomaker describe-simulation-application --application arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605", - "name": "MySimulationApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-simulation-application.tar.gz", - "architecture": "X86_64" - } - ], - "simulationSoftwareSuite": { - "name": "Gazebo", - "version": "7" - }, - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "renderingEngine": { - "name": "OGRE", - "version": "1.x" - }, - "revisionId": "783674ab-b7b8-42d9-b01f-9373907987e5", - "lastUpdatedAt": 1551203427.0, - "tags": {} - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/describe-simulation-job.rst 2.31.35-1/awscli/examples/robomaker/describe-simulation-job.rst --- 2.23.6-1/awscli/examples/robomaker/describe-simulation-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/describe-simulation-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -**To describe a simulation job** - -This example describes a simulation job. - -Command:: - - aws robomaker describe-simulation-job --job arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-pql32v7pfjy6 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-pql32v7pfjy6", - "status": "Running", - "lastUpdatedAt": 1551219349.0, - "failureBehavior": "Continue", - "clientRequestToken": "a19ec4b5-e50d-3591-33da-c2e593c60615", - "outputLocation": { - "s3Bucket": "my-output-bucket", - "s3Prefix": "output" - }, - "maxJobDurationInSeconds": 3600, - "simulationTimeMillis": 0, - "iamRole": "arn:aws:iam::111111111111:role/MySimulationRole", - "robotApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551206341136", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_robot", - "launchFile": "rotate.launch" - } - } - ], - "simulationApplications": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551206347967", - "applicationVersion": "$LATEST", - "launchConfig": { - "packageName": "hello_world_simulation", - "launchFile": "empty_world.launch" - } - } - ], - "tags": {} - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-deployment-jobs.rst 2.31.35-1/awscli/examples/robomaker/list-deployment-jobs.rst --- 2.23.6-1/awscli/examples/robomaker/list-deployment-jobs.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-deployment-jobs.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -**To list deployment jobs** - -The following ``list-deployment-jobs`` example retrieves a list of deployment jobs. :: - - aws robomaker list-deployment-jobs - -Output:: - - { - "deploymentJobs": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/sim-6293szzm56rv", - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "status": "InProgress", - "deploymentApplicationConfigs": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/HelloWorldRobot/1546537110575", - "applicationVersion": "1", - "launchConfig": { - "packageName": "hello_world_robot", - "launchFile": "rotate.launch", - "environmentVariables": { - "ENVIRONMENT": "Desert" - } - } - } - ], - "deploymentConfig": { - "concurrentDeploymentPercentage": 20, - "failureThresholdPercentage": 25 - }, - "createdAt": 1550689373.0 - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-4w4g69p25zdb", - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "status": "Pending", - "deploymentApplicationConfigs": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/AWSRoboMakerHelloWorld-1544562726923_YGHM_sh5M/1544562822877", - "applicationVersion": "1", - "launchConfig": { - "packageName": "fail", - "launchFile": "fail" - } - } - ], - "deploymentConfig": { - "concurrentDeploymentPercentage": 20, - "failureThresholdPercentage": 25 - }, - "failureReason": "", - "failureCode": "", - "createdAt": 1544719763.0 - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-fleets.rst 2.31.35-1/awscli/examples/robomaker/list-fleets.rst --- 2.23.6-1/awscli/examples/robomaker/list-fleets.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-fleets.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -**To list fleets** - -This example lists fleets. A maximum of 20 fleets will be returned. - -Command:: - - aws robomaker list-fleets --max-items 20 - -Output:: - - { - "fleetDetails": [ - { - "name": "Trek", - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "createdAt": 1539894765.0, - "lastDeploymentStatus": "Failed", - "lastDeploymentJob": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-4w4g69p25zdb", - "lastDeploymentTime": 1544719763.0 - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-robot-applications.rst 2.31.35-1/awscli/examples/robomaker/list-robot-applications.rst --- 2.23.6-1/awscli/examples/robomaker/list-robot-applications.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-robot-applications.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -**To list robot applications** - -This example lists robot applications. Results are limited to 20 robot applications. - -Command:: - - aws robomaker list-robot-applications --max-results 20 - -Output:: - - { - "robotApplicationSummaries": [ - { - "name": "MyRobot", - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobot/1546537110575", - "version": "$LATEST", - "lastUpdatedAt": 1546540372.0 - }, - { - "name": "AnotherRobot", - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/AnotherRobot/1546541208251", - "version": "$LATEST", - "lastUpdatedAt": 1546541208.0 - }, - { - "name": "MySuperRobot", - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MySuperRobot/1547663517377", - "version": "$LATEST", - "lastUpdatedAt": 1547663517.0 - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-robots.rst 2.31.35-1/awscli/examples/robomaker/list-robots.rst --- 2.23.6-1/awscli/examples/robomaker/list-robots.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-robots.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -**To list robots** - -This example lists robots. A maximum of 20 robots will be returned. - -Command:: - - aws robomaker list-robots --max-results 20 - -Output:: - - { - "robots": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/Robot100/1544035373264", - "name": "Robot100", - "status": "Available", - "createdAt": 1544035373.0, - "architecture": "X86_64" - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/Robot101/1542146976587", - "name": "Robot101", - "status": "Available", - "createdAt": 1542146976.0, - "architecture": "X86_64" - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/Robot102/1540834232469", - "name": "Robot102", - "fleetArn": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/Trek/1539894765711", - "status": "Available", - "createdAt": 1540834232.0, - "architecture": "X86_64", - "lastDeploymentJob": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-jb007b75gl5f", - "lastDeploymentTime": 1550689533.0 - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1540829698778", - "name": "MyRobot", - "status": "Registered", - "createdAt": 1540829698.0, - "architecture": "X86_64" - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-simulation-applications.rst 2.31.35-1/awscli/examples/robomaker/list-simulation-applications.rst --- 2.23.6-1/awscli/examples/robomaker/list-simulation-applications.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-simulation-applications.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ -**To list simulation applications** - -This example lists simulation applications. A maximum of 20 simulation applications will be returned. - -Command:: - - aws robomaker list-simulation-applications --max-results 20 - -Output:: - - { - "simulationApplicationSummaries": [ - { - "name": "AWSRoboMakerObjectTracker-1548959046124_NPvyfcatq", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/AWSRoboMakerObjectTracker-1548959046124_NPvyfcatq/1548959170096", - "version": "$LATEST", - "lastUpdatedAt": 1548959170.0 - }, - { - "name": "RoboMakerHelloWorldSimulation", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/RoboMakerHelloWorldSimulation/1546541198985", - "version": "$LATEST", - "lastUpdatedAt": 1546541198.0 - }, - { - "name": "RoboMakerObjectTrackerSimulation", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/RoboMakerObjectTrackerSimulation/1545846795615", - "version": "$LATEST", - "lastUpdatedAt": 1545847405.0 - }, - { - "name": "RoboMakerVoiceInteractionSimulation", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/RoboMakerVoiceInteractionSimulation/1546537100507", - "version": "$LATEST", - "lastUpdatedAt": 1546540352.0 - }, - { - "name": "AWSRoboMakerCloudWatch-1547663411642_0LIt6D1h6", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/AWSRoboMakerCloudWatch-1547663411642_0LIt6D1h6/1547663521470", - "version": "$LATEST", - "lastUpdatedAt": 1547663521.0 - }, - { - "name": "AWSRoboMakerDeepRacer-1545848257672_1YZCaieQ-", - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/AWSRoboMakerDeepRacer-1545848257672_1YZCaieQ-/1545848370525", - "version": "$LATEST", - "lastUpdatedAt": 1545848370.0 - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-simulation-jobs.rst 2.31.35-1/awscli/examples/robomaker/list-simulation-jobs.rst --- 2.23.6-1/awscli/examples/robomaker/list-simulation-jobs.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-simulation-jobs.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,80 +0,0 @@ -**To list simulation jobs** - -This example lists simulation jobs. - -Command:: - - aws robomaker list-simulation-jobs - -Output:: - - { - "simulationJobSummaries": [ - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-66bbb3gpxm8x", - "lastUpdatedAt": 1548959178.0, - "status": "Completed", - "simulationApplicationNames": [ - "AWSRoboMakerObjectTracker-1548959046124_NPvyfcatq" - ], - "robotApplicationNames": [ - null - ] - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-b27c4rkrtzcw", - "lastUpdatedAt": 1543514088.0, - "status": "Canceled", - "simulationApplicationNames": [ - "AWSRoboMakerPersonDetection-1543513948280_T8rHW2_lu" - ], - "robotApplicationNames": [ - "AWSRoboMakerPersonDetection-1543513948280_EYaMT0mYb" - ] - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-51vxjbzy4q8t", - "lastUpdatedAt": 1543508858.0, - "status": "Canceled", - "simulationApplicationNames": [ - "AWSRoboMakerCloudWatch-1543504747391_lFF9ZQyx6" - ], - "robotApplicationNames": [ - "AWSRoboMakerCloudWatch-1543504747391_axbYa3S3K" - ] - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-kgf1fqxflqbx", - "lastUpdatedAt": 1543504862.0, - "status": "Completed", - "simulationApplicationNames": [ - "AWSRoboMakerCloudWatch-1543504747391_lFF9ZQyx6" - ], - "robotApplicationNames": [ - "AWSRoboMakerCloudWatch-1543504747391_axbYa3S3K" - ] - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-vw8lvh061nqt", - "lastUpdatedAt": 1543441430.0, - "status": "Completed", - "simulationApplicationNames": [ - "AWSRoboMakerHelloWorld-1543437372341__yb_Jg96l" - ], - "robotApplicationNames": [ - "AWSRoboMakerHelloWorld-1543437372341_lNbmKHvs9" - ] - }, - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-txy5ypxmhz84", - "lastUpdatedAt": 1543437488.0, - "status": "Completed", - "simulationApplicationNames": [ - "AWSRoboMakerHelloWorld-1543437372341__yb_Jg96l" - ], - "robotApplicationNames": [ - "AWSRoboMakerHelloWorld-1543437372341_lNbmKHvs9" - ] - } - ] - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/list-tags-for-resource.rst 2.31.35-1/awscli/examples/robomaker/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/robomaker/list-tags-for-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -**To list tags for a resource** - -This example lists tags for an AWS RoboMaker resource. - -Command:: - - aws robomaker list-tags-for-resource --resource-arn "arn:aws:robomaker:us-west-2:111111111111:robot/Robby_the_Robot/1544035373264" - -Output:: - - { - "tags": { - "Region": "North", - "Stage": "Initial" - } - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/register-robot.rst 2.31.35-1/awscli/examples/robomaker/register-robot.rst --- 2.23.6-1/awscli/examples/robomaker/register-robot.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/register-robot.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -**To register a robot** - -This example registers a robot to a fleet. - -Command:: - - aws robomaker register-robot --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771358907 --robot arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398 - -Output:: - - { - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1550771358907", - "robot": "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1550772324398" - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/restart-simulation-job.rst 2.31.35-1/awscli/examples/robomaker/restart-simulation-job.rst --- 2.23.6-1/awscli/examples/robomaker/restart-simulation-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/restart-simulation-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To restart a simulation** - -This example restarts a simulation. - -Command:: - - aws robomaker restart-simulation-job --job arn:aws:robomaker:us-west-2:111111111111:simulation-job/sim-t6rdgt70mftr diff -pruN 2.23.6-1/awscli/examples/robomaker/sync-deployment-job.rst 2.31.35-1/awscli/examples/robomaker/sync-deployment-job.rst --- 2.23.6-1/awscli/examples/robomaker/sync-deployment-job.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/sync-deployment-job.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -**To sync a deployment job** - -This example synchronizes a deployment job. - -Command:: - - aws robomaker sync-deployment-job --fleet arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/Trek/1539894765711 - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:deployment-job/deployment-09ccxs3tlfms", - "fleet": "arn:aws:robomaker:us-west-2:111111111111:deployment-fleet/MyFleet/1539894765711", - "status": "Pending", - "deploymentConfig": { - "concurrentDeploymentPercentage": 20, - "failureThresholdPercentage": 25 - }, - "deploymentApplicationConfigs": [ - { - "application": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1546541208251", - "applicationVersion": "1", - "launchConfig": { - "packageName": "hello_world_simulation", - "launchFile": "empty_world.launch" - } - } - ], - "createdAt": 1551286954.0 - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/tag-resource.rst 2.31.35-1/awscli/examples/robomaker/tag-resource.rst --- 2.23.6-1/awscli/examples/robomaker/tag-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To tag a resource** - -This example tags a resource. It attaches two tags: Region and Stage. - -Command:: - - aws robomaker tag-resource --resource-arn "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1544035373264" --tags Region=North,Stage=Initial diff -pruN 2.23.6-1/awscli/examples/robomaker/untag-resource.rst 2.31.35-1/awscli/examples/robomaker/untag-resource.rst --- 2.23.6-1/awscli/examples/robomaker/untag-resource.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -**To untag a resource** - -This example removes a tag from a resource. It removes the Region tag. - -Command:: - - aws robomaker untag-resource --resource-arn "arn:aws:robomaker:us-west-2:111111111111:robot/MyRobot/1544035373264" --tag-keys Region diff -pruN 2.23.6-1/awscli/examples/robomaker/update-robot-application.rst 2.31.35-1/awscli/examples/robomaker/update-robot-application.rst --- 2.23.6-1/awscli/examples/robomaker/update-robot-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/update-robot-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -**To update a robot application** - -This example updates a robot application. - -Command:: - - aws robomaker update-robot-application --application arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821 --sources s3Bucket=my-bucket,s3Key=my-robot-application.tar.gz,architecture=X86_64 --robot-software-suite name=ROS,version=Kinetic - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:robot-application/MyRobotApplication/1551203485821", - "name": "MyRobotApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-robot-application.tar.gz", - "architecture": "X86_64" - } - ], - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "lastUpdatedAt": 1551287993.0, - "revisionId": "20b5e331-24fd-4504-8b8c-531afe5f4c94" - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/robomaker/update-simulation-application.rst 2.31.35-1/awscli/examples/robomaker/update-simulation-application.rst --- 2.23.6-1/awscli/examples/robomaker/update-simulation-application.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/robomaker/update-simulation-application.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -**To update a simulation application** - -This example updates a simulation application. - -Command:: - - aws robomaker update-simulation-application --application arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605 --sources s3Bucket=my-bucket,s3Key=my-simulation-application.tar.gz,architecture=X86_64 --robot-software-suite name=ROS,version=Kinetic --simulation-software-suite name=Gazebo,version=7 --rendering-engine name=OGRE,version=1.x - -Output:: - - { - "arn": "arn:aws:robomaker:us-west-2:111111111111:simulation-application/MySimulationApplication/1551203427605", - "name": "MySimulationApplication", - "version": "$LATEST", - "sources": [ - { - "s3Bucket": "my-bucket", - "s3Key": "my-simulation-application.tar.gz", - "architecture": "X86_64" - } - ], - "simulationSoftwareSuite": { - "name": "Gazebo", - "version": "7" - }, - "robotSoftwareSuite": { - "name": "ROS", - "version": "Kinetic" - }, - "renderingEngine": { - "name": "OGRE", - "version": "1.x" - }, - "lastUpdatedAt": 1551289361.0, - "revisionId": "4a22cb5d-93c5-4cef-9311-52bdd119b79e" - } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/route53domains/get-domain-detail.rst 2.31.35-1/awscli/examples/route53domains/get-domain-detail.rst --- 2.23.6-1/awscli/examples/route53domains/get-domain-detail.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/route53domains/get-domain-detail.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,7 +4,7 @@ The following ``get-domain-detail`` comm This command runs only in the ``us-east-1`` Region. If your default region is set to ``us-east-1``, you can omit the ``region`` parameter. :: - aws route53domains get-domain-detail \ + aws route53domains get-domain-detail \ --region us-east-1 \ --domain-name example.com @@ -77,7 +77,7 @@ Output:: "RegistrantPrivacy": true, "TechPrivacy": true, "RegistrarName": "Amazon Registrar, Inc.", - "WhoIsServer": "whois.registrar.amazon.com", + "WhoIsServer": "whois.registrar.amazon", "RegistrarUrl": "http://registrar.amazon.com", "AbuseContactEmail": "abuse@registrar.amazon.com", "AbuseContactPhone": "+1.2062661000", @@ -86,4 +86,4 @@ Output:: "StatusList": [ "clientTransferProhibited" ] - } + } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3/_concepts.rst 2.31.35-1/awscli/examples/s3/_concepts.rst --- 2.23.6-1/awscli/examples/s3/_concepts.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/_concepts.rst 2025-11-12 19:17:29.000000000 +0000 @@ -14,13 +14,13 @@ are two types of path arguments: ``Local written as an absolute path or relative path. ``S3Uri``: represents the location of a S3 object, prefix, or bucket. This -must be written in the form ``s3://mybucket/mykey`` where ``mybucket`` is +must be written in the form ``s3://amzn-s3-demo-bucket/mykey`` where ``amzn-s3-demo-bucket`` is the specified S3 bucket, ``mykey`` is the specified S3 key. The path argument must begin with ``s3://`` in order to denote that the path argument refers to a S3 object. Note that prefixes are separated by forward slashes. For example, if the S3 object ``myobject`` had the prefix ``myprefix``, the S3 key would be ``myprefix/myobject``, and if the object was in the bucket -``mybucket``, the ``S3Uri`` would be ``s3://mybucket/myprefix/myobject``. +``amzn-s3-demo-bucket``, the ``S3Uri`` would be ``s3://amzn-s3-demo-bucket/myprefix/myobject``. ``S3Uri`` also supports S3 access points. To specify an access point, this value must be of the form ``s3:///``. For example if diff -pruN 2.23.6-1/awscli/examples/s3/cp.rst 2.31.35-1/awscli/examples/s3/cp.rst --- 2.23.6-1/awscli/examples/s3/cp.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/cp.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,67 +3,67 @@ The following ``cp`` command copies a single file to a specified bucket and key:: - aws s3 cp test.txt s3://mybucket/test2.txt + aws s3 cp test.txt s3://amzn-s3-demo-bucket/test2.txt Output:: - upload: test.txt to s3://mybucket/test2.txt + upload: test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 2: Copying a local file to S3 with an expiration date** The following ``cp`` command copies a single file to a specified bucket and key that expires at the specified ISO 8601 timestamp:: - aws s3 cp test.txt s3://mybucket/test2.txt \ + aws s3 cp test.txt s3://amzn-s3-demo-bucket/test2.txt \ --expires 2014-10-01T20:30:00Z Output:: - upload: test.txt to s3://mybucket/test2.txt + upload: test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 3: Copying a file from S3 to S3** The following ``cp`` command copies a single s3 object to a specified bucket and key:: - aws s3 cp s3://mybucket/test.txt s3://mybucket/test2.txt + aws s3 cp s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket/test2.txt Output:: - copy: s3://mybucket/test.txt to s3://mybucket/test2.txt + copy: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 4: Copying an S3 object to a local file** The following ``cp`` command copies a single object to a specified file locally:: - aws s3 cp s3://mybucket/test.txt test2.txt + aws s3 cp s3://amzn-s3-demo-bucket/test.txt test2.txt Output:: - download: s3://mybucket/test.txt to test2.txt + download: s3://amzn-s3-demo-bucket/test.txt to test2.txt **Example 5: Copying an S3 object from one bucket to another** The following ``cp`` command copies a single object to a specified bucket while retaining its original name:: - aws s3 cp s3://mybucket/test.txt s3://amzn-s3-demo-bucket2/ + aws s3 cp s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket2/ Output:: - copy: s3://mybucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt + copy: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt **Example 6: Recursively copying S3 objects to a local directory** When passed with the parameter ``--recursive``, the following ``cp`` command recursively copies all objects under a -specified prefix and bucket to a specified directory. In this example, the bucket ``mybucket`` has the objects +specified prefix and bucket to a specified directory. In this example, the bucket ``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``test2.txt``:: - aws s3 cp s3://mybucket . \ + aws s3 cp s3://amzn-s3-demo-bucket . \ --recursive Output:: - download: s3://mybucket/test1.txt to test1.txt - download: s3://mybucket/test2.txt to test2.txt + download: s3://amzn-s3-demo-bucket/test1.txt to test1.txt + download: s3://amzn-s3-demo-bucket/test2.txt to test2.txt **Example 7: Recursively copying local files to S3** @@ -71,51 +71,51 @@ When passed with the parameter ``--recur specified directory to a specified bucket and prefix while excluding some files by using an ``--exclude`` parameter. In this example, the directory ``myDir`` has the files ``test1.txt`` and ``test2.jpg``:: - aws s3 cp myDir s3://mybucket/ \ + aws s3 cp myDir s3://amzn-s3-demo-bucket/ \ --recursive \ --exclude "*.jpg" Output:: - upload: myDir/test1.txt to s3://mybucket/test1.txt + upload: myDir/test1.txt to s3://amzn-s3-demo-bucket/test1.txt **Example 8: Recursively copying S3 objects to another bucket** When passed with the parameter ``--recursive``, the following ``cp`` command recursively copies all objects under a specified bucket to another bucket while excluding some objects by using an ``--exclude`` parameter. In this example, -the bucket ``mybucket`` has the objects ``test1.txt`` and ``another/test1.txt``:: +the bucket ``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``another/test1.txt``:: - aws s3 cp s3://mybucket/ s3://amzn-s3-demo-bucket2/ \ + aws s3 cp s3://amzn-s3-demo-bucket/ s3://amzn-s3-demo-bucket2/ \ --recursive \ --exclude "another/*" Output:: - copy: s3://mybucket/test1.txt to s3://amzn-s3-demo-bucket2/test1.txt + copy: s3://amzn-s3-demo-bucket/test1.txt to s3://amzn-s3-demo-bucket2/test1.txt You can combine ``--exclude`` and ``--include`` options to copy only objects that match a pattern, excluding all others:: - aws s3 cp s3://mybucket/logs/ s3://amzn-s3-demo-bucket2/logs/ \ + aws s3 cp s3://amzn-s3-demo-bucket/logs/ s3://amzn-s3-demo-bucket2/logs/ \ --recursive \ --exclude "*" \ --include "*.log" Output:: - copy: s3://mybucket/logs/test/test.log to s3://amzn-s3-demo-bucket2/logs/test/test.log - copy: s3://mybucket/logs/test3.log to s3://amzn-s3-demo-bucket2/logs/test3.log + copy: s3://amzn-s3-demo-bucket/logs/test/test.log to s3://amzn-s3-demo-bucket2/logs/test/test.log + copy: s3://amzn-s3-demo-bucket/logs/test3.log to s3://amzn-s3-demo-bucket2/logs/test3.log **Example 9: Setting the Access Control List (ACL) while copying an S3 object** The following ``cp`` command copies a single object to a specified bucket and key while setting the ACL to ``public-read-write``:: - aws s3 cp s3://mybucket/test.txt s3://mybucket/test2.txt \ + aws s3 cp s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket/test2.txt \ --acl public-read-write Output:: - copy: s3://mybucket/test.txt to s3://mybucket/test2.txt + copy: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket/test2.txt Note that if you're using the ``--acl`` option, ensure that any associated IAM policies include the ``"s3:PutObjectAcl"`` action:: @@ -138,7 +138,7 @@ Output:: "s3:PutObjectAcl" ], "Resource": [ - "arn:aws:s3:::mybucket/*" + "arn:aws:s3:::amzn-s3-demo-bucket/*" ], "Effect": "Allow", "Sid": "Stmt1234567891234" @@ -152,11 +152,11 @@ Output:: The following ``cp`` command illustrates the use of the ``--grants`` option to grant read access to all users identified by URI and full control to a specific user identified by their Canonical ID:: - aws s3 cp file.txt s3://mybucket/ --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=id=79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be + aws s3 cp file.txt s3://amzn-s3-demo-bucket/ --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=id=79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be Output:: - upload: file.txt to s3://mybucket/file.txt + upload: file.txt to s3://amzn-s3-demo-bucket/file.txt **Example 11: Uploading a local file stream to S3** @@ -164,13 +164,13 @@ Output:: The following ``cp`` command uploads a local file stream from standard input to a specified bucket and key:: - aws s3 cp - s3://mybucket/stream.txt + aws s3 cp - s3://amzn-s3-demo-bucket/stream.txt **Example 12: Uploading a local file stream that is larger than 50GB to S3** The following ``cp`` command uploads a 51GB local file stream from standard input to a specified bucket and key. The ``--expected-size`` option must be provided, or the upload may fail when it reaches the default part limit of 10,000:: - aws s3 cp - s3://mybucket/stream.txt --expected-size 54760833024 + aws s3 cp - s3://amzn-s3-demo-bucket/stream.txt --expected-size 54760833024 **Example 13: Downloading an S3 object as a local file stream** @@ -178,7 +178,7 @@ The following ``cp`` command uploads a 5 The following ``cp`` command downloads an S3 object locally as a stream to standard output. Downloading as a stream is not currently compatible with the ``--recursive`` parameter:: - aws s3 cp s3://mybucket/stream.txt - + aws s3 cp s3://amzn-s3-demo-bucket/stream.txt - **Example 14: Uploading to an S3 access point** diff -pruN 2.23.6-1/awscli/examples/s3/ls.rst 2.31.35-1/awscli/examples/s3/ls.rst --- 2.23.6-1/awscli/examples/s3/ls.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/ls.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,19 +1,19 @@ **Example 1: Listing all user owned buckets** -The following ``ls`` command lists all of the bucket owned by the user. In this example, the user owns the buckets ``mybucket`` and ``amzn-s3-demo-bucket2``. The timestamp is the date the bucket was created, shown in your machine's time zone. This date can change when making changes to your bucket, such as editing its bucket policy. Note if ``s3://`` is used for the path argument ````, it will list all of the buckets as well. :: +The following ``ls`` command lists all of the bucket owned by the user. In this example, the user owns the buckets ``amzn-s3-demo-bucket`` and ``amzn-s3-demo-bucket2``. The timestamp is the date the bucket was created, shown in your machine's time zone. This date can change when making changes to your bucket, such as editing its bucket policy. Note if ``s3://`` is used for the path argument ````, it will list all of the buckets as well. :: aws s3 ls Output:: - 2013-07-11 17:08:50 mybucket + 2013-07-11 17:08:50 amzn-s3-demo-bucket 2013-07-24 14:55:44 amzn-s3-demo-bucket2 **Example 2: Listing all prefixes and objects in a bucket** -The following ``ls`` command lists objects and common prefixes under a specified bucket and prefix. In this example, the user owns the bucket ``mybucket`` with the objects ``test.txt`` and ``somePrefix/test.txt``. The ``LastWriteTime`` and ``Length`` are arbitrary. Note that since the ``ls`` command has no interaction with the local filesystem, the ``s3://`` URI scheme is not required to resolve ambiguity and may be omitted. :: +The following ``ls`` command lists objects and common prefixes under a specified bucket and prefix. In this example, the user owns the bucket ``amzn-s3-demo-bucket`` with the objects ``test.txt`` and ``somePrefix/test.txt``. The ``LastWriteTime`` and ``Length`` are arbitrary. Note that since the ``ls`` command has no interaction with the local filesystem, the ``s3://`` URI scheme is not required to resolve ambiguity and may be omitted. :: - aws s3 ls s3://mybucket + aws s3 ls s3://amzn-s3-demo-bucket Output:: @@ -24,7 +24,7 @@ Output:: The following ``ls`` command lists objects and common prefixes under a specified bucket and prefix. However, there are no objects nor common prefixes under the specified bucket and prefix. :: - aws s3 ls s3://mybucket/noExistPrefix + aws s3 ls s3://amzn-s3-demo-bucket/noExistPrefix Output:: @@ -34,7 +34,7 @@ Output:: The following ``ls`` command will recursively list objects in a bucket. Rather than showing ``PRE dirname/`` in the output, all the content in a bucket will be listed in order. :: - aws s3 ls s3://mybucket \ + aws s3 ls s3://amzn-s3-demo-bucket \ --recursive Output:: @@ -54,7 +54,7 @@ Output:: The following ``ls`` command demonstrates the same command using the --human-readable and --summarize options. --human-readable displays file size in Bytes/MiB/KiB/GiB/TiB/PiB/EiB. --summarize displays the total number of objects and total size at the end of the result listing:: - aws s3 ls s3://mybucket \ + aws s3 ls s3://amzn-s3-demo-bucket \ --recursive \ --human-readable \ --summarize diff -pruN 2.23.6-1/awscli/examples/s3/mb.rst 2.31.35-1/awscli/examples/s3/mb.rst --- 2.23.6-1/awscli/examples/s3/mb.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/mb.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,22 +1,22 @@ **Example 1: Create a bucket** -The following ``mb`` command creates a bucket. In this example, the user makes the bucket ``mybucket``. The bucket is +The following ``mb`` command creates a bucket. In this example, the user makes the bucket ``amzn-s3-demo-bucket``. The bucket is created in the region specified in the user's configuration file:: - aws s3 mb s3://mybucket + aws s3 mb s3://amzn-s3-demo-bucket Output:: - make_bucket: s3://mybucket + make_bucket: s3://amzn-s3-demo-bucket **Example 2: Create a bucket in the specified region** The following ``mb`` command creates a bucket in a region specified by the ``--region`` parameter. In this example, the -user makes the bucket ``mybucket`` in the region ``us-west-1``:: +user makes the bucket ``amzn-s3-demo-bucket`` in the region ``us-west-1``:: - aws s3 mb s3://mybucket \ + aws s3 mb s3://amzn-s3-demo-bucket \ --region us-west-1 Output:: - make_bucket: s3://mybucket + make_bucket: s3://amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3/mv.rst 2.31.35-1/awscli/examples/s3/mv.rst --- 2.23.6-1/awscli/examples/s3/mv.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/mv.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,55 +2,55 @@ The following ``mv`` command moves a single file to a specified bucket and key. :: - aws s3 mv test.txt s3://mybucket/test2.txt + aws s3 mv test.txt s3://amzn-s3-demo-bucket/test2.txt Output:: - move: test.txt to s3://mybucket/test2.txt + move: test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 2: Move an object to the specified bucket and key** The following ``mv`` command moves a single s3 object to a specified bucket and key. :: - aws s3 mv s3://mybucket/test.txt s3://mybucket/test2.txt + aws s3 mv s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket/test2.txt Output:: - move: s3://mybucket/test.txt to s3://mybucket/test2.txt + move: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 3: Move an S3 object to the local directory** The following ``mv`` command moves a single object to a specified file locally. :: - aws s3 mv s3://mybucket/test.txt test2.txt + aws s3 mv s3://amzn-s3-demo-bucket/test.txt test2.txt Output:: - move: s3://mybucket/test.txt to test2.txt + move: s3://amzn-s3-demo-bucket/test.txt to test2.txt **Example 4: Move an object with it's original name to the specified bucket** The following ``mv`` command moves a single object to a specified bucket while retaining its original name:: - aws s3 mv s3://mybucket/test.txt s3://amzn-s3-demo-bucket2/ + aws s3 mv s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket2/ Output:: - move: s3://mybucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt + move: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt **Example 5: Move all objects and prefixes in a bucket to the local directory** When passed with the parameter ``--recursive``, the following ``mv`` command recursively moves all objects under a -specified prefix and bucket to a specified directory. In this example, the bucket ``mybucket`` has the objects +specified prefix and bucket to a specified directory. In this example, the bucket ``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``test2.txt``. :: - aws s3 mv s3://mybucket . \ + aws s3 mv s3://amzn-s3-demo-bucket . \ --recursive Output:: - move: s3://mybucket/test1.txt to test1.txt - move: s3://mybucket/test2.txt to test2.txt + move: s3://amzn-s3-demo-bucket/test1.txt to test1.txt + move: s3://amzn-s3-demo-bucket/test2.txt to test2.txt **Example 6: Move all objects and prefixes in a bucket to the local directory, except ``.jpg`` files** @@ -58,7 +58,7 @@ When passed with the parameter ``--recur specified directory to a specified bucket and prefix while excluding some files by using an ``--exclude`` parameter. In this example, the directory ``myDir`` has the files ``test1.txt`` and ``test2.jpg``. :: - aws s3 mv myDir s3://mybucket/ \ + aws s3 mv myDir s3://amzn-s3-demo-bucket/ \ --recursive \ --exclude "*.jpg" @@ -70,39 +70,39 @@ Output:: When passed with the parameter ``--recursive``, the following ``mv`` command recursively moves all objects under a specified bucket to another bucket while excluding some objects by using an ``--exclude`` parameter. In this example, -the bucket ``mybucket`` has the objects ``test1.txt`` and ``another/test1.txt``. :: +the bucket ``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``another/test1.txt``. :: - aws s3 mv s3://mybucket/ s3://amzn-s3-demo-bucket2/ \ + aws s3 mv s3://amzn-s3-demo-bucket/ s3://amzn-s3-demo-bucket2/ \ --recursive \ - --exclude "mybucket/another/*" + --exclude "amzn-s3-demo-bucket/another/*" Output:: - move: s3://mybucket/test1.txt to s3://amzn-s3-demo-bucket2/test1.txt + move: s3://amzn-s3-demo-bucket/test1.txt to s3://amzn-s3-demo-bucket2/test1.txt **Example 8: Move an object to the specified bucket and set the ACL** The following ``mv`` command moves a single object to a specified bucket and key while setting the ACL to ``public-read-write``. :: - aws s3 mv s3://mybucket/test.txt s3://mybucket/test2.txt \ + aws s3 mv s3://amzn-s3-demo-bucket/test.txt s3://amzn-s3-demo-bucket/test2.txt \ --acl public-read-write Output:: - move: s3://mybucket/test.txt to s3://mybucket/test2.txt + move: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 9: Move a local file to the specified bucket and grant permissions** The following ``mv`` command illustrates the use of the ``--grants`` option to grant read access to all users and full control to a specific user identified by their email address. :: - aws s3 mv file.txt s3://mybucket/ \ + aws s3 mv file.txt s3://amzn-s3-demo-bucket/ \ --grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=emailaddress=user@example.com Output:: - move: file.txt to s3://mybucket/file.txt + move: file.txt to s3://amzn-s3-demo-bucket/file.txt **Example 10: Move a file to an S3 access point** diff -pruN 2.23.6-1/awscli/examples/s3/rb.rst 2.31.35-1/awscli/examples/s3/rb.rst --- 2.23.6-1/awscli/examples/s3/rb.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/rb.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,24 +1,24 @@ **Example 1: Delete a bucket** -The following ``rb`` command removes a bucket. In this example, the user's bucket is ``mybucket``. Note that the bucket must be empty in order to remove:: +The following ``rb`` command removes a bucket. In this example, the user's bucket is ``amzn-s3-demo-bucket``. Note that the bucket must be empty in order to remove:: - aws s3 rb s3://mybucket + aws s3 rb s3://amzn-s3-demo-bucket Output:: - remove_bucket: mybucket + remove_bucket: amzn-s3-demo-bucket **Example 2: Force delete a bucket** The following ``rb`` command uses the ``--force`` parameter to first remove all of the objects in the bucket and then -remove the bucket itself. In this example, the user's bucket is ``mybucket`` and the objects in ``mybucket`` are +remove the bucket itself. In this example, the user's bucket is ``amzn-s3-demo-bucket`` and the objects in ``amzn-s3-demo-bucket`` are ``test1.txt`` and ``test2.txt``:: - aws s3 rb s3://mybucket \ + aws s3 rb s3://amzn-s3-demo-bucket \ --force Output:: - delete: s3://mybucket/test1.txt - delete: s3://mybucket/test2.txt - remove_bucket: mybucket \ No newline at end of file + delete: s3://amzn-s3-demo-bucket/test1.txt + delete: s3://amzn-s3-demo-bucket/test2.txt + remove_bucket: amzn-s3-demo-bucket \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3/rm.rst 2.31.35-1/awscli/examples/s3/rm.rst --- 2.23.6-1/awscli/examples/s3/rm.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/rm.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,54 +2,54 @@ The following ``rm`` command deletes a single s3 object:: - aws s3 rm s3://mybucket/test2.txt + aws s3 rm s3://amzn-s3-demo-bucket/test2.txt Output:: - delete: s3://mybucket/test2.txt + delete: s3://amzn-s3-demo-bucket/test2.txt **Example 2: Delete all contents in a bucket** The following ``rm`` command recursively deletes all objects under a specified bucket and prefix when passed with the -parameter ``--recursive``. In this example, the bucket ``mybucket`` contains the objects ``test1.txt`` and +parameter ``--recursive``. In this example, the bucket ``amzn-s3-demo-bucket`` contains the objects ``test1.txt`` and ``test2.txt``:: - aws s3 rm s3://mybucket \ + aws s3 rm s3://amzn-s3-demo-bucket \ --recursive Output:: - delete: s3://mybucket/test1.txt - delete: s3://mybucket/test2.txt + delete: s3://amzn-s3-demo-bucket/test1.txt + delete: s3://amzn-s3-demo-bucket/test2.txt **Example 3: Delete all contents in a bucket, except ``.jpg`` files** The following ``rm`` command recursively deletes all objects under a specified bucket and prefix when passed with the parameter ``--recursive`` while excluding some objects by using an ``--exclude`` parameter. In this example, the bucket -``mybucket`` has the objects ``test1.txt`` and ``test2.jpg``:: +``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``test2.jpg``:: - aws s3 rm s3://mybucket/ \ + aws s3 rm s3://amzn-s3-demo-bucket/ \ --recursive \ --exclude "*.jpg" Output:: - delete: s3://mybucket/test1.txt + delete: s3://amzn-s3-demo-bucket/test1.txt **Example 4: Delete all contents in a bucket, except objects under the specified prefix** The following ``rm`` command recursively deletes all objects under a specified bucket and prefix when passed with the parameter ``--recursive`` while excluding all objects under a particular prefix by using an ``--exclude`` parameter. In -this example, the bucket ``mybucket`` has the objects ``test1.txt`` and ``another/test.txt``:: +this example, the bucket ``amzn-s3-demo-bucket`` has the objects ``test1.txt`` and ``another/test.txt``:: - aws s3 rm s3://mybucket/ \ + aws s3 rm s3://amzn-s3-demo-bucket/ \ --recursive \ --exclude "another/*" Output:: - delete: s3://mybucket/test1.txt + delete: s3://amzn-s3-demo-bucket/test1.txt **Example 5: Delete an object from an S3 access point** diff -pruN 2.23.6-1/awscli/examples/s3/sync.rst 2.31.35-1/awscli/examples/s3/sync.rst --- 2.23.6-1/awscli/examples/s3/sync.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/sync.rst 2025-11-12 19:17:29.000000000 +0000 @@ -4,15 +4,15 @@ The following ``sync`` command syncs obj uploading the local files to S3. A local file will require uploading if the size of the local file is different than the size of the S3 object, the last modified time of the local file is newer than the last modified time of the S3 object, or the local file does not exist under the specified bucket and prefix. In this example, the user syncs the -bucket ``mybucket`` to the local current directory. The local current directory contains the files ``test.txt`` and -``test2.txt``. The bucket ``mybucket`` contains no objects. :: +bucket ``amzn-s3-demo-bucket`` to the local current directory. The local current directory contains the files ``test.txt`` and +``test2.txt``. The bucket ``amzn-s3-demo-bucket`` contains no objects. :: - aws s3 sync . s3://mybucket + aws s3 sync . s3://amzn-s3-demo-bucket Output:: - upload: test.txt to s3://mybucket/test.txt - upload: test2.txt to s3://mybucket/test2.txt + upload: test.txt to s3://amzn-s3-demo-bucket/test.txt + upload: test2.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 2: Sync all S3 objects from the specified S3 bucket to another bucket** @@ -21,15 +21,15 @@ prefix and bucket by copying S3 objects. the last modified time of the source is newer than the last modified time of the destination, or the S3 object does not exist under the specified bucket and prefix destination. -In this example, the user syncs the bucket ``mybucket`` to the bucket ``amzn-s3-demo-bucket2``. The bucket ``mybucket`` contains the objects ``test.txt`` and ``test2.txt``. The bucket +In this example, the user syncs the bucket ``amzn-s3-demo-bucket`` to the bucket ``amzn-s3-demo-bucket2``. The bucket ``amzn-s3-demo-bucket`` contains the objects ``test.txt`` and ``test2.txt``. The bucket ``amzn-s3-demo-bucket2`` contains no objects:: - aws s3 sync s3://mybucket s3://amzn-s3-demo-bucket2 + aws s3 sync s3://amzn-s3-demo-bucket s3://amzn-s3-demo-bucket2 Output:: - copy: s3://mybucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt - copy: s3://mybucket/test2.txt to s3://amzn-s3-demo-bucket2/test2.txt + copy: s3://amzn-s3-demo-bucket/test.txt to s3://amzn-s3-demo-bucket2/test.txt + copy: s3://amzn-s3-demo-bucket/test2.txt to s3://amzn-s3-demo-bucket2/test2.txt **Example 3: Sync all S3 objects from the specified S3 bucket to the local directory** @@ -38,62 +38,62 @@ downloading S3 objects. An S3 object wil local file, the last modified time of the S3 object is newer than the last modified time of the local file, or the S3 object does not exist in the local directory. Take note that when objects are downloaded from S3, the last modified time of the local file is changed to the last modified time of the S3 object. In this example, the user syncs the -bucket ``mybucket`` to the current local directory. The bucket ``mybucket`` contains the objects ``test.txt`` and +bucket ``amzn-s3-demo-bucket`` to the current local directory. The bucket ``amzn-s3-demo-bucket`` contains the objects ``test.txt`` and ``test2.txt``. The current local directory has no files:: - aws s3 sync s3://mybucket . + aws s3 sync s3://amzn-s3-demo-bucket . Output:: - download: s3://mybucket/test.txt to test.txt - download: s3://mybucket/test2.txt to test2.txt + download: s3://amzn-s3-demo-bucket/test.txt to test.txt + download: s3://amzn-s3-demo-bucket/test2.txt to test2.txt **Example 4: Sync all local objects to the specified bucket and delete all files that do not match** The following ``sync`` command syncs objects under a specified prefix and bucket to files in a local directory by uploading the local files to S3. Because of the ``--delete`` parameter, any files existing under the specified prefix and bucket but not existing in the local directory will be deleted. In this example, the user syncs -the bucket ``mybucket`` to the local current directory. The local current directory contains the files ``test.txt`` and -``test2.txt``. The bucket ``mybucket`` contains the object ``test3.txt``:: +the bucket ``amzn-s3-demo-bucket`` to the local current directory. The local current directory contains the files ``test.txt`` and +``test2.txt``. The bucket ``amzn-s3-demo-bucket`` contains the object ``test3.txt``:: - aws s3 sync . s3://mybucket \ + aws s3 sync . s3://amzn-s3-demo-bucket \ --delete Output:: - upload: test.txt to s3://mybucket/test.txt - upload: test2.txt to s3://mybucket/test2.txt - delete: s3://mybucket/test3.txt + upload: test.txt to s3://amzn-s3-demo-bucket/test.txt + upload: test2.txt to s3://amzn-s3-demo-bucket/test2.txt + delete: s3://amzn-s3-demo-bucket/test3.txt **Example 5: Sync all local objects to the specified bucket except ``.jpg`` files** The following ``sync`` command syncs objects under a specified prefix and bucket to files in a local directory by uploading the local files to S3. Because of the ``--exclude`` parameter, all files matching the pattern -existing both in S3 and locally will be excluded from the sync. In this example, the user syncs the bucket ``mybucket`` +existing both in S3 and locally will be excluded from the sync. In this example, the user syncs the bucket ``amzn-s3-demo-bucket`` to the local current directory. The local current directory contains the files ``test.jpg`` and ``test2.txt``. The -bucket ``mybucket`` contains the object ``test.jpg`` of a different size than the local ``test.jpg``:: +bucket ``amzn-s3-demo-bucket`` contains the object ``test.jpg`` of a different size than the local ``test.jpg``:: - aws s3 sync . s3://mybucket \ + aws s3 sync . s3://amzn-s3-demo-bucket \ --exclude "*.jpg" Output:: - upload: test2.txt to s3://mybucket/test2.txt + upload: test2.txt to s3://amzn-s3-demo-bucket/test2.txt **Example 6: Sync all local objects to the specified bucket except specified directory files** The following ``sync`` command syncs files under a local directory to objects under a specified prefix and bucket by downloading S3 objects. This example uses the ``--exclude`` parameter flag to exclude a specified directory and S3 prefix from the ``sync`` command. In this example, the user syncs the local current directory to the bucket -``mybucket``. The local current directory contains the files ``test.txt`` and ``another/test2.txt``. The bucket -``mybucket`` contains the objects ``another/test5.txt`` and ``test1.txt``:: +``amzn-s3-demo-bucket``. The local current directory contains the files ``test.txt`` and ``another/test2.txt``. The bucket +``amzn-s3-demo-bucket`` contains the objects ``another/test5.txt`` and ``test1.txt``:: - aws s3 sync s3://mybucket/ . \ + aws s3 sync s3://amzn-s3-demo-bucket/ . \ --exclude "*another/*" Output:: - download: s3://mybucket/test1.txt to test1.txt + download: s3://amzn-s3-demo-bucket/test1.txt to test1.txt **Example 7: Sync all objects between buckets in different regions** diff -pruN 2.23.6-1/awscli/examples/s3/website.rst 2.31.35-1/awscli/examples/s3/website.rst --- 2.23.6-1/awscli/examples/s3/website.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3/website.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,10 +1,10 @@ **Configure an S3 bucket as a static website** -The following command configures a bucket named ``my-bucket`` as a static website. The index document option specifies the file in ``my-bucket`` that visitors will be directed to when they navigate to the website URL. In this case, the bucket is in the us-west-2 region, so the site would appear at ``http://my-bucket.s3-website-us-west-2.amazonaws.com``. +The following command configures a bucket named ``amzn-s3-demo-bucket`` as a static website. The index document option specifies the file in ``amzn-s3-demo-bucket`` that visitors will be directed to when they navigate to the website URL. In this case, the bucket is in the us-west-2 region, so the site would appear at ``http://amzn-s3-demo-bucket.s3-website-us-west-2.amazonaws.com``. All files in the bucket that appear on the static site must be configured to allow visitors to open them. File permissions are configured separately from the bucket website configuration. :: - aws s3 website s3://my-bucket/ \ + aws s3 website s3://amzn-s3-demo-bucket/ \ --index-document index.html \ --error-document error.html diff -pruN 2.23.6-1/awscli/examples/s3api/abort-multipart-upload.rst 2.31.35-1/awscli/examples/s3api/abort-multipart-upload.rst --- 2.23.6-1/awscli/examples/s3api/abort-multipart-upload.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/abort-multipart-upload.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,9 +1,9 @@ **To abort the specified multipart upload** -The following ``abort-multipart-upload`` command aborts a multipart upload for the key ``multipart/01`` in the bucket ``my-bucket``. :: +The following ``abort-multipart-upload`` command aborts a multipart upload for the key ``multipart/01`` in the bucket ``amzn-s3-demo-bucket``. :: aws s3api abort-multipart-upload \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key multipart/01 \ --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R diff -pruN 2.23.6-1/awscli/examples/s3api/complete-multipart-upload.rst 2.31.35-1/awscli/examples/s3api/complete-multipart-upload.rst --- 2.23.6-1/awscli/examples/s3api/complete-multipart-upload.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/complete-multipart-upload.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command completes a multipart upload for the key ``multipart/01`` in the bucket ``my-bucket``:: +The following command completes a multipart upload for the key ``multipart/01`` in the bucket ``amzn-s3-demo-bucket``:: - aws s3api complete-multipart-upload --multipart-upload file://mpustruct --bucket my-bucket --key 'multipart/01' --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R + aws s3api complete-multipart-upload --multipart-upload file://mpustruct --bucket amzn-s3-demo-bucket --key 'multipart/01' --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R The upload ID required by this command is output by ``create-multipart-upload`` and can also be retrieved with ``list-multipart-uploads``. @@ -31,7 +31,7 @@ Output:: { "ETag": "\"3944a9f7a4faab7f78788ff6210f63f0-3\"", - "Bucket": "my-bucket", - "Location": "https://my-bucket.s3.amazonaws.com/multipart%2F01", + "Bucket": "amzn-s3-demo-bucket", + "Location": "https://amzn-s3-demo-bucket.s3.amazonaws.com/multipart%2F01", "Key": "multipart/01" } diff -pruN 2.23.6-1/awscli/examples/s3api/create-bucket.rst 2.31.35-1/awscli/examples/s3api/create-bucket.rst --- 2.23.6-1/awscli/examples/s3api/create-bucket.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/create-bucket.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,52 +1,52 @@ **Example 1: To create a bucket** -The following ``create-bucket`` example creates a bucket named ``my-bucket``:: +The following ``create-bucket`` example creates a bucket named ``amzn-s3-demo-bucket``:: aws s3api create-bucket \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --region us-east-1 Output:: { - "Location": "/my-bucket" + "Location": "/amzn-s3-demo-bucket" } For more information, see `Creating a bucket `__ in the *Amazon S3 User Guide*. **Example 2: To create a bucket with owner enforced** -The following ``create-bucket`` example creates a bucket named ``my-bucket`` that uses the bucket owner enforced setting for S3 Object Ownership. :: +The following ``create-bucket`` example creates a bucket named ``amzn-s3-demo-bucket`` that uses the bucket owner enforced setting for S3 Object Ownership. :: aws s3api create-bucket \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --region us-east-1 \ --object-ownership BucketOwnerEnforced Output:: { - "Location": "/my-bucket" + "Location": "/amzn-s3-demo-bucket" } For more information, see `Controlling ownership of objects and disabling ACLs `__ in the *Amazon S3 User Guide*. **Example 3: To create a bucket outside of the ``us-east-1`` region** -The following ``create-bucket`` example creates a bucket named ``my-bucket`` in the +The following ``create-bucket`` example creates a bucket named ``amzn-s3-demo-bucket`` in the ``eu-west-1`` region. Regions outside of ``us-east-1`` require the appropriate ``LocationConstraint`` to be specified in order to create the bucket in the desired region. :: aws s3api create-bucket \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --region eu-west-1 \ --create-bucket-configuration LocationConstraint=eu-west-1 Output:: { - "Location": "http://my-bucket.s3.amazonaws.com/" + "Location": "http://amzn-s3-demo-bucket.s3.amazonaws.com/" } For more information, see `Creating a bucket `__ in the *Amazon S3 User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/create-multipart-upload.rst 2.31.35-1/awscli/examples/s3api/create-multipart-upload.rst --- 2.23.6-1/awscli/examples/s3api/create-multipart-upload.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/create-multipart-upload.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,13 +1,13 @@ -The following command creates a multipart upload in the bucket ``my-bucket`` with the key ``multipart/01``:: +The following command creates a multipart upload in the bucket ``amzn-s3-demo-bucket`` with the key ``multipart/01``:: - aws s3api create-multipart-upload --bucket my-bucket --key 'multipart/01' + aws s3api create-multipart-upload --bucket amzn-s3-demo-bucket --key 'multipart/01' Output:: { - "Bucket": "my-bucket", + "Bucket": "amzn-s3-demo-bucket", "UploadId": "dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R", "Key": "multipart/01" } -The completed file will be named ``01`` in a folder called ``multipart`` in the bucket ``my-bucket``. Save the upload ID, key and bucket name for use with the ``upload-part`` command. \ No newline at end of file +The completed file will be named ``01`` in a folder called ``multipart`` in the bucket ``amzn-s3-demo-bucket``. Save the upload ID, key and bucket name for use with the ``upload-part`` command. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-analytics-configuration.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-analytics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-analytics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-analytics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-bucket-analytics-configuration`` example removes the analytics configuration for the specified bucket and ID. :: aws s3api delete-bucket-analytics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-cors.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-cors.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-cors.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-cors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a Cross-Origin Resource Sharing configuration from a bucket named ``my-bucket``:: +The following command deletes a Cross-Origin Resource Sharing configuration from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-cors --bucket my-bucket + aws s3api delete-bucket-cors --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-encryption.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-encryption.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-encryption.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-encryption.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,6 +3,6 @@ The following ``delete-bucket-encryption`` example deletes the server-side encryption configuration of the specified bucket. :: aws s3api delete-bucket-encryption \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-inventory-configuration.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-inventory-configuration.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-inventory-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-inventory-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-bucket-inventory-configuration`` example deletes the inventory configuration with ID ``1`` for the specified bucket. :: aws s3api delete-bucket-inventory-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-lifecycle.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-lifecycle.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-lifecycle.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-lifecycle.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a lifecycle configuration from a bucket named ``my-bucket``:: +The following command deletes a lifecycle configuration from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-lifecycle --bucket my-bucket + aws s3api delete-bucket-lifecycle --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-bucket-metrics-configuration`` example removes the metrics configuration for the specified bucket and ID. :: aws s3api delete-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-policy.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-policy.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-policy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-policy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a bucket policy from a bucket named ``my-bucket``:: +The following command deletes a bucket policy from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-policy --bucket my-bucket + aws s3api delete-bucket-policy --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-replication.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-replication.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-replication.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-replication.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a replication configuration from a bucket named ``my-bucket``:: +The following command deletes a replication configuration from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-replication --bucket my-bucket + aws s3api delete-bucket-replication --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-tagging.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-tagging.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a tagging configuration from a bucket named ``my-bucket``:: +The following command deletes a tagging configuration from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-tagging --bucket my-bucket + aws s3api delete-bucket-tagging --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket-website.rst 2.31.35-1/awscli/examples/s3api/delete-bucket-website.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket-website.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket-website.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a website configuration from a bucket named ``my-bucket``:: +The following command deletes a website configuration from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket-website --bucket my-bucket + aws s3api delete-bucket-website --bucket amzn-s3-demo-bucket diff -pruN 2.23.6-1/awscli/examples/s3api/delete-bucket.rst 2.31.35-1/awscli/examples/s3api/delete-bucket.rst --- 2.23.6-1/awscli/examples/s3api/delete-bucket.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-bucket.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,3 +1,3 @@ -The following command deletes a bucket named ``my-bucket``:: +The following command deletes a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-bucket --bucket my-bucket --region us-east-1 + aws s3api delete-bucket --bucket amzn-s3-demo-bucket --region us-east-1 diff -pruN 2.23.6-1/awscli/examples/s3api/delete-object-tagging.rst 2.31.35-1/awscli/examples/s3api/delete-object-tagging.rst --- 2.23.6-1/awscli/examples/s3api/delete-object-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-object-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``delete-object-tagging`` example deletes the tag with the specified key from the object ``doc1.rtf``. :: aws s3api delete-object-tagging \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/delete-object.rst 2.31.35-1/awscli/examples/s3api/delete-object.rst --- 2.23.6-1/awscli/examples/s3api/delete-object.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-object.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command deletes an object named ``test.txt`` from a bucket named ``my-bucket``:: +The following command deletes an object named ``test.txt`` from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-object --bucket my-bucket --key test.txt + aws s3api delete-object --bucket amzn-s3-demo-bucket --key test.txt If bucket versioning is enabled, the output will contain the version ID of the delete marker:: diff -pruN 2.23.6-1/awscli/examples/s3api/delete-objects.rst 2.31.35-1/awscli/examples/s3api/delete-objects.rst --- 2.23.6-1/awscli/examples/s3api/delete-objects.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-objects.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command deletes an object from a bucket named ``my-bucket``:: +The following command deletes an object from a bucket named ``amzn-s3-demo-bucket``:: - aws s3api delete-objects --bucket my-bucket --delete file://delete.json + aws s3api delete-objects --bucket amzn-s3-demo-bucket --delete file://delete.json ``delete.json`` is a JSON document in the current directory that specifies the object to delete:: diff -pruN 2.23.6-1/awscli/examples/s3api/delete-public-access-block.rst 2.31.35-1/awscli/examples/s3api/delete-public-access-block.rst --- 2.23.6-1/awscli/examples/s3api/delete-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/delete-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,6 +3,6 @@ The following ``delete-public-access-block`` example removes the block public access configuration on the specified bucket. :: aws s3api delete-public-access-block \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-accelerate-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-accelerate-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-accelerate-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-accelerate-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-accelerate-configuration`` example retrieves the accelerate configuration for the specified bucket. :: aws s3api get-bucket-accelerate-configuration \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-acl.rst 2.31.35-1/awscli/examples/s3api/get-bucket-acl.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-acl.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the access control list for a bucket named ``my-bucket``:: +The following command retrieves the access control list for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-acl --bucket my-bucket + aws s3api get-bucket-acl --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-analytics-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-analytics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-analytics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-analytics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-analytics-configuration`` example displays the analytics configuration for the specified bucket and ID. :: aws s3api get-bucket-analytics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-cors.rst 2.31.35-1/awscli/examples/s3api/get-bucket-cors.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-cors.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-cors.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the Cross-Origin Resource Sharing configuration for a bucket named ``my-bucket``:: +The following command retrieves the Cross-Origin Resource Sharing configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-cors --bucket my-bucket + aws s3api get-bucket-cors --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-encryption.rst 2.31.35-1/awscli/examples/s3api/get-bucket-encryption.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-encryption.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-encryption.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,9 +1,9 @@ **To retrieve the server-side encryption configuration for a bucket** -The following ``get-bucket-encryption`` example retrieves the server-side encryption configuration for the bucket ``my-bucket``. :: +The following ``get-bucket-encryption`` example retrieves the server-side encryption configuration for the bucket ``amzn-s3-demo-bucket``. :: aws s3api get-bucket-encryption \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-inventory-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-inventory-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-inventory-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-inventory-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-inventory-configuration`` example retrieves the inventory configuration for the specified bucket with ID ``1``. :: aws s3api get-bucket-inventory-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 Output:: @@ -14,7 +14,7 @@ Output:: "Destination": { "S3BucketDestination": { "Format": "ORC", - "Bucket": "arn:aws:s3:::my-bucket", + "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket", "AccountId": "123456789012" } }, diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-lifecycle-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-lifecycle-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-lifecycle-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-lifecycle-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the lifecycle configuration for a bucket named ``my-bucket``:: +The following command retrieves the lifecycle configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-lifecycle-configuration --bucket my-bucket + aws s3api get-bucket-lifecycle-configuration --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-lifecycle.rst 2.31.35-1/awscli/examples/s3api/get-bucket-lifecycle.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-lifecycle.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-lifecycle.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the lifecycle configuration for a bucket named ``my-bucket``:: +The following command retrieves the lifecycle configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-lifecycle --bucket my-bucket + aws s3api get-bucket-lifecycle --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-location.rst 2.31.35-1/awscli/examples/s3api/get-bucket-location.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-location.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-location.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the location constraint for a bucket named ``my-bucket``, if a constraint exists:: +The following command retrieves the location constraint for a bucket named ``amzn-s3-demo-bucket``, if a constraint exists:: - aws s3api get-bucket-location --bucket my-bucket + aws s3api get-bucket-location --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-logging.rst 2.31.35-1/awscli/examples/s3api/get-bucket-logging.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-logging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-logging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,13 +3,13 @@ The following ``get-bucket-logging`` example retrieves the logging status for the specified bucket. :: aws s3api get-bucket-logging \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: { "LoggingEnabled": { "TargetPrefix": "", - "TargetBucket": "my-bucket-logs" + "TargetBucket": "amzn-s3-demo-bucket-logs" } } diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-metrics-configuration`` example displays the metrics configuration for the specified bucket and ID. :: aws s3api get-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-notification-configuration.rst 2.31.35-1/awscli/examples/s3api/get-bucket-notification-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-notification-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-notification-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the notification configuration for a bucket named ``my-bucket``:: +The following command retrieves the notification configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-notification-configuration --bucket my-bucket + aws s3api get-bucket-notification-configuration --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-notification.rst 2.31.35-1/awscli/examples/s3api/get-bucket-notification.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-notification.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-notification.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the notification configuration for a bucket named ``my-bucket``:: +The following command retrieves the notification configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-notification --bucket my-bucket + aws s3api get-bucket-notification --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-policy-status.rst 2.31.35-1/awscli/examples/s3api/get-bucket-policy-status.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-policy-status.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-policy-status.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,9 +1,9 @@ **To retrieve the policy status for a bucket indicating whether the bucket is public** -The following ``get-bucket-policy-status`` example retrieves the policy status for the bucket ``my-bucket``. :: +The following ``get-bucket-policy-status`` example retrieves the policy status for the bucket ``amzn-s3-demo-bucket``. :: aws s3api get-bucket-policy-status \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-policy.rst 2.31.35-1/awscli/examples/s3api/get-bucket-policy.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-policy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-policy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,11 +1,11 @@ -The following command retrieves the bucket policy for a bucket named ``my-bucket``:: +The following command retrieves the bucket policy for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-policy --bucket my-bucket + aws s3api get-bucket-policy --bucket amzn-s3-demo-bucket Output:: { - "Policy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"},{\"Sid\":\"\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/secret/*\"}]}" + "Policy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::amzn-s3-demo-bucket/*\"},{\"Sid\":\"\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::amzn-s3-demo-bucket/secret/*\"}]}" } Get and put a bucket policy @@ -16,9 +16,9 @@ make modifications to the file, and then apply the modified bucket policy. To download the bucket policy to a file, you can run:: - aws s3api get-bucket-policy --bucket mybucket --query Policy --output text > policy.json + aws s3api get-bucket-policy --bucket amzn-s3-demo-bucket --query Policy --output text > policy.json You can then modify the ``policy.json`` file as needed. Finally you can apply this modified policy back to the S3 bucket by running:: - aws s3api put-bucket-policy --bucket mybucket --policy file://policy.json + aws s3api put-bucket-policy --bucket amzn-s3-demo-bucket --policy file://policy.json diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-replication.rst 2.31.35-1/awscli/examples/s3api/get-bucket-replication.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-replication.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-replication.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the replication configuration for a bucket named ``my-bucket``:: +The following command retrieves the replication configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-replication --bucket my-bucket + aws s3api get-bucket-replication --bucket amzn-s3-demo-bucket Output:: @@ -11,7 +11,7 @@ Output:: "Status": "Enabled", "Prefix": "", "Destination": { - "Bucket": "arn:aws:s3:::my-bucket-backup", + "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket-backup", "StorageClass": "STANDARD" }, "ID": "ZmUwNzE4ZmQ4tMjVhOS00MTlkLOGI4NDkzZTIWJjNTUtYTA1" diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-request-payment.rst 2.31.35-1/awscli/examples/s3api/get-bucket-request-payment.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-request-payment.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-request-payment.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-bucket-request-payment`` example retrieves the requester pays configuration for the specified bucket. :: aws s3api get-bucket-request-payment \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-tagging.rst 2.31.35-1/awscli/examples/s3api/get-bucket-tagging.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the tagging configuration for a bucket named ``my-bucket``:: +The following command retrieves the tagging configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-tagging --bucket my-bucket + aws s3api get-bucket-tagging --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-versioning.rst 2.31.35-1/awscli/examples/s3api/get-bucket-versioning.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-versioning.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-versioning.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the versioning configuration for a bucket named ``my-bucket``:: +The following command retrieves the versioning configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-versioning --bucket my-bucket + aws s3api get-bucket-versioning --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-bucket-website.rst 2.31.35-1/awscli/examples/s3api/get-bucket-website.rst --- 2.23.6-1/awscli/examples/s3api/get-bucket-website.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-bucket-website.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the static website configuration for a bucket named ``my-bucket``:: +The following command retrieves the static website configuration for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-bucket-website --bucket my-bucket + aws s3api get-bucket-website --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-acl.rst 2.31.35-1/awscli/examples/s3api/get-object-acl.rst --- 2.23.6-1/awscli/examples/s3api/get-object-acl.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-acl.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves the access control list for an object in a bucket named ``my-bucket``:: +The following command retrieves the access control list for an object in a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-object-acl --bucket my-bucket --key index.html + aws s3api get-object-acl --bucket amzn-s3-demo-bucket --key index.html Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-attributes.rst 2.31.35-1/awscli/examples/s3api/get-object-attributes.rst --- 2.23.6-1/awscli/examples/s3api/get-object-attributes.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-attributes.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-attributes`` example retrieves metadata from the object ``doc1.rtf``. :: aws s3api get-object-attributes \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf \ --object-attributes "StorageClass" "ETag" "ObjectSize" diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-legal-hold.rst 2.31.35-1/awscli/examples/s3api/get-object-legal-hold.rst --- 2.23.6-1/awscli/examples/s3api/get-object-legal-hold.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-legal-hold.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-legal-hold`` example retrieves the Legal Hold status for the specified object. :: aws s3api get-object-legal-hold \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-lock-configuration.rst 2.31.35-1/awscli/examples/s3api/get-object-lock-configuration.rst --- 2.23.6-1/awscli/examples/s3api/get-object-lock-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-lock-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-lock-configuration`` example retrieves the object lock configuration for the specified bucket. :: aws s3api get-object-lock-configuration \ - --bucket my-bucket-with-object-lock + --bucket amzn-s3-demo-bucket-with-object-lock Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-retention.rst 2.31.35-1/awscli/examples/s3api/get-object-retention.rst --- 2.23.6-1/awscli/examples/s3api/get-object-retention.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-retention.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-retention`` example retrieves the object retention configuration for the specified object. :: aws s3api get-object-retention \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-tagging.rst 2.31.35-1/awscli/examples/s3api/get-object-tagging.rst --- 2.23.6-1/awscli/examples/s3api/get-object-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-object-tagging`` example retrieves the values for the specified key from the specified object. :: aws s3api get-object-tagging \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf Output:: @@ -20,7 +20,7 @@ Output:: The following ``get-object-tagging`` example tries to retrieve the tag sets of the object ``doc2.rtf``, which has no tags. :: aws s3api get-object-tagging \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc2.rtf Output:: @@ -33,7 +33,7 @@ Output:: The following ``get-object-tagging`` example retrieves the tag sets of the object ``doc3.rtf``, which has multiple tags. :: aws s3api get-object-tagging \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc3.rtf Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/get-object-torrent.rst 2.31.35-1/awscli/examples/s3api/get-object-torrent.rst --- 2.23.6-1/awscli/examples/s3api/get-object-torrent.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-object-torrent.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,5 +1,5 @@ -The following command creates a torrent for an object in a bucket named ``my-bucket``:: +The following command creates a torrent for an object in a bucket named ``amzn-s3-demo-bucket``:: - aws s3api get-object-torrent --bucket my-bucket --key large-video-file.mp4 large-video-file.torrent + aws s3api get-object-torrent --bucket amzn-s3-demo-bucket --key large-video-file.mp4 large-video-file.torrent The torrent file is saved locally in the current folder. Note that the output filename (``large-video-file.torrent``) is specified without an option name and must be the last argument in the command. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/get-public-access-block.rst 2.31.35-1/awscli/examples/s3api/get-public-access-block.rst --- 2.23.6-1/awscli/examples/s3api/get-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/get-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``get-public-access-block`` example displays the block public access configuration for the specified bucket. :: aws s3api get-public-access-block \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/head-bucket.rst 2.31.35-1/awscli/examples/s3api/head-bucket.rst --- 2.23.6-1/awscli/examples/s3api/head-bucket.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/head-bucket.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command verifies access to a bucket named ``my-bucket``:: +The following command verifies access to a bucket named ``amzn-s3-demo-bucket``:: - aws s3api head-bucket --bucket my-bucket + aws s3api head-bucket --bucket amzn-s3-demo-bucket If the bucket exists and you have access to it, no output is returned. Otherwise, an error message will be shown. For example:: diff -pruN 2.23.6-1/awscli/examples/s3api/head-object.rst 2.31.35-1/awscli/examples/s3api/head-object.rst --- 2.23.6-1/awscli/examples/s3api/head-object.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/head-object.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves metadata for an object in a bucket named ``my-bucket``:: +The following command retrieves metadata for an object in a bucket named ``amzn-s3-demo-bucket``:: - aws s3api head-object --bucket my-bucket --key index.html + aws s3api head-object --bucket amzn-s3-demo-bucket --key index.html Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-bucket-analytics-configurations.rst 2.31.35-1/awscli/examples/s3api/list-bucket-analytics-configurations.rst --- 2.23.6-1/awscli/examples/s3api/list-bucket-analytics-configurations.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-bucket-analytics-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-bucket-analytics-configurations`` retrieves a list of analytics configurations for the specified bucket. :: aws s3api list-bucket-analytics-configurations \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-bucket-inventory-configurations.rst 2.31.35-1/awscli/examples/s3api/list-bucket-inventory-configurations.rst --- 2.23.6-1/awscli/examples/s3api/list-bucket-inventory-configurations.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-bucket-inventory-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-bucket-inventory-configurations`` example lists the inventory configurations for the specified bucket. :: aws s3api list-bucket-inventory-configurations \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: @@ -14,7 +14,7 @@ Output:: "Destination": { "S3BucketDestination": { "Format": "ORC", - "Bucket": "arn:aws:s3:::my-bucket", + "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket", "AccountId": "123456789012" } }, @@ -29,7 +29,7 @@ Output:: "Destination": { "S3BucketDestination": { "Format": "CSV", - "Bucket": "arn:aws:s3:::my-bucket", + "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket", "AccountId": "123456789012" } }, diff -pruN 2.23.6-1/awscli/examples/s3api/list-bucket-metrics-configurations.rst 2.31.35-1/awscli/examples/s3api/list-bucket-metrics-configurations.rst --- 2.23.6-1/awscli/examples/s3api/list-bucket-metrics-configurations.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-bucket-metrics-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-bucket-metrics-configurations`` example retrieves a list of metrics configurations for the specified bucket. :: aws s3api list-bucket-metrics-configurations \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-multipart-uploads.rst 2.31.35-1/awscli/examples/s3api/list-multipart-uploads.rst --- 2.23.6-1/awscli/examples/s3api/list-multipart-uploads.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-multipart-uploads.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command lists all of the active multipart uploads for a bucket named ``my-bucket``:: +The following command lists all of the active multipart uploads for a bucket named ``amzn-s3-demo-bucket``:: - aws s3api list-multipart-uploads --bucket my-bucket + aws s3api list-multipart-uploads --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-object-versions.rst 2.31.35-1/awscli/examples/s3api/list-object-versions.rst --- 2.23.6-1/awscli/examples/s3api/list-object-versions.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-object-versions.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command retrieves version information for an object in a bucket named ``my-bucket``:: +The following command retrieves version information for an object in a bucket named ``amzn-s3-demo-bucket``:: - aws s3api list-object-versions --bucket my-bucket --prefix index.html + aws s3api list-object-versions --bucket amzn-s3-demo-bucket --prefix index.html Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-objects-v2.rst 2.31.35-1/awscli/examples/s3api/list-objects-v2.rst --- 2.23.6-1/awscli/examples/s3api/list-objects-v2.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-objects-v2.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``list-objects-v2`` example lists the objects in the specified bucket. :: aws s3api list-objects-v2 \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/list-parts.rst 2.31.35-1/awscli/examples/s3api/list-parts.rst --- 2.23.6-1/awscli/examples/s3api/list-parts.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/list-parts.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command lists all of the parts that have been uploaded for a multipart upload with key ``multipart/01`` in the bucket ``my-bucket``:: +The following command lists all of the parts that have been uploaded for a multipart upload with key ``multipart/01`` in the bucket ``amzn-s3-demo-bucket``:: - aws s3api list-parts --bucket my-bucket --key 'multipart/01' --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R + aws s3api list-parts --bucket amzn-s3-demo-bucket --key 'multipart/01' --upload-id dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R Output:: diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-accelerate-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-accelerate-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-accelerate-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-accelerate-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-accelerate-configuration`` example enables the accelerate configuration for the specified bucket. :: aws s3api put-bucket-accelerate-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --accelerate-configuration Status=Enabled This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-analytics-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-analytics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-analytics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-analytics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-analytics-configuration`` example configures analytics for the specified bucket. :: aws s3api put-bucket-analytics-configuration \ - --bucket my-bucket --id 1 \ + --bucket amzn-s3-demo-bucket --id 1 \ --analytics-configuration '{"Id": "1","StorageClassAnalysis": {}}' This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-encryption.rst 2.31.35-1/awscli/examples/s3api/put-bucket-encryption.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-encryption.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-encryption.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-encryption`` example sets AES256 encryption as the default for the specified bucket. :: aws s3api put-bucket-encryption \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-inventory-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-inventory-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-inventory-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-inventory-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,21 +1,21 @@ **Example 1: To set an inventory configuration for a bucket** -The following ``put-bucket-inventory-configuration`` example sets a weekly ORC-formatted inventory report for the bucket ``my-bucket``. :: +The following ``put-bucket-inventory-configuration`` example sets a weekly ORC-formatted inventory report for the bucket ``amzn-s3-demo-bucket``. :: aws s3api put-bucket-inventory-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 1 \ - --inventory-configuration '{"Destination": { "S3BucketDestination": { "AccountId": "123456789012", "Bucket": "arn:aws:s3:::my-bucket", "Format": "ORC" }}, "IsEnabled": true, "Id": "1", "IncludedObjectVersions": "Current", "Schedule": { "Frequency": "Weekly" }}' + --inventory-configuration '{"Destination": { "S3BucketDestination": { "AccountId": "123456789012", "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket", "Format": "ORC" }}, "IsEnabled": true, "Id": "1", "IncludedObjectVersions": "Current", "Schedule": { "Frequency": "Weekly" }}' This command produces no output. **Example 2: To set an inventory configuration for a bucket** -The following ``put-bucket-inventory-configuration`` example sets a daily CSV-formatted inventory report for the bucket ``my-bucket``. :: +The following ``put-bucket-inventory-configuration`` example sets a daily CSV-formatted inventory report for the bucket ``amzn-s3-demo-bucket``. :: aws s3api put-bucket-inventory-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 2 \ - --inventory-configuration '{"Destination": { "S3BucketDestination": { "AccountId": "123456789012", "Bucket": "arn:aws:s3:::my-bucket", "Format": "CSV" }}, "IsEnabled": true, "Id": "2", "IncludedObjectVersions": "Current", "Schedule": { "Frequency": "Daily" }}' + --inventory-configuration '{"Destination": { "S3BucketDestination": { "AccountId": "123456789012", "Bucket": "arn:aws:s3:::amzn-s3-demo-bucket", "Format": "CSV" }}, "IsEnabled": true, "Id": "2", "IncludedObjectVersions": "Current", "Schedule": { "Frequency": "Daily" }}' This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-lifecycle-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-lifecycle-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-lifecycle-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-lifecycle-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command applies a lifecycle configuration to a bucket named ``my-bucket``:: +The following command applies a lifecycle configuration to a bucket named ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-lifecycle-configuration --bucket my-bucket --lifecycle-configuration file://lifecycle.json + aws s3api put-bucket-lifecycle-configuration --bucket amzn-s3-demo-bucket --lifecycle-configuration file://lifecycle.json The file ``lifecycle.json`` is a JSON document in the current folder that specifies two rules:: diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-lifecycle.rst 2.31.35-1/awscli/examples/s3api/put-bucket-lifecycle.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-lifecycle.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-lifecycle.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command applies a lifecycle configuration to the bucket ``my-bucket``:: +The following command applies a lifecycle configuration to the bucket ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-lifecycle --bucket my-bucket --lifecycle-configuration file://lifecycle.json + aws s3api put-bucket-lifecycle --bucket amzn-s3-demo-bucket --lifecycle-configuration file://lifecycle.json The file ``lifecycle.json`` is a JSON document in the current folder that specifies two rules:: diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-metrics-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-metrics-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-metrics-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-metrics-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-metrics-configuration`` example sets a metric configuration with ID 123 for the specified bucket. :: aws s3api put-bucket-metrics-configuration \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --id 123 \ --metrics-configuration '{"Id": "123", "Filter": {"Prefix": "logs"}}' diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-notification-configuration.rst 2.31.35-1/awscli/examples/s3api/put-bucket-notification-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-notification-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-notification-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,45 +1,45 @@ -**To enable the specified notifications to a bucket** - -The following ``put-bucket-notification-configuration`` example applies a notification configuration to a bucket named ``my-bucket``. The file ``notification.json`` is a JSON document in the current folder that specifies an SNS topic and an event type to monitor. :: - - aws s3api put-bucket-notification-configuration \ - --bucket my-bucket \ - --notification-configuration file://notification.json - -Contents of ``notification.json``:: - - { - "TopicConfigurations": [ - { - "TopicArn": "arn:aws:sns:us-west-2:123456789012:s3-notification-topic", - "Events": [ - "s3:ObjectCreated:*" - ] - } - ] - } - -The SNS topic must have an IAM policy attached to it that allows Amazon S3 to publish to it. :: - - { - "Version": "2008-10-17", - "Id": "example-ID", - "Statement": [ - { - "Sid": "example-statement-ID", - "Effect": "Allow", - "Principal": { - "Service": "s3.amazonaws.com" - }, - "Action": [ - "SNS:Publish" - ], - "Resource": "arn:aws:sns:us-west-2:123456789012::s3-notification-topic", - "Condition": { - "ArnLike": { - "aws:SourceArn": "arn:aws:s3:*:*:my-bucket" - } - } - } - ] +**To enable the specified notifications to a bucket** + +The following ``put-bucket-notification-configuration`` example applies a notification configuration to a bucket named ``amzn-s3-demo-bucket``. The file ``notification.json`` is a JSON document in the current folder that specifies an SNS topic and an event type to monitor. :: + + aws s3api put-bucket-notification-configuration \ + --bucket amzn-s3-demo-bucket \ + --notification-configuration file://notification.json + +Contents of ``notification.json``:: + + { + "TopicConfigurations": [ + { + "TopicArn": "arn:aws:sns:us-west-2:123456789012:s3-notification-topic", + "Events": [ + "s3:ObjectCreated:*" + ] + } + ] + } + +The SNS topic must have an IAM policy attached to it that allows Amazon S3 to publish to it. :: + + { + "Version": "2008-10-17", + "Id": "example-ID", + "Statement": [ + { + "Sid": "example-statement-ID", + "Effect": "Allow", + "Principal": { + "Service": "s3.amazonaws.com" + }, + "Action": [ + "SNS:Publish" + ], + "Resource": "arn:aws:sns:us-west-2:123456789012::s3-notification-topic", + "Condition": { + "ArnLike": { + "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket" + } + } + } + ] } \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-notification.rst 2.31.35-1/awscli/examples/s3api/put-bucket-notification.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-notification.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-notification.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The applies a notification configuration to a bucket named ``my-bucket``:: +The applies a notification configuration to a bucket named ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-notification --bucket my-bucket --notification-configuration file://notification.json + aws s3api put-bucket-notification --bucket amzn-s3-demo-bucket --notification-configuration file://notification.json The file ``notification.json`` is a JSON document in the current folder that specifies an SNS topic and an event type to monitor:: @@ -26,10 +26,10 @@ The SNS topic must have an IAM policy at "Action": [ "SNS:Publish" ], - "Resource": "arn:aws:sns:us-west-2:123456789012:my-bucket", + "Resource": "arn:aws:sns:us-west-2:123456789012:amzn-s3-demo-bucket", "Condition": { "ArnLike": { - "aws:SourceArn": "arn:aws:s3:*:*:my-bucket" + "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket" } } } diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-request-payment.rst 2.31.35-1/awscli/examples/s3api/put-bucket-request-payment.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-request-payment.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-request-payment.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-bucket-request-payment`` example enables ``requester pays`` for the specified bucket. :: aws s3api put-bucket-request-payment \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --request-payment-configuration '{"Payer":"Requester"}' This command produces no output. @@ -13,7 +13,7 @@ This command produces no output. The following ``put-bucket-request-payment`` example disables ``requester pays`` for the specified bucket. :: aws s3api put-bucket-request-payment \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --request-payment-configuration '{"Payer":"BucketOwner"}' This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-tagging.rst 2.31.35-1/awscli/examples/s3api/put-bucket-tagging.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The following command applies a tagging configuration to a bucket named ``my-bucket``:: +The following command applies a tagging configuration to a bucket named ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-tagging --bucket my-bucket --tagging file://tagging.json + aws s3api put-bucket-tagging --bucket amzn-s3-demo-bucket --tagging file://tagging.json The file ``tagging.json`` is a JSON document in the current folder that specifies tags:: @@ -13,6 +13,6 @@ The file ``tagging.json`` is a JSON docu ] } -Or apply a tagging configuration to ``my-bucket`` directly from the command line:: +Or apply a tagging configuration to ``amzn-s3-demo-bucket`` directly from the command line:: - aws s3api put-bucket-tagging --bucket my-bucket --tagging 'TagSet=[{Key=organization,Value=marketing}]' + aws s3api put-bucket-tagging --bucket amzn-s3-demo-bucket --tagging 'TagSet=[{Key=organization,Value=marketing}]' diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-versioning.rst 2.31.35-1/awscli/examples/s3api/put-bucket-versioning.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-versioning.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-versioning.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,7 +1,7 @@ -The following command enables versioning on a bucket named ``my-bucket``:: +The following command enables versioning on a bucket named ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled + aws s3api put-bucket-versioning --bucket amzn-s3-demo-bucket --versioning-configuration Status=Enabled The following command enables versioning, and uses an mfa code :: - aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled --mfa "SERIAL 123456" + aws s3api put-bucket-versioning --bucket amzn-s3-demo-bucket --versioning-configuration Status=Enabled --mfa "SERIAL 123456" diff -pruN 2.23.6-1/awscli/examples/s3api/put-bucket-website.rst 2.31.35-1/awscli/examples/s3api/put-bucket-website.rst --- 2.23.6-1/awscli/examples/s3api/put-bucket-website.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-bucket-website.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ -The applies a static website configuration to a bucket named ``my-bucket``:: +The applies a static website configuration to a bucket named ``amzn-s3-demo-bucket``:: - aws s3api put-bucket-website --bucket my-bucket --website-configuration file://website.json + aws s3api put-bucket-website --bucket amzn-s3-demo-bucket --website-configuration file://website.json The file ``website.json`` is a JSON document in the current folder that specifies index and error pages for the website:: diff -pruN 2.23.6-1/awscli/examples/s3api/put-object-legal-hold.rst 2.31.35-1/awscli/examples/s3api/put-object-legal-hold.rst --- 2.23.6-1/awscli/examples/s3api/put-object-legal-hold.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-object-legal-hold.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-object-legal-hold`` example sets a Legal Hold on the object ``doc1.rtf``. :: aws s3api put-object-legal-hold \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf \ --legal-hold Status=ON diff -pruN 2.23.6-1/awscli/examples/s3api/put-object-lock-configuration.rst 2.31.35-1/awscli/examples/s3api/put-object-lock-configuration.rst --- 2.23.6-1/awscli/examples/s3api/put-object-lock-configuration.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-object-lock-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-object-lock-configuration`` example sets a 50-day object lock on the specified bucket. :: aws s3api put-object-lock-configuration \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 50 }}}' This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/put-object-retention.rst 2.31.35-1/awscli/examples/s3api/put-object-retention.rst --- 2.23.6-1/awscli/examples/s3api/put-object-retention.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-object-retention.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-object-retention`` example sets an object retention configuration for the specified object until 2025-01-01. :: aws s3api put-object-retention \ - --bucket my-bucket-with-object-lock \ + --bucket amzn-s3-demo-bucket-with-object-lock \ --key doc1.rtf \ --retention '{ "Mode": "GOVERNANCE", "RetainUntilDate": "2025-01-01T00:00:00" }' diff -pruN 2.23.6-1/awscli/examples/s3api/put-object-tagging.rst 2.31.35-1/awscli/examples/s3api/put-object-tagging.rst --- 2.23.6-1/awscli/examples/s3api/put-object-tagging.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-object-tagging.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-object-tagging`` example sets a tag with the key ``designation`` and the value ``confidential`` on the specified object. :: aws s3api put-object-tagging \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf \ --tagging '{"TagSet": [{ "Key": "designation", "Value": "confidential" }]}' @@ -12,7 +12,7 @@ This command produces no output. The following ``put-object-tagging`` example sets multiple tags sets on the specified object. :: aws s3api put-object-tagging \ - --bucket my-bucket-example \ + --bucket amzn-s3-demo-bucket-example \ --key doc3.rtf \ --tagging '{"TagSet": [{ "Key": "designation", "Value": "confidential" }, { "Key": "department", "Value": "finance" }, { "Key": "team", "Value": "payroll" } ]}' diff -pruN 2.23.6-1/awscli/examples/s3api/put-public-access-block.rst 2.31.35-1/awscli/examples/s3api/put-public-access-block.rst --- 2.23.6-1/awscli/examples/s3api/put-public-access-block.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/put-public-access-block.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``put-public-access-block`` example sets a restrictive block public access configuration for the specified bucket. :: aws s3api put-public-access-block \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true" This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/select-object-content.rst 2.31.35-1/awscli/examples/s3api/select-object-content.rst --- 2.23.6-1/awscli/examples/s3api/select-object-content.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/select-object-content.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``select-object-content`` example filters the object ``my-data-file.csv`` with the specified SQL statement and sends output to a file. :: aws s3api select-object-content \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key my-data-file.csv \ --expression "select * from s3object limit 100" \ --expression-type 'SQL' \ diff -pruN 2.23.6-1/awscli/examples/s3api/upload-part-copy.rst 2.31.35-1/awscli/examples/s3api/upload-part-copy.rst --- 2.23.6-1/awscli/examples/s3api/upload-part-copy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/upload-part-copy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,9 +3,9 @@ The following ``upload-part-copy`` example uploads a part by copying data from an existing object as a data source. :: aws s3api upload-part-copy \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key "Map_Data_June.mp4" \ - --copy-source "my-bucket/copy_of_Map_Data_June.mp4" \ + --copy-source "amzn-s3-demo-bucket/copy_of_Map_Data_June.mp4" \ --part-number 1 \ --upload-id "bq0tdE1CDpWQYRPLHuNG50xAT6pA5D.m_RiBy0ggOH6b13pVRY7QjvLlf75iFdJqp_2wztk5hvpUM2SesXgrzbehG5hViyktrfANpAD0NO.Nk3XREBqvGeZF6U3ipiSm" diff -pruN 2.23.6-1/awscli/examples/s3api/upload-part.rst 2.31.35-1/awscli/examples/s3api/upload-part.rst --- 2.23.6-1/awscli/examples/s3api/upload-part.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/upload-part.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ The following command uploads the first part in a multipart upload initiated with the ``create-multipart-upload`` command:: - aws s3api upload-part --bucket my-bucket --key 'multipart/01' --part-number 1 --body part01 --upload-id "dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R" + aws s3api upload-part --bucket amzn-s3-demo-bucket --key 'multipart/01' --part-number 1 --body part01 --upload-id "dfRtDYU0WWCCcH43C3WFbkRONycyCpTJJvxu2i5GYkZljF.Yxwh6XG7WfS2vC4to6HiV6Yjlx.cph0gtNBtJ8P3URCSbB7rjxI5iEwVDmgaXZOGgkk5nVTW16HOQ5l0R" The ``body`` option takes the name or path of a local file for upload (do not use the file:// prefix). The minimum part size is 5 MB. Upload ID is returned by ``create-multipart-upload`` and can also be retrieved with ``list-multipart-uploads``. Bucket and key are specified when you create the multipart upload. diff -pruN 2.23.6-1/awscli/examples/s3api/wait/bucket-exists.rst 2.31.35-1/awscli/examples/s3api/wait/bucket-exists.rst --- 2.23.6-1/awscli/examples/s3api/wait/bucket-exists.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/wait/bucket-exists.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,6 +3,6 @@ The following ``wait bucket-exists`` example pauses and continues only after it can confirm that the specified bucket exists. :: aws s3api wait bucket-exists \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/wait/bucket-not-exists.rst 2.31.35-1/awscli/examples/s3api/wait/bucket-not-exists.rst --- 2.23.6-1/awscli/examples/s3api/wait/bucket-not-exists.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/wait/bucket-not-exists.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,6 +3,6 @@ The following ``wait bucket-not-exists`` example pauses and continues only after it can confirm that the specified bucket doesn't exist. :: aws s3api wait bucket-not-exists \ - --bucket my-bucket + --bucket amzn-s3-demo-bucket This command produces no output. diff -pruN 2.23.6-1/awscli/examples/s3api/wait/object-exists.rst 2.31.35-1/awscli/examples/s3api/wait/object-exists.rst --- 2.23.6-1/awscli/examples/s3api/wait/object-exists.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/wait/object-exists.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``wait object-not-exists`` example pauses and continues only after it can confirm that the specified object (``--key``) in the specified bucket exists. :: aws s3api wait object-exists \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/s3api/wait/object-not-exists.rst 2.31.35-1/awscli/examples/s3api/wait/object-not-exists.rst --- 2.23.6-1/awscli/examples/s3api/wait/object-not-exists.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/s3api/wait/object-not-exists.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,7 +3,7 @@ The following ``wait object-not-exists`` example pauses and continues only after it can confirm that the specified object (``--key``) in the specified bucket doesn't exist. :: aws s3api wait object-not-exists \ - --bucket my-bucket \ + --bucket amzn-s3-demo-bucket \ --key doc1.rtf This command produces no output. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/securityhub/describe-hub.rst 2.31.35-1/awscli/examples/securityhub/describe-hub.rst --- 2.23.6-1/awscli/examples/securityhub/describe-hub.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/securityhub/describe-hub.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,15 +1,17 @@ **To get information about a hub resource** -The following ``describe-hub`` example returns the subscription date for the specified hub resource. The hub resource is identified by its ARN. :: +The following ``describe-hub`` example returns the subscription date and other configuration settings for the specified hub resource. The hub resource is identified by its ARN. :: - aws securityhub describe-hub \ + aws securityhub describe-hub \ --hub-arn "arn:aws:securityhub:us-west-1:123456789012:hub/default" Output:: { "HubArn": "arn:aws:securityhub:us-west-1:123456789012:hub/default", - "SubscribedAt": "2019-11-19T23:15:10.046Z" + "SubscribedAt": "2019-11-19T23:15:10.046Z", + "AutoEnableControls": true, + "ControlFindingGenerator": "SECURITY_CONTROL" } -For more information, see `AWS::SecurityHub::Hub `__ in the *AWS CloudFormation User Guide*. +For more information, see `AWS::SecurityHub::Hub `__ in the *AWS CloudFormation User Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/create-http-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/create-http-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/create-http-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/create-http-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To create an HTTP namespace** + +The following ``create-http-namespace`` example creates an HTTP namespace ``example.com``. :: + + aws servicediscovery create-http-namespace \ + --name example.com \ + --creator-request-id example-request-id + +Output:: + + { + "OperationId": "gv4g5meo7ndmeh4fqskygvk23d2fijwa-k9302yzd" + } + +To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__ . + +For more information about creating a namespace, see `Creating an AWS Cloud Map namespace to group application services `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/create-public-dns-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/create-public-dns-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/create-public-dns-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/create-public-dns-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,18 @@ +**To create an public DNS namespace** + +The following ``create-public-dns-namespace`` example creates an public DNS namespace ``example.com``. :: + + aws servicediscovery create-public-dns-namespace \ + --name example-public-dns.com \ + --creator-request-id example-public-request-id \ + --properties DnsProperties={SOA={TTL=60}} + +Output:: + + { + "OperationId": "gv4g5meo7ndmeh4fqskygvk23d2fijwa-k9302yzd" + } + +To confirm that the operation succeeded, you can run ``get-operation``. + +For more information about creating a namespace, see `Creating an AWS Cloud Map namespace to group application services `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/create-service.rst 2.31.35-1/awscli/examples/servicediscovery/create-service.rst --- 2.23.6-1/awscli/examples/servicediscovery/create-service.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/create-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,22 +1,23 @@ -**To create a service** +**Example 1: To create a service using namespace ID** The following ``create-service`` example creates a service. :: aws servicediscovery create-service \ --name myservice \ --namespace-id ns-ylexjili4cdxy3xm \ - --dns-config "NamespaceId=ns-ylexjili4cdxy3xm,RoutingPolicy=MULTIVALUE,DnsRecords=[{Type=A,TTL=60}]" + --dns-config "RoutingPolicy=MULTIVALUE,DnsRecords=[{Type=A,TTL=60}]" Output:: { - "Service": { - "Id": "srv-p5zdwlg5uvvzjita", - "Arn": "arn:aws:servicediscovery:us-west-2:803642222207:service/srv-p5zdwlg5uvvzjita", + "Service": { + "Id": "srv-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", "Name": "myservice", - "NamespaceId": "ns-ylexjili4cdxy3xm", + "NamespaceId": "ns-abcd1234xmpl5678", "DnsConfig": { - "NamespaceId": "ns-ylexjili4cdxy3xm", + "NamespaceId": "ns-abcd1234xmpl5678", "RoutingPolicy": "MULTIVALUE", "DnsRecords": [ { @@ -25,10 +26,49 @@ Output:: } ] }, - "CreateDate": 1587081768.334, - "CreatorRequestId": "567c1193-6b00-4308-bd57-ad38a8822d25" + "Type": "DNS_HTTP", + "CreateDate": "2025-08-18T13:45:31.023000-05:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678", + "CreatedByAccount": "123456789012" } } -For more information, see `Creating services `__ in the *AWS Cloud Map Developer Guide*. +For more information, see `Creating an AWS Cloud Map service for an application component `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To create a service using namespace ARN** + +The following ``create-service`` example creates a service using a namespace ARN instead of namespace ID. Specifying a namespace ARN is necessary when creating a service in a shared namespace. :: + + aws servicediscovery create-service \ + --name myservice-arn \ + --namespace-id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 \ + --dns-config "RoutingPolicy=MULTIVALUE,DnsRecords=[{Type=A,TTL=60}]" + +Output:: + + { + "Service": { + "Id": "srv-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Name": "myservice-arn", + "NamespaceId": "ns-abcd1234xmpl5678", + "DnsConfig": { + "NamespaceId": "ns-abcd1234xmpl5678", + "RoutingPolicy": "MULTIVALUE", + "DnsRecords": [ + { + "Type": "A", + "TTL": 60 + } + ] + }, + "Type": "DNS_HTTP", + "CreateDate": "2025-08-18T13:45:31.023000-05:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678", + "CreatedByAccount": "123456789012" + } + } + +For more information, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/delete-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/delete-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/delete-namespace.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/delete-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,17 +1,31 @@ -**To delete a namespace** +**Example 1: To delete a namespace** The following ``delete-namespace`` example deletes a namespace. :: aws servicediscovery delete-namespace \ - --id ns-ylexjili4cdxy3xm + --id ns-abcd1234xmpl5678 Output:: { - "OperationId": "gv4g5meo7ndmeh4fqskygvk23d2fijwa-k98y6drk" + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" } To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__ . -For more information, see `Deleting namespaces `__ in the *AWS Cloud Map Developer Guide*. +For more information, see `Deleting an AWS Cloud Map namespace `__ in the *AWS Cloud Map Developer Guide*. +**Example 2: To delete a namespace using namespace ARN** + +The following ``delete-namespace`` example deletes a namespace using its ARN. :: + + aws servicediscovery delete-namespace \ + --id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +For more information, see `Deleting an AWS Cloud Map namespace `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/delete-service-attributes.rst 2.31.35-1/awscli/examples/servicediscovery/delete-service-attributes.rst --- 2.23.6-1/awscli/examples/servicediscovery/delete-service-attributes.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/delete-service-attributes.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,23 @@ +**Example 1: To delete a service attribute** + +The following ``delete-service-attributes`` example deletes a service attribute with the key ``Port`` that is associated with the specified service. :: + + aws servicediscovery delete-service-attributes \ + --service-id srv-abcd1234xmpl5678 \ + --attributes Port + +This command produces no output. + +For more information, see `AWS Cloud Map services `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To delete a service attribute using ARN** + +The following ``delete-service-attributes`` example deletes a service attribute using the service ARN. Specifying the ARN is necessary for deleting attributes associated with services created in namespaces shared with your account. :: + + aws servicediscovery delete-service-attributes \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 \ + --attributes Port + +This command produces no output. + +For more information, see `AWS Cloud Map services `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/delete-service.rst 2.31.35-1/awscli/examples/servicediscovery/delete-service.rst --- 2.23.6-1/awscli/examples/servicediscovery/delete-service.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/delete-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,11 +1,21 @@ -**To delete a service** +**Example 1: To delete a service** The following ``delete-service`` example deletes a service. :: aws servicediscovery delete-service \ - --id srv-p5zdwlg5uvvzjita + --id srv-abcd1234xmpl5678 This command produces no output. -For more information, see `Deleting services `__ in the *AWS Cloud Map Developer Guide*. +For more information, see `Deleting an AWS Cloud Map service `__ in the *AWS Cloud Map Developer Guide*. +**Example 2: To delete a service using ARN** + +The following ``delete-service`` example deletes a service using its ARN. :: + + aws servicediscovery delete-service \ + --id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 + +This command produces no output. + +For more information, see `Deleting an AWS Cloud Map service `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/deregister-instance.rst 2.31.35-1/awscli/examples/servicediscovery/deregister-instance.rst --- 2.23.6-1/awscli/examples/servicediscovery/deregister-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/deregister-instance.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To deregister a service instance** +**Example 1: To deregister a service instance** The following ``deregister-instance`` example deregisters a service instance. :: @@ -12,7 +12,23 @@ Output:: "OperationId": "4yejorelbukcjzpnr6tlmrghsjwpngf4-k98rnaiq" } -To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__ . +To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__. For more information, see `Deregistering service instances `__ in the *AWS Cloud Map Developer Guide*. +**Example 2: To deregister a service instance using service ARN for shared namespaces** + +The following ``deregister-instance`` example deregisters a service instance using a service ARN instead of service ID. Specifying an ARN is required when deregistering instances from services created in namespaces that are shared with your account. :: + + aws servicediscovery deregister-instance \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita \ + --instance-id web-server-01 + +Output:: + + { + "OperationId": "gv4g5meo7ndmkqjrhpn39wk42xmpl" + } + +For more information, see `Shared AWS Cloud Map namespaces `__ and `Deregistering an AWS Cloud Map service instance `__ in the *AWS Cloud Map Developer Guide*. + diff -pruN 2.23.6-1/awscli/examples/servicediscovery/discover-instances-revision.rst 2.31.35-1/awscli/examples/servicediscovery/discover-instances-revision.rst --- 2.23.6-1/awscli/examples/servicediscovery/discover-instances-revision.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/discover-instances-revision.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**Example 1: To discover the revision of an instance** + +The following ``discover-instances-revision`` example discovers the increasing revision of an instance. :: + + aws servicediscovery discover-instances-revision \ + --namespace-name example.com \ + --service-name myservice + +Output:: + + { + "InstancesRevision": 123456 + } + +For more information, see `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To discover the revision of instances from a specific owner account** + +The following ``discover-instances-revision`` example discovers the revision of instances from a specific owner account. The owner-account parameter is necessary for instances in namespaces that are shared with your account. :: + + aws servicediscovery discover-instances-revision \ + --namespace-name shared-namespace \ + --service-name shared-service \ + --owner-account 123456789111 + +Output:: + + { + "InstancesRevision": 1234567890 + } + +For more information, see `Shared AWS Cloud Map namespaces `__ and `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/discover-instances.rst 2.31.35-1/awscli/examples/servicediscovery/discover-instances.rst --- 2.23.6-1/awscli/examples/servicediscovery/discover-instances.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/discover-instances.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To discover registered instances** +**Example 1: To discover registered instances** The following ``discover-instances`` example discovers registered instances. :: @@ -22,6 +22,37 @@ Output:: "AWS_INSTANCE_PORT": "808" } } - ] + ], + "InstancesRevision": 85648075627387284 } +For more information, see `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To discover instances from a specific owner account** + +The following ``discover-instances`` example discovers registered instances from a specific owner account. This parameter is necessary to discover instances in namespaces that are shared with your account. :: + + aws servicediscovery discover-instances \ + --namespace-name shared-namespace \ + --service-name shared-service \ + --owner-account 123456789111 + +Output:: + + { + "Instances": [ + { + "InstanceId": "shared-instance-1234", + "NamespaceName": "shared-namespace", + "ServiceName": "shared-service", + "HealthStatus": "HEALTHY", + "Attributes": { + "AWS_INSTANCE_IPV4": "203.0.113.75", + "AWS_INSTANCE_PORT": "80" + } + } + ], + "InstancesRevision": 1234567890 + } + +For more information, see `Shared AWS Cloud Map namespaces `__ and `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-instance.rst 2.31.35-1/awscli/examples/servicediscovery/get-instance.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-instance.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-instance.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,50 @@ +**Example 1: To get the details of an instance** + +The following ``get-instance`` example gets the attributes of a service. :: + + aws servicediscovery get-instance \ + --service-id srv-e4anhexample0004 + --instance-id i-abcd1234 + +Output:: + + { + "ResourceOwner": "123456789012", + "Instance": { + "Id": "arn:aws:servicediscovery:us-west-2:111122223333;:service/srv-e4anhexample0004", + "Attributes": { + "AWS_INSTANCE_IPV4": "192.0.2.44", + "AWS_INSTANCE_PORT": "80", + "color": "green", + "region": "us-west-2", + "stage": "beta" + }, + "CreatedByAccount": "123456789012" + } + } + +For more information, see `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get the details of an instance using service ARN for shared namespaces** + +The following ``get-instance`` example gets the attributes of an instance using a service ARN instead of service ID. Specifying an ARN is required when getting details of instances associated with namespaces that are shared with your account. The instance returned in this example was registered by account ``123456789111`` in a namespace owned by account ``123456789012``. :: + + aws servicediscovery get-instance \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita \ + --instance-id web-server-01 + +Output:: + + { + "ResourceOwner": "123456789012", + "Instance": { + "Id": "web-server-01", + "Attributes": { + "AWS_INSTANCE_IPV4": "203.0.113.15", + "AWS_INSTANCE_PORT": "80" + }, + "CreatedByAccount": "123456789111" + } + } + +For more information about cross-account namespace sharing, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-instances-health-status.rst 2.31.35-1/awscli/examples/servicediscovery/get-instances-health-status.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-instances-health-status.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-instances-health-status.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**Example 1: To get the health status of instances associated with a service** + +The following ``get-instances-health-status`` example gets the health status of instances associated with the specified service. :: + + aws servicediscovery get-instances-health-status \ + --service-id srv-e4anhexample0004 + +Output:: + + { + "Status": { + "i-abcd1234": "HEALTHY", + "i-abcd1235": "UNHEALTHY" + } + } + +For more information, see `AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get the health status of instances using service ARN for shared namespaces** + +The following ``get-instances-health-status`` example gets the health status of instances using a service ARN instead of service ID. Specifying an ARN is required when getting health status for instances associated with namespaces that are shared with the requester's account. :: + + aws servicediscovery get-instances-health-status \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita + +Output:: + + { + "Status": { + "web-server-01": "HEALTHY", + "web-server-02": "UNHEALTHY" + } + } + +For more information, see `AWS Cloud Map service instances `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/get-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,59 @@ +**Example 1: To get the details of a namespace** + +The following ``get-namespace`` example retrieves information about the specified namespace. :: + + aws servicediscovery get-namespace \ + --id ns-abcd1234xmpl5678 + +Output:: + + { + "Namespace": { + "Id": "ns-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Name": "example-http.com", + "Type": "HTTP", + "Description": "Example.com AWS Cloud Map HTTP Namespace", + "Properties": { + "DnsProperties": {}, + "HttpProperties": { + "HttpName": "example-http.com" + } + }, + "CreateDate": "2024-02-23T13:35:21.874000-06:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + } + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get the details of a namespace using ARN** + +The following ``get-namespace`` example retrieves information about the specified namespace using its ARN. Specifying the ARN is necessary for retreiving details of a namespace shared with your account. :: + + aws servicediscovery get-namespace \ + --id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 + +Output:: + + { + "Namespace": { + "Id": "ns-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Name": "example-http.com", + "Type": "HTTP", + "Description": "Example.com AWS Cloud Map HTTP Namespace", + "Properties": { + "DnsProperties": {}, + "HttpProperties": { + "HttpName": "example-http.com" + } + }, + "CreateDate": "2024-02-23T13:35:21.874000-06:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + } + +For more information, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-operation.rst 2.31.35-1/awscli/examples/servicediscovery/get-operation.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-operation.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-operation.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,22 +1,49 @@ -**To get the result of an operation** +**Example 1: To get the result of an operation** -The following ``get-operation`` example gets the result of an operation. :: +The following ``get-operation`` example gets the result of a namespace creation operation. :: aws servicediscovery get-operation \ - --operation-id gv4g5meo7ndmeh4fqskygvk23d2fijwa-k9302yzd + --operation-id abcd1234xmpl5678abcd1234xmpl5678-abcd1234 Output:: { "Operation": { - "Id": "gv4g5meo7ndmeh4fqskygvk23d2fijwa-k9302yzd", + "Id": "abcd1234xmpl5678abcd1234xmpl5678-abcd1234", "Type": "CREATE_NAMESPACE", "Status": "SUCCESS", - "CreateDate": 1587055860.121, - "UpdateDate": 1587055900.469, + "CreateDate": "2025-01-13T13:35:21.874000-06:00", + "UpdateDate": "2025-01-13T13:36:02.469000-06:00", "Targets": { - "NAMESPACE": "ns-ylexjili4cdxy3xm" + "NAMESPACE": "ns-abcd1234xmpl5678" } } } +For more information, see `Creating an AWS Cloud Map namespace to group application services `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get an operation from a specific owner account** + +The following ``get-operation`` example gets the result of an operation associated with a specific namespace owner account. This parameter is necessary to get the result of operations associated with namespaces shared with your account. :: + + aws servicediscovery get-operation \ + --operation-id abcd1234xmpl5678abcd1234xmpl5678-abcd1234 \ + --owner-account 123456789111 + +Output:: + + { + "Operation": { + "Id": "abcd1234xmpl5678abcd1234xmpl5678-abcd1234", + "OwnerAccount": "123456789111", + "Type": "CREATE_NAMESPACE", + "Status": "SUCCESS", + "CreateDate": "2025-01-13T13:35:21.874000-06:00", + "UpdateDate": "2025-01-13T13:36:02.469000-06:00", + "Targets": { + "NAMESPACE": "ns-abcd1234xmpl5678" + } + } + } + +For more information, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-service-attributes.rst 2.31.35-1/awscli/examples/servicediscovery/get-service-attributes.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-service-attributes.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-service-attributes.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,41 @@ +**Example 1: To get the attributes of a service** + +The following ``get-service-attributes`` example gets the attributes of a service. :: + + aws servicediscovery get-service-attributes \ + --service-id srv-abcd1234xmpl5678 + +Output:: + + { + "ServiceAttributes": { + "ServiceArn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Attributes": { + "Port": "80" + } + } + } + +For more information, see `AWS Cloud Map services `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get the attributes of a service using ARN** + +The following ``get-service-attributes`` example gets the attributes of a service using its ARN. Specifying an ARN is necessary for getting attributes of a service created in a namespace shared with your account. :: + + aws servicediscovery get-service-attributes \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 + +Output:: + + { + "ServiceAttributes": { + "ServiceArn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Attributes": { + "Port": "80" + } + } + } + +For more information, see `AWS Cloud Map services `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/get-service.rst 2.31.35-1/awscli/examples/servicediscovery/get-service.rst --- 2.23.6-1/awscli/examples/servicediscovery/get-service.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/get-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,51 @@ +**Example 1: To get the settings of a service** + +The following ``get-service`` example gets the settings of a specified service. :: + + aws servicediscovery get-service \ + --id srv-abcd1234xmpl5678 + +Output:: + + { + "Service": { + "Id": "srv-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Name": "test-service", + "NamespaceId": "ns-abcd1234xmpl5678", + "DnsConfig": {}, + "Type": "HTTP", + "CreateDate": "2025-08-18T13:53:02.775000-05:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678", + "CreatedByAccount": "123456789012" + } + } + +For more information, see `AWS Cloud Map services `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To get the settings of a service using ARN** + +The following ``get-service`` example gets the settings of a specified service using its ARN. Specifying the ARN is necessary when retrieving information about a service created in a namespace that is shared with your account. The caller account ``123456789111`` created the service in a namespace shared by account ``123456789012``. :: + + aws servicediscovery get-service \ + --id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 + +Output:: + + { + "Service": { + "Id": "srv-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789012", + "Name": "test-service", + "NamespaceId": "ns-abcd1234xmpl5678", + "DnsConfig": {}, + "Type": "HTTP", + "CreateDate": "2025-08-18T13:53:02.775000-05:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678", + "CreatedByAccount": "123456789111" + } + } + +For more information, see `Creating an AWS Cloud Map service for an application component `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/list-instances.rst 2.31.35-1/awscli/examples/servicediscovery/list-instances.rst --- 2.23.6-1/awscli/examples/servicediscovery/list-instances.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/list-instances.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To list service instances** +**Example 1: To list service instances** The following ``list-instances`` example lists service instances. :: @@ -14,10 +14,45 @@ Output:: "Attributes": { "AWS_INSTANCE_IPV4": "172.2.1.3", "AWS_INSTANCE_PORT": "808" - } + }, + "CreatedByAccount": "123456789012" + } + ], + "ResourceOwner": "123456789012" + } + +For more information, see `Listing AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To list service instances using service ARN** + +The following ``list-instances`` example lists service instances using a service ARN instead of service ID. Specifying an ARN is required when listing instances associated with namespaces that are shared with your account. :: + + aws servicediscovery list-instances \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita + +Output:: + + { + "ResourceOwner": "123456789012", + "Instances": [ + { + "Id": "web-server-01", + "Attributes": { + "AWS_INSTANCE_IPV4": "203.0.113.15", + "AWS_INSTANCE_PORT": "80" + }, + "CreatedByAccount": "123456789012" + }, + { + "Id": "web-server-02", + "Attributes": { + "AWS_INSTANCE_IPV4": "203.0.113.16", + "AWS_INSTANCE_PORT": "80" + }, + "CreatedByAccount": "123456789012" } ] } -For more information, see `Viewing a list of service instances `__ in the *AWS Cloud Map Developer Guide*. +For more information about cross-account namespace sharing, see `Shared AWS Cloud Map namespaces `_ and `Listing AWS Cloud Map service instances `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/list-namespaces.rst 2.31.35-1/awscli/examples/servicediscovery/list-namespaces.rst --- 2.23.6-1/awscli/examples/servicediscovery/list-namespaces.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/list-namespaces.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To list namespaces** +**Example 1: To list namespaces** The following ``list-namespaces`` example lists namespaces. :: @@ -9,50 +9,73 @@ Output:: { "Namespaces": [ { - "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-a3ccy2e7e3a7rile", - "CreateDate": 1585354387.357, - "Id": "ns-a3ccy2e7e3a7rile", + "Id": "ns-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678", + "ResourceOwner": "123456789012", "Name": "local", + "Type": "DNS_PRIVATE", "Properties": { "DnsProperties": { - "HostedZoneId": "Z06752353VBUDTC32S84S" + "HostedZoneId": "Z06752353VBUDTC32S84S", + "SOA": {} }, "HttpProperties": { "HttpName": "local" } }, - "Type": "DNS_PRIVATE" + "CreateDate": "2023-07-17T13:37:27.872000-05:00" }, { - "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-pocfyjtrsmwtvcxx", - "CreateDate": 1586468974.698, - "Description": "My second namespace", - "Id": "ns-pocfyjtrsmwtvcxx", + "Id": "ns-abcd1234xmpl9012", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl9012", + "ResourceOwner": "123456789012", "Name": "My-second-namespace", + "Type": "HTTP", + "Description": "My second namespace", "Properties": { - "DnsProperties": {}, + "DnsProperties": { + "SOA": {} + }, "HttpProperties": { "HttpName": "My-second-namespace" } }, - "Type": "HTTP" - }, + "CreateDate": "2023-11-14T10:35:47.840000-06:00" + } + ] + } + +For more information, see `Listing AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To list namespaces shared by other accounts** + +The following ``list-namespaces`` example lists namespaces that are shared with the caller account by other AWS accounts using the ``RESOURCE_OWNER`` filter. :: + + aws servicediscovery list-namespaces \ + --filters Name=RESOURCE_OWNER,Values=OTHER_ACCOUNTS,Condition=EQ + +Output:: + + { + "Namespaces": [ { - "Arn": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-ylexjili4cdxy3xm", - "CreateDate": 1587055896.798, - "Id": "ns-ylexjili4cdxy3xm", - "Name": "example.com", + "Id": "ns-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789111:namespace/ns-abcd1234xmpl5678", + "ResourceOwner": "123456789111", + "Name": "shared-namespace", + "Type": "HTTP", + "Description": "Namespace shared from another account", "Properties": { "DnsProperties": { - "HostedZoneId": "Z09983722P0QME1B3KC8I" + "SOA": {} }, - "HttpProperties": { - "HttpName": "example.com" + "HttpProperties": { + "HttpName": "shared-namespace" } }, - "Type": "DNS_PRIVATE" + "CreateDate": "2025-01-13T13:35:21.874000-06:00" } ] } -For more information, see `Viewing a list of namespaces `__ in the *AWS Cloud Map Developer Guide*. \ No newline at end of file +For more information, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/servicediscovery/list-operations.rst 2.31.35-1/awscli/examples/servicediscovery/list-operations.rst --- 2.23.6-1/awscli/examples/servicediscovery/list-operations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/list-operations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,29 @@ +**To list operations that meet the specified criteria** + +The following ``list-operations`` example lists operations that have a status of ``PENDING`` or ``SUCCESS``. :: + + aws servicediscovery list-operations \ + --service-id srv-e4anhexample0004 \ + --filters Name=STATUS,Condition=IN,Values=PENDING,SUCCESS + +Output:: + + { + "Operations": [ + { + "Id": "76yy8ovhpdz0plmjzbsnqgnrqvpv2qdt-kexample", + "Status": "SUCCESS" + }, + { + "Id": "prysnyzpji3u2ciy45nke83x2zanl7yk-dexample", + "Status": "SUCCESS" + }, + { + "Id": "ko4ekftir7kzlbechsh7xvcdgcpk66gh-7example", + "Status": "PENDING" + } + ] + } + + +For more information, see `What is AWS Cloud Map? `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/list-services.rst 2.31.35-1/awscli/examples/servicediscovery/list-services.rst --- 2.23.6-1/awscli/examples/servicediscovery/list-services.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/list-services.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To list services** +**Example 1: To list services** The following ``list-services`` example lists services. :: @@ -26,5 +26,33 @@ Output:: ] } -For more information, see `Viewing a list of services `__ in the *AWS Cloud Map Developer Guide*. +For more information, see `Listing AWS Cloud Map services in a namespace `__ in the *AWS Cloud Map Developer Guide*. +**Example 2: To list services created in shared namespaces** + +The following ``list-services`` example lists services that are created in namespaces shared with the caller account ``123456789012`` by other AWS accounts using the ``RESOURCE_OWNER`` filter. :: + + aws servicediscovery list-services \ + --filters Name=RESOURCE_OWNER,Values=OTHER_ACCOUNTS,Condition=EQ + +Output:: + + { + "Services": [ + { + "Id": "srv-abcd1234xmpl5678", + "Arn": "arn:aws:servicediscovery:us-west-2:123456789111:service/srv-abcd1234xmpl5678", + "ResourceOwner": "123456789111", + "Name": "shared-service", + "NamespaceId": "ns-abcd1234xmpl5678", + "Type": "HTTP", + "Description": "Service in shared namespace", + "DnsConfig": {}, + "CreateDate": "2025-01-13T13:35:21.874000-06:00", + "CreatorRequestId": "abcd1234-5678-90ab-cdef-xmpl12345678", + "CreatedByAccount": "123456789012" + } + ] + } + +For more information, see `Shared AWS Cloud Map namespaces `__ and `Listing AWS Cloud Map services in a namespace `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/list-tags-for-resource.rst 2.31.35-1/awscli/examples/servicediscovery/list-tags-for-resource.rst --- 2.23.6-1/awscli/examples/servicediscovery/list-tags-for-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/list-tags-for-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,23 @@ +**To list tags associated with the specified resource** + +The following ``list-tags-for-resource`` example lists tags for the specified resource. :: + + aws servicediscovery list-tags-for-resource \ + --resource-arn arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-e4anhexample0004 + +Output:: + + { + "Tags": [ + { + "Key": "Project", + "Value": "Zeta" + }, + { + "Key": "Department", + "Value": "Engineering" + } + ] + } + +For more information, see `Tagging your AWS Cloud Map resources `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/register-instance.rst 2.31.35-1/awscli/examples/servicediscovery/register-instance.rst --- 2.23.6-1/awscli/examples/servicediscovery/register-instance.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/register-instance.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,4 @@ -**To register a service instance** +**Example 1: To register a service instance using service ID** The following ``register-instance`` example registers a service instance. :: @@ -15,5 +15,21 @@ Output:: To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__ . -For more information, see `Registering instances `__ in the *AWS Cloud Map Developer Guide*. +For more information about registering an instance, see `Registering a resource as an AWS Cloud Map service instance `__ in the *AWS Cloud Map Developer Guide*. +**Example 2: To register a service instance using service ARN** + +The following ``register-instance`` example registers a service instance using a service ARN. Specifying the ARN is required when registering instances in services that are shared with your account. :: + + aws servicediscovery register-instance \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita \ + --instance-id web-server-01 \ + --attributes=AWS_INSTANCE_IPV4=203.0.113.15,AWS_INSTANCE_PORT=80 + +Output:: + + { + "OperationId": "gv4g5meo7ndmkqjrhpn39wk42xmpl" + } + +For more information about cross-account namespace sharing, see `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/tag-resource.rst 2.31.35-1/awscli/examples/servicediscovery/tag-resource.rst --- 2.23.6-1/awscli/examples/servicediscovery/tag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/tag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To associate tags with the specified resource** + +The following ``tag-resource`` example associates a ``Department`` tag with the value ``Engineering`` with the specified namespace. :: + + aws servicediscovery tag-resource \ + --resource-arn arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-e4anhexample0004 \ + --tags Key=Department, Value=Engineering + +This command produces no output. + +For more information, see `Tagging your AWS Cloud Map resources `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/untag-resource.rst 2.31.35-1/awscli/examples/servicediscovery/untag-resource.rst --- 2.23.6-1/awscli/examples/servicediscovery/untag-resource.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/untag-resource.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,11 @@ +**To remove tags from the specified resource** + +The following ``untag-resource`` example removes a ``Department`` tag from the specified namespace. :: + + aws servicediscovery untag-resource \ + --resource-arn arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-e4anhexample0004 \ + --tags Key=Department, Value=Engineering + +This command produces no output. + +For more information, see `Tagging your AWS Cloud Map resources `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-http-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/update-http-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-http-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-http-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**Example 1: To update an HTTP namespace** + +The following ``update-http-namespace`` example updates the specified HTTP namespace's description. :: + + aws servicediscovery update-http-namespace \ + --id ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +To confirm that the operation succeeded, you can run ``get-operation``. For more information, see `get-operation `__ . + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update an HTTP namespace using ARN** + +The following ``update-http-namespace`` example updates the specified HTTP namespace using its ARN. :: + + aws servicediscovery update-http-namespace \ + --id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-instance-custom-health-status.rst 2.31.35-1/awscli/examples/servicediscovery/update-instance-custom-health-status.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-instance-custom-health-status.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-instance-custom-health-status.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,25 @@ +**Example 1: To update a custom health check** + +The following ``update-instance-custom-health-status`` example updates the status of the custom health check for the specified service and example service instance to ``HEALTHY``. :: + + aws servicediscovery update-instance-custom-health-status \ + --service-id srv-e4anhexample0004 \ + --instance-id example \ + --status HEALTHY + +This command produces no output. + +For more information, see `AWS Cloud Map service health check configuration `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update a custom health check using service ARN** + +The following ``update-instance-custom-health-status`` example updates the status of the custom health check using a service ARN. The ARN is required when updating health status for instances associated with namespaces that are shared with the your account. :: + + aws servicediscovery update-instance-custom-health-status \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-p5zdwlg5uvvzjita \ + --instance-id web-server-01 \ + --status HEALTHY + +This command produces no output. + +For more information, see `AWS Cloud Map service health check configuration `__ and `Cross-account AWS Cloud Map namespace sharing `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-private-dns-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/update-private-dns-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-private-dns-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-private-dns-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**Example 1: To update a private DNS namespace using ID** + +The following ``update-private-dns-namespace`` example updates the description of a private DNS namespace using namespace ID. :: + + aws servicediscovery update-private-dns-namespace \ + --id ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +To confirm that the operation succeeded, you can run ``get-operation``. + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update a private DNS namespace using ARN** + +The following ``update-private-dns-namespace`` example updates a private DNS namespace using its ARN. :: + + aws servicediscovery update-private-dns-namespace \ + --id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-public-dns-namespace.rst 2.31.35-1/awscli/examples/servicediscovery/update-public-dns-namespace.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-public-dns-namespace.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-public-dns-namespace.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,35 @@ +**Example 1: To update a public DNS namespace using ID** + +The following ``update-public-dns-namespace`` example updates the description of a public DNS namespace using its ID. :: + + aws servicediscovery update-public-dns-namespace \ + --id ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +To confirm that the operation succeeded, you can run ``get-operation``. + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update a public DNS namespace using ARN** + +The following ``update-public-dns-namespace`` example updates a public DNS namespace using its ARN. :: + + aws servicediscovery update-public-dns-namespace \ + --id arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-abcd1234xmpl5678 \ + --updater-request-id abcd1234-5678-90ab-cdef-xmpl12345678 \ + --namespace Description="The updated namespace description." + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +For more information, see `AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-service-attributes.rst 2.31.35-1/awscli/examples/servicediscovery/update-service-attributes.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-service-attributes.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-service-attributes.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,23 @@ +**Example 1: To update a service to add an attribute** + +The following ``update-service-attributes`` example updates the specified service to add a service attribute with a key ``Port`` and a value ``80``. :: + + aws servicediscovery update-service-attributes \ + --service-id srv-abcd1234xmpl5678 \ + --attributes Port=80 + +This command produces no output. + +For more information, see `AWS Cloud Map services `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update a service attributes using ARN** + +The following ``update-service-attributes`` example updates a service using its ARN to add a service attribute. Specifying the ARN is necessary for adding attributes to services created in namespaces shared with your account. :: + + aws servicediscovery update-service-attributes \ + --service-id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 \ + --attributes Port=80 + +This command produces no output. + +For more information, see `AWS Cloud Map services `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/servicediscovery/update-service.rst 2.31.35-1/awscli/examples/servicediscovery/update-service.rst --- 2.23.6-1/awscli/examples/servicediscovery/update-service.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/servicediscovery/update-service.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,33 @@ +**Example 1: To update a service** + +The following ``update-service`` example updates a service to update the ``DnsConfig`` and ``HealthCheckConfig`` settings. :: + + aws servicediscovery update-service \ + --id srv-abcd1234xmpl5678 \ + --service "DnsConfig={DnsRecords=[{Type=A,TTL=60}]},HealthCheckConfig={Type=HTTP,ResourcePath=/,FailureThreshold=2}" + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +To confirm that the operation succeeded, you can run ``get-operation``. + +For more information about updating a service, see `Updating an AWS Cloud Map service `__ in the *AWS Cloud Map Developer Guide*. + +**Example 2: To update a service using ARN** + +The following ``update-service`` example updates a service using its ARN. Specifying an ARN is necessary for services that are created in namespaces shared with your account. :: + + aws servicediscovery update-service \ + --id arn:aws:servicediscovery:us-west-2:123456789012:service/srv-abcd1234xmpl5678 \ + --service "DnsConfig={DnsRecords=[{Type=A,TTL=60}]},HealthCheckConfig={Type=HTTP,ResourcePath=/,FailureThreshold=2}" + +Output:: + + { + "OperationId": "abcd1234-5678-90ab-cdef-xmpl12345678" + } + +For more information about updating a service, see `Updating an AWS Cloud Map service `__ and `Shared AWS Cloud Map namespaces `__ in the *AWS Cloud Map Developer Guide*. diff -pruN 2.23.6-1/awscli/examples/ssm/put-parameter.rst 2.31.35-1/awscli/examples/ssm/put-parameter.rst --- 2.23.6-1/awscli/examples/ssm/put-parameter.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/ssm/put-parameter.rst 2025-11-12 19:17:29.000000000 +0000 @@ -15,7 +15,7 @@ Output:: "Tier": "Standard" } -For more information, see `Create a Systems Manager parameter (AWS CLI) `__, 'Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. +For more information, see `Create a Systems Manager parameter (AWS CLI) `__, `Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. **Example 2: To create an advanced parameter** @@ -35,11 +35,11 @@ Output:: "Tier": "Advanced" } -For more information, see `Create a Systems Manager parameter (AWS CLI) `__, 'Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. +For more information, see `Create a Systems Manager parameter (AWS CLI) `__, `Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. **Example 3: To convert a standard parameter to an advanced parameter** -The following ``put-parameter`` example converts a existing standard parameter into an advanced parameter. :: +The following ``put-parameter`` example converts an existing standard parameter into an advanced parameter. :: aws ssm put-parameter \ --name "MyConvertedParameter" \ @@ -55,7 +55,7 @@ Output:: "Tier": "Advanced" } -For more information, see `Create a Systems Manager parameter (AWS CLI) `__, 'Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. +For more information, see `Create a Systems Manager parameter (AWS CLI) `__, `Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. **Example 4: To create a parameter with a policy attached** @@ -75,7 +75,7 @@ Output:: "Tier": "Advanced" } -For more information, see `Create a Systems Manager parameter (AWS CLI) `__, 'Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. +For more information, see `Create a Systems Manager parameter (AWS CLI) `__, `Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. **Example 5: To add a policy to an existing parameter** @@ -96,4 +96,4 @@ Output:: "Tier": "Advanced" } -For more information, see `Create a Systems Manager parameter (AWS CLI) `__, 'Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. +For more information, see `Create a Systems Manager parameter (AWS CLI) `__, `Managing parameter tiers `__, and `Working with parameter policies `__ in the *AWS Systems Manager User Guide*. \ No newline at end of file diff -pruN 2.23.6-1/awscli/examples/verifiedpermissions/update-policy.rst 2.31.35-1/awscli/examples/verifiedpermissions/update-policy.rst --- 2.23.6-1/awscli/examples/verifiedpermissions/update-policy.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/verifiedpermissions/update-policy.rst 2025-11-12 19:17:29.000000000 +0000 @@ -1,21 +1,22 @@ -**Example 1: To create a static policy** +**To update a static policy** -The following ``create-policy`` example creates a static policy with a policy scope that specifies both a principal and a resource. :: +The following ``update-policy`` example modifies an existing static policy by updating its description and statement. :: - aws verifiedpermissions create-policy \ - --definition file://definition.txt \ + aws verifiedpermissions update-policy \ + --policy-id SPEXAMPLEabcdefg111111 \ + --definition file://updated-definition.txt \ --policy-store-id PSEXAMPLEabcdefg111111 The ``statement`` parameter takes a string representation of a JSON object. It contains embedded quotation marks (") within the outermost quotation mark pair. This requires you to convert the JSON to a string by preceding all embedded quotation marks with a backslash character ( \" ) and combining all lines into a single text line with no line breaks. -Example strings can be displayed wrapped across multiple lines here for readability, but the operation requires the parameters be submitted as single line strings. +You can display example strings wrapped across multiple lines for readability, but the operation requires the parameters to be submitted as single-line strings. -Contents of file ``definition.txt``:: +Contents of file ``updated-definition.txt``:: { "static": { - "description": "Grant everyone of janeFriends UserGroup access to the vacationFolder Album", - "statement": "permit(principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );" + "description": "Updated policy to grant janeFriends UserGroup access to the vacationFolder Album with view action only", + "statement": "permit(principal in UserGroup::\"janeFriends\", action == Action::\"view\", resource in Album::\"vacationFolder\" );" } } @@ -37,73 +38,4 @@ Output:: } } -**Example 2: To create a static policy that grants access to a resource to everyone** - -The following ``create-policy`` example creates a static policy with a policy scope that specifies only a resource. :: - - aws verifiedpermissions create-policy \ - --definition file://definition2.txt \ - --policy-store-id PSEXAMPLEabcdefg111111 - -Contents of file ``definition2.txt``:: - - { - "static": { - "description": "Grant everyone access to the publicFolder Album", - "statement": "permit(principal, action, resource in Album::\"publicFolder\");" - } - } - -Output:: - - { - "createdDate": "2023-06-12T20:39:44.975897+00:00", - "lastUpdatedDate": "2023-06-12T20:39:44.975897+00:00", - "policyId": "PbfR73F8oh5MMfr9uRtFDB", - "policyStoreId": "PSEXAMPLEabcdefg222222", - "policyType": "STATIC", - "resource": { - "entityId": "publicFolder", - "entityType": "Album" - } - } - -**Example 3: To create a template-linked policy that is associated with the specified template** - -The following ``create-policy`` example creates a template-linked policy using the specified policy template and associates the specified principal to use with the new template-linked policy. :: - - aws verifiedpermissions create-policy \ - --definition file://definition2.txt \ - --policy-store-id PSEXAMPLEabcdefg111111 - -Contents of definition3.txt:: - - { - "templateLinked": { - "policyTemplateId": "PTEXAMPLEabcdefg111111", - "principal": { - "entityType": "User", - "entityId": "alice" - } - } - } - -Output:: - - { - "createdDate": "2023-06-12T20:49:51.490211+00:00", - "lastUpdatedDate": "2023-06-12T20:49:51.490211+00:00", - "policyId": "TPEXAMPLEabcdefg111111", - "policyStoreId": "PSEXAMPLEabcdefg111111", - "policyType": "TEMPLATE_LINKED", - "principal": { - "entityId": "alice", - "entityType": "User" - }, - "resource": { - "entityId": "VacationPhoto94.jpg", - "entityType": "Photo" - } - } - -For more information about policies, see `Amazon Verified Permissions policies `__ in the *Amazon Verified Permissions User Guide*. \ No newline at end of file +For more information about policies, see `Amazon Verified Permissions policies `__ in the *Amazon Verified Permissions User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/create-resource-configuration.rst 2.31.35-1/awscli/examples/vpc-lattice/create-resource-configuration.rst --- 2.23.6-1/awscli/examples/vpc-lattice/create-resource-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/create-resource-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**To create a resource configuration** + +The following ``create-resource-configuration`` example creates a resource configuration that specifies a single IPv4 address. :: + + aws vpc-lattice create-resource-configuration \ + --name my-resource-config \ + --type SINGLE \ + --resource-gateway-identifier rgw-0bba03f3d56060135 \ + --resource-configuration-definition 'ipResource={ipAddress=10.0.14.85}' + +Output:: + + { + "allowAssociationToShareableServiceNetwork": true, + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-07129f3acded87625", + "id": "rcfg-07129f3acded87625", + "name": "my-resource-config", + "portRanges": [ + "1-65535" + ], + "protocol": "TCP", + "resourceConfigurationDefinition": { + "ipResource": { + "ipAddress": "10.0.14.85" + } + }, + "resourceGatewayId": "rgw-0bba03f3d56060135", + "status": "ACTIVE", + "type": "SINGLE" + } + +For more information, see `Resource configurations for VPC resources `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/create-resource-gateway.rst 2.31.35-1/awscli/examples/vpc-lattice/create-resource-gateway.rst --- 2.23.6-1/awscli/examples/vpc-lattice/create-resource-gateway.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/create-resource-gateway.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To create a resource gateway** + +The following ``create-resource-gateway`` example creates a resource gateway for the specified subnet. :: + + aws vpc-lattice create-resource-gateway \ + --name my-resource-gateway \ + --vpc-identifier vpc-0bf4c2739bc05a69 \ + --subnet-ids subnet-08e8943905b63a683 + +Output:: + + { + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourcegateway/rgw-0bba03f3d56060135", + "id": "rgw-0bba03f3d56060135", + "ipAddressType": "IPV4", + "name": "my-resource-gateway", + "securityGroupIds": [ + "sg-087ffd596c5fe962c" + ], + "status": "ACTIVE", + "subnetIds": [ + "subnet-08e8943905b63a683" + ], + "vpcIdentifier": "vpc-0bf4c2739bc05a694" + } + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/delete-resource-configuration.rst 2.31.35-1/awscli/examples/vpc-lattice/delete-resource-configuration.rst --- 2.23.6-1/awscli/examples/vpc-lattice/delete-resource-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/delete-resource-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,10 @@ +**To delete a resource configuration** + +The following ``delete-resource-configuration`` example deletes the specified resource configuration. :: + + aws vpc-lattice delete-resource-configuration \ + --resource-configuration-identifier rcfg-07129f3acded87625 + +This command produces no output. + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/delete-resource-gateway.rst 2.31.35-1/awscli/examples/vpc-lattice/delete-resource-gateway.rst --- 2.23.6-1/awscli/examples/vpc-lattice/delete-resource-gateway.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/delete-resource-gateway.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,17 @@ +**To delete a resource gateway** + +The following ``delete-resource-gateway`` example deletes the specified resource gateway. :: + + aws vpc-lattice delete-resource-gateway \ + --resource-gateway-identifier rgw-0bba03f3d56060135 + +Output:: + + { + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourcegateway/rgw-0bba03f3d56060135", + "id": "rgw-0bba03f3d56060135", + "name": "my-resource-gateway", + "status": "DELETE_IN_PROGRESS" + } + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/get-resource-configuration.rst 2.31.35-1/awscli/examples/vpc-lattice/get-resource-configuration.rst --- 2.23.6-1/awscli/examples/vpc-lattice/get-resource-configuration.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/get-resource-configuration.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,32 @@ +**To get information about a resource configuration** + +The following ``get-resource-configuration`` example gets information about the specified resource configuration. :: + + aws vpc-lattice get-resource-configuration \ + --resource-configuration-identifier rcfg-07129f3acded87625 + +Output:: + + { + "allowAssociationToShareableServiceNetwork": true, + "amazonManaged": false, + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-07129f3acded87625", + "createdAt": "2025-02-01T00:57:35.871000+00:00", + "id": "rcfg-07129f3acded87625", + "lastUpdatedAt": "2025-02-01T00:57:46.874000+00:00", + "name": "my-resource-config", + "portRanges": [ + "1-65535" + ], + "protocol": "TCP", + "resourceConfigurationDefinition": { + "ipResource": { + "ipAddress": "10.0.14.85" + } + }, + "resourceGatewayId": "rgw-0bba03f3d56060135", + "status": "ACTIVE", + "type": "SINGLE" + } + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/get-resource-gateway.rst 2.31.35-1/awscli/examples/vpc-lattice/get-resource-gateway.rst --- 2.23.6-1/awscli/examples/vpc-lattice/get-resource-gateway.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/get-resource-gateway.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,27 @@ +**To get information about a resource gateway** + +The following ``get-resource-gateway`` example gets information about the specified resource gateway. :: + + aws vpc-lattice get-resource-gateway \ + --resource-gateway-identifier rgw-0bba03f3d56060135 + +Output:: + + { + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourcegateway/rgw-0bba03f3d56060135", + "createdAt": "2025-02-01T00:57:33.241000+00:00", + "id": "rgw-0bba03f3d56060135", + "ipAddressType": "IPV4", + "lastUpdatedAt": "2025-02-01T00:57:44.351000+00:00", + "name": "my-resource-gateway", + "securityGroupIds": [ + "sg-087ffd596c5fe962c" + ], + "status": "ACTIVE", + "subnetIds": [ + "subnet-08e8943905b63a683" + ], + "vpcId": "vpc-0bf4c2739bc05a694" + } + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/list-resource-configurations.rst 2.31.35-1/awscli/examples/vpc-lattice/list-resource-configurations.rst --- 2.23.6-1/awscli/examples/vpc-lattice/list-resource-configurations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/list-resource-configurations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,25 @@ +**To list your resource configurations** + +The following ``list-resource-configurations`` example lists your resource configurations. :: + + aws vpc-lattice list-resource-configurations + +Output:: + + { + "items": [ + { + "amazonManaged": false, + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-07129f3acded87625", + "createdAt": "2025-02-01T00:57:35.871000+00:00", + "id": "rcfg-07129f3acded87625", + "lastUpdatedAt": "2025-02-01T00:57:46.874000+00:00", + "name": "my-resource-config", + "resourceGatewayId": "rgw-0bba03f3d56060135", + "status": "ACTIVE", + "type": "SINGLE" + } + ] + } + +For more information, see `Resource configurations `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/list-resource-endpoint-associations.rst 2.31.35-1/awscli/examples/vpc-lattice/list-resource-endpoint-associations.rst --- 2.23.6-1/awscli/examples/vpc-lattice/list-resource-endpoint-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/list-resource-endpoint-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,24 @@ +**To list the VPC endpoint associations** + +The following ``list-resource-endpoint-associations`` example lists the VPC endpoints associated with the specified resource configuration. :: + + aws vpc-lattice list-resource-endpoint-associations \ + --resource-configuration-identifier rcfg-07129f3acded87625 + +Output:: + + { + "items": [ + { + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceendpointassociation/rea-0956a7435baf89326", + "createdAt": "2025-02-01T00:57:38.998000+00:00", + "id": "rea-0956a7435baf89326", + "resourceConfigurationArn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourceconfiguration/rcfg-07129f3acded87625", + "resourceConfigurationId": "rcfg-07129f3acded87625", + "vpcEndpointId": "vpce-019b90d6f16d4f958", + "vpcEndpointOwner": "123456789012" + } + ] + } + +For more information, see `Manage associations for a VPC Lattice resource configuration `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/list-resource-gateways.rst 2.31.35-1/awscli/examples/vpc-lattice/list-resource-gateways.rst --- 2.23.6-1/awscli/examples/vpc-lattice/list-resource-gateways.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/list-resource-gateways.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,30 @@ +**To list your resource gateways** + +The following ``list-resource-gateways`` example lists your resource gateways. :: + + aws vpc-lattice list-resource-gateways + +Output:: + + { + "items": [ + { + "arn": "arn:aws:vpc-lattice:us-east-1:123456789012:resourcegateway/rgw-0bba03f3d56060135", + "createdAt": "2025-02-01T00:57:33.241000+00:00", + "id": "rgw-0bba03f3d56060135", + "ipAddressType": "IPV4", + "lastUpdatedAt": "2025-02-01T00:57:44.351000+00:00", + "name": "my-resource-gateway", + "seurityGroupIds": [ + "sg-087ffd596c5fe962c" + ], + "status": "ACTIVE", + "subnetIds": [ + "subnet-08e8943905b63a683" + ], + "vpcIdentifier": "vpc-0bf4c2739bc05a694" + } + ] + } + +For more information, see `Resource gateways in VPC Lattice `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/vpc-lattice/list-service-network-vpc-endpoint-associations.rst 2.31.35-1/awscli/examples/vpc-lattice/list-service-network-vpc-endpoint-associations.rst --- 2.23.6-1/awscli/examples/vpc-lattice/list-service-network-vpc-endpoint-associations.rst 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/examples/vpc-lattice/list-service-network-vpc-endpoint-associations.rst 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,22 @@ +**To list the VPC endpoint associations** + +The following ``list-service-network-vpc-endpoint-associations`` example lists the VPC endpoints associated with the specific service network. :: + + aws vpc-lattice list-service-network-vpc-endpoint-associations \ + --service-network-identifier sn-0808d1748faee0c1e + +Output:: + + { + "items": [ + { + "createdAt": "2025-02-01T01:21:36.667000+00:00", + "serviceNetworkArn": "arn:aws:vpc-lattice:us-east-1:123456789012:servicenetwork/sn-0808d1748faee0c1e", + "state": "ACTIVE", + "vpcEndpointId": "vpce-0cc199f605eaeace7", + "vpcEndpointOwnerId": "123456789012" + } + ] + } + +For more information, see `Manage the associations for a VPC Lattice service network `__ in the *Amazon VPC Lattice User Guide*. diff -pruN 2.23.6-1/awscli/examples/workspaces/describe-workspace-directories.rst 2.31.35-1/awscli/examples/workspaces/describe-workspace-directories.rst --- 2.23.6-1/awscli/examples/workspaces/describe-workspace-directories.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/workspaces/describe-workspace-directories.rst 2025-11-12 19:17:29.000000000 +0000 @@ -28,7 +28,6 @@ Output:: "WorkspaceSecurityGroupId": "sg-0d89e927e5645d7c5", "State": "REGISTERED", "WorkspaceCreationProperties": { - "EnableWorkDocs": false, "EnableInternetAccess": false, "UserEnabledAsLocalAdministrator": true, "EnableMaintenanceMode": true @@ -55,4 +54,4 @@ Output:: ] } -For more information, see `Manage directories for WorkSpaces `__ in the *Amazon WorkSpaces Administration Guide*. +For more information, see `Manage directories for WorkSpaces Personal `__ in the *Amazon WorkSpaces Administration Guide*. diff -pruN 2.23.6-1/awscli/examples/workspaces/register-workspace-directory.rst 2.31.35-1/awscli/examples/workspaces/register-workspace-directory.rst --- 2.23.6-1/awscli/examples/workspaces/register-workspace-directory.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/examples/workspaces/register-workspace-directory.rst 2025-11-12 19:17:29.000000000 +0000 @@ -3,9 +3,8 @@ The following ``register-workspace-directory`` example registers the specified directory for use with Amazon WorkSpaces. :: aws workspaces register-workspace-directory \ - --directory-id d-926722edaf \ - --no-enable-work-docs + --directory-id d-926722edaf This command produces no output. -For more information, see `Register a directory with WorkSpaces `__ in the *Amazon WorkSpaces Administration Guide*. +For more information, see `Register an existing AWS Directory Service directory with WorkSpaces Personal `__ in the *Amazon WorkSpaces Administration Guide*. diff -pruN 2.23.6-1/awscli/formatter.py 2.31.35-1/awscli/formatter.py --- 2.23.6-1/awscli/formatter.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/formatter.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,16 +14,14 @@ import logging from datetime import datetime from botocore.compat import json -from botocore.utils import set_value_from_jmespath from botocore.paginate import PageIterator +from botocore.utils import set_value_from_jmespath from ruamel.yaml import YAML -from awscli.table import MultiTable, Styler, ColorizedStyler -from awscli import text -from awscli import compat +from awscli import compat, text +from awscli.table import ColorizedStyler, MultiTable, Styler from awscli.utils import json_encoder - LOG = logging.getLogger(__name__) @@ -31,7 +29,7 @@ def is_response_paginated(response): return isinstance(response, PageIterator) -class Formatter(object): +class Formatter: def __init__(self, args): self._args = args @@ -60,7 +58,7 @@ class Formatter(object): def _flush_stream(self, stream): try: stream.flush() - except IOError: + except OSError: pass @@ -71,6 +69,7 @@ class FullyBufferedFormatter(Formatter): # so that if anything wraps stdout we'll pick up those changes # (specifically colorama on windows wraps stdout). stream = self._get_default_stream() + compat.set_preferred_output_encoding(stream) # I think the interfaces between non-paginated # and paginated responses can still be cleaned up. if is_response_paginated(response): @@ -78,10 +77,11 @@ class FullyBufferedFormatter(Formatter): else: response_data = response response_data = self._get_transformed_response_for_output( - response_data) + response_data + ) try: self._format_response(command_name, response_data, stream) - except IOError as e: + except OSError: # If the reading end of our stdout stream has closed the file # we can just exit. pass @@ -92,19 +92,23 @@ class FullyBufferedFormatter(Formatter): class JSONFormatter(FullyBufferedFormatter): - def _format_response(self, command_name, response, stream): # For operations that have no response body (e.g. s3 put-object) # the response will be an empty string. We don't want to print # that out to the user but other "falsey" values like an empty # dictionary should be printed. if response != {}: - json.dump(response, stream, indent=4, default=json_encoder, - ensure_ascii=False) + json.dump( + response, + stream, + indent=4, + default=json_encoder, + ensure_ascii=False, + ) stream.write('\n') -class YAMLDumper(object): +class YAMLDumper: def __init__(self): self._yaml = YAML(typ='safe') # Encoding is set to None because we handle the encoding by @@ -157,6 +161,7 @@ class StreamedYAMLFormatter(Formatter): def __call__(self, command_name, response, stream=None): if stream is None: stream = self._get_default_stream() + compat.set_preferred_output_encoding(stream) response_stream = self._get_response_stream(response) for response in response_stream: try: @@ -165,7 +170,7 @@ class StreamedYAMLFormatter(Formatter): # response. We go with the latter so we can reuse our YAML # dumper self._yaml_dumper.dump([response], stream) - except IOError: + except OSError: # If the reading end of our stdout stream has closed the file # we can just exit. return @@ -178,7 +183,8 @@ class StreamedYAMLFormatter(Formatter): def _get_response_stream(self, response): if is_response_paginated(response): return compat.imap( - self._get_transformed_response_for_output, response) + self._get_transformed_response_for_output, response + ) else: output = self._get_transformed_response_for_output(response) if output == {}: @@ -196,19 +202,23 @@ class TableFormatter(FullyBufferedFormat using the output definition from the model. """ + def __init__(self, args, table=None): super(TableFormatter, self).__init__(args) if args.color == 'auto': - self.table = MultiTable(initial_section=False, - column_separator='|') + self.table = MultiTable( + initial_section=False, column_separator='|' + ) elif args.color == 'off': styler = Styler() - self.table = MultiTable(initial_section=False, - column_separator='|', styler=styler) + self.table = MultiTable( + initial_section=False, column_separator='|', styler=styler + ) elif args.color == 'on': styler = ColorizedStyler() - self.table = MultiTable(initial_section=False, - column_separator='|', styler=styler) + self.table = MultiTable( + initial_section=False, column_separator='|', styler=styler + ) else: raise ValueError("Unknown color option: %s" % args.color) @@ -216,7 +226,7 @@ class TableFormatter(FullyBufferedFormat if self._build_table(command_name, response): try: self.table.render(stream) - except IOError: + except OSError: # If they're piping stdout to another process which exits before # we're done writing all of our output, we'll get an error about a # closed pipe which we can safely ignore. @@ -257,8 +267,9 @@ class TableFormatter(FullyBufferedFormat self.table.add_row_header(headers) self.table.add_row([current[k] for k in headers]) for remaining in more: - self._build_table(remaining, current[remaining], - indent_level=indent_level + 1) + self._build_table( + remaining, current[remaining], indent_level=indent_level + 1 + ) def _build_sub_table_from_list(self, current, indent_level, title): headers, more = self._group_scalar_keys_from_list(current) @@ -266,8 +277,7 @@ class TableFormatter(FullyBufferedFormat first = True for element in current: if not first and more: - self.table.new_section(title, - indent_level=indent_level) + self.table.new_section(title, indent_level=indent_level) self.table.add_row_header(headers) first = False # Use .get() to account for the fact that sometimes an element @@ -278,8 +288,11 @@ class TableFormatter(FullyBufferedFormat # be in every single element of the list, so we need to # check this condition before recursing. if remaining in element: - self._build_table(remaining, element[remaining], - indent_level=indent_level + 1) + self._build_table( + remaining, + element[remaining], + indent_level=indent_level + 1, + ) def _scalar_type(self, element): return not isinstance(element, (list, dict)) @@ -315,7 +328,6 @@ class TableFormatter(FullyBufferedFormat class TextFormatter(Formatter): - def __call__(self, command_name, response, stream=None): if stream is None: stream = self._get_default_stream() @@ -331,9 +343,7 @@ class TextFormatter(Formatter): for result_key in result_keys: data = result_key.search(page) set_value_from_jmespath( - current, - result_key.expression, - data + current, result_key.expression, data ) self._format_response(current, stream) if response.resume_token: @@ -341,7 +351,8 @@ class TextFormatter(Formatter): # if they want. self._format_response( {'NextToken': {'NextToken': response.resume_token}}, - stream) + stream, + ) else: self._remove_request_id(response) self._format_response(response, stream) diff -pruN 2.23.6-1/awscli/handlers.py 2.31.35-1/awscli/handlers.py --- 2.23.6-1/awscli/handlers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/handlers.py 2025-11-12 19:17:29.000000000 +0000 @@ -16,93 +16,119 @@ This is a collection of built in CLI ext registered with the event system. """ + +from awscli.alias import register_alias_commands from awscli.argprocess import ParamShorthandParser -from awscli.customizations.ec2instanceconnect import register_ec2_instance_connect_commands -from awscli.paramfile import register_uri_param_handler from awscli.clidriver import no_pager_handler from awscli.customizations import datapipeline from awscli.customizations.addexamples import add_examples from awscli.customizations.argrename import register_arg_renames from awscli.customizations.assumerole import register_assume_role_provider from awscli.customizations.awslambda import register_lambda_create_function +from awscli.customizations.binaryformat import add_binary_formatter from awscli.customizations.cliinput import register_cli_input_args -from awscli.customizations.cloudformation import initialize as cloudformation_init +from awscli.customizations.cloudformation import ( + initialize as cloudformation_init, +) from awscli.customizations.cloudfront import register as register_cloudfront from awscli.customizations.cloudsearch import initialize as cloudsearch_init from awscli.customizations.cloudsearchdomain import register_cloudsearchdomain from awscli.customizations.cloudtrail import initialize as cloudtrail_init from awscli.customizations.codeartifact import register_codeartifact_commands from awscli.customizations.codecommit import initialize as codecommit_init -from awscli.customizations.codedeploy.codedeploy import initialize as \ - codedeploy_init +from awscli.customizations.codedeploy.codedeploy import ( + initialize as codedeploy_init, +) from awscli.customizations.configservice.getstatus import register_get_status -from awscli.customizations.configservice.putconfigurationrecorder import \ - register_modify_put_configuration_recorder -from awscli.customizations.configservice.rename_cmd import \ - register_rename_config +from awscli.customizations.configservice.putconfigurationrecorder import ( + register_modify_put_configuration_recorder, +) +from awscli.customizations.configservice.rename_cmd import ( + register_rename_config, +) from awscli.customizations.configservice.subscribe import register_subscribe from awscli.customizations.configure.configure import register_configure_cmd +from awscli.customizations.devcommands import register_dev_commands +from awscli.customizations.dlm.dlm import dlm_initialize +from awscli.customizations.dsql import register_dsql_customizations from awscli.customizations.dynamodb.ddb import register_ddb -from awscli.customizations.dynamodb.paginatorfix import \ - register_dynamodb_paginator_fix -from awscli.customizations.history import register_history_mode -from awscli.customizations.history import register_history_commands +from awscli.customizations.dynamodb.paginatorfix import ( + register_dynamodb_paginator_fix, +) from awscli.customizations.ec2.addcount import register_count_events from awscli.customizations.ec2.bundleinstance import register_bundleinstance from awscli.customizations.ec2.decryptpassword import ec2_add_priv_launch_key +from awscli.customizations.ec2.paginate import register_ec2_page_size_injector from awscli.customizations.ec2.protocolarg import register_protocol_args from awscli.customizations.ec2.runinstances import register_runinstances from awscli.customizations.ec2.secgroupsimplify import register_secgroup -from awscli.customizations.ec2.paginate import register_ec2_page_size_injector +from awscli.customizations.ec2instanceconnect import ( + register_ec2_instance_connect_commands, +) from awscli.customizations.ecr import register_ecr_commands from awscli.customizations.ecr_public import register_ecr_public_commands -from awscli.customizations.emr.emr import emr_initialize -from awscli.customizations.emrcontainers import \ - initialize as emrcontainers_initialize -from awscli.customizations.eks import initialize as eks_initialize from awscli.customizations.ecs import initialize as ecs_initialize +from awscli.customizations.eks import initialize as eks_initialize +from awscli.customizations.emr.emr import emr_initialize +from awscli.customizations.emrcontainers import ( + initialize as emrcontainers_initialize, +) from awscli.customizations.gamelift import register_gamelift_commands -from awscli.customizations.generatecliskeleton import \ - register_generate_cli_skeleton +from awscli.customizations.generatecliskeleton import ( + register_generate_cli_skeleton, +) from awscli.customizations.globalargs import register_parse_global_args +from awscli.customizations.history import ( + register_history_commands, + register_history_mode, +) from awscli.customizations.iamvirtmfa import IAMVMFAWrapper -from awscli.customizations.iot import register_create_keys_and_cert_arguments -from awscli.customizations.iot import register_create_keys_from_csr_arguments +from awscli.customizations.iot import ( + register_create_keys_and_cert_arguments, + register_create_keys_from_csr_arguments, +) from awscli.customizations.iot_data import register_custom_endpoint_note +from awscli.customizations.kinesis import ( + register_kinesis_list_streams_pagination_backcompat, +) from awscli.customizations.kms import register_fix_kms_create_grant_docs -from awscli.customizations.dlm.dlm import dlm_initialize -from awscli.customizations.opsworks import initialize as opsworks_init +from awscli.customizations.lightsail import initialize as lightsail_initialize +from awscli.customizations.logs import register_logs_commands from awscli.customizations.paginate import register_pagination from awscli.customizations.putmetricdata import register_put_metric_data -from awscli.customizations.rds import register_rds_modify_split -from awscli.customizations.rds import register_add_generate_db_auth_token -from awscli.customizations.dsql import register_dsql_customizations -from awscli.customizations.rekognition import register_rekognition_detect_labels +from awscli.customizations.quicksight import ( + register_quicksight_asset_bundle_customizations, +) +from awscli.customizations.rds import ( + register_add_generate_db_auth_token, + register_rds_modify_split, +) +from awscli.customizations.rekognition import ( + register_rekognition_detect_labels, +) from awscli.customizations.removals import register_removals from awscli.customizations.route53 import register_create_hosted_zone_doc_fix from awscli.customizations.s3.s3 import s3_plugin_initialize from awscli.customizations.s3errormsg import register_s3_error_msg -from awscli.customizations.timestampformat import register_timestamp_format +from awscli.customizations.s3events import ( + register_document_expires_string, + register_event_stream_arg, +) +from awscli.customizations.servicecatalog import ( + register_servicecatalog_commands, +) from awscli.customizations.sessendemail import register_ses_send_email +from awscli.customizations.sessionmanager import register_ssm_session from awscli.customizations.sso import register_sso_commands from awscli.customizations.streamingoutputarg import add_streaming_output_arg -from awscli.customizations.translate import register_translate_import_terminology +from awscli.customizations.timestampformat import register_timestamp_format from awscli.customizations.toplevelbool import register_bool_params +from awscli.customizations.translate import ( + register_translate_import_terminology, +) from awscli.customizations.waiters import register_add_waiters -from awscli.customizations.opsworkscm import register_alias_opsworks_cm -from awscli.customizations.servicecatalog import register_servicecatalog_commands -from awscli.customizations.s3events import register_event_stream_arg, register_document_expires_string -from awscli.customizations.sessionmanager import register_ssm_session -from awscli.customizations.logs import register_logs_commands -from awscli.customizations.devcommands import register_dev_commands from awscli.customizations.wizard.commands import register_wizard_commands -from awscli.customizations.binaryformat import add_binary_formatter -from awscli.customizations.lightsail import initialize as lightsail_initialize -from awscli.alias import register_alias_commands -from awscli.customizations.kinesis import \ - register_kinesis_list_streams_pagination_backcompat -from awscli.customizations.quicksight import \ - register_quicksight_asset_bundle_customizations +from awscli.paramfile import register_uri_param_handler def awscli_initialize(event_handlers): @@ -114,23 +140,25 @@ def awscli_initialize(event_handlers): # The s3 error mesage needs to registered before the # generic error handler. register_s3_error_msg(event_handlers) -# # The following will get fired for every option we are -# # documenting. It will attempt to add an example_fn on to -# # the parameter object if the parameter supports shorthand -# # syntax. The documentation event handlers will then use -# # the examplefn to generate the sample shorthand syntax -# # in the docs. Registering here should ensure that this -# # handler gets called first but it still feels a bit brittle. -# event_handlers.register('doc-option-example.*.*.*', -# param_shorthand.add_example_fn) - event_handlers.register('doc-examples.*.*', - add_examples) + # # The following will get fired for every option we are + # # documenting. It will attempt to add an example_fn on to + # # the parameter object if the parameter supports shorthand + # # syntax. The documentation event handlers will then use + # # the examplefn to generate the sample shorthand syntax + # # in the docs. Registering here should ensure that this + # # handler gets called first but it still feels a bit brittle. + # event_handlers.register('doc-option-example.*.*.*', + # param_shorthand.add_example_fn) + event_handlers.register('doc-examples.*.*', add_examples) register_cli_input_args(event_handlers) - event_handlers.register('building-argument-table.*', - add_streaming_output_arg) + event_handlers.register( + 'building-argument-table.*', add_streaming_output_arg + ) register_count_events(event_handlers) - event_handlers.register('building-argument-table.ec2.get-password-data', - ec2_add_priv_launch_key) + event_handlers.register( + 'building-argument-table.ec2.get-password-data', + ec2_add_priv_launch_key, + ) register_parse_global_args(event_handlers) register_pagination(event_handlers) register_secgroup(event_handlers) @@ -169,7 +197,6 @@ def awscli_initialize(event_handlers): register_get_status(event_handlers) register_rename_config(event_handlers) register_timestamp_format(event_handlers) - opsworks_init(event_handlers) register_lambda_create_function(event_handlers) register_fix_kms_create_grant_docs(event_handlers) register_create_hosted_zone_doc_fix(event_handlers) @@ -179,15 +206,16 @@ def awscli_initialize(event_handlers): register_custom_endpoint_note(event_handlers) event_handlers.register( 'building-argument-table.iot.create-keys-and-certificate', - register_create_keys_and_cert_arguments) + register_create_keys_and_cert_arguments, + ) event_handlers.register( 'building-argument-table.iot.create-certificate-from-csr', - register_create_keys_from_csr_arguments) + register_create_keys_from_csr_arguments, + ) register_cloudfront(event_handlers) register_gamelift_commands(event_handlers) register_ec2_page_size_injector(event_handlers) cloudformation_init(event_handlers) - register_alias_opsworks_cm(event_handlers) register_servicecatalog_commands(event_handlers) register_translate_import_terminology(event_handlers) register_history_mode(event_handlers) diff -pruN 2.23.6-1/awscli/help.py 2.31.35-1/awscli/help.py --- 2.23.6-1/awscli/help.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/help.py 2025-11-12 19:17:29.000000000 +0000 @@ -12,49 +12,73 @@ # language governing permissions and limitations under the License. import logging import os -import sys import platform import shlex -from subprocess import Popen, PIPE +import sys +import tempfile +import webbrowser +from subprocess import PIPE, Popen +from botocore.exceptions import ProfileNotFound from docutils.core import publish_string -from docutils.writers import manpage - -from awscli.clidocs import ProviderDocumentEventHandler -from awscli.clidocs import ServiceDocumentEventHandler -from awscli.clidocs import OperationDocumentEventHandler -from awscli.clidocs import TopicListerDocumentEventHandler -from awscli.clidocs import TopicDocumentEventHandler +from docutils.writers import ( + html4css1, + manpage, +) + +from awscli import ( + _DEFAULT_BASE_REMOTE_URL, +) +from awscli.argparser import ArgTableArgParser +from awscli.argprocess import ParamShorthandParser from awscli.bcdoc import docevents from awscli.bcdoc.restdoc import ReSTDocument from awscli.bcdoc.textwriter import TextWriter -from awscli.argprocess import ParamShorthandParser -from awscli.argparser import ArgTableArgParser +from awscli.clidocs import ( + OperationDocumentEventHandler, + ProviderDocumentEventHandler, + ServiceDocumentEventHandler, + TopicDocumentEventHandler, + TopicListerDocumentEventHandler, +) from awscli.topictags import TopicTagDB from awscli.utils import ignore_ctrl_c - LOG = logging.getLogger('awscli.help') +REF_PATH = 'reference' +TUT_PATH = 'tutorial' +TOPIC_PATH = 'topic' + class ExecutableNotFoundError(Exception): def __init__(self, executable_name): - super(ExecutableNotFoundError, self).__init__( - 'Could not find executable named "%s"' % executable_name) + super().__init__( + f'Could not find executable named "{executable_name}"' + ) -def get_renderer(): +def get_renderer(help_output): """ Return the appropriate HelpRenderer implementation for the current platform. """ + if platform.system() == 'Windows': + if help_output == "browser": + return WindowsBrowserHelpRenderer() + elif help_output == "url": + return WindowsPagingHelpRenderer() return WindowsHelpRenderer() else: + if help_output == "browser": + return PosixBrowserHelpRenderer() + elif help_output == "url": + return PosixPagingHelpRenderer() return PosixHelpRenderer() -class PagingHelpRenderer(object): +class HelpRenderer: """ Interface for a help renderer. @@ -62,9 +86,38 @@ class PagingHelpRenderer(object): a particular platform. """ + def __init__(self, output_stream=sys.stdout): self.output_stream = output_stream + def render(self, contents): + """ + Each implementation of HelpRenderer must implement this + render method. + """ + converted_content = self._convert_doc_content(contents) + self._send_output_to_destination(converted_content) + + def _send_output_to_destination(self, output): + """ + Each implementation of HelpRenderer must implement this + method. + """ + raise NotImplementedError + + def _popen(self, *args, **kwargs): + return Popen(*args, **kwargs) + + def _convert_doc_content(self, contents): + return contents + + +class PagingHelpRenderer(HelpRenderer): + """Interface for a help renderer. + + This sends output to the pager. + """ + PAGER = None _DEFAULT_DOCUTILS_SETTINGS_OVERRIDES = { # The default for line length limit in docutils is 10,000. However, @@ -85,13 +138,8 @@ class PagingHelpRenderer(object): pager = os.environ['PAGER'] return shlex.split(pager) - def render(self, contents): - """ - Each implementation of HelpRenderer must implement this - render method. - """ - converted_content = self._convert_doc_content(contents) - self._send_output_to_pager(converted_content) + def _send_output_to_destination(self, output): + self._send_output_to_pager(output) def _send_output_to_pager(self, output): cmdline = self.get_pager_cmdline() @@ -99,14 +147,48 @@ class PagingHelpRenderer(object): p = self._popen(cmdline, stdin=PIPE) p.communicate(input=output) - def _popen(self, *args, **kwargs): - return Popen(*args, **kwargs) - def _convert_doc_content(self, contents): - return contents +class BrowserHelpRenderer(HelpRenderer): + """ + Interface for a help renderer to a web browser. + + The renderer is responsible for displaying the help content on + a particular platform. + + """ + + def __init__(self, output_stream=sys.stdout): + self.output_stream = output_stream + + _DEFAULT_DOCUTILS_SETTINGS_OVERRIDES = { + # The default for line length limit in docutils is 10,000. However, + # currently in the documentation, it inlines all possible enums in + # the JSON syntax which exceeds this limit for some EC2 commands + # and prevents the manpages from being generated. + # This is a temporary fix to allow the manpages for these commands + # to be rendered. Long term, we should avoid enumerating over all + # enums inline for the JSON syntax snippets. + 'line_length_limit': 50_000 + } + def _send_output_to_destination(self, output): + self._send_output_to_browser(output) -class PosixHelpRenderer(PagingHelpRenderer): + def _send_output_to_browser(self, output): + html_file = tempfile.NamedTemporaryFile( + "wb", suffix=".html", delete=False + ) + html_file.write(output) + html_file.close() + + try: + print("Opening help file in the default browser.") + return webbrowser.open_new_tab(f'file://{html_file.name}') + except webbrowser.Error: + print('Failed to open browser:', file=sys.stderr) + + +class PosixPagingHelpRenderer(PagingHelpRenderer): """ Render help content on a Posix-like system. This includes Linux and MacOS X. @@ -114,29 +196,12 @@ class PosixHelpRenderer(PagingHelpRender PAGER = 'less -R' - def _convert_doc_content(self, contents): - settings_overrides = self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES.copy() - settings_overrides["report_level"] = 3 - man_contents = publish_string( - contents, writer=manpage.Writer(), - settings_overrides=self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES, - ) - if self._exists_on_path('groff'): - cmdline = ['groff', '-m', 'man', '-T', 'ascii'] - elif self._exists_on_path('mandoc'): - cmdline = ['mandoc', '-T', 'ascii'] - else: - raise ExecutableNotFoundError('groff or mandoc') - LOG.debug("Running command: %s", cmdline) - p3 = self._popen(cmdline, stdin=PIPE, stdout=PIPE, stderr=PIPE) - output = p3.communicate(input=man_contents)[0] - return output - def _send_output_to_pager(self, output): cmdline = self.get_pager_cmdline() if not self._exists_on_path(cmdline[0]): - LOG.debug("Pager '%s' not found in PATH, printing raw help." % - cmdline[0]) + LOG.debug( + f"Pager '{cmdline[0]}' not found in PATH, printing raw help." + ) self.output_stream.write(output.decode('utf-8') + "\n") self.output_stream.flush() return @@ -159,21 +224,80 @@ class PosixHelpRenderer(PagingHelpRender def _exists_on_path(self, name): # Since we're only dealing with POSIX systems, we can # ignore things like PATHEXT. - return any([os.path.exists(os.path.join(p, name)) - for p in os.environ.get('PATH', '').split(os.pathsep)]) + return any( + [ + os.path.exists(os.path.join(p, name)) + for p in os.environ.get('PATH', '').split(os.pathsep) + ] + ) -class WindowsHelpRenderer(PagingHelpRenderer): - """Render help content on a Windows platform.""" +class PosixHelpRenderer(PosixPagingHelpRenderer): + """ + Render help content on a Posix-like system. This includes + Linux and MacOS X. + """ + + def _convert_doc_content(self, contents): + settings_overrides = self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES.copy() + settings_overrides["report_level"] = 3 + man_contents = publish_string( + contents, + writer=manpage.Writer(), + settings_overrides=self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES, + ) + if self._exists_on_path('groff'): + cmdline = ['groff', '-m', 'man', '-T', 'ascii'] + elif self._exists_on_path('mandoc'): + cmdline = ['mandoc', '-T', 'ascii'] + else: + raise ExecutableNotFoundError('groff or mandoc') + LOG.debug("Running command: %s", cmdline) + p3 = self._popen(cmdline, stdin=PIPE, stdout=PIPE, stderr=PIPE) + output = p3.communicate(input=man_contents)[0] + return output - PAGER = 'more' + +class PosixBrowserHelpRenderer(BrowserHelpRenderer): + """ + Render help content in a browser on a Posix-like system. This includes + Linux and MacOS X. + """ def _convert_doc_content(self, contents): - text_output = publish_string( - contents, writer=TextWriter(), + settings_overrides = self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES.copy() + settings_overrides["report_level"] = 3 + man_contents = publish_string( + contents, + writer=manpage.Writer(), settings_overrides=self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES, ) - return text_output + if self._exists_on_path('groff'): + cmdline = ['groff', '-m', 'man', '-T', 'html'] + elif self._exists_on_path('mandoc'): + cmdline = ['mandoc', '-T', 'html'] + else: + raise ExecutableNotFoundError('groff or mandoc') + LOG.debug("Running command: %s", cmdline) + p3 = self._popen(cmdline, stdin=PIPE, stdout=PIPE, stderr=PIPE) + output = p3.communicate(input=man_contents)[0] + return output + + def _exists_on_path(self, name): + # Since we're only dealing with POSIX systems, we can + # ignore things like PATHEXT. + return any( + [ + os.path.exists(os.path.join(p, name)) + for p in os.environ.get('PATH', '').split(os.pathsep) + ] + ) + + +class WindowsPagingHelpRenderer(PagingHelpRenderer): + """Render help content on a Windows platform.""" + + PAGER = 'more' def _popen(self, *args, **kwargs): # Also set the shell value to True. To get any of the @@ -182,7 +306,31 @@ class WindowsHelpRenderer(PagingHelpRend return Popen(*args, **kwargs) -class HelpCommand(object): +class WindowsHelpRenderer(WindowsPagingHelpRenderer): + """Render help content on a Windows platform.""" + + def _convert_doc_content(self, contents): + text_output = publish_string( + contents, + writer=TextWriter(), + settings_overrides=self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES, + ) + return text_output + + +class WindowsBrowserHelpRenderer(BrowserHelpRenderer): + """Render help content in the browser on a Windows platform.""" + + def _convert_doc_content(self, contents): + text_output = publish_string( + contents, + writer=html4css1.Writer(), + settings_overrides=self._DEFAULT_DOCUTILS_SETTINGS_OVERRIDES, + ) + return text_output + + +class HelpCommand: """ HelpCommand Interface --------------------- @@ -237,8 +385,17 @@ class HelpCommand(object): self.arg_table = arg_table self._subcommand_table = {} self._related_items = [] - self.renderer = get_renderer() self.doc = ReSTDocument(target='man') + self._base_remote_url = _DEFAULT_BASE_REMOTE_URL + + try: + self._help_output_format = self.session.get_config_variable( + "cli_help_output" + ) + except ProfileNotFound: + self._help_output_format = None + + self.renderer = get_renderer(self._help_output_format) @property def event_class(self): @@ -280,8 +437,9 @@ class HelpCommand(object): subcommand_parser = ArgTableArgParser({}, self.subcommand_table) parsed, remaining = subcommand_parser.parse_known_args(args) if getattr(parsed, 'subcommand', None) is not None: - return self.subcommand_table[parsed.subcommand](remaining, - parsed_globals) + return self.subcommand_table[parsed.subcommand]( + remaining, parsed_globals + ) # Create an event handler for a Provider Document instance = self.EventHandlerClass(self) @@ -289,7 +447,10 @@ class HelpCommand(object): # We pass ourselves along so that we can, in turn, get passed # to all event handlers. docevents.generate_events(self.session, self) - self.renderer.render(self.doc.getvalue()) + if self._help_output_format == 'url': + self.renderer.render(self.url.encode()) + else: + self.renderer.render(self.doc.getvalue()) instance.unregister() @@ -299,12 +460,19 @@ class ProviderHelpCommand(HelpCommand): This is what is called when ``aws help`` is run. """ + EventHandlerClass = ProviderDocumentEventHandler - def __init__(self, session, command_table, arg_table, - description, synopsis, usage): - HelpCommand.__init__(self, session, None, - command_table, arg_table) + def __init__( + self, + session, + command_table, + arg_table, + description, + synopsis, + usage, + ): + HelpCommand.__init__(self, session, None, command_table, arg_table) self.description = description self.synopsis = synopsis self.help_usage = usage @@ -321,6 +489,10 @@ class ProviderHelpCommand(HelpCommand): return 'aws' @property + def url(self): + return f"{self._base_remote_url}/index.html" + + @property def subcommand_table(self): if self._subcommand_table is None: if self._topic_tag_db is None: @@ -353,10 +525,10 @@ class ServiceHelpCommand(HelpCommand): EventHandlerClass = ServiceDocumentEventHandler - def __init__(self, session, obj, command_table, arg_table, name, - event_class): - super(ServiceHelpCommand, self).__init__(session, obj, command_table, - arg_table) + def __init__( + self, session, obj, command_table, arg_table, name, event_class + ): + super().__init__(session, obj, command_table, arg_table) self._name = name self._event_class = event_class @@ -368,6 +540,10 @@ class ServiceHelpCommand(HelpCommand): def name(self): return self._name + @property + def url(self): + return f"{self._base_remote_url}/{REF_PATH}/{self.name}/index.html" + class OperationHelpCommand(HelpCommand): """Implements operation level help. @@ -376,10 +552,10 @@ class OperationHelpCommand(HelpCommand): e.g. ``aws ec2 describe-instances help``. """ + EventHandlerClass = OperationDocumentEventHandler - def __init__(self, session, operation_model, arg_table, name, - event_class): + def __init__(self, session, operation_model, arg_table, name, event_class): HelpCommand.__init__(self, session, operation_model, None, arg_table) self.param_shorthand = ParamShorthandParser() self._name = name @@ -393,12 +569,16 @@ class OperationHelpCommand(HelpCommand): def name(self): return self._name + @property + def url(self): + return f"{self._base_remote_url}/reference/{self.event_class.replace('.', '/')}.html" + class TopicListerCommand(HelpCommand): EventHandlerClass = TopicListerDocumentEventHandler def __init__(self, session): - super(TopicListerCommand, self).__init__(session, None, {}, {}) + super().__init__(session, None, {}, {}) @property def event_class(self): @@ -408,12 +588,16 @@ class TopicListerCommand(HelpCommand): def name(self): return 'topics' + @property + def url(self): + return f"{self._base_remote_url}/{TOPIC_PATH}/index.html" + class TopicHelpCommand(HelpCommand): EventHandlerClass = TopicDocumentEventHandler def __init__(self, session, topic_name): - super(TopicHelpCommand, self).__init__(session, None, {}, {}) + super().__init__(session, None, {}, {}) self._topic_name = topic_name @property @@ -423,3 +607,7 @@ class TopicHelpCommand(HelpCommand): @property def name(self): return self._topic_name + + @property + def url(self): + return f"{self._base_remote_url}/{TOPIC_PATH}/{self.name}.html" diff -pruN 2.23.6-1/awscli/logger.py 2.31.35-1/awscli/logger.py --- 2.23.6-1/awscli/logger.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/logger.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,8 +17,21 @@ import awscrt.io LOG_FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' -def set_stream_logger(logger_name, log_level, stream=None, - format_string=None): +try: + # Initializing CRT logging isn't thread-safe, but setting/updating it is. + # So we always initialize logging when this module is imported so + # subsequent enable/disable CRT logging calls can safely assume it's + # already initialized. + awscrt.io.init_logging(awscrt.io.LogLevel.NoLogs, 'stderr') +except RuntimeError: + # Calling `init_logging` more than once raises a Runtime exception. + # Even though normal usage shouldn't call it more than once in the + # case of multiple imports, we should still guard against it if + # something causes the module cache to be cleared between imports. + pass + + +def set_stream_logger(logger_name, log_level, stream=None, format_string=None): """ Convenience method to configure a stream logger. @@ -78,8 +91,8 @@ def remove_stream_logger(logger_name): def enable_crt_logging(): - awscrt.io.init_logging(awscrt.io.LogLevel.Debug, 'stderr') + awscrt.io.set_log_level(awscrt.io.LogLevel.Debug) def disable_crt_logging(): - awscrt.io.init_logging(awscrt.io.LogLevel.NoLogs, 'stderr') + awscrt.io.set_log_level(awscrt.io.LogLevel.NoLogs) diff -pruN 2.23.6-1/awscli/paramfile.py 2.31.35-1/awscli/paramfile.py --- 2.23.6-1/awscli/paramfile.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/paramfile.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,12 +10,12 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import copy import logging import os -import copy -from awscli.compat import compat_open from awscli import argprocess +from awscli.compat import compat_open logger = logging.getLogger(__name__) @@ -30,7 +30,7 @@ def register_uri_param_handler(session, session.register('load-cli-arg', handler) -class URIArgumentHandler(object): +class URIArgumentHandler: def __init__(self, prefixes): self._prefixes = prefixes @@ -77,7 +77,7 @@ def get_paramfile(path, cases): def get_file(prefix, path, mode): - file_path = os.path.expandvars(os.path.expanduser(path[len(prefix):])) + file_path = os.path.expandvars(os.path.expanduser(path[len(prefix) :])) try: with compat_open(file_path, mode) as f: return f.read() @@ -85,13 +85,15 @@ def get_file(prefix, path, mode): raise ResourceLoadingError( 'Unable to load paramfile (%s), text contents could ' 'not be decoded. If this is a binary file, please use the ' - 'fileb:// prefix instead of the file:// prefix.' % file_path) - except (OSError, IOError) as e: - raise ResourceLoadingError('Unable to load paramfile %s: %s' % ( - path, e)) + 'fileb:// prefix instead of the file:// prefix.' % file_path + ) + except OSError as e: + raise ResourceLoadingError( + 'Unable to load paramfile %s: %s' % (path, e) + ) LOCAL_PREFIX_MAP = { 'file://': (get_file, {'mode': 'r'}), 'fileb://': (get_file, {'mode': 'rb'}), -} \ No newline at end of file +} diff -pruN 2.23.6-1/awscli/plugin.py 2.31.35-1/awscli/plugin.py --- 2.23.6-1/awscli/plugin.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/plugin.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,9 +10,9 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys -import os import logging +import os +import sys from botocore.hooks import HierarchicalEmitter @@ -80,6 +80,9 @@ def _import_plugins(plugin_mapping): def _add_plugin_path_to_sys_path(plugin_path): for dirname in plugin_path.split(os.pathsep): - log.debug("Adding additional path from cli_legacy_plugin_path " - "configuration: %s", dirname) + log.debug( + "Adding additional path from cli_legacy_plugin_path " + "configuration: %s", + dirname, + ) sys.path.append(dirname) diff -pruN 2.23.6-1/awscli/s3transfer/__init__.py 2.31.35-1/awscli/s3transfer/__init__.py --- 2.23.6-1/awscli/s3transfer/__init__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/__init__.py 2025-11-12 19:17:29.000000000 +0000 @@ -123,6 +123,7 @@ transfer. For example: """ + import concurrent.futures import functools import logging @@ -134,13 +135,12 @@ import socket import string import threading +import s3transfer.compat from botocore.compat import six # noqa: F401 from botocore.exceptions import IncompleteReadError from botocore.vendored.requests.packages.urllib3.exceptions import ( ReadTimeoutError, ) - -import s3transfer.compat from s3transfer.exceptions import RetriesExceededError, S3UploadFailedError __author__ = 'Amazon Web Services' @@ -681,7 +681,6 @@ class TransferConfig: class S3Transfer: - ALLOWED_DOWNLOAD_ARGS = [ 'VersionId', 'SSECustomerAlgorithm', @@ -823,8 +822,8 @@ class S3Transfer: for kwarg in actual: if kwarg not in allowed: raise ValueError( - "Invalid extra_args key '%s', " - "must be one of: %s" % (kwarg, ', '.join(allowed)) + "Invalid extra_args key '{}', " + "must be one of: {}".format(kwarg, ', '.join(allowed)) ) def _ranged_download( diff -pruN 2.23.6-1/awscli/s3transfer/bandwidth.py 2.31.35-1/awscli/s3transfer/bandwidth.py --- 2.23.6-1/awscli/s3transfer/bandwidth.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/bandwidth.py 2025-11-12 19:17:29.000000000 +0000 @@ -30,9 +30,7 @@ class RequestExceededException(Exception """ self.requested_amt = requested_amt self.retry_time = retry_time - msg = 'Request amount {} exceeded the amount available. Retry in {}'.format( - requested_amt, retry_time - ) + msg = f'Request amount {requested_amt} exceeded the amount available. Retry in {retry_time}' super().__init__(msg) diff -pruN 2.23.6-1/awscli/s3transfer/constants.py 2.31.35-1/awscli/s3transfer/constants.py --- 2.23.6-1/awscli/s3transfer/constants.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/constants.py 2025-11-12 19:17:29.000000000 +0000 @@ -27,12 +27,12 @@ ALLOWED_DOWNLOAD_ARGS = [ ] FULL_OBJECT_CHECKSUM_ARGS = [ - 'ChecksumCRC32', - 'ChecksumCRC32C', - 'ChecksumCRC64NVME', - 'ChecksumSHA1', - 'ChecksumSHA256', + 'ChecksumCRC32', + 'ChecksumCRC32C', + 'ChecksumCRC64NVME', + 'ChecksumSHA1', + 'ChecksumSHA256', ] -USER_AGENT = 's3transfer/%s' % s3transfer.__version__ -PROCESS_USER_AGENT = '%s processpool' % USER_AGENT +USER_AGENT = f's3transfer/{s3transfer.__version__}' +PROCESS_USER_AGENT = f'{USER_AGENT} processpool' diff -pruN 2.23.6-1/awscli/s3transfer/copies.py 2.31.35-1/awscli/s3transfer/copies.py --- 2.23.6-1/awscli/s3transfer/copies.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/copies.py 2025-11-12 19:17:29.000000000 +0000 @@ -280,7 +280,7 @@ class CopySubmissionTask(SubmissionTask) raise TypeError( 'Expecting dictionary formatted: ' '{"Bucket": bucket_name, "Key": key} ' - 'but got %s or type %s.' % (copy_source, type(copy_source)) + f'but got {copy_source} or type {type(copy_source)}.' ) def _extra_upload_part_args(self, extra_args): diff -pruN 2.23.6-1/awscli/s3transfer/crt.py 2.31.35-1/awscli/s3transfer/crt.py --- 2.23.6-1/awscli/s3transfer/crt.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/crt.py 2025-11-12 19:17:29.000000000 +0000 @@ -33,6 +33,7 @@ from awscrt.io import ( ) from awscrt.s3 import ( S3Client, + S3FileIoOptions, S3RequestTlsMode, S3RequestType, S3ResponseError, @@ -42,8 +43,8 @@ from botocore import UNSIGNED from botocore.compat import urlsplit from botocore.config import Config from botocore.exceptions import NoCredentialsError +from botocore.useragent import register_feature_id from botocore.utils import ArnParser, InvalidArnException, is_s3express_bucket - from s3transfer.constants import FULL_OBJECT_CHECKSUM_ARGS, MB from s3transfer.exceptions import TransferNotDoneError from s3transfer.futures import BaseTransferFuture, BaseTransferMeta @@ -87,6 +88,7 @@ def create_s3_crt_client( part_size=8 * MB, use_ssl=True, verify=None, + fio_options=None, ): """ :type region: str @@ -130,6 +132,9 @@ def create_s3_crt_client( * path/to/cert/bundle.pem - A filename of the CA cert bundle to use. Specify this argument if you want to use a custom CA cert bundle instead of the default one on your system. + + :type fio_options: Optional[dict] + :param fio_options: Kwargs to use to build an `awscrt.s3.S3FileIoOptions`. """ event_loop_group = EventLoopGroup(num_threads) @@ -153,6 +158,9 @@ def create_s3_crt_client( target_gbps = _get_crt_throughput_target_gbps( provided_throughput_target_bytes=target_throughput ) + crt_fio_options = None + if fio_options: + crt_fio_options = S3FileIoOptions(**fio_options) return S3Client( bootstrap=bootstrap, region=region, @@ -162,6 +170,7 @@ def create_s3_crt_client( tls_connection_options=tls_connection_options, throughput_target_gbps=target_gbps, enable_s3express=True, + fio_options=crt_fio_options, ) @@ -310,6 +319,7 @@ class CRTTransferManager: self._semaphore.release() def _submit_transfer(self, request_type, call_args): + register_feature_id('S3_TRANSFER') on_done_after_calls = [self._release_semaphore] coordinator = CRTTransferCoordinator( transfer_id=self._id_counter, @@ -626,7 +636,7 @@ class CRTTransferCoordinator: """A helper class for managing CRTTransferFuture""" def __init__( - self, transfer_id=None, s3_request=None, exception_translator=None + self, transfer_id=None, s3_request=None, exception_translator=None ): self.transfer_id = transfer_id self._exception_translator = exception_translator @@ -856,19 +866,26 @@ class S3ClientArgsCreator: arn_handler = _S3ArnParamHandler() if ( - (accesspoint_arn_details := arn_handler.handle_arn(call_args.bucket)) - and accesspoint_arn_details['region'] == "" - ): + accesspoint_arn_details := arn_handler.handle_arn(call_args.bucket) + ) and accesspoint_arn_details['region'] == "": # Configure our region to `*` to propogate in `x-amz-region-set` # for multi-region support in MRAP accesspoints. + # use_double_uri_encode and should_normalize_uri_path are defaulted to be True + # But SDK already encoded the URI, and it's for S3, so set both to False make_request_args['signing_config'] = AwsSigningConfig( algorithm=AwsSigningAlgorithm.V4_ASYMMETRIC, region="*", + use_double_uri_encode=False, + should_normalize_uri_path=False, ) call_args.bucket = accesspoint_arn_details['resource_name'] elif is_s3express_bucket(call_args.bucket): + # use_double_uri_encode and should_normalize_uri_path are defaulted to be True + # But SDK already encoded the URI, and it's for S3, so set both to False make_request_args['signing_config'] = AwsSigningConfig( - algorithm=AwsSigningAlgorithm.V4_S3EXPRESS + algorithm=AwsSigningAlgorithm.V4_S3EXPRESS, + use_double_uri_encode=False, + should_normalize_uri_path=False, ) return make_request_args @@ -918,6 +935,7 @@ class _S3ArnParamHandler: purposes. This should be safe to remove once we properly integrate auth resolution from Botocore into the CRT transfer integration. """ + _RESOURCE_REGEX = re.compile( r'^(?Paccesspoint|outpost)[/:](?P.+)$' ) @@ -938,9 +956,9 @@ class _S3ArnParamHandler: self._add_resource_type_and_name(arn_details) return arn_details except InvalidArnException: - pass + pass return None - + def _add_resource_type_and_name(self, arn_details): match = self._RESOURCE_REGEX.match(arn_details['resource']) if match: diff -pruN 2.23.6-1/awscli/s3transfer/download.py 2.31.35-1/awscli/s3transfer/download.py --- 2.23.6-1/awscli/s3transfer/download.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/download.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,8 +14,13 @@ import heapq import logging import threading +from botocore.exceptions import ClientError from s3transfer.compat import seekable -from s3transfer.exceptions import RetriesExceededError +from s3transfer.exceptions import ( + RetriesExceededError, + S3DownloadFailedError, + S3ValidationError, +) from s3transfer.futures import IN_MEMORY_DOWNLOAD_TAG from s3transfer.tasks import SubmissionTask, Task from s3transfer.utils import ( @@ -307,9 +312,7 @@ class DownloadSubmissionTask(SubmissionT if download_manager_cls.is_compatible(fileobj, osutil): return download_manager_cls raise RuntimeError( - 'Output {} of type: {} is not supported.'.format( - fileobj, type(fileobj) - ) + f'Output {fileobj} of type: {type(fileobj)} is not supported.' ) def _submit( @@ -348,17 +351,23 @@ class DownloadSubmissionTask(SubmissionT :param bandwidth_limiter: The bandwidth limiter to use when downloading streams """ - if transfer_future.meta.size is None: - # If a size was not provided figure out the size for the - # user. + if ( + transfer_future.meta.size is None + or transfer_future.meta.etag is None + ): response = client.head_object( Bucket=transfer_future.meta.call_args.bucket, Key=transfer_future.meta.call_args.key, **transfer_future.meta.call_args.extra_args, ) + # If a size was not provided figure out the size for the + # user. transfer_future.meta.provide_transfer_size( response['ContentLength'] ) + # Provide an etag to ensure a stored object is not modified + # during a multipart download. + transfer_future.meta.provide_object_etag(response.get('ETag')) download_output_manager = self._get_download_output_manager_cls( transfer_future, osutil @@ -481,9 +490,12 @@ class DownloadSubmissionTask(SubmissionT part_size, i, num_parts ) - # Inject the Range parameter to the parameters to be passed in - # as extra args - extra_args = {'Range': range_parameter} + # Inject extra parameters to be passed in as extra args + extra_args = { + 'Range': range_parameter, + } + if transfer_future.meta.etag is not None: + extra_args['IfMatch'] = transfer_future.meta.etag extra_args.update(call_args.extra_args) finalize_download_invoker.increment() # Submit the ranged downloads @@ -569,6 +581,10 @@ class GetObjectTask(Task): response = client.get_object( Bucket=bucket, Key=key, **extra_args ) + self._validate_content_range( + extra_args.get('Range'), + response.get('ContentRange'), + ) streaming_body = StreamReaderProgress( response['Body'], callbacks ) @@ -595,6 +611,15 @@ class GetObjectTask(Task): else: return return + except ClientError as e: + error_code = e.response.get('Error', {}).get('Code') + if error_code == "PreconditionFailed": + raise S3DownloadFailedError( + f'Contents of stored object "{key}" in bucket ' + f'"{bucket}" did not match expected ETag.' + ) + else: + raise except S3_RETRYABLE_DOWNLOAD_ERRORS as e: logger.debug( "Retrying exception caught (%s), " @@ -617,6 +642,27 @@ class GetObjectTask(Task): def _handle_io(self, download_output_manager, fileobj, chunk, index): download_output_manager.queue_file_io_task(fileobj, chunk, index) + def _validate_content_range(self, requested_range, content_range): + if not requested_range or not content_range: + return + # Unparsed `ContentRange` looks like `bytes 0-8388607/39542919`, + # where `0-8388607` is the fetched range and `39542919` is + # the total object size. + response_range, total_size = content_range.split('/') + # Subtract `1` because range is 0-indexed. + final_byte = str(int(total_size) - 1) + # If it's the last part, the requested range will not include + # the final byte, eg `bytes=33554432-`. + if requested_range.endswith('-'): + requested_range += final_byte + # Request looks like `bytes=0-8388607`. + # Parsed response looks like `bytes 0-8388607`. + if requested_range[6:] != response_range[6:]: + raise S3ValidationError( + f"Requested range: `{requested_range[6:]}` does not match " + f"content range in response: `{response_range[6:]}`" + ) + class ImmediatelyWriteIOGetObjectTask(GetObjectTask): """GetObjectTask that immediately writes to the provided file object @@ -752,7 +798,7 @@ class DeferQueue: def __init__(self): self._writes = [] - self._pending_offsets = set() + self._pending_offsets = {} self._next_offset = 0 def request_writes(self, offset, data): @@ -768,23 +814,49 @@ class DeferQueue: each method call. """ - if offset < self._next_offset: + if offset + len(data) <= self._next_offset: # This is a request for a write that we've already # seen. This can happen in the event of a retry # where if we retry at at offset N/2, we'll requeue # offsets 0-N/2 again. return [] writes = [] + if offset < self._next_offset: + # This is a special case where the write request contains + # both seen AND unseen data. This can happen in the case + # that we queue part of a chunk due to an incomplete read, + # then pop the incomplete data for writing, then we receive the retry + # for the incomplete read which contains both the previously-seen + # partial chunk followed by the rest of the chunk (unseen). + # + # In this case, we discard the bytes of the data we've already + # queued before, and only queue the unseen bytes. + seen_bytes = self._next_offset - offset + data = data[seen_bytes:] + offset = self._next_offset if offset in self._pending_offsets: - # We've already queued this offset so this request is - # a duplicate. In this case we should ignore - # this request and prefer what's already queued. - return [] - heapq.heappush(self._writes, (offset, data)) - self._pending_offsets.add(offset) - while self._writes and self._writes[0][0] == self._next_offset: - next_write = heapq.heappop(self._writes) - writes.append({'offset': next_write[0], 'data': next_write[1]}) - self._pending_offsets.remove(next_write[0]) - self._next_offset += len(next_write[1]) + queued_data = self._pending_offsets[offset] + if len(data) <= len(queued_data): + # We already have a write request queued with the same offset + # with at least as much data that is present in this + # request. In this case we should ignore this request + # and prefer what's already queued. + return [] + else: + # We have a write request queued with the same offset, + # but this request contains more data. This can happen + # in the case of a retried request due to an incomplete + # read, followed by a retry containing the full response + # body. In this case, we should overwrite the queued + # request with this one since it contains more data. + self._pending_offsets[offset] = data + else: + heapq.heappush(self._writes, offset) + self._pending_offsets[offset] = data + while self._writes and self._writes[0] == self._next_offset: + next_write_offset = heapq.heappop(self._writes) + next_write = self._pending_offsets[next_write_offset] + writes.append({'offset': next_write_offset, 'data': next_write}) + del self._pending_offsets[next_write_offset] + self._next_offset += len(next_write) return writes diff -pruN 2.23.6-1/awscli/s3transfer/exceptions.py 2.31.35-1/awscli/s3transfer/exceptions.py --- 2.23.6-1/awscli/s3transfer/exceptions.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/exceptions.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,6 +23,10 @@ class S3UploadFailedError(Exception): pass +class S3DownloadFailedError(Exception): + pass + + class InvalidSubscriberMethodError(Exception): pass @@ -35,3 +39,7 @@ class FatalError(CancelledError): """A CancelledError raised from an error in the TransferManager""" pass + + +class S3ValidationError(Exception): + pass diff -pruN 2.23.6-1/awscli/s3transfer/futures.py 2.31.35-1/awscli/s3transfer/futures.py --- 2.23.6-1/awscli/s3transfer/futures.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/futures.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,6 +17,7 @@ import threading from collections import namedtuple from concurrent import futures +from botocore.context import get_context from s3transfer.compat import MAXINT from s3transfer.exceptions import CancelledError, TransferNotDoneError from s3transfer.utils import FunctionContainer, TaskSemaphore @@ -126,6 +127,7 @@ class TransferMeta(BaseTransferMeta): self._transfer_id = transfer_id self._size = None self._user_context = {} + self._etag = None @property def call_args(self): @@ -147,6 +149,11 @@ class TransferMeta(BaseTransferMeta): """A dictionary that requesters can store data in""" return self._user_context + @property + def etag(self): + """The etag of the stored object for validating multipart downloads""" + return self._etag + def provide_transfer_size(self, size): """A method to provide the size of a transfer request @@ -156,6 +163,15 @@ class TransferMeta(BaseTransferMeta): """ self._size = size + def provide_object_etag(self, etag): + """A method to provide the etag of a transfer request + + By providing this value, the TransferManager will validate + multipart downloads by supplying an IfMatch parameter with + the etag as the value to GetObject requests. + """ + self._etag = etag + class TransferCoordinator: """A helper class for managing TransferFuture""" @@ -175,9 +191,7 @@ class TransferCoordinator: self._failure_cleanups_lock = threading.Lock() def __repr__(self): - return '{}(transfer_id={})'.format( - self.__class__.__name__, self.transfer_id - ) + return f'{self.__class__.__name__}(transfer_id={self.transfer_id})' @property def exception(self): @@ -295,8 +309,8 @@ class TransferCoordinator: with self._lock: if self.done(): raise RuntimeError( - 'Unable to transition from done state %s to non-done ' - 'state %s.' % (self.status, desired_state) + f'Unable to transition from done state {self.status} to non-done ' + f'state {desired_state}.' ) self._status = desired_state @@ -316,9 +330,7 @@ class TransferCoordinator: :returns: A future representing the submitted task """ logger.debug( - "Submitting task {} to executor {} for transfer request: {}.".format( - task, executor, self.transfer_id - ) + f"Submitting task {task} to executor {executor} for transfer request: {self.transfer_id}." ) future = executor.submit(task, tag=tag) # Add this created future to the list of associated future just @@ -400,7 +412,7 @@ class TransferCoordinator: # We do not want a callback interrupting the process, especially # in the failure cleanups. So log and catch, the exception. except Exception: - logger.debug("Exception raised in %s." % callback, exc_info=True) + logger.debug(f"Exception raised in {callback}.", exc_info=True) class BoundedExecutor: @@ -471,7 +483,9 @@ class BoundedExecutor: semaphore.release, task.transfer_id, acquire_token ) # Submit the task to the underlying executor. - future = ExecutorFuture(self._executor.submit(task)) + # Pass the current context to ensure child threads persist the + # parent thread's context. + future = ExecutorFuture(self._executor.submit(task, get_context())) # Add the Semaphore.release() callback to the future such that # it is invoked once the future completes. future.add_done_callback(release_callback) @@ -505,6 +519,7 @@ class ExecutorFuture: than concurrent.futures.Future.add_done_callback that requires a single argument for the future. """ + # The done callback for concurrent.futures.Future will always pass a # the future in as the only argument. So we need to create the # proper signature wrapper that will invoke the callback provided. diff -pruN 2.23.6-1/awscli/s3transfer/manager.py 2.31.35-1/awscli/s3transfer/manager.py --- 2.23.6-1/awscli/s3transfer/manager.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/manager.py 2025-11-12 19:17:29.000000000 +0000 @@ -15,6 +15,7 @@ import logging import re import threading +from botocore.useragent import register_feature_id from s3transfer.bandwidth import BandwidthLimiter, LeakyBucket from s3transfer.constants import ( ALLOWED_DOWNLOAD_ARGS, @@ -154,8 +155,8 @@ class TransferConfig: for attr, attr_val in self.__dict__.items(): if attr_val is not None and attr_val <= 0: raise ValueError( - 'Provided parameter %s of value %s must be greater than ' - '0.' % (attr, attr_val) + f'Provided parameter {attr} of value {attr_val} must be greater than ' + '0.' ) @@ -190,12 +191,12 @@ class TransferManager: ] ALLOWED_UPLOAD_ARGS = ( - _ALLOWED_SHARED_ARGS - + [ - 'ChecksumType', - 'MpuObjectSize', - ] - + FULL_OBJECT_CHECKSUM_ARGS + _ALLOWED_SHARED_ARGS + + [ + 'ChecksumType', + 'MpuObjectSize', + ] + + FULL_OBJECT_CHECKSUM_ARGS ) ALLOWED_COPY_ARGS = _ALLOWED_SHARED_ARGS + [ @@ -502,16 +503,16 @@ class TransferManager: match = pattern.match(bucket) if match: raise ValueError( - 'TransferManager methods do not support %s ' - 'resource. Use direct client calls instead.' % resource + f'TransferManager methods do not support {resource} ' + 'resource. Use direct client calls instead.' ) def _validate_all_known_args(self, actual, allowed): for kwarg in actual: if kwarg not in allowed: raise ValueError( - "Invalid extra_args key '%s', " - "must be one of: %s" % (kwarg, ', '.join(allowed)) + "Invalid extra_args key '{}', " + "must be one of: {}".format(kwarg, ', '.join(allowed)) ) def _add_operation_defaults(self, extra_args): @@ -524,6 +525,7 @@ class TransferManager: def _submit_transfer( self, call_args, submission_task_cls, extra_main_kwargs=None ): + register_feature_id('S3_TRANSFER') if not extra_main_kwargs: extra_main_kwargs = {} diff -pruN 2.23.6-1/awscli/s3transfer/subscribers.py 2.31.35-1/awscli/s3transfer/subscribers.py --- 2.23.6-1/awscli/s3transfer/subscribers.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/subscribers.py 2025-11-12 19:17:29.000000000 +0000 @@ -33,14 +33,13 @@ class BaseSubscriber: subscriber_method = getattr(cls, 'on_' + subscriber_type) if not callable(subscriber_method): raise InvalidSubscriberMethodError( - 'Subscriber method %s must be callable.' - % subscriber_method + f'Subscriber method {subscriber_method} must be callable.' ) if not accepts_kwargs(subscriber_method): raise InvalidSubscriberMethodError( - 'Subscriber method %s must accept keyword ' - 'arguments (**kwargs)' % subscriber_method + f'Subscriber method {subscriber_method} must accept keyword ' + 'arguments (**kwargs)' ) def on_queued(self, future, **kwargs): diff -pruN 2.23.6-1/awscli/s3transfer/tasks.py 2.31.35-1/awscli/s3transfer/tasks.py --- 2.23.6-1/awscli/s3transfer/tasks.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/tasks.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,6 +13,7 @@ import copy import logging +from botocore.context import start_as_current_context from s3transfer.utils import get_callbacks logger = logging.getLogger(__name__) @@ -96,11 +97,7 @@ class Task: main_kwargs_to_display = self._get_kwargs_with_params_to_include( self._main_kwargs, params_to_display ) - return '{}(transfer_id={}, {})'.format( - self.__class__.__name__, - self._transfer_coordinator.transfer_id, - main_kwargs_to_display, - ) + return f'{self.__class__.__name__}(transfer_id={self._transfer_coordinator.transfer_id}, {main_kwargs_to_display})' @property def transfer_id(self): @@ -122,32 +119,33 @@ class Task: filtered_kwargs[param] = value return filtered_kwargs - def __call__(self): + def __call__(self, ctx=None): """The callable to use when submitting a Task to an executor""" - try: - # Wait for all of futures this task depends on. - self._wait_on_dependent_futures() - # Gather up all of the main keyword arguments for main(). - # This includes the immediately provided main_kwargs and - # the values for pending_main_kwargs that source from the return - # values from the task's dependent futures. - kwargs = self._get_all_main_kwargs() - # If the task is not done (really only if some other related - # task to the TransferFuture had failed) then execute the task's - # main() method. - if not self._transfer_coordinator.done(): - return self._execute_main(kwargs) - except Exception as e: - self._log_and_set_exception(e) - finally: - # Run any done callbacks associated to the task no matter what. - for done_callback in self._done_callbacks: - done_callback() - - if self._is_final: - # If this is the final task announce that it is done if results - # are waiting on its completion. - self._transfer_coordinator.announce_done() + with start_as_current_context(ctx): + try: + # Wait for all of futures this task depends on. + self._wait_on_dependent_futures() + # Gather up all of the main keyword arguments for main(). + # This includes the immediately provided main_kwargs and + # the values for pending_main_kwargs that source from the return + # values from the task's dependent futures. + kwargs = self._get_all_main_kwargs() + # If the task is not done (really only if some other related + # task to the TransferFuture had failed) then execute the task's + # main() method. + if not self._transfer_coordinator.done(): + return self._execute_main(kwargs) + except Exception as e: + self._log_and_set_exception(e) + finally: + # Run any done callbacks associated to the task no matter what. + for done_callback in self._done_callbacks: + done_callback() + + if self._is_final: + # If this is the final task announce that it is done if results + # are waiting on its completion. + self._transfer_coordinator.announce_done() def _execute_main(self, kwargs): # Do not display keyword args that should not be printed, especially diff -pruN 2.23.6-1/awscli/s3transfer/upload.py 2.31.35-1/awscli/s3transfer/upload.py --- 2.23.6-1/awscli/s3transfer/upload.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/upload.py 2025-11-12 19:17:29.000000000 +0000 @@ -557,9 +557,7 @@ class UploadSubmissionTask(SubmissionTas if upload_manager_cls.is_compatible(fileobj): return upload_manager_cls raise RuntimeError( - 'Input {} of type: {} is not supported.'.format( - fileobj, type(fileobj) - ) + f'Input {fileobj} of type: {type(fileobj)} is not supported.' ) def _submit( @@ -691,7 +689,7 @@ class UploadSubmissionTask(SubmissionTas 'client': client, 'bucket': call_args.bucket, 'key': call_args.key, - 'extra_args':create_multipart_extra_args, + 'extra_args': create_multipart_extra_args, }, ), ) @@ -830,7 +828,7 @@ class UploadPartTask(Task): UploadId=upload_id, PartNumber=part_number, Body=body, - **extra_args + **extra_args, ) etag = response['ETag'] part_metadata = {'ETag': etag, 'PartNumber': part_number} diff -pruN 2.23.6-1/awscli/s3transfer/utils.py 2.31.35-1/awscli/s3transfer/utils.py --- 2.23.6-1/awscli/s3transfer/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/s3transfer/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -24,7 +24,6 @@ from collections import defaultdict from botocore.exceptions import IncompleteReadError, ReadTimeoutError from botocore.httpchecksum import DEFAULT_CHECKSUM_ALGORITHM, AwsChunkedWrapper from botocore.utils import is_s3express_bucket - from s3transfer.compat import SOCKET_ERROR, fallocate, rename_file from s3transfer.constants import FULL_OBJECT_CHECKSUM_ARGS @@ -32,8 +31,8 @@ MAX_PARTS = 10000 # The maximum file size you can upload via S3 per request. # See: http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html # and: http://docs.aws.amazon.com/AmazonS3/latest/dev/qfacts.html -MAX_SINGLE_UPLOAD_SIZE = 5 * (1024 ** 3) -MIN_UPLOAD_CHUNKSIZE = 5 * (1024 ** 2) +MAX_SINGLE_UPLOAD_SIZE = 5 * (1024**3) +MIN_UPLOAD_CHUNKSIZE = 5 * (1024**2) logger = logging.getLogger(__name__) @@ -194,9 +193,7 @@ class FunctionContainer: self._kwargs = kwargs def __repr__(self): - return 'Function: {} with args {} and kwargs {}'.format( - self._func, self._args, self._kwargs - ) + return f'Function: {self._func} with args {self._args} and kwargs {self._kwargs}' def __call__(self): return self._func(*self._args, **self._kwargs) @@ -639,7 +636,7 @@ class TaskSemaphore: """ logger.debug("Acquiring %s", tag) if not self._semaphore.acquire(blocking): - raise NoResourcesAvailable("Cannot acquire tag '%s'" % tag) + raise NoResourcesAvailable(f"Cannot acquire tag '{tag}'") def release(self, tag, acquire_token): """Release the semaphore @@ -697,7 +694,7 @@ class SlidingWindowSemaphore(TaskSemapho try: if self._count == 0: if not blocking: - raise NoResourcesAvailable("Cannot acquire tag '%s'" % tag) + raise NoResourcesAvailable(f"Cannot acquire tag '{tag}'") else: while self._count == 0: self._condition.wait() @@ -719,7 +716,7 @@ class SlidingWindowSemaphore(TaskSemapho self._condition.acquire() try: if tag not in self._tag_sequences: - raise ValueError("Attempted to release unknown tag: %s" % tag) + raise ValueError(f"Attempted to release unknown tag: {tag}") max_sequence = self._tag_sequences[tag] if self._lowest_sequence[tag] == sequence_number: # We can immediately process this request and free up @@ -746,7 +743,7 @@ class SlidingWindowSemaphore(TaskSemapho else: raise ValueError( "Attempted to release unknown sequence number " - "%s for tag: %s" % (sequence_number, tag) + f"{sequence_number} for tag: {tag}" ) finally: self._condition.release() @@ -784,13 +781,13 @@ class ChunksizeAdjuster: if current_chunksize > self.max_size: logger.debug( "Chunksize greater than maximum chunksize. " - "Setting to %s from %s." % (self.max_size, current_chunksize) + f"Setting to {self.max_size} from {current_chunksize}." ) return self.max_size elif current_chunksize < self.min_size: logger.debug( "Chunksize less than minimum chunksize. " - "Setting to %s from %s." % (self.min_size, current_chunksize) + f"Setting to {self.min_size} from {current_chunksize}." ) return self.min_size else: @@ -807,8 +804,7 @@ class ChunksizeAdjuster: if chunksize != current_chunksize: logger.debug( "Chunksize would result in the number of parts exceeding the " - "maximum. Setting to %s from %s." - % (chunksize, current_chunksize) + f"maximum. Setting to {chunksize} from {current_chunksize}." ) return chunksize @@ -825,7 +821,7 @@ def add_s3express_defaults(bucket, extra def set_default_checksum_algorithm(extra_args): - """Set the default algorithm if not specified by the user.""" - if any(checksum in extra_args for checksum in FULL_OBJECT_CHECKSUM_ARGS): - return - extra_args.setdefault("ChecksumAlgorithm", DEFAULT_CHECKSUM_ALGORITHM) + """Set the default algorithm if not specified by the user.""" + if any(checksum in extra_args for checksum in FULL_OBJECT_CHECKSUM_ARGS): + return + extra_args.setdefault("ChecksumAlgorithm", DEFAULT_CHECKSUM_ALGORITHM) diff -pruN 2.23.6-1/awscli/schema.py 2.31.35-1/awscli/schema.py --- 2.23.6-1/awscli/schema.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/schema.py 2025-11-12 19:17:29.000000000 +0000 @@ -17,7 +17,7 @@ class ParameterRequiredError(ValueError) pass -class SchemaTransformer(object): +class SchemaTransformer: """ Transforms a custom argument parameter schema into an internal model representation so that it can be treated like a normal @@ -63,6 +63,7 @@ class SchemaTransformer(object): $ aws foo bar --baz arg1=Value1,arg2=5 arg1=Value2 """ + JSON_SCHEMA_TO_AWS_TYPES = { 'object': 'structure', 'array': 'list', @@ -116,7 +117,8 @@ class SchemaTransformer(object): for key, value in schema['properties'].items(): current_type_name = self._json_schema_to_aws_type(value) current_shape_name = self._shape_namer.new_shape_name( - current_type_name) + current_type_name + ) members[key] = {'shape': current_shape_name} if value.get('required', False): required_members.append(key) @@ -161,7 +163,7 @@ class SchemaTransformer(object): return self.JSON_SCHEMA_TO_AWS_TYPES.get(type_name, type_name) -class ShapeNameGenerator(object): +class ShapeNameGenerator: def __init__(self): self._name_cache = defaultdict(int) diff -pruN 2.23.6-1/awscli/shorthand.py 2.31.35-1/awscli/shorthand.py --- 2.23.6-1/awscli/shorthand.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/shorthand.py 2025-11-12 19:17:29.000000000 +0000 @@ -38,6 +38,7 @@ necessary to maintain backwards compatib ``BackCompatVisitor`` class. """ + import re import string @@ -47,7 +48,7 @@ from awscli.utils import is_document_typ _EOF = object() -class _NamedRegex(object): +class _NamedRegex: def __init__(self, name, regex_str): self.name = name self.regex = re.compile(regex_str, re.UNICODE) @@ -57,25 +58,24 @@ class _NamedRegex(object): class ShorthandParseError(Exception): - def _error_location(self): consumed, remaining, num_spaces = self.value, '', self.index - if '\n' in self.value[:self.index]: + if '\n' in self.value[: self.index]: # If there's newlines in the consumed expression, we want # to make sure we're only counting the spaces # from the last newline: # foo=bar,\n # bar==baz # ^ - last_newline = self.value[:self.index].rindex('\n') + last_newline = self.value[: self.index].rindex('\n') num_spaces = self.index - last_newline - 1 - if '\n' in self.value[self.index:]: + if '\n' in self.value[self.index :]: # If there's newline in the remaining, divide value # into consumed and remainig # foo==bar,\n # ^ # bar=baz - next_newline = self.index + self.value[self.index:].index('\n') + next_newline = self.index + self.value[self.index :].index('\n') consumed = self.value[:next_newline] remaining = self.value[next_newline:] return '%s\n%s%s' % (consumed, (' ' * num_spaces) + '^', remaining) @@ -91,10 +91,11 @@ class ShorthandParseSyntaxError(Shorthan super(ShorthandParseSyntaxError, self).__init__(msg) def _construct_msg(self): - msg = ( - "Expected: '%s', received: '%s' for input:\n" - "%s" - ) % (self.expected, self.actual, self._error_location()) + msg = ("Expected: '%s', received: '%s' for input:\n %s") % ( + self.expected, + self.actual, + self._error_location(), + ) return msg @@ -119,7 +120,7 @@ class DocumentTypesNotSupportedError(Exc pass -class ShorthandParser(object): +class ShorthandParser: """Parses shorthand syntax in the CLI. Note that this parser does not rely on any JSON models to control @@ -135,20 +136,14 @@ class ShorthandParser(object): _ESCAPED_COMMA = '(\\\\,)' _FIRST_VALUE = _NamedRegex( 'first', - u'({escaped_comma}|[{start_word}])' - u'({escaped_comma}|[{follow_chars}])*'.format( - escaped_comma=_ESCAPED_COMMA, - start_word=_START_WORD, - follow_chars=_FIRST_FOLLOW_CHARS, - )) + f'({_ESCAPED_COMMA}|[{_START_WORD}])' + f'({_ESCAPED_COMMA}|[{_FIRST_FOLLOW_CHARS}])*', + ) _SECOND_VALUE = _NamedRegex( 'second', - u'({escaped_comma}|[{start_word}])' - u'({escaped_comma}|[{follow_chars}])*'.format( - escaped_comma=_ESCAPED_COMMA, - start_word=_START_WORD, - follow_chars=_SECOND_FOLLOW_CHARS, - )) + f'({_ESCAPED_COMMA}|[{_START_WORD}])' + f'({_ESCAPED_COMMA}|[{_SECOND_FOLLOW_CHARS}])*', + ) def __init__(self): self._tokens = [] @@ -213,7 +208,7 @@ class ShorthandParser(object): if self._current() not in valid_chars: break self._index += 1 - return self._input_value[start:self._index] + return self._input_value[start : self._index] def _values(self): # values = csv-list / explicit-list / hash-literal @@ -275,11 +270,15 @@ class ShorthandParser(object): return csv_list def _value(self): - result = self._FIRST_VALUE.match(self._input_value[self._index:]) + result = self._FIRST_VALUE.match(self._input_value[self._index :]) if result is not None: consumed = self._consume_matched_regex(result) processed = consumed.replace('\\,', ',').rstrip() - return self._resolve_paramfiles(processed) if self._should_resolve_paramfiles else processed + return ( + self._resolve_paramfiles(processed) + if self._should_resolve_paramfiles + else processed + ) return '' def _explicit_list(self): @@ -339,7 +338,11 @@ class ShorthandParser(object): # val-escaped-single = %x20-26 / %x28-7F / escaped-escape / # (escape single-quote) processed = self._consume_quoted(self._SINGLE_QUOTED, escaped_char="'") - return self._resolve_paramfiles(processed) if self._should_resolve_paramfiles else processed + return ( + self._resolve_paramfiles(processed) + if self._should_resolve_paramfiles + else processed + ) def _consume_quoted(self, regex, escaped_char=None): value = self._must_consume_regex(regex)[1:-1] @@ -350,7 +353,11 @@ class ShorthandParser(object): def _double_quoted_value(self): processed = self._consume_quoted(self._DOUBLE_QUOTED, escaped_char='"') - return self._resolve_paramfiles(processed) if self._should_resolve_paramfiles else processed + return ( + self._resolve_paramfiles(processed) + if self._should_resolve_paramfiles + else processed + ) def _second_value(self): if self._current() == "'": @@ -360,7 +367,11 @@ class ShorthandParser(object): else: consumed = self._must_consume_regex(self._SECOND_VALUE) processed = consumed.replace('\\,', ',').rstrip() - return self._resolve_paramfiles(processed) if self._should_resolve_paramfiles else processed + return ( + self._resolve_paramfiles(processed) + if self._should_resolve_paramfiles + else processed + ) def _resolve_paramfiles(self, val): if (paramfile := get_paramfile(val, LOCAL_PREFIX_MAP)) is not None: @@ -371,27 +382,30 @@ class ShorthandParser(object): if consume_whitespace: self._consume_whitespace() if self._index >= len(self._input_value): - raise ShorthandParseSyntaxError(self._input_value, char, - 'EOF', self._index) + raise ShorthandParseSyntaxError( + self._input_value, char, 'EOF', self._index + ) actual = self._input_value[self._index] if actual != char: - raise ShorthandParseSyntaxError(self._input_value, char, - actual, self._index) + raise ShorthandParseSyntaxError( + self._input_value, char, actual, self._index + ) self._index += 1 if consume_whitespace: self._consume_whitespace() def _must_consume_regex(self, regex): - result = regex.match(self._input_value[self._index:]) + result = regex.match(self._input_value[self._index :]) if result is not None: return self._consume_matched_regex(result) - raise ShorthandParseSyntaxError(self._input_value, '<%s>' % regex.name, - '', self._index) + raise ShorthandParseSyntaxError( + self._input_value, '<%s>' % regex.name, '', self._index + ) def _consume_matched_regex(self, result): start, end = result.span() - v = self._input_value[self._index+start:self._index+end] - self._index += (end - start) + v = self._input_value[self._index + start : self._index + end] + self._index += end - start return v def _current(self): @@ -413,21 +427,23 @@ class ShorthandParser(object): self._index += 1 -class ModelVisitor(object): +class ModelVisitor: def visit(self, params, model): self._visit({}, model, '', params) def _visit(self, parent, shape, name, value): - method = getattr(self, '_visit_%s' % shape.type_name, - self._visit_scalar) + method = getattr( + self, '_visit_%s' % shape.type_name, self._visit_scalar + ) method(parent, shape, name, value) def _visit_structure(self, parent, shape, name, value): if not isinstance(value, dict): return for member_name, member_shape in shape.members.items(): - self._visit(value, member_shape, member_name, - value.get(member_name)) + self._visit( + value, member_shape, member_name, value.get(member_name) + ) def _visit_list(self, parent, shape, name, value): if not isinstance(value, list): @@ -453,8 +469,9 @@ class BackCompatVisitor(ModelVisitor): return for member_name, member_shape in shape.members.items(): try: - self._visit(value, member_shape, member_name, - value.get(member_name)) + self._visit( + value, member_shape, member_name, value.get(member_name) + ) except DocumentTypesNotSupportedError: # Catch and propagate the document type error to a better # error message as when the original error is thrown there is @@ -474,7 +491,8 @@ class BackCompatVisitor(ModelVisitor): parent[name] = [value] else: return super(BackCompatVisitor, self)._visit_list( - parent, shape, name, value) + parent, shape, name, value + ) def _visit_scalar(self, parent, shape, name, value): if value is None: diff -pruN 2.23.6-1/awscli/table.py 2.31.35-1/awscli/table.py --- 2.23.6-1/awscli/table.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/table.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,15 +10,14 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys import struct +import sys import unicodedata import colorama from awscli.utils import is_a_tty - # `autoreset` allows us to not have to sent reset sequences for every # string. `strip` lets us preserve color when redirecting. COLORAMA_KWARGS = { @@ -35,28 +34,32 @@ def get_text_length(text): # * F(Fullwidth) # * W(Wide) text = str(text) - return sum(2 if unicodedata.east_asian_width(char) in 'WFA' else 1 - for char in text) + return sum( + 2 if unicodedata.east_asian_width(char) in 'WFA' else 1 + for char in text + ) def determine_terminal_width(default_width=80): # If we can't detect the terminal width, the default_width is returned. try: - from termios import TIOCGWINSZ from fcntl import ioctl + from termios import TIOCGWINSZ except ImportError: return default_width try: - height, width = struct.unpack('hhhh', ioctl(sys.stdout, - TIOCGWINSZ, '\000' * 8))[0:2] + height, width = struct.unpack( + 'hhhh', ioctl(sys.stdout, TIOCGWINSZ, '\000' * 8) + )[0:2] except Exception: return default_width else: return width -def center_text(text, length=80, left_edge='|', right_edge='|', - text_length=None): +def center_text( + text, length=80, left_edge='|', right_edge='|', text_length=None +): """Center text with specified edge chars. You can pass in the length of the text as an arg, otherwise it is computed @@ -77,15 +80,24 @@ def center_text(text, length=80, left_ed return final -def align_left(text, length, left_edge='|', right_edge='|', text_length=None, - left_padding=2): +def align_left( + text, + length, + left_edge='|', + right_edge='|', + text_length=None, + left_padding=2, +): """Left align text.""" # postcondition: get_text_length(returned_text) == length if text_length is None: text_length = get_text_length(text) computed_length = ( - text_length + left_padding + \ - get_text_length(left_edge) + get_text_length(right_edge)) + text_length + + left_padding + + get_text_length(left_edge) + + get_text_length(right_edge) + ) if length - computed_length >= 0: padding = left_padding else: @@ -125,9 +137,10 @@ def convert_to_vertical_table(sections): sections[i] = new_section -class IndentedStream(object): - def __init__(self, stream, indent_level, left_indent_char='|', - right_indent_char='|'): +class IndentedStream: + def __init__( + self, stream, indent_level, left_indent_char='|', right_indent_char='|' + ): self._stream = stream self._indent_level = indent_level self._left_indent_char = left_indent_char @@ -146,7 +159,7 @@ class IndentedStream(object): return getattr(self._stream, attr) -class Styler(object): +class Styler: def style_title(self, text): return text @@ -167,25 +180,39 @@ class ColorizedStyler(Styler): def style_title(self, text): # Originally bold + underline return text - #return colorama.Style.BOLD + text + colorama.Style.RESET_ALL + # return colorama.Style.BOLD + text + colorama.Style.RESET_ALL def style_header_column(self, text): # Originally underline return text def style_row_element(self, text): - return (colorama.Style.BRIGHT + colorama.Fore.BLUE + - text + colorama.Style.RESET_ALL) + return ( + colorama.Style.BRIGHT + + colorama.Fore.BLUE + + text + + colorama.Style.RESET_ALL + ) def style_indentation_char(self, text): - return (colorama.Style.DIM + colorama.Fore.YELLOW + - text + colorama.Style.RESET_ALL) - - -class MultiTable(object): - def __init__(self, terminal_width=None, initial_section=True, - column_separator='|', terminal=None, - styler=None, auto_reformat=True): + return ( + colorama.Style.DIM + + colorama.Fore.YELLOW + + text + + colorama.Style.RESET_ALL + ) + + +class MultiTable: + def __init__( + self, + terminal_width=None, + initial_section=True, + column_separator='|', + terminal=None, + styler=None, + auto_reformat=True, + ): self._auto_reformat = auto_reformat if initial_section: self._current_section = Section() @@ -238,16 +265,22 @@ class MultiTable(object): return self._auto_reformat def _calculate_max_width(self): - max_width = max(s.total_width(padding=4, with_border=True, - outer_padding=s.indent_level) - for s in self._sections) + max_width = max( + s.total_width( + padding=4, with_border=True, outer_padding=s.indent_level + ) + for s in self._sections + ) return max_width def _render_section(self, section, max_width, stream): - stream = IndentedStream(stream, section.indent_level, - self._styler.style_indentation_char('|'), - self._styler.style_indentation_char('|')) - max_width -= (section.indent_level * 2) + stream = IndentedStream( + stream, + section.indent_level, + self._styler.style_indentation_char('|'), + self._styler.style_indentation_char('|'), + ) + max_width -= section.indent_level * 2 self._render_title(section, max_width, stream) self._render_column_titles(section, max_width, stream) self._render_rows(section, max_width, stream) @@ -258,8 +291,12 @@ class MultiTable(object): # bottom_border: ---------------------------- if section.title: title = self._styler.style_title(section.title) - stream.write(center_text(title, max_width, '|', '|', - get_text_length(section.title)) + '\n') + stream.write( + center_text( + title, max_width, '|', '|', get_text_length(section.title) + ) + + '\n' + ) if not section.headers and not section.rows: stream.write('+%s+' % ('-' * (max_width - 2)) + '\n') @@ -268,8 +305,9 @@ class MultiTable(object): return # In order to render the column titles we need to know # the width of each of the columns. - widths = section.calculate_column_widths(padding=4, - max_width=max_width) + widths = section.calculate_column_widths( + padding=4, max_width=max_width + ) # TODO: Built a list instead of +=, it's more efficient. current = '' length_so_far = 0 @@ -283,9 +321,13 @@ class MultiTable(object): first = False else: left_edge = '' - current += center_text(text=stylized_header, length=width, - left_edge=left_edge, right_edge='|', - text_length=get_text_length(header)) + current += center_text( + text=stylized_header, + length=width, + left_edge=left_edge, + right_edge='|', + text_length=get_text_length(header), + ) length_so_far += width self._write_line_break(stream, widths) stream.write(current + '\n') @@ -307,8 +349,9 @@ class MultiTable(object): def _render_rows(self, section, max_width, stream): if not section.rows: return - widths = section.calculate_column_widths(padding=4, - max_width=max_width) + widths = section.calculate_column_widths( + padding=4, max_width=max_width + ) if not widths: return self._write_line_break(stream, widths) @@ -325,16 +368,19 @@ class MultiTable(object): else: left_edge = '' stylized = self._styler.style_row_element(element) - current += align_left(text=stylized, length=width, - left_edge=left_edge, - right_edge=self._column_separator, - text_length=get_text_length(element)) + current += align_left( + text=stylized, + length=width, + left_edge=left_edge, + right_edge=self._column_separator, + text_length=get_text_length(element), + ) length_so_far += width stream.write(current + '\n') self._write_line_break(stream, widths) -class Section(object): +class Section: def __init__(self): self.title = '' self.headers = [] @@ -344,8 +390,10 @@ class Section(object): self._max_widths = [] def __repr__(self): - return ("Section(title=%s, headers=%s, indent_level=%s, num_rows=%s)" % - (self.title, self.headers, self.indent_level, len(self.rows))) + return ( + "Section(title=%s, headers=%s, indent_level=%s, num_rows=%s)" + % (self.title, self.headers, self.indent_level, len(self.rows)) + ) def calculate_column_widths(self, padding=0, max_width=None): # postcondition: sum(widths) == max_width @@ -385,8 +433,13 @@ class Section(object): if with_border: total += border_padding total += outer_padding + outer_padding - return max(get_text_length(self.title) + border_padding + outer_padding + - outer_padding, total) + return max( + get_text_length(self.title) + + border_padding + + outer_padding + + outer_padding, + total, + ) def add_title(self, title): self.title = title @@ -404,8 +457,10 @@ class Section(object): if self._num_cols is None: self._num_cols = len(row) if len(row) != self._num_cols: - raise ValueError("Row should have %s elements, instead " - "it has %s" % (self._num_cols, len(row))) + raise ValueError( + "Row should have %s elements, instead " + "it has %s" % (self._num_cols, len(row)) + ) row = self._format_row(row) self.rows.append(row) self._update_max_widths(row) @@ -418,4 +473,6 @@ class Section(object): self._max_widths = [get_text_length(el) for el in row] else: for i, el in enumerate(row): - self._max_widths[i] = max(get_text_length(el), self._max_widths[i]) + self._max_widths[i] = max( + get_text_length(el), self._max_widths[i] + ) diff -pruN 2.23.6-1/awscli/telemetry.py 2.31.35-1/awscli/telemetry.py --- 2.23.6-1/awscli/telemetry.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/awscli/telemetry.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,311 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +import io +import os +import sqlite3 +import sys +import threading +import time +import uuid +from dataclasses import dataclass +from functools import cached_property +from pathlib import Path + +from botocore.compat import get_md5 +from botocore.exceptions import MD5UnavailableError +from botocore.useragent import UserAgentComponent + +from awscli.compat import is_windows +from awscli.utils import add_component_to_user_agent_extra + +_CACHE_DIR = Path.home() / '.aws' / 'cli' / 'cache' +_DATABASE_FILENAME = 'session.db' +_SESSION_LENGTH_SECONDS = 60 * 30 +_SESSION_ID_LENGTH = 12 + + +def _get_checksum(): + hashlib_params = {"usedforsecurity": False} + try: + checksum = get_md5(**hashlib_params) + except MD5UnavailableError: + import hashlib + + checksum = hashlib.sha256(**hashlib_params) + return checksum + + +@dataclass +class CLISessionData: + key: str + session_id: str + timestamp: int + + +class CLISessionDatabaseConnection: + _CREATE_TABLE = """ + CREATE TABLE IF NOT EXISTS session ( + key TEXT PRIMARY KEY, + session_id TEXT NOT NULL, + timestamp INTEGER NOT NULL + ) + """ + _CREATE_HOST_ID_TABLE = """ + CREATE TABLE IF NOT EXISTS host_id ( + key INTEGER PRIMARY KEY, + id TEXT UNIQUE NOT NULL + ) + """ + _CHECK_HOST_ID = """ + SELECT COUNT(*) FROM host_id + """ + _INSERT_HOST_ID = """ + INSERT OR IGNORE INTO host_id ( + key, id + ) VALUES (?, ?) + """ + _ENABLE_WAL = 'PRAGMA journal_mode=WAL' + + def __init__(self, connection=None): + self._connection = connection or sqlite3.connect( + _CACHE_DIR / _DATABASE_FILENAME, + check_same_thread=False, + isolation_level=None, + ) + self._ensure_cache_dir() + self._ensure_database_setup() + + def execute(self, query, *parameters): + try: + return self._connection.execute(query, *parameters) + except sqlite3.OperationalError: + # Process timed out waiting for database lock. + # Return any empty `Cursor` object instead of + # raising an exception. + return sqlite3.Cursor(self._connection) + + def _ensure_cache_dir(self): + _CACHE_DIR.mkdir(parents=True, exist_ok=True) + + def _ensure_database_setup(self): + self._create_session_table() + self._create_host_id_table() + self._ensure_host_id() + self._try_to_enable_wal() + + def _create_session_table(self): + self.execute(self._CREATE_TABLE) + + def _create_host_id_table(self): + self.execute(self._CREATE_HOST_ID_TABLE) + + def _ensure_host_id(self): + cur = self.execute(self._CHECK_HOST_ID) + host_id_ct = cur.fetchone()[0] + if host_id_ct == 0: + self.execute( + self._INSERT_HOST_ID, + # Hardcode `0` as primary key to ensure + # there's only ever 1 host id in the table. + ( + 0, + str(uuid.uuid4()), + ), + ) + + def _try_to_enable_wal(self): + try: + self.execute(self._ENABLE_WAL) + except sqlite3.Error: + # This is just a performance enhancement so it is optional. Not all + # systems will have a sqlite compiled with the WAL enabled. + pass + + +class CLISessionDatabaseWriter: + _WRITE_RECORD = """ + INSERT OR REPLACE INTO session ( + key, session_id, timestamp + ) VALUES (?, ?, ?) + """ + + def __init__(self, connection): + self._connection = connection + + def write(self, data): + self._connection.execute( + self._WRITE_RECORD, + ( + data.key, + data.session_id, + data.timestamp, + ), + ) + + +class CLISessionDatabaseReader: + _READ_RECORD = """ + SELECT * + FROM session + WHERE key = ? + """ + _READ_HOST_ID = """ + SELECT id + FROM host_id + WHERE key = 0 + """ + + def __init__(self, connection): + self._connection = connection + + def read(self, key): + cursor = self._connection.execute(self._READ_RECORD, (key,)) + result = cursor.fetchone() + if result is None: + return + return CLISessionData(*result) + + def read_host_id(self): + cursor = self._connection.execute(self._READ_HOST_ID) + return cursor.fetchone()[0] + + +class CLISessionDatabaseSweeper: + _DELETE_RECORDS = """ + DELETE FROM session + WHERE timestamp < ? + """ + + def __init__(self, connection): + self._connection = connection + + def sweep(self, timestamp): + try: + self._connection.execute(self._DELETE_RECORDS, (timestamp,)) + except Exception: + # This is just a background cleanup task. No need to + # handle it or direct to stderr. + return + + +class CLISessionGenerator: + def generate_session_id(self, host_id, tty, timestamp): + return self._generate_checksum(host_id, tty, timestamp) + + def generate_cache_key(self, host_id, tty): + return self._generate_checksum(host_id, tty) + + def _generate_checksum(self, *args): + checksum = _get_checksum() + str_to_hash = "" + for arg in args: + if arg is not None: + str_to_hash += str(arg) + checksum.update(str_to_hash.encode('utf-8')) + return checksum.hexdigest()[:_SESSION_ID_LENGTH] + + +class CLISessionOrchestrator: + def __init__(self, generator, writer, reader, sweeper): + self._generator = generator + self._writer = writer + self._reader = reader + self._sweeper = sweeper + + self._sweep_cache() + + @cached_property + def cache_key(self): + return self._generator.generate_cache_key(self._host_id, self._tty) + + @cached_property + def _session_id(self): + return self._generator.generate_session_id( + self._host_id, self._tty, self._timestamp + ) + + @cached_property + def session_id(self): + if (cached_data := self._reader.read(self.cache_key)) is not None: + # Cache hit, but session id is expired. Generate new id and update. + if ( + cached_data.timestamp + _SESSION_LENGTH_SECONDS + < self._timestamp + ): + cached_data.session_id = self._session_id + # Always update the timestamp to last used. + cached_data.timestamp = self._timestamp + self._writer.write(cached_data) + return cached_data.session_id + # Cache miss, generate and write new record. + session_id = self._session_id + session_data = CLISessionData( + self.cache_key, session_id, self._timestamp + ) + self._writer.write(session_data) + return session_id + + @cached_property + def _tty(self): + # os.ttyname is only available on Unix platforms. + if is_windows: + return + try: + return os.ttyname(sys.stdin.fileno()) + except (OSError, io.UnsupportedOperation): + # Standard input was redirected to a pseudofile. + # This can happen when running tests on IDEs or + # running scripts with redirected input, etc. + return + + @cached_property + def _host_id(self): + return self._reader.read_host_id() + + @cached_property + def _timestamp(self): + return int(time.time()) + + def _sweep_cache(self): + t = threading.Thread( + target=self._sweeper.sweep, + args=(self._timestamp - _SESSION_LENGTH_SECONDS,), + daemon=True, + ) + t.start() + + +def _get_cli_session_orchestrator(): + conn = CLISessionDatabaseConnection() + return CLISessionOrchestrator( + CLISessionGenerator(), + CLISessionDatabaseWriter(conn), + CLISessionDatabaseReader(conn), + CLISessionDatabaseSweeper(conn), + ) + + +def add_session_id_component_to_user_agent_extra(session, orchestrator=None): + try: + cli_session_orchestrator = ( + orchestrator or _get_cli_session_orchestrator() + ) + add_component_to_user_agent_extra( + session, + UserAgentComponent("sid", cli_session_orchestrator.session_id), + ) + except Exception: + # Ideally, the AWS CLI should never throw if the session id + # can't be generated since it's not critical for users. Issues + # with session data should instead be caught server-side. + pass diff -pruN 2.23.6-1/awscli/testutils.py 2.31.35-1/awscli/testutils.py --- 2.23.6-1/awscli/testutils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/testutils.py 2025-11-12 19:17:29.000000000 +0000 @@ -19,37 +19,34 @@ package so that code that is not part of advantage of all the testing utilities we provide. """ -import os -import sys + +import binascii +import contextlib import copy -import shutil -import time import json import logging -import tempfile -import platform -import contextlib -import binascii import math +import os +import platform +import shutil +import sys +import tempfile +import time +import unittest from pprint import pformat -from subprocess import Popen, PIPE +from subprocess import PIPE, Popen from unittest import mock -import unittest - -from awscli.compat import BytesIO, StringIO - -from ruamel.yaml import YAML -from botocore.session import Session -from botocore.exceptions import ClientError -from botocore.exceptions import WaiterError import botocore.loaders from botocore.awsrequest import AWSResponse +from botocore.exceptions import ClientError, WaiterError +from botocore.session import Session +from ruamel.yaml import YAML import awscli.clidriver -from awscli.plugin import load_plugins from awscli.clidriver import CLIDriver - +from awscli.compat import BytesIO, StringIO +from awscli.plugin import load_plugins _LOADER = botocore.loaders.Loader() INTEG_LOG = logging.getLogger('awscli.tests.integration') @@ -66,9 +63,12 @@ def skip_if_windows(reason): self.assertEqual(...) """ + def decorator(func): return unittest.skipIf( - platform.system() not in ['Darwin', 'Linux'], reason)(func) + platform.system() not in ['Darwin', 'Linux'], reason + )(func) + return decorator @@ -82,8 +82,10 @@ def if_windows(reason): self.assertEqual(...) """ + def decorator(func): return unittest.skipIf(platform.system() != 'Windows', reason)(func) + return decorator @@ -101,6 +103,7 @@ def create_clidriver(): def get_aws_cmd(): global AWS_CMD import awscli + if AWS_CMD is None: # Try /bin/aws repo_root = os.path.dirname(os.path.abspath(awscli.__file__)) @@ -108,10 +111,12 @@ def get_aws_cmd(): if not os.path.isfile(aws_cmd): aws_cmd = _search_path_for_cmd('aws') if aws_cmd is None: - raise ValueError('Could not find "aws" executable. Either ' - 'make sure it is on your PATH, or you can ' - 'explicitly set this value using ' - '"set_aws_cmd()"') + raise ValueError( + 'Could not find "aws" executable. Either ' + 'make sure it is on your PATH, or you can ' + 'explicitly set this value using ' + '"set_aws_cmd()"' + ) AWS_CMD = aws_cmd return AWS_CMD @@ -197,15 +202,12 @@ def create_dir_bucket(session, name=None params = { 'Bucket': bucket_name, 'CreateBucketConfiguration': { - 'Location': { - 'Type': 'AvailabilityZone', - 'Name': az - }, + 'Location': {'Type': 'AvailabilityZone', 'Name': az}, 'Bucket': { 'Type': 'Directory', - 'DataRedundancy': 'SingleAvailabilityZone' - } - } + 'DataRedundancy': 'SingleAvailabilityZone', + }, + }, } try: client.create_bucket(**params) @@ -249,6 +251,7 @@ class BaseCLIDriverTest(unittest.TestCas This will load all the default plugins as well so it will simulate the behavior the user will see. """ + def setUp(self): self.environ = { 'AWS_DATA_PATH': os.environ['AWS_DATA_PATH'], @@ -280,23 +283,29 @@ class BaseAWSHelpOutputTest(BaseCLIDrive def assert_contains(self, contains): if contains not in self.renderer.rendered_contents: - self.fail("The expected contents:\n%s\nwere not in the " - "actual rendered contents:\n%s" % ( - contains, self.renderer.rendered_contents)) + self.fail( + "The expected contents:\n%s\nwere not in the " + "actual rendered contents:\n%s" + % (contains, self.renderer.rendered_contents) + ) def assert_contains_with_count(self, contains, count): r_count = self.renderer.rendered_contents.count(contains) if r_count != count: - self.fail("The expected contents:\n%s\n, with the " - "count:\n%d\nwere not in the actual rendered " - " contents:\n%s\nwith count:\n%d" % ( - contains, count, self.renderer.rendered_contents, r_count)) + self.fail( + "The expected contents:\n%s\n, with the " + "count:\n%d\nwere not in the actual rendered " + " contents:\n%s\nwith count:\n%d" + % (contains, count, self.renderer.rendered_contents, r_count) + ) def assert_not_contains(self, contents): if contents in self.renderer.rendered_contents: - self.fail("The contents:\n%s\nwere not suppose to be in the " - "actual rendered contents:\n%s" % ( - contents, self.renderer.rendered_contents)) + self.fail( + "The contents:\n%s\nwere not suppose to be in the " + "actual rendered contents:\n%s" + % (contents, self.renderer.rendered_contents) + ) def assert_text_order(self, *args, **kwargs): # First we need to find where the SYNOPSIS section starts. @@ -309,15 +318,19 @@ class BaseAWSHelpOutputTest(BaseCLIDrive previous = arg_indices[0] for i, index in enumerate(arg_indices[1:], 1): if index == -1: - self.fail('The string %r was not found in the contents: %s' - % (args[index], contents)) + self.fail( + 'The string %r was not found in the contents: %s' + % (args[index], contents) + ) if index < previous: - self.fail('The string %r came before %r, but was suppose to come ' - 'after it.\n%s' % (args[i], args[i - 1], contents)) + self.fail( + 'The string %r came before %r, but was suppose to come ' + 'after it.\n%s' % (args[i], args[i - 1], contents) + ) previous = index -class CapturedRenderer(object): +class CapturedRenderer: def __init__(self): self.rendered_contents = '' @@ -325,7 +338,7 @@ class CapturedRenderer(object): self.rendered_contents = contents.decode('utf-8') -class CapturedOutput(object): +class CapturedOutput: def __init__(self, stdout, stderr): self.stdout = stdout self.stderr = stderr @@ -388,7 +401,9 @@ class BaseAWSCommandParamsTest(unittest. self.http_response = AWSResponse(None, 200, {}, None) self.error_http_response = AWSResponse(None, 400, {}, None) self.parsed_response = {} - self.make_request_patch = mock.patch('botocore.endpoint.Endpoint.make_request') + self.make_request_patch = mock.patch( + 'botocore.endpoint.Endpoint.make_request' + ) self.make_request_is_patched = False self.operations_called = [] self.parsed_responses = None @@ -424,7 +439,10 @@ class BaseAWSCommandParamsTest(unittest. if self.parsed_responses is not None: make_request_patch.side_effect = self._request_patch_side_effect else: - make_request_patch.return_value = (self.http_response, self.parsed_response) + make_request_patch.return_value = ( + self.http_response, + self.parsed_response, + ) self.make_request_is_patched = True def _request_patch_side_effect(self, *args, **kwargs): @@ -436,8 +454,14 @@ class BaseAWSCommandParamsTest(unittest. http_response = self.error_http_response return http_response, parsed_response - def assert_params_for_cmd(self, cmd, params=None, expected_rc=0, - stderr_contains=None, ignore_params=None): + def assert_params_for_cmd( + self, + cmd, + params=None, + expected_rc=0, + stderr_contains=None, + ignore_params=None, + ): stdout, stderr, rc = self.run_cmd(cmd, expected_rc) if stderr_contains is not None: self.assertIn(stderr_contains, stderr) @@ -451,11 +475,12 @@ class BaseAWSCommandParamsTest(unittest. except KeyError: pass if params != last_kwargs: - self.fail("Actual params did not match expected params.\n" - "Expected:\n\n" - "%s\n" - "Actual:\n\n%s\n" % ( - pformat(params), pformat(last_kwargs))) + self.fail( + "Actual params did not match expected params.\n" + "Expected:\n\n" + "%s\n" + "Actual:\n\n%s\n" % (pformat(params), pformat(last_kwargs)) + ) return stdout, stderr, rc def before_parameter_build(self, params, model, **kwargs): @@ -468,7 +493,8 @@ class BaseAWSCommandParamsTest(unittest. event_emitter = self.driver.session.get_component('event_emitter') event_emitter.register('before-call', self.before_call) event_emitter.register_first( - 'before-parameter-build.*.*', self.before_parameter_build) + 'before-parameter-build.*.*', self.before_parameter_build + ) if not isinstance(cmd, list): cmdlist = cmd.split() else: @@ -478,10 +504,11 @@ class BaseAWSCommandParamsTest(unittest. stderr = captured.stderr.getvalue() stdout = captured.stdout.getvalue() self.assertEqual( - rc, expected_rc, + rc, + expected_rc, "Unexpected rc (expected: %s, actual: %s) for command: %s\n" - "stdout:\n%sstderr:\n%s" % ( - expected_rc, rc, cmd, stdout, stderr)) + "stdout:\n%sstderr:\n%s" % (expected_rc, rc, cmd, stdout, stderr), + ) return stdout, stderr, rc @@ -492,7 +519,7 @@ class BaseCLIWireResponseTest(unittest.T 'AWS_DEFAULT_REGION': 'us-east-1', 'AWS_ACCESS_KEY_ID': 'access_key', 'AWS_SECRET_ACCESS_KEY': 'secret_key', - 'AWS_CONFIG_FILE': '' + 'AWS_CONFIG_FILE': '', } self.environ_patch = mock.patch('os.environ', self.environ) self.environ_patch.start() @@ -502,7 +529,6 @@ class BaseCLIWireResponseTest(unittest.T self.driver = create_clidriver() self.entry_point = awscli.clidriver.AWSCLIEntryPoint(self.driver) - def tearDown(self): self.environ_patch.stop() if self.send_is_patched: @@ -514,9 +540,9 @@ class BaseCLIWireResponseTest(unittest.T self.send_patch.stop() self.send_is_patched = False send_patch = self.send_patch.start() - send_patch.return_value = mock.Mock(status_code=status_code, - headers=headers, - content=content) + send_patch.return_value = mock.Mock( + status_code=status_code, headers=headers, content=content + ) self.send_is_patched = True def run_cmd(self, cmd, expected_rc=0): @@ -532,14 +558,15 @@ class BaseCLIWireResponseTest(unittest.T stderr = captured.stderr.getvalue() stdout = captured.stdout.getvalue() self.assertEqual( - rc, expected_rc, + rc, + expected_rc, "Unexpected rc (expected: %s, actual: %s) for command: %s\n" - "stdout:\n%sstderr:\n%s" % ( - expected_rc, rc, cmd, stdout, stderr)) + "stdout:\n%sstderr:\n%s" % (expected_rc, rc, cmd, stdout, stderr), + ) return stdout, stderr, rc -class FileCreator(object): +class FileCreator: def __init__(self): self.rootdir = tempfile.mkdtemp() @@ -547,8 +574,9 @@ class FileCreator(object): if os.path.exists(self.rootdir): shutil.rmtree(self.rootdir) - def create_file(self, filename, contents, mtime=None, mode='w', - encoding=None): + def create_file( + self, filename, contents, mtime=None, mode='w', encoding=None + ): """Creates a file in a tmpdir ``filename`` should be a relative path, e.g. "foo/bar/baz.txt" @@ -611,7 +639,7 @@ class ProcessTerminatedError(Exception): pass -class Result(object): +class Result: def __init__(self, rc, stdout, stderr, memory_usage=None): self.rc = rc self.stdout = stdout @@ -638,8 +666,14 @@ def _escape_quotes(command): return command -def aws(command, collect_memory=False, env_vars=None, - wait_for_finish=True, input_data=None, input_file=None): +def aws( + command, + collect_memory=False, + env_vars=None, + wait_for_finish=True, + input_data=None, + input_file=None, +): """Run an aws command. This help function abstracts the differences of running the "aws" @@ -687,8 +721,14 @@ def aws(command, collect_memory=False, e env = env_vars if input_file is None: input_file = PIPE - process = Popen(full_command, stdout=PIPE, stderr=PIPE, stdin=input_file, - shell=True, env=env) + process = Popen( + full_command, + stdout=PIPE, + stderr=PIPE, + stdin=input_file, + shell=True, + env=env, + ) if not wait_for_finish: return process memory = None @@ -699,10 +739,12 @@ def aws(command, collect_memory=False, e stdout, stderr = process.communicate(**kwargs) else: stdout, stderr, memory = _wait_and_collect_mem(process) - return Result(process.returncode, - stdout.decode(stdout_encoding), - stderr.decode(stdout_encoding), - memory) + return Result( + process.returncode, + stdout.decode(stdout_encoding), + stderr.decode(stdout_encoding), + memory, + ) def get_stdout_encoding(): @@ -720,8 +762,9 @@ def _wait_and_collect_mem(process): get_memory = _get_memory_with_ps else: raise ValueError( - "Can't collect memory for process on platform %s." % - platform.system()) + "Can't collect memory for process on platform %s." + % platform.system() + ) memory = [] while process.poll() is None: try: @@ -758,6 +801,7 @@ class BaseS3CLICommand(unittest.TestCase and more streamlined. """ + _PUT_HEAD_SHARED_EXTRAS = [ 'SSECustomerAlgorithm', 'SSECustomerKey', @@ -803,8 +847,10 @@ class BaseS3CLICommand(unittest.TestCase # without necessarily printing the actual contents. self.assertEqual(len(actual_contents), len(expected_contents)) if actual_contents != expected_contents: - self.fail("Contents for %s/%s do not match (but they " - "have the same length)" % (bucket, key)) + self.fail( + "Contents for %s/%s do not match (but they " + "have the same length)" % (bucket, key) + ) def delete_public_access_block(self, bucket_name): client = self.create_client_for_bucket(bucket_name) @@ -825,10 +871,7 @@ class BaseS3CLICommand(unittest.TestCase def put_object(self, bucket_name, key_name, contents='', extra_args=None): client = self.create_client_for_bucket(bucket_name) - call_args = { - 'Bucket': bucket_name, - 'Key': key_name, 'Body': contents - } + call_args = {'Bucket': bucket_name, 'Key': key_name, 'Body': contents} if extra_args is not None: call_args.update(extra_args) response = client.put_object(**call_args) @@ -836,7 +879,8 @@ class BaseS3CLICommand(unittest.TestCase extra_head_params = {} if extra_args: extra_head_params = dict( - (k, v) for (k, v) in extra_args.items() + (k, v) + for (k, v) in extra_args.items() if k in self._PUT_HEAD_SHARED_EXTRAS ) self.wait_until_key_exists( @@ -893,7 +937,8 @@ class BaseS3CLICommand(unittest.TestCase client = self.create_client_for_bucket(bucket_name) waiter = client.get_waiter('bucket_exists') consistency_waiter = ConsistencyWaiter( - min_successes=min_successes, delay_initial_poll=True) + min_successes=min_successes, delay_initial_poll=True + ) consistency_waiter.wait( lambda: waiter.wait(Bucket=bucket_name) is None ) @@ -911,7 +956,8 @@ class BaseS3CLICommand(unittest.TestCase def key_exists(self, bucket_name, key_name, min_successes=3): try: self.wait_until_key_exists( - bucket_name, key_name, min_successes=min_successes) + bucket_name, key_name, min_successes=min_successes + ) return True except (ClientError, WaiterError): return False @@ -919,7 +965,8 @@ class BaseS3CLICommand(unittest.TestCase def key_not_exists(self, bucket_name, key_name, min_successes=3): try: self.wait_until_key_not_exists( - bucket_name, key_name, min_successes=min_successes) + bucket_name, key_name, min_successes=min_successes + ) return True except (ClientError, WaiterError): return False @@ -937,18 +984,28 @@ class BaseS3CLICommand(unittest.TestCase response = client.head_object(Bucket=bucket_name, Key=key_name) return response - def wait_until_key_exists(self, bucket_name, key_name, extra_params=None, - min_successes=3): - self._wait_for_key(bucket_name, key_name, extra_params, - min_successes, exists=True) - - def wait_until_key_not_exists(self, bucket_name, key_name, extra_params=None, - min_successes=3): - self._wait_for_key(bucket_name, key_name, extra_params, - min_successes, exists=False) + def wait_until_key_exists( + self, bucket_name, key_name, extra_params=None, min_successes=3 + ): + self._wait_for_key( + bucket_name, key_name, extra_params, min_successes, exists=True + ) - def _wait_for_key(self, bucket_name, key_name, extra_params=None, - min_successes=3, exists=True): + def wait_until_key_not_exists( + self, bucket_name, key_name, extra_params=None, min_successes=3 + ): + self._wait_for_key( + bucket_name, key_name, extra_params, min_successes, exists=False + ) + + def _wait_for_key( + self, + bucket_name, + key_name, + extra_params=None, + min_successes=3, + exists=True, + ): client = self.create_client_for_bucket(bucket_name) if exists: waiter = client.get_waiter('object_exists') @@ -962,8 +1019,10 @@ class BaseS3CLICommand(unittest.TestCase def assert_no_errors(self, p): self.assertEqual( - p.rc, 0, - "Non zero rc (%s) received: %s" % (p.rc, p.stdout + p.stderr)) + p.rc, + 0, + "Non zero rc (%s) received: %s" % (p.rc, p.stdout + p.stderr), + ) self.assertNotIn("Error:", p.stderr) self.assertNotIn("failed:", p.stderr) self.assertNotIn("client error", p.stderr) @@ -975,7 +1034,7 @@ class StringIOWithFileNo(StringIO): return 0 -class EventCaptureHandler(object): +class EventCaptureHandler: def __init__(self, handler=None): self._handler = handler self._called = False @@ -994,7 +1053,7 @@ class ConsistencyWaiterException(Excepti pass -class ConsistencyWaiter(object): +class ConsistencyWaiter: """ A waiter class for some check to reach a consistent state. @@ -1010,8 +1069,14 @@ class ConsistencyWaiter(object): :param delay: The number of seconds to delay the next API call after a failed check call. Default of 5 seconds. """ - def __init__(self, min_successes=1, max_attempts=20, delay=5, - delay_initial_poll=False): + + def __init__( + self, + min_successes=1, + max_attempts=20, + delay=5, + delay_initial_poll=False, + ): self.min_successes = min_successes self.max_attempts = max_attempts self.delay = delay diff -pruN 2.23.6-1/awscli/text.py 2.31.35-1/awscli/text.py --- 2.23.6-1/awscli/text.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/text.py 2025-11-12 19:17:29.000000000 +0000 @@ -34,15 +34,18 @@ def _format_list(item, identifier, strea if any(isinstance(el, dict) for el in item): all_keys = _all_scalar_keys(item) for element in item: - _format_text(element, stream=stream, identifier=identifier, - scalar_keys=all_keys) + _format_text( + element, + stream=stream, + identifier=identifier, + scalar_keys=all_keys, + ) elif any(isinstance(el, list) for el in item): scalar_elements, non_scalars = _partition_list(item) if scalar_elements: _format_scalar_list(scalar_elements, identifier, stream) for non_scalar in non_scalars: - _format_text(non_scalar, stream=stream, - identifier=identifier) + _format_text(non_scalar, stream=stream, identifier=identifier) else: _format_scalar_list(item, identifier, stream) @@ -61,8 +64,7 @@ def _partition_list(item): def _format_scalar_list(elements, identifier, stream): if identifier is not None: for item in elements: - stream.write('%s\t%s\n' % (identifier.upper(), - item)) + stream.write('%s\t%s\n' % (identifier.upper(), item)) else: # For a bare list, just print the contents. stream.write('\t'.join([str(item) for item in elements])) @@ -77,8 +79,7 @@ def _format_dict(scalar_keys, item, iden stream.write('\t'.join(scalars)) stream.write('\n') for new_identifier, non_scalar in non_scalars: - _format_text(item=non_scalar, stream=stream, - identifier=new_identifier) + _format_text(item=non_scalar, stream=stream, identifier=new_identifier) def _all_scalar_keys(list_of_dicts): diff -pruN 2.23.6-1/awscli/topics/config-vars.rst 2.31.35-1/awscli/topics/config-vars.rst --- 2.23.6-1/awscli/topics/config-vars.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/topics/config-vars.rst 2025-11-12 19:17:29.000000000 +0000 @@ -422,8 +422,7 @@ These configuration variables control ho a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. If not provided, the number of retries will default to whatever - is modeled, which is typically 5 total attempts in the ``legacy`` retry mode, - and 3 in the ``standard`` and ``adaptive`` retry modes. + is modeled, which is 3 in the ``standard`` and ``adaptive`` retry modes. ``retry_mode`` A string representing the type of retries the AWS CLI will perform. Value @@ -462,11 +461,20 @@ One option for UNIX systems is the ``LC_ ``LC_ALL=en_US.UTF-8``, for instance, would give you a United States English locale which is compatible with unicode. -To set encoding used for text files different from the locale, you can use +To set the encoding that is used when reading from text files, you can use the ``AWS_CLI_FILE_ENCODING`` environment variable. For example, if you use Windows with default encoding ``CP1252``, setting ``AWS_CLI_FILE_ENCODING=UTF-8`` would make CLI ignore locale encoding and open text files using ``UTF-8``. +To set the encoding used for the CLI's output, you can use the +``AWS_CLI_OUTPUT_ENCODING`` environment variable. For example, if you use Windows +with the default encoding ``CP1252``, setting ``AWS_CLI_OUTPUT_ENCODING=UTF-8`` +would make CLI ignore the locale encoding and format its output using ``UTF-8``. + +Refer to +`Python's Standard Encodings documentation `_ +for possible values for both settings. + Pager ----- diff -pruN 2.23.6-1/awscli/topics/s3-config.rst 2.31.35-1/awscli/topics/s3-config.rst --- 2.23.6-1/awscli/topics/s3-config.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/topics/s3-config.rst 2025-11-12 19:17:29.000000000 +0000 @@ -30,6 +30,8 @@ command set: size that the CLI uses for multipart transfers of individual files. * ``max_bandwidth`` - The maximum bandwidth that will be consumed for uploading and downloading data to and from Amazon S3. +* ``io_chunksize`` - The maximum size of read parts that can be queued in-memory + to be written for a download. For experimental ``s3`` configuration values, see the the `Experimental Configuration Values <#experimental-configuration-values>`__ @@ -208,6 +210,26 @@ threads having to wait unnecessarily whi consumption and connection timeouts. +io_chunksize +------------ + +**Default** - ``256KB`` + +When a GET request is called for downloads, the response contains a file-like +object that streams data fetched from S3. Chunks are read from the stream and +queued in-memory for writes. ``io_chunksize`` configures the maximum size of +elements in the IO queue. This value can be specified using the same semantics +as ``multipart_threshold``, that is either as the number of bytes as an +integer, or using a size suffix. + +Increasing this value may result in higher overall throughput by preventing +blocking in cases where large objects are downloaded in environments where +network speed exceeds disk write speed. It is recommended to only configure +``io_chunksize`` if overall download throughput is constrained by writes. +In cases where network IO is the bottleneck, it is recommended to configure +``max_concurrent_requests`` instead. + + use_accelerate_endpoint ----------------------- @@ -360,6 +382,50 @@ adjustments mid-transfer command in orde requested bandwidth. +should_stream +------------- +.. note:: + This configuration option is only supported when the ``preferred_transfer_client`` + configuration value is set to or resolves to ``crt``. The ``classic`` transfer + client does not support this configuration option. + +**Default** - ``false`` + +If set to ``true``, the CRT client will skip buffering parts in-memory before +sending PUT requests. + + +disk_throughput +--------------- +.. note:: + This configuration option is only supported when the ``preferred_transfer_client`` + configuration value is set to or resolves to ``crt``. The ``classic`` transfer + client does not support this configuration option. + +**Default** - ``10.0`` + +The estimated target disk throughput. This value is only applied if +``should_stream`` is set to ``true``. This value can be specified using +the same semantics as ``target_throughput``, that is either as the +number of bytes per second as an integer, or using a rate suffix. + + +direct_io +--------- +.. note:: + This configuration option is only supported when the ``preferred_transfer_client`` + configuration value is set to or resolves to ``crt``. The ``classic`` transfer + client does not support this configuration option. + +.. note:: + This configuration option is only supported on Linux. + +**Default** - ``false`` + +If set to ``true``, the CRT client will enable direct IO to bypass the OS +cache when sending PUT requests. Enabling direct IO may be useful in cases +where the disk IO outperforms the kernel cache. + Experimental Configuration Values ================================= diff -pruN 2.23.6-1/awscli/topics/s3-faq.rst 2.31.35-1/awscli/topics/s3-faq.rst --- 2.23.6-1/awscli/topics/s3-faq.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/topics/s3-faq.rst 2025-11-12 19:17:29.000000000 +0000 @@ -46,8 +46,8 @@ later to verify data integrity of downlo the same checksum algorithm will be used for all file uploads included in the command execution. For more information about verifying data integrity in Amazon S3, see -`Checking object integrity in Amazon S3? -`_ in the Amazon S3 User Guide. +`Checking object integrity in Amazon S3 +`_ in the Amazon S3 User Guide. Download ~~~~~~ @@ -63,5 +63,5 @@ retried. like ``aws s3api get-object``" For more information about verifying data integrity in Amazon S3, see -`Checking object integrity in Amazon S3? -`_ in the Amazon S3 User Guide. \ No newline at end of file +`Checking object integrity in Amazon S3 +`_ in the Amazon S3 User Guide. diff -pruN 2.23.6-1/awscli/topictags.py 2.31.35-1/awscli/topictags.py --- 2.23.6-1/awscli/topictags.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/topictags.py 2025-11-12 19:17:29.000000000 +0000 @@ -19,12 +19,13 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. # -import os import json +import os + import docutils.core -class TopicTagDB(object): +class TopicTagDB: """This class acts like a database for the tags of all available topics. A tag is an element in a topic reStructured text file that contains @@ -67,19 +68,25 @@ class TopicTagDB(object): that all tag values for a specific tag of a specific topic are unique. """ - VALID_TAGS = ['category', 'description', 'title', 'related topic', - 'related command'] + VALID_TAGS = [ + 'category', + 'description', + 'title', + 'related topic', + 'related command', + ] # The default directory to look for topics. TOPIC_DIR = os.path.join( - os.path.dirname( - os.path.abspath(__file__)), 'topics') + os.path.dirname(os.path.abspath(__file__)), 'topics' + ) # The default JSON index to load. JSON_INDEX = os.path.join(TOPIC_DIR, 'topic-tags.json') - def __init__(self, tag_dictionary=None, index_file=JSON_INDEX, - topic_dir=TOPIC_DIR): + def __init__( + self, tag_dictionary=None, index_file=JSON_INDEX, topic_dir=TOPIC_DIR + ): """ :param index_file: The path to a specific JSON index to load. If nothing is specified it will default to the default JSON @@ -121,7 +128,7 @@ class TopicTagDB(object): def load_json_index(self): """Loads a JSON file into the tag dictionary.""" - with open(self.index_file, 'r') as f: + with open(self.index_file) as f: self._tag_dictionary = json.load(f) def save_to_json_index(self): @@ -156,7 +163,7 @@ class TopicTagDB(object): :param topic_files: A list of paths to topics to scan into memory. """ for topic_file in topic_files: - with open(topic_file, 'r') as f: + with open(topic_file) as f: # Parse out the name of the topic topic_name = self._find_topic_name(topic_file) # Add the topic to the dictionary if it does not exist @@ -164,7 +171,8 @@ class TopicTagDB(object): topic_content = f.read() # Record the tags and the values self._add_tag_and_values_from_content( - topic_name, topic_content) + topic_name, topic_content + ) def _find_topic_name(self, topic_src_file): # Get the name of each of these files @@ -259,9 +267,9 @@ class TopicTagDB(object): # no value constraints are provided or if the tag value # falls in the allowed tag values. if values is None or tag_value in values: - self._add_key_values(query_dict, - key=tag_value, - values=[topic_name]) + self._add_key_values( + query_dict, key=tag_value, values=[topic_name] + ) return query_dict def get_tag_value(self, topic_name, tag, default_value=None): diff -pruN 2.23.6-1/awscli/utils.py 2.31.35-1/awscli/utils.py --- 2.23.6-1/awscli/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/awscli/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,24 +10,31 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import base64 +import contextlib import csv -import signal import datetime -import contextlib +import logging import os import re +import signal import sys -from subprocess import Popen, PIPE -import logging +from subprocess import PIPE, Popen -from awscli.compat import get_stdout_text_writer -from awscli.compat import get_popen_kwargs_for_pager_cmd -from awscli.compat import StringIO -from botocore.useragent import UserAgentComponent -from botocore.utils import resolve_imds_endpoint_mode -from botocore.utils import IMDSFetcher -from botocore.utils import BadIMDSRequestError from botocore.configprovider import BaseProvider +from botocore.useragent import UserAgentComponent +from botocore.utils import ( + BadIMDSRequestError, + IMDSFetcher, + original_ld_library_path, + resolve_imds_endpoint_mode, +) + +from awscli.compat import ( + StringIO, + get_popen_kwargs_for_pager_cmd, + get_stdout_text_writer, +) logger = logging.getLogger(__name__) @@ -128,12 +135,15 @@ class IMDSRegionProvider(BaseProvider): def _create_fetcher(self): metadata_timeout = self._session.get_config_variable( - 'metadata_service_timeout') + 'metadata_service_timeout' + ) metadata_num_attempts = self._session.get_config_variable( - 'metadata_service_num_attempts') + 'metadata_service_num_attempts' + ) imds_config = { 'ec2_metadata_service_endpoint': self._session.get_config_variable( - 'ec2_metadata_service_endpoint'), + 'ec2_metadata_service_endpoint' + ), 'ec2_metadata_service_endpoint_mode': resolve_imds_endpoint_mode( self._session ), @@ -175,13 +185,14 @@ class InstanceMetadataRegionFetcher(IMDS logger.debug( "Max number of attempts exceeded (%s) when " "attempting to retrieve data from metadata service.", - self._num_attempts + self._num_attempts, ) except BadIMDSRequestError as e: logger.debug( "Failed to retrieve a region from IMDS. " "Region detection may not be supported from this endpoint: " - "%s", e.request.url + "%s", + e.request.url, ) return None @@ -190,7 +201,7 @@ class InstanceMetadataRegionFetcher(IMDS response = self._get_request( url_path=self._URL_PATH, retry_func=self._default_retry, - token=token + token=token, ) availability_zone = response.text region = availability_zone[:-1] @@ -219,7 +230,7 @@ def _split_with_quotes(value): try: parts = list(csv.reader(StringIO(value), escapechar='\\'))[0] except csv.Error: - raise ValueError("Bad csv value: %s" % value) + raise ValueError(f"Bad csv value: {value}") iter_parts = iter(parts) new_parts = [] for part in iter_parts: @@ -229,16 +240,19 @@ def _split_with_quotes(value): # Find an opening list bracket list_start = part.find('=[') - if list_start >= 0 and value.find(']') != -1 and \ - (quote_char is None or part.find(quote_char) > list_start): + if ( + list_start >= 0 + and value.find(']') != -1 + and (quote_char is None or part.find(quote_char) > list_start) + ): # This is a list, eat all the items until the end if ']' in part: # Short circuit for only one item new_chunk = part else: new_chunk = _eat_items(value, iter_parts, part, ']') - list_items = _split_with_quotes(new_chunk[list_start + 2:-1]) - new_chunk = new_chunk[:list_start + 1] + ','.join(list_items) + list_items = _split_with_quotes(new_chunk[list_start + 2 : -1]) + new_chunk = new_chunk[: list_start + 1] + ','.join(list_items) new_parts.append(new_chunk) continue elif quote_char is None: @@ -334,8 +348,11 @@ def is_document_type_container(shape): def is_streaming_blob_type(shape): """Check if the shape is a streaming blob type.""" - return (shape and shape.type_name == 'blob' and - shape.serialization.get('streaming', False)) + return ( + shape + and shape.type_name == 'blob' + and shape.serialization.get('streaming', False) + ) def is_tagged_union_type(shape): @@ -356,11 +373,14 @@ def operation_uses_document_types(operat def json_encoder(obj): - """JSON encoder that formats datetimes as ISO8601 format.""" + """JSON encoder that formats datetimes as ISO8601 format + and encodes bytes to UTF-8 Base64 string.""" if isinstance(obj, datetime.datetime): return obj.isoformat() + elif isinstance(obj, bytes): + return base64.b64encode(obj).decode("utf-8") else: - return obj + raise TypeError('Encountered unrecognized type in JSON encoder.') @contextlib.contextmanager @@ -373,34 +393,38 @@ def ignore_ctrl_c(): def emit_top_level_args_parsed_event(session, args): - session.emit( - 'top-level-args-parsed', parsed_args=args, session=session) + session.emit('top-level-args-parsed', parsed_args=args, session=session) def is_a_tty(): try: return os.isatty(sys.stdout.fileno()) - except Exception as e: + except Exception: return False def is_stdin_a_tty(): try: return os.isatty(sys.stdin.fileno()) - except Exception as e: + except Exception: return False -class OutputStreamFactory(object): - def __init__(self, session, popen=None, environ=None, - default_less_flags='FRX'): +class OutputStreamFactory: + def __init__( + self, session, popen=None, environ=None, default_less_flags='FRX' + ): self._session = session self._popen = popen if popen is None: self._popen = Popen self._environ = environ if environ is None: - self._environ = os.environ.copy() + # When calling out to the system's pager, we want to avoid using + # shared libraries bundled with the AWS CLI so that the pager uses + # the system's shared libraries. + with original_ld_library_path(): + self._environ = os.environ.copy() self._default_less_flags = default_less_flags def get_output_stream(self): @@ -417,7 +441,7 @@ class OutputStreamFactory(object): process = LazyPager(self._popen, **popen_kwargs) try: yield process.stdin - except IOError: + except OSError: # Ignore IOError since this can commonly be raised when a pager # is closed abruptly and causes a broken pipe. pass @@ -450,32 +474,6 @@ def write_exception(ex, outfile): outfile.write("\n") -@contextlib.contextmanager -def original_ld_library_path(env=None): - # See: https://pyinstaller.readthedocs.io/en/stable/runtime-information.html - # When running under pyinstaller, it will set an - # LD_LIBRARY_PATH to ensure it prefers its bundled version of libs. - # There are times where we don't want this behavior, for example when - # running a separate subprocess. - if env is None: - env = os.environ - - value_to_put_back = env.get('LD_LIBRARY_PATH') - # The first case is where a user has exported an LD_LIBRARY_PATH - # in their env. This will be mapped to LD_LIBRARY_PATH_ORIG. - if 'LD_LIBRARY_PATH_ORIG' in env: - env['LD_LIBRARY_PATH'] = env['LD_LIBRARY_PATH_ORIG'] - else: - # Otherwise if they didn't set an LD_LIBRARY_PATH we just need - # to make sure this value is unset. - env.pop('LD_LIBRARY_PATH', None) - try: - yield - finally: - if value_to_put_back is not None: - env['LD_LIBRARY_PATH'] = value_to_put_back - - def dump_yaml_to_str(yaml, data): """Dump a Python object to a YAML-formatted string. @@ -490,7 +488,7 @@ def dump_yaml_to_str(yaml, data): return stream.getvalue() -class ShapeWalker(object): +class ShapeWalker: def walk(self, shape, visitor): """Walk through and visit shapes for introspection @@ -510,7 +508,7 @@ class ShapeWalker(object): if shape.name in stack: return stack.append(shape.name) - getattr(self, '_walk_%s' % shape.type_name, self._default_scalar_walk)( + getattr(self, f'_walk_{shape.type_name}', self._default_scalar_walk)( shape, visitor, stack ) stack.pop() @@ -535,14 +533,16 @@ class ShapeWalker(object): visitor.visit_shape(shape) -class BaseShapeVisitor(object): +class BaseShapeVisitor: """Visit shape encountered by ShapeWalker""" + def visit_shape(self, shape): pass class ShapeRecordingVisitor(BaseShapeVisitor): """Record shapes visited by ShapeWalker""" + def __init__(self): self.visited = [] @@ -558,12 +558,13 @@ def add_component_to_user_agent_extra(se def add_metadata_component_to_user_agent_extra(session, name, value=None): add_component_to_user_agent_extra( - session, - UserAgentComponent("md", name, value) + session, UserAgentComponent("md", name, value) ) def add_command_lineage_to_user_agent_extra(session, lineage): # Only add a command lineage if one is not already present in the user agent extra. if not re.search(r'md\/command#[\w\.]*', session.user_agent_extra): - add_metadata_component_to_user_agent_extra(session, "command", ".".join(lineage)) + add_metadata_component_to_user_agent_extra( + session, "command", ".".join(lineage) + ) diff -pruN 2.23.6-1/backends/build_system/__main__.py 2.31.35-1/backends/build_system/__main__.py --- 2.23.6-1/backends/build_system/__main__.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/__main__.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,19 +13,21 @@ import argparse import os import shutil + from awscli_venv import AwsCliVenv from constants import ( - ArtifactType, BUILD_DIR, INSTALL_DIRNAME, + ArtifactType, ) -from exe import ExeBuilder from install import ( Installer, Uninstaller, ) from validate_env import validate_env +from exe import ExeBuilder + def create_exe(aws_venv, build_dir): exe_workspace = os.path.join(build_dir, "exe") diff -pruN 2.23.6-1/backends/build_system/awscli_venv.py 2.31.35-1/backends/build_system/awscli_venv.py --- 2.23.6-1/backends/build_system/awscli_venv.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/awscli_venv.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,24 +10,24 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os import json -import subprocess +import os +import pathlib import site +import subprocess import sys -import pathlib from constants import ( - ArtifactType, - DOWNLOAD_DEPS_BOOTSTRAP_LOCK, - PORTABLE_EXE_REQUIREMENTS_LOCK, - SYSTEM_SANDBOX_REQUIREMENTS_LOCK, - ROOT_DIR, - IS_WINDOWS, BIN_DIRNAME, - PYTHON_EXE_NAME, CLI_SCRIPTS, DISTRIBUTION_SOURCE_SANDBOX, + DOWNLOAD_DEPS_BOOTSTRAP_LOCK, + IS_WINDOWS, + PORTABLE_EXE_REQUIREMENTS_LOCK, + PYTHON_EXE_NAME, + ROOT_DIR, + SYSTEM_SANDBOX_REQUIREMENTS_LOCK, + ArtifactType, ) from utils import Utils @@ -138,15 +138,19 @@ class AwsCliVenv: # On windows the getsitepackages can return the root venv dir. # So instead of just taking the first entry, we need to take the # first entry that contains the string "site-packages" in the path. - site_path = [path for path in json.loads( - subprocess.check_output( - [ - self.python_exe, - "-c", - "import site, json; print(json.dumps(site.getsitepackages()))", - ] + site_path = [ + path + for path in json.loads( + subprocess.check_output( + [ + self.python_exe, + "-c", + "import site, json; print(json.dumps(site.getsitepackages()))", + ] + ) + .decode() + .strip() ) - .decode() - .strip() - ) if "site-packages" in path][0] + if "site-packages" in path + ][0] return site_path diff -pruN 2.23.6-1/backends/build_system/constants.py 2.31.35-1/backends/build_system/constants.py --- 2.23.6-1/backends/build_system/constants.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/constants.py 2025-11-12 19:17:29.000000000 +0000 @@ -14,7 +14,6 @@ import sys from enum import Enum from pathlib import Path - ROOT_DIR = Path(__file__).parents[2] BUILD_DIR = ROOT_DIR / "build" @@ -34,10 +33,16 @@ LOCK_SUFFIX = "win-lock.txt" if IS_WINDO REQUIREMENTS_DIR = ROOT_DIR / "requirements" BOOTSTRAP_REQUIREMENTS = REQUIREMENTS_DIR / "bootstrap.txt" DOWNLOAD_DEPS_BOOTSTRAP = REQUIREMENTS_DIR / "download-deps" / "bootstrap.txt" -DOWNLOAD_DEPS_BOOTSTRAP_LOCK = REQUIREMENTS_DIR / "download-deps" / f"bootstrap-{LOCK_SUFFIX}" +DOWNLOAD_DEPS_BOOTSTRAP_LOCK = ( + REQUIREMENTS_DIR / "download-deps" / f"bootstrap-{LOCK_SUFFIX}" +) PORTABLE_EXE_REQUIREMENTS = REQUIREMENTS_DIR / "portable-exe-extras.txt" -PORTABLE_EXE_REQUIREMENTS_LOCK = REQUIREMENTS_DIR / "download-deps" / f"portable-exe-{LOCK_SUFFIX}" -SYSTEM_SANDBOX_REQUIREMENTS_LOCK = REQUIREMENTS_DIR / "download-deps" / f"system-sandbox-{LOCK_SUFFIX}" +PORTABLE_EXE_REQUIREMENTS_LOCK = ( + REQUIREMENTS_DIR / "download-deps" / f"portable-exe-{LOCK_SUFFIX}" +) +SYSTEM_SANDBOX_REQUIREMENTS_LOCK = ( + REQUIREMENTS_DIR / "download-deps" / f"system-sandbox-{LOCK_SUFFIX}" +) # Auto-complete index AC_INDEX = ROOT_DIR / "awscli" / "data" / "ac.index" diff -pruN 2.23.6-1/backends/build_system/exe.py 2.31.35-1/backends/build_system/exe.py --- 2.23.6-1/backends/build_system/exe.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/exe.py 2025-11-12 19:17:29.000000000 +0000 @@ -13,9 +13,14 @@ import os from dataclasses import dataclass, field -from constants import EXE_ASSETS_DIR, PYINSTALLER_DIR, DISTRIBUTION_SOURCE_EXE, PYINSTALLER_EXE_NAME -from utils import Utils from awscli_venv import AwsCliVenv +from constants import ( + DISTRIBUTION_SOURCE_EXE, + EXE_ASSETS_DIR, + PYINSTALLER_DIR, + PYINSTALLER_EXE_NAME, +) +from utils import Utils @dataclass @@ -51,12 +56,6 @@ class ExeBuilder: self._final_dist_dir, distribution_source=DISTRIBUTION_SOURCE_EXE, ) - for distinfo in self._utils.glob( - '**/*.dist-info', - root=self._final_dist_dir - ): - self._utils.rmtree(os.path.join(self._final_dist_dir, distinfo)) - def _ensure_no_existing_build_dir(self): if self._utils.isdir(self._dist_dir): diff -pruN 2.23.6-1/backends/build_system/install.py 2.31.35-1/backends/build_system/install.py --- 2.23.6-1/backends/build_system/install.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/install.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,21 +10,23 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import os import functools +import os -from constants import CLI_SCRIPTS -from constants import IS_WINDOWS -from constants import BIN_DIRNAME -from constants import PYTHON_EXE_NAME -from constants import ArtifactType +from constants import ( + BIN_DIRNAME, + CLI_SCRIPTS, + IS_WINDOWS, + PYTHON_EXE_NAME, + ArtifactType, +) from utils import Utils - WINDOWS_CMD_TEMPLATE = """@echo off {path} %* """ + class Uninstaller: def __init__(self, utils: Utils = None): if utils is None: @@ -36,7 +38,9 @@ class Uninstaller: self._utils.rmtree(install_dir) for exe in CLI_SCRIPTS: exe_path = os.path.join(bin_dir, exe) - if self._utils.islink(exe_path) or self._utils.path_exists(exe_path): + if self._utils.islink(exe_path) or self._utils.path_exists( + exe_path + ): self._utils.remove(exe_path) @@ -78,7 +82,9 @@ class Installer: def _install_executables_on_windows(self, install_dir, bin_dir): filepath = os.path.join(bin_dir, "aws.cmd") - content = WINDOWS_CMD_TEMPLATE.format(path=os.path.join(install_dir, "aws.exe")) + content = WINDOWS_CMD_TEMPLATE.format( + path=os.path.join(install_dir, "aws.exe") + ) self._utils.write_file(filepath, content) def _symlink_executables(self, install_dir, bin_dir): diff -pruN 2.23.6-1/backends/build_system/utils.py 2.31.35-1/backends/build_system/utils.py --- 2.23.6-1/backends/build_system/utils.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/utils.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,22 +10,19 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import contextlib +import glob +import json import os import re -import sys import shlex -import glob -import json import shutil import subprocess +import sys import venv -import contextlib -from typing import List, Dict, Any, Optional, Callable - -from constants import ROOT_DIR -from constants import IS_WINDOWS -from constants import BOOTSTRAP_REQUIREMENTS +from typing import Any, Callable, Dict, List, Optional +from constants import BOOTSTRAP_REQUIREMENTS, IS_WINDOWS, ROOT_DIR PACKAGE_NAME = re.compile(r"(?P[A-Za-z][A-Za-z0-9_\.\-]+)(?P.+)") CONSTRAINT = re.compile(r"(?P[=\<\>]+)(?P.+)") @@ -47,7 +44,9 @@ class UnmetDependenciesException(Excepti f"{package} (required: {required.constraints}) " f"(version installed: {actual_version})\n" ) - pip_install_command_args.append(f'{package}{required.string_constraints()}') + pip_install_command_args.append( + f'{package}{required.string_constraints()}' + ) if reason: msg += f"\n{reason}\n" @@ -100,7 +99,9 @@ class Requirement: if not match: raise RuntimeError(f"Unknown version specifier {constraint}") comparison, constraint_version = match.group('comparison', 'version') - version, constraint_version = self._normalize(version, constraint_version) + version, constraint_version = self._normalize( + version, constraint_version + ) compare_fn = COMPARISONS.get(comparison) if not compare_fn: @@ -120,7 +121,9 @@ class Requirement: def __eq__(self, other): if other is None: return False - return (self.name == other.name and self.constraints == other.constraints) + return ( + self.name == other.name and self.constraints == other.constraints + ) def string_constraints(self): return ','.join(self.constraints) @@ -138,7 +141,7 @@ def parse_requirements(lines_list): if line.startswith('#'): continue if ' #' in line: - line = line[:line.find(' #')] + line = line[: line.find(' #')] if line.endswith('\\'): line = line[:-2].strip() try: @@ -174,7 +177,7 @@ def get_install_requires(): r"dependencies = \[([\s\S]+?)\]", re.MULTILINE ) extract_dependencies_re = re.compile(r'"(.+)"') - with open(ROOT_DIR / "pyproject.toml", "r") as f: + with open(ROOT_DIR / "pyproject.toml") as f: data = f.read() raw_dependencies = dependency_block_re.findall(data)[0] dependencies = extract_dependencies_re.findall(raw_dependencies) @@ -183,18 +186,15 @@ def get_install_requires(): def get_flit_core_unmet_exception(): in_venv = sys.prefix != sys.base_prefix - with open(BOOTSTRAP_REQUIREMENTS, 'r') as f: - flit_core_req = [ - l for l in f.read().split('\n') - if 'flit_core' in l - ] + with open(BOOTSTRAP_REQUIREMENTS) as f: + flit_core_req = [l for l in f.read().split('\n') if 'flit_core' in l] return UnmetDependenciesException( [('flit_core', None, list(parse_requirements(flit_core_req))[0])], in_venv, reason=( 'flit_core is needed ahead of time in order to parse the ' 'rest of the requirements.' - ) + ), ) @@ -215,7 +215,7 @@ class Utils: os.symlink(src, dst) def read_file_lines(self, path: str) -> List[str]: - return open(path, "r").readlines() + return open(path).readlines() def write_file(self, path: str, content: str): with open(path, "w") as f: @@ -248,7 +248,9 @@ class Utils: def update_metadata(self, dirname, **kwargs): print("Update metadata values %s" % kwargs) - metadata_file = os.path.join(dirname, "awscli", "data", "metadata.json") + metadata_file = os.path.join( + dirname, "awscli", "data", "metadata.json" + ) with open(metadata_file) as f: metadata = json.load(f) for key, value in kwargs.items(): @@ -261,5 +263,7 @@ class Utils: def get_script_header(self, python_exe_path: str) -> str: if IS_WINDOWS: - return f'@echo off & "{python_exe_path}" -x "%~f0" %* & goto :eof\n' + return ( + f'@echo off & "{python_exe_path}" -x "%~f0" %* & goto :eof\n' + ) return f"#!{python_exe_path}\n" diff -pruN 2.23.6-1/backends/build_system/validate_env.py 2.31.35-1/backends/build_system/validate_env.py --- 2.23.6-1/backends/build_system/validate_env.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/build_system/validate_env.py 2025-11-12 19:17:29.000000000 +0000 @@ -10,24 +10,24 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. +import importlib.metadata import re import sys from pathlib import Path -import importlib.metadata from constants import ( BOOTSTRAP_REQUIREMENTS, PORTABLE_EXE_REQUIREMENTS, ) -from utils import get_install_requires, parse_requirements -from utils import UnmetDependenciesException - +from utils import ( + UnmetDependenciesException, + get_install_requires, + parse_requirements, +) ROOT = Path(__file__).parents[2] PYPROJECT = ROOT / "pyproject.toml" -BUILD_REQS_RE = re.compile( - r"requires = \[([\s\S]+?)\]\s", re.MULTILINE -) +BUILD_REQS_RE = re.compile(r"requires = \[([\s\S]+?)\]\s", re.MULTILINE) EXTRACT_DEPENDENCIES_RE = re.compile(r'"(.+)"') @@ -49,7 +49,7 @@ def _get_requires_list(target_artifact): def _parse_pyproject_requirements(): - with open(PYPROJECT, 'r') as f: + with open(PYPROJECT) as f: data = f.read() raw_dependencies = BUILD_REQS_RE.findall(data)[0] dependencies = EXTRACT_DEPENDENCIES_RE.findall(raw_dependencies) @@ -58,7 +58,7 @@ def _parse_pyproject_requirements(): def _parse_requirements(requirements_file): requirements = [] - with open(requirements_file, "r") as f: + with open(requirements_file) as f: for line in f.readlines(): if not line.startswith(("-r", "#")): requirements.append(line.strip()) @@ -76,8 +76,15 @@ def _get_unmet_dependencies(requirements try: actual_version = importlib.metadata.version(project_name) except importlib.metadata.PackageNotFoundError: - unmet.append((project_name, None, requirement)) - continue + try: + # Packages built from source may have directory names + # that replace "." with "_". + actual_version = importlib.metadata.version( + project_name.replace(".", "_") + ) + except importlib.metadata.PackageNotFoundError: + unmet.append((project_name, None, requirement)) + continue if not requirement.is_in_range(actual_version): unmet.append((project_name, actual_version, requirement)) return unmet diff -pruN 2.23.6-1/backends/pep517.py 2.31.35-1/backends/pep517.py --- 2.23.6-1/backends/pep517.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/backends/pep517.py 2025-11-12 19:17:29.000000000 +0000 @@ -23,15 +23,16 @@ this in-tree backend just proxies to fli is that it builds the auto-complete index and injects it into the wheel built by flit prior to returning. """ -import re + +import base64 import contextlib +import glob import hashlib -import base64 import os -import glob -import tarfile +import re import shutil import sys +import tarfile import zipfile from pathlib import Path @@ -106,7 +107,7 @@ def get_requires_for_build_wheel(config_ r"dependencies = \[([\s\S]+?)\]\s", re.MULTILINE ) extract_dependencies_re = re.compile(r'"(.+)"') - with open(ROOT_DIR / "pyproject.toml", "r") as f: + with open(ROOT_DIR / "pyproject.toml") as f: data = f.read() raw_dependencies = dependency_block_re.findall(data)[0] dependencies = extract_dependencies_re.findall(raw_dependencies) @@ -150,8 +151,9 @@ def _should_copy(path): return False return True + def read_sdist_extras(): - with open(ROOT_DIR / "pyproject.toml", "r") as f: + with open(ROOT_DIR / "pyproject.toml") as f: data = f.read() # This regex searches for the list content of sdist_extra_files # in the tool.awscli table within pyproject.toml. @@ -175,7 +177,7 @@ def read_sdist_extras(): def _rewrite_shebang(path): - with open(path, "r") as f: + with open(path) as f: lines = f.read().split("\n") # Rewrite shebang lines to be #!python to conform with PEP 427. if lines[0] == "#!/usr/bin/env python": diff -pruN 2.23.6-1/bin/aws 2.31.35-1/bin/aws --- 2.23.6-1/bin/aws 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/bin/aws 2025-11-12 19:17:29.000000000 +0000 @@ -11,8 +11,8 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -import sys import os +import sys if os.environ.get('LC_CTYPE', '') == 'UTF-8': os.environ['LC_CTYPE'] = 'en_US.UTF-8' diff -pruN 2.23.6-1/bin/aws_completer 2.31.35-1/bin/aws_completer --- 2.23.6-1/bin/aws_completer 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/bin/aws_completer 2025-11-12 19:17:29.000000000 +0000 @@ -12,6 +12,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. import os + if os.environ.get('LC_CTYPE', '') == 'UTF-8': os.environ['LC_CTYPE'] = 'en_US.UTF-8' from awscli.autocomplete.main import autocomplete diff -pruN 2.23.6-1/configure 2.31.35-1/configure --- 2.23.6-1/configure 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/configure 2025-11-12 19:17:29.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for awscli 2.23.6. +# Generated by GNU Autoconf 2.71 for awscli 2.31.35. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='awscli' PACKAGE_TARNAME='awscli' -PACKAGE_VERSION='2.23.6' -PACKAGE_STRING='awscli 2.23.6' +PACKAGE_VERSION='2.31.35' +PACKAGE_STRING='awscli 2.31.35' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1255,7 +1255,7 @@ _ACEOF fi if $ac_init_version; then cat <<\_ACEOF -awscli configure 2.23.6 +awscli configure 2.31.35 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1292,7 +1292,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by awscli $as_me 2.23.6, which was +It was created by awscli $as_me 2.31.35, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2668,7 +2668,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by awscli $as_me 2.23.6, which was +This file was extended by awscli $as_me 2.31.35, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -2723,7 +2723,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -awscli config.status 2.23.6 +awscli config.status 2.31.35 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -pruN 2.23.6-1/configure.ac 2.31.35-1/configure.ac --- 2.23.6-1/configure.ac 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/configure.ac 2025-11-12 19:17:29.000000000 +0000 @@ -1,5 +1,5 @@ AC_CONFIG_MACRO_DIRS([m4]) -AC_INIT([awscli], [2.23.6]) +AC_INIT([awscli], [2.31.35]) AC_CONFIG_SRCDIR([bin/aws]) AM_PATH_PYTHON([3.8]) diff -pruN 2.23.6-1/debian/changelog 2.31.35-1/debian/changelog --- 2.23.6-1/debian/changelog 2025-01-25 06:02:43.000000000 +0000 +++ 2.31.35-1/debian/changelog 2025-11-13 09:11:42.000000000 +0000 @@ -1,3 +1,11 @@ +awscli (2.31.35-1) unstable; urgency=medium + + * New upstream version 2.31.35 + * debian/patches: refreshed + * debian/patches: drop Drop-upper-python-cryptography-limit.patch + + -- Thomas Bechtold Thu, 13 Nov 2025 10:11:42 +0100 + awscli (2.23.6-1) unstable; urgency=medium * New upstream version 2.23.6 (Closes: #1093979) diff -pruN 2.23.6-1/debian/patches/0001-Fix-documentation-build.patch 2.31.35-1/debian/patches/0001-Fix-documentation-build.patch --- 2.23.6-1/debian/patches/0001-Fix-documentation-build.patch 2025-01-25 06:02:43.000000000 +0000 +++ 2.31.35-1/debian/patches/0001-Fix-documentation-build.patch 2025-11-13 09:11:42.000000000 +0000 @@ -6,16 +6,14 @@ Subject: Fix documentation build doc/source/bootstrapdocs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/doc/source/bootstrapdocs.py b/doc/source/bootstrapdocs.py -index 830071a..612425b 100644 --- a/doc/source/bootstrapdocs.py +++ b/doc/source/bootstrapdocs.py -@@ -7,7 +7,7 @@ RST_GENERATION_SCRIPT = 'htmlgen' - script_path = os.path.join(os.path.dirname(__file__), - RST_GENERATION_SCRIPT) +@@ -6,7 +6,7 @@ + RST_GENERATION_SCRIPT = 'htmlgen' + script_path = os.path.join(os.path.dirname(__file__), RST_GENERATION_SCRIPT) os.environ['PATH'] += ':.' --rc = subprocess.call("python "+ script_path, shell=True, env=os.environ) -+rc = subprocess.call("python3 "+ script_path, shell=True, env=os.environ) +-rc = subprocess.call("python " + script_path, shell=True, env=os.environ) ++rc = subprocess.call("python3 " + script_path, shell=True, env=os.environ) if rc != 0: sys.stderr.write("Failed to generate documentation!\n") sys.exit(2) diff -pruN 2.23.6-1/debian/patches/Drop-upper-python-cryptography-limit.patch 2.31.35-1/debian/patches/Drop-upper-python-cryptography-limit.patch --- 2.23.6-1/debian/patches/Drop-upper-python-cryptography-limit.patch 2025-01-25 06:02:43.000000000 +0000 +++ 2.31.35-1/debian/patches/Drop-upper-python-cryptography-limit.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -From: =?utf-8?q?Jeremy_B=C3=ADcha?= -Date: Thu, 11 Jan 2024 14:03:04 -0500 -Subject: Drop upper python-cryptography limit - -https://bugs.debian.org/1060455 - -Forwarded: https://github.com/aws/aws-cli/issues/5943 ---- - pyproject.toml | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/pyproject.toml -+++ b/pyproject.toml -@@ -32,7 +32,7 @@ - dependencies = [ - "colorama>=0.2.5,<0.4.7", - "docutils>=0.10,<0.20", -- "cryptography>=40.0.0,<43.0.2", -+ "cryptography>=40.0.0", - "ruamel.yaml>=0.15.0,<=0.17.21", - # ruamel.yaml only requires ruamel.yaml.clib for Python versions - # less than or equal to Python 3.10. In order to ensure we have diff -pruN 2.23.6-1/debian/patches/series 2.31.35-1/debian/patches/series --- 2.23.6-1/debian/patches/series 2025-01-25 06:02:43.000000000 +0000 +++ 2.31.35-1/debian/patches/series 2025-11-13 09:11:42.000000000 +0000 @@ -1,4 +1,3 @@ 0001-Fix-documentation-build.patch install-shell-helper-to-libexec.patch -Drop-upper-python-cryptography-limit.patch update-embedded-six.py diff -pruN 2.23.6-1/doc/README.rst 2.31.35-1/doc/README.rst --- 2.23.6-1/doc/README.rst 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/README.rst 2025-11-12 19:17:29.000000000 +0000 @@ -2,10 +2,9 @@ Building The Documentation ========================== -Before building the documentation, make sure you have Python 3.7, -the awscli, and all the necessary dependencies installed. You can -install dependencies by using the requirements-docs.txt file at the -root of this repo:: +Before building the documentation, ensure you have the AWS CLI and +necessary dependencies installed. You can install dependencies by +using the requirements-docs.txt file at the root of this repo:: pip install -r requirements-docs.txt diff -pruN 2.23.6-1/doc/source/bootstrapdocs.py 2.31.35-1/doc/source/bootstrapdocs.py --- 2.23.6-1/doc/source/bootstrapdocs.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/source/bootstrapdocs.py 2025-11-12 19:17:29.000000000 +0000 @@ -4,10 +4,9 @@ import subprocess import sys RST_GENERATION_SCRIPT = 'htmlgen' -script_path = os.path.join(os.path.dirname(__file__), - RST_GENERATION_SCRIPT) +script_path = os.path.join(os.path.dirname(__file__), RST_GENERATION_SCRIPT) os.environ['PATH'] += ':.' -rc = subprocess.call("python "+ script_path, shell=True, env=os.environ) +rc = subprocess.call("python " + script_path, shell=True, env=os.environ) if rc != 0: sys.stderr.write("Failed to generate documentation!\n") sys.exit(2) diff -pruN 2.23.6-1/doc/source/conf.py 2.31.35-1/doc/source/conf.py --- 2.23.6-1/doc/source/conf.py 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/source/conf.py 2025-11-12 19:17:29.000000000 +0000 @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- # # aws-cli documentation build configuration file, created by # sphinx-quickstart on Fri Feb 1 12:57:38 2013. @@ -11,7 +10,9 @@ # All configuration values have a default; values that are commented out # serve to show the default. -import sys, os +import datetime +import os +import sys # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the @@ -23,30 +24,24 @@ import bootstrapdocs # -- General configuration ----------------------------------------------------- # If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' +# needs_sphinx = '1.0' # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = ['notfound.extension',] +extensions = [ + 'notfound.extension', + 'crosslinker', +] notfound_context = { 'title': 'Page not found', 'body': '

    Page not found

    \n\n' - 'Sorry, the page you requested could not be found.' + 'Sorry, the page you requested could not be found.', } notfound_pagename = '_404' # notfound.extension changes all the relative links to links like -# "/en/latest/_static/**" and we use "notfound_default_language" key -# to change “en” to our path prefix -notfound_default_language = os.environ.get( - 'DOCS_STATIC_PATH', - 'v2/documentation/api' -) - -# For local 404.html testing uncomment lines below and put in local path -# to the build folder on your disk - -# notfound_default_language = '/build' -# notfound_default_version = 'html' +# "/en/latest/_static/**" and we use "notfound_urls_prefix" key +# to set our path prefix +notfound_urls_prefix = '/v2/documentation/api/latest/' # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] @@ -55,14 +50,14 @@ templates_path = ['_templates'] source_suffix = '.rst' # The encoding of source files. -#source_encoding = 'utf-8-sig' +# source_encoding = 'utf-8-sig' # The master toctree document. master_doc = 'index' # General information about the project. -project = u'AWS CLI Command Reference' -copyright = u'2018, Amazon Web Services' +project = 'AWS CLI Command Reference' +copyright = f'{datetime.datetime.now().year}, Amazon Web Services' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the @@ -71,49 +66,49 @@ copyright = u'2018, Amazon Web Services' # The short X.Y version. version = '2.0' # The full version, including alpha/beta/rc tags. -release = '2.23.6' +release = '2.31.35' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. -#language = None +# language = None # There are two options for replacing |today|: either, you set today to some # non-false value, then it is used: # Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' +# today_fmt = '%B %d, %Y' # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. exclude_patterns = ['examples'] # The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None +# default_role = None # If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True +# add_function_parentheses = True # If true, the current module name will be prepended to all description # unit titles (such as .. function::). -#add_module_names = True +# add_module_names = True # If true, sectionauthor and moduleauthor directives will be shown in the # output. They are ignored by default. -#show_authors = False +# show_authors = False # The name of the Pygments (syntax highlighting) style to use. pygments_style = 'guzzle_sphinx_theme.GuzzleStyle' -#pygments_style = 'sphinx' +# pygments_style = 'sphinx' # A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] +# modindex_common_prefix = [] # -- Options for HTML output --------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -#html_theme = 'pyramid' +# html_theme = 'pyramid' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -123,23 +118,23 @@ pygments_style = 'guzzle_sphinx_theme.Gu # } # Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = ['.'] +# html_theme_path = ['.'] # The name for this set of Sphinx documents. If None, it defaults to # " v documentation". html_title = "AWS CLI %s Command Reference" % release # A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None +# html_short_title = None # The name of an image file (relative to this directory) to place at the top # of the sidebar. -#html_logo = None +# html_logo = None # The name of an image file (within the static path) to use as favicon of the # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 # pixels large. -#html_favicon = None +# html_favicon = None # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, @@ -148,50 +143,52 @@ html_static_path = ['_static'] # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, # using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' +# html_last_updated_fmt = '%b %d, %Y' # If true, SmartyPants will be used to convert quotes and dashes to # typographically correct entities. -#html_use_smartypants = True +# html_use_smartypants = True # Custom sidebar templates, maps document names to template names. html_sidebars = { - '**': ['sidebarlogo.html', - 'localtoc.html', - 'searchbox.html', - 'feedback.html', - 'userguide.html'] + '**': [ + 'sidebarlogo.html', + 'localtoc.html', + 'searchbox.html', + 'feedback.html', + 'userguide.html', + ] } # Additional templates that should be rendered to pages, maps page names to # template names. -#html_additional_pages = {} +# html_additional_pages = {} # If false, no module index is generated. -#html_domain_indices = True +# html_domain_indices = True # If false, no index is generated. -#html_use_index = True +# html_use_index = True # If true, the index is split into individual pages for each letter. -#html_split_index = False +# html_split_index = False # If true, links to the reST sources are added to the pages. -#html_show_sourcelink = True +# html_show_sourcelink = True # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True +# html_show_sphinx = True # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True +# html_show_copyright = True # If true, an OpenSearch description file will be output, and all pages will # contain a tag referring to it. The value of this option must be the # base URL from which the finished HTML is served. -#html_use_opensearch = '' +# html_use_opensearch = '' # This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None +# html_file_suffix = None # Output file base name for HTML help builder. htmlhelp_basename = 'aws-clidoc' @@ -219,46 +216,48 @@ html_theme_options = { } - # -- Options for LaTeX output -------------------------------------------------- latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', - -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', - -# Additional stuff for the LaTeX preamble. -#'preamble': '', + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', + # Additional stuff for the LaTeX preamble. + #'preamble': '', } # Grouping the document tree into LaTeX files. List of tuples # (source start file, target name, title, author, documentclass [howto/manual]). latex_documents = [ - ('index', 'aws-cli.tex', u'AWS CLI Documentation', - u'Amazon Web Services', 'manual'), + ( + 'index', + 'aws-cli.tex', + 'AWS CLI Documentation', + 'Amazon Web Services', + 'manual', + ), ] # The name of an image file (relative to this directory) to place at the top of # the title page. -#latex_logo = None +# latex_logo = None # For "manual" documents, if this is true, then toplevel headings are parts, # not chapters. -#latex_use_parts = False +# latex_use_parts = False # If true, show page references after internal links. -#latex_show_pagerefs = False +# latex_show_pagerefs = False # If true, show URL addresses after external links. -#latex_show_urls = False +# latex_show_urls = False # Documents to append as an appendix to all manuals. -#latex_appendices = [] +# latex_appendices = [] # If false, no module index is generated. -#latex_domain_indices = True +# latex_domain_indices = True # -- Options for manual page output -------------------------------------------- @@ -266,63 +265,121 @@ latex_documents = [ # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). -man_pages = [('reference/index', 'aws', 'The main command', '', 1), - ('reference/autoscaling/index', 'aws-autoscaling', - 'The autoscaling service', '', 1), - ('reference/cloudformation/index', 'aws-cloudformation', - 'AWS CloudFormation', '', 1), - ('reference/cloudwatch/index', 'aws-cloudwatch', - 'Amazon CloudWatch', '', 1), - ('reference/datapipeline/index', 'aws-datapipeline', - 'AWS Data Pipeline', '', 1), - ('reference/directconnect/index', 'aws-directconnect', - 'AWS Direct Connect', '', 1), - ('reference/dynamodb/index', 'aws-dynamodb', - 'Amazon DynamoDB', '', 1), - ('reference/ec2/index', 'aws-ec2', - 'Amazon Elastic Compute Cloud', '', 1), - ('reference/elasticache/index', 'aws-elasticache', - 'Amazon ElastiCache', '', 1), - ('reference/elasticbeanstalk/index', 'aws-elasticbeanstalk', - 'AWS Elastic Beanstalk', '', 1), - ('reference/elastictranscoder/index', 'aws-elastictranscoder', - 'Amazon Elastic Transcoder', '', 1), - ('reference/elb/index', 'aws-elb', - 'Elastic Load Balancing', '', 1), - ('reference/emr/index', 'aws-emr', - 'Amazon Elastic MapReduce', '', 1), - ('reference/iam/index', 'aws-iam', - 'AWS Identity and Access Management', '', 1), - ('reference/importexport/index', 'aws-importexport', - 'AWS Import/Export', '', 1), - ('reference/opsworks/index', 'aws-opsworks', - 'AWS OpsWorks', '', 1), - ('reference/rds/index', 'aws-rds', - 'Amazon Relational Database Service', '', 1), - ('reference/redshift/index', 'aws-redshift', - 'Amazon Redshift', '', 1), - ('reference/route53/index', 'aws-route53', - 'Amazon Route 53', '', 1), - ('reference/s3/index', 'aws-s3', - 'Amazon Simple Storage Service', '', 1), - ('reference/ses/index', 'aws-ses', - 'Amazon Simple Email Service', '', 1), - ('reference/sns/index', 'aws-sns', - 'Amazon Simple Notification Service', '', 1), - ('reference/sqs/index', 'aws-sqs', - 'Amazon Simple Queue Service', '', 1), - ('reference/storagegateway/index', 'aws-storagegateway', - 'AWS Storage Gateway', '', 1), - ('reference/sts/index', 'aws-sts', - 'AWS Security Token Service', '', 1), - ('reference/support/index', 'aws-support', - 'AWS Support', '', 1), - ('reference/swf/index', 'aws-swf', - 'Amazon Simple Workflow Service', '', 1), - ] +man_pages = [ + ('reference/index', 'aws', 'The main command', '', 1), + ( + 'reference/autoscaling/index', + 'aws-autoscaling', + 'The autoscaling service', + '', + 1, + ), + ( + 'reference/cloudformation/index', + 'aws-cloudformation', + 'AWS CloudFormation', + '', + 1, + ), + ( + 'reference/cloudwatch/index', + 'aws-cloudwatch', + 'Amazon CloudWatch', + '', + 1, + ), + ( + 'reference/datapipeline/index', + 'aws-datapipeline', + 'AWS Data Pipeline', + '', + 1, + ), + ( + 'reference/directconnect/index', + 'aws-directconnect', + 'AWS Direct Connect', + '', + 1, + ), + ('reference/dynamodb/index', 'aws-dynamodb', 'Amazon DynamoDB', '', 1), + ('reference/ec2/index', 'aws-ec2', 'Amazon Elastic Compute Cloud', '', 1), + ( + 'reference/elasticache/index', + 'aws-elasticache', + 'Amazon ElastiCache', + '', + 1, + ), + ( + 'reference/elasticbeanstalk/index', + 'aws-elasticbeanstalk', + 'AWS Elastic Beanstalk', + '', + 1, + ), + ( + 'reference/elastictranscoder/index', + 'aws-elastictranscoder', + 'Amazon Elastic Transcoder', + '', + 1, + ), + ('reference/elb/index', 'aws-elb', 'Elastic Load Balancing', '', 1), + ('reference/emr/index', 'aws-emr', 'Amazon Elastic MapReduce', '', 1), + ( + 'reference/iam/index', + 'aws-iam', + 'AWS Identity and Access Management', + '', + 1, + ), + ( + 'reference/importexport/index', + 'aws-importexport', + 'AWS Import/Export', + '', + 1, + ), + ( + 'reference/rds/index', + 'aws-rds', + 'Amazon Relational Database Service', + '', + 1, + ), + ('reference/redshift/index', 'aws-redshift', 'Amazon Redshift', '', 1), + ('reference/route53/index', 'aws-route53', 'Amazon Route 53', '', 1), + ('reference/s3/index', 'aws-s3', 'Amazon Simple Storage Service', '', 1), + ('reference/ses/index', 'aws-ses', 'Amazon Simple Email Service', '', 1), + ( + 'reference/sns/index', + 'aws-sns', + 'Amazon Simple Notification Service', + '', + 1, + ), + ('reference/sqs/index', 'aws-sqs', 'Amazon Simple Queue Service', '', 1), + ( + 'reference/storagegateway/index', + 'aws-storagegateway', + 'AWS Storage Gateway', + '', + 1, + ), + ('reference/sts/index', 'aws-sts', 'AWS Security Token Service', '', 1), + ('reference/support/index', 'aws-support', 'AWS Support', '', 1), + ( + 'reference/swf/index', + 'aws-swf', + 'Amazon Simple Workflow Service', + '', + 1, + ), +] # If true, show URL addresses after external links. -#man_show_urls = False +# man_show_urls = False # -- Options for Texinfo output ------------------------------------------------ @@ -334,10 +391,10 @@ texinfo_documents = [] # Documents to append as an appendix to all manuals. -#texinfo_appendices = [] +# texinfo_appendices = [] # If false, no module index is generated. -#texinfo_domain_indices = True +# texinfo_domain_indices = True # How to display URL addresses: 'footnote', 'no', or 'inline'. -#texinfo_show_urls = 'footnote' +# texinfo_show_urls = 'footnote' diff -pruN 2.23.6-1/doc/source/crosslinker.py 2.31.35-1/doc/source/crosslinker.py --- 2.23.6-1/doc/source/crosslinker.py 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/doc/source/crosslinker.py 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,205 @@ +import os + +from sphinx.application import Sphinx + +import awscli.botocore.session +import awscli.clidriver + +"""Generate apache rewrite rules for cross linking. + +Example: + +^/goto/cli2/acm-2015-12-08/AddTagsToCertificate$ + +will redirect to the relative path + +/cli/latest/reference/acm/add-tags-to-certificate.html + +Usage +===== + +Make sure you're in a venv with the correct versions of the AWS CLI v2 installed. +It will be imported directly to generate the crosslinks. + +This is a Sphinx extension that gets run after all document updates have been +executed and before the cleanup phase. +""" + + +class AWSCLICrossLinkGenerator: + # The name of the tool, this is what's + # used in the goto links: /goto/{toolname}/{operation} + TOOL_NAME = 'cli2' + BASE_URL = '/cli/latest/reference' + # The base url for your SDK service reference. This page + # is used as a fallback for goto links for unknown service + # uids and for the "catch-all" regex for the tool. + FALLBACK_BASE = '/cli/latest/reference/index.html' + # The url used for a specific service. This value + # must have one string placeholder value where the + # service_name can be placed. + SERVICE_BASE = '/cli/latest/reference/%s/index.html' + + def __init__(self): + self._driver = awscli.clidriver.create_clidriver() + # Cache of service -> operation names + # The operation names are not xformed(), they're + # exactly as they're spelled in the API reference. + self._service_operations = {} + # Mapping of service name to boto class name. + self._service_class_names = {} + # Mapping of uid -> service_name + self._uid_mapping = {} + self._generate_mappings() + + def _generate_mappings(self): + command_table = self._driver.create_help_command().command_table + for name, command in command_table.items(): + if hasattr(command, '_UNDOCUMENTED'): + continue + if not hasattr(command, 'service_model'): + continue + uid = command.service_model.metadata.get('uid') + if uid is None: + continue + self._uid_mapping[uid] = name + ops_table = command.create_help_command().command_table + mapping = {} + for op_name, op_command in ops_table.items(): + op_help = op_command.create_help_command() + mapping[op_help.obj.name] = op_name + self._service_operations[name] = mapping + + def _generate_cross_link(self, service_name, operation_name): + if operation_name not in self._service_operations[service_name]: + return self.SERVICE_BASE % service_name + return '%s/%s/%s.html' % ( + self.BASE_URL, + service_name, + self._service_operations[service_name][operation_name], + ) + + def _is_catchall_regex(self, parts): + # This is the catch-all regex used as a safety net + # for any requests to our tool that we don't understand. + # For example: /goto/aws-cli/(.*) + return len(parts) == 4 and parts[-1] == '(.*)' + + def _is_service_catchall_regex(self, parts): + # This is the catch-all regex used for requests to a + # known service for an unknown operation/shape. + # For example: /goto/cli2/xray-2016-04-12/(.*) + return len(parts) == 5 and parts[-1] == '(.*)' + + def generate_cross_link(self, link): + parts = link.split('/') + if len(parts) < 4: + return None + tool_name = parts[2] + if tool_name != self.TOOL_NAME: + return None + if self._is_catchall_regex(parts): + return self.FALLBACK_BASE + uid = parts[3] + if uid not in self._uid_mapping: + return self.FALLBACK_BASE + service_name = self._uid_mapping[uid] + if self._is_service_catchall_regex(parts): + return self.SERVICE_BASE % service_name + # At this point we know this is a valid cross-link + # for an operation we probably know about, so we can + # defer to the template method. + return self._generate_cross_link( + service_name=service_name, + operation_name=parts[-1], + ) + + +def create_goto_links_iter(session): + for service_name in session.get_available_services(): + m = session.get_service_model(service_name) + uid = m.metadata.get('uid') + if uid is None: + continue + for operation_name in m.operation_names: + yield '/goto/{toolname}/%s/%s' % (uid, operation_name) + # We also want to yield a catch-all link for the service. + yield '/goto/{toolname}/%s/(.*)' % uid + # And a catch-all for the entire tool. + yield '/goto/{toolname}/(.*)' + + +def create_rewrite_rule(incoming_link, redirect): + # Given an incoming_link (/goto/aws-cli/...) and the + # URL it should redirect to, generate the actual + # rewrite rule. + return 'RewriteRule ^%s$ %s [L,R,NE]\n' % (incoming_link, redirect) + + +def generate_all_cross_links(session, out_file): + # links_iter: Generator of crosslinks to generate + linker = AWSCLICrossLinkGenerator() + # This gives us a list of tuples of + # (goto_link, redirect_link) + crosslinks = generate_tool_cross_links(session, linker) + # From there we need to convert that to the actual Rewrite rules. + lines = generate_conf_for_crosslinks(linker, crosslinks) + out_file.writelines(lines) + + +def generate_conf_for_crosslinks(linker, crosslinks): + # These first two lines are saying that if the URL + # does not match the regex '/goto/(toolname)', then + # we should skip all the RewriteRules associated with + # that toolname. + # The way RewriteCond works is that if the condition + # evalutes to true, the immediately next RewriteRule + # is triggered. + lines = [ + f'RewriteCond %{{REQUEST_URI}} !^\\/goto\\/{linker.TOOL_NAME}\\/.*$\n', + # The S=12345 means skip the next 12345 lines. This + # rule is only triggered if the RewriteCond above + # evaluates to true. Think of this as a fancy GOTO. + f'RewriteRule ".*" "-" [S={len(crosslinks)}]\n', + ] + for goto_link, redirect in crosslinks: + lines.append(create_rewrite_rule(goto_link, redirect)) + return lines + + +def generate_tool_cross_links(session, linker): + crosslinks = [] + for link_template in create_goto_links_iter(session): + link_str = link_template.format(toolname=linker.TOOL_NAME) + result = linker.generate_cross_link(link_str) + if result is not None: + crosslinks.append((link_str, result)) + return crosslinks + + +def generate_crosslinks(app: Sphinx): + session = awscli.botocore.session.get_session() + out_path = os.path.join( + os.path.abspath(app.outdir), 'package.redirects.conf' + ) + with open(out_path, 'w') as out_file: + generate_all_cross_links(session, out_file) + + # Sphinx expects us to return an iterable of pages we want to create using + # their template/context system. We return an empty list since this extension + # does not create HTML pages via this system. + return [] + + +def setup(app: Sphinx): + # hook into the html-collect-pages event to guarantee all + # document writing/modification has been completed before + # generating crosslinks. + app.connect('html-collect-pages', generate_crosslinks) + + return { + 'version': '1.0', + 'env_version': 1, + 'parallel_read_safe': True, + 'parallel_write_safe': True, + } diff -pruN 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/layout.html 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/layout.html --- 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/layout.html 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/layout.html 2025-11-12 19:17:29.000000000 +0000 @@ -5,7 +5,6 @@ {{ super() }} - {%- endblock %} @@ -106,14 +105,7 @@ {%- endif %} - + {%- endblock %} {%- block footer %} diff -pruN 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/searchbox.html 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/searchbox.html --- 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/searchbox.html 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/searchbox.html 2025-11-12 19:17:29.000000000 +0000 @@ -9,5 +9,5 @@ - + {%- endif %} diff -pruN 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/analytics.js 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/analytics.js --- 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/analytics.js 1970-01-01 00:00:00.000000000 +0000 +++ 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/analytics.js 2025-11-12 19:17:29.000000000 +0000 @@ -0,0 +1,6 @@ +s.prop66 = 'AWS CLI'; +s.eVar66 = 'D=c66'; +s.prop65 = 'API Reference'; +s.eVar65 = 'D=c65'; +var s_code = s.t(); +if (s_code) document.write(s_code); \ No newline at end of file diff -pruN 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/jquery-1.9.1.min.js 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/jquery-1.9.1.min.js --- 2.23.6-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/jquery-1.9.1.min.js 2025-01-24 19:08:50.000000000 +0000 +++ 2.31.35-1/doc/source/guzzle_sphinx_theme/guzzle_sphinx_theme/static/jquery-1.9.1.min.js 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license - //@ sourceMappingURL=jquery.min.map - */(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H))};b.fn=b.prototype={jquery:p,constructor:b,init:function(e,n,r){var i,a;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof b?n[0]:n,b.merge(this,b.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:o,!0)),C.test(i[1])&&b.isPlainObject(n))for(i in n)b.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(a=o.getElementById(i[2]),a&&a.parentNode){if(a.id!==i[2])return r.find(e);this.length=1,this[0]=a}return this.context=o,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):b.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),b.makeArray(e,this))},selector:"",length:0,size:function(){return this.length},toArray:function(){return h.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=b.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return b.each(this,e,t)},ready:function(e){return b.ready.promise().done(e),this},slice:function(){return this.pushStack(h.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(b.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:d,sort:[].sort,splice:[].splice},b.fn.init.prototype=b.fn,b.extend=b.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},u=2),"object"==typeof s||b.isFunction(s)||(s={}),l===u&&(s=this,--u);l>u;u++)if(null!=(o=arguments[u]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(b.isPlainObject(r)||(n=b.isArray(r)))?(n?(n=!1,a=e&&b.isArray(e)?e:[]):a=e&&b.isPlainObject(e)?e:{},s[i]=b.extend(c,a,r)):r!==t&&(s[i]=r));return s},b.extend({noConflict:function(t){return e.$===b&&(e.$=u),t&&e.jQuery===b&&(e.jQuery=s),b},isReady:!1,readyWait:1,holdReady:function(e){e?b.readyWait++:b.ready(!0)},ready:function(e){if(e===!0?!--b.readyWait:!b.isReady){if(!o.body)return setTimeout(b.ready);b.isReady=!0,e!==!0&&--b.readyWait>0||(n.resolveWith(o,[b]),b.fn.trigger&&b(o).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===b.type(e)},isArray:Array.isArray||function(e){return"array"===b.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[m.call(e)]||"object":typeof e},isPlainObject:function(e){if(!e||"object"!==b.type(e)||e.nodeType||b.isWindow(e))return!1;try{if(e.constructor&&!y.call(e,"constructor")&&!y.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||y.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||o;var r=C.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=b.buildFragment([e],t,i),i&&b(i).remove(),b.merge([],r.childNodes))},parseJSON:function(n){return e.JSON&&e.JSON.parse?e.JSON.parse(n):null===n?n:"string"==typeof n&&(n=b.trim(n),n&&k.test(n.replace(S,"@").replace(A,"]").replace(E,"")))?Function("return "+n)():(b.error("Invalid JSON: "+n),t)},parseXML:function(n){var r,i;if(!n||"string"!=typeof n)return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(o){r=t}return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||b.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&b.trim(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(j,"ms-").replace(D,L)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,n){var r,i=0,o=e.length,a=M(e);if(n){if(a){for(;o>i;i++)if(r=t.apply(e[i],n),r===!1)break}else for(i in e)if(r=t.apply(e[i],n),r===!1)break}else if(a){for(;o>i;i++)if(r=t.call(e[i],i,e[i]),r===!1)break}else for(i in e)if(r=t.call(e[i],i,e[i]),r===!1)break;return e},trim:v&&!v.call("\ufeff\u00a0")?function(e){return null==e?"":v.call(e)}:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(M(Object(e))?b.merge(n,"string"==typeof e?[e]:e):d.call(n,e)),n},inArray:function(e,t,n){var r;if(t){if(g)return g.call(t,e,n);for(r=t.length,n=n?0>n?Math.max(0,r+n):n:0;r>n;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,o=0;if("number"==typeof r)for(;r>o;o++)e[i++]=n[o];else while(n[o]!==t)e[i++]=n[o++];return e.length=i,e},grep:function(e,t,n){var r,i=[],o=0,a=e.length;for(n=!!n;a>o;o++)r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,n){var r,i=0,o=e.length,a=M(e),s=[];if(a)for(;o>i;i++)r=t(e[i],i,n),null!=r&&(s[s.length]=r);else for(i in e)r=t(e[i],i,n),null!=r&&(s[s.length]=r);return f.apply([],s)},guid:1,proxy:function(e,n){var r,i,o;return"string"==typeof n&&(o=e[n],n=e,e=o),b.isFunction(e)?(r=h.call(arguments,2),i=function(){return e.apply(n||this,r.concat(h.call(arguments)))},i.guid=e.guid=e.guid||b.guid++,i):t},access:function(e,n,r,i,o,a,s){var u=0,l=e.length,c=null==r;if("object"===b.type(r)){o=!0;for(u in r)b.access(e,n,u,r[u],!0,a,s)}else if(i!==t&&(o=!0,b.isFunction(i)||(s=!0),c&&(s?(n.call(e,i),n=null):(c=n,n=function(e,t,n){return c.call(b(e),n)})),n))for(;l>u;u++)n(e[u],r,s?i:i.call(e[u],u,n(e[u],r)));return o?e:c?n.call(e):l?n(e[0],r):a},now:function(){return(new Date).getTime()}}),b.ready.promise=function(t){if(!n)if(n=b.Deferred(),"complete"===o.readyState)setTimeout(b.ready);else if(o.addEventListener)o.addEventListener("DOMContentLoaded",H,!1),e.addEventListener("load",H,!1);else{o.attachEvent("onreadystatechange",H),e.attachEvent("onload",H);var r=!1;try{r=null==e.frameElement&&o.documentElement}catch(i){}r&&r.doScroll&&function a(){if(!b.isReady){try{r.doScroll("left")}catch(e){return setTimeout(a,50)}q(),b.ready()}}()}return n.promise(t)},b.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function M(e){var t=e.length,n=b.type(e);return b.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}r=b(o);var _={};function F(e){var t=_[e]={};return b.each(e.match(w)||[],function(e,n){t[n]=!0}),t}b.Callbacks=function(e){e="string"==typeof e?_[e]||F(e):b.extend({},e);var n,r,i,o,a,s,u=[],l=!e.once&&[],c=function(t){for(r=e.memory&&t,i=!0,a=s||0,s=0,o=u.length,n=!0;u&&o>a;a++)if(u[a].apply(t[0],t[1])===!1&&e.stopOnFalse){r=!1;break}n=!1,u&&(l?l.length&&c(l.shift()):r?u=[]:p.disable())},p={add:function(){if(u){var t=u.length;(function i(t){b.each(t,function(t,n){var r=b.type(n);"function"===r?e.unique&&p.has(n)||u.push(n):n&&n.length&&"string"!==r&&i(n)})})(arguments),n?o=u.length:r&&(s=t,c(r))}return this},remove:function(){return u&&b.each(arguments,function(e,t){var r;while((r=b.inArray(t,u,r))>-1)u.splice(r,1),n&&(o>=r&&o--,a>=r&&a--)}),this},has:function(e){return e?b.inArray(e,u)>-1:!(!u||!u.length)},empty:function(){return u=[],this},disable:function(){return u=l=r=t,this},disabled:function(){return!u},lock:function(){return l=t,r||p.disable(),this},locked:function(){return!l},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],!u||i&&!l||(n?l.push(t):c(t)),this},fire:function(){return p.fireWith(this,arguments),this},fired:function(){return!!i}};return p},b.extend({Deferred:function(e){var t=[["resolve","done",b.Callbacks("once memory"),"resolved"],["reject","fail",b.Callbacks("once memory"),"rejected"],["notify","progress",b.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return b.Deferred(function(n){b.each(t,function(t,o){var a=o[0],s=b.isFunction(e[t])&&e[t];i[o[1]](function(){var e=s&&s.apply(this,arguments);e&&b.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[a+"With"](this===r?n.promise():this,s?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?b.extend(e,r):r}},i={};return r.pipe=r.then,b.each(t,function(e,o){var a=o[2],s=o[3];r[o[1]]=a.add,s&&a.add(function(){n=s},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0]+"With"](this===i?r:this,arguments),this},i[o[0]+"With"]=a.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=h.call(arguments),r=n.length,i=1!==r||e&&b.isFunction(e.promise)?r:0,o=1===i?e:b.Deferred(),a=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?h.call(arguments):r,n===s?o.notifyWith(t,n):--i||o.resolveWith(t,n)}},s,u,l;if(r>1)for(s=Array(r),u=Array(r),l=Array(r);r>t;t++)n[t]&&b.isFunction(n[t].promise)?n[t].promise().done(a(t,l,n)).fail(o.reject).progress(a(t,u,s)):--i;return i||o.resolveWith(l,n),o.promise()}}),b.support=function(){var t,n,r,a,s,u,l,c,p,f,d=o.createElement("div");if(d.setAttribute("className","t"),d.innerHTML="
    a",n=d.getElementsByTagName("*"),r=d.getElementsByTagName("a")[0],!n||!r||!n.length)return{};s=o.createElement("select"),l=s.appendChild(o.createElement("option")),a=d.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t={getSetAttribute:"t"!==d.className,leadingWhitespace:3===d.firstChild.nodeType,tbody:!d.getElementsByTagName("tbody").length,htmlSerialize:!!d.getElementsByTagName("link").length,style:/top/.test(r.getAttribute("style")),hrefNormalized:"/a"===r.getAttribute("href"),opacity:/^0.5/.test(r.style.opacity),cssFloat:!!r.style.cssFloat,checkOn:!!a.value,optSelected:l.selected,enctype:!!o.createElement("form").enctype,html5Clone:"<:nav>"!==o.createElement("nav").cloneNode(!0).outerHTML,boxModel:"CSS1Compat"===o.compatMode,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},a.checked=!0,t.noCloneChecked=a.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!l.disabled;try{delete d.test}catch(h){t.deleteExpando=!1}a=o.createElement("input"),a.setAttribute("value",""),t.input=""===a.getAttribute("value"),a.value="t",a.setAttribute("type","radio"),t.radioValue="t"===a.value,a.setAttribute("checked","t"),a.setAttribute("name","t"),u=o.createDocumentFragment(),u.appendChild(a),t.appendChecked=a.checked,t.checkClone=u.cloneNode(!0).cloneNode(!0).lastChild.checked,d.attachEvent&&(d.attachEvent("onclick",function(){t.noCloneEvent=!1}),d.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})d.setAttribute(c="on"+f,"t"),t[f+"Bubbles"]=c in e||d.attributes[c].expando===!1;return d.style.backgroundClip="content-box",d.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===d.style.backgroundClip,b(function(){var n,r,a,s="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",u=o.getElementsByTagName("body")[0];u&&(n=o.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",u.appendChild(n).appendChild(d),d.innerHTML="
    t
    ",a=d.getElementsByTagName("td"),a[0].style.cssText="padding:0;margin:0;border:0;display:none",p=0===a[0].offsetHeight,a[0].style.display="",a[1].style.display="none",t.reliableHiddenOffsets=p&&0===a[0].offsetHeight,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",t.boxSizing=4===d.offsetWidth,t.doesNotIncludeMarginInBodyOffset=1!==u.offsetTop,e.getComputedStyle&&(t.pixelPosition="1%"!==(e.getComputedStyle(d,null)||{}).top,t.boxSizingReliable="4px"===(e.getComputedStyle(d,null)||{width:"4px"}).width,r=d.appendChild(o.createElement("div")),r.style.cssText=d.style.cssText=s,r.style.marginRight=r.style.width="0",d.style.width="1px",t.reliableMarginRight=!parseFloat((e.getComputedStyle(r,null)||{}).marginRight)),typeof d.style.zoom!==i&&(d.innerHTML="",d.style.cssText=s+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=3===d.offsetWidth,d.style.display="block",d.innerHTML="
    ",d.firstChild.style.width="5px",t.shrinkWrapBlocks=3!==d.offsetWidth,t.inlineBlockNeedsLayout&&(u.style.zoom=1)),u.removeChild(n),n=d=a=r=null)}),n=s=u=l=r=a=null,t}();var O=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,B=/([A-Z])/g;function P(e,n,r,i){if(b.acceptData(e)){var o,a,s=b.expando,u="string"==typeof n,l=e.nodeType,p=l?b.cache:e,f=l?e[s]:e[s]&&s;if(f&&p[f]&&(i||p[f].data)||!u||r!==t)return f||(l?e[s]=f=c.pop()||b.guid++:f=s),p[f]||(p[f]={},l||(p[f].toJSON=b.noop)),("object"==typeof n||"function"==typeof n)&&(i?p[f]=b.extend(p[f],n):p[f].data=b.extend(p[f].data,n)),o=p[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[b.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[b.camelCase(n)])):a=o,a}}function R(e,t,n){if(b.acceptData(e)){var r,i,o,a=e.nodeType,s=a?b.cache:e,u=a?e[b.expando]:b.expando;if(s[u]){if(t&&(o=n?s[u]:s[u].data)){b.isArray(t)?t=t.concat(b.map(t,b.camelCase)):t in o?t=[t]:(t=b.camelCase(t),t=t in o?[t]:t.split(" "));for(r=0,i=t.length;i>r;r++)delete o[t[r]];if(!(n?$:b.isEmptyObject)(o))return}(n||(delete s[u].data,$(s[u])))&&(a?b.cleanData([e],!0):b.support.deleteExpando||s!=s.window?delete s[u]:s[u]=null)}}}b.extend({cache:{},expando:"jQuery"+(p+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?b.cache[e[b.expando]]:e[b.expando],!!e&&!$(e)},data:function(e,t,n){return P(e,t,n)},removeData:function(e,t){return R(e,t)},_data:function(e,t,n){return P(e,t,n,!0)},_removeData:function(e,t){return R(e,t,!0)},acceptData:function(e){if(e.nodeType&&1!==e.nodeType&&9!==e.nodeType)return!1;var t=e.nodeName&&b.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),b.fn.extend({data:function(e,n){var r,i,o=this[0],a=0,s=null;if(e===t){if(this.length&&(s=b.data(o),1===o.nodeType&&!b._data(o,"parsedAttrs"))){for(r=o.attributes;r.length>a;a++)i=r[a].name,i.indexOf("data-")||(i=b.camelCase(i.slice(5)),W(o,i,s[i]));b._data(o,"parsedAttrs",!0)}return s}return"object"==typeof e?this.each(function(){b.data(this,e)}):b.access(this,function(n){return n===t?o?W(o,e,b.data(o,e)):null:(this.each(function(){b.data(this,e,n)}),t)},null,n,arguments.length>1,null,!0)},removeData:function(e){return this.each(function(){b.removeData(this,e)})}});function W(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(B,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null:+r+""===r?+r:O.test(r)?b.parseJSON(r):r}catch(o){}b.data(e,n,r)}else r=t}return r}function $(e){var t;for(t in e)if(("data"!==t||!b.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}b.extend({queue:function(e,n,r){var i;return e?(n=(n||"fx")+"queue",i=b._data(e,n),r&&(!i||b.isArray(r)?i=b._data(e,n,b.makeArray(r)):i.push(r)),i||[]):t},dequeue:function(e,t){t=t||"fx";var n=b.queue(e,t),r=n.length,i=n.shift(),o=b._queueHooks(e,t),a=function(){b.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),o.cur=i,i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return b._data(e,n)||b._data(e,n,{empty:b.Callbacks("once memory").add(function(){b._removeData(e,t+"queue"),b._removeData(e,n)})})}}),b.fn.extend({queue:function(e,n){var r=2;return"string"!=typeof e&&(n=e,e="fx",r--),r>arguments.length?b.queue(this[0],e):n===t?this:this.each(function(){var t=b.queue(this,e,n);b._queueHooks(this,e),"fx"===e&&"inprogress"!==t[0]&&b.dequeue(this,e)})},dequeue:function(e){return this.each(function(){b.dequeue(this,e)})},delay:function(e,t){return e=b.fx?b.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,o=b.Deferred(),a=this,s=this.length,u=function(){--i||o.resolveWith(a,[a])};"string"!=typeof e&&(n=e,e=t),e=e||"fx";while(s--)r=b._data(a[s],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(u));return u(),o.promise(n)}});var I,z,X=/[\t\r\n]/g,U=/\r/g,V=/^(?:input|select|textarea|button|object)$/i,Y=/^(?:a|area)$/i,J=/^(?:checked|selected|autofocus|autoplay|async|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped)$/i,G=/^(?:checked|selected)$/i,Q=b.support.getSetAttribute,K=b.support.input;b.fn.extend({attr:function(e,t){return b.access(this,b.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){b.removeAttr(this,e)})},prop:function(e,t){return b.access(this,b.prop,e,t,arguments.length>1)},removeProp:function(e){return e=b.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,o,a=0,s=this.length,u="string"==typeof e&&e;if(b.isFunction(e))return this.each(function(t){b(this).addClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(X," "):" ")){o=0;while(i=t[o++])0>r.indexOf(" "+i+" ")&&(r+=i+" ");n.className=b.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,a=0,s=this.length,u=0===arguments.length||"string"==typeof e&&e;if(b.isFunction(e))return this.each(function(t){b(this).removeClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(w)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(X," "):"")){o=0;while(i=t[o++])while(r.indexOf(" "+i+" ")>=0)r=r.replace(" "+i+" "," ");n.className=e?b.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e,r="boolean"==typeof t;return b.isFunction(e)?this.each(function(n){b(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n){var o,a=0,s=b(this),u=t,l=e.match(w)||[];while(o=l[a++])u=r?u:!s.hasClass(o),s[u?"addClass":"removeClass"](o)}else(n===i||"boolean"===n)&&(this.className&&b._data(this,"__className__",this.className),this.className=this.className||e===!1?"":b._data(this,"__className__")||"")})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;r>n;n++)if(1===this[n].nodeType&&(" "+this[n].className+" ").replace(X," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,o=this[0];{if(arguments.length)return i=b.isFunction(e),this.each(function(n){var o,a=b(this);1===this.nodeType&&(o=i?e.call(this,n,a.val()):e,null==o?o="":"number"==typeof o?o+="":b.isArray(o)&&(o=b.map(o,function(e){return null==e?"":e+""})),r=b.valHooks[this.type]||b.valHooks[this.nodeName.toLowerCase()],r&&"set"in r&&r.set(this,o,"value")!==t||(this.value=o))});if(o)return r=b.valHooks[o.type]||b.valHooks[o.nodeName.toLowerCase()],r&&"get"in r&&(n=r.get(o,"value"))!==t?n:(n=o.value,"string"==typeof n?n.replace(U,""):null==n?"":n)}}}),b.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,a=o?null:[],s=o?i+1:r.length,u=0>i?s:o?i:0;for(;s>u;u++)if(n=r[u],!(!n.selected&&u!==i||(b.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&b.nodeName(n.parentNode,"optgroup"))){if(t=b(n).val(),o)return t;a.push(t)}return a},set:function(e,t){var n=b.makeArray(t);return b(e).find("option").each(function(){this.selected=b.inArray(b(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attr:function(e,n,r){var o,a,s,u=e.nodeType;if(e&&3!==u&&8!==u&&2!==u)return typeof e.getAttribute===i?b.prop(e,n,r):(a=1!==u||!b.isXMLDoc(e),a&&(n=n.toLowerCase(),o=b.attrHooks[n]||(J.test(n)?z:I)),r===t?o&&a&&"get"in o&&null!==(s=o.get(e,n))?s:(typeof e.getAttribute!==i&&(s=e.getAttribute(n)),null==s?t:s):null!==r?o&&a&&"set"in o&&(s=o.set(e,r,n))!==t?s:(e.setAttribute(n,r+""),r):(b.removeAttr(e,n),t))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(w);if(o&&1===e.nodeType)while(n=o[i++])r=b.propFix[n]||n,J.test(n)?!Q&&G.test(n)?e[b.camelCase("default-"+n)]=e[r]=!1:e[r]=!1:b.attr(e,n,""),e.removeAttribute(Q?n:r)},attrHooks:{type:{set:function(e,t){if(!b.support.radioValue&&"radio"===t&&b.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return a=1!==s||!b.isXMLDoc(e),a&&(n=b.propFix[n]||n,o=b.propHooks[n]),r!==t?o&&"set"in o&&(i=o.set(e,r,n))!==t?i:e[n]=r:o&&"get"in o&&null!==(i=o.get(e,n))?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):V.test(e.nodeName)||Y.test(e.nodeName)&&e.href?0:t}}}}),z={get:function(e,n){var r=b.prop(e,n),i="boolean"==typeof r&&e.getAttribute(n),o="boolean"==typeof r?K&&Q?null!=i:G.test(n)?e[b.camelCase("default-"+n)]:!!i:e.getAttributeNode(n);return o&&o.value!==!1?n.toLowerCase():t},set:function(e,t,n){return t===!1?b.removeAttr(e,n):K&&Q||!G.test(n)?e.setAttribute(!Q&&b.propFix[n]||n,n):e[b.camelCase("default-"+n)]=e[n]=!0,n}},K&&Q||(b.attrHooks.value={get:function(e,n){var r=e.getAttributeNode(n);return b.nodeName(e,"input")?e.defaultValue:r&&r.specified?r.value:t},set:function(e,n,r){return b.nodeName(e,"input")?(e.defaultValue=n,t):I&&I.set(e,n,r)}}),Q||(I=b.valHooks.button={get:function(e,n){var r=e.getAttributeNode(n);return r&&("id"===n||"name"===n||"coords"===n?""!==r.value:r.specified)?r.value:t},set:function(e,n,r){var i=e.getAttributeNode(r);return i||e.setAttributeNode(i=e.ownerDocument.createAttribute(r)),i.value=n+="","value"===r||n===e.getAttribute(r)?n:t}},b.attrHooks.contenteditable={get:I.get,set:function(e,t,n){I.set(e,""===t?!1:t,n)}},b.each(["width","height"],function(e,n){b.attrHooks[n]=b.extend(b.attrHooks[n],{set:function(e,r){return""===r?(e.setAttribute(n,"auto"),r):t}})})),b.support.hrefNormalized||(b.each(["href","src","width","height"],function(e,n){b.attrHooks[n]=b.extend(b.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return null==r?t:r}})}),b.each(["href","src"],function(e,t){b.propHooks[t]={get:function(e){return e.getAttribute(t,4)}}})),b.support.style||(b.attrHooks.style={get:function(e){return e.style.cssText||t},set:function(e,t){return e.style.cssText=t+""}}),b.support.optSelected||(b.propHooks.selected=b.extend(b.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),b.support.enctype||(b.propFix.enctype="encoding"),b.support.checkOn||b.each(["radio","checkbox"],function(){b.valHooks[this]={get:function(e){return null===e.getAttribute("value")?"on":e.value}}}),b.each(["radio","checkbox"],function(){b.valHooks[this]=b.extend(b.valHooks[this],{set:function(e,n){return b.isArray(n)?e.checked=b.inArray(b(e).val(),n)>=0:t}})});var Z=/^(?:input|select|textarea)$/i,et=/^key/,tt=/^(?:mouse|contextmenu)|click/,nt=/^(?:focusinfocus|focusoutblur)$/,rt=/^([^.]*)(?:\.(.+)|)$/;function it(){return!0}function ot(){return!1}b.event={global:{},add:function(e,n,r,o,a){var s,u,l,c,p,f,d,h,g,m,y,v=b._data(e);if(v){r.handler&&(c=r,r=c.handler,a=c.selector),r.guid||(r.guid=b.guid++),(u=v.events)||(u=v.events={}),(f=v.handle)||(f=v.handle=function(e){return typeof b===i||e&&b.event.triggered===e.type?t:b.event.dispatch.apply(f.elem,arguments)},f.elem=e),n=(n||"").match(w)||[""],l=n.length;while(l--)s=rt.exec(n[l])||[],g=y=s[1],m=(s[2]||"").split(".").sort(),p=b.event.special[g]||{},g=(a?p.delegateType:p.bindType)||g,p=b.event.special[g]||{},d=b.extend({type:g,origType:y,data:o,handler:r,guid:r.guid,selector:a,needsContext:a&&b.expr.match.needsContext.test(a),namespace:m.join(".")},c),(h=u[g])||(h=u[g]=[],h.delegateCount=0,p.setup&&p.setup.call(e,o,m,f)!==!1||(e.addEventListener?e.addEventListener(g,f,!1):e.attachEvent&&e.attachEvent("on"+g,f))),p.add&&(p.add.call(e,d),d.handler.guid||(d.handler.guid=r.guid)),a?h.splice(h.delegateCount++,0,d):h.push(d),b.event.global[g]=!0;e=null}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,p,f,d,h,g,m=b.hasData(e)&&b._data(e);if(m&&(c=m.events)){t=(t||"").match(w)||[""],l=t.length;while(l--)if(s=rt.exec(t[l])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){p=b.event.special[d]||{},d=(r?p.delegateType:p.bindType)||d,f=c[d]||[],s=s[2]&&RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),u=o=f.length;while(o--)a=f[o],!i&&g!==a.origType||n&&n.guid!==a.guid||s&&!s.test(a.namespace)||r&&r!==a.selector&&("**"!==r||!a.selector)||(f.splice(o,1),a.selector&&f.delegateCount--,p.remove&&p.remove.call(e,a));u&&!f.length&&(p.teardown&&p.teardown.call(e,h,m.handle)!==!1||b.removeEvent(e,d,m.handle),delete c[d])}else for(d in c)b.event.remove(e,d+t[l],n,r,!0);b.isEmptyObject(c)&&(delete m.handle,b._removeData(e,"events"))}},trigger:function(n,r,i,a){var s,u,l,c,p,f,d,h=[i||o],g=y.call(n,"type")?n.type:n,m=y.call(n,"namespace")?n.namespace.split("."):[];if(l=f=i=i||o,3!==i.nodeType&&8!==i.nodeType&&!nt.test(g+b.event.triggered)&&(g.indexOf(".")>=0&&(m=g.split("."),g=m.shift(),m.sort()),u=0>g.indexOf(":")&&"on"+g,n=n[b.expando]?n:new b.Event(g,"object"==typeof n&&n),n.isTrigger=!0,n.namespace=m.join("."),n.namespace_re=n.namespace?RegExp("(^|\\.)"+m.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,n.result=t,n.target||(n.target=i),r=null==r?[n]:b.makeArray(r,[n]),p=b.event.special[g]||{},a||!p.trigger||p.trigger.apply(i,r)!==!1)){if(!a&&!p.noBubble&&!b.isWindow(i)){for(c=p.delegateType||g,nt.test(c+g)||(l=l.parentNode);l;l=l.parentNode)h.push(l),f=l;f===(i.ownerDocument||o)&&h.push(f.defaultView||f.parentWindow||e)}d=0;while((l=h[d++])&&!n.isPropagationStopped())n.type=d>1?c:p.bindType||g,s=(b._data(l,"events")||{})[n.type]&&b._data(l,"handle"),s&&s.apply(l,r),s=u&&l[u],s&&b.acceptData(l)&&s.apply&&s.apply(l,r)===!1&&n.preventDefault();if(n.type=g,!(a||n.isDefaultPrevented()||p._default&&p._default.apply(i.ownerDocument,r)!==!1||"click"===g&&b.nodeName(i,"a")||!b.acceptData(i)||!u||!i[g]||b.isWindow(i))){f=i[u],f&&(i[u]=null),b.event.triggered=g;try{i[g]()}catch(v){}b.event.triggered=t,f&&(i[u]=f)}return n.result}},dispatch:function(e){e=b.event.fix(e);var n,r,i,o,a,s=[],u=h.call(arguments),l=(b._data(this,"events")||{})[e.type]||[],c=b.event.special[e.type]||{};if(u[0]=e,e.delegateTarget=this,!c.preDispatch||c.preDispatch.call(this,e)!==!1){s=b.event.handlers.call(this,e,l),n=0;while((o=s[n++])&&!e.isPropagationStopped()){e.currentTarget=o.elem,a=0;while((i=o.handlers[a++])&&!e.isImmediatePropagationStopped())(!e.namespace_re||e.namespace_re.test(i.namespace))&&(e.handleObj=i,e.data=i.data,r=((b.event.special[i.origType]||{}).handle||i.handler).apply(o.elem,u),r!==t&&(e.result=r)===!1&&(e.preventDefault(),e.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,e),e.result}},handlers:function(e,n){var r,i,o,a,s=[],u=n.delegateCount,l=e.target;if(u&&l.nodeType&&(!e.button||"click"!==e.type))for(;l!=this;l=l.parentNode||this)if(1===l.nodeType&&(l.disabled!==!0||"click"!==e.type)){for(o=[],a=0;u>a;a++)i=n[a],r=i.selector+" ",o[r]===t&&(o[r]=i.needsContext?b(r,this).index(l)>=0:b.find(r,this,null,[l]).length),o[r]&&o.push(i);o.length&&s.push({elem:l,handlers:o})}return n.length>u&&s.push({elem:this,handlers:n.slice(u)}),s},fix:function(e){if(e[b.expando])return e;var t,n,r,i=e.type,a=e,s=this.fixHooks[i];s||(this.fixHooks[i]=s=tt.test(i)?this.mouseHooks:et.test(i)?this.keyHooks:{}),r=s.props?this.props.concat(s.props):this.props,e=new b.Event(a),t=r.length;while(t--)n=r[t],e[n]=a[n];return e.target||(e.target=a.srcElement||o),3===e.target.nodeType&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,a):e},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,i,a,s=n.button,u=n.fromElement;return null==e.pageX&&null!=n.clientX&&(i=e.target.ownerDocument||o,a=i.documentElement,r=i.body,e.pageX=n.clientX+(a&&a.scrollLeft||r&&r.scrollLeft||0)-(a&&a.clientLeft||r&&r.clientLeft||0),e.pageY=n.clientY+(a&&a.scrollTop||r&&r.scrollTop||0)-(a&&a.clientTop||r&&r.clientTop||0)),!e.relatedTarget&&u&&(e.relatedTarget=u===e.target?n.toElement:u),e.which||s===t||(e.which=1&s?1:2&s?3:4&s?2:0),e}},special:{load:{noBubble:!0},click:{trigger:function(){return b.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):t}},focus:{trigger:function(){if(this!==o.activeElement&&this.focus)try{return this.focus(),!1}catch(e){}},delegateType:"focusin"},blur:{trigger:function(){return this===o.activeElement&&this.blur?(this.blur(),!1):t},delegateType:"focusout"},beforeunload:{postDispatch:function(e){e.result!==t&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=b.extend(new b.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?b.event.trigger(i,null,t):b.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},b.removeEvent=o.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]===i&&(e[r]=null),e.detachEvent(r,n))},b.Event=function(e,n){return this instanceof b.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?it:ot):this.type=e,n&&b.extend(this,n),this.timeStamp=e&&e.timeStamp||b.now(),this[b.expando]=!0,t):new b.Event(e,n)},b.Event.prototype={isDefaultPrevented:ot,isPropagationStopped:ot,isImmediatePropagationStopped:ot,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=it,e&&(e.preventDefault?e.preventDefault():e.returnValue=!1)},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=it,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=it,this.stopPropagation()}},b.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){b.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj; - return(!i||i!==r&&!b.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),b.support.submitBubbles||(b.event.special.submit={setup:function(){return b.nodeName(this,"form")?!1:(b.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=b.nodeName(n,"input")||b.nodeName(n,"button")?n.form:t;r&&!b._data(r,"submitBubbles")&&(b.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),b._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&b.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){return b.nodeName(this,"form")?!1:(b.event.remove(this,"._submit"),t)}}),b.support.changeBubbles||(b.event.special.change={setup:function(){return Z.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(b.event.add(this,"propertychange._change",function(e){"checked"===e.originalEvent.propertyName&&(this._just_changed=!0)}),b.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),b.event.simulate("change",this,e,!0)})),!1):(b.event.add(this,"beforeactivate._change",function(e){var t=e.target;Z.test(t.nodeName)&&!b._data(t,"changeBubbles")&&(b.event.add(t,"change._change",function(e){!this.parentNode||e.isSimulated||e.isTrigger||b.event.simulate("change",this.parentNode,e,!0)}),b._data(t,"changeBubbles",!0))}),t)},handle:function(e){var n=e.target;return this!==n||e.isSimulated||e.isTrigger||"radio"!==n.type&&"checkbox"!==n.type?e.handleObj.handler.apply(this,arguments):t},teardown:function(){return b.event.remove(this,"._change"),!Z.test(this.nodeName)}}),b.support.focusinBubbles||b.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){b.event.simulate(t,e.target,b.event.fix(e),!0)};b.event.special[t]={setup:function(){0===n++&&o.addEventListener(e,r,!0)},teardown:function(){0===--n&&o.removeEventListener(e,r,!0)}}}),b.fn.extend({on:function(e,n,r,i,o){var a,s;if("object"==typeof e){"string"!=typeof n&&(r=r||n,n=t);for(a in e)this.on(a,n,r,e[a],o);return this}if(null==r&&null==i?(i=n,r=n=t):null==i&&("string"==typeof n?(i=r,r=t):(i=r,r=n,n=t)),i===!1)i=ot;else if(!i)return this;return 1===o&&(s=i,i=function(e){return b().off(e),s.apply(this,arguments)},i.guid=s.guid||(s.guid=b.guid++)),this.each(function(){b.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,o;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,b(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if("object"==typeof e){for(o in e)this.off(o,n,e[o]);return this}return(n===!1||"function"==typeof n)&&(r=n,n=t),r===!1&&(r=ot),this.each(function(){b.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){b.event.trigger(e,t,this)})},triggerHandler:function(e,n){var r=this[0];return r?b.event.trigger(e,n,r,!0):t}}),function(e,t){var n,r,i,o,a,s,u,l,c,p,f,d,h,g,m,y,v,x="sizzle"+-new Date,w=e.document,T={},N=0,C=0,k=it(),E=it(),S=it(),A=typeof t,j=1<<31,D=[],L=D.pop,H=D.push,q=D.slice,M=D.indexOf||function(e){var t=0,n=this.length;for(;n>t;t++)if(this[t]===e)return t;return-1},_="[\\x20\\t\\r\\n\\f]",F="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",O=F.replace("w","w#"),B="([*^$|!~]?=)",P="\\["+_+"*("+F+")"+_+"*(?:"+B+_+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+O+")|)|)"+_+"*\\]",R=":("+F+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+P.replace(3,8)+")*)|.*)\\)|)",W=RegExp("^"+_+"+|((?:^|[^\\\\])(?:\\\\.)*)"+_+"+$","g"),$=RegExp("^"+_+"*,"+_+"*"),I=RegExp("^"+_+"*([\\x20\\t\\r\\n\\f>+~])"+_+"*"),z=RegExp(R),X=RegExp("^"+O+"$"),U={ID:RegExp("^#("+F+")"),CLASS:RegExp("^\\.("+F+")"),NAME:RegExp("^\\[name=['\"]?("+F+")['\"]?\\]"),TAG:RegExp("^("+F.replace("w","w*")+")"),ATTR:RegExp("^"+P),PSEUDO:RegExp("^"+R),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+_+"*(even|odd|(([+-]|)(\\d*)n|)"+_+"*(?:([+-]|)"+_+"*(\\d+)|))"+_+"*\\)|)","i"),needsContext:RegExp("^"+_+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+_+"*((?:-\\d)?\\d*)"+_+"*\\)|)(?=[^-]|$)","i")},V=/[\x20\t\r\n\f]*[+~]/,Y=/^[^{]+\{\s*\[native code/,J=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,G=/^(?:input|select|textarea|button)$/i,Q=/^h\d$/i,K=/'|\\/g,Z=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,et=/\\([\da-fA-F]{1,6}[\x20\t\r\n\f]?|.)/g,tt=function(e,t){var n="0x"+t-65536;return n!==n?t:0>n?String.fromCharCode(n+65536):String.fromCharCode(55296|n>>10,56320|1023&n)};try{q.call(w.documentElement.childNodes,0)[0].nodeType}catch(nt){q=function(e){var t,n=[];while(t=this[e++])n.push(t);return n}}function rt(e){return Y.test(e+"")}function it(){var e,t=[];return e=function(n,r){return t.push(n+=" ")>i.cacheLength&&delete e[t.shift()],e[n]=r}}function ot(e){return e[x]=!0,e}function at(e){var t=p.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}}function st(e,t,n,r){var i,o,a,s,u,l,f,g,m,v;if((t?t.ownerDocument||t:w)!==p&&c(t),t=t||p,n=n||[],!e||"string"!=typeof e)return n;if(1!==(s=t.nodeType)&&9!==s)return[];if(!d&&!r){if(i=J.exec(e))if(a=i[1]){if(9===s){if(o=t.getElementById(a),!o||!o.parentNode)return n;if(o.id===a)return n.push(o),n}else if(t.ownerDocument&&(o=t.ownerDocument.getElementById(a))&&y(t,o)&&o.id===a)return n.push(o),n}else{if(i[2])return H.apply(n,q.call(t.getElementsByTagName(e),0)),n;if((a=i[3])&&T.getByClassName&&t.getElementsByClassName)return H.apply(n,q.call(t.getElementsByClassName(a),0)),n}if(T.qsa&&!h.test(e)){if(f=!0,g=x,m=t,v=9===s&&e,1===s&&"object"!==t.nodeName.toLowerCase()){l=ft(e),(f=t.getAttribute("id"))?g=f.replace(K,"\\$&"):t.setAttribute("id",g),g="[id='"+g+"'] ",u=l.length;while(u--)l[u]=g+dt(l[u]);m=V.test(e)&&t.parentNode||t,v=l.join(",")}if(v)try{return H.apply(n,q.call(m.querySelectorAll(v),0)),n}catch(b){}finally{f||t.removeAttribute("id")}}}return wt(e.replace(W,"$1"),t,n,r)}a=st.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},c=st.setDocument=function(e){var n=e?e.ownerDocument||e:w;return n!==p&&9===n.nodeType&&n.documentElement?(p=n,f=n.documentElement,d=a(n),T.tagNameNoComments=at(function(e){return e.appendChild(n.createComment("")),!e.getElementsByTagName("*").length}),T.attributes=at(function(e){e.innerHTML="";var t=typeof e.lastChild.getAttribute("multiple");return"boolean"!==t&&"string"!==t}),T.getByClassName=at(function(e){return e.innerHTML="",e.getElementsByClassName&&e.getElementsByClassName("e").length?(e.lastChild.className="e",2===e.getElementsByClassName("e").length):!1}),T.getByName=at(function(e){e.id=x+0,e.innerHTML="
    ",f.insertBefore(e,f.firstChild);var t=n.getElementsByName&&n.getElementsByName(x).length===2+n.getElementsByName(x+0).length;return T.getIdNotName=!n.getElementById(x),f.removeChild(e),t}),i.attrHandle=at(function(e){return e.innerHTML="",e.firstChild&&typeof e.firstChild.getAttribute!==A&&"#"===e.firstChild.getAttribute("href")})?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},T.getIdNotName?(i.find.ID=function(e,t){if(typeof t.getElementById!==A&&!d){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},i.filter.ID=function(e){var t=e.replace(et,tt);return function(e){return e.getAttribute("id")===t}}):(i.find.ID=function(e,n){if(typeof n.getElementById!==A&&!d){var r=n.getElementById(e);return r?r.id===e||typeof r.getAttributeNode!==A&&r.getAttributeNode("id").value===e?[r]:t:[]}},i.filter.ID=function(e){var t=e.replace(et,tt);return function(e){var n=typeof e.getAttributeNode!==A&&e.getAttributeNode("id");return n&&n.value===t}}),i.find.TAG=T.tagNameNoComments?function(e,n){return typeof n.getElementsByTagName!==A?n.getElementsByTagName(e):t}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},i.find.NAME=T.getByName&&function(e,n){return typeof n.getElementsByName!==A?n.getElementsByName(name):t},i.find.CLASS=T.getByClassName&&function(e,n){return typeof n.getElementsByClassName===A||d?t:n.getElementsByClassName(e)},g=[],h=[":focus"],(T.qsa=rt(n.querySelectorAll))&&(at(function(e){e.innerHTML="",e.querySelectorAll("[selected]").length||h.push("\\["+_+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||h.push(":checked")}),at(function(e){e.innerHTML="",e.querySelectorAll("[i^='']").length&&h.push("[*^$]="+_+"*(?:\"\"|'')"),e.querySelectorAll(":enabled").length||h.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),h.push(",.*:")})),(T.matchesSelector=rt(m=f.matchesSelector||f.mozMatchesSelector||f.webkitMatchesSelector||f.oMatchesSelector||f.msMatchesSelector))&&at(function(e){T.disconnectedMatch=m.call(e,"div"),m.call(e,"[s!='']:x"),g.push("!=",R)}),h=RegExp(h.join("|")),g=RegExp(g.join("|")),y=rt(f.contains)||f.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},v=f.compareDocumentPosition?function(e,t){var r;return e===t?(u=!0,0):(r=t.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(t))?1&r||e.parentNode&&11===e.parentNode.nodeType?e===n||y(w,e)?-1:t===n||y(w,t)?1:0:4&r?-1:1:e.compareDocumentPosition?-1:1}:function(e,t){var r,i=0,o=e.parentNode,a=t.parentNode,s=[e],l=[t];if(e===t)return u=!0,0;if(!o||!a)return e===n?-1:t===n?1:o?-1:a?1:0;if(o===a)return ut(e,t);r=e;while(r=r.parentNode)s.unshift(r);r=t;while(r=r.parentNode)l.unshift(r);while(s[i]===l[i])i++;return i?ut(s[i],l[i]):s[i]===w?-1:l[i]===w?1:0},u=!1,[0,0].sort(v),T.detectDuplicates=u,p):p},st.matches=function(e,t){return st(e,null,null,t)},st.matchesSelector=function(e,t){if((e.ownerDocument||e)!==p&&c(e),t=t.replace(Z,"='$1']"),!(!T.matchesSelector||d||g&&g.test(t)||h.test(t)))try{var n=m.call(e,t);if(n||T.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(r){}return st(t,p,null,[e]).length>0},st.contains=function(e,t){return(e.ownerDocument||e)!==p&&c(e),y(e,t)},st.attr=function(e,t){var n;return(e.ownerDocument||e)!==p&&c(e),d||(t=t.toLowerCase()),(n=i.attrHandle[t])?n(e):d||T.attributes?e.getAttribute(t):((n=e.getAttributeNode(t))||e.getAttribute(t))&&e[t]===!0?t:n&&n.specified?n.value:null},st.error=function(e){throw Error("Syntax error, unrecognized expression: "+e)},st.uniqueSort=function(e){var t,n=[],r=1,i=0;if(u=!T.detectDuplicates,e.sort(v),u){for(;t=e[r];r++)t===e[r-1]&&(i=n.push(r));while(i--)e.splice(n[i],1)}return e};function ut(e,t){var n=t&&e,r=n&&(~t.sourceIndex||j)-(~e.sourceIndex||j);if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function lt(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function ct(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function pt(e){return ot(function(t){return t=+t,ot(function(n,r){var i,o=e([],n.length,t),a=o.length;while(a--)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}o=st.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=o(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r++)n+=o(t);return n},i=st.selectors={cacheLength:50,createPseudo:ot,match:U,find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(et,tt),e[3]=(e[4]||e[5]||"").replace(et,tt),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||st.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&st.error(e[0]),e},PSEUDO:function(e){var t,n=!e[5]&&e[2];return U.CHILD.test(e[0])?null:(e[4]?e[2]=e[4]:n&&z.test(n)&&(t=ft(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){return"*"===e?function(){return!0}:(e=e.replace(et,tt).toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=k[e+" "];return t||(t=RegExp("(^|"+_+")"+e+"("+_+"|$)"))&&k(e,function(e){return t.test(e.className||typeof e.getAttribute!==A&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=st.attr(r,e);return null==i?"!="===t:t?(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i+" ").indexOf(n)>-1:"|="===t?i===n||i.slice(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,u){var l,c,p,f,d,h,g=o!==a?"nextSibling":"previousSibling",m=t.parentNode,y=s&&t.nodeName.toLowerCase(),v=!u&&!s;if(m){if(o){while(g){p=t;while(p=p[g])if(s?p.nodeName.toLowerCase()===y:1===p.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?m.firstChild:m.lastChild],a&&v){c=m[x]||(m[x]={}),l=c[e]||[],d=l[0]===N&&l[1],f=l[0]===N&&l[2],p=d&&m.childNodes[d];while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if(1===p.nodeType&&++f&&p===t){c[e]=[N,d,f];break}}else if(v&&(l=(t[x]||(t[x]={}))[e])&&l[0]===N)f=l[1];else while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if((s?p.nodeName.toLowerCase()===y:1===p.nodeType)&&++f&&(v&&((p[x]||(p[x]={}))[e]=[N,f]),p===t))break;return f-=i,f===r||0===f%r&&f/r>=0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||st.error("unsupported pseudo: "+e);return r[x]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?ot(function(e,n){var i,o=r(e,t),a=o.length;while(a--)i=M.call(e,o[a]),e[i]=!(n[i]=o[a])}):function(e){return r(e,0,n)}):r}},pseudos:{not:ot(function(e){var t=[],n=[],r=s(e.replace(W,"$1"));return r[x]?ot(function(e,t,n,i){var o,a=r(e,null,i,[]),s=e.length;while(s--)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:ot(function(e){return function(t){return st(e,t).length>0}}),contains:ot(function(e){return function(t){return(t.textContent||t.innerText||o(t)).indexOf(e)>-1}}),lang:ot(function(e){return X.test(e||"")||st.error("unsupported lang: "+e),e=e.replace(et,tt).toLowerCase(),function(t){var n;do if(n=d?t.getAttribute("xml:lang")||t.getAttribute("lang"):t.lang)return n=n.toLowerCase(),n===e||0===n.indexOf(e+"-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===f},focus:function(e){return e===p.activeElement&&(!p.hasFocus||p.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!i.pseudos.empty(e)},header:function(e){return Q.test(e.nodeName)},input:function(e){return G.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:pt(function(){return[0]}),last:pt(function(e,t){return[t-1]}),eq:pt(function(e,t,n){return[0>n?n+t:n]}),even:pt(function(e,t){var n=0;for(;t>n;n+=2)e.push(n);return e}),odd:pt(function(e,t){var n=1;for(;t>n;n+=2)e.push(n);return e}),lt:pt(function(e,t,n){var r=0>n?n+t:n;for(;--r>=0;)e.push(r);return e}),gt:pt(function(e,t,n){var r=0>n?n+t:n;for(;t>++r;)e.push(r);return e})}};for(n in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})i.pseudos[n]=lt(n);for(n in{submit:!0,reset:!0})i.pseudos[n]=ct(n);function ft(e,t){var n,r,o,a,s,u,l,c=E[e+" "];if(c)return t?0:c.slice(0);s=e,u=[],l=i.preFilter;while(s){(!n||(r=$.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),u.push(o=[])),n=!1,(r=I.exec(s))&&(n=r.shift(),o.push({value:n,type:r[0].replace(W," ")}),s=s.slice(n.length));for(a in i.filter)!(r=U[a].exec(s))||l[a]&&!(r=l[a](r))||(n=r.shift(),o.push({value:n,type:a,matches:r}),s=s.slice(n.length));if(!n)break}return t?s.length:s?st.error(e):E(e,u).slice(0)}function dt(e){var t=0,n=e.length,r="";for(;n>t;t++)r+=e[t].value;return r}function ht(e,t,n){var i=t.dir,o=n&&"parentNode"===i,a=C++;return t.first?function(t,n,r){while(t=t[i])if(1===t.nodeType||o)return e(t,n,r)}:function(t,n,s){var u,l,c,p=N+" "+a;if(s){while(t=t[i])if((1===t.nodeType||o)&&e(t,n,s))return!0}else while(t=t[i])if(1===t.nodeType||o)if(c=t[x]||(t[x]={}),(l=c[i])&&l[0]===p){if((u=l[1])===!0||u===r)return u===!0}else if(l=c[i]=[p],l[1]=e(t,n,s)||r,l[1]===!0)return!0}}function gt(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function mt(e,t,n,r,i){var o,a=[],s=0,u=e.length,l=null!=t;for(;u>s;s++)(o=e[s])&&(!n||n(o,r,i))&&(a.push(o),l&&t.push(s));return a}function yt(e,t,n,r,i,o){return r&&!r[x]&&(r=yt(r)),i&&!i[x]&&(i=yt(i,o)),ot(function(o,a,s,u){var l,c,p,f=[],d=[],h=a.length,g=o||xt(t||"*",s.nodeType?[s]:s,[]),m=!e||!o&&t?g:mt(g,f,e,s,u),y=n?i||(o?e:h||r)?[]:a:m;if(n&&n(m,y,s,u),r){l=mt(y,d),r(l,[],s,u),c=l.length;while(c--)(p=l[c])&&(y[d[c]]=!(m[d[c]]=p))}if(o){if(i||e){if(i){l=[],c=y.length;while(c--)(p=y[c])&&l.push(m[c]=p);i(null,y=[],l,u)}c=y.length;while(c--)(p=y[c])&&(l=i?M.call(o,p):f[c])>-1&&(o[l]=!(a[l]=p))}}else y=mt(y===a?y.splice(h,y.length):y),i?i(null,a,y,u):H.apply(a,y)})}function vt(e){var t,n,r,o=e.length,a=i.relative[e[0].type],s=a||i.relative[" "],u=a?1:0,c=ht(function(e){return e===t},s,!0),p=ht(function(e){return M.call(t,e)>-1},s,!0),f=[function(e,n,r){return!a&&(r||n!==l)||((t=n).nodeType?c(e,n,r):p(e,n,r))}];for(;o>u;u++)if(n=i.relative[e[u].type])f=[ht(gt(f),n)];else{if(n=i.filter[e[u].type].apply(null,e[u].matches),n[x]){for(r=++u;o>r;r++)if(i.relative[e[r].type])break;return yt(u>1&>(f),u>1&&dt(e.slice(0,u-1)).replace(W,"$1"),n,r>u&&vt(e.slice(u,r)),o>r&&vt(e=e.slice(r)),o>r&&dt(e))}f.push(n)}return gt(f)}function bt(e,t){var n=0,o=t.length>0,a=e.length>0,s=function(s,u,c,f,d){var h,g,m,y=[],v=0,b="0",x=s&&[],w=null!=d,T=l,C=s||a&&i.find.TAG("*",d&&u.parentNode||u),k=N+=null==T?1:Math.random()||.1;for(w&&(l=u!==p&&u,r=n);null!=(h=C[b]);b++){if(a&&h){g=0;while(m=e[g++])if(m(h,u,c)){f.push(h);break}w&&(N=k,r=++n)}o&&((h=!m&&h)&&v--,s&&x.push(h))}if(v+=b,o&&b!==v){g=0;while(m=t[g++])m(x,y,u,c);if(s){if(v>0)while(b--)x[b]||y[b]||(y[b]=L.call(f));y=mt(y)}H.apply(f,y),w&&!s&&y.length>0&&v+t.length>1&&st.uniqueSort(f)}return w&&(N=k,l=T),x};return o?ot(s):s}s=st.compile=function(e,t){var n,r=[],i=[],o=S[e+" "];if(!o){t||(t=ft(e)),n=t.length;while(n--)o=vt(t[n]),o[x]?r.push(o):i.push(o);o=S(e,bt(i,r))}return o};function xt(e,t,n){var r=0,i=t.length;for(;i>r;r++)st(e,t[r],n);return n}function wt(e,t,n,r){var o,a,u,l,c,p=ft(e);if(!r&&1===p.length){if(a=p[0]=p[0].slice(0),a.length>2&&"ID"===(u=a[0]).type&&9===t.nodeType&&!d&&i.relative[a[1].type]){if(t=i.find.ID(u.matches[0].replace(et,tt),t)[0],!t)return n;e=e.slice(a.shift().value.length)}o=U.needsContext.test(e)?0:a.length;while(o--){if(u=a[o],i.relative[l=u.type])break;if((c=i.find[l])&&(r=c(u.matches[0].replace(et,tt),V.test(a[0].type)&&t.parentNode||t))){if(a.splice(o,1),e=r.length&&dt(a),!e)return H.apply(n,q.call(r,0)),n;break}}}return s(e,p)(r,t,d,n,V.test(e)),n}i.pseudos.nth=i.pseudos.eq;function Tt(){}i.filters=Tt.prototype=i.pseudos,i.setFilters=new Tt,c(),st.attr=b.attr,b.find=st,b.expr=st.selectors,b.expr[":"]=b.expr.pseudos,b.unique=st.uniqueSort,b.text=st.getText,b.isXMLDoc=st.isXML,b.contains=st.contains}(e);var at=/Until$/,st=/^(?:parents|prev(?:Until|All))/,ut=/^.[^:#\[\.,]*$/,lt=b.expr.match.needsContext,ct={children:!0,contents:!0,next:!0,prev:!0};b.fn.extend({find:function(e){var t,n,r,i=this.length;if("string"!=typeof e)return r=this,this.pushStack(b(e).filter(function(){for(t=0;i>t;t++)if(b.contains(r[t],this))return!0}));for(n=[],t=0;i>t;t++)b.find(e,this[t],n);return n=this.pushStack(i>1?b.unique(n):n),n.selector=(this.selector?this.selector+" ":"")+e,n},has:function(e){var t,n=b(e,this),r=n.length;return this.filter(function(){for(t=0;r>t;t++)if(b.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e,!1))},filter:function(e){return this.pushStack(ft(this,e,!0))},is:function(e){return!!e&&("string"==typeof e?lt.test(e)?b(e,this.context).index(this[0])>=0:b.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){var n,r=0,i=this.length,o=[],a=lt.test(e)||"string"!=typeof e?b(e,t||this.context):0;for(;i>r;r++){n=this[r];while(n&&n.ownerDocument&&n!==t&&11!==n.nodeType){if(a?a.index(n)>-1:b.find.matchesSelector(n,e)){o.push(n);break}n=n.parentNode}}return this.pushStack(o.length>1?b.unique(o):o)},index:function(e){return e?"string"==typeof e?b.inArray(this[0],b(e)):b.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?b(e,t):b.makeArray(e&&e.nodeType?[e]:e),r=b.merge(this.get(),n);return this.pushStack(b.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),b.fn.andSelf=b.fn.addBack;function pt(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}b.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return b.dir(e,"parentNode")},parentsUntil:function(e,t,n){return b.dir(e,"parentNode",n)},next:function(e){return pt(e,"nextSibling")},prev:function(e){return pt(e,"previousSibling")},nextAll:function(e){return b.dir(e,"nextSibling")},prevAll:function(e){return b.dir(e,"previousSibling")},nextUntil:function(e,t,n){return b.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return b.dir(e,"previousSibling",n)},siblings:function(e){return b.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return b.sibling(e.firstChild)},contents:function(e){return b.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:b.merge([],e.childNodes)}},function(e,t){b.fn[e]=function(n,r){var i=b.map(this,t,n);return at.test(e)||(r=n),r&&"string"==typeof r&&(i=b.filter(r,i)),i=this.length>1&&!ct[e]?b.unique(i):i,this.length>1&&st.test(e)&&(i=i.reverse()),this.pushStack(i)}}),b.extend({filter:function(e,t,n){return n&&(e=":not("+e+")"),1===t.length?b.find.matchesSelector(t[0],e)?[t[0]]:[]:b.find.matches(e,t)},dir:function(e,n,r){var i=[],o=e[n];while(o&&9!==o.nodeType&&(r===t||1!==o.nodeType||!b(o).is(r)))1===o.nodeType&&i.push(o),o=o[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});function ft(e,t,n){if(t=t||0,b.isFunction(t))return b.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return b.grep(e,function(e){return e===t===n});if("string"==typeof t){var r=b.grep(e,function(e){return 1===e.nodeType});if(ut.test(t))return b.filter(t,r,!n);t=b.filter(t,r)}return b.grep(e,function(e){return b.inArray(e,t)>=0===n})}function dt(e){var t=ht.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}var ht="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",gt=/ jQuery\d+="(?:null|\d+)"/g,mt=RegExp("<(?:"+ht+")[\\s/>]","i"),yt=/^\s+/,vt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bt=/<([\w:]+)/,xt=/\s*$/g,At={option:[1,""],legend:[1,"
    ","
    "],area:[1,"",""],param:[1,"",""],thead:[1,"","
    "],tr:[2,"","
    "],col:[2,"","
    "],td:[3,"","
    "],_default:b.support.htmlSerialize?[0,"",""]:[1,"X
    ","
    "]},jt=dt(o),Dt=jt.appendChild(o.createElement("div"));At.optgroup=At.option,At.tbody=At.tfoot=At.colgroup=At.caption=At.thead,At.th=At.td,b.fn.extend({text:function(e){return b.access(this,function(e){return e===t?b.text(this):this.empty().append((this[0]&&this[0].ownerDocument||o).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(b.isFunction(e))return this.each(function(t){b(this).wrapAll(e.call(this,t))});if(this[0]){var t=b(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&1===e.firstChild.nodeType)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return b.isFunction(e)?this.each(function(t){b(this).wrapInner(e.call(this,t))}):this.each(function(){var t=b(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=b.isFunction(e);return this.each(function(n){b(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){b.nodeName(this,"body")||b(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.insertBefore(e,this.firstChild)})},before:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){var n,r=0;for(;null!=(n=this[r]);r++)(!e||b.filter(e,[n]).length>0)&&(t||1!==n.nodeType||b.cleanData(Ot(n)),n.parentNode&&(t&&b.contains(n.ownerDocument,n)&&Mt(Ot(n,"script")),n.parentNode.removeChild(n)));return this},empty:function(){var e,t=0;for(;null!=(e=this[t]);t++){1===e.nodeType&&b.cleanData(Ot(e,!1));while(e.firstChild)e.removeChild(e.firstChild);e.options&&b.nodeName(e,"select")&&(e.options.length=0)}return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return b.clone(this,e,t)})},html:function(e){return b.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return 1===n.nodeType?n.innerHTML.replace(gt,""):t;if(!("string"!=typeof e||Tt.test(e)||!b.support.htmlSerialize&&mt.test(e)||!b.support.leadingWhitespace&&yt.test(e)||At[(bt.exec(e)||["",""])[1].toLowerCase()])){e=e.replace(vt,"<$1>");try{for(;i>r;r++)n=this[r]||{},1===n.nodeType&&(b.cleanData(Ot(n,!1)),n.innerHTML=e);n=0}catch(o){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){var t=b.isFunction(e);return t||"string"==typeof e||(e=b(e).not(this).detach()),this.domManip([e],!0,function(e){var t=this.nextSibling,n=this.parentNode;n&&(b(this).remove(),n.insertBefore(e,t))})},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=f.apply([],e);var i,o,a,s,u,l,c=0,p=this.length,d=this,h=p-1,g=e[0],m=b.isFunction(g);if(m||!(1>=p||"string"!=typeof g||b.support.checkClone)&&Ct.test(g))return this.each(function(i){var o=d.eq(i);m&&(e[0]=g.call(this,i,n?o.html():t)),o.domManip(e,n,r)});if(p&&(l=b.buildFragment(e,this[0].ownerDocument,!1,this),i=l.firstChild,1===l.childNodes.length&&(l=i),i)){for(n=n&&b.nodeName(i,"tr"),s=b.map(Ot(l,"script"),Ht),a=s.length;p>c;c++)o=l,c!==h&&(o=b.clone(o,!0,!0),a&&b.merge(s,Ot(o,"script"))),r.call(n&&b.nodeName(this[c],"table")?Lt(this[c],"tbody"):this[c],o,c);if(a)for(u=s[s.length-1].ownerDocument,b.map(s,qt),c=0;a>c;c++)o=s[c],kt.test(o.type||"")&&!b._data(o,"globalEval")&&b.contains(u,o)&&(o.src?b.ajax({url:o.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):b.globalEval((o.text||o.textContent||o.innerHTML||"").replace(St,"")));l=i=null}return this}});function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function Ht(e){var t=e.getAttributeNode("type");return e.type=(t&&t.specified)+"/"+e.type,e}function qt(e){var t=Et.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function Mt(e,t){var n,r=0;for(;null!=(n=e[r]);r++)b._data(n,"globalEval",!t||b._data(t[r],"globalEval"))}function _t(e,t){if(1===t.nodeType&&b.hasData(e)){var n,r,i,o=b._data(e),a=b._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r++)b.event.add(t,n,s[n][r])}a.data&&(a.data=b.extend({},a.data))}}function Ft(e,t){var n,r,i;if(1===t.nodeType){if(n=t.nodeName.toLowerCase(),!b.support.noCloneEvent&&t[b.expando]){i=b._data(t);for(r in i.events)b.removeEvent(t,r,i.handle);t.removeAttribute(b.expando)}"script"===n&&t.text!==e.text?(Ht(t).text=e.text,qt(t)):"object"===n?(t.parentNode&&(t.outerHTML=e.outerHTML),b.support.html5Clone&&e.innerHTML&&!b.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):"input"===n&&Nt.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):"option"===n?t.defaultSelected=t.selected=e.defaultSelected:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}}b.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){b.fn[e]=function(e){var n,r=0,i=[],o=b(e),a=o.length-1;for(;a>=r;r++)n=r===a?this:this.clone(!0),b(o[r])[t](n),d.apply(i,n.get());return this.pushStack(i)}});function Ot(e,n){var r,o,a=0,s=typeof e.getElementsByTagName!==i?e.getElementsByTagName(n||"*"):typeof e.querySelectorAll!==i?e.querySelectorAll(n||"*"):t;if(!s)for(s=[],r=e.childNodes||e;null!=(o=r[a]);a++)!n||b.nodeName(o,n)?s.push(o):b.merge(s,Ot(o,n));return n===t||n&&b.nodeName(e,n)?b.merge([e],s):s}function Bt(e){Nt.test(e.type)&&(e.defaultChecked=e.checked)}b.extend({clone:function(e,t,n){var r,i,o,a,s,u=b.contains(e.ownerDocument,e);if(b.support.html5Clone||b.isXMLDoc(e)||!mt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(Dt.innerHTML=e.outerHTML,Dt.removeChild(o=Dt.firstChild)),!(b.support.noCloneEvent&&b.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||b.isXMLDoc(e)))for(r=Ot(o),s=Ot(e),a=0;null!=(i=s[a]);++a)r[a]&&Ft(i,r[a]);if(t)if(n)for(s=s||Ot(e),r=r||Ot(o),a=0;null!=(i=s[a]);a++)_t(i,r[a]);else _t(e,o);return r=Ot(o,"script"),r.length>0&&Mt(r,!u&&Ot(e,"script")),r=s=i=null,o},buildFragment:function(e,t,n,r){var i,o,a,s,u,l,c,p=e.length,f=dt(t),d=[],h=0;for(;p>h;h++)if(o=e[h],o||0===o)if("object"===b.type(o))b.merge(d,o.nodeType?[o]:o);else if(wt.test(o)){s=s||f.appendChild(t.createElement("div")),u=(bt.exec(o)||["",""])[1].toLowerCase(),c=At[u]||At._default,s.innerHTML=c[1]+o.replace(vt,"<$1>")+c[2],i=c[0];while(i--)s=s.lastChild;if(!b.support.leadingWhitespace&&yt.test(o)&&d.push(t.createTextNode(yt.exec(o)[0])),!b.support.tbody){o="table"!==u||xt.test(o)?""!==c[1]||xt.test(o)?0:s:s.firstChild,i=o&&o.childNodes.length;while(i--)b.nodeName(l=o.childNodes[i],"tbody")&&!l.childNodes.length&&o.removeChild(l) -}b.merge(d,s.childNodes),s.textContent="";while(s.firstChild)s.removeChild(s.firstChild);s=f.lastChild}else d.push(t.createTextNode(o));s&&f.removeChild(s),b.support.appendChecked||b.grep(Ot(d,"input"),Bt),h=0;while(o=d[h++])if((!r||-1===b.inArray(o,r))&&(a=b.contains(o.ownerDocument,o),s=Ot(f.appendChild(o),"script"),a&&Mt(s),n)){i=0;while(o=s[i++])kt.test(o.type||"")&&n.push(o)}return s=null,f},cleanData:function(e,t){var n,r,o,a,s=0,u=b.expando,l=b.cache,p=b.support.deleteExpando,f=b.event.special;for(;null!=(n=e[s]);s++)if((t||b.acceptData(n))&&(o=n[u],a=o&&l[o])){if(a.events)for(r in a.events)f[r]?b.event.remove(n,r):b.removeEvent(n,r,a.handle);l[o]&&(delete l[o],p?delete n[u]:typeof n.removeAttribute!==i?n.removeAttribute(u):n[u]=null,c.push(o))}}});var Pt,Rt,Wt,$t=/alpha\([^)]*\)/i,It=/opacity\s*=\s*([^)]*)/,zt=/^(top|right|bottom|left)$/,Xt=/^(none|table(?!-c[ea]).+)/,Ut=/^margin/,Vt=RegExp("^("+x+")(.*)$","i"),Yt=RegExp("^("+x+")(?!px)[a-z%]+$","i"),Jt=RegExp("^([+-])=("+x+")","i"),Gt={BODY:"block"},Qt={position:"absolute",visibility:"hidden",display:"block"},Kt={letterSpacing:0,fontWeight:400},Zt=["Top","Right","Bottom","Left"],en=["Webkit","O","Moz","ms"];function tn(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=en.length;while(i--)if(t=en[i]+n,t in e)return t;return r}function nn(e,t){return e=t||e,"none"===b.css(e,"display")||!b.contains(e.ownerDocument,e)}function rn(e,t){var n,r,i,o=[],a=0,s=e.length;for(;s>a;a++)r=e[a],r.style&&(o[a]=b._data(r,"olddisplay"),n=r.style.display,t?(o[a]||"none"!==n||(r.style.display=""),""===r.style.display&&nn(r)&&(o[a]=b._data(r,"olddisplay",un(r.nodeName)))):o[a]||(i=nn(r),(n&&"none"!==n||!i)&&b._data(r,"olddisplay",i?n:b.css(r,"display"))));for(a=0;s>a;a++)r=e[a],r.style&&(t&&"none"!==r.style.display&&""!==r.style.display||(r.style.display=t?o[a]||"":"none"));return e}b.fn.extend({css:function(e,n){return b.access(this,function(e,n,r){var i,o,a={},s=0;if(b.isArray(n)){for(o=Rt(e),i=n.length;i>s;s++)a[n[s]]=b.css(e,n[s],!1,o);return a}return r!==t?b.style(e,n,r):b.css(e,n)},e,n,arguments.length>1)},show:function(){return rn(this,!0)},hide:function(){return rn(this)},toggle:function(e){var t="boolean"==typeof e;return this.each(function(){(t?e:nn(this))?b(this).show():b(this).hide()})}}),b.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Wt(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":b.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var o,a,s,u=b.camelCase(n),l=e.style;if(n=b.cssProps[u]||(b.cssProps[u]=tn(l,u)),s=b.cssHooks[n]||b.cssHooks[u],r===t)return s&&"get"in s&&(o=s.get(e,!1,i))!==t?o:l[n];if(a=typeof r,"string"===a&&(o=Jt.exec(r))&&(r=(o[1]+1)*o[2]+parseFloat(b.css(e,n)),a="number"),!(null==r||"number"===a&&isNaN(r)||("number"!==a||b.cssNumber[u]||(r+="px"),b.support.clearCloneStyle||""!==r||0!==n.indexOf("background")||(l[n]="inherit"),s&&"set"in s&&(r=s.set(e,r,i))===t)))try{l[n]=r}catch(c){}}},css:function(e,n,r,i){var o,a,s,u=b.camelCase(n);return n=b.cssProps[u]||(b.cssProps[u]=tn(e.style,u)),s=b.cssHooks[n]||b.cssHooks[u],s&&"get"in s&&(a=s.get(e,!0,r)),a===t&&(a=Wt(e,n,i)),"normal"===a&&n in Kt&&(a=Kt[n]),""===r||r?(o=parseFloat(a),r===!0||b.isNumeric(o)?o||0:a):a},swap:function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i}}),e.getComputedStyle?(Rt=function(t){return e.getComputedStyle(t,null)},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),u=s?s.getPropertyValue(n)||s[n]:t,l=e.style;return s&&(""!==u||b.contains(e.ownerDocument,e)||(u=b.style(e,n)),Yt.test(u)&&Ut.test(n)&&(i=l.width,o=l.minWidth,a=l.maxWidth,l.minWidth=l.maxWidth=l.width=u,u=s.width,l.width=i,l.minWidth=o,l.maxWidth=a)),u}):o.documentElement.currentStyle&&(Rt=function(e){return e.currentStyle},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),u=s?s[n]:t,l=e.style;return null==u&&l&&l[n]&&(u=l[n]),Yt.test(u)&&!zt.test(n)&&(i=l.left,o=e.runtimeStyle,a=o&&o.left,a&&(o.left=e.currentStyle.left),l.left="fontSize"===n?"1em":u,u=l.pixelLeft+"px",l.left=i,a&&(o.left=a)),""===u?"auto":u});function on(e,t,n){var r=Vt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function an(e,t,n,r,i){var o=n===(r?"border":"content")?4:"width"===t?1:0,a=0;for(;4>o;o+=2)"margin"===n&&(a+=b.css(e,n+Zt[o],!0,i)),r?("content"===n&&(a-=b.css(e,"padding"+Zt[o],!0,i)),"margin"!==n&&(a-=b.css(e,"border"+Zt[o]+"Width",!0,i))):(a+=b.css(e,"padding"+Zt[o],!0,i),"padding"!==n&&(a+=b.css(e,"border"+Zt[o]+"Width",!0,i)));return a}function sn(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=Rt(e),a=b.support.boxSizing&&"border-box"===b.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=Wt(e,t,o),(0>i||null==i)&&(i=e.style[t]),Yt.test(i))return i;r=a&&(b.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i+an(e,t,n||(a?"border":"content"),r,o)+"px"}function un(e){var t=o,n=Gt[e];return n||(n=ln(e,t),"none"!==n&&n||(Pt=(Pt||b("